1 /* call-agent.c - Divert GPG operations to the agent.
2 * Copyright (C) 2001-2003, 2006-2011, 2013 Free Software Foundation, Inc.
3 * Copyright (C) 2013-2015 Werner Koch
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
34 #include "../common/util.h"
35 #include "../common/membuf.h"
37 #include "../common/i18n.h"
38 #include "../common/asshelp.h"
39 #include "../common/sysutils.h"
40 #include "call-agent.h"
41 #include "../common/status.h"
42 #include "../common/shareddefs.h"
43 #include "../common/host2net.h"
45 #define CONTROL_D ('D' - 'A' + 1)
48 static assuan_context_t agent_ctx = NULL;
49 static int did_early_card_test;
51 struct default_inq_parm_s
64 struct default_inq_parm_s *dflt;
66 unsigned char *ciphertext;
70 struct writecert_parm_s
72 struct default_inq_parm_s *dflt;
73 const unsigned char *certdata;
77 struct writekey_parm_s
79 struct default_inq_parm_s *dflt;
80 const unsigned char *keydata;
86 struct default_inq_parm_s *dflt;
88 const char *passphrase;
91 struct import_key_parm_s
93 struct default_inq_parm_s *dflt;
99 struct cache_nonce_parm_s
101 char **cache_nonce_addr;
102 char **passwd_nonce_addr;
106 static gpg_error_t learn_status_cb (void *opaque, const char *line);
110 /* If RC is not 0, write an appropriate status message. */
112 status_sc_op_failure (int rc)
114 switch (gpg_err_code (rc))
118 case GPG_ERR_CANCELED:
119 case GPG_ERR_FULLY_CANCELED:
120 write_status_text (STATUS_SC_OP_FAILURE, "1");
122 case GPG_ERR_BAD_PIN:
123 write_status_text (STATUS_SC_OP_FAILURE, "2");
126 write_status (STATUS_SC_OP_FAILURE);
132 /* This is the default inquiry callback. It mainly handles the
133 Pinentry notifications. */
135 default_inq_cb (void *opaque, const char *line)
138 struct default_inq_parm_s *parm = opaque;
140 if (has_leading_keyword (line, "PINENTRY_LAUNCHED"))
142 err = gpg_proxy_pinentry_notify (parm->ctrl, line);
144 log_error (_("failed to proxy %s inquiry to client\n"),
145 "PINENTRY_LAUNCHED");
146 /* We do not pass errors to avoid breaking other code. */
148 else if ((has_leading_keyword (line, "PASSPHRASE")
149 || has_leading_keyword (line, "NEW_PASSPHRASE"))
150 && opt.pinentry_mode == PINENTRY_MODE_LOOPBACK)
152 if (have_static_passphrase ())
154 const char *s = get_static_passphrase ();
155 err = assuan_send_data (parm->ctx, s, strlen (s));
162 if (parm->keyinfo.keyid)
163 emit_status_need_passphrase (parm->ctrl,
165 parm->keyinfo.mainkeyid,
166 parm->keyinfo.pubkey_algo);
168 snprintf (buf, sizeof (buf), "%u", 100);
169 write_status_text (STATUS_INQUIRE_MAXLEN, buf);
170 pw = cpr_get_hidden ("passphrase.enter", _("Enter passphrase: "));
172 if (*pw == CONTROL_D && !pw[1])
173 err = gpg_error (GPG_ERR_CANCELED);
175 err = assuan_send_data (parm->ctx, pw, strlen (pw));
180 log_debug ("ignoring gpg-agent inquiry '%s'\n", line);
186 /* Print a warning if the server's version number is less than our
187 version number. Returns an error code on a connection problem. */
189 warn_version_mismatch (assuan_context_t ctx, const char *servername, int mode)
193 const char *myversion = strusage (13);
195 err = get_assuan_server_version (ctx, mode, &serverversion);
197 log_log (gpg_err_code (err) == GPG_ERR_NOT_SUPPORTED?
198 GPGRT_LOGLVL_INFO : GPGRT_LOGLVL_ERROR,
199 _("error getting version from '%s': %s\n"),
200 servername, gpg_strerror (err));
201 else if (compare_version_strings (serverversion, myversion) < 0)
205 warn = xtryasprintf (_("server '%s' is older than us (%s < %s)"),
206 servername, serverversion, myversion);
208 err = gpg_error_from_syserror ();
211 log_info (_("WARNING: %s\n"), warn);
214 log_info (_("Note: Outdated servers may lack important"
215 " security fixes.\n"));
216 log_info (_("Note: Use the command \"%s\" to restart them.\n"),
217 "gpgconf --kill all");
219 write_status_strings (STATUS_WARNING, "server_version_mismatch 0",
224 xfree (serverversion);
229 #define FLAG_FOR_CARD_SUPPRESS_ERRORS 2
231 /* Try to connect to the agent via socket or fork it off and work by
232 pipes. Handle the server's initial greeting */
234 start_agent (ctrl_t ctrl, int flag_for_card)
238 (void)ctrl; /* Not yet used. */
240 /* Fixme: We need a context for each thread or serialize the access
246 rc = start_new_gpg_agent (&agent_ctx,
247 GPG_ERR_SOURCE_DEFAULT,
249 opt.lc_ctype, opt.lc_messages,
251 opt.autostart, opt.verbose, DBG_IPC,
253 if (!opt.autostart && gpg_err_code (rc) == GPG_ERR_NO_AGENT)
260 log_info (_("no gpg-agent running in this session\n"));
264 && !(rc = warn_version_mismatch (agent_ctx, GPG_AGENT_NAME, 0)))
266 /* Tell the agent that we support Pinentry notifications.
