1 /* call-agent.c - Divert GPGSM operations to the agent
2 * Copyright (C) 2001, 2002, 2003, 2005, 2007,
3 * 2008, 2009, 2010 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
36 #include "../common/i18n.h"
37 #include "../common/asshelp.h"
38 #include "keydb.h" /* fixme: Move this to import.c */
39 #include "../common/membuf.h"
40 #include "../common/shareddefs.h"
41 #include "passphrase.h"
44 static assuan_context_t agent_ctx = NULL;
51 const unsigned char *ciphertext;
59 const unsigned char *sexp;
71 struct import_key_parm_s
79 struct default_inq_parm_s
86 /* Print a warning if the server's version number is less than our
87 version number. Returns an error code on a connection problem. */
89 warn_version_mismatch (ctrl_t ctrl, assuan_context_t ctx,
90 const char *servername, int mode)
94 const char *myversion = strusage (13);
96 err = get_assuan_server_version (ctx, mode, &serverversion);
98 log_error (_("error getting version from '%s': %s\n"),
99 servername, gpg_strerror (err));
100 else if (compare_version_strings (serverversion, myversion) < 0)
104 warn = xtryasprintf (_("server '%s' is older than us (%s < %s)"),
105 servername, serverversion, myversion);
107 err = gpg_error_from_syserror ();
110 log_info (_("WARNING: %s\n"), warn);
113 log_info (_("Note: Outdated servers may lack important"
114 " security fixes.\n"));
115 log_info (_("Note: Use the command \"%s\" to restart them.\n"),
116 "gpgconf --kill all");
118 gpgsm_status2 (ctrl, STATUS_WARNING, "server_version_mismatch 0",
123 xfree (serverversion);
128 /* Try to connect to the agent via socket or fork it off and work by
129 pipes. Handle the server's initial greeting */
131 start_agent (ctrl_t ctrl)
136 rc = 0; /* fixme: We need a context for each thread or
137 serialize the access to the agent (which is
138 suitable given that the agent is not MT. */
141 rc = start_new_gpg_agent (&agent_ctx,
142 GPG_ERR_SOURCE_DEFAULT,
144 opt.lc_ctype, opt.lc_messages,
146 opt.autostart, opt.verbose, DBG_IPC,
147 gpgsm_status2, ctrl);
149 if (!opt.autostart && gpg_err_code (rc) == GPG_ERR_NO_AGENT)
156 log_info (_("no gpg-agent running in this session\n"));
159 else if (!rc && !(rc = warn_version_mismatch (ctrl, agent_ctx,
162 /* Tell the agent that we support Pinentry notifications. No
163 error checking so that it will work also with older
165 assuan_transact (agent_ctx, "OPTION allow-pinentry-notify",
166 NULL, NULL, NULL, NULL, NULL, NULL);
168 /* Pass on the pinentry mode. */
169 if (opt.pinentry_mode)
171 char *tmp = xasprintf ("OPTION pinentry-mode=%s",
172 str_pinentry_mode (opt.pinentry_mode));
173 rc = assuan_transact (agent_ctx, tmp,
174 NULL, NULL, NULL, NULL, NULL, NULL);
177 log_error ("setting pinentry mode '%s' failed: %s\n",
178 str_pinentry_mode (opt.pinentry_mode),
182 /* Pass on the request origin. */
183 if (opt.request_origin)
185 char *tmp = xasprintf ("OPTION pretend-request-origin=%s",
186 str_request_origin (opt.request_origin));
187 rc = assuan_transact (agent_ctx, tmp,
188 NULL, NULL, NULL, NULL, NULL, NULL);
191 log_error ("setting request origin '%s' failed: %s\n",
192 str_request_origin (opt.request_origin),
