2 Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013
3 Ben Kibbey <bjk@luxsci.net>
5 This file is part of pwmd.
7 Pwmd is free software: you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation, either version 2 of the License, or
10 (at your option) any later version.
12 Pwmd is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with Pwmd. If not, see <http://www.gnu.org/licenses/>.
27 #include <sys/types.h>
37 #include "pwmd-error.h"
38 #include "util-misc.h"
43 #include "util-string.h"
51 mem_realloc_cb (void *data
, const void *buffer
, size_t len
)
53 membuf_t
*mem
= (membuf_t
*) data
;
59 if ((p
= xrealloc (mem
->buf
, mem
->len
+ len
)) == NULL
)
63 memcpy ((char *) mem
->buf
+ mem
->len
, buffer
, len
);
69 status_cb (void *data
, const char *line
)
71 struct agent_s
*agent
= data
;
73 agent
->inquire_maxlen
= 0;
75 if (!strncmp (line
, "INQUIRE_MAXLEN ", 15))
77 agent
->inquire_maxlen
= atoi (line
+ 15);
78 if (!agent
->client_ctx
)
82 return send_status (agent
->client_ctx
, STATUS_AGENT
, "%s", line
);
86 assuan_command (struct agent_s
*a
, char **result
,
87 size_t * len
, const char *cmd
)
98 rc
= assuan_transact (a
->ctx
, cmd
, mem_realloc_cb
, &a
->data
,
99 a
->inquire_cb
, a
->inquire_data
, status_cb
, a
);
106 mem_realloc_cb (&a
->data
, "", 1);
108 *result
= (char *) a
->data
.buf
;
120 /* This commands are sent from launch_agent() after reconnecting to the agent
121 * and also from the initial client connection. */
123 send_agent_common_options (struct agent_s
*agent
)
127 rc
= send_to_agent (agent
, NULL
, NULL
, "OPTION cache-ttl-opt-preset=-1");
132 launch_agent (struct agent_s
*agent
)
135 assuan_context_t ctx
= NULL
;
136 const char *t
= NULL
;
137 static struct assuan_malloc_hooks mhooks
= { xmalloc
, xrealloc
, xfree
};
138 char *s
, buf
[LINE_MAX
];
141 agent
->did_restart
= 0;
142 s
= config_get_string ("global", "agent_env_file");
145 char *ss
= expand_homedir (s
);
148 fp
= fopen (ss
, "r");
153 while ((p
= fgets (buf
, sizeof (buf
), fp
)))
156 if (!strncmp (p
, "GPG_AGENT_INFO=", strlen ("GPG_AGENT_INFO=")))
158 setenv ("GPG_AGENT_INFO", p
+ strlen ("GPG_AGENT_INFO="),
167 log_write ("%s: %s", s
, pwmd_strerror (gpg_error_from_syserror ()));
172 t
= getenv ("GPG_AGENT_INFO");
174 return gpg_error (GPG_ERR_NO_AGENT
);
176 rc
= assuan_new_ext (&ctx
, GPG_ERR_SOURCE_DEFAULT
, &mhooks
,
177 debug_level
? assuan_log_cb
: NULL
, "AGENT ");
181 char **fields
= str_split (t
, ":", 0);
182 rc
= assuan_socket_connect (ctx
, fields
[0], ASSUAN_INVALID_PID
, 0);
187 assuan_release (ctx
);
192 assuan_release (agent
->ctx
);
195 rc
= send_agent_common_options (agent
);
196 if (!rc
&& agent
->pinentry_opts
.display
)
197 rc
= set_agent_option (agent
, "display", agent
->pinentry_opts
.display
);
199 if (!rc
&& agent
->pinentry_opts
.ttyname
)
200 rc
= set_agent_option (agent
, "ttyname", agent
->pinentry_opts
.ttyname
);
202 if (!rc
&& agent
->pinentry_opts
.ttytype
)
203 rc
= set_agent_option (agent
, "ttytype", agent
->pinentry_opts
.ttytype
);
205 if (!rc
&& agent
->pinentry_opts
.lc_messages
)
206 rc
= set_agent_option (agent
, "lc-messages",
207 agent
->pinentry_opts
.lc_messages
);
209 if (!rc
&& agent
->pinentry_opts
.lc_ctype
)
210 rc
= set_agent_option (agent
, "lc-ctype", agent
->pinentry_opts
.lc_ctype
);
216 send_to_agent (struct agent_s
* agent
, char **result
, size_t * len
,
217 const char *fmt
, ...)
