bump version

This enables git-cola support TREZOR-based commit signatues,
together with "cola.signcommits=true" setting.

.pylintrc

@@ -1,2 +1,2 @@
 [MESSAGES CONTROL]
-disable=fixme, invalid-name, missing-docstring, locally-disabled, unbalanced-tuple-unpacking
+disable=invalid-name, missing-docstring, locally-disabled, unbalanced-tuple-unpacking

README-GPG.md

@@ -18,87 +18,20 @@ Install latest `trezor-agent` package from GitHub:
 $ pip install --user git+https://github.com/romanz/trezor-agent.git
 ```
 
-Define your GPG user ID as an environment variable:
-```
-$ TREZOR_GPG_USER_ID="John Doe <john@doe.bit>"
-```
+# Quickstart
 
-There are two ways to generate TREZOR-based GPG public keys, as described below.
+## Identity creation
+[![asciicast](https://asciinema.org/a/c2yodst21h9obttkn9wgf3783.png)](https://asciinema.org/a/c2yodst21h9obttkn9wgf3783)
 
-## 1. generate a new GPG identity:
-
-```
-$ trezor-gpg create "${TREZOR_GPG_USER_ID}" | gpg2 --import           # use the TREZOR to confirm signing the primary key
-gpg: key 5E4D684D: public key "John Doe <john@doe.bit>" imported
-gpg: Total number processed: 1
-gpg:               imported: 1
-
-$ gpg2 --edit "${TREZOR_GPG_USER_ID}" trust                           # set this key to ultimate trust (option #5)
-
-$ gpg2 -k
-/home/roman/.gnupg/pubring.kbx
-------------------------------
-pub   nistp256/5E4D684D 2016-06-17 [SC]
-uid         [ultimate] John Doe <john@doe.bit>
-sub   nistp256/A31D9E25 2016-06-17 [E]
-```
-
-## 2. generate a new subkey for an existing GPG identity:
-
-```
-$ gpg2 -k                                                             # suppose there is already a GPG primary key
-/home/roman/.gnupg/pubring.kbx
-------------------------------
-pub   rsa2048/87BB07B4 2016-06-17 [SC]
-uid         [ultimate] John Doe <john@doe.bit>
-sub   rsa2048/7176D31F 2016-06-17 [E]
-
-$ trezor-gpg create --subkey "${TREZOR_GPG_USER_ID}" | gpg2 --import  # use the TREZOR to confirm signing the subkey
-gpg: key 87BB07B4: "John Doe <john@doe.bit>" 2 new signatures
-gpg: key 87BB07B4: "John Doe <john@doe.bit>" 2 new subkeys
-gpg: Total number processed: 1
-gpg:            new subkeys: 2
-gpg:         new signatures: 2
-
-$ gpg2 -k
-/home/roman/.gnupg/pubring.kbx
-------------------------------
-pub   rsa2048/87BB07B4 2016-06-17 [SC]
-uid         [ultimate] John Doe <john@doe.bit>
-sub   rsa2048/7176D31F 2016-06-17 [E]
-sub   nistp256/DDE80B36 2016-06-17 [S]
-sub   nistp256/E3D0BA19 2016-06-17 [E]
-```
-
-# Usage examples:
-
-## Start the TREZOR-based gpg-agent:
-```
-$ trezor-gpg agent &
-```
-Note: this agent intercepts all GPG requests, so make sure to close it (e.g. by using `killall trezor-gpg`),
-when you are done with the TREZOR-based GPG operations.