196 /* In DE_VS mode under Windows we require that the JENT RNG
198 #ifdef HAVE_W32_SYSTEM
199 if (!rc && opt.compliance == CO_DE_VS)
201 if (assuan_transact (agent_ctx, "GETINFO jent_active",
202 NULL, NULL, NULL, NULL, NULL, NULL))
204 rc = gpg_error (GPG_ERR_FORBIDDEN);
205 log_error (_("%s is not compliant with %s mode\n"),
207 gnupg_compliance_option_string (opt.compliance));
208 gpgsm_status_with_error (ctrl, STATUS_ERROR,
209 "random-compliance", rc);
212 #endif /*HAVE_W32_SYSTEM*/
217 if (!ctrl->agent_seen)
219 ctrl->agent_seen = 1;
220 audit_log_ok (ctrl->audit, AUDIT_AGENT_READY, rc);
226 /* This is the default inquiry callback. It mainly handles the
227 Pinentry notifications. */
229 default_inq_cb (void *opaque, const char *line)
232 struct default_inq_parm_s *parm = opaque;
233 ctrl_t ctrl = parm->ctrl;
235 if (has_leading_keyword (line, "PINENTRY_LAUNCHED"))
237 err = gpgsm_proxy_pinentry_notify (ctrl, line);
239 log_error (_("failed to proxy %s inquiry to client\n"),
240 "PINENTRY_LAUNCHED");
241 /* We do not pass errors to avoid breaking other code. */
243 else if ((has_leading_keyword (line, "PASSPHRASE")
244 || has_leading_keyword (line, "NEW_PASSPHRASE"))
245 && opt.pinentry_mode == PINENTRY_MODE_LOOPBACK
246 && have_static_passphrase ())
248 const char *s = get_static_passphrase ();
249 err = assuan_send_data (parm->ctx, s, strlen (s));
252 log_error ("ignoring gpg-agent inquiry '%s'\n", line);
260 /* Call the agent to do a sign operation using the key identified by
261 the hex string KEYGRIP. */
263 gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
264 unsigned char *digest, size_t digestlen, int digestalgo,
265 unsigned char **r_buf, size_t *r_buflen )
268 char *p, line[ASSUAN_LINELENGTH];
271 struct default_inq_parm_s inq_parm;
274 rc = start_agent (ctrl);
277 inq_parm.ctrl = ctrl;
278 inq_parm.ctx = agent_ctx;
280 if (digestlen*2 + 50 > DIM(line))
281 return gpg_error (GPG_ERR_GENERAL);
283 rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
287 snprintf (line, DIM(line), "SIGKEY %s", keygrip);
288 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
294 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
295 rc = assuan_transact (agent_ctx, line,
296 NULL, NULL, NULL, NULL, NULL, NULL);
301 sprintf (line, "SETHASH %d ", digestalgo);
302 p = line + strlen (line);
303 for (i=0; i < digestlen ; i++, p += 2 )
304 sprintf (p, "%02X", digest[i]);
305 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
309 init_membuf (&data, 1024);
310 rc = assuan_transact (agent_ctx, "PKSIGN",
311 put_membuf_cb, &data, default_inq_cb, &inq_parm,
315 xfree (get_membuf (&data, &len));
318 *r_buf = get_membuf (&data, r_buflen);
320 if (!gcry_sexp_canon_len (*r_buf, *r_buflen, NULL, NULL))
322 xfree (*r_buf); *r_buf = NULL;
323 return gpg_error (GPG_ERR_INV_VALUE);
326 return *r_buf? 0 : out_of_core ();
330 /* Call the scdaemon to do a sign operation using the key identified by
331 the hex string KEYID. */
333 gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
334 unsigned char *digest, size_t digestlen, int digestalgo,
335 unsigned char **r_buf, size_t *r_buflen )
338 char *p, line[ASSUAN_LINELENGTH];
342 unsigned char *sigbuf;
