1 /* agent.h - Global definitions for the agent
2 * Copyright (C) 2001, 2002, 2003, 2005, 2011 Free Software Foundation, Inc.
3 * Copyright (C) 2015 g10 Code GmbH.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
19 */
20
21 #ifndef AGENT_H
22 #define AGENT_H
23
24 #ifdef GPG_ERR_SOURCE_DEFAULT
25 #error GPG_ERR_SOURCE_DEFAULT already defined
26 #endif
27 #define GPG_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_GPGAGENT
28 #include <gpg-error.h>
29 #define map_assuan_err(a) \
30 map_assuan_err_with_source (GPG_ERR_SOURCE_DEFAULT, (a))
31 #include <errno.h>
32 #include <assuan.h>
33
34 #include <gcrypt.h>
35 #include "../common/util.h"
36 #include "../common/membuf.h"
37 #include "../common/sysutils.h" /* (gnupg_fd_t) */
38 #include "../common/session-env.h"
39 #include "../common/shareddefs.h"
40
41 /* To convey some special hash algorithms we use algorithm numbers
42 reserved for application use. */
43 #ifndef GCRY_MODULE_ID_USER
44 #define GCRY_MODULE_ID_USER 1024
45 #endif
46 #define MD_USER_TLS_MD5SHA1 (GCRY_MODULE_ID_USER+1)
47
48 /* Maximum length of a digest. */
49 #define MAX_DIGEST_LEN 64
50
51 /* The maximum length of a passphrase (in bytes). Note: this is
52 further constrained by the Assuan line length (and any other text on
53 the same line). However, the Assuan line length is 1k bytes so
54 this shouldn't be a problem in practice. */
55 #define MAX_PASSPHRASE_LEN 255
56
57 /* The daemons we support. When you add a new daemon, add to
58 both the daemon_type and the daemon_modules array in call-daemon.c */
59 enum daemon_type
60 {
61 DAEMON_SCD,
62 DAEMON_TPM2D,
63 DAEMON_MAX_TYPE
64 };
65
66 /* A large struct name "opt" to keep global flags */
67 EXTERN_UNLESS_MAIN_MODULE
68 struct
69 {
70 unsigned int debug; /* Debug flags (DBG_foo_VALUE) */
71 int verbose; /* Verbosity level */
72 int quiet; /* Be as quiet as possible */
73 int dry_run; /* Don't change any persistent data */
74 int batch; /* Batch mode */
75
76 /* True if we handle sigusr2. */
77 int sigusr2_enabled;
78
79 /* Environment settings gathered at program start or changed using the
80 Assuan command UPDATESTARTUPTTY. */
81 session_env_t startup_env;
82 char *startup_lc_ctype;
83 char *startup_lc_messages;
84
85 /* Enable pinentry debugging (--debug 1024 should also be used). */
86 int debug_pinentry;
87
88 /* Filename of the program to start as pinentry. */
89 const char *pinentry_program;
90
91 /* Filename of the program to handle daemon tasks. */
92 const char *daemon_program[DAEMON_MAX_TYPE];
93
94 int disable_daemon[DAEMON_MAX_TYPE]; /* Never use the daemon. */
95
96 int no_grab; /* Don't let the pinentry grab the keyboard */
97
98 /* The name of the file pinentry shall touch before exiting. If
99 this is not set the file name of the standard socket is used. */
100 const char *pinentry_touch_file;
101
102 /* A string where the first character is used by the pinentry as a
103 custom invisible character. */
104 char *pinentry_invisible_char;
105
106 /* The timeout value for the Pinentry in seconds. This is passed to
107 the pinentry if it is not 0. It is up to the pinentry to act
108 upon this timeout value. */
109 unsigned long pinentry_timeout;
110
111 /* If set, then passphrase formatting is enabled in pinentry. */
112 int pinentry_formatted_passphrase;
113
114 /* The default and maximum TTL of cache entries. */
115 unsigned long def_cache_ttl; /* Default. */
116 unsigned long def_cache_ttl_ssh; /* for SSH. */
117 unsigned long max_cache_ttl; /* Default. */
118 unsigned long max_cache_ttl_ssh; /* for SSH. */
119
120 /* Flag disallowing bypassing of the warning. */
121 int enforce_passphrase_constraints;
122
123 /* The require minmum length of a passphrase. */
124 unsigned int min_passphrase_len;
125
126 /* The minimum number of non-alpha characters in a passphrase. */
127 unsigned int min_passphrase_nonalpha;
128
129 /* File name with a patternfile or NULL if not enabled. If the
130 * second one is set, it is used for symmetric only encryption
131 * instead of the former. */
132 const char *check_passphrase_pattern;
133 const char *check_sym_passphrase_pattern;
