1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

671 Commits

Author SHA1 Message Date
NIIBE Yutaka
7db836c0e9 scd: Change handling of SPR532 card reader.
* scd/ccid-driver.c (ccid_vendor_specific_init): Put some workaround
for SPR532 initialization.
(ccid_slot_status): Send ESCape command after GetSlotStatus.

--

Backport master commit of:

	684a52dffa8b7f79b26fe53b3ab10d7748a8fb37

GnuPG-bug-id: 5065
Fixes-commit: 4fae55f8ee11b3f710524e5e8b8a91b159949f2d
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-06 11:43:13 +09:00
NIIBE Yutaka
11d8d1e050 scd: For SPR532, submit the ESCape command at initialization.
* scd/ccid-driver.c (ccid_vendor_specific_init): Submit the ESC
command for VENDOR_SCM.
(ccid_transceive_secure): Don't submit the ESC command every time.

--

Backport master commit of:

	4fae55f8ee11b3f710524e5e8b8a91b159949f2d

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-06 11:42:23 +09:00
NIIBE Yutaka
dd7cc24d5f scd: Fix CCID internal driver for interrupt transfer.
* scd/ccid-driver.c (intr_cb): Handle the case of multiple messages.

--

Backport master commit of:

	7cbb513a2dc150a90a30c53316970df2a439d494

SPR532 USB Smart Card Reader (also know as SPR332) may send two
messages at once for a single interrupt transfer.  An example transfer
observed was like: 50 03 50 02, which is considered valid, according
to the CCID specification.

GnuPG-bug-id: 5065
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-06 11:41:25 +09:00
NIIBE Yutaka
186d11896c scd: Better handling of timeout and time extension.
* scd/ccid-driver.c (CCID_CMD_TIMEOUT_LONGER): Remove.
(ccid_transceive): Don't use x4 blindly for bBWI, but use dynamically
determined value.  Use value from variable wait_more for bulk_in.
Set wait_more by the value of time extension request.

--

Backport master commit of:

	f1cf799a37f320d33cae445c74f3fc1936dd9995

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-06 11:38:40 +09:00
NIIBE Yutaka
60af035c22 scd: Fix internal CCID driver, so that -DTEST works.
* scd/ccid-driver.c: Support a test program by ccid-driver.

--

Backport from master commit:

	b31060425226b45deb21915bf5cd8b6ba62bd098

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-06 11:27:41 +09:00
NIIBE Yutaka
165312dca9 scd: ccid-driver: Initial getting ATR more robustly.
* scd/ccid-driver.c (send_power_off): New.
(do_close_reader): Use send_power_off.
(ccid_get_atr): Add error recovery.

--

Backport from master commit of:

	c51a5685554a06e00ae1e99070b44613b2f8d417

GnuPG-bug-id: 4616
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-06 11:21:42 +09:00
NIIBE Yutaka
1efc01ff98 scd: Clean up the structure for future fix of PC/SC.
* scd/apdu.c (struct dev_list): Rename from ccid_table, with void*.
(open_ccid_reader): Follow the change.
(apdu_dev_list_start, apdu_dev_list_finish): Likewise.
(apdu_open_reader): Likewise.
* scd/ccid-driver.c (ccid_dev_scan): Use void *.
(ccid_dev_scan_finish, ccid_get_BAI, ccid_open_usb_reader): Likewise.
* scd/ccid-driver.h: Change the APIs.

