2 * Claws Mail -- a GTK+ based, lightweight, and fast e-mail client
3 * Copyright (C) 2016 The Claws Mail Team
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 3 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "claws-features.h"
25 #ifdef PASSWORD_CRYPTO_GNUTLS
26 # include <gnutls/gnutls.h>
27 # include <gnutls/crypto.h>
31 #include <glib/gi18n.h>
36 #elif defined G_OS_WIN32
41 #include "common/passcrypt.h"
42 #include "common/plugin.h"
43 #include "common/utils.h"
45 #include "alertpanel.h"
46 #include "inputdialog.h"
48 #include "passwordstore.h"
49 #include "prefs_common.h"
51 #ifndef PASSWORD_CRYPTO_OLD
52 static gchar *_master_password = NULL;
54 static const gchar *master_password()
59 if (!prefs_common_get_prefs()->use_master_password) {
63 if (_master_password != NULL) {
64 debug_print("Master password is in memory, offering it.\n");
65 return _master_password;
69 input = input_dialog_with_invisible(_("Input master password"),
70 _("Input master password"), NULL);
73 debug_print("Cancel pressed at master password dialog.\n");
77 if (master_password_is_correct(input)) {
78 debug_print("Entered master password seems to be correct, remembering it.\n");
79 _master_password = input;
82 alertpanel_error(_("Incorrect master password."));
86 return _master_password;
89 const gboolean master_password_is_set()
91 if (prefs_common_get_prefs()->master_password_hash == NULL
92 || strlen(prefs_common_get_prefs()->master_password_hash) == 0)
98 const gboolean master_password_is_correct(const gchar *input)
101 gchar *stored_hash = prefs_common_get_prefs()->master_password_hash;
102 const GChecksumType hashtype = G_CHECKSUM_SHA512;
103 const gssize hashlen = g_checksum_type_get_length(hashtype);
106 g_return_val_if_fail(input != NULL, FALSE);
108 if (stored_hash == NULL)
111 stored_len = strlen(stored_hash);
112 g_return_val_if_fail(stored_len == 2*hashlen, FALSE);
114 hash = g_compute_checksum_for_string(hashtype, input, -1);
116 if (!strncasecmp(hash, stored_hash, stored_len)) {
125 gboolean master_password_is_entered()
127 return (_master_password == NULL) ? FALSE : TRUE;
130 void master_password_forget()
132 /* If master password is currently in memory (entered by user),
133 * get rid of it. User will have to enter the new one again. */
134 if (_master_password != NULL) {
135 memset(_master_password, 0, strlen(_master_password));
136 g_free(_master_password);
138 _master_password = NULL;
141 void master_password_change(const gchar *oldp, const gchar *newp)
144 /* If oldp is NULL, make sure the user has to enter the
145 * current master password before being able to change it. */
146 master_password_forget();
147 oldp = master_password();
149 g_return_if_fail(oldp != NULL);
151 /* Update master password hash in prefs */
152 if (prefs_common_get_prefs()->master_password_hash != NULL)
153 g_free(prefs_common_get_prefs()->master_password_hash);
156 debug_print("Storing hash of new master password\n");
157 prefs_common_get_prefs()->master_password_hash =
158 g_compute_checksum_for_string(G_CHECKSUM_SHA512, newp, -1);
160 debug_print("Setting master_password_hash to NULL\n");
161 prefs_common_get_prefs()->master_password_hash = NULL;
164 /* Now go over all accounts, reencrypting their passwords using
165 * the new master password. */
168 oldp = PASSCRYPT_KEY;
170 newp = PASSCRYPT_KEY;
172 debug_print("Reencrypting all account passwords...\n");
173 passwd_store_reencrypt_all(oldp, newp);
175 /* Now reencrypt all plugins passwords fields
176 * FIXME: Unloaded plugins won't be able to update their stored passwords
178 plugins_master_password_change(oldp, newp);
180 master_password_forget();
184 gchar *password_encrypt_old(const gchar *password)
186 if (!password || strlen(password) == 0) {
190 gchar *encrypted = g_strdup(password);
191 gchar *encoded, *result;
192 gsize len = strlen(password);
194 passcrypt_encrypt(encrypted, len);
195 encoded = g_base64_encode(encrypted, len);
197 result = g_strconcat("!", encoded, NULL);
203 gchar *password_decrypt_old(const gchar *password)
205 if (!password || strlen(password) == 0) {
209 if (*password != '!' || strlen(password) < 2) {
214 gchar *decrypted = g_base64_decode(password + 1, &len);
216 passcrypt_decrypt(decrypted, len);
220 #ifdef PASSWORD_CRYPTO_GNUTLS
223 gchar *password_encrypt_gnutls(const gchar *password,
224 const gchar *encryption_password)
226 /* Another, slightly inferior combination is AES-128-CBC + SHA-256.
