security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

card: Allow "yubikey disable" only for Yubikey-5 and later. 

* tools/card-yubikey.c (yubikey_commands): Add new arg INFO and test
for Yubikey-5.
* tools/gpg-card.c (cmd_yubikey): Pass info to yubikey_commands.
--

The configuration can be read from a Yubikey-4 but not be written.
The mode command is also not useful because it allows only the
selection of transports.  It does not allow to disable single
applications based on one transport (like OPGP and PIV).  Thsi patch
shows an appropriate error message.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2019-03-28 10:56:28 +01:00
parent 5a3055eb72
commit 2f761251c5
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
3 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
tools/card-yubikey.c
View File

@ -310,7 +310,7 @@ yk_enable_disable (struct ykapps_s *yk, struct iface_s *iface,
* stream to output information. This function must only be called on
* Yubikeys. */
gpg_error_t
yubikey_commands (estream_t fp, int argc, char *argv[])
yubikey_commands (card_info_t info, estream_t fp, int argc, char *argv[])
{
gpg_error_t err;
enum {ykLIST, ykENABLE, ykDISABLE } cmd;
@ -336,6 +336,14 @@ yubikey_commands (estream_t fp, int argc, char *argv[])
goto leave;
}
if (info->cardversion < 0x050000 && cmd != ykLIST)
{
log_info ("Sub-command '%s' is only support by Yubikey-5 and later\n",
argv[0]);
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
goto leave;
}
/* Parse interface if needed. */
if (cmd == ykLIST)
iface.usb = iface.nfc = 1;

2
tools/gpg-card.c
View File

@ -2988,7 +2988,7 @@ cmd_yubikey (card_info_t info, char *argstr)
/* Note that we always do a learn to get a chance to the card back
* into a usable state. */
err = yubikey_commands (fp, nwords, words);
err = yubikey_commands (info, fp, nwords, words);
err2 = scd_learn (info);
if (err2)
log_error ("Error re-reading card: %s\n", gpg_strerror (err));

3
tools/gpg-card.h
View File

@ -224,7 +224,8 @@ gpg_error_t scd_checkpin (const char *serialno);
unsigned long agent_get_s2k_count (void);
/*-- card-yubikey.c --*/
gpg_error_t yubikey_commands (estream_t fp, int argc, char *argv[]);
gpg_error_t yubikey_commands (card_info_t info,
estream_t fp, int argc, char *argv[]);
#endif /*GNUPG_GPG_CARD_H*/