dba5ef20bc3c68da5aa08e7d1e02b64e48fcfd5a
[claws.git] / src / password.c
1 /*
2  * Claws Mail -- a GTK+ based, lightweight, and fast e-mail client
3  * Copyright (C) 2016 The Claws Mail Team
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 3 of the License, or
8  * (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program. If not, see <http://www.gnu.org/licenses/>.
17  *
18  */
19
20 #ifdef HAVE_CONFIG_H
21 #include "config.h"
22 #include "claws-features.h"
23 #endif
24
25 #ifdef PASSWORD_CRYPTO_GNUTLS
26 # include <gnutls/gnutls.h>
27 # include <gnutls/crypto.h>
28 #endif
29
30 #include <glib.h>
31 #include <glib/gi18n.h>
32
33 #ifdef G_OS_UNIX
34 #include <fcntl.h>
35 #include <unistd.h>
36 #endif
37
38 #include "common/passcrypt.h"
39 #include "common/utils.h"
40 #include "account.h"
41 #include "alertpanel.h"
42 #include "inputdialog.h"
43 #include "password.h"
44 #include "prefs_common.h"
45
46 #ifndef PASSWORD_CRYPTO_OLD
47 static gchar *_master_password = NULL;
48
49 static const gchar *master_password()
50 {
51         gchar *input;
52         gboolean end = FALSE;
53
54         if (!prefs_common_get_prefs()->use_master_password) {
55                 return PASSCRYPT_KEY;
56         }
57
58         if (_master_password != NULL) {
59                 debug_print("Master password is in memory, offering it.\n");
60                 return _master_password;
61         }
62
63         while (!end) {
64                 input = input_dialog_with_invisible(_("Input master password"),
65                                 _("Input master password"), NULL);
66
67                 if (input == NULL) {
68                         debug_print("Cancel pressed at master password dialog.\n");
69                         break;
70                 }
71
72                 if (master_password_is_correct(input)) {
73                         debug_print("Entered master password seems to be correct, remembering it.\n");
74                         _master_password = input;
75                         end = TRUE;
76                 } else {
77                         alertpanel_error(_("Incorrect master password."));
78                 }
79         }
80
81         return _master_password;
82 }
83
84 const gboolean master_password_is_set()
85 {
86         if (prefs_common_get_prefs()->master_password_hash == NULL
87                         || strlen(prefs_common_get_prefs()->master_password_hash) == 0)
88                 return FALSE;
89
90         return TRUE;
91 }
92
93 const gboolean master_password_is_correct(const gchar *input)
94 {
95         gchar *hash;
96         gchar *stored_hash = prefs_common_get_prefs()->master_password_hash;
97         const GChecksumType hashtype = G_CHECKSUM_SHA512;
98         const gssize hashlen = g_checksum_type_get_length(hashtype);
99         gssize stored_len;
100
101         g_return_val_if_fail(input != NULL, FALSE);
102
103         if (stored_hash == NULL)
104                 return FALSE;
105
106         stored_len = strlen(stored_hash);
107         g_return_val_if_fail(stored_len == 2*hashlen, FALSE);
108
109         hash = g_compute_checksum_for_string(hashtype, input, -1);
110
111         if (!strncasecmp(hash, stored_hash, stored_len)) {
112                 g_free(hash);
113                 return TRUE;
114         }
115         g_free(hash);
116
117         return FALSE;
118 }
119
120 gboolean master_password_is_entered()
121 {
122         return (_master_password == NULL) ? FALSE : TRUE;
123 }
124
125 void master_password_forget()
126 {
127         /* If master password is currently in memory (entered by user),
128          * get rid of it. User will have to enter the new one again. */
129         if (_master_password != NULL) {
130                 memset(_master_password, 0, strlen(_master_password));
131                 g_free(_master_password);
132         }
133         _master_password = NULL;
134 }
135
136 void master_password_change(const gchar *newp)
137 {
138         gchar *pwd, *newpwd;
139         const gchar *oldp;
140         GList *cur;
141         PrefsAccount *acc;
142
143         /* Make sure the user has to enter the master password before
144          * being able to change it. */
145         master_password_forget();
146
147         oldp = master_password();
148         g_return_if_fail(oldp != NULL);
149
150         /* Update master password hash in prefs */
151         if (prefs_common_get_prefs()->master_password_hash != NULL)
