1 /* command.c - gpg-agent command handler
2 * Copyright (C) 2001-2011 Free Software Foundation, Inc.
3 * Copyright (C) 2001-2013 Werner Koch
4 * Copyright (C) 2015 g10 Code GmbH.
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <https://www.gnu.org/licenses/>.
22 /* FIXME: we should not use the default assuan buffering but setup
23 some buffering in secure mempory to protect session keys etc. */
34 #include <sys/types.h>
40 #include "../common/i18n.h"
41 #include "cvt-openpgp.h"
42 #include "../common/ssh-utils.h"
43 #include "../common/asshelp.h"
44 #include "../common/server-help.h"
47 /* Maximum allowed size of the inquired ciphertext. */
48 #define MAXLEN_CIPHERTEXT 4096
49 /* Maximum allowed size of the key parameters. */
50 #define MAXLEN_KEYPARAM 1024
51 /* Maximum allowed size of key data as used in inquiries (bytes). */
52 #define MAXLEN_KEYDATA 8192
53 /* The size of the import/export KEK key (in bytes). */
54 #define KEYWRAP_KEYSIZE (128/8)
56 /* A shortcut to call assuan_set_error using an gpg_err_code_t and a
58 #define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t))
60 /* Check that the maximum digest length we support has at least the
61 length of the keygrip. */
62 #if MAX_DIGEST_LEN < 20
63 #error MAX_DIGEST_LEN shorter than keygrip
66 /* Data used to associate an Assuan context with local server data.
67 This is this modules local part of the server_control_s struct. */
70 /* Our Assuan context. */
71 assuan_context_t assuan_ctx;
73 /* If this flag is true, the passphrase cache is used for signing
74 operations. It defaults to true but may be set on a per
75 connection base. The global option opt.ignore_cache_for_signing
76 takes precedence over this flag. */
77 unsigned int use_cache_for_signing : 1;
79 /* Flag to suppress I/O logging during a command. */
80 unsigned int pause_io_logging : 1;
82 /* Flag indicating that the connection is from ourselves. */
83 unsigned int connect_from_self : 1;
85 /* Helper flag for io_monitor to allow suppressing of our own
86 * greeting in some cases. See io_monitor for details. */
87 unsigned int greeting_seen : 1;
89 /* If this flag is set to true the agent will be terminated after
90 the end of the current session. */
91 unsigned int stopme : 1;
93 /* Flag indicating whether pinentry notifications shall be done. */
94 unsigned int allow_pinentry_notify : 1;
96 /* An allocated description for the next key operation. This is
97 used if a pinnetry needs to be popped up. */
100 /* Malloced KEK (Key-Encryption-Key) for the import_key command. */
103 /* Malloced KEK for the export_key command. */
106 /* Client is aware of the error code GPG_ERR_FULLY_CANCELED. */
107 int allow_fully_canceled;
109 /* Last CACHE_NONCE sent as status (malloced). */
110 char *last_cache_nonce;
112 /* Last PASSWD_NONCE sent as status (malloced). */
113 char *last_passwd_nonce;
117 /* An entry for the getval/putval commands. */
120 struct putval_item_s *next;
121 size_t off; /* Offset to the value into DATA. */
122 size_t len; /* Length of the value. */
123 char d[1]; /* Key | Nul | value. */
127 /* A list of key value pairs fpr the getval/putval commands. */
128 static struct putval_item_s *putval_list;
132 /* To help polling clients, we keep track of the number of certain
133 events. This structure keeps those counters. The counters are
134 integers and there should be no problem if they are overflowing as
135 callers need to check only whether a counter changed. The actual
136 values are not meaningful. */
139 /* Incremented if any of the other counters below changed. */
142 /* Incremented if a key is added or removed from the internal privat
146 /* Incremented if a change of the card readers stati has been
154 /* Local prototypes. */
155 static int command_has_option (const char *cmd, const char *cmdopt);
160 /* Release the memory buffer MB but first wipe out the used memory. */
162 clear_outbuf (membuf_t *mb)
167 p = get_membuf (mb, &n);
176 /* Write the content of memory buffer MB as assuan data to CTX and
177 wipe the buffer out afterwards. */
179 write_and_clear_outbuf (assuan_context_t ctx, membuf_t *mb)
185 p = get_membuf (mb, &n);
187 return out_of_core ();
188 ae = assuan_send_data (ctx, p, n);
195 /* Clear the nonces used to enable the passphrase cache for certain
196 multi-command command sequences. */
198 clear_nonce_cache (ctrl_t ctrl)
200 if (ctrl->server_local->last_cache_nonce)
202 agent_put_cache (ctrl, ctrl->server_local->last_cache_nonce,
203 CACHE_MODE_NONCE, NULL, 0);
204 xfree (ctrl->server_local->last_cache_nonce);
205 ctrl->server_local->last_cache_nonce = NULL;
207 if (ctrl->server_local->last_passwd_nonce)
209 agent_put_cache (ctrl, ctrl->server_local->last_passwd_nonce,
210 CACHE_MODE_NONCE, NULL, 0);
211 xfree (ctrl->server_local->last_passwd_nonce);
212 ctrl->server_local->last_passwd_nonce = NULL;
217 /* This function is called by Libassuan whenever the client sends a
218 reset. It has been registered similar to the other Assuan
221 reset_notify (assuan_context_t ctx, char *line)
223 ctrl_t ctrl = assuan_get_pointer (ctx);
227 memset (ctrl->keygrip, 0, 20);
228 ctrl->have_keygrip = 0;
229 ctrl->digest.valuelen = 0;
231 xfree (ctrl->server_local->keydesc);
232 ctrl->server_local->keydesc = NULL;
234 clear_nonce_cache (ctrl);
240 /* Replace all '+' by a blank in the string S. */
242 plus_to_blank (char *s)
252 /* Parse a hex string. Return an Assuan error code or 0 on success and the
253 length of the parsed string in LEN. */
255 parse_hexstring (assuan_context_t ctx, const char *string, size_t *len)
260 /* parse the hash value */
261 for (p=string, n=0; hexdigitp (p); p++, n++)
263 if (*p != ' ' && *p != '\t' && *p)
264 return set_error (GPG_ERR_ASS_PARAMETER, "invalid hexstring");
266 return set_error (GPG_ERR_ASS_PARAMETER, "odd number of digits");
272 /* Parse the keygrip in STRING into the provided buffer BUF. BUF must
273 provide space for 20 bytes. BUF is not changed if the function
276 parse_keygrip (assuan_context_t ctx, const char *string, unsigned char *buf)
281 rc = parse_hexstring (ctx, string, &n);
286 return set_error (GPG_ERR_ASS_PARAMETER, "invalid length of keygrip");
288 if (hex2bin (string, buf, 20) < 0)
289 return set_error (GPG_ERR_BUG, "hex2bin");
295 /* Write an Assuan status line. KEYWORD is the first item on the
296 * status line. The following arguments are all separated by a space
297 * in the output. The last argument must be a NULL. Linefeeds and
298 * carriage returns characters (which are not allowed in an Assuan
299 * status line) are silently quoted in C-style. */
301 agent_write_status (ctrl_t ctrl, const char *keyword, ...)
305 assuan_context_t ctx = ctrl->server_local->assuan_ctx;
307 va_start (arg_ptr, keyword);
308 err = vprint_assuan_status_strings (ctx, keyword, arg_ptr);
314 /* This function is similar to print_assuan_status but takes a CTRL
315 arg instead of an assuan context as first argument. */
317 agent_print_status (ctrl_t ctrl, const char *keyword, const char *format, ...)
321 assuan_context_t ctx = ctrl->server_local->assuan_ctx;
323 va_start (arg_ptr, format);
324 err = vprint_assuan_status (ctx, keyword, format, arg_ptr);
330 /* Helper to notify the client about a launched Pinentry. Because
331 that might disturb some older clients, this is only done if enabled
332 via an option. Returns an gpg error code. */
334 agent_inq_pinentry_launched (ctrl_t ctrl, unsigned long pid, const char *extra)
338 if (!ctrl || !ctrl->server_local
339 || !ctrl->server_local->allow_pinentry_notify)
341 snprintf (line, DIM(line), "PINENTRY_LAUNCHED %lu%s%s",
342 pid, extra?" ":"", extra? extra:"");
343 return assuan_inquire (ctrl->server_local->assuan_ctx, line, NULL, NULL, 0);
347 /* An agent progress callback for Libgcrypt. This has been registered
348 * to be called via the progress dispatcher mechanism from
351 progress_cb (ctrl_t ctrl, const char *what, int printchar,
352 int current, int total)
354 if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx)
356 else if (printchar == '\n' && what && !strcmp (what, "primegen"))
357 agent_print_status (ctrl, "PROGRESS", "%.20s X 100 100", what);
359 agent_print_status (ctrl, "PROGRESS", "%.20s %c %d %d",
360 what, printchar=='\n'?'X':printchar, current, total);
364 /* Helper to print a message while leaving a command. Note that this
365 * function does not call assuan_set_error; the caller may do this
366 * prior to calling us. */
368 leave_cmd (assuan_context_t ctx, gpg_error_t err)
372 const char *name = assuan_get_command_name (ctx);
376 /* Not all users of gpg-agent know about the fully canceled
377 error code; map it back if needed. */
378 if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
380 ctrl_t ctrl = assuan_get_pointer (ctx);
382 if (!ctrl->server_local->allow_fully_canceled)
383 err = gpg_err_make (gpg_err_source (err), GPG_ERR_CANCELED);
386 /* Most code from common/ does not know the error source, thus
388 if (gpg_err_source (err) == GPG_ERR_SOURCE_UNKNOWN)
389 err = gpg_err_make (GPG_ERR_SOURCE_DEFAULT, gpg_err_code (err));
391 if (gpg_err_source (err) == GPG_ERR_SOURCE_DEFAULT)
392 log_error ("command '%s' failed: %s\n", name,
395 log_error ("command '%s' failed: %s <%s>\n", name,
396 gpg_strerror (err), gpg_strsource (err));
403 static const char hlp_geteventcounter[] =
406 "Return a status line named EVENTCOUNTER with the current values\n"
407 "of all event counters. The values are decimal numbers in the range\n"
408 "0 to UINT_MAX and wrapping around to 0. The actual values should\n"
409 "not be relied upon, they shall only be used to detect a change.\n"
411 "The currently defined counters are:\n"
413 "ANY - Incremented with any change of any of the other counters.\n"
414 "KEY - Incremented for added or removed private keys.\n"
415 "CARD - Incremented for changes of the card readers stati.";
417 cmd_geteventcounter (assuan_context_t ctx, char *line)
419 ctrl_t ctrl = assuan_get_pointer (ctx);
423 if (ctrl->restricted)
424 return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
426 return agent_print_status (ctrl, "EVENTCOUNTER", "%u %u %u",
433 /* This function should be called once for all key removals or
434 additions. This function is assured not to do any context
437 bump_key_eventcounter (void)
444 /* This function should be called for all card reader status
445 changes. This function is assured not to do any context
448 bump_card_eventcounter (void)
457 static const char hlp_istrusted[] =
458 "ISTRUSTED <hexstring_with_fingerprint>\n"
460 "Return OK when we have an entry with this fingerprint in our\n"
463 cmd_istrusted (assuan_context_t ctx, char *line)
465 ctrl_t ctrl = assuan_get_pointer (ctx);
470 /* Parse the fingerprint value. */
471 for (p=line,n=0; hexdigitp (p); p++, n++)
