security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-02-01 16:33:02 +01:00
Code Activity

* passphrase.c (passphrase_to_dek): Add tryagain_text arg to be

Browse Source 
used with the agent.  Changed all callers.
(agent_get_passphrase): Likewise and send it to the agent
* seckey-cert.c (do_check): New arg tryagain_text.
(check_secret_key): Pass the string to do_check.
* keygen.c (ask_passphrase): Set the error text is required.
* keyedit.c (change_passphrase): Ditto.
* passphrase.c (agent_open): Disable opt.use_agent in case of a
problem with the agent.
(agent_get_passphrase): Ditto.
(passphrase_clear_cache): Ditto.
This commit is contained in:
Werner Koch 2002-01-20 18:33:04 +00:00
parent 1e7350da8e
commit 5a92c6052f
10 changed files with 101 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
g10/ChangeLog
View File

@ -1,3 +1,18 @@
2002-01-20 Werner Koch <wk@gnupg.org>
* passphrase.c (passphrase_to_dek): Add tryagain_text arg to be
used with the agent. Changed all callers.
(agent_get_passphrase): Likewise and send it to the agent
* seckey-cert.c (do_check): New arg tryagain_text.
(check_secret_key): Pass the string to do_check.
* keygen.c (ask_passphrase): Set the error text is required.
* keyedit.c (change_passphrase): Ditto.
* passphrase.c (agent_open): Disable opt.use_agent in case of a
problem with the agent.
(agent_get_passphrase): Ditto.
(passphrase_clear_cache): Ditto.
2002-01-19 Werner Koch <wk@gnupg.org> 2002-01-19 Werner Koch <wk@gnupg.org>
* passphrase.c (agent_open): Add support for the new Assuan based * passphrase.c (agent_open): Add support for the new Assuan based

4
g10/encode.c
View File

@ -112,8 +112,8 @@ encode_simple( const char *filename, int mode )
s2k->hash_algo = opt.def_digest_algo ? opt.def_digest_algo s2k->hash_algo = opt.def_digest_algo ? opt.def_digest_algo
: opt.s2k_digest_algo; : opt.s2k_digest_algo;
cfx.dek = passphrase_to_dek( NULL, 0, cfx.dek = passphrase_to_dek( NULL, 0,
opt.def_cipher_algo ? opt.def_cipher_algo opt.def_cipher_algo ? opt.def_cipher_algo
: opt.s2k_cipher_algo , s2k, 2 ); : opt.s2k_cipher_algo , s2k, 2, NULL );
if( !cfx.dek || !cfx.dek->keylen ) { if( !cfx.dek || !cfx.dek->keylen ) {
rc = G10ERR_PASSPHRASE; rc = G10ERR_PASSPHRASE;
m_free(cfx.dek); m_free(cfx.dek);

3
g10/gpgv.c
View File

@ -295,7 +295,8 @@ check_secret_key( PKT_secret_key *sk, int n )
*/ */
DEK * DEK *
passphrase_to_dek( u32 *keyid, int pubkey_algo, passphrase_to_dek( u32 *keyid, int pubkey_algo,
int cipher_algo, STRING2KEY *s2k, int mode ) int cipher_algo, STRING2KEY *s2k, int mode,
const char *tmp)
{ {
return NULL; return NULL;
} }

3
g10/keydb.h
View File

@ -174,7 +174,8 @@ int have_static_passphrase(void);
void read_passphrase_from_fd( int fd ); void read_passphrase_from_fd( int fd );
void passphrase_clear_cache ( u32 *keyid, int algo ); void passphrase_clear_cache ( u32 *keyid, int algo );
DEK *passphrase_to_dek( u32 *keyid, int pubkey_algo, DEK *passphrase_to_dek( u32 *keyid, int pubkey_algo,
int cipher_algo, STRING2KEY *s2k, int mode); int cipher_algo, STRING2KEY *s2k, int mode,
const char *tryagain_text);
void set_next_passphrase( const char *s ); void set_next_passphrase( const char *s );
char *get_last_passphrase(void); char *get_last_passphrase(void);

7
g10/keyedit.c
View File

@ -641,6 +641,7 @@ change_passphrase( KBNODE keyblock )
else { else {
DEK *dek = NULL; DEK *dek = NULL;
STRING2KEY *s2k = m_alloc_secure( sizeof *s2k ); STRING2KEY *s2k = m_alloc_secure( sizeof *s2k );
const char *errtext = NULL;
tty_printf(_("Enter the new passphrase for this secret key.\n\n") ); tty_printf(_("Enter the new passphrase for this secret key.\n\n") );
@ -648,9 +649,11 @@ change_passphrase( KBNODE keyblock )
for(;;) { for(;;) {
s2k->mode = opt.s2k_mode; s2k->mode = opt.s2k_mode;
s2k->hash_algo = opt.s2k_digest_algo; s2k->hash_algo = opt.s2k_digest_algo;
dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo, s2k, 2 ); dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo,
s2k, 2, errtext);
if( !dek ) { if( !dek ) {
tty_printf(_("passphrase not correctly repeated; try again.\n")); errtext = _("passphrase not correctly repeated; try again");
tty_printf ("%s.\n", errtext);
} }
else if( !dek->keylen ) { else if( !dek->keylen ) {
rc = 0; rc = 0;

