diff --git a/agent/agent.h b/agent/agent.h index ad687e69d..0de18912b 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -117,8 +117,11 @@ struct /* The minimum number of non-alpha characters in a passphrase. */ unsigned int min_passphrase_nonalpha; - /* File name with a patternfile or NULL if not enabled. */ + /* File name with a patternfile or NULL if not enabled. If the + * second one is set, it is used for symmetric only encryption + * instead of the former. */ const char *check_passphrase_pattern; + const char *check_sym_passphrase_pattern; /* If not 0 the user is asked to change his passphrase after these number of days. */ @@ -287,6 +290,7 @@ struct pin_entry_info_s int min_digits; /* min. number of digits required or 0 for freeform entry */ int max_digits; /* max. number of allowed digits allowed*/ int max_tries; /* max. number of allowed tries. */ + unsigned int constraints_flags; /* CHECK_CONSTRAINTS_... */ int failed_tries; /* Number of tries so far failed. */ int with_qualitybar; /* Set if the quality bar should be displayed. */ int with_repeat; /* Request repetition of the passphrase. */ @@ -493,7 +497,11 @@ int agent_pkdecrypt (ctrl_t ctrl, const char *desc_text, membuf_t *outbuf, int *r_padding); /*-- genkey.c --*/ -int check_passphrase_constraints (ctrl_t ctrl, const char *pw, int no_empty, +#define CHECK_CONSTRAINTS_NOT_EMPTY 1 +#define CHECK_CONSTRAINTS_NEW_SYMKEY 2 + +int check_passphrase_constraints (ctrl_t ctrl, const char *pw, + unsigned int flags, char **failed_constraint); gpg_error_t agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt, char **r_passphrase); diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index fe1913e86..769ca676e 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -92,6 +92,7 @@ struct entry_parm_s size_t size; unsigned char *buffer; int status; + unsigned int constraints_flags; }; @@ -852,13 +853,20 @@ generate_pin (void) /* Handle inquiries. */ +struct inq_cb_parm_s +{ + assuan_context_t ctx; + unsigned int flags; /* CHECK_CONSTRAINTS_... */ +}; + + static gpg_error_t inq_cb (void *opaque, const char *line) { - assuan_context_t ctx = opaque; + struct inq_cb_parm_s *parm = opaque; + gpg_error_t err; const char *s; char *pin; - gpg_error_t err; int percent; char numbuf[20]; @@ -870,10 +878,10 @@ inq_cb (void *opaque, const char *line) else { percent = estimate_passphrase_quality (pin); - if (check_passphrase_constraints (NULL, pin, 0, NULL)) + if (check_passphrase_constraints (NULL, pin, parm->flags, NULL)) percent = -percent; snprintf (numbuf, sizeof numbuf, "%d", percent); - err = assuan_send_data (ctx, numbuf, strlen (numbuf)); + err = assuan_send_data (parm->ctx, numbuf, strlen (numbuf)); xfree (pin); } } @@ -895,14 +903,14 @@ inq_cb (void *opaque, const char *line) err = gpg_error_from_syserror (); else { - if (check_passphrase_constraints (NULL, pin, 0, &errtext)) + if (check_passphrase_constraints (NULL, pin, parm->flags, &errtext)) { if (errtext) { /* Unescape the percent-escaped errtext because assuan_send_data escapes it again. */ errtextlen = percent_unescape_inplace (errtext, 0); - err = assuan_send_data (ctx, errtext, errtextlen); + err = assuan_send_data (parm->ctx, errtext, errtextlen); } else { @@ -912,7 +920,7 @@ inq_cb (void *opaque, const char *line) } else { - err = assuan_send_data (ctx, NULL, 0); + err = assuan_send_data (parm->ctx, NULL, 0); } xfree (errtext); xfree (pin); @@ -931,11 +939,11 @@ inq_cb (void *opaque, const char *line) err = gpg_error (GPG_ERR_GENERAL); goto leave; } - if (!check_passphrase_constraints (NULL, pin, 0, NULL)) + if (!check_passphrase_constraints (NULL, pin, parm->flags, NULL)) { - assuan_begin_confidential (ctx); - err = assuan_send_data (ctx, pin, strlen (pin)); - assuan_end_confidential (ctx); + assuan_begin_confidential (parm->ctx); + err = assuan_send_data (parm->ctx, pin, strlen (pin)); + assuan_end_confidential (parm->ctx); xfree (pin); goto leave; } @@ -1226,12 +1234,16 @@ do_getpin (ctrl_t ctrl, struct entry_parm_s *parm) { gpg_error_t rc; int saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL); + struct inq_cb_parm_s