mirror of
git://git.gnupg.org/gnupg.git
synced 2024-05-28 21:50:02 +02:00
* Makefile.am: Do not build sc-copykeys anymore.
* app-openpgp.c (app_openpgp_storekey, app_openpgp_readkey) (app_openpgp_cardinfo): Removed.
This commit is contained in:
parent
487e419990
commit
a43586d0e8
|
@ -478,12 +478,39 @@ TO BE WRITTEN.
|
||||||
@node Scdaemon PASSWD
|
@node Scdaemon PASSWD
|
||||||
@subsection Change PINs.
|
@subsection Change PINs.
|
||||||
|
|
||||||
TO BE WRITTEN.
|
@example
|
||||||
|
PASSWD [--reset] @var{chvno}
|
||||||
|
@end example
|
||||||
|
|
||||||
|
Change the PIN or reset the retry counter of the card holder
|
||||||
|
verification vector number @var{chvno}.
|
||||||
|
|
||||||
|
|
||||||
@node Scdaemon CHECKPIN
|
@node Scdaemon CHECKPIN
|
||||||
@subsection Perform a VERIFY operation.
|
@subsection Perform a VERIFY operation.
|
||||||
|
|
||||||
TO BE WRITTEN.
|
@example
|
||||||
|
CHECKPIN @var{idstr}
|
||||||
|
@end example
|
||||||
|
|
||||||
|
Perform a VERIFY operation without doing anything else. This may be
|
||||||
|
used to initialize a the PIN cache earlier to long lasting
|
||||||
|
operations. Its use is highly application dependent:
|
||||||
|
|
||||||
|
@table @strong
|
||||||
|
@item OpenPGP
|
||||||
|
|
||||||
|
Perform a simple verify operation for CHV1 and CHV2, so that further
|
||||||
|
operations won't ask for CHV2 and it is possible to do a cheap check on
|
||||||
|
the PIN: If there is something wrong with the PIN entry system, only the
|
||||||
|
regular CHV will get blocked and not the dangerous CHV3. @var{idstr} is
|
||||||
|
the usual card's serial number in hex notation; an optional fingerprint
|
||||||
|
part will get ignored.
|
||||||
|
|
||||||
|
There is however a special mode if @var{idstr} is suffixed with the
|
||||||
|
literal string @code{[CHV3]}: In this case the Admin PIN is checked if
|
||||||
|
and only if the retry counter is still at 3.
|
||||||
|
|
||||||
|
@end table
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,10 @@
|
||||||
2005-05-23 Werner Koch <wk@g10code.com>
|
2005-05-23 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
* Makefile.am: Do not build sc-copykeys anymore.
|
||||||
|
|
||||||
|
* app-openpgp.c (app_openpgp_storekey, app_openpgp_readkey)
|
||||||
|
(app_openpgp_cardinfo): Removed.
|
||||||
|
|
||||||
* ccid-driver.c (parse_ccid_descriptor): SCR335 FW version 5.14 is
|
* ccid-driver.c (parse_ccid_descriptor): SCR335 FW version 5.14 is
|
||||||
good.
|
good.
|
||||||
(do_close_reader): Never do a reset. The caller should instead
|
(do_close_reader): Never do a reset. The caller should instead
|
||||||
|
@ -11,6 +16,7 @@
|
||||||
Thanks to Ludovic Rousseau for this hint and the magic numbers.
|
Thanks to Ludovic Rousseau for this hint and the magic numbers.
|
||||||
(print_command_failed): New.
|
(print_command_failed): New.
|
||||||
(bulk_in): Use it here. Add new arg NO_DEBUG.
|
(bulk_in): Use it here. Add new arg NO_DEBUG.
|
||||||
|
(ccid_slot_status): Disabled debugging.
