1 /* call-agent.c - Divert GPGSM operations to the agent
2 * Copyright (C) 2001, 2002, 2003, 2005, 2007,
3 * 2008, 2009, 2010 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
38 #include "keydb.h" /* fixme: Move this to import.c */
42 static assuan_context_t agent_ctx = NULL;
49 const unsigned char *ciphertext;
57 const unsigned char *sexp;
69 struct import_key_parm_s
79 /* Try to connect to the agent via socket or fork it off and work by
80 pipes. Handle the server's initial greeting */
82 start_agent (ctrl_t ctrl)
87 rc = 0; /* fixme: We need a context for each thread or
88 serialize the access to the agent (which is
89 suitable given that the agent is not MT. */
92 rc = start_new_gpg_agent (&agent_ctx,
93 GPG_ERR_SOURCE_DEFAULT,
96 opt.lc_ctype, opt.lc_messages,
98 opt.verbose, DBG_ASSUAN,
103 /* Tell the agent that we support Pinentry notifications. No
104 error checking so that it will work also with older
106 assuan_transact (agent_ctx, "OPTION allow-pinentry-notify",
107 NULL, NULL, NULL, NULL, NULL, NULL);
111 if (!ctrl->agent_seen)
113 ctrl->agent_seen = 1;
114 audit_log_ok (ctrl->audit, AUDIT_AGENT_READY, rc);
123 membuf_data_cb (void *opaque, const void *buffer, size_t length)
125 membuf_t *data = opaque;
128 put_membuf (data, buffer, length);
133 /* This is the default inquiry callback. It mainly handles the
134 Pinentry notifications. */
136 default_inq_cb (void *opaque, const char *line)
139 ctrl_t ctrl = opaque;
141 if (has_leading_keyword (line, "PINENTRY_LAUNCHED"))
143 err = gpgsm_proxy_pinentry_notify (ctrl, line);
145 log_error (_("failed to proxy %s inquiry to client\n"),
146 "PINENTRY_LAUNCHED");
147 /* We do not pass errors to avoid breaking other code. */
150 log_error ("ignoring gpg-agent inquiry '%s'\n", line);
158 /* Call the agent to do a sign operation using the key identified by
159 the hex string KEYGRIP. */
161 gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
162 unsigned char *digest, size_t digestlen, int digestalgo,
163 unsigned char **r_buf, size_t *r_buflen )
166 char *p, line[ASSUAN_LINELENGTH];
171 rc = start_agent (ctrl);
175 if (digestlen*2 + 50 > DIM(line))
176 return gpg_error (GPG_ERR_GENERAL);
178 rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
182 snprintf (line, DIM(line)-1, "SIGKEY %s", keygrip);
183 line[DIM(line)-1] = 0;
184 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
190 snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
191 line[DIM(line)-1] = 0;
192 rc = assuan_transact (agent_ctx, line,
193 NULL, NULL, NULL, NULL, NULL, NULL);
198 sprintf (line, "SETHASH %d ", digestalgo);
199 p = line + strlen (line);
200 for (i=0; i < digestlen ; i++, p += 2 )
201 sprintf (p, "%02X", digest[i]);
202 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
206 init_membuf (&data, 1024);
207 rc = assuan_transact (agent_ctx, "PKSIGN",
208 membuf_data_cb, &data, default_inq_cb, ctrl,
212 xfree (get_membuf (&data, &len));
215 *r_buf = get_membuf (&data, r_buflen);
217 if (!gcry_sexp_canon_len (*r_buf, *r_buflen, NULL, NULL))
219 xfree (*r_buf); *r_buf = NULL;
220 return gpg_error (GPG_ERR_INV_VALUE);
