security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

* Makefile.am: Do not build sc-copykeys anymore. 

* app-openpgp.c (app_openpgp_storekey, app_openpgp_readkey)
(app_openpgp_cardinfo): Removed.
This commit is contained in:
Werner Koch 2005-05-23 20:18:13 +00:00
parent 487e419990
commit a43586d0e8
6 changed files with 73 additions and 250 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
doc/scdaemon.texi
View File

@ -478,12 +478,39 @@ TO BE WRITTEN.
@node Scdaemon PASSWD
@subsection Change PINs.
TO BE WRITTEN.
@example
PASSWD [--reset] @var{chvno}
@end example
Change the PIN or reset the retry counter of the card holder
verification vector number @var{chvno}.
@node Scdaemon CHECKPIN
@subsection Perform a VERIFY operation.
TO BE WRITTEN.
@example
CHECKPIN @var{idstr}
@end example
Perform a VERIFY operation without doing anything else. This may be
used to initialize a the PIN cache earlier to long lasting
operations. Its use is highly application dependent:
@table @strong
@item OpenPGP
Perform a simple verify operation for CHV1 and CHV2, so that further
operations won't ask for CHV2 and it is possible to do a cheap check on
the PIN: If there is something wrong with the PIN entry system, only the
regular CHV will get blocked and not the dangerous CHV3. @var{idstr} is
the usual card's serial number in hex notation; an optional fingerprint
part will get ignored.
There is however a special mode if @var{idstr} is suffixed with the
literal string @code{[CHV3]}: In this case the Admin PIN is checked if
and only if the retry counter is still at 3.
@end table

6
scd/ChangeLog
View File

@ -1,5 +1,10 @@
2005-05-23 Werner Koch <wk@g10code.com>
* Makefile.am: Do not build sc-copykeys anymore.
* app-openpgp.c (app_openpgp_storekey, app_openpgp_readkey)
(app_openpgp_cardinfo): Removed.
* ccid-driver.c (parse_ccid_descriptor): SCR335 FW version 5.14 is
good.
(do_close_reader): Never do a reset. The caller should instead
@ -11,6 +16,7 @@
Thanks to Ludovic Rousseau for this hint and the magic numbers.
(print_command_failed): New.
(bulk_in): Use it here. Add new arg NO_DEBUG.
(ccid_slot_status): Disabled debugging.
2005-05-21 Werner Koch <wk@g10code.com>

37
scd/Makefile.am
View File

@ -18,7 +18,7 @@
## Process this file with automake to produce Makefile.in
bin_PROGRAMS = scdaemon sc-copykeys
bin_PROGRAMS = scdaemon
if ! HAVE_W32_SYSTEM
pkglib_PROGRAMS = pcsc-wrapper
endif
@ -47,22 +47,25 @@ scdaemon_LDADD = ../jnlib/libjnlib.a ../common/libcommon.a \
$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(PTH_LIBS) $(LIBASSUAN_LIBS) \
$(LIBUSB_LIBS) -lgpg-error $(LIBINTL) $(DL_LIBS)
sc_copykeys_SOURCES = \
sc-copykeys.c scdaemon.h \
apdu.c apdu.h \
ccid-driver.c ccid-driver.h \
iso7816.c iso7816.h \
tlv.c tlv.h \
atr.c atr.h \
app.c app-common.h app-help.c $(card_apps)
sc_copykeys_LDADD = \
../jnlib/libjnlib.a ../common/libcommon.a \
../common/libsimple-pwquery.a \
$(LIBGCRYPT_LIBS) $(PTH_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) \
$(LIBUSB_LIBS) \
-lgpg-error @LIBINTL@ @DL_LIBS@
# Removed for now: We need to decide whether it makes sense to
# continue it at all, given that gpg has now all required
# functionality.
#sc_copykeys_SOURCES = \
# sc-copykeys.c scdaemon.h \
# apdu.c apdu.h \
# ccid-driver.c ccid-driver.h \
# iso7816.c iso7816.h \
# tlv.c tlv.h \
# atr.c atr.h \
# app.c app-common.h app-help.c $(card_apps)
#
#sc_copykeys_LDADD = \
# ../jnlib/libjnlib.a ../common/libcommon.a \
# ../common/libsimple-pwquery.a \
# $(LIBGCRYPT_LIBS) $(PTH_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) \
# $(LIBUSB_LIBS) \
# -lgpg-error @LIBINTL@ @DL_LIBS@
#
pcsc_wrapper_SOURCES = pcsc-wrapper.c
pcsc_wrapper_LDADD = $(DL_LIBS)
pcsc_wrapper_CFLAGS =

