1 /* call-agent.c - Divert GPG operations to the agent.
2 * Copyright (C) 2001-2003, 2006-2011, 2013 Free Software Foundation, Inc.
3 * Copyright (C) 2013-2015 Werner Koch
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
40 #include "call-agent.h"
42 #include "../common/shareddefs.h"
45 #define CONTROL_D ('D' - 'A' + 1)
48 static assuan_context_t agent_ctx = NULL;
49 static int did_early_card_test;
51 struct default_inq_parm_s
64 struct default_inq_parm_s *dflt;
66 unsigned char *ciphertext;
70 struct writecert_parm_s
72 struct default_inq_parm_s *dflt;
73 const unsigned char *certdata;
77 struct writekey_parm_s
79 struct default_inq_parm_s *dflt;
80 const unsigned char *keydata;
86 struct default_inq_parm_s *dflt;
88 const char *passphrase;
91 struct import_key_parm_s
93 struct default_inq_parm_s *dflt;
99 struct cache_nonce_parm_s
101 char **cache_nonce_addr;
102 char **passwd_nonce_addr;
106 static gpg_error_t learn_status_cb (void *opaque, const char *line);
110 /* If RC is not 0, write an appropriate status message. */
112 status_sc_op_failure (int rc)
114 switch (gpg_err_code (rc))
118 case GPG_ERR_CANCELED:
119 case GPG_ERR_FULLY_CANCELED:
120 write_status_text (STATUS_SC_OP_FAILURE, "1");
122 case GPG_ERR_BAD_PIN:
123 write_status_text (STATUS_SC_OP_FAILURE, "2");
126 write_status (STATUS_SC_OP_FAILURE);
132 /* This is the default inquiry callback. It mainly handles the
133 Pinentry notifications. */
135 default_inq_cb (void *opaque, const char *line)
138 struct default_inq_parm_s *parm = opaque;
140 if (has_leading_keyword (line, "PINENTRY_LAUNCHED"))
142 err = gpg_proxy_pinentry_notify (parm->ctrl, line);
144 log_error (_("failed to proxy %s inquiry to client\n"),
145 "PINENTRY_LAUNCHED");
146 /* We do not pass errors to avoid breaking other code. */
148 else if ((has_leading_keyword (line, "PASSPHRASE")
149 || has_leading_keyword (line, "NEW_PASSPHRASE"))
150 && opt.pinentry_mode == PINENTRY_MODE_LOOPBACK)
152 if (have_static_passphrase ())
154 const char *s = get_static_passphrase ();
155 err = assuan_send_data (parm->ctx, s, strlen (s));
162 if (parm->keyinfo.keyid)
163 emit_status_need_passphrase (parm->keyinfo.keyid,
164 parm->keyinfo.mainkeyid,
165 parm->keyinfo.pubkey_algo);
167 snprintf (buf, sizeof (buf), "%u", 100);
168 write_status_text (STATUS_INQUIRE_MAXLEN, buf);
169 pw = cpr_get_hidden ("passphrase.enter", _("Enter passphrase: "));
171 if (*pw == CONTROL_D && !pw[1])
172 err = gpg_error (GPG_ERR_CANCELED);
174 err = assuan_send_data (parm->ctx, pw, strlen (pw));
179 log_debug ("ignoring gpg-agent inquiry '%s'\n", line);
185 /* Print a warning if the server's version number is less than our
186 version number. Returns an error code on a connection problem. */
188 warn_version_mismatch (assuan_context_t ctx, const char *servername, int mode)
192 const char *myversion = strusage (13);
194 err = get_assuan_server_version (ctx, mode, &serverversion);
196 log_error (_("error getting version from '%s': %s\n"),
197 servername, gpg_strerror (err));
198 else if (compare_version_strings (serverversion, myversion) < 0)
202 warn = xtryasprintf (_("server '%s' is older than us (%s < %s)"),
203 servername, serverversion, myversion);
205 err = gpg_error_from_syserror ();
208 log_info (_("WARNING: %s\n"), warn);
209 write_status_strings (STATUS_WARNING, "server_version_mismatch 0",
214 xfree (serverversion);
219 /* Try to connect to the agent via socket or fork it off and work by
220 pipes. Handle the server's initial greeting */
222 start_agent (ctrl_t ctrl, int for_card)
226 (void)ctrl; /* Not yet used. */
228 /* Fixme: We need a context for each thread or serialize the access
234 rc = start_new_gpg_agent (&agent_ctx,
235 GPG_ERR_SOURCE_DEFAULT,
237 opt.lc_ctype, opt.lc_messages,
239 opt.autostart, opt.verbose, DBG_IPC,
241 if (!opt.autostart && gpg_err_code (rc) == GPG_ERR_NO_AGENT)
248 log_info (_("no gpg-agent running in this session\n"));
252 && !(rc = warn_version_mismatch (agent_ctx, GPG_AGENT_NAME, 0)))
254 /* Tell the agent that we support Pinentry notifications.
255 No error checking so that it will work also with older
257 assuan_transact (agent_ctx, "OPTION allow-pinentry-notify",
258 NULL, NULL, NULL, NULL, NULL, NULL);
259 /* Tell the agent about what version we are aware. This is
260 here used to indirectly enable GPG_ERR_FULLY_CANCELED. */
261 assuan_transact (agent_ctx, "OPTION agent-awareness=2.1.0",
262 NULL, NULL, NULL, NULL, NULL, NULL);
263 /* Pass on the pinentry mode. */
264 if (opt.pinentry_mode)
266 char *tmp = xasprintf ("OPTION pinentry-mode=%s",
267 str_pinentry_mode (opt.pinentry_mode));
268 rc = assuan_transact (agent_ctx, tmp,
269 NULL, NULL, NULL, NULL, NULL, NULL);
273 log_error ("setting pinentry mode '%s' failed: %s\n",
274 str_pinentry_mode (opt.pinentry_mode),
276 write_status_error ("set_pinentry_mode", rc);
282 if (!rc && for_card && !did_early_card_test)
284 /* Request the serial number of the card for an early test. */
285 struct agent_card_info_s info;
287 memset (&info, 0, sizeof info);
289 rc = warn_version_mismatch (agent_ctx, SCDAEMON_NAME, 2);
291 rc = assuan_transact (agent_ctx, "SCD SERIALNO openpgp",
292 NULL, NULL, NULL, NULL,
293 learn_status_cb, &info);
296 switch (gpg_err_code (rc))
298 case GPG_ERR_NOT_SUPPORTED:
299 case GPG_ERR_NO_SCDAEMON:
300 write_status_text (STATUS_CARDCTRL, "6");
302 case GPG_ERR_OBJ_TERM_STATE:
303 write_status_text (STATUS_CARDCTRL, "7");
306 write_status_text (STATUS_CARDCTRL, "4");
307 log_info ("selecting openpgp failed: %s\n", gpg_strerror (rc));
312 if (!rc && is_status_enabled () && info.serialno)
316 buf = xasprintf ("3 %s", info.serialno);
317 write_status_text (STATUS_CARDCTRL, buf);
321 agent_release_card_info (&info);
324 did_early_card_test = 1;
332 /* Return a new malloced string by unescaping the string S. Escaping
