mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-17 14:07:03 +01:00
g10: report whether key in agent is passphrase-protected or not
* g10/call-agent.c, g10/call-agent.h (agent_get_keyinfo): add r_cleartext parameter to report whether a key is stored without passphrase protection. * g10/gpgv.c, g10/test-stubs.c: augment dummy agent_get_keyinfo to match new API. * g10/export.c, g10/keyedit.c, g10/keygen.c, g10/keylist.c, g10/sign.c: pass NULL to agent_get_keyinfo since we do not yet need to know whether agent is passphrase-protected. -- Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This commit is contained in:
parent
5cc1613dce
commit
00f30cc01c
@ -1671,26 +1671,42 @@ agent_probe_any_secret_key (ctrl_t ctrl, kbnode_t keyblock)
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
struct keyinfo_data {
|
||||||
|
char *serialno;
|
||||||
|
int cleartext;
|
||||||
|
};
|
||||||
|
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
keyinfo_status_cb (void *opaque, const char *line)
|
keyinfo_status_cb (void *opaque, const char *line)
|
||||||
{
|
{
|
||||||
char **serialno = opaque;
|
struct keyinfo_data *data = opaque;
|
||||||
|
int is_smartcard;
|
||||||
const char *s, *s2;
|
const char *s, *s2;
|
||||||
|
|
||||||
if ((s = has_leading_keyword (line, "KEYINFO")) && !*serialno)
|
if ((s = has_leading_keyword (line, "KEYINFO")) && data)
|
||||||
{
|
{
|
||||||
s = strchr (s, ' ');
|
s = strchr (s, ' ');
|
||||||
if (s && s[1] == 'T' && s[2] == ' ' && s[3])
|
if (s)
|
||||||
{
|
{
|
||||||
s += 3;
|
is_smartcard = (s[1] == 'T');
|
||||||
s2 = strchr (s, ' ');
|
if ( s[2] == ' ' && s[3] )
|
||||||
if ( s2 > s )
|
|
||||||
{
|
{
|
||||||
*serialno = xtrymalloc ((s2 - s)+1);
|
s += 3;
|
||||||
if (*serialno)
|
s2 = strchr (s, ' ');
|
||||||
|
if ( s2 > s )
|
||||||
{
|
{
|
||||||
memcpy (*serialno, s, s2 - s);
|
if (is_smartcard && !data->serialno)
|
||||||
(*serialno)[s2 - s] = 0;
|
{
|
||||||
|
data->serialno = xtrymalloc ((s2 - s)+1);
|
||||||
|
if (data->serialno)
|
||||||
|
{
|
||||||
|
memcpy (data->serialno, s, s2 - s);
|
||||||
|
(data->serialno)[s2 - s] = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (s2 = strchr (s2 + 1, ' '), s2) /* skip IDSTR (can IDSTR contain a space?) */
|
||||||
|
if (s2 = strchr (s2 + 1, ' '), s2) /* skip CACHED */
|
||||||
|
data->cleartext = (s2[1] == 'C'); /* 'P' for protected, 'C' for clear */
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1701,13 +1717,18 @@ keyinfo_status_cb (void *opaque, const char *line)
|
|||||||
|
|
||||||
/* Return the serial number for a secret key. If the returned serial
|
/* Return the serial number for a secret key. If the returned serial
|
||||||
number is NULL, the key is not stored on a smartcard. Caller needs
|
number is NULL, the key is not stored on a smartcard. Caller needs
|
||||||
to free R_SERIALNO. */
|
to free R_SERIALNO.