152                 g_free(prefs_common_get_prefs()->master_password_hash);
153
154         if (newp != NULL) {
155                 debug_print("Storing hash of new master password\n");
156                 prefs_common_get_prefs()->master_password_hash =
157                         g_compute_checksum_for_string(G_CHECKSUM_SHA512, newp, -1);
158         } else {
159                 debug_print("Setting master_password_hash to NULL\n");
160                 prefs_common_get_prefs()->master_password_hash = NULL;
161         }
162
163         /* Now go over all accounts, reencrypting their passwords using
164          * the new master password. */
165
166         if (oldp == NULL)
167                 oldp = PASSCRYPT_KEY;
168         if (newp == NULL)
169                 newp = PASSCRYPT_KEY;
170
171         debug_print("Reencrypting all account passwords...\n");
172         for (cur = account_get_list(); cur != NULL; cur = cur->next) {
173                 acc = (PrefsAccount *)cur->data;
174                 debug_print("account %s\n", acc->account_name);
175
176                 /* Password for receiving */
177                 if (acc->passwd != NULL && strlen(acc->passwd) > 0) {
178                         pwd = password_decrypt(acc->passwd, oldp);
179                         if (pwd == NULL) {
180                                 debug_print("failed to decrypt recv password with old master password\n");
181                         } else {
182                                 newpwd = password_encrypt(pwd, newp);
183                                 memset(pwd, 0, strlen(pwd));
184                                 g_free(pwd);
185                                 if (newpwd == NULL) {
186                                         debug_print("failed to encrypt recv password with new master password\n");
187                                 } else {
188                                         g_free(acc->passwd);
189                                         acc->passwd = newpwd;
190                                 }
191                         }
192                 }
193
194                 /* Password for sending */
195                 if (acc->smtp_passwd != NULL && strlen(acc->smtp_passwd) > 0) {
196                         pwd = password_decrypt(acc->smtp_passwd, oldp);
197                         if (pwd == NULL) {
198                                 debug_print("failed to decrypt smtp password with old master password\n");
199                         } else {
200                                 newpwd = password_encrypt(pwd, newp);
201                                 memset(pwd, 0, strlen(pwd));
202                                 g_free(pwd);
203                                 if (newpwd == NULL) {
204                                         debug_print("failed to encrypt smtp password with new master password\n");
205                                 } else {
206                                         g_free(acc->smtp_passwd);
207                                         acc->smtp_passwd = newpwd;
208                                 }
209                         }
210                 }
211         }
212
213         master_password_forget();
214 }
215 #endif
216
217 gchar *password_encrypt_old(const gchar *password)
218 {
219         if (!password || strlen(password) == 0) {
220                 return NULL;
221         }
222
223         gchar *encrypted = g_strdup(password);
224         gchar *encoded, *result;
225         gsize len = strlen(password);
226
227         passcrypt_encrypt(encrypted, len);
228         encoded = g_base64_encode(encrypted, len);
229         g_free(encrypted);
230         result = g_strconcat("!", encoded, NULL);
231         g_free(encoded);
232
233         return result;
234 }
235
236 gchar *password_decrypt_old(const gchar *password)
237 {
238         if (!password || strlen(password) == 0) {
239                 return NULL;
240         }
241
242         if (*password != '!' || strlen(password) < 2) {
243                 return NULL;
244         }
245
246         gsize len;
247         gchar *decrypted = g_base64_decode(password + 1, &len);
248
249         passcrypt_decrypt(decrypted, len);
250         return decrypted;
251 }
252
253 #ifdef PASSWORD_CRYPTO_GNUTLS
254 #define BUFSIZE 128
255
256 gchar *password_encrypt_gnutls(const gchar *password,
257                 const gchar *encryption_password)
258 {
259         /* Another, slightly inferior combination is AES-128-CBC + SHA-256.
