1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

897 Commits

Author SHA1 Message Date
Werner Koch
6d4280b13d
scd: Minor tweak for easier backporting
* scd/app-common.h (APP_CARD): New.  Use it in app-*.c to access
app->card.
--

This should help to make backporting to 2.2 easier.
2021-02-19 10:15:54 +01:00
Werner Koch
8a74b87261
scd:piv: Fix a typo in a string.
--
2021-02-18 16:08:02 +01:00
Werner Koch
0c080ed579
scd:p15: Read PuKDF and minor refactoring.
* scd/app-p15.c (pukdf_object_t): New.
(struct app_local_s): Add field public_key_info.
(release_pukdflist): New.
(select_and_read_record): No diagnostic in case of not_found.
(read_first_record): New.  Factored out from the read_ef_ fucntions.
(read_ef_pukdf): New.  Basically a copy of read_ef_prkdf for now.
(read_p15_info): Also read the public keys.

(cardtype2str): New.
(read_ef_tokeninfo): Print a string with the cardtype.
2021-02-02 12:38:03 +01:00
Werner Koch
1e197c29ed
scd:p15: Make file selection more robust.
* scd/app-p15.c: Include host2net.h.
(DEFAULT_HOME_DF): New.
(select_and_read_binary): Replace slot by app.  Change callers.  Use
select_ef_by_path.
(select_and_read_record): ditto.
(select_ef_by_path): Make use use the home_df.
(parse_certid): Adjust for always set home_df.
(print_tokeninfo_tokenflags): Ditto.
(app_select_p15): Take the home_df from the FCI returned by select.
--

This uses modern APDUs and always selectd starting at the PCKS-15 home
DF.  We could have made this much simpler but the goal is to keep
support for older cards although we can't test that easily.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-01-27 18:39:42 +01:00
Werner Koch
7620473cd0
scd: Define new status word
* scd/apdu.h (SW_NO_CURRENT_EF): New.
--

This merely to show better diagnostics.
Used for example by CardOS 5.3.
2021-01-27 18:31:12 +01:00
Werner Koch
5bcbc8cee3
scd:p15: Factor the commonKeyAttributes parser out.
* scd/app-p15.c (read_ef_prkdf): Fix detection of unsupported key
 objects.  Factor some code out to ...
(parse_common_key_attr): new.
--
2021-01-27 13:28:12 +01:00
Werner Koch
fb84674d6c
scd:p15: Factor the commonObjectAttributes parser out.
* scd/app-p15.c (parse_common_obj_attr): New.
(read_ef_prkdf): Use new function.
(read_ef_aodf): Ditto.
2021-01-26 19:10:12 +01:00
Werner Koch
fc287c0552
scd:p15: First step towards real CardOS 5 support.
* scd/iso7816.c (iso7816_select_path): Add arg from_cdf.
* scd/app-nks.c (do_readkey): Adjust for this change.

* scd/app-p15.c (CARD_TYPE_CARDOS_53): New.
(IS_CARDOS_5): New.
(card_atr_list): Add standard ATR for CardOS 5.3.
(select_and_read_binary): Remove the fallback to record read hack.
(select_and_read_record): New.
(select_ef_by_path): Rework and support CardOS feature.
(read_ef_prkdf): Use read record for CardOS.
(read_ef_cdf): Ditto.
(read_ef_aodf): Ditto.  Also fix bug in the detection of other
unsupported attribute types.
(verify_pin): Use IS_CARDOS_5 macro.
(app_select_p15): Force direct method for CardOS.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-01-26 17:42:55 +01:00
Werner Koch
60499d9894
scd:p15: Show the ATR as part of the TokenInfo diagnostics.
* scd/app-p15.c (read_ef_tokeninfo): Print the ATR in verbose mode.
--

It is convenient to see the ATR close to the other info,

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-01-21 10:44:43 +01:00
Ingo Klöcker
8fe976d5b9 scd:nks: Add support for signing plain SHA-3 digests.
* scd/app-nks.c (do_sign): Handle plain SHA-3 digests and verify
encoding of ASN.1 encoded hashes.
--

This makes it possible to create CSRs for NetKey card keys which are
signed with SHA256 by default.

