1
1
/* gpgsm.h - Global definitions for GpgSM
2
* Copyright (C) 2001, 2003, 2004 Free Software Foundation, Inc.
2
* Copyright (C) 2001, 2003, 2004, 2007 Free Software Foundation, Inc.
4
4
* This file is part of GnuPG.
6
6
* GnuPG is free software; you can redistribute it and/or modify
7
7
* it under the terms of the GNU General Public License as published by
8
* the Free Software Foundation; either version 2 of the License, or
8
* the Free Software Foundation; either version 3 of the License, or
9
9
* (at your option) any later version.
11
11
* GnuPG is distributed in the hope that it will be useful,
14
14
* GNU General Public License for more details.
16
16
* You should have received a copy of the GNU General Public License
17
* along with this program; if not, write to the Free Software
18
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
17
* along with this program; if not, see <http://www.gnu.org/licenses/>.
27
26
#define GPG_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_GPGSM
28
27
#include <gpg-error.h>
29
#define map_assuan_err(a) \
30
map_assuan_err_with_source (GPG_ERR_SOURCE_DEFAULT, (a))
34
31
#include "../common/util.h"
35
#include "../common/errors.h"
37
#define OUT_OF_CORE(a) (gpg_error (gpg_err_code_from_errno ((a))))
32
#include "../common/status.h"
33
#include "../common/estream.h"
34
#include "../common/audit.h"
39
36
#define MAX_DIGEST_LEN 24
41
/* A large struct named "opt" to keep global flags */
38
/* A large struct named "opt" to keep global flags. */
43
41
unsigned int debug; /* debug flags (DBG_foo_VALUE) */
44
42
int verbose; /* verbosity level */
45
43
int quiet; /* be as quiet as possible */
58
char *pinentry_user_data;
60
60
const char *dirmngr_program;
61
61
int prefer_system_dirmngr; /* Prefer using a system wide drimngr. */
62
int disable_dirmngr; /* Do not do any dirmngr calls. */
62
63
const char *protect_tool_program;
63
64
char *outfile; /* name of output file */
75
76
int armor; /* force base64 armoring (see also ctrl.with_base64) */
76
77
int no_armor; /* don't try to figure out whether data is base64 armored*/
79
const char *p12_charset; /* Use this charset for encoding the
80
pkcs#12 passphrase. */
78
83
const char *def_cipher_algoid; /* cipher algorithm to use if
79
84
nothing else is specified */
89
94
char *local_user; /* NULL or argument to -u */
96
int extra_digest_algo; /* A digest algorithm also used for
97
verification of signatures. */
91
99
int always_trust; /* Trust the given keys even if there is no
92
100
valid certification chain */
93
101
int skip_verify; /* do not check signatures on data */
134
143
#define DBG_HASHING (opt.debug & DBG_HASHING_VALUE)
135
144
#define DBG_ASSUAN (opt.debug & DBG_ASSUAN_VALUE)
146
/* Forward declaration for an object defined in server.c */
137
147
struct server_local_s;
139
/* Note that the default values for this are set by
140
gpgsm_init_default_ctrl() */
141
struct server_control_s {
149
/* Session control object. This object is passed down to most
150
functions. Note that the default values for it are set by
151
gpgsm_init_default_ctrl(). */
152
struct server_control_s
142
154
int no_server; /* We are not running under server control */
143
155
int status_fd; /* Only for non-server mode */
144
156
struct server_local_s *server_local;
158
audit_ctx_t audit; /* NULL or a context for the audit subsystem. */
159
int agent_seen; /* Flag indicating that the gpg-agent has been
161
int dirmngr_seen; /* Flag indicating that the dirmngr has been
145
164
int with_colons; /* Use column delimited output format */
146
165
int with_chain; /* Include the certifying certs in a listing */
147
166
int with_validation;/* Validate each key while listing. */
159
178
certificates up the chain (0 = none, 1 = only
161
180
int use_ocsp; /* Set to true if OCSP should be used. */
181
int validation_model; /* Set to 1 for the chain model. */
163
typedef struct server_control_s *CTRL;
164
typedef struct server_control_s *ctrl_t;
166
