2003-07-23 09:11:06 +02:00
|
|
|
|
/* card-util.c - Utility functions for the OpenPGP card.
|
2014-11-04 16:28:03 +01:00
|
|
|
|
* Copyright (C) 2003-2005, 2009 Free Software Foundation, Inc.
|
|
|
|
|
* Copyright (C) 2003-2005, 2009 Werner Koch
|
2003-07-23 09:11:06 +02:00
|
|
|
|
*
|
|
|
|
|
* This file is part of GnuPG.
|
|
|
|
|
*
|
|
|
|
|
* GnuPG is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
2007-07-04 21:49:40 +02:00
|
|
|
|
* the Free Software Foundation; either version 3 of the License, or
|
2003-07-23 09:11:06 +02:00
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* GnuPG is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
2016-11-05 12:02:19 +01:00
|
|
|
|
* along with this program; if not, see <https://www.gnu.org/licenses/>.
|
2003-07-23 09:11:06 +02:00
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <errno.h>
|
2009-08-05 15:48:23 +02:00
|
|
|
|
#ifdef HAVE_LIBREADLINE
|
|
|
|
|
# define GNUPG_LIBREADLINE_H_INCLUDED
|
|
|
|
|
# include <readline/readline.h>
|
|
|
|
|
#endif /*HAVE_LIBREADLINE*/
|
2003-07-23 09:11:06 +02:00
|
|
|
|
|
2003-10-02 12:27:34 +02:00
|
|
|
|
#if GNUPG_MAJOR_VERSION != 1
|
2006-05-23 18:19:43 +02:00
|
|
|
|
# include "gpg.h"
|
2006-04-19 13:26:11 +02:00
|
|
|
|
#endif /*GNUPG_MAJOR_VERSION != 1*/
|
2017-03-07 12:21:23 +01:00
|
|
|
|
#include "../common/util.h"
|
|
|
|
|
#include "../common/i18n.h"
|
|
|
|
|
#include "../common/ttyio.h"
|
|
|
|
|
#include "../common/status.h"
|
2003-07-23 09:11:06 +02:00
|
|
|
|
#include "options.h"
|
|
|
|
|
#include "main.h"
|
2004-10-22 11:41:01 +02:00
|
|
|
|
#include "keyserver-internal.h"
|
2009-08-05 15:48:23 +02:00
|
|
|
|
|
2003-10-02 12:27:34 +02:00
|
|
|
|
#if GNUPG_MAJOR_VERSION == 1
|
2006-05-23 18:19:43 +02:00
|
|
|
|
# include "cardglue.h"
|
2006-04-19 13:26:11 +02:00
|
|
|
|
#else /*GNUPG_MAJOR_VERSION!=1*/
|
2006-05-23 18:19:43 +02:00
|
|
|
|
# include "call-agent.h"
|
2006-04-19 13:26:11 +02:00
|
|
|
|
#endif /*GNUPG_MAJOR_VERSION!=1*/
|
2003-07-23 09:11:06 +02:00
|
|
|
|
|
2003-09-18 17:51:18 +02:00
|
|
|
|
#define CONTROL_D ('D' - 'A' + 1)
|
|
|
|
|
|
2003-07-23 09:11:06 +02:00
|
|
|
|
|
2009-06-09 21:11:28 +02:00
|
|
|
|
static void
|
|
|
|
|
write_sc_op_status (gpg_error_t err)
|
|
|
|
|
{
|
|
|
|
|
switch (gpg_err_code (err))
|
|
|
|
|
{
|
|
|
|
|
case 0:
|
|
|
|
|
write_status (STATUS_SC_OP_SUCCESS);
|
|
|
|
|
break;
|
|
|
|
|
#if GNUPG_MAJOR_VERSION != 1
|
|
|
|
|
case GPG_ERR_CANCELED:
|
2010-10-13 17:57:08 +02:00
|
|
|
|
case GPG_ERR_FULLY_CANCELED:
|
2009-06-09 21:11:28 +02:00
|
|
|
|
write_status_text (STATUS_SC_OP_FAILURE, "1");
|
|
|
|
|
break;
|
|
|
|
|
case GPG_ERR_BAD_PIN:
|
|
|
|
|
write_status_text (STATUS_SC_OP_FAILURE, "2");
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
write_status (STATUS_SC_OP_FAILURE);
|
|
|
|
|
break;
|
|
|
|
|
#endif /* GNUPG_MAJOR_VERSION != 1 */
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2017-02-20 22:19:50 +01:00
|
|
|
|
/* Change the PIN of an OpenPGP card. This is an interactive
|
2003-07-23 09:11:06 +02:00
|
|
|
|
function. */
|
|
|
|
|
void
|
2008-09-25 12:06:02 +02:00
|
|
|
|
change_pin (int unblock_v2, int allow_admin)
|
2003-07-23 09:11:06 +02:00
|
|
|
|
{
|
|
|
|
|
struct agent_card_info_s info;
|
|
|
|
|
int rc;
|
|
|
|
|
|
2015-04-03 10:39:59 +02:00
|
|
|
|
rc = agent_scd_learn (&info, 0);
|
2003-07-23 09:11:06 +02:00
|
|
|
|
if (rc)
|
|
|
|
|
{
|
|
|
|
|
log_error (_("OpenPGP card not available: %s\n"),
|
|
|
|
|
gpg_strerror (rc));
|
|
|
|
|
return;
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2003-07-23 09:11:06 +02:00
|
|
|
|
log_info (_("OpenPGP card no. %s detected\n"),
|
|
|
|
|
info.serialno? info.serialno : "[none]");
|
|
|
|
|
|
|
|
|
|
if (opt.batch)
|
|
|
|
|
{
|
2006-04-19 13:26:11 +02:00
|
|
|
|
agent_release_card_info (&info);
|
|
|
|
|
log_error (_("can't do this in batch mode\n"));
|
2003-07-23 09:11:06 +02:00
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2008-09-25 12:06:02 +02:00
|
|
|
|
|
|
|
|
|
if (unblock_v2)
|
|
|
|
|
{
|
|
|
|
|
if (!info.is_v2)
|
|
|
|
|
log_error (_("This command is only available for version 2 cards\n"));
|
|
|
|
|
else if (!info.chvretry[1])
|
|
|
|
|
log_error (_("Reset Code not or not anymore available\n"));
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
rc = agent_scd_change_pin (2, info.serialno);
|
2009-06-09 21:11:28 +02:00
|
|
|
|
write_sc_op_status (rc);
|
2008-09-25 12:06:02 +02:00
|
|
|
|
if (rc)
|
|
|
|
|
tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc));
|
|
|
|
|
else
|
2009-06-09 21:11:28 +02:00
|
|
|
|
tty_printf ("PIN changed.\n");
|
2008-09-25 12:06:02 +02:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else if (!allow_admin)
|
2003-07-23 09:11:06 +02:00
|
|
|
|
{
|
2006-04-19 13:26:11 +02:00
|
|
|
|
rc = agent_scd_change_pin (1, info.serialno);
|
2009-06-09 21:11:28 +02:00
|
|
|
|
write_sc_op_status (rc);
|
2004-10-22 11:41:01 +02:00
|
|
|
|
if (rc)
|
|
|
|
|
tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc));
|
|
|
|
|
else
|
2009-06-09 21:11:28 +02:00
|
|
|
|
tty_printf ("PIN changed.\n");
|
2003-07-23 09:11:06 +02:00
|
|
|
|
}
|
2004-10-22 11:41:01 +02:00
|
|
|
|
else
|
|
|
|
|
for (;;)
|
|
|
|
|
{
|
|
|
|
|
char *answer;
|
|
|
|
|
|
|
|
|
|
tty_printf ("\n");
|
|
|
|
|
tty_printf ("1 - change PIN\n"
|
|
|
|
|
"2 - unblock PIN\n"
|
|
|
|
|
"3 - change Admin PIN\n"
|
2008-09-25 12:06:02 +02:00
|
|
|
|
"4 - set the Reset Code\n"
|
2004-10-22 11:41:01 +02:00
|
|
|
|
"Q - quit\n");
|
|
|
|
|
tty_printf ("\n");
|
|
|
|
|
|
|
|
|
|
answer = cpr_get("cardutil.change_pin.menu",_("Your selection? "));
|
|
|
|
|
cpr_kill_prompt();
|
|
|
|
|
if (strlen (answer) != 1)
|
2021-05-20 10:13:51 +02:00
|
|
|
|
{
|
|
|
|
|
xfree (answer);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2004-10-22 11:41:01 +02:00
|
|
|
|
|
|
|
|
|
if (*answer == '1')
|
|
|
|
|
{
|
2008-09-25 12:06:02 +02:00
|
|
|
|
/* Change PIN. */
|
2006-04-19 13:26:11 +02:00
|
|
|
|
rc = agent_scd_change_pin (1, info.serialno);
|
2009-06-09 21:11:28 +02:00
|
|
|
|
write_sc_op_status (rc);
|
2004-10-22 11:41:01 +02:00
|
|
|
|
if (rc)
|
|
|
|
|
tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc));
|
|
|
|
|
else
|
2009-06-09 21:11:28 +02:00
|
|
|
|
tty_printf ("PIN changed.\n");
|
2004-10-22 11:41:01 +02:00
|
|
|
|
}
|
|
|
|
|
else if (*answer == '2')
|
|
|
|
|
{
|
2008-09-25 12:06:02 +02:00
|
|
|
|
/* Unblock PIN. */
|
2006-04-19 13:26:11 +02:00
|
|
|
|
rc = agent_scd_change_pin (101, info.serialno);
|
2009-06-09 21:11:28 +02:00
|
|
|
|
write_sc_op_status (rc);
|
2004-10-22 11:41:01 +02:00
|
|
|
|
if (rc)
|
|
|
|
|
tty_printf ("Error unblocking the PIN: %s\n", gpg_strerror (rc));
|
|
|
|
|
else
|
2009-06-09 21:11:28 +02:00
|
|
|
|
tty_printf ("PIN unblocked and new PIN set.\n");
|
2006-04-19 13:26:11 +02:00
|
|
|
|
}
|
2004-10-22 11:41:01 +02:00
|
|
|
|
else if (*answer == '3')
|
|
|
|
|
{
|
2008-09-25 12:06:02 +02:00
|
|
|
|
/* Change Admin PIN. */
|
2006-04-19 13:26:11 +02:00
|
|
|
|
rc = agent_scd_change_pin (3, info.serialno);
|
2009-06-09 21:11:28 +02:00
|
|
|
|
write_sc_op_status (rc);
|
2004-10-22 11:41:01 +02:00
|
|
|
|
if (rc)
|
|
|
|
|
tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc));
|
|
|
|
|
else
|
2009-06-09 21:11:28 +02:00
|
|
|
|
tty_printf ("PIN changed.\n");
|
2004-10-22 11:41:01 +02:00
|
|
|
|
}
|
2008-09-25 12:06:02 +02:00
|
|
|
|
else if (*answer == '4')
|
|
|
|
|
{
|
|
|
|
|
/* Set a new Reset Code. */
|
|
|
|
|
rc = agent_scd_change_pin (102, info.serialno);
|
2009-06-09 21:11:28 +02:00
|
|
|
|
write_sc_op_status (rc);
|
2008-09-25 12:06:02 +02:00
|
|
|
|
if (rc)
|
2011-02-04 12:57:53 +01:00
|
|
|
|
tty_printf ("Error setting the Reset Code: %s\n",
|
2008-09-25 12:06:02 +02:00
|
|
|
|
gpg_strerror (rc));
|
|
|
|
|
else
|
2009-06-09 21:11:28 +02:00
|
|
|
|
tty_printf ("Reset Code set.\n");
|
2008-09-25 12:06:02 +02:00
|
|
|
|
}
|
2004-10-22 11:41:01 +02:00
|
|
|
|
else if (*answer == 'q' || *answer == 'Q')
|
|
|
|
|
{
|
2021-05-20 10:13:51 +02:00
|
|
|
|
xfree (answer);
|
2004-10-22 11:41:01 +02:00
|
|
|
|
break;
|
|
|
|
|
}
|
2021-05-20 10:13:51 +02:00
|
|
|
|
xfree (answer);
|
2004-10-22 11:41:01 +02:00
|
|
|
|
}
|
2006-04-19 13:26:11 +02:00
|
|
|
|
|
|
|
|
|
agent_release_card_info (&info);
|
2003-07-23 09:11:06 +02:00
|
|
|
|
}
|
|
|
|
|
|
2003-07-24 11:06:43 +02:00
|
|
|
|
|
|
|
|
|
static void
|
2018-08-27 16:57:04 +02:00
|
|
|
|
print_shax_fpr (estream_t fp, const unsigned char *fpr, unsigned int fprlen)
|
2003-07-24 11:06:43 +02:00
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
if (fpr)
|
|
|
|
|
{
|
2018-08-27 16:57:04 +02:00
|
|
|
|
/* FIXME: Fix formatting for FPRLEN != 20 */
|
|
|
|
|
for (i=0; i < fprlen ; i+=2, fpr += 2 )
|
2003-07-24 11:06:43 +02:00
|
|
|
|
{
|
|
|
|
|
if (i == 10 )
|
2003-09-18 17:51:18 +02:00
|
|
|
|
tty_fprintf (fp, " ");
|
|
|
|
|
tty_fprintf (fp, " %02X%02X", *fpr, fpr[1]);
|
2003-07-24 11:06:43 +02:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
2003-09-18 17:51:18 +02:00
|
|
|
|
tty_fprintf (fp, " [none]");
|
|
|
|
|
tty_fprintf (fp, "\n");
|
2003-07-24 11:06:43 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2003-09-24 10:31:16 +02:00
|
|
|
|
static void
|
2018-08-27 16:57:04 +02:00
|
|
|
|
print_shax_fpr_colon (estream_t fp,
|
|
|
|
|
const unsigned char *fpr, unsigned int fprlen)
|
2003-09-24 10:31:16 +02:00
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
if (fpr)
|
|
|
|
|
{
|
2018-08-27 16:57:04 +02:00
|
|
|
|
for (i=0; i < fprlen ; i++, fpr++)
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_fprintf (fp, "%02X", *fpr);
|
2003-09-24 10:31:16 +02:00
|
|
|
|
}
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_putc (':', fp);
|
2003-09-24 10:31:16 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2018-03-01 19:03:23 +01:00
|
|
|
|
static void
|
|
|
|
|
print_keygrip (estream_t fp, const unsigned char *grp)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
if (opt.with_keygrip)
|
|
|
|
|
{
|
|
|
|
|
tty_fprintf (fp, " keygrip ....: ");
|
|
|
|
|
for (i=0; i < 20 ; i++, grp++)
|
2018-11-06 07:28:43 +01:00
|
|
|
|
tty_fprintf (fp, "%02X", *grp);
|
2018-03-01 19:03:23 +01:00
|
|
|
|
tty_fprintf (fp, "\n");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2003-07-24 11:06:43 +02:00
|
|
|
|
static void
|
2010-03-15 12:15:45 +01:00
|
|
|
|
print_name (estream_t fp, const char *text, const char *name)
|
2003-07-24 11:06:43 +02:00
|
|
|
|
{
|
2003-12-17 13:26:56 +01:00
|
|
|
|
tty_fprintf (fp, "%s", text);
|
2003-07-24 11:06:43 +02:00
|
|
|
|
|
2003-09-24 10:31:16 +02:00
|
|
|
|
/* FIXME: tty_printf_utf8_string2 eats everything after and
|
2003-09-18 17:51:18 +02:00
|
|
|
|
including an @ - e.g. when printing an url. */
|
2003-07-24 11:06:43 +02:00
|
|
|
|
if (name && *name)
|
2003-09-18 17:51:18 +02:00
|
|
|
|
{
|
|
|
|
|
if (fp)
|
2010-03-15 12:15:45 +01:00
|
|
|
|
print_utf8_buffer2 (fp, name, strlen (name), '\n');
|
2003-09-18 17:51:18 +02:00
|
|
|
|
else
|
2014-03-27 12:59:55 +01:00
|
|
|
|
tty_print_utf8_string2 (NULL, name, strlen (name), 0);
|
2003-09-18 17:51:18 +02:00
|
|
|
|
}
|
2003-07-24 11:06:43 +02:00
|
|
|
|
else
|
2003-09-18 17:51:18 +02:00
|
|
|
|
tty_fprintf (fp, _("[not set]"));
|
|
|
|
|
tty_fprintf (fp, "\n");
|
2003-07-24 11:06:43 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2010-03-15 12:15:45 +01:00
|
|
|
|
print_isoname (estream_t fp, const char *text,
|
|
|
|
|
const char *tag, const char *name)
|
2003-07-24 11:06:43 +02:00
|
|
|
|
{
|
2003-09-24 10:31:16 +02:00
|
|
|
|
if (opt.with_colons)
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_fprintf (fp, "%s:", tag);
|
2003-09-24 10:31:16 +02:00
|
|
|
|
else
|
2003-12-17 13:26:56 +01:00
|
|
|
|
tty_fprintf (fp, "%s", text);
|
2003-07-24 11:06:43 +02:00
|
|
|
|
|
|
|
|
|
if (name && *name)
|
|
|
|
|
{
|
|
|
|
|
char *p, *given, *buf = xstrdup (name);
|
|
|
|
|
|
|
|
|
|
given = strstr (buf, "<<");
|
|
|
|
|
for (p=buf; *p; p++)
|
|
|
|
|
if (*p == '<')
|
|
|
|
|
*p = ' ';
|
|
|
|
|
if (given && given[2])
|
|
|
|
|
{
|
|
|
|
|
*given = 0;
|
|
|
|
|
given += 2;
|
2003-09-24 10:31:16 +02:00
|
|
|
|
if (opt.with_colons)
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_write_sanitized (fp, given, strlen (given), ":", NULL);
|
2003-09-24 10:31:16 +02:00
|
|
|
|
else if (fp)
|
2010-03-15 12:15:45 +01:00
|
|
|
|
print_utf8_buffer2 (fp, given, strlen (given), '\n');
|
2003-09-18 17:51:18 +02:00
|
|
|
|
else
|
2014-03-27 12:59:55 +01:00
|
|
|
|
tty_print_utf8_string2 (NULL, given, strlen (given), 0);
|
2003-09-24 10:31:16 +02:00
|
|
|
|
|
|
|
|
|
if (opt.with_colons)
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_putc (':', fp);
|
2003-09-24 10:31:16 +02:00
|
|
|
|
else if (*buf)
|
2003-09-18 17:51:18 +02:00
|
|
|
|
tty_fprintf (fp, " ");
|
2003-07-24 11:06:43 +02:00
|
|
|
|
}
|
2003-09-24 10:31:16 +02:00
|
|
|
|
|
|
|
|
|
if (opt.with_colons)
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_write_sanitized (fp, buf, strlen (buf), ":", NULL);
|
2003-09-24 10:31:16 +02:00
|
|
|
|
else if (fp)
|
2010-03-15 12:15:45 +01:00
|
|
|
|
print_utf8_buffer2 (fp, buf, strlen (buf), '\n');
|
2003-09-18 17:51:18 +02:00
|
|
|
|
else
|
2014-03-27 12:59:55 +01:00
|
|
|
|
tty_print_utf8_string2 (NULL, buf, strlen (buf), 0);
|
2003-07-24 11:06:43 +02:00
|
|
|
|
xfree (buf);
|
|
|
|
|
}
|
|
|
|
|
else
|
2003-09-24 10:31:16 +02:00
|
|
|
|
{
|
|
|
|
|
if (opt.with_colons)
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_putc (':', fp);
|
2003-09-24 10:31:16 +02:00
|
|
|
|
else
|
|
|
|
|
tty_fprintf (fp, _("[not set]"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (opt.with_colons)
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_fputs (":\n", fp);
|
2003-09-24 10:31:16 +02:00
|
|
|
|
else
|
|
|
|
|
tty_fprintf (fp, "\n");
|
2003-07-24 11:06:43 +02:00
|
|
|
|
}
|
|
|
|
|
|
2003-10-08 12:46:58 +02:00
|
|
|
|
/* Return true if the SHA1 fingerprint FPR consists only of zeroes. */