-
-## Sign and verify GPG messages:
-```
-$ echo "Hello World!" | gpg2 --sign | gpg2 --verify
-gpg: Signature made Fri 17 Jun 2016 08:55:13 PM IDT using ECDSA key ID 5E4D684D
-gpg: Good signature from "John Doe <john@doe.bit>" [ultimate]
-```
-## Encrypt and decrypt GPG messages:
-```
-$ date | gpg2 --encrypt -r "${TREZOR_GPG_USER_ID}" | gpg2 --decrypt
-gpg: encrypted with 256-bit ECDH key, ID A31D9E25, created 2016-06-17
-      "John Doe <john@doe.bit>"
-Fri Jun 17 20:55:31 IDT 2016
-```
+## Sample usage (signature and decryption)
+[![asciicast](https://asciinema.org/a/7x0h9tyoyu5ar6jc8y9oih0ba.png)](https://asciinema.org/a/7x0h9tyoyu5ar6jc8y9oih0ba)
 
 ## Git commit & tag signatures:
 Git can use GPG to sign and verify commits and tags (see [here](https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work)):
 ```
-$ git config --local gpg.program gpg2
+$ git config --local gpg.program $(which gpg2)
 $ git commit --gpg-sign                      # create GPG-signed commit
 $ git log --show-signature -1                # verify commit signature
-$ git tag --sign "TAG"                       # create GPG-signed tag
-$ git verify-tag "TAG"                       # verify tag signature
+$ git tag --sign "v1.2.3"                    # create GPG-signed tag
+$ git verify-tag "v1.2.3"                    # verify tag signature
 ```

scripts/gpg-init

@@ -0,0 +1,32 @@
+#!/bin/bash
+set -eu
+
+USER_ID="${1}"
+HOMEDIR=~/.gnupg/trezor
+CURVE=${CURVE:="nist256p1"}  # or "ed25519"
+TIMESTAMP=${TIMESTAMP:=`date +%s`}  # key creation timestamp
+
+# Prepare new GPG home directory for TREZOR-based identity
+rm -rf "${HOMEDIR}"
+mkdir -p "${HOMEDIR}"
+chmod 700 "${HOMEDIR}"
+
+# Generate new GPG identity and import into GPG keyring
+trezor-gpg-create -v "${USER_ID}" -t "${TIMESTAMP}" -e "${CURVE}" > "${HOMEDIR}/pubkey.asc"
+gpg2 --homedir "${HOMEDIR}" --import < "${HOMEDIR}/pubkey.asc"
+rm -f "${HOMEDIR}/S.gpg-agent"  # (otherwise, our agent won't be started automatically)
+
+# Make new GPG identity with "ultimate" trust (via its fingerprint)
+FINGERPRINT=$(gpg2 --homedir "${HOMEDIR}" --list-public-keys --with-colons | sed -n -E 's/^fpr:::::::::([0-9A-F]+):$/\1/p' | head -n1)
+echo "${FINGERPRINT}:6" | gpg2 --homedir "${HOMEDIR}" --import-ownertrust
+
+# Prepare GPG configuration file
+echo "# TREZOR-based GPG configuration
+agent-program $(which trezor-gpg-agent)
+personal-digest-preferences SHA512
+" | tee "${HOMEDIR}/gpg.conf"
+
+echo "# TREZOR-based GPG agent emulator
+log-file ${HOMEDIR}/gpg-agent.log
+verbosity 2
+" | tee "${HOMEDIR}/gpg-agent.conf"

scripts/gpg-shell

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -eu
+
+export GNUPGHOME=~/.gnupg/trezor
+gpg2 --list-public-keys
+
+${SHELL}

setup.py

@@ -3,7 +3,7 @@ from setuptools import setup
 
 setup(
     name='trezor_agent',
-    version='0.7.4',
+    version='0.7.5',
     description='Using Trezor as hardware SSH agent',
     author='Roman Zeyde',
     author_email='roman.zeyde@gmail.com',
@@ -28,12 +28,13 @@ setup(
         'Topic :: Utilities',
     ],
     extras_require={
-        'trezorlib': ['python-trezor>=0.7.4'],
+        'trezorlib': ['python-trezor>=0.7.6'],
         'keepkeylib': ['keepkey>=0.7.3'],
     },
     entry_points={'console_scripts': [
         'trezor-agent = trezor_agent.__main__:run_agent',
         'trezor-git = trezor_agent.__main__:run_git',
-        'trezor-gpg = trezor_agent.gpg.__main__:main',
+        'trezor-gpg-create = trezor_agent.gpg.__main__:main_create',
+        'trezor-gpg-agent = trezor_agent.gpg.__main__:main_agent',
     ]},
 )

trezor_agent/_ledger.py

@@ -0,0 +1,148 @@
+"""TREZOR-like interface for Ledger hardware wallet."""
+import binascii
+import struct
+
+from trezorlib.types_pb2 import IdentityType  # pylint: disable=import-error,unused-import
+from . import util
+
+
+class LedgerClientConnection(object):
+    """Mock for TREZOR-like connection object."""
+
+    def __init__(self, dongle):
+        """Create connection."""
+        self.dongle = dongle
+
+    @staticmethod
+    def expand_path(path):
+        """Convert BIP32 path into bytes."""
+        return b''.join((struct.pack('>I', e) for e in path))
+
+    @staticmethod
+    def convert_public_key(ecdsa_curve_name, result):
+        """Convert Ledger reply into PublicKey object."""
