1 /* call-agent.c - Divert GPG operations to the agent.
2 * Copyright (C) 2001-2003, 2006-2011, 2013 Free Software Foundation, Inc.
3 * Copyright (C) 2013-2015 Werner Koch
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
34 #include "../common/util.h"
35 #include "../common/membuf.h"
37 #include "../common/i18n.h"
38 #include "../common/asshelp.h"
39 #include "../common/sysutils.h"
40 #include "call-agent.h"
41 #include "../common/status.h"
42 #include "../common/shareddefs.h"
43 #include "../common/host2net.h"
45 #define CONTROL_D ('D' - 'A' + 1)
48 static assuan_context_t agent_ctx = NULL;
49 static int did_early_card_test;
51 struct default_inq_parm_s
64 struct default_inq_parm_s *dflt;
66 unsigned char *ciphertext;
70 struct writecert_parm_s
72 struct default_inq_parm_s *dflt;
73 const unsigned char *certdata;
77 struct writekey_parm_s
79 struct default_inq_parm_s *dflt;
80 const unsigned char *keydata;
86 struct default_inq_parm_s *dflt;
88 const char *passphrase;
91 struct import_key_parm_s
93 struct default_inq_parm_s *dflt;
99 struct cache_nonce_parm_s
101 char **cache_nonce_addr;
102 char **passwd_nonce_addr;
106 static gpg_error_t learn_status_cb (void *opaque, const char *line);
110 /* If RC is not 0, write an appropriate status message. */
112 status_sc_op_failure (int rc)
114 switch (gpg_err_code (rc))
118 case GPG_ERR_CANCELED:
119 case GPG_ERR_FULLY_CANCELED:
120 write_status_text (STATUS_SC_OP_FAILURE, "1");
122 case GPG_ERR_BAD_PIN:
123 write_status_text (STATUS_SC_OP_FAILURE, "2");
126 write_status (STATUS_SC_OP_FAILURE);
132 /* This is the default inquiry callback. It mainly handles the
133 Pinentry notifications. */
135 default_inq_cb (void *opaque, const char *line)
138 struct default_inq_parm_s *parm = opaque;
140 if (has_leading_keyword (line, "PINENTRY_LAUNCHED"))
142 err = gpg_proxy_pinentry_notify (parm->ctrl, line);
144 log_error (_("failed to proxy %s inquiry to client\n"),
145 "PINENTRY_LAUNCHED");
146 /* We do not pass errors to avoid breaking other code. */
148 else if ((has_leading_keyword (line, "PASSPHRASE")
149 || has_leading_keyword (line, "NEW_PASSPHRASE"))
150 && opt.pinentry_mode == PINENTRY_MODE_LOOPBACK)
152 if (have_static_passphrase ())
154 const char *s = get_static_passphrase ();
155 err = assuan_send_data (parm->ctx, s, strlen (s));
162 if (parm->keyinfo.keyid)
163 emit_status_need_passphrase (parm->ctrl,
165 parm->keyinfo.mainkeyid,
166 parm->keyinfo.pubkey_algo);
168 snprintf (buf, sizeof (buf), "%u", 100);
169 write_status_text (STATUS_INQUIRE_MAXLEN, buf);
170 pw = cpr_get_hidden ("passphrase.enter", _("Enter passphrase: "));
172 if (*pw == CONTROL_D && !pw[1])
173 err = gpg_error (GPG_ERR_CANCELED);
175 err = assuan_send_data (parm->ctx, pw, strlen (pw));
180 log_debug ("ignoring gpg-agent inquiry '%s'\n", line);
186 /* Print a warning if the server's version number is less than our
187 version number. Returns an error code on a connection problem. */
189 warn_version_mismatch (assuan_context_t ctx, const char *servername, int mode)
193 const char *myversion = strusage (13);
195 err = get_assuan_server_version (ctx, mode, &serverversion);
197 log_log (gpg_err_code (err) == GPG_ERR_NOT_SUPPORTED?
198 GPGRT_LOG_INFO : GPGRT_LOG_ERROR,
199 _("error getting version from '%s': %s\n"),
200 servername, gpg_strerror (err));
201 else if (compare_version_strings (serverversion, myversion) < 0)
205 warn = xtryasprintf (_("server '%s' is older than us (%s < %s)"),
206 servername, serverversion, myversion);
208 err = gpg_error_from_syserror ();
211 log_info (_("WARNING: %s\n"), warn);
214 log_info (_("Note: Outdated servers may lack important"
215 " security fixes.\n"));
216 log_info (_("Note: Use the command \"%s\" to restart them.\n"),
217 "gpgconf --kill all");
219 write_status_strings (STATUS_WARNING, "server_version_mismatch 0",
224 xfree (serverversion);
229 #define FLAG_FOR_CARD_SUPPRESS_ERRORS 2
231 /* Try to connect to the agent via socket or fork it off and work by
232 pipes. Handle the server's initial greeting */
234 start_agent (ctrl_t ctrl, int flag_for_card)
238 (void)ctrl; /* Not yet used. */
240 /* Fixme: We need a context for each thread or serialize the access
246 rc = start_new_gpg_agent (&agent_ctx,
247 GPG_ERR_SOURCE_DEFAULT,
249 opt.lc_ctype, opt.lc_messages,
251 opt.autostart, opt.verbose, DBG_IPC,
253 if (!opt.autostart && gpg_err_code (rc) == GPG_ERR_NO_AGENT)
260 log_info (_("no gpg-agent running in this session\n"));
264 && !(rc = warn_version_mismatch (agent_ctx, GPG_AGENT_NAME, 0)))
266 /* Tell the agent that we support Pinentry notifications.
