1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-29 19:48:43 +01:00
Commit Graph

1176 Commits

Author SHA1 Message Date
NIIBE Yutaka
2b11851624 agent: For ECC, use opaque MPI for key representation.
* agent/cvt-openpgp.c (scan_pgp_format): New with SOS support.
(do_unprotect): Use scan_pgp_format, handle opaque MPI for ECC.
(convert_from_openpgp_main): Use opaque MPI for ECC.
(apply_protection): Set GCRYMPI_FLAG_USER1 flag for encrypted secret.
(extract_private_key): Use "/qd" for ECC, opaque MPI.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-05 10:09:05 +09:00
NIIBE Yutaka
a7d46c78e2 agent,ssh: Tighten condition for EdDSA.
* agent/command-ssh.c (ssh_key_to_blob): Prepare for non-prefixed
point representation of EdDSA.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-05 09:20:21 +09:00
NIIBE Yutaka
2e988546c5 agent: Remove duplicated code for EdDSA.
* agent/command-ssh.c (ssh_receive_key): Curve is "Ed25519".
Use sexp_key_construct always.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-05 09:13:52 +09:00
NIIBE Yutaka
4c0b12f817 agent: Clean up do_encode_md.
* agent/pksign.c (do_encode_md): Directly use sexp_build.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-05 09:05:05 +09:00
Werner Koch
b18fb0264a
agent: Allow to use SETHASH for arbitrary data.
* agent/agent.h (struct server_control_s): Add field digest.data.
* agent/gpg-agent.c (agent_deinit_default_ctrl): Free that field.
* agent/command.c (reset_notify): Ditto.
(start_command_handler): ditto.
(cmd_sethash): Add new option --inquire.
* agent/call-scd.c (agent_card_pksign): For now return an error if
inquire mode was used.
* agent/command-ssh.c (ssh_handler_sign_request): Make sure
digest.data is cleared.
* agent/divert-scd.c (divert_pksign): Implement inquire mode.
* agent/pksign.c (agent_pksign_do): Ditto.
--

This is required to support EdDSA according to RFC8410.

GnuPG-bug-id: 4888
2020-05-18 19:24:41 +02:00
Werner Koch
c5c21a0646
agent: Print an error if gpg-protect reads the extended key format.
* agent/protect-tool.c (read_key): Detect simple extended key format.
--

This is a quick hack to get a useful error messages.  The real fix is
to replace the protect tool by a more useful new tool.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-30 17:27:42 +02:00
Werner Koch
451cd1b392
gpgconf: Further simplify the gpgconf option processing.
* common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
* tools/gpgconf-comp.c: here.
(known_options_scdaemon): Remove "options".
(known_options_dirmngr): Remove "options".
(known_options_gpgsm): Remove "options".
(known_options_gpg): Remove "options" and "keyserver".
(struct gc_option_s): Rename active t gpgconf_list.
(gc_component_list_options): Do not act upon active.
(option_check_validity): Ditto.
(is_known_option): Make it work correctly for unknown options.
(retrieve_options_from_program): Use renamed flag gpgconf_list only to
detect duplicated items from --gpgconf-list.  Do not set runtime.
Only e set the options if set by --gpgconf-list; never clear them.
* agent/gpg-agent.c: Simplify the --gpgconf-list output.
* dirmngr/dirmngr.c: Ditto.
* g10/gpg.c: Ditto.
* kbx/keyboxd.c: Ditto.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto.
* tests/openpgp/gpgconf.scm: Use "compliance" instead of "keyserver"
for the string arg test.
--

There is no need to read the list of options from the components
unless they convey a default value.  It is better to consult only the
list we have in gpgconf-comp.c to decide on whether an option should
be displayed.   Right, this might mess up thing if a newer gpgconf
version is used with an older component, but we already print warnings
in this case and in general we do not want to support this anymore -
the times of gpg 1.4. and 2.0 are long over now.

GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-14 19:12:41 +01:00
Werner Koch
4762367d66
agent: Fix todays --re-group commit.
--

Fixes-commit: c693b7f4ad
2020-03-06 17:02:01 +01:00
Werner Koch
c693b7f4ad
agent: Re-group the options in the --help output.
* agent/gpg-agent.c (oGreeting): Remove non existant dummy option.
--

This looks better and is also required for further simplifications of
gpgconf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:14:16 +01:00
Werner Koch
4423e9dcde
gpgconf: Support reading global options (part 2).
* tools/gpgconf-comp.c: Remove all regular option descriptions.  They
are now read in from the component.  Also remove a few meanwhile
obsolete options.
* agent/gpg-agent.c: Add option description which were only set in
gpgconf-comp.c.
* dirmngr/dirmngr.c: Ditto.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto.
* g10/gpg.c: Ditto.
--

This second part removes all regular option descriptions because they
can be read from the components.  A few were missing in the components
and thus moved to there.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 10:09:26 +01:00
Werner Koch
941a48f9b1
agent,dirmngr: Re-read the user specified config file.
* agent/gpg-agent.c (reread_configuration): Use a two-part config
file.
* dirmngr/dirmngr.c (reread_configuration): Ditto.
--

If --options is used to to set a specific options file, this file and
not the default file needs to be re-read on SIGHUP.

GnuPG-bug-id: 4788
2020-02-22 11:35:34 +01:00
Werner Koch
3bc004decd
Use gpgrt's new option parser for the tools.
* agent/preset-passphrase.c: Switch to the new option parser.
* agent/protect-tool.c: Ditto.
* kbx/kbxutil.c: Ditto.
* tools/gpg-card.c: Ditto.
* tools/gpg-check-pattern.c: Ditto.
* tools/gpg-connect-agent.c: Ditto.
* tools/gpg-pair-tool.c: Ditto.
* tools/gpg-wks-client.c: Ditto.
* tools/gpg-wks-server.c: Ditto.
* tools/gpgconf.c: Ditto.
* tools/gpgsplit.c: Ditto.
* tools/gpgtar.c: Ditto.
--

This is another part of changes.  A followup patch will address the
remaining daemons.

GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-21 20:28:47 +01:00
Werner Koch
2c823bd878
Use gpgrt's new option parser for gpgc, gpgsm, and gpg-agent.
* g10/gpgv.c: Use new option parser.
* sm/gpgsm.c: Ditto.
* agent/gpg-agent.c: Ditto.
(opts): Add option --no-options.
--

This is the next part of changes.  The latest libgpg-error is required
so that that re-reading options (SIGHUP) works.

GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 14:59:58 +01:00
Werner Koch
0e8f6e2aa9
gpg: Use gpgrt's new option parser to provide a global conf file.
* common/util.h: Remove argparse.h.
* common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS.
* configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
* agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include
argparse.h.  Do this also for all main modules which use our option
parser except for gpg.  Replace calls to strusage by calls to
gpgrt_strusage everywhere.

* g10/gpg.c (opts): Change type to gpgrt_opt_t.  Flag oOptions and
oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile.
(main): Change type of pargs to gpgrt_argparse_t.  Rework the option
parser to make use of the new gpgrt_argparser.
--

This is not yet finished but a make check works.  gpg has the most
complex and oldest option handling and thus this is the first
migration target.  SE-Linux checks and version-ed config files are
missing and will be added later.

GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 11:13:32 +01:00
Daniel Kahn Gillmor
0904b8ef34 Spelling cleanup.
No functional changes, just fixing minor spelling issues.

---

Most of these were identified from the command line by running:

  codespell \
    --ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \
    --skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \
    doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \
    NEWS README README.maint TODO

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-02-18 18:07:46 -05:00
Werner Koch
638526d37f
agent: Allow signing with card key even without a stub key.
* agent/call-scd.c (agent_card_serialno): Allow NULL for R_SERIAL.
(struct readkey_status_parm_s): New.
(readkey_status_cb): New.
(agent_card_readkey): Add optional arg R_KEYREF and change all
callers.
* agent/findkey.c (key_parms_from_sexp): Allow also a "public-key".
* agent/divert-scd.c (ask_for_card): Allow for SHADOW_INFO being NULL.
* agent/pksign.c (agent_pksign_do): Fallback to sign with an on-card
if there is no stub key yet.  Create the stub key.  Also fixed a
misnaming between s_pkey and s_skey.
--

This change allows to create OpenPGP keys directly from a card without
first making sure that a stub key exists.  It is also the less
surprising behaviour.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-13 11:45:41 +01:00
Werner Koch
6aff8a1328
build: Always use EXTERN_UNLESS_MAIN_MODULE pattern.
* common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only
here but now without the Norcroft-C.  Change all other places where it
gets defined.
* common/iobuf.h (iobuf_debug_mode): Declare unconditionally as
extern.
* common/iobuf.c (iobuf_debug_mode): Define it here.
* agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in
all main modules of all other programs.

* g10/main.h: Put util.h before the local header files.
--

This change is required for use with gcc/ld's LTO feature which does
not allow common blocks.  Further gcc 10 will make -fno-common the
default and thus this chnage is always needed.  What a pitty.

Co-authored-by: Tomáš Mráz
GnuPG-bug-id: 4831
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 21d9bd8b87)

- Applied respective chnages also to gpg-card and keyboxd.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-10 16:50:47 +01:00
Werner Koch
2e86cca7f4
agent: Avoid multiple calls to scd for KEYINFO.
* agent/command.c (struct server_local_s): Add last_card_keyinfo.
(eventcounter): Add maybe_key_change.
(cmd_genkey, cmd_scd, cmd_import_key, cmd_delete_key): Bump new
counter.
(cmd_keyinfo): Cache the keyinfo from the card.
(start_command_handler): Release the cache.
--

This cache speeds up processing of commands like "gpg -K" because
scdaemon does not need to be asked for each key as long as nothing
changed with the card.

We should have a better notification service from scdaemon to make
sure that we get only the relevant events.  What we do right now is a
bit course but sufficient.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-01-13 16:27:12 +01:00
Werner Koch
aaef0fc3a7
agent: Replace free by xfree in recently added code.
* agent/call-scd.c (agent_card_free_keyinfo): Use xfree.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-01-13 15:22:50 +01:00
Werner Koch
0e48aa0849
scd: Make SERIALNO --all work correctly and use it.
* scd/app.c (maybe_switch_app): Factor reselect code out to ...
(run_reselect): new.
(app_write_learn_status): Tweak diagnostics.
(app_do_with_keygrip): Run reselect if a card has more than one
switchable application.

* agent/call-scd.c (agent_card_serialno): Ditto.
* tools/card-call-scd.c (start_agent): Use option --all with SERIALNO.
(scd_serialno): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-01-13 12:12:57 +01:00
NIIBE Yutaka
15028627a1 agent: handle SSH operation by KEYGRIP.
* agent/command-ssh.c (card_key_available): Supply KEYINFO argument.
Call agent_card_readkey by KEYGRIP of KEYINFO.
Don't use $AUTHKEYID, but IDSTR of KEYINFO.
(ssh_handler_request_identities): Follow the change of
card_key_available.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-01-13 16:47:23 +09:00
NIIBE Yutaka
c31266716d agent: Extend agent_card_getattr with KEYGRIP.
* agent/agent.h (struct card_key_info_s): KEYGRIP null terminated.
(agent_card_getattr): Add KEYGRIP argument.
* agent/call-scd.c (agent_card_getattr): Handle KEYGRIP argument.
(card_keyinfo_cb): Make KEYGRIP null terminated.
* agent/command.c (cmd_readkey): Follow the change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-01-13 16:43:53 +09:00
Werner Koch
ce5a7fb72b
scd: Use a scdaemon internal key to protect the PIN cache IPC.
* agent/call-scd.c (handle_pincache_put): Do not decrypt.
(handle_pincache_get): New.
(inq_needpin): Call it.
* scd/command.c (set_key_for_pincache): New.
(pincache_put): Restructure and set key.
(pincache_get): Ditto.
--

This change does away with encrypting and decrypting the cached PIN in
the agent.  There is no need for this we can simply cache the
cryptogram and let scdaemon decrypt after retrieving it from the
agent.  This way we do not need to share a key between gpg-agent and
scdaemon and further the cached content is invalid after the scdaemon
process has been replaced.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-01-09 12:00:50 +01:00
NIIBE Yutaka
57b8ed61ab agent: SSH: SCD KEYINFO to list available keys.
* agent/agent.h (agent_card_cardlist): Remove.
(agent_card_keyinfo): Add CAP argument.
* agent/call-scd.c (card_cardlist_cb): Remove.
(agent_card_cardlist): Remove.
(agent_card_keyinfo): Support CAP constraint.
* agent/command-ssh.c (card_key_list): Remove.
(ssh_handler_request_identities): Use SCD KEYINFO command.
* agent/command.c (cmd_keyinfo): Follow the API change.
* agent/divert-scd.c (ask_for_card): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-01-09 11:55:42 +09:00
Werner Koch
d5c00354bb
agent: First changes to support a PIN cache for scdaemon.
* agent/agent.h (CACHE_MODE_PIN): New.
* agent/cache.c (housekeeping): Special handling of new new mode.
(agent_flush_cache): Ditto.  Add arg 'pincache_only' and change
caller.
(agent_put_cache): Support new mode.
(agent_get_cache): Ditto.
* agent/call-scd.c (wait_child_thread): Flush the entire PIN cache.
(start_scd): Ditto.
(agent_card_killscd): Ditto.
(handle_pincache_put): New.  Uses a dummy encryption key for now.
(pincache_put_cb): New.
(inq_needpin): Prepare for PINCACHE_GET inquiry.
(learn_status_cb): Handle the PINENTRY_PUT status line.
(get_serialno_cb): Ditto
(agent_card_pksign): Ditto.
(padding_info_cb): Ditto.
(agent_card_readcert): Ditto.
(agent_card_readkey): Ditto.
(agent_card_writekey): Ditto.
(card_getattr_cb): Ditto.
(card_cardlist_cb): Ditto.
(card_keyinfo_cb): Ditto.
(pass_status_thru): Ditto.
--

Take care: This is not finished.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-01-07 18:36:18 +01:00
Werner Koch
c8783b3a20
agent: Improve --debug-pinentry diagnostics
* agent/call-pinentry.c (atfork_cb): Factor code out to ...
(atfork_core): new.
--

We convey certain envvars directly via the environment to Pinentry and
thus they don't show up in the Assuan logging.  Because we better
don't call a logging function in an atfork handle, this patch splits
the code up and uses the same code to display what was done in at fork
after the connection has been established.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-25 11:39:56 +01:00
Werner Koch
5967cfcc71
dirmngr: Fixed typo in recently added diagnostic.
--
2019-11-18 18:24:01 +01:00
NIIBE Yutaka
9f39e0167d agent: Fix ask_for_card to allow a key on multiple cards.
* agent/divert-scd.c (ask_for_card): Don't use SERIALNO to select
card, but use KEYGRIP.

GnuPG-bug-id: 4695
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-09-05 17:18:39 +09:00
NIIBE Yutaka
bb82ad018a agent: Fix an error path of agent_get_confirmation.
* agent/call-pinentry.c (agent_get_confirmation): Make sure
unlock_pinentry is always called.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-08-07 05:38:30 +09:00
NIIBE Yutaka
02d8b38383 agent: Relax the handling of pinentry error for keyboard grab.
* agent/call-pinentry.c (start_pinentry): It's not fatal when
pinentry doesn't support no-grab/grab option.

GnuPG-bug-id: 4587
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-07-11 14:55:28 +09:00
NIIBE Yutaka
374a077554 agent: Close a dialog cleanly when gpg/ssh is killed for CONFIRM.
* agent/call-pinentry.c (watch_sock_start): Factor out
from do_getpin.
(watch_sock_end): Likewise.
(do_getpin): Use those functions.
(agent_get_confirmation): Likewise.
(popup_message_thread): Likewise.

--

Pinentry's dialog for confirmation should be also closed cleanly, as
well as the dialog for pin-input.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-28 09:33:30 +09:00
NIIBE Yutaka
0076bef202 agent: Allow TERM="".
* agent/call-pinentry.c (start_pinentry): When TERM is none,
don't send OPTION ttytype to pinentry.

--

GnuPG-bug-id: 4137
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-04 11:35:06 +09:00
NIIBE Yutaka
3a1bb00810 agent: Add pinentry_loopback_confirm declaration.
* agent/agent.h (pinentry_loopback_confirm): New.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-04 09:59:08 +09:00
NIIBE Yutaka
20acc7c022 g10,agent: Support CONFIRM for --delete-key.
* agent/call-pinentry.c (agent_get_confirmation): Add call of
pinentry_loopback_confirm.
(agent_popup_message_start): Likewise.
(agent_popup_message_stop): Return if it's loopback mode.
* agent/command.c (pinentry_loopback_confirm): New.

* g10/call-agent.c (default_inq_cb): Support "CONFIRM" inquery
when PINENTRY_MODE_LOOPBACK mode.
(confirm_status_cb): New.
(agent_delete_key): Supply confirm_status_cb to set the description
string for confirmation.

--

In the Assuan communication, we introduce new interaction:

    [gpg]                            [gpg-agent]
            --- CMD: PKDECRYPT -->
            <-- STATUS: SETDESC "..."
            <-- STATUS: SETOK "..."
            <-- STATUS: SETNOTOK "..."
            <-- INQUERY: CONFIRM 0/1 (0 for display, 1 for user query)
	    --- INQUERY-result: -->
	    <-- RESULT: ...

