mirror of
git://git.gnupg.org/gnupg.git
synced 2025-04-17 15:44:34 +02:00
scd:openpgp: Some comment updates
--
This commit is contained in:
Werner Koch
parent
acda0a3f33
commit
fe683a1d7c
@ -65,6 +65,7 @@
|
|||||||
/* The AID of this application. */
|
/* The AID of this application. */
|
||||||
static char const openpgp_aid[] = { 0xD2, 0x76, 0x00, 0x01, 0x24, 0x01 };
|
static char const openpgp_aid[] = { 0xD2, 0x76, 0x00, 0x01, 0x24, 0x01 };
|
||||||
|
|
||||||
|
|
||||||
/* A table describing the DOs of the card. */
|
/* A table describing the DOs of the card. */
|
||||||
static struct {
|
static struct {
|
||||||
int tag;
|
int tag;
|
||||||
@ -244,7 +245,7 @@ struct app_local_s {
|
|||||||
rsa_key_format_t format;
|
rsa_key_format_t format;
|
||||||
} rsa;
|
} rsa;
|
||||||
struct {
|
struct {
|
||||||
const char *curve;
|
const char *curve; /* Canonical name defined in openpgp-oid.c */
|
||||||
int algo;
|
int algo;
|
||||||
unsigned int flags;
|
unsigned int flags;
|
||||||
} ecc;
|
} ecc;
|
||||||
@ -1002,6 +1003,10 @@ send_key_attr (ctrl_t ctrl, app_t app, const char *keyword, int keyno)
|
|||||||
|
|
||||||
log_assert (keyno >=0 && keyno < DIM(app->app_local->keyattr));
|
log_assert (keyno >=0 && keyno < DIM(app->app_local->keyattr));
|
||||||
|
|
||||||
|
/* Note that the code in gpg-card supports prefixing the key number
|
||||||
|
* with "OPENPGP." but older code does not yet support this. There
|
||||||
|
* is also a discrepancy with the algorithm numbers: We should use
|
||||||
|
* the gcrypt numbers but the current code assumes OpenPGP numbers. */
|
||||||
if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_RSA)
|
if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_RSA)
|
||||||
snprintf (buffer, sizeof buffer, "%d 1 rsa%u %u %d",
|
snprintf (buffer, sizeof buffer, "%d 1 rsa%u %u %d",
|
||||||
keyno+1,
|
keyno+1,
|
||||||
@ -1092,9 +1097,10 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
|
|||||||
|
|
||||||
if (table[idx].special == -1)
|
if (table[idx].special == -1)
|
||||||
{
|
{
|
||||||
/* The serial number is very special. We could have used the
|
/* The serial number is very special. We can't use the AID
|
||||||
AID DO to retrieve it. The AID DO is available anyway but
|
DO (0x4f) because this is the serialno per specs with the
|
||||||
not hex formatted. */
|
correct appversion. We might however use a serialno with the
|
||||||
|
version set to 0.0 and that is what we need to return. */
|
||||||
char *serial = app_get_serialno (app);
|
char *serial = app_get_serialno (app);
|
||||||
|
|
||||||
if (serial)
|
if (serial)
|
||||||
@ -1138,9 +1144,9 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
|
|||||||
}
|
}
|
||||||
if (table[idx].special == -4)
|
if (table[idx].special == -4)
|
||||||
{
|
{
|
||||||
char *serial = app_get_dispserialno (app, 0);
|
char *serial;
|
||||||
|
|
||||||
if (serial)
|
if ((serial = app_get_dispserialno (app, 0)))
|
||||||
{
|
{
|
||||||
send_status_info (ctrl, table[idx].name,
|
send_status_info (ctrl, table[idx].name,
|
||||||
serial, strlen (serial), NULL, 0);
|
serial, strlen (serial), NULL, 0);
|
||||||
@ -1657,15 +1663,16 @@ ecdh_params (const char *curve)
|
|||||||
/* See RFC-6637 for those constants.
|
/* See RFC-6637 for those constants.
|
||||||
0x03: Number of bytes
|
0x03: Number of bytes
|
||||||
0x01: Version for this parameter format
|
0x01: Version for this parameter format
|
||||||
KDF hash algo
|
KEK digest algorithm
|
||||||
KEK symmetric cipher algo
|
KEK cipher algorithm
|
||||||
|
|
||||||
Take care: They should match the parameters as used in g10/ecdh.c
|
Take care: They should match the parameters as used in g10/ecdh.c
|
||||||
as long as the ecdh-param is not fully support (as in gnupg 2.2).
