security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

gpg: Re-enable the "Passphrase" parameter for batch key generation.

Browse source 
* agent/command.c (cmd_genkey): Add option --inq-passwd.
* agent/genkey.c (agent_genkey): Add new arg override_passphrase.
* g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword.
(agent_genkey): Add arg optional arg "passphrase".
* g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc)
(gen_rsa, do_create): Add arg "passphrase" and pass it through.
(do_generate_keypair): Make use of pPASSPHRASE.
(release_parameter_list): Wipe out a passphrase parameter.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2015-01-21 11:31:20 +01:00
parent 2a8fe0448d
commit aa99ebde77
9 changed files with 128 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

23
g10/call-agent.c
View file

@ -1,7 +1,6 @@
/* call-agent.c - Divert GPG operations to the agent.
* Copyright (C) 2001, 2002, 2003, 2006, 2007, 2008, 2009,
* 2010, 2011, 2013 Free Software Foundation, Inc.
* Copyright (C) 2013, 2014 Werner Koch
* Copyright (C) 2001-2003, 2006-2011, 2013 Free Software Foundation, Inc.
* Copyright (C) 2013-2015 Werner Koch
*
* This file is part of GnuPG.
*
@ -90,6 +89,7 @@ struct genkey_parm_s
{
struct default_inq_parm_s *dflt;
const char *keyparms;
const char *passphrase;
};
struct import_key_parm_s
@ -1737,6 +1737,11 @@ inq_genkey_parms (void *opaque, const char *line)
err = assuan_send_data (parm->dflt->ctx,
parm->keyparms, strlen (parm->keyparms));
}
else if (has_leading_keyword (line, "NEWPASSWD") && parm->passphrase)
{
err = assuan_send_data (parm->dflt->ctx,
parm->passphrase, strlen (parm->passphrase));
}
else
err = default_inq_cb (parm->dflt, line);
@ -1747,10 +1752,13 @@ inq_genkey_parms (void *opaque, const char *line)
/* Call the agent to generate a new key. KEYPARMS is the usual
S-expression giving the parameters of the key. gpg-agent passes it
gcry_pk_genkey. If NO_PROTECTION is true the agent is advised not
to protect the generated key. */
to protect the generated key. If NO_PROTECTION is not set and
PASSPHRASE is not NULL the agent is requested to protect the key
with that passphrase instead of asking for one. */
gpg_error_t
agent_genkey (ctrl_t ctrl, char **cache_nonce_addr,
const char *keyparms, int no_protection, gcry_sexp_t *r_pubkey)
const char *keyparms, int no_protection,
const char *passphrase, gcry_sexp_t *r_pubkey)
{
gpg_error_t err;
struct genkey_parm_s gk_parm;
@ -1778,8 +1786,11 @@ agent_genkey (ctrl_t ctrl, char **cache_nonce_addr,
init_membuf (&data, 1024);
gk_parm.dflt = &dfltparm;
gk_parm.keyparms = keyparms;
gk_parm.passphrase = passphrase;
snprintf (line, sizeof line, "GENKEY%s%s%s",
no_protection? " --no-protection":"",
no_protection? " --no-protection" :
passphrase ? " --inq-passwd" :
/* */ "",
cache_nonce_addr && *cache_nonce_addr? " ":"",
cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"");
cn_parm.cache_nonce_addr = cache_nonce_addr;

1
g10/call-agent.h
View file

@ -154,6 +154,7 @@ gpg_error_t agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip,
/* Generate a new key. */
gpg_error_t agent_genkey (ctrl_t ctrl, char **cache_nonce_addr,
const char *keyparms, int no_protection,
const char *passphrase,
gcry_sexp_t *r_pubkey);
/* Read a public key. */