17
scd/app-common.h
View File

@ -176,23 +176,6 @@ gpg_error_t app_check_pin (app_t app, const char *keyidstr,
/*-- app-openpgp.c --*/
gpg_error_t app_select_openpgp (app_t app);
gpg_error_t app_openpgp_cardinfo (app_t app,
char **serialno,
char **disp_name,
char **pubkey_url,
unsigned char **fpr1,
unsigned char **fpr2,
unsigned char **fpr3);
gpg_error_t app_openpgp_storekey (app_t app, int keyno,
unsigned char *template, size_t template_len,
time_t created_at,
const unsigned char *m, size_t mlen,
const unsigned char *e, size_t elen,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg);
gpg_error_t app_openpgp_readkey (app_t app, int keyno,
unsigned char **m, size_t *mlen,
unsigned char **e, size_t *elen);
/*-- app-nks.c --*/
gpg_error_t app_select_nks (app_t app);

212
scd/app-openpgp.c
View File

@ -2521,215 +2521,3 @@ leave:
/* This function is a hack to retrieve essential information about the
card to be displayed by simple tools. It mostly resembles what the
LEARN command returns. All parameters return allocated strings or
buffers or NULL if the data object is not available. All returned
values are sanitized. */
gpg_error_t
app_openpgp_cardinfo (app_t app,
char **serialno,
char **disp_name,
char **pubkey_url,
unsigned char **fpr1,
unsigned char **fpr2,
unsigned char **fpr3)
{
int rc;
void *relptr;
unsigned char *value;
size_t valuelen;
if (serialno)
{
time_t dummy;
*serialno = NULL;
rc = app_get_serial_and_stamp (app, serialno, &dummy);
if (rc)
{
log_error (_("error getting serial number: %s\n"),
gpg_strerror (rc));
return rc;
}
}
if (disp_name)
{
*disp_name = NULL;
relptr = get_one_do (app, 0x005B, &value, &valuelen, NULL);
if (relptr)
{
*disp_name = make_printable_string (value, valuelen, 0);
xfree (relptr);
}
}
if (pubkey_url)
{
*pubkey_url = NULL;
relptr = get_one_do (app, 0x5F50, &value, &valuelen, NULL);
if (relptr)
{
*pubkey_url = make_printable_string (value, valuelen, 0);
xfree (relptr);
}
}
if (fpr1)
*fpr1 = NULL;
if (fpr2)
*fpr2 = NULL;
if (fpr3)
*fpr3 = NULL;
relptr = get_one_do (app, 0x00C5, &value, &valuelen, NULL);
if (relptr && valuelen >= 60)
{
if (fpr1)
{
*fpr1 = xmalloc (20);
memcpy (*fpr1, value + 0, 20);
}
if (fpr2)
{
*fpr2 = xmalloc (20);
memcpy (*fpr2, value + 20, 20);
}
if (fpr3)
{
*fpr3 = xmalloc (20);
memcpy (*fpr3, value + 40, 20);
}
}
xfree (relptr);
return 0;
}
/* This function is currently only used by the sc-copykeys program to
store a key on the smartcard. app_t ist the application handle,
KEYNO is the number of the key and PINCB, PINCB_ARG are used to ask
for the SO PIN. TEMPLATE and TEMPLATE_LEN describe a buffer with
the key template to store. CREATED_AT is the timestamp used to
create the fingerprint. M, MLEN is the RSA modulus and E, ELEN the
RSA public exponent. This function silently overwrites an existing
key.*/
gpg_error_t
app_openpgp_storekey (app_t app, int keyno,
unsigned char *template, size_t template_len,
time_t created_at,
const unsigned char *m, size_t mlen,
const unsigned char *e, size_t elen,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg)
{
int rc;
unsigned char fprbuf[20];
if (keyno < 1 || keyno > 3)
return gpg_error (GPG_ERR_INV_ID);
keyno--;
rc = verify_chv3 (app, pincb, pincb_arg);
if (rc)
