1 /* call-agent.c - Divert GPGSM operations to the agent
2 * Copyright (C) 2001, 2002, 2003, 2005, 2007,
3 * 2008, 2009, 2010 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
38 #include "keydb.h" /* fixme: Move this to import.c */
40 #include "shareddefs.h"
41 #include "passphrase.h"
44 static assuan_context_t agent_ctx = NULL;
51 const unsigned char *ciphertext;
59 const unsigned char *sexp;
71 struct import_key_parm_s
79 struct default_inq_parm_s
86 /* Print a warning if the server's version number is less than our
87 version number. Returns an error code on a connection problem. */
89 warn_version_mismatch (ctrl_t ctrl, assuan_context_t ctx,
90 const char *servername, int mode)
94 const char *myversion = strusage (13);
96 err = get_assuan_server_version (ctx, mode, &serverversion);
98 log_error (_("error getting version from '%s': %s\n"),
99 servername, gpg_strerror (err));
100 else if (!compare_version_strings (serverversion, myversion))
104 warn = xtryasprintf (_("server '%s' is older than us (%s < %s)"),
105 servername, serverversion, myversion);
107 err = gpg_error_from_syserror ();
110 log_info (_("WARNING: %s\n"), warn);
111 gpgsm_status2 (ctrl, STATUS_WARNING, "server_version_mismatch 0",
116 xfree (serverversion);
121 /* Try to connect to the agent via socket or fork it off and work by
122 pipes. Handle the server's initial greeting */
124 start_agent (ctrl_t ctrl)
129 rc = 0; /* fixme: We need a context for each thread or
130 serialize the access to the agent (which is
131 suitable given that the agent is not MT. */
134 rc = start_new_gpg_agent (&agent_ctx,
135 GPG_ERR_SOURCE_DEFAULT,
138 opt.lc_ctype, opt.lc_messages,
140 opt.autostart, opt.verbose, DBG_IPC,
141 gpgsm_status2, ctrl);
143 if (!opt.autostart && gpg_err_code (rc) == GPG_ERR_NO_AGENT)
150 log_info (_("no gpg-agent running in this session\n"));
153 else if (!rc && !(rc = warn_version_mismatch (ctrl, agent_ctx,
156 /* Tell the agent that we support Pinentry notifications. No
157 error checking so that it will work also with older
159 assuan_transact (agent_ctx, "OPTION allow-pinentry-notify",
160 NULL, NULL, NULL, NULL, NULL, NULL);
162 /* Pass on the pinentry mode. */
163 if (opt.pinentry_mode)
165 char *tmp = xasprintf ("OPTION pinentry-mode=%s",
166 str_pinentry_mode (opt.pinentry_mode));
167 rc = assuan_transact (agent_ctx, tmp,
168 NULL, NULL, NULL, NULL, NULL, NULL);
171 log_error ("setting pinentry mode '%s' failed: %s\n",
172 str_pinentry_mode (opt.pinentry_mode),
178 if (!ctrl->agent_seen)
180 ctrl->agent_seen = 1;
181 audit_log_ok (ctrl->audit, AUDIT_AGENT_READY, rc);
187 /* This is the default inquiry callback. It mainly handles the
188 Pinentry notifications. */
190 default_inq_cb (void *opaque, const char *line)
193 struct default_inq_parm_s *parm = opaque;
194 ctrl_t ctrl = parm->ctrl;
196 if (has_leading_keyword (line, "PINENTRY_LAUNCHED"))
198 err = gpgsm_proxy_pinentry_notify (ctrl, line);
200 log_error (_("failed to proxy %s inquiry to client\n"),
201 "PINENTRY_LAUNCHED");
202 /* We do not pass errors to avoid breaking other code. */
204 else if ((has_leading_keyword (line, "PASSPHRASE")
205 || has_leading_keyword (line, "NEW_PASSPHRASE"))
206 && opt.pinentry_mode == PINENTRY_MODE_LOOPBACK
207 && have_static_passphrase ())
209 const char *s = get_static_passphrase ();