134
135 /* If not 0 the user is asked to change his passphrase after these
136 number of days. */
137 unsigned int max_passphrase_days;
138
139 /* If set, a passphrase history will be written and checked at each
140 passphrase change. */
141 int enable_passphrase_history;
142
143 /* If set the extended key format is used for new keys. Note that
144 * this may have the value 2 in which case
145 * --disable-extended-key-format won't have any effect and thus
146 * effectivley locking it. This is required to support existing
147 * profiles which lock the use of --enable-extended-key-format. */
148 int enable_extended_key_format;
149
150 int running_detached; /* We are running detached from the tty. */
151
152 /* If this global option is true, the passphrase cache is ignored
153 for signing operations. */
154 int ignore_cache_for_signing;
155
156 /* If this global option is true, the user is allowed to
157 interactively mark certificate in trustlist.txt as trusted. */
158 int allow_mark_trusted;
159
160 /* If this global option is true, the Assuan command
161 PRESET_PASSPHRASE is allowed. */
162 int allow_preset_passphrase;
163
164 /* If this global option is true, the Assuan option
165 pinentry-mode=loopback is allowed. */
166 int allow_loopback_pinentry;
167
168 /* Allow the use of an external password cache. If this option is
169 enabled (which is the default) we send an option to Pinentry
170 to allow it to enable such a cache. */
171 int allow_external_cache;
172
173 /* If this global option is true, the Assuan option of Pinentry
174 allow-emacs-prompt is allowed. */
175 int allow_emacs_pinentry;
176
177 int keep_tty; /* Don't switch the TTY (for pinentry) on request */
178 int keep_display; /* Don't switch the DISPLAY (for pinentry) on request */
179
180 /* This global option indicates the use of an extra socket. Note
181 that we use a hack for cleanup handling in gpg-agent.c: If the
182 value is less than 2 the name has not yet been malloced. */
183 int extra_socket;
184
185 /* This global option indicates the use of an extra socket for web
186 browsers. Note that we use a hack for cleanup handling in
187 gpg-agent.c: If the value is less than 2 the name has not yet
188 been malloced. */
189 int browser_socket;
190
191 /* The digest algorithm to use for ssh fingerprints when
192 * communicating with the user. */
193 int ssh_fingerprint_digest;
194
195 /* The value of the option --s2k-count. If this option is not given
196 * or 0 an auto-calibrated value is used. */
197 unsigned long s2k_count;
198 } opt;
199
200
201 /* Bit values for the --debug option. */
202 #define DBG_MPI_VALUE 2 /* debug mpi details */
203 #define DBG_CRYPTO_VALUE 4 /* debug low level crypto */
204 #define DBG_MEMORY_VALUE 32 /* debug memory allocation stuff */
205 #define DBG_CACHE_VALUE 64 /* debug the caching */
206 #define DBG_MEMSTAT_VALUE 128 /* show memory statistics */
207 #define DBG_HASHING_VALUE 512 /* debug hashing operations */
208 #define DBG_IPC_VALUE 1024 /* Enable Assuan debugging. */
209
210 /* Test macros for the debug option. */
211 #define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE)
212 #define DBG_MEMORY (opt.debug & DBG_MEMORY_VALUE)
213 #define DBG_CACHE (opt.debug & DBG_CACHE_VALUE)
214 #define DBG_HASHING (opt.debug & DBG_HASHING_VALUE)
215 #define DBG_IPC (opt.debug & DBG_IPC_VALUE)
216
217 /* Forward reference for local definitions in command.c. */
218 struct server_local_s;
219
220 /* Declaration of objects from command-ssh.c. */
221 struct ssh_control_file_s;
222 typedef struct ssh_control_file_s *ssh_control_file_t;
223
224 /* Forward reference for local definitions in call-scd.c. */
225 struct daemon_local_s;
226
227 /* Collection of data per session (aka connection). */
228 struct server_control_s
229 {
230 /* Private data used to fire up the connection thread. We use this
231 structure do avoid an extra allocation for only a few bytes while
232 spawning a new connection thread. */
233 struct {
234 gnupg_fd_t fd;
235 } thread_startup;
236
237 /* Flag indicating the connection is run in restricted mode.
