search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
* srv.c (getsrv): Raise maximum packet size to 2048, as PACKETSZ is
[gnupg.git] / sm / call-agent.c
blob1f8eecb3b9d97c7f7bae6e52a08fdacf483f9179
1 /* call-agent.c - Divert GPGSM operations to the agent
2 * Copyright (C) 2001, 2002, 2003, 2005, 2007,
3 * 2008, 2009 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <errno.h>
26 #include <unistd.h>
27 #include <time.h>
28 #include <assert.h>
29 #ifdef HAVE_LOCALE_H
30 #include <locale.h>
31 #endif
32
33 #include "gpgsm.h"
34 #include <gcrypt.h>
35 #include <assuan.h>
36 #include "i18n.h"
37 #include "asshelp.h"
38 #include "keydb.h" /* fixme: Move this to import.c */
39 #include "membuf.h"
40
41
42 static assuan_context_t agent_ctx = NULL;
43
44
45 struct cipher_parm_s
46 {
47 ctrl_t ctrl;
48 assuan_context_t ctx;
49 const unsigned char *ciphertext;
50 size_t ciphertextlen;
51 };
52
53 struct genkey_parm_s
54 {
55 ctrl_t ctrl;
56 assuan_context_t ctx;
57 const unsigned char *sexp;
58 size_t sexplen;
59 };
60
61 struct learn_parm_s
62 {
63 int error;
64 ctrl_t ctrl;
65 assuan_context_t ctx;
66 membuf_t *data;
67 };
68
69
70 \f
71 /* Try to connect to the agent via socket or fork it off and work by
72 pipes. Handle the server's initial greeting */
73 static int
74 start_agent (ctrl_t ctrl)
75 {
76 int rc;
77
78 if (agent_ctx)
79 rc = 0; /* fixme: We need a context for each thread or
80 serialize the access to the agent (which is
81 suitable given that the agent is not MT. */
82 else
83 {
84 rc = start_new_gpg_agent (&agent_ctx,
85 GPG_ERR_SOURCE_DEFAULT,
86 opt.homedir,
87 opt.agent_program,
88 opt.display, opt.ttyname, opt.ttytype,
89 opt.lc_ctype, opt.lc_messages,
90 opt.xauthority, opt.pinentry_user_data,
91 opt.verbose, DBG_ASSUAN,
92 gpgsm_status2, ctrl);
93
94 if (!rc)
95 {
96 /* Tell the agent that we support Pinentry notifications. No
97 error checking so that it will work also with older
98 agents. */
99 assuan_transact (agent_ctx, "OPTION allow-pinentry-notify",
100 NULL, NULL, NULL, NULL, NULL, NULL);
101 }
102 }
103
104 if (!ctrl->agent_seen)
105 {
106 ctrl->agent_seen = 1;
107 audit_log_ok (ctrl->audit, AUDIT_AGENT_READY, rc);
108 }
109
110 return rc;
111 }
112
113
114
115 static int
116 membuf_data_cb (void *opaque, const void *buffer, size_t length)
117 {
118 membuf_t *data = opaque;
119
120 if (buffer)
121 put_membuf (data, buffer, length);
122 return 0;
123 }
124
125
126 /* This is the default inquiry callback. It mainly handles the
127 Pinentry notifications. */
128 static int
129 default_inq_cb (void *opaque, const char *line)
130 {
131 gpg_error_t err;
132 ctrl_t ctrl = opaque;
133
134 if (!strncmp (line, "PINENTRY_LAUNCHED", 17) && (line[17]==' '||!line[17]))
135 {
136 err = gpgsm_proxy_pinentry_notify (ctrl, line);
137 if (err)
138 log_error (_("failed to proxy %s inquiry to client\n"),
139 "PINENTRY_LAUNCHED");
140 /* We do not pass errors to avoid breaking other code. */
141 }
142 else
143 log_error ("ignoring gpg-agent inquiry `%s'\n", line);
144
145 return 0;
146 }
147
148
149
150 \f
151 /* Call the agent to do a sign operation using the key identified by
152 the hex string KEYGRIP. */
153 int