267 No error checking so that it will work also with older
269 assuan_transact (agent_ctx, "OPTION allow-pinentry-notify",
270 NULL, NULL, NULL, NULL, NULL, NULL);
271 /* Tell the agent about what version we are aware. This is
272 here used to indirectly enable GPG_ERR_FULLY_CANCELED. */
273 assuan_transact (agent_ctx, "OPTION agent-awareness=2.1.0",
274 NULL, NULL, NULL, NULL, NULL, NULL);
275 /* Pass on the pinentry mode. */
276 if (opt.pinentry_mode)
278 char *tmp = xasprintf ("OPTION pinentry-mode=%s",
279 str_pinentry_mode (opt.pinentry_mode));
280 rc = assuan_transact (agent_ctx, tmp,
281 NULL, NULL, NULL, NULL, NULL, NULL);
285 log_error ("setting pinentry mode '%s' failed: %s\n",
286 str_pinentry_mode (opt.pinentry_mode),
288 write_status_error ("set_pinentry_mode", rc);
292 /* Pass on the request origin. */
293 if (opt.request_origin)
295 char *tmp = xasprintf ("OPTION pretend-request-origin=%s",
296 str_request_origin (opt.request_origin));
297 rc = assuan_transact (agent_ctx, tmp,
298 NULL, NULL, NULL, NULL, NULL, NULL);
302 log_error ("setting request origin '%s' failed: %s\n",
303 str_request_origin (opt.request_origin),
305 write_status_error ("set_request_origin", rc);
309 /* In DE_VS mode under Windows we require that the JENT RNG
311 #ifdef HAVE_W32_SYSTEM
312 if (!rc && opt.compliance == CO_DE_VS)
314 if (assuan_transact (agent_ctx, "GETINFO jent_active",
315 NULL, NULL, NULL, NULL, NULL, NULL))
317 rc = gpg_error (GPG_ERR_FORBIDDEN);
318 log_error (_("%s is not compliant with %s mode\n"),
320 gnupg_compliance_option_string (opt.compliance));
321 write_status_error ("random-compliance", rc);
324 #endif /*HAVE_W32_SYSTEM*/
329 if (!rc && flag_for_card && !did_early_card_test)
331 /* Request the serial number of the card for an early test. */
332 struct agent_card_info_s info;
334 memset (&info, 0, sizeof info);
336 if (!(flag_for_card & FLAG_FOR_CARD_SUPPRESS_ERRORS))
337 rc = warn_version_mismatch (agent_ctx, SCDAEMON_NAME, 2);
339 rc = assuan_transact (agent_ctx, "SCD SERIALNO openpgp",
340 NULL, NULL, NULL, NULL,
341 learn_status_cb, &info);
342 if (rc && !(flag_for_card & FLAG_FOR_CARD_SUPPRESS_ERRORS))
344 switch (gpg_err_code (rc))
346 case GPG_ERR_NOT_SUPPORTED:
347 case GPG_ERR_NO_SCDAEMON:
348 write_status_text (STATUS_CARDCTRL, "6");
350 case GPG_ERR_OBJ_TERM_STATE:
351 write_status_text (STATUS_CARDCTRL, "7");
354 write_status_text (STATUS_CARDCTRL, "4");
355 log_info ("selecting openpgp failed: %s\n", gpg_strerror (rc));
360 if (!rc && is_status_enabled () && info.serialno)
364 buf = xasprintf ("3 %s", info.serialno);
365 write_status_text (STATUS_CARDCTRL, buf);
369 agent_release_card_info (&info);
372 did_early_card_test = 1;
380 /* Return a new malloced string by unescaping the string S. Escaping
381 is percent escaping and '+'/space mapping. A binary nul will
382 silently be replaced by a 0xFF. Function returns NULL to indicate
383 an out of memory status. */
385 unescape_status_string (const unsigned char *s)
387 return percent_plus_unescape (s, 0xff);
391 /* Take a 20 or 32 byte hexencoded string and put it into the provided
392 * FPRLEN byte long buffer FPR in binary format. Returns the actual
393 * used length of the FPR buffer or 0 on error. */
395 unhexify_fpr (const char *hexstr, unsigned char *fpr, unsigned int fprlen)
400 for (s=hexstr, n=0; hexdigitp (s); s++, n++)
402 if ((*s && *s != ' ') || !(n == 40 || n == 64))
403 return 0; /* no fingerprint (invalid or wrong length). */
404 for (s=hexstr, n=0; *s && n < fprlen; s += 2, n++)
407 return (n == 20 || n == 32)? n : 0;
410 /* Take the serial number from LINE and return it verbatim in a newly
411 allocated string. We make sure that only hex characters are
414 store_serialno (const char *line)
419 for (s=line; hexdigitp (s); s++)
421 p = xtrymalloc (s + 1 - line);
424 memcpy (p, line, s-line);
432 /* This is a dummy data line callback. */
434 dummy_data_cb (void *opaque, const void *buffer, size_t length)
442 /* A simple callback used to return the serialnumber of a card. */
444 get_serialno_cb (void *opaque, const char *line)
446 char **serialno = opaque;
447 const char *keyword = line;
451 for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
453 while (spacep (line))
456 if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
459 return gpg_error (GPG_ERR_CONFLICT); /* Unexpected status line. */
460 for (n=0,s=line; hexdigitp (s); s++, n++)
462 if (!n || (n&1)|| !(spacep (s) || !*s) )
463 return gpg_error (GPG_ERR_ASS_PARAMETER);
464 *serialno = xtrymalloc (n+1);
466 return out_of_core ();
467 memcpy (*serialno, line, n);
476 /* Release the card info structure INFO. */
478 agent_release_card_info (struct agent_card_info_s *info)
485 xfree (info->reader); info->reader = NULL;
486 xfree (info->serialno); info->serialno = NULL;
487 xfree (info->apptype); info->apptype = NULL;
488 xfree (info->disp_name); info->disp_name = NULL;
489 xfree (info->disp_lang); info->disp_lang = NULL;
490 xfree (info->pubkey_url); info->pubkey_url = NULL;
491 xfree (info->login_data); info->login_data = NULL;
492 info->cafpr1len = info->cafpr2len = info->cafpr3len = 0;
493 info->fpr1len = info->fpr2len = info->fpr3len = 0;
494 for (i=0; i < DIM(info->private_do); i++)
496 xfree (info->private_do[i]);
497 info->private_do[i] = NULL;
503 learn_status_cb (void *opaque, const char *line)
505 struct agent_card_info_s *parm = opaque;
506 const char *keyword = line;
510 for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
512 while (spacep (line))
515 if (keywordlen == 6 && !memcmp (keyword, "READER", keywordlen))
517 xfree (parm->reader);
518 parm->reader = unescape_status_string (line);
520 else if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
522 xfree (parm->serialno);
523 parm->serialno = store_serialno (line);
524 parm->is_v2 = (strlen (parm->serialno) >= 16
525 && xtoi_2 (parm->serialno+12) >= 2 );
527 else if (keywordlen == 7 && !memcmp (keyword, "APPTYPE", keywordlen))
529 xfree (parm->apptype);
530 parm->apptype = unescape_status_string (line);
532 else if (keywordlen == 9 && !memcmp (keyword, "DISP-NAME", keywordlen))
534 xfree (parm->disp_name);
535 parm->disp_name = unescape_status_string (line);
537 else if (keywordlen == 9 && !memcmp (keyword, "DISP-LANG", keywordlen))
539 xfree (parm->disp_lang);
540 parm->disp_lang = unescape_status_string (line);
542 else if (keywordlen == 8 && !memcmp (keyword, "DISP-SEX", keywordlen))
544 parm->disp_sex = *line == '1'? 1 : *line == '2' ? 2: 0;
546 else if (keywordlen == 10 && !memcmp (keyword, "PUBKEY-URL", keywordlen))
548 xfree (parm->pubkey_url);
549 parm->pubkey_url = unescape_status_string (line);
551 else if (keywordlen == 10 && !memcmp (keyword, "LOGIN-DATA", keywordlen))
553 xfree (parm->login_data);
