agent/learncard.c

   1 /* learncard.c - Handle the LEARN command
   2  *      Copyright (C) 2002, 2003, 2004 Free Software Foundation, Inc.
   3  *
   4  * This file is part of GnuPG.
   5  *
   6  * GnuPG is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation; either version 3 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * GnuPG is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with this program; if not, see <http://www.gnu.org/licenses/>.
  18  */
  19
  20 #include <config.h>
  21 #include <errno.h>
  22 #include <stdio.h>
  23 #include <stdlib.h>
  24 #include <string.h>
  25 #include <ctype.h>
  26 #include <assert.h>
  27 #include <unistd.h>
  28 #include <sys/stat.h>
  29
  30 #include "agent.h"
  31 #include <assuan.h>
  32
  33 /* Structures used by the callback mechanism to convey information
  34    pertaining to key pairs.  */
  35 struct keypair_info_s {
  36   struct keypair_info_s *next;
  37   int no_cert;
  38   char *id;          /* points into grip */
  39   char hexgrip[1];   /* The keygrip (i.e. a hash over the public key
  40                         parameters) formatted as a hex string.
  41                         Allocated somewhat large to also act as
  42                         memeory for the above ID field. */
  43 };
  44 typedef struct keypair_info_s *KEYPAIR_INFO;
  45
  46 struct kpinfo_cb_parm_s {
  47   int error;
  48   KEYPAIR_INFO info;
  49 };
  50
  51
  52
  53 /* Structures used by the callback mechanism to convey information
  54    pertaining to certificates.  */
  55 struct certinfo_s {
  56   struct certinfo_s *next;
  57   int type;
  58   int done;
  59   char id[1];
  60 };
  61 typedef struct certinfo_s *CERTINFO;
  62
  63 struct certinfo_cb_parm_s {
  64   int error;
  65   CERTINFO info;
  66 };
  67
  68
  69 /* Structures used by the callback mechanism to convey assuan status
  70    lines.  */
  71 struct sinfo_s {
  72   struct sinfo_s *next;
  73   char *data;       /* Points into keyword. */
  74   char keyword[1];
  75 };
  76 typedef struct sinfo_s *SINFO;
  77
  78 struct sinfo_cb_parm_s {
  79   int error;
  80   SINFO info;
  81 };
  82
  83
  84 /* Destructor for key information objects. */
  85 static void
  86 release_keypair_info (KEYPAIR_INFO info)
  87 {
  88   while (info)
  89     {
  90       KEYPAIR_INFO tmp = info->next;
  91       xfree (info);
  92       info = tmp;
  93     }
  94 }
  95
  96 /* Destructor for certificate information objects. */
  97 static void
  98 release_certinfo (CERTINFO info)
  99 {
 100   while (info)
 101     {
 102       CERTINFO tmp = info->next;
 103       xfree (info);
 104       info = tmp;
 105     }
 106 }
 107
 108 /* Destructor for status information objects. */
 109 static void
 110 release_sinfo (SINFO info)
 111 {
 112   while (info)
 113     {
 114       SINFO tmp = info->next;
 115       xfree (info);
 116       info = tmp;
 117     }
 118 }
 119
 120
 121
 122 /* This callback is used by agent_card_learn and passed the content of
 123    all KEYPAIRINFO lines.  It merely stores this data away */
 124 static void
 125 kpinfo_cb (void *opaque, const char *line)
 126 {
 127   struct kpinfo_cb_parm_s *parm = opaque;
 128   KEYPAIR_INFO item;
 129   char *p;
 130
 131   if (parm->error)
 132     return; /* no need to gather data after an error coccured */
 133   item = xtrycalloc (1, sizeof *item + strlen (line));
 134   if (!item)
 135     {
 136       parm->error = out_of_core ();
 137       return;
 138     }
 139   strcpy (item->hexgrip, line);
 140   for (p = item->hexgrip; hexdigitp (p); p++)
 141     ;
 142   if (p == item->hexgrip && *p == 'X' && spacep (p+1))
 143     {
 144       item->no_cert = 1;
 145       p++;
 146     }
 147   else if ((p - item->hexgrip) != 40 || !spacep (p))
 148     { /* not a 20 byte hex keygrip or not followed by a space */
 149       parm->error = gpg_error (GPG_ERR_INV_RESPONSE);
 150       xfree (item);
 151       return;
 152     }
 153   *p++ = 0;
 154   while (spacep (p))
 155     p++;
 156   item->id = p;
 157   while (*p && !spacep (p))
 158     p++;
 159   if (p == item->id)
 160     { /* invalid ID string */