473 if (*p || !(n == 40 || n == 32))
474 return set_error (GPG_ERR_ASS_PARAMETER, "invalid fingerprint");
478 strcpy (fpr, "00000000");
481 for (p=line; i < 40; p++, i++)
482 fpr[i] = *p >= 'a'? (*p & 0xdf): *p;
484 rc = agent_istrusted (ctrl, fpr, NULL);
485 if (!rc || gpg_err_code (rc) == GPG_ERR_NOT_TRUSTED)
487 else if (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF )
488 return gpg_error (GPG_ERR_NOT_TRUSTED);
490 return leave_cmd (ctx, rc);
494 static const char hlp_listtrusted[] =
497 "List all entries from the trustlist.";
499 cmd_listtrusted (assuan_context_t ctx, char *line)
501 ctrl_t ctrl = assuan_get_pointer (ctx);
506 if (ctrl->restricted)
507 return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
509 rc = agent_listtrusted (ctx);
510 return leave_cmd (ctx, rc);
514 static const char hlp_martrusted[] =
515 "MARKTRUSTED <hexstring_with_fingerprint> <flag> <display_name>\n"
517 "Store a new key in into the trustlist.";
519 cmd_marktrusted (assuan_context_t ctx, char *line)
521 ctrl_t ctrl = assuan_get_pointer (ctx);
527 if (ctrl->restricted)
528 return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
530 /* parse the fingerprint value */
531 for (p=line,n=0; hexdigitp (p); p++, n++)
533 if (!spacep (p) || !(n == 40 || n == 32))
534 return set_error (GPG_ERR_ASS_PARAMETER, "invalid fingerprint");
538 strcpy (fpr, "00000000");
541 for (p=line; i < 40; p++, i++)
542 fpr[i] = *p >= 'a'? (*p & 0xdf): *p;
548 if ( (flag != 'S' && flag != 'P') || !spacep (p) )
549 return set_error (GPG_ERR_ASS_PARAMETER, "invalid flag - must be P or S");
553 rc = agent_marktrusted (ctrl, p, fpr, flag);
554 return leave_cmd (ctx, rc);
560 static const char hlp_havekey[] =
561 "HAVEKEY <hexstrings_with_keygrips>\n"
563 "Return success if at least one of the secret keys with the given\n"
564 "keygrips is available.";
566 cmd_havekey (assuan_context_t ctx, char *line)
569 unsigned char buf[20];
573 err = parse_keygrip (ctx, line, buf);
577 if (!agent_key_available (buf))
578 return 0; /* Found. */
580 while (*line && *line != ' ' && *line != '\t')
582 while (*line == ' ' || *line == '\t')
587 /* No leave_cmd() here because errors are expected and would clutter
589 return gpg_error (GPG_ERR_NO_SECKEY);
593 static const char hlp_sigkey[] =
594 "SIGKEY <hexstring_with_keygrip>\n"
595 "SETKEY <hexstring_with_keygrip>\n"
597 "Set the key used for a sign or decrypt operation.";
599 cmd_sigkey (assuan_context_t ctx, char *line)
602 ctrl_t ctrl = assuan_get_pointer (ctx);
604 rc = parse_keygrip (ctx, line, ctrl->keygrip);
607 ctrl->have_keygrip = 1;
612 static const char hlp_setkeydesc[] =
613 "SETKEYDESC plus_percent_escaped_string\n"
615 "Set a description to be used for the next PKSIGN, PKDECRYPT, IMPORT_KEY\n"
616 "or EXPORT_KEY operation if this operation requires a passphrase. If\n"
617 "this command is not used a default text will be used. Note, that\n"
618 "this description implictly selects the label used for the entry\n"
619 "box; if the string contains the string PIN (which in general will\n"
620 "not be translated), \"PIN\" is used, otherwise the translation of\n"
621 "\"passphrase\" is used. The description string should not contain\n"
622 "blanks unless they are percent or '+' escaped.\n"
624 "The description is only valid for the next PKSIGN, PKDECRYPT,\n"
625 "IMPORT_KEY, EXPORT_KEY, or DELETE_KEY operation.";
627 cmd_setkeydesc (assuan_context_t ctx, char *line)
629 ctrl_t ctrl = assuan_get_pointer (ctx);
632 for (p=line; *p == ' '; p++)
635 p = strchr (desc, ' ');
637 *p = 0; /* We ignore any garbage; we might late use it for other args. */
640 return set_error (GPG_ERR_ASS_PARAMETER, "no description given");
642 /* Note, that we only need to replace the + characters and should
643 leave the other escaping in place because the escaped string is
644 send verbatim to the pinentry which does the unescaping (but not
646 plus_to_blank (desc);
648 xfree (ctrl->server_local->keydesc);
650 if (ctrl->restricted)
652 ctrl->server_local->keydesc = strconcat
653 ((ctrl->restricted == 2
654 ? _("Note: Request from the web browser.")
655 : _("Note: Request from a remote site.") ), "%0A%0A", desc, NULL);
658 ctrl->server_local->keydesc = xtrystrdup (desc);
659 if (!ctrl->server_local->keydesc)
660 return out_of_core ();
665 static const char hlp_sethash[] =
666 "SETHASH (--hash=<name>)|(<algonumber>) <hexstring>\n"
668 "The client can use this command to tell the server about the data\n"
669 "(which usually is a hash) to be signed.";
671 cmd_sethash (assuan_context_t ctx, char *line)
676 ctrl_t ctrl = assuan_get_pointer (ctx);
681 /* Parse the alternative hash options which may be used instead of
683 if (has_option_name (line, "--hash"))
685 if (has_option (line, "--hash=sha1"))
687 else if (has_option (line, "--hash=sha224"))
688 algo = GCRY_MD_SHA224;
689 else if (has_option (line, "--hash=sha256"))
690 algo = GCRY_MD_SHA256;
691 else if (has_option (line, "--hash=sha384"))
692 algo = GCRY_MD_SHA384;
693 else if (has_option (line, "--hash=sha512"))
694 algo = GCRY_MD_SHA512;
695 else if (has_option (line, "--hash=rmd160"))
696 algo = GCRY_MD_RMD160;
697 else if (has_option (line, "--hash=md5"))
699 else if (has_option (line, "--hash=tls-md5sha1"))
700 algo = MD_USER_TLS_MD5SHA1;
702 return set_error (GPG_ERR_ASS_PARAMETER, "invalid hash algorithm");
707 line = skip_options (line);
711 /* No hash option has been given: require an algo number instead */
712 algo = (int)strtoul (line, &endp, 10);
713 for (line = endp; *line == ' ' || *line == '\t'; line++)
715 if (!algo || gcry_md_test_algo (algo))
716 return set_error (GPG_ERR_UNSUPPORTED_ALGORITHM, NULL);
718 ctrl->digest.algo = algo;
719 ctrl->digest.raw_value = 0;
721 /* Parse the hash value. */
723 rc = parse_hexstring (ctx, line, &n);
727 if (algo == MD_USER_TLS_MD5SHA1 && n == 36)
729 else if (n != 16 && n != 20 && n != 24
730 && n != 28 && n != 32 && n != 48 && n != 64)
731 return set_error (GPG_ERR_ASS_PARAMETER, "unsupported length of hash");
733 if (n > MAX_DIGEST_LEN)
734 return set_error (GPG_ERR_ASS_PARAMETER, "hash value to long");
736 buf = ctrl->digest.value;
737 ctrl->digest.valuelen = n;
738 for (p=line, n=0; n < ctrl->digest.valuelen; p += 2, n++)
740 for (; n < ctrl->digest.valuelen; n++)
746 static const char hlp_pksign[] =
747 "PKSIGN [<options>] [<cache_nonce>]\n"
749 "Perform the actual sign operation. Neither input nor output are\n"
750 "sensitive to eavesdropping.";
752 cmd_pksign (assuan_context_t ctx, char *line)
755 cache_mode_t cache_mode = CACHE_MODE_NORMAL;
756 ctrl_t ctrl = assuan_get_pointer (ctx);
758 char *cache_nonce = NULL;
761 line = skip_options (line);
763 for (p=line; *p && *p != ' ' && *p != '\t'; p++)
767 cache_nonce = xtrystrdup (line);
769 if (opt.ignore_cache_for_signing)
770 cache_mode = CACHE_MODE_IGNORE;
771 else if (!ctrl->server_local->use_cache_for_signing)
772 cache_mode = CACHE_MODE_IGNORE;
774 init_membuf (&outbuf, 512);
776 err = agent_pksign (ctrl, cache_nonce, ctrl->server_local->keydesc,
777 &outbuf, cache_mode);
779 clear_outbuf (&outbuf);
781 err = write_and_clear_outbuf (ctx, &outbuf);
784 xfree (ctrl->server_local->keydesc);
785 ctrl->server_local->keydesc = NULL;
786 return leave_cmd (ctx, err);
790 static const char hlp_pkdecrypt[] =
791 "PKDECRYPT [<options>]\n"
793 "Perform the actual decrypt operation. Input is not\n"
794 "sensitive to eavesdropping.";
796 cmd_pkdecrypt (assuan_context_t ctx, char *line)
799 ctrl_t ctrl = assuan_get_pointer (ctx);
800 unsigned char *value;
807 /* First inquire the data to decrypt */
808 rc = print_assuan_status (ctx, "INQUIRE_MAXLEN", "%u", MAXLEN_CIPHERTEXT);
810 rc = assuan_inquire (ctx, "CIPHERTEXT",
811 &value, &valuelen, MAXLEN_CIPHERTEXT);
815 init_membuf (&outbuf, 512);
817 rc = agent_pkdecrypt (ctrl, ctrl->server_local->keydesc,
818 value, valuelen, &outbuf, &padding);
821 clear_outbuf (&outbuf);
825 rc = print_assuan_status (ctx, "PADDING", "%d", padding);
829 rc = write_and_clear_outbuf (ctx, &outbuf);
831 xfree (ctrl->server_local->keydesc);
832 ctrl->server_local->keydesc = NULL;
833 return leave_cmd (ctx, rc);
837 static const char hlp_genkey[] =
838 "GENKEY [--no-protection] [--preset] [--timestamp=<isodate>]\n"
839 " [--inq-passwd] [--passwd-nonce=<s>] [<cache_nonce>]\n"
841 "Generate a new key, store the secret part and return the public\n"
842 "part. Here is an example transaction:\n"
845 " S: INQUIRE KEYPARAM\n"
846 " C: D (genkey (rsa (nbits 2048)))\n"
848 " S: D (public-key\n"
849 " S: D (rsa (n 326487324683264) (e 10001)))\n"
850 " S: OK key created\n"
852 "If the --preset option is used the passphrase for the generated\n"
853 "key will be added to the cache. If --inq-passwd is used an inquire\n"
854 "with the keyword NEWPASSWD is used to request the passphrase for the\n"
855 "new key. If a --passwd-nonce is used, the corresponding cached\n"
856 "passphrase is used to protect the new key. If --timestamp is given\n"
857 "its value is recorded as the key's creation time; the value is\n"
858 "expected in ISO format (e.g. \"20030316T120000\").";
860 cmd_genkey (assuan_context_t ctx, char *line)
862 ctrl_t ctrl = assuan_get_pointer (ctx);
865 unsigned char *value = NULL;
867 unsigned char *newpasswd = NULL;
869 char *cache_nonce = NULL;
870 char *passwd_nonce = NULL;
876 time_t opt_timestamp;
879 if (ctrl->restricted)
880 return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
882 no_protection = has_option (line, "--no-protection");
883 opt_preset = has_option (line, "--preset");
884 opt_inq_passwd = has_option (line, "--inq-passwd");
885 passwd_nonce = option_value (line, "--passwd-nonce");
888 for (pend = passwd_nonce; *pend && !spacep (pend); pend++)
892 passwd_nonce = xtrystrdup (passwd_nonce);
896 rc = gpg_error_from_syserror ();
900 if ((s=has_option_name (line, "--timestamp")))
904 rc = set_error (GPG_ERR_ASS_PARAMETER, "missing value for option");
907 opt_timestamp = isotime2epoch (s+1);
908 if (opt_timestamp < 1)
910 rc = set_error (GPG_ERR_ASS_PARAMETER, "invalid time value");
916 line = skip_options (line);
918 for (p=line; *p && *p != ' ' && *p != '\t'; p++)
922 cache_nonce = xtrystrdup (line);
924 /* First inquire the parameters */
925 rc = print_assuan_status (ctx, "INQUIRE_MAXLEN", "%u", MAXLEN_KEYPARAM);
927 rc = assuan_inquire (ctx, "KEYPARAM", &value, &valuelen, MAXLEN_KEYPARAM);
931 init_membuf (&outbuf, 512);
933 /* If requested, ask for the password to be used for the key. If
934 this is not used the regular Pinentry mechanism is used. */
935 if (opt_inq_passwd && !no_protection)
937 /* (N is used as a dummy) */
938 assuan_begin_confidential (ctx);
939 rc = assuan_inquire (ctx, "NEWPASSWD", &newpasswd, &n, 256);
940 assuan_end_confidential (ctx);
