1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00
Commit Graph

938 Commits

Author SHA1 Message Date
NIIBE Yutaka
7158a5696d agent: Stop scdaemon after reload when disable_scdaemon.
* agent/call-scd.c (agent_card_killscd): New.
* agent/gpg-agent.c (agent_sighup_action): Call agent_card_killscd.

--

GnuPG-bug-id: 4326
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-23 10:15:18 +09:00
NIIBE Yutaka
479f7bf31c agent: For SSH key, don't put NUL-byte at the end.
* agent/command-ssh.c (ssh_key_to_protected_buffer): Update
the length by the second call of gcry_sexp_sprint.

--

GnuPG-bug-id: 4502
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-21 15:50:28 +09:00
NIIBE Yutaka
dc35b25195 agent,scd: Scan and load all public keys for availability.
* agent/divert-scd.c (ask_for_card): Scan by SERIALNO command.
* scd/app-openpgp.c (do_with_keygrip): Make sure to load pubkey.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-16 10:09:41 +09:00
NIIBE Yutaka
1091f22511 agent: Support scdaemon operation using KEYGRIP.
* agent/agent.h (struct card_key_info_s): New.
(divert_pksign, divert_pkdecrypt): New API.
* agent/call-scd.c (card_keyinfo_cb): New.
(agent_card_free_keyinfo, agent_card_keyinfo): New.
* agent/divert-scd.c (ask_for_card): Having GRIP argument,
ask scdaemon with agent_card_keyinfo.
(divert_pksign, divert_pkdecrypt): Ditto.
* agent/pkdecrypt.c (agent_pkdecrypt): Supply GRIP.
* agent/pksign.c (agent_pksign_do): Ditto.

--

We are going to relax the requirment for SERIALNO of card.  It's OK,
when a card doesn't have recorded SERIALNO.  If a card has a key
with GRIP, it can be used.

GnuPG-bug-id: 2291, 4301
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-15 17:13:32 +09:00
Werner Koch
54e96c6fd2
agent: Replace most assert by log_assert.
--
2019-05-14 10:31:46 +02:00
Daniel Kahn Gillmor
5651b2c460
agent: correct length for uri and comment on 64-bit big-endian platforms
* agent/findkey.c (agent_public_key_from_file): pass size_t as int to
gcry_sexp_build_array's %b.

--

This is only a problem on big-endian systems where size_t is not the
same size as an int.  It was causing failures on debian's s390x,
powerpc64, and sparc64 platforms.

There may well be other failures with %b on those platforms in the
codebase, and it probably needs an audit.

Once you have a key in private-keys-v1.d/$KEYGRIP.key with a comment
or a uri of reasonable length associated with it, this fix can be
tested with:

   gpg-agent --server <<<"READKEY $KEYGRIP"

On the failing platforms, the printed comment will be of length 0.

Gnupg-bug-id: 4501
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-05-14 10:23:54 +02:00
Werner Koch
7098e4ce19
dirmngr: Add a CSRF expection for pm.me
--

Also comment typo fix.
2019-05-09 14:50:41 +02:00
Werner Koch
69e0b080f0
agent: If a Label is make sure that label is part of the prompt.
* agent/findkey.c (has_comment_expando): New.
(agent_key_from_file): Modify DESC_TEXT.
--

A Label entry in the keyfile is always set manually and thus we can
assume that the user wants to have this label in the prompt.  In case
the prompt template does not demand a comment this patch appends a
comment to thhe template.  This is a common case for on-disk keys used
by gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-07 11:50:38 +02:00
Werner Koch
5388537806
agent: Allow the use of "Label:" in a key file.
* agent/findkey.c (linefeed_to_percent0A): New.
(read_key_file): Add optional arg 'keymeta' and change all callers.
(agent_key_from_file): Prefer "Label:" over the comment for protected
keys.
--

If in the extended key format an item

  Label: This is my key

is found, "This is my key" will be displayed instead of the comment
intially recorded in the s-expression.  This is pretty useful for the
ssh keys because often there is only the original file name recorded
in the comment.

If no Label is found or it is empty the S-expression comment is used.

To show more than one line, the standard name-value syntax can be
used, for example:

  Label: The Ssh key
  <blank line>
  <space>I registered on fencepost.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-07 11:09:09 +02:00
Werner Koch
bdf252e76a
agent: Put Token lines into the key files.
* agent/findkey.c (write_extended_private_key): Add args serialno and
keyref.  Write a Token line if that does not yet exist.
(agent_write_private_key): Add args serialno and keyref and change all
callers.
(agent_write_shadow_key): Skip leading spaces.
* agent/keyformat.txt: Improve extended key format docs.
--

Noet that the extended key forma is the defaqult in 2.3.  This patch
is a first step to better handle tokens which carray the same key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-03 15:54:54 +02:00
Werner Koch
3c7a1f3aea
agent: Allow other ssh fingerprint algos in KEYINFO.
* agent/command.c (cmd_keyinfo): Allow for --ssh-fpr=ALGO.  Default to
the standard algo.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-26 09:02:19 +01:00
Werner Koch
91ae3e7fb6
agent: Re-introduce --enable-extended-key-format.
* agent/gpg-agent.c (oEnableExtendedKeyFormat): Re-introduce.
(parse_rereadable_options): Handle it in a special way.
* agent/protect.c (agent_protect): Be safe and set use_ocb only to 1
or 0.
* tools/gpgconf-comp.c: Add --enable-extended-key-format again.
--

This is required for backward compatible with profiles.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-06 17:58:39 +01:00
Werner Koch
05eff1f662
agent: Default to extended key format.
* agent/gpg-agent.c (oDisableExtendedKeyFormat, oNoop): New.
(oEnableExtendedKeyFormat): Remove.
(opts): Make --enable-extended-key-format a dummy option.  Add
disable-extended-key-format.
(parse_rereadable_options): Implement oDisableExtendedKeyFormat.
--

Extended key format is supported since vesion 2.1.12 which should have
long been replaced by a newer version inh all installations.  Thus for
2.3 we will make use of the extended-key-format by default.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-06 14:09:57 +01:00
NIIBE Yutaka
2abad7585a agent: Fix detection of exit of scdaemon.
* agent/call-scd.c (start_scd): Acquire START_SCD_LOCK for
SCD_LOCAL_LIST.  Move common case code to fast path.
Release START_SCD_LOCK before calling unlock_scd.
When new CTX is allocated, clear INVALID flag.
(agent_reset_scd): Serialize the access to SCD_LOCAL_LIST by
START_SCD_LOCK.