10
g10/keygen.c
View File

@ -1184,6 +1184,7 @@ ask_passphrase( STRING2KEY **ret_s2k )
{ {
DEK *dek = NULL; DEK *dek = NULL;
STRING2KEY *s2k; STRING2KEY *s2k;
const char *errtext = NULL;
tty_printf(_("You need a Passphrase to protect your secret key.\n\n") ); tty_printf(_("You need a Passphrase to protect your secret key.\n\n") );
@ -1191,9 +1192,10 @@ ask_passphrase( STRING2KEY **ret_s2k )
for(;;) { for(;;) {
s2k->mode = opt.s2k_mode; s2k->mode = opt.s2k_mode;
s2k->hash_algo = opt.s2k_digest_algo; s2k->hash_algo = opt.s2k_digest_algo;
dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo, s2k, 2 ); dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo, s2k,2,errtext);
if( !dek ) { if( !dek ) {
tty_printf(_("passphrase not correctly repeated; try again.\n")); errtext = _("passphrase not correctly repeated; try again");
tty_printf(_("%s.\n"), errtext);
} }
else if( !dek->keylen ) { else if( !dek->keylen ) {
m_free(dek); dek = NULL; m_free(dek); dek = NULL;
@ -1448,7 +1450,7 @@ proc_parameter_file( struct para_data_s *para, const char *fname,
s2k->mode = opt.s2k_mode; s2k->mode = opt.s2k_mode;
s2k->hash_algo = opt.s2k_digest_algo; s2k->hash_algo = opt.s2k_digest_algo;
set_next_passphrase( r->u.value ); set_next_passphrase( r->u.value );
dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo, s2k, 2 ); dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo, s2k, 2, NULL );
set_next_passphrase( NULL ); set_next_passphrase( NULL );
assert( dek ); assert( dek );
memset( r->u.value, 0, strlen(r->u.value) ); memset( r->u.value, 0, strlen(r->u.value) );
@ -2080,7 +2082,7 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
s2k->mode = opt.s2k_mode; s2k->mode = opt.s2k_mode;
s2k->hash_algo = opt.s2k_digest_algo; s2k->hash_algo = opt.s2k_digest_algo;
set_next_passphrase( passphrase ); set_next_passphrase( passphrase );
dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo, s2k, 2 ); dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo, s2k, 2, NULL );
} }
rc = do_create( algo, nbits, pub_keyblock, sec_keyblock, rc = do_create( algo, nbits, pub_keyblock, sec_keyblock,

4
g10/mainproc.c
View File

@ -257,7 +257,7 @@ proc_symkey_enc( CTX c, PACKET *pkt )
log_info(_("encrypted with unknown algorithm %d\n"), algo ); log_info(_("encrypted with unknown algorithm %d\n"), algo );
c->last_was_session_key = 2; c->last_was_session_key = 2;
c->dek = passphrase_to_dek( NULL, 0, algo, &enc->s2k, 0 ); c->dek = passphrase_to_dek( NULL, 0, algo, &enc->s2k, 0, NULL );
if (c->dek) if (c->dek)
c->dek->algo_info_printed = 1; c->dek->algo_info_printed = 1;
} }
@ -448,7 +448,7 @@ proc_encrypted( CTX c, PACKET *pkt )
log_info (_("assuming %s encrypted data\n"), "IDEA"); log_info (_("assuming %s encrypted data\n"), "IDEA");
} }
c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 0 ); c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 0, NULL );
if (c->dek) if (c->dek)
c->dek->algo_info_printed = 1; c->dek->algo_info_printed = 1;
} }

