summaryrefslogtreecommitdiffstats
path: root/agent (follow)
Commit message (Collapse)AuthorAgeFilesLines
* agent: Use SETDATA --apend for larger data to communicate scdaemon.NIIBE Yutaka2024-12-051-22/+31
| | | | | | | | | | | * agent/call-scd.c (prepare_setdata): New. (agent_card_pksign): Use prepare_setdata for SETDATA. (agent_card_pkdecrypt): Likewise. -- GnuPG-bug-id: 7436 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Fix status output for LISTTRUSTED.NIIBE Yutaka2024-10-311-2/+2
| | | | | | | | | | | * agent/trustlist.c (istrusted_internal): When LISTMODE is enabled, TRUSTLISTFPR status output should be done. -- GnuPG-bug-id: 7363 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org> Fixes-commit: 4275d5fa7a51731544d243ba16628a9958ffe3ce
* agent: Fix resource leak for PRIMARY_CTX.NIIBE Yutaka2024-10-221-0/+3
| | | | | | | | | * agent/call-daemon.c (wait_child_thread): Call assuan_release for PRIMARY_CTX when it's kept for reuse. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Add option --status to the LISTRUSTED command.Werner Koch2024-10-013-16/+60
| | | | | | | | | | | | | * agent/trustlist.c (istrusted_internal): Add arg listmode and print new status line in this mode. Adjust callers. (agent_listtrusted): Add new args ctrl and status_mode. Get all trusted keys and then call is_trusted_internal for all of them. * agent/command.c (cmd_listtrusted): Add new option --status. -- This allows in a non-restricted connection to list all trusted keys in one go.
* agent: Replace hack for old Libgcrypt versions for auto-expand-secmem.Werner Koch2024-09-271-4/+1
| | | | * agent/gpg-agent.c (main) <oAutoExpandSecmem>: Use Libgcrypt const.
* agent: Better diagnostic for a failed key unprotection.Werner Koch2024-09-271-0/+2
| | | | | | | | * agent/findkey.c (unprotect): Print a diagnostic if unprotection failed. -- GnuPG-bug-id: 6375
* agent: Fix detection of the trustflag de-vs.Werner Koch2024-09-191-1/+1
| | | | | | | | * agent/trustlist.c (read_one_trustfile): Fix comparison. -- Fixes-commit: a5360ae4c7bfe6df6754409d5bd5c5a521ae5e6f GnuPG-bug-Id: 5079
* agent: Fix KEYTOCARD for the use case with loopback pinentry.NIIBE Yutaka2024-09-031-0/+7
| | | | | | | | | * agent/command.c (cmd_keytocard): Copy LINE. -- GnuPG-bug-id: 7283 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: When diverting to a card show the name of unsupported algos.Werner Koch2024-08-091-1/+14
| | | | * agent/divert-scd.c (divert_pkdecrypt): Improve error message.
* agent: Avoid memory leak when handling ssh keys.Jakub Jelen2024-07-221-0/+4
| | | | | | | | | | * agent/command-ssh.c (ssh_send_available_keys): Close file and directory on error paths. -- GnuPG-bug-id: 7201 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* agent: Avoid memory leak when handling tpm2.Jakub Jelen2024-07-221-0/+1
| | | | | | | | | | * agent/divert-tpm2.c (agent_write_tpm2_shadow_key): Free memory on errors. -- GnuPG-bug-id: 7201 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* common: On Windows, we care about how PIPE handles are inherited.NIIBE Yutaka2024-07-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (handle_connections): It's for POSIX. * kbx/keyboxd.c (handle_connections): Ditto. * scd/app.c (handle_connections): Ditto. * scd/scdaemon.c (handle_connections): Ditto. tpm2d/tpm2daemon.c (handle_connections): Ditto. * tests/gpgscm/ffi.c (do_pipe): Use GNUPG_PIPE_BOTH. (do_inbound_pipe): Use GNUPG_PIPE_INBOUND. (do_outbound_pipe): Use GNUPG_PIPE_OUTBOUND. * common/call-gpg.c (_gpg_encrypt): Specify outbound and inbound. (_gpg_decrypt): Likewise. * common/exechelp-posix.c (gnupg_create_pipe): Add an argument. * common/exechelp-w32.c (create_pipe_and_estream): Care about how PIPE handles are inherited to child process. (gnupg_create_pipe): Add an argument. * common/exechelp.h: Add enum values. -- Fixes-commit: af6c47b2910f394faf582800d60d88e9b4dcf834 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* Use