1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

1079 Commits

Author SHA1 Message Date
Werner Koch
9de180c6d2
doc: Minor comment fixes.
--
2023-02-23 10:23:56 +01:00
Werner Koch
061efac03f
scd:p15: Skip deleted records.
* scd/app-p15.c (select_and_read_record): Special case deleted
records.  Support 3 byte TLVs.
(read_ef_prkdf): Skip deleted records.
(read_ef_pukdf): Ditto.
(read_ef_cdf): Ditto.
(read_ef_aodf): Ditto.
--

This fixes a problem with some CardOS 5 applications.
2022-12-09 08:49:28 +01:00
Werner Koch
9f7ff43672
scd: Redact --debug cardio output of a VERIFY APDU.
* scd/apdu.c (pcsc_send_apdu) [DBG_CARD_IO]: Detect and redact a
VERIFY.
(send_apdu_ccid): Ditto.
--

This should handle the most common case.
GnuPG-bug-id: 5085
2022-11-17 14:33:18 +01:00
Werner Koch
2c4757352d
scd:nks: Fix ECC signing if key not given by keygrip.
* scd/app-nks.c (keygripstr_from_pk_file): Set r_algo if not in cache.
2022-11-15 14:52:40 +01:00
Werner Koch
8361e13ef2
scd:nks: Support non-ESIGN signing with the Signature Card v2
* scd/app-nks.c (do_sign): Handle ECC for NKS cards
2022-10-25 11:57:23 +02:00
NIIBE Yutaka
3d7dbf1661
agent,dirmngr,gpg,scd: Clean up for modern compiler.
* agent/protect.c (agent_get_shadow_info_type): It's a write only
variable, useful for debugging.
* g10/key-check.c (key_check_all_keysigs): Likewise.
* g10/keyedit.c (show_basic_key_info, menu_expire): Likewise.
* scd/app-sc-hsm.c (read_ef_prkd): Likewise.
* dirmngr/crlfetch.c (fetch_next_ksba_cert): Initialize the vars.
* dirmngr/ks-action.c (ks_action_help): Remove unused variables.
* dirmngr/server.c (make_keyserver_item): Likewise.
* dirmngr/validate.c (check_cert_sig): Initialize the variable.
* scd/app-p15.c (select_and_read_record): Likewise.
* tests/gpgscm/scheme.c (scheme_init_new): A function with no args.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-14 12:08:58 +09:00
NIIBE Yutaka
87d4338ed1
gpg,common,scd,sm: Function prototype fixes for modern compiler.
* common/gettime.c (gnupg_get_time): It has no arguments.
* common/signal.c (gnupg_block_all_signals): Likewise.
(gnupg_unblock_all_signals): Likewise.
* common/utf8conv.c (get_native_charset): Likewise.
* g10/cpr.c (is_status_enabled, cpr_enabled): Likewise.
* g10/getkey.c (getkey_disable_caches): Likewise.
* g10/keygen.c (ask_expiredate): Likewise.
* g10/passphrase.c (have_static_passphrase): Likewise.
(get_last_passphrase): Likewise.
* g10/tdbio.c (tdbio_is_dirty, tdbio_sync): Likewise.
(tdbio_get_dbname, open_db, tdbio_db_matches_options): Likewise.
(tdbio_read_nextcheck): Likewise.
* g10/trustdb.c (how_to_fix_the_trustdb): Likewise.
* scd/scdaemon.c (scd_get_socket_name): Likewise.
* sm/passphrase.c (have_static_passphrase): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-13 16:34:00 +09:00
NIIBE Yutaka
6df8608c3e scd: Add npth_unprotect/npth_protect for blocking operations.
* scd/ccid-driver.c (ccid_open_usb_reader): Name the thread.
(ccid_vendor_specific_setup, ccid_open_usb_reader): Wrap
blocking operations by npth_unprotect/npth_protect.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-08-25 13:13:11 +09:00
Werner Koch
f4b01ddc6a
scd: Add a libusb debug level.
* scd/ccid-driver.c (USE_LIBUSB_DEBUG_CB): New const.
(debug_libusb_cb): new.
(ccid_set_debug_level): Use it.
--

This allows to see the libusb log in our usual debug output.  For this
the option debug-ccid-driver needs to be given 5 or more times.
2022-08-22 12:05:18 +02:00
Werner Koch
67e510cbf7
scd:opengpg: Minor vendor name fix
--
2022-07-28 13:06:03 +02:00
Werner Koch
6d9c8a1cbc
scd:openpgp: New vendor
--
2022-07-28 09:01:24 +02:00
NIIBE Yutaka
f34b9147eb scd:openpgp: Fix workaround for Yubikey heuristics.
* scd/app-openpgp.c (parse_algorithm_attribute): Handle the case
of firmware 5.4, too.

