[svn] GnuPG - r5412 - in trunk: agent g10
svn author wk
cvs at cvs.gnupg.org
Wed Sep 1 14:49:07 CEST 2010
Author: wk
Date: 2010-09-01 14:49:05 +0200 (Wed, 01 Sep 2010)
New Revision: 5412
Modified:
trunk/agent/ChangeLog
trunk/agent/findkey.c
trunk/g10/ChangeLog
trunk/g10/call-agent.c
trunk/g10/call-agent.h
trunk/g10/import.c
trunk/g10/keyedit.c
trunk/g10/keygen.c
trunk/g10/main.h
trunk/g10/packet.h
trunk/g10/passphrase.c
trunk/g10/revoke.c
trunk/g10/sign.c
Log:
Even less prompts for a new key now.
Modified: trunk/agent/ChangeLog
===================================================================
--- trunk/agent/ChangeLog 2010-09-01 11:07:16 UTC (rev 5411)
+++ trunk/agent/ChangeLog 2010-09-01 12:49:05 UTC (rev 5412)
@@ -13,6 +13,7 @@
* agent.h (CACHE_MODE_NONCE): New.
* pksign.c (agent_pksign_do, agent_pksign): Add arg CACHE_NONCE.
* findkey.c (agent_key_from_file): Ditto.
+ (unprotect): Implement it.
2010-08-31 Werner Koch <wk at g10code.com>
Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog 2010-09-01 11:07:16 UTC (rev 5411)
+++ trunk/g10/ChangeLog 2010-09-01 12:49:05 UTC (rev 5412)
@@ -1,12 +1,25 @@
2010-09-01 Werner Koch <wk at g10code.com>
+ * sign.c (do_sign, write_signature_packets, complete_sig): Add arg
+ CACHE_NONCE.
+ (make_keysig_packet): Ditto.
+ * keygen.c (make_backsig, write_direct_sig, write_selfsigs)
+ (write_keybinding): Add arg CACHE_NONCE.
+ (do_generate_keypair): Use cache_nonce to avoid a pinentry for the
+ self-signatures.
+
+ * passphrase.c (gpg_format_keydesc): Remove now superfluous
+ algo_name fallback.
+
* keygen.c (gen_elg, gen_dsa, gen_rsa, do_create, common_gen): Add
arg CACHE_NONCE_ADDR.
(generate_subkeypair): Pass NULL for CACHE_NONCE_ADDR.
(do_generate_keypair): Add cache nonce handling.
+
* import.c (transfer_secret_keys): Support a cache nonce.
* call-agent.c (cache_nonce_status_cb): New.
(agent_genkey, agent_import_key): Add arg CACHE_NONCE_ADDR.
+ (agent_pksign): Ditto.
2010-08-30 Werner Koch <wk at g10code.com>
Modified: trunk/agent/findkey.c
===================================================================
--- trunk/agent/findkey.c 2010-09-01 11:07:16 UTC (rev 5411)
+++ trunk/agent/findkey.c 2010-09-01 12:49:05 UTC (rev 5412)
@@ -275,7 +275,7 @@
description used for the pinentry. If LOOKUP_TTL is given this
function is used to lookup the default ttl. */
static int
-unprotect (ctrl_t ctrl, const char *desc_text,
+unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text,
unsigned char **keybuf, const unsigned char *grip,
cache_mode_t cache_mode, lookup_ttl_t lookup_ttl)
{
@@ -288,6 +288,26 @@
bin2hex (grip, 20, hexgrip);
+ /* Initially try to get it using a cache nonce. */
+ if (cache_nonce)
+ {
+ void *cache_marker;
+ const char *pw;
+
+ pw = agent_get_cache (cache_nonce, CACHE_MODE_NONCE, &cache_marker);
+ if (pw)
+ {
+ rc = agent_unprotect (*keybuf, pw, NULL, &result, &resultlen);
+ agent_unlock_cache_entry (&cache_marker);
+ if (!rc)
+ {
+ xfree (*keybuf);
+ *keybuf = result;
+ return 0;
+ }
+ }
