sm/gpgsm.h

   1 /* gpgsm.h - Global definitions for GpgSM
   2  *      Copyright (C) 2001, 2003, 2004 Free Software Foundation, Inc.
   3  *
   4  * This file is part of GnuPG.
   5  *
   6  * GnuPG is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation; either version 2 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * GnuPG is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with this program; if not, write to the Free Software
  18  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
  19  */
  20
  21 #ifndef GPGSM_H
  22 #define GPGSM_H
  23
  24 #ifdef GPG_ERR_SOURCE_DEFAULT
  25 #error GPG_ERR_SOURCE_DEFAULT already defined
  26 #endif
  27 #define GPG_ERR_SOURCE_DEFAULT  GPG_ERR_SOURCE_GPGSM
  28 #include <gpg-error.h>
  29 #define map_assuan_err(a) \
  30         map_assuan_err_with_source (GPG_ERR_SOURCE_DEFAULT, (a))
  31
  32
  33 #include <ksba.h>
  34 #include "../common/util.h"
  35 #include "../common/errors.h"
  36
  37 #define OUT_OF_CORE(a) (gpg_error (gpg_err_code_from_errno ((a))))
  38
  39 #define MAX_DIGEST_LEN 24
  40
  41 /* A large struct named "opt" to keep global flags */
  42 struct {
  43   unsigned int debug; /* debug flags (DBG_foo_VALUE) */
  44   int verbose;      /* verbosity level */
  45   int quiet;        /* be as quiet as possible */
  46   int batch;        /* run in batch mode, i.e w/o any user interaction */
  47   int answer_yes;   /* assume yes on most questions */
  48   int answer_no;    /* assume no on most questions */
  49   int dry_run;      /* don't change any persistent data */
  50
  51   const char *homedir;         /* Configuration directory name */
  52   const char *config_filename; /* Name of the used config file. */
  53   const char *agent_program;
  54   char *display;
  55   char *ttyname;
  56   char *ttytype;
  57   char *lc_ctype;
  58   char *lc_messages;
  59
  60   const char *dirmngr_program;
  61   int prefer_system_dirmngr;  /* Prefer using a system wide drimngr.  */
  62   const char *protect_tool_program;
  63   char *outfile;    /* name of output file */
  64
  65   int with_key_data;/* include raw key in the column delimted output */
  66
  67   int fingerprint;  /* list fingerprints in all key listings */
  68
  69   int with_md5_fingerprint; /* Also print an MD5 fingerprint for
  70                                standard key listings. */
  71
  72   int with_ephemeral_keys;  /* Include ephemeral flagged keys in the
  73                                keylisting. */
  74
  75   int armor;        /* force base64 armoring (see also ctrl.with_base64) */
  76   int no_armor;     /* don't try to figure out whether data is base64 armored*/
  77
  78   const char *def_cipher_algoid;  /* cipher algorithm to use if
  79                                      nothing else is specified */
  80
  81   int def_digest_algo;    /* Ditto for hash algorithm */
  82   int def_compress_algo;  /* Ditto for compress algorithm */
  83
  84   char *def_recipient;    /* userID of the default recipient */
  85   int def_recipient_self; /* The default recipient is the default key */
  86
  87   int no_encrypt_to;      /* Ignore all as encrypt to marked recipients. */
  88
  89   char *local_user;       /* NULL or argument to -u */
  90
  91   int always_trust;       /* Trust the given keys even if there is no
  92                              valid certification chain */
  93   int skip_verify;        /* do not check signatures on data */
  94
  95   int lock_once;          /* Keep lock once they are set */
  96
  97   int ignore_time_conflict; /* Ignore certain time conflicts */
  98
  99   int no_crl_check;         /* Don't do a CRL check */
 100   int force_crl_refresh;    /* Force refreshing the CRL. */
 101   int enable_ocsp;          /* Default to use OCSP checks. */
 102
 103   char *policy_file;        /* full pathname of policy file */
 104   int no_policy_check;      /* ignore certificate policies */
 105   int no_chain_validation;  /* Bypass all cert chain validity tests */
 106   int ignore_expiration;    /* Ignore the notAfter validity checks. */
 107   char *fixed_passphrase;   /* Passphrase used by regression tests.  */
 108
 109   int auto_issuer_key_retrieve; /* try to retrieve a missing issuer key. */
 110 } opt;
 111
 112
 113 #define DBG_X509_VALUE    1     /* debug x.509 data reading/writing */
 114 #define DBG_MPI_VALUE     2     /* debug mpi details */
 115 #define DBG_CRYPTO_VALUE  4     /* debug low level crypto */
 116 #define DBG_MEMORY_VALUE  32    /* debug memory allocation stuff */