333 is percent escaping and '+'/space mapping. A binary nul will
334 silently be replaced by a 0xFF. Function returns NULL to indicate
335 an out of memory status. */
337 unescape_status_string (const unsigned char *s)
339 return percent_plus_unescape (s, 0xff);
343 /* Take a 20 byte hexencoded string and put it into the the provided
344 20 byte buffer FPR in binary format. */
346 unhexify_fpr (const char *hexstr, unsigned char *fpr)
351 for (s=hexstr, n=0; hexdigitp (s); s++, n++)
354 return 0; /* no fingerprint (invalid or wrong length). */
355 for (s=hexstr, n=0; *s; s += 2, n++)
360 /* Take the serial number from LINE and return it verbatim in a newly
361 allocated string. We make sure that only hex characters are
364 store_serialno (const char *line)
369 for (s=line; hexdigitp (s); s++)
371 p = xtrymalloc (s + 1 - line);
374 memcpy (p, line, s-line);
382 /* This is a dummy data line callback. */
384 dummy_data_cb (void *opaque, const void *buffer, size_t length)
392 /* A simple callback used to return the serialnumber of a card. */
394 get_serialno_cb (void *opaque, const char *line)
396 char **serialno = opaque;
397 const char *keyword = line;
401 for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
403 while (spacep (line))
406 if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
409 return gpg_error (GPG_ERR_CONFLICT); /* Unexpected status line. */
410 for (n=0,s=line; hexdigitp (s); s++, n++)
412 if (!n || (n&1)|| !(spacep (s) || !*s) )
413 return gpg_error (GPG_ERR_ASS_PARAMETER);
414 *serialno = xtrymalloc (n+1);
416 return out_of_core ();
417 memcpy (*serialno, line, n);
426 /* Release the card info structure INFO. */
428 agent_release_card_info (struct agent_card_info_s *info)
435 xfree (info->reader); info->reader = NULL;
436 xfree (info->serialno); info->serialno = NULL;
437 xfree (info->apptype); info->apptype = NULL;
438 xfree (info->disp_name); info->disp_name = NULL;
439 xfree (info->disp_lang); info->disp_lang = NULL;
440 xfree (info->pubkey_url); info->pubkey_url = NULL;
441 xfree (info->login_data); info->login_data = NULL;
442 info->cafpr1valid = info->cafpr2valid = info->cafpr3valid = 0;
443 info->fpr1valid = info->fpr2valid = info->fpr3valid = 0;
444 for (i=0; i < DIM(info->private_do); i++)
446 xfree (info->private_do[i]);
447 info->private_do[i] = NULL;
453 learn_status_cb (void *opaque, const char *line)
455 struct agent_card_info_s *parm = opaque;
456 const char *keyword = line;
460 for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
462 while (spacep (line))
465 if (keywordlen == 6 && !memcmp (keyword, "READER", keywordlen))
467 xfree (parm->reader);
468 parm->reader = unescape_status_string (line);
470 else if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
472 xfree (parm->serialno);
473 parm->serialno = store_serialno (line);
474 parm->is_v2 = (strlen (parm->serialno) >= 16
475 && xtoi_2 (parm->serialno+12) >= 2 );
477 else if (keywordlen == 7 && !memcmp (keyword, "APPTYPE", keywordlen))
479 xfree (parm->apptype);
480 parm->apptype = unescape_status_string (line);
482 else if (keywordlen == 9 && !memcmp (keyword, "DISP-NAME", keywordlen))
484 xfree (parm->disp_name);
485 parm->disp_name = unescape_status_string (line);
487 else if (keywordlen == 9 && !memcmp (keyword, "DISP-LANG", keywordlen))
489 xfree (parm->disp_lang);
490 parm->disp_lang = unescape_status_string (line);
492 else if (keywordlen == 8 && !memcmp (keyword, "DISP-SEX", keywordlen))
494 parm->disp_sex = *line == '1'? 1 : *line == '2' ? 2: 0;
496 else if (keywordlen == 10 && !memcmp (keyword, "PUBKEY-URL", keywordlen))
498 xfree (parm->pubkey_url);
499 parm->pubkey_url = unescape_status_string (line);
501 else if (keywordlen == 10 && !memcmp (keyword, "LOGIN-DATA", keywordlen))
503 xfree (parm->login_data);
504 parm->login_data = unescape_status_string (line);
506 else if (keywordlen == 11 && !memcmp (keyword, "SIG-COUNTER", keywordlen))
508 parm->sig_counter = strtoul (line, NULL, 0);
510 else if (keywordlen == 10 && !memcmp (keyword, "CHV-STATUS", keywordlen))
514 buf = p = unescape_status_string (line);
519 parm->chv1_cached = atoi (p);
520 while (*p && !spacep (p))
524 for (i=0; *p && i < 3; i++)
526 parm->chvmaxlen[i] = atoi (p);
527 while (*p && !spacep (p))
532 for (i=0; *p && i < 3; i++)
534 parm->chvretry[i] = atoi (p);
535 while (*p && !spacep (p))
543 else if (keywordlen == 6 && !memcmp (keyword, "EXTCAP", keywordlen))
548 buf = p = unescape_status_string (line);
551 for (p = strtok (buf, " "); p; p = strtok (NULL, " "))
553 p2 = strchr (p, '=');
557 abool = (*p2 == '1');
558 if (!strcmp (p, "ki"))
559 parm->extcap.ki = abool;
560 else if (!strcmp (p, "aac"))
561 parm->extcap.aac = abool;
562 else if (!strcmp (p, "si"))
563 parm->status_indicator = strtoul (p2, NULL, 10);
569 else if (keywordlen == 7 && !memcmp (keyword, "KEY-FPR", keywordlen))
571 int no = atoi (line);
572 while (*line && !spacep (line))
574 while (spacep (line))
577 parm->fpr1valid = unhexify_fpr (line, parm->fpr1);
579 parm->fpr2valid = unhexify_fpr (line, parm->fpr2);
581 parm->fpr3valid = unhexify_fpr (line, parm->fpr3);
583 else if (keywordlen == 8 && !memcmp (keyword, "KEY-TIME", keywordlen))
585 int no = atoi (line);
586 while (* line && !spacep (line))
588 while (spacep (line))
591 parm->fpr1time = strtoul (line, NULL, 10);
593 parm->fpr2time = strtoul (line, NULL, 10);
595 parm->fpr3time = strtoul (line, NULL, 10);
597 else if (keywordlen == 6 && !memcmp (keyword, "CA-FPR", keywordlen))
599 int no = atoi (line);
600 while (*line && !spacep (line))
602 while (spacep (line))
605 parm->cafpr1valid = unhexify_fpr (line, parm->cafpr1);
607 parm->cafpr2valid = unhexify_fpr (line, parm->cafpr2);
609 parm->cafpr3valid = unhexify_fpr (line, parm->cafpr3);
