1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

666 Commits

Author SHA1 Message Date
Daniel Kahn Gillmor
7de7432076
g10: Add openpgp_protected flag to agent secret key export functions
* g10/call-agent.c, g10/call-agent.h (agent_export_key): Add
openpgp_protected flag.
* g10/export.c (receive_seckey_from_agent): Request openpgp_protected
secret keys from agent.
* agent/command.c (hlp_export_key): EXPORT_KEY help text: add a
brief description of the effect of --openpgp.
--

The --openpgp flag for gpg-agent's EXPORT_KEY actually forces
encryption in a certain (RFC 4880-compatible format).  This changeset
exposes that functionality in internal functions, and clarifies
functionality in the agent's help text.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-06-11 11:14:00 +02:00
Werner Koch
8127043d54
Explicitly restrict socket permissions.
* agent/gpg-agent.c (create_server_socket): Call chmod before listen.
* scd/scdaemon.c (create_server_socket): Ditto.
* dirmngr/dirmngr.c (main): Ditto.
--

This is just in case of a improperly set umask.  Note that a connect
requires a write permissions.
2016-06-08 16:18:02 +02:00
Werner Koch
6790115fd9
w32: Fix recent build regression.
* common/homedir.c (_gnupg_socketdir_internal) [W32]: Add definition
for NAME.
* g10/gpg.c (main) [W32]:  Fix use og gnupg_homedir.

* agent/gpg-agent.c (remove_socket): Remove unused var P.
* scd/scdaemon.c (cleanup): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-08 15:14:06 +02:00
Werner Koch
aab8a0b052
Implement /run/user/UID/gnupg based sockets.
* common/homedir.c: Include sys/stat.h and zb32.h.
(w32_portable_app, w32_bin_is_bin): Change type from int to byte.
(non_default_homedir): New.
(is_gnupg_default_homedir): New.
(default_homedir): Set non_default_homedir.
(gnupg_set_homedir): Set non_default_homedir and make
the_gnupg_homedir and absolute directory name.
(gnupg_homedir): Return an absolute directory name.
(_gnupg_socketdir_internal): New.
(gnupg_socketdir): Implement /run/user/ based sockets.
* tools/gpg-connect-agent.c (get_var_ext): Replace now obsolete
make_filename by xstrdup.
* tools/gpgconf.c (main): Sue gnupg_homedir for the "homedir:" output.
--

If a [/var]/run/user/$(id -u)/ directory exists, a gnupg subdir is
created as needed and the permissions of the directories are checked.
If that all matches that directory name is returned instead of the
homedir.

To cope with non standard homedirs (via GNUPGHOME or --homedir) the
SHA-1 hash of the homedir is computed, left truncated to 120 bits,
zBase-32 encoded, prefixed with "d.", and appended to
"[/var]/run/user/$(id -u)/gnupg/".  If that directory exists and has
proper permissions it is returned as socket dir - if not the homedir
is used.  Due to cleanup issues, this directory will not be
auto-created but needs to be created by the user in advance.

The required permissions are: directory owned by the user, group and
others bits not set.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-08 13:59:28 +02:00
Werner Koch
0faf895154
Do not try to remove the enclosing directory of sockets.
* agent/gpg-agent.c (remove_socket): Do not remove the enclosing
directory.
* scd/scdaemon.c (cleanup): Ditto.