|
||||||
|
|
||||||
|
if r_cleartext is not NULL, the referenced int will be set to 1 if
|
||||||
|
the agent's copy of the key is stored in the clear, or 0 otherwise
|
||||||
|
*/
|
||||||
gpg_error_t
|
gpg_error_t
|
||||||
agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip, char **r_serialno)
|
agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip,
|
||||||
|
char **r_serialno, int *r_cleartext)
|
||||||
{
|
{
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
char line[ASSUAN_LINELENGTH];
|
char line[ASSUAN_LINELENGTH];
|
||||||
char *serialno = NULL;
|
struct keyinfo_data keyinfo = { .serialno = NULL, .cleartext = 0 };
|
||||||
|
|
||||||
*r_serialno = NULL;
|
*r_serialno = NULL;
|
||||||
|
|
||||||
@ -1722,17 +1743,21 @@ agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip, char **r_serialno)
|
|||||||
line[DIM(line)-1] = 0;
|
line[DIM(line)-1] = 0;
|
||||||
|
|
||||||
err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL,
|
err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL,
|
||||||
keyinfo_status_cb, &serialno);
|
keyinfo_status_cb, &keyinfo);
|
||||||
if (!err && serialno)
|
if (!err && keyinfo.serialno)
|
||||||
{
|
{
|
||||||
/* Sanity check for bad characters. */
|
/* Sanity check for bad characters. */
|
||||||
if (strpbrk (serialno, ":\n\r"))
|
if (strpbrk (keyinfo.serialno, ":\n\r"))
|
||||||
err = GPG_ERR_INV_VALUE;
|
err = GPG_ERR_INV_VALUE;
|
||||||
}
|
}
|
||||||
if (err)
|
if (err)
|
||||||
xfree (serialno);
|
xfree (keyinfo.serialno);
|
||||||
else
|
else
|
||||||
*r_serialno = serialno;
|
{
|
||||||
|
*r_serialno = keyinfo.serialno;
|
||||||
|
if (r_cleartext)
|
||||||
|
*r_cleartext = keyinfo.cleartext;
|
||||||
|
}
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -153,7 +153,7 @@ gpg_error_t agent_probe_any_secret_key (ctrl_t ctrl, kbnode_t keyblock);
|
|||||||
|
|
||||||
/* Return infos about the secret key with HEXKEYGRIP. */
|
/* Return infos about the secret key with HEXKEYGRIP. */
|
||||||
gpg_error_t agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip,
|
gpg_error_t agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip,
|
||||||
char **r_serialno);
|
char **r_serialno, int *r_cleartext);
|
||||||
|
|
||||||
/* Generate a new key. */
|
/* Generate a new key. */
|
||||||
gpg_error_t agent_genkey (ctrl_t ctrl,
|
gpg_error_t agent_genkey (ctrl_t ctrl,
|
||||||
|
@ -1228,7 +1228,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
|
|||||||
serialno = NULL;
|
serialno = NULL;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
err = agent_get_keyinfo (ctrl, hexgrip, &serialno);
|
err = agent_get_keyinfo (ctrl, hexgrip, &serialno, NULL);
|
||||||
|
|
||||||
if ((!err && serialno)
|
if ((!err && serialno)
|
||||||
&& secret == 2 && node->pkt->pkttype == PKT_PUBLIC_KEY)
|
&& secret == 2 && node->pkt->pkttype == PKT_PUBLIC_KEY)
|
||||||
|
@ -603,10 +603,12 @@ agent_probe_any_secret_key (ctrl_t ctrl, kbnode_t keyblock)
|
|||||||
}
|
}
|
||||||
|
|
||||||
gpg_error_t
|
gpg_error_t
|
||||||
agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip, char **r_serialno)
|
agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip,
|
||||||
|
char **r_serialno, int *r_cleartext)
|
||||||
{
|
{
|
||||||
(void)ctrl;
|
(void)ctrl;
|
||||||
(void)hexkeygrip;
|
(void)hexkeygrip;
|
||||||
|
(void)r_cleartext;
|
||||||
*r_serialno = NULL;
|
*r_serialno = NULL;
|
||||||
return gpg_error (GPG_ERR_NO_SECKEY);
|
return gpg_error (GPG_ERR_NO_SECKEY);
|
||||||
}
|
}
|
||||||
|
@ -1692,7 +1692,7 @@ change_passphrase (ctrl_t ctrl, kbnode_t keyblock)
|
|||||||
err = hexkeygrip_from_pk (pk, &hexgrip);
|
err = hexkeygrip_from_pk (pk, &hexgrip);
|
||||||
if (err)
|
if (err)
|
||||||
goto leave;
|
goto leave;
|
||||||
err = agent_get_keyinfo (ctrl, hexgrip, &serialno);
|
err = agent_get_keyinfo (ctrl, hexgrip, &serialno, NULL);
|
||||||
if (!err && serialno)
|
if (!err && serialno)
|
||||||
; /* Key on card. */
|
; /* Key on card. */
|
||||||
else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
|
else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
|
||||||
@ -3766,7 +3766,7 @@ show_key_with_all_names (ctrl_t ctrl, estream_t fp,
|
|||||||
have_seckey = 0;
|
have_seckey = 0;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
have_seckey = !agent_get_keyinfo (ctrl, hexgrip, &serialno);
|
have_seckey = !agent_get_keyinfo (ctrl, hexgrip, &serialno, NULL);
