1 /* call-agent.c - Divert GPG operations to the agent.
2 * Copyright (C) 2001-2003, 2006-2011, 2013 Free Software Foundation, Inc.
3 * Copyright (C) 2013-2015 Werner Koch
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
34 #include "../common/util.h"
35 #include "../common/membuf.h"
37 #include "../common/i18n.h"
38 #include "../common/asshelp.h"
39 #include "../common/sysutils.h"
40 #include "call-agent.h"
41 #include "../common/status.h"
42 #include "../common/shareddefs.h"
43 #include "../common/host2net.h"
45 #define CONTROL_D ('D' - 'A' + 1)
48 static assuan_context_t agent_ctx = NULL;
49 static int did_early_card_test;
51 struct default_inq_parm_s
64 struct default_inq_parm_s *dflt;
66 unsigned char *ciphertext;
70 struct writecert_parm_s
72 struct default_inq_parm_s *dflt;
73 const unsigned char *certdata;
77 struct writekey_parm_s
79 struct default_inq_parm_s *dflt;
80 const unsigned char *keydata;
86 struct default_inq_parm_s *dflt;
88 const char *passphrase;
91 struct import_key_parm_s
93 struct default_inq_parm_s *dflt;
99 struct cache_nonce_parm_s
101 char **cache_nonce_addr;
102 char **passwd_nonce_addr;
106 static gpg_error_t learn_status_cb (void *opaque, const char *line);
110 /* If RC is not 0, write an appropriate status message. */
112 status_sc_op_failure (int rc)
114 switch (gpg_err_code (rc))
118 case GPG_ERR_CANCELED:
119 case GPG_ERR_FULLY_CANCELED:
120 write_status_text (STATUS_SC_OP_FAILURE, "1");
122 case GPG_ERR_BAD_PIN:
123 write_status_text (STATUS_SC_OP_FAILURE, "2");
126 write_status (STATUS_SC_OP_FAILURE);
132 /* This is the default inquiry callback. It mainly handles the
133 Pinentry notifications. */
135 default_inq_cb (void *opaque, const char *line)
138 struct default_inq_parm_s *parm = opaque;
140 if (has_leading_keyword (line, "PINENTRY_LAUNCHED"))
142 err = gpg_proxy_pinentry_notify (parm->ctrl, line);
144 log_error (_("failed to proxy %s inquiry to client\n"),
145 "PINENTRY_LAUNCHED");
146 /* We do not pass errors to avoid breaking other code. */
148 else if ((has_leading_keyword (line, "PASSPHRASE")
149 || has_leading_keyword (line, "NEW_PASSPHRASE"))
150 && opt.pinentry_mode == PINENTRY_MODE_LOOPBACK)
152 if (have_static_passphrase ())
154 const char *s = get_static_passphrase ();
155 err = assuan_send_data (parm->ctx, s, strlen (s));
162 if (parm->keyinfo.keyid)
163 emit_status_need_passphrase (parm->ctrl,
165 parm->keyinfo.mainkeyid,
166 parm->keyinfo.pubkey_algo);
168 snprintf (buf, sizeof (buf), "%u", 100);
169 write_status_text (STATUS_INQUIRE_MAXLEN, buf);
170 pw = cpr_get_hidden ("passphrase.enter", _("Enter passphrase: "));
172 if (*pw == CONTROL_D && !pw[1])
173 err = gpg_error (GPG_ERR_CANCELED);
175 err = assuan_send_data (parm->ctx, pw, strlen (pw));
180 log_debug ("ignoring gpg-agent inquiry '%s'\n", line);
186 /* Print a warning if the server's version number is less than our
187 version number. Returns an error code on a connection problem. */
189 warn_version_mismatch (assuan_context_t ctx, const char *servername, int mode)
193 const char *myversion = strusage (13);
195 err = get_assuan_server_version (ctx, mode, &serverversion);
197 log_log (gpg_err_code (err) == GPG_ERR_NOT_SUPPORTED?
198 GPGRT_LOG_INFO : GPGRT_LOG_ERROR,
199 _("error getting version from '%s': %s\n"),
200 servername, gpg_strerror (err));
201 else if (compare_version_strings (serverversion, myversion) < 0)
205 warn = xtryasprintf (_("server '%s' is older than us (%s < %s)"),
206 servername, serverversion, myversion);
208 err = gpg_error_from_syserror ();
211 log_info (_("WARNING: %s\n"), warn);
212 write_status_strings (STATUS_WARNING, "server_version_mismatch 0",
217 xfree (serverversion);
222 #define FLAG_FOR_CARD_SUPPRESS_ERRORS 2
224 /* Try to connect to the agent via socket or fork it off and work by
225 pipes. Handle the server's initial greeting */
227 start_agent (ctrl_t ctrl, int flag_for_card)
231 (void)ctrl; /* Not yet used. */
233 /* Fixme: We need a context for each thread or serialize the access
239 rc = start_new_gpg_agent (&agent_ctx,
240 GPG_ERR_SOURCE_DEFAULT,
242 opt.lc_ctype, opt.lc_messages,
244 opt.autostart, opt.verbose, DBG_IPC,
246 if (!opt.autostart && gpg_err_code (rc) == GPG_ERR_NO_AGENT)
253 log_info (_("no gpg-agent running in this session\n"));
257 && !(rc = warn_version_mismatch (agent_ctx, GPG_AGENT_NAME, 0)))
259 /* Tell the agent that we support Pinentry notifications.