--

The socket directory is now below /run or at ~/.gnupg.  Thus we should
not try to remove the directory of the socket.  The auto-removal was
introduced at a time we used a temporary directory for the sockets.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-08 09:04:29 +02:00
Werner Koch
36550dde99
common: New function gnupg_socketdir.
* common/homedir.c (gnupg_socketdir): New.
* agent/gpg-agent.c (create_socket_name): Use new function instead of
gnupg_homedir.
(check_own_socket): Ditto.
(check_for_running_agent): Ditto.
* agent/preset-passphrase.c (main): Ditto.
* common/asshelp.c (start_new_gpg_agent): Ditto.
* scd/scdaemon.c (create_socket_name): Ditto.
* tools/gpgconf.c (main): Ditto.
* tools/symcryptrun.c (main): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-07 13:48:46 +02:00
Werner Koch
fb88f37c40
common: Remove homedir arg from start_new_{dirmngr,gpg_agent}.
* common/asshelp.c (start_new_gpg_agent): Remove arg 'homedir' in
favor of gnupg_homedir ().  Change all callers.
(start_new_dirmngr): Ditto.
* common/get-passphrase.c (gnupg_prepare_get_passphrase): Remove arg
'homedir'.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-07 13:09:00 +02:00
Werner Koch
22a7ef01aa
Replace use of opt.homedir by accessor functions.
* common/homedir.c (the_gnupg_homedir): New var.
(gnupg_set_homedir): New.
(gnupg_homedir): New.
* g10/options.h (struct opt): Remove 'homedir' and replace all users
by the new accessor functions.
* g13/g13-common.h (struct opt): Ditto.
* scd/scdaemon.h (struct opt): Ditto.
* sm/gpgsm.h (struct opt): Ditto.
* dirmngr/dirmngr.h (struct opt): Ditto.
* agent/preset-passphrase.c (opt_homedir): Ditto.
* agent/protect-tool.c (opt_homedir): Ditto.
--

This will make detection of a non-default homedir easier.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-07 10:59:46 +02:00
Werner Koch
1b460f049e
gpg: Try to use the passphrase from the primary for --quick-addkey.
* agent/command.c (cmd_genkey): Add option --passwd-nonce.
(cmd_passwd): Return a PASSWD_NONCE in verify mode.
* g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do
not send a RESET if given.
(agent_passwd): Add arg 'verify'.
* g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'.
(gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto.
(generate_subkeypair): Use sepeare hexgrip var for the to be created
for hexgrip feature.  Verify primary key first.  Make use of the
passwd nonce.  Allow for a static passphrase.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 21:21:08 +02:00
Werner Koch
ac9ff644b1
gpg: Allow unattended deletion of secret keys.
* agent/command.c (cmd_delete_key): Make the --force option depend on
--disallow-loopback-passphrase.
* g10/call-agent.c (agent_delete_key): Add arg FORCE.
* g10/delkey.c (do_delete_key): Pass opt.answer_yes to
agent_delete_key.
--

Unless the agent has been configured with
--disallow-loopback-passpharse an unattended deletion of a secret key
is now possible with gpg by using --batch _and_ --yes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-10 11:01:42 +02:00
Werner Koch
3ef0938cfd
agent: Make --allow-loopback-pinentry the default.
* agent/gpg-agent.c (oNoAllowLoopbackPinentry): New.
(opts): Add --no-allow-loopback-pinentry.  Hide
description of --allow-loopback-pinentry.
(parse_rereadable_options): Set opt.allow_loopback_pinentry by
default.
(main): Replace allow-loopback-pinentry by no-allow-loopback-pinentry
in the gpgconf list.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Ditto.
--

Given that a user can anyway change that options in the gpg-agent.conf
file and that gpg needs to be invoked with --pinentry-mode=loopback
the former default does not make much sense - in that option is useful
at all.  There was a discussion of this topic on gnupg-devel in April
without a clear result.  So we try this new default and just in case
real problems are found for the majority of installations, we can
revert that.  The new default is also aligned with GnuPG's policy to
make its use easier and only require users with very high security
standards to tweak certain options (those users have anyway modeled
their threat model and configured their software according to this).

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-04 09:24:18 +02:00
Justus Winter
12af2630cf common: Add support for the new extended private key format.
* agent/findkey.c (write_extended_private_key): New function.
(agent_write_private_key): Detect if an existing file is in extended
format and update the key within if it is.
(read_key_file): Handle the new format.
* agent/keyformat.txt: Document the new format.
* common/Makefile.am: Add the new files.
* common/private-keys.c: New file.
* common/private-keys.h: Likewise.
* common/t-private-keys.c: Likewise.
* common/util.h (alphap, alnump): New macros.
* tests/migrations: Add test demonstrating that we can cope with the
new format.

