security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity
9,575 Commits 100 Branches 301 Tags 233 MiB
Commit Graph

991 Commits

Author SHA1 Message Date
NIIBE Yutaka c6dd9ff929 scd: Fix DEVINFO with no --watch. 
* scd/app.c (app_send_devinfo): Fix for outputing once.
* scd/command.c (hlp_devinfo): Fix comment.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-03-15 15:19:11 +09:00
NIIBE Yutaka 665b59a066 Fix previous commit. 
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-03-11 14:09:22 +09:00
NIIBE Yutaka 934864d399 scd: Enhance PASSWD command to accept KEYGRIP optionally. 
* scd/command.c (cmd_passwd): Handle KEYGRIP optionally.

--

GnuPG-bug-id: 5862
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-03-10 11:11:38 +09:00
NIIBE Yutaka d577ed2956 scd: Use same idiom for same work. 
* scd/command.c (cmd_serialno, cmd_getattr): Use 'while' instead of
'for'.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-03-10 11:02:11 +09:00
NIIBE Yutaka 58e6990eaa scd: Fix PK_AUTH with --challenge-response option. 
* scd/app.c (app_auth): It's only APPTYPE_OPENPGP which supports
the challenge response interaction.
* scd/command.c (cmd_pkauth): It only wants if it works or not.

--

GnuPG-bug-id: 5862
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-03-04 10:11:38 +09:00
NIIBE Yutaka 44621120a2 scd: Add --challenge-response option to PK_AUTH for OpenPGP card. 
* scd/app-openpgp.c (rmd160_prefix, sha1_prefix, sha224_prefix)
(sha256_prefix, sha384_prefix, sha512_prefix): Move the scope up.
(gen_challenge): New.
(do_auth): Support challenge-response check if it signs correctly.
* scd/app.c (app_auth): Remove the check INDATA and INDATALEN.
* scd/command.c (cmd_pkauth): Support --challenge-response option.

--

GnuPG-bug-id: 5862
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-03-03 17:45:49 +09:00
NIIBE Yutaka 8e650dbd48 scd: Let READKEY support --format=ssh option. 
* scd/command.c (do_readkey): Support --format=ssh option.
* common/ssh-utils.c (ssh_public_key_in_base64): New.
* common/ssh-utils.h (ssh_public_key_in_base64): New declaration.

--

Code duplication (agent/command-ssh.c) will be cleaned up later.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-03-02 14:07:46 +09:00
Werner Koch 597253ca17
scd:p15: Used extended mode already for RSA 2048 
* scd/app-p15.c (do_sign, do_decipher): Replace GT by GE.
--
 2022-02-21 12:17:08 +01:00
NIIBE Yutaka f9c9938b28 scd,pcsc: Fix error handling for a reader with reader-port. 
* scd/apdu.c (apdu_open_reader): Make sure dl->idx is always
incremented to handle error from open_pcsc_reader correctly.

--

Reported-by: Anže Jenšterle
GnuPG-bug-id: 5758
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-01-04 14:56:29 +09:00
NIIBE Yutaka a575b0aba5 scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE. 
* scd/app-openpgp.c (do_auth): Use extended Lc, when supported.

--

GnuPG-bug-id: 5682
Co-authored-by: Klas Lindfors
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-11-15 11:40:41 +09:00
Jakub Jelen c0b1bcc5c6 scd: Avoid memory leak. 
* scd/command.c (cmd_readkey): Free allocated memory on failure path.

--

GnuPG-bug-id: 5393
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 2021-11-12 15:35:38 +09:00
Werner Koch c36f9917bb
scd: Add new OpenPGP card vendor. 
--
 2021-11-04 16:35:41 +01:00
NIIBE Yutaka 49f7fcb90b scd: Simplify the loop of DEVINFO. 
* scd/app.c (app_send_devinfo): Factor out lock/unlock.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-11-02 14:06:16 +09:00
NIIBE Yutaka 99e00ec6db scd: Fix the previous commit. 
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-10-29 11:47:17 +09:00
NIIBE Yutaka 48e824b6ea scd: Modify DEVINFO behavior to support looping forever. 
* scd/app.c (struct mrsw_lock): Add notify_cond member.
(notify_cond): Remove.
(card_list_r_lock, card_list_r_unlock): Rename.
(card_list_w_lock, card_list_w_unlock): Rename.
(card_list_signal, card_list_wait): New, fixing thinko about
notify/wakeup with MRSW lock.
(app_send_devinfo): Support looping.
(select_application): Notify app_send_devinfo thread for newly
detected device.
(initialize_module_command): Initialize notify_cond member.
(app_wait): Remove.
* scd/command.c (cmd_devinfo): Use new API of app_send_devinfo.
* scd/scdaemon.h (app_wait): Remove.

