mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-31 11:41:32 +01:00
scd:p15: Improve diagnostics
-- This removes almost all log_debug calls and uses opt.verbose and log_info to show card information. Also avoid too long and thus harder to read lines. Signed-off-by: Werner Koch <wk@gnupg.org> (back ported from master)
This commit is contained in:
parent
60b0aa7e57
commit
135af66525
360
scd/app-p15.c
360
scd/app-p15.c
@ -139,7 +139,9 @@ struct cdf_object_s
|
||||
/* Link to next item when used in a linked list. */
|
||||
struct cdf_object_s *next;
|
||||
|
||||
/* Length and allocated buffer with the Id of this object. */
|
||||
/* Length and allocated buffer with the Id of this object.
|
||||
* This field is used for X.509 in PKCS#11 to make it easier to
|
||||
* match a private key with a certificate. */
|
||||
size_t objidlen;
|
||||
unsigned char *objid;
|
||||
|
||||
@ -416,14 +418,14 @@ select_and_read_binary (int slot, unsigned short efid, const char *efid_desc,
|
||||
err = iso7816_select_file (slot, efid, 0);
|
||||
if (err)
|
||||
{
|
||||
log_error ("error selecting %s (0x%04X): %s\n",
|
||||
log_error ("p15: error selecting %s (0x%04X): %s\n",
|
||||
efid_desc, efid, gpg_strerror (err));
|
||||
return err;
|
||||
}
|
||||
err = iso7816_read_binary (slot, 0, 0, buffer, buflen);
|
||||
if (err)
|
||||
{
|
||||
log_error ("error reading %s (0x%04X): %s\n",
|
||||
log_error ("p15: error reading %s (0x%04X): %s\n",
|
||||
efid_desc, efid, gpg_strerror (err));
|
||||
return err;
|
||||
}
|
||||
@ -443,14 +445,14 @@ select_ef_by_path (app_t app, const unsigned short *path, size_t pathlen)
|
||||
return gpg_error (GPG_ERR_INV_VALUE);
|
||||
|
||||
if (pathlen && *path != 0x3f00 )
|
||||
log_debug ("WARNING: relative path selection not yet implemented\n");
|
||||
log_error ("p15: warning: relative path selection not yet implemented\n");
|
||||
|
||||
if (app->app_local->direct_path_selection)
|
||||
{
|
||||
err = iso7816_select_path (app->slot, path+1, pathlen-1);
|
||||
if (err)
|
||||
{
|
||||
log_error ("error selecting path ");
|
||||
log_error ("p15: error selecting path ");
|
||||
for (j=0; j < pathlen; j++)
|
||||
log_printf ("%04hX", path[j]);
|
||||
log_printf (": %s\n", gpg_strerror (err));
|
||||
@ -468,7 +470,7 @@ select_ef_by_path (app_t app, const unsigned short *path, size_t pathlen)
|
||||
err = iso7816_select_file (app->slot, path[i], !(i+1 == pathlen));
|
||||
if (err)
|
||||
{
|
||||
log_error ("error selecting part %d from path ", i);
|
||||
log_error ("p15: error selecting part %d from path ", i);
|
||||
for (j=0; j < pathlen; j++)
|
||||
log_printf ("%04hX", path[j]);
|
||||
log_printf (": %s\n", gpg_strerror (err));
|
||||
@ -623,7 +625,7 @@ read_ef_odf (app_t app, unsigned short odf_fid)
|
||||
|
||||
if (buflen < 8)
|
||||
{
|
||||
log_error ("error: ODF too short\n");
|
||||
log_error ("p15: error: ODF too short\n");
|
||||
xfree (buffer);
|
||||
return gpg_error (GPG_ERR_INV_OBJ);
|
||||
}
|
||||
@ -655,7 +657,7 @@ read_ef_odf (app_t app, unsigned short odf_fid)
|
||||
{
|
||||
home_df = ((p[8]<<8)|p[9]);
|
||||
app->app_local->home_df = home_df;
|
||||
log_info ("pkcs#15 application directory detected as 0x%04hX\n",
|
||||
log_info ("p15: application directory detected as 0x%04hX\n",
|
||||
home_df);
|
||||
}
|
||||
|
||||
@ -667,7 +669,7 @@ read_ef_odf (app_t app, unsigned short odf_fid)
|
||||
}
|
||||
else
|
||||
{
|
||||
log_printhex ("ODF format is not supported by us:", p, buflen);
|
||||
log_printhex ("p15: ODF format not supported:", p, buflen);
|
||||
xfree (buffer);
|
||||
return gpg_error (GPG_ERR_INV_OBJ);