/* data structure used in base64.c */
185
/* Data structure used in base64.c. */
167
186
typedef struct base64_context_s *Base64Context;
189
/* An object to keep a list of certificates. */
171
192
struct certlist_s *next;
172
193
ksba_cert_t cert;
173
194
int is_encrypt_to; /* True if the certificate has been set through
174
195
the --encrypto-to option. */
176
typedef struct certlist_s *CERTLIST;
177
197
typedef struct certlist_s *certlist_t;
200
/* A structure carrying information about trusted root certificates. */
201
struct rootca_flags_s
203
unsigned int valid:1; /* The rest of the structure has valid
205
unsigned int relax:1; /* Relax checking of root certificates. */
206
unsigned int chain_model:1; /* Root requires the use of the chain model. */
179
211
/*-- gpgsm.c --*/
180
212
void gpgsm_exit (int rc);
181
213
void gpgsm_init_default_ctrl (struct server_control_s *ctrl);
214
int gpgsm_parse_validation_model (const char *model);
183
216
/*-- server.c --*/
184
217
void gpgsm_server (certlist_t default_recplist);
186
219
gpg_error_t gpgsm_status2 (ctrl_t ctrl, int no, ...);
187
220
gpg_error_t gpgsm_status_with_err_code (ctrl_t ctrl, int no, const char *text,
188
221
gpg_err_code_t ec);
222
gpg_error_t gpgsm_proxy_pinentry_notify (ctrl_t ctrl,
223
const unsigned char *line);
190
225
/*-- fingerprint --*/
191
226
unsigned char *gpgsm_get_fingerprint (ksba_cert_t cert, int algo,
206
241
int gpgsm_reader_eof_seen (Base64Context ctx);
207
242
void gpgsm_destroy_reader (Base64Context ctx);
208
243
int gpgsm_create_writer (Base64Context *ctx,
209
ctrl_t ctrl, FILE *fp, ksba_writer_t *r_writer);
244
ctrl_t ctrl, FILE *fp, estream_t stream,
245
ksba_writer_t *r_writer);
210
246
int gpgsm_finish_writer (Base64Context ctx);
211
247
void gpgsm_destroy_writer (Base64Context ctx);
214
250
/*-- certdump.c --*/
215
void gpgsm_print_serial (FILE *fp, ksba_const_sexp_t p);
216
void gpgsm_print_time (FILE *fp, ksba_isotime_t t);
251
void gpgsm_print_serial (estream_t fp, ksba_const_sexp_t p);
252
void gpgsm_print_time (estream_t fp, ksba_isotime_t t);
217
253
void gpgsm_print_name2 (FILE *fp, const char *string, int translate);
218
254
void gpgsm_print_name (FILE *fp, const char *string);
255
void gpgsm_es_print_name (estream_t fp, const char *string);
257
void gpgsm_cert_log_name (const char *text, ksba_cert_t cert);
220
259
void gpgsm_dump_cert (const char *text, ksba_cert_t cert);
221
260
void gpgsm_dump_serial (ksba_const_sexp_t p);
225
264
char *gpgsm_format_serial (ksba_const_sexp_t p);
226
265
char *gpgsm_format_name2 (const char *name, int translate);
227
266
char *gpgsm_format_name (const char *name);
267
char *gpgsm_format_sn_issuer (ksba_sexp_t sn, const char *issuer);
269
char *gpgsm_fpr_and_name_for_status (ksba_cert_t cert);
229
271
char *gpgsm_format_keydesc (ksba_cert_t cert);
232
274
/*-- certcheck.c --*/
233
275
int gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert);
234
276
int gpgsm_check_cms_signature (ksba_cert_t cert, ksba_const_sexp_t sigval,
235
gcry_md_hd_t md, int hash_algo);
277
gcry_md_hd_t md, int hash_algo, int *r_pkalgo);
236
278
/* fixme: move create functions to another file */
237
279
int gpgsm_create_cms_signature (ctrl_t ctrl,
238
280
ksba_cert_t cert, gcry_md_hd_t md, int mdalgo,
242
284
/*-- certchain.c --*/
243
int gpgsm_walk_cert_chain (ksba_cert_t start, ksba_cert_t *r_next);
286
/* Flags used with gpgsm_validate_chain. */
287
#define VALIDATE_FLAG_NO_DIRMNGR 1
288
#define VALIDATE_FLAG_CHAIN_MODEL 2
291
int gpgsm_walk_cert_chain (ctrl_t ctrl,
292
ksba_cert_t start, ksba_cert_t *r_next);
244
293
int gpgsm_is_root_cert (ksba_cert_t cert);
245
294
int gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert,
295
ksba_isotime_t checktime,
246
296
ksba_isotime_t r_exptime,
247
int listmode, FILE *listfp,
249
int gpgsm_basic_cert_check (ksba_cert_t cert);
297
int listmode, estream_t listfp,
298
unsigned int flags, unsigned int *retflags);
299
int gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert);
