1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

136 Commits

Author SHA1 Message Date
Werner Koch
55e64f47a5
scd: Fix size_t/unsigned int mismatch.
* scd/app-openpgp.c (ecc_writekey): Use extra var n.
2015-07-26 12:55:53 +02:00
NIIBE Yutaka
ef080d5c7f scd: support any curves defined by libgcrypt.
* g10/call-agent.h (struct agent_card_info_s): Add curve field.
* g10/call-agent.c (learn_status_cb): Use curve name.
* g10/card-util.c (card_status): Show pubkey name.
* scd/app-openpgp.c (struct app_local_s): Record OID and flags.
(store_fpr): Use ALGO instead of key type.
(send_key_attr): Use curve name instead of OID.
(get_public_key): Clean up by OID to curve name.
(ecc_writekey): Support any curves in libgcrypt.
(do_genkey, do_auth, ): Follow the change.
(ecc_oid): New.
(parse_algorithm_attribute): Show OID here.
2015-07-25 12:09:23 +09:00
NIIBE Yutaka
dbf4534f49 scd: Format change to specify "rsa2048" for KEY-ATTR.
* g10/card-util.c (do_change_keysize): Put "rsa".
* scd/app-openpgp.c (change_keyattr, change_keyattr_from_string):
Change the command format.
(rsa_writekey): Check key type.
(do_writekey): Remove "ecdh" and "ecdsa" support which was available
in experimental libgcrypt before 1.6.0.
2015-07-23 14:10:03 +09:00
NIIBE Yutaka
9901be3956 scd: change_keyattr_from_string for ECC.
* scd/app-openpgp.c (change_keyattr, change_keyattr_from_string):
Support ECC.
(rsa_writekey): Don't change key attribute.
2015-07-21 14:27:02 +09:00
NIIBE Yutaka
f5d356fb5b scd: Use openpgpdefs.h for constants.
* scd/app-openpgp.c: Include openpgpdefs.h.
2015-07-17 09:34:47 +09:00
NIIBE Yutaka
45c49a0030 scd: Support AES decryption for OpenPGPcard v3.0.
* scd/app-openpgp.c (do_decipher): Support AES decryption.
2015-07-02 12:14:40 +09:00
NIIBE Yutaka
d2fdf2e1b6 scd: Support button flag and AES key data for OpenPGPcard v3.0.
* scd/app-openpgp.c (do_getattr, show_caps, app_select_openpgp):
Support button and symmetric decryption.
(do_setattr): Support setting AESKEY.
2015-06-26 15:14:27 +09:00
NIIBE Yutaka
cf508a1f7f scd: do_decipher change for OpenPGPcard v3.0.
* scd/app-openpgp.c (do_decipher): Add a header for ECDH.
2015-06-05 14:02:40 +09:00
NIIBE Yutaka
e5c69e87be scd: Fix key template of ECC.
* scd/app-openpgp.c (build_ecc_privkey_template): Use correct value.

--

Forthcoming OpenPGPcard specification 3.0 will address this 0x92.
2015-05-29 14:06:38 +09:00
NIIBE Yutaka
bb5a1b7c73 scd: fix for 64-bit arch.
* agent/pksign.c (agent_pksign_do): Use int.
* scd/app-openpgp.c (get_public_key): Likewise.

--

On 64-bit architecture, int and size_t might be different.
For the first argument for '%b', int is expected.
2015-03-09 11:00:03 +09:00
Werner Koch
2183683bd6 Use inline functions to convert buffer data to scalars.
* common/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--

Commit 91b826a38880fd8a989318585eb502582636ddd8 was not enough to
avoid all sign extension on shift problems.  Hanno Böck found a case
with an invalid read due to this problem.  To fix that once and for
all almost all uses of "<< 24" and "<< 8" are changed by this patch to
use an inline function from host2net.h.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-11 10:28:25 +01:00
NIIBE Yutaka
f6d3c6e526 scd: Fix varargs call for 64-bit arch on ECC keys.
* scd/app-openpgp.c (store_fpr): Remove CARD_VERSION from the
arguments.
(rsa_writekey): Follow the change.
(do_genkey): Likewise.
(ecc_writekey): Likewise.  Cast to size_t.