|
||||
}
|
||||
@ -686,7 +688,8 @@ read_ef_odf (app_t app, unsigned short odf_fid)
|
||||
}
|
||||
if (value)
|
||||
{
|
||||
log_error ("duplicate object type %d in ODF ignored\n",(p[0]&0x0f));
|
||||
log_error ("p15: duplicate object type %d in ODF ignored\n",
|
||||
(p[0]&0x0f));
|
||||
continue;
|
||||
}
|
||||
value = ((p[offset] << 8) | p[offset+1]);
|
||||
@ -702,7 +705,8 @@ read_ef_odf (app_t app, unsigned short odf_fid)
|
||||
case 7: app->app_local->odf.data_objects = value; break;
|
||||
case 8: app->app_local->odf.auth_objects = value; break;
|
||||
default:
|
||||
log_error ("unknown object type %d in ODF ignored\n", (p[0]&0x0f));
|
||||
log_error ("p15: unknown object type %d in ODF ignored\n",
|
||||
(p[0]&0x0f));
|
||||
}
|
||||
offset += 2;
|
||||
|
||||
@ -719,7 +723,7 @@ read_ef_odf (app_t app, unsigned short odf_fid)
|
||||
;
|
||||
if (n < buflen)
|
||||
{
|
||||
log_info ("warning: garbage detected at end of ODF: ");
|
||||
log_info ("p15: warning: garbage detected at end of ODF: ");
|
||||
log_printhex ("", p, buflen);
|
||||
}
|
||||
}
|
||||
@ -892,7 +896,8 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result)
|
||||
err = gpg_error (GPG_ERR_INV_OBJ);
|
||||
if (err)
|
||||
{
|
||||
log_error ("error parsing PrKDF record: %s\n", gpg_strerror (err));
|
||||
log_error ("p15: error parsing PrKDF record: %s\n",
|
||||
gpg_strerror (err));
|
||||
goto leave;
|
||||
}
|
||||
pp = p;
|
||||
@ -1233,38 +1238,41 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result)
|
||||
}
|
||||
|
||||
|
||||
log_debug ("PrKDF %04hX: id=", fid);
|
||||
for (i=0; i < prkdf->objidlen; i++)
|
||||
log_printf ("%02X", prkdf->objid[i]);
|
||||
log_printf (" path=");
|
||||
for (i=0; i < prkdf->pathlen; i++)
|
||||
log_printf ("%04hX", prkdf->path[i]);
|
||||
if (prkdf->have_off)
|
||||
log_printf ("[%lu/%lu]", prkdf->off, prkdf->len);
|
||||
if (prkdf->authid)
|
||||
if (opt.verbose)
|
||||
{
|
||||
log_printf (" authid=");
|
||||
for (i=0; i < prkdf->authidlen; i++)
|
||||
log_printf ("%02X", prkdf->authid[i]);
|
||||
log_info ("p15: PrKDF %04hX: id=", fid);
|
||||
for (i=0; i < prkdf->objidlen; i++)
|
||||
log_printf ("%02X", prkdf->objid[i]);
|
||||
log_printf (" path=");
|
||||
for (i=0; i < prkdf->pathlen; i++)
|
||||
log_printf ("%s%04hX", i?"/":"",prkdf->path[i]);
|
||||
if (prkdf->have_off)
|
||||
log_printf ("[%lu/%lu]", prkdf->off, prkdf->len);
|
||||
if (prkdf->authid)
|
||||
{
|
||||
log_printf (" authid=");
|
||||
for (i=0; i < prkdf->authidlen; i++)
|
||||
log_printf ("%02X", prkdf->authid[i]);
|
||||
}
|
||||
if (prkdf->key_reference_valid)
|
||||
log_printf (" keyref=0x%02lX", prkdf->key_reference);
|
||||
log_info ("p15: usage=");
|
||||
s = "";
|
||||
if (prkdf->usageflags.encrypt) log_printf ("%sencrypt", s), s = ",";
|
||||
if (prkdf->usageflags.decrypt) log_printf ("%sdecrypt", s), s = ",";
|
||||
if (prkdf->usageflags.sign ) log_printf ("%ssign", s), s = ",";
|
||||
if (prkdf->usageflags.sign_recover)
|
||||
log_printf ("%ssign_recover", s), s = ",";
|
||||
if (prkdf->usageflags.wrap ) log_printf ("%swrap", s), s = ",";
|
||||
if (prkdf->usageflags.unwrap ) log_printf ("%sunwrap", s), s = ",";
|
||||
if (prkdf->usageflags.verify ) log_printf ("%sverify", s), s = ",";
|
||||
if (prkdf->usageflags.verify_recover)
|
||||
log_printf ("%sverify_recover", s), s = ",";
|
||||
if (prkdf->usageflags.derive ) log_printf ("%sderive", s), s = ",";
|
||||
if (prkdf->usageflags.non_repudiation)
|
||||
log_printf ("%snon_repudiation", s), s = ",";
|
||||
log_printf ("\n");
|
||||
}
|
||||
if (prkdf->key_reference_valid)