260 No error checking so that it will work also with older
262 assuan_transact (agent_ctx, "OPTION allow-pinentry-notify",
263 NULL, NULL, NULL, NULL, NULL, NULL);
264 /* Tell the agent about what version we are aware. This is
265 here used to indirectly enable GPG_ERR_FULLY_CANCELED. */
266 assuan_transact (agent_ctx, "OPTION agent-awareness=2.1.0",
267 NULL, NULL, NULL, NULL, NULL, NULL);
268 /* Pass on the pinentry mode. */
269 if (opt.pinentry_mode)
271 char *tmp = xasprintf ("OPTION pinentry-mode=%s",
272 str_pinentry_mode (opt.pinentry_mode));
273 rc = assuan_transact (agent_ctx, tmp,
274 NULL, NULL, NULL, NULL, NULL, NULL);
278 log_error ("setting pinentry mode '%s' failed: %s\n",
279 str_pinentry_mode (opt.pinentry_mode),
281 write_status_error ("set_pinentry_mode", rc);
285 /* In DE_VS mode under Windows we require that the JENT RNG
287 #ifdef HAVE_W32_SYSTEM
288 if (!rc && opt.compliance == CO_DE_VS)
290 if (assuan_transact (agent_ctx, "GETINFO jent_active",
291 NULL, NULL, NULL, NULL, NULL, NULL))
293 rc = gpg_error (GPG_ERR_FORBIDDEN);
294 log_error (_("%s is not compliant with %s mode\n"),
296 gnupg_compliance_option_string (opt.compliance));
297 write_status_error ("random-compliance", rc);
300 #endif /*HAVE_W32_SYSTEM*/
305 if (!rc && flag_for_card && !did_early_card_test)
307 /* Request the serial number of the card for an early test. */
308 struct agent_card_info_s info;
310 memset (&info, 0, sizeof info);
312 if (!(flag_for_card & FLAG_FOR_CARD_SUPPRESS_ERRORS))
313 rc = warn_version_mismatch (agent_ctx, SCDAEMON_NAME, 2);
315 rc = assuan_transact (agent_ctx, "SCD SERIALNO openpgp",
316 NULL, NULL, NULL, NULL,
317 learn_status_cb, &info);
318 if (rc && !(flag_for_card & FLAG_FOR_CARD_SUPPRESS_ERRORS))
320 switch (gpg_err_code (rc))
322 case GPG_ERR_NOT_SUPPORTED:
323 case GPG_ERR_NO_SCDAEMON:
324 write_status_text (STATUS_CARDCTRL, "6");
326 case GPG_ERR_OBJ_TERM_STATE:
327 write_status_text (STATUS_CARDCTRL, "7");
330 write_status_text (STATUS_CARDCTRL, "4");
331 log_info ("selecting openpgp failed: %s\n", gpg_strerror (rc));
336 if (!rc && is_status_enabled () && info.serialno)
340 buf = xasprintf ("3 %s", info.serialno);
341 write_status_text (STATUS_CARDCTRL, buf);
345 agent_release_card_info (&info);
348 did_early_card_test = 1;
356 /* Return a new malloced string by unescaping the string S. Escaping
357 is percent escaping and '+'/space mapping. A binary nul will
358 silently be replaced by a 0xFF. Function returns NULL to indicate
359 an out of memory status. */
361 unescape_status_string (const unsigned char *s)
363 return percent_plus_unescape (s, 0xff);
367 /* Take a 20 byte hexencoded string and put it into the provided
368 20 byte buffer FPR in binary format. */
370 unhexify_fpr (const char *hexstr, unsigned char *fpr)
375 for (s=hexstr, n=0; hexdigitp (s); s++, n++)
378 return 0; /* no fingerprint (invalid or wrong length). */
379 for (s=hexstr, n=0; *s; s += 2, n++)
384 /* Take the serial number from LINE and return it verbatim in a newly
385 allocated string. We make sure that only hex characters are
388 store_serialno (const char *line)
393 for (s=line; hexdigitp (s); s++)
395 p = xtrymalloc (s + 1 - line);
398 memcpy (p, line, s-line);
406 /* This is a dummy data line callback. */
408 dummy_data_cb (void *opaque, const void *buffer, size_t length)
416 /* A simple callback used to return the serialnumber of a card. */
418 get_serialno_cb (void *opaque, const char *line)
420 char **serialno = opaque;
421 const char *keyword = line;
425 for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
427 while (spacep (line))
430 if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
433 return gpg_error (GPG_ERR_CONFLICT); /* Unexpected status line. */
434 for (n=0,s=line; hexdigitp (s); s++, n++)
436 if (!n || (n&1)|| !(spacep (s) || !*s) )
437 return gpg_error (GPG_ERR_ASS_PARAMETER);
438 *serialno = xtrymalloc (n+1);
440 return out_of_core ();
441 memcpy (*serialno, line, n);
450 /* Release the card info structure INFO. */
452 agent_release_card_info (struct agent_card_info_s *info)
459 xfree (info->reader); info->reader = NULL;
460 xfree (info->serialno); info->serialno = NULL;
461 xfree (info->apptype); info->apptype = NULL;
462 xfree (info->disp_name); info->disp_name = NULL;
463 xfree (info->disp_lang); info->disp_lang = NULL;
464 xfree (info->pubkey_url); info->pubkey_url = NULL;
465 xfree (info->login_data); info->login_data = NULL;
466 info->cafpr1valid = info->cafpr2valid = info->cafpr3valid = 0;
467 info->fpr1valid = info->fpr2valid = info->fpr3valid = 0;
468 for (i=0; i < DIM(info->private_do); i++)
470 xfree (info->private_do[i]);
471 info->private_do[i] = NULL;
477 learn_status_cb (void *opaque, const char *line)
479 struct agent_card_info_s *parm = opaque;
480 const char *keyword = line;
484 for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
486 while (spacep (line))
489 if (keywordlen == 6 && !memcmp (keyword, "READER", keywordlen))
491 xfree (parm->reader);
492 parm->reader = unescape_status_string (line);
494 else if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
496 xfree (parm->serialno);
497 parm->serialno = store_serialno (line);
498 parm->is_v2 = (strlen (parm->serialno) >= 16
499 && xtoi_2 (parm->serialno+12) >= 2 );
501 else if (keywordlen == 7 && !memcmp (keyword, "APPTYPE", keywordlen))
503 xfree (parm->apptype);
504 parm->apptype = unescape_status_string (line);
506 else if (keywordlen == 9 && !memcmp (keyword, "DISP-NAME", keywordlen))
508 xfree (parm->disp_name);
509 parm->disp_name = unescape_status_string (line);
511 else if (keywordlen == 9 && !memcmp (keyword, "DISP-LANG", keywordlen))
513 xfree (parm->disp_lang);
514 parm->disp_lang = unescape_status_string (line);
516 else if (keywordlen == 8 && !memcmp (keyword, "DISP-SEX", keywordlen))
518 parm->disp_sex = *line == '1'? 1 : *line == '2' ? 2: 0;
520 else if (keywordlen == 10 && !memcmp (keyword, "PUBKEY-URL", keywordlen))
522 xfree (parm->pubkey_url);
523 parm->pubkey_url = unescape_status_string (line);
525 else if (keywordlen == 10 && !memcmp (keyword, "LOGIN-DATA", keywordlen))
527 xfree (parm->login_data);
528 parm->login_data = unescape_status_string (line);
530 else if (keywordlen == 11 && !memcmp (keyword, "SIG-COUNTER", keywordlen))
532 parm->sig_counter = strtoul (line, NULL, 0);
