security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

card: Support reading and writing PIV certificates

Browse source 
* scd/app-piv.c (add_tlv): New.
(put_data): New.
(do_writecert): New.
(do_setattr): Remove usused special mode 0.
* tools/gpg-card-tool.c (cmd_writecert): Allow other cards than
OPENPGP.
(cmd_readcert): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2019-02-07 11:05:22 +01:00
parent 090b5f804a
commit fcec5b40e5
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
2 changed files with 235 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

76
tools/gpg-card-tool.c
View file

@ -1551,36 +1551,41 @@ cmd_writecert (card_info_t info, char *argstr)
{
gpg_error_t err;
int opt_clear;
int do_no;
char *certref_buffer = NULL;
char *certref;
char *data = NULL;
size_t datalen;
if (!info)
return print_help
("WRITECERT [--clear] 3 < FILE\n\n"
("WRITECERT [--clear] CERTREF < FILE\n\n"
"Write a certificate for key 3. Unless --clear is given\n"
"the file argement is mandatory. The option --clear removes\n"
"the file argument is mandatory. The option --clear removes\n"
"the certificate from the card.",
APP_TYPE_OPENPGP, 0);
APP_TYPE_OPENPGP, APP_TYPE_PIV, 0);
opt_clear = has_leading_option (argstr, "--clear");
argstr = skip_options (argstr);
if (digitp (argstr))
certref = argstr;
if ((argstr = strchr (certref, ' ')))
{
do_no = atoi (argstr);
while (digitp (argstr))
argstr++;
while (spacep (argstr))
argstr++;
*argstr++ = 0;
trim_spaces (certref);
trim_spaces (argstr);
}
else
do_no = 0;
else /* Let argstr point to an empty string. */
argstr = certref + strlen (certref);
if (do_no != 3)
if (info->apptype == APP_TYPE_OPENPGP)
{
err = gpg_error (GPG_ERR_INV_ARG);
goto leave;
if (ascii_strcasecmp (certref, "OPENPGP.3") && strcmp (certref, "3"))
{
err = gpg_error (GPG_ERR_INV_ID);
log_error ("Error: CERTREF must be \"3\" or \"OPENPGP.3\"\n");
goto leave;
}
certref = certref_buffer = xstrdup ("OPENPGP.3");
}
if (opt_clear)
@ -1602,10 +1607,11 @@ cmd_writecert (card_info_t info, char *argstr)
goto leave;
}
err = scd_writecert ("OPENPGP.3", data, datalen);
err = scd_writecert (certref, data, datalen);
leave:
xfree (data);
xfree (certref_buffer);
return err;
}
@ -1614,37 +1620,42 @@ static gpg_error_t
cmd_readcert (card_info_t info, char *argstr)
{
gpg_error_t err;
int do_no;
char *certref_buffer = NULL;
char *certref;
void *data = NULL;
size_t datalen;
const char *fname;
if (!info)
return print_help
("READCERT 3 > FILE\n\n"
("READCERT CERTREF > FILE\n\n"
"Read the certificate for key 3 and store it in FILE.",
APP_TYPE_OPENPGP, 0);
APP_TYPE_OPENPGP, APP_TYPE_PIV, 0);
argstr = skip_options (argstr);
if (digitp (argstr))
certref = argstr;
if ((argstr = strchr (certref, ' ')))
{
do_no = atoi (argstr);
while (digitp (argstr))
argstr++;
while (spacep (argstr))
argstr++;
*argstr++ = 0;
trim_spaces (certref);
trim_spaces (argstr);
}
else
do_no = 0;
else /* Let argstr point to an empty string. */
argstr = certref + strlen (certref);
if (do_no != 3)
if (info->apptype == APP_TYPE_OPENPGP)
{
err = gpg_error (GPG_ERR_INV_ARG);
goto leave;
if (ascii_strcasecmp (certref, "OPENPGP.3") && strcmp (certref, "3"))
{
err = gpg_error (GPG_ERR_INV_ID);
log_error ("Error: CERTREF must be \"3\" or \"OPENPGP.3\"\n");
goto leave;
}
certref = certref_buffer = xstrdup ("OPENPGP.3");
}
if (*argstr == '>') /* Read it from a file */
if (*argstr == '>') /* Write it to a file */
{
for (argstr++; spacep (argstr); argstr++)
;
@ -1656,7 +1667,7 @@ cmd_readcert (card_info_t info, char *argstr)
goto leave;
}
err = scd_readcert ("OPENPGP.3", &data, &datalen);
err = scd_readcert (certref, &data, &datalen);
if (err)
goto leave;
@ -1664,6 +1675,7 @@ cmd_readcert (card_info_t info, char *argstr)
leave:
xfree (data);
xfree (certref_buffer);
return err;
}