--

KEYTOCARD caused SEGV of scdaemon on 64-bit arch.  That's because
int is 32-bit, but size_t is 64-bit.
2015-01-28 11:24:29 +09:00
Joshua Rogers
100b322f5d scd: fix get_public_key for OpenPGPcard v1.0.
* scd/app-openpgp.c (get_public_key): correctly close 'fp' upon use.

--

Inside the get_public_key function, 'fp' was opened using popen, but
incorrectly closed using fclose.

Debian-Bug-Id: 773474
2015-01-08 11:12:42 +09:00
NIIBE Yutaka
bdc8efbdd1 scd: ECDH Support.
* agent/divert-scd.c (divert_pkdecrypt): Support ECDH.
* scd/app-openpgp.c (get_algo_byte, store_fpr): Support ECDH.
(send_key_attr): Support ECDH.  Fix EdDSA algorithm value.
(retrieve_key_material): Initialize fields.
(get_public_key, ecc_writekey, do_writekey): Support ECDH.
(ecdh_writekey): Remove.
(do_decipher): Support ECDH.
(parse_algorithm_attribute): Support ECDH.  Fix EdDSA.

--

Following the gpg-agent protocol, SCDaemon's counter part is now
implemented.
2014-12-22 09:27:00 +09:00
Werner Koch
dd65e21cb4 gpg: Add sub-command "factory-reset" to --card-edit.
* common/util.h (GPG_ERR_OBJ_TERM_STATE): New.
* scd/iso7816.c (map_sw): Add this error code.
* scd/app-openpgp.c (do_getattr): Return the life cycle indicator.
* scd/app.c (select_application): Allow a return value of
GPG_ERR_OBJ_TERM_STATE.
* scd/scdaemon.c (set_debug): Print the DBG_READER value.
* g10/call-agent.c (start_agent): Print a status line for the
termination state.
(agent_scd_learn): Make arg "info" optional.
(agent_scd_apdu): New.
* g10/card-util.c (send_apdu): New.
(factory_reset): New.
(card_edit): Add command factory-reset.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-15 17:38:40 +01:00
Werner Koch
68b4e7c9e4 scd: Fix possibly inhibited checkpin of the admin pin.
* scd/app-openpgp.c (do_check_pin): Do not check a byte of a released
buffer.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-12 20:11:36 +01:00
NIIBE Yutaka
c50c11d575 scd: Fix for EdDSA.
* scd/app-openpgp.c (get_algo_byte): It catches 22.
(store_fpr): It's MPI usually, but it's opaque bytes for EdDSA.
2014-12-08 10:21:55 +09:00
NIIBE Yutaka
8720125f5a scd: Fix for NIST P-256.
* g10/card-util.c (card_store_subkey): Error check.
* scd/app-opengpg.c (ecc_writekey): Support NIST P-256.
(do_writekey): Error check.
2014-12-05 14:20:50 +09:00
Werner Koch
519305feb8 Switch to the libgpg-error provided estream.
* configure.ac (NEED_GPG_ERROR_VERSION): Reguire 1.14.
(GPGRT_ENABLE_ES_MACROS): Define.
(estream_INIT): Remove.
* m4/estream.m4: Remove.
* common/estream-printf.c, common/estream-printf.h: Remove.
* common/estream.c, common/estream.h: Remove.
* common/init.c (_init_common_subsystems): Call gpgrt initialization.
2014-08-26 17:47:54 +02:00
NIIBE Yutaka
3132bd90dc scd: EdDSA support.
* scd/app-openpgp.c (KEY_TYPE_EDDSA, CURVE_ED25519): New.
(struct app_local_s): Add eddsa.
(get_algo_byte, store_fpr): Support KEY_TYPE_EDDSA.
(get_ecc_key_parameters, get_curve_name): Support CURVE_ED25519.
(send_key_attr, get_public_key): Support KEY_TYPE_EDDSA.
(build_ecc_privkey_template): Rename as it supports both of
ECDSA and EdDSA.
(ecc_writekey): Rename.  Support CURVE_ED25519, too.
(do_writekey): Follow the change of ecc_writekey.
(do_auth): Support KEY_TYPE_EDDSA.
(parse_ecc_curve): Support CURVE_ED25519.  Bug fix for other curves.
(parse_algorithm_attribute): Bug fix for ECDH.  Support EdDSA.
2014-04-09 09:30:19 +09:00
Werner Koch
36dfc37e43 scd: Silent compiler warnings about unused variables.
* scd/app-openpgp.c (build_ecdsa_privkey_template): Mark unused arg.
(ecdh_writekey): Mark unused args.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-04-08 10:02:08 +02:00
NIIBE Yutaka
781b941743 scd: writekey support of ECC.
* scd/app-openpgp.c (CURVE_SEC_P256K1, get_algo_byte): New.
(store_fpr): Support ECC keys with varargs.
(get_ecc_key_parameters, get_curve_name): Support secp256k1.
(parse_ecc_curve): Likewise.
(build_ecdsa_privkey_template, rsa_writekey, ecdsa_writekey): New.
(ecdh_writekey): New.  Not implemented yet.
(do_writekey): Call rsa_writekey, ecdsa_writekey, or ecdh_writekey.
(do_genkey): Follow the change of store_fpr.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2014-03-12 17:25:33 +09:00
Jonas Borgström
cc67918c08 scd: add support for RSA_CRT and RSA_CRT_N key import.
* scd/app-openpgp.c (do_writekey): Added RSA_CRT and RSA_CRT_N support.

