Page MenuHome GnuPG

agent: Defer passphrase quality check to external tool.
Needs ReviewPublic

Authored by gouttegd on Aug 6 2017, 5:41 PM.
This revision needs review, but there are no reviewers specified.

Details

Reviewers
None
Summary
  • agent/call-pinentry.c (estimate_passphrase_quality): Call external program to evaluate passphrase if requested.
  • agent/agent.h (struct opt): New field passphrase_quality_checker.
  • agent/gpg-agent.c (oPassphraseChecker): New const.

(opts): New option --passphrase-checker.

(parse_rereadable_options): Handle the new option.

This is a proposal to allow deferring the evaluation of a
passphrase's quality to an external program. The program is
expected to accept the passphrase to its standard input and
to write the quality value on its standard output (this is
the behavior of the pwscore program, part of the libpwquality
project).

GnuPG-bug-id: 2103
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>

Test Plan

Install pwscore (libpwquality-tools in Debian) and run the following commands:

GNUPGHOME=$(mktemp -d /tmp/gnupg.XXXXXX)
export GNUPGHOME
gpg-agent --daemon --passphrase-checker /usr/bin/pwscore --pinentry-program /usr/bin/pinentry-gtk-2
gpg2 --quick-gen-key 'Alice <alice@example.org>'

When pinentry prompts for the new passphrase, check that for a given passphrase, the quality indicator gives the same value than the one returned by pwscore for the same passphrase.

Redo without the --passphrase-checker option and check that the quality indicator behaves as usual (10% per character).

Diff Detail

Repository
rG GnuPG
Lint
Lint Skipped
Unit
Unit Tests Skipped