1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

1081 Commits

Author SHA1 Message Date
NIIBE Yutaka
1b0c4c2778 agent: Fix a bug accessing after release when opt.verbose.
* agent/command-ssh.c (ssh_handler_request_identities): Don't release
KEY_PUBLIC too early.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-20 15:51:47 +09:00
NIIBE Yutaka
ef3e5fd403 agent: Factor out handling scanning over ssh keys.
* agent/command-ssh.c (ssh_send_available_keys): New.
(ssh_handler_request_identities): Use ssh_send_available_keys.

--

GnuPG-bug-id: 5985
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-20 15:46:49 +09:00
NIIBE Yutaka
5986310866 agent: Show "Label:" field of private key when prompt the insertion.
* agent/findkey.c (prompt_for_card): Use "Label:" field.
(agent_key_from_file): Use KEYMETA.

--

GnuPG-bug-id: 5986
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-20 14:38:33 +09:00
NIIBE Yutaka
6a37240cf2 agent: Move confirmation handling into findkey.c.
* agent/agent.h (divert_tpm2_pksign, divert_tpm2_pkdecrypt): Fix API.
(divert_pksign, divert_pkdecrypt): Likewise.
* agent/divert-scd.c (ask_for_card): Remove.
(divert_pksign, divert_pkdecrypt): Don't call ask_for_card.
* agent/divert-tpm2.c (divert_tpm2_pksign, divert_tpm2_pkdecrypt):
Remove DESC_TEXT argument.
* agent/findkey.c (prompt_for_card): New (was: ask_for_card).
(agent_key_from_file): Call prompt_for_card when it's a key
on card.
* agent/pkdecrypt.c (agent_pkdecrypt): Follow the change of API.
* agent/pksign.c (agent_pksign_do): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-20 13:43:08 +09:00
NIIBE Yutaka
598b3fdfaa agent: Pop up dialog window for confirmation, when specified so.
* agent/findkey.c (agent_key_from_file): Support "Confirm:".

--

GnuPG-bug-id: 5099
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-19 14:37:01 +09:00
NIIBE Yutaka
09357d7eae agent: Supply GRIP=NULL for agent_key_from_file, for real use.
* agent/findkey.c (agent_key_from_file): Change the semantics of
GRIP.  Now, it's NULL for use by PKDECRYPT and PKSIGN/PKAUTH.
* agent/pkdecrypt.c (agent_pkdecrypt): Set GRIP=NULL.
* agent/pksign.c (agent_pksign_do): Likewise.

--

GnuPG-bug-id: 5099
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-19 14:04:33 +09:00
NIIBE Yutaka
a9754879d1 tests: Use module_tests for testing agent/.
* agent/Makefile.am (module_test): New.
* agent/all-tests.scm: Use module_tests instead of TESTS.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-26 11:13:54 +09:00
Werner Koch
ca5d5142c6
Deprecate the --supervised options.
* agent/gpg-agent.c (main): Mark --supervised as deprecated.
* dirmngr/dirmngr.c (main): Ditto.
--

The supervised thing causes more trouble than it pretends to solve.
2022-04-25 12:03:45 +02:00
NIIBE Yutaka
e529c54fe3 agent: Not writing password into file.
* agent/genkey.c (do_check_passphrase_pattern): Use stream to invoke
pattern check program.

--

GnuPG-bug-id: 5917
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-22 13:33:45 +09:00
Werner Koch
46d62d80a2
ssh: Returned faked response for the new session-bind extension.
* agent/command-ssh.c (SSH_OPT_CONSTRAIN_MAXSIGN): New.
(SSH_OPT_CONSTRAIN_EXTENSION): New.
(ssh_handler_add_identity): Ignore them.
(ssh_handler_extension): Take success for session-bind.
--

OpenSSH 8.9 does not gracefully allow communication with older agent
implementations.  Until this new OpenSSH feature has been settled we
return a faked response.

Code has not yet been tested.

GnuPG-bug-id: 5931
2022-04-14 12:30:55 +02:00
Jakub Jelen
c4436ebfa5 agent: Ignore MD5 Fingerprints for ssh keys
--
* agent/command-ssh.c (add_control_entry): Ignore failure of the MD5
  digest

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-14 11:47:04 +09:00
NIIBE Yutaka
9000081964 agent: Fix for possible support of Cygwin OpenSSH.
* agent/command-ssh.c (start_command_handler_ssh): Use es_sysopen.

--

With new (not-yet-released) libgpg-error, gpg-agent should be able to
handle connection from Cygwin version of OpenSSH.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-07 16:39:40 +09:00
NIIBE Yutaka
48ee11722d agent:w32: Fix for use of socket.
* agent/command-ssh.c (get_client_info): Use type gnupg_fd_t for
socket, until call of socket API.
(start_command_handler_ssh): Don't convert here.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-04 16:39:27 +09:00
NIIBE Yutaka
f0a1c79f60 agent: KEYTOCARD prefers to specified time.
* agent/command.c (cmd_keytocard): Timestamp at "Created:" field is
only used when time is not specified.

--

Fixes-commit: c795be79c14fac01b984bdc2e2041d2141f27612
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-28 09:08:08 +09:00
NIIBE Yutaka
c795be79c1 agent: Use "Created:" field for creation time.
* agent/agent.h (agent_key_from_file): Change the declaration.
* agent/findkey.c (agent_key_from_file): Return timestamp.
* agent/pkdecrypt.c (agent_pkdecrypt): Follow the change.
* agent/pksign.c (agent_pkdecrypt): Likewise.
* agent/command.c (cmd_passwd, cmd_export_key): Likewise.
(cmd_keytocard): Use timestamp in private key file in "Created:".