|
as long as the ecdh-param is not fully support (as in gnupg 2.2).
|
||||||
*/
|
*/
|
||||||
if (nbits <= 256)
|
if (nbits <= 256)
|
||||||
return (const unsigned char*)"\x03\x01\x08\x07";
|
return (const unsigned char*)"\x03\x01\x08\x07";
|
||||||
else if (nbits <= 384)
|
else if (nbits <= 384)
|
||||||
return (const unsigned char*)"\x03\x01\x09\x08";
|
return (const unsigned char*)"\x03\x01\x09\x08"; /* gnupg 2.2 only */
|
||||||
else
|
else
|
||||||
return (const unsigned char*)"\x03\x01\x0a\x09";
|
return (const unsigned char*)"\x03\x01\x0a\x09";
|
||||||
}
|
}
|
||||||
@ -1771,7 +1778,6 @@ ecc_read_pubkey (app_t app, ctrl_t ctrl, int meta_update,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Compute the keygrip form the local info and store it there. */
|
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
store_keygrip (app_t app, int keyno)
|
store_keygrip (app_t app, int keyno)
|
||||||
{
|
{
|
||||||
@ -1955,7 +1961,8 @@ get_public_key (app_t app, int keyno)
|
|||||||
hexkeyid = fpr + 24;
|
hexkeyid = fpr + 24;
|
||||||
|
|
||||||
ret = gpgrt_asprintf
|
ret = gpgrt_asprintf
|
||||||
(&command, "gpg --list-keys --with-colons --with-key-data '%s'", fpr);
|
(&command, "%s --list-keys --with-colons --with-key-data '%s'",
|
||||||
|
gnupg_module_name (GNUPG_MODULE_NAME_GPG), fpr);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
{
|
{
|
||||||
err = gpg_error_from_syserror ();
|
err = gpg_error_from_syserror ();
|
||||||
@ -2001,7 +2008,6 @@ get_public_key (app_t app, int keyno)
|
|||||||
app->app_local->pk[keyno].key = (unsigned char*)keybuf;
|
app->app_local->pk[keyno].key = (unsigned char*)keybuf;
|
||||||
/* Decrement for trailing '\0' */
|
/* Decrement for trailing '\0' */
|
||||||
app->app_local->pk[keyno].keylen = len - 1;
|
app->app_local->pk[keyno].keylen = len - 1;
|
||||||
|
|
||||||
err = store_keygrip (app, keyno);
|
err = store_keygrip (app, keyno);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2607,7 +2613,12 @@ verify_chv2 (app_t app, ctrl_t ctrl,
|
|||||||
flush_cache_after_error (app);
|
flush_cache_after_error (app);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
{
|
||||||
app->did_chv1 = 1;
|
app->did_chv1 = 1;
|
||||||
|
/* Note that we are not able to cache the CHV 1 here because
|
||||||
|
* it is possible that due to the use of a KDF-DO PINVALUE
|
||||||
|
* has the hashed binary PIN of length PINLEN. */
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -2624,7 +2635,7 @@ verify_chv2 (app_t app, ctrl_t ctrl,
|
|||||||
|
|
||||||
|
|
||||||
/* Build the prompt to enter the Admin PIN. The prompt depends on the
|
/* Build the prompt to enter the Admin PIN. The prompt depends on the
|
||||||
current sdtate of the card. */
|
current state of the card. */
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
build_enter_admin_pin_prompt (app_t app, char **r_prompt)
|
build_enter_admin_pin_prompt (app_t app, char **r_prompt)
|
||||||
{
|
{
|
||||||
@ -2885,10 +2896,10 @@ do_setattr (app_t app, ctrl_t ctrl, const char *name,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Handle the WRITECERT command for OpenPGP. This rites the standard
|
/* Handle the WRITECERT command for OpenPGP. This writes the standard
|
||||||
certifciate to the card; CERTID needs to be set to "OPENPGP.3".
|
* certificate to the card; CERTID needs to be set to "OPENPGP.3".
|
||||||
PINCB and PINCB_ARG are the usual arguments for the pinentry
|
* PINCB and PINCB_ARG are the usual arguments for the pinentry
|
||||||
callback. */
|
* callback. */
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
do_writecert (app_t app, ctrl_t ctrl,
|
do_writecert (app_t app, ctrl_t ctrl,
|
||||||
const char *certidstr,
|
const char *certidstr,
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user