154 gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
155 unsigned char *digest, size_t digestlen, int digestalgo,
156 unsigned char **r_buf, size_t *r_buflen )
157 {
158 int rc, i;
159 char *p, line[ASSUAN_LINELENGTH];
160 membuf_t data;
161 size_t len;
162
163 *r_buf = NULL;
164 rc = start_agent (ctrl);
165 if (rc)
166 return rc;
167
168 if (digestlen*2 + 50 > DIM(line))
169 return gpg_error (GPG_ERR_GENERAL);
170
171 rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
172 if (rc)
173 return rc;
174
175 snprintf (line, DIM(line)-1, "SIGKEY %s", keygrip);
176 line[DIM(line)-1] = 0;
177 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
178 if (rc)
179 return rc;
180
181 if (desc)
182 {
183 snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
184 line[DIM(line)-1] = 0;
185 rc = assuan_transact (agent_ctx, line,
186 NULL, NULL, NULL, NULL, NULL, NULL);
187 if (rc)
188 return rc;
189 }
190
191 sprintf (line, "SETHASH %d ", digestalgo);
192 p = line + strlen (line);
193 for (i=0; i < digestlen ; i++, p += 2 )
194 sprintf (p, "%02X", digest[i]);
195 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
196 if (rc)
197 return rc;
198
199 init_membuf (&data, 1024);
200 rc = assuan_transact (agent_ctx, "PKSIGN",
201 membuf_data_cb, &data, default_inq_cb, ctrl,
202 NULL, NULL);
203 if (rc)
204 {
205 xfree (get_membuf (&data, &len));
206 return rc;
207 }
208 *r_buf = get_membuf (&data, r_buflen);
209
210 if (!gcry_sexp_canon_len (*r_buf, *r_buflen, NULL, NULL))
211 {
212 xfree (*r_buf); *r_buf = NULL;
213 return gpg_error (GPG_ERR_INV_VALUE);
214 }
215
216 return *r_buf? 0 : out_of_core ();
217 }
218
219
220 /* Call the scdaemon to do a sign operation using the key identified by
221 the hex string KEYID. */
222 int
223 gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
224 unsigned char *digest, size_t digestlen, int digestalgo,
225 unsigned char **r_buf, size_t *r_buflen )
226 {
227 int rc, i;
228 char *p, line[ASSUAN_LINELENGTH];
229 membuf_t data;
230 size_t len;
231 const char *hashopt;
232 unsigned char *sigbuf;
233 size_t sigbuflen;
234
235 (void)desc;
236
237 *r_buf = NULL;
238
239 switch(digestalgo)
240 {
241 case GCRY_MD_SHA1: hashopt = "--hash=sha1"; break;
242 case GCRY_MD_RMD160:hashopt = "--hash=rmd160"; break;
243 case GCRY_MD_MD5: hashopt = "--hash=md5"; break;
244 case GCRY_MD_SHA256:hashopt = "--hash=sha256"; break;
245 default:
246 return gpg_error (GPG_ERR_DIGEST_ALGO);
247 }
248
249 rc = start_agent (ctrl);
250 if (rc)
251 return rc;
252
253 if (digestlen*2 + 50 > DIM(line))
254 return gpg_error (GPG_ERR_GENERAL);
255
256 p = stpcpy (line, "SCD SETDATA " );
257 for (i=0; i < digestlen ; i++, p += 2 )
258 sprintf (p, "%02X", digest[i]);
259 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
260 if (rc)
261 return rc;
262
263 init_membuf (&data, 1024);
264
265 snprintf (line, DIM(line)-1, "SCD PKSIGN %s %s", hashopt, keyid);
266 line[DIM(line)-1] = 0;
267 rc = assuan_transact (agent_ctx, line,
268 membuf_data_cb, &data, default_inq_cb, ctrl,
269 NULL, NULL);
270 if (rc)
271 {
272 xfree (get_membuf (&data, &len));
273 return rc;
274 }
275 sigbuf = get_membuf (&data, &sigbuflen);
276
277 /* Create an S-expression from it which is formatted like this:
278 "(7:sig-val(3:rsa(1:sSIGBUFLEN:SIGBUF)))" Fixme: If a card ever
279 creates non-RSA keys we need to change things. */
280 *r_buflen = 21 + 11 + sigbuflen + 4;
281 p = xtrymalloc (*r_buflen);
282 *r_buf = (unsigned char*)p;
283 if (!p)
284 {
285 xfree (sigbuf);
286 return 0;
287 }
288 p = stpcpy (p, "(7:sig-val(3:rsa(1:s" );
289 sprintf (p, "%u:", (unsigned int)sigbuflen);
290 p += strlen (p);
291 memcpy (p, sigbuf, sigbuflen);
292 p += sigbuflen;
293 strcpy (p, ")))");
294 xfree (sigbuf);
295
296 assert (gcry_sexp_canon_len (*r_buf, *r_buflen, NULL, NULL));
297 return 0;
298 }
299
300
301
302 \f
303 /* Handle a CIPHERTEXT inquiry. Note, we only send the data,
304 assuan_transact talkes care of flushing and writing the end */
305 static int
306 inq_ciphertext_cb (void *opaque, const char *line)
307 {
308 struct cipher_parm_s *parm = opaque;
309 int rc;
310
311 if (!strncmp (line, "CIPHERTEXT", 10) && (line[10]==' '||!line[10]))
312 {
313 assuan_begin_confidential (parm->ctx);
314 rc = assuan_send_data (parm->ctx, parm->ciphertext, parm->ciphertextlen);
315 assuan_end_confidential (parm->ctx);
316 }
317 else
318 rc = default_inq_cb (parm->ctrl, line);
319
320 return rc;
321 }
322
323
324 /* Call the agent to do a decrypt operation using the key identified by
325 the hex string KEYGRIP. */
326 int
327 gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
328 ksba_const_sexp_t ciphertext,
329 char **r_buf, size_t *r_buflen )
330 {
331 int rc;
332 char line[ASSUAN_LINELENGTH];
333 membuf_t data;
334 struct cipher_parm_s cipher_parm;
335 size_t n, len;
336 char *p, *buf, *endp;
337 size_t ciphertextlen;
338
339 if (!keygrip || strlen(keygrip) != 40 || !ciphertext || !r_buf || !r_buflen)
340 return gpg_error (GPG_ERR_INV_VALUE);
341 *r_buf = NULL;
342
343 ciphertextlen = gcry_sexp_canon_len (ciphertext, 0, NULL, NULL);
344 if (!ciphertextlen)
345 return gpg_error (GPG_ERR_INV_VALUE);
346
347 rc = start_agent (ctrl);
348 if (rc)
349 return rc;
350
351 rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
352 if (rc)
353 return rc;
354
355 assert ( DIM(line) >= 50 );
356 snprintf (line, DIM(line)-1, "SETKEY %s", keygrip);
357 line[DIM(line)-1] = 0;
358 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
359 if (rc)
360 return rc;
361
362 if (desc)
363 {
364 snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
365 line[DIM(line)-1] = 0;
366 rc = assuan_transact (agent_ctx, line,
367 NULL, NULL, NULL, NULL, NULL, NULL);
368 if (rc)
369 return rc;
370 }
371
372 init_membuf (&data, 1024);
373 cipher_parm.ctrl = ctrl;
374 cipher_parm.ctx = agent_ctx;
375 cipher_parm.ciphertext = ciphertext;
376 cipher_parm.ciphertextlen = ciphertextlen;
377 rc = assuan_transact (agent_ctx, "PKDECRYPT",
378 membuf_data_cb, &data,
379 inq_ciphertext_cb, &cipher_parm, NULL, NULL);
380 if (rc)
381 {
382 xfree (get_membuf (&data, &len));
383 return rc;
384 }
385
386 put_membuf (&data, "", 1); /* Make sure it is 0 terminated. */
387 buf = get_membuf (&data, &len);
388 if (!buf)
389 return gpg_error (GPG_ERR_ENOMEM);
390 assert (len); /* (we forced Nul termination.) */
391
392 if (*buf == '(')
393 {
394 if (len < 13 || memcmp (buf, "(5:value", 8) ) /* "(5:valueN:D)\0" */