--

GnuPG-bug-id: 5538
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-25 14:10:46 +09:00
Werner Koch
f03c871c9e
agent: Print the correct daemon name in presence of a --foo-program.
* agent/call-daemon.c (wait_child_thread): Print the correct name.
--

This makes sure that the log print the actual used name if for example
--pinentry-program was used.
2022-02-27 12:26:39 +01:00
Werner Koch
7c8c606061
agent: New flag "qual" for the trustlist.txt.
* agent/trustlist.c (struct trustitem_s): Add flag "qual".
(read_one_trustfile): Rename arg "allow_include" to "systrust" and
change callers.  Parse new flag "qual".
(istrusted_internal): Print all flags.
* sm/call-agent.c (istrusted_status_cb): Detect the "qual" flag.
* sm/gpgsm.h (struct rootca_flags_s): Add flag "qualified".
* sm/certchain.c (do_validate_chain): Take care of the qualified flag.
2022-02-27 12:26:38 +01:00
Werner Koch
934a60de6b
ssh: Fix adding an ed25519 key with a zero length comment.
* agent/command-ssh.c (sexp_key_construct): Do not put an empty string
into an S-expression.
(stream_read_string): Do not not try to a read a zero length block.
--

Actually we could handles this different by not putting a comment tag
into the s-expression, however this requires more code and at other
places we already return "(none)" instead of an empty comment.

The second fix is more or less a cosmetic thing to get better error
messages in case the underlying read system call returns an error.

GnuPG-bug-id: 5794
2022-01-28 19:59:11 +01:00
James Bottomley via Gnupg-devel
af2fbd9b01
agent: always use hexgrip when storing key password
--
The current code uses the binary ctrl->keygrip, but all the passphrase
storage engines expect this to be a string, so convert the binary
keygrip to a hex one before passing it in as the keyid.  This fixes a
crash seen in some libsecret implementations where a non-ascii keyid
isn't well handled.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2022-01-24 22:22:05 +01:00
NIIBE Yutaka
c3db27fa85 agent: Fix comment for .po generation.
* agent/call-pinentry.c (setup_formatted_passphrase): Move comment to
inside.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-12-21 10:11:04 +09:00
Werner Koch
bd5c775878
agent: Print the non-option warning earlier.
* agent/gpg-agent.c (main): Move detection up.
--

The problem is that PARGS is re-used and when detecting a possible
incorrect use, the flag that "--" has already been seen has gone.
2021-11-14 18:06:33 +01:00
Werner Koch
dd708f60d5
agent,dirmngr: New option --steal-socket
* agent/gpg-agent.c (oStealSocket): New.
(opts): Add option.
(steal_socket): New file global var.
(main): Set option.
(create_server_socket): Implement option.

* dirmngr/dirmngr.c (oStealSocket): New.
(opts): Add option.
(steal_socket): New file global var.
(main): Set option.  Add comment to eventually implement it.
--

Note that --steal-socket has currently no effect on dirmngr because
dirmngr does this anway.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-11-13 14:56:40 +01:00
Jakub Jelen
ae3d0bb8e7 agent: Avoid uninitialized buffer.
* agent/sexp-secret.c (fixup_when_ecc_private_key): Initialize buffer to
avoid its use on unexpected inputs.

--

GnuPG-bug-id: 5393
Co-authored-by: NIIBE Yutaka <gniibe@fsij.org>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-11-12 15:36:02 +09:00
Jakub Jelen
50f32eb066 agent: Correctly free memory on error path.
* agent/protect.c (merge_lists): Free memory on error.

--

GnuPG-bug-id: 5393
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-11-12 15:35:56 +09:00
NIIBE Yutaka
3918fa1a94 agent,dirmngr,kbx,scd,tpm2d: Use gnupg_sleep.
* agent/findkey.c (unprotect): Use gnupg_sleep.
* agent/gpg-agent.c (handle_connections): Likewise.
* dirmngr/crlfetch.c (handle_connections): Likewise.
* kbx/keyboxd.c (handle_connections): Likewise.
* tpm2d/tpm3daemon.c (handle_connections): Likewise.
* scd/scdaemon.c (handle_connections): Likewise.
* scd/command.c (cmd_lock): Likewise.
* dirmngr/ldap-wrapper.c (ldap_reaper_thread): Likewise.
(ldap_wrapper_wait_connections): Use gnupg_usleep.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-10-05 14:05:56 +09:00
NIIBE Yutaka
eeb25df6f8 agent: Fix calibrate_get_time use of clock_gettime.
* agent/protect.c (USE_CLOCK_GETTIME): New macro.
(calibrate_get_time): Only use clock_gettime if USE_CLOCK_GETTIME.

--

GnuPG-bug-id: 5623
Fixes-commit: 380bce13d94ff03c96e39ac1d834f382c5c730a1
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-10-05 11:53:29 +09:00
Werner Koch
af3b190154
agent: Fix segv in GET_PASSPHRASE (regression)
* agent/command.c (cmd_get_passphrase): Do not deref PI.  PI is always
NULL.
--

Fixes-commit: b89b1f35c29ceaebe39b31444936aa66c9297f2c
GnuPG-bug-id: 5577
2021-09-07 08:57:44 +02:00
Werner Koch
661c2ae966
agent: Use the sysconfdir for a pattern file.
* agent/genkey.c (do_check_passphrase_pattern): Use make_filename.
2021-08-18 19:21:22 +02:00
Werner Koch
b89b1f35c2
agent: Ignore passphrase constraints for a generated passphrase.
* agent/agent.h (PINENTRY_STATUS_PASSWORD_GENERATED): New.
(MAX_GENPIN_TRIES): Remove.
* agent/call-pinentry.c (struct entry_parm_s):
(struct inq_cb_parm_s): Add genpinhash and genpinhas_valid.
(is_generated_pin): New.
(inq_cb): Suppress constraints checking for a generated passphrase.
No more need for several tries to generate the passphrase.
(do_getpin): Store a generated passphrase/pin in the status field.
(agent_askpin): Suppress constraints checking for a generated
passphrase.
(agent_get_passphrase): Ditto.
* agent/command.c (cmd_get_passphrase): Ditto.
--

