* scd/apdu.c (pcsc): Add flag context_valid, remove count.
(close_pcsc_reader): Use new flag instead of looking at magic context
value.
(pcsc_init): Set new flag.
(open_pcsc_reader): Use new flag.
(apdu_init): Clear new flag.
* scd/apdu.c: Remove assert.h. Replace all assert by log_assert.
--
The previous fix 192113552faa98f40cc91fe014ec55861474626c did not
help, thus the new hypothesis is that PC/SC might return a valid
context with the value -1. We now use a dedicated flag to track the
validity of the context.
The reference counting seems to be superfluous and is a relict due to
backporting from 2.3. Removed.
* scd/apdu.c: Include membuf.h.
(pcsc): Add reader_list field.
(open_pcsc_reader): Fill that field.
(apdu_get_reader_list): New.
* scd/command.c: Remove header ccid-driver.h.
(pretty_assuan_send_data): New.
(cmd_getinfo): Print all reader names.
--
Note that depending on the card backend (ccid or PC/SC) it might be
necessary to first send a reset followed by SERIALNO to get an updated
list of reader. Or well send KILLSCD.
The pretty printing of Assuan data lines does only work if you connect
direct to scdaemon because the wrapper in gpg-agent does not know
about this and combines the Assuan lines again.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/apdu.c (close_pcsc_reader): Don't ref-count if the context is
invalid.
(open_pcsc_reader): Compare the context against -1 which is our
indicator for an invalid context.
--
I got a crash report for Windows:
DBG: chan_0x000000a4 <- RESTART
DBG: chan_0x000000a4 -> OK
DBG: chan_0x000000a4 <- SERIALNO
DBG: open_pcsc_reader(portstr=(null))
reader slot 0: not connected
DBG: open_pcsc_reader => slot=0
DBG: enter: apdu_connect: slot=0
pcsc_connect failed: invalid PC/SC error code (0x6)
reader slot 0: not connected
DBG: leave: apdu_connect => sw=0x1000b
DBG: enter: apdu_close_reader: slot=0
DBG: enter: apdu_disconnect: slot=0
DBG: leave: apdu_disconnect => sw=0x0
Ohhhh jeeee: Assertion "pcsc.count > 0" in
close_pcsc_reader failed (...2.2.28/scd/apdu.c:817)
no smartcard reader was connected but the box might sport a virtual
reader. This patch should make it more robust.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/ccid-driver.c (abort_cmd): Add INIT argument to support
synchronize until success, even ignoring timeout.
(bulk_in): Normal use case of abort_cmd.
(ccid_vendor_specific_init): Initial use case of abort_cmd.
--
Another backport to stabilize SCM SPR332/SPR532 card reader.
GnuPG-bug-id: 5297
Backport-master-commit: a9aa30ed2c2c399c2baa6a5aa2624d8fdee6286f
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/iso7816.c (map_sw): Recognize 6A86.
--
Yubikey NEO does not support the YK4_GET_CAPA command (001D000000),
and it will be screwed up with the command.
GnuPG-bug-id: 5487
Back-port-master-commit: 13bc0431ff1ce51246694208df611cc4561fb4b3
Fixes-commit: ec56996029d95d4bd26e1badfe207232270c6247
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/app-p15.c (send_certinfo): free labelbuf
(do_sign): goto leave instead of return
* scd/command.c (cmd_genkey): goto leave instead of return
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
GnuPG-bug-id: 5393
Modifified for this backport:
* scd/command.c (cmd_genkey): Make it easier to read by replacing
keyno with orig_line.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/apdu.c (pcsc): New variable.
(struct reader_table_s): Remove pcsc.context from member.
(pcsc_get_status, connect_pcsc_card): Use pcsc.context.
(close_pcsc_reader): Release pcsc.context here with reference count.
(apdu_open_one_reader): Move API loading to ...
(pcsc_init): new.
(apdu_open_one_reader): Remove.
(apdu_open_reader): Call open_pcsc_reader instead of
apdu_open_one_reader.
(open_pcsc_reader): Call pcsc_init if needed. Call close_pcsc_reader
instead of pcsc_release_context. Make reader parsing more robust.