267 No error checking so that it will work also with older
269 assuan_transact (agent_ctx, "OPTION allow-pinentry-notify",
270 NULL, NULL, NULL, NULL, NULL, NULL);
271 /* Tell the agent about what version we are aware. This is
272 here used to indirectly enable GPG_ERR_FULLY_CANCELED. */
273 assuan_transact (agent_ctx, "OPTION agent-awareness=2.1.0",
274 NULL, NULL, NULL, NULL, NULL, NULL);
275 /* Pass on the pinentry mode. */
276 if (opt.pinentry_mode)
278 char *tmp = xasprintf ("OPTION pinentry-mode=%s",
279 str_pinentry_mode (opt.pinentry_mode));
280 rc = assuan_transact (agent_ctx, tmp,
281 NULL, NULL, NULL, NULL, NULL, NULL);
285 log_error ("setting pinentry mode '%s' failed: %s\n",
286 str_pinentry_mode (opt.pinentry_mode),
288 write_status_error ("set_pinentry_mode", rc);
292 /* In DE_VS mode under Windows we require that the JENT RNG
294 #ifdef HAVE_W32_SYSTEM
295 if (!rc && opt.compliance == CO_DE_VS)
297 if (assuan_transact (agent_ctx, "GETINFO jent_active",
298 NULL, NULL, NULL, NULL, NULL, NULL))
300 rc = gpg_error (GPG_ERR_FORBIDDEN);
301 log_error (_("%s is not compliant with %s mode\n"),
303 gnupg_compliance_option_string (opt.compliance));
304 write_status_error ("random-compliance", rc);
307 #endif /*HAVE_W32_SYSTEM*/
312 if (!rc && flag_for_card && !did_early_card_test)
314 /* Request the serial number of the card for an early test. */
315 struct agent_card_info_s info;
317 memset (&info, 0, sizeof info);
319 if (!(flag_for_card & FLAG_FOR_CARD_SUPPRESS_ERRORS))
320 rc = warn_version_mismatch (agent_ctx, SCDAEMON_NAME, 2);
322 rc = assuan_transact (agent_ctx, "SCD SERIALNO openpgp",
323 NULL, NULL, NULL, NULL,
324 learn_status_cb, &info);
325 if (rc && !(flag_for_card & FLAG_FOR_CARD_SUPPRESS_ERRORS))
327 switch (gpg_err_code (rc))
329 case GPG_ERR_NOT_SUPPORTED:
330 case GPG_ERR_NO_SCDAEMON:
331 write_status_text (STATUS_CARDCTRL, "6");
333 case GPG_ERR_OBJ_TERM_STATE:
334 write_status_text (STATUS_CARDCTRL, "7");
337 write_status_text (STATUS_CARDCTRL, "4");
338 log_info ("selecting openpgp failed: %s\n", gpg_strerror (rc));
343 if (!rc && is_status_enabled () && info.serialno)
347 buf = xasprintf ("3 %s", info.serialno);
348 write_status_text (STATUS_CARDCTRL, buf);
352 agent_release_card_info (&info);
355 did_early_card_test = 1;
363 /* Return a new malloced string by unescaping the string S. Escaping
364 is percent escaping and '+'/space mapping. A binary nul will
365 silently be replaced by a 0xFF. Function returns NULL to indicate
366 an out of memory status. */
368 unescape_status_string (const unsigned char *s)
370 return percent_plus_unescape (s, 0xff);
374 /* Take a 20 byte hexencoded string and put it into the provided
375 20 byte buffer FPR in binary format. */
377 unhexify_fpr (const char *hexstr, unsigned char *fpr)
382 for (s=hexstr, n=0; hexdigitp (s); s++, n++)
385 return 0; /* no fingerprint (invalid or wrong length). */
386 for (s=hexstr, n=0; *s; s += 2, n++)
391 /* Take the serial number from LINE and return it verbatim in a newly
392 allocated string. We make sure that only hex characters are
395 store_serialno (const char *line)
400 for (s=line; hexdigitp (s); s++)
402 p = xtrymalloc (s + 1 - line);
405 memcpy (p, line, s-line);
413 /* This is a dummy data line callback. */
415 dummy_data_cb (void *opaque, const void *buffer, size_t length)
423 /* A simple callback used to return the serialnumber of a card. */
425 get_serialno_cb (void *opaque, const char *line)
427 char **serialno = opaque;
428 const char *keyword = line;
432 for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
434 while (spacep (line))
437 if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
440 return gpg_error (GPG_ERR_CONFLICT); /* Unexpected status line. */
441 for (n=0,s=line; hexdigitp (s); s++, n++)
443 if (!n || (n&1)|| !(spacep (s) || !*s) )
444 return gpg_error (GPG_ERR_ASS_PARAMETER);
445 *serialno = xtrymalloc (n+1);
447 return out_of_core ();
448 memcpy (*serialno, line, n);
457 /* Release the card info structure INFO. */
459 agent_release_card_info (struct agent_card_info_s *info)
466 xfree (info->reader); info->reader = NULL;
467 xfree (info->serialno); info->serialno = NULL;
468 xfree (info->apptype); info->apptype = NULL;
469 xfree (info->disp_name); info->disp_name = NULL;
470 xfree (info->disp_lang); info->disp_lang = NULL;
471 xfree (info->pubkey_url); info->pubkey_url = NULL;
472 xfree (info->login_data); info->login_data = NULL;
473 info->cafpr1valid = info->cafpr2valid = info->cafpr3valid = 0;
474 info->fpr1valid = info->fpr2valid = info->fpr3valid = 0;
475 for (i=0; i < DIM(info->private_do); i++)
477 xfree (info->private_do[i]);
478 info->private_do[i] = NULL;
484 learn_status_cb (void *opaque, const char *line)
486 struct agent_card_info_s *parm = opaque;
487 const char *keyword = line;
491 for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
493 while (spacep (line))
496 if (keywordlen == 6 && !memcmp (keyword, "READER", keywordlen))
498 xfree (parm->reader);
499 parm->reader = unescape_status_string (line);
501 else if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
503 xfree (parm->serialno);
504 parm->serialno = store_serialno (line);
505 parm->is_v2 = (strlen (parm->serialno) >= 16
506 && xtoi_2 (parm->serialno+12) >= 2 );
508 else if (keywordlen == 7 && !memcmp (keyword, "APPTYPE", keywordlen))
510 xfree (parm->apptype);
511 parm->apptype = unescape_status_string (line);
513 else if (keywordlen == 9 && !memcmp (keyword, "DISP-NAME", keywordlen))
515 xfree (parm->disp_name);
516 parm->disp_name = unescape_status_string (line);
518 else if (keywordlen == 9 && !memcmp (keyword, "DISP-LANG", keywordlen))
520 xfree (parm->disp_lang);
521 parm->disp_lang = unescape_status_string (line);
523 else if (keywordlen == 8 && !memcmp (keyword, "DISP-SEX", keywordlen))
525 parm->disp_sex = *line == '1'? 1 : *line == '2' ? 2: 0;
527 else if (keywordlen == 10 && !memcmp (keyword, "PUBKEY-URL", keywordlen))
529 xfree (parm->pubkey_url);
530 parm->pubkey_url = unescape_status_string (line);
532 else if (keywordlen == 10 && !memcmp (keyword, "LOGIN-DATA", keywordlen))
534 xfree (parm->login_data);
535 parm->login_data = unescape_status_string (line);
537 else if (keywordlen == 11 && !memcmp (keyword, "SIG-COUNTER", keywordlen))
539 parm->sig_counter = strtoul (line, NULL, 0);