|
|
|
|
|
static int
|
2018-08-27 16:57:04 +02:00
|
|
|
|
fpr_is_zero (const char *fpr, unsigned int fprlen)
|
2003-10-08 12:46:58 +02:00
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
|
2018-08-27 16:57:04 +02:00
|
|
|
|
for (i=0; i < fprlen && !fpr[i]; i++)
|
2003-10-08 12:46:58 +02:00
|
|
|
|
;
|
2018-08-27 16:57:04 +02:00
|
|
|
|
return (i == fprlen);
|
2003-10-08 12:46:58 +02:00
|
|
|
|
}
|
|
|
|
|
|
2003-07-24 11:06:43 +02:00
|
|
|
|
|
2018-08-27 16:57:04 +02:00
|
|
|
|
/* Return true if the fingerprint FPR consists only of 0xFF. */
|
2008-09-23 11:57:45 +02:00
|
|
|
|
static int
|
2018-08-27 16:57:04 +02:00
|
|
|
|
fpr_is_ff (const char *fpr, unsigned int fprlen)
|
2008-09-23 11:57:45 +02:00
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
|
2018-08-27 16:57:04 +02:00
|
|
|
|
for (i=0; i < fprlen && fpr[i] == '\xff'; i++)
|
2008-09-23 11:57:45 +02:00
|
|
|
|
;
|
2018-08-27 16:57:04 +02:00
|
|
|
|
return (i == fprlen);
|
2008-09-23 11:57:45 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2022-01-18 08:03:27 +01:00
|
|
|
|
static void
|
|
|
|
|
print_a_version (estream_t fp, const char *prefix, unsigned int value)
|
|
|
|
|
{
|
|
|
|
|
unsigned int a, b, c, d;
|
|
|
|
|
a = ((value >> 24) & 0xff);
|
|
|
|
|
b = ((value >> 16) & 0xff);
|
|
|
|
|
c = ((value >> 8) & 0xff);
|
|
|
|
|
d = ((value ) & 0xff);
|
|
|
|
|
|
|
|
|
|
if (a)
|
|
|
|
|
tty_fprintf (fp, "%s %u.%u.%u.%u\n", prefix, a, b, c, d);
|
|
|
|
|
else if (b)
|
|
|
|
|
tty_fprintf (fp, "%s %u.%u.%u\n", prefix, b, c, d);
|
|
|
|
|
else if (c)
|
|
|
|
|
tty_fprintf (fp, "%s %u.%u\n", prefix, c, d);
|
|
|
|
|
else
|
|
|
|
|
tty_fprintf (fp, "%s %u\n", prefix, d);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2003-07-24 11:06:43 +02:00
|
|
|
|
/* Print all available information about the current card. */
|
2017-03-27 07:02:01 +02:00
|
|
|
|
static void
|
2017-03-31 20:03:52 +02:00
|
|
|
|
current_card_status (ctrl_t ctrl, estream_t fp,
|
|
|
|
|
char *serialno, size_t serialnobuflen)
|
2003-07-24 11:06:43 +02:00
|
|
|
|
{
|
|
|
|
|
struct agent_card_info_s info;
|
|
|
|
|
PKT_public_key *pk = xcalloc (1, sizeof *pk);
|
2015-05-07 12:01:12 +02:00
|
|
|
|
kbnode_t keyblock = NULL;
|
2003-07-24 11:06:43 +02:00
|
|
|
|
int rc;
|
2003-09-24 10:31:16 +02:00
|
|
|
|
unsigned int uval;
|
2006-04-19 13:26:11 +02:00
|
|
|
|
const unsigned char *thefpr;
|
2018-08-27 16:57:04 +02:00
|
|
|
|
unsigned int thefprlen;
|
2006-04-19 13:26:11 +02:00
|
|
|
|
int i;
|
2020-04-03 10:00:57 +02:00
|
|
|
|
char *pesc;
|
2003-07-24 11:06:43 +02:00
|
|
|
|
|
2003-10-21 19:12:21 +02:00
|
|
|
|
if (serialno && serialnobuflen)
|
|
|
|
|
*serialno = 0;
|
|
|
|
|
|
2015-04-03 10:39:59 +02:00
|
|
|
|
rc = agent_scd_learn (&info, 0);
|
2003-07-24 11:06:43 +02:00
|
|
|
|
if (rc)
|
|
|
|
|
{
|
2003-09-24 10:31:16 +02:00
|
|
|
|
if (opt.with_colons)
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_fputs ("AID:::\n", fp);
|
|
|
|
|
log_error (_("OpenPGP card not available: %s\n"), gpg_strerror (rc));
|
2003-09-22 22:43:25 +02:00
|
|
|
|
xfree (pk);
|
2003-07-24 11:06:43 +02:00
|
|
|
|
return;
|
|
|
|
|
}
|
2003-09-24 10:31:16 +02:00
|
|
|
|
|
2015-11-09 08:15:44 +01:00
|
|
|
|
if (opt.with_colons)
|
|
|
|
|
es_fprintf (fp, "Reader:%s:", info.reader? info.reader : "");
|
|
|
|
|
else
|
|
|
|
|
tty_fprintf (fp, "Reader ...........: %s\n",
|
|
|
|
|
info.reader? info.reader : "[none]");
|
2003-09-24 10:31:16 +02:00
|
|
|
|
if (opt.with_colons)
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_fprintf (fp, "AID:%s:", info.serialno? info.serialno : "");
|
2003-09-24 10:31:16 +02:00
|
|
|
|
else
|
|
|
|
|
tty_fprintf (fp, "Application ID ...: %s\n",
|
|
|
|
|
info.serialno? info.serialno : "[none]");
|
2011-02-04 12:57:53 +01:00
|
|
|
|
if (!info.serialno || strncmp (info.serialno, "D27600012401", 12)
|
2003-07-24 11:06:43 +02:00
|
|
|
|
|| strlen (info.serialno) != 32 )
|
|
|
|
|
{
|
2019-04-01 19:24:33 +02:00
|
|
|
|
const char *name1, *name2;
|
2022-08-16 11:21:39 +02:00
|
|
|
|
if (info.apptype && !ascii_strcasecmp (info.apptype, "openpgp"))
|
2020-10-26 05:49:23 +01:00
|
|
|
|
goto openpgp;
|
2022-08-16 11:21:39 +02:00
|
|
|
|
else if (info.apptype && !ascii_strcasecmp (info.apptype, "NKS"))
|
2009-01-13 15:01:56 +01:00
|
|
|
|
{
|
2019-04-01 19:24:33 +02:00
|
|
|
|
name1 = "netkey";
|
|
|
|
|
name2 = "NetKey";
|
2009-01-13 15:01:56 +01:00
|
|
|
|
}
|
2022-08-16 11:21:39 +02:00
|
|
|
|
else if (info.apptype && !ascii_strcasecmp (info.apptype, "DINSIG"))
|
2009-01-13 15:01:56 +01:00
|
|
|
|
{
|
2019-04-01 19:24:33 +02:00
|
|
|
|
name1 = "dinsig";
|
|
|
|
|
name2 = "DINSIG";
|
2009-01-13 15:01:56 +01:00
|
|
|
|
}
|
2022-08-16 11:21:39 +02:00
|
|
|
|
else if (info.apptype && !ascii_strcasecmp (info.apptype, "P15"))
|
2009-01-13 15:01:56 +01:00
|
|
|
|
{
|
2019-04-01 19:24:33 +02:00
|
|
|
|
name1 = "pkcs15";
|
|
|
|
|
name2 = "PKCS#15";
|
2009-01-13 15:01:56 +01:00
|
|
|
|
}
|
2022-08-16 11:21:39 +02:00
|
|
|
|
else if (info.apptype && !ascii_strcasecmp (info.apptype, "GELDKARTE"))
|
2009-01-27 12:30:02 +01:00
|
|
|
|
{
|
2019-04-01 19:24:33 +02:00
|
|
|
|
name1 = "geldkarte";
|
|
|
|
|
name2 = "Geldkarte";
|
|
|
|
|
}
|
2022-08-16 11:21:39 +02:00
|
|
|
|
else if (info.apptype && !ascii_strcasecmp (info.apptype, "PIV"))
|
2019-04-01 19:24:33 +02:00
|
|
|
|
{
|
|
|
|
|
name1 = "piv";
|
|
|
|
|
name2 = "PIV";
|
2009-01-27 12:30:02 +01:00
|
|
|
|
}
|
2009-01-13 15:01:56 +01:00
|
|
|
|
else
|
|
|
|
|
{
|
2019-04-01 19:24:33 +02:00
|
|
|
|
name1 = "unknown";
|
|
|
|
|
name2 = "Unknown";
|
2009-01-13 15:01:56 +01:00
|
|
|
|
}
|
2019-04-01 19:24:33 +02:00
|
|
|
|
|
|
|
|
|
if (opt.with_colons)
|
|
|
|
|
es_fprintf (fp, "%s-card:\n", name1);
|
|
|
|
|
else
|
|
|
|
|
tty_fprintf (fp, "Application type .: %s\n", name2);
|
|
|
|
|
|
2003-07-24 11:06:43 +02:00
|
|
|
|
agent_release_card_info (&info);
|
2003-09-22 22:43:25 +02:00
|
|
|
|
xfree (pk);
|
|
|
|
|
return;
|
2003-07-24 11:06:43 +02:00
|
|
|
|
}
|
2020-10-26 05:49:23 +01:00
|
|
|
|
openpgp:
|
2003-10-21 19:12:21 +02:00
|
|
|
|
if (!serialno)
|
|
|
|
|
;
|
2017-03-15 08:50:48 +01:00
|
|
|
|
else if (strlen (info.serialno)+1 > serialnobuflen)
|
2003-10-21 19:12:21 +02:00
|
|
|
|
log_error ("serial number longer than expected\n");
|
2011-02-04 12:57:53 +01:00
|
|
|
|
else
|
2003-10-21 19:12:21 +02:00
|
|
|
|
strcpy (serialno, info.serialno);
|
|
|
|
|
|
2003-09-24 10:31:16 +02:00
|
|
|
|
if (opt.with_colons)
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_fputs ("openpgp-card:\n", fp);
|
2019-04-01 19:24:33 +02:00
|
|
|
|
else
|
|
|
|
|
tty_fprintf (fp, "Application type .: %s\n", "OpenPGP");
|
2003-09-24 10:31:16 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (opt.with_colons)
|
|
|
|
|
{
|
2022-01-18 08:03:27 +01:00
|
|
|
|
if (info.appversion)
|
|
|
|
|
es_fprintf (fp, "version:%02u%02u:\n",
|
|
|
|
|
(info.appversion >> 8) & 0xff,
|
|
|
|
|
info.appversion & 0xff);
|
|
|
|
|
else
|
|
|
|
|
es_fprintf (fp, "version:%.4s:\n", info.serialno+12);
|
2003-09-24 10:31:16 +02:00
|
|
|
|
uval = xtoi_2(info.serialno+16)*256 + xtoi_2 (info.serialno+18);
|
2020-04-03 10:00:57 +02:00
|
|
|
|
pesc = (info.manufacturer_name
|
|
|
|
|
? percent_escape (info.manufacturer_name, NULL) : NULL);
|
|
|
|
|
es_fprintf (fp, "vendor:%04x:%s:\n", uval, pesc? pesc:"");
|
|
|
|
|
xfree (pesc);
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_fprintf (fp, "serial:%.8s:\n", info.serialno+20);
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2003-09-24 10:31:16 +02:00
|
|
|
|
print_isoname (fp, "Name of cardholder: ", "name", info.disp_name);
|
|
|
|
|
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_fputs ("lang:", fp);
|
2003-09-24 10:31:16 +02:00
|
|
|
|
if (info.disp_lang)
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_write_sanitized (fp, info.disp_lang, strlen (info.disp_lang),
|
|
|
|
|
":", NULL);
|
|
|
|
|
es_fputs (":\n", fp);
|
2003-09-24 10:31:16 +02:00
|
|
|
|
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_fprintf (fp, "sex:%c:\n", (info.disp_sex == 1? 'm':
|
2003-09-24 10:31:16 +02:00
|
|
|
|
info.disp_sex == 2? 'f' : 'u'));
|
|
|
|
|
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_fputs ("url:", fp);
|
2003-09-24 10:31:16 +02:00
|
|
|
|
if (info.pubkey_url)
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_write_sanitized (fp, info.pubkey_url, strlen (info.pubkey_url),
|
|
|
|
|
":", NULL);
|
|
|
|
|
es_fputs (":\n", fp);
|
2003-09-24 10:31:16 +02:00
|
|
|
|
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_fputs ("login:", fp);
|
2003-09-24 10:31:16 +02:00
|
|
|
|
if (info.login_data)
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_write_sanitized (fp, info.login_data, strlen (info.login_data),
|
|
|
|
|
":", NULL);
|
|
|
|
|
es_fputs (":\n", fp);
|
2003-09-24 10:31:16 +02:00
|
|
|
|
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_fprintf (fp, "forcepin:%d:::\n", !info.chv1_cached);
|
2009-05-15 21:26:46 +02:00
|
|
|
|
for (i=0; i < DIM (info.key_attr); i++)
|
2016-10-21 07:15:05 +02:00
|
|
|
|
if (info.key_attr[i].algo == PUBKEY_ALGO_RSA)
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_fprintf (fp, "keyattr:%d:%d:%u:\n", i+1,
|
|
|
|
|
info.key_attr[i].algo, info.key_attr[i].nbits);
|
2015-07-25 05:09:23 +02:00
|
|
|
|
else if (info.key_attr[i].algo == PUBKEY_ALGO_ECDH
|
|
|
|
|
|| info.key_attr[i].algo == PUBKEY_ALGO_ECDSA
|
|
|
|
|
|| info.key_attr[i].algo == PUBKEY_ALGO_EDDSA)
|
|
|
|
|
es_fprintf (fp, "keyattr:%d:%d:%s:\n", i+1,
|
|
|
|
|
info.key_attr[i].algo, info.key_attr[i].curve);
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_fprintf (fp, "maxpinlen:%d:%d:%d:\n",
|
|
|
|
|
info.chvmaxlen[0], info.chvmaxlen[1], info.chvmaxlen[2]);
|
|
|
|
|
es_fprintf (fp, "pinretry:%d:%d:%d:\n",
|
|
|
|
|
info.chvretry[0], info.chvretry[1], info.chvretry[2]);
|
|
|
|
|
es_fprintf (fp, "sigcount:%lu:::\n", info.sig_counter);
|
2018-11-15 05:31:12 +01:00
|
|
|
|
if (info.extcap.kdf)
|
|
|
|
|
{
|
2019-07-19 06:26:49 +02:00
|
|
|
|
const char *setup;
|
|
|
|
|
|
|
|
|
|
if (info.kdf_do_enabled == 0)
|
|
|
|
|
setup = "off";
|
|
|
|
|
else if (info.kdf_do_enabled == 1)
|
|
|
|
|
setup = "single";
|
|
|
|
|
else
|
|
|
|
|
setup = "on";
|
|
|
|
|
|
|
|
|
|
es_fprintf (fp, "kdf:%s:\n", setup);
|
2018-11-15 05:31:12 +01:00
|
|
|
|
}
|
2018-11-15 05:57:31 +01:00
|
|
|
|
if (info.extcap.bt)
|
|
|
|
|
{
|
|
|
|
|
es_fprintf (fp, "uif:%d:%d:%d:\n",
|
|
|
|
|
info.uif[0], info.uif[1], info.uif[2]);
|
|
|
|
|
}
|
2003-09-24 10:31:16 +02:00
|
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
|
for (i=0; i < 4; i++)
|
|
|
|
|
{
|
|
|
|
|
if (info.private_do[i])
|
|
|
|
|
{
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_fprintf (fp, "private_do:%d:", i+1);
|
|
|
|
|
es_write_sanitized (fp, info.private_do[i],
|
|
|
|
|
strlen (info.private_do[i]), ":", NULL);
|
|
|
|
|
es_fputs (":\n", fp);
|
2006-04-19 13:26:11 +02:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_fputs ("cafpr:", fp);
|
2018-08-27 16:57:04 +02:00
|
|
|
|
print_shax_fpr_colon (fp, info.cafpr1len? info.cafpr1:NULL,
|
|
|
|
|
info.cafpr2len);
|
|
|
|
|
print_shax_fpr_colon (fp, info.cafpr2len? info.cafpr2:NULL,
|
|
|
|
|
info.cafpr2len);
|
|
|
|
|
print_shax_fpr_colon (fp, info.cafpr3len? info.cafpr3:NULL,
|
|
|
|
|
info.cafpr3len);
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_putc ('\n', fp);
|
|
|
|
|
es_fputs ("fpr:", fp);
|
2018-08-27 16:57:04 +02:00
|
|
|
|
print_shax_fpr_colon (fp, info.fpr1len? info.fpr1:NULL, info.fpr1len);
|
|
|
|
|
print_shax_fpr_colon (fp, info.fpr2len? info.fpr2:NULL, info.fpr2len);
|
|
|
|
|
print_shax_fpr_colon (fp, info.fpr3len? info.fpr3:NULL, info.fpr3len);
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_putc ('\n', fp);
|
|
|
|
|
es_fprintf (fp, "fprtime:%lu:%lu:%lu:\n",
|
2006-04-19 13:26:11 +02:00
|
|
|
|
(unsigned long)info.fpr1time, (unsigned long)info.fpr2time,
|
|
|
|
|
(unsigned long)info.fpr3time);
|
2018-03-01 19:03:23 +01:00
|
|
|
|
es_fputs ("grp:", fp);
|
2018-08-27 16:57:04 +02:00
|
|
|
|
print_shax_fpr_colon (fp, info.grp1, sizeof info.grp1);
|
|
|
|
|
print_shax_fpr_colon (fp, info.grp2, sizeof info.grp2);
|
|
|
|
|
print_shax_fpr_colon (fp, info.grp3, sizeof info.grp3);
|
2018-03-01 19:03:23 +01:00
|
|
|
|
es_putc ('\n', fp);
|
2003-09-24 10:31:16 +02:00
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
else
|
2003-09-24 10:31:16 +02:00
|
|
|
|
{
|
2022-01-18 08:03:27 +01:00
|
|
|
|
if (info.appversion)
|
|
|
|
|
print_a_version (fp, "Version ..........:", info.appversion);
|
|
|
|
|
else
|
|
|
|
|
tty_fprintf (fp, "Version ..........: %.1s%c.%.1s%c\n",
|
2003-09-24 10:31:16 +02:00
|
|
|
|
info.serialno[12] == '0'?"":info.serialno+12,
|
|
|
|
|
info.serialno[13],
|
|
|
|
|
info.serialno[14] == '0'?"":info.serialno+14,
|
|
|
|
|
info.serialno[15]);
|
2011-02-04 12:57:53 +01:00
|
|
|
|
tty_fprintf (fp, "Manufacturer .....: %s\n",
|
2020-04-03 10:00:57 +02:00
|
|
|
|
info.manufacturer_name? info.manufacturer_name : "?");
|
2003-09-24 10:31:16 +02:00
|
|
|
|
tty_fprintf (fp, "Serial number ....: %.8s\n", info.serialno+20);
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2003-09-24 10:31:16 +02:00
|
|
|
|
print_isoname (fp, "Name of cardholder: ", "name", info.disp_name);
|
|
|
|
|
print_name (fp, "Language prefs ...: ", info.disp_lang);
|
2017-11-15 11:34:30 +01:00
|
|
|
|
tty_fprintf (fp, "Salutation .......: %s\n",
|
|
|
|
|
info.disp_sex == 1? _("Mr."):
|
2019-08-22 10:23:22 +02:00
|
|
|
|
info.disp_sex == 2? _("Ms.") : "");
|
2003-09-24 10:31:16 +02:00
|
|
|
|
print_name (fp, "URL of public key : ", info.pubkey_url);
|
|
|
|
|
print_name (fp, "Login data .......: ", info.login_data);
|
2006-04-19 13:26:11 +02:00
|
|
|
|
if (info.private_do[0])
|
|
|
|
|
print_name (fp, "Private DO 1 .....: ", info.private_do[0]);
|
|
|
|
|
if (info.private_do[1])
|
|
|
|
|