223 return *r_buf? 0 : out_of_core ();
227 /* Call the scdaemon to do a sign operation using the key identified by
228 the hex string KEYID. */
230 gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
231 unsigned char *digest, size_t digestlen, int digestalgo,
232 unsigned char **r_buf, size_t *r_buflen )
235 char *p, line[ASSUAN_LINELENGTH];
239 unsigned char *sigbuf;
248 case GCRY_MD_SHA1: hashopt = "--hash=sha1"; break;
249 case GCRY_MD_RMD160:hashopt = "--hash=rmd160"; break;
250 case GCRY_MD_MD5: hashopt = "--hash=md5"; break;
251 case GCRY_MD_SHA256:hashopt = "--hash=sha256"; break;
253 return gpg_error (GPG_ERR_DIGEST_ALGO);
256 rc = start_agent (ctrl);
260 if (digestlen*2 + 50 > DIM(line))
261 return gpg_error (GPG_ERR_GENERAL);
263 p = stpcpy (line, "SCD SETDATA " );
264 for (i=0; i < digestlen ; i++, p += 2 )
265 sprintf (p, "%02X", digest[i]);
266 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
270 init_membuf (&data, 1024);
272 snprintf (line, DIM(line)-1, "SCD PKSIGN %s %s", hashopt, keyid);
273 line[DIM(line)-1] = 0;
274 rc = assuan_transact (agent_ctx, line,
275 membuf_data_cb, &data, default_inq_cb, ctrl,
279 xfree (get_membuf (&data, &len));
282 sigbuf = get_membuf (&data, &sigbuflen);
284 /* Create an S-expression from it which is formatted like this:
285 "(7:sig-val(3:rsa(1:sSIGBUFLEN:SIGBUF)))" Fixme: If a card ever
286 creates non-RSA keys we need to change things. */
287 *r_buflen = 21 + 11 + sigbuflen + 4;
288 p = xtrymalloc (*r_buflen);
289 *r_buf = (unsigned char*)p;
295 p = stpcpy (p, "(7:sig-val(3:rsa(1:s" );
296 sprintf (p, "%u:", (unsigned int)sigbuflen);
298 memcpy (p, sigbuf, sigbuflen);
303 assert (gcry_sexp_canon_len (*r_buf, *r_buflen, NULL, NULL));
310 /* Handle a CIPHERTEXT inquiry. Note, we only send the data,
311 assuan_transact takes care of flushing and writing the end */
313 inq_ciphertext_cb (void *opaque, const char *line)
315 struct cipher_parm_s *parm = opaque;
318 if (has_leading_keyword (line, "CIPHERTEXT"))
320 assuan_begin_confidential (parm->ctx);
321 rc = assuan_send_data (parm->ctx, parm->ciphertext, parm->ciphertextlen);
322 assuan_end_confidential (parm->ctx);
325 rc = default_inq_cb (parm->ctrl, line);
331 /* Call the agent to do a decrypt operation using the key identified by
332 the hex string KEYGRIP. */
334 gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
335 ksba_const_sexp_t ciphertext,
336 char **r_buf, size_t *r_buflen )
339 char line[ASSUAN_LINELENGTH];
341 struct cipher_parm_s cipher_parm;
343 char *p, *buf, *endp;
344 size_t ciphertextlen;
346 if (!keygrip || strlen(keygrip) != 40 || !ciphertext || !r_buf || !r_buflen)
347 return gpg_error (GPG_ERR_INV_VALUE);
350 ciphertextlen = gcry_sexp_canon_len (ciphertext, 0, NULL, NULL);
352 return gpg_error (GPG_ERR_INV_VALUE);
354 rc = start_agent (ctrl);
358 rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
362 assert ( DIM(line) >= 50 );
363 snprintf (line, DIM(line)-1, "SETKEY %s", keygrip);
364 line[DIM(line)-1] = 0;
365 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
371 snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
372 line[DIM(line)-1] = 0;
