1 /* call-agent.c - Divert GPGSM operations to the agent
2 * Copyright (C) 2001, 2002, 2003, 2005, 2007,
3 * 2008, 2009, 2010 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
38 #include "keydb.h" /* fixme: Move this to import.c */
42 static assuan_context_t agent_ctx = NULL;
49 const unsigned char *ciphertext;
57 const unsigned char *sexp;
69 struct import_key_parm_s
79 /* Print a warning if the server's version number is less than our
80 version number. Returns an error code on a connection problem. */
82 warn_version_mismatch (ctrl_t ctrl, assuan_context_t ctx,
83 const char *servername, int mode)
87 const char *myversion = strusage (13);
89 err = get_assuan_server_version (ctx, mode, &serverversion);
91 log_error (_("error getting version from '%s': %s\n"),
92 servername, gpg_strerror (err));
93 else if (!compare_version_strings (serverversion, myversion))
97 warn = xtryasprintf (_("server '%s' is older than us (%s < %s)"),
98 servername, serverversion, myversion);
100 err = gpg_error_from_syserror ();
103 log_info (_("WARNING: %s\n"), warn);
104 gpgsm_status2 (ctrl, STATUS_WARNING, "server_version_mismatch 0",
109 xfree (serverversion);
114 /* Try to connect to the agent via socket or fork it off and work by
115 pipes. Handle the server's initial greeting */
117 start_agent (ctrl_t ctrl)
122 rc = 0; /* fixme: We need a context for each thread or
123 serialize the access to the agent (which is
124 suitable given that the agent is not MT. */
127 rc = start_new_gpg_agent (&agent_ctx,
128 GPG_ERR_SOURCE_DEFAULT,
131 opt.lc_ctype, opt.lc_messages,
133 opt.autostart, opt.verbose, DBG_IPC,
134 gpgsm_status2, ctrl);
136 if (!opt.autostart && gpg_err_code (rc) == GPG_ERR_NO_AGENT)
143 log_info (_("no gpg-agent running in this session\n"));
146 else if (!rc && !(rc = warn_version_mismatch (ctrl, agent_ctx,
149 /* Tell the agent that we support Pinentry notifications. No
150 error checking so that it will work also with older
152 assuan_transact (agent_ctx, "OPTION allow-pinentry-notify",
153 NULL, NULL, NULL, NULL, NULL, NULL);
157 if (!ctrl->agent_seen)
159 ctrl->agent_seen = 1;
160 audit_log_ok (ctrl->audit, AUDIT_AGENT_READY, rc);
167 /* This is the default inquiry callback. It mainly handles the
168 Pinentry notifications. */
170 default_inq_cb (void *opaque, const char *line)
173 ctrl_t ctrl = opaque;
175 if (has_leading_keyword (line, "PINENTRY_LAUNCHED"))
177 err = gpgsm_proxy_pinentry_notify (ctrl, line);
179 log_error (_("failed to proxy %s inquiry to client\n"),
180 "PINENTRY_LAUNCHED");
181 /* We do not pass errors to avoid breaking other code. */
184 log_error ("ignoring gpg-agent inquiry '%s'\n", line);
192 /* Call the agent to do a sign operation using the key identified by
193 the hex string KEYGRIP. */
195 gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
196 unsigned char *digest, size_t digestlen, int digestalgo,
197 unsigned char **r_buf, size_t *r_buflen )
200 char *p, line[ASSUAN_LINELENGTH];
205 rc = start_agent (ctrl);
209 if (digestlen*2 + 50 > DIM(line))
210 return gpg_error (GPG_ERR_GENERAL);
212 rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
216 snprintf (line, DIM(line)-1, "SIGKEY %s", keygrip);
217 line[DIM(line)-1] = 0;
218 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