print_name (fp, "Private DO 2 .....: ", info.private_do[1]);
|
|
|
|
|
if (info.private_do[2])
|
|
|
|
|
print_name (fp, "Private DO 3 .....: ", info.private_do[2]);
|
|
|
|
|
if (info.private_do[3])
|
|
|
|
|
print_name (fp, "Private DO 4 .....: ", info.private_do[3]);
|
2018-08-27 16:57:04 +02:00
|
|
|
|
if (info.cafpr1len)
|
2004-07-01 19:42:09 +02:00
|
|
|
|
{
|
|
|
|
|
tty_fprintf (fp, "CA fingerprint %d .:", 1);
|
2018-08-27 16:57:04 +02:00
|
|
|
|
print_shax_fpr (fp, info.cafpr1, info.cafpr1len);
|
2004-07-01 19:42:09 +02:00
|
|
|
|
}
|
2018-08-27 16:57:04 +02:00
|
|
|
|
if (info.cafpr2len)
|
2004-07-01 19:42:09 +02:00
|
|
|
|
{
|
|
|
|
|
tty_fprintf (fp, "CA fingerprint %d .:", 2);
|
2018-08-27 16:57:04 +02:00
|
|
|
|
print_shax_fpr (fp, info.cafpr2, info.cafpr2len);
|
2004-07-01 19:42:09 +02:00
|
|
|
|
}
|
2018-08-27 16:57:04 +02:00
|
|
|
|
if (info.cafpr3len)
|
2004-07-01 19:42:09 +02:00
|
|
|
|
{
|
|
|
|
|
tty_fprintf (fp, "CA fingerprint %d .:", 3);
|
2018-08-27 16:57:04 +02:00
|
|
|
|
print_shax_fpr (fp, info.cafpr3, info.cafpr3len);
|
2004-07-01 19:42:09 +02:00
|
|
|
|
}
|
2003-09-24 10:31:16 +02:00
|
|
|
|
tty_fprintf (fp, "Signature PIN ....: %s\n",
|
2003-09-30 19:34:38 +02:00
|
|
|
|
info.chv1_cached? _("not forced"): _("forced"));
|
2009-05-15 21:26:46 +02:00
|
|
|
|
if (info.key_attr[0].algo)
|
|
|
|
|
{
|
|
|
|
|
tty_fprintf (fp, "Key attributes ...:");
|
|
|
|
|
for (i=0; i < DIM (info.key_attr); i++)
|
2015-07-25 05:09:23 +02:00
|
|
|
|
if (info.key_attr[i].algo == PUBKEY_ALGO_RSA)
|
|
|
|
|
tty_fprintf (fp, " rsa%u", info.key_attr[i].nbits);
|
|
|
|
|
else if (info.key_attr[i].algo == PUBKEY_ALGO_ECDH
|
|
|
|
|
|| info.key_attr[i].algo == PUBKEY_ALGO_ECDSA
|
|
|
|
|
|| info.key_attr[i].algo == PUBKEY_ALGO_EDDSA)
|
2016-10-24 04:22:44 +02:00
|
|
|
|
{
|
|
|
|
|
const char *curve_for_print = "?";
|
|
|
|
|
|
|
|
|
|
if (info.key_attr[i].curve)
|
|
|
|
|
{
|
|
|
|
|
const char *oid;
|
2020-02-11 14:38:03 +01:00
|
|
|
|
oid = openpgp_curve_to_oid (info.key_attr[i].curve,
|
|
|
|
|
NULL, NULL);
|
2016-10-24 04:22:44 +02:00
|
|
|
|
if (oid)
|
|
|
|
|
curve_for_print = openpgp_oid_to_curve (oid, 0);
|
|
|
|
|
}
|
|
|
|
|
tty_fprintf (fp, " %s", curve_for_print);
|
|
|
|
|
}
|
2009-05-15 21:26:46 +02:00
|
|
|
|
tty_fprintf (fp, "\n");
|
|
|
|
|
}
|
2003-09-24 10:31:16 +02:00
|
|
|
|
tty_fprintf (fp, "Max. PIN lengths .: %d %d %d\n",
|
|
|
|
|
info.chvmaxlen[0], info.chvmaxlen[1], info.chvmaxlen[2]);
|
|
|
|
|
tty_fprintf (fp, "PIN retry counter : %d %d %d\n",
|
|
|
|
|
info.chvretry[0], info.chvretry[1], info.chvretry[2]);
|
|
|
|
|
tty_fprintf (fp, "Signature counter : %lu\n", info.sig_counter);
|
2018-11-15 04:19:02 +01:00
|
|
|
|
if (info.extcap.kdf)
|
|
|
|
|
{
|
2019-07-19 06:26:49 +02:00
|
|
|
|
const char *setup;
|
|
|
|
|
|
|
|
|
|
if (info.kdf_do_enabled == 0)
|
|
|
|
|
setup = "off";
|
|
|
|
|
else if (info.kdf_do_enabled == 1)
|
|
|
|
|
setup = "single";
|
|
|
|
|
else
|
|
|
|
|
setup = "on";
|
|
|
|
|
|
|
|
|
|
tty_fprintf (fp, "KDF setting ......: %s\n", setup);
|
2018-11-15 04:19:02 +01:00
|
|
|
|
}
|
2018-11-15 05:57:31 +01:00
|
|
|
|
if (info.extcap.bt)
|
|
|
|
|
{
|
|
|
|
|
tty_fprintf (fp, "UIF setting ......: Sign=%s Decrypt=%s Auth=%s\n",
|
|
|
|
|
info.uif[0] ? "on" : "off", info.uif[1] ? "on" : "off",
|
|
|
|
|
info.uif[2] ? "on" : "off");
|
|
|
|
|
}
|
2003-09-24 10:31:16 +02:00
|
|
|
|
tty_fprintf (fp, "Signature key ....:");
|
2018-08-27 16:57:04 +02:00
|
|
|
|
print_shax_fpr (fp, info.fpr1len? info.fpr1:NULL, info.fpr1len);
|
|
|
|
|
if (info.fpr1len && info.fpr1time)
|
2018-03-01 19:03:23 +01:00
|
|
|
|
{
|
|
|
|
|
tty_fprintf (fp, " created ....: %s\n",
|
|
|
|
|
isotimestamp (info.fpr1time));
|
|
|
|
|
print_keygrip (fp, info.grp1);
|
|
|
|
|
}
|
2003-09-24 10:31:16 +02:00
|
|
|
|
tty_fprintf (fp, "Encryption key....:");
|
2018-08-27 16:57:04 +02:00
|
|
|
|
print_shax_fpr (fp, info.fpr2len? info.fpr2:NULL, info.fpr2len);
|
|
|
|
|
if (info.fpr2len && info.fpr2time)
|
2018-03-01 19:03:23 +01:00
|
|
|
|
{
|
|
|
|
|
tty_fprintf (fp, " created ....: %s\n",
|
|
|
|
|
isotimestamp (info.fpr2time));
|
|
|
|
|
print_keygrip (fp, info.grp2);
|
|
|
|
|
}
|
2003-09-24 10:31:16 +02:00
|
|
|
|
tty_fprintf (fp, "Authentication key:");
|
2018-08-27 16:57:04 +02:00
|
|
|
|
print_shax_fpr (fp, info.fpr3len? info.fpr3:NULL, info.fpr3len);
|
|
|
|
|
if (info.fpr3len && info.fpr3time)
|
2018-03-01 19:03:23 +01:00
|
|
|
|
{
|
|
|
|
|
tty_fprintf (fp, " created ....: %s\n",
|
|
|
|
|
isotimestamp (info.fpr3time));
|
2018-04-25 02:37:21 +02:00
|
|
|
|
print_keygrip (fp, info.grp3);
|
2018-03-01 19:03:23 +01:00
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
tty_fprintf (fp, "General key info..: ");
|
2006-04-19 13:26:11 +02:00
|
|
|
|
|
2018-08-27 16:57:04 +02:00
|
|
|
|
thefpr = (info.fpr1len? info.fpr1 : info.fpr2len? info.fpr2 :
|
|
|
|
|
info.fpr3len? info.fpr3 : NULL);
|
|
|
|
|
thefprlen = (info.fpr1len? info.fpr1len : info.fpr2len? info.fpr2len :
|
|
|
|
|
info.fpr3len? info.fpr3len : 0);
|
2018-10-24 21:56:18 +02:00
|
|
|
|
/* If the fingerprint is all 0xff, the key has no associated
|
2008-09-23 11:57:45 +02:00
|
|
|
|
OpenPGP certificate. */
|
2018-08-27 16:57:04 +02:00
|
|
|
|
if ( thefpr && !fpr_is_ff (thefpr, thefprlen)
|
|
|
|
|
&& !get_pubkey_byfprint (ctrl, pk, &keyblock, thefpr, thefprlen))
|
2006-04-19 13:26:11 +02:00
|
|
|
|
{
|
2019-05-21 12:54:47 +02:00
|
|
|
|
print_key_info (ctrl, fp, 0, pk, 0);
|
|
|
|
|
print_card_key_info (fp, keyblock);
|
2006-04-19 13:26:11 +02:00
|
|
|
|
}
|
2003-09-24 10:31:16 +02:00
|
|
|
|
else
|
2003-09-26 13:03:08 +02:00
|
|
|
|
tty_fprintf (fp, "[none]\n");
|
2003-09-24 10:31:16 +02:00
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2015-05-07 12:01:12 +02:00
|
|
|
|
release_kbnode (keyblock);
|
2003-07-24 11:06:43 +02:00
|
|
|
|
free_public_key (pk);
|
|
|
|
|
agent_release_card_info (&info);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2017-03-27 07:02:01 +02:00
|
|
|
|
/* Print all available information for specific card with SERIALNO.
|
|
|
|
|
Print all available information for current card when SERIALNO is NULL.
|
2018-03-16 03:27:33 +01:00
|
|
|
|
Or print for all cards when SERIALNO is "all". */
|
2017-03-27 07:02:01 +02:00
|
|
|
|
void
|
2017-03-31 20:03:52 +02:00
|
|
|
|
card_status (ctrl_t ctrl, estream_t fp, const char *serialno)
|
2017-03-27 07:02:01 +02:00
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
strlist_t card_list, sl;
|
2020-10-26 12:49:21 +01:00
|
|
|
|
char *serialno0 = NULL;
|
2017-03-27 07:02:01 +02:00
|
|
|
|
int all_cards = 0;
|
2019-04-01 19:24:33 +02:00
|
|
|
|
int any_card = 0;
|
2017-03-27 07:02:01 +02:00
|
|
|
|
|
|
|
|
|
if (serialno == NULL)
|
|
|
|
|
{
|
2017-03-31 20:03:52 +02:00
|
|
|
|
current_card_status (ctrl, fp, NULL, 0);
|
2017-03-27 07:02:01 +02:00
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!strcmp (serialno, "all"))
|
|
|
|
|
all_cards = 1;
|
|
|
|
|
|
|
|
|
|
err = agent_scd_serialno (&serialno0, NULL);
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
if (gpg_err_code (err) != GPG_ERR_ENODEV && opt.verbose)
|
|
|
|
|
log_info (_("error getting serial number of card: %s\n"),
|
|
|
|
|
gpg_strerror (err));
|
|
|
|
|
/* Nothing available. */
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = agent_scd_cardlist (&card_list);
|
|
|
|
|
|
|
|
|
|
for (sl = card_list; sl; sl = sl->next)
|
|
|
|
|
{
|
|
|
|
|
if (!all_cards && strcmp (serialno, sl->d))
|
|
|
|
|
continue;
|
|
|
|
|
|
2019-04-01 19:24:33 +02:00
|
|
|
|
if (any_card && !opt.with_colons)
|
|
|
|
|
tty_fprintf (fp, "\n");
|
|
|
|
|
any_card = 1;
|
|
|
|
|
|
2020-11-20 07:35:27 +01:00
|
|
|
|
err = agent_scd_serialno (NULL, sl->d);
|
2017-03-27 07:02:01 +02:00
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
if (opt.verbose)
|
|
|
|
|
log_info (_("error getting serial number of card: %s\n"),
|
|
|
|
|
gpg_strerror (err));
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-31 20:03:52 +02:00
|
|
|
|
current_card_status (ctrl, fp, NULL, 0);
|
2017-03-27 07:02:01 +02:00
|
|
|
|
|
|
|
|
|
if (!all_cards)
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Select the original card again. */
|
2020-11-20 07:35:27 +01:00
|
|
|
|
err = agent_scd_serialno (NULL, serialno0);
|
2017-03-27 07:02:01 +02:00
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
xfree (serialno0);
|
|
|
|
|
free_strlist (card_list);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2003-09-18 17:51:18 +02:00
|
|
|
|
static char *
|
|
|
|
|
get_one_name (const char *prompt1, const char *prompt2)
|
|
|
|
|
{
|
|
|
|
|
char *name;
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
for (;;)
|
|
|
|
|
{
|
|
|
|
|
name = cpr_get (prompt1, prompt2);
|
|
|
|
|
if (!name)
|
|
|
|
|
return NULL;
|
|
|
|
|
trim_spaces (name);
|
|
|
|
|
cpr_kill_prompt ();
|
|
|
|
|
for (i=0; name[i] && name[i] >= ' ' && name[i] <= 126; i++)
|
|
|
|
|
;
|
|
|
|
|
|
|
|
|
|
/* The name must be in Latin-1 and not UTF-8 - lacking the code
|
|
|
|
|
to ensure this we restrict it to ASCII. */
|
|
|
|
|
if (name[i])
|
|
|
|
|
tty_printf (_("Error: Only plain ASCII is currently allowed.\n"));
|
|
|
|
|
else if (strchr (name, '<'))
|
|
|
|
|
tty_printf (_("Error: The \"<\" character may not be used.\n"));
|
|
|
|
|
else if (strstr (name, " "))
|
2011-02-04 12:57:53 +01:00
|
|
|
|
tty_printf (_("Error: Double spaces are not allowed.\n"));
|
2003-09-18 17:51:18 +02:00
|
|
|
|
else
|
|
|
|
|
return name;
|
|
|
|
|
xfree (name);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
change_name (void)
|
|
|
|
|
{
|
|
|
|
|
char *surname = NULL, *givenname = NULL;
|
2021-08-19 14:08:14 +02:00
|
|
|
|
char *isoname = NULL;
|
|
|
|
|
char *p;
|
2003-09-18 17:51:18 +02:00
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
|
|
surname = get_one_name ("keygen.smartcard.surname",
|
|
|
|
|
_("Cardholder's surname: "));
|
|
|
|
|
givenname = get_one_name ("keygen.smartcard.givenname",
|
|
|
|
|
_("Cardholder's given name: "));
|
|
|
|
|
if (!surname || !givenname || (!*surname && !*givenname))
|
|
|
|
|
{
|
|
|
|
|
xfree (surname);
|
|
|
|
|
xfree (givenname);
|
2021-08-19 14:08:14 +02:00
|
|
|
|
rc = gpg_error (GPG_ERR_CANCELED);
|
|
|
|
|
goto leave;
|
2003-09-18 17:51:18 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
isoname = xmalloc ( strlen (surname) + 2 + strlen (givenname) + 1);
|
|
|
|
|
strcpy (stpcpy (stpcpy (isoname, surname), "<<"), givenname);
|
|
|
|
|
xfree (surname);
|
|
|
|
|
xfree (givenname);
|
|
|
|
|
for (p=isoname; *p; p++)
|
|
|
|
|
if (*p == ' ')
|
|
|
|
|
*p = '<';
|
|
|
|
|
|
2004-04-26 20:26:54 +02:00
|
|
|
|
if (strlen (isoname) > 39 )
|
|
|
|
|
{
|
|
|
|
|
tty_printf (_("Error: Combined name too long "
|
2011-02-04 12:57:53 +01:00
|
|
|
|
"(limit is %d characters).\n"), 39);
|
2004-04-26 20:26:54 +02:00
|
|
|
|
xfree (isoname);
|
2021-08-19 14:08:14 +02:00
|
|
|
|
rc = gpg_error (GPG_ERR_TOO_LARGE);
|
|
|
|
|
goto leave;
|
2004-04-26 20:26:54 +02:00
|
|
|
|
}
|
|
|
|
|
|
2019-04-01 18:12:35 +02:00
|
|
|
|
rc = agent_scd_setattr ("DISP-NAME", isoname, strlen (isoname));
|
2003-09-18 17:51:18 +02:00
|
|
|
|
if (rc)
|
|
|
|
|
log_error ("error setting Name: %s\n", gpg_strerror (rc));
|
|
|
|
|
|
2021-08-19 14:08:14 +02:00
|
|
|
|
leave:
|
2003-09-18 17:51:18 +02:00
|
|
|
|
xfree (isoname);
|
2021-08-19 14:08:14 +02:00
|
|
|
|
write_sc_op_status (rc);
|
2003-09-18 17:51:18 +02:00
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
change_url (void)
|
|
|
|
|
{
|
|
|
|
|
char *url;
|
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
|
|
url = cpr_get ("cardedit.change_url", _("URL to retrieve public key: "));
|
|
|
|
|
if (!url)
|
|
|
|
|
return -1;
|
|
|
|
|
trim_spaces (url);
|
|
|
|
|
cpr_kill_prompt ();
|
|
|
|
|
|
2019-04-01 18:12:35 +02:00
|
|
|
|
rc = agent_scd_setattr ("PUBKEY-URL", url, strlen (url));
|
2003-09-18 17:51:18 +02:00
|
|
|
|
if (rc)
|
|
|
|
|
log_error ("error setting URL: %s\n", gpg_strerror (rc));
|
|
|
|
|
xfree (url);
|
2009-06-09 21:11:28 +02:00
|
|
|
|
write_sc_op_status (rc);
|
2003-09-18 17:51:18 +02:00
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
|
|
|
|
|
|
/* Fetch the key from the URL given on the card or try to get it from
|
|
|
|
|
the default keyserver. */
|
2004-10-22 11:41:01 +02:00
|
|
|
|
static int
|
2010-10-01 22:33:53 +02:00
|
|
|
|
fetch_url (ctrl_t ctrl)
|
2004-10-22 11:41:01 +02:00
|
|
|
|
{
|
|
|
|
|
int rc;
|
|
|
|
|
struct agent_card_info_s info;
|
|
|
|
|
|
|
|
|
|
memset(&info,0,sizeof(info));
|
|
|
|
|
|
|
|
|
|
rc=agent_scd_getattr("PUBKEY-URL",&info);
|
|
|
|
|
if(rc)
|
|
|
|
|
log_error("error retrieving URL from card: %s\n",gpg_strerror(rc));
|
2006-04-19 13:26:11 +02:00
|
|
|
|
else
|
2004-10-22 11:41:01 +02:00
|
|
|
|
{
|
|
|
|
|
rc=agent_scd_getattr("KEY-FPR",&info);
|
|
|
|
|
if(rc)
|
|
|
|
|
log_error("error retrieving key fingerprint from card: %s\n",
|
|
|
|
|
gpg_strerror(rc));
|
2006-04-19 13:26:11 +02:00
|
|
|
|
else if (info.pubkey_url && *info.pubkey_url)
|
2016-06-23 05:12:43 +02:00
|
|
|
|
{
|
|
|
|
|
strlist_t sl = NULL;
|
|
|
|
|
|
|
|
|
|
add_to_strlist (&sl, info.pubkey_url);
|
2017-07-13 18:22:36 +02:00
|
|
|
|
rc = keyserver_fetch (ctrl, sl, KEYORG_URL);
|
2016-06-23 05:12:43 +02:00
|
|
|
|
free_strlist (sl);
|
|
|
|
|
}
|
2018-08-27 16:57:04 +02:00
|
|
|
|
else if (info.fpr1len)
|
2006-04-19 13:26:11 +02:00
|
|
|
|
{
|
2018-08-27 16:57:04 +02:00
|
|
|
|
rc = keyserver_import_fprint (ctrl, info.fpr1, info.fpr1len,
|
|
|
|
|
opt.keyserver, 0);
|
2006-04-19 13:26:11 +02:00
|
|
|
|
}
|
2004-10-22 11:41:01 +02:00
|
|
|
|
}
|
|
|
|
|
|
2018-06-12 08:54:18 +02:00
|
|
|
|
agent_release_card_info (&info);
|
2004-10-22 11:41:01 +02:00
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2017-07-21 04:22:38 +02:00
|
|
|
|
#define MAX_GET_DATA_FROM_FILE 16384
|
|
|
|
|
|
|
|
|
|
/* Read data from file FNAME up to MAX_GET_DATA_FROM_FILE characters.