344 struct default_inq_parm_s inq_parm;
352 case GCRY_MD_SHA1: hashopt = "--hash=sha1"; break;
353 case GCRY_MD_RMD160:hashopt = "--hash=rmd160"; break;
354 case GCRY_MD_MD5: hashopt = "--hash=md5"; break;
355 case GCRY_MD_SHA256:hashopt = "--hash=sha256"; break;
357 return gpg_error (GPG_ERR_DIGEST_ALGO);
360 rc = start_agent (ctrl);
363 inq_parm.ctrl = ctrl;
364 inq_parm.ctx = agent_ctx;
366 if (digestlen*2 + 50 > DIM(line))
367 return gpg_error (GPG_ERR_GENERAL);
369 p = stpcpy (line, "SCD SETDATA " );
370 for (i=0; i < digestlen ; i++, p += 2 )
371 sprintf (p, "%02X", digest[i]);
372 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
376 init_membuf (&data, 1024);
378 snprintf (line, DIM(line), "SCD PKSIGN %s %s", hashopt, keyid);
379 rc = assuan_transact (agent_ctx, line,
380 put_membuf_cb, &data, default_inq_cb, &inq_parm,
384 xfree (get_membuf (&data, &len));
387 sigbuf = get_membuf (&data, &sigbuflen);
389 /* Create an S-expression from it which is formatted like this:
390 "(7:sig-val(3:rsa(1:sSIGBUFLEN:SIGBUF)))" Fixme: If a card ever
391 creates non-RSA keys we need to change things. */
392 *r_buflen = 21 + 11 + sigbuflen + 4;
393 p = xtrymalloc (*r_buflen);
394 *r_buf = (unsigned char*)p;
400 p = stpcpy (p, "(7:sig-val(3:rsa(1:s" );
401 sprintf (p, "%u:", (unsigned int)sigbuflen);
403 memcpy (p, sigbuf, sigbuflen);
408 assert (gcry_sexp_canon_len (*r_buf, *r_buflen, NULL, NULL));
415 /* Handle a CIPHERTEXT inquiry. Note, we only send the data,
416 assuan_transact takes care of flushing and writing the end */
418 inq_ciphertext_cb (void *opaque, const char *line)
420 struct cipher_parm_s *parm = opaque;
423 if (has_leading_keyword (line, "CIPHERTEXT"))
425 assuan_begin_confidential (parm->ctx);
426 rc = assuan_send_data (parm->ctx, parm->ciphertext, parm->ciphertextlen);
427 assuan_end_confidential (parm->ctx);
431 struct default_inq_parm_s inq_parm = { parm->ctrl, parm->ctx };
432 rc = default_inq_cb (&inq_parm, line);
439 /* Call the agent to do a decrypt operation using the key identified by
440 the hex string KEYGRIP. */
442 gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
443 ksba_const_sexp_t ciphertext,
444 char **r_buf, size_t *r_buflen )
447 char line[ASSUAN_LINELENGTH];
449 struct cipher_parm_s cipher_parm;
451 char *p, *buf, *endp;
452 size_t ciphertextlen;
454 if (!keygrip || strlen(keygrip) != 40 || !ciphertext || !r_buf || !r_buflen)
455 return gpg_error (GPG_ERR_INV_VALUE);
458 ciphertextlen = gcry_sexp_canon_len (ciphertext, 0, NULL, NULL);
460 return gpg_error (GPG_ERR_INV_VALUE);
462 rc = start_agent (ctrl);
466 rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
470 assert ( DIM(line) >= 50 );
471 snprintf (line, DIM(line), "SETKEY %s", keygrip);
472 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
478 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
479 rc = assuan_transact (agent_ctx, line,
480 NULL, NULL, NULL, NULL, NULL, NULL);
485 init_membuf (&data, 1024);
486 cipher_parm.ctrl = ctrl;
487 cipher_parm.ctx = agent_ctx;
488 cipher_parm.ciphertext = ciphertext;
489 cipher_parm.ciphertextlen = ciphertextlen;
490 rc = assuan_transact (agent_ctx, "PKDECRYPT",
491 put_membuf_cb, &data,
