security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-02-22 19:58:29 +01:00
Code Activity

* passphrase .c (agent_get_passphrase): New arg CANCELED.

Browse Source 
(passphrase_to_dek): Ditto.  Passed to above.  Changed all
callers to pass NULL.
* seckey-cert.c (do_check): New arg CANCELED.
(check_secret_key): Terminate loop when canceled.

* keyedit.c (change_passphrase): Pass ERRTEXT untranslated to
passphrase_to_dek and translate where appropriate.

* seckey-cert.c (check_secret_key): Ditto.
* keygen.c (ask_passphrase): Ditto.
* passphrase.c (agent_get_passphrase): Translate the TRYAGAIN_TEXT.
Switch the codeset to utf-8.
This commit is contained in:
Werner Koch 2003-04-09 15:17:20 +00:00
parent 5a9e7663c1
commit 3ff3ac5ba4
11 changed files with 126 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
TODO
View File

@ -93,8 +93,6 @@
* cat foo | gpg --sign | gpg --list-packets * cat foo | gpg --sign | gpg --list-packets
Does not list the signature packet. Does not list the signature packet.
* The description texts passed to the agent should be utf-8 encoded.
Things we won't do Things we won't do
------------------ ------------------

16
g10/ChangeLog
View File

@ -1,6 +1,20 @@
2003-04-09 Werner Koch <wk@gnupg.org> 2003-04-09 Werner Koch <wk@gnupg.org>
* decrypt.c (decrypt_messages): Fixed error handling; the fucntion * passphrase .c (agent_get_passphrase): New arg CANCELED.
(passphrase_to_dek): Ditto. Passed to above. Changed all
callers to pass NULL.
* seckey-cert.c (do_check): New arg CANCELED.
(check_secret_key): Terminate loop when canceled.
* keyedit.c (change_passphrase): Pass ERRTEXT untranslated to
passphrase_to_dek and translate where appropriate.
* seckey-cert.c (check_secret_key): Ditto.
* keygen.c (ask_passphrase): Ditto.
* passphrase.c (agent_get_passphrase): Translate the TRYAGAIN_TEXT.
Switch the codeset to utf-8.
* decrypt.c (decrypt_messages): Fixed error handling; the function
used to re-loop with same file after an error. Reported by Joseph used to re-loop with same file after an error. Reported by Joseph
Walton. Walton.

3
g10/encode.c
View File

@ -196,7 +196,8 @@ encode_simple( const char *filename, int mode, int compat )
: opt.s2k_digest_algo; : opt.s2k_digest_algo;
cfx.dek = passphrase_to_dek( NULL, 0, cfx.dek = passphrase_to_dek( NULL, 0,
opt.def_cipher_algo ? opt.def_cipher_algo opt.def_cipher_algo ? opt.def_cipher_algo
: opt.s2k_cipher_algo , s2k, 2, NULL ); : opt.s2k_cipher_algo , s2k, 2,
NULL, NULL );
if( !cfx.dek || !cfx.dek->keylen ) { if( !cfx.dek || !cfx.dek->keylen ) {
rc = G10ERR_PASSPHRASE; rc = G10ERR_PASSPHRASE;
m_free(cfx.dek); m_free(cfx.dek);

6
g10/gpgv.c
View File

@ -323,9 +323,11 @@ check_secret_key( PKT_secret_key *sk, int n )
DEK * DEK *
passphrase_to_dek( u32 *keyid, int pubkey_algo, passphrase_to_dek( u32 *keyid, int pubkey_algo,
int cipher_algo, STRING2KEY *s2k, int mode, int cipher_algo, STRING2KEY *s2k, int mode,
const char *tmp) const char *tmp, int *canceled)
{ {
return NULL; if (canceled)
*canceled = 0;
return NULL;
} }
/* Stubs to avoid linking to photoid.c */ /* Stubs to avoid linking to photoid.c */

2
g10/keydb.h
View File

@ -179,7 +179,7 @@ void read_passphrase_from_fd( int fd );
void passphrase_clear_cache ( u32 *keyid, int algo ); void passphrase_clear_cache ( u32 *keyid, int algo );
DEK *passphrase_to_dek( u32 *keyid, int pubkey_algo, DEK *passphrase_to_dek( u32 *keyid, int pubkey_algo,
int cipher_algo, STRING2KEY *s2k, int mode, int cipher_algo, STRING2KEY *s2k, int mode,
const char *tryagain_text); const char *tryagain_text, int *canceled);
void set_next_passphrase( const char *s ); void set_next_passphrase( const char *s );
char *get_last_passphrase(void); char *get_last_passphrase(void);

