Forget entered master password before trying to change it.
[claws.git] / src / password.c
1 /*
2  * Claws Mail -- a GTK+ based, lightweight, and fast e-mail client
3  * Copyright (C) 2016 The Claws Mail Team
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 3 of the License, or
8  * (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program. If not, see <http://www.gnu.org/licenses/>.
17  *
18  */
19
20 #ifdef HAVE_CONFIG_H
21 #include "config.h"
22 #include "claws-features.h"
23 #endif
24
25 #ifdef PASSWORD_CRYPTO_GNUTLS
26 # include <gnutls/gnutls.h>
27 # include <gnutls/crypto.h>
28 #endif
29
30 #include <glib.h>
31 #include <glib/gi18n.h>
32
33 #ifdef G_OS_UNIX
34 #include <fcntl.h>
35 #include <unistd.h>
36 #endif
37
38 #include "common/passcrypt.h"
39 #include "common/utils.h"
40 #include "account.h"
41 #include "alertpanel.h"
42 #include "inputdialog.h"
43 #include "password.h"
44 #include "prefs_common.h"
45
46 #ifndef PASSWORD_CRYPTO_OLD
47 static gchar *_master_password = NULL;
48
49 static const gchar *master_password()
50 {
51         gchar *input;
52         gboolean end = FALSE;
53
54         if (!prefs_common_get_prefs()->use_master_password) {
55                 return PASSCRYPT_KEY;
56         }
57
58         if (_master_password != NULL) {
59                 debug_print("Master password is in memory, offering it.\n");
60                 return _master_password;
61         }
62
63         while (!end) {
64                 input = input_dialog_with_invisible(_("Input master password"),
65                                 _("Input master password"), NULL);
66
67                 if (input == NULL) {
68                         debug_print("Cancel pressed at master password dialog.\n");
69                         break;
70                 }
71
72                 if (master_password_is_correct(input)) {
73                         debug_print("Entered master password seems to be correct, remembering it.\n");
74                         _master_password = input;
75                         end = TRUE;
76                 } else {
77                         alertpanel_error(_("Incorrect master password."));
78                 }
79         }
80
81         return _master_password;
82 }
83
84 const gboolean master_password_is_set()
85 {
86         if (prefs_common_get_prefs()->master_password_hash == NULL
87                         || strlen(prefs_common_get_prefs()->master_password_hash) == 0)
88                 return FALSE;
89
90         return TRUE;
91 }
92
93 const gboolean master_password_is_correct(const gchar *input)
94 {
95         gchar *hash;
96         gchar *stored_hash = prefs_common_get_prefs()->master_password_hash;
97         const GChecksumType hashtype = G_CHECKSUM_SHA512;
98         const gssize hashlen = g_checksum_type_get_length(hashtype);
99         gssize stored_len;
100
101         g_return_val_if_fail(input != NULL, FALSE);
102
103         if (stored_hash == NULL)
104                 return FALSE;
105
106         stored_len = strlen(stored_hash);
107         g_return_val_if_fail(stored_len == 2*hashlen, FALSE);
108
109         hash = g_compute_checksum_for_string(hashtype, input, -1);
110
111         if (!strncasecmp(hash, stored_hash, stored_len)) {
112                 g_free(hash);
113                 return TRUE;
114         }
115         g_free(hash);
116
117         return FALSE;
118 }
119
120 void master_password_forget()
121 {
122         /* If master password is currently in memory (entered by user),
123          * get rid of it. User will have to enter the new one again. */
124         if (_master_password != NULL) {
125                 memset(_master_password, 0, strlen(_master_password));
126                 g_free(_master_password);
127         }
128         _master_password = NULL;
129 }
130
131 void master_password_change(const gchar *newp)
132 {
133         gchar *pwd, *newpwd;
134         const gchar *oldp;
135         GList *cur;
136         PrefsAccount *acc;
137
138         /* Make sure the user has to enter the master password before
139          * being able to change it. */
140         master_password_forget();
141
142         oldp = master_password();
143         g_return_if_fail(oldp != NULL);
144
145         /* Update master password hash in prefs */
146         if (prefs_common_get_prefs()->master_password_hash != NULL)
147                 g_free(prefs_common_get_prefs()->master_password_hash);