492 inq_ciphertext_cb, &cipher_parm, NULL, NULL);
495 xfree (get_membuf (&data, &len));
499 put_membuf (&data, "", 1); /* Make sure it is 0 terminated. */
500 buf = get_membuf (&data, &len);
502 return gpg_error (GPG_ERR_ENOMEM);
503 assert (len); /* (we forced Nul termination.) */
507 if (len < 13 || memcmp (buf, "(5:value", 8) ) /* "(5:valueN:D)\0" */
508 return gpg_error (GPG_ERR_INV_SEXP);
509 len -= 11; /* Count only the data of the second part. */
510 p = buf + 8; /* Skip leading parenthesis and the value tag. */
514 /* For compatibility with older gpg-agents handle the old style
515 incomplete S-exps. */
516 len--; /* Do not count the Nul. */
520 n = strtoul (p, &endp, 10);
521 if (!n || *endp != ':')
522 return gpg_error (GPG_ERR_INV_SEXP);
525 return gpg_error (GPG_ERR_INV_SEXP); /* Oops: Inconsistent S-Exp. */
527 memmove (buf, endp, n);
538 /* Handle a KEYPARMS inquiry. Note, we only send the data,
539 assuan_transact takes care of flushing and writing the end */
541 inq_genkey_parms (void *opaque, const char *line)
543 struct genkey_parm_s *parm = opaque;
546 if (has_leading_keyword (line, "KEYPARAM"))
548 rc = assuan_send_data (parm->ctx, parm->sexp, parm->sexplen);
552 struct default_inq_parm_s inq_parm = { parm->ctrl, parm->ctx };
553 rc = default_inq_cb (&inq_parm, line);
561 /* Call the agent to generate a newkey */
563 gpgsm_agent_genkey (ctrl_t ctrl,
564 ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey)
567 struct genkey_parm_s gk_parm;
573 rc = start_agent (ctrl);
577 rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
581 init_membuf (&data, 1024);
583 gk_parm.ctx = agent_ctx;
584 gk_parm.sexp = keyparms;
585 gk_parm.sexplen = gcry_sexp_canon_len (keyparms, 0, NULL, NULL);
586 if (!gk_parm.sexplen)
587 return gpg_error (GPG_ERR_INV_VALUE);
588 rc = assuan_transact (agent_ctx, "GENKEY",
589 put_membuf_cb, &data,
590 inq_genkey_parms, &gk_parm, NULL, NULL);
593 xfree (get_membuf (&data, &len));
596 buf = get_membuf (&data, &len);
598 return gpg_error (GPG_ERR_ENOMEM);
599 if (!gcry_sexp_canon_len (buf, len, NULL, NULL))
602 return gpg_error (GPG_ERR_INV_SEXP);
609 /* Call the agent to read the public key part for a given keygrip. If
610 FROMCARD is true, the key is directly read from the current
611 smartcard. In this case HEXKEYGRIP should be the keyID
614 gpgsm_agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
615 ksba_sexp_t *r_pubkey)
621 char line[ASSUAN_LINELENGTH];
622 struct default_inq_parm_s inq_parm;
625 rc = start_agent (ctrl);
628 inq_parm.ctrl = ctrl;
629 inq_parm.ctx = agent_ctx;
631 rc = assuan_transact (agent_ctx, "RESET",NULL, NULL, NULL, NULL, NULL, NULL);
635 snprintf (line, DIM(line), "%sREADKEY %s",
636 fromcard? "SCD ":"", hexkeygrip);
638 init_membuf (&data, 1024);
639 rc = assuan_transact (agent_ctx, line,
640 put_membuf_cb, &data,
641 default_inq_cb, &inq_parm, NULL, NULL);
644 xfree (get_membuf (&data, &len));
647 buf = get_membuf (&data, &len);
649 return gpg_error (GPG_ERR_ENOMEM);
650 if (!gcry_sexp_canon_len (buf, len, NULL, NULL))
653 return gpg_error (GPG_ERR_INV_SEXP);
661 /* Take the serial number from LINE and return it verbatim in a newly