70
g10/passphrase.c
View File

@ -371,6 +371,7 @@ agent_open (int *ret_prot)
infostr = getenv ( "GPG_AGENT_INFO" ); infostr = getenv ( "GPG_AGENT_INFO" );
if ( !infostr ) { if ( !infostr ) {
log_error (_("gpg-agent is not available in this session\n")); log_error (_("gpg-agent is not available in this session\n"));
opt.use_agent = 0;
return -1; return -1;
} }
infostr = m_strdup ( infostr ); infostr = m_strdup ( infostr );
@ -378,6 +379,7 @@ agent_open (int *ret_prot)
|| (p-infostr)+1 >= sizeof client_addr.sun_path ) { || (p-infostr)+1 >= sizeof client_addr.sun_path ) {
log_error( _("malformed GPG_AGENT_INFO environment variable\n")); log_error( _("malformed GPG_AGENT_INFO environment variable\n"));
m_free (infostr ); m_free (infostr );
opt.use_agent = 0;
return -1; return -1;
} }
*p++ = 0; *p++ = 0;
@ -390,6 +392,7 @@ agent_open (int *ret_prot)
if ( prot < 0 || prot > 1) { if ( prot < 0 || prot > 1) {
log_error (_("gpg-agent protocol version %d is not supported\n"),prot); log_error (_("gpg-agent protocol version %d is not supported\n"),prot);
m_free (infostr ); m_free (infostr );
opt.use_agent = 0;
return -1; return -1;
} }
*ret_prot = prot; *ret_prot = prot;
@ -397,6 +400,7 @@ agent_open (int *ret_prot)
if( (fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1 ) { if( (fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1 ) {
log_error ("can't create socket: %s\n", strerror(errno) ); log_error ("can't create socket: %s\n", strerror(errno) );
m_free (infostr ); m_free (infostr );
opt.use_agent = 0;
return -1; return -1;
} }
@ -411,6 +415,7 @@ agent_open (int *ret_prot)
infostr, strerror (errno) ); infostr, strerror (errno) );
m_free (infostr ); m_free (infostr );
close (fd ); close (fd );
opt.use_agent = 0;
return -1; return -1;
} }
m_free (infostr); m_free (infostr);
@ -430,6 +435,7 @@ agent_open (int *ret_prot)
&& (line[2] == '\n' || line[2] == ' ')) ) { && (line[2] == '\n' || line[2] == ' ')) ) {
log_error ( _("communication problem with gpg-agent\n")); log_error ( _("communication problem with gpg-agent\n"));
close (fd ); close (fd );
opt.use_agent = 0;
return -1; return -1;
} }
@ -460,7 +466,7 @@ agent_close ( int fd )
* 2: Ditto, but change the text to "repeat entry" * 2: Ditto, but change the text to "repeat entry"
*/ */
static char * static char *
agent_get_passphrase ( u32 *keyid, int mode ) agent_get_passphrase ( u32 *keyid, int mode, const char *tryagain_text )
{ {
#if defined(__riscos__) #if defined(__riscos__)
return NULL; return NULL;
@ -602,15 +608,35 @@ agent_get_passphrase ( u32 *keyid, int mode )
char *line, *p; char *line, *p;
int i; int i;
if (!tryagain_text)
tryagain_text = "X";
/* We allocate 2 time the needed space for atext so that there /* We allocate 2 time the needed space for atext so that there
is nenough space for escaping */ is nenough space for escaping */
line = m_alloc (15 + 46 + 3*strlen (atext) + 2); line = m_alloc (15 + 46
+ 3*strlen (tryagain_text) + 3*strlen (atext) + 2);
strcpy (line, "GET_PASSPHRASE "); strcpy (line, "GET_PASSPHRASE ");
p = line+15; p = line+15;
for (i=0; i < 20; i++, p +=2 ) if (!mode)
sprintf (p, "%02X", fpr[i]); {
for (i=0; i < 20; i++, p +=2 )
sprintf (p, "%02X", fpr[i]);
}
else
*p++ = 'X'; /* no caching */
*p++ = ' '; *p++ = ' ';
*p++ = 'X'; /* No error prompt */ for (i=0; tryagain_text[i]; i++)
{
if (tryagain_text[i] < ' ' || tryagain_text[i] == '+')
{
sprintf (p, "%%%02X", tryagain_text[i]);
p += 3;
}
else if (tryagain_text[i] == ' ')
*p++ = '+';
else
*p++ = tryagain_text[i];
}
*p++ = ' '; *p++ = ' ';
*p++ = 'X'; /* Use the standard prompt */ *p++ = 'X'; /* Use the standard prompt */
*p++ = ' '; *p++ = ' ';
@ -655,7 +681,10 @@ agent_get_passphrase ( u32 *keyid, int mode )
&& (pw[7] == ' ' || pw[7] == '\n') ) && (pw[7] == ' ' || pw[7] == '\n') )
log_info (_("cancelled by user\n") ); log_info (_("cancelled by user\n") );
else else
log_error (_("problem with the agent\n")); {
log_error (_("problem with the agent - disabling agent use\n"));
opt.use_agent = 0;
}
} }
@ -760,7 +789,10 @@ passphrase_clear_cache ( u32 *keyid, int algo )
if (buf[0] == 'O' && buf[1] == 'K' && (buf[2] == ' ' || buf[2] == '\n')) if (buf[0] == 'O' && buf[1] == 'K' && (buf[2] == ' ' || buf[2] == '\n'))
; ;
else else
log_error (_("problem with the agent\n")); {
log_error (_("problem with the agent - disabling agent use\n"));
opt.use_agent = 0;
}
} }
failure: failure:
@ -786,7 +818,8 @@ passphrase_clear_cache ( u32 *keyid, int algo )
*/ */
DEK * DEK *
passphrase_to_dek( u32 *keyid, int pubkey_algo, passphrase_to_dek( u32 *keyid, int pubkey_algo,
int cipher_algo, STRING2KEY *s2k, int mode ) int cipher_algo, STRING2KEY *s2k, int mode,
const char *tryagain_text)
{ {
char *pw = NULL; char *pw = NULL;
DEK *dek; DEK *dek;
@ -863,18 +896,31 @@ passphrase_to_dek( u32 *keyid, int pubkey_algo,
free_public_key( pk ); free_public_key( pk );
} }
agent_died:
if( next_pw ) { if( next_pw ) {
pw = next_pw; pw = next_pw;
next_pw = NULL; next_pw = NULL;
} }
else if ( opt.use_agent ) { else if ( opt.use_agent ) {
pw = agent_get_passphrase ( keyid, mode == 2? 1: 0 ); pw = agent_get_passphrase ( keyid, mode == 2? 1: 0, tryagain_text );
if ( !pw ) if (!pw)
{
if (!opt.use_agent)
goto agent_died;
pw = m_strdup (""); pw = m_strdup ("");
}
if( *pw && mode == 2 ) { if( *pw && mode == 2 ) {
char *pw2 = agent_get_passphrase ( keyid, 2 ); char *pw2 = agent_get_passphrase ( keyid, 2, NULL );
if ( !pw2 ) if (!pw2)
{
if (!opt.use_agent)
{
m_free (pw);
pw = NULL;
goto agent_died;
}
pw2 = m_strdup (""); pw2 = m_strdup ("");
}
if( strcmp(pw, pw2) ) { if( strcmp(pw, pw2) ) {
m_free(pw2); m_free(pw2);
m_free(pw); m_free(pw);

