1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

4169 Commits

Author SHA1 Message Date
Werner Koch
4bde12206c gpg: Distinguish between missing and cleared key flags.
* include/cipher.h (PUBKEY_USAGE_NONE): New.
* g10/getkey.c (parse_key_usage): Set new flag.
--

We do not want to use the default capabilities (derived from the
algorithm) if any key flags are given in a signature.  Thus if key
flags are used in any way, the default key capabilities are never
used.

This allows to create a key with key flags set to all zero so it can't
be used.  This better reflects common sense.
2013-03-19 17:26:42 +01:00
NIIBE Yutaka
76dc5c08dc scd: ccid-driver supporting larger APDU.
* scd/ccid-driver.c (ccid_transceive_apdu_level): Support larger
APDU.

--
This is still ad hoc change, but it's OK.  Supporting full extended
APDU exchange level is not worth yet.
2013-03-15 08:34:32 +09:00
NIIBE Yutaka
006782068e scd: fix missing close paren.
* scd/app-openpgp.c (du_auth): Fix.

--
2013-03-15 08:33:13 +09:00
NIIBE Yutaka
73ad742dea scd: support ECDSA signing.
* scd/app-openpgp.c (do_sign): Only prepend message digest block
for RSA or do_auth.
(do_auth): Remove message digest block for ECDSA.

--

If we don't need to check the message digest block by SCDaemon, we
don't requite the message digest block for ECDSA by gpg-agent.
2013-03-09 09:36:21 +09:00
NIIBE Yutaka
010bc7f4f0 scd: support ECDSA public key.
* scd/app-openpgp.c (key_type_t): New.
(CURVE_NIST_P256, CURVE_NIST_P384, CURVE_NIST_P521): New.
(struct app_local_s): Change keyattr to have key_type and union.
(get_ecc_key_parameters, get_curve_name): New.
(send_key_attr, get_public_key): Support ECDSA.
(build_privkey_template, do_writekey, do_genkey): Follow the change
of the member KEY_ATTR.
(parse_historical): New.
(parse_algorithm_attribute): Support ECDSA.
--

Add ECDSA support to OpenPGP card.
2013-03-08 11:40:37 +09:00
Daniel Kahn Gillmor
5132ea8a0d Update RFC references to RFC 4880
--
2013-03-05 11:00:46 +01:00
Werner Koch
5bac5040dc Require libgpg-error 1.11.
* configure.ac: Require libgpg-error 1.11.
* common/util.h (GPG_ERR_NO_KEYSERVER, GPG_ERR_INV_CURVE)
(GPG_ERR_UNKNOWN_CURVE): Remove fallback definitions.
2013-03-05 11:00:46 +01:00
NIIBE Yutaka
ef1983d58b agent: pksign result conversion to sexp to upper layer.
* agent/agent.h (divert_pksign): Add R_SIGLEN argument.
* agent/divert-scd.c (divert_pksign): Return length at R_SIGLEN.
* agent/call-scd.c (agent_card_pksign): Move composition of
S-expression to...
* agent/pksign.c (agent_pksign_do): ... here.
--

Composing S-expression would be better to be done by SCDaemon.
2013-02-28 11:17:47 +09:00
Werner Koch
585d5c62ee Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
Werner Koch
c6b8f05517 Remove some unused variables.
* tools/gpgconf-comp.c (gc_process_gpgconf_conf): Remove unused
used_components.
* agent/command-ssh.c (ssh_signature_encoder_ecdsa): Mark unused arg.
* g13/g13.c (main): Comment variable of yet unimplemented options.
2013-02-22 09:42:46 +01:00
Werner Koch
161674118d gpg: Fix a memory leak in batch key generation
* g10/keygen.c (append_to_parameter): New.
(proc_parameter_file): Use new func to extend the parameter list.

* g10/passphrase.c (passphrase_to_dek_ext): Print a diagnostic of
gcry_kdf_derive failed.
* g10/keygen.c (proc_parameter_file): Print a diagnostic if
passphrase_to_dek failed.
--

Due to an improper way of using the linked list head, all memory for
items allocated in proc_parameter_file was never released.  If batched
key generation with a passphrase and more than ~200 keys was used this
exhausted the secure memory.
2013-02-22 09:30:07 +01:00
Werner Koch
baee681d24 gpg: Handle the agent's NEW_PASSPHRASE inquiry.
* g10/call-agent.c (default_inq_cb): Take care of NEW_PASSPHRASE.
2013-02-22 09:30:02 +01:00
Werner Koch
2838385e76 common: Add func has_leading_keyword.
* common/stringhelp.c (has_leading_keyword): New.
2013-02-22 09:29:41 +01:00
Werner Koch
21f5a9ec27 Remove build hacks for FreeBSD.
* configure.ac [freebsd]: Do not add /usr/local to CPPFLAGS and
LDFLAGS.
--

