summaryrefslogtreecommitdiffstats
path: root/tools/gpg-card.h
blob: fc01684b030265dde74d997a03886acc9485f7cc (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
/* gpg-card.h - Common definitions for the gpg-card-tool
 * Copyright (C) 2019, 2020 g10 Code GmbH
 *
 * This file is part of GnuPG.
 *
 * This file is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This file is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, see <https://gnu.org/licenses/>.
 * SPDX-License-Identifier: GPL-3.0-or-later
 */

#ifndef GNUPG_GPG_CARD_H
#define GNUPG_GPG_CARD_H

#include "../common/session-env.h"


/* We keep all global options in the structure OPT.  */
EXTERN_UNLESS_MAIN_MODULE
struct
{
  int interactive;
  int verbose;
  unsigned int debug;
  int quiet;
  int with_colons;
  const char *gpg_program;
  const char *gpgsm_program;
  const char *agent_program;
  int autostart;

  int no_key_lookup;  /* Assume --no-key-lookup for "list".  */

  /* Options passed to the gpg-agent: */
  session_env_t session_env;
  char *lc_ctype;
  char *lc_messages;

} opt;

/* Debug values and macros.  */
#define DBG_IPC_VALUE      1024 /* Debug assuan communication.  */
#define DBG_EXTPROG_VALUE 16384 /* Debug external program calls */

#define DBG_IPC       (opt.debug & DBG_IPC_VALUE)
#define DBG_EXTPROG   (opt.debug & DBG_EXTPROG_VALUE)

/* The maximum length of a binary fingerprint.  */
#define MAX_FINGERPRINT_LEN  32


/*
 * Data structures to store keyblocks (aka certificates).
 */
struct pubkey_s
{
  struct pubkey_s *next;   /* The next key.  */
  unsigned char grip[KEYGRIP_LEN];
  unsigned char fpr[MAX_FINGERPRINT_LEN];
  unsigned char fprlen;     /* The used length of a FPR.  */
  time_t created;           /* The creation date of the key.  */
  unsigned int grip_valid:1;/* The grip is valid.  */
  unsigned int requested: 1;/* This is the requested grip.  */
};
typedef struct pubkey_s *pubkey_t;

struct userid_s
{
  struct userid_s *next;
  char *value;   /* Malloced.  */
};
typedef struct userid_s *userid_t;

struct keyblock_s
{
  struct keyblock_s *next;  /* Allow to link several keyblocks.  */
  int protocol;      /* GPGME_PROTOCOL_OPENPGP or _CMS. */
  pubkey_t keys;     /* The key.  For OpenPGP primary + list of subkeys.  */
  userid_t uids;     /* The list of user ids.  */
};
typedef struct keyblock_s *keyblock_t;



/* Enumeration of the known card application types. */
typedef enum
  {
   APP_TYPE_NONE,        /* Not yet known or for direct APDU sending.  */
   APP_TYPE_OPENPGP,
   APP_TYPE_NKS,
   APP_TYPE_DINSIG,
   APP_TYPE_P15,
   APP_TYPE_GELDKARTE,
   APP_TYPE_SC_HSM,
   APP_TYPE_PIV,
   APP_TYPE_UNKNOWN      /* Unknown by this tool.  */
  } app_type_t;


/* An object to store information pertaining to a key pair as stored
 * on a card.  This is commonly used as a linked list with all keys
 * known for the current card.  */
struct key_info_s
{
  struct key_info_s *next;

  unsigned char grip[20];/* The keygrip.  */

  unsigned char xflag;   /* Temporary flag to help processing a list. */

  /* OpenPGP card and possible other cards keyalgo string (an atom)
   * and the id of the algorithm. */
  const char *keyalgo;
  enum gcry_pk_algos keyalgo_id;

  /* The three next items are mostly useful for OpenPGP cards.  */
  unsigned char fprlen;  /* Use length of the next item.  */
  unsigned char fpr[32]; /* The binary fingerprint of length FPRLEN.  */
  u32 created;           /* The time the key was created.  */
  unsigned int usage;    /* Usage flags.  (GCRY_PK_USAGE_*) */
  char keyref[1];        /* String with the keyref (e.g. OPENPGP.1).  */
};
typedef struct key_info_s *key_info_t;