395 return gpg_error (GPG_ERR_INV_SEXP);
396 len -= 11; /* Count only the data of the second part. */
397 p = buf + 8; /* Skip leading parenthesis and the value tag. */
398 }
399 else
400 {
401 /* For compatibility with older gpg-agents handle the old style
402 incomplete S-exps. */
403 len--; /* Do not count the Nul. */
404 p = buf;
405 }
406
407 n = strtoul (p, &endp, 10);
408 if (!n || *endp != ':')
409 return gpg_error (GPG_ERR_INV_SEXP);
410 endp++;
411 if (endp-p+n > len)
412 return gpg_error (GPG_ERR_INV_SEXP); /* Oops: Inconsistent S-Exp. */
413
414 memmove (buf, endp, n);
415
416 *r_buflen = n;
417 *r_buf = buf;
418 return 0;
419 }
420
421
422
423
424 \f
425 /* Handle a KEYPARMS inquiry. Note, we only send the data,
426 assuan_transact takes care of flushing and writing the end */
427 static int
428 inq_genkey_parms (void *opaque, const char *line)
429 {
430 struct genkey_parm_s *parm = opaque;
431 int rc;
432
433 if (!strncmp (line, "KEYPARAM", 8) && (line[8]==' '||!line[8]))
434 {
435 rc = assuan_send_data (parm->ctx, parm->sexp, parm->sexplen);
436 }
437 else
438 rc = default_inq_cb (parm->ctrl, line);
439
440 return rc;
441 }
442
443
444 \f
445 /* Call the agent to generate a newkey */
446 int
447 gpgsm_agent_genkey (ctrl_t ctrl,
448 ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey)
449 {
450 int rc;
451 struct genkey_parm_s gk_parm;
452 membuf_t data;
453 size_t len;
454 unsigned char *buf;
455
456 *r_pubkey = NULL;
457 rc = start_agent (ctrl);
458 if (rc)
459 return rc;
460
461 rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
462 if (rc)
463 return rc;
464
465 init_membuf (&data, 1024);
466 gk_parm.ctrl = ctrl;
467 gk_parm.ctx = agent_ctx;
468 gk_parm.sexp = keyparms;
469 gk_parm.sexplen = gcry_sexp_canon_len (keyparms, 0, NULL, NULL);
470 if (!gk_parm.sexplen)
471 return gpg_error (GPG_ERR_INV_VALUE);
472 rc = assuan_transact (agent_ctx, "GENKEY",
473 membuf_data_cb, &data,
474 inq_genkey_parms, &gk_parm, NULL, NULL);
475 if (rc)
476 {
477 xfree (get_membuf (&data, &len));
478 return rc;
479 }
480 buf = get_membuf (&data, &len);
481 if (!buf)
482 return gpg_error (GPG_ERR_ENOMEM);
483 if (!gcry_sexp_canon_len (buf, len, NULL, NULL))
484 {
485 xfree (buf);
486 return gpg_error (GPG_ERR_INV_SEXP);
487 }
488 *r_pubkey = buf;
489 return 0;
490 }
491
492 \f
493 /* Call the agent to read the public key part for a given keygrip. If
494 FROMCARD is true, the key is directly read from the current
495 smartcard. In this case HEXKEYGRIP should be the keyID
496 (e.g. OPENPGP.3). */
497 int
498 gpgsm_agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
499 ksba_sexp_t *r_pubkey)
500 {
501 int rc;
502 membuf_t data;
503 size_t len;
504 unsigned char *buf;
505 char line[ASSUAN_LINELENGTH];
506
507 *r_pubkey = NULL;
508 rc = start_agent (ctrl);
509 if (rc)
510 return rc;
511
512 rc = assuan_transact (agent_ctx, "RESET",NULL, NULL, NULL, NULL, NULL, NULL);
513 if (rc)
514 return rc;
515
516 snprintf (line, DIM(line)-1, "%sREADKEY %s",
517 fromcard? "SCD ":"", hexkeygrip);
518 line[DIM(line)-1] = 0;
519
520 init_membuf (&data, 1024);
521 rc = assuan_transact (agent_ctx, line,
522 membuf_data_cb, &data,
523 default_inq_cb, ctrl, NULL, NULL);