611 else if (keywordlen == 8 && !memcmp (keyword, "KEY-ATTR", keywordlen))
614 int algo = PUBKEY_ALGO_RSA;
617 sscanf (line, "%d %d %n", &keyno, &algo, &n);
619 if (keyno < 0 || keyno >= DIM (parm->key_attr))
622 parm->key_attr[keyno].algo = algo;
623 if (algo == PUBKEY_ALGO_RSA)
624 parm->key_attr[keyno].nbits = strtoul (line+n+3, NULL, 10);
625 else if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA
626 || algo == PUBKEY_ALGO_EDDSA)
627 parm->key_attr[keyno].curve = openpgp_is_curve_supported (line + n,
630 else if (keywordlen == 12 && !memcmp (keyword, "PRIVATE-DO-", 11)
631 && strchr("1234", keyword[11]))
633 int no = keyword[11] - '1';
634 log_assert (no >= 0 && no <= 3);
635 xfree (parm->private_do[no]);
636 parm->private_do[no] = unescape_status_string (line);
642 /* Call the scdaemon to learn about a smartcard */
644 agent_scd_learn (struct agent_card_info_s *info, int force)
647 struct default_inq_parm_s parm;
648 struct agent_card_info_s dummyinfo;
652 memset (info, 0, sizeof *info);
653 memset (&parm, 0, sizeof parm);
655 rc = start_agent (NULL, 1);
659 /* Send the serialno command to initialize the connection. We don't
660 care about the data returned. If the card has already been
661 initialized, this is a very fast command. The main reason we
662 need to do this here is to handle a card removed case so that an
663 "l" command in --edit-card can be used to show ta newly inserted
664 card. We request the openpgp card because that is what we
666 rc = assuan_transact (agent_ctx, "SCD SERIALNO openpgp",
667 NULL, NULL, NULL, NULL, NULL, NULL);
671 parm.ctx = agent_ctx;
672 rc = assuan_transact (agent_ctx,
673 force ? "LEARN --sendinfo --force" : "LEARN --sendinfo",
674 dummy_data_cb, NULL, default_inq_cb, &parm,
675 learn_status_cb, info);
676 /* Also try to get the key attributes. */
678 agent_scd_getattr ("KEY-ATTR", info);
680 if (info == &dummyinfo)
681 agent_release_card_info (info);
687 /* Send an APDU to the current card. On success the status word is
688 stored at R_SW. With HEXAPDU being NULL only a RESET command is
689 send to scd. With HEXAPDU being the string "undefined" the command
690 "SERIALNO undefined" is send to scd. */
692 agent_scd_apdu (const char *hexapdu, unsigned int *r_sw)
696 /* Start the agent but not with the card flag so that we do not
697 autoselect the openpgp application. */
698 err = start_agent (NULL, 0);
704 err = assuan_transact (agent_ctx, "SCD RESET",
705 NULL, NULL, NULL, NULL, NULL, NULL);
708 else if (!strcmp (hexapdu, "undefined"))
710 err = assuan_transact (agent_ctx, "SCD SERIALNO undefined",
711 NULL, NULL, NULL, NULL, NULL, NULL);
715 char line[ASSUAN_LINELENGTH];
720 init_membuf (&mb, 256);
722 snprintf (line, DIM(line), "SCD APDU %s", hexapdu);
723 err = assuan_transact (agent_ctx, line,
724 put_membuf_cb, &mb, NULL, NULL, NULL, NULL);
727 data = get_membuf (&mb, &datalen);
729 err = gpg_error_from_syserror ();
730 else if (datalen < 2) /* Ooops */
731 err = gpg_error (GPG_ERR_CARD);
734 *r_sw = buf16_to_uint (data+datalen-2);
745 agent_keytocard (const char *hexgrip, int keyno, int force,
746 const char *serialno, const char *timestamp)
749 char line[ASSUAN_LINELENGTH];
750 struct default_inq_parm_s parm;
752 memset (&parm, 0, sizeof parm);
754 snprintf (line, DIM(line), "KEYTOCARD %s%s %s OPENPGP.%d %s",
755 force?"--force ": "", hexgrip, serialno, keyno, timestamp);
757 rc = start_agent (NULL, 1);
760 parm.ctx = agent_ctx;
762 rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, &parm,
770 /* Call the agent to retrieve a data object. This function returns
771 the data in the same structure as used by the learn command. It is
772 allowed to update such a structure using this commmand. */
774 agent_scd_getattr (const char *name, struct agent_card_info_s *info)
777 char line[ASSUAN_LINELENGTH];
778 struct default_inq_parm_s parm;
780 memset (&parm, 0, sizeof parm);
783 return gpg_error (GPG_ERR_INV_VALUE);
785 /* We assume that NAME does not need escaping. */
786 if (12 + strlen (name) > DIM(line)-1)
787 return gpg_error (GPG_ERR_TOO_LARGE);
788 stpcpy (stpcpy (line, "SCD GETATTR "), name);
790 rc = start_agent (NULL, 1);
794 parm.ctx = agent_ctx;
795 rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, &parm,
796 learn_status_cb, info);
802 /* Send an setattr command to the SCdaemon. SERIALNO is not actually
803 used here but required by gpg 1.4's implementation of this code in
806 agent_scd_setattr (const char *name,
807 const unsigned char *value, size_t valuelen,
808 const char *serialno)
811 char line[ASSUAN_LINELENGTH];
813 struct default_inq_parm_s parm;
815 memset (&parm, 0, sizeof parm);
819 if (!*name || !valuelen)
820 return gpg_error (GPG_ERR_INV_VALUE);
822 /* We assume that NAME does not need escaping. */
823 if (12 + strlen (name) > DIM(line)-1)
824 return gpg_error (GPG_ERR_TOO_LARGE);
826 p = stpcpy (stpcpy (line, "SCD SETATTR "), name);
828 for (; valuelen; value++, valuelen--)
830 if (p >= line + DIM(line)-5 )
831 return gpg_error (GPG_ERR_TOO_LARGE);
832 if (*value < ' ' || *value == '+' || *value == '%')
834 sprintf (p, "%%%02X", *value);
837 else if (*value == ' ')
844 rc = start_agent (NULL, 1);
847 parm.ctx = agent_ctx;
848 rc = assuan_transact (agent_ctx, line, NULL, NULL,
849 default_inq_cb, &parm, NULL, NULL);
852 status_sc_op_failure (rc);
858 /* Handle a CERTDATA inquiry. Note, we only send the data,
859 assuan_transact takes care of flushing and writing the END
862 inq_writecert_parms (void *opaque, const char *line)
865 struct writecert_parm_s *parm = opaque;
867 if (has_leading_keyword (line, "CERTDATA"))
869 rc = assuan_send_data (parm->dflt->ctx,
870 parm->certdata, parm->certdatalen);
873 rc = default_inq_cb (parm->dflt, line);
879 /* Send a WRITECERT command to the SCdaemon. */
