2 * Claws Mail -- a GTK+ based, lightweight, and fast e-mail client
3 * Copyright (C) 2016 The Claws Mail Team
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 3 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "claws-features.h"
25 #ifdef PASSWORD_CRYPTO_GNUTLS
26 # include <gnutls/gnutls.h>
27 # include <gnutls/crypto.h>
31 #include <glib/gi18n.h>
36 #elif defined G_OS_WIN32
41 #include "common/passcrypt.h"
42 #include "common/plugin.h"
43 #include "common/utils.h"
45 #include "alertpanel.h"
46 #include "inputdialog.h"
48 #include "passwordstore.h"
49 #include "prefs_common.h"
51 #ifndef PASSWORD_CRYPTO_OLD
52 static gchar *_master_passphrase = NULL;
54 static const gchar *master_passphrase()
59 if (!prefs_common_get_prefs()->use_master_passphrase) {
63 if (_master_passphrase != NULL) {
64 debug_print("Master passphrase is in memory, offering it.\n");
65 return _master_passphrase;
69 input = input_dialog_with_invisible(_("Input master passphrase"),
70 _("Input master passphrase"), NULL);
73 debug_print("Cancel pressed at master passphrase dialog.\n");
77 if (master_passphrase_is_correct(input)) {
78 debug_print("Entered master passphrase seems to be correct, remembering it.\n");
79 _master_passphrase = input;
82 alertpanel_error(_("Incorrect master passphrase."));
86 return _master_passphrase;
89 const gboolean master_passphrase_is_set()
91 if (prefs_common_get_prefs()->master_passphrase_hash == NULL
92 || strlen(prefs_common_get_prefs()->master_passphrase_hash) == 0)
98 const gboolean master_passphrase_is_correct(const gchar *input)
102 gchar *stored_hash = prefs_common_get_prefs()->master_passphrase_hash;
103 const GChecksumType hashtype = G_CHECKSUM_SHA256;
104 const gssize hashlen = g_checksum_type_get_length(hashtype);
107 g_return_val_if_fail(input != NULL, FALSE);
109 if (stored_hash == NULL)
112 tokens = g_strsplit_set(stored_hash, "{}", 3);
113 if (strlen(tokens[0]) != 0 ||
114 strcmp(tokens[1], "SHA-256") ||
115 strlen(tokens[2]) == 0) {
116 debug_print("Mangled master_passphrase_hash in config, can not use it.\n");
121 stored_hash = tokens[2];
122 stored_len = strlen(stored_hash);
123 g_return_val_if_fail(stored_len == 2*hashlen, FALSE);
125 hash = g_compute_checksum_for_string(hashtype, input, -1);
127 if (!strncasecmp(hash, stored_hash, stored_len)) {
138 gboolean master_passphrase_is_entered()
140 return (_master_passphrase == NULL) ? FALSE : TRUE;
143 void master_passphrase_forget()
145 /* If master passphrase is currently in memory (entered by user),
146 * get rid of it. User will have to enter the new one again. */
147 if (_master_passphrase != NULL) {
148 memset(_master_passphrase, 0, strlen(_master_passphrase));
149 g_free(_master_passphrase);
150 _master_passphrase = NULL;
154 void master_passphrase_change(const gchar *oldp, const gchar *newp)
156 const GChecksumType hashtype = G_CHECKSUM_SHA256;
160 /* If oldp is NULL, make sure the user has to enter the
161 * current master passphrase before being able to change it. */
