security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

scd: Rename 'keypad' to 'pinpad'. 

* NEWS: Mention scd changes.

* agent/divert-scd.c (getpin_cb): Change message.

* agent/call-scd.c (inq_needpin): Change the protocol to
POPUPPINPADPROMPT and DISMISSPINPADPROMPT.
* scd/command.c (pin_cb): Likewise.

* scd/apdu.c (struct reader_table_s): Rename member functions.
(check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify,
check_ccid_pinpad, ccid_pinpad_operation, apdu_check_pinpad
apdu_pinpad_verify, apdu_pinpad_modify): Rename.

* scd/apdu.h (SW_HOST_NO_PINPAD, apdu_check_pinpad)
(apdu_pinpad_verify, apdu_pinpad_modify): Rename.

* scd/iso7816.h (iso7816_check_pinpad): Rename.

* scd/iso7816.c (map_sw): Use SW_HOST_NO_PINPAD.
(iso7816_check_pinpad): Rename.
(iso7816_verify_kp, iso7816_change_reference_data_kp): Follow
the change.

* scd/ccid-driver.h (CCID_DRIVER_ERR_NO_PINPAD): Rename.
* scd/ccid-driver.c (ccid_transceive_secure): Use it.

* scd/app-dinsig.c (verify_pin): Follow the change.
* scd/app-nks.c (verify_pin): Follow the change.

* scd/app-openpgp.c (check_pinpad_request): Rename.
(parse_login_data, verify_a_chv, verify_chv3, do_change_pin): Follow
the change.

* scd/scdaemon.c (oDisablePinpad, oEnablePinpadVarlen): Rename.

* scd/scdaemon.h (opt): Rename to disable_pinpad,
enable_pinpad_varlen.

* tools/gpgconf-comp.c (gc_options_scdaemon): Rename to
disable-pinpad.
This commit is contained in:
NIIBE Yutaka 2013-02-07 10:07:51 +09:00
parent 21feecd48f
commit 7253093add
17 changed files with 145 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
NEWS
View File

@ -13,6 +13,13 @@ Noteworthy changes in version 2.1.0beta4 (unreleased)
* New option --pinentry-mode for GPG.
* New option --enable-pinpad-varlen for scdaemon.
* Rename option --disable-pinpad for scdaemon (was: --disable-keypad).
* Better support fo CCID readers. Now, internal CCID driver supports
readers with no auto configuration feature.
Noteworthy changes in version 2.1.0beta3 (2011-12-20)
-----------------------------------------------------

4
agent/call-scd.c
View File

@ -722,7 +722,7 @@ inq_needpin (void *opaque, const char *line)
rc = assuan_send_data (parm->ctx, pin, pinlen);
xfree (pin);
}
else if (!strncmp (line, "POPUPKEYPADPROMPT", 17)
else if (!strncmp (line, "POPUPPINPADPROMPT", 17)
&& (line[17] == ' ' || !line[17]))
{
line += 17;
@ -731,7 +731,7 @@ inq_needpin (void *opaque, const char *line)
rc = parm->getpin_cb (parm->getpin_cb_arg, line, NULL, 1);
}
else if (!strncmp (line, "DISMISSKEYPADPROMPT", 19)
else if (!strncmp (line, "DISMISSPINPADPROMPT", 19)
&& (line[19] == ' ' || !line[19]))
{
rc = parm->getpin_cb (parm->getpin_cb_arg, "", NULL, 0);

4
agent/divert-scd.c
View File

@ -223,7 +223,7 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf)
else if (info && *info == '|')
log_debug ("pin_cb called without proper PIN info hack\n");
/* If BUF has been passed as NULL, we are in keypad mode: The
/* If BUF has been passed as NULL, we are in pinpad mode: The
callback opens the popup and immediatley returns. */
if (!buf)
{
@ -239,7 +239,7 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf)
char *desc;
if ( asprintf (&desc,
_("%s%%0A%%0AUse the reader's keypad for input."),
_("%s%%0A%%0AUse the reader's pinpad for input."),
info) < 0 )
rc = gpg_error_from_syserror ();
else

14
doc/scdaemon.texi
View File

@ -287,10 +287,18 @@ Note that with the current version of Scdaemon the card is powered
down immediately at the next timer tick for any value of @var{n} other
than 0.
@item --enable-pinpad-varlen
@opindex enable-pinpad-varlen
Please specify this option when the card reader supports variable
length input for pinpad (default is no). For known readers listed in
ccid-driver, this option is not needed. Note that if your card reader
doesn't supports variable length input but you want to use it, you
need to specify your pinpad request on your card.
@item --disable-keypad
@opindex disable-keypad
Even if a card reader features a keypad, do not try to use it.
@item --disable-pinpad
@opindex disable-pinpad
Even if a card reader features a pinpad, do not try to use it.
@item --deny-admin

