g10,scd: Improve UIF support.

* g10/call-agent.c (learn_status_cb): Parse "bt" flag. * g10/call-agent.h: New member field "bt". * g10/card-util.c (uif): Limit its access only when it is supported. * scd/app-openpgp.c (do_setattr): Allow access to UIF objects only when there is a button. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-10-25 16:20:20 +09:00 · 2018-10-25 16:20:20 +09:00 · 0240345728
parent 54eb375ff1
commit 0240345728
4 changed files with 30 additions and 3 deletions
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@ -609,6 +609,8 @@ learn_status_cb (void *opaque, const char *line)
                    parm->extcap.ki = abool;
                  else if (!strcmp (p, "aac"))
                    parm->extcap.aac = abool;
+                  else if (!strcmp (p, "bt"))
+                    parm->extcap.bt = abool;
                  else if (!strcmp (p, "kdf"))
                    parm->extcap.kdf = abool;
                  else if (!strcmp (p, "si"))
--- a/g10/call-agent.h
+++ b/g10/call-agent.h
@ -69,6 +69,7 @@ struct agent_card_info_s
    unsigned int ki:1;     /* Key import available.  */
    unsigned int aac:1;    /* Algorithm attributes are changeable.  */
    unsigned int kdf:1;    /* KDF object to support PIN hashing available.  */
+    unsigned int bt:1;     /* Button for confirmation available.  */
  } extcap;
  unsigned int status_indicator;
 };
--- a/g10/card-util.c
+++ b/g10/card-util.c
@ -2114,10 +2114,31 @@ kdf_setup (const char *args)
 static void
 uif (int arg_number, const char *arg_rest)
 {
+  struct agent_card_info_s info;
+  int feature_available;
  gpg_error_t err;
  char name[100];
  unsigned char data[2];

+  memset (&info, 0, sizeof info);
+
+  err = agent_scd_getattr ("EXTCAP", &info);
+  if (err)
+    {
+      log_error (_("error getting card info: %s\n"), gpg_strerror (err));
+      return;
+    }
+
+  feature_available = info.extcap.bt;
+  agent_release_card_info (&info);
+
+  if (!feature_available)
+    {
+      log_error (_("This command is not supported by this card\n"));
+      tty_printf ("\n");
+      return;
+    }
+
  snprintf (name, sizeof name, "UIF-%d", arg_number);
  if ( !strcmp (arg_rest, "off") )
    data[0] = 0x00;
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@ -2468,9 +2468,9 @@ do_setattr (app_t app, const char *name,
    { "SM-KEY-MAC",   0x00D2, 3, 0, 1 },
    { "KEY-ATTR",     0,      0, 3, 1 },
    { "AESKEY",       0x00D5, 3, 0, 1 },
-    { "UIF-1",        0x00D6, 3, 0, 1 },
-    { "UIF-2",        0x00D7, 3, 0, 1 },
-    { "UIF-3",        0x00D8, 3, 0, 1 },
+    { "UIF-1",        0x00D6, 3, 5, 1 },
+    { "UIF-2",        0x00D7, 3, 5, 1 },
+    { "UIF-3",        0x00D8, 3, 5, 1 },
    { "KDF",          0x00F9, 3, 4, 1 },
    { NULL, 0 }
  };
@ -2483,6 +2483,9 @@ do_setattr (app_t app, const char *name,
  if (table[idx].need_v2 && !app->app_local->extcap.is_v2)
    return gpg_error (GPG_ERR_NOT_SUPPORTED); /* Not yet supported.  */

+  if (table[idx].special == 5 && app->app_local->extcap.has_button == 0)
+    return gpg_error (GPG_ERR_INV_OBJ);
+
  if (table[idx].special == 3)
    return change_keyattr_from_string (app, pincb, pincb_arg, value, valuelen);