agent: New option --check-sym-passphrase-pattern.

* agent/gpg-agent.c (oCheckSymPassphrasePattern): New. (opts): Add --check-sym-passphrase-pattern. (parse_rereadable_options): Set option. (main): Return option info. * tools/gpgconf-comp.c: Add new option. * agent/agent.h (opt): Add var check_sym_passphrase_pattern. (struct pin_entry_info_s): Add var constraints_flags. (CHECK_CONSTRAINTS_NOT_EMPTY): New to replace a hardwired 1. (CHECK_CONSTRAINTS_NEW_SYMKEY): New. * agent/genkey.c (check_passphrase_pattern): Rename to ... (do_check_passphrase_pattern): this to make code reading easier. Handle the --check-sym-passphrase-pattern option. (check_passphrase_constraints): Replace arg no_empty by a generic flags arg. Also handle --check-sym-passphrase-pattern here. * agent/command.c (cmd_get_passphrase): In --newsymkey mode pass CHECK_CONSTRAINTS_NEW_SYMKEY flag. * agent/call-pinentry.c (struct entry_parm_s): Add constraints_flags. (struct inq_cb_parm_s): New. (inq_cb): Use new struct for parameter passing. Pass flags to teh constraints checking. (do_getpin): Pass constraints flag down. (agent_askpin): Take constraints flag from the supplied pinentry struct. -- Requirements for a passphrase to protect a private key and for a passphrase used for symmetric encryption are different. Thus a the use of a different pattern file will be useful. Note that a pattern file can be used to replace the other passphrase constraints options and thus we don't need to duplicate them for symmetric encryption. GnuPG-bug-id: 5517 Signed-off-by: Werner Koch <wk@gnupg.org> Backported-from-master: 7c45a69eb9 agent: New option --check-sym-passphrase-pattern.
2025-07-03 22:56:33 +02:00 · 2021-08-13 13:42:31 +02:00 · 2021-08-13 13:42:31 +02:00 · c6a4a660fd
commit c6a4a660fd
parent 9832566e45
6 changed files with 88 additions and 30 deletions
--- a/agent/agent.h
+++ b/agent/agent.h
@ -117,8 +117,11 @@ struct
  /* The minimum number of non-alpha characters in a passphrase.  */
  unsigned int min_passphrase_nonalpha;

-  /* File name with a patternfile or NULL if not enabled.  */
+  /* File name with a patternfile or NULL if not enabled.  If the
+   * second one is set, it is used for symmetric only encryption
+   * instead of the former. */
  const char *check_passphrase_pattern;
+  const char *check_sym_passphrase_pattern;

  /* If not 0 the user is asked to change his passphrase after these
     number of days.  */
@ -287,6 +290,7 @@ struct pin_entry_info_s
  int min_digits; /* min. number of digits required or 0 for freeform entry */
  int max_digits; /* max. number of allowed digits allowed*/
  int max_tries;  /* max. number of allowed tries.  */
+  unsigned int constraints_flags;  /* CHECK_CONSTRAINTS_... */
  int failed_tries; /* Number of tries so far failed.  */
  int with_qualitybar; /* Set if the quality bar should be displayed.  */
  int with_repeat;  /* Request repetition of the passphrase.  */
@ -493,7 +497,11 @@ int agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
                     membuf_t *outbuf, int *r_padding);

 /*-- genkey.c --*/
-int check_passphrase_constraints (ctrl_t ctrl, const char *pw, int no_empty,
+#define CHECK_CONSTRAINTS_NOT_EMPTY  1
+#define CHECK_CONSTRAINTS_NEW_SYMKEY 2
+
+int check_passphrase_constraints (ctrl_t ctrl, const char *pw,
+                                  unsigned int flags,
 				  char **failed_constraint);
 gpg_error_t agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt,
                                      char **r_passphrase);