--

Backport from master commit of:

	f44aa290c1368a3119b2323664c0f356195c4206

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-06 11:17:58 +09:00
Werner Koch
5b985b0264 scd: Map some error codes from libusb to ccid-driver error codes.
* scd/ccid-driver.h (CCID_DRIVER_ERR_USB_*): New error codes.
* scd/apdu.h: New SW_HOST error codes.
* scd/apdu.c (host_sw_string): Print them
* scd/ccid-driver.c (map_libusb_error): New.
(ccid_open_usb_reader, bulk_in, abort_cmd): Map libusb error codes.
* scd/iso7816.c (map_sw): Map new codes to gpg-error.
--

Backport from master commit:

	9a8d7e41bba1926158a21ebdda542241493ef983

This change will help to get low level error conditions from hipher
application code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-06 11:14:59 +09:00
NIIBE Yutaka
cccdca61a8 scd: internal driver: Submit SET_INTERFACE control transfer.
* scd/ccid-driver.c (ccid_open_usb_reader): Alway submit SET_INTERFACE
control transfer.

--

Backport from master commit:

	611faf1579a56925994d53eb08e1290a4b3958cf

This handling is not mondatory, but it's better to do so, because
there are card reader with pinpad and token with ack button, which
support user interaction.

User interaction status should be reset at open time.  The status
should be reset when the session is closed/stopped.  In practice,
since cleanup routine in a driver may not be called properly, it's
good to submit SET_INTERFACE at open time.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-06 11:14:29 +09:00
NIIBE Yutaka
e3a12b09dc scd: Internal CCID driver: Spelling cleanup.
--

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Backport master commit of:
	0904b8ef348a52335c378bee6dc90a978885d66f
2020-10-06 11:06:53 +09:00
NIIBE Yutaka
7b531fe580 scd: Internal CCID driver: Clean up backport from master.
* scd/ccid-driver.c (print_error) [TEST]: Add missing break.  Note
    that this is anyway an impossible case.

--

Backport master commit of:

	8fb14d3b3f9c5c27ff8b9f0e7e7207ec388687ff

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-06 11:02:24 +09:00
Werner Koch
c81f02c959
w32: Add manifest files to most binaries
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-02 17:04:12 +02:00
Werner Koch
c10ba8e883
doc: Typo fixes
--
2020-10-02 12:32:37 +02:00
NIIBE Yutaka
61aea64b3c scd: Fix the use case of verify_chv2 by CHECKPIN.
* scd/app-openpgp.c (verify_chv2): Call verify_a_chv with chvno=1
when needed.

--

Backport of master commit of:
	6e51f2044aebb885ea81dae259db1b7f477b1c44

Fixes-commit: d2f1a0a791db3eb03c003365cbcd010bd8066edb
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-16 12:46:50 +09:00
NIIBE Yutaka
0a9665187a scd: Fix a regression for OpenPGP card.
* scd/app-openpgp.c (verify_chv2): Make sure loading keys.

--

Fixes-commit: d2f1a0a791db3eb03c003365cbcd010bd8066edb
Reported-by: Michał Górny
GnuPG-bug-id: 5039
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-01 15:23:59 +09:00
NIIBE Yutaka
d2f1a0a791 scd: Add condition for VERIFY with 0x82.
* scd/app-openpgp.c (verify_chv2): Check availability of keys in
question.

--

Backport master commit of:
	af189be481df02a77e088aa0a60a1fc02dfa12bf

With buggy Gnuk (<= 1.2.15), when no encr/auth keys are available,
it fails decrementing the signature error counter.  This change
can avoid the issue.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-08-27 10:54:59 +09:00
NIIBE Yutaka
e285b1197b scd: Fix condition for C5 data object for newer Yubikey.
* scd/app-openpgp.c (compare_fingerprint): Relax the condition.

