1
/* cardglue.c - mainly dispatcher for card related functions.
2
* Copyright (C) 2003, 2004 Free Software Foundation, Inc.
4
* This file is part of GnuPG.
6
* GnuPG is free software; you can redistribute it and/or modify
7
* it under the terms of the GNU General Public License as published by
8
* the Free Software Foundation; either version 2 of the License, or
9
* (at your option) any later version.
11
* GnuPG is distributed in the hope that it will be useful,
12
* but WITHOUT ANY WARRANTY; without even the implied warranty of
13
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
* GNU General Public License for more details.
16
* You should have received a copy of the GNU General Public License
17
* along with this program; if not, write to the Free Software
18
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
22
#ifndef ENABLE_CARD_SUPPORT
23
#error not configured for card support.
44
#include "app-common.h"
47
int (*status_cb)(void *opaque, const char *line);
52
static char *default_reader_port;
53
static APP current_app;
57
/* Create a serialno/fpr string from the serial number and the secret
58
key. caller must free the returned string. There is no error
59
return. [Taken from 1.9's keyid.c]*/
61
serialno_and_fpr_from_sk (const unsigned char *sn, size_t snlen,
64
unsigned char fpr[MAX_FINGERPRINT_LEN];
69
fingerprint_from_sk (sk, fpr, &fprlen);
70
buffer = p = xmalloc (snlen*2 + 1 + fprlen*2 + 1);
71
for (i=0; i < snlen; i++, p+=2)
72
sprintf (p, "%02X", sn[i]);
74
for (i=0; i < fprlen; i++, p+=2)
75
sprintf (p, "%02X", fpr[i]);
81
/* Send a line with status information via assuan and escape all given
82
buffers. The variable elements are pairs of (char *, size_t),
83
terminated with a (NULL, 0). */
85
send_status_info (CTRL ctrl, const char *keyword, ...)
88
const unsigned char *value;
93
va_start (arg_ptr, keyword);
97
valuelen = strlen (keyword);
98
for ( ; valuelen && n < DIM (buf)-2; n++, valuelen--, keyword++)
101
while ( (value = va_arg (arg_ptr, const unsigned char *)) )
103
valuelen = va_arg (arg_ptr, size_t);
105
continue; /* empty buffer */
111
for ( ; valuelen && n < DIM (buf)-2; n++, valuelen--, value++)
113
if (*value < ' ' || *value == '+')
115
sprintf (p, "%%%02X", *value);
118
else if (*value == ' ')
125
ctrl->status_cb (ctrl->status_cb_arg, buf);
131
void gcry_md_hash_buffer (int algo, void *digest,
132
const void *buffer, size_t length)
134
MD_HANDLE h = md_open (algo, 0);
137
md_write (h, (byte *) buffer, length);
139
memcpy (digest, md_read (h, algo), md_digest_length (algo));
144
/* This is a limited version of the one in 1.9 but it should be
147
log_printf (const char *fmt, ...)