|
||||
log_printf (" keyref=0x%02lX", prkdf->key_reference);
|
||||
log_printf (" usage=");
|
||||
s = "";
|
||||
if (prkdf->usageflags.encrypt) log_printf ("%sencrypt", s), s = ",";
|
||||
if (prkdf->usageflags.decrypt) log_printf ("%sdecrypt", s), s = ",";
|
||||
if (prkdf->usageflags.sign ) log_printf ("%ssign", s), s = ",";
|
||||
if (prkdf->usageflags.sign_recover)
|
||||
log_printf ("%ssign_recover", s), s = ",";
|
||||
if (prkdf->usageflags.wrap ) log_printf ("%swrap", s), s = ",";
|
||||
if (prkdf->usageflags.unwrap ) log_printf ("%sunwrap", s), s = ",";
|
||||
if (prkdf->usageflags.verify ) log_printf ("%sverify", s), s = ",";
|
||||
if (prkdf->usageflags.verify_recover)
|
||||
log_printf ("%sverify_recover", s), s = ",";
|
||||
if (prkdf->usageflags.derive ) log_printf ("%sderive", s), s = ",";
|
||||
if (prkdf->usageflags.non_repudiation)
|
||||
log_printf ("%snon_repudiation", s), s = ",";
|
||||
log_printf ("\n");
|
||||
|
||||
/* Put it into the list. */
|
||||
prkdf->next = prkdflist;
|
||||
@ -1273,7 +1281,7 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result)
|
||||
continue; /* Ready. */
|
||||
|
||||
parse_error:
|
||||
log_error ("error parsing PrKDF record (%d): %s - skipped\n",
|
||||
log_error ("p15: error parsing PrKDF record (%d): %s - skipped\n",
|
||||
where, errstr? errstr : gpg_strerror (err));
|
||||
if (prkdf)
|
||||
{
|
||||
@ -1340,7 +1348,7 @@ read_ef_cdf (app_t app, unsigned short fid, cdf_object_t *result)
|
||||
err = gpg_error (GPG_ERR_INV_OBJ);
|
||||
if (err)
|
||||
{
|
||||
log_error ("error parsing CDF record: %s\n", gpg_strerror (err));
|
||||
log_error ("p15: error parsing CDF record: %s\n", gpg_strerror (err));
|
||||
goto leave;
|
||||
}
|
||||
pp = p;
|
||||
@ -1501,15 +1509,18 @@ read_ef_cdf (app_t app, unsigned short fid, cdf_object_t *result)
|
||||
cdf->len = ul;
|
||||
}
|
||||
|
||||
log_debug ("CDF %04hX: id=", fid);
|
||||
for (i=0; i < cdf->objidlen; i++)
|
||||
log_printf ("%02X", cdf->objid[i]);
|
||||
log_printf (" path=");
|
||||
for (i=0; i < cdf->pathlen; i++)
|
||||
log_printf ("%04hX", cdf->path[i]);
|
||||
if (cdf->have_off)
|
||||
log_printf ("[%lu/%lu]", cdf->off, cdf->len);
|
||||
log_printf ("\n");
|
||||
if (opt.verbose)
|
||||
{
|
||||
log_info ("p15: CDF %04hX: id=", fid);
|
||||
for (i=0; i < cdf->objidlen; i++)
|
||||
log_printf ("%02X", cdf->objid[i]);
|
||||
log_printf (" path=");
|
||||
for (i=0; i < cdf->pathlen; i++)
|
||||
log_printf ("%s%04hX", i?"/":"", cdf->path[i]);
|
||||
if (cdf->have_off)
|
||||
log_printf ("[%lu/%lu]", cdf->off, cdf->len);
|
||||
log_printf ("\n");
|
||||
}
|
||||
|
||||
/* Put it into the list. */
|
||||
cdf->next = cdflist;
|
||||
@ -1518,7 +1529,7 @@ read_ef_cdf (app_t app, unsigned short fid, cdf_object_t *result)
|
||||
continue; /* Ready. */
|
||||
|
||||
parse_error:
|
||||
log_error ("error parsing CDF record (%d): %s - skipped\n",
|
||||
log_error ("p15: error parsing CDF record (%d): %s - skipped\n",
|
||||
where, errstr? errstr : gpg_strerror (err));
|
||||
xfree (cdf);
|
||||
err = 0;
|
||||
@ -1614,7 +1625,8 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
|
||||
err = gpg_error (GPG_ERR_INV_OBJ);
|
||||
if (err)
|
||||
{
|
||||
log_error ("error parsing AODF record: %s\n", gpg_strerror (err));
|
||||
log_error ("p15: error parsing AODF record: %s\n",
|
||||
gpg_strerror (err));
|
||||
goto leave;
|
||||
}
|
||||
pp = p;
|
||||
@ -2088,73 +2100,77 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
|
||||
extensions of pkcs#15. */
|
||||
|
||||
ready:
|
||||
log_debug ("AODF %04hX: id=", fid);
|
||||