--

Cherry-picked from master commit of:
	f3df8dbb696fed192501fa7f741c2e0e0936a3d5

GnuPG-bug-id: 4957
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-29 11:21:01 +09:00
Werner Koch
c6324ee07a
common: Change argument order of log_printhex.
* common/logging.c (log_printhex): Chnage order of args.  Make it
printf alike.  Change all callers.
* configure.ac: Add -Wno-format-zero-length
--

This makes it consistent with modern libgpgrt logging and thus eases
back porting from newer GnuPG versions which use libgpgrt logging.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-12 18:51:47 +02:00
Werner Koch
39e2260d7e
scd:p15: Return a display S/N via Assuan.
* scd/app-p15.c (make_pin_prompt): Factor some code out to ...
(get_dispserialno): this.
(do_getattr): Use new fucntion for a $DISPSERIALNO.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-15 15:42:35 +02:00
Werner Koch
beaa2cbb7f
scd:p15: Show a pretty PIN prompt.
* scd/app-p15.c (struct prkdf_object_s): New fields common_name and
serial_number.
(release_prkdflist): Free them.
(keygrip_from_prkdf): Parse cert and set them.
(any_control_or_space): New.
(make_pin_prompt): New.
(verify_pin): Construct a pretty PIN prompt.
(do_sign): Remove debug output.
--

The D-Trust card has the SerialNumber part of the Subject printed on
the front matter, we assume this is also possible with other cards and
thus we show this as serial number.

The holder of the card is also extracted from the card's subject.

Signed-off-by: Werner Koch <wk@gnupg.org>

Backported from master.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-15 15:42:01 +02:00
Werner Koch
9e6a3290da
scd: Return GPG_ERR_BAD_PIN on 0x63Cn status word.
* scd/iso7816.c (map_sw): Detect 0x63Cn status code.
--

I really wonder when that got lost and we ended up with a simple card
error.

Signed-off-by: Werner Koch <wk@gnupg.org>
Backported from master.
2020-04-15 15:38:13 +02:00
Werner Koch
9497d25c56
scd: Factor common PIN status check out.
* scd/iso7816.h (ISO7816_VERIFY_ERROR): New.
(ISO7816_VERIFY_NO_PIN): New.
(ISO7816_VERIFY_BLOCKED): New.
(ISO7816_VERIFY_NULLPIN): New.
(ISO7816_VERIFY_NOT_NEEDED): New.
* scd/iso7816.c (iso7816_verify_status): New.
* scd/app-nks.c (get_chv_status): Use new function.
--

Signed-off-by: Werner Koch <wk@gnupg.org>

Backported from master:
- Removed the non-existant app-piv.c patches.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-15 15:35:55 +02:00
Werner Koch
471b06e91b
scd:p15: Fix decrypt followed by sign problem for D-Trust cards.
* scd/iso7816.c (iso7816_select_mf): New.
* scd/app-p15.c (card_product_t): New.
(struct app_local_s): Add field 'card_product'.
(read_ef_tokeninfo): Detect D-Trust card.
(prepare_verify_pin): Switch to D-Trust AID.
(do_decipher): Restore a SE for D-TRust cards.  Change the padding
indicator to 0x81.

* common/percent.c (percent_data_escape): new.  Taken from master.
--

Using what I learned from a USB trace running the Governikus Signer
Software on Windows this fixes the left over problem with the new
D-Trust card support.

Signed-off-by: Werner Koch <wk@gnupg.org>

Backported from master.  This required to add the percent_data_escape
function we introduced in master on 2018-07-02:

    commit 58baf40af641f8cbf597e508a292e85ae94688f1
    common: New function percent_data_escape.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-15 15:31:56 +02:00
Werner Koch
4148976841
scd:p15: Emit MANUFACTURER, $ENCRKEYID, $SIGNKEYID.
* scd/app-p15.c (read_ef_tokeninfo): Store manufacturer_id.
(do_getattr): Implement MANUFACTURER, $ENCRKEYID and $SIGNKEYID.
(send_keypairinfo): Also print usage flags.
--

Signed-off-by: Werner Koch <wk@gnupg.org>

Backported from master.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-15 15:21:25 +02:00
Werner Koch
431b3e68e0
scd:openpgp: New attribute "MANUFACTURER".
* scd/app-openpgp.c (get_manufacturer): New..
(do_getattr): Add new attribute "MANUFACTURER".
(do_learn_status): Always print it.
--

This will make it easy to maintain the list of OpenPGP vendors at just
one place.