|
|
|
|
|
On error return -1 and store NULL at R_BUFFER; on success return
|
|
|
|
|
the number of bytes read and store the address of a newly allocated
|
|
|
|
|
buffer at R_BUFFER. */
|
2008-09-23 11:57:45 +02:00
|
|
|
|
static int
|
2017-07-21 04:22:38 +02:00
|
|
|
|
get_data_from_file (const char *fname, char **r_buffer)
|
2008-09-23 11:57:45 +02:00
|
|
|
|
{
|
2010-03-15 12:15:45 +01:00
|
|
|
|
estream_t fp;
|
2008-09-23 11:57:45 +02:00
|
|
|
|
char *data;
|
|
|
|
|
int n;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2008-09-23 11:57:45 +02:00
|
|
|
|
*r_buffer = NULL;
|
|
|
|
|
|
2010-03-15 12:15:45 +01:00
|
|
|
|
fp = es_fopen (fname, "rb");
|
2008-09-23 11:57:45 +02:00
|
|
|
|
#if GNUPG_MAJOR_VERSION == 1
|
|
|
|
|
if (fp && is_secured_file (fileno (fp)))
|
|
|
|
|
{
|
|
|
|
|
fclose (fp);
|
|
|
|
|
fp = NULL;
|
|
|
|
|
errno = EPERM;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
if (!fp)
|
|
|
|
|
{
|
2012-06-05 19:29:22 +02:00
|
|
|
|
tty_printf (_("can't open '%s': %s\n"), fname, strerror (errno));
|
2008-09-23 11:57:45 +02:00
|
|
|
|
return -1;
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2017-07-21 04:22:38 +02:00
|
|
|
|
data = xtrymalloc (MAX_GET_DATA_FROM_FILE);
|
2008-09-23 11:57:45 +02:00
|
|
|
|
if (!data)
|
|
|
|
|
{
|
|
|
|
|
tty_printf (_("error allocating enough memory: %s\n"), strerror (errno));
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_fclose (fp);
|
2008-09-23 11:57:45 +02:00
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2017-07-21 04:22:38 +02:00
|
|
|
|
n = es_fread (data, 1, MAX_GET_DATA_FROM_FILE, fp);
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_fclose (fp);
|
2008-09-23 11:57:45 +02:00
|
|
|
|
if (n < 0)
|
|
|
|
|
{
|
2012-06-05 19:29:22 +02:00
|
|
|
|
tty_printf (_("error reading '%s': %s\n"), fname, strerror (errno));
|
2008-09-23 11:57:45 +02:00
|
|
|
|
xfree (data);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
*r_buffer = data;
|
|
|
|
|
return n;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2009-06-17 11:45:50 +02:00
|
|
|
|
/* Write LENGTH bytes from BUFFER to file FNAME. Return 0 on
|
|
|
|
|
success. */
|
|
|
|
|
static int
|
|
|
|
|
put_data_to_file (const char *fname, const void *buffer, size_t length)
|
|
|
|
|
{
|
2010-03-15 12:15:45 +01:00
|
|
|
|
estream_t fp;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2010-03-15 12:15:45 +01:00
|
|
|
|
fp = es_fopen (fname, "wb");
|
2009-06-17 11:45:50 +02:00
|
|
|
|
#if GNUPG_MAJOR_VERSION == 1
|
|
|
|
|
if (fp && is_secured_file (fileno (fp)))
|
|
|
|
|
{
|
|
|
|
|
fclose (fp);
|
|
|
|
|
fp = NULL;
|
|
|
|
|
errno = EPERM;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
if (!fp)
|
|
|
|
|
{
|
2012-06-05 19:29:22 +02:00
|
|
|
|
tty_printf (_("can't create '%s': %s\n"), fname, strerror (errno));
|
2009-06-17 11:45:50 +02:00
|
|
|
|
return -1;
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2010-03-15 12:15:45 +01:00
|
|
|
|
if (length && es_fwrite (buffer, length, 1, fp) != 1)
|
2009-06-17 11:45:50 +02:00
|
|
|
|
{
|
2012-06-05 19:29:22 +02:00
|
|
|
|
tty_printf (_("error writing '%s': %s\n"), fname, strerror (errno));
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_fclose (fp);
|
2009-06-17 11:45:50 +02:00
|
|
|
|
return -1;
|
|
|
|
|
}
|
2010-03-15 12:15:45 +01:00
|
|
|
|
es_fclose (fp);
|
2009-06-17 11:45:50 +02:00
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2003-09-18 17:51:18 +02:00
|
|
|
|
static int
|
2004-07-01 19:42:09 +02:00
|
|
|
|
change_login (const char *args)
|
2003-09-18 17:51:18 +02:00
|
|
|
|
{
|
|
|
|
|
char *data;
|
2004-07-01 19:42:09 +02:00
|
|
|
|
int n;
|
2003-09-18 17:51:18 +02:00
|
|
|
|
int rc;
|
|
|
|
|
|
2004-07-01 19:42:09 +02:00
|
|
|
|
if (args && *args == '<') /* Read it from a file */
|
|
|
|
|
{
|
|
|
|
|
for (args++; spacep (args); args++)
|
|
|
|
|
;
|
2017-07-21 04:22:38 +02:00
|
|
|
|
n = get_data_from_file (args, &data);
|
2004-07-01 19:42:09 +02:00
|
|
|
|
if (n < 0)
|
2008-09-23 11:57:45 +02:00
|
|
|
|
return -1;
|
2004-07-01 19:42:09 +02:00
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
data = cpr_get ("cardedit.change_login",
|
|
|
|
|
_("Login data (account name): "));
|
|
|
|
|
if (!data)
|
|
|
|
|
return -1;
|
|
|
|
|
trim_spaces (data);
|
|
|
|
|
cpr_kill_prompt ();
|
|
|
|
|
n = strlen (data);
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-01 18:12:35 +02:00
|
|
|
|
rc = agent_scd_setattr ("LOGIN-DATA", data, n);
|
2003-09-18 17:51:18 +02:00
|
|
|
|
if (rc)
|
|
|
|
|
log_error ("error setting login data: %s\n", gpg_strerror (rc));
|
|
|
|
|
xfree (data);
|
2009-06-09 21:11:28 +02:00
|
|
|
|
write_sc_op_status (rc);
|
2003-09-18 17:51:18 +02:00
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
|
static int
|
|
|
|
|
change_private_do (const char *args, int nr)
|
|
|
|
|
{
|
|
|
|
|
char do_name[] = "PRIVATE-DO-X";
|
|
|
|
|
char *data;
|
|
|
|
|
int n;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
int rc;
|
2006-04-19 13:26:11 +02:00
|
|
|
|
|
2016-04-29 11:05:24 +02:00
|
|
|
|
log_assert (nr >= 1 && nr <= 4);
|
2006-04-19 13:26:11 +02:00
|
|
|
|
do_name[11] = '0' + nr;
|
|
|
|
|
|
|
|
|
|
if (args && (args = strchr (args, '<'))) /* Read it from a file */
|
|
|
|
|
{
|
|
|
|
|
for (args++; spacep (args); args++)
|
|
|
|
|
;
|
2017-07-21 04:22:38 +02:00
|
|
|
|
n = get_data_from_file (args, &data);
|
2006-04-19 13:26:11 +02:00
|
|
|
|
if (n < 0)
|
2008-09-23 11:57:45 +02:00
|
|
|
|
return -1;
|
2006-04-19 13:26:11 +02:00
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
data = cpr_get ("cardedit.change_private_do",
|
|
|
|
|
_("Private DO data: "));
|
|
|
|
|
if (!data)
|
|
|
|
|
return -1;
|
|
|
|
|
trim_spaces (data);
|
|
|
|
|
cpr_kill_prompt ();
|
|
|
|
|
n = strlen (data);
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-01 18:12:35 +02:00
|
|
|
|
rc = agent_scd_setattr (do_name, data, n);
|
2006-04-19 13:26:11 +02:00
|
|
|
|
if (rc)
|
|
|
|
|
log_error ("error setting private DO: %s\n", gpg_strerror (rc));
|
|
|
|
|
xfree (data);
|
2009-06-09 21:11:28 +02:00
|
|
|
|
write_sc_op_status (rc);
|
2006-04-19 13:26:11 +02:00
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
2008-09-23 11:57:45 +02:00
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
change_cert (const char *args)
|
|
|
|
|
{
|
|
|
|
|
char *data;
|
|
|
|
|
int n;
|
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
|
|
if (args && *args == '<') /* Read it from a file */
|
|
|
|
|
{
|
|
|
|
|
for (args++; spacep (args); args++)
|
|
|
|
|
;
|
2017-07-21 04:22:38 +02:00
|
|
|
|
n = get_data_from_file (args, &data);
|
2008-09-23 11:57:45 +02:00
|
|
|
|
if (n < 0)
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2010-01-08 20:18:49 +01:00
|
|
|
|
tty_printf ("usage error: redirection to file required\n");
|
2008-09-23 11:57:45 +02:00
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rc = agent_scd_writecert ("OPENPGP.3", data, n);
|
|
|
|
|
if (rc)
|
|
|
|
|
log_error ("error writing certificate to card: %s\n", gpg_strerror (rc));
|
|
|
|
|
xfree (data);
|
2009-06-09 21:11:28 +02:00
|
|
|
|
write_sc_op_status (rc);
|
2008-09-23 11:57:45 +02:00
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2009-06-17 11:45:50 +02:00
|
|
|
|
static int
|
|
|
|
|
read_cert (const char *args)
|
|
|
|
|
{
|
|
|
|
|
const char *fname;
|
|
|
|
|
void *buffer;
|
|
|
|
|
size_t length;
|
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
|
|
if (args && *args == '>') /* Write it to a file */
|
|
|
|
|
{
|
|
|
|
|
for (args++; spacep (args); args++)
|
|
|
|
|
;
|
|
|
|
|
fname = args;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2010-01-08 20:18:49 +01:00
|
|
|
|
tty_printf ("usage error: redirection to file required\n");
|
2009-06-17 11:45:50 +02:00
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rc = agent_scd_readcert ("OPENPGP.3", &buffer, &length);
|
|
|
|
|
if (rc)
|
|
|
|
|
log_error ("error reading certificate from card: %s\n", gpg_strerror (rc));
|
|
|
|
|
else
|
|
|
|
|
rc = put_data_to_file (fname, buffer, length);
|
|
|
|
|
xfree (buffer);
|
|
|
|
|
write_sc_op_status (rc);
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2003-09-18 17:51:18 +02:00
|
|
|
|
static int
|
|
|
|
|
change_lang (void)
|
|
|
|
|
{
|
|
|
|
|
char *data, *p;
|
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
|
|
data = cpr_get ("cardedit.change_lang",
|
|
|
|
|
_("Language preferences: "));
|
|
|
|
|
if (!data)
|
|
|
|
|
return -1;
|
|
|
|
|
trim_spaces (data);
|
|
|
|
|
cpr_kill_prompt ();
|
|
|
|
|
|
|
|
|
|
if (strlen (data) > 8 || (strlen (data) & 1))
|
|
|
|
|
{
|
|
|
|
|
tty_printf (_("Error: invalid length of preference string.\n"));
|
|
|
|
|
xfree (data);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (p=data; *p && *p >= 'a' && *p <= 'z'; p++)
|
|
|
|
|
;
|
|
|
|
|
if (*p)
|
|
|
|
|
{
|
|
|
|
|
tty_printf (_("Error: invalid characters in preference string.\n"));
|
|
|
|
|
xfree (data);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-01 18:12:35 +02:00
|
|
|
|
rc = agent_scd_setattr ("DISP-LANG", data, strlen (data));
|
2003-09-18 17:51:18 +02:00
|
|
|
|
if (rc)
|
|
|
|
|
log_error ("error setting lang: %s\n", gpg_strerror (rc));
|
|
|
|
|
xfree (data);
|
2009-06-09 21:11:28 +02:00
|
|
|
|
write_sc_op_status (rc);
|
2003-09-18 17:51:18 +02:00
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
change_sex (void)
|
|
|
|
|
{
|
|
|
|
|
char *data;
|
|
|
|
|
const char *str;
|
|
|
|
|
int rc;
|
2003-07-24 11:06:43 +02:00
|
|
|
|
|
2003-09-18 17:51:18 +02:00
|
|
|
|
data = cpr_get ("cardedit.change_sex",
|
2019-08-22 10:23:22 +02:00
|
|
|
|
_("Salutation (M = Mr., F = Ms., or space): "));
|
2003-09-18 17:51:18 +02:00
|
|
|
|
if (!data)
|
|
|
|
|
return -1;
|
|
|
|
|
trim_spaces (data);
|
|
|
|
|
cpr_kill_prompt ();
|
|
|
|
|
|
|
|
|
|
if (!*data)
|
|
|
|
|
str = "9";
|
|
|
|
|
else if ((*data == 'M' || *data == 'm') && !data[1])
|
|
|
|
|
str = "1";
|
|
|
|
|
else if ((*data == 'F' || *data == 'f') && !data[1])
|
|
|
|
|
str = "2";
|
2011-02-04 12:57:53 +01:00
|
|
|
|
else
|
2003-09-18 17:51:18 +02:00
|
|
|
|
{
|
|
|
|
|
tty_printf (_("Error: invalid response.\n"));
|
|
|
|
|
xfree (data);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2019-04-01 18:12:35 +02:00
|
|
|
|
rc = agent_scd_setattr ("DISP-SEX", str, 1);
|
2003-09-18 17:51:18 +02:00
|
|
|
|
if (rc)
|
2017-11-15 11:34:30 +01:00
|
|
|
|
log_error ("error setting salutation: %s\n", gpg_strerror (rc));
|
2003-09-18 17:51:18 +02:00
|
|
|
|
xfree (data);
|
2009-06-09 21:11:28 +02:00
|
|
|
|
write_sc_op_status (rc);
|
2003-09-18 17:51:18 +02:00
|
|
|
|
return rc;
|
|
|
|
|
}
|
2003-07-24 11:06:43 +02:00
|
|
|
|
|
|
|
|
|
|
2004-07-01 19:42:09 +02:00
|
|
|
|
static int
|
|
|
|
|
change_cafpr (int fprno)
|
|
|
|
|
{
|
|
|
|
|
char *data;
|
|
|
|
|
const char *s;
|
|
|
|
|
int i, c, rc;
|
2017-09-27 09:42:13 +02:00
|
|
|
|
unsigned char fpr[MAX_FINGERPRINT_LEN];
|
|
|
|
|
int fprlen;
|
2004-07-01 19:42:09 +02:00
|
|
|
|
|
|
|
|
|
data = cpr_get ("cardedit.change_cafpr", _("CA fingerprint: "));
|
|
|
|
|
if (!data)
|
|
|
|
|
return -1;
|
|
|
|
|
trim_spaces (data);
|
|
|
|
|
cpr_kill_prompt ();
|
|
|
|
|
|
2017-09-27 09:42:13 +02:00
|
|
|
|
for (i=0, s=data; i < MAX_FINGERPRINT_LEN && *s; )
|
2004-07-01 19:42:09 +02:00
|
|
|
|
{
|
|
|
|
|
while (spacep(s))
|
|
|
|
|
s++;
|
|
|
|
|
if (*s == ':')
|
|
|
|
|
s++;
|
|
|
|
|
while (spacep(s))
|
|
|
|
|
s++;
|
|
|
|
|
c = hextobyte (s);
|
|
|
|
|
if (c == -1)
|
|
|
|
|
break;
|
|
|
|
|
fpr[i++] = c;
|
|
|
|
|
s += 2;
|
|
|
|
|
}
|
2017-09-27 09:42:13 +02:00
|
|
|
|
fprlen = i;
|
2004-07-01 19:42:09 +02:00
|
|
|
|
xfree (data);
|
2017-09-27 09:42:13 +02:00
|
|
|
|
if ((fprlen != 20 && fprlen != 32) || *s)
|
2004-07-01 19:42:09 +02:00
|
|
|
|
{
|
|
|
|
|
tty_printf (_("Error: invalid formatted fingerprint.\n"));
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rc = agent_scd_setattr (fprno==1?"CA-FPR-1":
|
|
|
|
|
fprno==2?"CA-FPR-2":
|
2019-04-01 18:12:35 +02:00
|
|
|
|
fprno==3?"CA-FPR-3":"x", fpr, fprlen);
|
2004-07-01 19:42:09 +02:00
|
|
|
|
if (rc)
|
|
|
|
|
log_error ("error setting cafpr: %s\n", gpg_strerror (rc));
|
2009-06-09 21:11:28 +02:00
|
|
|
|
write_sc_op_status (rc);
|
2004-07-01 19:42:09 +02:00
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2003-09-30 19:34:38 +02:00
|
|
|
|
static void
|
|
|
|
|
toggle_forcesig (void)
|
|
|
|
|
{
|
|
|
|
|
struct agent_card_info_s info;
|
|
|
|
|
int rc;
|
|
|
|
|
int newstate;
|
|
|
|
|
|
|
|
|
|
memset (&info, 0, sizeof info);
|
|
|
|
|
rc = agent_scd_getattr ("CHV-STATUS", &info);
|
|
|
|
|
if (rc)
|
|
|
|
|
{
|
|
|
|
|
log_error ("error getting current status: %s\n", gpg_strerror (rc));
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
newstate = !info.chv1_cached;
|
|
|
|
|
agent_release_card_info (&info);
|
|
|
|
|
|
2019-04-01 18:12:35 +02:00
|
|
|
|
rc = agent_scd_setattr ("CHV-STATUS-1", newstate? "\x01":"", 1);
|
2003-09-30 19:34:38 +02:00
|
|
|
|
if (rc)
|
|
|
|
|
log_error ("error toggling signature PIN flag: %s\n", gpg_strerror (rc));
|
2009-06-09 21:11:28 +02:00
|
|
|
|
write_sc_op_status (rc);
|
2003-09-30 19:34:38 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2004-10-22 11:41:01 +02:00
|
|
|
|
/* Helper for the key generation/edit functions. */
|
|
|
|
|
static int
|
|
|
|
|
get_info_for_key_operation (struct agent_card_info_s *info)
|
2003-10-08 12:46:58 +02:00
|
|
|
|
{
|
|
|
|
|
int rc;
|
|
|
|
|
|
2004-10-22 11:41:01 +02:00
|
|
|
|
memset (info, 0, sizeof *info);
|
|
|
|
|