(apdu_init): Initialize pcsc.count and pcsc.context.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Backported-from-master: 1080e91efd60cb41c2d6dbafaee810e5967a3161)
The backport also adds some other chnages as described above.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/apdu.c (pcsc_cancel): New.
(pcsc_init): Load new function.
(connect_pcsc_card): Use it after a removed card error.
--
Backported-from-master: 8d81fd7c01e8dfacc719ff190f8e364014e32fdf
* scd/command.c (do_readkey): Implement this.
* scd/app-help.c (app_help_get_keygrip_string_pk): Make HEXKEYGRIP
parm optional. Add arg R_ALGOSTR.
--
This patch basically mimics what we do in 2.3.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/scdaemon.h (opt): Add field opcsc_shared.
* scd/scdaemon.c (opcscShared): New.
(opts): Add "--pcsc-shared".
(main): Set flag.
* scd/apdu.c (connect_pcsc_card): Use it.
(pcsc_get_status): Take flag in account.
* scd/app-openpgp.c (verify_chv2): Do not auto verify chv1 in shared
mode.
--
This option should in general not be used. The patch tries to limit
bad effects but using shared mode is somewhat dangerous depending on
the other PC/SC users.
(cherry picked from commit 5732e7a8e97cebf8e850c472e644e2a9b040836f)
* scd/app-help.c (app_help_pubkey_from_cert): New. Taken from 2.3.
* scd/command.c (cmd_readkey): Rewrite using new helper.
--
Actually the readkey functions needs to return the uncompressed points
but if there is no readkey function, like in app-p15.c, readcert is
used and here we need to extract and the key and uncompress the point.
Noet that the --advanced flag did not and still does not work if the
key is fetched via readcert.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
This reflects the state of
commit 1f846823b397d68eaa8a31422f78c99f8e9ff738
featuring these commits:
1f846823b scd:p15: Fix the name of a card.
cc5aa68b6 scd:p15: Fix last commit and improve D-TRUST detection.
21e3f750b scd:p15: Shorten the displayed s/n of RSCS cards
30f90fc85 scd:p15: Support attribute KEY-FPR.
ecb9265b8 scd:p15: Match private keys with certificates also by ...
e17d3f866 scd:p15: New flag APP_LEARN_FLAG_REREAD.
1c16878ef scd: Replace all assert macros by the log_assert macro.
7f9126363 scd:p15: Return labels for keys and certificates.
651c07a73 scd:p15: For CardOS make use of ISO7816_VERIFY_NOT_NEEDED.
de4d3c99a scd:p15: Return the creation time of the keys.
592f48011 scd:p15: Make RSA with SHA512 work with CardOS.
a494b29af scd:p15: Support ECDSA and ECDH for CardOS.
964363e78 scd:p15: Make $SIGNKEY et al determination more fault ...
85082a83c scd:p15: Allow to use an auth object label with cmd CHECKPIN.
ef29a960b scd:p15: New attribute CHV-LABEL.
bf1d7bc36 scd:p15: Implement CHV-STATUS attribute
0f191a070 scd:p15: Fix faulty removal of a test code change.
08b5ac492 scd:p15: Support special extended usage flags for OpenPGP ...
d51a5ca10 scd:p15: Read out the access flags.
cfdaf2bcc scd:p15: Get the label value of all objects for better diag...
33aaa37e5 scd:p15: Make it code work again for D-Trust cards.
488eaedc9 scd:p15: Extract extended usage flagsand act upon them.
0c080ed57 scd:p15: Read PuKDF and minor refactoring.
1e197c29e scd:p15: Make file selection more robust.
5bcbc8cee scd:p15: Factor the commonKeyAttributes parser out.
fb84674d6 scd:p15: Factor the commonObjectAttributes parser out.
fc287c055 scd:p15: First step towards real CardOS 5 support.
60499d989 scd:p15: Show the ATR as part of the TokenInfo diagnostics.
00037f499 scd:p15: Print the internal card type.
c7b9a4ee4 scd:p15: Improve support for some CardOS based cards.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c (openpgp_curve_to_oid): Add optional arg R_NBITS.