--

GnuPG-bug-id: 6070
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-07-13 10:40:55 +09:00
NIIBE Yutaka
dd600bbc84 scd: Support specifying keygrip for learn command.
* scd/command.c (cmd_learn): Allow keygrip argument.

--

GnuPG-bug-id: 6002
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-10 13:54:03 +09:00
NIIBE Yutaka
273b8ec193 scd,openpgp: Support READCERT by keygrip.
* scd/app-openpgp.c (do_readcert): Allow use of keygrip.

--

GnuPG-bug-id: 6002
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-10 11:45:26 +09:00
Werner Koch
3a2fb1c306
scd:nks: Don't flag the ESIGN keypair EF as encryption capable.
* scd/app-nks.c (filelist): Tweak 0x4531.
--

Actually the certificate has no encryption usage but we should also
tell that via KEYINFO so that this key is never tried to create an
encryption certificate.
2022-06-01 17:55:49 +02:00
Werner Koch
b92b3206e7
scd:nks: Some code cleanup.
* scd/app-nks.c (find_fid_by_keyref): Factor keyref parsing out to ...
(parse_keyref): new.
(do_readcert): Use new function instead of partly duplicated code.
Make detection of keygrip more robust.
(do_readkey): Make detection of keygrip more robust.
(do_with_keygrip): Use get_nks_tag.
--

Also added a couple of comments.
2022-06-01 17:52:42 +02:00
Werner Koch
07eaf006c2
scd:nks: Support the Telesec ESIGN application.
* scd/app-nks.c (find_fid_by_keyref): Disable the cache for now.
(readcert_from_ef): Considere an all zero certificate as not found.
(do_sign): Support ECC and the ESIGN application.
--

This allows me to create qualified signatures using my Telesec card.
There is of course more work to do but this is the first step.

Note: The design of the FID cache needs to be reconsidered.  Until
that the lookup here has been disabled.  The do_sign code should be
revamped to be similar to what we do in app-p15.

GnuPG-bug-id: 5219, 4938
2022-05-29 15:55:26 +02:00
NIIBE Yutaka
5264d3f58e scd: Return USAGE information for KEYINFO command.
* scd/command.c (hlp_keyinfo): Update.
(send_keyinfo): Add a USAGE argument.
* scd/scdaemon.h (send_keyinfo): Add a USAGE argument.
* scd/app-nks.c (set_usage_string): New.
(do_learn_status_core, do_readkey): Use set_usage_string.
(do_with_keygrip): Add USAGE to call send_keyinfo,
using set_usage_string.
* scd/app-openpgp.c (get_usage_string): New.
(send_keypair_info): Use get_usage_string.
(send_keyinfo_if_available): Add USAGE to call send_keyinfo,
using get_usage_string.
* scd/app-p15.c (set_usage_string): New.
(send_keypairinfo): Use set_usage_string.
(do_with_keygrip): Add USAGE to call send_keyinfo,
using set_usage_string.
* scd/app-piv.c (do_with_keygrip): Add USAGE to call send_keyinfo.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-26 12:01:16 +09:00
NIIBE Yutaka
64c8786105 scd,piv: Fix status report of KEYPAIRINFO.
* scd/app-piv.c (do_readkey): Use "-" for usage when not available.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-26 11:57:31 +09:00
NIIBE Yutaka
052f58422d agent,scd: Make sure to set CONFIDENTIAL flag in Assuan.
* agent/call-scd.c (inq_needpin): Call assuan_begin_confidential
and assuan_end_confidential, and wipe the memory after use.
* agent/command.c (cmd_preset_passphrase): Likewise.
(cmd_put_secret): Likewise.
* scd/command.c (pin_cb): Likewise.

--

GnuPG-bug-id: 5977
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-25 14:53:06 +09:00
NIIBE Yutaka
ea97683d58 scd: Support automatic card selection for READCERT with keygrip.
* scd/command.c (cmd_readcert): Select by KEYGRIP.

--

GnuPG-bug-id: 6003
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-24 16:17:01 +09:00
NIIBE Yutaka
1b1684cf61 scd: Fix use of SCardListReaders for PC/SC.
* scd/apdu.c (apdu_dev_list_start): Initialize NREADER.

--

Reported-by: Ludovic Rousseau
GnuPG-bug-id: 5979
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-17 10:19:44 +09:00
NIIBE Yutaka
53eddf9b9e scd: Fail when no good algorithm attribute.
* scd/app-openpgp.c (parse_algorithm_attribute): Return the error.
(change_keyattr): Follow the change.
(app_select_openpgp): Handle the error of parse_algorithm_attribute.

--

This change allows following invocation of app_select_openpgp, which
may work well (if the problem is device side for initial connection).