goto leave;
flush_cache (app);
xfree (app->app_local->pk[keyno].key);
app->app_local->pk[keyno].key = NULL;
app->app_local->pk[keyno].keylen = 0;
app->app_local->pk[keyno].read_done = 0;
rc = iso7816_put_data (app->slot,
(app->card_version > 0x0007? 0xE0 : 0xE9) + keyno,
template, template_len);
if (rc)
{
log_error (_("failed to store the key: %s\n"), gpg_strerror (rc));
rc = gpg_error (GPG_ERR_CARD);
goto leave;
}
/* log_printhex ("RSA n:", m, mlen); */
/* log_printhex ("RSA e:", e, elen); */
rc = store_fpr (app->slot, keyno, (u32)created_at,
m, mlen, e, elen, fprbuf, app->card_version);
leave:
return rc;
}
/* Utility function for external tools: Read the public RSA key at
KEYNO and return modulus and exponent in (M,MLEN) and (E,ELEN). */
gpg_error_t
app_openpgp_readkey (app_t app, int keyno, unsigned char **m, size_t *mlen,
unsigned char **e, size_t *elen)
{
int rc;
const unsigned char *keydata, *a;
unsigned char *buffer;
size_t buflen, keydatalen, alen;
*m = NULL;
*e = NULL;
if (keyno < 1 || keyno > 3)
return gpg_error (GPG_ERR_INV_ID);
keyno--;
rc = iso7816_read_public_key(app->slot,
keyno == 0? "\xB6" :
keyno == 1? "\xB8" : "\xA4",
2,
&buffer, &buflen);
if (rc)
{
rc = gpg_error (GPG_ERR_CARD);
log_error (_("reading the key failed\n"));
goto leave;
}
keydata = find_tlv (buffer, buflen, 0x7F49, &keydatalen);
if (!keydata)
{
log_error (_("response does not contain the public key data\n"));
rc = gpg_error (GPG_ERR_CARD);
goto leave;
}
a = find_tlv (keydata, keydatalen, 0x0081, &alen);
if (!a)
{
log_error (_("response does not contain the RSA modulus\n"));
rc = gpg_error (GPG_ERR_CARD);
goto leave;
}
*mlen = alen;
*m = xmalloc (alen);
memcpy (*m, a, alen);
a = find_tlv (keydata, keydatalen, 0x0082, &alen);
if (!a)
{
log_error (_("response does not contain the RSA public exponent\n"));
rc = gpg_error (GPG_ERR_CARD);
goto leave;
}
*elen = alen;
*e = xmalloc (alen);
memcpy (*e, a, alen);
leave:
xfree (buffer);
if (rc)
{
xfree (*m); *m = NULL;
xfree (*e); *e = NULL;
}
return rc;
}

20
scd/command.c
View File

@ -1095,7 +1095,7 @@ cmd_random (assuan_context_t ctx, char *line)
/* PASSWD [--reset] <chvno>
Change the PIN or reset thye retry counter of the card holder
Change the PIN or reset the retry counter of the card holder
verfication vector CHVNO. */
static int
cmd_passwd (assuan_context_t ctx, char *line)
@ -1142,7 +1142,23 @@ cmd_passwd (assuan_context_t ctx, char *line)
}
/* CHECKPIN <hexified_id>
/* CHECKPIN <idstr>
Perform a VERIFY operation without doing anything else. This may
be used to initialize a the PIN cache earlier to long lasting
operations. Its use is highly application dependent.
For OpenPGP:
Perform a simple verify operation for CHV1 and CHV2, so that
further operations won't ask for CHV2 and it is possible to do a
cheap check on the PIN: If there is something wrong with the PIN
entry system, only the regular CHV will get blocked and not the
dangerous CHV3. IDSTR is the usual card's serial number in hex
notation; an optional fingerprint part will get ignored. There
is however a special mode if the IDSTR is sffixed with the
literal string "[CHV3]": In this case the Admin PIN is checked
if and only if the retry counter is still at 3.
*/
static int