534 else if (keywordlen == 10 && !memcmp (keyword, "CHV-STATUS", keywordlen))
538 buf = p = unescape_status_string (line);
543 parm->chv1_cached = atoi (p);
544 while (*p && !spacep (p))
548 for (i=0; *p && i < 3; i++)
550 parm->chvmaxlen[i] = atoi (p);
551 while (*p && !spacep (p))
556 for (i=0; *p && i < 3; i++)
558 parm->chvretry[i] = atoi (p);
559 while (*p && !spacep (p))
567 else if (keywordlen == 6 && !memcmp (keyword, "EXTCAP", keywordlen))
572 buf = p = unescape_status_string (line);
575 for (p = strtok (buf, " "); p; p = strtok (NULL, " "))
577 p2 = strchr (p, '=');
581 abool = (*p2 == '1');
582 if (!strcmp (p, "ki"))
583 parm->extcap.ki = abool;
584 else if (!strcmp (p, "aac"))
585 parm->extcap.aac = abool;
586 else if (!strcmp (p, "si"))
587 parm->status_indicator = strtoul (p2, NULL, 10);
593 else if (keywordlen == 7 && !memcmp (keyword, "KEY-FPR", keywordlen))
595 int no = atoi (line);
596 while (*line && !spacep (line))
598 while (spacep (line))
601 parm->fpr1valid = unhexify_fpr (line, parm->fpr1);
603 parm->fpr2valid = unhexify_fpr (line, parm->fpr2);
605 parm->fpr3valid = unhexify_fpr (line, parm->fpr3);
607 else if (keywordlen == 8 && !memcmp (keyword, "KEY-TIME", keywordlen))
609 int no = atoi (line);
610 while (* line && !spacep (line))
612 while (spacep (line))
615 parm->fpr1time = strtoul (line, NULL, 10);
617 parm->fpr2time = strtoul (line, NULL, 10);
619 parm->fpr3time = strtoul (line, NULL, 10);
621 else if (keywordlen == 6 && !memcmp (keyword, "CA-FPR", keywordlen))
623 int no = atoi (line);
624 while (*line && !spacep (line))
626 while (spacep (line))
629 parm->cafpr1valid = unhexify_fpr (line, parm->cafpr1);
631 parm->cafpr2valid = unhexify_fpr (line, parm->cafpr2);
633 parm->cafpr3valid = unhexify_fpr (line, parm->cafpr3);
635 else if (keywordlen == 8 && !memcmp (keyword, "KEY-ATTR", keywordlen))
638 int algo = PUBKEY_ALGO_RSA;
641 sscanf (line, "%d %d %n", &keyno, &algo, &n);
643 if (keyno < 0 || keyno >= DIM (parm->key_attr))
646 parm->key_attr[keyno].algo = algo;
647 if (algo == PUBKEY_ALGO_RSA)
648 parm->key_attr[keyno].nbits = strtoul (line+n+3, NULL, 10);
649 else if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA
650 || algo == PUBKEY_ALGO_EDDSA)
651 parm->key_attr[keyno].curve = openpgp_is_curve_supported (line + n,
654 else if (keywordlen == 12 && !memcmp (keyword, "PRIVATE-DO-", 11)
655 && strchr("1234", keyword[11]))
657 int no = keyword[11] - '1';
658 log_assert (no >= 0 && no <= 3);
659 xfree (parm->private_do[no]);
660 parm->private_do[no] = unescape_status_string (line);
666 /* Call the scdaemon to learn about a smartcard */
668 agent_scd_learn (struct agent_card_info_s *info, int force)
671 struct default_inq_parm_s parm;
672 struct agent_card_info_s dummyinfo;
676 memset (info, 0, sizeof *info);
677 memset (&parm, 0, sizeof parm);
679 rc = start_agent (NULL, 1);
683 parm.ctx = agent_ctx;
684 rc = assuan_transact (agent_ctx,
685 force ? "LEARN --sendinfo --force" : "LEARN --sendinfo",
686 dummy_data_cb, NULL, default_inq_cb, &parm,
687 learn_status_cb, info);
688 /* Also try to get the key attributes. */
690 agent_scd_getattr ("KEY-ATTR", info);
692 if (info == &dummyinfo)
693 agent_release_card_info (info);
699 /* Send an APDU to the current card. On success the status word is
700 stored at R_SW. With HEXAPDU being NULL only a RESET command is
701 send to scd. With HEXAPDU being the string "undefined" the command
702 "SERIALNO undefined" is send to scd. */
704 agent_scd_apdu (const char *hexapdu, unsigned int *r_sw)
708 /* Start the agent but not with the card flag so that we do not
709 autoselect the openpgp application. */
710 err = start_agent (NULL, 0);
716 err = assuan_transact (agent_ctx, "SCD RESET",
717 NULL, NULL, NULL, NULL, NULL, NULL);
720 else if (!strcmp (hexapdu, "undefined"))
722 err = assuan_transact (agent_ctx, "SCD SERIALNO undefined",
723 NULL, NULL, NULL, NULL, NULL, NULL);
727 char line[ASSUAN_LINELENGTH];
732 init_membuf (&mb, 256);
734 snprintf (line, DIM(line), "SCD APDU %s", hexapdu);
735 err = assuan_transact (agent_ctx, line,
736 put_membuf_cb, &mb, NULL, NULL, NULL, NULL);
739 data = get_membuf (&mb, &datalen);
741 err = gpg_error_from_syserror ();
742 else if (datalen < 2) /* Ooops */
743 err = gpg_error (GPG_ERR_CARD);
746 *r_sw = buf16_to_uint (data+datalen-2);
757 agent_keytocard (const char *hexgrip, int keyno, int force,
758 const char *serialno, const char *timestamp)
761 char line[ASSUAN_LINELENGTH];
762 struct default_inq_parm_s parm;
764 memset (&parm, 0, sizeof parm);
766 snprintf (line, DIM(line), "KEYTOCARD %s%s %s OPENPGP.%d %s",
767 force?"--force ": "", hexgrip, serialno, keyno, timestamp);
769 rc = start_agent (NULL, 1);
772 parm.ctx = agent_ctx;
774 rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, &parm,
782 /* Call the agent to retrieve a data object. This function returns
783 the data in the same structure as used by the learn command. It is
784 allowed to update such a structure using this command. */
786 agent_scd_getattr (const char *name, struct agent_card_info_s *info)
789 char line[ASSUAN_LINELENGTH];
790 struct default_inq_parm_s parm;
792 memset (&parm, 0, sizeof parm);
795 return gpg_error (GPG_ERR_INV_VALUE);
797 /* We assume that NAME does not need escaping. */
798 if (12 + strlen (name) > DIM(line)-1)
799 return gpg_error (GPG_ERR_TOO_LARGE);
800 stpcpy (stpcpy (line, "SCD GETATTR "), name);
802 rc = start_agent (NULL, 1);
806 parm.ctx = agent_ctx;
807 rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, &parm,
808 learn_status_cb, info);
814 /* Send an setattr command to the SCdaemon. SERIALNO is not actually
815 used here but required by gpg 1.4's implementation of this code in
818 agent_scd_setattr (const char *name,
819 const unsigned char *value, size_t valuelen,
820 const char *serialno)
823 char line[ASSUAN_LINELENGTH];
825 struct default_inq_parm_s parm;
827 memset (&parm, 0, sizeof parm);
831 if (!*name || !valuelen)
832 return gpg_error (GPG_ERR_INV_VALUE);
834 /* We assume that NAME does not need escaping. */
835 if (12 + strlen (name) > DIM(line)-1)
836 return gpg_error (GPG_ERR_TOO_LARGE);
838 p = stpcpy (stpcpy (line, "SCD SETATTR "), name);
840 for (; valuelen; value++, valuelen--)
842 if (p >= line + DIM(line)-5 )
843 return gpg_error (GPG_ERR_TOO_LARGE);