541 else if (keywordlen == 10 && !memcmp (keyword, "CHV-STATUS", keywordlen))
545 buf = p = unescape_status_string (line);
550 parm->chv1_cached = atoi (p);
551 while (*p && !spacep (p))
555 for (i=0; *p && i < 3; i++)
557 parm->chvmaxlen[i] = atoi (p);
558 while (*p && !spacep (p))
563 for (i=0; *p && i < 3; i++)
565 parm->chvretry[i] = atoi (p);
566 while (*p && !spacep (p))
574 else if (keywordlen == 6 && !memcmp (keyword, "EXTCAP", keywordlen))
579 buf = p = unescape_status_string (line);
582 for (p = strtok (buf, " "); p; p = strtok (NULL, " "))
584 p2 = strchr (p, '=');
588 abool = (*p2 == '1');
589 if (!strcmp (p, "ki"))
590 parm->extcap.ki = abool;
591 else if (!strcmp (p, "aac"))
592 parm->extcap.aac = abool;
593 else if (!strcmp (p, "si"))
594 parm->status_indicator = strtoul (p2, NULL, 10);
600 else if (keywordlen == 7 && !memcmp (keyword, "KEY-FPR", keywordlen))
602 int no = atoi (line);
603 while (*line && !spacep (line))
605 while (spacep (line))
608 parm->fpr1valid = unhexify_fpr (line, parm->fpr1);
610 parm->fpr2valid = unhexify_fpr (line, parm->fpr2);
612 parm->fpr3valid = unhexify_fpr (line, parm->fpr3);
614 else if (keywordlen == 8 && !memcmp (keyword, "KEY-TIME", keywordlen))
616 int no = atoi (line);
617 while (* line && !spacep (line))
619 while (spacep (line))
622 parm->fpr1time = strtoul (line, NULL, 10);
624 parm->fpr2time = strtoul (line, NULL, 10);
626 parm->fpr3time = strtoul (line, NULL, 10);
628 else if (keywordlen == 6 && !memcmp (keyword, "CA-FPR", keywordlen))
630 int no = atoi (line);
631 while (*line && !spacep (line))
633 while (spacep (line))
636 parm->cafpr1valid = unhexify_fpr (line, parm->cafpr1);
638 parm->cafpr2valid = unhexify_fpr (line, parm->cafpr2);
640 parm->cafpr3valid = unhexify_fpr (line, parm->cafpr3);
642 else if (keywordlen == 8 && !memcmp (keyword, "KEY-ATTR", keywordlen))
645 int algo = PUBKEY_ALGO_RSA;
648 sscanf (line, "%d %d %n", &keyno, &algo, &n);
650 if (keyno < 0 || keyno >= DIM (parm->key_attr))
653 parm->key_attr[keyno].algo = algo;
654 if (algo == PUBKEY_ALGO_RSA)
655 parm->key_attr[keyno].nbits = strtoul (line+n+3, NULL, 10);
656 else if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA
657 || algo == PUBKEY_ALGO_EDDSA)
658 parm->key_attr[keyno].curve = openpgp_is_curve_supported (line + n,
661 else if (keywordlen == 12 && !memcmp (keyword, "PRIVATE-DO-", 11)
662 && strchr("1234", keyword[11]))
664 int no = keyword[11] - '1';
665 log_assert (no >= 0 && no <= 3);
666 xfree (parm->private_do[no]);
667 parm->private_do[no] = unescape_status_string (line);
673 /* Call the scdaemon to learn about a smartcard */
675 agent_scd_learn (struct agent_card_info_s *info, int force)
678 struct default_inq_parm_s parm;
679 struct agent_card_info_s dummyinfo;
683 memset (info, 0, sizeof *info);
684 memset (&parm, 0, sizeof parm);
686 rc = start_agent (NULL, 1);
690 parm.ctx = agent_ctx;
691 rc = assuan_transact (agent_ctx,
692 force ? "LEARN --sendinfo --force" : "LEARN --sendinfo",
693 dummy_data_cb, NULL, default_inq_cb, &parm,
694 learn_status_cb, info);
695 /* Also try to get the key attributes. */
697 agent_scd_getattr ("KEY-ATTR", info);
699 if (info == &dummyinfo)
700 agent_release_card_info (info);
706 /* Send an APDU to the current card. On success the status word is
707 stored at R_SW. With HEXAPDU being NULL only a RESET command is
708 send to scd. With HEXAPDU being the string "undefined" the command
709 "SERIALNO undefined" is send to scd. */
711 agent_scd_apdu (const char *hexapdu, unsigned int *r_sw)
715 /* Start the agent but not with the card flag so that we do not
716 autoselect the openpgp application. */
717 err = start_agent (NULL, 0);
723 err = assuan_transact (agent_ctx, "SCD RESET",
724 NULL, NULL, NULL, NULL, NULL, NULL);
727 else if (!strcmp (hexapdu, "undefined"))
729 err = assuan_transact (agent_ctx, "SCD SERIALNO undefined",
730 NULL, NULL, NULL, NULL, NULL, NULL);
734 char line[ASSUAN_LINELENGTH];
739 init_membuf (&mb, 256);
741 snprintf (line, DIM(line), "SCD APDU %s", hexapdu);
742 err = assuan_transact (agent_ctx, line,
743 put_membuf_cb, &mb, NULL, NULL, NULL, NULL);
746 data = get_membuf (&mb, &datalen);
748 err = gpg_error_from_syserror ();
749 else if (datalen < 2) /* Ooops */
750 err = gpg_error (GPG_ERR_CARD);
753 *r_sw = buf16_to_uint (data+datalen-2);
764 agent_keytocard (const char *hexgrip, int keyno, int force,
765 const char *serialno, const char *timestamp)
768 char line[ASSUAN_LINELENGTH];
769 struct default_inq_parm_s parm;
771 memset (&parm, 0, sizeof parm);
773 snprintf (line, DIM(line), "KEYTOCARD %s%s %s OPENPGP.%d %s",
774 force?"--force ": "", hexgrip, serialno, keyno, timestamp);
776 rc = start_agent (NULL, 1);
779 parm.ctx = agent_ctx;
781 rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, &parm,
789 /* Call the agent to retrieve a data object. This function returns
790 the data in the same structure as used by the learn command. It is
791 allowed to update such a structure using this command. */
793 agent_scd_getattr (const char *name, struct agent_card_info_s *info)
796 char line[ASSUAN_LINELENGTH];
797 struct default_inq_parm_s parm;
799 memset (&parm, 0, sizeof parm);
802 return gpg_error (GPG_ERR_INV_VALUE);
804 /* We assume that NAME does not need escaping. */
805 if (12 + strlen (name) > DIM(line)-1)
806 return gpg_error (GPG_ERR_TOO_LARGE);
807 stpcpy (stpcpy (line, "SCD GETATTR "), name);
809 rc = start_agent (NULL, 1);
813 parm.ctx = agent_ctx;
814 rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, &parm,
815 learn_status_cb, info);
821 /* Send an setattr command to the SCdaemon. SERIALNO is not actually
822 used here but required by gpg 1.4's implementation of this code in
825 agent_scd_setattr (const char *name,
826 const unsigned char *value, size_t valuelen,
827 const char *serialno)
830 char line[ASSUAN_LINELENGTH];
832 struct default_inq_parm_s parm;
834 memset (&parm, 0, sizeof parm);
838 if (!*name || !valuelen)
839 return gpg_error (GPG_ERR_INV_VALUE);
841 /* We assume that NAME does not need escaping. */
842 if (12 + strlen (name) > DIM(line)-1)
843 return gpg_error (GPG_ERR_TOO_LARGE);
845 p = stpcpy (stpcpy (line, "SCD SETATTR "), name);
847 for (; valuelen; value++, valuelen--)
849 if (p >= line + DIM(line)-5 )
850 return gpg_error (GPG_ERR_TOO_LARGE);