+ }
+
/* First try to get it from the cache - if there is none or we can't
unprotect it, we fall back to ask the user */
if (cache_mode != CACHE_MODE_IGNORE)
@@ -560,7 +580,7 @@
if (!rc)
{
- rc = unprotect (ctrl, desc_text_final, &buf, grip,
+ rc = unprotect (ctrl, cache_nonce, desc_text_final, &buf, grip,
cache_mode, lookup_ttl);
if (rc)
log_error ("failed to unprotect the secret key: %s\n",
Modified: trunk/g10/call-agent.c
===================================================================
--- trunk/g10/call-agent.c 2010-09-01 11:07:16 UTC (rev 5411)
+++ trunk/g10/call-agent.c 2010-09-01 12:49:05 UTC (rev 5412)
@@ -1549,9 +1549,11 @@
the hex string KEYGRIP. DESC is a description of the key to be
displayed if the agent needs to ask for the PIN. DIGEST and
DIGESTLEN is the hash value to sign and DIGESTALGO the algorithm id
- used to compute the digest. */
+ used to compute the digest. If CACHE_NONCE is used the agent is
+ advised to firts try a passphrase associated with that nonce. */
gpg_error_t
-agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
+agent_pksign (ctrl_t ctrl, const char *cache_nonce,
+ const char *keygrip, const char *desc,
unsigned char *digest, size_t digestlen, int digestalgo,
gcry_sexp_t *r_sigval)
{
@@ -1598,7 +1600,11 @@
return err;
init_membuf (&data, 1024);
- err = assuan_transact (agent_ctx, "PKSIGN",
+
+ snprintf (line, sizeof line, "PKSIGN%s%s",
+ cache_nonce? " -- ":"",
+ cache_nonce? cache_nonce:"");
+ err = assuan_transact (agent_ctx, line,
membuf_data_cb, &data, default_inq_cb, ctrl,
NULL, NULL);
if (err)
Modified: trunk/g10/call-agent.h
===================================================================
--- trunk/g10/call-agent.h 2010-09-01 11:07:16 UTC (rev 5411)
+++ trunk/g10/call-agent.h 2010-09-01 12:49:05 UTC (rev 5412)
@@ -154,7 +154,8 @@
gcry_sexp_t *r_pubkey);
/* Create a signature. */
-gpg_error_t agent_pksign (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
+gpg_error_t agent_pksign (ctrl_t ctrl, const char *cache_nonce,
+ const char *hexkeygrip, const char *desc,
unsigned char *digest, size_t digestlen,
int digestalgo,
gcry_sexp_t *r_sigval);
Modified: trunk/g10/import.c
===================================================================
--- trunk/g10/import.c 2010-09-01 11:07:16 UTC (rev 5411)
+++ trunk/g10/import.c 2010-09-01 12:49:05 UTC (rev 5412)
@@ -1243,7 +1243,10 @@
size_t uidlen;
u32 keyid[2];
char *orig_codeset;
-
+
+ /* FIXME: We should use gpg_format_keydesc, however that
+ requires a public key structure. It might be useful to
+ merge the secret and public key structures. */
keyid_from_sk (sk, keyid);
uid = get_user_id (keyid, &uidlen);
orig_codeset = i18n_switchto_utf8 ();
Modified: trunk/g10/keyedit.c
===================================================================
--- trunk/g10/keyedit.c 2010-09-01 11:07:16 UTC (rev 5411)
+++ trunk/g10/keyedit.c 2010-09-01 12:49:05 UTC (rev 5412)
@@ -1083,7 +1083,8 @@
NULL,
pk,
0x13, 0, force_v4 ? 4 : 0, 0, 0,
- keygen_add_std_prefs, primary_pk);
