Line data Source code
1 : /* call-agent.c - Divert GPG operations to the agent.
2 : * Copyright (C) 2001-2003, 2006-2011, 2013 Free Software Foundation, Inc.
3 : * Copyright (C) 2013-2015 Werner Koch
4 : *
5 : * This file is part of GnuPG.
6 : *
7 : * GnuPG is free software; you can redistribute it and/or modify
8 : * it under the terms of the GNU General Public License as published by
9 : * the Free Software Foundation; either version 3 of the License, or
10 : * (at your option) any later version.
11 : *
12 : * GnuPG is distributed in the hope that it will be useful,
13 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : * GNU General Public License for more details.
16 : *
17 : * You should have received a copy of the GNU General Public License
18 : * along with this program; if not, see <https://www.gnu.org/licenses/>.
19 : */
20 :
21 : #include <config.h>
22 : #include <stdio.h>
23 : #include <stdlib.h>
24 : #include <string.h>
25 : #include <errno.h>
26 : #include <unistd.h>
27 : #include <time.h>
28 : #ifdef HAVE_LOCALE_H
29 : #include <locale.h>
30 : #endif
31 :
32 : #include "gpg.h"
33 : #include <assuan.h>
34 : #include "util.h"
35 : #include "membuf.h"
36 : #include "options.h"
37 : #include "i18n.h"
38 : #include "asshelp.h"
39 : #include "sysutils.h"
40 : #include "call-agent.h"
41 : #include "status.h"
42 : #include "../common/shareddefs.h"
43 : #include "host2net.h"
44 :
45 : #define CONTROL_D ('D' - 'A' + 1)
46 :
47 :
48 : static assuan_context_t agent_ctx = NULL;
49 : static int did_early_card_test;
50 :
51 : struct default_inq_parm_s
52 : {
53 : ctrl_t ctrl;
54 : assuan_context_t ctx;
55 : struct {
56 : u32 *keyid;
57 : u32 *mainkeyid;
58 : int pubkey_algo;
59 : } keyinfo;
60 : };
61 :
62 : struct cipher_parm_s
63 : {
64 : struct default_inq_parm_s *dflt;
65 : assuan_context_t ctx;
66 : unsigned char *ciphertext;
67 : size_t ciphertextlen;
68 : };
69 :
70 : struct writecert_parm_s
71 : {
72 : struct default_inq_parm_s *dflt;
73 : const unsigned char *certdata;
74 : size_t certdatalen;
75 : };
76 :
77 : struct writekey_parm_s
78 : {
79 : struct default_inq_parm_s *dflt;
80 : const unsigned char *keydata;
81 : size_t keydatalen;
82 : };
83 :
84 : struct genkey_parm_s
85 : {
86 : struct default_inq_parm_s *dflt;
87 : const char *keyparms;
88 : const char *passphrase;
89 : };
90 :
91 : struct import_key_parm_s
92 : {
93 : struct default_inq_parm_s *dflt;
94 : const void *key;
95 : size_t keylen;
96 : };
97 :
98 :
99 : struct cache_nonce_parm_s
100 : {
101 : char **cache_nonce_addr;
102 : char **passwd_nonce_addr;
103 : };
104 :
105 :
106 : static gpg_error_t learn_status_cb (void *opaque, const char *line);
107 :
108 :
109 : �
110 : /* If RC is not 0, write an appropriate status message. */
111 : static void
112 0 : status_sc_op_failure (int rc)
113 : {
114 0 : switch (gpg_err_code (rc))
115 : {
116 : case 0:
117 0 : break;
118 : case GPG_ERR_CANCELED:
119 : case GPG_ERR_FULLY_CANCELED:
120 0 : write_status_text (STATUS_SC_OP_FAILURE, "1");
121 0 : break;
122 : case GPG_ERR_BAD_PIN:
123 0 : write_status_text (STATUS_SC_OP_FAILURE, "2");
124 0 : break;
125 : default:
126 0 : write_status (STATUS_SC_OP_FAILURE);
127 0 : break;
128 : }
129 0 : }
130 :
131 :
132 : /* This is the default inquiry callback. It mainly handles the
133 : Pinentry notifications. */
134 : static gpg_error_t
135 5 : default_inq_cb (void *opaque, const char *line)
136 : {
137 5 : gpg_error_t err = 0;
138 5 : struct default_inq_parm_s *parm = opaque;
139 :
140 5 : if (has_leading_keyword (line, "PINENTRY_LAUNCHED"))
141 : {
142 5 : err = gpg_proxy_pinentry_notify (parm->ctrl, line);
143 5 : if (err)
144 0 : log_error (_("failed to proxy %s inquiry to client\n"),
145 : "PINENTRY_LAUNCHED");
146 : /* We do not pass errors to avoid breaking other code. */
147 : }
148 0 : else if ((has_leading_keyword (line, "PASSPHRASE")
149 0 : || has_leading_keyword (line, "NEW_PASSPHRASE"))
150 0 : && opt.pinentry_mode == PINENTRY_MODE_LOOPBACK)
151 : {
152 0 : if (have_static_passphrase ())
153 : {
154 0 : const char *s = get_static_passphrase ();
155 0 : err = assuan_send_data (parm->ctx, s, strlen (s));
156 : }
157 : else
158 : {
159 : char *pw;
160 : char buf[32];
161 :
162 0 : if (parm->keyinfo.keyid)
163 0 : emit_status_need_passphrase (parm->keyinfo.keyid,
164 : parm->keyinfo.mainkeyid,
165 : parm->keyinfo.pubkey_algo);
166 :
167 0 : snprintf (buf, sizeof (buf), "%u", 100);
168 0 : write_status_text (STATUS_INQUIRE_MAXLEN, buf);
169 0 : pw = cpr_get_hidden ("passphrase.enter", _("Enter passphrase: "));
170 0 : cpr_kill_prompt ();
171 0 : if (*pw == CONTROL_D && !pw[1])
172 0 : err = gpg_error (GPG_ERR_CANCELED);
173 : else
174 0 : err = assuan_send_data (parm->ctx, pw, strlen (pw));
175 0 : xfree (pw);
176 : }
177 : }
178 : else
179 0 : log_debug ("ignoring gpg-agent inquiry '%s'\n", line);
180 :
181 5 : return err;
182 : }
183 :
184 :
185 : /* Print a warning if the server's version number is less than our
186 : version number. Returns an error code on a connection problem. */
187 : static gpg_error_t
188 532 : warn_version_mismatch (assuan_context_t ctx, const char *servername, int mode)
189 : {
190 : gpg_error_t err;
191 : char *serverversion;
192 532 : const char *myversion = strusage (13);
193 :
194 532 : err = get_assuan_server_version (ctx, mode, &serverversion);
195 532 : if (err)
196 0 : log_error (_("error getting version from '%s': %s\n"),
197 : servername, gpg_strerror (err));
198 532 : else if (compare_version_strings (serverversion, myversion) < 0)
199 : {
200 : char *warn;
201 :
202 0 : warn = xtryasprintf (_("server '%s' is older than us (%s < %s)"),
203 : servername, serverversion, myversion);
204 0 : if (!warn)
205 0 : err = gpg_error_from_syserror ();
206 : else
207 : {
208 0 : log_info (_("WARNING: %s\n"), warn);
209 0 : write_status_strings (STATUS_WARNING, "server_version_mismatch 0",
210 : " ", warn, NULL);
211 0 : xfree (warn);
212 : }
213 : }
214 532 : xfree (serverversion);
215 532 : return err;
216 : }
217 :
218 :
219 : /* Try to connect to the agent via socket or fork it off and work by
220 : pipes. Handle the server's initial greeting */
221 : static int
222 1729 : start_agent (ctrl_t ctrl, int for_card)
223 : {
224 : int rc;
225 :
226 : (void)ctrl; /* Not yet used. */
227 :
228 : /* Fixme: We need a context for each thread or serialize the access
229 : to the agent. */
230 1729 : if (agent_ctx)
231 1197 : rc = 0;
232 : else
233 : {
234 1064 : rc = start_new_gpg_agent (&agent_ctx,
235 : GPG_ERR_SOURCE_DEFAULT,
236 : opt.agent_program,
237 532 : opt.lc_ctype, opt.lc_messages,
238 : opt.session_env,
239 532 : opt.autostart, opt.verbose, DBG_IPC,
240 : NULL, NULL);
241 532 : if (!opt.autostart && gpg_err_code (rc) == GPG_ERR_NO_AGENT)
242 0 : {
243 : static int shown;
244 :
245 0 : if (!shown)
246 : {
247 0 : shown = 1;
248 0 : log_info (_("no gpg-agent running in this session\n"));
249 : }
250 : }
251 532 : else if (!rc
252 532 : && !(rc = warn_version_mismatch (agent_ctx, GPG_AGENT_NAME, 0)))
253 : {
254 : /* Tell the agent that we support Pinentry notifications.