--
GnuPG 2.3+ will use a new format to store private keys that is both
more flexible and easier to read and edit by human beings.  The new
format stores name,value-pairs using the common mail and http header
convention.

This patch adds the parser and support code and prepares GnuPG 2.1 for
the new format.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-04-21 14:38:53 +02:00
Justus Winter
342cc48889 agent: Convert key format document to org.
* agent/keyformat.txt: Convert to org mode.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-04-21 14:38:53 +02:00
Justus Winter
f8adf1a323 agent: Sanitize permissions of the private key directory.
* agent/gpg-agent.c (create_private_keys_directory): Set permissions.
* common/sysutils.c (modestr_to_mode): New function.
(gnupg_mkdir): Use new function.
(gnupg_chmod): New function.
* common/sysutils.h (gnupg_chmod): New prototype.
* tests/migrations/from-classic.test: Test migration with existing
directory.

GnuPG-bug-id: 2312
Signed-off-by: Justus Winter <justus@g10code.com>
2016-04-20 15:02:37 +02:00
Werner Koch
8c3fb2360f
agent: Fix regression due to recent commit 4159567.
* agent/protect.c (do_encryption): Fix CBC hashing.
--

The buggy code included an extra closing parenthesis before
the (protected-at) term in the CBC hashing.  We now do it by
explicitly hashing the protected stuff and append the rest of the
expression instead of a fixed closing parenthesis.  Note that the OCB
hashing only differs that it does no include the protected part.

Fixes-commit: 4159567f7ed7a1139fdc3a6c92988e1648ad84ab
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-14 12:29:36 +02:00
Werner Koch
6df75ec70a
agent: Allow gpg-protect-tool to handle openpgp-native protection.
* agent/protect-tool.c (read_and_unprotect): Add arg ctrl and pass to
agent_unprotect.
(main): Allocate a simple CTRL object and pass it to
read_and_unprotect.
(convert_from_openpgp_native): Remove stub.
(agent_key_available, agent_get_cache): New stubs.
(agent_askpin): New emulation for the one in call-pinentry.c.
(agent_write_private_key): New to dump key.
* agent/Makefile.am (gpg_protect_tool_SOURCES): Add cvt-openpgp.c
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-14 12:29:29 +02:00
Werner Koch
4159567f7e
agent: Implement new protection mode openpgp-s2k3-ocb-aes.
* agent/protect.c (agent_protect): Add arg use_ocb.  Change all caller
to pass -1 for default.
* agent/protect-tool.c: New option --debug-use-ocb.
(oDebugUseOCB): New.
(opt_debug_use_ocb): New.
(main): Set option.
(read_and_protect): Implement option.

* agent/protect.c (OCB_MODE_SUPPORTED): New macro.
(PROT_DEFAULT_TO_OCB): New macro.
(do_encryption): Add args use_ocb, hashbegin, hashlen, timestamp_exp,
and timestamp_exp_len.  Implement OCB.
(agent_protect): Change to support OCB.
(do_decryption): Add new args is_ocb, aadhole_begin, and aadhole_len.
Implement OCB.
(merge_lists): Allow NULL for sha1hash.
(agent_unprotect): Change to support OCB.
(agent_private_key_type): Remove debug output.
--

Instead of using the old OpenPGP way of appending a hash of the
plaintext and encrypt that along with the plaintext, the new scheme
uses a proper authenticated encryption mode.  See keyformat.txt for a
description.  Libgcrypt 1.7 is required.