rc = agent_scd_getattr ("SERIALNO", info);
|
2020-11-19 05:03:29 +01:00
|
|
|
|
if (rc || !info->serialno || strncmp (info->serialno, "D27600012401", 12)
|
|
|
|
|
|| strlen (info->serialno) != 32 )
|
2004-10-22 11:41:01 +02:00
|
|
|
|
{
|
|
|
|
|
log_error (_("key operation not possible: %s\n"),
|
|
|
|
|
rc ? gpg_strerror (rc) : _("not an OpenPGP card"));
|
|
|
|
|
return rc? rc: -1;
|
|
|
|
|
}
|
|
|
|
|
rc = agent_scd_getattr ("KEY-FPR", info);
|
2003-10-08 12:46:58 +02:00
|
|
|
|
if (!rc)
|
2004-10-22 11:41:01 +02:00
|
|
|
|
rc = agent_scd_getattr ("CHV-STATUS", info);
|
2003-10-08 12:46:58 +02:00
|
|
|
|
if (!rc)
|
2004-10-22 11:41:01 +02:00
|
|
|
|
rc = agent_scd_getattr ("DISP-NAME", info);
|
2009-07-22 19:21:47 +02:00
|
|
|
|
if (!rc)
|
|
|
|
|
rc = agent_scd_getattr ("EXTCAP", info);
|
2009-08-05 13:24:43 +02:00
|
|
|
|
if (!rc)
|
|
|
|
|
rc = agent_scd_getattr ("KEY-ATTR", info);
|
2003-10-08 12:46:58 +02:00
|
|
|
|
if (rc)
|
2004-10-22 11:41:01 +02:00
|
|
|
|
log_error (_("error getting current key info: %s\n"), gpg_strerror (rc));
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Helper for the key generation/edit functions. */
|
|
|
|
|
static int
|
|
|
|
|
check_pin_for_key_operation (struct agent_card_info_s *info, int *forced_chv1)
|
2011-02-04 12:57:53 +01:00
|
|
|
|
{
|
2004-10-22 11:41:01 +02:00
|
|
|
|
int rc = 0;
|
|
|
|
|
|
|
|
|
|
*forced_chv1 = !info->chv1_cached;
|
|
|
|
|
if (*forced_chv1)
|
2009-05-15 21:26:46 +02:00
|
|
|
|
{ /* Switch off the forced mode so that during key generation we
|
2004-10-22 11:41:01 +02:00
|
|
|
|
don't get bothered with PIN queries for each
|
|
|
|
|
self-signature. */
|
2019-04-01 18:12:35 +02:00
|
|
|
|
rc = agent_scd_setattr ("CHV-STATUS-1", "\x01", 1);
|
2004-10-22 11:41:01 +02:00
|
|
|
|
if (rc)
|
|
|
|
|
{
|
|
|
|
|
log_error ("error clearing forced signature PIN flag: %s\n",
|
|
|
|
|
gpg_strerror (rc));
|
|
|
|
|
*forced_chv1 = 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!rc)
|
2003-10-08 12:46:58 +02:00
|
|
|
|
{
|
2004-10-22 11:41:01 +02:00
|
|
|
|
/* Check the PIN now, so that we won't get asked later for each
|
|
|
|
|
binding signature. */
|
|
|
|
|
rc = agent_scd_checkpin (info->serialno);
|
|
|
|
|
if (rc)
|
2009-06-09 21:11:28 +02:00
|
|
|
|
{
|
|
|
|
|
log_error ("error checking the PIN: %s\n", gpg_strerror (rc));
|
|
|
|
|
write_sc_op_status (rc);
|
|
|
|
|
}
|
|
|
|
|
}
|
2004-10-22 11:41:01 +02:00
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Helper for the key generation/edit functions. */
|
2011-02-04 12:57:53 +01:00
|
|
|
|
static void
|
2004-10-22 11:41:01 +02:00
|
|
|
|
restore_forced_chv1 (int *forced_chv1)
|
|
|
|
|
{
|
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
|
|
if (*forced_chv1)
|
|
|
|
|
{ /* Switch back to forced state. */
|
2019-04-01 18:12:35 +02:00
|
|
|
|
rc = agent_scd_setattr ("CHV-STATUS-1", "", 1);
|
2004-10-22 11:41:01 +02:00
|
|
|
|
if (rc)
|
|
|
|
|
{
|
|
|
|
|
log_error ("error setting forced signature PIN flag: %s\n",
|
|
|
|
|
gpg_strerror (rc));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2007-07-05 18:58:19 +02:00
|
|
|
|
|
2004-10-22 11:41:01 +02:00
|
|
|
|
/* Helper for the key generation/edit functions. */
|
|
|
|
|
static void
|
|
|
|
|
show_card_key_info (struct agent_card_info_s *info)
|
|
|
|
|
{
|
|
|
|
|
tty_fprintf (NULL, "Signature key ....:");
|
2018-08-27 16:57:04 +02:00
|
|
|
|
print_shax_fpr (NULL, info->fpr1len? info->fpr1:NULL, info->fpr1len);
|
2004-10-22 11:41:01 +02:00
|
|
|
|
tty_fprintf (NULL, "Encryption key....:");
|
2018-08-27 16:57:04 +02:00
|
|
|
|
print_shax_fpr (NULL, info->fpr2len? info->fpr2:NULL, info->fpr2len);
|
2004-10-22 11:41:01 +02:00
|
|
|
|
tty_fprintf (NULL, "Authentication key:");
|
2018-08-27 16:57:04 +02:00
|
|
|
|
print_shax_fpr (NULL, info->fpr3len? info->fpr3:NULL, info->fpr3len);
|
2004-10-22 11:41:01 +02:00
|
|
|
|
tty_printf ("\n");
|
|
|
|
|
}
|
|
|
|
|
|
2007-07-05 18:58:19 +02:00
|
|
|
|
|
2004-10-22 11:41:01 +02:00
|
|
|
|
/* Helper for the key generation/edit functions. */
|
|
|
|
|
static int
|
|
|
|
|
replace_existing_key_p (struct agent_card_info_s *info, int keyno)
|
|
|
|
|
{
|
2016-04-29 11:05:24 +02:00
|
|
|
|
log_assert (keyno >= 0 && keyno <= 3);
|
2004-10-22 11:41:01 +02:00
|
|
|
|
|
2018-08-27 16:57:04 +02:00
|
|
|
|
if ((keyno == 1 && info->fpr1len)
|
|
|
|
|
|| (keyno == 2 && info->fpr2len)
|
|
|
|
|
|| (keyno == 3 && info->fpr3len))
|
2004-10-22 11:41:01 +02:00
|
|
|
|
{
|
|
|
|
|
tty_printf ("\n");
|
|
|
|
|
log_info ("WARNING: such a key has already been stored on the card!\n");
|
|
|
|
|
tty_printf ("\n");
|
|
|
|
|
if ( !cpr_get_answer_is_yes( "cardedit.genkeys.replace_key",
|
|
|
|
|
_("Replace existing key? (y/N) ")))
|
|
|
|
|
return -1;
|
2013-02-06 06:01:23 +01:00
|
|
|
|
return 1;
|
2004-10-22 11:41:01 +02:00
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2009-08-05 13:24:43 +02:00
|
|
|
|
static void
|
|
|
|
|
show_keysize_warning (void)
|
|
|
|
|
{
|
|
|
|
|
static int shown;
|
|
|
|
|
|
|
|
|
|
if (shown)
|
|
|
|
|
return;
|
|
|
|
|
shown = 1;
|
|
|
|
|
tty_printf
|
2017-11-02 17:11:03 +01:00
|
|
|
|
(_("Note: There is no guarantee that the card supports the requested\n"
|
|
|
|
|
" key type or size. If the key generation does not succeed,\n"
|
|
|
|
|
" please check the documentation of your card to see which\n"
|
|
|
|
|
" key types and sizes are supported.\n")
|
|
|
|
|
);
|
2009-08-05 13:24:43 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Ask for the size of a card key. NBITS is the current size
|
2018-03-29 04:56:02 +02:00
|
|
|
|
configured for the card. Returns 0 to use the default size
|
|
|
|
|
(i.e. NBITS) or the selected size. */
|
2009-08-05 13:24:43 +02:00
|
|
|
|
static unsigned int
|
2018-03-29 04:56:02 +02:00
|
|
|
|
ask_card_rsa_keysize (unsigned int nbits)
|
2009-08-05 13:24:43 +02:00
|
|
|
|
{
|
|
|
|
|
unsigned int min_nbits = 1024;
|
2011-06-16 14:27:33 +02:00
|
|
|
|
unsigned int max_nbits = 4096;
|
2009-08-05 13:24:43 +02:00
|
|
|
|
char *prompt, *answer;
|
|
|
|
|
unsigned int req_nbits;
|
|
|
|
|
|
|
|
|
|
for (;;)
|
|
|
|
|
{
|
2018-03-29 04:56:02 +02:00
|
|
|
|
prompt = xasprintf (_("What keysize do you want? (%u) "), nbits);
|
2009-08-05 13:24:43 +02:00
|
|
|
|
answer = cpr_get ("cardedit.genkeys.size", prompt);
|
|
|
|
|
cpr_kill_prompt ();
|
|
|
|
|
req_nbits = *answer? atoi (answer): nbits;
|
|
|
|
|
xfree (prompt);
|
|
|
|
|
xfree (answer);
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2018-03-29 04:56:02 +02:00
|
|
|
|
if (req_nbits != nbits && (req_nbits % 32) )
|
2009-08-05 13:24:43 +02:00
|
|
|
|
{
|
2018-03-29 04:56:02 +02:00
|
|
|
|
req_nbits = ((req_nbits + 31) / 32) * 32;
|
|
|
|
|
tty_printf (_("rounded up to %u bits\n"), req_nbits);
|
2009-08-05 13:24:43 +02:00
|
|
|
|
}
|
2018-03-29 04:56:02 +02:00
|
|
|
|
|
|
|
|
|
if (req_nbits == nbits)
|
|
|
|
|
return 0; /* Use default. */
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2018-03-29 04:56:02 +02:00
|
|
|
|
if (req_nbits < min_nbits || req_nbits > max_nbits)
|
2009-08-05 13:24:43 +02:00
|
|
|
|
{
|
2018-03-29 04:56:02 +02:00
|
|
|
|
tty_printf (_("%s keysizes must be in the range %u-%u\n"),
|
|
|
|
|
"RSA", min_nbits, max_nbits);
|
|
|
|
|
}
|
|
|
|
|
else
|
2018-04-05 03:37:23 +02:00
|
|
|
|
return req_nbits;
|
2018-03-29 04:56:02 +02:00
|
|
|
|
}
|
|
|
|
|
}
|
2017-11-02 17:11:03 +01:00
|
|
|
|
|
2018-03-29 04:56:02 +02:00
|
|
|
|
/* Ask for the key attribute of a card key. CURRENT is the current
|
|
|
|
|
attribute configured for the card. KEYNO is the number of the key
|
|
|
|
|
used to select the prompt. Returns NULL to use the default
|
|
|
|
|
attribute or the selected attribute structure. */
|
|
|
|
|
static struct key_attr *
|
|
|
|
|
ask_card_keyattr (int keyno, const struct key_attr *current)
|
|
|
|
|
{
|
|
|
|
|
struct key_attr *key_attr = NULL;
|
|
|
|
|
char *answer = NULL;
|
|
|
|
|
int algo;
|
|
|
|
|
|
|
|
|
|
tty_printf (_("Changing card key attribute for: "));
|
|
|
|
|
if (keyno == 0)
|
|
|
|
|
tty_printf (_("Signature key\n"));
|
|
|
|
|
else if (keyno == 1)
|
|
|
|
|
tty_printf (_("Encryption key\n"));
|
|
|
|
|
else
|
|
|
|
|
tty_printf (_("Authentication key\n"));
|
2017-11-02 17:11:03 +01:00
|
|
|
|
|
2018-03-29 04:56:02 +02:00
|
|
|
|
tty_printf (_("Please select what kind of key you want:\n"));
|
|
|
|
|
tty_printf (_(" (%d) RSA\n"), 1 );
|
|
|
|
|
tty_printf (_(" (%d) ECC\n"), 2 );
|
|
|
|
|
|
|
|
|
|
for (;;)
|
|
|
|
|
{
|
|
|
|
|
xfree (answer);
|
|
|
|
|
answer = cpr_get ("cardedit.genkeys.algo", _("Your selection? "));
|
|
|
|
|
cpr_kill_prompt ();
|
|
|
|
|
algo = *answer? atoi (answer) : 0;
|
|
|
|
|
|
|
|
|
|
if (!*answer || algo == 1 || algo == 2)
|
2021-05-20 10:13:51 +02:00
|
|
|
|
{
|
|
|
|
|
xfree (answer);
|
|
|
|
|
break;
|
|
|
|
|
}
|
2009-08-05 13:24:43 +02:00
|
|
|
|
else
|
2018-03-29 04:56:02 +02:00
|
|
|
|
tty_printf (_("Invalid selection.\n"));
|
|
|
|
|
}
|
2017-11-02 17:11:03 +01:00
|
|
|
|
|
2018-03-29 04:56:02 +02:00
|
|
|
|
if (algo == 0)
|
2018-03-30 03:59:10 +02:00
|
|
|
|
goto leave;
|
2017-11-02 17:11:03 +01:00
|
|
|
|
|
2018-03-29 04:56:02 +02:00
|
|
|
|
key_attr = xmalloc (sizeof (struct key_attr));
|
|
|
|
|
|
|
|
|
|
if (algo == 1)
|
|
|
|
|
{
|
|
|
|
|
unsigned int nbits, result_nbits;
|
|
|
|
|
|
|
|
|
|
if (current->algo == PUBKEY_ALGO_RSA)
|
|
|
|
|
nbits = current->nbits;
|
|
|
|
|
else
|
|
|
|
|
nbits = 2048;
|
|
|
|
|
|
|
|
|
|
result_nbits = ask_card_rsa_keysize (nbits);
|
|
|
|
|
if (result_nbits == 0)
|
|
|
|
|
{
|
|
|
|
|
if (current->algo == PUBKEY_ALGO_RSA)
|
2017-11-02 17:11:03 +01:00
|
|
|
|
{
|
2018-03-29 04:56:02 +02:00
|
|
|
|
xfree (key_attr);
|
|
|
|
|
key_attr = NULL;
|
2017-11-02 17:11:03 +01:00
|
|
|
|
}
|
|
|
|
|
else
|
2018-03-29 04:56:02 +02:00
|
|
|
|
result_nbits = nbits;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (key_attr)
|
|
|
|
|
{
|
|
|
|
|
key_attr->algo = PUBKEY_ALGO_RSA;
|
|
|
|
|
key_attr->nbits = result_nbits;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
const char *curve;
|
|
|
|
|
const char *oid_str;
|
|
|
|
|
|
|
|
|
|
if (current->algo == PUBKEY_ALGO_RSA)
|
|
|
|
|
{
|
|
|
|
|
if (keyno == 1)
|
|
|
|
|
/* Encryption key */
|
|
|
|
|
algo = PUBKEY_ALGO_ECDH;
|
|
|
|
|
else /* Signature key or Authentication key */
|
|
|
|
|
algo = PUBKEY_ALGO_ECDSA;
|
|
|
|
|
curve = NULL;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
algo = current->algo;
|
|
|
|
|
curve = current->curve;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
curve = ask_curve (&algo, NULL, curve);
|
|
|
|
|
if (curve)
|
|
|
|
|
{
|
|
|
|
|
key_attr->algo = algo;
|
2020-02-11 14:38:03 +01:00
|
|
|
|
oid_str = openpgp_curve_to_oid (curve, NULL, NULL);
|
2018-03-29 04:56:02 +02:00
|
|
|
|
key_attr->curve = openpgp_oid_to_curve (oid_str, 0);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
xfree (key_attr);
|
|
|
|
|
key_attr = NULL;
|
2009-08-05 13:24:43 +02:00
|
|
|
|
}
|
|
|
|
|
}
|
2018-03-29 04:56:02 +02:00
|
|
|
|
|
|
|
|
|
leave:
|
2018-04-05 03:37:23 +02:00
|
|
|
|
if (key_attr)
|
|
|
|
|
{
|
|
|
|
|
if (key_attr->algo == PUBKEY_ALGO_RSA)
|
|
|
|
|
tty_printf (_("The card will now be re-configured"
|
|
|
|
|
" to generate a key of %u bits\n"), key_attr->nbits);
|
|
|
|
|
else if (key_attr->algo == PUBKEY_ALGO_ECDH
|
|
|
|
|
|| key_attr->algo == PUBKEY_ALGO_ECDSA
|
|
|
|
|
|| key_attr->algo == PUBKEY_ALGO_EDDSA)
|
|
|
|
|
tty_printf (_("The card will now be re-configured"
|
|
|
|
|
" to generate a key of type: %s\n"), key_attr->curve),
|
|
|
|
|
|
|
|
|
|
show_keysize_warning ();
|
|
|
|
|
}
|
2018-03-29 04:56:02 +02:00
|
|
|
|
|
|
|
|
|
return key_attr;
|
2009-08-05 13:24:43 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2018-03-29 04:56:02 +02:00
|
|
|
|
|
|
|
|
|
/* Change the key attribute of key KEYNO (0..2) and show an error
|
|
|
|
|
* message if that fails. */
|
2009-08-05 13:24:43 +02:00
|
|
|
|
static gpg_error_t
|
2018-03-29 04:56:02 +02:00
|
|
|
|
do_change_keyattr (int keyno, const struct key_attr *key_attr)
|
2009-08-05 13:24:43 +02:00
|
|
|
|
{
|
2018-03-29 04:56:02 +02:00
|
|
|
|
gpg_error_t err = 0;
|
2009-08-05 13:24:43 +02:00
|
|
|
|
char args[100];
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2018-03-29 04:56:02 +02:00
|
|
|
|
if (key_attr->algo == PUBKEY_ALGO_RSA)
|
|
|
|
|
snprintf (args, sizeof args, "--force %d 1 rsa%u", keyno+1,
|
|
|
|
|
key_attr->nbits);
|
|
|
|
|
else if (key_attr->algo == PUBKEY_ALGO_ECDH
|
|
|
|
|
|| key_attr->algo == PUBKEY_ALGO_ECDSA
|
|
|
|
|
|| key_attr->algo == PUBKEY_ALGO_EDDSA)
|
2017-11-02 17:11:03 +01:00
|
|
|
|
snprintf (args, sizeof args, "--force %d %d %s",
|
2018-03-29 04:56:02 +02:00
|
|
|
|
keyno+1, key_attr->algo, key_attr->curve);
|
2017-11-02 17:11:03 +01:00
|
|
|
|
else
|
2018-03-29 04:56:02 +02:00
|
|
|
|
{
|
|
|
|
|
log_error (_("public key algorithm %d (%s) is not supported\n"),
|
|
|
|
|
key_attr->algo, gcry_pk_algo_name (key_attr->algo));
|
|
|
|
|
return gpg_error (GPG_ERR_PUBKEY_ALGO);
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-01 18:12:35 +02:00
|
|
|
|
err = agent_scd_setattr ("KEY-ATTR", args, strlen (args));
|
2009-08-05 13:24:43 +02:00
|
|
|
|
if (err)
|
2018-03-29 04:56:02 +02:00
|
|
|
|
log_error (_("error changing key attribute for key %d: %s\n"),
|
|
|
|
|
keyno+1, gpg_strerror (err));
|
2009-08-05 13:24:43 +02:00
|
|
|
|
return err;
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2009-08-05 13:24:43 +02:00
|
|
|
|
|
2018-03-30 03:59:10 +02:00
|
|
|
|
static void
|
|
|
|
|
key_attr (void)
|
