2019-02-25 09:28:22 +01:00
|
|
|
|
/* gpg-card.c - An interactive tool to work with cards.
|
2022-10-25 14:11:47 +02:00
|
|
|
|
* Copyright (C) 2019--2022 g10 Code GmbH
|
2019-01-22 09:07:24 +01:00
|
|
|
|
*
|
|
|
|
|
* This file is part of GnuPG.
|
|
|
|
|
*
|
|
|
|
|
* This file is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 3 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This file is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU Lesser General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, see <https://gnu.org/licenses/>.
|
2019-01-27 20:12:00 +01:00
|
|
|
|
* SPDX-License-Identifier: GPL-3.0-or-later
|
2019-01-22 09:07:24 +01:00
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
2021-04-19 20:17:39 +02:00
|
|
|
|
#include <ctype.h>
|
2019-01-22 09:07:24 +01:00
|
|
|
|
#ifdef HAVE_LIBREADLINE
|
|
|
|
|
# define GNUPG_LIBREADLINE_H_INCLUDED
|
|
|
|
|
# include <readline/readline.h>
|
|
|
|
|
#endif /*HAVE_LIBREADLINE*/
|
|
|
|
|
|
2020-02-10 16:37:34 +01:00
|
|
|
|
#define INCLUDED_BY_MAIN_MODULE 1
|
|
|
|
|
|
2019-01-22 09:07:24 +01:00
|
|
|
|
#include "../common/util.h"
|
|
|
|
|
#include "../common/status.h"
|
|
|
|
|
#include "../common/i18n.h"
|
|
|
|
|
#include "../common/init.h"
|
|
|
|
|
#include "../common/sysutils.h"
|
|
|
|
|
#include "../common/asshelp.h"
|
|
|
|
|
#include "../common/userids.h"
|
|
|
|
|
#include "../common/ccparray.h"
|
|
|
|
|
#include "../common/exectool.h"
|
|
|
|
|
#include "../common/ttyio.h"
|
2019-01-27 20:12:00 +01:00
|
|
|
|
#include "../common/server-help.h"
|
|
|
|
|
#include "../common/openpgpdefs.h"
|
2020-05-28 15:55:54 +02:00
|
|
|
|
#include "../common/tlv.h"
|
2022-08-22 12:01:55 +02:00
|
|
|
|
#include "../common/comopt.h"
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
2019-02-25 09:28:22 +01:00
|
|
|
|
#include "gpg-card.h"
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
|
|
|
|
#define CONTROL_D ('D' - 'A' + 1)
|
|
|
|
|
|
2020-07-02 15:47:57 +02:00
|
|
|
|
#define HISTORYNAME ".gpg-card_history"
|
|
|
|
|
|
2019-01-22 09:07:24 +01:00
|
|
|
|
/* Constants to identify the commands and options. */
|
2019-01-31 18:57:16 +01:00
|
|
|
|
enum opt_values
|
2019-01-22 09:07:24 +01:00
|
|
|
|
{
|
|
|
|
|
aNull = 0,
|
|
|
|
|
|
|
|
|
|
oQuiet = 'q',
|
|
|
|
|
oVerbose = 'v',
|
|
|
|
|
|
|
|
|
|
oDebug = 500,
|
|
|
|
|
|
|
|
|
|
oGpgProgram,
|
|
|
|
|
oGpgsmProgram,
|
|
|
|
|
oStatusFD,
|
|
|
|
|
oWithColons,
|
2019-01-27 20:12:00 +01:00
|
|
|
|
oNoAutostart,
|
|
|
|
|
oAgentProgram,
|
|
|
|
|
|
|
|
|
|
oDisplay,
|
|
|
|
|
oTTYname,
|
|
|
|
|
oTTYtype,
|
|
|
|
|
oXauthority,
|
|
|
|
|
oLCctype,
|
|
|
|
|
oLCmessages,
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2020-02-12 11:16:41 +01:00
|
|
|
|
oNoKeyLookup,
|
2020-07-02 15:47:57 +02:00
|
|
|
|
oNoHistory,
|
2020-08-14 12:19:11 +02:00
|
|
|
|
oChUid,
|
2020-02-12 11:16:41 +01:00
|
|
|
|
|
2019-01-22 09:07:24 +01:00
|
|
|
|
oDummy
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* The list of commands and options. */
|
2020-02-21 20:28:47 +01:00
|
|
|
|
static gpgrt_opt_t opts[] = {
|
2019-01-22 09:07:24 +01:00
|
|
|
|
ARGPARSE_group (301, ("@\nOptions:\n ")),
|
|
|
|
|
|
|
|
|
|
ARGPARSE_s_n (oVerbose, "verbose", ("verbose")),
|
|
|
|
|
ARGPARSE_s_n (oQuiet, "quiet", ("be somewhat more quiet")),
|
|
|
|
|
ARGPARSE_s_s (oDebug, "debug", "@"),
|
|
|
|
|
ARGPARSE_s_s (oGpgProgram, "gpg", "@"),
|
|
|
|
|
ARGPARSE_s_s (oGpgsmProgram, "gpgsm", "@"),
|
2023-06-27 07:44:01 +02:00
|
|
|
|
ARGPARSE_s_i (oStatusFD, "status-fd", N_("|FD|write status info to this FD")),
|
2019-01-22 09:07:24 +01:00
|
|
|
|
ARGPARSE_s_n (oWithColons, "with-colons", "@"),
|
2019-01-27 20:12:00 +01:00
|
|
|
|
ARGPARSE_s_n (oNoAutostart, "no-autostart", "@"),
|
|
|
|
|
ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
|
|
|
|
|
ARGPARSE_s_s (oDisplay, "display", "@"),
|
|
|
|
|
ARGPARSE_s_s (oTTYname, "ttyname", "@"),
|
|
|
|
|
ARGPARSE_s_s (oTTYtype, "ttytype", "@"),
|
|
|
|
|
ARGPARSE_s_s (oXauthority, "xauthority", "@"),
|
|
|
|
|
ARGPARSE_s_s (oLCctype, "lc-ctype", "@"),
|
|
|
|
|
ARGPARSE_s_s (oLCmessages, "lc-messages","@"),
|
2020-02-12 11:16:41 +01:00
|
|
|
|
ARGPARSE_s_n (oNoKeyLookup,"no-key-lookup",
|
|
|
|
|
"use --no-key-lookup for \"list\""),
|
2020-07-02 15:47:57 +02:00
|
|
|
|
ARGPARSE_s_n (oNoHistory,"no-history",
|
|
|
|
|
"do not use the command history file"),
|
2020-08-14 12:19:11 +02:00
|
|
|
|
ARGPARSE_s_s (oChUid, "chuid", "@"),
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
|
|
|
|
ARGPARSE_end ()
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/* The list of supported debug flags. */
|
|
|
|
|
static struct debug_flags_s debug_flags [] =
|
|
|
|
|
{
|
|
|
|
|
{ DBG_IPC_VALUE , "ipc" },
|
|
|
|
|
{ DBG_EXTPROG_VALUE, "extprog" },
|
|
|
|
|
{ 0, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
2019-01-29 08:48:53 +01:00
|
|
|
|
/* An object to create lists of labels and keyrefs. */
|
|
|
|
|
struct keyinfolabel_s
|
|
|
|
|
{
|
|
|
|
|
const char *label;
|
|
|
|
|
const char *keyref;
|
|
|
|
|
};
|
|
|
|
|
typedef struct keyinfolabel_s *keyinfolabel_t;
|
|
|
|
|
|
2020-08-14 12:19:11 +02:00
|
|
|
|
/* Helper for --chuid. */
|
|
|
|
|
static const char *changeuser;
|
2019-01-29 08:48:53 +01:00
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
/* Limit of size of data we read from a file for certain commands. */
|
|
|
|
|
#define MAX_GET_DATA_FROM_FILE 16384
|
|
|
|
|
|
2019-01-29 08:48:53 +01:00
|
|
|
|
/* Constants for OpenPGP cards. */
|
2019-01-27 20:12:00 +01:00
|
|
|
|
#define OPENPGP_USER_PIN_DEFAULT "123456"
|
|
|
|
|
#define OPENPGP_ADMIN_PIN_DEFAULT "12345678"
|
|
|
|
|
#define OPENPGP_KDF_DATA_LENGTH_MIN 90
|
|
|
|
|
#define OPENPGP_KDF_DATA_LENGTH_MAX 110
|
|
|
|
|
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
/* Local prototypes. */
|
2020-02-10 14:12:36 +01:00
|
|
|
|
static void show_keysize_warning (void);
|
2019-01-31 18:57:16 +01:00
|
|
|
|
static gpg_error_t dispatch_command (card_info_t info, const char *command);
|
2019-01-22 09:07:24 +01:00
|
|
|
|
static void interactive_loop (void);
|
|
|
|
|
#ifdef HAVE_LIBREADLINE
|
|
|
|
|
static char **command_completion (const char *text, int start, int end);
|
|
|
|
|
#endif /*HAVE_LIBREADLINE*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Print usage information and provide strings for help. */
|
|
|
|
|
static const char *
|
|
|
|
|
my_strusage( int level )
|
|
|
|
|
{
|
|
|
|
|
const char *p;
|
|
|
|
|
|
|
|
|
|
switch (level)
|
|
|
|
|
{
|
2020-02-21 20:28:47 +01:00
|
|
|
|
case 9: p = "GPL-3.0-or-later"; break;
|
2019-02-25 09:28:22 +01:00
|
|
|
|
case 11: p = "gpg-card"; break;
|
2019-01-22 09:07:24 +01:00
|
|
|
|
case 12: p = "@GNUPG@"; break;
|
|
|
|
|
case 13: p = VERSION; break;
|
2020-02-21 20:28:47 +01:00
|
|
|
|
case 14: p = GNUPG_DEF_COPYRIGHT_LINE; break;
|
2019-01-22 09:07:24 +01:00
|
|
|
|
case 17: p = PRINTABLE_OS_NAME; break;
|
|
|
|
|
case 19: p = ("Please report bugs to <@EMAIL@>.\n"); break;
|
|
|
|
|
|
|
|
|
|
case 1:
|
|
|
|
|
case 40:
|
2019-02-25 09:28:22 +01:00
|
|
|
|
p = ("Usage: gpg-card"
|
2019-01-31 18:57:16 +01:00
|
|
|
|
" [options] [{[--] command [args]}] (-h for help)");
|
2019-01-22 09:07:24 +01:00
|
|
|
|
break;
|
|
|
|
|
case 41:
|
2019-02-25 09:28:22 +01:00
|
|
|
|
p = ("Syntax: gpg-card"
|
2019-01-31 18:57:16 +01:00
|
|
|
|
" [options] [command [args] {-- command [args]}]\n\n"
|
2021-06-12 11:59:03 +02:00
|
|
|
|
"Tool to manage cards and tokens. Without a command an interactive\n"
|
2019-01-31 18:57:16 +01:00
|
|
|
|
"mode is used. Use command \"help\" to list all commands.");
|
2019-01-22 09:07:24 +01:00
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
default: p = NULL; break;
|
|
|
|
|
}
|
|
|
|
|
return p;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
static void
|
|
|
|
|
set_opt_session_env (const char *name, const char *value)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
|
|
|
|
|
err = session_env_setenv (opt.session_env, name, value);
|
|
|
|
|
if (err)
|
|
|
|
|
log_fatal ("error setting session environment: %s\n",
|
|
|
|
|
gpg_strerror (err));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
|
|
|
|
/* Command line parsing. */
|
2019-01-31 18:57:16 +01:00
|
|
|
|
static void
|
2020-02-21 20:28:47 +01:00
|
|
|
|
parse_arguments (gpgrt_argparse_t *pargs, gpgrt_opt_t *popts)
|
2019-01-22 09:07:24 +01:00
|
|
|
|
{
|
2020-02-21 20:28:47 +01:00
|
|
|
|
while (gpgrt_argparse (NULL, pargs, popts))
|
2019-01-22 09:07:24 +01:00
|
|
|
|
{
|
|
|
|
|
switch (pargs->r_opt)
|
|
|
|
|
{
|
|
|
|
|
case oQuiet: opt.quiet = 1; break;
|
|
|
|
|
case oVerbose: opt.verbose++; break;
|
|
|
|
|
case oDebug:
|
|
|
|
|
if (parse_debug_flag (pargs->r.ret_str, &opt.debug, debug_flags))
|
|
|
|
|
{
|
|
|
|
|
pargs->r_opt = ARGPARSE_INVALID_ARG;
|
|
|
|
|
pargs->err = ARGPARSE_PRINT_ERROR;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
2024-02-27 10:35:46 +01:00
|
|
|
|
case oGpgProgram:
|
|
|
|
|
opt.gpg_program = make_filename (pargs->r.ret_str, NULL);
|
|
|
|
|
break;
|
|
|
|
|
case oGpgsmProgram:
|
|
|
|
|
opt.gpgsm_program = make_filename (pargs->r.ret_str, NULL);
|
|
|
|
|
break;
|
|
|
|
|
case oAgentProgram:
|
|
|
|
|
opt.agent_program = make_filename (pargs->r.ret_str, NULL);
|
|
|
|
|
break;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
2019-01-22 09:07:24 +01:00
|
|
|
|
case oStatusFD:
|
2023-06-27 07:44:01 +02:00
|
|
|
|
gnupg_set_status_fd (translate_sys2libc_fd_int (pargs->r.ret_int, 1));
|
2019-01-22 09:07:24 +01:00
|
|
|
|
break;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
|
|
|
|
case oWithColons: opt.with_colons = 1; break;
|
|
|
|
|
case oNoAutostart: opt.autostart = 0; break;
|
|
|
|
|
|
|
|
|
|
case oDisplay: set_opt_session_env ("DISPLAY", pargs->r.ret_str); break;
|
|
|
|
|
case oTTYname: set_opt_session_env ("GPG_TTY", pargs->r.ret_str); break;
|
|
|
|
|
case oTTYtype: set_opt_session_env ("TERM", pargs->r.ret_str); break;
|
|
|
|
|
case oXauthority: set_opt_session_env ("XAUTHORITY",
|
|
|
|
|
pargs->r.ret_str); break;
|
|
|
|
|
case oLCctype: opt.lc_ctype = pargs->r.ret_str; break;
|
|
|
|
|
case oLCmessages: opt.lc_messages = pargs->r.ret_str; break;
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2020-02-12 11:16:41 +01:00
|
|
|
|
case oNoKeyLookup: opt.no_key_lookup = 1; break;
|
2020-07-02 15:47:57 +02:00
|
|
|
|
case oNoHistory: opt.no_history = 1; break;
|
2020-02-12 11:16:41 +01:00
|
|
|
|
|
2020-08-14 12:19:11 +02:00
|
|
|
|
case oChUid: changeuser = pargs->r.ret_str; break;
|
|
|
|
|
|
2019-01-22 09:07:24 +01:00
|
|
|
|
default: pargs->err = 2; break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2019-02-25 09:28:22 +01:00
|
|
|
|
/* gpg-card main. */
|
2019-01-22 09:07:24 +01:00
|
|
|
|
int
|
|
|
|
|
main (int argc, char **argv)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
2020-02-21 20:28:47 +01:00
|
|
|
|
gpgrt_argparse_t pargs;
|
2019-01-31 18:57:16 +01:00
|
|
|
|
char **command_list = NULL;
|
|
|
|
|
int cmdidx;
|
|
|
|
|
char *command;
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2019-02-25 09:28:22 +01:00
|
|
|
|
gnupg_reopen_std ("gpg-card");
|
2020-02-21 20:28:47 +01:00
|
|
|
|
gpgrt_set_strusage (my_strusage);
|
2019-01-22 09:07:24 +01:00
|
|
|
|
gnupg_rl_initialize ();
|
2019-02-25 09:28:22 +01:00
|
|
|
|
log_set_prefix ("gpg-card", GPGRT_LOG_WITH_PREFIX);
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
|
|
|
|
/* Make sure that our subsystems are ready. */
|
|
|
|
|
i18n_init();
|
|
|
|
|
init_common_subsystems (&argc, &argv);
|
|
|
|
|
|
|
|
|
|
assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
|
|
|
|
|
setup_libassuan_logging (&opt.debug, NULL);
|
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
/* Setup default options. */
|
|
|
|
|
opt.autostart = 1;
|
|
|
|
|
opt.session_env = session_env_new ();
|
|
|
|
|
if (!opt.session_env)
|
|
|
|
|
log_fatal ("error allocating session environment block: %s\n",
|
|
|
|
|
gpg_strerror (gpg_error_from_syserror ()));
|
|
|
|
|
|
|
|
|
|
|
2019-01-22 09:07:24 +01:00
|
|
|
|
/* Parse the command line. */
|
|
|
|
|
pargs.argc = &argc;
|
|
|
|
|
pargs.argv = &argv;
|
|
|
|
|
pargs.flags = ARGPARSE_FLAG_KEEP;
|
2019-01-31 18:57:16 +01:00
|
|
|
|
parse_arguments (&pargs, opts);
|
2020-02-21 20:28:47 +01:00
|
|
|
|
gpgrt_argparse (NULL, &pargs, NULL); /* Release internal state. */
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2020-08-14 12:19:11 +02:00
|
|
|
|
if (changeuser && gnupg_chuid (changeuser, 0))
|
|
|
|
|
log_inc_errorcount (); /* Force later termination. */
|
|
|
|
|
|
2019-01-22 09:07:24 +01:00
|
|
|
|
if (log_get_errorcount (0))
|
|
|
|
|
exit (2);
|
|
|
|
|
|
2022-08-22 12:01:55 +02:00
|
|
|
|
/* Process common component options. */
|
2022-09-21 09:39:48 +02:00
|
|
|
|
gpgrt_set_confdir (GPGRT_CONFDIR_SYS, gnupg_sysconfdir ());
|
|
|
|
|
gpgrt_set_confdir (GPGRT_CONFDIR_USER, gnupg_homedir ());
|
2022-08-22 12:01:55 +02:00
|
|
|
|
if (parse_comopt (GNUPG_MODULE_NAME_CARD, opt.debug))
|
|
|
|
|
{
|
|
|
|
|
gnupg_status_printf (STATUS_FAILURE, "option-parser %u",
|
|
|
|
|
gpg_error (GPG_ERR_GENERAL));
|
|
|
|
|
exit(2);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (comopt.no_autostart)
|
|
|
|
|
opt.autostart = 0;
|
|
|
|
|
|
2019-01-22 09:07:24 +01:00
|
|
|
|
/* Set defaults for non given options. */
|
|
|
|
|
if (!opt.gpg_program)
|
2024-03-12 16:04:19 +01:00
|
|
|
|
opt.gpg_program = xstrdup (gnupg_module_name (GNUPG_MODULE_NAME_GPG));
|
2019-01-22 09:07:24 +01:00
|
|
|
|
if (!opt.gpgsm_program)
|
2024-03-12 16:04:19 +01:00
|
|
|
|
opt.gpgsm_program = xstrdup (gnupg_module_name (GNUPG_MODULE_NAME_GPGSM));
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2019-01-31 18:57:16 +01:00
|
|
|
|
/* Now build the list of commands. We guess the size of the array
|
|
|
|
|
* by assuming each item is a complete command. Obviously this will
|
|
|
|
|
* be rarely the case, but it is less code to allocate a possible
|
|
|
|
|
* too large array. */
|
|
|
|
|
command_list = xcalloc (argc+1, sizeof *command_list);
|
|
|
|
|
cmdidx = 0;
|
|
|
|
|
command = NULL;
|
|
|
|
|
while (argc)
|
2019-01-22 09:07:24 +01:00
|
|
|
|
{
|
2019-01-31 18:57:16 +01:00
|
|
|
|
for ( ; argc && strcmp (*argv, "--"); argc--, argv++)
|
|
|
|
|
{
|
|
|
|
|
if (!command)
|
|
|
|
|
command = xstrdup (*argv);
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
char *tmp = xstrconcat (command, " ", *argv, NULL);
|
|
|
|
|
xfree (command);
|
|
|
|
|
command = tmp;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (argc)
|
|
|
|
|
{ /* Skip the double dash. */
|
|
|
|
|
argc--;
|
|
|
|
|
argv++;
|
|
|
|
|
}
|
|
|
|
|
if (command)
|
|
|
|
|
{
|
|
|
|
|
command_list[cmdidx++] = command;
|
|
|
|
|
command = NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
opt.interactive = !cmdidx;
|
2019-01-30 15:01:34 +01:00
|
|
|
|
|
2020-07-02 15:47:57 +02:00
|
|
|
|
if (!opt.interactive)
|
|
|
|
|
opt.no_history = 1;
|
|
|
|
|
|
2019-01-31 18:57:16 +01:00
|
|
|
|
if (opt.interactive)
|
|
|
|
|
{
|
2019-01-22 09:07:24 +01:00
|
|
|
|
interactive_loop ();
|
|
|
|
|
err = 0;
|
|
|
|
|
}
|
2019-01-31 18:57:16 +01:00
|
|
|
|
else
|
|
|
|
|
{
|
2019-02-07 16:28:03 +01:00
|
|
|
|
struct card_info_s info_buffer = { 0 };
|
2019-01-31 18:57:16 +01:00
|
|
|
|
card_info_t info = &info_buffer;
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2019-01-31 18:57:16 +01:00
|
|
|
|
err = 0;
|
|
|
|
|
for (cmdidx=0; (command = command_list[cmdidx]); cmdidx++)
|
|
|
|
|
{
|
|
|
|
|
err = dispatch_command (info, command);
|
|
|
|
|
if (err)
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_EOF)
|
|
|
|
|
err = 0; /* This was a "quit". */
|
|
|
|
|
else if (command && !opt.quiet)
|
|
|
|
|
log_info ("stopped at command '%s'\n", command);
|
|
|
|
|
}
|
2019-01-30 17:48:41 +01:00
|
|
|
|
|
2019-01-31 18:57:16 +01:00
|
|
|
|
flush_keyblock_cache ();
|
|
|
|
|
if (command_list)
|
|
|
|
|
{
|
|
|
|
|
for (cmdidx=0; command_list[cmdidx]; cmdidx++)
|
|
|
|
|
xfree (command_list[cmdidx]);
|
|
|
|
|
xfree (command_list);
|
|
|
|
|
}
|
2019-01-22 09:07:24 +01:00
|
|
|
|
if (err)
|
|
|
|
|
gnupg_status_printf (STATUS_FAILURE, "- %u", err);
|
|
|
|
|
else if (log_get_errorcount (0))
|
|
|
|
|
gnupg_status_printf (STATUS_FAILURE, "- %u", GPG_ERR_GENERAL);
|
|
|
|
|
else
|
|
|
|
|
gnupg_status_printf (STATUS_SUCCESS, NULL);
|
|
|
|
|
return log_get_errorcount (0)? 1:0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2021-03-30 17:28:45 +02:00
|
|
|
|
/* Return S or the string "[none]" if S is NULL. */
|
|
|
|
|
static GPGRT_INLINE const char *
|
|
|
|
|
nullnone (const char *s)
|
|
|
|
|
{
|
|
|
|
|
return s? s: "[none]";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
/* Read data from file FNAME up to MAX_GET_DATA_FROM_FILE characters.
|
|
|
|
|
* On error return an error code and stores NULL at R_BUFFER; on
|
2019-01-31 16:06:47 +01:00
|
|
|
|
* success returns 0 and stores the number of bytes read at R_BUFLEN
|
|
|
|
|
* and the address of a newly allocated buffer at R_BUFFER. A
|
|
|
|
|
* complementary nul byte is always appended to the data but not
|
|
|
|
|
* counted; this allows one to pass NULL for R-BUFFER and consider the
|
|
|
|
|
* returned data as a string. */
|
2019-01-27 20:12:00 +01:00
|
|
|
|
static gpg_error_t
|
|
|
|
|
get_data_from_file (const char *fname, char **r_buffer, size_t *r_buflen)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
estream_t fp;
|
|
|
|
|
char *data;
|
|
|
|
|
int n;
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
*r_buffer = NULL;
|
2019-01-31 16:06:47 +01:00
|
|
|
|
if (r_buflen)
|
|
|
|
|
*r_buflen = 0;
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
fp = es_fopen (fname, "rb");
|
|
|
|
|
if (!fp)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
|
log_error (_("can't open '%s': %s\n"), fname, gpg_strerror (err));
|
|
|
|
|
return err;
|
|
|
|
|
}
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
data = xtrymalloc (MAX_GET_DATA_FROM_FILE);
|
|
|
|
|
if (!data)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
|
log_error (_("error allocating enough memory: %s\n"), gpg_strerror (err));
|
|
|
|
|
es_fclose (fp);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2019-01-31 16:06:47 +01:00
|
|
|
|
n = es_fread (data, 1, MAX_GET_DATA_FROM_FILE - 1, fp);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
es_fclose (fp);
|
|
|
|
|
if (n < 0)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
|
tty_printf (_("error reading '%s': %s\n"), fname, gpg_strerror (err));
|
|
|
|
|
xfree (data);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
2019-01-31 16:06:47 +01:00
|
|
|
|
data[n] = 0;
|
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
*r_buffer = data;
|
2019-01-31 16:06:47 +01:00
|
|
|
|
if (r_buflen)
|
|
|
|
|
*r_buflen = n;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
return 0;
|
2019-01-22 09:07:24 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2020-06-30 14:36:44 +02:00
|
|
|
|
/* Fixup the ENODEV error from scdaemon which we may see after
|
|
|
|
|
* removing a card due to scdaemon scanning for readers with cards.
|
|
|
|
|
* We also map the CAERD REMOVED error to the more useful CARD_NOT
|
|
|
|
|
* PRESENT. */
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
fixup_scd_errors (gpg_error_t err)
|
|
|
|
|
{
|
|
|
|
|
if ((gpg_err_code (err) == GPG_ERR_ENODEV
|
|
|
|
|
|| gpg_err_code (err) == GPG_ERR_CARD_REMOVED)
|
|
|
|
|
&& gpg_err_source (err) == GPG_ERR_SOURCE_SCD)
|
|
|
|
|
err = gpg_error (GPG_ERR_CARD_NOT_PRESENT);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Set the card removed flag from INFO depending on ERR. This does
|
|
|
|
|
* not clear the flag. */
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
maybe_set_card_removed (card_info_t info, gpg_error_t err)
|
|
|
|
|
{
|
|
|
|
|
if ((gpg_err_code (err) == GPG_ERR_ENODEV
|
|
|
|
|
|| gpg_err_code (err) == GPG_ERR_CARD_REMOVED)
|
|
|
|
|
&& gpg_err_source (err) == GPG_ERR_SOURCE_SCD)
|
|
|
|
|
info->card_removed = 1;
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
/* Write LENGTH bytes from BUFFER to file FNAME. Return 0 on
|
|
|
|
|
* success. */
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
put_data_to_file (const char *fname, const void *buffer, size_t length)
|
2019-01-22 09:07:24 +01:00
|
|
|
|
{
|
2019-01-27 20:12:00 +01:00
|
|
|
|
gpg_error_t err;
|
|
|
|
|
estream_t fp;
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
fp = es_fopen (fname, "wb");
|
|
|
|
|
if (!fp)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
|
log_error (_("can't create '%s': %s\n"), fname, gpg_strerror (err));
|
|
|
|
|
return err;
|
|
|
|
|
}
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
if (length && es_fwrite (buffer, length, 1, fp) != 1)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
|
log_error (_("error writing '%s': %s\n"), fname, gpg_strerror (err));
|
|
|
|
|
es_fclose (fp);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
if (es_fclose (fp))
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
|
log_error (_("error writing '%s': %s\n"), fname, gpg_strerror (err));
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
2019-01-22 09:07:24 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-03-28 14:46:05 +01:00
|
|
|
|
/* Return a malloced string with the number opf the menu PROMPT.
|
|
|
|
|
* Control-D is mapped to "Q". */
|
|
|
|
|
static char *
|
|
|
|
|
get_selection (const char *prompt)
|
|
|
|
|
{
|
|
|
|
|
char *answer;
|
|
|
|
|
|
|
|
|
|
tty_printf ("\n");
|
|
|
|
|
tty_printf ("%s", prompt);
|
|
|
|
|
tty_printf ("\n");
|
|
|
|
|
answer = tty_get (_("Your selection? "));
|
|
|
|
|
tty_kill_prompt ();
|
|
|
|
|
if (*answer == CONTROL_D)
|
|
|
|
|
strcpy (answer, "q");
|
|
|
|
|
return answer;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
|
|
|
|
/* Simply prints TEXT to the output. Returns 0 as a convenience.
|
Spelling cleanup.
No functional changes, just fixing minor spelling issues.
---
Most of these were identified from the command line by running:
codespell \
--ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \
--skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \
doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \
NEWS README README.maint TODO
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-02-18 15:34:42 +01:00
|
|
|
|
* This is a separate function so that it can be extended to run
|
2019-01-27 20:12:00 +01:00
|
|
|
|
* less(1) or so. The extra arguments are int values terminated by a
|
|
|
|
|
* 0 to indicate card application types supported with this command.
|
Spelling cleanup.
No functional changes, just fixing minor spelling issues.