Back in ~2000 we introduced a quick hack to make building of Libgcrypt
on FreeBSD easier by always adding -I/usr/local/include and
-L/usr/local/lib .  It turned out that this is a bad idea if one wants
to build with library version which is not installed in /usr/local.
The hack made was eventually (in 2003) copied from Libgcrypt to
GnuPG-2.
2013-02-22 09:29:30 +01:00
NIIBE Yutaka
3c3648e720 agent: fix two bugs.
* agent/command.c (cmd_keytocard): Decrement KEYDATALEN.
* agent/findkey.c (agent_public_key_from_file): Increment for ELEMS.

--
For ECDSA and ECDH, there are 6 elements.
2013-02-22 12:55:11 +09:00
NIIBE Yutaka
7d376ffa32 gpg: fix keytocard and support ECC card for key attribute.
* g10/call-agent.c (agent_keytocard): Supply PARM arg.
* g10/card-util.c (card_status): Support ECC.
(card_store_subkey): Don't assume RSA.
2013-02-22 11:00:27 +09:00
Werner Koch
c36089daf7 Update .gitignore for non-VPATH builds.
--
2013-02-12 19:29:32 +01:00
NIIBE Yutaka
b90506ea22 gpg: Implement card_store_subkey again.
* g10/call-agent.h (agent_keytocard): New.
* g10/call-agent.c (agent_keytocard): New.
* g10/card-util.c (replace_existing_key_p): Returns 1 when replace.
(card_generate_subkey): Check return value of replace_existing_key_p.
(card_store_subkey): Implement again using agent_keytocard.
2013-02-12 14:19:12 +09:00
NIIBE Yutaka
30f8a3c873 agent: Add KEYTOCARD command.
* agent/agent.h (divert_writekey, agent_card_writekey): New.
* agent/call-scd.c (inq_writekey_parms, agent_card_writekey): New.
* agent/command.c (cmd_keytocard, hlp_keytocard): New.
(register_commands): Add cmd_keytocard.
* agent/divert-scd.c (divert_writekey): New.
2013-02-12 14:19:12 +09:00
NIIBE Yutaka
595ab0da66 Japanese: update po and doc.
* doc/help.ja.txt, po/ja.po: Updated.
2013-02-12 14:15:21 +09:00
NIIBE Yutaka
7253093add scd: Rename 'keypad' to 'pinpad'.
* NEWS: Mention scd changes.

* agent/divert-scd.c (getpin_cb): Change message.

* agent/call-scd.c (inq_needpin): Change the protocol to
POPUPPINPADPROMPT and DISMISSPINPADPROMPT.
* scd/command.c (pin_cb): Likewise.

* scd/apdu.c (struct reader_table_s): Rename member functions.
(check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify,
check_ccid_pinpad, ccid_pinpad_operation, apdu_check_pinpad
apdu_pinpad_verify, apdu_pinpad_modify): Rename.

* scd/apdu.h (SW_HOST_NO_PINPAD, apdu_check_pinpad)
(apdu_pinpad_verify, apdu_pinpad_modify): Rename.

* scd/iso7816.h (iso7816_check_pinpad): Rename.

* scd/iso7816.c (map_sw): Use SW_HOST_NO_PINPAD.
(iso7816_check_pinpad): Rename.
(iso7816_verify_kp, iso7816_change_reference_data_kp): Follow
the change.

* scd/ccid-driver.h (CCID_DRIVER_ERR_NO_PINPAD): Rename.
* scd/ccid-driver.c (ccid_transceive_secure): Use it.

* scd/app-dinsig.c (verify_pin): Follow the change.
* scd/app-nks.c (verify_pin): Follow the change.

* scd/app-openpgp.c (check_pinpad_request): Rename.
(parse_login_data, verify_a_chv, verify_chv3, do_change_pin): Follow
the change.

* scd/scdaemon.c (oDisablePinpad, oEnablePinpadVarlen): Rename.

* scd/scdaemon.h (opt): Rename to disable_pinpad,
enable_pinpad_varlen.