+ keygen_add_std_prefs, primary_pk,
+ NULL);
else
rc = make_keysig_packet (&sig, primary_pk,
node->pkt->pkt.user_id,
@@ -1091,7 +1092,8 @@
pk,
class, 0, force_v4 ? 4 : 0,
timestamp, duration,
- sign_mk_attrib, &attrib);
+ sign_mk_attrib, &attrib,
+ NULL);
if (rc)
{
log_error (_("signing failed: %s\n"), g10_errstr (rc));
@@ -3222,7 +3224,7 @@
return 0;
err = make_keysig_packet (&sig, pk, uid, NULL, pk, 0x13, 0, 0, 0, 0,
- keygen_add_std_prefs, pk);
+ keygen_add_std_prefs, pk, NULL);
if (err)
{
log_error ("signing failed: %s\n", g10_errstr (err));
@@ -3610,7 +3612,7 @@
/* The 1F signature must be at least v4 to carry the revocation key
subpacket. */
rc = make_keysig_packet (&sig, pk, NULL, NULL, pk, 0x1F, 0, 4, 0, 0,
- keygen_add_revkey, &revkey);
+ keygen_add_revkey, &revkey, NULL);
if (rc)
{
log_error ("signing failed: %s\n", g10_errstr (rc));
@@ -3810,7 +3812,7 @@
/* Now we can get to work. */
rc = make_backsig (sig_pk->pkt->pkt.signature, main_pk, sub_pk, sub_pk,
- timestamp);
+ timestamp, NULL);
if (!rc)
{
PKT_signature *newsig;
@@ -4901,7 +4903,7 @@
rc = make_keysig_packet (&sig, primary_pk,
unode->pkt->pkt.user_id,
NULL, signerkey, 0x30, 0, 0, 0, 0,
- sign_mk_attrib, &attrib);
+ sign_mk_attrib, &attrib, NULL);
free_public_key (signerkey);
if (rc)
{
@@ -4993,7 +4995,7 @@
rc = make_keysig_packet (&sig, pk, uid, NULL, pk, 0x30, 0,
(reason == NULL) ? 3 : 0, timestamp, 0,
- sign_mk_attrib, &attrib);
+ sign_mk_attrib, &attrib, NULL);
if (rc)
{
log_error (_("signing failed: %s\n"), g10_errstr (rc));
@@ -5055,7 +5057,7 @@
rc = make_keysig_packet (&sig, pk, NULL, NULL, pk,
0x20, 0, opt.force_v4_certs ? 4 : 0, 0, 0,
- revocation_reason_build_cb, reason);
+ revocation_reason_build_cb, reason, NULL);
if (rc)
{
log_error (_("signing failed: %s\n"), g10_errstr (rc));
@@ -5115,7 +5117,8 @@
node->flag &= ~NODFLG_SELKEY;
rc = make_keysig_packet (&sig, mainpk, NULL, subpk, mainpk,
- 0x28, 0, 0, 0, 0, sign_mk_attrib, &attrib);
+ 0x28, 0, 0, 0, 0, sign_mk_attrib, &attrib,
+ NULL);
if (rc)
{
log_error (_("signing failed: %s\n"), g10_errstr (rc));
Modified: trunk/g10/keygen.c
===================================================================
--- trunk/g10/keygen.c 2010-09-01 11:07:16 UTC (rev 5411)
+++ trunk/g10/keygen.c 2010-09-01 12:49:05 UTC (rev 5412)
@@ -824,7 +824,7 @@
gpg_error_t
make_backsig (PKT_signature *sig, PKT_public_key *pk,
PKT_public_key *sub_pk, PKT_public_key *sub_psk,
- u32 timestamp)
+ u32 timestamp, const char *cache_nonce)
{
gpg_error_t err;
PKT_signature *backsig;
@@ -832,7 +832,7 @@
cache_public_key (sub_pk);
err = make_keysig_packet (&backsig, pk, NULL, sub_pk, sub_psk, 0x19,
- 0, 0, timestamp, 0, NULL, NULL);
+ 0, 0, timestamp, 0, NULL, NULL, cache_nonce);
if (err)
log_error ("make_keysig_packet failed for backsig: %s\n", g10_errstr(err));
else
@@ -918,7 +918,8 @@
the timestamp to set on the signature. */
static gpg_error_t
write_direct_sig (KBNODE root, PKT_public_key *psk,
- struct revocation_key *revkey, u32 timestamp)