--

GnuPG-bug-id: 4377
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-03-06 11:00:10 +09:00
Werner Koch
e897e1e255
scd:piv: Implement import of private keys for Yubikeys.
* scd/app-piv.c (concat_tlv_list): Add arg 'secure' and adjust
 callers.
(writekey_rsa, writekey_ecc): New.
(do_writekey): New.
(do_writecert): Provide a better error message for an empty cert.
(app_select_piv): Register do_writekey.
* scd/iso7816.c (iso7816_send_apdu): New.
* scd/app-common.h (APP_WRITEKEY_FLAG_FORCE): New.
* agent/command.c (cmd_keytocard): Make the timestamp optional.
* tools/card-call-scd.c (inq_writekey_parms): Remove.
(scd_writekey): Rewrite.
* tools/gpg-card.c (cmd_writekey): New.
(enum cmdids): Add cmdWRITEKEY.
(dispatch_command, interactive_loop): Call cmd_writekey.
--

This has been tested with gpgsm and RSA keys.  For ECC keys only
partly tested using the sample OpenPGP nistp256 and nistp384 keys
because gpgsm does not yet support ECC certificates and thus we can't
write the certificates to the cert object after a writekey.  Note that
they nevertheless show up in "gpgcard list" because gpg-card searches
for them in gpg and gpgsm.  However, this does not work completely.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-05 15:49:20 +01:00
Werner Koch
bcc89a6df2
agent: Minor change to the KEYTOCARD command.
* agent/command.c (cmd_keytocard): Make timestamp optional.  Use
modern parser function.
* agent/call-scd.c (agent_card_writekey): Rename an arg and for
clarity return gpg_error_t instead of int.
* agent/divert-scd.c (divert_writekey): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-05 12:08:27 +01:00
NIIBE Yutaka
0173b249cf agent: PKSIGN should return signature in same format for card.
* agent/pksign.c (agent_pksign_do):

--

It's best to keep same data format by libgcrypt.

For card (due to historical reasons), gpg-agent or scdaemon used to
prefix 0x00 when it starts 0x80, so that it can be parsed signed MPI
as well as unsigned MPI.  It used to do nothing for preceding zeros.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-02-27 10:37:26 +09:00
Werner Koch
a12c3a566e
agent: Fix for suggested Libgcrypt use.
* agent/divert-scd.c (divert_pkdecrypt): Skip a flags parameter.
--

The libgcrypt docs say that a "flags" parameter should always be used
in the input of pkdecrypt.  Thus we should allow that parameter also
when parsing an s-expression to figure out the algorithm for use with
scdaemon.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-02-25 08:24:52 +01:00
NIIBE Yutaka
c395f83153 agent: Terminate pinentry process gracefully, by watching socket.
* agent/call-pinentry.c (watch_sock): New.
(do_getpin): Spawn the watching thread.

--

While we don't have npth_cancel (and it's difficult to implement it
correctly), this is a kind of best compromise allowing a thread's
polling when pinentry is active.

GnuPG-bug-id: 2011
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-02-19 14:36:50 +09:00
NIIBE Yutaka
99aa54323f agent: Minor change for pinentry status handling.
* agent/call-pinentry.c (struct entry_parm_s): Add status.
(do_getpin): Use param->status.
(agent_askpin): Copy param->status. to pininfo.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-02-19 14:28:04 +09:00
NIIBE Yutaka
ada797f477 agent: Factor out the getpin interaction.
* agent/call-pinentry.c (do_getpin): New.
(agent_askpin, agent_get_passphrase): Use do_getpin.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-02-19 11:55:55 +09:00
NIIBE Yutaka
02a2633a7f agent: Clear bogus pinentry cache, when it causes an error.
* agent/agent.h (PINENTRY_STATUS_*): Expose to public.
(struct pin_entry_info_s): Add status.
* agent/call-pinentry.c (agent_askpin): Clearing the ->status
before the loop, let the assuan_transact set ->status.  When
failure with PINENTRY_STATUS_PASSWORD_FROM_CACHE, it returns
soon.
* agent/findkey.c (unprotect): Clear the pinentry cache,
when it causes an error.

--

GnuPG-bug-id: 4348
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-01-28 12:58:13 +09:00
Werner Koch
ec13b1c562
gpg: Move S2K encoding function to a shared file.
* g10/passphrase.c (encode_s2k_iterations): Move function to ...
* common/openpgp-s2k.c: new file.  Remove default intialization code.
* common/openpgpdefs.h (S2K_DECODE_COUNT): New to keep only one copy.
* g10/call-agent.c (agent_get_s2k_count): Change to return the count
and print an error.
* agent/protect.c: Include openpgpdefs.h
* g10/card-util.c (gen_kdf_data): Adjust for changes
* g10/gpgcompose.c: Include call-agent.h.
(sk_esk): Adjust for changes.
* g10/passphrase (passphrase_to_dek): Adjust for changes.
* g10/main.h (S2K_DECODE_COUNT): Remove macro.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-26 23:10:38 +01:00
NIIBE Yutaka
ae966bbe9b agent: Support --mode=ssh option for CLEAR_PASSPHRASE.
* agent/command.c (cmd_clear_passphrase): Add support for SSH.

