mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-20 14:37:08 +01:00
scd:p15: Improve diagnostics
-- This removes almost all log_debug calls and uses opt.verbose and log_info to show card information. Also avoid too long and thus harder to read lines. Signed-off-by: Werner Koch <wk@gnupg.org> (back ported from master)
This commit is contained in:
parent
60b0aa7e57
commit
135af66525
194
scd/app-p15.c
194
scd/app-p15.c
@ -139,7 +139,9 @@ struct cdf_object_s
|
|||||||
/* Link to next item when used in a linked list. */
|
/* Link to next item when used in a linked list. */
|
||||||
struct cdf_object_s *next;
|
struct cdf_object_s *next;
|
||||||
|
|
||||||
/* Length and allocated buffer with the Id of this object. */
|
/* Length and allocated buffer with the Id of this object.
|
||||||
|
* This field is used for X.509 in PKCS#11 to make it easier to
|
||||||
|
* match a private key with a certificate. */
|
||||||
size_t objidlen;
|
size_t objidlen;
|
||||||
unsigned char *objid;
|
unsigned char *objid;
|
||||||
|
|
||||||
@ -416,14 +418,14 @@ select_and_read_binary (int slot, unsigned short efid, const char *efid_desc,
|
|||||||
err = iso7816_select_file (slot, efid, 0);
|
err = iso7816_select_file (slot, efid, 0);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("error selecting %s (0x%04X): %s\n",
|
log_error ("p15: error selecting %s (0x%04X): %s\n",
|
||||||
efid_desc, efid, gpg_strerror (err));
|
efid_desc, efid, gpg_strerror (err));
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
err = iso7816_read_binary (slot, 0, 0, buffer, buflen);
|
err = iso7816_read_binary (slot, 0, 0, buffer, buflen);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("error reading %s (0x%04X): %s\n",
|
log_error ("p15: error reading %s (0x%04X): %s\n",
|
||||||
efid_desc, efid, gpg_strerror (err));
|
efid_desc, efid, gpg_strerror (err));
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
@ -443,14 +445,14 @@ select_ef_by_path (app_t app, const unsigned short *path, size_t pathlen)
|
|||||||
return gpg_error (GPG_ERR_INV_VALUE);
|
return gpg_error (GPG_ERR_INV_VALUE);
|
||||||
|
|
||||||
if (pathlen && *path != 0x3f00 )
|
if (pathlen && *path != 0x3f00 )
|
||||||
log_debug ("WARNING: relative path selection not yet implemented\n");
|
log_error ("p15: warning: relative path selection not yet implemented\n");
|
||||||
|
|
||||||
if (app->app_local->direct_path_selection)
|
if (app->app_local->direct_path_selection)
|
||||||
{
|
{
|
||||||
err = iso7816_select_path (app->slot, path+1, pathlen-1);
|
err = iso7816_select_path (app->slot, path+1, pathlen-1);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("error selecting path ");
|
log_error ("p15: error selecting path ");
|
||||||
for (j=0; j < pathlen; j++)
|
for (j=0; j < pathlen; j++)
|
||||||
log_printf ("%04hX", path[j]);
|
log_printf ("%04hX", path[j]);
|
||||||
log_printf (": %s\n", gpg_strerror (err));
|
log_printf (": %s\n", gpg_strerror (err));
|
||||||
@ -468,7 +470,7 @@ select_ef_by_path (app_t app, const unsigned short *path, size_t pathlen)
|
|||||||
err = iso7816_select_file (app->slot, path[i], !(i+1 == pathlen));
|
err = iso7816_select_file (app->slot, path[i], !(i+1 == pathlen));
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("error selecting part %d from path ", i);
|
log_error ("p15: error selecting part %d from path ", i);
|
||||||
for (j=0; j < pathlen; j++)
|
for (j=0; j < pathlen; j++)
|
||||||
log_printf ("%04hX", path[j]);
|
log_printf ("%04hX", path[j]);
|
||||||
log_printf (": %s\n", gpg_strerror (err));
|
log_printf (": %s\n", gpg_strerror (err));
|
||||||
@ -623,7 +625,7 @@ read_ef_odf (app_t app, unsigned short odf_fid)
|
|||||||
|
|
||||||
if (buflen < 8)
|
if (buflen < 8)
|
||||||
{
|
{
|
||||||
log_error ("error: ODF too short\n");
|
log_error ("p15: error: ODF too short\n");
|
||||||
xfree (buffer);
|
xfree (buffer);
|
||||||
return gpg_error (GPG_ERR_INV_OBJ);
