security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity
gnupg/g10/call-agent.c

2300 lines
60 KiB
C
Raw Normal View History

Poems for AllowSetForegroundWindow (W32)
2008-02-14 20:50:10 +01:00
/* call-agent.c - Divert GPG operations to the agent.
gpg: Re-enable the "Passphrase" parameter for batch key generation. * agent/command.c (cmd_genkey): Add option --inq-passwd. * agent/genkey.c (agent_genkey): Add new arg override_passphrase. * g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword. (agent_genkey): Add arg optional arg "passphrase". * g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc) (gen_rsa, do_create): Add arg "passphrase" and pass it through. (do_generate_keypair): Make use of pPASSPHRASE. (release_parameter_list): Wipe out a passphrase parameter. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-21 11:31:20 +01:00
* Copyright (C) 2001-2003, 2006-2011, 2013 Free Software Foundation, Inc.
* Copyright (C) 2013-2015 Werner Koch
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
Changed to GPLv3. Removed intl/.
2007-07-04 21:49:40 +02:00
* the Free Software Foundation; either version 3 of the License, or
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
Change all http://www.gnu.org in license notices to https:// --
2016-11-05 12:02:19 +01:00
* along with this program; if not, see <https://www.gnu.org/licenses/>.
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
#include <unistd.h>
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
#include <time.h>
#ifdef HAVE_LOCALE_H
#include <locale.h>
#endif
#include "gpg.h"
2009-09-23 Marcus Brinkmann <marcus@g10code.de> * configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION): Update to new API (2, 1.1.0). agent/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpg-agent.c (parse_rereadable_options): Don't set global assuan log file (there ain't one anymore). (main): Update to new API. (check_own_socket_pid_cb): Return gpg_error_t instead of int. (check_own_socket_thread, check_for_running_agent): Create assuan context before connecting to server. * command.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (write_and_clear_outbuf): Use gpg_error_t instead of assuan_error_t. (cmd_geteventcounter, cmd_istrusted, cmd_listtrusted) (cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc) (cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey) (cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase) (cmd_get_confirmation, cmd_learn, cmd_passwd) (cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval) (cmd_updatestartuptty, cmd_killagent, cmd_reloadagent) (cmd_getinfo, option_handler): Return gpg_error_t instead of int. (post_cmd_notify): Change type of ERR to gpg_error_t from int. (io_monitor): Add hook argument. Use symbols for constants. (register_commands): Change return type of HANDLER to gpg_error_t. (start_command_handler): Allocate assuan context before starting server. * call-pinentry.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (unlock_pinentry): Call assuan_release instead of assuan_disconnect. (getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int. (start_pinentry): Allocate assuan context before connecting to server. * call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb) (membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru) (pass_data_thru): Change return type to gpg_error_t. (start_scd): Allocate assuan context before connecting to server. common/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * asshelp.c (start_new_gpg_agent): Allocate assuan context before starting server. g10/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * call-agent.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb) (learn_status_cb, inq_writecert_parms, inq_writekey_parms) (scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of int. * gpg.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (main): Update to new Assuan API. * server.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) (cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys) (cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t instead of int. (register_commands): Allocate assuan context before starting server. (gpg_server): Allocate assuan_context before starting server. scd/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * command.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert) (cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt) (cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey) (cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock) (cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu) (cmd_killscd): Return gpg_error_t instead of int. (scd_command_handler): Allocate assuan context before starting server. * scdaemon.c (main): Update to new Assuan API. sm/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpgsm.c (main): Update to new assuan API. * server.c: Include "gpgsm.h" before <assuan.h> due to check for GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h. (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) (cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys) (cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey) (cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int. (register_commands): Same for member HANDLER in table. (gpgsm_server): Allocate assuan context before starting server. * sm/call-dirmngr.c: * call-dirmngr.c (prepare_dirmngr): Check for CTX and error before setting LDAPSERVER. (start_dirmngr_ext): Allocate assuan context before starting server. (inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb) (run_command_cb, run_command_inq_cb, run_command_status_cb): Return gpg_error_t instead of int. tools/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response) (main): Update to new Assuan API.
2009-09-23 02:01:25 +02:00
#include <assuan.h>
Remove -I option to common. * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 12:21:23 +01:00
#include "../common/util.h"
#include "../common/membuf.h"
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
#include "options.h"
Remove -I option to common. * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 12:21:23 +01:00
#include "../common/i18n.h"
#include "../common/asshelp.h"
#include "../common/sysutils.h"
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
#include "call-agent.h"
Remove -I option to common. * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 12:21:23 +01:00
#include "../common/status.h"
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
#include "../common/shareddefs.h"
Remove -I option to common. * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 12:21:23 +01:00
#include "../common/host2net.h"
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
#define CONTROL_D ('D' - 'A' + 1)
With --enable-gpg the keyservers are now build and a first test using gpg2 shows no prblems. Needs more testing of course.
2006-08-16 12:47:53 +02:00
static assuan_context_t agent_ctx = NULL;
Emit CARDCTRL status lines.
2009-07-22 18:08:58 +02:00
static int did_early_card_test;
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct default_inq_parm_s
With --enable-gpg the keyservers are now build and a first test using gpg2 shows no prblems. Needs more testing of course.
2006-08-16 12:47:53 +02:00
{
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
ctrl_t ctrl;
With --enable-gpg the keyservers are now build and a first test using gpg2 shows no prblems. Needs more testing of course.
2006-08-16 12:47:53 +02:00
assuan_context_t ctx;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct {
u32 *keyid;
u32 *mainkeyid;
int pubkey_algo;
} keyinfo;
};
struct cipher_parm_s
{
struct default_inq_parm_s *dflt;
assuan_context_t ctx;
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
unsigned char *ciphertext;
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
size_t ciphertextlen;
};
Support the Certifciate DO of the v2 OpenPGP cards.
2008-09-23 11:57:45 +02:00
struct writecert_parm_s
{
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct default_inq_parm_s *dflt;
Support the Certifciate DO of the v2 OpenPGP cards.
2008-09-23 11:57:45 +02:00
const unsigned char *certdata;
size_t certdatalen;
};
With --enable-gpg the keyservers are now build and a first test using gpg2 shows no prblems. Needs more testing of course.
2006-08-16 12:47:53 +02:00
struct writekey_parm_s
{
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct default_inq_parm_s *dflt;
With --enable-gpg the keyservers are now build and a first test using gpg2 shows no prblems. Needs more testing of course.
2006-08-16 12:47:53 +02:00
const unsigned char *keydata;
size_t keydatalen;
};
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
struct genkey_parm_s
With --enable-gpg the keyservers are now build and a first test using gpg2 shows no prblems. Needs more testing of course.
2006-08-16 12:47:53 +02:00
{
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct default_inq_parm_s *dflt;
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
const char *keyparms;
gpg: Re-enable the "Passphrase" parameter for batch key generation. * agent/command.c (cmd_genkey): Add option --inq-passwd. * agent/genkey.c (agent_genkey): Add new arg override_passphrase. * g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword. (agent_genkey): Add arg optional arg "passphrase". * g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc) (gen_rsa, do_create): Add arg "passphrase" and pass it through. (do_generate_keypair): Make use of pPASSPHRASE. (release_parameter_list): Wipe out a passphrase parameter. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-21 11:31:20 +01:00
const char *passphrase;
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
};
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
struct import_key_parm_s
{
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct default_inq_parm_s *dflt;
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
const void *key;
size_t keylen;
};
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
struct cache_nonce_parm_s
{
char **cache_nonce_addr;
char **passwd_nonce_addr;
};
2009-09-23 Marcus Brinkmann <marcus@g10code.de> * configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION): Update to new API (2, 1.1.0). agent/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpg-agent.c (parse_rereadable_options): Don't set global assuan log file (there ain't one anymore). (main): Update to new API. (check_own_socket_pid_cb): Return gpg_error_t instead of int. (check_own_socket_thread, check_for_running_agent): Create assuan context before connecting to server. * command.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (write_and_clear_outbuf): Use gpg_error_t instead of assuan_error_t. (cmd_geteventcounter, cmd_istrusted, cmd_listtrusted) (cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc) (cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey) (cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase) (cmd_get_confirmation, cmd_learn, cmd_passwd) (cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval) (cmd_updatestartuptty, cmd_killagent, cmd_reloadagent) (cmd_getinfo, option_handler): Return gpg_error_t instead of int. (post_cmd_notify): Change type of ERR to gpg_error_t from int. (io_monitor): Add hook argument. Use symbols for constants. (register_commands): Change return type of HANDLER to gpg_error_t. (start_command_handler): Allocate assuan context before starting server. * call-pinentry.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (unlock_pinentry): Call assuan_release instead of assuan_disconnect. (getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int. (start_pinentry): Allocate assuan context before connecting to server. * call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb) (membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru) (pass_data_thru): Change return type to gpg_error_t. (start_scd): Allocate assuan context before connecting to server. common/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * asshelp.c (start_new_gpg_agent): Allocate assuan context before starting server. g10/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * call-agent.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb) (learn_status_cb, inq_writecert_parms, inq_writekey_parms) (scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of int. * gpg.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (main): Update to new Assuan API. * server.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) (cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys) (cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t instead of int. (register_commands): Allocate assuan context before starting server. (gpg_server): Allocate assuan_context before starting server. scd/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * command.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert) (cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt) (cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey) (cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock) (cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu) (cmd_killscd): Return gpg_error_t instead of int. (scd_command_handler): Allocate assuan context before starting server. * scdaemon.c (main): Update to new Assuan API. sm/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpgsm.c (main): Update to new assuan API. * server.c: Include "gpgsm.h" before <assuan.h> due to check for GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h. (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) (cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys) (cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey) (cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int. (register_commands): Same for member HANDLER in table. (gpgsm_server): Allocate assuan context before starting server. * sm/call-dirmngr.c: * call-dirmngr.c (prepare_dirmngr): Check for CTX and error before setting LDAPSERVER. (start_dirmngr_ext): Allocate assuan context before starting server. (inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb) (run_command_cb, run_command_inq_cb, run_command_status_cb): Return gpg_error_t instead of int. tools/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response) (main): Update to new Assuan API.
2009-09-23 02:01:25 +02:00
static gpg_error_t learn_status_cb (void *opaque, const char *line);
Emit CARDCTRL status lines.
2009-07-22 18:08:58 +02:00
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
Emit CARDCTRL status lines.
2009-07-22 18:08:58 +02:00
/* If RC is not 0, write an appropriate status message. */
static void
status_sc_op_failure (int rc)
{
switch (gpg_err_code (rc))
{
case 0:
break;
case GPG_ERR_CANCELED:
More agent support for gpg.
2010-10-13 17:57:08 +02:00
case GPG_ERR_FULLY_CANCELED:
Emit CARDCTRL status lines.
2009-07-22 18:08:58 +02:00
write_status_text (STATUS_SC_OP_FAILURE, "1");
break;
case GPG_ERR_BAD_PIN:
write_status_text (STATUS_SC_OP_FAILURE, "2");
break;
default:
write_status (STATUS_SC_OP_FAILURE);
break;
}
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
}
Emit CARDCTRL status lines.
2009-07-22 18:08:58 +02:00
gpg: Print a warning if GKR has hijacked gpg-agent. * g10/call-agent.c (check_hijacking): New. (start_agent): Call it. (membuf_data_cb, default_inq_cb): Move more to the top. -- Note that GUIs may use the gpg status line [GNUPG:] ERROR check_hijacking 33554509 to detect this and print an appropriate warning.
2014-04-15 16:40:48 +02:00
/* This is the default inquiry callback. It mainly handles the
Pinentry notifications. */
static gpg_error_t
default_inq_cb (void *opaque, const char *line)
{
gpg_error_t err = 0;
struct default_inq_parm_s *parm = opaque;
if (has_leading_keyword (line, "PINENTRY_LAUNCHED"))
{
err = gpg_proxy_pinentry_notify (parm->ctrl, line);
if (err)
log_error (_("failed to proxy %s inquiry to client\n"),
"PINENTRY_LAUNCHED");
/* We do not pass errors to avoid breaking other code. */
}
else if ((has_leading_keyword (line, "PASSPHRASE")
|| has_leading_keyword (line, "NEW_PASSPHRASE"))
&& opt.pinentry_mode == PINENTRY_MODE_LOOPBACK)
{
if (have_static_passphrase ())
{
const char *s = get_static_passphrase ();
err = assuan_send_data (parm->ctx, s, strlen (s));
}
else
{
char *pw;
Inform a user about inquire length limit. * common/status.h (INQUIRE_MAXLEN): New. * g10/call-agent.c (default_inquire_cb): Send STATUS_INQUIRE_MAXLEN. client when inquiring a passphrase over pinentry-loopback. -- This is to inform a user about the maximum length of a passphrase. The limit is the same that gpg-agent uses.
2015-04-17 03:00:30 +02:00
char buf[32];
gpg: Print a warning if GKR has hijacked gpg-agent. * g10/call-agent.c (check_hijacking): New. (start_agent): Call it. (membuf_data_cb, default_inq_cb): Move more to the top. -- Note that GUIs may use the gpg status line [GNUPG:] ERROR check_hijacking 33554509 to detect this and print an appropriate warning.
2014-04-15 16:40:48 +02:00
if (parm->keyinfo.keyid)
gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:03:52 +02:00
emit_status_need_passphrase (parm->ctrl,
parm->keyinfo.keyid,
gpg: Print a warning if GKR has hijacked gpg-agent. * g10/call-agent.c (check_hijacking): New. (start_agent): Call it. (membuf_data_cb, default_inq_cb): Move more to the top. -- Note that GUIs may use the gpg status line [GNUPG:] ERROR check_hijacking 33554509 to detect this and print an appropriate warning.
2014-04-15 16:40:48 +02:00
parm->keyinfo.mainkeyid,
parm->keyinfo.pubkey_algo);
Inform a user about inquire length limit. * common/status.h (INQUIRE_MAXLEN): New. * g10/call-agent.c (default_inquire_cb): Send STATUS_INQUIRE_MAXLEN. client when inquiring a passphrase over pinentry-loopback. -- This is to inform a user about the maximum length of a passphrase. The limit is the same that gpg-agent uses.
2015-04-17 03:00:30 +02:00
snprintf (buf, sizeof (buf), "%u", 100);
write_status_text (STATUS_INQUIRE_MAXLEN, buf);
gpg: Print a warning if GKR has hijacked gpg-agent. * g10/call-agent.c (check_hijacking): New. (start_agent): Call it. (membuf_data_cb, default_inq_cb): Move more to the top. -- Note that GUIs may use the gpg status line [GNUPG:] ERROR check_hijacking 33554509 to detect this and print an appropriate warning.
2014-04-15 16:40:48 +02:00
pw = cpr_get_hidden ("passphrase.enter", _("Enter passphrase: "));
cpr_kill_prompt ();
if (*pw == CONTROL_D && !pw[1])
err = gpg_error (GPG_ERR_CANCELED);
else
err = assuan_send_data (parm->ctx, pw, strlen (pw));
xfree (pw);
}
}
else
log_debug ("ignoring gpg-agent inquiry '%s'\n", line);
return err;
}
Print warnings if old daemon versions are used. * common/status.h (STATUS_WARNING): New. * g10/call-agent.c (warn_version_mismatch): New. (start_agent): Call warn function. * g10/call-dirmngr.c: Include status.h. (warn_version_mismatch): New. (create_context): Call warn function. * sm/call-agent.c (warn_version_mismatch): New. (start_agent): Call warn function. (gpgsm_agent_learn): Call warn function. * sm/call-dirmngr.c (warn_version_mismatch): New. (prepare_dirmngr): Call warn function. -- We have seen too often bug reports which are due to still running old versions of the daemons. To catch this problematic use we now print warning messages and also provide the warning via the status interface. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 10:33:19 +01:00
/* Print a warning if the server's version number is less than our
version number. Returns an error code on a connection problem. */
static gpg_error_t
warn_version_mismatch (assuan_context_t ctx, const char *servername, int mode)
{
gpg_error_t err;
char *serverversion;
const char *myversion = strusage (13);
err = get_assuan_server_version (ctx, mode, &serverversion);
if (err)
log_error (_("error getting version from '%s': %s\n"),
servername, gpg_strerror (err));
common: Improve compare_string_versions. * common/stringhelp.c: Include limits.h. (compare_version_strings): Change semantics to behave like strcmp. Include the patch lebel in the comparison. Allow checking a single version string. * common/t-stringhelp.c (test_compare_version_strings): Adjust test vectors and a few new vectors. * g10/call-agent.c (warn_version_mismatch): Adjust to new sematics. * g10/call-dirmngr.c (warn_version_mismatch): Ditto. * sm/call-agent.c (warn_version_mismatch): Ditto. * sm/call-dirmngr.c (warn_version_mismatch): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-02 16:24:58 +01:00
else if (compare_version_strings (serverversion, myversion) < 0)
Print warnings if old daemon versions are used. * common/status.h (STATUS_WARNING): New. * g10/call-agent.c (warn_version_mismatch): New. (start_agent): Call warn function. * g10/call-dirmngr.c: Include status.h. (warn_version_mismatch): New. (create_context): Call warn function. * sm/call-agent.c (warn_version_mismatch): New. (start_agent): Call warn function. (gpgsm_agent_learn): Call warn function. * sm/call-dirmngr.c (warn_version_mismatch): New. (prepare_dirmngr): Call warn function. -- We have seen too often bug reports which are due to still running old versions of the daemons. To catch this problematic use we now print warning messages and also provide the warning via the status interface. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 10:33:19 +01:00
{
char *warn;
warn = xtryasprintf (_("server '%s' is older than us (%s < %s)"),
servername, serverversion, myversion);
if (!warn)
err = gpg_error_from_syserror ();
else
{
log_info (_("WARNING: %s\n"), warn);
write_status_strings (STATUS_WARNING, "server_version_mismatch 0",
" ", warn, NULL);
xfree (warn);
}
}
xfree (serverversion);
return err;
}
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
/* Try to connect to the agent via socket or fork it off and work by
pipes. Handle the server's initial greeting */
static int
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
start_agent (ctrl_t ctrl, int for_card)
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
{
Poems for AllowSetForegroundWindow (W32)
2008-02-14 20:50:10 +01:00
int rc;
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
(void)ctrl; /* Not yet used. */
Emit CARDCTRL status lines.
2009-07-22 18:08:58 +02:00
/* Fixme: We need a context for each thread or serialize the access
to the agent. */
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
if (agent_ctx)
Emit CARDCTRL status lines.
2009-07-22 18:08:58 +02:00
rc = 0;
else
Poems for AllowSetForegroundWindow (W32)
2008-02-14 20:50:10 +01:00
{
Emit CARDCTRL status lines.
2009-07-22 18:08:58 +02:00
rc = start_new_gpg_agent (&agent_ctx,
GPG_ERR_SOURCE_DEFAULT,
opt.agent_program,
opt.lc_ctype, opt.lc_messages,
opt.session_env,
Rename DBG_ASSUAN to DBG_IPC and add separate DBG_EXTPROG. * g10/options.h (DBG_EXTPROG_VALUE): Separate from DBG_IPC_VALUE.
2015-04-06 13:42:17 +02:00
opt.autostart, opt.verbose, DBG_IPC,
Emit CARDCTRL status lines.
2009-07-22 18:08:58 +02:00
NULL, NULL);
Add option --no-autostart. * g10/gpg.c: Add option --no-autostart. * sm/gpgsm.c: Ditto. * g10/options.h (opt): Add field autostart. * sm/gpgsm.h (opt): Ditto. * g10/call-agent.c (start_agent): Print note if agent was not autostarted. * sm/call-agent.c (start_agent): Ditto. * g10/call-dirmngr.c (create_context): Likewise. * sm/call-dirmngr.c (start_dirmngr_ext): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-28 09:44:19 +01:00
if (!opt.autostart && gpg_err_code (rc) == GPG_ERR_NO_AGENT)
{
static int shown;
if (!shown)
{
shown = 1;
log_info (_("no gpg-agent running in this session\n"));
}
}
Print warnings if old daemon versions are used. * common/status.h (STATUS_WARNING): New. * g10/call-agent.c (warn_version_mismatch): New. (start_agent): Call warn function. * g10/call-dirmngr.c: Include status.h. (warn_version_mismatch): New. (create_context): Call warn function. * sm/call-agent.c (warn_version_mismatch): New. (start_agent): Call warn function. (gpgsm_agent_learn): Call warn function. * sm/call-dirmngr.c (warn_version_mismatch): New. (prepare_dirmngr): Call warn function. -- We have seen too often bug reports which are due to still running old versions of the daemons. To catch this problematic use we now print warning messages and also provide the warning via the status interface. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 10:33:19 +01:00
else if (!rc
&& !(rc = warn_version_mismatch (agent_ctx, GPG_AGENT_NAME, 0)))
Emit CARDCTRL status lines.
2009-07-22 18:08:58 +02:00
{
/* Tell the agent that we support Pinentry notifications.
No error checking so that it will work also with older
agents. */
assuan_transact (agent_ctx, "OPTION allow-pinentry-notify",
NULL, NULL, NULL, NULL, NULL, NULL);
More agent support for gpg.
2010-10-13 17:57:08 +02:00
/* Tell the agent about what version we are aware. This is
here used to indirectly enable GPG_ERR_FULLY_CANCELED. */
assuan_transact (agent_ctx, "OPTION agent-awareness=2.1.0",
NULL, NULL, NULL, NULL, NULL, NULL);
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
/* Pass on the pinentry mode. */
if (opt.pinentry_mode)
{
char *tmp = xasprintf ("OPTION pinentry-mode=%s",
str_pinentry_mode (opt.pinentry_mode));
rc = assuan_transact (agent_ctx, tmp,
NULL, NULL, NULL, NULL, NULL, NULL);
xfree (tmp);
if (rc)
gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 09:03:31 +02:00
{
log_error ("setting pinentry mode '%s' failed: %s\n",
str_pinentry_mode (opt.pinentry_mode),
gpg_strerror (rc));
write_status_error ("set_pinentry_mode", rc);
}
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
}
Emit CARDCTRL status lines.
2009-07-22 18:08:58 +02:00
}
Poems for AllowSetForegroundWindow (W32)
2008-02-14 20:50:10 +01:00
}
Emit CARDCTRL status lines.
2009-07-22 18:08:58 +02:00
if (!rc && for_card && !did_early_card_test)
{
/* Request the serial number of the card for an early test. */
struct agent_card_info_s info;
memset (&info, 0, sizeof info);
Print warnings if old daemon versions are used. * common/status.h (STATUS_WARNING): New. * g10/call-agent.c (warn_version_mismatch): New. (start_agent): Call warn function. * g10/call-dirmngr.c: Include status.h. (warn_version_mismatch): New. (create_context): Call warn function. * sm/call-agent.c (warn_version_mismatch): New. (start_agent): Call warn function. (gpgsm_agent_learn): Call warn function. * sm/call-dirmngr.c (warn_version_mismatch): New. (prepare_dirmngr): Call warn function. -- We have seen too often bug reports which are due to still running old versions of the daemons. To catch this problematic use we now print warning messages and also provide the warning via the status interface. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 10:33:19 +01:00
rc = warn_version_mismatch (agent_ctx, SCDAEMON_NAME, 2);
if (!rc)
rc = assuan_transact (agent_ctx, "SCD SERIALNO openpgp",
NULL, NULL, NULL, NULL,
learn_status_cb, &info);
Emit CARDCTRL status lines.
2009-07-22 18:08:58 +02:00
if (rc)
{
switch (gpg_err_code (rc))
{
case GPG_ERR_NOT_SUPPORTED:
case GPG_ERR_NO_SCDAEMON:
write_status_text (STATUS_CARDCTRL, "6");
break;
gpg: Add sub-command "factory-reset" to --card-edit. * common/util.h (GPG_ERR_OBJ_TERM_STATE): New. * scd/iso7816.c (map_sw): Add this error code. * scd/app-openpgp.c (do_getattr): Return the life cycle indicator. * scd/app.c (select_application): Allow a return value of GPG_ERR_OBJ_TERM_STATE. * scd/scdaemon.c (set_debug): Print the DBG_READER value. * g10/call-agent.c (start_agent): Print a status line for the termination state. (agent_scd_learn): Make arg "info" optional. (agent_scd_apdu): New. * g10/card-util.c (send_apdu): New. (factory_reset): New. (card_edit): Add command factory-reset. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-15 17:38:40 +01:00
case GPG_ERR_OBJ_TERM_STATE:
write_status_text (STATUS_CARDCTRL, "7");
break;
Emit CARDCTRL status lines.