--

GnuPG-bug-id: 4340
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-01-25 12:08:09 +09:00
Werner Koch
055f8854d3
common: Extend function percent_data_escape.
* common/percent.c (percent_data_escape): Add new args prefix and
plus_escape.
* agent/command.c (cmd_put_secret): Adjust for changed function

* common/t-percent.c (test_percent_data_escape): Extend test for the
prefix.
(test_percent_data_escape_plus): new test for the plus escaping.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-24 10:02:52 +01:00
Werner Koch
d93797c8a7
ssh: Simplify the curve name lookup.
* agent/command-ssh.c (struct ssh_key_type_spec): Add field
alt_curve_name.
(ssh_key_types): Add some alternate curve names.
(ssh_identifier_from_curve_name): Lookup also bey alternative names
and return the canonical name.
(ssh_key_to_blob): Simplify the ECDSA case by using gcry_pk_get_curve
instead of the explicit mapping.
(ssh_receive_key): Likewise.  Use ssh_identifier_from_curve_name to
validate the curve name.  Remove the reverse mapping because since
GnuPG-2.2 Libgcrypt 1.7 is required.
(ssh_handler_request_identities): Log an error message.
--

This change will make it easier to support other curves, in particular
those from tokens.  Libgcrypt has a large list of alias names which we
now use to to make the mapping more flexible.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-17 15:58:30 +01:00
Werner Koch
cbcc8c1954
agent: Make the S2K calibration time runtime configurabe.
* agent/protect.c (s2k_calibration_time): New file global var.
(calibrate_s2k_count): Use it here.
(get_calibrated_s2k_count): Replace function static var by ...
(s2k_calibrated_count): new file global var.
(set_s2k_calibration_time): New function.
* agent/gpg-agent.c (oS2KCalibration): New const.
(opts): New option --s2k-calibration.
(parse_rereadable_options): Parse that option.
--

Note that using an unrelistic high value (like 60000) takes quite some
time for calibration.

GnuPG-bug-id: 3399
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-11 18:12:51 +01:00
Werner Koch
3a90efb7cf
scd: Add strerror to new error message.
* agent/call-scd.c (wait_child_thread): Add %s.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-30 12:38:51 +01:00
NIIBE Yutaka
483e63f9b5 agent: Better serialization for scdaemon access.
* agent/call-scd.c (unlock_scd): Move lock before accessing IN_USE.
(wait_child_thread): Add log_info for Windows, and fixed log_error
message.

--

The old code is still valid with cooperate threads, but this is
better.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-27 11:08:51 +09:00
NIIBE Yutaka
40c7923ea8 agent: Have a thread to wait for the child process of scdaemon.
* agent/call-scd.c (wait_child_thread): New.
(start_scd): Create a thread for wait_child_thread.
(agent_scd_check_aliveness): Remove.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-26 12:07:36 +09:00
NIIBE Yutaka
9fb3f0f3f7 agent: Defer calling assuan_release when it's still in use.
* agent/call-scd.c (struct scd_local_s): Remove LOCK, introduce IN_USE
and INVALID flags.
(unlock_scd): Call assuan_release when CTX is invalid.
(start_scd): Set IN_USE.
(agent_scd_check_aliveness): Don't call assuan_release when it's in use.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-26 11:35:22 +09:00
NIIBE Yutaka
f45d612469 agent: Clean up SCDaemon management.
* agent/call-scd.c (struct scd_local_s): Remove ctrl_backlink.
(start_scd): Don't assign to the field.
(agent_scd_check_aliveness): Fix typo in comment.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-26 10:37:02 +09:00
NIIBE Yutaka
804a77edd9 agent: Simplify agent_popup_message_stop.
* agent/call-pinentry.c (agent_popup_message_stop): Just kill it.

--

By checking if it's alive or not, we can lower a risk of sending
SIGINT to a wrong process on unusual condition when PID is re-used to
a different process.

That's true, however, since it's alive usually, simply sending SIGINT
is enough here.

Note that here is a race condition for detecting if process is active
or not;  A process can die just after being detected alive.

Moreover, when the process of pinentry accidentally died already, it
should have caused return of assuan_transact and the thread of
popup_message_thread likely already set popup_finished=1.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-14 10:45:15 +09:00
Werner Koch
b3a70b67f3
po: Clarify a translator's note.
--
2018-11-13 09:15:15 +01:00
Daniel Kahn Gillmor
a7c5d65eb5 all: fix more spelling errors 2018-10-25 16:53:05 -04:00
Daniel Kahn Gillmor
54eb375ff1 all: fix spelling and typos
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-10-24 15:56:18 -04:00
Werner Koch
2bdc4b6ed9
agent: Fix possible release of unitialize var in a genkey error case.
* agent/command.c (cmd_genkey): Initialize 'value'.
--

GnuPG-bug-id: 4222
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-24 20:16:26 +02:00
Werner Koch
7385e1babf
ssh: Fix possible infinite loop in case of an read error.
* agent/command-ssh.c (ssh_handler_add_identity): Handle other errors
than EOF.
--

GnuPG-bug-id: 4221
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-24 20:11:33 +02:00
Werner Koch
68b8096b66
agent: Fix build regression for Windows.
* agent/command-ssh.c (get_client_info): Turn client_uid into an int.
Fix setting of it in case of a failed getsocketopt.
* agent/command.c (start_command_handler): Fix setting of the pid and
uid for Windows.
--

Fixes-commit: 28aa689058
which obviously was only added to master.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-22 17:24:58 +02:00
NIIBE Yutaka
4ed941ff26 agent: Fix message for ACK button.
* agent/divert-scd.c (getpin_cb): Display correct message.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-10-12 11:36:59 +09:00
NIIBE Yutaka
827529339a agent: Support --ack option for POPUPPINPADPROMPT.
* agent/divert-scd.c (getpin_cb): Support --ack option.

--

We are now introducing "acknowledge button" feature to scdaemon,
so that we can support OpenPGPcard User Interaction Flag.