210 err = assuan_send_data (parm->ctx, s, strlen (s));
213 log_error ("ignoring gpg-agent inquiry '%s'\n", line);
221 /* Call the agent to do a sign operation using the key identified by
222 the hex string KEYGRIP. */
224 gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
225 unsigned char *digest, size_t digestlen, int digestalgo,
226 unsigned char **r_buf, size_t *r_buflen )
229 char *p, line[ASSUAN_LINELENGTH];
232 struct default_inq_parm_s inq_parm = { ctrl, agent_ctx };
235 rc = start_agent (ctrl);
239 if (digestlen*2 + 50 > DIM(line))
240 return gpg_error (GPG_ERR_GENERAL);
242 rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
246 snprintf (line, DIM(line)-1, "SIGKEY %s", keygrip);
247 line[DIM(line)-1] = 0;
248 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
254 snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
255 line[DIM(line)-1] = 0;
256 rc = assuan_transact (agent_ctx, line,
257 NULL, NULL, NULL, NULL, NULL, NULL);
262 sprintf (line, "SETHASH %d ", digestalgo);
263 p = line + strlen (line);
264 for (i=0; i < digestlen ; i++, p += 2 )
265 sprintf (p, "%02X", digest[i]);
266 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
270 init_membuf (&data, 1024);
271 rc = assuan_transact (agent_ctx, "PKSIGN",
272 put_membuf_cb, &data, default_inq_cb, &inq_parm,
276 xfree (get_membuf (&data, &len));
279 *r_buf = get_membuf (&data, r_buflen);
281 if (!gcry_sexp_canon_len (*r_buf, *r_buflen, NULL, NULL))
283 xfree (*r_buf); *r_buf = NULL;
284 return gpg_error (GPG_ERR_INV_VALUE);
287 return *r_buf? 0 : out_of_core ();
291 /* Call the scdaemon to do a sign operation using the key identified by
292 the hex string KEYID. */
294 gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
295 unsigned char *digest, size_t digestlen, int digestalgo,
296 unsigned char **r_buf, size_t *r_buflen )
299 char *p, line[ASSUAN_LINELENGTH];
303 unsigned char *sigbuf;
305 struct default_inq_parm_s inq_parm = { ctrl, agent_ctx };
313 case GCRY_MD_SHA1: hashopt = "--hash=sha1"; break;
314 case GCRY_MD_RMD160:hashopt = "--hash=rmd160"; break;
315 case GCRY_MD_MD5: hashopt = "--hash=md5"; break;
316 case GCRY_MD_SHA256:hashopt = "--hash=sha256"; break;
318 return gpg_error (GPG_ERR_DIGEST_ALGO);
321 rc = start_agent (ctrl);
325 if (digestlen*2 + 50 > DIM(line))
326 return gpg_error (GPG_ERR_GENERAL);
328 p = stpcpy (line, "SCD SETDATA " );
329 for (i=0; i < digestlen ; i++, p += 2 )
330 sprintf (p, "%02X", digest[i]);
331 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
335 init_membuf (&data, 1024);
337 snprintf (line, DIM(line)-1, "SCD PKSIGN %s %s", hashopt, keyid);
338 line[DIM(line)-1] = 0;
339 rc = assuan_transact (agent_ctx, line,
340 put_membuf_cb, &data, default_inq_cb, &inq_parm,
344 xfree (get_membuf (&data, &len));
347 sigbuf = get_membuf (&data, &sigbuflen);
349 /* Create an S-expression from it which is formatted like this:
350 "(7:sig-val(3:rsa(1:sSIGBUFLEN:SIGBUF)))" Fixme: If a card ever
351 creates non-RSA keys we need to change things. */
352 *r_buflen = 21 + 11 + sigbuflen + 4;
353 p = xtrymalloc (*r_buflen);
354 *r_buf = (unsigned char*)p;
360 p = stpcpy (p, "(7:sig-val(3:rsa(1:s" );
361 sprintf (p, "%u:", (unsigned int)sigbuflen);
363 memcpy (p, sigbuf, sigbuflen);
368 assert (gcry_sexp_canon_len (*r_buf, *r_buflen, NULL, NULL));