151
va_start (arg_ptr, fmt);
152
vfprintf (log_stream (), fmt, arg_ptr);
158
/* Print a hexdump of BUFFER. With TEXT of NULL print just the raw
159
dump, with TEXT just an empty string, print a trailing linefeed,
160
otherwise print an entire debug line. */
162
log_printhex (const char *text, const void *buffer, size_t length)
165
log_debug ("%s ", text);
168
const unsigned char *p = buffer;
169
log_printf ("%02X", *p);
170
for (length--, p++; length--; p++)
171
log_printf (" %02X", *p);
180
app_set_default_reader_port (const char *portstr)
182
xfree (default_reader_port);
183
default_reader_port = portstr? xstrdup (portstr): NULL;
188
card_set_reader_port (const char *portstr)
190
app_set_default_reader_port (portstr);
194
/* Retrieve the serial number and the time of the last update of the
195
card. The serial number is returned as a malloced string (hex
196
encoded) in SERIAL and the time of update is returned in STAMP. If
197
no update time is available the returned value is 0. Caller must
198
free SERIAL unless the function returns an error. */
200
app_get_serial_and_stamp (APP app, char **serial, time_t *stamp)
202
unsigned char *buf, *p;
205
if (!app || !serial || !stamp)
206
return gpg_error (GPG_ERR_INV_VALUE);
209
*stamp = 0; /* not available */
211
buf = xtrymalloc (app->serialnolen * 2 + 1);
213
return gpg_error_from_errno (errno);
214
for (p=buf, i=0; i < app->serialnolen; p +=2, i++)
215
sprintf (p, "%02X", app->serialno[i]);
226
/* Release the card info structure. */
228
agent_release_card_info (struct agent_card_info_s *info)
235
xfree (info->serialno); info->serialno = NULL;
236
xfree (info->disp_name); info->disp_name = NULL;
237
xfree (info->disp_lang); info->disp_lang = NULL;
238
xfree (info->pubkey_url); info->pubkey_url = NULL;
239
xfree (info->login_data); info->login_data = NULL;
240
info->fpr1valid = info->fpr2valid = info->fpr3valid = 0;
241
info->cafpr1valid = info->cafpr2valid = info->cafpr3valid = 0;
242
for (i=0; i < 4; i++)
244
xfree (info->private_do[i]);
245
info->private_do[i] = NULL;
250
/* Open the current card and select the openpgp application. Return
251
an APP context handle to be used for further procesing or NULL on
252
error or if no OpenPGP application exists.*/
259
int did_shutdown = 0;
269
slot = apdu_open_reader (default_reader_port);
272
log_error ("card reader not available\n");
277
app = xcalloc (1, sizeof *app);
279
rc = app_select_openpgp (app);
280
if (rc && !opt.batch)
282
write_status_text (STATUS_CARDCTRL, "1");
284
did_shutdown = !!apdu_shutdown_reader (slot);
286
if ( cpr_get_answer_okay_cancel ("cardctrl.insert_card.okay",
287
_("Please insert the card and hit return or enter 'c' to cancel: "),
291
apdu_close_reader (slot);
298
log_info ("selecting openpgp failed: %s\n", gpg_strerror (rc));
299
apdu_close_reader (slot);
304
app->initialized = 1;
306
if (is_status_enabled () )
311
buf = xmalloc (5 + app->serialnolen * 2 + 1);
312
p = stpcpy (buf, "3 ");
313
for (i=0; i < app->serialnolen; p +=2, i++)
314
sprintf (p, "%02X", app->serialno[i]);
315
write_status_text (STATUS_CARDCTRL, buf);
327
APP app = current_app;
330
apdu_close_reader (app->slot);
336
/* Check that the serial number of the current card (as described by
337
APP) matches SERIALNO. If there is no match and we are not in
338
batch mode, present a prompt to insert the desired card. The
339
function return 0 is the present card is okay, -1 if the user
340
selected to insert a new card or an error value. Note that the
341
