* agent/agent.h (PINENTRY_STATUS_PASSWORD_GENERATED): New.
(MAX_GENPIN_TRIES): Remove.
* agent/call-pinentry.c (struct entry_parm_s):
(struct inq_cb_parm_s): Add genpinhash and genpinhas_valid.
(is_generated_pin): New.
(inq_cb): Suppress constraints checking for a generated passphrase.
No more need for several tries to generate the passphrase.
(do_getpin): Store a generated passphrase/pin in the status field.
(agent_askpin): Suppress constraints checking for a generated
passphrase.
(agent_get_passphrase): Ditto.
* agent/command.c (cmd_get_passphrase): Ditto.
--
A generated passphrase has enough entropy so that all kind of extra
checks would only reduce the actual available entropy. We thus detect
if a passphrase has been generated (and not changed) and skip all
passphrase constraints checking.
* agent/gpg-agent.c (oCheckSymPassphrasePattern): New.
(opts): Add --check-sym-passphrase-pattern.
(parse_rereadable_options): Set option.
(main): Return option info.
* tools/gpgconf-comp.c: Add new option.
* agent/agent.h (opt): Add var check_sym_passphrase_pattern.
(struct pin_entry_info_s): Add var constraints_flags.
(CHECK_CONSTRAINTS_NOT_EMPTY): New to replace a hardwired 1.
(CHECK_CONSTRAINTS_NEW_SYMKEY): New.
* agent/genkey.c (check_passphrase_pattern): Rename to ...
(do_check_passphrase_pattern): this to make code reading
easier. Handle the --check-sym-passphrase-pattern option.
(check_passphrase_constraints): Replace arg no_empty by a generic
flags arg. Also handle --check-sym-passphrase-pattern here.
* agent/command.c (cmd_get_passphrase): In --newsymkey mode pass
CHECK_CONSTRAINTS_NEW_SYMKEY flag.
* agent/call-pinentry.c (struct entry_parm_s): Add constraints_flags.
(struct inq_cb_parm_s): New.
(inq_cb): Use new struct for parameter passing. Pass flags to teh
constraints checking.
(do_getpin): Pass constraints flag down.
(agent_askpin): Take constrainst flag from the supplied pinentry
struct.
--
Requirements for a passphrase to protect a private key and for a
passphrase used for symmetric encryption are different. Thus a
the use of a different pattern file will be useful. Note that a
pattern file can be used to replace the other passphrase constraints
options and thus we don't need to duplicate them for symmetric
encryption.
GnuPG-bug-id: 5517
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (cmd_genkey): Use goto instead of return.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Ditto.
* agent/genkey.c (agent_ask_new_passphrase): Fix typo to free correct
pointer
(agent_genkey): Release memory
* agent/gpg-agent.c (check_own_socket): Free sockname
* agent/protect-tool.c (read_key): Free buf.
(agent_askpin): Free passphrase
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Changed original patch to not add a free before a GPG_ERR_BUG.
Signed-off-by: Werner Koch <wk@gnupg.org>
GnuPG-bug-id: 5393
* agent/command.c (cmd_keyinfo): Factor some code out to ...
(get_keyinfo_on_cards): ... new.
(cmd_havekey): Add --list mode.
* g10/gpg.h (struct server_control_s): Add new caching vars.
* g10/gpg.c (gpg_deinit_default_ctrl): Release cache.
* g10/call-agent.c (agent_probe_any_secret_key): Init and try to use
the keygrip cache.
(agent_genkey): Clear the cache.
(agent_import_key): Ditto.
* g10/keylist.c (list_all, list_one): Pass ctrl to
agent_probe_any_secret_key.
* g10/getkey.c (lookup): Ditto.
--
With this change we first ask the agent for a list of all secret
keygrips and use that list instead of asking the agent for each public
key. Speeds up my "gpg -K" with a lot of secret and public keys by
more than 25%.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (cmd_readkey): Add option --no-data and special
handling for $SIGNKEYID and $AUTHKEYID.
* g10/call-agent.c (agent_scd_getattr): Create shadow keys for KEY-FPR
output.
* g10/skclist.c (enum_secret_keys): Automagically get a missing public
key for the current card.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (cmd_keytotpm): New.
(agent/command.c): Register new command KEYTOTPM.
* g10/call-agent.c (agent_keytotpm): New.
* g10/keyedit.c (cmdKEYTOTPM): New command "keytotpm".
(keyedit_menu): Implement.