A generated passphrase has enough entropy so that all kind of extra
checks would only reduce the actual available entropy.  We thus detect
if a passphrase has been generated (and not changed) and skip all
passphrase constraints checking.
2021-08-18 18:46:39 +02:00
Werner Koch
8ed7910347
agent: Improve the GENPIN callback.
* agent/call-pinentry.c (DEFAULT_GENPIN_BYTES): Replace by  ...
(DEFAULT_GENPIN_BITS): this and increase to 150.
(generate_pin): Make sure that we use at least 128 bits.
2021-08-18 11:24:53 +02:00
Werner Koch
9fb6466602
agent: Fix for zero length help string in pinentry hints.
* agent/call-pinentry.c: Remove unused assert.h.
(inq_cb): Fix use use of assuan_end_confidential in case of nested
use.
(do_getpin): Ditto.
(setup_formatted_passphrase): Escape the help string.
(setup_enforced_constraints): Ignore empty help strings.
--

(Ported from 2.2)
2021-08-18 10:36:42 +02:00
Werner Koch
1305baf099
agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pient
* agent/call-pinentry.c (atfork_core): Pass DISPLAY.
2021-08-13 14:08:53 +02:00
Werner Koch
7c45a69eb9
agent: New option --check-sym-passphrase-pattern.
* agent/gpg-agent.c (oCheckSymPassphrasePattern): New.
(opts): Add --check-sym-passphrase-pattern.
(parse_rereadable_options): Set option.
(main): Return option info.
* tools/gpgconf-comp.c: Add new option.
* agent/agent.h (opt): Add var check_sym_passphrase_pattern.
(struct pin_entry_info_s): Add var constraints_flags.
(CHECK_CONSTRAINTS_NOT_EMPTY): New to replace a hardwired 1.
(CHECK_CONSTRAINTS_NEW_SYMKEY): New.
* agent/genkey.c (check_passphrase_pattern): Rename to ...
(do_check_passphrase_pattern): this to make code reading
easier. Handle the --check-sym-passphrase-pattern option.
(check_passphrase_constraints): Replace arg no_empty by a generic
flags arg.  Also handle --check-sym-passphrase-pattern here.
* agent/command.c (cmd_get_passphrase): In --newsymkey mode pass
CHECK_CONSTRAINTS_NEW_SYMKEY flag.
* agent/call-pinentry.c (struct entry_parm_s): Add constraints_flags.
(struct inq_cb_parm_s): New.
(inq_cb): Use new struct for parameter passing.  Pass flags to teh
constraints checking.
(do_getpin): Pass constraints flag down.
(agent_askpin): Take constrainst flag from the supplied pinentry
struct.
--

Requirements for a passphrase to protect a private key and for a
passphrase used for symmetric encryption are different.  Thus a
the use of a different pattern file will be useful.  Note that a
pattern file can be used to replace the other passphrase constraints
options and thus we don't need to duplicate them for symmetric
encryption.

GnuPG-bug-id: 5517
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-08-13 13:42:31 +02:00
Ingo Klöcker
99601778f4 agent: Make --pinentry-formatted-passphrase a simple flag
* agent/agent.h (opt): Change type of pinentry_formatted_passphrase
to int (as for other flags).
* agent/call-pinentry.c (setup_formatted_passphrase): Remove no longer
needed translated strings. Write option without value to Assuan
connection.
* agent/gpg-agent.c (opts): Use ARGPARSE_s_n for
oPinentryFormattedPassphrase.
(parse_rereadable_options): Set option to 1.
--

GnuPG-bug-id: 5553, 5517
2021-08-12 10:50:33 +02:00
Ingo Klöcker
5976d293ef
agent: Add checkpin inquiry for pinentry
* agent/call-pinentry.c (inq_cb): Handle checkpin inquiry.
(setup_enforced_constraints): New.
(agent_get_passphrase): Call setup_enforced_constraints if new
passphrase is requested.
--

This implements the gpg-agent side for checking whether a new passphrase
entered by the user in pinentry satisfies the passphrase constraints.
Performing a checkpin inquiry is only allowed if the passphrase
constraints are enforced. setup_enforced_constraints sends necessary
options and translated strings to pinentry.

GnuPG-bug-id: 5517, 5532
2021-08-10 12:05:57 +02:00
Ingo Klöcker
bf20a80f68
agent: New option --pinentry-formatted-passphrase
* agent/agent.h (opt): Add field pinentry_formatted_passphrase.
* agent/call-pinentry.c (setup_formatted_passphrase): New.
(agent_get_passphrase): Pass option to pinentry.
* agent/gpg-agent.c (oPinentryFormattedPassphrase): New.
(opts): Add option.
(parse_rereadable_options): Set option.
--

GnuPG-bug-id: 5517
2021-08-10 12:05:53 +02:00
Ingo Klöcker
b2a6e5b516 agent: Add translatable text for Caps Lock hint
* agent/call-pinentry.c (start_pinentry): Add new default text.
--

GnuPG-bug-id: 4950
2021-07-21 12:57:44 +02:00
Werner Koch
a6efde307f
agent: Fix regression in agent_get_shadow_info_type.
* agent/protect.c (agent_get_shadow_info_type): Return the correct
value.
--

Fixes-commit: 33a2362e566c0e0d7011abf2e5fa5704d7cb4206
GnuPG-bug-id: 5393
2021-06-25 20:23:01 +02:00
NIIBE Yutaka
7a80004d54 agent: Fix importing protected secret key.
* agent/cvt-openpgp.c (do_unprotect): Only modify SKEY when it is
correctly decrypted.

