diff --git a/scd/app-p15.c b/scd/app-p15.c index e393bec46..11c93dc7b 100644 --- a/scd/app-p15.c +++ b/scd/app-p15.c @@ -139,7 +139,9 @@ struct cdf_object_s /* Link to next item when used in a linked list. */ struct cdf_object_s *next; - /* Length and allocated buffer with the Id of this object. */ + /* Length and allocated buffer with the Id of this object. + * This field is used for X.509 in PKCS#11 to make it easier to + * match a private key with a certificate. */ size_t objidlen; unsigned char *objid; @@ -416,14 +418,14 @@ select_and_read_binary (int slot, unsigned short efid, const char *efid_desc, err = iso7816_select_file (slot, efid, 0); if (err) { - log_error ("error selecting %s (0x%04X): %s\n", + log_error ("p15: error selecting %s (0x%04X): %s\n", efid_desc, efid, gpg_strerror (err)); return err; } err = iso7816_read_binary (slot, 0, 0, buffer, buflen); if (err) { - log_error ("error reading %s (0x%04X): %s\n", + log_error ("p15: error reading %s (0x%04X): %s\n", efid_desc, efid, gpg_strerror (err)); return err; } @@ -443,14 +445,14 @@ select_ef_by_path (app_t app, const unsigned short *path, size_t pathlen) return gpg_error (GPG_ERR_INV_VALUE); if (pathlen && *path != 0x3f00 ) - log_debug ("WARNING: relative path selection not yet implemented\n"); + log_error ("p15: warning: relative path selection not yet implemented\n"); if (app->app_local->direct_path_selection) { err = iso7816_select_path (app->slot, path+1, pathlen-1); if (err) { - log_error ("error selecting path "); + log_error ("p15: error selecting path "); for (j=0; j < pathlen; j++) log_printf ("%04hX", path[j]); log_printf (": %s\n", gpg_strerror (err)); @@ -468,7 +470,7 @@ select_ef_by_path (app_t app, const unsigned short *path, size_t pathlen) err = iso7816_select_file (app->slot, path[i], !(i+1 == pathlen)); if (err) { - log_error ("error selecting part %d from path ", i); + log_error ("p15: error selecting part %d from path ", i); for (j=0; j < pathlen; j++) log_printf ("%04hX", path[j]); log_printf (": %s\n", gpg_strerror (err)); @@ -623,7 +625,7 @@ read_ef_odf (app_t app, unsigned short odf_fid) if (buflen < 8) { - log_error ("error: ODF too short\n"); + log_error ("p15: error: ODF too short\n"); xfree (buffer); return gpg_error (GPG_ERR_INV_OBJ); } @@ -655,7 +657,7 @@ read_ef_odf (app_t app, unsigned short odf_fid) { home_df = ((p[8]<<8)|p[9]); app->app_local->home_df = home_df; - log_info ("pkcs#15 application directory detected as 0x%04hX\n", + log_info ("p15: application directory detected as 0x%04hX\n", home_df); } @@ -667,7 +669,7 @@ read_ef_odf (app_t app, unsigned short odf_fid) } else { - log_printhex ("ODF format is not supported by us:", p, buflen); + log_printhex ("p15: ODF format not supported:", p, buflen); xfree (buffer); return gpg_error (GPG_ERR_INV_OBJ); } @@ -686,7 +688,8 @@ read_ef_odf (app_t app, unsigned short odf_fid) } if (value) { - log_error ("duplicate object type %d in ODF ignored\n",(p[0]&0x0f)); + log_error ("p15: duplicate object type %d in ODF ignored\n", + (p[0]&0x0f)); continue; } value = ((p[offset] << 8) | p[offset+1]); @@ -702,7 +705,8 @@ read_ef_odf (app_t app, unsigned short odf_fid) case 7: app->app_local->odf.data_objects = value; break; case 8: app->app_local->odf.auth_objects = value; break; default: - log_error ("unknown object type %d in ODF ignored\n", (p[0]&0x0f)); + log_error ("p15: unknown object type %d in ODF ignored\n", + (p[0]&0x0f)); } offset += 2; @@ -719,7 +723,7 @@ read_ef_odf (app_t app, unsigned short odf_fid) ; if (n < buflen) { - log_info ("warning: garbage detected at end of ODF: "); + log_info ("p15: warning: garbage detected at end of ODF: "); log_printhex ("", p, buflen); } } @@ -892,7 +896,8 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result) err = gpg_error (GPG_ERR_INV_OBJ); if (err) { - log_error ("error parsing PrKDF record: %s\n", gpg_strerror (err)); + log_error ("p15: error parsing PrKDF record: %s\n", + gpg_strerror (err)); goto leave; } pp = p; @@ -1233,38 +1238,41 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result) } - log_debug ("PrKDF %04hX: id=", fid); - for (i=0; i < prkdf->objidlen; i++) - log_printf ("%02X", prkdf->objid[i]); - log_printf (" path="); - for (i=0; i < prkdf->pathlen; i++) - log_printf ("%04hX", prkdf->path[i]); - if (prkdf->have_off) - log_printf ("[%lu/%lu]", prkdf->off, prkdf->len); - if (prkdf->authid) + if (opt.verbose) { - log_printf (" authid="); - for (i=0; i < prkdf->authidlen; i++) - log_printf ("%02X", prkdf->authid[i]); + log_info ("p15: PrKDF %04hX: id=", fid); + for (i=0; i < prkdf->objidlen; i++) + log_printf ("%02X", prkdf->objid[i]); + log_printf (" path="); + for (i=0; i < prkdf->pathlen; i++) + log_printf ("%s%04hX", i?"/":"",prkdf->path[i]); + if (prkdf->have_off) + log_printf ("[%lu/%lu]", prkdf->off, prkdf->len); + if (prkdf->authid) + { + log_printf (" authid="); + for (i=0; i < prkdf->authidlen; i++) + log_printf ("%02X", prkdf->authid[i]); + } + if (prkdf->key_reference_valid) + log_printf (" keyref=0x%02lX", prkdf->key_reference); + log_info ("p15: usage="); + s = ""; + if (prkdf->usageflags.encrypt) log_printf ("%sencrypt", s), s = ","; + if (prkdf->usageflags.decrypt) log_printf ("%sdecrypt", s), s = ","; + if (prkdf->usageflags.sign ) log_printf ("%ssign", s), s = ","; + if (prkdf->usageflags.sign_recover) + log_printf ("%ssign_recover", s), s = ","; + if (prkdf->usageflags.wrap ) log_printf ("%swrap", s), s = ","; + if (prkdf->usageflags.unwrap ) log_printf ("%sunwrap", s), s = ","; + if (prkdf->usageflags.verify ) log_printf ("%sverify", s), s = ","; + if (prkdf->usageflags.verify_recover) + log_printf ("%sverify_recover", s), s = ","; + if (prkdf->usageflags.derive ) log_printf ("%sderive", s), s = ","; + if (prkdf->usageflags.non_repudiation) + log_printf ("%snon_repudiation", s), s = ","; + log_printf ("\n"); } - if (prkdf->key_reference_valid) - log_printf (" keyref=0x%02lX", prkdf->key_reference); - log_printf (" usage="); - s = ""; - if (prkdf->usageflags.encrypt) log_printf ("%sencrypt", s), s = ","; - if (prkdf->usageflags.decrypt) log_printf ("%sdecrypt", s), s = ","; - if (prkdf->usageflags.sign ) log_printf ("%ssign", s), s = ","; - if (prkdf->usageflags.sign_recover) - log_printf ("%ssign_recover", s), s = ","; - if (prkdf->usageflags.wrap ) log_printf ("%swrap", s), s = ","; - if (prkdf->usageflags.unwrap ) log_printf ("%sunwrap", s), s = ","; - if (prkdf->usageflags.verify ) log_printf ("%sverify", s), s = ","; - if (prkdf->usageflags.verify_recover) - log_printf ("%sverify_recover", s), s = ","; - if (prkdf->usageflags.derive ) log_printf ("%sderive", s), s = ","; - if (prkdf->usageflags.non_repudiation) - log_printf ("%snon_repudiation", s), s = ","; - log_printf ("\n"); /* Put it into the list. */ prkdf->next = prkdflist; @@ -1273,7 +1281,7 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result) continue; /* Ready. */ parse_error: - log_error ("error parsing PrKDF record (%d): %s - skipped\n", + log_error ("p15: error parsing PrKDF record (%d): %s - skipped\n", where, errstr? errstr : gpg_strerror (err)); if (prkdf) { @@ -1340,7 +1348,7 @@ read_ef_cdf (app_t app, unsigned short fid, cdf_object_t *result) err = gpg_error (GPG_ERR_INV_OBJ); if (err) { - log_error ("error parsing CDF record: %s\n", gpg_strerror (err)); + log_error ("p15: error parsing CDF record: %s\n", gpg_strerror (err)); goto leave; } pp = p; @@ -1501,15 +1509,18 @@ read_ef_cdf (app_t app, unsigned short fid, cdf_object_t *result) cdf->len = ul; } - log_debug ("CDF %04hX: id=", fid); - for (i=0; i < cdf->objidlen; i++) - log_printf ("%02X", cdf->objid[i]); - log_printf (" path="); - for (i=0; i < cdf->pathlen; i++) - log_printf ("%04hX", cdf->path[i]); - if (cdf->have_off) - log_printf ("[%lu/%lu]", cdf->off, cdf->len); - log_printf ("\n"); + if (opt.verbose) + { + log_info ("p15: CDF %04hX: id=", fid); + for (i=0; i < cdf->objidlen; i++) + log_printf ("%02X", cdf->objid[i]); + log_printf (" path="); + for (i=0; i < cdf->pathlen; i++) + log_printf ("%s%04hX", i?"/":"", cdf->path[i]); + if (cdf->have_off) + log_printf ("[%lu/%lu]", cdf->off, cdf->len); + log_printf ("\n"); + } /* Put it into the list. */ cdf->next = cdflist; @@ -1518,7 +1529,7 @@ read_ef_cdf (app_t app, unsigned short fid, cdf_object_t *result) continue; /* Ready. */ parse_error: - log_error ("error parsing CDF record (%d): %s - skipped\n", + log_error ("p15: error parsing CDF record (%d): %s - skipped\n", where, errstr? errstr : gpg_strerror (err)); xfree (cdf); err = 0; @@ -1614,7 +1625,8 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result) err = gpg_error (GPG_ERR_INV_OBJ); if (err) { - log_error ("error parsing AODF record: %s\n", gpg_strerror (err)); + log_error ("p15: error parsing AODF record: %s\n", + gpg_strerror (err)); goto leave; } pp = p; @@ -2088,73 +2100,77 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result) extensions of pkcs#15. */ ready: - log_debug ("AODF %04hX: id=", fid); - for (i=0; i < aodf->objidlen; i++) - log_printf ("%02X", aodf->objid[i]); - if (aodf->authid) + if (opt.verbose) { - log_printf (" authid="); - for (i=0; i < aodf->authidlen; i++) - log_printf ("%02X", aodf->authid[i]); - } - log_printf (" flags="); - s = ""; - if (aodf->pinflags.case_sensitive) - log_printf ("%scase_sensitive", s), s = ","; - if (aodf->pinflags.local) - log_printf ("%slocal", s), s = ","; - if (aodf->pinflags.change_disabled) - log_printf ("%schange_disabled", s), s = ","; - if (aodf->pinflags.unblock_disabled) - log_printf ("%sunblock_disabled", s), s = ","; - if (aodf->pinflags.initialized) - log_printf ("%sinitialized", s), s = ","; - if (aodf->pinflags.needs_padding) - log_printf ("%sneeds_padding", s), s = ","; - if (aodf->pinflags.unblocking_pin) - log_printf ("%sunblocking_pin", s), s = ","; - if (aodf->pinflags.so_pin) - log_printf ("%sso_pin", s), s = ","; - if (aodf->pinflags.disable_allowed) - log_printf ("%sdisable_allowed", s), s = ","; - if (aodf->pinflags.integrity_protected) - log_printf ("%sintegrity_protected", s), s = ","; - if (aodf->pinflags.confidentiality_protected) - log_printf ("%sconfidentiality_protected", s), s = ","; - if (aodf->pinflags.exchange_ref_data) - log_printf ("%sexchange_ref_data", s), s = ","; - { - char numbuf[50]; - switch (aodf->pintype) + log_info ("p15: AODF %04hX: id=", fid); + for (i=0; i < aodf->objidlen; i++) + log_printf ("%02X", aodf->objid[i]); + if (aodf->authid) + { + log_printf (" authid="); + for (i=0; i < aodf->authidlen; i++) + log_printf ("%02X", aodf->authid[i]); + } + if (aodf->pin_reference_valid) + log_printf (" pinref=0x%02lX", aodf->pin_reference); + if (aodf->pathlen) + { + log_printf (" path="); + for (i=0; i < aodf->pathlen; i++) + log_printf ("%s%04hX", i?"