49
g10/keygen.c
View file

@ -1,7 +1,6 @@
/* keygen.c - generate a key pair
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006
* 2007, 2009, 2010, 2011 Free Software Foundation, Inc.
* Copyright (C) 2014 Werner Koch
* Copyright (C) 1998-2007, 2009-2011 Free Software Foundation, Inc.
* Copyright (C) 2014, 2015 Werner Koch
*
* This file is part of GnuPG.
*
@ -1287,7 +1286,7 @@ do_create_from_keygrip (ctrl_t ctrl, int algo, const char *hexkeygrip,
static int
common_gen (const char *keyparms, int algo, const char *algoelem,
kbnode_t pub_root, u32 timestamp, u32 expireval, int is_subkey,
int keygen_flags, char **cache_nonce_addr)
int keygen_flags, const char *passphrase, char **cache_nonce_addr)
{
int err;
PACKET *pkt;
@ -1295,7 +1294,9 @@ common_gen (const char *keyparms, int algo, const char *algoelem,
gcry_sexp_t s_key;
err = agent_genkey (NULL, cache_nonce_addr, keyparms,
!!(keygen_flags & KEYGEN_FLAG_NO_PROTECTION), &s_key);
!!(keygen_flags & KEYGEN_FLAG_NO_PROTECTION),
passphrase,
&s_key);
if (err)
{
log_error ("agent_genkey failed: %s\n", gpg_strerror (err) );
@ -1353,7 +1354,7 @@ common_gen (const char *keyparms, int algo, const char *algoelem,
static int
gen_elg (int algo, unsigned int nbits, KBNODE pub_root,
u32 timestamp, u32 expireval, int is_subkey,
int keygen_flags, char **cache_nonce_addr)
int keygen_flags, const char *passphrase, char **cache_nonce_addr)
{
int err;
char *keyparms;
@ -1394,7 +1395,7 @@ gen_elg (int algo, unsigned int nbits, KBNODE pub_root,
{
err = common_gen (keyparms, algo, "pgy",
pub_root, timestamp, expireval, is_subkey,
keygen_flags, cache_nonce_addr);
keygen_flags, passphrase, cache_nonce_addr);
xfree (keyparms);
}
@ -1408,7 +1409,7 @@ gen_elg (int algo, unsigned int nbits, KBNODE pub_root,
static gpg_error_t
gen_dsa (unsigned int nbits, KBNODE pub_root,
u32 timestamp, u32 expireval, int is_subkey,
int keygen_flags, char **cache_nonce_addr)
int keygen_flags, const char *passphrase, char **cache_nonce_addr)
{
int err;
unsigned int qbits;
@ -1481,7 +1482,7 @@ gen_dsa (unsigned int nbits, KBNODE pub_root,
{
err = common_gen (keyparms, PUBKEY_ALGO_DSA, "pqgy",
pub_root, timestamp, expireval, is_subkey,
keygen_flags, cache_nonce_addr);
keygen_flags, passphrase, cache_nonce_addr);
xfree (keyparms);
}
@ -1496,7 +1497,7 @@ gen_dsa (unsigned int nbits, KBNODE pub_root,
static gpg_error_t
gen_ecc (int algo, const char *curve, kbnode_t pub_root,
u32 timestamp, u32 expireval, int is_subkey,
int keygen_flags, char **cache_nonce_addr)
int keygen_flags, const char *passphrase, char **cache_nonce_addr)
{
gpg_error_t err;
char *keyparms;
@ -1531,7 +1532,7 @@ gen_ecc (int algo, const char *curve, kbnode_t pub_root,
{
err = common_gen (keyparms, algo, "",
pub_root, timestamp, expireval, is_subkey,
keygen_flags, cache_nonce_addr);
keygen_flags, passphrase, cache_nonce_addr);
xfree (keyparms);
}
@ -1545,7 +1546,7 @@ gen_ecc (int algo, const char *curve, kbnode_t pub_root,
static int
gen_rsa (int algo, unsigned int nbits, KBNODE pub_root,
u32 timestamp, u32 expireval, int is_subkey,
int keygen_flags, char **cache_nonce_addr)
int keygen_flags, const char *passphrase, char **cache_nonce_addr)
{
int err;
char *keyparms;
@ -1586,7 +1587,7 @@ gen_rsa (int algo, unsigned int nbits, KBNODE pub_root,
{
err = common_gen (keyparms, algo, "ne",
pub_root, timestamp, expireval, is_subkey,
keygen_flags, cache_nonce_addr);
keygen_flags, passphrase, cache_nonce_addr);
xfree (keyparms);
}
@ -2724,7 +2725,7 @@ do_ask_passphrase (STRING2KEY **ret_s2k, int mode, int *r_canceled)
static int
do_create (int algo, unsigned int nbits, const char *curve, KBNODE pub_root,
u32 timestamp, u32 expiredate, int is_subkey,
int keygen_flags, char **cache_nonce_addr)
int keygen_flags, const char *passphrase, char **cache_nonce_addr)
{
gpg_error_t err;
@ -2739,18 +2740,18 @@ do_create (int algo, unsigned int nbits, const char *curve, KBNODE pub_root,
if (algo == PUBKEY_ALGO_ELGAMAL_E)
err = gen_elg (algo, nbits, pub_root, timestamp, expiredate, is_subkey,
keygen_flags, cache_nonce_addr);
keygen_flags, passphrase, cache_nonce_addr);
else if (algo == PUBKEY_ALGO_DSA)
err = gen_dsa (nbits, pub_root, timestamp, expiredate, is_subkey,
keygen_flags, cache_nonce_addr);
keygen_flags, passphrase, cache_nonce_addr);
else if (algo == PUBKEY_ALGO_ECDSA
|| algo == PUBKEY_ALGO_EDDSA
|| algo == PUBKEY_ALGO_ECDH)
err = gen_ecc (algo, curve, pub_root, timestamp, expiredate, is_subkey,
keygen_flags, cache_nonce_addr);
keygen_flags, passphrase, cache_nonce_addr);
else if (algo == PUBKEY_ALGO_RSA)
err = gen_rsa (algo, nbits, pub_root, timestamp, expiredate, is_subkey,
keygen_flags, cache_nonce_addr);
keygen_flags, passphrase, cache_nonce_addr);
else
BUG();
@ -2792,6 +2793,8 @@ release_parameter_list (struct para_data_s *r)
for (; r ; r = r2)
{
r2 = r->next;
if (r->key == pPASSPHRASE && *r->u.value)
wipememory (r->u.value, strlen (r->u.value));
xfree (r);
}
}
@ -3966,7 +3969,9 @@ do_generate_keypair (struct para_data_s *para,
pub_root,
timestamp,
get_parameter_u32( para, pKEYEXPIRE ), 0,
outctrl->keygen_flags, &cache_nonce);
outctrl->keygen_flags,
get_parameter_value (para, pPASSPHRASE),
&cache_nonce);
else
err = gen_card_key (PUBKEY_ALGO_RSA, 1, 1, pub_root,
&timestamp,
@ -4018,7 +4023,9 @@ do_generate_keypair (struct para_data_s *para,
pub_root,
timestamp,
get_parameter_u32 (para, pSUBKEYEXPIRE), 1,
outctrl->keygen_flags, &cache_nonce);
outctrl->keygen_flags,
get_parameter_value (para, pPASSPHRASE),
&cache_nonce);
/* Get the pointer to the generated public subkey packet. */
if (!err)
{
@ -4241,7 +4248,7 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock)
keyblock, cur_time, expire, 1);
else
err = do_create (algo, nbits, curve,
keyblock, cur_time, expire, 1, 0, NULL);
keyblock, cur_time, expire, 1, 0, NULL, NULL);
if (err)
goto leave;