662 allocated string. We make sure that only hex characters are
665 store_serialno (const char *line)
670 for (s=line; hexdigitp (s); s++)
672 p = xtrymalloc (s + 1 - line);
675 memcpy (p, line, s-line);
682 /* Callback for the gpgsm_agent_serialno function. */
684 scd_serialno_status_cb (void *opaque, const char *line)
686 char **r_serialno = opaque;
687 const char *keyword = line;
690 for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
692 while (spacep (line))
695 if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
698 *r_serialno = store_serialno (line);
705 /* Call the agent to read the serial number of the current card. */
707 gpgsm_agent_scd_serialno (ctrl_t ctrl, char **r_serialno)
710 char *serialno = NULL;
711 struct default_inq_parm_s inq_parm;
714 rc = start_agent (ctrl);
717 inq_parm.ctrl = ctrl;
718 inq_parm.ctx = agent_ctx;
720 rc = assuan_transact (agent_ctx, "SCD SERIALNO",
722 default_inq_cb, &inq_parm,
723 scd_serialno_status_cb, &serialno);
724 if (!rc && !serialno)
725 rc = gpg_error (GPG_ERR_INTERNAL);
731 *r_serialno = serialno;
737 /* Callback for the gpgsm_agent_serialno function. */
739 scd_keypairinfo_status_cb (void *opaque, const char *line)
741 strlist_t *listaddr = opaque;
742 const char *keyword = line;
747 for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
749 while (spacep (line))
752 if (keywordlen == 11 && !memcmp (keyword, "KEYPAIRINFO", keywordlen))
754 sl = append_to_strlist (listaddr, line);
756 /* Make sure that we only have two tokes so that future
757 extensions of the format won't change the format expected by
759 while (*p && !spacep (p))
765 while (*p && !spacep (p))
775 /* Call the agent to read the keypairinfo lines of the current card.
776 The list is returned as a string made up of the keygrip, a space
779 gpgsm_agent_scd_keypairinfo (ctrl_t ctrl, strlist_t *r_list)
782 strlist_t list = NULL;
783 struct default_inq_parm_s inq_parm;
786 rc = start_agent (ctrl);
789 inq_parm.ctrl = ctrl;
790 inq_parm.ctx = agent_ctx;
792 rc = assuan_transact (agent_ctx, "SCD LEARN --force",
794 default_inq_cb, &inq_parm,
795 scd_keypairinfo_status_cb, &list);
797 rc = gpg_error (GPG_ERR_NO_DATA);
810 istrusted_status_cb (void *opaque, const char *line)
812 struct rootca_flags_s *flags = opaque;
815 if ((s = has_leading_keyword (line, "TRUSTLISTFLAG")))
818 if (has_leading_keyword (line, "relax"))
820 else if (has_leading_keyword (line, "cm"))
821 flags->chain_model = 1;
828 /* Ask the agent whether the certificate is in the list of trusted
829 keys. The certificate is either specified by the CERT object or by
830 the fingerprint HEXFPR. ROOTCA_FLAGS is guaranteed to be cleared
833 gpgsm_agent_istrusted (ctrl_t ctrl, ksba_cert_t cert, const char *hexfpr,
834 struct rootca_flags_s *rootca_flags)
837 char line[ASSUAN_LINELENGTH];
839 memset (rootca_flags, 0, sizeof *rootca_flags);
842 return gpg_error (GPG_ERR_INV_ARG);
844 rc = start_agent (ctrl);
850 snprintf (line, DIM(line), "ISTRUSTED %s", hexfpr);
856 fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
859 log_error ("error getting the fingerprint\n");
860 return gpg_error (GPG_ERR_GENERAL);
863 snprintf (line, DIM(line), "ISTRUSTED %s", fpr);