* tools/gpgconf-comp.c (gc_options_scdaemon): Rename to
disable-pinpad.
2013-02-08 09:06:39 +09:00
Werner Koch
21feecd48f gpg: Add pinentry-mode feature.
* g10/gpg.c: Include shareddefs.h.
(main): Add option --pinentry-mode.
* g10/options.h (struct opt): Add field pinentry_mode.
* g10/passphrase.c: Include shareddefs.h.
(have_static_passphrase): Take care of loopback pinentry_mode.
(read_passphrase_from_fd): Ditto.
(get_static_passphrase): New.
(passphrase_to_dek_ext): Factor some code out to ...
(emit_status_need_passphrase): new.
* g10/call-agent.c (start_agent): Send the pinentry mode.
(default_inq_cb): Take care of the PASSPHRASE inquiry.  Return a
proper error code.
(agent_pksign): Add args keyid, mainkeyid and pubkey_algo.
(agent_pkdecrypt): Ditto.
* g10/pubkey-enc.c (get_it): Pass new args.
* g10/sign.c (do_sign): Pass new args.

* g10/call-agent.c (struct default_inq_parm_s): New.  Change all
similar structs to reference this one.  Change all users and inquire
callback to use this struct, instead of NULL or some undefined but not
used structs.  This change will help to eventually get rid of global
variables.
--

This new features allows to use gpg without a Pinentry.  As a
prerequisite the agent must be configured to allow the loopback
pinentry mode (option --allow-loopback-pinentry).  For example

  gpg2 --pinentry-mode=loopback FILE.gpg

may be used to decrypt FILE.gpg while entering the passphrase on the
tty.  If batch is used, --passphrase et al. may be used, if
--command-fd is used, the passphrase may be provided by another
process.  Note that there are no try-again prompts in case of a bad
passphrase.
2013-02-07 20:37:58 +01:00
Werner Koch
84de484bc3 doc: Fix description for NEED_PASSPHRASE status.
--
2013-02-07 20:18:31 +01:00
Werner Koch
8b2b8dfe5c agent: Move a typedef to common and provide parse_pinentry_mode.
* common/agent-opt.c: New.
* common/shareddefs.h: New.
* common/Makefile.am: Add new files.
* agent/agent.h: Include shareddefs.h.
(pinentry_mode_t): Factor out to shareddefs.h.
* agent/command.c (option_handler): Use parse_pinentry_mode.
2013-02-06 12:56:19 +01:00
Werner Koch
4483a4f0ea agent: Return a better error code if no passphrase was given.
* agent/protect.c (hash_passphrase): Handle an empty passphrase.
--