225 rc
= launch_agent (agent
);
231 if (str_vasprintf (&cmd
, fmt
, ap
) > 0)
233 rc
= assuan_command (agent
, result
, len
, cmd
);
234 if (!agent
->restart
&& gpg_err_source (rc
) == GPG_ERR_SOURCE_DEFAULT
235 && (gpg_err_code (rc
) == GPG_ERR_ASS_CONNECT_FAILED
236 || gpg_err_code (rc
) == GPG_ERR_EPIPE
))
239 rc
= launch_agent (agent
);
242 agent
->did_restart
= 1;
243 rc
= assuan_command (agent
, result
, len
, cmd
);
258 agent_disconnect (struct agent_s
*agent
)
264 assuan_release (agent
->ctx
);
270 cleanup_agent (struct agent_s
*agent
)
275 pinentry_free_opts (&agent
->pinentry_opts
);
276 agent_disconnect (agent
);
281 agent_init (struct agent_s
**agent
)
283 struct agent_s
*new = xcalloc (1, sizeof (struct agent_s
));
286 return GPG_ERR_ENOMEM
;
293 inquire_cb (void *user
, const char *keyword
)
295 struct inquire_data_s
*idata
= user
;
297 if (!idata
->preset
&& (!strcmp (keyword
, "PASSPHRASE")
298 || !strcmp (keyword
, "NEW_PASSPHRASE")))
300 return agent_loopback_cb (idata
->crypto
, keyword
);
302 // SAVE --inquire-keyparam
303 else if (idata
->preset
&& !strcmp (keyword
, "KEYPARAM"))
306 return agent_loopback_cb (idata
->crypto
, keyword
);
309 if (idata
->crypto
->agent
->inquire_maxlen
310 && idata
->len
> idata
->crypto
->agent
->inquire_maxlen
)
312 log_write (_("Inquired data too large: have=%u, max=%u"), idata
->len
,
313 idata
->crypto
->agent
->inquire_maxlen
);
314 return GPG_ERR_TOO_LARGE
;
317 idata
->crypto
->agent
->inquire_maxlen
= 0;
318 return assuan_send_data (idata
->crypto
->agent
->ctx
, idata
->line
,
323 agent_extract_key (struct crypto_s
*crypto
, unsigned char **result
,
327 gcry_sexp_t enc_sexp
= NULL
, tmp_sexp
;
328 struct inquire_data_s idata
= { 0 };
329 char *hexgrip
= NULL
;
331 size_t keylen
, keysize
;
333 int algo
= cipher_to_gcrypt (crypto
->hdr
.flags
);
336 rc
= gcry_cipher_algo_info (algo
, GCRYCTL_GET_KEYLEN
, NULL
, &keysize
);
340 tmp_sexp
= gcry_sexp_find_token (crypto
->ciphertext_sexp
, "enc-val", 0);
342 return GPG_ERR_BAD_DATA
;
344 hexgrip
= bin2hex (crypto
->grip
, sizeof (crypto
->grip
));
351 rc
= cache_is_shadowed (hexgrip
);
352 if (rc
&& rc
!= GPG_ERR_NO_DATA
)
355 shadowed
= !rc
? 1 : 0;
358 gcry_sexp_t tmp2_sexp
= gcry_sexp_cdr (tmp_sexp
);
359 gcry_sexp_release (tmp_sexp
);
360 tmp_sexp
= gcry_sexp_nth (tmp2_sexp
, 0);
361 gcry_sexp_release (tmp2_sexp
);
362 rc
= gcry_sexp_build (&enc_sexp
, NULL
, "(enc-val (flags pkcs1) %S)",
366 rc
= gcry_sexp_build (&enc_sexp
, NULL
, "%S", tmp_sexp
);
368 gcry_sexp_release (tmp_sexp
);
372 crypto
->agent
->inquire_cb
= inquire_cb
;
373 idata
.crypto
= crypto
;
374 idata
.len