|
return gpg_error (GPG_ERR_INV_OBJ);
|
||||||
}
|
}
|
||||||
@ -655,7 +657,7 @@ read_ef_odf (app_t app, unsigned short odf_fid)
|
|||||||
{
|
{
|
||||||
home_df = ((p[8]<<8)|p[9]);
|
home_df = ((p[8]<<8)|p[9]);
|
||||||
app->app_local->home_df = home_df;
|
app->app_local->home_df = home_df;
|
||||||
log_info ("pkcs#15 application directory detected as 0x%04hX\n",
|
log_info ("p15: application directory detected as 0x%04hX\n",
|
||||||
home_df);
|
home_df);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -667,7 +669,7 @@ read_ef_odf (app_t app, unsigned short odf_fid)
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
log_printhex ("ODF format is not supported by us:", p, buflen);
|
log_printhex ("p15: ODF format not supported:", p, buflen);
|
||||||
xfree (buffer);
|
xfree (buffer);
|
||||||
return gpg_error (GPG_ERR_INV_OBJ);
|
return gpg_error (GPG_ERR_INV_OBJ);
|
||||||
}
|
}
|
||||||
@ -686,7 +688,8 @@ read_ef_odf (app_t app, unsigned short odf_fid)
|
|||||||
}
|
}
|
||||||
if (value)
|
if (value)
|
||||||
{
|
{
|
||||||
log_error ("duplicate object type %d in ODF ignored\n",(p[0]&0x0f));
|
log_error ("p15: duplicate object type %d in ODF ignored\n",
|
||||||
|
(p[0]&0x0f));
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
value = ((p[offset] << 8) | p[offset+1]);
|
value = ((p[offset] << 8) | p[offset+1]);
|
||||||
@ -702,7 +705,8 @@ read_ef_odf (app_t app, unsigned short odf_fid)
|
|||||||
case 7: app->app_local->odf.data_objects = value; break;
|
case 7: app->app_local->odf.data_objects = value; break;
|
||||||
case 8: app->app_local->odf.auth_objects = value; break;
|
case 8: app->app_local->odf.auth_objects = value; break;
|
||||||
default:
|
default:
|
||||||
log_error ("unknown object type %d in ODF ignored\n", (p[0]&0x0f));
|
log_error ("p15: unknown object type %d in ODF ignored\n",
|
||||||
|
(p[0]&0x0f));
|
||||||
}
|
}
|
||||||
offset += 2;
|
offset += 2;
|
||||||
|
|
||||||
@ -719,7 +723,7 @@ read_ef_odf (app_t app, unsigned short odf_fid)
|
|||||||
;
|
;
|
||||||
if (n < buflen)
|
if (n < buflen)
|
||||||
{
|
{
|
||||||
log_info ("warning: garbage detected at end of ODF: ");
|
log_info ("p15: warning: garbage detected at end of ODF: ");
|
||||||
log_printhex ("", p, buflen);
|
log_printhex ("", p, buflen);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -892,7 +896,8 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result)
|
|||||||
err = gpg_error (GPG_ERR_INV_OBJ);
|
err = gpg_error (GPG_ERR_INV_OBJ);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("error parsing PrKDF record: %s\n", gpg_strerror (err));
|
log_error ("p15: error parsing PrKDF record: %s\n",
|
||||||
|
gpg_strerror (err));
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
pp = p;
|
pp = p;
|
||||||
@ -1233,12 +1238,14 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
log_debug ("PrKDF %04hX: id=", fid);
|
if (opt.verbose)
|
||||||
|
{
|
||||||
|
log_info ("p15: PrKDF %04hX: id=", fid);
|
||||||
for (i=0; i < prkdf->objidlen; i++)
|
for (i=0; i < prkdf->objidlen; i++)
|
||||||
log_printf ("%02X", prkdf->objid[i]);
|
log_printf ("%02X", prkdf->objid[i]);
|
||||||
log_printf (" path=");
|
log_printf (" path=");
|
||||||
for (i=0; i < prkdf->pathlen; i++)
|
for (i=0; i < prkdf->pathlen; i++)
|
||||||
log_printf ("%04hX", prkdf->path[i]);
|
log_printf ("%s%04hX", i?"/":"",prkdf->path[i]);
|
||||||
if (prkdf->have_off)
|
if (prkdf->have_off)
|
||||||
log_printf ("[%lu/%lu]", prkdf->off, prkdf->len);
|
log_printf ("[%lu/%lu]", prkdf->off, prkdf->len);
|
||||||
if (prkdf->authid)
|
if (prkdf->authid)
|
||||||
@ -1249,7 +1256,7 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result)
|
|||||||
}
|
}
|
||||||
if (prkdf->key_reference_valid)
|
if (prkdf->key_reference_valid)
|
||||||
log_printf (" keyref=0x%02lX", prkdf->key_reference);
|
log_printf (" keyref=0x%02lX", prkdf->key_reference);
|
||||||
log_printf (" usage=");
|