GnuPG-bug-id: 5963
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-11 11:16:26 +09:00
Werner Koch
5e5df82b5f
scd:openpgp: New card vendor.
--

BTW, we should add a function to read out the entire table so that you
can ask scdaemon for that list.  iirc,  Kleopatra still uses a copy of
the table.
2022-05-10 16:21:27 +02:00
Werner Koch
3d7d7e8bfd
scd:p15: Improve the displayed S/N for Technology Nexus cards.
* scd/app-p15.c (any_control_or_space_mem): New.
(get_dispserialno): Add new code.
--

This works with my test cards and now reflects what's printed on the
front matter of the card.
2022-05-06 11:43:07 +02:00
Werner Koch
6f612fd5f6
scd:p15: Fix the the sanity check of the displayed S/N.
* scd/app-p15.c (any_control_or_space): Fix loop.
--

This check is only done to avoid printing wrongly encoded S/N for
human consumption.
e
2022-05-06 11:39:30 +02:00
NIIBE Yutaka
054d14887e scd: Add workaround for ECC attribute on Yubikey.
* scd/app-openpgp.c (parse_algorithm_attribute): Skip possibly bogus
octet in a key attribute.

--

GnuPG-bug-id: 5963
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-06 18:27:11 +09:00
Werner Koch
bbcca7357b
scd:p15: Fix reading certificates without length info.
* scd/app-p15.c (readcert_by_cdf): Do not use extended mode if the CDF
object has no length info.  Add debug output when reading a cert.
(read_p15_info): No more need to disable extended mode for GeNUA cards.
2022-05-05 13:39:03 +02:00
Werner Koch
7dc5693926
scd: New debug flags "card".
* scd/scdaemon.c (debug_flags): Add "card".
* scd/scdaemon.h (DBG_CARD_VALUE, DBG_CARD): New.
--

Some information from parsing the card are often very helpful.
However, the card_io triggered APDU dumps are in most cases too heavy.
Thus this new debug flag.
2022-05-05 13:35:56 +02:00
NIIBE Yutaka
2848fe4c84 scd: Fix hard-coded constant for RSA auth.
* scd/app-openpgp.c (do_auth): Allow larger data for RSA-4096.

--

OpenPGPcard specification says that it will be rejected by the card
when it's larger.  We have been the check on host side too, but it was
written when it only had a support for RSA-2048.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-25 11:14:10 +09:00
NIIBE Yutaka
e8fb8e2b3e scd: Don't inhibit SSH authentication for larger data if it can.
* scd/app-openpgp.c (do_auth): Use command chaining if available.

--

GnuPG-bug-id: 5935
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-22 11:50:19 +09:00
Werner Koch
dd727ec968
scd: Renamed a constant in ccid-driver.c
* scd/ccid-driver.c (MAX_DEVICE): Rename to CCID_MAX_DEVICE.
--

Just for documentation reasons.
2022-04-14 10:26:40 +02:00
Werner Koch
6294ae282d
scd: Minor code reorganization
* scd/ccid-driver.c: Move struct defines to the top.
--
2022-04-14 10:15:23 +02:00
Werner Koch
8ac92f0e80
scd: Fix memory leak in ccid-driver.
* scd/ccid-driver.c (ccid_dev_scan): Use loop var and not the count.
--

Due to an assignment out of bounds this might lead to a crash if there
are more than 15 readers.  In any case it fixes a memory leak.
Kudos to the friendly auditor who found that bug.

Fixes-commit: 8a41e73c31adb86d4a7dca4da695e5ad1347811f
2022-04-14 10:15:23 +02:00
Werner Koch
618aa8689a
scd:p15: Improve the PIN prompt for Genua cards.
* scd/app-p15.c (CARD_PRODUCT_GENUA): New.
(cardproduct2str): Add it.
(read_p15_info): Detect and set GENUA
(make_pin_prompt): Take holder string from the AODF.
2022-04-13 13:06:27 +02:00
Werner Koch
0dcc249852
scd: Support for GeNUA cards.
* scd/app-p15.c (read_p15_info): Disable extended mode for Genua
cards.
2022-04-11 17:48:45 +02:00
NIIBE Yutaka
f584ad9504 scd,tpm2d: Fix for consistent use of socket FD.
* scd/command.c (scd_command_handler): Use gnupg_fd_t for the argument
but no INT2FD to listen.  Use GNUPG_INVALID_FD.
* tpm2d/command.c (tpm2d_command_handler): Likewise.
* scd/scdaemon.c (start_connection_thread): Follow the change.
* tpm2d/tpm2daemon.c (start_connection_thread): Likewise.
* scd/scdaemon.h (scd_command_handler): Use gnupg_fd_t.
* tpm2d/tpm2daemon.h (tpm2d_command_handler): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-31 21:03:13 +09:00
NIIBE Yutaka
a67a09be30 scd,w32: Fix socket resource leak.
* scd/scdaemon.c (main): Use gnupg_fd_t for socket, and use
assuan_sock_close for the socket allocated by assuan_sock_new.
(handle_connections): Use gnupg_fd_t for listen_fd.
Use assuan_sock_close for the socket by npth_accept.