= gcry_sexp_sprint (enc_sexp
, GCRYSEXP_FMT_CANON
, NULL
, 0);
375 idata
.line
= xmalloc (idata
.len
);
382 idata
.len
= gcry_sexp_sprint (enc_sexp
, GCRYSEXP_FMT_CANON
, idata
.line
,
384 crypto
->agent
->inquire_data
= &idata
;
385 gcry_sexp_release (enc_sexp
);
387 log_write1 (_("Keygrip is %s, bits=%i"), hexgrip
,
388 gcry_pk_get_nbits (crypto
->pkey_sexp
));
389 rc
= send_to_agent (crypto
->agent
, NULL
, NULL
, "SETKEY %s", hexgrip
);
393 if (!crypto
->agent
->pinentry_opts
.desc
)
397 ("A %s is required to unlock the secret key for the "
398 "encrypted data file \"%s\". Please enter the %s "
399 "below."), shadowed
? "PIN" : _("passphrase"),
400 crypto
->filename
, shadowed
? "PIN" : _("passphrase"));
403 tmp
= plus_escape (crypto
->agent
->pinentry_opts
.desc
);
405 rc
= send_to_agent (crypto
->agent
, NULL
, NULL
, "SETKEYDESC %s", tmp
);
410 assuan_begin_confidential (crypto
->agent
->ctx
);
411 rc
= send_to_agent (crypto
->agent
, &key
, &keylen
, "PKDECRYPT");
412 assuan_end_confidential (crypto
->agent
->ctx
);
416 rc
= gcry_sexp_new (&tmp_sexp
, key
, keylen
, 1);
421 key
= (char *) gcry_sexp_nth_data (tmp_sexp
, 1, result_len
);
424 *result
= gcry_malloc (*result_len
);
428 memcpy (*result
, key
, *result_len
);
431 rc
= GPG_ERR_BAD_DATA
;
433 gcry_sexp_release (tmp_sexp
);
440 gcry_sexp_release (enc_sexp
);
446 agent_verify (gcry_sexp_t pkey
, gcry_sexp_t sig_sexp
, const void *data
, size_t len
)
449 unsigned hashlen
= gcry_md_get_algo_dlen (GCRY_MD_SHA256
);
451 gcry_sexp_t data_sexp
;
453 hash
= gcry_malloc (hashlen
);
455 return GPG_ERR_ENOMEM
;
457 gcry_md_hash_buffer (GCRY_MD_SHA256
, hash
, data
, len
);
458 rc
= gcry_sexp_build (&data_sexp
, NULL
,
459 "(data (flags pkcs1) (hash sha256 %b))", hashlen
,
464 rc
= gcry_pk_verify (sig_sexp
, data_sexp
, pkey
);
465 gcry_sexp_release (data_sexp
);
472 agent_loopback_cb (void *user
, const char *keyword
)
474 struct crypto_s
*crypto
= user
;
476 unsigned char *result
;
480 if (!strcmp (keyword
, "KEYPARAM"))
483 rc
= assuan_inquire (crypto
->client_ctx
, keyword
, &result
, &len
, 0);
486 { // PASSPHRASE or NEW_PASSPHRASE
487 assuan_begin_confidential (crypto
->client_ctx
);
488 rc
= assuan_inquire (crypto
->client_ctx
, keyword
, &result
, &len
, 0);
489 assuan_end_confidential (crypto
->client_ctx
);
494 if (keyparam
&& !len
)
496 char *tmp
= default_key_params (crypto
);
499 return gpg_error (GPG_ERR_ENOMEM
);
502 result
= xmalloc (len
);
503 memcpy (result
, tmp
, len
);
507 pthread_cleanup_push (xfree
, result
);
510 rc
= assuan_send_data (crypto
->agent
->ctx
, result
, len
);
513 assuan_begin_confidential (crypto
