From 0e36c4c6a71b08dd0c0047b1b0aae47fac01196a Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Sun, 25 Nov 2001 18:23:06 +0000 Subject: [PATCH] The agent does now work and read the secret keys from the directory ~/.gnupg-test/private-keys-v1.d/. I will post a sample key to gpa-dev. --- agent/pksign.c | 104 ++++++--- common/errors.h | 10 +- sm/Makefile.am | 1 + sm/call-agent.c | 556 ++++++++++++++++++++++++++++++++++++++++++++++++ sm/certcheck.c | 23 +- sm/gpgsm.h | 18 +- sm/verify.c | 1 - 7 files changed, 668 insertions(+), 45 deletions(-) create mode 100644 sm/call-agent.c diff --git a/agent/pksign.c b/agent/pksign.c index f597c8aa2..4bf833ece 100644 --- a/agent/pksign.c +++ b/agent/pksign.c @@ -26,6 +26,7 @@ #include #include #include +#include #include "agent.h" @@ -88,54 +89,84 @@ do_encode_md (const unsigned char *digest, size_t digestlen, int algo, } +static GCRY_SEXP +key_from_file (const unsigned char *grip) +{ + int i, rc; + char *fname; + FILE *fp; + struct stat st; + char *buf; + size_t buflen, erroff; + GCRY_SEXP s_skey; + char hexgrip[41]; + + for (i=0; i < 20; i++) + sprintf (hexgrip+2*i, "%02X", grip[i]); + hexgrip[40] = 0; + + fname = make_filename (opt.homedir, "private-keys-v1.d", hexgrip, NULL ); + fp = fopen (fname, "rb"); + if (!fp) + { + log_error ("can't open `%s': %s\n", fname, strerror (errno)); + xfree (fname); + return NULL; + } + + if (fstat (fileno(fp), &st)) + { + log_error ("can't stat `%s': %s\n", fname, strerror (errno)); + xfree (fname); + fclose (fp); + return NULL; + } + + buflen = st.st_size; + buf = xmalloc (buflen+1); + if (fread (buf, buflen, 1, fp) != 1) + { + log_error ("error reading `%s': %s\n", fname, strerror (errno)); + xfree (fname); + fclose (fp); + xfree (buf); + return NULL; + } + + rc = gcry_sexp_sscan (&s_skey, &erroff, buf, buflen); + xfree (fname); + fclose (fp); + xfree (buf); + if (rc) + { + log_error ("failed to build S-Exp (off=%u): %s\n", + (unsigned int)erroff, gcry_strerror (rc)); + return NULL; + } + + return s_skey; +} + + + /* SIGN whatever information we have accumulated in CTRL and write it back to OUTFP. */ int agent_pksign (CTRL ctrl, FILE *outfp) { - /* our sample key */ - const char n[] = "#8732A669BB7C5057AD070EFA54E035C86DF474F7A7EBE2435" - "3DADEB86FFE74C32AEEF9E5C6BD7584CB572520167B3E8C89A1FA75C74FF9E938" - "2710F3B270B638EB96E7486491D81C53CA8A50B4E840B1C7458A4A1E52EC18D681" - "8A2805C9165827F77EF90D55014E4B2AF9386AE8F6462F46A547CB593ABD509311" - "4D3D16375F#"; - const char e[] = "#11#"; - const char d[] = "#07F3EBABDDDA22D7FB1E8869140D30571586D9B4370DE02213F" - "DD0DDAC3C24FC6BEFF0950BB0CAAD755F7AA788DA12BCF90987341AC8781CC7115" - "B59A115B05D9D99B3D7AF77854DC2EE6A36154512CC0EAD832601038A88E837112" - "AB2A39FD9FBE05E30D6FFA6F43D71C59F423CA43BC91C254A8C89673AB61F326B0" - "762FBC9#"; - const char p[] = "#B2ABAD4328E66303E206C53CFBED17F18F712B1C47C966EE13DD" - "AA9AD3616A610ADF513F8376FA48BAE12FED64CECC1E73091A77B45119AF0FC1286A" - "85BD9BBD#"; - const char q[] = "#C1B648B294BB9AEE7FEEB77C4F64E9333E4EA9A7C54D521356FB" - "BBB7558A0E7D6331EC7B42E3F0CD7BBBA9B7A013422F615F10DCC1E8462828BF8FC7" - "39C5E34B#"; - const