--

Updates of original patch by wk:

  -      unsigned char *rsa_u, *rsa_dp, rsa_dq;
  +      unsigned char *rsa_u, *rsa_dp, *rsa_dq;

and AUTHORS.  Missing signed-off-by assumed due to DCO send the other
day.
2013-08-29 17:53:14 +02:00
Werner Koch
780ba32336 gpg: Make decryption with the OpenPGP card work.
* scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New.
* scd/app-openpgp.c (do_decipher): Add arg R_INFO.
* scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy.
* scd/app.c (app_decipher): Add arg R_INFO.
* scd/command.c (cmd_pkdecrypt): Print status line "PADDING".
* agent/call-scd.c (padding_info_cb): New.
(agent_card_pkdecrypt): Add arg R_PADDING.
* agent/divert-scd.c (divert_pkdecrypt): Ditto.
* agent/pkdecrypt.c (agent_pkdecrypt): Ditto.
* agent/command.c (cmd_pkdecrypt):  Print status line "PADDING".
* g10/call-agent.c (padding_info_cb): New.
(agent_pkdecrypt): Add arg R_PADDING.
* g10/pubkey-enc.c (get_it): Use padding info.
--

Decryption using a card never worked in gpg 2.1 because the
information whether the pkcs#1 padding needs to be removed was not
available.  Gpg < 2.1 too this info from the secret sub key but that
has gone in 2.1.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-28 17:40:32 +02:00
NIIBE Yutaka
b6d54f1196 scd: fix parsing login-data DO.
* scd/app-openpgp.c (parse_login_data): Release RELPTR.  Fix parsing.

--

Signed-off-by: NIIBE Yutaka
2013-08-27 10:23:09 +09:00
NIIBE Yutaka
006782068e scd: fix missing close paren.
* scd/app-openpgp.c (du_auth): Fix.

--
2013-03-15 08:33:13 +09:00
NIIBE Yutaka
73ad742dea scd: support ECDSA signing.
* scd/app-openpgp.c (do_sign): Only prepend message digest block
for RSA or do_auth.
(do_auth): Remove message digest block for ECDSA.