251
301
/*-- certlist.c --*/
252
302
int gpgsm_cert_use_sign_p (ksba_cert_t cert);
255
305
int gpgsm_cert_use_decrypt_p (ksba_cert_t cert);
256
306
int gpgsm_cert_use_cert_p (ksba_cert_t cert);
257
307
int gpgsm_cert_use_ocsp_p (ksba_cert_t cert);
308
int gpgsm_certs_identical_p (ksba_cert_t cert_a, ksba_cert_t cert_b);
258
309
int gpgsm_add_cert_to_certlist (ctrl_t ctrl, ksba_cert_t cert,
259
310
certlist_t *listaddr, int is_encrypt_to);
260
311
int gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
263
314
int gpgsm_find_cert (const char *name, ksba_sexp_t keyid, ksba_cert_t *r_cert);
265
316
/*-- keylist.c --*/
266
gpg_error_t gpgsm_list_keys (ctrl_t ctrl, STRLIST names,
267
FILE *fp, unsigned int mode);
317
gpg_error_t gpgsm_list_keys (ctrl_t ctrl, strlist_t names,
318
estream_t fp, unsigned int mode);
269
320
/*-- import.c --*/
270
321
int gpgsm_import (ctrl_t ctrl, int in_fd);
272
323
int (*of)(const char *fname));
274
325
/*-- export.c --*/
275
void gpgsm_export (ctrl_t ctrl, STRLIST names, FILE *fp);
326
void gpgsm_export (ctrl_t ctrl, strlist_t names, FILE *fp, estream_t stream);
276
327
void gpgsm_p12_export (ctrl_t ctrl, const char *name, FILE *fp);
278
329
/*-- delete.c --*/
279
int gpgsm_delete (ctrl_t ctrl, STRLIST names);
330
int gpgsm_delete (ctrl_t ctrl, strlist_t names);
281
332
/*-- verify.c --*/
282
333
int gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp);
285
336
int gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert);
286
int gpgsm_sign (ctrl_t ctrl, CERTLIST signerlist,
337
int gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
287
338
int data_fd, int detached, FILE *out_fp);
289
340
/*-- encrypt.c --*/
290
int gpgsm_encrypt (ctrl_t ctrl, CERTLIST recplist, int in_fd, FILE *out_fp);
341
int gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int in_fd, FILE *out_fp);
292
343
/*-- decrypt.c --*/
293
344
int gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp);
295
346
/*-- certreqgen.c --*/
296
int gpgsm_genkey (ctrl_t ctrl, int in_fd, FILE *out_fp);
347
int gpgsm_genkey (ctrl_t ctrl, estream_t in_stream, FILE *out_fp);
349
/*-- certreqgen-ui.c --*/
350
void gpgsm_gencertreq_tty (ctrl_t ctrl, FILE *out_fp);
298
353
/*-- qualified.c --*/
299
gpg_error_t gpgsm_is_in_qualified_list (ctrl_t ctrl, ksba_cert_t cert);
354
gpg_error_t gpgsm_is_in_qualified_list (ctrl_t ctrl, ksba_cert_t cert,
300
356
gpg_error_t gpgsm_qualified_consent (ctrl_t ctrl, ksba_cert_t cert);
301
357
gpg_error_t gpgsm_not_qualified_warning (ctrl_t ctrl, ksba_cert_t cert);
306
362
size_t digestlen,
308
364
unsigned char **r_buf, size_t *r_buflen);
365
int gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
366
unsigned char *digest, size_t digestlen, int digestalgo,
367
unsigned char **r_buf, size_t *r_buflen);
309
368
int gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
310
369
ksba_const_sexp_t ciphertext,
311
370
char **r_buf, size_t *r_buflen);
312
371
int gpgsm_agent_genkey (ctrl_t ctrl,
313
372
ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey);
314
int gpgsm_agent_readkey (ctrl_t ctrl, const char *hexkeygrip,
373
int gpgsm_agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
315
374
ksba_sexp_t *r_pubkey);
316
int gpgsm_agent_istrusted (ctrl_t ctrl, ksba_cert_t cert);
375
int gpgsm_agent_istrusted (ctrl_t ctrl, ksba_cert_t cert,
376
struct rootca_flags_s *rootca_flags);
317
377
int gpgsm_agent_havekey (ctrl_t ctrl, const char *hexkeygrip);
318
378
int gpgsm_agent_marktrusted (ctrl_t ctrl, ksba_cert_t cert);
319
379
int gpgsm_agent_learn (ctrl_t ctrl);
324
384
int gpgsm_dirmngr_isvalid (ctrl_t ctrl,
325
385
ksba_cert_t cert, ksba_cert_t issuer_cert,
327
int gpgsm_dirmngr_lookup (ctrl_t ctrl, STRLIST names,
387
int gpgsm_dirmngr_lookup (ctrl_t ctrl, strlist_t names, int cache_only,
328
388
void (*cb)(void*, ksba_cert_t), void *cb_value);
329
389
int gpgsm_dirmngr_run_command (ctrl_t ctrl, const char *command,
330
390
int argc, char **argv);