agent: New option --check-sym-passphrase-pattern.

* agent/gpg-agent.c (oCheckSymPassphrasePattern): New.
(opts): Add --check-sym-passphrase-pattern.
(parse_rereadable_options): Set option.
(main): Return option info.
* tools/gpgconf-comp.c: Add new option.
* agent/agent.h (opt): Add var check_sym_passphrase_pattern.
(struct pin_entry_info_s): Add var constraints_flags.
(CHECK_CONSTRAINTS_NOT_EMPTY): New to replace a hardwired 1.
(CHECK_CONSTRAINTS_NEW_SYMKEY): New.
* agent/genkey.c (check_passphrase_pattern): Rename to ...
(do_check_passphrase_pattern): this to make code reading
easier. Handle the --check-sym-passphrase-pattern option.
(check_passphrase_constraints): Replace arg no_empty by a generic
flags arg.  Also handle --check-sym-passphrase-pattern here.
* agent/command.c (cmd_get_passphrase): In --newsymkey mode pass
CHECK_CONSTRAINTS_NEW_SYMKEY flag.
* agent/call-pinentry.c (struct entry_parm_s): Add constraints_flags.
(struct inq_cb_parm_s): New.
(inq_cb): Use new struct for parameter passing.  Pass flags to teh
constraints checking.
(do_getpin): Pass constraints flag down.
(agent_askpin): Take constrainst flag from the supplied pinentry
struct.
--

Requirements for a passphrase to protect a private key and for a
passphrase used for symmetric encryption are different.  Thus a
the use of a different pattern file will be useful.  Note that a
pattern file can be used to replace the other passphrase constraints
options and thus we don't need to duplicate them for symmetric
encryption.

GnuPG-bug-id: 5517
Signed-off-by: Werner Koch <[email protected]>

1 files changed, 9 insertions, 0 deletions

diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 30d7cebaa..dd60847e6 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -113,6 +113,7 @@ enum cmd_and_opt_values
   oMinPassphraseLen,
   oMinPassphraseNonalpha,
   oCheckPassphrasePattern,
+  oCheckSymPassphrasePattern,
   oMaxPassphraseDays,
   oEnablePassphraseHistory,
   oDisableExtendedKeyFormat,
@@ -265,6 +266,8 @@ static gpgrt_opt_t opts[] = {
                    " characters for a new passphrase")),
   ARGPARSE_s_s (oCheckPassphrasePattern,  "check-passphrase-pattern",
                 N_("|FILE|check new passphrases against pattern in FILE")),
+  ARGPARSE_s_s (oCheckSymPassphrasePattern,  "check-sym-passphrase-pattern",
+                "@"),
   ARGPARSE_s_u (oMaxPassphraseDays,       "max-passphrase-days",
                 N_("|N|expire the passphrase after N days")),
   ARGPARSE_s_n (oEnablePassphraseHistory, "enable-passphrase-history",
@@ -862,6 +865,7 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
       opt.min_passphrase_len = MIN_PASSPHRASE_LEN;
       opt.min_passphrase_nonalpha = MIN_PASSPHRASE_NONALPHA;
       opt.check_passphrase_pattern = NULL;
+      opt.check_sym_passphrase_pattern = NULL;
       opt.max_passphrase_days = MAX_PASSPHRASE_DAYS;
       opt.enable_passphrase_history = 0;
       opt.enable_extended_key_format = 1;
@@ -942,6 +946,9 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
     case oCheckPassphrasePattern:
       opt.check_passphrase_pattern = pargs->r.ret_str;
       break;
+    case oCheckSymPassphrasePattern:
+      opt.check_sym_passphrase_pattern = pargs->r.ret_str;
+      break;
     case oMaxPassphraseDays:
       opt.max_passphrase_days = pargs->r.ret_ulong;
       break;
@@ -1440,6 +1447,8 @@ main (int argc, char **argv)
                  GC_OPT_FLAG_DEFAULT, MIN_PASSPHRASE_NONALPHA);
       es_printf ("check-passphrase-pattern:%lu:\n",
                  GC_OPT_FLAG_DEFAULT);
+      es_printf ("check-sym-passphrase-pattern:%lu:\n",
+                 GC_OPT_FLAG_DEFAULT);
       es_printf ("max-passphrase-days:%lu:%d:\n",
                  GC_OPT_FLAG_DEFAULT, MAX_PASSPHRASE_DAYS);
       es_printf ("ssh-fingerprint-digest:%lu:\"%s:\n",