881 agent_scd_writecert (const char *certidstr,
882 const unsigned char *certdata, size_t certdatalen)
885 char line[ASSUAN_LINELENGTH];
886 struct writecert_parm_s parms;
887 struct default_inq_parm_s dfltparm;
889 memset (&dfltparm, 0, sizeof dfltparm);
891 rc = start_agent (NULL, 1);
895 memset (&parms, 0, sizeof parms);
897 snprintf (line, DIM(line), "SCD WRITECERT %s", certidstr);
898 dfltparm.ctx = agent_ctx;
899 parms.dflt = &dfltparm;
900 parms.certdata = certdata;
901 parms.certdatalen = certdatalen;
903 rc = assuan_transact (agent_ctx, line, NULL, NULL,
904 inq_writecert_parms, &parms, NULL, NULL);
911 /* Handle a KEYDATA inquiry. Note, we only send the data,
912 assuan_transact takes care of flushing and writing the end */
914 inq_writekey_parms (void *opaque, const char *line)
917 struct writekey_parm_s *parm = opaque;
919 if (has_leading_keyword (line, "KEYDATA"))
921 rc = assuan_send_data (parm->dflt->ctx, parm->keydata, parm->keydatalen);
924 rc = default_inq_cb (parm->dflt, line);
930 /* Send a WRITEKEY command to the SCdaemon. */
932 agent_scd_writekey (int keyno, const char *serialno,
933 const unsigned char *keydata, size_t keydatalen)
936 char line[ASSUAN_LINELENGTH];
937 struct writekey_parm_s parms;
938 struct default_inq_parm_s dfltparm;
940 memset (&dfltparm, 0, sizeof dfltparm);
944 rc = start_agent (NULL, 1);
948 memset (&parms, 0, sizeof parms);
950 snprintf (line, DIM(line), "SCD WRITEKEY --force OPENPGP.%d", keyno);
951 dfltparm.ctx = agent_ctx;
952 parms.dflt = &dfltparm;
953 parms.keydata = keydata;
954 parms.keydatalen = keydatalen;
956 rc = assuan_transact (agent_ctx, line, NULL, NULL,
957 inq_writekey_parms, &parms, NULL, NULL);
959 status_sc_op_failure (rc);
965 /* Status callback for the SCD GENKEY command. */
967 scd_genkey_cb (void *opaque, const char *line)
969 u32 *createtime = opaque;
970 const char *keyword = line;
973 for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
975 while (spacep (line))
978 if (keywordlen == 14 && !memcmp (keyword,"KEY-CREATED-AT", keywordlen))
980 *createtime = (u32)strtoul (line, NULL, 10);
982 else if (keywordlen == 8 && !memcmp (keyword, "PROGRESS", keywordlen))
984 write_status_text (STATUS_PROGRESS, line);
990 /* Send a GENKEY command to the SCdaemon. If *CREATETIME is not 0,
991 the value will be passed to SCDAEMON with --timestamp option so that
992 the key is created with this. Otherwise, timestamp was generated by
993 SCDEAMON. On success, creation time is stored back to
996 agent_scd_genkey (int keyno, int force, u32 *createtime)
999 char line[ASSUAN_LINELENGTH];
1000 gnupg_isotime_t tbuf;
1001 struct default_inq_parm_s dfltparm;
1003 memset (&dfltparm, 0, sizeof dfltparm);
1005 rc = start_agent (NULL, 1);
1010 epoch2isotime (tbuf, *createtime);
1014 snprintf (line, DIM(line), "SCD GENKEY %s%s %s %d",
1015 *tbuf? "--timestamp=":"", tbuf,
1016 force? "--force":"",
1019 dfltparm.ctx = agent_ctx;
1020 rc = assuan_transact (agent_ctx, line,
1021 NULL, NULL, default_inq_cb, &dfltparm,
1022 scd_genkey_cb, createtime);
1024 status_sc_op_failure (rc);
1031 /* Issue an SCD SERIALNO openpgp command and if SERIALNO is not NULL
1032 ask the user to insert the requested card. */
1034 select_openpgp (const char *serialno)
1038 /* Send the serialno command to initialize the connection. Without
1039 a given S/N we don't care about the data returned. If the card
1040 has already been initialized, this is a very fast command. We
1041 request the openpgp card because that is what we expect.
1043 Note that an opt.limit_card_insert_tries of 1 means: No tries at
1044 all whereas 0 means do not limit the number of tries. Due to the
1045 sue of a pinentry prompt with a cancel option we use it here in a
1047 if (!serialno || opt.limit_card_insert_tries == 1)
1048 err = assuan_transact (agent_ctx, "SCD SERIALNO openpgp",
1049 NULL, NULL, NULL, NULL, NULL, NULL);
1052 char *this_sn = NULL;
1058 want_sn = xtrystrdup (serialno);
1060 return gpg_error_from_syserror ();
1061 p = strchr (want_sn, '/');
1068 err = assuan_transact (agent_ctx, "SCD SERIALNO openpgp",
1069 NULL, NULL, NULL, NULL,
1070 get_serialno_cb, &this_sn);
1071 if (gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT)
1073 else if (gpg_err_code (err) == GPG_ERR_NOT_SUPPORTED)
1079 if (strcmp (want_sn, this_sn))
1088 char *formatted = NULL;
1089 char *ocodeset = i18n_switchto_utf8 ();
1091 if (!strncmp (want_sn, "D27600012401", 12)
1092 && strlen (want_sn) == 32 )
1093 formatted = xtryasprintf ("(%.4s) %.8s",
1094 want_sn + 16, want_sn + 20);
1101 ? _("Please insert the card with serial number")
1102 : _("Please remove the current card and "
1103 "insert the one with serial number"),
1104 formatted? formatted : want_sn);
1106 err = gpg_error_from_syserror ();
1108 i18n_switchback (ocodeset);
1110 err = gpg_agent_get_confirmation (desc);
1114 while (ask && !err);
1123 /* Send a READCERT command to the SCdaemon. */
1125 agent_scd_readcert (const char *certidstr,
1126 void **r_buf, size_t *r_buflen)
1129 char line[ASSUAN_LINELENGTH];
1132 struct default_inq_parm_s dfltparm;
1134 memset (&dfltparm, 0, sizeof dfltparm);
1137 rc = start_agent (NULL, 1);
1141 dfltparm.ctx = agent_ctx;
1143 init_membuf (&data, 2048);
1145 snprintf (line, DIM(line), "SCD READCERT %s", certidstr);
1146 rc = assuan_transact (agent_ctx, line,
1147 put_membuf_cb, &data,
1148 default_inq_cb, &dfltparm,
1152 xfree (get_membuf (&data, &len));
1155 *r_buf = get_membuf (&data, r_buflen);
1157 return gpg_error (GPG_ERR_ENOMEM);
1164 /* Change the PIN of an OpenPGP card or reset the retry counter.
1165 CHVNO 1: Change the PIN
1166 2: For v1 cards: Same as 1.
1167 For v2 cards: Reset the PIN using the Reset Code.
1168 3: Change the admin PIN
1169 101: Set a new PIN and reset the retry counter
1170 102: For v1 cars: Same as 101.
