1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-31 20:08:43 +01:00
Commit Graph

81 Commits

Author SHA1 Message Date
Werner Koch
3529dd8bb5
agent: Fix length test in sshcontrol parser.
* agent/command-ssh.c (ssh_search_control_file): Check S before
upcasing it.
--

In contradiction to the comment we did not check the length of HEXGRIP
and thus the GPG_ERR_INV_LENGTH was never triggered.

Detected by Stack 0.3:

  bug: anti-simplify
  model: |
    %cmp8 = icmp ne i32 %i.0, 40, !dbg !986
    -->  false
  stack:
    - /home/wk/s/gnupg/agent/command-ssh.c:1226:0
  ncore: 2
  core:
    - /home/wk/s/gnupg/agent/command-ssh.c:1225:0
      - buffer overflow
    - /home/wk/s/gnupg/agent/command-ssh.c:1225:0
      - buffer overflow
2015-03-15 13:04:48 +01:00
Werner Koch
95415bdec7
agent: Remove useless conditions.
* agent/genkey.c (agent_ask_new_passphrase): Remove useless condition.
* agent/command-ssh.c (ssh_identity_register): Ditto.
--

Detected by Stack 0.3:

  bug: anti-simplify
  model: |
    %tobool22 = icmp ne i8* %arraydecay21, null, !dbg !717
    -->  true
  stack:
    - /home/wk/s/gnupg/agent/genkey.c:385:0
  ncore: 1
  core:
    - /home/wk/s/gnupg/agent/genkey.c:362:0
      - pointer overflow

  bug: anti-simplify
  model: |
    %tobool35 = icmp ne i8* %arraydecay34, null, !dbg !1053
    -->  true
  stack:
    - /home/wk/s/gnupg/agent/command-ssh.c:3120:0
  ncore: 1
  core:
    - /home/wk/s/gnupg/agent/command-ssh.c:3103:0
      - pointer overflow
2015-03-15 12:59:17 +01:00
Werner Koch
14601eacb5 agent: Keep the session environment for restricted connections.
* agent/command-ssh.c (setup_ssh_env): Move code to ...
* agent/gpg-agent.c (agent_copy_startup_env): .. new function.  Change
calllers.
* agent/command.c (start_command_handler): Call that fucntion for
restricted connections.
--

A remote connection is and should not be able to setup the local
session environment.  However, unless --keep-display is used we would
be left without an environment and thus pinentry can't be used.  The
fix is the same as used for ssh-agent connection: We use the default
environment as used at the startup of the agent.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-19 13:07:09 +01:00
Werner Koch
fabcf1440a agent: Replace some sprintf.
* agent/call-scd.c (agent_card_pksign): Replace sprintf by bin2hex.
* agent/command-ssh.c (ssh_identity_register): Ditto.
* agent/pkdecrypt.c (agent_pkdecrypt): Replace sprintf by
put_membuf_printf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-02 14:13:53 +01:00
Werner Koch
cf41763cdf Change a couple of files to use abbreviated copyright notes.
--

Also fixed some of my own copyright notices due to the termination of
my assignment.  The one displayed by --version is kept at FSF because
we had contributors in 2014 with FSF assignments and it gives the FSF
some visibility.
2014-11-04 16:28:03 +01:00
Werner Koch
c9aadcb3a2 agent: Support pinentries with integrated repeat passphrase feature.
* agent/agent.h (struct pin_entry_info_s): Add fields repeat_okay and
with_repeat.
* agent/call-pinentry.c (close_button_status_cb): Rewrite and check
for PIN_REPEAT.  Change users to check only the relevant bit.
(agent_askpin): Support repeat logic of new Pinentries.

* agent/command-ssh.c (ssh_identity_register): Use the new repeat
feature.
* agent/genkey.c (agent_ask_new_passphrase): Ditto.

--

If we need to confirm a passphrase entry (e.g. for new passphrase) we
set a flag into the pinentry info block.  The we try to use the new
pinentry command SETREPEATERROR; if that fails, we continue as usual.
If that succeeds we ask the pinentry to show the repeat (confirmation)
prompt and on successful return we set another flag in the pinentry
info block so that the caller can skip its own confirmation check. A
new status line from the pinentry indicates that the feature is
actually supported (it may not be supported on certain systems for
example when using the ncurses backend).