162 master_passphrase_forget();
163 oldp = master_passphrase();
165 g_return_if_fail(oldp != NULL);
167 /* Update master passphrase hash in prefs */
168 if (prefs_common_get_prefs()->master_passphrase_hash != NULL)
169 g_free(prefs_common_get_prefs()->master_passphrase_hash);
172 debug_print("Storing hash of new master passphrase\n");
173 hash = g_compute_checksum_for_string(hashtype, newp, -1);
174 prefs_common_get_prefs()->master_passphrase_hash =
175 g_strconcat("{SHA-256}", hash, NULL);
178 debug_print("Setting master_passphrase_hash to NULL\n");
179 prefs_common_get_prefs()->master_passphrase_hash = NULL;
182 /* Now go over all accounts, reencrypting their passwords using
183 * the new master passphrase. */
186 oldp = PASSCRYPT_KEY;
188 newp = PASSCRYPT_KEY;
190 debug_print("Reencrypting all account passwords...\n");
191 passwd_store_reencrypt_all(oldp, newp);
193 /* Now reencrypt all plugins passwords fields
194 * FIXME: Unloaded plugins won't be able to update their stored passwords
196 plugins_master_passphrase_change(oldp, newp);
198 master_passphrase_forget();
202 gchar *password_encrypt_old(const gchar *password)
204 if (!password || strlen(password) == 0) {
208 gchar *encrypted = g_strdup(password);
209 gchar *encoded, *result;
210 gsize len = strlen(password);
212 passcrypt_encrypt(encrypted, len);
213 encoded = g_base64_encode(encrypted, len);
215 result = g_strconcat("!", encoded, NULL);
221 gchar *password_decrypt_old(const gchar *password)
223 if (!password || strlen(password) == 0) {
227 if (*password != '!' || strlen(password) < 2) {
232 gchar *decrypted = g_base64_decode(password + 1, &len);
234 passcrypt_decrypt(decrypted, len);
238 #ifdef PASSWORD_CRYPTO_GNUTLS
241 /* Since we can't count on having GnuTLS new enough to have
242 * gnutls_cipher_get_iv_size(), we hardcode the IV length for now. */
245 gchar *password_encrypt_gnutls(const gchar *password,
246 const gchar *encryption_passphrase)
248 /* Another, slightly inferior combination is AES-128-CBC + SHA-256.
249 * Any block cipher in CBC mode with keysize N and a hash algo with
250 * digest length 2*N would do. */
251 gnutls_cipher_algorithm_t algo = GNUTLS_CIPHER_AES_256_CBC;
252 gnutls_digest_algorithm_t digest = GNUTLS_DIG_SHA512;
253 gnutls_cipher_hd_t handle;
254 gnutls_datum_t key, iv;
255 int keylen, digestlen, blocklen, ret, i;
256 unsigned char hashbuf[BUFSIZE], *buf, *encbuf, *base, *output;
257 #if defined G_OS_UNIX
259 #elif defined G_OS_WIN32
263 g_return_val_if_fail(password != NULL, NULL);
264 g_return_val_if_fail(encryption_passphrase != NULL, NULL);
266 /* ivlen = gnutls_cipher_get_iv_size(algo);*/
267 keylen = gnutls_cipher_get_key_size(algo);
268 blocklen = gnutls_cipher_get_block_size(algo);
269 digestlen = gnutls_hash_get_len(digest);
271 /* Prepare key for cipher - first half of hash of passkey XORed with
273 memset(&hashbuf, 0, BUFSIZE);
274 if ((ret = gnutls_hash_fast(digest, encryption_passphrase,