+ struct revocation_key *revkey, u32 timestamp,
+ const char *cache_nonce)
{
gpg_error_t err;
PACKET *pkt;
@@ -942,7 +943,7 @@
/* Make the signature. */
err = make_keysig_packet (&sig, pk, NULL,NULL, psk, 0x1F,
0, 0, timestamp, 0,
- keygen_add_revkey, revkey);
+ keygen_add_revkey, revkey, cache_nonce);
if (err)
{
log_error ("make_keysig_packet failed: %s\n", g10_errstr (err) );
@@ -963,7 +964,7 @@
signature. */
static gpg_error_t
write_selfsigs (KBNODE root, PKT_public_key *psk,
- unsigned int use, u32 timestamp)
+ unsigned int use, u32 timestamp, const char *cache_nonce)
{
gpg_error_t err;
PACKET *pkt;
@@ -997,7 +998,7 @@
/* Make the signature. */
err = make_keysig_packet (&sig, pk, uid, NULL, psk, 0x13,
0, 0, timestamp, 0,
- keygen_add_std_prefs, pk);
+ keygen_add_std_prefs, pk, cache_nonce);
if (err)
{
log_error ("make_keysig_packet failed: %s\n", g10_errstr (err));
@@ -1019,7 +1020,7 @@
used if USE has the PUBKEY_USAGE_SIG capability. */
static int
write_keybinding (KBNODE root, PKT_public_key *pri_psk, PKT_public_key *sub_psk,
- unsigned int use, u32 timestamp)
+ unsigned int use, u32 timestamp, const char *cache_nonce)
{
gpg_error_t err;
PACKET *pkt;
@@ -1056,7 +1057,8 @@
oduap.pk = sub_pk;
err = make_keysig_packet (&sig, pri_pk, NULL, sub_pk, pri_psk, 0x18,
0, 0, timestamp, 0,
- keygen_add_key_flags_and_expire, &oduap);
+ keygen_add_key_flags_and_expire, &oduap,
+ cache_nonce);
if (err)
{
log_error ("make_keysig_packet failed: %s\n", g10_errstr (err));
@@ -1066,7 +1068,7 @@
/* Make a backsig. */
if (use & PUBKEY_USAGE_SIG)
{
- err = make_backsig (sig, pri_pk, sub_pk, sub_psk, timestamp);
+ err = make_backsig (sig, pri_pk, sub_pk, sub_psk, timestamp, cache_nonce);
if (err)
return err;
}
@@ -3254,13 +3256,14 @@
}
if (!err && (revkey = get_parameter_revkey (para, pREVOKER)))
- err = write_direct_sig (pub_root, pri_psk, revkey, timestamp);
+ err = write_direct_sig (pub_root, pri_psk, revkey, timestamp, cache_nonce);
if (!err && (s = get_parameter_value (para, pUSERID)))
{
write_uid (pub_root, s );
err = write_selfsigs (pub_root, pri_psk,
- get_parameter_uint (para, pKEYUSAGE), timestamp);
+ get_parameter_uint (para, pKEYUSAGE), timestamp,
+ cache_nonce);
}
/* Write the auth key to the card before the encryption key. This
@@ -3277,7 +3280,7 @@
get_parameter_u32 (para, pKEYEXPIRE), para);
if (!err)
err = write_keybinding (pub_root, pri_psk, NULL,
- PUBKEY_USAGE_AUTH, timestamp);
+ PUBKEY_USAGE_AUTH, timestamp, cache_nonce);
}
if (!err && get_parameter (para, pSUBKEYTYPE))
@@ -3327,7 +3330,7 @@
if (!err)
err = write_keybinding (pub_root, pri_psk, sub_psk,
get_parameter_uint (para, pSUBKEYUSAGE),
- timestamp);
+ timestamp, cache_nonce);
did_sub = 1;
}
@@ -3526,7 +3529,7 @@
sub_psk = node->pkt->pkt.public_key;
/* Write the binding signature. */
- err = write_keybinding (keyblock, pri_psk, sub_psk, use, cur_time);
+ err = write_keybinding (keyblock, pri_psk, sub_psk, use, cur_time, NULL);
if (err)
goto leave;
Modified: trunk/g10/main.h