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-24 20:40:12 +02:00
Werner Koch
4f35ef499a agent: Remove left over debug output.
* agent/command-ssh.c (ssh_signature_encoder_eddsa): Remove debug
output.
2014-09-18 15:28:40 +02:00
NIIBE Yutaka
fb24808db9 agent: Fix auth key comment handling.
* agent/command-ssh.c (ssh_send_key_public): Handle the case with no
comment.
2014-05-08 11:46:38 +09:00
Werner Koch
e3a4ff89a0 agent: Add command DELETE_KEY.
* agent/command.c (cmd_delete_key): New.
* agent/findkey.c (modify_description): Add '%C' feature.
(remove_key_file): New.
(agent_delete_key): New.
* agent/command-ssh.c (search_control_file): Make arg R_DISABLE
optional.

* configure.ac: Require libgpg-error 1.13.
2014-04-15 17:03:54 +02:00
NIIBE Yutaka
513c67b746 agent: EdDSA support for SSH.
* agent/command-ssh.c (ssh_signature_encoder_eddsa): Signature is
two 32-byte opaque data which should not be interpreted as number.
2014-04-04 16:33:00 +09:00
Werner Koch
5c2a50cdc9 agent: Replace es_mopen by es_fopenmem for ssh.
* agent/command-ssh.c (ssh_read_key_public_from_blob): Use
es_fopenmem.
(ssh_handler_request_identities): Ditto.
(ssh_request_process): Ditto.
--

es_fopenmem is easier to understand than the more general function
es_mopen.  Thus we better use the former for clarity.
2014-03-23 13:42:53 +01:00
Werner Koch
fc3e70c113 agent: Put ssh key type as comment into sshcontrol.
* agent/command-ssh.c (ssh_key_type_spec): Add field name.
(ssh_key_types): Add human readable names.
(add_control_entry): Add arg SPEC and print key type as comment.
(ssh_identity_register): Add arg SPEC.
(ssh_handler_add_identity): Add var SPEC and pass ssh_receive_key.
2014-03-22 21:28:35 +01:00
Werner Koch
072432883e agent: Support the Ed25519 signature algorithm for ssh.
* agent/command-ssh.c (SPEC_FLAG_IS_EdDSA): New.
(ssh_key_types): Add entry for ssh-ed25519.
(ssh_identifier_from_curve_name): Move to the top.
(stream_read_skip): New.
(stream_read_blob): New.
(ssh_signature_encoder_rsa): Replace MPIS array by an s-exp and move
the s-exp parsing to here.
(ssh_signature_encoder_dsa): Ditto.
(ssh_signature_encoder_ecdsa): Ditto.
(ssh_signature_encoder_eddsa): New.
(sexp_key_construct): Rewrite.
(ssh_key_extract): Rename to ...
(ssh_key_to_blob): .. this and rewrite most of it.
(ssh_receive_key): Add case for EdDSA.
(ssh_convert_key_to_blob, key_secret_to_public): Remove.
(ssh_send_key_public): Rewrite.
(ssh_handler_request_identities): Simplify.
(data_sign): Add rename args.  Add new args HASH and HASHLEN.  Make
use of es_fopenmen and es_fclose_snatch.  Remove parsing into MPIs
which is now doe in the sgnature encoder functions.
(ssh_handler_sign_request): Take care of Ed25519.
(ssh_key_extract_comment): Rewrite using gcry_sexp_nth_string.
--

To make the code easier readable most of the Ed25591 work has been
done using a new explicit code path.  Warning: Libgcrypt 1.6.1 uses a
non optimized implementation for Ed25519 and timing attacks might be
possible.

While working on the code I realized that it could need more rework;
it is at some places quite baroque and more complicated than needed.
Given that we require Libgcrypt 1.6 anyway, we should make more use of
modern Libgcrypt functions.
2014-03-22 21:12:46 +01:00
Werner Koch
a77ed0f266 agent: Cleanups to prepare implementation of Ed25519.
* agent/cvt-openpgp.c: Remove.
(convert_to_openpgp): Use gcry_sexp_extract_param.
* agent/findkey.c (is_eddsa): New.
(agent_is_dsa_key, agent_is_eddsa_key): Check whether ecc means EdDSA.
* agent/pksign.c (agent_pksign_do): Add args OVERRIDEDATA and
OVERRIDEDATALEN.