373 rc = assuan_transact (agent_ctx, line,
374 NULL, NULL, NULL, NULL, NULL, NULL);
379 init_membuf (&data, 1024);
380 cipher_parm.ctrl = ctrl;
381 cipher_parm.ctx = agent_ctx;
382 cipher_parm.ciphertext = ciphertext;
383 cipher_parm.ciphertextlen = ciphertextlen;
384 rc = assuan_transact (agent_ctx, "PKDECRYPT",
385 membuf_data_cb, &data,
386 inq_ciphertext_cb, &cipher_parm, NULL, NULL);
389 xfree (get_membuf (&data, &len));
393 put_membuf (&data, "", 1); /* Make sure it is 0 terminated. */
394 buf = get_membuf (&data, &len);
396 return gpg_error (GPG_ERR_ENOMEM);
397 assert (len); /* (we forced Nul termination.) */
401 if (len < 13 || memcmp (buf, "(5:value", 8) ) /* "(5:valueN:D)\0" */
402 return gpg_error (GPG_ERR_INV_SEXP);
403 len -= 11; /* Count only the data of the second part. */
404 p = buf + 8; /* Skip leading parenthesis and the value tag. */
408 /* For compatibility with older gpg-agents handle the old style
409 incomplete S-exps. */
410 len--; /* Do not count the Nul. */
414 n = strtoul (p, &endp, 10);
415 if (!n || *endp != ':')
416 return gpg_error (GPG_ERR_INV_SEXP);
419 return gpg_error (GPG_ERR_INV_SEXP); /* Oops: Inconsistent S-Exp. */
421 memmove (buf, endp, n);
432 /* Handle a KEYPARMS inquiry. Note, we only send the data,
433 assuan_transact takes care of flushing and writing the end */
435 inq_genkey_parms (void *opaque, const char *line)
437 struct genkey_parm_s *parm = opaque;
440 if (has_leading_keyword (line, "KEYPARAM"))
442 rc = assuan_send_data (parm->ctx, parm->sexp, parm->sexplen);
445 rc = default_inq_cb (parm->ctrl, line);
452 /* Call the agent to generate a newkey */
454 gpgsm_agent_genkey (ctrl_t ctrl,
455 ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey)
458 struct genkey_parm_s gk_parm;
464 rc = start_agent (ctrl);
468 rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
472 init_membuf (&data, 1024);
474 gk_parm.ctx = agent_ctx;
475 gk_parm.sexp = keyparms;
476 gk_parm.sexplen = gcry_sexp_canon_len (keyparms, 0, NULL, NULL);
477 if (!gk_parm.sexplen)
478 return gpg_error (GPG_ERR_INV_VALUE);
479 rc = assuan_transact (agent_ctx, "GENKEY",
480 membuf_data_cb, &data,
481 inq_genkey_parms, &gk_parm, NULL, NULL);
484 xfree (get_membuf (&data, &len));
487 buf = get_membuf (&data, &len);
489 return gpg_error (GPG_ERR_ENOMEM);
490 if (!gcry_sexp_canon_len (buf, len, NULL, NULL))
493 return gpg_error (GPG_ERR_INV_SEXP);
500 /* Call the agent to read the public key part for a given keygrip. If
501 FROMCARD is true, the key is directly read from the current
502 smartcard. In this case HEXKEYGRIP should be the keyID
505 gpgsm_agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
506 ksba_sexp_t *r_pubkey)
512 char line[ASSUAN_LINELENGTH];
515 rc = start_agent (ctrl);
519 rc = assuan_transact (agent_ctx, "RESET",NULL, NULL, NULL, NULL, NULL, NULL);
523 snprintf (line, DIM(line)-1, "%sREADKEY %s",
524 fromcard? "SCD ":"", hexkeygrip);
525 line[DIM(line)-1] = 0;
527 init_membuf (&data, 1024);
528 rc = assuan_transact (agent_ctx, line,
529 membuf_data_cb, &data,
530 default_inq_cb, ctrl, NULL, NULL);
533 xfree (get_membuf (&data, &len));