945 /* Empty password given - switch to no-protection mode. */
952 else if (passwd_nonce)
953 newpasswd = agent_get_cache (ctrl, passwd_nonce, CACHE_MODE_NONCE);
955 rc = agent_genkey (ctrl, cache_nonce, opt_timestamp,
956 (char*)value, valuelen, no_protection,
957 newpasswd, opt_preset, &outbuf);
962 /* Assuan_inquire does not allow us to read into secure memory
963 thus we need to wipe it ourself. */
964 wipememory (newpasswd, strlen (newpasswd));
969 clear_outbuf (&outbuf);
971 rc = write_and_clear_outbuf (ctx, &outbuf);
973 xfree (passwd_nonce);
974 return leave_cmd (ctx, rc);
980 static const char hlp_readkey[] =
981 "READKEY [--no-data] <hexstring_with_keygrip>\n"
984 "Return the public key for the given keygrip or keyid.\n"
985 "With --card, private key file with card information will be created.";
987 cmd_readkey (assuan_context_t ctx, char *line)
989 ctrl_t ctrl = assuan_get_pointer (ctx);
991 unsigned char grip[20];
992 gcry_sexp_t s_pkey = NULL;
993 unsigned char *pkbuf = NULL;
994 char *serialno = NULL;
995 char *keyidbuf = NULL;
997 int opt_card, opt_no_data;
999 if (ctrl->restricted)
1000 return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
1002 opt_no_data = has_option (line, "--no-data");
1003 opt_card = has_option (line, "--card");
1004 line = skip_options (line);
1008 const char *keyid = line;
1010 rc = agent_card_getattr (ctrl, "SERIALNO", &serialno);
1013 log_error (_("error getting serial number of card: %s\n"),
1018 /* Hack to create the shadow key for the OpenPGP standard keys. */
1019 if ((!strcmp (keyid, "$SIGNKEYID") || !strcmp (keyid, "$ENCRKEYID"))
1020 && !agent_card_getattr (ctrl, keyid, &keyidbuf))
1023 rc = agent_card_readkey (ctrl, keyid, &pkbuf);
1026 pkbuflen = gcry_sexp_canon_len (pkbuf, 0, NULL, NULL);
1027 rc = gcry_sexp_sscan (&s_pkey, NULL, (char*)pkbuf, pkbuflen);
1031 if (!gcry_pk_get_keygrip (s_pkey, grip))
1033 rc = gcry_pk_testkey (s_pkey);
1035 rc = gpg_error (GPG_ERR_INTERNAL);
1040 if (agent_key_available (grip))
1042 /* (Shadow)-key is not available in our key storage. */
1043 rc = agent_write_shadow_key (grip, serialno, keyid, pkbuf, 0);
1048 rc = opt_no_data? 0 : assuan_send_data (ctx, pkbuf, pkbuflen);
1052 rc = parse_keygrip (ctx, line, grip);
1056 rc = agent_public_key_from_file (ctrl, grip, &s_pkey);
1059 pkbuflen = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0);
1060 log_assert (pkbuflen);
1061 pkbuf = xtrymalloc (pkbuflen);
1063 rc = gpg_error_from_syserror ();
1066 pkbuflen = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON,
1068 rc = opt_no_data? 0 : assuan_send_data (ctx, pkbuf, pkbuflen);
1077 gcry_sexp_release (s_pkey);
1078 return leave_cmd (ctx, rc);
1083 static const char hlp_keyinfo[] =
1084 "KEYINFO [--[ssh-]list] [--data] [--ssh-fpr[=algo]] [--with-ssh] <keygrip>\n"
1086 "Return information about the key specified by the KEYGRIP. If the\n"
1087 "key is not available GPG_ERR_NOT_FOUND is returned. If the option\n"
1088 "--list is given the keygrip is ignored and information about all\n"
1089 "available keys are returned. If --ssh-list is given information\n"
1090 "about all keys listed in the sshcontrol are returned. With --with-ssh\n"
1091 "information from sshcontrol is always added to the info. Unless --data\n"
1092 "is given, the information is returned as a status line using the format:\n"
1094 " KEYINFO <keygrip> <type> <serialno> <idstr> <cached> <protection> <fpr>\n"
1096 "KEYGRIP is the keygrip.\n"
1098 "TYPE is describes the type of the key:\n"
1099 " 'D' - Regular key stored on disk,\n"
1100 " 'T' - Key is stored on a smartcard (token),\n"
1101 " 'X' - Unknown type,\n"
1102 " '-' - Key is missing.\n"
1104 "SERIALNO is an ASCII string with the serial number of the\n"
1105 " smartcard. If the serial number is not known a single\n"
1106 " dash '-' is used instead.\n"
1108 "IDSTR is the IDSTR used to distinguish keys on a smartcard. If it\n"
1109 " is not known a dash is used instead.\n"
1111 "CACHED is 1 if the passphrase for the key was found in the key cache.\n"
1112 " If not, a '-' is used instead.\n"
1114 "PROTECTION describes the key protection type:\n"
1115 " 'P' - The key is protected with a passphrase,\n"
1116 " 'C' - The key is not protected,\n"
1117 " '-' - Unknown protection.\n"
1119 "FPR returns the formatted ssh-style fingerprint of the key. It is only\n"
1120 " printed if the option --ssh-fpr has been used. If ALGO is not given\n"
1121 " to that option the default ssh fingerprint algo is used. Without the\n"
1122 " option a '-' is printed.\n"
1124 "TTL is the TTL in seconds for that key or '-' if n/a.\n"
1126 "FLAGS is a word consisting of one-letter flags:\n"
1127 " 'D' - The key has been disabled,\n"
1128 " 'S' - The key is listed in sshcontrol (requires --with-ssh),\n"
1129 " 'c' - Use of the key needs to be confirmed,\n"
1130 " '-' - No flags given.\n"
1132 "More information may be added in the future.";
1134 do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,
1135 int data, int with_ssh_fpr, int in_ssh,
1136 int ttl, int disabled, int confirm)
1142 unsigned char *shadow_info = NULL;
1143 char *serialno = NULL;
1145 const char *keytypestr;
1147 const char *protectionstr;
1149 int missing_key = 0;
1153 err = agent_key_info_from_file (ctrl, grip, &keytype, &shadow_info);
1156 if (in_ssh && gpg_err_code (err) == GPG_ERR_NOT_FOUND)
1162 /* Reformat the grip so that we use uppercase as good style. */
1163 bin2hex (grip, 20, hexgrip);
1166 snprintf (ttlbuf, sizeof ttlbuf, "%d", ttl);
1168 strcpy (ttlbuf, "-");
1172 strcat (flagsbuf, "D");
1174 strcat (flagsbuf, "S");
1176 strcat (flagsbuf, "c");
1178 strcpy (flagsbuf, "-");
1183 protectionstr = "-"; keytypestr = "-";
1189 case PRIVATE_KEY_CLEAR:
1190 case PRIVATE_KEY_OPENPGP_NONE:
1191 protectionstr = "C"; keytypestr = "D";
1193 case PRIVATE_KEY_PROTECTED: protectionstr = "P"; keytypestr = "D";
1195 case PRIVATE_KEY_SHADOWED: protectionstr = "-"; keytypestr = "T";
1197 default: protectionstr = "-"; keytypestr = "X";
1202 /* Compute the ssh fingerprint if requested. */
1207 if (!agent_raw_key_from_file (ctrl, grip, &key))
1209 ssh_get_fingerprint_string (key, with_ssh_fpr, &fpr);
1210 gcry_sexp_release (key);
1214 /* Here we have a little race by doing the cache check separately
1215 from the retrieval function. Given that the cache flag is only a
1216 hint, it should not really matter. */
1217 pw = agent_get_cache (ctrl, hexgrip, CACHE_MODE_NORMAL);
1218 cached = pw ? "1" : "-";
1223 err = parse_shadow_info (shadow_info, &serialno, &idstr, NULL);
1229 err = agent_write_status (ctrl, "KEYINFO",
1232 serialno? serialno : "-",
1244 string = xtryasprintf ("%s %s %s %s %s %s %s %s %s\n",
1245 hexgrip, keytypestr,
1246 serialno? serialno : "-",
1247 idstr? idstr : "-", cached, protectionstr,
1252 err = gpg_error_from_syserror ();
1254 err = assuan_send_data (ctx, string, strlen(string));
1260 xfree (shadow_info);
1267 /* Entry into the command KEYINFO. This function handles the
1268 * command option processing. For details see hlp_keyinfo above. */
1270 cmd_keyinfo (assuan_context_t ctx, char *line)
1272 ctrl_t ctrl = assuan_get_pointer (ctx);
1274 unsigned char grip[20];
1275 gnupg_dir_t dir = NULL;
1277 int opt_data, opt_ssh_fpr, opt_with_ssh;
1278 ssh_control_file_t cf = NULL;
1280 int disabled, ttl, confirm, is_ssh;
1282 if (ctrl->restricted)
1283 return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
1285 if (has_option (line, "--ssh-list"))
1288 list_mode = has_option (line, "--list");
1289 opt_data = has_option (line, "--data");
1291 if (has_option_name (line, "--ssh-fpr"))
1293 if (has_option (line, "--ssh-fpr=md5"))
1294 opt_ssh_fpr = GCRY_MD_MD5;
1295 else if (has_option (line, "--ssh-fpr=sha1"))
1296 opt_ssh_fpr = GCRY_MD_SHA1;
1297 else if (has_option (line, "--ssh-fpr=sha256"))
1298 opt_ssh_fpr = GCRY_MD_SHA256;
1300 opt_ssh_fpr = opt.ssh_fingerprint_digest;
1305 opt_with_ssh = has_option (line, "--with-ssh");
1306 line = skip_options (line);
1308 if (opt_with_ssh || list_mode == 2)
1309 cf = ssh_open_control_file ();
1315 while (!ssh_read_control_file (cf, hexgrip,
1316 &disabled, &ttl, &confirm))
1318 if (hex2bin (hexgrip, grip, 20) < 0 )
1319 continue; /* Bad hex string. */
1320 err = do_one_keyinfo (ctrl, grip, ctx, opt_data, opt_ssh_fpr, 1,
1321 ttl, disabled, confirm);
1331 gnupg_dirent_t dir_entry;
1333 dirname = make_filename_try (gnupg_homedir (),
1334 GNUPG_PRIVATE_KEYS_DIR, NULL);
1337 err = gpg_error_from_syserror ();
1340 dir = gnupg_opendir (dirname);
1343 err = gpg_error_from_syserror ();
1349 while ( (dir_entry = gnupg_readdir (dir)) )
1351 if (strlen (dir_entry->d_name) != 44
1352 || strcmp (dir_entry->d_name + 40, ".key"))
1354 strncpy (hexgrip, dir_entry->d_name, 40);
1357 if ( hex2bin (hexgrip, grip, 20) < 0 )
1358 continue; /* Bad hex string. */
1360 disabled = ttl = confirm = is_ssh = 0;
1363 err = ssh_search_control_file (cf, hexgrip,
1364 &disabled, &ttl, &confirm);
1367 else if (gpg_err_code (err) != GPG_ERR_NOT_FOUND)
1371 err = do_one_keyinfo (ctrl, grip, ctx, opt_data, opt_ssh_fpr, is_ssh,
1372 ttl, disabled, confirm);
1380 err = parse_keygrip (ctx, line, grip);
1383 disabled = ttl = confirm = is_ssh = 0;
1386 err = ssh_search_control_file (cf, line,
1387 &disabled, &ttl, &confirm);
1390 else if (gpg_err_code (err) != GPG_ERR_NOT_FOUND)
1394 err = do_one_keyinfo (ctrl, grip, ctx, opt_data, opt_ssh_fpr, is_ssh,
1395 ttl, disabled, confirm);
1399 ssh_close_control_file (cf);
1400 gnupg_closedir (dir);
1401 if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND)
1402 leave_cmd (ctx, err);
1408 /* Helper for cmd_get_passphrase. */
1410 send_back_passphrase (assuan_context_t ctx, int via_data, const char *pw)
1415 assuan_begin_confidential (ctx);
1418 rc = assuan_send_data (ctx, pw, n);
1421 char *p = xtrymalloc_secure (n*2+1);
1423 rc = gpg_error_from_syserror ();
1427 rc = assuan_set_okay_line (ctx, p);
1435 /* Callback function to compare the first entered PIN with the one
1436 currently being entered. */
1438 reenter_passphrase_cmp_cb (struct pin_entry_info_s *pi)
1440 const char *pin1 = pi->check_cb_arg;
1442 if (!strcmp (pin1, pi->pin))
1443 return 0; /* okay */
1444 return gpg_error (GPG_ERR_BAD_PASSPHRASE);
1448 static const char hlp_get_passphrase[] =
1449 "GET_PASSPHRASE [--data] [--check] [--no-ask] [--repeat[=N]]\n"
1450 " [--qualitybar] [--newsymkey] <cache_id>\n"
1451 " [<error_message> <prompt> <description>]\n"
1453 "This function is usually used to ask for a passphrase to be used\n"
1454 "for conventional encryption, but may also be used by programs which\n"
1455 "need specal handling of passphrases. This command uses a syntax\n"
1456 "which helps clients to use the agent with minimum effort. The\n"
1457 "agent either returns with an error or with a OK followed by the hex\n"
