agent: New option --check-sym-passphrase-pattern.

* agent/gpg-agent.c (oCheckSymPassphrasePattern): New. (opts): Add --check-sym-passphrase-pattern. (parse_rereadable_options): Set option. (main): Return option info. * tools/gpgconf-comp.c: Add new option. * agent/agent.h (opt): Add var check_sym_passphrase_pattern. (struct pin_entry_info_s): Add var constraints_flags. (CHECK_CONSTRAINTS_NOT_EMPTY): New to replace a hardwired 1. (CHECK_CONSTRAINTS_NEW_SYMKEY): New. * agent/genkey.c (check_passphrase_pattern): Rename to ... (do_check_passphrase_pattern): this to make code reading easier. Handle the --check-sym-passphrase-pattern option. (check_passphrase_constraints): Replace arg no_empty by a generic flags arg. Also handle --check-sym-passphrase-pattern here. * agent/command.c (cmd_get_passphrase): In --newsymkey mode pass CHECK_CONSTRAINTS_NEW_SYMKEY flag. * agent/call-pinentry.c (struct entry_parm_s): Add constraints_flags. (struct inq_cb_parm_s): New. (inq_cb): Use new struct for parameter passing. Pass flags to teh constraints checking. (do_getpin): Pass constraints flag down. (agent_askpin): Take constraints flag from the supplied pinentry struct. -- Requirements for a passphrase to protect a private key and for a passphrase used for symmetric encryption are different. Thus a the use of a different pattern file will be useful. Note that a pattern file can be used to replace the other passphrase constraints options and thus we don't need to duplicate them for symmetric encryption. GnuPG-bug-id: 5517 Signed-off-by: Werner Koch <wk@gnupg.org> Backported-from-master: 7c45a69eb9 agent: New option --check-sym-passphrase-pattern.
2025-07-02 22:46:30 +02:00 · 2021-08-13 13:42:31 +02:00 · 2021-08-13 13:42:31 +02:00 · c6a4a660fd
commit c6a4a660fd
parent 9832566e45
6 changed files with 88 additions and 30 deletions
--- a/agent/command.c
+++ b/agent/command.c
@ -1605,6 +1605,8 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
      pi->max_tries = 3;
      pi->with_qualitybar = opt_qualbar;
      pi->with_repeat = opt_repeat;
+      pi->constraints_flags = (CHECK_CONSTRAINTS_NOT_EMPTY
+                               | CHECK_CONSTRAINTS_NEW_SYMKEY);
      pi2->max_length = MAX_PASSPHRASE_LEN + 1;
      pi2->max_tries = 3;
      pi2->check_cb = reenter_passphrase_cmp_cb;
@ -1625,7 +1627,9 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
          xfree (entry_errtext);
          entry_errtext = NULL;
          /* We don't allow an empty passpharse in this mode.  */
-          if (check_passphrase_constraints (ctrl, pi->pin, 1, &entry_errtext))
+          if (check_passphrase_constraints (ctrl, pi->pin,
+                                            pi->constraints_flags,
+                                            &entry_errtext))
            {
              pi->failed_tries = 0;
              pi2->failed_tries = 0;
@ -1686,7 +1690,10 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
          int i;

          if (opt_check
-	      && check_passphrase_constraints (ctrl, response,0,&entry_errtext))
+	      && check_passphrase_constraints
+              (ctrl, response,
+               (opt_newsymkey? CHECK_CONSTRAINTS_NEW_SYMKEY:0),
+               &entry_errtext))
            {
              goto next_try;
            }