char u[] = "#A9B5EFF9C80A4A356B9A95EB63E381B262071E5CE9C1F32FF03" - "83AD8289BED8BC690555E54411FA2FDB9B49638A21B2046C325F5633B4B1ECABEBFD" - "1B3519072#"; - GCRY_SEXP s_skey, s_hash, s_sig; GCRY_MPI frame; int rc; char *buf; size_t len; - /* create a secret key as an sexp */ - log_debug ("Using HARDWIRED secret key\n"); - asprintf (&buf, "(private-key(oid.1.2.840.113549.1.1.1" - "(n %s)(e %s)(d %s)(p %s)(q %s)(u %s)))", - n, e, d, p, q, u); - /* asprintf does not use our allocation fucntions, so we can't - use our free */ - rc = gcry_sexp_sscan (&s_skey, NULL, buf, strlen(buf)); - free (buf); - if (rc) + s_skey = key_from_file (ctrl->keygrip); + if (!s_skey) { - log_error ("failed to build S-Exp: %s\n", gcry_strerror (rc)); - return map_gcry_err (rc); + log_error ("failed to read the secret key\n"); + return seterr (No_Secret_Key); } - + /* put the hash into a sexp */ rc = do_encode_md (ctrl->digest.value, ctrl->digest.valuelen, @@ -165,6 +196,9 @@ agent_pksign (CTRL ctrl, FILE *outfp) len = gcry_sexp_sprint (s_sig, GCRYSEXP_FMT_CANON, buf, len); assert (len); + /* FIXME: we must make sure that no buffering takes place or we are + in full control of the buffer memory (easy to do) - should go + into assuan. */ fwrite (buf, 1, strlen(buf), outfp); return 0; } diff --git a/common/errors.h b/common/errors.h index 4f7cb32f0..d2539e943 100644 --- a/common/errors.h +++ b/common/errors.h @@ -40,7 +40,15 @@ enum { GNUPG_Bad_Signature = 11, GNUPG_Not_Implemented = 12, GNUPG_Conflict = 13, - GNUPG_Bug = 14 + GNUPG_Bug = 14, + GNUPG_Read_Error = 15, + GNUPG_Write_Error = 16, + GNUPG_Incomplete_Line = 17, + GNUPG_Invalid_Response = 18, + GNUPG_No_Agent = 19, + GNUPG_Agent_Error = 20, + GNUPG_No_Public_Key = 21, + GNUPG_No_Secret_Key = 22, }; /* Status codes - fixme: should go into another file */ diff --git a/sm/Makefile.am b/sm/Makefile.am index 5e26382e3..c6aecdb5b 100644 --- a/sm/Makefile.am +++ b/sm/Makefile.am @@ -29,6 +29,7 @@ gpgsm_SOURCES = \ misc.c \ keydb.c keydb.h \ server.c \ + call-agent.c \ fingerprint.c \ certdump.c \ certcheck.c \ diff --git a/sm/call-agent.c b/sm/call-agent.c new file mode 100644 index 000000000..c440f2bf1 --- /dev/null +++ b/sm/call-agent.c @@ -0,0 +1,556 @@ +/* call-agent.c - divert operations to the agent + * Copyright (C) 2001 Free Software Foundation, Inc. + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "gpgsm.h" +#include "../assuan/assuan.h" +#include "i18n.h" + +#ifdef _POSIX_OPEN_MAX +#define MAX_OPEN_FDS _POSIX_OPEN_MAX +#else +#define MAX_OPEN_FDS 20 +#endif + +#define LINELENGTH 1002 /* 1000 + [CR,]LF */ + +#define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \ + *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10)) +#define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1)) + + +static pid_t agent_pid = -1; +/* fixme: replace this code by calling assuna functions */ +static int inbound_fd = -1; +static int outbound_fd = -1; +static struct { + int eof; + char line[LINELENGTH]; + int linelen; /* w/o CR, LF - might not be the same as + strlen(line) due