search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
2002-04-24 Marcus Brinkmann <marcus@g10code.de>
[gnupg.git] / sm / call-agent.c
blob0e0c609234ed9b6cc781acfd6787e6ba201f2035
1 /* call-agent.c - divert operations to the agent
2 * Copyright (C) 2001, 2002 Free Software Foundation, Inc.
3 *
4 * This file is part of GnuPG.
5 *
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 */
20
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <errno.h>
26 #include <unistd.h>
27 #include <time.h>
28 #include <assert.h>
29 #include <gcrypt.h>
30 #ifdef HAVE_LOCALE_H
31 #include <locale.h>
32 #endif
33
34 #include "gpgsm.h"
35 #include "../assuan/assuan.h"
36 #include "i18n.h"
37 #include "keydb.h" /* fixme: Move this to import.c */
38
39 static ASSUAN_CONTEXT agent_ctx = NULL;
40 static int force_pipe_server = 0;
41
42 struct cipher_parm_s {
43 ASSUAN_CONTEXT ctx;
44 const char *ciphertext;
45 size_t ciphertextlen;
46 };
47
48 struct genkey_parm_s {
49 ASSUAN_CONTEXT ctx;
50 const char *sexp;
51 size_t sexplen;
52 };
53
54 struct learn_parm_s {
55 int error;
56 ASSUAN_CONTEXT ctx;
57 struct membuf *data;
58 };
59
60 struct membuf {
61 size_t len;
62 size_t size;
63 char *buf;
64 int out_of_core;
65 };
66
67
68 \f
69 /* A simple implemnation of a dynamic buffer. Use init_membuf() to
70 create a buffer, put_membuf to append bytes and get_membuf to
71 release and return the buffer. Allocation errors are detected but
72 only returned at the final get_membuf(), this helps not to clutter
73 the code with out of core checks. */
74
75 static void
76 init_membuf (struct membuf *mb, int initiallen)
77 {
78 mb->len = 0;
79 mb->size = initiallen;
80 mb->out_of_core = 0;
81 mb->buf = xtrymalloc (initiallen);
82 if (!mb->buf)
83 mb->out_of_core = 1;
84 }
85
86 static void
87 put_membuf (struct membuf *mb, const void *buf, size_t len)
88 {
89 if (mb->out_of_core)
90 return;
91
92 if (mb->len + len >= mb->size)
93 {
94 char *p;
95
96 mb->size += len + 1024;
97 p = xtryrealloc (mb->buf, mb->size);
98 if (!p)
99 {
100 mb->out_of_core = 1;
101 return;
102 }
103 mb->buf = p;
104 }
105 memcpy (mb->buf + mb->len, buf, len);
106 mb->len += len;
107 }
108
109 static void *
110 get_membuf (struct membuf *mb, size_t *len)
111 {
112 char *p;
113
114 if (mb->out_of_core)
115 {
116 xfree (mb->buf);
117 mb->buf = NULL;
118 return NULL;
119 }
120
121 p = mb->buf;
122 *len = mb->len;
123 mb->buf = NULL;
124 mb->out_of_core = 1; /* don't allow a reuse */
125 return p;
126 }
127
128
129 \f
130 /* Try to connect to the agent via socket or fork it off and work by
131 pipes. Handle the server's initial greeting */
132 static int
133 start_agent (void)
134 {
135 int rc;
136 char *infostr, *p;
137 ASSUAN_CONTEXT ctx;
138 char *dft_display = NULL;
139 char *dft_ttyname = NULL;
140 char *dft_ttytype = NULL;
141 char *old_lc = NULL;
142 char *dft_lc = NULL;
143
144 if (agent_ctx)
145 return 0; /* fixme: We need a context for each thread or serialize
146 the access to the agent (which is suitable given that
147 the agent is not MT */
148
149 infostr = force_pipe_server? NULL : getenv ("GPG_AGENT_INFO");
150 if (!infostr)
151 {
152 const char *pgmname;
153 const char *argv[3];
154 log_info (_("no running gpg-agent - starting one\n"));
155
156 if (fflush (NULL))
157 {
158 log_error ("error flushing pending output: %s\n", strerror (errno));