log_info ("p15: usage=");
|
||||||
s = "";
|
s = "";
|
||||||
if (prkdf->usageflags.encrypt) log_printf ("%sencrypt", s), s = ",";
|
if (prkdf->usageflags.encrypt) log_printf ("%sencrypt", s), s = ",";
|
||||||
if (prkdf->usageflags.decrypt) log_printf ("%sdecrypt", s), s = ",";
|
if (prkdf->usageflags.decrypt) log_printf ("%sdecrypt", s), s = ",";
|
||||||
@ -1265,6 +1272,7 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result)
|
|||||||
if (prkdf->usageflags.non_repudiation)
|
if (prkdf->usageflags.non_repudiation)
|
||||||
log_printf ("%snon_repudiation", s), s = ",";
|
log_printf ("%snon_repudiation", s), s = ",";
|
||||||
log_printf ("\n");
|
log_printf ("\n");
|
||||||
|
}
|
||||||
|
|
||||||
/* Put it into the list. */
|
/* Put it into the list. */
|
||||||
prkdf->next = prkdflist;
|
prkdf->next = prkdflist;
|
||||||
@ -1273,7 +1281,7 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result)
|
|||||||
continue; /* Ready. */
|
continue; /* Ready. */
|
||||||
|
|
||||||
parse_error:
|
parse_error:
|
||||||
log_error ("error parsing PrKDF record (%d): %s - skipped\n",
|
log_error ("p15: error parsing PrKDF record (%d): %s - skipped\n",
|
||||||
where, errstr? errstr : gpg_strerror (err));
|
where, errstr? errstr : gpg_strerror (err));
|
||||||
if (prkdf)
|
if (prkdf)
|
||||||
{
|
{
|
||||||
@ -1340,7 +1348,7 @@ read_ef_cdf (app_t app, unsigned short fid, cdf_object_t *result)
|
|||||||
err = gpg_error (GPG_ERR_INV_OBJ);
|
err = gpg_error (GPG_ERR_INV_OBJ);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("error parsing CDF record: %s\n", gpg_strerror (err));
|
log_error ("p15: error parsing CDF record: %s\n", gpg_strerror (err));
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
pp = p;
|
pp = p;
|
||||||
@ -1501,15 +1509,18 @@ read_ef_cdf (app_t app, unsigned short fid, cdf_object_t *result)
|
|||||||
cdf->len = ul;
|
cdf->len = ul;
|
||||||
}
|
}
|
||||||
|
|
||||||
log_debug ("CDF %04hX: id=", fid);
|
if (opt.verbose)
|
||||||
|
{
|
||||||
|
log_info ("p15: CDF %04hX: id=", fid);
|
||||||
for (i=0; i < cdf->objidlen; i++)
|
for (i=0; i < cdf->objidlen; i++)
|
||||||
log_printf ("%02X", cdf->objid[i]);
|
log_printf ("%02X", cdf->objid[i]);
|
||||||
log_printf (" path=");
|
log_printf (" path=");
|
||||||
for (i=0; i < cdf->pathlen; i++)
|
for (i=0; i < cdf->pathlen; i++)
|
||||||
log_printf ("%04hX", cdf->path[i]);
|
log_printf ("%s%04hX", i?"/":"", cdf->path[i]);
|
||||||
if (cdf->have_off)
|
if (cdf->have_off)
|
||||||
log_printf ("[%lu/%lu]", cdf->off, cdf->len);
|
log_printf ("[%lu/%lu]", cdf->off, cdf->len);
|
||||||
log_printf ("\n");
|
log_printf ("\n");
|
||||||
|
}
|
||||||
|
|
||||||
/* Put it into the list. */
|
/* Put it into the list. */
|
||||||
cdf->next = cdflist;
|
cdf->next = cdflist;
|
||||||
@ -1518,7 +1529,7 @@ read_ef_cdf (app_t app, unsigned short fid, cdf_object_t *result)
|
|||||||
continue; /* Ready. */
|
continue; /* Ready. */
|
||||||
|
|
||||||
parse_error:
|
parse_error:
|
||||||
log_error ("error parsing CDF record (%d): %s - skipped\n",
|
log_error ("p15: error parsing CDF record (%d): %s - skipped\n",
|
||||||
where, errstr? errstr : gpg_strerror (err));
|
where, errstr? errstr : gpg_strerror (err));
|
||||||
xfree (cdf);
|
xfree (cdf);
|
||||||
err = 0;
|
err = 0;
|
||||||
@ -1614,7 +1625,8 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
|
|||||||
err = gpg_error (GPG_ERR_INV_OBJ);
|
err = gpg_error (GPG_ERR_INV_OBJ);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("error parsing AODF record: %s\n", gpg_strerror (err));
|
log_error ("p15: error parsing AODF record: %s\n",
|
||||||
|
gpg_strerror (err));
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
pp = p;
|
pp = p;
|
||||||
@ -2088,7 +2100,9 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
|
|||||||
extensions of pkcs#15. */
|
extensions of pkcs#15. */
|
||||||
|
|
||||||
ready:
|
ready:
|
||||||
log_debug ("AODF %04hX: id=", fid);
