scd:p15: Return labels for keys and certificates.

* scd/app-p15.c (send_certinfo): Extend certinfo. (do_getattr): Support KEY-LABEL. Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-30 17:25:24 +02:00 · 2021-03-30 17:25:24 +02:00 · 7f91263632
parent 651c07a730
commit 7f91263632
3 changed files with 71 additions and 7 deletions
--- a/doc/DETAILS
+++ b/doc/DETAILS
@ -1208,6 +1208,23 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
    info available.  The format is the usual ISO string or a number
    with the seconds since Epoch.  <algostr> is the algorithm or curve
    this key uses (e.g. "rsa2048") or a "-" if not known.
+
+*** CERTINFO <certtype> <certref> [<label>]
+
+    This status is mettited for X.509 certifcates.
+    CERTTYPE is a number indicating the type of the certificate:
+     0   := Unknown
+     100 := Regular X.509 cert
+     101 := Trusted X.509 cert
+     102 := Useful X.509 cert
+     110 := Root CA cert in a special format (e.g. DINSIG)
+     111 := Root CA cert as standard X509 cert
+
+    CERTREF identifies the certificate uniquely on the card and may be
+    used to match it with a key's KEYREF.  LABEL is an optional human
+    readable decription of the certificate; it won't have any space in
+    it and is percent encoded.
+
 *** MANUFACTURER <n> [<string>]

    This status returns the Manufactorer ID as the unsigned number N.
@ -1229,12 +1246,17 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
    OPENPGP.129) and <string> is the algoritm or curve name, which
    is available for the key.

-*** KEY-TIME <keyref> <timestamp>
-    This is a response from scdaemon on GETATTR KEY-TIME.  A keyref of
-    1 gives the timestamp for the standard OpenPGP signing key, 2 for
-    the encryption key, and 3 for an authentication key.  Note that a
-    KEYPAIRINFO status lines carries the same information and should
-    be preferred.
+*** KEY-TIME <n> <timestamp>
+    This is a response from scdaemon on GETATTR KEY-TIME.  A keyref N
+    of 1 gives the timestamp for the standard OpenPGP signing key, 2
+    for the encryption key, and 3 for an authentication key.  Note
+    that a KEYPAIRINFO status lines carries the same information and
+    should be preferred.
+
+*** KEY-LABEL <keyref> <label>
+    This returns the human readbable label for the keys given by
+    KEYREF.  LABEL won't have any space in it and is percent encoded.
+    This info shall only be used for dispaly purposes.

 * Format of the --attribute-fd output

--- a/scd/app-p15.c
+++ b/scd/app-p15.c
@ -3709,6 +3709,8 @@ send_certinfo (app_t app, ctrl_t ctrl, const char *certtype,
  for (; certinfo; certinfo = certinfo->next)
    {
      char *buf, *p;
+      const char *label;
+      char *labelbuf;

      buf = xtrymalloc (9 + certinfo->objidlen*2 + 1);
      if (!buf)
@ -3723,9 +3725,18 @@ send_certinfo (app_t app, ctrl_t ctrl, const char *certtype,
      p = stpcpy (p, ".");
      bin2hex (certinfo->objid, certinfo->objidlen, p);

+      label = (certinfo->label && *certinfo->label)? certinfo->label : "-";
+      labelbuf = percent_data_escape (0, NULL, label, strlen (label));
+      if (!labelbuf)
+        {
+          xfree (buf);
+          return gpg_error_from_syserror ();
+        }
+
      send_status_info (ctrl, "CERTINFO",
                        certtype, strlen (certtype),
                        buf, strlen (buf),
+                        labelbuf, strlen (labelbuf),
                        NULL, (size_t)0);
      xfree (buf);
    }
@ -4414,6 +4425,37 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
      xfree (p);
      return err;
    }
+  else if (!strcmp (name, "KEY-LABEL"))
+    {
+      /* Send KEY-LABEL lines for all private key objects.  */
+      const char *label;
+      char *idbuf, *labelbuf;
+
+      for (prkdf = app->app_local->private_key_info; prkdf;
+           prkdf = prkdf->next)
+        {
+          idbuf = keyref_from_prkdf (app, prkdf);
+          if (!idbuf)
+            return gpg_error_from_syserror ();
+
+          label = (prkdf->label && *prkdf->label)? prkdf->label : "-";
+          labelbuf = percent_data_escape (0, NULL, label, strlen (label));
+          if (!labelbuf)
+            {
+              xfree (idbuf);
+              return gpg_error_from_syserror ();
+            }
+
+          send_status_info (ctrl, name,
+                            idbuf, strlen (idbuf),
+                            labelbuf, strlen(labelbuf),
+                            NULL, 0);
+          xfree (idbuf);
+          xfree (labelbuf);
+        }
+      return 0;
+    }
+
  return gpg_error (GPG_ERR_INV_NAME);
 }

--- a/scd/command.c
+++ b/scd/command.c
@ -458,7 +458,7 @@ static const char hlp_learn[] =
  "to the keypair info, information about all certificates stored on the\n"
  "card is also returned:\n"
  "\n"
-  "  S CERTINFO <certtype> <hexstring_with_id>\n"
+  "  S CERTINFO <certtype> <keyref> [<label>]\n"
  "\n"
  "Where CERTTYPE is a number indicating the type of certificate:\n"
  "   0   := Unknown\n"