GnuPG-bug-id: 3465
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-04 09:17:21 +09:00
Werner Koch
f2ac6742d4
Return better error code for some getinfo IPC commands.
* agent/command.c (cmd_getinfo): Return GPG_ERR_FALSE as boolean False.
* g13/server.c (cmd_getinfo): Ditto.
* sm/server.c (cmd_getinfo): Ditto.
--

GPG_ERR_FALSE was introduced with libgpg-error 1.21 and we now require
a later version for gnupg 2.  Thus we can switch to this more
descriptive code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-03 16:33:10 +02:00
NIIBE Yutaka
6790eaf952 agent: Add A-flag for KEYINFO output for card.
* agent/command.c (do_one_keyinfo): Add ON_CARD argument to put
A-flag.
(cmd_keyinfo): Call agent_card_keyinfo to offer additional information
if it's on card.

--

This is a modification in gpg-agent, intended for better
enum_secret_keys in gpg frontend.

GnuPG-bug-id: 4244
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-29 16:19:46 +09:00
Werner Koch
a2a9071746
agent: Make an MD encoding function more robust.
* agent/pksign.c (do_encode_md): Use ascii_tolower and avoid
uninitalized TMP in the error case.
--

This is just in case libgcrypt ever returns an algorithm name longer
than 15 bytes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-28 12:27:52 +02:00
NIIBE Yutaka
19415a2652 agent: Remove unused agent_show_message.
* agent/call-pinentry.c (agent_show_message): Remove.
* agent/genkey.c (take_this_one_anyway): Rename from
take_this_one_anyway2.  Remove a dead path calling agent_show_message.
(check_passphrase_constraints): Use take_this_one_anyway.

--

Fixes-commit: 2778c6f8f4
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-28 11:29:25 +09:00
NIIBE Yutaka
7158a5696d agent: Stop scdaemon after reload when disable_scdaemon.
* agent/call-scd.c (agent_card_killscd): New.
* agent/gpg-agent.c (agent_sighup_action): Call agent_card_killscd.

--

GnuPG-bug-id: 4326
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-23 10:15:18 +09:00
NIIBE Yutaka
479f7bf31c agent: For SSH key, don't put NUL-byte at the end.
* agent/command-ssh.c (ssh_key_to_protected_buffer): Update
the length by the second call of gcry_sexp_sprint.

--

GnuPG-bug-id: 4502
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-21 15:50:28 +09:00
NIIBE Yutaka
dc35b25195 agent,scd: Scan and load all public keys for availability.
* agent/divert-scd.c (ask_for_card): Scan by SERIALNO command.
* scd/app-openpgp.c (do_with_keygrip): Make sure to load pubkey.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-16 10:09:41 +09:00
NIIBE Yutaka
1091f22511 agent: Support scdaemon operation using KEYGRIP.
* agent/agent.h (struct card_key_info_s): New.
(divert_pksign, divert_pkdecrypt): New API.
* agent/call-scd.c (card_keyinfo_cb): New.
(agent_card_free_keyinfo, agent_card_keyinfo): New.
* agent/divert-scd.c (ask_for_card): Having GRIP argument,
ask scdaemon with agent_card_keyinfo.
(divert_pksign, divert_pkdecrypt): Ditto.
* agent/pkdecrypt.c (agent_pkdecrypt): Supply GRIP.
* agent/pksign.c (agent_pksign_do): Ditto.

--

We are going to relax the requirment for SERIALNO of card.  It's OK,
when a card doesn't have recorded SERIALNO.  If a card has a key
with GRIP, it can be used.

GnuPG-bug-id: 2291, 4301
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-15 17:13:32 +09:00
Werner Koch
54e96c6fd2
agent: Replace most assert by log_assert.
--
2019-05-14 10:31:46 +02:00
Daniel Kahn Gillmor
5651b2c460
agent: correct length for uri and comment on 64-bit big-endian platforms
* agent/findkey.c (agent_public_key_from_file): pass size_t as int to
gcry_sexp_build_array's %b.

--

This is only a problem on big-endian systems where size_t is not the
same size as an int.  It was causing failures on debian's s390x,
powerpc64, and sparc64 platforms.

There may well be other failures with %b on those platforms in the
codebase, and it probably needs an audit.

Once you have a key in private-keys-v1.d/$KEYGRIP.key with a comment
or a uri of reasonable length associated with it, this fix can be
tested with:

   gpg-agent --server <<<"READKEY $KEYGRIP"

On the failing platforms, the printed comment will be of length 0.

Gnupg-bug-id: 4501
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-05-14 10:23:54 +02:00
Werner Koch
7098e4ce19
dirmngr: Add a CSRF expection for pm.me
--

Also comment typo fix.
2019-05-09 14:50:41 +02:00
Werner Koch
69e0b080f0
agent: If a Label is make sure that label is part of the prompt.
* agent/findkey.c (has_comment_expando): New.
(agent_key_from_file): Modify DESC_TEXT.
--

A Label entry in the keyfile is always set manually and thus we can
assume that the user wants to have this label in the prompt.  In case
the prompt template does not demand a comment this patch appends a
comment to thhe template.  This is a common case for on-disk keys used
by gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-07 11:50:38 +02:00
Werner Koch
5388537806
agent: Allow the use of "Label:" in a key file.
* agent/findkey.c (linefeed_to_percent0A): New.
(read_key_file): Add optional arg 'keymeta' and change all callers.
(agent_key_from_file): Prefer "Label:" over the comment for protected
keys.
--

If in the extended key format an item

  Label: This is my key

is found, "This is my key" will be displayed instead of the comment
intially recorded in the s-expression.  This is pretty useful for the
ssh keys because often there is only the original file name recorded
in the comment.

If no Label is found or it is empty the S-expression comment is used.

To show more than one line, the standard name-value syntax can be
used, for example:

  Label: The Ssh key
  <blank line>
  <space>I registered on fencepost.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-07 11:09:09 +02:00
Werner Koch
bdf252e76a
agent: Put Token lines into the key files.
* agent/findkey.c (write_extended_private_key): Add args serialno and
keyref.  Write a Token line if that does not yet exist.
(agent_write_private_key): Add args serialno and keyref and change all
callers.
(agent_write_shadow_key): Skip leading spaces.
* agent/keyformat.txt: Improve extended key format docs.
--

Noet that the extended key forma is the defaqult in 2.3.  This patch
is a first step to better handle tokens which carray the same key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-03 15:54:54 +02:00
Werner Koch
3c7a1f3aea
agent: Allow other ssh fingerprint algos in KEYINFO.
* agent/command.c (cmd_keyinfo): Allow for --ssh-fpr=ALGO.  Default to
the standard algo.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-26 09:02:19 +01:00
Werner Koch
91ae3e7fb6
agent: Re-introduce --enable-extended-key-format.
* agent/gpg-agent.c (oEnableExtendedKeyFormat): Re-introduce.
(parse_rereadable_options): Handle it in a special way.
* agent/protect.c (agent_protect): Be safe and set use_ocb only to 1
or 0.
* tools/gpgconf-comp.c: Add --enable-extended-key-format again.
--

This is required for backward compatible with profiles.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-06 17:58:39 +01:00
Werner Koch
05eff1f662
agent: Default to extended key format.
* agent/gpg-agent.c (oDisableExtendedKeyFormat, oNoop): New.
(oEnableExtendedKeyFormat): Remove.
(opts): Make --enable-extended-key-format a dummy option.  Add
disable-extended-key-format.
(parse_rereadable_options): Implement oDisableExtendedKeyFormat.
--

Extended key format is supported since vesion 2.1.12 which should have
long been replaced by a newer version inh all installations.  Thus for
2.3 we will make use of the extended-key-format by default.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-06 14:09:57 +01:00
NIIBE Yutaka
2abad7585a agent: Fix detection of exit of scdaemon.
* agent/call-scd.c (start_scd): Acquire START_SCD_LOCK for
SCD_LOCAL_LIST.  Move common case code to fast path.
Release START_SCD_LOCK before calling unlock_scd.
When new CTX is allocated, clear INVALID flag.
(agent_reset_scd): Serialize the access to SCD_LOCAL_LIST by
START_SCD_LOCK.

--

GnuPG-bug-id: 4377
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-03-06 11:00:10 +09:00
Werner Koch
e897e1e255
scd:piv: Implement import of private keys for Yubikeys.
* scd/app-piv.c (concat_tlv_list): Add arg 'secure' and adjust
 callers.
(writekey_rsa, writekey_ecc): New.
(do_writekey): New.
(do_writecert): Provide a better error message for an empty cert.
(app_select_piv): Register do_writekey.
* scd/iso7816.c (iso7816_send_apdu): New.
* scd/app-common.h (APP_WRITEKEY_FLAG_FORCE): New.
* agent/command.c (cmd_keytocard): Make the timestamp optional.
* tools/card-call-scd.c (inq_writekey_parms): Remove.
(scd_writekey): Rewrite.
* tools/gpg-card.c (cmd_writekey): New.
(enum cmdids): Add cmdWRITEKEY.
(dispatch_command, interactive_loop): Call cmd_writekey.
--

This has been tested with gpgsm and RSA keys.  For ECC keys only
partly tested using the sample OpenPGP nistp256 and nistp384 keys
because gpgsm does not yet support ECC certificates and thus we can't
write the certificates to the cert object after a writekey.  Note that
they nevertheless show up in "gpgcard list" because gpg-card searches
for them in gpg and gpgsm.  However, this does not work completely.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-05 15:49:20 +01:00
Werner Koch
bcc89a6df2
agent: Minor change to the KEYTOCARD command.
* agent/command.c (cmd_keytocard): Make timestamp optional.  Use
modern parser function.
* agent/call-scd.c (agent_card_writekey): Rename an arg and for
clarity return gpg_error_t instead of int.
* agent/divert-scd.c (divert_writekey): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-05 12:08:27 +01:00
NIIBE Yutaka
0173b249cf agent: PKSIGN should return signature in same format for card.
* agent/pksign.c (agent_pksign_do):

--

It's best to keep same data format by libgcrypt.

For card (due to historical reasons), gpg-agent or scdaemon used to
prefix 0x00 when it starts 0x80, so that it can be parsed signed MPI
as well as unsigned MPI.  It used to do nothing for preceding zeros.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-02-27 10:37:26 +09:00
Werner Koch
a12c3a566e
agent: Fix for suggested Libgcrypt use.
* agent/divert-scd.c (divert_pkdecrypt): Skip a flags parameter.
--

The libgcrypt docs say that a "flags" parameter should always be used
in the input of pkdecrypt.  Thus we should allow that parameter also
when parsing an s-expression to figure out the algorithm for use with
scdaemon.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-02-25 08:24:52 +01:00
NIIBE Yutaka
c395f83153 agent: Terminate pinentry process gracefully, by watching socket.
* agent/call-pinentry.c (watch_sock): New.
(do_getpin): Spawn the watching thread.

--

While we don't have npth_cancel (and it's difficult to implement it
correctly), this is a kind of best compromise allowing a thread's
polling when pinentry is active.

GnuPG-bug-id: 2011
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-02-19 14:36:50 +09:00
NIIBE Yutaka
99aa54323f agent: Minor change for pinentry status handling.
* agent/call-pinentry.c (struct entry_parm_s): Add status.
(do_getpin): Use param->status.
(agent_askpin): Copy param->status. to pininfo.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-02-19 14:28:04 +09:00
NIIBE Yutaka
ada797f477 agent: Factor out the getpin interaction.
* agent/call-pinentry.c (do_getpin): New.
(agent_askpin, agent_get_passphrase): Use do_getpin.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-02-19 11:55:55 +09:00
NIIBE Yutaka
02a2633a7f agent: Clear bogus pinentry cache, when it causes an error.
* agent/agent.h (PINENTRY_STATUS_*): Expose to public.
(struct pin_entry_info_s): Add status.
* agent/call-pinentry.c (agent_askpin): Clearing the ->status
before the loop, let the assuan_transact set ->status.  When
failure with PINENTRY_STATUS_PASSWORD_FROM_CACHE, it returns
soon.
* agent/findkey.c (unprotect): Clear the pinentry cache,
when it causes an error.

--

GnuPG-bug-id: 4348
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-01-28 12:58:13 +09:00
Werner Koch
ec13b1c562
gpg: Move S2K encoding function to a shared file.
* g10/passphrase.c (encode_s2k_iterations): Move function to ...
* common/openpgp-s2k.c: new file.  Remove default intialization code.
* common/openpgpdefs.h (S2K_DECODE_COUNT): New to keep only one copy.
* g10/call-agent.c (agent_get_s2k_count): Change to return the count
and print an error.
* agent/protect.c: Include openpgpdefs.h
* g10/card-util.c (gen_kdf_data): Adjust for changes
* g10/gpgcompose.c: Include call-agent.h.
(sk_esk): Adjust for changes.
* g10/passphrase (passphrase_to_dek): Adjust for changes.
* g10/main.h (S2K_DECODE_COUNT): Remove macro.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-26 23:10:38 +01:00
NIIBE Yutaka
ae966bbe9b agent: Support --mode=ssh option for CLEAR_PASSPHRASE.
* agent/command.c (cmd_clear_passphrase): Add support for SSH.

--

GnuPG-bug-id: 4340
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-01-25 12:08:09 +09:00
Werner Koch
055f8854d3
common: Extend function percent_data_escape.
* common/percent.c (percent_data_escape): Add new args prefix and
plus_escape.
* agent/command.c (cmd_put_secret): Adjust for changed function

* common/t-percent.c (test_percent_data_escape): Extend test for the
prefix.
(test_percent_data_escape_plus): new test for the plus escaping.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-24 10:02:52 +01:00
Werner Koch
d93797c8a7
ssh: Simplify the curve name lookup.
* agent/command-ssh.c (struct ssh_key_type_spec): Add field
alt_curve_name.
(ssh_key_types): Add some alternate curve names.
(ssh_identifier_from_curve_name): Lookup also bey alternative names
and return the canonical name.
(ssh_key_to_blob): Simplify the ECDSA case by using gcry_pk_get_curve
instead of the explicit mapping.
(ssh_receive_key): Likewise.  Use ssh_identifier_from_curve_name to
validate the curve name.  Remove the reverse mapping because since
GnuPG-2.2 Libgcrypt 1.7 is required.
(ssh_handler_request_identities): Log an error message.
--

This change will make it easier to support other curves, in particular
those from tokens.  Libgcrypt has a large list of alias names which we
now use to to make the mapping more flexible.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-17 15:58:30 +01:00
Werner Koch
cbcc8c1954
agent: Make the S2K calibration time runtime configurabe.
* agent/protect.c (s2k_calibration_time): New file global var.
(calibrate_s2k_count): Use it here.
(get_calibrated_s2k_count): Replace function static var by ...
(s2k_calibrated_count): new file global var.
(set_s2k_calibration_time): New function.
* agent/gpg-agent.c (oS2KCalibration): New const.
(opts): New option --s2k-calibration.
(parse_rereadable_options): Parse that option.
--

Note that using an unrelistic high value (like 60000) takes quite some
time for calibration.

GnuPG-bug-id: 3399
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-11 18:12:51 +01:00
Werner Koch
3a90efb7cf
scd: Add strerror to new error message.
* agent/call-scd.c (wait_child_thread): Add %s.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-30 12:38:51 +01:00
NIIBE Yutaka
483e63f9b5 agent: Better serialization for scdaemon access.
* agent/call-scd.c (unlock_scd): Move lock before accessing IN_USE.
(wait_child_thread): Add log_info for Windows, and fixed log_error
message.

--

The old code is still valid with cooperate threads, but this is
better.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-27 11:08:51 +09:00
NIIBE Yutaka
40c7923ea8 agent: Have a thread to wait for the child process of scdaemon.
* agent/call-scd.c (wait_child_thread): New.
(start_scd): Create a thread for wait_child_thread.
(agent_scd_check_aliveness): Remove.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-26 12:07:36 +09:00
NIIBE Yutaka
9fb3f0f3f7 agent: Defer calling assuan_release when it's still in use.
* agent/call-scd.c (struct scd_local_s): Remove LOCK, introduce IN_USE
and INVALID flags.
(unlock_scd): Call assuan_release when CTX is invalid.
(start_scd): Set IN_USE.
(agent_scd_check_aliveness): Don't call assuan_release when it's in use.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-26 11:35:22 +09:00
NIIBE Yutaka
f45d612469 agent: Clean up SCDaemon management.
* agent/call-scd.c (struct scd_local_s): Remove ctrl_backlink.
(start_scd): Don't assign to the field.
(agent_scd_check_aliveness): Fix typo in comment.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-26 10:37:02 +09:00
NIIBE Yutaka
804a77edd9 agent: Simplify agent_popup_message_stop.
* agent/call-pinentry.c (agent_popup_message_stop): Just kill it.

--

By checking if it's alive or not, we can lower a risk of sending
SIGINT to a wrong process on unusual condition when PID is re-used to
a different process.

That's true, however, since it's alive usually, simply sending SIGINT
is enough here.

Note that here is a race condition for detecting if process is active
or not;  A process can die just after being detected alive.