GnuPG-bug-id: 5184
2021-01-06 12:19:11 +01:00
NIIBE Yutaka
3b39263088 scd:nks: Support READKEY with keygrip and for "NKS-IDLM" keyref.
* scd/app-nks.c (do_readkey): Allow KEYGRIP access.
Support NKS-IDLM.XXXX keyref.

--

GnuPG-bug-id: 5150
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-11 14:08:40 +09:00
NIIBE Yutaka
b7c087375d scd:nks: Factor out pubkey retrieval from keygrip handling.
* scd/app-nks.c (pubkey_from_pk_file): New.
(keygripstr_from_pk_file): Use pubkey_from_pk_file.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-11 14:06:52 +09:00
NIIBE Yutaka
4020cd9d65 scd:nks: Add support of KEYGRIP for do_readcert.
* scd/app-nks.c (do_readcert): Support KEYGRIP.

--

GnuPG-bug-id: 5150
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-10 10:40:35 +09:00
NIIBE Yutaka
6c43658476 scd:nks: Factor out iteration over filelist.
* scd/app-nks.c (iterate_over_filelist): New.
(do_with_keygrip): Use iterate_over_filelist.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-10 10:40:11 +09:00
NIIBE Yutaka
a9aa30ed2c scd:ccid:spr532: Extend abort_cmd for initialization time.
* scd/ccid-driver.c (abort_cmd): Add INIT argument to support
synchronize until success, even ignoring timeout.
(bulk_in): Normal use case of abort_cmd.
(ccid_vendor_specific_init): Initial use case of abort_cmd.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-09 12:54:43 +09:00
NIIBE Yutaka
f503730272 scd:ccid: Call libusb_clear_halt in ccid_vendor_specific_setup.
* scd/ccid-driver.c (ccid_vendor_specific_setup): Only for SPR532,
call libusb_clear_halt.

--

GnuPG-bug-id: 5167
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-09 12:52:08 +09:00
NIIBE Yutaka
ffabc29d5e scd:ccid: Revert the addition of libusb_clear_halt for EP_INTR.
* scd/ccid-driver.c (ccid_setup_intr): Don't call libusb_clear_halt.

--

GnuPG-bug-id: 5167
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-09 12:40:47 +09:00
NIIBE Yutaka
946555ea3c scd:yubikey: Fix support of Yubikey NEO.
* scd/app-openpgp.c (get_public_key): Yubikey NEO also has this issue.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-08 17:45:18 +09:00
NIIBE Yutaka
87d2c579cc scd:nks: Fix caching keygrip (more).
* scd/app-nks.c (keygripstr_from_pk_file): Distinguish by APP_ID.

--

GnuPG-bug-id: 5150, 5161
Fixes-commit: 920154370834ad8d947aed19c9d914a27dde6baa
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-03 16:21:49 +09:00
NIIBE Yutaka
54b88ae460 scd: Fix KEYINFO command with --data option.
* scd/command.c (cmd_keyinfo): Handle --data option correctly.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-03 15:28:35 +09:00
NIIBE Yutaka
a25c99b156 scd:openpgp: Fix writing ECC key to card.
* scd/app-openpgp.c (build_privkey_template): Adding another argument
of ecc_d_fixed_len to handle variable-size MPI.