--

GnuPG-bug-id: 5029
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-29 09:55:02 +09:00
NIIBE Yutaka
c6dd9ff929 scd: Fix DEVINFO with no --watch.
* scd/app.c (app_send_devinfo): Fix for outputing once.
* scd/command.c (hlp_devinfo): Fix comment.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-15 15:19:11 +09:00
NIIBE Yutaka
665b59a066 Fix previous commit.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-11 14:09:22 +09:00
NIIBE Yutaka
934864d399 scd: Enhance PASSWD command to accept KEYGRIP optionally.
* scd/command.c (cmd_passwd): Handle KEYGRIP optionally.

--

GnuPG-bug-id: 5862
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-10 11:11:38 +09:00
NIIBE Yutaka
d577ed2956 scd: Use same idiom for same work.
* scd/command.c (cmd_serialno, cmd_getattr): Use 'while' instead of
'for'.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-10 11:02:11 +09:00
NIIBE Yutaka
58e6990eaa scd: Fix PK_AUTH with --challenge-response option.
* scd/app.c (app_auth): It's only APPTYPE_OPENPGP which supports
the challenge response interaction.
* scd/command.c (cmd_pkauth): It only wants if it works or not.

--

GnuPG-bug-id: 5862
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-04 10:11:38 +09:00
NIIBE Yutaka
44621120a2 scd: Add --challenge-response option to PK_AUTH for OpenPGP card.
* scd/app-openpgp.c (rmd160_prefix, sha1_prefix, sha224_prefix)
(sha256_prefix, sha384_prefix, sha512_prefix): Move the scope up.
(gen_challenge): New.
(do_auth): Support challenge-response check if it signs correctly.
* scd/app.c (app_auth): Remove the check INDATA and INDATALEN.
* scd/command.c (cmd_pkauth): Support --challenge-response option.

--

GnuPG-bug-id: 5862
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-03 17:45:49 +09:00
NIIBE Yutaka
8e650dbd48 scd: Let READKEY support --format=ssh option.
* scd/command.c (do_readkey): Support --format=ssh option.
* common/ssh-utils.c (ssh_public_key_in_base64): New.
* common/ssh-utils.h (ssh_public_key_in_base64): New declaration.

--

Code duplication (agent/command-ssh.c) will be cleaned up later.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-02 14:07:46 +09:00
Werner Koch
597253ca17
scd:p15: Used extended mode already for RSA 2048
* scd/app-p15.c (do_sign, do_decipher): Replace GT by GE.
--
2022-02-21 12:17:08 +01:00
NIIBE Yutaka
f9c9938b28 scd,pcsc: Fix error handling for a reader with reader-port.
* scd/apdu.c (apdu_open_reader): Make sure dl->idx is always
incremented to handle error from open_pcsc_reader correctly.

--

Reported-by: Anže Jenšterle
GnuPG-bug-id: 5758
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-01-04 14:56:29 +09:00
NIIBE Yutaka
a575b0aba5 scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE.
* scd/app-openpgp.c (do_auth): Use extended Lc, when supported.

--

GnuPG-bug-id: 5682
Co-authored-by: Klas Lindfors
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-11-15 11:40:41 +09:00
Jakub Jelen
c0b1bcc5c6 scd: Avoid memory leak.
* scd/command.c (cmd_readkey): Free allocated memory on failure path.

--

GnuPG-bug-id: 5393
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-11-12 15:35:38 +09:00
Werner Koch
c36f9917bb
scd: Add new OpenPGP card vendor.
--
2021-11-04 16:35:41 +01:00
NIIBE Yutaka
49f7fcb90b scd: Simplify the loop of DEVINFO.
* scd/app.c (app_send_devinfo): Factor out lock/unlock.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-11-02 14:06:16 +09:00
NIIBE Yutaka
99e00ec6db scd: Fix the previous commit.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-10-29 11:47:17 +09:00
NIIBE Yutaka
48e824b6ea scd: Modify DEVINFO behavior to support looping forever.
* scd/app.c (struct mrsw_lock): Add notify_cond member.
(notify_cond): Remove.
(card_list_r_lock, card_list_r_unlock): Rename.
(card_list_w_lock, card_list_w_unlock): Rename.
(card_list_signal, card_list_wait): New, fixing thinko about
notify/wakeup with MRSW lock.
(app_send_devinfo): Support looping.
(select_application): Notify app_send_devinfo thread for newly
detected device.
(initialize_module_command): Initialize notify_cond member.
(app_wait): Remove.
* scd/command.c (cmd_devinfo): Use new API of app_send_devinfo.
* scd/scdaemon.h (app_wait): Remove.