---
Most of these were identified from the command line by running:
codespell \
--ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \
--skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \
doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \
NEWS README README.maint TODO
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-02-18 15:34:42 +01:00
|
|
|
|
* If none are given (just the final 0), this is a general
|
2019-01-27 20:12:00 +01:00
|
|
|
|
* command. */
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
print_help (const char *text, ...)
|
2019-01-22 09:07:24 +01:00
|
|
|
|
{
|
2019-01-31 18:57:16 +01:00
|
|
|
|
estream_t fp;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
va_list arg_ptr;
|
|
|
|
|
int value;
|
|
|
|
|
int any = 0;
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2019-01-31 18:57:16 +01:00
|
|
|
|
fp = opt.interactive? NULL : es_stdout;
|
|
|
|
|
tty_fprintf (fp, "%s\n", text);
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
va_start (arg_ptr, text);
|
|
|
|
|
while ((value = va_arg (arg_ptr, int)))
|
|
|
|
|
{
|
|
|
|
|
if (!any)
|
2019-01-31 18:57:16 +01:00
|
|
|
|
tty_fprintf (fp, "[Supported by: ");
|
|
|
|
|
tty_fprintf (fp, "%s%s", any?", ":"", app_type_string (value));
|
2019-01-27 20:12:00 +01:00
|
|
|
|
any = 1;
|
|
|
|
|
}
|
|
|
|
|
if (any)
|
2019-01-31 18:57:16 +01:00
|
|
|
|
tty_fprintf (fp, "]\n");
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
va_end (arg_ptr);
|
|
|
|
|
return 0;
|
2019-01-22 09:07:24 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
/* Print an (OpenPGP) fingerprint. */
|
2019-01-22 09:07:24 +01:00
|
|
|
|
static void
|
2019-01-27 20:12:00 +01:00
|
|
|
|
print_shax_fpr (estream_t fp, const unsigned char *fpr, unsigned int fprlen)
|
2019-01-22 09:07:24 +01:00
|
|
|
|
{
|
2019-01-27 20:12:00 +01:00
|
|
|
|
int i;
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
if (fpr)
|
|
|
|
|
{
|
2020-02-12 12:50:38 +01:00
|
|
|
|
for (i=0; i < fprlen ; i++, fpr++)
|
|
|
|
|
tty_fprintf (fp, "%02X", *fpr);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
tty_fprintf (fp, " [none]");
|
|
|
|
|
tty_fprintf (fp, "\n");
|
2019-01-22 09:07:24 +01:00
|
|
|
|
}
|
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
/* Print the keygrip GRP. */
|
2019-01-22 09:07:24 +01:00
|
|
|
|
static void
|
2024-01-16 18:05:46 +01:00
|
|
|
|
print_keygrip (estream_t fp, const unsigned char *grp, int with_lf)
|
2019-01-22 09:07:24 +01:00
|
|
|
|
{
|
2019-01-27 20:12:00 +01:00
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
for (i=0; i < 20 ; i++, grp++)
|
|
|
|
|
tty_fprintf (fp, "%02X", *grp);
|
2024-01-16 18:05:46 +01:00
|
|
|
|
if (with_lf)
|
|
|
|
|
tty_fprintf (fp, "\n");
|
2019-01-22 09:07:24 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
/* Print a string but avoid printing control characters. */
|
2019-01-22 09:07:24 +01:00
|
|
|
|
static void
|
2019-01-27 20:12:00 +01:00
|
|
|
|
print_string (estream_t fp, const char *text, const char *name)
|
2019-01-22 09:07:24 +01:00
|
|
|
|
{
|
2019-01-27 20:12:00 +01:00
|
|
|
|
tty_fprintf (fp, "%s", text);
|
|
|
|
|
|
|
|
|
|
/* FIXME: tty_printf_utf8_string2 eats everything after and
|
|
|
|
|
including an @ - e.g. when printing an url. */
|
|
|
|
|
if (name && *name)
|
|
|
|
|
{
|
|
|
|
|
if (fp)
|
|
|
|
|
print_utf8_buffer2 (fp, name, strlen (name), '\n');
|
|
|
|
|
else
|
|
|
|
|
tty_print_utf8_string2 (NULL, name, strlen (name), 0);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
tty_fprintf (fp, _("[not set]"));
|
|
|
|
|
tty_fprintf (fp, "\n");
|
2019-01-22 09:07:24 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
/* Print an ISO formatted name or "[not set]". */
|
2019-01-22 09:07:24 +01:00
|
|
|
|
static void
|
2019-01-27 20:12:00 +01:00
|
|
|
|
print_isoname (estream_t fp, const char *name)
|
2019-01-22 09:07:24 +01:00
|
|
|
|
{
|
2019-01-27 20:12:00 +01:00
|
|
|
|
if (name && *name)
|
|
|
|
|
{
|
|
|
|
|
char *p, *given, *buf;
|
|
|
|
|
|
|
|
|
|
buf = xstrdup (name);
|
|
|
|
|
given = strstr (buf, "<<");
|
|
|
|
|
for (p=buf; *p; p++)
|
|
|
|
|
if (*p == '<')
|
|
|
|
|
*p = ' ';
|
|
|
|
|
if (given && given[2])
|
|
|
|
|
{
|
|
|
|
|
*given = 0;
|
|
|
|
|
given += 2;
|
|
|
|
|
if (fp)
|
|
|
|
|
print_utf8_buffer2 (fp, given, strlen (given), '\n');
|
|
|
|
|
else
|
|
|
|
|
tty_print_utf8_string2 (NULL, given, strlen (given), 0);
|
|
|
|
|
|
|
|
|
|
if (*buf)
|
|
|
|
|
tty_fprintf (fp, " ");
|
|
|
|
|
}
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
if (fp)
|
|
|
|
|
print_utf8_buffer2 (fp, buf, strlen (buf), '\n');
|
|
|
|
|
else
|
|
|
|
|
tty_print_utf8_string2 (NULL, buf, strlen (buf), 0);
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
xfree (buf);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
tty_fprintf (fp, _("[not set]"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tty_fprintf (fp, "\n");
|
2019-01-22 09:07:24 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-01-29 08:48:53 +01:00
|
|
|
|
/* Return true if the buffer MEM of length memlen consists only of zeroes. */
|
2019-01-27 20:12:00 +01:00
|
|
|
|
static int
|
2019-01-29 08:48:53 +01:00
|
|
|
|
mem_is_zero (const char *mem, unsigned int memlen)
|
2019-01-22 09:07:24 +01:00
|
|
|
|
{
|
2019-01-27 20:12:00 +01:00
|
|
|
|
int i;
|
|
|
|
|
|
2019-01-29 08:48:53 +01:00
|
|
|
|
for (i=0; i < memlen && !mem[i]; i++)
|
2019-01-27 20:12:00 +01:00
|
|
|
|
;
|
2019-01-29 08:48:53 +01:00
|
|
|
|
return (i == memlen);
|
2019-01-22 09:07:24 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
2019-03-06 10:23:56 +01:00
|
|
|
|
/* Helper to list a single keyref. LABEL_KEYREF is a fallback key
|
|
|
|
|
* reference if no info is available; it may be NULL. */
|
2019-01-29 08:48:53 +01:00
|
|
|
|
static void
|
2020-06-30 14:36:44 +02:00
|
|
|
|
list_one_kinfo (card_info_t info, key_info_t kinfo,
|
2021-04-21 21:03:57 +02:00
|
|
|
|
const char *label_keyref, estream_t fp, int no_key_lookup,
|
|
|
|
|
int create_shadow)
|
2019-01-29 08:48:53 +01:00
|
|
|
|
{
|
2019-01-30 15:01:34 +01:00
|
|
|
|
gpg_error_t err;
|
2020-06-30 14:36:44 +02:00
|
|
|
|
key_info_t firstkinfo = info->kinfo;
|
2019-01-30 15:01:34 +01:00
|
|
|
|
keyblock_t keyblock = NULL;
|
|
|
|
|
keyblock_t kb;
|
|
|
|
|
pubkey_t pubkey;
|
|
|
|
|
userid_t uid;
|
|
|
|
|
key_info_t ki;
|
|
|
|
|
const char *s;
|
2019-02-07 20:28:43 +01:00
|
|
|
|
gcry_sexp_t s_pkey;
|
2019-02-21 12:43:07 +01:00
|
|
|
|
int any;
|
2019-01-30 15:01:34 +01:00
|
|
|
|
|
|
|
|
|
if (firstkinfo && kinfo)
|
2019-01-29 08:48:53 +01:00
|
|
|
|
{
|
|
|
|
|
tty_fprintf (fp, " ");
|
|
|
|
|
if (mem_is_zero (kinfo->grip, sizeof kinfo->grip))
|
2019-01-30 15:01:34 +01:00
|
|
|
|
{
|
|
|
|
|
tty_fprintf (fp, "[none]\n");
|
2019-03-06 10:23:56 +01:00
|
|
|
|
tty_fprintf (fp, " keyref .....: %s\n", kinfo->keyref);
|
2021-03-30 17:28:45 +02:00
|
|
|
|
if (kinfo->label)
|
|
|
|
|
tty_fprintf (fp, " label ......: %s\n", kinfo->label);
|
|
|
|
|
tty_fprintf (fp, " algorithm ..: %s\n",
|
|
|
|
|
nullnone (kinfo->keyalgo));
|
2019-01-30 15:01:34 +01:00
|
|
|
|
goto leave;
|
|
|
|
|
}
|
2019-02-21 12:43:07 +01:00
|
|
|
|
|
2024-01-16 18:05:46 +01:00
|
|
|
|
print_keygrip (fp, kinfo->grip, 1);
|
2019-02-21 12:43:07 +01:00
|
|
|
|
tty_fprintf (fp, " keyref .....: %s", kinfo->keyref);
|
|
|
|
|
if (kinfo->usage)
|
|
|
|
|
{
|
|
|
|
|
any = 0;
|
|
|
|
|
tty_fprintf (fp, " (");
|
|
|
|
|
if ((kinfo->usage & GCRY_PK_USAGE_SIGN))
|
|
|
|
|
{ tty_fprintf (fp, "sign"); any=1; }
|
|
|
|
|
if ((kinfo->usage & GCRY_PK_USAGE_CERT))
|
|
|
|
|
{ tty_fprintf (fp, "%scert", any?",":""); any=1; }
|
|
|
|
|
if ((kinfo->usage & GCRY_PK_USAGE_AUTH))
|
|
|
|
|
{ tty_fprintf (fp, "%sauth", any?",":""); any=1; }
|
|
|
|
|
if ((kinfo->usage & GCRY_PK_USAGE_ENCR))
|
|
|
|
|
{ tty_fprintf (fp, "%sencr", any?",":""); any=1; }
|
|
|
|
|
tty_fprintf (fp, ")");
|
|
|
|
|
}
|
|
|
|
|
tty_fprintf (fp, "\n");
|
|
|
|
|
|
2021-03-30 17:28:45 +02:00
|
|
|
|
if (kinfo->label)
|
|
|
|
|
tty_fprintf (fp, " label ......: %s\n", kinfo->label);
|
|
|
|
|
|
2021-04-21 21:03:57 +02:00
|
|
|
|
if (!(err = scd_readkey (kinfo->keyref, create_shadow, &s_pkey)))
|
2019-02-07 20:28:43 +01:00
|
|
|
|
{
|
2019-04-02 18:49:51 +02:00
|
|
|
|
char *tmp = pubkey_algo_string (s_pkey, NULL);
|
2021-03-30 17:28:45 +02:00
|
|
|
|
tty_fprintf (fp, " algorithm ..: %s\n", nullnone (tmp));
|
2019-02-07 20:28:43 +01:00
|
|
|
|
xfree (tmp);
|
|
|
|
|
gcry_sexp_release (s_pkey);
|
|
|
|
|
s_pkey = NULL;
|
|
|
|
|
}
|
2020-02-10 14:12:36 +01:00
|
|
|
|
else
|
|
|
|
|
{
|
2020-06-30 14:36:44 +02:00
|
|
|
|
maybe_set_card_removed (info, err);
|
2021-03-30 17:28:45 +02:00
|
|
|
|
tty_fprintf (fp, " algorithm ..: %s\n",
|
|
|
|
|
nullnone (kinfo->keyalgo));
|
2020-02-10 14:12:36 +01:00
|
|
|
|
}
|
2019-01-29 08:48:53 +01:00
|
|
|
|
|
|
|
|
|
if (kinfo->fprlen && kinfo->created)
|
|
|
|
|
{
|
2020-02-12 12:50:38 +01:00
|
|
|
|
tty_fprintf (fp, " stored fpr .: ");
|
2019-01-29 08:48:53 +01:00
|
|
|
|
print_shax_fpr (fp, kinfo->fpr, kinfo->fprlen);
|
|
|
|
|
tty_fprintf (fp, " created ....: %s\n",
|
|
|
|
|
isotimestamp (kinfo->created));
|
|
|
|
|
}
|
2020-02-12 11:16:41 +01:00
|
|
|
|
if (no_key_lookup)
|
|
|
|
|
err = 0;
|
|
|
|
|
else
|
|
|
|
|
err = get_matching_keys (kinfo->grip,
|
|
|
|
|
(GNUPG_PROTOCOL_OPENPGP | GNUPG_PROTOCOL_CMS),
|
|
|
|
|
&keyblock);
|
2019-01-30 15:01:34 +01:00
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
if (gpg_err_code (err) != GPG_ERR_NO_PUBKEY)
|
2021-02-25 17:02:49 +01:00
|
|
|
|
tty_fprintf (fp, " used for ...: [%s]\n", gpg_strerror (err));
|
2019-01-30 15:01:34 +01:00
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
for (kb = keyblock; kb; kb = kb->next)
|
|
|
|
|
{
|
|
|
|
|
tty_fprintf (fp, " used for ...: %s\n",
|
|
|
|
|
kb->protocol == GNUPG_PROTOCOL_OPENPGP? "OpenPGP" :
|
|
|
|
|
kb->protocol == GNUPG_PROTOCOL_CMS? "X.509" : "?");
|
|
|
|
|
pubkey = kb->keys;
|
|
|
|
|
if (kb->protocol == GNUPG_PROTOCOL_OPENPGP)
|
|
|
|
|
{
|
2020-02-13 14:38:08 +01:00
|
|
|
|
/* If this is not the primary key print the primary
|
|
|
|
|
* key's fingerprint or a reference to it. */
|
2020-02-12 12:50:38 +01:00
|
|
|
|
tty_fprintf (fp, " main key .: ");
|
2019-01-30 15:01:34 +01:00
|
|
|
|
for (ki=firstkinfo; ki; ki = ki->next)
|
|
|
|
|
if (pubkey->grip_valid
|
|
|
|
|
&& !memcmp (ki->grip, pubkey->grip, KEYGRIP_LEN))
|
|
|
|
|
break;
|
|
|
|
|
if (ki)
|
|
|
|
|
{
|
|
|
|
|
/* Fixme: Replace mapping by a table lookup. */
|
|
|
|
|
if (!memcmp (kinfo->grip, pubkey->grip, KEYGRIP_LEN))
|
|
|
|
|
s = "this";
|
|
|
|
|
else if (!strcmp (ki->keyref, "OPENPGP.1"))
|
|
|
|
|
s = "Signature key";
|
|
|
|
|
else if (!strcmp (ki->keyref, "OPENPGP.2"))
|
|
|
|
|
s = "Encryption key";
|
|
|
|
|
else if (!strcmp (ki->keyref, "OPENPGP.3"))
|
|
|
|
|
s = "Authentication key";
|
|
|
|
|
else
|
|
|
|
|
s = NULL;
|
|
|
|
|
if (s)
|
2020-02-12 12:50:38 +01:00
|
|
|
|
tty_fprintf (fp, "<%s>\n", s);
|
2019-01-30 15:01:34 +01:00
|
|
|
|
else
|
2020-02-12 12:50:38 +01:00
|
|
|
|
tty_fprintf (fp, "<Key %s>\n", ki->keyref);
|
2020-02-13 14:38:08 +01:00
|
|
|
|
}
|
|
|
|
|
else /* Print the primary key as fallback. */
|
|
|
|
|
print_shax_fpr (fp, pubkey->fpr, pubkey->fprlen);
|
2022-10-25 11:01:41 +02:00
|
|
|
|
}
|
|
|
|
|
if (kb->protocol == GNUPG_PROTOCOL_OPENPGP
|
|
|
|
|
|| kb->protocol == GNUPG_PROTOCOL_CMS)
|
|
|
|
|
{
|
2020-02-13 14:38:08 +01:00
|
|
|
|
/* Find the primary or subkey of that key. */
|
|
|
|
|
for (; pubkey; pubkey = pubkey->next)
|
|
|
|
|
if (pubkey->grip_valid
|
|
|
|
|
&& !memcmp (kinfo->grip, pubkey->grip, KEYGRIP_LEN))
|
|
|
|
|
break;
|
|
|
|
|
if (pubkey)
|
|
|
|
|
{
|
2020-02-12 12:50:38 +01:00
|
|
|
|
tty_fprintf (fp, " fpr ......: ");
|
|
|
|
|
print_shax_fpr (fp, pubkey->fpr, pubkey->fprlen);
|
|
|
|
|
tty_fprintf (fp, " created ..: %s\n",
|
|
|
|
|
isotimestamp (pubkey->created));
|
2019-01-30 15:01:34 +01:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
for (uid = kb->uids; uid; uid = uid->next)
|
|
|
|
|
{
|
|
|
|
|
print_string (fp, " user id ..: ", uid->value);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
2019-01-29 08:48:53 +01:00
|
|
|
|
}
|
|
|
|
|
else
|
2019-03-06 10:23:56 +01:00
|
|
|
|
{
|
|
|
|
|
tty_fprintf (fp, " [none]\n");
|
|
|
|
|
if (label_keyref)
|
|
|
|
|
tty_fprintf (fp, " keyref .....: %s\n", label_keyref);
|
2020-02-10 14:12:36 +01:00
|
|
|
|
if (kinfo)
|
2021-03-30 17:28:45 +02:00
|
|
|
|
tty_fprintf (fp, " algorithm ..: %s\n",
|
|
|
|
|
nullnone (kinfo->keyalgo));
|
2019-03-06 10:23:56 +01:00
|
|
|
|
}
|
2019-01-30 15:01:34 +01:00
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
release_keyblock (keyblock);
|
2019-01-29 08:48:53 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2024-05-06 09:48:20 +02:00
|
|
|
|
/* Return the retired key number if KEYREF is for a retired key; 0 if
|
|
|
|
|
* not. */
|
|
|
|
|
static int
|
|
|
|
|
piv_keyref_is_retired (const char *keyref)
|
|
|
|
|
{
|
|
|
|
|
if (!strncmp (keyref, "PIV.8", 5)
|
|
|
|
|
&& keyref[5] >= '2' && hexdigitp (keyref + 5))
|
|
|
|
|
return xtoi_1 (keyref+5) - 1;
|
|
|
|
|
else if (!strncmp (keyref, "PIV.9", 5)
|
|
|
|
|
&& keyref[5] >= '0' && keyref[5] <= '5')
|
|
|
|
|
return atoi_1 (keyref+5) + 15;
|
|
|
|
|
else
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-29 08:48:53 +01:00
|
|
|
|
/* List all keyinfo in INFO using the list of LABELS. */
|
|
|
|
|
static void
|
2020-02-12 11:16:41 +01:00
|
|
|
|
list_all_kinfo (card_info_t info, keyinfolabel_t labels, estream_t fp,
|
2021-04-21 21:03:57 +02:00
|
|
|
|
int no_key_lookup, int create_shadow)
|
2019-01-29 08:48:53 +01:00
|
|
|
|
{
|
|
|
|
|
key_info_t kinfo;
|
2020-06-30 14:36:44 +02:00
|
|
|
|
int idx, i, j;
|
2024-05-06 09:48:20 +02:00
|
|
|
|
int rn;
|
2019-01-29 08:48:53 +01:00
|
|
|
|
|
|
|
|
|
/* Print the keyinfo. We first print those we known and then all
|
|
|
|
|
* remaining item. */
|
|
|
|
|
for (kinfo = info->kinfo; kinfo; kinfo = kinfo->next)
|
|
|
|
|
kinfo->xflag = 0;
|
|
|
|
|
if (labels)
|
|
|
|
|
{
|
|
|
|
|
for (idx=0; labels[idx].label; idx++)
|
|
|
|
|
{
|
|
|
|
|
tty_fprintf (fp, "%s", labels[idx].label);
|
|
|
|
|
kinfo = find_kinfo (info, labels[idx].keyref);
|
2020-06-30 14:36:44 +02:00
|
|
|
|
list_one_kinfo (info, kinfo, labels[idx].keyref,
|
2021-04-21 21:03:57 +02:00
|
|
|
|
fp, no_key_lookup, create_shadow);
|
2019-01-29 08:48:53 +01:00
|
|
|
|
if (kinfo)
|
|
|
|
|
kinfo->xflag = 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
for (kinfo = info->kinfo; kinfo; kinfo = kinfo->next)
|
|
|
|
|
{
|
|
|
|
|
if (kinfo->xflag)
|
|
|
|
|
continue;
|
2024-05-06 09:48:20 +02:00
|
|
|
|
if (info->apptype == APP_TYPE_PIV
|
|
|
|
|
&& (rn = piv_keyref_is_retired (kinfo->keyref)))
|
|
|
|
|
tty_fprintf (fp, "Key retired %2d ...", rn);
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
tty_fprintf (fp, "Key %s", kinfo->keyref);
|
|
|
|
|
for (i=4+strlen (kinfo->keyref), j=0; i < 18; i++, j=1)
|
|
|
|
|
tty_fprintf (fp, j? ".":" ");
|
|
|
|
|
}
|
2019-01-29 08:48:53 +01:00
|
|
|
|
tty_fprintf (fp, ":");
|
2021-04-21 21:03:57 +02:00
|
|
|
|
list_one_kinfo (info, kinfo, NULL, fp, no_key_lookup, create_shadow);
|
2019-01-29 08:48:53 +01:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2021-03-16 18:51:23 +01:00
|
|
|
|
static void
|
|
|
|
|
list_retry_counter (card_info_t info, estream_t fp)
|
|
|
|
|
{
|
|
|
|
|
const char *s;
|
|
|
|
|
int i;
|
|
|
|
|
|
2021-03-18 11:29:31 +01:00
|
|
|
|
if (info->chvlabels)
|
|
|
|
|
tty_fprintf (fp, "PIN labels .......: %s\n", info->chvlabels);
|
2021-03-16 18:51:23 +01:00
|
|
|
|
tty_fprintf (fp, "PIN retry counter :");
|
2021-03-18 11:29:31 +01:00
|
|
|
|
for (i=0; i < DIM (info->chvinfo) && i < info->nchvinfo; i++)
|
2021-03-16 18:51:23 +01:00
|
|
|
|
{
|
|
|
|
|
if (info->chvinfo[i] >= 0)
|
|
|
|
|
tty_fprintf (fp, " %d", info->chvinfo[i]);
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
switch (info->chvinfo[i])
|
|
|
|
|
{
|
|
|
|
|
case -1: s = "[error]"; break;
|
|
|
|
|
case -2: s = "-"; break; /* No such PIN or info not available. */
|
|
|
|
|
case -3: s = "[blocked]"; break;
|
|
|
|
|
case -4: s = "[nullpin]"; break;
|
|
|
|
|
case -5: s = "[verified]"; break;
|
|
|
|
|
default: s = "[?]"; break;
|
|
|
|
|
}
|
|
|
|
|
tty_fprintf (fp, " %s", s);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
tty_fprintf (fp, "\n");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
/* List OpenPGP card specific data. */
|
2019-01-22 09:07:24 +01:00
|
|
|
|
static void
|
2021-04-21 21:03:57 +02:00
|
|
|
|
list_openpgp (card_info_t info, estream_t fp,
|
|
|
|
|
int no_key_lookup, int create_shadow)
|
2019-01-22 09:07:24 +01:00
|
|
|
|
{
|
2019-01-29 08:48:53 +01:00
|
|
|
|
static struct keyinfolabel_s keyinfolabels[] = {
|
|
|
|
|
{ "Signature key ....:", "OPENPGP.1" },
|
|
|
|
|
{ "Encryption key....:", "OPENPGP.2" },
|
|
|
|
|
{ "Authentication key:", "OPENPGP.3" },
|
|
|
|
|
{ NULL, NULL }
|
|
|
|
|
};
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2020-10-26 05:49:23 +01:00
|
|
|
|
if (info->apptype != APP_TYPE_OPENPGP)
|
2019-01-27 20:12:00 +01:00
|
|
|
|
{
|
|
|
|
|
tty_fprintf (fp, "invalid OpenPGP card\n");
|
|
|
|
|
return;
|
|
|
|
|
}
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
tty_fprintf (fp, "Name of cardholder: ");
|
|
|
|
|
print_isoname (fp, info->disp_name);
|
|
|
|
|
|
|
|
|
|
print_string (fp, "Language prefs ...: ", info->disp_lang);
|
|
|
|
|
tty_fprintf (fp, "Salutation .......: %s\n",
|
|
|
|
|
info->disp_sex == 1? _("Mr."):
|
2019-08-22 10:23:22 +02:00
|
|
|
|
info->disp_sex == 2? _("Ms.") : "");
|
2019-01-27 20:12:00 +01:00
|
|
|
|
print_string (fp, "URL of public key : ", info->pubkey_url);
|
|
|
|
|
print_string (fp, "Login data .......: ", info->login_data);
|
|
|
|
|
if (info->private_do[0])
|
|
|
|
|
print_string (fp, "Private DO 1 .....: ", info->private_do[0]);
|
|
|
|
|
if (info->private_do[1])
|
|
|
|
|
print_string (fp, "Private DO 2 .....: ", info->private_do[1]);
|
|
|
|
|
if (info->private_do[2])
|
|
|
|
|
print_string (fp, "Private DO 3 .....: ", info->private_do[2]);
|
|
|
|
|
if (info->private_do[3])
|
|
|
|
|
print_string (fp, "Private DO 4 .....: ", info->private_do[3]);
|
|
|
|
|
if (info->cafpr1len)
|
|
|
|
|
{
|
|
|
|
|
tty_fprintf (fp, "CA fingerprint %d .:", 1);
|
|
|
|
|
print_shax_fpr (fp, info->cafpr1, info->cafpr1len);
|
|
|
|
|
}
|
|
|
|
|
if (info->cafpr2len)
|
|
|
|
|
{
|
|
|
|
|
tty_fprintf (fp, "CA fingerprint %d .:", 2);
|
|
|
|
|
print_shax_fpr (fp, info->cafpr2, info->cafpr2len);
|
|
|
|
|
}
|
|
|
|
|
if (info->cafpr3len)
|
|
|
|
|
{
|
|
|
|
|
tty_fprintf (fp, "CA fingerprint %d .:", 3);
|
|
|
|
|
print_shax_fpr (fp, info->cafpr3, info->cafpr3len);
|
|
|
|
|
}
|
|
|
|
|
tty_fprintf (fp, "Signature PIN ....: %s\n",
|
|
|
|
|
info->chv1_cached? _("not forced"): _("forced"));
|
|
|
|
|
tty_fprintf (fp, "Max. PIN lengths .: %d %d %d\n",
|
|
|
|
|
info->chvmaxlen[0], info->chvmaxlen[1], info->chvmaxlen[2]);
|
2021-03-16 18:51:23 +01:00
|
|
|
|
list_retry_counter (info, fp);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
tty_fprintf (fp, "Signature counter : %lu\n", info->sig_counter);
|
2020-05-26 16:16:24 +02:00
|
|
|
|
tty_fprintf (fp, "Capabilities .....:");
|
|
|
|
|
if (info->extcap.ki)
|
|
|
|
|
tty_fprintf (fp, " key-import");
|
|
|
|
|
if (info->extcap.aac)
|
|
|
|
|
tty_fprintf (fp, " algo-change");
|
|
|
|
|
if (info->extcap.bt)
|
|
|
|
|
tty_fprintf (fp, " button");
|
|
|
|
|
if (info->extcap.sm)
|
|
|
|
|
tty_fprintf (fp, " sm(%s)", gcry_cipher_algo_name (info->extcap.smalgo));
|
|
|
|
|
if (info->extcap.private_dos)
|
|
|
|
|
tty_fprintf (fp, " priv-data");
|
|
|
|
|
tty_fprintf (fp, "\n");
|
2019-01-27 20:12:00 +01:00
|
|
|
|
if (info->extcap.kdf)
|
|
|
|
|
{
|
|
|
|
|
tty_fprintf (fp, "KDF setting ......: %s\n",
|
|
|
|
|
info->kdf_do_enabled ? "on" : "off");
|
|
|
|
|
}
|
|
|
|
|
if (info->extcap.bt)
|
|
|
|
|
{
|
|
|
|
|
tty_fprintf (fp, "UIF setting ......: Sign=%s Decrypt=%s Auth=%s\n",
|
2020-05-26 16:16:24 +02:00
|
|
|
|
info->uif[0] ? (info->uif[0]==2? "permanent": "on") : "off",
|
|
|
|
|
info->uif[1] ? (info->uif[0]==2? "permanent": "on") : "off",
|
|
|
|
|
info->uif[2] ? (info->uif[0]==2? "permanent": "on") : "off");
|
2019-01-27 20:12:00 +01:00
|
|
|
|
}
|
2019-01-29 08:48:53 +01:00
|
|
|
|
|
2021-04-21 21:03:57 +02:00
|
|
|
|
list_all_kinfo (info, keyinfolabels, fp, no_key_lookup, create_shadow);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
2019-01-22 09:07:24 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-01-29 09:30:15 +01:00
|
|
|
|
/* List PIV card specific data. */
|
|
|
|
|
static void
|
2021-04-21 21:03:57 +02:00
|
|
|
|
list_piv (card_info_t info, estream_t fp, int no_key_lookup, int create_shadow)
|
2019-01-29 09:30:15 +01:00
|
|
|
|
{
|
|
|
|
|
static struct keyinfolabel_s keyinfolabels[] = {
|
2019-01-29 13:28:10 +01:00
|
|
|
|
{ "PIV authentication:", "PIV.9A" },
|
|
|
|
|
{ "Card authenticat. :", "PIV.9E" },
|
|
|
|
|
{ "Digital signature :", "PIV.9C" },
|
|
|
|
|
{ "Key management ...:", "PIV.9D" },
|
2019-01-29 09:30:15 +01:00
|
|
|
|
{ NULL, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
2019-01-29 13:28:10 +01:00
|
|
|
|
if (info->chvusage[0] || info->chvusage[1])
|
|
|
|
|
{
|
|
|
|
|
tty_fprintf (fp, "PIN usage policy .:");
|
|
|
|
|
if ((info->chvusage[0] & 0x40))
|
|
|
|
|
tty_fprintf (fp, " app-pin");
|
|
|
|
|
if ((info->chvusage[0] & 0x20))
|
|
|
|
|
tty_fprintf (fp, " global-pin");
|
|
|
|
|
if ((info->chvusage[0] & 0x10))
|
|
|
|
|
tty_fprintf (fp, " occ");
|
|
|
|
|
if ((info->chvusage[0] & 0x08))
|
|
|
|
|
tty_fprintf (fp, " vci");
|
|
|
|
|
if ((info->chvusage[0] & 0x08) && !(info->chvusage[0] & 0x04))
|
|
|
|
|
tty_fprintf (fp, " pairing");
|
|
|
|
|
|
|
|
|
|
if (info->chvusage[1] == 0x10)
|
|
|
|
|
tty_fprintf (fp, " primary:card");
|
|
|
|
|
else if (info->chvusage[1] == 0x20)
|
|
|
|
|
tty_fprintf (fp, " primary:global");
|
|
|
|
|
|
|
|
|
|
tty_fprintf (fp, "\n");
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-16 18:51:23 +01:00
|
|
|
|
list_retry_counter (info, fp);