375 /* Handle a CIPHERTEXT inquiry. Note, we only send the data,
376 assuan_transact takes care of flushing and writing the end */
378 inq_ciphertext_cb (void *opaque, const char *line)
380 struct cipher_parm_s *parm = opaque;
383 if (has_leading_keyword (line, "CIPHERTEXT"))
385 assuan_begin_confidential (parm->ctx);
386 rc = assuan_send_data (parm->ctx, parm->ciphertext, parm->ciphertextlen);
387 assuan_end_confidential (parm->ctx);
391 struct default_inq_parm_s inq_parm = { parm->ctrl, parm->ctx };
392 rc = default_inq_cb (&inq_parm, line);
399 /* Call the agent to do a decrypt operation using the key identified by
400 the hex string KEYGRIP. */
402 gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
403 ksba_const_sexp_t ciphertext,
404 char **r_buf, size_t *r_buflen )
407 char line[ASSUAN_LINELENGTH];
409 struct cipher_parm_s cipher_parm;
411 char *p, *buf, *endp;
412 size_t ciphertextlen;
414 if (!keygrip || strlen(keygrip) != 40 || !ciphertext || !r_buf || !r_buflen)
415 return gpg_error (GPG_ERR_INV_VALUE);
418 ciphertextlen = gcry_sexp_canon_len (ciphertext, 0, NULL, NULL);
420 return gpg_error (GPG_ERR_INV_VALUE);
422 rc = start_agent (ctrl);
426 rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
430 assert ( DIM(line) >= 50 );
431 snprintf (line, DIM(line)-1, "SETKEY %s", keygrip);
432 line[DIM(line)-1] = 0;
433 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
439 snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
440 line[DIM(line)-1] = 0;
441 rc = assuan_transact (agent_ctx, line,
442 NULL, NULL, NULL, NULL, NULL, NULL);
447 init_membuf (&data, 1024);
448 cipher_parm.ctrl = ctrl;
449 cipher_parm.ctx = agent_ctx;
450 cipher_parm.ciphertext = ciphertext;
451 cipher_parm.ciphertextlen = ciphertextlen;
452 rc = assuan_transact (agent_ctx, "PKDECRYPT",
453 put_membuf_cb, &data,
454 inq_ciphertext_cb, &cipher_parm, NULL, NULL);
457 xfree (get_membuf (&data, &len));
461 put_membuf (&data, "", 1); /* Make sure it is 0 terminated. */
462 buf = get_membuf (&data, &len);
464 return gpg_error (GPG_ERR_ENOMEM);
465 assert (len); /* (we forced Nul termination.) */
469 if (len < 13 || memcmp (buf, "(5:value", 8) ) /* "(5:valueN:D)\0" */
470 return gpg_error (GPG_ERR_INV_SEXP);
471 len -= 11; /* Count only the data of the second part. */
472 p = buf + 8; /* Skip leading parenthesis and the value tag. */
476 /* For compatibility with older gpg-agents handle the old style
477 incomplete S-exps. */
478 len--; /* Do not count the Nul. */
482 n = strtoul (p, &endp, 10);
483 if (!n || *endp != ':')
484 return gpg_error (GPG_ERR_INV_SEXP);
487 return gpg_error (GPG_ERR_INV_SEXP); /* Oops: Inconsistent S-Exp. */
489 memmove (buf, endp, n);
500 /* Handle a KEYPARMS inquiry. Note, we only send the data,
501 assuan_transact takes care of flushing and writing the end */
503 inq_genkey_parms (void *opaque, const char *line)
505 struct genkey_parm_s *parm = opaque;
508 if (has_leading_keyword (line, "KEYPARAM"))
510 rc = assuan_send_data (parm->ctx, parm->sexp, parm->sexplen);
514 struct default_inq_parm_s inq_parm = { parm->ctrl, parm->ctx };
515 rc = default_inq_cb (&inq_parm, line);
523 /* Call the agent to generate a newkey */
525 gpgsm_agent_genkey (ctrl_t ctrl,
526 ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey)
529 struct genkey_parm_s gk_parm;
535 rc = start_agent (ctrl);