554 parm->login_data = unescape_status_string (line);
556 else if (keywordlen == 11 && !memcmp (keyword, "SIG-COUNTER", keywordlen))
558 parm->sig_counter = strtoul (line, NULL, 0);
560 else if (keywordlen == 10 && !memcmp (keyword, "CHV-STATUS", keywordlen))
564 buf = p = unescape_status_string (line);
569 parm->chv1_cached = atoi (p);
570 while (*p && !spacep (p))
574 for (i=0; *p && i < 3; i++)
576 parm->chvmaxlen[i] = atoi (p);
577 while (*p && !spacep (p))
582 for (i=0; *p && i < 3; i++)
584 parm->chvretry[i] = atoi (p);
585 while (*p && !spacep (p))
593 else if (keywordlen == 6 && !memcmp (keyword, "EXTCAP", keywordlen))
598 buf = p = unescape_status_string (line);
601 for (p = strtok (buf, " "); p; p = strtok (NULL, " "))
603 p2 = strchr (p, '=');
607 abool = (*p2 == '1');
608 if (!strcmp (p, "ki"))
609 parm->extcap.ki = abool;
610 else if (!strcmp (p, "aac"))
611 parm->extcap.aac = abool;
612 else if (!strcmp (p, "bt"))
613 parm->extcap.bt = abool;
614 else if (!strcmp (p, "kdf"))
615 parm->extcap.kdf = abool;
616 else if (!strcmp (p, "si"))
617 parm->status_indicator = strtoul (p2, NULL, 10);
623 else if (keywordlen == 7 && !memcmp (keyword, "KEY-FPR", keywordlen))
625 int no = atoi (line);
626 while (*line && !spacep (line))
628 while (spacep (line))
631 parm->fpr1len = unhexify_fpr (line, parm->fpr1, sizeof parm->fpr1);
633 parm->fpr2len = unhexify_fpr (line, parm->fpr2, sizeof parm->fpr2);
635 parm->fpr3len = unhexify_fpr (line, parm->fpr3, sizeof parm->fpr3);
637 else if (keywordlen == 8 && !memcmp (keyword, "KEY-TIME", keywordlen))
639 int no = atoi (line);
640 while (* line && !spacep (line))
642 while (spacep (line))
645 parm->fpr1time = strtoul (line, NULL, 10);
647 parm->fpr2time = strtoul (line, NULL, 10);
649 parm->fpr3time = strtoul (line, NULL, 10);
651 else if (keywordlen == 11 && !memcmp (keyword, "KEYPAIRINFO", keywordlen))
653 const char *hexgrp = line;
656 while (*line && !spacep (line))
658 while (spacep (line))
660 if (strncmp (line, "OPENPGP.", 8))
662 else if ((no = atoi (line+8)) == 1)
663 unhexify_fpr (hexgrp, parm->grp1, sizeof parm->grp1);
665 unhexify_fpr (hexgrp, parm->grp2, sizeof parm->grp2);
667 unhexify_fpr (hexgrp, parm->grp3, sizeof parm->grp3);
669 else if (keywordlen == 6 && !memcmp (keyword, "CA-FPR", keywordlen))
671 int no = atoi (line);
672 while (*line && !spacep (line))
674 while (spacep (line))
677 parm->cafpr1len = unhexify_fpr (line, parm->cafpr1,sizeof parm->cafpr1);
679 parm->cafpr2len = unhexify_fpr (line, parm->cafpr2,sizeof parm->cafpr2);
681 parm->cafpr3len = unhexify_fpr (line, parm->cafpr3,sizeof parm->cafpr3);
683 else if (keywordlen == 8 && !memcmp (keyword, "KEY-ATTR", keywordlen))
686 int algo = PUBKEY_ALGO_RSA;
689 sscanf (line, "%d %d %n", &keyno, &algo, &n);
691 if (keyno < 0 || keyno >= DIM (parm->key_attr))
694 parm->key_attr[keyno].algo = algo;
695 if (algo == PUBKEY_ALGO_RSA)
696 parm->key_attr[keyno].nbits = strtoul (line+n+3, NULL, 10);
697 else if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA
698 || algo == PUBKEY_ALGO_EDDSA)
699 parm->key_attr[keyno].curve = openpgp_is_curve_supported (line + n,
702 else if (keywordlen == 12 && !memcmp (keyword, "PRIVATE-DO-", 11)
703 && strchr("1234", keyword[11]))
705 int no = keyword[11] - '1';
706 log_assert (no >= 0 && no <= 3);
707 xfree (parm->private_do[no]);
708 parm->private_do[no] = unescape_status_string (line);
714 /* Call the scdaemon to learn about a smartcard */
716 agent_scd_learn (struct agent_card_info_s *info, int force)
719 struct default_inq_parm_s parm;
720 struct agent_card_info_s dummyinfo;
724 memset (info, 0, sizeof *info);
725 memset (&parm, 0, sizeof parm);
727 rc = start_agent (NULL, 1);
731 parm.ctx = agent_ctx;
732 rc = assuan_transact (agent_ctx,
733 force ? "LEARN --sendinfo --force" : "LEARN --sendinfo",
734 dummy_data_cb, NULL, default_inq_cb, &parm,
735 learn_status_cb, info);
736 /* Also try to get the key attributes. */
738 agent_scd_getattr ("KEY-ATTR", info);
740 if (info == &dummyinfo)
741 agent_release_card_info (info);
747 /* Send an APDU to the current card. On success the status word is
748 stored at R_SW. With HEXAPDU being NULL only a RESET command is
749 send to scd. With HEXAPDU being the string "undefined" the command
750 "SERIALNO undefined" is send to scd. */
752 agent_scd_apdu (const char *hexapdu, unsigned int *r_sw)
756 /* Start the agent but not with the card flag so that we do not
757 autoselect the openpgp application. */
758 err = start_agent (NULL, 0);
764 err = assuan_transact (agent_ctx, "SCD RESET",
765 NULL, NULL, NULL, NULL, NULL, NULL);
768 else if (!strcmp (hexapdu, "undefined"))
770 err = assuan_transact (agent_ctx, "SCD SERIALNO undefined",
771 NULL, NULL, NULL, NULL, NULL, NULL);
775 char line[ASSUAN_LINELENGTH];
780 init_membuf (&mb, 256);
782 snprintf (line, DIM(line), "SCD APDU %s", hexapdu);
783 err = assuan_transact (agent_ctx, line,
784 put_membuf_cb, &mb, NULL, NULL, NULL, NULL);
787 data = get_membuf (&mb, &datalen);
789 err = gpg_error_from_syserror ();
790 else if (datalen < 2) /* Ooops */
791 err = gpg_error (GPG_ERR_CARD);
794 *r_sw = buf16_to_uint (data+datalen-2);
805 agent_keytocard (const char *hexgrip, int keyno, int force,
806 const char *serialno, const char *timestamp)
809 char line[ASSUAN_LINELENGTH];
810 struct default_inq_parm_s parm;
812 memset (&parm, 0, sizeof parm);
814 snprintf (line, DIM(line), "KEYTOCARD %s%s %s OPENPGP.%d %s",
815 force?"--force ": "", hexgrip, serialno, keyno, timestamp);
817 rc = start_agent (NULL, 1);
820 parm.ctx = agent_ctx;
822 rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, &parm,
832 /* Call the agent to retrieve a data object. This function returns
833 the data in the same structure as used by the learn command. It is
834 allowed to update such a structure using this command. */
836 agent_scd_getattr (const char *name, struct agent_card_info_s *info)
839 char line[ASSUAN_LINELENGTH];
840 struct default_inq_parm_s parm;
842 memset (&parm, 0, sizeof parm);
845 return gpg_error (GPG_ERR_INV_VALUE);
847 /* We assume that NAME does not need escaping. */
848 if (12 + strlen (name) > DIM(line)-1)
849 return gpg_error (GPG_ERR_TOO_LARGE);
850 stpcpy (stpcpy (line, "SCD GETATTR "), name);
852 rc = start_agent (NULL, 1);
856 parm.ctx = agent_ctx;
857 rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, &parm,
858 learn_status_cb, info);
864 /* Send an setattr command to the SCdaemon. SERIALNO is not actually
865 used here but required by gpg 1.4's implementation of this code in
868 agent_scd_setattr (const char *name,
869 const unsigned char *value, size_t valuelen,
870 const char *serialno)
873 char line[ASSUAN_LINELENGTH];
875 struct default_inq_parm_s parm;
877 memset (&parm, 0, sizeof parm);