844 if (*value < ' ' || *value == '+' || *value == '%')
846 sprintf (p, "%%%02X", *value);
849 else if (*value == ' ')
856 rc = start_agent (NULL, 1);
859 parm.ctx = agent_ctx;
860 rc = assuan_transact (agent_ctx, line, NULL, NULL,
861 default_inq_cb, &parm, NULL, NULL);
864 status_sc_op_failure (rc);
870 /* Handle a CERTDATA inquiry. Note, we only send the data,
871 assuan_transact takes care of flushing and writing the END
874 inq_writecert_parms (void *opaque, const char *line)
877 struct writecert_parm_s *parm = opaque;
879 if (has_leading_keyword (line, "CERTDATA"))
881 rc = assuan_send_data (parm->dflt->ctx,
882 parm->certdata, parm->certdatalen);
885 rc = default_inq_cb (parm->dflt, line);
891 /* Send a WRITECERT command to the SCdaemon. */
893 agent_scd_writecert (const char *certidstr,
894 const unsigned char *certdata, size_t certdatalen)
897 char line[ASSUAN_LINELENGTH];
898 struct writecert_parm_s parms;
899 struct default_inq_parm_s dfltparm;
901 memset (&dfltparm, 0, sizeof dfltparm);
903 rc = start_agent (NULL, 1);
907 memset (&parms, 0, sizeof parms);
909 snprintf (line, DIM(line), "SCD WRITECERT %s", certidstr);
910 dfltparm.ctx = agent_ctx;
911 parms.dflt = &dfltparm;
912 parms.certdata = certdata;
913 parms.certdatalen = certdatalen;
915 rc = assuan_transact (agent_ctx, line, NULL, NULL,
916 inq_writecert_parms, &parms, NULL, NULL);
923 /* Handle a KEYDATA inquiry. Note, we only send the data,
924 assuan_transact takes care of flushing and writing the end */
926 inq_writekey_parms (void *opaque, const char *line)
929 struct writekey_parm_s *parm = opaque;
931 if (has_leading_keyword (line, "KEYDATA"))
933 rc = assuan_send_data (parm->dflt->ctx, parm->keydata, parm->keydatalen);
936 rc = default_inq_cb (parm->dflt, line);
942 /* Send a WRITEKEY command to the SCdaemon. */
944 agent_scd_writekey (int keyno, const char *serialno,
945 const unsigned char *keydata, size_t keydatalen)
948 char line[ASSUAN_LINELENGTH];
949 struct writekey_parm_s parms;
950 struct default_inq_parm_s dfltparm;
952 memset (&dfltparm, 0, sizeof dfltparm);
956 rc = start_agent (NULL, 1);
960 memset (&parms, 0, sizeof parms);
962 snprintf (line, DIM(line), "SCD WRITEKEY --force OPENPGP.%d", keyno);
963 dfltparm.ctx = agent_ctx;
964 parms.dflt = &dfltparm;
965 parms.keydata = keydata;
966 parms.keydatalen = keydatalen;
968 rc = assuan_transact (agent_ctx, line, NULL, NULL,
969 inq_writekey_parms, &parms, NULL, NULL);
971 status_sc_op_failure (rc);
977 /* Status callback for the SCD GENKEY command. */
979 scd_genkey_cb (void *opaque, const char *line)
981 u32 *createtime = opaque;
982 const char *keyword = line;
985 for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
987 while (spacep (line))
990 if (keywordlen == 14 && !memcmp (keyword,"KEY-CREATED-AT", keywordlen))
992 *createtime = (u32)strtoul (line, NULL, 10);
994 else if (keywordlen == 8 && !memcmp (keyword, "PROGRESS", keywordlen))
996 write_status_text (STATUS_PROGRESS, line);
1002 /* Send a GENKEY command to the SCdaemon. If *CREATETIME is not 0,
1003 the value will be passed to SCDAEMON with --timestamp option so that
1004 the key is created with this. Otherwise, timestamp was generated by
1005 SCDEAMON. On success, creation time is stored back to
1008 agent_scd_genkey (int keyno, int force, u32 *createtime)
1011 char line[ASSUAN_LINELENGTH];
1012 gnupg_isotime_t tbuf;
1013 struct default_inq_parm_s dfltparm;
1015 memset (&dfltparm, 0, sizeof dfltparm);
1017 rc = start_agent (NULL, 1);
1022 epoch2isotime (tbuf, *createtime);
1026 snprintf (line, DIM(line), "SCD GENKEY %s%s %s %d",
1027 *tbuf? "--timestamp=":"", tbuf,
1028 force? "--force":"",
1031 dfltparm.ctx = agent_ctx;
1032 rc = assuan_transact (agent_ctx, line,
1033 NULL, NULL, default_inq_cb, &dfltparm,
1034 scd_genkey_cb, createtime);
1036 status_sc_op_failure (rc);
1040 /* Return the serial number of the card or an appropriate error. The
1041 serial number is returned as a hexstring. */
1043 agent_scd_serialno (char **r_serialno, const char *demand)
1046 char *serialno = NULL;
1047 char line[ASSUAN_LINELENGTH];
1049 err = start_agent (NULL, 1 | FLAG_FOR_CARD_SUPPRESS_ERRORS);
1054 strcpy (line, "SCD SERIALNO");
1056 snprintf (line, DIM(line), "SCD SERIALNO --demand=%s", demand);
1058 err = assuan_transact (agent_ctx, line,
1059 NULL, NULL, NULL, NULL,
1060 get_serialno_cb, &serialno);
1067 *r_serialno = serialno;
1071 /* Send a READCERT command to the SCdaemon. */
1073 agent_scd_readcert (const char *certidstr,
1074 void **r_buf, size_t *r_buflen)
1077 char line[ASSUAN_LINELENGTH];
1080 struct default_inq_parm_s dfltparm;
1082 memset (&dfltparm, 0, sizeof dfltparm);
1085 rc = start_agent (NULL, 1);
1089 dfltparm.ctx = agent_ctx;
1091 init_membuf (&data, 2048);
1093 snprintf (line, DIM(line), "SCD READCERT %s", certidstr);
1094 rc = assuan_transact (agent_ctx, line,
1095 put_membuf_cb, &data,
1096 default_inq_cb, &dfltparm,
1100 xfree (get_membuf (&data, &len));
1103 *r_buf = get_membuf (&data, r_buflen);
1105 return gpg_error (GPG_ERR_ENOMEM);
1110 struct card_cardlist_parm_s {
1116 /* Callback function for agent_card_cardlist. */
1118 card_cardlist_cb (void *opaque, const char *line)
1120 struct card_cardlist_parm_s *parm = opaque;
1121 const char *keyword = line;
1124 for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
1126 while (spacep (line))
1129 if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
1134 for (n=0,s=line; hexdigitp (s); s++, n++)
1137 if (!n || (n&1) || *s)
1138 parm->error = gpg_error (GPG_ERR_ASS_PARAMETER);
1140 add_to_strlist (&parm->list, line);
1146 /* Return cardlist. */
1148 agent_scd_cardlist (strlist_t *result)
1151 char line[ASSUAN_LINELENGTH];
1152 struct card_cardlist_parm_s parm;
1154 memset (&parm, 0, sizeof parm);
1156 err = start_agent (NULL, 1);
1160 strcpy (line, "SCD GETINFO card_list");
1162 err = assuan_transact (agent_ctx, line,
1163 NULL, NULL, NULL, NULL,
1164 card_cardlist_cb, &parm);
1165 if (!err && parm.error)
1169 *result = parm.list;
1171 free_strlist (parm.list);
1176 /* Change the PIN of an OpenPGP card or reset the retry counter.
1177 CHVNO 1: Change the PIN
1178 2: For v1 cards: Same as 1.
1179 For v2 cards: Reset the PIN using the Reset Code.
1180 3: Change the admin PIN
1181 101: Set a new PIN and reset the retry counter
1182 102: For v1 cars: Same as 101.