851 if (*value < ' ' || *value == '+' || *value == '%')
853 sprintf (p, "%%%02X", *value);
856 else if (*value == ' ')
863 rc = start_agent (NULL, 1);
866 parm.ctx = agent_ctx;
867 rc = assuan_transact (agent_ctx, line, NULL, NULL,
868 default_inq_cb, &parm, NULL, NULL);
871 status_sc_op_failure (rc);
877 /* Handle a CERTDATA inquiry. Note, we only send the data,
878 assuan_transact takes care of flushing and writing the END
881 inq_writecert_parms (void *opaque, const char *line)
884 struct writecert_parm_s *parm = opaque;
886 if (has_leading_keyword (line, "CERTDATA"))
888 rc = assuan_send_data (parm->dflt->ctx,
889 parm->certdata, parm->certdatalen);
892 rc = default_inq_cb (parm->dflt, line);
898 /* Send a WRITECERT command to the SCdaemon. */
900 agent_scd_writecert (const char *certidstr,
901 const unsigned char *certdata, size_t certdatalen)
904 char line[ASSUAN_LINELENGTH];
905 struct writecert_parm_s parms;
906 struct default_inq_parm_s dfltparm;
908 memset (&dfltparm, 0, sizeof dfltparm);
910 rc = start_agent (NULL, 1);
914 memset (&parms, 0, sizeof parms);
916 snprintf (line, DIM(line), "SCD WRITECERT %s", certidstr);
917 dfltparm.ctx = agent_ctx;
918 parms.dflt = &dfltparm;
919 parms.certdata = certdata;
920 parms.certdatalen = certdatalen;
922 rc = assuan_transact (agent_ctx, line, NULL, NULL,
923 inq_writecert_parms, &parms, NULL, NULL);
930 /* Handle a KEYDATA inquiry. Note, we only send the data,
931 assuan_transact takes care of flushing and writing the end */
933 inq_writekey_parms (void *opaque, const char *line)
936 struct writekey_parm_s *parm = opaque;
938 if (has_leading_keyword (line, "KEYDATA"))
940 rc = assuan_send_data (parm->dflt->ctx, parm->keydata, parm->keydatalen);
943 rc = default_inq_cb (parm->dflt, line);
949 /* Send a WRITEKEY command to the SCdaemon. */
951 agent_scd_writekey (int keyno, const char *serialno,
952 const unsigned char *keydata, size_t keydatalen)
955 char line[ASSUAN_LINELENGTH];
956 struct writekey_parm_s parms;
957 struct default_inq_parm_s dfltparm;
959 memset (&dfltparm, 0, sizeof dfltparm);
963 rc = start_agent (NULL, 1);
967 memset (&parms, 0, sizeof parms);
969 snprintf (line, DIM(line), "SCD WRITEKEY --force OPENPGP.%d", keyno);
970 dfltparm.ctx = agent_ctx;
971 parms.dflt = &dfltparm;
972 parms.keydata = keydata;
973 parms.keydatalen = keydatalen;
975 rc = assuan_transact (agent_ctx, line, NULL, NULL,
976 inq_writekey_parms, &parms, NULL, NULL);
978 status_sc_op_failure (rc);
984 /* Status callback for the SCD GENKEY command. */
986 scd_genkey_cb (void *opaque, const char *line)
988 u32 *createtime = opaque;
989 const char *keyword = line;
992 for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
994 while (spacep (line))
997 if (keywordlen == 14 && !memcmp (keyword,"KEY-CREATED-AT", keywordlen))
999 *createtime = (u32)strtoul (line, NULL, 10);
1001 else if (keywordlen == 8 && !memcmp (keyword, "PROGRESS", keywordlen))
1003 write_status_text (STATUS_PROGRESS, line);
1009 /* Send a GENKEY command to the SCdaemon. If *CREATETIME is not 0,
1010 the value will be passed to SCDAEMON with --timestamp option so that
1011 the key is created with this. Otherwise, timestamp was generated by
1012 SCDEAMON. On success, creation time is stored back to
1015 agent_scd_genkey (int keyno, int force, u32 *createtime)
1018 char line[ASSUAN_LINELENGTH];
1019 gnupg_isotime_t tbuf;
1020 struct default_inq_parm_s dfltparm;
1022 memset (&dfltparm, 0, sizeof dfltparm);
1024 rc = start_agent (NULL, 1);
1029 epoch2isotime (tbuf, *createtime);
1033 snprintf (line, DIM(line), "SCD GENKEY %s%s %s %d",
1034 *tbuf? "--timestamp=":"", tbuf,
1035 force? "--force":"",
1038 dfltparm.ctx = agent_ctx;
1039 rc = assuan_transact (agent_ctx, line,
1040 NULL, NULL, default_inq_cb, &dfltparm,
1041 scd_genkey_cb, createtime);
1043 status_sc_op_failure (rc);
1047 /* Return the serial number of the card or an appropriate error. The
1048 serial number is returned as a hexstring. */
1050 agent_scd_serialno (char **r_serialno, const char *demand)
1053 char *serialno = NULL;
1054 char line[ASSUAN_LINELENGTH];
1056 err = start_agent (NULL, 1 | FLAG_FOR_CARD_SUPPRESS_ERRORS);
1061 strcpy (line, "SCD SERIALNO");
1063 snprintf (line, DIM(line), "SCD SERIALNO --demand=%s", demand);
1065 err = assuan_transact (agent_ctx, line,
1066 NULL, NULL, NULL, NULL,
1067 get_serialno_cb, &serialno);
1074 *r_serialno = serialno;
1078 /* Send a READCERT command to the SCdaemon. */
1080 agent_scd_readcert (const char *certidstr,
1081 void **r_buf, size_t *r_buflen)
1084 char line[ASSUAN_LINELENGTH];
1087 struct default_inq_parm_s dfltparm;
1089 memset (&dfltparm, 0, sizeof dfltparm);
1092 rc = start_agent (NULL, 1);
1096 dfltparm.ctx = agent_ctx;
1098 init_membuf (&data, 2048);
1100 snprintf (line, DIM(line), "SCD READCERT %s", certidstr);
1101 rc = assuan_transact (agent_ctx, line,
1102 put_membuf_cb, &data,
1103 default_inq_cb, &dfltparm,
1107 xfree (get_membuf (&data, &len));
1110 *r_buf = get_membuf (&data, r_buflen);
1112 return gpg_error (GPG_ERR_ENOMEM);
1117 struct card_cardlist_parm_s {
1123 /* Callback function for agent_card_cardlist. */
1125 card_cardlist_cb (void *opaque, const char *line)
1127 struct card_cardlist_parm_s *parm = opaque;
1128 const char *keyword = line;
1131 for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
1133 while (spacep (line))
1136 if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
1141 for (n=0,s=line; hexdigitp (s); s++, n++)
1144 if (!n || (n&1) || *s)
1145 parm->error = gpg_error (GPG_ERR_ASS_PARAMETER);
1147 add_to_strlist (&parm->list, line);
1153 /* Return cardlist. */
1155 agent_scd_cardlist (strlist_t *result)
1158 char line[ASSUAN_LINELENGTH];
1159 struct card_cardlist_parm_s parm;
1161 memset (&parm, 0, sizeof parm);
1163 err = start_agent (NULL, 1);
1167 strcpy (line, "SCD GETINFO card_list");
1169 err = assuan_transact (agent_ctx, line,
1170 NULL, NULL, NULL, NULL,
1171 card_cardlist_cb, &parm);
1172 if (!err && parm.error)
1176 *result = parm.list;
1178 free_strlist (parm.list);
1183 /* Change the PIN of an OpenPGP card or reset the retry counter.
1184 CHVNO 1: Change the PIN
1185 2: For v1 cards: Same as 1.
1186 For v2 cards: Reset the PIN using the Reset Code.
1187 3: Change the admin PIN
1188 101: Set a new PIN and reset the retry counter
1189 102: For v1 cars: Same as 101.
