1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

989 Commits

Author SHA1 Message Date
Jakub Jelen
a95ddffdcd
agent: Avoid memory leaks in error code paths.
* agent/command.c (cmd_genkey): Use goto instead of return.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Ditto.
* agent/genkey.c (agent_ask_new_passphrase): Fix typo to free correct
pointer
(agent_genkey): Release memory
* agent/gpg-agent.c (check_own_socket): Free sockname
* agent/protect-tool.c (read_key): Free buf.
(agent_askpin): Free passphrase

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Changed original patch to not add a free before a GPG_ERR_BUG.

Signed-off-by: Werner Koch <wk@gnupg.org>
GnuPG-bug-id: 5393
2021-05-20 13:38:07 +02:00
Werner Koch
40da61b89b
gpg: Improve speed of secret key listing.
* agent/command.c (cmd_keyinfo): Factor some code out to ...
(get_keyinfo_on_cards): ... new.
(cmd_havekey): Add --list mode.
* g10/gpg.h (struct server_control_s): Add new caching vars.
* g10/gpg.c (gpg_deinit_default_ctrl): Release cache.
* g10/call-agent.c (agent_probe_any_secret_key): Init and try to use
the keygrip cache.
(agent_genkey): Clear the cache.
(agent_import_key): Ditto.

* g10/keylist.c (list_all, list_one): Pass ctrl to
agent_probe_any_secret_key.
* g10/getkey.c (lookup): Ditto.
--

With this change we first ask the agent for a list of all secret
keygrips and use that list instead of asking the agent for each public
key.  Speeds up my "gpg -K" with a lot of secret and public keys by
more than 25%.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-19 02:42:35 +02:00
Werner Koch
310b064f52
agent: Use SHA-256 for SSH fingerprint by default
* agent/gpg-agent.c (parse_rereadable_options): Change default ssh
fingerprint digest.
(main): Ditto.
--

Co-authored-by: Jakub Jelen <jjelen@redhat.com>
GnuPG-bug-id: 5434
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-12 08:55:51 +02:00
Werner Koch
965bb0693c
A few minor code cleanups and typo fixes.
* agent/command-ssh.c (ssh_handler_request_identities): Remove double
check of ERR.
* g10/getkey.c (get_pubkey_byname): Remove double use of break.
* g10/pkglue.c (pk_encrypt): Handle possible NULL-ptr access due to
failed malloc.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-11 09:06:34 +02:00
Werner Koch
0b875aa11a
agent,w32: Silence the get_peercred failed diagnostic
--
2021-04-23 09:52:57 +02:00
Werner Koch
50293ec2eb
gpg: Allow decryption w/o public key but with correct card inserted.
* agent/command.c (cmd_readkey): Add option --no-data and special
handling for $SIGNKEYID and $AUTHKEYID.
* g10/call-agent.c (agent_scd_getattr): Create shadow keys for KEY-FPR
output.
* g10/skclist.c (enum_secret_keys): Automagically get a missing public
key for the current card.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-23 08:50:39 +02:00
Werner Koch
84c2d97cca
agent: Require verbose level 2 for handler started/terminated notices.
* agent/gpg-agent.c (do_start_connection_thread): Silence diags even
more.
2021-04-23 08:50:39 +02:00
Werner Koch
8f2c9cb735
agent: Silence error messages for READKEY --card
* agent/command.c (cmd_readkey): Test for shadow key before creating
it.
2021-04-21 21:00:28 +02:00
Werner Koch
45918813f0
Support log-file option from common.conf for all daemon.
* agent/gpg-agent.c: Include comopt.h.
(main): Read log-file option from common.conf.
(reread_configuration): Ditto.
* dirmngr/dirmngr.c: Include comopt.h.
(main): Read log-file option from common.conf.
(reread_configuration): Ditto.
* kbx/keyboxd.c: Include comopt.h.
(main): Read log-file option from common.conf.
(reread_configuration): Ditto.
* scd/scdaemon.c: Include comopt.h.
(main): Read log-file option from common.conf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-20 10:50:10 +02:00
Jakub Jelen
cd66b2eb0d agent,kbx: Add LIBASSUAN_CLFAGS.
* agent/Makefile.am (gpg_preset_passphrase_CFLAGS, t_protect_CFLAGS):
Add LIBASSUAN_CFLAGS.
* kbx/Makefile.am (libkeybox_a_CFLAGS, libkeybox509_a_CFLAGS):
Likewise.

