agent: Ignore passphrase constraints for a generated passphrase.

* agent/agent.h (PINENTRY_STATUS_PASSWORD_GENERATED): New. (MAX_GENPIN_TRIES): Remove. * agent/call-pinentry.c (struct entry_parm_s): (struct inq_cb_parm_s): Add genpinhash and genpinhas_valid. (is_generated_pin): New. (inq_cb): Suppress constraints checking for a generated passphrase. No more need for several tries to generate the passphrase. (do_getpin): Store a generated passphrase/pin in the status field. (agent_askpin): Suppress constraints checking for a generated passphrase. (agent_get_passphrase): Ditto. * agent/command.c (cmd_get_passphrase): Ditto. -- A generated passphrase has enough entropy so that all kind of extra checks would only reduce the actual available entropy. We thus detect if a passphrase has been generated (and not changed) and skip all passphrase constraints checking.
author: Werner Koch <[email protected]> 2021-08-18 16:24:35 +0000
committer: Werner Koch <[email protected]> 2021-08-18 16:46:39 +0000
commit: b89b1f35c29ceaebe39b31444936aa66c9297f2c (patch)
tree: 79a5d2e754f1276389eb02c02ba06817ec7c9af8 /agent/command.c
parent: agent: Improve the GENPIN callback. (diff)
download: gnupg-b89b1f35c29ceaebe39b31444936aa66c9297f2c.tar.gz
gnupg-b89b1f35c29ceaebe39b31444936aa66c9297f2c.zip
1 files changed, 10 insertions, 3 deletions
diff --git a/agent/command.c b/agent/command.c
index dd1a2f122..5e2dbc809 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -1760,6 +1760,7 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
   char *entry_errtext = NULL;
   struct pin_entry_info_s *pi = NULL;
   struct pin_entry_info_s *pi2 = NULL;
+  int is_generated;
 
   if (ctrl->restricted)
     return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
@@ -1892,10 +1893,13 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
             goto leave;
           xfree (entry_errtext);
           entry_errtext = NULL;
+          is_generated = !!(pi->status & PINENTRY_STATUS_PASSWORD_GENERATED);
+
           /* We don't allow an empty passpharse in this mode.  */
-          if (check_passphrase_constraints (ctrl, pi->pin,
-                                            pi->constraints_flags,
-                                            &entry_errtext))
+          if (!is_generated
+              && check_passphrase_constraints (ctrl, pi->pin,
+                                               pi->constraints_flags,
+                                               &entry_errtext))
             {
               pi->failed_tries = 0;
               pi2->failed_tries = 0;
@@ -1951,11 +1955,14 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
                                  opt_qualbar, cacheid, CACHE_MODE_USER, NULL);
       xfree (entry_errtext);
       entry_errtext = NULL;
+      is_generated = !!(pi->status & PINENTRY_STATUS_PASSWORD_GENERATED);
+
       if (!rc)
         {
           int i;
 
           if (opt_check
+              && !is_generated
 	      && check_passphrase_constraints
               (ctrl, response,
                (opt_newsymkey? CHECK_CONSTRAINTS_NEW_SYMKEY:0),
author	Werner Koch <[email protected]>	2021-08-18 16:24:35 +0000
committer	Werner Koch <[email protected]>	2021-08-18 16:46:39 +0000
commit	b89b1f35c29ceaebe39b31444936aa66c9297f2c (patch)
tree	79a5d2e754f1276389eb02c02ba06817ec7c9af8 /agent/command.c
parent	agent: Improve the GENPIN callback. (diff)
download	gnupg-b89b1f35c29ceaebe39b31444936aa66c9297f2c.tar.gz gnupg-b89b1f35c29ceaebe39b31444936aa66c9297f2c.zip