->agent
->ctx
);
514 rc
= assuan_send_data (crypto
->agent
->ctx
, result
, len
);
515 assuan_end_confidential (crypto
->agent
->ctx
);
518 pthread_cleanup_pop (1);
520 else if (gpg_err_code (rc
) == GPG_ERR_ASS_CANCELED
)
522 gpg_error_t arc
= assuan_write_line (crypto
->agent
->ctx
, "CAN");
529 arc
= assuan_read_line (crypto
->agent
->ctx
, &line
, &len
);
541 sign (gcry_sexp_t
* rsexp
, const char *sign_hexgrip
,
542 struct crypto_s
*crypto
, const void *data
, size_t len
)
546 char *tmp
= sign_hexgrip
? str_dup (sign_hexgrip
)
547 : bin2hex (crypto
->grip
, sizeof (crypto
->grip
));
549 pthread_cleanup_push (xfree
, tmp
);
550 log_write1 (_("Signed with keygrip %s"), tmp
);
551 rc
= send_to_agent (crypto
->agent
, NULL
, NULL
, "SIGKEY %s", tmp
);
552 pthread_cleanup_pop (1);
556 unsigned hashlen
= gcry_md_get_algo_dlen (GCRY_MD_SHA256
);
558 hash
= gcry_malloc (hashlen
);
560 return GPG_ERR_ENOMEM
;
562 gcry_md_hash_buffer (GCRY_MD_SHA256
, hash
, data
, len
);
563 tmp
= bin2hex (hash
, hashlen
);
565 pthread_cleanup_push (xfree
, tmp
);
566 rc
= send_to_agent (crypto
->agent
, NULL
, NULL
,
567 "SETHASH --hash=sha256 %s", tmp
);
568 pthread_cleanup_pop (1);
573 struct inquire_data_s idata
= { 0 };
575 idata
.crypto
= crypto
;
576 crypto
->agent
->inquire_data
= &idata
;
577 crypto
->agent
->inquire_cb
= inquire_cb
;
578 rc
= send_to_agent (crypto
->agent
, &result
, &len
, "PKSIGN");
581 rc
= gcry_sexp_sscan (rsexp
, NULL
, result
, len
);
590 encrypt_data_file (assuan_context_t ctx
, struct crypto_s
* crypto
,
591 gcry_sexp_t pubkey
, gcry_sexp_t sigpkey
,
592 const char *filename
, const void *xml
, size_t len
)
597 void *enc_xml
= NULL
;
598 size_t enc_xml_len
= 0;
599 unsigned char *iv
= NULL
;
601 int algo
= cipher_to_gcrypt (crypto
->save
.hdr
.flags
);
604 unsigned char sig_grip
[20];
605 unsigned char grip
[20];
607 rc
= gcry_cipher_algo_info (algo
, GCRYCTL_GET_KEYLEN
, NULL
, &keysize
);
611 pthread_cleanup_push (gcry_free
, key
);
612 key
= gcry_random_bytes_secure (keysize
, GCRY_STRONG_RANDOM
);
613 #ifdef HAVE_PTHREAD_TESTCANCEL
614 pthread_testcancel (); // may have been a long operation
616 pthread_cleanup_pop (0);
618 return GPG_ERR_ENOMEM
;
620 gcry_pk_get_keygrip (pubkey
, grip
);
621 gcry_pk_get_keygrip (sigpkey
, sig_grip
);
622 pthread_cleanup_push (xfree
, iv
);
623 pthread_cleanup_push (gcry_free
, key
);
624 rc
= encrypt_xml (ctx
, key
, keysize
, algo
, xml
, len
, &enc_xml
, &enc_xml_len
,
625 &iv
, &iv_len
, crypto
->save
.hdr
.iterations
);
628 gcry_sexp_t sig_sexp
= NULL
;
629 char *hexgrip
= bin2hex (grip
, 20);
631 log_write1 (_("Encrypted with keygrip %s"), hexgrip
