1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-24 10:39:57 +01:00

3756 Commits

Author SHA1 Message Date
NIIBE Yutaka
15200f7001 SCD: Support fixed length PIN input for keypad.
* scd/iso7816.h (struct pininfo_s): Remove MODE and add FIXEDLEN.
* scd/app-dinsig.c (verify_pin): Initialize FIXEDLEN to unknown.
* scd/app-nks.c (verify_pin): Likewise.
* scd/app-openpgp.c (verify_a_chv, verify_chv3, do_change_pin):
Likewise.
* scd/apdu.c (check_pcsc_keypad): Add comment.
(pcsc_keypad_verify, pcsc_keypad_modify): PC/SC driver only support
readers with the feature of variable length input (yet).
(apdu_check_keypad): Set FIXEDLEN.
* scd/ccid-driver.c (ccid_transceive_secure): Add GEMPC_PINPAD
specific settings.
Support fixed length PIN input for keypad.
2013-02-05 14:11:19 +09:00
NIIBE Yutaka
4fe024cf33 SCD: API cleanup for keypad handling.
* scd/iso7816.h (struct pininfo_s): Rename from iso7816_pininfo_s.
Change meaning of MODE.
(pininfo_t): Rename from iso7816_pininfo_t.
* scd/sc-copykeys.c: Include "iso7816.h".
* scd/scdaemon.c, scd/command.c: Likewise.
* scd/ccid-driver.c: Include "scdaemon.h" and "iso7816.h".
(ccid_transceive_secure): Follow the change of PININFO_T.
* scd/app.c: Include "apdu.h" after "iso7816.h".
* scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp)
(iso7816_change_reference_data_kp): Follow the change of API.
* scd/apdu.c (struct reader_table_s): Change API of CHECK_KEYPAD,
KEYPAD_VERIFY, KEYPAD_MODIFY to have arg of PININFO_T.
(check_pcsc_keypad, check_ccid_keypad): Likewise.
(apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify): Likewise.
(pcsc_keypad_verify, pcsc_keypad_modify, ct_send_apdu)
(pcsc_send_apdu_direct,  pcsc_send_apdu_wrapped, pcsc_send_apdu)
(send_apdu_ccid, ccid_keypad_operation, my_rapdu_send_apdu, send_apdu)
(send_le): Follow the change of API.
* scd/apdu.h (apdu_check_keypad, apdu_keypad_verify)
(apdu_keypad_modify): Change the API.
* scd/app-dinsig.c, scd/app-nks.c, scd/app-openpgp.c: Follow the
change.
2013-02-05 14:09:47 +09:00
NIIBE Yutaka
3d863c298b SCD: Clean up. Remove PADLEN for keypad input.
* scd/apdu.c (struct pininfo_s): Use iso7816_pininfo_s.
(struct reader_table_s): Remove last arg from check_keypad method.
(check_pcsc_keypad, check_pcsc_keypad): Remove PIN_PADLEN.
(pcsc_keypad_verify, pcsc_keypad_modify): Don't check PIN_PADLEN.
(send_apdu_ccid, ccid_keypad_operation): Remove PIN_PADLEN.
(apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify):
Likewise.

* scd/apdu.h (apdu_check_keypad, apdu_keypad_verify)
(apdu_keypad_modify): Remove PIN_PADLEN.

* scd/ccid-driver.c (ccid_transceive_secure): Remove PIN_PADLEN.

* scd/ccid-driver.h (ccid_transceive_secure): Remove PIN_PADLEN.

* scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp)
(iso7816_change_reference_data_kp): Remove PADLEN.