Signed-off-by: Werner Koch <wk@gnupg.org>

Backported from master:

.. or well in master and 2.2

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-15 15:16:05 +02:00
Werner Koch
b0cb2c2ab8
scd:p15: Rename some variables and functions for clarity.
* scd/app-p15.c: Rename keyinfo to prkdf.

Signed-off-by: Werner Koch <wk@gnupg.org>

Backported from master.  Removed the do_with_keygrip related parts
because that function is not available.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-15 15:13:42 +02:00
Werner Koch
133b6ff8cd
scd:p15: Cache the PIN.
* scd/app-p15.c (struct prkdf_object_s): Add flag pin_verified.
(verify_pin): Make use of it.
--

Theee is still a problem with the APDUs we send: Switching between
signing and decryption does work but not in the other way.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-15 15:10:54 +02:00
Werner Koch
b95a0bfbba
scd:p15: Add missing keygrip retrieval for decryption.
* scd/app-p15.c (do_decipher): Get the keygrip.
--

This was lost during the backport.

Fixes-commit: 4af38ea5e450b3eb79af98b9876b2b968110a459
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-01 17:43:05 +02:00
Werner Koch
4af38ea5e4
scd:p15: Support decryption with CardOS 5 cards.
* scd/app-p15.c (do_decipher): New.
--

tested using the D-TRUSt card and a SCR3310 reader.  The Kobil KAAN
Advanced, I used for the signing tests could not be used because it
supports only Short APDU Level exchange.

Signed-off-by: Werner Koch <wk@gnupg.org>

Back ported from master.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-01 16:11:29 +02:00
Werner Koch
ce9406ca37
scd:p15: Factor PIN verification out to a new function.
* scd/app-p15.c (do_sign): Factor code out to ...
(prepare_verify_pin, verify_pin): new functions.
--

Signed-off-by: Werner Koch <wk@gnupg.org>

Bakc ported from master

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-01 16:05:54 +02:00
Werner Koch
e730444e7b
scd:p15: Support signing with CardOS 5 cards.
* scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg
r_pkey and change all callers.
(app_help_get_keygrip_string): Ditto.
* scd/app-p15.c (struct cdf_object_s): Use bit flags
(struct aodf_object_s): Ditto.  Add field 'fid'.
(struct prkdf_object_s): Ditto.  Add fields keygrip, keyalgo, and
keynbits.
(parse_certid): Allow a keygrip instead of a certid aka keyref.
(read_ef_aodf): Store the FID.
(keygripstr_from_prkdf): Rename to ...
(keygrip_from_prkdf): this.  Remove arg r_gripstr and implement cache.
Change callers to directly use the values from the object.  Also store
the algo and length of the key ion the object.
(keyref_from_keyinfo): New. Factored out code.
(do_sign): Support SHA-256 and >2048 bit RSA keys.
common/scd:p15: Support signing with CardOS 5 cards.
* common/util.h (KEYGRIP_LEN): New.
--

This has been tested with a D-Trust card featuring 3072 bit keys.
Note that non-repudiation key for a qualified signature does not yet
work because we do not yet support rsaPSS padding.  Thus a gpgsm
--learn shows a couple of Bad Signature errors for this key.

Signed-off-by: Werner Koch <wk@gnupg.org>

Back ported from master:
- Removed do_with_keygrip
- Added KEYGRIP_LEN
- app_help_get_keygrip_string_pk actually added.
- Move keygrip_from_prkdf in do_sign before the verification.
  It used to work in master only because there it is implictly
  called prior to signing by do_with_keygrip

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-01 16:00:31 +02:00
Werner Koch
368f006a28
scd:p15: Read certificates in extended mode.
* scd/app-p15.c (readcert_by_cdf): Allow reading in extended mode.
* scd/app-common.h (app_get_slot): New.
--

Signed-off-by: Werner Koch <wk@gnupg.org>

(Back ported from master)

Added app_get_slot.
2020-04-01 15:01:43 +02:00
Werner Koch
64142caafe
scd: Add function for binary read in extended mode.
* scd/iso7816.c (iso7816_read_binary): Factor code out to ...
(iso7816_read_binary_ext): new function.  Add arg extended_mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-01 14:55:30 +02:00
Werner Koch
135af66525
scd:p15: Improve diagnostics
--

This removes almost all log_debug calls and uses opt.verbose and
log_info to show card information.  Also avoid too long and thus
harder to read lines.

