security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

* call-agent.c (gpgsm_agent_pksign, gpgsm_agent_pkdecrypt) 

(gpgsm_agent_genkey, gpgsm_agent_istrusted)
(gpgsm_agent_marktrusted, gpgsm_agent_havekey)
(gpgsm_agent_passwd): Add new arg CTRL and changed all callers.
(start_agent): New arg CTRL.  Send progress item when starting a
new agent.
* sign.c (gpgsm_get_default_cert, get_default_signer): New arg
CTRL to be passed down to the agent function.
* decrypt.c (prepare_decryption): Ditto.
* certreqgen.c (proc_parameters, read_parameters): Ditto.
* certcheck.c (gpgsm_create_cms_signature): Ditto.
This commit is contained in:
Werner Koch 2004-04-26 13:29:09 +00:00
parent 1101deced5
commit 388218891b
13 changed files with 90 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
TODO
View File

@ -11,7 +11,6 @@ We should always use valid S-Exp and not just parts.
** When we allow concurrent service request in gpgsm, we
might want to have an agent context for each service request
(i.e. Assuan context).
** There is no error report if GPG_AGENT_INFO has been set but the agent is not anymore running.
* sm/certreqgen.c
** Improve error reporting

14
sm/ChangeLog
View File

@ -1,3 +1,17 @@
2004-04-26 Werner Koch <wk@gnupg.org>
* call-agent.c (gpgsm_agent_pksign, gpgsm_agent_pkdecrypt)
(gpgsm_agent_genkey, gpgsm_agent_istrusted)
(gpgsm_agent_marktrusted, gpgsm_agent_havekey)
(gpgsm_agent_passwd): Add new arg CTRL and changed all callers.
(start_agent): New arg CTRL. Send progress item when starting a
new agent.
* sign.c (gpgsm_get_default_cert, get_default_signer): New arg
CTRL to be passed down to the agent function.
* decrypt.c (prepare_decryption): Ditto.
* certreqgen.c (proc_parameters, read_parameters): Ditto.
* certcheck.c (gpgsm_create_cms_signature): Ditto.
2004-04-23 Werner Koch <wk@gnupg.org>
* keydb.c (keydb_add_resource): Try to compress the file on init.