* scd/iso7816.h (struct iso7816_pininfo_s): Remove PADLEN, PADCHAR.
--
In the OpenPGPcard specification, password comes with no padding.  In
GnuPG, we support keypad input for OpenPGPcard only.  Thus, it is
useless to try to support padding for keypad input.
2013-02-05 14:07:53 +09:00
NIIBE Yutaka
7c110e997a SCD: Add option enable-keypad-varlen and support for GEMPC_PINPAD.
* scd/scdaemon.h (opt): Add enable_keypad_varlen.
* scd/scdaemon.c (cmd_and_opt_values): Add oEnableKeypadVarlen.
(opts, main): Add oEnableKeypadVarlen.
* scd/ccid-driver.c (GEMPC_PINPAD): New.
(ccid_transceive_secure): Add enable_varlen handling.
Enable GEMPC_PINPAD.
--
Note that GEMPC_PINPAD doesn't support variable length keypad input.
The feature of fixed length keypad input will be added soon.
2013-02-05 14:05:07 +09:00
NIIBE Yutaka
2dbd347fbe SCD: Support not-so-smart card readers.
* scd/ccid-driver.c (struct ccid_driver_s): Add auto_voltage,
auto_param, and auto_pps.
(parse_ccid_descriptor): Set auto_voltage, auto_param, and auto_pps.
Support non-autoconf readers.
(update_param_by_atr): New.
(ccid_get_atr): Use 5V for PowerOn when auto_voltage is not supported.
Use 0x10 when nonnull_nad for SetParameters.
Call update_param_by_atr for parsing ATR, and use param for
SetParameters.
Send PPS if reader requires it and card is negotiable.
When bNadValue in the return values of SetParameters == 0,
clear handle->nonnull_nad flag.
--
This change is to support more card readers by the internal driver.
Tested with 08e6:3478 Gemplus PinPad Smart Card Reader.
2013-02-05 14:03:01 +09:00
NIIBE Yutaka
e8ea10990d SCD: Hold lock for pinpad input.
* scd/apdu.c (apdu_check_keypad, apdu_keypad_verify)
(apdu_keypad_modify): Hold lock to serialize communication.
2013-02-04 10:13:00 +09:00
NIIBE Yutaka
42dd3956cc agent: kill pinentry by SIGINT, fixing a bug to be killed by SIGINT.
* agent/call-pinentry.c (atfork_cb): Reset signal mask and signal
handler for child process.
(agent_popup_message_stop): Send SIGINT (was: SIGKILL).
--
pinentry-curses should be killed by SIGINT, so that it can reset
terminal settings, but it didn't work.
2013-02-04 09:07:22 +09:00
Christian Aistleitner
3cfe527fa5 gpg: Fix honoring --cert-digest-algo when recreating a cert
* g10/sign.c (update_keysig_packet): Override original signature's
digest algo in hashed data and for hash computation.
2013-01-11 13:51:18 +01:00
NIIBE Yutaka
00c9082632 Update Japanese Translation.
* po/ja.po: Fix wrong translations for designated revocation.
Reported by Hideki Saito.
2013-01-07 10:41:21 +09:00
Werner Koch
f395a3e7ef gpg: Detect Keybox files and print a diagnostic.
* g10/keydb.c (KEYDB_RESOURCE_TYPE_KEYBOX): New.
(keydb_add_resource): Handle scheme "gnupg-kbx:".  Detect Keybox
magic.  Print wanrning note for Keybox.
(keydb_new, keydb_release, keydb_get_resource_name)
(lock_all, unlock_all, keydb_get_keyblock)
(keydb_update_keyblock, keydb_insert_keyblock, keydb_delete_keyblock)
(keydb_locate_writable, keydb_rebuild_caches, keydb_search_reset)
(keydb_search2): Ignore Keybox type in switches.
* g10/gpg.h (G10ERR_UNSUPPORTED): Map to correct gpg-error value.
--