1183 For v2 cards: Set a new Reset Code.
1184 SERIALNO is not used.
1187 agent_scd_change_pin (int chvno, const char *serialno)
1190 char line[ASSUAN_LINELENGTH];
1191 const char *reset = "";
1192 struct default_inq_parm_s dfltparm;
1194 memset (&dfltparm, 0, sizeof dfltparm);
1202 rc = start_agent (NULL, 1);
1205 dfltparm.ctx = agent_ctx;
1207 snprintf (line, DIM(line), "SCD PASSWD %s %d", reset, chvno);
1208 rc = assuan_transact (agent_ctx, line,
1210 default_inq_cb, &dfltparm,
1212 status_sc_op_failure (rc);
1217 /* Perform a CHECKPIN operation. SERIALNO should be the serial
1218 number of the card - optionally followed by the fingerprint;
1219 however the fingerprint is ignored here. */
1221 agent_scd_checkpin (const char *serialno)
1224 char line[ASSUAN_LINELENGTH];
1225 struct default_inq_parm_s dfltparm;
1227 memset (&dfltparm, 0, sizeof dfltparm);
1229 rc = start_agent (NULL, 1);
1232 dfltparm.ctx = agent_ctx;
1234 snprintf (line, DIM(line), "SCD CHECKPIN %s", serialno);
1235 rc = assuan_transact (agent_ctx, line,
1237 default_inq_cb, &dfltparm,
1239 status_sc_op_failure (rc);
1244 /* Dummy function, only used by the gpg 1.4 implementation. */
1246 agent_clear_pin_cache (const char *sn)
1254 /* Note: All strings shall be UTF-8. On success the caller needs to
1255 free the string stored at R_PASSPHRASE. On error NULL will be
1256 stored at R_PASSPHRASE and an appropriate fpf error code
1259 agent_get_passphrase (const char *cache_id,
1260 const char *err_msg,
1262 const char *desc_msg,
1265 char **r_passphrase)
1268 char line[ASSUAN_LINELENGTH];
1274 struct default_inq_parm_s dfltparm;
1276 memset (&dfltparm, 0, sizeof dfltparm);
1278 *r_passphrase = NULL;
1280 rc = start_agent (NULL, 0);
1283 dfltparm.ctx = agent_ctx;
1285 /* Check that the gpg-agent understands the repeat option. */
1286 if (assuan_transact (agent_ctx,
1287 "GETINFO cmd_has_option GET_PASSPHRASE repeat",
1288 NULL, NULL, NULL, NULL, NULL, NULL))
1289 return gpg_error (GPG_ERR_NOT_SUPPORTED);
1291 if (cache_id && *cache_id)
1292 if (!(arg1 = percent_plus_escape (cache_id)))
1294 if (err_msg && *err_msg)
1295 if (!(arg2 = percent_plus_escape (err_msg)))
1297 if (prompt && *prompt)
1298 if (!(arg3 = percent_plus_escape (prompt)))
1300 if (desc_msg && *desc_msg)
1301 if (!(arg4 = percent_plus_escape (desc_msg)))
1304 snprintf (line, DIM(line),
1305 "GET_PASSPHRASE --data --repeat=%d%s -- %s %s %s %s",
1307 check? " --check --qualitybar":"",
1317 init_membuf_secure (&data, 64);
1318 rc = assuan_transact (agent_ctx, line,
1319 put_membuf_cb, &data,
1320 default_inq_cb, &dfltparm,
1324 xfree (get_membuf (&data, NULL));
1327 put_membuf (&data, "", 1);
1328 *r_passphrase = get_membuf (&data, NULL);
1330 rc = gpg_error_from_syserror ();
1334 rc = gpg_error_from_syserror ();
1344 agent_clear_passphrase (const char *cache_id)
1347 char line[ASSUAN_LINELENGTH];
1348 struct default_inq_parm_s dfltparm;
1350 memset (&dfltparm, 0, sizeof dfltparm);
1352 if (!cache_id || !*cache_id)
1355 rc = start_agent (NULL, 0);
1358 dfltparm.ctx = agent_ctx;
1360 snprintf (line, DIM(line), "CLEAR_PASSPHRASE %s", cache_id);
1361 return assuan_transact (agent_ctx, line,
1363 default_inq_cb, &dfltparm,
1368 /* Ask the agent to pop up a confirmation dialog with the text DESC
1369 and an okay and cancel button. */
1371 gpg_agent_get_confirmation (const char *desc)
1375 char line[ASSUAN_LINELENGTH];
1376 struct default_inq_parm_s dfltparm;
1378 memset (&dfltparm, 0, sizeof dfltparm);
1380 rc = start_agent (NULL, 0);
1383 dfltparm.ctx = agent_ctx;
1385 tmp = percent_plus_escape (desc);
1387 return gpg_error_from_syserror ();
1388 snprintf (line, DIM(line), "GET_CONFIRMATION %s", tmp);
1391 rc = assuan_transact (agent_ctx, line,
1393 default_inq_cb, &dfltparm,
1399 /* Return the S2K iteration count as computed by gpg-agent. */
1401 agent_get_s2k_count (unsigned long *r_count)
1409 err = start_agent (NULL, 0);
1413 init_membuf (&data, 32);
1414 err = assuan_transact (agent_ctx, "GETINFO s2k_count",
1415 put_membuf_cb, &data,
1416 NULL, NULL, NULL, NULL);
1418 xfree (get_membuf (&data, NULL));
1421 put_membuf (&data, "", 1);
1422 buf = get_membuf (&data, NULL);
1424 err = gpg_error_from_syserror ();
1427 *r_count = strtoul (buf, NULL, 10);
1436 /* Ask the agent whether a secret key for the given public key is
1437 available. Returns 0 if available. */
1439 agent_probe_secret_key (ctrl_t ctrl, PKT_public_key *pk)
1442 char line[ASSUAN_LINELENGTH];
1445 err = start_agent (ctrl, 0);
1449 err = hexkeygrip_from_pk (pk, &hexgrip);
1453 snprintf (line, sizeof line, "HAVEKEY %s", hexgrip);
1456 err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
1460 /* Ask the agent whether a secret key is available for any of the
1461 keys (primary or sub) in KEYBLOCK. Returns 0 if available. */
1463 agent_probe_any_secret_key (ctrl_t ctrl, kbnode_t keyblock)
1466 char line[ASSUAN_LINELENGTH];
1468 kbnode_t kbctx, node;
1470 unsigned char grip[20];
1472 err = start_agent (ctrl, 0);
1476 err = gpg_error (GPG_ERR_NO_SECKEY); /* Just in case no key was
1477 found in KEYBLOCK. */
1478 p = stpcpy (line, "HAVEKEY");
1479 for (kbctx=NULL, nkeys=0; (node = walk_kbnode (keyblock, &kbctx, 0)); )
1480 if (node->pkt->pkttype == PKT_PUBLIC_KEY
1481 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY
1482 || node->pkt->pkttype == PKT_SECRET_KEY
1483 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
1485 if (nkeys && ((p - line) + 41) > (ASSUAN_LINELENGTH - 2))
1487 err = assuan_transact (agent_ctx, line,
1488 NULL, NULL, NULL, NULL, NULL, NULL);
1489 if (err != gpg_err_code (GPG_ERR_NO_SECKEY))
1490 break; /* Seckey available or unexpected error - ready. */
1491 p = stpcpy (line, "HAVEKEY");
1495 err = keygrip_from_pk (node->pkt->pkt.public_key, grip);
1499 bin2hex (grip, 20, p);
1505 err = assuan_transact (agent_ctx, line,
1506 NULL, NULL, NULL, NULL, NULL, NULL);
1513 struct keyinfo_data_parm_s
1521 keyinfo_status_cb (void *opaque, const char *line)
1523 struct keyinfo_data_parm_s *data = opaque;
1527 if ((s = has_leading_keyword (line, "KEYINFO")) && data)
1529 /* Parse the arguments:
