From 669786cf646d8636de85a3cb8b3aa83ba709d207 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 19 Feb 2021 09:50:22 +0100 Subject: [PATCH] scd: Pass ctrl parameter to more app functions. * scd/app-common.h (struct app_ctx_s): Add parameter ctrl to function pointers for readkey, setattr, sign, auth, decipher, and check_pin. -- This is a yet another patch to allow for easier backporting. --- scd/app-common.h | 15 ++++++++------- scd/app-dinsig.c | 4 +++- scd/app-nks.c | 18 ++++++++++++------ scd/app-openpgp.c | 31 ++++++++++++++++++++----------- scd/app-p15.c | 10 ++++++---- scd/app-sc-hsm.c | 12 ++++++++---- scd/app.c | 12 ++++++------ 7 files changed, 63 insertions(+), 39 deletions(-) diff --git a/scd/app-common.h b/scd/app-common.h index ba68d1ebd..e862753cf 100644 --- a/scd/app-common.h +++ b/scd/app-common.h @@ -120,25 +120,26 @@ struct app_ctx_s { gpg_error_t (*learn_status) (app_t app, ctrl_t ctrl, unsigned int flags); gpg_error_t (*readcert) (app_t app, const char *certid, unsigned char **cert, size_t *certlen); - gpg_error_t (*readkey) (app_t app, int advanced, const char *certid, - unsigned char **pk, size_t *pklen); + gpg_error_t (*readkey) (app_t app, ctrl_t ctrl, + int advanced, const char *certid, + unsigned char **pk, size_t *pklen); gpg_error_t (*getattr) (app_t app, ctrl_t ctrl, const char *name); - gpg_error_t (*setattr) (app_t app, const char *name, + gpg_error_t (*setattr) (app_t app, ctrl_t ctrl, const char *name, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const unsigned char *value, size_t valuelen); - gpg_error_t (*sign) (app_t app, + gpg_error_t (*sign) (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, unsigned char **outdata, size_t *outdatalen ); - gpg_error_t (*auth) (app_t app, const char *keyidstr, + gpg_error_t (*auth) (app_t app, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, unsigned char **outdata, size_t *outdatalen); - gpg_error_t (*decipher) (app_t app, const char *keyidstr, + gpg_error_t (*decipher) (app_t app, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, @@ -163,7 +164,7 @@ struct app_ctx_s { const char *chvnostr, unsigned int flags, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg); - gpg_error_t (*check_pin) (app_t app, const char *keyidstr, + gpg_error_t (*check_pin) (app_t app, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg); diff --git a/scd/app-dinsig.c b/scd/app-dinsig.c index a349257fe..84a06fce0 100644 --- a/scd/app-dinsig.c +++ b/scd/app-dinsig.c @@ -386,7 +386,7 @@ verify_pin (app_t app, that callback should return the PIN in an allocated buffer and store that in the 3rd argument. */ static gpg_error_t -do_sign (app_t app, const char *keyidstr, int hashalgo, +do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, @@ -408,6 +408,8 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, + the largest OID _prefix above. */ int datalen; + (void)ctrl; + if (!keyidstr || !*keyidstr) return gpg_error (GPG_ERR_INV_VALUE); if (indatalen != 20 && indatalen != 16 && indatalen != 32 diff --git a/scd/app-nks.c b/scd/app-nks.c index 7440c1830..451ff8f01 100644 --- a/scd/app-nks.c +++ b/scd/app-nks.c @@ -608,7 +608,7 @@ do_readcert (app_t app, const char *certid, certificate parsing code in commands.c:cmd_readkey. For internal use PK and PKLEN may be NULL to just check for an existing key. */ static gpg_error_t -do_readkey (app_t app, int advanced, const char *keyid, +do_readkey (app_t app, ctrl_t ctrl, int advanced, const char *keyid, unsigned char **pk, size_t *pklen) { gpg_error_t err; @@ -616,6 +616,8 @@ do_readkey (app_t app, int advanced, const char *keyid, size_t buflen[2]; unsigned short path[1] = { 0x4500 }; + (void)ctrl; + if (advanced) return GPG_ERR_NOT_SUPPORTED; @@ -683,7 +685,6 @@ do_writekey (app_t