| blob | 444048a47fbad995df2c96e2bd998654a7cbfae5 |
1 /* call-agent.c - Divert GPG operations to the agent.
2 * Copyright (C) 2001, 2002, 2003, 2006, 2007,
3 * 2008 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <errno.h>
26 #include <unistd.h>
27 #include <time.h>
28 #include <assert.h>
29 #ifdef HAVE_LOCALE_H
30 #include <locale.h>
31 #endif
32 #include <assuan.h>
43 #ifndef DBG_ASSUAN
44 # define DBG_ASSUAN 1
45 #endif
49 struct cipher_parm_s
50 {
51 assuan_context_t ctx;
54 };
56 struct writecert_parm_s
57 {
58 assuan_context_t ctx;
61 };
63 struct writekey_parm_s
64 {
65 assuan_context_t ctx;
68 };
70 struct genkey_parm_s
71 {
72 assuan_context_t ctx;
75 };
78 \f
79 /* Try to connect to the agent via socket or fork it off and work by
80 pipes. Handle the server's initial greeting */
81 static int
83 {
88 the access to the agent. */
91 GPG_ERR_SOURCE_DEFAULT,
100 {
101 /* Tell the agent that we support Pinentry notifications. No
102 error checking so that it will work also with older
103 agents. */
106 }
109 }
112 /* Return a new malloced string by unescaping the string S. Escaping
113 is percent escaping and '+'/space mapping. A binary nul will
114 silently be replaced by a 0xFF. Function returns NULL to indicate
115 an out of memory status. */
118 {
120 }
123 /* Take a 20 byte hexencoded string and put it into the the provided
124 20 byte buffer FPR in binary format. */
125 static int
127 {
132 ;
139 }
141 /* Take the serial number from LINE and return it verbatim in a newly
142 allocated string. We make sure that only hex characters are
143 returned. */
146 {
151 ;
154 {
157 }
159 }
162 \f
163 /* This is a dummy data line callback. */
164 static int
166 {
171 }
174 /* This is the default inquiry callback. It mainly handles the
175 Pinentry notifications. */
176 static int
178 {
182 {
183 /* There is no working server mode yet thus we use
184 AllowSetForegroundWindow window right here. We might want to
185 do this anyway in case gpg is called on the console. */
187 /* We do not pass errors to avoid breaking other code. */
188 }
189 else
193 }
197 /* Release the card info structure INFO. */
198 void
200 {
212 }
214 static int
216 {
223 ;
225 line++;
228 {
233 }
235 {
238 }
240 {
243 }
245 {
248 }
250 {
252 }
254 {
257 }
259 {
262 }
264 {
266 }
268 {
273 {
275 p++;
278 p++;
280 p++;
282 {
285 p++;
287 p++;
288 }
290 {
293 p++;
295 p++;
296 }
298 }
299 }
301 {
304 line++;
306 line++;
313 }
315 {
318 line++;
320 line++;
327 }
330 }
332 /* Call the agent to learn about a smartcard */
333 int
335 {
348 }
350 /* Call the agent to retrieve a data object. This function returns
351 the data in the same structure as used by the learn command. It is
352 allowed to update such a structure using this commmand. */
353 int
355 {
362 /* We assume that NAME does not need escaping. */
375 }
377 \f
378 /* Send an setattr command to the SCdaemon. SERIALNO is not actually
379 used here but required by gpg 1.4's implementation of this code in
380 cardglue.c. */
381 int
385 {
395 /* We assume that NAME does not need escaping. */
402 {
406 {
409 }
412 else
414 }
424 }
427 \f
428 /* Handle a CERTDATA inquiry. Note, we only send the data,
429 assuan_transact takes care of flushing and writing the END
430 command. */
431 static int
433 {
438 {
440 }
441 else
445 }
448 /* Send a WRITECERT command to the SCdaemon. */
449 int
452 {
473 }
477 \f
478 /* Handle a KEYDATA inquiry. Note, we only send the data,
479 assuan_transact takes care of flushing and writing the end */
480 static int
482 {
487 {
489 }
490 else
494 }
497 /* Send a WRITEKEY command to the SCdaemon. */
498 int
501 {
524 }
528 \f
529 /* Status callback for the SCD GENKEY command. */
530 static int
532 {
536 gpg_error_t rc;
540 ;
542 line++;
545 {
547 }
549 {
550 gcry_mpi_t a;
554 line++;
556 line++;
565 else
566 {
569 }
570 }
572 {
574 }
577 }
579 /* Send a GENKEY command to the SCdaemon. SERIALNO is not used in
580 this implementation. If CREATEDATE has been given, it will be
581 passed to SCDAEMON so that the key can be created with this
582 timestamp; note the user needs to use the returned timestamp as old
583 versions of scddaemon don't support this option. */
584 int
587 {
590 gnupg_isotime_t tbuf;
600 else
607 keyno);
616 }
618 \f
619 static int
621 {
627 }
629 /* Send a sign command to the scdaemon via gpg-agent's pass thru
630 mechanism. */
631 int
635 {
638 membuf_t data;
641 /* Note, hashalgo is not yet used but hardwired to SHA1 in SCdaemon. */
653 /* Send the serialno command to initialize the connection. We don't
654 care about the data returned. If the card has already been
655 initialized, this is a very fast command. We request the openpgp
656 card because that is waht we expect. */
671 #if 0
674 else
675 #endif
678 serialno);
683 {
686 }
690 }
693 /* Decrypt INDATA of length INDATALEN using the card identified by
694 SERIALNO. Return the plaintext in a nwly allocated buffer stored
695 at the address of R_BUF.
697 Note, we currently support only RSA or more exactly algorithms
698 taking one input data element. */
699 int
703 {
706 membuf_t data;
714 /* FIXME: use secure memory where appropriate */
718 /* Send the serialno command to initialize the connection. We don't
719 care about the data returned. If the card has already been
720 initialized, this is a very fast command. We request the openpgp
721 card because that is waht we expect. */
742 {
745 }
751 }
754 /* Change the PIN of an OpenPGP card or reset the retry counter.
755 CHVNO 1: Change the PIN
756 2: For v1 cards: Same as 1.
757 For v2 cards: Reset the PIN using the Reset Code.
758 3: Change the admin PIN
759 101: Set a new PIN and reset the retry counter
760 102: For v1 cars: Same as 101.
761 For v2 cards: Set a new Reset Code.
762 SERIALNO is not used.
763 */
764 int
766 {
786 }
789 /* Perform a CHECKPIN operation. SERIALNO should be the serial
790 number of the card - optionally followed by the fingerprint;
791 however the fingerprint is ignored here. */
792 int
794 {
807 }
810 /* Dummy function, only used by the gpg 1.4 implementation. */
811 void
813 {
815 }
819 \f
820 /* Note: All strings shall be UTF-8. On success the caller needs to
821 free the string stored at R_PASSPHRASE. On error NULL will be
822 stored at R_PASSPHRASE and an appropriate fpf error code
823 returned. */
824 gpg_error_t
831 {
838 membuf_t data;
846 /* Check that the gpg-agent understands the repeat option. */
867 repeat,
885 else
886 {
891 }
893 no_mem:
900 }
903 gpg_error_t
905 {
920 }