1171 For v2 cards: Set a new Reset Code.
1172 SERIALNO is not used.
1175 agent_scd_change_pin (int chvno, const char *serialno)
1178 char line[ASSUAN_LINELENGTH];
1179 const char *reset = "";
1180 struct default_inq_parm_s dfltparm;
1182 memset (&dfltparm, 0, sizeof dfltparm);
1190 rc = start_agent (NULL, 1);
1193 dfltparm.ctx = agent_ctx;
1195 snprintf (line, DIM(line), "SCD PASSWD %s %d", reset, chvno);
1196 rc = assuan_transact (agent_ctx, line,
1198 default_inq_cb, &dfltparm,
1200 status_sc_op_failure (rc);
1205 /* Perform a CHECKPIN operation. SERIALNO should be the serial
1206 number of the card - optionally followed by the fingerprint;
1207 however the fingerprint is ignored here. */
1209 agent_scd_checkpin (const char *serialno)
1212 char line[ASSUAN_LINELENGTH];
1213 struct default_inq_parm_s dfltparm;
1215 memset (&dfltparm, 0, sizeof dfltparm);
1217 rc = start_agent (NULL, 1);
1220 dfltparm.ctx = agent_ctx;
1222 snprintf (line, DIM(line), "SCD CHECKPIN %s", serialno);
1223 rc = assuan_transact (agent_ctx, line,
1225 default_inq_cb, &dfltparm,
1227 status_sc_op_failure (rc);
1232 /* Dummy function, only used by the gpg 1.4 implementation. */
1234 agent_clear_pin_cache (const char *sn)
1242 /* Note: All strings shall be UTF-8. On success the caller needs to
1243 free the string stored at R_PASSPHRASE. On error NULL will be
1244 stored at R_PASSPHRASE and an appropriate fpf error code
1247 agent_get_passphrase (const char *cache_id,
1248 const char *err_msg,
1250 const char *desc_msg,
1253 char **r_passphrase)
1256 char line[ASSUAN_LINELENGTH];
1262 struct default_inq_parm_s dfltparm;
1264 memset (&dfltparm, 0, sizeof dfltparm);
1266 *r_passphrase = NULL;
1268 rc = start_agent (NULL, 0);
1271 dfltparm.ctx = agent_ctx;
1273 /* Check that the gpg-agent understands the repeat option. */
1274 if (assuan_transact (agent_ctx,
1275 "GETINFO cmd_has_option GET_PASSPHRASE repeat",
1276 NULL, NULL, NULL, NULL, NULL, NULL))
1277 return gpg_error (GPG_ERR_NOT_SUPPORTED);
1279 if (cache_id && *cache_id)
1280 if (!(arg1 = percent_plus_escape (cache_id)))
1282 if (err_msg && *err_msg)
1283 if (!(arg2 = percent_plus_escape (err_msg)))
1285 if (prompt && *prompt)
1286 if (!(arg3 = percent_plus_escape (prompt)))
1288 if (desc_msg && *desc_msg)
1289 if (!(arg4 = percent_plus_escape (desc_msg)))
1292 snprintf (line, DIM(line),
1293 "GET_PASSPHRASE --data --repeat=%d%s -- %s %s %s %s",
1295 check? " --check --qualitybar":"",
1305 init_membuf_secure (&data, 64);
1306 rc = assuan_transact (agent_ctx, line,
1307 put_membuf_cb, &data,
1308 default_inq_cb, &dfltparm,
1312 xfree (get_membuf (&data, NULL));
1315 put_membuf (&data, "", 1);
1316 *r_passphrase = get_membuf (&data, NULL);
1318 rc = gpg_error_from_syserror ();
1322 rc = gpg_error_from_syserror ();
1332 agent_clear_passphrase (const char *cache_id)
1335 char line[ASSUAN_LINELENGTH];
1336 struct default_inq_parm_s dfltparm;
1338 memset (&dfltparm, 0, sizeof dfltparm);
1340 if (!cache_id || !*cache_id)
1343 rc = start_agent (NULL, 0);
1346 dfltparm.ctx = agent_ctx;
1348 snprintf (line, DIM(line), "CLEAR_PASSPHRASE %s", cache_id);
1349 return assuan_transact (agent_ctx, line,
1351 default_inq_cb, &dfltparm,
1356 /* Ask the agent to pop up a confirmation dialog with the text DESC
1357 and an okay and cancel button. */
1359 gpg_agent_get_confirmation (const char *desc)
1363 char line[ASSUAN_LINELENGTH];
1364 struct default_inq_parm_s dfltparm;
1366 memset (&dfltparm, 0, sizeof dfltparm);
1368 rc = start_agent (NULL, 0);
1371 dfltparm.ctx = agent_ctx;
1373 tmp = percent_plus_escape (desc);
1375 return gpg_error_from_syserror ();
1376 snprintf (line, DIM(line), "GET_CONFIRMATION %s", tmp);
1379 rc = assuan_transact (agent_ctx, line,
1381 default_inq_cb, &dfltparm,
1387 /* Return the S2K iteration count as computed by gpg-agent. */
1389 agent_get_s2k_count (unsigned long *r_count)
1397 err = start_agent (NULL, 0);
1401 init_membuf (&data, 32);
1402 err = assuan_transact (agent_ctx, "GETINFO s2k_count",
1403 put_membuf_cb, &data,
1404 NULL, NULL, NULL, NULL);
1406 xfree (get_membuf (&data, NULL));
1409 put_membuf (&data, "", 1);
1410 buf = get_membuf (&data, NULL);
1412 err = gpg_error_from_syserror ();
1415 *r_count = strtoul (buf, NULL, 10);
1424 /* Ask the agent whether a secret key for the given public key is
1425 available. Returns 0 if available. */
1427 agent_probe_secret_key (ctrl_t ctrl, PKT_public_key *pk)
1430 char line[ASSUAN_LINELENGTH];
1433 err = start_agent (ctrl, 0);
1437 err = hexkeygrip_from_pk (pk, &hexgrip);
1441 snprintf (line, sizeof line, "HAVEKEY %s", hexgrip);
1444 err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
1448 /* Ask the agent whether a secret key is available for any of the
1449 keys (primary or sub) in KEYBLOCK. Returns 0 if available. */
1451 agent_probe_any_secret_key (ctrl_t ctrl, kbnode_t keyblock)
1454 char line[ASSUAN_LINELENGTH];
1456 kbnode_t kbctx, node;
1458 unsigned char grip[20];
1460 err = start_agent (ctrl, 0);
1464 err = gpg_error (GPG_ERR_NO_SECKEY); /* Just in case no key was
1465 found in KEYBLOCK. */
1466 p = stpcpy (line, "HAVEKEY");
1467 for (kbctx=NULL, nkeys=0; (node = walk_kbnode (keyblock, &kbctx, 0)); )
1468 if (node->pkt->pkttype == PKT_PUBLIC_KEY
1469 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY
1470 || node->pkt->pkttype == PKT_SECRET_KEY
1471 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
1473 if (nkeys && ((p - line) + 41) > (ASSUAN_LINELENGTH - 2))
1475 err = assuan_transact (agent_ctx, line,
1476 NULL, NULL, NULL, NULL, NULL, NULL);
1477 if (err != gpg_err_code (GPG_ERR_NO_SECKEY))
1478 break; /* Seckey available or unexpected error - ready. */
1479 p = stpcpy (line, "HAVEKEY");
1483 err = keygrip_from_pk (node->pkt->pkt.public_key, grip);
1487 bin2hex (grip, 20, p);
1493 err = assuan_transact (agent_ctx, line,
1494 NULL, NULL, NULL, NULL, NULL, NULL);
1501 struct keyinfo_data_parm_s
1509 keyinfo_status_cb (void *opaque, const char *line)
1511 struct keyinfo_data_parm_s *data = opaque;