Moreover, when the process of pinentry accidentally died already, it
should have caused return of assuan_transact and the thread of
popup_message_thread likely already set popup_finished=1.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-14 10:45:15 +09:00
Werner Koch
b3a70b67f3
po: Clarify a translator's note.
--
2018-11-13 09:15:15 +01:00
Daniel Kahn Gillmor
a7c5d65eb5 all: fix more spelling errors 2018-10-25 16:53:05 -04:00
Daniel Kahn Gillmor
54eb375ff1 all: fix spelling and typos
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-10-24 15:56:18 -04:00
Werner Koch
2bdc4b6ed9
agent: Fix possible release of unitialize var in a genkey error case.
* agent/command.c (cmd_genkey): Initialize 'value'.
--

GnuPG-bug-id: 4222
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-24 20:16:26 +02:00
Werner Koch
7385e1babf
ssh: Fix possible infinite loop in case of an read error.
* agent/command-ssh.c (ssh_handler_add_identity): Handle other errors
than EOF.
--

GnuPG-bug-id: 4221
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-24 20:11:33 +02:00
Werner Koch
68b8096b66
agent: Fix build regression for Windows.
* agent/command-ssh.c (get_client_info): Turn client_uid into an int.
Fix setting of it in case of a failed getsocketopt.
* agent/command.c (start_command_handler): Fix setting of the pid and
uid for Windows.
--

Fixes-commit: 28aa689058
which obviously was only added to master.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-22 17:24:58 +02:00
NIIBE Yutaka
4ed941ff26 agent: Fix message for ACK button.
* agent/divert-scd.c (getpin_cb): Display correct message.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-10-12 11:36:59 +09:00
NIIBE Yutaka
827529339a agent: Support --ack option for POPUPPINPADPROMPT.
* agent/divert-scd.c (getpin_cb): Support --ack option.

--

We are now introducing "acknowledge button" feature to scdaemon,
so that we can support OpenPGPcard User Interaction Flag.

We will (re)use the mechanism of POPUPPINPADPROMPT for this.  Perhaps,
we will change the name of POPUPPINPADPROMPT, since it will be no
longer for PINPAD only.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-10-11 13:37:24 +09:00
NIIBE Yutaka
adce73b86f agent: Fix error code check from npth_mutex_init.
* agent/call-pinentry.c (initialize_module_call_pinentry): It's an
error when npth_mutex_init returns non-zero.

--

Actually, initialize_module_call_pinentry is only called once from
main.  So, this bug had no harm and having the static variable
INITIALIZED is not needed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-10 09:16:50 +09:00
Werner Koch
8a915cd9fa
agent: New commands PUT_SECRET and GET_SECRET.
* agent/agent.h (CACHE_MODE_DATA): New const.
* agent/cache.c (DEF_CACHE_TTL_DATA): new.
(housekeeping): Tweak for CACHE_MODE_DATA.
(cache_mode_equal): Ditto.
(agent_get_cache): Ditto.
(agent_put_cache): Implement CACHE_MODE_DATA.
* agent/command.c (MAXLEN_PUT_SECRET): New.
(parse_ttl): New.
(cmd_get_secret): New.
(cmd_put_secret): New.
(register_commands): Register new commands.
--

These commands allow to store secrets in memory for the lifetime of
the gpg-agent process.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-02 21:36:19 +02:00
Werner Koch
3978df943d
agent: Fix segv running in --server mode
* agent/command.c (start_command_handler): Do not write to
CLIENT_CREDS after an error.
--

assuan_get_peercred is special insofar that it returns a pointer into
CTX.  Writing data via this pointer should never be done.

Fixes-commit: 28aa689058
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-02 20:25:30 +02:00
Werner Koch
7ffc1ac7dd
agent: Add DBUS_SESSION_BUS_ADDRESS et al. to the startup list.
* agent/gpg-agent.c (agent_copy_startup_env): Replace explicit list
with the standard list.
--

Although the function agent_copy_startup_env is newer than
session_env_list_stdenvnames the latter was not used.  When
DBUS_SESSION_BUS_ADDRESS was added to the latter it was forgotten to
add it to the former as well.  Having all stdnames here seems to be
the Right Thing (tm) to do.

GnuPG-bug-id: 3947
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-06 18:29:15 +02:00
Werner Koch
7b7576637d
Merge branch 'STABLE-BRANCH-2-2' into master
--

Resolved Conflicts:
	NEWS  - removed
	configure.ac - removed

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-13 13:29:40 +02:00
Werner Koch
bbb5bfacc0
agent,dirmngr: Add "getenv" to the getinfo command.
* agent/command.c (cmd_getinfo): Add sub-command getenv.
* dirmngr/server.c (cmd_getinfo): Ditto.
--

It is sometimes helpful to be able to inspect certain envvars in a
running agent.  For example "http_proxy".

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-12 11:25:58 +02:00
Werner Koch
36373798c0
Merge branch 'STABLE-BRANCH-2-2' into master
--
Fixed conflicts:
  NEWS            - keep master
  configure.ac    - merge
  g10/card-util.c - mostly 2.2
  g10/sig-check.c - 2.2
2018-04-10 10:14:30 +02:00
Werner Koch
9f69dbeb90
agent: Improve the unknown ssh flag detection.
* agent/command-ssh.c (ssh_handler_sign_request): Simplify detection
of flags.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-10 07:59:52 +02:00
Daniel Kahn Gillmor
381c46818f agent: unknown flags on ssh signing requests cause an error.
* agent/command-ssh.c (ssh_handler_sign_request): if a flag is passed
during an signature request that we do not know how to apply, return
GPG_ERR_UNKNOWN_OPTION.

--

https://tools.ietf.org/html/draft-miller-ssh-agent-02#section-4.5 says:

    If the agent does not support the requested flags, or is otherwise
    unable or unwilling to generate the signature (e.g. because it
    doesn't have the specified key, or the user refused confirmation of a
    constrained key), it must reply with a SSH_AGENT_FAILURE message.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
GnuPG-bug-id: 3880
2018-04-09 18:06:38 -04:00
Daniel Kahn Gillmor
55435cdd4f agent: change documentation reference for ssh-agent protocol.
* agent/command-ssh.c: repoint documentation reference.

--

Damien Miller is now documenting the ssh-agent protocol via the IETF.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-04-09 18:00:29 -04:00
NIIBE Yutaka
80b775bdbb agent: Support SSH signature flags.
* agent/command-ssh.c (SSH_AGENT_RSA_SHA2_256): New.
(SSH_AGENT_RSA_SHA2_512): New.
(ssh_handler_sign_request): Override SPEC when FLAGS
is specified.

--

GnuPG-bug-id: 3880
Reported-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-04-06 14:58:14 +09:00
NIIBE Yutaka
96918346be agent,scd: Use pointer to represent HANDLE.
* agent/call-scd.c [HAVE_W32_SYSTEM] (start_scd): Format with %p.
* scd/command.c [HAVE_W32_SYSTEM] (option_handler): Use void *.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-27 16:24:17 +09:00
Werner Koch
d4dc4245bf
Merge branch 'STABLE-BRANCH-2-2' into master 2018-03-27 08:48:00 +02:00
Werner Koch
02dce8c0cc
agent: Make the request origin a part of the cache items.
* agent/cache.c (agent_put_cache): Add arg 'ctrl' and change all
callers to pass it.
(agent_get_cache): Ditto.

* agent/cache.c (struct cache_items_s): Add field 'restricted'.
(housekeeping): Adjust debug output.
(agent_flush_cache): Ditto.
(agent_put_cache): Ditto.  Take RESTRICTED into account.
(agent_get_cache): Ditto.
--

If requests are coming from different sources they should not share the
same cache.  This way we make sure that a Pinentry pops up for a
remote request to a key we have already used locally.

GnuPG-bug-id: 3858
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-27 08:40:58 +02:00
Werner Koch
05c55ee260
agent: New OPTION pretend-request-origin
* common/shareddefs.h (request_origin_t): New.
* common/agent-opt.c (parse_request_origin): New.
(str_request_origin): New.
* agent/command.c (option_handler): Implement new option.
--

This allows to pretend that a request originated from the extra or
browser socket.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 08:37:14 +01:00
Werner Koch
f574aabeeb
Merge branch 'STABLE-BRANCH-2-2' into wk-master 2018-03-06 16:26:26 +01:00
Werner Koch
f060cb5c63
agent: Also evict cached items via a timer.
* agent/cache.c (agent_cache_housekeeping): New func.
* agent/gpg-agent.c (handle_tick): Call it.
--

This change mitigates the risk of having cached items in a post mortem
dump.

GnuPG-bug-id: 3829
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-06 16:22:42 +01:00
Werner Koch
20539ea5ca
Merge branch 'STABLE-BRANCH-2-2' 2018-02-22 16:19:56 +01:00
Katsuhiro Ueno
df97fe2480
agent: Avoid appending a '\0' byte to the response of READKEY
* agent/command.c (cmd_readkey): Set pkbuflen to the length of the output
without an extra '\0' byte.
2018-02-14 17:11:17 +01:00
Werner Koch
f19ff78f0f
common: Use new function to print status strings.
* common/asshelp2.c (vprint_assuan_status_strings): New.
(print_assuan_status_strings): New.
* agent/command.c (agent_write_status): Replace by call to new
function.
* dirmngr/server.c (dirmngr_status): Ditto.
* g13/server.c (g13_status): Ditto.
* g13/sh-cmd.c (g13_status): Ditto.
* sm/server.c (gpgsm_status2): Ditto.
* scd/command.c (send_status_info): Bump up N.
--

This fixes a potential overflow if LFs are passed to the status
string functions.  This is actually not the case and would be wrong
because neither the truncating in libassuan or our escaping is not the
Right Thing.  In any case the functions need to be more robust and
comply to the promised interface.  Thus the code has been factored out
to a helper function and N has been bumped up correctly and checked in
all cases.

For some uses this changes the behaviour in the error case (i.e. CR or
LF passed): It will now always be C-escaped and not passed to
libassuan which would truncate the line at the first LF.

Reported-by: private_pers
2018-02-14 12:21:44 +01:00
NIIBE Yutaka
660eafa3a9 agent: Fix sending connecting process uid to pinentry.
* agent/command-ssh.c (get_client_info): Use LOCAL_PEERCRED.

--

LOCAL_PEERUID was wrong (while there is LOCAL_PEERUUID).
For FreeBSD and macOS, we can use LOCAL_PEERCRED to get uid.

GnuPG-bug-id: 3757
Fixes-commit: 28aa689058
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-01-26 10:52:56 +09:00
NIIBE Yutaka
c2e69a7a8c Merge branch 'STABLE-BRANCH-2-2' into master
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-01-26 10:47:28 +09:00
NIIBE Yutaka
d7207b39b7 agent: Fix last commit.
* configure.ac: Check ucred.h as well as sys/ucred.h.
* agent/command-ssh.c: Add inclusion of ucred.h.

--

It was T2981, adding ucred.h for Solaris.  We also need sys/ucred.h
for FreeBSD and macOS.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-01-26 10:42:31 +09:00
NIIBE Yutaka
08e686a6a6 agent: More fix for get_client_pid for portability.
* configure.ac: Check sys/ucred.h instead of ucred.h.
    * agent/command-ssh.c: Include sys/ucred.h.

--

It's *BSD and macOS thing.

Fixes-commit: f7f806afa5
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-01-26 10:13:34 +09:00
Werner Koch
c817e75028
Merge branch 'STABLE-BRANCH-2-2' into master
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-18 16:42:59 +01:00
Werner Koch
c81a447190
Change backlog from 5 to 64 and provide option --listen-backlog.
* agent/gpg-agent.c (oListenBacklog): New const.
(opts): New option --listen-backlog.
(listen_backlog): New var.
(main): Parse new options.
(create_server_socket): Use var instead of 5.
* dirmngr/dirmngr.c: Likewise.
* scd/scdaemon.c: Likewise.
--

GnuPG-bug-id: 3473
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-12 14:14:40 +01:00
Werner Koch
b38ca59bdb
Merge branch 'STABLE-BRANCH-2-2' into master 2017-12-11 10:42:38 +01:00
Werner Koch
6391de3e62
doc: Fix Dijkstra
--

Edsger Wybe Dijkstra (1930 --2002)
  - Dutch computer scientist
2017-12-08 07:40:06 +01:00
NIIBE Yutaka
5c121d4444 agent: Fix description of shadow format.
* agent/keyformat.txt, agent/protect.c, agent/t-protect.c: Fix.

--

https://lists.gnupg.org/pipermail/gnupg-devel/2015-April/029680.html

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-12-08 09:19:50 +09:00
NIIBE Yutaka
b9677ba16f
agent: Change intialization of assuan socket system hooks.
* agent/gpg-agent.c (initialize_modules): Add hook again.
(main): Remove setting of the system houk but add scoket system hook
setting after assuan initialization.
--

Thread initialization is better to be deferred after fork (in case of
UNIX).  assuan_sock_init should be earlier.  Thus, we need to change
system hooks for assuan_sock_* interface.  Or else, on Windows, it may
cause hang on server.

Updates-commit: 1524ba9656
GnuPG-bug-id: 3378
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-07 14:33:58 +01:00
NIIBE Yutaka
1524ba9656 agent: Set assuan system hooks before call of assuan_sock_init.
* agent/gpg-agent.c (initialize_modules): Move assuan_set_system_hooks.
(main): ... here, just before assuan_sock_init.

--

In Assuan, global variable SOCK_CTX is used internally, which is
initialized by assuan_sock_init.  When initialized, system hooks
are copied into SOCK_CTX structure.  Thus, system hooks should
be set, before the call of assuan_sock_init.

GnuPG-bug-id: 3378
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-12-06 11:20:51 +09:00
Werner Koch
b56dfdfc18
Use the gpgrt log functions if possible.
* common/logging.c: Do not build any code if we can use the gpgrt_log
functions.
(log_logv_with_prefix): Rename to log_logv_prefix and change order of
args so that this function matches its printf like counterpart
gpgrt_logv_prefix.  Change all callers.
(log_debug_with_string): Rename to log_debug_string. Change all
callers.
(log_printhex): Move first arg to end so that this function matches
its printf like counterpart gpgrt_log_printhex.  Change all callers.
* common/logging.h: Divert to gpgrt/libgpg-error if we can use the
gpgrt_log functions.
(bug_at): Add inline versions if we can use the gpgrt_log functions.
* configure.ac (GPGRT_ENABLE_LOG_MACROS): Add to AH_BOTTOM.
(mycflags): Add -Wno-format-zero-length.
--

This patch enables the use of the log function from libgpgrt (aka
libgpg-error).  Instead of checking a version number, we enable them
depending on macros set by recent gpg-error versions.  Eventually the
whole divert stuff can be removed.

The -Wno-format-zero-length is required because log_printhex can be
called with an empty format string.  Note that this is fully specified
standard C behaviour.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-27 15:00:25 +01:00
Werner Koch
18af15249d
agent: New option --auto-expand-secmem.
* agent/gpg-agent.c (oAutoExpandSecmem): New enum value.
(opts): New option --auto-expand-secmem.
(main): Implement that option.
--

Note that this option has an effect only if Libgcrypt >= 1.8.2 is
used.

GnuPG-bug-id: 3530
2017-11-24 10:30:25 +01:00
Werner Koch
7ffedfab89
gpg-agent: Avoid getting stuck in shutdown pending state.
* agent/gpg-agent.c (handle_connections): Always check inotify fds.
--

I noticed a gpg-agent processed, probably in shutdown_pending state,
which was selecting on only these two inotify fds.  The select
returned immediately but because we did not handle the fds in
shutdown_pending state they were not read and the next select call
returned one of them immediately again.  Actually that should not
hanppen because the

          if (active_connections == 0)
            break; /* ready */

should have terminated the loop.  For unknown reasons (maybe be just a
connection thread terminated in a gdb session) that did not happen.
By moving the check outside of the shutdown_pending condition and
closing the fd after they have been triggered the code should be more
robust.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 5d83eb9226)
2017-11-20 11:55:34 +01:00
NIIBE Yutaka
760aa8aada
agent: Use clock or clock_gettime for calibration.
* agent/protect.c (calibrate_get_time): Use clock or clock_gettime.

--

For calibration, clock(3) is better than times(3) among UNIXen.
Tested on NetBSD 7.1 and FreeBSD 11.1, using QEMU.

Thanks to Damien Goutte-Gattat for the information of use of
CLOCKS_PER_SEC;  The old code with times(3) is not 100% correct,
in terms of POSIX.  It should have used sysconf (_SC_CLK_TCK) instead
of CLOCKS_PER_SEC.  CLOCKS_PER_SEC is specifically for clock(3).

GnuPG-bug-id: 3056, 3276, 3472
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 380bce13d9)
2017-11-20 11:53:44 +01:00
Werner Koch
5d83eb9226
gpg-agent: Avoid getting stuck in shutdown pending state.
* agent/gpg-agent.c (handle_connections): Always check inotify fds.
--

I noticed a gpg-agent processed, probably in shutdown_pending state,
which was selecting on only these two inotify fds.  The select
returned immediately but because we did not handle the fds in
shutdown_pending state they were not read and the next select call
returned one of them immediately again.  Actually that should not
hanppen because the

          if (active_connections == 0)
            break; /* ready */

should have terminated the loop.  For unknown reasons (maybe be just a
connection thread terminated in a gdb session) that did not happen.
By moving the check outside of the shutdown_pending condition and
closing the fd after they have been triggered the code should be more
robust.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-13 11:59:50 +01:00
NIIBE Yutaka
380bce13d9 agent: Use clock or clock_gettime for calibration.
* agent/protect.c (calibrate_get_time): Use clock or clock_gettime.

--

For calibration, clock(3) is better than times(3) among UNIXen.
Tested on NetBSD 7.1 and FreeBSD 11.1, using QEMU.

Thanks to Damien Goutte-Gattat for the information of use of
CLOCKS_PER_SEC;  The old code with times(3) is not 100% correct,
in terms of POSIX.  It should have used sysconf (_SC_CLK_TCK) instead
of CLOCKS_PER_SEC.  CLOCKS_PER_SEC is specifically for clock(3).