* common/ssh-utils.c (is_eddsa): New.
(get_fingerprint): Take care or EdDSA.
2014-03-22 20:52:03 +01:00
Werner Koch
90688b29f3 agent: Fix UPDATESTARTUPTTY for ssh.
* agent/command-ssh.c (setup_ssh_env): Fix env setting.
--

gniibe reported this to gnupg-devel on 2012-07-04:

  [...]
  (2) UPDATESTARTUPTTY doesn't work to switch TTY for pinentry for
      SSH.

  [...]

  Current implementation:

      In the function start_command_handler_ssh, the logic puts
      priority on ctrl->session_env which is initialized by
      agent_init_default_ctrl.  There are always GPG_TTY and TERM
      defined, because lines around 968 in gpg-agent.c, it says:

  	/* Make sure that we have a default ttyname. */

      While UPDATESTARTUPTTY updates opt.startup_env, it doesn't
      affect at all.

  Here is a patch to point the issue.  Tested and works for me.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 9f5578c29a)
2014-03-07 09:59:32 +01:00
Werner Koch
5105c8d2d3 ssh: Add support for Putty.
* agent/gpg-agent.c [W32]: Include Several Windows header.
(opts): Change help text for enable-ssh-support.
(opts, main): Add option --enable-putty-support
(putty_support, PUTTY_IPC_MAGIC, PUTTY_IPC_MAXLEN): New for W32.
(agent_init_default_ctrl): Add and asssert call.
(putty_message_proc, putty_message_thread): New.
(handle_connections) [W32]: Start putty message thread.
* common/sysutils.c (w32_get_user_sid): New for W32 only
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add
--enable-ssh-support and --enable-putty-support.  Make the
configuration group visible at basic level.
* agent/command-ssh.c (serve_mmapped_ssh_request): New for W32 only.
--

This patch enables support for Putty.  It has been tested with Putty
0.62 using an Unix created ssh key copied to the private-keys-v1.d
directory on Windows and with a manually crafted sshcontrol file.  It
also works with a smartcard key.

May thanks to gniibe who implemented a proxy in Python to test the
putty/gpg-agent communication.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 9f32499f99)

Resolved conflicts:
	NEWS
	agent/agent.h
	agent/gpg-agent.c: Convert from pth to npth.
	common/sysutils.c
	common/sysutils.h
2014-03-07 09:48:10 +01:00
Werner Koch
179012ddd4 agent: Fix binary vs. text mode problem in ssh.
* agent/command-ssh.c (file_to_buffer)
(ssh_handler_request_identities): Open streams in binary mode.
(start_command_handler_ssh): Factor some code out to ..
(setup_ssh_env): new function.
--

This is for now a theoretical fix because there is no ssh client yet
which uses the GnuPG style IPC.  OpenSSL for Cygwin uses only a quite
similar one.  gniibe suggested to implement that IPC style in
Libassuan so that a Cygwin version of OpenSSL may be used with GnuPG.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit ed056d67c7)

Also fixed one typo.
2014-03-07 09:00:56 +01:00
Werner Koch
fdbf76eee6 Fix commit 04e2c83f.
* agent/command-ssh.c (stream_read_string): Do not assign to a NULL
ptr.
2013-08-28 17:58:43 +02:00
Werner Koch
04e2c83f18 agent: Fix two compiler warnings.
* agent/command.c (cmd_preset_passphrase, pinentry_loopback): Use %zu
in format string.
* scd/ccid-driver.c (ccid_get_atr): Ditto.
* agent/command-ssh.c (stream_read_string): Init arg STRING_SIZE to
avoid maybe_unitialized warning.
--

Actually the first one might have been a problem on big endian
machines.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-28 13:04:31 +02:00
Werner Koch
50c98c7ed6 agent: Extend cmd KEYINFO to return data from sshcontrol.
* agent/command-ssh.c (struct control_file_s): Rename to
ssh_control_file_s.
(ssh_open_control_file, ssh_close_control_file)
(ssh_read_control_file, ssh_search_control_file): New.
(control_file_t):  Rename and move to ...
* agent/agent.h (ssh_control_file_t): here.
* agent/command.c (do_one_keyinfo): Add args is_ssh, ttl, disabled,
and confirm. Rename unknown keytype indicator from '-' to 'X'.  Extend
output.
(cmd_keyinfo): Add options --ssh-list and --with-ssh.
--