|
||||||
|
|
||||||
2005-05-21 Werner Koch <wk@g10code.com>
|
2005-05-21 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
|
|
||||||
## Process this file with automake to produce Makefile.in
|
## Process this file with automake to produce Makefile.in
|
||||||
|
|
||||||
bin_PROGRAMS = scdaemon sc-copykeys
|
bin_PROGRAMS = scdaemon
|
||||||
if ! HAVE_W32_SYSTEM
|
if ! HAVE_W32_SYSTEM
|
||||||
pkglib_PROGRAMS = pcsc-wrapper
|
pkglib_PROGRAMS = pcsc-wrapper
|
||||||
endif
|
endif
|
||||||
|
@ -47,22 +47,25 @@ scdaemon_LDADD = ../jnlib/libjnlib.a ../common/libcommon.a \
|
||||||
$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(PTH_LIBS) $(LIBASSUAN_LIBS) \
|
$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(PTH_LIBS) $(LIBASSUAN_LIBS) \
|
||||||
$(LIBUSB_LIBS) -lgpg-error $(LIBINTL) $(DL_LIBS)
|
$(LIBUSB_LIBS) -lgpg-error $(LIBINTL) $(DL_LIBS)
|
||||||
|
|
||||||
sc_copykeys_SOURCES = \
|
# Removed for now: We need to decide whether it makes sense to
|
||||||
sc-copykeys.c scdaemon.h \
|
# continue it at all, given that gpg has now all required
|
||||||
apdu.c apdu.h \
|
# functionality.
|
||||||
ccid-driver.c ccid-driver.h \
|
#sc_copykeys_SOURCES = \
|
||||||
iso7816.c iso7816.h \
|
# sc-copykeys.c scdaemon.h \
|
||||||
tlv.c tlv.h \
|
# apdu.c apdu.h \
|
||||||
atr.c atr.h \
|
# ccid-driver.c ccid-driver.h \
|
||||||
app.c app-common.h app-help.c $(card_apps)
|
# iso7816.c iso7816.h \
|
||||||
|
# tlv.c tlv.h \
|
||||||
sc_copykeys_LDADD = \
|
# atr.c atr.h \
|
||||||
../jnlib/libjnlib.a ../common/libcommon.a \
|
# app.c app-common.h app-help.c $(card_apps)
|
||||||
../common/libsimple-pwquery.a \
|
#
|
||||||
$(LIBGCRYPT_LIBS) $(PTH_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) \
|
#sc_copykeys_LDADD = \
|
||||||
$(LIBUSB_LIBS) \
|
# ../jnlib/libjnlib.a ../common/libcommon.a \
|
||||||
-lgpg-error @LIBINTL@ @DL_LIBS@
|
# ../common/libsimple-pwquery.a \
|
||||||
|
# $(LIBGCRYPT_LIBS) $(PTH_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) \
|
||||||
|
# $(LIBUSB_LIBS) \
|
||||||
|
# -lgpg-error @LIBINTL@ @DL_LIBS@
|
||||||
|
#
|
||||||
pcsc_wrapper_SOURCES = pcsc-wrapper.c
|
pcsc_wrapper_SOURCES = pcsc-wrapper.c
|
||||||
pcsc_wrapper_LDADD = $(DL_LIBS)
|
pcsc_wrapper_LDADD = $(DL_LIBS)
|
||||||
pcsc_wrapper_CFLAGS =
|
pcsc_wrapper_CFLAGS =
|
||||||
|
|
|
@ -176,23 +176,6 @@ gpg_error_t app_check_pin (app_t app, const char *keyidstr,
|
||||||
/*-- app-openpgp.c --*/
|
/*-- app-openpgp.c --*/
|
||||||
gpg_error_t app_select_openpgp (app_t app);
|
gpg_error_t app_select_openpgp (app_t app);
|
||||||
|
|
||||||
gpg_error_t app_openpgp_cardinfo (app_t app,
|
|
||||||
char **serialno,
|
|
||||||
char **disp_name,
|
|
||||||
char **pubkey_url,
|
|
||||||
unsigned char **fpr1,
|
|
||||||
unsigned char **fpr2,
|
|
||||||
unsigned char **fpr3);
|
|
||||||
gpg_error_t app_openpgp_storekey (app_t app, int keyno,
|
|
||||||
unsigned char *template, size_t template_len,
|
|
||||||
time_t created_at,
|
|
||||||
const unsigned char *m, size_t mlen,