--

GnuPG-bug-id: 5359
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-10-29 10:58:26 +09:00
NIIBE Yutaka
3918fa1a94 agent,dirmngr,kbx,scd,tpm2d: Use gnupg_sleep.
* agent/findkey.c (unprotect): Use gnupg_sleep.
* agent/gpg-agent.c (handle_connections): Likewise.
* dirmngr/crlfetch.c (handle_connections): Likewise.
* kbx/keyboxd.c (handle_connections): Likewise.
* tpm2d/tpm3daemon.c (handle_connections): Likewise.
* scd/scdaemon.c (handle_connections): Likewise.
* scd/command.c (cmd_lock): Likewise.
* dirmngr/ldap-wrapper.c (ldap_reaper_thread): Likewise.
(ldap_wrapper_wait_connections): Use gnupg_usleep.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-10-05 14:05:56 +09:00
Werner Koch
255d4d5815
sm: Add LotW support to the key listing
* sm/certdump.c (parse_dn_part): Translate OID to "Callsign"
* sm/keylist.c (oidtranstbl): Some more OIDs.
--

This is Ham thingy to make it easier to read LotW certificates.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-09-09 13:30:22 +02:00
NIIBE Yutaka
1565baa93a scd: Don't release the context until list_finish for PC/SC.
* scd/apdu.c (apdu_dev_list_start): Increment PCSC.COUNT here.
(apdu_dev_list_finish): Decrement PCSC.COUNT.

--

GnuPG-bug-id: 5416
Fixes-commit: 32baa9acfb153004bdb2509f9516482b78f256a4
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-08-20 15:22:28 +09:00
NIIBE Yutaka
5c8124b8b9 scd: Small clean up for card access.
* scd/app.c (app_get_challenge): Remove the check to ref_count.
* scd/command.c (send_client_notifications): Update comments.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-07-22 11:22:47 +09:00
NIIBE Yutaka
50ad29f9a7 scd: Fix direct use of card with no ctrl->card_ctx.
* scd/app.c (maybe_switch_app): Remove check of ref_count.

--

Fixes-commit: 0d6b4210cf31d1c3ca0e8b034537a158fe3caca8
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-07-22 09:43:30 +09:00
NIIBE Yutaka
0d6b4210cf scd: Fix access to list of cards (3/3).
* scd/app-common.h (card_reset): Simplify more.
(select_additional_application): Supply CARD.
(card_ref, card_unref): Remove.
(card_get, card_put): New.
* scd/app.c (card_reset): No locking/unlocking inside.
(app_switch_current_card): Fix comment.
(select_additional_application): No locking/unlocking inside.
(do_with_keygrip): New, unlocked version.
(card_get): New, with support of KEYGRIP.
(card_unref): Remove.
(card_put): New.
(app_write_learn_status, app_readcert: No locking/unlocking inside.
(app_readkey, app_getattr, app_setattr, app_sign, app_auth): Likewise.
(app_decipher, app_writecert, app_writekey): Likewise.
(app_genkey, app_get_challenge, app_change_pin): Likewise.
(app_check_pin, app_switch_active_app): Likewise.
* scd/command.c (do_reset): Use card_get/card_put.
(open_card_with_request): Use card_get/card_put, return CARD locked.
(cmd_serialno): Follow the change of open_card_with_request.
(cmd_switchapp): Use card_get/card_put.
(cmd_learn, cmd_readcert, cmd_readkey, cmd_pksign): Likewise.
(cmd_pkauth, cmd_pkdecrypt, cmd_getattr): Likewise.
(cmd_setattr, cmd_writecert, cmd_writekey): Likewise.
(cmd_genkey, cmd_random, cmd_passwd): Likewise.
(cmd_checkpin, cmd_getinfo, cmd_restart): Likewise.
(cmd_disconnect, cmd_apdu, cmd_devinfo): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-07-21 17:22:26 +09:00
NIIBE Yutaka
b436fb6766 scd: Fix access to list of cards (2/3).
* scd/app-common.h (card_reset, select_application): Simplify.
* scd/app.c (card_reset, select_application): Simplify.
* scd/command.c (do_reset): Follow the change.
(open_card, open_card_with_request): Follow the change.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-07-21 15:59:03 +09:00
NIIBE Yutaka
216945a80e scd: Fix access to list of cards (1/3).
* scd/app.c (card_list_lock): Use MRSW lock.
(lock_r_card_list, unlock_r_card_list): New.
(lock_w_card_list, unlock_w_card_list): New.
(app_dump_state, app_send_devinfo): Use the MRSW lock.
(select_application, app_switch_current_card): Likewise.
(scd_update_reader_status_file): Likewise.
(initialize_module_command, send_card_and_app_list): Likewise.
(app_do_with_keygrip, app_wait): Likewise.