|
2021-04-21 21:03:57 +02:00
|
|
|
|
list_all_kinfo (info, keyinfolabels, fp, no_key_lookup, create_shadow);
|
2019-01-29 09:30:15 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2020-05-07 19:47:07 +02:00
|
|
|
|
/* List Netkey card specific data. */
|
|
|
|
|
static void
|
2021-04-21 21:03:57 +02:00
|
|
|
|
list_nks (card_info_t info, estream_t fp, int no_key_lookup, int create_shadow)
|
2020-05-07 19:47:07 +02:00
|
|
|
|
{
|
|
|
|
|
static struct keyinfolabel_s keyinfolabels[] = {
|
|
|
|
|
{ NULL, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
2021-03-16 18:51:23 +01:00
|
|
|
|
list_retry_counter (info, fp);
|
2021-04-21 21:03:57 +02:00
|
|
|
|
list_all_kinfo (info, keyinfolabels, fp, no_key_lookup, create_shadow);
|
2020-05-07 19:47:07 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2021-02-02 12:39:13 +01:00
|
|
|
|
/* List PKCS#15 card specific data. */
|
|
|
|
|
static void
|
2021-04-21 21:03:57 +02:00
|
|
|
|
list_p15 (card_info_t info, estream_t fp, int no_key_lookup, int create_shadow)
|
2021-02-02 12:39:13 +01:00
|
|
|
|
{
|
|
|
|
|
static struct keyinfolabel_s keyinfolabels[] = {
|
|
|
|
|
{ NULL, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
2021-03-16 18:51:23 +01:00
|
|
|
|
list_retry_counter (info, fp);
|
2021-04-21 21:03:57 +02:00
|
|
|
|
list_all_kinfo (info, keyinfolabels, fp, no_key_lookup, create_shadow);
|
2021-02-02 12:39:13 +01:00
|
|
|
|
}
|
|
|
|
|
|
2020-05-07 19:47:07 +02:00
|
|
|
|
|
2019-03-05 17:40:08 +01:00
|
|
|
|
static void
|
|
|
|
|
print_a_version (estream_t fp, const char *prefix, unsigned int value)
|
|
|
|
|
{
|
|
|
|
|
unsigned int a, b, c, d;
|
|
|
|
|
a = ((value >> 24) & 0xff);
|
|
|
|
|
b = ((value >> 16) & 0xff);
|
|
|
|
|
c = ((value >> 8) & 0xff);
|
|
|
|
|
d = ((value ) & 0xff);
|
|
|
|
|
|
|
|
|
|
if (a)
|
|
|
|
|
tty_fprintf (fp, "%s %u.%u.%u.%u\n", prefix, a, b, c, d);
|
|
|
|
|
else if (b)
|
|
|
|
|
tty_fprintf (fp, "%s %u.%u.%u\n", prefix, b, c, d);
|
2020-05-07 19:47:07 +02:00
|
|
|
|
else if (c)
|
2019-03-05 17:40:08 +01:00
|
|
|
|
tty_fprintf (fp, "%s %u.%u\n", prefix, c, d);
|
2020-05-07 19:47:07 +02:00
|
|
|
|
else
|
|
|
|
|
tty_fprintf (fp, "%s %u\n", prefix, d);
|
2019-03-05 17:40:08 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2020-02-12 11:16:41 +01:00
|
|
|
|
/* Print all available information about the current card. With
|
|
|
|
|
* NO_KEY_LOOKUP the sometimes expensive listing of all matching
|
|
|
|
|
* OpenPGP and X.509 keys is not done */
|
2019-01-22 09:07:24 +01:00
|
|
|
|
static void
|
2021-04-21 21:03:57 +02:00
|
|
|
|
list_card (card_info_t info, int no_key_lookup, int create_shadow)
|
2019-01-22 09:07:24 +01:00
|
|
|
|
{
|
2019-01-31 18:57:16 +01:00
|
|
|
|
estream_t fp = opt.interactive? NULL : es_stdout;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
2021-03-30 17:28:45 +02:00
|
|
|
|
tty_fprintf (fp, "Reader ...........: %s\n", nullnone (info->reader));
|
2019-01-29 13:28:10 +01:00
|
|
|
|
if (info->cardtype)
|
|
|
|
|
tty_fprintf (fp, "Card type ........: %s\n", info->cardtype);
|
2019-03-05 17:40:08 +01:00
|
|
|
|
if (info->cardversion)
|
|
|
|
|
print_a_version (fp, "Card firmware ....:", info->cardversion);
|
2021-03-30 17:28:45 +02:00
|
|
|
|
tty_fprintf (fp, "Serial number ....: %s\n", nullnone (info->serialno));
|
2019-01-29 13:28:10 +01:00
|
|
|
|
tty_fprintf (fp, "Application type .: %s%s%s%s\n",
|
2019-01-27 20:12:00 +01:00
|
|
|
|
app_type_string (info->apptype),
|
|
|
|
|
info->apptype == APP_TYPE_UNKNOWN && info->apptypestr? "(":"",
|
|
|
|
|
info->apptype == APP_TYPE_UNKNOWN && info->apptypestr
|
|
|
|
|
? info->apptypestr:"",
|
|
|
|
|
info->apptype == APP_TYPE_UNKNOWN && info->apptypestr? ")":"");
|
2019-03-05 17:40:08 +01:00
|
|
|
|
if (info->appversion)
|
|
|
|
|
print_a_version (fp, "Version ..........:", info->appversion);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
if (info->serialno && info->dispserialno
|
|
|
|
|
&& strcmp (info->serialno, info->dispserialno))
|
2019-03-05 17:40:08 +01:00
|
|
|
|
tty_fprintf (fp, "Displayed s/n ....: %s\n", info->dispserialno);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
2020-04-03 10:00:57 +02:00
|
|
|
|
if (info->manufacturer_name && info->manufacturer_id)
|
|
|
|
|
tty_fprintf (fp, "Manufacturer .....: %s (%x)\n",
|
|
|
|
|
info->manufacturer_name, info->manufacturer_id);
|
|
|
|
|
else if (info->manufacturer_name && !info->manufacturer_id)
|
|
|
|
|
tty_fprintf (fp, "Manufacturer .....: %s\n", info->manufacturer_name);
|
|
|
|
|
else if (info->manufacturer_id)
|
|
|
|
|
tty_fprintf (fp, "Manufacturer .....: (%x)\n", info->manufacturer_id);
|
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
switch (info->apptype)
|
|
|
|
|
{
|
2021-04-21 21:03:57 +02:00
|
|
|
|
case APP_TYPE_OPENPGP:
|
|
|
|
|
list_openpgp (info, fp, no_key_lookup, create_shadow);
|
|
|
|
|
break;
|
|
|
|
|
case APP_TYPE_PIV:
|
|
|
|
|
list_piv (info, fp, no_key_lookup, create_shadow);
|
|
|
|
|
break;
|
|
|
|
|
case APP_TYPE_NKS:
|
|
|
|
|
list_nks (info, fp, no_key_lookup, create_shadow);
|
|
|
|
|
break;
|
|
|
|
|
case APP_TYPE_P15:
|
|
|
|
|
list_p15 (info, fp, no_key_lookup, create_shadow);
|
|
|
|
|
break;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
default: break;
|
|
|
|
|
}
|
2019-01-22 09:07:24 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-04-03 10:27:08 +02:00
|
|
|
|
|
2020-02-18 20:12:46 +01:00
|
|
|
|
/* Helper for cmd_list. */
|
|
|
|
|
static void
|
|
|
|
|
print_card_list (estream_t fp, card_info_t info, strlist_t cards,
|
|
|
|
|
int only_current)
|
|
|
|
|
{
|
|
|
|
|
int count;
|
|
|
|
|
strlist_t sl;
|
|
|
|
|
size_t snlen;
|
|
|
|
|
int star;
|
|
|
|
|
const char *s;
|
|
|
|
|
|
|
|
|
|
for (count = 0, sl = cards; sl; sl = sl->next, count++)
|
|
|
|
|
{
|
|
|
|
|
if (info && info->serialno)
|
|
|
|
|
{
|
|
|
|
|
s = strchr (sl->d, ' ');
|
|
|
|
|
if (s)
|
|
|
|
|
snlen = s - sl->d;
|
|
|
|
|
else
|
|
|
|
|
snlen = strlen (sl->d);
|
|
|
|
|
star = (strlen (info->serialno) == snlen
|
|
|
|
|
&& !memcmp (info->serialno, sl->d, snlen));
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
star = 0;
|
|
|
|
|
if (!only_current || star)
|
|
|
|
|
tty_fprintf (fp, "%d%c %s\n", count, star? '*':' ', sl->d);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2020-01-16 21:28:45 +01:00
|
|
|
|
/* The LIST command. This also updates INFO if needed. */
|
2019-04-03 10:27:08 +02:00
|
|
|
|
static gpg_error_t
|
|
|
|
|
cmd_list (card_info_t info, char *argstr)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
2021-04-01 10:34:06 +02:00
|
|
|
|
int opt_cards, opt_apps, opt_info, opt_reread, opt_no_key_lookup;
|
2021-04-21 21:03:57 +02:00
|
|
|
|
int opt_shadow;
|
2019-04-03 10:27:08 +02:00
|
|
|
|
strlist_t cards = NULL;
|
|
|
|
|
strlist_t sl;
|
|
|
|
|
estream_t fp = opt.interactive? NULL : es_stdout;
|
2020-02-18 20:12:46 +01:00
|
|
|
|
const char *cardsn = NULL;
|
2020-01-16 21:28:45 +01:00
|
|
|
|
char *appstr = NULL;
|
|
|
|
|
int count;
|
|
|
|
|
int need_learn = 0;
|
2019-04-03 10:27:08 +02:00
|
|
|
|
|
|
|
|
|
if (!info)
|
|
|
|
|
return print_help
|
2021-04-21 21:03:57 +02:00
|
|
|
|
("LIST [--cards] [--apps] [--info] [--reread] [--shadow]"
|
2021-04-01 10:34:06 +02:00
|
|
|
|
" [--no-key-lookup] [N] [APP]\n\n"
|
2020-01-16 21:28:45 +01:00
|
|
|
|
"Show the content of the current card.\n"
|
2020-02-18 20:12:46 +01:00
|
|
|
|
"With N given select and list the N-th card;\n"
|
2020-01-16 21:28:45 +01:00
|
|
|
|
"with APP also given select that application.\n"
|
|
|
|
|
"To select an APP on the current card use '-' for N.\n"
|
2020-02-18 20:12:46 +01:00
|
|
|
|
"The S/N of the card may be used instead of N.\n"
|
2021-04-21 21:03:57 +02:00
|
|
|
|
" --cards list available cards\n"
|
|
|
|
|
" --apps list additional card applications\n"
|
|
|
|
|
" --info select a card and prints its s/n\n"
|
2021-04-01 10:34:06 +02:00
|
|
|
|
" --reread read infos from PCKS#15 cards again\n"
|
2021-04-21 21:03:57 +02:00
|
|
|
|
" --shadow create shadow keys for all card keys\n"
|
|
|
|
|
" --no-key-lookup do not list matching OpenPGP or X.509 keys\n"
|
2020-02-12 11:16:41 +01:00
|
|
|
|
, 0);
|
2019-04-03 10:27:08 +02:00
|
|
|
|
|
|
|
|
|
opt_cards = has_leading_option (argstr, "--cards");
|
2020-01-16 21:28:45 +01:00
|
|
|
|
opt_apps = has_leading_option (argstr, "--apps");
|
2020-02-18 20:12:46 +01:00
|
|
|
|
opt_info = has_leading_option (argstr, "--info");
|
2021-04-01 10:34:06 +02:00
|
|
|
|
opt_reread = has_leading_option (argstr, "--reread");
|
2021-04-21 21:03:57 +02:00
|
|
|
|
opt_shadow = has_leading_option (argstr, "--shadow");
|
2020-02-12 11:16:41 +01:00
|
|
|
|
opt_no_key_lookup = has_leading_option (argstr, "--no-key-lookup");
|
2019-04-03 10:27:08 +02:00
|
|
|
|
argstr = skip_options (argstr);
|
|
|
|
|
|
2021-04-21 21:03:57 +02:00
|
|
|
|
if (opt_shadow)
|
|
|
|
|
opt_no_key_lookup = 1;
|
|
|
|
|
|
2020-02-12 11:16:41 +01:00
|
|
|
|
if (opt.no_key_lookup)
|
|
|
|
|
opt_no_key_lookup = 1;
|
2019-04-03 10:27:08 +02:00
|
|
|
|
|
2020-02-18 20:12:46 +01:00
|
|
|
|
if (hexdigitp (argstr) || (*argstr == '-' && spacep (argstr+1)))
|
2019-04-03 10:27:08 +02:00
|
|
|
|
{
|
2020-01-16 21:28:45 +01:00
|
|
|
|
if (*argstr == '-' && (argstr[1] || spacep (argstr+1)))
|
|
|
|
|
argstr++; /* Keep current card. */
|
|
|
|
|
else
|
|
|
|
|
{
|
2020-02-18 20:12:46 +01:00
|
|
|
|
cardsn = argstr;
|
|
|
|
|
while (hexdigitp (argstr))
|
2020-01-16 21:28:45 +01:00
|
|
|
|
argstr++;
|
2020-02-18 20:12:46 +01:00
|
|
|
|
if (*argstr && !spacep (argstr))
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_INV_ARG);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
if (*argstr)
|
|
|
|
|
*argstr++ = 0;
|
2020-01-16 21:28:45 +01:00
|
|
|
|
}
|
2020-02-18 20:12:46 +01:00
|
|
|
|
|
2019-04-03 10:27:08 +02:00
|
|
|
|
while (spacep (argstr))
|
|
|
|
|
argstr++;
|
2020-01-16 21:28:45 +01:00
|
|
|
|
if (*argstr)
|
|
|
|
|
{
|
|
|
|
|
appstr = argstr;
|
|
|
|
|
while (*argstr && !spacep (argstr))
|
|
|
|
|
argstr++;
|
|
|
|
|
while (spacep (argstr))
|
|
|
|
|
argstr++;
|
|
|
|
|
if (*argstr)
|
|
|
|
|
{
|
|
|
|
|
/* Extra arguments found. */
|
|
|
|
|
err = gpg_error (GPG_ERR_INV_ARG);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else if (*argstr)
|
|
|
|
|
{
|
|
|
|
|
/* First argument needs to be a digit. */
|
|
|
|
|
err = gpg_error (GPG_ERR_INV_ARG);
|
|
|
|
|
goto leave;
|
2019-04-03 10:27:08 +02:00
|
|
|
|
}
|
|
|
|
|
|
2020-05-27 11:27:32 +02:00
|
|
|
|
if (!info->serialno || info->need_sn_cmd)
|
2019-04-03 10:27:08 +02:00
|
|
|
|
{
|
2022-12-15 15:13:54 +01:00
|
|
|
|
/* This is probably the first call or was explicitly requested.
|
2020-05-27 11:27:32 +02:00
|
|
|
|
* We need to send a SERIALNO command to scdaemon so that our
|
|
|
|
|
* session knows all cards. */
|
2020-01-16 21:28:45 +01:00
|
|
|
|
err = scd_serialno (NULL, NULL);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
2020-05-27 11:27:32 +02:00
|
|
|
|
info->need_sn_cmd = 0;
|
2020-01-16 21:28:45 +01:00
|
|
|
|
need_learn = 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (opt_cards || opt_apps)
|
|
|
|
|
{
|
|
|
|
|
/* Note that with option --apps CARDS is here the list of all
|
|
|
|
|
* apps. Format is "SERIALNO APPNAME {APPNAME}". We print the
|
|
|
|
|
* card number in the first column. */
|
|
|
|
|
if (opt_apps)
|
|
|
|
|
err = scd_applist (&cards, opt_cards);
|
|
|
|
|
else
|
|
|
|
|
err = scd_cardlist (&cards);
|
2019-04-03 10:27:08 +02:00
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
2020-02-18 20:12:46 +01:00
|
|
|
|
print_card_list (fp, info, cards, 0);
|
2019-04-03 10:27:08 +02:00
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2020-02-18 20:12:46 +01:00
|
|
|
|
if (cardsn)
|
2019-04-03 10:27:08 +02:00
|
|
|
|
{
|
2020-02-18 20:12:46 +01:00
|
|
|
|
int i, cardno;
|
|
|
|
|
|
2019-04-03 10:27:08 +02:00
|
|
|
|
err = scd_cardlist (&cards);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
2020-02-18 20:12:46 +01:00
|
|
|
|
|
|
|
|
|
/* Switch to the requested card. */
|
|
|
|
|
for (i=0; digitp (cardsn+i); i++)
|
|
|
|
|
;
|
|
|
|
|
if (i && i < 4 && !cardsn[i])
|
|
|
|
|
{ /* Looks like an index into the card list. */
|
|
|
|
|
cardno = atoi (cardsn);
|
|
|
|
|
for (count = 0, sl = cards; sl; sl = sl->next, count++)
|
|
|
|
|
if (count == cardno)
|
|
|
|
|
break;
|
|
|
|
|
if (!sl)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_INV_INDEX);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else /* S/N of card specified. */
|
2019-04-03 10:27:08 +02:00
|
|
|
|
{
|
2020-02-18 20:12:46 +01:00
|
|
|
|
for (sl = cards; sl; sl = sl->next)
|
|
|
|
|
if (!ascii_strcasecmp (sl->d, cardsn))
|
|
|
|
|
break;
|
|
|
|
|
if (!sl)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_INV_INDEX);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
2019-04-03 10:27:08 +02:00
|
|
|
|
}
|
2020-01-16 21:28:45 +01:00
|
|
|
|
err = scd_switchcard (sl->d);
|
|
|
|
|
need_learn = 1;
|
|
|
|
|
}
|
2020-06-30 14:36:44 +02:00
|
|
|
|
else /* show app list. */
|
2020-02-18 20:12:46 +01:00
|
|
|
|
{
|
|
|
|
|
err = scd_applist (&cards, 1);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
2020-01-16 21:28:45 +01:00
|
|
|
|
|
|
|
|
|
if (appstr && *appstr)
|
|
|
|
|
{
|
|
|
|
|
/* Switch to the requested app. */
|
|
|
|
|
err = scd_switchapp (appstr);
|
2019-04-03 10:27:08 +02:00
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
2020-01-16 21:28:45 +01:00
|
|
|
|
need_learn = 1;
|
2019-04-03 10:27:08 +02:00
|
|
|
|
}
|
|
|
|
|
|
2020-01-16 21:28:45 +01:00
|
|
|
|
if (need_learn)
|
2021-04-01 10:34:06 +02:00
|
|
|
|
err = scd_learn (info, opt_reread);
|
2020-01-16 21:28:45 +01:00
|
|
|
|
else
|
|
|
|
|
err = 0;
|
2020-02-18 20:12:46 +01:00
|
|
|
|
|
|
|
|
|
if (err)
|
|
|
|
|
;
|
|
|
|
|
else if (opt_info)
|
|
|
|
|
print_card_list (fp, info, cards, 1);
|
|
|
|
|
else
|
2020-06-30 14:36:44 +02:00
|
|
|
|
{
|
|
|
|
|
size_t snlen;
|
|
|
|
|
const char *s;
|
|
|
|
|
|
|
|
|
|
/* First get the list of active cards and check whether the
|
|
|
|
|
* current card is still in the list. If not the card has
|
|
|
|
|
* been removed. Note that during the listing the card
|
|
|
|
|
* remove state might also be detected but only if an access
|
|
|
|
|
* to the scdaemon is required; it is anyway better to test
|
|
|
|
|
* that before starting a listing. */
|
|
|
|
|
free_strlist (cards);
|
|
|
|
|
err = scd_cardlist (&cards);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
for (sl = cards; sl; sl = sl->next)
|
|
|
|
|
{
|
|
|
|
|
if (info && info->serialno)
|
|
|
|
|
{
|
|
|
|
|
s = strchr (sl->d, ' ');
|
|
|
|
|
if (s)
|
|
|
|
|
snlen = s - sl->d;
|
|
|
|
|
else
|
|
|
|
|
snlen = strlen (sl->d);
|
|
|
|
|
if (strlen (info->serialno) == snlen
|
|
|
|
|
&& !memcmp (info->serialno, sl->d, snlen))
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (!sl)
|
|
|
|
|
{
|
|
|
|
|
info->need_sn_cmd = 1;
|
|
|
|
|
err = gpg_error (GPG_ERR_CARD_REMOVED);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-21 21:03:57 +02:00
|
|
|
|
list_card (info, opt_no_key_lookup, opt_shadow);
|
2020-06-30 14:36:44 +02:00
|
|
|
|
}
|
2019-04-03 10:27:08 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
free_strlist (cards);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2024-01-16 18:05:46 +01:00
|
|
|
|
|
|
|
|
|
/* The CHECKKEYS command. */
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
cmd_checkkeys (card_info_t callerinfo, char *argstr)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
estream_t fp = opt.interactive? NULL : es_stdout;
|
|
|
|
|
strlist_t cards = NULL;
|
|
|
|
|
strlist_t sl;
|
|
|
|
|
int opt_ondisk;
|
|
|
|
|
int opt_delete_clear;
|
|
|
|
|
int opt_delete_protected;
|
|
|
|
|
int delete_count = 0;
|
|
|
|
|
struct card_info_s info_buffer = { 0 };
|
|
|
|
|
card_info_t info = &info_buffer;
|
|
|
|
|
key_info_t kinfo;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (!callerinfo)
|
|
|
|
|
return print_help
|
2024-01-25 10:00:13 +01:00
|
|
|
|
("CHECKKEYS [--ondisk] [--delete-clear-copy] [--delete-protected-copy]"
|
|
|
|
|
"\n\n"
|
2024-01-16 18:05:46 +01:00
|
|
|
|
"Print a list of keys on all inserted cards. With --ondisk only\n"
|
|
|
|
|
"keys are listed which also have a copy on disk. Missing shadow\n"
|
2024-01-25 10:00:13 +01:00
|
|
|
|
"keys are created. With --delete-clear-copy, copies of keys also\n"
|
|
|
|
|
"stored on disk without any protection will be deleted.\n"
|
2024-01-16 18:05:46 +01:00
|
|
|
|
, 0);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
opt_ondisk = has_leading_option (argstr, "--ondisk");
|
|
|
|
|
opt_delete_clear = has_leading_option (argstr, "--delete-clear-copy");
|
|
|
|
|
opt_delete_protected = has_leading_option (argstr, "--delete-protected-copy");
|
|
|
|
|
argstr = skip_options (argstr);
|
|
|
|
|
|
|
|
|
|
if (*argstr)
|
|
|
|
|
{
|
|
|
|
|
/* No args expected */
|
|
|
|
|
err = gpg_error (GPG_ERR_INV_ARG);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!callerinfo->serialno)
|
|
|
|
|
{
|
|
|
|
|
/* This is probably the first call We need to send a SERIALNO
|
|
|
|
|
* command to scdaemon so that our session knows all cards. */
|
|
|
|
|
err = scd_serialno (NULL, NULL);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Get the list of all cards. */
|
|
|
|
|
err = scd_cardlist (&cards);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
|
|
|
|
|
/* Loop over all cards. We use our own info buffer here. */
|
|
|
|
|
for (sl = cards; sl; sl = sl->next)
|
|
|
|
|
{
|
|
|
|
|
err = scd_switchcard (sl->d);
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
log_error ("Error switching to card %s: %s\n",
|
|
|
|
|
sl->d, gpg_strerror (err));
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
release_card_info (info);
|
|
|
|
|
err = scd_learn (info, 0);
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
log_error ("Error getting infos from card %s: %s\n",
|
|
|
|
|
sl->d, gpg_strerror (err));
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (kinfo = info->kinfo; kinfo; kinfo = kinfo->next)
|
|
|
|
|
{
|
|
|
|
|
char *infostr;
|
|
|
|
|
|
|
|
|
|
err = scd_havekey_info (kinfo->grip, &infostr);
|
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
|
|
|
|
|
{
|
|
|
|
|
/* Create a shadow key and try again. */
|
|
|
|
|
scd_readkey (kinfo->keyref, 1, NULL);
|
|
|
|
|
err = scd_havekey_info (kinfo->grip, &infostr);
|
|
|
|
|
}
|
2024-01-25 10:00:13 +01:00
|
|
|
|
if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND)
|
2024-01-16 18:05:46 +01:00
|
|
|
|
log_error ("Error getting infos for a key: %s\n",
|
|
|
|
|
gpg_strerror (err));
|
|
|
|
|
|
2024-01-25 10:00:13 +01:00
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
|
|
|
|
|
; /* does not make sense to show this. */
|
|
|
|
|
else if (opt_ondisk && infostr && !strcmp (infostr, "shadowed"))
|
2024-01-16 18:05:46 +01:00
|
|
|
|
; /* Don't print this one. */
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
tty_fprintf (fp, "%s %s ",
|
|
|
|
|
nullnone (info->serialno),
|
|
|
|
|
app_type_string (info->apptype));
|
|
|
|
|
print_keygrip (fp, kinfo->grip, 0);
|
|
|
|
|
tty_fprintf (fp, " %s %s\n",
|
|
|
|
|
kinfo->keyref, infostr? infostr: "error");
|
|
|
|
|
}
|
|
|
|
|
if (infostr
|
|
|
|
|
&& ((opt_delete_clear && !strcmp (infostr, "clear"))
|
|
|
|
|
|| (opt_delete_protected && !strcmp (infostr, "protected"))))
|
|
|
|
|
{
|
|
|
|
|
err = scd_delete_key (kinfo->grip, 0);
|
|
|
|
|
if (err)
|
|
|
|
|
log_error ("Error deleting a key copy: %s\n",
|
|
|
|
|
gpg_strerror (err));
|
|
|
|
|
else
|
|
|
|
|
delete_count++;
|
|
|
|
|
}
|
|
|
|
|
xfree (infostr);
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-01-24 10:39:23 +01:00
|
|
|
|
es_fflush (es_stdout);
|
2024-01-16 18:05:46 +01:00
|
|
|
|
if (delete_count)
|
|
|
|
|
log_info ("Number of deleted key copies: %d\n", delete_count);
|
|
|
|
|
|
|
|
|
|
err = 0;
|
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
release_card_info (info);
|
|
|
|
|
free_strlist (cards);
|
|
|
|
|
/* Better reset to the original card. */
|
|
|
|
|
scd_learn (callerinfo, 0);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
|
|
|
|
/* The VERIFY command. */
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
cmd_verify (card_info_t info, char *argstr)
|
2019-01-22 09:07:24 +01:00
|
|
|
|
{
|
2021-03-16 18:51:23 +01:00
|
|
|
|
gpg_error_t err, err2;
|
2019-02-06 09:45:54 +01:00
|
|
|
|
const char *pinref;
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
if (!info)
|
|
|
|
|
return print_help ("verify [chvid]", 0);
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2019-02-06 09:45:54 +01:00
|
|
|
|
if (*argstr)
|
|
|
|
|
pinref = argstr;
|
|
|
|
|
else if (info->apptype == APP_TYPE_OPENPGP)
|
|
|
|
|
pinref = info->serialno;
|
|
|
|
|
else if (info->apptype == APP_TYPE_PIV)
|
|
|
|
|
pinref = "PIV.80";
|
2019-01-27 20:12:00 +01:00
|
|
|
|
else
|
2019-02-06 09:45:54 +01:00
|
|
|
|
return gpg_error (GPG_ERR_MISSING_VALUE);
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2019-02-06 09:45:54 +01:00
|
|
|
|
err = scd_checkpin (pinref);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
if (err)
|
|
|
|
|
log_error ("verify failed: %s <%s>\n",
|
|
|
|
|
gpg_strerror (err), gpg_strsource (err));
|
2021-03-16 18:51:23 +01:00
|
|
|
|
/* In any case update the CHV status, so that the next "list" shows
|
|
|
|
|
* the correct retry counter values. */
|
|
|
|
|
err2 = scd_getattr ("CHV-STATUS", info);
|
|
|
|
|
return err ? err : err2;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
}
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
|
|
|
|
|
2019-01-31 16:06:47 +01:00
|
|
|
|
static gpg_error_t
|
|
|
|
|
cmd_authenticate (card_info_t info, char *argstr)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
int opt_setkey;
|
|
|
|
|
int opt_raw;
|
|
|
|
|
char *string = NULL;
|
|
|
|
|
char *key = NULL;
|
|
|
|
|
size_t keylen;
|
|
|
|
|
|
|
|
|
|
if (!info)
|
|
|
|
|
return print_help
|
|
|
|
|
("AUTHENTICATE [--setkey] [--raw] [< FILE]|KEY\n\n"
|
Spelling cleanup.
No functional changes, just fixing minor spelling issues.
