|
Lines 167-269
Link Here
|
| 167 |
int newline_stop; |
167 |
int newline_stop; |
| 168 |
int read_horizon; |
168 |
int read_horizon; |
| 169 |
|
169 |
|
| 170 |
if(options->key_file && !strcmp(options->key_file, "-")) { |
170 |
if(options->passphrase) { |
| 171 |
/* Allow binary reading from stdin */ |
171 |
if(strlen(options->passphrase) > 512) |
| 172 |
fd = options->passphrase_fd; |
172 |
{ |
| 173 |
newline_stop = 0; |
173 |
set_error("Passphrase size exceeds memory limits"); |
| 174 |
read_horizon = 0; |
|
|
| 175 |
} else if (options->key_file) { |
| 176 |
fd = open(options->key_file, O_RDONLY); |
| 177 |
if (fd < 0) { |
| 178 |
char buf[128]; |
| 179 |
set_error("Error opening key file: %s", |
| 180 |
strerror_r(errno, buf, 128)); |
| 181 |
goto out_err; |
174 |
goto out_err; |
| 182 |
} |
175 |
} |
| 183 |
newline_stop = 0; |
|
|
| 184 |
|
| 185 |
/* This can either be 0 (LUKS) or the actually number |
| 186 |
* of key bytes (default or passed by -s) */ |
| 187 |
read_horizon = options->key_size; |
| 188 |
} else { |
| 189 |
fd = options->passphrase_fd; |
| 190 |
newline_stop = 1; |
| 191 |
read_horizon = 0; /* Infinite, if read from terminal or fd */ |
| 192 |
} |
| 193 |
|
| 194 |
/* Interactive case */ |
| 195 |
if(isatty(fd)) { |
| 196 |
int i; |
| 197 |
|
| 198 |
pass = safe_alloc(512); |
176 |
pass = safe_alloc(512); |
| 199 |
if (!pass || (i = interactive_pass(prompt, pass, 512, options->timeout))) { |
177 |
strcpy(pass, options->passphrase); |
| 200 |
set_error("Error reading passphrase"); |
178 |
*key = pass; |
| 201 |
goto out_err; |
179 |
*passLen = strlen(pass); |
| 202 |
} |
180 |
} |
| 203 |
if (verify || verify_if_possible) { |
181 |
else { |
| 204 |
char pass_verify[512]; |
182 |
if(options->key_file && !strcmp(options->key_file, "-")) { |
| 205 |
i = interactive_pass("Verify passphrase: ", pass_verify, sizeof(pass_verify), options->timeout); |
183 |
/* Allow binary reading from stdin */ |
| 206 |
if (i || strcmp(pass, pass_verify) != 0) { |
184 |
fd = options->passphrase_fd; |
| 207 |
set_error("Passphrases do not match"); |
185 |
newline_stop = 0; |
|
|
186 |
read_horizon = 0; |
| 187 |
} else if (options->key_file) { |
| 188 |
fd = open(options->key_file, O_RDONLY); |
| 189 |
if (fd < 0) { |
| 190 |
char buf[128]; |
| 191 |
set_error("Error opening key file: %s", |
| 192 |
strerror_r(errno, buf, 128)); |
| 208 |
goto out_err; |
193 |
goto out_err; |
| 209 |
} |
194 |
} |
| 210 |
memset(pass_verify, 0, sizeof(pass_verify)); |
195 |
newline_stop = 0; |
| 211 |
} |
196 |
|
| 212 |
*passLen = strlen(pass); |
197 |
/* This can either be 0 (LUKS) or the actually number |
| 213 |
*key = pass; |
198 |
* of key bytes (default or passed by -s) */ |
| 214 |
} else { |
199 |
read_horizon = options->key_size; |
| 215 |
/* |
200 |
} else { |
| 216 |
* This is either a fd-input or a file, in neither case we can verify the input, |
201 |
fd = options->passphrase_fd; |
| 217 |
* however we don't stop on new lines if it's a binary file. |
202 |
newline_stop = 1; |
| 218 |
*/ |
203 |
read_horizon = 0; /* Infinite, if read from terminal or fd */ |
| 219 |
int buflen, i; |
204 |
} |
| 220 |
|
205 |
|
| 221 |
if(verify) { |
206 |
/* Interactive case */ |
| 222 |
set_error("Can't do passphrase verification on non-tty inputs"); |
207 |
if(isatty(fd)) { |
| 223 |
goto out_err; |
208 |
int i; |
| 224 |
} |
209 |
|
| 225 |
/* The following for control loop does an exhausting |
210 |
pass = safe_alloc(512); |
| 226 |
* read on the key material file, if requested with |
211 |
if (!pass || (i = interactive_pass(prompt, pass, 512, options->timeout))) { |
| 227 |
* key_size == 0, as it's done by LUKS. However, we |
212 |
set_error("Error reading passphrase"); |
| 228 |
* should warn the user, if it's a non-regular file, |
|
|
| 229 |
* such as /dev/random, because in this case, the loop |