--
The plumbing is done in two parts: the agent is modified to understand
a KEYTOTPM assuan command taking the key grip as an argument. This
simply obtains the key s expression and calls the existing writeky
diversion to the tpm2daemon. The daemon reponds with the TPM
conversion of the key and that key is then stored in the keyfile as a
shadowed-private-key with "tpm2-v1" type.
To effect the conversion, all the user does from gpg --edit-key is
select which private key they wish to move (or move the primary if no
key is selected) and type keytotpm. The conversion to TPM form is
instantaneous and once converted, the actual key cannot be recovered,
meaning that if you want your gpg key to move to a new laptop you must
keep an unconverted backup copy in a safe location.
When you do a list command, all TPM keys show up as
card-no: TPM-Protected
The key is stored encrypted to the TPM2 storage seed and since each
TPM has a unique seed, only the single TPM contained in your laptop
can now read the key. This means you cannot simply copy the shadowed
key file over to a new laptop, you must copy over the backup copy and
then convert it to TPM form on the new laptop.
To decomission your laptop, execute a tssclear command which
regenerates the storage seed and effectively shreds all keys. Note
when you have done this *every* TPM2 shadowed private key becomes
unreadable by any TPM and all are effectively destroyed.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Very minor cosmetic changes.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/call-tpm2d.c: New.
* divert-tpm2.c: New.
* agent/Makefile.am: Add new files.
* agent/agent.h (DAEMON_TPM2D): New. Add stub fucntions.
* agent/call-daemon.c (GNUPG_MODULE_NAME_TPM2DAEMON): New.
* agent/command.c (do_one_keyinfo): Handle tpmv2.
* agent/gpg-agent.c (oTpm2daemonProgram): New.
(opts): New option --tpm2daemon-program.
(parse_rereadable_options): Handle option.
* agent/pkdecrypt.c (agent_pkdecrypt): Divert to tpm2d.
(agent_pksign_do): Ditto.
---
A new shadow key type: "tpm2-v1" is introduced signalling that the
shadowed key is handled by the tpm2daemon. A function to identify
this type is introduced and diversions to the tpm2daemon functions are
conditioned on this function for pkign and pkdecrypt where the same
diversions to scd are currently done. The (info) field of the
shadowed key stores the actual TPM key. The TPM key is encrypted so
only the physical TPM it was created on can read it (so no special
protection is required for the info filed), but if the (info) field
becomes corrupt or damaged, the key will be lost (unlike the token
case, where the key is actually moved inside the token).
Note, this commit adds handling for existing TPM format shadow keys,
but there is still no way to create them.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Additional changes:
* Add ChangeLog entries.
* Some minor indentation fixes.
* agent/Makefile.am (gpg_agent_SOURCES): Change to make distcheck
work.
* agent/agent.h [!HAVE_LIBTSS]: Do not return -EINVAL but an
gpg_error_t. Mark args as unused.
* agent/protect.c (agent_is_tpm2_key): Free BUF.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Require at least Libgcrypt 1.9.0. Remove all
GCRYPT_VERSION_NUMBER dependent code.
--
Only Libgcrypt 1.9 implements EAX which is a mandatory algorithm in
RFC4880bis.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sysutils.h (struct gnupg_dirent_s): New.
* common/sysutils.c: Include dirent.h.
(struct gnupg_dir_s): New.
(gnupg_opendir, gnupg_readdir, gnupg_closedir): New. Change all
callers of opendir, readdir, and closedir to use these functions.
--
GnuPG-bug-id: 5098
* common/stringhelp.h (split_fields): Use const * for the strings in
the ARRAY.
(split_fields_colon): Likewise.
* common/stringhelp.c (split_fields, split_fields_colon): Fix
the implementation.
* agent/call-scd.c, agent/command.c: Follow the change.
* common/t-stringhelp.c, dirmngr/loadswdb.c: Likewise.
* g10/call-agent.c, tools/card-call-scd.c: Likewise.
* tools/card-yubikey.c, tools/gpg-card.c: Likewise.
* tools/gpg-card.h, tools/gpg-wks-client.c: Likewise.
* tools/gpgconf-comp.c, tools/gpgconf.c: Likewise.
* tools/wks-util.c: Likewise.
--
The strings in the ARRAY don't need to be released by caller, as those
are references. It's easier to follow the code when it's explicitly
const *.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/command.c (cmd_sethash): Add option --pss and allow for
--hash=null.
* agent/agent.h (struct server_control_s): Add digest.is_pss and
zero where needed.
* agent/pksign.c (agent_pksign_do): Allow for PSS with cards.