76
scd/apdu.c
View File

@ -97,11 +97,11 @@ struct reader_table_s {
int (*get_status_reader)(int, unsigned int *);
int (*send_apdu_reader)(int,unsigned char *,size_t,
unsigned char *, size_t *, pininfo_t *);
int (*check_keypad)(int, int, pininfo_t *);
int (*check_pinpad)(int, int, pininfo_t *);
void (*dump_status_reader)(int);
int (*set_progress_cb)(int, gcry_handler_progress_t, void*);
int (*keypad_verify)(int, int, int, int, int, pininfo_t *);
int (*keypad_modify)(int, int, int, int, int, pininfo_t *);
int (*pinpad_verify)(int, int, int, int, int, pininfo_t *);
int (*pinpad_modify)(int, int, int, int, int, pininfo_t *);
struct {
ccid_driver_t handle;
@ -319,10 +319,10 @@ static int reset_pcsc_reader (int slot);
static int apdu_get_status_internal (int slot, int hang, int no_atr_reset,
unsigned int *status,
unsigned int *changed);
static int check_pcsc_keypad (int slot, int command, pininfo_t *pininfo);
static int pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1,
static int check_pcsc_pinpad (int slot, int command, pininfo_t *pininfo);
static int pcsc_pinpad_verify (int slot, int class, int ins, int p0, int p1,
pininfo_t *pininfo);
static int pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1,
static int pcsc_pinpad_modify (int slot, int class, int ins, int p0, int p1,
pininfo_t *pininfo);
@ -369,11 +369,11 @@ new_reader_slot (void)
reader_table[reader].reset_reader = NULL;
reader_table[reader].get_status_reader = NULL;
reader_table[reader].send_apdu_reader = NULL;
reader_table[reader].check_keypad = check_pcsc_keypad;
reader_table[reader].check_pinpad = check_pcsc_pinpad;
reader_table[reader].dump_status_reader = NULL;
reader_table[reader].set_progress_cb = NULL;
reader_table[reader].keypad_verify = pcsc_keypad_verify;
reader_table[reader].keypad_modify = pcsc_keypad_modify;
reader_table[reader].pinpad_verify = pcsc_pinpad_verify;
reader_table[reader].pinpad_modify = pcsc_pinpad_modify;
reader_table[reader].used = 1;
reader_table[reader].any_status = 0;
@ -428,7 +428,7 @@ host_sw_string (long err)
case SW_HOST_GENERAL_ERROR: return "general error";
case SW_HOST_NO_READER: return "no reader";
case SW_HOST_ABORTED: return "aborted";
case SW_HOST_NO_KEYPAD: return "no keypad";
case SW_HOST_NO_PINPAD: return "no pinpad";
case SW_HOST_ALREADY_CONNECTED: return "already connected";
default: return "unknown host status error";
}
@ -661,10 +661,10 @@ open_ct_reader (int port)
reader_table[reader].reset_reader = reset_ct_reader;
reader_table[reader].get_status_reader = ct_get_status;
reader_table[reader].send_apdu_reader = ct_send_apdu;
reader_table[reader].check_keypad = NULL;
reader_table[reader].check_pinpad = NULL;
reader_table[reader].dump_status_reader = ct_dump_reader_status;
reader_table[reader].keypad_verify = NULL;
reader_table[reader].keypad_modify = NULL;
reader_table[reader].pinpad_verify = NULL;
reader_table[reader].pinpad_modify = NULL;
dump_reader_status (reader);
return reader;
@ -1978,9 +1978,9 @@ open_pcsc_reader (const char *portstr)
/* Check whether the reader supports the ISO command code COMMAND
on the keypad. Return 0 on success. */
on the pinpad. Return 0 on success. */
static int
check_pcsc_keypad (int slot, int command, pininfo_t *pininfo)
check_pcsc_pinpad (int slot, int command, pininfo_t *pininfo)
{
unsigned char buf[256];
size_t len = 256;
@ -2037,7 +2037,7 @@ check_pcsc_keypad (int slot, int command, pininfo_t *pininfo)
#define PIN_VERIFY_STRUCTURE_SIZE 24
static int
pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1,
pcsc_pinpad_verify (int slot, int class, int ins, int p0, int p1,
pininfo_t *pininfo)
{
int sw;
@ -2120,7 +2120,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1,
#define PIN_MODIFY_STRUCTURE_SIZE 29
static int
pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1,
pcsc_pinpad_modify (int slot, int class, int ins, int p0, int p1,
pininfo_t *pininfo)
{
int sw;
@ -2325,10 +2325,10 @@ send_apdu_ccid (int slot, unsigned char *apdu, size_t apdulen,
/* Check whether the CCID reader supports the ISO command code COMMAND
on the keypad. Return 0 on success. For a description of the pin
on the pinpad. Return 0 on success. For a description of the pin
parameters, see ccid-driver.c */
static int
check_ccid_keypad (int slot, int command, pininfo_t *pininfo)