This extension allows the development of frontends to manage the
sshcontrol file.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-08 21:22:38 +02:00
Werner Koch
82c25e67a1 Modernize two format string file name quotes.
--
2013-06-27 09:28:43 +02:00
Werner Koch
c6b8f05517 Remove some unused variables.
* tools/gpgconf-comp.c (gc_process_gpgconf_conf): Remove unused
used_components.
* agent/command-ssh.c (ssh_signature_encoder_ecdsa): Mark unused arg.
* g13/g13.c (main): Comment variable of yet unimplemented options.
2013-02-22 09:42:46 +01:00
Werner Koch
649b31c663 ssh: Support ECDSA keys.
* agent/command-ssh.c (SPEC_FLAG_IS_ECDSA): New.
(struct ssh_key_type_spec): Add fields CURVE_NAME and HASH_ALGO.
(ssh_key_types): Add types ecdsa-sha2-nistp{256,384,521}.
(ssh_signature_encoder_t): Add arg spec and adjust all callers.
(ssh_signature_encoder_ecdsa): New.
(sexp_key_construct, sexp_key_extract, ssh_receive_key)
(ssh_convert_key_to_blob): Support ecdsa.
(ssh_identifier_from_curve_name): New.
(ssh_send_key_public): Retrieve and pass the curve_name.
(key_secret_to_public): Ditto.
(data_sign): Add arg SPEC and change callers to pass it.
(ssh_handler_sign_request): Get the hash algo from SPEC.
* common/ssh-utils.c (get_fingerprint): Support ecdsa.

* agent/protect.c (protect_info): Add flag ECC_HACK.
(agent_protect): Allow the use of the "curve" parameter.
* agent/t-protect.c (test_agent_protect): Add a test case for ecdsa.

* agent/command-ssh.c (ssh_key_grip): Print a better error code.
--

The 3 standard curves are now supported in gpg-agent's ssh-agent
protocol implementation.  I tested this with all 3 curves and keys
generated by OpenSSH 5.9p1.

Using existing non-ssh generated keys will likely fail for now. To fix
this, the code should first undergo some more cleanup; then the fixes
are pretty straightforward.  And yes, the data structures are way too
complicated.
2012-12-12 18:47:21 +01:00
Werner Koch
f76a0312c3 ssh: Rewrite a function for better maintainability
* agent/command-ssh.c (ssh_signature_encoder_dsa): Rewrite.
--

Using es_fopenmem instead of a preallocated buffer is safer and easier
to read.
2012-12-11 14:50:34 +01:00
Werner Koch
d2777f84be ssh: Improve key lookup for many keys.
* agent/command-ssh.c: Remove dirent.h.
(control_file_s): Add struct item.
(rewind_control_file): New.
(search_control_file): Factor code out to ...
(read_control_file_item): New.
(ssh_handler_request_identities): Change to iterate over entries in
sshcontrol.
--

Formerly we scanned the private key directory for matches of entries
in sshcontrol.  This patch changes it to scan the sshcontrol file and
thus considers only keys configured there.  The rationale for this is
that it is common to have only a few ssh keys but many private keys.
Even if that assumption does not hold true, the scanning of the
sshcontrol file is faster than reading the directory and only then
scanning the ssh control for each directory entry.
2012-12-10 18:27:23 +01:00
Werner Koch
25fb53ab4a ssh: Cleanup sshcontrol file access code.
* agent/command-ssh.c (SSH_CONTROL_FILE_NAME): New macro to replace
the direct use of the string.
(struct control_file_s, control_file_t): New.
(open_control_file, close_control_file): New.  Use them instead of
using fopen/fclose directly.
2012-12-10 16:39:12 +01:00
Werner Koch
096e7457ec Change all quotes in strings and comments to the new GNU standard.
The asymmetric quotes used by GNU in the past (`...') don't render
nicely on modern systems.  We now use two \x27 characters ('...').

The proper solution would be to use the correct Unicode symmetric
quotes here.  However this has the disadvantage that the system
requires Unicode support.  We don't want that today.  If Unicode is
available a generated po file can be used to output proper quotes.  A
simple sed script like the one used for en@quote is sufficient to
change them.