224 snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
225 line[DIM(line)-1] = 0;
226 rc = assuan_transact (agent_ctx, line,
227 NULL, NULL, NULL, NULL, NULL, NULL);
232 sprintf (line, "SETHASH %d ", digestalgo);
233 p = line + strlen (line);
234 for (i=0; i < digestlen ; i++, p += 2 )
235 sprintf (p, "%02X", digest[i]);
236 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
240 init_membuf (&data, 1024);
241 rc = assuan_transact (agent_ctx, "PKSIGN",
242 put_membuf_cb, &data, default_inq_cb, ctrl,
246 xfree (get_membuf (&data, &len));
249 *r_buf = get_membuf (&data, r_buflen);
251 if (!gcry_sexp_canon_len (*r_buf, *r_buflen, NULL, NULL))
253 xfree (*r_buf); *r_buf = NULL;
254 return gpg_error (GPG_ERR_INV_VALUE);
257 return *r_buf? 0 : out_of_core ();
261 /* Call the scdaemon to do a sign operation using the key identified by
262 the hex string KEYID. */
264 gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
265 unsigned char *digest, size_t digestlen, int digestalgo,
266 unsigned char **r_buf, size_t *r_buflen )
269 char *p, line[ASSUAN_LINELENGTH];
273 unsigned char *sigbuf;
282 case GCRY_MD_SHA1: hashopt = "--hash=sha1"; break;
283 case GCRY_MD_RMD160:hashopt = "--hash=rmd160"; break;
284 case GCRY_MD_MD5: hashopt = "--hash=md5"; break;
285 case GCRY_MD_SHA256:hashopt = "--hash=sha256"; break;
287 return gpg_error (GPG_ERR_DIGEST_ALGO);
290 rc = start_agent (ctrl);
294 if (digestlen*2 + 50 > DIM(line))
295 return gpg_error (GPG_ERR_GENERAL);
297 p = stpcpy (line, "SCD SETDATA " );
298 for (i=0; i < digestlen ; i++, p += 2 )
299 sprintf (p, "%02X", digest[i]);
300 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
304 init_membuf (&data, 1024);
306 snprintf (line, DIM(line)-1, "SCD PKSIGN %s %s", hashopt, keyid);
307 line[DIM(line)-1] = 0;
308 rc = assuan_transact (agent_ctx, line,
309 put_membuf_cb, &data, default_inq_cb, ctrl,
313 xfree (get_membuf (&data, &len));
316 sigbuf = get_membuf (&data, &sigbuflen);
318 /* Create an S-expression from it which is formatted like this:
319 "(7:sig-val(3:rsa(1:sSIGBUFLEN:SIGBUF)))" Fixme: If a card ever
320 creates non-RSA keys we need to change things. */
321 *r_buflen = 21 + 11 + sigbuflen + 4;
322 p = xtrymalloc (*r_buflen);
323 *r_buf = (unsigned char*)p;
329 p = stpcpy (p, "(7:sig-val(3:rsa(1:s" );
330 sprintf (p, "%u:", (unsigned int)sigbuflen);
332 memcpy (p, sigbuf, sigbuflen);
337 assert (gcry_sexp_canon_len (*r_buf, *r_buflen, NULL, NULL));
344 /* Handle a CIPHERTEXT inquiry. Note, we only send the data,
345 assuan_transact takes care of flushing and writing the end */
347 inq_ciphertext_cb (void *opaque, const char *line)
349 struct cipher_parm_s *parm = opaque;
352 if (has_leading_keyword (line, "CIPHERTEXT"))
354 assuan_begin_confidential (parm->ctx);
355 rc = assuan_send_data (parm->ctx, parm->ciphertext, parm->ciphertextlen);
356 assuan_end_confidential (parm->ctx);
359 rc = default_inq_cb (parm->ctrl, line);
365 /* Call the agent to do a decrypt operation using the key identified by
366 the hex string KEYGRIP. */
368 gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
369 ksba_const_sexp_t ciphertext,
370 char **r_buf, size_t *r_buflen )
373 char line[ASSUAN_LINELENGTH];
375 struct cipher_parm_s cipher_parm;
377 char *p, *buf, *endp;
378 size_t ciphertextlen;