check_ccid_pinpad (int slot, int command, pininfo_t *pininfo)
{
unsigned char apdu[] = { 0, 0, 0, 0x81 };
@ -2339,7 +2339,7 @@ check_ccid_keypad (int slot, int command, pininfo_t *pininfo)
static int
ccid_keypad_operation (int slot, int class, int ins, int p0, int p1,
ccid_pinpad_operation (int slot, int class, int ins, int p0, int p1,
pininfo_t *pininfo)
{
unsigned char apdu[4];
@ -2406,11 +2406,11 @@ open_ccid_reader (const char *portstr)
reader_table[slot].reset_reader = reset_ccid_reader;
reader_table[slot].get_status_reader = get_status_ccid;
reader_table[slot].send_apdu_reader = send_apdu_ccid;
reader_table[slot].check_keypad = check_ccid_keypad;
reader_table[slot].check_pinpad = check_ccid_pinpad;
reader_table[slot].dump_status_reader = dump_ccid_reader_status;
reader_table[slot].set_progress_cb = set_progress_cb_ccid_reader;
reader_table[slot].keypad_verify = ccid_keypad_operation;
reader_table[slot].keypad_modify = ccid_keypad_operation;
reader_table[slot].pinpad_verify = ccid_pinpad_operation;
reader_table[slot].pinpad_modify = ccid_pinpad_operation;
/* Our CCID reader code does not support T=0 at all, thus reset the
flag. */
reader_table[slot].is_t0 = 0;
@ -2701,10 +2701,10 @@ open_rapdu_reader (int portno,
reader_table[slot].reset_reader = reset_rapdu_reader;
reader_table[slot].get_status_reader = my_rapdu_get_status;
reader_table[slot].send_apdu_reader = my_rapdu_send_apdu;
reader_table[slot].check_keypad = NULL;
reader_table[slot].check_pinpad = NULL;
reader_table[slot].dump_status_reader = NULL;
reader_table[slot].keypad_verify = NULL;
reader_table[slot].keypad_modify = NULL;
reader_table[slot].pinpad_verify = NULL;
reader_table[slot].pinpad_modify = NULL;
dump_reader_status (slot);
rapdu_msg_release (msg);
@ -3392,25 +3392,25 @@ apdu_get_status (int slot, int hang,
/* Check whether the reader supports the ISO command code COMMAND on
the keypad. Return 0 on success. For a description of the pin
the pinpad. Return 0 on success. For a description of the pin
parameters, see ccid-driver.c */
int
apdu_check_keypad (int slot, int command, pininfo_t *pininfo)
apdu_check_pinpad (int slot, int command, pininfo_t *pininfo)
{
if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used )
return SW_HOST_NO_DRIVER;
if (opt.enable_keypad_varlen)
if (opt.enable_pinpad_varlen)
pininfo->fixedlen = 0;
if (reader_table[slot].check_keypad)
if (reader_table[slot].check_pinpad)
{
int sw;
if ((sw = lock_slot (slot)))
return sw;
sw = reader_table[slot].check_keypad (slot, command, pininfo);
sw = reader_table[slot].check_pinpad (slot, command, pininfo);
unlock_slot (slot);
return sw;
}
@ -3420,20 +3420,20 @@ apdu_check_keypad (int slot, int command, pininfo_t *pininfo)
int
apdu_keypad_verify (int slot, int class, int ins, int p0, int p1,
apdu_pinpad_verify (int slot, int class, int ins, int p0, int p1,
pininfo_t *pininfo)
{
if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used )
return SW_HOST_NO_DRIVER;
if (reader_table[slot].keypad_verify)
if (reader_table[slot].pinpad_verify)
{
int sw;
if ((sw = lock_slot (slot)))
return sw;
sw = reader_table[slot].keypad_verify (slot, class, ins, p0, p1,
sw = reader_table[slot].pinpad_verify (slot, class, ins, p0, p1,
pininfo);
unlock_slot (slot);
return sw;
@ -3444,20 +3444,20 @@ apdu_keypad_verify (int slot, int class, int ins, int p0, int p1,
int
apdu_keypad_modify (int slot, int class, int ins, int p0, int p1,
apdu_pinpad_modify (int slot, int class, int ins, int p0, int p1,
pininfo_t *pininfo)
{
if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used )
return SW_HOST_NO_DRIVER;
if (reader_table[slot].keypad_modify)
if (reader_table[slot].pinpad_modify)
{
int sw;
if ((sw = lock_slot (slot)))
return sw;
sw = reader_table[slot].keypad_modify (slot, class, ins, p0, p1,
sw = reader_table[slot].pinpad_modify (slot, class, ins, p0, p1,
pininfo);
unlock_slot (slot);
return sw;
@ -3487,7 +3487,7 @@ send_apdu (int slot, unsigned char *apdu, size_t apdulen,
/* Core APDU tranceiver function. Parameters are described at
apdu_send_le with the exception of PININFO which indicates keypad
apdu_send_le with the exception of PININFO which indicates pinpad
related operations if not NULL. If EXTENDED_MODE is not 0
command chaining or extended length will be used according to these
values:

