[svn] GnuPG - r5411 - trunk/agent
svn author wk
cvs at cvs.gnupg.org
Wed Sep 1 13:07:18 CEST 2010
Author: wk
Date: 2010-09-01 13:07:16 +0200 (Wed, 01 Sep 2010)
New Revision: 5411
Modified:
trunk/agent/ChangeLog
trunk/agent/agent.h
trunk/agent/cache.c
trunk/agent/command-ssh.c
trunk/agent/command.c
trunk/agent/cvt-openpgp.c
trunk/agent/findkey.c
trunk/agent/genkey.c
trunk/agent/pkdecrypt.c
trunk/agent/pksign.c
Log:
s/CACHE_MODE_IMPGEN/CACHE_MODE_NONCE/.
Prepare for more use cases of the cache nonce.
Modified: trunk/agent/ChangeLog
===================================================================
--- trunk/agent/ChangeLog 2010-09-01 09:48:35 UTC (rev 5410)
+++ trunk/agent/ChangeLog 2010-09-01 11:07:16 UTC (rev 5411)
@@ -2,14 +2,17 @@
* call-pinentry.c (start_pinentry): Disable pinentry logging.
- * command.c (cmd_import_key, cmd_genkey): Add CACHE handling.
+ * command.c (cmd_import_key, cmd_genkey, cmd_pksign): Add CACHE
+ handling.
* cvt-openpgp.c (convert_openpgp): Add arg CACHE_NONCE and try the
cached nonce first.
* genkey.c (agent_genkey): Add arg CACHE_NONCE.
- * cache.c (agent_get_cache): Require user and impgen cache modes
+ * cache.c (agent_get_cache): Require user and nonce cache modes
to match the requested mode.
(agent_put_cache): Ditto.
- * agent.h (CACHE_MODE_IMPGEN): New.
+ * agent.h (CACHE_MODE_NONCE): New.
+ * pksign.c (agent_pksign_do, agent_pksign): Add arg CACHE_NONCE.
+ * findkey.c (agent_key_from_file): Ditto.
2010-08-31 Werner Koch <wk at g10code.com>
Modified: trunk/agent/agent.h
===================================================================
--- trunk/agent/agent.h 2010-09-01 09:48:35 UTC (rev 5410)
+++ trunk/agent/agent.h 2010-09-01 11:07:16 UTC (rev 5411)
@@ -194,8 +194,7 @@
CACHE_MODE_NORMAL, /* Normal cache (gpg-agent). */
CACHE_MODE_USER, /* GET_PASSPHRASE related cache. */
CACHE_MODE_SSH, /* SSH related cache. */
- CACHE_MODE_IMPGEN /* Used for import and genkey. This is a
- non-predictable nonce. */
+ CACHE_MODE_NONCE /* This is a non-predictable nonce. */
}
cache_mode_t;
@@ -228,6 +227,7 @@
int agent_write_private_key (const unsigned char *grip,
const void *buffer, size_t length, int force);
gpg_error_t agent_key_from_file (ctrl_t ctrl,
+ const char *cache_nonce,
const char *desc_text,
const unsigned char *grip,
unsigned char **shadow_info,
@@ -273,10 +273,12 @@
/*-- pksign.c --*/
-int agent_pksign_do (ctrl_t ctrl, const char *desc_text,
+int agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
+ const char *desc_text,
gcry_sexp_t *signature_sexp,
cache_mode_t cache_mode, lookup_ttl_t lookup_ttl);
-int agent_pksign (ctrl_t ctrl, const char *desc_text,
+int agent_pksign (ctrl_t ctrl, const char *cache_nonce,
+ const char *desc_text,
membuf_t *outbuf, cache_mode_t cache_mode);
/*-- pkdecrypt.c --*/
Modified: trunk/agent/cache.c
===================================================================
--- trunk/agent/cache.c 2010-09-01 09:48:35 UTC (rev 5410)
+++ trunk/agent/cache.c 2010-09-01 11:07:16 UTC (rev 5411)
@@ -223,7 +223,7 @@
{
if (!r->lockcount
&& ((cache_mode != CACHE_MODE_USER
- && cache_mode != CACHE_MODE_IMPGEN)
+ && cache_mode != CACHE_MODE_NONCE)
|| r->cache_mode == cache_mode)
&& !strcmp (r->key, key))
break;
@@ -274,7 +274,7 @@
/* Try to find an item in the cache. Note that we currently don't
- make use of CACHE_MODE except for CACHE_MODE_IMPGEN and
+ make use of CACHE_MODE except for CACHE_MODE_NONCE and
CACHE_MODE_USER. */
const char *
agent_get_cache (const char *key, cache_mode_t cache_mode, void **cache_id)
@@ -295,7 +295,7 @@
{
if (!r->lockcount && r->pw
&& ((cache_mode != CACHE_MODE_USER
- && cache_mode != CACHE_MODE_IMPGEN)
+ && cache_mode != CACHE_MODE_NONCE)
|| r->cache_mode == cache_mode)
&& !strcmp (r->key, key))
{
@@ -314,7 +314,7 @@
{
if (r->pw