This is mostly useful in loopback pinentry-mode.
2013-02-06 12:56:19 +01:00
NIIBE Yutaka
c27315fc64 scd: Fix check_keypad_request.
* scd/app-openpgp.c (check_keypad_request): 0 means not to use pinpad.
2013-02-05 14:59:29 +09:00
NIIBE Yutaka
e791ac6683 SCD: Add vendor specific initalization.
* scd/ccid-driver.c (ccid_vendor_specific_init): New.
(ccid_open_reader): Call ccid_vendor_specific_init.
2013-02-05 13:37:07 +09:00
NIIBE Yutaka
0407e642f7 SCD: Support P=N format for login data.
* scd/app-openpgp.c (parse_login_data): Support P=N format.
2013-02-05 13:37:07 +09:00
NIIBE Yutaka
bd5eded73a SCD: Better interoperability.
* scd/apdu.c: Fill bTeoPrologue[2] field.
--
ccid-1.4.5 or older requires this field is filled by application.
2013-02-05 13:37:07 +09:00
NIIBE Yutaka
a9ff97a10f SCD: Defaults to use pinpad if the reader has the capability.
* scd/app-openpgp.c (struct app_local_s): Remove VARLEN.
(parse_login_data): "P=0" means to disable pinpad.
(check_keypad_request): Default is to use pinpad if available.
2013-02-05 13:37:06 +09:00
NIIBE Yutaka
334ba6efa5 SCD: handle keypad request on the card.
* scd/app-openpgp.c: Add 2013.
(struct app_local_s): Add keypad structure.
(parse_login_data): Add parsing keypad request on the card.
(check_keypad_request): New.
(verify_a_chv, verify_chv3, do_change_pin): Call check_keypad_request
to determine use of keypad.
2013-02-05 13:37:06 +09:00
NIIBE Yutaka
d5bf83a24c SCD: Minor fix of ccid-driver.
* scd/ccid-driver.c (VENDOR_VEGA): Fix typo.
2013-02-05 13:37:06 +09:00
NIIBE Yutaka
82e1e837c2 SCD: Add support of Covadis VEGA_ALPHA reader.
* scd/ccid-driver.c: Add 2013.
(VENDER_VEGA, VEGA_ALPHA):New.
(ccid_transceive_secure): VEGA_ALPHA is same firmware as GEMPC_PINPAD.
Change bNumberMessage to 0x01, as it works better (was: 0xff).
2013-02-05 13:37:06 +09:00
NIIBE Yutaka
3aae780f9d SCD: Support fixed length PIN input for keypad (PC/SC).
* scd/apdu.c (pcsc_keypad_verify): SUpport fixed length PIN input for
keypad.
(pcsc_keypad_modify): Likewise.
* scd/ccid-driver.c (ccid_transceive_secure): Clean up.
2013-02-05 13:37:06 +09:00
NIIBE Yutaka
40a914a2e3 SCD: Support fixed length PIN input for keypad.
* scd/iso7816.h (struct pininfo_s): Remove MODE and add FIXEDLEN.
* scd/app-dinsig.c (verify_pin): Initialize FIXEDLEN to unknown.
* scd/app-nks.c (verify_pin): Likewise.
* scd/app-openpgp.c (verify_a_chv, verify_chv3, do_change_pin):
Likewise.
* scd/apdu.c (check_pcsc_keypad): Add comment.
(pcsc_keypad_verify, pcsc_keypad_modify): PC/SC driver only support
readers with the feature of variable length input (yet).
(apdu_check_keypad): Set FIXEDLEN.
* scd/ccid-driver.c (ccid_transceive_secure): Add GEMPC_PINPAD
specific settings.
Support fixed length PIN input for keypad.
2013-02-05 13:37:06 +09:00
NIIBE Yutaka
b526f6e223 SCD: API cleanup for keypad handling.
* scd/iso7816.h (struct pininfo_s): Rename from iso7816_pininfo_s.
Change meaning of MODE.
(pininfo_t): Rename from iso7816_pininfo_t.
* scd/sc-copykeys.c: Include "iso7816.h".
* scd/scdaemon.c, scd/command.c: Likewise.
* scd/ccid-driver.c: Include "scdaemon.h" and "iso7816.h".
(ccid_transceive_secure): Follow the change of PININFO_T.
* scd/app.c: Include "apdu.h" after "iso7816.h".
* scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp)
(iso7816_change_reference_data_kp): Follow the change of API.
* scd/apdu.c (struct reader_table_s): Change API of CHECK_KEYPAD,
KEYPAD_VERIFY, KEYPAD_MODIFY to have arg of PININFO_T.
(check_pcsc_keypad, check_ccid_keypad): Likewise.
(apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify): Likewise.
(pcsc_keypad_verify, pcsc_keypad_modify, ct_send_apdu)
(pcsc_send_apdu_direct,  pcsc_send_apdu_wrapped, pcsc_send_apdu)
(send_apdu_ccid, ccid_keypad_operation, my_rapdu_send_apdu, send_apdu)
(send_le): Follow the change of API.
* scd/apdu.h (apdu_check_keypad, apdu_keypad_verify)
(apdu_keypad_modify): Change the API.
* scd/app-dinsig.c, scd/app-nks.c, scd/app-openpgp.c: Follow the
change.
2013-02-05 13:37:06 +09:00
NIIBE Yutaka
ca89277cb4 SCD: Clean up. Remove PADLEN for keypad input.
* scd/apdu.c (struct pininfo_s): Use iso7816_pininfo_s.
(struct reader_table_s): Remove last arg from check_keypad method.
(check_pcsc_keypad, check_pcsc_keypad): Remove PIN_PADLEN.
(pcsc_keypad_verify, pcsc_keypad_modify): Don't check PIN_PADLEN.
(send_apdu_ccid, ccid_keypad_operation): Remove PIN_PADLEN.
(apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify):
Likewise.

* scd/apdu.h (apdu_check_keypad, apdu_keypad_verify)
(apdu_keypad_modify): Remove PIN_PADLEN.

* scd/ccid-driver.c (ccid_transceive_secure): Remove PIN_PADLEN.

* scd/ccid-driver.h (ccid_transceive_secure): Remove PIN_PADLEN.

* scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp)
(iso7816_change_reference_data_kp): Remove PADLEN.