+        from trezorlib.messages_pb2 import PublicKey  # pylint: disable=import-error
+        if ecdsa_curve_name == 'nist256p1':
+            if (result[64] & 1) != 0:
+                result = bytearray([0x03]) + result[1:33]
+            else:
+                result = bytearray([0x02]) + result[1:33]
+        else:
+            result = result[1:]
+            keyX = bytearray(result[0:32])
+            keyY = bytearray(result[32:][::-1])
+            if (keyX[31] & 1) != 0:
+                keyY[31] |= 0x80
+            result = b'\x00' + bytes(keyY)
+        publicKey = PublicKey()
+        publicKey.node.public_key = bytes(result)
+        return publicKey
+
+    # pylint: disable=unused-argument
+    def get_public_node(self, n, ecdsa_curve_name='secp256k1', show_display=False):
+        """Get PublicKey object for specified BIP32 address and elliptic curve."""
+        donglePath = LedgerClientConnection.expand_path(n)
+        if ecdsa_curve_name == 'nist256p1':
+            p2 = '01'
+        else:
+            p2 = '02'
+        apdu = '800200' + p2
+        apdu = binascii.unhexlify(apdu)
+        apdu += bytearray([len(donglePath) + 1, len(donglePath) // 4])
+        apdu += donglePath
+        result = bytearray(self.dongle.exchange(bytes(apdu)))[1:]
+        return LedgerClientConnection.convert_public_key(ecdsa_curve_name, result)
+
+    # pylint: disable=too-many-locals
+    def sign_identity(self, identity, challenge_hidden, challenge_visual,
+                      ecdsa_curve_name='secp256k1'):
+        """Sign specified challenges using secret key derived from given identity."""
+        from trezorlib.messages_pb2 import SignedIdentity  # pylint: disable=import-error
+        n = util.get_bip32_address(identity)
+        donglePath = LedgerClientConnection.expand_path(n)
+        if identity.proto == 'ssh':
+            ins = '04'
+            p1 = '00'
+        else:
+            ins = '08'
+            p1 = '00'
+        if ecdsa_curve_name == 'nist256p1':
+            p2 = '81' if identity.proto == 'ssh' else '01'
+        else:
+            p2 = '82' if identity.proto == 'ssh' else '02'
+        apdu = '80' + ins + p1 + p2
+        apdu = binascii.unhexlify(apdu)
+        apdu += bytearray([len(challenge_hidden) + len(donglePath) + 1])
+        apdu += bytearray([len(donglePath) // 4]) + donglePath
+        apdu += challenge_hidden
+        result = bytearray(self.dongle.exchange(bytes(apdu)))
+        if ecdsa_curve_name == 'nist256p1':
+            offset = 3
+            length = result[offset]
+            r = result[offset+1:offset+1+length]
+            if r[0] == 0:
+                r = r[1:]
+            offset = offset + 1 + length + 1
+            length = result[offset]
+            s = result[offset+1:offset+1+length]
+            if s[0] == 0:
+                s = s[1:]
+            offset = offset + 1 + length
+            signature = SignedIdentity()
+            signature.signature = b'\x00' + bytes(r) + bytes(s)
+            if identity.proto == 'ssh':
+                keyData = result[offset:]
+                pk = LedgerClientConnection.convert_public_key(ecdsa_curve_name, keyData)
+                signature.public_key = pk.node.public_key
+            return signature
+        else:
+            signature = SignedIdentity()
+            signature.signature = b'\x00' + bytes(result[0:64])
+            if identity.proto == 'ssh':
+                keyData = result[64:]
+                pk = LedgerClientConnection.convert_public_key(ecdsa_curve_name, keyData)
+                signature.public_key = pk.node.public_key
+            return signature
+
+    def get_ecdh_session_key(self, identity, peer_public_key, ecdsa_curve_name='secp256k1'):
+        """Create shared secret key for GPG decryption."""
+        from trezorlib.messages_pb2 import ECDHSessionKey  # pylint: disable=import-error
+        n = util.get_bip32_address(identity, True)
+        donglePath = LedgerClientConnection.expand_path(n)
+        if ecdsa_curve_name == 'nist256p1':
+            p2 = '01'
+        else:
+            p2 = '02'
+        apdu = '800a00' + p2
+        apdu = binascii.unhexlify(apdu)
+        apdu += bytearray([len(peer_public_key) + len(donglePath) + 1])
+        apdu += bytearray([len(donglePath) // 4]) + donglePath
+        apdu += peer_public_key
+        result = bytearray(self.dongle.exchange(bytes(apdu)))
+        sessionKey = ECDHSessionKey()
+        sessionKey.session_key = bytes(result)
+        return sessionKey
+
+    def clear_session(self):
+        """Mock for TREZOR interface compatibility."""
+        pass
+
+    def close(self):
+        """Close connection."""