255 : No error checking so that it will work also with older
256 : agents. */
257 532 : assuan_transact (agent_ctx, "OPTION allow-pinentry-notify",
258 : NULL, NULL, NULL, NULL, NULL, NULL);
259 : /* Tell the agent about what version we are aware. This is
260 : here used to indirectly enable GPG_ERR_FULLY_CANCELED. */
261 532 : assuan_transact (agent_ctx, "OPTION agent-awareness=2.1.0",
262 : NULL, NULL, NULL, NULL, NULL, NULL);
263 : /* Pass on the pinentry mode. */
264 532 : if (opt.pinentry_mode)
265 : {
266 0 : char *tmp = xasprintf ("OPTION pinentry-mode=%s",
267 0 : str_pinentry_mode (opt.pinentry_mode));
268 0 : rc = assuan_transact (agent_ctx, tmp,
269 : NULL, NULL, NULL, NULL, NULL, NULL);
270 0 : xfree (tmp);
271 0 : if (rc)
272 : {
273 0 : log_error ("setting pinentry mode '%s' failed: %s\n",
274 0 : str_pinentry_mode (opt.pinentry_mode),
275 : gpg_strerror (rc));
276 0 : write_status_error ("set_pinentry_mode", rc);
277 : }
278 : }
279 : }
280 : }
281 :
282 1729 : if (!rc && for_card && !did_early_card_test)
283 : {
284 : /* Request the serial number of the card for an early test. */
285 : struct agent_card_info_s info;
286 :
287 0 : memset (&info, 0, sizeof info);
288 :
289 0 : rc = warn_version_mismatch (agent_ctx, SCDAEMON_NAME, 2);
290 0 : if (!rc)
291 0 : rc = assuan_transact (agent_ctx, "SCD SERIALNO openpgp",
292 : NULL, NULL, NULL, NULL,
293 : learn_status_cb, &info);
294 0 : if (rc)
295 : {
296 0 : switch (gpg_err_code (rc))
297 : {
298 : case GPG_ERR_NOT_SUPPORTED:
299 : case GPG_ERR_NO_SCDAEMON:
300 0 : write_status_text (STATUS_CARDCTRL, "6");
301 0 : break;
302 : case GPG_ERR_OBJ_TERM_STATE:
303 0 : write_status_text (STATUS_CARDCTRL, "7");
304 0 : break;
305 : default:
306 0 : write_status_text (STATUS_CARDCTRL, "4");
307 0 : log_info ("selecting openpgp failed: %s\n", gpg_strerror (rc));
308 0 : break;
309 : }
310 : }
311 :
312 0 : if (!rc && is_status_enabled () && info.serialno)
313 : {
314 : char *buf;
315 :
316 0 : buf = xasprintf ("3 %s", info.serialno);
317 0 : write_status_text (STATUS_CARDCTRL, buf);
318 0 : xfree (buf);
319 : }
320 :
321 0 : agent_release_card_info (&info);
322 :
323 0 : if (!rc)
324 0 : did_early_card_test = 1;
325 : }
326 :
327 :
328 1729 : return rc;
329 : }
330 :
331 :
332 : /* Return a new malloced string by unescaping the string S. Escaping
333 : is percent escaping and '+'/space mapping. A binary nul will
334 : silently be replaced by a 0xFF. Function returns NULL to indicate
335 : an out of memory status. */
336 : static char *
337 0 : unescape_status_string (const unsigned char *s)
338 : {
339 0 : return percent_plus_unescape (s, 0xff);
340 : }
341 :
342 :
343 : /* Take a 20 byte hexencoded string and put it into the the provided
344 : 20 byte buffer FPR in binary format. */
345 : static int
346 0 : unhexify_fpr (const char *hexstr, unsigned char *fpr)
347 : {
348 : const char *s;
349 : int n;
350 :
351 0 : for (s=hexstr, n=0; hexdigitp (s); s++, n++)
352 : ;
353 0 : if (*s || (n != 40))
354 0 : return 0; /* no fingerprint (invalid or wrong length). */
355 0 : for (s=hexstr, n=0; *s; s += 2, n++)
356 0 : fpr[n] = xtoi_2 (s);
357 0 : return 1; /* okay */
358 : }
359 :
360 : /* Take the serial number from LINE and return it verbatim in a newly
361 : allocated string. We make sure that only hex characters are
362 : returned. */
363 : static char *
364 0 : store_serialno (const char *line)
365 : {
366 : const char *s;
367 : char *p;
368 :
369 0 : for (s=line; hexdigitp (s); s++)
370 : ;
371 0 : p = xtrymalloc (s + 1 - line);
372 0 : if (p)
373 : {
374 0 : memcpy (p, line, s-line);
375 0 : p[s-line] = 0;
376 : }
377 0 : return p;
378 : }
379 :
380 :
381 : �
382 : /* This is a dummy data line callback. */
383 : static gpg_error_t
384 0 : dummy_data_cb (void *opaque, const void *buffer, size_t length)
385 : {
386 : (void)opaque;
387 : (void)buffer;
388 : (void)length;
389 0 : return 0;
390 : }
391 :
392 : /* A simple callback used to return the serialnumber of a card. */
393 : static gpg_error_t
394 0 : get_serialno_cb (void *opaque, const char *line)
395 : {
396 0 : char **serialno = opaque;
397 0 : const char *keyword = line;
398 : const char *s;
399 : int keywordlen, n;
400 :
401 0 : for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
402 : ;
403 0 : while (spacep (line))
404 0 : line++;
405 :
406 0 : if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
407 : {
408 0 : if (*serialno)
409 0 : return gpg_error (GPG_ERR_CONFLICT); /* Unexpected status line. */
410 0 : for (n=0,s=line; hexdigitp (s); s++, n++)
411 : ;
412 0 : if (!n || (n&1)|| !(spacep (s) || !*s) )
413 0 : return gpg_error (GPG_ERR_ASS_PARAMETER);
414 0 : *serialno = xtrymalloc (n+1);
415 0 : if (!*serialno)
416 0 : return out_of_core ();
417 0 : memcpy (*serialno, line, n);
418 0 : (*serialno)[n] = 0;
419 : }
420 :
421 0 : return 0;
422 : }
423 :
424 :
425 :
426 : /* Release the card info structure INFO. */
427 : void
428 0 : agent_release_card_info (struct agent_card_info_s *info)
429 : {
430 : int i;
431 :
432 0 : if (!info)
433 0 : return;
434 :
435 0 : xfree (info->reader); info->reader = NULL;
436 0 : xfree (info->serialno); info->serialno = NULL;
437 0 : xfree (info->apptype); info->apptype = NULL;
438 0 : xfree (info->disp_name); info->disp_name = NULL;
439 0 : xfree (info->disp_lang); info->disp_lang = NULL;
440 0 : xfree (info->pubkey_url); info->pubkey_url = NULL;
441 0 : xfree (info->login_data); info->login_data = NULL;
442 0 : info->cafpr1valid = info->cafpr2valid = info->cafpr3valid = 0;
443 0 : info->fpr1valid = info->fpr2valid = info->fpr3valid = 0;
444 0 : for (i=0; i < DIM(info->private_do); i++)
445 : {
446 0 : xfree (info->private_do[i]);
447 0 : info->private_do[i] = NULL;
448 : }
449 : }
450 :
451 :
452 : static gpg_error_t
453 0 : learn_status_cb (void *opaque, const char *line)
454 : {
455 0 : struct agent_card_info_s *parm = opaque;
456 0 : const char *keyword = line;
457 : int keywordlen;
458 : int i;
459 :
460 0 : for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
461 : ;
462 0 : while (spacep (line))
463 0 : line++;
464 :
465 0 : if (keywordlen == 6 && !memcmp (keyword, "READER", keywordlen))
466 : {
467 0 : xfree (parm->reader);
468 0 : parm->reader = unescape_status_string (line);
469 : }
470 0 : else if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
471 : {
472 0 : xfree (parm->serialno);
473 0 : parm->serialno = store_serialno (line);
474 0 : parm->is_v2 = (strlen (parm->serialno) >= 16
475 0 : && xtoi_2 (parm->serialno+12) >= 2 );
476 : }
477 0 : else if (keywordlen == 7 && !memcmp (keyword, "APPTYPE", keywordlen))
478 : {
479 0 : xfree (parm->apptype);
480 0 : parm->apptype = unescape_status_string (line);
481 : }
482 0 : else if (keywordlen == 9 && !memcmp (keyword, "DISP-NAME", keywordlen))
483 : {
484 0 : xfree (parm->disp_name);
485 0 : parm->disp_name = unescape_status_string (line);
486 : }
487 0 : else if (keywordlen == 9 && !memcmp (keyword, "DISP-LANG", keywordlen))
488 : {
489 0 : xfree (parm->disp_lang);
490 0 : parm->disp_lang = unescape_status_string (line);
491 : }
492 0 : else if (keywordlen == 8 && !memcmp (keyword, "DISP-SEX", keywordlen))
493 : {
494 0 : parm->disp_sex = *line == '1'? 1 : *line == '2' ? 2: 0;
495 : }
496 0 : else if (keywordlen == 10 && !memcmp (keyword, "PUBKEY-URL", keywordlen))
497 : {
498 0 : xfree (parm->pubkey_url);
499 0 : parm->pubkey_url = unescape_status_string (line);
500 : }
501 0 : else if (keywordlen == 10 && !memcmp (keyword, "LOGIN-DATA", keywordlen))
502 : {
503 0 : xfree (parm->login_data);
504 0 : parm->login_data = unescape_status_string (line);
505 : }
506 0 : else if (keywordlen == 11 && !memcmp (keyword, "SIG-COUNTER", keywordlen))
507 : {
508 0 : parm->sig_counter = strtoul (line, NULL, 0);
509 : }
510 0 : else if (keywordlen == 10 && !memcmp (keyword, "CHV-STATUS", keywordlen))
511 0 : {
512 : char *p, *buf;
513 :
514 0 : buf = p = unescape_status_string (line);
515 0 : if (buf)
516 : {
517 0 : while (spacep (p))
518 0 : p++;
519 0 : parm->chv1_cached = atoi (p);
520 0 : while (*p && !spacep (p))
521 0 : p++;
522 0 : while (spacep (p))
523 0 : p++;
524 0 : for (i=0; *p && i < 3; i++)
525 : {
526 0 : parm->chvmaxlen[i] = atoi (p);
527 0 : while (*p && !spacep (p))
528 0 : p++;
529 0 : while (spacep (p))
530 0 : p++;
531 : }
532 0 : for (i=0; *p && i < 3; i++)
533 : {
534 0 : parm->chvretry[i] = atoi (p);
535 0 : while (*p && !spacep (p))
536 0 : p++;
537 0 : while (spacep (p))
538 0 : p++;
539 : }
540 0 : xfree (buf);
541 : }
542 : }
543 0 : else if (keywordlen == 6 && !memcmp (keyword, "EXTCAP", keywordlen))
544 0 : {
545 : char *p, *p2, *buf;
546 : int abool;
547 :
548 0 : buf = p = unescape_status_string (line);
549 0 : if (buf)
550 : {
551 0 : for (p = strtok (buf, " "); p; p = strtok (NULL, " "))
552 : {
553 0 : p2 = strchr (p, '=');
554 0 : if (p2)
555 : {
556 0 : *p2++ = 0;
557 0 : abool = (*p2 == '1');
558 0 : if (!strcmp (p, "ki"))