275 strlen(encryption_passphrase), &hashbuf)) < 0) {
276 debug_print("Hashing passkey failed: %s\n", gnutls_strerror(ret));
279 for (i = 0; i < digestlen/2; i++) {
280 hashbuf[i] = hashbuf[i] ^ hashbuf[i+digestlen/2];
283 key.data = malloc(keylen);
284 memcpy(key.data, &hashbuf, keylen);
287 /* Prepare our source of random data. */
288 #if defined G_OS_UNIX
289 rnd = open("/dev/urandom", O_RDONLY);
291 perror("fopen on /dev/urandom");
292 #elif defined G_OS_WIN32
293 if (!CryptAcquireContext(&rnd, NULL, NULL, PROV_RSA_FULL, 0) &&
294 !CryptAcquireContext(&rnd, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) {
295 debug_print("Could not acquire a CSP handle.\n");
301 /* Prepare random IV for cipher */
302 iv.data = malloc(IVLEN);
304 #if defined G_OS_UNIX
305 ret = read(rnd, iv.data, IVLEN);
307 perror("read into iv");
309 #elif defined G_OS_WIN32
310 if (!CryptGenRandom(rnd, IVLEN, iv.data)) {
311 debug_print("Could not read random data for IV\n");
312 CryptReleaseContext(rnd, 0);
319 /* Initialize the encryption */
320 ret = gnutls_cipher_init(&handle, algo, &key, &iv);
324 #if defined G_OS_UNIX
326 #elif defined G_OS_WIN32
327 CryptReleaseContext(rnd, 0);
332 /* Fill buf with one block of random data, our password, pad the
333 * rest with zero bytes. */
334 buf = malloc(BUFSIZE + blocklen);
335 memset(buf, 0, BUFSIZE);
336 #if defined G_OS_UNIX
337 ret = read(rnd, buf, blocklen);
338 if (ret != blocklen) {
339 perror("read into buffer");
341 #elif defined G_OS_WIN32
342 if (!CryptGenRandom(rnd, blocklen, buf)) {
343 debug_print("Could not read random data for IV\n");
344 CryptReleaseContext(rnd, 0);
349 gnutls_cipher_deinit(handle);
353 /* We don't need any more random data. */
354 #if defined G_OS_UNIX
356 #elif defined G_OS_WIN32
357 CryptReleaseContext(rnd, 0);
360 memcpy(buf + blocklen, password, strlen(password));
362 /* Encrypt into encbuf */
363 encbuf = malloc(BUFSIZE + blocklen);
364 memset(encbuf, 0, BUFSIZE + blocklen);
365 ret = gnutls_cipher_encrypt2(handle, buf, BUFSIZE + blocklen,
366 encbuf, BUFSIZE + blocklen);
372 gnutls_cipher_deinit(handle);
377 gnutls_cipher_deinit(handle);
382 /* And finally prepare the resulting string:
383 * "{algorithm}base64encodedciphertext" */
384 base = g_base64_encode(encbuf, BUFSIZE);
386 output = g_strdup_printf("{%s}%s", gnutls_cipher_get_name(algo), base);
392 gchar *password_decrypt_gnutls(const gchar *password,
393 const gchar *decryption_passphrase)
395 gchar **tokens, *tmp;
396 gnutls_cipher_algorithm_t algo;
397 gnutls_digest_algorithm_t digest = GNUTLS_DIG_UNKNOWN;
398 gnutls_cipher_hd_t handle;
399 gnutls_datum_t key, iv;
400 int keylen, digestlen, blocklen, ret, i;
402 unsigned char hashbuf[BUFSIZE], *buf;
403 #if defined G_OS_UNIX
405 #elif defined G_OS_WIN32
409 g_return_val_if_fail(password != NULL, NULL);
410 g_return_val_if_fail(decryption_passphrase != NULL, NULL);
412 tokens = g_strsplit_set(password, "{}", 3);
414 /* Parse the string, retrieving algorithm and encrypted data.
