| blob | b6c61aa0ee8b6d165c947cc560595b2270717c46 |
1 /* call-agent.c - Divert GPG operations to the agent.
2 * Copyright (C) 2001, 2002, 2003, 2006, 2007,
3 * 2008 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <errno.h>
26 #include <unistd.h>
27 #include <time.h>
28 #include <assert.h>
29 #ifdef HAVE_LOCALE_H
30 #include <locale.h>
31 #endif
32 #include <assuan.h>
43 #ifndef DBG_ASSUAN
44 # define DBG_ASSUAN 1
45 #endif
49 struct cipher_parm_s
50 {
51 assuan_context_t ctx;
54 };
56 struct writecert_parm_s
57 {
58 assuan_context_t ctx;
61 };
63 struct writekey_parm_s
64 {
65 assuan_context_t ctx;
68 };
70 struct genkey_parm_s
71 {
72 assuan_context_t ctx;
75 };
78 \f
79 /* Try to connect to the agent via socket or fork it off and work by
80 pipes. Handle the server's initial greeting */
81 static int
83 {
88 the access to the agent. */
91 GPG_ERR_SOURCE_DEFAULT,
100 {
101 /* Tell the agent that we support Pinentry notifications. No
102 error checking so that it will work also with older
103 agents. */
106 }
109 }
112 /* Return a new malloced string by unescaping the string S. Escaping
113 is percent escaping and '+'/space mapping. A binary nul will
114 silently be replaced by a 0xFF. Function returns NULL to indicate
115 an out of memory status. */
118 {
125 {
127 {
128 s++;
132 d++;
134 }
136 {
138 s++;
139 }
140 else
142 }
145 }
148 /* Take a 20 byte hexencoded string and put it into the the provided
149 20 byte buffer FPR in binary format. */
150 static int
152 {
157 ;
164 }
166 /* Take the serial number from LINE and return it verbatim in a newly
167 allocated string. We make sure that only hex characters are
168 returned. */
171 {
176 ;
179 {
182 }
184 }
187 \f
188 /* This is a dummy data line callback. */
189 static int
191 {
196 }
199 /* This is the default inquiry callback. It mainly handles the
200 Pinentry notifications. */
201 static int
203 {
207 {
208 /* There is no working server mode yet thus we use
209 AllowSetForegroundWindow window right here. We might want to
210 do this anyway in case gpg is called on the console. */
212 /* We do not pass errors to avoid breaking other code. */
213 }
214 else
218 }
222 /* Release the card info structure INFO. */
223 void
225 {
237 }
239 static int
241 {
248 ;
250 line++;
253 {
258 }
260 {
263 }
265 {
268 }
270 {
273 }
275 {
277 }
279 {
282 }
284 {
287 }
289 {
291 }
293 {
298 {
300 p++;
303 p++;
305 p++;
307 {
310 p++;
312 p++;
313 }
315 {
318 p++;
320 p++;
321 }
323 }
324 }
326 {
329 line++;
331 line++;
338 }
340 {
343 line++;
345 line++;
352 }
355 }
357 /* Call the agent to learn about a smartcard */
358 int
360 {
373 }
375 /* Call the agent to retrieve a data object. This function returns
376 the data in the same structure as used by the learn command. It is
377 allowed to update such a structure using this commmand. */
378 int
380 {
387 /* We assume that NAME does not need escaping. */
400 }
402 \f
403 /* Send an setattr command to the SCdaemon. SERIALNO is not actually
404 used here but required by gpg 1.4's implementation of this code in
405 cardglue.c. */
406 int
410 {
420 /* We assume that NAME does not need escaping. */
427 {
431 {
434 }
437 else
439 }
449 }
452 \f
453 /* Handle a CERTDATA inquiry. Note, we only send the data,
454 assuan_transact takes care of flushing and writing the END
455 command. */
456 static int
458 {
463 {
465 }
466 else
470 }
473 /* Send a WRITECERT command to the SCdaemon. */
474 int
477 {
498 }
502 \f
503 /* Handle a KEYDATA inquiry. Note, we only send the data,
504 assuan_transact takes care of flushing and writing the end */
505 static int
507 {
512 {
514 }
515 else
519 }
522 /* Send a WRITEKEY command to the SCdaemon. */
523 int
526 {
549 }
553 \f
554 /* Status callback for the SCD GENKEY command. */
555 static int
557 {
561 gpg_error_t rc;
565 ;
567 line++;
570 {
572 }
574 {
575 gcry_mpi_t a;
579 line++;
581 line++;
590 else
591 {
594 }
595 }
597 {
599 }
602 }
604 /* Send a GENKEY command to the SCdaemon. SERIALNO is not used in
605 this implementation. If CREATEDATE has been given, it will be
606 passed to SCDAEMON so that the key can be created with this
607 timestamp; note the user needs to use the returned timestamp as old
608 versions of scddaemon don't support this option. */
609 int
612 {
615 gnupg_isotime_t tbuf;
625 else
632 keyno);
641 }
643 \f
644 static int
646 {
652 }
654 /* Send a sign command to the scdaemon via gpg-agent's pass thru
655 mechanism. */
656 int
660 {
663 membuf_t data;
666 /* Note, hashalgo is not yet used but hardwired to SHA1 in SCdaemon. */
678 /* Send the serialno command to initialize the connection. We don't
679 care about the data returned. If the card has already been
680 initialized, this is a very fast command. We request the openpgp
681 card because that is waht we expect. */
696 #if 0
699 else
700 #endif
703 serialno);
708 {
711 }
715 }
718 /* Decrypt INDATA of length INDATALEN using the card identified by
719 SERIALNO. Return the plaintext in a nwly allocated buffer stored
720 at the address of R_BUF.
722 Note, we currently support only RSA or more exactly algorithms
723 taking one input data element. */
724 int
728 {
731 membuf_t data;
739 /* FIXME: use secure memory where appropriate */
743 /* Send the serialno command to initialize the connection. We don't
744 care about the data returned. If the card has already been
745 initialized, this is a very fast command. We request the openpgp
746 card because that is waht we expect. */
767 {
770 }
776 }
779 /* Change the PIN of an OpenPGP card or reset the retry counter.
780 CHVNO 1: Change the PIN
781 2: For v1 cards: Same as 1.
782 For v2 cards: Reset the PIN using the Reset Code.
783 3: Change the admin PIN
784 101: Set a new PIN and reset the retry counter
785 102: For v1 cars: Same as 101.
786 For v2 cards: Set a new Reset Code.
787 SERIALNO is not used.
788 */
789 int
791 {
811 }
814 /* Perform a CHECKPIN operation. SERIALNO should be the serial
815 number of the card - optionally followed by the fingerprint;
816 however the fingerprint is ignored here. */
817 int
819 {
832 }
835 /* Dummy function, only used by the gpg 1.4 implementation. */
836 void
838 {
840 }
844 \f
845 /* Note: All strings shall be UTF-8. On success the caller needs to
846 free the string stored at R_PASSPHRASE. On error NULL will be
847 stored at R_PASSPHRASE and an appropriate fpf error code
848 returned. */
849 gpg_error_t
856 {
863 membuf_t data;
871 /* Check that the gpg-agent understands the repeat option. */
892 repeat,
910 else
911 {
916 }
918 no_mem:
925 }
928 gpg_error_t
930 {
945 }