--

GnuPG-bug-id: 5163
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-03 15:04:14 +09:00
Werner Koch
806547d9d2
scd:nks: Minor additions to the basic IDLM application support.
* scd/app-nks.c (filelist): Use special value -1 for IDLM pubkeys.
(keygripstr_from_pk_file): Handle special value.
(do_readcert): Ditto.
(do_writecert): Ditto.
--

This allows to get information about the keys from the card.  However
the do_readkey still requires a fallback to readcert.  This does not
work because there are no certificates yet on the card.  The fix is to
fully implement do_readkey.
2020-11-30 10:12:46 +01:00
Werner Koch
0e34683a6c
scd: New getinfo sub-command apdu_strerror.
* scd/apdu.c (apdu_strerror): Add missing status codes.
* scd/command.c (cmd_getinfo): New sub-command apdu_strerror.
--

This is quite handy for gpg-card's APDU command and avoids that we
need to duplicate the mapping table or put it into a shared file.
2020-11-27 11:14:30 +01:00
NIIBE Yutaka
bb591222c3 scd:ccid-driver: Fix pinpad error handling for cancel/timeout.
* scd/apdu.h (SW_HOST_UI_CANCELLED, SW_HOST_UI_TIMEOUT): New.
* scd/ccid-driver.h (CCID_DRIVER_ERR_UI_CANCELLED): New.
(CCID_DRIVER_ERR_UI_TIMEOUT): New.
* scd/ccid-driver.c (bulk_in): Handle PIN input cancel/timeout error.
* scd/iso7816.c (map_sw): Support SW_HOST_UI_CANCELLED and
SW_HOST_UI_TIMEOUT.

--

GnuPG-bug-id: 4614
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-27 15:17:56 +09:00
Werner Koch
7113263a00
agent: Fix YK s/n and prettify the request card prompt for Yubikeys
* agent/divert-scd.c (ask_for_card): Detect and re-format the Yubikey
prompt.
* scd/app.c (app_munge_serialno): Fix Yubikey s/n munging.
(card_get_dispserialno): Ditto.
* scd/app-openpgp.c (get_disp_serialno): Remove.
(get_prompt_info): Use app_get_dispserialno.--
--
2020-11-26 15:56:37 +01:00
Werner Koch
d784e76349
scd: Do not try to use a non-enabled app after card switching.
* scd/app.c (app_dump_state): Also print the refcount.
(maybe_switch_app): Make sure the app exists on the card.
--

When switching the current card and the card does not support the same
apps as the former, we now reset the app to the first one.

Testcase is to use a standard OpenPGP card and a P15 card.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-26 12:16:56 +01:00
Werner Koch
764c69a841
scd: Add special serialno compare for OpenPGP cards.
* scd/app.c (is_same_serialno): New.
(check_application_conflict): Use this.
(select_application): Ditto.
(app_switch_current_card): Ditto.
* scd/app-openpgp.c (check_keyidstr): Ignore the card version and also
compare case insensitive.
--

This is required because we change what we emit as serialno of OpenPGP
cards but existing keys still use the old form of the serial
number (i.e. with a firmware version).

See-commit: 3a8250c02031080c6c8eebd5dea03f5f87f9ddd7
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-26 09:54:23 +01:00
NIIBE Yutaka
9201543708 scd,nks: Fix caching keygrip.
* scd/app-nks.c (keygripstr_from_pk_file): Identify by cfid if
available.

--

GnuPG-bug-id: 5150
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-26 09:35:35 +09:00
Werner Koch
00037f499d
scd:p15: Print the internal card type.
* scd/app-p15.c (read_ef_tokeninfo): Print the internal card type.
2020-11-25 15:48:20 +01:00
Werner Koch
c7b9a4ee43
scd:p15: Improve support for some CardOS based cards.
* scd/iso7816.c (iso7816_read_binary_ext): Add optional arg r_sw and
change callers.
(iso7816_read_record): Factor all code out to ...
(iso7816_read_record_ext): new.
* scd/app-p15.c (select_and_read_binary): Fallback to record reading.
(read_ef_aodf): Clear EOF error.
2020-11-25 15:27:21 +01:00
Werner Koch
3a8250c020
scd: Rework the handling of the displayed serial number.
* scd/app.c (app_new_register): Call app_munge_serialno for Yubikeys.
(app_munge_serialno): Handle Yubikey serial numbers.
(card_get_serialno): Remove special Yubikey treatment.  Drop arg
is_canonical.
(app_get_serialno): Clear ERRNO on error.
(card_get_dispserialno): New.  Also change formatting of Yubikey and
OpenPGP numbers to match those printed on the card.
(app_get_dispserialno): New.
* scd/app-openpgp.c (do_getattr): Use app_get_dispserialno.
(yubikey_get_serialno): Remove.
* scd/app-piv.c (get_dispserialno): Remove.
(do_getattr): Use app_get_dispserialno.
--