--

GnuPG-bug-id: 5359
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-10-29 10:58:26 +09:00
NIIBE Yutaka 3918fa1a94 agent,dirmngr,kbx,scd,tpm2d: Use gnupg_sleep. 
* agent/findkey.c (unprotect): Use gnupg_sleep.
* agent/gpg-agent.c (handle_connections): Likewise.
* dirmngr/crlfetch.c (handle_connections): Likewise.
* kbx/keyboxd.c (handle_connections): Likewise.
* tpm2d/tpm3daemon.c (handle_connections): Likewise.
* scd/scdaemon.c (handle_connections): Likewise.
* scd/command.c (cmd_lock): Likewise.
* dirmngr/ldap-wrapper.c (ldap_reaper_thread): Likewise.
(ldap_wrapper_wait_connections): Use gnupg_usleep.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-10-05 14:05:56 +09:00
Werner Koch 255d4d5815
sm: Add LotW support to the key listing 
* sm/certdump.c (parse_dn_part): Translate OID to "Callsign"
* sm/keylist.c (oidtranstbl): Some more OIDs.
--

This is Ham thingy to make it easier to read LotW certificates.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2021-09-09 13:30:22 +02:00
NIIBE Yutaka 1565baa93a scd: Don't release the context until list_finish for PC/SC. 
* scd/apdu.c (apdu_dev_list_start): Increment PCSC.COUNT here.
(apdu_dev_list_finish): Decrement PCSC.COUNT.

--

GnuPG-bug-id: 5416
Fixes-commit: 32baa9acfb
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-08-20 15:22:28 +09:00
NIIBE Yutaka 5c8124b8b9 scd: Small clean up for card access. 
* scd/app.c (app_get_challenge): Remove the check to ref_count.
* scd/command.c (send_client_notifications): Update comments.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-07-22 11:22:47 +09:00
NIIBE Yutaka 50ad29f9a7 scd: Fix direct use of card with no ctrl->card_ctx. 
* scd/app.c (maybe_switch_app): Remove check of ref_count.

--

Fixes-commit: 0d6b4210cf
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-07-22 09:43:30 +09:00
NIIBE Yutaka 0d6b4210cf scd: Fix access to list of cards (3/3). 
* scd/app-common.h (card_reset): Simplify more.
(select_additional_application): Supply CARD.
(card_ref, card_unref): Remove.
(card_get, card_put): New.
* scd/app.c (card_reset): No locking/unlocking inside.
(app_switch_current_card): Fix comment.
(select_additional_application): No locking/unlocking inside.
(do_with_keygrip): New, unlocked version.
(card_get): New, with support of KEYGRIP.
(card_unref): Remove.
(card_put): New.
(app_write_learn_status, app_readcert: No locking/unlocking inside.
(app_readkey, app_getattr, app_setattr, app_sign, app_auth): Likewise.
(app_decipher, app_writecert, app_writekey): Likewise.
(app_genkey, app_get_challenge, app_change_pin): Likewise.
(app_check_pin, app_switch_active_app): Likewise.
* scd/command.c (do_reset): Use card_get/card_put.
(open_card_with_request): Use card_get/card_put, return CARD locked.
(cmd_serialno): Follow the change of open_card_with_request.
(cmd_switchapp): Use card_get/card_put.
(cmd_learn, cmd_readcert, cmd_readkey, cmd_pksign): Likewise.
(cmd_pkauth, cmd_pkdecrypt, cmd_getattr): Likewise.
(cmd_setattr, cmd_writecert, cmd_writekey): Likewise.
(cmd_genkey, cmd_random, cmd_passwd): Likewise.
(cmd_checkpin, cmd_getinfo, cmd_restart): Likewise.
(cmd_disconnect, cmd_apdu, cmd_devinfo): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-07-21 17:22:26 +09:00
NIIBE Yutaka b436fb6766 scd: Fix access to list of cards (2/3). 
* scd/app-common.h (card_reset, select_application): Simplify.
* scd/app.c (card_reset, select_application): Simplify.
* scd/command.c (do_reset): Follow the change.
(open_card, open_card_with_request): Follow the change.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-07-21 15:59:03 +09:00
NIIBE Yutaka 216945a80e scd: Fix access to list of cards (1/3). 
* scd/app.c (card_list_lock): Use MRSW lock.
(lock_r_card_list, unlock_r_card_list): New.
(lock_w_card_list, unlock_w_card_list): New.
(app_dump_state, app_send_devinfo): Use the MRSW lock.
(select_application, app_switch_current_card): Likewise.
(scd_update_reader_status_file): Likewise.
(initialize_module_command, send_card_and_app_list): Likewise.
(app_do_with_keygrip, app_wait): Likewise.