43
sm/call-agent.c
View File

@ -65,7 +65,7 @@ struct learn_parm_s {
/* Try to connect to the agent via socket or fork it off and work by
pipes. Handle the server's initial greeting */
static int
start_agent (void)
start_agent (ctrl_t ctrl)
{
int rc = 0;
char *infostr, *p;
@ -86,6 +86,8 @@ start_agent (void)
if (opt.verbose)
log_info (_("no running gpg-agent - starting one\n"));
gpgsm_status (ctrl, STATUS_PROGRESS, "starting_agent ? 0 0");
if (fflush (NULL))
{
@ -126,7 +128,7 @@ start_agent (void)
log_error (_("malformed GPG_AGENT_INFO environment variable\n"));
xfree (infostr);
force_pipe_server = 1;
return start_agent ();
return start_agent (ctrl);
}
*p++ = 0;
pid = atoi (p);
@ -139,7 +141,7 @@ start_agent (void)
prot);
xfree (infostr);
force_pipe_server = 1;
return start_agent ();
return start_agent (ctrl);
}
rc = assuan_socket_connect (&ctx, infostr, pid);
@ -148,7 +150,7 @@ start_agent (void)
{
log_error (_("can't connect to the agent - trying fall back\n"));
force_pipe_server = 1;
return start_agent ();
return start_agent (ctrl);
}
}
@ -188,7 +190,7 @@ membuf_data_cb (void *opaque, const void *buffer, size_t length)
/* Call the agent to do a sign operation using the key identified by
the hex string KEYGRIP. */
int
gpgsm_agent_pksign (const char *keygrip, const char *desc,
gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
unsigned char *digest, size_t digestlen, int digestalgo,
char **r_buf, size_t *r_buflen )
{
@ -198,7 +200,7 @@ gpgsm_agent_pksign (const char *keygrip, const char *desc,
size_t len;
*r_buf = NULL;
rc = start_agent ();
rc = start_agent (ctrl);
if (rc)
return rc;
@ -273,7 +275,7 @@ inq_ciphertext_cb (void *opaque, const char *keyword)
/* Call the agent to do a decrypt operation using the key identified by
the hex string KEYGRIP. */
int
gpgsm_agent_pkdecrypt (const char *keygrip, const char *desc,
gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
ksba_const_sexp_t ciphertext,
char **r_buf, size_t *r_buflen )
{
@ -293,7 +295,7 @@ gpgsm_agent_pkdecrypt (const char *keygrip, const char *desc,
if (!ciphertextlen)
return gpg_error (GPG_ERR_INV_VALUE);
rc = start_agent ();
rc = start_agent (ctrl);
if (rc)
return rc;
@ -371,7 +373,8 @@ inq_genkey_parms (void *opaque, const char *keyword)
/* Call the agent to generate a newkey */
int
gpgsm_agent_genkey (ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey)
gpgsm_agent_genkey (ctrl_t ctrl,
ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey)
{
int rc;
struct genkey_parm_s gk_parm;
@ -380,7 +383,7 @@ gpgsm_agent_genkey (ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey)
char *buf;
*r_pubkey = NULL;
rc = start_agent ();
rc = start_agent (ctrl);
if (rc)
return rc;
@ -418,13 +421,13 @@ gpgsm_agent_genkey (ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey)
/* Ask the agent whether the certificate is in the list of trusted
keys */
int
gpgsm_agent_istrusted (ksba_cert_t cert)
gpgsm_agent_istrusted (ctrl_t ctrl, ksba_cert_t cert)
{
int rc;
char *fpr;
char line[ASSUAN_LINELENGTH];
rc = start_agent ();
rc = start_agent (ctrl);
if (rc)
return rc;
@ -445,13 +448,13 @@ gpgsm_agent_istrusted (ksba_cert_t cert)
/* Ask the agent to mark CERT as a trusted Root-CA one */
int
gpgsm_agent_marktrusted (ksba_cert_t cert)
gpgsm_agent_marktrusted (ctrl_t ctrl, ksba_cert_t cert)
{
int rc;
char *fpr, *dn;
char line[ASSUAN_LINELENGTH];
rc = start_agent ();
rc = start_agent (ctrl);
if (rc)
return rc;
@ -482,12 +485,12 @@ gpgsm_agent_marktrusted (ksba_cert_t cert)
/* Ask the agent whether the a corresponding secret key is available
for the given keygrip */
int
gpgsm_agent_havekey (const char *hexkeygrip)
gpgsm_agent_havekey (ctrl_t ctrl, const char *hexkeygrip)
{
int rc;
char line[ASSUAN_LINELENGTH];
rc = start_agent ();
rc = start_agent (ctrl);
if (rc)
return rc;
@ -572,14 +575,14 @@ learn_cb (void *opaque, const void *buffer, size_t length)
/* Call the agent to learn about a smartcard */
int
gpgsm_agent_learn ()
gpgsm_agent_learn (ctrl_t ctrl)
{
int rc;
struct learn_parm_s learn_parm;
membuf_t data;
size_t len;
rc = start_agent ();
rc = start_agent (ctrl);
if (rc)
return rc;
@ -601,12 +604,12 @@ gpgsm_agent_learn ()
HEXKEYGRIP. If DESC is not NULL, display instead of the default
description message. */
int
gpgsm_agent_passwd (const char *hexkeygrip, const char *desc)
gpgsm_agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc)
{
int rc;
char line[ASSUAN_LINELENGTH];
rc = start_agent ();
rc = start_agent (ctrl);
if (rc)
return rc;

4
sm/certchain.c
View File

@ -666,7 +666,7 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
if (rc)
goto leave;
rc = gpgsm_agent_istrusted (subject_cert);
rc = gpgsm_agent_istrusted (ctrl, subject_cert);
if (!rc)
;
else if (gpg_err_code (rc) == GPG_ERR_NOT_TRUSTED)
@ -679,7 +679,7 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
GCRY_MD_SHA1);
log_info (_("fingerprint=%s\n"), fpr? fpr : "?");
xfree (fpr);
rc2 = gpgsm_agent_marktrusted (subject_cert);
rc2 = gpgsm_agent_marktrusted (ctrl, subject_cert);
if (!rc2)
{
log_info (_("root certificate has now"

6
sm/certcheck.c
View File

@ -278,8 +278,8 @@ gpgsm_check_cms_signature (ksba_cert_t cert, ksba_const_sexp_t sigval,
int
gpgsm_create_cms_signature (ksba_cert_t cert, gcry_md_hd_t md, int mdalgo,
char **r_sigval)
gpgsm_create_cms_signature (ctrl_t ctrl, ksba_cert_t cert,
gcry_md_hd_t md, int mdalgo, char **r_sigval)
{
int rc;
char *grip, *desc;
@ -291,7 +291,7 @@ gpgsm_create_cms_signature (ksba_cert_t cert, gcry_md_hd_t md, int mdalgo,
desc = gpgsm_format_keydesc (cert);
rc = gpgsm_agent_pksign (grip, desc, gcry_md_read(md, mdalgo),
rc = gpgsm_agent_pksign (ctrl, grip, desc, gcry_md_read(md, mdalgo),
gcry_md_get_algo_dlen (mdalgo), mdalgo,
r_sigval, &siglen);
xfree (desc);

