[PATCH 0/2] Use external process to check for passphrase quality

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH 0/2] Use external process to check for passphrase quality

Damien Goutte-Gattat
Hi GnuPG folks,

The following patch set provides a way to give the user a better
passphrase quality estimation, as discussed in ticket #2103 [1].

The first patch adds to gpg-agent a new option --passphrase-checker,
which may be set to the pathname of a program that the agent will
call to perform the passphrase quality estimation. The program
should read the passphrase on stdin and write a 0..100 quality
value on stdout. (Such a program is pwscore, from the libpwquality
project [2]).

The second patch changes the behavior of the agent to request a
quality bar from pinentry *only* if either --passphrase-checker
or --check-passphrase-pattern is set, as proposed by Werner.


[1] https://dev.gnupg.org/T2103.

[2] https://github.com/libpwquality/libpwquality

Damien Goutte-Gattat (2):
  agent: Defer passphrase quality check to external tool.
  agent: Disable quality bar by default.

 agent/agent.h         |  3 +++
 agent/call-pinentry.c | 34 +++++++++++++++++++++++++++++-----
 agent/gpg-agent.c     |  6 ++++++
 doc/gpg-agent.texi    |  7 +++++++
 4 files changed, 45 insertions(+), 5 deletions(-)

--
2.14.1


_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Reply | Threaded
Open this post in threaded view
|

[PATCH 1/2] agent: Defer passphrase quality check to external tool.

Damien Goutte-Gattat
* agent/call-pinentry.c (estimate_passphrase_quality): Call external
program to evaluate passphrase if requested.
* agent/agent.h (struct opt): New field passphrase_quality_checker.
* agent/gpg-agent.c (oPassphraseChecker): New const.
(opts): New option --passphrase-checker.
(parse_rereadable_options): Handle the new option.
* doc/gpg-agent.texi: Document the new option.
--

GnuPG-bug-id: 2103
Signed-off-by: Damien Goutte-Gattat <[hidden email]>
---
 agent/agent.h         |  3 +++
 agent/call-pinentry.c | 21 +++++++++++++++++++++
 agent/gpg-agent.c     |  6 ++++++
 doc/gpg-agent.texi    |  7 +++++++
 4 files changed, 37 insertions(+)

diff --git a/agent/agent.h b/agent/agent.h
index 687635dc7..b1c649e1a 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -116,6 +116,9 @@ struct
   /* File name with a patternfile or NULL if not enabled.  */
   const char *check_passphrase_pattern;
 
+  /* Path to a external passphrase checker (NULL to disable). */
+  const char *passphrase_quality_checker;
+
   /* If not 0 the user is asked to change his passphrase after these
      number of days.  */
   unsigned int max_passphrase_days;
diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
index af4eb06f2..1d971db6f 100644
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@@ -39,6 +39,7 @@
 #include <assuan.h>
 #include "../common/sysutils.h"
 #include "../common/i18n.h"
+#include "../common/exectool.h"
 
 #ifdef _POSIX_OPEN_MAX
 #define MAX_OPEN_FDS _POSIX_OPEN_MAX
@@ -785,6 +786,26 @@ estimate_passphrase_quality (const char *pw)
   int length;
   const char *s;
 
+  if (opt.passphrase_quality_checker)
+    {
+      char *output;
+      long percent;
+
+      if (gnupg_exec_tool (opt.passphrase_quality_checker, NULL,
+                           pw, &output, NULL))
+        return 0;
+
+      percent = strtol (output, NULL, 10);
+      if (percent < 0)
+        percent = 0;
+      if (percent > 100)
+        percent = 100;
+
+      xfree (output);
+
+      return percent;
+    }
+
   if (goodlength < 1)
     return 0;
 
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index a1964ece8..7e9a03310 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -110,6 +110,7 @@ enum cmd_and_opt_values
   oMinPassphraseLen,
   oMinPassphraseNonalpha,
   oCheckPassphrasePattern,
+  oPassphraseChecker,
   oMaxPassphraseDays,
   oEnablePassphraseHistory,
   oEnableExtendedKeyFormat,
@@ -224,6 +225,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oCheckPassphrasePattern,  "check-passphrase-pattern", "@"),
   ARGPARSE_s_u (oMaxPassphraseDays,       "max-passphrase-days", "@"),
   ARGPARSE_s_n (oEnablePassphraseHistory, "enable-passphrase-history", "@"),
+  ARGPARSE_s_s (oPassphraseChecker,       "passphrase-checker", "@"),
 