148
149         if (newp != NULL) {
150                 debug_print("Storing hash of new master password\n");
151                 prefs_common_get_prefs()->master_password_hash =
152                         g_compute_checksum_for_string(G_CHECKSUM_SHA512, newp, -1);
153         } else {
154                 debug_print("Setting master_password_hash to NULL\n");
155                 prefs_common_get_prefs()->master_password_hash = NULL;
156         }
157
158         /* Now go over all accounts, reencrypting their passwords using
159          * the new master password. */
160
161         if (oldp == NULL)
162                 oldp = PASSCRYPT_KEY;
163         if (newp == NULL)
164                 newp = PASSCRYPT_KEY;
165
166         debug_print("Reencrypting all account passwords...\n");
167         for (cur = account_get_list(); cur != NULL; cur = cur->next) {
168                 acc = (PrefsAccount *)cur->data;
169                 debug_print("account %s\n", acc->account_name);
170
171                 /* Password for receiving */
172                 if (acc->passwd != NULL && strlen(acc->passwd) > 0) {
173                         pwd = password_decrypt(acc->passwd, oldp);
174                         if (pwd == NULL) {
175                                 debug_print("failed to decrypt recv password with old master password\n");
176                         } else {
177                                 newpwd = password_encrypt(pwd, newp);
178                                 memset(pwd, 0, strlen(pwd));
179                                 g_free(pwd);
180                                 if (newpwd == NULL) {
181                                         debug_print("failed to encrypt recv password with new master password\n");
182                                 } else {
183                                         g_free(acc->passwd);
184                                         acc->passwd = newpwd;
185                                 }
186                         }
187                 }
188
189                 /* Password for sending */
190                 if (acc->smtp_passwd != NULL && strlen(acc->smtp_passwd) > 0) {
191                         pwd = password_decrypt(acc->smtp_passwd, oldp);
192                         if (pwd == NULL) {
193                                 debug_print("failed to decrypt smtp password with old master password\n");
194                         } else {
195                                 newpwd = password_encrypt(pwd, newp);
196                                 memset(pwd, 0, strlen(pwd));
197                                 g_free(pwd);
198                                 if (newpwd == NULL) {
199                                         debug_print("failed to encrypt smtp password with new master password\n");
200                                 } else {
201                                         g_free(acc->smtp_passwd);
202                                         acc->smtp_passwd = newpwd;
203                                 }
204                         }
205                 }
206         }
207
208         master_password_forget();
209 }
210 #endif
211
212 gchar *password_encrypt_old(const gchar *password)
213 {
214         if (!password || strlen(password) == 0) {
215                 return NULL;
216         }
217
218         gchar *encrypted = g_strdup(password);
219         gchar *encoded, *result;
220         gsize len = strlen(password);
221
222         passcrypt_encrypt(encrypted, len);
223         encoded = g_base64_encode(encrypted, len);
224         g_free(encrypted);
225         result = g_strconcat("!", encoded, NULL);
226         g_free(encoded);
227
228         return result;
229 }
230
231 gchar *password_decrypt_old(const gchar *password)
232 {
233         if (!password || strlen(password) == 0) {
234                 return NULL;
235         }
236
237         if (*password != '!' || strlen(password) < 2) {
238                 return NULL;
239         }
240
241         gsize len;
242         gchar *decrypted = g_base64_decode(password + 1, &len);
243
244         passcrypt_decrypt(decrypted, len);
245         return decrypted;
246 }
247
248 #ifdef PASSWORD_CRYPTO_GNUTLS
249 #define BUFSIZE 128
250
251 gchar *password_encrypt_gnutls(const gchar *password,
252                 const gchar *encryption_password)
253 {
254         /* Another, slightly inferior combination is AES-128-CBC + SHA-256.