1515 if ((s = has_leading_keyword (line, "KEYINFO")) && data)
1517 /* Parse the arguments:
1519 * <keygrip> <type> <serialno> <idstr> <cached> <protection>
1523 if (split_fields (s, fields, DIM (fields)) == 6)
1525 is_smartcard = (fields[1][0] == 'T');
1526 if (is_smartcard && !data->serialno && strcmp (fields[2], "-"))
1527 data->serialno = xtrystrdup (fields[2]);
1528 /* 'P' for protected, 'C' for clear */
1529 data->cleartext = (fields[5][0] == 'C');
1536 /* Return the serial number for a secret key. If the returned serial
1537 number is NULL, the key is not stored on a smartcard. Caller needs
1540 if r_cleartext is not NULL, the referenced int will be set to 1 if
1541 the agent's copy of the key is stored in the clear, or 0 otherwise
1544 agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip,
1545 char **r_serialno, int *r_cleartext)
1548 char line[ASSUAN_LINELENGTH];
1549 struct keyinfo_data_parm_s keyinfo;
1551 memset (&keyinfo, 0,sizeof keyinfo);
1555 err = start_agent (ctrl, 0);
1559 if (!hexkeygrip || strlen (hexkeygrip) != 40)
1560 return gpg_error (GPG_ERR_INV_VALUE);
1562 snprintf (line, DIM(line), "KEYINFO %s", hexkeygrip);
1564 err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL,
1565 keyinfo_status_cb, &keyinfo);
1566 if (!err && keyinfo.serialno)
1568 /* Sanity check for bad characters. */
1569 if (strpbrk (keyinfo.serialno, ":\n\r"))
1570 err = GPG_ERR_INV_VALUE;
1573 xfree (keyinfo.serialno);
1576 *r_serialno = keyinfo.serialno;
1578 *r_cleartext = keyinfo.cleartext;
1584 /* Status callback for agent_import_key, agent_export_key and
1587 cache_nonce_status_cb (void *opaque, const char *line)
1589 struct cache_nonce_parm_s *parm = opaque;
1592 if ((s = has_leading_keyword (line, "CACHE_NONCE")))
1594 if (parm->cache_nonce_addr)
1596 xfree (*parm->cache_nonce_addr);
1597 *parm->cache_nonce_addr = xtrystrdup (s);
1600 else if ((s = has_leading_keyword (line, "PASSWD_NONCE")))
1602 if (parm->passwd_nonce_addr)
1604 xfree (*parm->passwd_nonce_addr);
1605 *parm->passwd_nonce_addr = xtrystrdup (s);
1608 else if ((s = has_leading_keyword (line, "PROGRESS")))
1610 if (opt.enable_progress_filter)
1611 write_status_text (STATUS_PROGRESS, s);
1619 /* Handle a KEYPARMS inquiry. Note, we only send the data,
1620 assuan_transact takes care of flushing and writing the end */
1622 inq_genkey_parms (void *opaque, const char *line)
1624 struct genkey_parm_s *parm = opaque;
1627 if (has_leading_keyword (line, "KEYPARAM"))
1629 err = assuan_send_data (parm->dflt->ctx,
1630 parm->keyparms, strlen (parm->keyparms));
1632 else if (has_leading_keyword (line, "NEWPASSWD") && parm->passphrase)
1634 err = assuan_send_data (parm->dflt->ctx,
1635 parm->passphrase, strlen (parm->passphrase));
1638 err = default_inq_cb (parm->dflt, line);
1644 /* Call the agent to generate a new key. KEYPARMS is the usual
1645 S-expression giving the parameters of the key. gpg-agent passes it
1646 gcry_pk_genkey. If NO_PROTECTION is true the agent is advised not
1647 to protect the generated key. If NO_PROTECTION is not set and
1648 PASSPHRASE is not NULL the agent is requested to protect the key
1649 with that passphrase instead of asking for one. */
1651 agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, char **passwd_nonce_addr,
1652 const char *keyparms, int no_protection,
1653 const char *passphrase, gcry_sexp_t *r_pubkey)
1656 struct genkey_parm_s gk_parm;
1657 struct cache_nonce_parm_s cn_parm;
1658 struct default_inq_parm_s dfltparm;
1662 char line[ASSUAN_LINELENGTH];
1664 memset (&dfltparm, 0, sizeof dfltparm);
1665 dfltparm.ctrl = ctrl;
1668 err = start_agent (ctrl, 0);
1671 dfltparm.ctx = agent_ctx;
1673 if (passwd_nonce_addr && *passwd_nonce_addr)
1674 ; /* A RESET would flush the passwd nonce cache. */
1677 err = assuan_transact (agent_ctx, "RESET",
1678 NULL, NULL, NULL, NULL, NULL, NULL);
1683 init_membuf (&data, 1024);
1684 gk_parm.dflt = &dfltparm;
1685 gk_parm.keyparms = keyparms;
1686 gk_parm.passphrase = passphrase;
1687 snprintf (line, sizeof line, "GENKEY%s%s%s%s%s",
1688 no_protection? " --no-protection" :
1689 passphrase ? " --inq-passwd" :
1691 passwd_nonce_addr && *passwd_nonce_addr? " --passwd-nonce=":"",
1692 passwd_nonce_addr && *passwd_nonce_addr? *passwd_nonce_addr:"",
1693 cache_nonce_addr && *cache_nonce_addr? " ":"",
1694 cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"");
1695 cn_parm.cache_nonce_addr = cache_nonce_addr;
1696 cn_parm.passwd_nonce_addr = NULL;
1697 err = assuan_transact (agent_ctx, line,
1698 put_membuf_cb, &data,
1699 inq_genkey_parms, &gk_parm,
1700 cache_nonce_status_cb, &cn_parm);
1703 xfree (get_membuf (&data, &len));
1707 buf = get_membuf (&data, &len);
1709 err = gpg_error_from_syserror ();
1712 err = gcry_sexp_sscan (r_pubkey, NULL, buf, len);
1720 /* Call the agent to read the public key part for a given keygrip. If
1721 FROMCARD is true, the key is directly read from the current
1722 smartcard. In this case HEXKEYGRIP should be the keyID
1723 (e.g. OPENPGP.3). */
1725 agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
1726 unsigned char **r_pubkey)
1732 char line[ASSUAN_LINELENGTH];
1733 struct default_inq_parm_s dfltparm;
1735 memset (&dfltparm, 0, sizeof dfltparm);
1736 dfltparm.ctrl = ctrl;
1739 err = start_agent (ctrl, 0);
1742 dfltparm.ctx = agent_ctx;
1744 err = assuan_transact (agent_ctx, "RESET",NULL, NULL, NULL, NULL, NULL, NULL);
1748 snprintf (line, DIM(line), "READKEY %s%s", fromcard? "--card ":"",
1751 init_membuf (&data, 1024);
1752 err = assuan_transact (agent_ctx, line,
1753 put_membuf_cb, &data,
1754 default_inq_cb, &dfltparm,
1758 xfree (get_membuf (&data, &len));
1761 buf = get_membuf (&data, &len);
1763 return gpg_error_from_syserror ();
1764 if (!gcry_sexp_canon_len (buf, len, NULL, NULL))
1767 return gpg_error (GPG_ERR_INV_SEXP);
1775 /* Call the agent to do a sign operation using the key identified by
1776 the hex string KEYGRIP. DESC is a description of the key to be
1777 displayed if the agent needs to ask for the PIN. DIGEST and
1778 DIGESTLEN is the hash value to sign and DIGESTALGO the algorithm id