Signed-off-by: Werner Koch <wk@gnupg.org>

(back ported from master)
2020-04-01 14:54:47 +02:00
Werner Koch
60b0aa7e57
scd:p15: Detect CardOS 5 cards and print some basic infos.
* scd/app-p15.c (read_ef_odf): Detect the home_DF on the fly.  Silence
the garbage warning for null bytes.
(print_tokeninfo_tokenflags): New.
(read_ef_tokeninfo): Print manufacturer, label, and flags.
(app_select_p15): No need to use the app_get_slot macro.
(CARD_TYPE_CARDOS_50): New const.
(card_atr_list): Detect CardOS 5.0
--

The card under test is a "Test-Signaturkarte D-TRUST Card 3.1" for a
mere 49 Euro and no specs available.  D-Trust is a branch of the
German Bundesdruckerei.  Compare that to Telesec and Yubikey who have
always been nice enough to send bunches of sample cards without a need
to wade through lots of forms and not even asking for money.  Guess
which cards I prefer.

Signed-off-by: Werner Koch <wk@gnupg.org>

(backported from master)
2020-04-01 14:50:37 +02:00
NIIBE Yutaka
133248b297
scd: Fix pinpad handling when KDF enabled.
* scd/app-openpgp.c (do_getattr): Send the KDF DO information.

--

Fixes-commit: 95c7498b76231d3297541172d878f6a26702539b
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 11da441016222337284c519ff56aca34e3042373)
2020-03-18 16:05:20 +01:00
NIIBE Yutaka
b27e20a95c
scd: Disable pinpad if it's impossible by KDF DO.
* scd/app-openpgp.c (struct app_local_s): Add pinpad.disabled field.
(do_getattr): Set pinpad.disabled field.
(check_pinpad_request): Use the pinpad.disabled field.
(do_setattr): Update pinpad.disabled field.

--

GnuPG-bug-id: 4832
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 95c7498b76231d3297541172d878f6a26702539b)
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-18 16:02:32 +01:00
Werner Koch
21d9bd8b87
build: Always use EXTERN_UNLESS_MAIN_MODULE pattern.
* common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only
here but now without the Norcroft-C.  Change all other places where it
gets defined.
* common/iobuf.h (iobuf_debug_mode): Declare unconditionally as
extern.
* common/iobuf.c (iobuf_debug_mode): Define it here.
* agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in
all main modules of all other programs.

* g10/main.h: Put util.h before the local header files.
--

This change is required for use with gcc/ld's LTO feature which does
not allow common blocks.  Further gcc 10 will make -fno-common the
default and thus this chnage is always needed.  What a pitty.

Co-authored-by: Tomáš Mráz
GnuPG-bug-id: 4831
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-10 16:37:34 +01:00
NIIBE Yutaka
9b41f58c8a scd,ccid: Add support of GEMPC_EZIO.
* scd/ccid-driver.h (GEMPC_EZIO): New.
* scd/ccid-driver.c (ccid_transceive_secure): Support GEMPC_EZIO.