/":"",aodf->path[i]); + if (aodf->have_off) + log_printf ("[%lu/%lu]", aodf->off, aodf->len); + } + log_printf (" min=%lu", aodf->min_length); + log_printf (" stored=%lu", aodf->stored_length); + if (aodf->max_length_valid) + log_printf (" max=%lu", aodf->max_length); + if (aodf->pad_char_valid) + log_printf (" pad=0x%02x", aodf->pad_char); + + log_info ("p15: flags="); + s = ""; + if (aodf->pinflags.case_sensitive) + log_printf ("%scase_sensitive", s), s = ","; + if (aodf->pinflags.local) + log_printf ("%slocal", s), s = ","; + if (aodf->pinflags.change_disabled) + log_printf ("%schange_disabled", s), s = ","; + if (aodf->pinflags.unblock_disabled) + log_printf ("%sunblock_disabled", s), s = ","; + if (aodf->pinflags.initialized) + log_printf ("%sinitialized", s), s = ","; + if (aodf->pinflags.needs_padding) + log_printf ("%sneeds_padding", s), s = ","; + if (aodf->pinflags.unblocking_pin) + log_printf ("%sunblocking_pin", s), s = ","; + if (aodf->pinflags.so_pin) + log_printf ("%sso_pin", s), s = ","; + if (aodf->pinflags.disable_allowed) + log_printf ("%sdisable_allowed", s), s = ","; + if (aodf->pinflags.integrity_protected) + log_printf ("%sintegrity_protected", s), s = ","; + if (aodf->pinflags.confidentiality_protected) + log_printf ("%sconfidentiality_protected", s), s = ","; + if (aodf->pinflags.exchange_ref_data) + log_printf ("%sexchange_ref_data", s), s = ","; { - case PIN_TYPE_BCD: s = "bcd"; break; - case PIN_TYPE_ASCII_NUMERIC: s = "ascii-numeric"; break; - case PIN_TYPE_UTF8: s = "utf8"; break; - case PIN_TYPE_HALF_NIBBLE_BCD: s = "half-nibble-bcd"; break; - case PIN_TYPE_ISO9564_1: s = "iso9564-1"; break; - default: - sprintf (numbuf, "%lu", (unsigned long)aodf->pintype); - s = numbuf; + char numbuf[50]; + switch (aodf->pintype) + { + case PIN_TYPE_BCD: s = "bcd"; break; + case PIN_TYPE_ASCII_NUMERIC: s = "ascii-numeric"; break; + case PIN_TYPE_UTF8: s = "utf8"; break; + case PIN_TYPE_HALF_NIBBLE_BCD: s = "half-nibble-bcd"; break; + case PIN_TYPE_ISO9564_1: s = "iso9564-1"; break; + default: + sprintf (numbuf, "%lu", (unsigned long)aodf->pintype); + s = numbuf; + } + log_printf (" type=%s", s); } - log_printf (" type=%s", s); - } - log_printf (" min=%lu", aodf->min_length); - log_printf (" stored=%lu", aodf->stored_length); - if (aodf->max_length_valid) - log_printf (" max=%lu", aodf->max_length); - if (aodf->pad_char_valid) - log_printf (" pad=0x%02x", aodf->pad_char); - if (aodf->pin_reference_valid) - log_printf (" pinref=0x%02lX", aodf->pin_reference); - if (aodf->pathlen) - { - log_printf (" path="); - for (i=0; i < aodf->pathlen; i++) - log_printf ("%04hX", aodf->path[i]); - if (aodf->have_off) - log_printf ("[%lu/%lu]", aodf->off, aodf->len); + log_printf ("\n"); } - log_printf ("\n"); /* Put it into the list. */ aodf->next = aodflist; @@ -2168,7 +2184,7 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result) goto leave; parse_error: - log_error ("error parsing AODF record (%d): %s - skipped\n", + log_error ("p15: error parsing AODF record (%d): %s - skipped\n", where, errstr? errstr : gpg_strerror (err)); err = 0; release_aodf_object (aodf); @@ -2317,7 +2333,7 @@ read_ef_tokeninfo (app_t app) err = gpg_error (GPG_ERR_INV_OBJ); if (err) { - log_error ("error parsing TokenInfo: %s\n", gpg_strerror (err)); + log_error ("p15: error parsing TokenInfo: %s\n", gpg_strerror (err)); goto leave; } @@ -2339,12 +2355,13 @@ read_ef_tokeninfo (app_t app) } if (ul) { - log_error ("invalid version %lu in TokenInfo\n", ul); + log_error ("p15: invalid version %lu in TokenInfo\n", ul); err = gpg_error (GPG_ERR_INV_OBJ); goto leave; } - log_info ("TokenInfo:\n"); + if (opt.verbose) + log_info ("p15: TokenInfo:\n"); /* serialNumber. */ err = parse_ber_header (&p, &n, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); @@ -2362,9 +2379,12 @@ read_ef_tokeninfo (app_t app) } memcpy (app->app_local->serialno, p, objlen); app->app_local->serialnolen = objlen; - /* (We use a separate log_info to avoid the "DBG:" prefix.) */ - log_info (" serialNumber .: "); - log_printhex ("", p, objlen); + if (opt.verbose) + { + /* (We use a separate log_info to avoid the "DBG:" prefix.) */ + log_info ("p15: serialNumber .: "); + log_printhex ("", p, objlen); + } p += objlen; n -= objlen; @@ -2377,7 +2397,8 @@ read_ef_tokeninfo (app_t app) goto leave; if (class == CLASS_UNIVERSAL && tag == TAG_UTF8_STRING) { - log_info (" manufacturerID: %.*s\n", (int)objlen, p); + if (opt.verbose) + log_info ("p15: manufacturerID: %.*s\n", (int)objlen, p); p += objlen; n -= objlen; /* Get next TLV. */ @@ -2390,7 +2411,8 @@ read_ef_tokeninfo (app_t app) } if (class == CLASS_CONTEXT && tag == 0) { - log_info (" label ........: %.*s\n", (int)objlen, p); + if (opt.verbose) + log_info ("p15: label ........: %.*s\n", (int)objlen, p); p += objlen; n -= objlen; /* Get next TLV. */ @@ -2404,9 +2426,12 @@ read_ef_tokeninfo (app_t app) /* The next is the mandatory tokenflags object. */ if (class == CLASS_UNIVERSAL && tag == TAG_BIT_STRING) { - log_info (" tokenflags ...:"); - print_tokeninfo_tokenflags (p, objlen); - log_printf ("\n"); + if (opt.verbose) + { + log_info ("p15: tokenflags ...:"); + print_tokeninfo_tokenflags (p, objlen); + log_printf ("\n"); + } p += objlen; n -= objlen; } @@ -2605,7 +2630,7 @@ send_keypairinfo (app_t app, ctrl_t ctrl, prkdf_object_t keyinfo) err = keygripstr_from_prkdf (app, keyinfo, gripstr); if (err) { - log_error ("can't get keygrip from "); + log_error ("p15: error getting keygrip from "); for (j=0; j < keyinfo->pathlen; j++) log_printf ("%04hX", keyinfo->path[j]); log_printf (": %s\n", gpg_strerror (err)); @@ -2693,9 +2718,12 @@ readcert_by_cdf (app_t app, cdf_object_t cdf, err = gpg_error (GPG_ERR_NOT_FOUND); if (err) { - log_error ("error reading certificate with Id "); + log_error ("p15: error reading certificate id="); for (i=0; i < cdf->objidlen; i++) log_printf ("%02X", cdf->objid[i]); + log_printf (" at "); + for (i=0; i < cdf->pathlen; i++) + log_printf ("%s%04hX", i? "/":"", cdf->path[i]); log_printf (": %s\n", gpg_strerror (err)); goto leave; } @@ -2851,7 +2879,8 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name) err = iso7816_read_binary (app->slot, 0, 0, &buffer, &buflen); if (err) { - log_error ("error accessing EF(ID): %s\n", gpg_strerror (err)); + log_error ("p15: error accessing EF(ID): %s\n", + gpg_strerror (err)); return err; } @@ -2896,7 +2925,7 @@ micardo_mse (app_t app, unsigned short fid) err = iso7816_select_file (app->slot, 0x0013, 0); if (err) { - log_error ("error