4
sm/certlist.c
View File

@ -245,7 +245,7 @@ gpgsm_add_cert_to_certlist (ctrl_t ctrl, ksba_cert_t cert,
available for the certificate. IS_ENCRYPT_TO sets the corresponding
flag in the new create LISTADDR item. */
int
gpgsm_add_to_certlist (CTRL ctrl, const char *name, int secret,
gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
CERTLIST *listaddr, int is_encrypt_to)
{
int rc;
@ -342,7 +342,7 @@ gpgsm_add_to_certlist (CTRL ctrl, const char *name, int secret,
p = gpgsm_get_keygrip_hexstring (cert);
if (p)
{
if (!gpgsm_agent_havekey (p))
if (!gpgsm_agent_havekey (ctrl, p))
rc = 0;
xfree (p);
}

30
sm/certreqgen.c
View File

@ -129,9 +129,11 @@ struct reqgen_ctrl_s {
};
static int proc_parameters (struct para_data_s *para,
static int proc_parameters (ctrl_t ctrl,
struct para_data_s *para,
struct reqgen_ctrl_s *outctrl);
static int create_request (struct para_data_s *para,
static int create_request (ctrl_t ctrl,
struct para_data_s *para,
ksba_const_sexp_t public,
struct reqgen_ctrl_s *outctrl);
@ -228,7 +230,7 @@ get_parameter_uint (struct para_data_s *para, enum para_name key)
/* Read the certificate generation parameters from FP and generate
(all) certificate requests. */
static int
read_parameters (FILE *fp, ksba_writer_t writer)
read_parameters (ctrl_t ctrl, FILE *fp, ksba_writer_t writer)
{
static struct {
const char *name;
@ -285,7 +287,7 @@ read_parameters (FILE *fp, ksba_writer_t writer)
outctrl.dryrun = 1;
else if (!ascii_strcasecmp( keyword, "%commit"))
{
rc = proc_parameters (para, &outctrl);
rc = proc_parameters (ctrl, para, &outctrl);
if (rc)
goto leave;
any = 1;
@ -332,7 +334,7 @@ read_parameters (FILE *fp, ksba_writer_t writer)
if (keywords[i].key == pKEYTYPE && para)
{
rc = proc_parameters (para, &outctrl);
rc = proc_parameters (ctrl, para, &outctrl);
if (rc)
goto leave;
any = 1;
@ -375,7 +377,7 @@ read_parameters (FILE *fp, ksba_writer_t writer)
}
else if (para)
{
rc = proc_parameters (para, &outctrl);
rc = proc_parameters (ctrl, para, &outctrl);
if (rc)
goto leave;
any = 1;
@ -414,7 +416,8 @@ has_invalid_email_chars (const char *s)
/* Check that all required parameters are given and perform the action */
static int
proc_parameters (struct para_data_s *para, struct reqgen_ctrl_s *outctrl)
proc_parameters (ctrl_t ctrl,
struct para_data_s *para, struct reqgen_ctrl_s *outctrl)
{
struct para_data_s *r;
const char *s;
@ -484,7 +487,7 @@ proc_parameters (struct para_data_s *para, struct reqgen_ctrl_s *outctrl)
sprintf (numbuf, "%u", nbits);
snprintf (keyparms, DIM (keyparms)-1,
"(6:genkey(3:rsa(5:nbits%d:%s)))", strlen (numbuf), numbuf);
rc = gpgsm_agent_genkey (keyparms, &public);
rc = gpgsm_agent_genkey (ctrl, keyparms, &public);
if (rc)
{
r = get_parameter (para, pKEYTYPE);
@ -493,7 +496,7 @@ proc_parameters (struct para_data_s *para, struct reqgen_ctrl_s *outctrl)
return rc;
}
rc = create_request (para, public, outctrl);
rc = create_request (ctrl, para, public, outctrl);
xfree (public);
return rc;
@ -503,7 +506,8 @@ proc_parameters (struct para_data_s *para, struct reqgen_ctrl_s *outctrl)
/* Parameters are checked, the key pair has been created. Now
generate the request and write it out */
static int
create_request (struct para_data_s *para, ksba_const_sexp_t public,
create_request (ctrl_t ctrl,
struct para_data_s *para, ksba_const_sexp_t public,
struct reqgen_ctrl_s *outctrl)
{
ksba_certreq_t cr;
@ -614,7 +618,7 @@ create_request (struct para_data_s *para, ksba_const_sexp_t public,
for (n=0; n < 20; n++)
sprintf (hexgrip+n*2, "%02X", grip[n]);
rc = gpgsm_agent_pksign (hexgrip, NULL,
rc = gpgsm_agent_pksign (ctrl, hexgrip, NULL,
gcry_md_read(md, GCRY_MD_SHA1),
gcry_md_get_algo_dlen (GCRY_MD_SHA1),
GCRY_MD_SHA1,
@ -650,7 +654,7 @@ create_request (struct para_data_s *para, ksba_const_sexp_t public,
/* Create a new key by reading the parameters from in_fd. Multiple
keys may be created */
int
gpgsm_genkey (CTRL ctrl, int in_fd, FILE *out_fp)
gpgsm_genkey (ctrl_t ctrl, int in_fd, FILE *out_fp)
{
int rc;
FILE *in_fp;
@ -673,7 +677,7 @@ gpgsm_genkey (CTRL ctrl, int in_fd, FILE *out_fp)
goto leave;
}
rc = read_parameters (in_fp, writer);
rc = read_parameters (ctrl, in_fp, writer);
if (rc)
{
log_error ("error creating certificate request: %s\n",