539 rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
543 init_membuf (&data, 1024);
545 gk_parm.ctx = agent_ctx;
546 gk_parm.sexp = keyparms;
547 gk_parm.sexplen = gcry_sexp_canon_len (keyparms, 0, NULL, NULL);
548 if (!gk_parm.sexplen)
549 return gpg_error (GPG_ERR_INV_VALUE);
550 rc = assuan_transact (agent_ctx, "GENKEY",
551 put_membuf_cb, &data,
552 inq_genkey_parms, &gk_parm, NULL, NULL);
555 xfree (get_membuf (&data, &len));
558 buf = get_membuf (&data, &len);
560 return gpg_error (GPG_ERR_ENOMEM);
561 if (!gcry_sexp_canon_len (buf, len, NULL, NULL))
564 return gpg_error (GPG_ERR_INV_SEXP);
571 /* Call the agent to read the public key part for a given keygrip. If
572 FROMCARD is true, the key is directly read from the current
573 smartcard. In this case HEXKEYGRIP should be the keyID
576 gpgsm_agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
577 ksba_sexp_t *r_pubkey)
583 char line[ASSUAN_LINELENGTH];
584 struct default_inq_parm_s inq_parm = { ctrl, agent_ctx };
587 rc = start_agent (ctrl);
591 rc = assuan_transact (agent_ctx, "RESET",NULL, NULL, NULL, NULL, NULL, NULL);
595 snprintf (line, DIM(line)-1, "%sREADKEY %s",
596 fromcard? "SCD ":"", hexkeygrip);
597 line[DIM(line)-1] = 0;
599 init_membuf (&data, 1024);
600 rc = assuan_transact (agent_ctx, line,
601 put_membuf_cb, &data,
602 default_inq_cb, &inq_parm, NULL, NULL);
605 xfree (get_membuf (&data, &len));
608 buf = get_membuf (&data, &len);
610 return gpg_error (GPG_ERR_ENOMEM);
611 if (!gcry_sexp_canon_len (buf, len, NULL, NULL))
614 return gpg_error (GPG_ERR_INV_SEXP);
622 /* Take the serial number from LINE and return it verbatim in a newly
623 allocated string. We make sure that only hex characters are
626 store_serialno (const char *line)
631 for (s=line; hexdigitp (s); s++)
633 p = xtrymalloc (s + 1 - line);
636 memcpy (p, line, s-line);
643 /* Callback for the gpgsm_agent_serialno function. */
645 scd_serialno_status_cb (void *opaque, const char *line)
647 char **r_serialno = opaque;
648 const char *keyword = line;
651 for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
653 while (spacep (line))
656 if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
659 *r_serialno = store_serialno (line);
666 /* Call the agent to read the serial number of the current card. */
668 gpgsm_agent_scd_serialno (ctrl_t ctrl, char **r_serialno)
671 char *serialno = NULL;
672 struct default_inq_parm_s inq_parm = { ctrl, agent_ctx };
675 rc = start_agent (ctrl);
679 rc = assuan_transact (agent_ctx, "SCD SERIALNO",
681 default_inq_cb, &inq_parm,
682 scd_serialno_status_cb, &serialno);
683 if (!rc && !serialno)
684 rc = gpg_error (GPG_ERR_INTERNAL);
690 *r_serialno = serialno;
696 /* Callback for the gpgsm_agent_serialno function. */
698 scd_keypairinfo_status_cb (void *opaque, const char *line)
700 strlist_t *listaddr = opaque;
701 const char *keyword = line;
706 for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
708 while (spacep (line))
711 if (keywordlen == 11 && !memcmp (keyword, "KEYPAIRINFO", keywordlen))
713 sl = append_to_strlist (listaddr, line);
715 /* Make sure that we only have two tokes so that future
716 extensions of the format won't change the format expected by
718 while (*p && !spacep (p))
724 while (*p && !spacep (p))
734 /* Call the agent to read the keypairinfo lines of the current card.