524 if (rc)
525 {
526 xfree (get_membuf (&data, &len));
527 return rc;
528 }
529 buf = get_membuf (&data, &len);
530 if (!buf)
531 return gpg_error (GPG_ERR_ENOMEM);
532 if (!gcry_sexp_canon_len (buf, len, NULL, NULL))
533 {
534 xfree (buf);
535 return gpg_error (GPG_ERR_INV_SEXP);
536 }
537 *r_pubkey = buf;
538 return 0;
539 }
540
541 \f
542
543 static int
544 istrusted_status_cb (void *opaque, const char *line)
545 {
546 struct rootca_flags_s *flags = opaque;
547
548 if (!strncmp (line, "TRUSTLISTFLAG", 13) && (line[13]==' ' || !line[13]))
549 {
550 for (line += 13; *line == ' '; line++)
551 ;
552 if (!strncmp (line, "relax", 5) && (line[5] == ' ' || !line[5]))
553 flags->relax = 1;
554 else if (!strncmp (line, "cm", 2) && (line[2] == ' ' || !line[2]))
555 flags->chain_model = 1;
556 }
557 return 0;
558 }
559
560
561
562 /* Ask the agent whether the certificate is in the list of trusted
563 keys. The certificate is either specified by the CERT object or by
564 the fingerprint HEXFPR. ROOTCA_FLAGS is guaranteed to be cleared
565 on error. */
566 int
567 gpgsm_agent_istrusted (ctrl_t ctrl, ksba_cert_t cert, const char *hexfpr,
568 struct rootca_flags_s *rootca_flags)
569 {
570 int rc;
571 char line[ASSUAN_LINELENGTH];
572
573 memset (rootca_flags, 0, sizeof *rootca_flags);
574
575 if (cert && hexfpr)
576 return gpg_error (GPG_ERR_INV_ARG);
577
578 rc = start_agent (ctrl);
579 if (rc)
580 return rc;
581
582 if (hexfpr)
583 {
584 snprintf (line, DIM(line)-1, "ISTRUSTED %s", hexfpr);
585 line[DIM(line)-1] = 0;
586 }
587 else
588 {
589 char *fpr;
590
591 fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
592 if (!fpr)
593 {
594 log_error ("error getting the fingerprint\n");
595 return gpg_error (GPG_ERR_GENERAL);
596 }
597
598 snprintf (line, DIM(line)-1, "ISTRUSTED %s", fpr);
599 line[DIM(line)-1] = 0;
600 xfree (fpr);
601 }
602
603 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL,
604 istrusted_status_cb, rootca_flags);
605 if (!rc)
606 rootca_flags->valid = 1;
607 return rc;
608 }
609
610 /* Ask the agent to mark CERT as a trusted Root-CA one */
611 int
612 gpgsm_agent_marktrusted (ctrl_t ctrl, ksba_cert_t cert)
613 {
614 int rc;
615 char *fpr, *dn, *dnfmt;
616 char line[ASSUAN_LINELENGTH];
617
618 rc = start_agent (ctrl);
619 if (rc)
620 return rc;
621
622 fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
623 if (!fpr)
624 {
625 log_error ("error getting the fingerprint\n");
626 return gpg_error (GPG_ERR_GENERAL);
627 }
628
629 dn = ksba_cert_get_issuer (cert, 0);
630 if (!dn)
631 {
632 xfree (fpr);
633 return gpg_error (GPG_ERR_GENERAL);
634 }
635 dnfmt = gpgsm_format_name2 (dn, 0);
636 xfree (dn);
637 if (!dnfmt)
638 return gpg_error_from_syserror ();
639 snprintf (line, DIM(line)-1, "MARKTRUSTED %s S %s", fpr, dnfmt);
640 line[DIM(line)-1] = 0;
641 ksba_free (dnfmt);
642 xfree (fpr);
643
644 rc = assuan_transact (agent_ctx, line, NULL, NULL,
645 default_inq_cb, ctrl, NULL, NULL);
646 return rc;
647 }
648
649
650 \f
651 /* Ask the agent whether the a corresponding secret key is available
652 for the given keygrip */
653 int
654 gpgsm_agent_havekey (ctrl_t ctrl, const char *hexkeygrip)
655 {
656 int rc;
657 char line[ASSUAN_LINELENGTH];
