search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add server option with-ephemeral-keys.
[gnupg.git] / sm / gpgsm.h
blob0b16e51c291b97e44072fb992e5bf3a83e8f7d1d
1 /* gpgsm.h - Global definitions for GpgSM
2 * Copyright (C) 2001, 2003, 2004, 2007 Free Software Foundation, Inc.
3 *
4 * This file is part of GnuPG.
5 *
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #ifndef GPGSM_H
21 #define GPGSM_H
22
23 #ifdef GPG_ERR_SOURCE_DEFAULT
24 #error GPG_ERR_SOURCE_DEFAULT already defined
25 #endif
26 #define GPG_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_GPGSM
27 #include <gpg-error.h>
28
29
30 #include <ksba.h>
31 #include "../common/util.h"
32 #include "../common/status.h"
33 #include "../common/estream.h"
34 #include "../common/audit.h"
35
36 #define MAX_DIGEST_LEN 24
37
38 struct keyserver_spec
39 {
40 struct keyserver_spec *next;
41
42 char *host;
43 int port;
44 char *user;
45 char *pass;
46 char *base;
47 };
48
49
50 /* A large struct named "opt" to keep global flags. */
51 struct
52 {
53 unsigned int debug; /* debug flags (DBG_foo_VALUE) */
54 int verbose; /* verbosity level */
55 int quiet; /* be as quiet as possible */
56 int batch; /* run in batch mode, i.e w/o any user interaction */
57 int answer_yes; /* assume yes on most questions */
58 int answer_no; /* assume no on most questions */
59 int dry_run; /* don't change any persistent data */
60
61 const char *homedir; /* Configuration directory name */
62 const char *config_filename; /* Name of the used config file. */
63 const char *agent_program;
64 char *display;
65 char *ttyname;
66 char *ttytype;
67 char *lc_ctype;
68 char *lc_messages;
69 char *xauthority;
70 char *pinentry_user_data;
71
72 const char *dirmngr_program;
73 int prefer_system_dirmngr; /* Prefer using a system wide drimngr. */
74 int disable_dirmngr; /* Do not do any dirmngr calls. */
75 const char *protect_tool_program;
76 char *outfile; /* name of output file */
77
78 int with_key_data;/* include raw key in the column delimted output */
79
80 int fingerprint; /* list fingerprints in all key listings */
81
82 int with_md5_fingerprint; /* Also print an MD5 fingerprint for
83 standard key listings. */
84
85 int armor; /* force base64 armoring (see also ctrl.with_base64) */
86 int no_armor; /* don't try to figure out whether data is base64 armored*/
87
88 const char *p12_charset; /* Use this charset for encoding the
89 pkcs#12 passphrase. */
90
91
92 const char *def_cipher_algoid; /* cipher algorithm to use if
93 nothing else is specified */
94
95 int def_digest_algo; /* Ditto for hash algorithm */
96 int def_compress_algo; /* Ditto for compress algorithm */
97
98 char *def_recipient; /* userID of the default recipient */
99 int def_recipient_self; /* The default recipient is the default key */
100
101 int no_encrypt_to; /* Ignore all as encrypt to marked recipients. */
102
103 char *local_user; /* NULL or argument to -u */
104
105 int extra_digest_algo; /* A digest algorithm also used for
106 verification of signatures. */
107
108 int always_trust; /* Trust the given keys even if there is no
109 valid certification chain */
110 int skip_verify; /* do not check signatures on data */
111
112 int lock_once; /* Keep lock once they are set */
113
114 int ignore_time_conflict; /* Ignore certain time conflicts */
115
116 int no_crl_check; /* Don't do a CRL check */
117 int no_trusted_cert_crl_check; /* Don't run a CRL check for trusted certs. */
118 int force_crl_refresh; /* Force refreshing the CRL. */
119 int enable_ocsp; /* Default to use OCSP checks. */
120
121 char *policy_file; /* full pathname of policy file */
122 int no_policy_check; /* ignore certificate policies */
123 int no_chain_validation; /* Bypass all cert chain validity tests */
124 int ignore_expiration; /* Ignore the notAfter validity checks. */