---
Most of these were identified from the command line by running:
codespell \
--ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \
--skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \
doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \
NEWS README README.maint TODO
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-02-18 15:34:42 +01:00
|
|
|
|
"Perform a mutual authentication either by reading the key\n"
|
2019-01-31 16:06:47 +01:00
|
|
|
|
"from FILE or by taking it from the command line. Without\n"
|
|
|
|
|
"the option --raw the key is expected to be hex encoded.\n"
|
|
|
|
|
"To install a new administration key --setkey is used; this\n"
|
|
|
|
|
"requires a prior authentication with the old key.",
|
|
|
|
|
APP_TYPE_PIV, 0);
|
|
|
|
|
|
|
|
|
|
if (info->apptype != APP_TYPE_PIV)
|
|
|
|
|
{
|
|
|
|
|
log_info ("Note: This is a PIV only command.\n");
|
|
|
|
|
return gpg_error (GPG_ERR_NOT_SUPPORTED);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
opt_setkey = has_leading_option (argstr, "--setkey");
|
|
|
|
|
opt_raw = has_leading_option (argstr, "--raw");
|
|
|
|
|
argstr = skip_options (argstr);
|
|
|
|
|
|
|
|
|
|
if (*argstr == '<') /* Read key from a file. */
|
|
|
|
|
{
|
|
|
|
|
for (argstr++; spacep (argstr); argstr++)
|
|
|
|
|
;
|
|
|
|
|
err = get_data_from_file (argstr, &string, NULL);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (opt_raw)
|
|
|
|
|
{
|
|
|
|
|
key = string? string : xstrdup (argstr);
|
|
|
|
|
string = NULL;
|
|
|
|
|
keylen = strlen (key);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
key = hex_to_buffer (string? string: argstr, &keylen);
|
|
|
|
|
if (!key)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
err = scd_setattr (opt_setkey? "SET-ADM-KEY":"AUTH-ADM-KEY", key, keylen);
|
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
if (key)
|
|
|
|
|
{
|
|
|
|
|
wipememory (key, keylen);
|
|
|
|
|
xfree (key);
|
|
|
|
|
}
|
|
|
|
|
xfree (string);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
/* Helper for cmd_name to qyery a part of name. */
|
|
|
|
|
static char *
|
|
|
|
|
ask_one_name (const char *prompt)
|
2019-01-22 09:07:24 +01:00
|
|
|
|
{
|
2019-01-27 20:12:00 +01:00
|
|
|
|
char *name;
|
2019-01-22 09:07:24 +01:00
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
for (;;)
|
|
|
|
|
{
|
2019-01-27 20:12:00 +01:00
|
|
|
|
name = tty_get (prompt);
|
|
|
|
|
trim_spaces (name);
|
|
|
|
|
tty_kill_prompt ();
|
|
|
|
|
if (!*name || *name == CONTROL_D)
|
2019-01-22 09:07:24 +01:00
|
|
|
|
{
|
2019-01-27 20:12:00 +01:00
|
|
|
|
if (*name == CONTROL_D)
|
|
|
|
|
tty_fprintf (NULL, "\n");
|
|
|
|
|
xfree (name);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
for (i=0; name[i] && name[i] >= ' ' && name[i] <= 126; i++)
|
|
|
|
|
;
|
|
|
|
|
|
|
|
|
|
/* The name must be in Latin-1 and not UTF-8 - lacking the code
|
|
|
|
|
* to ensure this we restrict it to ASCII. */
|
|
|
|
|
if (name[i])
|
|
|
|
|
tty_printf (_("Error: Only plain ASCII is currently allowed.\n"));
|
|
|
|
|
else if (strchr (name, '<'))
|
|
|
|
|
tty_printf (_("Error: The \"<\" character may not be used.\n"));
|
|
|
|
|
else if (strstr (name, " "))
|
|
|
|
|
tty_printf (_("Error: Double spaces are not allowed.\n"));
|
|
|
|
|
else
|
|
|
|
|
return name;
|
|
|
|
|
xfree (name);
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
/* The NAME command. */
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
cmd_name (card_info_t info, const char *argstr)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
char *surname, *givenname;
|
|
|
|
|
char *isoname, *p;
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
if (!info)
|
|
|
|
|
return print_help
|
|
|
|
|
("name [--clear]\n\n"
|
|
|
|
|
"Set the name field of an OpenPGP card. With --clear the stored\n"
|
|
|
|
|
"name is cleared off the card.", APP_TYPE_OPENPGP, APP_TYPE_NKS, 0);
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
if (info->apptype != APP_TYPE_OPENPGP)
|
|
|
|
|
{
|
|
|
|
|
log_info ("Note: This is an OpenPGP only command.\n");
|
|
|
|
|
return gpg_error (GPG_ERR_NOT_SUPPORTED);
|
|
|
|
|
}
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
again:
|
|
|
|
|
if (!strcmp (argstr, "--clear"))
|
|
|
|
|
isoname = xstrdup (" "); /* No real way to clear; set to space instead. */
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
surname = ask_one_name (_("Cardholder's surname: "));
|
|
|
|
|
givenname = ask_one_name (_("Cardholder's given name: "));
|
|
|
|
|
if (!surname || !givenname || (!*surname && !*givenname))
|
|
|
|
|
{
|
|
|
|
|
xfree (surname);
|
|
|
|
|
xfree (givenname);
|
|
|
|
|
return gpg_error (GPG_ERR_CANCELED);
|
2019-01-22 09:07:24 +01:00
|
|
|
|
}
|
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
isoname = xstrconcat (surname, "<<", givenname, NULL);
|
|
|
|
|
xfree (surname);
|
|
|
|
|
xfree (givenname);
|
|
|
|
|
for (p=isoname; *p; p++)
|
|
|
|
|
if (*p == ' ')
|
|
|
|
|
*p = '<';
|
|
|
|
|
|
|
|
|
|
if (strlen (isoname) > 39 )
|
2019-01-22 09:07:24 +01:00
|
|
|
|
{
|
2019-01-27 20:12:00 +01:00
|
|
|
|
log_info (_("Error: Combined name too long "
|
|
|
|
|
"(limit is %d characters).\n"), 39);
|
|
|
|
|
xfree (isoname);
|
|
|
|
|
goto again;
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
err = scd_setattr ("DISP-NAME", isoname, strlen (isoname));
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
xfree (isoname);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
cmd_url (card_info_t info, const char *argstr)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
char *url;
|
|
|
|
|
|
|
|
|
|
if (!info)
|
|
|
|
|
return print_help
|
|
|
|
|
("URL [--clear]\n\n"
|
|
|
|
|
"Set the URL data object. That data object can be used by\n"
|
|
|
|
|
"the FETCH command to retrieve the full public key. The\n"
|
|
|
|
|
"option --clear deletes the content of that data object.",
|
|
|
|
|
APP_TYPE_OPENPGP, 0);
|
|
|
|
|
|
|
|
|
|
if (info->apptype != APP_TYPE_OPENPGP)
|
|
|
|
|
{
|
|
|
|
|
log_info ("Note: This is an OpenPGP only command.\n");
|
|
|
|
|
return gpg_error (GPG_ERR_NOT_SUPPORTED);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!strcmp (argstr, "--clear"))
|
|
|
|
|
url = xstrdup (" "); /* No real way to clear; set to space instead. */
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
url = tty_get (_("URL to retrieve public key: "));
|
|
|
|
|
trim_spaces (url);
|
|
|
|
|
tty_kill_prompt ();
|
|
|
|
|
if (!*url || *url == CONTROL_D)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_CANCELED);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = scd_setattr ("PUBKEY-URL", url, strlen (url));
|
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
xfree (url);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Fetch the key from the URL given on the card or try to get it from
|
|
|
|
|
* the default keyserver. */
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
cmd_fetch (card_info_t info)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
2019-01-29 08:48:53 +01:00
|
|
|
|
key_info_t kinfo;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
|
|
|
|
if (!info)
|
|
|
|
|
return print_help
|
|
|
|
|
("FETCH\n\n"
|
|
|
|
|
"Retrieve a key using the URL data object or if that is missing\n"
|
|
|
|
|
"using the fingerprint.", APP_TYPE_OPENPGP, 0);
|
|
|
|
|
|
|
|
|
|
if (info->pubkey_url && *info->pubkey_url)
|
|
|
|
|
{
|
|
|
|
|
/* strlist_t sl = NULL; */
|
|
|
|
|
|
|
|
|
|
/* add_to_strlist (&sl, info.pubkey_url); */
|
|
|
|
|
/* err = keyserver_fetch (ctrl, sl, KEYORG_URL); */
|
|
|
|
|
/* free_strlist (sl); */
|
|
|
|
|
err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); /* FIXME */
|
|
|
|
|
}
|
2019-01-29 08:48:53 +01:00
|
|
|
|
else if ((kinfo = find_kinfo (info, "OPENPGP.1")) && kinfo->fprlen)
|
2019-01-27 20:12:00 +01:00
|
|
|
|
{
|
|
|
|
|
/* rc = keyserver_import_fprint (ctrl, info.fpr1, info.fpr1len, */
|
|
|
|
|
/* opt.keyserver, 0); */
|
|
|
|
|
err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); /* FIXME */
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
err = gpg_error (GPG_ERR_NO_DATA);
|
|
|
|
|
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
cmd_login (card_info_t info, char *argstr)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
char *data;
|
|
|
|
|
size_t datalen;
|
2021-03-24 14:39:59 +01:00
|
|
|
|
int use_default_pin;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
|
|
|
|
if (!info)
|
|
|
|
|
return print_help
|
2021-03-24 14:39:59 +01:00
|
|
|
|
("LOGIN [--clear|--use-default-pin] [< FILE]\n\n"
|
2019-01-27 20:12:00 +01:00
|
|
|
|
"Set the login data object. If FILE is given the data is\n"
|
|
|
|
|
"is read from that file. This allows for binary data.\n"
|
2021-03-24 14:39:59 +01:00
|
|
|
|
"The option --clear deletes the login data. --use-default-pin\n"
|
|
|
|
|
"tells the card to always use the default PIN (\"123456\").",
|
2019-01-27 20:12:00 +01:00
|
|
|
|
APP_TYPE_OPENPGP, 0);
|
|
|
|
|
|
2021-03-24 14:39:59 +01:00
|
|
|
|
use_default_pin = has_leading_option (argstr, "--use-default-pin");
|
|
|
|
|
argstr = skip_options (argstr);
|
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
if (!strcmp (argstr, "--clear"))
|
|
|
|
|
{
|
|
|
|
|
data = xstrdup (" "); /* kludge. */
|
|
|
|
|
datalen = 1;
|
|
|
|
|
}
|
|
|
|
|
else if (*argstr == '<') /* Read it from a file */
|
|
|
|
|
{
|
|
|
|
|
for (argstr++; spacep (argstr); argstr++)
|
|
|
|
|
;
|
|
|
|
|
err = get_data_from_file (argstr, &data, &datalen);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
data = tty_get (_("Login data (account name): "));
|
|
|
|
|
trim_spaces (data);
|
|
|
|
|
tty_kill_prompt ();
|
2021-03-24 14:39:59 +01:00
|
|
|
|
if ((!*data && !use_default_pin) || *data == CONTROL_D)
|
2019-01-27 20:12:00 +01:00
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_CANCELED);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
datalen = strlen (data);
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-24 14:39:59 +01:00
|
|
|
|
if (use_default_pin)
|
|
|
|
|
{
|
|
|
|
|
char *tmpdata = xmalloc (datalen + 5);
|
|
|
|
|
memcpy (tmpdata, data, datalen);
|
|
|
|
|
memcpy (tmpdata+datalen, "\n\x14" "F=3", 5);
|
|
|
|
|
xfree (data);
|
|
|
|
|
data = tmpdata;
|
|
|
|
|
datalen += 5;
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
err = scd_setattr ("LOGIN-DATA", data, datalen);
|
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
xfree (data);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
cmd_lang (card_info_t info, const char *argstr)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
char *data, *p;
|
|
|
|
|
|
|
|
|
|
if (!info)
|
|
|
|
|
return print_help
|
|
|
|
|
("LANG [--clear]\n\n"
|
|
|
|
|
"Change the language info for the card. This info can be used\n"
|
|
|
|
|
"by applications for a personalized greeting. Up to 4 two-digit\n"
|
|
|
|
|
"language identifiers can be entered as a preference. The option\n"
|
|
|
|
|
"--clear removes all identifiers. GnuPG does not use this info.",
|
|
|
|
|
APP_TYPE_OPENPGP, 0);
|
|
|
|
|
|
|
|
|
|
if (!strcmp (argstr, "--clear"))
|
|
|
|
|
data = xstrdup (" "); /* Note that we need two spaces here. */
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
again:
|
|
|
|
|
data = tty_get (_("Language preferences: "));
|
|
|
|
|
trim_spaces (data);
|
|
|
|
|
tty_kill_prompt ();
|
|
|
|
|
if (!*data || *data == CONTROL_D)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_CANCELED);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (strlen (data) > 8 || (strlen (data) & 1))
|
|
|
|
|
{
|
|
|
|
|
log_info (_("Error: invalid length of preference string.\n"));
|
|
|
|
|
xfree (data);
|
|
|
|
|
goto again;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (p=data; *p && *p >= 'a' && *p <= 'z'; p++)
|
|
|
|
|
;
|
|
|
|
|
if (*p)
|
|
|
|
|
{
|
|
|
|
|
log_info (_("Error: invalid characters in preference string.\n"));
|
|
|
|
|
xfree (data);
|
|
|
|
|
goto again;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = scd_setattr ("DISP-LANG", data, strlen (data));
|
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
xfree (data);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
cmd_salut (card_info_t info, const char *argstr)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
char *data = NULL;
|
|
|
|
|
const char *str;
|
|
|
|
|
|
|
|
|
|
if (!info)
|
|
|
|
|
return print_help
|
|
|
|
|
("SALUT [--clear]\n\n"
|
|
|
|
|
"Change the salutation info for the card. This info can be used\n"
|
|
|
|
|
"by applications for a personalized greeting. The option --clear\n"
|
|
|
|
|
"removes this data object. GnuPG does not use this info.",
|
|
|
|
|
APP_TYPE_OPENPGP, 0);
|
|
|
|
|
|
|
|
|
|
again:
|
|
|
|
|
if (!strcmp (argstr, "--clear"))
|
|
|
|
|
str = "9";
|
|
|
|
|
else
|
|
|
|
|
{
|
2019-08-22 10:23:22 +02:00
|
|
|
|
data = tty_get (_("Salutation (M = Mr., F = Ms., or space): "));
|
2019-01-27 20:12:00 +01:00
|
|
|
|
trim_spaces (data);
|
|
|
|
|
tty_kill_prompt ();
|
|
|
|
|
if (*data == CONTROL_D)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_CANCELED);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!*data)
|
|
|
|
|
str = "9";
|
|
|
|
|
else if ((*data == 'M' || *data == 'm') && !data[1])
|
|
|
|
|
str = "1";
|
|
|
|
|
else if ((*data == 'F' || *data == 'f') && !data[1])
|
|
|
|
|
str = "2";
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
tty_printf (_("Error: invalid response.\n"));
|
|
|
|
|
xfree (data);
|
2021-04-13 14:50:13 +02:00
|
|
|
|
data = NULL;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
goto again;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = scd_setattr ("DISP-SEX", str, 1);
|
|
|
|
|
leave:
|
|
|
|
|
xfree (data);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
cmd_cafpr (card_info_t info, char *argstr)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
char *data = NULL;
|
|
|
|
|
const char *s;
|
|
|
|
|
int i, c;
|
|
|
|
|
unsigned char fpr[32];
|
|
|
|
|
int fprlen;
|
|
|
|
|
int fprno;
|
|
|
|
|
int opt_clear = 0;
|
|
|
|
|
|
|
|
|
|
if (!info)
|
|
|
|
|
return print_help
|
|
|
|
|
("CAFPR [--clear] N\n\n"
|
|
|
|
|
"Change the CA fingerprint number N. N must be in the\n"
|
|
|
|
|
"range 1 to 3. The option --clear clears the specified\n"
|
|
|
|
|
"CA fingerprint N or all of them if N is 0 or not given.",
|
|
|
|
|
APP_TYPE_OPENPGP, 0);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
opt_clear = has_leading_option (argstr, "--clear");
|
|
|
|
|
argstr = skip_options (argstr);
|
|
|
|
|
|
|
|
|
|
if (digitp (argstr))
|
|
|
|
|
{
|
|
|
|
|
fprno = atoi (argstr);
|
|
|
|
|
while (digitp (argstr))
|
|
|
|
|
argstr++;
|
|
|
|
|
while (spacep (argstr))
|
|
|
|
|
argstr++;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
fprno = 0;
|
|
|
|
|
|
|
|
|
|
if (opt_clear && !fprno)
|
|
|
|
|
; /* Okay: clear all fprs. */
|
|
|
|
|
else if (fprno < 1 || fprno > 3)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_INV_ARG);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
again:
|
|
|
|
|
if (opt_clear)
|
|
|
|
|
{
|
|
|
|
|
memset (fpr, 0, 20);
|
|
|
|
|
fprlen = 20;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
xfree (data);
|
|
|
|
|
data = tty_get (_("CA fingerprint: "));
|
|
|
|
|
trim_spaces (data);
|
|
|
|
|
tty_kill_prompt ();
|
|
|
|
|
if (!*data || *data == CONTROL_D)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_CANCELED);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (i=0, s=data; i < sizeof fpr && *s; )
|
|
|
|
|
{
|
|
|
|
|
while (spacep(s))
|
|
|
|
|
s++;
|
|
|
|
|
if (*s == ':')
|
|
|
|
|
s++;
|
|
|
|
|
while (spacep(s))
|
|
|
|
|
s++;
|
|
|
|
|
c = hextobyte (s);
|
|
|
|
|
if (c == -1)
|
|
|
|
|
break;
|
|
|
|
|
fpr[i++] = c;
|
|
|
|
|
s += 2;
|
|
|
|
|
}
|
|
|
|
|
fprlen = i;
|
|
|
|
|
if ((fprlen != 20 && fprlen != 32) || *s)
|
|
|
|
|
{
|
|
|
|
|
log_error (_("Error: invalid formatted fingerprint.\n"));
|
|
|
|
|
goto again;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!fprno)
|
|
|
|
|
{
|
|
|
|
|
log_assert (opt_clear);
|
|
|
|
|
err = scd_setattr ("CA-FPR-1", fpr, fprlen);
|
|
|
|
|
if (!err)
|
|
|
|
|
err = scd_setattr ("CA-FPR-2", fpr, fprlen);
|
|
|
|
|
if (!err)
|
|
|
|
|
err = scd_setattr ("CA-FPR-3", fpr, fprlen);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
err = scd_setattr (fprno==1?"CA-FPR-1":
|
|
|
|
|
fprno==2?"CA-FPR-2":
|
|
|
|
|
fprno==3?"CA-FPR-3":"x", fpr, fprlen);
|
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
xfree (data);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
cmd_privatedo (card_info_t info, char *argstr)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
int opt_clear;
|
|
|
|
|
char *do_name = NULL;
|
|
|
|
|
char *data = NULL;
|
|
|
|
|
size_t datalen;
|
|
|
|
|
int do_no;
|
|
|
|
|
|
|
|
|
|
if (!info)
|
|
|
|
|
return print_help
|
|
|
|
|
("PRIVATEDO [--clear] N [< FILE]\n\n"
|
|
|
|
|
"Change the private data object N. N must be in the\n"
|
|
|
|
|
"range 1 to 4. If FILE is given the data is is read\n"
|
|
|
|
|
"from that file. The option --clear clears the data.",
|
|
|
|
|
APP_TYPE_OPENPGP, 0);
|
|
|
|
|
|
|
|
|
|
opt_clear = has_leading_option (argstr, "--clear");
|
|
|
|
|
argstr = skip_options (argstr);
|
|
|
|
|
|
|
|
|
|
if (digitp (argstr))
|
|
|
|
|
{
|
|
|
|
|
do_no = atoi (argstr);
|
|
|
|
|
while (digitp (argstr))
|
|
|
|
|
argstr++;
|
|
|
|
|
while (spacep (argstr))
|
|
|
|
|
argstr++;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
do_no = 0;
|
|
|
|
|
|
|
|
|
|
if (do_no < 1 || do_no > 4)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_INV_ARG);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
do_name = xasprintf ("PRIVATE-DO-%d", do_no);
|
|
|
|
|
|
|
|
|
|
if (opt_clear)
|
|
|
|
|
{
|
|
|
|
|
data = xstrdup (" ");
|
|
|
|
|
datalen = 1;
|
|
|
|
|
}
|
|
|
|
|
else if (*argstr == '<') /* Read it from a file */
|
|
|
|
|
{
|
|
|
|
|
for (argstr++; spacep (argstr); argstr++)
|
|
|
|
|
;
|
|
|
|
|
err = get_data_from_file (argstr, &data, &datalen);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
else if (*argstr)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_INV_ARG);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
data = tty_get (_("Private DO data: "));
|
|
|
|
|
trim_spaces (data);
|
|
|
|
|
tty_kill_prompt ();
|
|
|
|
|
datalen = strlen (data);
|
|
|
|
|
if (!*data || *data == CONTROL_D)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_CANCELED);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = scd_setattr (do_name, data, datalen);
|
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
xfree (do_name);
|
|
|
|
|
xfree (data);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
cmd_writecert (card_info_t info, char *argstr)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
int opt_clear;
|
2020-05-28 15:55:54 +02:00
|
|
|
|
int opt_openpgp;
|
2019-02-07 11:05:22 +01:00
|
|
|
|
char *certref_buffer = NULL;
|
|
|
|
|
char *certref;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
char *data = NULL;
|
|
|
|
|
size_t datalen;
|
2020-06-03 16:24:44 +02:00
|
|
|
|
estream_t key = NULL;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
2020-05-28 15:55:54 +02:00
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
if (!info)
|
|
|
|
|
return print_help
|
2020-06-03 16:24:44 +02:00
|
|
|
|
("WRITECERT CERTREF '<' FILE\n"
|
|
|
|
|
"WRITECERT --openpgp CERTREF ['<' FILE|FPR]\n"
|
|
|
|
|
"WRITECERT --clear CERTREF\n\n"
|
2021-02-11 12:15:49 +01:00
|
|
|
|
"Write a certificate to the card under the id CERTREF.\n"
|
|
|
|
|
"The option --clear removes the certificate from the card.\n"
|
|
|
|
|
"The option --openpgp expects an OpenPGP keyblock and stores\n"
|
|
|
|
|
"it encapsulated in a CMS container; the keyblock is taken\n"
|
|
|
|
|
"from FILE or directly from the OpenPGP key with FPR",
|
2019-02-07 11:05:22 +01:00
|
|
|
|
APP_TYPE_OPENPGP, APP_TYPE_PIV, 0);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
|
|
|
|
opt_clear = has_leading_option (argstr, "--clear");
|
2020-05-28 15:55:54 +02:00
|
|
|
|
opt_openpgp = has_leading_option (argstr, "--openpgp");
|
2019-01-27 20:12:00 +01:00
|
|
|
|
argstr = skip_options (argstr);
|
|
|
|
|
|
2019-02-07 11:05:22 +01:00
|
|
|
|
certref = argstr;
|
|
|
|
|
if ((argstr = strchr (certref, ' ')))
|
2019-01-27 20:12:00 +01:00
|
|
|
|
{
|
2019-02-07 11:05:22 +01:00
|
|
|
|
*argstr++ = 0;
|
|
|
|
|
trim_spaces (certref);
|
|
|
|
|
trim_spaces (argstr);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
}
|
2019-02-07 11:05:22 +01:00
|
|
|
|
else /* Let argstr point to an empty string. */
|
|
|
|
|
argstr = certref + strlen (certref);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
2019-02-07 11:05:22 +01:00
|
|
|
|
if (info->apptype == APP_TYPE_OPENPGP)
|
2019-01-27 20:12:00 +01:00
|
|
|
|
{
|
2021-03-19 18:28:00 +01:00
|
|
|
|
if (!ascii_strcasecmp (certref, "OPENPGP.3") || !strcmp (certref, "3"))
|
|
|
|
|
certref_buffer = xstrdup ("OPENPGP.3");
|
|
|
|
|
else if (!ascii_strcasecmp (certref, "OPENPGP.2")||!strcmp (certref,"2"))
|
|
|
|
|
certref_buffer = xstrdup ("OPENPGP.2");
|
|
|
|
|
else if (!ascii_strcasecmp (certref, "OPENPGP.1")||!strcmp (certref,"1"))
|
|
|
|
|
certref_buffer = xstrdup ("OPENPGP.1");
|
|
|
|
|
else
|
2019-02-07 11:05:22 +01:00
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_INV_ID);
|
2021-03-19 18:28:00 +01:00
|
|
|
|
log_error ("Error: CERTREF must be OPENPGP.N or just N"
|
|
|
|
|
" with N being 1..3\"");
|
2019-02-07 11:05:22 +01:00
|
|
|
|
goto leave;
|
|
|
|
|
}
|
2021-03-19 18:28:00 +01:00
|
|
|
|
certref = certref_buffer;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
}
|
2019-02-13 09:46:36 +01:00
|
|
|
|
else /* Upcase the certref; prepend cardtype if needed. */
|
|
|
|
|
{
|
|
|
|
|
if (!strchr (certref, '.'))
|
|
|
|
|
certref_buffer = xstrconcat (app_type_string (info->apptype), ".",
|
|
|
|
|
certref, NULL);
|
|
|
|
|
else
|
|
|
|
|
certref_buffer = xstrdup (certref);
|
|
|
|
|
ascii_strupr (certref_buffer);
|
|
|
|
|
certref = certref_buffer;
|
|
|
|
|
}
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
|
|
|
|
if (opt_clear)
|
|
|
|
|
{
|
|
|
|
|
data = xstrdup (" ");
|
|
|
|
|
datalen = 1;
|
|
|
|
|
}
|
|
|
|
|
else if (*argstr == '<') /* Read it from a file */
|
|
|
|
|
{
|
|
|
|
|
for (argstr++; spacep (argstr); argstr++)
|
|
|
|
|
;
|
|
|
|
|
err = get_data_from_file (argstr, &data, &datalen);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
2019-03-06 12:40:45 +01:00
|
|
|
|
if (ascii_memistr (data, datalen, "-----BEGIN CERTIFICATE-----")
|
|
|
|
|
&& ascii_memistr (data, datalen, "-----END CERTIFICATE-----")
|
|
|
|
|
&& !memchr (data, 0, datalen) && !memchr (data, 1, datalen))
|
|
|
|
|
{
|
2023-09-26 06:34:50 +02:00
|
|
|
|
gpgrt_b64state_t b64;
|
2019-03-06 12:40:45 +01:00
|
|
|
|
|
2023-09-26 06:34:50 +02:00
|
|
|
|
b64 = gpgrt_b64dec_start ("");
|
|
|
|
|
if (!b64)
|
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
|
else
|
|
|
|
|
err = gpgrt_b64dec_proc (b64, data, datalen, &datalen);
|
2019-03-06 12:40:45 +01:00
|
|
|
|
if (!err)
|
2023-09-26 06:34:50 +02:00
|
|
|
|
err = gpgrt_b64dec_finish (b64);
|
2019-03-06 12:40:45 +01:00
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
2019-01-27 20:12:00 +01:00
|
|
|
|
}
|
2020-06-03 16:24:44 +02:00
|
|
|
|
else if (opt_openpgp && *argstr)
|
|
|
|
|
{
|
|
|
|
|
err = get_minimal_openpgp_key (&key, argstr);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
if (es_fclose_snatch (key, (void*)&data, &datalen))
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
key = NULL;
|
|
|
|
|
}
|
2019-01-27 20:12:00 +01:00
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_INV_ARG);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-28 15:55:54 +02:00
|
|
|
|
if (opt_openpgp && !opt_clear)
|
|
|
|
|
{
|
|
|
|
|
tlv_builder_t tb;
|
|
|
|
|
void *tmpder;
|
|
|
|
|
size_t tmpderlen;
|
|
|
|
|
|
|
|
|
|
tb = tlv_builder_new (0);
|
|
|
|
|
if (!tb)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tlv_builder_add_tag (tb, 0, TAG_SEQUENCE);
|
|
|
|
|
tlv_builder_add_ptr (tb, 0, TAG_OBJECT_ID,
|
|
|
|
|
"\x2B\x06\x01\x04\x01\xDA\x47\x02\x03\x01", 10);
|
|
|
|
|
tlv_builder_add_tag (tb, CLASS_CONTEXT, 0);
|
|
|
|
|
tlv_builder_add_ptr (tb, 0, TAG_OCTET_STRING, data, datalen);
|
|
|
|
|
tlv_builder_add_end (tb);
|
|
|
|
|
tlv_builder_add_end (tb);
|
|
|
|
|
|
|
|
|
|
err = tlv_builder_finalize (tb, &tmpder, &tmpderlen);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
xfree (data);
|
|
|
|
|
data = tmpder;
|
|
|
|
|
datalen = tmpderlen;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-02-07 11:05:22 +01:00
|
|
|
|
err = scd_writecert (certref, data, datalen);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
|
|
|
|
leave:
|
2020-06-03 16:24:44 +02:00
|
|
|
|
es_fclose (key);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
xfree (data);
|
2019-02-07 11:05:22 +01:00
|
|
|
|
xfree (certref_buffer);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
cmd_readcert (card_info_t info, char *argstr)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
2019-02-07 11:05:22 +01:00
|
|
|
|
char *certref_buffer = NULL;
|
|
|
|
|
char *certref;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
void *data = NULL;
|
2020-05-28 15:55:54 +02:00
|
|
|
|
size_t datalen, dataoff;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
const char *fname;
|
2020-05-28 15:55:54 +02:00
|
|
|
|
int opt_openpgp;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
|
|
|
|
if (!info)
|
|
|
|
|
return print_help
|
2020-05-28 15:55:54 +02:00
|
|
|
|
("READCERT [--openpgp] CERTREF > FILE\n\n"
|
|
|
|
|
"Read the certificate for key CERTREF and store it in FILE.\n"
|
|
|
|
|
"With option \"--openpgp\" an OpenPGP keyblock is expected\n"
|
|
|
|
|
"and stored in FILE.\n",
|
2019-02-07 11:05:22 +01:00
|
|
|
|
APP_TYPE_OPENPGP, APP_TYPE_PIV, 0);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
2020-05-28 15:55:54 +02:00
|
|
|
|
opt_openpgp = has_leading_option (argstr, "--openpgp");
|
2019-01-27 20:12:00 +01:00
|
|
|
|
argstr = skip_options (argstr);
|
|
|
|
|
|
2019-02-07 11:05:22 +01:00
|
|
|
|
certref = argstr;
|
|
|
|
|
if ((argstr = strchr (certref, ' ')))
|
2019-01-27 20:12:00 +01:00
|
|
|
|
{
|
2019-02-07 11:05:22 +01:00
|
|
|
|
*argstr++ = 0;
|
|
|
|
|
trim_spaces (certref);
|
|
|
|
|
trim_spaces (argstr);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
}
|
2019-02-07 11:05:22 +01:00
|
|
|
|
else /* Let argstr point to an empty string. */
|
|
|
|
|
argstr = certref + strlen (certref);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
2019-02-07 11:05:22 +01:00
|
|
|
|
if (info->apptype == APP_TYPE_OPENPGP)
|
2019-01-27 20:12:00 +01:00
|
|
|
|
{
|
2021-03-19 18:28:00 +01:00
|
|
|
|
if (!ascii_strcasecmp (certref, "OPENPGP.3") || !strcmp (certref, "3"))
|
|
|
|
|
certref_buffer = xstrdup ("OPENPGP.3");
|
|
|
|
|
else if (!ascii_strcasecmp (certref, "OPENPGP.2")||!strcmp (certref,"2"))
|
|
|
|
|
certref_buffer = xstrdup ("OPENPGP.2");
|
|
|
|
|
else if (!ascii_strcasecmp (certref, "OPENPGP.1")||!strcmp (certref,"1"))
|
|
|
|
|
certref_buffer = xstrdup ("OPENPGP.1");
|
|
|
|
|
else
|
2019-02-07 11:05:22 +01:00
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_INV_ID);
|
2021-03-19 18:28:00 +01:00
|
|
|
|
log_error ("Error: CERTREF must be OPENPGP.N or just N"
|
|
|
|
|
" with N being 1..3\"");
|
2019-02-07 11:05:22 +01:00
|
|
|
|
goto leave;
|
|
|
|
|
}
|
2021-03-19 18:28:00 +01:00
|
|
|
|
certref = certref_buffer;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
}
|
|
|
|
|
|
2019-02-07 11:05:22 +01:00
|
|
|
|
if (*argstr == '>') /* Write it to a file */
|
2019-01-27 20:12:00 +01:00
|
|
|
|
{
|
|
|
|
|
for (argstr++; spacep (argstr); argstr++)
|
|
|
|
|
;
|
|
|
|
|
fname = argstr;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_INV_ARG);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-28 15:55:54 +02:00
|
|
|
|
dataoff = 0;
|
2019-02-07 11:05:22 +01:00
|
|
|
|
err = scd_readcert (certref, &data, &datalen);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
|
2020-05-28 15:55:54 +02:00
|
|
|
|
if (opt_openpgp)
|
|
|
|
|
{
|
|
|
|
|
/* Check whether DATA contains an OpenPGP keyblock and put only
|
|
|
|
|
* this into FILE. If the data is something different, return
|
|
|
|
|
* an error. */
|
|
|
|
|
const unsigned char *p;
|
|
|
|
|
size_t n, objlen, hdrlen;
|
|
|
|
|
int class, tag, cons, ndef;
|
|
|
|
|
|
|
|
|
|
p = data;
|
|
|
|
|
n = datalen;
|
|
|
|
|
if (parse_ber_header (&p,&n,&class,&tag,&cons,&ndef,&objlen,&hdrlen))
|
|
|
|
|
goto not_openpgp;
|
|
|
|
|
if (!(class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && cons))
|
|
|
|
|
goto not_openpgp; /* Does not start with a sequence. */
|
|
|
|
|
if (parse_ber_header (&p,&n,&class,&tag,&cons,&ndef,&objlen,&hdrlen))
|
|
|
|
|
goto not_openpgp;
|
|
|
|
|
if (!(class == CLASS_UNIVERSAL && tag == TAG_OBJECT_ID && !cons))
|
|
|
|
|
goto not_openpgp; /* No Object ID. */
|
|
|
|
|
if (objlen > n)
|
|
|
|
|
goto not_openpgp; /* Inconsistent lengths. */
|
|
|
|
|
if (objlen != 10
|
|
|
|
|
|| memcmp (p, "\x2B\x06\x01\x04\x01\xDA\x47\x02\x03\x01", objlen))
|
|
|
|
|
goto not_openpgp; /* Wrong Object ID. */
|
|
|
|
|
p += objlen;
|
|
|
|
|
n -= objlen;
|
|
|
|
|
if (parse_ber_header (&p,&n,&class,&tag,&cons,&ndef,&objlen,&hdrlen))
|
|
|
|
|
goto not_openpgp;
|
|
|
|
|
if (!(class == CLASS_CONTEXT && tag == 0 && cons))
|
|
|
|
|
goto not_openpgp; /* Not a [0] context tag. */
|
|
|
|
|
if (parse_ber_header (&p,&n,&class,&tag,&cons,&ndef,&objlen,&hdrlen))
|
|
|
|
|
goto not_openpgp;
|
|
|
|
|
if (!(class == CLASS_UNIVERSAL && tag == TAG_OCTET_STRING && !cons))
|
|
|
|
|
goto not_openpgp; /* Not an octet string. */
|
|
|
|
|
if (objlen > n)
|
|
|
|
|
goto not_openpgp; /* Inconsistent lengths. */
|
|
|
|
|
dataoff = p - (const unsigned char*)data;
|
|
|
|
|
datalen = objlen;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = put_data_to_file (fname, (unsigned char*)data+dataoff, datalen);
|
|
|
|
|
goto leave;
|
|
|
|
|
|
|
|
|
|
not_openpgp:
|
|
|
|
|
err = gpg_error (GPG_ERR_WRONG_BLOB_TYPE);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
xfree (data);
|
2019-02-07 11:05:22 +01:00
|
|
|
|
xfree (certref_buffer);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-03-05 15:49:20 +01:00
|
|
|
|
static gpg_error_t
|
|
|
|
|
cmd_writekey (card_info_t info, char *argstr)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
int opt_force;
|
common,agent,dirmngr,g10,tools: Fix split_fields API.