260          * Any block cipher in CBC mode with keysize N and a hash algo with
261          * digest length 2*N would do. */
262         gnutls_cipher_algorithm_t algo = GNUTLS_CIPHER_AES_256_CBC;
263         gnutls_digest_algorithm_t digest = GNUTLS_DIG_SHA512;
264         gnutls_cipher_hd_t handle;
265         gnutls_datum_t key, iv;
266         int ivlen, keylen, digestlen, blocklen, ret, i;
267         unsigned char hashbuf[BUFSIZE], *buf, *encbuf, *base, *output;
268 #ifdef G_OS_UNIX
269         int rnd;
270 #endif
271
272         g_return_val_if_fail(password != NULL, NULL);
273         g_return_val_if_fail(encryption_password != NULL, NULL);
274
275         ivlen = gnutls_cipher_get_iv_size(algo);
276         keylen = gnutls_cipher_get_key_size(algo);
277         blocklen = gnutls_cipher_get_block_size(algo);
278         digestlen = gnutls_hash_get_len(digest);
279
280         /* Prepare key for cipher - first half of hash of passkey XORed with
281          * the second. */
282         memset(&hashbuf, 0, BUFSIZE);
283         if ((ret = gnutls_hash_fast(digest, encryption_password,
284                                         strlen(encryption_password), &hashbuf)) < 0) {
285                 debug_print("Hashing passkey failed: %s\n", gnutls_strerror(ret));
286                 return NULL;
287         }
288         for (i = 0; i < digestlen/2; i++) {
289                 hashbuf[i] = hashbuf[i] ^ hashbuf[i+digestlen/2];
290         }
291
292         key.data = malloc(keylen);
293         memcpy(key.data, &hashbuf, keylen);
294         key.size = keylen;
295
296 #ifdef G_OS_UNIX
297         /* Prepare our source of random data. */
298         rnd = open("/dev/urandom", O_RDONLY);
299         if (rnd == -1) {
300                 perror("fopen on /dev/urandom");
301                 g_free(key.data);
302                 g_free(iv.data);
303                 return NULL;
304         }
305 #endif
306
307         /* Prepare random IV for cipher */
308         iv.data = malloc(ivlen);
309         iv.size = ivlen;
310 #ifdef G_OS_UNIX
311         ret = read(rnd, iv.data, ivlen);
312         if (ret != ivlen) {
313                 perror("read into iv");
314                 g_free(key.data);
315                 g_free(iv.data);
316                 close(rnd);
317                 return NULL;
318         }
319 #endif
320
321         /* Initialize the encryption */
322         ret = gnutls_cipher_init(&handle, algo, &key, &iv);
323         if (ret < 0) {
324                 g_free(key.data);
325                 g_free(iv.data);
326 #ifdef G_OS_UNIX
327                 close(rnd);
328 #endif
329                 return NULL;
330         }
331
332         /* Fill buf with one block of random data, our password, pad the
333          * rest with zero bytes. */
334         buf = malloc(BUFSIZE + blocklen);
335         memset(buf, 0, BUFSIZE);
336 #ifdef G_OS_UNIX
337         ret = read(rnd, buf, blocklen);
338         if (ret != blocklen) {
339                 perror("read into buffer");
340                 g_free(buf);
341                 g_free(key.data);
342                 g_free(iv.data);
343                 close(rnd);
344                 gnutls_cipher_deinit(handle);
345                 return NULL;
346         }
347
348         /* We don't need any more random data. */
349         close(rnd);
350 #endif
351
352         memcpy(buf + blocklen, password, strlen(password));
353
354         /* Encrypt into encbuf */
355         encbuf = malloc(BUFSIZE + blocklen);
356         memset(encbuf, 0, BUFSIZE + blocklen);
357         ret = gnutls_cipher_encrypt2(handle, buf, BUFSIZE + blocklen,
358                         encbuf, BUFSIZE + blocklen);
359         if (ret < 0) {
360                 g_free(key.data);