GnuPG 2.1 will support Keybox files in GPG and thus users might see
weird error messages if they accidentally use a keybox file with 2.0.
Better print a note here.
2013-01-03 20:21:20 +01:00
Werner Koch
c291ebaf6f Remove trailing white space from some files.
--
2013-01-03 20:11:54 +01:00
NIIBE Yutaka
f484d8b28b Update Japanese Translation
* po/ja.po: Fix terms and expressions.
2012-12-30 00:24:20 +09:00
NIIBE Yutaka
b87265cd30 Update Japanese Translation
* po/ja.po: Translate all untranslated messages.
2012-12-29 20:52:38 +09:00
NIIBE Yutaka
e2c939d570 Update Japanese Translation
* po/ja.po: Fix all fuzzy translations.  Fill some of unstanslated
messages.
2012-12-27 16:06:52 +09:00
NIIBE Yutaka
ec008b94f3 Update Japanese Translation
* po/ja.po: Remove old entries.
2012-12-27 16:02:28 +09:00
NIIBE Yutaka
7baae3e095 Update Japanese Translation
* po/ja.po: Fix headers.  Update by msgmerge -U ja.po gnupg2.pot.
2012-12-27 15:57:44 +09:00
NIIBE Yutaka
da0ee97cbc Update Japanese tranlation
* po/ja.po: Change the encoding to UTF-8 (was: EUC-JP).
2012-12-27 15:45:53 +09:00
David Shaw
8c32d4de57 Make sure srvcount is initialized.
* keyserver/gpgkeys_hkp.c (srv_replace): Initialize srvcount.
2012-12-20 18:12:29 -05:00
Werner Koch
498882296f gpg: Import only packets which are allowed in a keyblock.
* g10/import.c (valid_keyblock_packet): New.
(read_block): Store only valid packets.
--

A corrupted key, which for example included a mangled public key
encrypted packet, used to corrupt the keyring.  This change skips all
packets which are not allowed in a keyblock.

GnuPG-bug-id: 1455

(cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e)
2012-12-20 11:52:04 +01:00
Werner Koch
20c95ef258 Fixed indentation and indented cpp directives
--
2012-12-19 15:30:17 +01:00
Werner Koch
d23ec86095 gpg: Make commit 258192d4 actually work
* g10/sign.c (update_keysig_packet): Use digest_algo.
2012-12-19 11:47:23 +01:00
Werner Koch
75404e2dad gpg: Suppress "public key already present" in quiet mode.
* g10/pkclist.c (build_pk_list): Print two diagnostics only in
non-quiet mode.
--

(back-ported from commit 8325d616593187ff227853de0295e3269b96edcb)
2012-12-19 11:29:37 +01:00
Werner Koch
febb8ace98 Remove trailing white space from a file
--
2012-12-19 11:27:11 +01:00
Werner Koch
3d78be2886 State that disclaimers are not anymore needed for translations.
--
2012-12-18 19:54:23 +01:00
Werner Koch
8ea49cf513 jnlib: Add meta option ignore-invalid-option.
* jnlib/argparse.c (iio_item_def_s, IIO_ITEM_DEF): New.
(initialize): Init field IIO_LIST.
(ignore_invalid_option_p): New.
(ignore_invalid_option_add): New.
(ignore_invalid_option_clear): New.
(optfile_parse): Implement meta option.
--

This option is currently of no use.  However, as soon as it has been
deployed in all stable versions of GnuPG, it will allow the use of the
same configuration file with an old and a new version of GnuPG.  For
example: If a new version implements the option "foobar", and a user
uses it in gpg.conf, an old version of gpg would bail out with the
error "invalid option".  To avoid that the following line can be put
above that option in gpg.conf

  ignore-invalid-option foobar

This meta option may be given several times or several option names
may be given as arguments (space delimited).  Note that this option is
not available on the command line.

(cherry-picked from commit 41d564333d35c923f473aa90625d91f8fe18cd0b)
2012-12-18 18:31:54 +01:00
David Shaw
732f3d1d47 No point in defaulting try-dns-srv to on if we don't have SRV support.
* keyserver/gpgkeys_hkp.c (main): Only default try-dns-srv to on if we
  have SRV support in the first place.
2012-12-18 00:08:51 -05:00
David Shaw
6b1f71055e Issue 1447: Pass proper Host header and SNI when SRV is used with curl.
* configure.ac: Check for inet_ntop.

* m4/libcurl.m4: Provide a #define for the version of the curl
  library.