255          * Any block cipher in CBC mode with keysize N and a hash algo with
256          * digest length 2*N would do. */
257         gnutls_cipher_algorithm_t algo = GNUTLS_CIPHER_AES_256_CBC;
258         gnutls_digest_algorithm_t digest = GNUTLS_DIG_SHA512;
259         gnutls_cipher_hd_t handle;
260         gnutls_datum_t key, iv;
261         int ivlen, keylen, digestlen, blocklen, ret, i;
262         unsigned char hashbuf[BUFSIZE], *buf, *encbuf, *base, *output;
263 #ifdef G_OS_UNIX
264         int rnd;
265 #endif
266
267         g_return_val_if_fail(password != NULL, NULL);
268         g_return_val_if_fail(encryption_password != NULL, NULL);
269
270         ivlen = gnutls_cipher_get_iv_size(algo);
271         keylen = gnutls_cipher_get_key_size(algo);
272         blocklen = gnutls_cipher_get_block_size(algo);
273         digestlen = gnutls_hash_get_len(digest);
274
275         /* Prepare key for cipher - first half of hash of passkey XORed with
276          * the second. */
277         memset(&hashbuf, 0, BUFSIZE);
278         if ((ret = gnutls_hash_fast(digest, encryption_password,
279                                         strlen(encryption_password), &hashbuf)) < 0) {
280                 debug_print("Hashing passkey failed: %s\n", gnutls_strerror(ret));
281                 return NULL;
282         }
283         for (i = 0; i < digestlen/2; i++) {
284                 hashbuf[i] = hashbuf[i] ^ hashbuf[i+digestlen/2];
285         }
286
287         key.data = malloc(keylen);
288         memcpy(key.data, &hashbuf, keylen);
289         key.size = keylen;
290
291 #ifdef G_OS_UNIX
292         /* Prepare our source of random data. */
293         rnd = open("/dev/urandom", O_RDONLY);
294         if (rnd == -1) {
295                 perror("fopen on /dev/urandom");
296                 g_free(key.data);
297                 g_free(iv.data);
298                 return NULL;
299         }
300 #endif
301
302         /* Prepare random IV for cipher */
303         iv.data = malloc(ivlen);
304         iv.size = ivlen;
305 #ifdef G_OS_UNIX
306         ret = read(rnd, iv.data, ivlen);
307         if (ret != ivlen) {
308                 perror("read into iv");
309                 g_free(key.data);
310                 g_free(iv.data);
311                 close(rnd);
312                 return NULL;
313         }
314 #endif
315
316         /* Initialize the encryption */
317         ret = gnutls_cipher_init(&handle, algo, &key, &iv);
318         if (ret < 0) {
319                 g_free(key.data);
320                 g_free(iv.data);
321 #ifdef G_OS_UNIX
322                 close(rnd);
323 #endif
324                 return NULL;
325         }
326
327         /* Fill buf with one block of random data, our password, pad the
328          * rest with zero bytes. */
329         buf = malloc(BUFSIZE + blocklen);
330         memset(buf, 0, BUFSIZE);
331 #ifdef G_OS_UNIX
332         ret = read(rnd, buf, blocklen);
333         if (ret != blocklen) {
334                 perror("read into buffer");
335                 g_free(buf);
336                 g_free(key.data);
337                 g_free(iv.data);
338                 close(rnd);
339                 gnutls_cipher_deinit(handle);
340                 return NULL;
341         }
342
343         /* We don't need any more random data. */
344         close(rnd);
345 #endif
346
347         memcpy(buf + blocklen, password, strlen(password));
348
349         /* Encrypt into encbuf */
350         encbuf = malloc(BUFSIZE + blocklen);
351         memset(encbuf, 0, BUFSIZE + blocklen);
352         ret = gnutls_cipher_encrypt2(handle, buf, BUFSIZE + blocklen,
353                         encbuf, BUFSIZE + blocklen);
354         if (ret < 0) {
355                 g_free(key.data);