--

GnuPG-bug-id: 5524
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-07-21 15:34:16 +09:00
Werner Koch
924c8221fb
scd: Silence compiler waring about unused args.
--
2021-07-08 14:11:10 +02:00
NIIBE Yutaka
044e5a3c38 scd: Detect external interference when PCSC_SHARED.
* scd/app-common.h (check_aid): New method.
* scd/app-openpgp.c (do_check_aid): New.
* scd/app-piv.c (do_check_aid): New.
* scd/app.c (check_external_interference): New.
(maybe_switch_app): Check interference to determine switching is
needed.

--

GnuPG-bug-id: 5484
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-07-06 14:52:29 +09:00
NIIBE Yutaka
25ae80b8eb scd:ccid: Handle LIBUSB_TRANSFER_OVERFLOW interrupt transfer.
* scd/ccid-driver.c (intr_cb): Ignore LIBUSB_TRANSFER_OVERFLOW.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-06-23 12:08:20 +09:00
Werner Koch
e387cc97c8
scd:p15: Prepare AODF parsing for other authentication types.
* scd/app-p15.c (auth_type_t): New.
(struct aodf_object_s): Add field auth_type.
(read_ef_aodf): Distinguish between pin and authkey types.  Include
the authtype in the verbose mode diags.
--

Note that the bulk of chnages are just indentation chnages.  There
should be no functional change.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-06-22 11:11:46 +02:00
Werner Koch
029924a46e
scd:p15: Add pre-check for ascii-numeric PINs.
* scd/app-p15.c (verify_pin): acii-numerix is different than BCD.
2021-06-18 18:02:08 +02:00
Werner Koch
544ec7872a
scd:p15: Add basic support for AET JCOP cards.
* scd/app-p15.c (CARD_TYPE_AET): New.
(cardtype2str): Add string.
(card_atr_list): Add corresponding ATR.
(app_local_s): New flag no_extended_mode.  Turn two other flags into
bit flags.
(select_ef_by_path): Hack to handle the 3FFF thing.
(readcert_by_cdf): Do not use etxended mode for AET.
(app_select_p15): Set no_extended_mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-06-18 17:42:38 +02:00
Werner Koch
7a8545c91b
scd:p15: Handle cards with bad encoded path objects.
* scd/app-p15.c (read_ef_prkdf, read_ef_pukdf)
(read_ef_cdf, read_ef_aodf): Allow for a zero length path and
correctly skip unsupported auth types.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-06-18 17:42:38 +02:00
Werner Koch
44f977d0e3
scd: Improve reading of binary records.
* scd/iso7816.c (iso7816_read_binary_ext): Handle the 0x6a86 SW the
same as 6b00.
* scd/apdu.c (apdu_get_atr): Modify debug messages.
* scd/app-p15.c (app_select_p15): Print FCI on error.
(read_p15_info): Clean up diag in presence of debug options.
--

Some cards return 6a86 instead of 6b00.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-06-18 17:42:38 +02:00
NIIBE Yutaka
7718244168 scd: Fix RESET handling.
* scd/app.c (scd_update_reader_status_file): Clear ->reset_requested.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-06-17 16:07:09 +09:00
NIIBE Yutaka
4e02db75e3 scd: Support clearing of Reset Code by ''.
* scd/app-openpgp.c (do_change_pin): Allow null-string.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-06-11 13:42:01 +09:00
Werner Koch
cd53c6d0f3
scd: Add new card vendor.
--
2021-06-10 21:55:36 +02:00
NIIBE Yutaka
c3a9ee0b65 scd: Fix serial number detection for Yubikey 5.
* scd/app.c (app_new_register): Handle serial number correctly.

--

GnuPG-bug-id: 5442
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-06-08 10:37:48 +09:00
NIIBE Yutaka
ee5b6af370 scd: Fix READER-PORT option handling for PC/SC.
* scd/apdu.c (apdu_open_reader): READERNO should be -1 when
READER-PORT is specified for PC/SC.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-06-07 11:38:25 +09:00
NIIBE Yutaka
5b1806454c scd: Fix zero-byte handling in ECC.
* scd/app-openpgp.c (ecc_writekey): Don't remove zero-byte.