2009-07-22 18:08:58 +02:00
default:
write_status_text (STATUS_CARDCTRL, "4");
log_info ("selecting openpgp failed: %s\n", gpg_strerror (rc));
break;
}
}
if (!rc && is_status_enabled () && info.serialno)
{
char *buf;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Emit CARDCTRL status lines.
2009-07-22 18:08:58 +02:00
buf = xasprintf ("3 %s", info.serialno);
write_status_text (STATUS_CARDCTRL, buf);
xfree (buf);
}
agent_release_card_info (&info);
if (!rc)
did_early_card_test = 1;
}
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Poems for AllowSetForegroundWindow (W32)
2008-02-14 20:50:10 +01:00
return rc;
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
}
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
/* Return a new malloced string by unescaping the string S. Escaping
is percent escaping and '+'/space mapping. A binary nul will
silently be replaced by a 0xFF. Function returns NULL to indicate
an out of memory status. */
static char *
unescape_status_string (const unsigned char *s)
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
{
Import/export of pkcs#12 now uses the gpg-agent directly. Removed duplicated code (percent unescaping).
2009-04-01 12:51:53 +02:00
return percent_plus_unescape (s, 0xff);
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
}
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
Clean up word replication. -- This fixes extra word repetitions (like "the the" or "is is") in the code and docs. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-20 22:19:50 +01:00
/* Take a 20 byte hexencoded string and put it into the provided
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
20 byte buffer FPR in binary format. */
static int
unhexify_fpr (const char *hexstr, unsigned char *fpr)
{
const char *s;
int n;
for (s=hexstr, n=0; hexdigitp (s); s++, n++)
;
if (*s || (n != 40))
return 0; /* no fingerprint (invalid or wrong length). */
for (s=hexstr, n=0; *s; s += 2, n++)
fpr[n] = xtoi_2 (s);
return 1; /* okay */
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
}
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
* app-openpgp.c (store_fpr): Fixed fingerprint calculation. * keygen.c (gen_card_key): Obviously we should use the creation date received from SCDAEMON, so that the fingerprints will match. * sign.c (do_sign): Pass the serialno to the sign code. * keyid.c (serialno_and_fpr_from_sk): New.
2003-07-01 10:34:45 +02:00
/* Take the serial number from LINE and return it verbatim in a newly
allocated string. We make sure that only hex characters are
returned. */
static char *
store_serialno (const char *line)
{
const char *s;
char *p;
for (s=line; hexdigitp (s); s++)
;
p = xtrymalloc (s + 1 - line);
if (p)
{
memcpy (p, line, s-line);
p[s-line] = 0;
}
return p;
}
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
Add a sample key. Detect and show the card type.
2009-01-13 15:01:56 +01:00
/* This is a dummy data line callback. */
2009-09-23 Marcus Brinkmann <marcus@g10code.de> * configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION): Update to new API (2, 1.1.0). agent/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpg-agent.c (parse_rereadable_options): Don't set global assuan log file (there ain't one anymore). (main): Update to new API. (check_own_socket_pid_cb): Return gpg_error_t instead of int. (check_own_socket_thread, check_for_running_agent): Create assuan context before connecting to server. * command.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (write_and_clear_outbuf): Use gpg_error_t instead of assuan_error_t. (cmd_geteventcounter, cmd_istrusted, cmd_listtrusted) (cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc) (cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey) (cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase) (cmd_get_confirmation, cmd_learn, cmd_passwd) (cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval) (cmd_updatestartuptty, cmd_killagent, cmd_reloadagent) (cmd_getinfo, option_handler): Return gpg_error_t instead of int. (post_cmd_notify): Change type of ERR to gpg_error_t from int. (io_monitor): Add hook argument. Use symbols for constants. (register_commands): Change return type of HANDLER to gpg_error_t. (start_command_handler): Allocate assuan context before starting server. * call-pinentry.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (unlock_pinentry): Call assuan_release instead of assuan_disconnect. (getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int. (start_pinentry): Allocate assuan context before connecting to server. * call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb) (membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru) (pass_data_thru): Change return type to gpg_error_t. (start_scd): Allocate assuan context before connecting to server. common/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * asshelp.c (start_new_gpg_agent): Allocate assuan context before starting server. g10/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * call-agent.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb) (learn_status_cb, inq_writecert_parms, inq_writekey_parms) (scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of int. * gpg.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (main): Update to new Assuan API. * server.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) (cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys) (cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t instead of int. (register_commands): Allocate assuan context before starting server. (gpg_server): Allocate assuan_context before starting server. scd/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * command.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert) (cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt) (cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey) (cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock) (cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu) (cmd_killscd): Return gpg_error_t instead of int. (scd_command_handler): Allocate assuan context before starting server. * scdaemon.c (main): Update to new Assuan API. sm/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpgsm.c (main): Update to new assuan API. * server.c: Include "gpgsm.h" before <assuan.h> due to check for GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h. (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) (cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys) (cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey) (cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int. (register_commands): Same for member HANDLER in table. (gpgsm_server): Allocate assuan context before starting server. * sm/call-dirmngr.c: * call-dirmngr.c (prepare_dirmngr): Check for CTX and error before setting LDAPSERVER. (start_dirmngr_ext): Allocate assuan context before starting server. (inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb) (run_command_cb, run_command_inq_cb, run_command_status_cb): Return gpg_error_t instead of int. tools/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response) (main): Update to new Assuan API.
2009-09-23 02:01:25 +02:00
static gpg_error_t
Add a sample key. Detect and show the card type.
2009-01-13 15:01:56 +01:00
dummy_data_cb (void *opaque, const void *buffer, size_t length)
{
(void)opaque;
(void)buffer;
(void)length;
return 0;
}
Ask to insert the right OpenPGP card.
2009-08-11 12:56:44 +02:00
/* A simple callback used to return the serialnumber of a card. */
2009-09-23 Marcus Brinkmann <marcus@g10code.de> * configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION): Update to new API (2, 1.1.0). agent/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpg-agent.c (parse_rereadable_options): Don't set global assuan log file (there ain't one anymore). (main): Update to new API. (check_own_socket_pid_cb): Return gpg_error_t instead of int. (check_own_socket_thread, check_for_running_agent): Create assuan context before connecting to server. * command.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (write_and_clear_outbuf): Use gpg_error_t instead of assuan_error_t. (cmd_geteventcounter, cmd_istrusted, cmd_listtrusted) (cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc) (cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey) (cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase) (cmd_get_confirmation, cmd_learn, cmd_passwd) (cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval) (cmd_updatestartuptty, cmd_killagent, cmd_reloadagent) (cmd_getinfo, option_handler): Return gpg_error_t instead of int. (post_cmd_notify): Change type of ERR to gpg_error_t from int. (io_monitor): Add hook argument. Use symbols for constants. (register_commands): Change return type of HANDLER to gpg_error_t. (start_command_handler): Allocate assuan context before starting server. * call-pinentry.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (unlock_pinentry): Call assuan_release instead of assuan_disconnect. (getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int. (start_pinentry): Allocate assuan context before connecting to server. * call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb) (membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru) (pass_data_thru): Change return type to gpg_error_t. (start_scd): Allocate assuan context before connecting to server. common/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * asshelp.c (start_new_gpg_agent): Allocate assuan context before starting server. g10/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * call-agent.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb) (learn_status_cb, inq_writecert_parms, inq_writekey_parms) (scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of int. * gpg.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (main): Update to new Assuan API. * server.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) (cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys) (cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t instead of int. (register_commands): Allocate assuan context before starting server. (gpg_server): Allocate assuan_context before starting server. scd/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * command.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert) (cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt) (cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey) (cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock) (cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu) (cmd_killscd): Return gpg_error_t instead of int. (scd_command_handler): Allocate assuan context before starting server. * scdaemon.c (main): Update to new Assuan API. sm/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpgsm.c (main): Update to new assuan API. * server.c: Include "gpgsm.h" before <assuan.h> due to check for GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h. (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) (cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys) (cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey) (cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int. (register_commands): Same for member HANDLER in table. (gpgsm_server): Allocate assuan context before starting server. * sm/call-dirmngr.c: * call-dirmngr.c (prepare_dirmngr): Check for CTX and error before setting LDAPSERVER. (start_dirmngr_ext): Allocate assuan context before starting server. (inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb) (run_command_cb, run_command_inq_cb, run_command_status_cb): Return gpg_error_t instead of int. tools/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response) (main): Update to new Assuan API.
2009-09-23 02:01:25 +02:00
static gpg_error_t
Ask to insert the right OpenPGP card.
2009-08-11 12:56:44 +02:00
get_serialno_cb (void *opaque, const char *line)
{
char **serialno = opaque;
const char *keyword = line;
const char *s;
int keywordlen, n;
for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
;
while (spacep (line))
line++;
if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
{
if (*serialno)
return gpg_error (GPG_ERR_CONFLICT); /* Unexpected status line. */
for (n=0,s=line; hexdigitp (s); s++, n++)
;
if (!n || (n&1)|| !(spacep (s) || !*s) )
return gpg_error (GPG_ERR_ASS_PARAMETER);
*serialno = xtrymalloc (n+1);
if (!*serialno)
return out_of_core ();
memcpy (*serialno, line, n);
(*serialno)[n] = 0;
}
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Ask to insert the right OpenPGP card.
2009-08-11 12:56:44 +02:00
return 0;
}
Add a sample key. Detect and show the card type.
2009-01-13 15:01:56 +01:00
Poems for AllowSetForegroundWindow (W32)
2008-02-14 20:50:10 +01:00
* keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards. (do_generate_keypair): Abd generate the authkey. (check_smartcard): Changed menu accordingly.
2003-07-23 09:11:06 +02:00
/* Release the card info structure INFO. */
void
agent_release_card_info (struct agent_card_info_s *info)
{
gpg: Show private DO information in the card status. * g10/call-agent.c (agent_release_card_info): Free private_do. (learn_status_cb): Parse PRIVATE-DO-n stati. -- Reported-by: Damien Goutte-Gattat <dgouttegattat@incenp.org> Provided patch extended to release the memory.
2014-12-16 13:10:09 +01:00
int i;
* keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards. (do_generate_keypair): Abd generate the authkey. (check_smartcard): Changed menu accordingly.
2003-07-23 09:11:06 +02:00
if (!info)
return;
scd: Add reder information to --card-status. * g10/call-agent.h, g10/call-agent.c (agent_release_card_info) g10/card-util.c (card_status): Add READER. * scd/apdu.c (close_ccid_reader, open_ccid_reader): Handle RDRNAME. (apdu_get_reader_name): New. * scd/ccid-driver.c (ccid_open_reader): Add argument to RDRNAME_P. * scd/command.c (cmd_learn): Return READER information.
2015-11-09 08:15:44 +01:00
xfree (info->reader); info->reader = NULL;
* keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards. (do_generate_keypair): Abd generate the authkey. (check_smartcard): Changed menu accordingly.
2003-07-23 09:11:06 +02:00
xfree (info->serialno); info->serialno = NULL;
Add a sample key. Detect and show the card type.
2009-01-13 15:01:56 +01:00
xfree (info->apptype); info->apptype = NULL;
* keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards. (do_generate_keypair): Abd generate the authkey. (check_smartcard): Changed menu accordingly.
2003-07-23 09:11:06 +02:00
xfree (info->disp_name); info->disp_name = NULL;
* g10.c: New command --card-status. * card-util.c (card_status): New. * call-agent.c (learn_status_cb): Parse more information. * keylist.c (print_pubkey_info): Add FP arg for optinal printing to a stream. Changed all callers.
2003-07-24 11:06:43 +02:00
xfree (info->disp_lang); info->disp_lang = NULL;
* keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards. (do_generate_keypair): Abd generate the authkey. (check_smartcard): Changed menu accordingly.
2003-07-23 09:11:06 +02:00
xfree (info->pubkey_url); info->pubkey_url = NULL;
* g10.c: New command --card-status. * card-util.c (card_status): New. * call-agent.c (learn_status_cb): Parse more information. * keylist.c (print_pubkey_info): Add FP arg for optinal printing to a stream. Changed all callers.
2003-07-24 11:06:43 +02:00
xfree (info->login_data); info->login_data = NULL;
* card-util.c (change_login): Kludge to allow reading data from a file. (card_edit): Pass ARG_STRING to change_login. (card_status): Print CA fingerprints. (change_cafpr): New. (card_edit): New command CAFPR. * call-agent.h: Add members for CA fingerprints. * call-agent.c (agent_release_card_info): Invalid them. (learn_status_cb): Store them.
2004-07-01 19:42:09 +02:00
info->cafpr1valid = info->cafpr2valid = info->cafpr3valid = 0;
* keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards. (do_generate_keypair): Abd generate the authkey. (check_smartcard): Changed menu accordingly.
2003-07-23 09:11:06 +02:00
info->fpr1valid = info->fpr2valid = info->fpr3valid = 0;
gpg: Show private DO information in the card status. * g10/call-agent.c (agent_release_card_info): Free private_do. (learn_status_cb): Parse PRIVATE-DO-n stati. -- Reported-by: Damien Goutte-Gattat <dgouttegattat@incenp.org> Provided patch extended to release the memory.
2014-12-16 13:10:09 +01:00
for (i=0; i < DIM(info->private_do); i++)
{
xfree (info->private_do[i]);
info->private_do[i] = NULL;
}
* keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards. (do_generate_keypair): Abd generate the authkey. (check_smartcard): Changed menu accordingly.
2003-07-23 09:11:06 +02:00
}
gpg: Show private DO information in the card status. * g10/call-agent.c (agent_release_card_info): Free private_do. (learn_status_cb): Parse PRIVATE-DO-n stati. -- Reported-by: Damien Goutte-Gattat <dgouttegattat@incenp.org> Provided patch extended to release the memory.
2014-12-16 13:10:09 +01:00
2009-09-23 Marcus Brinkmann <marcus@g10code.de> * configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION): Update to new API (2, 1.1.0). agent/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpg-agent.c (parse_rereadable_options): Don't set global assuan log file (there ain't one anymore). (main): Update to new API. (check_own_socket_pid_cb): Return gpg_error_t instead of int. (check_own_socket_thread, check_for_running_agent): Create assuan context before connecting to server. * command.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (write_and_clear_outbuf): Use gpg_error_t instead of assuan_error_t. (cmd_geteventcounter, cmd_istrusted, cmd_listtrusted) (cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc) (cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey) (cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase) (cmd_get_confirmation, cmd_learn, cmd_passwd) (cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval) (cmd_updatestartuptty, cmd_killagent, cmd_reloadagent) (cmd_getinfo, option_handler): Return gpg_error_t instead of int. (post_cmd_notify): Change type of ERR to gpg_error_t from int. (io_monitor): Add hook argument. Use symbols for constants. (register_commands): Change return type of HANDLER to gpg_error_t. (start_command_handler): Allocate assuan context before starting server. * call-pinentry.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (unlock_pinentry): Call assuan_release instead of assuan_disconnect. (getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int. (start_pinentry): Allocate assuan context before connecting to server. * call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb) (membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru) (pass_data_thru): Change return type to gpg_error_t. (start_scd): Allocate assuan context before connecting to server. common/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * asshelp.c (start_new_gpg_agent): Allocate assuan context before starting server. g10/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * call-agent.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb) (learn_status_cb, inq_writecert_parms, inq_writekey_parms) (scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of int. * gpg.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (main): Update to new Assuan API. * server.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) (cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys) (cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t instead of int. (register_commands): Allocate assuan context before starting server. (gpg_server): Allocate assuan_context before starting server. scd/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * command.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert) (cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt) (cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey) (cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock) (cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu) (cmd_killscd): Return gpg_error_t instead of int. (scd_command_handler): Allocate assuan context before starting server. * scdaemon.c (main): Update to new Assuan API. sm/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpgsm.c (main): Update to new assuan API. * server.c: Include "gpgsm.h" before <assuan.h> due to check for GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h. (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) (cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys) (cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey) (cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int. (register_commands): Same for member HANDLER in table. (gpgsm_server): Allocate assuan context before starting server. * sm/call-dirmngr.c: * call-dirmngr.c (prepare_dirmngr): Check for CTX and error before setting LDAPSERVER. (start_dirmngr_ext): Allocate assuan context before starting server. (inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb) (run_command_cb, run_command_inq_cb, run_command_status_cb): Return gpg_error_t instead of int. tools/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response) (main): Update to new Assuan API.
2009-09-23 02:01:25 +02:00
static gpg_error_t
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
learn_status_cb (void *opaque, const char *line)
{
struct agent_card_info_s *parm = opaque;
const char *keyword = line;
int keywordlen;
* g10.c: New command --card-status. * card-util.c (card_status): New. * call-agent.c (learn_status_cb): Parse more information. * keylist.c (print_pubkey_info): Add FP arg for optinal printing to a stream. Changed all callers.
2003-07-24 11:06:43 +02:00
int i;
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
;
while (spacep (line))
line++;
scd: Add reder information to --card-status. * g10/call-agent.h, g10/call-agent.c (agent_release_card_info) g10/card-util.c (card_status): Add READER. * scd/apdu.c (close_ccid_reader, open_ccid_reader): Handle RDRNAME. (apdu_get_reader_name): New. * scd/ccid-driver.c (ccid_open_reader): Add argument to RDRNAME_P. * scd/command.c (cmd_learn): Return READER information.
2015-11-09 08:15:44 +01:00
if (keywordlen == 6 && !memcmp (keyword, "READER", keywordlen))
{
xfree (parm->reader);
parm->reader = unescape_status_string (line);
}
else if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
* app-openpgp.c (store_fpr): Fixed fingerprint calculation. * keygen.c (gen_card_key): Obviously we should use the creation date received from SCDAEMON, so that the fingerprints will match. * sign.c (do_sign): Pass the serialno to the sign code. * keyid.c (serialno_and_fpr_from_sk): New.
2003-07-01 10:34:45 +02:00
{
* keylist.c (print_card_serialno): New. (list_keyblock_print): Use it here. * card-util.c (toggle_forcesig): New. (card_edit): New command "forcesig". * card-util.c (print_name, print_isoname): Use 0 and not LF fro the max_n arg of tty_print_utf8_string2. * call-agent.c (agent_scd_getattr): New. (learn_status_cb): Release values before assignment so that it can be used by getattr to update the structure. * card-util.c (change_pin): Simplified. We now have only a PIN and an Admin PIN.
2003-09-30 19:34:38 +02:00
xfree (parm->serialno);
* app-openpgp.c (store_fpr): Fixed fingerprint calculation. * keygen.c (gen_card_key): Obviously we should use the creation date received from SCDAEMON, so that the fingerprints will match. * sign.c (do_sign): Pass the serialno to the sign code. * keyid.c (serialno_and_fpr_from_sk): New.
2003-07-01 10:34:45 +02:00
parm->serialno = store_serialno (line);
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
parm->is_v2 = (strlen (parm->serialno) >= 16
Finished support for v2 cards with the exception of secure messaging.
2008-09-25 12:06:02 +02:00
&& xtoi_2 (parm->serialno+12) >= 2 );
* app-openpgp.c (store_fpr): Fixed fingerprint calculation. * keygen.c (gen_card_key): Obviously we should use the creation date received from SCDAEMON, so that the fingerprints will match. * sign.c (do_sign): Pass the serialno to the sign code. * keyid.c (serialno_and_fpr_from_sk): New.
2003-07-01 10:34:45 +02:00
}
Add a sample key. Detect and show the card type.
2009-01-13 15:01:56 +01:00
else if (keywordlen == 7 && !memcmp (keyword, "APPTYPE", keywordlen))
{
xfree (parm->apptype);
parm->apptype = unescape_status_string (line);
}
* app-openpgp.c (store_fpr): Fixed fingerprint calculation. * keygen.c (gen_card_key): Obviously we should use the creation date received from SCDAEMON, so that the fingerprints will match. * sign.c (do_sign): Pass the serialno to the sign code. * keyid.c (serialno_and_fpr_from_sk): New.
2003-07-01 10:34:45 +02:00
else if (keywordlen == 9 && !memcmp (keyword, "DISP-NAME", keywordlen))
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
{
* keylist.c (print_card_serialno): New. (list_keyblock_print): Use it here. * card-util.c (toggle_forcesig): New. (card_edit): New command "forcesig". * card-util.c (print_name, print_isoname): Use 0 and not LF fro the max_n arg of tty_print_utf8_string2. * call-agent.c (agent_scd_getattr): New. (learn_status_cb): Release values before assignment so that it can be used by getattr to update the structure. * card-util.c (change_pin): Simplified. We now have only a PIN and an Admin PIN.
2003-09-30 19:34:38 +02:00
xfree (parm->disp_name);
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
parm->disp_name = unescape_status_string (line);
}
* g10.c: New command --card-status. * card-util.c (card_status): New. * call-agent.c (learn_status_cb): Parse more information. * keylist.c (print_pubkey_info): Add FP arg for optinal printing to a stream. Changed all callers.
2003-07-24 11:06:43 +02:00
else if (keywordlen == 9 && !memcmp (keyword, "DISP-LANG", keywordlen))
{
* keylist.c (print_card_serialno): New. (list_keyblock_print): Use it here. * card-util.c (toggle_forcesig): New. (card_edit): New command "forcesig". * card-util.c (print_name, print_isoname): Use 0 and not LF fro the max_n arg of tty_print_utf8_string2. * call-agent.c (agent_scd_getattr): New. (learn_status_cb): Release values before assignment so that it can be used by getattr to update the structure. * card-util.c (change_pin): Simplified. We now have only a PIN and an Admin PIN.
2003-09-30 19:34:38 +02:00
xfree (parm->disp_lang);
* g10.c: New command --card-status. * card-util.c (card_status): New. * call-agent.c (learn_status_cb): Parse more information. * keylist.c (print_pubkey_info): Add FP arg for optinal printing to a stream. Changed all callers.
2003-07-24 11:06:43 +02:00
parm->disp_lang = unescape_status_string (line);
}
else if (keywordlen == 8 && !memcmp (keyword, "DISP-SEX", keywordlen))
{
parm->disp_sex = *line == '1'? 1 : *line == '2' ? 2: 0;
}
* options.h (DBG_CIPHER): Reintroduced it. * seskey.c (encode_session_key): Debug output of the session key. * pubkey-enc.c (get_it): Handle card case. * call-agent.c (agent_scd_pkdecrypt): New. * pkglue.c (pk_encrypt): Add RSA support. * g10.c (main): Default to --use-agent. * keygen.c (show_smartcard): Print info about the public key. (check_smartcard): Check for existing key here. (gen_card_key): And not anymore here. (fpr_is_zero): New. (generate_keypair): Generate both keys for a card. (smartcard_change_url): Nw.
2003-07-03 20:08:16 +02:00
else if (keywordlen == 10 && !memcmp (keyword, "PUBKEY-URL", keywordlen))
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
{
* keylist.c (print_card_serialno): New. (list_keyblock_print): Use it here. * card-util.c (toggle_forcesig): New. (card_edit): New command "forcesig". * card-util.c (print_name, print_isoname): Use 0 and not LF fro the max_n arg of tty_print_utf8_string2. * call-agent.c (agent_scd_getattr): New. (learn_status_cb): Release values before assignment so that it can be used by getattr to update the structure. * card-util.c (change_pin): Simplified. We now have only a PIN and an Admin PIN.
2003-09-30 19:34:38 +02:00
xfree (parm->pubkey_url);
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
parm->pubkey_url = unescape_status_string (line);
}
* g10.c: New command --card-status. * card-util.c (card_status): New. * call-agent.c (learn_status_cb): Parse more information. * keylist.c (print_pubkey_info): Add FP arg for optinal printing to a stream. Changed all callers.
2003-07-24 11:06:43 +02:00
else if (keywordlen == 10 && !memcmp (keyword, "LOGIN-DATA", keywordlen))
{
* keylist.c (print_card_serialno): New. (list_keyblock_print): Use it here. * card-util.c (toggle_forcesig): New. (card_edit): New command "forcesig". * card-util.c (print_name, print_isoname): Use 0 and not LF fro the max_n arg of tty_print_utf8_string2. * call-agent.c (agent_scd_getattr): New. (learn_status_cb): Release values before assignment so that it can be used by getattr to update the structure. * card-util.c (change_pin): Simplified. We now have only a PIN and an Admin PIN.