735 The list is returned as a string made up of the keygrip, a space
738 gpgsm_agent_scd_keypairinfo (ctrl_t ctrl, strlist_t *r_list)
741 strlist_t list = NULL;
742 struct default_inq_parm_s inq_parm = { ctrl, agent_ctx };
745 rc = start_agent (ctrl);
749 rc = assuan_transact (agent_ctx, "SCD LEARN --force",
751 default_inq_cb, &inq_parm,
752 scd_keypairinfo_status_cb, &list);
754 rc = gpg_error (GPG_ERR_NO_DATA);
767 istrusted_status_cb (void *opaque, const char *line)
769 struct rootca_flags_s *flags = opaque;
772 if ((s = has_leading_keyword (line, "TRUSTLISTFLAG")))
775 if (has_leading_keyword (line, "relax"))
777 else if (has_leading_keyword (line, "cm"))
778 flags->chain_model = 1;
785 /* Ask the agent whether the certificate is in the list of trusted
786 keys. The certificate is either specified by the CERT object or by
787 the fingerprint HEXFPR. ROOTCA_FLAGS is guaranteed to be cleared
790 gpgsm_agent_istrusted (ctrl_t ctrl, ksba_cert_t cert, const char *hexfpr,
791 struct rootca_flags_s *rootca_flags)
794 char line[ASSUAN_LINELENGTH];
796 memset (rootca_flags, 0, sizeof *rootca_flags);
799 return gpg_error (GPG_ERR_INV_ARG);
801 rc = start_agent (ctrl);
807 snprintf (line, DIM(line)-1, "ISTRUSTED %s", hexfpr);
808 line[DIM(line)-1] = 0;
814 fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
817 log_error ("error getting the fingerprint\n");
818 return gpg_error (GPG_ERR_GENERAL);
821 snprintf (line, DIM(line)-1, "ISTRUSTED %s", fpr);
822 line[DIM(line)-1] = 0;
826 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL,
827 istrusted_status_cb, rootca_flags);
829 rootca_flags->valid = 1;
833 /* Ask the agent to mark CERT as a trusted Root-CA one */
835 gpgsm_agent_marktrusted (ctrl_t ctrl, ksba_cert_t cert)
838 char *fpr, *dn, *dnfmt;
839 char line[ASSUAN_LINELENGTH];
840 struct default_inq_parm_s inq_parm = { ctrl, agent_ctx };
842 rc = start_agent (ctrl);
846 fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
849 log_error ("error getting the fingerprint\n");
850 return gpg_error (GPG_ERR_GENERAL);
853 dn = ksba_cert_get_issuer (cert, 0);
857 return gpg_error (GPG_ERR_GENERAL);
859 dnfmt = gpgsm_format_name2 (dn, 0);
862 return gpg_error_from_syserror ();
863 snprintf (line, DIM(line)-1, "MARKTRUSTED %s S %s", fpr, dnfmt);
864 line[DIM(line)-1] = 0;
868 rc = assuan_transact (agent_ctx, line, NULL, NULL,
869 default_inq_cb, &inq_parm, NULL, NULL);
875 /* Ask the agent whether the a corresponding secret key is available
876 for the given keygrip */
878 gpgsm_agent_havekey (ctrl_t ctrl, const char *hexkeygrip)
881 char line[ASSUAN_LINELENGTH];
883 rc = start_agent (ctrl);