8
g10/keyedit.c
View File

@ -1,5 +1,5 @@
/* keyedit.c - keyedit stuff /* keyedit.c - keyedit stuff
* Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. * Copyright (C) 1998,1999,2000,2001,2002,2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -783,10 +783,10 @@ change_passphrase( KBNODE keyblock )
s2k->mode = opt.s2k_mode; s2k->mode = opt.s2k_mode;
s2k->hash_algo = opt.s2k_digest_algo; s2k->hash_algo = opt.s2k_digest_algo;
dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo, dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo,
s2k, 2, errtext); s2k, 2, errtext, NULL);
if( !dek ) { if( !dek ) {
errtext = _("passphrase not correctly repeated; try again"); errtext = N_("passphrase not correctly repeated; try again");
tty_printf ("%s.\n", errtext); tty_printf ("%s.\n", _(errtext));
} }
else if( !dek->keylen ) { else if( !dek->keylen ) {
rc = 0; rc = 0;

13
g10/keygen.c
View File

@ -1401,10 +1401,11 @@ ask_passphrase( STRING2KEY **ret_s2k )
for(;;) { for(;;) {
s2k->mode = opt.s2k_mode; s2k->mode = opt.s2k_mode;
s2k->hash_algo = opt.s2k_digest_algo; s2k->hash_algo = opt.s2k_digest_algo;
dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo, s2k,2,errtext); dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo, s2k,2,
errtext, NULL);
if( !dek ) { if( !dek ) {
errtext = _("passphrase not correctly repeated; try again"); errtext = N_("passphrase not correctly repeated; try again");
tty_printf(_("%s.\n"), errtext); tty_printf(_("%s.\n"), _(errtext));
} }
else if( !dek->keylen ) { else if( !dek->keylen ) {
m_free(dek); dek = NULL; m_free(dek); dek = NULL;
@ -1731,7 +1732,8 @@ proc_parameter_file( struct para_data_s *para, const char *fname,
s2k->mode = opt.s2k_mode; s2k->mode = opt.s2k_mode;
s2k->hash_algo = opt.s2k_digest_algo; s2k->hash_algo = opt.s2k_digest_algo;
set_next_passphrase( r->u.value ); set_next_passphrase( r->u.value );
dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo, s2k, 2, NULL ); dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo, s2k, 2,
NULL, NULL);
set_next_passphrase( NULL ); set_next_passphrase( NULL );
assert( dek ); assert( dek );
memset( r->u.value, 0, strlen(r->u.value) ); memset( r->u.value, 0, strlen(r->u.value) );
@ -2398,7 +2400,8 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
s2k->mode = opt.s2k_mode; s2k->mode = opt.s2k_mode;
s2k->hash_algo = opt.s2k_digest_algo; s2k->hash_algo = opt.s2k_digest_algo;
set_next_passphrase( passphrase ); set_next_passphrase( passphrase );
dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo, s2k, 2, NULL ); dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo, s2k, 2,
NULL , NULL);
} }
rc = do_create( algo, nbits, pub_keyblock, sec_keyblock, rc = do_create( algo, nbits, pub_keyblock, sec_keyblock,

4
g10/mainproc.c
View File

@ -292,7 +292,7 @@ proc_symkey_enc( CTX c, PACKET *pkt )
c->last_was_session_key = 2; c->last_was_session_key = 2;
if ( opt.list_only ) if ( opt.list_only )
goto leave; goto leave;
c->dek = passphrase_to_dek( NULL, 0, algo, &enc->s2k, 0, NULL ); c->dek = passphrase_to_dek( NULL, 0, algo, &enc->s2k, 0, NULL, NULL );
if (c->dek) if (c->dek)
c->dek->algo_info_printed = 1; c->dek->algo_info_printed = 1;
if ( c->dek && enc->seskeylen ) if ( c->dek && enc->seskeylen )
@ -486,7 +486,7 @@ proc_encrypted( CTX c, PACKET *pkt )
log_info (_("assuming %s encrypted data\n"), "IDEA"); log_info (_("assuming %s encrypted data\n"), "IDEA");
} }
c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 0, NULL ); c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 0, NULL, NULL );
if (c->dek) if (c->dek)
c->dek->algo_info_printed = 1; c->dek->algo_info_printed = 1;
} }