536 buf = get_membuf (&data, &len);
538 return gpg_error (GPG_ERR_ENOMEM);
539 if (!gcry_sexp_canon_len (buf, len, NULL, NULL))
542 return gpg_error (GPG_ERR_INV_SEXP);
550 /* Take the serial number from LINE and return it verbatim in a newly
551 allocated string. We make sure that only hex characters are
554 store_serialno (const char *line)
559 for (s=line; hexdigitp (s); s++)
561 p = xtrymalloc (s + 1 - line);
564 memcpy (p, line, s-line);
571 /* Callback for the gpgsm_agent_serialno fucntion. */
573 scd_serialno_status_cb (void *opaque, const char *line)
575 char **r_serialno = opaque;
576 const char *keyword = line;
579 for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
581 while (spacep (line))
584 if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
587 *r_serialno = store_serialno (line);
594 /* Call the agent to read the serial number of the current card. */
596 gpgsm_agent_scd_serialno (ctrl_t ctrl, char **r_serialno)
599 char *serialno = NULL;
602 rc = start_agent (ctrl);
606 rc = assuan_transact (agent_ctx, "SCD SERIALNO",
608 default_inq_cb, ctrl,
609 scd_serialno_status_cb, &serialno);
610 if (!rc && !serialno)
611 rc = gpg_error (GPG_ERR_INTERNAL);
617 *r_serialno = serialno;
623 /* Callback for the gpgsm_agent_serialno fucntion. */
625 scd_keypairinfo_status_cb (void *opaque, const char *line)
627 strlist_t *listaddr = opaque;
628 const char *keyword = line;
633 for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
635 while (spacep (line))
638 if (keywordlen == 11 && !memcmp (keyword, "KEYPAIRINFO", keywordlen))
640 sl = append_to_strlist (listaddr, line);
642 /* Make sure that we only have two tokes so that future
643 extensions of the format won't change the format expected by
645 while (*p && !spacep (p))
651 while (*p && !spacep (p))
661 /* Call the agent to read the keypairinfo lines of the current card.
662 The list is returned as a string made up of the keygrip, a space
665 gpgsm_agent_scd_keypairinfo (ctrl_t ctrl, strlist_t *r_list)
668 strlist_t list = NULL;
671 rc = start_agent (ctrl);
675 rc = assuan_transact (agent_ctx, "SCD LEARN --force",
677 default_inq_cb, ctrl,
678 scd_keypairinfo_status_cb, &list);
680 rc = gpg_error (GPG_ERR_NO_DATA);
693 istrusted_status_cb (void *opaque, const char *line)
695 struct rootca_flags_s *flags = opaque;
698 if ((s = has_leading_keyword (line, "TRUSTLISTFLAG")))
701 if (has_leading_keyword (line, "relax"))
703 else if (has_leading_keyword (line, "cm"))
704 flags->chain_model = 1;
711 /* Ask the agent whether the certificate is in the list of trusted
712 keys. The certificate is either specified by the CERT object or by
713 the fingerprint HEXFPR. ROOTCA_FLAGS is guaranteed to be cleared
716 gpgsm_agent_istrusted (ctrl_t ctrl, ksba_cert_t cert, const char *hexfpr,
717 struct rootca_flags_s *rootca_flags)
720 char line[ASSUAN_LINELENGTH];
722 memset (rootca_flags, 0, sizeof *rootca_flags);
725 return gpg_error (GPG_ERR_INV_ARG);
727 rc = start_agent (ctrl);
733 snprintf (line, DIM(line)-1, "ISTRUSTED %s", hexfpr);
734 line[DIM(line)-1] = 0;
740 fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