 161       parm->error = gpg_error (GPG_ERR_INV_RESPONSE);
 162       xfree (item);
 163       return;
 164     }
 165   *p = 0; /* ignore trailing stuff */
 166
 167   /* store it */
 168   item->next = parm->info;
 169   parm->info = item;
 170 }
 171
 172
 173 /* This callback is used by agent_card_learn and passed the content of
 174    all CERTINFO lines.  It merely stores this data away */
 175 static void
 176 certinfo_cb (void *opaque, const char *line)
 177 {
 178   struct certinfo_cb_parm_s *parm = opaque;
 179   CERTINFO item;
 180   int type;
 181   char *p, *pend;
 182
 183   if (parm->error)
 184     return; /* no need to gather data after an error coccured */
 185
 186   type = strtol (line, &p, 10);
 187   while (spacep (p))
 188     p++;
 189   for (pend = p; *pend && !spacep (pend); pend++)
 190     ;
 191   if (p == pend || !*p)
 192     {
 193       parm->error = gpg_error (GPG_ERR_INV_RESPONSE);
 194       return;
 195     }
 196   *pend = 0; /* ignore trailing stuff */
 197
 198   item = xtrycalloc (1, sizeof *item + strlen (p));
 199   if (!item)
 200     {
 201       parm->error = out_of_core ();
 202       return;
 203     }
 204   item->type = type;
 205   strcpy (item->id, p);
 206   /* store it */
 207   item->next = parm->info;
 208   parm->info = item;
 209 }
 210
 211
 212 /* This callback is used by agent_card_learn and passed the content of
 213    all SINFO lines.  It merely stores this data away */
 214 static void
 215 sinfo_cb (void *opaque, const char *keyword, size_t keywordlen,
 216           const char *data)
 217 {
 218   struct sinfo_cb_parm_s *sparm = opaque;
 219   SINFO item;
 220
 221   if (sparm->error)
 222     return; /* no need to gather data after an error coccured */
 223
 224   item = xtrycalloc (1, sizeof *item + keywordlen + 1 + strlen (data));
 225   if (!item)
 226     {
 227       sparm->error = out_of_core ();
 228       return;
 229     }
 230   memcpy (item->keyword, keyword, keywordlen);
 231   item->data = item->keyword + keywordlen;
 232   *item->data = 0;
 233   item->data++;
 234   strcpy (item->data, data);
 235   /* store it */
 236   item->next = sparm->info;
 237   sparm->info = item;
 238 }
 239
 240
 241
 242 static int
 243 send_cert_back (ctrl_t ctrl, const char *id, void *assuan_context)
 244 {
 245   int rc;
 246   char *derbuf;
 247   size_t derbuflen;
 248
 249   rc = agent_card_readcert (ctrl, id, &derbuf, &derbuflen);
 250   if (rc)
 251     {
 252       log_error ("error reading certificate: %s\n",
 253                  gpg_strerror (rc));
 254       return rc;
 255     }
 256
 257   rc = assuan_send_data (assuan_context, derbuf, derbuflen);
 258   xfree (derbuf);
 259   if (!rc)
 260     rc = assuan_send_data (assuan_context, NULL, 0);
 261   if (!rc)
 262     rc = assuan_write_line (assuan_context, "END");
 263   if (rc)
 264     {
 265       log_error ("sending certificate failed: %s\n",
 266                  gpg_strerror (rc));
 267       return rc;
 268     }
 269   return 0;
 270 }
 271
 272 /* Perform the learn operation.  If ASSUAN_CONTEXT is not NULL all new
 273    certificates are send back via Assuan.  */
 274 int
 275 agent_handle_learn (ctrl_t ctrl, void *assuan_context)
 276 {
 277   int rc;
 278   struct kpinfo_cb_parm_s parm;
 279   struct certinfo_cb_parm_s cparm;
 280   struct sinfo_cb_parm_s sparm;
 281   char *serialno = NULL;
 282   KEYPAIR_INFO item;
 283   SINFO sitem;
 284   unsigned char grip[20];
 285   char *p;
 286   int i;
 287   static int certtype_list[] = {
 288     101, /* trusted */
 289     102, /* useful */
 290     100, /* regular */
 291     /* We don't include 110 here because gpgsm can't handle it. */
 292     -1 /* end of list */
 293   };
 294
 295
 296   memset (&parm, 0, sizeof parm);
 297   memset (&cparm, 0, sizeof cparm);
 298   memset (&sparm, 0, sizeof sparm);
 299
 300   /* Check whether a card is present and get the serial number */
 301   rc = agent_card_serialno (ctrl, &serialno);
 302   if (rc)
 303     goto leave;
 304
 305   /* Now gather all the available info. */
 306   rc = agent_card_learn (ctrl, kpinfo_cb, &parm, certinfo_cb, &cparm,