|
|
||||||
const unsigned char *e, size_t elen,
|
|
||||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
|
||||||
void *pincb_arg);
|
|
||||||
gpg_error_t app_openpgp_readkey (app_t app, int keyno,
|
|
||||||
unsigned char **m, size_t *mlen,
|
|
||||||
unsigned char **e, size_t *elen);
|
|
||||||
/*-- app-nks.c --*/
|
/*-- app-nks.c --*/
|
||||||
gpg_error_t app_select_nks (app_t app);
|
gpg_error_t app_select_nks (app_t app);
|
||||||
|
|
||||||
|
|
|
@ -2521,215 +2521,3 @@ leave:
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/* This function is a hack to retrieve essential information about the
|
|
||||||
card to be displayed by simple tools. It mostly resembles what the
|
|
||||||
LEARN command returns. All parameters return allocated strings or
|
|
||||||
buffers or NULL if the data object is not available. All returned
|
|
||||||
values are sanitized. */
|
|
||||||
gpg_error_t
|
|
||||||
app_openpgp_cardinfo (app_t app,
|
|
||||||
char **serialno,
|
|
||||||
char **disp_name,
|
|
||||||
char **pubkey_url,
|
|
||||||
unsigned char **fpr1,
|
|
||||||
unsigned char **fpr2,
|
|
||||||
unsigned char **fpr3)
|
|
||||||
{
|
|
||||||
int rc;
|
|
||||||
void *relptr;
|
|
||||||
unsigned char *value;
|
|
||||||
size_t valuelen;
|
|
||||||
|
|
||||||
if (serialno)
|
|
||||||
{
|
|
||||||
time_t dummy;
|
|
||||||
|
|
||||||
*serialno = NULL;
|
|
||||||
rc = app_get_serial_and_stamp (app, serialno, &dummy);
|
|
||||||
if (rc)
|
|
||||||
{
|
|
||||||
log_error (_("error getting serial number: %s\n"),
|
|
||||||
gpg_strerror (rc));
|
|
||||||
return rc;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (disp_name)
|
|
||||||
{
|
|
||||||
*disp_name = NULL;
|
|
||||||
relptr = get_one_do (app, 0x005B, &value, &valuelen, NULL);
|
|
||||||
if (relptr)
|
|
||||||
{
|
|
||||||
*disp_name = make_printable_string (value, valuelen, 0);
|
|
||||||
xfree (relptr);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (pubkey_url)
|
|
||||||
{
|
|
||||||
*pubkey_url = NULL;
|
|
||||||
relptr = get_one_do (app, 0x5F50, &value, &valuelen, NULL);
|
|
||||||
if (relptr)
|
|
||||||
{
|
|
||||||
*pubkey_url = make_printable_string (value, valuelen, 0);
|
|
||||||
xfree (relptr);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (fpr1)
|
|
||||||
*fpr1 = NULL;
|
|
||||||
if (fpr2)
|
|
||||||
*fpr2 = NULL;
|
|
||||||
if (fpr3)
|
|
||||||
*fpr3 = NULL;
|
|
||||||
relptr = get_one_do (app, 0x00C5, &value, &valuelen, NULL);
|
|
||||||
if (relptr && valuelen >= 60)
|
|
||||||
{
|
|
||||||
if (fpr1)
|
|
||||||
{
|
|
||||||
*fpr1 = xmalloc (20);
|
|
||||||
memcpy (*fpr1, value + 0, 20);
|
|
||||||
}
|
|
||||||
if (fpr2)
|
|
||||||
{
|
|
||||||
*fpr2 = xmalloc (20);
|
|
||||||
memcpy (*fpr2, value + 20, 20);
|
|
||||||
}
|
|
||||||
if (fpr3)
|
|
||||||
{
|
|
||||||
*fpr3 = xmalloc (20);
|
|
||||||
memcpy (*fpr3, value + 40, 20);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
xfree (relptr);
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/* This function is currently only used by the sc-copykeys program to