559 0 : parm->extcap.ki = abool;
560 0 : else if (!strcmp (p, "aac"))
561 0 : parm->extcap.aac = abool;
562 0 : else if (!strcmp (p, "si"))
563 0 : parm->status_indicator = strtoul (p2, NULL, 10);
564 : }
565 : }
566 0 : xfree (buf);
567 : }
568 : }
569 0 : else if (keywordlen == 7 && !memcmp (keyword, "KEY-FPR", keywordlen))
570 0 : {
571 0 : int no = atoi (line);
572 0 : while (*line && !spacep (line))
573 0 : line++;
574 0 : while (spacep (line))
575 0 : line++;
576 0 : if (no == 1)
577 0 : parm->fpr1valid = unhexify_fpr (line, parm->fpr1);
578 0 : else if (no == 2)
579 0 : parm->fpr2valid = unhexify_fpr (line, parm->fpr2);
580 0 : else if (no == 3)
581 0 : parm->fpr3valid = unhexify_fpr (line, parm->fpr3);
582 : }
583 0 : else if (keywordlen == 8 && !memcmp (keyword, "KEY-TIME", keywordlen))
584 0 : {
585 0 : int no = atoi (line);
586 0 : while (* line && !spacep (line))
587 0 : line++;
588 0 : while (spacep (line))
589 0 : line++;
590 0 : if (no == 1)
591 0 : parm->fpr1time = strtoul (line, NULL, 10);
592 0 : else if (no == 2)
593 0 : parm->fpr2time = strtoul (line, NULL, 10);
594 0 : else if (no == 3)
595 0 : parm->fpr3time = strtoul (line, NULL, 10);
596 : }
597 0 : else if (keywordlen == 6 && !memcmp (keyword, "CA-FPR", keywordlen))
598 0 : {
599 0 : int no = atoi (line);
600 0 : while (*line && !spacep (line))
601 0 : line++;
602 0 : while (spacep (line))
603 0 : line++;
604 0 : if (no == 1)
605 0 : parm->cafpr1valid = unhexify_fpr (line, parm->cafpr1);
606 0 : else if (no == 2)
607 0 : parm->cafpr2valid = unhexify_fpr (line, parm->cafpr2);
608 0 : else if (no == 3)
609 0 : parm->cafpr3valid = unhexify_fpr (line, parm->cafpr3);
610 : }
611 0 : else if (keywordlen == 8 && !memcmp (keyword, "KEY-ATTR", keywordlen))
612 0 : {
613 0 : int keyno = 0;
614 0 : int algo = PUBKEY_ALGO_RSA;
615 0 : int n = 0;
616 :
617 0 : sscanf (line, "%d %d %n", &keyno, &algo, &n);
618 0 : keyno--;
619 0 : if (keyno < 0 || keyno >= DIM (parm->key_attr))
620 0 : return 0;
621 :
622 0 : parm->key_attr[keyno].algo = algo;
623 0 : if (algo == PUBKEY_ALGO_RSA)
624 0 : parm->key_attr[keyno].nbits = strtoul (line+n+3, NULL, 10);
625 0 : else if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA
626 0 : || algo == PUBKEY_ALGO_EDDSA)
627 0 : parm->key_attr[keyno].curve = openpgp_is_curve_supported (line+n, NULL);
628 : }
629 0 : else if (keywordlen == 12 && !memcmp (keyword, "PRIVATE-DO-", 11)
630 0 : && strchr("1234", keyword[11]))
631 : {
632 0 : int no = keyword[11] - '1';
633 0 : log_assert (no >= 0 && no <= 3);
634 0 : xfree (parm->private_do[no]);
635 0 : parm->private_do[no] = unescape_status_string (line);
636 : }
637 :
638 0 : return 0;
639 : }
640 :
641 : /* Call the scdaemon to learn about a smartcard */
642 : int
643 0 : agent_scd_learn (struct agent_card_info_s *info, int force)
644 : {
645 : int rc;
646 : struct default_inq_parm_s parm;
647 : struct agent_card_info_s dummyinfo;
648 :
649 0 : if (!info)
650 0 : info = &dummyinfo;
651 0 : memset (info, 0, sizeof *info);
652 0 : memset (&parm, 0, sizeof parm);
653 :
654 0 : rc = start_agent (NULL, 1);
655 0 : if (rc)
656 0 : return rc;
657 :
658 : /* Send the serialno command to initialize the connection. We don't
659 : care about the data returned. If the card has already been
660 : initialized, this is a very fast command. The main reason we
661 : need to do this here is to handle a card removed case so that an
662 : "l" command in --card-edit can be used to show ta newly inserted
663 : card. We request the openpgp card because that is what we
664 : expect. */
665 0 : rc = assuan_transact (agent_ctx, "SCD SERIALNO openpgp",
666 : NULL, NULL, NULL, NULL, NULL, NULL);
667 0 : if (rc)
668 0 : return rc;
669 :
670 0 : parm.ctx = agent_ctx;
671 0 : rc = assuan_transact (agent_ctx,
672 : force ? "LEARN --sendinfo --force" : "LEARN --sendinfo",
673 : dummy_data_cb, NULL, default_inq_cb, &parm,
674 : learn_status_cb, info);
675 : /* Also try to get the key attributes. */
676 0 : if (!rc)
677 0 : agent_scd_getattr ("KEY-ATTR", info);
678 :
679 0 : if (info == &dummyinfo)
680 0 : agent_release_card_info (info);
681 :
682 0 : return rc;
683 : }
684 :
685 :
686 : /* Send an APDU to the current card. On success the status word is
687 : stored at R_SW. With HEXAPDU being NULL only a RESET command is
688 : send to scd. With HEXAPDU being the string "undefined" the command
689 : "SERIALNO undefined" is send to scd. */
690 : gpg_error_t
691 0 : agent_scd_apdu (const char *hexapdu, unsigned int *r_sw)
692 : {
693 : gpg_error_t err;
694 :
695 : /* Start the agent but not with the card flag so that we do not
696 : autoselect the openpgp application. */
697 0 : err = start_agent (NULL, 0);
698 0 : if (err)
699 0 : return err;
700 :
701 0 : if (!hexapdu)
702 : {
703 0 : err = assuan_transact (agent_ctx, "SCD RESET",
704 : NULL, NULL, NULL, NULL, NULL, NULL);
705 :
706 : }
707 0 : else if (!strcmp (hexapdu, "undefined"))
708 : {
709 0 : err = assuan_transact (agent_ctx, "SCD SERIALNO undefined",
710 : NULL, NULL, NULL, NULL, NULL, NULL);
711 : }
712 : else
713 : {
714 : char line[ASSUAN_LINELENGTH];
715 : membuf_t mb;
716 : unsigned char *data;
717 : size_t datalen;
718 :
719 0 : init_membuf (&mb, 256);
720 :
721 0 : snprintf (line, DIM(line), "SCD APDU %s", hexapdu);
722 0 : err = assuan_transact (agent_ctx, line,
723 : put_membuf_cb, &mb, NULL, NULL, NULL, NULL);
724 0 : if (!err)
725 : {
726 0 : data = get_membuf (&mb, &datalen);
727 0 : if (!data)
728 0 : err = gpg_error_from_syserror ();
729 0 : else if (datalen < 2) /* Ooops */
730 0 : err = gpg_error (GPG_ERR_CARD);
731 : else
732 : {
733 0 : *r_sw = buf16_to_uint (data+datalen-2);
734 : }
735 0 : xfree (data);
736 : }
737 : }
738 :
739 0 : return err;
740 : }
741 :
742 :
743 : int
744 0 : agent_keytocard (const char *hexgrip, int keyno, int force,
745 : const char *serialno, const char *timestamp)
746 : {
747 : int rc;
748 : char line[ASSUAN_LINELENGTH];
749 : struct default_inq_parm_s parm;
750 :
751 0 : memset (&parm, 0, sizeof parm);
752 :
753 0 : snprintf (line, DIM(line), "KEYTOCARD %s%s %s OPENPGP.%d %s",
754 : force?"--force ": "", hexgrip, serialno, keyno, timestamp);
755 :
756 0 : rc = start_agent (NULL, 1);
757 0 : if (rc)
758 0 : return rc;
759 0 : parm.ctx = agent_ctx;
760 :
761 0 : rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, &parm,
762 : NULL, NULL);
763 0 : if (rc)
764 0 : return rc;
765 :
766 0 : return rc;
767 : }
768 : �
769 : /* Call the agent to retrieve a data object. This function returns
770 : the data in the same structure as used by the learn command. It is
771 : allowed to update such a structure using this commmand. */
772 : int
773 0 : agent_scd_getattr (const char *name, struct agent_card_info_s *info)
774 : {
775 : int rc;
776 : char line[ASSUAN_LINELENGTH];
777 : struct default_inq_parm_s parm;
778 :
779 0 : memset (&parm, 0, sizeof parm);
780 :
781 0 : if (!*name)
782 0 : return gpg_error (GPG_ERR_INV_VALUE);
783 :
784 : /* We assume that NAME does not need escaping. */
785 0 : if (12 + strlen (name) > DIM(line)-1)
786 0 : return gpg_error (GPG_ERR_TOO_LARGE);
787 0 : stpcpy (stpcpy (line, "SCD GETATTR "), name);
788 :
789 0 : rc = start_agent (NULL, 1);
790 0 : if (rc)
791 0 : return rc;
792 :
793 0 : parm.ctx = agent_ctx;
794 0 : rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, &parm,
795 : learn_status_cb, info);
796 :
797 0 : return rc;
798 : }
799 :
800 : �
801 : /* Send an setattr command to the SCdaemon. SERIALNO is not actually
802 : used here but required by gpg 1.4's implementation of this code in
803 : cardglue.c. */
804 : int
805 0 : agent_scd_setattr (const char *name,
806 : const unsigned char *value, size_t valuelen,
807 : const char *serialno)
808 : {
809 : int rc;
810 : char line[ASSUAN_LINELENGTH];
811 : char *p;
812 : struct default_inq_parm_s parm;
813 :
814 0 : memset (&parm, 0, sizeof parm);
815 :
816 : (void)serialno;
817 :
818 0 : if (!*name || !valuelen)
819 0 : return gpg_error (GPG_ERR_INV_VALUE);
820 :
821 : /* We assume that NAME does not need escaping. */
822 0 : if (12 + strlen (name) > DIM(line)-1)
823 0 : return gpg_error (GPG_ERR_TOO_LARGE);
824 :
825 0 : p = stpcpy (stpcpy (line, "SCD SETATTR "), name);
826 0 : *p++ = ' ';
827 0 : for (; valuelen; value++, valuelen--)
828 : {
829 0 : if (p >= line + DIM(line)-5 )
830 0 : return gpg_error (GPG_ERR_TOO_LARGE);
831 0 : if (*value < ' ' || *value == '+' || *value == '%')
832 : {
833 0 : sprintf (p, "%%%02X", *value);
834 0 : p += 3;
835 : }
836 0 : else if (*value == ' ')
837 0 : *p++ = '+';
838 : else
839 0 : *p++ = *value;
840 : }
841 0 : *p = 0;
842 :
843 0 : rc = start_agent (NULL, 1);
844 0 : if (!rc)
845 : {
846 0 : parm.ctx = agent_ctx;
847 0 : rc = assuan_transact (agent_ctx, line, NULL, NULL,
848 : default_inq_cb, &parm, NULL, NULL);
849 : }
850 :
851 0 : status_sc_op_failure (rc);
852 0 : return rc;
853 : }
854 :
855 :
856 : �
857 : /* Handle a CERTDATA inquiry. Note, we only send the data,
858 : assuan_transact takes care of flushing and writing the END
859 : command. */
860 : static gpg_error_t
861 0 : inq_writecert_parms (void *opaque, const char *line)
862 : {
863 : int rc;
864 0 : struct writecert_parm_s *parm = opaque;
865 :
866 0 : if (has_leading_keyword (line, "CERTDATA"))
867 : {
868 0 : rc = assuan_send_data (parm->dflt->ctx,
869 0 : parm->certdata, parm->certdatalen);
870 : }
871 : else
872 0 : rc = default_inq_cb (parm->dflt, line);
873 :
874 0 : return rc;
875 : }
876 :
877 :
878 : /* Send a WRITECERT command to the SCdaemon. */
879 : int
880 0 : agent_scd_writecert (const char *certidstr,
881 : const unsigned char *certdata, size_t certdatalen)
882 : {
883 : int rc;
884 : char line[ASSUAN_LINELENGTH];
885 : struct writecert_parm_s parms;
886 : struct default_inq_parm_s dfltparm;
887 :
888 0 : memset (&dfltparm, 0, sizeof dfltparm);
889 :
890 0 : rc = start_agent (NULL, 1);
891 0 : if (rc)
892 0 : return rc;
893 :
894 0 : memset (&parms, 0, sizeof parms);
895 :
896 0 : snprintf (line, DIM(line), "SCD WRITECERT %s", certidstr);
897 0 : dfltparm.ctx = agent_ctx;
898 0 : parms.dflt = &dfltparm;
899 0 : parms.certdata = certdata;
900 0 : parms.certdatalen = certdatalen;
901 :
902 0 : rc = assuan_transact (agent_ctx, line, NULL, NULL,
903 : inq_writecert_parms, &parms, NULL, NULL);
904 :
905 0 : return rc;
906 : }
907 :
908 :
909 : �
910 : /* Handle a KEYDATA inquiry. Note, we only send the data,
911 : assuan_transact takes care of flushing and writing the end */
912 : static gpg_error_t
913 0 : inq_writekey_parms (void *opaque, const char *line)
914 : {
915 : int rc;
916 0 : struct writekey_parm_s *parm = opaque;
917 :
918 0 : if (has_leading_keyword (line, "KEYDATA"))
919 : {
920 0 : rc = assuan_send_data (parm->dflt->ctx, parm->keydata, parm->keydatalen);
921 : }
922 : else
923 0 : rc = default_inq_cb (parm->dflt, line);
924 :
925 0 : return rc;
926 : }
927 :
928 :
929 : /* Send a WRITEKEY command to the SCdaemon. */
930 : int
931 0 : agent_scd_writekey (int keyno, const char *serialno,
932 : const unsigned char *keydata, size_t keydatalen)
933 : {
934 : int rc;
935 : char line[ASSUAN_LINELENGTH];
936 : struct writekey_parm_s parms;
937 : struct default_inq_parm_s dfltparm;
938 :
939 0 : memset (&dfltparm, 0, sizeof dfltparm);
940 :
941 : (void)serialno;
942 :
943 0 : rc = start_agent (NULL, 1);
944 0 : if (rc)
945 0 : return rc;
946 :
947 0 : memset (&parms, 0, sizeof parms);
948 :
949 0 : snprintf (line, DIM(line), "SCD WRITEKEY --force OPENPGP.%d", keyno);
950 0 : dfltparm.ctx = agent_ctx;
951 0 : parms.dflt = &dfltparm;
952 0 : parms.keydata = keydata;
953 0 : parms.keydatalen = keydatalen;
954 :
955 0 : rc = assuan_transact (agent_ctx, line, NULL, NULL,
956 : inq_writekey_parms, &parms, NULL, NULL);
957 :
958 0 : status_sc_op_failure (rc);
959 0 : return rc;
960 : }
961 :
962 :
963 : �
964 : /* Status callback for the SCD GENKEY command. */
965 : static gpg_error_t
966 0 : scd_genkey_cb (void *opaque, const char *line)
967 : {
968 0 : u32 *createtime = opaque;
969 0 : const char *keyword = line;
970 : int keywordlen;
971 :
972 0 : for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
973 : ;
974 0 : while (spacep (line))
975 0 : line++;
976 :
977 0 : if (keywordlen == 14 && !memcmp (keyword,"KEY-CREATED-AT", keywordlen))
978 : {
979 0 : *createtime = (u32)strtoul (line, NULL, 10);
980 : }
981 0 : else if (keywordlen == 8 && !memcmp (keyword, "PROGRESS", keywordlen))
982 : {
983 0 : write_status_text (STATUS_PROGRESS, line);
984 : }
985 :
986 0 : return 0;
987 : }
988 :
989 : /* Send a GENKEY command to the SCdaemon. If *CREATETIME is not 0,
990 : the value will be passed to SCDAEMON with --timestamp option so that
991 : the key is created with this. Otherwise, timestamp was generated by
992 : SCDEAMON. On success, creation time is stored back to
993 : CREATETIME. */
994 : int
995 0 : agent_scd_genkey (int keyno, int force, u32 *createtime)
996 : {
997 : int rc;
998 : char line[ASSUAN_LINELENGTH];
999 : gnupg_isotime_t tbuf;
1000 : struct default_inq_parm_s dfltparm;
1001 :
1002 0 : memset (&dfltparm, 0, sizeof dfltparm);
1003 :
1004 0 : rc = start_agent (NULL, 1);
1005 0 : if (rc)
1006 0 : return rc;
1007 :
1008 0 : if (*createtime)
1009 0 : epoch2isotime (tbuf, *createtime);
1010 : else
1011 0 : *tbuf = 0;
1012 :
1013 0 : snprintf (line, DIM(line), "SCD GENKEY %s%s %s %d",
1014 0 : *tbuf? "--timestamp=":"", tbuf,
1015 : force? "--force":"",
1016 : keyno);
1017 :
1018 0 : dfltparm.ctx = agent_ctx;
1019 0 : rc = assuan_transact (agent_ctx, line,
1020 : NULL, NULL, default_inq_cb, &dfltparm,
1021 : scd_genkey_cb, createtime);
1022 :
1023 0 : status_sc_op_failure (rc);
1024 0 : return rc;
1025 : }
1026 :
1027 :
1028 :
1029 : �
1030 : /* Issue an SCD SERIALNO openpgp command and if SERIALNO is not NULL
1031 : ask the user to insert the requested card. */
1032 : gpg_error_t
1033 0 : select_openpgp (const char *serialno)
1034 : {
1035 : gpg_error_t err;
1036 :
1037 : /* Send the serialno command to initialize the connection. Without
1038 : a given S/N we don't care about the data returned. If the card
1039 : has already been initialized, this is a very fast command. We
1040 : request the openpgp card because that is what we expect.
1041 :
1042 : Note that an opt.limit_card_insert_tries of 1 means: No tries at
1043 : all whereas 0 means do not limit the number of tries. Due to the
1044 : sue of a pinentry prompt with a cancel option we use it here in a
1045 : boolean sense. */
1046 0 : if (!serialno || opt.limit_card_insert_tries == 1)
1047 0 : err = assuan_transact (agent_ctx, "SCD SERIALNO openpgp",
1048 : NULL, NULL, NULL, NULL, NULL, NULL);
1049 : else
1050 : {
1051 0 : char *this_sn = NULL;
1052 : char *desc;
1053 : int ask;
1054 : char *want_sn;
1055 : char *p;
1056 :
1057 0 : want_sn = xtrystrdup (serialno);
1058 0 : if (!want_sn)
1059 0 : return gpg_error_from_syserror ();
1060 0 : p = strchr (want_sn, '/');
1061 0 : if (p)
1062 0 : *p = 0;
1063 :
1064 : do
1065 : {
1066 0 : ask = 0;
1067 0 : err = assuan_transact (agent_ctx, "SCD SERIALNO openpgp",
1068 : NULL, NULL, NULL, NULL,
1069 : get_serialno_cb, &this_sn);
1070 0 : if (gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT)
1071 0 : ask = 1;
1072 0 : else if (gpg_err_code (err) == GPG_ERR_NOT_SUPPORTED)
1073 0 : ask = 2;
1074 0 : else if (err)
1075 : ;
1076 0 : else if (this_sn)
1077 : {
1078 0 : if (strcmp (want_sn, this_sn))
1079 0 : ask = 2;
1080 : }
1081 :
1082 0 : xfree (this_sn);
1083 0 : this_sn = NULL;
1084 :
1085 0 : if (ask)
1086 : {
1087 0 : char *formatted = NULL;
1088 0 : char *ocodeset = i18n_switchto_utf8 ();
1089 :
1090 0 : if (!strncmp (want_sn, "D27600012401", 12)
1091 0 : && strlen (want_sn) == 32 )
1092 0 : formatted = xtryasprintf ("(%.4s) %.8s",
1093 : want_sn + 16, want_sn + 20);
1094 :
1095 0 : err = 0;
1096 0 : desc = xtryasprintf
1097 : ("%s:\n\n"
1098 : " \"%s\"",
1099 : ask == 1
1100 : ? _("Please insert the card with serial number")
1101 : : _("Please remove the current card and "
1102 : "insert the one with serial number"),
1103 : formatted? formatted : want_sn);
1104 0 : if (!desc)
1105 0 : err = gpg_error_from_syserror ();
1106 0 : xfree (formatted);
1107 0 : i18n_switchback (ocodeset);
1108 0 : if (!err)
1109 0 : err = gpg_agent_get_confirmation (desc);
1110 0 : xfree (desc);
1111 : }
1112 : }
1113 0 : while (ask && !err);
1114 0 : xfree (want_sn);
1115 : }
1116 :
1117 0 : return err;
1118 : }
1119 :
1120 :
1121 : �
1122 : /* Send a READCERT command to the SCdaemon. */
1123 : int
1124 0 : agent_scd_readcert (const char *certidstr,
1125 : void **r_buf, size_t *r_buflen)
1126 : {
1127 : int rc;
1128 : char line[ASSUAN_LINELENGTH];
1129 : membuf_t data;
1130 : size_t len;
1131 : struct default_inq_parm_s dfltparm;
1132 :
1133 0 : memset (&dfltparm, 0, sizeof dfltparm);
1134 :
1135 0 : *r_buf = NULL;
1136 0 : rc = start_agent (NULL, 1);
1137 0 : if (rc)
1138 0 : return rc;
1139 :
1140 0 : dfltparm.ctx = agent_ctx;
1141 :
1142 0 : init_membuf (&data, 2048);
1143 :
1144 0 : snprintf (line, DIM(line), "SCD READCERT %s", certidstr);
1145 0 : rc = assuan_transact (agent_ctx, line,
1146 : put_membuf_cb, &data,
1147 : default_inq_cb, &dfltparm,
1148 : NULL, NULL);
1149 0 : if (rc)
1150 : {
1151 0 : xfree (get_membuf (&data, &len));
1152 0 : return rc;
1153 : }
1154 0 : *r_buf = get_membuf (&data, r_buflen);
1155 0 : if (!*r_buf)
1156 0 : return gpg_error (GPG_ERR_ENOMEM);
1157 :
1158 0 : return 0;
1159 : }
1160 :
1161 :
1162 : �
1163 : /* Change the PIN of an OpenPGP card or reset the retry counter.
1164 : CHVNO 1: Change the PIN
1165 : 2: For v1 cards: Same as 1.
1166 : For v2 cards: Reset the PIN using the Reset Code.
1167 : 3: Change the admin PIN
1168 : 101: Set a new PIN and reset the retry counter
1169 : 102: For v1 cars: Same as 101.
1170 : For v2 cards: Set a new Reset Code.
1171 : SERIALNO is not used.