1458 "encoded passphrase. Note that the length of the strings is\n"
1459 "implicitly limited by the maximum length of a command.\n"
1461 "If the option \"--data\" is used the passphrase is returned by usual\n"
1462 "data lines and not on the okay line.\n"
1464 "If the option \"--check\" is used the passphrase constraints checks as\n"
1465 "implemented by gpg-agent are applied. A check is not done if the\n"
1466 "passphrase has been found in the cache.\n"
1468 "If the option \"--no-ask\" is used and the passphrase is not in the\n"
1469 "cache the user will not be asked to enter a passphrase but the error\n"
1470 "code GPG_ERR_NO_DATA is returned. \n"
1472 "If the option\"--newsymkey\" is used the agent asks for a new passphrase\n"
1473 "to be used in symmetric-only encryption. This must not be empty.\n"
1475 "If the option \"--qualitybar\" is used a visual indication of the\n"
1476 "entered passphrase quality is shown. (Unless no minimum passphrase\n"
1477 "length has been configured.)";
1479 cmd_get_passphrase (assuan_context_t ctx, char *line)
1481 ctrl_t ctrl = assuan_get_pointer (ctx);
1484 char *response = NULL;
1485 char *response2 = NULL;
1486 char *cacheid = NULL; /* May point into LINE. */
1487 char *desc = NULL; /* Ditto */
1488 char *prompt = NULL; /* Ditto */
1489 char *errtext = NULL; /* Ditto */
1490 const char *desc2 = _("Please re-enter this passphrase");
1492 int opt_data, opt_check, opt_no_ask, opt_qualbar, opt_newsymkey;
1494 char *entry_errtext = NULL;
1495 struct pin_entry_info_s *pi = NULL;
1496 struct pin_entry_info_s *pi2 = NULL;
1499 if (ctrl->restricted)
1500 return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
1502 opt_data = has_option (line, "--data");
1503 opt_check = has_option (line, "--check");
1504 opt_no_ask = has_option (line, "--no-ask");
1505 if (has_option_name (line, "--repeat"))
1507 p = option_value (line, "--repeat");
1509 opt_repeat = atoi (p);
1513 opt_qualbar = has_option (line, "--qualitybar");
1514 opt_newsymkey = has_option (line, "--newsymkey");
1515 line = skip_options (line);
1518 p = strchr (cacheid, ' ');
1525 p = strchr (errtext, ' ');
1532 p = strchr (prompt, ' ');
1539 p = strchr (desc, ' ');
1541 *p = 0; /* Ignore trailing garbage. */
1545 if (!*cacheid || strlen (cacheid) > 50)
1546 return set_error (GPG_ERR_ASS_PARAMETER, "invalid length of cacheID");
1548 return set_error (GPG_ERR_ASS_PARAMETER, "no description given");
1550 if (!strcmp (cacheid, "X"))
1552 if (!strcmp (errtext, "X"))
1554 if (!strcmp (prompt, "X"))
1556 if (!strcmp (desc, "X"))
1559 pw = cacheid ? agent_get_cache (ctrl, cacheid, CACHE_MODE_USER) : NULL;
1562 rc = send_back_passphrase (ctx, opt_data, pw);
1566 else if (opt_no_ask)
1568 rc = gpg_error (GPG_ERR_NO_DATA);
1572 /* Note, that we only need to replace the + characters and should
1573 * leave the other escaping in place because the escaped string is
1574 * send verbatim to the pinentry which does the unescaping (but not
1575 * the + replacing) */
1577 plus_to_blank (errtext);
1579 plus_to_blank (prompt);
1581 plus_to_blank (desc);
1583 /* If opt_repeat is 2 or higher we can't use our pin_entry_info_s
1584 * based method but fallback to the old simple method. It is
1585 * anyway questionable whether this extra repeat count makes any
1587 if (opt_newsymkey && opt_repeat < 2)
1589 /* We do not want to break any existing usage of this command
1590 * and thus we introduced the option --newsymkey to make this
1591 * command more useful to query the passphrase for symmetric
1593 pi = gcry_calloc_secure (1, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1);
1596 rc = gpg_error_from_syserror ();
1599 pi2 = gcry_calloc_secure (1, sizeof (*pi2) + MAX_PASSPHRASE_LEN + 1);
1602 rc = gpg_error_from_syserror ();
1605 pi->max_length = MAX_PASSPHRASE_LEN + 1;
1607 pi->with_qualitybar = opt_qualbar;
1608 pi->with_repeat = opt_repeat;
1609 pi->constraints_flags = (CHECK_CONSTRAINTS_NOT_EMPTY
1610 | CHECK_CONSTRAINTS_NEW_SYMKEY);
1611 pi2->max_length = MAX_PASSPHRASE_LEN + 1;
1613 pi2->check_cb = reenter_passphrase_cmp_cb;
1614 pi2->check_cb_arg = pi->pin;
1616 for (;;) /* (degenerated for-loop) */
1620 rc = agent_get_passphrase (ctrl, &response,
1623 entry_errtext? entry_errtext:errtext,
1624 opt_qualbar, cacheid, CACHE_MODE_USER,
1628 xfree (entry_errtext);
1629 entry_errtext = NULL;
1630 is_generated = !!(pi->status & PINENTRY_STATUS_PASSWORD_GENERATED);
1632 /* We don't allow an empty passpharse in this mode. */
1634 && check_passphrase_constraints (ctrl, pi->pin,
1635 pi->constraints_flags,
1638 pi->failed_tries = 0;
1639 pi2->failed_tries = 0;
1642 if (*pi->pin && !pi->repeat_okay
1643 && ctrl->pinentry_mode != PINENTRY_MODE_LOOPBACK
1646 /* The passphrase is empty and the pinentry did not
1647 * already run the repetition check, do it here. This
1648 * is only called when using an old and simple pinentry.
1649 * It is neither called in loopback mode because the
1650 * caller does any passphrase repetition by herself nor if
1651 * no repetition was requested. */
1654 rc = agent_get_passphrase (ctrl, &response,
1655 L_("Please re-enter this passphrase"),
1657 entry_errtext? entry_errtext:errtext,
1658 opt_qualbar, cacheid, CACHE_MODE_USER,
1660 if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE)
1661 { /* The re-entered passphrase one did not match and
1662 * the user did not hit cancel. */
1663 entry_errtext = xtrystrdup (L_("does not match - try again"));
1666 rc = gpg_error_from_syserror ();
1674 if (!rc && *pi->pin)
1676 /* Return the passphrase. */
1678 agent_put_cache (ctrl, cacheid, CACHE_MODE_USER, pi->pin, 0);
1679 rc = send_back_passphrase (ctx, opt_data, pi->pin);
1687 rc = agent_get_passphrase (ctrl, &response, desc, prompt,
1688 entry_errtext? entry_errtext:errtext,
1689 opt_qualbar, cacheid, CACHE_MODE_USER, NULL);
1690 xfree (entry_errtext);
1691 entry_errtext = NULL;
1700 && check_passphrase_constraints
1702 (opt_newsymkey? CHECK_CONSTRAINTS_NEW_SYMKEY:0),
1707 for (i = 0; i < opt_repeat; i++)
1709 if (ctrl->pinentry_mode == PINENTRY_MODE_LOOPBACK)
1714 rc = agent_get_passphrase (ctrl, &response2, desc2, prompt,
1716 cacheid, CACHE_MODE_USER, NULL);
1719 if (strcmp (response2, response))
1721 entry_errtext = try_percent_escape
1722 (_("does not match - try again"), NULL);
1725 rc = gpg_error_from_syserror ();
1734 agent_put_cache (ctrl, cacheid, CACHE_MODE_USER, response, 0);
1735 rc = send_back_passphrase (ctx, opt_data, response);
1743 xfree (entry_errtext);
1746 return leave_cmd (ctx, rc);
1750 static const char hlp_clear_passphrase[] =
1751 "CLEAR_PASSPHRASE [--mode=normal] <cache_id>\n"
1753 "may be used to invalidate the cache entry for a passphrase. The\n"
1754 "function returns with OK even when there is no cached passphrase.\n"
1755 "The --mode=normal option is used to clear an entry for a cacheid\n"
1756 "added by the agent. The --mode=ssh option is used for a cacheid\n"
1759 cmd_clear_passphrase (assuan_context_t ctx, char *line)
1761 ctrl_t ctrl = assuan_get_pointer (ctx);
1762 char *cacheid = NULL;
1764 cache_mode_t cache_mode = CACHE_MODE_USER;
1766 if (ctrl->restricted)
1767 return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
1769 if (has_option (line, "--mode=normal"))
1770 cache_mode = CACHE_MODE_NORMAL;
1771 else if (has_option (line, "--mode=ssh"))
1772 cache_mode = CACHE_MODE_SSH;
1774 line = skip_options (line);
1776 /* parse the stuff */
1777 for (p=line; *p == ' '; p++)
1780 p = strchr (cacheid, ' ');
1782 *p = 0; /* ignore garbage */
1783 if (!*cacheid || strlen (cacheid) > 50)
1784 return set_error (GPG_ERR_ASS_PARAMETER, "invalid length of cacheID");
1786 agent_put_cache (ctrl, cacheid, cache_mode, NULL, 0);
1788 agent_clear_passphrase (ctrl, cacheid, cache_mode);
1794 static const char hlp_get_confirmation[] =
1795 "GET_CONFIRMATION <description>\n"
1797 "This command may be used to ask for a simple confirmation.\n"
1798 "DESCRIPTION is displayed along with a Okay and Cancel button. This\n"
1799 "command uses a syntax which helps clients to use the agent with\n"
1800 "minimum effort. The agent either returns with an error or with a\n"
1801 "OK. Note, that the length of DESCRIPTION is implicitly limited by\n"
1802 "the maximum length of a command. DESCRIPTION should not contain\n"
1803 "any spaces, those must be encoded either percent escaped or simply\n"
1806 cmd_get_confirmation (assuan_context_t ctx, char *line)
1808 ctrl_t ctrl = assuan_get_pointer (ctx);
1813 if (ctrl->restricted)
1814 return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
1816 /* parse the stuff */
1817 for (p=line; *p == ' '; p++)
1820 p = strchr (desc, ' ');
1822 *p = 0; /* We ignore any garbage -may be later used for other args. */
1825 return set_error (GPG_ERR_ASS_PARAMETER, "no description given");
1827 if (!strcmp (desc, "X"))
1830 /* Note, that we only need to replace the + characters and should
1831 leave the other escaping in place because the escaped string is
1832 send verbatim to the pinentry which does the unescaping (but not
1835 plus_to_blank (desc);
1837 rc = agent_get_confirmation (ctrl, desc, NULL, NULL, 0);
1838 return leave_cmd (ctx, rc);
1843 static const char hlp_learn[] =
1844 "LEARN [--send] [--sendinfo] [--force]\n"
1846 "Learn something about the currently inserted smartcard. With\n"
1847 "--sendinfo information about the card is returned; with --send\n"
1848 "the available certificates are returned as D lines; with --force\n"
1849 "private key storage will be updated by the result.";
1851 cmd_learn (assuan_context_t ctx, char *line)
1853 ctrl_t ctrl = assuan_get_pointer (ctx);
1855 int send, sendinfo, force;
1857 send = has_option (line, "--send");
1858 sendinfo = send? 1 : has_option (line, "--sendinfo");
1859 force = has_option (line, "--force");
1861 if (ctrl->restricted)
1862 return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
1864 err = agent_handle_learn (ctrl, send, sendinfo? ctx : NULL, force);
1865 return leave_cmd (ctx, err);
1870 static const char hlp_passwd[] =
1871 "PASSWD [--cache-nonce=<c>] [--passwd-nonce=<s>] [--preset]\n"
1872 " [--verify] <hexkeygrip>\n"
1874 "Change the passphrase/PIN for the key identified by keygrip in LINE. If\n"
1875 "--preset is used then the new passphrase will be added to the cache.\n"
1876 "If --verify is used the command asks for the passphrase and verifies\n"
1877 "that the passphrase valid.\n";
1879 cmd_passwd (assuan_context_t ctx, char *line)
1881 ctrl_t ctrl = assuan_get_pointer (ctx);
1884 char *cache_nonce = NULL;
1885 char *passwd_nonce = NULL;
1886 unsigned char grip[20];
1887 gcry_sexp_t s_skey = NULL;
1888 unsigned char *shadow_info = NULL;
1889 char *passphrase = NULL;
1891 int opt_preset, opt_verify;