* common/stringhelp.h (split_fields): Use const * for the strings in
the ARRAY.
(split_fields_colon): Likewise.
* common/stringhelp.c (split_fields, split_fields_colon): Fix
the implementation.
* agent/call-scd.c, agent/command.c: Follow the change.
* common/t-stringhelp.c, dirmngr/loadswdb.c: Likewise.
* g10/call-agent.c, tools/card-call-scd.c: Likewise.
* tools/card-yubikey.c, tools/gpg-card.c: Likewise.
* tools/gpg-card.h, tools/gpg-wks-client.c: Likewise.
* tools/gpgconf-comp.c, tools/gpgconf.c: Likewise.
* tools/wks-util.c: Likewise.
--
The strings in the ARRAY don't need to be released by caller, as those
are references. It's easier to follow the code when it's explicitly
const *.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-18 03:20:23 +02:00
|
|
|
|
const char *argv[2];
|
2019-03-05 15:49:20 +01:00
|
|
|
|
int argc;
|
|
|
|
|
char *keyref_buffer = NULL;
|
common,agent,dirmngr,g10,tools: Fix split_fields API.
* common/stringhelp.h (split_fields): Use const * for the strings in
the ARRAY.
(split_fields_colon): Likewise.
* common/stringhelp.c (split_fields, split_fields_colon): Fix
the implementation.
* agent/call-scd.c, agent/command.c: Follow the change.
* common/t-stringhelp.c, dirmngr/loadswdb.c: Likewise.
* g10/call-agent.c, tools/card-call-scd.c: Likewise.
* tools/card-yubikey.c, tools/gpg-card.c: Likewise.
* tools/gpg-card.h, tools/gpg-wks-client.c: Likewise.
* tools/gpgconf-comp.c, tools/gpgconf.c: Likewise.
* tools/wks-util.c: Likewise.
--
The strings in the ARRAY don't need to be released by caller, as those
are references. It's easier to follow the code when it's explicitly
const *.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-18 03:20:23 +02:00
|
|
|
|
const char *keyref;
|
|
|
|
|
const char *keygrip;
|
2019-03-05 15:49:20 +01:00
|
|
|
|
|
|
|
|
|
if (!info)
|
|
|
|
|
return print_help
|
|
|
|
|
("WRITEKEY [--force] KEYREF KEYGRIP\n\n"
|
|
|
|
|
"Write a private key object identified by KEYGRIP to slot KEYREF.\n"
|
|
|
|
|
"Use --force to overwrite an existing key.",
|
|
|
|
|
APP_TYPE_OPENPGP, APP_TYPE_PIV, 0);
|
|
|
|
|
|
|
|
|
|
opt_force = has_leading_option (argstr, "--force");
|
|
|
|
|
argstr = skip_options (argstr);
|
|
|
|
|
|
|
|
|
|
argc = split_fields (argstr, argv, DIM (argv));
|
|
|
|
|
if (argc < 2)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_INV_ARG);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Upcase the keyref; prepend cardtype if needed. */
|
|
|
|
|
keyref = argv[0];
|
|
|
|
|
if (!strchr (keyref, '.'))
|
|
|
|
|
keyref_buffer = xstrconcat (app_type_string (info->apptype), ".",
|
|
|
|
|
keyref, NULL);
|
|
|
|
|
else
|
|
|
|
|
keyref_buffer = xstrdup (keyref);
|
|
|
|
|
ascii_strupr (keyref_buffer);
|
|
|
|
|
keyref = keyref_buffer;
|
|
|
|
|
|
|
|
|
|
/* Get the keygrip. */
|
|
|
|
|
keygrip = argv[1];
|
|
|
|
|
if (strlen (keygrip) != 40
|
|
|
|
|
&& !(keygrip[0] == '&' && strlen (keygrip+1) == 40))
|
|
|
|
|
{
|
|
|
|
|
log_error (_("Not a valid keygrip (expecting 40 hex digits)\n"));
|
|
|
|
|
err = gpg_error (GPG_ERR_INV_ARG);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = scd_writekey (keyref, opt_force, keygrip);
|
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
xfree (keyref_buffer);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
static gpg_error_t
|
|
|
|
|
cmd_forcesig (card_info_t info)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
int newstate;
|
|
|
|
|
|
|
|
|
|
if (!info)
|
|
|
|
|
return print_help
|
|
|
|
|
("FORCESIG\n\n"
|
|
|
|
|
"Toggle the forcesig flag of an OpenPGP card.",
|
|
|
|
|
APP_TYPE_OPENPGP, 0);
|
|
|
|
|
|
|
|
|
|
if (info->apptype != APP_TYPE_OPENPGP)
|
|
|
|
|
{
|
|
|
|
|
log_info ("Note: This is an OpenPGP only command.\n");
|
|
|
|
|
return gpg_error (GPG_ERR_NOT_SUPPORTED);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
newstate = !info->chv1_cached;
|
|
|
|
|
|
|
|
|
|
err = scd_setattr ("CHV-STATUS-1", newstate? "\x01":"", 1);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
|
|
|
|
|
/* Read it back to be sure we have the right toggle state the next
|
|
|
|
|
* time. */
|
|
|
|
|
err = scd_getattr ("CHV-STATUS", info);
|
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-02-08 11:58:27 +01:00
|
|
|
|
|
Spelling cleanup.
No functional changes, just fixing minor spelling issues.
---
Most of these were identified from the command line by running:
codespell \
--ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \
--skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \
doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \
NEWS README README.maint TODO
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-02-18 15:34:42 +01:00
|
|
|
|
/* Helper for cmd_generate_openpgp. Note that either 0 or 1 is stored at
|
2019-01-27 20:12:00 +01:00
|
|
|
|
* FORCED_CHV1. */
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
check_pin_for_key_operation (card_info_t info, int *forced_chv1)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err = 0;
|
|
|
|
|
|
|
|
|
|
*forced_chv1 = !info->chv1_cached;
|
|
|
|
|
if (*forced_chv1)
|
|
|
|
|
{ /* Switch off the forced mode so that during key generation we
|
|
|
|
|
* don't get bothered with PIN queries for each self-signature. */
|
|
|
|
|
err = scd_setattr ("CHV-STATUS-1", "\x01", 1);
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
log_error ("error clearing forced signature PIN flag: %s\n",
|
|
|
|
|
gpg_strerror (err));
|
|
|
|
|
*forced_chv1 = -1; /* Not changed. */
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check the PIN now, so that we won't get asked later for each
|
|
|
|
|
* binding signature. */
|
|
|
|
|
err = scd_checkpin (info->serialno);
|
|
|
|
|
if (err)
|
|
|
|
|
log_error ("error checking the PIN: %s\n", gpg_strerror (err));
|
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-02-08 11:58:27 +01:00
|
|
|
|
/* Helper for cmd_generate_openpgp. */
|
2019-01-27 20:12:00 +01:00
|
|
|
|
static void
|
|
|
|
|
restore_forced_chv1 (int *forced_chv1)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
|
|
|
|
|
/* Note the possible values stored at FORCED_CHV1:
|
|
|
|
|
* 0 - forcesig was not enabled.
|
|
|
|
|
* 1 - forcesig was enabled - enable it again.
|
|
|
|
|
* -1 - We have not changed anything. */
|
|
|
|
|
if (*forced_chv1 == 1)
|
|
|
|
|
{ /* Switch back to forced state. */
|
|
|
|
|
err = scd_setattr ("CHV-STATUS-1", "", 1);
|
|
|
|
|
if (err)
|
|
|
|
|
log_error ("error setting forced signature PIN flag: %s\n",
|
|
|
|
|
gpg_strerror (err));
|
|
|
|
|
*forced_chv1 = 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2020-02-10 14:12:36 +01:00
|
|
|
|
/* Ask whether existing keys shall be overwritten. With NULL used for
|
|
|
|
|
* KINFO it will ask for all keys, other wise for the given key. */
|
2019-01-27 20:12:00 +01:00
|
|
|
|
static gpg_error_t
|
2020-02-10 14:12:36 +01:00
|
|
|
|
ask_replace_keys (key_info_t kinfo)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
char *answer;
|
|
|
|
|
|
|
|
|
|
tty_printf ("\n");
|
|
|
|
|
if (kinfo)
|
|
|
|
|
log_info (_("Note: key %s is already stored on the card!\n"),
|
|
|
|
|
kinfo->keyref);
|
|
|
|
|
else
|
|
|
|
|
log_info (_("Note: Keys are already stored on the card!\n"));
|
|
|
|
|
tty_printf ("\n");
|
|
|
|
|
if (kinfo)
|
|
|
|
|
answer = tty_getf (_("Replace existing key %s ? (y/N) "), kinfo->keyref);
|
|
|
|
|
else
|
|
|
|
|
answer = tty_get (_("Replace existing keys? (y/N) "));
|
|
|
|
|
tty_kill_prompt ();
|
|
|
|
|
if (*answer == CONTROL_D)
|
|
|
|
|
err = gpg_error (GPG_ERR_CANCELED);
|
|
|
|
|
else if (!answer_is_yes_no_default (answer, 0/*(default to No)*/))
|
|
|
|
|
err = gpg_error (GPG_ERR_CANCELED);
|
|
|
|
|
else
|
|
|
|
|
err = 0;
|
|
|
|
|
|
|
|
|
|
xfree (answer);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Implementation of cmd_generate for OpenPGP cards to generate all
|
|
|
|
|
* standard keys at once. */
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
generate_all_openpgp_card_keys (card_info_t info, char **algos)
|
2019-01-27 20:12:00 +01:00
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
int forced_chv1 = -1;
|
|
|
|
|
int want_backup;
|
|
|
|
|
char *answer = NULL;
|
2019-01-29 08:48:53 +01:00
|
|
|
|
key_info_t kinfo1, kinfo2, kinfo3;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
|
|
|
|
if (info->extcap.ki)
|
|
|
|
|
{
|
|
|
|
|
xfree (answer);
|
|
|
|
|
answer = tty_get (_("Make off-card backup of encryption key? (Y/n) "));
|
|
|
|
|
want_backup = answer_is_yes_no_default (answer, 1/*(default to Yes)*/);
|
|
|
|
|
tty_kill_prompt ();
|
|
|
|
|
if (*answer == CONTROL_D)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_CANCELED);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
want_backup = 0;
|
|
|
|
|
|
2019-01-29 08:48:53 +01:00
|
|
|
|
kinfo1 = find_kinfo (info, "OPENPGP.1");
|
|
|
|
|
kinfo2 = find_kinfo (info, "OPENPGP.2");
|
|
|
|
|
kinfo3 = find_kinfo (info, "OPENPGP.3");
|
|
|
|
|
|
|
|
|
|
if ((kinfo1 && kinfo1->fprlen && !mem_is_zero (kinfo1->fpr,kinfo1->fprlen))
|
|
|
|
|
|| (kinfo2 && kinfo2->fprlen && !mem_is_zero (kinfo2->fpr,kinfo2->fprlen))
|
|
|
|
|
|| (kinfo3 && kinfo3->fprlen && !mem_is_zero (kinfo3->fpr,kinfo3->fprlen))
|
|
|
|
|
)
|
2019-01-27 20:12:00 +01:00
|
|
|
|
{
|
2020-02-10 14:12:36 +01:00
|
|
|
|
err = ask_replace_keys (NULL);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* If no displayed name has been set, we assume that this is a fresh
|
|
|
|
|
* card and print a hint about the default PINs. */
|
|
|
|
|
if (!info->disp_name || !*info->disp_name)
|
|
|
|
|
{
|
|
|
|
|
tty_printf ("\n");
|
|
|
|
|
tty_printf (_("Please note that the factory settings of the PINs are\n"
|
|
|
|
|
" PIN = '%s' Admin PIN = '%s'\n"
|
|
|
|
|
"You should change them using the command --change-pin\n"),
|
|
|
|
|
OPENPGP_USER_PIN_DEFAULT, OPENPGP_ADMIN_PIN_DEFAULT);
|
|
|
|
|
tty_printf ("\n");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = check_pin_for_key_operation (info, &forced_chv1);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
|
2020-02-10 14:12:36 +01:00
|
|
|
|
(void)algos; /* FIXME: If we have ALGOS, we need to change the key attr. */
|
|
|
|
|
|
|
|
|
|
/* FIXME: We need to divert to a function which spawns gpg which
|
2019-01-27 20:12:00 +01:00
|
|
|
|
* will then create the key. This also requires new features in
|
|
|
|
|
* gpg. We might also first create the keys on the card and then
|
|
|
|
|
* tell gpg to use them to create the OpenPGP keyblock. */
|
|
|
|
|
/* generate_keypair (ctrl, 1, NULL, info.serialno, want_backup); */
|
2019-02-08 11:58:27 +01:00
|
|
|
|
(void)want_backup;
|
2020-02-11 14:58:17 +01:00
|
|
|
|
err = scd_genkey ("OPENPGP.1", 1, NULL, NULL);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
restore_forced_chv1 (&forced_chv1);
|
|
|
|
|
xfree (answer);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2020-02-10 14:12:36 +01:00
|
|
|
|
/* Create a single key. This is a helper for cmd_generate. */
|
2019-02-08 11:58:27 +01:00
|
|
|
|
static gpg_error_t
|
2020-02-10 14:12:36 +01:00
|
|
|
|
generate_key (card_info_t info, const char *keyref, int force,
|
|
|
|
|
const char *algo)
|
2019-02-08 11:58:27 +01:00
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
2020-02-10 14:12:36 +01:00
|
|
|
|
key_info_t kinfo;
|
2019-02-08 11:58:27 +01:00
|
|
|
|
|
2020-02-10 14:12:36 +01:00
|
|
|
|
if (info->apptype == APP_TYPE_OPENPGP)
|
|
|
|
|
{
|
|
|
|
|
kinfo = find_kinfo (info, keyref);
|
|
|
|
|
if (!kinfo)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_INV_ID);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!force
|
|
|
|
|
&& kinfo->fprlen && !mem_is_zero (kinfo->fpr, kinfo->fprlen))
|
|
|
|
|
{
|
|
|
|
|
err = ask_replace_keys (NULL);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
2020-02-11 14:58:17 +01:00
|
|
|
|
force = 1;
|
2020-02-10 14:12:36 +01:00
|
|
|
|
}
|
|
|
|
|
}
|
2019-02-08 11:58:27 +01:00
|
|
|
|
|
|
|
|
|
err = scd_genkey (keyref, force, algo, NULL);
|
|
|
|
|
|
2020-02-10 14:12:36 +01:00
|
|
|
|
leave:
|
2019-02-08 11:58:27 +01:00
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
cmd_generate (card_info_t info, char *argstr)
|
|
|
|
|
{
|
|
|
|
|
static char * const valid_algos[] =
|
2020-02-08 20:30:39 +01:00
|
|
|
|
{ "rsa2048", "rsa3072", "rsa4096", "",
|
|
|
|
|
"nistp256", "nistp384", "nistp521", "",
|
|
|
|
|
"brainpoolP256r1", "brainpoolP384r1", "brainpoolP512r1", "",
|
2019-02-08 11:58:27 +01:00
|
|
|
|
"ed25519", "cv25519",
|
|
|
|
|
NULL
|
|
|
|
|
};
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
int opt_force;
|
2020-02-10 14:12:36 +01:00
|
|
|
|
char *p;
|
|
|
|
|
char **opt_algo = NULL; /* Malloced. */
|
2019-02-08 11:58:27 +01:00
|
|
|
|
char *keyref_buffer = NULL; /* Malloced. */
|
|
|
|
|
char *keyref; /* Points into argstr or keyref_buffer. */
|
2020-02-10 14:12:36 +01:00
|
|
|
|
int i, j;
|
2019-02-08 11:58:27 +01:00
|
|
|
|
|
|
|
|
|
if (!info)
|
|
|
|
|
return print_help
|
2020-02-10 14:12:36 +01:00
|
|
|
|
("GENERATE [--force] [--algo=ALGO{+ALGO2}] KEYREF\n\n"
|
|
|
|
|
"Create a new key on a card.\n"
|
|
|
|
|
"Use --force to overwrite an existing key.\n"
|
|
|
|
|
"Use \"help\" for ALGO to get a list of known algorithms.\n"
|
|
|
|
|
"For OpenPGP cards several algos may be given.\n"
|
|
|
|
|
"Note that the OpenPGP key generation is done interactively\n"
|
|
|
|
|
"unless a single ALGO or KEYREF are given.",
|
2019-02-08 11:58:27 +01:00
|
|
|
|
APP_TYPE_OPENPGP, APP_TYPE_PIV, 0);
|
|
|
|
|
|
|
|
|
|
if (opt.interactive || opt.verbose)
|
|
|
|
|
log_info (_("%s card no. %s detected\n"),
|
|
|
|
|
app_type_string (info->apptype),
|
|
|
|
|
info->dispserialno? info->dispserialno : info->serialno);
|
|
|
|
|
|
|
|
|
|
opt_force = has_leading_option (argstr, "--force");
|
2020-02-10 14:12:36 +01:00
|
|
|
|
err = get_option_value (argstr, "--algo", &p);
|
2019-02-08 11:58:27 +01:00
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
2020-02-10 14:12:36 +01:00
|
|
|
|
if (p)
|
|
|
|
|
{
|
|
|
|
|
opt_algo = strtokenize (p, "+");
|
|
|
|
|
if (!opt_algo)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
|
xfree (p);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
xfree (p);
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-08 11:58:27 +01:00
|
|
|
|
argstr = skip_options (argstr);
|
|
|
|
|
|
|
|
|
|
keyref = argstr;
|
|
|
|
|
if ((argstr = strchr (keyref, ' ')))
|
|
|
|
|
{
|
|
|
|
|
*argstr++ = 0;
|
|
|
|
|
trim_spaces (keyref);
|
|
|
|
|
trim_spaces (argstr);
|
|
|
|
|
}
|
|
|
|
|
else /* Let argstr point to an empty string. */
|
|
|
|
|
argstr = keyref + strlen (keyref);
|
|
|
|
|
|
|
|
|
|
if (!*keyref)
|
|
|
|
|
keyref = NULL;
|
|
|
|
|
|
|
|
|
|
if (*argstr)
|
|
|
|
|
{
|
|
|
|
|
/* Extra arguments found. */
|
|
|
|
|
err = gpg_error (GPG_ERR_INV_ARG);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (opt_algo)
|
|
|
|
|
{
|
2020-02-10 14:12:36 +01:00
|
|
|
|
/* opt_algo is an array of algos. */
|
|
|
|
|
for (i=0; opt_algo[i]; i++)
|
2019-02-08 11:58:27 +01:00
|
|
|
|
{
|
2020-02-10 14:12:36 +01:00
|
|
|
|
for (j=0; valid_algos[j]; j++)
|
|
|
|
|
if (*valid_algos[j] && !strcmp (valid_algos[j], opt_algo[i]))
|
|
|
|
|
break;
|
|
|
|
|
if (!valid_algos[j])
|
2020-02-08 20:30:39 +01:00
|
|
|
|
{
|
2020-02-10 14:12:36 +01:00
|
|
|
|
int lf = 1;
|
|
|
|
|
if (!ascii_strcasecmp (opt_algo[i], "help"))
|
|
|
|
|
log_info ("Known algorithms:\n");
|
|
|
|
|
else
|
2020-02-08 20:30:39 +01:00
|
|
|
|
{
|
2020-02-10 14:12:36 +01:00
|
|
|
|
log_info ("Invalid algorithm '%s' given. Use one of:\n",
|
|
|
|
|
opt_algo[i]);
|
|
|
|
|
err = gpg_error (GPG_ERR_PUBKEY_ALGO);
|
2020-02-08 20:30:39 +01:00
|
|
|
|
}
|
2020-02-10 14:12:36 +01:00
|
|
|
|
for (i=0; valid_algos[i]; i++)
|
|
|
|
|
{
|
|
|
|
|
if (!*valid_algos[i])
|
|
|
|
|
lf = 1;
|
|
|
|
|
else if (lf)
|
|
|
|
|
{
|
|
|
|
|
lf = 0;
|
|
|
|
|
log_info (" %s%s",
|
|
|
|
|
valid_algos[i], valid_algos[i+1]?",":".");
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
log_printf (" %s%s",
|
|
|
|
|
valid_algos[i], valid_algos[i+1]?",":".");
|
|
|
|
|
}
|
2020-05-27 13:48:20 +02:00
|
|
|
|
log_printf ("\n");
|
2020-02-10 14:12:36 +01:00
|
|
|
|
show_keysize_warning ();
|
|
|
|
|
goto leave;
|
2020-02-08 20:30:39 +01:00
|
|
|
|
}
|
2019-02-08 11:58:27 +01:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Upcase the keyref; if it misses the cardtype, prepend it. */
|
|
|
|
|
if (keyref)
|
|
|
|
|
{
|
|
|
|
|
if (!strchr (keyref, '.'))