881 if (!*name || !valuelen)
882 return gpg_error (GPG_ERR_INV_VALUE);
884 /* We assume that NAME does not need escaping. */
885 if (12 + strlen (name) > DIM(line)-1)
886 return gpg_error (GPG_ERR_TOO_LARGE);
888 p = stpcpy (stpcpy (line, "SCD SETATTR "), name);
890 for (; valuelen; value++, valuelen--)
892 if (p >= line + DIM(line)-5 )
893 return gpg_error (GPG_ERR_TOO_LARGE);
894 if (*value < ' ' || *value == '+' || *value == '%')
896 sprintf (p, "%%%02X", *value);
899 else if (*value == ' ')
906 rc = start_agent (NULL, 1);
909 parm.ctx = agent_ctx;
910 rc = assuan_transact (agent_ctx, line, NULL, NULL,
911 default_inq_cb, &parm, NULL, NULL);
914 status_sc_op_failure (rc);
920 /* Handle a CERTDATA inquiry. Note, we only send the data,
921 assuan_transact takes care of flushing and writing the END
924 inq_writecert_parms (void *opaque, const char *line)
927 struct writecert_parm_s *parm = opaque;
929 if (has_leading_keyword (line, "CERTDATA"))
931 rc = assuan_send_data (parm->dflt->ctx,
932 parm->certdata, parm->certdatalen);
935 rc = default_inq_cb (parm->dflt, line);
941 /* Send a WRITECERT command to the SCdaemon. */
943 agent_scd_writecert (const char *certidstr,
944 const unsigned char *certdata, size_t certdatalen)
947 char line[ASSUAN_LINELENGTH];
948 struct writecert_parm_s parms;
949 struct default_inq_parm_s dfltparm;
951 memset (&dfltparm, 0, sizeof dfltparm);
953 rc = start_agent (NULL, 1);
957 memset (&parms, 0, sizeof parms);
959 snprintf (line, DIM(line), "SCD WRITECERT %s", certidstr);
960 dfltparm.ctx = agent_ctx;
961 parms.dflt = &dfltparm;
962 parms.certdata = certdata;
963 parms.certdatalen = certdatalen;
965 rc = assuan_transact (agent_ctx, line, NULL, NULL,
966 inq_writecert_parms, &parms, NULL, NULL);
973 /* Handle a KEYDATA inquiry. Note, we only send the data,
974 assuan_transact takes care of flushing and writing the end */
976 inq_writekey_parms (void *opaque, const char *line)
979 struct writekey_parm_s *parm = opaque;
981 if (has_leading_keyword (line, "KEYDATA"))
983 rc = assuan_send_data (parm->dflt->ctx, parm->keydata, parm->keydatalen);
986 rc = default_inq_cb (parm->dflt, line);
992 /* Send a WRITEKEY command to the SCdaemon. */
994 agent_scd_writekey (int keyno, const char *serialno,
995 const unsigned char *keydata, size_t keydatalen)
998 char line[ASSUAN_LINELENGTH];
999 struct writekey_parm_s parms;
1000 struct default_inq_parm_s dfltparm;
1002 memset (&dfltparm, 0, sizeof dfltparm);
1006 rc = start_agent (NULL, 1);
1010 memset (&parms, 0, sizeof parms);
1012 snprintf (line, DIM(line), "SCD WRITEKEY --force OPENPGP.%d", keyno);
1013 dfltparm.ctx = agent_ctx;
1014 parms.dflt = &dfltparm;
1015 parms.keydata = keydata;
1016 parms.keydatalen = keydatalen;
1018 rc = assuan_transact (agent_ctx, line, NULL, NULL,
1019 inq_writekey_parms, &parms, NULL, NULL);
1021 status_sc_op_failure (rc);
1027 /* Status callback for the SCD GENKEY command. */
1029 scd_genkey_cb (void *opaque, const char *line)
1031 u32 *createtime = opaque;
1032 const char *keyword = line;
1035 for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
1037 while (spacep (line))
1040 if (keywordlen == 14 && !memcmp (keyword,"KEY-CREATED-AT", keywordlen))
1042 *createtime = (u32)strtoul (line, NULL, 10);
1044 else if (keywordlen == 8 && !memcmp (keyword, "PROGRESS", keywordlen))
1046 write_status_text (STATUS_PROGRESS, line);
1052 /* Send a GENKEY command to the SCdaemon. If *CREATETIME is not 0,
1053 the value will be passed to SCDAEMON with --timestamp option so that
1054 the key is created with this. Otherwise, timestamp was generated by
1055 SCDEAMON. On success, creation time is stored back to
1058 agent_scd_genkey (int keyno, int force, u32 *createtime)
1061 char line[ASSUAN_LINELENGTH];
1062 gnupg_isotime_t tbuf;
1063 struct default_inq_parm_s dfltparm;
1065 memset (&dfltparm, 0, sizeof dfltparm);
1067 rc = start_agent (NULL, 1);
1072 epoch2isotime (tbuf, *createtime);
1076 snprintf (line, DIM(line), "SCD GENKEY %s%s %s %d",
1077 *tbuf? "--timestamp=":"", tbuf,
1078 force? "--force":"",
1081 dfltparm.ctx = agent_ctx;
1082 rc = assuan_transact (agent_ctx, line,
1083 NULL, NULL, default_inq_cb, &dfltparm,
1084 scd_genkey_cb, createtime);
1086 status_sc_op_failure (rc);
1090 /* Return the serial number of the card or an appropriate error. The
1091 serial number is returned as a hexstring. */
1093 agent_scd_serialno (char **r_serialno, const char *demand)
1096 char *serialno = NULL;
1097 char line[ASSUAN_LINELENGTH];
1099 err = start_agent (NULL, 1 | FLAG_FOR_CARD_SUPPRESS_ERRORS);
1104 strcpy (line, "SCD SERIALNO");
1106 snprintf (line, DIM(line), "SCD SERIALNO --demand=%s", demand);
1108 err = assuan_transact (agent_ctx, line,
1109 NULL, NULL, NULL, NULL,
1110 get_serialno_cb, &serialno);
1117 *r_serialno = serialno;
1121 /* Send a READCERT command to the SCdaemon. */
1123 agent_scd_readcert (const char *certidstr,
1124 void **r_buf, size_t *r_buflen)
1127 char line[ASSUAN_LINELENGTH];
1130 struct default_inq_parm_s dfltparm;
1132 memset (&dfltparm, 0, sizeof dfltparm);
1135 rc = start_agent (NULL, 1);
1139 dfltparm.ctx = agent_ctx;
1141 init_membuf (&data, 2048);
1143 snprintf (line, DIM(line), "SCD READCERT %s", certidstr);
1144 rc = assuan_transact (agent_ctx, line,
1145 put_membuf_cb, &data,
1146 default_inq_cb, &dfltparm,
1150 xfree (get_membuf (&data, &len));
1153 *r_buf = get_membuf (&data, r_buflen);
1155 return gpg_error (GPG_ERR_ENOMEM);
1160 struct card_cardlist_parm_s {
1166 /* Callback function for agent_card_cardlist. */
1168 card_cardlist_cb (void *opaque, const char *line)
1170 struct card_cardlist_parm_s *parm = opaque;
1171 const char *keyword = line;
1174 for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
1176 while (spacep (line))
1179 if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
1184 for (n=0,s=line; hexdigitp (s); s++, n++)
1187 if (!n || (n&1) || *s)
1188 parm->error = gpg_error (GPG_ERR_ASS_PARAMETER);
1190 add_to_strlist (&parm->list, line);
1196 /* Return cardlist. */
1198 agent_scd_cardlist (strlist_t *result)
1201 char line[ASSUAN_LINELENGTH];
1202 struct card_cardlist_parm_s parm;
1204 memset (&parm, 0, sizeof parm);
1206 err = start_agent (NULL, 1);
1210 strcpy (line, "SCD GETINFO card_list");
1212 err = assuan_transact (agent_ctx, line,
1213 NULL, NULL, NULL, NULL,
1214 card_cardlist_cb, &parm);
1215 if (!err && parm.error)
1219 *result = parm.list;
1221 free_strlist (parm.list);
1226 /* Change the PIN of an OpenPGP card or reset the retry counter.
1227 CHVNO 1: Change the PIN
1228 2: For v1 cards: Same as 1.
1229 For v2 cards: Reset the PIN using the Reset Code.
1230 3: Change the admin PIN
1231 101: Set a new PIN and reset the retry counter
1232 102: For v1 cars: Same as 101.