for (i=0; i < aodf->objidlen; i++)
|
||||
log_printf ("%02X", aodf->objid[i]);
|
||||
if (aodf->authid)
|
||||
if (opt.verbose)
|
||||
{
|
||||
log_printf (" authid=");
|
||||
for (i=0; i < aodf->authidlen; i++)
|
||||
log_printf ("%02X", aodf->authid[i]);
|
||||
}
|
||||
log_printf (" flags=");
|
||||
s = "";
|
||||
if (aodf->pinflags.case_sensitive)
|
||||
log_printf ("%scase_sensitive", s), s = ",";
|
||||
if (aodf->pinflags.local)
|
||||
log_printf ("%slocal", s), s = ",";
|
||||
if (aodf->pinflags.change_disabled)
|
||||
log_printf ("%schange_disabled", s), s = ",";
|
||||
if (aodf->pinflags.unblock_disabled)
|
||||
log_printf ("%sunblock_disabled", s), s = ",";
|
||||
if (aodf->pinflags.initialized)
|
||||
log_printf ("%sinitialized", s), s = ",";
|
||||
if (aodf->pinflags.needs_padding)
|
||||
log_printf ("%sneeds_padding", s), s = ",";
|
||||
if (aodf->pinflags.unblocking_pin)
|
||||
log_printf ("%sunblocking_pin", s), s = ",";
|
||||
if (aodf->pinflags.so_pin)
|
||||
log_printf ("%sso_pin", s), s = ",";
|
||||
if (aodf->pinflags.disable_allowed)
|
||||
log_printf ("%sdisable_allowed", s), s = ",";
|
||||
if (aodf->pinflags.integrity_protected)
|
||||
log_printf ("%sintegrity_protected", s), s = ",";
|
||||
if (aodf->pinflags.confidentiality_protected)
|
||||
log_printf ("%sconfidentiality_protected", s), s = ",";
|
||||
if (aodf->pinflags.exchange_ref_data)
|
||||
log_printf ("%sexchange_ref_data", s), s = ",";
|
||||
{
|
||||
char numbuf[50];
|
||||
switch (aodf->pintype)
|
||||
log_info ("p15: AODF %04hX: id=", fid);
|
||||
for (i=0; i < aodf->objidlen; i++)
|
||||
log_printf ("%02X", aodf->objid[i]);
|
||||
if (aodf->authid)
|
||||
{
|
||||
log_printf (" authid=");
|
||||
for (i=0; i < aodf->authidlen; i++)
|
||||
log_printf ("%02X", aodf->authid[i]);
|
||||
}
|
||||
if (aodf->pin_reference_valid)
|
||||
log_printf (" pinref=0x%02lX", aodf->pin_reference);
|
||||
if (aodf->pathlen)
|
||||
{
|
||||
log_printf (" path=");
|
||||
for (i=0; i < aodf->pathlen; i++)
|
||||
log_printf ("%s%04hX", i?"/":"",aodf->path[i]);
|
||||
if (aodf->have_off)
|
||||
log_printf ("[%lu/%lu]", aodf->off, aodf->len);
|
||||
}
|
||||
log_printf (" min=%lu", aodf->min_length);
|
||||
log_printf (" stored=%lu", aodf->stored_length);
|
||||
if (aodf->max_length_valid)
|
||||
log_printf (" max=%lu", aodf->max_length);
|
||||
if (aodf->pad_char_valid)
|
||||
log_printf (" pad=0x%02x", aodf->pad_char);
|
||||
|
||||
log_info ("p15: flags=");
|
||||
s = "";
|
||||
if (aodf->pinflags.case_sensitive)
|
||||
log_printf ("%scase_sensitive", s), s = ",";
|
||||
if (aodf->pinflags.local)
|
||||
log_printf ("%slocal", s), s = ",";
|
||||
if (aodf->pinflags.change_disabled)
|
||||
log_printf ("%schange_disabled", s), s = ",";
|
||||
if (aodf->pinflags.unblock_disabled)
|
||||
log_printf ("%sunblock_disabled", s), s = ",";
|
||||
if (aodf->pinflags.initialized)
|
||||
log_printf ("%sinitialized", s), s = ",";
|
||||
if (aodf->pinflags.needs_padding)
|
||||
log_printf ("%sneeds_padding", s), s = ",";
|
||||
if (aodf->pinflags.unblocking_pin)
|
||||
log_printf ("%sunblocking_pin", s), s = ",";
|
||||
if (aodf->pinflags.so_pin)
|
||||
log_printf ("%sso_pin", s), s = ",";
|
||||
if (aodf->pinflags.disable_allowed)
|
||||
log_printf ("%sdisable_allowed", s), s = ",";
|
||||
if (aodf->pinflags.integrity_protected)
|
||||
log_printf ("%sintegrity_protected", s), s = ",";
|
||||
if (aodf->pinflags.confidentiality_protected)
|
||||
log_printf ("%sconfidentiality_protected", s), s = ",";
|
||||
if (aodf->pinflags.exchange_ref_data)
|
||||
log_printf ("%sexchange_ref_data", s), s = ",";
|
||||
{
