diff options
author | Werner Koch <wk@gnupg.org> | 2021-05-17 15:42:27 +0200 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2021-05-17 15:42:27 +0200 |
commit | eeb65d3bbd7d461694d30009631739735a2b9bad (patch) | |
tree | 36c3faf456ae44793fd5574cf09a3721aeef2f6d | |
parent | sm: Support decryption of password based encryption (pwri) (diff) | |
download | gnupg2-eeb65d3bbd7d461694d30009631739735a2b9bad.tar.xz gnupg2-eeb65d3bbd7d461694d30009631739735a2b9bad.zip |
sm: Ask for the password for password based decryption (pwri)
* sm/decrypt.c (pwri_decrypt): Add arg ctrl. Ask for passphrase.
* sm/export.c (export_p12): Mark string as translatable.
* sm/import.c (parse_p12): Ditto.
--
This is finishes the support for PWRI.
The N_() marks are added so that we don't rely of the side-effect of
having the same strings in protect-tool.c
Signed-off-by: Werner Koch <wk@gnupg.org>
-rw-r--r-- | sm/decrypt.c | 25 | ||||
-rw-r--r-- | sm/export.c | 4 | ||||
-rw-r--r-- | sm/import.c | 2 |
3 files changed, 25 insertions, 6 deletions
diff --git a/sm/decrypt.c b/sm/decrypt.c index bd6f61038..bac63e1bc 100644 --- a/sm/decrypt.c +++ b/sm/decrypt.c @@ -515,7 +515,7 @@ pwri_parse_pbkdf2 (const unsigned char *der, size_t derlen, * */ static gpg_error_t -pwri_decrypt (gcry_sexp_t enc_val, +pwri_decrypt (ctrl_t ctrl, gcry_sexp_t enc_val, unsigned char **r_result, unsigned int *r_resultlen, struct decrypt_filter_parm_s *parm) { @@ -541,6 +541,7 @@ pwri_decrypt (gcry_sexp_t enc_val, unsigned int saltlen; unsigned long iterations; enum gcry_md_algos digest_algo; + char *passphrase = NULL; *r_resultlen = 0; @@ -654,10 +655,23 @@ pwri_decrypt (gcry_sexp_t enc_val, goto leave; } - err = gcry_kdf_derive ("abc", 3, + err = gpgsm_agent_ask_passphrase + (ctrl, + i18n_utf8 (N_("Please enter the password for decryption.")), + 0, &passphrase); + if (err) + goto leave; + + err = gcry_kdf_derive (passphrase, strlen (passphrase), GCRY_KDF_PBKDF2, digest_algo, salt, saltlen, iterations, keklen, kek); + if (passphrase) + { + wipememory (passphrase, strlen (passphrase)); + xfree (passphrase); + passphrase = NULL; + } if (err) { log_error ("deriving key from passphrase failed: %s\n", @@ -732,6 +746,11 @@ pwri_decrypt (gcry_sexp_t enc_val, wipememory (result, resultlen); xfree (result); } + if (passphrase) + { + wipememory (passphrase, strlen (passphrase)); + xfree (passphrase); + } gcry_cipher_close (encr_hd); xfree (derive_algo_str); xfree (encr_algo_str); @@ -786,7 +805,7 @@ prepare_decryption (ctrl_t ctrl, const char *hexkeygrip, if (rc) goto leave; - rc = pwri_decrypt (s_enc_val, &decrypted, &decryptedlen, parm); + rc = pwri_decrypt (ctrl, s_enc_val, &decrypted, &decryptedlen, parm); gcry_sexp_release (s_enc_val); if (rc) goto leave; diff --git a/sm/export.c b/sm/export.c index 32f04565f..54893b54d 100644 --- a/sm/export.c +++ b/sm/export.c @@ -724,8 +724,8 @@ export_p12 (ctrl_t ctrl, const unsigned char *certimg, size_t certimglen, { err = gpgsm_agent_ask_passphrase (ctrl, - i18n_utf8 ("Please enter the passphrase to protect the " - "new PKCS#12 object."), + i18n_utf8 (N_("Please enter the passphrase to protect the " + "new PKCS#12 object.")), 1, &passphrase); if (err) goto leave; diff --git a/sm/import.c b/sm/import.c index 3d08254c8..0b8fbadb6 100644 --- a/sm/import.c +++ b/sm/import.c @@ -771,7 +771,7 @@ parse_p12 (ctrl_t ctrl, ksba_reader_t reader, struct stats_s *stats) err = gpgsm_agent_ask_passphrase (ctrl, - i18n_utf8 ("Please enter the passphrase to unprotect the PKCS#12 object."), + i18n_utf8 (N_("Please enter the passphrase to unprotect the PKCS#12 object.")), 0, &passphrase); if (err) goto leave; |