We will (re)use the mechanism of POPUPPINPADPROMPT for this.  Perhaps,
we will change the name of POPUPPINPADPROMPT, since it will be no
longer for PINPAD only.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-10-11 13:37:24 +09:00
NIIBE Yutaka
adce73b86f agent: Fix error code check from npth_mutex_init.
* agent/call-pinentry.c (initialize_module_call_pinentry): It's an
error when npth_mutex_init returns non-zero.

--

Actually, initialize_module_call_pinentry is only called once from
main.  So, this bug had no harm and having the static variable
INITIALIZED is not needed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-10 09:16:50 +09:00
Werner Koch
8a915cd9fa
agent: New commands PUT_SECRET and GET_SECRET.
* agent/agent.h (CACHE_MODE_DATA): New const.
* agent/cache.c (DEF_CACHE_TTL_DATA): new.
(housekeeping): Tweak for CACHE_MODE_DATA.
(cache_mode_equal): Ditto.
(agent_get_cache): Ditto.
(agent_put_cache): Implement CACHE_MODE_DATA.
* agent/command.c (MAXLEN_PUT_SECRET): New.
(parse_ttl): New.
(cmd_get_secret): New.
(cmd_put_secret): New.
(register_commands): Register new commands.
--

These commands allow to store secrets in memory for the lifetime of
the gpg-agent process.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-02 21:36:19 +02:00
Werner Koch
3978df943d
agent: Fix segv running in --server mode
* agent/command.c (start_command_handler): Do not write to
CLIENT_CREDS after an error.
--

assuan_get_peercred is special insofar that it returns a pointer into
CTX.  Writing data via this pointer should never be done.

Fixes-commit: 28aa689058
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-02 20:25:30 +02:00
Werner Koch
7ffc1ac7dd
agent: Add DBUS_SESSION_BUS_ADDRESS et al. to the startup list.
* agent/gpg-agent.c (agent_copy_startup_env): Replace explicit list
with the standard list.
--

Although the function agent_copy_startup_env is newer than
session_env_list_stdenvnames the latter was not used.  When
DBUS_SESSION_BUS_ADDRESS was added to the latter it was forgotten to
add it to the former as well.  Having all stdnames here seems to be
the Right Thing (tm) to do.

GnuPG-bug-id: 3947
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-06 18:29:15 +02:00
Werner Koch
7b7576637d
Merge branch 'STABLE-BRANCH-2-2' into master
--

Resolved Conflicts:
	NEWS  - removed
	configure.ac - removed

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-13 13:29:40 +02:00
Werner Koch
bbb5bfacc0
agent,dirmngr: Add "getenv" to the getinfo command.
* agent/command.c (cmd_getinfo): Add sub-command getenv.
* dirmngr/server.c (cmd_getinfo): Ditto.
--

It is sometimes helpful to be able to inspect certain envvars in a
running agent.  For example "http_proxy".

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-12 11:25:58 +02:00
Werner Koch
36373798c0
Merge branch 'STABLE-BRANCH-2-2' into master
--
Fixed conflicts:
  NEWS            - keep master
  configure.ac    - merge
  g10/card-util.c - mostly 2.2
  g10/sig-check.c - 2.2
2018-04-10 10:14:30 +02:00
Werner Koch
9f69dbeb90
agent: Improve the unknown ssh flag detection.
* agent/command-ssh.c (ssh_handler_sign_request): Simplify detection
of flags.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-10 07:59:52 +02:00
Daniel Kahn Gillmor
381c46818f agent: unknown flags on ssh signing requests cause an error.
* agent/command-ssh.c (ssh_handler_sign_request): if a flag is passed
during an signature request that we do not know how to apply, return
GPG_ERR_UNKNOWN_OPTION.

--

https://tools.ietf.org/html/draft-miller-ssh-agent-02#section-4.5 says:

    If the agent does not support the requested flags, or is otherwise
    unable or unwilling to generate the signature (e.g. because it
    doesn't have the specified key, or the user refused confirmation of a
    constrained key), it must reply with a SSH_AGENT_FAILURE message.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
GnuPG-bug-id: 3880
2018-04-09 18:06:38 -04:00
Daniel Kahn Gillmor
55435cdd4f agent: change documentation reference for ssh-agent protocol.
* agent/command-ssh.c: repoint documentation reference.

--

Damien Miller is now documenting the ssh-agent protocol via the IETF.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-04-09 18:00:29 -04:00
NIIBE Yutaka
80b775bdbb agent: Support SSH signature flags.
* agent/command-ssh.c (SSH_AGENT_RSA_SHA2_256): New.
(SSH_AGENT_RSA_SHA2_512): New.
(ssh_handler_sign_request): Override SPEC when FLAGS
is specified.

--

GnuPG-bug-id: 3880
Reported-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-04-06 14:58:14 +09:00
NIIBE Yutaka
96918346be agent,scd: Use pointer to represent HANDLE.
* agent/call-scd.c [HAVE_W32_SYSTEM] (start_scd): Format with %p.
* scd/command.c [HAVE_W32_SYSTEM] (option_handler): Use void *.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-27 16:24:17 +09:00
Werner Koch
d4dc4245bf
Merge branch 'STABLE-BRANCH-2-2' into master 2018-03-27 08:48:00 +02:00
Werner Koch
02dce8c0cc
agent: Make the request origin a part of the cache items.
* agent/cache.c (agent_put_cache): Add arg 'ctrl' and change all
callers to pass it.
(agent_get_cache): Ditto.

* agent/cache.c (struct cache_items_s): Add field 'restricted'.
(housekeeping): Adjust debug output.
(agent_flush_cache): Ditto.
(agent_put_cache): Ditto.  Take RESTRICTED into account.
(agent_get_cache): Ditto.
--

If requests are coming from different sources they should not share the
same cache.  This way we make sure that a Pinentry pops up for a
remote request to a key we have already used locally.