| 230 |
* will read forever. |
| 231 |
*/ |
| 232 |
if(options->key_file && strcmp(options->key_file, "-") && read_horizon == 0) { |
| 233 |
struct stat st; |
| 234 |
if(stat(options->key_file, &st) < 0) { |
| 235 |
set_error("Can't stat key file"); |
| 236 |
goto out_err; |
213 |
goto out_err; |
| 237 |
} |
214 |
} |
| 238 |
if(!S_ISREG(st.st_mode)) { |
215 |
if (verify || verify_if_possible) { |
| 239 |
// set_error("Can't do exhausting read on non regular files"); |
216 |
char pass_verify[512]; |
| 240 |
// goto out_err; |
217 |
i = interactive_pass("Verify passphrase: ", pass_verify, sizeof(pass_verify), options->timeout); |
| 241 |
fprintf(stderr,"Warning: exhausting read requested, but key file is not a regular file, function might never return.\n"); |
218 |
if (i || strcmp(pass, pass_verify) != 0) { |
|
|
219 |
set_error("Passphrases do not match"); |
| 220 |
goto out_err; |
| 221 |
} |
| 222 |
memset(pass_verify, 0, sizeof(pass_verify)); |
| 242 |
} |
223 |
} |
| 243 |
} |
224 |
*passLen = strlen(pass); |
| 244 |
buflen = 0; |
225 |
*key = pass; |
| 245 |
for(i = 0; read_horizon == 0 || i < read_horizon; i++) { |
226 |
} else { |
| 246 |
if(i >= buflen - 1) { |
227 |
/* |
| 247 |
buflen += 128; |
228 |
* This is either a fd-input or a file, in neither case we can verify the input, |
| 248 |
pass = safe_realloc(pass, buflen); |
229 |
* however we don't stop on new lines if it's a binary file. |
| 249 |
if (!pass) { |
230 |
*/ |
| 250 |
set_error("Not enough memory while " |
231 |
int buflen, i; |
| 251 |
"reading passphrase"); |
232 |
|
|
|
233 |
if(verify) { |
| 234 |
set_error("Can't do passphrase verification on non-tty inputs"); |
| 235 |
goto out_err; |
| 236 |
} |
| 237 |
/* The following for control loop does an exhausting |
| 238 |
* read on the key material file, if requested with |
| 239 |
* key_size == 0, as it's done by LUKS. However, we |
| 240 |
* should warn the user, if it's a non-regular file, |
| 241 |
* such as /dev/random, because in this case, the loop |
| 242 |
* will read forever. |
| 243 |
*/ |
| 244 |
if(options->key_file && strcmp(options->key_file, "-") && read_horizon == 0) { |
| 245 |
struct stat st; |
| 246 |
if(stat(options->key_file, &st) < 0) { |
| 247 |
set_error("Can't stat key file"); |
| 252 |
goto out_err; |
248 |
goto out_err; |
| 253 |
} |
249 |
} |
|
|
250 |
if(!S_ISREG(st.st_mode)) { |
| 251 |
// set_error("Can't do exhausting read on non regular files"); |
| 252 |
// goto out_err; |
| 253 |
fprintf(stderr,"Warning: exhausting read requested, but key file is not a regular file, function might never return.\n"); |
| 254 |
} |
| 254 |
} |
255 |
} |
| 255 |
if(read(fd, pass + i, 1) != 1 || (newline_stop && pass[i] == '\n')) |
256 |
buflen = 0; |
| 256 |
break; |
257 |
for(i = 0; read_horizon == 0 || i < read_horizon; i++) { |
|
|
258 |
if(i >= buflen - 1) { |
| 259 |
buflen += 128; |
| 260 |
pass = safe_realloc(pass, buflen); |
| 261 |
if (!pass) { |
| 262 |
set_error("Not enough memory while " |
| 263 |
"reading passphrase"); |
| 264 |
goto out_err; |
| 265 |
} |
| 266 |
} |
| 267 |
if(read(fd, pass + i, 1) != 1 || (newline_stop && pass[i] == '\n')) |
| 268 |
break; |
| 269 |
} |
| 270 |
if(options->key_file) |
| 271 |
close(fd); |
| 272 |
pass[i] = 0; |
| 273 |
*key = pass; |
| 274 |
*passLen = i; |
| 257 |
} |
275 |
} |
| 258 |
if(options->key_file) |
276 |
|
| 259 |
close(fd); |
277 |
return isatty(fd); /* Return true, when password reading can be tried on interactive fds */ |
| 260 |
pass[i] = 0; |
|
|
| 261 |
*key = pass; |
| 262 |
*passLen = i; |
| 263 |
} |
278 |
} |
| 264 |
|
279 |
return 0; |
| 265 |
return isatty(fd); /* Return true, when password reading can be tried on interactive fds */ |
280 |
|
| 266 |
|
|
|
| 267 |
out_err: |
281 |
out_err: |
| 268 |
if(pass) |
282 |
if(pass) |
| 269 |
safe_free(pass); |
283 |
safe_free(pass); |