89
g10/passphrase.c
View File

@ -1,5 +1,5 @@
/* passphrase.c - Get a passphrase /* passphrase.c - Get a passphrase
* Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. * Copyright (C) 1998,1999,2000,2001,2002,2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -36,6 +36,9 @@
#ifdef HAVE_LOCALE_H #ifdef HAVE_LOCALE_H
#include <locale.h> #include <locale.h>
#endif #endif
#ifdef HAVE_LANGINFO_CODESET
#include <langinfo.h>
#endif
#include "util.h" #include "util.h"
#include "memory.h" #include "memory.h"
@ -590,15 +593,20 @@ agent_close ( int fd )
* Mode 0: Allow cached passphrase * Mode 0: Allow cached passphrase
* 1: No cached passphrase FIXME: Not really implemented * 1: No cached passphrase FIXME: Not really implemented
* 2: Ditto, but change the text to "repeat entry" * 2: Ditto, but change the text to "repeat entry"
*
* Note that TRYAGAIN_TEXT must not be translated. If canceled is not
* NULL, the function does set it to 1 if the user canceled the
* operation.
*/ */
static char * static char *
agent_get_passphrase ( u32 *keyid, int mode, const char *tryagain_text ) agent_get_passphrase ( u32 *keyid, int mode, const char *tryagain_text,
int *canceled )
{ {
#if defined(__riscos__) #if defined(__riscos__)
return NULL; return NULL;
#else #else
size_t n; size_t n;
char *atext; char *atext = NULL;
char buf[50]; char buf[50];
int fd = -1; int fd = -1;
int nread; int nread;
@ -607,6 +615,10 @@ agent_get_passphrase ( u32 *keyid, int mode, const char *tryagain_text )
PKT_public_key *pk = m_alloc_clear( sizeof *pk ); PKT_public_key *pk = m_alloc_clear( sizeof *pk );
byte fpr[MAX_FINGERPRINT_LEN]; byte fpr[MAX_FINGERPRINT_LEN];
int prot; int prot;
char *orig_codeset = NULL;
if (canceled)
*canceled = 0;
#if MAX_FINGERPRINT_LEN < 20 #if MAX_FINGERPRINT_LEN < 20
#error agent needs a 20 byte fingerprint #error agent needs a 20 byte fingerprint
@ -618,7 +630,32 @@ agent_get_passphrase ( u32 *keyid, int mode, const char *tryagain_text )
free_public_key( pk ); free_public_key( pk );
pk = NULL; /* oops: no key for some reason */ pk = NULL; /* oops: no key for some reason */
} }
#ifdef ENABLE_NLS
/* The Assuan agent protol requires us to trasnmit utf-8 strings */
orig_codeset = bind_textdomain_codeset (PACKAGE, NULL);
log_debug ("old codeset: `%s'\n", orig_codeset);
#ifdef HAVE_LANGINFO_CODESET
if (!orig_codeset)
{
orig_codeset = nl_langinfo (CODESET);
log_debug ("assuming `%s'\n", orig_codeset);
}
#endif
if (orig_codeset)
{ /* We only switch when we are able to restore the codeset later. */
orig_codeset = m_strdup (orig_codeset);
if (!bind_textdomain_codeset (PACKAGE, "utf-8"))
orig_codeset = NULL;
log_debug ("switched to: `%s'\n",
bind_textdomain_codeset (PACKAGE, NULL));
}
#endif
if ( (fd = agent_open (&prot)) == -1 )
goto failure;
if ( !mode && pk && keyid ) if ( !mode && pk && keyid )
{ {
char *uid; char *uid;
@ -666,9 +703,6 @@ agent_get_passphrase ( u32 *keyid, int mode, const char *tryagain_text )
else else
atext = m_strdup ( _("Enter passphrase\n") ); atext = m_strdup ( _("Enter passphrase\n") );
if ( (fd = agent_open (&prot)) == -1 )
goto failure;
if (!prot) if (!prot)
{ /* old style protocol */ { /* old style protocol */
n = 4 + 20 + strlen (atext); n = 4 + 20 + strlen (atext);
@ -724,6 +758,11 @@ agent_get_passphrase ( u32 *keyid, int mode, const char *tryagain_text )
pw[pwlen] = 0; /* make a C String */ pw[pwlen] = 0; /* make a C String */
agent_close (fd); agent_close (fd);
free_public_key( pk ); free_public_key( pk );
#ifdef ENABLE_NLS
if (orig_codeset)
bind_textdomain_codeset (PACKAGE, orig_codeset);
#endif
m_free (orig_codeset);
return pw; return pw;
} }
else if ( reply == GPGA_PROT_CANCELED ) else if ( reply == GPGA_PROT_CANCELED )