1893 if (ctrl->restricted)
1894 return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
1896 opt_preset = has_option (line, "--preset");
1897 cache_nonce = option_value (line, "--cache-nonce");
1898 opt_verify = has_option (line, "--verify");
1901 for (pend = cache_nonce; *pend && !spacep (pend); pend++)
1905 cache_nonce = xtrystrdup (cache_nonce);
1909 err = gpg_error_from_syserror ();
1914 passwd_nonce = option_value (line, "--passwd-nonce");
1917 for (pend = passwd_nonce; *pend && !spacep (pend); pend++)
1921 passwd_nonce = xtrystrdup (passwd_nonce);
1925 err = gpg_error_from_syserror ();
1930 line = skip_options (line);
1932 err = parse_keygrip (ctx, line, grip);
1937 err = agent_key_from_file (ctrl,
1938 opt_verify? NULL : cache_nonce,
1939 ctrl->server_local->keydesc,
1940 grip, &shadow_info, CACHE_MODE_IGNORE, NULL,
1941 &s_skey, &passphrase);
1944 else if (shadow_info)
1946 log_error ("changing a smartcard PIN is not yet supported\n");
1947 err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
1949 else if (opt_verify)
1957 gcry_create_nonce (buf, 12);
1958 passwd_nonce = bin2hex (buf, 12, NULL);
1961 && !agent_put_cache (ctrl, passwd_nonce, CACHE_MODE_NONCE,
1962 passphrase, CACHE_TTL_NONCE))
1964 assuan_write_status (ctx, "PASSWD_NONCE", passwd_nonce);
1965 xfree (ctrl->server_local->last_passwd_nonce);
1966 ctrl->server_local->last_passwd_nonce = passwd_nonce;
1967 passwd_nonce = NULL;
1973 char *newpass = NULL;
1976 newpass = agent_get_cache (ctrl, passwd_nonce, CACHE_MODE_NONCE);
1977 err = agent_protect_and_store (ctrl, s_skey, &newpass);
1978 if (!err && passphrase)
1980 /* A passphrase existed on the old key and the change was
1981 successful. Return a nonce for that old passphrase to
1982 let the caller try to unprotect the other subkeys with
1987 gcry_create_nonce (buf, 12);
1988 cache_nonce = bin2hex (buf, 12, NULL);
1991 && !agent_put_cache (ctrl, cache_nonce, CACHE_MODE_NONCE,
1992 passphrase, CACHE_TTL_NONCE))
1994 assuan_write_status (ctx, "CACHE_NONCE", cache_nonce);
1995 xfree (ctrl->server_local->last_cache_nonce);
1996 ctrl->server_local->last_cache_nonce = cache_nonce;
2001 /* If we have a new passphrase (which might be empty) we
2002 store it under a passwd nonce so that the caller may
2003 send that nonce again to use it for another key. */
2007 gcry_create_nonce (buf, 12);
2008 passwd_nonce = bin2hex (buf, 12, NULL);
2011 && !agent_put_cache (ctrl, passwd_nonce, CACHE_MODE_NONCE,
2012 newpass, CACHE_TTL_NONCE))
2014 assuan_write_status (ctx, "PASSWD_NONCE", passwd_nonce);
2015 xfree (ctrl->server_local->last_passwd_nonce);
2016 ctrl->server_local->last_passwd_nonce = passwd_nonce;
2017 passwd_nonce = NULL;
2021 if (!err && opt_preset)
2024 bin2hex(grip, 20, hexgrip);
2025 err = agent_put_cache (ctrl, hexgrip, CACHE_MODE_ANY, newpass,
2026 ctrl->cache_ttl_opt_preset);
2032 xfree (ctrl->server_local->keydesc);
2033 ctrl->server_local->keydesc = NULL;
2037 gcry_sexp_release (s_skey);
2038 xfree (shadow_info);
2039 xfree (cache_nonce);
2040 xfree (passwd_nonce);
2041 return leave_cmd (ctx, err);
2045 static const char hlp_preset_passphrase[] =
2046 "PRESET_PASSPHRASE [--inquire] <string_or_keygrip> <timeout> [<hexstring>]\n"
2048 "Set the cached passphrase/PIN for the key identified by the keygrip\n"
2049 "to passwd for the given time, where -1 means infinite and 0 means\n"
2050 "the default (currently only a timeout of -1 is allowed, which means\n"
2051 "to never expire it). If passwd is not provided, ask for it via the\n"
2052 "pinentry module unless --inquire is passed in which case the passphrase\n"
2053 "is retrieved from the client via a server inquire.\n";
2055 cmd_preset_passphrase (assuan_context_t ctx, char *line)
2057 ctrl_t ctrl = assuan_get_pointer (ctx);
2059 char *grip_clear = NULL;
2060 unsigned char *passphrase = NULL;
2065 if (ctrl->restricted)
2066 return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
2068 if (!opt.allow_preset_passphrase)
2069 return set_error (GPG_ERR_NOT_SUPPORTED, "no --allow-preset-passphrase");
2071 opt_inquire = has_option (line, "--inquire");
2072 line = skip_options (line);
2074 while (*line && (*line != ' ' && *line != '\t'))
2077 return gpg_error (GPG_ERR_MISSING_VALUE);
2080 while (*line && (*line == ' ' || *line == '\t'))
2083 /* Currently, only infinite timeouts are allowed. */
2085 if (line[0] != '-' || line[1] != '1')
2086 return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
2089 while (!(*line != ' ' && *line != '\t'))
2092 /* Syntax check the hexstring. */
2094 rc = parse_hexstring (ctx, line, &len);
2099 /* If there is a passphrase, use it. Currently, a passphrase is
2105 rc = set_error (GPG_ERR_ASS_PARAMETER,
2106 "both --inquire and passphrase specified");
2110 /* Do in-place conversion. */
2112 if (!hex2str (passphrase, passphrase, strlen (passphrase)+1, NULL))
2113 rc = set_error (GPG_ERR_ASS_PARAMETER, "invalid hexstring");
2115 else if (opt_inquire)
2117 /* Note that the passphrase will be truncated at any null byte and the
2118 * limit is 480 characters. */
2119 size_t maxlen = 480;
2121 rc = print_assuan_status (ctx, "INQUIRE_MAXLEN", "%zu", maxlen);
2123 rc = assuan_inquire (ctx, "PASSPHRASE", &passphrase, &len, maxlen);
2126 rc = set_error (GPG_ERR_NOT_IMPLEMENTED, "passphrase is required");
2130 rc = agent_put_cache (ctrl, grip_clear, CACHE_MODE_ANY, passphrase, ttl);
2136 return leave_cmd (ctx, rc);
2141 static const char hlp_scd[] =
2142 "SCD <commands to pass to the scdaemon>\n"
2144 "This is a general quote command to redirect everything to the\n"
2147 cmd_scd (assuan_context_t ctx, char *line)
2150 #ifdef BUILD_WITH_SCDAEMON
2151 ctrl_t ctrl = assuan_get_pointer (ctx);
2152 if (ctrl->restricted)
2153 return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
2155 rc = divert_generic_cmd (ctrl, line, ctx);
2157 (void)ctx; (void)line;
2158 rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
2165 static const char hlp_keywrap_key[] =
2166 "KEYWRAP_KEY [--clear] <mode>\n"
2168 "Return a key to wrap another key. For now the key is returned\n"
2169 "verbatim and thus makes not much sense because an eavesdropper on\n"
2170 "the gpg-agent connection will see the key as well as the wrapped key.\n"
2171 "However, this function may either be equipped with a public key\n"
2172 "mechanism or not used at all if the key is a pre-shared key. In any\n"
2173 "case wrapping the import and export of keys is a requirement for\n"
2174 "certain cryptographic validations and thus useful. The key persists\n"
2175 "until a RESET command but may be cleared using the option --clear.\n"
2177 "Supported modes are:\n"
2178 " --import - Return a key to import a key into gpg-agent\n"
2179 " --export - Return a key to export a key from gpg-agent";
2181 cmd_keywrap_key (assuan_context_t ctx, char *line)
2183 ctrl_t ctrl = assuan_get_pointer (ctx);
2184 gpg_error_t err = 0;
2185 int clearopt = has_option (line, "--clear");
2187 if (ctrl->restricted)
2188 return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
2190 assuan_begin_confidential (ctx);
2191 if (has_option (line, "--import"))
2193 xfree (ctrl->server_local->import_key);
2195 ctrl->server_local->import_key = NULL;
2196 else if (!(ctrl->server_local->import_key =
2197 gcry_random_bytes (KEYWRAP_KEYSIZE, GCRY_STRONG_RANDOM)))
2198 err = gpg_error_from_syserror ();
2200 err = assuan_send_data (ctx, ctrl->server_local->import_key,
2203 else if (has_option (line, "--export"))
2205 xfree (ctrl->server_local->export_key);
2207 ctrl->server_local->export_key = NULL;
2208 else if (!(ctrl->server_local->export_key =
2209 gcry_random_bytes (KEYWRAP_KEYSIZE, GCRY_STRONG_RANDOM)))
2210 err = gpg_error_from_syserror ();
2212 err = assuan_send_data (ctx, ctrl->server_local->export_key,
2216 err = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for MODE");
2217 assuan_end_confidential (ctx);
2219 return leave_cmd (ctx, err);
2224 static const char hlp_import_key[] =
2225 "IMPORT_KEY [--unattended] [--force] [--timestamp=<isodate>]\n"
2226 " [<cache_nonce>]\n"
2228 "Import a secret key into the key store. The key is expected to be\n"
2229 "encrypted using the current session's key wrapping key (cf. command\n"
2230 "KEYWRAP_KEY) using the AESWRAP-128 algorithm. This function takes\n"
2231 "no arguments but uses the inquiry \"KEYDATA\" to ask for the actual\n"
2232 "key data. The unwrapped key must be a canonical S-expression. The\n"
2233 "option --unattended tries to import the key as-is without any\n"
2234 "re-encryption. An existing key can be overwritten with --force.\n"
2235 "If --timestamp is given its value is recorded as the key's creation\n"
2236 "time; the value is expected in ISO format (e.g. \"20030316T120000\").";
2238 cmd_import_key (assuan_context_t ctx, char *line)
2240 ctrl_t ctrl = assuan_get_pointer (ctx);
2243 time_t opt_timestamp;
2245 unsigned char *wrappedkey = NULL;
2246 size_t wrappedkeylen;
2247 gcry_cipher_hd_t cipherhd = NULL;
2248 unsigned char *key = NULL;
2249 size_t keylen, realkeylen;
2250 char *passphrase = NULL;
2251 unsigned char *finalkey = NULL;
2253 unsigned char grip[20];
2254 gcry_sexp_t openpgp_sexp = NULL;
2255 char *cache_nonce = NULL;
2259 if (ctrl->restricted)
2260 return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
2262 if (!ctrl->server_local->import_key)
2264 err = gpg_error (GPG_ERR_MISSING_KEY);
2268 opt_unattended = has_option (line, "--unattended");
2269 force = has_option (line, "--force");
2270 if ((s=has_option_name (line, "--timestamp")))
2274 err = set_error (GPG_ERR_ASS_PARAMETER, "missing value for option");
2277 opt_timestamp = isotime2epoch (s+1);
2278 if (opt_timestamp < 1)
2280 err = set_error (GPG_ERR_ASS_PARAMETER, "invalid time value");
2286 line = skip_options (line);
2288 for (p=line; *p && *p != ' ' && *p != '\t'; p++)
2292 cache_nonce = xtrystrdup (line);
2294 assuan_begin_confidential (ctx);
2295 err = assuan_inquire (ctx, "KEYDATA",
2296 &wrappedkey, &wrappedkeylen, MAXLEN_KEYDATA);
2297 assuan_end_confidential (ctx);
2300 if (wrappedkeylen < 24)
2302 err = gpg_error (GPG_ERR_INV_LENGTH);
2305 keylen = wrappedkeylen - 8;
2306 key = xtrymalloc_secure (keylen);
2309 err = gpg_error_from_syserror ();
2313 err = gcry_cipher_open (&cipherhd, GCRY_CIPHER_AES128,
2314 GCRY_CIPHER_MODE_AESWRAP, 0);
2317 err = gcry_cipher_setkey (cipherhd,
2318 ctrl->server_local->import_key, KEYWRAP_KEYSIZE);
2321 err = gcry_cipher_decrypt (cipherhd, key, keylen, wrappedkey, wrappedkeylen);
2324 gcry_cipher_close (cipherhd);
2329 realkeylen = gcry_sexp_canon_len (key, keylen, NULL, &err);
2331 goto leave; /* Invalid canonical encoded S-expression. */
2333 err = keygrip_from_canon_sexp (key, realkeylen, grip);
2336 /* This might be due to an unsupported S-expression format.