This mode is not yet enabled because there would be no way to return
to an older GnuPG version.  To test the new scheme use
gpg-protect-tool:

 ./gpg-protect-tool -av -P abc -p --debug-use-ocb <plain.key >prot.key
 ./gpg-protect-tool -av -P abc -u <prot.key

Any key from the private key storage should work.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-12 14:38:44 +02:00
Werner Koch
100b413d7f
doc: Note that the persistant passphrase format is unimplemented.
--
2016-04-12 14:38:44 +02:00
Werner Koch
7faf131c8b
indent: Help Emacs not to get confused by conditional compilation.
* agent/protect.c (calibrate_get_time) [W32]: Use separate function
calls for W32 and W32CE.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-12 14:38:44 +02:00
NIIBE Yutaka
8588c2dbc4 agent: allow removal of the shadowed key.
* agent/findkey.c (agent_delete_key): Remove the key when asked.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-03-17 08:37:58 +09:00
Justus Winter
e77c85577d common: Consolidate Assuan server argument handling.
* common/Makefile.am (common_sources): Add new files.
* common/server-help.c: New file.
* common/server-help.h: Likewise.
* agent/command.c: Drop argument handling primitives in favor of using
the consolidated ones.
* dirmngr/server.c: Likewise.
* g10/server.c: Likewise.
* g13/server.c: Likewise.
* scd/command.c: Likewise.
* sm/server.c: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-03-02 14:14:33 +01:00
Werner Koch
ee87c653bf
agent: Send PROGRESS status lines to the client.
* agent/gpg-agent.c (struct progress_dispatch_s): New.
(progress_dispatch_list): New.
(main): Register libgcrypt pogress handler.
(agent_libgcrypt_progress_cb): New.
(agent_set_progress_cb): New.
(unregister_progress_cb): New.
(agent_deinit_default_ctrl): Call unregister.
* agent/command.c (progress_cb): New.
(start_command_handler): Register progress callback.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-25 11:20:23 +01:00
Werner Koch
499743387f
agent: New option --pinentry-timeout
* agent/gpg-agent.c (oPinentryTimeout): New.
(opts): Add new option.
(parse_rereadable_options): PArse that option.
(main): Tell gpgconf about this option.
* agent/call-pinentry.c (start_pinentry): Send option to Pinentry.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add Option.
--

GnuPG-bug-id: 2222
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-20 11:22:44 +01:00
Werner Koch
e2f984b4af
ssh: Accept OpenSSH *cert-v01 key variants.
* agent/command-ssh.c (SPEC_FLAG_WITH_CERT): New.
(ssh_key_types): Add OpenSSH cert types.
(stream_read_string): Allow a dummy read.
(ssh_receive_mpint_list): Pass SPEC by reference.
(ssh_receive_mpint_list): New arg CERT and use it.
(ssh_receive_key): Read certificate into an estream object and modify
parser to make use of that object.
--

This is a first step to support certificate via the agent.  The only
effect of this change is the removal of an error message parsing the
certificate.  Note that ssh-add sends the private key anyway first and
only then follows with the certificate+private key.

What we need to implement next is a way to store the certificate in
the agent and return it on request.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-12 19:12:02 +01:00
Werner Koch
833ba5faa1
common: New put_membuf_cb to replace static membuf_data_cb.
* common/membuf.c (put_membuf_cb): New.
* agent/call-scd.c (membuf_data_cb): Remove.  Change callers to use
put_membuf_cb.
* common/get-passphrase.c (membuf_data_cb): Ditto.
* g10/call-agent.c (membuf_data_cb): Ditto.
* sm/call-agent.c (membuf_data_cb): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 06:33:27 +01:00
Werner Koch
f2ecbf7454
agent: Typo fix for help text.
--
2016-01-05 13:51:04 +01:00
NIIBE Yutaka
ff3b607fc8 agent: Fix RSA verification for card.
* agent/pksign.c (agent_pksign_do): Use S-exp of public key, instead
of shadowed key.