415 * We expect "{algorithm}base64encodedciphertext". */
416 if (strlen(tokens[0]) != 0 ||
417 (algo = gnutls_cipher_get_id(tokens[1])) == GNUTLS_CIPHER_UNKNOWN ||
418 strlen(tokens[2]) == 0)
421 /* Our hash algo needs to have digest length twice as long as our
422 * cipher algo's key length. */
423 if (algo == GNUTLS_CIPHER_AES_256_CBC) {
424 debug_print("Using AES-256-CBC + SHA-512 for decryption\n");
425 digest = GNUTLS_DIG_SHA512;
426 } else if (algo == GNUTLS_CIPHER_AES_128_CBC) {
427 debug_print("Using AES-128-CBC + SHA-256 for decryption\n");
428 digest = GNUTLS_DIG_SHA256;
430 if (digest == GNUTLS_DIG_UNKNOWN) {
431 debug_print("Password is encrypted with unsupported cipher, giving up.\n");
436 /* ivlen = gnutls_cipher_get_iv_size(algo); */
437 keylen = gnutls_cipher_get_key_size(algo);
438 blocklen = gnutls_cipher_get_block_size(algo);
439 digestlen = gnutls_hash_get_len(digest);
441 /* Prepare key for cipher - first half of hash of passkey XORed with
442 * the second. AES-256 has key length 32 and length of SHA-512 hash
443 * is exactly twice that, 64. */
444 memset(&hashbuf, 0, BUFSIZE);
445 if ((ret = gnutls_hash_fast(digest, decryption_passphrase,
446 strlen(decryption_passphrase), &hashbuf)) < 0) {
447 debug_print("Hashing passkey failed: %s\n", gnutls_strerror(ret));
451 for (i = 0; i < digestlen/2; i++) {
452 hashbuf[i] = hashbuf[i] ^ hashbuf[i+digestlen/2];
455 key.data = malloc(keylen);
456 memcpy(key.data, &hashbuf, keylen);
459 /* Prepare our source of random data. */
460 #if defined G_OS_UNIX
461 rnd = open("/dev/urandom", O_RDONLY);
463 perror("fopen on /dev/urandom");
464 #elif defined G_OS_WIN32
465 if (!CryptAcquireContext(&rnd, NULL, NULL, PROV_RSA_FULL, 0) &&
466 !CryptAcquireContext(&rnd, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) {
467 debug_print("Could not acquire a CSP handle.\n");
474 /* Prepare random IV for cipher */
475 iv.data = malloc(IVLEN);
477 #if defined G_OS_UNIX
478 ret = read(rnd, iv.data, IVLEN);
480 perror("read into iv");
482 #elif defined G_OS_WIN32
483 if (!CryptGenRandom(rnd, IVLEN, iv.data)) {
484 debug_print("Could not read random data for IV\n");
485 CryptReleaseContext(rnd, 0);
493 /* We don't need any more random data. */
494 #if defined G_OS_UNIX
496 #elif defined G_OS_WIN32
497 CryptReleaseContext(rnd, 0);
500 /* Prepare encrypted password string for decryption. */
501 tmp = g_base64_decode(tokens[2], &len);
504 /* Initialize the decryption */
505 ret = gnutls_cipher_init(&handle, algo, &key, &iv);
507 debug_print("Cipher init failed: %s\n", gnutls_strerror(ret));
513 buf = malloc(BUFSIZE + blocklen);
514 memset(buf, 0, BUFSIZE + blocklen);
515 ret = gnutls_cipher_decrypt2(handle, tmp, len,
516 buf, BUFSIZE + blocklen);
518 debug_print("Decryption failed: %s\n", gnutls_strerror(ret));
522 gnutls_cipher_deinit(handle);
527 gnutls_cipher_deinit(handle);
531 tmp = g_strndup(buf + blocklen, MIN(strlen(buf + blocklen), BUFSIZE));
540 gchar *password_encrypt(const gchar *password,
541 const gchar *encryption_passphrase)
543 if (password == NULL || strlen(password) == 0) {
547 #ifndef PASSWORD_CRYPTO_OLD
548 if (encryption_passphrase == NULL)
549 encryption_passphrase = master_passphrase();
551 return password_encrypt_real(password, encryption_passphrase);
553 return password_encrypt_old(password);
557 gchar *password_decrypt(const gchar *password,
558 const gchar *decryption_passphrase)
560 if (password == NULL || strlen(password) == 0) {
564 /* First, check if the password was possibly decrypted using old,
566 if (*password == '!') {
567 debug_print("Trying to decrypt password using the old method...\n");
568 return password_decrypt_old(password);
571 /* Try available crypto backend */
572 #ifndef PASSWORD_CRYPTO_OLD
573 if (decryption_passphrase == NULL)
574 decryption_passphrase = master_passphrase();
576 if (*password == '{') {
577 debug_print("Trying to decrypt password...\n");
578 return password_decrypt_real(password, decryption_passphrase);
582 /* Fallback, in case the configuration is really old and
583 * stored password in plaintext */
584 debug_print("Assuming password was stored plaintext, returning it unchanged\n");
585 return g_strdup(password);
projects / claws.git / blob