app, ctrl_t ctrl, size_t rsa_n_len, rsa_e_len; unsigned int nbits; - (void)ctrl; (void)pincb; (void)pincb_arg; @@ -692,7 +693,7 @@ do_writekey (app_t app, ctrl_t ctrl, else return gpg_error (GPG_ERR_INV_ID); - if (!force && !do_readkey (app, 0, keyid, NULL, NULL)) + if (!force && !do_readkey (app, ctrl, 0, keyid, NULL, NULL)) return gpg_error (GPG_ERR_EEXIST); /* Parse the S-expression. */ @@ -841,7 +842,7 @@ verify_pin (app_t app, int pwid, const char *desc, that callback should return the PIN in an allocated buffer and store that in the 3rd argument. */ static gpg_error_t -do_sign (app_t app, const char *keyidstr, int hashalgo, +do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, @@ -861,6 +862,8 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, + the largest OID prefix. */ size_t datalen; + (void)ctrl; + if (!keyidstr || !*keyidstr) return gpg_error (GPG_ERR_INV_VALUE); switch (indatalen) @@ -976,7 +979,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, If a PIN is required the PINCB will be used to ask for the PIN; it should return the PIN in an allocated buffer and put it into PIN. */ static gpg_error_t -do_decipher (app_t app, const char *keyidstr, +do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, @@ -988,6 +991,7 @@ do_decipher (app_t app, const char *keyidstr, int fid; int kid; + (void)ctrl; (void)r_info; if (!keyidstr || !*keyidstr || !indatalen) @@ -1263,7 +1267,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *pwidstr, /* Perform a simple verify operation. KEYIDSTR should be NULL or empty. */ static gpg_error_t -do_check_pin (app_t app, const char *pwidstr, +do_check_pin (app_t app, ctrl_t ctrl, const char *pwidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg) { @@ -1272,6 +1276,8 @@ do_check_pin (app_t app, const char *pwidstr, int is_sigg; const char *desc; + (void)ctrl; + desc = parse_pwidstr (pwidstr, 0, &is_sigg, &pwid); if (!desc) return gpg_error (GPG_ERR_INV_ID); diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 3bbc84e8a..b1121723b 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -247,7 +247,7 @@ struct app_local_s { static unsigned long convert_sig_counter_value (const unsigned char *value, size_t valuelen); static unsigned long get_sig_counter (app_t app); -static gpg_error_t do_auth (app_t app, const char *keyidstr, +static gpg_error_t do_auth (app_t app, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, @@ -1977,13 +1977,15 @@ do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags) buffer. On error PK and PKLEN are not changed and an error code is returned. */ static gpg_error_t -do_readkey (app_t app, int advanced, const char *keyid, +do_readkey (app_t app, ctrl_t ctrl, int advanced, const char *keyid, unsigned char **pk, size_t *pklen) { gpg_error_t err; int keyno; unsigned char *buf; + (void)ctrl; + if (!strcmp (keyid, "OPENPGP.1")) keyno = 0; else if (!strcmp (keyid, "OPENPGP.2")) @@ -2557,7 +2559,7 @@ verify_chv3 (app_t app, /* Handle the SETATTR operation. All arguments are already basically checked. */ static gpg_error_t -do_setattr (app_t app, const char *name, +do_setattr (app_t app, ctrl_t ctrl, const char *name, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const unsigned char *value, size_t valuelen) @@ -2595,6 +2597,8 @@ do_setattr (app_t app, const char *name, }; int exmode; + (void)ctrl; + for (idx=0; table[idx].name && strcmp (table[idx].name, name); idx++) ; if (!table[idx].name) @@ -2667,8 +2671,6 @@ do_writecert (app_t app, ctrl_t ctrl, void *pincb_arg, const unsigned char *certdata, size_t certdatalen) { - (void)ctrl; - if (strcmp (certidstr, "OPENPGP.3")) return gpg_error (GPG_ERR_INV_ID); if (!certdata || !certdatalen) @@ -2677,7 +2679,8 @@ do_writecert (app_t app, ctrl_t ctrl, return gpg_error (GPG_ERR_NOT_SUPPORTED); if (certdatalen > app->app_local->extcap.max_certlen_3) return gpg_error (GPG_ERR_TOO_LARGE); - return do_setattr (app, "CERT-3", pincb, pincb_arg, certdata, certdatalen); + return do_setattr (app, ctrl, "CERT-3", pincb, pincb_arg, + certdata, certdatalen); } @@ -4488,7 +4491,7 @@ check_keyidstr (app_t app, const char *keyidstr, int keyno, int *r_use_auth) operation to the auth command. */ static gpg_error_t -do_sign (app_t app, const char *keyidstr, int hashalgo, +do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, @@ -4602,7 +4605,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, /* Redirect to the AUTH command if asked to. */ if (use_auth) { - return do_auth (app, "OPENPGP.3", pincb, pincb_arg, + return do_auth (app, ctrl, "OPENPGP.3", pincb, pincb_arg, data, datalen, outdata, outdatalen); } @@ -4677,7 +4680,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, not match the one required for the requested action (e.g. the serial number does not match). */ static gpg_error_t -do_auth (app_t app, const char *keyidstr, +do_auth (app_t app, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, @@ -4685,6 +4688,8 @@ do_auth (app_t app, const char *keyidstr, { int rc; + (void)ctrl; + if (!keyidstr || !*keyidstr) return gpg_error (GPG_ERR_INV_VALUE); if (app->app_local->keyattr[2].key_type == KEY_TYPE_RSA @@ -4744,7 +4749,7 @@ do_auth (app_t app, const char *keyidstr, static gpg_error_t -do_decipher (app_t app, const char *keyidstr, +do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, @@ -4758,6 +4763,8 @@ do_decipher (app_t app, const char *keyidstr, int padind = 0; int fixuplen = 0; + (void)ctrl; + if (!keyidstr || !*keyidstr || !indatalen) return gpg_error (GPG_ERR_INV_VALUE); @@ -4980,13 +4987,15 @@ do_decipher (app_t app, const char *keyidstr, the "[CHV3]" being a literal string: The Admin Pin is checked if and only if the retry counter is still at 3. */ static gpg_error_t -do_check_pin (app_t app, const char *keyidstr, +do_check_pin (app_t app, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg) { int rc; int admin_pin = 0; + (void)ctrl; + if (!keyidstr || !*keyidstr) return gpg_error (GPG_ERR_INV_VALUE); diff --git a/scd/app-p15.c b/scd/app-p15.c index bd9c7c15f..53e122206 100644 --- a/scd/app-p15.c +++ b/scd/app-p15.c @@ -3622,7 +3622,7 @@ verify_pin (app_t app, that callback should return the PIN in an allocated buffer and store that as the 3rd argument. */ static gpg_error_t -do_sign (app_t app, const char *keyidstr, int hashalgo, +do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, @@ -3651,6 +3651,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, unsigned char *dataptr; int exmode, le_value; + (void)ctrl; if (!keyidstr || !*keyidstr) return gpg_error (GPG_ERR_INV_VALUE); @@ -3872,7 +3873,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, must match the criteria used for the attribute $AUTHKEYID. See do_sign for calling conventions; there is no HASHALGO, though. */ static gpg_error_t -do_auth (app_t app, const char *keyidstr, +do_auth (app_t app, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, @@ -3895,7 +3896,7 @@ do_auth (app_t app, const char *keyidstr, } algo = indatalen == 36? MD_USER_TLS_MD5SHA1 : GCRY_MD_SHA1; - return do_sign (app, keyidstr, algo, pincb, pincb_arg, + return do_sign (app, ctrl, keyidstr, algo, pincb, pincb_arg, indata, indatalen, outdata, outdatalen); } @@ -3905,7 +3906,7 @@ do_auth (app_t app, const char *keyidstr, * PINCB will be used to ask for the PIN; it should return the PIN in * an allocated buffer and put it into PIN. */ static gpg_error_t -do_decipher (app_t app, const char *keyidstr, +do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, @@ -3917,6 +3918,7 @@ do_decipher (app_t app, const char *keyidstr, aodf_object_t aodf; /* The associated authentication object. */ int exmode, le_value, padind; + (void)ctrl; (void)r_info; if (!keyidstr || !