to embedded nuls. However a nul + is always written at this pos */ + struct { + char line[LINELENGTH]; + int linelen ; + } attic; +} inbound; + + +struct membuf { + size_t len; + size_t size; + char *buf; + int out_of_core; +}; + + + +/* A simple implemnation of a dynamic buffer. Use init_membuf() to + create a buffer, put_membuf to append bytes and get_membuf to + release and return the buffer. Allocation errors are detected but + only returned at the final get_membuf(), this helps not to clutter + the code with out of core checks. */ + +static void +init_membuf (struct membuf *mb, int initiallen) +{ + mb->len = 0; + mb->size = initiallen; + mb->out_of_core = 0; + mb->buf = xtrymalloc (initiallen); + if (!mb->buf) + mb->out_of_core = 1; +} + +static void +put_membuf (struct membuf *mb, const void *buf, size_t len) +{ + if (mb->out_of_core) + return; + + if (mb->len + len >= mb->size) + { + char *p; + + mb->size += len + 1024; + p = xtryrealloc (mb->buf, mb->size); + if (!p) + { + mb->out_of_core = 1; + return; + } + mb->buf = p; + } + memcpy (mb->buf + mb->len, buf, len); + mb->len += len; +} + +static void * +get_membuf (struct membuf *mb, size_t *len) +{ + char *p; + + if (mb->out_of_core) + { + xfree (mb->buf); + mb->buf = NULL; + return NULL; + } + + p = mb->buf; + *len = mb->len; + mb->buf = NULL; + mb->out_of_core = 1; /* don't allow a reuse */ + return p; +} + + + +static int +writen (int fd, const void *buf, size_t nbytes) +{ + size_t nleft = nbytes; + int nwritten; + + while (nleft > 0) + { + nwritten = write (fd, buf, nleft); + if (nwritten < 0) + { + if (errno == EINTR) + nwritten = 0; + else + { + log_error ("write() failed: %s\n", strerror (errno)); + return seterr (Write_Error); + } + } + nleft -= nwritten; + buf = (const char*)buf + nwritten; + } + + return 0; +} + + + +/* read an entire line */ +static int +readline (int fd, char *buf, size_t buflen, int *r_nread, int *eof) +{ + size_t nleft = buflen; + int n; + char *p; + + *eof = 0; + *r_nread = 0; + while (nleft > 0) + { + do + n = read (fd, buf, nleft); + while (n < 0 && errno == EINTR); + if (n < 0) + { + log_error ("read() error: %s\n", strerror (errno) ); + return seterr (Read_Error); + } + + if (!n) + { + *eof = 1; + break; /* allow incomplete lines */ + } + p = buf; + nleft -= n; + buf += n; + *r_nread += n; + + for (; n && *p != '\n'; n--, p++) + ; + if (n) + break; /* at least one full line available - that's enough for now */ + } + + return 0; +} + + +static int +read_from_agent (int *okay) +{ + char *line = inbound.line; + int n, nread; + int rc; + + *okay = 0; + restart: + if (inbound.eof) + return -1; + + if (inbound.attic.linelen) + { + memcpy (line, inbound.attic.line, inbound.attic.linelen); + nread = inbound.attic.linelen; + inbound.attic.linelen = 0; + for (n=0; n < nread && line[n] != '\n'; n++) + ; + if (n < nread) + rc = 0; /* found another line in the attic */ + else + { /* read the rest */ + n = nread; + assert (n < LINELENGTH); + rc = readline (inbound_fd, line + n, LINELENGTH - n, + &nread, &inbound.eof); + } + } + else + rc = readline (inbound_fd, line, LINELENGTH, + &nread, &inbound.eof); + if (rc) + return seterr(Read_Error); + if (!nread) + { + assert (inbound.eof); + return -1; /* eof */ + } + + for (n=0; n < nread; n++) + { + if (line[n] == '\n') + { + if (n+1 < nread) + { + n++; + /* we have to copy the rest because the handlers are + allowed to modify the passed buffer */ + memcpy (inbound.attic.line, line+n, nread-n); + inbound.attic.linelen = nread-n; + n--; + } + if (n && line[n-1] == '\r') + n--; + line[n] = 0; + inbound.linelen = n; + if (n && *line == '#') + goto restart; + + rc = 0; + if (n >= 1 + && line[0] == 'D' && line[1] == ' ') + *okay = 2; /* data line */ + else if (n >= 2 + && line[0] == 'O' && line[1] == 'K' + && (line[2] == '\0' || line[2] == ' ')) + *okay = 1; + else if (n >= 3 + && line[0] == 'E' && line[1] == 'R' && line[2] == 'R' + && (line[3] == '\0' || line[3] == ' ')) + *okay = 0; + else + rc = seterr (Invalid_Response); + return rc; + } + } + + *line = 0; + inbound.linelen = 0; + return inbound.eof? seterr (Incomplete_Line):seterr (Invalid_Response); +} + + + + + +/* Try to connect to the agent via socket or fork it off and work by + pipes. Handle the server's initial greeting */ +static int +start_agent (void) +{ + int rc; + char *infostr, *p; + int okay; + + if (agent_pid != -1) + return 0; + + infostr = getenv ("GPG_AGENT_INFO"); + if (!infostr) + { + pid_t pid; + int inpipe[2], outpipe[2]; + + log_info (_("no running gpg-agent - starting one\n")); + + if (fflush (NULL)) + { + log_error ("error flushing pending output: %s\n", strerror (errno)); + return seterr (Write_Error); + } + + if (pipe (inpipe)) + { + log_error ("error creating pipe: %s\n", strerror (errno)); + return seterr (General_Error); + } + if (pipe (outpipe)) + { + log_error ("error creating pipe: %s\n", strerror (errno)); + close (inpipe[0]); + close (inpipe[1]); + return seterr (General_Error); + } + + pid = fork (); + if (pid == -1) + return seterr (General_Error); + + if (!pid) + { /* child */ + int i, n; + char errbuf[100]; + int log_fd = log_get_fd (); + + /* close all files which will not be duped but keep stderr + and log_stream for now */ + n = sysconf (_SC_OPEN_MAX); + if (n < 0) + n = MAX_OPEN_FDS; + for (i=0; i < n; i++) + { + if (i != fileno (stderr) && i != log_fd + && i != inpipe[1] && i != outpipe[0]) + close(i); + } + errno = 0; + + if (inpipe[1] != 1) + { + if (dup2 (inpipe[1], 1) == -1) + { + log_error ("dup2 failed in child: %s\n", strerror (errno)); + _exit (4); + } + close (inpipe[1]); + } + if (outpipe[0] != 0) + { + if (dup2 (outpipe[0], 0) == -1) + { + log_error ("dup2 failed in child: %s\n", strerror (errno)); + _exit (4); + } + close (outpipe[0]); + } + + /* and start it */ + execl ("../agent/gpg-agent", "gpg-agent", "--server", NULL); + /* oops - tell the parent about it */ + snprintf (errbuf, DIM(errbuf)-1, "ERR %d execl failed: %.50s\n", + ASSUAN_Problem_Starting_Server, strerror (errno)); + errbuf[DIM(errbuf)-1] = 0; + writen (1, errbuf, strlen (errbuf)); + _exit (4); + } /* end child */ + + agent_pid = pid; + + inbound_fd = inpipe[0]; + close (inpipe[1]); + + close (outpipe[0]); + outbound_fd = outpipe[1]; + } + else + { + infostr = xstrdup (infostr); + if ( !