238 A value of 1 if used for --extra-socket,
239 a value of 2 is used for --browser-socket. */
240 int restricted;
241
242 /* Private data of the server (command.c). */
243 struct server_local_s *server_local;
244
245 /* Private data of the daemon (call-XXX.c). */
246 struct daemon_local_s *d_local[DAEMON_MAX_TYPE];
247
248 /* Environment settings for the connection. */
249 session_env_t session_env;
250 char *lc_ctype;
251 char *lc_messages;
252 unsigned long client_pid;
253 int client_uid;
254
255 /* The current pinentry mode. */
256 pinentry_mode_t pinentry_mode;
257
258 /* The TTL used for the --preset option of certain commands. */
259 int cache_ttl_opt_preset;
260
261 /* Information on the currently used digest (for signing commands). */
262 struct {
263 char *data; /* NULL or malloced data of length VALUELEN. If
264 this is set the other fields are ignored. Used
265 for PureEdDSA and RSA with PSS (in which case
266 data_is_pss is also set). */
267 int valuelen;
268 int algo;
269 unsigned char value[MAX_DIGEST_LEN];
270 unsigned int raw_value: 1;
271 unsigned int is_pss: 1; /* DATA holds PSS formated data. */
272 } digest;
273 unsigned char keygrip[20];
274 int have_keygrip;
275
276 /* A flag to enable a hack to send the PKAUTH command instead of the
277 PKSIGN command to the scdaemon. */
278 int use_auth_call;
279
280 /* A flag to inhibit enforced passphrase change during an explicit
281 passwd command. */
282 int in_passwd;
283
284 /* The current S2K which might be different from the calibrated
285 count. */
286 unsigned long s2k_count;
287
288 /* If pinentry is active for this thread. It can be more than 1,
289 when pinentry is called recursively. */
290 int pinentry_active;
291 };
292
293
294 /* Status of pinentry. */
295 enum
296 {
297 PINENTRY_STATUS_CLOSE_BUTTON = 1 << 0,
298 PINENTRY_STATUS_PIN_REPEATED = 1 << 8,
299 PINENTRY_STATUS_PASSWORD_FROM_CACHE = 1 << 9,
300 PINENTRY_STATUS_PASSWORD_GENERATED = 1 << 10
301 };
302
303 /* Information pertaining to pinentry requests. */
304 struct pin_entry_info_s
305 {
306 int min_digits; /* min. number of digits required or 0 for freeform entry */
307 int max_digits; /* max. number of allowed digits allowed*/
308 int max_tries; /* max. number of allowed tries. */
309 unsigned int constraints_flags; /* CHECK_CONSTRAINTS_... */
310 int failed_tries; /* Number of tries so far failed. */
311 int with_qualitybar; /* Set if the quality bar should be displayed. */
312 int with_repeat; /* Request repetition of the passphrase. */
313 int repeat_okay; /* Repetition worked. */
314 unsigned int status; /* Status. */
315 gpg_error_t (*check_cb)(struct pin_entry_info_s *); /* CB used to check
316 the PIN */
317 void *check_cb_arg; /* optional argument which might be of use in the CB */
318 const char *cb_errtext; /* used by the cb to display a specific error */
319 size_t max_length; /* Allocated length of the buffer PIN. */
320 char pin[1]; /* The buffer to hold the PIN or passphrase.