356                 g_free(iv.data);
357                 g_free(buf);
358                 g_free(encbuf);
359                 gnutls_cipher_deinit(handle);
360                 return NULL;
361         }
362
363         /* Cleanup */
364         gnutls_cipher_deinit(handle);
365         g_free(key.data);
366         g_free(iv.data);
367         g_free(buf);
368
369         /* And finally prepare the resulting string:
370          * "{algorithm}base64encodedciphertext" */
371         base = g_base64_encode(encbuf, BUFSIZE);
372         g_free(encbuf);
373         output = g_strdup_printf("{%s}%s", gnutls_cipher_get_name(algo), base);
374         g_free(base);
375
376         return output;
377 }
378
379 gchar *password_decrypt_gnutls(const gchar *password,
380                 const gchar *decryption_password)
381 {
382         gchar **tokens, *tmp;
383         gnutls_cipher_algorithm_t algo;
384         gnutls_digest_algorithm_t digest = GNUTLS_DIG_UNKNOWN;
385         gnutls_cipher_hd_t handle;
386         gnutls_datum_t key, iv;
387         int ivlen, keylen, digestlen, blocklen, ret, i;
388         gsize len;
389         unsigned char hashbuf[BUFSIZE], *buf;
390 #ifdef G_OS_UNIX
391         int rnd;
392 #endif
393
394         g_return_val_if_fail(password != NULL, NULL);
395         g_return_val_if_fail(decryption_password != NULL, NULL);
396
397         tokens = g_strsplit_set(password, "{}", 3);
398
399         /* Parse the string, retrieving algorithm and encrypted data.
400          * We expect "{algorithm}base64encodedciphertext". */
401         if (strlen(tokens[0]) != 0 ||
402                         (algo = gnutls_cipher_get_id(tokens[1])) == GNUTLS_CIPHER_UNKNOWN ||
403                         strlen(tokens[2]) == 0)
404                 return NULL;
405
406         /* Our hash algo needs to have digest length twice as long as our
407          * cipher algo's key length. */
408         if (algo == GNUTLS_CIPHER_AES_256_CBC) {
409                 debug_print("Using AES-256-CBC + SHA-512 for decryption\n");
410                 digest = GNUTLS_DIG_SHA512;
411         } else if (algo == GNUTLS_CIPHER_AES_128_CBC) {
412                 debug_print("Using AES-128-CBC + SHA-256 for decryption\n");
413                 digest = GNUTLS_DIG_SHA256;
414         }
415         if (digest == GNUTLS_DIG_UNKNOWN) {
416                 debug_print("Password is encrypted with unsupported cipher, giving up.\n");
417                 g_strfreev(tokens);
418                 return NULL;
419         }
420
421         ivlen = gnutls_cipher_get_iv_size(algo);
422         keylen = gnutls_cipher_get_key_size(algo);
423         blocklen = gnutls_cipher_get_block_size(algo);
424         digestlen = gnutls_hash_get_len(digest);
425
426         /* Prepare key for cipher - first half of hash of passkey XORed with
427          * the second. AES-256 has key length 32 and length of SHA-512 hash
428          * is exactly twice that, 64. */
429         memset(&hashbuf, 0, BUFSIZE);
430         if ((ret = gnutls_hash_fast(digest, decryption_password,
431                                         strlen(decryption_password), &hashbuf)) < 0) {
432                 debug_print("Hashing passkey failed: %s\n", gnutls_strerror(ret));
433                 g_strfreev(tokens);
434                 return NULL;
435         }
436         for (i = 0; i < digestlen/2; i++) {
437                 hashbuf[i] = hashbuf[i] ^ hashbuf[i+digestlen/2];
438         }
439
440         key.data = malloc(keylen);
441         memcpy(key.data, &hashbuf, keylen);
442         key.size = keylen;
443
444 #ifdef G_OS_UNIX
445         /* Prepare our source of random data. */
446         rnd = open("/dev/urandom", O_RDONLY);
447         if (rnd == -1) {
448                 perror("fopen on /dev/urandom");