159 return seterr (Write_Error);
160 }
161
162 if (!opt.agent_program || !*opt.agent_program)
163 opt.agent_program = "../agent/gpg-agent";
164 if ( !(pgmname = strrchr (opt.agent_program, '/')))
165 pgmname = opt.agent_program;
166 else
167 pgmname++;
168
169 argv[0] = pgmname;
170 argv[1] = "--server";
171 argv[2] = NULL;
172
173 /* connect to the agent and perform initial handshaking */
174 rc = assuan_pipe_connect (&ctx, opt.agent_program, (char**)argv, 0);
175 }
176 else
177 {
178 int prot;
179 int pid;
180
181 infostr = xstrdup (infostr);
182 if ( !(p = strchr (infostr, ':')) || p == infostr)
183 {
184 log_error (_("malformed GPG_AGENT_INFO environment variable\n"));
185 xfree (infostr);
186 force_pipe_server = 1;
187 return start_agent ();
188 }
189 *p++ = 0;
190 pid = atoi (p);
191 while (*p && *p != ':')
192 p++;
193 prot = *p? atoi (p+1) : 0;
194 if (prot != 1)
195 {
196 log_error (_("gpg-agent protocol version %d is not supported\n"),
197 prot);
198 xfree (infostr);
199 force_pipe_server = 1;
200 return start_agent ();
201 }
202
203 rc = assuan_socket_connect (&ctx, infostr, pid);
204 xfree (infostr);
205 if (rc == ASSUAN_Connect_Failed)
206 {
207 log_error (_("can't connect to the agent - trying fall back\n"));
208 force_pipe_server = 1;
209 return start_agent ();
210 }
211 }
212
213 if (rc)
214 {
215 log_error ("can't connect to the agent: %s\n", assuan_strerror (rc));
216 return seterr (No_Agent);
217 }
218 agent_ctx = ctx;
219
220 if (DBG_AGENT)
221 log_debug ("connection to agent established\n");
222
223 rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
224 if (rc)
225 return map_assuan_err (rc);
226
227 dft_display = getenv ("DISPLAY");
228 if (opt.display || dft_display)
229 {
230 char *optstr;
231 if (asprintf (&optstr, "OPTION display=%s",
232 opt.display ? opt.display : dft_display) < 0)
233 return GNUPG_Out_Of_Core;
234 rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
235 NULL);
236 free (optstr);
237 if (rc)
238 return map_assuan_err (rc);
239 }
240 if (!opt.ttyname && ttyname (1))
241 dft_ttyname = ttyname (1);
242 if (opt.ttyname || dft_ttyname)
243 {
244 char *optstr;
245 if (asprintf (&optstr, "OPTION ttyname=%s",
246 opt.ttyname ? opt.ttyname : dft_ttyname) < 0)
247 return GNUPG_Out_Of_Core;
248 rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
249 NULL);
250 free (optstr);
251 if (rc)
252 return map_assuan_err (rc);
253 }
254 dft_ttytype = getenv ("TERM");
255 if (!rc && (opt.ttytype || (dft_ttyname && dft_ttytype)))
256 {
257 char *optstr;
258 if (asprintf (&optstr, "OPTION ttytype=%s",
259 opt.ttyname ? opt.ttytype : dft_ttytype) < 0)
260 return GNUPG_Out_Of_Core;
261 rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
262 NULL);
263 free (optstr);
264 if (rc)
265 return map_assuan_err (rc);
266 }
267 #ifdef LC_CTYPE
268 old_lc = setlocale (LC_CTYPE, NULL);
269 dft_lc = setlocale (LC_CTYPE, "");
270 #endif
271 if (!rc && (opt.lc_ctype || (dft_ttyname && dft_lc)))
272 {
273 char *optstr;
274 if (asprintf (&optstr, "OPTION lc-ctype=%s",
275 opt.lc_ctype ? opt.lc_ctype : dft_lc) < 0)
276 return GNUPG_Out_Of_Core;
277 rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
278 NULL);
279 free (optstr);
280 if (rc)
281 return map_assuan_err (rc);
282 }
283 #ifdef LC_CTYPE
284 if (old_lc)
285 setlocale (LC_CTYPE, old_lc);
286 #endif
287 #ifdef LC_MESSAGES
