scd:piv: Support listing of retired keys with KEYINFO.

* scd/app-piv.c (data_objects): Mark returned key as having a keypair.
(do_with_keygrip): Check against encrusage and not used one tag.

* tools/gpg-card.c (piv_keyref_is_retired): New.
(list_all_kinfo): Pretty print retired keys.
--

This allows to list all existing retired keys without using separate
readkey commands.

doc/gpg-card.texi

@@ -546,7 +546,7 @@ be printed; to create a new key anyway the option @samp{--force} can be
 used.  Note that only the private and public keys have been created
 but no certificates are stored in the key slots.  In fact, GnuPG uses
 its own non-standard method to store just the public key in place of
-the the certificate.  Other application will not be able to make use
+the certificate.  Other application will not be able to make use
 these keys until @command{gpgsm} or another tool has been used to
 create and store the respective certificates.   Let us see what the
 list command now shows:

scd/app-piv.c

@@ -128,45 +128,45 @@ static struct data_object_s data_objects[] = {
     "Discovery Object" },
   { 0x5FC10C, 0, 0,1, 0,0, 0, "",   "2.96.96", NULL,
     "Key History Object" },
-  { 0x5FC10D, 0, 0,1, 0,0, 0, "82", "2.16.1",  "e",
+  { 0x5FC10D, 0, 0,1, 0,0, 1, "82", "2.16.1",  "e",
     "Retired Cert Key Mgm 1" },
-  { 0x5FC10E, 0, 0,1, 0,0, 0, "83", "2.16.2",  "e",
+  { 0x5FC10E, 0, 0,1, 0,0, 1, "83", "2.16.2",  "e",
     "Retired Cert Key Mgm 2" },
-  { 0x5FC10F, 0, 0,1, 0,0, 0, "84", "2.16.3",  "e",
+  { 0x5FC10F, 0, 0,1, 0,0, 1, "84", "2.16.3",  "e",
     "Retired Cert Key Mgm 3" },
-  { 0x5FC110, 0, 0,1, 0,0, 0, "85", "2.16.4",  "e",
+  { 0x5FC110, 0, 0,1, 0,0, 1, "85", "2.16.4",  "e",
     "Retired Cert Key Mgm 4" },
-  { 0x5FC111, 0, 0,1, 0,0, 0, "86", "2.16.5",  "e",
+  { 0x5FC111, 0, 0,1, 0,0, 1, "86", "2.16.5",  "e",
     "Retired Cert Key Mgm 5" },
-  { 0x5FC112, 0, 0,1, 0,0, 0, "87", "2.16.6",  "e",
+  { 0x5FC112, 0, 0,1, 0,0, 1, "87", "2.16.6",  "e",
     "Retired Cert Key Mgm 6" },
-  { 0x5FC113, 0, 0,1, 0,0, 0, "88", "2.16.7",  "e",
+  { 0x5FC113, 0, 0,1, 0,0, 1, "88", "2.16.7",  "e",
     "Retired Cert Key Mgm 7" },
-  { 0x5FC114, 0, 0,1, 0,0, 0, "89", "2.16.8",  "e",
+  { 0x5FC114, 0, 0,1, 0,0, 1, "89", "2.16.8",  "e",
     "Retired Cert Key Mgm 8" },
-  { 0x5FC115, 0, 0,1, 0,0, 0, "8A", "2.16.9",  "e",
+  { 0x5FC115, 0, 0,1, 0,0, 1, "8A", "2.16.9",  "e",
     "Retired Cert Key Mgm 9" },
-  { 0x5FC116, 0, 0,1, 0,0, 0, "8B", "2.16.10", "e",
+  { 0x5FC116, 0, 0,1, 0,0, 1, "8B", "2.16.10", "e",
     "Retired Cert Key Mgm 10" },
-  { 0x5FC117, 0, 0,1, 0,0, 0, "8C", "2.16.11", "e",
+  { 0x5FC117, 0, 0,1, 0,0, 1, "8C", "2.16.11", "e",
     "Retired Cert Key Mgm 11" },
-  { 0x5FC118, 0, 0,1, 0,0, 0, "8D", "2.16.12", "e",
+  { 0x5FC118, 0, 0,1, 0,0, 1, "8D", "2.16.12", "e",
     "Retired Cert Key Mgm 12" },
-  { 0x5FC119, 0, 0,1, 0,0, 0, "8E", "2.16.13", "e",
+  { 0x5FC119, 0, 0,1, 0,0, 1, "8E", "2.16.13", "e",
     "Retired Cert Key Mgm 13" },
-  { 0x5FC11A, 0, 0,1, 0,0, 0, "8F", "2.16.14", "e",
+  { 0x5FC11A, 0, 0,1, 0,0, 1, "8F", "2.16.14", "e",
     "Retired Cert Key Mgm 14" },
-  { 0x5FC11B, 0, 0,1, 0,0, 0, "90", "2.16.15", "e",
+  { 0x5FC11B, 0, 0,1, 0,0, 1, "90", "2.16.15", "e",
     "Retired Cert Key Mgm 15" },
-  { 0x5FC11C, 0, 0,1, 0,0, 0, "91", "2.16.16", "e",
+  { 0x5FC11C, 0, 0,1, 0,0, 1, "91", "2.16.16", "e",
     "Retired Cert Key Mgm 16" },
-  { 0x5FC11D, 0, 0,1, 0,0, 0, "92", "2.16.17", "e",
+  { 0x5FC11D, 0, 0,1, 0,0, 1, "92", "2.16.17", "e",
     "Retired Cert Key Mgm 17" },
-  { 0x5FC11E, 0, 0,1, 0,0, 0, "93", "2.16.18", "e",
+  { 0x5FC11E, 0, 0,1, 0,0, 1, "93", "2.16.18", "e",
     "Retired Cert Key Mgm 18" },
-  { 0x5FC11F, 0, 0,1, 0,0, 0, "94", "2.16.19", "e",
+  { 0x5FC11F, 0, 0,1, 0,0, 1, "94", "2.16.19", "e",
     "Retired Cert Key Mgm 19" },
-  { 0x5FC120, 0, 0,1, 0,0, 0, "95", "2.16.20", "e",
+  { 0x5FC120, 0, 0,1, 0,0, 1, "95", "2.16.20", "e",
     "Retired Cert Key Mgm 20" },
   { 0x5FC121, 0, 2,2, 0,0, 0, "",   "2.16.21", NULL,
     "Cardholder Iris Images" },
@@ -3543,7 +3543,7 @@ do_with_keygrip (app_t app, ctrl_t ctrl, int action,
             }
           if (capability == GCRY_PK_USAGE_ENCR)
             {
-              if (strcmp (data_objects[i].keyref, "9D"))
+              if (strcmp (data_objects[i].usage, "e"))
                 continue;
             }
           if (capability == GCRY_PK_USAGE_AUTH)