13
g10/seckey-cert.c
View File

@ -36,7 +36,7 @@
static int static int
do_check( PKT_secret_key *sk ) do_check( PKT_secret_key *sk, const char *tryagain_text )
{ {
byte *buffer; byte *buffer;
u16 csum=0; u16 csum=0;
@ -68,7 +68,7 @@ do_check( PKT_secret_key *sk )
keyid[3] = sk->main_keyid[1]; keyid[3] = sk->main_keyid[1];
} }
dek = passphrase_to_dek( keyid, sk->pubkey_algo, sk->protect.algo, dek = passphrase_to_dek( keyid, sk->pubkey_algo, sk->protect.algo,
&sk->protect.s2k, 0 ); &sk->protect.s2k, 0, tryagain_text );
cipher_hd = cipher_open( sk->protect.algo, cipher_hd = cipher_open( sk->protect.algo,
CIPHER_MODE_AUTO_CFB, 1); CIPHER_MODE_AUTO_CFB, 1);
cipher_setkey( cipher_hd, dek->key, dek->keylen ); cipher_setkey( cipher_hd, dek->key, dek->keylen );
@ -181,9 +181,12 @@ check_secret_key( PKT_secret_key *sk, int n )
n = opt.batch? 1 : 3; /* use the default value */ n = opt.batch? 1 : 3; /* use the default value */
for(i=0; i < n && rc == G10ERR_BAD_PASS; i++ ) { for(i=0; i < n && rc == G10ERR_BAD_PASS; i++ ) {
if( i ) const char *tryagain = NULL;
log_info(_("Invalid passphrase; please try again ...\n")); if (i) {
rc = do_check( sk ); tryagain = _("Invalid passphrase; please try again");
log_info (_("%s ...\n"), tryagain);
}
rc = do_check( sk, tryagain );
if( rc == G10ERR_BAD_PASS && is_status_enabled() ) { if( rc == G10ERR_BAD_PASS && is_status_enabled() ) {
u32 kid[2]; u32 kid[2];
char buf[50]; char buf[50];

2
g10/sign.c
View File

@ -914,7 +914,7 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
if (!opt.quiet || !opt.batch) if (!opt.quiet || !opt.batch)
log_info (_("%s encryption will be used\n"), log_info (_("%s encryption will be used\n"),
cipher_algo_to_string(algo) ); cipher_algo_to_string(algo) );
cfx.dek = passphrase_to_dek( NULL, 0, algo, s2k, 2 ); cfx.dek = passphrase_to_dek( NULL, 0, algo, s2k, 2, NULL );
if (!cfx.dek || !cfx.dek->keylen) { if (!cfx.dek || !cfx.dek->keylen) {
rc = G10ERR_PASSPHRASE; rc = G10ERR_PASSPHRASE;