288 old_lc = setlocale (LC_MESSAGES, NULL);
289 dft_lc = setlocale (LC_MESSAGES, "");
290 #endif
291 if (!rc && (opt.lc_messages || (dft_ttyname && dft_lc)))
292 {
293 char *optstr;
294 if (asprintf (&optstr, "OPTION lc-messages=%s",
295 opt.lc_messages ? opt.lc_messages : dft_lc) < 0)
296 return GNUPG_Out_Of_Core;
297 rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
298 NULL);
299 free (optstr);
300 if (rc)
301 return map_assuan_err (rc);
302 }
303 #ifdef LC_MESSAGES
304 if (old_lc)
305 setlocale (LC_MESSAGES, old_lc);
306 #endif
307
308 return 0;
309 }
310
311
312 static AssuanError
313 membuf_data_cb (void *opaque, const void *buffer, size_t length)
314 {
315 struct membuf *data = opaque;
316
317 if (buffer)
318 put_membuf (data, buffer, length);
319 return 0;
320 }
321
322
323
324 \f
325 /* Call the agent to do a sign operation using the key identified by
326 the hex string KEYGRIP. */
327 int
328 gpgsm_agent_pksign (const char *keygrip,
329 unsigned char *digest, size_t digestlen, int digestalgo,
330 char **r_buf, size_t *r_buflen )
331 {
332 int rc, i;
333 char *p, line[ASSUAN_LINELENGTH];
334 struct membuf data;
335 size_t len;
336
337 *r_buf = NULL;
338 rc = start_agent ();
339 if (rc)
340 return rc;
341
342 if (digestlen*2 + 50 > DIM(line))
343 return seterr (General_Error);
344
345 rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
346 if (rc)
347 return map_assuan_err (rc);
348
349 snprintf (line, DIM(line)-1, "SIGKEY %s", keygrip);
350 line[DIM(line)-1] = 0;
351 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
352 if (rc)
353 return map_assuan_err (rc);
354
355 sprintf (line, "SETHASH %d ", digestalgo);
356 p = line + strlen (line);
357 for (i=0; i < digestlen ; i++, p += 2 )
358 sprintf (p, "%02X", digest[i]);
359 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
360 if (rc)
361 return map_assuan_err (rc);
362
363 init_membuf (&data, 1024);
364 rc = assuan_transact (agent_ctx, "PKSIGN",
365 membuf_data_cb, &data, NULL, NULL, NULL, NULL);
366 if (rc)
367 {
368 xfree (get_membuf (&data, &len));
369 return map_assuan_err (rc);
370 }
371 *r_buf = get_membuf (&data, r_buflen);
372
373 if (!gcry_sexp_canon_len (*r_buf, *r_buflen, NULL, NULL))
374 {
375 xfree (*r_buf); *r_buf = NULL;
376 return GNUPG_Invalid_Value;
377 }
378
379 return *r_buf? 0 : GNUPG_Out_Of_Core;
380 }
381
382
383
384 \f
385 /* Handle a CIPHERTEXT inquiry. Note, we only send the data,
386 assuan_transact talkes care of flushing and writing the end */
387 static AssuanError
388 inq_ciphertext_cb (void *opaque, const char *keyword)
389 {
390 struct cipher_parm_s *parm = opaque;
391 AssuanError rc;
392
393 assuan_begin_confidential (parm->ctx);
394 rc = assuan_send_data (parm->ctx, parm->ciphertext, parm->ciphertextlen);
395 assuan_end_confidential (parm->ctx);
396 return rc;
397 }
398
399
400 /* Call the agent to do a decrypt operation using the key identified by
401 the hex string KEYGRIP. */
402 int
403 gpgsm_agent_pkdecrypt (const char *keygrip,
404 KsbaConstSexp ciphertext,
405 char **r_buf, size_t *r_buflen )
406 {
407 int rc;
408 char line[ASSUAN_LINELENGTH];
409 struct membuf data;
410 struct cipher_parm_s cipher_parm;
411 size_t n, len;
412 char *buf, *endp;
413 size_t ciphertextlen;
414
415 if (!keygrip || strlen(keygrip) != 40 || !ciphertext || !r_buf || !r_buflen)
416 return GNUPG_Invalid_Value;
417 *r_buf = NULL;
418