+        self.dongle.close()
+
+    # pylint: disable=unused-argument
+    # pylint: disable=no-self-use
+    def ping(self, msg, button_protection=False, pin_protection=False,
+             passphrase_protection=False):
+        """Mock for TREZOR interface compatibility."""
+        return msg
+
+
+class CallException(Exception):
+    """Ledger-related error (mainly for TREZOR compatibility)."""
+
+    def __init__(self, code, message):
+        """Create an error."""
+        super(CallException, self).__init__()
+        self.args = [code, message]

trezor_agent/factory.py

@@ -7,8 +7,6 @@ import logging
 
 import semver
 
-from . import util
-
 log = logging.getLogger(__name__)
 
 ClientWrapper = collections.namedtuple(
@@ -85,153 +83,24 @@ def _load_keepkey():
 
 
 def _load_ledger():
-    import struct
-
-    class LedgerClientConnection(object):
-        def __init__(self, dongle):
-            self.dongle = dongle
-
-        @staticmethod
-        def expand_path(path):
-            result = ""
-            for pathElement in path:
-                result = result + struct.pack(">I", pathElement)
-            return result
-
-        @staticmethod
-        def convert_public_key(ecdsa_curve_name, result):
-            from trezorlib.messages_pb2 import PublicKey  # pylint: disable=import-error
-            if ecdsa_curve_name == "nist256p1":
-                if (result[64] & 1) != 0:
-                    result = bytearray([0x03]) + result[1:33]
-                else:
-                    result = bytearray([0x02]) + result[1:33]
-            else:
-                result = result[1:]
-                keyX = bytearray(result[0:32])
-                keyY = bytearray(result[32:][::-1])
-                if (keyX[31] & 1) != 0:
-                    keyY[31] |= 0x80
-                result = chr(0) + str(keyY)
-            publicKey = PublicKey()
-            publicKey.node.public_key = str(result)
-            return publicKey
-
-        # pylint: disable=unused-argument
-        def get_public_node(self, n, ecdsa_curve_name="secp256k1", show_display=False):
-            donglePath = LedgerClientConnection.expand_path(n)
-            if ecdsa_curve_name == "nist256p1":
-                p2 = "01"
-            else:
-                p2 = "02"
-            apdu = "800200" + p2
-            apdu = apdu.decode('hex')
-            apdu += chr(len(donglePath) + 1) + chr(len(donglePath) / 4)
-            apdu += donglePath
-            result = bytearray(self.dongle.exchange(bytes(apdu)))[1:]
-            return LedgerClientConnection.convert_public_key(ecdsa_curve_name, result)
-
-        # pylint: disable=too-many-locals
-        def sign_identity(self, identity, challenge_hidden, challenge_visual,
-                          ecdsa_curve_name="secp256k1"):
-            from trezorlib.messages_pb2 import SignedIdentity  # pylint: disable=import-error
-            n = util.get_bip32_address(identity)
-            donglePath = LedgerClientConnection.expand_path(n)
-            if identity.proto == 'ssh':
-                ins = "04"
-                p1 = "00"
-            else:
-                ins = "08"
-                p1 = "00"
-            if ecdsa_curve_name == "nist256p1":
-                p2 = "81" if identity.proto == 'ssh' else "01"
-            else:
-                p2 = "82" if identity.proto == 'ssh' else "02"
-            apdu = "80" + ins + p1 + p2
-            apdu = apdu.decode('hex')
-            apdu += chr(len(challenge_hidden) + len(donglePath) + 1)
-            apdu += chr(len(donglePath) / 4) + donglePath
-            apdu += challenge_hidden
-            result = bytearray(self.dongle.exchange(bytes(apdu)))
-            if ecdsa_curve_name == "nist256p1":
-                offset = 3
-                length = result[offset]
-                r = result[offset+1:offset+1+length]
-                if r[0] == 0:
-                    r = r[1:]
-                offset = offset + 1 + length + 1
-                length = result[offset]
-                s = result[offset+1:offset+1+length]
-                if s[0] == 0:
-                    s = s[1:]
-                offset = offset + 1 + length
-                signature = SignedIdentity()
-                signature.signature = chr(0) + str(r) + str(s)
-                if identity.proto == 'ssh':
-                    keyData = result[offset:]
-                    pk = LedgerClientConnection.convert_public_key(ecdsa_curve_name, keyData)
-                    signature.public_key = pk.node.public_key
-                return signature
-            else:
-                signature = SignedIdentity()
-                signature.signature = chr(0) + str(result[0:64])
-                if identity.proto == 'ssh':
-                    keyData = result[64:]
-                    pk = LedgerClientConnection.convert_public_key(ecdsa_curve_name, keyData)