|
||||
case PIN_TYPE_BCD: s = "bcd"; break;
|
||||
case PIN_TYPE_ASCII_NUMERIC: s = "ascii-numeric"; break;
|
||||
case PIN_TYPE_UTF8: s = "utf8"; break;
|
||||
case PIN_TYPE_HALF_NIBBLE_BCD: s = "half-nibble-bcd"; break;
|
||||
case PIN_TYPE_ISO9564_1: s = "iso9564-1"; break;
|
||||
default:
|
||||
sprintf (numbuf, "%lu", (unsigned long)aodf->pintype);
|
||||
s = numbuf;
|
||||
char numbuf[50];
|
||||
switch (aodf->pintype)
|
||||
{
|
||||
case PIN_TYPE_BCD: s = "bcd"; break;
|
||||
case PIN_TYPE_ASCII_NUMERIC: s = "ascii-numeric"; break;
|
||||
case PIN_TYPE_UTF8: s = "utf8"; break;
|
||||
case PIN_TYPE_HALF_NIBBLE_BCD: s = "half-nibble-bcd"; break;
|
||||
case PIN_TYPE_ISO9564_1: s = "iso9564-1"; break;
|
||||
default:
|
||||
sprintf (numbuf, "%lu", (unsigned long)aodf->pintype);
|
||||
s = numbuf;
|
||||
}
|
||||
log_printf (" type=%s", s);
|
||||
}
|
||||
log_printf (" type=%s", s);
|
||||
}
|
||||
log_printf (" min=%lu", aodf->min_length);
|
||||
log_printf (" stored=%lu", aodf->stored_length);
|
||||
if (aodf->max_length_valid)
|
||||
log_printf (" max=%lu", aodf->max_length);
|
||||
if (aodf->pad_char_valid)
|
||||
log_printf (" pad=0x%02x", aodf->pad_char);
|
||||
if (aodf->pin_reference_valid)
|
||||
log_printf (" pinref=0x%02lX", aodf->pin_reference);
|
||||
if (aodf->pathlen)
|
||||
{
|
||||
log_printf (" path=");
|
||||
for (i=0; i < aodf->pathlen; i++)
|
||||
log_printf ("%04hX", aodf->path[i]);
|
||||
if (aodf->have_off)
|
||||
log_printf ("[%lu/%lu]", aodf->off, aodf->len);
|
||||
log_printf ("\n");
|
||||
}
|
||||
log_printf ("\n");
|
||||
|
||||
/* Put it into the list. */
|
||||
aodf->next = aodflist;
|
||||
@ -2168,7 +2184,7 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
|
||||
goto leave;
|
||||
|
||||
parse_error:
|
||||
log_error ("error parsing AODF record (%d): %s - skipped\n",
|
||||
log_error ("p15: error parsing AODF record (%d): %s - skipped\n",
|
||||
where, errstr? errstr : gpg_strerror (err));
|
||||
err = 0;
|
||||
release_aodf_object (aodf);
|
||||
@ -2317,7 +2333,7 @@ read_ef_tokeninfo (app_t app)
|
||||
err = gpg_error (GPG_ERR_INV_OBJ);
|
||||
if (err)
|
||||
{
|
||||
log_error ("error parsing TokenInfo: %s\n", gpg_strerror (err));
|
||||
log_error ("p15: error parsing TokenInfo: %s\n", gpg_strerror (err));
|
||||
goto leave;
|
||||
}
|
||||
|
||||
@ -2339,12 +2355,13 @@ read_ef_tokeninfo (app_t app)
|
||||
}
|
||||
if (ul)
|
||||
{
|
||||
log_error ("invalid version %lu in TokenInfo\n", ul);
|
||||
log_error ("p15: invalid version %lu in TokenInfo\n", ul);
|
||||
err = gpg_error (GPG_ERR_INV_OBJ);
|
||||
goto leave;
|
||||
}
|
||||
|
||||
log_info ("TokenInfo:\n");
|
||||
if (opt.verbose)
|
||||
log_info ("p15: TokenInfo:\n");
|
||||
/* serialNumber. */
|
||||
err = parse_ber_header (&p, &n, &class, &tag, &constructed,
|
||||
&ndef, &objlen, &hdrlen);
|
||||
@ -2362,9 +2379,12 @@ read_ef_tokeninfo (app_t app)
|
||||
}
|
||||
memcpy (app->app_local->serialno, p, objlen);
|
||||
app->app_local->serialnolen = objlen;
|
||||
/* (We use a separate log_info to avoid the "DBG:" prefix.) */
|
||||
log_info (" serialNumber .: ");
|
||||
log_printhex ("", p, objlen);
|
||||
if (opt.verbose)
|
||||
{
|
||||
/* (We use a separate log_info to avoid the "DBG:" prefix.) */
|
||||
log_info ("p15: serialNumber .: ");
|
||||
log_printhex ("", p, objlen);
|
||||
}
|
||||
p += objlen;
|
||||
n -= objlen;
|
||||
|
||||
@ -2377,7 +2397,8 @@ read_ef_tokeninfo (app_t app)
|
||||
goto leave;
|
||||
if (class == CLASS_UNIVERSAL && tag == TAG_UTF8_STRING)
|
||||
{
|
||||
log_info (" manufacturerID: %.*s\n", (int)objlen, p);
|
