security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

Add controlo statement %ask-passphrase

Browse source
This commit is contained in:
Werner Koch 2008-06-16 15:48:33 +00:00
parent 8e37ee4099
commit aa68a60301
6 changed files with 93 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

6
g10/ChangeLog
View file

@ -1,3 +1,9 @@
2008-06-16 Werner Koch <wk@g10code.com>
* keygen.c (output_control_s): Add ASK_PASSPHRASE.
(read_parameter_file): Add commands %ask-passphrase and
%no-ask-passphrase.
2008-06-11 Werner Koch <wk@g10code.com>
* gpg.c: Make --fixed-list-mode a dummy.

95
g10/keygen.c
View file

@ -92,6 +92,7 @@ struct para_data_s {
struct output_control_s {
int lnr;
int dryrun;
int ask_passphrase;
int use_files;
struct {
char *fname;
@ -2527,36 +2528,70 @@ proc_parameter_file( struct para_data_s *para, const char *fname,
if (parse_revocation_key (fname, para, pREVOKER))
return -1;
/* make DEK and S2K from the Passphrase */
r = get_parameter( para, pPASSPHRASE );
if( r && *r->u.value ) {
/* We have a plain text passphrase - create a DEK from it.
* It is a little bit ridiculous to keep it ih secure memory
* but because we do this always, why not here */
STRING2KEY *s2k;
DEK *dek;
/* Make DEK and S2K from the Passphrase. */
if (outctrl->ask_passphrase)
{
/* %ask-passphrase is active - ignore pPASSPRASE and ask. This
feature is required so that GUIs are able to do a key
creation but have gpg-agent ask for the passphrase. */
int canceled = 0;
STRING2KEY *s2k;
DEK *dek;
s2k = xmalloc_secure( sizeof *s2k );
s2k->mode = opt.s2k_mode;
s2k->hash_algo = S2K_DIGEST_ALGO;
set_next_passphrase( r->u.value );
dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo, s2k, 2,
NULL, NULL);
set_next_passphrase( NULL );
assert( dek );
memset( r->u.value, 0, strlen(r->u.value) );
dek = do_ask_passphrase ( &s2k, &canceled );
if (dek)
{
r = xmalloc_clear( sizeof *r );
r->key = pPASSPHRASE_DEK;
r->u.dek = dek;
r->next = para;
para = r;
r = xmalloc_clear( sizeof *r );
r->key = pPASSPHRASE_S2K;
r->u.s2k = s2k;
r->next = para;
para = r;
}
r = xmalloc_clear( sizeof *r );
r->key = pPASSPHRASE_S2K;
r->u.s2k = s2k;
r->next = para;
para = r;
r = xmalloc_clear( sizeof *r );
r->key = pPASSPHRASE_DEK;
r->u.dek = dek;
r->next = para;
para = r;
}
if (canceled)
{
log_error ("%s:%d: key generation canceled\n", fname, r->lnr );
return -1;
}
}
else
{
r = get_parameter( para, pPASSPHRASE );
if ( r && *r->u.value )
{
/* We have a plain text passphrase - create a DEK from it.
* It is a little bit ridiculous to keep it in secure memory
* but because we do this always, why not here. */
STRING2KEY *s2k;
DEK *dek;
s2k = xmalloc_secure ( sizeof *s2k );
s2k->mode = opt.s2k_mode;
s2k->hash_algo = S2K_DIGEST_ALGO;
set_next_passphrase ( r->u.value );
dek = passphrase_to_dek (NULL, 0, opt.s2k_cipher_algo, s2k, 2,
NULL, NULL);
set_next_passphrase (NULL );
assert (dek);
memset (r->u.value, 0, strlen(r->u.value));
r = xmalloc_clear (sizeof *r);
r->key = pPASSPHRASE_S2K;
r->u.s2k = s2k;
r->next = para;
para = r;
r = xmalloc_clear (sizeof *r);
r->key = pPASSPHRASE_DEK;
r->u.dek = dek;
r->next = para;
para = r;
}
}
/* Make KEYCREATIONDATE from Creation-Date. */
r = get_parameter (para, pCREATIONDATE);
@ -2696,6 +2731,10 @@ read_parameter_file( const char *fname )
log_info("%s\n", value );
else if( !ascii_strcasecmp( keyword, "%dry-run" ) )
outctrl.dryrun = 1;
else if( !ascii_strcasecmp( keyword, "%ask-passphrase" ) )
outctrl.ask_passphrase = 1;
else if( !ascii_strcasecmp( keyword, "%no-ask-passphrase" ) )
outctrl.ask_passphrase = 0;
else if( !ascii_strcasecmp( keyword, "%commit" ) ) {
outctrl.lnr = lnr;
if (proc_parameter_file( para, fname, &outctrl, 0 ))