8
scd/apdu.h
View File

@ -69,7 +69,7 @@ enum {
SW_HOST_GENERAL_ERROR = 0x1000b,
SW_HOST_NO_READER = 0x1000c,
SW_HOST_ABORTED = 0x1000d,
SW_HOST_NO_KEYPAD = 0x1000e,
SW_HOST_NO_PINPAD = 0x1000e,
SW_HOST_ALREADY_CONNECTED = 0x1000f
};
@ -114,10 +114,10 @@ int apdu_set_progress_cb (int slot, gcry_handler_progress_t cb, void *cb_arg);
int apdu_reset (int slot);
int apdu_get_status (int slot, int hang,
unsigned int *status, unsigned int *changed);
int apdu_check_keypad (int slot, int command, pininfo_t *pininfo);
int apdu_keypad_verify (int slot, int class, int ins, int p0, int p1,
int apdu_check_pinpad (int slot, int command, pininfo_t *pininfo);
int apdu_pinpad_verify (int slot, int class, int ins, int p0, int p1,
pininfo_t *pininfo);
int apdu_keypad_modify (int slot, int class, int ins, int p0, int p1,
int apdu_pinpad_modify (int slot, int class, int ins, int p0, int p1,
pininfo_t *pininfo);
int apdu_send_simple (int slot, int extended_mode,
int class, int ins, int p0, int p1,

8
scd/app-dinsig.c
View File

@ -292,11 +292,11 @@ verify_pin (app_t app,
pininfo.minlen = 6;
pininfo.maxlen = 8;
if (!opt.disable_keypad
&& !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) )
if (!opt.disable_pinpad
&& !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo) )
{
rc = pincb (pincb_arg,
_("||Please enter your PIN at the reader's keypad"),
_("||Please enter your PIN at the reader's pinpad"),
NULL);
if (rc)
{
@ -308,7 +308,7 @@ verify_pin (app_t app,
/* Dismiss the prompt. */
pincb (pincb_arg, NULL, NULL);
}
else /* No Keypad. */
else /* No Pinpad. */
{
char *pinvalue;

4
scd/app-nks.c
View File

@ -792,8 +792,8 @@ verify_pin (app_t app, int pwid, const char *desc,
pininfo.minlen = 6;
pininfo.maxlen = 16;
if (!opt.disable_keypad
&& !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) )
if (!opt.disable_pinpad
&& !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo) )
{
rc = pincb (pincb_arg, desc, NULL);
if (rc)