 117 #define DBG_CACHE_VALUE   64    /* debug the caching */
 118 #define DBG_MEMSTAT_VALUE 128   /* show memory statistics */
 119 #define DBG_HASHING_VALUE 512   /* debug hashing operations */
 120 #define DBG_ASSUAN_VALUE  1024  /* debug assuan communication */
 121
 122 #define DBG_X509    (opt.debug & DBG_X509_VALUE)
 123 #define DBG_CRYPTO  (opt.debug & DBG_CRYPTO_VALUE)
 124 #define DBG_MEMORY  (opt.debug & DBG_MEMORY_VALUE)
 125 #define DBG_CACHE   (opt.debug & DBG_CACHE_VALUE)
 126 #define DBG_HASHING (opt.debug & DBG_HASHING_VALUE)
 127 #define DBG_ASSUAN   (opt.debug & DBG_ASSUAN_VALUE)
 128
 129 struct server_local_s;
 130
 131 /* Note that the default values for this are set by
 132    gpgsm_init_default_ctrl() */
 133 struct server_control_s {
 134   int no_server;      /* We are not running under server control */
 135   int  status_fd;     /* Only for non-server mode */
 136   struct server_local_s *server_local;
 137   int with_colons;    /* Use column delimited output format */
 138   int with_chain;     /* Include the certifying certs in a listing */
 139   int with_validation;/* Validate each key while listing. */
 140
 141   int autodetect_encoding; /* Try to detect the input encoding */
 142   int is_pem;         /* Is in PEM format */
 143   int is_base64;      /* is in plain base-64 format */
 144
 145   int create_base64;  /* Create base64 encoded output */
 146   int create_pem;     /* create PEM output */
 147   const char *pem_name; /* PEM name to use */
 148
 149   int include_certs;  /* -1 to send all certificates in the chain
 150                          along with a signature or the number of
 151                          certificates up the chain (0 = none, 1 = only
 152                          signer) */
 153   int use_ocsp;       /* Set to true if OCSP should be used. */
 154 };
 155 typedef struct server_control_s *CTRL;
 156 typedef struct server_control_s *ctrl_t;
 157
 158 /* data structure used in base64.c */
 159 typedef struct base64_context_s *Base64Context;
 160
 161
 162 struct certlist_s {
 163   struct certlist_s *next;
 164   ksba_cert_t cert;
 165   int is_encrypt_to; /* True if the certificate has been set through
 166                         the --encrypto-to option. */
 167 };
 168 typedef struct certlist_s *CERTLIST;
 169 typedef struct certlist_s *certlist_t;
 170
 171 /*-- gpgsm.c --*/
 172 void gpgsm_exit (int rc);
 173 void gpgsm_init_default_ctrl (struct server_control_s *ctrl);
 174
 175 /*-- server.c --*/
 176 void gpgsm_server (certlist_t default_recplist);
 177 gpg_error_t gpgsm_status (ctrl_t ctrl, int no, const char *text);
 178 gpg_error_t gpgsm_status2 (ctrl_t ctrl, int no, ...);
 179 gpg_error_t gpgsm_status_with_err_code (ctrl_t ctrl, int no, const char *text,
 180                                         gpg_err_code_t ec);
 181
 182 /*-- fingerprint --*/
 183 char *gpgsm_get_fingerprint (ksba_cert_t cert, int algo,
 184                              char *array, int *r_len);
 185 char *gpgsm_get_fingerprint_string (ksba_cert_t cert, int algo);
 186 char *gpgsm_get_fingerprint_hexstring (ksba_cert_t cert, int algo);
 187 unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert);
 188 char *gpgsm_get_keygrip (ksba_cert_t cert, char *array);
 189 char *gpgsm_get_keygrip_hexstring (ksba_cert_t cert);
 190 int  gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits);
 191 char *gpgsm_get_certid (ksba_cert_t cert);
 192
 193
 194 /*-- base64.c --*/
 195 int  gpgsm_create_reader (Base64Context *ctx,
 196                           ctrl_t ctrl, FILE *fp, int allow_multi_pem,
 197                           ksba_reader_t *r_reader);
 198 int gpgsm_reader_eof_seen (Base64Context ctx);
 199 void gpgsm_destroy_reader (Base64Context ctx);
 200 int  gpgsm_create_writer (Base64Context *ctx,
 201                           ctrl_t ctrl, FILE *fp, ksba_writer_t *r_writer);
 202 int  gpgsm_finish_writer (Base64Context ctx);
 203 void gpgsm_destroy_writer (Base64Context ctx);
 204
 205
 206 /*-- certdump.c --*/
 207 void gpgsm_print_serial (FILE *fp, ksba_const_sexp_t p);
 208 void gpgsm_print_time (FILE *fp, ksba_isotime_t t);
 209 void gpgsm_print_name2 (FILE *fp, const char *string, int translate);
 210 void gpgsm_print_name (FILE *fp, const char *string);
 211
 212 void gpgsm_dump_cert (const char *text, ksba_cert_t cert);
 213 void gpgsm_dump_serial (ksba_const_sexp_t p);
 214 void gpgsm_dump_time (ksba_isotime_t t);
 215 void gpgsm_dump_string (const char *string);
 216
 217 char *gpgsm_format_serial (ksba_const_sexp_t p);