449                 g_free(key.data);
450                 g_free(iv.data);
451                 g_strfreev(tokens);
452                 return NULL;
453         }
454 #endif
455
456         /* Prepare random IV for cipher */
457         iv.data = malloc(ivlen);
458         iv.size = ivlen;
459 #ifdef G_OS_UNIX
460         ret = read(rnd, iv.data, ivlen);
461         if (ret != ivlen) {
462                 perror("read into iv");
463                 g_free(key.data);
464                 g_free(iv.data);
465                 g_strfreev(tokens);
466                 close(rnd);
467                 return NULL;
468         }
469
470         /* We don't need any more random data. */
471         close(rnd);
472 #endif
473
474         /* Prepare encrypted password string for decryption. */
475         tmp = g_base64_decode(tokens[2], &len);
476         g_strfreev(tokens);
477
478         /* Initialize the decryption */
479         ret = gnutls_cipher_init(&handle, algo, &key, &iv);
480         if (ret < 0) {
481                 debug_print("Cipher init failed: %s\n", gnutls_strerror(ret));
482                 g_free(key.data);
483                 g_free(iv.data);
484                 return NULL;
485         }
486
487         buf = malloc(BUFSIZE + blocklen);
488         memset(buf, 0, BUFSIZE + blocklen);
489         ret = gnutls_cipher_decrypt2(handle, tmp, len,
490                         buf, BUFSIZE + blocklen);
491         if (ret < 0) {
492                 debug_print("Decryption failed: %s\n", gnutls_strerror(ret));
493                 g_free(key.data);
494                 g_free(iv.data);
495                 g_free(buf);
496                 gnutls_cipher_deinit(handle);
497                 return NULL;
498         }
499
500         /* Cleanup */
501         gnutls_cipher_deinit(handle);
502         g_free(key.data);
503         g_free(iv.data);
504
505         tmp = g_strndup(buf + blocklen, MIN(strlen(buf + blocklen), BUFSIZE));
506         g_free(buf);
507         return tmp;
508 }
509
510 #undef BUFSIZE
511
512 #endif
513
514 gchar *password_encrypt(const gchar *password,
515                 const gchar *encryption_password)
516 {
517         if (password == NULL || strlen(password) == 0) {
518                 return NULL;
519         }
520
521 #ifndef PASSWORD_CRYPTO_OLD
522         if (encryption_password == NULL)
523                 encryption_password = master_password();
524
525         return password_encrypt_real(password, encryption_password);
526 #endif
527
528         return password_encrypt_old(password);
529 }
530
531 gchar *password_decrypt(const gchar *password,
532                 const gchar *decryption_password)
533 {
534         if (password == NULL || strlen(password) == 0) {
535                 return NULL;
536         }
537
538         /* First, check if the password was possibly decrypted using old,
539          * obsolete method */
540         if (*password == '!') {
541                 debug_print("Trying to decrypt password using the old method...\n");
542                 return password_decrypt_old(password);
543         }
544
545         /* Try available crypto backend */
546 #ifndef PASSWORD_CRYPTO_OLD
547         if (decryption_password == NULL)
548                 decryption_password = master_password();
549
550         if (*password == '{') {
551                 debug_print("Trying to decrypt password...\n");
552                 return password_decrypt_real(password, decryption_password);
553         }
554 #endif
555
556         /* Fallback, in case the configuration is really old and
557          * stored password in plaintext */
558         debug_print("Assuming password was stored plaintext, returning it unchanged\n");
559         return g_strdup(password);
560 }