| blob | 0590514df84b59760506d3bdd1fd25b614ec5b8d |
1 /* call-agent.c - Divert GPG operations to the agent.
2 * Copyright (C) 2001, 2002, 2003, 2006, 2007,
3 * 2008 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <errno.h>
26 #include <unistd.h>
27 #include <time.h>
28 #include <assert.h>
29 #ifdef HAVE_LOCALE_H
30 #include <locale.h>
31 #endif
32 #include <assuan.h>
43 #ifndef DBG_ASSUAN
44 # define DBG_ASSUAN 1
45 #endif
49 struct cipher_parm_s
50 {
51 assuan_context_t ctx;
54 };
56 struct writecert_parm_s
57 {
58 assuan_context_t ctx;
61 };
63 struct writekey_parm_s
64 {
65 assuan_context_t ctx;
68 };
70 struct genkey_parm_s
71 {
72 assuan_context_t ctx;
75 };
78 \f
79 /* Try to connect to the agent via socket or fork it off and work by
80 pipes. Handle the server's initial greeting */
81 static int
83 {
88 the access to the agent. */
91 GPG_ERR_SOURCE_DEFAULT,
100 {
101 /* Tell the agent that we support Pinentry notifications. No
102 error checking so that it will work also with older
103 agents. */
106 }
109 }
112 /* Return a new malloced string by unescaping the string S. Escaping
113 is percent escaping and '+'/space mapping. A binary nul will
114 silently be replaced by a 0xFF. Function returns NULL to indicate
115 an out of memory status. */
118 {
120 }
123 /* Take a 20 byte hexencoded string and put it into the the provided
124 20 byte buffer FPR in binary format. */
125 static int
127 {
132 ;
138 }
140 /* Take the serial number from LINE and return it verbatim in a newly
141 allocated string. We make sure that only hex characters are
142 returned. */
145 {
150 ;
153 {
156 }
158 }
161 \f
162 /* This is a dummy data line callback. */
163 static int
165 {
170 }
173 /* This is the default inquiry callback. It mainly handles the
174 Pinentry notifications. */
175 static int
177 {
181 {
182 /* There is no working server mode yet thus we use
183 AllowSetForegroundWindow window right here. We might want to
184 do this anyway in case gpg is called on the console. */
186 /* We do not pass errors to avoid breaking other code. */
187 }
188 else
192 }
196 /* Release the card info structure INFO. */
197 void
199 {
211 }
213 static int
215 {
222 ;
224 line++;
227 {
232 }
234 {
237 }
239 {
242 }
244 {
247 }
249 {
251 }
253 {
256 }
258 {
261 }
263 {
265 }
267 {
272 {
274 p++;
277 p++;
279 p++;
281 {
284 p++;
286 p++;
287 }
289 {
292 p++;
294 p++;
295 }
297 }
298 }
300 {
303 line++;
305 line++;
312 }
314 {
317 line++;
319 line++;
326 }
328 {
332 keyno--;
334 {
337 }
338 }
341 }
343 /* Call the agent to learn about a smartcard */
344 int
346 {
357 /* Also try to get the key attributes. */
362 }
364 /* Call the agent to retrieve a data object. This function returns
365 the data in the same structure as used by the learn command. It is
366 allowed to update such a structure using this commmand. */
367 int
369 {
376 /* We assume that NAME does not need escaping. */
389 }
391 \f
392 /* Send an setattr command to the SCdaemon. SERIALNO is not actually
393 used here but required by gpg 1.4's implementation of this code in
394 cardglue.c. */
395 int
399 {
409 /* We assume that NAME does not need escaping. */
416 {
420 {
423 }
426 else
428 }
438 }
441 \f
442 /* Handle a CERTDATA inquiry. Note, we only send the data,
443 assuan_transact takes care of flushing and writing the END
444 command. */
445 static int
447 {
452 {
454 }
455 else
459 }
462 /* Send a WRITECERT command to the SCdaemon. */
463 int
466 {
487 }
490 \f
491 /* Handle a KEYDATA inquiry. Note, we only send the data,
492 assuan_transact takes care of flushing and writing the end */
493 static int
495 {
500 {
502 }
503 else
507 }
510 /* Send a WRITEKEY command to the SCdaemon. */
511 int
514 {
537 }
540 \f
541 /* Status callback for the SCD GENKEY command. */
542 static int
544 {
548 gpg_error_t rc;
551 ;
553 line++;
556 {
558 }
560 {
561 gcry_mpi_t a;
565 line++;
567 line++;
576 else
577 {
580 }
581 }
583 {
585 }
588 }
590 /* Send a GENKEY command to the SCdaemon. SERIALNO is not used in
591 this implementation. If CREATEDATE has been given, it will be
592 passed to SCDAEMON so that the key can be created with this
593 timestamp; note the user needs to use the returned timestamp as old
594 versions of scddaemon don't support this option. */
595 int
598 {
601 gnupg_isotime_t tbuf;
611 else
618 keyno);
627 }
629 \f
630 static int
632 {
638 }
640 /* Send a sign command to the scdaemon via gpg-agent's pass thru
641 mechanism. */
642 int
646 {
649 membuf_t data;
652 /* Note, hashalgo is not yet used but hardwired to SHA1 in SCdaemon. */
664 /* Send the serialno command to initialize the connection. We don't
665 care about the data returned. If the card has already been
666 initialized, this is a very fast command. We request the openpgp
667 card because that is what we expect. */
682 #if 0
685 else
686 #endif
689 serialno);
694 {
697 }
701 }
704 /* Decrypt INDATA of length INDATALEN using the card identified by
705 SERIALNO. Return the plaintext in a nwly allocated buffer stored
706 at the address of R_BUF.
708 Note, we currently support only RSA or more exactly algorithms
709 taking one input data element. */
710 int
714 {
717 membuf_t data;
725 /* FIXME: use secure memory where appropriate */
729 /* Send the serialno command to initialize the connection. We don't
730 care about the data returned. If the card has already been
731 initialized, this is a very fast command. We request the openpgp
732 card because that is what we expect. */
753 {
756 }
762 }
765 \f
766 /* Send a READCERT command to the SCdaemon. */
767 int
770 {
773 membuf_t data;
789 {
792 }
798 }
801 \f
802 /* Change the PIN of an OpenPGP card or reset the retry counter.
803 CHVNO 1: Change the PIN
804 2: For v1 cards: Same as 1.
805 For v2 cards: Reset the PIN using the Reset Code.
806 3: Change the admin PIN
807 101: Set a new PIN and reset the retry counter
808 102: For v1 cars: Same as 101.
809 For v2 cards: Set a new Reset Code.
810 SERIALNO is not used.
811 */
812 int
814 {
834 }
837 /* Perform a CHECKPIN operation. SERIALNO should be the serial
838 number of the card - optionally followed by the fingerprint;
839 however the fingerprint is ignored here. */
840 int
842 {
855 }
858 /* Dummy function, only used by the gpg 1.4 implementation. */
859 void
861 {
863 }
867 \f
868 /* Note: All strings shall be UTF-8. On success the caller needs to
869 free the string stored at R_PASSPHRASE. On error NULL will be
870 stored at R_PASSPHRASE and an appropriate fpf error code
871 returned. */
872 gpg_error_t
880 {
887 membuf_t data;
895 /* Check that the gpg-agent understands the repeat option. */
916 repeat,
935 else
936 {
941 }
943 no_mem:
950 }
953 gpg_error_t
955 {
970 }