| blob | a23c4a54631e7d17d3d4c045cccdb5a4840a7391 |
1 /* app.c - Application selection.
2 * Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
3 *
4 * This file is part of GnuPG.
5 *
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
20 #include <config.h>
21 #include <errno.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <pth.h>
33 /* This table is used to keep track of locks on a per reader base.
34 The index into the table is the slot number of the reader. The
35 mutex will be initialized on demand (one of the advantages of a
36 userland threading system). */
37 static struct
38 {
40 pth_mutex_t lock;
50 \f
51 static void
53 {
58 {
61 }
62 }
65 /* Lock the reader SLOT. This function shall be used right before
66 calling any of the actual application functions to serialize access
67 to the reader. We do this always even if the reader is not
68 actually used. This allows an actual connection to assume that it
69 never shares a reader (while performing one command). Returns 0 on
70 success; only then the unlock_reader function must be called after
71 returning from the handler. */
72 static gpg_error_t
74 {
75 gpg_error_t err;
81 {
83 {
87 }
91 }
94 {
99 }
104 }
106 /* Release a lock on the reader. See lock_reader(). */
107 static void
109 {
119 }
122 static void
124 {
125 #ifdef _W32_PTH_H
128 #else
133 else
135 #endif
136 }
139 /* This function may be called to print information pertaining to the
140 current state of this module to the log. */
141 void
143 {
148 {
152 {
156 }
158 {
162 }
164 }
165 }
167 /* Check wether the application NAME is allowed. This does not mean
168 we have support for it though. */
169 static int
171 {
172 strlist_t l;
178 }
181 /* This may be called to tell this module about a removed or resetted card. */
182 void
184 {
185 app_t app;
190 /* FIXME: We are ignoring any error value here. */
193 /* Mark application as non-reusable. */
197 /* Deallocate a saved application for that slot, so that we won't
198 try to reuse it. If there is no saved application, set a flag so
199 that we won't save the current state. */
203 {
206 }
208 }
211 /* This function is used by the serialno command to check for an
212 application conflict which may appear if the serialno command is
213 used to request a specific application and the connection has
214 already done a select_application. */
215 gpg_error_t
217 {
219 app_t app;
229 }
232 /* If called with NAME as NULL, select the best fitting application
233 and return a context; otherwise select the application with NAME
234 and return a context. SLOT identifies the reader device. Returns
235 an error code and stores NULL at R_APP if no application was found
236 or no card is present. */
237 gpg_error_t
239 {
240 gpg_error_t err;
253 /* First check whether we already have an application to share. */
257 {
263 }
265 /* Don't use a non-reusable marked application. */
267 {
273 }
275 /* If we don't have an app, check whether we have a saved
276 application for that slot. This is useful so that a card does
277 not get reset even if only one session is using the card - this
278 way the PIN cache and other cached data are preserved. */
280 {
283 {
284 /* Yes, we can reuse this application - either the caller
285 requested an unspecific one or the requested one matches
286 the saved one. */
289 }
290 else
291 {
292 /* No, this saved application can't be used - deallocate it. */
296 }
297 }
299 /* If we can reuse an application, bump the reference count and
300 return it. */
302 {
311 }
313 /* Need to allocate a new one. */
316 {
321 }
325 /* Fixme: We should now first check whether a card is at all
326 present. */
328 /* Try to read the GDO file first to get a default serial number. */
335 {
343 {
344 /* The object it does not fit into the buffer. This is an
345 invalid encoding (or the buffer is too short. However, I
346 have some test cards with such an invalid encoding and
347 therefore I use this ugly workaround to return something
348 I can further experiment with. */
350 n--;
351 }
354 {
355 /* The GDO file is pretty short, thus we simply reuse it for
356 storing the serial number. */
363 }
364 else
367 }
369 /* For certain error codes, there is no need to try more. */
374 /* Figure out the application to use. */
392 leave:
394 {
398 else
404 }
412 }
417 {
424 NULL
425 };
443 }
446 /* Deallocate the application. */
447 static void
449 {
451 {
454 }
458 }
460 /* Free the resources associated with the application APP. APP is
461 allowed to be NULL in which case this is a no-op. Note that we are
462 using reference counting to track the users of the application and
463 actually deferring the deallocation to allow for a later reuse by
464 a new connection. */
465 void
467 {
478 /* Move the reference to the application in the lock table. */
480 /* FIXME: We are ignoring any error value. */
483 {
488 }
493 {
494 /* If we shall not re-use the application we can't save it for
495 later use. */
498 }
499 else
503 }
507 /* The serial number may need some cosmetics. Do it here. This
508 function shall only be called once after a new serial number has
509 been put into APP->serialno.