--

Reported-by: Justus Winter
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-01-05 10:15:49 +09:00
NIIBE Yutaka
79b51bb872 agent: IMPORT_KEY with --force option fix.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Add an option not
to check existing key.
(convert_from_openpgp): Ditto.
(convert_from_openpgp_native): Call convert_from_openpgp_main with
dontcare_exist=0.
* agent/command.c (cmd_import_key): Call with dontcare_exist=force.
2015-12-24 14:19:53 +09:00
NIIBE Yutaka
e684c634df agent: Support --force option for IMPORT_KEY.
* agent/command.c (cmd_keywrap_key): New option --force.
2015-12-24 09:52:48 +09:00
Justus Winter
25f0f053cd agent: Improve error handling.
* agent/pksign.c (agent_pksign_do): Improve error handling.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-12-11 11:21:42 +01:00
Justus Winter
b78fce3271 agent: Fix typo.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2015-12-11 11:21:42 +01:00
Werner Koch
69db3285e4
build: Require at least Libassuan 2.4.1.
* configure.ac (NEED_LIBASSUAN_VERSION): Set to 2.4.1.
* agent/gpg-agent.c (create_server_socket): Remove check for
libassuan >= 2.3.0 and >= 2.1.4.
(main): Remove check for libassuan >= 2.1.4.
* scd/scdaemon.c (create_server_socket): Remove check for
libassuan >= 2.1.4.
* dirmngr/dirmngr.c (set_tor_mode): Remove check for
libassuan >= 2.3.0.
* dirmngr/http.c (http_raw_connect, send_request): Remove checks for
libassuan >= 2.3.0.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-02 18:57:49 +01:00
Werner Koch
022342e284
Silence unused variable or parameter warnings.
--
2015-11-27 18:32:26 +01:00
Neal H. Walfield
5b84b0d660 common: Extend utf8_charcount to include the string's length.
* common/stringhelp.c (utf8_charcount): Take additional parameter,
len.  Process at most LEN bytes.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-23 22:23:37 +01:00
Justus Winter
a1650b1edf agent: Improve error handling.
* agent/trustlist.c (istrusted_internal): Initialize 'err'.
--
There is a plausible path of execution so that a branch condition uses
the uninitialized value.