--

Fixes-commit: a25c99b156ca9acaa7712e9c09a6df0a7a23c833
GnuPG-bug-id: 5163
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-05-28 11:34:56 +09:00
Jakub Jelen
27e7bde12e
scd: avoid memory leaks
* scd/app-p15.c (send_certinfo): free labelbuf
  (do_sign): goto leave instead of return
* scd/app-piv.c (do_sign): goto leave instead of return, fix typo in
  variable name, avoid using uninitialized variables
* scd/command.c (cmd_genkey): goto leave instead of return

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
GnuPG-bug-id: 5393
2021-05-20 14:48:18 +02:00
Ingo Klöcker
65bc5ea95e scd:p15: Fix logic for appending product name to MANUFACTURER.
* scd/app-p15.c (do_getattr): Append product name to MANUFACTURER if
manufacturer_id does not already contain a bracket and if we have a
product name.
2021-05-18 09:45:06 +02:00
NIIBE Yutaka
58b330e935 scd: Remove wrong assertion and add protection to PCSC.COUNT.
* scd/apdu.c (apdu_dev_list_finish): Fix for calling
release_pcsc_context.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-05-14 13:06:10 +09:00
Werner Koch
965bb0693c
A few minor code cleanups and typo fixes.
* agent/command-ssh.c (ssh_handler_request_identities): Remove double
check of ERR.
* g10/getkey.c (get_pubkey_byname): Remove double use of break.
* g10/pkglue.c (pk_encrypt): Handle possible NULL-ptr access due to
failed malloc.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-11 09:06:34 +02:00
NIIBE Yutaka
32baa9acfb scd: Serialize READER_TABLE access for PC/SC.
* scd/apdu.c (apdu_dev_list_start): Remove locking READER_TABLE_LOCK.
Don't increment PCSC.COUNT here.
(apdu_dev_list_finish): Don't decrement PCSC.COUNT here.
(apdu_open_reader): Protect access with READER_TABLE_LOCK.

--

GnuPG-bug-id: 5416
Fixes-commit: 8d81fd7c01e8dfacc719ff190f8e364014e32fdf
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-05-11 10:25:12 +09:00
NIIBE Yutaka
ec5591dc4e scd: Fix close_pcsc_reader.
* scd/apdu.c (close_pcsc_reader): Don't touch .RDRNAME field.
(apdu_dev_list_finish): Clear .RDRNAME field and replace call of
close_pcsc_reader by release_pcsc_context.  Add assertion.

--

GnuPG-bug-id: 5416
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-05-10 10:49:21 +09:00
NIIBE Yutaka
cccc9bd5db scd: Make sure releasing PC/SC context.
* scd/apdu.c (release_pcsc_context): New.
(close_pcsc_reader): Use release_pcsc_context.  Add assertion.
(apdu_dev_list_start): Replace call of close_pcsc_reader
into release_pcsc_context, add condition.

--

GnuPG-bug-id: 5416
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-05-10 10:31:08 +09:00
NIIBE Yutaka
0498ea8fbd scd: Increment PCSC.COUNT correctly.
* scd/apdu.c (open_pcsc_reader): PCSC.COUNT should
be incremented before possible call of close_pcsc_reader.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-05-07 11:25:20 +09:00
NIIBE Yutaka
5d1b413106 scd: Fix memory leak for RDRNAME and serialize access.
* scd/apdu.c (close_pcsc_reader): Move locking to...
(apdu_close_reader): ... here, as it's also needed for CCID driver.
Free RDRNAME when closed.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-05-07 10:48:13 +09:00
NIIBE Yutaka
039aed9d40 scd: Fix declarations for PC/SC access.
* scd/apdu.c (pcsc_begin_transaction, pcsc_transmit): Use HANDLE.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-05-07 07:11:17 +09:00
NIIBE Yutaka
53bdc6288f scd: Recover the partial match for PORTSTR for PC/SC.
* scd/apdu.c (apdu_open_reader): Allow partial match of
PORTSTR again just like 2.2 does.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-05-06 19:08:34 +09:00
NIIBE Yutaka
d6fe82d3d1 scd: When reader is specified, make sure only open once.
* scd/apdu.c (apdu_open_reader): Make sure not to try multiple times,
when PORTSTR is specified.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-05-06 19:05:30 +09:00
Werner Koch
8d81fd7c01
scd: Fix PC/SC removed card problem
* scd/apdu.c (pcsc_cancel): New.
(pcsc_init): Load new function.
(connect_pcsc_card): Use it after a removed card error.
--

Well, that was easier than I expected yesterday.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-29 09:14:25 +02:00
Werner Koch
1f846823b3
scd:p15: Fix the name of a card.
--
2021-04-28 18:31:51 +02:00
Werner Koch
bb8e3996e4
scd: Fix problem with reader list becoming empty.
* scd/apdu.c (close_pcsc_reader): Do not decrement refcount if already
zero.  Always release context if or becomes zero.
(apdu_dev_list_start): Unlock prior to close_pcsc_reader.  For PC/SC
increment the count.  Always release the lock.
(apdu_dev_list_finish): No more unlocking.  Use close_pcsc_reader
instead of code duplication.