--

GnuPG-bug-id: 5389
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-04-13 13:54:14 +09:00
Werner Koch
2d2391dfc2
agent: Skip unknown unknown ssh curves seen on cards.
* agent/command-ssh.c (ssh_handler_request_identities): Skip unknown
curves.
--

For example when using my standard ed25519 token and testing cards
with only Brainpool support, the ssh-agent failed due to the unknown
curves seen on the card.  This patches fixes this by ignoring keys
with unknown curves.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-29 15:39:32 +02:00
Werner Koch
6de1ec3ba5
agent: Add debug output for failed RSA signature verification
* agent/pksign.c (agent_pksign_do): Support ECC and DSA verification
and print some debug info in the error case.
--

Note that the addition of do_encode_dsa has no immediate effect
because we use the code only for RSA.  However, for debugging it can
be useful to change the code to check also other created signatures.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-26 14:30:58 +01:00
Werner Koch
26215cb211
agent: Simplify a function.
* agent/findkey.c (agent_public_key_from_file): Use a membuf instead
of handcounting space.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-18 09:53:09 +01:00
Werner Koch
1523b5f76f
gpg: New option --no-auto-trust-new-key.
* g10/gpg.c (oNoAutoTrustNewKey): New.
(opts): Add --no-auto-trust-new-key.
(main): Set it.
* g10/options.h (opt): Add flags.no_auto_trust_new_key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-15 10:47:19 +01:00
Werner Koch
43bb5250a6
agent: Fix build without TPM
--
2021-03-10 15:52:20 +01:00
James Bottomley
92b601fcee
gpg: Add new command keytotpm to convert a private key to TPM format
* agent/command.c (cmd_keytotpm): New.
(agent/command.c): Register new command KEYTOTPM.
* g10/call-agent.c (agent_keytotpm): New.
* g10/keyedit.c (cmdKEYTOTPM): New command "keytotpm".
(keyedit_menu): Implement.

--

The plumbing is done in two parts: the agent is modified to understand
a KEYTOTPM assuan command taking the key grip as an argument.  This
simply obtains the key s expression and calls the existing writeky
diversion to the tpm2daemon.  The daemon reponds with the TPM
conversion of the key and that key is then stored in the keyfile as a
shadowed-private-key with "tpm2-v1" type.

To effect the conversion, all the user does from gpg --edit-key is
select which private key they wish to move (or move the primary if no
key is selected) and type keytotpm.  The conversion to TPM form is
instantaneous and once converted, the actual key cannot be recovered,
meaning that if you want your gpg key to move to a new laptop you must
keep an unconverted backup copy in a safe location.

When you do a list command, all TPM keys show up as

     card-no: TPM-Protected

The key is stored encrypted to the TPM2 storage seed and since each
TPM has a unique seed, only the single TPM contained in your laptop
can now read the key.  This means you cannot simply copy the shadowed
key file over to a new laptop, you must copy over the backup copy and
then convert it to TPM form on the new laptop.

To decomission your laptop, execute a tssclear command which
regenerates the storage seed and effectively shreds all keys.  Note
when you have done this *every* TPM2 shadowed private key becomes
unreadable by any TPM and all are effectively destroyed.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

Very minor cosmetic changes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-10 13:34:18 +01:00
James Bottomley
1f995b9ba4
agent: Add new shadow key type and functions to call tpm2daemon
* agent/call-tpm2d.c: New.
* divert-tpm2.c: New.
* agent/Makefile.am: Add new files.
* agent/agent.h (DAEMON_TPM2D): New.  Add stub fucntions.
* agent/call-daemon.c (GNUPG_MODULE_NAME_TPM2DAEMON): New.
* agent/command.c (do_one_keyinfo): Handle tpmv2.
* agent/gpg-agent.c (oTpm2daemonProgram): New.
(opts): New option --tpm2daemon-program.
(parse_rereadable_options): Handle option.
* agent/pkdecrypt.c (agent_pkdecrypt): Divert to tpm2d.
(agent_pksign_do): Ditto.
---

A new shadow key type: "tpm2-v1" is introduced signalling that the
shadowed key is handled by the tpm2daemon.  A function to identify
this type is introduced and diversions to the tpm2daemon functions are
conditioned on this function for pkign and pkdecrypt where the same
diversions to scd are currently done.  The (info) field of the
shadowed key stores the actual TPM key.  The TPM key is encrypted so
only the physical TPM it was created on can read it (so no special
protection is required for the info filed), but if the (info) field
becomes corrupt or damaged, the key will be lost (unlike the token
case, where the key is actually moved inside the token).