* keyserver/gpgkeys_hkp.c (main, srv_replace): Call getaddrinfo() on
  each target.  Once we find one that resolves to an address (whether
  IPv4 or IPv6), pass it into libcurl via CURLOPT_RESOLVE using the
  SRV name as the "host".  Force the HTTP Host header to be the same.
2012-12-17 23:52:15 -05:00
David Shaw
cbe98b2cb1 Part of issue 1447: Pass proper Host header when SRV is used.
* common/http.c (send_request, connect_server): Set proper Host header
  (no :port, host is that of the SRV) when SRV is used in the
  curl-shim.
2012-12-15 10:35:19 -05:00
David Shaw
ba9e974f1f Fix issue 1446: honor ports given in SRV responses.
* common/http.c (send_request, connect_server, http_open): Use a
  struct srv instead of a single srvtag so we can pass the chosen host
  and port back to the caller.
  (connect_server): Use the proper port in the HAVE_GETADDRINFO case.

* keyserver/curl-shim.c (curl_easy_perform): Use struct srv and log
  chosen host and port.

* keyserver/gpgkeys_hkp.c (main): Properly take the port given by SRV.
2012-12-15 10:11:11 -05:00
NIIBE Yutaka
3e7cc25d4a SCD: Fix the process of writing key or generating key.
* scd/app-openpgp.c (store_fpr): Flush KEY-FPR and KEY-TIME.
2012-12-13 13:36:23 +09:00
NIIBE Yutaka
0d7cf7bb06 Revert SCD changes of 2010-05-03 (scd/ChangeLog 2010-03-17).
* scd/apdu.c (pcsc_no_service): Remove.
(open_pcsc_reader_direct, open_pcsc_reader_wrapped): Remove
pcsc_no_service support.
(apdu_open_reader): Remove R_NO_SERVICE.
* scd/apdu.h (apdu_open_reader): Remove R_NO_SERVICE.
* scd/command.c (reader_disabled): Remove.
(get_reader_slot): Follow the change of R_NO_SERVICE.
(open_card, cmd_serialno, scd_command_handler): Remove reader_disabled
support.
* scd/sc-copykeys.c (main): Follow the change of R_NO_SERVICE.
--
Daemon should handle all possible cases.  Even if such a difficult
case like reader_disabled, it should not exit.
2012-12-07 10:31:37 +09:00
NIIBE Yutaka
9afd2bb7fb Don't keep opening unavailable card reader.
* scd/command.c (update_reader_status_file): Don't call
get_reader_slot.

--
This fix has a impact that the insertion of a card reader will not be
detected upon the insertion, but will be deferred until user tries to
access his card.
2012-12-07 10:13:05 +09:00
David Shaw
2ee9fe4bc2 Update sample keys 2012-11-30 13:14:09 -05:00
David Shaw
3d0c386011 The keyserver search menu should honor --keyid-format
* keyserver.c (print_keyrec): Honor --keyid-format when getting back
  full fingerprints from the keyserver (the comment in the code was
  correct, the code was not).
2012-11-29 13:06:39 -05:00
Werner Koch
978878b1be Fix printing of ECC algo names in hkp keyserver listings.
* g10/misc.c (map_pk_openpgp_to_gcry): New.
* g10/keyserver.c (print_keyrec): Map OpenPGP algorithm ids.
--

Although we don't have support for ECC, we want to print a proper
algorithm name in keyserver listings.  This will only work while using
a ECC enabled Libgcrypt.  Problem reported by Kristian Fiskerstrand.
2012-11-27 17:35:16 +01:00
Werner Koch
ab4ea45f54 Allow decryption with card keys > 3072 bit
* scd/command.c (MAXLEN_SETDATA): New.
(cmd_setdata): Add option --append.
* g10/call-agent.c (agent_scd_pkdecrypt): Use new option for long data

* scd/app-openpgp.c (struct app_local_s): Add field manufacturer.
(app_select_openpgp): Store manufacturer.
(do_decipher): Print a note for broken cards.