inq_cb_parm; (void)ctrl; + inq_cb_parm.ctx = entry_ctx; + inq_cb_parm.flags = parm->constraints_flags; + assuan_begin_confidential (entry_ctx); rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, parm, - inq_cb, entry_ctx, + inq_cb, &inq_cb_parm, pinentry_status_cb, &parm->status); assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag); /* Most pinentries out in the wild return the old Assuan error code @@ -1384,6 +1396,7 @@ agent_askpin (ctrl_t ctrl, parm.size = pininfo->max_length; *pininfo->pin = 0; /* Reset the PIN. */ parm.buffer = (unsigned char*)pininfo->pin; + parm.constraints_flags = pininfo->constraints_flags; if (errtext) { diff --git a/agent/command.c b/agent/command.c index b1f89e0c8..ddba96abc 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1605,6 +1605,8 @@ cmd_get_passphrase (assuan_context_t ctx, char *line) pi->max_tries = 3; pi->with_qualitybar = opt_qualbar; pi->with_repeat = opt_repeat; + pi->constraints_flags = (CHECK_CONSTRAINTS_NOT_EMPTY + | CHECK_CONSTRAINTS_NEW_SYMKEY); pi2->max_length = MAX_PASSPHRASE_LEN + 1; pi2->max_tries = 3; pi2->check_cb = reenter_passphrase_cmp_cb; @@ -1625,7 +1627,9 @@ cmd_get_passphrase (assuan_context_t ctx, char *line) xfree (entry_errtext); entry_errtext = NULL; /* We don't allow an empty passpharse in this mode. */ - if (check_passphrase_constraints (ctrl, pi->pin, 1, &entry_errtext)) + if (check_passphrase_constraints (ctrl, pi->pin, + pi->constraints_flags, + &entry_errtext)) { pi->failed_tries = 0; pi2->failed_tries = 0; @@ -1686,7 +1690,10 @@ cmd_get_passphrase (assuan_context_t ctx, char *line) int i; if (opt_check - && check_passphrase_constraints (ctrl, response,0,&entry_errtext)) + && check_passphrase_constraints + (ctrl, response, + (opt_newsymkey? CHECK_CONSTRAINTS_NEW_SYMKEY:0), + &entry_errtext)) { goto next_try; } diff --git a/agent/genkey.c b/agent/genkey.c index 78b5bd5ea..b36c26550 100644 --- a/agent/genkey.c +++ b/agent/genkey.c @@ -90,9 +90,11 @@ nonalpha_count (const char *s) /* Check PW against a list of pattern. Return 0 if PW does not match - these pattern. */ + these pattern. If CHECK_CONSTRAINTS_NEW_SYMKEY is set in flags and + --check-sym-passphrase-pattern has been configured, use the pattern + file from that option. */ static int -check_passphrase_pattern (ctrl_t ctrl, const char *pw) +do_check_passphrase_pattern (ctrl_t ctrl, const char *pw, unsigned int flags) { gpg_error_t err = 0; const char *pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CHECK_PATTERN); @@ -100,9 +102,17 @@ check_passphrase_pattern (ctrl_t ctrl, const char *pw) const char *argv[10]; pid_t pid; int result, i; + const char *pattern; (void)ctrl; + pattern = opt.check_passphrase_pattern; + if ((flags & CHECK_CONSTRAINTS_NEW_SYMKEY) + && opt.check_sym_passphrase_pattern) + pattern = opt.check_sym_passphrase_pattern; + if (!pattern) + return 1; /* Oops - Assume password should not be used */ + infp = gnupg_tmpfile (); if (!infp) { @@ -125,7 +135,7 @@ check_passphrase_pattern (ctrl_t ctrl, const char *pw) i = 0; argv[i++] = "--null"; argv[i++] = "--", - argv[i++] = opt.check_passphrase_pattern, + argv[i++] = pattern, argv[i] = NULL; assert (i < sizeof argv); @@ -174,12 +184,17 @@ take_this_one_anyway (ctrl_t ctrl, const char *desc) /* Check whether the passphrase PW is suitable. Returns 0 if the - passphrase is suitable and true if it is not and the user should be - asked to provide a different one. If FAILED_CONSTRAINT is set, a - message describing the problem is returned in - *FAILED_CONSTRAINT. */ + * passphrase is suitable and true if it is not and the user should be + * asked to provide a different one. If FAILED_CONSTRAINT is set, a + * message describing the problem is returned at FAILED_CONSTRAINT. + * The FLAGS are: + * CHECK_CONSTRAINTS_NOT_EMPTY + * Do not allow an empty passphrase + * CHECK_CONSTRAINTS_NEW_SYMKEY + * Hint that the passphrase is used for a new symmetric key. + */ int -check_passphrase_constraints (ctrl_t ctrl, const char *pw, int no_empty, +check_passphrase_constraints (ctrl_t ctrl, const char *pw, unsigned int flags, char **failed_constraint) { gpg_error_t err = 0; @@ -188,6 +203,7 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, int no_empty, char *msg1 = NULL; char *msg2 = NULL; char *msg3 = NULL; + int no_empty = !!