86
scd/app-openpgp.c
View File

@ -191,13 +191,13 @@ struct app_local_s {
unsigned int def_chv2:1; /* Use 123456 for CHV2. */
} flags;
/* Keypad request specified on card. */
/* Pinpad request specified on card. */
struct
{
unsigned int specified:1;
int fixedlen_user;
int fixedlen_admin;
} keypad;
} pinpad;
struct
{
@ -600,11 +600,11 @@ count_bits (const unsigned char *a, size_t len)
Bit 1 = CHV2 has been been set to the default PIN of "123456"
(this implies that bit 0 is also set).
P=<keypad-request>
P=<pinpad-request>
Where KEYPAD_REQUEST is in the format of: <n> or <n>,<m>.
Where PINPAD_REQUEST is in the format of: <n> or <n>,<m>.
N for user PIN, M for admin PIN. If M is missing it means M=N.
0 means to force not to use keypad.
0 means to force not to use pinpad.
*/
static void
@ -617,9 +617,9 @@ parse_login_data (app_t app)
/* Set defaults. */
app->app_local->flags.no_sync = 0;
app->app_local->flags.def_chv2 = 0;
app->app_local->keypad.specified = 0;
app->app_local->keypad.fixedlen_user = -1;
app->app_local->keypad.fixedlen_admin = -1;
app->app_local->pinpad.specified = 0;
app->app_local->pinpad.fixedlen_user = -1;
app->app_local->pinpad.fixedlen_admin = -1;
/* Read the DO. */
relptr = get_one_do (app, 0x005E, &buffer, &buflen, NULL);
@ -654,7 +654,7 @@ parse_login_data (app_t app)
}
else if (buflen > 1 && *buffer == 'P' && buffer[1] == '=')
{
/* Keypad request control sequence found. */
/* Pinpad request control sequence found. */
buffer += 2;
buflen -= 2;
@ -687,9 +687,9 @@ parse_login_data (app_t app)
if (buflen && !(*buffer == '\n' || *buffer == '\x18'))
goto next;
app->app_local->keypad.specified = 1;
app->app_local->keypad.fixedlen_user = n;
app->app_local->keypad.fixedlen_admin = m;
app->app_local->pinpad.specified = 1;
app->app_local->pinpad.fixedlen_user = n;
app->app_local->pinpad.fixedlen_admin = m;
}
}
}
@ -1530,14 +1530,14 @@ do_readcert (app_t app, const char *certid,
}
/* Decide if we use the keypad of the reader for PIN input according
/* Decide if we use the pinpad of the reader for PIN input according
to the user preference on the card, and the capability of the
reader. This routine is only called when the reader has keypad.
Returns 0 if we use keypad, 1 otherwise. */
reader. This routine is only called when the reader has pinpad.
Returns 0 if we use pinpad, 1 otherwise. */
static int
check_keypad_request (app_t app, pininfo_t *pininfo, int admin_pin)
check_pinpad_request (app_t app, pininfo_t *pininfo, int admin_pin)
{
if (app->app_local->keypad.specified == 0) /* No preference on card. */
if (app->app_local->pinpad.specified == 0) /* No preference on card. */
{
if (pininfo->fixedlen == 0) /* Reader has varlen capability. */
return 0; /* Then, use pinpad. */
@ -1550,9 +1550,9 @@ check_keypad_request (app_t app, pininfo_t *pininfo, int admin_pin)
}
if (admin_pin)
pininfo->fixedlen = app->app_local->keypad.fixedlen_admin;
pininfo->fixedlen = app->app_local->pinpad.fixedlen_admin;
else
pininfo->fixedlen = app->app_local->keypad.fixedlen_user;
pininfo->fixedlen = app->app_local->pinpad.fixedlen_user;
if (pininfo->fixedlen == 0 /* User requests disable pinpad. */
|| pininfo->fixedlen < pininfo->minlen
@ -1566,14 +1566,14 @@ check_keypad_request (app_t app, pininfo_t *pininfo, int admin_pin)
/* Verify a CHV either using using the pinentry or if possibile by
using a keypad. PINCB and PINCB_ARG describe the usual callback
using a pinpad. PINCB and PINCB_ARG describe the usual callback
for the pinentry. CHVNO must be either 1 or 2. SIGCOUNT is only
used with CHV1. PINVALUE is the address of a pointer which will
receive a newly allocated block with the actual PIN (this is useful
in case that PIN shall be used for another verify operation). The
caller needs to free this value. If the function returns with
success and NULL is stored at PINVALUE, the caller should take this
as an indication that the keypad has been used.
as an indication that the pinpad has been used.
*/
static gpg_error_t
verify_a_chv (app_t app,