||||
if (opt.verbose)
|
||||
log_info ("p15: manufacturerID: %.*s\n", (int)objlen, p);
|
||||
p += objlen;
|
||||
n -= objlen;
|
||||
/* Get next TLV. */
|
||||
@ -2390,7 +2411,8 @@ read_ef_tokeninfo (app_t app)
|
||||
}
|
||||
if (class == CLASS_CONTEXT && tag == 0)
|
||||
{
|
||||
log_info (" label ........: %.*s\n", (int)objlen, p);
|
||||
if (opt.verbose)
|
||||
log_info ("p15: label ........: %.*s\n", (int)objlen, p);
|
||||
p += objlen;
|
||||
n -= objlen;
|
||||
/* Get next TLV. */
|
||||
@ -2404,9 +2426,12 @@ read_ef_tokeninfo (app_t app)
|
||||
/* The next is the mandatory tokenflags object. */
|
||||
if (class == CLASS_UNIVERSAL && tag == TAG_BIT_STRING)
|
||||
{
|
||||
log_info (" tokenflags ...:");
|
||||
print_tokeninfo_tokenflags (p, objlen);
|
||||
log_printf ("\n");
|
||||
if (opt.verbose)
|
||||
{
|
||||
log_info ("p15: tokenflags ...:");
|
||||
print_tokeninfo_tokenflags (p, objlen);
|
||||
log_printf ("\n");
|
||||
}
|
||||
p += objlen;
|
||||
n -= objlen;
|
||||
}
|
||||
@ -2605,7 +2630,7 @@ send_keypairinfo (app_t app, ctrl_t ctrl, prkdf_object_t keyinfo)
|
||||
err = keygripstr_from_prkdf (app, keyinfo, gripstr);
|
||||
if (err)
|
||||
{
|
||||
log_error ("can't get keygrip from ");
|
||||
log_error ("p15: error getting keygrip from ");
|
||||
for (j=0; j < keyinfo->pathlen; j++)
|
||||
log_printf ("%04hX", keyinfo->path[j]);
|
||||
log_printf (": %s\n", gpg_strerror (err));
|
||||
@ -2693,9 +2718,12 @@ readcert_by_cdf (app_t app, cdf_object_t cdf,
|
||||
err = gpg_error (GPG_ERR_NOT_FOUND);
|
||||
if (err)
|
||||
{
|
||||
log_error ("error reading certificate with Id ");
|
||||
log_error ("p15: error reading certificate id=");
|
||||
for (i=0; i < cdf->objidlen; i++)
|
||||
log_printf ("%02X", cdf->objid[i]);
|
||||
log_printf (" at ");
|
||||
for (i=0; i < cdf->pathlen; i++)
|
||||
log_printf ("%s%04hX", i? "/":"", cdf->path[i]);
|
||||
log_printf (": %s\n", gpg_strerror (err));
|
||||
goto leave;
|
||||
}
|
||||
@ -2851,7 +2879,8 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
|
||||
err = iso7816_read_binary (app->slot, 0, 0, &buffer, &buflen);
|
||||
if (err)
|
||||
{
|
||||
log_error ("error accessing EF(ID): %s\n", gpg_strerror (err));
|
||||
log_error ("p15: error accessing EF(ID): %s\n",
|
||||
gpg_strerror (err));
|
||||
return err;
|
||||
}
|
||||
|
||||
@ -2896,7 +2925,7 @@ micardo_mse (app_t app, unsigned short fid)
|
||||
err = iso7816_select_file (app->slot, 0x0013, 0);
|
||||
if (err)
|
||||
{
|
||||
log_error ("error reading EF_keyD: %s\n", gpg_strerror (err));
|
||||
log_error ("p15: error reading EF_keyD: %s\n", gpg_strerror (err));
|
||||
return err;
|
||||
}
|
||||
|
||||
@ -2912,11 +2941,15 @@ micardo_mse (app_t app, unsigned short fid)
|
||||
break; /* ready */
|
||||
if (err)
|
||||
{
|
||||
log_error ("error reading EF_keyD record: %s\n",
|
||||
log_error ("p15: error reading EF_keyD record: %s\n",
|
||||
gpg_strerror (err));
|
||||
return err;
|
||||
}
|
||||
log_printhex ("keyD record:", buffer, buflen);
|
||||
if (opt.verbose)
|
||||
{
|
||||
log_info (buffer, buflen, "p15: keyD record: ");
|
||||
log_printhex ("", buffer, buflen);
|
||||
}
|
||||
p = find_tlv (buffer, buflen, 0x83, &n);
|
||||
if (p && n == 4 && ((p[2]<<8)|p[3]) == fid)
|
||||
{
|
||||
@ -2938,7 +2971,7 @@ micardo_mse (app_t app, unsigned short fid)
|
||||
}
|
||||
if (se_num == -1)
|
||||
{
|
||||
log_error ("CRT for keyfile %04hX not found\n", fid);
|
||||
log_error ("p15: CRT for keyfile %04hX not found\n", fid);
|
||||
return gpg_error (GPG_ERR_NOT_FOUND);
|
||||
}
|
||||
|
||||
@ -2949,7 +2982,7 @@ micardo_mse (app_t app, unsigned short fid)