887 if (!hexkeygrip || strlen (hexkeygrip) != 40)
888 return gpg_error (GPG_ERR_INV_VALUE);
890 snprintf (line, DIM(line)-1, "HAVEKEY %s", hexkeygrip);
891 line[DIM(line)-1] = 0;
893 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
899 learn_status_cb (void *opaque, const char *line)
901 struct learn_parm_s *parm = opaque;
904 /* Pass progress data to the caller. */
905 if ((s = has_leading_keyword (line, "PROGRESS")))
910 if (gpgsm_status (parm->ctrl, STATUS_PROGRESS, line))
911 return gpg_error (GPG_ERR_ASS_CANCELED);
918 learn_cb (void *opaque, const void *buffer, size_t length)
920 struct learn_parm_s *parm = opaque;
931 put_membuf (parm->data, buffer, length);
934 /* END encountered - process what we have */
935 buf = get_membuf (parm->data, &len);
938 parm->error = gpg_error (GPG_ERR_ENOMEM);
942 if (gpgsm_status (parm->ctrl, STATUS_PROGRESS, "learncard C 0 0"))
943 return gpg_error (GPG_ERR_ASS_CANCELED);
945 /* FIXME: this should go into import.c */
946 rc = ksba_cert_new (&cert);
952 rc = ksba_cert_init_from_mem (cert, buf, len);
955 log_error ("failed to parse a certificate: %s\n", gpg_strerror (rc));
956 ksba_cert_release (cert);
961 /* We do not store a certifciate with missing issuers as ephemeral
962 because we can assume that the --learn-card command has been used
964 rc = gpgsm_basic_cert_check (parm->ctrl, cert);
965 if (rc && gpg_err_code (rc) != GPG_ERR_MISSING_CERT
966 && gpg_err_code (rc) != GPG_ERR_MISSING_ISSUER_CERT)
967 log_error ("invalid certificate: %s\n", gpg_strerror (rc));
972 if (!keydb_store_cert (cert, 0, &existed))
974 if (opt.verbose > 1 && existed)
975 log_info ("certificate already in DB\n");
976 else if (opt.verbose && !existed)
977 log_info ("certificate imported\n");
981 ksba_cert_release (cert);
982 init_membuf (parm->data, 4096);
986 /* Call the agent to learn about a smartcard */
988 gpgsm_agent_learn (ctrl_t ctrl)
991 struct learn_parm_s learn_parm;
995 rc = start_agent (ctrl);
999 rc = warn_version_mismatch (ctrl, agent_ctx, SCDAEMON_NAME, 2);
1003 init_membuf (&data, 4096);
1004 learn_parm.error = 0;
1005 learn_parm.ctrl = ctrl;
1006 learn_parm.ctx = agent_ctx;
1007 learn_parm.data = &data;
1008 rc = assuan_transact (agent_ctx, "LEARN --send",
1009 learn_cb, &learn_parm,
1011 learn_status_cb, &learn_parm);
1012 xfree (get_membuf (&data, &len));
1015 return learn_parm.error;
1019 /* Ask the agent to change the passphrase of the key identified by
1020 HEXKEYGRIP. If DESC is not NULL, display instead of the default
1021 description message. */
1023 gpgsm_agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc)
1026 char line[ASSUAN_LINELENGTH];
