This patch modifies slightly the logic of GnuPG Agent's socket
detection. Failure to find a socket at the location specified
by a GPG_AGENT_INFO is now a definitive error (no other locations
are tried), and the socket is not looked for in GnuPG's standard
directories if GNUPGHOME is set.
The patch also modifies the internal behavior of the code to avoid
any memory allocation.
Incenp-bug-id: 7
Starting from version 2.1.17, GnuPG may place all its sockets
in the directory [/var]/run/user/$(id -u)/gnupg, if such a
directory exists.
A socket in that directory would always be found by the call
to gpg-connect-agent that we use as a last resort, but to
avoid that call, we now try to locate the socket under the
[/var]/run directory ourself.
Do not use a dynamically allocated buffer to store the structure
used to pass random bytes to the kernel. The maximum size is
known in advance, so we can use a buffer allocated on the stack.
We can thus get rid of the xmalloc wrapper, which was only used
for that allocation.
Let the standard memcpy function taking care of copying the
random data to the caller-supplied buffer.
In the (unlikely?) event we got more bytes from the daemon than
we requested, return an error instead of silently ignoring it.
When looking for the GPG-Agent's socket, call gpg-connect-agent
as a fallback method. This will have the side-effect of launching
the agent if it was not already running (if the agent is configured
to use a standard socket, which is always the case with GnuPG 2.1).
Instead of reading the raw key from the card, expect to find a
URI-formatted string containing all the parameters needed to
generate the one-time password.
Add a boolean parameter to indicate whether pinentry environment
variables should be passed to the agent.
Setting this parameter to a non-zero value is equivalent to
calling the init_agent_environment function one the connection
with the agent is established.
If the key is to be read from a read-protected DO, ensure that
the appropriate PIN is checked before attempting to read it. If
the PIN has not been previously verified, the GPG Agent will then
take care of it.
Add an option to specify the private DO slot where the key is
to be read, instead of always using private DO #1.
Note that reading from private DOs 3 and 4 will fail if the
appriopriate PIN has not been verified prior the call to
scdtotp.
Allow to chose the HMAC algorithm among SHA-1, SHA-256 and
SHA-512. Other algorithms are available in libgcrypt but those
are the only one specified in RFP 6238.
Add a new tool, scdtotp, to use the OpenPGP smartcard as a poor
man’s one-time password token. The program reads a key from
the smartcard’s private DO and derives and time-based one-time
password from it.
We will use some libgcrypt functions, such as the error handling
functions, so make sure it os present and usable (the programs
already depends on Scdaemon being available, so we are not adding
any new dependency--all of GnuPG should already be there).
When using both -L and -t option (looping for a given number of
times, adding entropy only when needed), decrement the loop counter
only when entropy is actually added to the pool, not when we are
merely waiting for the available entropy to fall below the
requested threshold.