GnuPG-bug-id: 3858
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-27 08:40:58 +02:00
Werner Koch
05c55ee260
agent: New OPTION pretend-request-origin
* common/shareddefs.h (request_origin_t): New.
* common/agent-opt.c (parse_request_origin): New.
(str_request_origin): New.
* agent/command.c (option_handler): Implement new option.
--

This allows to pretend that a request originated from the extra or
browser socket.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 08:37:14 +01:00
Werner Koch
f574aabeeb
Merge branch 'STABLE-BRANCH-2-2' into wk-master 2018-03-06 16:26:26 +01:00
Werner Koch
f060cb5c63
agent: Also evict cached items via a timer.
* agent/cache.c (agent_cache_housekeeping): New func.
* agent/gpg-agent.c (handle_tick): Call it.
--

This change mitigates the risk of having cached items in a post mortem
dump.

GnuPG-bug-id: 3829
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-06 16:22:42 +01:00
Werner Koch
20539ea5ca
Merge branch 'STABLE-BRANCH-2-2' 2018-02-22 16:19:56 +01:00
Katsuhiro Ueno
df97fe2480
agent: Avoid appending a '\0' byte to the response of READKEY
* agent/command.c (cmd_readkey): Set pkbuflen to the length of the output
without an extra '\0' byte.
2018-02-14 17:11:17 +01:00
Werner Koch
f19ff78f0f
common: Use new function to print status strings.
* common/asshelp2.c (vprint_assuan_status_strings): New.
(print_assuan_status_strings): New.
* agent/command.c (agent_write_status): Replace by call to new
function.
* dirmngr/server.c (dirmngr_status): Ditto.
* g13/server.c (g13_status): Ditto.
* g13/sh-cmd.c (g13_status): Ditto.
* sm/server.c (gpgsm_status2): Ditto.
* scd/command.c (send_status_info): Bump up N.
--

This fixes a potential overflow if LFs are passed to the status
string functions.  This is actually not the case and would be wrong
because neither the truncating in libassuan or our escaping is not the
Right Thing.  In any case the functions need to be more robust and
comply to the promised interface.  Thus the code has been factored out
to a helper function and N has been bumped up correctly and checked in
all cases.

For some uses this changes the behaviour in the error case (i.e. CR or
LF passed): It will now always be C-escaped and not passed to
libassuan which would truncate the line at the first LF.

Reported-by: private_pers
2018-02-14 12:21:44 +01:00
NIIBE Yutaka
660eafa3a9 agent: Fix sending connecting process uid to pinentry.
* agent/command-ssh.c (get_client_info): Use LOCAL_PEERCRED.

--

LOCAL_PEERUID was wrong (while there is LOCAL_PEERUUID).
For FreeBSD and macOS, we can use LOCAL_PEERCRED to get uid.

GnuPG-bug-id: 3757
Fixes-commit: 28aa689058
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-01-26 10:52:56 +09:00
NIIBE Yutaka
c2e69a7a8c Merge branch 'STABLE-BRANCH-2-2' into master
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-01-26 10:47:28 +09:00
NIIBE Yutaka
d7207b39b7 agent: Fix last commit.
* configure.ac: Check ucred.h as well as sys/ucred.h.
* agent/command-ssh.c: Add inclusion of ucred.h.

--

It was T2981, adding ucred.h for Solaris.  We also need sys/ucred.h
for FreeBSD and macOS.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-01-26 10:42:31 +09:00
NIIBE Yutaka
08e686a6a6 agent: More fix for get_client_pid for portability.
* configure.ac: Check sys/ucred.h instead of ucred.h.
    * agent/command-ssh.c: Include sys/ucred.h.

--

It's *BSD and macOS thing.

Fixes-commit: f7f806afa5
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-01-26 10:13:34 +09:00
Werner Koch
c817e75028
Merge branch 'STABLE-BRANCH-2-2' into master
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-18 16:42:59 +01:00
Werner Koch
c81a447190
Change backlog from 5 to 64 and provide option --listen-backlog.
* agent/gpg-agent.c (oListenBacklog): New const.
(opts): New option --listen-backlog.
(listen_backlog): New var.
(main): Parse new options.
(create_server_socket): Use var instead of 5.
* dirmngr/dirmngr.c: Likewise.
* scd/scdaemon.c: Likewise.
--

GnuPG-bug-id: 3473
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-12 14:14:40 +01:00
Werner Koch
b38ca59bdb
Merge branch 'STABLE-BRANCH-2-2' into master 2017-12-11 10:42:38 +01:00
Werner Koch
6391de3e62
doc: Fix Dijkstra
--

Edsger Wybe Dijkstra (1930 --2002)
  - Dutch computer scientist
2017-12-08 07:40:06 +01:00
NIIBE Yutaka
5c121d4444 agent: Fix description of shadow format.
* agent/keyformat.txt, agent/protect.c, agent/t-protect.c: Fix.

--

https://lists.gnupg.org/pipermail/gnupg-devel/2015-April/029680.html

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-12-08 09:19:50 +09:00
NIIBE Yutaka
b9677ba16f
agent: Change intialization of assuan socket system hooks.
* agent/gpg-agent.c (initialize_modules): Add hook again.
(main): Remove setting of the system houk but add scoket system hook
setting after assuan initialization.
--

Thread initialization is better to be deferred after fork (in case of
UNIX).  assuan_sock_init should be earlier.  Thus, we need to change
system hooks for assuan_sock_* interface.  Or else, on Windows, it may
cause hang on server.

Updates-commit: 1524ba9656
GnuPG-bug-id: 3378
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-07 14:33:58 +01:00
NIIBE Yutaka
1524ba9656 agent: Set assuan system hooks before call of assuan_sock_init.
* agent/gpg-agent.c (initialize_modules): Move assuan_set_system_hooks.
(main): ... here, just before assuan_sock_init.

--

In Assuan, global variable SOCK_CTX is used internally, which is
initialized by assuan_sock_init.  When initialized, system hooks
are copied into SOCK_CTX structure.  Thus, system hooks should
be set, before the call of assuan_sock_init.