@ -1631,13 +1631,13 @@ verify_a_chv (app_t app,
prompt = _("||Please enter the PIN");
if (!opt.disable_keypad
&& !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo)
&& !check_keypad_request (app, &pininfo, 0))
if (!opt.disable_pinpad
&& !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo)
&& !check_pinpad_request (app, &pininfo, 0))
{
/* The reader supports the verify command through the keypad.
/* The reader supports the verify command through the pinpad.
Note that the pincb appends a text to the prompt telling the
user to use the keypad. */
user to use the pinpad. */
rc = pincb (pincb_arg, prompt, NULL);
prompt = NULL;
xfree (prompt_buffer);
@ -1656,7 +1656,7 @@ verify_a_chv (app_t app,
}
else
{
/* The reader has no keypad or we don't want to use it. */
/* The reader has no pinpad or we don't want to use it. */
rc = pincb (pincb_arg, prompt, pinvalue);
prompt = NULL;
xfree (prompt_buffer);
@ -1716,7 +1716,7 @@ verify_chv2 (app_t app,
/* For convenience we verify CHV1 here too. We do this only if
the card is not configured to require a verification before
each CHV1 controlled operation (force_chv1) and if we are not
using the keypad (PINVALUE == NULL). */
using the pinpad (PINVALUE == NULL). */
rc = iso7816_verify (app->slot, 0x81, pinvalue, strlen (pinvalue));
if (gpg_err_code (rc) == GPG_ERR_BAD_PIN)
rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED);
@ -1815,11 +1815,11 @@ verify_chv3 (app_t app,
if (rc)
return rc;
if (!opt.disable_keypad
&& !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo)
&& !check_keypad_request (app, &pininfo, 1))
if (!opt.disable_pinpad
&& !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo)
&& !check_pinpad_request (app, &pininfo, 1))
{
/* The reader supports the verify command through the keypad. */
/* The reader supports the verify command through the pinpad. */
rc = pincb (pincb_arg, prompt, NULL);
xfree (prompt);
prompt = NULL;
@ -2015,7 +2015,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
int reset_mode = !!(flags & APP_CHANGE_FLAG_RESET);
int set_resetcode = 0;
pininfo_t pininfo;
int use_keypad = 0;
int use_pinpad = 0;
int minlen = 6;
(void)ctrl;
@ -2065,16 +2065,16 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
{
/* Version 2 cards. */
if (!opt.disable_keypad
&& !iso7816_check_keypad (app->slot,
if (!opt.disable_pinpad
&& !iso7816_check_pinpad (app->slot,
ISO7816_CHANGE_REFERENCE_DATA, &pininfo)
&& !check_keypad_request (app, &pininfo, chvno == 3))
use_keypad = 1;
&& !check_pinpad_request (app, &pininfo, chvno == 3))
use_pinpad = 1;
if (reset_mode)
{
/* To reset a PIN the Admin PIN is required. */
use_keypad = 0;
use_pinpad = 0;
app->did_chv3 = 0;
rc = verify_chv3 (app, pincb, pincb_arg);
if (rc)
@ -2085,7 +2085,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
}
else if (chvno == 1 || chvno == 3)
{
if (!use_keypad)
if (!use_pinpad)
{
char *promptbuf = NULL;
const char *prompt;
@ -2128,7 +2128,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
size_t valuelen;
int remaining;
use_keypad = 0;
use_pinpad = 0;
minlen = 8;
relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL);
if (!relptr || valuelen < 7)
@ -2176,7 +2176,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
else
app->did_chv1 = app->did_chv2 = 0;
if (!use_keypad)
if (!use_pinpad)
{
/* TRANSLATORS: Do not translate the "|*|" prefixes but
keep it at the start of the string. We need this elsewhere
@ -2249,7 +2249,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
/* Version 2 cards. */
assert (chvno == 1 || chvno == 3);
if (use_keypad)
if (use_pinpad)
{
rc = pincb (pincb_arg,
chvno == 3 ?
@ -3324,7 +3324,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
sync, thus we verify CHV2 here using the given PIN. Cards
with version2 to not have the need for a separate CHV2 and
internally use just one. Obviously we can't do that if the
keypad has been used. */
pinpad has been used. */
if (!app->did_chv2 && pinvalue && !app->app_local->extcap.is_v2)
{
rc = iso7816_verify (app->slot, 0x82, pinvalue, strlen (pinvalue));