|
if (opt.verbose)
|
||||||
|
{
|
||||||
|
log_info ("p15: AODF %04hX: id=", fid);
|
||||||
for (i=0; i < aodf->objidlen; i++)
|
for (i=0; i < aodf->objidlen; i++)
|
||||||
log_printf ("%02X", aodf->objid[i]);
|
log_printf ("%02X", aodf->objid[i]);
|
||||||
if (aodf->authid)
|
if (aodf->authid)
|
||||||
@ -2097,7 +2111,24 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
|
|||||||
for (i=0; i < aodf->authidlen; i++)
|
for (i=0; i < aodf->authidlen; i++)
|
||||||
log_printf ("%02X", aodf->authid[i]);
|
log_printf ("%02X", aodf->authid[i]);
|
||||||
}
|
}
|
||||||
log_printf (" flags=");
|
if (aodf->pin_reference_valid)
|
||||||
|
log_printf (" pinref=0x%02lX", aodf->pin_reference);
|
||||||
|
if (aodf->pathlen)
|
||||||
|
{
|
||||||
|
log_printf (" path=");
|
||||||
|
for (i=0; i < aodf->pathlen; i++)
|
||||||
|
log_printf ("%s%04hX", i?"/":"",aodf->path[i]);
|
||||||
|
if (aodf->have_off)
|
||||||
|
log_printf ("[%lu/%lu]", aodf->off, aodf->len);
|
||||||
|
}
|
||||||
|
log_printf (" min=%lu", aodf->min_length);
|
||||||
|
log_printf (" stored=%lu", aodf->stored_length);
|
||||||
|
if (aodf->max_length_valid)
|
||||||
|
log_printf (" max=%lu", aodf->max_length);
|
||||||
|
if (aodf->pad_char_valid)
|
||||||
|
log_printf (" pad=0x%02x", aodf->pad_char);
|
||||||
|
|
||||||
|
log_info ("p15: flags=");
|
||||||
s = "";
|
s = "";
|
||||||
if (aodf->pinflags.case_sensitive)
|
if (aodf->pinflags.case_sensitive)
|
||||||
log_printf ("%scase_sensitive", s), s = ",";
|
log_printf ("%scase_sensitive", s), s = ",";
|
||||||
@ -2138,23 +2169,8 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
|
|||||||
}
|
}
|
||||||
log_printf (" type=%s", s);
|
log_printf (" type=%s", s);
|
||||||
}
|
}
|
||||||
log_printf (" min=%lu", aodf->min_length);
|
|
||||||
log_printf (" stored=%lu", aodf->stored_length);
|
|
||||||
if (aodf->max_length_valid)
|
|
||||||
log_printf (" max=%lu", aodf->max_length);
|
|
||||||
if (aodf->pad_char_valid)
|
|
||||||
log_printf (" pad=0x%02x", aodf->pad_char);
|
|
||||||
if (aodf->pin_reference_valid)
|
|
||||||
log_printf (" pinref=0x%02lX", aodf->pin_reference);
|
|
||||||
if (aodf->pathlen)
|
|
||||||
{
|
|
||||||
log_printf (" path=");
|
|
||||||
for (i=0; i < aodf->pathlen; i++)
|
|
||||||
log_printf ("%04hX", aodf->path[i]);
|
|
||||||
if (aodf->have_off)
|
|
||||||
log_printf ("[%lu/%lu]", aodf->off, aodf->len);
|
|
||||||
}
|
|
||||||
log_printf ("\n");
|
log_printf ("\n");
|
||||||
|
}
|
||||||
|
|
||||||
/* Put it into the list. */
|
/* Put it into the list. */
|
||||||
aodf->next = aodflist;
|
aodf->next = aodflist;
|
||||||
@ -2168,7 +2184,7 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
|
|||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
parse_error:
|
parse_error:
|
||||||
log_error ("error parsing AODF record (%d): %s - skipped\n",
|
log_error ("p15: error parsing AODF record (%d): %s - skipped\n",
|
||||||
where, errstr? errstr : gpg_strerror (err));
|
where, errstr? errstr : gpg_strerror (err));
|
||||||
err = 0;
|
err = 0;
|
||||||
release_aodf_object (aodf);
|
release_aodf_object (aodf);
|
||||||
@ -2317,7 +2333,7 @@ read_ef_tokeninfo (app_t app)
|
|||||||
err = gpg_error (GPG_ERR_INV_OBJ);
|
err = gpg_error (GPG_ERR_INV_OBJ);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("error parsing TokenInfo: %s\n", gpg_strerror (err));
|
log_error ("p15: error parsing TokenInfo: %s\n", gpg_strerror (err));
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2339,12 +2355,13 @@ read_ef_tokeninfo (app_t app)
|
|||||||
}
|
}
|
||||||
if (ul)
|
if (ul)
|
||||||
{
|
{
|
||||||
log_error ("invalid version %lu in TokenInfo\n", ul);
|
log_error ("p15: invalid version %lu in TokenInfo\n", ul);
|
||||||
err = gpg_error (GPG_ERR_INV_OBJ);
|
err = gpg_error (GPG_ERR_INV_OBJ);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
log_info ("TokenInfo:\n");
|
if (opt.verbose)
|
||||||
|