867 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL,
868 istrusted_status_cb, rootca_flags);
870 rootca_flags->valid = 1;
874 /* Ask the agent to mark CERT as a trusted Root-CA one */
876 gpgsm_agent_marktrusted (ctrl_t ctrl, ksba_cert_t cert)
879 char *fpr, *dn, *dnfmt;
880 char line[ASSUAN_LINELENGTH];
881 struct default_inq_parm_s inq_parm;
883 rc = start_agent (ctrl);
886 inq_parm.ctrl = ctrl;
887 inq_parm.ctx = agent_ctx;
889 fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
892 log_error ("error getting the fingerprint\n");
893 return gpg_error (GPG_ERR_GENERAL);
896 dn = ksba_cert_get_issuer (cert, 0);
900 return gpg_error (GPG_ERR_GENERAL);
902 dnfmt = gpgsm_format_name2 (dn, 0);
905 return gpg_error_from_syserror ();
906 snprintf (line, DIM(line), "MARKTRUSTED %s S %s", fpr, dnfmt);
910 rc = assuan_transact (agent_ctx, line, NULL, NULL,
911 default_inq_cb, &inq_parm, NULL, NULL);
917 /* Ask the agent whether the a corresponding secret key is available
918 for the given keygrip */
920 gpgsm_agent_havekey (ctrl_t ctrl, const char *hexkeygrip)
923 char line[ASSUAN_LINELENGTH];
925 rc = start_agent (ctrl);
929 if (!hexkeygrip || strlen (hexkeygrip) != 40)
930 return gpg_error (GPG_ERR_INV_VALUE);
932 snprintf (line, DIM(line), "HAVEKEY %s", hexkeygrip);
934 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
940 learn_status_cb (void *opaque, const char *line)
942 struct learn_parm_s *parm = opaque;
945 /* Pass progress data to the caller. */
946 if ((s = has_leading_keyword (line, "PROGRESS")))
951 if (gpgsm_status (parm->ctrl, STATUS_PROGRESS, line))
952 return gpg_error (GPG_ERR_ASS_CANCELED);
959 learn_cb (void *opaque, const void *buffer, size_t length)
961 struct learn_parm_s *parm = opaque;
972 put_membuf (parm->data, buffer, length);
975 /* END encountered - process what we have */
976 buf = get_membuf (parm->data, &len);
979 parm->error = gpg_error (GPG_ERR_ENOMEM);
983 if (gpgsm_status (parm->ctrl, STATUS_PROGRESS, "learncard C 0 0"))
984 return gpg_error (GPG_ERR_ASS_CANCELED);
986 /* FIXME: this should go into import.c */
987 rc = ksba_cert_new (&cert);
993 rc = ksba_cert_init_from_mem (cert, buf, len);
996 log_error ("failed to parse a certificate: %s\n", gpg_strerror (rc));
997 ksba_cert_release (cert);
1002 /* We do not store a certifciate with missing issuers as ephemeral
1003 because we can assume that the --learn-card command has been used
1005 rc = gpgsm_basic_cert_check (parm->ctrl, cert);
1006 if (rc && gpg_err_code (rc) != GPG_ERR_MISSING_CERT
1007 && gpg_err_code (rc) != GPG_ERR_MISSING_ISSUER_CERT)
1008 log_error ("invalid certificate: %s\n", gpg_strerror (rc));
1013 if (!keydb_store_cert (parm->ctrl, cert, 0, &existed))
1015 if (opt.verbose > 1 && existed)
1016 log_info ("certificate already in DB\n");
1017 else if (opt.verbose && !existed)
1018 log_info ("certificate imported\n");
1022 ksba_cert_release (cert);
1023 init_membuf (parm->data, 4096);
1027 /* Call the agent to learn about a smartcard */
1029 gpgsm_agent_learn (ctrl_t ctrl)
1032 struct learn_parm_s learn_parm;
1036 rc = start_agent (ctrl);
1040 rc = warn_version_mismatch (ctrl, agent_ctx, SCDAEMON_NAME, 2);