Found using the Clang Static Analyzer.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-11-19 16:18:20 +01:00
Justus Winter
a9e0905342 Fix typos found using codespell.
* agent/cache.c: Fix typos.
* agent/call-pinentry.c: Likewise.
* agent/call-scd.c: Likewise.
* agent/command-ssh.c: Likewise.
* agent/command.c: Likewise.
* agent/divert-scd.c: Likewise.
* agent/findkey.c: Likewise.
* agent/gpg-agent.c: Likewise.
* agent/w32main.c: Likewise.
* common/argparse.c: Likewise.
* common/audit.c: Likewise.
* common/audit.h: Likewise.
* common/convert.c: Likewise.
* common/dotlock.c: Likewise.
* common/exechelp-posix.c: Likewise.
* common/exechelp-w32.c: Likewise.
* common/exechelp-w32ce.c: Likewise.
* common/exechelp.h: Likewise.
* common/helpfile.c: Likewise.
* common/i18n.h: Likewise.
* common/iobuf.c: Likewise.
* common/iobuf.h: Likewise.
* common/localename.c: Likewise.
* common/logging.c: Likewise.
* common/openpgp-oid.c: Likewise.
* common/session-env.c: Likewise.
* common/sexputil.c: Likewise.
* common/sysutils.c: Likewise.
* common/t-sexputil.c: Likewise.
* common/ttyio.c: Likewise.
* common/util.h: Likewise.
* dirmngr/cdblib.c: Likewise.
* dirmngr/certcache.c: Likewise.
* dirmngr/crlcache.c: Likewise.
* dirmngr/dirmngr-client.c: Likewise.
* dirmngr/dirmngr.c: Likewise.
* dirmngr/dirmngr_ldap.c: Likewise.
* dirmngr/dns-stuff.c: Likewise.
* dirmngr/http.c: Likewise.
* dirmngr/ks-engine-hkp.c: Likewise.
* dirmngr/ks-engine-ldap.c: Likewise.
* dirmngr/ldap-wrapper.c: Likewise.
* dirmngr/ldap.c: Likewise.
* dirmngr/misc.c: Likewise.
* dirmngr/ocsp.c: Likewise.
* dirmngr/validate.c: Likewise.
* g10/encrypt.c: Likewise.
* g10/getkey.c: Likewise.
* g10/gpg.c: Likewise.
* g10/gpgv.c: Likewise.
* g10/import.c: Likewise.
* g10/keydb.c: Likewise.
* g10/keydb.h: Likewise.
* g10/keygen.c: Likewise.
* g10/keyid.c: Likewise.
* g10/keylist.c: Likewise.
* g10/keyring.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/misc.c: Likewise.
* g10/options.h: Likewise.
* g10/packet.h: Likewise.
* g10/parse-packet.c: Likewise.
* g10/pkclist.c: Likewise.
* g10/pkglue.c: Likewise.
* g10/plaintext.c: Likewise.
* g10/server.c: Likewise.
* g10/sig-check.c: Likewise.
* g10/sqlite.c: Likewise.
* g10/tdbio.c: Likewise.
* g10/test-stubs.c: Likewise.
* g10/tofu.c: Likewise.
* g10/trust.c: Likewise.
* g10/trustdb.c: Likewise.
* g13/create.c: Likewise.
* g13/mountinfo.c: Likewise.
* kbx/keybox-blob.c: Likewise.
* kbx/keybox-file.c: Likewise.
* kbx/keybox-init.c: Likewise.
* kbx/keybox-search-desc.h: Likewise.
* kbx/keybox-search.c: Likewise.
* kbx/keybox-update.c: Likewise.
* scd/apdu.c: Likewise.
* scd/app-openpgp.c: Likewise.
* scd/app-p15.c: Likewise.
* scd/app.c: Likewise.
* scd/ccid-driver.c: Likewise.
* scd/command.c: Likewise.
* scd/iso7816.c: Likewise.
* sm/base64.c: Likewise.
* sm/call-agent.c: Likewise.
* sm/call-dirmngr.c: Likewise.
* sm/certchain.c: Likewise.
* sm/gpgsm.c: Likewise.
* sm/import.c: Likewise.
* sm/keydb.c: Likewise.
* sm/minip12.c: Likewise.
* sm/qualified.c: Likewise.
* sm/server.c: Likewise.
* tools/gpg-check-pattern.c: Likewise.
* tools/gpgconf-comp.c: Likewise.
* tools/gpgkey2ssh.c: Likewise.
* tools/gpgparsemail.c: Likewise.
* tools/gpgtar.c: Likewise.
* tools/rfc822parse.c: Likewise.
* tools/symcryptrun.c: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-11-17 12:50:22 +01:00
Daniel Kahn Gillmor
1f872cb4ad
Fix typos
--
2015-10-28 10:20:17 +01:00
Daniel Kahn Gillmor
02dc518787
agent: Clarify agent's KEYWRAP_KEY description.
--

Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2015-10-28 10:19:17 +01:00
NIIBE Yutaka
5a12c45666 agent: simplify agent_get_passphrase.
* agent/call-pinentry.c (agent_get_passphrase): Simplify.
2015-10-09 11:55:18 +09:00
NIIBE Yutaka
818fa4f71e agent: fix agent_askpin.
* agent/call-pinentry.c (agent_askpin): Fix off-by-one error.
2015-10-09 11:46:23 +09:00
NIIBE Yutaka
f70f669536 agent: Fix function return type for check_cb and agent_askpin.
* agent/call-pinentry.c (unlock_pinentry): Return gpg_error_t.
(start_pinentry, setup_qualitybar): Likewise.
(agent_askpin): Fix return value check of check_cb.
* agent/command-ssh.c (reenter_compare_cb): Return gpg_error_t.
(ssh_identity_register): Fix return value check of agent_askpin.
* agent/cvt-openpgp.c (try_do_unprotect_cb): Return gpg_error_t.
* agent/findkey.c (try_unprotect_cb): Likewise.
* agent/genkey.c (reenter_compare_cb): Return gpg_error_t.
(agent_ask_new_passphrase): Fix return value check of agent_askpin.
2015-10-09 11:33:13 +09:00
NIIBE Yutaka
4a5bd1720f agent: Fix verification of signature for smartcard.
* agent/pksign.c (agent_pksign_do): Use public key smartcard.

--

Since gcry_pk_verify can't handle shadowed private key, public
key SEXP should be prepared for smartcard.
2015-10-06 15:10:25 +09:00
NIIBE Yutaka
ce2a84b588 agent: Fix non-allocation for pinentry_loopback.
* agent/call-pinentry.c (agent_get_passphrase): Don't allocate, it will
be allocated by pinentry_loopback.
2015-10-06 07:52:32 +09:00
Werner Koch
bdd180f47c
scd: Use Assuan macro instead of a number constant.
--
2015-10-02 12:21:31 +02:00
Werner Koch
ddf9dd135a
agent: Fix alignment problem with the second passphrase struct.
* agent/genkey.c (agent_ask_new_passphrase): Use a separate malloc for
PI2.  Check return value of the malloc function.
* agent/command-ssh.c (ssh_identity_register): Use a separate malloc
for PI2.  Wipe PI2.
--

For whatever stupid reasons I once allocated only one memory area and
split that into PI and PI2.  This is actually a common pattern with
malloc but here we used a made up object size and do not take the
extra alignment required into account.  One of these not yet hit by
a (sig)bus PC/VAX hacker bugs.

Instead of trying to fix the alignment, it is better to use a second
calloc for the second struct.

GnuPG-bug-id: 2112
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-02 10:58:40 +02:00
NIIBE Yutaka
cfbe6ba9cf agent: RSA signature verification by gpg-agent.
* g10/sign.c (do_sign): Let verify signature by gpg-agent.
* agent/pksign.c (agent_pksign_do): Call gcry_pk_verify for RSA.

--

RSA signature verification should be done to prevent attacks against
RSA CRT implementations and not to return invalid signature to
adversary.  Newer libgcrypt does so.  For older libgcrypt and
smartcards, gpg-agent does signature verification.
2015-09-29 09:49:44 +09:00
NIIBE Yutaka
1542dc604b agent: Fix importing ECC key.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Only encrypted
parameters are stored as opaque.
(apply_protection): ARRAY members are all normal, non-opaque MPI.
(extract_private_key): Get public key as normal, non-opaque MPI.
Remove support of ECC key with '(flags param)'.
Remove support of "ecdsa" and "ecdh" keys of our experiment.
2015-09-19 17:45:17 +09:00
Werner Koch
93d257c819
agent: New option --pinentry-invisible-char.
* agent/gpg-agent.c (oPinentryInvisibleChar): New.
(opts): Add option.
(parse_rereadable_options): Set option.
* agent/agent.h (opt): Add field pinentry_invisible_char.
* agent/call-pinentry.c (start_pinentry): Pass option to pinentry.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-16 21:24:14 +02:00
NIIBE Yutaka
7d5999f096 agent: Fix registering SSH Key of Ed25519.
* agent/command-ssh.c (stream_read_string): Add the prefix of 0x40.

--

GnuPG-bug-id: 2096
2015-09-16 10:37:38 +09:00
Werner Koch
9ba4ccdaf5
agent: Protect commit 135b1e3 against misbehaving Libgcrypt.
* agent/command-ssh.c (ssh_key_to_blob): Check DATALEN.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-01 07:39:28 +02:00