380 if (!keygrip || strlen(keygrip) != 40 || !ciphertext || !r_buf || !r_buflen)
381 return gpg_error (GPG_ERR_INV_VALUE);
384 ciphertextlen = gcry_sexp_canon_len (ciphertext, 0, NULL, NULL);
386 return gpg_error (GPG_ERR_INV_VALUE);
388 rc = start_agent (ctrl);
392 rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
396 assert ( DIM(line) >= 50 );
397 snprintf (line, DIM(line)-1, "SETKEY %s", keygrip);
398 line[DIM(line)-1] = 0;
399 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
405 snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
406 line[DIM(line)-1] = 0;
407 rc = assuan_transact (agent_ctx, line,
408 NULL, NULL, NULL, NULL, NULL, NULL);
413 init_membuf (&data, 1024);
414 cipher_parm.ctrl = ctrl;
415 cipher_parm.ctx = agent_ctx;
416 cipher_parm.ciphertext = ciphertext;
417 cipher_parm.ciphertextlen = ciphertextlen;
418 rc = assuan_transact (agent_ctx, "PKDECRYPT",
419 put_membuf_cb, &data,
420 inq_ciphertext_cb, &cipher_parm, NULL, NULL);
423 xfree (get_membuf (&data, &len));
427 put_membuf (&data, "", 1); /* Make sure it is 0 terminated. */
428 buf = get_membuf (&data, &len);
430 return gpg_error (GPG_ERR_ENOMEM);
431 assert (len); /* (we forced Nul termination.) */
435 if (len < 13 || memcmp (buf, "(5:value", 8) ) /* "(5:valueN:D)\0" */
436 return gpg_error (GPG_ERR_INV_SEXP);
437 len -= 11; /* Count only the data of the second part. */
438 p = buf + 8; /* Skip leading parenthesis and the value tag. */
442 /* For compatibility with older gpg-agents handle the old style
443 incomplete S-exps. */
444 len--; /* Do not count the Nul. */
448 n = strtoul (p, &endp, 10);
449 if (!n || *endp != ':')
450 return gpg_error (GPG_ERR_INV_SEXP);
453 return gpg_error (GPG_ERR_INV_SEXP); /* Oops: Inconsistent S-Exp. */
455 memmove (buf, endp, n);
466 /* Handle a KEYPARMS inquiry. Note, we only send the data,
467 assuan_transact takes care of flushing and writing the end */
469 inq_genkey_parms (void *opaque, const char *line)
471 struct genkey_parm_s *parm = opaque;
474 if (has_leading_keyword (line, "KEYPARAM"))
476 rc = assuan_send_data (parm->ctx, parm->sexp, parm->sexplen);
479 rc = default_inq_cb (parm->ctrl, line);
486 /* Call the agent to generate a newkey */
488 gpgsm_agent_genkey (ctrl_t ctrl,
489 ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey)
492 struct genkey_parm_s gk_parm;
498 rc = start_agent (ctrl);
502 rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
506 init_membuf (&data, 1024);
508 gk_parm.ctx = agent_ctx;
509 gk_parm.sexp = keyparms;
510 gk_parm.sexplen = gcry_sexp_canon_len (keyparms, 0, NULL, NULL);
511 if (!gk_parm.sexplen)
512 return gpg_error (GPG_ERR_INV_VALUE);
513 rc = assuan_transact (agent_ctx, "GENKEY",
514 put_membuf_cb, &data,
515 inq_genkey_parms, &gk_parm, NULL, NULL);
518 xfree (get_membuf (&data, &len));
521 buf = get_membuf (&data, &len);
523 return gpg_error (GPG_ERR_ENOMEM);
524 if (!gcry_sexp_canon_len (buf, len, NULL, NULL))
527 return gpg_error (GPG_ERR_INV_SEXP);
534 /* Call the agent to read the public key part for a given keygrip. If
535 FROMCARD is true, the key is directly read from the current
536 smartcard. In this case HEXKEYGRIP should be the keyID
539 gpgsm_agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
540 ksba_sexp_t *r_pubkey)
546 char line[ASSUAN_LINELENGTH];