1044 init_membuf (&data, 4096);
1045 learn_parm.error = 0;
1046 learn_parm.ctrl = ctrl;
1047 learn_parm.ctx = agent_ctx;
1048 learn_parm.data = &data;
1049 rc = assuan_transact (agent_ctx, "LEARN --send",
1050 learn_cb, &learn_parm,
1052 learn_status_cb, &learn_parm);
1053 xfree (get_membuf (&data, &len));
1056 return learn_parm.error;
1060 /* Ask the agent to change the passphrase of the key identified by
1061 HEXKEYGRIP. If DESC is not NULL, display instead of the default
1062 description message. */
1064 gpgsm_agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc)
1067 char line[ASSUAN_LINELENGTH];
1068 struct default_inq_parm_s inq_parm;
1070 rc = start_agent (ctrl);
1073 inq_parm.ctrl = ctrl;
1074 inq_parm.ctx = agent_ctx;
1076 if (!hexkeygrip || strlen (hexkeygrip) != 40)
1077 return gpg_error (GPG_ERR_INV_VALUE);
1081 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
1082 rc = assuan_transact (agent_ctx, line,
1083 NULL, NULL, NULL, NULL, NULL, NULL);
1088 snprintf (line, DIM(line), "PASSWD %s", hexkeygrip);
1090 rc = assuan_transact (agent_ctx, line, NULL, NULL,
1091 default_inq_cb, &inq_parm, NULL, NULL);
1097 /* Ask the agent to pop up a confirmation dialog with the text DESC
1098 and an okay and cancel button. */
1100 gpgsm_agent_get_confirmation (ctrl_t ctrl, const char *desc)
1103 char line[ASSUAN_LINELENGTH];
1104 struct default_inq_parm_s inq_parm;
1106 rc = start_agent (ctrl);
1109 inq_parm.ctrl = ctrl;
1110 inq_parm.ctx = agent_ctx;
1112 snprintf (line, DIM(line), "GET_CONFIRMATION %s", desc);
1114 rc = assuan_transact (agent_ctx, line, NULL, NULL,
1115 default_inq_cb, &inq_parm, NULL, NULL);
1121 /* Return 0 if the agent is alive. This is useful to make sure that
1122 an agent has been started. */
1124 gpgsm_agent_send_nop (ctrl_t ctrl)
1128 rc = start_agent (ctrl);
1130 rc = assuan_transact (agent_ctx, "NOP",
1131 NULL, NULL, NULL, NULL, NULL, NULL);
1138 keyinfo_status_cb (void *opaque, const char *line)
1140 char **serialno = opaque;
1143 if ((s = has_leading_keyword (line, "KEYINFO")) && !*serialno)
1145 s = strchr (s, ' ');
1146 if (s && s[1] == 'T' && s[2] == ' ' && s[3])
1149 s2 = strchr (s, ' ');
1152 *serialno = xtrymalloc ((s2 - s)+1);
1155 memcpy (*serialno, s, s2 - s);
1156 (*serialno)[s2 - s] = 0;
1164 /* Return the serial number for a secret key. If the returned serial
1165 number is NULL, the key is not stored on a smartcard. Caller needs
1166 to free R_SERIALNO. */
1168 gpgsm_agent_keyinfo (ctrl_t ctrl, const char *hexkeygrip, char **r_serialno)
1171 char line[ASSUAN_LINELENGTH];
1172 char *serialno = NULL;
1176 err = start_agent (ctrl);
1180 if (!hexkeygrip || strlen (hexkeygrip) != 40)
1181 return gpg_error (GPG_ERR_INV_VALUE);
1183 snprintf (line, DIM(line), "KEYINFO %s", hexkeygrip);
1185 err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL,
1186 keyinfo_status_cb, &serialno);
1187 if (!err && serialno)
1189 /* Sanity check for bad characters. */
1190 if (strpbrk (serialno, ":\n\r"))
1191 err = GPG_ERR_INV_VALUE;
1196 *r_serialno = serialno;
1202 /* Ask for the passphrase (this is used for pkcs#12 import/export. On
1203 success the caller needs to free the string stored at R_PASSPHRASE.