2
scd/ccid-driver.c
View File

@ -3352,7 +3352,7 @@ ccid_transceive_secure (ccid_driver_t handle,
else if (apdu_buflen >= 4 && apdu_buf[1] == 0x24 && (handle->has_pinpad & 2))
;
else
return CCID_DRIVER_ERR_NO_KEYPAD;
return CCID_DRIVER_ERR_NO_PINPAD;
if (!pininfo->minlen)
pininfo->minlen = 1;

2
scd/ccid-driver.h
View File

@ -72,7 +72,7 @@
#define CCID_DRIVER_ERR_GENERAL_ERROR 0x1000b
#define CCID_DRIVER_ERR_NO_READER 0x1000c
#define CCID_DRIVER_ERR_ABORTED 0x1000d
#define CCID_DRIVER_ERR_NO_KEYPAD 0x1000e
#define CCID_DRIVER_ERR_NO_PINPAD 0x1000e
struct ccid_driver_s;
typedef struct ccid_driver_s *ccid_driver_t;

10
scd/command.c
View File

@ -909,13 +909,13 @@ pin_cb (void *opaque, const char *info, char **retstr)
if (!retstr)
{
/* We prompt for keypad entry. To make sure that the popup has
/* We prompt for pinpad entry. To make sure that the popup has
been show we use an inquire and not just a status message.
We ignore any value returned. */
if (info)
{
log_debug ("prompting for keypad entry '%s'\n", info);
rc = estream_asprintf (&command, "POPUPKEYPADPROMPT %s", info);
log_debug ("prompting for pinpad entry '%s'\n", info);
rc = estream_asprintf (&command, "POPUPPINPADPROMPT %s", info);
if (rc < 0)
return gpg_error (gpg_err_code_from_errno (errno));
rc = assuan_inquire (ctx, command, &value, &valuelen, MAXLEN_PIN);
@ -923,8 +923,8 @@ pin_cb (void *opaque, const char *info, char **retstr)
}
else
{
log_debug ("dismiss keypad entry prompt\n");
rc = assuan_inquire (ctx, "DISMISSKEYPADPROMPT",
log_debug ("dismiss pinpad entry prompt\n");
rc = assuan_inquire (ctx, "DISMISSPINPADPROMPT",
&value, &valuelen, MAXLEN_PIN);
}
if (!rc)

16
scd/iso7816.c
View File

@ -94,7 +94,7 @@ map_sw (int sw)
case SW_HOST_GENERAL_ERROR: ec = GPG_ERR_GENERAL; break;
case SW_HOST_NO_READER: ec = GPG_ERR_ENODEV; break;
case SW_HOST_ABORTED: ec = GPG_ERR_CANCELED; break;
case SW_HOST_NO_KEYPAD: ec = GPG_ERR_NOT_SUPPORTED; break;
case SW_HOST_NO_PINPAD: ec = GPG_ERR_NOT_SUPPORTED; break;
default:
if ((sw & 0x010000))
@ -267,26 +267,26 @@ iso7816_apdu_direct (int slot, const void *apdudata, size_t apdudatalen,
/* Check whether the reader supports the ISO command code COMMAND on
the keypad. Returns 0 on success. */
the pinpad. Returns 0 on success. */
gpg_error_t
iso7816_check_keypad (int slot, int command, pininfo_t *pininfo)
iso7816_check_pinpad (int slot, int command, pininfo_t *pininfo)
{
int sw;
sw = apdu_check_keypad (slot, command, pininfo);
sw = apdu_check_pinpad (slot, command, pininfo);
return iso7816_map_sw (sw);
}
/* Perform a VERIFY command on SLOT using the card holder verification
vector CHVNO. With PININFO non-NULL the keypad of the reader will
vector CHVNO. With PININFO non-NULL the pinpad of the reader will
be used. Returns 0 on success. */
gpg_error_t
iso7816_verify_kp (int slot, int chvno, pininfo_t *pininfo)
{
int sw;
sw = apdu_keypad_verify (slot, 0x00, CMD_VERIFY, 0, chvno, pininfo);
sw = apdu_pinpad_verify (slot, 0x00, CMD_VERIFY, 0, chvno, pininfo);
return map_sw (sw);
}
@ -302,7 +302,7 @@ iso7816_verify (int slot, int chvno, const char *chv, size_t chvlen)
}
/* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder
verification vector CHVNO. With PININFO non-NULL the keypad of the
verification vector CHVNO. With PININFO non-NULL the pinpad of the
reader will be used. If IS_EXCHANGE is 0, a "change reference
data" is done, otherwise an "exchange reference data". */
gpg_error_t
@ -311,7 +311,7 @@ iso7816_change_reference_data_kp (int slot, int chvno, int is_exchange,
{
int sw;
sw = apdu_keypad_modify (slot, 0x00, CMD_CHANGE_REFERENCE_DATA,
sw = apdu_pinpad_modify (slot, 0x00, CMD_CHANGE_REFERENCE_DATA,
is_exchange ? 1 : 0, chvno, pininfo);
return map_sw (sw);
}

