sm: Ask for the password for password based decryption (pwri)

* sm/decrypt.c (pwri_decrypt): Add arg ctrl. Ask for passphrase. * sm/export.c (export_p12): Mark string as translatable. * sm/import.c (parse_p12): Ditto. -- This is finishes the support for PWRI. The N_() marks are added so that we don't rely of the side-effect of having the same strings in protect-tool.c Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-17 15:42:27 +02:00 · 2021-05-17 15:42:27 +02:00 · eeb65d3bbd
parent 02029f9eab
commit eeb65d3bbd
3 changed files with 25 additions and 6 deletions
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@ -515,7 +515,7 @@ pwri_parse_pbkdf2 (const unsigned char *der, size_t derlen,
 *
 */
 static gpg_error_t
-pwri_decrypt (gcry_sexp_t enc_val,
+pwri_decrypt (ctrl_t ctrl, gcry_sexp_t enc_val,
              unsigned char **r_result, unsigned int *r_resultlen,
              struct decrypt_filter_parm_s *parm)
 {
@ -541,6 +541,7 @@ pwri_decrypt (gcry_sexp_t enc_val,
  unsigned int saltlen;
  unsigned long iterations;
  enum gcry_md_algos digest_algo;
+  char *passphrase = NULL;


  *r_resultlen = 0;
@ -654,10 +655,23 @@ pwri_decrypt (gcry_sexp_t enc_val,
      goto leave;
    }

-  err = gcry_kdf_derive ("abc", 3,
+  err = gpgsm_agent_ask_passphrase
+    (ctrl,
+     i18n_utf8 (N_("Please enter the password for decryption.")),
+     0, &passphrase);
+  if (err)
+    goto leave;
+
+  err = gcry_kdf_derive (passphrase, strlen (passphrase),
                         GCRY_KDF_PBKDF2, digest_algo,
                         salt, saltlen, iterations,
                         keklen, kek);
+  if (passphrase)
+    {
+      wipememory (passphrase, strlen (passphrase));
+      xfree (passphrase);
+      passphrase = NULL;
+    }
  if (err)
    {
      log_error ("deriving key from passphrase failed: %s\n",
@ -732,6 +746,11 @@ pwri_decrypt (gcry_sexp_t enc_val,
      wipememory (result, resultlen);
      xfree (result);
    }
+  if (passphrase)
+    {
+      wipememory (passphrase, strlen (passphrase));
+      xfree (passphrase);
+    }
  gcry_cipher_close (encr_hd);
  xfree (derive_algo_str);
  xfree (encr_algo_str);
@ -786,7 +805,7 @@ prepare_decryption (ctrl_t ctrl, const char *hexkeygrip,
      if (rc)
        goto leave;

-      rc = pwri_decrypt (s_enc_val, &decrypted, &decryptedlen, parm);
+      rc = pwri_decrypt (ctrl, s_enc_val, &decrypted, &decryptedlen, parm);
      gcry_sexp_release (s_enc_val);
      if (rc)
        goto leave;
--- a/sm/export.c
+++ b/sm/export.c
@ -724,8 +724,8 @@ export_p12 (ctrl_t ctrl, const unsigned char *certimg, size_t certimglen,
    {
      err = gpgsm_agent_ask_passphrase
        (ctrl,
-         i18n_utf8 ("Please enter the passphrase to protect the "
-                    "new PKCS#12 object."),
+         i18n_utf8 (N_("Please enter the passphrase to protect the "
+                       "new PKCS#12 object.")),
         1, &passphrase);
      if (err)
        goto leave;
--- a/sm/import.c
+++ b/sm/import.c
@ -771,7 +771,7 @@ parse_p12 (ctrl_t ctrl, ksba_reader_t reader, struct stats_s *stats)

  err = gpgsm_agent_ask_passphrase
    (ctrl,
-     i18n_utf8 ("Please enter the passphrase to unprotect the PKCS#12 object."),
+     i18n_utf8 (N_("Please enter the passphrase to unprotect the PKCS#12 object.")),
     0, &passphrase);
  if (err)
    goto leave;