log_info ("p15: TokenInfo:\n");
|
||||||
/* serialNumber. */
|
/* serialNumber. */
|
||||||
err = parse_ber_header (&p, &n, &class, &tag, &constructed,
|
err = parse_ber_header (&p, &n, &class, &tag, &constructed,
|
||||||
&ndef, &objlen, &hdrlen);
|
&ndef, &objlen, &hdrlen);
|
||||||
@ -2362,9 +2379,12 @@ read_ef_tokeninfo (app_t app)
|
|||||||
}
|
}
|
||||||
memcpy (app->app_local->serialno, p, objlen);
|
memcpy (app->app_local->serialno, p, objlen);
|
||||||
app->app_local->serialnolen = objlen;
|
app->app_local->serialnolen = objlen;
|
||||||
|
if (opt.verbose)
|
||||||
|
{
|
||||||
/* (We use a separate log_info to avoid the "DBG:" prefix.) */
|
/* (We use a separate log_info to avoid the "DBG:" prefix.) */
|
||||||
log_info (" serialNumber .: ");
|
log_info ("p15: serialNumber .: ");
|
||||||
log_printhex ("", p, objlen);
|
log_printhex ("", p, objlen);
|
||||||
|
}
|
||||||
p += objlen;
|
p += objlen;
|
||||||
n -= objlen;
|
n -= objlen;
|
||||||
|
|
||||||
@ -2377,7 +2397,8 @@ read_ef_tokeninfo (app_t app)
|
|||||||
goto leave;
|
goto leave;
|
||||||
if (class == CLASS_UNIVERSAL && tag == TAG_UTF8_STRING)
|
if (class == CLASS_UNIVERSAL && tag == TAG_UTF8_STRING)
|
||||||
{
|
{
|
||||||
log_info (" manufacturerID: %.*s\n", (int)objlen, p);
|
if (opt.verbose)
|
||||||
|
log_info ("p15: manufacturerID: %.*s\n", (int)objlen, p);
|
||||||
p += objlen;
|
p += objlen;
|
||||||
n -= objlen;
|
n -= objlen;
|
||||||
/* Get next TLV. */
|
/* Get next TLV. */
|
||||||
@ -2390,7 +2411,8 @@ read_ef_tokeninfo (app_t app)
|
|||||||
}
|
}
|
||||||
if (class == CLASS_CONTEXT && tag == 0)
|
if (class == CLASS_CONTEXT && tag == 0)
|
||||||
{
|
{
|
||||||
log_info (" label ........: %.*s\n", (int)objlen, p);
|
if (opt.verbose)
|
||||||
|
log_info ("p15: label ........: %.*s\n", (int)objlen, p);
|
||||||
p += objlen;
|
p += objlen;
|
||||||
n -= objlen;
|
n -= objlen;
|
||||||
/* Get next TLV. */
|
/* Get next TLV. */
|
||||||
@ -2404,9 +2426,12 @@ read_ef_tokeninfo (app_t app)
|
|||||||
/* The next is the mandatory tokenflags object. */
|
/* The next is the mandatory tokenflags object. */
|
||||||
if (class == CLASS_UNIVERSAL && tag == TAG_BIT_STRING)
|
if (class == CLASS_UNIVERSAL && tag == TAG_BIT_STRING)
|
||||||
{
|
{
|
||||||
log_info (" tokenflags ...:");
|
if (opt.verbose)
|
||||||
|
{
|
||||||
|
log_info ("p15: tokenflags ...:");
|
||||||
print_tokeninfo_tokenflags (p, objlen);
|
print_tokeninfo_tokenflags (p, objlen);
|
||||||
log_printf ("\n");
|
log_printf ("\n");
|
||||||
|
}
|
||||||
p += objlen;
|
p += objlen;
|
||||||
n -= objlen;
|
n -= objlen;
|
||||||
}
|
}
|
||||||
@ -2605,7 +2630,7 @@ send_keypairinfo (app_t app, ctrl_t ctrl, prkdf_object_t keyinfo)
|
|||||||
err = keygripstr_from_prkdf (app, keyinfo, gripstr);
|
err = keygripstr_from_prkdf (app, keyinfo, gripstr);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("can't get keygrip from ");
|
log_error ("p15: error getting keygrip from ");
|
||||||
for (j=0; j < keyinfo->pathlen; j++)
|
for (j=0; j < keyinfo->pathlen; j++)
|
||||||
log_printf ("%04hX", keyinfo->path[j]);
|
log_printf ("%04hX", keyinfo->path[j]);
|
||||||
log_printf (": %s\n", gpg_strerror (err));
|
log_printf (": %s\n", gpg_strerror (err));
|
||||||
@ -2693,9 +2718,12 @@ readcert_by_cdf (app_t app, cdf_object_t cdf,
|
|||||||
err = gpg_error (GPG_ERR_NOT_FOUND);
|
err = gpg_error (GPG_ERR_NOT_FOUND);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("error reading certificate with Id ");
|
log_error ("p15: error reading certificate id=");
|
||||||
for (i=0; i < cdf->objidlen; i++)
|
for (i=0; i < cdf->objidlen; i++)
|
||||||
log_printf ("%02X", cdf->objid[i]);
|
log_printf ("%02X", cdf->objid[i]);
|
||||||
|
log_printf (" at ");
|
||||||
|
for (i=0; i < cdf->pathlen; i++)
|
||||||
|
log_printf ("%s%04hX", i? "/":"", cdf->path[i]);
|
||||||
log_printf (": %s\n", gpg_strerror (err));
|
log_printf (": %s\n", gpg_strerror (err));