@ -740,6 +779,8 @@ agent_get_passphrase ( u32 *keyid, int mode, const char *tryagain_text )
if (!tryagain_text) if (!tryagain_text)
tryagain_text = "X"; tryagain_text = "X";
else
tryagain_text = _(tryagain_text);
/* We allocate 2 time the needed space for atext so that there /* We allocate 2 time the needed space for atext so that there
is nenough space for escaping */ is nenough space for escaping */
@ -805,11 +846,20 @@ agent_get_passphrase ( u32 *keyid, int mode, const char *tryagain_text )
pw[pwlen] = 0; /* make a C String */ pw[pwlen] = 0; /* make a C String */
agent_close (fd); agent_close (fd);
free_public_key( pk ); free_public_key( pk );
#ifdef ENABLE_NLS
if (orig_codeset)
bind_textdomain_codeset (PACKAGE, orig_codeset);
#endif
m_free (orig_codeset);
return pw; return pw;
} }
else if (nread > 7 && !memcmp (pw, "ERR 111", 7) else if (nread > 7 && !memcmp (pw, "ERR 111", 7)
&& (pw[7] == ' ' || pw[7] == '\n') ) && (pw[7] == ' ' || pw[7] == '\n') )
log_info (_("cancelled by user\n") ); {
log_info (_("cancelled by user\n") );
if (canceled)
*canceled = 1;
}
else else
{ {
log_error (_("problem with the agent - disabling agent use\n")); log_error (_("problem with the agent - disabling agent use\n"));
@ -819,11 +869,17 @@ agent_get_passphrase ( u32 *keyid, int mode, const char *tryagain_text )
failure: failure:
#ifdef ENABLE_NLS
if (orig_codeset)
bind_textdomain_codeset (PACKAGE, orig_codeset);
log_debug ("restored to: `%s'\n", bind_textdomain_codeset (PACKAGE, NULL));
#endif
m_free (atext); m_free (atext);
if ( fd != -1 ) if ( fd != -1 )
agent_close (fd); agent_close (fd);
m_free (pw ); m_free (pw );
free_public_key( pk ); free_public_key( pk );
m_free (orig_codeset);
return NULL; return NULL;
#endif /* Posix or W32 */ #endif /* Posix or W32 */
@ -944,17 +1000,25 @@ passphrase_clear_cache ( u32 *keyid, int algo )
* (only for mode 2) * (only for mode 2)
* a dek->keylen of 0 means: no passphrase entered. * a dek->keylen of 0 means: no passphrase entered.
* (only for mode 2) * (only for mode 2)
* pubkey_algo is only informational. *
* pubkey_algo is only informational. Note that TRYAGAIN_TEXT must
* not be translated as this is done within this function (required to
* switch to utf-8 when the agent is in use). If CANCELED is not
* NULL, it is set to 1 if the user choosed to cancel the operation,
* otherwise it will be set to 0.
*/ */
DEK * DEK *
passphrase_to_dek( u32 *keyid, int pubkey_algo, passphrase_to_dek( u32 *keyid, int pubkey_algo,
int cipher_algo, STRING2KEY *s2k, int mode, int cipher_algo, STRING2KEY *s2k, int mode,
const char *tryagain_text) const char *tryagain_text, int *canceled)
{ {
char *pw = NULL; char *pw = NULL;
DEK *dek; DEK *dek;
STRING2KEY help_s2k; STRING2KEY help_s2k;
if (canceled)
*canceled = 0;
if( !s2k ) { if( !s2k ) {
/* This is used for the old rfc1991 mode /* This is used for the old rfc1991 mode
* Note: This must match the code in encode.c with opt.rfc1991 set */ * Note: This must match the code in encode.c with opt.rfc1991 set */
@ -1032,7 +1096,8 @@ passphrase_to_dek( u32 *keyid, int pubkey_algo,
next_pw = NULL; next_pw = NULL;
} }
else if ( opt.use_agent ) { else if ( opt.use_agent ) {
pw = agent_get_passphrase ( keyid, mode == 2? 1: 0, tryagain_text ); pw = agent_get_passphrase ( keyid, mode == 2? 1: 0,
tryagain_text, canceled);
if (!pw) if (!pw)
{ {
if (!opt.use_agent) if (!opt.use_agent)
@ -1040,7 +1105,7 @@ passphrase_to_dek( u32 *keyid, int pubkey_algo,
pw = m_strdup (""); pw = m_strdup ("");
} }
if( *pw && mode == 2 ) { if( *pw && mode == 2 ) {
char *pw2 = agent_get_passphrase ( keyid, 2, NULL ); char *pw2 = agent_get_passphrase ( keyid, 2, NULL, canceled);
if (!pw2) if (!pw2)
{ {
if (!opt.use_agent) if (!opt.use_agent)