Note, this commit adds handling for existing TPM format shadow keys,
but there is still no way to create them.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

Additional changes:
* Add ChangeLog entries.
* Some minor indentation fixes.
* agent/Makefile.am (gpg_agent_SOURCES): Change to make distcheck
  work.
* agent/agent.h [!HAVE_LIBTSS]: Do not return -EINVAL but an
  gpg_error_t.  Mark args as unused.
* agent/protect.c (agent_is_tpm2_key): Free BUF.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-10 13:23:05 +01:00
Werner Koch
33c492dcb9
w32: Cleanup use of pid_t in call-daemon
* agent/call-daemon.c (struct wait_child_thread_parm_s) [W32]: Do not
use HANDLE for pid_t.
(wait_child_thread): Ditto.
--

Mingw has its own definition of pid_t as does libassuan.  We should use
this instead of using HANDLE.  Things are a bit complicated in
Windows, because Windows also has a pid_t but that is mostly useless;
in particular because you can't wait on a real pid but need a handle.
2021-03-08 21:53:29 +01:00
Werner Koch
0be4861762
po: Change translatability of a fallback string.
* agent/call-pinentry.c (setup_genpin): Do not make the fallback
translatable.
2021-02-18 14:43:43 +01:00
NIIBE Yutaka
42e637a1c3 agent: Comment spell fix.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-02-12 16:07:19 +09:00
Werner Koch
224e26cf7b
agent: Support ssh-agent extensions for environment variables.
* common/session-env.c (session_env_list_stdenvnames): Extend to allow
return all names as one string.
* agent/command-ssh.c (SSH_REQUEST_EXTENSION): New.
(SSH_RESPONSE_EXTENSION_FAILURE): New.
(request_specs): Add handler for the extension command.
(ssh_handler_extension): New.
--

The extension mechanism is specified in
https://tools.ietf.org/html/draft-miller-ssh-agent-04

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-01-25 10:35:06 +01:00
Werner Koch
9500432b7a
Require Libgcrypt 1.9
* configure.ac: Require at least Libgcrypt 1.9.0.  Remove all
GCRYPT_VERSION_NUMBER dependent code.
--

Only Libgcrypt 1.9 implements EAX which is a mandatory algorithm in
RFC4880bis.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-01-19 10:33:03 +01:00
NIIBE Yutaka
eda3c688fc agent: Allow decryption with card but no file.
* agent/pkdecrypt.c (agent_pkdecrypt): Support decryption with card
but without a stub key.

--

GnuPG-bug-id: 5170
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-08 15:15:45 +09:00
NIIBE Yutaka
9beab36dfa agent: Clean up the API of agent_pkdecrypt.
* agent/agent.h (agent_pkdecrypt): Use gpg_error_t type.
* agent/pkdecrypt.c (agent_pkdecrypt): Use gpg_error_t type.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-08 15:06:33 +09:00
NIIBE Yutaka
cbb0e069f5 agent: Allow pksign operation with card but no file.
* agent/pksign.c (agent_pksign_do): Add support with no file.

--

GnuPG-bug-id: 5166
Signed-off-by: Ingo Klöcker <dev@ingo-kloecker.de>
2020-12-08 13:20:29 +09:00
Werner Koch
7113263a00
agent: Fix YK s/n and prettify the request card prompt for Yubikeys
* agent/divert-scd.c (ask_for_card): Detect and re-format the Yubikey
prompt.
* scd/app.c (app_munge_serialno): Fix Yubikey s/n munging.
(card_get_dispserialno): Ditto.
* scd/app-openpgp.c (get_disp_serialno): Remove.
(get_prompt_info): Use app_get_dispserialno.--
--
2020-11-26 15:56:37 +01:00
Gavin L. Rebeiro
572bcacc28
doc: Fix typos
--
GnuPG-bug-id: 5071

Also fixed one in keyformat.txt [wk].
2020-11-23 12:11:15 +01:00
NIIBE Yutaka
cc8b99d18e Fix the previous comment changes help doc string.
* scd/command.c (hlp_learn): Fix the doc string.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-20 17:17:30 +09:00
NIIBE Yutaka
0a265d6498 gpg,agent: Fix comments for KEYPAIRINFO status report.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-20 09:56:52 +09:00
NIIBE Yutaka
8ddadbbdbb agent: Fix creating shadow key on card key generation.
* agent/command.c (cmd_readkey): Fix handling --card option.