--

If we don't need to check the message digest block by SCDaemon, we
don't requite the message digest block for ECDSA by gpg-agent.
2013-03-09 09:36:21 +09:00
NIIBE Yutaka
010bc7f4f0 scd: support ECDSA public key.
* scd/app-openpgp.c (key_type_t): New.
(CURVE_NIST_P256, CURVE_NIST_P384, CURVE_NIST_P521): New.
(struct app_local_s): Change keyattr to have key_type and union.
(get_ecc_key_parameters, get_curve_name): New.
(send_key_attr, get_public_key): Support ECDSA.
(build_privkey_template, do_writekey, do_genkey): Follow the change
of the member KEY_ATTR.
(parse_historical): New.
(parse_algorithm_attribute): Support ECDSA.
--

Add ECDSA support to OpenPGP card.
2013-03-08 11:40:37 +09:00
NIIBE Yutaka
7253093add scd: Rename 'keypad' to 'pinpad'.
* NEWS: Mention scd changes.

* agent/divert-scd.c (getpin_cb): Change message.

* agent/call-scd.c (inq_needpin): Change the protocol to
POPUPPINPADPROMPT and DISMISSPINPADPROMPT.
* scd/command.c (pin_cb): Likewise.

* scd/apdu.c (struct reader_table_s): Rename member functions.
(check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify,
check_ccid_pinpad, ccid_pinpad_operation, apdu_check_pinpad
apdu_pinpad_verify, apdu_pinpad_modify): Rename.

* scd/apdu.h (SW_HOST_NO_PINPAD, apdu_check_pinpad)
(apdu_pinpad_verify, apdu_pinpad_modify): Rename.

* scd/iso7816.h (iso7816_check_pinpad): Rename.

* scd/iso7816.c (map_sw): Use SW_HOST_NO_PINPAD.
(iso7816_check_pinpad): Rename.
(iso7816_verify_kp, iso7816_change_reference_data_kp): Follow
the change.

* scd/ccid-driver.h (CCID_DRIVER_ERR_NO_PINPAD): Rename.
* scd/ccid-driver.c (ccid_transceive_secure): Use it.

* scd/app-dinsig.c (verify_pin): Follow the change.
* scd/app-nks.c (verify_pin): Follow the change.

* scd/app-openpgp.c (check_pinpad_request): Rename.
(parse_login_data, verify_a_chv, verify_chv3, do_change_pin): Follow
the change.

* scd/scdaemon.c (oDisablePinpad, oEnablePinpadVarlen): Rename.

* scd/scdaemon.h (opt): Rename to disable_pinpad,
enable_pinpad_varlen.