(p = strchr (infostr, ':')) || p == infostr + /* || (p-infostr)+1 >= sizeof client_addr.sun_path */) + { + log_error (_("malformed GPG_AGENT_INFO environment variable\n")); + xfree (infostr); + return seterr (General_Error); + } + *p = 0; + log_error (_("socket based agent communication not yet implemented\n")); + return seterr (Not_Implemented); + } + + inbound.eof = 0; + inbound.linelen = 0; + inbound.attic.linelen = 0; + + /* The server is available - read the greeting */ + rc = read_from_agent (&okay); + if (rc) + { + log_error ("can't connect to the agent: %s\n", gnupg_strerror (rc)); + } + else if (!okay) + { + log_error ("can't connect to the agent: %s\n", inbound.line); + rc = seterr (No_Agent); + } + else + log_debug ("connection to agent established\n"); + + return 0; +} + + +static int +request_reply (const char *line, struct membuf *membuf) +{ + int rc, okay; + + if (DBG_AGENT) + log_debug ("agent-request=`%.*s'", (int)(*line? strlen(line)-1:0), line); + rc = writen (outbound_fd, line, strlen (line)); + if (rc) + return rc; + again: + rc = read_from_agent (&okay); + if (rc) + log_error ("error reading from agent: %s\n", gnupg_strerror (rc)); + else if (!okay) + { + log_error ("got error from agent: %s\n", inbound.line); + rc = seterr (Agent_Error); + } + else if (okay == 2 && !membuf) + { + log_error ("got unexpected data line\n"); + rc = seterr (Agent_Error); + } + else + { + if (DBG_AGENT) + log_debug ("agent-reply=`%s'", inbound.line); + } + + if (!rc && okay == 2 && inbound.linelen >= 2) + { /* handle data line */ + unsigned char *buf = inbound.line; + size_t len = inbound.linelen; + unsigned char *p; + + buf += 2; + len -= 2; + + p = buf; + while (len) + { + for (;len && *p != '%'; len--, p++) + ; + put_membuf (membuf, buf, p-buf); + buf = p; + if (len>2) + { /* handle escaping */ + unsigned char tmp[1]; + buf++; + *tmp = xtoi_2 (buf); + buf += 2; + len -= 3; + put_membuf (membuf, tmp, 1); + } + } + goto again; + } + return rc; +} + + + + +/* Call the agent to do a sign operation using the key identified by + the hex string KEYGRIP. */ +int +gpgsm_agent_pksign (const char *keygrip, + unsigned char *digest, size_t digestlen, int digestalgo, + char **r_buf, size_t *r_buflen ) +{ + int rc, i; + char *p, line[LINELENGTH]; + struct membuf data; + size_t len; + + *r_buf = NULL; + rc = start_agent (); + if (rc) + return rc; + + if (digestlen*2 + 50 > DIM(line)) + return seterr (General_Error); + + rc = request_reply ("RESET\n", NULL); + if (rc) + return rc; + + snprintf (line, DIM(line)-1, "SIGKEY %s\n", keygrip); + line[DIM(line)-1] = 0; + rc = request_reply (line, NULL); + if (rc) + return rc; + + sprintf (line, "SETHASH %d ", digestalgo); + p = line + strlen (line); + for (i=0; i < digestlen ; i++, p += 2 ) + sprintf (p, "%02X", digest[i]); + strcpy (p, "\n"); + rc = request_reply (line, NULL); + if (rc) + return rc; + + init_membuf (&data, 1024); + rc = request_reply ("PKSIGN\n", &data); + if (rc) + { + xfree (get_membuf (&data, &len)); + return