This patch gets us back to a unique serial number for cards and
provides a stable serial number as printed for Yubikeys.

Because we use a slightly different serial number now for Yubikeys and
cards only supporting OpenPGP card we need to come up with another
change so that the version number of OpenPGP serial numbers are
ignored when comparing card serial numbers.  This is so that existing
stub keys of gpg-agent will continue to work.

GnuPG-bug-id: 5100
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-25 10:23:55 +01:00
NIIBE Yutaka
c3a20c88fb scd: Fix an error return for READKEY.
* scd/command.c (cmd_readkey): Return when error.

--

GnuPG-bug-id: 5150
Suggested-by: Ingo Klöcker
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-25 11:38:15 +09:00
NIIBE Yutaka
006944b856 scd,nks: Fix SEGV for learn for older card.
* scd/app-nks.c (keygripstr_from_pk_file): Set algostr.

--

GnuPG-bug-id: 5144
Fixes-commit: 26da47ae53d51e16ae6867cd419ddbf124a94933
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-25 10:32:28 +09:00
Gavin L. Rebeiro
572bcacc28
doc: Fix typos
--
GnuPG-bug-id: 5071

Also fixed one in keyformat.txt [wk].
2020-11-23 12:11:15 +01:00
NIIBE Yutaka
cc8b99d18e Fix the previous comment changes help doc string.
* scd/command.c (hlp_learn): Fix the doc string.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-20 17:17:30 +09:00
Werner Koch
23f1fc766a
scd: Do not print reader status change with --debug cardio.
--

... but use --debug reader for this.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit bd3b698d8ec427a02f2fa793777f2a88bc356f25)
2020-11-11 15:23:26 +01:00
Werner Koch
8fb0d5e3c7
card: Run factory-reset in locked stated.
* scd/command.c (reset_notify): Add option --keep-lock.
(do_reset): Add arg keep_lock.
(cmd_lock): Send progress status.
* g10/call-agent.c (agent_scd_apdu): Add more pseudo APDUs.
* g10/card-util.c (send_apdu): Ditto.
(factory_reset): Use lock commands.
--

This is required so that for example Kleopatra does not detect the
RESET and issues a SERIALNO of its own, thus conflicting with our
SERIALNO undefined.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-09 13:41:26 +01:00
NIIBE Yutaka
f808012ac2 scd: Use lock_slot for apdu_send_direct.
* scd/apdu.c (apdu_send_direct): Use lock_slot.

--

With trylock_slot, it may return SW_HOST_BUSY.  This may occur when
apdu_get_status is called by scd_update_reader_status_file.

Simply using lock_slot is much easier for user of apdu_send_direct.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-05 16:10:49 +09:00
NIIBE Yutaka
484bafda4d scd: Internal CCID driver: Fix a race condition on close.
* scd/ccid-driver.c (ccid_require_get_status): For VENDOR_SCM reader,
return 0 only at the initial call.
(bulk_in): Don't detect an error for VENDOR_SCM reader, just kicking
the loop, to invoke scd_update_reader_status_file, which calls
ccid_slot_status again.
(ccid_slot_status): Move the call of ccid_vendor_specific_setup to...
(ccid_get_atr): ... here.

--

For readers with interrupt transfer support, it is only intr_cb which
sets handle->powered_off to 1.  Keeping this condition makes no race.
The function ccid_slot_status can also detect a communication error,
which causes apdu_close_reader (but not setting ->powered_off).

