scd:p15: Support ECDSA and ECDH for CardOS.

* scd/iso7816.c (iso7816_pso_csv): New.
* scd/app-help.c (app_help_pubkey_from_cert): Uncompress a point if
needed.

* scd/app-p15.c (CARD_PRODUCT_RSCS): New.
(struct prkdf_object_s): Add fields is_ecc, token_label, and
tokenflags.
(do_deinit): Free new fields.
(cardproduct2str): New.
(read_ef_prkdf): Set new is_ecc flag.
(read_ef_tokeninfo): Store some data and move Tokeninfo diags to ...
(read_p15_info): here.  set the product info here after all data has
been gathered.
(send_keypairinfo): Chnage the way the gpgusage flags are used.
(make_pin_prompt): If the token has a label and the current cert has
no CN, show the label as holder info.
(do_sign): Support ECDSA.  Take care of the gpgusage flags.
(do_decipher): Support ECDH.  Take care of the gpgusage flags.
--

This has been tested with Trusted Object Manager generated cards by
Rohde & Schwarz Cybersecurity.

Signed-off-by: Werner Koch <wk@gnupg.org>

scd/app-help.c

@@ -76,6 +76,7 @@ app_help_get_keygrip_string_pk (const void *pk, size_t pklen, char *hexkeygrip,
   err = gcry_sexp_sscan (&s_pkey, NULL, pk, pklen);
   if (err)
     return err; /* Can't parse that S-expression. */
+
   if (!gcry_pk_get_keygrip (s_pkey, array))
     {
       gcry_sexp_release (s_pkey);
@@ -143,12 +144,14 @@ app_help_pubkey_from_cert (const void *cert, size_t certlen,
 {
   gpg_error_t err;
   ksba_cert_t kc;
-  unsigned char *pk;
-  size_t pklen;
+  unsigned char *pk, *fixed_pk;
+  size_t pklen, fixed_pklen;
 
   *r_pk = NULL;
   *r_pklen = 0;
 
+  pk = NULL; /*(avoid cc warning)*/
+
   err = ksba_cert_new (&kc);
   if (err)
     return err;
@@ -165,6 +168,16 @@ app_help_pubkey_from_cert (const void *cert, size_t certlen,
     }
   pklen = gcry_sexp_canon_len (pk, 0, NULL, &err);
 
+  err = uncompress_ecc_q_in_canon_sexp (pk, pklen, &fixed_pk, &fixed_pklen);
+  if (err)
+    goto leave;
+  if (fixed_pk)
+    {
+      ksba_free (pk); pk = NULL;
+      pk = fixed_pk;
+      pklen = fixed_pklen;
+    }
+
  leave:
   if (!err)
     {