1204 On error NULL will be stored at R_PASSPHRASE and an appropriate
1205 error code returned. If REPEAT is true the agent tries to get a
1206 new passphrase (i.e. asks the user to confirm it). */
1208 gpgsm_agent_ask_passphrase (ctrl_t ctrl, const char *desc_msg, int repeat,
1209 char **r_passphrase)
1212 char line[ASSUAN_LINELENGTH];
1215 struct default_inq_parm_s inq_parm;
1217 *r_passphrase = NULL;
1219 err = start_agent (ctrl);
1222 inq_parm.ctrl = ctrl;
1223 inq_parm.ctx = agent_ctx;
1225 if (desc_msg && *desc_msg && !(arg4 = percent_plus_escape (desc_msg)))
1226 return gpg_error_from_syserror ();
1228 snprintf (line, DIM(line), "GET_PASSPHRASE --data%s -- X X X %s",
1229 repeat? " --repeat=1 --check --qualitybar":"",
1233 init_membuf_secure (&data, 64);
1234 err = assuan_transact (agent_ctx, line,
1235 put_membuf_cb, &data,
1236 default_inq_cb, &inq_parm, NULL, NULL);
1239 xfree (get_membuf (&data, NULL));
1242 put_membuf (&data, "", 1);
1243 *r_passphrase = get_membuf (&data, NULL);
1245 err = gpg_error_from_syserror ();
1252 /* Retrieve a key encryption key from the agent. With FOREXPORT true
1253 the key shall be use for export, with false for import. On success
1254 the new key is stored at R_KEY and its length at R_KEKLEN. */
1256 gpgsm_agent_keywrap_key (ctrl_t ctrl, int forexport,
1257 void **r_kek, size_t *r_keklen)
1263 char line[ASSUAN_LINELENGTH];
1264 struct default_inq_parm_s inq_parm;
1267 err = start_agent (ctrl);
1270 inq_parm.ctrl = ctrl;
1271 inq_parm.ctx = agent_ctx;
1273 snprintf (line, DIM(line), "KEYWRAP_KEY %s",
1274 forexport? "--export":"--import");
1276 init_membuf_secure (&data, 64);
1277 err = assuan_transact (agent_ctx, line,
1278 put_membuf_cb, &data,
1279 default_inq_cb, &inq_parm, NULL, NULL);
1282 xfree (get_membuf (&data, &len));
1285 buf = get_membuf (&data, &len);
1287 return gpg_error_from_syserror ();
1296 /* Handle the inquiry for an IMPORT_KEY command. */
1298 inq_import_key_parms (void *opaque, const char *line)
1300 struct import_key_parm_s *parm = opaque;
1303 if (has_leading_keyword (line, "KEYDATA"))
1305 assuan_begin_confidential (parm->ctx);
1306 err = assuan_send_data (parm->ctx, parm->key, parm->keylen);
1307 assuan_end_confidential (parm->ctx);
1311 struct default_inq_parm_s inq_parm = { parm->ctrl, parm->ctx };
1312 err = default_inq_cb (&inq_parm, line);
1319 /* Call the agent to import a key into the agent. */
1321 gpgsm_agent_import_key (ctrl_t ctrl, const void *key, size_t keylen)
1324 struct import_key_parm_s parm;
1326 err = start_agent (ctrl);
1331 parm.ctx = agent_ctx;
1333 parm.keylen = keylen;
1335 err = assuan_transact (agent_ctx, "IMPORT_KEY",
1336 NULL, NULL, inq_import_key_parms, &parm, NULL, NULL);
1342 /* Receive a secret key from the agent. KEYGRIP is the hexified
1343 keygrip, DESC a prompt to be displayed with the agent's passphrase
1344 question (needs to be plus+percent escaped). On success the key is
1345 stored as a canonical S-expression at R_RESULT and R_RESULTLEN. */
1347 gpgsm_agent_export_key (ctrl_t ctrl, const char *keygrip, const char *desc,
1348 unsigned char **r_result, size_t *r_resultlen)
1354 char line[ASSUAN_LINELENGTH];
1355 struct default_inq_parm_s inq_parm;
1359 err = start_agent (ctrl);
1362 inq_parm.ctrl = ctrl;
1363 inq_parm.ctx = agent_ctx;
1367 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
1368 err = assuan_transact (agent_ctx, line,
1369 NULL, NULL, NULL, NULL, NULL, NULL);
1374 snprintf (line, DIM(line), "EXPORT_KEY %s", keygrip);
1376 init_membuf_secure (&data, 1024);
1377 err = assuan_transact (agent_ctx, line,
1378 put_membuf_cb, &data,
1379 default_inq_cb, &inq_parm, NULL, NULL);
1382 xfree (get_membuf (&data, &len));
1385 buf = get_membuf (&data, &len);
1387 return gpg_error_from_syserror ();