GnuPG-bug-id: 3056, 3276, 3472
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-11-07 10:49:36 +09:00
Werner Koch
3607ab2cf3
agent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time".
* agent/command.c (cmd_getinfo): New sub-commands.
* agent/protect.c (get_standard_s2k_count): Factor some code out to ...
(get_calibrated_s2k_count): new.
(get_standard_s2k_time): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 52d41c8b0f)
2017-11-06 15:11:24 +01:00
Werner Koch
78a6d0ce88
agent: New option --s2k-count.
* agent/agent.h (opt): New field 's2k_count'.
* agent/gpg-agent.c (oS2KCount): New enum value.
(opts): New option --s2k-count.
(parse_rereadable_options): Set opt.s2k_count.
--

This option is useful to speed up the starting of gpg-agent and in
cases where the auto-calibration runs into problems due to a broken
time measurement facility.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f7212f1d11)
2017-11-06 15:11:13 +01:00
Werner Koch
52d41c8b0f
agent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time".
* agent/command.c (cmd_getinfo): New sub-commands.
* agent/protect.c (get_standard_s2k_count): Factor some code out to ...
(get_calibrated_s2k_count): new.
(get_standard_s2k_time): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-06 15:03:06 +01:00
Werner Koch
f7212f1d11
agent: New option --s2k-count.
* agent/agent.h (opt): New field 's2k_count'.
* agent/gpg-agent.c (oS2KCount): New enum value.
(opts): New option --s2k-count.
(parse_rereadable_options): Set opt.s2k_count.
--

This option is useful to speed up the starting of gpg-agent and in
cases where the auto-calibration runs into problems due to a broken
time measurement facility.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-06 13:57:30 +01:00
NIIBE Yutaka
3da47d19df
agent: Fix returning GPG_ERR_NOT_FOUND wrongly.
* agent/learncard.c (agent_handle_learn): Find SERIALNO.

--

Bug is: "gpg-connect-agent learn /bye" just fails wrongly.

Fixes-commit: 8c8ce8711d
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 5e96fe72e4)
2017-11-02 17:04:03 +01:00
NIIBE Yutaka
5e96fe72e4 agent: Fix returning GPG_ERR_NOT_FOUND wrongly.
* agent/learncard.c (agent_handle_learn): Find SERIALNO.

--

Bug is: "gpg-connect-agent learn /bye" just fails wrongly.

Fixes-commit: 8c8ce8711d
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-11-02 16:23:10 +09:00
NIIBE Yutaka
3924e1442c
agent: Clean up pinentry access locking.
* agent/agent.h (struct server_control_s): Rename PINENTRY_ACTIVE.
* agent/call-pinentry.c (entry_owner): Remove.
(agent_reset_query): Use thread private object of PINENTRY_ACTIVE.
(unlock_pinentry): Add CTRL to arguments to access thread private.
Check and decrement PINENTRY_ACTIVE for recursive use.
(start_pinentry): Check and increment PINENTRY_ACTIVE for recursion.
(agent_askpin): Follow the change of unlock_pinentry API.
(agent_get_passphrase, agent_get_confirmation): Likewise.
(agent_show_message, agent_popup_message_start): Likewise.
(agent_popup_message_stop, agent_clear_passphrase): Likewise.

--

We use the member PINENTRY_ACTIVE as a thread private object.
It's only valid for a single thread at a time.

It would be possible to have a thread shared object of
PINENTRY_ACTIVE, keeping ENTRY_OWNER for distinguishing its
owner (which is also a thread shared object).  But, in this case,
access to ENTRY_OWNER is tricky (only comparison to accessing thread
would be OK with no lock), or we need to introduce another lock for
accessing ENTRY_OWNER, which complicates the code too much.

So, simply have a thread private object for recursive pinentry access.

GnuPG-bug-id: 3190
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit fb7828676c)
2017-10-27 14:15:58 +02:00
NIIBE Yutaka
4738256f2e
agent: Allow recursive use of pinentry.
* agent/agent.h (struct server_control_s): Add pinentry_level.
* agent/call-pinentry.c (agent_popup_message_stop): Not clear
ENTRY_CTX here.
(unlock_pinentry): Handle recursion.  Clear ENTRY_CTX here.
(start_pinentry): Allow recursive use.

--

GnuPG-bug-id: 3190
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 3b66a256e3)
2017-10-27 14:15:50 +02:00
NIIBE Yutaka
fb7828676c agent: Clean up pinentry access locking.
* agent/agent.h (struct server_control_s): Rename PINENTRY_ACTIVE.
* agent/call-pinentry.c (entry_owner): Remove.
(agent_reset_query): Use thread private object of PINENTRY_ACTIVE.
(unlock_pinentry): Add CTRL to arguments to access thread private.
Check and decrement PINENTRY_ACTIVE for recursive use.
(start_pinentry): Check and increment PINENTRY_ACTIVE for recursion.
(agent_askpin): Follow the change of unlock_pinentry API.
(agent_get_passphrase, agent_get_confirmation): Likewise.
(agent_show_message, agent_popup_message_start): Likewise.
(agent_popup_message_stop, agent_clear_passphrase): Likewise.

--

We use the member PINENTRY_ACTIVE as a thread private object.
It's only valid for a single thread at a time.

It would be possible to have a thread shared object of
PINENTRY_ACTIVE, keeping ENTRY_OWNER for distinguishing its
owner (which is also a thread shared object).  But, in this case,
access to ENTRY_OWNER is tricky (only comparison to accessing thread
would be OK with no lock), or we need to introduce another lock for
accessing ENTRY_OWNER, which complicates the code too much.

So, simply have a thread private object for recursive pinentry access.

GnuPG-bug-id: 3190
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-10-27 09:54:48 +09:00
NIIBE Yutaka
3b66a256e3 agent: Allow recursive use of pinentry.
* agent/agent.h (struct server_control_s): Add pinentry_level.
* agent/call-pinentry.c (agent_popup_message_stop): Not clear
ENTRY_CTX here.
(unlock_pinentry): Handle recursion.  Clear ENTRY_CTX here.
(start_pinentry): Allow recursive use.

--

GnuPG-bug-id: 3190
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-10-26 14:40:38 +09:00
NIIBE Yutaka
05cb87276c agent, tests: Support --disable-scdaemon build case.
* agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON.
* tests/openpgp/defs.scm (create-gpghome): Likewise.
* tests/gpgsm/gpgsm-defs.scm (create-gpgsmhome): Likewise.

--

We could modify gpg-agent to remove all support of scdaemon, with no
inclusion of call-scd.c, divert-scd.c, and learncard.c, but it would
not be worth to do that.

GnuPG-bug-id: 3316
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-10-26 11:39:49 +09:00
NIIBE Yutaka
bf26c08b95 agent, tests: Support --disable-scdaemon build case.
* agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON.
* tests/openpgp/defs.scm (create-gpghome): Likewise.
* tests/gpgsm/gpgsm-defs.scm (create-gpgsmhome): Likewise.

--

We could modify gpg-agent to remove all support of scdaemon, with no
inclusion of call-scd.c, divert-scd.c, and learncard.c, but it would
not be worth to do that.

GnuPG-bug-id: 3316
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-10-26 11:24:39 +09:00
Daniel Kahn Gillmor
28aa689058 agent: Send pinentry the uid of connecting process where possible.
* agent/agent.h (server_control_s): Add field 'client_uid'.
* agent/call-pinentry.c (start_pinentry): Add uid field to assuan
option "owner" sent to pinentry.
* agent/command-ssh.c (peer_info_s): New static struct.
(get_client_pid): Rename to...
(get_client_info): Here, and extract uid in addition to pid.
(start_command_handler_ssh): Use get_client_info() instead of
get_client_pid().
* agent/command.c (start_command_handler): Try assuan_get_peercred,
and only fall back to assuan_get_pid when assuan_get_peercred fails.

--

This also requires an update to pinentry to handle the new uid field.
Distributing the uid as well as the pid makes it harder for a
different user on the same machine to take advantage of any race
conditions between when a requesting process might ask for something
that needs pinentry, and when pinentry gets around to inspecting the
state of that process.

We put the uid before the nodename because the uid is guaranteed to be
a integer (represented in decimal), which makes it much simpler to
parse past than the potentially arbitrarily structured nodename.

Use a / instead of whitespace to delimit pid/uid at Werner's request.

If we were willing to depend on the nodename being
whitespace-delimited (as the current, unreleased pinentry code does),
then we could add the uid after the nodename.  But since no released
pinentry depends on this option anyway, i think we should make the
more conservative, easily-parseable choice and put the user ID first.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-10-19 03:09:44 -04:00
NIIBE Yutaka
9f5e50e7c8 agent: Fix cancellation handling for scdaemon.
* agent/call-scd.c (cancel_inquire): Remove.
(agent_card_pksign, agent_card_pkdecrypt, agent_card_writekey)
(agent_card_scd): Don't call cancel_inquire.

--

Since libassuan 2.1.0, cancellation command "CAN" is handled within
the library, by assuan_transact.  So, cancel_inquire just caused
spurious "CAN" command to scdaemon which resulted an error.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-09-20 10:42:28 +09:00
Daniel Kahn Gillmor
926d07c5fa agent: compile-time configuration of s2k calibration.
* configure.ac: add --with-agent-s2k-calibration=MSEC, introduces
AGENT_S2K_CALIBRATION (measured in milliseconds)
* agent/protect.c (calibrate_s2k_count): Calibrate based on
AGENT_S2K_CALIBRATION.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
GnuPG-bug-id: 3399
2017-09-08 17:08:57 -04:00
Daniel Kahn Gillmor
909fbca196 gpg: default to 3072-bit RSA keys.
* agent/command.c (hlp_genkey): update help text to suggest the use of
3072 bits.
* doc/wks.texi: Make example match default generation.
* g10/keygen.c (DEFAULT_STD_KEY_PARAM): update to
rsa3072/cert,sign+rsa3072/encr, and fix neighboring comment,
(gen_rsa, get_keysize_range): update default from 2048 to 3072).
* g10/keyid.c (pubkey_string): update comment so that first example
is the default 3072-bit RSA.

--

3072-bit RSA is widely considered to be 128-bit-equivalent security.
This is a sensible default in 2017.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Gbp-Pq: Topic update-defaults
Gbp-Pq: Name 0015-gpg-default-to-3072-bit-RSA-keys.patch
2017-09-08 11:37:42 -04:00
Andre Heinecke
6158811304
agent: Fix string translation for Windows
* agent/agent.h (L_): Define agent_Lunderscore when simple
gettext is used.

--
This fixes a regression introduced by b3286af3 ENABLE_NLS
is not defined if we use simple gettext and not gettext.

GnuPG-Bug-Id: T3364
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2017-08-23 11:04:47 +02:00
Daniel Kahn Gillmor
f011d8763a Simple typo fix.
* agent/gpg-agent.c: Correct spelling in comment.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-08-07 01:03:52 -04:00
Werner Koch
3d78ae4d3d
agent: Make --no-grab the default.
* agent/gpg-agent.c (oGrab): New const.
(opts): New option --grab.  Remove description for --no-grab.
(parse_rereadable_options): Make --no-grab the default.
(finalize_rereadable_options): Allow --grab to override --no-grab.
(main) <gpgconflist>: Add "grab".
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add "grab".

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-04 18:34:03 +02:00
Werner Koch
6c9899bede
agent: Make --ssh-fingerprint-digest re-readable.
* agent/gpg-agent.c (main): Move oSSHFingerprintDigest to ...
(parse_rereadable_options): here.
(opts): Change its description.
(main) <aGPGConfList>: Include this option.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add option at expert
level.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-28 18:23:46 +02:00
Werner Koch
5cf95157c5
agent: For OCB key files return Bad Passprase instead of Checksum Error.
* agent/protect.c (do_decryption): Map error checksum to bad
passpharse protection

* agent/call-pinentry.c (unlock_pinentry): Don't munge the error
source for corrupted protection.
--

GnuPG-bug-id: 3266
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-28 11:51:04 +02:00
Werner Koch
5516ef47a2
agent: Minor cleanup (mostly for documentation).
* agent/command.c (cmd_pksign): Change var name 'rc' to 'err'.
* agent/findkey.c (read_key_file): Ditto.  Change return type to
gpg_error_t.  On es_fessk failure return a correct error code.
(agent_key_from_file): Change var name 'rc' to 'err'.
* agent/pksign.c (agent_pksign_do): Ditto.  Change return type to
gpg_error_t.  Return a valid erro code on malloc failure.
(agent_pksign): Ditto.  Change return type to gpg_error_t.  replace
xmalloc by xtrymalloc.
* agent/protect.c (calculate_mic): Change return type to gpg_error_t.
(do_decryption): Ditto.  Do not init RC.
(merge_lists): Change return type to gpg_error_t.
(agent_unprotect): Ditto.
(agent_get_shadow_info): Ditto.
--

While code starring for bug 3266 I found two glitches and also changed
var name for easier reading.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-28 10:38:57 +02:00
Werner Koch
d50c2eff8d
agent,dirmngr: Check for homedir removal also using stat(2).
* agent/gpg-agent.c (have_homedir_inotify): New var.
(reliable_homedir_inotify): New var.
(main):  Set reliable_homedir_inotify.
(handle_tick): Call stat on the homedir.
(handle_connections): Mark availibility of the inotify watch.
* dirmngr/dirmngr.c (handle_tick): Call stat on the homedir.
(TIMERTICK_INTERVAL_SHUTDOWN): New.
(handle_connections): Depend tick interval on the shutdown state.
--

The stat call is used on systems which do not support inotify and also
when we assume that the inotify does not work reliable.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-26 10:27:36 +02:00
Werner Koch
f4ec7697a9
agent: Lengthen timertick interval on Unix to 4 seconds.
* agent/gpg-agent.c (TIMERTICK_INTERVAL): Same value for Windows and
Unix.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-26 10:03:04 +02:00
Werner Koch
0ef50340ef
w32: Also change the directory on daemon startup.
* agent/gpg-agent.c (main): Always to the chdir.
* dirmngr/dirmngr.c (main): Ditto.
* scd/scdaemon.c (main): Ditto.
--

Note that only dirmngr did not call the chdir with --no-detach.  thus
we kept it this way.

Tested gpg-agent by checking the properties shown by procexp.

Gnupg-bug-id: 2670
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-25 13:04:18 +02:00
Werner Koch
226f143ca0
common: New functions gnupg_daemon_rootdir and gnupg_chdir.
* common/sysutils.c (gnupg_chdir): New.
* common/homedir.c (gnupg_daemon_rootdir): New.
* agent/gpg-agent.c (main): Use these functions instead chdir("/").
* dirmngr/dirmngr.c (main): Ditto.
* scd/scdaemon.c (main): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-25 12:43:37 +02:00
Werner Koch
f2d2648a4d
Revert "w32: Change directory on daemon startup."
--
This reverts commit 78ebc62604.
Gnupg-bug-id: 2670
2017-07-25 12:19:08 +02:00
Marcus Brinkmann
78ebc62604 w32: Change directory on daemon startup.
* agent/gpg-agent.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.
* dirmngr/dirmngr.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.
* scd/scdaemon.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2670
2017-07-24 16:31:55 +02:00
NIIBE Yutaka
328fca1872 agent: Minor fix for Windows.
* agent/command-ssh.c (serve_mmapped_ssh_request): Add const
qualifier.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-24 15:26:20 +09:00
NIIBE Yutaka
fa63db89f9 Fix usage of ARGPARSE_OPTS.
* agent/gpg-agent.c, agent/preset-passphrase.c,
dirmngr/dirmngr-client.c, dirmngr/dirmngr_ldap.c, kbx/kbxutil.c,
tools/gpg-check-pattern.c, tools/gpgconf.c, tools/gpgsplit.c,
tools/symcryptrun.c: Use ARGPARSE_end.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-19 13:41:18 +09:00
Werner Koch
bbbd0db34b
agent: New GETINFO sub-command jent_active.
* agent/command.c (cmd_getinfo): Implement it for gcrypt >= 1.8.
--

For the de-vs compliance of gpg we need to check whether the Jitter
RNG is used on Windows.  This change allows to test this for
gpg-agent.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-17 15:53:16 +02:00
Werner Koch
3681ee7dc1
agent: Use MAX_PASSPHRASE_LEN (255) also for the loopback.
* agent/call-pinentry.c (agent_get_passphrase): Reduce maximum
passphrase length as conveyed to the loopback to MAX_PASSPHRASE_LEN.
* agent/genkey.c (agent_ask_new_passphrase): Extend the maximum
passphrase as conveyed to the loopback to MAX_PASSPHRASE_LEN.
--

Note that in genkey() max_length is set to MAX_PASSPHRASE_LEN + 1
because in agent_askpin() decrements that value before conveying it to
the loopback.

GnuPG-bug-id: 3254
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-05 11:54:45 +02:00
Werner Koch
ecd6c0160f
agent: Fix option --debug-wait
* agent/gpg-agent.c (opts): Typo fix.
--

Regression-due-to: ccee34736b
GnuPG-bug-id: 3225
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-28 08:45:24 +02:00
Justus Winter
2739647985
agent: Support unprotected ssh keys.
* agent/command-ssh.c (ssh_key_to_protected_buffer): If the empty
passphrase is supplied, do not protect the key.