1172 : */
1173 : int
1174 0 : agent_scd_change_pin (int chvno, const char *serialno)
1175 : {
1176 : int rc;
1177 : char line[ASSUAN_LINELENGTH];
1178 0 : const char *reset = "";
1179 : struct default_inq_parm_s dfltparm;
1180 :
1181 0 : memset (&dfltparm, 0, sizeof dfltparm);
1182 :
1183 : (void)serialno;
1184 :
1185 0 : if (chvno >= 100)
1186 0 : reset = "--reset";
1187 0 : chvno %= 100;
1188 :
1189 0 : rc = start_agent (NULL, 1);
1190 0 : if (rc)
1191 0 : return rc;
1192 0 : dfltparm.ctx = agent_ctx;
1193 :
1194 0 : snprintf (line, DIM(line), "SCD PASSWD %s %d", reset, chvno);
1195 0 : rc = assuan_transact (agent_ctx, line,
1196 : NULL, NULL,
1197 : default_inq_cb, &dfltparm,
1198 : NULL, NULL);
1199 0 : status_sc_op_failure (rc);
1200 0 : return rc;
1201 : }
1202 :
1203 :
1204 : /* Perform a CHECKPIN operation. SERIALNO should be the serial
1205 : number of the card - optionally followed by the fingerprint;
1206 : however the fingerprint is ignored here. */
1207 : int
1208 0 : agent_scd_checkpin (const char *serialno)
1209 : {
1210 : int rc;
1211 : char line[ASSUAN_LINELENGTH];
1212 : struct default_inq_parm_s dfltparm;
1213 :
1214 0 : memset (&dfltparm, 0, sizeof dfltparm);
1215 :
1216 0 : rc = start_agent (NULL, 1);
1217 0 : if (rc)
1218 0 : return rc;
1219 0 : dfltparm.ctx = agent_ctx;
1220 :
1221 0 : snprintf (line, DIM(line), "SCD CHECKPIN %s", serialno);
1222 0 : rc = assuan_transact (agent_ctx, line,
1223 : NULL, NULL,
1224 : default_inq_cb, &dfltparm,
1225 : NULL, NULL);
1226 0 : status_sc_op_failure (rc);
1227 0 : return rc;
1228 : }
1229 :
1230 :
1231 : /* Dummy function, only used by the gpg 1.4 implementation. */
1232 : void
1233 0 : agent_clear_pin_cache (const char *sn)
1234 : {
1235 : (void)sn;
1236 0 : }
1237 :
1238 :
1239 :
1240 : �
1241 : /* Note: All strings shall be UTF-8. On success the caller needs to
1242 : free the string stored at R_PASSPHRASE. On error NULL will be
1243 : stored at R_PASSPHRASE and an appropriate fpf error code
1244 : returned. */
1245 : gpg_error_t
1246 0 : agent_get_passphrase (const char *cache_id,
1247 : const char *err_msg,
1248 : const char *prompt,
1249 : const char *desc_msg,
1250 : int repeat,
1251 : int check,
1252 : char **r_passphrase)
1253 : {
1254 : int rc;
1255 : char line[ASSUAN_LINELENGTH];
1256 0 : char *arg1 = NULL;
1257 0 : char *arg2 = NULL;
1258 0 : char *arg3 = NULL;
1259 0 : char *arg4 = NULL;
1260 : membuf_t data;
1261 : struct default_inq_parm_s dfltparm;
1262 :
1263 0 : memset (&dfltparm, 0, sizeof dfltparm);
1264 :
1265 0 : *r_passphrase = NULL;
1266 :
1267 0 : rc = start_agent (NULL, 0);
1268 0 : if (rc)
1269 0 : return rc;
1270 0 : dfltparm.ctx = agent_ctx;
1271 :
1272 : /* Check that the gpg-agent understands the repeat option. */
1273 0 : if (assuan_transact (agent_ctx,
1274 : "GETINFO cmd_has_option GET_PASSPHRASE repeat",
1275 : NULL, NULL, NULL, NULL, NULL, NULL))
1276 0 : return gpg_error (GPG_ERR_NOT_SUPPORTED);
1277 :
1278 0 : if (cache_id && *cache_id)
1279 0 : if (!(arg1 = percent_plus_escape (cache_id)))
1280 0 : goto no_mem;
1281 0 : if (err_msg && *err_msg)
1282 0 : if (!(arg2 = percent_plus_escape (err_msg)))
1283 0 : goto no_mem;
1284 0 : if (prompt && *prompt)
1285 0 : if (!(arg3 = percent_plus_escape (prompt)))
1286 0 : goto no_mem;
1287 0 : if (desc_msg && *desc_msg)
1288 0 : if (!(arg4 = percent_plus_escape (desc_msg)))
1289 0 : goto no_mem;
1290 :
1291 0 : snprintf (line, DIM(line),
1292 : "GET_PASSPHRASE --data --repeat=%d%s -- %s %s %s %s",
1293 : repeat,
1294 : check? " --check --qualitybar":"",
1295 : arg1? arg1:"X",
1296 : arg2? arg2:"X",
1297 : arg3? arg3:"X",
1298 : arg4? arg4:"X");
1299 0 : xfree (arg1);
1300 0 : xfree (arg2);
1301 0 : xfree (arg3);
1302 0 : xfree (arg4);
1303 :
1304 0 : init_membuf_secure (&data, 64);
1305 0 : rc = assuan_transact (agent_ctx, line,
1306 : put_membuf_cb, &data,
1307 : default_inq_cb, &dfltparm,
1308 : NULL, NULL);
1309 :
1310 0 : if (rc)
1311 0 : xfree (get_membuf (&data, NULL));
1312 : else
1313 : {
1314 0 : put_membuf (&data, "", 1);
1315 0 : *r_passphrase = get_membuf (&data, NULL);
1316 0 : if (!*r_passphrase)
1317 0 : rc = gpg_error_from_syserror ();
1318 : }
1319 0 : return rc;
1320 : no_mem:
1321 0 : rc = gpg_error_from_syserror ();
1322 0 : xfree (arg1);
1323 0 : xfree (arg2);
1324 0 : xfree (arg3);
1325 0 : xfree (arg4);
1326 0 : return rc;
1327 : }
1328 :
1329 :
1330 : gpg_error_t
1331 0 : agent_clear_passphrase (const char *cache_id)
1332 : {
1333 : int rc;
1334 : char line[ASSUAN_LINELENGTH];
1335 : struct default_inq_parm_s dfltparm;
1336 :
1337 0 : memset (&dfltparm, 0, sizeof dfltparm);
1338 :
1339 0 : if (!cache_id || !*cache_id)
1340 0 : return 0;
1341 :
1342 0 : rc = start_agent (NULL, 0);
1343 0 : if (rc)
1344 0 : return rc;
1345 0 : dfltparm.ctx = agent_ctx;
1346 :
1347 0 : snprintf (line, DIM(line), "CLEAR_PASSPHRASE %s", cache_id);
1348 0 : return assuan_transact (agent_ctx, line,
1349 : NULL, NULL,
1350 : default_inq_cb, &dfltparm,
1351 : NULL, NULL);
1352 : }
1353 :
1354 :
1355 : /* Ask the agent to pop up a confirmation dialog with the text DESC
1356 : and an okay and cancel button. */
1357 : gpg_error_t
1358 0 : gpg_agent_get_confirmation (const char *desc)
1359 : {
1360 : int rc;
1361 : char *tmp;
1362 : char line[ASSUAN_LINELENGTH];
1363 : struct default_inq_parm_s dfltparm;
1364 :
1365 0 : memset (&dfltparm, 0, sizeof dfltparm);
1366 :
1367 0 : rc = start_agent (NULL, 0);
1368 0 : if (rc)
1369 0 : return rc;
1370 0 : dfltparm.ctx = agent_ctx;
1371 :
1372 0 : tmp = percent_plus_escape (desc);
1373 0 : if (!tmp)
1374 0 : return gpg_error_from_syserror ();
1375 0 : snprintf (line, DIM(line), "GET_CONFIRMATION %s", tmp);
1376 0 : xfree (tmp);
1377 :
1378 0 : rc = assuan_transact (agent_ctx, line,
1379 : NULL, NULL,
1380 : default_inq_cb, &dfltparm,
1381 : NULL, NULL);
1382 0 : return rc;
1383 : }
1384 :
1385 :
1386 : /* Return the S2K iteration count as computed by gpg-agent. */
1387 : gpg_error_t
1388 3 : agent_get_s2k_count (unsigned long *r_count)
1389 : {
1390 : gpg_error_t err;
1391 : membuf_t data;
1392 : char *buf;
1393 :
1394 3 : *r_count = 0;
1395 :
1396 3 : err = start_agent (NULL, 0);
1397 3 : if (err)
1398 0 : return err;
1399 :
1400 3 : init_membuf (&data, 32);
1401 3 : err = assuan_transact (agent_ctx, "GETINFO s2k_count",
1402 : put_membuf_cb, &data,
1403 : NULL, NULL, NULL, NULL);
1404 3 : if (err)
1405 0 : xfree (get_membuf (&data, NULL));
1406 : else
1407 : {
1408 3 : put_membuf (&data, "", 1);
1409 3 : buf = get_membuf (&data, NULL);
1410 3 : if (!buf)
1411 0 : err = gpg_error_from_syserror ();
1412 : else
1413 : {
1414 3 : *r_count = strtoul (buf, NULL, 10);
1415 3 : xfree (buf);
1416 : }
1417 : }
1418 3 : return err;
1419 : }
1420 :
1421 :
1422 : �
1423 : /* Ask the agent whether a secret key for the given public key is
1424 : available. Returns 0 if available. */
1425 : gpg_error_t
1426 776 : agent_probe_secret_key (ctrl_t ctrl, PKT_public_key *pk)
1427 : {
1428 : gpg_error_t err;
1429 : char line[ASSUAN_LINELENGTH];
1430 : char *hexgrip;
1431 :
1432 776 : err = start_agent (ctrl, 0);
1433 776 : if (err)
1434 0 : return err;
1435 :
1436 776 : err = hexkeygrip_from_pk (pk, &hexgrip);
1437 776 : if (err)
1438 0 : return err;
1439 :
1440 776 : snprintf (line, sizeof line, "HAVEKEY %s", hexgrip);
1441 776 : xfree (hexgrip);
1442 :
1443 776 : err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
1444 776 : return err;
1445 : }
1446 :
1447 : /* Ask the agent whether a secret key is available for any of the
1448 : keys (primary or sub) in KEYBLOCK. Returns 0 if available. */
1449 : gpg_error_t
1450 420 : agent_probe_any_secret_key (ctrl_t ctrl, kbnode_t keyblock)
1451 : {
1452 : gpg_error_t err;
1453 : char line[ASSUAN_LINELENGTH];
1454 : char *p;
1455 : kbnode_t kbctx, node;
1456 : int nkeys;
1457 : unsigned char grip[20];
1458 :
1459 420 : err = start_agent (ctrl, 0);
1460 420 : if (err)
1461 0 : return err;
1462 :
1463 420 : err = gpg_error (GPG_ERR_NO_SECKEY); /* Just in case no key was
1464 : found in KEYBLOCK. */
1465 420 : p = stpcpy (line, "HAVEKEY");
1466 3362 : for (kbctx=NULL, nkeys=0; (node = walk_kbnode (keyblock, &kbctx, 0)); )
1467 2522 : if (node->pkt->pkttype == PKT_PUBLIC_KEY
1468 2102 : || node->pkt->pkttype == PKT_PUBLIC_SUBKEY
1469 1654 : || node->pkt->pkttype == PKT_SECRET_KEY
1470 1654 : || node->pkt->pkttype == PKT_SECRET_SUBKEY)
1471 : {
1472 868 : if (nkeys && ((p - line) + 41) > (ASSUAN_LINELENGTH - 2))
1473 : {
1474 0 : err = assuan_transact (agent_ctx, line,
1475 : NULL, NULL, NULL, NULL, NULL, NULL);
1476 0 : if (err != gpg_err_code (GPG_ERR_NO_SECKEY))
1477 0 : break; /* Seckey available or unexpected error - ready. */
1478 0 : p = stpcpy (line, "HAVEKEY");
1479 0 : nkeys = 0;
1480 : }
1481 :
1482 868 : err = keygrip_from_pk (node->pkt->pkt.public_key, grip);
1483 868 : if (err)
1484 0 : return err;
1485 868 : *p++ = ' ';
1486 868 : bin2hex (grip, 20, p);
1487 868 : p += 40;
1488 868 : nkeys++;
1489 : }
1490 :
1491 420 : if (!err && nkeys)
1492 420 : err = assuan_transact (agent_ctx, line,
1493 : NULL, NULL, NULL, NULL, NULL, NULL);
1494 :
1495 420 : return err;
1496 : }
1497 :
1498 :
1499 : �
1500 : struct keyinfo_data_parm_s
1501 : {
1502 : char *serialno;
1503 : int cleartext;
1504 : };
1505 :
1506 :
1507 : static gpg_error_t
1508 60 : keyinfo_status_cb (void *opaque, const char *line)
1509 : {
1510 60 : struct keyinfo_data_parm_s *data = opaque;
1511 : int is_smartcard;
1512 : char *s;
1513 :
1514 60 : if ((s = has_leading_keyword (line, "KEYINFO")) && data)
1515 : {
1516 : /* Parse the arguments:
1517 : * 0 1 2 3 4 5
1518 : * <keygrip> <type> <serialno> <idstr> <cached> <protection>
1519 : */
1520 : char *fields[6];
1521 :
1522 60 : if (split_fields (s, fields, DIM (fields)) == 6)
1523 : {
1524 60 : is_smartcard = (fields[1][0] == 'T');
1525 60 : if (is_smartcard && !data->serialno && strcmp (fields[2], "-"))
1526 0 : data->serialno = xtrystrdup (fields[2]);
1527 : /* 'P' for protected, 'C' for clear */
1528 60 : data->cleartext = (fields[5][0] == 'C');
1529 : }
1530 : }
1531 60 : return 0;
1532 : }
1533 :
1534 :
1535 : /* Return the serial number for a secret key. If the returned serial
1536 : number is NULL, the key is not stored on a smartcard. Caller needs
1537 : to free R_SERIALNO.