-                    signature.public_key = pk.node.public_key
-                return signature
-
-        def get_ecdh_session_key(self, identity, peer_public_key, ecdsa_curve_name="secp256k1"):
-            from trezorlib.messages_pb2 import ECDHSessionKey  # pylint: disable=import-error
-            n = util.get_bip32_address(identity, True)
-            donglePath = LedgerClientConnection.expand_path(n)
-            if ecdsa_curve_name == "nist256p1":
-                p2 = "01"
-            else:
-                p2 = "02"
-            apdu = "800a00" + p2
-            apdu = apdu.decode('hex')
-            apdu += chr(len(peer_public_key) + len(donglePath) + 1)
-            apdu += chr(len(donglePath) / 4) + donglePath
-            apdu += peer_public_key
-            result = bytearray(self.dongle.exchange(bytes(apdu)))
-            sessionKey = ECDHSessionKey()
-            sessionKey.session_key = str(result)
-            return sessionKey
-
-        def clear_session(self):
-            pass
-
-        def close(self):
-            self.dongle.close()
-
-        # pylint: disable=unused-argument
-        # pylint: disable=no-self-use
-        def ping(self, msg, button_protection=False, pin_protection=False,
-                 passphrase_protection=False):
-            return msg
-
-    class CallException(Exception):
-        def __init__(self, code, message):
-            super(CallException, self).__init__()
-            self.args = [code, message]
+    from ._ledger import LedgerClientConnection, CallException, IdentityType
     try:
-        from ledgerblue.comm import getDongle
+        from ledgerblue.comm import getDongle, CommException
     except ImportError as e:
         log.warning('%s: install via "pip install ledgerblue" '
                     'if you need to support this device', e)
         return
-    # pylint: disable=bare-except
     try:
-        from trezorlib.types_pb2 import IdentityType  # pylint: disable=import-error
         dongle = getDongle()
-    except:
+    except CommException:
         return
+
     yield ClientWrapper(connection=LedgerClientConnection(dongle),
                         identity_type=IdentityType,
                         device_name="ledger",
                         call_exception=CallException)
 
+
 LOADERS = [
     _load_trezor,
     _load_keepkey,

trezor_agent/gpg/__main__.py

@@ -2,18 +2,28 @@
 """Create signatures and export public keys for GPG using TREZOR."""
 import argparse
 import contextlib
+import io
 import logging
+import os
 import sys
 import time
 
 import semver
 
-from . import agent, device, encode, keyring, protocol
+from . import agent, decode, device, encode, keyring, protocol
 from .. import formats, server, util
 
 log = logging.getLogger(__name__)
 
 
+def key_exists(user_id):
+    """Return True iff there is a GPG key with specified user ID."""
+    for p in decode.parse_packets(io.BytesIO(keyring.export_public_keys())):
+        if p['type'] == 'user_id' and p['value'] == user_id:
+            return True
+    return False
+
+
 def run_create(args):
     """Generate a new pubkey for a new/existing GPG identity."""
     log.warning('NOTE: in order to re-generate the exact same GPG key later, '
@@ -24,8 +34,9 @@ def run_create(args):
     verifying_key = conn.pubkey(ecdh=False)
     decryption_key = conn.pubkey(ecdh=True)
 
-    if args.subkey:
-        primary_bytes = keyring.export_public_key(user_id=args.user_id)
+    if key_exists(args.user_id):  # add as subkey
+        log.info('adding %s GPG subkey for "%s" to existing key',
+                 args.ecdsa_curve, args.user_id)
         # subkey for signing
         signing_key = protocol.PublicKey(
             curve_name=args.ecdsa_curve, created=args.time,
@@ -34,13 +45,16 @@ def run_create(args):
         encryption_key = protocol.PublicKey(
             curve_name=formats.get_ecdh_curve_name(args.ecdsa_curve),
             created=args.time, verifying_key=decryption_key, ecdh=True)
+        primary_bytes = keyring.export_public_key(args.user_id)
         result = encode.create_subkey(primary_bytes=primary_bytes,
                                       subkey=signing_key,
                                       signer_func=conn.sign)
         result = encode.create_subkey(primary_bytes=result,
                                       subkey=encryption_key,
                                       signer_func=conn.sign)
-    else:
+    else:  # add as primary
+        log.info('creating new %s GPG primary key for "%s"',
+                 args.ecdsa_curve, args.user_id)
         # primary key for signing
         primary = protocol.PublicKey(
             curve_name=args.ecdsa_curve, created=args.time,
@@ -60,35 +74,13 @@ def run_create(args):
     sys.stdout.write(protocol.armor(result, 'PUBLIC KEY BLOCK'))
 
 
-def run_agent(args):  # pylint: disable=unused-argument
-    """Run a simple GPG-agent server."""