/*
 * The object used to store information about a card.
 */
struct card_info_s
{
  int initialized;   /* True if a learn command was successful. */
  int error;         /* private. */
  char *reader;      /* Reader information.  */
  char *cardtype;    /* NULL or type of the card.  */
  unsigned int cardversion; /* Firmware version of the card.  */
  char *apptypestr;  /* Malloced application type string.  */
  app_type_t apptype;/* Translated from APPTYPESTR.  */
  unsigned int appversion; /* Version of the application.  */
  unsigned int manufacturer_id;
  char *manufacturer_name; /* malloced. */
  char *serialno;    /* malloced hex string. */
  char *dispserialno;/* malloced string. */
  char *disp_name;   /* malloced. */
  char *disp_lang;   /* malloced. */
  int  disp_sex;     /* 0 = unspecified, 1 = male, 2 = female */
  char *pubkey_url;  /* malloced. */
  char *login_data;  /* malloced. */
  char *private_do[4]; /* malloced. */
  char cafpr1len;     /* Length of the CA-fingerprint or 0 if invalid.  */
  char cafpr2len;
  char cafpr3len;
  char cafpr1[20];
  char cafpr2[20];
  char cafpr3[20];
  key_info_t kinfo;  /* Linked list with all keypair related data.  */
  unsigned long sig_counter;
  int chv1_cached;   /* For openpgp this is true if a PIN is not
                        required for each signing.  Note that the
                        gpg-agent might cache it anyway. */
  int is_v2;         /* True if this is a v2 openpgp card.  */
  int chvmaxlen[4];  /* Maximum allowed length of a CHV. */
  int chvinfo[4];    /* Allowed retries for the CHV; 0 = blocked. */
  unsigned char chvusage[2]; /* Data object 5F2F */
  struct {
    unsigned int ki:1;     /* Key import available.  */
    unsigned int aac:1;    /* Algorithm attributes are changeable.  */
    unsigned int kdf:1;    /* KDF object to support PIN hashing available.  */
    unsigned int bt:1;     /* Button for confirmation available.  */
  } extcap;
  unsigned int status_indicator;
  int kdf_do_enabled;      /* True if card has a KDF object.  */
  int uif[3];              /* True if User Interaction Flag is on.  */
};
typedef struct card_info_s *card_info_t;


/*-- card-keys.c --*/
void release_keyblock (keyblock_t keyblock);
void flush_keyblock_cache (void);
gpg_error_t get_matching_keys (const unsigned char *keygrip, int protocol,
                               keyblock_t *r_keyblock);
gpg_error_t test_get_matching_keys (const char *hexgrip);


/*-- card-misc.c --*/
key_info_t find_kinfo (card_info_t info, const char *keyref);
void *hex_to_buffer (const char *string, size_t *r_length);
gpg_error_t send_apdu (const char *hexapdu, const char *desc,
                       unsigned int ignore,
                       unsigned char **r_data, size_t *r_datalen);

/*-- card-call-scd.c --*/
void release_card_info (card_info_t info);
const char *app_type_string (app_type_t app_type);

gpg_error_t scd_apdu (const char *hexapdu, unsigned int *r_sw,
                      unsigned char **r_data, size_t *r_datalen);

gpg_error_t scd_switchcard (const char *serialno);
gpg_error_t scd_switchapp (const char *appname);

gpg_error_t scd_learn (card_info_t info);
gpg_error_t scd_getattr (const char *name, struct card_info_s *info);
gpg_error_t scd_setattr (const char *name,
                         const unsigned char *value, size_t valuelen);
gpg_error_t scd_writecert (const char *certidstr,
                           const unsigned char *certdata, size_t certdatalen);
gpg_error_t scd_writekey (const char *keyref, int force, const char *keygrip);
gpg_error_t scd_genkey (const char *keyref, int force, const char *algo,
                        u32 *createtime);
gpg_error_t scd_serialno (char **r_serialno, const char *demand);

gpg_error_t scd_readcert (const char *certidstr,
                          void **r_buf, size_t *r_buflen);
gpg_error_t scd_readkey (const char *keyrefstr, gcry_sexp_t *r_result);
gpg_error_t scd_cardlist (strlist_t *result);
gpg_error_t scd_applist (strlist_t *result, int all);
gpg_error_t scd_change_pin (const char *pinref, int reset_mode);
gpg_error_t scd_checkpin (const char *serialno);

unsigned long agent_get_s2k_count (void);

/*-- card-yubikey.c --*/
gpg_error_t yubikey_commands (card_info_t info,
                              estream_t fp, int argc, char *argv[]);


#endif /*GNUPG_GPG_CARD_H*/