549 rc = start_agent (ctrl);
553 rc = assuan_transact (agent_ctx, "RESET",NULL, NULL, NULL, NULL, NULL, NULL);
557 snprintf (line, DIM(line)-1, "%sREADKEY %s",
558 fromcard? "SCD ":"", hexkeygrip);
559 line[DIM(line)-1] = 0;
561 init_membuf (&data, 1024);
562 rc = assuan_transact (agent_ctx, line,
563 put_membuf_cb, &data,
564 default_inq_cb, ctrl, NULL, NULL);
567 xfree (get_membuf (&data, &len));
570 buf = get_membuf (&data, &len);
572 return gpg_error (GPG_ERR_ENOMEM);
573 if (!gcry_sexp_canon_len (buf, len, NULL, NULL))
576 return gpg_error (GPG_ERR_INV_SEXP);
584 /* Take the serial number from LINE and return it verbatim in a newly
585 allocated string. We make sure that only hex characters are
588 store_serialno (const char *line)
593 for (s=line; hexdigitp (s); s++)
595 p = xtrymalloc (s + 1 - line);
598 memcpy (p, line, s-line);
605 /* Callback for the gpgsm_agent_serialno function. */
607 scd_serialno_status_cb (void *opaque, const char *line)
609 char **r_serialno = opaque;
610 const char *keyword = line;
613 for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
615 while (spacep (line))
618 if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
621 *r_serialno = store_serialno (line);
628 /* Call the agent to read the serial number of the current card. */
630 gpgsm_agent_scd_serialno (ctrl_t ctrl, char **r_serialno)
633 char *serialno = NULL;
636 rc = start_agent (ctrl);
640 rc = assuan_transact (agent_ctx, "SCD SERIALNO",
642 default_inq_cb, ctrl,
643 scd_serialno_status_cb, &serialno);
644 if (!rc && !serialno)
645 rc = gpg_error (GPG_ERR_INTERNAL);
651 *r_serialno = serialno;
657 /* Callback for the gpgsm_agent_serialno function. */
659 scd_keypairinfo_status_cb (void *opaque, const char *line)
661 strlist_t *listaddr = opaque;
662 const char *keyword = line;
667 for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
669 while (spacep (line))
672 if (keywordlen == 11 && !memcmp (keyword, "KEYPAIRINFO", keywordlen))
674 sl = append_to_strlist (listaddr, line);
676 /* Make sure that we only have two tokes so that future
677 extensions of the format won't change the format expected by
679 while (*p && !spacep (p))
685 while (*p && !spacep (p))
695 /* Call the agent to read the keypairinfo lines of the current card.
696 The list is returned as a string made up of the keygrip, a space
699 gpgsm_agent_scd_keypairinfo (ctrl_t ctrl, strlist_t *r_list)
702 strlist_t list = NULL;
705 rc = start_agent (ctrl);
709 rc = assuan_transact (agent_ctx, "SCD LEARN --force",
711 default_inq_cb, ctrl,
712 scd_keypairinfo_status_cb, &list);
714 rc = gpg_error (GPG_ERR_NO_DATA);
727 istrusted_status_cb (void *opaque, const char *line)
729 struct rootca_flags_s *flags = opaque;
732 if ((s = has_leading_keyword (line, "TRUSTLISTFLAG")))
735 if (has_leading_keyword (line, "relax"))
737 else if (has_leading_keyword (line, "cm"))
738 flags->chain_model = 1;
745 /* Ask the agent whether the certificate is in the list of trusted
746 keys. The certificate is either specified by the CERT object or by
747 the fingerprint HEXFPR. ROOTCA_FLAGS is guaranteed to be cleared
750 gpgsm_agent_istrusted (ctrl_t ctrl, ksba_cert_t cert, const char *hexfpr,
751 struct rootca_flags_s *rootca_flags)
754 char line[ASSUAN_LINELENGTH];
756 memset (rootca_flags, 0, sizeof *rootca_flags);