gpgrt_process_spawn API from libgpg-error.NIIBE Yutaka2024-07-091-8/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/genkey.c (do_check_passphrase_pattern): Use the gpgrt API. * common/asshelp.c (start_new_service): Ditto. * common/exechelp.h: Remove gnupg_process_spawn API. * common/exechelp-posix.c: Remove gnupg_process_spawn implementation. * common/exechelp-w32.c: Likewise. * common/exectool.c (gnupg_exec_tool_stream): Use the gpgrt API. * common/t-exechelp.c (test_pipe_stream): Remove. * dirmngr/ldap-wrapper.c (destroy_wrapper, ldap_reaper_thread): Use the gpgrt API. (ldap_wrapper_connection_cleanup, ldap_wrapper): Ditto. * dirmngr/ldap.c, g10/call-keyboxd.c: No need to include exechelp.h. * g10/photoid.c (run_with_pipe, show_photo): Use the gpgrt API. * g13/be-encfs.c (run_umount_helper, run_encfs_tool): Ditto. * g13/g13.c, g13/mount.c, g13/runner.c: No need to include exechelp.h. * scd/apdu.c: No need to include exechelp.h. * scd/app.c (report_change): Use the gpgrt API. * sm/export.c, sm/import.c: No need to include exechelp.h. * tests/gpgscm/ffi.c (proc_object_finalize, proc_wrap) (do_process_spawn_io, do_process_spawn_fd, do_process_wait): Use the gpgrt API. * tools/gpg-auth.c: No need to include exechelp.h. * tools/gpg-card.c (cmd_gpg): Use the gpgrt API. * tools/gpg-connect-agent.c: No need to include exechelp.h. * tools/gpg-mail-tube.c (mail_tube_encrypt, prepare_for_appimage) (start_gpg_encrypt): Use the gpgrt API. * tools/gpgconf-comp.c (gpg_agent_runtime_change) (scdaemon_runtime_change, tpm2daemon_runtime_change) (dirmngr_runtime_change, keyboxd_runtime_change) (gc_component_launch, gc_component_check_options) (retrieve_options_from_program): Ditto. * tools/gpgconf.c (show_versions_via_dirmngr): Ditto. * tools/gpgtar-create.c (gpgtar_create): Ditto. * tools/gpgtar-extract.c (gpgtar_extract): Ditto. * tools/gpgtar-list.c (gpgtar_list): Ditto. -- GnuPG-bug-id: 7192 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Require use of "SCD DEVINFO --watch" command with socket.NIIBE Yutaka2024-06-281-0/+3
| | | | | | | | | | * agent/call-scd.c (agent_card_devinfo): Check if client connects by a socket. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Initialize thread_startup.fd for pipe connection.NIIBE Yutaka2024-06-281-0/+1
| | | | | | | | * agent/gpg-agent.c (main): Let it have defined value. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Handle SCD DEVINFO --watch command in a special way.NIIBE Yutaka2024-06-271-0/+96
| | | | | | | | | | | | * agent/call-scd.c (devinfo_watch_thread): New. (agent_card_devinfo): New. (agent_card_scd): Call agent_card_devinfo when it's DEVINFO_WATCH_COMMAND. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent:daemon: Add an argument to specify requiring socket connection.NIIBE Yutaka2024-06-274-5/+13
| | | | | | | | | | | | | * agent/agent.h (daemon_start): Add REQ_SOCK argument. * agent/call-daemon.c (daemon_start): Support specifying a socket connection. * agent/call-scd.c (start_scd): Connection don't care. * agent/call-tpm2d.c (start_tpm2d): Likewise. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Clean up for scdaemon handling.NIIBE Yutaka2024-06-111-5/+1
| | | | | | | | * agent/call-daemon.c (struct daemon_local_s): Remove G field. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Fix a race condition which results accessing finished scd.NIIBE Yutaka2024-06-111-4/+6
| | | | | | | | | | | | | * agent/call-daemon.c (daemon_start): Decision of connection/reuse of CTX and assignment to ->ctx should be done with the lock. -- When scdaemon is exiting and agent tries to spawn/connect/reconnect, there is a race condition between detecting finish of scd and spawn/connect/reconnect. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Silence debug output from the PIN caching.Werner Koch2024-06-061-3/+5
| | | | | * agent/call-scd.c (handle_pincache_put): Use log_debug only in cache debug mode.
