mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-17 14:07:03 +01:00
agent: Add TKD command support.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
parent
512213d6ed
commit
4c74236dc7
@ -672,6 +672,7 @@ gpg_error_t divert_writekey (ctrl_t ctrl, int force, const char *serialno,
|
||||
int divert_tkd_pksign (ctrl_t ctrl,
|
||||
const unsigned char *digest, size_t digestlen,
|
||||
unsigned char **r_sig, size_t *r_siglen);
|
||||
int divert_tkd_cmd (ctrl_t ctrl, const char *cmdline);
|
||||
|
||||
/*-- call-daemon.c --*/
|
||||
gpg_error_t daemon_start (enum daemon_type type, ctrl_t ctrl);
|
||||
@ -748,6 +749,7 @@ int agent_tkd_pksign (ctrl_t ctrl,
|
||||
unsigned char **r_buf, size_t *r_buflen);
|
||||
int agent_tkd_readkey (ctrl_t ctrl, const char *keygrip,
|
||||
unsigned char **r_buf, size_t *r_buflen);
|
||||
int agent_tkd_cmd (ctrl_t ctrl, const char *cmdline);
|
||||
|
||||
/*-- learncard.c --*/
|
||||
int agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force);
|
||||
|
130
agent/call-tkd.c
130
agent/call-tkd.c
@ -208,10 +208,10 @@ agent_tkd_pksign (ctrl_t ctrl, const unsigned char *digest, size_t digestlen,
|
||||
|
||||
inqparm.ctx = daemon_ctx (ctrl);
|
||||
inqparm.getpin_cb = pin_cb;
|
||||
inqparm.pin = NULL;
|
||||
inqparm.ctrl = ctrl;
|
||||
inqparm.extra = digest;
|
||||
inqparm.extralen = digestlen;
|
||||
inqparm.pin = NULL;
|
||||
|
||||
bin2hex (ctrl->keygrip, KEYGRIP_LEN, hexgrip);
|
||||
snprintf (line, sizeof(line), "PKSIGN %s %s",
|
||||
@ -240,3 +240,131 @@ agent_tkd_pksign (ctrl_t ctrl, const unsigned char *digest, size_t digestlen,
|
||||
|
||||
return unlock_tkd (ctrl, 0);
|
||||
}
|
||||
|
||||
/* This handler is a helper for pincache_put_cb but may also be called
|
||||
* directly for that status code with ARGS being the arguments after
|
||||
* the status keyword (and with white space removed). */
|
||||
static gpg_error_t
|
||||
handle_pincache_put (const char *args)
|
||||
{
|
||||
gpg_error_t err;
|
||||
const char *s, *key, *pin;
|
||||
char *keybuf = NULL;
|
||||
size_t keylen;
|
||||
|
||||
key = s = args;
|
||||
while (*s && !spacep (s))
|
||||
s++;
|
||||
keylen = s - key;
|
||||
if (keylen < 3)
|
||||
{
|
||||
/* At least we need 2 slashes and slot number. */
|
||||
log_error ("%s: ignoring invalid key\n", __func__);
|
||||
err = 0;
|
||||
goto leave;
|
||||
}
|
||||
|
||||
keybuf = xtrymalloc (keylen+1);
|
||||
if (!keybuf)
|
||||
{
|
||||
err = gpg_error_from_syserror ();
|
||||
goto leave;
|
||||
}
|
||||
memcpy (keybuf, key, keylen);
|
||||
keybuf[keylen] = 0;
|
||||
key = keybuf;
|
||||
|
||||
while (spacep (s))
|
||||
s++;
|
||||
pin = s;
|
||||
if (!*pin)
|
||||
{
|
||||
/* No value - flush the cache. The cache module knows aboput
|
||||
* the structure of the key to flush only parts. */
|
||||
log_debug ("%s: flushing cache '%s'\n", __func__, key);
|
||||
agent_put_cache (NULL, key, CACHE_MODE_PIN, NULL, -1);
|
||||
err = 0;
|
||||
goto leave;
|
||||
}
|
||||
|
||||
log_debug ("%s: caching '%s'->'%s'\n", __func__, key, pin);
|
||||
agent_put_cache (NULL, key, CACHE_MODE_PIN, pin, -1);
|
||||
err = 0;
|
||||
|
||||
leave:
|
||||
xfree (keybuf);
|
||||
return err;
|
||||
}
|
||||
|
||||
static gpg_error_t
|
||||
pass_status_thru (void *opaque, const char *line)
|
||||
{
|
||||
gpg_error_t err = 0;
|
||||
assuan_context_t ctx = opaque;
|
||||
char keyword[200];
|
||||
int i;
|
||||
|
||||
if (line[0] == '#' && (!line[1] || spacep (line+1)))
|
||||
{
|
||||
/* We are called in convey comments mode. Now, if we see a
|
||||
comment marker as keyword we forward the line verbatim to the
|
||||
the caller. This way the comment lines from scdaemon won't
|
||||
appear as status lines with keyword '#'. */
|
||||
assuan_write_line (ctx, line);
|
||||
}
|
||||
else
|
||||
{
