Bug#365327: libcamel1.2-6: Evolution hangs when accessing GPG keys from a SmartCard

[Tilman Koschnick]

Package: libcamel1.2-6
Version: 1.4.2.1-2
Severity: normal
Tags: patch

Hi,

Evolution currently doesn't know how to handle GPG keys that are stored
on a smartcard device. See
<http://www.gnupg.org/(en)/howtos/card-howto/en/smartcard-howto.html>
for a description of how to use smartcards.

gpg sends slightly different status messages when dealing with keys on
card rather than on disk.

A decryption session with an on-disk key:

gpg: armor header: Version: GnuPG v1.4.1 (GNU/Linux)
gpg: public key is F7619739
[GNUPG:] ENC_TO C6D28EC0F7619739 16 0
gpg: using subkey F7619739 instead of primary key E6AB2957
[GNUPG:] USERID_HINT C6D28EC0F7619739 Tilman Koschnick <[EMAIL PROTECTED]>
[GNUPG:] NEED_PASSPHRASE C6D28EC0F7619739 AD4EE47FE6AB2957 16 0
gpg: using subkey F7619739 instead of primary key E6AB2957
[GNUPG:] GET_HIDDEN passphrase.enter
************************
[GNUPG:] GOT_IT
[GNUPG:] GOOD_PASSPHRASE
gpg: NOTE: key has been revoked
gpg: encrypted with 2048-bit ELG-E key, ID F7619739, created 2004-09-02
      "Tilman Koschnick <[EMAIL PROTECTED]>"
[GNUPG:] BEGIN_DECRYPTION
gpg: AES256 encrypted data
gpg: original file name=''
[GNUPG:] PLAINTEXT 62 1145882071
[GNUPG:] DECRYPTION_OKAY
[GNUPG:] GOODMDC
[GNUPG:] END_DECRYPTION

A decryption session with an on-card key:

gpg: public key is 151CC8CF
[GNUPG:] ENC_TO E34C72B0151CC8CF 1 0
gpg: using subkey 151CC8CF instead of primary key E6AB2957
gpg: reader slot 0: using ccid driver
gpg: slot 0: ATR=3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90
00 B1
gpg: AID: D2 76 00 01 24 01 01 01 00 01 00 00 08 DE 00 00
[GNUPG:] CARDCTRL 3 D2760001240101010001000008DE0000
[GNUPG:] NEED_PASSPHRASE_PIN OPENPGP 1
[GNUPG:] GET_HIDDEN passphrase.pin.ask
***********************
[GNUPG:] GOT_IT
gpg: using subkey 151CC8CF instead of primary key E6AB2957
gpg: encrypted with 1024-bit RSA key, ID 151CC8CF, created 2006-04-28
      "Tilman Koschnick <[EMAIL PROTECTED]>"
[GNUPG:] BEGIN_DECRYPTION
gpg: AES256 encrypted data
gpg: original file name='evolution.log'
[GNUPG:] PLAINTEXT 62 1146267806 evolution.log
[GNUPG:] PLAINTEXT_LENGTH 11448510
[GNUPG:] DECRYPTION_OKAY
[GNUPG:] GOODMDC
[GNUPG:] END_DECRYPTION

The crucial lines are 

[GNUPG:] NEED_PASSPHRASE C6D28EC0F7619739 AD4EE47FE6AB2957 16 0
[GNUPG:] GET_HIDDEN passphrase.enter

vs.

[GNUPG:] NEED_PASSPHRASE_PIN OPENPGP 1
[GNUPG:] GET_HIDDEN passphrase.pin.ask

The attached patch was done against evolution-data-server-1.4.2.1, but
at least applies cleanly against evolution-data-server-1.7.1 as well.
The approach is a bit simplistic - copy & paste, change some strings -
but works.

Cheers, Til


-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages libcamel1.2-6 depends on:
ii  libc6         2.3.6-7                    GNU C Library: Shared libraries
hi  libcamel1.2-6 1.4.2.1-2                  The Evolution MIME message handlin
ii  libcomerr2    1.38+1.39-WIP-2006.04.09-1 common error description library
ii  libedataserve 1.4.2.1-2                  Utility library for evolution data
ii  libegroupwise 1.4.2.1-2                  Client library for accessing group
ii  libglib2.0-0  2.10.2-1                   The GLib library of C routines
ii  libgnutls11   1.0.16-14+b1               GNU TLS library - runtime library
ii  libkrb53      1.4.3-6                    MIT Kerberos runtime libraries
ii  libnss3       2:1.7.12-1.1               Network Security Service Libraries
ii  libsoup2.2-8  2.2.92-1                   an HTTP library implementation in 
ii  libxml2       2.6.23.dfsg.2-3            GNOME XML library
ii  zlib1g        1:1.2.3-11                 compression library - runtime

libcamel1.2-6 recommends no packages.

--- camel-gpg-context.c.orig	2005-09-02 16:37:43.000000000 +0200
+++ camel-gpg-context.c	2006-04-29 10:58:19.580018429 +0200
@@ -775,6 +775,20 @@
 		
 		g_free (gpg->need_id);
 		gpg->need_id = userid;
+	} else if (!strncmp (status, "NEED_PASSPHRASE_PIN ", 20)) {
+		char *userid;
+		
+		status += 20;
+		
+		status = next_token (status, &userid);
+		if (!userid) {
+			camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM,
+					     _("Failed to parse gpg passphrase request."));
+			return -1;
+		}
+		
+		g_free (gpg->need_id);
+		gpg->need_id = userid;
 	} else if (!strncmp (status, "GET_HIDDEN passphrase.enter", 27)) {
 		char *prompt, *passwd;
 		const char *name;
@@ -809,6 +823,40 @@
 		g_free (passwd);
 		
 		gpg->send_passwd = TRUE;
+	} else if (!strncmp (status, "GET_HIDDEN passphrase.pin.ask", 29)) {
+		char *prompt, *passwd;
+		const char *name;
+		
+		name = g_hash_table_lookup (gpg->userid_hint, gpg->need_id);
+		if (!name)
+			name = gpg->need_id;
+		
+		prompt = g_strdup_printf (_("You need a PIN to unlock the key on\n"
+					    "SmartCard: \"%s\""), name);
+		
+		if ((passwd = camel_session_get_password (gpg->session, NULL, NULL, prompt,  gpg->need_id, CAMEL_SESSION_PASSWORD_SECRET, ex)) && !gpg->utf8) {
+			char *opasswd = passwd;
+			
+			if ((passwd = g_locale_to_utf8 (passwd, -1, &nread, &nwritten, NULL))) {
+				memset (opasswd, 0, strlen (opasswd));
+				g_free (opasswd);
+			} else {
+				passwd = opasswd;
+			}
+		}
+		g_free (prompt);
+		
+		if (passwd == NULL) {
+			if (!camel_exception_is_set (ex))
+				camel_exception_set (ex, CAMEL_EXCEPTION_USER_CANCEL, _("Cancelled."));
+			return -1;
+		}
+		
+		gpg->passwd = g_strdup_printf ("%s\n", passwd);
+		memset (passwd, 0, strlen (passwd));
+		g_free (passwd);
+		
+		gpg->send_passwd = TRUE;
 	} else if (!strncmp (status, "GOOD_PASSPHRASE", 15)) {
 		gpg->bad_passwds = 0;
 	} else if (!strncmp (status, "BAD_PASSPHRASE", 14)) {