* indent: Fix spellingDaniel Kahn Gillmor2024-05-319-12/+12
| | | | | | | | | | | | | -- These are non-substantive corrections for minor spelling mistakes within the GnuPG codebase. With something like this applied to the codebase, and a judiciously tuned spellchecker integrated as part of a standard test suite, it should be possible to keep a uniform orthography within the project. GnuPG-bug-id: 7116
* spawn: Remove spawn callback, introduce gnupg_spawn_actions.NIIBE Yutaka2024-05-311-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/exechelp-posix.c (call_spawn_cb): Remove. (gnupg_spawn_actions_new, gnupg_spawn_actions_release) (gnupg_spawn_actions_set_environ, gnupg_spawn_actions_set_atfork) (gnupg_spawn_actions_set_redirect) (gnupg_spawn_actions_set_inherit_fds): New. (my_exec, spawn_detached): Use spawn actions. (gnupg_spawn_helper): Remove. (gnupg_process_spawn): Remove callback, introduce gnupg_spawn_actions. * common/exechelp-w32.c: Ditto. * common/exechelp.h: Ditto. * agent/genkey.c (do_check_passphrase_pattern): Follow the change of gnupg_process_spawn API. * common/asshelp.c (start_new_service): Likewise. * common/exectool.c (gnupg_exec_tool_stream): Likewise. * common/t-exechelp.c (test_pipe_stream): Likewise. * dirmngr/ldap-wrapper.c (ldap_wrapper): Likewise. * g10/photoid.c (run_with_pipe): Likewise. * scd/app.c (report_change): Likewise. * tests/gpgscm/ffi.c (do_process_spawn_io, do_process_spawn_fd): Likewise. * tools/gpg-card.c (cmd_gpg): Likewise. * tools/gpgconf-comp.c (gpg_agent_runtime_change): Likewise. (scdaemon_runtime_change, tpm2daemon_runtime_change) (dirmngr_runtime_change, keyboxd_runtime_change) (gc_component_launch, gc_component_check_options) (retrieve_options_from_program): Likewise. * tools/gpgconf.c (show_versions_via_dirmngr): Likewise. * tools/gpgtar-create.c (gpgtar_create): Likewise. * tools/gpgtar-extract.c (gpgtar_extract): Likewise. * tools/gpgtar-list.c (gpgtar_list): Likewise. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Avoid uninitialized access in GENKEY command on parameter error.Jakub Jelen2024-05-281-2/+2
| | | | | | | | | | * agent/command.c (cmd_genkey): Moved init_membuf to the top. -- Signed-off-by: Jakub Jelen <jjelen@redhat.com> This is part of GnuPG-bug-id: 7129
* agent: Avoid double free of empty string in the PIN caching.Werner Koch2024-05-281-3/+7
| | | | | | | | | | * agent/call-scd.c (handle_pincache_get): Set PIN to NULL. Also add DBG_CACHE conditionals and don't return the pin in the debug output. -- This is part of GnuPG-bug-id: 7129 Co-authored-by: Jakub Jelen <jjelen@redhat.com>
* agent: Make sure to return success in ephemeral store mode.Werner Koch2024-05-281-0/+1
| | | | | | | | | | | | * agent/genkey.c (store_key): Clear ERR on success. -- This fixes a real problem which might let ephemeral store mode fail randomly. This is part of GnuPG-bug-id: 7129 Co-authored-by: Jakub Jelen <jjelen@redhat.com>
