[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Monotone-devel] ask for passphrase early...?
|
From: |
Tom Tromey |
|
Subject: |
[Monotone-devel] ask for passphrase early...? |
|
Date: |
14 Apr 2004 01:16:30 -0600 |
While playing with cvs_import, I thought it was strange that monotone
would ask me for a passphrase halfway through the process.
I wrote the appended. If passphrase caching is enabled, we'll ask for
it before doing any actual work. Also, we check to make sure that you
entered the correct passphrase.
Any comments?
Tom
--- ChangeLog
+++ ChangeLog
@@ -1,3 +1,10 @@
+2004-04-14 Tom Tromey <address@hidden>
+
+ * rcs_import.cc (import_cvs_repo): Use require_password.
+ Include keys.hh.
+ * keys.hh (require_password): Declare.
+ * keys.cc (require_password): New function.
+
2004-04-13 Tom Tromey <address@hidden>
* monotone.texi: Typo fixes.
--- keys.cc
+++ keys.cc
@@ -23,7 +23,7 @@
#include "transforms.hh"
#include "sanity.hh"
-// copyright (C) 2002, 2003 graydon hoare <address@hidden>
+// copyright (C) 2002, 2003, 2004 graydon hoare <address@hidden>
// all rights reserved.
// licensed to the public under the terms of the GNU GPL (>= 2)
// see the file COPYING for details
@@ -120,7 +120,7 @@
static void
write_der(T & val, SecByteBlock & sec)
{
- // FIXME: this helper is *wrong*. I don't see now to DER-encode into a
+ // FIXME: this helper is *wrong*. I don't see how to DER-encode into a
// SecByteBlock, so we may well wind up leaving raw key bytes in malloc
// regions if we're not lucky. but we want to. maybe muck with
// AllocatorWithCleanup<T>? who knows.. please fix!
@@ -220,7 +220,7 @@
// something.
static std::map<rsa_keypair_id, shared_ptr<RSASSA_PKCS1v15_SHA_Signer> >
signers;
- bool persist_phrase = (!signers.empty()) || lua.hook_persist_phrase_ok();;
+ bool persist_phrase = (!signers.empty()) || lua.hook_persist_phrase_ok();
shared_ptr<RSASSA_PKCS1v15_SHA_Signer> signer;
if (persist_phrase
@@ -367,6 +367,21 @@
calculate_ident(tdat, out);
}
+void
+require_password(lua_hooks & lua,
+ rsa_keypair_id const & key,
+ base64<rsa_pub_key> const & pubkey,
+ base64< arc4<rsa_priv_key> > const & privkey)
+{
+ if (lua.hook_persist_phrase_ok())
+ {
+ string plaintext("hi maude");
+ base64<rsa_sha1_signature> sig;
+ make_signature(lua, key, privkey, plaintext, sig);
+ N(check_signature(lua, key, pubkey, plaintext, sig),
+ F("passphrase for '%s' is incorrect") % key);
+ }
+}
#ifdef BUILD_UNIT_TESTS
#include "unit_tests.hh"
--- keys.hh
+++ keys.hh
@@ -1,7 +1,7 @@
#ifndef __KEYS_HH__
#define __KEYS_HH__
-// copyright (C) 2002, 2003 graydon hoare <address@hidden>
+// copyright (C) 2002, 2003, 2004 graydon hoare <address@hidden>
// all rights reserved.
// licensed to the public under the terms of the GNU GPL (>= 2)
// see the file COPYING for details
@@ -33,6 +33,11 @@
std::string const & alleged_text,
base64<rsa_sha1_signature> const & signature);
+void require_password(lua_hooks & lua,
+ rsa_keypair_id const & id,
+ base64<rsa_pub_key> const & pubkey,
+ base64< arc4<rsa_priv_key> > const & privkey);
+
// netsync stuff
void read_pubkey(std::string const & in,
--- rcs_import.cc
+++ rcs_import.cc
@@ -1 +1 @@
-// copyright (C) 2002, 2003 graydon hoare <address@hidden>
+// copyright (C) 2002, 2003, 2004 graydon hoare <address@hidden>
@@ -31,6 +31,7 @@
#include "cycle_detector.hh"
#include "database.hh"
#include "file_io.hh"
+#include "keys.hh"
#include "interner.hh"
#include "manifest.hh"
#include "packet.hh"
@@ -1105,6 +1106,15 @@
F("no unique private key for cert construction"));
N(app.db.private_key_exists(key),
F("no private key '%s' found in database") % key);
+ // Require the password early on, so that we don't do lots of work
+ // and then die.
+ N(app.db.public_key_exists(key),
+ F("no public key '%s' found in database") % key);
+ base64<rsa_pub_key> pub;
+ app.db.get_key(key, pub);
+ base64< arc4<rsa_priv_key> > priv;
+ app.db.get_key(key, priv);
+ require_password(app.lua, key, pub, priv);
}
cvs_history cvs;
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Monotone-devel] ask for passphrase early...?,
Tom Tromey <=