9
sm/decrypt.c
View File

@ -54,7 +54,7 @@ struct decrypt_filter_parm_s {
/* Decrypt the session key and fill in the parm structure. The
algo and the IV is expected to be already in PARM. */
static int
prepare_decryption (const char *hexkeygrip, const char *desc,
prepare_decryption (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
ksba_const_sexp_t enc_val,
struct decrypt_filter_parm_s *parm)
{
@ -62,7 +62,7 @@ prepare_decryption (const char *hexkeygrip, const char *desc,
size_t n, seskeylen;
int rc;
rc = gpgsm_agent_pkdecrypt (hexkeygrip, desc, enc_val,
rc = gpgsm_agent_pkdecrypt (ctrl, hexkeygrip, desc, enc_val,
&seskey, &seskeylen);
if (rc)
{
@ -238,7 +238,7 @@ decrypt_filter (void *arg,
/* Perform a decrypt operation. */
int
gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
{
int rc;
Base64Context b64reader = NULL;
@ -424,7 +424,8 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
recp);
else
{
rc = prepare_decryption (hexkeygrip, desc, enc_val, &dfparm);
rc = prepare_decryption (ctrl,
hexkeygrip, desc, enc_val, &dfparm);
xfree (enc_val);
if (rc)
{

2
sm/export.c
View File

@ -392,7 +392,7 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, FILE *fp)
}
keygrip = gpgsm_get_keygrip_hexstring (cert);
if (!keygrip || gpgsm_agent_havekey (keygrip))
if (!keygrip || gpgsm_agent_havekey (ctrl, keygrip))
{
/* Note, that the !keygrip case indicates a bad certificate. */
rc = gpg_error (GPG_ERR_NO_SECKEY);

4
sm/gpgsm.c
View File

@ -1496,7 +1496,7 @@ main ( int argc, char **argv)
wrong_args ("--learn-card");
else
{
int rc = gpgsm_agent_learn ();
int rc = gpgsm_agent_learn (&ctrl);
if (rc)
log_error ("error learning card: %s\n", gpg_strerror (rc));
}
@ -1519,7 +1519,7 @@ main ( int argc, char **argv)
else
{
char *desc = gpgsm_format_keydesc (cert);
rc = gpgsm_agent_passwd (grip, desc);
rc = gpgsm_agent_passwd (&ctrl, grip, desc);
xfree (desc);
}
if (rc)