GnuPG-bug-id: 2856
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-26 14:56:54 +02:00
Werner Koch
1ead1ca818
agent: Shutdown on removal of the home directory.
* common/sysutils.c (gnupg_inotify_watch_delete_self): New.
* agent/gpg-agent.c (handle_connections): Rename my_inotify_fd to
sock_inotify_fd.
(handle_connections): Add home_inotify_fd to watch the home directory.
--

GnuPG-bug-id: 3218

Note that we should add this also to dirmngr.  And for non-Linux
systems a stat in ticker should be implemented.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-23 13:20:42 +02:00
NIIBE Yutaka
c03e0eb01d agent: Fix error from do_encryption.
* agent/protect.c (do_encryption): Don't mask failure of OUTBUF
allocation.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-05-31 18:42:55 +09:00
NIIBE Yutaka
996544626e agent: Fix memory leaks.
* agent/divert-scd.c (ask_for_card): Free WANT_KID and WANT_SN_DISP.
* agent/gpg-agent.c (create_server_socket): Free UNADDR.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-05-30 13:56:20 +09:00
Justus Winter
525f2c482a
agent: Make digest algorithms for ssh fingerprints configurable.
* agent/agent.h (opt): New field 'ssh_fingerprint_digest'.
* agent/command-ssh.c (data_sign, ssh_identity_register): Honor the
option for strings used to communicate with the user.
* agent/findkey.c (agent_modify_description): Likewise.
* agent/gpg-agent.c (cmd_and_opt_values): New value.
(opts): New option '--ssh-fingerprint-digest'.
(parse_rereadable_options): Set the default to MD5 for now.
(main): Handle the new option.
* doc/gpg-agent.texi: Document the new option.
--

OpenSSH has transitioned from using MD5 to compute key fingerprints to
SHA256.  This patch makes the digest used when communicating key
fingerprints to the user (e.g. in pinentry dialogs) configurable.
For now this patch conservatively defaults to MD5.

GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-24 18:09:07 +02:00
Justus Winter
a5f046d99a
agent: Write both ssh fingerprints to 'sshcontrol' file.
* agent/command-ssh.c (add_control_entry): Hand in the key, write both
the MD5- and the SHA256-based fingerprint to the 'sshcontrol' file
when adding ssh keys.
(ssh_identity_register): Adapt callsite.

GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-24 17:32:58 +02:00
Justus Winter
3ac1a9d3a0
common: Support different digest algorithms for ssh fingerprints.
* common/ssh-utils.c (get_fingerprint): Add and honor 'algo' parameter.
(ssh_get_fingerprint{,_string}): Likewise.
* common/ssh-utils.h (ssh_get_fingerprint{,_string}): Update prototypes.
* common/t-ssh-utils.c (main): Adapt accordingly.
* agent/command-ssh.c (agent_raw_key_from_file): Likewise.
(ssh_identity_register): Likewise.
* agent/command.c (do_one_keyinfo): Likewise.
* agent/findkey.c (modify_description): Likewise.
--
This lays the foundation to support other algorithms.

GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-24 17:01:48 +02:00
NIIBE Yutaka
509e4a4d74 agent: Add const qualifier for read-only table.
* agent/call-pinentry.c (start_pinentry): Add const to tbl.
* agent/command-ssh.c (request_specs): Add const.
(ssh_key_types): Likewise.
(request_spec_lookup): Add const to the return value and SPEC.
(ssh_request_process): Likewise.
* agent/protect.c (protect_info): Add const.
(agent_unprotect): Add const to algotable.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-05-23 06:42:44 +09:00
Justus Winter
f4365790da
tests: Make it possible to run all tests using our infrastructure.
* Makefile.am (TESTS_ENVIRONMENT): New variable.
(check-all): New phony target to run all tests.
* tests/gpgme/gpgme-defs.scm (have-gpgme?): New function that tests
whether the GPGME test suite is available instead of exiting the
process.
* tests/gpgscm/init.scm (export): New macro.
* tests/gpgscm/tests.scm (run-tests): New function.
(load-tests): Likewise.
* tests/gpgme/run-tests.scm: Simplify and move the parsing of the list
of tests to 'all-tests.scm'.
* tests/gpgsm/run-tests.scm: Likewise.
* tests/migrations/run-tests.scm: Likewise.
* tests/openpgp/run-tests.scm: Likewise.
* tests/gpgme/Makefile.am: To select the tests to run, use the
variable 'TESTS'.  This harmonizes the interface with the automake
test suite.
* tests/gpgsm/Makefile.am: Likewise.
* tests/migrations/Makefile.am: Likewise.
* tests/openpgp/Makefile.am: Likewise.
* tests/openpgp/README: Likewise.
* agent/all-tests.scm: New file.
* common/all-tests.scm: Likewise.
* g10/all-tests.scm: Likewise.
* g13/all-tests.scm: Likewise.
* tests/gpgme/all-tests.scm: Likewise.
* tests/gpgsm/all-tests.scm: Likewise.
* tests/migrations/all-tests.scm: Likewise.
* tests/openpgp/all-tests.scm: Likewise.
* tests/run-tests.scm: Likewise.
--

This change allows us to run all tests in parallel and write one XML
report capturing the results of every test.  It also lays the
foundation to parametrize test suites.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-11 18:12:37 +02:00
NIIBE Yutaka
5c8fe54809 Spelling fixes in docs and comments.
--

In addition, fix trailing spaces in tests/inittests.

GnuPG-bug-id: 3121
Reported-by: ka7 (klemens)
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-28 10:06:33 +09:00
NIIBE Yutaka
9296aed4bd agent: More minor change.
* agent/command.c (cmd_pksign): Remove redundant assignment.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-17 20:03:36 +09:00
NIIBE Yutaka
45c52cca14 agent: Minor cleanup.
* agent/command-ssh.c (ssh_key_to_protected_buffer): Not touch ERR.
* agent/command.c (cmd_genkey, cmd_import_key): Clean up.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-17 16:43:36 +09:00
NIIBE Yutaka
36c4e540f1 agent: Clean up error initialize/return.
* agent/call-pinentry.c (start_pinentry): Return RC.
* agent/command-ssh.c (ssh_handler_request_identities): Don't set ERR.
* agent/findkey.c (try_unprotect_cb): Return ERR.
(unprotect): Don't set RC.
* agent/gpg-agent.c (handle_connections): Don't set fd.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-14 12:54:06 +09:00
NIIBE Yutaka
c64763c3a7 agent: Simplify stream_read_cstring.
* agent/command-ssh.c (stream_read_cstring): Just call
stream_read_string.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-12 09:24:48 +09:00
NIIBE Yutaka
170660ed11 agent: Use "ll" length specifier when time_t is larger.
* agent/command.c (cmd_keytocard): Use KEYTOCARD_TIMESTAMP_FORMAT.

--

On a big-endian 32-bit platform which uses 64-bit time_t, it might go
wrong.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-10 15:04:57 +09:00
NIIBE Yutaka
ebe12be034 agent: Serialize access to passphrase cache.
* agent/cache.c (encryption_lock): Remove.
(cache_lock): New.  Now, we have coarse grain lock to serialize
entire cache access.
(initialize_module_cache): Use CACHE_LOCK.
(init_encryption, new_data): Remove ENCRYPTION_LOCK.
(agent_flush_cache, agent_put_cache, agent_get_cache): Lock the cache.

--

GnuPG-bug-id: 3027
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-07 08:39:26 +09:00
NIIBE Yutaka
5744d2038b agent: Minor fix for get_client_pid.
* agent/command-ssh.c (get_client_pid): Use 0 to initialize.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-04 10:39:00 +09:00
Werner Koch
d23052b04e
gpgconf: Add --enable-extended-key-format for the agent.
* tools/gpgconf-conf.c: Add option.
* agent/gpg-agent.c (main) <aGPGConfList>: Add option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-03 16:54:43 +02:00
Werner Koch
d24375271b
agent: Use OCB for key protection with --enable-extended-key-format.
* agent/protect.c (PROT_DEFAULT_TO_OCB): Remove macro.
(agent_protect): Make the default protection mode depend on the extend
key format option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-02 20:02:55 +02:00
Werner Koch
2c237c1362
agent: New option --enable-extended-key-format.
* agent/gpg-agent.c (oEnableExtendedKeyFormat): New const.
(opts): New option --enable-extended-key-format.
(parse_rereadable_options): Set option
* agent/findkey.c (write_extended_private_key): Add arg 'update'.
(agent_write_private_key): Implement new option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-24 10:35:36 +01:00
Werner Koch
6fab7bba87
agent: New option --stub-only for DELETE_KEY
* agent/findkey.c (agent_delete_key): Add arg 'only_stubs'.
* agent/command.c (cmd_delete_key): Add option --stub-only.
--

This option can be used to savely remove stub keys.
2017-03-24 09:02:30 +01:00
NIIBE Yutaka
8c8ce8711d agent,g10: Remove redundant SERIALNO request.
* agent/learncard.c (agent_handle_learn): Don't call
agent_card_serialno.  Get the serialno in status response.
* g10/call-agent.c (agent_scd_learn): Don't request "SCD SERIALNO".
(agent_scd_serialno): New.
(card_cardlist_cb, agent_scd_cardlist): New.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-16 14:32:51 +09:00
NIIBE Yutaka
176e07ce10 agent: Resolve conflict of util.h.
* agent/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
* agent/call-pinentry.c, agent/call-scd.c: Follow the change.
* agent/command-ssh.c, agent/command.c, agent/cvt-openpgp.c: Ditto.
* agent/divert-scd.c, agent/findkey.c, agent/genkey.c: Ditto.
* agent/gpg-agent.c, agent/pksign.c, agent/preset-passphrase.c: Ditto.
* agent/protect-tool.c, agent/protect.c, agent/trustlist.c: Ditto.
* agent/w32main.c: Ditto.

--

For openpty function, we need to include util.h on some OS.
We also have util.h in common/, so this change is needed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 19:22:48 +09:00
NIIBE Yutaka
bf03925751 agent: Add include files.
* agent/command-ssh.c: Add sys/socket.h and sys/un.h.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 14:22:34 +09:00
NIIBE Yutaka
f7f806afa5 agent: Fix get_client_pid for portability.
* configure.ac: Simply check getpeerucred and ucred.h, and structure
members.
* agent/command-ssh.c: Include ucred.h.
(get_client_pid) [HAVE_STRUCT_SOCKPEERCRED_PID]: Use sockpeercred
structure for OpenBSD.
[LOCAL_PEERPID]: Use LOCAL_PEERPID for macOS.
[LOCAL_PEEREID]: Use LOCAL_PEEREID for NetBSD.
[HAVE_GETPEERUCRED]: Use getpeerucred for OpenSolaris.

--

This change also addresses following bug.

GnuPG-bug-id: 2981.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 14:06:35 +09:00
NIIBE Yutaka
4ce4f2f683 agent: For SSH, robustly handling scdaemon's errors.
* agent/command-ssh.c (card_key_list): Return 0 when
agent_card_serialno returns an error.
(ssh_handler_request_identities): Handle errors for card listing
and proceed to other cases.
--

GnuPG-bug-id: 2980

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-06 10:30:57 +09:00
Werner Koch
d6f0f36876
agent: Improve error message for the KEYTOCARD command.
* agent/command.c (cmd_keytocard): Always use leave_cmd.  Simplify
timestamp checking and do an early test with an appropriate error
message.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-02 12:29:31 +01:00
Werner Koch
f98c8cb013
scd,agent: Improve the OpenPGP PIN prompt texts.
* scd/app-openpgp.c (get_prompt_info): Change texts.
* agent/call-pinentry.c (struct entry_features): New.
(getinfo_features_cb): New.
(start_pinentry): Set new fucntion as status callback.
(build_cmd_setdesc): New.  Replace all snprintf for SETDESC by this
one.
--

Suggested-by: Andre Heinecke
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-22 18:51:02 +01:00
Werner Koch
e3944f34e3
scd: Improve the prompts for OpenPGP cards.
* scd/app-openpgp.c (get_disp_name): New.
(get_disp_serialno): New.
(get_prompt_info): New.
(build_enter_admin_pin_prompt): Rework the prompt texts.  Factor some
code out to ...
(get_remaining_tries): New.
(verify_a_chv): Print a remaining counter also for the standard PIN.
Rework the prompt texts.

* agent/divert-scd.c (ask_for_card): Pretty format an OpenPGP serial
no.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-22 15:48:33 +01:00
Werner Koch
6488ffb767
agent: Prepend the description to a PIN prompt.
* agent/divert-scd.c (has_percent0A_suffix): New.
(getpin_cb): Prepend DESC_TEXT to the prompt.
* agent/findkey.c (modify_description): Rename to ...
(agent_modify_description): this.  MAke global.  Add kludge to remove
empty parentheses from the end.
(agent_key_from_file, agent_delete_key): Adjust for above change.
* agent/pksign.c (agent_pksign_do): Modify DESC_TEXT also when
diverting to a card.
--

Now that we have support for multiple tokens, it is important to show
information on which key has been requested.  Without that it may
happen that the PIN for a wrong card is accidentally entered.

The texts are a bit ugly, because they talk about "passphrase" but
later about entering a PIN.

A quick hack would be to s/passphrase/PIN/ in the description but that
is complicated due to i18n.  Another solution might be never to talk
about PINs in the description but always about "passphrase: and only
use "PIN" or "passphrase" on the left of the entry field.
2017-02-22 11:04:55 +01:00
Werner Koch
78d875a0f8
agent: Prepare to pass an additional parameter to the getpin callback.
* agent/call-scd.c (writekey_parm_s, inq_needpin_s): Merge into ...
(inq_needpin_parm_s): new struct.  Add new field 'getpin_cb_desc'.
Change users to set all fields.
(inq_needpin): Pass GETPIN_CB_DESC to the GETPIN_CB.
(agent_card_pksign): Add arg 'desc_text' and change arg 'getpin_cb' to
take an additional arg 'desc_text'.
(agent_card_pkdecrypt): Ditto.
(agent_card_writekey): Change arg 'getpin_cb' to take an additional
arg 'desc_text'.
(agent_card_scd): Ditto.
* agent/divert-scd.c (getpin_cb): Add new arg 'desc_text'.
(divert_pksign): Add new arg 'desc_text' and pass is to
agent_card_pksign.
(divert_pkdecrypt): Add new arg 'desc_text' and pass is to
agent_card_pkdecrypt.
* agent/pkdecrypt.c (agent_pkdecrypt): Pass DESC_TEXT to
divert_pkdecrypt.
* agent/pksign.c (agent_pksign_do):  Pass DESC_TEXT to
divert_pksign.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-22 09:40:50 +01:00
Daniel Kahn Gillmor
ccb420380b Fix spelling.
--

Clean up several other misspellings noticed while reviewing Yuri's
de-duplication patch.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-21 13:11:46 -05:00
Yuri Chornoivan
24cf0606b4 Clean up word replication.
--

This fixes extra word repetitions (like "the the" or "is is") in the
code and docs.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-21 13:11:46 -05:00
NIIBE Yutaka
dea4b3c742 agent: No cards is not an error.
* agent/command-ssh.c (card_key_list): Care the case of no cards.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-02-17 20:02:38 +09:00
NIIBE Yutaka
3f4f64b6ac agent: Send back all public keys for available cards.
* agent/call-scd.c (card_cardlist_cb, agent_card_cardlist): New.
* agent/command-ssh.c (card_key_list): New.
(ssh_handler_request_identities): Call card_key_list and loop for the
list to send public keys for all available cards.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-02-17 19:46:01 +09:00
Werner Koch
042fe711c7
agent: Tell pinentry the hostname the agent is running on.
* agent/call-pinentry.c [!W32]: Incluse utsname.h
(start_pinentry): Pass nodename to OPTION/owner.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-03 21:16:26 +01:00
Werner Koch
309f464a59
agent: Tell the Pinentry the client's pid.
* configure.ac: Check for SO_PEERCRED et al.
* agent/agent.h (server_control_s): Add field 'client_pid'.
* agent/command.c (start_command_handler): Set CLIENT_PID.
* agent/command-ssh.c (get_client_pid): New.
(start_command_handler_ssh): Set CLIENT_PID.
* agent/call-pinentry.c (start_pinentry): Tell Pinentry the client-pid.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-03 17:13:08 +01:00
Werner Koch
7052a0d77c
gpg: More diagnostics for a launched pinentry.
* agent/call-pinentry.c (start_pinentry): Call getinfo/ttyinfo.
* g10/server.c (gpg_proxy_pinentry_notify): Simplify the output so
that we do not change the code when adding new fields to
PINENTRY_LAUNCHED.
--

This patch changes the --verbose output of gpg to show
for example

  gpg: pinentry launched (5228 gtk2 1.0.1-beta10 \
  /dev/pts/4 xterm localhost:10.0)

the used tty, its type, and the value of DISPLAY in addiion to the
pid, flavor, and version.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-03 12:05:16 +01:00
Werner Koch
f518196ca6
Fix explanation of commit e175152ef7.
--
2017-02-01 08:18:44 +01:00
Werner Koch
1ec7dc4e55
Explain commit e175152ef7.
--
2017-01-30 12:08:30 +01:00
Justus Winter
e175152ef7 agent: Fix double free.
* agent/cache.c (agent_store_cache_hit): Make sure the update is
atomic.
--
Previously, the function freed the last key, and duplicated the new
key after doing that.  There is a chance, however, that calling the
allocator surrenders control to a different thread, causing a double
free if a different thread also calls this function.