321 It's actual allocated length is given by
322 MAX_LENGTH (above). */
323 };
324
325
326 /* Types of the private keys. */
327 enum
328 {
329 PRIVATE_KEY_UNKNOWN = 0, /* Type of key is not known. */
330 PRIVATE_KEY_CLEAR = 1, /* The key is not protected. */
331 PRIVATE_KEY_PROTECTED = 2, /* The key is protected. */
332 PRIVATE_KEY_SHADOWED = 3, /* The key is a stub for a smartcard
333 based key. */
334 PROTECTED_SHARED_SECRET = 4, /* RFU. */
335 PRIVATE_KEY_OPENPGP_NONE = 5 /* openpgp-native with protection "none". */
336 };
337
338
339 /* Values for the cache_mode arguments. */
340 typedef enum
341 {
342 CACHE_MODE_IGNORE = 0, /* Special mode to bypass the cache. */
343 CACHE_MODE_ANY, /* Any mode except ignore and data matches. */
344 CACHE_MODE_NORMAL, /* Normal cache (gpg-agent). */
345 CACHE_MODE_USER, /* GET_PASSPHRASE related cache. */
346 CACHE_MODE_SSH, /* SSH related cache. */
347 CACHE_MODE_NONCE, /* This is a non-predictable nonce. */
348 CACHE_MODE_PIN, /* PINs stored/retrieved by scdaemon. */
349 CACHE_MODE_DATA /* Arbitrary data. */
350 }
351 cache_mode_t;
352
353 /* The TTL is seconds used for adding a new nonce mode cache item. */
354 #define CACHE_TTL_NONCE 120
355
356 /* The TTL in seconds used by the --preset option of some commands.
357 This is the default value changeable by an OPTION command. */
358 #define CACHE_TTL_OPT_PRESET 900
359
360
361 /* The type of a function to lookup a TTL by a keygrip. */
362 typedef int (*lookup_ttl_t)(const char *hexgrip);
363
364
365 /* This is a special version of the usual _() gettext macro. It
366 assumes a server connection control variable with the name "ctrl"
367 and uses that to translate a string according to the locale set for
368 the connection. The macro LunderscoreIMPL is used by i18n to
369 actually define the inline function when needed. */
370 #if defined (ENABLE_NLS) || defined (USE_SIMPLE_GETTEXT)
371 #define L_(a) agent_Lunderscore (ctrl, (a))
372 #define LunderscorePROTO \
373 static inline const char *agent_Lunderscore (ctrl_t ctrl, \
374 const char *string) \
375 GNUPG_GCC_ATTR_FORMAT_ARG(2);
376 #define LunderscoreIMPL \
377 static inline const char * \
378 agent_Lunderscore (ctrl_t ctrl, const char *string) \
379 { \
380 return ctrl? i18n_localegettext (ctrl->lc_messages, string) \
381 /* */: gettext (string); \
382 }
383 #else
384 #define L_(a) (a)
385 #endif
386
387
388 /* Information from scdaemon for card keys. */
389 struct card_key_info_s
390 {
391 struct card_key_info_s *next;
392 char keygrip[41];
393 char *serialno;
394 char *idstr;
395 };
396
397 /*-- gpg-agent.c --*/
398 void agent_exit (int rc)
399 GPGRT_ATTR_NORETURN; /* Also implemented in other tools */
400 void agent_set_progress_cb (void (*cb)(ctrl_t ctrl, const char *what,
401 int printchar, int current, int total),
402 ctrl_t ctrl);
403 gpg_error_t agent_copy_startup_env (ctrl_t ctrl);
404 const char *get_agent_socket_name (void);
405 const char *get_agent_ssh_socket_name (void);
406 int get_agent_active_connection_count (void);
407 #ifdef HAVE_W32_SYSTEM
408 void *get_agent_daemon_notify_event (void);
409 #endif
410 void agent_sighup_action (void);
411 int map_pk_openpgp_to_gcry (int openpgp_algo);
412
413 /*-- command.c --*/
414 gpg_error_t agent_inq_pinentry_launched (ctrl_t ctrl, unsigned long pid,
415 const char *extra);
416 gpg_error_t agent_write_status (ctrl_t ctrl, const char *keyword, ...)
417 GPGRT_ATTR_SENTINEL(0);
418 gpg_error_t agent_print_status (ctrl_t ctrl, const char *keyword,
419 const char *format, ...)