(flags & CHECK_CONSTRAINTS_NOT_EMPTY); if (ctrl && ctrl->pinentry_mode == PINENTRY_MODE_LOOPBACK) return 0; @@ -265,8 +281,9 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, int no_empty, and pattern. The actual test is done by an external program. The warning message is generic to give the user no hint on how to circumvent this list. */ - if (*pw && opt.check_passphrase_pattern && - check_passphrase_pattern (ctrl, pw)) + if (*pw + && (opt.check_passphrase_pattern || opt.check_sym_passphrase_pattern) + && do_check_passphrase_pattern (ctrl, pw, flags)) { if (!failed_constraint) { diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 43e8d96c7..09966da0b 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -114,6 +114,7 @@ enum cmd_and_opt_values oMinPassphraseLen, oMinPassphraseNonalpha, oCheckPassphrasePattern, + oCheckSymPassphrasePattern, oMaxPassphraseDays, oEnablePassphraseHistory, oDisableExtendedKeyFormat, @@ -232,6 +233,8 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_u (oMinPassphraseLen, "min-passphrase-len", "@"), ARGPARSE_s_u (oMinPassphraseNonalpha, "min-passphrase-nonalpha", "@"), ARGPARSE_s_s (oCheckPassphrasePattern, "check-passphrase-pattern", "@"), + ARGPARSE_s_s (oCheckSymPassphrasePattern, "check-sym-passphrase-pattern", + "@"), ARGPARSE_s_u (oMaxPassphraseDays, "max-passphrase-days", "@"), ARGPARSE_s_n (oEnablePassphraseHistory, "enable-passphrase-history", "@"), @@ -842,6 +845,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) opt.min_passphrase_len = MIN_PASSPHRASE_LEN; opt.min_passphrase_nonalpha = MIN_PASSPHRASE_NONALPHA; opt.check_passphrase_pattern = NULL; + opt.check_sym_passphrase_pattern = NULL; opt.max_passphrase_days = MAX_PASSPHRASE_DAYS; opt.enable_passphrase_history = 0; opt.enable_extended_key_format = 1; @@ -915,6 +919,9 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) case oCheckPassphrasePattern: opt.check_passphrase_pattern = pargs->r.ret_str; break; + case oCheckSymPassphrasePattern: + opt.check_sym_passphrase_pattern = pargs->r.ret_str; + break; case oMaxPassphraseDays: opt.max_passphrase_days = pargs->r.ret_ulong; break; @@ -1422,6 +1429,8 @@ main (int argc, char **argv ) MIN_PASSPHRASE_NONALPHA); es_printf ("check-passphrase-pattern:%lu:\n", GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME); + es_printf ("check-sym-passphrase-pattern:%lu:\n", + GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME); es_printf ("max-passphrase-days:%lu:%d:\n", GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_PASSPHRASE_DAYS); diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 7dbe0bd06..a127091db 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -205,14 +205,14 @@ if used in an options file. @item -v -@item --verbose +@itemx --verbose @opindex verbose Outputs additional information while running. You can increase the verbosity by giving several verbose commands to @command{gpg-agent}, such as @samp{-vv}. @item -q -@item --quiet +@itemx --quiet @opindex quiet Try to be as quiet as possible. @@ -448,11 +448,15 @@ of digits or special characters a warning will be displayed. Defaults to 1. @item --check-passphrase-pattern @var{file} +@itemx --check-sym-passphrase-pattern @var{file} @opindex check-passphrase-pattern +@opindex check-sym-passphrase-pattern Check the passphrase against the pattern given in @var{file}. When entering a new passphrase matching one of these pattern a warning will -be displayed. @var{file} should be an absolute filename. The default is -not to use any pattern file. +be displayed. @var{file} should be an absolute filename. The default +is not to use any pattern file. The second version of this option is +only used when creating a new symmetric key to allow the use of +different patterns for such passphrases. Security note: It is known that checking a passphrase against a list of pattern or even against a complete dictionary is not very effective to