|
|
||||||
store a key on the smartcard. app_t ist the application handle,
|
|
||||||
KEYNO is the number of the key and PINCB, PINCB_ARG are used to ask
|
|
||||||
for the SO PIN. TEMPLATE and TEMPLATE_LEN describe a buffer with
|
|
||||||
the key template to store. CREATED_AT is the timestamp used to
|
|
||||||
create the fingerprint. M, MLEN is the RSA modulus and E, ELEN the
|
|
||||||
RSA public exponent. This function silently overwrites an existing
|
|
||||||
key.*/
|
|
||||||
gpg_error_t
|
|
||||||
app_openpgp_storekey (app_t app, int keyno,
|
|
||||||
unsigned char *template, size_t template_len,
|
|
||||||
time_t created_at,
|
|
||||||
const unsigned char *m, size_t mlen,
|
|
||||||
const unsigned char *e, size_t elen,
|
|
||||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
|
||||||
void *pincb_arg)
|
|
||||||
{
|
|
||||||
int rc;
|
|
||||||
unsigned char fprbuf[20];
|
|
||||||
|
|
||||||
if (keyno < 1 || keyno > 3)
|
|
||||||
return gpg_error (GPG_ERR_INV_ID);
|
|
||||||
keyno--;
|
|
||||||
|
|
||||||
rc = verify_chv3 (app, pincb, pincb_arg);
|
|
||||||
if (rc)
|
|
||||||
goto leave;
|
|
||||||
|
|
||||||
flush_cache (app);
|
|
||||||
|
|
||||||
xfree (app->app_local->pk[keyno].key);
|
|
||||||
app->app_local->pk[keyno].key = NULL;
|
|
||||||
app->app_local->pk[keyno].keylen = 0;
|
|
||||||
app->app_local->pk[keyno].read_done = 0;
|
|
||||||
|
|
||||||
rc = iso7816_put_data (app->slot,
|
|
||||||
(app->card_version > 0x0007? 0xE0 : 0xE9) + keyno,
|
|
||||||
template, template_len);
|
|
||||||
if (rc)
|
|
||||||
{
|
|
||||||
log_error (_("failed to store the key: %s\n"), gpg_strerror (rc));
|
|
||||||
rc = gpg_error (GPG_ERR_CARD);
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* log_printhex ("RSA n:", m, mlen); */
|
|
||||||
/* log_printhex ("RSA e:", e, elen); */
|
|
||||||
|
|
||||||
rc = store_fpr (app->slot, keyno, (u32)created_at,
|
|
||||||
m, mlen, e, elen, fprbuf, app->card_version);
|
|
||||||
|
|
||||||
leave:
|
|
||||||
return rc;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/* Utility function for external tools: Read the public RSA key at
|
|
||||||
KEYNO and return modulus and exponent in (M,MLEN) and (E,ELEN). */
|
|
||||||
gpg_error_t
|
|
||||||
app_openpgp_readkey (app_t app, int keyno, unsigned char **m, size_t *mlen,
|
|
||||||
unsigned char **e, size_t *elen)
|
|
||||||
{
|
|
||||||
int rc;
|
|
||||||
const unsigned char *keydata, *a;
|
|
||||||
unsigned char *buffer;
|
|
||||||
size_t buflen, keydatalen, alen;
|
|
||||||
|
|
||||||
*m = NULL;
|
|
||||||
*e = NULL;
|
|
||||||
|
|
||||||
if (keyno < 1 || keyno > 3)
|
|
||||||
return gpg_error (GPG_ERR_INV_ID);
|
|
||||||
keyno--;
|
|
||||||
|
|
||||||
rc = iso7816_read_public_key(app->slot,
|
|
||||||
keyno == 0? "\xB6" :
|
|
||||||
keyno == 1? "\xB8" : "\xA4",
|
|
||||||
2,
|
|
||||||
&buffer, &buflen);
|
|
||||||
if (rc)
|
|
||||||
{
|
|
||||||
rc = gpg_error (GPG_ERR_CARD);
|
|
||||||