361                 g_free(iv.data);
362                 g_free(buf);
363                 g_free(encbuf);
364                 gnutls_cipher_deinit(handle);
365                 return NULL;
366         }
367
368         /* Cleanup */
369         gnutls_cipher_deinit(handle);
370         g_free(key.data);
371         g_free(iv.data);
372         g_free(buf);
373
374         /* And finally prepare the resulting string:
375          * "{algorithm}base64encodedciphertext" */
376         base = g_base64_encode(encbuf, BUFSIZE);
377         g_free(encbuf);
378         output = g_strdup_printf("{%s}%s", gnutls_cipher_get_name(algo), base);
379         g_free(base);
380
381         return output;
382 }
383
384 gchar *password_decrypt_gnutls(const gchar *password,
385                 const gchar *decryption_password)
386 {
387         gchar **tokens, *tmp;
388         gnutls_cipher_algorithm_t algo;
389         gnutls_digest_algorithm_t digest = GNUTLS_DIG_UNKNOWN;
390         gnutls_cipher_hd_t handle;
391         gnutls_datum_t key, iv;
392         int ivlen, keylen, digestlen, blocklen, ret, i;
393         gsize len;
394         unsigned char hashbuf[BUFSIZE], *buf;
395 #ifdef G_OS_UNIX
396         int rnd;
397 #endif
398
399         g_return_val_if_fail(password != NULL, NULL);
400         g_return_val_if_fail(decryption_password != NULL, NULL);
401
402         tokens = g_strsplit_set(password, "{}", 3);
403
404         /* Parse the string, retrieving algorithm and encrypted data.
405          * We expect "{algorithm}base64encodedciphertext". */
406         if (strlen(tokens[0]) != 0 ||
407                         (algo = gnutls_cipher_get_id(tokens[1])) == GNUTLS_CIPHER_UNKNOWN ||
408                         strlen(tokens[2]) == 0)
409                 return NULL;
410
411         /* Our hash algo needs to have digest length twice as long as our
412          * cipher algo's key length. */
413         if (algo == GNUTLS_CIPHER_AES_256_CBC) {
414                 debug_print("Using AES-256-CBC + SHA-512 for decryption\n");
415                 digest = GNUTLS_DIG_SHA512;
416         } else if (algo == GNUTLS_CIPHER_AES_128_CBC) {
417                 debug_print("Using AES-128-CBC + SHA-256 for decryption\n");
418                 digest = GNUTLS_DIG_SHA256;
419         }
420         if (digest == GNUTLS_DIG_UNKNOWN) {
421                 debug_print("Password is encrypted with unsupported cipher, giving up.\n");
422                 g_strfreev(tokens);
423                 return NULL;
424         }
425
426         ivlen = gnutls_cipher_get_iv_size(algo);
427         keylen = gnutls_cipher_get_key_size(algo);
428         blocklen = gnutls_cipher_get_block_size(algo);
429         digestlen = gnutls_hash_get_len(digest);
430
431         /* Prepare key for cipher - first half of hash of passkey XORed with
432          * the second. AES-256 has key length 32 and length of SHA-512 hash
433          * is exactly twice that, 64. */
434         memset(&hashbuf, 0, BUFSIZE);
435         if ((ret = gnutls_hash_fast(digest, decryption_password,
436                                         strlen(decryption_password), &hashbuf)) < 0) {
437                 debug_print("Hashing passkey failed: %s\n", gnutls_strerror(ret));
438                 g_strfreev(tokens);
439                 return NULL;
440         }
441         for (i = 0; i < digestlen/2; i++) {
442                 hashbuf[i] = hashbuf[i] ^ hashbuf[i+digestlen/2];
443         }
444
445         key.data = malloc(keylen);
446         memcpy(key.data, &hashbuf, keylen);
447         key.size = keylen;
448
449 #ifdef G_OS_UNIX
450         /* Prepare our source of random data. */
451         rnd = open("/dev/urandom", O_RDONLY);
452         if (rnd == -1) {
453                 perror("fopen on /dev/urandom");