tools/gpg-card.c

@@ -836,6 +836,21 @@ list_one_kinfo (card_info_t info, key_info_t kinfo,
 }
 
 
+/* Return the retired key number if KEYREF is for a retired key; 0 if
+ * not.  */
+static int
+piv_keyref_is_retired (const char *keyref)
+{
+  if (!strncmp (keyref, "PIV.8", 5)
+      && keyref[5] >= '2' && hexdigitp (keyref + 5))
+    return xtoi_1 (keyref+5) - 1;
+  else if (!strncmp (keyref, "PIV.9", 5)
+           && keyref[5] >= '0' && keyref[5] <= '5')
+    return atoi_1 (keyref+5) + 15;
+  else
+    return 0;
+}
+
 /* List all keyinfo in INFO using the list of LABELS.  */
 static void
 list_all_kinfo (card_info_t info, keyinfolabel_t labels, estream_t fp,
@@ -843,6 +858,7 @@ list_all_kinfo (card_info_t info, keyinfolabel_t labels, estream_t fp,
 {
   key_info_t kinfo;
   int idx, i, j;
+  int rn;
 
   /* Print the keyinfo.  We first print those we known and then all
    * remaining item.  */
@@ -864,9 +880,15 @@ list_all_kinfo (card_info_t info, keyinfolabel_t labels, estream_t fp,
     {
       if (kinfo->xflag)
         continue;
-      tty_fprintf (fp, "Key %s", kinfo->keyref);
-      for (i=4+strlen (kinfo->keyref), j=0; i < 18; i++, j=1)
-        tty_fprintf (fp, j? ".":" ");
+      if (info->apptype == APP_TYPE_PIV
+          && (rn = piv_keyref_is_retired (kinfo->keyref)))
+        tty_fprintf (fp, "Key retired %2d ...", rn);
+      else
+        {
+          tty_fprintf (fp, "Key %s", kinfo->keyref);
+          for (i=4+strlen (kinfo->keyref), j=0; i < 18; i++, j=1)
+            tty_fprintf (fp, j? ".":" ");
+        }
       tty_fprintf (fp, ":");
       list_one_kinfo (info, kinfo, NULL, fp, no_key_lookup, create_shadow);
     }