 307                          sinfo_cb, &sparm);
 308   if (!rc && (parm.error || cparm.error || sparm.error))
 309     rc = parm.error? parm.error : cparm.error? cparm.error : sparm.error;
 310   if (rc)
 311     {
 312       log_debug ("agent_card_learn failed: %s\n", gpg_strerror (rc));
 313       goto leave;
 314     }
 315
 316   log_info ("card has S/N: %s\n", serialno);
 317
 318   /* Pass on all the collected status information. */
 319   if (assuan_context)
 320     {
 321       for (sitem = sparm.info; sitem; sitem = sitem->next)
 322         {
 323           assuan_write_status (assuan_context, sitem->keyword, sitem->data);
 324         }
 325     }
 326
 327   /* Write out the certificates in a standard order. */
 328   for (i=0; certtype_list[i] != -1; i++)
 329     {
 330       CERTINFO citem;
 331       for (citem = cparm.info; citem; citem = citem->next)
 332         {
 333           if (certtype_list[i] != citem->type)
 334             continue;
 335
 336           if (opt.verbose)
 337             log_info ("          id: %s    (type=%d)\n",
 338                       citem->id, citem->type);
 339
 340           if (assuan_context)
 341             {
 342               rc = send_cert_back (ctrl, citem->id, assuan_context);
 343               if (rc)
 344                 goto leave;
 345               citem->done = 1;
 346             }
 347         }
 348     }
 349
 350   for (item = parm.info; item; item = item->next)
 351     {
 352       unsigned char *pubkey, *shdkey;
 353       size_t n;
 354
 355       if (opt.verbose)
 356         log_info ("          id: %s    (grip=%s)\n", item->id, item->hexgrip);
 357
 358       if (item->no_cert)
 359         continue; /* No public key yet available. */
 360
 361       if (assuan_context)
 362         {
 363           agent_write_status (ctrl, "KEYPAIRINFO",
 364                               item->hexgrip, item->id, NULL);
 365         }
 366
 367       for (p=item->hexgrip, i=0; i < 20; p += 2, i++)
 368         grip[i] = xtoi_2 (p);
 369
 370       if (!agent_key_available (grip))
 371         continue; /* The key is already available. */
 372
 373       /* Unknown key - store it. */
 374       rc = agent_card_readkey (ctrl, item->id, &pubkey);
 375       if (rc)
 376         {
 377           log_debug ("agent_card_readkey failed: %s\n", gpg_strerror (rc));
 378           goto leave;
 379         }
 380
 381       {
 382         unsigned char *shadow_info = make_shadow_info (serialno, item->id);
 383         if (!shadow_info)
 384           {
 385             rc = gpg_error (GPG_ERR_ENOMEM);
 386             xfree (pubkey);
 387             goto leave;
 388           }
 389         rc = agent_shadow_key (pubkey, shadow_info, &shdkey);
 390         xfree (shadow_info);
 391       }
 392       xfree (pubkey);
 393       if (rc)
 394         {
 395           log_error ("shadowing the key failed: %s\n", gpg_strerror (rc));
 396           goto leave;
 397         }
 398       n = gcry_sexp_canon_len (shdkey, 0, NULL, NULL);
 399       assert (n);
 400
 401       rc = agent_write_private_key (grip, shdkey, n, 0);
 402       xfree (shdkey);
 403       if (rc)
 404         {
 405           log_error ("error writing key: %s\n", gpg_strerror (rc));
 406           goto leave;
 407         }
 408
 409       if (opt.verbose)
 410         log_info ("stored\n");
 411
 412       if (assuan_context)
 413         {
 414           CERTINFO citem;
 415
 416           /* only send the certificate if we have not done so before */
 417           for (citem = cparm.info; citem; citem = citem->next)
 418             {
 419               if (!strcmp (citem->id, item->id))
 420                 break;
 421             }
 422           if (!citem)
 423             {
 424               rc = send_cert_back (ctrl, item->id, assuan_context);
 425               if (rc)
 426                 goto leave;
 427             }
 428         }
 429     }
 430
 431
 432  leave:
 433   xfree (serialno);
 434   release_keypair_info (parm.info);
 435   release_certinfo (cparm.info);
 436   release_sinfo (sparm.info);
 437   return rc;
 438 }
 439
 440