420 GPGRT_ATTR_PRINTF(3,4);
421 void bump_key_eventcounter (void);
422 void bump_card_eventcounter (void);
423 void start_command_handler (ctrl_t, gnupg_fd_t, gnupg_fd_t);
424 gpg_error_t pinentry_loopback (ctrl_t, const char *keyword,
425 unsigned char **buffer, size_t *size,
426 size_t max_length);
427 gpg_error_t pinentry_loopback_confirm (ctrl_t ctrl, const char *desc,
428 int ask_confirmation,
429 const char *ok, const char *notok);
430
431 #ifdef HAVE_W32_SYSTEM
432 int serve_mmapped_ssh_request (ctrl_t ctrl,
433 unsigned char *request, size_t maxreqlen);
434 #endif /*HAVE_W32_SYSTEM*/
435
436 /*-- command-ssh.c --*/
437 ssh_control_file_t ssh_open_control_file (void);
438 void ssh_close_control_file (ssh_control_file_t cf);
439 gpg_error_t ssh_read_control_file (ssh_control_file_t cf,
440 char *r_hexgrip, int *r_disabled,
441 int *r_ttl, int *r_confirm);
442 gpg_error_t ssh_search_control_file (ssh_control_file_t cf,
443 const char *hexgrip,
444 int *r_disabled,
445 int *r_ttl, int *r_confirm);
446
447 void start_command_handler_ssh (ctrl_t, gnupg_fd_t);
448
449 /*-- findkey.c --*/
450 gpg_error_t agent_modify_description (const char *in, const char *comment,
451 const gcry_sexp_t key, char **result);
452 int agent_write_private_key (const unsigned char *grip,
453 const void *buffer, size_t length, int force,
454 const char *serialno, const char *keyref,
455 time_t timestamp);
456 gpg_error_t agent_key_from_file (ctrl_t ctrl,
457 const char *cache_nonce,
458 const char *desc_text,
459 const unsigned char *grip,
460 unsigned char **shadow_info,
461 cache_mode_t cache_mode,
462 lookup_ttl_t lookup_ttl,
463 gcry_sexp_t *result,
464 char **r_passphrase);
465 gpg_error_t agent_raw_key_from_file (ctrl_t ctrl, const unsigned char *grip,
466 gcry_sexp_t *result);
467 gpg_error_t agent_public_key_from_file (ctrl_t ctrl,
468 const unsigned char *grip,
469 gcry_sexp_t *result);
470 int agent_pk_get_algo (gcry_sexp_t s_key);
471 int agent_is_tpm2_key(gcry_sexp_t s_key);
472 int agent_key_available (const unsigned char *grip);
473 gpg_error_t agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip,
474 int *r_keytype,
475 unsigned char **r_shadow_info,
476 unsigned char **r_shadow_info_type);
477 gpg_error_t agent_delete_key (ctrl_t ctrl, const char *desc_text,
478 const unsigned char *grip,
479 int force, int only_stubs);
480
481 /*-- call-pinentry.c --*/
482 void initialize_module_call_pinentry (void);
483 void agent_query_dump_state (void);
484 void agent_reset_query (ctrl_t ctrl);
485 int pinentry_active_p (ctrl_t ctrl, int waitseconds);
486 gpg_error_t agent_askpin (ctrl_t ctrl,
487 const char *desc_text, const char *prompt_text,
488 const char *inital_errtext,
489 struct pin_entry_info_s *pininfo,
490 const char *keyinfo, cache_mode_t cache_mode);
491 int agent_get_passphrase (ctrl_t ctrl, char **retpass,
492 const char *desc, const char *prompt,
493 const char *errtext, int with_qualitybar,
494 const char *keyinfo, cache_mode_t cache_mode,
495 struct pin_entry_info_s *pininfo);
496 int agent_get_confirmation (ctrl_t ctrl, const char *desc, const char *ok,
497 const char *notokay, int with_cancel);
498 int agent_show_message (ctrl_t ctrl, const char *desc, const char *ok_btn);
499 int agent_popup_message_start (ctrl_t ctrl,
500 const char *desc, const char *ok_btn);
501 void agent_popup_message_stop (ctrl_t ctrl);
502 int agent_clear_passphrase (ctrl_t ctrl,