19
g10/seckey-cert.c
View File

@ -1,5 +1,5 @@
/* seckey-cert.c - secret key certificate packet handling /* seckey-cert.c - secret key certificate packet handling
* Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. * Copyright (C) 1998,1999,2000,2001,2002,2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -36,7 +36,7 @@
static int static int
do_check( PKT_secret_key *sk, const char *tryagain_text ) do_check( PKT_secret_key *sk, const char *tryagain_text, int *canceled )
{ {
byte *buffer; byte *buffer;
u16 csum=0; u16 csum=0;
@ -72,7 +72,11 @@ do_check( PKT_secret_key *sk, const char *tryagain_text )
keyid[3] = sk->main_keyid[1]; keyid[3] = sk->main_keyid[1];
} }
dek = passphrase_to_dek( keyid, sk->pubkey_algo, sk->protect.algo, dek = passphrase_to_dek( keyid, sk->pubkey_algo, sk->protect.algo,
&sk->protect.s2k, 0, tryagain_text ); &sk->protect.s2k, 0,
tryagain_text, canceled);
if (!dek && canceled && *canceled)
return G10ERR_GENERAL;
cipher_hd = cipher_open( sk->protect.algo, cipher_hd = cipher_open( sk->protect.algo,
CIPHER_MODE_AUTO_CFB, 1); CIPHER_MODE_AUTO_CFB, 1);
cipher_setkey( cipher_hd, dek->key, dek->keylen ); cipher_setkey( cipher_hd, dek->key, dek->keylen );
@ -223,12 +227,13 @@ check_secret_key( PKT_secret_key *sk, int n )
n = (opt.batch && !opt.use_agent)? 1 : 3; /* use the default value */ n = (opt.batch && !opt.use_agent)? 1 : 3; /* use the default value */
for(i=0; i < n && rc == G10ERR_BAD_PASS; i++ ) { for(i=0; i < n && rc == G10ERR_BAD_PASS; i++ ) {
int canceled;
const char *tryagain = NULL; const char *tryagain = NULL;
if (i) { if (i) {
tryagain = _("Invalid passphrase; please try again"); tryagain = N_("Invalid passphrase; please try again");
log_info (_("%s ...\n"), tryagain); log_info (_("%s ...\n"), _(tryagain));
} }
rc = do_check( sk, tryagain ); rc = do_check( sk, tryagain, &canceled );
if( rc == G10ERR_BAD_PASS && is_status_enabled() ) { if( rc == G10ERR_BAD_PASS && is_status_enabled() ) {
u32 kid[2]; u32 kid[2];
char buf[50]; char buf[50];
@ -237,7 +242,7 @@ check_secret_key( PKT_secret_key *sk, int n )
sprintf(buf, "%08lX%08lX", (ulong)kid[0], (ulong)kid[1]); sprintf(buf, "%08lX%08lX", (ulong)kid[0], (ulong)kid[1]);
write_status_text( STATUS_BAD_PASSPHRASE, buf ); write_status_text( STATUS_BAD_PASSPHRASE, buf );
} }
if( have_static_passphrase() ) if( have_static_passphrase() || canceled )
break; break;
} }

2
g10/sign.c
View File

@ -1035,7 +1035,7 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
if (!opt.quiet || !opt.batch) if (!opt.quiet || !opt.batch)
log_info (_("%s encryption will be used\n"), log_info (_("%s encryption will be used\n"),
cipher_algo_to_string(algo) ); cipher_algo_to_string(algo) );
cfx.dek = passphrase_to_dek( NULL, 0, algo, s2k, 2, NULL ); cfx.dek = passphrase_to_dek( NULL, 0, algo, s2k, 2, NULL, NULL );
if (!cfx.dek || !cfx.dek->keylen) { if (!cfx.dek || !cfx.dek->keylen) {
rc = G10ERR_PASSPHRASE; rc = G10ERR_PASSPHRASE;