658
659 rc = start_agent (ctrl);
660 if (rc)
661 return rc;
662
663 if (!hexkeygrip || strlen (hexkeygrip) != 40)
664 return gpg_error (GPG_ERR_INV_VALUE);
665
666 snprintf (line, DIM(line)-1, "HAVEKEY %s", hexkeygrip);
667 line[DIM(line)-1] = 0;
668
669 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
670 return rc;
671 }
672
673 \f
674 static int
675 learn_status_cb (void *opaque, const char *line)
676 {
677 struct learn_parm_s *parm = opaque;
678
679 /* Pass progress data to the caller. */
680 if (!strncmp (line, "PROGRESS", 8) && (line[8]==' ' || !line[8]))
681 {
682 if (parm->ctrl)
683 {
684 for (line += 8; *line == ' '; line++)
685 ;
686 if (gpgsm_status (parm->ctrl, STATUS_PROGRESS, line))
687 return gpg_error (GPG_ERR_ASS_CANCELED);
688 }
689 }
690 return 0;
691 }
692
693 static int
694 learn_cb (void *opaque, const void *buffer, size_t length)
695 {
696 struct learn_parm_s *parm = opaque;
697 size_t len;
698 char *buf;
699 ksba_cert_t cert;
700 int rc;
701
702 if (parm->error)
703 return 0;
704
705 if (buffer)
706 {
707 put_membuf (parm->data, buffer, length);
708 return 0;
709 }
710 /* END encountered - process what we have */
711 buf = get_membuf (parm->data, &len);
712 if (!buf)
713 {
714 parm->error = gpg_error (GPG_ERR_ENOMEM);
715 return 0;
716 }
717
718 if (gpgsm_status (parm->ctrl, STATUS_PROGRESS, "learncard C 0 0"))
719 return gpg_error (GPG_ERR_ASS_CANCELED);
720
721 /* FIXME: this should go into import.c */
722 rc = ksba_cert_new (&cert);
723 if (rc)
724 {
725 parm->error = rc;
726 return 0;
727 }
728 rc = ksba_cert_init_from_mem (cert, buf, len);
729 if (rc)
730 {
731 log_error ("failed to parse a certificate: %s\n", gpg_strerror (rc));
732 ksba_cert_release (cert);
733 parm->error = rc;
734 return 0;
735 }
736
737 rc = gpgsm_basic_cert_check (parm->ctrl, cert);
738 if (gpg_err_code (rc) == GPG_ERR_MISSING_CERT)
739 { /* For later use we store it in the ephemeral database. */
740 log_info ("issuer certificate missing - storing as ephemeral\n");
741 keydb_store_cert (cert, 1, NULL);
742 }
743 else if (rc)
744 log_error ("invalid certificate: %s\n", gpg_strerror (rc));
745 else
746 {
747 int existed;
748
749 if (!keydb_store_cert (cert, 0, &existed))
750 {
751 if (opt.verbose > 1 && existed)
752 log_info ("certificate already in DB\n");
753 else if (opt.verbose && !existed)
754 log_info ("certificate imported\n");
755 }
756 }
757
758 ksba_cert_release (cert);
759 init_membuf (parm->data, 4096);
760 return 0;
761 }
762
763 /* Call the agent to learn about a smartcard */
764 int
765 gpgsm_agent_learn (ctrl_t ctrl)
766 {
767 int rc;
768 struct learn_parm_s learn_parm;
769 membuf_t data;
770 size_t len;
771
772 rc = start_agent (ctrl);
773 if (rc)
774 return rc;
775
776 init_membuf (&data, 4096);
777 learn_parm.error = 0;
778 learn_parm.ctrl = ctrl;
779 learn_parm.ctx = agent_ctx;
780 learn_parm.data = &data;
781 rc = assuan_transact (agent_ctx, "LEARN --send",
782 learn_cb, &learn_parm,
783 NULL, NULL,
784 learn_status_cb, &learn_parm);
785 xfree (get_membuf (&data, &len));
786 if (rc)
787 return rc;
788 return learn_parm.error;
789 }
790
791 \f
792 /* Ask the agent to change the passphrase of the key identified by