-    sock_path = keyring.get_agent_sock_path()
-    with server.unix_domain_socket_server(sock_path) as sock:
-        for conn in agent.yield_connections(sock):
-            with contextlib.closing(conn):
-                try:
-                    agent.handle_connection(conn)
-                except Exception as e:  # pylint: disable=broad-except
-                    log.exception('gpg-agent failed: %s', e)
-
-
-def main():
-    """Main function."""
+def main_create():
+    """Main function for GPG identity creation."""
     p = argparse.ArgumentParser()
+    p.add_argument('user_id')
+    p.add_argument('-e', '--ecdsa-curve', default='nist256p1')
+    p.add_argument('-t', '--time', type=int, default=int(time.time()))
     p.add_argument('-v', '--verbose', default=0, action='count')
-    subparsers = p.add_subparsers()
-    subparsers.required = True
-    subparsers.dest = 'command'
-
-    create_cmd = subparsers.add_parser('create')
-    create_cmd.add_argument('user_id')
-    create_cmd.add_argument('-s', '--subkey', action='store_true', default=False)
-    create_cmd.add_argument('-e', '--ecdsa-curve', default='nist256p1')
-    create_cmd.add_argument('-t', '--time', type=int, default=int(time.time()))
-    create_cmd.set_defaults(run=run_create)
-
-    agent_cmd = subparsers.add_parser('agent')
-    agent_cmd.set_defaults(run=run_agent)
 
     args = p.parse_args()
     util.setup_logging(verbosity=args.verbose)
@@ -99,11 +91,27 @@ def main():
     existing_gpg = keyring.gpg_version().decode('ascii')
     required_gpg = '>=2.1.15'
     if semver.match(existing_gpg, required_gpg):
-        args.run(args)
+        run_create(args)
     else:
         log.error('Existing gpg2 has version "%s" (%s required)',
                   existing_gpg, required_gpg)
 
 
-if __name__ == '__main__':
-    main()
+def main_agent():
+    """Run a simple GPG-agent server."""
+    home_dir = os.environ.get('GNUPGHOME', os.path.expanduser('~/.gnupg/trezor'))
+    config_file = os.path.join(home_dir, 'gpg-agent.conf')
+    lines = (line.strip() for line in open(config_file))
+    lines = (line for line in lines if line and not line.startswith('#'))
+    config = dict(line.split(' ', 1) for line in lines)
+
+    util.setup_logging(verbosity=int(config['verbosity']),
+                       filename=config['log-file'])
+    sock_path = keyring.get_agent_sock_path()
+    with server.unix_domain_socket_server(sock_path) as sock:
+        for conn in agent.yield_connections(sock):
+            with contextlib.closing(conn):
+                try:
+                    agent.handle_connection(conn)
+                except Exception as e:  # pylint: disable=broad-except
+                    log.exception('gpg-agent failed: %s', e)

trezor_agent/gpg/agent.py

@@ -65,7 +65,7 @@ def open_connection(keygrip_bytes):
 
 def pksign(keygrip, digest, algo):
     """Sign a message digest using a private EC key."""
-    assert algo == b'8', 'Unsupported hash algorithm ID {}'.format(algo)
+    log.debug('signing %r digest (algo #%s)', digest, algo)
     keygrip_bytes = binascii.unhexlify(keygrip)
     with open_connection(keygrip_bytes) as conn:
         r, s = conn.sign(binascii.unhexlify(digest))

trezor_agent/gpg/decode.py

@@ -127,7 +127,9 @@ def _parse_signature(stream):
         log.debug('embedded sigs: %s', embedded)
         p['embedded'] = embedded
 
-    p['_is_custom'] = (protocol.CUSTOM_SUBPACKET in p['unhashed_subpackets'])
+    # Detect our custom public keys by matching subpacket data
+    p['_is_custom'] = any(protocol.CUSTOM_KEY_LABEL == subpacket[1:]
+                          for subpacket in p['unhashed_subpackets'])
 
     p['hash_prefix'] = stream.readfmt('2s')
     if p['pubkey_alg'] in ECDSA_ALGO_IDS:

trezor_agent/gpg/device.py

@@ -1,7 +1,11 @@
 """Device abstraction layer for GPG operations."""
 
+import logging
+
 from .. import factory, formats, util
 
+log = logging.getLogger(__name__)
+
 
 class HardwareSigner(object):
     """Sign messages and get public keys from a hardware device."""