1190 For v2 cards: Set a new Reset Code.
1191 SERIALNO is not used.
1194 agent_scd_change_pin (int chvno, const char *serialno)
1197 char line[ASSUAN_LINELENGTH];
1198 const char *reset = "";
1199 struct default_inq_parm_s dfltparm;
1201 memset (&dfltparm, 0, sizeof dfltparm);
1209 rc = start_agent (NULL, 1);
1212 dfltparm.ctx = agent_ctx;
1214 snprintf (line, DIM(line), "SCD PASSWD %s %d", reset, chvno);
1215 rc = assuan_transact (agent_ctx, line,
1217 default_inq_cb, &dfltparm,
1219 status_sc_op_failure (rc);
1224 /* Perform a CHECKPIN operation. SERIALNO should be the serial
1225 number of the card - optionally followed by the fingerprint;
1226 however the fingerprint is ignored here. */
1228 agent_scd_checkpin (const char *serialno)
1231 char line[ASSUAN_LINELENGTH];
1232 struct default_inq_parm_s dfltparm;
1234 memset (&dfltparm, 0, sizeof dfltparm);
1236 rc = start_agent (NULL, 1);
1239 dfltparm.ctx = agent_ctx;
1241 snprintf (line, DIM(line), "SCD CHECKPIN %s", serialno);
1242 rc = assuan_transact (agent_ctx, line,
1244 default_inq_cb, &dfltparm,
1246 status_sc_op_failure (rc);
1251 /* Dummy function, only used by the gpg 1.4 implementation. */
1253 agent_clear_pin_cache (const char *sn)
1261 /* Note: All strings shall be UTF-8. On success the caller needs to
1262 free the string stored at R_PASSPHRASE. On error NULL will be
1263 stored at R_PASSPHRASE and an appropriate fpf error code
1266 agent_get_passphrase (const char *cache_id,
1267 const char *err_msg,
1269 const char *desc_msg,
1272 char **r_passphrase)
1275 char line[ASSUAN_LINELENGTH];
1281 struct default_inq_parm_s dfltparm;
1283 memset (&dfltparm, 0, sizeof dfltparm);
1285 *r_passphrase = NULL;
1287 rc = start_agent (NULL, 0);
1290 dfltparm.ctx = agent_ctx;
1292 /* Check that the gpg-agent understands the repeat option. */
1293 if (assuan_transact (agent_ctx,
1294 "GETINFO cmd_has_option GET_PASSPHRASE repeat",
1295 NULL, NULL, NULL, NULL, NULL, NULL))
1296 return gpg_error (GPG_ERR_NOT_SUPPORTED);
1298 if (cache_id && *cache_id)
1299 if (!(arg1 = percent_plus_escape (cache_id)))
1301 if (err_msg && *err_msg)
1302 if (!(arg2 = percent_plus_escape (err_msg)))
1304 if (prompt && *prompt)
1305 if (!(arg3 = percent_plus_escape (prompt)))
1307 if (desc_msg && *desc_msg)
1308 if (!(arg4 = percent_plus_escape (desc_msg)))
1311 snprintf (line, DIM(line),
1312 "GET_PASSPHRASE --data --repeat=%d%s -- %s %s %s %s",
1314 check? " --check --qualitybar":"",
1324 init_membuf_secure (&data, 64);
1325 rc = assuan_transact (agent_ctx, line,
1326 put_membuf_cb, &data,
1327 default_inq_cb, &dfltparm,
1331 xfree (get_membuf (&data, NULL));
1334 put_membuf (&data, "", 1);
1335 *r_passphrase = get_membuf (&data, NULL);
1337 rc = gpg_error_from_syserror ();
1341 rc = gpg_error_from_syserror ();
1351 agent_clear_passphrase (const char *cache_id)
1354 char line[ASSUAN_LINELENGTH];
1355 struct default_inq_parm_s dfltparm;
1357 memset (&dfltparm, 0, sizeof dfltparm);
1359 if (!cache_id || !*cache_id)
1362 rc = start_agent (NULL, 0);
1365 dfltparm.ctx = agent_ctx;
1367 snprintf (line, DIM(line), "CLEAR_PASSPHRASE %s", cache_id);
1368 return assuan_transact (agent_ctx, line,
1370 default_inq_cb, &dfltparm,
1375 /* Ask the agent to pop up a confirmation dialog with the text DESC
1376 and an okay and cancel button. */
1378 gpg_agent_get_confirmation (const char *desc)
1382 char line[ASSUAN_LINELENGTH];
1383 struct default_inq_parm_s dfltparm;
1385 memset (&dfltparm, 0, sizeof dfltparm);
1387 rc = start_agent (NULL, 0);
1390 dfltparm.ctx = agent_ctx;
1392 tmp = percent_plus_escape (desc);
1394 return gpg_error_from_syserror ();
1395 snprintf (line, DIM(line), "GET_CONFIRMATION %s", tmp);
1398 rc = assuan_transact (agent_ctx, line,
1400 default_inq_cb, &dfltparm,
1406 /* Return the S2K iteration count as computed by gpg-agent. */
1408 agent_get_s2k_count (unsigned long *r_count)
1416 err = start_agent (NULL, 0);
1420 init_membuf (&data, 32);
1421 err = assuan_transact (agent_ctx, "GETINFO s2k_count",
1422 put_membuf_cb, &data,
1423 NULL, NULL, NULL, NULL);
1425 xfree (get_membuf (&data, NULL));
1428 put_membuf (&data, "", 1);
1429 buf = get_membuf (&data, NULL);
1431 err = gpg_error_from_syserror ();
1434 *r_count = strtoul (buf, NULL, 10);
1443 /* Ask the agent whether a secret key for the given public key is
1444 available. Returns 0 if available. */
1446 agent_probe_secret_key (ctrl_t ctrl, PKT_public_key *pk)
1449 char line[ASSUAN_LINELENGTH];
1452 err = start_agent (ctrl, 0);
1456 err = hexkeygrip_from_pk (pk, &hexgrip);
1460 snprintf (line, sizeof line, "HAVEKEY %s", hexgrip);
1463 err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
1467 /* Ask the agent whether a secret key is available for any of the
1468 keys (primary or sub) in KEYBLOCK. Returns 0 if available. */
1470 agent_probe_any_secret_key (ctrl_t ctrl, kbnode_t keyblock)
1473 char line[ASSUAN_LINELENGTH];
1475 kbnode_t kbctx, node;
1477 unsigned char grip[20];
1479 err = start_agent (ctrl, 0);
1483 err = gpg_error (GPG_ERR_NO_SECKEY); /* Just in case no key was
1484 found in KEYBLOCK. */
1485 p = stpcpy (line, "HAVEKEY");
1486 for (kbctx=NULL, nkeys=0; (node = walk_kbnode (keyblock, &kbctx, 0)); )
1487 if (node->pkt->pkttype == PKT_PUBLIC_KEY
1488 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY
1489 || node->pkt->pkttype == PKT_SECRET_KEY
1490 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
1492 if (nkeys && ((p - line) + 41) > (ASSUAN_LINELENGTH - 2))
1494 err = assuan_transact (agent_ctx, line,
1495 NULL, NULL, NULL, NULL, NULL, NULL);
1496 if (err != gpg_err_code (GPG_ERR_NO_SECKEY))
1497 break; /* Seckey available or unexpected error - ready. */
1498 p = stpcpy (line, "HAVEKEY");
1502 err = keygrip_from_pk (node->pkt->pkt.public_key, grip);
1506 bin2hex (grip, 20, p);
1512 err = assuan_transact (agent_ctx, line,
1513 NULL, NULL, NULL, NULL, NULL, NULL);
1520 struct keyinfo_data_parm_s
1528 keyinfo_status_cb (void *opaque, const char *line)
1530 struct keyinfo_data_parm_s *data = opaque;
1534 if ((s = has_leading_keyword (line, "KEYINFO")) && data)
1536 /* Parse the arguments:
1538 * <keygrip> <type> <serialno> <idstr> <cached> <protection>
1542 if (split_fields (s, fields, DIM (fields)) == 6)
1544 is_smartcard = (fields[1][0] == 'T');
1545 if (is_smartcard && !data->serialno && strcmp (fields[2], "-"))
1546 data->serialno = xtrystrdup (fields[2]);
1547 /* 'P' for protected, 'C' for clear */
1548 data->cleartext = (fields[5][0] == 'C');
1555 /* Return the serial number for a secret key. If the returned serial
1556 number is NULL, the key is not stored on a smartcard. Caller needs
1559 if r_cleartext is not NULL, the referenced int will be set to 1 if
1560 the agent's copy of the key is stored in the clear, or 0 otherwise
1563 agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip,
1564 char **r_serialno, int *r_cleartext)
1567 char line[ASSUAN_LINELENGTH];
1568 struct keyinfo_data_parm_s keyinfo;
1570 memset (&keyinfo, 0,sizeof keyinfo);
1574 err = start_agent (ctrl, 0);
1578 if (!hexkeygrip || strlen (hexkeygrip) != 40)
1579 return gpg_error (GPG_ERR_INV_VALUE);
1581 snprintf (line, DIM(line), "KEYINFO %s", hexkeygrip);
1583 err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL,
1584 keyinfo_status_cb, &keyinfo);
1585 if (!err && keyinfo.serialno)
1587 /* Sanity check for bad characters. */
1588 if (strpbrk (keyinfo.serialno, ":\n\r"))
1589 err = GPG_ERR_INV_VALUE;
1592 xfree (keyinfo.serialno);
1595 *r_serialno = keyinfo.serialno;
1597 *r_cleartext = keyinfo.cleartext;
1603 /* Status callback for agent_import_key, agent_export_key and
1606 cache_nonce_status_cb (void *opaque, const char *line)
1608 struct cache_nonce_parm_s *parm = opaque;
1611 if ((s = has_leading_keyword (line, "CACHE_NONCE")))
1613 if (parm->cache_nonce_addr)
1615 xfree (*parm->cache_nonce_addr);
1616 *parm->cache_nonce_addr = xtrystrdup (s);
1619 else if ((s = has_leading_keyword (line, "PASSWD_NONCE")))
1621 if (parm->passwd_nonce_addr)
1623 xfree (*parm->passwd_nonce_addr);
1624 *parm->passwd_nonce_addr = xtrystrdup (s);
1627 else if ((s = has_leading_keyword (line, "PROGRESS")))
1629 if (opt.enable_progress_filter)
1630 write_status_text (STATUS_PROGRESS, s);
1638 /* Handle a KEYPARMS inquiry. Note, we only send the data,
1639 assuan_transact takes care of flushing and writing the end */
1641 inq_genkey_parms (void *opaque, const char *line)
1643 struct genkey_parm_s *parm = opaque;
1646 if (has_leading_keyword (line, "KEYPARAM"))
1648 err = assuan_send_data (parm->dflt->ctx,
1649 parm->keyparms, strlen (parm->keyparms));
1651 else if (has_leading_keyword (line, "NEWPASSWD") && parm->passphrase)
1653 err = assuan_send_data (parm->dflt->ctx,
1654 parm->passphrase, strlen (parm->passphrase));
1657 err = default_inq_cb (parm->dflt, line);
1663 /* Call the agent to generate a new key. KEYPARMS is the usual
1664 S-expression giving the parameters of the key. gpg-agent passes it
1665 gcry_pk_genkey. If NO_PROTECTION is true the agent is advised not
1666 to protect the generated key. If NO_PROTECTION is not set and
1667 PASSPHRASE is not NULL the agent is requested to protect the key
1668 with that passphrase instead of asking for one. */
1670 agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, char **passwd_nonce_addr,
1671 const char *keyparms, int no_protection,
1672 const char *passphrase, gcry_sexp_t *r_pubkey)
1675 struct genkey_parm_s gk_parm;
1676 struct cache_nonce_parm_s cn_parm;
1677 struct default_inq_parm_s dfltparm;
1681 char line[ASSUAN_LINELENGTH];
1683 memset (&dfltparm, 0, sizeof dfltparm);
1684 dfltparm.ctrl = ctrl;
1687 err = start_agent (ctrl, 0);
1690 dfltparm.ctx = agent_ctx;
1692 if (passwd_nonce_addr && *passwd_nonce_addr)
1693 ; /* A RESET would flush the passwd nonce cache. */
1696 err = assuan_transact (agent_ctx, "RESET",
1697 NULL, NULL, NULL, NULL, NULL, NULL);
1702 init_membuf (&data, 1024);
1703 gk_parm.dflt = &dfltparm;
1704 gk_parm.keyparms = keyparms;
1705 gk_parm.passphrase = passphrase;
1706 snprintf (line, sizeof line, "GENKEY%s%s%s%s%s",
1707 no_protection? " --no-protection" :
1708 passphrase ? " --inq-passwd" :
1710 passwd_nonce_addr && *passwd_nonce_addr? " --passwd-nonce=":"",
1711 passwd_nonce_addr && *passwd_nonce_addr? *passwd_nonce_addr:"",
1712 cache_nonce_addr && *cache_nonce_addr? " ":"",
1713 cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"");
1714 cn_parm.cache_nonce_addr = cache_nonce_addr;
1715 cn_parm.passwd_nonce_addr = NULL;
1716 err = assuan_transact (agent_ctx, line,
1717 put_membuf_cb, &data,
1718 inq_genkey_parms, &gk_parm,
1719 cache_nonce_status_cb, &cn_parm);
1722 xfree (get_membuf (&data, &len));
1726 buf = get_membuf (&data, &len);
1728 err = gpg_error_from_syserror ();
1731 err = gcry_sexp_sscan (r_pubkey, NULL, buf, len);
1739 /* Call the agent to read the public key part for a given keygrip. If
1740 FROMCARD is true, the key is directly read from the current
1741 smartcard. In this case HEXKEYGRIP should be the keyID
1742 (e.g. OPENPGP.3). */
1744 agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
1745 unsigned char **r_pubkey)
1751 char line[ASSUAN_LINELENGTH];
1752 struct default_inq_parm_s dfltparm;
1754 memset (&dfltparm, 0, sizeof dfltparm);
1755 dfltparm.ctrl = ctrl;
1758 err = start_agent (ctrl, 0);
1761 dfltparm.ctx = agent_ctx;
1763 err = assuan_transact (agent_ctx, "RESET",NULL, NULL, NULL, NULL, NULL, NULL);
1767 snprintf (line, DIM(line), "READKEY %s%s", fromcard? "--card ":"",
1770 init_membuf (&data, 1024);
1771 err = assuan_transact (agent_ctx, line,
1772 put_membuf_cb, &data,
1773 default_inq_cb, &dfltparm,
1777 xfree (get_membuf (&data, &len));
1780 buf = get_membuf (&data, &len);
1782 return gpg_error_from_syserror ();
1783 if (!gcry_sexp_canon_len (buf, len, NULL, NULL))
1786 return gpg_error (GPG_ERR_INV_SEXP);
1794 /* Call the agent to do a sign operation using the key identified by
1795 the hex string KEYGRIP. DESC is a description of the key to be
1796 displayed if the agent needs to ask for the PIN. DIGEST and
1797 DIGESTLEN is the hash value to sign and DIGESTALGO the algorithm id
1798 used to compute the digest. If CACHE_NONCE is used the agent is
1799 advised to first try a passphrase associated with that nonce. */