--

GnuPG-bug-id: 5122
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-06-09 10:57:52 +09:00
NIIBE Yutaka
21ef425e22 agent: Appropriate error code for importing key with no passwd.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Return
GPG_ERR_BAD_SECKEY.

--

When non-protected case, error at gcry_pk_testkey results
GPG_ERR_BAD_PASSPHRASE.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-06-04 13:44:05 +09:00
NIIBE Yutaka
36f50b259c agent: Fix calling handle_pincache_put.
* agent/call-scd.c (padding_info_cb): Fix the argument.

--

GnuPG-bug-id: 5436
Reported-by: Bogdan Luca
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-05-28 13:43:59 +09:00
Jakub Jelen
33a2362e56
agent: Fix memory leaks
* agent/call-daemon.c (daemon_start): free wctp
* agent/call-scd.c (agent_card_pksign): return error instead of noop
(card_keyinfo_cb): free keyinfo.  Restructure to avoid a goto backwards.
* agent/protect.c (agent_get_shadow_info_type): allocate only as a last
action.  Catch xtrymalloc failure.
(agent_is_tpm2_key): Free buf.

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Additional changes are:
- Restructure to avoid a goto backwards.
- Catch xtrymalloc failure.

GnuPG-bug-id: 5393
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-20 14:28:49 +02:00
Jakub Jelen
a95ddffdcd
agent: Avoid memory leaks in error code paths.
* agent/command.c (cmd_genkey): Use goto instead of return.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Ditto.
* agent/genkey.c (agent_ask_new_passphrase): Fix typo to free correct
pointer
(agent_genkey): Release memory
* agent/gpg-agent.c (check_own_socket): Free sockname
* agent/protect-tool.c (read_key): Free buf.
(agent_askpin): Free passphrase

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Changed original patch to not add a free before a GPG_ERR_BUG.

Signed-off-by: Werner Koch <wk@gnupg.org>
GnuPG-bug-id: 5393
2021-05-20 13:38:07 +02:00
Werner Koch
40da61b89b
gpg: Improve speed of secret key listing.
* agent/command.c (cmd_keyinfo): Factor some code out to ...
(get_keyinfo_on_cards): ... new.
(cmd_havekey): Add --list mode.
* g10/gpg.h (struct server_control_s): Add new caching vars.
* g10/gpg.c (gpg_deinit_default_ctrl): Release cache.
* g10/call-agent.c (agent_probe_any_secret_key): Init and try to use
the keygrip cache.
(agent_genkey): Clear the cache.
(agent_import_key): Ditto.

* g10/keylist.c (list_all, list_one): Pass ctrl to
agent_probe_any_secret_key.
* g10/getkey.c (lookup): Ditto.
--

With this change we first ask the agent for a list of all secret
keygrips and use that list instead of asking the agent for each public
key.  Speeds up my "gpg -K" with a lot of secret and public keys by
more than 25%.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-19 02:42:35 +02:00
Werner Koch
310b064f52
agent: Use SHA-256 for SSH fingerprint by default
* agent/gpg-agent.c (parse_rereadable_options): Change default ssh
fingerprint digest.
(main): Ditto.
--

Co-authored-by: Jakub Jelen <jjelen@redhat.com>
GnuPG-bug-id: 5434
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-12 08:55:51 +02:00
Werner Koch
965bb0693c
A few minor code cleanups and typo fixes.
* agent/command-ssh.c (ssh_handler_request_identities): Remove double
check of ERR.
* g10/getkey.c (get_pubkey_byname): Remove double use of break.
* g10/pkglue.c (pk_encrypt): Handle possible NULL-ptr access due to
failed malloc.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-11 09:06:34 +02:00
Werner Koch
0b875aa11a
agent,w32: Silence the get_peercred failed diagnostic
--
2021-04-23 09:52:57 +02:00
Werner Koch
50293ec2eb
gpg: Allow decryption w/o public key but with correct card inserted.
* agent/command.c (cmd_readkey): Add option --no-data and special
handling for $SIGNKEYID and $AUTHKEYID.
* g10/call-agent.c (agent_scd_getattr): Create shadow keys for KEY-FPR
output.
* g10/skclist.c (enum_secret_keys): Automagically get a missing public
key for the current card.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-23 08:50:39 +02:00
Werner Koch
84c2d97cca
agent: Require verbose level 2 for handler started/terminated notices.
* agent/gpg-agent.c (do_start_connection_thread): Silence diags even
more.
2021-04-23 08:50:39 +02:00
Werner Koch
8f2c9cb735
agent: Silence error messages for READKEY --card
* agent/command.c (cmd_readkey): Test for shadow key before creating
it.
2021-04-21 21:00:28 +02:00
Werner Koch
45918813f0
Support log-file option from common.conf for all daemon.
* agent/gpg-agent.c: Include comopt.h.
(main): Read log-file option from common.conf.
(reread_configuration): Ditto.
* dirmngr/dirmngr.c: Include comopt.h.
(main): Read log-file option from common.conf.
(reread_configuration): Ditto.
* kbx/keyboxd.c: Include comopt.h.
(main): Read log-file option from common.conf.
(reread_configuration): Ditto.
* scd/scdaemon.c: Include comopt.h.
(main): Read log-file option from common.conf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-20 10:50:10 +02:00
Jakub Jelen
cd66b2eb0d agent,kbx: Add LIBASSUAN_CLFAGS.
* agent/Makefile.am (gpg_preset_passphrase_CFLAGS, t_protect_CFLAGS):
Add LIBASSUAN_CFLAGS.
* kbx/Makefile.am (libkeybox_a_CFLAGS, libkeybox509_a_CFLAGS):
Likewise.