|
||||||
xfree (hexgrip);
|
xfree (hexgrip);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -4571,7 +4571,7 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr,
|
|||||||
err = hexkeygrip_from_pk (pri_psk, &hexgrip);
|
err = hexkeygrip_from_pk (pri_psk, &hexgrip);
|
||||||
if (err)
|
if (err)
|
||||||
goto leave;
|
goto leave;
|
||||||
if (agent_get_keyinfo (NULL, hexgrip, &serialno))
|
if (agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
|
||||||
{
|
{
|
||||||
if (interactive)
|
if (interactive)
|
||||||
tty_printf (_("Secret parts of primary key are not available.\n"));
|
tty_printf (_("Secret parts of primary key are not available.\n"));
|
||||||
|
@ -247,7 +247,7 @@ print_card_key_info (estream_t fp, kbnode_t keyblock)
|
|||||||
log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
|
log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
|
||||||
s2k_char = '?';
|
s2k_char = '?';
|
||||||
}
|
}
|
||||||
else if (!agent_get_keyinfo (NULL, hexgrip, &serialno))
|
else if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
|
||||||
s2k_char = serialno? '>':' ';
|
s2k_char = serialno? '>':' ';
|
||||||
else
|
else
|
||||||
s2k_char = '#'; /* Key not found. */
|
s2k_char = '#'; /* Key not found. */
|
||||||
@ -1046,7 +1046,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
|
|||||||
if (secret)
|
if (secret)
|
||||||
{
|
{
|
||||||
/* Encode some info about the secret key in SECRET. */
|
/* Encode some info about the secret key in SECRET. */
|
||||||
if (!agent_get_keyinfo (NULL, hexgrip, &serialno))
|
if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
|
||||||
secret = serialno? 3 : 1;
|
secret = serialno? 3 : 1;
|
||||||
else
|
else
|
||||||
secret = 2; /* Key not found. */
|
secret = 2; /* Key not found. */
|
||||||
@ -1160,7 +1160,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
|
|||||||
}
|
}
|
||||||
if (secret)
|
if (secret)
|
||||||
{
|
{
|
||||||
if (!agent_get_keyinfo (NULL, hexgrip, &serialno))
|
if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
|
||||||
secret = serialno? 3 : 1;
|
secret = serialno? 3 : 1;
|
||||||
else
|
else
|
||||||
secret = '2'; /* Key not found. */
|
secret = '2'; /* Key not found. */
|
||||||
@ -1354,7 +1354,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
|
|||||||
log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
|
log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
|
||||||
}
|
}
|
||||||
stubkey = 0;
|
stubkey = 0;
|
||||||
if ((secret||has_secret) && agent_get_keyinfo (NULL, hexgrip, &serialno))
|
if ((secret||has_secret) && agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
|
||||||
stubkey = 1; /* Key not found. */
|
stubkey = 1; /* Key not found. */
|
||||||
|
|
||||||
keyid_from_pk (pk, keyid);
|
keyid_from_pk (pk, keyid);
|
||||||
@ -1501,7 +1501,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
|
|||||||
}
|
}
|
||||||
stubkey = 0;
|
stubkey = 0;
|
||||||
if ((secret||has_secret)
|
if ((secret||has_secret)
|
||||||
&& agent_get_keyinfo (NULL, hexgrip, &serialno))
|
&& agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
|
||||||
stubkey = 1; /* Key not found. */
|
stubkey = 1; /* Key not found. */
|
||||||
|
|
||||||
keyid_from_pk (pk2, keyid2);
|
keyid_from_pk (pk2, keyid2);
|
||||||
|
@ -346,7 +346,7 @@ openpgp_card_v1_p (PKT_public_key *pk)
|
|||||||
}
|
}
|
||||||
|
|
||||||
xfree (pk->serialno);
|
xfree (pk->serialno);
|
||||||
agent_get_keyinfo (NULL, hexgrip, &pk->serialno);
|
agent_get_keyinfo (NULL, hexgrip, &pk->serialno, NULL);
|
||||||
xfree (hexgrip);
|
xfree (hexgrip);
|
||||||
pk->flags.serialno_valid = 1;
|
pk->flags.serialno_valid = 1;
|
||||||
}
|
}
|
||||||
|
@ -415,10 +415,12 @@ agent_probe_any_secret_key (ctrl_t ctrl, kbnode_t keyblock)
|
|||||||
}
|
}
|
||||||
|
|
||||||
gpg_error_t
|
gpg_error_t
|
||||||
agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip, char **r_serialno)
|
agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip,
|
||||||
|
char **r_serialno, int *r_cleartext)
|
||||||
{
|
{
|
||||||
(void)ctrl;
|
(void)ctrl;
|
||||||
(void)hexkeygrip;
|
(void)hexkeygrip;
|
||||||
|
(void)r_cleartext;
|
||||||
*r_serialno = NULL;
|
*r_serialno = NULL;
|
||||||
return gpg_error (GPG_ERR_NO_SECKEY);
|
return gpg_error (GPG_ERR_NO_SECKEY);
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user