--

Please note that I was not able to run a full test because I only have
broken cards (S/N < 346) available.
2012-11-06 14:39:22 +01:00
Werner Koch
c0a20d6124 Remove trailing white space from some files
--
2012-11-06 14:34:32 +01:00
NIIBE Yutaka
d5c46ac6f4 agent: Fix wrong use of gcry_sexp_build_array
* findkey.c (agent_public_key_from_file): Fix use of
gcry_sexp_build_array.

--
A test case leading to a segv in Libgcrypt is

  gpg-connect-agent \
    "READKEY 9277C5875C8AFFCB727661C18BE4E0A0DEED9260" /bye

The keygrip was created by "monkeysphere s", which has a comment.

gcry_sexp_build_array expects pointers to the arguments which is quite
surprising.  Probably ARG_NEXT was accidentally implemented wrongly.
Anyway, we can't do anything about it and thus need to fix the check
the users of this function.

Some-comments-by: Werner Koch <wk@gnupg.org>
2012-11-02 16:32:15 +01:00
NIIBE Yutaka
80a34c0b50 SCD: Upon error, open_pcsc_reader_wrapped does same as _direct.
* scd/apdu.c (PCSC_E_NO_SERVICE): New.
(open_pcsc_reader_direct): Use PCSC_E_NO_SERVICE.
(open_pcsc_reader_wrapped): Set pcsc_no_service.
2012-10-31 11:02:58 +09:00
Werner Koch
51a4df9d4a Update French translation
* po/fr.po: Update.
2012-08-24 17:36:55 +02:00
Werner Koch
1b4ddbedcf Fix German translation and msgmerge other po files
--
2012-08-24 11:30:41 +02:00
David Prévot
1c2f80cf1b Fix typos spotted during translations
agent/genkey.c: s/to to/to/
sm/*.c: s/failed to allocated/failed to allocate/
sm/certlist.c: s/should have not/should not have/

Consistency fix:

* g10/gpg.c, kbx/kbxutil.c, sm/gpgsm.c: uppercase after Syntax
2012-08-24 10:34:43 +02:00
David Prévot
bc95b35289 Actually show translators comments in PO files 2012-08-24 10:33:28 +02:00
David Prévot
5ae8ecd21f Keep previous msgids of translated messages
* po/Makefile.in.in: Use --previous with msgmerge.
2012-08-24 10:33:14 +02:00
NIIBE Yutaka
b6b08b6b93 scd: Add forgotten VENDOR_FSIJ to ccid-driver.
* scd/ccid-driver.c (ccid_transceive_secure): Handle VENDOR_FSIJ.
2012-07-20 16:34:07 +09:00
NIIBE Yutaka
34b78c7d82 scd: handle reader/token removal.
* scd/apdu.c (pcsc_error_to_sw): PCSC_E_UNKNOWN_READER means
SW_HOST_NO_READER.
2012-06-25 10:04:23 +09:00
NIIBE Yutaka
8db2e4039f scd: Fix updating slot status.
* scd/comman.c (do_reset): Let clear card_removed flag.
2012-06-25 10:04:23 +09:00
NIIBE Yutaka
4f557cb9c2 scd: acquire lock in new_reader_slot.
* scd/apdu.c (new_reader_slot): Acquire lock.
  (open_ct_reader, open_pcsc_reader_direct, open_pcsc_reader_wrapped)
  (open_ccid_reader, open_rapdu_reader): Release lock.

--
Fixes a test case of:
   No libpcsclite1 installed.
   Run gpg-agent
   Run command "gpg-connect-agent learn /bye" with no card/token
   Sometimes it fails: ERR 100663356 Not supported <SCD>
   While it should be always: ERR 100663404 Card error <SCD>
2012-06-25 10:04:23 +09:00
NIIBE Yutaka
233b5ab1ad scd: move lock_slot, trylock_slot, unlock_slot functions.
* scd/apdu.c (lock_slot, trylock_slot, unlock_slot): Move.

--
This is for upcoming changes.
2012-06-25 10:04:23 +09:00
NIIBE Yutaka
8cb0209022 scd: Fix merge mistake.
* scd/iso7816.c (iso7816_reset_retry_counter): Implement.
2012-06-25 10:04:23 +09:00