1531 * <keygrip> <type> <serialno> <idstr> <cached> <protection>
1535 if (split_fields (s, fields, DIM (fields)) == 6)
1537 is_smartcard = (fields[1][0] == 'T');
1538 if (is_smartcard && !data->serialno && strcmp (fields[2], "-"))
1539 data->serialno = xtrystrdup (fields[2]);
1540 /* 'P' for protected, 'C' for clear */
1541 data->cleartext = (fields[5][0] == 'C');
1548 /* Return the serial number for a secret key. If the returned serial
1549 number is NULL, the key is not stored on a smartcard. Caller needs
1552 if r_cleartext is not NULL, the referenced int will be set to 1 if
1553 the agent's copy of the key is stored in the clear, or 0 otherwise
1556 agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip,
1557 char **r_serialno, int *r_cleartext)
1560 char line[ASSUAN_LINELENGTH];
1561 struct keyinfo_data_parm_s keyinfo;
1563 memset (&keyinfo, 0,sizeof keyinfo);
1567 err = start_agent (ctrl, 0);
1571 if (!hexkeygrip || strlen (hexkeygrip) != 40)
1572 return gpg_error (GPG_ERR_INV_VALUE);
1574 snprintf (line, DIM(line), "KEYINFO %s", hexkeygrip);
1576 err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL,
1577 keyinfo_status_cb, &keyinfo);
1578 if (!err && keyinfo.serialno)
1580 /* Sanity check for bad characters. */
1581 if (strpbrk (keyinfo.serialno, ":\n\r"))
1582 err = GPG_ERR_INV_VALUE;
1585 xfree (keyinfo.serialno);
1588 *r_serialno = keyinfo.serialno;
1590 *r_cleartext = keyinfo.cleartext;
1596 /* Status callback for agent_import_key, agent_export_key and
1599 cache_nonce_status_cb (void *opaque, const char *line)
1601 struct cache_nonce_parm_s *parm = opaque;
1604 if ((s = has_leading_keyword (line, "CACHE_NONCE")))
1606 if (parm->cache_nonce_addr)
1608 xfree (*parm->cache_nonce_addr);
1609 *parm->cache_nonce_addr = xtrystrdup (s);
1612 else if ((s = has_leading_keyword (line, "PASSWD_NONCE")))
1614 if (parm->passwd_nonce_addr)
1616 xfree (*parm->passwd_nonce_addr);
1617 *parm->passwd_nonce_addr = xtrystrdup (s);
1620 else if ((s = has_leading_keyword (line, "PROGRESS")))
1622 if (opt.enable_progress_filter)
1623 write_status_text (STATUS_PROGRESS, s);
1631 /* Handle a KEYPARMS inquiry. Note, we only send the data,
1632 assuan_transact takes care of flushing and writing the end */
1634 inq_genkey_parms (void *opaque, const char *line)
1636 struct genkey_parm_s *parm = opaque;
1639 if (has_leading_keyword (line, "KEYPARAM"))
1641 err = assuan_send_data (parm->dflt->ctx,
1642 parm->keyparms, strlen (parm->keyparms));
1644 else if (has_leading_keyword (line, "NEWPASSWD") && parm->passphrase)
1646 err = assuan_send_data (parm->dflt->ctx,
1647 parm->passphrase, strlen (parm->passphrase));
1650 err = default_inq_cb (parm->dflt, line);
1656 /* Call the agent to generate a new key. KEYPARMS is the usual
1657 S-expression giving the parameters of the key. gpg-agent passes it
1658 gcry_pk_genkey. If NO_PROTECTION is true the agent is advised not
1659 to protect the generated key. If NO_PROTECTION is not set and
1660 PASSPHRASE is not NULL the agent is requested to protect the key
1661 with that passphrase instead of asking for one. */
1663 agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, char **passwd_nonce_addr,
1664 const char *keyparms, int no_protection,
1665 const char *passphrase, gcry_sexp_t *r_pubkey)
1668 struct genkey_parm_s gk_parm;
1669 struct cache_nonce_parm_s cn_parm;
1670 struct default_inq_parm_s dfltparm;
1674 char line[ASSUAN_LINELENGTH];
1676 memset (&dfltparm, 0, sizeof dfltparm);
1677 dfltparm.ctrl = ctrl;
1680 err = start_agent (ctrl, 0);
1683 dfltparm.ctx = agent_ctx;
1685 if (passwd_nonce_addr && *passwd_nonce_addr)
1686 ; /* A RESET would flush the passwd nonce cache. */
1689 err = assuan_transact (agent_ctx, "RESET",
1690 NULL, NULL, NULL, NULL, NULL, NULL);
1695 init_membuf (&data, 1024);
1696 gk_parm.dflt = &dfltparm;
1697 gk_parm.keyparms = keyparms;
1698 gk_parm.passphrase = passphrase;
1699 snprintf (line, sizeof line, "GENKEY%s%s%s%s%s",
1700 no_protection? " --no-protection" :
1701 passphrase ? " --inq-passwd" :
1703 passwd_nonce_addr && *passwd_nonce_addr? " --passwd-nonce=":"",
1704 passwd_nonce_addr && *passwd_nonce_addr? *passwd_nonce_addr:"",
1705 cache_nonce_addr && *cache_nonce_addr? " ":"",
1706 cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"");
1707 cn_parm.cache_nonce_addr = cache_nonce_addr;
1708 cn_parm.passwd_nonce_addr = NULL;
1709 err = assuan_transact (agent_ctx, line,
1710 put_membuf_cb, &data,
1711 inq_genkey_parms, &gk_parm,
1712 cache_nonce_status_cb, &cn_parm);
1715 xfree (get_membuf (&data, &len));
1719 buf = get_membuf (&data, &len);
1721 err = gpg_error_from_syserror ();
1724 err = gcry_sexp_sscan (r_pubkey, NULL, buf, len);
1732 /* Call the agent to read the public key part for a given keygrip. If
1733 FROMCARD is true, the key is directly read from the current
1734 smartcard. In this case HEXKEYGRIP should be the keyID
1735 (e.g. OPENPGP.3). */
1737 agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
1738 unsigned char **r_pubkey)
1744 char line[ASSUAN_LINELENGTH];
1745 struct default_inq_parm_s dfltparm;
1747 memset (&dfltparm, 0, sizeof dfltparm);
1748 dfltparm.ctrl = ctrl;
1751 err = start_agent (ctrl, 0);
1754 dfltparm.ctx = agent_ctx;
1756 err = assuan_transact (agent_ctx, "RESET",NULL, NULL, NULL, NULL, NULL, NULL);
1760 snprintf (line, DIM(line), "READKEY %s%s", fromcard? "--card ":"",
1763 init_membuf (&data, 1024);
1764 err = assuan_transact (agent_ctx, line,
1765 put_membuf_cb, &data,
1766 default_inq_cb, &dfltparm,
1770 xfree (get_membuf (&data, &len));
1773 buf = get_membuf (&data, &len);
1775 return gpg_error_from_syserror ();
1776 if (!gcry_sexp_canon_len (buf, len, NULL, NULL))
1779 return gpg_error (GPG_ERR_INV_SEXP);
1787 /* Call the agent to do a sign operation using the key identified by
1788 the hex string KEYGRIP. DESC is a description of the key to be
1789 displayed if the agent needs to ask for the PIN. DIGEST and
1790 DIGESTLEN is the hash value to sign and DIGESTALGO the algorithm id
1791 used to compute the digest. If CACHE_NONCE is used the agent is
1792 advised to first try a passphrase associated with that nonce. */