22
sm/gpgsm.h
View File

@ -214,7 +214,8 @@ int gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert);
int gpgsm_check_cms_signature (ksba_cert_t cert, ksba_const_sexp_t sigval,
gcry_md_hd_t md, int hash_algo);
/* fixme: move create functions to another file */
int gpgsm_create_cms_signature (ksba_cert_t cert, gcry_md_hd_t md, int mdalgo,
int gpgsm_create_cms_signature (ctrl_t ctrl,
ksba_cert_t cert, gcry_md_hd_t md, int mdalgo,
char **r_sigval);
@ -260,7 +261,7 @@ int gpgsm_delete (ctrl_t ctrl, STRLIST names);
int gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp);
/*-- sign.c --*/
int gpgsm_get_default_cert (ksba_cert_t *r_cert);
int gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert);
int gpgsm_sign (ctrl_t ctrl, CERTLIST signerlist,
int data_fd, int detached, FILE *out_fp);
@ -274,20 +275,21 @@ int gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp);
int gpgsm_genkey (ctrl_t ctrl, int in_fd, FILE *out_fp);
/*-- call-agent.c --*/
int gpgsm_agent_pksign (const char *keygrip, const char *desc,
int gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
unsigned char *digest,
size_t digestlen,
int digestalgo,
char **r_buf, size_t *r_buflen);
int gpgsm_agent_pkdecrypt (const char *keygrip, const char *desc,
int gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
ksba_const_sexp_t ciphertext,
char **r_buf, size_t *r_buflen);
int gpgsm_agent_genkey (ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey);
int gpgsm_agent_istrusted (ksba_cert_t cert);
int gpgsm_agent_havekey (const char *hexkeygrip);
int gpgsm_agent_marktrusted (ksba_cert_t cert);
int gpgsm_agent_learn (void);
int gpgsm_agent_passwd (const char *hexkeygrip, const char *desc);
int gpgsm_agent_genkey (ctrl_t ctrl,
ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey);
int gpgsm_agent_istrusted (ctrl_t ctrl, ksba_cert_t cert);
int gpgsm_agent_havekey (ctrl_t ctrl, const char *hexkeygrip);
int gpgsm_agent_marktrusted (ctrl_t ctrl, ksba_cert_t cert);
int gpgsm_agent_learn (ctrl_t ctrl);
int gpgsm_agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc);
/*-- call-dirmngr.c --*/
int gpgsm_dirmngr_isvalid (ctrl_t ctrl,

4
sm/keylist.c
View File

@ -977,7 +977,7 @@ list_cert_chain (ctrl_t ctrl, ksba_cert_t cert, int raw_mode,
output mode will be used intead of the standard beautified one.
*/
static gpg_error_t
list_internal_keys (CTRL ctrl, STRLIST names, FILE *fp,
list_internal_keys (ctrl_t ctrl, STRLIST names, FILE *fp,
unsigned int mode, int raw_mode)
{
KEYDB_HANDLE hd;
@ -1082,7 +1082,7 @@ list_internal_keys (CTRL ctrl, STRLIST names, FILE *fp,
char *p = gpgsm_get_keygrip_hexstring (cert);
if (p)
{
rc = gpgsm_agent_havekey (p);
rc = gpgsm_agent_havekey (ctrl, p);
if (!rc)
have_secret = 1;
else if ( gpg_err_code (rc) != GPG_ERR_NO_SECKEY)

13
sm/sign.c
View File

@ -126,7 +126,7 @@ hash_and_copy_data (int fd, gcry_md_hd_t md, ksba_writer_t writer)
/* Get the default certificate which is defined as the first one our
keyDB returns and has a secret key available. */
int
gpgsm_get_default_cert (ksba_cert_t *r_cert)
gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert)
{
KEYDB_HANDLE hd;
ksba_cert_t cert = NULL;
@ -156,7 +156,7 @@ gpgsm_get_default_cert (ksba_cert_t *r_cert)
p = gpgsm_get_keygrip_hexstring (cert);
if (p)
{
if (!gpgsm_agent_havekey (p))
if (!gpgsm_agent_havekey (ctrl, p))
{
xfree (p);
keydb_release (hd);
@ -180,7 +180,7 @@ gpgsm_get_default_cert (ksba_cert_t *r_cert)
static ksba_cert_t
get_default_signer (void)
get_default_signer (ctrl_t ctrl)
{
KEYDB_SEARCH_DESC desc;
ksba_cert_t cert = NULL;
@ -189,7 +189,7 @@ get_default_signer (void)
if (!opt.local_user)
{
rc = gpgsm_get_default_cert (&cert);
rc = gpgsm_get_default_cert (ctrl, &cert);
if (rc)
{
if (rc != -1)
@ -365,7 +365,7 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
/* If no list of signers is given, use a default one. */
if (!signerlist)
{
ksba_cert_t cert = get_default_signer ();
ksba_cert_t cert = get_default_signer (ctrl);
if (!cert)
{
log_error ("no default signer found\n");
@ -589,7 +589,8 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
goto leave;
}
rc = gpgsm_create_cms_signature (cl->cert, md, algo, &sigval);
rc = gpgsm_create_cms_signature (ctrl, cl->cert,
md, algo, &sigval);
if (rc)
{
gcry_md_close (md);