From 3d1639d271a14170dd203c041096461a314e74ca Mon Sep 17 00:00:00 2001
From: Roman Zeyde <roman.zeyde@gmail.com>
Date: Wed, 25 Apr 2018 11:13:28 +0300
Subject: [PATCH] gpg: require symmetric passphrase re-entry

---
 libagent/gpg/agent.py | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/libagent/gpg/agent.py b/libagent/gpg/agent.py
index 516be83..1898a77 100644
--- a/libagent/gpg/agent.py
+++ b/libagent/gpg/agent.py
@@ -116,10 +116,15 @@ class Handler(object):
         self.options.append(opt)
         log.debug('options: %s', self.options)
 
-    def handle_get_passphrase(self, conn, args):
-        passphrase = self.client.device.ui.get_passphrase('Symmetric encryption')
-        result = b'D ' + util.assuan_serialize(passphrase.encode('ascii'))
-        keyring.sendline(conn, result, confidential=True)
+    def handle_get_passphrase(self, conn, _):
+        """Allow simple GPG symmetric encryption (using a passphrase)."""
+        p1 = self.client.device.ui.get_passphrase('Symmetric encryption')
+        p2 = self.client.device.ui.get_passphrase('Re-enter encryption')
+        if p1 == p2:
+            result = b'D ' + util.assuan_serialize(p1.encode('ascii'))
+            keyring.sendline(conn, result, confidential=True)
+        else:
+            log.warning('Passphrase does not match!')
 
     def handle_getinfo(self, conn, args):
         """Handle some of the GETINFO messages."""