1538 :
1539 : if r_cleartext is not NULL, the referenced int will be set to 1 if
1540 : the agent's copy of the key is stored in the clear, or 0 otherwise
1541 : */
1542 : gpg_error_t
1543 60 : agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip,
1544 : char **r_serialno, int *r_cleartext)
1545 : {
1546 : gpg_error_t err;
1547 : char line[ASSUAN_LINELENGTH];
1548 : struct keyinfo_data_parm_s keyinfo;
1549 :
1550 60 : memset (&keyinfo, 0,sizeof keyinfo);
1551 :
1552 60 : *r_serialno = NULL;
1553 :
1554 60 : err = start_agent (ctrl, 0);
1555 60 : if (err)
1556 0 : return err;
1557 :
1558 60 : if (!hexkeygrip || strlen (hexkeygrip) != 40)
1559 0 : return gpg_error (GPG_ERR_INV_VALUE);
1560 :
1561 60 : snprintf (line, DIM(line), "KEYINFO %s", hexkeygrip);
1562 :
1563 60 : err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL,
1564 : keyinfo_status_cb, &keyinfo);
1565 60 : if (!err && keyinfo.serialno)
1566 : {
1567 : /* Sanity check for bad characters. */
1568 0 : if (strpbrk (keyinfo.serialno, ":\n\r"))
1569 0 : err = GPG_ERR_INV_VALUE;
1570 : }
1571 60 : if (err)
1572 0 : xfree (keyinfo.serialno);
1573 : else
1574 : {
1575 60 : *r_serialno = keyinfo.serialno;
1576 60 : if (r_cleartext)
1577 5 : *r_cleartext = keyinfo.cleartext;
1578 : }
1579 60 : return err;
1580 : }
1581 :
1582 : �
1583 : /* Status callback for agent_import_key, agent_export_key and
1584 : agent_genkey. */
1585 : static gpg_error_t
1586 423 : cache_nonce_status_cb (void *opaque, const char *line)
1587 : {
1588 423 : struct cache_nonce_parm_s *parm = opaque;
1589 : const char *s;
1590 :
1591 423 : if ((s = has_leading_keyword (line, "CACHE_NONCE")))
1592 : {
1593 4 : if (parm->cache_nonce_addr)
1594 : {
1595 4 : xfree (*parm->cache_nonce_addr);
1596 4 : *parm->cache_nonce_addr = xtrystrdup (s);
1597 : }
1598 : }
1599 419 : else if ((s = has_leading_keyword (line, "PASSWD_NONCE")))
1600 : {
1601 0 : if (parm->passwd_nonce_addr)
1602 : {
1603 0 : xfree (*parm->passwd_nonce_addr);
1604 0 : *parm->passwd_nonce_addr = xtrystrdup (s);
1605 : }
1606 : }
1607 419 : else if ((s = has_leading_keyword (line, "PROGRESS")))
1608 : {
1609 414 : if (opt.enable_progress_filter)
1610 0 : write_status_text (STATUS_PROGRESS, s);
1611 : }
1612 :
1613 423 : return 0;
1614 : }
1615 :
1616 :
1617 : �
1618 : /* Handle a KEYPARMS inquiry. Note, we only send the data,
1619 : assuan_transact takes care of flushing and writing the end */
1620 : static gpg_error_t
1621 8 : inq_genkey_parms (void *opaque, const char *line)
1622 : {
1623 8 : struct genkey_parm_s *parm = opaque;
1624 : gpg_error_t err;
1625 :
1626 8 : if (has_leading_keyword (line, "KEYPARAM"))
1627 : {
1628 10 : err = assuan_send_data (parm->dflt->ctx,
1629 5 : parm->keyparms, strlen (parm->keyparms));
1630 : }
1631 3 : else if (has_leading_keyword (line, "NEWPASSWD") && parm->passphrase)
1632 : {
1633 0 : err = assuan_send_data (parm->dflt->ctx,
1634 0 : parm->passphrase, strlen (parm->passphrase));
1635 : }
1636 : else
1637 3 : err = default_inq_cb (parm->dflt, line);
1638 :
1639 8 : return err;
1640 : }
1641 :
1642 :
1643 : /* Call the agent to generate a new key. KEYPARMS is the usual
1644 : S-expression giving the parameters of the key. gpg-agent passes it
1645 : gcry_pk_genkey. If NO_PROTECTION is true the agent is advised not
1646 : to protect the generated key. If NO_PROTECTION is not set and
1647 : PASSPHRASE is not NULL the agent is requested to protect the key
1648 : with that passphrase instead of asking for one. */
1649 : gpg_error_t
1650 5 : agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, char **passwd_nonce_addr,
1651 : const char *keyparms, int no_protection,
1652 : const char *passphrase, gcry_sexp_t *r_pubkey)
1653 : {
1654 : gpg_error_t err;
1655 : struct genkey_parm_s gk_parm;
1656 : struct cache_nonce_parm_s cn_parm;
1657 : struct default_inq_parm_s dfltparm;
1658 : membuf_t data;
1659 : size_t len;
1660 : unsigned char *buf;
1661 : char line[ASSUAN_LINELENGTH];
1662 :
1663 5 : memset (&dfltparm, 0, sizeof dfltparm);
1664 5 : dfltparm.ctrl = ctrl;
1665 :
1666 5 : *r_pubkey = NULL;
1667 5 : err = start_agent (ctrl, 0);
1668 5 : if (err)
1669 0 : return err;
1670 5 : dfltparm.ctx = agent_ctx;
1671 :
1672 5 : if (passwd_nonce_addr && *passwd_nonce_addr)
1673 : ; /* A RESET would flush the passwd nonce cache. */
1674 : else
1675 : {
1676 5 : err = assuan_transact (agent_ctx, "RESET",
1677 : NULL, NULL, NULL, NULL, NULL, NULL);
1678 5 : if (err)
1679 0 : return err;
1680 : }
1681 :
1682 5 : init_membuf (&data, 1024);
1683 5 : gk_parm.dflt = &dfltparm;
1684 5 : gk_parm.keyparms = keyparms;
1685 5 : gk_parm.passphrase = passphrase;
1686 9 : snprintf (line, sizeof line, "GENKEY%s%s%s%s%s",
1687 : no_protection? " --no-protection" :
1688 2 : passphrase ? " --inq-passwd" :
1689 : /* */ "",
1690 0 : passwd_nonce_addr && *passwd_nonce_addr? " --passwd-nonce=":"",
1691 0 : passwd_nonce_addr && *passwd_nonce_addr? *passwd_nonce_addr:"",
1692 5 : cache_nonce_addr && *cache_nonce_addr? " ":"",
1693 5 : cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"");
1694 5 : cn_parm.cache_nonce_addr = cache_nonce_addr;
1695 5 : cn_parm.passwd_nonce_addr = NULL;
1696 5 : err = assuan_transact (agent_ctx, line,
1697 : put_membuf_cb, &data,
1698 : inq_genkey_parms, &gk_parm,
1699 : cache_nonce_status_cb, &cn_parm);
1700 5 : if (err)
1701 : {
1702 0 : xfree (get_membuf (&data, &len));
1703 0 : return err;
1704 : }
1705 :
1706 5 : buf = get_membuf (&data, &len);
1707 5 : if (!buf)
1708 0 : err = gpg_error_from_syserror ();
1709 : else
1710 : {
1711 5 : err = gcry_sexp_sscan (r_pubkey, NULL, buf, len);
1712 5 : xfree (buf);
1713 : }
1714 5 : return err;
1715 : }
1716 :
1717 :
1718 : �
1719 : /* Call the agent to read the public key part for a given keygrip. If
1720 : FROMCARD is true, the key is directly read from the current
1721 : smartcard. In this case HEXKEYGRIP should be the keyID
1722 : (e.g. OPENPGP.3). */
1723 : gpg_error_t
1724 0 : agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
1725 : unsigned char **r_pubkey)
1726 : {
1727 : gpg_error_t err;
1728 : membuf_t data;
1729 : size_t len;
1730 : unsigned char *buf;
1731 : char line[ASSUAN_LINELENGTH];
1732 : struct default_inq_parm_s dfltparm;
1733 :
1734 0 : memset (&dfltparm, 0, sizeof dfltparm);
1735 0 : dfltparm.ctrl = ctrl;
1736 :
1737 0 : *r_pubkey = NULL;
1738 0 : err = start_agent (ctrl, 0);
1739 0 : if (err)
1740 0 : return err;
1741 0 : dfltparm.ctx = agent_ctx;
1742 :
1743 0 : err = assuan_transact (agent_ctx, "RESET",NULL, NULL, NULL, NULL, NULL, NULL);
1744 0 : if (err)
1745 0 : return err;
1746 :
1747 0 : snprintf (line, DIM(line), "READKEY %s%s", fromcard? "--card ":"",
1748 : hexkeygrip);
1749 :
1750 0 : init_membuf (&data, 1024);
1751 0 : err = assuan_transact (agent_ctx, line,
1752 : put_membuf_cb, &data,
1753 : default_inq_cb, &dfltparm,
1754 : NULL, NULL);
1755 0 : if (err)
1756 : {
1757 0 : xfree (get_membuf (&data, &len));
1758 0 : return err;
1759 : }
1760 0 : buf = get_membuf (&data, &len);
1761 0 : if (!buf)
1762 0 : return gpg_error_from_syserror ();
1763 0 : if (!gcry_sexp_canon_len (buf, len, NULL, NULL))
1764 : {
1765 0 : xfree (buf);
1766 0 : return gpg_error (GPG_ERR_INV_SEXP);
1767 : }
1768 0 : *r_pubkey = buf;
1769 0 : return 0;
1770 : }
1771 :
1772 :
1773 : �
1774 : /* Call the agent to do a sign operation using the key identified by
1775 : the hex string KEYGRIP. DESC is a description of the key to be
1776 : displayed if the agent needs to ask for the PIN. DIGEST and
1777 : DIGESTLEN is the hash value to sign and DIGESTALGO the algorithm id
1778 : used to compute the digest. If CACHE_NONCE is used the agent is
1779 : advised to first try a passphrase associated with that nonce. */
1780 : gpg_error_t
1781 141 : agent_pksign (ctrl_t ctrl, const char *cache_nonce,
1782 : const char *keygrip, const char *desc,
1783 : u32 *keyid, u32 *mainkeyid, int pubkey_algo,
1784 : unsigned char *digest, size_t digestlen, int digestalgo,
1785 : gcry_sexp_t *r_sigval)
1786 : {
1787 : gpg_error_t err;
1788 : char line[ASSUAN_LINELENGTH];
1789 : membuf_t data;
1790 : struct default_inq_parm_s dfltparm;
1791 :
1792 141 : memset (&dfltparm, 0, sizeof dfltparm);