The changes have been done by applying

  sed -i "s/\`\([^'\`]*\)'/'\1'/g"

to most files and fixing obvious problems by hand.  The msgid strings in
the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
Werner Koch
781e9746df Improve ssh card key diagnostic message.
* command-ssh.c (card_key_available): Change wording of no key
diagnostic.
(ssh_handler_request_identities): Do not call card_key_available
if the scdaemon is disabled.
2011-11-28 10:48:25 +01:00
Werner Koch
816bee1fa0 Fixed set but unused variable bugs 2011-08-10 14:11:30 +02:00
Werner Koch
6f86ee812f Fix crash while reading unsupported ssh keys.
This bug was found by n-roeser at gmx.net
(gnupg-devel@, msgid 4DFC7298.4040509@gmx.net).
2011-07-22 09:29:40 +02:00
Werner Koch
d479906991 Support a confirm flag for ssh.
This implements the suggestion from bug#1349.  With this change the
fingerprint of the ssh key is also displayed in the pinentry prompts.
2011-07-20 20:49:41 +02:00
Ben Kibbey
137e3a0fbc Added gpg-agent OPTION "s2k-count".
When unset or 0, the calibrated count will be used.
2011-06-29 13:17:25 +02:00
Werner Koch
b008274afd Nuked almost all trailing white space.
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces.  In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much.  For future commits the pre-commit scripts
checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Werner Koch
54591341a4 More agent support for gpg. 2010-10-13 15:57:08 +00:00
Werner Koch
bfbd80feb9 Exporting secret keys via gpg-agent is now basically supported.
A couple of forward ported changes.
Doc updates.
2010-10-01 20:33:53 +00:00
Werner Koch
31bc3c8edd s/CACHE_MODE_IMPGEN/CACHE_MODE_NONCE/.
Prepare for more use cases of the cache nonce.
2010-09-01 11:07:16 +00:00
Werner Koch
a400cfe14e . 2010-08-26 08:47:42 +00:00
Werner Koch
31d7bdfe77 Whole lot of changes to support CE. 2010-04-14 11:24:02 +00:00
Werner Koch
d8b1099d01 Merged jnlib into common. 2010-03-10 12:24:58 +00:00
Werner Koch
f6f5430e50 Reworked passing of envars to Pinentry. 2009-07-07 10:02:41 +00:00
Werner Koch
002f51031a Fix bug #1053
Add option --qualitybar to command GET_PASSPHRASE.
2009-05-15 11:16:28 +00:00
Werner Koch
0a5f742466 Marked all unused args on non-W32 platforms. 2008-10-20 13:53:23 +00:00
Werner Koch
138bf2dc15 Fixed segv in gpg-agent (command marktrusted).
Replaced almost all free by xfree.
Translation fixes.
2008-05-27 12:03:50 +00:00
Werner Koch
55ba204bfa Started to implement the audit log feature.
Pass PINENTRY_USER_DATA and XAUTHORITY to Pinentry.
Improved support for the quality bar.
Minor internal restructuring.
Translation fixes.
2007-11-19 16:03:50 +00:00
Werner Koch
917ee1d5fd 2007-10-15 Daiki Ueno <ueno@unixuser.org> (wk)
* command-ssh.c (reenter_compare_cb): New function; imported from
	genkey.c.
	(ssh_identity_register): Ask initial passphrase twice.
2007-10-15 14:50:07 +00:00
Werner Koch
31c19d1d68 Use Assuan socket wrapper calls.
Made socket servers secure under Windows.
2007-10-01 14:48:39 +00:00
Werner Koch
93d3811abc Changed to GPLv3.
Removed intl/.
2007-07-04 19:49:40 +00:00
Werner Koch
cde3f5e61f agent/
* command-ssh.c (stream_read_string): Initialize LENGTH to zero.
	(start_command_handler_ssh): Use es_fgetc/es_ungetc to check if
	EOF has been reached before trying to process another request.
2007-01-31 14:52:48 +00:00
Werner Koch
5885142c83 Made some PIN pads work.
Some cleanups for 64 bit CPUs.
2006-11-20 16:49:41 +00:00
Werner Koch
f9ff194bc2 Preparing a new release 2006-09-25 07:59:34 +00:00