card context will be closed in all cases except for 0 as return
342
value and if it was possible to merely shutdown the reader. */
344
check_card_serialno (APP app, const char *serialno)
350
for (s = serialno, n=0; *s != '/' && hexdigitp (s); s++, n++)
354
log_error ("invalid serial number in keyring detected\n");
355
return gpg_error (GPG_ERR_INV_ID);
357
if (app->serialnolen != 16)
359
for (s = serialno, n=0; !ask && n < 16; s += 2, n++)
360
if (app->serialno[n] != xtoi_2 (s))
365
int did_shutdown = 0;
367
if (current_app && !apdu_shutdown_reader (current_app->slot))
371
tty_printf (_("Please remove the current card and "
372
"insert the one with serial number:\n"
373
" %.*s\n"), 32, serialno);
375
sprintf (buf, "1 %.32s", serialno);
376
write_status_text (STATUS_CARDCTRL, buf);
378
if ( cpr_get_answer_okay_cancel ("cardctrl.change_card.okay",
379
_("Hit return when ready "
380
"or enter 'c' to cancel: "),
387
apdu_reset (current_app->slot);
390
return gpg_error (GPG_ERR_INV_ID);
397
/* Return a new malloced string by unescaping the string S. Escaping
398
is percent escaping and '+'/space mapping. A binary nul will
399
silently be replaced by a 0xFF. Function returns NULL to indicate
400
an out of memory status. */
402
unescape_status_string (const unsigned char *s)
406
buffer = d = xmalloc (strlen (s)+1);
409
if (*s == '%' && s[1] && s[2])
430
/* Take a 20 byte hexencoded string and put it into the the provided
431
20 byte buffer FPR in binary format. */
433
unhexify_fpr (const char *hexstr, unsigned char *fpr)
438
for (s=hexstr, n=0; hexdigitp (s); s++, n++)
441
return 0; /* no fingerprint (invalid or wrong length). */
443
for (s=hexstr, n=0; *s; s += 2, n++)
448
/* Take the serial number from LINE and return it verbatim in a newly
449
allocated string. We make sure that only hex characters are
452
store_serialno (const char *line)
457
for (s=line; hexdigitp (s); s++)
459
p = xmalloc (s + 1 - line);
460
memcpy (p, line, s-line);
468
learn_status_cb (void *opaque, const char *line)
470
struct agent_card_info_s *parm = opaque;
471
const char *keyword = line;
475
/* log_debug ("got status line `%s'\n", line); */
476
for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
478
while (spacep (line))
481
if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
483
xfree (parm->serialno);
484
parm->serialno = store_serialno (line);
486
else if (keywordlen == 9 && !memcmp (keyword, "DISP-NAME", keywordlen))
488
xfree (parm->disp_name);
489
parm->disp_name = unescape_status_string (line);
491
else if (keywordlen == 9 && !memcmp (keyword, "DISP-LANG", keywordlen))
493
xfree (parm->disp_lang);
494
parm->disp_lang = unescape_status_string (line);
496
else if (keywordlen == 8 && !memcmp (keyword, "DISP-SEX", keywordlen))
498
parm->disp_sex = *line == '1'? 1 : *line == '2' ? 2: 0;
500
else if (keywordlen == 10 && !memcmp (keyword, "PUBKEY-URL", keywordlen))
502
xfree (parm->pubkey_url);
503
parm->pubkey_url = unescape_status_string (line);
505
else if (keywordlen == 10 && !memcmp (keyword, "LOGIN-DATA", keywordlen))
507
xfree (parm->login_data);
508
parm->login_data = unescape_status_string (line);
510
else if (keywordlen == 11 && !memcmp (keyword, "SIG-COUNTER", keywordlen))
512
parm->sig_counter = strtoul (line, NULL, 0);
514
else if (keywordlen == 10 && !memcmp (keyword, "CHV-STATUS", keywordlen))
518
buf = p = unescape_status_string (line);
523
parm->chv1_cached = atoi (p);
524
while (*p && !spacep (p))
528
for (i=0; *p && i < 3; i++)
530
parm->chvmaxlen[i] = atoi (p);
531
while (*p && !spacep (p))
536