@@ -13,6 +17,7 @@ class HardwareSigner(object):
         self.identity.proto = 'gpg'
         self.identity.host = user_id
         self.curve_name = curve_name
+        self.user_id = user_id
 
     def pubkey(self, ecdh=False):
         """Return public key as VerifyingKey object."""
@@ -30,6 +35,11 @@ class HardwareSigner(object):
 
     def sign(self, digest):
         """Sign the digest and return a serialized signature."""
+        log.info('please confirm GPG signature on %s for "%s"...',
+                 self.client_wrapper.device_name, self.user_id)
+        if self.curve_name == formats.CURVE_NIST256:
+            digest = digest[:32]  # sign the first 256 bits
+        log.debug('signing digest: %s', util.hexlify(digest))
         result = self.client_wrapper.connection.sign_identity(
             identity=self.identity,
             challenge_hidden=digest,
@@ -41,6 +51,8 @@ class HardwareSigner(object):
 
     def ecdh(self, pubkey):
         """Derive shared secret using ECDH from remote public key."""
+        log.info('please confirm GPG decryption on %s for "%s"...',
+                 self.client_wrapper.device_name, self.user_id)
         result = self.client_wrapper.connection.get_ecdh_session_key(
             identity=self.identity,
             peer_public_key=pubkey,

trezor_agent/gpg/keyring.py

@@ -24,7 +24,7 @@ def get_agent_sock_path(sp=subprocess):
 def connect_to_agent(sp=subprocess):
     """Connect to GPG agent's UNIX socket."""
     sock_path = get_agent_sock_path(sp=sp)
-    sp.check_call(['gpg-connect-agent', '/bye'])  # Stop current gpg-agent
+    sp.check_call(['gpg-connect-agent', '/bye'])  # Make sure it's running
     sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
     sock.connect(sock_path)
     return sock
@@ -158,7 +158,12 @@ def sign_digest(sock, keygrip, digest, sp=subprocess, environ=None):
     assert communicate(sock, 'SETKEYDESC '
                        'Sign+a+new+TREZOR-based+subkey') == b'OK'
     assert communicate(sock, 'PKSIGN') == b'OK'
-    line = recvline(sock).strip()
+    while True:
+        line = recvline(sock).strip()
+        if line.startswith(b'S PROGRESS'):
+            continue
+        else:
+            break
     line = unescape(line)
     log.debug('unescaped: %r', line)
     prefix, sig = line.split(b' ', 1)

trezor_agent/gpg/protocol.py

@@ -167,7 +167,9 @@ SUPPORTED_CURVES = {
 
 ECDH_ALGO_ID = 18
 
-CUSTOM_SUBPACKET = subpacket(100, b'TREZOR-GPG')  # marks "our" pubkey
+CUSTOM_KEY_LABEL = b'TREZOR-GPG'  # marks "our" pubkey
+CUSTOM_SUBPACKET_ID = 26  # use "policy URL" subpacket
+CUSTOM_SUBPACKET = subpacket(CUSTOM_SUBPACKET_ID, CUSTOM_KEY_LABEL)
 
 
 def get_curve_name_by_oid(oid):

trezor_agent/server.py

@@ -1,5 +1,6 @@
 """UNIX-domain socket server for ssh-agent implementation."""
 import contextlib
+import functools
 import logging
 import os
 import socket
@@ -42,19 +43,24 @@ def unix_domain_socket_server(sock_path):
         remove_file(sock_path)
 
 
-def handle_connection(conn, handler):
+def handle_connection(conn, handler, mutex):
     """
     Handle a single connection using the specified protocol handler in a loop.
 
+    Since this function may be called concurrently from server_thread,
+    the specified mutex is used to synchronize the device handling.
+
     Exit when EOFError is raised.
     All other exceptions are logged as warnings.
     """
     try:
         log.debug('welcome agent')
-        while True:
-            msg = util.read_frame(conn)
-            reply = handler.handle(msg=msg)
-            util.send(conn, reply)
+        with contextlib.closing(conn):
+            while True:
+                msg = util.read_frame(conn)
+                with mutex:
+                    reply = handler.handle(msg=msg)
+                util.send(conn, reply)
     except EOFError:
         log.debug('goodbye agent')
     except Exception as e:  # pylint: disable=broad-except
@@ -77,7 +83,7 @@ def retry(func, exception_type, quit_event):
             pass
 
 
-def server_thread(sock, handler, quit_event):
+def server_thread(sock, handle_conn, quit_event):
     """Run a server on the specified socket."""
     log.debug('server thread started')
 
@@ -93,8 +99,9 @@ def server_thread(sock, handler, quit_event):
         except StopIteration:
             log.debug('server stopped')
             break
-        with contextlib.closing(conn):
-            handle_connection(conn, handler)
+        # Handle connections from SSH concurrently.