743 log_error ("error getting the fingerprint\n");
744 return gpg_error (GPG_ERR_GENERAL);
747 snprintf (line, DIM(line)-1, "ISTRUSTED %s", fpr);
748 line[DIM(line)-1] = 0;
752 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL,
753 istrusted_status_cb, rootca_flags);
755 rootca_flags->valid = 1;
759 /* Ask the agent to mark CERT as a trusted Root-CA one */
761 gpgsm_agent_marktrusted (ctrl_t ctrl, ksba_cert_t cert)
764 char *fpr, *dn, *dnfmt;
765 char line[ASSUAN_LINELENGTH];
767 rc = start_agent (ctrl);
771 fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
774 log_error ("error getting the fingerprint\n");
775 return gpg_error (GPG_ERR_GENERAL);
778 dn = ksba_cert_get_issuer (cert, 0);
782 return gpg_error (GPG_ERR_GENERAL);
784 dnfmt = gpgsm_format_name2 (dn, 0);
787 return gpg_error_from_syserror ();
788 snprintf (line, DIM(line)-1, "MARKTRUSTED %s S %s", fpr, dnfmt);
789 line[DIM(line)-1] = 0;
793 rc = assuan_transact (agent_ctx, line, NULL, NULL,
794 default_inq_cb, ctrl, NULL, NULL);
800 /* Ask the agent whether the a corresponding secret key is available
801 for the given keygrip */
803 gpgsm_agent_havekey (ctrl_t ctrl, const char *hexkeygrip)
806 char line[ASSUAN_LINELENGTH];
808 rc = start_agent (ctrl);
812 if (!hexkeygrip || strlen (hexkeygrip) != 40)
813 return gpg_error (GPG_ERR_INV_VALUE);
815 snprintf (line, DIM(line)-1, "HAVEKEY %s", hexkeygrip);
816 line[DIM(line)-1] = 0;
818 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
824 learn_status_cb (void *opaque, const char *line)
826 struct learn_parm_s *parm = opaque;
829 /* Pass progress data to the caller. */
830 if ((s = has_leading_keyword (line, "PROGRESS")))
835 if (gpgsm_status (parm->ctrl, STATUS_PROGRESS, line))
836 return gpg_error (GPG_ERR_ASS_CANCELED);
843 learn_cb (void *opaque, const void *buffer, size_t length)
845 struct learn_parm_s *parm = opaque;
856 put_membuf (parm->data, buffer, length);
859 /* END encountered - process what we have */
860 buf = get_membuf (parm->data, &len);
863 parm->error = gpg_error (GPG_ERR_ENOMEM);
867 if (gpgsm_status (parm->ctrl, STATUS_PROGRESS, "learncard C 0 0"))
868 return gpg_error (GPG_ERR_ASS_CANCELED);
870 /* FIXME: this should go into import.c */
871 rc = ksba_cert_new (&cert);
877 rc = ksba_cert_init_from_mem (cert, buf, len);
880 log_error ("failed to parse a certificate: %s\n", gpg_strerror (rc));
881 ksba_cert_release (cert);
886 /* We do not store a certifciate with missing issuers as ephemeral
887 because we can assume that the --learn-card command has been used
889 rc = gpgsm_basic_cert_check (parm->ctrl, cert);
890 if (rc && gpg_err_code (rc) != GPG_ERR_MISSING_CERT
891 && gpg_err_code (rc) != GPG_ERR_MISSING_ISSUER_CERT)
892 log_error ("invalid certificate: %s\n", gpg_strerror (rc));
897 if (!keydb_store_cert (cert, 0, &existed))
899 if (opt.verbose > 1 && existed)
900 log_info ("certificate already in DB\n");
901 else if (opt.verbose && !existed)
902 log_info ("certificate imported\n");
906 ksba_cert_release (cert);
907 init_membuf (parm->data, 4096);
911 /* Call the agent to learn about a smartcard */
913 gpgsm_agent_learn (ctrl_t ctrl)