* tools/gpgconf-comp.c (gc_options_scdaemon): Rename to
disable-pinpad.
2013-02-08 09:06:39 +09:00
NIIBE Yutaka
c27315fc64 scd: Fix check_keypad_request.
* scd/app-openpgp.c (check_keypad_request): 0 means not to use pinpad.
2013-02-05 14:59:29 +09:00
NIIBE Yutaka
0407e642f7 SCD: Support P=N format for login data.
* scd/app-openpgp.c (parse_login_data): Support P=N format.
2013-02-05 13:37:07 +09:00
NIIBE Yutaka
a9ff97a10f SCD: Defaults to use pinpad if the reader has the capability.
* scd/app-openpgp.c (struct app_local_s): Remove VARLEN.
(parse_login_data): "P=0" means to disable pinpad.
(check_keypad_request): Default is to use pinpad if available.
2013-02-05 13:37:06 +09:00
NIIBE Yutaka
334ba6efa5 SCD: handle keypad request on the card.
* scd/app-openpgp.c: Add 2013.
(struct app_local_s): Add keypad structure.
(parse_login_data): Add parsing keypad request on the card.
(check_keypad_request): New.
(verify_a_chv, verify_chv3, do_change_pin): Call check_keypad_request
to determine use of keypad.
2013-02-05 13:37:06 +09:00
NIIBE Yutaka
40a914a2e3 SCD: Support fixed length PIN input for keypad.
* scd/iso7816.h (struct pininfo_s): Remove MODE and add FIXEDLEN.
* scd/app-dinsig.c (verify_pin): Initialize FIXEDLEN to unknown.
* scd/app-nks.c (verify_pin): Likewise.
* scd/app-openpgp.c (verify_a_chv, verify_chv3, do_change_pin):
Likewise.
* scd/apdu.c (check_pcsc_keypad): Add comment.
(pcsc_keypad_verify, pcsc_keypad_modify): PC/SC driver only support
readers with the feature of variable length input (yet).
(apdu_check_keypad): Set FIXEDLEN.
* scd/ccid-driver.c (ccid_transceive_secure): Add GEMPC_PINPAD
specific settings.
Support fixed length PIN input for keypad.
2013-02-05 13:37:06 +09:00
NIIBE Yutaka
b526f6e223 SCD: API cleanup for keypad handling.
* scd/iso7816.h (struct pininfo_s): Rename from iso7816_pininfo_s.
Change meaning of MODE.
(pininfo_t): Rename from iso7816_pininfo_t.
* scd/sc-copykeys.c: Include "iso7816.h".
* scd/scdaemon.c, scd/command.c: Likewise.
* scd/ccid-driver.c: Include "scdaemon.h" and "iso7816.h".
(ccid_transceive_secure): Follow the change of PININFO_T.
* scd/app.c: Include "apdu.h" after "iso7816.h".
* scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp)
(iso7816_change_reference_data_kp): Follow the change of API.
* scd/apdu.c (struct reader_table_s): Change API of CHECK_KEYPAD,
KEYPAD_VERIFY, KEYPAD_MODIFY to have arg of PININFO_T.
(check_pcsc_keypad, check_ccid_keypad): Likewise.
(apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify): Likewise.
(pcsc_keypad_verify, pcsc_keypad_modify, ct_send_apdu)
(pcsc_send_apdu_direct,  pcsc_send_apdu_wrapped, pcsc_send_apdu)
(send_apdu_ccid, ccid_keypad_operation, my_rapdu_send_apdu, send_apdu)
(send_le): Follow the change of API.
* scd/apdu.h (apdu_check_keypad, apdu_keypad_verify)
(apdu_keypad_modify): Change the API.
* scd/app-dinsig.c, scd/app-nks.c, scd/app-openpgp.c: Follow the
change.
2013-02-05 13:37:06 +09:00
NIIBE Yutaka
e7dca3e83e SCD: Fix the process of writing key or generating key.
* scd/app-openpgp.c (store_fpr): Flush KEY-FPR and KEY-TIME.
2012-12-13 13:44:43 +09:00
Werner Koch
905b6a36d3 Allow decryption with card keys > 3072 bits
* scd/command.c (MAXLEN_SETDATA): New.
(cmd_setdata): Add option --append.
* agent/call-scd.c (agent_card_pkdecrypt): Use new option for long
data.

* scd/app-openpgp.c (struct app_local_s): Add field manufacturer.
(app_select_openpgp): Store manufacturer.
(do_decipher): Print a note for broken cards.

--

Please note that I was not able to run a full test because I only have
broken cards (S/N < 346) available.
2012-11-06 14:48:06 +01:00
David Prévot
94e663885b Actually show translators comments in PO files
--
2012-08-24 09:42:31 +02:00
Werner Koch
096e7457ec Change all quotes in strings and comments to the new GNU standard.
The asymmetric quotes used by GNU in the past (`...') don't render
nicely on modern systems.  We now use two \x27 characters ('...').