);
633 hexgrip
= bin2hex (sig_grip
, 20);
634 pthread_cleanup_push (gcry_free
, enc_xml
);
635 rc
= sign (&sig_sexp
, hexgrip
, crypto
, enc_xml
, enc_xml_len
);
640 rc
= agent_verify (sigpkey
, sig_sexp
, enc_xml
, enc_xml_len
);
644 gcry_sexp_t tmp_sexp
;
646 rc
= gcry_sexp_build (&tmp_sexp
, NULL
,
647 "(data (flags pkcs1) (value %b))",
651 gcry_sexp_t key_sexp
;
653 pthread_cleanup_push ((void (*)(void *)) gcry_sexp_release
,
655 rc
= gcry_pk_encrypt (&key_sexp
, tmp_sexp
, pubkey
);
656 pthread_cleanup_pop (0);
657 gcry_sexp_release (tmp_sexp
);
661 memcpy (crypto
->save
.hdr
.iv
, iv
, iv_len
);
662 crypto
->save
.hdr
.datalen
= enc_xml_len
;
663 rc
= gcry_sexp_build (&tmp_sexp
, NULL
, "%S%S", key_sexp
,
665 gcry_sexp_release (key_sexp
);
669 data_len
= gcry_sexp_sprint (tmp_sexp
,
672 data
= xmalloc (data_len
);
674 gcry_sexp_sprint (tmp_sexp
, GCRYSEXP_FMT_CANON
,
679 gcry_sexp_release (tmp_sexp
);
686 pthread_cleanup_pop (0); // enc_xml
689 gcry_sexp_release (sig_sexp
);
692 pthread_cleanup_pop (1); // key
693 pthread_cleanup_pop (1); // iv
697 pthread_cleanup_push (gcry_free
, enc_xml
);
698 rc
= write_file (crypto
, filename
, enc_xml
, enc_xml_len
, data
, data_len
,
700 pthread_cleanup_pop (1); // enc_xml
702 memcpy (&crypto
->hdr
, &crypto
->save
.hdr
, sizeof (file_header_t
));
713 generate_key (struct crypto_s
* crypto
, char *sexpstr
, int empty
, int preset
)
719 if (crypto
->save
.s2k_count
)
721 rc
= send_to_agent (crypto
->agent
, NULL
, NULL
,
722 "OPTION s2k-count=%lu", crypto
->save
.s2k_count
);
727 if (!crypto
->agent
->inquire_cb
)
728 crypto
->agent
->inquire_cb
= inquire_cb
;
730 rc
= send_to_agent (crypto
->agent
, &pkey
, &plen
, "GENKEY %s%s",
731 preset
? "--preset " : "",
732 empty
? "--no-protection" : "");
736 if (crypto
->save
.pkey
)
737 gcry_sexp_release (crypto
->save
.pkey
);
739 crypto
->save
.pkey
= NULL
;
740 rc
= gcry_sexp_new (&crypto
->save
.pkey
, pkey
, plen
, 1);
743 unsigned char grip
[20];
745 gcry_pk_get_keygrip (crypto
->save
.pkey
, grip
);
746 char *hexgrip
= bin2hex (grip
, sizeof (grip
));
747 log_write1 (_("Keygrip is %s"), hexgrip
);
750 if (!crypto
->save
.sigpkey
)
752 gcry_sexp_build ((gcry_sexp_t
*) & crypto
->save
.sigpkey
, NULL
, "%S",
762 set_agent_option (struct agent_s
* agent
, const char *name
, const char *value
)
764 return send_to_agent (agent
, NULL
, NULL
, "OPTION %s=%s", name
, value
);
768 set_agent_passphrase (struct crypto_s
* crypto
, const char *key
, size_t len
)
771 struct inquire_data_s idata
;
775 /* This is for use with key files or passphrases obtained from an inquire.