* scd/apdu.c (pcsc_error_string): Add an error code.
* scd/scdaemon.c (scd_kick_the_loop): Fix a diagnostic.
--

There was an obvious bug in that the pcsc.count could go below zero
and thus there was no chance to get the context release.  Releasing
and recreating the context is at least under Windows important to get
rit of the PCSC_E_SERVICE_STOPPED.

Also removes a potential problem in holding the reader_table_lock
between calls to apdu_dev_list_start apdu_dev_list_finish.  There is
no need for this.  Instead we bump the pcsc.count.

The reader_table_lock strategy should be reviewed; we may be able to
remove it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-28 18:21:56 +02:00
Kirill Elagin
f209d7d2db scd: Fix unblock PIN by a Reset Code with KDF.
* scd/app-openpgp.c (do_change_pin): Use correct CHVNO=1 for
pin2hash_if_kdf, for user's PIN.

--

GnuPG-bug-id: 5413
Signed-off-by: Kirill Elagin <kirelagin@gmail.com>
2021-04-27 20:34:35 +09:00
Werner Koch
cc5aa68b63
scd:p15: Fix last commit and improve D-TRUST detection.
* scd/app-p15.c (read_p15_info): Improve D-TRUST card detection.
(do_getattr): Fix faulty code for the last commit.  Append the product
name to MANUFACTURER.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-25 16:35:36 +02:00
Werner Koch
21e3f750bd
scd:p15: Shorten the displayed s/n of RSCS cards
* scd/app-p15.c (get_dispserialno): Add dedicated handling for RSCS.
--

In fact we fix the display of the s/n because the s/n was taken from a
certificate.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-25 14:53:34 +02:00
Werner Koch
9e24f2a45c
scd: Fix PSO_CSV for 512 bit curves
* scd/iso7816.c (iso7816_pso_csv): Use BER-TLV instead of SIMPLE-TLV

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-22 11:04:30 +02:00
Werner Koch
45918813f0
Support log-file option from common.conf for all daemon.
* agent/gpg-agent.c: Include comopt.h.
(main): Read log-file option from common.conf.
(reread_configuration): Ditto.
* dirmngr/dirmngr.c: Include comopt.h.
(main): Read log-file option from common.conf.
(reread_configuration): Ditto.
* kbx/keyboxd.c: Include comopt.h.
(main): Read log-file option from common.conf.
(reread_configuration): Ditto.
* scd/scdaemon.c: Include comopt.h.
(main): Read log-file option from common.conf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-20 10:50:10 +02:00
Werner Koch
30f90fc857
scd:p15: Support attribute KEY-FPR.
* scd/app-p15.c: Include openpgpdefs.h.
(struct prkdf_object_s): Add fields have_keytime and ecdh_kdf.
(read_p15_info): Set ecdh_kdf.
(keygrip_from_prkdf): Flag that we have the keytime.
(send_keypairinfo): Send the key time only if valid.
(send_key_fpr_line): New.
(send_key_fpr): New.
(do_getattr): Add KEY-FPR.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-16 12:49:37 +02:00
Jakub Jelen
7cbe29c4fb scd: Fix memory leaks.
* scd/apdu.c (apdu_dev_list_start): Free DL.
* scd/app-nks.c (pubkey_from_pk_file): Fix typo in condition.

--

GnuPG-bug-id: 5393
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-04-13 14:21:29 +09:00
Werner Koch
ecb9265b8d
scd:p15: Match private keys with certificates also by labels.
* scd/app-p15.c (cdf_object_from_label): New.
(cdf_object_from_certid): Fallback to label matching.
(read_p15_info): Ditto.
(keygrip_from_prkdf): Ditto.  Replace duplicated code by a call to
cdf_object_from_objid.
--

In case there is no certificate for a private key we now also try to
find a certificate using a matching label.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-12 11:41:00 +02:00
Werner Koch
63320ba2f8
scd:nks: Handle APP_READKEY_FLAG_INFO.
* scd/app-nks.c (keygripstr_from_pk_file): Fix ignored error.
(get_nks_tag): New.
(do_learn_status_core): Use it.  Make sure not to mange the
KEYPAIRINFO line if no usage is known.
(do_readkey): Output the KEYPAIRINFO for the keygrip case.
--

Note that this only handles the most common case of providing a
keygrip.  $AUTHKEYID and ODLM are not yet supported.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-08 19:30:51 +02:00
Werner Koch
22fd48e48d
scd: Fix duplicate output of KEYPAIRINFO by readkey command.
* scd/app-help.c (app_help_get_keygrip_string_pk): Make HEXKEYGRIP
parm optional.
* scd/command.c (do_readkey): Remove duplicate output of keypairinfo
lines.
--

Note that this change needs a fix in app-p15 which does not yet handle
the APP_READKEY_FLAG_INFO.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-08 19:27:25 +02:00