agent: Ignore passphrase constraints for a generated passphrase.

* agent/agent.h (PINENTRY_STATUS_PASSWORD_GENERATED): New. (MAX_GENPIN_TRIES): Remove. * agent/call-pinentry.c (struct entry_parm_s): (struct inq_cb_parm_s): Add genpinhash and genpinhas_valid. (is_generated_pin): New. (inq_cb): Suppress constraints checking for a generated passphrase. No more need for several tries to generate the passphrase. (do_getpin): Store a generated passphrase/pin in the status field. (agent_askpin): Suppress constraints checking for a generated passphrase. (agent_get_passphrase): Ditto. * agent/command.c (cmd_get_passphrase): Ditto. -- A generated passphrase has enough entropy so that all kind of extra checks would only reduce the actual available entropy. We thus detect if a passphrase has been generated (and not changed) and skip all passphrase constraints checking.
2025-07-02 22:46:30 +02:00 · 2021-08-18 18:24:35 +02:00 · 2021-08-18 18:24:35 +02:00 · db5dc7a91a
commit db5dc7a91a
parent 576e429d41
4 changed files with 73 additions and 35 deletions
--- a/agent/command.c
+++ b/agent/command.c
@ -1494,6 +1494,7 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
  char *entry_errtext = NULL;
  struct pin_entry_info_s *pi = NULL;
  struct pin_entry_info_s *pi2 = NULL;
+  int is_generated;

  if (ctrl->restricted)
    return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
@ -1626,10 +1627,13 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
            goto leave;
          xfree (entry_errtext);
          entry_errtext = NULL;
+          is_generated = !!(pi->status & PINENTRY_STATUS_PASSWORD_GENERATED);
+
          /* We don't allow an empty passpharse in this mode.  */
-          if (check_passphrase_constraints (ctrl, pi->pin,
-                                            pi->constraints_flags,
-                                            &entry_errtext))
+          if (!is_generated
+              && check_passphrase_constraints (ctrl, pi->pin,
+                                               pi->constraints_flags,
+                                               &entry_errtext))
            {
              pi->failed_tries = 0;
              pi2->failed_tries = 0;
@ -1685,11 +1689,14 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
                                 opt_qualbar, cacheid, CACHE_MODE_USER, NULL);
      xfree (entry_errtext);
      entry_errtext = NULL;
+      is_generated = !!(pi->status & PINENTRY_STATUS_PASSWORD_GENERATED);
+
      if (!rc)
        {
          int i;

          if (opt_check
+              && !is_generated
 	      && check_passphrase_constraints
              (ctrl, response,
               (opt_newsymkey? CHECK_CONSTRAINTS_NEW_SYMKEY:0),