776 * gpg-agent uses strings as passphrases and will truncate the passphrase
777 * at the first encountered null byte. It's only a warning because the
778 * passphrase may belong to a key shared outside of pwmd. */
779 for (i
= 0; i
< len
; i
++)
783 log_write (_("WARNING: keylen=%i, truncated to %i."), len
, i
);
788 hexgrip
= bin2hex (crypto
->grip
, 20);
789 crypto
->agent
->inquire_cb
= inquire_cb
;
790 crypto
->agent
->inquire_data
= &idata
;
791 idata
.crypto
= crypto
;
792 idata
.line
= (char *) key
, idata
.len
= len
;
794 assuan_begin_confidential (crypto
->agent
->ctx
);
795 rc
= send_to_agent (crypto
->agent
, NULL
, NULL
,
796 "PRESET_PASSPHRASE --inquire %s -1", hexgrip
);
797 assuan_end_confidential (crypto
->agent
->ctx
);
804 set_pinentry_mode (struct agent_s
* agent
, const char *mode
)
806 return set_agent_option (agent
, "pinentry-mode", mode
);
810 get_pubkey_bin (struct crypto_s
* crypto
, const unsigned char *grip
,
811 gcry_sexp_t
* result
)
813 char *hexgrip
= bin2hex (grip
, 20);
817 return GPG_ERR_ENOMEM
;
819 rc
= get_pubkey (crypto
, hexgrip
, result
);
825 get_pubkey (struct crypto_s
* crypto
, const char *grip
, gcry_sexp_t
* result
)
831 rc
= send_to_agent (crypto
->agent
, &pkey
, &plen
, "READKEY %s", grip
);
833 rc
= gcry_sexp_new (result
, pkey
, plen
, 1);
840 agent_set_pinentry_options (struct agent_s
* agent
)
843 struct pinentry_option_s
*opts
= &agent
->pinentry_opts
;
845 if (!opts
->display
&& getenv ("DISPLAY"))
847 rc
= set_agent_option (agent
, "display", getenv ("DISPLAY"));
850 opts
->display
= str_dup (getenv ("DISPLAY"));
853 else if (!opts
->ttyname
&& ttyname (STDOUT_FILENO
))
855 rc
= set_agent_option (agent
, "ttyname", ttyname (STDOUT_FILENO
));
858 rc
= set_agent_option (agent
, "ttytype",
859 opts
->ttytype
? opts
->ttytype
: getenv ("TERM"));
862 xfree (opts
->ttyname
);
863 xfree (opts
->ttytype
);
864 opts
->ttyname
= str_dup (ttyname (STDOUT_FILENO
));
865 opts
->ttytype
= str_dup (getenv ("TERM"));
874 inquire_keyfile (void *user
, const char *keyword
)
876 struct crypto_s
*crypto
= user
;
877 char *filename
= crypto
->agent
->inquire_data2
;
878 char *params
= crypto
->agent
->inquire_data3
;
885 if (!strcmp (keyword
, "KEYPARAM"))
886 return assuan_send_data (crypto
->agent
->ctx
, params
, strlen (params
));
888 // This function is only used when generating a new keypair.
889 if (strcmp (keyword
, "NEW_PASSPHRASE"))
890 return gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE
);
892 if (stat (filename
, &st
) == -1)
893 return gpg_error_from_syserror ();
895 if (crypto
->agent
->inquire_maxlen
896 && st
.st_size
> crypto
->agent
->inquire_maxlen
)
898 log_write (_("The passphrase is too large: have=%u, max=%u."),
899 (unsigned) st
.st_size
, crypto
->agent
->inquire_maxlen
);
900 return GPG_ERR_TOO_LARGE
;
903 buf
= gcry_malloc_secure (st
.st_size
);
905 return GPG_ERR_ENOMEM
;
907 fd
= open (filename
, O_RDONLY
);
909 rc
= gpg_error_from_syserror ();
912 len
= read (fd
, buf
, st
.st_size
);
913 if (len
== st
.st_size
)
915 assuan_begin_confidential (crypto
->agent
->ctx
);
916 rc
= assuan_send_data (crypto