for (i=0; *p && i < 3; i++)
538
parm->chvretry[i] = atoi (p);
539
while (*p && !spacep (p))
547
else if (keywordlen == 7 && !memcmp (keyword, "KEY-FPR", keywordlen))
549
int no = atoi (line);
550
while (* line && !spacep (line))
552
while (spacep (line))
555
parm->fpr1valid = unhexify_fpr (line, parm->fpr1);
557
parm->fpr2valid = unhexify_fpr (line, parm->fpr2);
559
parm->fpr3valid = unhexify_fpr (line, parm->fpr3);
561
else if (keywordlen == 8 && !memcmp (keyword, "KEY-TIME", keywordlen))
563
int no = atoi (line);
564
while (* line && !spacep (line))
566
while (spacep (line))
569
parm->fpr1time = strtoul (line, NULL, 10);
571
parm->fpr2time = strtoul (line, NULL, 10);
573
parm->fpr3time = strtoul (line, NULL, 10);
575
else if (keywordlen == 6 && !memcmp (keyword, "CA-FPR", keywordlen))
577
int no = atoi (line);
578
while (*line && !spacep (line))
580
while (spacep (line))
583
parm->cafpr1valid = unhexify_fpr (line, parm->cafpr1);
585
parm->cafpr2valid = unhexify_fpr (line, parm->cafpr2);
587
parm->cafpr3valid = unhexify_fpr (line, parm->cafpr3);
589
else if (keywordlen == 12 && !memcmp (keyword, "PRIVATE-DO-", 11)
590
&& strchr ("1234", keyword[11]))
592
int no = keyword[11] - '1';
593
assert (no >= 0 && no <= 3);
594
xfree (parm->private_do[no]);
595
parm->private_do[no] = unescape_status_string (line);
602
/* Return card info. */
604
agent_learn (struct agent_card_info_s *info)
608
struct ctrl_ctx_s ctrl;
612
app = current_app? current_app : open_card ();
614
return gpg_error (GPG_ERR_CARD);
616
memset (info, 0, sizeof *info);
617
memset (&ctrl, 0, sizeof ctrl);
618
ctrl.status_cb = learn_status_cb;
619
ctrl.status_cb_arg = info;
621
rc = app_get_serial_and_stamp (app, &serial, &stamp);
624
send_status_info (&ctrl, "SERIALNO", serial, strlen(serial), NULL, 0);
626
rc = app->fnc.learn_status (app, &ctrl);
632
/* Get an attribite from the card. Make sure info is initialized. */
634
agent_scd_getattr (const char *name, struct agent_card_info_s *info)
637
struct ctrl_ctx_s ctrl;
639
app = current_app? current_app : open_card ();
641
return gpg_error (GPG_ERR_CARD);
643
ctrl.status_cb = learn_status_cb;
644
ctrl.status_cb_arg = info;
645
return app->fnc.getattr (app, &ctrl, name);
651
pin_cb (void *opaque, const char *info, char **retstr)
657
const char *again_text = NULL;
658
const char *ends, *s;
661
log_debug ("asking for PIN '%s'\n", info);
663
/* We use a special prefix to check whether the Admin PIN has been
665
if (info && *info =='|' && (ends=strchr (info+1, '|')))
667
for (s=info+1; s < ends; s++)
678
if (is_status_enabled())
679
write_status_text (STATUS_NEED_PASSPHRASE_PIN,
680
isadmin? "OPENPGP 3" : "OPENPGP 1");
682
value = ask_passphrase (info, again_text,
683
newpin && isadmin? "passphrase.adminpin.new.ask" :
684
newpin? "passphrase.pin.new.ask" :
685
isadmin? "passphrase.adminpin.ask" :
686
"passphrase.pin.ask",
687
newpin && isadmin? _("Enter New Admin PIN: ") :
688
newpin? _("Enter New PIN: ") :
689
isadmin? _("Enter Admin PIN: ")
693
if (!value && canceled)
696
return G10ERR_GENERAL;
702
value2 = ask_passphrase (info, NULL,
703
"passphrase.pin.repeat",
704
_("Repeat this PIN: "),
706
if (!value && canceled)
714
return G10ERR_GENERAL;
716
if (strcmp (value, value2))
718
again_text = N_("PIN not correctly repeated; try again");
733
/* Send a SETATTR command to the SCdaemon. */
735
agent_scd_setattr (const char *name,
736
const unsigned char *value, size_t valuelen)
740
app = current_app? current_app : open_card ();
742
return gpg_error (GPG_ERR_CARD);