1233 For v2 cards: Set a new Reset Code.
1234 SERIALNO is not used.
1237 agent_scd_change_pin (int chvno, const char *serialno)
1240 char line[ASSUAN_LINELENGTH];
1241 const char *reset = "";
1242 struct default_inq_parm_s dfltparm;
1244 memset (&dfltparm, 0, sizeof dfltparm);
1252 rc = start_agent (NULL, 1);
1255 dfltparm.ctx = agent_ctx;
1257 snprintf (line, DIM(line), "SCD PASSWD %s %d", reset, chvno);
1258 rc = assuan_transact (agent_ctx, line,
1260 default_inq_cb, &dfltparm,
1262 status_sc_op_failure (rc);
1267 /* Perform a CHECKPIN operation. SERIALNO should be the serial
1268 number of the card - optionally followed by the fingerprint;
1269 however the fingerprint is ignored here. */
1271 agent_scd_checkpin (const char *serialno)
1274 char line[ASSUAN_LINELENGTH];
1275 struct default_inq_parm_s dfltparm;
1277 memset (&dfltparm, 0, sizeof dfltparm);
1279 rc = start_agent (NULL, 1);
1282 dfltparm.ctx = agent_ctx;
1284 snprintf (line, DIM(line), "SCD CHECKPIN %s", serialno);
1285 rc = assuan_transact (agent_ctx, line,
1287 default_inq_cb, &dfltparm,
1289 status_sc_op_failure (rc);
1294 /* Dummy function, only used by the gpg 1.4 implementation. */
1296 agent_clear_pin_cache (const char *sn)
1304 /* Note: All strings shall be UTF-8. On success the caller needs to
1305 free the string stored at R_PASSPHRASE. On error NULL will be
1306 stored at R_PASSPHRASE and an appropriate fpf error code
1309 agent_get_passphrase (const char *cache_id,
1310 const char *err_msg,
1312 const char *desc_msg,
1315 char **r_passphrase)
1318 char line[ASSUAN_LINELENGTH];
1324 struct default_inq_parm_s dfltparm;
1326 memset (&dfltparm, 0, sizeof dfltparm);
1328 *r_passphrase = NULL;
1330 rc = start_agent (NULL, 0);
1333 dfltparm.ctx = agent_ctx;
1335 /* Check that the gpg-agent understands the repeat option. */
1336 if (assuan_transact (agent_ctx,
1337 "GETINFO cmd_has_option GET_PASSPHRASE repeat",
1338 NULL, NULL, NULL, NULL, NULL, NULL))
1339 return gpg_error (GPG_ERR_NOT_SUPPORTED);
1341 if (cache_id && *cache_id)
1342 if (!(arg1 = percent_plus_escape (cache_id)))
1344 if (err_msg && *err_msg)
1345 if (!(arg2 = percent_plus_escape (err_msg)))
1347 if (prompt && *prompt)
1348 if (!(arg3 = percent_plus_escape (prompt)))
1350 if (desc_msg && *desc_msg)
1351 if (!(arg4 = percent_plus_escape (desc_msg)))
1354 snprintf (line, DIM(line),
1355 "GET_PASSPHRASE --data --repeat=%d%s -- %s %s %s %s",
1357 check? " --check --qualitybar":"",
1367 init_membuf_secure (&data, 64);
1368 rc = assuan_transact (agent_ctx, line,
1369 put_membuf_cb, &data,
1370 default_inq_cb, &dfltparm,
1374 xfree (get_membuf (&data, NULL));
1377 put_membuf (&data, "", 1);
1378 *r_passphrase = get_membuf (&data, NULL);
1380 rc = gpg_error_from_syserror ();
1384 rc = gpg_error_from_syserror ();
1394 agent_clear_passphrase (const char *cache_id)
1397 char line[ASSUAN_LINELENGTH];
1398 struct default_inq_parm_s dfltparm;
1400 memset (&dfltparm, 0, sizeof dfltparm);
1402 if (!cache_id || !*cache_id)
1405 rc = start_agent (NULL, 0);
1408 dfltparm.ctx = agent_ctx;
1410 snprintf (line, DIM(line), "CLEAR_PASSPHRASE %s", cache_id);
1411 return assuan_transact (agent_ctx, line,
1413 default_inq_cb, &dfltparm,
1418 /* Ask the agent to pop up a confirmation dialog with the text DESC
1419 and an okay and cancel button. */
1421 gpg_agent_get_confirmation (const char *desc)
1425 char line[ASSUAN_LINELENGTH];
1426 struct default_inq_parm_s dfltparm;
1428 memset (&dfltparm, 0, sizeof dfltparm);
1430 rc = start_agent (NULL, 0);
1433 dfltparm.ctx = agent_ctx;
1435 tmp = percent_plus_escape (desc);
1437 return gpg_error_from_syserror ();
1438 snprintf (line, DIM(line), "GET_CONFIRMATION %s", tmp);
1441 rc = assuan_transact (agent_ctx, line,
1443 default_inq_cb, &dfltparm,
1449 /* Return the S2K iteration count as computed by gpg-agent. */
1451 agent_get_s2k_count (unsigned long *r_count)
1459 err = start_agent (NULL, 0);
1463 init_membuf (&data, 32);
1464 err = assuan_transact (agent_ctx, "GETINFO s2k_count",
1465 put_membuf_cb, &data,
1466 NULL, NULL, NULL, NULL);
1468 xfree (get_membuf (&data, NULL));
1471 put_membuf (&data, "", 1);
1472 buf = get_membuf (&data, NULL);
1474 err = gpg_error_from_syserror ();
1477 *r_count = strtoul (buf, NULL, 10);
1486 /* Ask the agent whether a secret key for the given public key is
1487 available. Returns 0 if available. */
1489 agent_probe_secret_key (ctrl_t ctrl, PKT_public_key *pk)
1492 char line[ASSUAN_LINELENGTH];
1495 err = start_agent (ctrl, 0);
1499 err = hexkeygrip_from_pk (pk, &hexgrip);
1503 snprintf (line, sizeof line, "HAVEKEY %s", hexgrip);
1506 err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
1510 /* Ask the agent whether a secret key is available for any of the
1511 keys (primary or sub) in KEYBLOCK. Returns 0 if available. */
1513 agent_probe_any_secret_key (ctrl_t ctrl, kbnode_t keyblock)
1516 char line[ASSUAN_LINELENGTH];
1518 kbnode_t kbctx, node;
1520 unsigned char grip[KEYGRIP_LEN];
1522 err = start_agent (ctrl, 0);
1526 err = gpg_error (GPG_ERR_NO_SECKEY); /* Just in case no key was
1527 found in KEYBLOCK. */
1528 p = stpcpy (line, "HAVEKEY");
1529 for (kbctx=NULL, nkeys=0; (node = walk_kbnode (keyblock, &kbctx, 0)); )
1530 if (node->pkt->pkttype == PKT_PUBLIC_KEY
1531 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY
1532 || node->pkt->pkttype == PKT_SECRET_KEY
1533 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
1535 if (nkeys && ((p - line) + 41) > (ASSUAN_LINELENGTH - 2))
1537 err = assuan_transact (agent_ctx, line,
1538 NULL, NULL, NULL, NULL, NULL, NULL);
1539 if (err != gpg_err_code (GPG_ERR_NO_SECKEY))
1540 break; /* Seckey available or unexpected error - ready. */
1541 p = stpcpy (line, "HAVEKEY");
1545 err = keygrip_from_pk (node->pkt->pkt.public_key, grip);
1549 bin2hex (grip, 20, p);
1555 err = assuan_transact (agent_ctx, line,
1556 NULL, NULL, NULL, NULL, NULL, NULL);
1563 struct keyinfo_data_parm_s
1571 keyinfo_status_cb (void *opaque, const char *line)
1573 struct keyinfo_data_parm_s *data = opaque;
1577 if ((s = has_leading_keyword (line, "KEYINFO")) && data)
1579 /* Parse the arguments:
1581 * <keygrip> <type> <serialno> <idstr> <cached> <protection>