GnuPG-bug-id: 3378
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-12-06 11:20:51 +09:00
Werner Koch
b56dfdfc18
Use the gpgrt log functions if possible.
* common/logging.c: Do not build any code if we can use the gpgrt_log
functions.
(log_logv_with_prefix): Rename to log_logv_prefix and change order of
args so that this function matches its printf like counterpart
gpgrt_logv_prefix.  Change all callers.
(log_debug_with_string): Rename to log_debug_string. Change all
callers.
(log_printhex): Move first arg to end so that this function matches
its printf like counterpart gpgrt_log_printhex.  Change all callers.
* common/logging.h: Divert to gpgrt/libgpg-error if we can use the
gpgrt_log functions.
(bug_at): Add inline versions if we can use the gpgrt_log functions.
* configure.ac (GPGRT_ENABLE_LOG_MACROS): Add to AH_BOTTOM.
(mycflags): Add -Wno-format-zero-length.
--

This patch enables the use of the log function from libgpgrt (aka
libgpg-error).  Instead of checking a version number, we enable them
depending on macros set by recent gpg-error versions.  Eventually the
whole divert stuff can be removed.

The -Wno-format-zero-length is required because log_printhex can be
called with an empty format string.  Note that this is fully specified
standard C behaviour.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-27 15:00:25 +01:00
Werner Koch
18af15249d
agent: New option --auto-expand-secmem.
* agent/gpg-agent.c (oAutoExpandSecmem): New enum value.
(opts): New option --auto-expand-secmem.
(main): Implement that option.
--

Note that this option has an effect only if Libgcrypt >= 1.8.2 is
used.

GnuPG-bug-id: 3530
2017-11-24 10:30:25 +01:00
Werner Koch
7ffedfab89
gpg-agent: Avoid getting stuck in shutdown pending state.
* agent/gpg-agent.c (handle_connections): Always check inotify fds.
--

I noticed a gpg-agent processed, probably in shutdown_pending state,
which was selecting on only these two inotify fds.  The select
returned immediately but because we did not handle the fds in
shutdown_pending state they were not read and the next select call
returned one of them immediately again.  Actually that should not
hanppen because the

          if (active_connections == 0)
            break; /* ready */

should have terminated the loop.  For unknown reasons (maybe be just a
connection thread terminated in a gdb session) that did not happen.
By moving the check outside of the shutdown_pending condition and
closing the fd after they have been triggered the code should be more
robust.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 5d83eb9226)
2017-11-20 11:55:34 +01:00
NIIBE Yutaka
760aa8aada
agent: Use clock or clock_gettime for calibration.
* agent/protect.c (calibrate_get_time): Use clock or clock_gettime.

--

For calibration, clock(3) is better than times(3) among UNIXen.
Tested on NetBSD 7.1 and FreeBSD 11.1, using QEMU.

Thanks to Damien Goutte-Gattat for the information of use of
CLOCKS_PER_SEC;  The old code with times(3) is not 100% correct,
in terms of POSIX.  It should have used sysconf (_SC_CLK_TCK) instead
of CLOCKS_PER_SEC.  CLOCKS_PER_SEC is specifically for clock(3).

GnuPG-bug-id: 3056, 3276, 3472
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 380bce13d9)
2017-11-20 11:53:44 +01:00
Werner Koch
5d83eb9226
gpg-agent: Avoid getting stuck in shutdown pending state.
* agent/gpg-agent.c (handle_connections): Always check inotify fds.
--

I noticed a gpg-agent processed, probably in shutdown_pending state,
which was selecting on only these two inotify fds.  The select
returned immediately but because we did not handle the fds in
shutdown_pending state they were not read and the next select call
returned one of them immediately again.  Actually that should not
hanppen because the

          if (active_connections == 0)
            break; /* ready */

should have terminated the loop.  For unknown reasons (maybe be just a
connection thread terminated in a gdb session) that did not happen.
By moving the check outside of the shutdown_pending condition and
closing the fd after they have been triggered the code should be more
robust.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-13 11:59:50 +01:00
NIIBE Yutaka
380bce13d9 agent: Use clock or clock_gettime for calibration.
* agent/protect.c (calibrate_get_time): Use clock or clock_gettime.

--

For calibration, clock(3) is better than times(3) among UNIXen.
Tested on NetBSD 7.1 and FreeBSD 11.1, using QEMU.

Thanks to Damien Goutte-Gattat for the information of use of
CLOCKS_PER_SEC;  The old code with times(3) is not 100% correct,
in terms of POSIX.  It should have used sysconf (_SC_CLK_TCK) instead
of CLOCKS_PER_SEC.  CLOCKS_PER_SEC is specifically for clock(3).

GnuPG-bug-id: 3056, 3276, 3472
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-11-07 10:49:36 +09:00
Werner Koch
3607ab2cf3
agent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time".
* agent/command.c (cmd_getinfo): New sub-commands.
* agent/protect.c (get_standard_s2k_count): Factor some code out to ...
(get_calibrated_s2k_count): new.
(get_standard_s2k_time): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 52d41c8b0f)
2017-11-06 15:11:24 +01:00
Werner Koch
78a6d0ce88
agent: New option --s2k-count.
* agent/agent.h (opt): New field 's2k_count'.
* agent/gpg-agent.c (oS2KCount): New enum value.
(opts): New option --s2k-count.
(parse_rereadable_options): Set opt.s2k_count.
--

This option is useful to speed up the starting of gpg-agent and in
cases where the auto-calibration runs into problems due to a broken
time measurement facility.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f7212f1d11)
2017-11-06 15:11:13 +01:00
Werner Koch
52d41c8b0f
agent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time".
* agent/command.c (cmd_getinfo): New sub-commands.
* agent/protect.c (get_standard_s2k_count): Factor some code out to ...
(get_calibrated_s2k_count): new.
(get_standard_s2k_time): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-06 15:03:06 +01:00
Werner Koch
f7212f1d11
agent: New option --s2k-count.
* agent/agent.h (opt): New field 's2k_count'.
* agent/gpg-agent.c (oS2KCount): New enum value.
(opts): New option --s2k-count.
(parse_rereadable_options): Set opt.s2k_count.
--

This option is useful to speed up the starting of gpg-agent and in
cases where the auto-calibration runs into problems due to a broken
time measurement facility.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-06 13:57:30 +01:00
NIIBE Yutaka
3da47d19df
agent: Fix returning GPG_ERR_NOT_FOUND wrongly.
* agent/learncard.c (agent_handle_learn): Find SERIALNO.