===================================================================
--- trunk/g10/main.h 2010-09-01 11:07:16 UTC (rev 5411)
+++ trunk/g10/main.h 2010-09-01 12:49:05 UTC (rev 5412)
@@ -201,7 +201,8 @@
/*-- sign.c --*/
-int complete_sig (PKT_signature *sig, PKT_public_key *pksk, gcry_md_hd_t md);
+int complete_sig (PKT_signature *sig, PKT_public_key *pksk, gcry_md_hd_t md,
+ const char *cache_nonce);
int sign_file( strlist_t filenames, int detached, strlist_t locusr,
int do_encrypt, strlist_t remusr, const char *outfile );
int clearsign_file( const char *fname, strlist_t locusr, const char *outfile );
@@ -241,7 +242,7 @@
int keygen_add_revkey(PKT_signature *sig, void *opaque);
gpg_error_t make_backsig (PKT_signature *sig, PKT_public_key *pk,
PKT_public_key *sub_pk, PKT_public_key *sub_psk,
- u32 timestamp);
+ u32 timestamp, const char *cache_nonce);
gpg_error_t generate_subkeypair (kbnode_t pub_keyblock);
#ifdef ENABLE_CARD_SUPPORT
int generate_card_subkeypair (KBNODE pub_keyblock, KBNODE sec_keyblock,
Modified: trunk/g10/packet.h
===================================================================
--- trunk/g10/packet.h 2010-09-01 11:07:16 UTC (rev 5411)
+++ trunk/g10/packet.h 2010-09-01 12:49:05 UTC (rev 5412)
@@ -502,7 +502,8 @@
PKT_public_key *pksk, int sigclass, int digest_algo,
int sigversion, u32 timestamp, u32 duration,
int (*mksubpkt)(PKT_signature *, void *),
- void *opaque );
+ void *opaque,
+ const char *cache_nonce);
int update_keysig_packet( PKT_signature **ret_sig,
PKT_signature *orig_sig,
PKT_public_key *pk,
Modified: trunk/g10/passphrase.c
===================================================================
--- trunk/g10/passphrase.c 2010-09-01 11:07:16 UTC (rev 5411)
+++ trunk/g10/passphrase.c 2010-09-01 12:49:05 UTC (rev 5412)
@@ -700,8 +700,6 @@
char *desc;
algo_name = gcry_pk_algo_name (pk->pubkey_algo);
- if (!algo_name)
- algo_name = "?";
timestr = strtimestamp (pk->timestamp);
uid = get_user_id (pk->keyid, &uidlen);
Modified: trunk/g10/revoke.c
===================================================================
--- trunk/g10/revoke.c 2010-09-01 11:07:16 UTC (rev 5411)
+++ trunk/g10/revoke.c 2010-09-01 12:49:05 UTC (rev 5412)
@@ -339,7 +339,8 @@
/* create it */
rc = make_keysig_packet( &sig, pk, NULL, NULL, pk2, 0x20, 0,
0, 0, 0,
- revocation_reason_build_cb, reason );
+ revocation_reason_build_cb, reason,
+ NULL);
if( rc ) {
log_error(_("make_keysig_packet failed: %s\n"), g10_errstr(rc));
goto leave;
@@ -525,7 +526,7 @@
/* create it */
rc = make_keysig_packet (&sig, psk, NULL, NULL, psk, 0x20, 0,
opt.force_v4_certs?4:0, 0, 0,
- revocation_reason_build_cb, reason );
+ revocation_reason_build_cb, reason, NULL);
if (rc)
{
log_error (_("make_keysig_packet failed: %s\n"), g10_errstr (rc));
Modified: trunk/g10/sign.c
===================================================================
--- trunk/g10/sign.c 2010-09-01 11:07:16 UTC (rev 5411)
+++ trunk/g10/sign.c 2010-09-01 12:49:05 UTC (rev 5412)
@@ -242,10 +242,11 @@
return data;
}
-