The proper solution would be to use the correct Unicode symmetric
quotes here.  However this has the disadvantage that the system
requires Unicode support.  We don't want that today.  If Unicode is
available a generated po file can be used to output proper quotes.  A
simple sed script like the one used for en@quote is sufficient to
change them.

The changes have been done by applying

  sed -i "s/\`\([^'\`]*\)'/'\1'/g"

to most files and fixing obvious problems by hand.  The msgid strings in
the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
NIIBE Yutaka
bf37c32367 Fix pinpad input support for passphrase modification.
* apdu.c (pcsc_keypad_verify): Have dummy Lc field with value 0.
(pcsc_keypad_modify): Likewise.
(pcsc_keypad_modify): It's only for ISO7816_CHANGE_REFERENCE_DATA.
bConfirmPIN value is determined by the parameter p0.

* app-openpgp.c (do_change_pin): The flag use_keypad should be 0 when
reset_mode is on, or resetcode is on.  use_keypad only makes sense for
iso7816_change_reference_data_kp.

* iso7816.h (iso7816_put_data_kp): Remove.
(iso7816_reset_retry_counter_kp): Remove.
(iso7816_reset_retry_counter_with_rc_kp): Remove.
(iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.

* iso7816.c (iso7816_put_data_kp): Remove.
(iso7816_reset_retry_counter_kp): Remove.
(iso7816_reset_retry_counter_with_rc_kp): Remove.
(iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.
2011-12-02 13:57:12 +09:00
NIIBE Yutaka
2c5d021912 Fix pinpad input support 2011-12-01 11:09:51 +09:00
NIIBE Yutaka
5a62b0d6ee PC/SC pinpad support (pinpad input for modify pass phrase with resetcode, by admin). 2011-11-29 17:56:22 +09:00
NIIBE Yutaka
57d4f7fae1 PC/SC pinpad support (pinpad input for modify pass phrase). 2011-11-29 11:59:32 +09:00
NIIBE Yutaka
26b4a012e3 PC/SC pinpad support.
Before this change, it is layered like following:

	iso7816_verify
        iso7816_verify_kp
	apdu_send_simple, apdu_send_simple_kp
	...

After this change, it will be layered like:

	iso7816_verify      iso7816_verify_kp
        apdu_send_simple    apdu_keypad_verify
	...

and apdu_send_simple_kp will be deprecated.

For PC/SC API, we use:
  SCardControl API to compose CCID PC_to_RDR_Secure message
  SCardTransmit API to compose CCID PC_to_RDR_XfrBlock message

Considering the support of PC/SC, we have nothing to share between _kp
version of iso7816_* and no _kp version.
2011-11-28 16:16:38 +09:00
Werner Koch
14e0b60efd Adjust for signed integer passed to OpenPGP card decrypt. 2011-08-08 10:44:03 +02:00
Werner Koch
37228cfa05 Allow generation of card keys up to 4096 bit.
This patch implementes a chunk mode to pass the key parameters from
scdaemon to gpg.  This allows to pass arbitrary long key paremeters;
it is used for keys larger than 3072 bit.

Note: the card key generation in gpg is currently broken.  The keys
are generated but it is not possible to create the self-signature
because at that time the gpg-agent does not yet know about the new
keys and thus can't divert the sign request to the card.  We either
need to run the learn command right after calling agent_scd_genkey or
implement a way to sign using the currently inserted card.  Another
option would be to get rid of agent_scd_genkey and implement the
feature directly in agent_genkey.
2011-06-16 14:27:33 +02:00
Werner Koch
b008274afd Nuked almost all trailing white space.
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces.  In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much.  For future commits the pre-commit scripts
checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Werner Koch
6872919efe Fix a signing problem with the card 2010-10-18 12:59:19 +00:00
Werner Koch
983f91937c Fix for extended length Le in decipher 2009-09-03 10:57:23 +00:00
Werner Koch
e57d2a8630 Ask for the keysize when generating a new card key. 2009-08-05 11:24:43 +00:00