security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-12 22:11:29 +02:00
Code Activity

g10: Prefer keys requiring no further user interaction.

Browse Source 
* g10/call-agent.c (agent_set_pinentry_mode): New function.
(start_agent): Use new function.
* g10/call-agent.h (agent_set_pinentry_mode): New prototype.
* g10/gpgv.c (agent_set_pinentry_mode): New stub.
* g10/mainproc.c (proc_packets): Try with PINENTRY_MODE_CANCEL first.
(proc_encryption_packets): Likewise.
* g10/test-stubs.c (agent_set_pinentry_mode): New stub.
* tests/openpgp/Makefile.am (TESTS): Add new test.
* tests/openpgp/issue1955.scm: New file.

GnuPG-bug-id: 1955
Signed-off-by: Justus Winter <justus@g10code.com>
This commit is contained in:
Justus Winter 2016-07-25 10:40:25 +02:00
parent 9ee23a715d
commit ddd69ff66c
7 changed files with 116 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
g10/call-agent.c
View File

@ -285,6 +285,44 @@ warn_version_mismatch (assuan_context_t ctx, const char *servername, int mode)
return err; return err;
} }
int
agent_set_pinentry_mode (int pinentry_mode, int *old_mode)
{
int rc;
char *tmp;
if (agent_ctx == NULL)
{
if (old_mode)
*old_mode = opt.pinentry_mode;
opt.pinentry_mode = pinentry_mode;
return 0;
}
tmp = xasprintf ("OPTION pinentry-mode=%s",
str_pinentry_mode (pinentry_mode));
rc = assuan_transact (agent_ctx, tmp,
NULL, NULL, NULL, NULL, NULL, NULL);
xfree (tmp);
if (rc)
{
log_error ("setting pinentry mode '%s' failed: %s\n",
str_pinentry_mode (pinentry_mode),
gpg_strerror (rc));
write_status_error ("set_pinentry_mode", rc);
}
else
{
if (old_mode)
*old_mode = opt.pinentry_mode;
opt.pinentry_mode = pinentry_mode;
}
return rc;
}
/* Try to connect to the agent via socket or fork it off and work by /* Try to connect to the agent via socket or fork it off and work by
pipes. Handle the server's initial greeting */ pipes. Handle the server's initial greeting */
@ -332,21 +370,7 @@ start_agent (ctrl_t ctrl, int for_card)
NULL, NULL, NULL, NULL, NULL, NULL); NULL, NULL, NULL, NULL, NULL, NULL);
/* Pass on the pinentry mode. */ /* Pass on the pinentry mode. */
if (opt.pinentry_mode) if (opt.pinentry_mode)
{ agent_set_pinentry_mode (opt.pinentry_mode, NULL);
char *tmp = xasprintf ("OPTION pinentry-mode=%s",
str_pinentry_mode (opt.pinentry_mode));
rc = assuan_transact (agent_ctx, tmp,
NULL, NULL, NULL, NULL, NULL, NULL);
xfree (tmp);
if (rc)
{
log_error ("setting pinentry mode '%s' failed: %s\n",
str_pinentry_mode (opt.pinentry_mode),
gpg_strerror (rc));
write_status_error ("set_pinentry_mode", rc);
}
}
check_hijacking (agent_ctx); check_hijacking (agent_ctx);
} }
} }

2
g10/call-agent.h
View File

@ -123,6 +123,8 @@ int agent_scd_checkpin (const char *serialno);
/* Dummy function, only implemented by gpg 1.4. */ /* Dummy function, only implemented by gpg 1.4. */
void agent_clear_pin_cache (const char *sn); void agent_clear_pin_cache (const char *sn);
/* XXX */
int agent_set_pinentry_mode (int pinentry_mode, int *old_mode);
/* Send the GET_PASSPHRASE command to the agent. */ /* Send the GET_PASSPHRASE command to the agent. */
gpg_error_t agent_get_passphrase (const char *cache_id, gpg_error_t agent_get_passphrase (const char *cache_id,

5
g10/gpgv.c
View File

@ -697,3 +697,8 @@ void
tofu_end_batch_update (void) tofu_end_batch_update (void)
{ {
} }
int
agent_set_pinentry_mode (int pinentry_mode, int *old_mode)
{
}