511 Prefixes we use:
513 FF 00 00 = For serial numbers starting with an FF
514 FF 01 00 = Some german p15 cards return an empty serial number so the
515 serial number from the EF(TokenInfo) is used instead.
516 FF 7F 00 = No serialno.
518 All other serial number not starting with FF are used as they are.
519 */
520 gpg_error_t
522 {
524 {
525 /* The serial number starts with our special prefix. This
526 requires that we put our default prefix "FF0000" in front. */
535 }
537 {
545 }
547 }
551 /* Retrieve the serial number and the time of the last update of the
552 card. The serial number is returned as a malloced string (hex
553 encoded) in SERIAL and the time of update is returned in STAMP. If
554 no update time is available the returned value is 0. Caller must
555 free SERIAL unless the function returns an error. If STAMP is not
556 of interest, NULL may be passed. */
557 gpg_error_t
559 {
571 else
578 }
581 /* Write out the application specifig status lines for the LEARN
582 command. */
583 gpg_error_t
585 {
586 gpg_error_t err;
595 /* We do not send APPTYPE if only keypairinfo is requested. */
605 }
608 /* Read the certificate with id CERTID (as returned by learn_status in
609 the CERTINFO status lines) and return it in the freshly allocated
610 buffer put into CERT and the length of the certificate put into
611 CERTLEN. */
612 gpg_error_t
615 {
616 gpg_error_t err;
630 }
633 /* Read the key with ID KEYID. On success a canonical encoded
634 S-expression with the public key will get stored at PK and its
635 length (for assertions) at PKLEN; the caller must release that
636 buffer. On error NULL will be stored at PK and PKLEN and an error
637 code returned.
639 This function might not be supported by all applications. */
640 gpg_error_t
642 {
643 gpg_error_t err;
662 }
665 /* Perform a GETATTR operation. */
666 gpg_error_t
668 {
669 gpg_error_t err;
677 {
681 }
683 {
694 }
704 }
706 /* Perform a SETATTR operation. */
707 gpg_error_t
712 {
713 gpg_error_t err;
727 }
729 /* Create the signature and return the allocated result in OUTDATA.
730 If a PIN is required the PINCB will be used to ask for the PIN; it
731 should return the PIN in an allocated buffer and put it into PIN. */
732 gpg_error_t
738 {
739 gpg_error_t err;
758 }
760 /* Create the signature using the INTERNAL AUTHENTICATE command and
761 return the allocated result in OUTDATA. If a PIN is required the
762 PINCB will be used to ask for the PIN; it should return the PIN in
763 an allocated buffer and put it into PIN. */
764 gpg_error_t
770 {
771 gpg_error_t err;
790 }
793 /* Decrypt the data in INDATA and return the allocated result in OUTDATA.
794 If a PIN is required the PINCB will be used to ask for the PIN; it
795 should return the PIN in an allocated buffer and put it into PIN. */
796 gpg_error_t
802 {
803 gpg_error_t err;
822 }
825 /* Perform the WRITECERT operation. */
826 gpg_error_t
832 {
833 gpg_error_t err;
850 }
853 /* Perform the WRITEKEY operation. */
854 gpg_error_t
860 {
861 gpg_error_t err;
878 }
881 /* Perform a SETATTR operation. */
882 gpg_error_t
887 {
888 gpg_error_t err;
905 }
908 /* Perform a GET CHALLENGE operation. This fucntion is special as it
909 directly accesses the card without any application specific
910 wrapper. */
911 gpg_error_t
913 {
914 gpg_error_t err;
926 }
930 /* Perform a CHANGE REFERENCE DATA or RESET RETRY COUNTER operation. */
931 gpg_error_t
935 {
936 gpg_error_t err;
953 }
956 /* Perform a VERIFY operation without doing anything lese. This may
957 be used to initialze a the PIN cache for long lasting other
958 operations. Its use is highly application dependent. */
959 gpg_error_t
963 {
964 gpg_error_t err;
980 }