--

GnuPG-bug-id: 5524
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-07-21 15:34:16 +09:00
Werner Koch 924c8221fb
scd: Silence compiler waring about unused args. 
--
 2021-07-08 14:11:10 +02:00
NIIBE Yutaka 044e5a3c38 scd: Detect external interference when PCSC_SHARED. 
* scd/app-common.h (check_aid): New method.
* scd/app-openpgp.c (do_check_aid): New.
* scd/app-piv.c (do_check_aid): New.
* scd/app.c (check_external_interference): New.
(maybe_switch_app): Check interference to determine switching is
needed.

--

GnuPG-bug-id: 5484
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-07-06 14:52:29 +09:00
NIIBE Yutaka 25ae80b8eb scd:ccid: Handle LIBUSB_TRANSFER_OVERFLOW interrupt transfer. 
* scd/ccid-driver.c (intr_cb): Ignore LIBUSB_TRANSFER_OVERFLOW.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-06-23 12:08:20 +09:00
Werner Koch e387cc97c8
scd:p15: Prepare AODF parsing for other authentication types. 
* scd/app-p15.c (auth_type_t): New.
(struct aodf_object_s): Add field auth_type.
(read_ef_aodf): Distinguish between pin and authkey types.  Include
the authtype in the verbose mode diags.
--

Note that the bulk of chnages are just indentation chnages.  There
should be no functional change.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2021-06-22 11:11:46 +02:00
Werner Koch 029924a46e
scd:p15: Add pre-check for ascii-numeric PINs. 
* scd/app-p15.c (verify_pin): acii-numerix is different than BCD.
 2021-06-18 18:02:08 +02:00
Werner Koch 544ec7872a
scd:p15: Add basic support for AET JCOP cards. 
* scd/app-p15.c (CARD_TYPE_AET): New.
(cardtype2str): Add string.
(card_atr_list): Add corresponding ATR.
(app_local_s): New flag no_extended_mode.  Turn two other flags into
bit flags.
(select_ef_by_path): Hack to handle the 3FFF thing.
(readcert_by_cdf): Do not use etxended mode for AET.
(app_select_p15): Set no_extended_mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2021-06-18 17:42:38 +02:00
Werner Koch 7a8545c91b
scd:p15: Handle cards with bad encoded path objects. 
* scd/app-p15.c (read_ef_prkdf, read_ef_pukdf)
(read_ef_cdf, read_ef_aodf): Allow for a zero length path and
correctly skip unsupported auth types.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
 2021-06-18 17:42:38 +02:00
Werner Koch 44f977d0e3
scd: Improve reading of binary records. 
* scd/iso7816.c (iso7816_read_binary_ext): Handle the 0x6a86 SW the
same as 6b00.
* scd/apdu.c (apdu_get_atr): Modify debug messages.
* scd/app-p15.c (app_select_p15): Print FCI on error.
(read_p15_info): Clean up diag in presence of debug options.
--

Some cards return 6a86 instead of 6b00.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2021-06-18 17:42:38 +02:00
NIIBE Yutaka 7718244168 scd: Fix RESET handling. 
* scd/app.c (scd_update_reader_status_file): Clear ->reset_requested.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-06-17 16:07:09 +09:00
NIIBE Yutaka 4e02db75e3 scd: Support clearing of Reset Code by ''. 
* scd/app-openpgp.c (do_change_pin): Allow null-string.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-06-11 13:42:01 +09:00
Werner Koch cd53c6d0f3
scd: Add new card vendor. 
--
 2021-06-10 21:55:36 +02:00
NIIBE Yutaka c3a9ee0b65 scd: Fix serial number detection for Yubikey 5. 
* scd/app.c (app_new_register): Handle serial number correctly.

--

GnuPG-bug-id: 5442
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-06-08 10:37:48 +09:00
NIIBE Yutaka ee5b6af370 scd: Fix READER-PORT option handling for PC/SC. 
* scd/apdu.c (apdu_open_reader): READERNO should be -1 when
READER-PORT is specified for PC/SC.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-06-07 11:38:25 +09:00
NIIBE Yutaka 5b1806454c scd: Fix zero-byte handling in ECC. 
* scd/app-openpgp.c (ecc_writekey): Don't remove zero-byte.

