security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-05-24 16:43:28 +02:00
Code Activity

scd: Fix timeout handling for key generation.

Browse Source 
* scd/ccid-driver.c (CCID_CMD_TIMEOUT): Back to original value.
(CCID_CMD_TIMEOUT_LONGER): New.
(ccid_transceive): Add kludge for key generation.

--

At key generation of longer key size, OpenPGP card sends back "time
extension" with BWI=100, which is unusual value in the protocol and it
actually requires host having longer timeout like 43 seconds.

Reported-by: Szczepan Zalega <szczepan@nitrokey.com>
Fixes-commit: 6510df3a7cd2b5bf44fac1e4d50ee54b8c897daa
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2017-03-27 11:25:00 +09:00
parent 0b3770c421
commit 0848cfcce7
1 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
scd/ccid-driver.c
View File

@ -108,8 +108,10 @@
*/ */
#define CCID_MAX_BUF (2048+7+10) #define CCID_MAX_BUF (2048+7+10)
/* CCID command timeout. OpenPGPcard v2.1 requires timeout of 13 seconds. */ /* CCID command timeout. */
#define CCID_CMD_TIMEOUT (13*1000) #define CCID_CMD_TIMEOUT (5*1000)
/* OpenPGPcard v2.1 requires huge timeout for key generation. */
#define CCID_CMD_TIMEOUT_LONGER (60*1000)
/* Depending on how this source is used we either define our error /* Depending on how this source is used we either define our error
output to go to stderr or to the GnuPG based logging functions. We output to go to stderr or to the GnuPG based logging functions. We
@ -3394,6 +3396,7 @@ ccid_transceive (ccid_driver_t handle,
int retries = 0; int retries = 0;
int resyncing = 0; int resyncing = 0;
int nad_byte; int nad_byte;
int wait_more = 0;
if (!nresp) if (!nresp)
nresp = &dummy_nresp; nresp = &dummy_nresp;
@ -3407,7 +3410,7 @@ ccid_transceive (ccid_driver_t handle,
but the Windows driver does it this way. Tested using a but the Windows driver does it this way. Tested using a
CM6121. This method works also for the Cherry XX44 CM6121. This method works also for the Cherry XX44
keyboards; however there are problems with the keyboards; however there are problems with the
ccid_tranceive_secure which leads to a loss of sync on the ccid_transceive_secure which leads to a loss of sync on the
CCID level. If Cherry wants to make their keyboard work CCID level. If Cherry wants to make their keyboard work
again, they should hand over some docs. */ again, they should hand over some docs. */
if ((handle->id_vendor == VENDOR_OMNIKEY if ((handle->id_vendor == VENDOR_OMNIKEY
@ -3503,8 +3506,8 @@ ccid_transceive (ccid_driver_t handle,
msg = recv_buffer; msg = recv_buffer;
rc = bulk_in (handle, msg, sizeof recv_buffer, &msglen, rc = bulk_in (handle, msg, sizeof recv_buffer, &msglen,
via_escape? RDR_to_PC_Escape : RDR_to_PC_DataBlock, via_escape? RDR_to_PC_Escape : RDR_to_PC_DataBlock, seqno,
seqno, CCID_CMD_TIMEOUT, 0); wait_more? CCID_CMD_TIMEOUT_LONGER: CCID_CMD_TIMEOUT, 0);
if (rc) if (rc)
return rc; return rc;
@ -3678,6 +3681,11 @@ ccid_transceive (ccid_driver_t handle,
{ {
/* Wait time extension request. */ /* Wait time extension request. */
unsigned char bwi = tpdu[3]; unsigned char bwi = tpdu[3];
/* Check if it's unsual value which can't be expressed in ATR. */
if (bwi > 15)
wait_more = 1;
msg = send_buffer; msg = send_buffer;
tpdu = msg + hdrlen; tpdu = msg + hdrlen;
tpdu[0] = nad_byte; tpdu[0] = nad_byte;