rc; + } + *r_buf = get_membuf (&data, r_buflen); +/* if (DBG_AGENT && *r_buf) */ +/* { */ +/* FILE *fp; */ +/* char fname[100]; */ + +/* memcpy (fname, keygrip, 40); */ +/* strcpy (fname+40, "_pksign-dump.tmp"); */ +/* fp = fopen (fname, "wb"); */ +/* fwrite (*r_buf, *r_buflen, 1, fp); */ +/* fclose (fp); */ +/* } */ + + return *r_buf? 0 : GNUPG_Out_Of_Core; +} + + + + diff --git a/sm/certcheck.c b/sm/certcheck.c index b648c8877..f56359e43 100644 --- a/sm/certcheck.c +++ b/sm/certcheck.c @@ -244,6 +244,8 @@ int gpgsm_create_cms_signature (KsbaCert cert, GCRY_MD_HD md, int mdalgo, char **r_sigval) { +#if 0 + /* our sample key */ const char n[] = "#8732A669BB7C5057AD070EFA54E035C86DF474F7A7EBE2435" "3DADEB86FFE74C32AEEF9E5C6BD7584CB572520167B3E8C89A1FA75C74FF9E938" @@ -313,7 +315,26 @@ gpgsm_create_cms_signature (KsbaCert cert, GCRY_MD_HD md, int mdalgo, assert (len); *r_sigval = buf; - return 0; +#else + int rc; + char *grip; + size_t siglen; + + grip = gpgsm_get_keygrip_hexstring (cert); + if (!grip) + return seterr (Bad_Certificate); + + rc = gpgsm_agent_pksign (grip, gcry_md_read(md, mdalgo), + gcry_md_get_algo_dlen (mdalgo), mdalgo, + r_sigval, &siglen); + xfree (grip); + /* FIXME: we should check that the returnes S-Exp is valid fits int + siglen. It ould probaly be a good idea to scan and print it + again to make this sure and be sure that we have canocical + encoding */ + +#endif + return rc; } diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 178607169..a6eaf26ee 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -18,8 +18,8 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ -#ifndef GNUPG_H -#define GNUPG_H +#ifndef GPGSM_H +#define GPGSM_H #include #include "../common/util.h" @@ -72,12 +72,14 @@ struct { #define DBG_CACHE_VALUE 64 /* debug the caching */ #define DBG_MEMSTAT_VALUE 128 /* show memory statistics */ #define DBG_HASHING_VALUE 512 /* debug hashing operations */ +#define DBG_AGENT_VALUE 1024 /* debug communication with the agent */ #define DBG_X509 (opt.debug & DBG_X509_VALUE) #define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE) #define DBG_MEMORY (opt.debug & DBG_MEMORY_VALUE) #define DBG_CACHE (opt.debug & DBG_CACHE_VALUE) #define DBG_HASHING (opt.debug & DBG_HASHING_VALUE) +#define DBG_AGENT (opt.debug & DBG_AGENT_VALUE) struct server_local_s; @@ -134,9 +136,11 @@ int gpgsm_verify (CTRL ctrl, int in_fd, int data_fd); int gpgsm_sign (CTRL ctrl, int data_fd, int detached, FILE *out_fp); +/*-- call-agent.c --*/ +int gpgsm_agent_pksign (const char *keygrip, + unsigned char *digest, + size_t digestlen, + int digestalgo, + char **r_buf, size_t *r_buflen); -/*-- errors.c (built) --*/ -const char *gnupg_strerror (int err); - - -#endif /*GNUPG_H*/ +#endif /*GPGSM_H*/ diff --git a/sm/verify.c b/sm/verify.c index b44dd6add..581cafeef 100644 --- a/sm/verify.c +++ b/sm/verify.c @@ -319,7 +319,6 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd) unsigned char *serial; char *msgdigest = NULL; size_t msgdigestlen; - time_t sigcreated; err = ksba_cms_get_issuer_serial (cms, signer, &issuer, &serial); if (err)