|
|
|
|
{
|
|
|
|
|
struct agent_card_info_s info;
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
int keyno;
|
|
|
|
|
|
|
|
|
|
err = get_info_for_key_operation (&info);
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
log_error (_("error getting card info: %s\n"), gpg_strerror (err));
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!(info.is_v2 && info.extcap.aac))
|
|
|
|
|
{
|
|
|
|
|
log_error (_("This command is not supported by this card\n"));
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (keyno = 0; keyno < DIM (info.key_attr); keyno++)
|
|
|
|
|
{
|
|
|
|
|
struct key_attr *key_attr;
|
|
|
|
|
|
|
|
|
|
if ((key_attr = ask_card_keyattr (keyno, &info.key_attr[keyno])))
|
|
|
|
|
{
|
|
|
|
|
err = do_change_keyattr (keyno, key_attr);
|
|
|
|
|
xfree (key_attr);
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
/* Error: Better read the default key attribute again. */
|
|
|
|
|
agent_release_card_info (&info);
|
|
|
|
|
if (get_info_for_key_operation (&info))
|
|
|
|
|
goto leave;
|
|
|
|
|
/* Ask again for this key. */
|
|
|
|
|
keyno--;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
agent_release_card_info (&info);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2004-10-22 11:41:01 +02:00
|
|
|
|
static void
|
2011-11-06 17:01:31 +01:00
|
|
|
|
generate_card_keys (ctrl_t ctrl)
|
2004-10-22 11:41:01 +02:00
|
|
|
|
{
|
|
|
|
|
struct agent_card_info_s info;
|
|
|
|
|
int forced_chv1;
|
|
|
|
|
int want_backup;
|
|
|
|
|
|
|
|
|
|
if (get_info_for_key_operation (&info))
|
|
|
|
|
return;
|
|
|
|
|
|
2009-07-22 19:21:47 +02:00
|
|
|
|
if (info.extcap.ki)
|
|
|
|
|
{
|
|
|
|
|
char *answer;
|
2004-10-22 11:41:01 +02:00
|
|
|
|
|
2010-06-07 15:33:02 +02:00
|
|
|
|
/* FIXME: Should be something like cpr_get_bool so that a status
|
|
|
|
|
GET_BOOL will be emitted. */
|
2009-07-22 19:21:47 +02:00
|
|
|
|
answer = cpr_get ("cardedit.genkeys.backup_enc",
|
|
|
|
|
_("Make off-card backup of encryption key? (Y/n) "));
|
|
|
|
|
|
2009-08-05 13:24:43 +02:00
|
|
|
|
want_backup = answer_is_yes_no_default (answer, 1/*(default to Yes)*/);
|
|
|
|
|
cpr_kill_prompt ();
|
|
|
|
|
xfree (answer);
|
2009-07-22 19:21:47 +02:00
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
want_backup = 0;
|
2004-10-22 11:41:01 +02:00
|
|
|
|
|
2018-08-27 16:57:04 +02:00
|
|
|
|
if ( (info.fpr1len && !fpr_is_zero (info.fpr1, info.fpr1len))
|
|
|
|
|
|| (info.fpr2len && !fpr_is_zero (info.fpr2, info.fpr2len))
|
|
|
|
|
|| (info.fpr3len && !fpr_is_zero (info.fpr3, info.fpr3len)))
|
2003-10-08 12:46:58 +02:00
|
|
|
|
{
|
|
|
|
|
tty_printf ("\n");
|
2014-10-10 15:29:42 +02:00
|
|
|
|
log_info (_("Note: keys are already stored on the card!\n"));
|
2003-10-08 12:46:58 +02:00
|
|
|
|
tty_printf ("\n");
|
2009-08-05 13:24:43 +02:00
|
|
|
|
if ( !cpr_get_answer_is_yes ("cardedit.genkeys.replace_keys",
|
|
|
|
|
_("Replace existing keys? (y/N) ")))
|
2003-10-08 12:46:58 +02:00
|
|
|
|
{
|
|
|
|
|
agent_release_card_info (&info);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
2009-08-05 13:24:43 +02:00
|
|
|
|
|
|
|
|
|
/* If no displayed name has been set, we assume that this is a fresh
|
|
|
|
|
card and print a hint about the default PINs. */
|
|
|
|
|
if (!info.disp_name || !*info.disp_name)
|
2003-10-08 12:46:58 +02:00
|
|
|
|
{
|
|
|
|
|
tty_printf ("\n");
|
|
|
|
|
tty_printf (_("Please note that the factory settings of the PINs are\n"
|
2012-06-05 19:29:22 +02:00
|
|
|
|
" PIN = '%s' Admin PIN = '%s'\n"
|
2003-10-08 12:46:58 +02:00
|
|
|
|
"You should change them using the command --change-pin\n"),
|
|
|
|
|
"123456", "12345678");
|
|
|
|
|
tty_printf ("\n");
|
|
|
|
|
}
|
|
|
|
|
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2004-10-22 11:41:01 +02:00
|
|
|
|
if (check_pin_for_key_operation (&info, &forced_chv1))
|
|
|
|
|
goto leave;
|
2009-08-05 13:24:43 +02:00
|
|
|
|
|
2014-09-27 15:14:13 +02:00
|
|
|
|
generate_keypair (ctrl, 1, NULL, info.serialno, want_backup);
|
2004-10-22 11:41:01 +02:00
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
agent_release_card_info (&info);
|
|
|
|
|
restore_forced_chv1 (&forced_chv1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
|
/* This function is used by the key edit menu to generate an arbitrary
|
2004-10-22 11:41:01 +02:00
|
|
|
|
subkey. */
|
2010-11-17 14:21:24 +01:00
|
|
|
|
gpg_error_t
|
2017-03-31 20:03:52 +02:00
|
|
|
|
card_generate_subkey (ctrl_t ctrl, kbnode_t pub_keyblock)
|
2004-10-22 11:41:01 +02:00
|
|
|
|
{
|
2010-11-17 14:21:24 +01:00
|
|
|
|
gpg_error_t err;
|
2004-10-22 11:41:01 +02:00
|
|
|
|
struct agent_card_info_s info;
|
|
|
|
|
int forced_chv1 = 0;
|
|
|
|
|
int keyno;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2010-11-17 14:21:24 +01:00
|
|
|
|
err = get_info_for_key_operation (&info);
|
|
|
|
|
if (err)
|
|
|
|
|
return err;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2004-10-22 11:41:01 +02:00
|
|
|
|
show_card_key_info (&info);
|
|
|
|
|
|
|
|
|
|
tty_printf (_("Please select the type of key to generate:\n"));
|
|
|
|
|
|
|
|
|
|
tty_printf (_(" (1) Signature key\n"));
|
|
|
|
|
tty_printf (_(" (2) Encryption key\n"));
|
|
|
|
|
tty_printf (_(" (3) Authentication key\n"));
|
|
|
|
|
|
2011-02-04 12:57:53 +01:00
|
|
|
|
for (;;)
|
2004-10-22 11:41:01 +02:00
|
|
|
|
{
|
|
|
|
|
char *answer = cpr_get ("cardedit.genkeys.subkeytype",
|
|
|
|
|
_("Your selection? "));
|
|
|
|
|
cpr_kill_prompt();
|
|
|
|
|
if (*answer == CONTROL_D)
|
2003-10-08 12:46:58 +02:00
|
|
|
|
{
|
2004-10-22 11:41:01 +02:00
|
|
|
|
xfree (answer);
|
2010-11-17 14:21:24 +01:00
|
|
|
|
err = gpg_error (GPG_ERR_CANCELED);
|
2004-10-22 11:41:01 +02:00
|
|
|
|
goto leave;
|
2003-10-08 12:46:58 +02:00
|
|
|
|
}
|
2004-10-22 11:41:01 +02:00
|
|
|
|
keyno = *answer? atoi(answer): 0;
|
|
|
|
|
xfree(answer);
|
|
|
|
|
if (keyno >= 1 && keyno <= 3)
|
|
|
|
|
break; /* Okay. */
|
|
|
|
|
tty_printf(_("Invalid selection.\n"));
|
2003-10-08 12:46:58 +02:00
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2013-02-06 06:01:23 +01:00
|
|
|
|
if (replace_existing_key_p (&info, keyno) < 0)
|
2010-11-17 14:21:24 +01:00
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_CANCELED);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2010-11-17 14:21:24 +01:00
|
|
|
|
err = check_pin_for_key_operation (&info, &forced_chv1);
|
|
|
|
|
if (err)
|
2004-10-22 11:41:01 +02:00
|
|
|
|
goto leave;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2017-03-31 20:03:52 +02:00
|
|
|
|
err = generate_card_subkeypair (ctrl, pub_keyblock, keyno, info.serialno);
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2004-10-22 11:41:01 +02:00
|
|
|
|
leave:
|
2003-10-08 12:46:58 +02:00
|
|
|
|
agent_release_card_info (&info);
|
2004-10-22 11:41:01 +02:00
|
|
|
|
restore_forced_chv1 (&forced_chv1);
|
2010-11-17 14:21:24 +01:00
|
|
|
|
return err;
|
2004-10-22 11:41:01 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
|
/* Store the key at NODE into the smartcard and modify NODE to
|
|
|
|
|
carry the serialno stuff instead of the actual secret key
|
|
|
|
|
parameters. USE is the usage for that key; 0 means any
|
|
|
|
|
usage. */
|
2011-02-04 12:57:53 +01:00
|
|
|
|
int
|
2004-10-22 11:41:01 +02:00
|
|
|
|
card_store_subkey (KBNODE node, int use)
|
|
|
|
|
{
|
2013-02-06 06:01:23 +01:00
|
|
|
|
struct agent_card_info_s info;
|
|
|
|
|
int okay = 0;
|
|
|
|
|
unsigned int nbits;
|
|
|
|
|
int allow_keyno[3];
|
|
|
|
|
int keyno;
|
|
|
|
|
PKT_public_key *pk;
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
char *hexgrip;
|
|
|
|
|
int rc;
|
|
|
|
|
gnupg_isotime_t timebuf;
|
|
|
|
|
|
2016-04-29 11:05:24 +02:00
|
|
|
|
log_assert (node->pkt->pkttype == PKT_PUBLIC_KEY
|
|
|
|
|
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY);
|
2013-02-06 06:01:23 +01:00
|
|
|
|
|
|
|
|
|
pk = node->pkt->pkt.public_key;
|
|
|
|
|
|
|
|
|
|
if (get_info_for_key_operation (&info))
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
if (!info.extcap.ki)
|
|
|
|
|
{
|
|
|
|
|
tty_printf ("The card does not support the import of keys\n");
|
|
|
|
|
tty_printf ("\n");
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
nbits = nbits_from_pk (pk);
|
|
|
|
|
|
2013-02-22 03:00:27 +01:00
|
|
|
|
if (!info.is_v2 && nbits != 1024)
|
2013-02-06 06:01:23 +01:00
|
|
|
|
{
|
|
|
|
|
tty_printf ("You may only store a 1024 bit RSA key on the card\n");
|
|
|
|
|
tty_printf ("\n");
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
2014-06-24 09:13:38 +02:00
|
|
|
|
allow_keyno[0] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_CERT)));
|
2013-02-06 06:01:23 +01:00
|
|
|
|
allow_keyno[1] = (!use || (use & (PUBKEY_USAGE_ENC)));
|
|
|
|
|
allow_keyno[2] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH)));
|
|
|
|
|
|
|
|
|
|
tty_printf (_("Please select where to store the key:\n"));
|
|
|
|
|
|
|
|
|
|
if (allow_keyno[0])
|
|
|
|
|
tty_printf (_(" (1) Signature key\n"));
|
|
|
|
|
if (allow_keyno[1])
|
|
|
|
|
tty_printf (_(" (2) Encryption key\n"));
|
|
|
|
|
if (allow_keyno[2])
|
|
|
|
|
tty_printf (_(" (3) Authentication key\n"));
|
|
|
|
|
|
|
|
|
|
for (;;)
|
|
|
|
|
{
|
|
|
|
|
char *answer = cpr_get ("cardedit.genkeys.storekeytype",
|
|
|
|
|
_("Your selection? "));
|
|
|
|
|
cpr_kill_prompt();
|
|
|
|
|
if (*answer == CONTROL_D || !*answer)
|
|
|
|
|
{
|
|
|
|
|
xfree (answer);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
keyno = *answer? atoi(answer): 0;
|
|
|
|
|
xfree(answer);
|
|
|
|
|
if (keyno >= 1 && keyno <= 3 && allow_keyno[keyno-1])
|
|
|
|
|
{
|
|
|
|
|
if (info.is_v2 && !info.extcap.aac
|
|
|
|
|
&& info.key_attr[keyno-1].nbits != nbits)
|
|
|
|
|
{
|
|
|
|
|
tty_printf ("Key does not match the card's capability.\n");
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
break; /* Okay. */
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
tty_printf(_("Invalid selection.\n"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((rc = replace_existing_key_p (&info, keyno)) < 0)
|
|
|
|
|
goto leave;
|
|
|
|
|
|
|
|
|
|
err = hexkeygrip_from_pk (pk, &hexgrip);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
|
|
|
|
|
epoch2isotime (timebuf, (time_t)pk->timestamp);
|
2014-12-05 06:20:50 +01:00
|
|
|
|
rc = agent_keytocard (hexgrip, keyno, rc, info.serialno, timebuf);
|
2013-02-06 06:01:23 +01:00
|
|
|
|
|
|
|
|
|
if (rc)
|
|
|
|
|
log_error (_("KEYTOCARD failed: %s\n"), gpg_strerror (rc));
|
|
|
|
|
else
|
|
|
|
|
okay = 1;
|
|
|
|
|
xfree (hexgrip);
|
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
agent_release_card_info (&info);
|
|
|
|
|
return okay;
|
2003-10-08 12:46:58 +02:00
|
|
|
|
}
|
2003-09-30 19:34:38 +02:00
|
|
|
|
|
2004-10-22 11:41:01 +02:00
|
|
|
|
|
2014-12-15 17:38:40 +01:00
|
|
|
|
|
|
|
|
|
/* Direct sending of an hex encoded APDU with error printing. */
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
send_apdu (const char *hexapdu, const char *desc, unsigned int ignore)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
unsigned int sw;
|
|
|
|
|
|
|
|
|
|
err = agent_scd_apdu (hexapdu, &sw);
|
|
|
|
|
if (err)
|
|
|
|
|
tty_printf ("sending card command %s failed: %s\n", desc,
|
|
|
|
|
gpg_strerror (err));
|
2020-11-09 13:04:38 +01:00
|
|
|
|
else if (!hexapdu
|
|
|
|
|
|| !strcmp (hexapdu, "undefined")
|
|
|
|
|
|| !strcmp (hexapdu, "reset-keep-lock")
|
|
|
|
|
|| !strcmp (hexapdu, "lock")
|
|
|
|
|
|| !strcmp (hexapdu, "trylock")
|
|
|
|
|
|| !strcmp (hexapdu, "unlock"))
|
|
|
|
|
; /* Ignore pseudo APDUs. */
|
2014-12-15 17:38:40 +01:00
|
|
|
|
else if (ignore == 0xffff)
|
|
|
|
|
; /* Ignore all status words. */
|
|
|
|
|
else if (sw != 0x9000)
|
|
|
|
|
{
|
|
|
|
|
switch (sw)
|
|
|
|
|
{
|
|
|
|
|
case 0x6285: err = gpg_error (GPG_ERR_OBJ_TERM_STATE); break;
|
|
|
|
|
case 0x6982: err = gpg_error (GPG_ERR_BAD_PIN); break;
|
|
|
|
|
case 0x6985: err = gpg_error (GPG_ERR_USE_CONDITIONS); break;
|
|
|
|
|
default: err = gpg_error (GPG_ERR_CARD);
|
|
|
|
|
}
|
|
|
|
|
if (!(ignore && ignore == sw))
|
|
|
|
|
tty_printf ("card command %s failed: %s (0x%04x)\n", desc,
|
|
|
|
|
gpg_strerror (err), sw);
|
|
|
|
|
}
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Do a factory reset after confirmation. */
|
|
|
|
|
static void
|
|
|
|
|
factory_reset (void)
|
|
|
|
|
{
|
|
|
|
|
struct agent_card_info_s info;
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
char *answer = NULL;
|
|
|
|
|
int termstate = 0;
|
|
|
|
|
int i;
|
2020-11-09 13:04:38 +01:00
|
|
|
|
int locked = 0;
|
2014-12-15 17:38:40 +01:00
|
|
|
|
|
|
|
|
|
/* The code below basically does the same what this
|
|
|
|
|
gpg-connect-agent script does:
|
|
|
|
|
|
|
|
|
|
scd reset
|
|
|
|
|
scd serialno undefined
|
|
|
|
|
scd apdu 00 A4 04 00 06 D2 76 00 01 24 01
|
|
|
|
|
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
|
|
|
|
|
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
|
|
|
|
|
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
|
|
|
|
|
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
|
|
|
|
|
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
|
|
|
|
|
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
|
|
|
|
|
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
|
|
|
|
|
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
|
|
|
|
|
scd apdu 00 e6 00 00
|
|
|
|
|
scd apdu 00 44 00 00
|
2018-03-16 03:27:33 +01:00
|
|
|
|
scd reset
|
2014-12-15 17:38:40 +01:00
|
|
|
|
/echo Card has been reset to factory defaults
|
|
|
|
|
|
|
|
|
|
but tries to find out something about the card first.