1801 agent_pksign (ctrl_t ctrl, const char *cache_nonce,
1802 const char *keygrip, const char *desc,
1803 u32 *keyid, u32 *mainkeyid, int pubkey_algo,
1804 unsigned char *digest, size_t digestlen, int digestalgo,
1805 gcry_sexp_t *r_sigval)
1808 char line[ASSUAN_LINELENGTH];
1810 struct default_inq_parm_s dfltparm;
1812 memset (&dfltparm, 0, sizeof dfltparm);
1813 dfltparm.ctrl = ctrl;
1814 dfltparm.keyinfo.keyid = keyid;
1815 dfltparm.keyinfo.mainkeyid = mainkeyid;
1816 dfltparm.keyinfo.pubkey_algo = pubkey_algo;
1819 err = start_agent (ctrl, 0);
1822 dfltparm.ctx = agent_ctx;
1824 if (digestlen*2 + 50 > DIM(line))
1825 return gpg_error (GPG_ERR_GENERAL);
1827 err = assuan_transact (agent_ctx, "RESET",
1828 NULL, NULL, NULL, NULL, NULL, NULL);
1832 snprintf (line, DIM(line), "SIGKEY %s", keygrip);
1833 err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
1839 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
1840 err = assuan_transact (agent_ctx, line,
1841 NULL, NULL, NULL, NULL, NULL, NULL);
1846 snprintf (line, sizeof line, "SETHASH %d ", digestalgo);
1847 bin2hex (digest, digestlen, line + strlen (line));
1848 err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
1852 init_membuf (&data, 1024);
1854 snprintf (line, sizeof line, "PKSIGN%s%s",
1855 cache_nonce? " -- ":"",
1856 cache_nonce? cache_nonce:"");
1857 err = assuan_transact (agent_ctx, line,
1858 put_membuf_cb, &data,
1859 default_inq_cb, &dfltparm,
1862 xfree (get_membuf (&data, NULL));
1868 buf = get_membuf (&data, &len);
1870 err = gpg_error_from_syserror ();
1873 err = gcry_sexp_sscan (r_sigval, NULL, buf, len);
1882 /* Handle a CIPHERTEXT inquiry. Note, we only send the data,
1883 assuan_transact takes care of flushing and writing the END. */
1885 inq_ciphertext_cb (void *opaque, const char *line)
1887 struct cipher_parm_s *parm = opaque;
1890 if (has_leading_keyword (line, "CIPHERTEXT"))
1892 assuan_begin_confidential (parm->ctx);
1893 rc = assuan_send_data (parm->dflt->ctx,
1894 parm->ciphertext, parm->ciphertextlen);
1895 assuan_end_confidential (parm->ctx);
1898 rc = default_inq_cb (parm->dflt, line);
1904 /* Check whether there is any padding info from the agent. */
1906 padding_info_cb (void *opaque, const char *line)
1908 int *r_padding = opaque;
1911 if ((s=has_leading_keyword (line, "PADDING")))
1913 *r_padding = atoi (s);
1920 /* Call the agent to do a decrypt operation using the key identified
1921 by the hex string KEYGRIP and the input data S_CIPHERTEXT. On the
1922 success the decoded value is stored verbatim at R_BUF and its
1923 length at R_BUF; the callers needs to release it. KEYID, MAINKEYID
1924 and PUBKEY_ALGO are used to construct additional promots or status
1925 messages. The padding information is stored at R_PADDING with -1
1928 agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
1929 u32 *keyid, u32 *mainkeyid, int pubkey_algo,
1930 gcry_sexp_t s_ciphertext,
1931 unsigned char **r_buf, size_t *r_buflen, int *r_padding)
1934 char line[ASSUAN_LINELENGTH];
1937 char *p, *buf, *endp;
1938 struct default_inq_parm_s dfltparm;
1940 memset (&dfltparm, 0, sizeof dfltparm);
1941 dfltparm.ctrl = ctrl;
1942 dfltparm.keyinfo.keyid = keyid;
1943 dfltparm.keyinfo.mainkeyid = mainkeyid;
1944 dfltparm.keyinfo.pubkey_algo = pubkey_algo;
1946 if (!keygrip || strlen(keygrip) != 40
1947 || !s_ciphertext || !r_buf || !r_buflen || !r_padding)
1948 return gpg_error (GPG_ERR_INV_VALUE);
1953 err = start_agent (ctrl, 0);
1956 dfltparm.ctx = agent_ctx;
1958 err = assuan_transact (agent_ctx, "RESET",
1959 NULL, NULL, NULL, NULL, NULL, NULL);
1963 snprintf (line, sizeof line, "SETKEY %s", keygrip);
1964 err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
1970 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
1971 err = assuan_transact (agent_ctx, line,
1972 NULL, NULL, NULL, NULL, NULL, NULL);
1977 init_membuf_secure (&data, 1024);
1979 struct cipher_parm_s parm;
1981 parm.dflt = &dfltparm;
1982 parm.ctx = agent_ctx;
1983 err = make_canon_sexp (s_ciphertext, &parm.ciphertext, &parm.ciphertextlen);
1986 err = assuan_transact (agent_ctx, "PKDECRYPT",
1987 put_membuf_cb, &data,
1988 inq_ciphertext_cb, &parm,
1989 padding_info_cb, r_padding);
1990 xfree (parm.ciphertext);
1994 xfree (get_membuf (&data, &len));
1998 put_membuf (&data, "", 1); /* Make sure it is 0 terminated. */
1999 buf = get_membuf (&data, &len);
2001 return gpg_error_from_syserror ();
2002 log_assert (len); /* (we forced Nul termination.) */
2007 return gpg_error (GPG_ERR_INV_SEXP);
2010 if (len < 13 || memcmp (buf, "(5:value", 8) ) /* "(5:valueN:D)\0" */
2013 return gpg_error (GPG_ERR_INV_SEXP);
2015 len -= 10; /* Count only the data of the second part. */
2016 p = buf + 8; /* Skip leading parenthesis and the value tag. */
2018 n = strtoul (p, &endp, 10);
2019 if (!n || *endp != ':')
2022 return gpg_error (GPG_ERR_INV_SEXP);
2028 return gpg_error (GPG_ERR_INV_SEXP); /* Oops: Inconsistent S-Exp. */
2031 memmove (buf, endp, n);
2040 /* Retrieve a key encryption key from the agent. With FOREXPORT true
2041 the key shall be used for export, with false for import. On success
2042 the new key is stored at R_KEY and its length at R_KEKLEN. */
2044 agent_keywrap_key (ctrl_t ctrl, int forexport, void **r_kek, size_t *r_keklen)
2050 char line[ASSUAN_LINELENGTH];
2051 struct default_inq_parm_s dfltparm;
2053 memset (&dfltparm, 0, sizeof dfltparm);
2054 dfltparm.ctrl = ctrl;
2057 err = start_agent (ctrl, 0);
2060 dfltparm.ctx = agent_ctx;
2062 snprintf (line, DIM(line), "KEYWRAP_KEY %s",
2063 forexport? "--export":"--import");
2065 init_membuf_secure (&data, 64);
2066 err = assuan_transact (agent_ctx, line,
2067 put_membuf_cb, &data,
2068 default_inq_cb, &dfltparm,
2072 xfree (get_membuf (&data, &len));
2075 buf = get_membuf (&data, &len);
2077 return gpg_error_from_syserror ();
2085 /* Handle the inquiry for an IMPORT_KEY command. */
2087 inq_import_key_parms (void *opaque, const char *line)
2089 struct import_key_parm_s *parm = opaque;
2092 if (has_leading_keyword (line, "KEYDATA"))
2094 err = assuan_send_data (parm->dflt->ctx, parm->key, parm->keylen);
2097 err = default_inq_cb (parm->dflt, line);