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
@ -2851,7 +2879,8 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
|
|||||||
err = iso7816_read_binary (app->slot, 0, 0, &buffer, &buflen);
|
err = iso7816_read_binary (app->slot, 0, 0, &buffer, &buflen);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("error accessing EF(ID): %s\n", gpg_strerror (err));
|
log_error ("p15: error accessing EF(ID): %s\n",
|
||||||
|
gpg_strerror (err));
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2896,7 +2925,7 @@ micardo_mse (app_t app, unsigned short fid)
|
|||||||
err = iso7816_select_file (app->slot, 0x0013, 0);
|
err = iso7816_select_file (app->slot, 0x0013, 0);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("error reading EF_keyD: %s\n", gpg_strerror (err));
|
log_error ("p15: error reading EF_keyD: %s\n", gpg_strerror (err));
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2912,11 +2941,15 @@ micardo_mse (app_t app, unsigned short fid)
|
|||||||
break; /* ready */
|
break; /* ready */
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("error reading EF_keyD record: %s\n",
|
log_error ("p15: error reading EF_keyD record: %s\n",
|
||||||
gpg_strerror (err));
|
gpg_strerror (err));
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
log_printhex ("keyD record:", buffer, buflen);
|
if (opt.verbose)
|
||||||
|
{
|
||||||
|
log_info (buffer, buflen, "p15: keyD record: ");
|
||||||
|
log_printhex ("", buffer, buflen);
|
||||||
|
}
|
||||||
p = find_tlv (buffer, buflen, 0x83, &n);
|
p = find_tlv (buffer, buflen, 0x83, &n);
|
||||||
if (p && n == 4 && ((p[2]<<8)|p[3]) == fid)
|
if (p && n == 4 && ((p[2]<<8)|p[3]) == fid)
|
||||||
{
|
{
|
||||||
@ -2938,7 +2971,7 @@ micardo_mse (app_t app, unsigned short fid)
|
|||||||
}
|
}
|
||||||
if (se_num == -1)
|
if (se_num == -1)
|
||||||
{
|
{
|
||||||
log_error ("CRT for keyfile %04hX not found\n", fid);
|
log_error ("p15: CRT for keyfile %04hX not found\n", fid);
|
||||||
return gpg_error (GPG_ERR_NOT_FOUND);
|
return gpg_error (GPG_ERR_NOT_FOUND);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2949,7 +2982,7 @@ micardo_mse (app_t app, unsigned short fid)
|
|||||||
err = iso7816_manage_security_env (app->slot, 0xf3, se_num, NULL, 0);
|
err = iso7816_manage_security_env (app->slot, 0xf3, se_num, NULL, 0);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("restoring SE to %d failed: %s\n",
|
log_error ("p15: restoring SE to %d failed: %s\n",
|
||||||
se_num, gpg_strerror (err));
|
se_num, gpg_strerror (err));
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
@ -2964,7 +2997,7 @@ micardo_mse (app_t app, unsigned short fid)
|
|||||||
err = iso7816_manage_security_env (app->slot, 0x41, 0xb6, msebuf, 5);
|
err = iso7816_manage_security_env (app->slot, 0x41, 0xb6, msebuf, 5);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("setting SE to reference file %04hX failed: %s\n",
|
log_error ("p15: setting SE to reference file %04hX failed: %s\n",
|
||||||
refdata, gpg_strerror (err));
|
refdata, gpg_strerror (err));
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
@ -3014,13 +3047,13 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
|||||||
if (!(prkdf->usageflags.sign || prkdf->usageflags.sign_recover
|
if (!(prkdf->usageflags.sign || prkdf->usageflags.sign_recover
|
||||||
||prkdf->usageflags.non_repudiation))
|
||prkdf->usageflags.non_repudiation))
|
||||||
{
|
{
|
||||||
log_error ("key %s may not be used for signing\n", keyidstr);
|
log_error ("p15: key %s may not be used for signing\n", keyidstr);
|
||||||
return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
|
return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!prkdf->authid)
|
if (!prkdf->authid)
|
||||||
{
|
{
|
||||||
log_error ("no authentication object defined for %s\n", keyidstr);
|
log_error ("p15: no authentication object defined for %s\n", keyidstr);
|
||||||
/* fixme: we might want to go ahead and do without PIN