125 char *fixed_passphrase; /* Passphrase used by regression tests. */
126
127 int auto_issuer_key_retrieve; /* try to retrieve a missing issuer key. */
128
129 int qualsig_approval; /* Set to true if this software has
130 officially been approved to create an
131 verify qualified signatures. This is a
132 runtime option in case we want to check
133 the integrity of the software at
134 runtime. */
135
136 struct keyserver_spec *keyserver;
137 } opt;
138
139
140 /* Debug values and macros. */
141 #define DBG_X509_VALUE 1 /* debug x.509 data reading/writing */
142 #define DBG_MPI_VALUE 2 /* debug mpi details */
143 #define DBG_CRYPTO_VALUE 4 /* debug low level crypto */
144 #define DBG_MEMORY_VALUE 32 /* debug memory allocation stuff */
145 #define DBG_CACHE_VALUE 64 /* debug the caching */
146 #define DBG_MEMSTAT_VALUE 128 /* show memory statistics */
147 #define DBG_HASHING_VALUE 512 /* debug hashing operations */
148 #define DBG_ASSUAN_VALUE 1024 /* debug assuan communication */
149
150 #define DBG_X509 (opt.debug & DBG_X509_VALUE)
151 #define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE)
152 #define DBG_MEMORY (opt.debug & DBG_MEMORY_VALUE)
153 #define DBG_CACHE (opt.debug & DBG_CACHE_VALUE)
154 #define DBG_HASHING (opt.debug & DBG_HASHING_VALUE)
155 #define DBG_ASSUAN (opt.debug & DBG_ASSUAN_VALUE)
156
157 /* Forward declaration for an object defined in server.c */
158 struct server_local_s;
159
160 /* Session control object. This object is passed down to most
161 functions. Note that the default values for it are set by
162 gpgsm_init_default_ctrl(). */
163 struct server_control_s
164 {
165 int no_server; /* We are not running under server control */
166 int status_fd; /* Only for non-server mode */
167 struct server_local_s *server_local;
168
169 audit_ctx_t audit; /* NULL or a context for the audit subsystem. */
170 int agent_seen; /* Flag indicating that the gpg-agent has been
171 accessed. */
172
173 int with_colons; /* Use column delimited output format */
174 int with_chain; /* Include the certifying certs in a listing */
175 int with_validation;/* Validate each key while listing. */
176 int with_ephemeral_keys; /* Include ephemeral flagged keys in the
177 keylisting. */
178
179 int autodetect_encoding; /* Try to detect the input encoding */
180 int is_pem; /* Is in PEM format */
181 int is_base64; /* is in plain base-64 format */
182
183 int create_base64; /* Create base64 encoded output */
184 int create_pem; /* create PEM output */
185 const char *pem_name; /* PEM name to use */
186
187 int include_certs; /* -1 to send all certificates in the chain
188 along with a signature or the number of
189 certificates up the chain (0 = none, 1 = only
190 signer) */
191 int use_ocsp; /* Set to true if OCSP should be used. */
192 int validation_model; /* Set to 1 for the chain model. */
193 };
194
195
196 /* Data structure used in base64.c. */
197 typedef struct base64_context_s *Base64Context;
198
199
200 /* An object to keep a list of certificates. */
201 struct certlist_s
202 {
203 struct certlist_s *next;
204 ksba_cert_t cert;
205 int is_encrypt_to; /* True if the certificate has been set through
206 the --encrypto-to option. */
207 int hash_algo; /* Used to track the hash algorithm to use. */
208 const char *hash_algo_oid; /* And the corresponding OID. */
209 };
210 typedef struct certlist_s *certlist_t;
211
212
213 /* A structure carrying information about trusted root certificates. */
214 struct rootca_flags_s
215 {
216 unsigned int valid:1; /* The rest of the structure has valid
217 information. */
218 unsigned int relax:1; /* Relax checking of root certificates. */
219 unsigned int chain_model:1; /* Root requires the use of the chain model. */
220 };
221
222
223 \f
224 /*-- gpgsm.c --*/
225 void gpgsm_exit (int rc);
226 void gpgsm_init_default_ctrl (struct server_control_s *ctrl);