 218 char *gpgsm_format_name2 (const char *name, int translate);
 219 char *gpgsm_format_name (const char *name);
 220
 221 char *gpgsm_format_keydesc (ksba_cert_t cert);
 222
 223
 224 /*-- certcheck.c --*/
 225 int gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert);
 226 int gpgsm_check_cms_signature (ksba_cert_t cert, ksba_const_sexp_t sigval,
 227                                gcry_md_hd_t md, int hash_algo);
 228 /* fixme: move create functions to another file */
 229 int gpgsm_create_cms_signature (ctrl_t ctrl,
 230                                 ksba_cert_t cert, gcry_md_hd_t md, int mdalgo,
 231                                 char **r_sigval);
 232
 233
 234 /*-- certchain.c --*/
 235 int gpgsm_walk_cert_chain (ksba_cert_t start, ksba_cert_t *r_next);
 236 int gpgsm_is_root_cert (ksba_cert_t cert);
 237 int gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert,
 238                           ksba_isotime_t r_exptime,
 239                           int listmode, FILE *listfp,
 240                           unsigned int flags);
 241 int gpgsm_basic_cert_check (ksba_cert_t cert);
 242
 243 /*-- certlist.c --*/
 244 int gpgsm_cert_use_sign_p (ksba_cert_t cert);
 245 int gpgsm_cert_use_encrypt_p (ksba_cert_t cert);
 246 int gpgsm_cert_use_verify_p (ksba_cert_t cert);
 247 int gpgsm_cert_use_decrypt_p (ksba_cert_t cert);
 248 int gpgsm_cert_use_cert_p (ksba_cert_t cert);
 249 int gpgsm_cert_use_ocsp_p (ksba_cert_t cert);
 250 int gpgsm_add_cert_to_certlist (ctrl_t ctrl, ksba_cert_t cert,
 251                                 certlist_t *listaddr, int is_encrypt_to);
 252 int gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
 253                            certlist_t *listaddr, int is_encrypt_to);
 254 void gpgsm_release_certlist (certlist_t list);
 255 int gpgsm_find_cert (const char *name, ksba_cert_t *r_cert);
 256
 257 /*-- keylist.c --*/
 258 gpg_error_t gpgsm_list_keys (ctrl_t ctrl, STRLIST names,
 259                              FILE *fp, unsigned int mode);
 260
 261 /*-- import.c --*/
 262 int gpgsm_import (ctrl_t ctrl, int in_fd);
 263 int gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files,
 264                         int (*of)(const char *fname));
 265
 266 /*-- export.c --*/
 267 void gpgsm_export (ctrl_t ctrl, STRLIST names, FILE *fp);
 268 void gpgsm_p12_export (ctrl_t ctrl, const char *name, FILE *fp);
 269
 270 /*-- delete.c --*/
 271 int gpgsm_delete (ctrl_t ctrl, STRLIST names);
 272
 273 /*-- verify.c --*/
 274 int gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp);
 275
 276 /*-- sign.c --*/
 277 int gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert);
 278 int gpgsm_sign (ctrl_t ctrl, CERTLIST signerlist,
 279                 int data_fd, int detached, FILE *out_fp);
 280
 281 /*-- encrypt.c --*/
 282 int gpgsm_encrypt (ctrl_t ctrl, CERTLIST recplist, int in_fd, FILE *out_fp);
 283
 284 /*-- decrypt.c --*/
 285 int gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp);
 286
 287 /*-- certreqgen.c --*/
 288 int gpgsm_genkey (ctrl_t ctrl, int in_fd, FILE *out_fp);
 289
 290 /*-- call-agent.c --*/
 291 int gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
 292                         unsigned char *digest,
 293                         size_t digestlen,
 294                         int digestalgo,
 295                         char **r_buf, size_t *r_buflen);
 296 int gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
 297                            ksba_const_sexp_t ciphertext,
 298                            char **r_buf, size_t *r_buflen);
 299 int gpgsm_agent_genkey (ctrl_t ctrl,
 300                         ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey);
 301 int gpgsm_agent_istrusted (ctrl_t ctrl, ksba_cert_t cert);
 302 int gpgsm_agent_havekey (ctrl_t ctrl, const char *hexkeygrip);
 303 int gpgsm_agent_marktrusted (ctrl_t ctrl, ksba_cert_t cert);
 304 int gpgsm_agent_learn (ctrl_t ctrl);
 305 int gpgsm_agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc);
 306
 307 /*-- call-dirmngr.c --*/
 308 int gpgsm_dirmngr_isvalid (ctrl_t ctrl,
 309                            ksba_cert_t cert, ksba_cert_t issuer_cert,
 310                            int use_ocsp);
 311 int gpgsm_dirmngr_lookup (ctrl_t ctrl, STRLIST names,
 312                           void (*cb)(void*, ksba_cert_t), void *cb_value);
 313 int gpgsm_dirmngr_run_command (ctrl_t ctrl, const char *command,
 314                                int argc, char **argv);
 315
 316
 317 /*-- misc.c --*/
 318 void setup_pinentry_env (void);
 319
 320
 321
 322 #endif /*GPGSM_H*/