227 * Any block cipher in CBC mode with keysize N and a hash algo with
228 * digest length 2*N would do. */
229 gnutls_cipher_algorithm_t algo = GNUTLS_CIPHER_AES_256_CBC;
230 gnutls_digest_algorithm_t digest = GNUTLS_DIG_SHA512;
231 gnutls_cipher_hd_t handle;
232 gnutls_datum_t key, iv;
233 int ivlen, keylen, digestlen, blocklen, ret, i;
234 unsigned char hashbuf[BUFSIZE], *buf, *encbuf, *base, *output;
235 #if defined G_OS_UNIX
237 #elif defined G_OS_WIN32
241 g_return_val_if_fail(password != NULL, NULL);
242 g_return_val_if_fail(encryption_password != NULL, NULL);
244 ivlen = gnutls_cipher_get_iv_size(algo);
245 keylen = gnutls_cipher_get_key_size(algo);
246 blocklen = gnutls_cipher_get_block_size(algo);
247 digestlen = gnutls_hash_get_len(digest);
249 /* Prepare key for cipher - first half of hash of passkey XORed with
251 memset(&hashbuf, 0, BUFSIZE);
252 if ((ret = gnutls_hash_fast(digest, encryption_password,
253 strlen(encryption_password), &hashbuf)) < 0) {
254 debug_print("Hashing passkey failed: %s\n", gnutls_strerror(ret));
257 for (i = 0; i < digestlen/2; i++) {
258 hashbuf[i] = hashbuf[i] ^ hashbuf[i+digestlen/2];
261 key.data = malloc(keylen);
262 memcpy(key.data, &hashbuf, keylen);
265 /* Prepare our source of random data. */
266 #if defined G_OS_UNIX
267 rnd = open("/dev/urandom", O_RDONLY);
269 perror("fopen on /dev/urandom");
270 #elif defined G_OS_WIN32
271 if (!CryptAcquireContext(&rnd, NULL, NULL, PROV_RSA_FULL, 0) &&
272 !CryptAcquireContext(&rnd, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) {
273 debug_print("Could not acquire a CSP handle.\n");
280 /* Prepare random IV for cipher */
281 iv.data = malloc(ivlen);
283 #if defined G_OS_UNIX
284 ret = read(rnd, iv.data, ivlen);
286 perror("read into iv");
288 #elif defined G_OS_WIN32
289 if (!CryptGenRandom(rnd, ivlen, iv.data)) {
290 debug_print("Could not read random data for IV\n");
291 CryptReleaseContext(rnd, 0);
298 /* Initialize the encryption */
299 ret = gnutls_cipher_init(&handle, algo, &key, &iv);
303 #if defined G_OS_UNIX
305 #elif defined G_OS_WIN32
306 CryptReleaseContext(rnd, 0);
311 /* Fill buf with one block of random data, our password, pad the
312 * rest with zero bytes. */
313 buf = malloc(BUFSIZE + blocklen);
314 memset(buf, 0, BUFSIZE);
315 #if defined G_OS_UNIX
316 ret = read(rnd, buf, blocklen);
317 if (ret != blocklen) {
318 perror("read into buffer");
320 #elif defined G_OS_WIN32
321 if (!CryptGenRandom(rnd, blocklen, buf)) {
322 debug_print("Could not read random data for IV\n");
323 CryptReleaseContext(rnd, 0);
328 gnutls_cipher_deinit(handle);
332 /* We don't need any more random data. */
333 #if defined G_OS_UNIX
335 #elif defined G_OS_WIN32
336 CryptReleaseContext(rnd, 0);
339 memcpy(buf + blocklen, password, strlen(password));
341 /* Encrypt into encbuf */
342 encbuf = malloc(BUFSIZE + blocklen);
343 memset(encbuf, 0, BUFSIZE + blocklen);
344 ret = gnutls_cipher_encrypt2(handle, buf, BUFSIZE + blocklen,
345 encbuf, BUFSIZE + blocklen);
351 gnutls_cipher_deinit(handle);
356 gnutls_cipher_deinit(handle);
361 /* And finally prepare the resulting string:
362 * "{algorithm}base64encodedciphertext" */
363 base = g_base64_encode(encbuf, BUFSIZE);
365 output = g_strdup_printf("{%s}%s", gnutls_cipher_get_name(algo), base);
371 gchar *password_decrypt_gnutls(const gchar *password,
372 const gchar *decryption_password)
374 gchar **tokens, *tmp;
375 gnutls_cipher_algorithm_t algo;
376 gnutls_digest_algorithm_t digest = GNUTLS_DIG_UNKNOWN;
377 gnutls_cipher_hd_t handle;
378 gnutls_datum_t key, iv;
379 int ivlen, keylen, digestlen, blocklen, ret, i;
381 unsigned char hashbuf[BUFSIZE], *buf;
382 #if defined G_OS_UNIX
384 #elif defined G_OS_WIN32
388 g_return_val_if_fail(password != NULL, NULL);
389 g_return_val_if_fail(decryption_password != NULL, NULL);
391 tokens = g_strsplit_set(password, "{}", 3);
393 /* Parse the string, retrieving algorithm and encrypted data.