19
g10/mainproc.c
View File

@ -39,6 +39,8 @@
#include "photoid.h" #include "photoid.h"
#include "mbox-util.h" #include "mbox-util.h"
#include "call-dirmngr.h" #include "call-dirmngr.h"
#include "call-agent.h"
#include "../common/shareddefs.h"
/* Put an upper limit on nested packets. The 32 is an arbitrary /* Put an upper limit on nested packets. The 32 is an arbitrary
value, a much lower should actually be sufficient. */ value, a much lower should actually be sufficient. */
@ -1174,13 +1176,19 @@ int
proc_packets (ctrl_t ctrl, void *anchor, iobuf_t a ) proc_packets (ctrl_t ctrl, void *anchor, iobuf_t a )
{ {
int rc; int rc;
int old_mode;
CTX c = xmalloc_clear (sizeof *c); CTX c = xmalloc_clear (sizeof *c);
c->ctrl = ctrl; c->ctrl = ctrl;
c->anchor = anchor; c->anchor = anchor;
rc = do_proc_packets (ctrl, c, a);
xfree (c);
agent_set_pinentry_mode (PINENTRY_MODE_CANCEL, &old_mode);
rc = do_proc_packets (ctrl, c, a);
agent_set_pinentry_mode (old_mode, NULL);
if (rc)
rc = do_proc_packets (ctrl, c, a);
xfree (c);
return rc; return rc;
} }
@ -1272,12 +1280,19 @@ int
proc_encryption_packets (ctrl_t ctrl, void *anchor, iobuf_t a ) proc_encryption_packets (ctrl_t ctrl, void *anchor, iobuf_t a )
{ {
CTX c = xmalloc_clear (sizeof *c); CTX c = xmalloc_clear (sizeof *c);
int old_mode;
int rc; int rc;
c->ctrl = ctrl; c->ctrl = ctrl;
c->anchor = anchor; c->anchor = anchor;
c->encrypt_only = 1; c->encrypt_only = 1;
agent_set_pinentry_mode (PINENTRY_MODE_CANCEL, &old_mode);
rc = do_proc_packets (ctrl, c, a); rc = do_proc_packets (ctrl, c, a);
agent_set_pinentry_mode (old_mode, NULL);
if (rc)
rc = do_proc_packets (ctrl, c, a);
xfree (c); xfree (c);
return rc; return rc;
} }

5
g10/test-stubs.c
View File

@ -505,3 +505,8 @@ void
tofu_end_batch_update (void) tofu_end_batch_update (void)
{ {
} }
int
agent_set_pinentry_mode (int pinentry_mode, int *old_mode)
{
}

1
tests/openpgp/Makefile.am
View File

@ -82,6 +82,7 @@ TESTS = setup.scm \
default-key.scm \ default-key.scm \
export.scm \ export.scm \
ssh.scm \ ssh.scm \
issue1955.scm \
issue2015.scm \ issue2015.scm \
finish.scm finish.scm

47
tests/openpgp/issue1955.scm Executable file
View File

@ -0,0 +1,47 @@
#!/usr/bin/env gpgscm
;; Copyright (C) 2016 g10 Code GmbH
;;
;; This file is part of GnuPG.
;;
;; GnuPG is free software; you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published by
;; the Free Software Foundation; either version 3 of the License, or
;; (at your option) any later version.
;;
;; GnuPG is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;; GNU General Public License for more details.
;;
;; You should have received a copy of the GNU General Public License
;; along with this program; if not, see <http://www.gnu.org/licenses/>.
(load (with-path "defs.scm"))
(lettmp
(logfile)
(define (dump logfile)
(call-with-input-file logfile
(lambda (port)
(display (read-all port)))))
(setenv "PINENTRY_USER_DATA"
(string-append "--logfile=" logfile " " usrpass1) #t)
(echo "Killing gpg-agent...")
(call-check `(,(tool 'gpg-connect-agent) --verbose killagent /bye))
(echo "Starting gpg-agent...")
(call-check `(,(tool 'gpg-connect-agent) --verbose /bye))
(for-each-p
"Checking that keys requiring no interactions are preferred (issue1955)..."
(lambda (test)
(let ((file (in-srcdir "samplemsgs"
(string-append "issue1955." test ".gpg"))))
(assert
(string-contains? (call-check `(,@GPG --decrypt ,file)) "geheim"))
(if (file-exists? logfile)
(error "GnuPG used the key requiring a passphrase"))))
'("one.two" "two.one")))