gpg: allow symmetric encryption with a passphrase

6 years ago · bea899d1ef
parent ccc2174775
commit bea899d1ef
3 changed files with 26 additions and 8 deletions
--- a/libagent/device/ui.py
+++ b/libagent/device/ui.py
@ -24,7 +24,7 @@ class UI(object):
        self.options_getter = create_default_options_getter()
        self.device_name = device_type.__name__

-    def get_pin(self):
+    def get_pin(self, name=None):
        """Ask the user for (scrambled) PIN."""
        description = (
            'Use the numeric keypad to describe number positions.\n'
@ -33,16 +33,16 @@ class UI(object):
            '    4 5 6\n'
            '    1 2 3')
        return interact(
-            title='{} PIN'.format(self.device_name),
+            title='{} PIN'.format(name or self.device_name),
            prompt='PIN:',
            description=description,
            binary=self.pin_entry_binary,
            options=self.options_getter())

-    def get_passphrase(self):
+    def get_passphrase(self, name=None):
        """Ask the user for passphrase."""
        return interact(
-            title='{} passphrase'.format(self.device_name),
+            title='{} passphrase'.format(name or self.device_name),
            prompt='Passphrase:',
            description=None,
            binary=self.passphrase_entry_binary,
--- a/libagent/gpg/agent.py
+++ b/libagent/gpg/agent.py
@ -102,6 +102,7 @@ class Handler(object):
            b'HAVEKEY': lambda _, args: self.have_key(*args),
            b'KEYINFO': _key_info,
            b'SCD': self.handle_scd,
+            b'GET_PASSPHRASE': self.handle_get_passphrase,
        }

    def reset(self):
@ -115,9 +116,26 @@ class Handler(object):
        self.options.append(opt)
        log.debug('options: %s', self.options)

-    def handle_getinfo(self, conn, _args):
+    def handle_get_passphrase(self, conn, args):
+        passphrase = self.client.device.ui.get_passphrase('Symmetric encryption')
+        result = b'D ' + util.assuan_serialize(passphrase.encode('ascii'))
+        keyring.sendline(conn, result, confidential=True)
+
+    def handle_getinfo(self, conn, args):
        """Handle some of the GETINFO messages."""
-        keyring.sendline(conn, b'D ' + self.version)
+        result = None
+        if args[0] == b'version':
+            result = self.version
+        elif args[0] == b's2k_count':
+            # Use highest number of S2K iterations.
+            # https://www.gnupg.org/documentation/manuals/gnupg/OpenPGP-Options.html
+            # https://tools.ietf.org/html/rfc4880#section-3.7.1.3
+            result = '{}'.format(64 << 20).encode('ascii')
+        else:
+            log.warning('Unknown GETINFO command: %s', args)
+
+        if result:
+            keyring.sendline(conn, b'D ' + result)

    def handle_scd(self, conn, args):
        """No support for smart-card device protocol."""
--- a/libagent/gpg/keyring.py
+++ b/libagent/gpg/keyring.py
@ -48,9 +48,9 @@ def communicate(sock, msg):
    return recvline(sock)


-def sendline(sock, msg):
+def sendline(sock, msg, confidential=False):
    """Send a binary message, followed by EOL."""
-    log.debug('<- %r', msg)
+    log.debug('<- %r', ('<snip>' if confidential else msg))
    sock.sendall(msg + b'\n')