1027 struct default_inq_parm_s inq_parm = { ctrl, agent_ctx };
1029 rc = start_agent (ctrl);
1033 if (!hexkeygrip || strlen (hexkeygrip) != 40)
1034 return gpg_error (GPG_ERR_INV_VALUE);
1038 snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
1039 line[DIM(line)-1] = 0;
1040 rc = assuan_transact (agent_ctx, line,
1041 NULL, NULL, NULL, NULL, NULL, NULL);
1046 snprintf (line, DIM(line)-1, "PASSWD %s", hexkeygrip);
1047 line[DIM(line)-1] = 0;
1049 rc = assuan_transact (agent_ctx, line, NULL, NULL,
1050 default_inq_cb, &inq_parm, NULL, NULL);
1056 /* Ask the agent to pop up a confirmation dialog with the text DESC
1057 and an okay and cancel button. */
1059 gpgsm_agent_get_confirmation (ctrl_t ctrl, const char *desc)
1062 char line[ASSUAN_LINELENGTH];
1063 struct default_inq_parm_s inq_parm = { ctrl, agent_ctx };
1065 rc = start_agent (ctrl);
1069 snprintf (line, DIM(line)-1, "GET_CONFIRMATION %s", desc);
1070 line[DIM(line)-1] = 0;
1072 rc = assuan_transact (agent_ctx, line, NULL, NULL,
1073 default_inq_cb, &inq_parm, NULL, NULL);
1079 /* Return 0 if the agent is alive. This is useful to make sure that
1080 an agent has been started. */
1082 gpgsm_agent_send_nop (ctrl_t ctrl)
1086 rc = start_agent (ctrl);
1088 rc = assuan_transact (agent_ctx, "NOP",
1089 NULL, NULL, NULL, NULL, NULL, NULL);
1096 keyinfo_status_cb (void *opaque, const char *line)
1098 char **serialno = opaque;
1101 if ((s = has_leading_keyword (line, "KEYINFO")) && !*serialno)
1103 s = strchr (s, ' ');
1104 if (s && s[1] == 'T' && s[2] == ' ' && s[3])
1107 s2 = strchr (s, ' ');
1110 *serialno = xtrymalloc ((s2 - s)+1);
1113 memcpy (*serialno, s, s2 - s);
1114 (*serialno)[s2 - s] = 0;
1122 /* Return the serial number for a secret key. If the returned serial
1123 number is NULL, the key is not stored on a smartcard. Caller needs
1124 to free R_SERIALNO. */
1126 gpgsm_agent_keyinfo (ctrl_t ctrl, const char *hexkeygrip, char **r_serialno)
1129 char line[ASSUAN_LINELENGTH];
1130 char *serialno = NULL;
1134 err = start_agent (ctrl);
1138 if (!hexkeygrip || strlen (hexkeygrip) != 40)
1139 return gpg_error (GPG_ERR_INV_VALUE);
1141 snprintf (line, DIM(line)-1, "KEYINFO %s", hexkeygrip);
1142 line[DIM(line)-1] = 0;
1144 err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL,
1145 keyinfo_status_cb, &serialno);
1146 if (!err && serialno)
1148 /* Sanity check for bad characters. */
1149 if (strpbrk (serialno, ":\n\r"))
1150 err = GPG_ERR_INV_VALUE;
1155 *r_serialno = serialno;
1161 /* Ask for the passphrase (this is used for pkcs#12 import/export. On
1162 success the caller needs to free the string stored at R_PASSPHRASE.