--

Bug is: "gpg-connect-agent learn /bye" just fails wrongly.

Fixes-commit: 8c8ce8711d
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 5e96fe72e4)
2017-11-02 17:04:03 +01:00
NIIBE Yutaka
5e96fe72e4 agent: Fix returning GPG_ERR_NOT_FOUND wrongly.
* agent/learncard.c (agent_handle_learn): Find SERIALNO.

--

Bug is: "gpg-connect-agent learn /bye" just fails wrongly.

Fixes-commit: 8c8ce8711d
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-11-02 16:23:10 +09:00
NIIBE Yutaka
3924e1442c
agent: Clean up pinentry access locking.
* agent/agent.h (struct server_control_s): Rename PINENTRY_ACTIVE.
* agent/call-pinentry.c (entry_owner): Remove.
(agent_reset_query): Use thread private object of PINENTRY_ACTIVE.
(unlock_pinentry): Add CTRL to arguments to access thread private.
Check and decrement PINENTRY_ACTIVE for recursive use.
(start_pinentry): Check and increment PINENTRY_ACTIVE for recursion.
(agent_askpin): Follow the change of unlock_pinentry API.
(agent_get_passphrase, agent_get_confirmation): Likewise.
(agent_show_message, agent_popup_message_start): Likewise.
(agent_popup_message_stop, agent_clear_passphrase): Likewise.

--

We use the member PINENTRY_ACTIVE as a thread private object.
It's only valid for a single thread at a time.

It would be possible to have a thread shared object of
PINENTRY_ACTIVE, keeping ENTRY_OWNER for distinguishing its
owner (which is also a thread shared object).  But, in this case,
access to ENTRY_OWNER is tricky (only comparison to accessing thread
would be OK with no lock), or we need to introduce another lock for
accessing ENTRY_OWNER, which complicates the code too much.

So, simply have a thread private object for recursive pinentry access.

GnuPG-bug-id: 3190
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit fb7828676c)
2017-10-27 14:15:58 +02:00
NIIBE Yutaka
4738256f2e
agent: Allow recursive use of pinentry.
* agent/agent.h (struct server_control_s): Add pinentry_level.
* agent/call-pinentry.c (agent_popup_message_stop): Not clear
ENTRY_CTX here.
(unlock_pinentry): Handle recursion.  Clear ENTRY_CTX here.
(start_pinentry): Allow recursive use.

--

GnuPG-bug-id: 3190
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 3b66a256e3)
2017-10-27 14:15:50 +02:00
NIIBE Yutaka
fb7828676c agent: Clean up pinentry access locking.
* agent/agent.h (struct server_control_s): Rename PINENTRY_ACTIVE.
* agent/call-pinentry.c (entry_owner): Remove.
(agent_reset_query): Use thread private object of PINENTRY_ACTIVE.
(unlock_pinentry): Add CTRL to arguments to access thread private.
Check and decrement PINENTRY_ACTIVE for recursive use.
(start_pinentry): Check and increment PINENTRY_ACTIVE for recursion.
(agent_askpin): Follow the change of unlock_pinentry API.
(agent_get_passphrase, agent_get_confirmation): Likewise.
(agent_show_message, agent_popup_message_start): Likewise.
(agent_popup_message_stop, agent_clear_passphrase): Likewise.

--

We use the member PINENTRY_ACTIVE as a thread private object.
It's only valid for a single thread at a time.

It would be possible to have a thread shared object of
PINENTRY_ACTIVE, keeping ENTRY_OWNER for distinguishing its
owner (which is also a thread shared object).  But, in this case,
access to ENTRY_OWNER is tricky (only comparison to accessing thread
would be OK with no lock), or we need to introduce another lock for
accessing ENTRY_OWNER, which complicates the code too much.

So, simply have a thread private object for recursive pinentry access.

GnuPG-bug-id: 3190
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-10-27 09:54:48 +09:00
NIIBE Yutaka
3b66a256e3 agent: Allow recursive use of pinentry.
* agent/agent.h (struct server_control_s): Add pinentry_level.
* agent/call-pinentry.c (agent_popup_message_stop): Not clear
ENTRY_CTX here.
(unlock_pinentry): Handle recursion.  Clear ENTRY_CTX here.
(start_pinentry): Allow recursive use.

--

GnuPG-bug-id: 3190
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-10-26 14:40:38 +09:00
NIIBE Yutaka
05cb87276c agent, tests: Support --disable-scdaemon build case.
* agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON.
* tests/openpgp/defs.scm (create-gpghome): Likewise.
* tests/gpgsm/gpgsm-defs.scm (create-gpgsmhome): Likewise.

--

We could modify gpg-agent to remove all support of scdaemon, with no
inclusion of call-scd.c, divert-scd.c, and learncard.c, but it would
not be worth to do that.

GnuPG-bug-id: 3316
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-10-26 11:39:49 +09:00
NIIBE Yutaka
bf26c08b95 agent, tests: Support --disable-scdaemon build case.
* agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON.
* tests/openpgp/defs.scm (create-gpghome): Likewise.
* tests/gpgsm/gpgsm-defs.scm (create-gpgsmhome): Likewise.

--

We could modify gpg-agent to remove all support of scdaemon, with no
inclusion of call-scd.c, divert-scd.c, and learncard.c, but it would
not be worth to do that.