916 struct learn_parm_s learn_parm;
920 rc = start_agent (ctrl);
924 init_membuf (&data, 4096);
925 learn_parm.error = 0;
926 learn_parm.ctrl = ctrl;
927 learn_parm.ctx = agent_ctx;
928 learn_parm.data = &data;
929 rc = assuan_transact (agent_ctx, "LEARN --send",
930 learn_cb, &learn_parm,
932 learn_status_cb, &learn_parm);
933 xfree (get_membuf (&data, &len));
936 return learn_parm.error;
940 /* Ask the agent to change the passphrase of the key identified by
941 HEXKEYGRIP. If DESC is not NULL, display instead of the default
942 description message. */
944 gpgsm_agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc)
947 char line[ASSUAN_LINELENGTH];
949 rc = start_agent (ctrl);
953 if (!hexkeygrip || strlen (hexkeygrip) != 40)
954 return gpg_error (GPG_ERR_INV_VALUE);
958 snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
959 line[DIM(line)-1] = 0;
960 rc = assuan_transact (agent_ctx, line,
961 NULL, NULL, NULL, NULL, NULL, NULL);
966 snprintf (line, DIM(line)-1, "PASSWD %s", hexkeygrip);
967 line[DIM(line)-1] = 0;
969 rc = assuan_transact (agent_ctx, line, NULL, NULL,
970 default_inq_cb, ctrl, NULL, NULL);
976 /* Ask the agent to pop up a confirmation dialog with the text DESC
977 and an okay and cancel button. */
979 gpgsm_agent_get_confirmation (ctrl_t ctrl, const char *desc)
982 char line[ASSUAN_LINELENGTH];
984 rc = start_agent (ctrl);
988 snprintf (line, DIM(line)-1, "GET_CONFIRMATION %s", desc);
989 line[DIM(line)-1] = 0;
991 rc = assuan_transact (agent_ctx, line, NULL, NULL,
992 default_inq_cb, ctrl, NULL, NULL);
998 /* Return 0 if the agent is alive. This is useful to make sure that
999 an agent has been started. */
1001 gpgsm_agent_send_nop (ctrl_t ctrl)
1005 rc = start_agent (ctrl);
1007 rc = assuan_transact (agent_ctx, "NOP",
1008 NULL, NULL, NULL, NULL, NULL, NULL);
1015 keyinfo_status_cb (void *opaque, const char *line)
1017 char **serialno = opaque;
1020 if ((s = has_leading_keyword (line, "KEYINFO")) && !*serialno)
1022 s = strchr (s, ' ');
1023 if (s && s[1] == 'T' && s[2] == ' ' && s[3])
1026 s2 = strchr (s, ' ');
1029 *serialno = xtrymalloc ((s2 - s)+1);
1032 memcpy (*serialno, s, s2 - s);
1033 (*serialno)[s2 - s] = 0;
1041 /* Return the serial number for a secret key. If the returned serial
1042 number is NULL, the key is not stored on a smartcard. Caller needs
1043 to free R_SERIALNO. */
1045 gpgsm_agent_keyinfo (ctrl_t ctrl, const char *hexkeygrip, char **r_serialno)
1048 char line[ASSUAN_LINELENGTH];
1049 char *serialno = NULL;
1053 err = start_agent (ctrl);
1057 if (!hexkeygrip || strlen (hexkeygrip) != 40)
1058 return gpg_error (GPG_ERR_INV_VALUE);
1060 snprintf (line, DIM(line)-1, "KEYINFO %s", hexkeygrip);
1061 line[DIM(line)-1] = 0;
1063 err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL,
1064 keyinfo_status_cb, &serialno);
1065 if (!err && serialno)
1067 /* Sanity check for bad characters. */
1068 if (strpbrk (serialno, ":\n\r"))
1069 err = GPG_ERR_INV_VALUE;
1074 *r_serialno = serialno;
1080 /* Ask for the passphrase (this is used for pkcs#12 import/export. On
1081 success the caller needs to free the string stored at R_PASSPHRASE.