--

Fixes-commit: 9c719c9c1ff34cc06a0fef2bfe29cfd7182753eb
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-19 15:44:59 +09:00
Werner Koch
d574213ce2
w32: Replace some fopen by es_fopen.
* agent/protect-tool.c (read_file): Replace fopen by es_fopen.
* dirmngr/dirmngr-client.c (read_pem_certificate):  Ditto.
(read_certificate): Ditto.
* g10/keydb.c (rt_from_file): Ditto.
* kbx/kbxutil.c (read_file): Ditto.
* g10/plaintext.c (get_output_file) [__riscos__]: Remove code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-11 15:23:22 +01:00
NIIBE Yutaka
ba4f684167 agent: Fix SOS handling with libgcrypt 1.8.
* agent/cvt-openpgp.c (apply_protection): Handle opaque MPI.

--

GnuPG-bug-id: 5116
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-09 11:04:22 +09:00
Werner Koch
c896112fa3
agent: Minor tweaks to the new genpin inquiry.
* agent/call-pinentry.c (generate_pin): Use STRING random which is
sufficient for a passphrase.
(inq_cb): s/rc/err/.  Do not print two errors in case generate_pin
fails.  Lowercase strings as per GNU standards.
(setup_genpin): Fix translation test.
(setup_qualitybar): Ditto.
--

Our policy is to use VERY_STRONG for a long term public key but not
for symmetric keys.

The GNU standards to demand that strings start with a lowercase
because that seems to be needed if it follows a prefix of for example
"gpg:".  I don't actually like this becuase we need different strings
in interactive and standard mode but the majory of strings in GnuPGare
written this way.  If a translation is necessary it can be done with
an en_GB or so locale.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-06 15:43:08 +01:00
Andre Heinecke
557ddbde32
agent: Add genpin inquiry for pinentry
* agent/call-pinentry.c (agent_get_passphrase): Setup genpin.
(do_getpin): Update with new name for inquire callback.
(inq_quality): Rename to inq_cb and add genpin support.
(inq_cb): Renamed form inq_quality.
(generate_pin): New helper to generate a pin.
(agent_askpin): Fix some typos.
(setup_genpin): Provide new strings for pinentry.

--
This implements the gpg-agent side for generating a pin
especially for symmetric encryption using libgcrypt randomness
and checking it against the gpg-agent constraints.
2020-11-06 14:22:28 +01:00
Werner Koch
7e22e08e2a
common: New functions gnupg_opendir et al.
* common/sysutils.h (struct gnupg_dirent_s): New.
* common/sysutils.c: Include dirent.h.
(struct gnupg_dir_s): New.
(gnupg_opendir, gnupg_readdir, gnupg_closedir): New.  Change all
callers of opendir, readdir, and closedir to use these functions.
--

GnuPG-bug-id: 5098
2020-10-21 17:00:32 +02:00
Werner Koch
18e5dd7b03
Replace all calls to stat by gnupg_stat.
* common/sysutils.c (gnupg_stat): New.
* common/sysutils.h: Include sys/stat.h.
--

Yet another wrapper for Unicode support on Windows.

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-20 16:38:06 +02:00
Werner Koch
390497ea11
Replace most of the remaining stdio calls by estream calls.
--

We need to use es_fopen on Windows to cope with non-ascii file names.
This is quite a large but fortunately straightforward change.  At a
very few places we keep using stdio (for example due to the use of
popen).

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-20 12:15:56 +02:00
Werner Koch
c94ee1386e
Replace all calls to access by gnupg_access
* common/sysutils.c (gnupg_access): New.  Replace all calls to access
by this wrapper.
* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
directory name.
(standard_homedir): Adjust for change.
(w32_commondir, gnupg_cachedir): Ditto.
--

Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows.

This is required to correctly handle non-ascii filenames on Windows.

