Retry password request during the decryption.

[ni4]

Description

Currently, during public-key decryption, if user enters invalid password for the secret key, decryption fails. More logical would be if CLI repeats password request, including some message like 'Invalid passsword', and stop after a number of attempts.

[antonsviridenko]

Looks like it only makes sense for interactive password provider, like ffi_pass_callback_stdin().

I have CLI tests failing here https://github.com/rnpgp/rnp/blob/4f8add8cd3e58e677ee8d8a3e5e1e27ea602b436/src/tests/cli_tests.py#L4277

As I understand,in each iteration it tries to supply the same password multiple times to the pass-fd and it should match decryption password of one of the decryption keys. When I change number of available attempts (3) it fails, and I guess multiplying numbers of supplied passwords by 3 could fix it, but it's kind of stupid.

User is unable to repeat the password in non-interactive use case like --password= option anyway. In case of pass-fd caller should read and parse the stderr output in order to check if more password attempts are required.

Maybe we can somehow distinguish interactive and non-interactive password providers, so the former can be called multiple times until success or number of attempts is reached? @ni4

[ni4]

@antonsviridenko Actually, problems goes deeper - on the stream-parse.cpp level only single password request attempt is done for each PKESK/SKESK. We should start fixing it from there. I can take over this issue if you wish, as was communicating about this problem with the TB team just few days ago.

[antonsviridenko]

I can take over this issue if you wish, as was communicating about this problem with the TB team just few days ago.

@ni4 ok here is the current state of my changes https://github.com/rnpgp/rnp/pull/2018