   ARGPARSE_s_n (oIgnoreCacheForSigning, "ignore-cache-for-signing",
                 /* */    N_("do not use the PIN cache when signing")),
@@ -821,6 +823,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
       opt.min_passphrase_len = MIN_PASSPHRASE_LEN;
       opt.min_passphrase_nonalpha = MIN_PASSPHRASE_NONALPHA;
       opt.check_passphrase_pattern = NULL;
+      opt.passphrase_quality_checker = NULL;
       opt.max_passphrase_days = MAX_PASSPHRASE_DAYS;
       opt.enable_passphrase_history = 0;
       opt.enable_extended_key_format = 0;
@@ -890,6 +893,9 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
     case oCheckPassphrasePattern:
       opt.check_passphrase_pattern = pargs->r.ret_str;
       break;
+    case oPassphraseChecker:
+      opt.passphrase_quality_checker = pargs->r.ret_str;
+      break;
     case oMaxPassphraseDays:
       opt.max_passphrase_days = pargs->r.ret_ulong;
       break;
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 3e8bd894d..1a72836aa 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -458,6 +458,13 @@ a policy.  A better policy is to educate users on good security
 behavior and optionally to run a passphrase cracker regularly on all
 users passphrases to catch the very simple ones.
 
+@item --passphrase-checker @var{filename}
+@opindex passphrase-checker
+Call program @var{filename} to estimate the quality of a new passphrase.
+The program is expected to read the passphrase to check on its standard
+input and should print the estimated quality as an integer value between
+0 and 100. The default is not to call any such program.
+
 @item --max-passphrase-days @var{n}
 @opindex max-passphrase-days
 Ask the user to change the passphrase if @var{n} days have passed since
--
2.14.1


_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Reply | Threaded
Open this post in threaded view
|

[PATCH 2/2] agent: Disable quality bar by default.

Damien Goutte-Gattat
In reply to this post by Damien Goutte-Gattat
* agent/call-pinentry.c (SHOW_QUALITYBAR): New symbol.
(agent_askpin): Request a quality bar only if meaningful.
(agent_get_passphrase): Likewise.
--

We should ask Pinentry to display a quality bar only if we have a
decent way (provided by the --passphrase-quality-checker option)
of estimating the quality of the passphrase, or if we check the
passphrase against a list of patterns (--check-passphrase-pattern).

Signed-off-by: Damien Goutte-Gattat <[hidden email]>
---
 agent/call-pinentry.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
index 1d971db6f..7e878df12 100644
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@@ -54,6 +54,12 @@
    time. */
 #define LOCK_TIMEOUT  (1*60)
 
+/* We ask Pinentry to display a quality bar only if we have some way
+   to actually evaluate the quality of the passphrase. */
+#define SHOW_QUALITYBAR (opt.min_passphrase_len \
+                         && (opt.check_passphrase_pattern \
+                             || opt.passphrase_quality_checker))
+
 /* The assuan context of the current pinentry. */
 static assuan_context_t entry_ctx;
 
@@ -1062,10 +1068,7 @@ agent_askpin (ctrl_t ctrl,
   if (rc)
     return unlock_pinentry (ctrl, rc);
 
-  /* If a passphrase quality indicator has been requested and a
-     minimum passphrase length has not been disabled, send the command
-     to the pinentry.  */
-  if (pininfo->with_qualitybar && opt.min_passphrase_len )
+  if (pininfo->with_qualitybar && SHOW_QUALITYBAR)
     {
       rc = setup_qualitybar (ctrl);
       if (rc)
@@ -1272,7 +1275,7 @@ agent_get_passphrase (ctrl_t ctrl,
   if (rc)
     return unlock_pinentry (ctrl, rc);
 
-  if (with_qualitybar && opt.min_passphrase_len)
+  if (with_qualitybar && SHOW_QUALITYBAR)
     {
       rc = setup_qualitybar (ctrl);
       if (rc)
--
2.14.1


_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 0/2] Use external process to check for passphrase quality

Werner Koch
In reply to this post by Damien Goutte-Gattat
On Sat, 30 Dec 2017 11:19, [hidden email] said:
> The following patch set provides a way to give the user a better
> passphrase quality estimation, as discussed in ticket #2103 [1].

Given that this is a long standing complaint I would be fine with adding
this even to 2.2.  Or should we do this only for master?


Salam-Shalom,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

attachment0 (233 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 0/2] Use external process to check for passphrase quality

Damien Goutte-Gattat
On 12/30/2017 12:22 PM, Werner Koch wrote:
> Given that this is a long standing complaint I would be fine with adding
> this even to 2.2.  Or should we do this only for master?

I've written the patch against master but it applies cleanly on
STABLE-BRANCH-2-2 as well. For what it's worth I would like to see it in
a future 2.2 release.


Damien


_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 0/2] Use external process to check for passphrase quality

Damien Goutte-Gattat
In reply to this post by Werner Koch
Hi GnuPG folks,

On 12/30/2017 12:22 PM, Werner Koch wrote:
>> The following patch set provides a way to give the user a better
>> passphrase quality estimation, as discussed in ticket #2103 [1].
>
> Given that this is a long standing complaint I would be fine with adding
> this even to 2.2.  Or should we do this only for master?

Although Werner expressed an interest in this patch set, it does not
seem to have found its way into neither master nor STABLE-BRANCH-2-2.

Any issue that I should work on before it can be merged?

Damien


_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

signature.asc (499 bytes) Download Attachment