2003-09-30 19:34:38 +02:00
xfree (parm->login_data);
* g10.c: New command --card-status. * card-util.c (card_status): New. * call-agent.c (learn_status_cb): Parse more information. * keylist.c (print_pubkey_info): Add FP arg for optinal printing to a stream. Changed all callers.
2003-07-24 11:06:43 +02:00
parm->login_data = unescape_status_string (line);
}
else if (keywordlen == 11 && !memcmp (keyword, "SIG-COUNTER", keywordlen))
{
parm->sig_counter = strtoul (line, NULL, 0);
}
else if (keywordlen == 10 && !memcmp (keyword, "CHV-STATUS", keywordlen))
{
char *p, *buf;
buf = p = unescape_status_string (line);
if (buf)
{
while (spacep (p))
p++;
parm->chv1_cached = atoi (p);
(learn_status_cb, scd_genkey_cb): Fixed faulty use of !spacep().
2003-10-25 16:22:08 +02:00
while (*p && !spacep (p))
* g10.c: New command --card-status. * card-util.c (card_status): New. * call-agent.c (learn_status_cb): Parse more information. * keylist.c (print_pubkey_info): Add FP arg for optinal printing to a stream. Changed all callers.
2003-07-24 11:06:43 +02:00
p++;
while (spacep (p))
p++;
for (i=0; *p && i < 3; i++)
{
parm->chvmaxlen[i] = atoi (p);
(learn_status_cb, scd_genkey_cb): Fixed faulty use of !spacep().
2003-10-25 16:22:08 +02:00
while (*p && !spacep (p))
* g10.c: New command --card-status. * card-util.c (card_status): New. * call-agent.c (learn_status_cb): Parse more information. * keylist.c (print_pubkey_info): Add FP arg for optinal printing to a stream. Changed all callers.
2003-07-24 11:06:43 +02:00
p++;
while (spacep (p))
p++;
}
for (i=0; *p && i < 3; i++)
{
parm->chvretry[i] = atoi (p);
(learn_status_cb, scd_genkey_cb): Fixed faulty use of !spacep().
2003-10-25 16:22:08 +02:00
while (*p && !spacep (p))
* g10.c: New command --card-status. * card-util.c (card_status): New. * call-agent.c (learn_status_cb): Parse more information. * keylist.c (print_pubkey_info): Add FP arg for optinal printing to a stream. Changed all callers.
2003-07-24 11:06:43 +02:00
p++;
while (spacep (p))
p++;
}
xfree (buf);
}
}
Make use of the card's extended capabilities.
2009-07-22 19:21:47 +02:00
else if (keywordlen == 6 && !memcmp (keyword, "EXTCAP", keywordlen))
{
char *p, *p2, *buf;
int abool;
buf = p = unescape_status_string (line);
if (buf)
{
for (p = strtok (buf, " "); p; p = strtok (NULL, " "))
{
p2 = strchr (p, '=');
if (p2)
{
*p2++ = 0;
abool = (*p2 == '1');
if (!strcmp (p, "ki"))
parm->extcap.ki = abool;
else if (!strcmp (p, "aac"))
parm->extcap.aac = abool;
gpg: Add sub-command "factory-reset" to --card-edit. * common/util.h (GPG_ERR_OBJ_TERM_STATE): New. * scd/iso7816.c (map_sw): Add this error code. * scd/app-openpgp.c (do_getattr): Return the life cycle indicator. * scd/app.c (select_application): Allow a return value of GPG_ERR_OBJ_TERM_STATE. * scd/scdaemon.c (set_debug): Print the DBG_READER value. * g10/call-agent.c (start_agent): Print a status line for the termination state. (agent_scd_learn): Make arg "info" optional. (agent_scd_apdu): New. * g10/card-util.c (send_apdu): New. (factory_reset): New. (card_edit): Add command factory-reset. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-15 17:38:40 +01:00
else if (!strcmp (p, "si"))
parm->status_indicator = strtoul (p2, NULL, 10);
Make use of the card's extended capabilities.
2009-07-22 19:21:47 +02:00
}
}
xfree (buf);
}
}
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
else if (keywordlen == 7 && !memcmp (keyword, "KEY-FPR", keywordlen))
{
int no = atoi (line);
(learn_status_cb, scd_genkey_cb): Fixed faulty use of !spacep().
2003-10-25 16:22:08 +02:00
while (*line && !spacep (line))
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
line++;
while (spacep (line))
line++;
if (no == 1)
parm->fpr1valid = unhexify_fpr (line, parm->fpr1);
else if (no == 2)
parm->fpr2valid = unhexify_fpr (line, parm->fpr2);
else if (no == 3)
parm->fpr3valid = unhexify_fpr (line, parm->fpr3);
}
Make use of the card's extended capabilities.
2009-07-22 19:21:47 +02:00
else if (keywordlen == 8 && !memcmp (keyword, "KEY-TIME", keywordlen))
{
int no = atoi (line);
while (* line && !spacep (line))
line++;
while (spacep (line))
line++;
if (no == 1)
parm->fpr1time = strtoul (line, NULL, 10);
else if (no == 2)
parm->fpr2time = strtoul (line, NULL, 10);
else if (no == 3)
parm->fpr3time = strtoul (line, NULL, 10);
}
* card-util.c (change_login): Kludge to allow reading data from a file. (card_edit): Pass ARG_STRING to change_login. (card_status): Print CA fingerprints. (change_cafpr): New. (card_edit): New command CAFPR. * call-agent.h: Add members for CA fingerprints. * call-agent.c (agent_release_card_info): Invalid them. (learn_status_cb): Store them.
2004-07-01 19:42:09 +02:00
else if (keywordlen == 6 && !memcmp (keyword, "CA-FPR", keywordlen))
{
int no = atoi (line);
while (*line && !spacep (line))
line++;
while (spacep (line))
line++;
if (no == 1)
parm->cafpr1valid = unhexify_fpr (line, parm->cafpr1);
else if (no == 2)
parm->cafpr2valid = unhexify_fpr (line, parm->cafpr2);
else if (no == 3)
parm->cafpr3valid = unhexify_fpr (line, parm->cafpr3);
}
Made card key generate with backup key work for 2048 bit. Improved card key generation prompts.
2009-05-15 21:26:46 +02:00
else if (keywordlen == 8 && !memcmp (keyword, "KEY-ATTR", keywordlen))
{
scd: support any curves defined by libgcrypt. * g10/call-agent.h (struct agent_card_info_s): Add curve field. * g10/call-agent.c (learn_status_cb): Use curve name. * g10/card-util.c (card_status): Show pubkey name. * scd/app-openpgp.c (struct app_local_s): Record OID and flags. (store_fpr): Use ALGO instead of key type. (send_key_attr): Use curve name instead of OID. (get_public_key): Clean up by OID to curve name. (ecc_writekey): Support any curves in libgcrypt. (do_genkey, do_auth, ): Follow the change. (ecc_oid): New. (parse_algorithm_attribute): Show OID here.
2015-07-25 05:09:23 +02:00
int keyno = 0;
int algo = PUBKEY_ALGO_RSA;
int n = 0;
Made card key generate with backup key work for 2048 bit. Improved card key generation prompts.
2009-05-15 21:26:46 +02:00
scd: support any curves defined by libgcrypt. * g10/call-agent.h (struct agent_card_info_s): Add curve field. * g10/call-agent.c (learn_status_cb): Use curve name. * g10/card-util.c (card_status): Show pubkey name. * scd/app-openpgp.c (struct app_local_s): Record OID and flags. (store_fpr): Use ALGO instead of key type. (send_key_attr): Use curve name instead of OID. (get_public_key): Clean up by OID to curve name. (ecc_writekey): Support any curves in libgcrypt. (do_genkey, do_auth, ): Follow the change. (ecc_oid): New. (parse_algorithm_attribute): Show OID here.
2015-07-25 05:09:23 +02:00
sscanf (line, "%d %d %n", &keyno, &algo, &n);
Made card key generate with backup key work for 2048 bit. Improved card key generation prompts.
2009-05-15 21:26:46 +02:00
keyno--;
scd: support any curves defined by libgcrypt. * g10/call-agent.h (struct agent_card_info_s): Add curve field. * g10/call-agent.c (learn_status_cb): Use curve name. * g10/card-util.c (card_status): Show pubkey name. * scd/app-openpgp.c (struct app_local_s): Record OID and flags. (store_fpr): Use ALGO instead of key type. (send_key_attr): Use curve name instead of OID. (get_public_key): Clean up by OID to curve name. (ecc_writekey): Support any curves in libgcrypt. (do_genkey, do_auth, ): Follow the change. (ecc_oid): New. (parse_algorithm_attribute): Show OID here.
2015-07-25 05:09:23 +02:00
if (keyno < 0 || keyno >= DIM (parm->key_attr))
return 0;
parm->key_attr[keyno].algo = algo;
if (algo == PUBKEY_ALGO_RSA)
parm->key_attr[keyno].nbits = strtoul (line+n+3, NULL, 10);
else if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA
|| algo == PUBKEY_ALGO_EDDSA)
gpg: New option --default-new-key-algo. * common/openpgp-oid.c (openpgp_is_curve_supported): Add optional arg R_ALGO and change all callers. * common/util.h (GPG_ERR_UNKNOWN_FLAG): New error code. * g10/options.h (struct opt): Add field DEF_NEW_KEY_ALGO. * g10/gpg.c (oDefaultNewKeyAlgo): New enum. (opts): New option "--default-new-key-algo". (main): Set the option. * g10/keygen.c: Remove DEFAULT_STD_ FUTURE_STD_ constants and replace them by ... (DEFAULT_STD_KEY_PARAM, FUTURE_STD_KEY_PARAM): new string constants. (get_keysize_range): Remove arg R_DEF and return that value instead. Change all callers. (gen_rsa): Use get_keysize_range instead of the removed DEFAULT_STD_KEYSIZE. (parse_key_parameter_part): New function. (parse_key_parameter_string): New function. (quick_generate_keypair): Refactor using parse_key_parameter_string. (generate_keypair): Ditto. (parse_algo_usage_expire): Ditto. -- This new option is intended to be used in the forthcoming --set-profile command of gpgconf. It allows to provide a gpg configuration with custom defaults for a new key using the simple commands which use the default algorithm set. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-02 19:43:36 +01:00
parm->key_attr[keyno].curve = openpgp_is_curve_supported (line + n,
NULL, NULL);
Made card key generate with backup key work for 2048 bit. Improved card key generation prompts.
2009-05-15 21:26:46 +02:00
}
gpg: Show private DO information in the card status. * g10/call-agent.c (agent_release_card_info): Free private_do. (learn_status_cb): Parse PRIVATE-DO-n stati. -- Reported-by: Damien Goutte-Gattat <dgouttegattat@incenp.org> Provided patch extended to release the memory.
2014-12-16 13:10:09 +01:00
else if (keywordlen == 12 && !memcmp (keyword, "PRIVATE-DO-", 11)
&& strchr("1234", keyword[11]))
{
int no = keyword[11] - '1';
gpg: Remove all assert.h and s/assert/log_assert/. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-29 11:05:24 +02:00
log_assert (no >= 0 && no <= 3);
gpg: Show private DO information in the card status. * g10/call-agent.c (agent_release_card_info): Free private_do. (learn_status_cb): Parse PRIVATE-DO-n stati. -- Reported-by: Damien Goutte-Gattat <dgouttegattat@incenp.org> Provided patch extended to release the memory.
2014-12-16 13:10:09 +01:00
xfree (parm->private_do[no]);
parm->private_do[no] = unescape_status_string (line);
}
Made card key generate with backup key work for 2048 bit. Improved card key generation prompts.
2009-05-15 21:26:46 +02:00
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
return 0;
}
gpg: Make card key generation work again. * g10/call-agent.c (agent_scd_learn): Rename from agent_learn. (agent_learn): New. * g10/keygen.c (gen_card_key): Call new agent-learn. -- Without a shadow key we can't create the self-signatures. Thus we need to issue the learn command after each key generation. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-19 14:09:04 +02:00
/* Call the scdaemon to learn about a smartcard */
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
int
g10: Fix keytocard. g10/call-agent.h (agent_scd_learn): Add FORCE option. g10/call-agent.c (agent_scd_learn): Implement FORCE option. g10/keygen.c (gen_card_key): Follow the change of option. g10/card-util.c (change_pin, card_status, factory_reset): Likewise. g10/keyedit.c (keyedit_menu): Update private key storage by agent_scd_learn. -- This is not a perfect solution since there is a possibility user unplug card before quitting 'gpg --keyedit' session. Usually, it works well. GnuPG-bug-id: 1846
2015-04-03 10:39:59 +02:00
agent_scd_learn (struct agent_card_info_s *info, int force)
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
{
int rc;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct default_inq_parm_s parm;
gpg: Let --card--status create a shadow key (card key stub). * agent/command.c (cmd_learn): Add option --sendinfo. * agent/learncard.c (agent_handle_learn): Add arg "send" andsend certifciate only if that is set. * g10/call-agent.c (agent_scd_learn): Use --sendinfo. Make INFO optional. (agent_learn): Remove. * g10/keygen.c (gen_card_key): Replace agent_learn by agent_scd_learn. -- The requirement of using --card-status on the first use of card on a new box is a bit annoying but the alternative of always checking whether a card is available before a decryption starts does not sound promising either. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-12 12:35:45 +01:00
struct agent_card_info_s dummyinfo;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
gpg: Add sub-command "factory-reset" to --card-edit. * common/util.h (GPG_ERR_OBJ_TERM_STATE): New. * scd/iso7816.c (map_sw): Add this error code. * scd/app-openpgp.c (do_getattr): Return the life cycle indicator. * scd/app.c (select_application): Allow a return value of GPG_ERR_OBJ_TERM_STATE. * scd/scdaemon.c (set_debug): Print the DBG_READER value. * g10/call-agent.c (start_agent): Print a status line for the termination state. (agent_scd_learn): Make arg "info" optional. (agent_scd_apdu): New. * g10/card-util.c (send_apdu): New. (factory_reset): New. (card_edit): Add command factory-reset. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-15 17:38:40 +01:00
if (!info)
info = &dummyinfo;
memset (info, 0, sizeof *info);
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
memset (&parm, 0, sizeof parm);
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
rc = start_agent (NULL, 1);
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
if (rc)
return rc;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
parm.ctx = agent_ctx;
g10: Fix keytocard. g10/call-agent.h (agent_scd_learn): Add FORCE option. g10/call-agent.c (agent_scd_learn): Implement FORCE option. g10/keygen.c (gen_card_key): Follow the change of option. g10/card-util.c (change_pin, card_status, factory_reset): Likewise. g10/keyedit.c (keyedit_menu): Update private key storage by agent_scd_learn. -- This is not a perfect solution since there is a possibility user unplug card before quitting 'gpg --keyedit' session. Usually, it works well. GnuPG-bug-id: 1846
2015-04-03 10:39:59 +02:00
rc = assuan_transact (agent_ctx,
force ? "LEARN --sendinfo --force" : "LEARN --sendinfo",
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
dummy_data_cb, NULL, default_inq_cb, &parm,
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
learn_status_cb, info);
Made card key generate with backup key work for 2048 bit. Improved card key generation prompts.
2009-05-15 21:26:46 +02:00
/* Also try to get the key attributes. */
if (!rc)
agent_scd_getattr ("KEY-ATTR", info);
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
gpg: Let --card--status create a shadow key (card key stub). * agent/command.c (cmd_learn): Add option --sendinfo. * agent/learncard.c (agent_handle_learn): Add arg "send" andsend certifciate only if that is set. * g10/call-agent.c (agent_scd_learn): Use --sendinfo. Make INFO optional. (agent_learn): Remove. * g10/keygen.c (gen_card_key): Replace agent_learn by agent_scd_learn. -- The requirement of using --card-status on the first use of card on a new box is a bit annoying but the alternative of always checking whether a card is available before a decryption starts does not sound promising either. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-12 12:35:45 +01:00
if (info == &dummyinfo)
agent_release_card_info (info);
gpg: Make card key generation work again. * g10/call-agent.c (agent_scd_learn): Rename from agent_learn. (agent_learn): New. * g10/keygen.c (gen_card_key): Call new agent-learn. -- Without a shadow key we can't create the self-signatures. Thus we need to issue the learn command after each key generation. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-19 14:09:04 +02:00
gpg: Let --card--status create a shadow key (card key stub). * agent/command.c (cmd_learn): Add option --sendinfo. * agent/learncard.c (agent_handle_learn): Add arg "send" andsend certifciate only if that is set. * g10/call-agent.c (agent_scd_learn): Use --sendinfo. Make INFO optional. (agent_learn): Remove. * g10/keygen.c (gen_card_key): Replace agent_learn by agent_scd_learn. -- The requirement of using --card-status on the first use of card on a new box is a bit annoying but the alternative of always checking whether a card is available before a decryption starts does not sound promising either. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-12 12:35:45 +01:00
return rc;
gpg: Make card key generation work again. * g10/call-agent.c (agent_scd_learn): Rename from agent_learn. (agent_learn): New. * g10/keygen.c (gen_card_key): Call new agent-learn. -- Without a shadow key we can't create the self-signatures. Thus we need to issue the learn command after each key generation. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-19 14:09:04 +02:00
}
gpg: Add sub-command "factory-reset" to --card-edit. * common/util.h (GPG_ERR_OBJ_TERM_STATE): New. * scd/iso7816.c (map_sw): Add this error code. * scd/app-openpgp.c (do_getattr): Return the life cycle indicator. * scd/app.c (select_application): Allow a return value of GPG_ERR_OBJ_TERM_STATE. * scd/scdaemon.c (set_debug): Print the DBG_READER value. * g10/call-agent.c (start_agent): Print a status line for the termination state. (agent_scd_learn): Make arg "info" optional. (agent_scd_apdu): New. * g10/card-util.c (send_apdu): New. (factory_reset): New. (card_edit): Add command factory-reset. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-15 17:38:40 +01:00
/* Send an APDU to the current card. On success the status word is
stored at R_SW. With HEXAPDU being NULL only a RESET command is
send to scd. With HEXAPDU being the string "undefined" the command
"SERIALNO undefined" is send to scd. */
gpg_error_t
agent_scd_apdu (const char *hexapdu, unsigned int *r_sw)
{
gpg_error_t err;
/* Start the agent but not with the card flag so that we do not
autoselect the openpgp application. */
err = start_agent (NULL, 0);
if (err)
return err;
if (!hexapdu)
{
err = assuan_transact (agent_ctx, "SCD RESET",
NULL, NULL, NULL, NULL, NULL, NULL);
}
else if (!strcmp (hexapdu, "undefined"))
{
err = assuan_transact (agent_ctx, "SCD SERIALNO undefined",
NULL, NULL, NULL, NULL, NULL, NULL);
}
else
{
char line[ASSUAN_LINELENGTH];
membuf_t mb;
unsigned char *data;
size_t datalen;
init_membuf (&mb, 256);
Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 05:04:46 +02:00
snprintf (line, DIM(line), "SCD APDU %s", hexapdu);
gpg: Add sub-command "factory-reset" to --card-edit. * common/util.h (GPG_ERR_OBJ_TERM_STATE): New. * scd/iso7816.c (map_sw): Add this error code. * scd/app-openpgp.c (do_getattr): Return the life cycle indicator. * scd/app.c (select_application): Allow a return value of GPG_ERR_OBJ_TERM_STATE. * scd/scdaemon.c (set_debug): Print the DBG_READER value. * g10/call-agent.c (start_agent): Print a status line for the termination state. (agent_scd_learn): Make arg "info" optional. (agent_scd_apdu): New. * g10/card-util.c (send_apdu): New. (factory_reset): New. (card_edit): Add command factory-reset. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-15 17:38:40 +01:00
err = assuan_transact (agent_ctx, line,
common: New put_membuf_cb to replace static membuf_data_cb. * common/membuf.c (put_membuf_cb): New. * agent/call-scd.c (membuf_data_cb): Remove. Change callers to use put_membuf_cb. * common/get-passphrase.c (membuf_data_cb): Ditto. * g10/call-agent.c (membuf_data_cb): Ditto. * sm/call-agent.c (membuf_data_cb): Ditto. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 06:33:27 +01:00
put_membuf_cb, &mb, NULL, NULL, NULL, NULL);
gpg: Add sub-command "factory-reset" to --card-edit. * common/util.h (GPG_ERR_OBJ_TERM_STATE): New. * scd/iso7816.c (map_sw): Add this error code. * scd/app-openpgp.c (do_getattr): Return the life cycle indicator. * scd/app.c (select_application): Allow a return value of GPG_ERR_OBJ_TERM_STATE. * scd/scdaemon.c (set_debug): Print the DBG_READER value. * g10/call-agent.c (start_agent): Print a status line for the termination state. (agent_scd_learn): Make arg "info" optional. (agent_scd_apdu): New. * g10/card-util.c (send_apdu): New. (factory_reset): New. (card_edit): Add command factory-reset. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-15 17:38:40 +01:00
if (!err)
{
data = get_membuf (&mb, &datalen);
if (!data)
err = gpg_error_from_syserror ();
else if (datalen < 2) /* Ooops */
err = gpg_error (GPG_ERR_CARD);
else
{
Use inline functions to convert buffer data to scalars. * common/host2net.h (buf16_to_ulong, buf16_to_uint): New. (buf16_to_ushort, buf16_to_u16): New. (buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New. -- Commit 91b826a38880fd8a989318585eb502582636ddd8 was not enough to avoid all sign extension on shift problems. Hanno Böck found a case with an invalid read due to this problem. To fix that once and for all almost all uses of "<< 24" and "<< 8" are changed by this patch to use an inline function from host2net.h. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-11 10:27:57 +01:00
*r_sw = buf16_to_uint (data+datalen-2);
gpg: Add sub-command "factory-reset" to --card-edit. * common/util.h (GPG_ERR_OBJ_TERM_STATE): New. * scd/iso7816.c (map_sw): Add this error code. * scd/app-openpgp.c (do_getattr): Return the life cycle indicator. * scd/app.c (select_application): Allow a return value of GPG_ERR_OBJ_TERM_STATE. * scd/scdaemon.c (set_debug): Print the DBG_READER value. * g10/call-agent.c (start_agent): Print a status line for the termination state. (agent_scd_learn): Make arg "info" optional. (agent_scd_apdu): New. * g10/card-util.c (send_apdu): New. (factory_reset): New. (card_edit): Add command factory-reset. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-15 17:38:40 +01:00
}
xfree (data);
}
}
return err;
}
gpg: Implement card_store_subkey again. * g10/call-agent.h (agent_keytocard): New. * g10/call-agent.c (agent_keytocard): New. * g10/card-util.c (replace_existing_key_p): Returns 1 when replace. (card_generate_subkey): Check return value of replace_existing_key_p. (card_store_subkey): Implement again using agent_keytocard.
2013-02-06 06:01:23 +01:00
int
agent_keytocard (const char *hexgrip, int keyno, int force,
const char *serialno, const char *timestamp)
{
int rc;
char line[ASSUAN_LINELENGTH];
gpg: fix keytocard and support ECC card for key attribute. * g10/call-agent.c (agent_keytocard): Supply PARM arg. * g10/card-util.c (card_status): Support ECC. (card_store_subkey): Don't assume RSA.
2013-02-22 03:00:27 +01:00
struct default_inq_parm_s parm;
memset (&parm, 0, sizeof parm);
gpg: Implement card_store_subkey again. * g10/call-agent.h (agent_keytocard): New. * g10/call-agent.c (agent_keytocard): New. * g10/card-util.c (replace_existing_key_p): Returns 1 when replace. (card_generate_subkey): Check return value of replace_existing_key_p. (card_store_subkey): Implement again using agent_keytocard.
2013-02-06 06:01:23 +01:00
Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 05:04:46 +02:00
snprintf (line, DIM(line), "KEYTOCARD %s%s %s OPENPGP.%d %s",
gpg: Implement card_store_subkey again. * g10/call-agent.h (agent_keytocard): New. * g10/call-agent.c (agent_keytocard): New. * g10/card-util.c (replace_existing_key_p): Returns 1 when replace. (card_generate_subkey): Check return value of replace_existing_key_p. (card_store_subkey): Implement again using agent_keytocard.