* scd/command.c (cmd_pksign): Add for --hash=none.
--
This is not a full implementaion of PSS but allows scdaemon card
drivers to detect already PSS formatted data.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (cmd_get_passphrase): Never repeat in loopback mode;
same as with !OPT_NEWSYMKEY.
--
In loopback mode there shall not be any repeat because the caller is
expected to do any confirmation before passing a new passphrase to
gpg.
Fixes-commit: eace4bbe1d
GnuPG-bug-id: 4991
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/call-pinentry.c (agent_get_passphrase): Add arg pininfo.
* agent/genkey.c (check_passphrase_constraints): New arg no_empty.
* agent/command.c (reenter_passphrase_cmp_cb): New.
(cmd_get_passphrase): Add option --newsymkey.
--
This new option allows to present a passphrase with the usual repeat
box as it is used by gpg-agent's internal key generation.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/call-scd.c: Factor re-usable code out to ...
* agent/call-daemon.c: new. Store infos in an array to allow for
other backend daemons.
* agent/Makefile.am (gpg_agent_SOURCES): Add new file.
* agent/agent.h: Include assuan.h.
(enum daemon_type): New.
(opt): Replace scdaemon_program by daemon_program array. Replace
scd_local by a array d_local. Change users accordingly.
--
The model I'm using for a TPM daemon is the current scdaemon. That
includes start and stop handlers plus liveness checks and an assuan
socket generator. To avoid massive code duplication (and save me a
lot of effort), I've elected to strip this code out of call-scd.c into
a generic framework which can then be reused as is by the TPM handling
daemon.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Co-authored-by: Werner Koch <wk@gnupg.org>
Modified original patch for 2.2 heavily to fit the new framework used
in master (gnupg 2.3)
Signed-off-by: Werner Koch <wk@gnupg.org>
--
For TPM support it is necessary to indroduce another type of shadow
key, so allow other agent functions to extract the type so they can
make the right decisions based on it.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Minor editorial changes by wk
* agent/agent.h (struct server_control_s): Add field digest.data.
* agent/gpg-agent.c (agent_deinit_default_ctrl): Free that field.
* agent/command.c (reset_notify): Ditto.
(start_command_handler): ditto.
(cmd_sethash): Add new option --inquire.
* agent/call-scd.c (agent_card_pksign): For now return an error if
inquire mode was used.
* agent/command-ssh.c (ssh_handler_sign_request): Make sure
digest.data is cleared.
* agent/divert-scd.c (divert_pksign): Implement inquire mode.
* agent/pksign.c (agent_pksign_do): Ditto.
--
This is required to support EdDSA according to RFC8410.
GnuPG-bug-id: 4888
No functional changes, just fixing minor spelling issues.
---
Most of these were identified from the command line by running:
codespell \
--ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \
--skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \
doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \
NEWS README README.maint TODO
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* agent/call-scd.c (agent_card_serialno): Allow NULL for R_SERIAL.
(struct readkey_status_parm_s): New.
(readkey_status_cb): New.
(agent_card_readkey): Add optional arg R_KEYREF and change all
callers.
* agent/findkey.c (key_parms_from_sexp): Allow also a "public-key".
* agent/divert-scd.c (ask_for_card): Allow for SHADOW_INFO being NULL.
* agent/pksign.c (agent_pksign_do): Fallback to sign with an on-card
if there is no stub key yet. Create the stub key. Also fixed a
misnaming between s_pkey and s_skey.
--
This change allows to create OpenPGP keys directly from a card without
first making sure that a stub key exists. It is also the less
surprising behaviour.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (struct server_local_s): Add last_card_keyinfo.
(eventcounter): Add maybe_key_change.
(cmd_genkey, cmd_scd, cmd_import_key, cmd_delete_key): Bump new
counter.
(cmd_keyinfo): Cache the keyinfo from the card.
(start_command_handler): Release the cache.
--
This cache speeds up processing of commands like "gpg -K" because
scdaemon does not need to be asked for each key as long as nothing
changed with the card.
We should have a better notification service from scdaemon to make
sure that we get only the relevant events. What we do right now is a
bit course but sufficient.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (cmd_getinfo): Return GPG_ERR_FALSE as boolean False.
* g13/server.c (cmd_getinfo): Ditto.
* sm/server.c (cmd_getinfo): Ditto.
--
GPG_ERR_FALSE was introduced with libgpg-error 1.21 and we now require
a later version for gnupg 2. Thus we can switch to this more
descriptive code.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (do_one_keyinfo): Add ON_CARD argument to put
A-flag.