reading EF_keyD: %s\n", gpg_strerror (err)); + log_error ("p15: error reading EF_keyD: %s\n", gpg_strerror (err)); return err; } @@ -2912,11 +2941,15 @@ micardo_mse (app_t app, unsigned short fid) break; /* ready */ if (err) { - log_error ("error reading EF_keyD record: %s\n", + log_error ("p15: error reading EF_keyD record: %s\n", gpg_strerror (err)); return err; } - log_printhex ("keyD record:", buffer, buflen); + if (opt.verbose) + { + log_info (buffer, buflen, "p15: keyD record: "); + log_printhex ("", buffer, buflen); + } p = find_tlv (buffer, buflen, 0x83, &n); if (p && n == 4 && ((p[2]<<8)|p[3]) == fid) { @@ -2938,7 +2971,7 @@ micardo_mse (app_t app, unsigned short fid) } if (se_num == -1) { - log_error ("CRT for keyfile %04hX not found\n", fid); + log_error ("p15: CRT for keyfile %04hX not found\n", fid); return gpg_error (GPG_ERR_NOT_FOUND); } @@ -2949,7 +2982,7 @@ micardo_mse (app_t app, unsigned short fid) err = iso7816_manage_security_env (app->slot, 0xf3, se_num, NULL, 0); if (err) { - log_error ("restoring SE to %d failed: %s\n", + log_error ("p15: restoring SE to %d failed: %s\n", se_num, gpg_strerror (err)); return err; } @@ -2964,7 +2997,7 @@ micardo_mse (app_t app, unsigned short fid) err = iso7816_manage_security_env (app->slot, 0x41, 0xb6, msebuf, 5); if (err) { - log_error ("setting SE to reference file %04hX failed: %s\n", + log_error ("p15: setting SE to reference file %04hX failed: %s\n", refdata, gpg_strerror (err)); return err; } @@ -3014,13 +3047,13 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, if (!(prkdf->usageflags.sign || prkdf->usageflags.sign_recover ||prkdf->usageflags.non_repudiation)) { - log_error ("key %s may not be used for signing\n", keyidstr); + log_error ("p15: key %s may not be used for signing\n", keyidstr); return gpg_error (GPG_ERR_WRONG_KEY_USAGE); } if (!prkdf->authid) { - log_error ("no authentication object defined for %s\n", keyidstr); + log_error ("p15: no authentication object defined for %s\n", keyidstr); /* fixme: we might want to go ahead and do without PIN verification. */ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); @@ -3033,24 +3066,26 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, break; if (!aodf) { - log_error ("authentication object for %s missing\n", keyidstr); + log_error ("p15: authentication object for %s missing\n", keyidstr); return gpg_error (GPG_ERR_INV_CARD); } if (aodf->authid) { - log_error ("PIN verification is protected by an " + log_error ("p15: PIN verification is protected by an " "additional authentication token\n"); return gpg_error (GPG_ERR_BAD_PIN_METHOD); } if (aodf->pinflags.integrity_protected || aodf->pinflags.confidentiality_protected) { - log_error ("PIN verification requires unsupported protection method\n"); + log_error ("p15: " + "PIN verification requires unsupported protection method\n"); return gpg_error (GPG_ERR_BAD_PIN_METHOD); } if (!aodf->stored_length && aodf->pinflags.needs_padding) { - log_error ("PIN verification requires padding but no length known\n"); + log_error ("p15: " + "PIN verification requires padding but no length known\n"); return gpg_error (GPG_ERR_INV_CARD); } @@ -3059,7 +3094,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, err = select_ef_by_path (app, prkdf->path, prkdf->pathlen); if (err) { - log_error ("error selecting file for key %s: %s\n", + log_error ("p15: error selecting file for key %s: %s\n", keyidstr, gpg_strerror (errno)); return