* agent:kem:ecc: Support a key on smartcard.NIIBE Yutaka2024-04-263-74/+243
| | | | | | | | | | | | | | | | | * agent/agent.h (agent_card_ecc_kem): New. * agent/divert-scd.c (agent_card_ecc_kem): New. * agent/pkdecrypt.c (ecc_extract_pk_from_key): New. (ecc_extract_sk_from_key): New. (ecc_raw_kem, get_cardkey, ecc_get_curve): New. (ecc_pgp_kem_decrypt): Support a key on smartcard for ECC. (composite_pgp_kem_decrypt): Handle a case of a key on smartcard. * common/sexputil.c (get_ecc_curve_from_key): New. * common/util.h (get_ecc_curve_from_key): New. -- GnuPG-bug-id: 7097 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent:kem: Fix memory leaks.NIIBE Yutaka2024-04-251-3/+6
| | | | | | | | | * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Release shadow_info memory. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Allow NULL for R_PADDING, when calling scd and tpm2d.NIIBE Yutaka2024-04-253-8/+13
| | | | | | | | | | | | | | | * agent/call-scd.c (padding_info_cb): Allow NULL. (agent_card_pkdecrypt): Likewise. * agent/divert-scd.c (divert_pkdecrypt): Likewise. * agent/divert-tpm2.c (divert_tpm2_pkdecrypt): Likewise. -- It's for RSA PKCD#1 encoding if the decrypt operation removes padding or not. When caller knows it's not RSA, this information is no use and it is better to allow NULL with the variable R_PADDING. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent:kem: Factor out ECC KEM operation from composite KEM.NIIBE Yutaka2024-04-241-107/+136
| | | | | | | | | * agent/pkdecrypt.c (ecc_pgp_kem_decrypt): New. (composite_pgp_kem_decrypt): Use ecc_pgp_kem_decrypt. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Simplify diverting operation to the smartcard.NIIBE Yutaka2024-04-241-10/+5
| | | | | | | | * agent/pkdecrypt.c (agent_pkdecrypt): Remove no_shadow_info variable. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* gpg: Support Kyber with Brainpool512r1.Werner Koch2024-04-231-0/+6
| | | | | | | | | | | | | | * common/openpgp-oid.c (oidtable): Add GCRY_KEM_RAW_BP512. * agent/pkdecrypt.c (ecc_table): Support bp512 * g10/pkglue.c (do_encrypt_kem): Ditto. * tests/openpgp/samplekeys: Add sample keys for kyber_bp256, bp384, and bp512. * tests/openpgp/privkeys: Add corresponding private keys. * tests/openpgp/samplemsgs: Add sample messages for those keys. -- GnuPG-bug-id: 6815
* Require Libgcrypt 1.11.0Werner Koch2024-04-231-60/+69
| | | | | | | | | | * configure.ac (NEED_LIBGCRYPT_VERSION): Set to 1.11.0 * agent/pkdecrypt.c (struct ecc_params): Move constants to the top. -- It does not make anymore sense to allow building with older Libgcrypt versions. After all PQ key support is a major feature and for this we need Libgcrypt.