To make sure the update is atomic under the non-preemptive thread
model, we must make sure not to surrender control to a different
thread.  Therefore, we avoid calling the allocator during the
update.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-01-25 13:51:57 +01:00
Werner Koch
707c47f559
Update copyright notices for 2017.
--

Also some http:// -> https:// fixes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-23 19:16:55 +01:00
Werner Koch
3d356d165a
agent: Reduce sleep time in the progress callback.
* agent/gpg-agent.c (agent_libgcrypt_progress_cb): Reduce sleep time
from 100ms to 1ms or use gpgrt_yield when build against a recent
libgpg-error.
--

Debian-bug-id: 851298
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-18 10:13:18 +01:00
NIIBE Yutaka
0801f49b0d agent: Ask specific SERIALNO for pksign/pkdecrypt.
* agent/call-scd.c (agent_card_serialno): Add DEMAND argument.
* agent/command-ssh.c (card_key_available): Follow the change.
* agent/learncard.c (agent_handle_learn): Likewise.
* agent/divert-scd.c (ask_for_card): Use DEMAND argument.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-01-16 10:33:08 +09:00
Werner Koch
8d774904c8
agent,w32: Fix annoying output to DebugView.
* agent/gpg-agent.c (startup_fd_list): Do not define for W32.
(main) [W32]: Do not call get_all_open_fds.
--

GnuPG-bug-id: 2267
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-06 18:47:53 +01:00
Werner Koch
e384405b6e
Remove unused debug flags and add "dns" and "network".
* g10/options.h (DBG_CARD_IO_VALUE, DBG_CARD_IO): Remove.
* g10/gpg.c (debug_flags): Remove "cardio".
* agent/agent.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove.
* agent/gpg-agent.c (debug_flags): Remove "command".
* scd/scdaemon.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove.
* scd/scdaemon.c (debug_flags): Remove "command".
* dirmngr/dirmngr.h (DBG_DNS_VALUE, DBG_DNS): New.
(DBG_NETWORK_VALUE, DNG_NETWORK): New.
* dirmngr/dirmngr.c (debug_flags): Add "dns" and "network".
--

Note that "dns" and "network" are not yet used but will soon be added
to dirmngr.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-19 09:41:15 +01:00
Daniel Kahn Gillmor
8636ad5023 agent: Respect --enable-large-secmem
* agent/gpg-agent.c (main): Initialize secmem to the configured buffer
size.

--

This patch is a step toward addressing
GnuPG-bug-id: 2857

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-12-06 11:02:47 -05:00
Werner Koch
aa6ab9e0bc
agent,dirmngr: Tiny restructuring.
* agent/gpg-agent.c (handle_connections): Add a comment.
* dirmngr/dirmngr.c (main): Move assuan_sock_close of the listening
socket to ...
(handle_connections): here.  Add a comment why we keep the
listening socket open during a shutdown.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-29 20:35:23 +01:00
Werner Koch
854adc8ae1
agent,dirmngr: Handle corner case in shutdown mode.
* agent/gpg-agent.c (handle_connections): Keep on selecting on the
inotify fd even when a shutdown is pending.
* dirmngr/dirmngr.c (handle_connections): Ditto.  Also simplifyy the
use of the HAVE_INOTIFY_INIT cpp conditional.
--

Without that patch we won't notice a removed socket when a shutdown is
pending.  This is somewhat related to bug report 2849.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-29 20:17:03 +01:00
Werner Koch
81d6e98cdf
agent,w32: Initialize nPth in server mode.
* agent/gpg-agent.c (main) [W32]: Call initialize_modules in server
mode.
--

Fixes-commit: 9a707a223a
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-29 16:54:36 +01:00
NIIBE Yutaka
9a707a223a agent: Fix npth + daemon mode problem.
* agent/gpg-agent.c (main): Remove duplicated initialization in daemon
mode.

--
The commit f57dc2b1e6 fixes a part of
problem (for missing initialization of supervised mode).  It was
actually put in wrong place.

Fixes-commit: 9f92b62a51
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-11-21 11:18:33 +09:00
Werner Koch
6bf6981972
agent: Improve concurrency when Libgcrypt 1.8 is used.
* agent/gpg-agent.c (thread_init_once): Tell Libgcrypt to reinit the
system call clamp.
(agent_libgcrypt_progress_cb): Do not sleep if Libgcrypt is recent
enough.
--

This patch prepares for a feature comming with Libgcrypt 1.8.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-12 11:03:10 +01:00
Werner Koch
4473db1ef2
agent: Kludge to mitigate blocking calls in Libgcrypt.
* agent/gpg-agent.c (agent_libgcrypt_progress_cb): Sleep for 100ms on
"need_entropy".
--

During key generation Libgrypt will read from /dev/random which may
block.  Libgcrypt is not nPth aware and thus the entire process will
block.  Fortunately there is also a select with a short timeout to run
the progress callback.  We detect this in gpg-agent and introduce a
short delay to give other threads (i.e. connections) an opportunity to
run.

This alone is not sufficient, an updated Libgpg-error is also required
to make the lock functions nPth aware.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-11 20:36:58 +01:00
Daniel Kahn Gillmor
e51912f467
agent: Clean up comments.
* agent/agent.h: Clean up comments.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-11-11 08:27:55 +01:00
Werner Koch
4d7dc432b5
Change all http://www.gnu.org in license notices to https://
--
2016-11-05 12:02:19 +01:00
Werner Koch
c1ea0b577a
agent: Extend the PINENTRY_LAUNCHED inquiry and status.
* agent/call-pinentry.c (start_pinentry): Get flavor and version and
pass it to agent_inq_pinentry_launched.
* agent/command.c (agent_inq_pinentry_launched): Add arg EXTRA.
* g10/server.c (gpg_proxy_pinentry_notify): Print a new diagnostic.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-03 20:10:38 +01:00
Daniel Kahn Gillmor
68b59bbc42 Spelling: correct spelling of "passphrase".
There were several different variant spellings of "passphrase".  This
should fix them all for all English text.

I did notice that po/it.po contains multiple instances of
"passhprase", which also looks suspect to me, but i do not know
Italian, so i did not try to correct it.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-11-02 12:53:58 +01:00
Justus Winter
445f0c13d7 Fix typos.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-27 14:59:56 +02:00
Daniel Kahn Gillmor
6316b28e89 agent,common: move get_socket_name() into common.
* agent/gpg-agent.c (get_socket_name): move to ...
* common/sysutils.c (gnupg_get_socket_name): ... here.

--
This allows us to use the same functionality in dirmngr as well.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-10-27 10:37:17 +09:00
Werner Koch
b77f95a4a6
agent: Avoid double error message.
* agent/gpg-agent.c (map_supervised_sockets): Shorten error message.
Remove unneeded diagnostic.
--

get_socket_name already prints error messages and thus there is not
need to print another one.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-26 09:10:52 +02:00
Daniel Kahn Gillmor
27f6d5b9f4 agent: --supervised mode improvements.
* agent/gpg-agent.c (map_supervised_socket): if the agent is running
  in --supervised mode and is not actually given LISTEN_FDNAMES
  directives, require at least fd 3 to be open for listening.
--
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-10-26 14:18:29 +09:00
Justus Winter
852b8f0b89 agent,tests,w32: Fix relaying pinentry user data, fix fake-pinentry.
* agent/call-pinentry.c (start_pinentry): Also send the user data
using an Assuan 'OPTION' command.
* tests/openpgp/fake-pinentry.c (get_passphrase): Fix updating
passphrase file.
(spacep): Include newline characters.
(rstrip): New function.
(main): Handle Windows line endings.  Handle the userdata option, and
restart with the new options.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-25 17:07:08 +02:00
Werner Koch
8c40b3b98d
agent: Minor cleanup for recent change in findkey.c
* agent/findkey.c (agent_write_private_key): Avoid label name error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-24 13:01:06 +02:00
Werner Koch
fdb653a33e
agent: Slightly change structure of cmd_readkey.
* agent/command.c (cmd_readkey): Avoid a leave label in the middle of
the code.  Remove the special return.
--

This helps to get better debug output.

The set_error macro which is used by parse_keygrip merely sets the
error code into the Assuan context.  It is thus no problem anymore to
call leave_cmd after having used set_error.  This might havve been
diffferent in the past.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-24 12:59:57 +02:00
NIIBE Yutaka
6e85ac77af Fix use cases of snprintf.
* agent/call-pinentry.c, agent/call-scd.c, agent/command.c,
build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c,
dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c,
g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c,
sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 12:04:46 +09:00
NIIBE Yutaka
1ffd475f99 agent: Fix saving with FORCE=1.
* agent/findkey.c (agent_write_private_key): Recover from an error of
GPG_ERR_ENOENT when FORCE=1 and it is opened with "rb+".

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 10:57:29 +09:00
NIIBE Yutaka
9a34e2142b agent, g10: Fix keygen.
* agent/command.c (cmd_readkey): Get length after card_readkey.
* g10/keygen.c (gen_card_key): Fix off-by-one error.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-20 20:01:46 +09:00
NIIBE Yutaka
82cbab906a agent: Add --card option for READKEY.
* agent/findkey.c (agent_write_shadow_key): New.
* agent/command-ssh.c (card_key_available): Use agent_write_shadow_key.
* agent/learncard.c (agent_handle_learn): Likewise.
* agent/command.c (cmd_readkey): Add --card option.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-20 12:05:15 +09:00
Werner Koch
2f7d4c38c9
agent: Move inotify code to common and improve it.
* common/sysutils.c: Include sys/inotify.h.
(my_error_from_syserror, my_error): New.
(gnupg_inotify_watch_socket): New.
(gnupg_inotify_has_name): New.
* agent/gpg-agent.c: Do not include sys/inotify.h.
(my_inotify_is_name): Remove.
(handle_connections): Remove HAVE_INOTIFY_INIT protected code and use
the new functions.
--

When removing not a simple socket file but the entire directory the
old code missed most events and thus did not worked properly.

IN_DELETE_SELF has also been added to the watch list to detect a
removal of the directory.  However, in all tests that event was not
triggered.  The only way it could be triggered was by not watching
the socket dir but an arbitary directory and rmdir that.

GnuPG-bug-id: 2756
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-15 21:35:05 +02:00
NIIBE Yutaka
fb3b3e1e7a agent: Fix get_socket_name.
* agent/gpg-agent.c (get_socket_name): Fix the size of copying.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-07 19:00:10 +09:00
NIIBE Yutaka
fc0b392e76 agent, dirmngr, scd: Fix init_common_subsystems.
* common/init.c (_init_common_subsystems): Don't call
gpgrt_set_syscall_clamp in this function.
* agent/gpg-agent.c, dirmngr/dirmngr.c, scd/scdaemon.c: Call
gpgrt_set_syscall_clamp after npth_init.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-07 10:45:22 +09:00
Werner Koch
1cedc32c95
agent: Another minor fix to map_supervised_sockets.
* agent/gpg-agent.c (map_supervised_sockets): Remove debug message.
Provide correct fd in the second error case.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-05 11:48:59 +02:00
Werner Koch
f57dc2b1e6
agent: Fix npth + supervised mode problem.
* agent/gpg-agent.c (main): Initialize modules in supervised mode.
--

It was probably my fault.  I had to rebase my patches to take in the
npth patches but for some reason my addition of initialize_modules got
lost.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-05 09:13:27 +02:00
Daniel Kahn Gillmor
a2127c71db
agent: Fix error handling in map_supervised_sockets
* agent/gpg-agent.c (map_supervised_sockets): the file descriptor to
  close on error is fd, not i.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-10-05 08:11:53 +02:00
Werner Koch
1a9c8d78ec
agent: Streamline the supervised mode code.
* agent/gpg-agent.c (get_socket_path): Rename to ...
(get_socket_name): this.  This is to comply with the GNU coding guide.
Use xtrymalloc instead of malloc.  Do not build for W32.
(map_supervised_sockets): Use strtokenize and set the the socket names
here.
(main): Adjust for above change.  Do not close the socket.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-04 17:11:43 +02:00
Werner Koch
afcfae7959
agent: Adjust cleanup for supervised mode. Fix for W32.
* agent/gpg-agent.c (opts) [W32]: Remove option --supervised.
(is_supervised): Move from main() to global.
(inhibit_socket_removal): New.
(cleanup): Take care of supervise mode and INHIBIT_SOCKET_REMOVAL.
(check_own_socket_thread): Set INHIBIT_SOCKET_REMOVAL instead of
seting the socket names to empty.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-04 17:11:43 +02:00
Werner Koch
dc059af1ff
agent: Adjust supervised mode for the new default socket names.
* agent/gpg-agent.c (main): In supervised mode do not provide default
socket names.  Unset DISPLAY and INSIDE_EMACS.  Use log_error and
agent_exit.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-04 17:11:43 +02:00
Daniel Kahn Gillmor
9f92b62a51
agent: Implement --supervised command (for systemd, etc).
* agent/gpg-agent.c (get_socket_path): New function for POSIX systems
to return the path for a provided unix-domain socket.
(map_supervised_sockets): New function to inspect $LISTEN_FDS and
$LISTEN_FDNAMES and map them to the specific functionality offered by
the agent.
(main): Add --supervised command.  When used, listen on already-open
file descriptors instead of opening our own.
* doc/gpg-agent.texi: Document --supervised option.

--

"gpg-agent --supervised" is a way to invoke gpg-agent such that a
system supervisor like systemd can provide socket-activated startup,
log management, and scheduled shutdown.

When running in this mode, gpg-agent:

 * Does not open its own listening socket; rather, it expects to be
   given a listening socket on incoming file descriptors.

 * Does not detach from the invoking process, staying in the
   foreground instead.  Unless otherwise specified, logs are sent to
   stderr.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-10-04 17:11:43 +02:00
NIIBE Yutaka
eda17649f8 agent, dirmngr, scd: npth_init must be after fork.
* agent/gpg-agent.c (thread_init_once, initialize_modules): New.
(main): Make sure no daemonizing-fork call after npth_init, and no npth
calls before npth_init, with care of npth calls by assuan hooks.
* dirmngr/dirmngr.c (thread_init): New.
(main): Make sure npth_init must not be called before daemonizing fork.
* scd/scdaemon.c (main): Likewise.

--

It is simply the best for nPth not to allow the daemonizing fork after
npth_init, because semantics and implementations of forked child process
in a threaded application is a difficult corner case.

GnuPG-bug-id: 1779
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-04 09:01:13 +09:00
Werner Koch
80cc16e072
agent: Create the extra sockets in the standard socket dir.
* agent/gpg-agent.c (main): Take the socketdir in account for the
default sockets.
* tools/gpgconf.c (list_dirs): Add "agent-extra-socket" and
"agent-browser-socket".

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-30 19:21:51 +02:00
Werner Koch
95cf7afff0
agent: Kludge to allow disabling of the extra sockets.
* agent/gpg-agent.c (main): Check for special socket names.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-30 18:49:16 +02:00
Justus Winter
6054e8aaec build: Fix build against libiconv.
* agent/Makefile.am: Add INCICONV and LIBICONV.
* common/Makefile.am: Likewise.
* tools/Makefile.am: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-09-30 17:45:59 +02:00
Justus Winter
e11686f973 agent: Enable restricted, browser, and ssh socket by default.
* agent/gpg-agent.c (main): Provide defaults for 'extra-socket' and
'browser-socket', enable ssh socket by default, but do not emit the
'SSH_AUTH_SOCK' variable unless it has been explicitly requested.
* configure.ac (GPG_AGENT_{EXTRA,BROWSER}_SOCK_NAME): New definitions.
* doc/gpg-agent.texi: Update documentation.
--

This change enables the restricted, browser, and ssh socket by
default.  Note that in all cases, the user has to do some additional
configuration to her setup to make use of these features.  Therefore,
this should not break any existing setups, but makes it simpler to
discover and use these features.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-09-30 12:06:02 +02:00
NIIBE Yutaka
98bc6f480a agent: Allow only specific digest size for ECDSA.
* agent/pksign.c (do_encode_dsa): Fix validation of digest size.

--

Thanks to Steven Noonan <steven@uplinklabs.net> who offers patches
and a test case.