|
||||
for (i=0; *line && !spacep (line) && i < DIM(keyword)-1; line++, i++)
|
||||
keyword[i] = *line;
|
||||
keyword[i] = 0;
|
||||
|
||||
/* Truncate any remaining keyword stuff. */
|
||||
for (; *line && !spacep (line); line++)
|
||||
;
|
||||
while (spacep (line))
|
||||
line++;
|
||||
|
||||
/* We do not want to pass PINCACHE_PUT through. */
|
||||
if (!strcmp (keyword, "PINCACHE_PUT"))
|
||||
err = handle_pincache_put (line);
|
||||
else
|
||||
assuan_write_status (ctx, keyword, line);
|
||||
}
|
||||
return err;
|
||||
}
|
||||
|
||||
static gpg_error_t
|
||||
pass_data_thru (void *opaque, const void *buffer, size_t length)
|
||||
{
|
||||
assuan_context_t ctx = opaque;
|
||||
|
||||
assuan_send_data (ctx, buffer, length);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
agent_tkd_cmd (ctrl_t ctrl, const char *cmdline)
|
||||
{
|
||||
int rc;
|
||||
struct inq_parm_s inqparm;
|
||||
int saveflag;
|
||||
|
||||
rc = start_tkd (ctrl);
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
inqparm.ctx = daemon_ctx (ctrl);
|
||||
inqparm.getpin_cb = pin_cb;
|
||||
inqparm.pin = NULL;
|
||||
|
||||
saveflag = assuan_get_flag (daemon_ctx (ctrl), ASSUAN_CONVEY_COMMENTS);
|
||||
assuan_set_flag (daemon_ctx (ctrl), ASSUAN_CONVEY_COMMENTS, 1);
|
||||
rc = assuan_transact (daemon_ctx (ctrl), cmdline,
|
||||
pass_data_thru, daemon_ctx (ctrl),
|
||||
inq_needpin, &inqparm,
|
||||
pass_status_thru, daemon_ctx (ctrl));
|
||||
|
||||
assuan_set_flag (daemon_ctx (ctrl), ASSUAN_CONVEY_COMMENTS, saveflag);
|
||||
|
||||
return unlock_tkd (ctrl, rc);
|
||||
}
|
||||
|
@ -2684,6 +2684,53 @@ cmd_scd (assuan_context_t ctx, char *line)
|
||||
}
|
||||
|
||||
|
||||
static const char hlp_tkd[] =
|
||||
"TKD <commands to pass to the tkdaemon>\n"
|
||||
" \n"
|
||||
"This is a general quote command to redirect everything to the\n"
|
||||
"TKdaemon.";
|
||||
static gpg_error_t
|
||||
cmd_tkd (assuan_context_t ctx, char *line)
|
||||
{
|
||||
int rc;
|
||||
#ifdef BUILD_WITH_TKDAEMON
|
||||
ctrl_t ctrl = assuan_get_pointer (ctx);
|
||||
|
||||
if (ctrl->restricted)
|
||||
{
|
||||
const char *argv[5];
|
||||
int argc;
|
||||
char *l;
|
||||
|
||||
l = xtrystrdup (line);
|
||||
if (!l)
|
||||
return gpg_error_from_syserror ();
|
||||
|
||||
argc = split_fields (l, argv, DIM (argv));
|
||||
|
||||
/* These commands are allowed. */
|
||||
if ((argc >= 1 && !strcmp (argv[0], "SLOTLIST"))
|
||||
|| (argc == 2
|
||||
&& !strcmp (argv[0], "GETINFO")
|
||||
&& !strcmp (argv[1], "version"))
|
||||
|| (argc == 2
|
||||
&& !strcmp (argv[0], "KEYINFO")
|
||||
&& !strcmp (argv[1], "--list=encr")))
|
||||
xfree (l);
|
||||
else
|
||||
{
|
||||
xfree (l);
|
||||
return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
|
||||
}
|
||||
}
|
||||
|
||||
rc = divert_tkd_cmd (ctrl, line);
|
||||
#else
|
||||
(void)ctx; (void)line;
|
||||
rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
|
||||
#endif
|
||||
return rc;
|
||||
}
|
||||
|
||||
static const char hlp_keywrap_key[] =
|
||||
"KEYWRAP_KEY [--clear] <mode>\n"
|
||||
@ -4234,6 +4281,7 @@ register_commands (assuan_context_t ctx)
|
||||
{ "INPUT", NULL },
|
||||
{ "OUTPUT", NULL },
|
||||
{ "SCD", cmd_scd, hlp_scd },
|
||||
{ "TKD", cmd_tkd, hlp_tkd },
|
||||
{ "KEYWRAP_KEY", cmd_keywrap_key, hlp_keywrap_key },
|
||||
{ "IMPORT_KEY", cmd_import_key, hlp_import_key },
|
||||
{ "EXPORT_KEY", cmd_export_key, hlp_export_key },
|
||||
|
@ -37,3 +37,9 @@ divert_tkd_pksign (ctrl_t ctrl, const unsigned char *digest, size_t digestlen,
|
||||
{
|
||||
return agent_tkd_pksign (ctrl, digest, digestlen, r_sig, r_siglen);
|
||||
}
|
||||
|
||||
int
|
||||
divert_tkd_cmd (ctrl_t ctrl, const char *cmdline)
|
||||
{
|
||||
return agent_tkd_cmd (ctrl, cmdline);
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user