+        threading.Thread(target=handle_conn,
+                         kwargs=dict(conn=conn)).start()
     log.debug('server thread stopped')
 
 
@@ -115,14 +122,23 @@ def serve(handler, sock_path=None, timeout=UNIX_SOCKET_TIMEOUT):
     If no connection is made during the specified timeout,
     retry until the context is over.
     """
+    ssh_version = subprocess.check_output(['ssh', '-V'],
+                                          stderr=subprocess.STDOUT)
+    log.debug('local SSH version: %r', ssh_version)
     if sock_path is None:
         sock_path = tempfile.mktemp(prefix='ssh-agent-')
 
     environ = {'SSH_AUTH_SOCK': sock_path, 'SSH_AGENT_PID': str(os.getpid())}
+    device_mutex = threading.Lock()
     with unix_domain_socket_server(sock_path) as sock:
         sock.settimeout(timeout)
         quit_event = threading.Event()
-        kwargs = dict(sock=sock, handler=handler, quit_event=quit_event)
+        handle_conn = functools.partial(handle_connection,
+                                        handler=handler,
+                                        mutex=device_mutex)
+        kwargs = dict(sock=sock,
+                      handle_conn=handle_conn,
+                      quit_event=quit_event)
         with spawn(server_thread, kwargs):
             try:
                 yield environ

trezor_agent/tests/test_server.py

@@ -1,3 +1,4 @@
+import functools
 import io
 import os
 import socket
@@ -37,30 +38,32 @@ class FakeSocket(object):
 
 
 def test_handle():
+    mutex = threading.Lock()
+
     handler = protocol.Handler(keys=[], signer=None)
     conn = FakeSocket()
-    server.handle_connection(conn, handler)
+    server.handle_connection(conn, handler, mutex)
 
     msg = bytearray([protocol.msg_code('SSH_AGENTC_REQUEST_RSA_IDENTITIES')])
     conn = FakeSocket(util.frame(msg))
-    server.handle_connection(conn, handler)
+    server.handle_connection(conn, handler, mutex)
     assert conn.tx.getvalue() == b'\x00\x00\x00\x05\x02\x00\x00\x00\x00'
 
     msg = bytearray([protocol.msg_code('SSH2_AGENTC_REQUEST_IDENTITIES')])
     conn = FakeSocket(util.frame(msg))
-    server.handle_connection(conn, handler)
+    server.handle_connection(conn, handler, mutex)
     assert conn.tx.getvalue() == b'\x00\x00\x00\x05\x0C\x00\x00\x00\x00'
 
     msg = bytearray([protocol.msg_code('SSH2_AGENTC_ADD_IDENTITY')])
     conn = FakeSocket(util.frame(msg))
-    server.handle_connection(conn, handler)
+    server.handle_connection(conn, handler, mutex)
     conn.tx.seek(0)
     reply = util.read_frame(conn.tx)
     assert reply == util.pack('B', protocol.msg_code('SSH_AGENT_FAILURE'))
 
     conn_mock = mock.Mock(spec=FakeSocket)
     conn_mock.recv.side_effect = [Exception, EOFError]
-    server.handle_connection(conn=conn_mock, handler=None)
+    server.handle_connection(conn=conn_mock, handler=None, mutex=mutex)
 
 
 def test_server_thread():
@@ -78,8 +81,10 @@ def test_server_thread():
         def getsockname(self):  # pylint: disable=no-self-use
             return 'fake_server'
 
+    handler = protocol.Handler(keys=[], signer=None),
+    handle_conn = functools.partial(server.handle_connection, handler=handler)
     server.server_thread(sock=FakeServer(),
-                         handler=protocol.Handler(keys=[], signer=None),
+                         handle_conn=handle_conn,
                          quit_event=quit_event)
 
 

trezor_agent/util.py

@@ -229,10 +229,10 @@ def get_bip32_address(identity, ecdh=False):
     return [(hardened | value) for value in address_n]
 
 
-def setup_logging(verbosity):
+def setup_logging(verbosity, **kwargs):
     """Configure logging for this tool."""
     fmt = ('%(asctime)s %(levelname)-12s %(message)-100s '
            '[%(filename)s:%(lineno)d]')
     levels = [logging.WARNING, logging.INFO, logging.DEBUG]
     level = levels[min(verbosity, len(levels) - 1)]
-    logging.basicConfig(format=fmt, level=level)
+    logging.basicConfig(format=fmt, level=level, **kwargs)