2013-02-06 06:01:23 +01:00
force?"--force ": "", hexgrip, serialno, keyno, timestamp);
rc = start_agent (NULL, 1);
if (rc)
return rc;
agent, sm: Set CTX after start_agent. * g10/call-agent.c (agent_keytocard): Assign parm.ctx after start_agent. * sm/call-agent.c (gpgsm_agent_pksign, gpgsm_scd_pksign) (gpgsm_agent_readkey, gpgsm_agent_scd_serialno) (gpgsm_agent_scd_keypairinfo, gpgsm_agent_marktrusted) (gpgsm_agent_passwd, gpgsm_agent_get_confirmation) (gpgsm_agent_ask_passphrase, gpgsm_agent_keywrap_key) (gpgsm_agent_export_key): Likewise. -- Reported-by: Rainer Perske GnuPG-bug-id: 2699 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-09-27 07:45:21 +02:00
parm.ctx = agent_ctx;
gpg: Implement card_store_subkey again. * g10/call-agent.h (agent_keytocard): New. * g10/call-agent.c (agent_keytocard): New. * g10/card-util.c (replace_existing_key_p): Returns 1 when replace. (card_generate_subkey): Check return value of replace_existing_key_p. (card_store_subkey): Implement again using agent_keytocard.
2013-02-06 06:01:23 +01:00
gpg: fix keytocard and support ECC card for key attribute. * g10/call-agent.c (agent_keytocard): Supply PARM arg. * g10/card-util.c (card_status): Support ECC. (card_store_subkey): Don't assume RSA.
2013-02-22 03:00:27 +01:00
rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, &parm,
NULL, NULL);
gpg: Implement card_store_subkey again. * g10/call-agent.h (agent_keytocard): New. * g10/call-agent.c (agent_keytocard): New. * g10/card-util.c (replace_existing_key_p): Returns 1 when replace. (card_generate_subkey): Check return value of replace_existing_key_p. (card_store_subkey): Implement again using agent_keytocard.
2013-02-06 06:01:23 +01:00
if (rc)
return rc;
return rc;
}
* keylist.c (print_card_serialno): New. (list_keyblock_print): Use it here. * card-util.c (toggle_forcesig): New. (card_edit): New command "forcesig". * card-util.c (print_name, print_isoname): Use 0 and not LF fro the max_n arg of tty_print_utf8_string2. * call-agent.c (agent_scd_getattr): New. (learn_status_cb): Release values before assignment so that it can be used by getattr to update the structure. * card-util.c (change_pin): Simplified. We now have only a PIN and an Admin PIN.
2003-09-30 19:34:38 +02:00
/* Call the agent to retrieve a data object. This function returns
the data in the same structure as used by the learn command. It is
Spelling fixes in docs and comments. -- In addition, fix trailing spaces in tests/inittests. GnuPG-bug-id: 3121 Reported-by: ka7 (klemens) Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-28 03:06:33 +02:00
allowed to update such a structure using this command. */
* keylist.c (print_card_serialno): New. (list_keyblock_print): Use it here. * card-util.c (toggle_forcesig): New. (card_edit): New command "forcesig". * card-util.c (print_name, print_isoname): Use 0 and not LF fro the max_n arg of tty_print_utf8_string2. * call-agent.c (agent_scd_getattr): New. (learn_status_cb): Release values before assignment so that it can be used by getattr to update the structure. * card-util.c (change_pin): Simplified. We now have only a PIN and an Admin PIN.
2003-09-30 19:34:38 +02:00
int
agent_scd_getattr (const char *name, struct agent_card_info_s *info)
{
int rc;
char line[ASSUAN_LINELENGTH];
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct default_inq_parm_s parm;
memset (&parm, 0, sizeof parm);
* keylist.c (print_card_serialno): New. (list_keyblock_print): Use it here. * card-util.c (toggle_forcesig): New. (card_edit): New command "forcesig". * card-util.c (print_name, print_isoname): Use 0 and not LF fro the max_n arg of tty_print_utf8_string2. * call-agent.c (agent_scd_getattr): New. (learn_status_cb): Release values before assignment so that it can be used by getattr to update the structure. * card-util.c (change_pin): Simplified. We now have only a PIN and an Admin PIN.
2003-09-30 19:34:38 +02:00
if (!*name)
return gpg_error (GPG_ERR_INV_VALUE);
/* We assume that NAME does not need escaping. */
if (12 + strlen (name) > DIM(line)-1)
return gpg_error (GPG_ERR_TOO_LARGE);
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
stpcpy (stpcpy (line, "SCD GETATTR "), name);
* keylist.c (print_card_serialno): New. (list_keyblock_print): Use it here. * card-util.c (toggle_forcesig): New. (card_edit): New command "forcesig". * card-util.c (print_name, print_isoname): Use 0 and not LF fro the max_n arg of tty_print_utf8_string2. * call-agent.c (agent_scd_getattr): New. (learn_status_cb): Release values before assignment so that it can be used by getattr to update the structure. * card-util.c (change_pin): Simplified. We now have only a PIN and an Admin PIN.
2003-09-30 19:34:38 +02:00
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
rc = start_agent (NULL, 1);
* keylist.c (print_card_serialno): New. (list_keyblock_print): Use it here. * card-util.c (toggle_forcesig): New. (card_edit): New command "forcesig". * card-util.c (print_name, print_isoname): Use 0 and not LF fro the max_n arg of tty_print_utf8_string2. * call-agent.c (agent_scd_getattr): New. (learn_status_cb): Release values before assignment so that it can be used by getattr to update the structure. * card-util.c (change_pin): Simplified. We now have only a PIN and an Admin PIN.
2003-09-30 19:34:38 +02:00
if (rc)
return rc;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
parm.ctx = agent_ctx;
rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, &parm,
* keylist.c (print_card_serialno): New. (list_keyblock_print): Use it here. * card-util.c (toggle_forcesig): New. (card_edit): New command "forcesig". * card-util.c (print_name, print_isoname): Use 0 and not LF fro the max_n arg of tty_print_utf8_string2. * call-agent.c (agent_scd_getattr): New. (learn_status_cb): Release values before assignment so that it can be used by getattr to update the structure. * card-util.c (change_pin): Simplified. We now have only a PIN and an Admin PIN.
2003-09-30 19:34:38 +02:00
learn_status_cb, info);
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
The big Assuan error code removal.
2006-09-06 18:35:52 +02:00
return rc;
* keylist.c (print_card_serialno): New. (list_keyblock_print): Use it here. * card-util.c (toggle_forcesig): New. (card_edit): New command "forcesig". * card-util.c (print_name, print_isoname): Use 0 and not LF fro the max_n arg of tty_print_utf8_string2. * call-agent.c (agent_scd_getattr): New. (learn_status_cb): Release values before assignment so that it can be used by getattr to update the structure. * card-util.c (change_pin): Simplified. We now have only a PIN and an Admin PIN.
2003-09-30 19:34:38 +02:00
}
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
g10/ does build again.
2006-05-23 18:19:43 +02:00
/* Send an setattr command to the SCdaemon. SERIALNO is not actually
used here but required by gpg 1.4's implementation of this code in
cardglue.c. */
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
int
agent_scd_setattr (const char *name,
g10/ does build again.
2006-05-23 18:19:43 +02:00
const unsigned char *value, size_t valuelen,
const char *serialno)
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
{
int rc;
char line[ASSUAN_LINELENGTH];
char *p;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct default_inq_parm_s parm;
memset (&parm, 0, sizeof parm);
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
(void)serialno;
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
if (!*name || !valuelen)
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
return gpg_error (GPG_ERR_INV_VALUE);
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
/* We assume that NAME does not need escaping. */
if (12 + strlen (name) > DIM(line)-1)
return gpg_error (GPG_ERR_TOO_LARGE);
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
p = stpcpy (stpcpy (line, "SCD SETATTR "), name);
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
*p++ = ' ';
for (; valuelen; value++, valuelen--)
{
if (p >= line + DIM(line)-5 )
return gpg_error (GPG_ERR_TOO_LARGE);
if (*value < ' ' || *value == '+' || *value == '%')
{
sprintf (p, "%%%02X", *value);
p += 3;
}
else if (*value == ' ')
*p++ = '+';
else
*p++ = *value;
}
*p = 0;
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
rc = start_agent (NULL, 1);
Emit CARDCTRL status lines.
2009-07-22 18:08:58 +02:00
if (!rc)
{
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
parm.ctx = agent_ctx;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
rc = assuan_transact (agent_ctx, line, NULL, NULL,
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
default_inq_cb, &parm, NULL, NULL);
Emit CARDCTRL status lines.
2009-07-22 18:08:58 +02:00
}
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
Emit CARDCTRL status lines.
2009-07-22 18:08:58 +02:00
status_sc_op_failure (rc);
The big Assuan error code removal.
2006-09-06 18:35:52 +02:00
return rc;
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
}
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
With --enable-gpg the keyservers are now build and a first test using gpg2 shows no prblems. Needs more testing of course.
2006-08-16 12:47:53 +02:00
Support the Certifciate DO of the v2 OpenPGP cards.
2008-09-23 11:57:45 +02:00
/* Handle a CERTDATA inquiry. Note, we only send the data,
assuan_transact takes care of flushing and writing the END
command. */
2009-09-23 Marcus Brinkmann <marcus@g10code.de> * configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION): Update to new API (2, 1.1.0). agent/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpg-agent.c (parse_rereadable_options): Don't set global assuan log file (there ain't one anymore). (main): Update to new API. (check_own_socket_pid_cb): Return gpg_error_t instead of int. (check_own_socket_thread, check_for_running_agent): Create assuan context before connecting to server. * command.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (write_and_clear_outbuf): Use gpg_error_t instead of assuan_error_t. (cmd_geteventcounter, cmd_istrusted, cmd_listtrusted) (cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc) (cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey) (cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase) (cmd_get_confirmation, cmd_learn, cmd_passwd) (cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval) (cmd_updatestartuptty, cmd_killagent, cmd_reloadagent) (cmd_getinfo, option_handler): Return gpg_error_t instead of int. (post_cmd_notify): Change type of ERR to gpg_error_t from int. (io_monitor): Add hook argument. Use symbols for constants. (register_commands): Change return type of HANDLER to gpg_error_t. (start_command_handler): Allocate assuan context before starting server. * call-pinentry.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (unlock_pinentry): Call assuan_release instead of assuan_disconnect. (getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int. (start_pinentry): Allocate assuan context before connecting to server. * call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb) (membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru) (pass_data_thru): Change return type to gpg_error_t. (start_scd): Allocate assuan context before connecting to server. common/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * asshelp.c (start_new_gpg_agent): Allocate assuan context before starting server. g10/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * call-agent.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb) (learn_status_cb, inq_writecert_parms, inq_writekey_parms) (scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of int. * gpg.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (main): Update to new Assuan API. * server.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) (cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys) (cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t instead of int. (register_commands): Allocate assuan context before starting server. (gpg_server): Allocate assuan_context before starting server. scd/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * command.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert) (cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt) (cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey) (cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock) (cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu) (cmd_killscd): Return gpg_error_t instead of int. (scd_command_handler): Allocate assuan context before starting server. * scdaemon.c (main): Update to new Assuan API. sm/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpgsm.c (main): Update to new assuan API. * server.c: Include "gpgsm.h" before <assuan.h> due to check for GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h. (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) (cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys) (cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey) (cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int. (register_commands): Same for member HANDLER in table. (gpgsm_server): Allocate assuan context before starting server. * sm/call-dirmngr.c: * call-dirmngr.c (prepare_dirmngr): Check for CTX and error before setting LDAPSERVER. (start_dirmngr_ext): Allocate assuan context before starting server. (inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb) (run_command_cb, run_command_inq_cb, run_command_status_cb): Return gpg_error_t instead of int. tools/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response) (main): Update to new Assuan API.
2009-09-23 02:01:25 +02:00
static gpg_error_t
Support the Certifciate DO of the v2 OpenPGP cards.
2008-09-23 11:57:45 +02:00
inq_writecert_parms (void *opaque, const char *line)
{
int rc;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
struct writecert_parm_s *parm = opaque;
Support the Certifciate DO of the v2 OpenPGP cards.
2008-09-23 11:57:45 +02:00
Use has_leading_keyword in the assuan callbacks. * agent/call-pinentry.c (inq_quality): Use has_leading_keyword. * agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto. * g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto. (inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto. * g10/call-dirmngr.c (ks_put_inq_cb): Ditto. * sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto. (inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto. (keyinfo_status_cb, inq_import_key_parms): Ditto. * sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto. (lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
if (has_leading_keyword (line, "CERTDATA"))
Support the Certifciate DO of the v2 OpenPGP cards.
2008-09-23 11:57:45 +02:00
{
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
rc = assuan_send_data (parm->dflt->ctx,
parm->certdata, parm->certdatalen);
Support the Certifciate DO of the v2 OpenPGP cards.
2008-09-23 11:57:45 +02:00
}
else
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
rc = default_inq_cb (parm->dflt, line);
Support the Certifciate DO of the v2 OpenPGP cards.
2008-09-23 11:57:45 +02:00
return rc;
}
/* Send a WRITECERT command to the SCdaemon. */
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
int
Support the Certifciate DO of the v2 OpenPGP cards.
2008-09-23 11:57:45 +02:00
agent_scd_writecert (const char *certidstr,
const unsigned char *certdata, size_t certdatalen)
{
int rc;
char line[ASSUAN_LINELENGTH];
struct writecert_parm_s parms;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct default_inq_parm_s dfltparm;
memset (&dfltparm, 0, sizeof dfltparm);
Support the Certifciate DO of the v2 OpenPGP cards.
2008-09-23 11:57:45 +02:00
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
rc = start_agent (NULL, 1);
Support the Certifciate DO of the v2 OpenPGP cards.
2008-09-23 11:57:45 +02:00
if (rc)
return rc;
memset (&parms, 0, sizeof parms);
Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 05:04:46 +02:00
snprintf (line, DIM(line), "SCD WRITECERT %s", certidstr);
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
dfltparm.ctx = agent_ctx;
parms.dflt = &dfltparm;
Support the Certifciate DO of the v2 OpenPGP cards.
2008-09-23 11:57:45 +02:00
parms.certdata = certdata;
parms.certdatalen = certdatalen;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Support the Certifciate DO of the v2 OpenPGP cards.
2008-09-23 11:57:45 +02:00
rc = assuan_transact (agent_ctx, line, NULL, NULL,
inq_writecert_parms, &parms, NULL, NULL);
return rc;
}
With --enable-gpg the keyservers are now build and a first test using gpg2 shows no prblems. Needs more testing of course.
2006-08-16 12:47:53 +02:00
/* Handle a KEYDATA inquiry. Note, we only send the data,
assuan_transact takes care of flushing and writing the end */
2009-09-23 Marcus Brinkmann <marcus@g10code.de> * configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION): Update to new API (2, 1.1.0). agent/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpg-agent.c (parse_rereadable_options): Don't set global assuan log file (there ain't one anymore). (main): Update to new API. (check_own_socket_pid_cb): Return gpg_error_t instead of int. (check_own_socket_thread, check_for_running_agent): Create assuan context before connecting to server. * command.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (write_and_clear_outbuf): Use gpg_error_t instead of assuan_error_t. (cmd_geteventcounter, cmd_istrusted, cmd_listtrusted) (cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc) (cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey) (cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase) (cmd_get_confirmation, cmd_learn, cmd_passwd) (cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval) (cmd_updatestartuptty, cmd_killagent, cmd_reloadagent) (cmd_getinfo, option_handler): Return gpg_error_t instead of int. (post_cmd_notify): Change type of ERR to gpg_error_t from int. (io_monitor): Add hook argument. Use symbols for constants. (register_commands): Change return type of HANDLER to gpg_error_t. (start_command_handler): Allocate assuan context before starting server. * call-pinentry.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (unlock_pinentry): Call assuan_release instead of assuan_disconnect. (getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int. (start_pinentry): Allocate assuan context before connecting to server. * call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb) (membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru) (pass_data_thru): Change return type to gpg_error_t. (start_scd): Allocate assuan context before connecting to server. common/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * asshelp.c (start_new_gpg_agent): Allocate assuan context before starting server. g10/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * call-agent.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb) (learn_status_cb, inq_writecert_parms, inq_writekey_parms) (scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of int. * gpg.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (main): Update to new Assuan API. * server.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) (cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys) (cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t instead of int. (register_commands): Allocate assuan context before starting server. (gpg_server): Allocate assuan_context before starting server. scd/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * command.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert) (cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt) (cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey) (cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock) (cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu) (cmd_killscd): Return gpg_error_t instead of int. (scd_command_handler): Allocate assuan context before starting server. * scdaemon.c (main): Update to new Assuan API. sm/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpgsm.c (main): Update to new assuan API. * server.c: Include "gpgsm.h" before <assuan.h> due to check for GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h. (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) (cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys) (cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey) (cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int. (register_commands): Same for member HANDLER in table. (gpgsm_server): Allocate assuan context before starting server. * sm/call-dirmngr.c: * call-dirmngr.c (prepare_dirmngr): Check for CTX and error before setting LDAPSERVER. (start_dirmngr_ext): Allocate assuan context before starting server. (inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb) (run_command_cb, run_command_inq_cb, run_command_status_cb): Return gpg_error_t instead of int. tools/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response) (main): Update to new Assuan API.
2009-09-23 02:01:25 +02:00
static gpg_error_t
Poems for AllowSetForegroundWindow (W32)
2008-02-14 20:50:10 +01:00
inq_writekey_parms (void *opaque, const char *line)
With --enable-gpg the keyservers are now build and a first test using gpg2 shows no prblems. Needs more testing of course.
2006-08-16 12:47:53 +02:00
{
Poems for AllowSetForegroundWindow (W32)
2008-02-14 20:50:10 +01:00
int rc;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
struct writekey_parm_s *parm = opaque;
With --enable-gpg the keyservers are now build and a first test using gpg2 shows no prblems. Needs more testing of course.
2006-08-16 12:47:53 +02:00
Use has_leading_keyword in the assuan callbacks. * agent/call-pinentry.c (inq_quality): Use has_leading_keyword. * agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto. * g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto. (inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto. * g10/call-dirmngr.c (ks_put_inq_cb): Ditto. * sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto. (inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto. (keyinfo_status_cb, inq_import_key_parms): Ditto. * sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto. (lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
if (has_leading_keyword (line, "KEYDATA"))
Poems for AllowSetForegroundWindow (W32)
2008-02-14 20:50:10 +01:00
{
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
rc = assuan_send_data (parm->dflt->ctx, parm->keydata, parm->keydatalen);
Poems for AllowSetForegroundWindow (W32)
2008-02-14 20:50:10 +01:00
}
else
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
rc = default_inq_cb (parm->dflt, line);
Poems for AllowSetForegroundWindow (W32)
2008-02-14 20:50:10 +01:00
return rc;
With --enable-gpg the keyservers are now build and a first test using gpg2 shows no prblems. Needs more testing of course.
2006-08-16 12:47:53 +02:00
}
/* Send a WRITEKEY command to the SCdaemon. */
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
int
With --enable-gpg the keyservers are now build and a first test using gpg2 shows no prblems. Needs more testing of course.
2006-08-16 12:47:53 +02:00
agent_scd_writekey (int keyno, const char *serialno,
const unsigned char *keydata, size_t keydatalen)
{
int rc;
char line[ASSUAN_LINELENGTH];
struct writekey_parm_s parms;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct default_inq_parm_s dfltparm;
memset (&dfltparm, 0, sizeof dfltparm);
With --enable-gpg the keyservers are now build and a first test using gpg2 shows no prblems. Needs more testing of course.
2006-08-16 12:47:53 +02:00
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
(void)serialno;
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
rc = start_agent (NULL, 1);
With --enable-gpg the keyservers are now build and a first test using gpg2 shows no prblems. Needs more testing of course.
2006-08-16 12:47:53 +02:00
if (rc)
return rc;
memset (&parms, 0, sizeof parms);
Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 05:04:46 +02:00
snprintf (line, DIM(line), "SCD WRITEKEY --force OPENPGP.%d", keyno);
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
dfltparm.ctx = agent_ctx;
parms.dflt = &dfltparm;
With --enable-gpg the keyservers are now build and a first test using gpg2 shows no prblems. Needs more testing of course.
2006-08-16 12:47:53 +02:00
parms.keydata = keydata;
parms.keydatalen = keydatalen;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
With --enable-gpg the keyservers are now build and a first test using gpg2 shows no prblems. Needs more testing of course.
2006-08-16 12:47:53 +02:00
rc = assuan_transact (agent_ctx, line, NULL, NULL,
inq_writekey_parms, &parms, NULL, NULL);
Emit CARDCTRL status lines.
2009-07-22 18:08:58 +02:00
status_sc_op_failure (rc);
The big Assuan error code removal.
2006-09-06 18:35:52 +02:00
return rc;
With --enable-gpg the keyservers are now build and a first test using gpg2 shows no prblems. Needs more testing of course.
2006-08-16 12:47:53 +02:00
}
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
/* Status callback for the SCD GENKEY command. */
2009-09-23 Marcus Brinkmann <marcus@g10code.de> * configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION): Update to new API (2, 1.1.0). agent/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpg-agent.c (parse_rereadable_options): Don't set global assuan log file (there ain't one anymore). (main): Update to new API. (check_own_socket_pid_cb): Return gpg_error_t instead of int. (check_own_socket_thread, check_for_running_agent): Create assuan context before connecting to server. * command.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (write_and_clear_outbuf): Use gpg_error_t instead of assuan_error_t. (cmd_geteventcounter, cmd_istrusted, cmd_listtrusted) (cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc) (cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey) (cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase) (cmd_get_confirmation, cmd_learn, cmd_passwd) (cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval) (cmd_updatestartuptty, cmd_killagent, cmd_reloadagent) (cmd_getinfo, option_handler): Return gpg_error_t instead of int. (post_cmd_notify): Change type of ERR to gpg_error_t from int. (io_monitor): Add hook argument. Use symbols for constants. (register_commands): Change return type of HANDLER to gpg_error_t. (start_command_handler): Allocate assuan context before starting server. * call-pinentry.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (unlock_pinentry): Call assuan_release instead of assuan_disconnect. (getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int. (start_pinentry): Allocate assuan context before connecting to server. * call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb) (membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru) (pass_data_thru): Change return type to gpg_error_t. (start_scd): Allocate assuan context before connecting to server. common/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * asshelp.c (start_new_gpg_agent): Allocate assuan context before starting server. g10/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * call-agent.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb) (learn_status_cb, inq_writecert_parms, inq_writekey_parms) (scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of int. * gpg.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (main): Update to new Assuan API. * server.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) (cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys) (cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t instead of int. (register_commands): Allocate assuan context before starting server. (gpg_server): Allocate assuan_context before starting server. scd/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * command.c: Include "scdaemon.h" before <assuan.h> because of GPG_ERR_SOURCE_DEFAULT check. (option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert) (cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt) (cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey) (cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock) (cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu) (cmd_killscd): Return gpg_error_t instead of int. (scd_command_handler): Allocate assuan context before starting server. * scdaemon.c (main): Update to new Assuan API. sm/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpgsm.c (main): Update to new assuan API. * server.c: Include "gpgsm.h" before <assuan.h> due to check for GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h. (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) (cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys) (cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey) (cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int. (register_commands): Same for member HANDLER in table. (gpgsm_server): Allocate assuan context before starting server. * sm/call-dirmngr.c: * call-dirmngr.c (prepare_dirmngr): Check for CTX and error before setting LDAPSERVER. (start_dirmngr_ext): Allocate assuan context before starting server. (inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb) (run_command_cb, run_command_inq_cb, run_command_status_cb): Return gpg_error_t instead of int. tools/ 2009-09-23 Marcus Brinkmann <marcus@g10code.de> * gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response) (main): Update to new Assuan API.