--

Fixes-commit: a25c99b156
GnuPG-bug-id: 5163
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-05-28 11:34:56 +09:00
Jakub Jelen 27e7bde12e
scd: avoid memory leaks 
* scd/app-p15.c (send_certinfo): free labelbuf
  (do_sign): goto leave instead of return
* scd/app-piv.c (do_sign): goto leave instead of return, fix typo in
  variable name, avoid using uninitialized variables
* scd/command.c (cmd_genkey): goto leave instead of return

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
GnuPG-bug-id: 5393
 2021-05-20 14:48:18 +02:00
Ingo Klöcker 65bc5ea95e scd:p15: Fix logic for appending product name to MANUFACTURER. 
* scd/app-p15.c (do_getattr): Append product name to MANUFACTURER if
manufacturer_id does not already contain a bracket and if we have a
product name.
 2021-05-18 09:45:06 +02:00
NIIBE Yutaka 58b330e935 scd: Remove wrong assertion and add protection to PCSC.COUNT. 
* scd/apdu.c (apdu_dev_list_finish): Fix for calling
release_pcsc_context.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-05-14 13:06:10 +09:00
Werner Koch 965bb0693c
A few minor code cleanups and typo fixes. 
* agent/command-ssh.c (ssh_handler_request_identities): Remove double
check of ERR.
* g10/getkey.c (get_pubkey_byname): Remove double use of break.
* g10/pkglue.c (pk_encrypt): Handle possible NULL-ptr access due to
failed malloc.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2021-05-11 09:06:34 +02:00
NIIBE Yutaka 32baa9acfb scd: Serialize READER_TABLE access for PC/SC. 
* scd/apdu.c (apdu_dev_list_start): Remove locking READER_TABLE_LOCK.
Don't increment PCSC.COUNT here.
(apdu_dev_list_finish): Don't decrement PCSC.COUNT here.
(apdu_open_reader): Protect access with READER_TABLE_LOCK.

--

GnuPG-bug-id: 5416
Fixes-commit: 8d81fd7c01
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-05-11 10:25:12 +09:00
NIIBE Yutaka ec5591dc4e scd: Fix close_pcsc_reader. 
* scd/apdu.c (close_pcsc_reader): Don't touch .RDRNAME field.
(apdu_dev_list_finish): Clear .RDRNAME field and replace call of
close_pcsc_reader by release_pcsc_context.  Add assertion.

--

GnuPG-bug-id: 5416
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-05-10 10:49:21 +09:00
NIIBE Yutaka cccc9bd5db scd: Make sure releasing PC/SC context. 
* scd/apdu.c (release_pcsc_context): New.
(close_pcsc_reader): Use release_pcsc_context.  Add assertion.
(apdu_dev_list_start): Replace call of close_pcsc_reader
into release_pcsc_context, add condition.

--

GnuPG-bug-id: 5416
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-05-10 10:31:08 +09:00
NIIBE Yutaka 0498ea8fbd scd: Increment PCSC.COUNT correctly. 
* scd/apdu.c (open_pcsc_reader): PCSC.COUNT should
be incremented before possible call of close_pcsc_reader.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-05-07 11:25:20 +09:00
NIIBE Yutaka 5d1b413106 scd: Fix memory leak for RDRNAME and serialize access. 
* scd/apdu.c (close_pcsc_reader): Move locking to...
(apdu_close_reader): ... here, as it's also needed for CCID driver.
Free RDRNAME when closed.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-05-07 10:48:13 +09:00
NIIBE Yutaka 039aed9d40 scd: Fix declarations for PC/SC access. 
* scd/apdu.c (pcsc_begin_transaction, pcsc_transmit): Use HANDLE.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-05-07 07:11:17 +09:00
NIIBE Yutaka 53bdc6288f scd: Recover the partial match for PORTSTR for PC/SC. 
* scd/apdu.c (apdu_open_reader): Allow partial match of
PORTSTR again just like 2.2 does.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-05-06 19:08:34 +09:00
NIIBE Yutaka d6fe82d3d1 scd: When reader is specified, make sure only open once. 
* scd/apdu.c (apdu_open_reader): Make sure not to try multiple times,
when PORTSTR is specified.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-05-06 19:05:30 +09:00
Werner Koch 8d81fd7c01
scd: Fix PC/SC removed card problem 
* scd/apdu.c (pcsc_cancel): New.
(pcsc_init): Load new function.
(connect_pcsc_card): Use it after a removed card error.
--

Well, that was easier than I expected yesterday.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2021-04-29 09:14:25 +02:00