|
|
|
|
|
*/
|
|
|
|
|
|
2015-04-03 10:39:59 +02:00
|
|
|
|
err = agent_scd_learn (&info, 0);
|
2014-12-15 17:38:40 +01:00
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_OBJ_TERM_STATE
|
|
|
|
|
&& gpg_err_source (err) == GPG_ERR_SOURCE_SCD)
|
|
|
|
|
termstate = 1;
|
|
|
|
|
else if (err)
|
|
|
|
|
{
|
|
|
|
|
log_error (_("OpenPGP card not available: %s\n"), gpg_strerror (err));
|
2018-03-16 03:27:33 +01:00
|
|
|
|
goto leave;
|
2014-12-15 17:38:40 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!termstate)
|
|
|
|
|
{
|
|
|
|
|
log_info (_("OpenPGP card no. %s detected\n"),
|
|
|
|
|
info.serialno? info.serialno : "[none]");
|
|
|
|
|
if (!(info.status_indicator == 3 || info.status_indicator == 5))
|
|
|
|
|
{
|
|
|
|
|
/* Note: We won't see status-indicator 3 here because it is not
|
|
|
|
|
possible to select a card application in termination state. */
|
|
|
|
|
log_error (_("This command is not supported by this card\n"));
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tty_printf ("\n");
|
|
|
|
|
log_info (_("Note: This command destroys all keys stored on the card!\n"));
|
|
|
|
|
tty_printf ("\n");
|
|
|
|
|
if (!cpr_get_answer_is_yes ("cardedit.factory-reset.proceed",
|
|
|
|
|
_("Continue? (y/N) ")))
|
|
|
|
|
goto leave;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
answer = cpr_get ("cardedit.factory-reset.really",
|
|
|
|
|
_("Really do a factory reset? (enter \"yes\") "));
|
|
|
|
|
cpr_kill_prompt ();
|
|
|
|
|
trim_spaces (answer);
|
|
|
|
|
if (strcmp (answer, "yes"))
|
|
|
|
|
goto leave;
|
|
|
|
|
|
|
|
|
|
/* We need to select a card application before we can send APDUs
|
2020-11-09 13:04:38 +01:00
|
|
|
|
to the card without scdaemon doing anything on its own. We
|
|
|
|
|
then lock the connection so that other tools (e.g. Kleopatra)
|
|
|
|
|
don't try a new select. */
|
|
|
|
|
err = send_apdu ("lock", "locking connection ", 0);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
locked = 1;
|
|
|
|
|
err = send_apdu ("reset-keep-lock", "reset", 0);
|
2014-12-15 17:38:40 +01:00
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
err = send_apdu ("undefined", "dummy select ", 0);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
|
|
|
|
|
/* Select the OpenPGP application. */
|
|
|
|
|
err = send_apdu ("00A4040006D27600012401", "SELECT AID", 0);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
|
|
|
|
|
/* Do some dummy verifies with wrong PINs to set the retry
|
|
|
|
|
counter to zero. We can't easily use the card version 2.1
|
|
|
|
|
feature of presenting the admin PIN to allow the terminate
|
|
|
|
|
command because there is no machinery in scdaemon to catch
|
|
|
|
|
the verify command and ask for the PIN when the "APDU"
|
|
|
|
|
command is used. */
|
2018-03-16 03:27:33 +01:00
|
|
|
|
/* Here, the length of dummy wrong PIN is 32-byte, also
|
|
|
|
|
supporting authentication with KDF DO. */
|
2014-12-15 17:38:40 +01:00
|
|
|
|
for (i=0; i < 4; i++)
|
2018-03-16 03:27:33 +01:00
|
|
|
|
send_apdu ("0020008120"
|
|
|
|
|
"40404040404040404040404040404040"
|
|
|
|
|
"40404040404040404040404040404040", "VERIFY", 0xffff);
|
2014-12-15 17:38:40 +01:00
|
|
|
|
for (i=0; i < 4; i++)
|
2018-03-16 03:27:33 +01:00
|
|
|
|
send_apdu ("0020008320"
|
|
|
|
|
"40404040404040404040404040404040"
|
|
|
|
|
"40404040404040404040404040404040", "VERIFY", 0xffff);
|
2014-12-15 17:38:40 +01:00
|
|
|
|
|
|
|
|
|
/* Send terminate datafile command. */
|
|
|
|
|
err = send_apdu ("00e60000", "TERMINATE DF", 0x6985);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Send activate datafile command. This is used without
|
|
|
|
|
confirmation if the card is already in termination state. */
|
|
|
|
|
err = send_apdu ("00440000", "ACTIVATE DF", 0);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
|
|
|
|
|
/* Finally we reset the card reader once more. */
|
2020-11-09 13:04:38 +01:00
|
|
|
|
err = send_apdu ("reset-keep-lock", "reset", 0);
|
2018-03-16 03:27:33 +01:00
|
|
|
|
|
|
|
|
|
/* Then, connect the card again. */
|
|
|
|
|
if (!err)
|
2020-11-20 07:35:27 +01:00
|
|
|
|
err = agent_scd_serialno (NULL, NULL);
|
2014-12-15 17:38:40 +01:00
|
|
|
|
|
|
|
|
|
leave:
|
2020-11-09 13:04:38 +01:00
|
|
|
|
if (locked)
|
|
|
|
|
send_apdu ("unlock", "unlocking connection ", 0);
|
2014-12-15 17:38:40 +01:00
|
|
|
|
xfree (answer);
|
|
|
|
|
agent_release_card_info (&info);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2018-03-22 07:50:31 +01:00
|
|
|
|
#define USER_PIN_DEFAULT "123456"
|
|
|
|
|
#define ADMIN_PIN_DEFAULT "12345678"
|
2018-03-30 05:48:04 +02:00
|
|
|
|
#define KDF_DATA_LENGTH_MIN 90
|
|
|
|
|
#define KDF_DATA_LENGTH_MAX 110
|
2018-03-22 07:50:31 +01:00
|
|
|
|
|
|
|
|
|
/* Generate KDF data. */
|
|
|
|
|
static gpg_error_t
|
2018-03-30 05:48:04 +02:00
|
|
|
|
gen_kdf_data (unsigned char *data, int single_salt)
|
2018-03-22 07:50:31 +01:00
|
|
|
|
{
|
|
|
|
|
const unsigned char h0[] = { 0x81, 0x01, 0x03,
|
|
|
|
|
0x82, 0x01, 0x08,
|
|
|
|
|
0x83, 0x04 };
|
|
|
|
|
const unsigned char h1[] = { 0x84, 0x08 };
|
|
|
|
|
const unsigned char h2[] = { 0x85, 0x08 };
|
|
|
|
|
const unsigned char h3[] = { 0x86, 0x08 };
|
|
|
|
|
const unsigned char h4[] = { 0x87, 0x20 };
|
|
|
|
|
const unsigned char h5[] = { 0x88, 0x20 };
|
|
|
|
|
unsigned char *p, *salt_user, *salt_admin;
|
|
|
|
|
unsigned char s2k_char;
|
|
|
|
|
unsigned int iterations;
|
|
|
|
|
unsigned char count_4byte[4];
|
|
|
|
|
gpg_error_t err = 0;
|
|
|
|
|
|
|
|
|
|
p = data;
|
|
|
|
|
|
2019-01-26 23:10:38 +01:00
|
|
|
|
s2k_char = encode_s2k_iterations (agent_get_s2k_count ());
|
2018-03-22 07:50:31 +01:00
|
|
|
|
iterations = S2K_DECODE_COUNT (s2k_char);
|
|
|
|
|
count_4byte[0] = (iterations >> 24) & 0xff;
|
|
|
|
|
count_4byte[1] = (iterations >> 16) & 0xff;
|
|
|
|
|
count_4byte[2] = (iterations >> 8) & 0xff;
|
|
|
|
|
count_4byte[3] = (iterations & 0xff);
|
|
|
|
|
|
|
|
|
|
memcpy (p, h0, sizeof h0);
|
|
|
|
|
p += sizeof h0;
|
|
|
|
|
memcpy (p, count_4byte, sizeof count_4byte);
|
|
|
|
|
p += sizeof count_4byte;
|
|
|
|
|
memcpy (p, h1, sizeof h1);
|
|
|
|
|
salt_user = (p += sizeof h1);
|
|
|
|
|
gcry_randomize (p, 8, GCRY_STRONG_RANDOM);
|
|
|
|
|
p += 8;
|
2018-03-30 05:48:04 +02:00
|
|
|
|
|
2018-03-30 09:55:01 +02:00
|
|
|
|
if (single_salt)
|
|
|
|
|
salt_admin = salt_user;
|
|
|
|
|
else
|
2018-03-30 05:48:04 +02:00
|
|
|
|
{
|
|
|
|
|
memcpy (p, h2, sizeof h2);
|
|
|
|
|
p += sizeof h2;
|
|
|
|
|
gcry_randomize (p, 8, GCRY_STRONG_RANDOM);
|
|
|
|
|
p += 8;
|
|
|
|
|
memcpy (p, h3, sizeof h3);
|
|
|
|
|
salt_admin = (p += sizeof h3);
|
|
|
|
|
gcry_randomize (p, 8, GCRY_STRONG_RANDOM);
|
|
|
|
|
p += 8;
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-22 07:50:31 +01:00
|
|
|
|
memcpy (p, h4, sizeof h4);
|
|
|
|
|
p += sizeof h4;
|
|
|
|
|
err = gcry_kdf_derive (USER_PIN_DEFAULT, strlen (USER_PIN_DEFAULT),
|
|
|
|
|
GCRY_KDF_ITERSALTED_S2K, DIGEST_ALGO_SHA256,
|
|
|
|
|
salt_user, 8, iterations, 32, p);
|
|
|
|
|
p += 32;
|
|
|
|
|
if (!err)
|
|
|
|
|
{
|
|
|
|
|
memcpy (p, h5, sizeof h5);
|
|
|
|
|
p += sizeof h5;
|
|
|
|
|
err = gcry_kdf_derive (ADMIN_PIN_DEFAULT, strlen (ADMIN_PIN_DEFAULT),
|
|
|
|
|
GCRY_KDF_ITERSALTED_S2K, DIGEST_ALGO_SHA256,
|
|
|
|
|
salt_admin, 8, iterations, 32, p);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Setup KDF data object which is used for PIN authentication. */
|
|
|
|
|
static void
|
2018-03-30 05:48:04 +02:00
|
|
|
|
kdf_setup (const char *args)
|
2018-03-22 07:50:31 +01:00
|
|
|
|
{
|
|
|
|
|
struct agent_card_info_s info;
|
|
|
|
|
gpg_error_t err;
|
2018-03-30 05:48:04 +02:00
|
|
|
|
unsigned char kdf_data[KDF_DATA_LENGTH_MAX];
|
2019-07-19 04:33:36 +02:00
|
|
|
|
size_t len;
|
2018-03-22 07:50:31 +01:00
|
|
|
|
|
|
|
|
|
memset (&info, 0, sizeof info);
|
|
|
|
|
|
|
|
|
|
err = agent_scd_getattr ("EXTCAP", &info);
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
log_error (_("error getting card info: %s\n"), gpg_strerror (err));
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!info.extcap.kdf)
|
|
|
|
|
{
|
|
|
|
|
log_error (_("This command is not supported by this card\n"));
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-19 04:33:36 +02:00
|
|
|
|
if (!strcmp (args, "off"))
|
|
|
|
|
{
|
2020-09-16 05:49:20 +02:00
|
|
|
|
len = 3;
|
|
|
|
|
memcpy (kdf_data, "\x81\x01\x00", len);
|
2019-07-19 04:33:36 +02:00
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
int single = 0;
|
|
|
|
|
|
|
|
|
|
if (*args != 0)
|
|
|
|
|
single = 1;
|
|
|
|
|
|
|
|
|
|
len = single ? KDF_DATA_LENGTH_MIN: KDF_DATA_LENGTH_MAX;
|
|
|
|
|
err = gen_kdf_data (kdf_data, single);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave_error;
|
|
|
|
|
}
|
2018-03-30 05:48:04 +02:00
|
|
|
|
|
2019-07-19 04:33:36 +02:00
|
|
|
|
err = agent_scd_setattr ("KDF", kdf_data, len);
|
2018-03-30 05:48:04 +02:00
|
|
|
|
if (err)
|
|
|
|
|
goto leave_error;
|
|
|
|
|
|
|
|
|
|
err = agent_scd_getattr ("KDF", &info);
|
2018-03-22 07:50:31 +01:00
|
|
|
|
|
2018-03-30 05:48:04 +02:00
|
|
|
|
leave_error:
|
2018-03-22 07:50:31 +01:00
|
|
|
|
if (err)
|
|
|
|
|
log_error (_("error for setup KDF: %s\n"), gpg_strerror (err));
|
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
agent_release_card_info (&info);
|
|
|
|
|
}
|
2018-09-27 09:45:27 +02:00
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
uif (int arg_number, const char *arg_rest)
|
|
|
|
|
{
|
2018-10-25 09:20:20 +02:00
|
|
|
|
struct agent_card_info_s info;
|
|
|
|
|
int feature_available;
|
2018-09-27 09:45:27 +02:00
|
|
|
|
gpg_error_t err;
|
|
|
|
|
char name[100];
|
|
|
|
|
unsigned char data[2];
|
|
|
|
|
|
2018-10-25 09:20:20 +02:00
|
|
|
|
memset (&info, 0, sizeof info);
|
|
|
|
|
|
|
|
|
|
err = agent_scd_getattr ("EXTCAP", &info);
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
log_error (_("error getting card info: %s\n"), gpg_strerror (err));
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
feature_available = info.extcap.bt;
|
|
|
|
|
agent_release_card_info (&info);
|
|
|
|
|
|
|
|
|
|
if (!feature_available)
|
|
|
|
|
{
|
|
|
|
|
log_error (_("This command is not supported by this card\n"));
|
|
|
|
|
tty_printf ("\n");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-27 09:45:27 +02:00
|
|
|
|
snprintf (name, sizeof name, "UIF-%d", arg_number);
|
|
|
|
|
if ( !strcmp (arg_rest, "off") )
|
|
|
|
|
data[0] = 0x00;
|
|
|
|
|
else if ( !strcmp (arg_rest, "on") )
|
|
|
|
|
data[0] = 0x01;
|
|
|
|
|
else if ( !strcmp (arg_rest, "permanent") )
|
|
|
|
|
data[0] = 0x02;
|
|
|
|
|
|
|
|
|
|
data[1] = 0x20;
|
|
|
|
|
|
2019-04-01 18:12:35 +02:00
|
|
|
|
err = agent_scd_setattr (name, data, 2);
|
2018-09-27 09:45:27 +02:00
|
|
|
|
if (err)
|
|
|
|
|
log_error (_("error for setup UIF: %s\n"), gpg_strerror (err));
|
|
|
|
|
}
|
2006-04-19 13:26:11 +02:00
|
|
|
|
|
|
|
|
|
/* Data used by the command parser. This needs to be outside of the
|
|
|
|
|
function scope to allow readline based command completion. */
|
|
|
|
|
enum cmdids
|
|
|
|
|
{
|
2003-09-18 17:51:18 +02:00
|
|
|
|
cmdNOP = 0,
|
2006-04-19 13:26:11 +02:00
|
|
|
|
cmdQUIT, cmdADMIN, cmdHELP, cmdLIST, cmdDEBUG, cmdVERIFY,
|
2004-10-22 11:41:01 +02:00
|
|
|
|
cmdNAME, cmdURL, cmdFETCH, cmdLOGIN, cmdLANG, cmdSEX, cmdCAFPR,
|
2008-09-23 11:57:45 +02:00
|
|
|
|
cmdFORCESIG, cmdGENERATE, cmdPASSWD, cmdPRIVATEDO, cmdWRITECERT,
|
2018-03-22 07:50:31 +01:00
|
|
|
|
cmdREADCERT, cmdUNBLOCK, cmdFACTORYRESET, cmdKDFSETUP,
|
2018-09-27 09:45:27 +02:00
|
|
|
|
cmdKEYATTR, cmdUIF,
|
2003-09-18 17:51:18 +02:00
|
|
|
|
cmdINVCMD
|
|
|
|
|
};
|
|
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
|
static struct
|
|
|
|
|
{
|
|
|
|
|
const char *name;
|
|
|
|
|
enum cmdids id;
|
|
|
|
|
int admin_only;
|
|
|
|
|
const char *desc;
|
|
|
|
|
} cmds[] =
|
|
|
|
|
{
|
|
|
|
|
{ "quit" , cmdQUIT , 0, N_("quit this menu")},
|
|
|
|
|
{ "q" , cmdQUIT , 0, NULL },
|
|
|
|
|
{ "admin" , cmdADMIN , 0, N_("show admin commands")},
|
|
|
|
|
{ "help" , cmdHELP , 0, N_("show this help")},
|
|
|
|
|
{ "?" , cmdHELP , 0, NULL },
|
|
|
|
|
{ "list" , cmdLIST , 0, N_("list all available data")},
|
|
|
|
|
{ "l" , cmdLIST , 0, NULL },
|
|
|
|
|
{ "debug" , cmdDEBUG , 0, NULL },
|
|
|
|
|
{ "name" , cmdNAME , 1, N_("change card holder's name")},
|
|
|
|
|
{ "url" , cmdURL , 1, N_("change URL to retrieve key")},
|
|
|
|
|
{ "fetch" , cmdFETCH , 0, N_("fetch the key specified in the card URL")},
|
|
|
|
|
{ "login" , cmdLOGIN , 1, N_("change the login name")},
|
|
|
|
|
{ "lang" , cmdLANG , 1, N_("change the language preferences")},
|
2017-11-15 11:34:30 +01:00
|
|
|
|
{ "salutation",cmdSEX , 1, N_("change card holder's salutation")},
|
|
|
|
|
{ "sex" ,cmdSEX , 1, NULL }, /* Backward compatibility. */
|
2006-04-19 13:26:11 +02:00
|
|
|
|
{ "cafpr" , cmdCAFPR , 1, N_("change a CA fingerprint")},
|
|
|
|
|
{ "forcesig", cmdFORCESIG, 1, N_("toggle the signature force PIN flag")},
|
|
|
|
|
{ "generate", cmdGENERATE, 1, N_("generate new keys")},
|
|
|
|
|
{ "passwd" , cmdPASSWD, 0, N_("menu to change or unblock the PIN")},
|
|
|
|
|
{ "verify" , cmdVERIFY, 0, N_("verify the PIN and list all data")},
|
2018-09-27 09:45:27 +02:00
|
|
|
|
{ "unblock" , cmdUNBLOCK,0, N_("unblock the PIN using a Reset Code")},
|
2014-12-15 17:38:40 +01:00
|
|
|
|
{ "factory-reset", cmdFACTORYRESET, 1, N_("destroy all keys and data")},
|
2019-07-19 04:33:36 +02:00
|
|
|
|
{ "kdf-setup", cmdKDFSETUP, 1,
|
|
|
|
|
N_("setup KDF for PIN authentication (on/single/off)")},
|
2018-03-30 03:59:10 +02:00
|
|
|
|
{ "key-attr", cmdKEYATTR, 1, N_("change the key attribute")},
|
2018-09-27 09:45:27 +02:00
|
|
|
|
{ "uif", cmdUIF, 1, N_("change the User Interaction Flag")},
|
2008-09-23 11:57:45 +02:00
|
|
|
|
/* Note, that we do not announce these command yet. */
|
2006-04-19 13:26:11 +02:00
|
|
|
|
{ "privatedo", cmdPRIVATEDO, 0, NULL },
|
2009-06-17 11:45:50 +02:00
|
|
|
|
{ "readcert", cmdREADCERT, 0, NULL },
|
2008-09-23 11:57:45 +02:00
|
|
|
|
{ "writecert", cmdWRITECERT, 1, NULL },
|
2011-02-04 12:57:53 +01:00
|
|
|
|
{ NULL, cmdINVCMD, 0, NULL }
|
2003-09-18 17:51:18 +02:00
|
|
|
|
};
|
2006-04-19 13:26:11 +02:00
|
|
|
|
|
|
|
|
|
|
2009-08-05 15:48:23 +02:00
|
|
|
|
#ifdef HAVE_LIBREADLINE
|
2006-04-19 13:26:11 +02:00
|
|
|
|
|
|
|
|
|
/* These two functions are used by readline for command completion. */
|
|
|
|
|
|
|
|
|
|
static char *
|
|
|
|
|
command_generator(const char *text,int state)
|
|
|
|
|
{
|
|
|
|
|
static int list_index,len;
|
|
|
|
|
const char *name;
|
|
|
|
|
|
|
|
|
|
/* If this is a new word to complete, initialize now. This includes
|
|
|
|
|
saving the length of TEXT for efficiency, and initializing the
|
|
|
|
|
index variable to 0. */
|
|
|
|
|
if(!state)
|
|
|
|
|
{
|
|
|
|
|
list_index=0;
|
|
|
|
|
len=strlen(text);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Return the next partial match */
|
|
|
|
|
while((name=cmds[list_index].name))
|
|
|
|
|
{
|
|
|
|
|
/* Only complete commands that have help text */
|
|
|
|
|
if(cmds[list_index++].desc && strncmp(name,text,len)==0)
|
|
|
|
|
return strdup(name);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static char **
|
|
|
|
|
card_edit_completion(const char *text, int start, int end)
|
|
|
|
|
{
|
2009-08-05 15:48:23 +02:00
|
|
|
|
(void)end;
|
2006-04-19 13:26:11 +02:00
|
|
|
|
/* If we are at the start of a line, we try and command-complete.