|
||||
err = iso7816_manage_security_env (app->slot, 0xf3, se_num, NULL, 0);
|
||||
if (err)
|
||||
{
|
||||
log_error ("restoring SE to %d failed: %s\n",
|
||||
log_error ("p15: restoring SE to %d failed: %s\n",
|
||||
se_num, gpg_strerror (err));
|
||||
return err;
|
||||
}
|
||||
@ -2964,7 +2997,7 @@ micardo_mse (app_t app, unsigned short fid)
|
||||
err = iso7816_manage_security_env (app->slot, 0x41, 0xb6, msebuf, 5);
|
||||
if (err)
|
||||
{
|
||||
log_error ("setting SE to reference file %04hX failed: %s\n",
|
||||
log_error ("p15: setting SE to reference file %04hX failed: %s\n",
|
||||
refdata, gpg_strerror (err));
|
||||
return err;
|
||||
}
|
||||
@ -3014,13 +3047,13 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
||||
if (!(prkdf->usageflags.sign || prkdf->usageflags.sign_recover
|
||||
||prkdf->usageflags.non_repudiation))
|
||||
{
|
||||
log_error ("key %s may not be used for signing\n", keyidstr);
|
||||
log_error ("p15: key %s may not be used for signing\n", keyidstr);
|
||||
return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
|
||||
}
|
||||
|
||||
if (!prkdf->authid)
|
||||
{
|
||||
log_error ("no authentication object defined for %s\n", keyidstr);
|
||||
log_error ("p15: no authentication object defined for %s\n", keyidstr);
|
||||
/* fixme: we might want to go ahead and do without PIN
|
||||
verification. */
|
||||
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
|
||||
@ -3033,24 +3066,26 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
||||
break;
|
||||
if (!aodf)
|
||||
{
|
||||
log_error ("authentication object for %s missing\n", keyidstr);
|
||||
log_error ("p15: authentication object for %s missing\n", keyidstr);
|
||||
return gpg_error (GPG_ERR_INV_CARD);
|
||||
}
|
||||
if (aodf->authid)
|
||||
{
|
||||
log_error ("PIN verification is protected by an "
|
||||
log_error ("p15: PIN verification is protected by an "
|
||||
"additional authentication token\n");
|
||||
return gpg_error (GPG_ERR_BAD_PIN_METHOD);
|
||||
}
|
||||
if (aodf->pinflags.integrity_protected
|
||||
|| aodf->pinflags.confidentiality_protected)
|
||||
{
|
||||
log_error ("PIN verification requires unsupported protection method\n");
|
||||
log_error ("p15: "
|
||||
"PIN verification requires unsupported protection method\n");
|
||||
return gpg_error (GPG_ERR_BAD_PIN_METHOD);
|
||||
}
|
||||
if (!aodf->stored_length && aodf->pinflags.needs_padding)
|
||||
{
|
||||
log_error ("PIN verification requires padding but no length known\n");
|
||||
log_error ("p15: "
|
||||
"PIN verification requires padding but no length known\n");
|
||||
return gpg_error (GPG_ERR_INV_CARD);
|
||||
}
|
||||
|
||||
@ -3059,7 +3094,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
||||
err = select_ef_by_path (app, prkdf->path, prkdf->pathlen);
|
||||
if (err)
|
||||
{
|
||||
log_error ("error selecting file for key %s: %s\n",
|
||||
log_error ("p15: error selecting file for key %s: %s\n",
|
||||
keyidstr, gpg_strerror (errno));
|
||||
return err;
|
||||
}
|
||||
@ -3091,7 +3126,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
||||
}
|
||||
if (err)
|
||||
{
|
||||
log_error ("MSE failed: %s\n", gpg_strerror (err));
|
||||
log_error ("p15: MSE failed: %s\n", gpg_strerror (err));
|
||||
return err;
|
||||
}
|
||||
|
||||
@ -3112,7 +3147,8 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
||||
err = pincb (pincb_arg, "PIN", &pinvalue);
|
||||
if (err)
|
||||
{
|
||||
log_info ("PIN callback returned error: %s\n", gpg_strerror (err));
|
||||
log_info ("p15: PIN callback returned error: %s\n",
|
||||
gpg_strerror (err));