1082 On error NULL will be stored at R_PASSPHRASE and an appropriate
1083 error code returned. If REPEAT is true the agent tries to get a
1084 new passphrase (i.e. asks the user to confirm it). */
1086 gpgsm_agent_ask_passphrase (ctrl_t ctrl, const char *desc_msg, int repeat,
1087 char **r_passphrase)
1090 char line[ASSUAN_LINELENGTH];
1094 *r_passphrase = NULL;
1096 err = start_agent (ctrl);
1100 if (desc_msg && *desc_msg && !(arg4 = percent_plus_escape (desc_msg)))
1101 return gpg_error_from_syserror ();
1103 snprintf (line, DIM(line)-1, "GET_PASSPHRASE --data%s -- X X X %s",
1104 repeat? " --repeat=1 --check --qualitybar":"",
1108 init_membuf_secure (&data, 64);
1109 err = assuan_transact (agent_ctx, line,
1110 membuf_data_cb, &data,
1111 default_inq_cb, NULL, NULL, NULL);
1114 xfree (get_membuf (&data, NULL));
1117 put_membuf (&data, "", 1);
1118 *r_passphrase = get_membuf (&data, NULL);
1120 err = gpg_error_from_syserror ();
1127 /* Retrieve a key encryption key from the agent. With FOREXPORT true
1128 the key shall be use for export, with false for import. On success
1129 the new key is stored at R_KEY and its length at R_KEKLEN. */
1131 gpgsm_agent_keywrap_key (ctrl_t ctrl, int forexport,
1132 void **r_kek, size_t *r_keklen)
1138 char line[ASSUAN_LINELENGTH];
1141 err = start_agent (ctrl);
1145 snprintf (line, DIM(line)-1, "KEYWRAP_KEY %s",
1146 forexport? "--export":"--import");
1148 init_membuf_secure (&data, 64);
1149 err = assuan_transact (agent_ctx, line,
1150 membuf_data_cb, &data,
1151 default_inq_cb, ctrl, NULL, NULL);
1154 xfree (get_membuf (&data, &len));
1157 buf = get_membuf (&data, &len);
1159 return gpg_error_from_syserror ();
1168 /* Handle the inquiry for an IMPORT_KEY command. */
1170 inq_import_key_parms (void *opaque, const char *line)
1172 struct import_key_parm_s *parm = opaque;
1175 if (has_leading_keyword (line, "KEYDATA"))
1177 assuan_begin_confidential (parm->ctx);
1178 err = assuan_send_data (parm->ctx, parm->key, parm->keylen);
1179 assuan_end_confidential (parm->ctx);
1182 err = default_inq_cb (parm->ctrl, line);
1188 /* Call the agent to import a key into the agent. */
1190 gpgsm_agent_import_key (ctrl_t ctrl, const void *key, size_t keylen)
1193 struct import_key_parm_s parm;
1195 err = start_agent (ctrl);
1200 parm.ctx = agent_ctx;
1202 parm.keylen = keylen;
1204 err = assuan_transact (agent_ctx, "IMPORT_KEY",
1205 NULL, NULL, inq_import_key_parms, &parm, NULL, NULL);
1211 /* Receive a secret key from the agent. KEYGRIP is the hexified
1212 keygrip, DESC a prompt to be displayed with the agent's passphrase
1213 question (needs to be plus+percent escaped). On success the key is
1214 stored as a canonical S-expression at R_RESULT and R_RESULTLEN. */
1216 gpgsm_agent_export_key (ctrl_t ctrl, const char *keygrip, const char *desc,
1217 unsigned char **r_result, size_t *r_resultlen)
1223 char line[ASSUAN_LINELENGTH];
1227 err = start_agent (ctrl);
1233 snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
1234 err = assuan_transact (agent_ctx, line,
1235 NULL, NULL, NULL, NULL, NULL, NULL);
1240 snprintf (line, DIM(line)-1, "EXPORT_KEY %s", keygrip);
1242 init_membuf_secure (&data, 1024);
1243 err = assuan_transact (agent_ctx, line,
1244 membuf_data_cb, &data,
1245 default_inq_cb, ctrl, NULL, NULL);
1248 xfree (get_membuf (&data, &len));
1251 buf = get_membuf (&data, &len);
1253 return gpg_error_from_syserror ();