err; } @@ -3091,7 +3126,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, } if (err) { - log_error ("MSE failed: %s\n", gpg_strerror (err)); + log_error ("p15: MSE failed: %s\n", gpg_strerror (err)); return err; } @@ -3112,7 +3147,8 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, err = pincb (pincb_arg, "PIN", &pinvalue); if (err) { - log_info ("PIN callback returned error: %s\n", gpg_strerror (err)); + log_info ("p15: PIN callback returned error: %s\n", + gpg_strerror (err)); return err; } @@ -3122,20 +3158,20 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, if (strlen (pinvalue) < aodf->min_length) { - log_error ("PIN is too short; minimum length is %lu\n", + log_error ("p15: PIN is too short; minimum length is %lu\n", aodf->min_length); err = gpg_error (GPG_ERR_BAD_PIN); } else if (aodf->stored_length && strlen (pinvalue) > aodf->stored_length) { /* This would otherwise truncate the PIN silently. */ - log_error ("PIN is too large; maximum length is %lu\n", + log_error ("p15: PIN is too large; maximum length is %lu\n", aodf->stored_length); err = gpg_error (GPG_ERR_BAD_PIN); } else if (aodf->max_length_valid && strlen (pinvalue) > aodf->max_length) { - log_error ("PIN is too large; maximum length is %lu\n", + log_error ("p15: PIN is too large; maximum length is %lu\n", aodf->max_length); err = gpg_error (GPG_ERR_BAD_PIN); } @@ -3174,7 +3210,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, } if (errstr) { - log_error ("can't verify PIN: %s\n", errstr); + log_error ("p15: can't verify PIN: %s\n", errstr); xfree (pinvalue); return err? err : gpg_error (GPG_ERR_BAD_PIN_METHOD); } @@ -3242,10 +3278,11 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, xfree (pinvalue); if (err) { - log_error ("PIN verification failed: %s\n", gpg_strerror (err)); + log_error ("p15: PIN verification failed: %s\n", gpg_strerror (err)); return err; } - log_debug ("PIN verification succeeded\n"); + if (opt.verbose) + log_info ("p15: PIN verification succeeded\n"); } /* Prepare the DER object from INDATA. */ @@ -3311,7 +3348,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, } if (err) { - log_error ("MSE failed: %s\n", gpg_strerror (err)); + log_error ("p15: MSE failed: %s\n", gpg_strerror (err)); return err; } @@ -3350,7 +3387,7 @@ do_auth (app_t app, const char *keyidstr, return err; if (!prkdf->usageflags.sign) { - log_error ("key %s may not be used for authentication\n", keyidstr); + log_error ("p15: key %s may not be used for authentication\n", keyidstr); return gpg_error (GPG_ERR_WRONG_KEY_USAGE); } @@ -3379,7 +3416,7 @@ read_home_df (int slot, int *r_belpic) err = iso7816_read_binary (slot, 0, 0, &buffer, &buflen); if (err) { - log_error ("error reading EF{DIR}: %s\n", gpg_strerror (err)); + log_error ("p15: error reading EF(DIR): %s\n", gpg_strerror (err)); return 0; } @@ -3393,14 +3430,15 @@ read_home_df (int slot, int *r_belpic) && !memcmp (pp, pkcs15be_aid, nn))))) { pp = find_tlv (p, n, 0x50, &nn); - if (pp) /* fixme: Filter log value? */ - log_info ("pkcs#15 application label from EF(DIR) is '%.*s'\n", + if (pp && opt.verbose) + log_info ("p15: application label from EF(DIR) is '%.*s'\n", (int)nn, pp); pp = find_tlv (p, n, 0x51, &nn); if (pp && nn == 4 && *pp == 0x3f && !pp[1]) { result = ((pp[2] << 8) | pp[3]); - log_info ("pkcs#15 application directory is 0x%04hX\n", result); + if (opt.verbose) + log_info ("p15: application directory is 0x%04hX\n", result); } } }