2337 Check whether this is openpgp-private-key and trigger that
2339 if (!gcry_sexp_sscan (&openpgp_sexp, NULL, key, realkeylen))
2344 tag = gcry_sexp_nth_data (openpgp_sexp, 0, &taglen);
2345 if (tag && taglen == 19 && !memcmp (tag, "openpgp-private-key", 19))
2349 gcry_sexp_release (openpgp_sexp);
2350 openpgp_sexp = NULL;
2354 goto leave; /* Note that ERR is still set. */
2359 /* In most cases the key is encrypted and thus the conversion
2360 function from the OpenPGP format to our internal format will
2361 ask for a passphrase. That passphrase will be returned and
2362 used to protect the key using the same code as for regular
2367 err = convert_from_openpgp (ctrl, openpgp_sexp, force, grip,
2368 ctrl->server_local->keydesc, cache_nonce,
2369 &key, opt_unattended? NULL : &passphrase);
2372 realkeylen = gcry_sexp_canon_len (key, 0, NULL, &err);
2374 goto leave; /* Invalid canonical encoded S-expression. */
2377 assert (!opt_unattended);
2381 gcry_create_nonce (buf, 12);
2382 cache_nonce = bin2hex (buf, 12, NULL);
2385 && !agent_put_cache (ctrl, cache_nonce, CACHE_MODE_NONCE,
2386 passphrase, CACHE_TTL_NONCE))
2387 assuan_write_status (ctx, "CACHE_NONCE", cache_nonce);
2390 else if (opt_unattended)
2392 err = set_error (GPG_ERR_ASS_PARAMETER,
2393 "\"--unattended\" may only be used with OpenPGP keys");
2398 if (!force && !agent_key_available (grip))
2399 err = gpg_error (GPG_ERR_EEXIST);
2402 char *prompt = xtryasprintf
2403 (_("Please enter the passphrase to protect the "
2404 "imported object within the %s system."), GNUPG_NAME);
2406 err = gpg_error_from_syserror ();
2408 err = agent_ask_new_passphrase (ctrl, prompt, &passphrase);
2417 err = agent_protect (key, passphrase, &finalkey, &finalkeylen,
2418 ctrl->s2k_count, -1);
2420 err = agent_write_private_key (grip, finalkey, finalkeylen, force,
2424 err = agent_write_private_key (grip, key, realkeylen, force,
2428 gcry_sexp_release (openpgp_sexp);
2432 gcry_cipher_close (cipherhd);
2434 xfree (cache_nonce);
2435 xfree (ctrl->server_local->keydesc);
2436 ctrl->server_local->keydesc = NULL;
2437 return leave_cmd (ctx, err);
2442 static const char hlp_export_key[] =
2443 "EXPORT_KEY [--cache-nonce=<nonce>] [--openpgp] <hexstring_with_keygrip>\n"
2445 "Export a secret key from the key store. The key will be encrypted\n"
2446 "using the current session's key wrapping key (cf. command KEYWRAP_KEY)\n"
2447 "using the AESWRAP-128 algorithm. The caller needs to retrieve that key\n"
2448 "prior to using this command. The function takes the keygrip as argument.\n"
2450 "If --openpgp is used, the secret key material will be exported in RFC 4880\n"
2451 "compatible passphrase-protected form. Without --openpgp, the secret key\n"
2452 "material will be exported in the clear (after prompting the user to unlock\n"
2453 "it, if needed).\n";
2455 cmd_export_key (assuan_context_t ctx, char *line)
2457 ctrl_t ctrl = assuan_get_pointer (ctx);
2459 unsigned char grip[20];
2460 gcry_sexp_t s_skey = NULL;
2461 unsigned char *key = NULL;
2463 gcry_cipher_hd_t cipherhd = NULL;
2464 unsigned char *wrappedkey = NULL;
2465 size_t wrappedkeylen;
2468 char *passphrase = NULL;
2469 unsigned char *shadow_info = NULL;
2473 if (ctrl->restricted)
2474 return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
2476 openpgp = has_option (line, "--openpgp");
2477 cache_nonce = option_value (line, "--cache-nonce");
2480 for (pend = cache_nonce; *pend && !spacep (pend); pend++)
2484 cache_nonce = xtrystrdup (cache_nonce);
2488 err = gpg_error_from_syserror ();
2492 line = skip_options (line);
2494 if (!ctrl->server_local->export_key)
2496 err = set_error (GPG_ERR_MISSING_KEY, "did you run KEYWRAP_KEY ?");
2500 err = parse_keygrip (ctx, line, grip);
2504 if (agent_key_available (grip))
2506 err = gpg_error (GPG_ERR_NO_SECKEY);
2510 /* Get the key from the file. With the openpgp flag we also ask for
2511 the passphrase so that we can use it to re-encrypt it. */
2512 err = agent_key_from_file (ctrl, cache_nonce,
2513 ctrl->server_local->keydesc, grip,
2514 &shadow_info, CACHE_MODE_IGNORE, NULL, &s_skey,
2515 openpgp ? &passphrase : NULL);
2520 /* Key is on a smartcard. */
2521 err = gpg_error (GPG_ERR_UNUSABLE_SECKEY);
2527 /* The openpgp option changes the key format into the OpenPGP
2528 key transfer format. The result is already a padded
2529 canonical S-expression. */
2532 err = agent_ask_new_passphrase
2533 (ctrl, _("This key (or subkey) is not protected with a passphrase."
2534 " Please enter a new passphrase to export it."),
2539 err = convert_to_openpgp (ctrl, s_skey, passphrase, &key, &keylen);
2540 if (!err && passphrase)
2545 gcry_create_nonce (buf, 12);
2546 cache_nonce = bin2hex (buf, 12, NULL);
2549 && !agent_put_cache (ctrl, cache_nonce, CACHE_MODE_NONCE,
2550 passphrase, CACHE_TTL_NONCE))
2552 assuan_write_status (ctx, "CACHE_NONCE", cache_nonce);
2553 xfree (ctrl->server_local->last_cache_nonce);
2554 ctrl->server_local->last_cache_nonce = cache_nonce;
2561 /* Convert into a canonical S-expression and wrap that. */
2562 err = make_canon_sexp_pad (s_skey, 1, &key, &keylen);
2566 gcry_sexp_release (s_skey);
2569 err = gcry_cipher_open (&cipherhd, GCRY_CIPHER_AES128,
2570 GCRY_CIPHER_MODE_AESWRAP, 0);
2573 err = gcry_cipher_setkey (cipherhd,
2574 ctrl->server_local->export_key, KEYWRAP_KEYSIZE);
2578 wrappedkeylen = keylen + 8;
2579 wrappedkey = xtrymalloc (wrappedkeylen);
2582 err = gpg_error_from_syserror ();
2586 err = gcry_cipher_encrypt (cipherhd, wrappedkey, wrappedkeylen, key, keylen);
2591 gcry_cipher_close (cipherhd);
2594 assuan_begin_confidential (ctx);
2595 err = assuan_send_data (ctx, wrappedkey, wrappedkeylen);
2596 assuan_end_confidential (ctx);
2600 xfree (cache_nonce);
2603 gcry_cipher_close (cipherhd);
2605 gcry_sexp_release (s_skey);
2606 xfree (ctrl->server_local->keydesc);
2607 ctrl->server_local->keydesc = NULL;
2608 xfree (shadow_info);
2610 return leave_cmd (ctx, err);
2615 static const char hlp_delete_key[] =
2616 "DELETE_KEY [--force|--stub-only] <hexstring_with_keygrip>\n"
2618 "Delete a secret key from the key store. If --force is used\n"
2619 "and a loopback pinentry is allowed, the agent will not ask\n"
2620 "the user for confirmation. If --stub-only is used the key will\n"
2621 "only be deleted if it is a reference to a token.";
2623 cmd_delete_key (assuan_context_t ctx, char *line)
2625 ctrl_t ctrl = assuan_get_pointer (ctx);
2627 int force, stub_only;
2628 unsigned char grip[20];
2630 if (ctrl->restricted)
2631 return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
2633 force = has_option (line, "--force");
2634 stub_only = has_option (line, "--stub-only");
2635 line = skip_options (line);
2637 /* If the use of a loopback pinentry has been disabled, we assume
2638 * that a silent deletion of keys shall also not be allowed. */
2639 if (!opt.allow_loopback_pinentry)
2642 err = parse_keygrip (ctx, line, grip);
2646 err = agent_delete_key (ctrl, ctrl->server_local->keydesc, grip,
2652 xfree (ctrl->server_local->keydesc);
2653 ctrl->server_local->keydesc = NULL;
2655 return leave_cmd (ctx, err);
2660 #if SIZEOF_TIME_T > SIZEOF_UNSIGNED_LONG
2661 #define KEYTOCARD_TIMESTAMP_FORMAT "(10:created-at10:%010llu))"
2663 #define KEYTOCARD_TIMESTAMP_FORMAT "(10:created-at10:%010lu))"
2666 static const char hlp_keytocard[] =
2667 "KEYTOCARD [--force] <hexstring_with_keygrip> <serialno> <id> <timestamp>\n"
2670 cmd_keytocard (assuan_context_t ctx, char *line)
2672 ctrl_t ctrl = assuan_get_pointer (ctx);
2674 gpg_error_t err = 0;
2675 unsigned char grip[20];
2676 gcry_sexp_t s_skey = NULL;
2677 unsigned char *keydata;
2679 const char *serialno, *timestamp_str, *id;
2680 unsigned char *shadow_info = NULL;
2683 if (ctrl->restricted)
2684 return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
2686 force = has_option (line, "--force");
2687 line = skip_options (line);
2689 err = parse_keygrip (ctx, line, grip);
2693 if (agent_key_available (grip))
2695 err =gpg_error (GPG_ERR_NO_SECKEY);
2699 /* Fixme: Replace the parsing code by split_fields(). */
2701 while (*line && (*line == ' ' || *line == '\t'))
2704 while (*line && (*line != ' ' && *line != '\t'))
2708 err = gpg_error (GPG_ERR_MISSING_VALUE);
2713 while (*line && (*line == ' ' || *line == '\t'))
2716 while (*line && (*line != ' ' && *line != '\t'))
2720 err = gpg_error (GPG_ERR_MISSING_VALUE);
2725 while (*line && (*line == ' ' || *line == '\t'))
2727 timestamp_str = line;
2728 while (*line && (*line != ' ' && *line != '\t'))
2733 if ((timestamp = isotime2epoch (timestamp_str)) == (time_t)(-1))
2735 err = gpg_error (GPG_ERR_INV_TIME);
2739 err = agent_key_from_file (ctrl, NULL, ctrl->server_local->keydesc, grip,
2740 &shadow_info, CACHE_MODE_IGNORE, NULL,
2744 xfree (shadow_info);
2749 /* Key is on a smartcard already. */
2750 xfree (shadow_info);
2751 gcry_sexp_release (s_skey);
2752 err = gpg_error (GPG_ERR_UNUSABLE_SECKEY);
2756 keydatalen = gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, NULL, 0);
2757 keydata = xtrymalloc_secure (keydatalen + 30);
2758 if (keydata == NULL)
2760 err = gpg_error_from_syserror ();
2761 gcry_sexp_release (s_skey);
2765 gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, keydata, keydatalen);
2766 gcry_sexp_release (s_skey);
2767 keydatalen--; /* Decrement for last '\0'. */
2768 /* Add timestamp "created-at" in the private key */
2769 snprintf (keydata+keydatalen-1, 30, KEYTOCARD_TIMESTAMP_FORMAT, timestamp);
2770 keydatalen += 10 + 19 - 1;
2771 err = divert_writekey (ctrl, force, serialno, id, keydata, keydatalen);
2775 return leave_cmd (ctx, err);
2780 static const char hlp_getval[] =
2783 "Return the value for KEY from the special environment as created by\n"