*keyidstr) diff --git a/scd/app-sc-hsm.c b/scd/app-sc-hsm.c index 56c4ceb07..cc5771e2c 100644 --- a/scd/app-sc-hsm.c +++ b/scd/app-sc-hsm.c @@ -1769,7 +1769,7 @@ verify_pin (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), the ECDSA signature in X9.62 format (SEQ/INT(r)/INT(s)) */ static gpg_error_t -do_sign (app_t app, const char *keyidstr, int hashalgo, +do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, @@ -1806,6 +1806,8 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, unsigned char algoid; int sw; + (void)ctrl; + if (!keyidstr || !*keyidstr) return gpg_error (GPG_ERR_INV_VALUE); @@ -1896,7 +1898,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, must match the criteria used for the attribute $AUTHKEYID. See do_sign for calling conventions; there is no HASHALGO, though. */ static gpg_error_t -do_auth (app_t app, const char *keyidstr, +do_auth (app_t app, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, @@ -1919,7 +1921,7 @@ do_auth (app_t app, const char *keyidstr, } algo = indatalen == 36? MD_USER_TLS_MD5SHA1 : GCRY_MD_SHA1; - return do_sign (app, keyidstr, algo, pincb, pincb_arg, + return do_sign (app, ctrl, keyidstr, algo, pincb, pincb_arg, indata, indatalen, outdata, outdatalen); } @@ -1968,7 +1970,7 @@ strip_PKCS15_padding(unsigned char *src, int srclen, unsigned char **dst, /* Decrypt a PKCS#1 V1.5 formatted cryptogram using the referenced key. */ static gpg_error_t -do_decipher (app_t app, const char *keyidstr, +do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, @@ -1983,6 +1985,8 @@ do_decipher (app_t app, const char *keyidstr, size_t p1blklen; int sw; + (void)ctrl; + if (!keyidstr || !*keyidstr || !indatalen) return gpg_error (GPG_ERR_INV_VALUE); diff --git a/scd/app.c b/scd/app.c index 8cde762cf..ba8db10af 100644 --- a/scd/app.c +++ b/scd/app.c @@ -865,7 +865,7 @@ app_readkey (app_t app, ctrl_t ctrl, int advanced, const char *keyid, err = lock_app (app, ctrl); if (err) return err; - err= app->fnc.readkey (app, advanced, keyid, pk, pklen); + err= app->fnc.readkey (app, ctrl, advanced, keyid, pk, pklen); unlock_app (app); return err; } @@ -928,7 +928,7 @@ app_setattr (app_t app, ctrl_t ctrl, const char *name, err = lock_app (app, ctrl); if (err) return err; - err = app->fnc.setattr (app, name, pincb, pincb_arg, value, valuelen); + err = app->fnc.setattr (app, ctrl, name, pincb, pincb_arg, value, valuelen); unlock_app (app); return err; } @@ -954,7 +954,7 @@ app_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo, err = lock_app (app, ctrl); if (err) return err; - err = app->fnc.sign (app, keyidstr, hashalgo, + err = app->fnc.sign (app, ctrl, keyidstr, hashalgo, pincb, pincb_arg, indata, indatalen, outdata, outdatalen); @@ -986,7 +986,7 @@ app_auth (app_t app, ctrl_t ctrl, const char *keyidstr, err = lock_app (app, ctrl); if (err) return err; - err = app->fnc.auth (app, keyidstr, + err = app->fnc.auth (app, ctrl, keyidstr, pincb, pincb_arg, indata, indatalen, outdata, outdatalen); @@ -1021,7 +1021,7 @@ app_decipher (app_t app, ctrl_t ctrl, const char *keyidstr, err = lock_app (app, ctrl); if (err) return err; - err = app->fnc.decipher (app, keyidstr, + err = app->fnc.decipher (app, ctrl, keyidstr, pincb, pincb_arg, indata, indatalen, outdata, outdatalen, @@ -1183,7 +1183,7 @@ app_check_pin (app_t app, ctrl_t ctrl, const char *keyidstr, err = lock_app (app, ctrl); if (err) return err; - err = app->fnc.check_pin (app, keyidstr, pincb, pincb_arg); + err = app->fnc.check_pin (app, ctrl, keyidstr, pincb, pincb_arg); unlock_app (app); if (opt.verbose) log_info ("operation check_pin result: %s\n", gpg_strerror (err));