6
scd/iso7816.h
View File

@ -24,13 +24,13 @@
#include "cardglue.h"
#endif
/* Command codes used by iso7816_check_keypad. */
/* Command codes used by iso7816_check_pinpad. */
#define ISO7816_VERIFY 0x20
#define ISO7816_CHANGE_REFERENCE_DATA 0x24
#define ISO7816_RESET_RETRY_COUNTER 0x2C
/* Information to be passed to keypad equipped readers. See
/* Information to be passed to pinpad equipped readers. See
ccid-driver.c for details. */
struct pininfo_s
{
@ -62,7 +62,7 @@ gpg_error_t iso7816_apdu_direct (int slot,
const void *apdudata, size_t apdudatalen,
int handle_more,
unsigned char **result, size_t *resultlen);
gpg_error_t iso7816_check_keypad (int slot, int command,
gpg_error_t iso7816_check_pinpad (int slot, int command,
pininfo_t *pininfo);
gpg_error_t iso7816_verify (int slot,
int chvno, const char *chv, size_t chvlen);

19
scd/scdaemon.c
View File

@ -92,11 +92,11 @@ enum cmd_and_opt_values
opcscDriver,
oDisableCCID,
oDisableOpenSC,
oDisableKeypad,
oDisablePinpad,
oAllowAdmin,
oDenyAdmin,
oDisableApplication,
oEnableKeypadVarlen,
oEnablePinpadVarlen,
oDebugDisableTicker
};
@ -144,14 +144,14 @@ static ARGPARSE_OPTS opts[] = {
/* end --disable-ccid */),
ARGPARSE_s_u (oCardTimeout, "card-timeout",
N_("|N|disconnect the card after N seconds of inactivity")),
ARGPARSE_s_n (oDisableKeypad, "disable-keypad",
N_("do not use a reader's keypad")),
ARGPARSE_s_n (oDisablePinpad, "disable-pinpad",
N_("do not use a reader's pinpad")),
ARGPARSE_s_n (oAllowAdmin, "allow-admin", "@"),
ARGPARSE_s_n (oDenyAdmin, "deny-admin",
N_("deny the use of admin card commands")),
ARGPARSE_s_s (oDisableApplication, "disable-application", "@"),
ARGPARSE_s_n (oEnableKeypadVarlen, "enable-keypad-varlen",
N_("use variable length input for keypad")),
ARGPARSE_s_n (oEnablePinpadVarlen, "enable-pinpad-varlen",
N_("use variable length input for pinpad")),
ARGPARSE_end ()
};
@ -579,7 +579,7 @@ main (int argc, char **argv )
case oDisableCCID: opt.disable_ccid = 1; break;
case oDisableOpenSC: break;
case oDisableKeypad: opt.disable_keypad = 1; break;
case oDisablePinpad: opt.disable_pinpad = 1; break;
case oAllowAdmin: /* Dummy because allow is now the default. */
break;
@ -591,7 +591,7 @@ main (int argc, char **argv )
add_to_strlist (&opt.disabled_applications, pargs.r.ret_str);
break;
case oEnableKeypadVarlen: opt.enable_keypad_varlen = 1; break;
case oEnablePinpadVarlen: opt.enable_pinpad_varlen = 1; break;
default:
pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR;
@ -681,8 +681,9 @@ main (int argc, char **argv )
es_printf ("disable-ccid:%lu:\n", GC_OPT_FLAG_NONE );
#endif
es_printf ("deny-admin:%lu:\n", GC_OPT_FLAG_NONE );
es_printf ("disable-keypad:%lu:\n", GC_OPT_FLAG_NONE );
es_printf ("disable-pinpad:%lu:\n", GC_OPT_FLAG_NONE );
es_printf ("card-timeout:%lu:%d:\n", GC_OPT_FLAG_DEFAULT, 0);
es_printf ("enable-pinpad-varlen:%lu:\n", GC_OPT_FLAG_NONE );
scd_exit (0);
}

4
scd/scdaemon.h
View File

@ -56,8 +56,8 @@ struct
const char *pcsc_driver; /* Library to access the PC/SC system. */
const char *reader_port; /* NULL or reder port to use. */
int disable_ccid; /* Disable the use of the internal CCID driver. */
int disable_keypad; /* Do not use a keypad. */
int enable_keypad_varlen; /* Use variable length input for keypad. */
int disable_pinpad; /* Do not use a pinpad. */
int enable_pinpad_varlen; /* Use variable length input for pinpad. */
int allow_admin; /* Allow the use of admin commands for certain
cards. */
strlist_t disabled_applications; /* Card applications we do not

4
tools/gpgconf-comp.c
View File

@ -617,8 +617,8 @@ static gc_option_t gc_options_scdaemon[] =
{ "disable-ccid", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
"gnupg", "do not use the internal CCID driver",
GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
{ "disable-keypad", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
"gnupg", "do not use a reader's keypad",
{ "disable-pinpad", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
"gnupg", "do not use a reader's pinpad",
GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
{ "card-timeout", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
"gnupg", "|N|disconnect the card after N seconds of inactivity",