Change all callers.
--
In particular for ed25519 and cv25519 it is quite useful to have an
ability to get the required algorithm.
(cherry picked from commit 24095101a5069f15a9aea7512498ac436a76814a)
* scd/iso7816.c (iso7816_select_path): Add arg top_fd.
* scd/app-nks.c (do_readkey): Adjust for this change
(select_ef_by_path: Ditto.
* common/tlv.h: Include membuf.h.
--
Including membuf.h is just for easier backporting. In 2.3 it is
actually required in tlv.h but in 2.2 we right now only use it
indirect.
* scd/iso7816.c (iso7816_read_binary_ext): Add optional arg r_sw and
change callers.
(iso7816_read_record): Factor all code out to ...
(iso7816_read_record_ext): New.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-common.h (struct app_ctx_s): Add parameter ctrl to function
pointers for readkey, setattr, sign, auth, decipher, and check_pin.
--
This is a yet another patch to allow for easier backporting.
* scd/app-common.h (struct app_ctx_s): Rename unused field
card_version to cardversion.
* scd/app.c (app_new_register): Add code rom 2.3 to detect the Yubikey
and set cardversion.
(app_get_dispserialno): New.
* scd/app-openpgp.c (do_getattr): Use app_get_dispserialno.
* scd/app-common.h (cardtype_t): New.
(apptype_t): New.
(struct app_ctx_s): Change type of field apptype. Add fields
appversion and cardtype. Adjust all app-*.c for the new type.
* scd/app.c (supported_app_list): New.
(strapptype): New.
(apptype_from_name): New.
(app_dump_state): Use strapptype.
(app_write_learn_status): Ditto.
(app_getattr): Ditto.
(check_conflict): Use apptype_from_name and integer comparison.
* scd/app-openpgp.c: Replace app->card_version by app->appversion.
--
This is another patch to make backporting from 2.3 easier.
* scd/app-common.h (APP_WRITEKEY_FLAG_FORCE): New.
(APP_READKEY_FLAG_INFO): New.
(APP_LEARN_FLAG_KEYPAIRINFO): New.
(APP_LEARN_FLAG_MULTI): New.
(struct app_ctx_s): New forward declaration.
(struct app_ctx_s): Add members prep_reselect, reselect, and
with_keygrip.
(KEYGRIP_ACTION_SEND_DATA): New.
(KEYGRIP_ACTION_WRITE_STATUS): New.
(KEYGRIP_ACTION_LOOKUP): New.
(APP_CARD): New macro.
* scd/scdaemon.h: Include app-common.h and remove from all other
files.
(app_t): Move typedef to ...
* scd/app-common.h: here.
--
These changes will make it easier to backport changes from 2.3 to 2.2.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
* common/argparse.c, common/argparse.h: Rewrite.
* tests/gpgscm/main.c: Switch to the new option parser.
* g10/gpg.c: Switch to the new option parser and enable a global conf
file.
* g10/gpgv.c: Ditto.
* agent/gpg-agent.c: Ditto.
* agent/preset-passphrase.c: Ditto.
* agent/protect-tool.c: Ditto.
* scd/scdaemon.c: Ditto.
* dirmngr/dirmngr.c: Ditto.
* dirmngr/dirmngr_ldap.c: Ditto
* dirmngr/dirmngr-client.c: Ditto.
* kbx/kbxutil.c: Ditto.
* tools/gpg-card.c: Ditto.
* tools/gpg-check-pattern.c: Ditto.
* tools/gpg-connect-agent.c: Ditto.
* tools/gpg-pair-tool.c: Ditto.
* tools/gpg-wks-client.c: Ditto.
* tools/gpg-wks-server.c: Ditto.
* tools/gpgconf.c: Ditto.
* tools/gpgsplit.c: Ditto.
* tools/gpgtar.c: Ditto.
* g13/g13.c: Ditto.
* g13/g13-syshelp.c: Ditto. Do not force verbose mode.
* sm/gpgsm.c: Ditto. Add option --no-options.