1794 agent_pksign (ctrl_t ctrl, const char *cache_nonce,
1795 const char *keygrip, const char *desc,
1796 u32 *keyid, u32 *mainkeyid, int pubkey_algo,
1797 unsigned char *digest, size_t digestlen, int digestalgo,
1798 gcry_sexp_t *r_sigval)
1801 char line[ASSUAN_LINELENGTH];
1803 struct default_inq_parm_s dfltparm;
1805 memset (&dfltparm, 0, sizeof dfltparm);
1806 dfltparm.ctrl = ctrl;
1807 dfltparm.keyinfo.keyid = keyid;
1808 dfltparm.keyinfo.mainkeyid = mainkeyid;
1809 dfltparm.keyinfo.pubkey_algo = pubkey_algo;
1812 err = start_agent (ctrl, 0);
1815 dfltparm.ctx = agent_ctx;
1817 if (digestlen*2 + 50 > DIM(line))
1818 return gpg_error (GPG_ERR_GENERAL);
1820 err = assuan_transact (agent_ctx, "RESET",
1821 NULL, NULL, NULL, NULL, NULL, NULL);
1825 snprintf (line, DIM(line), "SIGKEY %s", keygrip);
1826 err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
1832 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
1833 err = assuan_transact (agent_ctx, line,
1834 NULL, NULL, NULL, NULL, NULL, NULL);
1839 snprintf (line, sizeof line, "SETHASH %d ", digestalgo);
1840 bin2hex (digest, digestlen, line + strlen (line));
1841 err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
1845 init_membuf (&data, 1024);
1847 snprintf (line, sizeof line, "PKSIGN%s%s",
1848 cache_nonce? " -- ":"",
1849 cache_nonce? cache_nonce:"");
1850 err = assuan_transact (agent_ctx, line,
1851 put_membuf_cb, &data,
1852 default_inq_cb, &dfltparm,
1855 xfree (get_membuf (&data, NULL));
1861 buf = get_membuf (&data, &len);
1863 err = gpg_error_from_syserror ();
1866 err = gcry_sexp_sscan (r_sigval, NULL, buf, len);
1875 /* Handle a CIPHERTEXT inquiry. Note, we only send the data,
1876 assuan_transact takes care of flushing and writing the END. */
1878 inq_ciphertext_cb (void *opaque, const char *line)
1880 struct cipher_parm_s *parm = opaque;
1883 if (has_leading_keyword (line, "CIPHERTEXT"))
1885 assuan_begin_confidential (parm->ctx);
1886 rc = assuan_send_data (parm->dflt->ctx,
1887 parm->ciphertext, parm->ciphertextlen);
1888 assuan_end_confidential (parm->ctx);
1891 rc = default_inq_cb (parm->dflt, line);
1897 /* Check whether there is any padding info from the agent. */
1899 padding_info_cb (void *opaque, const char *line)
1901 int *r_padding = opaque;
1904 if ((s=has_leading_keyword (line, "PADDING")))
1906 *r_padding = atoi (s);
1913 /* Call the agent to do a decrypt operation using the key identified
1914 by the hex string KEYGRIP and the input data S_CIPHERTEXT. On the
1915 success the decoded value is stored verbatim at R_BUF and its
1916 length at R_BUF; the callers needs to release it. KEYID, MAINKEYID
1917 and PUBKEY_ALGO are used to construct additional promots or status
1918 messages. The padding information is stored at R_PADDING with -1
1921 agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
1922 u32 *keyid, u32 *mainkeyid, int pubkey_algo,
1923 gcry_sexp_t s_ciphertext,
1924 unsigned char **r_buf, size_t *r_buflen, int *r_padding)
1927 char line[ASSUAN_LINELENGTH];
1930 char *p, *buf, *endp;
1931 struct default_inq_parm_s dfltparm;
1933 memset (&dfltparm, 0, sizeof dfltparm);
1934 dfltparm.ctrl = ctrl;
1935 dfltparm.keyinfo.keyid = keyid;
1936 dfltparm.keyinfo.mainkeyid = mainkeyid;
1937 dfltparm.keyinfo.pubkey_algo = pubkey_algo;
1939 if (!keygrip || strlen(keygrip) != 40
1940 || !s_ciphertext || !r_buf || !r_buflen || !r_padding)
1941 return gpg_error (GPG_ERR_INV_VALUE);
1946 err = start_agent (ctrl, 0);
1949 dfltparm.ctx = agent_ctx;
1951 err = assuan_transact (agent_ctx, "RESET",
1952 NULL, NULL, NULL, NULL, NULL, NULL);
1956 snprintf (line, sizeof line, "SETKEY %s", keygrip);
1957 err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
1963 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
1964 err = assuan_transact (agent_ctx, line,
1965 NULL, NULL, NULL, NULL, NULL, NULL);
1970 init_membuf_secure (&data, 1024);
1972 struct cipher_parm_s parm;
1974 parm.dflt = &dfltparm;
1975 parm.ctx = agent_ctx;
1976 err = make_canon_sexp (s_ciphertext, &parm.ciphertext, &parm.ciphertextlen);
1979 err = assuan_transact (agent_ctx, "PKDECRYPT",
1980 put_membuf_cb, &data,
1981 inq_ciphertext_cb, &parm,
1982 padding_info_cb, r_padding);
1983 xfree (parm.ciphertext);
1987 xfree (get_membuf (&data, &len));
1991 put_membuf (&data, "", 1); /* Make sure it is 0 terminated. */
1992 buf = get_membuf (&data, &len);
1994 return gpg_error_from_syserror ();
1995 log_assert (len); /* (we forced Nul termination.) */
2000 return gpg_error (GPG_ERR_INV_SEXP);
2003 if (len < 13 || memcmp (buf, "(5:value", 8) ) /* "(5:valueN:D)\0" */
2006 return gpg_error (GPG_ERR_INV_SEXP);
2008 len -= 10; /* Count only the data of the second part. */
2009 p = buf + 8; /* Skip leading parenthesis and the value tag. */
2011 n = strtoul (p, &endp, 10);
2012 if (!n || *endp != ':')
2015 return gpg_error (GPG_ERR_INV_SEXP);
2021 return gpg_error (GPG_ERR_INV_SEXP); /* Oops: Inconsistent S-Exp. */
2024 memmove (buf, endp, n);
2033 /* Retrieve a key encryption key from the agent. With FOREXPORT true
2034 the key shall be used for export, with false for import. On success
2035 the new key is stored at R_KEY and its length at R_KEKLEN. */
2037 agent_keywrap_key (ctrl_t ctrl, int forexport, void **r_kek, size_t *r_keklen)
2043 char line[ASSUAN_LINELENGTH];
2044 struct default_inq_parm_s dfltparm;
2046 memset (&dfltparm, 0, sizeof dfltparm);
2047 dfltparm.ctrl = ctrl;
2050 err = start_agent (ctrl, 0);
2053 dfltparm.ctx = agent_ctx;
2055 snprintf (line, DIM(line), "KEYWRAP_KEY %s",
2056 forexport? "--export":"--import");
2058 init_membuf_secure (&data, 64);
2059 err = assuan_transact (agent_ctx, line,
2060 put_membuf_cb, &data,
2061 default_inq_cb, &dfltparm,
2065 xfree (get_membuf (&data, &len));
2068 buf = get_membuf (&data, &len);
2070 return gpg_error_from_syserror ();
2078 /* Handle the inquiry for an IMPORT_KEY command. */
2080 inq_import_key_parms (void *opaque, const char *line)
2082 struct import_key_parm_s *parm = opaque;
2085 if (has_leading_keyword (line, "KEYDATA"))
2087 err = assuan_send_data (parm->dflt->ctx, parm->key, parm->keylen);
2090 err = default_inq_cb (parm->dflt, line);