log_error (_("reading the key failed\n"));
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
|
|
||||||
keydata = find_tlv (buffer, buflen, 0x7F49, &keydatalen);
|
|
||||||
if (!keydata)
|
|
||||||
{
|
|
||||||
log_error (_("response does not contain the public key data\n"));
|
|
||||||
rc = gpg_error (GPG_ERR_CARD);
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
|
|
||||||
a = find_tlv (keydata, keydatalen, 0x0081, &alen);
|
|
||||||
if (!a)
|
|
||||||
{
|
|
||||||
log_error (_("response does not contain the RSA modulus\n"));
|
|
||||||
rc = gpg_error (GPG_ERR_CARD);
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
*mlen = alen;
|
|
||||||
*m = xmalloc (alen);
|
|
||||||
memcpy (*m, a, alen);
|
|
||||||
|
|
||||||
a = find_tlv (keydata, keydatalen, 0x0082, &alen);
|
|
||||||
if (!a)
|
|
||||||
{
|
|
||||||
log_error (_("response does not contain the RSA public exponent\n"));
|
|
||||||
rc = gpg_error (GPG_ERR_CARD);
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
*elen = alen;
|
|
||||||
*e = xmalloc (alen);
|
|
||||||
memcpy (*e, a, alen);
|
|
||||||
|
|
||||||
leave:
|
|
||||||
xfree (buffer);
|
|
||||||
if (rc)
|
|
||||||
{
|
|
||||||
xfree (*m); *m = NULL;
|
|
||||||
xfree (*e); *e = NULL;
|
|
||||||
}
|
|
||||||
return rc;
|
|
||||||
}
|
|
||||||
|
|
|
@ -1095,7 +1095,7 @@ cmd_random (assuan_context_t ctx, char *line)
|
||||||
|
|
||||||
/* PASSWD [--reset] <chvno>
|
/* PASSWD [--reset] <chvno>
|
||||||
|
|
||||||
Change the PIN or reset thye retry counter of the card holder
|
Change the PIN or reset the retry counter of the card holder
|
||||||
verfication vector CHVNO. */
|
verfication vector CHVNO. */
|
||||||
static int
|
static int
|
||||||
cmd_passwd (assuan_context_t ctx, char *line)
|
cmd_passwd (assuan_context_t ctx, char *line)
|
||||||
|
@ -1142,7 +1142,23 @@ cmd_passwd (assuan_context_t ctx, char *line)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* CHECKPIN <hexified_id>
|
/* CHECKPIN <idstr>
|
||||||
|
|
||||||
|
Perform a VERIFY operation without doing anything else. This may
|
||||||
|
be used to initialize a the PIN cache earlier to long lasting
|
||||||
|
operations. Its use is highly application dependent.
|
||||||
|
|
||||||
|
For OpenPGP:
|
||||||
|
|
||||||
|
Perform a simple verify operation for CHV1 and CHV2, so that
|
||||||
|
further operations won't ask for CHV2 and it is possible to do a
|
||||||
|
cheap check on the PIN: If there is something wrong with the PIN
|
||||||
|
entry system, only the regular CHV will get blocked and not the
|
||||||
|
dangerous CHV3. IDSTR is the usual card's serial number in hex
|
||||||
|
notation; an optional fingerprint part will get ignored. There
|
||||||
|
is however a special mode if the IDSTR is sffixed with the
|
||||||
|
literal string "[CHV3]": In this case the Admin PIN is checked
|
||||||
|
if and only if the retry counter is still at 3.
|
||||||
|
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
|
|
Loading…
Reference in New Issue
Block a user