1779 used to compute the digest. If CACHE_NONCE is used the agent is
1780 advised to first try a passphrase associated with that nonce. */
1782 agent_pksign (ctrl_t ctrl, const char *cache_nonce,
1783 const char *keygrip, const char *desc,
1784 u32 *keyid, u32 *mainkeyid, int pubkey_algo,
1785 unsigned char *digest, size_t digestlen, int digestalgo,
1786 gcry_sexp_t *r_sigval)
1789 char line[ASSUAN_LINELENGTH];
1791 struct default_inq_parm_s dfltparm;
1793 memset (&dfltparm, 0, sizeof dfltparm);
1794 dfltparm.ctrl = ctrl;
1795 dfltparm.keyinfo.keyid = keyid;
1796 dfltparm.keyinfo.mainkeyid = mainkeyid;
1797 dfltparm.keyinfo.pubkey_algo = pubkey_algo;
1800 err = start_agent (ctrl, 0);
1803 dfltparm.ctx = agent_ctx;
1805 if (digestlen*2 + 50 > DIM(line))
1806 return gpg_error (GPG_ERR_GENERAL);
1808 err = assuan_transact (agent_ctx, "RESET",
1809 NULL, NULL, NULL, NULL, NULL, NULL);
1813 snprintf (line, DIM(line), "SIGKEY %s", keygrip);
1814 err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
1820 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
1821 err = assuan_transact (agent_ctx, line,
1822 NULL, NULL, NULL, NULL, NULL, NULL);
1827 snprintf (line, sizeof line, "SETHASH %d ", digestalgo);
1828 bin2hex (digest, digestlen, line + strlen (line));
1829 err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
1833 init_membuf (&data, 1024);
1835 snprintf (line, sizeof line, "PKSIGN%s%s",
1836 cache_nonce? " -- ":"",
1837 cache_nonce? cache_nonce:"");
1838 err = assuan_transact (agent_ctx, line,
1839 put_membuf_cb, &data,
1840 default_inq_cb, &dfltparm,
1843 xfree (get_membuf (&data, NULL));
1849 buf = get_membuf (&data, &len);
1851 err = gpg_error_from_syserror ();
1854 err = gcry_sexp_sscan (r_sigval, NULL, buf, len);
1863 /* Handle a CIPHERTEXT inquiry. Note, we only send the data,
1864 assuan_transact takes care of flushing and writing the END. */
1866 inq_ciphertext_cb (void *opaque, const char *line)
1868 struct cipher_parm_s *parm = opaque;
1871 if (has_leading_keyword (line, "CIPHERTEXT"))
1873 assuan_begin_confidential (parm->ctx);
1874 rc = assuan_send_data (parm->dflt->ctx,
1875 parm->ciphertext, parm->ciphertextlen);
1876 assuan_end_confidential (parm->ctx);
1879 rc = default_inq_cb (parm->dflt, line);
1885 /* Check whether there is any padding info from the agent. */
1887 padding_info_cb (void *opaque, const char *line)
1889 int *r_padding = opaque;
1892 if ((s=has_leading_keyword (line, "PADDING")))
1894 *r_padding = atoi (s);
1901 /* Call the agent to do a decrypt operation using the key identified
1902 by the hex string KEYGRIP and the input data S_CIPHERTEXT. On the
1903 success the decoded value is stored verbatim at R_BUF and its
1904 length at R_BUF; the callers needs to release it. KEYID, MAINKEYID
1905 and PUBKEY_ALGO are used to construct additional promots or status
1906 messages. The padding information is stored at R_PADDING with -1
1909 agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
1910 u32 *keyid, u32 *mainkeyid, int pubkey_algo,
1911 gcry_sexp_t s_ciphertext,
1912 unsigned char **r_buf, size_t *r_buflen, int *r_padding)
1915 char line[ASSUAN_LINELENGTH];
1918 char *p, *buf, *endp;
1919 struct default_inq_parm_s dfltparm;
1921 memset (&dfltparm, 0, sizeof dfltparm);
1922 dfltparm.ctrl = ctrl;
1923 dfltparm.keyinfo.keyid = keyid;
1924 dfltparm.keyinfo.mainkeyid = mainkeyid;
1925 dfltparm.keyinfo.pubkey_algo = pubkey_algo;
1927 if (!keygrip || strlen(keygrip) != 40
1928 || !s_ciphertext || !r_buf || !r_buflen || !r_padding)
1929 return gpg_error (GPG_ERR_INV_VALUE);
1934 err = start_agent (ctrl, 0);
1937 dfltparm.ctx = agent_ctx;
1939 err = assuan_transact (agent_ctx, "RESET",
1940 NULL, NULL, NULL, NULL, NULL, NULL);
1944 snprintf (line, sizeof line, "SETKEY %s", keygrip);
1945 err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
1951 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
1952 err = assuan_transact (agent_ctx, line,
1953 NULL, NULL, NULL, NULL, NULL, NULL);
1958 init_membuf_secure (&data, 1024);
1960 struct cipher_parm_s parm;
1962 parm.dflt = &dfltparm;
1963 parm.ctx = agent_ctx;
1964 err = make_canon_sexp (s_ciphertext, &parm.ciphertext, &parm.ciphertextlen);
1967 err = assuan_transact (agent_ctx, "PKDECRYPT",
1968 put_membuf_cb, &data,
1969 inq_ciphertext_cb, &parm,
1970 padding_info_cb, r_padding);
1971 xfree (parm.ciphertext);
1975 xfree (get_membuf (&data, &len));
1979 put_membuf (&data, "", 1); /* Make sure it is 0 terminated. */
1980 buf = get_membuf (&data, &len);
1982 return gpg_error_from_syserror ();
1983 log_assert (len); /* (we forced Nul termination.) */
1988 return gpg_error (GPG_ERR_INV_SEXP);
1991 if (len < 13 || memcmp (buf, "(5:value", 8) ) /* "(5:valueN:D)\0" */
1994 return gpg_error (GPG_ERR_INV_SEXP);
1996 len -= 10; /* Count only the data of the second part. */
1997 p = buf + 8; /* Skip leading parenthesis and the value tag. */
1999 n = strtoul (p, &endp, 10);
2000 if (!n || *endp != ':')
2003 return gpg_error (GPG_ERR_INV_SEXP);
2009 return gpg_error (GPG_ERR_INV_SEXP); /* Oops: Inconsistent S-Exp. */
2012 memmove (buf, endp, n);
2021 /* Retrieve a key encryption key from the agent. With FOREXPORT true
2022 the key shall be used for export, with false for import. On success
2023 the new key is stored at R_KEY and its length at R_KEKLEN. */
2025 agent_keywrap_key (ctrl_t ctrl, int forexport, void **r_kek, size_t *r_keklen)
2031 char line[ASSUAN_LINELENGTH];
2032 struct default_inq_parm_s dfltparm;
2034 memset (&dfltparm, 0, sizeof dfltparm);
2035 dfltparm.ctrl = ctrl;
2038 err = start_agent (ctrl, 0);
2041 dfltparm.ctx = agent_ctx;
2043 snprintf (line, DIM(line), "KEYWRAP_KEY %s",
2044 forexport? "--export":"--import");
2046 init_membuf_secure (&data, 64);
2047 err = assuan_transact (agent_ctx, line,
2048 put_membuf_cb, &data,
2049 default_inq_cb, &dfltparm,
2053 xfree (get_membuf (&data, &len));
2056 buf = get_membuf (&data, &len);
2058 return gpg_error_from_syserror ();
2066 /* Handle the inquiry for an IMPORT_KEY command. */