2786 cmd_getval (assuan_context_t ctx, char *line)
2788 ctrl_t ctrl = assuan_get_pointer (ctx);
2792 struct putval_item_s *vl;
2794 if (ctrl->restricted)
2795 return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
2797 for (p=line; *p == ' '; p++)
2800 p = strchr (key, ' ');
2804 for (; *p == ' '; p++)
2807 return set_error (GPG_ERR_ASS_PARAMETER, "too many arguments");
2810 return set_error (GPG_ERR_ASS_PARAMETER, "no key given");
2813 for (vl=putval_list; vl; vl = vl->next)
2814 if ( !strcmp (vl->d, key) )
2817 if (vl) /* Got an entry. */
2818 rc = assuan_send_data (ctx, vl->d+vl->off, vl->len);
2820 return gpg_error (GPG_ERR_NO_DATA);
2822 return leave_cmd (ctx, rc);
2826 static const char hlp_putval[] =
2827 "PUTVAL <key> [<percent_escaped_value>]\n"
2829 "The gpg-agent maintains a kind of environment which may be used to\n"
2830 "store key/value pairs in it, so that they can be retrieved later.\n"
2831 "This may be used by helper daemons to daemonize themself on\n"
2832 "invocation and register them with gpg-agent. Callers of the\n"
2833 "daemon's service may now first try connect to get the information\n"
2834 "for that service from gpg-agent through the GETVAL command and then\n"
2835 "try to connect to that daemon. Only if that fails they may start\n"
2836 "an own instance of the service daemon. \n"
2838 "KEY is an arbitrary symbol with the same syntax rules as keys\n"
2839 "for shell environment variables. PERCENT_ESCAPED_VALUE is the\n"
2840 "corresponding value; they should be similar to the values of\n"
2841 "envronment variables but gpg-agent does not enforce any\n"
2842 "restrictions. If that value is not given any value under that KEY\n"
2843 "is removed from this special environment.";
2845 cmd_putval (assuan_context_t ctx, char *line)
2847 ctrl_t ctrl = assuan_get_pointer (ctx);
2851 size_t valuelen = 0;
2853 struct putval_item_s *vl, *vlprev;
2855 if (ctrl->restricted)
2856 return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
2858 for (p=line; *p == ' '; p++)
2861 p = strchr (key, ' ');
2865 for (; *p == ' '; p++)
2870 p = strchr (value, ' ');
2873 valuelen = percent_plus_unescape_inplace (value, 0);
2877 return set_error (GPG_ERR_ASS_PARAMETER, "no key given");
2880 for (vl=putval_list,vlprev=NULL; vl; vlprev=vl, vl = vl->next)
2881 if ( !strcmp (vl->d, key) )
2884 if (vl) /* Delete old entry. */
2887 vlprev->next = vl->next;
2889 putval_list = vl->next;
2893 if (valuelen) /* Add entry. */
2895 vl = xtrymalloc (sizeof *vl + strlen (key) + valuelen);
2897 rc = gpg_error_from_syserror ();
2901 vl->off = strlen (key) + 1;
2902 strcpy (vl->d, key);
2903 memcpy (vl->d + vl->off, value, valuelen);
2904 vl->next = putval_list;
2909 return leave_cmd (ctx, rc);
2915 static const char hlp_updatestartuptty[] =
2916 "UPDATESTARTUPTTY\n"
2918 "Set startup TTY and X11 DISPLAY variables to the values of this\n"
2919 "session. This command is useful to pull future pinentries to\n"
2920 "another screen. It is only required because there is no way in the\n"
2921 "ssh-agent protocol to convey this information.";
2923 cmd_updatestartuptty (assuan_context_t ctx, char *line)
2925 ctrl_t ctrl = assuan_get_pointer (ctx);
2926 gpg_error_t err = 0;
2928 char *lc_ctype = NULL;
2929 char *lc_messages = NULL;
2935 if (ctrl->restricted)
2936 return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
2938 se = session_env_new ();
2940 err = gpg_error_from_syserror ();
2943 while (!err && (name = session_env_list_stdenvnames (&iterator, NULL)))
2945 const char *value = session_env_getenv (ctrl->session_env, name);
2947 err = session_env_setenv (se, name, value);
2950 if (!err && ctrl->lc_ctype)
2951 if (!(lc_ctype = xtrystrdup (ctrl->lc_ctype)))
2952 err = gpg_error_from_syserror ();
2954 if (!err && ctrl->lc_messages)
2955 if (!(lc_messages = xtrystrdup (ctrl->lc_messages)))
2956 err = gpg_error_from_syserror ();
2960 session_env_release (se);
2962 xfree (lc_messages);
2966 session_env_release (opt.startup_env);
2967 opt.startup_env = se;
2968 xfree (opt.startup_lc_ctype);
2969 opt.startup_lc_ctype = lc_ctype;
2970 xfree (opt.startup_lc_messages);
2971 opt.startup_lc_messages = lc_messages;
2979 static const char hlp_killagent[] =
2984 cmd_killagent (assuan_context_t ctx, char *line)
2986 ctrl_t ctrl = assuan_get_pointer (ctx);
2990 if (ctrl->restricted)
2991 return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
2993 ctrl->server_local->stopme = 1;
2994 assuan_set_flag (ctx, ASSUAN_FORCE_CLOSE, 1);
2999 static const char hlp_reloadagent[] =
3002 "This command is an alternative to SIGHUP\n"
3003 "to reload the configuration.";
3005 cmd_reloadagent (assuan_context_t ctx, char *line)
3007 ctrl_t ctrl = assuan_get_pointer (ctx);
3011 if (ctrl->restricted)
3012 return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
3014 agent_sighup_action ();
3020 static const char hlp_getinfo[] =
3023 "Multipurpose function to return a variety of information.\n"
3024 "Supported values for WHAT are:\n"
3026 " version - Return the version of the program.\n"
3027 " pid - Return the process id of the server.\n"
3028 " socket_name - Return the name of the socket.\n"
3029 " ssh_socket_name - Return the name of the ssh socket.\n"
3030 " scd_running - Return OK if the SCdaemon is already running.\n"
3031 " s2k_time - Return the time in milliseconds required for S2K.\n"
3032 " s2k_count - Return the standard S2K count.\n"
3033 " s2k_count_cal - Return the calibrated S2K count.\n"
3034 " std_env_names - List the names of the standard environment.\n"
3035 " std_session_env - List the standard session environment.\n"
3036 " std_startup_env - List the standard startup environment.\n"
3037 " getenv NAME - Return value of envvar NAME.\n"
3038 " connections - Return number of active connections.\n"
3039 " jent_active - Returns OK if Libgcrypt's JENT is active.\n"
3040 " restricted - Returns OK if the connection is in restricted mode.\n"
3041 " cmd_has_option CMD OPT\n"
3042 " - Returns OK if command CMD has option OPT.\n";
3044 cmd_getinfo (assuan_context_t ctx, char *line)
3046 ctrl_t ctrl = assuan_get_pointer (ctx);
3049 if (!strcmp (line, "version"))
3051 const char *s = VERSION;
3052 rc = assuan_send_data (ctx, s, strlen (s));
3054 else if (!strncmp (line, "cmd_has_option", 14)
3055 && (line[14] == ' ' || line[14] == '\t' || !line[14]))
3059 while (*line == ' ' || *line == '\t')
3062 rc = gpg_error (GPG_ERR_MISSING_VALUE);
3066 while (*line && (*line != ' ' && *line != '\t'))
3069 rc = gpg_error (GPG_ERR_MISSING_VALUE);
3073 while (*line == ' ' || *line == '\t')
3076 rc = gpg_error (GPG_ERR_MISSING_VALUE);
3080 if (!command_has_option (cmd, cmdopt))
3081 rc = gpg_error (GPG_ERR_FALSE);
3086 else if (!strcmp (line, "s2k_count"))
3090 snprintf (numbuf, sizeof numbuf, "%lu", get_standard_s2k_count ());
3091 rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
3093 else if (!strcmp (line, "restricted"))
3095 rc = ctrl->restricted? 0 : gpg_error (GPG_ERR_FALSE);
3097 else if (ctrl->restricted)
3099 rc = gpg_error (GPG_ERR_FORBIDDEN);
3101 /* All sub-commands below are not allowed in restricted mode. */
3102 else if (!strcmp (line, "pid"))
3106 snprintf (numbuf, sizeof numbuf, "%lu", (unsigned long)getpid ());
3107 rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
3109 else if (!strcmp (line, "socket_name"))
3111 const char *s = get_agent_socket_name ();
3114 rc = assuan_send_data (ctx, s, strlen (s));
3116 rc = gpg_error (GPG_ERR_NO_DATA);
3118 else if (!strcmp (line, "ssh_socket_name"))
3120 const char *s = get_agent_ssh_socket_name ();
3123 rc = assuan_send_data (ctx, s, strlen (s));
3125 rc = gpg_error (GPG_ERR_NO_DATA);
3127 else if (!strcmp (line, "scd_running"))
3129 rc = agent_scd_check_running ()? 0 : gpg_error (GPG_ERR_FALSE);
3131 else if (!strcmp (line, "std_env_names"))
3137 while ((name = session_env_list_stdenvnames (&iterator, NULL)))
3139 rc = assuan_send_data (ctx, name, strlen (name)+1);
3141 rc = assuan_send_data (ctx, NULL, 0);
3146 else if (!strcmp (line, "std_session_env")
3147 || !strcmp (line, "std_startup_env"))
3150 const char *name, *value;
3154 while ((name = session_env_list_stdenvnames (&iterator, NULL)))
3156 value = session_env_getenv_or_default
3157 (line[5] == 't'? opt.startup_env:ctrl->session_env, name, NULL);
3160 string = xtryasprintf ("%s=%s", name, value);
3162 rc = gpg_error_from_syserror ();
3165 rc = assuan_send_data (ctx, string, strlen (string)+1);
3167 rc = assuan_send_data (ctx, NULL, 0);
3174 else if (!strncmp (line, "getenv", 6)
3175 && (line[6] == ' ' || line[6] == '\t' || !line[6]))
3178 while (*line == ' ' || *line == '\t')
3181 rc = gpg_error (GPG_ERR_MISSING_VALUE);
3184 const char *s = getenv (line);
3186 rc = set_error (GPG_ERR_NOT_FOUND, "No such envvar");
3188 rc = assuan_send_data (ctx, s, strlen (s));
3191 else if (!strcmp (line, "connections"))
3195 snprintf (numbuf, sizeof numbuf, "%d",
3196 get_agent_active_connection_count ());
3197 rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
3199 else if (!strcmp (line, "jent_active"))
3204 buf = gcry_get_config (0, "rng-type");
3206 && split_fields_colon (buf, fields, DIM (fields)) >= 5
3207 && atoi (fields[4]) > 0)
3210 rc = gpg_error (GPG_ERR_FALSE);
3213 else if (!strcmp (line, "s2k_count_cal"))
3217 snprintf (numbuf, sizeof numbuf, "%lu", get_calibrated_s2k_count ());
3218 rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
3220 else if (!strcmp (line, "s2k_time"))
3224 snprintf (numbuf, sizeof numbuf, "%lu", get_standard_s2k_time ());
3225 rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
3228 rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
3234 /* This function is called by Libassuan to parse the OPTION command.
