Changeset View
Changeset View
Standalone View
Standalone View
agent/cache.c
Context not available. | |||||
/* The size of the encryption key in bytes. */ | /* The size of the encryption key in bytes. */ | ||||
#define ENCRYPTION_KEYSIZE (128/8) | #define ENCRYPTION_KEYSIZE (128/8) | ||||
/* A mutex used to protect the encryption. This is required because | /* A mutex used to serialize access to the cache. */ | ||||
we use one context to do all encryption and decryption. */ | static npth_mutex_t cache_lock; | ||||
static npth_mutex_t encryption_lock; | |||||
/* The encryption context. This is the only place where the | /* The encryption context. This is the only place where the | ||||
encryption key for all cached entries is available. It would be nice | encryption key for all cached entries is available. It would be nice | ||||
to keep this (or just the key) in some hardware device, for example | to keep this (or just the key) in some hardware device, for example | ||||
Context not available. | |||||
{ | { | ||||
int err; | int err; | ||||
err = npth_mutex_init (&encryption_lock, NULL); | err = npth_mutex_init (&cache_lock, NULL); | ||||
if (err) | if (err) | ||||
log_fatal ("error initializing cache module: %s\n", strerror (err)); | log_fatal ("error initializing cache module: %s\n", strerror (err)); | ||||
Context not available. | |||||
{ | { | ||||
gpg_error_t err; | gpg_error_t err; | ||||
void *key; | void *key; | ||||
int res; | |||||
if (encryption_handle) | if (encryption_handle) | ||||
return 0; /* Shortcut - Already initialized. */ | return 0; /* Shortcut - Already initialized. */ | ||||
res = npth_mutex_lock (&encryption_lock); | |||||
if (res) | |||||
log_fatal ("failed to acquire cache encryption mutex: %s\n", strerror (res)); | |||||
err = gcry_cipher_open (&encryption_handle, GCRY_CIPHER_AES128, | err = gcry_cipher_open (&encryption_handle, GCRY_CIPHER_AES128, | ||||
GCRY_CIPHER_MODE_AESWRAP, GCRY_CIPHER_SECURE); | GCRY_CIPHER_MODE_AESWRAP, GCRY_CIPHER_SECURE); | ||||
if (!err) | if (!err) | ||||
Context not available. | |||||
log_error ("error initializing cache encryption context: %s\n", | log_error ("error initializing cache encryption context: %s\n", | ||||
gpg_strerror (err)); | gpg_strerror (err)); | ||||
res = npth_mutex_unlock (&encryption_lock); | |||||
if (res) | |||||
log_fatal ("failed to release cache encryption mutex: %s\n", strerror (res)); | |||||
return err? gpg_error (GPG_ERR_NOT_INITIALIZED) : 0; | return err? gpg_error (GPG_ERR_NOT_INITIALIZED) : 0; | ||||
} | } | ||||
Context not available. | |||||
struct secret_data_s *d, *d_enc; | struct secret_data_s *d, *d_enc; | ||||
size_t length; | size_t length; | ||||
int total; | int total; | ||||
int res; | |||||
*r_data = NULL; | *r_data = NULL; | ||||
Context not available. | |||||
} | } | ||||
d_enc->totallen = total; | d_enc->totallen = total; | ||||
res = npth_mutex_lock (&encryption_lock); | |||||
if (res) | |||||
log_fatal ("failed to acquire cache encryption mutex: %s\n", | |||||
strerror (res)); | |||||
err = gcry_cipher_encrypt (encryption_handle, d_enc->data, total, | err = gcry_cipher_encrypt (encryption_handle, d_enc->data, total, | ||||
d->data, total - 8); | d->data, total - 8); | ||||
xfree (d); | xfree (d); | ||||
res = npth_mutex_unlock (&encryption_lock); | |||||
if (res) | |||||
log_fatal ("failed to release cache encryption mutex: %s\n", strerror (res)); | |||||
if (err) | if (err) | ||||
{ | { | ||||
xfree (d_enc); | xfree (d_enc); | ||||
Context not available. | |||||
agent_flush_cache (void) | agent_flush_cache (void) | ||||
{ | { | ||||
ITEM r; | ITEM r; | ||||
int res; | |||||
if (DBG_CACHE) | if (DBG_CACHE) | ||||
log_debug ("agent_flush_cache\n"); | log_debug ("agent_flush_cache\n"); | ||||