--

GnuPG-bug-id: 5389
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-04-13 13:54:14 +09:00
Werner Koch
2d2391dfc2
agent: Skip unknown unknown ssh curves seen on cards.
* agent/command-ssh.c (ssh_handler_request_identities): Skip unknown
curves.
--

For example when using my standard ed25519 token and testing cards
with only Brainpool support, the ssh-agent failed due to the unknown
curves seen on the card.  This patches fixes this by ignoring keys
with unknown curves.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-29 15:39:32 +02:00
Werner Koch
6de1ec3ba5
agent: Add debug output for failed RSA signature verification
* agent/pksign.c (agent_pksign_do): Support ECC and DSA verification
and print some debug info in the error case.
--

Note that the addition of do_encode_dsa has no immediate effect
because we use the code only for RSA.  However, for debugging it can
be useful to change the code to check also other created signatures.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-26 14:30:58 +01:00
Werner Koch
26215cb211
agent: Simplify a function.
* agent/findkey.c (agent_public_key_from_file): Use a membuf instead
of handcounting space.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-18 09:53:09 +01:00
Werner Koch
1523b5f76f
gpg: New option --no-auto-trust-new-key.
* g10/gpg.c (oNoAutoTrustNewKey): New.
(opts): Add --no-auto-trust-new-key.
(main): Set it.
* g10/options.h (opt): Add flags.no_auto_trust_new_key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-15 10:47:19 +01:00
Werner Koch
43bb5250a6
agent: Fix build without TPM
--
2021-03-10 15:52:20 +01:00
James Bottomley
92b601fcee
gpg: Add new command keytotpm to convert a private key to TPM format
* agent/command.c (cmd_keytotpm): New.
(agent/command.c): Register new command KEYTOTPM.
* g10/call-agent.c (agent_keytotpm): New.
* g10/keyedit.c (cmdKEYTOTPM): New command "keytotpm".
(keyedit_menu): Implement.

--

The plumbing is done in two parts: the agent is modified to understand
a KEYTOTPM assuan command taking the key grip as an argument.  This
simply obtains the key s expression and calls the existing writeky
diversion to the tpm2daemon.  The daemon reponds with the TPM
conversion of the key and that key is then stored in the keyfile as a
shadowed-private-key with "tpm2-v1" type.

To effect the conversion, all the user does from gpg --edit-key is
select which private key they wish to move (or move the primary if no
key is selected) and type keytotpm.  The conversion to TPM form is
instantaneous and once converted, the actual key cannot be recovered,
meaning that if you want your gpg key to move to a new laptop you must
keep an unconverted backup copy in a safe location.

When you do a list command, all TPM keys show up as

     card-no: TPM-Protected

The key is stored encrypted to the TPM2 storage seed and since each
TPM has a unique seed, only the single TPM contained in your laptop
can now read the key.  This means you cannot simply copy the shadowed
key file over to a new laptop, you must copy over the backup copy and
then convert it to TPM form on the new laptop.

To decomission your laptop, execute a tssclear command which
regenerates the storage seed and effectively shreds all keys.  Note
when you have done this *every* TPM2 shadowed private key becomes
unreadable by any TPM and all are effectively destroyed.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

Very minor cosmetic changes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-10 13:34:18 +01:00
James Bottomley
1f995b9ba4
agent: Add new shadow key type and functions to call tpm2daemon
* agent/call-tpm2d.c: New.
* divert-tpm2.c: New.
* agent/Makefile.am: Add new files.
* agent/agent.h (DAEMON_TPM2D): New.  Add stub fucntions.
* agent/call-daemon.c (GNUPG_MODULE_NAME_TPM2DAEMON): New.
* agent/command.c (do_one_keyinfo): Handle tpmv2.
* agent/gpg-agent.c (oTpm2daemonProgram): New.
(opts): New option --tpm2daemon-program.
(parse_rereadable_options): Handle option.
* agent/pkdecrypt.c (agent_pkdecrypt): Divert to tpm2d.
(agent_pksign_do): Ditto.
---

A new shadow key type: "tpm2-v1" is introduced signalling that the
shadowed key is handled by the tpm2daemon.  A function to identify
this type is introduced and diversions to the tpm2daemon functions are
conditioned on this function for pkign and pkdecrypt where the same
diversions to scd are currently done.  The (info) field of the
shadowed key stores the actual TPM key.  The TPM key is encrypted so
only the physical TPM it was created on can read it (so no special
protection is required for the info filed), but if the (info) field
becomes corrupt or damaged, the key will be lost (unlike the token
case, where the key is actually moved inside the token).