419 ciphertextlen = gcry_sexp_canon_len (ciphertext, 0, NULL, NULL);
420 if (!ciphertextlen)
421 return GNUPG_Invalid_Value;
422
423 rc = start_agent ();
424 if (rc)
425 return rc;
426
427 rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
428 if (rc)
429 return map_assuan_err (rc);
430
431 assert ( DIM(line) >= 50 );
432 snprintf (line, DIM(line)-1, "SETKEY %s", keygrip);
433 line[DIM(line)-1] = 0;
434 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
435 if (rc)
436 return map_assuan_err (rc);
437
438 init_membuf (&data, 1024);
439 cipher_parm.ctx = agent_ctx;
440 cipher_parm.ciphertext = ciphertext;
441 cipher_parm.ciphertextlen = ciphertextlen;
442 rc = assuan_transact (agent_ctx, "PKDECRYPT",
443 membuf_data_cb, &data,
444 inq_ciphertext_cb, &cipher_parm, NULL, NULL);
445 if (rc)
446 {
447 xfree (get_membuf (&data, &len));
448 return map_assuan_err (rc);
449 }
450
451 put_membuf (&data, "", 1); /* make sure it is 0 terminated */
452 buf = get_membuf (&data, &len);
453 if (!buf)
454 return seterr (Out_Of_Core);
455 /* FIXME: We would better a return a full S-exp and not just a part */
456 assert (len);
457 len--; /* remove the terminating 0 */
458 n = strtoul (buf, &endp, 10);
459 if (!n || *endp != ':')
460 return seterr (Invalid_Sexp);
461 endp++;
462 if (endp-buf+n > len)
463 return seterr (Invalid_Sexp); /* oops len does not match internal len*/
464 memmove (buf, endp, n);
465 *r_buflen = n;
466 *r_buf = buf;
467 return 0;
468 }
469
470
471
472
473 \f
474 /* Handle a KEYPARMS inquiry. Note, we only send the data,
475 assuan_transact takes care of flushing and writing the end */
476 static AssuanError
477 inq_genkey_parms (void *opaque, const char *keyword)
478 {
479 struct genkey_parm_s *parm = opaque;
480 AssuanError rc;
481
482 rc = assuan_send_data (parm->ctx, parm->sexp, parm->sexplen);
483 return rc;
484 }
485
486
487 \f
488 /* Call the agent to generate a newkey */
489 int
490 gpgsm_agent_genkey (KsbaConstSexp keyparms, KsbaSexp *r_pubkey)
491 {
492 int rc;
493 struct genkey_parm_s gk_parm;
494 struct membuf data;
495 size_t len;
496 char *buf;
497
498 *r_pubkey = NULL;
499 rc = start_agent ();
500 if (rc)
501 return rc;
502
503 rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
504 if (rc)
505 return map_assuan_err (rc);
506
507 init_membuf (&data, 1024);
508 gk_parm.ctx = agent_ctx;
509 gk_parm.sexp = keyparms;
510 gk_parm.sexplen = gcry_sexp_canon_len (keyparms, 0, NULL, NULL);
511 if (!gk_parm.sexplen)
512 return GNUPG_Invalid_Value;
513 rc = assuan_transact (agent_ctx, "GENKEY",
514 membuf_data_cb, &data,
515 inq_genkey_parms, &gk_parm, NULL, NULL);
516 if (rc)
517 {
518 xfree (get_membuf (&data, &len));
519 return map_assuan_err (rc);
520 }
521 buf = get_membuf (&data, &len);
522 if (!buf)
523 return GNUPG_Out_Of_Core;
524 if (!gcry_sexp_canon_len (buf, len, NULL, NULL))
525 {
526 xfree (buf);
527 return GNUPG_Invalid_Sexp;
528 }
529 *r_pubkey = buf;
530 return 0;
531 }
532
533 \f
534 /* Ask the agent whether the certificate is in the list of trusted
535 keys */
536 int
537 gpgsm_agent_istrusted (KsbaCert cert)
538 {
539 int rc;
540 char *fpr;
541 char line[ASSUAN_LINELENGTH];
542
543 rc = start_agent ();
544 if (rc)
545 return rc;
546
547 fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
548 if (!fpr)
549 {
550 log_error ("error getting the fingerprint\n");
551 return seterr (General_Error);