503 const char *keyinfo, cache_mode_t cache_mode);
504
505 /*-- cache.c --*/
506 void initialize_module_cache (void);
507 void deinitialize_module_cache (void);
508 void agent_cache_housekeeping (void);
509 void agent_flush_cache (int pincache_only);
510 int agent_put_cache (ctrl_t ctrl, const char *key, cache_mode_t cache_mode,
511 const char *data, int ttl);
512 char *agent_get_cache (ctrl_t ctrl, const char *key, cache_mode_t cache_mode);
513 void agent_store_cache_hit (const char *key);
514
515
516 /*-- pksign.c --*/
517 gpg_error_t agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
518 const char *desc_text,
519 gcry_sexp_t *signature_sexp,
520 cache_mode_t cache_mode, lookup_ttl_t lookup_ttl,
521 const void *overridedata, size_t overridedatalen);
522 gpg_error_t agent_pksign (ctrl_t ctrl, const char *cache_nonce,
523 const char *desc_text,
524 membuf_t *outbuf, cache_mode_t cache_mode);
525
526 /*-- pkdecrypt.c --*/
527 gpg_error_t agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
528 const unsigned char *ciphertext, size_t ciphertextlen,
529 membuf_t *outbuf, int *r_padding);
530
531 /*-- genkey.c --*/
532 #define CHECK_CONSTRAINTS_NOT_EMPTY 1
533 #define CHECK_CONSTRAINTS_NEW_SYMKEY 2
534
535 int check_passphrase_constraints (ctrl_t ctrl, const char *pw,
536 unsigned int flags,
537 char **failed_constraint);
538 gpg_error_t agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt,
539 char **r_passphrase);
540 int agent_genkey (ctrl_t ctrl, const char *cache_nonce, time_t timestamp,
541 const char *keyparam, size_t keyparmlen,
542 int no_protection, const char *override_passphrase,
543 int preset, membuf_t *outbuf);
544 gpg_error_t agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey,
545 char **passphrase_addr);
546
547 /*-- protect.c --*/
548 void set_s2k_calibration_time (unsigned int milliseconds);
549 unsigned long get_calibrated_s2k_count (void);
550 unsigned long get_standard_s2k_count (void);
551 unsigned char get_standard_s2k_count_rfc4880 (void);
552 unsigned long get_standard_s2k_time (void);
553 int agent_protect (const unsigned char *plainkey, const char *passphrase,
554 unsigned char **result, size_t *resultlen,
555 unsigned long s2k_count, int use_ocb);
556 gpg_error_t agent_unprotect (ctrl_t ctrl,
557 const unsigned char *protectedkey, const char *passphrase,
558 gnupg_isotime_t protected_at,
559 unsigned char **result, size_t *resultlen);
560 int agent_private_key_type (const unsigned char *privatekey);
561 unsigned char *make_shadow_info (const char *serialno, const char *idstring);
562 int agent_shadow_key (const unsigned char *pubkey,
563 const unsigned char *shadow_info,
564 unsigned char **result);
565 int agent_shadow_key_type (const unsigned char *pubkey,
566 const unsigned char *shadow_info,
567 const unsigned char *type,
568 unsigned char **result);
569 gpg_error_t agent_get_shadow_info (const unsigned char *shadowkey,
570 unsigned char const **shadow_info);
571 gpg_error_t agent_get_shadow_info_type (const unsigned char *shadowkey,
572 unsigned char const **shadow_info,
573 unsigned char **shadow_type);
574 gpg_error_t parse_shadow_info (const unsigned char *shadow_info,
575 char **r_hexsn, char **r_idstr, int *r_pinlen);
576 gpg_error_t s2k_hash_passphrase (const char *passphrase, int hashalgo,
577 int s2kmode,
578 const unsigned char *s2ksalt,
579 unsigned int s2kcount,
580 unsigned char *key, size_t keylen);