1793 141 : dfltparm.ctrl = ctrl;
1794 141 : dfltparm.keyinfo.keyid = keyid;
1795 141 : dfltparm.keyinfo.mainkeyid = mainkeyid;
1796 141 : dfltparm.keyinfo.pubkey_algo = pubkey_algo;
1797 :
1798 141 : *r_sigval = NULL;
1799 141 : err = start_agent (ctrl, 0);
1800 141 : if (err)
1801 0 : return err;
1802 141 : dfltparm.ctx = agent_ctx;
1803 :
1804 141 : if (digestlen*2 + 50 > DIM(line))
1805 0 : return gpg_error (GPG_ERR_GENERAL);
1806 :
1807 141 : err = assuan_transact (agent_ctx, "RESET",
1808 : NULL, NULL, NULL, NULL, NULL, NULL);
1809 141 : if (err)
1810 0 : return err;
1811 :
1812 141 : snprintf (line, DIM(line), "SIGKEY %s", keygrip);
1813 141 : err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
1814 141 : if (err)
1815 0 : return err;
1816 :
1817 141 : if (desc)
1818 : {
1819 141 : snprintf (line, DIM(line), "SETKEYDESC %s", desc);
1820 141 : err = assuan_transact (agent_ctx, line,
1821 : NULL, NULL, NULL, NULL, NULL, NULL);
1822 141 : if (err)
1823 0 : return err;
1824 : }
1825 :
1826 141 : snprintf (line, sizeof line, "SETHASH %d ", digestalgo);
1827 141 : bin2hex (digest, digestlen, line + strlen (line));
1828 141 : err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
1829 141 : if (err)
1830 0 : return err;
1831 :
1832 141 : init_membuf (&data, 1024);
1833 :
1834 141 : snprintf (line, sizeof line, "PKSIGN%s%s",
1835 : cache_nonce? " -- ":"",
1836 : cache_nonce? cache_nonce:"");
1837 141 : err = assuan_transact (agent_ctx, line,
1838 : put_membuf_cb, &data,
1839 : default_inq_cb, &dfltparm,
1840 : NULL, NULL);
1841 141 : if (err)
1842 0 : xfree (get_membuf (&data, NULL));
1843 : else
1844 : {
1845 : unsigned char *buf;
1846 : size_t len;
1847 :
1848 141 : buf = get_membuf (&data, &len);
1849 141 : if (!buf)
1850 0 : err = gpg_error_from_syserror ();
1851 : else
1852 : {
1853 141 : err = gcry_sexp_sscan (r_sigval, NULL, buf, len);
1854 141 : xfree (buf);
1855 : }
1856 : }
1857 141 : return err;
1858 : }
1859 :
1860 :
1861 : �
1862 : /* Handle a CIPHERTEXT inquiry. Note, we only send the data,
1863 : assuan_transact takes care of flushing and writing the END. */
1864 : static gpg_error_t
1865 262 : inq_ciphertext_cb (void *opaque, const char *line)
1866 : {
1867 262 : struct cipher_parm_s *parm = opaque;
1868 : int rc;
1869 :
1870 262 : if (has_leading_keyword (line, "CIPHERTEXT"))
1871 : {
1872 262 : assuan_begin_confidential (parm->ctx);
1873 524 : rc = assuan_send_data (parm->dflt->ctx,
1874 262 : parm->ciphertext, parm->ciphertextlen);
1875 262 : assuan_end_confidential (parm->ctx);
1876 : }
1877 : else
1878 0 : rc = default_inq_cb (parm->dflt, line);
1879 :
1880 262 : return rc;
1881 : }
1882 :
1883 :
1884 : /* Check whether there is any padding info from the agent. */
1885 : static gpg_error_t
1886 262 : padding_info_cb (void *opaque, const char *line)
1887 : {
1888 262 : int *r_padding = opaque;
1889 : const char *s;
1890 :
1891 262 : if ((s=has_leading_keyword (line, "PADDING")))
1892 : {
1893 0 : *r_padding = atoi (s);
1894 : }
1895 :
1896 262 : return 0;
1897 : }
1898 :
1899 :
1900 : /* Call the agent to do a decrypt operation using the key identified
1901 : by the hex string KEYGRIP and the input data S_CIPHERTEXT. On the
1902 : success the decoded value is stored verbatim at R_BUF and its
1903 : length at R_BUF; the callers needs to release it. KEYID, MAINKEYID
1904 : and PUBKEY_ALGO are used to construct additional promots or status
1905 : messages. The padding information is stored at R_PADDING with -1
1906 : for not known. */
1907 : gpg_error_t
1908 262 : agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
1909 : u32 *keyid, u32 *mainkeyid, int pubkey_algo,
1910 : gcry_sexp_t s_ciphertext,
1911 : unsigned char **r_buf, size_t *r_buflen, int *r_padding)
1912 : {
1913 : gpg_error_t err;
1914 : char line[ASSUAN_LINELENGTH];
1915 : membuf_t data;
1916 : size_t n, len;
1917 : char *p, *buf, *endp;
1918 : struct default_inq_parm_s dfltparm;
1919 :
1920 262 : memset (&dfltparm, 0, sizeof dfltparm);
1921 262 : dfltparm.ctrl = ctrl;
1922 262 : dfltparm.keyinfo.keyid = keyid;
1923 262 : dfltparm.keyinfo.mainkeyid = mainkeyid;
1924 262 : dfltparm.keyinfo.pubkey_algo = pubkey_algo;
1925 :
1926 262 : if (!keygrip || strlen(keygrip) != 40
1927 262 : || !s_ciphertext || !r_buf || !r_buflen || !r_padding)
1928 0 : return gpg_error (GPG_ERR_INV_VALUE);
1929 :
1930 262 : *r_buf = NULL;
1931 262 : *r_padding = -1;
1932 :
1933 262 : err = start_agent (ctrl, 0);
1934 262 : if (err)
1935 0 : return err;
1936 262 : dfltparm.ctx = agent_ctx;
1937 :
1938 262 : err = assuan_transact (agent_ctx, "RESET",
1939 : NULL, NULL, NULL, NULL, NULL, NULL);
1940 262 : if (err)
1941 0 : return err;
1942 :
1943 262 : snprintf (line, sizeof line, "SETKEY %s", keygrip);
1944 262 : err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
1945 262 : if (err)
1946 0 : return err;
1947 :
1948 262 : if (desc)
1949 : {
1950 262 : snprintf (line, DIM(line), "SETKEYDESC %s", desc);
1951 262 : err = assuan_transact (agent_ctx, line,
1952 : NULL, NULL, NULL, NULL, NULL, NULL);
1953 262 : if (err)
1954 0 : return err;
1955 : }
1956 :
1957 262 : init_membuf_secure (&data, 1024);
1958 : {
1959 : struct cipher_parm_s parm;
1960 :
1961 262 : parm.dflt = &dfltparm;
1962 262 : parm.ctx = agent_ctx;
1963 262 : err = make_canon_sexp (s_ciphertext, &parm.ciphertext, &parm.ciphertextlen);
1964 262 : if (err)
1965 0 : return err;
1966 262 : err = assuan_transact (agent_ctx, "PKDECRYPT",
1967 : put_membuf_cb, &data,
1968 : inq_ciphertext_cb, &parm,
1969 : padding_info_cb, r_padding);
1970 262 : xfree (parm.ciphertext);
1971 : }
1972 262 : if (err)
1973 : {
1974 0 : xfree (get_membuf (&data, &len));
1975 0 : return err;
1976 : }
1977 :
1978 262 : put_membuf (&data, "", 1); /* Make sure it is 0 terminated. */
1979 262 : buf = get_membuf (&data, &len);
1980 262 : if (!buf)
1981 0 : return gpg_error_from_syserror ();
1982 262 : log_assert (len); /* (we forced Nul termination.) */
1983 :
1984 262 : if (*buf != '(')
1985 : {
1986 0 : xfree (buf);
1987 0 : return gpg_error (GPG_ERR_INV_SEXP);
1988 : }
1989 :
1990 262 : if (len < 13 || memcmp (buf, "(5:value", 8) ) /* "(5:valueN:D)\0" */
1991 : {
1992 0 : xfree (buf);
1993 0 : return gpg_error (GPG_ERR_INV_SEXP);
1994 : }
1995 262 : len -= 10; /* Count only the data of the second part. */
1996 262 : p = buf + 8; /* Skip leading parenthesis and the value tag. */
1997 :
1998 262 : n = strtoul (p, &endp, 10);
1999 262 : if (!n || *endp != ':')
2000 : {
2001 0 : xfree (buf);
2002 0 : return gpg_error (GPG_ERR_INV_SEXP);
2003 : }
2004 262 : endp++;
2005 262 : if (endp-p+n > len)
2006 : {
2007 0 : xfree (buf);
2008 0 : return gpg_error (GPG_ERR_INV_SEXP); /* Oops: Inconsistent S-Exp. */
2009 : }
2010 :
2011 262 : memmove (buf, endp, n);
2012 :
2013 262 : *r_buflen = n;
2014 262 : *r_buf = buf;
2015 262 : return 0;
2016 : }
2017 :
2018 :
2019 : �
2020 : /* Retrieve a key encryption key from the agent. With FOREXPORT true
2021 : the key shall be used for export, with false for import. On success
2022 : the new key is stored at R_KEY and its length at R_KEKLEN. */
2023 : gpg_error_t
2024 21 : agent_keywrap_key (ctrl_t ctrl, int forexport, void **r_kek, size_t *r_keklen)
2025 : {
2026 : gpg_error_t err;
2027 : membuf_t data;
2028 : size_t len;
2029 : unsigned char *buf;
2030 : char line[ASSUAN_LINELENGTH];
2031 : struct default_inq_parm_s dfltparm;
2032 :
2033 21 : memset (&dfltparm, 0, sizeof dfltparm);
2034 21 : dfltparm.ctrl = ctrl;
2035 :
2036 21 : *r_kek = NULL;
2037 21 : err = start_agent (ctrl, 0);
2038 21 : if (err)
2039 0 : return err;
2040 21 : dfltparm.ctx = agent_ctx;
2041 :
2042 21 : snprintf (line, DIM(line), "KEYWRAP_KEY %s",
2043 : forexport? "--export":"--import");
2044 :
2045 21 : init_membuf_secure (&data, 64);
2046 21 : err = assuan_transact (agent_ctx, line,
2047 : put_membuf_cb, &data,
2048 : default_inq_cb, &dfltparm,
2049 : NULL, NULL);
2050 21 : if (err)
2051 : {
2052 0 : xfree (get_membuf (&data, &len));
2053 0 : return err;
2054 : }
2055 21 : buf = get_membuf (&data, &len);
2056 21 : if (!buf)
2057 0 : return gpg_error_from_syserror ();
2058 21 : *r_kek = buf;
2059 21 : *r_keklen = len;
2060 21 : return 0;
2061 : }
2062 :
2063 :
2064 : �
2065 : /* Handle the inquiry for an IMPORT_KEY command. */
2066 : static gpg_error_t
2067 33 : inq_import_key_parms (void *opaque, const char *line)
2068 : {
2069 33 : struct import_key_parm_s *parm = opaque;
2070 : gpg_error_t err;
2071 :
2072 33 : if (has_leading_keyword (line, "KEYDATA"))
2073 : {
2074 33 : err = assuan_send_data (parm->dflt->ctx, parm->key, parm->keylen);
2075 : }
2076 : else
2077 0 : err = default_inq_cb (parm->dflt, line);
2078 :
2079 33 : return err;
2080 : }
2081 :
2082 :
2083 : /* Call the agent to import a key into the agent. */
2084 : gpg_error_t
2085 33 : agent_import_key (ctrl_t ctrl, const char *desc, char **cache_nonce_addr,
2086 : const void *key, size_t keylen, int unattended, int force)
2087 : {
2088 : gpg_error_t err;
2089 : struct import_key_parm_s parm;
2090 : struct cache_nonce_parm_s cn_parm;
2091 : char line[ASSUAN_LINELENGTH];
2092 : struct default_inq_parm_s dfltparm;
2093 :
2094 33 : memset (&dfltparm, 0, sizeof dfltparm);
2095 33 : dfltparm.ctrl = ctrl;
2096 :
2097 33 : err = start_agent (ctrl, 0);
2098 33 : if (err)
2099 0 : return err;
2100 33 : dfltparm.ctx = agent_ctx;
2101 :
2102 33 : if (desc)
2103 : {
2104 33 : snprintf (line, DIM(line), "SETKEYDESC %s", desc);
2105 33 : err = assuan_transact (agent_ctx, line,
2106 : NULL, NULL, NULL, NULL, NULL, NULL);
2107 33 : if (err)
2108 0 : return err;
2109 : }
2110 :
2111 33 : parm.dflt = &dfltparm;
2112 33 : parm.key = key;
2113 33 : parm.keylen = keylen;
2114 :
2115 33 : snprintf (line, sizeof line, "IMPORT_KEY%s%s%s%s",
2116 : unattended? " --unattended":"",
2117 : force? " --force":"",
2118 33 : cache_nonce_addr && *cache_nonce_addr? " ":"",
2119 33 : cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"");
2120 33 : cn_parm.cache_nonce_addr = cache_nonce_addr;
2121 33 : cn_parm.passwd_nonce_addr = NULL;
2122 33 : err = assuan_transact (agent_ctx, line,
2123 : NULL, NULL,
2124 : inq_import_key_parms, &parm,
2125 : cache_nonce_status_cb, &cn_parm);
2126 33 : return err;
2127 : }
2128 :
2129 :
2130 : �
2131 : /* Receive a secret key from the agent. HEXKEYGRIP is the hexified
2132 : keygrip, DESC a prompt to be displayed with the agent's passphrase
2133 : question (needs to be plus+percent escaped). if OPENPGP_PROTECTED
2134 : is not zero, ensure that the key material is returned in RFC
2135 : 4880-compatible passphrased-protected form. If CACHE_NONCE_ADDR is
2136 : not NULL the agent is advised to first try a passphrase associated
2137 : with that nonce. On success the key is stored as a canonical
2138 : S-expression at R_RESULT and R_RESULTLEN. */
2139 : gpg_error_t
2140 5 : agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
2141 : int openpgp_protected, char **cache_nonce_addr,
2142 : unsigned char **r_result, size_t *r_resultlen)
2143 : {
2144 : gpg_error_t err;
2145 : struct cache_nonce_parm_s cn_parm;
2146 : membuf_t data;
2147 : size_t len;
2148 : unsigned char *buf;
2149 : char line[ASSUAN_LINELENGTH];
2150 : struct default_inq_parm_s dfltparm;
2151 :
2152 5 : memset (&dfltparm, 0, sizeof dfltparm);
2153 5 : dfltparm.ctrl = ctrl;
2154 :
2155 5 : *r_result = NULL;
2156 :
2157 5 : err = start_agent (ctrl, 0);
2158 5 : if (err)
2159 0 : return err;
2160 5 : dfltparm.ctx = agent_ctx;
2161 :
2162 5 : if (desc)
2163 : {
2164 5 : snprintf (line, DIM(line), "SETKEYDESC %s", desc);
2165 5 : err = assuan_transact (agent_ctx, line,
2166 : NULL, NULL, NULL, NULL, NULL, NULL);
2167 5 : if (err)
2168 0 : return err;
2169 : }
2170 :
2171 7 : snprintf (line, DIM(line), "EXPORT_KEY %s%s%s %s",
2172 : openpgp_protected ? "--openpgp ":"",
2173 5 : cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
2174 5 : cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
2175 : hexkeygrip);
2176 :
2177 5 : init_membuf_secure (&data, 1024);
2178 5 : cn_parm.cache_nonce_addr = cache_nonce_addr;
2179 5 : cn_parm.passwd_nonce_addr = NULL;
2180 5 : err = assuan_transact (agent_ctx, line,
2181 : put_membuf_cb, &data,
2182 : default_inq_cb, &dfltparm,
2183 : cache_nonce_status_cb, &cn_parm);
2184 5 : if (err)
2185 : {
2186 0 : xfree (get_membuf (&data, &len));
2187 0 : return err;
2188 : }
2189 5 : buf = get_membuf (&data, &len);
2190 5 : if (!buf)
2191 0 : return gpg_error_from_syserror ();
2192 5 : *r_result = buf;
2193 5 : *r_resultlen = len;
2194 5 : return 0;
2195 : }
2196 :
2197 :
2198 : �
2199 : /* Ask the agent to delete the key identified by HEXKEYGRIP. If DESC
2200 : is not NULL, display DESC instead of the default description
2201 : message. If FORCE is true the agent is advised not to ask for
2202 : confirmation. */
2203 : gpg_error_t
2204 0 : agent_delete_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
2205 : int force)
2206 : {
2207 : gpg_error_t err;
2208 : char line[ASSUAN_LINELENGTH];
2209 : struct default_inq_parm_s dfltparm;
2210 :
2211 0 : memset (&dfltparm, 0, sizeof dfltparm);
2212 0 : dfltparm.ctrl = ctrl;
2213 :
2214 0 : err = start_agent (ctrl, 0);
2215 0 : if (err)
2216 0 : return err;
2217 :
2218 0 : if (!hexkeygrip || strlen (hexkeygrip) != 40)
2219 0 : return gpg_error (GPG_ERR_INV_VALUE);
2220 :
2221 0 : if (desc)
2222 : {
2223 0 : snprintf (line, DIM(line), "SETKEYDESC %s", desc);
2224 0 : err = assuan_transact (agent_ctx, line,
2225 : NULL, NULL, NULL, NULL, NULL, NULL);
2226 0 : if (err)
2227 0 : return err;
2228 : }
2229 :
2230 0 : snprintf (line, DIM(line), "DELETE_KEY%s %s",
2231 : force? " --force":"", hexkeygrip);
2232 0 : err = assuan_transact (agent_ctx, line, NULL, NULL,
2233 : default_inq_cb, &dfltparm,
2234 : NULL, NULL);
2235 0 : return err;
2236 : }
2237 :
2238 :
2239 : �
2240 : /* Ask the agent to change the passphrase of the key identified by
2241 : * HEXKEYGRIP. If DESC is not NULL, display DESC instead of the
2242 : * default description message. If CACHE_NONCE_ADDR is not NULL the
2243 : * agent is advised to first try a passphrase associated with that
2244 : * nonce. If PASSWD_NONCE_ADDR is not NULL the agent will try to use
2245 : * the passphrase associated with that nonce for the new passphrase.
2246 : * If VERIFY is true the passphrase is only verified. */
2247 : gpg_error_t
2248 0 : agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, int verify,
2249 : char **cache_nonce_addr, char **passwd_nonce_addr)
2250 : {
2251 : gpg_error_t err;
2252 : struct cache_nonce_parm_s cn_parm;
2253 : char line[ASSUAN_LINELENGTH];
2254 : struct default_inq_parm_s dfltparm;
2255 :
2256 0 : memset (&dfltparm, 0, sizeof dfltparm);
2257 0 : dfltparm.ctrl = ctrl;
2258 :
2259 0 : err = start_agent (ctrl, 0);
2260 0 : if (err)
2261 0 : return err;
2262 0 : dfltparm.ctx = agent_ctx;
2263 :
2264 0 : if (!hexkeygrip || strlen (hexkeygrip) != 40)
2265 0 : return gpg_error (GPG_ERR_INV_VALUE);
2266 :
2267 0 : if (desc)
2268 : {
2269 0 : snprintf (line, DIM(line), "SETKEYDESC %s", desc);
2270 0 : err = assuan_transact (agent_ctx, line,
2271 : NULL, NULL, NULL, NULL, NULL, NULL);
2272 0 : if (err)
2273 0 : return err;
2274 : }
2275 :
2276 0 : if (verify)
2277 0 : snprintf (line, DIM(line), "PASSWD %s%s --verify %s",
2278 0 : cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
2279 0 : cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
2280 : hexkeygrip);
2281 : else
2282 0 : snprintf (line, DIM(line), "PASSWD %s%s %s%s %s",
2283 0 : cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
2284 0 : cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
2285 0 : passwd_nonce_addr && *passwd_nonce_addr? "--passwd-nonce=":"",
2286 0 : passwd_nonce_addr && *passwd_nonce_addr? *passwd_nonce_addr:"",
2287 : hexkeygrip);
2288 0 : cn_parm.cache_nonce_addr = cache_nonce_addr;
2289 0 : cn_parm.passwd_nonce_addr = passwd_nonce_addr;
2290 0 : err = assuan_transact (agent_ctx, line, NULL, NULL,
2291 : default_inq_cb, &dfltparm,
2292 : cache_nonce_status_cb, &cn_parm);
2293 0 : return err;
2294 : }
2295 :
2296 :
2297 : /* Return the version reported by gpg-agent. */
2298 : gpg_error_t
2299 3 : agent_get_version (ctrl_t ctrl, char **r_version)
2300 : {
2301 : gpg_error_t err;
2302 :
2303 3 : err = start_agent (ctrl, 0);
2304 3 : if (err)
2305 0 : return err;
2306 :
2307 3 : err = get_assuan_server_version (agent_ctx, 0, r_version);
2308 3 : return err;
2309 : }
|