2009-09-23 02:01:25 +02:00
static gpg_error_t
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
scd_genkey_cb (void *opaque, const char *line)
{
g10: smartcard keygen change. * g10/call-agent.c (scd_genkey_cb_append_savedbytes): Remove. (scd_genkey_cb): Only handle KEY-CREATED-AT and PROGRESS. (agent_scd_genkey): Remove INFO argument. CREATETIME is now in/out argument. (agent_readkey): Use READKEY --card instead of SCD READKEY. * g10/keygen.c (gen_card_key): Use READKEY --card command of the agent to retrieve public key information from card and let the agent make a file for private key with shadow info. -- This change removes gpg's KEY-DATA handling for SCD GENKEY. Information with KEY-DATA is simply not used. Instead, it is read by READKEY --card command of gpg-agent. This can consolidate public key handling in a single method by READKEY. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-20 06:30:47 +02:00
u32 *createtime = opaque;
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
const char *keyword = line;
int keywordlen;
for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
;
while (spacep (line))
line++;
g10: smartcard keygen change. * g10/call-agent.c (scd_genkey_cb_append_savedbytes): Remove. (scd_genkey_cb): Only handle KEY-CREATED-AT and PROGRESS. (agent_scd_genkey): Remove INFO argument. CREATETIME is now in/out argument. (agent_readkey): Use READKEY --card instead of SCD READKEY. * g10/keygen.c (gen_card_key): Use READKEY --card command of the agent to retrieve public key information from card and let the agent make a file for private key with shadow info. -- This change removes gpg's KEY-DATA handling for SCD GENKEY. Information with KEY-DATA is simply not used. Instead, it is read by READKEY --card command of gpg-agent. This can consolidate public key handling in a single method by READKEY. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-20 06:30:47 +02:00
if (keywordlen == 14 && !memcmp (keyword,"KEY-CREATED-AT", keywordlen))
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
{
g10: smartcard keygen change. * g10/call-agent.c (scd_genkey_cb_append_savedbytes): Remove. (scd_genkey_cb): Only handle KEY-CREATED-AT and PROGRESS. (agent_scd_genkey): Remove INFO argument. CREATETIME is now in/out argument. (agent_readkey): Use READKEY --card instead of SCD READKEY. * g10/keygen.c (gen_card_key): Use READKEY --card command of the agent to retrieve public key information from card and let the agent make a file for private key with shadow info. -- This change removes gpg's KEY-DATA handling for SCD GENKEY. Information with KEY-DATA is simply not used. Instead, it is read by READKEY --card command of gpg-agent. This can consolidate public key handling in a single method by READKEY. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-20 06:30:47 +02:00
*createtime = (u32)strtoul (line, NULL, 10);
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
}
Ask for the keysize when generating a new card key.
2009-08-05 13:24:43 +02:00
else if (keywordlen == 8 && !memcmp (keyword, "PROGRESS", keywordlen))
{
write_status_text (STATUS_PROGRESS, line);
}
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
g10: smartcard keygen change. * g10/call-agent.c (scd_genkey_cb_append_savedbytes): Remove. (scd_genkey_cb): Only handle KEY-CREATED-AT and PROGRESS. (agent_scd_genkey): Remove INFO argument. CREATETIME is now in/out argument. (agent_readkey): Use READKEY --card instead of SCD READKEY. * g10/keygen.c (gen_card_key): Use READKEY --card command of the agent to retrieve public key information from card and let the agent make a file for private key with shadow info. -- This change removes gpg's KEY-DATA handling for SCD GENKEY. Information with KEY-DATA is simply not used. Instead, it is read by READKEY --card command of gpg-agent. This can consolidate public key handling in a single method by READKEY. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-20 06:30:47 +02:00
return 0;
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
}
g10,scd: Fix ECC keygen. * g10/keygen.c (generate_keypair): For card key generation, fill parameters by KEY-ATTR. * scd/app-openpgp.c (ecc_read_pubkey): OID should be freed at last, after its reference by OIDBUF is finished. (ecc_writekey): Likewise. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 14:37:04 +02:00
/* Send a GENKEY command to the SCdaemon. If *CREATETIME is not 0,
the value will be passed to SCDAEMON with --timestamp option so that
the key is created with this. Otherwise, timestamp was generated by
SCDEAMON. On success, creation time is stored back to
CREATETIME. */
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
int
g10: smartcard keygen change. * g10/call-agent.c (scd_genkey_cb_append_savedbytes): Remove. (scd_genkey_cb): Only handle KEY-CREATED-AT and PROGRESS. (agent_scd_genkey): Remove INFO argument. CREATETIME is now in/out argument. (agent_readkey): Use READKEY --card instead of SCD READKEY. * g10/keygen.c (gen_card_key): Use READKEY --card command of the agent to retrieve public key information from card and let the agent make a file for private key with shadow info. -- This change removes gpg's KEY-DATA handling for SCD GENKEY. Information with KEY-DATA is simply not used. Instead, it is read by READKEY --card command of gpg-agent. This can consolidate public key handling in a single method by READKEY. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-20 06:30:47 +02:00
agent_scd_genkey (int keyno, int force, u32 *createtime)
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
{
int rc;
char line[ASSUAN_LINELENGTH];
Fixed card key generation of gpg2. Reveal less information about timings while generating a key.
2007-07-05 18:58:19 +02:00
gnupg_isotime_t tbuf;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct default_inq_parm_s dfltparm;
memset (&dfltparm, 0, sizeof dfltparm);
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
rc = start_agent (NULL, 1);
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
if (rc)
return rc;
g10: smartcard keygen change. * g10/call-agent.c (scd_genkey_cb_append_savedbytes): Remove. (scd_genkey_cb): Only handle KEY-CREATED-AT and PROGRESS. (agent_scd_genkey): Remove INFO argument. CREATETIME is now in/out argument. (agent_readkey): Use READKEY --card instead of SCD READKEY. * g10/keygen.c (gen_card_key): Use READKEY --card command of the agent to retrieve public key information from card and let the agent make a file for private key with shadow info. -- This change removes gpg's KEY-DATA handling for SCD GENKEY. Information with KEY-DATA is simply not used. Instead, it is read by READKEY --card command of gpg-agent. This can consolidate public key handling in a single method by READKEY. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-20 06:30:47 +02:00
if (*createtime)
epoch2isotime (tbuf, *createtime);
Fixed card key generation of gpg2. Reveal less information about timings while generating a key.
2007-07-05 18:58:19 +02:00
else
*tbuf = 0;
Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 05:04:46 +02:00
snprintf (line, DIM(line), "SCD GENKEY %s%s %s %d",
Fixed card key generation of gpg2. Reveal less information about timings while generating a key.
2007-07-05 18:58:19 +02:00
*tbuf? "--timestamp=":"", tbuf,
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
force? "--force":"",
Fixed card key generation of gpg2. Reveal less information about timings while generating a key.
2007-07-05 18:58:19 +02:00
keyno);
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
dfltparm.ctx = agent_ctx;
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
rc = assuan_transact (agent_ctx, line,
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
NULL, NULL, default_inq_cb, &dfltparm,
g10: smartcard keygen change. * g10/call-agent.c (scd_genkey_cb_append_savedbytes): Remove. (scd_genkey_cb): Only handle KEY-CREATED-AT and PROGRESS. (agent_scd_genkey): Remove INFO argument. CREATETIME is now in/out argument. (agent_readkey): Use READKEY --card instead of SCD READKEY. * g10/keygen.c (gen_card_key): Use READKEY --card command of the agent to retrieve public key information from card and let the agent make a file for private key with shadow info. -- This change removes gpg's KEY-DATA handling for SCD GENKEY. Information with KEY-DATA is simply not used. Instead, it is read by READKEY --card command of gpg-agent. This can consolidate public key handling in a single method by READKEY. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-20 06:30:47 +02:00
scd_genkey_cb, createtime);
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Emit CARDCTRL status lines.
2009-07-22 18:08:58 +02:00
status_sc_op_failure (rc);
The big Assuan error code removal.
2006-09-06 18:35:52 +02:00
return rc;
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
}
agent,g10: Remove redundant SERIALNO request. * agent/learncard.c (agent_handle_learn): Don't call agent_card_serialno. Get the serialno in status response. * g10/call-agent.c (agent_scd_learn): Don't request "SCD SERIALNO". (agent_scd_serialno): New. (card_cardlist_cb, agent_scd_cardlist): New. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-16 06:32:51 +01:00
/* Return the serial number of the card or an appropriate error. The
serial number is returned as a hexstring. */
int
agent_scd_serialno (char **r_serialno, const char *demand)
{
int err;
char *serialno = NULL;
char line[ASSUAN_LINELENGTH];
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
agent,g10: Remove redundant SERIALNO request. * agent/learncard.c (agent_handle_learn): Don't call agent_card_serialno. Get the serialno in status response. * g10/call-agent.c (agent_scd_learn): Don't request "SCD SERIALNO". (agent_scd_serialno): New. (card_cardlist_cb, agent_scd_cardlist): New. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-16 06:32:51 +01:00
err = start_agent (NULL, 1);
if (err)
return err;
if (!demand)
strcpy (line, "SCD SERIALNO");
else
snprintf (line, DIM(line), "SCD SERIALNO --demand=%s", demand);
Ask to insert the right OpenPGP card.
2009-08-11 12:56:44 +02:00
agent,g10: Remove redundant SERIALNO request. * agent/learncard.c (agent_handle_learn): Don't call agent_card_serialno. Get the serialno in status response. * g10/call-agent.c (agent_scd_learn): Don't request "SCD SERIALNO". (agent_scd_serialno): New. (card_cardlist_cb, agent_scd_cardlist): New. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-16 06:32:51 +01:00
err = assuan_transact (agent_ctx, line,
NULL, NULL, NULL, NULL,
get_serialno_cb, &serialno);
if (err)
{
xfree (serialno);
return err;
}
Ask to insert the right OpenPGP card.
2009-08-11 12:56:44 +02:00
agent,g10: Remove redundant SERIALNO request. * agent/learncard.c (agent_handle_learn): Don't call agent_card_serialno. Get the serialno in status response. * g10/call-agent.c (agent_scd_learn): Don't request "SCD SERIALNO". (agent_scd_serialno): New. (card_cardlist_cb, agent_scd_cardlist): New. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-16 06:32:51 +01:00
*r_serialno = serialno;
return 0;
}
Add readcert command. fix reading large certificates.
2009-06-17 11:45:50 +02:00
/* Send a READCERT command to the SCdaemon. */
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
int
Add readcert command. fix reading large certificates.
2009-06-17 11:45:50 +02:00
agent_scd_readcert (const char *certidstr,
void **r_buf, size_t *r_buflen)
{
int rc;
char line[ASSUAN_LINELENGTH];
membuf_t data;
size_t len;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct default_inq_parm_s dfltparm;
memset (&dfltparm, 0, sizeof dfltparm);
Add readcert command. fix reading large certificates.
2009-06-17 11:45:50 +02:00
*r_buf = NULL;
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
rc = start_agent (NULL, 1);
Add readcert command. fix reading large certificates.
2009-06-17 11:45:50 +02:00
if (rc)
return rc;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
dfltparm.ctx = agent_ctx;
Add readcert command. fix reading large certificates.
2009-06-17 11:45:50 +02:00
init_membuf (&data, 2048);
Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 05:04:46 +02:00
snprintf (line, DIM(line), "SCD READCERT %s", certidstr);
Add readcert command. fix reading large certificates.
2009-06-17 11:45:50 +02:00
rc = assuan_transact (agent_ctx, line,
common: New put_membuf_cb to replace static membuf_data_cb. * common/membuf.c (put_membuf_cb): New. * agent/call-scd.c (membuf_data_cb): Remove. Change callers to use put_membuf_cb. * common/get-passphrase.c (membuf_data_cb): Ditto. * g10/call-agent.c (membuf_data_cb): Ditto. * sm/call-agent.c (membuf_data_cb): Ditto. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 06:33:27 +01:00
put_membuf_cb, &data,
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
default_inq_cb, &dfltparm,
NULL, NULL);
Add readcert command. fix reading large certificates.
2009-06-17 11:45:50 +02:00
if (rc)
{
xfree (get_membuf (&data, &len));
return rc;
}
*r_buf = get_membuf (&data, r_buflen);
if (!*r_buf)
return gpg_error (GPG_ERR_ENOMEM);
return 0;
}
agent,g10: Remove redundant SERIALNO request. * agent/learncard.c (agent_handle_learn): Don't call agent_card_serialno. Get the serialno in status response. * g10/call-agent.c (agent_scd_learn): Don't request "SCD SERIALNO". (agent_scd_serialno): New. (card_cardlist_cb, agent_scd_cardlist): New. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-16 06:32:51 +01:00
struct card_cardlist_parm_s {
int error;
strlist_t list;
};
/* Callback function for agent_card_cardlist. */
static gpg_error_t
card_cardlist_cb (void *opaque, const char *line)
{
struct card_cardlist_parm_s *parm = opaque;
const char *keyword = line;
int keywordlen;
for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
;
while (spacep (line))
line++;
if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
{
const char *s;
int n;
for (n=0,s=line; hexdigitp (s); s++, n++)
;
if (!n || (n&1) || *s)
parm->error = gpg_error (GPG_ERR_ASS_PARAMETER);
else
add_to_strlist (&parm->list, line);
}
return 0;
}
Add readcert command. fix reading large certificates.
2009-06-17 11:45:50 +02:00
agent,g10: Remove redundant SERIALNO request. * agent/learncard.c (agent_handle_learn): Don't call agent_card_serialno. Get the serialno in status response. * g10/call-agent.c (agent_scd_learn): Don't request "SCD SERIALNO". (agent_scd_serialno): New. (card_cardlist_cb, agent_scd_cardlist): New. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-16 06:32:51 +01:00
/* Return cardlist. */
int
agent_scd_cardlist (strlist_t *result)
{
int err;
char line[ASSUAN_LINELENGTH];
struct card_cardlist_parm_s parm;
memset (&parm, 0, sizeof parm);
*result = NULL;
err = start_agent (NULL, 1);
if (err)
return err;
Add readcert command. fix reading large certificates.
2009-06-17 11:45:50 +02:00
agent,g10: Remove redundant SERIALNO request. * agent/learncard.c (agent_handle_learn): Don't call agent_card_serialno. Get the serialno in status response. * g10/call-agent.c (agent_scd_learn): Don't request "SCD SERIALNO". (agent_scd_serialno): New. (card_cardlist_cb, agent_scd_cardlist): New. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-16 06:32:51 +01:00
strcpy (line, "SCD GETINFO card_list");
err = assuan_transact (agent_ctx, line,
NULL, NULL, NULL, NULL,
card_cardlist_cb, &parm);
if (!err && parm.error)
err = parm.error;
if (!err)
*result = parm.list;
else
free_strlist (parm.list);
return 0;
}
Add readcert command. fix reading large certificates.
2009-06-17 11:45:50 +02:00
* keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards. (do_generate_keypair): Abd generate the authkey. (check_smartcard): Changed menu accordingly.
2003-07-23 09:11:06 +02:00
/* Change the PIN of an OpenPGP card or reset the retry counter.
* keylist.c (print_card_serialno): New. (list_keyblock_print): Use it here. * card-util.c (toggle_forcesig): New. (card_edit): New command "forcesig". * card-util.c (print_name, print_isoname): Use 0 and not LF fro the max_n arg of tty_print_utf8_string2. * call-agent.c (agent_scd_getattr): New. (learn_status_cb): Release values before assignment so that it can be used by getattr to update the structure. * card-util.c (change_pin): Simplified. We now have only a PIN and an Admin PIN.
2003-09-30 19:34:38 +02:00
CHVNO 1: Change the PIN
Finished support for v2 cards with the exception of secure messaging.
2008-09-25 12:06:02 +02:00
2: For v1 cards: Same as 1.
For v2 cards: Reset the PIN using the Reset Code.
* keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards. (do_generate_keypair): Abd generate the authkey. (check_smartcard): Changed menu accordingly.
2003-07-23 09:11:06 +02:00
3: Change the admin PIN
* keylist.c (print_card_serialno): New. (list_keyblock_print): Use it here. * card-util.c (toggle_forcesig): New. (card_edit): New command "forcesig". * card-util.c (print_name, print_isoname): Use 0 and not LF fro the max_n arg of tty_print_utf8_string2. * call-agent.c (agent_scd_getattr): New. (learn_status_cb): Release values before assignment so that it can be used by getattr to update the structure. * card-util.c (change_pin): Simplified. We now have only a PIN and an Admin PIN.
2003-09-30 19:34:38 +02:00
101: Set a new PIN and reset the retry counter
Finished support for v2 cards with the exception of secure messaging.
2008-09-25 12:06:02 +02:00
102: For v1 cars: Same as 101.
For v2 cards: Set a new Reset Code.
g10/ does build again.
2006-05-23 18:19:43 +02:00
SERIALNO is not used.
* keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards. (do_generate_keypair): Abd generate the authkey. (check_smartcard): Changed menu accordingly.
2003-07-23 09:11:06 +02:00
*/
int
g10/ does build again.
2006-05-23 18:19:43 +02:00
agent_scd_change_pin (int chvno, const char *serialno)
* keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards. (do_generate_keypair): Abd generate the authkey. (check_smartcard): Changed menu accordingly.
2003-07-23 09:11:06 +02:00
{
int rc;
char line[ASSUAN_LINELENGTH];
const char *reset = "";
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct default_inq_parm_s dfltparm;
memset (&dfltparm, 0, sizeof dfltparm);
* keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards. (do_generate_keypair): Abd generate the authkey. (check_smartcard): Changed menu accordingly.
2003-07-23 09:11:06 +02:00
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
(void)serialno;
* keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards. (do_generate_keypair): Abd generate the authkey. (check_smartcard): Changed menu accordingly.
2003-07-23 09:11:06 +02:00
if (chvno >= 100)
reset = "--reset";
chvno %= 100;
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
rc = start_agent (NULL, 1);
* keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards. (do_generate_keypair): Abd generate the authkey. (check_smartcard): Changed menu accordingly.
2003-07-23 09:11:06 +02:00
if (rc)
return rc;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
dfltparm.ctx = agent_ctx;
* keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards. (do_generate_keypair): Abd generate the authkey. (check_smartcard): Changed menu accordingly.
2003-07-23 09:11:06 +02:00
Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 05:04:46 +02:00
snprintf (line, DIM(line), "SCD PASSWD %s %d", reset, chvno);
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
rc = assuan_transact (agent_ctx, line,
NULL, NULL,
default_inq_cb, &dfltparm,
NULL, NULL);
Emit CARDCTRL status lines.
2009-07-22 18:08:58 +02:00
status_sc_op_failure (rc);
The big Assuan error code removal.
2006-09-06 18:35:52 +02:00
return rc;
* keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards. (do_generate_keypair): Abd generate the authkey. (check_smartcard): Changed menu accordingly.
2003-07-23 09:11:06 +02:00
}
* card-util.c (card_edit): New command "passwd". Add logic to check the PIN in advance. (card_status): Add new args to return the serial number. Changed all callers. * call-agent.c (agent_scd_checkpin): New.
2003-10-21 19:12:21 +02:00
* card-util.c (card_edit): Remove PIN verification. (generate_card_keys): New arg SERIALNO. Do PIN verification here after resetting forced_chv1.
2004-04-29 19:25:38 +02:00
/* Perform a CHECKPIN operation. SERIALNO should be the serial
g10/ does build again.
2006-05-23 18:19:43 +02:00
number of the card - optionally followed by the fingerprint;
* card-util.c (card_edit): New command "passwd". Add logic to check the PIN in advance. (card_status): Add new args to return the serial number. Changed all callers. * call-agent.c (agent_scd_checkpin): New.
2003-10-21 19:12:21 +02:00
however the fingerprint is ignored here. */
int
agent_scd_checkpin (const char *serialno)
{
int rc;
char line[ASSUAN_LINELENGTH];
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct default_inq_parm_s dfltparm;
memset (&dfltparm, 0, sizeof dfltparm);
* card-util.c (card_edit): New command "passwd". Add logic to check the PIN in advance. (card_status): Add new args to return the serial number. Changed all callers. * call-agent.c (agent_scd_checkpin): New.
2003-10-21 19:12:21 +02:00
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
rc = start_agent (NULL, 1);
* card-util.c (card_edit): New command "passwd". Add logic to check the PIN in advance. (card_status): Add new args to return the serial number. Changed all callers. * call-agent.c (agent_scd_checkpin): New.
2003-10-21 19:12:21 +02:00
if (rc)
return rc;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
dfltparm.ctx = agent_ctx;
* card-util.c (card_edit): New command "passwd". Add logic to check the PIN in advance. (card_status): Add new args to return the serial number. Changed all callers. * call-agent.c (agent_scd_checkpin): New.
2003-10-21 19:12:21 +02:00
Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 05:04:46 +02:00
snprintf (line, DIM(line), "SCD CHECKPIN %s", serialno);
Emit CARDCTRL status lines.
2009-07-22 18:08:58 +02:00
rc = assuan_transact (agent_ctx, line,
NULL, NULL,
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
default_inq_cb, &dfltparm,
NULL, NULL);
Emit CARDCTRL status lines.
2009-07-22 18:08:58 +02:00
status_sc_op_failure (rc);
return rc;
* card-util.c (card_edit): New command "passwd". Add logic to check the PIN in advance. (card_status): Add new args to return the serial number. Changed all callers. * call-agent.c (agent_scd_checkpin): New.
2003-10-21 19:12:21 +02:00
}
g10/ does build again.
2006-05-23 18:19:43 +02:00
/* Dummy function, only used by the gpg 1.4 implementation. */
void
agent_clear_pin_cache (const char *sn)
{
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
(void)sn;
g10/ does build again.
2006-05-23 18:19:43 +02:00
}
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
New option --list-config for gpgconf.
2007-10-23 20:13:27 +02:00
/* Note: All strings shall be UTF-8. On success the caller needs to
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
free the string stored at R_PASSPHRASE. On error NULL will be
stored at R_PASSPHRASE and an appropriate fpf error code
returned. */
gpg_error_t
agent_get_passphrase (const char *cache_id,
const char *err_msg,
const char *prompt,
const char *desc_msg,
Move password repetition from gpg to gpg-agent.
2009-03-17 13:13:32 +01:00
int repeat,
Made card key generate with backup key work for 2048 bit. Improved card key generation prompts.
2009-05-15 21:26:46 +02:00
int check,
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
char **r_passphrase)
{
int rc;
Enhanced last patch.
2009-03-17 18:59:36 +01:00
char line[ASSUAN_LINELENGTH];
char *arg1 = NULL;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
char *arg2 = NULL;
char *arg3 = NULL;
Enhanced last patch.
2009-03-17 18:59:36 +01:00
char *arg4 = NULL;
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
membuf_t data;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct default_inq_parm_s dfltparm;
memset (&dfltparm, 0, sizeof dfltparm);
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
*r_passphrase = NULL;
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
rc = start_agent (NULL, 0);
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
if (rc)
return rc;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
dfltparm.ctx = agent_ctx;
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
Enhanced last patch.
2009-03-17 18:59:36 +01:00
/* Check that the gpg-agent understands the repeat option. */
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
if (assuan_transact (agent_ctx,
Enhanced last patch.
2009-03-17 18:59:36 +01:00
"GETINFO cmd_has_option GET_PASSPHRASE repeat",
NULL, NULL, NULL, NULL, NULL, NULL))
return gpg_error (GPG_ERR_NOT_SUPPORTED);
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
Enhanced last patch.
2009-03-17 18:59:36 +01:00
if (cache_id && *cache_id)
if (!(arg1 = percent_plus_escape (cache_id)))
goto no_mem;
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
if (err_msg && *err_msg)
Enhanced last patch.
2009-03-17 18:59:36 +01:00
if (!(arg2 = percent_plus_escape (err_msg)))
goto no_mem;
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
if (prompt && *prompt)
Enhanced last patch.
2009-03-17 18:59:36 +01:00
if (!(arg3 = percent_plus_escape (prompt)))
goto no_mem;
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
if (desc_msg && *desc_msg)
Enhanced last patch.
2009-03-17 18:59:36 +01:00
if (!(arg4 = percent_plus_escape (desc_msg)))
goto no_mem;
Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 05:04:46 +02:00
snprintf (line, DIM(line),
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
"GET_PASSPHRASE --data --repeat=%d%s -- %s %s %s %s",
repeat,
Made card key generate with backup key work for 2048 bit. Improved card key generation prompts.
2009-05-15 21:26:46 +02:00
check? " --check --qualitybar":"",
Enhanced last patch.
2009-03-17 18:59:36 +01:00
arg1? arg1:"X",
arg2? arg2:"X",
arg3? arg3:"X",
arg4? arg4:"X");
xfree (arg1);
xfree (arg2);
xfree (arg3);
xfree (arg4);
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
init_membuf_secure (&data, 64);
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
rc = assuan_transact (agent_ctx, line,
common: New put_membuf_cb to replace static membuf_data_cb. * common/membuf.c (put_membuf_cb): New. * agent/call-scd.c (membuf_data_cb): Remove. Change callers to use put_membuf_cb. * common/get-passphrase.c (membuf_data_cb): Ditto. * g10/call-agent.c (membuf_data_cb): Ditto. * sm/call-agent.c (membuf_data_cb): Ditto. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 06:33:27 +01:00
put_membuf_cb, &data,
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
default_inq_cb, &dfltparm,
NULL, NULL);
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
if (rc)
xfree (get_membuf (&data, NULL));
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
else
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
{
put_membuf (&data, "", 1);
*r_passphrase = get_membuf (&data, NULL);
if (!*r_passphrase)
rc = gpg_error_from_syserror ();
}
Enhanced last patch.