&& ((cache_mode != CACHE_MODE_USER
- && cache_mode != CACHE_MODE_IMPGEN)
+ && cache_mode != CACHE_MODE_NONCE)
|| r->cache_mode == cache_mode)
&& !strcmp (r->key, key))
{
Modified: trunk/agent/command-ssh.c
===================================================================
--- trunk/agent/command-ssh.c 2010-09-01 09:48:35 UTC (rev 5410)
+++ trunk/agent/command-ssh.c 2010-09-01 11:07:16 UTC (rev 5411)
@@ -2049,7 +2049,7 @@
*sig_n = 0;
ctrl->use_auth_call = 1;
- err = agent_pksign_do (ctrl,
+ err = agent_pksign_do (ctrl, NULL,
_("Please enter the passphrase "
"for the ssh key%0A %c"), &signature_sexp,
CACHE_MODE_SSH, ttl_from_sshcontrol);
Modified: trunk/agent/command.c
===================================================================
--- trunk/agent/command.c 2010-09-01 09:48:35 UTC (rev 5410)
+++ trunk/agent/command.c 2010-09-01 11:07:16 UTC (rev 5411)
@@ -695,7 +695,7 @@
static const char hlp_pksign[] =
- "PKSIGN [options]\n"
+ "PKSIGN [<options>] [<cache_nonce>]\n"
"\n"
"Perform the actual sign operation. Neither input nor output are\n"
"sensitive to eavesdropping.";
@@ -706,9 +706,18 @@
cache_mode_t cache_mode = CACHE_MODE_NORMAL;
ctrl_t ctrl = assuan_get_pointer (ctx);
membuf_t outbuf;
+ char *cache_nonce = NULL;
+ char *p;
- (void)line;
+ line = skip_options (line);
+ p = line;
+ for (p=line; *p && *p != ' ' && *p != '\t'; p++)
+ ;
+ *p = '\0';
+ if (*line)
+ cache_nonce = xtrystrdup (line);
+
if (opt.ignore_cache_for_signing)
cache_mode = CACHE_MODE_IGNORE;
else if (!ctrl->server_local->use_cache_for_signing)
@@ -716,12 +725,14 @@
init_membuf (&outbuf, 512);
- rc = agent_pksign (ctrl, ctrl->server_local->keydesc,
+ rc = agent_pksign (ctrl, cache_nonce, ctrl->server_local->keydesc,
&outbuf, cache_mode);
if (rc)
clear_outbuf (&outbuf);
else
rc = write_and_clear_outbuf (ctx, &outbuf);
+
+ xfree (cache_nonce);
xfree (ctrl->server_local->keydesc);
ctrl->server_local->keydesc = NULL;
return leave_cmd (ctx, rc);
@@ -729,7 +740,7 @@
static const char hlp_pkdecrypt[] =
- "PKDECRYPT <options>\n"
+ "PKDECRYPT [<options>]\n"
"\n"
"Perform the actual decrypt operation. Input is not\n"
"sensitive to eavesdropping.";
@@ -1305,7 +1316,7 @@
goto leave;
ctrl->in_passwd++;
- rc = agent_key_from_file (ctrl, ctrl->server_local->keydesc,
+ rc = agent_key_from_file (ctrl, NULL, ctrl->server_local->keydesc,
grip, &shadow_info, CACHE_MODE_IGNORE, NULL,
&s_skey);
if (rc)
@@ -1598,7 +1609,7 @@
cache_nonce = bin2hex (buf, 12, NULL);
}
if (cache_nonce
- && !agent_put_cache (cache_nonce, CACHE_MODE_IMPGEN,
+ && !agent_put_cache (cache_nonce, CACHE_MODE_NONCE,
passphrase, 120 /*seconds*/))
assuan_write_status (ctx, "CACHE_NONCE", cache_nonce);
}
@@ -1676,7 +1687,7 @@
goto leave;
}
- err = agent_key_from_file (ctrl, ctrl->server_local->keydesc, grip,
+ err = agent_key_from_file (ctrl, NULL, ctrl->server_local->keydesc, grip,
NULL, CACHE_MODE_IGNORE, NULL, &s_skey);
if (err)
goto leave;
Modified: trunk/agent/cvt-openpgp.c
===================================================================
--- trunk/agent/cvt-openpgp.c 2010-09-01 09:48:35 UTC (rev 5410)
+++ trunk/agent/cvt-openpgp.c 2010-09-01 11:07:16 UTC (rev 5411)
@@ -769,7 +769,7 @@
void *cache_marker = NULL;
const char *cache_value;
- cache_value = agent_get_cache (cache_nonce, CACHE_MODE_IMPGEN,
+ cache_value = agent_get_cache (cache_nonce, CACHE_MODE_NONCE,
&cache_marker);
if (cache_value)
{
Modified: trunk/agent/findkey.c
===================================================================
--- trunk/agent/findkey.c 2010-09-01 09:48:35 UTC (rev 5410)
+++ trunk/agent/findkey.c 2010-09-01 11:07:16 UTC (rev 5411)
@@ -480,11 +480,13 @@
CACHE_MODE defines now the cache shall be used. DESC_TEXT may be
set to present a custom description for the pinentry. LOOKUP_TTL