|
/* fixme: we might want to go ahead and do without PIN
|
||||||
verification. */
|
verification. */
|
||||||
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
|
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
|
||||||
@ -3033,24 +3066,26 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
|||||||
break;
|
break;
|
||||||
if (!aodf)
|
if (!aodf)
|
||||||
{
|
{
|
||||||
log_error ("authentication object for %s missing\n", keyidstr);
|
log_error ("p15: authentication object for %s missing\n", keyidstr);
|
||||||
return gpg_error (GPG_ERR_INV_CARD);
|
return gpg_error (GPG_ERR_INV_CARD);
|
||||||
}
|
}
|
||||||
if (aodf->authid)
|
if (aodf->authid)
|
||||||
{
|
{
|
||||||
log_error ("PIN verification is protected by an "
|
log_error ("p15: PIN verification is protected by an "
|
||||||
"additional authentication token\n");
|
"additional authentication token\n");
|
||||||
return gpg_error (GPG_ERR_BAD_PIN_METHOD);
|
return gpg_error (GPG_ERR_BAD_PIN_METHOD);
|
||||||
}
|
}
|
||||||
if (aodf->pinflags.integrity_protected
|
if (aodf->pinflags.integrity_protected
|
||||||
|| aodf->pinflags.confidentiality_protected)
|
|| aodf->pinflags.confidentiality_protected)
|
||||||
{
|
{
|
||||||
log_error ("PIN verification requires unsupported protection method\n");
|
log_error ("p15: "
|
||||||
|
"PIN verification requires unsupported protection method\n");
|
||||||
return gpg_error (GPG_ERR_BAD_PIN_METHOD);
|
return gpg_error (GPG_ERR_BAD_PIN_METHOD);
|
||||||
}
|
}
|
||||||
if (!aodf->stored_length && aodf->pinflags.needs_padding)
|
if (!aodf->stored_length && aodf->pinflags.needs_padding)
|
||||||
{
|
{
|
||||||
log_error ("PIN verification requires padding but no length known\n");
|
log_error ("p15: "
|
||||||
|
"PIN verification requires padding but no length known\n");
|
||||||
return gpg_error (GPG_ERR_INV_CARD);
|
return gpg_error (GPG_ERR_INV_CARD);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3059,7 +3094,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
|||||||
err = select_ef_by_path (app, prkdf->path, prkdf->pathlen);
|
err = select_ef_by_path (app, prkdf->path, prkdf->pathlen);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("error selecting file for key %s: %s\n",
|
log_error ("p15: error selecting file for key %s: %s\n",
|
||||||
keyidstr, gpg_strerror (errno));
|
keyidstr, gpg_strerror (errno));
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
@ -3091,7 +3126,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
|||||||
}
|
}
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("MSE failed: %s\n", gpg_strerror (err));
|
log_error ("p15: MSE failed: %s\n", gpg_strerror (err));
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3112,7 +3147,8 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
|||||||
err = pincb (pincb_arg, "PIN", &pinvalue);
|
err = pincb (pincb_arg, "PIN", &pinvalue);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_info ("PIN callback returned error: %s\n", gpg_strerror (err));
|
log_info ("p15: PIN callback returned error: %s\n",
|
||||||
|
gpg_strerror (err));
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3122,20 +3158,20 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
|||||||
|
|
||||||
if (strlen (pinvalue) < aodf->min_length)
|
if (strlen (pinvalue) < aodf->min_length)
|
||||||
{
|
{
|
||||||
log_error ("PIN is too short; minimum length is %lu\n",
|
log_error ("p15: PIN is too short; minimum length is %lu\n",
|
||||||
aodf->min_length);
|
aodf->min_length);
|
||||||
err = gpg_error (GPG_ERR_BAD_PIN);
|
err = gpg_error (GPG_ERR_BAD_PIN);
|
||||||
}
|
}
|
||||||
else if (aodf->stored_length && strlen (pinvalue) > aodf->stored_length)
|
else if (aodf->stored_length && strlen (pinvalue) > aodf->stored_length)
|
||||||
{
|
{
|
||||||
/* This would otherwise truncate the PIN silently. */
|
/* This would otherwise truncate the PIN silently. */
|
||||||