2009-03-17 18:59:36 +01:00
return rc;
no_mem:
rc = gpg_error_from_syserror ();
xfree (arg1);
xfree (arg2);
xfree (arg3);
xfree (arg4);
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
return rc;
}
gpg_error_t
agent_clear_passphrase (const char *cache_id)
{
int rc;
char line[ASSUAN_LINELENGTH];
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct default_inq_parm_s dfltparm;
memset (&dfltparm, 0, sizeof dfltparm);
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
if (!cache_id || !*cache_id)
return 0;
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
rc = start_agent (NULL, 0);
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
if (rc)
return rc;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
dfltparm.ctx = agent_ctx;
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 05:04:46 +02:00
snprintf (line, DIM(line), "CLEAR_PASSPHRASE %s", cache_id);
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
return assuan_transact (agent_ctx, line,
NULL, NULL,
default_inq_cb, &dfltparm,
NULL, NULL);
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
}
Ask to insert the right OpenPGP card.
2009-08-11 12:56:44 +02:00
/* Ask the agent to pop up a confirmation dialog with the text DESC
and an okay and cancel button. */
gpg_error_t
gpg_agent_get_confirmation (const char *desc)
{
int rc;
char *tmp;
char line[ASSUAN_LINELENGTH];
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct default_inq_parm_s dfltparm;
memset (&dfltparm, 0, sizeof dfltparm);
Ask to insert the right OpenPGP card.
2009-08-11 12:56:44 +02:00
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
rc = start_agent (NULL, 0);
Ask to insert the right OpenPGP card.
2009-08-11 12:56:44 +02:00
if (rc)
return rc;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
dfltparm.ctx = agent_ctx;
Ask to insert the right OpenPGP card.
2009-08-11 12:56:44 +02:00
tmp = percent_plus_escape (desc);
if (!tmp)
return gpg_error_from_syserror ();
Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 05:04:46 +02:00
snprintf (line, DIM(line), "GET_CONFIRMATION %s", tmp);
Ask to insert the right OpenPGP card.
2009-08-11 12:56:44 +02:00
xfree (tmp);
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
rc = assuan_transact (agent_ctx, line,
NULL, NULL,
default_inq_cb, &dfltparm,
NULL, NULL);
Ask to insert the right OpenPGP card.
2009-08-11 12:56:44 +02:00
return rc;
}
Add dummu option --passwd for gpg. Collected changes.
2010-01-08 20:18:49 +01:00
/* Return the S2K iteration count as computed by gpg-agent. */
gpg_error_t
agent_get_s2k_count (unsigned long *r_count)
{
gpg_error_t err;
membuf_t data;
char *buf;
*r_count = 0;
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
err = start_agent (NULL, 0);
Add dummu option --passwd for gpg. Collected changes.
2010-01-08 20:18:49 +01:00
if (err)
return err;
init_membuf (&data, 32);
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
err = assuan_transact (agent_ctx, "GETINFO s2k_count",
common: New put_membuf_cb to replace static membuf_data_cb. * common/membuf.c (put_membuf_cb): New. * agent/call-scd.c (membuf_data_cb): Remove. Change callers to use put_membuf_cb. * common/get-passphrase.c (membuf_data_cb): Ditto. * g10/call-agent.c (membuf_data_cb): Ditto. * sm/call-agent.c (membuf_data_cb): Ditto. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 06:33:27 +01:00
put_membuf_cb, &data,
Add dummu option --passwd for gpg. Collected changes.
2010-01-08 20:18:49 +01:00
NULL, NULL, NULL, NULL);
if (err)
xfree (get_membuf (&data, NULL));
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
else
Add dummu option --passwd for gpg. Collected changes.
2010-01-08 20:18:49 +01:00
{
put_membuf (&data, "", 1);
buf = get_membuf (&data, NULL);
if (!buf)
err = gpg_error_from_syserror ();
else
{
*r_count = strtoul (buf, NULL, 10);
xfree (buf);
}
}
return err;
}
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
More changes on the way to remove secring.gpg.
2010-04-21 18:26:17 +02:00
/* Ask the agent whether a secret key for the given public key is
available. Returns 0 if available. */
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
gpg_error_t
More changes on the way to remove secring.gpg.
2010-04-21 18:26:17 +02:00
agent_probe_secret_key (ctrl_t ctrl, PKT_public_key *pk)
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
{
gpg_error_t err;
char line[ASSUAN_LINELENGTH];
More changes on the way to remove secring.gpg.
2010-04-21 18:26:17 +02:00
char *hexgrip;
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
err = start_agent (ctrl, 0);
if (err)
return err;
More changes on the way to remove secring.gpg.
2010-04-21 18:26:17 +02:00
err = hexkeygrip_from_pk (pk, &hexgrip);
if (err)
return err;
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
More changes on the way to remove secring.gpg.
2010-04-21 18:26:17 +02:00
snprintf (line, sizeof line, "HAVEKEY %s", hexgrip);
xfree (hexgrip);
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
return err;
}
Add new option --with-secret. * g10/gpg.c: Add option --with-secret. * g10/options.h (struct opt): Add field with_secret. * g10/keylist.c (public_key_list): Pass opt.with_secret to list_all and list_one. (list_all, list_one): Add arg mark_secret. (list_keyblock_colon): Add arg has_secret. * sm/gpgsm.c: Add option --with-secret. * sm/server.c (option_handler): Add option "with-secret". * sm/gpgsm.h (server_control_s): Add field with_secret. * sm/keylist.c (list_cert_colon): Take care of with_secret. Also move the token string from the wrong field 14 to 15. -- This option is useful for key managers which need to know whether a key has a secret key. This change allows to collect this information in one pass.
2014-06-03 21:35:59 +02:00
/* Ask the agent whether a secret key is available for any of the
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
keys (primary or sub) in KEYBLOCK. Returns 0 if available. */
gpg_error_t
agent_probe_any_secret_key (ctrl_t ctrl, kbnode_t keyblock)
{
gpg_error_t err;
char line[ASSUAN_LINELENGTH];
char *p;
kbnode_t kbctx, node;
int nkeys;
unsigned char grip[20];
err = start_agent (ctrl, 0);
if (err)
return err;
err = gpg_error (GPG_ERR_NO_SECKEY); /* Just in case no key was
found in KEYBLOCK. */
p = stpcpy (line, "HAVEKEY");
for (kbctx=NULL, nkeys=0; (node = walk_kbnode (keyblock, &kbctx, 0)); )
if (node->pkt->pkttype == PKT_PUBLIC_KEY
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY
|| node->pkt->pkttype == PKT_SECRET_KEY
|| node->pkt->pkttype == PKT_SECRET_SUBKEY)
{
if (nkeys && ((p - line) + 41) > (ASSUAN_LINELENGTH - 2))
{
err = assuan_transact (agent_ctx, line,
NULL, NULL, NULL, NULL, NULL, NULL);
if (err != gpg_err_code (GPG_ERR_NO_SECKEY))
break; /* Seckey available or unexpected error - ready. */
p = stpcpy (line, "HAVEKEY");
nkeys = 0;
}
err = keygrip_from_pk (node->pkt->pkt.public_key, grip);
if (err)
return err;
*p++ = ' ';
bin2hex (grip, 20, p);
p += 40;
nkeys++;
}
if (!err && nkeys)
err = assuan_transact (agent_ctx, line,
NULL, NULL, NULL, NULL, NULL, NULL);
return err;
}
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
gpg: Remove C-99ism, re-indent, and simplify one function. * g10/call-agent.c (struct keyinfo_data): Rename to keyinfo_data_parm_s. (agent_get_keyinfo): Replace C-99 style init. (keyinfo_status_cb): Use new fucntion split_fields. * g10/export.c (match_curve_skey_pk): Add missings returns error cases. (cleartext_secret_key_to_openpgp): Better clear PK->PKEY first. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-11 20:42:28 +02:00
struct keyinfo_data_parm_s
{
g10: report whether key in agent is passphrase-protected or not * g10/call-agent.c, g10/call-agent.h (agent_get_keyinfo): add r_cleartext parameter to report whether a key is stored without passphrase protection. * g10/gpgv.c, g10/test-stubs.c: augment dummy agent_get_keyinfo to match new API. * g10/export.c, g10/keyedit.c, g10/keygen.c, g10/keylist.c, g10/sign.c: pass NULL to agent_get_keyinfo since we do not yet need to know whether agent is passphrase-protected. -- Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-06-10 22:15:33 +02:00
char *serialno;
int cleartext;
};
gpg: Remove C-99ism, re-indent, and simplify one function. * g10/call-agent.c (struct keyinfo_data): Rename to keyinfo_data_parm_s. (agent_get_keyinfo): Replace C-99 style init. (keyinfo_status_cb): Use new fucntion split_fields. * g10/export.c (match_curve_skey_pk): Add missings returns error cases. (cleartext_secret_key_to_openpgp): Better clear PK->PKEY first. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-11 20:42:28 +02:00
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
static gpg_error_t
keyinfo_status_cb (void *opaque, const char *line)
{
gpg: Remove C-99ism, re-indent, and simplify one function. * g10/call-agent.c (struct keyinfo_data): Rename to keyinfo_data_parm_s. (agent_get_keyinfo): Replace C-99 style init. (keyinfo_status_cb): Use new fucntion split_fields. * g10/export.c (match_curve_skey_pk): Add missings returns error cases. (cleartext_secret_key_to_openpgp): Better clear PK->PKEY first. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-11 20:42:28 +02:00
struct keyinfo_data_parm_s *data = opaque;
g10: report whether key in agent is passphrase-protected or not * g10/call-agent.c, g10/call-agent.h (agent_get_keyinfo): add r_cleartext parameter to report whether a key is stored without passphrase protection. * g10/gpgv.c, g10/test-stubs.c: augment dummy agent_get_keyinfo to match new API. * g10/export.c, g10/keyedit.c, g10/keygen.c, g10/keylist.c, g10/sign.c: pass NULL to agent_get_keyinfo since we do not yet need to know whether agent is passphrase-protected. -- Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-06-10 22:15:33 +02:00
int is_smartcard;
gpg: Remove C-99ism, re-indent, and simplify one function. * g10/call-agent.c (struct keyinfo_data): Rename to keyinfo_data_parm_s. (agent_get_keyinfo): Replace C-99 style init. (keyinfo_status_cb): Use new fucntion split_fields. * g10/export.c (match_curve_skey_pk): Add missings returns error cases. (cleartext_secret_key_to_openpgp): Better clear PK->PKEY first. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-11 20:42:28 +02:00
char *s;
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
g10: report whether key in agent is passphrase-protected or not * g10/call-agent.c, g10/call-agent.h (agent_get_keyinfo): add r_cleartext parameter to report whether a key is stored without passphrase protection. * g10/gpgv.c, g10/test-stubs.c: augment dummy agent_get_keyinfo to match new API. * g10/export.c, g10/keyedit.c, g10/keygen.c, g10/keylist.c, g10/sign.c: pass NULL to agent_get_keyinfo since we do not yet need to know whether agent is passphrase-protected. -- Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-06-10 22:15:33 +02:00
if ((s = has_leading_keyword (line, "KEYINFO")) && data)
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
{
gpg: Remove C-99ism, re-indent, and simplify one function. * g10/call-agent.c (struct keyinfo_data): Rename to keyinfo_data_parm_s. (agent_get_keyinfo): Replace C-99 style init. (keyinfo_status_cb): Use new fucntion split_fields. * g10/export.c (match_curve_skey_pk): Add missings returns error cases. (cleartext_secret_key_to_openpgp): Better clear PK->PKEY first. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-11 20:42:28 +02:00
/* Parse the arguments:
* 0 1 2 3 4 5
* <keygrip> <type> <serialno> <idstr> <cached> <protection>
*/
char *fields[6];
if (split_fields (s, fields, DIM (fields)) == 6)
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
{
gpg: Remove C-99ism, re-indent, and simplify one function. * g10/call-agent.c (struct keyinfo_data): Rename to keyinfo_data_parm_s. (agent_get_keyinfo): Replace C-99 style init. (keyinfo_status_cb): Use new fucntion split_fields. * g10/export.c (match_curve_skey_pk): Add missings returns error cases. (cleartext_secret_key_to_openpgp): Better clear PK->PKEY first. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-11 20:42:28 +02:00
is_smartcard = (fields[1][0] == 'T');
if (is_smartcard && !data->serialno && strcmp (fields[2], "-"))
data->serialno = xtrystrdup (fields[2]);
/* 'P' for protected, 'C' for clear */
data->cleartext = (fields[5][0] == 'C');
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
}
}
return 0;
}
/* Return the serial number for a secret key. If the returned serial
number is NULL, the key is not stored on a smartcard. Caller needs
g10: report whether key in agent is passphrase-protected or not * g10/call-agent.c, g10/call-agent.h (agent_get_keyinfo): add r_cleartext parameter to report whether a key is stored without passphrase protection. * g10/gpgv.c, g10/test-stubs.c: augment dummy agent_get_keyinfo to match new API. * g10/export.c, g10/keyedit.c, g10/keygen.c, g10/keylist.c, g10/sign.c: pass NULL to agent_get_keyinfo since we do not yet need to know whether agent is passphrase-protected. -- Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-06-10 22:15:33 +02:00
to free R_SERIALNO.
if r_cleartext is not NULL, the referenced int will be set to 1 if
the agent's copy of the key is stored in the clear, or 0 otherwise
*/
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
gpg_error_t
g10: report whether key in agent is passphrase-protected or not * g10/call-agent.c, g10/call-agent.h (agent_get_keyinfo): add r_cleartext parameter to report whether a key is stored without passphrase protection. * g10/gpgv.c, g10/test-stubs.c: augment dummy agent_get_keyinfo to match new API. * g10/export.c, g10/keyedit.c, g10/keygen.c, g10/keylist.c, g10/sign.c: pass NULL to agent_get_keyinfo since we do not yet need to know whether agent is passphrase-protected. -- Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-06-10 22:15:33 +02:00
agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip,
char **r_serialno, int *r_cleartext)
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
{
gpg_error_t err;
char line[ASSUAN_LINELENGTH];
gpg: Remove C-99ism, re-indent, and simplify one function. * g10/call-agent.c (struct keyinfo_data): Rename to keyinfo_data_parm_s. (agent_get_keyinfo): Replace C-99 style init. (keyinfo_status_cb): Use new fucntion split_fields. * g10/export.c (match_curve_skey_pk): Add missings returns error cases. (cleartext_secret_key_to_openpgp): Better clear PK->PKEY first. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-11 20:42:28 +02:00
struct keyinfo_data_parm_s keyinfo;
memset (&keyinfo, 0,sizeof keyinfo);
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
*r_serialno = NULL;
err = start_agent (ctrl, 0);
if (err)
return err;
if (!hexkeygrip || strlen (hexkeygrip) != 40)
return gpg_error (GPG_ERR_INV_VALUE);
Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 05:04:46 +02:00
snprintf (line, DIM(line), "KEYINFO %s", hexkeygrip);
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL,
g10: report whether key in agent is passphrase-protected or not * g10/call-agent.c, g10/call-agent.h (agent_get_keyinfo): add r_cleartext parameter to report whether a key is stored without passphrase protection. * g10/gpgv.c, g10/test-stubs.c: augment dummy agent_get_keyinfo to match new API. * g10/export.c, g10/keyedit.c, g10/keygen.c, g10/keylist.c, g10/sign.c: pass NULL to agent_get_keyinfo since we do not yet need to know whether agent is passphrase-protected. -- Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-06-10 22:15:33 +02:00
keyinfo_status_cb, &keyinfo);
if (!err && keyinfo.serialno)
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
{
/* Sanity check for bad characters. */
g10: report whether key in agent is passphrase-protected or not * g10/call-agent.c, g10/call-agent.h (agent_get_keyinfo): add r_cleartext parameter to report whether a key is stored without passphrase protection. * g10/gpgv.c, g10/test-stubs.c: augment dummy agent_get_keyinfo to match new API. * g10/export.c, g10/keyedit.c, g10/keygen.c, g10/keylist.c, g10/sign.c: pass NULL to agent_get_keyinfo since we do not yet need to know whether agent is passphrase-protected. -- Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-06-10 22:15:33 +02:00
if (strpbrk (keyinfo.serialno, ":\n\r"))
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
err = GPG_ERR_INV_VALUE;
}
if (err)
g10: report whether key in agent is passphrase-protected or not * g10/call-agent.c, g10/call-agent.h (agent_get_keyinfo): add r_cleartext parameter to report whether a key is stored without passphrase protection. * g10/gpgv.c, g10/test-stubs.c: augment dummy agent_get_keyinfo to match new API. * g10/export.c, g10/keyedit.c, g10/keygen.c, g10/keylist.c, g10/sign.c: pass NULL to agent_get_keyinfo since we do not yet need to know whether agent is passphrase-protected. -- Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-06-10 22:15:33 +02:00
xfree (keyinfo.serialno);
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
else
g10: report whether key in agent is passphrase-protected or not * g10/call-agent.c, g10/call-agent.h (agent_get_keyinfo): add r_cleartext parameter to report whether a key is stored without passphrase protection. * g10/gpgv.c, g10/test-stubs.c: augment dummy agent_get_keyinfo to match new API. * g10/export.c, g10/keyedit.c, g10/keygen.c, g10/keylist.c, g10/sign.c: pass NULL to agent_get_keyinfo since we do not yet need to know whether agent is passphrase-protected. -- Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-06-10 22:15:33 +02:00
{
*r_serialno = keyinfo.serialno;
if (r_cleartext)
*r_cleartext = keyinfo.cleartext;
}
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
return err;
}
Use passphrase caching for import and genkey.
2010-09-01 11:48:35 +02:00
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
/* Status callback for agent_import_key, agent_export_key and
agent_genkey. */
Use passphrase caching for import and genkey.
2010-09-01 11:48:35 +02:00
static gpg_error_t
cache_nonce_status_cb (void *opaque, const char *line)
{
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
struct cache_nonce_parm_s *parm = opaque;
gpg: Print PROGRESS status lines during key generation. * g10/call-agent.c (cache_nonce_status_cb): Rewrite by using has_leading_keyword. Handle PROGRESS lines. -- GnuPG-bug-id: 1415 Co-authored-by: Daiki Ueno <ueno@gnu.org> Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-25 11:34:49 +01:00
const char *s;
Use passphrase caching for import and genkey.
2010-09-01 11:48:35 +02:00
gpg: Print PROGRESS status lines during key generation. * g10/call-agent.c (cache_nonce_status_cb): Rewrite by using has_leading_keyword. Handle PROGRESS lines. -- GnuPG-bug-id: 1415 Co-authored-by: Daiki Ueno <ueno@gnu.org> Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-25 11:34:49 +01:00
if ((s = has_leading_keyword (line, "CACHE_NONCE")))
Use passphrase caching for import and genkey.
2010-09-01 11:48:35 +02:00
{
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
if (parm->cache_nonce_addr)
{
xfree (*parm->cache_nonce_addr);
gpg: Print PROGRESS status lines during key generation. * g10/call-agent.c (cache_nonce_status_cb): Rewrite by using has_leading_keyword. Handle PROGRESS lines. -- GnuPG-bug-id: 1415 Co-authored-by: Daiki Ueno <ueno@gnu.org> Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-25 11:34:49 +01:00
*parm->cache_nonce_addr = xtrystrdup (s);
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
}
}
gpg: Print PROGRESS status lines during key generation. * g10/call-agent.c (cache_nonce_status_cb): Rewrite by using has_leading_keyword. Handle PROGRESS lines. -- GnuPG-bug-id: 1415 Co-authored-by: Daiki Ueno <ueno@gnu.org> Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-25 11:34:49 +01:00
else if ((s = has_leading_keyword (line, "PASSWD_NONCE")))
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
{
if (parm->passwd_nonce_addr)
Use passphrase caching for import and genkey.
2010-09-01 11:48:35 +02:00
{
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
xfree (*parm->passwd_nonce_addr);
gpg: Print PROGRESS status lines during key generation. * g10/call-agent.c (cache_nonce_status_cb): Rewrite by using has_leading_keyword. Handle PROGRESS lines. -- GnuPG-bug-id: 1415 Co-authored-by: Daiki Ueno <ueno@gnu.org> Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-25 11:34:49 +01:00
*parm->passwd_nonce_addr = xtrystrdup (s);
Use passphrase caching for import and genkey.
2010-09-01 11:48:35 +02:00
}
}
gpg: Print PROGRESS status lines during key generation. * g10/call-agent.c (cache_nonce_status_cb): Rewrite by using has_leading_keyword. Handle PROGRESS lines. -- GnuPG-bug-id: 1415 Co-authored-by: Daiki Ueno <ueno@gnu.org> Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-25 11:34:49 +01:00
else if ((s = has_leading_keyword (line, "PROGRESS")))
{
if (opt.enable_progress_filter)
write_status_text (STATUS_PROGRESS, s);
}
Use passphrase caching for import and genkey.
2010-09-01 11:48:35 +02:00
return 0;
}
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
/* Handle a KEYPARMS inquiry. Note, we only send the data,
assuan_transact takes care of flushing and writing the end */
static gpg_error_t
inq_genkey_parms (void *opaque, const char *line)
{
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
struct genkey_parm_s *parm = opaque;
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
gpg_error_t err;
Use has_leading_keyword in the assuan callbacks. * agent/call-pinentry.c (inq_quality): Use has_leading_keyword. * agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto. * g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto. (inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto. * g10/call-dirmngr.c (ks_put_inq_cb): Ditto. * sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto. (inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto. (keyinfo_status_cb, inq_import_key_parms): Ditto. * sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto. (lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
if (has_leading_keyword (line, "KEYPARAM"))
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
{
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
err = assuan_send_data (parm->dflt->ctx,
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
parm->keyparms, strlen (parm->keyparms));
}
gpg: Re-enable the "Passphrase" parameter for batch key generation. * agent/command.c (cmd_genkey): Add option --inq-passwd. * agent/genkey.c (agent_genkey): Add new arg override_passphrase. * g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword. (agent_genkey): Add arg optional arg "passphrase". * g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc) (gen_rsa, do_create): Add arg "passphrase" and pass it through. (do_generate_keypair): Make use of pPASSPHRASE. (release_parameter_list): Wipe out a passphrase parameter. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-21 11:31:20 +01:00
else if (has_leading_keyword (line, "NEWPASSWD") && parm->passphrase)
{
err = assuan_send_data (parm->dflt->ctx,
parm->passphrase, strlen (parm->passphrase));
}
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
else
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
err = default_inq_cb (parm->dflt, line);
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
return err;
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
}
/* Call the agent to generate a new key. KEYPARMS is the usual
S-expression giving the parameters of the key. gpg-agent passes it
All tests work are again working
2010-10-14 18:34:31 +02:00
gcry_pk_genkey. If NO_PROTECTION is true the agent is advised not
gpg: Re-enable the "Passphrase" parameter for batch key generation. * agent/command.c (cmd_genkey): Add option --inq-passwd. * agent/genkey.c (agent_genkey): Add new arg override_passphrase. * g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword. (agent_genkey): Add arg optional arg "passphrase". * g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc) (gen_rsa, do_create): Add arg "passphrase" and pass it through. (do_generate_keypair): Make use of pPASSPHRASE. (release_parameter_list): Wipe out a passphrase parameter. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-21 11:31:20 +01:00
to protect the generated key. If NO_PROTECTION is not set and
PASSPHRASE is not NULL the agent is requested to protect the key
with that passphrase instead of asking for one. */
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
gpg_error_t
gpg: Try to use the passphrase from the primary for --quick-addkey. * agent/command.c (cmd_genkey): Add option --passwd-nonce. (cmd_passwd): Return a PASSWD_NONCE in verify mode. * g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do not send a RESET if given. (agent_passwd): Add arg 'verify'. * g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'. (gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto. (generate_subkeypair): Use sepeare hexgrip var for the to be created for hexgrip feature. Verify primary key first. Make use of the passwd nonce. Allow for a static passphrase. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 21:21:08 +02:00
agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, char **passwd_nonce_addr,
gpg: Re-enable the "Passphrase" parameter for batch key generation. * agent/command.c (cmd_genkey): Add option --inq-passwd. * agent/genkey.c (agent_genkey): Add new arg override_passphrase. * g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword. (agent_genkey): Add arg optional arg "passphrase". * g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc) (gen_rsa, do_create): Add arg "passphrase" and pass it through. (do_generate_keypair): Make use of pPASSPHRASE. (release_parameter_list): Wipe out a passphrase parameter. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-21 11:31:20 +01:00
const char *keyparms, int no_protection,
const char *passphrase, gcry_sexp_t *r_pubkey)
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
{
gpg_error_t err;
struct genkey_parm_s gk_parm;
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
struct cache_nonce_parm_s cn_parm;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct default_inq_parm_s dfltparm;
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
membuf_t data;
size_t len;
unsigned char *buf;
Use passphrase caching for import and genkey.