|
|
|
|
|
keyref_buffer = xstrconcat (app_type_string (info->apptype), ".",
|
|
|
|
|
keyref, NULL);
|
|
|
|
|
else
|
|
|
|
|
keyref_buffer = xstrdup (keyref);
|
|
|
|
|
ascii_strupr (keyref_buffer);
|
|
|
|
|
keyref = keyref_buffer;
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-05 17:40:08 +01:00
|
|
|
|
/* Special checks. */
|
|
|
|
|
if ((info->cardtype && !strcmp (info->cardtype, "yubikey"))
|
|
|
|
|
&& info->cardversion >= 0x040200 && info->cardversion < 0x040305)
|
|
|
|
|
{
|
|
|
|
|
log_error ("On-chip key generation on this YubiKey has been blocked.\n");
|
|
|
|
|
log_info ("Please see <https://yubi.co/ysa201701> for details\n");
|
|
|
|
|
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-08 11:58:27 +01:00
|
|
|
|
/* Divert to dedicated functions. */
|
2020-02-10 14:12:36 +01:00
|
|
|
|
if (info->apptype == APP_TYPE_OPENPGP
|
|
|
|
|
&& !keyref
|
|
|
|
|
&& (!opt_algo || (opt_algo[0] && opt_algo[1])))
|
2019-02-08 11:58:27 +01:00
|
|
|
|
{
|
2020-02-10 14:12:36 +01:00
|
|
|
|
/* With no algo requested or more than one algo requested and no
|
|
|
|
|
* keyref given we create all keys. */
|
|
|
|
|
if (opt_force || keyref)
|
|
|
|
|
log_info ("Note: OpenPGP key generation is interactive.\n");
|
|
|
|
|
err = generate_all_openpgp_card_keys (info, opt_algo);
|
2019-02-08 11:58:27 +01:00
|
|
|
|
}
|
|
|
|
|
else if (!keyref)
|
|
|
|
|
err = gpg_error (GPG_ERR_INV_ID);
|
2020-02-10 14:12:36 +01:00
|
|
|
|
else if (opt_algo && opt_algo[0] && opt_algo[1])
|
|
|
|
|
{
|
|
|
|
|
log_error ("only one algorithm expected as value for --algo.\n");
|
|
|
|
|
err = gpg_error (GPG_ERR_INV_ARG);
|
|
|
|
|
}
|
2019-02-08 11:58:27 +01:00
|
|
|
|
else
|
2020-02-10 14:12:36 +01:00
|
|
|
|
err = generate_key (info, keyref, opt_force, opt_algo? opt_algo[0]:NULL);
|
2019-02-08 11:58:27 +01:00
|
|
|
|
|
2020-05-27 13:48:20 +02:00
|
|
|
|
if (!err)
|
|
|
|
|
{
|
2021-04-01 10:34:06 +02:00
|
|
|
|
err = scd_learn (info, 0);
|
2020-05-27 13:48:20 +02:00
|
|
|
|
if (err)
|
|
|
|
|
log_error ("Error re-reading card: %s\n", gpg_strerror (err));
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-08 11:58:27 +01:00
|
|
|
|
leave:
|
|
|
|
|
xfree (opt_algo);
|
|
|
|
|
xfree (keyref_buffer);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2019-03-28 14:46:05 +01:00
|
|
|
|
/* Change a PIN. */
|
2019-01-27 20:12:00 +01:00
|
|
|
|
static gpg_error_t
|
2019-03-01 12:20:24 +01:00
|
|
|
|
cmd_passwd (card_info_t info, char *argstr)
|
2019-01-27 20:12:00 +01:00
|
|
|
|
{
|
2019-03-28 14:46:05 +01:00
|
|
|
|
gpg_error_t err = 0;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
char *answer = NULL;
|
2019-03-28 14:46:05 +01:00
|
|
|
|
const char *pinref = NULL;
|
|
|
|
|
int reset_mode = 0;
|
2020-06-30 14:36:44 +02:00
|
|
|
|
int nullpin = 0;
|
2019-03-28 14:46:05 +01:00
|
|
|
|
int menu_used = 0;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
|
|
|
|
if (!info)
|
|
|
|
|
return print_help
|
2020-06-30 14:36:44 +02:00
|
|
|
|
("PASSWD [--reset|--nullpin] [PINREF]\n\n"
|
2019-03-28 14:46:05 +01:00
|
|
|
|
"Change or unblock the PINs. Note that in interactive mode\n"
|
|
|
|
|
"and without a PINREF a menu is presented for certain cards;\n"
|
|
|
|
|
"in non-interactive and without a PINREF a default value is\n"
|
2020-06-25 11:24:35 +02:00
|
|
|
|
"used for these cards. The option --reset is used with TCOS\n"
|
2020-06-30 14:36:44 +02:00
|
|
|
|
"cards to reset the PIN using the PUK or vice versa; --nullpin\n"
|
2022-12-15 15:13:54 +01:00
|
|
|
|
"is used for these cards to set the initial PIN.",
|
2019-01-27 20:12:00 +01:00
|
|
|
|
0);
|
|
|
|
|
|
2019-02-06 09:45:54 +01:00
|
|
|
|
if (opt.interactive || opt.verbose)
|
|
|
|
|
log_info (_("%s card no. %s detected\n"),
|
|
|
|
|
app_type_string (info->apptype),
|
2019-01-27 20:12:00 +01:00
|
|
|
|
info->dispserialno? info->dispserialno : info->serialno);
|
|
|
|
|
|
2020-06-25 11:24:35 +02:00
|
|
|
|
|
|
|
|
|
if (has_option (argstr, "--reset"))
|
|
|
|
|
reset_mode = 1;
|
2020-06-30 14:36:44 +02:00
|
|
|
|
else if (has_option (argstr, "--nullpin"))
|
|
|
|
|
nullpin = 1;
|
2020-06-25 11:24:35 +02:00
|
|
|
|
argstr = skip_options (argstr);
|
|
|
|
|
|
2020-06-30 14:36:44 +02:00
|
|
|
|
/* If --reset or --nullpin has been given we force non-interactive mode. */
|
|
|
|
|
if (*argstr || reset_mode || nullpin)
|
2020-06-25 11:24:35 +02:00
|
|
|
|
{
|
|
|
|
|
pinref = argstr;
|
|
|
|
|
if (!*pinref)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_MISSING_VALUE);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-03-28 14:46:05 +01:00
|
|
|
|
else if (opt.interactive && info->apptype == APP_TYPE_OPENPGP)
|
2019-01-27 20:12:00 +01:00
|
|
|
|
{
|
2019-03-28 14:46:05 +01:00
|
|
|
|
menu_used = 1;
|
|
|
|
|
while (!pinref)
|
2019-01-27 20:12:00 +01:00
|
|
|
|
{
|
|
|
|
|
xfree (answer);
|
2019-03-28 14:46:05 +01:00
|
|
|
|
answer = get_selection ("1 - change the PIN\n"
|
|
|
|
|
"2 - unblock and set new a PIN\n"
|
|
|
|
|
"3 - change the Admin PIN\n"
|
|
|
|
|
"4 - set the Reset Code\n"
|
|
|
|
|
"Q - quit\n");
|
2019-01-27 20:12:00 +01:00
|
|
|
|
if (strlen (answer) != 1)
|
|
|
|
|
continue;
|
2019-03-28 14:46:05 +01:00
|
|
|
|
else if (*answer == 'q' || *answer == 'Q')
|
|
|
|
|
goto leave;
|
|
|
|
|
else if (*answer == '1')
|
|
|
|
|
pinref = "OPENPGP.1";
|
2019-01-27 20:12:00 +01:00
|
|
|
|
else if (*answer == '2')
|
2019-03-28 14:46:05 +01:00
|
|
|
|
{ pinref = "OPENPGP.1"; reset_mode = 1; }
|
2019-01-27 20:12:00 +01:00
|
|
|
|
else if (*answer == '3')
|
2019-03-28 14:46:05 +01:00
|
|
|
|
pinref = "OPENPGP.3";
|
2019-01-27 20:12:00 +01:00
|
|
|
|
else if (*answer == '4')
|
2019-03-28 14:46:05 +01:00
|
|
|
|
{ pinref = "OPENPGP.2"; reset_mode = 1; }
|
|
|
|
|
}
|
2019-01-27 20:12:00 +01:00
|
|
|
|
}
|
2019-03-28 14:46:05 +01:00
|
|
|
|
else if (info->apptype == APP_TYPE_OPENPGP)
|
|
|
|
|
pinref = "OPENPGP.1";
|
|
|
|
|
else if (opt.interactive && info->apptype == APP_TYPE_PIV)
|
2019-01-27 20:12:00 +01:00
|
|
|
|
{
|
2019-03-28 14:46:05 +01:00
|
|
|
|
menu_used = 1;
|
|
|
|
|
while (!pinref)
|
2019-03-01 12:20:24 +01:00
|
|
|
|
{
|
2019-03-28 14:46:05 +01:00
|
|
|
|
xfree (answer);
|
|
|
|
|
answer = get_selection ("1 - change the PIN\n"
|
|
|
|
|
"2 - change the PUK\n"
|
|
|
|
|
"3 - change the Global PIN\n"
|
|
|
|
|
"Q - quit\n");
|
|
|
|
|
if (strlen (answer) != 1)
|
|
|
|
|
;
|
|
|
|
|
else if (*answer == 'q' || *answer == 'Q')
|
|
|
|
|
goto leave;
|
|
|
|
|
else if (*answer == '1')
|
|
|
|
|
pinref = "PIV.80";
|
|
|
|
|
else if (*answer == '2')
|
|
|
|
|
pinref = "PIV.81";
|
|
|
|
|
else if (*answer == '3')
|
|
|
|
|
pinref = "PIV.00";
|
2019-03-01 12:20:24 +01:00
|
|
|
|
}
|
2019-03-28 14:46:05 +01:00
|
|
|
|
}
|
2020-06-25 11:24:35 +02:00
|
|
|
|
else if (opt.interactive && info->apptype == APP_TYPE_NKS)
|
|
|
|
|
{
|
2020-06-30 14:36:44 +02:00
|
|
|
|
int for_qualified = 0;
|
|
|
|
|
|
2020-06-25 11:24:35 +02:00
|
|
|
|
menu_used = 1;
|
2020-06-30 14:36:44 +02:00
|
|
|
|
|
2020-11-27 09:59:19 +01:00
|
|
|
|
log_assert (DIM (info->chvinfo) >= 4);
|
|
|
|
|
|
2023-05-11 10:34:23 +02:00
|
|
|
|
/* If there is a qualified signature use a menu to select
|
2020-11-27 09:59:19 +01:00
|
|
|
|
* between standard PIN and QES PINs. */
|
|
|
|
|
if (info->chvinfo[2] != -2 || info->chvinfo[3] != -2)
|
2020-06-25 11:24:35 +02:00
|
|
|
|
{
|
2020-11-27 09:59:19 +01:00
|
|
|
|
for (;;)
|
2020-06-30 14:36:44 +02:00
|
|
|
|
{
|
2020-11-27 09:59:19 +01:00
|
|
|
|
xfree (answer);
|
|
|
|
|
answer = get_selection (" 1 - Standard PIN/PUK\n"
|
|
|
|
|
" 2 - PIN/PUK for qualified signature\n"
|
|
|
|
|
" Q - quit\n");
|
|
|
|
|
if (!ascii_strcasecmp (answer, "q"))
|
|
|
|
|
goto leave;
|
|
|
|
|
else if (!strcmp (answer, "1"))
|
|
|
|
|
break;
|
|
|
|
|
else if (!strcmp (answer, "2"))
|
|
|
|
|
{
|
|
|
|
|
for_qualified = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2020-06-30 14:36:44 +02:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (info->chvinfo[for_qualified? 2 : 0] == -4)
|
|
|
|
|
{
|
|
|
|
|
while (!pinref)
|
|
|
|
|
{
|
|
|
|
|
xfree (answer);
|
|
|
|
|
answer = get_selection
|
|
|
|
|
("The NullPIN is still active on this card.\n"
|
|
|
|
|
"You need to choose and set a PIN first.\n"
|
|
|
|
|
"\n"
|
|
|
|
|
" 1 - Set your PIN\n"
|
|
|
|
|
" Q - quit\n");
|
|
|
|
|
if (!ascii_strcasecmp (answer, "q"))
|
|
|
|
|
goto leave;
|
|
|
|
|
else if (!strcmp (answer, "1"))
|
|
|
|
|
{
|
|
|
|
|
pinref = for_qualified? "PW1.CH.SIG" : "PW1.CH";
|
|
|
|
|
nullpin = 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
while (!pinref)
|
|
|
|
|
{
|
|
|
|
|
xfree (answer);
|
|
|
|
|
answer = get_selection (" 1 - change PIN\n"
|
|
|
|
|
" 2 - reset PIN\n"
|
|
|
|
|
" 3 - change PUK\n"
|
|
|
|
|
" 4 - reset PUK\n"
|
|
|
|
|
" Q - quit\n");
|
|
|
|
|
if (!ascii_strcasecmp (answer, "q"))
|
|
|
|
|
goto leave;
|
|
|
|
|
else if (!strcmp (answer, "1"))
|
|
|
|
|
{
|
|
|
|
|
pinref = for_qualified? "PW1.CH.SIG" : "PW1.CH";
|
|
|
|
|
}
|
|
|
|
|
else if (!strcmp (answer, "2"))
|
|
|
|
|
{
|
|
|
|
|
pinref = for_qualified? "PW1.CH.SIG" : "PW1.CH";
|
|
|
|
|
reset_mode = 1;
|
|
|
|
|
}
|
|
|
|
|
else if (!strcmp (answer, "3"))
|
|
|
|
|
{
|
|
|
|
|
pinref = for_qualified? "PW2.CH.SIG" : "PW2.CH";
|
|
|
|
|
}
|
|
|
|
|
else if (!strcmp (answer, "4"))
|
|
|
|
|
{
|
|
|
|
|
pinref = for_qualified? "PW2.CH.SIG" : "PW2.CH";
|
|
|
|
|
reset_mode = 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-06-25 11:24:35 +02:00
|
|
|
|
}
|
|
|
|
|
}
|
2019-03-28 14:46:05 +01:00
|
|
|
|
else if (info->apptype == APP_TYPE_PIV)
|
|
|
|
|
pinref = "PIV.80";
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_MISSING_VALUE);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
2019-03-01 12:20:24 +01:00
|
|
|
|
|
2020-06-30 14:36:44 +02:00
|
|
|
|
err = scd_change_pin (pinref, reset_mode, nullpin);
|
2019-03-28 14:46:05 +01:00
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
if (!opt.interactive && !menu_used && !opt.verbose)
|
|
|
|
|
;
|
2020-11-27 09:59:19 +01:00
|
|
|
|
else if (gpg_err_code (err) == GPG_ERR_CANCELED
|
|
|
|
|
&& gpg_err_source (err) == GPG_ERR_SOURCE_PINENTRY)
|
|
|
|
|
log_info ("%s\n", gpg_strerror (err));
|
2019-03-28 14:46:05 +01:00
|
|
|
|
else if (!ascii_strcasecmp (pinref, "PIV.81"))
|
|
|
|
|
log_error ("Error changing the PUK.\n");
|
|
|
|
|
else if (!ascii_strcasecmp (pinref, "OPENPGP.1") && reset_mode)
|
|
|
|
|
log_error ("Error unblocking the PIN.\n");
|
|
|
|
|
else if (!ascii_strcasecmp (pinref, "OPENPGP.2") && reset_mode)
|
|
|
|
|
log_error ("Error setting the Reset Code.\n");
|
|
|
|
|
else if (!ascii_strcasecmp (pinref, "OPENPGP.3"))
|
|
|
|
|
log_error ("Error changing the Admin PIN.\n");
|
2020-06-25 11:24:35 +02:00
|
|
|
|
else if (reset_mode)
|
|
|
|
|
log_error ("Error resetting the PIN.\n");
|
2019-03-28 14:46:05 +01:00
|
|
|
|
else
|
|
|
|
|
log_error ("Error changing the PIN.\n");
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (!opt.interactive && !opt.verbose)
|
|
|
|
|
;
|
|
|
|
|
else if (!ascii_strcasecmp (pinref, "PIV.81"))
|
2019-03-01 12:20:24 +01:00
|
|
|
|
log_info ("PUK changed.\n");
|
2019-03-28 14:46:05 +01:00
|
|
|
|
else if (!ascii_strcasecmp (pinref, "OPENPGP.1") && reset_mode)
|
|
|
|
|
log_info ("PIN unblocked and new PIN set.\n");
|
|
|
|
|
else if (!ascii_strcasecmp (pinref, "OPENPGP.2") && reset_mode)
|
|
|
|
|
log_info ("Reset Code set.\n");
|
|
|
|
|
else if (!ascii_strcasecmp (pinref, "OPENPGP.3"))
|
|
|
|
|
log_info ("Admin PIN changed.\n");
|
2020-06-25 11:24:35 +02:00
|
|
|
|
else if (reset_mode)
|
2022-12-15 15:13:54 +01:00
|
|
|
|
log_info ("PIN reset.\n");
|
2019-03-01 12:20:24 +01:00
|
|
|
|
else
|
|
|
|
|
log_info ("PIN changed.\n");
|
2020-06-30 14:36:44 +02:00
|
|
|
|
|
|
|
|
|
/* Update the CHV status. */
|
|
|
|
|
err = scd_getattr ("CHV-STATUS", info);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
xfree (answer);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
cmd_unblock (card_info_t info)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err = 0;
|
|
|
|
|
|
|
|
|
|
if (!info)
|
|
|
|
|
return print_help
|
|
|
|
|
("UNBLOCK\n\n"
|
|
|
|
|
"Unblock a PIN using a PUK or Reset Code. Note that OpenPGP\n"
|
|
|
|
|
"cards prior to version 2 can't use this; instead the PASSWD\n"
|
|
|
|
|
"command can be used to set a new PIN.",
|
|
|
|
|
0);
|
|
|
|
|
|
2019-02-06 09:45:54 +01:00
|
|
|
|
if (opt.interactive || opt.verbose)
|
|
|
|
|
log_info (_("%s card no. %s detected\n"),
|
|
|
|
|
app_type_string (info->apptype),
|
2019-01-27 20:12:00 +01:00
|
|
|
|
info->dispserialno? info->dispserialno : info->serialno);
|
|
|
|
|
|
2019-02-06 09:45:54 +01:00
|
|
|
|
if (info->apptype == APP_TYPE_OPENPGP)
|
2019-01-27 20:12:00 +01:00
|
|
|
|
{
|
2019-02-06 09:45:54 +01:00
|
|
|
|
if (!info->is_v2)
|
|
|
|
|
{
|
|
|
|
|
log_error (_("This command is only available for version 2 cards\n"));
|
|
|
|
|
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
|
|
|
|
|
}
|
|
|
|
|
else if (!info->chvinfo[1])
|
|
|
|
|
{
|
|
|
|
|
log_error (_("Reset Code not or not anymore available\n"));
|
2023-11-08 05:31:55 +01:00
|
|
|
|
err = gpg_error (GPG_ERR_NO_RESET_CODE);
|
2019-02-06 09:45:54 +01:00
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2020-06-30 14:36:44 +02:00
|
|
|
|
err = scd_change_pin ("OPENPGP.2", 0, 0);
|
2019-02-06 09:45:54 +01:00
|
|
|
|
if (!err)
|
|
|
|
|
log_info ("PIN changed.\n");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else if (info->apptype == APP_TYPE_PIV)
|
|
|
|
|
{
|
|
|
|
|
/* Unblock the Application PIN. */
|
2020-06-30 14:36:44 +02:00
|
|
|
|
err = scd_change_pin ("PIV.80", 1, 0);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
if (!err)
|
2019-02-06 09:45:54 +01:00
|
|
|
|
log_info ("PIN unblocked and changed.\n");
|
2019-01-27 20:12:00 +01:00
|
|
|
|
}
|
|
|
|
|
else
|
2019-02-06 09:45:54 +01:00
|
|
|
|
{
|
2019-03-28 14:46:05 +01:00
|
|
|
|
log_info ("Unblocking not supported for '%s'.\n",
|
2019-02-06 09:45:54 +01:00
|
|
|
|
app_type_string (info->apptype));
|
|
|
|
|
err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
|
|
|
|
|
}
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Note: On successful execution a redisplay should be scheduled. If
|
|
|
|
|
* this function fails the card may be in an unknown state. */
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
cmd_factoryreset (card_info_t info)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
char *answer = NULL;
|
|
|
|
|
int termstate = 0;
|
|
|
|
|
int any_apdu = 0;
|
2019-01-29 13:28:10 +01:00
|
|
|
|
int is_yubikey = 0;
|
2020-11-09 14:46:35 +01:00
|
|
|
|
int locked = 0;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (!info)
|
|
|
|
|
return print_help
|
|
|
|
|
("FACTORY-RESET\n\n"
|
2019-01-29 13:28:10 +01:00
|
|
|
|
"Do a complete reset of some OpenPGP and PIV cards. This\n"
|
|
|
|
|
"deletes all data and keys and resets the PINs to their default.\n"
|
|
|
|
|
"This is mainly used by developers with scratch cards. Don't\n"
|
|
|
|
|
"worry, you need to confirm before the command proceeds.",
|
|
|
|
|
APP_TYPE_OPENPGP, APP_TYPE_PIV, 0);
|
|
|
|
|
|
|
|
|
|
/* We support the factory reset for most OpenPGP cards and Yubikeys
|
|
|
|
|
* with the PIV application. */
|
|
|
|
|
if (info->apptype == APP_TYPE_OPENPGP)
|
|
|
|
|
;
|
|
|
|
|
else if (info->apptype == APP_TYPE_PIV
|
|
|
|
|
&& info->cardtype && !strcmp (info->cardtype, "yubikey"))
|
|
|
|
|
is_yubikey = 1;
|
|
|
|
|
else
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
2019-01-29 13:28:10 +01:00
|
|
|
|
return gpg_error (GPG_ERR_NOT_SUPPORTED);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
2019-01-29 13:28:10 +01:00
|
|
|
|
/* For an OpenPGP card the code below basically does the same what
|
|
|
|
|
* this gpg-connect-agent script does:
|
2019-01-27 20:12:00 +01:00
|
|
|
|
*
|
|
|
|
|
* scd reset
|
|
|
|
|
* scd serialno undefined
|
|
|
|
|
* scd apdu 00 A4 04 00 06 D2 76 00 01 24 01
|
|
|
|
|
* scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
|
|
|
|
|
* scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
|
|
|
|
|
* scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
|
|
|
|
|
* scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
|
|
|
|
|
* scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
|
|
|
|
|
* scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
|
|
|
|
|
* scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
|
|
|
|
|
* scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
|
|
|
|
|
* scd apdu 00 e6 00 00
|
|
|
|
|
* scd apdu 00 44 00 00
|
|
|
|
|
* scd reset
|
|
|
|
|
* /echo Card has been reset to factory defaults
|
|
|
|
|
*
|
2019-01-29 13:28:10 +01:00
|
|
|
|
* For a PIV application on a Yubikey it merely issues the Yubikey
|
2024-05-13 00:09:23 +02:00
|
|
|
|
* specific reset command.
|
2019-01-27 20:12:00 +01:00
|
|
|
|
*/
|
|
|
|
|
|
2021-04-01 10:34:06 +02:00
|
|
|
|
err = scd_learn (info, 0);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_OBJ_TERM_STATE
|
|
|
|
|
&& gpg_err_source (err) == GPG_ERR_SOURCE_SCD)
|
|
|
|
|
termstate = 1;
|
|
|
|
|
else if (err)
|
|
|
|
|
{
|
|
|
|
|
log_error (_("OpenPGP card not available: %s\n"), gpg_strerror (err));
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-06 09:45:54 +01:00
|
|
|
|
if (opt.interactive || opt.verbose)
|
|
|
|
|
log_info (_("%s card no. %s detected\n"),
|
|
|
|
|
app_type_string (info->apptype),
|
|
|
|
|
info->dispserialno? info->dispserialno : info->serialno);
|
|
|
|
|
|
2019-01-29 13:28:10 +01:00
|
|
|
|
if (!termstate || is_yubikey)
|
2019-01-27 20:12:00 +01:00
|
|
|
|
{
|
2019-02-06 09:45:54 +01:00
|
|
|
|
if (!is_yubikey)
|
2019-01-27 20:12:00 +01:00
|
|
|
|
{
|
2019-01-29 13:28:10 +01:00
|
|
|
|
if (!(info->status_indicator == 3 || info->status_indicator == 5))
|
|
|
|
|
{
|
|
|
|
|
/* Note: We won't see status-indicator 3 here because it
|
|
|
|
|
* is not possible to select a card application in
|
|
|
|
|
* termination state. */
|
|
|
|
|
log_error (_("This command is not supported by this card\n"));
|
|
|
|
|
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
2019-01-27 20:12:00 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tty_printf ("\n");
|
|
|
|
|
log_info
|
|
|
|
|
(_("Note: This command destroys all keys stored on the card!\n"));
|
|
|
|
|
tty_printf ("\n");
|
|
|
|
|
xfree (answer);
|
|
|
|
|
answer = tty_get (_("Continue? (y/N) "));
|
|
|
|
|
tty_kill_prompt ();
|
|
|
|
|
trim_spaces (answer);
|
|
|
|
|
if (*answer == CONTROL_D
|
|
|
|
|
|| !answer_is_yes_no_default (answer, 0/*(default to no)*/))
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_CANCELED);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
xfree (answer);
|
|
|
|
|
answer = tty_get (_("Really do a factory reset? (enter \"yes\") "));
|
|
|
|
|
tty_kill_prompt ();
|
|
|
|
|
trim_spaces (answer);
|
|
|
|
|
if (strcmp (answer, "yes") && strcmp (answer,_("yes")))
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_CANCELED);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-01-29 13:28:10 +01:00
|
|
|
|
if (is_yubikey)
|
|
|
|
|
{
|
2020-11-09 14:46:35 +01:00
|
|
|
|
/* If the PIV application is already selected, we only need to
|
2019-01-29 13:28:10 +01:00
|
|
|
|
* send the special reset APDU after having blocked PIN and
|
|
|
|
|
* PUK. Note that blocking the PUK is done using the
|
|
|
|
|
* unblock PIN command. */
|
|
|
|
|
any_apdu = 1;
|
|
|
|
|
for (i=0; i < 5; i++)
|
2019-02-13 09:46:36 +01:00
|
|
|
|
send_apdu ("0020008008FFFFFFFFFFFFFFFF", "VERIFY", 0xffff,
|
|
|
|
|
NULL, NULL);
|
2019-01-29 13:28:10 +01:00
|
|
|
|
for (i=0; i < 5; i++)
|
|
|
|
|
send_apdu ("002C008010FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
|
2019-02-13 09:46:36 +01:00
|
|
|
|
"RESET RETRY COUNTER", 0xffff, NULL, NULL);
|
|
|
|
|
err = send_apdu ("00FB000001FF", "YUBIKEY RESET", 0, NULL, NULL);
|
2019-01-29 13:28:10 +01:00
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
else /* OpenPGP card. */
|
|
|
|
|
{
|
|
|
|
|
any_apdu = 1;
|
2020-11-09 14:46:35 +01:00
|
|
|
|
/* We need to select a card application before we can send
|
|
|
|
|
* APDUs to the card without scdaemon doing anything on its
|
|
|
|
|
* own. We then lock the connection so that other tools
|
|
|
|
|
* (e.g. Kleopatra) don't try a new select. */
|
|
|
|
|
err = send_apdu ("lock", "locking connection ", 0, NULL, NULL);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
locked = 1;
|
|
|
|
|
err = send_apdu ("reset-keep-lock", "reset", 0, NULL, NULL);
|
2019-01-29 13:28:10 +01:00
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
2019-02-13 09:46:36 +01:00
|
|
|
|
err = send_apdu ("undefined", "dummy select ", 0, NULL, NULL);
|
2019-01-29 13:28:10 +01:00
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
/* Select the OpenPGP application. */
|
2019-02-13 09:46:36 +01:00
|
|
|
|
err = send_apdu ("00A4040006D27600012401", "SELECT AID", 0,
|
|
|
|
|
NULL, NULL);
|
2019-01-29 13:28:10 +01:00
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
|
|
|
|
|
/* Do some dummy verifies with wrong PINs to set the retry
|
|
|
|
|
* counter to zero. We can't easily use the card version 2.1
|
|
|
|
|
* feature of presenting the admin PIN to allow the terminate
|
|
|
|
|
* command because there is no machinery in scdaemon to catch
|
|
|
|
|
* the verify command and ask for the PIN when the "APDU"
|
|
|
|
|
* command is used.
|
|
|
|
|
* Here, the length of dummy wrong PIN is 32-byte, also
|
|
|
|
|
* supporting authentication with KDF DO. */
|
|
|
|
|
for (i=0; i < 4; i++)
|
|
|
|
|
send_apdu ("0020008120"
|
|
|
|
|
"40404040404040404040404040404040"
|
2019-02-13 09:46:36 +01:00
|
|
|
|
"40404040404040404040404040404040", "VERIFY", 0xffff,
|
|
|
|
|
NULL, NULL);
|
2019-01-29 13:28:10 +01:00
|
|
|
|
for (i=0; i < 4; i++)
|
|
|
|
|
send_apdu ("0020008320"
|
|
|
|
|
"40404040404040404040404040404040"
|
2019-02-13 09:46:36 +01:00
|
|
|
|
"40404040404040404040404040404040", "VERIFY", 0xffff,
|
|
|
|
|
NULL, NULL);
|
2019-01-29 13:28:10 +01:00
|
|
|
|
|
|
|
|
|
/* Send terminate datafile command. */
|
2019-02-13 09:46:36 +01:00
|
|
|
|
err = send_apdu ("00e60000", "TERMINATE DF", 0x6985, NULL, NULL);
|
2019-01-29 13:28:10 +01:00
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
2019-01-29 13:28:10 +01:00
|
|
|
|
if (!is_yubikey)
|
|
|
|
|
{
|
|
|
|
|
any_apdu = 1;
|
|
|
|
|
/* Send activate datafile command. This is used without
|
|
|
|
|
* confirmation if the card is already in termination state. */
|
2019-02-13 09:46:36 +01:00
|
|
|
|
err = send_apdu ("00440000", "ACTIVATE DF", 0, NULL, NULL);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Finally we reset the card reader once more. */
|
2020-11-09 14:46:35 +01:00
|
|
|
|
if (locked)
|
|
|
|
|
err = send_apdu ("reset-keep-lock", "reset", 0, NULL, NULL);
|
|
|
|
|
else
|
|
|
|
|
err = send_apdu (NULL, "RESET", 0, NULL, NULL);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
|
2019-04-03 10:27:08 +02:00
|
|
|
|
/* Then, connect the card again. */
|
|
|
|
|
err = scd_serialno (NULL, NULL);
|
2020-05-27 11:27:32 +02:00
|
|
|
|
if (!err)
|
|
|
|
|
info->need_sn_cmd = 0;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
|
|
|
|
leave:
|
2019-01-29 13:28:10 +01:00
|
|
|
|
if (err && any_apdu && !is_yubikey)
|
2019-01-27 20:12:00 +01:00
|
|
|
|
{
|
|
|
|
|
log_info ("Due to an error the card might be in an inconsistent state\n"
|
|
|
|
|
"You should run the LIST command to check this.\n");
|
|
|
|
|
/* FIXME: We need a better solution in the case that the card is
|
|
|
|
|
* in a termination state, i.e. the card was removed before the
|
|
|
|
|
* activate was sent. The best solution I found with v2.1
|
|
|
|
|
* Zeitcontrol card was to kill scdaemon and the issue this
|
|
|
|
|
* sequence with gpg-connect-agent:
|
|
|
|
|
* scd reset
|
|
|
|
|
* scd serialno undefined
|
|
|
|
|
* scd apdu 00A4040006D27600012401 (returns error)
|
|
|
|
|
* scd apdu 00440000
|
|
|
|
|
* Then kill scdaemon again and issue:
|
|
|
|
|
* scd reset
|
|
|
|
|
* scd serialno openpgp
|
|
|
|
|
*/
|
|
|
|
|
}
|
2020-11-09 14:46:35 +01:00
|
|
|
|
if (locked)
|
|
|
|
|
send_apdu ("unlock", "unlocking connection ", 0, NULL, NULL);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
xfree (answer);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Generate KDF data. This is a helper for cmd_kdfsetup. */
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
gen_kdf_data (unsigned char *data, int single_salt)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
const unsigned char h0[] = { 0x81, 0x01, 0x03,
|
|
|
|
|
0x82, 0x01, 0x08,
|
|
|
|
|
0x83, 0x04 };
|
|
|
|
|
const unsigned char h1[] = { 0x84, 0x08 };
|
|
|
|
|
const unsigned char h2[] = { 0x85, 0x08 };
|
|
|
|
|
const unsigned char h3[] = { 0x86, 0x08 };
|
|
|
|
|
const unsigned char h4[] = { 0x87, 0x20 };
|
|
|
|
|
const unsigned char h5[] = { 0x88, 0x20 };
|
|
|
|
|
unsigned char *p, *salt_user, *salt_admin;
|
|
|
|
|
unsigned char s2k_char;
|
|
|
|
|
unsigned int iterations;
|
|
|
|
|
unsigned char count_4byte[4];
|
|
|
|
|
|
|
|
|
|
p = data;
|
|
|
|
|
|
|
|
|
|
s2k_char = encode_s2k_iterations (agent_get_s2k_count ());
|
|
|
|
|
iterations = S2K_DECODE_COUNT (s2k_char);
|
|
|
|
|
count_4byte[0] = (iterations >> 24) & 0xff;
|
|
|
|
|
count_4byte[1] = (iterations >> 16) & 0xff;
|
|
|
|
|
count_4byte[2] = (iterations >> 8) & 0xff;
|
|
|
|
|
count_4byte[3] = (iterations & 0xff);
|
|
|
|
|
|
|
|
|
|
memcpy (p, h0, sizeof h0);
|
|
|
|
|
p += sizeof h0;
|
|
|
|
|
memcpy (p, count_4byte, sizeof count_4byte);
|
|
|
|
|
p += sizeof count_4byte;
|
|
|
|
|
memcpy (p, h1, sizeof h1);
|
|
|
|
|
salt_user = (p += sizeof h1);
|
|
|
|
|
gcry_randomize (p, 8, GCRY_STRONG_RANDOM);
|
|
|
|
|
p += 8;
|
|
|
|
|
|
|
|
|
|
if (single_salt)
|
|
|
|
|
salt_admin = salt_user;
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
memcpy (p, h2, sizeof h2);
|
|
|
|
|
p += sizeof h2;
|
|
|
|
|
gcry_randomize (p, 8, GCRY_STRONG_RANDOM);
|
|
|
|
|
p += 8;
|
|
|
|
|
memcpy (p, h3, sizeof h3);
|
|
|
|
|
salt_admin = (p += sizeof h3);
|
|
|
|
|
gcry_randomize (p, 8, GCRY_STRONG_RANDOM);
|
|
|
|
|
p += 8;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
memcpy (p, h4, sizeof h4);
|
|
|
|
|
p += sizeof h4;
|
|
|
|
|
err = gcry_kdf_derive (OPENPGP_USER_PIN_DEFAULT,
|
|
|
|
|
strlen (OPENPGP_USER_PIN_DEFAULT),
|
|
|
|
|
GCRY_KDF_ITERSALTED_S2K, GCRY_MD_SHA256,
|
|
|
|
|
salt_user, 8, iterations, 32, p);
|
|
|
|
|
p += 32;
|
|
|
|
|
if (!err)
|
|
|
|
|
{
|
|
|
|
|
memcpy (p, h5, sizeof h5);
|
|
|
|
|
p += sizeof h5;
|
|
|
|
|
err = gcry_kdf_derive (OPENPGP_ADMIN_PIN_DEFAULT,
|
|
|
|
|
strlen (OPENPGP_ADMIN_PIN_DEFAULT),
|
|
|
|
|
GCRY_KDF_ITERSALTED_S2K, GCRY_MD_SHA256,
|
|
|
|
|
salt_admin, 8, iterations, 32, p);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
cmd_kdfsetup (card_info_t info, char *argstr)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
unsigned char kdf_data[OPENPGP_KDF_DATA_LENGTH_MAX];
|
|
|
|
|
int single = (*argstr != 0);
|
|
|
|
|
|
|
|
|
|
if (!info)
|
|
|
|
|
return print_help
|
|
|
|
|
("KDF-SETUP\n\n"
|
|
|
|
|
"Prepare the OpenPGP card KDF feature for this card.",
|
|
|
|
|
APP_TYPE_OPENPGP, 0);
|
|
|
|
|
|
|
|
|
|
if (info->apptype != APP_TYPE_OPENPGP)
|
|
|
|
|
{
|
|
|
|
|
log_info ("Note: This is an OpenPGP only command.\n");
|
|
|
|
|
return gpg_error (GPG_ERR_NOT_SUPPORTED);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!info->extcap.kdf)
|
|
|
|
|
{
|
|
|
|
|
log_error (_("This command is not supported by this card\n"));
|
|
|
|
|
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = gen_kdf_data (kdf_data, single);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
|
|
|
|
|
err = scd_setattr ("KDF", kdf_data,
|
|
|
|
|
single ? OPENPGP_KDF_DATA_LENGTH_MIN
|
|
|
|
|
/* */ : OPENPGP_KDF_DATA_LENGTH_MAX);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
|
|
|
|
|
err = scd_getattr ("KDF", info);
|
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
show_keysize_warning (void)
|
|
|
|
|
{
|
|
|
|
|
static int shown;
|
|
|
|
|
|
|
|
|
|
if (shown)
|
|
|
|
|
return;
|
|
|
|
|
shown = 1;
|
|
|
|
|
tty_printf
|
|
|
|
|
(_("Note: There is no guarantee that the card supports the requested\n"
|
|
|
|
|
" key type or size. If the key generation does not succeed,\n"
|
|
|
|
|
" please check the documentation of your card to see which\n"
|
|
|
|
|
" key types and sizes are supported.\n")
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
cmd_uif (card_info_t info, char *argstr)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
int keyno;
|
2020-05-26 16:16:24 +02:00
|
|
|
|
char name[50];
|
|
|
|
|
unsigned char data[2];
|
|
|
|
|
char *answer = NULL;
|
|
|
|
|
int opt_yes;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
|
|
|
|
if (!info)
|
|
|
|
|
return print_help
|
|
|
|
|
("UIF N [on|off|permanent]\n\n"
|
|
|
|
|
"Change the User Interaction Flag. N must in the range 1 to 3.",
|
|
|
|
|
APP_TYPE_OPENPGP, APP_TYPE_PIV, 0);
|
|
|
|
|
|
2020-05-26 16:16:24 +02:00
|
|
|
|
if (!info->extcap.bt)
|
|
|
|
|
{
|
|
|
|
|
log_error (_("This command is not supported by this card\n"));
|
|
|
|
|
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
opt_yes = has_leading_option (argstr, "--yes");
|
2019-01-27 20:12:00 +01:00
|
|
|
|
argstr = skip_options (argstr);
|
|
|
|
|
|
|
|
|
|
if (digitp (argstr))
|
|
|
|
|
{
|
|
|
|
|
keyno = atoi (argstr);
|
|
|
|
|
while (digitp (argstr))
|
|
|
|
|
argstr++;
|
|
|
|
|
while (spacep (argstr))
|
|
|
|
|
argstr++;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
keyno = 0;
|
|
|
|
|
|
|
|
|
|
if (keyno < 1 || keyno > 3)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_INV_ARG);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-26 16:16:24 +02:00
|
|
|
|
if ( !strcmp (argstr, "off") )
|
|
|
|
|
data[0] = 0x00;
|
|
|
|
|
else if ( !strcmp (argstr, "on") )
|
|
|
|
|
data[0] = 0x01;
|
|
|
|
|
else if ( !strcmp (argstr, "permanent") )
|
|
|
|
|
data[0] = 0x02;
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_INV_ARG);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
data[1] = 0x20;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
2020-05-26 16:16:24 +02:00
|
|
|
|
|
|
|
|
|
log_assert (keyno - 1 < DIM(info->uif));
|
|
|
|
|
if (info->uif[keyno-1] == 2)
|
|
|
|
|
{
|
|
|
|
|
log_info (_("User Interaction Flag is set to \"%s\" - can't change\n"),
|
|
|
|
|
"permanent");
|
|
|
|
|
err = gpg_error (GPG_ERR_INV_STATE);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (data[0] == 0x02)
|
|
|
|
|
{
|
|
|
|
|
if (opt.interactive)
|
|
|
|
|
{
|
|
|
|
|
tty_printf (_("Warning: Setting the User Interaction Flag to \"%s\"\n"
|
|
|
|
|
" can only be reverted using a factory reset!\n"
|
|
|
|
|
), "permanent");
|
|
|
|
|
answer = tty_get (_("Continue? (y/N) "));
|
|
|
|
|
tty_kill_prompt ();
|
|
|
|
|
if (*answer == CONTROL_D)
|
|
|
|
|
err = gpg_error (GPG_ERR_CANCELED);
|
|
|
|
|
else if (!answer_is_yes_no_default (answer, 0/*(default to No)*/))
|
|
|
|
|
err = gpg_error (GPG_ERR_CANCELED);
|
|
|
|
|
else
|
|
|
|
|
err = 0;
|
|
|
|
|
}
|
|
|
|
|
else if (!opt_yes)
|
|
|
|
|
{
|
|
|
|
|
log_info (_("Warning: Setting the User Interaction Flag to \"%s\"\n"
|
|
|
|
|
" can only be reverted using a factory reset!\n"
|
|
|
|
|
), "permanent");
|
|
|
|
|
log_info (_("Please use \"uif --yes %d %s\"\n"),
|
|
|
|
|
keyno, "permanent");
|
|
|
|
|
err = gpg_error (GPG_ERR_CANCELED);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
err = 0;
|
|
|
|
|
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
snprintf (name, sizeof name, "UIF-%d", keyno);
|
|
|
|
|
err = scd_setattr (name, data, 2);
|
|
|
|
|
if (!err) /* Read all UIF attributes again. */
|
|
|
|
|
err = scd_getattr ("UIF", info);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
|
|
|
|
leave:
|
2020-05-26 16:16:24 +02:00
|
|
|
|
xfree (answer);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-02-13 09:46:36 +01:00
|
|
|
|
static gpg_error_t
|
|
|
|
|
cmd_yubikey (card_info_t info, char *argstr)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err, err2;
|
|
|
|
|
estream_t fp = opt.interactive? NULL : es_stdout;
|
common,agent,dirmngr,g10,tools: Fix split_fields API.