1163 On error NULL will be stored at R_PASSPHRASE and an appropriate
1164 error code returned. If REPEAT is true the agent tries to get a
1165 new passphrase (i.e. asks the user to confirm it). */
1167 gpgsm_agent_ask_passphrase (ctrl_t ctrl, const char *desc_msg, int repeat,
1168 char **r_passphrase)
1171 char line[ASSUAN_LINELENGTH];
1174 struct default_inq_parm_s inq_parm = { ctrl, agent_ctx };
1176 *r_passphrase = NULL;
1178 err = start_agent (ctrl);
1182 if (desc_msg && *desc_msg && !(arg4 = percent_plus_escape (desc_msg)))
1183 return gpg_error_from_syserror ();
1185 snprintf (line, DIM(line)-1, "GET_PASSPHRASE --data%s -- X X X %s",
1186 repeat? " --repeat=1 --check --qualitybar":"",
1190 init_membuf_secure (&data, 64);
1191 err = assuan_transact (agent_ctx, line,
1192 put_membuf_cb, &data,
1193 default_inq_cb, &inq_parm, NULL, NULL);
1196 xfree (get_membuf (&data, NULL));
1199 put_membuf (&data, "", 1);
1200 *r_passphrase = get_membuf (&data, NULL);
1202 err = gpg_error_from_syserror ();
1209 /* Retrieve a key encryption key from the agent. With FOREXPORT true
1210 the key shall be use for export, with false for import. On success
1211 the new key is stored at R_KEY and its length at R_KEKLEN. */
1213 gpgsm_agent_keywrap_key (ctrl_t ctrl, int forexport,
1214 void **r_kek, size_t *r_keklen)
1220 char line[ASSUAN_LINELENGTH];
1221 struct default_inq_parm_s inq_parm = { ctrl, agent_ctx };
1224 err = start_agent (ctrl);
1228 snprintf (line, DIM(line)-1, "KEYWRAP_KEY %s",
1229 forexport? "--export":"--import");
1231 init_membuf_secure (&data, 64);
1232 err = assuan_transact (agent_ctx, line,
1233 put_membuf_cb, &data,
1234 default_inq_cb, &inq_parm, NULL, NULL);
1237 xfree (get_membuf (&data, &len));
1240 buf = get_membuf (&data, &len);
1242 return gpg_error_from_syserror ();
1251 /* Handle the inquiry for an IMPORT_KEY command. */
1253 inq_import_key_parms (void *opaque, const char *line)
1255 struct import_key_parm_s *parm = opaque;
1258 if (has_leading_keyword (line, "KEYDATA"))
1260 assuan_begin_confidential (parm->ctx);
1261 err = assuan_send_data (parm->ctx, parm->key, parm->keylen);
1262 assuan_end_confidential (parm->ctx);
1266 struct default_inq_parm_s inq_parm = { parm->ctrl, parm->ctx };
1267 err = default_inq_cb (&inq_parm, line);
1274 /* Call the agent to import a key into the agent. */
1276 gpgsm_agent_import_key (ctrl_t ctrl, const void *key, size_t keylen)
1279 struct import_key_parm_s parm;
1281 err = start_agent (ctrl);
1286 parm.ctx = agent_ctx;
1288 parm.keylen = keylen;
1290 err = assuan_transact (agent_ctx, "IMPORT_KEY",
1291 NULL, NULL, inq_import_key_parms, &parm, NULL, NULL);
1297 /* Receive a secret key from the agent. KEYGRIP is the hexified
1298 keygrip, DESC a prompt to be displayed with the agent's passphrase
1299 question (needs to be plus+percent escaped). On success the key is
1300 stored as a canonical S-expression at R_RESULT and R_RESULTLEN. */
1302 gpgsm_agent_export_key (ctrl_t ctrl, const char *keygrip, const char *desc,
1303 unsigned char **r_result, size_t *r_resultlen)
1309 char line[ASSUAN_LINELENGTH];
1310 struct default_inq_parm_s inq_parm = { ctrl, agent_ctx };
1314 err = start_agent (ctrl);
1320 snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
1321 err = assuan_transact (agent_ctx, line,
1322 NULL, NULL, NULL, NULL, NULL, NULL);
1327 snprintf (line, DIM(line)-1, "EXPORT_KEY %s", keygrip);
1329 init_membuf_secure (&data, 1024);
1330 err = assuan_transact (agent_ctx, line,
1331 put_membuf_cb, &data,
1332 default_inq_cb, &inq_parm, NULL, NULL);
1335 xfree (get_membuf (&data, &len));
1338 buf = get_membuf (&data, &len);
1340 return gpg_error_from_syserror ();