2010-09-01 11:48:35 +02:00
char line[ASSUAN_LINELENGTH];
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
memset (&dfltparm, 0, sizeof dfltparm);
dfltparm.ctrl = ctrl;
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
*r_pubkey = NULL;
err = start_agent (ctrl, 0);
if (err)
return err;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
dfltparm.ctx = agent_ctx;
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
gpg: Try to use the passphrase from the primary for --quick-addkey. * agent/command.c (cmd_genkey): Add option --passwd-nonce. (cmd_passwd): Return a PASSWD_NONCE in verify mode. * g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do not send a RESET if given. (agent_passwd): Add arg 'verify'. * g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'. (gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto. (generate_subkeypair): Use sepeare hexgrip var for the to be created for hexgrip feature. Verify primary key first. Make use of the passwd nonce. Allow for a static passphrase. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 21:21:08 +02:00
if (passwd_nonce_addr && *passwd_nonce_addr)
; /* A RESET would flush the passwd nonce cache. */
else
{
err = assuan_transact (agent_ctx, "RESET",
NULL, NULL, NULL, NULL, NULL, NULL);
if (err)
return err;
}
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
init_membuf (&data, 1024);
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
gk_parm.dflt = &dfltparm;
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
gk_parm.keyparms = keyparms;
gpg: Re-enable the "Passphrase" parameter for batch key generation. * agent/command.c (cmd_genkey): Add option --inq-passwd. * agent/genkey.c (agent_genkey): Add new arg override_passphrase. * g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword. (agent_genkey): Add arg optional arg "passphrase". * g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc) (gen_rsa, do_create): Add arg "passphrase" and pass it through. (do_generate_keypair): Make use of pPASSPHRASE. (release_parameter_list): Wipe out a passphrase parameter. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-21 11:31:20 +01:00
gk_parm.passphrase = passphrase;
gpg: Try to use the passphrase from the primary for --quick-addkey. * agent/command.c (cmd_genkey): Add option --passwd-nonce. (cmd_passwd): Return a PASSWD_NONCE in verify mode. * g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do not send a RESET if given. (agent_passwd): Add arg 'verify'. * g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'. (gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto. (generate_subkeypair): Use sepeare hexgrip var for the to be created for hexgrip feature. Verify primary key first. Make use of the passwd nonce. Allow for a static passphrase. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 21:21:08 +02:00
snprintf (line, sizeof line, "GENKEY%s%s%s%s%s",
gpg: Re-enable the "Passphrase" parameter for batch key generation. * agent/command.c (cmd_genkey): Add option --inq-passwd. * agent/genkey.c (agent_genkey): Add new arg override_passphrase. * g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword. (agent_genkey): Add arg optional arg "passphrase". * g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc) (gen_rsa, do_create): Add arg "passphrase" and pass it through. (do_generate_keypair): Make use of pPASSPHRASE. (release_parameter_list): Wipe out a passphrase parameter. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-21 11:31:20 +01:00
no_protection? " --no-protection" :
passphrase ? " --inq-passwd" :
/* */ "",
gpg: Try to use the passphrase from the primary for --quick-addkey. * agent/command.c (cmd_genkey): Add option --passwd-nonce. (cmd_passwd): Return a PASSWD_NONCE in verify mode. * g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do not send a RESET if given. (agent_passwd): Add arg 'verify'. * g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'. (gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto. (generate_subkeypair): Use sepeare hexgrip var for the to be created for hexgrip feature. Verify primary key first. Make use of the passwd nonce. Allow for a static passphrase. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 21:21:08 +02:00
passwd_nonce_addr && *passwd_nonce_addr? " --passwd-nonce=":"",
passwd_nonce_addr && *passwd_nonce_addr? *passwd_nonce_addr:"",
Use passphrase caching for import and genkey.
2010-09-01 11:48:35 +02:00
cache_nonce_addr && *cache_nonce_addr? " ":"",
cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"");
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
cn_parm.cache_nonce_addr = cache_nonce_addr;
cn_parm.passwd_nonce_addr = NULL;
Use passphrase caching for import and genkey.
2010-09-01 11:48:35 +02:00
err = assuan_transact (agent_ctx, line,
common: New put_membuf_cb to replace static membuf_data_cb. * common/membuf.c (put_membuf_cb): New. * agent/call-scd.c (membuf_data_cb): Remove. Change callers to use put_membuf_cb. * common/get-passphrase.c (membuf_data_cb): Ditto. * g10/call-agent.c (membuf_data_cb): Ditto. * sm/call-agent.c (membuf_data_cb): Ditto. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 06:33:27 +01:00
put_membuf_cb, &data,
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
inq_genkey_parms, &gk_parm,
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
cache_nonce_status_cb, &cn_parm);
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
if (err)
{
xfree (get_membuf (&data, &len));
return err;
}
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
buf = get_membuf (&data, &len);
if (!buf)
err = gpg_error_from_syserror ();
else
{
err = gcry_sexp_sscan (r_pubkey, NULL, buf, len);
xfree (buf);
}
return err;
}
Allow creating subkeys using an existing key This works by specifying the keygrip instead of an algorithm (section number 13) and requires that the option -expert has been used. It will be easy to extend this to the primary key.
2011-11-06 17:01:31 +01:00
/* Call the agent to read the public key part for a given keygrip. If
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
FROMCARD is true, the key is directly read from the current
smartcard. In this case HEXKEYGRIP should be the keyID
(e.g. OPENPGP.3). */
Allow creating subkeys using an existing key This works by specifying the keygrip instead of an algorithm (section number 13) and requires that the option -expert has been used. It will be easy to extend this to the primary key.
2011-11-06 17:01:31 +01:00
gpg_error_t
agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
unsigned char **r_pubkey)
{
gpg_error_t err;
membuf_t data;
size_t len;
unsigned char *buf;
char line[ASSUAN_LINELENGTH];
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct default_inq_parm_s dfltparm;
memset (&dfltparm, 0, sizeof dfltparm);
dfltparm.ctrl = ctrl;
Allow creating subkeys using an existing key This works by specifying the keygrip instead of an algorithm (section number 13) and requires that the option -expert has been used. It will be easy to extend this to the primary key.
2011-11-06 17:01:31 +01:00
*r_pubkey = NULL;
err = start_agent (ctrl, 0);
if (err)
return err;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
dfltparm.ctx = agent_ctx;
Allow creating subkeys using an existing key This works by specifying the keygrip instead of an algorithm (section number 13) and requires that the option -expert has been used. It will be easy to extend this to the primary key.
2011-11-06 17:01:31 +01:00
err = assuan_transact (agent_ctx, "RESET",NULL, NULL, NULL, NULL, NULL, NULL);
if (err)
return err;
Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 05:04:46 +02:00
snprintf (line, DIM(line), "READKEY %s%s", fromcard? "--card ":"",
g10: smartcard keygen change. * g10/call-agent.c (scd_genkey_cb_append_savedbytes): Remove. (scd_genkey_cb): Only handle KEY-CREATED-AT and PROGRESS. (agent_scd_genkey): Remove INFO argument. CREATETIME is now in/out argument. (agent_readkey): Use READKEY --card instead of SCD READKEY. * g10/keygen.c (gen_card_key): Use READKEY --card command of the agent to retrieve public key information from card and let the agent make a file for private key with shadow info. -- This change removes gpg's KEY-DATA handling for SCD GENKEY. Information with KEY-DATA is simply not used. Instead, it is read by READKEY --card command of gpg-agent. This can consolidate public key handling in a single method by READKEY. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-20 06:30:47 +02:00
hexkeygrip);
Allow creating subkeys using an existing key This works by specifying the keygrip instead of an algorithm (section number 13) and requires that the option -expert has been used. It will be easy to extend this to the primary key.
2011-11-06 17:01:31 +01:00
init_membuf (&data, 1024);
err = assuan_transact (agent_ctx, line,
common: New put_membuf_cb to replace static membuf_data_cb. * common/membuf.c (put_membuf_cb): New. * agent/call-scd.c (membuf_data_cb): Remove. Change callers to use put_membuf_cb. * common/get-passphrase.c (membuf_data_cb): Ditto. * g10/call-agent.c (membuf_data_cb): Ditto. * sm/call-agent.c (membuf_data_cb): Ditto. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 06:33:27 +01:00
put_membuf_cb, &data,
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
default_inq_cb, &dfltparm,
NULL, NULL);
Allow creating subkeys using an existing key This works by specifying the keygrip instead of an algorithm (section number 13) and requires that the option -expert has been used. It will be easy to extend this to the primary key.
2011-11-06 17:01:31 +01:00
if (err)
{
xfree (get_membuf (&data, &len));
return err;
}
buf = get_membuf (&data, &len);
if (!buf)
return gpg_error_from_syserror ();
if (!gcry_sexp_canon_len (buf, len, NULL, NULL))
{
xfree (buf);
return gpg_error (GPG_ERR_INV_SEXP);
}
*r_pubkey = buf;
return 0;
}
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
/* Call the agent to do a sign operation using the key identified by
the hex string KEYGRIP. DESC is a description of the key to be
displayed if the agent needs to ask for the PIN. DIGEST and
DIGESTLEN is the hash value to sign and DIGESTALGO the algorithm id
Even less prompts for a new key now.
2010-09-01 14:49:05 +02:00
used to compute the digest. If CACHE_NONCE is used the agent is
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
advised to first try a passphrase associated with that nonce. */
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
gpg_error_t
Even less prompts for a new key now.
2010-09-01 14:49:05 +02:00
agent_pksign (ctrl_t ctrl, const char *cache_nonce,
const char *keygrip, const char *desc,
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
u32 *keyid, u32 *mainkeyid, int pubkey_algo,
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
unsigned char *digest, size_t digestlen, int digestalgo,
gcry_sexp_t *r_sigval)
{
gpg_error_t err;
replace some sprintf by bin2hex.
2010-10-18 15:54:42 +02:00
char line[ASSUAN_LINELENGTH];
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
membuf_t data;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct default_inq_parm_s dfltparm;
memset (&dfltparm, 0, sizeof dfltparm);
dfltparm.ctrl = ctrl;
dfltparm.keyinfo.keyid = keyid;
dfltparm.keyinfo.mainkeyid = mainkeyid;
dfltparm.keyinfo.pubkey_algo = pubkey_algo;
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
*r_sigval = NULL;
err = start_agent (ctrl, 0);
if (err)
return err;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
dfltparm.ctx = agent_ctx;
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
if (digestlen*2 + 50 > DIM(line))
return gpg_error (GPG_ERR_GENERAL);
err = assuan_transact (agent_ctx, "RESET",
NULL, NULL, NULL, NULL, NULL, NULL);
if (err)
return err;
Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 05:04:46 +02:00
snprintf (line, DIM(line), "SIGKEY %s", keygrip);
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
if (err)
return err;
if (desc)
{
Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 05:04:46 +02:00
snprintf (line, DIM(line), "SETKEYDESC %s", desc);
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
err = assuan_transact (agent_ctx, line,
NULL, NULL, NULL, NULL, NULL, NULL);
if (err)
return err;
}
snprintf (line, sizeof line, "SETHASH %d ", digestalgo);
replace some sprintf by bin2hex.
2010-10-18 15:54:42 +02:00
bin2hex (digest, digestlen, line + strlen (line));
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
if (err)
return err;
init_membuf (&data, 1024);
Even less prompts for a new key now.
2010-09-01 14:49:05 +02:00
snprintf (line, sizeof line, "PKSIGN%s%s",
cache_nonce? " -- ":"",
cache_nonce? cache_nonce:"");
err = assuan_transact (agent_ctx, line,
common: New put_membuf_cb to replace static membuf_data_cb. * common/membuf.c (put_membuf_cb): New. * agent/call-scd.c (membuf_data_cb): Remove. Change callers to use put_membuf_cb. * common/get-passphrase.c (membuf_data_cb): Ditto. * g10/call-agent.c (membuf_data_cb): Ditto. * sm/call-agent.c (membuf_data_cb): Ditto. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 06:33:27 +01:00
put_membuf_cb, &data,
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
default_inq_cb, &dfltparm,
NULL, NULL);
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
if (err)
xfree (get_membuf (&data, NULL));
else
{
unsigned char *buf;
size_t len;
buf = get_membuf (&data, &len);
if (!buf)
err = gpg_error_from_syserror ();
else
{
err = gcry_sexp_sscan (r_sigval, NULL, buf, len);
xfree (buf);
}
}
return err;
}
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
/* Handle a CIPHERTEXT inquiry. Note, we only send the data,
assuan_transact takes care of flushing and writing the END. */
static gpg_error_t
inq_ciphertext_cb (void *opaque, const char *line)
{
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
struct cipher_parm_s *parm = opaque;
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
int rc;
Use has_leading_keyword in the assuan callbacks. * agent/call-pinentry.c (inq_quality): Use has_leading_keyword. * agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto. * g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto. (inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto. * g10/call-dirmngr.c (ks_put_inq_cb): Ditto. * sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto. (inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto. (keyinfo_status_cb, inq_import_key_parms): Ditto. * sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto. (lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
if (has_leading_keyword (line, "CIPHERTEXT"))
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
{
assuan_begin_confidential (parm->ctx);
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
rc = assuan_send_data (parm->dflt->ctx,
parm->ciphertext, parm->ciphertextlen);
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
assuan_end_confidential (parm->ctx);
}
else
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
rc = default_inq_cb (parm->dflt, line);
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
return rc;
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
}
gpg: Make decryption with the OpenPGP card work. * scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New. * scd/app-openpgp.c (do_decipher): Add arg R_INFO. * scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy. * scd/app.c (app_decipher): Add arg R_INFO. * scd/command.c (cmd_pkdecrypt): Print status line "PADDING". * agent/call-scd.c (padding_info_cb): New. (agent_card_pkdecrypt): Add arg R_PADDING. * agent/divert-scd.c (divert_pkdecrypt): Ditto. * agent/pkdecrypt.c (agent_pkdecrypt): Ditto. * agent/command.c (cmd_pkdecrypt): Print status line "PADDING". * g10/call-agent.c (padding_info_cb): New. (agent_pkdecrypt): Add arg R_PADDING. * g10/pubkey-enc.c (get_it): Use padding info. -- Decryption using a card never worked in gpg 2.1 because the information whether the pkcs#1 padding needs to be removed was not available. Gpg < 2.1 too this info from the secret sub key but that has gone in 2.1. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-26 17:29:54 +02:00
/* Check whether there is any padding info from the agent. */
static gpg_error_t
padding_info_cb (void *opaque, const char *line)
{
int *r_padding = opaque;
const char *s;
if ((s=has_leading_keyword (line, "PADDING")))
{
*r_padding = atoi (s);
}
return 0;
}
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
/* Call the agent to do a decrypt operation using the key identified
by the hex string KEYGRIP and the input data S_CIPHERTEXT. On the
success the decoded value is stored verbatim at R_BUF and its
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
length at R_BUF; the callers needs to release it. KEYID, MAINKEYID
and PUBKEY_ALGO are used to construct additional promots or status
gpg: Make decryption with the OpenPGP card work. * scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New. * scd/app-openpgp.c (do_decipher): Add arg R_INFO. * scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy. * scd/app.c (app_decipher): Add arg R_INFO. * scd/command.c (cmd_pkdecrypt): Print status line "PADDING". * agent/call-scd.c (padding_info_cb): New. (agent_card_pkdecrypt): Add arg R_PADDING. * agent/divert-scd.c (divert_pkdecrypt): Ditto. * agent/pkdecrypt.c (agent_pkdecrypt): Ditto. * agent/command.c (cmd_pkdecrypt): Print status line "PADDING". * g10/call-agent.c (padding_info_cb): New. (agent_pkdecrypt): Add arg R_PADDING. * g10/pubkey-enc.c (get_it): Use padding info. -- Decryption using a card never worked in gpg 2.1 because the information whether the pkcs#1 padding needs to be removed was not available. Gpg < 2.1 too this info from the secret sub key but that has gone in 2.1. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-26 17:29:54 +02:00
messages. The padding information is stored at R_PADDING with -1
for not known. */
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
gpg_error_t
agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
u32 *keyid, u32 *mainkeyid, int pubkey_algo,
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
gcry_sexp_t s_ciphertext,
gpg: Make decryption with the OpenPGP card work. * scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New. * scd/app-openpgp.c (do_decipher): Add arg R_INFO. * scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy. * scd/app.c (app_decipher): Add arg R_INFO. * scd/command.c (cmd_pkdecrypt): Print status line "PADDING". * agent/call-scd.c (padding_info_cb): New. (agent_card_pkdecrypt): Add arg R_PADDING. * agent/divert-scd.c (divert_pkdecrypt): Ditto. * agent/pkdecrypt.c (agent_pkdecrypt): Ditto. * agent/command.c (cmd_pkdecrypt): Print status line "PADDING". * g10/call-agent.c (padding_info_cb): New. (agent_pkdecrypt): Add arg R_PADDING. * g10/pubkey-enc.c (get_it): Use padding info. -- Decryption using a card never worked in gpg 2.1 because the information whether the pkcs#1 padding needs to be removed was not available. Gpg < 2.1 too this info from the secret sub key but that has gone in 2.1. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-26 17:29:54 +02:00
unsigned char **r_buf, size_t *r_buflen, int *r_padding)
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
{
gpg_error_t err;
char line[ASSUAN_LINELENGTH];
membuf_t data;
size_t n, len;
char *p, *buf, *endp;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct default_inq_parm_s dfltparm;
memset (&dfltparm, 0, sizeof dfltparm);
dfltparm.ctrl = ctrl;
dfltparm.keyinfo.keyid = keyid;
dfltparm.keyinfo.mainkeyid = mainkeyid;
dfltparm.keyinfo.pubkey_algo = pubkey_algo;
Integrating http://code.google.com/p/gnupg-ecc/source/detail?r=15 . The following works: gpg2 --gen-key (ECC) gpg2 --list-keys gpg2 --list-packets ~/.gnupg/pubring.gpg gpg2 --list-packets <private key from http://sites.google.com/site/brainhub/pgpecckeys> ECDH doesn't work yet as the code must be re-written to adjust for gpg-agent refactoring.
2011-01-06 02:33:17 +01:00
gpg: Make decryption with the OpenPGP card work. * scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New. * scd/app-openpgp.c (do_decipher): Add arg R_INFO. * scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy. * scd/app.c (app_decipher): Add arg R_INFO. * scd/command.c (cmd_pkdecrypt): Print status line "PADDING". * agent/call-scd.c (padding_info_cb): New. (agent_card_pkdecrypt): Add arg R_PADDING. * agent/divert-scd.c (divert_pkdecrypt): Ditto. * agent/pkdecrypt.c (agent_pkdecrypt): Ditto. * agent/command.c (cmd_pkdecrypt): Print status line "PADDING". * g10/call-agent.c (padding_info_cb): New. (agent_pkdecrypt): Add arg R_PADDING. * g10/pubkey-enc.c (get_it): Use padding info. -- Decryption using a card never worked in gpg 2.1 because the information whether the pkcs#1 padding needs to be removed was not available. Gpg < 2.1 too this info from the secret sub key but that has gone in 2.1. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-26 17:29:54 +02:00
if (!keygrip || strlen(keygrip) != 40
|| !s_ciphertext || !r_buf || !r_buflen || !r_padding)
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
return gpg_error (GPG_ERR_INV_VALUE);
gpg: Make decryption with the OpenPGP card work. * scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New. * scd/app-openpgp.c (do_decipher): Add arg R_INFO. * scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy. * scd/app.c (app_decipher): Add arg R_INFO. * scd/command.c (cmd_pkdecrypt): Print status line "PADDING". * agent/call-scd.c (padding_info_cb): New. (agent_card_pkdecrypt): Add arg R_PADDING. * agent/divert-scd.c (divert_pkdecrypt): Ditto. * agent/pkdecrypt.c (agent_pkdecrypt): Ditto. * agent/command.c (cmd_pkdecrypt): Print status line "PADDING". * g10/call-agent.c (padding_info_cb): New. (agent_pkdecrypt): Add arg R_PADDING. * g10/pubkey-enc.c (get_it): Use padding info. -- Decryption using a card never worked in gpg 2.1 because the information whether the pkcs#1 padding needs to be removed was not available. Gpg < 2.1 too this info from the secret sub key but that has gone in 2.1. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-26 17:29:54 +02:00
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
*r_buf = NULL;
gpg: Make decryption with the OpenPGP card work. * scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New. * scd/app-openpgp.c (do_decipher): Add arg R_INFO. * scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy. * scd/app.c (app_decipher): Add arg R_INFO. * scd/command.c (cmd_pkdecrypt): Print status line "PADDING". * agent/call-scd.c (padding_info_cb): New. (agent_card_pkdecrypt): Add arg R_PADDING. * agent/divert-scd.c (divert_pkdecrypt): Ditto. * agent/pkdecrypt.c (agent_pkdecrypt): Ditto. * agent/command.c (cmd_pkdecrypt): Print status line "PADDING". * g10/call-agent.c (padding_info_cb): New. (agent_pkdecrypt): Add arg R_PADDING. * g10/pubkey-enc.c (get_it): Use padding info. -- Decryption using a card never worked in gpg 2.1 because the information whether the pkcs#1 padding needs to be removed was not available. Gpg < 2.1 too this info from the secret sub key but that has gone in 2.1. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-26 17:29:54 +02:00
*r_padding = -1;
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
err = start_agent (ctrl, 0);
if (err)
return err;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
dfltparm.ctx = agent_ctx;
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
err = assuan_transact (agent_ctx, "RESET",
NULL, NULL, NULL, NULL, NULL, NULL);
if (err)
return err;
snprintf (line, sizeof line, "SETKEY %s", keygrip);
err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
if (err)
return err;
if (desc)
{
Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 05:04:46 +02:00
snprintf (line, DIM(line), "SETKEYDESC %s", desc);
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
err = assuan_transact (agent_ctx, line,
NULL, NULL, NULL, NULL, NULL, NULL);
if (err)
return err;
}
init_membuf_secure (&data, 1024);
{
struct cipher_parm_s parm;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
parm.dflt = &dfltparm;
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
parm.ctx = agent_ctx;
err = make_canon_sexp (s_ciphertext, &parm.ciphertext, &parm.ciphertextlen);
if (err)
return err;
err = assuan_transact (agent_ctx, "PKDECRYPT",
common: New put_membuf_cb to replace static membuf_data_cb. * common/membuf.c (put_membuf_cb): New. * agent/call-scd.c (membuf_data_cb): Remove. Change callers to use put_membuf_cb. * common/get-passphrase.c (membuf_data_cb): Ditto. * g10/call-agent.c (membuf_data_cb): Ditto. * sm/call-agent.c (membuf_data_cb): Ditto. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 06:33:27 +01:00
put_membuf_cb, &data,
gpg: Make decryption with the OpenPGP card work. * scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New. * scd/app-openpgp.c (do_decipher): Add arg R_INFO. * scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy. * scd/app.c (app_decipher): Add arg R_INFO. * scd/command.c (cmd_pkdecrypt): Print status line "PADDING". * agent/call-scd.c (padding_info_cb): New. (agent_card_pkdecrypt): Add arg R_PADDING. * agent/divert-scd.c (divert_pkdecrypt): Ditto. * agent/pkdecrypt.c (agent_pkdecrypt): Ditto. * agent/command.c (cmd_pkdecrypt): Print status line "PADDING". * g10/call-agent.c (padding_info_cb): New. (agent_pkdecrypt): Add arg R_PADDING. * g10/pubkey-enc.c (get_it): Use padding info. -- Decryption using a card never worked in gpg 2.1 because the information whether the pkcs#1 padding needs to be removed was not available. Gpg < 2.1 too this info from the secret sub key but that has gone in 2.1. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-26 17:29:54 +02:00
inq_ciphertext_cb, &parm,
padding_info_cb, r_padding);
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
xfree (parm.ciphertext);
}
if (err)
{
xfree (get_membuf (&data, &len));
return err;
}
put_membuf (&data, "", 1); /* Make sure it is 0 terminated. */
buf = get_membuf (&data, &len);
if (!buf)
return gpg_error_from_syserror ();
gpg: Remove all assert.h and s/assert/log_assert/. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-29 11:05:24 +02:00
log_assert (len); /* (we forced Nul termination.) */
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
if (*buf != '(')
{
xfree (buf);
return gpg_error (GPG_ERR_INV_SEXP);
}
if (len < 13 || memcmp (buf, "(5:value", 8) ) /* "(5:valueN:D)\0" */
{
xfree (buf);
return gpg_error (GPG_ERR_INV_SEXP);
}
ECC Fixes. * agent/cvt-openpgp.c (get_keygrip, convert_secret_key) (convert_transfer_key): Follow newer (>= 1.6) libgcrypt API, which does not distinguish the detail. (do_unprotect, convert_from_openpgp_main): Don't call map_pk_openpgp_to_gcry, as it's the value of libgcrypt API already and not the value defined by OpenPGP. (convert_to_openpgp): It's "ecc". * agent/gpg-agent.c (map_pk_openpgp_to_gcry): Remove. * g10/call-agent.c (agent_pkdecrypt): Fix off-by-one error. * g10/pubkey-enc.c (get_it): Fix swapping the fields error.