GnuPG-bug-id: 2702
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-09-27 14:01:18 +09:00
NIIBE Yutaka
7305d27f36 Fix comment and format.
* agent/protect-tool.c (main): Fix comment.
* doc/DETAILS (colon listings): Fix list.
* tests/openpgp/multisig.test: Fix comment.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-09-17 16:16:41 +09:00
Daniel Kahn Gillmor
0d67241e31 Fix more spelling
* NEWS, acinclude.m4, agent/command-ssh.c, agent/command.c,
  agent/gpg-agent.c, agent/keyformat.txt, agent/protect-tool.c,
  common/asshelp.c, common/b64enc.c, common/recsel.c, doc/DETAILS,
  doc/HACKING, doc/Notes, doc/TRANSLATE, doc/dirmngr.texi,
  doc/faq.org, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
  doc/instguide.texi, g10/armor.c, g10/gpg.c, g10/keyedit.c,
  g10/mainproc.c, g10/pkclist.c, g10/tofu.c, g13/sh-cmd.c,
  g13/sh-dmcrypt.c, kbx/keybox-init.c, m4/pkg.m4, sm/call-dirmngr.c,
  sm/gpgsm.c, tests/Makefile.am, tests/gpgscm/Manual.txt,
  tests/gpgscm/scheme.c, tests/openpgp/gpgv-forged-keyring.scm,
  tests/openpgp/multisig.test, tests/openpgp/verify.scm,
  tests/pkits/README, tools/applygnupgdefaults,
  tools/gpg-connect-agent.c, tools/mime-maker.c, tools/mime-parser.c:
  minor spelling cleanup.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-09-17 16:00:37 +09:00
Werner Koch
650356148a
agent: Terminate on deletion of the socket file (Linux only).
* configure.ac (AC_CHECK_FUNCS): Chec for inotify_init.
* agent/gpg-agent.c [HAVE_INOTIFY_INIT]: Include sys/inotify.h.
(my_inotify_is_name) [HAVE_INOTIFY_INIT]: New.
(handle_connections) [HAVE_INOTIFY_INIT]: New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-06 11:00:12 +02:00
Werner Koch
0b99d1fd2a
agent: Silence --debug IPC output for connections from self.
* agent/command.c (server_local_s): Add fields 'greeting_seen' and
'connect_from_self'.
(io_monitor): Do not log connections from self.
(start_command_handler): Set flag 'connect_from_self'.
* agent/gpg-agent.c (check_own_socket_thread): Disable logging.
(do_start_connection_thread): Do not log conection start and
termination if IPC debugging is enabled.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-05 16:24:14 +02:00
Werner Koch
2eeb5551c3
agent: Small improvement of the server's local state.
* agent/command.c (sserver_local_s): Change flags to use only one bit.
(option_handler): Make an atoi return 1 or 0.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-05 16:24:14 +02:00
Werner Koch
0ac671f8a2
common: Add an assuan logging monitor.
* common/asshelp.c (my_log_monitor): New var.
(my_libassuan_log_handler): Run that monitor.
(setup_libassuan_logging): Add arg to set a log monitor and change all
callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-05 11:58:48 +02:00
NIIBE Yutaka
8b6c0bae33 agent: invoke scdaemon with --homedir.
* agent/call-scd.c (start_scd): Supply --homedir option when it's not
default homedir.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-09-02 13:41:19 +09:00
Werner Koch
b5d63e81d5
agent: Allow import of overly large keys.
* agent/command.c (MAXLEN_KEYDATA): Double the size.
--

Debian-bug-id: 834447
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-16 19:06:28 +02:00
Daniel Kahn Gillmor
61c2a1fa6d
Call log_set_prefix() with human-readable labels.
* agent/preset-passphrase.c, agent/protect-tool.c, dirmngr/dirmngr.c
* dirmngr/t-http.c, g10/gpg.c, g10/gpgv.c, g13/g13-syshelp.c
* g13/g13.c, kbx/kbxutil.c, scd/scdaemon.c, sm/gpgsm.c
* tests/gpgscm/main.c, tools/gpg-check-pattern.c
* tools/gpg-connect-agent.c, tools/gpgconf.c, tools/gpgtar.c
* tools/symcryptrun.c: Invoke log_set_prefix() with
human-readable labels.

--

Some invocations of log_set_prefix() were done with raw numeric values
instead of values that humans can understand.  Use symbolic
representations instead of numeric for better readability.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-12 12:16:19 +02:00
Justus Winter
14479e2515 common: Rework the simple password query module.
* common/simple-pwquery.c (writen, readline): Drop.
(agent_send_option, agent_send_all_options, agent_open): Just use
libassuan.
(simple_pw_set_socket): Simplify.
(default_inq_cb): New function.
(simple_pwquery, simple_query): Just use libassuan.
* agent/Makefile.am (gpg_preset_passphrase_LDADD): Add libassuan.
* tools/Makefile.am (symcryptrun_LDADD): Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-08-11 12:49:30 +02:00
Justus Winter
9e6503b7ce common: Remove simple password query error codes.
* common/simple-pwquery.h: Remove mapping function.  Move all
definitions of status codes...
* common/simple-pwquery.c: ... here, and define them to meaningful gpg
error values.
* agent/preset-passphrase.c (preset_passphrase): Use error code as-is.
(forget_passphrase): Likewise.
* tools/symcryptrun.c (confucius_get_pass): Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-08-11 09:52:08 +02:00
NIIBE Yutaka
f14795d57f agent: SSH support fix.
* agent/command-ssh.c (ssh_handler_request_identities): Keep error
message same.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-08-10 13:51:14 +09:00
Werner Koch
e630f90499
agent: Fix regression in recent ssh changes.
* agent/command-ssh.c (sexp_key_construct): Lowercase the algo name.
--

We need to use a lowercase version of the algo in S-expression.
Unfortunately Libgcrypt has no function for this, thus we need to
malloc and first.

Fixes-commit: ebf24e3
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-09 17:44:54 +02:00
Ben Kibbey
49829c29e5 Cleanup initialization of libgcrypt.
* common/init.c (init_common_subsystems): Initialize libgcrypt.
* dirmngr/Makefile.am (dirmngr_ldap): Link with libgcrypt.

--
Most other modules already call gcry_check_version() after
init_common_subsystems() so may as well move initialization of libgcrypt
to here. Also fixes a warning in the system log from gpgconf --homedir.

Signed-off-by: Ben Kibbey <bjk@luxsci.net>
2016-08-09 10:47:46 +02:00
NIIBE Yutaka
ebf24e3b29 agent: SSH support improvement.
* agent/command-ssh.c (ssh_handler_request_identities): Skip a key with
error, not giving up to handle the request itself.
* agent/cvt-openpgp.c (extract_private_key): Support "ecdsa" key.

--

Note that "ecdsa" key is still in use by old versions of gpg-agent
through its SSH handling (until 2.1.14).  With old versions of
gpg-agent, adding ECDSA key by ssh-add command, "ecdsa" key will be
created.  So, "ecdsa" key should be supported.

For g10/gpg, "ecdsa" and "ecdh" was only used in some experimental
versions of libgcrypt, with parameters.  We now use "ecc" for all cases
in released versions.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-08-09 11:42:20 +09:00
NIIBE Yutaka
591a8373a5 agent: More clean up of SSH support.
* common/util.h (get_pk_algo_from_key): New.
* common/sexputil.c (get_pk_algo_from_key): The implementation.
* agent/gpg-agent.c: Remove include of openpgpdefs.h.
* agent/command-ssh.c (struct ssh_key_type_spec): Use integer ALGO.
(ssh_key_types): Update with GCRY_PK_*.
(make_cstring, sexp_extract_identifier): Remove.
(sexp_key_construct): Use gcry_pk_algo_name to get ALGO string.
(ssh_key_to_blob): Use cadr to get value list.
(ssh_key_type_lookup): Lookup with integer ALGO.
(ssh_receive_key): Follow the change of ssh_key_type_lookup.
(ssh_send_key_public): Likewise.  Use get_pk_algo_from_key to get ALGO.

--

This fixes the regresson introduced by the commit
894789c329.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-08-08 18:55:53 +09:00
Werner Koch
40d16029ed
agent: Fix long standing regression tracking the connection count.
* agent/gpg-agent.c (get_agent_active_connection_count): New.
(do_start_connection_thread, start_connection_thread_ssh): Bump
ACTIVE_CONNECTIONS up and down.
* agent/command.c (cmd_getinfo): Add subcommand "connections".
--

The variable ACTIVE_CONNECTIONS is used to shutdown gpg-agent in a
friendly way.  Before we switched to nPth a Pth provided count of
threads was used for this.  During the migration to nPth
ACTIVE_CONNECTIONS was introduced and checked but never set.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-06 10:15:47 +02:00
NIIBE Yutaka
894789c329 agent: Clean up SSH support.
* agent/command-ssh.c (file_to_buffer): Remove.
(ssh_handler_request_identities): Use agent_public_key_from_file.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-08-06 14:47:29 +09:00
Daniel Kahn Gillmor
dc107b7850 More cleanup of "allow to".
* README, agent/command.c, agent/keyformat.txt, common/i18n.c,
  common/iobuf.c, common/keyserver.h, dirmngr/cdblib.c,
  dirmngr/ldap-wrapper.c, doc/DETAILS, doc/TRANSLATE,
  doc/announce-2.1.txt, doc/gpg.texi, doc/gpgsm.texi,
  doc/scdaemon.texi, doc/tools.texi, doc/whats-new-in-2.1.txt,
  g10/export.c, g10/getkey.c, g10/import.c, g10/keyedit.c, m4/ksba.m4,
  m4/libgcrypt.m4, m4/ntbtls.m4, po/ca.po, po/cs.po, po/da.po,
  po/de.po, po/el.po, po/eo.po, po/es.po, po/et.po, po/fi.po,
  po/fr.po, po/gl.po, po/hu.po, po/id.po, po/it.po, po/ja.po,
  po/nb.po, po/pl.po, po/pt.po, po/ro.po, po/ru.po, po/sk.po,
  po/sv.po, po/tr.po, po/uk.po, po/zh_CN.po, po/zh_TW.po,
  scd/app-p15.c, scd/ccid-driver.c, scd/command.c, sm/gpgsm.c,
  sm/sign.c, tools/gpgconf-comp.c, tools/gpgtar.h: replace "Allow to"
  with clearer text.

In standard English, the normal construction is "${XXX} allows ${YYY}
to" -- that is, the subject (${XXX}) of the sentence is allowing the
object (${YYY}) to do something.  When the object is missing, the
phrasing sounds awkward, even if the object is implied by context.
There's almost always a better construction that isn't as awkward.

These changes should make the language a bit clearer.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-03 16:55:33 +02:00
Daniel Kahn Gillmor
cd45cf782b Fix spelling and grammar.
* agent/learncard.c: s/coccured/occurred/
* doc/dirmngr.texi: s/ommitted/omitted/, s/orginally/originally/,
  s/reponses/responses/i
* doc/gpg-agent.texi, doc/dirmngr.texi, doc/gpg.texi: Fix "allows
  to" to more conventional english usage.
* doc/tools.texi, g10/gpgcommpose.c, tests/openpgp/armor.scm,
  tests/openpgp/armor.test: s/occured/occurred/
* tools/gpgsplit.c: s/calcualting/calculating/
* sm/server.c: s/formated/formatted/

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-03 16:54:01 +02:00
Justus Winter
270f7f7b8b agent: Add known keys to sshcontrol.
* agent/command-ssh.c (ssh_identity_register): Add a key to sshcontrol
even if it is already in the private key store.
* tests/openpgp/ssh.scm: Test this.

GnuPG-bug-id: 2316
Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-19 16:51:16 +02:00
Justus Winter
f474249366 agent: Fix passphrase cache lookups.
CACHE_MODE_ANY is supposed to match any cache mode except
CACHE_MODE_IGNORE, but the code used '==' to compare cache modes.

* agent/cache.c (cache_mode_equal): New function.
(agent_set_cache): Use the new function to compare cache modes.
(agent_get_cache): Likewise.
* tests/openpgp/Makefile.am (TESTS): Add new test.
* tests/openpgp/issue2015.scm: New file.

GnuPG-bug-id: 2015
Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-18 12:51:38 +02:00
Werner Koch
c98995efef
build: Require latest released libraries
* agent/protect.c (OCB_MODE_SUPPORTED): Remove macro.
(do_encryption): Always support OCB.
(do_decryption): Ditto.
(agent_unprotect): Ditto.
* dirmngr/server.c (is_tor_running): Unconditionally build this.
--

Although not technically required, it is easier to require them to
avoid bug reports due to too old library versions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-14 10:48:34 +02:00
NIIBE Yutaka
7be2181777 agent: Fix envvars for UPDATESTARTUPTTY.
agent/command.c (cmd_updatestartuptty): Use session_env_list_stdenvnames
to get the list.

--

Debian-bug-id: 801247
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-07-13 09:24:26 +09:00
Werner Koch
3ead21da80
common: Add dedicated private key functions to name-value.c.
* common/name-value.c (struct name_value_container): Add field
'private_key_mode'.
(my_error): New.  Use instead of gpg_error.
(nvc_new_private_key): New.
(nve_release): Add arg 'private_key_mode'.
(nvc_release): Call nve_release with private_key_mode flag.
(nvc_delete): Ditto.
(_nvc_add): Do no special case "Key:" in non-private_key_mode.
(nvc_get_private_key): Return error in non-private_key_mode.
(nvc_set_private_key): Ditto.
(nvc_parse):  Factor all code out to ...
(do_nvc_parse): new.  Add arg 'for_private_key'.
(nvc_parse_private_key): New.
* agent/findkey.c (write_extended_private_key): Replace nvc_parse by
nvc_parse_private_key.
(read_key_file): Ditto.

* common/t-name-value.c (private_key_mode): New variable.
(my_nvc_new): New.  Replace all callers.
(test_key_extraction): Take mode in account.
(run_tests): Ditto.
(run_modification_tests): Ditto.
(parse): Ditto.
(main): Add option --parse and rename --parse to --parse-key.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-23 13:17:25 +02:00
Werner Koch
d74d23d860
common: Rename external symbols in name-value.c.
* common/name-value.c, common/name-value.h: Rename symbol prefixes
from "pkc_" to "nvc_" and from "pke_" to "nve_".  Change all callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-23 12:12:50 +02:00
Werner Koch
b841a883a2
common: Rename private-keys.c to name-value.c
* common/private-keys.c: Rename to name-value.c.
* common/private-keys.h: Rename to name-value.h.  Chage all users.
* common/t-private-keys.c: Rename to t-name-value.c.
* common/Makefile.am: Adjust accordingly.
--

The module is cool enough to be used for other purposes as well.  Thus
we better change the name.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-23 11:55:46 +02:00
Daniel Kahn Gillmor
7de7432076
g10: Add openpgp_protected flag to agent secret key export functions
* g10/call-agent.c, g10/call-agent.h (agent_export_key): Add
openpgp_protected flag.
* g10/export.c (receive_seckey_from_agent): Request openpgp_protected
secret keys from agent.
* agent/command.c (hlp_export_key): EXPORT_KEY help text: add a
brief description of the effect of --openpgp.
--

The --openpgp flag for gpg-agent's EXPORT_KEY actually forces
encryption in a certain (RFC 4880-compatible format).  This changeset
exposes that functionality in internal functions, and clarifies
functionality in the agent's help text.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-06-11 11:14:00 +02:00
Werner Koch
8127043d54
Explicitly restrict socket permissions.
* agent/gpg-agent.c (create_server_socket): Call chmod before listen.
* scd/scdaemon.c (create_server_socket): Ditto.
* dirmngr/dirmngr.c (main): Ditto.
--

This is just in case of a improperly set umask.  Note that a connect
requires a write permissions.
2016-06-08 16:18:02 +02:00
Werner Koch
6790115fd9
w32: Fix recent build regression.
* common/homedir.c (_gnupg_socketdir_internal) [W32]: Add definition
for NAME.
* g10/gpg.c (main) [W32]:  Fix use og gnupg_homedir.

* agent/gpg-agent.c (remove_socket): Remove unused var P.
* scd/scdaemon.c (cleanup): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-08 15:14:06 +02:00
Werner Koch
aab8a0b052
Implement /run/user/UID/gnupg based sockets.
* common/homedir.c: Include sys/stat.h and zb32.h.
(w32_portable_app, w32_bin_is_bin): Change type from int to byte.
(non_default_homedir): New.
(is_gnupg_default_homedir): New.
(default_homedir): Set non_default_homedir.
(gnupg_set_homedir): Set non_default_homedir and make
the_gnupg_homedir and absolute directory name.
(gnupg_homedir): Return an absolute directory name.
(_gnupg_socketdir_internal): New.
(gnupg_socketdir): Implement /run/user/ based sockets.
* tools/gpg-connect-agent.c (get_var_ext): Replace now obsolete
make_filename by xstrdup.
* tools/gpgconf.c (main): Sue gnupg_homedir for the "homedir:" output.
--

If a [/var]/run/user/$(id -u)/ directory exists, a gnupg subdir is
created as needed and the permissions of the directories are checked.
If that all matches that directory name is returned instead of the
homedir.

To cope with non standard homedirs (via GNUPGHOME or --homedir) the
SHA-1 hash of the homedir is computed, left truncated to 120 bits,
zBase-32 encoded, prefixed with "d.", and appended to
"[/var]/run/user/$(id -u)/gnupg/".  If that directory exists and has
proper permissions it is returned as socket dir - if not the homedir
is used.  Due to cleanup issues, this directory will not be
auto-created but needs to be created by the user in advance.

The required permissions are: directory owned by the user, group and
others bits not set.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-08 13:59:28 +02:00
Werner Koch
0faf895154
Do not try to remove the enclosing directory of sockets.
* agent/gpg-agent.c (remove_socket): Do not remove the enclosing
directory.
* scd/scdaemon.c (cleanup): Ditto.