->agent
->ctx
, buf
, len
);
917 assuan_end_confidential (crypto
->agent
->ctx
);
920 rc
= gpg_error_from_syserror ();
922 rc
= GPG_ERR_BUFFER_TOO_SHORT
;
931 agent_export_common (struct crypto_s
* crypto
, const char *hexgrip
,
932 const char *sign_hexgrip
, int no_passphrase
,
933 const void *data
, size_t datalen
, const char *outfile
,
934 const char *keyparams
, const char *keyfile
)
938 if (!sign_hexgrip
&& hexgrip
)
939 sign_hexgrip
= hexgrip
;
943 if (crypto
->sigpkey_sexp
)
944 gcry_sexp_release (crypto
->sigpkey_sexp
);
946 crypto
->sigpkey_sexp
= NULL
;
947 rc
= get_pubkey (crypto
, sign_hexgrip
, &crypto
->save
.sigpkey
);
951 gcry_pk_get_keygrip (crypto
->save
.sigpkey
, crypto
->sign_grip
);
956 rc
= get_pubkey (crypto
, hexgrip
, &crypto
->save
.pkey
);
958 gcry_pk_get_keygrip (crypto
->save
.pkey
, crypto
->grip
);
962 struct inquire_data_s idata
= { 0 };
963 char *params
= keyparams
? str_dup (keyparams
)
964 : default_key_params (crypto
);
966 pthread_cleanup_push (xfree
, params
);
967 log_write (_("Generating a new keypair ..."));
970 log_write (_("Using passphrase obtained from file '%s'"), keyfile
);
971 rc
= set_pinentry_mode (crypto
->agent
, "loopback");
972 crypto
->agent
->inquire_cb
= inquire_keyfile
;
973 crypto
->agent
->inquire_data
= crypto
;
974 crypto
->agent
->inquire_data2
= (char *) keyfile
;
975 crypto
->agent
->inquire_data3
= params
;
980 idata
.len
= strlen (params
);
981 idata
.crypto
= crypto
;
982 crypto
->agent
->inquire_cb
= inquire_cb
;
983 crypto
->agent
->inquire_data
= &idata
;
988 rc
= generate_key (crypto
, params
, no_passphrase
, 1);
989 gcry_pk_get_keygrip (crypto
->save
.pkey
, crypto
->grip
);
992 (void) set_pinentry_mode (crypto
->agent
, "ask");
993 pthread_cleanup_pop (1);
998 rc
= encrypt_data_file (NULL
, crypto
, crypto
->save
.pkey
,
999 crypto
->save
.sigpkey
, outfile
, data
, datalen
);
1002 char *tmp
= bin2hex (crypto
->grip
, sizeof (crypto
->grip
));
1004 log_write (_("Success! Keygrip is %s."), tmp
);
1005 rc
= send_to_agent (crypto
->agent
, NULL
, NULL
,
1006 "CLEAR_PASSPHRASE --mode=normal %s", tmp
);
1011 tmp
= bin2hex (crypto
->sign_grip
, sizeof (crypto
->sign_grip
));
1012 log_write (_("Signed with keygrip %s."), tmp
);
1022 default_key_params (struct crypto_s
*crypto
)
1024 int len
= config_get_integer (NULL
, "nbits");
1026 char *algo
= config_get_string (NULL
, "algo");
1029 snprintf (buf
, sizeof (buf
), "%i", len
);
1030 result
= str_asprintf ("(genkey (%s (nbits %lu:%i)))", algo
, strlen (buf
),
1037 agent_passwd (struct crypto_s
* crypto
)
1039 struct inquire_data_s idata
= { 0 };
1041 char *tmp
= bin2hex (crypto
->grip
, 20);
1043 idata
.crypto
= crypto
;
1044 crypto
->agent
->inquire_cb
= inquire_cb
;
1045 crypto
->agent
->inquire_data
= &idata
;
1046 rc
= send_to_agent (crypto
->agent
, NULL
, NULL
, "PASSWD --preset %s", tmp
);
1052 kill_scd (struct agent_s
* agent
)
1059 if (config_get_boolean (NULL
, "kill_scd"))
1061 rc
= send_to_agent (agent
, NULL
, NULL
, "SCD KILLSCD");
1062 if (rc
&& gpg_err_code (rc
) != GPG_ERR_NO_SCDAEMON
)
1063 log_write ("%s: %s", __FUNCTION__
, pwmd_strerror (rc
));