* common/stringhelp.h (split_fields): Use const * for the strings in
the ARRAY.
(split_fields_colon): Likewise.
* common/stringhelp.c (split_fields, split_fields_colon): Fix
the implementation.
* agent/call-scd.c, agent/command.c: Follow the change.
* common/t-stringhelp.c, dirmngr/loadswdb.c: Likewise.
* g10/call-agent.c, tools/card-call-scd.c: Likewise.
* tools/card-yubikey.c, tools/gpg-card.c: Likewise.
* tools/gpg-card.h, tools/gpg-wks-client.c: Likewise.
* tools/gpgconf-comp.c, tools/gpgconf.c: Likewise.
* tools/wks-util.c: Likewise.
--
The strings in the ARRAY don't need to be released by caller, as those
are references. It's easier to follow the code when it's explicitly
const *.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-18 03:20:23 +02:00
|
|
|
|
const char *words[20];
|
2019-02-13 09:46:36 +01:00
|
|
|
|
int nwords;
|
|
|
|
|
|
|
|
|
|
if (!info)
|
|
|
|
|
return print_help
|
|
|
|
|
("YUBIKEY <cmd> args\n\n"
|
|
|
|
|
"Various commands pertaining to Yubikey tokens with <cmd> being:\n"
|
|
|
|
|
"\n"
|
|
|
|
|
" LIST \n"
|
|
|
|
|
"\n"
|
|
|
|
|
"List supported and enabled applications.\n"
|
|
|
|
|
"\n"
|
|
|
|
|
" ENABLE usb|nfc|all [otp|u2f|opgp|piv|oath|fido2|all]\n"
|
|
|
|
|
" DISABLE usb|nfc|all [otp|u2f|opgp|piv|oath|fido2|all]\n"
|
|
|
|
|
"\n"
|
|
|
|
|
"Enable or disable the specified or all applications on the\n"
|
|
|
|
|
"given interface.",
|
|
|
|
|
0);
|
|
|
|
|
|
|
|
|
|
argstr = skip_options (argstr);
|
|
|
|
|
|
|
|
|
|
if (!info->cardtype || strcmp (info->cardtype, "yubikey"))
|
|
|
|
|
{
|
|
|
|
|
log_info ("This command can only be used with Yubikeys.\n");
|
|
|
|
|
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
nwords = split_fields (argstr, words, DIM (words));
|
|
|
|
|
if (nwords < 1)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_SYNTAX);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Note that we always do a learn to get a chance to the card back
|
|
|
|
|
* into a usable state. */
|
2019-03-28 10:56:28 +01:00
|
|
|
|
err = yubikey_commands (info, fp, nwords, words);
|
2021-04-01 10:34:06 +02:00
|
|
|
|
err2 = scd_learn (info, 0);
|
2019-02-13 09:46:36 +01:00
|
|
|
|
if (err2)
|
2022-08-22 12:01:55 +02:00
|
|
|
|
log_error ("Error re-reading card: %s\n", gpg_strerror (err2));
|
2019-02-13 09:46:36 +01:00
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-28 13:00:27 +02:00
|
|
|
|
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
cmd_apdu (card_info_t info, char *argstr)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
estream_t fp = opt.interactive? NULL : es_stdout;
|
|
|
|
|
int with_atr;
|
|
|
|
|
int handle_more;
|
|
|
|
|
const char *s;
|
|
|
|
|
const char *exlenstr;
|
|
|
|
|
int exlenstrlen;
|
|
|
|
|
char *options = NULL;
|
|
|
|
|
unsigned int sw;
|
|
|
|
|
unsigned char *result = NULL;
|
|
|
|
|
size_t i, j, resultlen;
|
|
|
|
|
|
|
|
|
|
if (!info)
|
|
|
|
|
return print_help
|
|
|
|
|
("APDU [--more] [--exlen[=N]] <hexstring>\n"
|
|
|
|
|
"\n"
|
|
|
|
|
"Send an APDU to the current card. This command bypasses the high\n"
|
|
|
|
|
"level functions and sends the data directly to the card. HEXSTRING\n"
|
|
|
|
|
"is expected to be a proper APDU.\n"
|
|
|
|
|
"\n"
|
|
|
|
|
"Using the option \"--more\" handles the card status word MORE_DATA\n"
|
|
|
|
|
"(61xx) and concatenates all responses to one block.\n"
|
|
|
|
|
"\n"
|
|
|
|
|
"Using the option \"--exlen\" the returned APDU may use extended\n"
|
|
|
|
|
"length up to N bytes. If N is not given a default value is used.\n",
|
|
|
|
|
0);
|
|
|
|
|
|
|
|
|
|
if (has_option (argstr, "--dump-atr"))
|
|
|
|
|
with_atr = 2;
|
|
|
|
|
else
|
|
|
|
|
with_atr = has_option (argstr, "--atr");
|
|
|
|
|
handle_more = has_option (argstr, "--more");
|
|
|
|
|
|
|
|
|
|
exlenstr = has_option_name (argstr, "--exlen");
|
|
|
|
|
exlenstrlen = 0;
|
|
|
|
|
if (exlenstr)
|
|
|
|
|
{
|
|
|
|
|
for (s=exlenstr; *s && !spacep (s); s++)
|
|
|
|
|
exlenstrlen++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
argstr = skip_options (argstr);
|
|
|
|
|
|
|
|
|
|
if (with_atr || handle_more || exlenstr)
|
|
|
|
|
options = xasprintf ("%s%s%s%.*s",
|
2020-08-27 11:55:37 +02:00
|
|
|
|
with_atr == 2? " --dump-atr":
|
|
|
|
|
with_atr? " --data-atr":"",
|
2020-05-28 13:00:27 +02:00
|
|
|
|
handle_more?" --more":"",
|
2020-08-27 11:55:37 +02:00
|
|
|
|
exlenstr?" --exlen=":"",
|
|
|
|
|
exlenstrlen, exlenstr?exlenstr:"");
|
2020-05-28 13:00:27 +02:00
|
|
|
|
|
|
|
|
|
err = scd_apdu (argstr, options, &sw, &result, &resultlen);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
2020-08-27 11:55:37 +02:00
|
|
|
|
if (!with_atr)
|
2020-11-27 11:28:16 +01:00
|
|
|
|
{
|
|
|
|
|
if (opt.interactive || opt.verbose)
|
|
|
|
|
{
|
|
|
|
|
char *p = scd_apdu_strerror (sw);
|
|
|
|
|
log_info ("Statusword: 0x%04x (%s)\n", sw, p? p: "?");
|
|
|
|
|
xfree (p);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
log_info ("Statusword: 0x%04x\n", sw);
|
|
|
|
|
}
|
2020-05-28 13:00:27 +02:00
|
|
|
|
for (i=0; i < resultlen; )
|
|
|
|
|
{
|
|
|
|
|
size_t save_i = i;
|
|
|
|
|
|
|
|
|
|
tty_fprintf (fp, "D[%04X] ", (unsigned int)i);
|
|
|
|
|
for (j=0; j < 16 ; j++, i++)
|
|
|
|
|
{
|
|
|
|
|
if (j == 8)
|
|
|
|
|
tty_fprintf (fp, " ");
|
|
|
|
|
if (i < resultlen)
|
|
|
|
|
tty_fprintf (fp, " %02X", result[i]);
|
|
|
|
|
else
|
|
|
|
|
tty_fprintf (fp, " ");
|
|
|
|
|
}
|
|
|
|
|
tty_fprintf (fp, " ");
|
|
|
|
|
i = save_i;
|
|
|
|
|
for (j=0; j < 16; j++, i++)
|
|
|
|
|
{
|
|
|
|
|
unsigned int c = result[i];
|
|
|
|
|
if ( i >= resultlen )
|
|
|
|
|
tty_fprintf (fp, " ");
|
|
|
|
|
else if (isascii (c) && isprint (c) && !iscntrl (c))
|
|
|
|
|
tty_fprintf (fp, "%c", c);
|
|
|
|
|
else
|
|
|
|
|
tty_fprintf (fp, ".");
|
|
|
|
|
}
|
|
|
|
|
tty_fprintf (fp, "\n");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
xfree (result);
|
|
|
|
|
xfree (options);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2022-10-25 14:11:47 +02:00
|
|
|
|
static gpg_error_t
|
|
|
|
|
cmd_gpg (card_info_t info, char *argstr, int use_gpgsm)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
char **argarray;
|
|
|
|
|
ccparray_t ccp;
|
|
|
|
|
const char **argv = NULL;
|
Use gpgrt_process_spawn API from libgpg-error.
* agent/genkey.c (do_check_passphrase_pattern): Use the gpgrt API.
* common/asshelp.c (start_new_service): Ditto.
* common/exechelp.h: Remove gnupg_process_spawn API.
* common/exechelp-posix.c: Remove gnupg_process_spawn implementation.
* common/exechelp-w32.c: Likewise.
* common/exectool.c (gnupg_exec_tool_stream): Use the gpgrt API.
* common/t-exechelp.c (test_pipe_stream): Remove.
* dirmngr/ldap-wrapper.c (destroy_wrapper, ldap_reaper_thread): Use
the gpgrt API.
(ldap_wrapper_connection_cleanup, ldap_wrapper): Ditto.
* dirmngr/ldap.c, g10/call-keyboxd.c: No need to include exechelp.h.
* g10/photoid.c (run_with_pipe, show_photo): Use the gpgrt API.
* g13/be-encfs.c (run_umount_helper, run_encfs_tool): Ditto.
* g13/g13.c, g13/mount.c, g13/runner.c: No need to include exechelp.h.
* scd/apdu.c: No need to include exechelp.h.
* scd/app.c (report_change): Use the gpgrt API.
* sm/export.c, sm/import.c: No need to include exechelp.h.
* tests/gpgscm/ffi.c (proc_object_finalize, proc_wrap)
(do_process_spawn_io, do_process_spawn_fd, do_process_wait): Use the
gpgrt API.
* tools/gpg-auth.c: No need to include exechelp.h.
* tools/gpg-card.c (cmd_gpg): Use the gpgrt API.
* tools/gpg-connect-agent.c: No need to include exechelp.h.
* tools/gpg-mail-tube.c (mail_tube_encrypt, prepare_for_appimage)
(start_gpg_encrypt): Use the gpgrt API.
* tools/gpgconf-comp.c (gpg_agent_runtime_change)
(scdaemon_runtime_change, tpm2daemon_runtime_change)
(dirmngr_runtime_change, keyboxd_runtime_change)
(gc_component_launch, gc_component_check_options)
(retrieve_options_from_program): Ditto.
* tools/gpgconf.c (show_versions_via_dirmngr): Ditto.
* tools/gpgtar-create.c (gpgtar_create): Ditto.
* tools/gpgtar-extract.c (gpgtar_extract): Ditto.
* tools/gpgtar-list.c (gpgtar_list): Ditto.
--
GnuPG-bug-id: 7192
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-07-09 02:39:15 +02:00
|
|
|
|
gpgrt_process_t proc;
|
2022-10-25 14:11:47 +02:00
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
if (!info)
|
|
|
|
|
return print_help
|
|
|
|
|
("GPG[SM] <commands_and_options>\n"
|
|
|
|
|
"\n"
|
|
|
|
|
"Run gpg/gpgsm directly from this shell.\n",
|
|
|
|
|
0);
|
|
|
|
|
|
|
|
|
|
/* Fixme: We need to write and use a version of strtokenize which
|
|
|
|
|
* takes care of shell-style quoting. */
|
|
|
|
|
argarray = strtokenize (argstr, " \t\n\v");
|
|
|
|
|
if (!argarray)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
ccparray_init (&ccp, 0);
|
|
|
|
|
for (i=0; argarray[i]; i++)
|
|
|
|
|
ccparray_put (&ccp, argarray[i]);
|
|
|
|
|
argv = ccparray_get (&ccp, NULL);
|
|
|
|
|
if (!argv)
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
Use gpgrt_process_spawn API from libgpg-error.
* agent/genkey.c (do_check_passphrase_pattern): Use the gpgrt API.
* common/asshelp.c (start_new_service): Ditto.
* common/exechelp.h: Remove gnupg_process_spawn API.
* common/exechelp-posix.c: Remove gnupg_process_spawn implementation.
* common/exechelp-w32.c: Likewise.
* common/exectool.c (gnupg_exec_tool_stream): Use the gpgrt API.
* common/t-exechelp.c (test_pipe_stream): Remove.
* dirmngr/ldap-wrapper.c (destroy_wrapper, ldap_reaper_thread): Use
the gpgrt API.
(ldap_wrapper_connection_cleanup, ldap_wrapper): Ditto.
* dirmngr/ldap.c, g10/call-keyboxd.c: No need to include exechelp.h.
* g10/photoid.c (run_with_pipe, show_photo): Use the gpgrt API.
* g13/be-encfs.c (run_umount_helper, run_encfs_tool): Ditto.
* g13/g13.c, g13/mount.c, g13/runner.c: No need to include exechelp.h.
* scd/apdu.c: No need to include exechelp.h.
* scd/app.c (report_change): Use the gpgrt API.
* sm/export.c, sm/import.c: No need to include exechelp.h.
* tests/gpgscm/ffi.c (proc_object_finalize, proc_wrap)
(do_process_spawn_io, do_process_spawn_fd, do_process_wait): Use the
gpgrt API.
* tools/gpg-auth.c: No need to include exechelp.h.
* tools/gpg-card.c (cmd_gpg): Use the gpgrt API.
* tools/gpg-connect-agent.c: No need to include exechelp.h.
* tools/gpg-mail-tube.c (mail_tube_encrypt, prepare_for_appimage)
(start_gpg_encrypt): Use the gpgrt API.
* tools/gpgconf-comp.c (gpg_agent_runtime_change)
(scdaemon_runtime_change, tpm2daemon_runtime_change)
(dirmngr_runtime_change, keyboxd_runtime_change)
(gc_component_launch, gc_component_check_options)
(retrieve_options_from_program): Ditto.
* tools/gpgconf.c (show_versions_via_dirmngr): Ditto.
* tools/gpgtar-create.c (gpgtar_create): Ditto.
* tools/gpgtar-extract.c (gpgtar_extract): Ditto.
* tools/gpgtar-list.c (gpgtar_list): Ditto.
--
GnuPG-bug-id: 7192
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-07-09 02:39:15 +02:00
|
|
|
|
err = gpgrt_process_spawn (use_gpgsm? opt.gpgsm_program:opt.gpg_program,
|
common,agent,gpg,dirmngr,g13,scd,tests,tools: New spawn function.
* common/exechelp-posix.c (do_exec, gnupg_spawn_process): Remove.
(check_syscall_func, pre_syscall, post_syscall) : New.
(do_create_socketpair, posix_open_null, call_spawn_cb): New.
(my_exec, spawn_detached, gnupg_spawn_helper): New.
(gnupg_process_spawn, process_kill, gnupg_process_terminate): New.
(gnupg_process_get_fds, gnupg_process_get_streams): New.
(process_vctl, gnupg_process_ctl): New.
(gnupg_process_wait, gnupg_process_release): New.
(gnupg_process_wait_list): New.
* common/exechelp-w32.c: Add definition of _WIN32_WINNT as 0x600.
(check_syscall_func, pre_syscall, post_syscall): New.
(gnupg_spawn_process): Remove.
(check_windows_version): New.
(spawn_detached, gnupg_spawn_helper, gnupg_process_spawn): New.
(gnupg_process_get_fds, gnupg_process_get_streams): New.
(process_kill, process_vctl, gnupg_process_ctl): New.
(gnupg_process_wait, gnupg_process_terminate): New.
(gnupg_process_release, gnupg_process_wait_list): New.
* common/exechelp.h: Re-write for new API.
* common/exectool.c (gnupg_exec_tool_stream): Follow the change.
* common/asshelp.c (start_new_service): Likewise.
* agent/genkey.c (do_check_passphrase_pattern): Likewise.
* dirmngr/ldap-wrapper.c (struct wrapper_context_s): Use PROC.
(destroy_wrapper): Follow the change of API.
(read_log_data): Follow the change of API, use printable_pid.
(ldap_reaper_thread, ldap_wrapper_release_context): Likewise.
(ldap_wrapper_connection_cleanup, ldap_wrapper): Likewise.
* g10/photoid.c (run_with_pipe): Follow the change of API.
(show_photo): Likewise.
* g13/be-encfs.c (run_umount_helper): Likewise.
(run_encfs_tool): Likewise.
* g13/g13.c: Add including ./common/exechelp.h.
* g13/mount.c: Likewise.
* g13/runner.c: Follow the change of API.
* g13/runner.h: Follow the change of API.
* scd/app.c (setup_env): New.
(report_change): Follow the change of API.
* tests/gpgscm/ffi.c (proc_object_finalize): New.
(proc_object_to_string): New.
(proc_wrap, proc_unwrap): New.
(do_spawn_process): Remove.
(do_process_spawn): New.
(setup_std_fds): New.
(do_spawn_process_fd): Remove.
(do_process_spawn_fd): New.
(do_wait_process): Remove.
(do_process_wait): New.
(do_wait_processes): Remove.
* tests/gpgscm/t-child.scm: Follow the change of API.
* tests/gpgscm/tests.scm: Likewise.
* tests/openpgp/defs.scm: Likewise.
* tests/tpm2dtests/defs.scm: Likewise.
* tools/gpg-card.c: Likewise.
* tools/gpgconf-comp.c: Likewise.
* tools/gpgconf.c: Likewise.
* tools/gpgtar-create.c: Likewise.
* tools/gpgtar-extract.c: Likewise.
* tools/gpgtar-list.c: Likewise.
--
GnuPG-bug-id: 6275
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-05-11 12:18:21 +02:00
|
|
|
|
argv,
|
Use gpgrt_process_spawn API from libgpg-error.
* agent/genkey.c (do_check_passphrase_pattern): Use the gpgrt API.
* common/asshelp.c (start_new_service): Ditto.
* common/exechelp.h: Remove gnupg_process_spawn API.
* common/exechelp-posix.c: Remove gnupg_process_spawn implementation.
* common/exechelp-w32.c: Likewise.
* common/exectool.c (gnupg_exec_tool_stream): Use the gpgrt API.
* common/t-exechelp.c (test_pipe_stream): Remove.
* dirmngr/ldap-wrapper.c (destroy_wrapper, ldap_reaper_thread): Use
the gpgrt API.
(ldap_wrapper_connection_cleanup, ldap_wrapper): Ditto.
* dirmngr/ldap.c, g10/call-keyboxd.c: No need to include exechelp.h.
* g10/photoid.c (run_with_pipe, show_photo): Use the gpgrt API.
* g13/be-encfs.c (run_umount_helper, run_encfs_tool): Ditto.
* g13/g13.c, g13/mount.c, g13/runner.c: No need to include exechelp.h.
* scd/apdu.c: No need to include exechelp.h.
* scd/app.c (report_change): Use the gpgrt API.
* sm/export.c, sm/import.c: No need to include exechelp.h.
* tests/gpgscm/ffi.c (proc_object_finalize, proc_wrap)
(do_process_spawn_io, do_process_spawn_fd, do_process_wait): Use the
gpgrt API.
* tools/gpg-auth.c: No need to include exechelp.h.
* tools/gpg-card.c (cmd_gpg): Use the gpgrt API.
* tools/gpg-connect-agent.c: No need to include exechelp.h.
* tools/gpg-mail-tube.c (mail_tube_encrypt, prepare_for_appimage)
(start_gpg_encrypt): Use the gpgrt API.
* tools/gpgconf-comp.c (gpg_agent_runtime_change)
(scdaemon_runtime_change, tpm2daemon_runtime_change)
(dirmngr_runtime_change, keyboxd_runtime_change)
(gc_component_launch, gc_component_check_options)
(retrieve_options_from_program): Ditto.
* tools/gpgconf.c (show_versions_via_dirmngr): Ditto.
* tools/gpgtar-create.c (gpgtar_create): Ditto.
* tools/gpgtar-extract.c (gpgtar_extract): Ditto.
* tools/gpgtar-list.c (gpgtar_list): Ditto.
--
GnuPG-bug-id: 7192
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-07-09 02:39:15 +02:00
|
|
|
|
(GPGRT_PROCESS_STDOUT_KEEP
|
|
|
|
|
| GPGRT_PROCESS_STDERR_KEEP),
|
2024-05-31 08:36:39 +02:00
|
|
|
|
NULL, &proc);
|
2022-10-25 14:11:47 +02:00
|
|
|
|
if (!err)
|
|
|
|
|
{
|
Use gpgrt_process_spawn API from libgpg-error.
* agent/genkey.c (do_check_passphrase_pattern): Use the gpgrt API.
* common/asshelp.c (start_new_service): Ditto.
* common/exechelp.h: Remove gnupg_process_spawn API.
* common/exechelp-posix.c: Remove gnupg_process_spawn implementation.
* common/exechelp-w32.c: Likewise.
* common/exectool.c (gnupg_exec_tool_stream): Use the gpgrt API.
* common/t-exechelp.c (test_pipe_stream): Remove.
* dirmngr/ldap-wrapper.c (destroy_wrapper, ldap_reaper_thread): Use
the gpgrt API.
(ldap_wrapper_connection_cleanup, ldap_wrapper): Ditto.
* dirmngr/ldap.c, g10/call-keyboxd.c: No need to include exechelp.h.
* g10/photoid.c (run_with_pipe, show_photo): Use the gpgrt API.
* g13/be-encfs.c (run_umount_helper, run_encfs_tool): Ditto.
* g13/g13.c, g13/mount.c, g13/runner.c: No need to include exechelp.h.
* scd/apdu.c: No need to include exechelp.h.
* scd/app.c (report_change): Use the gpgrt API.
* sm/export.c, sm/import.c: No need to include exechelp.h.
* tests/gpgscm/ffi.c (proc_object_finalize, proc_wrap)
(do_process_spawn_io, do_process_spawn_fd, do_process_wait): Use the
gpgrt API.
* tools/gpg-auth.c: No need to include exechelp.h.
* tools/gpg-card.c (cmd_gpg): Use the gpgrt API.
* tools/gpg-connect-agent.c: No need to include exechelp.h.
* tools/gpg-mail-tube.c (mail_tube_encrypt, prepare_for_appimage)
(start_gpg_encrypt): Use the gpgrt API.
* tools/gpgconf-comp.c (gpg_agent_runtime_change)
(scdaemon_runtime_change, tpm2daemon_runtime_change)
(dirmngr_runtime_change, keyboxd_runtime_change)
(gc_component_launch, gc_component_check_options)
(retrieve_options_from_program): Ditto.
* tools/gpgconf.c (show_versions_via_dirmngr): Ditto.
* tools/gpgtar-create.c (gpgtar_create): Ditto.
* tools/gpgtar-extract.c (gpgtar_extract): Ditto.
* tools/gpgtar-list.c (gpgtar_list): Ditto.