581 gpg_error_t agent_write_shadow_key (const unsigned char *grip,
582 const char *serialno, const char *keyid,
583 const unsigned char *pkbuf, int force);
584
585
586 /*-- trustlist.c --*/
587 void initialize_module_trustlist (void);
588 gpg_error_t agent_istrusted (ctrl_t ctrl, const char *fpr, int *r_disabled);
589 gpg_error_t agent_listtrusted (void *assuan_context);
590 gpg_error_t agent_marktrusted (ctrl_t ctrl, const char *name,
591 const char *fpr, int flag);
592 void agent_reload_trustlist (void);
593
594 /*-- divert-tpm2.c --*/
595 #ifdef HAVE_LIBTSS
596 int divert_tpm2_pksign (ctrl_t ctrl, const char *desc_text,
597 const unsigned char *digest, size_t digestlen, int algo,
598 const unsigned char *shadow_info, unsigned char **r_sig,
599 size_t *r_siglen);
600 int divert_tpm2_pkdecrypt (ctrl_t ctrl, const char *desc_text,
601 const unsigned char *cipher,
602 const unsigned char *shadow_info,
603 char **r_buf, size_t *r_len, int *r_padding);
604 int divert_tpm2_writekey (ctrl_t ctrl, const unsigned char *grip,
605 gcry_sexp_t s_skey);
606 #else /*!HAVE_LIBTSS*/
607 static inline int
divert_tpm2_pksign(ctrl_t ctrl,const char * desc_text,const unsigned char * digest,size_t digestlen,int algo,const unsigned char * shadow_info,unsigned char ** r_sig,size_t * r_siglen)608 divert_tpm2_pksign (ctrl_t ctrl, const char *desc_text,
609 const unsigned char *digest,
610 size_t digestlen, int algo,
611 const unsigned char *shadow_info,
612 unsigned char **r_sig,
613 size_t *r_siglen)
614 {
615 (void)ctrl; (void)desc_text; (void)digest; (void)digestlen;
616 (void)algo; (void)shadow_info; (void)r_sig; (void)r_siglen;
617 return gpg_error (GPG_ERR_NOT_SUPPORTED);
618 }
619 static inline int
divert_tpm2_pkdecrypt(ctrl_t ctrl,const char * desc_text,const unsigned char * cipher,const unsigned char * shadow_info,char ** r_buf,size_t * r_len,int * r_padding)620 divert_tpm2_pkdecrypt (ctrl_t ctrl, const char *desc_text,
621 const unsigned char *cipher,
622 const unsigned char *shadow_info,
623 char **r_buf, size_t *r_len,
624 int *r_padding)
625 {
626 (void)ctrl; (void)desc_text; (void)cipher; (void)shadow_info;
627 (void)r_buf; (void)r_len; (void)r_padding;
628 return gpg_error (GPG_ERR_NOT_SUPPORTED);
629 }
630 static inline int
divert_tpm2_writekey(ctrl_t ctrl,const unsigned char * grip,gcry_sexp_t s_skey)631 divert_tpm2_writekey (ctrl_t ctrl, const unsigned char *grip,
632 gcry_sexp_t s_skey)
633 {
634 (void)ctrl; (void)grip; (void)s_skey;
635 return gpg_error (GPG_ERR_NOT_SUPPORTED);
636 }
637 #endif /*!HAVE_LIBTSS*/
638
639
640
641 /*-- divert-scd.c --*/
642 int divert_pksign (ctrl_t ctrl, const char *desc_text,
643 const unsigned char *grip,
644 const unsigned char *digest, size_t digestlen, int algo,
645 const unsigned char *shadow_info, unsigned char **r_sig,
646 size_t *r_siglen);
647 int divert_pkdecrypt (ctrl_t ctrl, const char *desc_text,
648 const unsigned char *grip,
649 const unsigned char *cipher,
650 const unsigned char *shadow_info,
651 char **r_buf, size_t *r_len, int *r_padding);
652 int divert_generic_cmd (ctrl_t ctrl,
653 const char *cmdline, void *assuan_context);
654 gpg_error_t divert_writekey (ctrl_t ctrl, int force, const char *serialno,
655 const char *keyref,
656 const char *keydata, size_t keydatalen);
657
658 /*-- call-daemon.c --*/
659 gpg_error_t daemon_start (enum daemon_type type, ctrl_t ctrl);
660 assuan_context_t daemon_type_ctx (enum daemon_type type, ctrl_t ctrl);