is an optional function to convey a TTL to the cache manager; we do
- not simply pass the TTL value because the value is only needed if an
- unprotect action was needed and looking up the TTL may have some
- overhead (e.g. scanning the sshcontrol file). */
+ not simply pass the TTL value because the value is only needed if
+ an unprotect action was needed and looking up the TTL may have some
+ overhead (e.g. scanning the sshcontrol file). If a CACHE_NONCE is
+ given that cache item is first tried to get a passphrase. */
gpg_error_t
-agent_key_from_file (ctrl_t ctrl, const char *desc_text,
+agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
+ const char *desc_text,
const unsigned char *grip, unsigned char **shadow_info,
cache_mode_t cache_mode, lookup_ttl_t lookup_ttl,
gcry_sexp_t *result)
Modified: trunk/agent/genkey.c
===================================================================
--- trunk/agent/genkey.c 2010-09-01 09:48:35 UTC (rev 5410)
+++ trunk/agent/genkey.c 2010-09-01 11:07:16 UTC (rev 5411)
@@ -377,7 +377,7 @@
void *cache_marker = NULL;
const char *cache_value;
- cache_value = agent_get_cache (cache_nonce, CACHE_MODE_IMPGEN,
+ cache_value = agent_get_cache (cache_nonce, CACHE_MODE_NONCE,
&cache_marker);
if (cache_value)
{
@@ -439,7 +439,7 @@
cache_nonce = bin2hex (tmpbuf, 12, NULL);
}
if (cache_nonce
- && !agent_put_cache (cache_nonce, CACHE_MODE_IMPGEN,
+ && !agent_put_cache (cache_nonce, CACHE_MODE_NONCE,
passphrase, 900 /*seconds*/))
agent_write_status (ctrl, "CACHE_NONCE", cache_nonce, NULL);
}
Modified: trunk/agent/pkdecrypt.c
===================================================================
--- trunk/agent/pkdecrypt.c 2010-09-01 09:48:35 UTC (rev 5410)
+++ trunk/agent/pkdecrypt.c 2010-09-01 11:07:16 UTC (rev 5411)
@@ -64,7 +64,7 @@
log_printhex ("keygrip:", ctrl->keygrip, 20);
log_printhex ("cipher: ", ciphertext, ciphertextlen);
}
- rc = agent_key_from_file (ctrl, desc_text,
+ rc = agent_key_from_file (ctrl, NULL, desc_text,
ctrl->keygrip, &shadow_info,
CACHE_MODE_NORMAL, NULL, &s_skey);
if (rc)
Modified: trunk/agent/pksign.c
===================================================================
--- trunk/agent/pksign.c 2010-09-01 09:48:35 UTC (rev 5410)
+++ trunk/agent/pksign.c 2010-09-01 11:07:16 UTC (rev 5411)
@@ -237,9 +237,12 @@
/* SIGN whatever information we have accumulated in CTRL and return
the signature S-expression. LOOKUP is an optional function to
- provide a way for lower layers to ask for the caching TTL. */
+ provide a way for lower layers to ask for the caching TTL. If a
+ CACHE_NONCE is given that cache item is first tried to get a
+ passphrase. */
int
-agent_pksign_do (ctrl_t ctrl, const char *desc_text,
+agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
+ const char *desc_text,
gcry_sexp_t *signature_sexp,
cache_mode_t cache_mode, lookup_ttl_t lookup_ttl)
{
@@ -250,7 +253,7 @@
if (! ctrl->have_keygrip)
return gpg_error (GPG_ERR_NO_SECKEY);
- rc = agent_key_from_file (ctrl, desc_text, ctrl->keygrip,
+ rc = agent_key_from_file (ctrl, cache_nonce, desc_text, ctrl->keygrip,
&shadow_info, cache_mode, lookup_ttl,
&s_skey);
if (rc)
@@ -349,9 +352,10 @@
}
/* SIGN whatever information we have accumulated in CTRL and write it
- back to OUTFP. */
+ back to OUTFP. If a CACHE_NONCE is given that cache item is first
+ tried to get a passphrase. */
int
-agent_pksign (ctrl_t ctrl, const char *desc_text,
+agent_pksign (ctrl_t ctrl, const char *cache_nonce, const char *desc_text,
membuf_t *outbuf, cache_mode_t cache_mode)
{
gcry_sexp_t s_sig = NULL;
@@ -359,7 +363,7 @@
size_t len = 0;
int rc = 0;
- rc = agent_pksign_do (ctrl, desc_text, &s_sig, cache_mode, NULL);
+ rc = agent_pksign_do (ctrl, cache_nonce, desc_text, &s_sig, cache_mode, NULL);
if (rc)
goto leave;
More information about the Gnupg-commits
mailing list