GnuPG-bug-id: 3316
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-10-26 11:24:39 +09:00
Daniel Kahn Gillmor
28aa689058 agent: Send pinentry the uid of connecting process where possible.
* agent/agent.h (server_control_s): Add field 'client_uid'.
* agent/call-pinentry.c (start_pinentry): Add uid field to assuan
option "owner" sent to pinentry.
* agent/command-ssh.c (peer_info_s): New static struct.
(get_client_pid): Rename to...
(get_client_info): Here, and extract uid in addition to pid.
(start_command_handler_ssh): Use get_client_info() instead of
get_client_pid().
* agent/command.c (start_command_handler): Try assuan_get_peercred,
and only fall back to assuan_get_pid when assuan_get_peercred fails.

--

This also requires an update to pinentry to handle the new uid field.
Distributing the uid as well as the pid makes it harder for a
different user on the same machine to take advantage of any race
conditions between when a requesting process might ask for something
that needs pinentry, and when pinentry gets around to inspecting the
state of that process.

We put the uid before the nodename because the uid is guaranteed to be
a integer (represented in decimal), which makes it much simpler to
parse past than the potentially arbitrarily structured nodename.

Use a / instead of whitespace to delimit pid/uid at Werner's request.

If we were willing to depend on the nodename being
whitespace-delimited (as the current, unreleased pinentry code does),
then we could add the uid after the nodename.  But since no released
pinentry depends on this option anyway, i think we should make the
more conservative, easily-parseable choice and put the user ID first.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-10-19 03:09:44 -04:00
NIIBE Yutaka
9f5e50e7c8 agent: Fix cancellation handling for scdaemon.
* agent/call-scd.c (cancel_inquire): Remove.
(agent_card_pksign, agent_card_pkdecrypt, agent_card_writekey)
(agent_card_scd): Don't call cancel_inquire.

--

Since libassuan 2.1.0, cancellation command "CAN" is handled within
the library, by assuan_transact.  So, cancel_inquire just caused
spurious "CAN" command to scdaemon which resulted an error.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-09-20 10:42:28 +09:00
Daniel Kahn Gillmor
926d07c5fa agent: compile-time configuration of s2k calibration.
* configure.ac: add --with-agent-s2k-calibration=MSEC, introduces
AGENT_S2K_CALIBRATION (measured in milliseconds)
* agent/protect.c (calibrate_s2k_count): Calibrate based on
AGENT_S2K_CALIBRATION.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
GnuPG-bug-id: 3399
2017-09-08 17:08:57 -04:00
Daniel Kahn Gillmor
909fbca196 gpg: default to 3072-bit RSA keys.
* agent/command.c (hlp_genkey): update help text to suggest the use of
3072 bits.
* doc/wks.texi: Make example match default generation.
* g10/keygen.c (DEFAULT_STD_KEY_PARAM): update to
rsa3072/cert,sign+rsa3072/encr, and fix neighboring comment,
(gen_rsa, get_keysize_range): update default from 2048 to 3072).
* g10/keyid.c (pubkey_string): update comment so that first example
is the default 3072-bit RSA.

--

3072-bit RSA is widely considered to be 128-bit-equivalent security.
This is a sensible default in 2017.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Gbp-Pq: Topic update-defaults
Gbp-Pq: Name 0015-gpg-default-to-3072-bit-RSA-keys.patch
2017-09-08 11:37:42 -04:00
Andre Heinecke
6158811304
agent: Fix string translation for Windows
* agent/agent.h (L_): Define agent_Lunderscore when simple
gettext is used.

--
This fixes a regression introduced by b3286af3 ENABLE_NLS
is not defined if we use simple gettext and not gettext.

GnuPG-Bug-Id: T3364
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2017-08-23 11:04:47 +02:00
Daniel Kahn Gillmor
f011d8763a Simple typo fix.
* agent/gpg-agent.c: Correct spelling in comment.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-08-07 01:03:52 -04:00
Werner Koch
3d78ae4d3d
agent: Make --no-grab the default.
* agent/gpg-agent.c (oGrab): New const.
(opts): New option --grab.  Remove description for --no-grab.
(parse_rereadable_options): Make --no-grab the default.
(finalize_rereadable_options): Allow --grab to override --no-grab.
(main) <gpgconflist>: Add "grab".
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add "grab".

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-04 18:34:03 +02:00
Werner Koch
6c9899bede
agent: Make --ssh-fingerprint-digest re-readable.
* agent/gpg-agent.c (main): Move oSSHFingerprintDigest to ...
(parse_rereadable_options): here.
(opts): Change its description.
(main) <aGPGConfList>: Include this option.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add option at expert
level.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-28 18:23:46 +02:00
Werner Koch
5cf95157c5
agent: For OCB key files return Bad Passprase instead of Checksum Error.
* agent/protect.c (do_decryption): Map error checksum to bad
passpharse protection

* agent/call-pinentry.c (unlock_pinentry): Don't munge the error
source for corrupted protection.
--

GnuPG-bug-id: 3266
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-28 11:51:04 +02:00
Werner Koch
5516ef47a2
agent: Minor cleanup (mostly for documentation).
* agent/command.c (cmd_pksign): Change var name 'rc' to 'err'.
* agent/findkey.c (read_key_file): Ditto.  Change return type to
gpg_error_t.  On es_fessk failure return a correct error code.
(agent_key_from_file): Change var name 'rc' to 'err'.
* agent/pksign.c (agent_pksign_do): Ditto.  Change return type to
gpg_error_t.  Return a valid erro code on malloc failure.
(agent_pksign): Ditto.  Change return type to gpg_error_t.  replace
xmalloc by xtrymalloc.
* agent/protect.c (calculate_mic): Change return type to gpg_error_t.
(do_decryption): Ditto.  Do not init RC.
(merge_lists): Change return type to gpg_error_t.
(agent_unprotect): Ditto.
(agent_get_shadow_info): Ditto.
--

While code starring for bug 3266 I found two glitches and also changed
var name for easier reading.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-28 10:38:57 +02:00