552 }
553
554 snprintf (line, DIM(line)-1, "ISTRUSTED %s", fpr);
555 line[DIM(line)-1] = 0;
556 xfree (fpr);
557
558 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
559 return map_assuan_err (rc);
560 }
561
562 /* Ask the agent to mark CERT as a trusted Root-CA one */
563 int
564 gpgsm_agent_marktrusted (KsbaCert cert)
565 {
566 int rc;
567 char *fpr, *dn;
568 char line[ASSUAN_LINELENGTH];
569
570 rc = start_agent ();
571 if (rc)
572 return rc;
573
574 fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
575 if (!fpr)
576 {
577 log_error ("error getting the fingerprint\n");
578 return seterr (General_Error);
579 }
580
581 dn = ksba_cert_get_issuer (cert, 0);
582 if (!dn)
583 {
584 xfree (fpr);
585 return seterr (General_Error);
586 }
587 snprintf (line, DIM(line)-1, "MARKTRUSTED %s S %s", fpr, dn);
588 line[DIM(line)-1] = 0;
589 ksba_free (dn);
590 xfree (fpr);
591
592 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
593 return map_assuan_err (rc);
594 }
595
596
597 \f
598 /* Ask the agent whether the a corresponding secret key is available
599 for the given keygrip */
600 int
601 gpgsm_agent_havekey (const char *hexkeygrip)
602 {
603 int rc;
604 char line[ASSUAN_LINELENGTH];
605
606 rc = start_agent ();
607 if (rc)
608 return rc;
609
610 if (!hexkeygrip || strlen (hexkeygrip) != 40)
611 return GNUPG_Invalid_Value;
612
613 snprintf (line, DIM(line)-1, "HAVEKEY %s", hexkeygrip);
614 line[DIM(line)-1] = 0;
615
616 rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
617 return map_assuan_err (rc);
618 }
619
620 \f
621 static AssuanError
622 learn_cb (void *opaque, const void *buffer, size_t length)
623 {
624 struct learn_parm_s *parm = opaque;
625 size_t len;
626 char *buf;
627 KsbaCert cert;
628 int rc;
629
630 if (parm->error)
631 return 0;
632
633 if (buffer)
634 {
635 put_membuf (parm->data, buffer, length);
636 return 0;
637 }
638 /* END encountered - process what we have */
639 buf = get_membuf (parm->data, &len);
640 if (!buf)
641 {
642 parm->error = GNUPG_Out_Of_Core;
643 return 0;
644 }
645
646
647 /* FIXME: this should go into import.c */
648 cert = ksba_cert_new ();
649 if (!cert)
650 {
651 parm->error = GNUPG_Out_Of_Core;
652 return 0;
653 }
654 rc = ksba_cert_init_from_mem (cert, buf, len);
655 if (rc)
656 {
657 log_error ("failed to parse a certificate: %s\n", ksba_strerror (rc));
658 ksba_cert_release (cert);
659 parm->error = map_ksba_err (rc);
660 return 0;
661 }
662
663 rc = gpgsm_basic_cert_check (cert);
664 if (rc)
665 log_error ("invalid certificate: %s\n", gnupg_strerror (rc));
666 else
667 {
668 if (!keydb_store_cert (cert))
669 log_error ("certificate imported\n");
670 }
671
672 ksba_cert_release (cert);
673 init_membuf (parm->data, 4096);
674 return 0;
675 }
676
677 /* Call the agent to learn about a smartcard */
678 int
679 gpgsm_agent_learn ()
680 {
681 int rc;
682 struct learn_parm_s learn_parm;
683 struct membuf data;
684 size_t len;
685
686 rc = start_agent ();
687 if (rc)
688 return rc;
689
690 init_membuf (&data, 4096);
691 learn_parm.error = 0;
692 learn_parm.ctx = agent_ctx;
693 learn_parm.data = &data;
694 rc = assuan_transact (agent_ctx, "LEARN --send",
695 learn_cb, &learn_parm,
696 NULL, NULL, NULL, NULL);
697 xfree (get_membuf (&data, &len));
698 if (rc)
699 return map_assuan_err (rc);
700 return learn_parm.error;
701 }
702
gnupg svn clone