Note, this commit adds handling for existing TPM format shadow keys,
but there is still no way to create them.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

Additional changes:
* Add ChangeLog entries.
* Some minor indentation fixes.
* agent/Makefile.am (gpg_agent_SOURCES): Change to make distcheck
  work.
* agent/agent.h [!HAVE_LIBTSS]: Do not return -EINVAL but an
  gpg_error_t.  Mark args as unused.
* agent/protect.c (agent_is_tpm2_key): Free BUF.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-10 13:23:05 +01:00
Werner Koch
33c492dcb9
w32: Cleanup use of pid_t in call-daemon
* agent/call-daemon.c (struct wait_child_thread_parm_s) [W32]: Do not
use HANDLE for pid_t.
(wait_child_thread): Ditto.
--

Mingw has its own definition of pid_t as does libassuan.  We should use
this instead of using HANDLE.  Things are a bit complicated in
Windows, because Windows also has a pid_t but that is mostly useless;
in particular because you can't wait on a real pid but need a handle.
2021-03-08 21:53:29 +01:00
Werner Koch
0be4861762
po: Change translatability of a fallback string.
* agent/call-pinentry.c (setup_genpin): Do not make the fallback
translatable.
2021-02-18 14:43:43 +01:00
NIIBE Yutaka
42e637a1c3 agent: Comment spell fix.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-02-12 16:07:19 +09:00
Werner Koch
224e26cf7b
agent: Support ssh-agent extensions for environment variables.
* common/session-env.c (session_env_list_stdenvnames): Extend to allow
return all names as one string.
* agent/command-ssh.c (SSH_REQUEST_EXTENSION): New.
(SSH_RESPONSE_EXTENSION_FAILURE): New.
(request_specs): Add handler for the extension command.
(ssh_handler_extension): New.
--

The extension mechanism is specified in
https://tools.ietf.org/html/draft-miller-ssh-agent-04

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-01-25 10:35:06 +01:00
Werner Koch
9500432b7a
Require Libgcrypt 1.9
* configure.ac: Require at least Libgcrypt 1.9.0.  Remove all
GCRYPT_VERSION_NUMBER dependent code.
--

Only Libgcrypt 1.9 implements EAX which is a mandatory algorithm in
RFC4880bis.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-01-19 10:33:03 +01:00
NIIBE Yutaka
eda3c688fc agent: Allow decryption with card but no file.
* agent/pkdecrypt.c (agent_pkdecrypt): Support decryption with card
but without a stub key.

--

GnuPG-bug-id: 5170
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-08 15:15:45 +09:00
NIIBE Yutaka
9beab36dfa agent: Clean up the API of agent_pkdecrypt.
* agent/agent.h (agent_pkdecrypt): Use gpg_error_t type.
* agent/pkdecrypt.c (agent_pkdecrypt): Use gpg_error_t type.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-08 15:06:33 +09:00
NIIBE Yutaka
cbb0e069f5 agent: Allow pksign operation with card but no file.
* agent/pksign.c (agent_pksign_do): Add support with no file.

--

GnuPG-bug-id: 5166
Signed-off-by: Ingo Klöcker <dev@ingo-kloecker.de>
2020-12-08 13:20:29 +09:00
Werner Koch
7113263a00
agent: Fix YK s/n and prettify the request card prompt for Yubikeys
* agent/divert-scd.c (ask_for_card): Detect and re-format the Yubikey
prompt.
* scd/app.c (app_munge_serialno): Fix Yubikey s/n munging.
(card_get_dispserialno): Ditto.
* scd/app-openpgp.c (get_disp_serialno): Remove.
(get_prompt_info): Use app_get_dispserialno.--
--
2020-11-26 15:56:37 +01:00
Gavin L. Rebeiro
572bcacc28
doc: Fix typos
--
GnuPG-bug-id: 5071

Also fixed one in keyformat.txt [wk].
2020-11-23 12:11:15 +01:00
NIIBE Yutaka
cc8b99d18e Fix the previous comment changes help doc string.
* scd/command.c (hlp_learn): Fix the doc string.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-20 17:17:30 +09:00
NIIBE Yutaka
0a265d6498 gpg,agent: Fix comments for KEYPAIRINFO status report.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-20 09:56:52 +09:00
NIIBE Yutaka
8ddadbbdbb agent: Fix creating shadow key on card key generation.
* agent/command.c (cmd_readkey): Fix handling --card option.

--

Fixes-commit: 9c719c9c1ff34cc06a0fef2bfe29cfd7182753eb
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-19 15:44:59 +09:00
Werner Koch
d574213ce2
w32: Replace some fopen by es_fopen.
* agent/protect-tool.c (read_file): Replace fopen by es_fopen.
* dirmngr/dirmngr-client.c (read_pem_certificate):  Ditto.
(read_certificate): Ditto.
* g10/keydb.c (rt_from_file): Ditto.
* kbx/kbxutil.c (read_file): Ditto.
* g10/plaintext.c (get_output_file) [__riscos__]: Remove code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-11 15:23:22 +01:00
NIIBE Yutaka
ba4f684167 agent: Fix SOS handling with libgcrypt 1.8.
* agent/cvt-openpgp.c (apply_protection): Handle opaque MPI.

--

GnuPG-bug-id: 5116
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-09 11:04:22 +09:00
Werner Koch
c896112fa3
agent: Minor tweaks to the new genpin inquiry.
* agent/call-pinentry.c (generate_pin): Use STRING random which is
sufficient for a passphrase.
(inq_cb): s/rc/err/.  Do not print two errors in case generate_pin
fails.  Lowercase strings as per GNU standards.
(setup_genpin): Fix translation test.
(setup_qualitybar): Ditto.
--

Our policy is to use VERY_STRONG for a long term public key but not
for symmetric keys.

The GNU standards to demand that strings start with a lowercase
because that seems to be needed if it follows a prefix of for example
"gpg:".  I don't actually like this becuase we need different strings
in interactive and standard mode but the majory of strings in GnuPGare
written this way.  If a translation is necessary it can be done with
an en_GB or so locale.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-06 15:43:08 +01:00
Andre Heinecke
557ddbde32
agent: Add genpin inquiry for pinentry
* agent/call-pinentry.c (agent_get_passphrase): Setup genpin.
(do_getpin): Update with new name for inquire callback.
(inq_quality): Rename to inq_cb and add genpin support.
(inq_cb): Renamed form inq_quality.
(generate_pin): New helper to generate a pin.
(agent_askpin): Fix some typos.
(setup_genpin): Provide new strings for pinentry.