2096 /* Call the agent to import a key into the agent. */
2098 agent_import_key (ctrl_t ctrl, const char *desc, char **cache_nonce_addr,
2099 const void *key, size_t keylen, int unattended, int force,
2100 u32 *keyid, u32 *mainkeyid, int pubkey_algo)
2103 struct import_key_parm_s parm;
2104 struct cache_nonce_parm_s cn_parm;
2105 char line[ASSUAN_LINELENGTH];
2106 struct default_inq_parm_s dfltparm;
2108 memset (&dfltparm, 0, sizeof dfltparm);
2109 dfltparm.ctrl = ctrl;
2110 dfltparm.keyinfo.keyid = keyid;
2111 dfltparm.keyinfo.mainkeyid = mainkeyid;
2112 dfltparm.keyinfo.pubkey_algo = pubkey_algo;
2114 err = start_agent (ctrl, 0);
2117 dfltparm.ctx = agent_ctx;
2121 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
2122 err = assuan_transact (agent_ctx, line,
2123 NULL, NULL, NULL, NULL, NULL, NULL);
2128 parm.dflt = &dfltparm;
2130 parm.keylen = keylen;
2132 snprintf (line, sizeof line, "IMPORT_KEY%s%s%s%s",
2133 unattended? " --unattended":"",
2134 force? " --force":"",
2135 cache_nonce_addr && *cache_nonce_addr? " ":"",
2136 cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"");
2137 cn_parm.cache_nonce_addr = cache_nonce_addr;
2138 cn_parm.passwd_nonce_addr = NULL;
2139 err = assuan_transact (agent_ctx, line,
2141 inq_import_key_parms, &parm,
2142 cache_nonce_status_cb, &cn_parm);
2148 /* Receive a secret key from the agent. HEXKEYGRIP is the hexified
2149 keygrip, DESC a prompt to be displayed with the agent's passphrase
2150 question (needs to be plus+percent escaped). if OPENPGP_PROTECTED
2151 is not zero, ensure that the key material is returned in RFC
2152 4880-compatible passphrased-protected form. If CACHE_NONCE_ADDR is
2153 not NULL the agent is advised to first try a passphrase associated
2154 with that nonce. On success the key is stored as a canonical
2155 S-expression at R_RESULT and R_RESULTLEN. */
2157 agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
2158 int openpgp_protected, char **cache_nonce_addr,
2159 unsigned char **r_result, size_t *r_resultlen,
2160 u32 *keyid, u32 *mainkeyid, int pubkey_algo)
2163 struct cache_nonce_parm_s cn_parm;
2167 char line[ASSUAN_LINELENGTH];
2168 struct default_inq_parm_s dfltparm;
2170 memset (&dfltparm, 0, sizeof dfltparm);
2171 dfltparm.ctrl = ctrl;
2172 dfltparm.keyinfo.keyid = keyid;
2173 dfltparm.keyinfo.mainkeyid = mainkeyid;
2174 dfltparm.keyinfo.pubkey_algo = pubkey_algo;
2178 err = start_agent (ctrl, 0);
2181 dfltparm.ctx = agent_ctx;
2185 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
2186 err = assuan_transact (agent_ctx, line,
2187 NULL, NULL, NULL, NULL, NULL, NULL);
2192 snprintf (line, DIM(line), "EXPORT_KEY %s%s%s %s",
2193 openpgp_protected ? "--openpgp ":"",
2194 cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
2195 cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
2198 init_membuf_secure (&data, 1024);
2199 cn_parm.cache_nonce_addr = cache_nonce_addr;
2200 cn_parm.passwd_nonce_addr = NULL;
2201 err = assuan_transact (agent_ctx, line,
2202 put_membuf_cb, &data,
2203 default_inq_cb, &dfltparm,
2204 cache_nonce_status_cb, &cn_parm);
2207 xfree (get_membuf (&data, &len));
2210 buf = get_membuf (&data, &len);
2212 return gpg_error_from_syserror ();
2220 /* Ask the agent to delete the key identified by HEXKEYGRIP. If DESC
2221 is not NULL, display DESC instead of the default description
2222 message. If FORCE is true the agent is advised not to ask for
2225 agent_delete_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
2229 char line[ASSUAN_LINELENGTH];
2230 struct default_inq_parm_s dfltparm;
2232 memset (&dfltparm, 0, sizeof dfltparm);
2233 dfltparm.ctrl = ctrl;
2235 err = start_agent (ctrl, 0);
2239 if (!hexkeygrip || strlen (hexkeygrip) != 40)
2240 return gpg_error (GPG_ERR_INV_VALUE);
2244 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
2245 err = assuan_transact (agent_ctx, line,
2246 NULL, NULL, NULL, NULL, NULL, NULL);
2251 snprintf (line, DIM(line), "DELETE_KEY%s %s",
2252 force? " --force":"", hexkeygrip);
2253 err = assuan_transact (agent_ctx, line, NULL, NULL,
2254 default_inq_cb, &dfltparm,
2261 /* Ask the agent to change the passphrase of the key identified by
2262 * HEXKEYGRIP. If DESC is not NULL, display DESC instead of the
2263 * default description message. If CACHE_NONCE_ADDR is not NULL the
2264 * agent is advised to first try a passphrase associated with that
2265 * nonce. If PASSWD_NONCE_ADDR is not NULL the agent will try to use
2266 * the passphrase associated with that nonce for the new passphrase.
2267 * If VERIFY is true the passphrase is only verified. */
2269 agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, int verify,
2270 char **cache_nonce_addr, char **passwd_nonce_addr)
2273 struct cache_nonce_parm_s cn_parm;
2274 char line[ASSUAN_LINELENGTH];
2275 struct default_inq_parm_s dfltparm;
2277 memset (&dfltparm, 0, sizeof dfltparm);
2278 dfltparm.ctrl = ctrl;
2280 err = start_agent (ctrl, 0);
2283 dfltparm.ctx = agent_ctx;
2285 if (!hexkeygrip || strlen (hexkeygrip) != 40)
2286 return gpg_error (GPG_ERR_INV_VALUE);
2290 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
2291 err = assuan_transact (agent_ctx, line,
2292 NULL, NULL, NULL, NULL, NULL, NULL);
2298 snprintf (line, DIM(line), "PASSWD %s%s --verify %s",
2299 cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
2300 cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
2303 snprintf (line, DIM(line), "PASSWD %s%s %s%s %s",
2304 cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
2305 cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
2306 passwd_nonce_addr && *passwd_nonce_addr? "--passwd-nonce=":"",
2307 passwd_nonce_addr && *passwd_nonce_addr? *passwd_nonce_addr:"",
2309 cn_parm.cache_nonce_addr = cache_nonce_addr;
2310 cn_parm.passwd_nonce_addr = passwd_nonce_addr;
2311 err = assuan_transact (agent_ctx, line, NULL, NULL,
2312 default_inq_cb, &dfltparm,
2313 cache_nonce_status_cb, &cn_parm);
2318 /* Return the version reported by gpg-agent. */
2320 agent_get_version (ctrl_t ctrl, char **r_version)
2324 err = start_agent (ctrl, 0);
2328 err = get_assuan_server_version (agent_ctx, 0, r_version);
projects / gnupg.git / blob