759 return gpg_error (GPG_ERR_INV_ARG);
761 rc = start_agent (ctrl);
767 snprintf (line, DIM(line)-1, "ISTRUSTED %s", hexfpr);
768 line[DIM(line)-1] = 0;
774 fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
777 log_error ("error getting the fingerprint\n");
778 return gpg_error (GPG_ERR_GENERAL);
781 snprintf (line, DIM(line)-1, "ISTRUSTED %s", fpr);
782 line[DIM(line)-1] = 0;
786 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL,
787 istrusted_status_cb, rootca_flags);
789 rootca_flags->valid = 1;
793 /* Ask the agent to mark CERT as a trusted Root-CA one */
795 gpgsm_agent_marktrusted (ctrl_t ctrl, ksba_cert_t cert)
798 char *fpr, *dn, *dnfmt;
799 char line[ASSUAN_LINELENGTH];
801 rc = start_agent (ctrl);
805 fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
808 log_error ("error getting the fingerprint\n");
809 return gpg_error (GPG_ERR_GENERAL);
812 dn = ksba_cert_get_issuer (cert, 0);
816 return gpg_error (GPG_ERR_GENERAL);
818 dnfmt = gpgsm_format_name2 (dn, 0);
821 return gpg_error_from_syserror ();
822 snprintf (line, DIM(line)-1, "MARKTRUSTED %s S %s", fpr, dnfmt);
823 line[DIM(line)-1] = 0;
827 rc = assuan_transact (agent_ctx, line, NULL, NULL,
828 default_inq_cb, ctrl, NULL, NULL);
834 /* Ask the agent whether the a corresponding secret key is available
835 for the given keygrip */
837 gpgsm_agent_havekey (ctrl_t ctrl, const char *hexkeygrip)
840 char line[ASSUAN_LINELENGTH];
842 rc = start_agent (ctrl);
846 if (!hexkeygrip || strlen (hexkeygrip) != 40)
847 return gpg_error (GPG_ERR_INV_VALUE);
849 snprintf (line, DIM(line)-1, "HAVEKEY %s", hexkeygrip);
850 line[DIM(line)-1] = 0;
852 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
858 learn_status_cb (void *opaque, const char *line)
860 struct learn_parm_s *parm = opaque;
863 /* Pass progress data to the caller. */
864 if ((s = has_leading_keyword (line, "PROGRESS")))
869 if (gpgsm_status (parm->ctrl, STATUS_PROGRESS, line))
870 return gpg_error (GPG_ERR_ASS_CANCELED);
877 learn_cb (void *opaque, const void *buffer, size_t length)
879 struct learn_parm_s *parm = opaque;
890 put_membuf (parm->data, buffer, length);
893 /* END encountered - process what we have */
894 buf = get_membuf (parm->data, &len);
897 parm->error = gpg_error (GPG_ERR_ENOMEM);
901 if (gpgsm_status (parm->ctrl, STATUS_PROGRESS, "learncard C 0 0"))
902 return gpg_error (GPG_ERR_ASS_CANCELED);
904 /* FIXME: this should go into import.c */
905 rc = ksba_cert_new (&cert);
911 rc = ksba_cert_init_from_mem (cert, buf, len);
914 log_error ("failed to parse a certificate: %s\n", gpg_strerror (rc));
915 ksba_cert_release (cert);
920 /* We do not store a certifciate with missing issuers as ephemeral
921 because we can assume that the --learn-card command has been used
923 rc = gpgsm_basic_cert_check (parm->ctrl, cert);
924 if (rc && gpg_err_code (rc) != GPG_ERR_MISSING_CERT
925 && gpg_err_code (rc) != GPG_ERR_MISSING_ISSUER_CERT)
926 log_error ("invalid certificate: %s\n", gpg_strerror (rc));
931 if (!keydb_store_cert (cert, 0, &existed))
933 if (opt.verbose > 1 && existed)
934 log_info ("certificate already in DB\n");
935 else if (opt.verbose && !existed)
936 log_info ("certificate imported\n");
940 ksba_cert_release (cert);
941 init_membuf (parm->data, 4096);