res = npth_mutex_lock (&cache_lock); | |||||
if (res) | |||||
log_fatal ("failed to acquire cache mutex: %s\n", strerror (res)); | |||||
for (r=thecache; r; r = r->next) | for (r=thecache; r; r = r->next) | ||||
{ | { | ||||
if (r->pw) | if (r->pw) | ||||
Context not available. | |||||
r->accessed = 0; | r->accessed = 0; | ||||
} | } | ||||
} | } | ||||
res = npth_mutex_unlock (&cache_lock); | |||||
if (res) | |||||
log_fatal ("failed to release cache mutex: %s\n", strerror (res)); | |||||
} | } | ||||
Context not available. | |||||
{ | { | ||||
gpg_error_t err = 0; | gpg_error_t err = 0; | ||||
ITEM r; | ITEM r; | ||||
int res; | |||||
res = npth_mutex_lock (&cache_lock); | |||||
if (res) | |||||
log_fatal ("failed to acquire cache mutex: %s\n", strerror (res)); | |||||
if (DBG_CACHE) | if (DBG_CACHE) | ||||
log_debug ("agent_put_cache '%s' (mode %d) requested ttl=%d\n", | log_debug ("agent_put_cache '%s' (mode %d) requested ttl=%d\n", | ||||
Context not available. | |||||
} | } | ||||
} | } | ||||
if ((!ttl && data) || cache_mode == CACHE_MODE_IGNORE) | if ((!ttl && data) || cache_mode == CACHE_MODE_IGNORE) | ||||
return 0; | goto out; | ||||
for (r=thecache; r; r = r->next) | for (r=thecache; r; r = r->next) | ||||
{ | { | ||||
Context not available. | |||||
if (err) | if (err) | ||||
log_error ("error inserting cache item: %s\n", gpg_strerror (err)); | log_error ("error inserting cache item: %s\n", gpg_strerror (err)); | ||||
} | } | ||||
out: | |||||
res = npth_mutex_unlock (&cache_lock); | |||||
if (res) | |||||
log_fatal ("failed to release cache mutex: %s\n", strerror (res)); | |||||
return err; | return err; | ||||
} | } | ||||
Context not available. | |||||
if (cache_mode == CACHE_MODE_IGNORE) | if (cache_mode == CACHE_MODE_IGNORE) | ||||
return NULL; | return NULL; | ||||
res = npth_mutex_lock (&cache_lock); | |||||
if (res) | |||||
log_fatal ("failed to acquire cache mutex: %s\n", strerror (res)); | |||||
if (!key) | if (!key) | ||||
{ | { | ||||
key = last_stored_cache_key; | key = last_stored_cache_key; | ||||
if (!key) | if (!key) | ||||
return NULL; | goto out; | ||||
last_stored = 1; | last_stored = 1; | ||||
} | } | ||||
if (DBG_CACHE) | if (DBG_CACHE) | ||||
log_debug ("agent_get_cache '%s' (mode %d)%s ...\n", | log_debug ("agent_get_cache '%s' (mode %d)%s ...\n", | ||||
key, cache_mode, | key, cache_mode, | ||||
Context not available. | |||||
err = gpg_error_from_syserror (); | err = gpg_error_from_syserror (); | ||||
else | else | ||||
{ | { | ||||
res = npth_mutex_lock (&encryption_lock); | |||||
if (res) | |||||
log_fatal ("failed to acquire cache encryption mutex: %s\n", | |||||
strerror (res)); | |||||
err = gcry_cipher_decrypt (encryption_handle, | err = gcry_cipher_decrypt (encryption_handle, | ||||
value, r->pw->totallen - 8, | value, r->pw->totallen - 8, | ||||
r->pw->data, r->pw->totallen); | r->pw->data, r->pw->totallen); | ||||
res = npth_mutex_unlock (&encryption_lock); | |||||
if (res) | |||||
log_fatal ("failed to release cache encryption mutex: %s\n", | |||||
strerror (res)); | |||||
} | } | ||||
if (err) | if (err) | ||||
{ | { | ||||
Context not available. | |||||
log_error ("retrieving cache entry '%s' failed: %s\n", | log_error ("retrieving cache entry '%s' failed: %s\n", | ||||
key, gpg_strerror (err)); | key, gpg_strerror (err)); | ||||
} | } | ||||
return value; | break; | ||||
} | } | ||||
} | } | ||||
if (DBG_CACHE) | if (DBG_CACHE && value == NULL) | ||||
log_debug ("... miss\n"); | log_debug ("... miss\n"); | ||||
return NULL; | out: | ||||
res = npth_mutex_unlock (&cache_lock); | |||||
if (res) | |||||
log_fatal ("failed to release cache mutex: %s\n", strerror (res)); | |||||
return value; | |||||
} | } | ||||
Context not available. |