454                 g_free(key.data);
455                 g_free(iv.data);
456                 g_strfreev(tokens);
457                 return NULL;
458         }
459 #endif
460
461         /* Prepare random IV for cipher */
462         iv.data = malloc(ivlen);
463         iv.size = ivlen;
464 #ifdef G_OS_UNIX
465         ret = read(rnd, iv.data, ivlen);
466         if (ret != ivlen) {
467                 perror("read into iv");
468                 g_free(key.data);
469                 g_free(iv.data);
470                 g_strfreev(tokens);
471                 close(rnd);
472                 return NULL;
473         }
474
475         /* We don't need any more random data. */
476         close(rnd);
477 #endif
478
479         /* Prepare encrypted password string for decryption. */
480         tmp = g_base64_decode(tokens[2], &len);
481         g_strfreev(tokens);
482
483         /* Initialize the decryption */
484         ret = gnutls_cipher_init(&handle, algo, &key, &iv);
485         if (ret < 0) {
486                 debug_print("Cipher init failed: %s\n", gnutls_strerror(ret));
487                 g_free(key.data);
488                 g_free(iv.data);
489                 return NULL;
490         }
491
492         buf = malloc(BUFSIZE + blocklen);
493         memset(buf, 0, BUFSIZE + blocklen);
494         ret = gnutls_cipher_decrypt2(handle, tmp, len,
495                         buf, BUFSIZE + blocklen);
496         if (ret < 0) {
497                 debug_print("Decryption failed: %s\n", gnutls_strerror(ret));
498                 g_free(key.data);
499                 g_free(iv.data);
500                 g_free(buf);
501                 gnutls_cipher_deinit(handle);
502                 return NULL;
503         }
504
505         /* Cleanup */
506         gnutls_cipher_deinit(handle);
507         g_free(key.data);
508         g_free(iv.data);
509
510         tmp = g_strndup(buf + blocklen, MIN(strlen(buf + blocklen), BUFSIZE));
511         g_free(buf);
512         return tmp;
513 }
514
515 #undef BUFSIZE
516
517 #endif
518
519 gchar *password_encrypt(const gchar *password,
520                 const gchar *encryption_password)
521 {
522         if (password == NULL || strlen(password) == 0) {
523                 return NULL;
524         }
525
526 #ifndef PASSWORD_CRYPTO_OLD
527         if (encryption_password == NULL)
528                 encryption_password = master_password();
529
530         return password_encrypt_real(password, encryption_password);
531 #endif
532
533         return password_encrypt_old(password);
534 }
535
536 gchar *password_decrypt(const gchar *password,
537                 const gchar *decryption_password)
538 {
539         if (password == NULL || strlen(password) == 0) {
540                 return NULL;
541         }
542
543         /* First, check if the password was possibly decrypted using old,
544          * obsolete method */
545         if (*password == '!') {
546                 debug_print("Trying to decrypt password using the old method...\n");
547                 return password_decrypt_old(password);
548         }
549
550         /* Try available crypto backend */
551 #ifndef PASSWORD_CRYPTO_OLD
552         if (decryption_password == NULL)
553                 decryption_password = master_password();
554
555         if (*password == '{') {
556                 debug_print("Trying to decrypt password...\n");
557                 return password_decrypt_real(password, decryption_password);
558         }
559 #endif
560
561         /* Fallback, in case the configuration is really old and
562          * stored password in plaintext */
563         debug_print("Assuming password was stored plaintext, returning it unchanged\n");
564         return g_strdup(password);
565 }