394 * We expect "{algorithm}base64encodedciphertext". */
395 if (strlen(tokens[0]) != 0 ||
396 (algo = gnutls_cipher_get_id(tokens[1])) == GNUTLS_CIPHER_UNKNOWN ||
397 strlen(tokens[2]) == 0)
400 /* Our hash algo needs to have digest length twice as long as our
401 * cipher algo's key length. */
402 if (algo == GNUTLS_CIPHER_AES_256_CBC) {
403 debug_print("Using AES-256-CBC + SHA-512 for decryption\n");
404 digest = GNUTLS_DIG_SHA512;
405 } else if (algo == GNUTLS_CIPHER_AES_128_CBC) {
406 debug_print("Using AES-128-CBC + SHA-256 for decryption\n");
407 digest = GNUTLS_DIG_SHA256;
409 if (digest == GNUTLS_DIG_UNKNOWN) {
410 debug_print("Password is encrypted with unsupported cipher, giving up.\n");
415 ivlen = gnutls_cipher_get_iv_size(algo);
416 keylen = gnutls_cipher_get_key_size(algo);
417 blocklen = gnutls_cipher_get_block_size(algo);
418 digestlen = gnutls_hash_get_len(digest);
420 /* Prepare key for cipher - first half of hash of passkey XORed with
421 * the second. AES-256 has key length 32 and length of SHA-512 hash
422 * is exactly twice that, 64. */
423 memset(&hashbuf, 0, BUFSIZE);
424 if ((ret = gnutls_hash_fast(digest, decryption_password,
425 strlen(decryption_password), &hashbuf)) < 0) {
426 debug_print("Hashing passkey failed: %s\n", gnutls_strerror(ret));
430 for (i = 0; i < digestlen/2; i++) {
431 hashbuf[i] = hashbuf[i] ^ hashbuf[i+digestlen/2];
434 key.data = malloc(keylen);
435 memcpy(key.data, &hashbuf, keylen);
438 /* Prepare our source of random data. */
439 #if defined G_OS_UNIX
440 rnd = open("/dev/urandom", O_RDONLY);
442 perror("fopen on /dev/urandom");
443 #elif defined G_OS_WIN32
444 if (!CryptAcquireContext(&rnd, NULL, NULL, PROV_RSA_FULL, 0) &&
445 !CryptAcquireContext(&rnd, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) {
446 debug_print("Could not acquire a CSP handle.\n");
454 /* Prepare random IV for cipher */
455 iv.data = malloc(ivlen);
457 #if defined G_OS_UNIX
458 ret = read(rnd, iv.data, ivlen);
460 perror("read into iv");
462 #elif defined G_OS_WIN32
463 if (!CryptGenRandom(rnd, ivlen, iv.data)) {
464 debug_print("Could not read random data for IV\n");
465 CryptReleaseContext(rnd, 0);
473 /* We don't need any more random data. */
474 #if defined G_OS_UNIX
476 #elif defined G_OS_WIN32
477 CryptReleaseContext(rnd, 0);
480 /* Prepare encrypted password string for decryption. */
481 tmp = g_base64_decode(tokens[2], &len);
484 /* Initialize the decryption */
485 ret = gnutls_cipher_init(&handle, algo, &key, &iv);
487 debug_print("Cipher init failed: %s\n", gnutls_strerror(ret));
493 buf = malloc(BUFSIZE + blocklen);
494 memset(buf, 0, BUFSIZE + blocklen);
495 ret = gnutls_cipher_decrypt2(handle, tmp, len,
496 buf, BUFSIZE + blocklen);
498 debug_print("Decryption failed: %s\n", gnutls_strerror(ret));
502 gnutls_cipher_deinit(handle);
507 gnutls_cipher_deinit(handle);
511 tmp = g_strndup(buf + blocklen, MIN(strlen(buf + blocklen), BUFSIZE));
520 gchar *password_encrypt(const gchar *password,
521 const gchar *encryption_password)
523 if (password == NULL || strlen(password) == 0) {
527 #ifndef PASSWORD_CRYPTO_OLD
528 if (encryption_password == NULL)
529 encryption_password = master_password();
531 return password_encrypt_real(password, encryption_password);
534 return password_encrypt_old(password);
537 gchar *password_decrypt(const gchar *password,
538 const gchar *decryption_password)
540 if (password == NULL || strlen(password) == 0) {
544 /* First, check if the password was possibly decrypted using old,
546 if (*password == '!') {
547 debug_print("Trying to decrypt password using the old method...\n");
548 return password_decrypt_old(password);
551 /* Try available crypto backend */
552 #ifndef PASSWORD_CRYPTO_OLD
553 if (decryption_password == NULL)
554 decryption_password = master_password();
556 if (*password == '{') {
557 debug_print("Trying to decrypt password...\n");
558 return password_decrypt_real(password, decryption_password);
562 /* Fallback, in case the configuration is really old and
563 * stored password in plaintext */
564 debug_print("Assuming password was stored plaintext, returning it unchanged\n");
565 return g_strdup(password);