* scd/iso7816.h (struct iso7816_pininfo_s): Remove PADLEN, PADCHAR.
--
In the OpenPGPcard specification, password comes with no padding.  In
GnuPG, we support keypad input for OpenPGPcard only.  Thus, it is
useless to try to support padding for keypad input.
2013-02-05 13:35:44 +09:00
NIIBE Yutaka
d9f6cc7502 SCD: Add option enable-keypad-varlen and support for GEMPC_PINPAD.
* scd/scdaemon.h (opt): Add enable_keypad_varlen.
* scd/scdaemon.c (cmd_and_opt_values): Add oEnableKeypadVarlen.
(opts, main): Add oEnableKeypadVarlen.
* scd/ccid-driver.c (GEMPC_PINPAD): New.
(ccid_transceive_secure): Add enable_varlen handling.
Enable GEMPC_PINPAD.
--
Note that GEMPC_PINPAD doesn't support variable length keypad input.
The feature of fixed length keypad input will be added soon.
2013-02-05 13:33:44 +09:00
Werner Koch
65eb98966a Convert doc/DETAILS to org-mode
--
Also restructure the file and fix some obviously wrong things.
2013-01-30 18:54:23 +01:00
Werner Koch
50a7badbda Remove unused status codes
* common/status.h (STATUS_BEGIN_STREAM, STATUS_END_STREAM)
(STATUS_SIEXPIRED): Remove unused codes.
2013-01-30 18:51:56 +01:00
Werner Koch
1cd6445eec gpg: Add status line PINENTRY_LAUNCHED.
* common/status.h (STATUS_PINENTRY_LAUNCHED): New.
* g10/server.c (server_local_s): Add field allow_pinentry_notify.
(option_handler): Add option "allow-pinentry-notify".
(gpg_proxy_pinentry_notify): New.
* g10/call-agent.c (default_inq_cb): Factor code out to the new
function.
2013-01-30 12:00:29 +01:00
NIIBE Yutaka
1999446644 agent: Fix a bug of handling return code from npth_join.
* agent/call-pinentry.c (agent_popup_message_stop): Fix npth_join
return code.
--
pth_join returns TRUE (1) on success.  But npth_join (and pthread_join)
returns 0 on success, returns error number on error.
2013-01-25 23:20:46 +09:00
Christian Aistleitner
60c58766ae gpg: Fix honoring --cert-digest-algo when recreating a cert
* g10/sign.c (update_keysig_packet): Override original signature's
digest algo in hashed data and for hash computation.
2013-01-11 13:48:59 +01:00
Werner Koch
7a638c094f Fix spurious cruft from configure summary output.
* configure.ac (build_scdaemon_extra): Remove $tmp cruft.
2013-01-11 13:48:59 +01:00
NIIBE Yutaka
4dddf32c83 SCD: Hold lock for pinpad input.
* scd/apdu.c (apdu_check_keypad, apdu_keypad_verify)
(apdu_keypad_modify): Hold lock to serialize communication.
2013-01-11 11:18:39 +09:00
NIIBE Yutaka
a776f66036 SCD: Support not-so-smart card readers.
* scd/ccid-driver.c (struct ccid_driver_s): Add auto_voltage,
auto_param, and auto_pps.
(parse_ccid_descriptor): Set auto_voltage, auto_param, and auto_pps.
Support non-autoconf readers.
(update_param_by_atr): New.
(ccid_get_atr): Use 5V for PowerOn when auto_voltage is not supported.
Use 0x10 when nonnull_nad for SetParameters.
Call update_param_by_atr for parsing ATR, and use param for
SetParameters.
Send PPS if reader requires it and card is negotiable.
When bNadValue in the return values of SetParameters == 0,
clear handle->nonnull_nad flag.
--
This change is to support more card readers by the internal driver.
Tested with 08e6:3478 Gemplus PinPad Smart Card Reader.
2013-01-08 15:22:31 +09:00
NIIBE Yutaka
bb51edc31e Update Japanese Translation.
* po/ja.po: Fix wrong translations for designated revocation.
Reported by Hideki Saito.

Conflicts:
	po/ja.po
2013-01-07 10:51:26 +09:00
NIIBE Yutaka
05a4458e57 Update Japanese Translation.
* po/ja.po: Fix fuzzy translations.
2013-01-05 16:38:11 +09:00
NIIBE Yutaka
709a8f8125 Update Japanese Translation.
* po/ja.po: Update with POT.
2013-01-03 12:03:19 +09:00
NIIBE Yutaka
0fae789c41 Update Japanese Translation.
* po/ja.po: Start from the new one of 2.0.
2013-01-03 12:02:07 +09:00