793 HEXKEYGRIP. If DESC is not NULL, display instead of the default
794 description message. */
795 int
796 gpgsm_agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc)
797 {
798 int rc;
799 char line[ASSUAN_LINELENGTH];
800
801 rc = start_agent (ctrl);
802 if (rc)
803 return rc;
804
805 if (!hexkeygrip || strlen (hexkeygrip) != 40)
806 return gpg_error (GPG_ERR_INV_VALUE);
807
808 if (desc)
809 {
810 snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
811 line[DIM(line)-1] = 0;
812 rc = assuan_transact (agent_ctx, line,
813 NULL, NULL, NULL, NULL, NULL, NULL);
814 if (rc)
815 return rc;
816 }
817
818 snprintf (line, DIM(line)-1, "PASSWD %s", hexkeygrip);
819 line[DIM(line)-1] = 0;
820
821 rc = assuan_transact (agent_ctx, line, NULL, NULL,
822 default_inq_cb, ctrl, NULL, NULL);
823 return rc;
824 }
825
826
827 \f
828 /* Ask the agent to pop up a confirmation dialog with the text DESC
829 and an okay and cancel button. */
830 gpg_error_t
831 gpgsm_agent_get_confirmation (ctrl_t ctrl, const char *desc)
832 {
833 int rc;
834 char line[ASSUAN_LINELENGTH];
835
836 rc = start_agent (ctrl);
837 if (rc)
838 return rc;
839
840 snprintf (line, DIM(line)-1, "GET_CONFIRMATION %s", desc);
841 line[DIM(line)-1] = 0;
842
843 rc = assuan_transact (agent_ctx, line, NULL, NULL,
844 default_inq_cb, ctrl, NULL, NULL);
845 return rc;
846 }
847
848
849 \f
850 /* Return 0 if the agent is alive. This is useful to make sure that
851 an agent has been started. */
852 gpg_error_t
853 gpgsm_agent_send_nop (ctrl_t ctrl)
854 {
855 int rc;
856
857 rc = start_agent (ctrl);
858 if (!rc)
859 rc = assuan_transact (agent_ctx, "NOP",
860 NULL, NULL, NULL, NULL, NULL, NULL);
861 return rc;
862 }
863
864
865 \f
866 static int
867 keyinfo_status_cb (void *opaque, const char *line)
868 {
869 char **serialno = opaque;
870 const char *s, *s2;
871
872 if (!strncmp (line, "KEYINFO ", 8) && !*serialno)
873 {
874 s = strchr (line+8, ' ');
875 if (s && s[1] == 'T' && s[2] == ' ' && s[3])
876 {
877 s += 3;
878 s2 = strchr (s, ' ');
879 if ( s2 > s )
880 {
881 *serialno = xtrymalloc ((s2 - s)+1);
882 if (*serialno)
883 {
884 memcpy (*serialno, s, s2 - s);
885 (*serialno)[s2 - s] = 0;
886 }
887 }
888 }
889 }
890 return 0;
891 }
892
893 /* Return the serial number for a secret key. If the returned serial
894 number is NULL, the key is not stored on a smartcard. Caller needs
895 to free R_SERIALNO. */
896 gpg_error_t
897 gpgsm_agent_keyinfo (ctrl_t ctrl, const char *hexkeygrip, char **r_serialno)
898 {
899 gpg_error_t err;
900 char line[ASSUAN_LINELENGTH];
901 char *serialno = NULL;
902
903 *r_serialno = NULL;
904
905 err = start_agent (ctrl);
906 if (err)
907 return err;
908
909 if (!hexkeygrip || strlen (hexkeygrip) != 40)
910 return gpg_error (GPG_ERR_INV_VALUE);
911
912 snprintf (line, DIM(line)-1, "KEYINFO %s", hexkeygrip);
913 line[DIM(line)-1] = 0;
914
915 err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL,
916 keyinfo_status_cb, &serialno);
917 if (!err && serialno)
918 {
919 /* Sanity check for bad characters. */
920 if (strpbrk (serialno, ":\n\r"))
921 err = GPG_ERR_INV_VALUE;
922 }
923 if (err)
924 xfree (serialno);
925 else
926 *r_serialno = serialno;
927 return err;
928 }
929
gnupg svn clone