--
This implements the gpg-agent side for generating a pin
especially for symmetric encryption using libgcrypt randomness
and checking it against the gpg-agent constraints.
2020-11-06 14:22:28 +01:00
Werner Koch
7e22e08e2a
common: New functions gnupg_opendir et al.
* common/sysutils.h (struct gnupg_dirent_s): New.
* common/sysutils.c: Include dirent.h.
(struct gnupg_dir_s): New.
(gnupg_opendir, gnupg_readdir, gnupg_closedir): New.  Change all
callers of opendir, readdir, and closedir to use these functions.
--

GnuPG-bug-id: 5098
2020-10-21 17:00:32 +02:00
Werner Koch
18e5dd7b03
Replace all calls to stat by gnupg_stat.
* common/sysutils.c (gnupg_stat): New.
* common/sysutils.h: Include sys/stat.h.
--

Yet another wrapper for Unicode support on Windows.

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-20 16:38:06 +02:00
Werner Koch
390497ea11
Replace most of the remaining stdio calls by estream calls.
--

We need to use es_fopen on Windows to cope with non-ascii file names.
This is quite a large but fortunately straightforward change.  At a
very few places we keep using stdio (for example due to the use of
popen).

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-20 12:15:56 +02:00
Werner Koch
c94ee1386e
Replace all calls to access by gnupg_access
* common/sysutils.c (gnupg_access): New.  Replace all calls to access
by this wrapper.
* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
directory name.
(standard_homedir): Adjust for change.
(w32_commondir, gnupg_cachedir): Ditto.
--

Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows.

This is required to correctly handle non-ascii filenames on Windows.

GnuPG-bug-id: 5098
2020-10-20 12:15:55 +02:00
NIIBE Yutaka
33cb1655f1 agent: Fix SEGV when debuging for cache enabled.
* agent/cache.c (agent_get_cache): Avoid dereferencing NULL.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-09 13:57:29 +09:00
Werner Koch
26da47ae53
scd: Extend KEYPAIRINFO with an algorithm string.
* scd/app-openpgp.c (send_keypair_info): Emit the algo string as part
of a KEYPAIRINFO.
* scd/command.c (do_readkey): Ditto.
* scd/app-piv.c (do_readkey): Ditto.
* scd/app-nks.c (do_learn_status_core): Ditto.
(struct fid_cache_s): Add field algostr.
(flush_fid_cache): Release it.
(keygripstr_from_pk_file): Fill it and add it to the cache.  Use a
single exit label.
* scd/app-help.c (app_help_get_keygrip_string_pk): Add new arg
r_algostr.  Change all callers.
--

This is helpful so that callers do not need to parse the key for this
basic information.  Use "scd readkey --info-only" to return the info
status line instead of the key material; using just --info returns the
info in addition to the key material.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-21 14:47:53 +02:00
NIIBE Yutaka
8a84a71f3a agent: Fix regression for access through the extra secket.
* agent/command.c (cmd_keyinfo): Allow KEYINFO command for one key.
(cmd_scd): Allow SCD command to invoke GETINFO, GETATTR, and
KEYINFO --list=encr sub commands.

--

GnuPG-bug-id: 5063
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-18 10:29:54 +09:00
NIIBE Yutaka
dfdcf14738 common,agent,dirmngr,g10,tools: Fix split_fields API.
* common/stringhelp.h (split_fields): Use const * for the strings in
the ARRAY.
(split_fields_colon): Likewise.
* common/stringhelp.c (split_fields, split_fields_colon): Fix
the implementation.
* agent/call-scd.c, agent/command.c: Follow the change.
* common/t-stringhelp.c, dirmngr/loadswdb.c: Likewise.
* g10/call-agent.c, tools/card-call-scd.c: Likewise.
* tools/card-yubikey.c, tools/gpg-card.c: Likewise.
* tools/gpg-card.h, tools/gpg-wks-client.c: Likewise.
* tools/gpgconf-comp.c, tools/gpgconf.c: Likewise.
* tools/wks-util.c: Likewise.

--

The strings in the ARRAY don't need to be released by caller, as those
are references.  It's easier to follow the code when it's explicitly
const *.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-18 10:20:23 +09:00
Werner Koch
8ed85ef3de
agent: Keep some permissions of private-keys-v1.d.
* common/sysutils.c (modestr_to_mode): Re-implement.
(gnupg_chmod): Support keeping of permissions.
--

GnuPG-bug-id: 2312
2020-09-09 20:34:59 +02:00
Werner Koch
b17846e4fd
agent: Allow using --gogconf-list even if HOME does not exist.
* agent/gpg-agent.c (main): Do not create directories in gpgconf mode.
--

GnuPG-bug-id: 4866
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-25 10:56:06 +02:00
Werner Koch
1e61280ffc
doc: Typo fixes
--
2020-08-25 10:39:44 +02:00
Werner Koch
32aac55875
build: New configure option --disable-tests
* configure.ac: Add option --disable-tests.  Print warnings in the
summary.
(DISABLE_TESTS): New am_conditional.
--
GnuPG-bug-id: 4960
2020-08-20 10:54:17 +02:00
Werner Koch
b8c4dd902d
gpg: Fix regression for non-default --passphrase-repeat option.
* agent/command.c (cmd_get_passphrase): Take care of --repeat with
--newsymkey.
--