GnuPG-bug-id: 5121
Fixes-commit: 920f258eb6018ecec1d63bad6a0fb0772f72affa
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-05 16:10:15 +09:00
NIIBE Yutaka
e59d2b3632 scd: Handle canonical serialno and app specific serialno differently.
* scd/app-common.h (card_get_serialno): Add IS_CANONICAL arg.
* scd/app.c (app_send_devinfo): Use app specific serialno.
(card_get_serialno): Support two different cases.
(app_get_serialno): Return app specific serialno.
(send_serialno_and_app_status): Return canonical serialno.
* scd/command.c (cmd_serialno): Return app specific serialno.
(cmd_learn): Return canonical serialno.

--

GnuPG-bug-id: 5100
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-27 14:35:20 +09:00
NIIBE Yutaka
8264b10d33 scd: Flush the cache when writing cert data object.
* scd/app-piv.c (do_writecert): Flush the cache of the data object.

--

Suggested-by: Ingo Klöcker
GnuPG-bug-id: 5102
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-26 14:29:31 +09:00
NIIBE Yutaka
31def32eee scd: Internal CCID driver thing only for SPR532.
* scd/ccid-driver.c (ccid_vendor_specific_setup): New.  Limit
only for SPR532, excluding other readers by SCM.
(ccid_slot_status): Use ccid_vendor_specific_setup.

--

We follow the setup procedure of libccid implementation, which sends
the escape command for SPR532 only.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-26 11:38:47 +09:00
NIIBE Yutaka
3c6b5dfa2a scd: Internal CCID driver limiting only for SPR532.
* scd/ccid-driver.c (ccid_vendor_specific_init): Only do that for
SPR532.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-24 11:01:10 +09:00
Werner Koch
32f336d955
common: Allow building with released libgpg-error.
* common/sysutils.c (gnupg_access) [W32]: Fix for older libgpgrt.
--

Fixes-commit: c94ee1386e0d5cdac51086c4d5b92de59c09c9b5
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-23 20:16:18 +02:00
NIIBE Yutaka
2d4de4b6f0 scd: Handle Yubikey's multiple apps and serialno.
* scd/app-common.h (yubikey_get_serialno): New.
* scd/app-openpgp.c (yubikey_get_serialno): New.
* scd/app.c (card_get_serialno): Use OpenPGP app's serialno,
when it's enabled for Yubikey.
(send_serialno_and_app_status): Use card_get_serialno, not
directly accessing ->serialno.

--

GnuPG-bug-id: 5100
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-23 16:31:03 +09:00
NIIBE Yutaka
c8cc35dd2c scd: Use app_get_serialno for app_getattr.
* scd/app.c (app_getattr): Use app_get_serialno.

--

GnuPG-bug-id: 5100
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-23 15:25:07 +09:00
NIIBE Yutaka
65c91e601a scd: Don't overwrite serialno for Yubikey.
* scd/app-openpgp.c (app_select_openpgp): Keep ->serialno.

--

GnuPG-bug-id: 5100
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-23 15:19:53 +09:00
NIIBE Yutaka
41505f0ae5 scd,openpgp: Use app_get_serialno function to get SERIALNO.
* scd/app-openpgp.c (check_keyidstr): Don't directly access
app->serialno, but use app_get_serialno.
(do_with_keygrip): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-23 15:14:12 +09:00
Werner Koch
390497ea11
Replace most of the remaining stdio calls by estream calls.
--

We need to use es_fopen on Windows to cope with non-ascii file names.
This is quite a large but fortunately straightforward change.  At a
very few places we keep using stdio (for example due to the use of
popen).

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-20 12:15:56 +02:00
NIIBE Yutaka
920f258eb6 scd: Internal CCID driver: More fix for SPR532.
* scd/ccid-driver.c (bulk_in): Handle the case of missing intr_cb.

--

GnuPG-bug-id: 5065
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-30 10:56:38 +09:00