From 1b460f049e5c1c102d8b55ad28781688252c5a6b Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 2 Jun 2016 21:21:08 +0200 Subject: [PATCH] gpg: Try to use the passphrase from the primary for --quick-addkey. * agent/command.c (cmd_genkey): Add option --passwd-nonce. (cmd_passwd): Return a PASSWD_NONCE in verify mode. * g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do not send a RESET if given. (agent_passwd): Add arg 'verify'. * g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'. (gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto. (generate_subkeypair): Use sepeare hexgrip var for the to be created for hexgrip feature. Verify primary key first. Make use of the passwd nonce. Allow for a static passphrase. Signed-off-by: Werner Koch --- agent/command.c | 49 +++++++++++++++++++++-- g10/call-agent.c | 52 +++++++++++++++--------- g10/call-agent.h | 4 +- g10/keyedit.c | 3 +- g10/keygen.c | 101 ++++++++++++++++++++++++++++++++++------------- 5 files changed, 157 insertions(+), 52 deletions(-) diff --git a/agent/command.c b/agent/command.c index dfbb83194..d55e7da5c 100644 --- a/agent/command.c +++ b/agent/command.c @@ -207,7 +207,7 @@ clear_nonce_cache (ctrl_t ctrl) } -/* This function is called by Libassuan whenever thee client sends a +/* This function is called by Libassuan whenever the client sends a reset. It has been registered similar to the other Assuan commands. */ static gpg_error_t @@ -857,7 +857,8 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line) static const char hlp_genkey[] = - "GENKEY [--no-protection] [--preset] [--inq-passwd] []\n" + "GENKEY [--no-protection] [--preset] [--inq-passwd]\n" + " [--passwd-nonce=] []\n" "\n" "Generate a new key, store the secret part and return the public\n" "part. Here is an example transaction:\n" @@ -873,7 +874,8 @@ static const char hlp_genkey[] = "When the --preset option is used the passphrase for the generated\n" "key will be added to the cache. When --inq-passwd is used an inquire\n" "with the keyword NEWPASSWD is used to request the passphrase for the\n" - "new key.\n"; + "new key. When a --passwd-nonce is used, the corresponding cached\n" + "passphrase is used to protect the new key."; static gpg_error_t cmd_genkey (assuan_context_t ctx, char *line) { @@ -885,10 +887,12 @@ cmd_genkey (assuan_context_t ctx, char *line) unsigned char *newpasswd = NULL; membuf_t outbuf; char *cache_nonce = NULL; + char *passwd_nonce = NULL; int opt_preset; int opt_inq_passwd; size_t n; - char *p; + char *p, *pend; + int c; if (ctrl->restricted) return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); @@ -896,6 +900,21 @@ cmd_genkey (assuan_context_t ctx, char *line) no_protection = has_option (line, "--no-protection"); opt_preset = has_option (line, "--preset"); opt_inq_passwd = has_option (line, "--inq-passwd"); + passwd_nonce = option_value (line, "--passwd-nonce"); + if (passwd_nonce) + { + for (pend = passwd_nonce; *pend && !spacep (pend); pend++) + ; + c = *pend; + *pend = '\0'; + passwd_nonce = xtrystrdup (passwd_nonce); + *pend = c; + if (!passwd_nonce) + { + rc = gpg_error_from_syserror (); + goto leave; + } + } line = skip_options (line); p = line; @@ -933,6 +952,8 @@ cmd_genkey (assuan_context_t ctx, char *line) } } + else if (passwd_nonce) + newpasswd = agent_get_cache (passwd_nonce, CACHE_MODE_NONCE); rc = agent_genkey (ctrl, cache_nonce, (char*)value, valuelen, no_protection, newpasswd, opt_preset, &outbuf); @@ -951,6 +972,7 @@ cmd_genkey (assuan_context_t ctx, char *line) else rc = write_and_clear_outbuf (ctx, &outbuf); xfree (cache_nonce); + xfree (passwd_nonce); return leave_cmd (ctx, rc); } @@ -1715,6 +1737,24 @@ cmd_passwd (assuan_context_t ctx, char *line) else if (opt_verify) { /* All done. */ + if (passphrase) + { + if (!passwd_nonce) + { + char buf[12]; + gcry_create_nonce (buf, 12); + passwd_nonce = bin2hex (buf, 12, NULL); + } + if (passwd_nonce + && !agent_put_cache (passwd_nonce, CACHE_MODE_NONCE, + passphrase, CACHE_TTL_NONCE)) + { + assuan_write_status (ctx, "PASSWD_NONCE", passwd_nonce); + xfree (ctrl->server_local->last_passwd_nonce); + ctrl->server_local->last_passwd_nonce = passwd_nonce; + passwd_nonce = NULL; + } + } } else { @@ -1785,6 +1825,7 @@ cmd_passwd (assuan_context_t ctx, char *line) gcry_sexp_release (s_skey); xfree (shadow_info); xfree (cache_nonce); + xfree (passwd_nonce); return leave_cmd (ctx, err); } diff --git a/g10/call-agent.c b/g10/call-agent.c index d8c6dede3..818f3ded5 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -1805,7 +1805,7 @@ inq_genkey_parms (void *opaque, const char *line) PASSPHRASE is not NULL the agent is requested to protect the key with that passphrase instead of asking for one. */ gpg_error_t -agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, +agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, char **passwd_nonce_addr, const char *keyparms, int no_protection, const char *passphrase, gcry_sexp_t *r_pubkey) { @@ -1827,19 +1827,26 @@ agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, return err; dfltparm.ctx = agent_ctx; - err = assuan_transact (agent_ctx, "RESET", - NULL, NULL, NULL, NULL, NULL, NULL); - if (err) - return err; + if (passwd_nonce_addr && *passwd_nonce_addr) + ; /* A RESET would flush the passwd nonce cache. */ + else + { + err = assuan_transact (agent_ctx, "RESET", + NULL, NULL, NULL, NULL, NULL, NULL); + if (err) + return err; + } init_membuf (&data, 1024); gk_parm.dflt = &dfltparm; gk_parm.keyparms = keyparms; gk_parm.passphrase = passphrase; - snprintf (line, sizeof line, "GENKEY%s%s%s", + snprintf (line, sizeof line, "GENKEY%s%s%s%s%s", no_protection? " --no-protection" : passphrase ? " --inq-passwd" : /* */ "", + passwd_nonce_addr && *passwd_nonce_addr? " --passwd-nonce=":"", + passwd_nonce_addr && *passwd_nonce_addr? *passwd_nonce_addr:"", cache_nonce_addr && *cache_nonce_addr? " ":"", cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:""); cn_parm.cache_nonce_addr = cache_nonce_addr; @@ -2389,13 +2396,14 @@ agent_delete_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc, /* Ask the agent to change the passphrase of the key identified by - HEXKEYGRIP. If DESC is not NULL, display DESC instead of the - default description message. If CACHE_NONCE_ADDR is not NULL the - agent is advised to first try a passphrase associated with that - nonce. If PASSWD_NONCE_ADDR is not NULL the agent will try to use - the passphrase associated with that nonce. */ + * HEXKEYGRIP. If DESC is not NULL, display DESC instead of the + * default description message. If CACHE_NONCE_ADDR is not NULL the + * agent is advised to first try a passphrase associated with that + * nonce. If PASSWD_NONCE_ADDR is not NULL the agent will try to use + * the passphrase associated with that nonce for the new passphrase. + * If VERIFY is true the passphrase is only verified. */ gpg_error_t -agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, +agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, int verify, char **cache_nonce_addr, char **passwd_nonce_addr) { gpg_error_t err; @@ -2414,7 +2422,6 @@ agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, if (!hexkeygrip || strlen (hexkeygrip) != 40) return gpg_error (GPG_ERR_INV_VALUE); - if (desc) { snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc); @@ -2424,12 +2431,18 @@ agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, return err; } - snprintf (line, DIM(line)-1, "PASSWD %s%s %s%s %s", - cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"", - cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"", - passwd_nonce_addr && *passwd_nonce_addr? "--passwd-nonce=":"", - passwd_nonce_addr && *passwd_nonce_addr? *passwd_nonce_addr:"", - hexkeygrip); + if (verify) + snprintf (line, DIM(line)-1, "PASSWD %s%s --verify %s", + cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"", + cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"", + hexkeygrip); + else + snprintf (line, DIM(line)-1, "PASSWD %s%s %s%s %s", + cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"", + cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"", + passwd_nonce_addr && *passwd_nonce_addr? "--passwd-nonce=":"", + passwd_nonce_addr && *passwd_nonce_addr? *passwd_nonce_addr:"", + hexkeygrip); cn_parm.cache_nonce_addr = cache_nonce_addr; cn_parm.passwd_nonce_addr = passwd_nonce_addr; err = assuan_transact (agent_ctx, line, NULL, NULL, @@ -2438,6 +2451,7 @@ agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, return err; } + /* Return the version reported by gpg-agent. */ gpg_error_t agent_get_version (ctrl_t ctrl, char **r_version) diff --git a/g10/call-agent.h b/g10/call-agent.h index 06a19d47b..4e83388d2 100644 --- a/g10/call-agent.h +++ b/g10/call-agent.h @@ -156,7 +156,8 @@ gpg_error_t agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip, char **r_serialno); /* Generate a new key. */ -gpg_error_t agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, +gpg_error_t agent_genkey (ctrl_t ctrl, + char **cache_nonce_addr, char **passwd_nonce_addr, const char *keyparms, int no_protection, const char *passphrase, gcry_sexp_t *r_pubkey); @@ -200,6 +201,7 @@ gpg_error_t agent_delete_key (ctrl_t ctrl, const char *hexkeygrip, /* Change the passphrase of a key. */ gpg_error_t agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, + int verify, char **cache_nonce_addr, char **passwd_nonce_addr); /* Get the version reported by gpg-agent. */ gpg_error_t agent_get_version (ctrl_t ctrl, char **r_version); diff --git a/g10/keyedit.c b/g10/keyedit.c index 16dbf6280..a38c90a8f 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1728,7 +1728,8 @@ change_passphrase (ctrl_t ctrl, kbnode_t keyblock) goto leave; desc = gpg_format_keydesc (pk, FORMAT_KEYDESC_NORMAL, 1); - err = agent_passwd (ctrl, hexgrip, desc, &cache_nonce, &passwd_nonce); + err = agent_passwd (ctrl, hexgrip, desc, 0, + &cache_nonce, &passwd_nonce); xfree (desc); if (err) diff --git a/g10/keygen.c b/g10/keygen.c index 940cb163f..c8057b523 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1304,14 +1304,15 @@ do_create_from_keygrip (ctrl_t ctrl, int algo, const char *hexkeygrip, static int common_gen (const char *keyparms, int algo, const char *algoelem, kbnode_t pub_root, u32 timestamp, u32 expireval, int is_subkey, - int keygen_flags, const char *passphrase, char **cache_nonce_addr) + int keygen_flags, const char *passphrase, + char **cache_nonce_addr, char **passwd_nonce_addr) { int err; PACKET *pkt; PKT_public_key *pk; gcry_sexp_t s_key; - err = agent_genkey (NULL, cache_nonce_addr, keyparms, + err = agent_genkey (NULL, cache_nonce_addr, passwd_nonce_addr, keyparms, !!