mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-05 12:31:50 +01:00
agent: Improve the GENPIN callback.
* agent/call-pinentry.c (DEFAULT_GENPIN_BYTES): Replace by ... (DEFAULT_GENPIN_BITS): this and increase to 150. (generate_pin): Make sure that we use at least 128 bits.
This commit is contained in:
parent
4855888c0a
commit
2e69ce878f
@ -55,8 +55,12 @@
|
|||||||
|
|
||||||
/* Define the maximum tries to generate a pin for the GENPIN inquire */
|
/* Define the maximum tries to generate a pin for the GENPIN inquire */
|
||||||
#define MAX_GENPIN_TRIES 10
|
#define MAX_GENPIN_TRIES 10
|
||||||
/* Define the number of characters to use for a generated pin */
|
/* Define the number of bits to use for a generated pin. The
|
||||||
#define DEFAULT_GENPIN_BYTES (128 / 8)
|
* passphrase will be rendered as zbase32 which results for 150 bits
|
||||||
|
* in a string of 30 characters. That fits nicely into the 5
|
||||||
|
* character blocking which pinentry can do. 128 bits would actually
|
||||||
|
* be sufficient but can't be formatted nicely. */
|
||||||
|
#define DEFAULT_GENPIN_BITS 150
|
||||||
|
|
||||||
/* The assuan context of the current pinentry. */
|
/* The assuan context of the current pinentry. */
|
||||||
static assuan_context_t entry_ctx;
|
static assuan_context_t entry_ctx;
|
||||||
@ -832,18 +836,19 @@ estimate_passphrase_quality (const char *pw)
|
|||||||
|
|
||||||
|
|
||||||
/* Generate a random passphrase in zBase32 encoding (RFC-6189) to be
|
/* Generate a random passphrase in zBase32 encoding (RFC-6189) to be
|
||||||
* used by pinetry to suggest a passphrase. */
|
* used by Pinentry to suggest a passphrase. */
|
||||||
static char *
|
static char *
|
||||||
generate_pin (void)
|
generate_pin (void)
|
||||||
{
|
{
|
||||||
size_t nbytes = opt.min_passphrase_len;
|
unsigned int nbits = opt.min_passphrase_len * 8;
|
||||||
|
size_t nbytes;
|
||||||
void *rand;
|
void *rand;
|
||||||
char *generated;
|
char *generated;
|
||||||
|
|
||||||
if (nbytes < 8)
|
if (nbits < 128)
|
||||||
{
|
nbits = DEFAULT_GENPIN_BITS;
|
||||||
nbytes = DEFAULT_GENPIN_BYTES;
|
|
||||||
}
|
nbytes = (nbits + 7) / 8;
|
||||||
|
|
||||||
rand = gcry_random_bytes_secure (nbytes, GCRY_STRONG_RANDOM);
|
rand = gcry_random_bytes_secure (nbytes, GCRY_STRONG_RANDOM);
|
||||||
if (!rand)
|
if (!rand)
|
||||||
@ -852,7 +857,7 @@ generate_pin (void)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
generated = zb32_encode (rand, nbytes * 8);
|
generated = zb32_encode (rand, nbits);
|
||||||
gcry_free (rand);
|
gcry_free (rand);
|
||||||
return generated;
|
return generated;
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user