--

This is backport from master.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-11-15 15:49:46 +09:00
Werner Koch
0a9053eff0
scd:nks: Extend keypairinfo with usage flags.
* scd/app-nks.c (do_learn_status_core): Return usage.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-21 13:59:20 +02:00
Werner Koch
6f67abcc03
scd:openpgp: Extend keypairinfo with usage flags.
* scd/app-openpgp.c (send_keypair_info): Return usage.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-21 13:59:18 +02:00
Werner Koch
23784f8bf0
scd: New standard attributes $ENCRKEYID and $SIGNKEYID.
* g10/call-agent.c (agent_scd_keypairinfo): Use --keypairinfo.
* sm/call-agent.c (gpgsm_agent_scd_keypairinfo): Ditto.
* scd/app-openpgp.c (do_getattr): Add attributes "$ENCRKEYID" and
"$SIGNKEYID".
* scd/app-nks.c (do_getattr): Add attributes too.
--

We already have $AUTHKEYID to locate the keyref of the key to be used
with ssh.  It will also be useful to have default keyref for
encryption and signing.  For example, this will allow us to replace
the use of "OPENPGP.2" by a app type specific keyref.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 2b1135cf920cf3d863813d60f032d476dcccfb58)

Removed changes for the non-existing app-piv.c.
Added support for NKS.
2019-08-21 11:00:18 +02:00
Werner Koch
d410b5f930
gpg: Repurpose the ISO defined DO "sex" to "salutation".
* g10/card-util.c (current_card_status): String changes.
(change_sex): Description change.
(cmds): Add "salutation"; keep "sex" as an alias.
--

Note that we can't change the used values or tags but at least the UI
should show reflect the real purpose of the field.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 166f3f9ec40888e10cb0c51017944bfc57503fc1)
2019-08-21 10:00:55 +02:00
NIIBE Yutaka
879660bf45 scd: Handle CCID bwi of time extension.
* scd/ccid-driver.c (bulk_in): Increase timeout by the multiplier
value as defined section 6.2.6 in CCID specification.

--

Backport master commit of:
	996c497a864d820af06333014b2c5f74d1054866

For TPDU level transfer, it was handled.  This is fix for APDU level
transfer.

GnuPG-bug-id: 4646
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-08-12 10:39:35 +09:00
NIIBE Yutaka
f8961a576d scd: Fix bBWI value.
* scd/ccid-driver.c (ccid_transceive_apdu_level): Use bBWI=0 for APDU
level transfer.
(ccid_transceive): Use bBWI=0 or the value returend by WTX for TPDU
level transfer.

--

Backported master commit of:
	858dc9564326e65e6d8771af160d4513aea1e4eb

GnuPG-bug-id: 4654
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-08-12 10:29:20 +09:00
Daniel Kahn Gillmor
520f5d70e4 spelling: Fix "synchronize"
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-06-23 20:17:47 -04:00
Werner Koch
cb20659674
scd: Add dummy option --application-priority.
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-02 13:32:25 +02:00
NIIBE Yutaka
38c2a9a644
g10: Fix symmetric cipher algo constant for ECDH.
* g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for
ECC strength 384, according to RFC-6637.

--

Reported-by: Trevor Bentley
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit af3efd149f555d36a455cb2ea311ff81caf5124c)
2019-03-27 12:29:45 +01:00
Werner Koch
e7eafe1019
scd: Fix flushing of CA-FPR data objects
* scd/app-openpgp.c (do_setattr): Add new table item to flush a
different tag.

--

For whatever reasons the OpenPGP card reads the 3 CA fingerprints from
one object but sets them individually using 3 different tags.  The
cache flushing was not prepared for this and so a changed CA
fingerprint showed only up after a card reset.  This patch fixes it.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit c9f4c1f0de06672c6ae2b793d86cc001d131f9a6)

Fixed conflict by removing the UIF-* entries from the table.
2019-03-07 10:39:46 +01:00
Werner Koch
0eb8095626
scd: Don't let the "undefined" app cause a conflict error.
* scd/app.c (check_conflict): Ignore "undefined".

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 5ecc7a02609dde65096ddb12e0ff8f6bce3b774a)
2019-02-25 08:50:31 +01:00