(keygen_flags & KEYGEN_FLAG_NO_PROTECTION), passphrase, &s_key); @@ -1372,7 +1373,8 @@ common_gen (const char *keyparms, int algo, const char *algoelem, static int gen_elg (int algo, unsigned int nbits, KBNODE pub_root, u32 timestamp, u32 expireval, int is_subkey, - int keygen_flags, const char *passphrase, char **cache_nonce_addr) + int keygen_flags, const char *passphrase, + char **cache_nonce_addr, char **passwd_nonce_addr) { int err; char *keyparms; @@ -1413,7 +1415,8 @@ gen_elg (int algo, unsigned int nbits, KBNODE pub_root, { err = common_gen (keyparms, algo, "pgy", pub_root, timestamp, expireval, is_subkey, - keygen_flags, passphrase, cache_nonce_addr); + keygen_flags, passphrase, + cache_nonce_addr, passwd_nonce_addr); xfree (keyparms); } @@ -1427,7 +1430,8 @@ gen_elg (int algo, unsigned int nbits, KBNODE pub_root, static gpg_error_t gen_dsa (unsigned int nbits, KBNODE pub_root, u32 timestamp, u32 expireval, int is_subkey, - int keygen_flags, const char *passphrase, char **cache_nonce_addr) + int keygen_flags, const char *passphrase, + char **cache_nonce_addr, char **passwd_nonce_addr) { int err; unsigned int qbits; @@ -1500,7 +1504,8 @@ gen_dsa (unsigned int nbits, KBNODE pub_root, { err = common_gen (keyparms, PUBKEY_ALGO_DSA, "pqgy", pub_root, timestamp, expireval, is_subkey, - keygen_flags, passphrase, cache_nonce_addr); + keygen_flags, passphrase, + cache_nonce_addr, passwd_nonce_addr); xfree (keyparms); } @@ -1515,7 +1520,8 @@ gen_dsa (unsigned int nbits, KBNODE pub_root, static gpg_error_t gen_ecc (int algo, const char *curve, kbnode_t pub_root, u32 timestamp, u32 expireval, int is_subkey, - int keygen_flags, const char *passphrase, char **cache_nonce_addr) + int keygen_flags, const char *passphrase, + char **cache_nonce_addr, char **passwd_nonce_addr) { gpg_error_t err; char *keyparms; @@ -1557,7 +1563,8 @@ gen_ecc (int algo, const char *curve, kbnode_t pub_root, { err = common_gen (keyparms, algo, "", pub_root, timestamp, expireval, is_subkey, - keygen_flags, passphrase, cache_nonce_addr); + keygen_flags, passphrase, + cache_nonce_addr, passwd_nonce_addr); xfree (keyparms); } @@ -1571,7 +1578,8 @@ gen_ecc (int algo, const char *curve, kbnode_t pub_root, static int gen_rsa (int algo, unsigned int nbits, KBNODE pub_root, u32 timestamp, u32 expireval, int is_subkey, - int keygen_flags, const char *passphrase, char **cache_nonce_addr) + int keygen_flags, const char *passphrase, + char **cache_nonce_addr, char **passwd_nonce_addr) { int err; char *keyparms; @@ -1612,7 +1620,8 @@ gen_rsa (int algo, unsigned int nbits, KBNODE pub_root, { err = common_gen (keyparms, algo, "ne", pub_root, timestamp, expireval, is_subkey, - keygen_flags, passphrase, cache_nonce_addr); + keygen_flags, passphrase, + cache_nonce_addr, passwd_nonce_addr); xfree (keyparms); } @@ -2751,7 +2760,8 @@ ask_user_id (int mode, int full, KBNODE keyblock) static int do_create (int algo, unsigned int nbits, const char *curve, KBNODE pub_root, u32 timestamp, u32 expiredate, int is_subkey, - int keygen_flags, const char *passphrase, char **cache_nonce_addr) + int keygen_flags, const char *passphrase, + char **cache_nonce_addr, char **passwd_nonce_addr) { gpg_error_t err; @@ -2766,18 +2776,22 @@ do_create (int algo, unsigned int nbits, const char *curve, KBNODE pub_root, if (algo == PUBKEY_ALGO_ELGAMAL_E) err = gen_elg (algo, nbits, pub_root, timestamp, expiredate, is_subkey, - keygen_flags, passphrase, cache_nonce_addr); + keygen_flags, passphrase, + cache_nonce_addr, passwd_nonce_addr); else if (algo == PUBKEY_ALGO_DSA) err = gen_dsa (nbits, pub_root, timestamp, expiredate, is_subkey, - keygen_flags, passphrase, cache_nonce_addr); + keygen_flags, passphrase, + cache_nonce_addr, passwd_nonce_addr); else if (algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_EDDSA || algo == PUBKEY_ALGO_ECDH) err = gen_ecc (algo, curve, pub_root, timestamp, expiredate, is_subkey, - keygen_flags, passphrase, cache_nonce_addr); + keygen_flags, passphrase, + cache_nonce_addr, passwd_nonce_addr); else if (algo == PUBKEY_ALGO_RSA) err = gen_rsa (algo, nbits, pub_root, timestamp, expiredate, is_subkey, - keygen_flags, passphrase, cache_nonce_addr); + keygen_flags, passphrase, + cache_nonce_addr, passwd_nonce_addr); else BUG(); @@ -4169,7 +4183,7 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, get_parameter_u32( para, pKEYEXPIRE ), 0, outctrl->keygen_flags, get_parameter_passphrase (para), - &cache_nonce); + &cache_nonce, NULL); else err = gen_card_key (PUBKEY_ALGO_RSA, 1, 1, pub_root, ×tamp, @@ -4232,7 +4246,7 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, get_parameter_u32 (para, pSUBKEYEXPIRE), 1, s ? KEYGEN_FLAG_NO_PROTECTION : outctrl->keygen_flags, get_parameter_passphrase (para), - &cache_nonce); + &cache_nonce, NULL); /* Get the pointer to the generated public subkey packet. */ if (!err) { @@ -4508,8 +4522,11 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr, unsigned int nbits = 0; char *curve = NULL; u32 cur_time; + char *key_from_hexgrip = NULL; char *hexgrip = NULL; char *serialno = NULL; + char *cache_nonce = NULL; + char *passwd_nonce = NULL; interactive = (!algostr || !usagestr || !expirestr); @@ -4567,14 +4584,12 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr, log_info ( _("Secret parts of primary key are stored on-card.\n")); } - xfree (hexgrip); - hexgrip = NULL; if (interactive) { - algo = ask_algo (ctrl, 1, NULL, &use, &hexgrip); + algo = ask_algo (ctrl, 1, NULL, &use, &key_from_hexgrip); log_assert (algo); - if (hexgrip) + if (key_from_hexgrip) nbits = 0; else if (algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_EDDSA @@ -4599,12 +4614,40 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr, goto leave; } - if (hexgrip) - err = do_create_from_keygrip (ctrl, algo, hexgrip, - keyblock, cur_time, expire, 1); + /* Verify the passphrase now so that we get a cache item for the + * primary key passphrase. The agent also returns a passphrase + * nonce, which we can use to set the passphrase for the subkey to + * that of the primary key. */ + { + char *desc = gpg_format_keydesc (pri_psk, FORMAT_KEYDESC_NORMAL, 1); + err = agent_passwd (ctrl, hexgrip, desc, 1 /*=verify*/, + &cache_nonce, &passwd_nonce); + xfree (desc); + } + + /* Start creation. */ + if (key_from_hexgrip) + { + err = do_create_from_keygrip (ctrl, algo, key_from_hexgrip, + keyblock, cur_time, expire, 1); + } else - err = do_create (algo, nbits, curve, - keyblock, cur_time, expire, 1, 0, NULL, NULL); + { + const char *passwd; + + /* If the pinentry loopback mode is not and we have a static + passphrase (i.e. set with --passphrase{,-fd,-file} while in batch + mode), we use that passphrase for the new subkey. */ + if (opt.pinentry_mode != PINENTRY_MODE_LOOPBACK + && have_static_passphrase ()) + passwd = get_static_passphrase (); + else + passwd = NULL; + + err = do_create (algo, nbits, curve, + keyblock, cur_time, expire, 1, 0, + passwd, &cache_nonce, &passwd_nonce); + } if (err) goto leave; @@ -4614,16 +4657,20 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr, sub_psk = node->pkt->pkt.public_key; /* Write the binding signature. */ - err = write_keybinding (keyblock, pri_psk, sub_psk, use, cur_time, NULL); + err = write_keybinding (keyblock, pri_psk, sub_psk, use, cur_time, + cache_nonce); if (err) goto leave; write_status_text (STATUS_KEY_CREATED, "S"); leave: + xfree (key_from_hexgrip); xfree (curve); xfree (hexgrip); xfree (serialno); + xfree (cache_nonce); + xfree (passwd_nonce); if (err) log_error (_("Key generation failed: %s\n"), gpg_strerror (err) ); return err;