227 int gpgsm_parse_validation_model (const char *model);
228
229 /*-- server.c --*/
230 void gpgsm_server (certlist_t default_recplist);
231 gpg_error_t gpgsm_status (ctrl_t ctrl, int no, const char *text);
232 gpg_error_t gpgsm_status2 (ctrl_t ctrl, int no, ...);
233 gpg_error_t gpgsm_status_with_err_code (ctrl_t ctrl, int no, const char *text,
234 gpg_err_code_t ec);
235 gpg_error_t gpgsm_proxy_pinentry_notify (ctrl_t ctrl,
236 const unsigned char *line);
237
238 /*-- fingerprint --*/
239 unsigned char *gpgsm_get_fingerprint (ksba_cert_t cert, int algo,
240 unsigned char *array, int *r_len);
241 char *gpgsm_get_fingerprint_string (ksba_cert_t cert, int algo);
242 char *gpgsm_get_fingerprint_hexstring (ksba_cert_t cert, int algo);
243 unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert);
244 unsigned char *gpgsm_get_keygrip (ksba_cert_t cert, unsigned char *array);
245 char *gpgsm_get_keygrip_hexstring (ksba_cert_t cert);
246 int gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits);
247 char *gpgsm_get_certid (ksba_cert_t cert);
248
249
250 /*-- base64.c --*/
251 int gpgsm_create_reader (Base64Context *ctx,
252 ctrl_t ctrl, FILE *fp, int allow_multi_pem,
253 ksba_reader_t *r_reader);
254 int gpgsm_reader_eof_seen (Base64Context ctx);
255 void gpgsm_destroy_reader (Base64Context ctx);
256 int gpgsm_create_writer (Base64Context *ctx,
257 ctrl_t ctrl, FILE *fp, estream_t stream,
258 ksba_writer_t *r_writer);
259 int gpgsm_finish_writer (Base64Context ctx);
260 void gpgsm_destroy_writer (Base64Context ctx);
261
262
263 /*-- certdump.c --*/
264 void gpgsm_print_serial (estream_t fp, ksba_const_sexp_t p);
265 void gpgsm_print_time (estream_t fp, ksba_isotime_t t);
266 void gpgsm_print_name2 (FILE *fp, const char *string, int translate);
267 void gpgsm_print_name (FILE *fp, const char *string);
268 void gpgsm_es_print_name (estream_t fp, const char *string);
269 void gpgsm_es_print_name2 (estream_t fp, const char *string, int translate);
270
271 void gpgsm_cert_log_name (const char *text, ksba_cert_t cert);
272
273 void gpgsm_dump_cert (const char *text, ksba_cert_t cert);
274 void gpgsm_dump_serial (ksba_const_sexp_t p);
275 void gpgsm_dump_time (ksba_isotime_t t);
276 void gpgsm_dump_string (const char *string);
277
278 char *gpgsm_format_serial (ksba_const_sexp_t p);
279 char *gpgsm_format_name2 (const char *name, int translate);
280 char *gpgsm_format_name (const char *name);
281 char *gpgsm_format_sn_issuer (ksba_sexp_t sn, const char *issuer);
282
283 char *gpgsm_fpr_and_name_for_status (ksba_cert_t cert);
284
285 char *gpgsm_format_keydesc (ksba_cert_t cert);
286
287
288 /*-- certcheck.c --*/
289 int gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert);
290 int gpgsm_check_cms_signature (ksba_cert_t cert, ksba_const_sexp_t sigval,
291 gcry_md_hd_t md, int hash_algo, int *r_pkalgo);
292 /* fixme: move create functions to another file */
293 int gpgsm_create_cms_signature (ctrl_t ctrl,
294 ksba_cert_t cert, gcry_md_hd_t md, int mdalgo,
295 unsigned char **r_sigval);
296
297
298 /*-- certchain.c --*/
299
300 /* Flags used with gpgsm_validate_chain. */
301 #define VALIDATE_FLAG_NO_DIRMNGR 1
302 #define VALIDATE_FLAG_CHAIN_MODEL 2
303
304
305 int gpgsm_walk_cert_chain (ctrl_t ctrl,
306 ksba_cert_t start, ksba_cert_t *r_next);
307 int gpgsm_is_root_cert (ksba_cert_t cert);
308 int gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert,
309 ksba_isotime_t checktime,
310 ksba_isotime_t r_exptime,
311 int listmode, estream_t listfp,
312 unsigned int flags, unsigned int *retflags);
313 int gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert);
314
315 /*-- certlist.c --*/
316 int gpgsm_cert_use_sign_p (ksba_cert_t cert);
317 int gpgsm_cert_use_encrypt_p (ksba_cert_t cert);
318 int gpgsm_cert_use_verify_p (ksba_cert_t cert);
319 int gpgsm_cert_use_decrypt_p (ksba_cert_t cert);