1585 if (split_fields (s, fields, DIM (fields)) == 6)
1587 is_smartcard = (fields[1][0] == 'T');
1588 if (is_smartcard && !data->serialno && strcmp (fields[2], "-"))
1589 data->serialno = xtrystrdup (fields[2]);
1590 /* 'P' for protected, 'C' for clear */
1591 data->cleartext = (fields[5][0] == 'C');
1598 /* Return the serial number for a secret key. If the returned serial
1599 number is NULL, the key is not stored on a smartcard. Caller needs
1602 if r_cleartext is not NULL, the referenced int will be set to 1 if
1603 the agent's copy of the key is stored in the clear, or 0 otherwise
1606 agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip,
1607 char **r_serialno, int *r_cleartext)
1610 char line[ASSUAN_LINELENGTH];
1611 struct keyinfo_data_parm_s keyinfo;
1613 memset (&keyinfo, 0,sizeof keyinfo);
1617 err = start_agent (ctrl, 0);
1621 if (!hexkeygrip || strlen (hexkeygrip) != 40)
1622 return gpg_error (GPG_ERR_INV_VALUE);
1624 snprintf (line, DIM(line), "KEYINFO %s", hexkeygrip);
1626 err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL,
1627 keyinfo_status_cb, &keyinfo);
1628 if (!err && keyinfo.serialno)
1630 /* Sanity check for bad characters. */
1631 if (strpbrk (keyinfo.serialno, ":\n\r"))
1632 err = GPG_ERR_INV_VALUE;
1635 xfree (keyinfo.serialno);
1638 *r_serialno = keyinfo.serialno;
1640 *r_cleartext = keyinfo.cleartext;
1646 /* Status callback for agent_import_key, agent_export_key and
1649 cache_nonce_status_cb (void *opaque, const char *line)
1651 struct cache_nonce_parm_s *parm = opaque;
1654 if ((s = has_leading_keyword (line, "CACHE_NONCE")))
1656 if (parm->cache_nonce_addr)
1658 xfree (*parm->cache_nonce_addr);
1659 *parm->cache_nonce_addr = xtrystrdup (s);
1662 else if ((s = has_leading_keyword (line, "PASSWD_NONCE")))
1664 if (parm->passwd_nonce_addr)
1666 xfree (*parm->passwd_nonce_addr);
1667 *parm->passwd_nonce_addr = xtrystrdup (s);
1670 else if ((s = has_leading_keyword (line, "PROGRESS")))
1672 if (opt.enable_progress_filter)
1673 write_status_text (STATUS_PROGRESS, s);
1681 /* Handle a KEYPARMS inquiry. Note, we only send the data,
1682 assuan_transact takes care of flushing and writing the end */
1684 inq_genkey_parms (void *opaque, const char *line)
1686 struct genkey_parm_s *parm = opaque;
1689 if (has_leading_keyword (line, "KEYPARAM"))
1691 err = assuan_send_data (parm->dflt->ctx,
1692 parm->keyparms, strlen (parm->keyparms));
1694 else if (has_leading_keyword (line, "NEWPASSWD") && parm->passphrase)
1696 err = assuan_send_data (parm->dflt->ctx,
1697 parm->passphrase, strlen (parm->passphrase));
1700 err = default_inq_cb (parm->dflt, line);
1706 /* Call the agent to generate a new key. KEYPARMS is the usual
1707 S-expression giving the parameters of the key. gpg-agent passes it
1708 gcry_pk_genkey. If NO_PROTECTION is true the agent is advised not
1709 to protect the generated key. If NO_PROTECTION is not set and
1710 PASSPHRASE is not NULL the agent is requested to protect the key
1711 with that passphrase instead of asking for one. */
1713 agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, char **passwd_nonce_addr,
1714 const char *keyparms, int no_protection,
1715 const char *passphrase, gcry_sexp_t *r_pubkey)
1718 struct genkey_parm_s gk_parm;
1719 struct cache_nonce_parm_s cn_parm;
1720 struct default_inq_parm_s dfltparm;
1724 char line[ASSUAN_LINELENGTH];
1726 memset (&dfltparm, 0, sizeof dfltparm);
1727 dfltparm.ctrl = ctrl;
1730 err = start_agent (ctrl, 0);
1733 dfltparm.ctx = agent_ctx;
1735 if (passwd_nonce_addr && *passwd_nonce_addr)
1736 ; /* A RESET would flush the passwd nonce cache. */
1739 err = assuan_transact (agent_ctx, "RESET",
1740 NULL, NULL, NULL, NULL, NULL, NULL);
1745 init_membuf (&data, 1024);
1746 gk_parm.dflt = &dfltparm;
1747 gk_parm.keyparms = keyparms;
1748 gk_parm.passphrase = passphrase;
1749 snprintf (line, sizeof line, "GENKEY%s%s%s%s%s",
1750 no_protection? " --no-protection" :
1751 passphrase ? " --inq-passwd" :
1753 passwd_nonce_addr && *passwd_nonce_addr? " --passwd-nonce=":"",
1754 passwd_nonce_addr && *passwd_nonce_addr? *passwd_nonce_addr:"",
1755 cache_nonce_addr && *cache_nonce_addr? " ":"",
1756 cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"");
1757 cn_parm.cache_nonce_addr = cache_nonce_addr;
1758 cn_parm.passwd_nonce_addr = NULL;
1759 err = assuan_transact (agent_ctx, line,
1760 put_membuf_cb, &data,
1761 inq_genkey_parms, &gk_parm,
1762 cache_nonce_status_cb, &cn_parm);
1765 xfree (get_membuf (&data, &len));
1769 buf = get_membuf (&data, &len);
1771 err = gpg_error_from_syserror ();
1774 err = gcry_sexp_sscan (r_pubkey, NULL, buf, len);
1782 /* Call the agent to read the public key part for a given keygrip. If
1783 FROMCARD is true, the key is directly read from the current
1784 smartcard. In this case HEXKEYGRIP should be the keyID
1785 (e.g. OPENPGP.3). */
1787 agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
1788 unsigned char **r_pubkey)
1794 char line[ASSUAN_LINELENGTH];
1795 struct default_inq_parm_s dfltparm;
1797 memset (&dfltparm, 0, sizeof dfltparm);
1798 dfltparm.ctrl = ctrl;
1801 err = start_agent (ctrl, 0);
1804 dfltparm.ctx = agent_ctx;
1806 err = assuan_transact (agent_ctx, "RESET",NULL, NULL, NULL, NULL, NULL, NULL);
1810 snprintf (line, DIM(line), "READKEY %s%s", fromcard? "--card ":"",
1813 init_membuf (&data, 1024);
1814 err = assuan_transact (agent_ctx, line,
1815 put_membuf_cb, &data,
1816 default_inq_cb, &dfltparm,
1820 xfree (get_membuf (&data, &len));
1823 buf = get_membuf (&data, &len);
1825 return gpg_error_from_syserror ();
1826 if (!gcry_sexp_canon_len (buf, len, NULL, NULL))
1829 return gpg_error (GPG_ERR_INV_SEXP);
1837 /* Call the agent to do a sign operation using the key identified by
1838 the hex string KEYGRIP. DESC is a description of the key to be
1839 displayed if the agent needs to ask for the PIN. DIGEST and
1840 DIGESTLEN is the hash value to sign and DIGESTALGO the algorithm id
1841 used to compute the digest. If CACHE_NONCE is used the agent is
1842 advised to first try a passphrase associated with that nonce. */
1844 agent_pksign (ctrl_t ctrl, const char *cache_nonce,
