bool agent_get_decryption_key(unsigned char key[KDF_HASH_LEN])
{
char *disable_str;
if (config_exists("plaintext_key")) {
_cleanup_free_ char *key_buffer = NULL;
if (config_read_buffer("plaintext_key", &key_buffer) == KDF_HASH_LEN) {
_cleanup_free_ char *verify = config_read_encrypted_string("verify", (unsigned char *)key_buffer);
if (!verify || strcmp(verify, AGENT_VERIFICATION_STRING))
goto badkey;
memcpy(key, key_buffer, KDF_HASH_LEN);
secure_clear(key_buffer, KDF_HASH_LEN);
mlock(key, KDF_HASH_LEN);
return true;
}
badkey: config_unlink("plaintext_key");
}
if (!agent_ask(key)) {
if (!agent_load_key(key))
return false;
disable_str = getenv("LPASS_AGENT_DISABLE");
if (!disable_str || strcmp(disable_str, "1")) {
agent_start(key);
}
}
mlock(key, KDF_HASH_LEN);
return true;
}
char *config_read_string(const char *name)
{
_cleanup_free_ char *buffer = NULL;
size_t len = config_read_buffer(name, (unsigned char **) &buffer);
if (!buffer)
return NULL;
return xstrndup(buffer, len);
}
size_t config_read_encrypted_buffer(const char *name, unsigned char **buffer, unsigned const char key[KDF_HASH_LEN])
{
_cleanup_free_ unsigned char *encrypted_buffer = NULL;
size_t len;
len = config_read_buffer(name, &encrypted_buffer);
if (!encrypted_buffer) {
*buffer = NULL;
return 0;
}
return decrypt_buffer(encrypted_buffer, len, key, buffer);
}