2103 /* Call the agent to import a key into the agent. */
2105 agent_import_key (ctrl_t ctrl, const char *desc, char **cache_nonce_addr,
2106 const void *key, size_t keylen, int unattended, int force,
2107 u32 *keyid, u32 *mainkeyid, int pubkey_algo)
2110 struct import_key_parm_s parm;
2111 struct cache_nonce_parm_s cn_parm;
2112 char line[ASSUAN_LINELENGTH];
2113 struct default_inq_parm_s dfltparm;
2115 memset (&dfltparm, 0, sizeof dfltparm);
2116 dfltparm.ctrl = ctrl;
2117 dfltparm.keyinfo.keyid = keyid;
2118 dfltparm.keyinfo.mainkeyid = mainkeyid;
2119 dfltparm.keyinfo.pubkey_algo = pubkey_algo;
2121 err = start_agent (ctrl, 0);
2124 dfltparm.ctx = agent_ctx;
2128 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
2129 err = assuan_transact (agent_ctx, line,
2130 NULL, NULL, NULL, NULL, NULL, NULL);
2135 parm.dflt = &dfltparm;
2137 parm.keylen = keylen;
2139 snprintf (line, sizeof line, "IMPORT_KEY%s%s%s%s",
2140 unattended? " --unattended":"",
2141 force? " --force":"",
2142 cache_nonce_addr && *cache_nonce_addr? " ":"",
2143 cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"");
2144 cn_parm.cache_nonce_addr = cache_nonce_addr;
2145 cn_parm.passwd_nonce_addr = NULL;
2146 err = assuan_transact (agent_ctx, line,
2148 inq_import_key_parms, &parm,
2149 cache_nonce_status_cb, &cn_parm);
2155 /* Receive a secret key from the agent. HEXKEYGRIP is the hexified
2156 keygrip, DESC a prompt to be displayed with the agent's passphrase
2157 question (needs to be plus+percent escaped). if OPENPGP_PROTECTED
2158 is not zero, ensure that the key material is returned in RFC
2159 4880-compatible passphrased-protected form. If CACHE_NONCE_ADDR is
2160 not NULL the agent is advised to first try a passphrase associated
2161 with that nonce. On success the key is stored as a canonical
2162 S-expression at R_RESULT and R_RESULTLEN. */
2164 agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
2165 int openpgp_protected, char **cache_nonce_addr,
2166 unsigned char **r_result, size_t *r_resultlen,
2167 u32 *keyid, u32 *mainkeyid, int pubkey_algo)
2170 struct cache_nonce_parm_s cn_parm;
2174 char line[ASSUAN_LINELENGTH];
2175 struct default_inq_parm_s dfltparm;
2177 memset (&dfltparm, 0, sizeof dfltparm);
2178 dfltparm.ctrl = ctrl;
2179 dfltparm.keyinfo.keyid = keyid;
2180 dfltparm.keyinfo.mainkeyid = mainkeyid;
2181 dfltparm.keyinfo.pubkey_algo = pubkey_algo;
2185 err = start_agent (ctrl, 0);
2188 dfltparm.ctx = agent_ctx;
2192 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
2193 err = assuan_transact (agent_ctx, line,
2194 NULL, NULL, NULL, NULL, NULL, NULL);
2199 snprintf (line, DIM(line), "EXPORT_KEY %s%s%s %s",
2200 openpgp_protected ? "--openpgp ":"",
2201 cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
2202 cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
2205 init_membuf_secure (&data, 1024);
2206 cn_parm.cache_nonce_addr = cache_nonce_addr;
2207 cn_parm.passwd_nonce_addr = NULL;
2208 err = assuan_transact (agent_ctx, line,
2209 put_membuf_cb, &data,
2210 default_inq_cb, &dfltparm,
2211 cache_nonce_status_cb, &cn_parm);
2214 xfree (get_membuf (&data, &len));
2217 buf = get_membuf (&data, &len);
2219 return gpg_error_from_syserror ();
2227 /* Ask the agent to delete the key identified by HEXKEYGRIP. If DESC
2228 is not NULL, display DESC instead of the default description
2229 message. If FORCE is true the agent is advised not to ask for
2232 agent_delete_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
2236 char line[ASSUAN_LINELENGTH];
2237 struct default_inq_parm_s dfltparm;
2239 memset (&dfltparm, 0, sizeof dfltparm);
2240 dfltparm.ctrl = ctrl;
2242 err = start_agent (ctrl, 0);
2246 if (!hexkeygrip || strlen (hexkeygrip) != 40)
2247 return gpg_error (GPG_ERR_INV_VALUE);
2251 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
2252 err = assuan_transact (agent_ctx, line,
2253 NULL, NULL, NULL, NULL, NULL, NULL);
2258 snprintf (line, DIM(line), "DELETE_KEY%s %s",
2259 force? " --force":"", hexkeygrip);
2260 err = assuan_transact (agent_ctx, line, NULL, NULL,
2261 default_inq_cb, &dfltparm,
2268 /* Ask the agent to change the passphrase of the key identified by
2269 * HEXKEYGRIP. If DESC is not NULL, display DESC instead of the
2270 * default description message. If CACHE_NONCE_ADDR is not NULL the
2271 * agent is advised to first try a passphrase associated with that
2272 * nonce. If PASSWD_NONCE_ADDR is not NULL the agent will try to use
2273 * the passphrase associated with that nonce for the new passphrase.
2274 * If VERIFY is true the passphrase is only verified. */
2276 agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, int verify,
2277 char **cache_nonce_addr, char **passwd_nonce_addr)
2280 struct cache_nonce_parm_s cn_parm;
2281 char line[ASSUAN_LINELENGTH];
2282 struct default_inq_parm_s dfltparm;
2284 memset (&dfltparm, 0, sizeof dfltparm);
2285 dfltparm.ctrl = ctrl;
2287 err = start_agent (ctrl, 0);
2290 dfltparm.ctx = agent_ctx;
2292 if (!hexkeygrip || strlen (hexkeygrip) != 40)
2293 return gpg_error (GPG_ERR_INV_VALUE);
2297 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
2298 err = assuan_transact (agent_ctx, line,
2299 NULL, NULL, NULL, NULL, NULL, NULL);
2305 snprintf (line, DIM(line), "PASSWD %s%s --verify %s",
2306 cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
2307 cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
2310 snprintf (line, DIM(line), "PASSWD %s%s %s%s %s",
2311 cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
2312 cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
2313 passwd_nonce_addr && *passwd_nonce_addr? "--passwd-nonce=":"",
2314 passwd_nonce_addr && *passwd_nonce_addr? *passwd_nonce_addr:"",
2316 cn_parm.cache_nonce_addr = cache_nonce_addr;
2317 cn_parm.passwd_nonce_addr = passwd_nonce_addr;
2318 err = assuan_transact (agent_ctx, line, NULL, NULL,
2319 default_inq_cb, &dfltparm,
2320 cache_nonce_status_cb, &cn_parm);
2325 /* Return the version reported by gpg-agent. */
2327 agent_get_version (ctrl_t ctrl, char **r_version)
2331 err = start_agent (ctrl, 0);
2335 err = get_assuan_server_version (agent_ctx, 0, r_version);
projects / gnupg.git / blob