3235 It has been registered similar to the other Assuan commands. */
3237 option_handler (assuan_context_t ctx, const char *key, const char *value)
3239 ctrl_t ctrl = assuan_get_pointer (ctx);
3240 gpg_error_t err = 0;
3242 if (!strcmp (key, "agent-awareness"))
3244 /* The value is a version string telling us of which agent
3245 version the caller is aware of. */
3246 ctrl->server_local->allow_fully_canceled =
3247 gnupg_compare_version (value, "2.1.0");
3249 else if (ctrl->restricted)
3251 err = gpg_error (GPG_ERR_FORBIDDEN);
3253 /* All options below are not allowed in restricted mode. */
3254 else if (!strcmp (key, "putenv"))
3256 /* Change the session's environment to be used for the
3257 Pinentry. Valid values are:
3258 <NAME> Delete envvar NAME
3259 <KEY>= Set envvar NAME to the empty string
3260 <KEY>=<VALUE> Set envvar NAME to VALUE
3262 err = session_env_putenv (ctrl->session_env, value);
3264 else if (!strcmp (key, "display"))
3266 err = session_env_setenv (ctrl->session_env, "DISPLAY", value);
3268 else if (!strcmp (key, "ttyname"))
3271 err = session_env_setenv (ctrl->session_env, "GPG_TTY", value);
3273 else if (!strcmp (key, "ttytype"))
3276 err = session_env_setenv (ctrl->session_env, "TERM", value);
3278 else if (!strcmp (key, "lc-ctype"))
3281 xfree (ctrl->lc_ctype);
3282 ctrl->lc_ctype = xtrystrdup (value);
3283 if (!ctrl->lc_ctype)
3284 return out_of_core ();
3286 else if (!strcmp (key, "lc-messages"))
3288 if (ctrl->lc_messages)
3289 xfree (ctrl->lc_messages);
3290 ctrl->lc_messages = xtrystrdup (value);
3291 if (!ctrl->lc_messages)
3292 return out_of_core ();
3294 else if (!strcmp (key, "xauthority"))
3296 err = session_env_setenv (ctrl->session_env, "XAUTHORITY", value);
3298 else if (!strcmp (key, "pinentry-user-data"))
3300 err = session_env_setenv (ctrl->session_env, "PINENTRY_USER_DATA", value);
3302 else if (!strcmp (key, "use-cache-for-signing"))
3303 ctrl->server_local->use_cache_for_signing = *value? !!atoi (value) : 0;
3304 else if (!strcmp (key, "allow-pinentry-notify"))
3305 ctrl->server_local->allow_pinentry_notify = 1;
3306 else if (!strcmp (key, "pinentry-mode"))
3308 int tmp = parse_pinentry_mode (value);
3310 err = gpg_error (GPG_ERR_INV_VALUE);
3311 else if (tmp == PINENTRY_MODE_LOOPBACK && !opt.allow_loopback_pinentry)
3312 err = gpg_error (GPG_ERR_NOT_SUPPORTED);
3314 ctrl->pinentry_mode = tmp;
3316 else if (!strcmp (key, "cache-ttl-opt-preset"))
3318 ctrl->cache_ttl_opt_preset = *value? atoi (value) : 0;
3320 else if (!strcmp (key, "s2k-count"))
3322 ctrl->s2k_count = *value? strtoul(value, NULL, 10) : 0;
3323 if (ctrl->s2k_count && ctrl->s2k_count < 65536)
3325 ctrl->s2k_count = 0;
3328 else if (!strcmp (key, "pretend-request-origin"))
3330 log_assert (!ctrl->restricted);
3331 switch (parse_request_origin (value))
3333 case REQUEST_ORIGIN_LOCAL: ctrl->restricted = 0; break;
3334 case REQUEST_ORIGIN_REMOTE: ctrl->restricted = 1; break;
3335 case REQUEST_ORIGIN_BROWSER: ctrl->restricted = 2; break;
3337 err = gpg_error (GPG_ERR_INV_VALUE);
3338 /* Better pretend to be remote in case of a bad value. */
3339 ctrl->restricted = 1;
3344 err = gpg_error (GPG_ERR_UNKNOWN_OPTION);
3352 /* Called by libassuan after all commands. ERR is the error from the
3353 last assuan operation and not the one returned from the command. */
3355 post_cmd_notify (assuan_context_t ctx, gpg_error_t err)
3357 ctrl_t ctrl = assuan_get_pointer (ctx);
3361 /* Switch off any I/O monitor controlled logging pausing. */
3362 ctrl->server_local->pause_io_logging = 0;
3366 /* This function is called by libassuan for all I/O. We use it here
3367 to disable logging for the GETEVENTCOUNTER commands. This is so
3368 that the debug output won't get cluttered by this primitive
3371 io_monitor (assuan_context_t ctx, void *hook, int direction,
3372 const char *line, size_t linelen)
3374 ctrl_t ctrl = assuan_get_pointer (ctx);
3378 /* We want to suppress all Assuan log messages for connections from
3379 * self. However, assuan_get_pid works only after
3380 * assuan_accept. Now, assuan_accept already logs a line ending with
3381 * the process id. We use this hack here to get the peers pid so
3382 * that we can compare it to our pid. We should add an assuan
3383 * function to return the pid for a file descriptor and use that to
3384 * detect connections to self. */
3385 if (ctx && !ctrl->server_local->greeting_seen
3386 && direction == ASSUAN_IO_TO_PEER)
3388 ctrl->server_local->greeting_seen = 1;
3390 && !strncmp (line, "OK Pleased to meet you, process ", 32)
3391 && strtoul (line+32, NULL, 10) == getpid ())
3392 return ASSUAN_IO_MONITOR_NOLOG;
3396 /* Do not log self-connections. This makes the log cleaner because
3397 * we won't see the check-our-own-socket calls. */
3398 if (ctx && ctrl->server_local->connect_from_self)
3399 return ASSUAN_IO_MONITOR_NOLOG;
3401 /* Note that we only check for the uppercase name. This allows the user to
3402 see the logging for debugging if using a non-upercase command
3404 if (ctx && direction == ASSUAN_IO_FROM_PEER
3406 && !strncmp (line, "GETEVENTCOUNTER", 15)
3407 && (linelen == 15 || spacep (line+15)))
3409 ctrl->server_local->pause_io_logging = 1;
3412 return ctrl->server_local->pause_io_logging? ASSUAN_IO_MONITOR_NOLOG : 0;
3416 /* Return true if the command CMD implements the option OPT. */
3418 command_has_option (const char *cmd, const char *cmdopt)
3420 if (!strcmp (cmd, "GET_PASSPHRASE"))
3422 if (!strcmp (cmdopt, "repeat"))
3424 if (!strcmp (cmdopt, "newsymkey"))
3432 /* Tell Libassuan about our commands. Also register the other Assuan
3435 register_commands (assuan_context_t ctx)
3439 assuan_handler_t handler;
3440 const char * const help;
3442 { "GETEVENTCOUNTER",cmd_geteventcounter, hlp_geteventcounter },
3443 { "ISTRUSTED", cmd_istrusted, hlp_istrusted },
3444 { "HAVEKEY", cmd_havekey, hlp_havekey },
3445 { "KEYINFO", cmd_keyinfo, hlp_keyinfo },
3446 { "SIGKEY", cmd_sigkey, hlp_sigkey },
3447 { "SETKEY", cmd_sigkey, hlp_sigkey },
3448 { "SETKEYDESC", cmd_setkeydesc,hlp_setkeydesc },
3449 { "SETHASH", cmd_sethash, hlp_sethash },
3450 { "PKSIGN", cmd_pksign, hlp_pksign },
3451 { "PKDECRYPT", cmd_pkdecrypt, hlp_pkdecrypt },
3452 { "GENKEY", cmd_genkey, hlp_genkey },
3453 { "READKEY", cmd_readkey, hlp_readkey },
3454 { "GET_PASSPHRASE", cmd_get_passphrase, hlp_get_passphrase },
3455 { "PRESET_PASSPHRASE", cmd_preset_passphrase, hlp_preset_passphrase },
3456 { "CLEAR_PASSPHRASE", cmd_clear_passphrase, hlp_clear_passphrase },
3457 { "GET_CONFIRMATION", cmd_get_confirmation, hlp_get_confirmation },
3458 { "LISTTRUSTED", cmd_listtrusted, hlp_listtrusted },
3459 { "MARKTRUSTED", cmd_marktrusted, hlp_martrusted },
3460 { "LEARN", cmd_learn, hlp_learn },
3461 { "PASSWD", cmd_passwd, hlp_passwd },
3464 { "SCD", cmd_scd, hlp_scd },
3465 { "KEYWRAP_KEY", cmd_keywrap_key, hlp_keywrap_key },
3466 { "IMPORT_KEY", cmd_import_key, hlp_import_key },
3467 { "EXPORT_KEY", cmd_export_key, hlp_export_key },
3468 { "DELETE_KEY", cmd_delete_key, hlp_delete_key },
3469 { "GETVAL", cmd_getval, hlp_getval },
3470 { "PUTVAL", cmd_putval, hlp_putval },
3471 { "UPDATESTARTUPTTY", cmd_updatestartuptty, hlp_updatestartuptty },
3472 { "KILLAGENT", cmd_killagent, hlp_killagent },
3473 { "RELOADAGENT", cmd_reloadagent,hlp_reloadagent },
3474 { "GETINFO", cmd_getinfo, hlp_getinfo },
3475 { "KEYTOCARD", cmd_keytocard, hlp_keytocard },
3480 for (i=0; table[i].name; i++)
3482 rc = assuan_register_command (ctx, table[i].name, table[i].handler,
3487 assuan_register_post_cmd_notify (ctx, post_cmd_notify);
3488 assuan_register_reset_notify (ctx, reset_notify);
3489 assuan_register_option_handler (ctx, option_handler);
3494 /* Startup the server. If LISTEN_FD and FD is given as -1, this is a
3495 simple piper server, otherwise it is a regular server. CTRL is the
3496 control structure for this connection; it has only the basic
3499 start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd)
3502 assuan_context_t ctx = NULL;
3504 if (ctrl->restricted)
3506 if (agent_copy_startup_env (ctrl))
3510 rc = assuan_new (&ctx);
3513 log_error ("failed to allocate assuan context: %s\n", gpg_strerror (rc));
3517 if (listen_fd == GNUPG_INVALID_FD && fd == GNUPG_INVALID_FD)
3519 assuan_fd_t filedes[2];
3521 filedes[0] = assuan_fdopen (0);
3522 filedes[1] = assuan_fdopen (1);
3523 rc = assuan_init_pipe_server (ctx, filedes);
3525 else if (listen_fd != GNUPG_INVALID_FD)
3527 rc = assuan_init_socket_server (ctx, listen_fd, 0);
3528 /* FIXME: Need to call assuan_sock_set_nonce for Windows. But
3529 this branch is currently not used. */
3533 rc = assuan_init_socket_server (ctx, fd, ASSUAN_SOCKET_SERVER_ACCEPTED);
3537 log_error ("failed to initialize the server: %s\n",
3541 rc = register_commands (ctx);
3544 log_error ("failed to register commands with Assuan: %s\n",
3549 assuan_set_pointer (ctx, ctrl);
3550 ctrl->server_local = xcalloc (1, sizeof *ctrl->server_local);
3551 ctrl->server_local->assuan_ctx = ctx;
3552 ctrl->server_local->use_cache_for_signing = 1;
3554 ctrl->digest.raw_value = 0;
3556 assuan_set_io_monitor (ctx, io_monitor, NULL);
3557 agent_set_progress_cb (progress_cb, ctrl);
3563 rc = assuan_accept (ctx);
3564 if (gpg_err_code (rc) == GPG_ERR_EOF || rc == -1)
3570 log_info ("Assuan accept problem: %s\n", gpg_strerror (rc));
3574 client_pid = assuan_get_pid (ctx);
3575 ctrl->server_local->connect_from_self = (client_pid == getpid ());
3576 if (client_pid != ASSUAN_INVALID_PID)
3577 ctrl->client_pid = (unsigned long)client_pid;
3579 ctrl->client_pid = 0;
3581 rc = assuan_process (ctx);
3584 log_info ("Assuan processing failed: %s\n", gpg_strerror (rc));
3589 /* Reset the nonce caches. */
3590 clear_nonce_cache (ctrl);
3592 /* Reset the SCD if needed. */
3593 agent_reset_scd (ctrl);
3595 /* Reset the pinentry (in case of popup messages). */
3596 agent_reset_query (ctrl);
3599 assuan_release (ctx);
3600 xfree (ctrl->server_local->keydesc);
3601 xfree (ctrl->server_local->import_key);
3602 xfree (ctrl->server_local->export_key);
3603 if (ctrl->server_local->stopme)
3605 xfree (ctrl->server_local);
3606 ctrl->server_local = NULL;
3610 /* Helper for the pinentry loopback mode. It merely passes the
3611 parameters on to the client. */
3613 pinentry_loopback(ctrl_t ctrl, const char *keyword,
3614 unsigned char **buffer, size_t *size,
3618 assuan_context_t ctx = ctrl->server_local->assuan_ctx;
3620 rc = print_assuan_status (ctx, "INQUIRE_MAXLEN", "%zu", max_length);
3624 assuan_begin_confidential (ctx);
3625 rc = assuan_inquire (ctx, keyword, buffer, size, max_length);
3626 assuan_end_confidential (ctx);