661 gpg_error_t daemon_unlock (enum daemon_type type, ctrl_t ctrl, gpg_error_t rc);
662 void initialize_module_daemon (void);
663 void agent_daemon_dump_state (void);
664 int agent_daemon_check_running (enum daemon_type type);
665 void agent_daemon_check_aliveness (void);
666 void agent_reset_daemon (ctrl_t ctrl);
667 void agent_kill_daemon (enum daemon_type type);
668
669 /*-- call-tpm2d.c --*/
670 int agent_tpm2d_writekey (ctrl_t ctrl, unsigned char **shadow_info,
671 gcry_sexp_t s_skey);
672 int agent_tpm2d_pksign (ctrl_t ctrl, const unsigned char *digest,
673 size_t digestlen, const unsigned char *shadow_info,
674 unsigned char **r_sig, size_t *r_siglen);
675 int agent_tpm2d_pkdecrypt (ctrl_t ctrl, const unsigned char *cipher,
676 size_t cipherlen, const unsigned char *shadow_info,
677 char **r_buf, size_t *r_len);
678
679 /*-- call-scd.c --*/
680 int agent_card_learn (ctrl_t ctrl,
681 void (*kpinfo_cb)(void*, const char *),
682 void *kpinfo_cb_arg,
683 void (*certinfo_cb)(void*, const char *),
684 void *certinfo_cb_arg,
685 void (*sinfo_cb)(void*, const char *,
686 size_t, const char *),
687 void *sinfo_cb_arg);
688 int agent_card_serialno (ctrl_t ctrl, char **r_serialno, const char *demand);
689 int agent_card_pksign (ctrl_t ctrl,
690 const char *keyid,
691 int (*getpin_cb)(void *, const char *,
692 const char *, char*, size_t),
693 void *getpin_cb_arg,
694 const char *desc_text,
695 int mdalgo,
696 const unsigned char *indata, size_t indatalen,
697 unsigned char **r_buf, size_t *r_buflen);
698 int agent_card_pkdecrypt (ctrl_t ctrl,
699 const char *keyid,
700 int (*getpin_cb)(void *, const char *,
701 const char *, char*,size_t),
702 void *getpin_cb_arg,
703 const char *desc_text,
704 const unsigned char *indata, size_t indatalen,
705 char **r_buf, size_t *r_buflen, int *r_padding);
706 int agent_card_readcert (ctrl_t ctrl,
707 const char *id, char **r_buf, size_t *r_buflen);
708 int agent_card_readkey (ctrl_t ctrl, const char *id,
709 unsigned char **r_buf, char **r_keyref);
710 gpg_error_t agent_card_writekey (ctrl_t ctrl, int force, const char *serialno,
711 const char *keyref,
712 const char *keydata, size_t keydatalen,
713 int (*getpin_cb)(void *, const char *,
714 const char *, char*, size_t),
715 void *getpin_cb_arg);
716 gpg_error_t agent_card_getattr (ctrl_t ctrl, const char *name, char **result,
717 const char *keygrip);
718 int agent_card_scd (ctrl_t ctrl, const char *cmdline,
719 int (*getpin_cb)(void *, const char *,
720 const char *, char*, size_t),
721 void *getpin_cb_arg, void *assuan_context);
722
723 void agent_card_free_keyinfo (struct card_key_info_s *l);
724 gpg_error_t agent_card_keyinfo (ctrl_t ctrl, const char *keygrip,
725 int cap, struct card_key_info_s **result);
726
727
728 /*-- learncard.c --*/
729 int agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force);
730
731
732 /*-- cvt-openpgp.c --*/
733 gpg_error_t
734 extract_private_key (gcry_sexp_t s_key, int req_private_key_data,
735 const char **r_algoname, int *r_npkey, int *r_nskey,
736 const char **r_format,
737 gcry_mpi_t *mpi_array, int arraysize,
738 gcry_sexp_t *r_curve, gcry_sexp_t *r_flags);
739
740 /*-- sexp-secret.c --*/
741 gpg_error_t fixup_when_ecc_private_key (unsigned char *buf, size_t *buflen_p);
742 gpg_error_t sexp_sscan_private_key (gcry_sexp_t *result, size_t *r_erroff,
743 unsigned char *buf);
744
745 #endif /*AGENT_H*/
746