945 /* Call the agent to learn about a smartcard */
947 gpgsm_agent_learn (ctrl_t ctrl)
950 struct learn_parm_s learn_parm;
954 rc = start_agent (ctrl);
958 rc = warn_version_mismatch (ctrl, agent_ctx, SCDAEMON_NAME, 2);
962 init_membuf (&data, 4096);
963 learn_parm.error = 0;
964 learn_parm.ctrl = ctrl;
965 learn_parm.ctx = agent_ctx;
966 learn_parm.data = &data;
967 rc = assuan_transact (agent_ctx, "LEARN --send",
968 learn_cb, &learn_parm,
970 learn_status_cb, &learn_parm);
971 xfree (get_membuf (&data, &len));
974 return learn_parm.error;
978 /* Ask the agent to change the passphrase of the key identified by
979 HEXKEYGRIP. If DESC is not NULL, display instead of the default
980 description message. */
982 gpgsm_agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc)
985 char line[ASSUAN_LINELENGTH];
987 rc = start_agent (ctrl);
991 if (!hexkeygrip || strlen (hexkeygrip) != 40)
992 return gpg_error (GPG_ERR_INV_VALUE);
996 snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
997 line[DIM(line)-1] = 0;
998 rc = assuan_transact (agent_ctx, line,
999 NULL, NULL, NULL, NULL, NULL, NULL);
1004 snprintf (line, DIM(line)-1, "PASSWD %s", hexkeygrip);
1005 line[DIM(line)-1] = 0;
1007 rc = assuan_transact (agent_ctx, line, NULL, NULL,
1008 default_inq_cb, ctrl, NULL, NULL);
1014 /* Ask the agent to pop up a confirmation dialog with the text DESC
1015 and an okay and cancel button. */
1017 gpgsm_agent_get_confirmation (ctrl_t ctrl, const char *desc)
1020 char line[ASSUAN_LINELENGTH];
1022 rc = start_agent (ctrl);
1026 snprintf (line, DIM(line)-1, "GET_CONFIRMATION %s", desc);
1027 line[DIM(line)-1] = 0;
1029 rc = assuan_transact (agent_ctx, line, NULL, NULL,
1030 default_inq_cb, ctrl, NULL, NULL);
1036 /* Return 0 if the agent is alive. This is useful to make sure that
1037 an agent has been started. */
1039 gpgsm_agent_send_nop (ctrl_t ctrl)
1043 rc = start_agent (ctrl);
1045 rc = assuan_transact (agent_ctx, "NOP",
1046 NULL, NULL, NULL, NULL, NULL, NULL);
1053 keyinfo_status_cb (void *opaque, const char *line)
1055 char **serialno = opaque;
1058 if ((s = has_leading_keyword (line, "KEYINFO")) && !*serialno)
1060 s = strchr (s, ' ');
1061 if (s && s[1] == 'T' && s[2] == ' ' && s[3])
1064 s2 = strchr (s, ' ');
1067 *serialno = xtrymalloc ((s2 - s)+1);
1070 memcpy (*serialno, s, s2 - s);
1071 (*serialno)[s2 - s] = 0;
1079 /* Return the serial number for a secret key. If the returned serial
1080 number is NULL, the key is not stored on a smartcard. Caller needs
1081 to free R_SERIALNO. */
1083 gpgsm_agent_keyinfo (ctrl_t ctrl, const char *hexkeygrip, char **r_serialno)
1086 char line[ASSUAN_LINELENGTH];
1087 char *serialno = NULL;
1091 err = start_agent (ctrl);
1095 if (!hexkeygrip || strlen (hexkeygrip) != 40)
1096 return gpg_error (GPG_ERR_INV_VALUE);
1098 snprintf (line, DIM(line)-1, "KEYINFO %s", hexkeygrip);
1099 line[DIM(line)-1] = 0;
1101 err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL,
1102 keyinfo_status_cb, &serialno);
1103 if (!err && serialno)
1105 /* Sanity check for bad characters. */
1106 if (strpbrk (serialno, ":\n\r"))
1107 err = GPG_ERR_INV_VALUE;
1112 *r_serialno = serialno;
1118 /* Ask for the passphrase (this is used for pkcs#12 import/export. On
1119 success the caller needs to free the string stored at R_PASSPHRASE.