--

The socket directory is now below /run or at ~/.gnupg.  Thus we should
not try to remove the directory of the socket.  The auto-removal was
introduced at a time we used a temporary directory for the sockets.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-08 09:04:29 +02:00
Werner Koch
36550dde99
common: New function gnupg_socketdir.
* common/homedir.c (gnupg_socketdir): New.
* agent/gpg-agent.c (create_socket_name): Use new function instead of
gnupg_homedir.
(check_own_socket): Ditto.
(check_for_running_agent): Ditto.
* agent/preset-passphrase.c (main): Ditto.
* common/asshelp.c (start_new_gpg_agent): Ditto.
* scd/scdaemon.c (create_socket_name): Ditto.
* tools/gpgconf.c (main): Ditto.
* tools/symcryptrun.c (main): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-07 13:48:46 +02:00
Werner Koch
fb88f37c40
common: Remove homedir arg from start_new_{dirmngr,gpg_agent}.
* common/asshelp.c (start_new_gpg_agent): Remove arg 'homedir' in
favor of gnupg_homedir ().  Change all callers.
(start_new_dirmngr): Ditto.
* common/get-passphrase.c (gnupg_prepare_get_passphrase): Remove arg
'homedir'.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-07 13:09:00 +02:00
Werner Koch
22a7ef01aa
Replace use of opt.homedir by accessor functions.
* common/homedir.c (the_gnupg_homedir): New var.
(gnupg_set_homedir): New.
(gnupg_homedir): New.
* g10/options.h (struct opt): Remove 'homedir' and replace all users
by the new accessor functions.
* g13/g13-common.h (struct opt): Ditto.
* scd/scdaemon.h (struct opt): Ditto.
* sm/gpgsm.h (struct opt): Ditto.
* dirmngr/dirmngr.h (struct opt): Ditto.
* agent/preset-passphrase.c (opt_homedir): Ditto.
* agent/protect-tool.c (opt_homedir): Ditto.
--

This will make detection of a non-default homedir easier.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-07 10:59:46 +02:00
Werner Koch
1b460f049e
gpg: Try to use the passphrase from the primary for --quick-addkey.
* agent/command.c (cmd_genkey): Add option --passwd-nonce.
(cmd_passwd): Return a PASSWD_NONCE in verify mode.
* g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do
not send a RESET if given.
(agent_passwd): Add arg 'verify'.
* g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'.
(gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto.
(generate_subkeypair): Use sepeare hexgrip var for the to be created
for hexgrip feature.  Verify primary key first.  Make use of the
passwd nonce.  Allow for a static passphrase.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 21:21:08 +02:00
Werner Koch
ac9ff644b1
gpg: Allow unattended deletion of secret keys.
* agent/command.c (cmd_delete_key): Make the --force option depend on
--disallow-loopback-passphrase.
* g10/call-agent.c (agent_delete_key): Add arg FORCE.
* g10/delkey.c (do_delete_key): Pass opt.answer_yes to
agent_delete_key.
--

Unless the agent has been configured with
--disallow-loopback-passpharse an unattended deletion of a secret key
is now possible with gpg by using --batch _and_ --yes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-10 11:01:42 +02:00
Werner Koch
3ef0938cfd
agent: Make --allow-loopback-pinentry the default.
* agent/gpg-agent.c (oNoAllowLoopbackPinentry): New.
(opts): Add --no-allow-loopback-pinentry.  Hide
description of --allow-loopback-pinentry.
(parse_rereadable_options): Set opt.allow_loopback_pinentry by
default.
(main): Replace allow-loopback-pinentry by no-allow-loopback-pinentry
in the gpgconf list.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Ditto.
--

Given that a user can anyway change that options in the gpg-agent.conf
file and that gpg needs to be invoked with --pinentry-mode=loopback
the former default does not make much sense - in that option is useful
at all.  There was a discussion of this topic on gnupg-devel in April
without a clear result.  So we try this new default and just in case
real problems are found for the majority of installations, we can
revert that.  The new default is also aligned with GnuPG's policy to
make its use easier and only require users with very high security
standards to tweak certain options (those users have anyway modeled
their threat model and configured their software according to this).

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-04 09:24:18 +02:00
Justus Winter
12af2630cf common: Add support for the new extended private key format.
* agent/findkey.c (write_extended_private_key): New function.
(agent_write_private_key): Detect if an existing file is in extended
format and update the key within if it is.
(read_key_file): Handle the new format.
* agent/keyformat.txt: Document the new format.
* common/Makefile.am: Add the new files.
* common/private-keys.c: New file.
* common/private-keys.h: Likewise.
* common/t-private-keys.c: Likewise.
* common/util.h (alphap, alnump): New macros.
* tests/migrations: Add test demonstrating that we can cope with the
new format.

--
GnuPG 2.3+ will use a new format to store private keys that is both
more flexible and easier to read and edit by human beings.  The new
format stores name,value-pairs using the common mail and http header
convention.

This patch adds the parser and support code and prepares GnuPG 2.1 for
the new format.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-04-21 14:38:53 +02:00
Justus Winter
342cc48889 agent: Convert key format document to org.
* agent/keyformat.txt: Convert to org mode.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-04-21 14:38:53 +02:00
Justus Winter
f8adf1a323 agent: Sanitize permissions of the private key directory.
* agent/gpg-agent.c (create_private_keys_directory): Set permissions.
* common/sysutils.c (modestr_to_mode): New function.
(gnupg_mkdir): Use new function.
(gnupg_chmod): New function.
* common/sysutils.h (gnupg_chmod): New prototype.
* tests/migrations/from-classic.test: Test migration with existing
directory.

GnuPG-bug-id: 2312
Signed-off-by: Justus Winter <justus@g10code.com>
2016-04-20 15:02:37 +02:00
Werner Koch
8c3fb2360f
agent: Fix regression due to recent commit 4159567.
* agent/protect.c (do_encryption): Fix CBC hashing.
--

The buggy code included an extra closing parenthesis before
the (protected-at) term in the CBC hashing.  We now do it by
explicitly hashing the protected stuff and append the rest of the
expression instead of a fixed closing parenthesis.  Note that the OCB
hashing only differs that it does no include the protected part.

Fixes-commit: 4159567f7e
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-14 12:29:36 +02:00
Werner Koch
6df75ec70a
agent: Allow gpg-protect-tool to handle openpgp-native protection.
* agent/protect-tool.c (read_and_unprotect): Add arg ctrl and pass to
agent_unprotect.
(main): Allocate a simple CTRL object and pass it to
read_and_unprotect.
(convert_from_openpgp_native): Remove stub.
(agent_key_available, agent_get_cache): New stubs.
(agent_askpin): New emulation for the one in call-pinentry.c.
(agent_write_private_key): New to dump key.
* agent/Makefile.am (gpg_protect_tool_SOURCES): Add cvt-openpgp.c
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-14 12:29:29 +02:00
Werner Koch
4159567f7e
agent: Implement new protection mode openpgp-s2k3-ocb-aes.
* agent/protect.c (agent_protect): Add arg use_ocb.  Change all caller
to pass -1 for default.
* agent/protect-tool.c: New option --debug-use-ocb.
(oDebugUseOCB): New.
(opt_debug_use_ocb): New.
(main): Set option.
(read_and_protect): Implement option.

* agent/protect.c (OCB_MODE_SUPPORTED): New macro.
(PROT_DEFAULT_TO_OCB): New macro.
(do_encryption): Add args use_ocb, hashbegin, hashlen, timestamp_exp,
and timestamp_exp_len.  Implement OCB.
(agent_protect): Change to support OCB.
(do_decryption): Add new args is_ocb, aadhole_begin, and aadhole_len.
Implement OCB.
(merge_lists): Allow NULL for sha1hash.
(agent_unprotect): Change to support OCB.
(agent_private_key_type): Remove debug output.
--

Instead of using the old OpenPGP way of appending a hash of the
plaintext and encrypt that along with the plaintext, the new scheme
uses a proper authenticated encryption mode.  See keyformat.txt for a
description.  Libgcrypt 1.7 is required.

This mode is not yet enabled because there would be no way to return
to an older GnuPG version.  To test the new scheme use
gpg-protect-tool:

 ./gpg-protect-tool -av -P abc -p --debug-use-ocb <plain.key >prot.key
 ./gpg-protect-tool -av -P abc -u <prot.key

Any key from the private key storage should work.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-12 14:38:44 +02:00
Werner Koch
100b413d7f
doc: Note that the persistant passphrase format is unimplemented.
--
2016-04-12 14:38:44 +02:00
Werner Koch
7faf131c8b
indent: Help Emacs not to get confused by conditional compilation.
* agent/protect.c (calibrate_get_time) [W32]: Use separate function
calls for W32 and W32CE.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-12 14:38:44 +02:00
NIIBE Yutaka
8588c2dbc4 agent: allow removal of the shadowed key.
* agent/findkey.c (agent_delete_key): Remove the key when asked.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-03-17 08:37:58 +09:00
Justus Winter
e77c85577d common: Consolidate Assuan server argument handling.
* common/Makefile.am (common_sources): Add new files.
* common/server-help.c: New file.
* common/server-help.h: Likewise.
* agent/command.c: Drop argument handling primitives in favor of using
the consolidated ones.
* dirmngr/server.c: Likewise.
* g10/server.c: Likewise.
* g13/server.c: Likewise.
* scd/command.c: Likewise.
* sm/server.c: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-03-02 14:14:33 +01:00
Werner Koch
ee87c653bf
agent: Send PROGRESS status lines to the client.
* agent/gpg-agent.c (struct progress_dispatch_s): New.
(progress_dispatch_list): New.
(main): Register libgcrypt pogress handler.
(agent_libgcrypt_progress_cb): New.
(agent_set_progress_cb): New.
(unregister_progress_cb): New.
(agent_deinit_default_ctrl): Call unregister.
* agent/command.c (progress_cb): New.
(start_command_handler): Register progress callback.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-25 11:20:23 +01:00
Werner Koch
499743387f
agent: New option --pinentry-timeout
* agent/gpg-agent.c (oPinentryTimeout): New.
(opts): Add new option.
(parse_rereadable_options): PArse that option.
(main): Tell gpgconf about this option.
* agent/call-pinentry.c (start_pinentry): Send option to Pinentry.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add Option.
--

GnuPG-bug-id: 2222
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-20 11:22:44 +01:00
Werner Koch
e2f984b4af
ssh: Accept OpenSSH *cert-v01 key variants.
* agent/command-ssh.c (SPEC_FLAG_WITH_CERT): New.
(ssh_key_types): Add OpenSSH cert types.
(stream_read_string): Allow a dummy read.
(ssh_receive_mpint_list): Pass SPEC by reference.
(ssh_receive_mpint_list): New arg CERT and use it.
(ssh_receive_key): Read certificate into an estream object and modify
parser to make use of that object.
--

This is a first step to support certificate via the agent.  The only
effect of this change is the removal of an error message parsing the
certificate.  Note that ssh-add sends the private key anyway first and
only then follows with the certificate+private key.

What we need to implement next is a way to store the certificate in
the agent and return it on request.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-12 19:12:02 +01:00
Werner Koch
833ba5faa1
common: New put_membuf_cb to replace static membuf_data_cb.
* common/membuf.c (put_membuf_cb): New.
* agent/call-scd.c (membuf_data_cb): Remove.  Change callers to use
put_membuf_cb.
* common/get-passphrase.c (membuf_data_cb): Ditto.
* g10/call-agent.c (membuf_data_cb): Ditto.
* sm/call-agent.c (membuf_data_cb): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 06:33:27 +01:00
Werner Koch
f2ecbf7454
agent: Typo fix for help text.
--
2016-01-05 13:51:04 +01:00
NIIBE Yutaka
ff3b607fc8 agent: Fix RSA verification for card.
* agent/pksign.c (agent_pksign_do): Use S-exp of public key, instead
of shadowed key.

--

Reported-by: Justus Winter
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-01-05 10:15:49 +09:00
NIIBE Yutaka
79b51bb872 agent: IMPORT_KEY with --force option fix.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Add an option not
to check existing key.
(convert_from_openpgp): Ditto.
(convert_from_openpgp_native): Call convert_from_openpgp_main with
dontcare_exist=0.
* agent/command.c (cmd_import_key): Call with dontcare_exist=force.
2015-12-24 14:19:53 +09:00
NIIBE Yutaka
e684c634df agent: Support --force option for IMPORT_KEY.
* agent/command.c (cmd_keywrap_key): New option --force.
2015-12-24 09:52:48 +09:00
Justus Winter
25f0f053cd agent: Improve error handling.
* agent/pksign.c (agent_pksign_do): Improve error handling.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-12-11 11:21:42 +01:00
Justus Winter
b78fce3271 agent: Fix typo.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2015-12-11 11:21:42 +01:00
Werner Koch
69db3285e4
build: Require at least Libassuan 2.4.1.
* configure.ac (NEED_LIBASSUAN_VERSION): Set to 2.4.1.
* agent/gpg-agent.c (create_server_socket): Remove check for
libassuan >= 2.3.0 and >= 2.1.4.
(main): Remove check for libassuan >= 2.1.4.
* scd/scdaemon.c (create_server_socket): Remove check for
libassuan >= 2.1.4.
* dirmngr/dirmngr.c (set_tor_mode): Remove check for
libassuan >= 2.3.0.
* dirmngr/http.c (http_raw_connect, send_request): Remove checks for
libassuan >= 2.3.0.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-02 18:57:49 +01:00
Werner Koch
022342e284
Silence unused variable or parameter warnings.
--
2015-11-27 18:32:26 +01:00
Neal H. Walfield
5b84b0d660 common: Extend utf8_charcount to include the string's length.
* common/stringhelp.c (utf8_charcount): Take additional parameter,
len.  Process at most LEN bytes.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-23 22:23:37 +01:00
Justus Winter
a1650b1edf agent: Improve error handling.
* agent/trustlist.c (istrusted_internal): Initialize 'err'.
--
There is a plausible path of execution so that a branch condition uses
the uninitialized value.

Found using the Clang Static Analyzer.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-11-19 16:18:20 +01:00
Justus Winter
a9e0905342 Fix typos found using codespell.
* agent/cache.c: Fix typos.
* agent/call-pinentry.c: Likewise.
* agent/call-scd.c: Likewise.
* agent/command-ssh.c: Likewise.
* agent/command.c: Likewise.
* agent/divert-scd.c: Likewise.
* agent/findkey.c: Likewise.
* agent/gpg-agent.c: Likewise.
* agent/w32main.c: Likewise.
* common/argparse.c: Likewise.
* common/audit.c: Likewise.
* common/audit.h: Likewise.
* common/convert.c: Likewise.
* common/dotlock.c: Likewise.
* common/exechelp-posix.c: Likewise.
* common/exechelp-w32.c: Likewise.
* common/exechelp-w32ce.c: Likewise.
* common/exechelp.h: Likewise.
* common/helpfile.c: Likewise.
* common/i18n.h: Likewise.
* common/iobuf.c: Likewise.
* common/iobuf.h: Likewise.
* common/localename.c: Likewise.
* common/logging.c: Likewise.
* common/openpgp-oid.c: Likewise.
* common/session-env.c: Likewise.
* common/sexputil.c: Likewise.
* common/sysutils.c: Likewise.
* common/t-sexputil.c: Likewise.
* common/ttyio.c: Likewise.
* common/util.h: Likewise.
* dirmngr/cdblib.c: Likewise.
* dirmngr/certcache.c: Likewise.
* dirmngr/crlcache.c: Likewise.
* dirmngr/dirmngr-client.c: Likewise.
* dirmngr/dirmngr.c: Likewise.
* dirmngr/dirmngr_ldap.c: Likewise.
* dirmngr/dns-stuff.c: Likewise.
* dirmngr/http.c: Likewise.
* dirmngr/ks-engine-hkp.c: Likewise.
* dirmngr/ks-engine-ldap.c: Likewise.
* dirmngr/ldap-wrapper.c: Likewise.
* dirmngr/ldap.c: Likewise.
* dirmngr/misc.c: Likewise.
* dirmngr/ocsp.c: Likewise.
* dirmngr/validate.c: Likewise.
* g10/encrypt.c: Likewise.
* g10/getkey.c: Likewise.
* g10/gpg.c: Likewise.
* g10/gpgv.c: Likewise.
* g10/import.c: Likewise.
* g10/keydb.c: Likewise.
* g10/keydb.h: Likewise.
* g10/keygen.c: Likewise.
* g10/keyid.c: Likewise.
* g10/keylist.c: Likewise.
* g10/keyring.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/misc.c: Likewise.
* g10/options.h: Likewise.
* g10/packet.h: Likewise.
* g10/parse-packet.c: Likewise.
* g10/pkclist.c: Likewise.
* g10/pkglue.c: Likewise.
* g10/plaintext.c: Likewise.
* g10/server.c: Likewise.
* g10/sig-check.c: Likewise.
* g10/sqlite.c: Likewise.
* g10/tdbio.c: Likewise.
* g10/test-stubs.c: Likewise.
* g10/tofu.c: Likewise.
* g10/trust.c: Likewise.
* g10/trustdb.c: Likewise.
* g13/create.c: Likewise.
* g13/mountinfo.c: Likewise.
* kbx/keybox-blob.c: Likewise.
* kbx/keybox-file.c: Likewise.
* kbx/keybox-init.c: Likewise.
* kbx/keybox-search-desc.h: Likewise.
* kbx/keybox-search.c: Likewise.
* kbx/keybox-update.c: Likewise.
* scd/apdu.c: Likewise.
* scd/app-openpgp.c: Likewise.
* scd/app-p15.c: Likewise.
* scd/app.c: Likewise.
* scd/ccid-driver.c: Likewise.
* scd/command.c: Likewise.
* scd/iso7816.c: Likewise.
* sm/base64.c: Likewise.
* sm/call-agent.c: Likewise.
* sm/call-dirmngr.c: Likewise.
* sm/certchain.c: Likewise.
* sm/gpgsm.c: Likewise.
* sm/import.c: Likewise.
* sm/keydb.c: Likewise.
* sm/minip12.c: Likewise.
* sm/qualified.c: Likewise.
* sm/server.c: Likewise.
* tools/gpg-check-pattern.c: Likewise.
* tools/gpgconf-comp.c: Likewise.
* tools/gpgkey2ssh.c: Likewise.
* tools/gpgparsemail.c: Likewise.
* tools/gpgtar.c: Likewise.
* tools/rfc822parse.c: Likewise.
* tools/symcryptrun.c: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-11-17 12:50:22 +01:00
Daniel Kahn Gillmor
1f872cb4ad
Fix typos
--
2015-10-28 10:20:17 +01:00
Daniel Kahn Gillmor
02dc518787
agent: Clarify agent's KEYWRAP_KEY description.
--

Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2015-10-28 10:19:17 +01:00
NIIBE Yutaka
5a12c45666 agent: simplify agent_get_passphrase.
* agent/call-pinentry.c (agent_get_passphrase): Simplify.
2015-10-09 11:55:18 +09:00
NIIBE Yutaka
818fa4f71e agent: fix agent_askpin.
* agent/call-pinentry.c (agent_askpin): Fix off-by-one error.
2015-10-09 11:46:23 +09:00