|
||||
return err;
|
||||
}
|
||||
|
||||
@ -3122,20 +3158,20 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
||||
|
||||
if (strlen (pinvalue) < aodf->min_length)
|
||||
{
|
||||
log_error ("PIN is too short; minimum length is %lu\n",
|
||||
log_error ("p15: PIN is too short; minimum length is %lu\n",
|
||||
aodf->min_length);
|
||||
err = gpg_error (GPG_ERR_BAD_PIN);
|
||||
}
|
||||
else if (aodf->stored_length && strlen (pinvalue) > aodf->stored_length)
|
||||
{
|
||||
/* This would otherwise truncate the PIN silently. */
|
||||
log_error ("PIN is too large; maximum length is %lu\n",
|
||||
log_error ("p15: PIN is too large; maximum length is %lu\n",
|
||||
aodf->stored_length);
|
||||
err = gpg_error (GPG_ERR_BAD_PIN);
|
||||
}
|
||||
else if (aodf->max_length_valid && strlen (pinvalue) > aodf->max_length)
|
||||
{
|
||||
log_error ("PIN is too large; maximum length is %lu\n",
|
||||
log_error ("p15: PIN is too large; maximum length is %lu\n",
|
||||
aodf->max_length);
|
||||
err = gpg_error (GPG_ERR_BAD_PIN);
|
||||
}
|
||||
@ -3174,7 +3210,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
||||
}
|
||||
if (errstr)
|
||||
{
|
||||
log_error ("can't verify PIN: %s\n", errstr);
|
||||
log_error ("p15: can't verify PIN: %s\n", errstr);
|
||||
xfree (pinvalue);
|
||||
return err? err : gpg_error (GPG_ERR_BAD_PIN_METHOD);
|
||||
}
|
||||
@ -3242,10 +3278,11 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
||||
xfree (pinvalue);
|
||||
if (err)
|
||||
{
|
||||
log_error ("PIN verification failed: %s\n", gpg_strerror (err));
|
||||
log_error ("p15: PIN verification failed: %s\n", gpg_strerror (err));
|
||||
return err;
|
||||
}
|
||||
log_debug ("PIN verification succeeded\n");
|
||||
if (opt.verbose)
|
||||
log_info ("p15: PIN verification succeeded\n");
|
||||
}
|
||||
|
||||
/* Prepare the DER object from INDATA. */
|
||||
@ -3311,7 +3348,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
||||
}
|
||||
if (err)
|
||||
{
|
||||
log_error ("MSE failed: %s\n", gpg_strerror (err));
|
||||
log_error ("p15: MSE failed: %s\n", gpg_strerror (err));
|
||||
return err;
|
||||
}
|
||||
|
||||
@ -3350,7 +3387,7 @@ do_auth (app_t app, const char *keyidstr,
|
||||
return err;
|
||||
if (!prkdf->usageflags.sign)
|
||||
{
|
||||
log_error ("key %s may not be used for authentication\n", keyidstr);
|
||||
log_error ("p15: key %s may not be used for authentication\n", keyidstr);
|
||||
return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
|
||||
}
|
||||
|
||||
@ -3379,7 +3416,7 @@ read_home_df (int slot, int *r_belpic)
|
||||
err = iso7816_read_binary (slot, 0, 0, &buffer, &buflen);
|
||||
if (err)
|
||||
{
|
||||
log_error ("error reading EF{DIR}: %s\n", gpg_strerror (err));
|
||||
log_error ("p15: error reading EF(DIR): %s\n", gpg_strerror (err));
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -3393,14 +3430,15 @@ read_home_df (int slot, int *r_belpic)
|
||||
&& !memcmp (pp, pkcs15be_aid, nn)))))
|
||||
{
|
||||
pp = find_tlv (p, n, 0x50, &nn);
|
||||
if (pp) /* fixme: Filter log value? */
|
||||
log_info ("pkcs#15 application label from EF(DIR) is '%.*s'\n",
|
||||
if (pp && opt.verbose)
|
||||
log_info ("p15: application label from EF(DIR) is '%.*s'\n",
|
||||
(int)nn, pp);
|
||||
pp = find_tlv (p, n, 0x51, &nn);
|
||||
if (pp && nn == 4 && *pp == 0x3f && !pp[1])
|
||||
{
|
||||
result = ((pp[2] << 8) | pp[3]);
|
||||
log_info ("pkcs#15 application directory is 0x%04hX\n", result);
|
||||
if (opt.verbose)
|
||||
log_info ("p15: application directory is 0x%04hX\n", result);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user