GnuPG-bug-id: 4997
2020-08-20 09:34:41 +02:00
Werner Koch
0da923a124
agent: Allow to pass a timestamp to genkey and import.
* agent/command.c (cmd_genkey): Add option --timestamp.
(cmd_import_key): Ditto.
* agent/genkey.c (store_key): Add arg timestamp and change callers.
(agent_genkey): Ditto.
* agent/findkey.c (write_extended_private_key): Add args timestamp and
new key to write a Created line.
(agent_write_private_key): Add arg timestamp.
(agent_write_shadow_key): Ditto.
 agent/protect-tool.c (agent_write_private_key): Ditto as dummy arg.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-17 15:05:49 +02:00
Werner Koch
d516ae685e
doc: Add a list of RFCS to DETAIL.
--
2020-08-13 11:00:59 +02:00
Werner Koch
bb096905b9
agent: Add option --pss to pksign to be used by smartcards.
* agent/command.c (cmd_sethash): Add option --pss and allow for
--hash=null.
* agent/agent.h (struct server_control_s): Add digest.is_pss and
zero where needed.
* agent/pksign.c (agent_pksign_do): Allow for PSS with cards.
* scd/command.c (cmd_pksign): Add for --hash=none.
--

This is not a full implementaion of PSS but allows scdaemon card
drivers to detect already PSS formatted data.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-10 10:22:42 +02:00
NIIBE Yutaka
da3a4c54a8 agent: Fix coercion for pinentry_pid handling.
* agent/call-pinentry.c (start_pinentry): Don't use pid_t.

--

When pid_t is 64-bit integer and unsigned long is 32-bit,
it never matches, because left hand side does not fill
upper 32-bit.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-31 17:20:31 +09:00
Werner Koch
0a6af6dc12
agent: Fix regression with --newsymkey in loopback mode.
* agent/command.c (cmd_get_passphrase): Never repeat in loopback mode;
same as with !OPT_NEWSYMKEY.
--

In loopback mode there shall not be any repeat because the caller is
expected to do any confirmation before passing a new passphrase to
gpg.

Fixes-commit: eace4bbe1ded8b01f9ad52ebc1871f2fd13c3a08
GnuPG-bug-id: 4991
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-14 11:04:23 +02:00
Werner Koch
999d25d47d
Do not use the pinentry's qualitybar
* agent/genkey.c (agent_ask_new_passphrase): No qualitybar.
* g10/call-agent.c (agent_get_passphrase): Ditto.
* sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto.
--

The concept of a passphrase quality indicator is anyway questionable
because user are smart enough to trick them out and they also tend to
limit the actually used entropy.

Except for the red/green switching (to show whether constraints are
fulfilled) our qualitybar is pretty bad and thus worse than none.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-08 14:54:10 +02:00
Werner Koch
eace4bbe1d
agent: New option --newsymkey for GET_PASSPHRASE
* agent/call-pinentry.c (agent_get_passphrase): Add arg pininfo.
* agent/genkey.c (check_passphrase_constraints): New arg no_empty.
* agent/command.c (reenter_passphrase_cmp_cb): New.
(cmd_get_passphrase): Add option --newsymkey.
--

This new option allows to present a passphrase with the usual repeat
box as it is used by gpg-agent's internal key generation.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-08 14:20:01 +02:00
James Bottomley
f541e1d95a
agent: separate out daemon handling infrastructure for reuse
* agent/call-scd.c: Factor re-usable code out to ...
* agent/call-daemon.c: new.  Store infos in an array to allow for
other backend daemons.
* agent/Makefile.am (gpg_agent_SOURCES): Add new file.
* agent/agent.h: Include assuan.h.
(enum daemon_type): New.
(opt): Replace scdaemon_program by daemon_program array.  Replace
scd_local by a array d_local.  Change users accordingly.
--

The model I'm using for a TPM daemon is the current scdaemon.  That
includes start and stop handlers plus liveness checks and an assuan
socket generator.  To avoid massive code duplication (and save me a
lot of effort), I've elected to strip this code out of call-scd.c into
a generic framework which can then be reused as is by the TPM handling
daemon.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Co-authored-by: Werner Koch <wk@gnupg.org>

Modified original patch for 2.2 heavily to fit the new framework used
in master (gnupg 2.3)

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-06-24 12:44:02 +02:00
James Bottomley via Gnupg-devel
0e3b2955ae
agent: expose shadow key type
--
For TPM support it is necessary to indroduce another type of shadow
key, so allow other agent functions to extract the type so they can
make the right decisions based on it.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Minor editorial changes by wk
2020-06-24 10:11:47 +02:00
NIIBE Yutaka
a763bb2580 gpg,agent: Support Ed448 signing.
* agent/pksign.c (do_encode_eddsa): First argument is NBITs,
so that it can support Ed448, as well as Ed25519.
(agent_pksign_do): Follow the change.
* agent/sexp-secret.c (fixup_when_ecc_private_key): No fix-up needed
for Ed448, it's only for classic curves.
* common/openpgp-oid.c (oidtable): Add Ed448.
* common/sexputil.c (get_pk_algo_from_key): Ed448 is only for EdDSA.
* g10/export.c (match_curve_skey_pk): Ed448 is for EdDSA.
* g10/keygen.c (gen_ecc): Support Ed448 with the name of "ed448".
(ask_algo, parse_key_parameter_part): Handle "ed448".
* g10/pkglue.c (pk_verify): Support Ed448.
(pk_check_secret_key): Support Ed448.
* g10/sign.c (hash_for): Defaults to SHA512 for Ed448.
(make_keysig_packet): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-24 10:05:03 +09:00
NIIBE Yutaka
4bdade5b0b agent: Use get_pk_algo_from_key.
* agent/findkey.c (key_parms_from_sexp, is_eddsa): Remove.
(agent_pk_get_algo): Remove.
* agent/pksign.c (agent_pksign_do): Use get_pk_algo_from_key.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-19 14:44:42 +09:00