--
This is backport from master
commit cdbe10b762f38449b86da69076209324b0c99982
commit ba463128ce65a0f347643f7246a8e097c5be19f1
commit 3bc004decd289810bc1b6ad6fb8f47e45c770ce6
commit 2c823bd878fcdbcc4f6c34993e1d0539d9a6b237
commit 0e8f6e2aa98c212442001036fb5178cd6cd8af59
but without changing all functions names to gpgrt. Instead we use
wrapper functions which, when building against old Libgpg-error
versions, are implemented in argparse.c using code from the current
libgpg-error. This allows to keep the dependency requirement at
libgpg-error 1.27 to support older distributions. Tested builds
against 1.27 and 1.40-beta.
Note that g13-syshelp does not anymore default to --verbose because
that can now be enabled in /etc/gnupg/g13-syshelp.conf.
GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
--
It does not make sense to keep support form GnuPG 1 here given that we
don't intend to ever backport any of the current stuff to the legacy
version.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (struct app_local_s): Add keygrip_str.
(store_keygrip): New.
(read_public_key): Store the keygrip.
(get_public_key): Sitto.
(send_keypair_info): USe the stored keygrip.
(check_keyidstr): New. Factored out from other functions and
extended.
(do_sign): Use check_keyidstr.
(do_auth): Ditto.
(do_decipher): Ditto.
(do_check_pin): Ditto.
--
This code is a backport of commits:
b0f0791e4ade845b2a0e2a94dbda4f3bf1ceb039
cd: Factor out a function to check keyidstr.
4c4999b8185ace55eb5f3a6fa7d3dc0a77267b63
scd:openpgp: Allow PKSIGN with keygrip also for OPENPGP.3.
e769609cd3c12d2e26955538399172016f78d2d4
scd: Allow KEYGRIP as KEYIDSTR.
Co-authored-by: NIIBE Yutaka <gniibe@fsij.org>
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/command.c (cmd_serialno): Skip options.
--
SERIALNO --all
works only in 2.3 and thus naive use with 2.2 vesions would conserer
"--all" as the reqyested applications. Fix is easy and should be done
anyway.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sysutils.c (gnupg_fopen) [W32]: Use _wfopen if needed. Use
new function in most places where fopen is used.
--
The config files in 2.2 are still read using fopen - we need to change
this to allow Unicode directory names. There is also one case where
files are written using the old fopen. The new option parser in 2.3
does not have this problem but at some places fopen is also still used.
GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/ccid-driver.c (ccid_require_get_status): For VENDOR_SCM reader,
return 0 only at the initial call.
(bulk_in): Don't detect an error for VENDOR_SCM reader, just kicking
the loop, to invoke scd_update_reader_status_file, which calls
ccid_slot_status again.
(ccid_slot_status): Move the call of ccid_vendor_specific_setup to...
(ccid_get_atr): ... here.
--
For readers with interrupt transfer support, it is only intr_cb which
sets handle->powered_off to 1. Keeping this condition makes no race.
The function ccid_slot_status can also detect a communication error,
which causes apdu_close_reader (but not setting ->powered_off).
GnuPG-bug-id: 5121
Fixes-commit: 920f258eb6018ecec1d63bad6a0fb0772f72affa
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 484bafda4dbf5ffe9e7c41ef24fbc5bd791a3b32)
* scd/command.c (reset_notify): Add option --keep-lock.
(do_reset): Add arg keep_lock.
(cmd_lock): Send progress status.
* g10/call-agent.c (agent_scd_apdu): Add more pseudo APDUs.
* g10/card-util.c (send_apdu): Ditto.
(factory_reset): Use lock commands.
--
This is required so that for example Kleopatra does not detect the
RESET and issues a SERIALNO of its own, thus conflicting with our
SERIALNO undefined.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/ccid-driver.c (ccid_vendor_specific_setup): New. Limit
only for SPR532, excluding other readers by SCM.
(ccid_slot_status): Use ccid_vendor_specific_setup.
--
We follow the setup procedure of libccid implementation, which sends
the escape command for SPR532 only.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>