log_error ("PIN is too large; maximum length is %lu\n",
|
log_error ("p15: PIN is too large; maximum length is %lu\n",
|
||||||
aodf->stored_length);
|
aodf->stored_length);
|
||||||
err = gpg_error (GPG_ERR_BAD_PIN);
|
err = gpg_error (GPG_ERR_BAD_PIN);
|
||||||
}
|
}
|
||||||
else if (aodf->max_length_valid && strlen (pinvalue) > aodf->max_length)
|
else if (aodf->max_length_valid && strlen (pinvalue) > aodf->max_length)
|
||||||
{
|
{
|
||||||
log_error ("PIN is too large; maximum length is %lu\n",
|
log_error ("p15: PIN is too large; maximum length is %lu\n",
|
||||||
aodf->max_length);
|
aodf->max_length);
|
||||||
err = gpg_error (GPG_ERR_BAD_PIN);
|
err = gpg_error (GPG_ERR_BAD_PIN);
|
||||||
}
|
}
|
||||||
@ -3174,7 +3210,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
|||||||
}
|
}
|
||||||
if (errstr)
|
if (errstr)
|
||||||
{
|
{
|
||||||
log_error ("can't verify PIN: %s\n", errstr);
|
log_error ("p15: can't verify PIN: %s\n", errstr);
|
||||||
xfree (pinvalue);
|
xfree (pinvalue);
|
||||||
return err? err : gpg_error (GPG_ERR_BAD_PIN_METHOD);
|
return err? err : gpg_error (GPG_ERR_BAD_PIN_METHOD);
|
||||||
}
|
}
|
||||||
@ -3242,10 +3278,11 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
|||||||
xfree (pinvalue);
|
xfree (pinvalue);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("PIN verification failed: %s\n", gpg_strerror (err));
|
log_error ("p15: PIN verification failed: %s\n", gpg_strerror (err));
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
log_debug ("PIN verification succeeded\n");
|
if (opt.verbose)
|
||||||
|
log_info ("p15: PIN verification succeeded\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Prepare the DER object from INDATA. */
|
/* Prepare the DER object from INDATA. */
|
||||||
@ -3311,7 +3348,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
|||||||
}
|
}
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("MSE failed: %s\n", gpg_strerror (err));
|
log_error ("p15: MSE failed: %s\n", gpg_strerror (err));
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3350,7 +3387,7 @@ do_auth (app_t app, const char *keyidstr,
|
|||||||
return err;
|
return err;
|
||||||
if (!prkdf->usageflags.sign)
|
if (!prkdf->usageflags.sign)
|
||||||
{
|
{
|
||||||
log_error ("key %s may not be used for authentication\n", keyidstr);
|
log_error ("p15: key %s may not be used for authentication\n", keyidstr);
|
||||||
return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
|
return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3379,7 +3416,7 @@ read_home_df (int slot, int *r_belpic)
|
|||||||
err = iso7816_read_binary (slot, 0, 0, &buffer, &buflen);
|
err = iso7816_read_binary (slot, 0, 0, &buffer, &buflen);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("error reading EF{DIR}: %s\n", gpg_strerror (err));
|
log_error ("p15: error reading EF(DIR): %s\n", gpg_strerror (err));
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3393,14 +3430,15 @@ read_home_df (int slot, int *r_belpic)
|
|||||||
&& !memcmp (pp, pkcs15be_aid, nn)))))
|
&& !memcmp (pp, pkcs15be_aid, nn)))))
|
||||||
{
|
{
|
||||||
pp = find_tlv (p, n, 0x50, &nn);
|
pp = find_tlv (p, n, 0x50, &nn);
|
||||||
if (pp) /* fixme: Filter log value? */
|
if (pp && opt.verbose)
|
||||||
log_info ("pkcs#15 application label from EF(DIR) is '%.*s'\n",
|
log_info ("p15: application label from EF(DIR) is '%.*s'\n",
|
||||||
(int)nn, pp);
|
(int)nn, pp);
|
||||||
pp = find_tlv (p, n, 0x51, &nn);
|
pp = find_tlv (p, n, 0x51, &nn);
|
||||||
if (pp && nn == 4 && *pp == 0x3f && !pp[1])
|
if (pp && nn == 4 && *pp == 0x3f && !pp[1])
|
||||||
{
|
{
|
||||||
result = ((pp[2] << 8) | pp[3]);
|
result = ((pp[2] << 8) | pp[3]);
|
||||||
log_info ("pkcs#15 application directory is 0x%04hX\n", result);
|
if (opt.verbose)
|
||||||
|
log_info ("p15: application directory is 0x%04hX\n", result);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user