(cmd_keyinfo): Call agent_card_keyinfo to offer additional information
if it's on card.
--
This is a modification in gpg-agent, intended for better
enum_secret_keys in gpg frontend.
GnuPG-bug-id: 4244
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/findkey.c (write_extended_private_key): Add args serialno and
keyref. Write a Token line if that does not yet exist.
(agent_write_private_key): Add args serialno and keyref and change all
callers.
(agent_write_shadow_key): Skip leading spaces.
* agent/keyformat.txt: Improve extended key format docs.
--
Noet that the extended key forma is the defaqult in 2.3. This patch
is a first step to better handle tokens which carray the same key.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-piv.c (concat_tlv_list): Add arg 'secure' and adjust
callers.
(writekey_rsa, writekey_ecc): New.
(do_writekey): New.
(do_writecert): Provide a better error message for an empty cert.
(app_select_piv): Register do_writekey.
* scd/iso7816.c (iso7816_send_apdu): New.
* scd/app-common.h (APP_WRITEKEY_FLAG_FORCE): New.
* agent/command.c (cmd_keytocard): Make the timestamp optional.
* tools/card-call-scd.c (inq_writekey_parms): Remove.
(scd_writekey): Rewrite.
* tools/gpg-card.c (cmd_writekey): New.
(enum cmdids): Add cmdWRITEKEY.
(dispatch_command, interactive_loop): Call cmd_writekey.
--
This has been tested with gpgsm and RSA keys. For ECC keys only
partly tested using the sample OpenPGP nistp256 and nistp384 keys
because gpgsm does not yet support ECC certificates and thus we can't
write the certificates to the cert object after a writekey. Note that
they nevertheless show up in "gpgcard list" because gpg-card searches
for them in gpg and gpgsm. However, this does not work completely.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (cmd_keytocard): Make timestamp optional. Use
modern parser function.
* agent/call-scd.c (agent_card_writekey): Rename an arg and for
clarity return gpg_error_t instead of int.
* agent/divert-scd.c (divert_writekey): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/percent.c (percent_data_escape): Add new args prefix and
plus_escape.
* agent/command.c (cmd_put_secret): Adjust for changed function
* common/t-percent.c (test_percent_data_escape): Extend test for the
prefix.
(test_percent_data_escape_plus): new test for the plus escaping.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command-ssh.c (get_client_info): Turn client_uid into an int.
Fix setting of it in case of a failed getsocketopt.
* agent/command.c (start_command_handler): Fix setting of the pid and
uid for Windows.
--
Fixes-commit: 28aa689058
which obviously was only added to master.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/agent.h (CACHE_MODE_DATA): New const.
* agent/cache.c (DEF_CACHE_TTL_DATA): new.
(housekeeping): Tweak for CACHE_MODE_DATA.
(cache_mode_equal): Ditto.
(agent_get_cache): Ditto.
(agent_put_cache): Implement CACHE_MODE_DATA.
* agent/command.c (MAXLEN_PUT_SECRET): New.
(parse_ttl): New.
(cmd_get_secret): New.
(cmd_put_secret): New.
(register_commands): Register new commands.
--
These commands allow to store secrets in memory for the lifetime of
the gpg-agent process.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (start_command_handler): Do not write to
CLIENT_CREDS after an error.
--
assuan_get_peercred is special insofar that it returns a pointer into
CTX. Writing data via this pointer should never be done.
Fixes-commit: 28aa689058
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (cmd_getinfo): Add sub-command getenv.
* dirmngr/server.c (cmd_getinfo): Ditto.
--
It is sometimes helpful to be able to inspect certain envvars in a
running agent. For example "http_proxy".
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/cache.c (agent_put_cache): Add arg 'ctrl' and change all
callers to pass it.
(agent_get_cache): Ditto.
* agent/cache.c (struct cache_items_s): Add field 'restricted'.
(housekeeping): Adjust debug output.
(agent_flush_cache): Ditto.
(agent_put_cache): Ditto. Take RESTRICTED into account.
(agent_get_cache): Ditto.
--
If requests are coming from different sources they should not share the
same cache. This way we make sure that a Pinentry pops up for a
remote request to a key we have already used locally.
GnuPG-bug-id: 3858
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/shareddefs.h (request_origin_t): New.
* common/agent-opt.c (parse_request_origin): New.
(str_request_origin): New.
* agent/command.c (option_handler): Implement new option.
--
This allows to pretend that a request originated from the extra or
browser socket.
Signed-off-by: Werner Koch <wk@gnupg.org>