1120 On error NULL will be stored at R_PASSPHRASE and an appropriate
1121 error code returned. If REPEAT is true the agent tries to get a
1122 new passphrase (i.e. asks the user to confirm it). */
1124 gpgsm_agent_ask_passphrase (ctrl_t ctrl, const char *desc_msg, int repeat,
1125 char **r_passphrase)
1128 char line[ASSUAN_LINELENGTH];
1132 *r_passphrase = NULL;
1134 err = start_agent (ctrl);
1138 if (desc_msg && *desc_msg && !(arg4 = percent_plus_escape (desc_msg)))
1139 return gpg_error_from_syserror ();
1141 snprintf (line, DIM(line)-1, "GET_PASSPHRASE --data%s -- X X X %s",
1142 repeat? " --repeat=1 --check --qualitybar":"",
1146 init_membuf_secure (&data, 64);
1147 err = assuan_transact (agent_ctx, line,
1148 put_membuf_cb, &data,
1149 default_inq_cb, NULL, NULL, NULL);
1152 xfree (get_membuf (&data, NULL));
1155 put_membuf (&data, "", 1);
1156 *r_passphrase = get_membuf (&data, NULL);
1158 err = gpg_error_from_syserror ();
1165 /* Retrieve a key encryption key from the agent. With FOREXPORT true
1166 the key shall be use for export, with false for import. On success
1167 the new key is stored at R_KEY and its length at R_KEKLEN. */
1169 gpgsm_agent_keywrap_key (ctrl_t ctrl, int forexport,
1170 void **r_kek, size_t *r_keklen)
1176 char line[ASSUAN_LINELENGTH];
1179 err = start_agent (ctrl);
1183 snprintf (line, DIM(line)-1, "KEYWRAP_KEY %s",
1184 forexport? "--export":"--import");
1186 init_membuf_secure (&data, 64);
1187 err = assuan_transact (agent_ctx, line,
1188 put_membuf_cb, &data,
1189 default_inq_cb, ctrl, NULL, NULL);
1192 xfree (get_membuf (&data, &len));
1195 buf = get_membuf (&data, &len);
1197 return gpg_error_from_syserror ();
1206 /* Handle the inquiry for an IMPORT_KEY command. */
1208 inq_import_key_parms (void *opaque, const char *line)
1210 struct import_key_parm_s *parm = opaque;
1213 if (has_leading_keyword (line, "KEYDATA"))
1215 assuan_begin_confidential (parm->ctx);
1216 err = assuan_send_data (parm->ctx, parm->key, parm->keylen);
1217 assuan_end_confidential (parm->ctx);
1220 err = default_inq_cb (parm->ctrl, line);
1226 /* Call the agent to import a key into the agent. */
1228 gpgsm_agent_import_key (ctrl_t ctrl, const void *key, size_t keylen)
1231 struct import_key_parm_s parm;
1233 err = start_agent (ctrl);
1238 parm.ctx = agent_ctx;
1240 parm.keylen = keylen;
1242 err = assuan_transact (agent_ctx, "IMPORT_KEY",
1243 NULL, NULL, inq_import_key_parms, &parm, NULL, NULL);
1249 /* Receive a secret key from the agent. KEYGRIP is the hexified
1250 keygrip, DESC a prompt to be displayed with the agent's passphrase
1251 question (needs to be plus+percent escaped). On success the key is
1252 stored as a canonical S-expression at R_RESULT and R_RESULTLEN. */
1254 gpgsm_agent_export_key (ctrl_t ctrl, const char *keygrip, const char *desc,
1255 unsigned char **r_result, size_t *r_resultlen)
1261 char line[ASSUAN_LINELENGTH];
1265 err = start_agent (ctrl);
1271 snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
1272 err = assuan_transact (agent_ctx, line,
1273 NULL, NULL, NULL, NULL, NULL, NULL);
1278 snprintf (line, DIM(line)-1, "EXPORT_KEY %s", keygrip);
1280 init_membuf_secure (&data, 1024);
1281 err = assuan_transact (agent_ctx, line,
1282 put_membuf_cb, &data,
1283 default_inq_cb, ctrl, NULL, NULL);
1286 xfree (get_membuf (&data, &len));
1289 buf = get_membuf (&data, &len);
1291 return gpg_error_from_syserror ();