2014-04-28 03:36:16 +02:00
len -= 10; /* Count only the data of the second part. */
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
p = buf + 8; /* Skip leading parenthesis and the value tag. */
n = strtoul (p, &endp, 10);
if (!n || *endp != ':')
{
xfree (buf);
return gpg_error (GPG_ERR_INV_SEXP);
}
endp++;
if (endp-p+n > len)
{
xfree (buf);
return gpg_error (GPG_ERR_INV_SEXP); /* Oops: Inconsistent S-Exp. */
}
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
memmove (buf, endp, n);
*r_buflen = n;
*r_buf = buf;
return 0;
}
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
/* Retrieve a key encryption key from the agent. With FOREXPORT true
the key shall be used for export, with false for import. On success
the new key is stored at R_KEY and its length at R_KEKLEN. */
gpg_error_t
agent_keywrap_key (ctrl_t ctrl, int forexport, void **r_kek, size_t *r_keklen)
{
gpg_error_t err;
membuf_t data;
size_t len;
unsigned char *buf;
char line[ASSUAN_LINELENGTH];
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct default_inq_parm_s dfltparm;
memset (&dfltparm, 0, sizeof dfltparm);
dfltparm.ctrl = ctrl;
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
*r_kek = NULL;
err = start_agent (ctrl, 0);
if (err)
return err;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
dfltparm.ctx = agent_ctx;
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 05:04:46 +02:00
snprintf (line, DIM(line), "KEYWRAP_KEY %s",
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
forexport? "--export":"--import");
init_membuf_secure (&data, 64);
err = assuan_transact (agent_ctx, line,
common: New put_membuf_cb to replace static membuf_data_cb. * common/membuf.c (put_membuf_cb): New. * agent/call-scd.c (membuf_data_cb): Remove. Change callers to use put_membuf_cb. * common/get-passphrase.c (membuf_data_cb): Ditto. * g10/call-agent.c (membuf_data_cb): Ditto. * sm/call-agent.c (membuf_data_cb): Ditto. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 06:33:27 +01:00
put_membuf_cb, &data,
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
default_inq_cb, &dfltparm,
NULL, NULL);
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
if (err)
{
xfree (get_membuf (&data, &len));
return err;
}
buf = get_membuf (&data, &len);
if (!buf)
return gpg_error_from_syserror ();
*r_kek = buf;
*r_keklen = len;
return 0;
}
/* Handle the inquiry for an IMPORT_KEY command. */
static gpg_error_t
inq_import_key_parms (void *opaque, const char *line)
{
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
struct import_key_parm_s *parm = opaque;
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
gpg_error_t err;
Use has_leading_keyword in the assuan callbacks. * agent/call-pinentry.c (inq_quality): Use has_leading_keyword. * agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto. * g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto. (inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto. * g10/call-dirmngr.c (ks_put_inq_cb): Ditto. * sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto. (inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto. (keyinfo_status_cb, inq_import_key_parms): Ditto. * sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto. (lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
if (has_leading_keyword (line, "KEYDATA"))
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
{
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
err = assuan_send_data (parm->dflt->ctx, parm->key, parm->keylen);
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
}
else
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
err = default_inq_cb (parm->dflt, line);
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
return err;
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
}
/* Call the agent to import a key into the agent. */
gpg_error_t
Use passphrase caching for import and genkey.
2010-09-01 11:48:35 +02:00
agent_import_key (ctrl_t ctrl, const char *desc, char **cache_nonce_addr,
g10: Use --force when importing key for bkuptocard. * g10/call-agent.c (agent_import_key): Add an argument FORCE. * g10/import.c (transfer_secret_keys): Likewise. (import_secret_one): Call transfer_secret_keys with FORCE=0. * g10/keyedit.c (keyedit_menu): Call with FORCE=1.
2015-12-24 06:15:58 +01:00
const void *key, size_t keylen, int unattended, int force)
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
{
gpg_error_t err;
struct import_key_parm_s parm;
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
struct cache_nonce_parm_s cn_parm;
Use passphrase caching for import and genkey.
2010-09-01 11:48:35 +02:00
char line[ASSUAN_LINELENGTH];
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct default_inq_parm_s dfltparm;
memset (&dfltparm, 0, sizeof dfltparm);
dfltparm.ctrl = ctrl;
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
err = start_agent (ctrl, 0);
if (err)
return err;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
dfltparm.ctx = agent_ctx;
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
if (desc)
{
Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 05:04:46 +02:00
snprintf (line, DIM(line), "SETKEYDESC %s", desc);
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
err = assuan_transact (agent_ctx, line,
NULL, NULL, NULL, NULL, NULL, NULL);
if (err)
return err;
}
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
parm.dflt = &dfltparm;
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
parm.key = key;
parm.keylen = keylen;
g10: Use --force when importing key for bkuptocard. * g10/call-agent.c (agent_import_key): Add an argument FORCE. * g10/import.c (transfer_secret_keys): Likewise. (import_secret_one): Call transfer_secret_keys with FORCE=0. * g10/keyedit.c (keyedit_menu): Call with FORCE=1.
2015-12-24 06:15:58 +01:00
snprintf (line, sizeof line, "IMPORT_KEY%s%s%s%s",
Implement unattended OpenPGP secret key import. * agent/command.c (cmd_import_key): Add option --unattended. * agent/cvt-openpgp.c (convert_transfer_key): New. (do_unprotect): Factor some code out to ... (prepare_unprotect): new function. (convert_from_openpgp): Factor all code out to ... (convert_from_openpgp_main): this. Add arg 'passphrase'. Implement openpgp-native protection modes. (convert_from_openpgp_native): New. * agent/t-protect.c (convert_from_openpgp_native): New dummy fucntion * agent/protect-tool.c (convert_from_openpgp_native): Ditto. * agent/protect.c (agent_unprotect): Add arg CTRL. Adjust all callers. Support openpgp-native protection. * g10/call-agent.c (agent_import_key): Add arg 'unattended'. * g10/import.c (transfer_secret_keys): Use unattended in batch mode. -- With the gpg-agent taking care of the secret keys, the user needs to migrate existing keys from secring.gpg to the agent. This and also the standard import of secret keys required the user to unprotect the secret keys first, so that gpg-agent was able to re-protected them using its own scheme. With many secret keys this is quite some usability hurdle. In particular if a passphrase is not instantly available. To make this migration smoother, this patch implements an unattended key import/migration which delays the conversion to the gpg-agent format until the key is actually used. For example: gpg2 --batch --import mysecretkey.gpg works without any user interaction due to the use of --batch. Now if a key is used (e.g. "gpg2 -su USERID_FROM_MYSECRETKEY foo"), gpg-agent has to ask for the passphrase anyway, converts the key from the openpgp format to the internal format, signs, re-encrypts the key and tries to store it in the gpg-agent format to the disk. The next time, the internal format of the key is used. This patch has only been tested with the old demo keys, more tests with other protection formats and no protection are needed. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-05-22 10:50:12 +02:00
unattended? " --unattended":"",
g10: Use --force when importing key for bkuptocard. * g10/call-agent.c (agent_import_key): Add an argument FORCE. * g10/import.c (transfer_secret_keys): Likewise. (import_secret_one): Call transfer_secret_keys with FORCE=0. * g10/keyedit.c (keyedit_menu): Call with FORCE=1.
2015-12-24 06:15:58 +01:00
force? " --force":"",
Use passphrase caching for import and genkey.
2010-09-01 11:48:35 +02:00
cache_nonce_addr && *cache_nonce_addr? " ":"",
cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"");
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
cn_parm.cache_nonce_addr = cache_nonce_addr;
cn_parm.passwd_nonce_addr = NULL;
Use passphrase caching for import and genkey.
2010-09-01 11:48:35 +02:00
err = assuan_transact (agent_ctx, line,
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
NULL, NULL,
inq_import_key_parms, &parm,
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
cache_nonce_status_cb, &cn_parm);
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
return err;
}
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
/* Receive a secret key from the agent. HEXKEYGRIP is the hexified
keygrip, DESC a prompt to be displayed with the agent's passphrase
g10: Add openpgp_protected flag to agent secret key export functions * g10/call-agent.c, g10/call-agent.h (agent_export_key): Add openpgp_protected flag. * g10/export.c (receive_seckey_from_agent): Request openpgp_protected secret keys from agent. * agent/command.c (hlp_export_key): EXPORT_KEY help text: add a brief description of the effect of --openpgp. -- The --openpgp flag for gpg-agent's EXPORT_KEY actually forces encryption in a certain (RFC 4880-compatible format). This changeset exposes that functionality in internal functions, and clarifies functionality in the agent's help text. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-06-10 22:15:34 +02:00
question (needs to be plus+percent escaped). if OPENPGP_PROTECTED
is not zero, ensure that the key material is returned in RFC
4880-compatible passphrased-protected form. If CACHE_NONCE_ADDR is
not NULL the agent is advised to first try a passphrase associated
with that nonce. On success the key is stored as a canonical
S-expression at R_RESULT and R_RESULTLEN. */
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
gpg_error_t
agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
g10: Add openpgp_protected flag to agent secret key export functions * g10/call-agent.c, g10/call-agent.h (agent_export_key): Add openpgp_protected flag. * g10/export.c (receive_seckey_from_agent): Request openpgp_protected secret keys from agent. * agent/command.c (hlp_export_key): EXPORT_KEY help text: add a brief description of the effect of --openpgp. -- The --openpgp flag for gpg-agent's EXPORT_KEY actually forces encryption in a certain (RFC 4880-compatible format). This changeset exposes that functionality in internal functions, and clarifies functionality in the agent's help text. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-06-10 22:15:34 +02:00
int openpgp_protected, char **cache_nonce_addr,
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
unsigned char **r_result, size_t *r_resultlen)
{
gpg_error_t err;
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
struct cache_nonce_parm_s cn_parm;
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
membuf_t data;
size_t len;
unsigned char *buf;
char line[ASSUAN_LINELENGTH];
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct default_inq_parm_s dfltparm;
memset (&dfltparm, 0, sizeof dfltparm);
dfltparm.ctrl = ctrl;
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
*r_result = NULL;
err = start_agent (ctrl, 0);
if (err)
return err;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
dfltparm.ctx = agent_ctx;
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
if (desc)
{
Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 05:04:46 +02:00
snprintf (line, DIM(line), "SETKEYDESC %s", desc);
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
err = assuan_transact (agent_ctx, line,
NULL, NULL, NULL, NULL, NULL, NULL);
if (err)
return err;
}
Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 05:04:46 +02:00
snprintf (line, DIM(line), "EXPORT_KEY %s%s%s %s",
g10: Add openpgp_protected flag to agent secret key export functions * g10/call-agent.c, g10/call-agent.h (agent_export_key): Add openpgp_protected flag. * g10/export.c (receive_seckey_from_agent): Request openpgp_protected secret keys from agent. * agent/command.c (hlp_export_key): EXPORT_KEY help text: add a brief description of the effect of --openpgp. -- The --openpgp flag for gpg-agent's EXPORT_KEY actually forces encryption in a certain (RFC 4880-compatible format). This changeset exposes that functionality in internal functions, and clarifies functionality in the agent's help text. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-06-10 22:15:34 +02:00
openpgp_protected ? "--openpgp ":"",
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
hexkeygrip);
init_membuf_secure (&data, 1024);
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
cn_parm.cache_nonce_addr = cache_nonce_addr;
cn_parm.passwd_nonce_addr = NULL;
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
err = assuan_transact (agent_ctx, line,
common: New put_membuf_cb to replace static membuf_data_cb. * common/membuf.c (put_membuf_cb): New. * agent/call-scd.c (membuf_data_cb): Remove. Change callers to use put_membuf_cb. * common/get-passphrase.c (membuf_data_cb): Ditto. * g10/call-agent.c (membuf_data_cb): Ditto. * sm/call-agent.c (membuf_data_cb): Ditto. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 06:33:27 +01:00
put_membuf_cb, &data,
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
default_inq_cb, &dfltparm,
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
cache_nonce_status_cb, &cn_parm);
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
if (err)
{
xfree (get_membuf (&data, &len));
return err;
}
buf = get_membuf (&data, &len);
if (!buf)
return gpg_error_from_syserror ();
*r_result = buf;
*r_resultlen = len;
return 0;
}
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
gpg: Re-enable secret key deletion. * g10/call-agent.c (agent_delete_key): New. * g10/keydb.h (FORMAT_KEYDESC_DELKEY): New. * g10/passphrase.c (gpg_format_keydesc): Support new format. * g10/delkey.c (do_delete_key): Add secret key deletion.
2014-04-15 16:40:48 +02:00
/* Ask the agent to delete the key identified by HEXKEYGRIP. If DESC
is not NULL, display DESC instead of the default description
gpg: Allow unattended deletion of secret keys. * agent/command.c (cmd_delete_key): Make the --force option depend on --disallow-loopback-passphrase. * g10/call-agent.c (agent_delete_key): Add arg FORCE. * g10/delkey.c (do_delete_key): Pass opt.answer_yes to agent_delete_key. -- Unless the agent has been configured with --disallow-loopback-passpharse an unattended deletion of a secret key is now possible with gpg by using --batch _and_ --yes. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-10 11:01:42 +02:00
message. If FORCE is true the agent is advised not to ask for
confirmation. */
gpg: Re-enable secret key deletion. * g10/call-agent.c (agent_delete_key): New. * g10/keydb.h (FORMAT_KEYDESC_DELKEY): New. * g10/passphrase.c (gpg_format_keydesc): Support new format. * g10/delkey.c (do_delete_key): Add secret key deletion.
2014-04-15 16:40:48 +02:00
gpg_error_t
gpg: Allow unattended deletion of secret keys. * agent/command.c (cmd_delete_key): Make the --force option depend on --disallow-loopback-passphrase. * g10/call-agent.c (agent_delete_key): Add arg FORCE. * g10/delkey.c (do_delete_key): Pass opt.answer_yes to agent_delete_key. -- Unless the agent has been configured with --disallow-loopback-passpharse an unattended deletion of a secret key is now possible with gpg by using --batch _and_ --yes. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-10 11:01:42 +02:00
agent_delete_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
int force)
gpg: Re-enable secret key deletion. * g10/call-agent.c (agent_delete_key): New. * g10/keydb.h (FORMAT_KEYDESC_DELKEY): New. * g10/passphrase.c (gpg_format_keydesc): Support new format. * g10/delkey.c (do_delete_key): Add secret key deletion.
2014-04-15 16:40:48 +02:00
{
gpg_error_t err;
char line[ASSUAN_LINELENGTH];
struct default_inq_parm_s dfltparm;
memset (&dfltparm, 0, sizeof dfltparm);
dfltparm.ctrl = ctrl;
err = start_agent (ctrl, 0);
if (err)
return err;
if (!hexkeygrip || strlen (hexkeygrip) != 40)
return gpg_error (GPG_ERR_INV_VALUE);
if (desc)
{
Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 05:04:46 +02:00
snprintf (line, DIM(line), "SETKEYDESC %s", desc);
gpg: Re-enable secret key deletion. * g10/call-agent.c (agent_delete_key): New. * g10/keydb.h (FORMAT_KEYDESC_DELKEY): New. * g10/passphrase.c (gpg_format_keydesc): Support new format. * g10/delkey.c (do_delete_key): Add secret key deletion.
2014-04-15 16:40:48 +02:00
err = assuan_transact (agent_ctx, line,
NULL, NULL, NULL, NULL, NULL, NULL);
if (err)
return err;
}
Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 05:04:46 +02:00
snprintf (line, DIM(line), "DELETE_KEY%s %s",
gpg: Allow unattended deletion of secret keys. * agent/command.c (cmd_delete_key): Make the --force option depend on --disallow-loopback-passphrase. * g10/call-agent.c (agent_delete_key): Add arg FORCE. * g10/delkey.c (do_delete_key): Pass opt.answer_yes to agent_delete_key. -- Unless the agent has been configured with --disallow-loopback-passpharse an unattended deletion of a secret key is now possible with gpg by using --batch _and_ --yes. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-10 11:01:42 +02:00
force? " --force":"", hexkeygrip);
gpg: Re-enable secret key deletion. * g10/call-agent.c (agent_delete_key): New. * g10/keydb.h (FORMAT_KEYDESC_DELKEY): New. * g10/passphrase.c (gpg_format_keydesc): Support new format. * g10/delkey.c (do_delete_key): Add secret key deletion.
2014-04-15 16:40:48 +02:00
err = assuan_transact (agent_ctx, line, NULL, NULL,
default_inq_cb, &dfltparm,
NULL, NULL);
return err;
}
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
/* Ask the agent to change the passphrase of the key identified by
gpg: Try to use the passphrase from the primary for --quick-addkey. * agent/command.c (cmd_genkey): Add option --passwd-nonce. (cmd_passwd): Return a PASSWD_NONCE in verify mode. * g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do not send a RESET if given. (agent_passwd): Add arg 'verify'. * g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'. (gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto. (generate_subkeypair): Use sepeare hexgrip var for the to be created for hexgrip feature. Verify primary key first. Make use of the passwd nonce. Allow for a static passphrase. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 21:21:08 +02:00
* HEXKEYGRIP. If DESC is not NULL, display DESC instead of the
* default description message. If CACHE_NONCE_ADDR is not NULL the
* agent is advised to first try a passphrase associated with that
* nonce. If PASSWD_NONCE_ADDR is not NULL the agent will try to use
* the passphrase associated with that nonce for the new passphrase.
* If VERIFY is true the passphrase is only verified. */
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
gpg_error_t
gpg: Try to use the passphrase from the primary for --quick-addkey. * agent/command.c (cmd_genkey): Add option --passwd-nonce. (cmd_passwd): Return a PASSWD_NONCE in verify mode. * g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do not send a RESET if given. (agent_passwd): Add arg 'verify'. * g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'. (gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto. (generate_subkeypair): Use sepeare hexgrip var for the to be created for hexgrip feature. Verify primary key first. Make use of the passwd nonce. Allow for a static passphrase. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 21:21:08 +02:00
agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, int verify,
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
char **cache_nonce_addr, char **passwd_nonce_addr)
{
gpg_error_t err;
struct cache_nonce_parm_s cn_parm;
char line[ASSUAN_LINELENGTH];
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
struct default_inq_parm_s dfltparm;
memset (&dfltparm, 0, sizeof dfltparm);
dfltparm.ctrl = ctrl;
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
err = start_agent (ctrl, 0);
if (err)
return err;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
dfltparm.ctx = agent_ctx;
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
if (!hexkeygrip || strlen (hexkeygrip) != 40)
return gpg_error (GPG_ERR_INV_VALUE);
if (desc)
{
Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 05:04:46 +02:00
snprintf (line, DIM(line), "SETKEYDESC %s", desc);
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
err = assuan_transact (agent_ctx, line,
NULL, NULL, NULL, NULL, NULL, NULL);
if (err)
return err;
}
gpg: Try to use the passphrase from the primary for --quick-addkey. * agent/command.c (cmd_genkey): Add option --passwd-nonce. (cmd_passwd): Return a PASSWD_NONCE in verify mode. * g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do not send a RESET if given. (agent_passwd): Add arg 'verify'. * g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'. (gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto. (generate_subkeypair): Use sepeare hexgrip var for the to be created for hexgrip feature. Verify primary key first. Make use of the passwd nonce. Allow for a static passphrase. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 21:21:08 +02:00
if (verify)
Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 05:04:46 +02:00
snprintf (line, DIM(line), "PASSWD %s%s --verify %s",
gpg: Try to use the passphrase from the primary for --quick-addkey. * agent/command.c (cmd_genkey): Add option --passwd-nonce. (cmd_passwd): Return a PASSWD_NONCE in verify mode. * g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do not send a RESET if given. (agent_passwd): Add arg 'verify'. * g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'. (gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto. (generate_subkeypair): Use sepeare hexgrip var for the to be created for hexgrip feature. Verify primary key first. Make use of the passwd nonce. Allow for a static passphrase. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 21:21:08 +02:00
cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
hexkeygrip);
else
Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 05:04:46 +02:00
snprintf (line, DIM(line), "PASSWD %s%s %s%s %s",
gpg: Try to use the passphrase from the primary for --quick-addkey. * agent/command.c (cmd_genkey): Add option --passwd-nonce. (cmd_passwd): Return a PASSWD_NONCE in verify mode. * g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do not send a RESET if given. (agent_passwd): Add arg 'verify'. * g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'. (gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto. (generate_subkeypair): Use sepeare hexgrip var for the to be created for hexgrip feature. Verify primary key first. Make use of the passwd nonce. Allow for a static passphrase. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 21:21:08 +02:00
cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
passwd_nonce_addr && *passwd_nonce_addr? "--passwd-nonce=":"",
passwd_nonce_addr && *passwd_nonce_addr? *passwd_nonce_addr:"",
hexkeygrip);
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
cn_parm.cache_nonce_addr = cache_nonce_addr;
cn_parm.passwd_nonce_addr = passwd_nonce_addr;
err = assuan_transact (agent_ctx, line, NULL, NULL,
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
default_inq_cb, &dfltparm,
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
cache_nonce_status_cb, &cn_parm);
return err;
}
gpg: Check gpg-agent version before 2.1 migration. * g10/call-agent.c, g10/call-agent.h (agent_get_version): New. * g10/migrate.c (migrate_secring): Abort migration if agent_get_version returns not at least 2.1.0 -- GnuPG-bug-id: 1718 On the first installation of GnuPG 2.1 it is likely that an old gpg-agent is still running in the environment. In that case the migration would fail. Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2014-09-19 19:38:13 +02:00
gpg: Try to use the passphrase from the primary for --quick-addkey. * agent/command.c (cmd_genkey): Add option --passwd-nonce. (cmd_passwd): Return a PASSWD_NONCE in verify mode. * g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do not send a RESET if given. (agent_passwd): Add arg 'verify'. * g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'. (gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto. (generate_subkeypair): Use sepeare hexgrip var for the to be created for hexgrip feature. Verify primary key first. Make use of the passwd nonce. Allow for a static passphrase. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 21:21:08 +02:00
gpg: Check gpg-agent version before 2.1 migration. * g10/call-agent.c, g10/call-agent.h (agent_get_version): New. * g10/migrate.c (migrate_secring): Abort migration if agent_get_version returns not at least 2.1.0 -- GnuPG-bug-id: 1718 On the first installation of GnuPG 2.1 it is likely that an old gpg-agent is still running in the environment. In that case the migration would fail. Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2014-09-19 19:38:13 +02:00
/* Return the version reported by gpg-agent. */
gpg_error_t
agent_get_version (ctrl_t ctrl, char **r_version)
{
gpg_error_t err;
err = start_agent (ctrl, 0);
if (err)
return err;
common: New function get_assuan_server_version. * common/asshelp.c: Include membuf.h. (get_assuan_server_version): New. * g10/call-agent.c (agent_get_version): Use new function. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 06:42:29 +01:00
err = get_assuan_server_version (agent_ctx, 0, r_version);
gpg: Check gpg-agent version before 2.1 migration. * g10/call-agent.c, g10/call-agent.h (agent_get_version): New. * g10/migrate.c (migrate_secring): Abort migration if agent_get_version returns not at least 2.1.0 -- GnuPG-bug-id: 1718 On the first installation of GnuPG 2.1 it is likely that an old gpg-agent is still running in the environment. In that case the migration would fail. Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2014-09-19 19:38:13 +02:00
return err;
}