1845 const char *keygrip, const char *desc,
1846 u32 *keyid, u32 *mainkeyid, int pubkey_algo,
1847 unsigned char *digest, size_t digestlen, int digestalgo,
1848 gcry_sexp_t *r_sigval)
1851 char line[ASSUAN_LINELENGTH];
1853 struct default_inq_parm_s dfltparm;
1855 memset (&dfltparm, 0, sizeof dfltparm);
1856 dfltparm.ctrl = ctrl;
1857 dfltparm.keyinfo.keyid = keyid;
1858 dfltparm.keyinfo.mainkeyid = mainkeyid;
1859 dfltparm.keyinfo.pubkey_algo = pubkey_algo;
1862 err = start_agent (ctrl, 0);
1865 dfltparm.ctx = agent_ctx;
1867 if (digestlen*2 + 50 > DIM(line))
1868 return gpg_error (GPG_ERR_GENERAL);
1870 err = assuan_transact (agent_ctx, "RESET",
1871 NULL, NULL, NULL, NULL, NULL, NULL);
1875 snprintf (line, DIM(line), "SIGKEY %s", keygrip);
1876 err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
1882 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
1883 err = assuan_transact (agent_ctx, line,
1884 NULL, NULL, NULL, NULL, NULL, NULL);
1889 snprintf (line, sizeof line, "SETHASH %d ", digestalgo);
1890 bin2hex (digest, digestlen, line + strlen (line));
1891 err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
1895 init_membuf (&data, 1024);
1897 snprintf (line, sizeof line, "PKSIGN%s%s",
1898 cache_nonce? " -- ":"",
1899 cache_nonce? cache_nonce:"");
1902 log_clock ("enter signing");
1903 err = assuan_transact (agent_ctx, line,
1904 put_membuf_cb, &data,
1905 default_inq_cb, &dfltparm,
1908 log_clock ("leave signing");
1911 xfree (get_membuf (&data, NULL));
1917 buf = get_membuf (&data, &len);
1919 err = gpg_error_from_syserror ();
1922 err = gcry_sexp_sscan (r_sigval, NULL, buf, len);
1931 /* Handle a CIPHERTEXT inquiry. Note, we only send the data,
1932 assuan_transact takes care of flushing and writing the END. */
1934 inq_ciphertext_cb (void *opaque, const char *line)
1936 struct cipher_parm_s *parm = opaque;
1939 if (has_leading_keyword (line, "CIPHERTEXT"))
1941 assuan_begin_confidential (parm->ctx);
1942 rc = assuan_send_data (parm->dflt->ctx,
1943 parm->ciphertext, parm->ciphertextlen);
1944 assuan_end_confidential (parm->ctx);
1947 rc = default_inq_cb (parm->dflt, line);
1953 /* Check whether there is any padding info from the agent. */
1955 padding_info_cb (void *opaque, const char *line)
1957 int *r_padding = opaque;
1960 if ((s=has_leading_keyword (line, "PADDING")))
1962 *r_padding = atoi (s);
1969 /* Call the agent to do a decrypt operation using the key identified
1970 by the hex string KEYGRIP and the input data S_CIPHERTEXT. On the
1971 success the decoded value is stored verbatim at R_BUF and its
1972 length at R_BUF; the callers needs to release it. KEYID, MAINKEYID
1973 and PUBKEY_ALGO are used to construct additional promots or status
1974 messages. The padding information is stored at R_PADDING with -1
1977 agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
1978 u32 *keyid, u32 *mainkeyid, int pubkey_algo,
1979 gcry_sexp_t s_ciphertext,
1980 unsigned char **r_buf, size_t *r_buflen, int *r_padding)
1983 char line[ASSUAN_LINELENGTH];
1986 char *p, *buf, *endp;
1987 struct default_inq_parm_s dfltparm;
1989 memset (&dfltparm, 0, sizeof dfltparm);
1990 dfltparm.ctrl = ctrl;
1991 dfltparm.keyinfo.keyid = keyid;
1992 dfltparm.keyinfo.mainkeyid = mainkeyid;
1993 dfltparm.keyinfo.pubkey_algo = pubkey_algo;
1995 if (!keygrip || strlen(keygrip) != 40
1996 || !s_ciphertext || !r_buf || !r_buflen || !r_padding)
1997 return gpg_error (GPG_ERR_INV_VALUE);
2002 err = start_agent (ctrl, 0);
2005 dfltparm.ctx = agent_ctx;
2007 err = assuan_transact (agent_ctx, "RESET",
2008 NULL, NULL, NULL, NULL, NULL, NULL);
2012 snprintf (line, sizeof line, "SETKEY %s", keygrip);
2013 err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
2019 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
2020 err = assuan_transact (agent_ctx, line,
2021 NULL, NULL, NULL, NULL, NULL, NULL);
2026 init_membuf_secure (&data, 1024);
2028 struct cipher_parm_s parm;
2030 parm.dflt = &dfltparm;
2031 parm.ctx = agent_ctx;
2032 err = make_canon_sexp (s_ciphertext, &parm.ciphertext, &parm.ciphertextlen);
2035 err = assuan_transact (agent_ctx, "PKDECRYPT",
2036 put_membuf_cb, &data,
2037 inq_ciphertext_cb, &parm,
2038 padding_info_cb, r_padding);
2039 xfree (parm.ciphertext);
2043 xfree (get_membuf (&data, &len));
2047 put_membuf (&data, "", 1); /* Make sure it is 0 terminated. */
2048 buf = get_membuf (&data, &len);
2050 return gpg_error_from_syserror ();
2051 log_assert (len); /* (we forced Nul termination.) */
2056 return gpg_error (GPG_ERR_INV_SEXP);
2059 if (len < 13 || memcmp (buf, "(5:value", 8) ) /* "(5:valueN:D)\0" */
2062 return gpg_error (GPG_ERR_INV_SEXP);
2064 len -= 10; /* Count only the data of the second part. */
2065 p = buf + 8; /* Skip leading parenthesis and the value tag. */
2067 n = strtoul (p, &endp, 10);
2068 if (!n || *endp != ':')
2071 return gpg_error (GPG_ERR_INV_SEXP);
2077 return gpg_error (GPG_ERR_INV_SEXP); /* Oops: Inconsistent S-Exp. */
2080 memmove (buf, endp, n);
2089 /* Retrieve a key encryption key from the agent. With FOREXPORT true
2090 the key shall be used for export, with false for import. On success
2091 the new key is stored at R_KEY and its length at R_KEKLEN. */
2093 agent_keywrap_key (ctrl_t ctrl, int forexport, void **r_kek, size_t *r_keklen)
2099 char line[ASSUAN_LINELENGTH];
2100 struct default_inq_parm_s dfltparm;
2102 memset (&dfltparm, 0, sizeof dfltparm);
2103 dfltparm.ctrl = ctrl;
2106 err = start_agent (ctrl, 0);
2109 dfltparm.ctx = agent_ctx;
2111 snprintf (line, DIM(line), "KEYWRAP_KEY %s",
2112 forexport? "--export":"--import");
2114 init_membuf_secure (&data, 64);
2115 err = assuan_transact (agent_ctx, line,
2116 put_membuf_cb, &data,
2117 default_inq_cb, &dfltparm,
2121 xfree (get_membuf (&data, &len));
2124 buf = get_membuf (&data, &len);
2126 return gpg_error_from_syserror ();
2134 /* Handle the inquiry for an IMPORT_KEY command. */
2136 inq_import_key_parms (void *opaque, const char *line)
2138 struct import_key_parm_s *parm = opaque;
2141 if (has_leading_keyword (line, "KEYDATA"))
2143 err = assuan_send_data (parm->dflt->ctx, parm->key, parm->keylen);
2146 err = default_inq_cb (parm->dflt, line);