GnuPG-bug-id: 5098
2020-10-20 12:15:55 +02:00
NIIBE Yutaka
33cb1655f1 agent: Fix SEGV when debuging for cache enabled.
* agent/cache.c (agent_get_cache): Avoid dereferencing NULL.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-09 13:57:29 +09:00
Werner Koch
26da47ae53
scd: Extend KEYPAIRINFO with an algorithm string.
* scd/app-openpgp.c (send_keypair_info): Emit the algo string as part
of a KEYPAIRINFO.
* scd/command.c (do_readkey): Ditto.
* scd/app-piv.c (do_readkey): Ditto.
* scd/app-nks.c (do_learn_status_core): Ditto.
(struct fid_cache_s): Add field algostr.
(flush_fid_cache): Release it.
(keygripstr_from_pk_file): Fill it and add it to the cache.  Use a
single exit label.
* scd/app-help.c (app_help_get_keygrip_string_pk): Add new arg
r_algostr.  Change all callers.
--

This is helpful so that callers do not need to parse the key for this
basic information.  Use "scd readkey --info-only" to return the info
status line instead of the key material; using just --info returns the
info in addition to the key material.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-21 14:47:53 +02:00
NIIBE Yutaka
8a84a71f3a agent: Fix regression for access through the extra secket.
* agent/command.c (cmd_keyinfo): Allow KEYINFO command for one key.
(cmd_scd): Allow SCD command to invoke GETINFO, GETATTR, and
KEYINFO --list=encr sub commands.

--

GnuPG-bug-id: 5063
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-18 10:29:54 +09:00
NIIBE Yutaka
dfdcf14738 common,agent,dirmngr,g10,tools: Fix split_fields API.
* common/stringhelp.h (split_fields): Use const * for the strings in
the ARRAY.
(split_fields_colon): Likewise.
* common/stringhelp.c (split_fields, split_fields_colon): Fix
the implementation.
* agent/call-scd.c, agent/command.c: Follow the change.
* common/t-stringhelp.c, dirmngr/loadswdb.c: Likewise.
* g10/call-agent.c, tools/card-call-scd.c: Likewise.
* tools/card-yubikey.c, tools/gpg-card.c: Likewise.
* tools/gpg-card.h, tools/gpg-wks-client.c: Likewise.
* tools/gpgconf-comp.c, tools/gpgconf.c: Likewise.
* tools/wks-util.c: Likewise.

--

The strings in the ARRAY don't need to be released by caller, as those
are references.  It's easier to follow the code when it's explicitly
const *.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-18 10:20:23 +09:00
Werner Koch
8ed85ef3de
agent: Keep some permissions of private-keys-v1.d.
* common/sysutils.c (modestr_to_mode): Re-implement.
(gnupg_chmod): Support keeping of permissions.
--

GnuPG-bug-id: 2312
2020-09-09 20:34:59 +02:00
Werner Koch
b17846e4fd
agent: Allow using --gogconf-list even if HOME does not exist.
* agent/gpg-agent.c (main): Do not create directories in gpgconf mode.
--

GnuPG-bug-id: 4866
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-25 10:56:06 +02:00
Werner Koch
1e61280ffc
doc: Typo fixes
--
2020-08-25 10:39:44 +02:00
Werner Koch
32aac55875
build: New configure option --disable-tests
* configure.ac: Add option --disable-tests.  Print warnings in the
summary.
(DISABLE_TESTS): New am_conditional.
--
GnuPG-bug-id: 4960
2020-08-20 10:54:17 +02:00
Werner Koch
b8c4dd902d
gpg: Fix regression for non-default --passphrase-repeat option.
* agent/command.c (cmd_get_passphrase): Take care of --repeat with
--newsymkey.
--

GnuPG-bug-id: 4997
2020-08-20 09:34:41 +02:00
Werner Koch
0da923a124
agent: Allow to pass a timestamp to genkey and import.
* agent/command.c (cmd_genkey): Add option --timestamp.
(cmd_import_key): Ditto.
* agent/genkey.c (store_key): Add arg timestamp and change callers.
(agent_genkey): Ditto.
* agent/findkey.c (write_extended_private_key): Add args timestamp and
new key to write a Created line.
(agent_write_private_key): Add arg timestamp.
(agent_write_shadow_key): Ditto.
 agent/protect-tool.c (agent_write_private_key): Ditto as dummy arg.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-17 15:05:49 +02:00
Werner Koch
d516ae685e
doc: Add a list of RFCS to DETAIL.
--
2020-08-13 11:00:59 +02:00
Werner Koch
bb096905b9
agent: Add option --pss to pksign to be used by smartcards.
* agent/command.c (cmd_sethash): Add option --pss and allow for
--hash=null.
* agent/agent.h (struct server_control_s): Add digest.is_pss and
zero where needed.
* agent/pksign.c (agent_pksign_do): Allow for PSS with cards.
* scd/command.c (cmd_pksign): Add for --hash=none.
--

This is not a full implementaion of PSS but allows scdaemon card
drivers to detect already PSS formatted data.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-10 10:22:42 +02:00