744
return app->fnc.setattr (app, name, pin_cb, NULL, value, valuelen);
749
genkey_status_cb (void *opaque, const char *line)
751
struct agent_card_genkey_s *parm = opaque;
752
const char *keyword = line;
755
/* log_debug ("got status line `%s'\n", line); */
756
for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
758
while (spacep (line))
761
if (keywordlen == 7 && !memcmp (keyword, "KEY-FPR", keywordlen))
763
parm->fprvalid = unhexify_fpr (line, parm->fpr);
765
if (keywordlen == 8 && !memcmp (keyword, "KEY-DATA", keywordlen))
768
const char *name = line;
771
while (*line && !spacep (line))
773
while (spacep (line))
776
buf = xmalloc ( 2 + strlen (line) + 1);
777
strcpy (stpcpy (buf, "0x"), line);
779
if( mpi_fromstr (a, buf) )
780
log_error ("error parsing received key data\n");
781
else if (*name == 'n' && spacep (name+1))
783
else if (*name == 'e' && spacep (name+1))
787
log_info ("unknown parameter name in received key data\n");
792
else if (keywordlen == 14 && !memcmp (keyword,"KEY-CREATED-AT", keywordlen))
794
parm->created_at = (u32)strtoul (line, NULL, 10);
800
/* Send a GENKEY command to the SCdaemon. */
802
agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force)
806
struct ctrl_ctx_s ctrl;
808
app = current_app? current_app : open_card ();
810
return gpg_error (GPG_ERR_CARD);
812
memset (info, 0, sizeof *info);
813
sprintf (keynostr, "%d", keyno);
814
ctrl.status_cb = genkey_status_cb;
815
ctrl.status_cb_arg = info;
817
return app->fnc.genkey (app, &ctrl, keynostr,
822
/* Send a PKSIGN command to the SCdaemon. */
824
agent_scd_pksign (const char *serialno, int hashalgo,
825
const unsigned char *indata, size_t indatalen,
826
unsigned char **r_buf, size_t *r_buflen)
834
app = current_app? current_app : open_card ();
836
return gpg_error (GPG_ERR_CARD);
838
/* Check that the card's serialnumber is as required.*/
839
rc = check_card_serialno (app, serialno);
845
return app->fnc.sign (app, serialno, hashalgo,
852
/* Send a PKDECRYPT command to the SCdaemon. */
854
agent_scd_pkdecrypt (const char *serialno,
855
const unsigned char *indata, size_t indatalen,
856
unsigned char **r_buf, size_t *r_buflen)
864
app = current_app? current_app : open_card ();
866
return gpg_error (GPG_ERR_CARD);
868
/* Check that the card's serialnumber is as required.*/
869
rc = check_card_serialno (app, serialno);
875
return app->fnc.decipher (app, serialno,
881
/* Change the PIN of an OpenPGP card or reset the retry counter. */
883
agent_scd_change_pin (int chvno)
889
reset = (chvno >= 100);
892
app = current_app? current_app : open_card ();
894
return gpg_error (GPG_ERR_CARD);
896
sprintf (chvnostr, "%d", chvno);
897
return app->fnc.change_pin (app, NULL, chvnostr, reset,
901
/* Perform a CHECKPIN operation. SERIALNO should be the serial
902
number of the card - optionally followed by the fingerprint;
903
however the fingerprint is ignored here. */
905
agent_scd_checkpin (const char *serialnobuf)
909
app = current_app? current_app : open_card ();
911
return gpg_error (GPG_ERR_CARD);
913
return app->fnc.check_pin (app, serialnobuf, pin_cb, NULL);
917
/* Wrapper to call the store key helper function of app-openpgp.c. */
919
agent_openpgp_storekey (int keyno,
920
unsigned char *template, size_t template_len,
922
const unsigned char *m, size_t mlen,
923
const unsigned char *e, size_t elen)
927
app = current_app? current_app : open_card ();
929
return gpg_error (GPG_ERR_CARD);
931
return app_openpgp_storekey (app, keyno, template, template_len,
932
created_at, m, mlen, e, elen,