* agent:kem: More fix for PQC KEM with X448.NIIBE Yutaka2024-04-231-17/+16
| | | | | | | | | | | * agent/pkdecrypt.c (struct ecc_params): Remove NAME_LEN field. (ecc_table): Update. (get_ecc_params): Use strcmp. (composite_pgp_kem_decrypt): Fix the call of gnupg_kem_combiner. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent:kem: Support other ML-KEM variants.NIIBE Yutaka2024-04-231-11/+40
| | | | | | | | | | * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Care about ML-KEM 512 and 1024. -- Co-authored-by: Werner Koch <wk@gnupg.org> Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent:kem: Support other ECC curves.NIIBE Yutaka2024-04-231-21/+105
| | | | | | | | | | * agent/pkdecrypt.c (ecc_table): New. (get_ecc_params): New. (composite_pgp_kem_decrypt): Support other curves. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Add more diagnostics to PQC decryption.Werner Koch2024-04-111-16/+69
| | | | | | | | * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use %d for correctness. Add error diagnostics and one extra check. -- GnuPG-bug-id: 7014
* agent: Rename the function using the word "composite"NIIBE Yutaka2024-04-111-5/+5
| | | | | | | | * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Rename. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Fix PQC decryption.NIIBE Yutaka2024-04-111-28/+9
| | | | | | | | | | * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Change the format of SEXP in the protocol for symmetric cipher algorithm identifier. -- GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* doc: Move keyformat.txt to here.Werner Koch2024-04-111-520/+0
| | | | --
* doc: Fix a few typos in agent/keyformat.txtTodd Zullinger via Gnupg-devel2024-04-111-6/+6
| | | | | | -- Signed-off-by: Todd Zullinger <tmz@pobox.com>
* agent:kem: Externalize FIXED_INFO.NIIBE Yutaka2024-04-101-18/+51
| | | | | | | | | * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Don't hard code the value of FIXED_INFO. Get it from frontend. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common,agent: Factor out KEM functions into common/kem.c.NIIBE Yutaka2024-04-101-53/+44
| | | | | | | | | | | | | * common/util.h (compute_kmac256): Remove. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * common/kmac.c (compute_kmac256): Don't expose. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Use gnupg_ecc_kem_kdf and gnupg_kem_combiner. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* gpg: Allow to create a Kyber key from keygrips.Werner Koch2024-04-052-1/+12
| | | | | | | | | | | | | | | | * agent/cvt-openpgp.c (extract_private_key): Support Kyber algorithms. * common/openpgp-oid.c (map_gcry_pk_to_openpgp): Map KEM to Kyber. * common/sexputil.c (get_pk_algo_from_key): Increase buffer for use with "kyber1024". * g10/call-agent.c (agent_get_keyinfo): Fix warning. * g10/keygen.c (do_create_from_keygrip): Support Kyber. (ask_algo): Ditto. -- To test create a standard key and the use --edit-key and "addkey" with selection 13 and use the comma delimited keygrips. GnuPG-bug-id: 7014
* agent: Fix error handling of READKEY.Werner Koch2024-04-051-1/+3
| | | | | | | * agent/command.c (cmd_readkey): Jump to leave on reading error. -- Fixes-commit: d7a3c455c5e29b19b66772f86dda925064e34896
* agent: Make "PKDECRYPT --kem" with optional value work.Werner Koch2024-04-053-6/+11
| | | | | | | | | | | | * agent/command.c (cmd_pkdecrypt): Fix comparison. * agent/agent.h (enum kemids): Rename type and strip trailing comma. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Allow building with Libgcrypt < 1.11 -- Eventually we should change the libgcrypt requirement in configure.
* agent: Add initial support for hybrid ECC+PQC decryption with KEM.NIIBE Yutaka2024-04-053-7/+362
| | | | | | | | | | | | | | | | | * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Add --another option for hybrid crypto.NIIBE Yutaka2024-04-012-6/+15
| | | | | | | | | | * agent/agent.h (struct server_control_s): Add have_keygrip1. * agent/command.c (reset_notify): Clear have_keygrip1 field. (cmd_havekey): Add --another option handling. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* Merge branch 'STABLE-BRANCH-2-4'Werner Koch2024-03-123-8/+11
|\ | | | | | | | | | | | | | | -- Resolved conflicts: NEWS common/exechelp-w32.c configure.ac
| * Allow tilde expansion for the foo-program options.Werner Koch2024-02-272-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (parse_rereadable_options): Use make_filename_try for opt.pinentry_program. Change definition accordingly. * g10/gpg.c (main): Use make_filename for agent_program, dirmngr_program, and keyboxd_program. Change definition accordingly. * sm/gpgsm.c (main): Ditto. * tools/gpg-card.c (parse_arguments): Ditto. * tools/gpg-connect-agent.c (main): Ditto. * tools/gpg-wks-client.c (parse_arguments): Likewise. Do it also for option --output. (process_confirmation_request): Print a note for a successful sent. -- GnuPG-bug-id: 7017
| * agent: Allow GET_PASSPHRASE in restricted mode.Werner Koch2024-02-251-5/+4
| | | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_get_passphrase): Allow use in restricted mode but ignore the cacheid. -- The use case is symmetric encryption via the extra-socket. To avoid that the gpg running on the server has access to the cache we set the cache id to NULL so that the cache is not used at all.
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 14:00:43 +0100