2152 /* Call the agent to import a key into the agent. */
2154 agent_import_key (ctrl_t ctrl, const char *desc, char **cache_nonce_addr,
2155 const void *key, size_t keylen, int unattended, int force,
2156 u32 *keyid, u32 *mainkeyid, int pubkey_algo)
2159 struct import_key_parm_s parm;
2160 struct cache_nonce_parm_s cn_parm;
2161 char line[ASSUAN_LINELENGTH];
2162 struct default_inq_parm_s dfltparm;
2164 memset (&dfltparm, 0, sizeof dfltparm);
2165 dfltparm.ctrl = ctrl;
2166 dfltparm.keyinfo.keyid = keyid;
2167 dfltparm.keyinfo.mainkeyid = mainkeyid;
2168 dfltparm.keyinfo.pubkey_algo = pubkey_algo;
2170 err = start_agent (ctrl, 0);
2173 dfltparm.ctx = agent_ctx;
2177 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
2178 err = assuan_transact (agent_ctx, line,
2179 NULL, NULL, NULL, NULL, NULL, NULL);
2184 parm.dflt = &dfltparm;
2186 parm.keylen = keylen;
2188 snprintf (line, sizeof line, "IMPORT_KEY%s%s%s%s",
2189 unattended? " --unattended":"",
2190 force? " --force":"",
2191 cache_nonce_addr && *cache_nonce_addr? " ":"",
2192 cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"");
2193 cn_parm.cache_nonce_addr = cache_nonce_addr;
2194 cn_parm.passwd_nonce_addr = NULL;
2195 err = assuan_transact (agent_ctx, line,
2197 inq_import_key_parms, &parm,
2198 cache_nonce_status_cb, &cn_parm);
2204 /* Receive a secret key from the agent. HEXKEYGRIP is the hexified
2205 keygrip, DESC a prompt to be displayed with the agent's passphrase
2206 question (needs to be plus+percent escaped). if OPENPGP_PROTECTED
2207 is not zero, ensure that the key material is returned in RFC
2208 4880-compatible passphrased-protected form. If CACHE_NONCE_ADDR is
2209 not NULL the agent is advised to first try a passphrase associated
2210 with that nonce. On success the key is stored as a canonical
2211 S-expression at R_RESULT and R_RESULTLEN. */
2213 agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
2214 int openpgp_protected, char **cache_nonce_addr,
2215 unsigned char **r_result, size_t *r_resultlen,
2216 u32 *keyid, u32 *mainkeyid, int pubkey_algo)
2219 struct cache_nonce_parm_s cn_parm;
2223 char line[ASSUAN_LINELENGTH];
2224 struct default_inq_parm_s dfltparm;
2226 memset (&dfltparm, 0, sizeof dfltparm);
2227 dfltparm.ctrl = ctrl;
2228 dfltparm.keyinfo.keyid = keyid;
2229 dfltparm.keyinfo.mainkeyid = mainkeyid;
2230 dfltparm.keyinfo.pubkey_algo = pubkey_algo;
2234 err = start_agent (ctrl, 0);
2237 dfltparm.ctx = agent_ctx;
2241 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
2242 err = assuan_transact (agent_ctx, line,
2243 NULL, NULL, NULL, NULL, NULL, NULL);
2248 snprintf (line, DIM(line), "EXPORT_KEY %s%s%s %s",
2249 openpgp_protected ? "--openpgp ":"",
2250 cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
2251 cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
2254 init_membuf_secure (&data, 1024);
2255 cn_parm.cache_nonce_addr = cache_nonce_addr;
2256 cn_parm.passwd_nonce_addr = NULL;
2257 err = assuan_transact (agent_ctx, line,
2258 put_membuf_cb, &data,
2259 default_inq_cb, &dfltparm,
2260 cache_nonce_status_cb, &cn_parm);
2263 xfree (get_membuf (&data, &len));
2266 buf = get_membuf (&data, &len);
2268 return gpg_error_from_syserror ();
2276 /* Ask the agent to delete the key identified by HEXKEYGRIP. If DESC
2277 is not NULL, display DESC instead of the default description
2278 message. If FORCE is true the agent is advised not to ask for
2281 agent_delete_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
2285 char line[ASSUAN_LINELENGTH];
2286 struct default_inq_parm_s dfltparm;
2288 memset (&dfltparm, 0, sizeof dfltparm);
2289 dfltparm.ctrl = ctrl;
2291 err = start_agent (ctrl, 0);
2295 if (!hexkeygrip || strlen (hexkeygrip) != 40)
2296 return gpg_error (GPG_ERR_INV_VALUE);
2300 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
2301 err = assuan_transact (agent_ctx, line,
2302 NULL, NULL, NULL, NULL, NULL, NULL);
2307 snprintf (line, DIM(line), "DELETE_KEY%s %s",
2308 force? " --force":"", hexkeygrip);
2309 err = assuan_transact (agent_ctx, line, NULL, NULL,
2310 default_inq_cb, &dfltparm,
2317 /* Ask the agent to change the passphrase of the key identified by
2318 * HEXKEYGRIP. If DESC is not NULL, display DESC instead of the
2319 * default description message. If CACHE_NONCE_ADDR is not NULL the
2320 * agent is advised to first try a passphrase associated with that
2321 * nonce. If PASSWD_NONCE_ADDR is not NULL the agent will try to use
2322 * the passphrase associated with that nonce for the new passphrase.
2323 * If VERIFY is true the passphrase is only verified. */
2325 agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, int verify,
2326 char **cache_nonce_addr, char **passwd_nonce_addr)
2329 struct cache_nonce_parm_s cn_parm;
2330 char line[ASSUAN_LINELENGTH];
2331 struct default_inq_parm_s dfltparm;
2333 memset (&dfltparm, 0, sizeof dfltparm);
2334 dfltparm.ctrl = ctrl;
2336 err = start_agent (ctrl, 0);
2339 dfltparm.ctx = agent_ctx;
2341 if (!hexkeygrip || strlen (hexkeygrip) != 40)
2342 return gpg_error (GPG_ERR_INV_VALUE);
2346 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
2347 err = assuan_transact (agent_ctx, line,
2348 NULL, NULL, NULL, NULL, NULL, NULL);
2354 snprintf (line, DIM(line), "PASSWD %s%s --verify %s",
2355 cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
2356 cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
2359 snprintf (line, DIM(line), "PASSWD %s%s %s%s %s",
2360 cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
2361 cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
2362 passwd_nonce_addr && *passwd_nonce_addr? "--passwd-nonce=":"",
2363 passwd_nonce_addr && *passwd_nonce_addr? *passwd_nonce_addr:"",
2365 cn_parm.cache_nonce_addr = cache_nonce_addr;
2366 cn_parm.passwd_nonce_addr = passwd_nonce_addr;
2367 err = assuan_transact (agent_ctx, line, NULL, NULL,
2368 default_inq_cb, &dfltparm,
2369 cache_nonce_status_cb, &cn_parm);
2374 /* Return the version reported by gpg-agent. */
2376 agent_get_version (ctrl_t ctrl, char **r_version)
2380 err = start_agent (ctrl, 0);
2384 err = get_assuan_server_version (agent_ctx, 0, r_version);
projects / gnupg.git / blob