+/* Perform the sign operation. If CACHE_NONCE is given the agent is
+ advised to use that cached passphrase fro the key. */
static int
do_sign (PKT_public_key *pksk, PKT_signature *sig,
- gcry_md_hd_t md, int mdalgo)
+ gcry_md_hd_t md, int mdalgo, const char *cache_nonce)
{
gpg_error_t err;
gcry_mpi_t frame;
@@ -314,7 +315,7 @@
gcry_sexp_t s_sigval;
desc = gpg_format_keydesc (pksk, 1);
- err = agent_pksign (NULL/*ctrl*/, hexgrip, desc,
+ err = agent_pksign (NULL/*ctrl*/, cache_nonce, hexgrip, desc,
dp, gcry_md_get_algo_dlen (mdalgo), mdalgo,
&s_sigval);
xfree (desc);
@@ -378,12 +379,13 @@
int
-complete_sig (PKT_signature *sig, PKT_public_key *pksk, gcry_md_hd_t md)
+complete_sig (PKT_signature *sig, PKT_public_key *pksk, gcry_md_hd_t md,
+ const char *cache_nonce)
{
int rc;
/* if (!(rc = check_secret_key (pksk, 0))) */
- rc = do_sign (pksk, sig, md, 0);
+ rc = do_sign (pksk, sig, md, 0, cache_nonce);
return rc;
}
@@ -675,7 +677,7 @@
static int
write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash,
int sigclass, u32 timestamp, u32 duration,
- int status_letter)
+ int status_letter, const char *cache_nonce)
{
SK_LIST sk_rover;
@@ -722,7 +724,7 @@
hash_sigversion_to_magic (md, sig);
gcry_md_final (md);
- rc = do_sign (pk, sig, md, hash_for (pk));
+ rc = do_sign (pk, sig, md, hash_for (pk), cache_nonce);
gcry_md_close (md);
if (!rc)
{
@@ -1070,7 +1072,7 @@
/* write the signatures */
rc = write_signature_packets (sk_list, out, mfx.md,
opt.textmode && !outfile? 0x01 : 0x00,
- 0, duration, detached ? 'D':'S');
+ 0, duration, detached ? 'D':'S', NULL);
if( rc )
goto leave;
@@ -1234,8 +1236,9 @@
afx->what = 2;
push_armor_filter (afx, out);
- /* write the signatures */
- rc=write_signature_packets (sk_list, out, textmd, 0x01, 0, duration, 'C');
+ /* Write the signatures. */
+ rc = write_signature_packets (sk_list, out, textmd, 0x01, 0, duration, 'C',
+ NULL);
if( rc )
goto leave;
@@ -1401,7 +1404,7 @@
/*(current filters: zip - encrypt - armor)*/
rc = write_signature_packets (sk_list, out, mfx.md,
opt.textmode? 0x01 : 0x00,
- 0, duration, 'S');
+ 0, duration, 'S', NULL);
if( rc )
goto leave;
@@ -1439,8 +1442,8 @@
PKT_public_key *pksk,
int sigclass, int digest_algo,
int sigversion, u32 timestamp, u32 duration,
- int (*mksubpkt)(PKT_signature *, void *), void *opaque
- )
+ int (*mksubpkt)(PKT_signature *, void *), void *opaque,
+ const char *cache_nonce)
{
PKT_signature *sig;
int rc=0;
@@ -1533,7 +1536,7 @@
hash_sigversion_to_magic (md, sig);
gcry_md_final (md);
- rc = complete_sig (sig, pksk, md);
+ rc = complete_sig (sig, pksk, md, cache_nonce);
}
gcry_md_close (md);
@@ -1562,7 +1565,7 @@
PKT_public_key *subpk,
PKT_public_key *pksk,
int (*mksubpkt)(PKT_signature *, void *),
- void *opaque )
+ void *opaque)
{
PKT_signature *sig;
int rc=0;
@@ -1619,7 +1622,7 @@
hash_sigversion_to_magic (md, sig);
gcry_md_final (md);
- rc = complete_sig (sig, pksk, md);
+ rc = complete_sig (sig, pksk, md, NULL);
}
gcry_md_close (md);
More information about the Gnupg-commits
mailing list