|
|
|
|
|
If not, just do nothing for now. */
|
|
|
|
|
|
|
|
|
|
if(start==0)
|
|
|
|
|
return rl_completion_matches(text,command_generator);
|
|
|
|
|
|
|
|
|
|
rl_attempted_completion_over=1;
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
2009-08-05 15:48:23 +02:00
|
|
|
|
#endif /*HAVE_LIBREADLINE*/
|
2006-04-19 13:26:11 +02:00
|
|
|
|
|
|
|
|
|
/* Menu to edit all user changeable values on an OpenPGP card. Only
|
|
|
|
|
Key creation is not handled here. */
|
|
|
|
|
void
|
2010-10-01 22:33:53 +02:00
|
|
|
|
card_edit (ctrl_t ctrl, strlist_t commands)
|
2006-04-19 13:26:11 +02:00
|
|
|
|
{
|
2003-09-18 17:51:18 +02:00
|
|
|
|
enum cmdids cmd = cmdNOP;
|
|
|
|
|
int have_commands = !!commands;
|
|
|
|
|
int redisplay = 1;
|
2003-09-19 13:17:11 +02:00
|
|
|
|
char *answer = NULL;
|
2009-06-24 16:03:09 +02:00
|
|
|
|
int allow_admin=0;
|
2003-10-21 19:12:21 +02:00
|
|
|
|
char serialnobuf[50];
|
|
|
|
|
|
2003-09-18 17:51:18 +02:00
|
|
|
|
|
|
|
|
|
if (opt.command_fd != -1)
|
|
|
|
|
;
|
|
|
|
|
else if (opt.batch && !have_commands)
|
|
|
|
|
{
|
2006-04-19 13:26:11 +02:00
|
|
|
|
log_error(_("can't do this in batch mode\n"));
|
2003-09-18 17:51:18 +02:00
|
|
|
|
goto leave;
|
|
|
|
|
}
|
2003-07-24 11:06:43 +02:00
|
|
|
|
|
2003-09-18 17:51:18 +02:00
|
|
|
|
for (;;)
|
|
|
|
|
{
|
|
|
|
|
int arg_number;
|
|
|
|
|
const char *arg_string = "";
|
2008-09-23 11:57:45 +02:00
|
|
|
|
const char *arg_rest = "";
|
2003-09-18 17:51:18 +02:00
|
|
|
|
char *p;
|
|
|
|
|
int i;
|
2004-10-22 11:41:01 +02:00
|
|
|
|
int cmd_admin_only;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2003-09-18 17:51:18 +02:00
|
|
|
|
tty_printf("\n");
|
2017-03-27 07:02:01 +02:00
|
|
|
|
if (redisplay)
|
2003-09-18 17:51:18 +02:00
|
|
|
|
{
|
2003-09-24 10:31:16 +02:00
|
|
|
|
if (opt.with_colons)
|
|
|
|
|
{
|
2017-03-31 20:03:52 +02:00
|
|
|
|
current_card_status (ctrl, es_stdout,
|
|
|
|
|
serialnobuf, DIM (serialnobuf));
|
2003-09-24 10:31:16 +02:00
|
|
|
|
fflush (stdout);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2017-03-31 20:03:52 +02:00
|
|
|
|
current_card_status (ctrl, NULL,
|
|
|
|
|
serialnobuf, DIM (serialnobuf));
|
2003-09-24 10:31:16 +02:00
|
|
|
|
tty_printf("\n");
|
|
|
|
|
}
|
2003-09-18 17:51:18 +02:00
|
|
|
|
redisplay = 0;
|
|
|
|
|
}
|
2003-07-23 09:11:06 +02:00
|
|
|
|
|
2003-09-18 17:51:18 +02:00
|
|
|
|
do
|
|
|
|
|
{
|
|
|
|
|
xfree (answer);
|
|
|
|
|
if (have_commands)
|
|
|
|
|
{
|
|
|
|
|
if (commands)
|
|
|
|
|
{
|
|
|
|
|
answer = xstrdup (commands->d);
|
|
|
|
|
commands = commands->next;
|
|
|
|
|
}
|
|
|
|
|
else if (opt.batch)
|
|
|
|
|
{
|
|
|
|
|
answer = xstrdup ("quit");
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
have_commands = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!have_commands)
|
|
|
|
|
{
|
2006-04-19 13:26:11 +02:00
|
|
|
|
tty_enable_completion (card_edit_completion);
|
2010-02-02 15:06:19 +01:00
|
|
|
|
answer = cpr_get_no_help("cardedit.prompt", _("gpg/card> "));
|
2003-09-18 17:51:18 +02:00
|
|
|
|
cpr_kill_prompt();
|
2006-04-19 13:26:11 +02:00
|
|
|
|
tty_disable_completion ();
|
2009-08-05 15:48:23 +02:00
|
|
|
|
}
|
2003-09-18 17:51:18 +02:00
|
|
|
|
trim_spaces(answer);
|
|
|
|
|
}
|
2004-10-22 11:41:01 +02:00
|
|
|
|
while ( *answer == '#' );
|
2003-09-18 17:51:18 +02:00
|
|
|
|
|
|
|
|
|
arg_number = 0; /* Yes, here is the init which egcc complains about */
|
2004-10-22 11:41:01 +02:00
|
|
|
|
cmd_admin_only = 0;
|
2003-09-18 17:51:18 +02:00
|
|
|
|
if (!*answer)
|
|
|
|
|
cmd = cmdLIST; /* Default to the list command */
|
|
|
|
|
else if (*answer == CONTROL_D)
|
|
|
|
|
cmd = cmdQUIT;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
else
|
2004-10-22 11:41:01 +02:00
|
|
|
|
{
|
|
|
|
|
if ((p=strchr (answer,' ')))
|
|
|
|
|
{
|
|
|
|
|
*p++ = 0;
|
|
|
|
|
trim_spaces (answer);
|
|
|
|
|
trim_spaces (p);
|
|
|
|
|
arg_number = atoi(p);
|
|
|
|
|
arg_string = p;
|
2008-09-23 11:57:45 +02:00
|
|
|
|
arg_rest = p;
|
|
|
|
|
while (digitp (arg_rest))
|
|
|
|
|
arg_rest++;
|
|
|
|
|
while (spacep (arg_rest))
|
|
|
|
|
arg_rest++;
|
2004-10-22 11:41:01 +02:00
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2004-10-22 11:41:01 +02:00
|
|
|
|
for (i=0; cmds[i].name; i++ )
|
|
|
|
|
if (!ascii_strcasecmp (answer, cmds[i].name ))
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
cmd = cmds[i].id;
|
|
|
|
|
cmd_admin_only = cmds[i].admin_only;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!allow_admin && cmd_admin_only)
|
|
|
|
|
{
|
|
|
|
|
tty_printf ("\n");
|
|
|
|
|
tty_printf (_("Admin-only command\n"));
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2003-09-18 17:51:18 +02:00
|
|
|
|
|
|
|
|
|
switch (cmd)
|
|
|
|
|
{
|
|
|
|
|
case cmdHELP:
|
|
|
|
|
for (i=0; cmds[i].name; i++ )
|
2004-10-22 11:41:01 +02:00
|
|
|
|
if(cmds[i].desc
|
|
|
|
|
&& (!cmds[i].admin_only || (cmds[i].admin_only && allow_admin)))
|
2014-12-15 17:38:40 +01:00
|
|
|
|
tty_printf("%-14s %s\n", cmds[i].name, _(cmds[i].desc) );
|
2003-09-18 17:51:18 +02:00
|
|
|
|
break;
|
|
|
|
|
|
2004-10-22 11:41:01 +02:00
|
|
|
|
case cmdADMIN:
|
2006-04-19 13:26:11 +02:00
|
|
|
|
if ( !strcmp (arg_string, "on") )
|
|
|
|
|
allow_admin = 1;
|
|
|
|
|
else if ( !strcmp (arg_string, "off") )
|
|
|
|
|
allow_admin = 0;
|
|
|
|
|
else if ( !strcmp (arg_string, "verify") )
|
|
|
|
|
{
|
|
|
|
|
/* Force verification of the Admin Command. However,
|
|
|
|
|
this is only done if the retry counter is at initial
|
|
|
|
|
state. */
|
|
|
|
|
char *tmp = xmalloc (strlen (serialnobuf) + 6 + 1);
|
|
|
|
|
strcpy (stpcpy (tmp, serialnobuf), "[CHV3]");
|
|
|
|
|
allow_admin = !agent_scd_checkpin (tmp);
|
|
|
|
|
xfree (tmp);
|
|
|
|
|
}
|
|
|
|
|
else /* Toggle. */
|
|
|
|
|
allow_admin=!allow_admin;
|
|
|
|
|
if(allow_admin)
|
|
|
|
|
tty_printf(_("Admin commands are allowed\n"));
|
|
|
|
|
else
|
|
|
|
|
tty_printf(_("Admin commands are not allowed\n"));
|
2004-10-22 11:41:01 +02:00
|
|
|
|
break;
|
|
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
|
case cmdVERIFY:
|
|
|
|
|
agent_scd_checkpin (serialnobuf);
|
|
|
|
|
redisplay = 1;
|
|
|
|
|
break;
|
|
|
|
|
|
2003-09-18 17:51:18 +02:00
|
|
|
|
case cmdLIST:
|
|
|
|
|
redisplay = 1;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case cmdNAME:
|
2004-10-22 11:41:01 +02:00
|
|
|
|
change_name ();
|
2003-09-18 17:51:18 +02:00
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case cmdURL:
|
2004-10-22 11:41:01 +02:00
|
|
|
|
change_url ();
|
2003-09-18 17:51:18 +02:00
|
|
|
|
break;
|
|
|
|
|
|
2004-10-22 11:41:01 +02:00
|
|
|
|
case cmdFETCH:
|
2010-10-01 22:33:53 +02:00
|
|
|
|
fetch_url (ctrl);
|
2004-10-22 11:41:01 +02:00
|
|
|
|
break;
|
|
|
|
|
|
2003-09-18 17:51:18 +02:00
|
|
|
|
case cmdLOGIN:
|
2004-10-22 11:41:01 +02:00
|
|
|
|
change_login (arg_string);
|
2003-09-18 17:51:18 +02:00
|
|
|
|
break;
|
2003-07-23 09:11:06 +02:00
|
|
|
|
|
2003-09-18 17:51:18 +02:00
|
|
|
|
case cmdLANG:
|
2004-10-22 11:41:01 +02:00
|
|
|
|
change_lang ();
|
2003-09-18 17:51:18 +02:00
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case cmdSEX:
|
2004-10-22 11:41:01 +02:00
|
|
|
|
change_sex ();
|
2003-09-18 17:51:18 +02:00
|
|
|
|
break;
|
|
|
|
|
|
2004-07-01 19:42:09 +02:00
|
|
|
|
case cmdCAFPR:
|
|
|
|
|
if ( arg_number < 1 || arg_number > 3 )
|
|
|
|
|
tty_printf ("usage: cafpr N\n"
|
|
|
|
|
" 1 <= N <= 3\n");
|
|
|
|
|
else
|
|
|
|
|
change_cafpr (arg_number);
|
|
|
|
|
break;
|
|
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
|
case cmdPRIVATEDO:
|
|
|
|
|
if ( arg_number < 1 || arg_number > 4 )
|
|
|
|
|
tty_printf ("usage: privatedo N\n"
|
|
|
|
|
" 1 <= N <= 4\n");
|
|
|
|
|
else
|
|
|
|
|
change_private_do (arg_string, arg_number);
|
|
|
|
|
break;
|
|
|
|
|
|
2008-09-23 11:57:45 +02:00
|
|
|
|
case cmdWRITECERT:
|
|
|
|
|
if ( arg_number != 3 )
|
|
|
|
|
tty_printf ("usage: writecert 3 < FILE\n");
|
|
|
|
|
else
|
|
|
|
|
change_cert (arg_rest);
|
|
|
|
|
break;
|
|
|
|
|
|
2009-06-17 11:45:50 +02:00
|
|
|
|
case cmdREADCERT:
|
|
|
|
|
if ( arg_number != 3 )
|
|
|
|
|
tty_printf ("usage: readcert 3 > FILE\n");
|
|
|
|
|
else
|
|
|
|
|
read_cert (arg_rest);
|
|
|
|
|
break;
|
|
|
|
|
|
2003-09-30 19:34:38 +02:00
|
|
|
|
case cmdFORCESIG:
|
|
|
|
|
toggle_forcesig ();
|
|
|
|
|
break;
|
|
|
|
|
|
2003-10-08 12:46:58 +02:00
|
|
|
|
case cmdGENERATE:
|
2011-11-06 17:01:31 +01:00
|
|
|
|
generate_card_keys (ctrl);
|
2003-10-08 12:46:58 +02:00
|
|
|
|
break;
|
|
|
|
|
|
2003-10-21 19:12:21 +02:00
|
|
|
|
case cmdPASSWD:
|
2004-10-22 11:41:01 +02:00
|
|
|
|
change_pin (0, allow_admin);
|
2003-10-21 19:12:21 +02:00
|
|
|
|
break;
|
|
|
|
|
|
2008-09-25 12:06:02 +02:00
|
|
|
|
case cmdUNBLOCK:
|
|
|
|
|
change_pin (1, allow_admin);
|
|
|
|
|
break;
|
|
|
|
|
|
2014-12-15 17:38:40 +01:00
|
|
|
|
case cmdFACTORYRESET:
|
|
|
|
|
factory_reset ();
|
|
|
|
|
break;
|
|
|
|
|
|
2018-03-22 07:50:31 +01:00
|
|
|
|
case cmdKDFSETUP:
|
2018-03-30 05:48:04 +02:00
|
|
|
|
kdf_setup (arg_string);
|
2018-03-22 07:50:31 +01:00
|
|
|
|
break;
|
|
|
|
|
|
2018-03-30 03:59:10 +02:00
|
|
|
|
case cmdKEYATTR:
|
|
|
|
|
key_attr ();
|
2018-03-22 07:50:31 +01:00
|
|
|
|
break;
|
|
|
|
|
|
2018-09-27 09:45:27 +02:00
|
|
|
|
case cmdUIF:
|
|
|
|
|
if ( arg_number < 1 || arg_number > 3 )
|
|
|
|
|
tty_printf ("usage: uif N [on|off|permanent]\n"
|
|
|
|
|
" 1 <= N <= 3\n");
|
|
|
|
|
else
|
|
|
|
|
uif (arg_number, arg_rest);
|
|
|
|
|
break;
|
|
|
|
|
|
2003-09-18 17:51:18 +02:00
|
|
|
|
case cmdQUIT:
|
|
|
|
|
goto leave;
|
|
|
|
|
|
|
|
|
|
case cmdNOP:
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case cmdINVCMD:
|
|
|
|
|
default:
|
|
|
|
|
tty_printf ("\n");
|
|
|
|
|
tty_printf (_("Invalid command (try \"help\")\n"));
|
|
|
|
|
break;
|
|
|
|
|
} /* End command switch. */
|
|
|
|
|
} /* End of main menu loop. */
|
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
xfree (answer);
|
|
|
|
|
}
|