2068 inq_import_key_parms (void *opaque, const char *line)
2070 struct import_key_parm_s *parm = opaque;
2073 if (has_leading_keyword (line, "KEYDATA"))
2075 err = assuan_send_data (parm->dflt->ctx, parm->key, parm->keylen);
2078 err = default_inq_cb (parm->dflt, line);
2084 /* Call the agent to import a key into the agent. */
2086 agent_import_key (ctrl_t ctrl, const char *desc, char **cache_nonce_addr,
2087 const void *key, size_t keylen, int unattended, int force)
2090 struct import_key_parm_s parm;
2091 struct cache_nonce_parm_s cn_parm;
2092 char line[ASSUAN_LINELENGTH];
2093 struct default_inq_parm_s dfltparm;
2095 memset (&dfltparm, 0, sizeof dfltparm);
2096 dfltparm.ctrl = ctrl;
2098 err = start_agent (ctrl, 0);
2101 dfltparm.ctx = agent_ctx;
2105 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
2106 err = assuan_transact (agent_ctx, line,
2107 NULL, NULL, NULL, NULL, NULL, NULL);
2112 parm.dflt = &dfltparm;
2114 parm.keylen = keylen;
2116 snprintf (line, sizeof line, "IMPORT_KEY%s%s%s%s",
2117 unattended? " --unattended":"",
2118 force? " --force":"",
2119 cache_nonce_addr && *cache_nonce_addr? " ":"",
2120 cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"");
2121 cn_parm.cache_nonce_addr = cache_nonce_addr;
2122 cn_parm.passwd_nonce_addr = NULL;
2123 err = assuan_transact (agent_ctx, line,
2125 inq_import_key_parms, &parm,
2126 cache_nonce_status_cb, &cn_parm);
2132 /* Receive a secret key from the agent. HEXKEYGRIP is the hexified
2133 keygrip, DESC a prompt to be displayed with the agent's passphrase
2134 question (needs to be plus+percent escaped). if OPENPGP_PROTECTED
2135 is not zero, ensure that the key material is returned in RFC
2136 4880-compatible passphrased-protected form. If CACHE_NONCE_ADDR is
2137 not NULL the agent is advised to first try a passphrase associated
2138 with that nonce. On success the key is stored as a canonical
2139 S-expression at R_RESULT and R_RESULTLEN. */
2141 agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
2142 int openpgp_protected, char **cache_nonce_addr,
2143 unsigned char **r_result, size_t *r_resultlen)
2146 struct cache_nonce_parm_s cn_parm;
2150 char line[ASSUAN_LINELENGTH];
2151 struct default_inq_parm_s dfltparm;
2153 memset (&dfltparm, 0, sizeof dfltparm);
2154 dfltparm.ctrl = ctrl;
2158 err = start_agent (ctrl, 0);
2161 dfltparm.ctx = agent_ctx;
2165 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
2166 err = assuan_transact (agent_ctx, line,
2167 NULL, NULL, NULL, NULL, NULL, NULL);
2172 snprintf (line, DIM(line), "EXPORT_KEY %s%s%s %s",
2173 openpgp_protected ? "--openpgp ":"",
2174 cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
2175 cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
2178 init_membuf_secure (&data, 1024);
2179 cn_parm.cache_nonce_addr = cache_nonce_addr;
2180 cn_parm.passwd_nonce_addr = NULL;
2181 err = assuan_transact (agent_ctx, line,
2182 put_membuf_cb, &data,
2183 default_inq_cb, &dfltparm,
2184 cache_nonce_status_cb, &cn_parm);
2187 xfree (get_membuf (&data, &len));
2190 buf = get_membuf (&data, &len);
2192 return gpg_error_from_syserror ();
2200 /* Ask the agent to delete the key identified by HEXKEYGRIP. If DESC
2201 is not NULL, display DESC instead of the default description
2202 message. If FORCE is true the agent is advised not to ask for
2205 agent_delete_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
2209 char line[ASSUAN_LINELENGTH];
2210 struct default_inq_parm_s dfltparm;
2212 memset (&dfltparm, 0, sizeof dfltparm);
2213 dfltparm.ctrl = ctrl;
2215 err = start_agent (ctrl, 0);
2219 if (!hexkeygrip || strlen (hexkeygrip) != 40)
2220 return gpg_error (GPG_ERR_INV_VALUE);
2224 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
2225 err = assuan_transact (agent_ctx, line,
2226 NULL, NULL, NULL, NULL, NULL, NULL);
2231 snprintf (line, DIM(line), "DELETE_KEY%s %s",
2232 force? " --force":"", hexkeygrip);
2233 err = assuan_transact (agent_ctx, line, NULL, NULL,
2234 default_inq_cb, &dfltparm,
2241 /* Ask the agent to change the passphrase of the key identified by
2242 * HEXKEYGRIP. If DESC is not NULL, display DESC instead of the
2243 * default description message. If CACHE_NONCE_ADDR is not NULL the
2244 * agent is advised to first try a passphrase associated with that
2245 * nonce. If PASSWD_NONCE_ADDR is not NULL the agent will try to use
2246 * the passphrase associated with that nonce for the new passphrase.
2247 * If VERIFY is true the passphrase is only verified. */
2249 agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, int verify,
2250 char **cache_nonce_addr, char **passwd_nonce_addr)
2253 struct cache_nonce_parm_s cn_parm;
2254 char line[ASSUAN_LINELENGTH];
2255 struct default_inq_parm_s dfltparm;
2257 memset (&dfltparm, 0, sizeof dfltparm);
2258 dfltparm.ctrl = ctrl;
2260 err = start_agent (ctrl, 0);
2263 dfltparm.ctx = agent_ctx;
2265 if (!hexkeygrip || strlen (hexkeygrip) != 40)
2266 return gpg_error (GPG_ERR_INV_VALUE);
2270 snprintf (line, DIM(line), "SETKEYDESC %s", desc);
2271 err = assuan_transact (agent_ctx, line,
2272 NULL, NULL, NULL, NULL, NULL, NULL);
2278 snprintf (line, DIM(line), "PASSWD %s%s --verify %s",
2279 cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
2280 cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
2283 snprintf (line, DIM(line), "PASSWD %s%s %s%s %s",
2284 cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
2285 cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
2286 passwd_nonce_addr && *passwd_nonce_addr? "--passwd-nonce=":"",
2287 passwd_nonce_addr && *passwd_nonce_addr? *passwd_nonce_addr:"",
2289 cn_parm.cache_nonce_addr = cache_nonce_addr;
2290 cn_parm.passwd_nonce_addr = passwd_nonce_addr;
2291 err = assuan_transact (agent_ctx, line, NULL, NULL,
2292 default_inq_cb, &dfltparm,
2293 cache_nonce_status_cb, &cn_parm);
2298 /* Return the version reported by gpg-agent. */
2300 agent_get_version (ctrl_t ctrl, char **r_version)
2304 err = start_agent (ctrl, 0);
2308 err = get_assuan_server_version (agent_ctx, 0, r_version);