--
GnuPG-bug-id: 7192
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-07-09 02:39:15 +02:00
|
|
|
|
err = gpgrt_process_wait (proc, 1);
|
|
|
|
|
gpgrt_process_release (proc);
|
2022-10-25 14:11:47 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
xfree (argv);
|
|
|
|
|
xfree (argarray);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2020-07-02 15:47:57 +02:00
|
|
|
|
static gpg_error_t
|
|
|
|
|
cmd_history (card_info_t info, char *argstr)
|
|
|
|
|
{
|
|
|
|
|
int opt_list, opt_clear;
|
|
|
|
|
|
|
|
|
|
opt_list = has_option (argstr, "--list");
|
|
|
|
|
opt_clear = has_option (argstr, "--clear");
|
|
|
|
|
|
|
|
|
|
if (!info || !(opt_list || opt_clear))
|
|
|
|
|
return print_help
|
|
|
|
|
("HISTORY --list\n"
|
|
|
|
|
" List the command history\n"
|
|
|
|
|
"HISTORY --clear\n"
|
|
|
|
|
" Clear the command history",
|
|
|
|
|
0);
|
|
|
|
|
|
|
|
|
|
if (opt_list)
|
|
|
|
|
tty_printf ("Sorry, history listing not yet possible\n");
|
|
|
|
|
|
|
|
|
|
if (opt_clear)
|
|
|
|
|
tty_read_history (NULL, 0);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
2019-02-13 09:46:36 +01:00
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
/* Data used by the command parser. This needs to be outside of the
|
|
|
|
|
* function scope to allow readline based command completion. */
|
|
|
|
|
enum cmdids
|
|
|
|
|
{
|
|
|
|
|
cmdNOP = 0,
|
2019-03-01 12:20:24 +01:00
|
|
|
|
cmdQUIT, cmdHELP, cmdLIST, cmdRESET, cmdVERIFY,
|
2019-01-27 20:12:00 +01:00
|
|
|
|
cmdNAME, cmdURL, cmdFETCH, cmdLOGIN, cmdLANG, cmdSALUT, cmdCAFPR,
|
|
|
|
|
cmdFORCESIG, cmdGENERATE, cmdPASSWD, cmdPRIVATEDO, cmdWRITECERT,
|
2019-03-05 15:49:20 +01:00
|
|
|
|
cmdREADCERT, cmdWRITEKEY, cmdUNBLOCK, cmdFACTRST, cmdKDFSETUP,
|
2022-10-25 14:11:47 +02:00
|
|
|
|
cmdUIF, cmdAUTH, cmdYUBIKEY, cmdAPDU, cmdGPG, cmdGPGSM, cmdHISTORY,
|
2024-01-16 18:05:46 +01:00
|
|
|
|
cmdCHECKKEYS,
|
2019-01-27 20:12:00 +01:00
|
|
|
|
cmdINVCMD
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static struct
|
|
|
|
|
{
|
|
|
|
|
const char *name;
|
|
|
|
|
enum cmdids id;
|
|
|
|
|
const char *desc;
|
|
|
|
|
} cmds[] = {
|
2019-03-01 12:20:24 +01:00
|
|
|
|
{ "quit" , cmdQUIT, N_("quit this menu")},
|
|
|
|
|
{ "q" , cmdQUIT, NULL },
|
2020-05-27 11:43:14 +02:00
|
|
|
|
{ "bye" , cmdQUIT, NULL },
|
2019-03-01 12:20:24 +01:00
|
|
|
|
{ "help" , cmdHELP, N_("show this help")},
|
|
|
|
|
{ "?" , cmdHELP, NULL },
|
|
|
|
|
{ "list" , cmdLIST, N_("list all available data")},
|
|
|
|
|
{ "l" , cmdLIST, NULL },
|
|
|
|
|
{ "name" , cmdNAME, N_("change card holder's name")},
|
|
|
|
|
{ "url" , cmdURL, N_("change URL to retrieve key")},
|
|
|
|
|
{ "fetch" , cmdFETCH, N_("fetch the key specified in the card URL")},
|
|
|
|
|
{ "login" , cmdLOGIN, N_("change the login name")},
|
|
|
|
|
{ "lang" , cmdLANG, N_("change the language preferences")},
|
|
|
|
|
{ "salutation",cmdSALUT, N_("change card holder's salutation")},
|
|
|
|
|
{ "salut" , cmdSALUT, NULL },
|
|
|
|
|
{ "cafpr" , cmdCAFPR , N_("change a CA fingerprint")},
|
|
|
|
|
{ "forcesig", cmdFORCESIG, N_("toggle the signature force PIN flag")},
|
|
|
|
|
{ "generate", cmdGENERATE, N_("generate new keys")},
|
|
|
|
|
{ "passwd" , cmdPASSWD, N_("menu to change or unblock the PIN")},
|
|
|
|
|
{ "verify" , cmdVERIFY, N_("verify the PIN and list all data")},
|
|
|
|
|
{ "unblock" , cmdUNBLOCK, N_("unblock the PIN using a Reset Code")},
|
|
|
|
|
{ "authenticate",cmdAUTH, N_("authenticate to the card")},
|
|
|
|
|
{ "auth" , cmdAUTH, NULL },
|
|
|
|
|
{ "reset" , cmdRESET, N_("send a reset to the card daemon")},
|
|
|
|
|
{ "factory-reset",cmdFACTRST, N_("destroy all keys and data")},
|
|
|
|
|
{ "kdf-setup", cmdKDFSETUP, N_("setup KDF for PIN authentication")},
|
|
|
|
|
{ "uif", cmdUIF, N_("change the User Interaction Flag")},
|
|
|
|
|
{ "privatedo", cmdPRIVATEDO, N_("change a private data object")},
|
|
|
|
|
{ "readcert", cmdREADCERT, N_("read a certificate from a data object")},
|
|
|
|
|
{ "writecert", cmdWRITECERT, N_("store a certificate to a data object")},
|
2019-03-05 15:49:20 +01:00
|
|
|
|
{ "writekey", cmdWRITEKEY, N_("store a private key to a data object")},
|
2024-01-16 18:05:46 +01:00
|
|
|
|
{ "checkkeys", cmdCHECKKEYS, N_("run various checks on the keys")},
|
2019-03-01 12:20:24 +01:00
|
|
|
|
{ "yubikey", cmdYUBIKEY, N_("Yubikey management commands")},
|
2022-10-25 14:11:47 +02:00
|
|
|
|
{ "gpg", cmdGPG, NULL},
|
|
|
|
|
{ "gpgsm", cmdGPGSM, NULL},
|
2020-05-28 13:00:27 +02:00
|
|
|
|
{ "apdu", cmdAPDU, NULL},
|
2020-07-02 15:47:57 +02:00
|
|
|
|
{ "history", cmdHISTORY, N_("manage the command history")},
|
2019-03-01 12:20:24 +01:00
|
|
|
|
{ NULL, cmdINVCMD, NULL }
|
2019-01-27 20:12:00 +01:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
2019-01-31 18:57:16 +01:00
|
|
|
|
/* The command line command dispatcher. */
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
dispatch_command (card_info_t info, const char *orig_command)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err = 0;
|
|
|
|
|
enum cmdids cmd; /* The command. */
|
|
|
|
|
char *command; /* A malloced copy of ORIG_COMMAND. */
|
|
|
|
|
char *argstr; /* The argument as a string. */
|
|
|
|
|
int i;
|
|
|
|
|
int ignore_error;
|
|
|
|
|
|
|
|
|
|
if ((ignore_error = *orig_command == '-'))
|
|
|
|
|
orig_command++;
|
|
|
|
|
command = xstrdup (orig_command);
|
|
|
|
|
argstr = NULL;
|
|
|
|
|
if ((argstr = strchr (command, ' ')))
|
|
|
|
|
{
|
|
|
|
|
*argstr++ = 0;
|
|
|
|
|
trim_spaces (command);
|
|
|
|
|
trim_spaces (argstr);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (i=0; cmds[i].name; i++ )
|
|
|
|
|
if (!ascii_strcasecmp (command, cmds[i].name ))
|
|
|
|
|
break;
|
|
|
|
|
cmd = cmds[i].id; /* (If not found this will be cmdINVCMD). */
|
|
|
|
|
|
|
|
|
|
/* Make sure we have valid strings for the args. They are allowed
|
|
|
|
|
* to be modified and must thus point to a buffer. */
|
|
|
|
|
if (!argstr)
|
|
|
|
|
argstr = command + strlen (command);
|
|
|
|
|
|
|
|
|
|
/* For most commands we need to make sure that we have a card. */
|
|
|
|
|
if (!info)
|
|
|
|
|
; /* Help mode */
|
|
|
|
|
else if (!(cmd == cmdNOP || cmd == cmdQUIT || cmd == cmdHELP
|
|
|
|
|
|| cmd == cmdINVCMD)
|
|
|
|
|
&& !info->initialized)
|
|
|
|
|
{
|
2021-04-01 10:34:06 +02:00
|
|
|
|
err = scd_learn (info, 0);
|
2019-01-31 18:57:16 +01:00
|
|
|
|
if (err)
|
|
|
|
|
{
|
2020-06-30 14:36:44 +02:00
|
|
|
|
err = fixup_scd_errors (err);
|
2019-01-31 18:57:16 +01:00
|
|
|
|
log_error ("Error reading card: %s\n", gpg_strerror (err));
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-30 14:36:44 +02:00
|
|
|
|
if (info)
|
|
|
|
|
info->card_removed = 0;
|
|
|
|
|
|
2019-01-31 18:57:16 +01:00
|
|
|
|
switch (cmd)
|
|
|
|
|
{
|
|
|
|
|
case cmdNOP:
|
|
|
|
|
if (!info)
|
|
|
|
|
print_help ("NOP\n\n"
|
|
|
|
|
"Dummy command.", 0);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case cmdQUIT:
|
|
|
|
|
if (!info)
|
|
|
|
|
print_help ("QUIT\n\n"
|
|
|
|
|
"Stop processing.", 0);
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
err = gpg_error (GPG_ERR_EOF);
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case cmdHELP:
|
|
|
|
|
if (!info)
|
|
|
|
|
print_help ("HELP [command]\n\n"
|
|
|
|
|
"Show all commands. With an argument show help\n"
|
|
|
|
|
"for that command.", 0);
|
|
|
|
|
else if (*argstr)
|
|
|
|
|
dispatch_command (NULL, argstr);
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
es_printf
|
|
|
|
|
("List of commands (\"help <command>\" for details):\n");
|
|
|
|
|
for (i=0; cmds[i].name; i++ )
|
|
|
|
|
if(cmds[i].desc)
|
|
|
|
|
es_printf("%-14s %s\n", cmds[i].name, _(cmds[i].desc) );
|
|
|
|
|
es_printf ("Prefix a command with a dash to ignore its error.\n");
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case cmdRESET:
|
|
|
|
|
if (!info)
|
|
|
|
|
print_help ("RESET\n\n"
|
|
|
|
|
"Send a RESET to the card daemon.", 0);
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
flush_keyblock_cache ();
|
2020-05-28 13:00:27 +02:00
|
|
|
|
err = scd_apdu (NULL, NULL, NULL, NULL, NULL);
|
2020-05-27 11:27:32 +02:00
|
|
|
|
if (!err)
|
|
|
|
|
info->need_sn_cmd = 1;
|
2019-01-31 18:57:16 +01:00
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
2019-04-03 10:27:08 +02:00
|
|
|
|
case cmdLIST: err = cmd_list (info, argstr); break;
|
2019-01-31 18:57:16 +01:00
|
|
|
|
case cmdVERIFY: err = cmd_verify (info, argstr); break;
|
2019-03-01 12:20:24 +01:00
|
|
|
|
case cmdAUTH: err = cmd_authenticate (info, argstr); break;
|
2019-01-31 18:57:16 +01:00
|
|
|
|
case cmdNAME: err = cmd_name (info, argstr); break;
|
|
|
|
|
case cmdURL: err = cmd_url (info, argstr); break;
|
|
|
|
|
case cmdFETCH: err = cmd_fetch (info); break;
|
|
|
|
|
case cmdLOGIN: err = cmd_login (info, argstr); break;
|
|
|
|
|
case cmdLANG: err = cmd_lang (info, argstr); break;
|
|
|
|
|
case cmdSALUT: err = cmd_salut (info, argstr); break;
|
|
|
|
|
case cmdCAFPR: err = cmd_cafpr (info, argstr); break;
|
|
|
|
|
case cmdPRIVATEDO: err = cmd_privatedo (info, argstr); break;
|
|
|
|
|
case cmdWRITECERT: err = cmd_writecert (info, argstr); break;
|
|
|
|
|
case cmdREADCERT: err = cmd_readcert (info, argstr); break;
|
2019-03-05 15:49:20 +01:00
|
|
|
|
case cmdWRITEKEY: err = cmd_writekey (info, argstr); break;
|
2019-01-31 18:57:16 +01:00
|
|
|
|
case cmdFORCESIG: err = cmd_forcesig (info); break;
|
2019-02-08 11:58:27 +01:00
|
|
|
|
case cmdGENERATE: err = cmd_generate (info, argstr); break;
|
2019-03-01 12:20:24 +01:00
|
|
|
|
case cmdPASSWD: err = cmd_passwd (info, argstr); break;
|
2019-01-31 18:57:16 +01:00
|
|
|
|
case cmdUNBLOCK: err = cmd_unblock (info); break;
|
2019-03-01 12:20:24 +01:00
|
|
|
|
case cmdFACTRST: err = cmd_factoryreset (info); break;
|
2019-01-31 18:57:16 +01:00
|
|
|
|
case cmdKDFSETUP: err = cmd_kdfsetup (info, argstr); break;
|
|
|
|
|
case cmdUIF: err = cmd_uif (info, argstr); break;
|
2019-02-13 09:46:36 +01:00
|
|
|
|
case cmdYUBIKEY: err = cmd_yubikey (info, argstr); break;
|
2020-05-28 13:00:27 +02:00
|
|
|
|
case cmdAPDU: err = cmd_apdu (info, argstr); break;
|
2022-10-25 14:11:47 +02:00
|
|
|
|
case cmdGPG: err = cmd_gpg (info, argstr, 0); break;
|
|
|
|
|
case cmdGPGSM: err = cmd_gpg (info, argstr, 1); break;
|
2020-07-02 15:47:57 +02:00
|
|
|
|
case cmdHISTORY: err = 0; break; /* Only used in interactive mode. */
|
2024-01-16 18:05:46 +01:00
|
|
|
|
case cmdCHECKKEYS: err = cmd_checkkeys (info, argstr); break;
|
2019-01-31 18:57:16 +01:00
|
|
|
|
|
|
|
|
|
case cmdINVCMD:
|
|
|
|
|
default:
|
|
|
|
|
log_error (_("Invalid command (try \"help\")\n"));
|
|
|
|
|
break;
|
|
|
|
|
} /* End command switch. */
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
/* Return GPG_ERR_EOF only if its origin was "quit". */
|
|
|
|
|
es_fflush (es_stdout);
|
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_EOF && cmd != cmdQUIT)
|
|
|
|
|
err = gpg_error (GPG_ERR_GENERAL);
|
2020-06-30 14:36:44 +02:00
|
|
|
|
|
|
|
|
|
if (!err && info && info->card_removed)
|
|
|
|
|
{
|
|
|
|
|
info->card_removed = 0;
|
|
|
|
|
info->need_sn_cmd = 1;
|
|
|
|
|
err = gpg_error (GPG_ERR_CARD_REMOVED);
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-31 18:57:16 +01:00
|
|
|
|
if (err && gpg_err_code (err) != GPG_ERR_EOF)
|
|
|
|
|
{
|
2020-06-30 14:36:44 +02:00
|
|
|
|
err = fixup_scd_errors (err);
|
2019-01-31 18:57:16 +01:00
|
|
|
|
if (ignore_error)
|
|
|
|
|
{
|
|
|
|
|
log_info ("Command '%s' failed: %s\n", command, gpg_strerror (err));
|
|
|
|
|
err = 0;
|
|
|
|
|
}
|
|
|
|
|
else
|
2020-05-27 11:27:32 +02:00
|
|
|
|
{
|
|
|
|
|
log_error ("Command '%s' failed: %s\n", command, gpg_strerror (err));
|
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT)
|
|
|
|
|
info->need_sn_cmd = 1;
|
|
|
|
|
}
|
2019-01-31 18:57:16 +01:00
|
|
|
|
}
|
|
|
|
|
xfree (command);
|
|
|
|
|
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* The interactive main loop. */
|
2019-01-27 20:12:00 +01:00
|
|
|
|
static void
|
|
|
|
|
interactive_loop (void)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
char *answer = NULL; /* The input line. */
|
|
|
|
|
enum cmdids cmd = cmdNOP; /* The command. */
|
|
|
|
|
char *argstr; /* The argument as a string. */
|
|
|
|
|
int redisplay = 1; /* Whether to redisplay the main info. */
|
|
|
|
|
char *help_arg = NULL; /* Argument of the HELP command. */
|
2019-02-07 16:28:03 +01:00
|
|
|
|
struct card_info_s info_buffer = { 0 };
|
2019-01-27 20:12:00 +01:00
|
|
|
|
card_info_t info = &info_buffer;
|
|
|
|
|
char *p;
|
|
|
|
|
int i;
|
2020-07-16 06:35:25 +02:00
|
|
|
|
char *historyname = NULL;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
|
|
|
|
/* In the interactive mode we do not want to print the program prefix. */
|
|
|
|
|
log_set_prefix (NULL, 0);
|
|
|
|
|
|
2020-07-02 15:47:57 +02:00
|
|
|
|
if (!opt.no_history)
|
|
|
|
|
{
|
|
|
|
|
historyname = make_filename (gnupg_homedir (), HISTORYNAME, NULL);
|
|
|
|
|
if (tty_read_history (historyname, 500))
|
|
|
|
|
log_info ("error reading '%s': %s\n",
|
|
|
|
|
historyname, gpg_strerror (gpg_error_from_syserror ()));
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
for (;;)
|
|
|
|
|
{
|
|
|
|
|
if (help_arg)
|
|
|
|
|
{
|
|
|
|
|
/* Clear info to indicate helpmode */
|
|
|
|
|
info = NULL;
|
|
|
|
|
}
|
|
|
|
|
else if (!info)
|
|
|
|
|
{
|
|
|
|
|
/* Get out of help. */
|
|
|
|
|
info = &info_buffer;
|
|
|
|
|
help_arg = NULL;
|
|
|
|
|
redisplay = 0;
|
|
|
|
|
}
|
|
|
|
|
else if (redisplay)
|
|
|
|
|
{
|
2019-04-03 10:27:08 +02:00
|
|
|
|
err = cmd_list (info, "");
|
2019-01-27 20:12:00 +01:00
|
|
|
|
if (err)
|
2020-06-30 14:36:44 +02:00
|
|
|
|
{
|
|
|
|
|
err = fixup_scd_errors (err);
|
|
|
|
|
log_error ("Error reading card: %s\n", gpg_strerror (err));
|
|
|
|
|
}
|
2019-01-27 20:12:00 +01:00
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
tty_printf("\n");
|
|
|
|
|
redisplay = 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!info)
|
|
|
|
|
{
|
2020-01-16 21:28:45 +01:00
|
|
|
|
/* Copy the pending help arg into our answer. Note that
|
2019-01-27 20:12:00 +01:00
|
|
|
|
* help_arg points into answer. */
|
|
|
|
|
p = xstrdup (help_arg);
|
|
|
|
|
help_arg = NULL;
|
|
|
|
|
xfree (answer);
|
|
|
|
|
answer = p;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
do
|
|
|
|
|
{
|
|
|
|
|
xfree (answer);
|
|
|
|
|
tty_enable_completion (command_completion);
|
|
|
|
|
answer = tty_get (_("gpg/card> "));
|
|
|
|
|
tty_kill_prompt();
|
|
|
|
|
tty_disable_completion ();
|
|
|
|
|
trim_spaces(answer);
|
|
|
|
|
}
|
|
|
|
|
while ( *answer == '#' );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
argstr = NULL;
|
|
|
|
|
if (!*answer)
|
|
|
|
|
cmd = cmdLIST; /* We default to the list command */
|
|
|
|
|
else if (*answer == CONTROL_D)
|
|
|
|
|
cmd = cmdQUIT;
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if ((argstr = strchr (answer,' ')))
|
|
|
|
|
{
|
|
|
|
|
*argstr++ = 0;
|
|
|
|
|
trim_spaces (answer);
|
|
|
|
|
trim_spaces (argstr);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (i=0; cmds[i].name; i++ )
|
|
|
|
|
if (!ascii_strcasecmp (answer, cmds[i].name ))
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
cmd = cmds[i].id;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Make sure we have valid strings for the args. They are
|
2019-01-31 18:57:16 +01:00
|
|
|
|
* allowed to be modified and must thus point to a buffer. */
|
2019-01-27 20:12:00 +01:00
|
|
|
|
if (!argstr)
|
|
|
|
|
argstr = answer + strlen (answer);
|
|
|
|
|
|
2019-01-31 18:57:16 +01:00
|
|
|
|
if (!(cmd == cmdNOP || cmd == cmdQUIT || cmd == cmdHELP
|
2020-07-02 15:47:57 +02:00
|
|
|
|
|| cmd == cmdHISTORY || cmd == cmdINVCMD))
|
2019-01-27 20:12:00 +01:00
|
|
|
|
{
|
|
|
|
|
/* If redisplay is set we know that there was an error reading
|
|
|
|
|
* the card. In this case we force a LIST command to retry. */
|
|
|
|
|
if (!info)
|
|
|
|
|
; /* In help mode. */
|
|
|
|
|
else if (redisplay)
|
|
|
|
|
{
|
|
|
|
|
cmd = cmdLIST;
|
|
|
|
|
}
|
|
|
|
|
else if (!info->serialno)
|
|
|
|
|
{
|
|
|
|
|
/* Without a serial number most commands won't work.
|
|
|
|
|
* Catch it here. */
|
2020-06-30 14:36:44 +02:00
|
|
|
|
if (cmd == cmdRESET || cmd == cmdLIST)
|
|
|
|
|
info->need_sn_cmd = 1;
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
tty_printf ("\n");
|
|
|
|
|
tty_printf ("Serial number missing\n");
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2019-01-27 20:12:00 +01:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-30 14:36:44 +02:00
|
|
|
|
if (info)
|
|
|
|
|
info->card_removed = 0;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
err = 0;
|
|
|
|
|
switch (cmd)
|
|
|
|
|
{
|
|
|
|
|
case cmdNOP:
|
|
|
|
|
if (!info)
|
|
|
|
|
print_help ("NOP\n\n"
|
|
|
|
|
"Dummy command.", 0);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case cmdQUIT:
|
|
|
|
|
if (!info)
|
|
|
|
|
print_help ("QUIT\n\n"
|
|
|
|
|
"Leave this tool.", 0);
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
tty_printf ("\n");
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case cmdHELP:
|
|
|
|
|
if (!info)
|
|
|
|
|
print_help ("HELP [command]\n\n"
|
|
|
|
|
"Show all commands. With an argument show help\n"
|
|
|
|
|
"for that command.", 0);
|
|
|
|
|
else if (*argstr)
|
|
|
|
|
help_arg = argstr; /* Trigger help for a command. */
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
tty_printf
|
|
|
|
|
("List of commands (\"help <command>\" for details):\n");
|
|
|
|
|
for (i=0; cmds[i].name; i++ )
|
2019-03-01 12:20:24 +01:00
|
|
|
|
if(cmds[i].desc)
|
2019-01-27 20:12:00 +01:00
|
|
|
|
tty_printf("%-14s %s\n", cmds[i].name, _(cmds[i].desc) );
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case cmdRESET:
|
|
|
|
|
if (!info)
|
|
|
|
|
print_help ("RESET\n\n"
|
|
|
|
|
"Send a RESET to the card daemon.", 0);
|
|
|
|
|
else
|
|
|
|
|
{
|
2019-01-30 17:48:41 +01:00
|
|
|
|
flush_keyblock_cache ();
|
2020-05-28 13:00:27 +02:00
|
|
|
|
err = scd_apdu (NULL, NULL, NULL, NULL, NULL);
|
2020-05-27 11:27:32 +02:00
|
|
|
|
if (!err)
|
|
|
|
|
info->need_sn_cmd = 1;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
2019-04-03 10:27:08 +02:00
|
|
|
|
case cmdLIST: err = cmd_list (info, argstr); break;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
case cmdVERIFY:
|
|
|
|
|
err = cmd_verify (info, argstr);
|
|
|
|
|
if (!err)
|
|
|
|
|
redisplay = 1;
|
|
|
|
|
break;
|
2019-03-01 12:20:24 +01:00
|
|
|
|
case cmdAUTH: err = cmd_authenticate (info, argstr); break;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
case cmdNAME: err = cmd_name (info, argstr); break;
|
|
|
|
|
case cmdURL: err = cmd_url (info, argstr); break;
|
|
|
|
|
case cmdFETCH: err = cmd_fetch (info); break;
|
|
|
|
|
case cmdLOGIN: err = cmd_login (info, argstr); break;
|
|
|
|
|
case cmdLANG: err = cmd_lang (info, argstr); break;
|
|
|
|
|
case cmdSALUT: err = cmd_salut (info, argstr); break;
|
|
|
|
|
case cmdCAFPR: err = cmd_cafpr (info, argstr); break;
|
|
|
|
|
case cmdPRIVATEDO: err = cmd_privatedo (info, argstr); break;
|
|
|
|
|
case cmdWRITECERT: err = cmd_writecert (info, argstr); break;
|
|
|
|
|
case cmdREADCERT: err = cmd_readcert (info, argstr); break;
|
2019-03-05 15:49:20 +01:00
|
|
|
|
case cmdWRITEKEY: err = cmd_writekey (info, argstr); break;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
case cmdFORCESIG: err = cmd_forcesig (info); break;
|
2019-02-08 11:58:27 +01:00
|
|
|
|
case cmdGENERATE: err = cmd_generate (info, argstr); break;
|
2019-03-01 12:20:24 +01:00
|
|
|
|
case cmdPASSWD: err = cmd_passwd (info, argstr); break;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
case cmdUNBLOCK: err = cmd_unblock (info); break;
|
2019-03-01 12:20:24 +01:00
|
|
|
|
case cmdFACTRST:
|
2019-01-27 20:12:00 +01:00
|
|
|
|
err = cmd_factoryreset (info);
|
|
|
|
|
if (!err)
|
|
|
|
|
redisplay = 1;
|
|
|
|
|
break;
|
|
|
|
|
case cmdKDFSETUP: err = cmd_kdfsetup (info, argstr); break;
|
|
|
|
|
case cmdUIF: err = cmd_uif (info, argstr); break;
|
2019-02-13 09:46:36 +01:00
|
|
|
|
case cmdYUBIKEY: err = cmd_yubikey (info, argstr); break;
|
2020-05-28 13:00:27 +02:00
|
|
|
|
case cmdAPDU: err = cmd_apdu (info, argstr); break;
|
2022-10-25 14:11:47 +02:00
|
|
|
|
case cmdGPG: err = cmd_gpg (info, argstr, 0); break;
|
|
|
|
|
case cmdGPGSM: err = cmd_gpg (info, argstr, 1); break;
|
2020-07-02 15:47:57 +02:00
|
|
|
|
case cmdHISTORY: err = cmd_history (info, argstr); break;
|
2024-01-16 18:05:46 +01:00
|
|
|
|
case cmdCHECKKEYS: err = cmd_checkkeys (info, argstr); break;
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
|
|
|
|
case cmdINVCMD:
|
|
|
|
|
default:
|
|
|
|
|
tty_printf ("\n");
|
|
|
|
|
tty_printf (_("Invalid command (try \"help\")\n"));
|
|
|
|
|
break;
|
|
|
|
|
} /* End command switch. */
|
2019-01-27 20:12:00 +01:00
|
|
|
|
|
2020-06-30 14:36:44 +02:00
|
|
|
|
if (!err && info && info->card_removed)
|
|
|
|
|
{
|
|
|
|
|
info->card_removed = 0;
|
|
|
|
|
info->need_sn_cmd = 1;
|
|
|
|
|
err = gpg_error (GPG_ERR_CARD_REMOVED);
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_CANCELED)
|
|
|
|
|
tty_fprintf (NULL, "\n");
|
|
|
|
|
else if (err)
|
|
|
|
|
{
|
|
|
|
|
const char *s = "?";
|
|
|
|
|
for (i=0; cmds[i].name; i++ )
|
|
|
|
|
if (cmd == cmds[i].id)
|
|
|
|
|
{
|
|
|
|
|
s = cmds[i].name;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2020-06-30 14:36:44 +02:00
|
|
|
|
|
|
|
|
|
err = fixup_scd_errors (err);
|
2019-01-27 20:12:00 +01:00
|
|
|
|
log_error ("Command '%s' failed: %s\n", s, gpg_strerror (err));
|
2020-05-27 11:27:32 +02:00
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT)
|
|
|
|
|
info->need_sn_cmd = 1;
|
2019-01-27 20:12:00 +01:00
|
|
|
|
}
|
|
|
|
|
|
2019-01-22 09:07:24 +01:00
|
|
|
|
} /* End of main menu loop. */
|
|
|
|
|
|
|
|
|
|
leave:
|
2020-07-02 15:47:57 +02:00
|
|
|
|
if (historyname && tty_write_history (historyname))
|
|
|
|
|
log_info ("error writing '%s': %s\n",
|
|
|
|
|
historyname, gpg_strerror (gpg_error_from_syserror ()));
|
|
|
|
|
|
2019-01-27 20:12:00 +01:00
|
|
|
|
release_card_info (info);
|
2020-07-02 15:47:57 +02:00
|
|
|
|
xfree (historyname);
|
2019-01-22 09:07:24 +01:00
|
|
|
|
xfree (answer);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_LIBREADLINE
|
|
|
|
|
/* Helper function for readline's command completion. */
|
|
|
|
|
static char *
|
|
|
|
|
command_generator (const char *text, int state)
|
|
|
|
|
{
|
|
|
|
|
static int list_index, len;
|
|
|
|
|
const char *name;
|
|
|
|
|
|
|
|
|
|
/* If this is a new word to complete, initialize now. This includes
|
|
|
|
|
* saving the length of TEXT for efficiency, and initializing the
|
|
|
|
|
index variable to 0. */
|
|
|
|
|
if (!state)
|
|
|
|
|
{
|
|
|
|
|
list_index = 0;
|
|
|
|
|
len = strlen(text);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Return the next partial match */
|
|
|
|
|
while ((name = cmds[list_index].name))
|
|
|
|
|
{
|
|
|
|
|
/* Only complete commands that have help text. */
|
|
|
|
|
if (cmds[list_index++].desc && !strncmp (name, text, len))
|
|
|
|
|
return strdup(name);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Second helper function for readline's command completion. */
|
|
|
|
|
static char **
|
|
|
|
|
command_completion (const char *text, int start, int end)
|
|
|
|
|
{
|
|
|
|
|
(void)end;
|
|
|
|
|
|
|
|
|
|
/* If we are at the start of a line, we try and command-complete.
|
2019-02-07 08:16:02 +01:00
|
|
|
|
* If not, just do nothing for now. The support for help completion
|
|
|
|
|
* needs to be more smarter. */
|
2019-01-22 09:07:24 +01:00
|
|
|
|
if (!start)
|
|
|
|
|
return rl_completion_matches (text, command_generator);
|
2019-02-07 08:16:02 +01:00
|
|
|
|
else if (start == 5 && !ascii_strncasecmp (rl_line_buffer, "help ", 5))
|
|
|
|
|
return rl_completion_matches (text, command_generator);
|
2019-01-22 09:07:24 +01:00
|
|
|
|
|
|
|
|
|
rl_attempted_completion_over = 1;
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
#endif /*HAVE_LIBREADLINE*/
|