320 int gpgsm_cert_use_cert_p (ksba_cert_t cert);
321 int gpgsm_cert_use_ocsp_p (ksba_cert_t cert);
322 int gpgsm_certs_identical_p (ksba_cert_t cert_a, ksba_cert_t cert_b);
323 int gpgsm_add_cert_to_certlist (ctrl_t ctrl, ksba_cert_t cert,
324 certlist_t *listaddr, int is_encrypt_to);
325 int gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
326 certlist_t *listaddr, int is_encrypt_to);
327 void gpgsm_release_certlist (certlist_t list);
328 int gpgsm_find_cert (const char *name, ksba_sexp_t keyid, ksba_cert_t *r_cert);
329
330 /*-- keylist.c --*/
331 gpg_error_t gpgsm_list_keys (ctrl_t ctrl, strlist_t names,
332 estream_t fp, unsigned int mode);
333
334 /*-- import.c --*/
335 int gpgsm_import (ctrl_t ctrl, int in_fd);
336 int gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files,
337 int (*of)(const char *fname));
338
339 /*-- export.c --*/
340 void gpgsm_export (ctrl_t ctrl, strlist_t names, FILE *fp, estream_t stream);
341 void gpgsm_p12_export (ctrl_t ctrl, const char *name, FILE *fp);
342
343 /*-- delete.c --*/
344 int gpgsm_delete (ctrl_t ctrl, strlist_t names);
345
346 /*-- verify.c --*/
347 int gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp);
348
349 /*-- sign.c --*/
350 int gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert);
351 int gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
352 int data_fd, int detached, FILE *out_fp);
353
354 /*-- encrypt.c --*/
355 int gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int in_fd, FILE *out_fp);
356
357 /*-- decrypt.c --*/
358 int gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp);
359
360 /*-- certreqgen.c --*/
361 int gpgsm_genkey (ctrl_t ctrl, estream_t in_stream, FILE *out_fp);
362
363 /*-- certreqgen-ui.c --*/
364 void gpgsm_gencertreq_tty (ctrl_t ctrl, FILE *out_fp);
365
366
367 /*-- qualified.c --*/
368 gpg_error_t gpgsm_is_in_qualified_list (ctrl_t ctrl, ksba_cert_t cert,
369 char *country);
370 gpg_error_t gpgsm_qualified_consent (ctrl_t ctrl, ksba_cert_t cert);
371 gpg_error_t gpgsm_not_qualified_warning (ctrl_t ctrl, ksba_cert_t cert);
372
373 /*-- call-agent.c --*/
374 int gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
375 unsigned char *digest,
376 size_t digestlen,
377 int digestalgo,
378 unsigned char **r_buf, size_t *r_buflen);
379 int gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
380 unsigned char *digest, size_t digestlen, int digestalgo,
381 unsigned char **r_buf, size_t *r_buflen);
382 int gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
383 ksba_const_sexp_t ciphertext,
384 char **r_buf, size_t *r_buflen);
385 int gpgsm_agent_genkey (ctrl_t ctrl,
386 ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey);
387 int gpgsm_agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
388 ksba_sexp_t *r_pubkey);
389 int gpgsm_agent_istrusted (ctrl_t ctrl, ksba_cert_t cert, const char *hexfpr,
390 struct rootca_flags_s *rootca_flags);
391 int gpgsm_agent_havekey (ctrl_t ctrl, const char *hexkeygrip);
392 int gpgsm_agent_marktrusted (ctrl_t ctrl, ksba_cert_t cert);
393 int gpgsm_agent_learn (ctrl_t ctrl);
394 int gpgsm_agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc);
395 gpg_error_t gpgsm_agent_get_confirmation (ctrl_t ctrl, const char *desc);
396 gpg_error_t gpgsm_agent_send_nop (ctrl_t ctrl);
397 gpg_error_t gpgsm_agent_keyinfo (ctrl_t ctrl, const char *hexkeygrip,
398 char **r_serialno);
399
400 /*-- call-dirmngr.c --*/
401 int gpgsm_dirmngr_isvalid (ctrl_t ctrl,
402 ksba_cert_t cert, ksba_cert_t issuer_cert,
403 int use_ocsp);
404 int gpgsm_dirmngr_lookup (ctrl_t ctrl, strlist_t names, int cache_only,
405 void (*cb)(void*, ksba_cert_t), void *cb_value);
406 int gpgsm_dirmngr_run_command (ctrl_t ctrl, const char *command,
407 int argc, char **argv);
408
409
410 /*-- misc.c --*/
411 void setup_pinentry_env (void);
412
413
414
415 #endif /*GPGSM_H*/
gnupg svn clone