1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

205 Commits

Author SHA1 Message Date
NIIBE Yutaka
e285b1197b scd: Fix condition for C5 data object for newer Yubikey.
* scd/app-openpgp.c (compare_fingerprint): Relax the condition.

--

Cherry-picked from master commit of:
	f3df8dbb696fed192501fa7f741c2e0e0936a3d5

GnuPG-bug-id: 4957
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-29 11:21:01 +09:00
Werner Koch
c6324ee07a
common: Change argument order of log_printhex.
* common/logging.c (log_printhex): Chnage order of args.  Make it
printf alike.  Change all callers.
* configure.ac: Add -Wno-format-zero-length
--

This makes it consistent with modern libgpgrt logging and thus eases
back porting from newer GnuPG versions which use libgpgrt logging.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-12 18:51:47 +02:00
Werner Koch
431b3e68e0
scd:openpgp: New attribute "MANUFACTURER".
* scd/app-openpgp.c (get_manufacturer): New..
(do_getattr): Add new attribute "MANUFACTURER".
(do_learn_status): Always print it.
--

This will make it easy to maintain the list of OpenPGP vendors at just
one place.

Signed-off-by: Werner Koch <wk@gnupg.org>

Backported from master:

.. or well in master and 2.2

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-15 15:16:05 +02:00
NIIBE Yutaka
133248b297
scd: Fix pinpad handling when KDF enabled.
* scd/app-openpgp.c (do_getattr): Send the KDF DO information.

--

Fixes-commit: 95c7498b76231d3297541172d878f6a26702539b
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 11da441016222337284c519ff56aca34e3042373)
2020-03-18 16:05:20 +01:00
NIIBE Yutaka
b27e20a95c
scd: Disable pinpad if it's impossible by KDF DO.
* scd/app-openpgp.c (struct app_local_s): Add pinpad.disabled field.
(do_getattr): Set pinpad.disabled field.
(check_pinpad_request): Use the pinpad.disabled field.
(do_setattr): Update pinpad.disabled field.

--

GnuPG-bug-id: 4832
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 95c7498b76231d3297541172d878f6a26702539b)
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-18 16:02:32 +01:00
Werner Koch
6f67abcc03
scd:openpgp: Extend keypairinfo with usage flags.
* scd/app-openpgp.c (send_keypair_info): Return usage.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-21 13:59:18 +02:00
Werner Koch
23784f8bf0
scd: New standard attributes $ENCRKEYID and $SIGNKEYID.
* g10/call-agent.c (agent_scd_keypairinfo): Use --keypairinfo.
* sm/call-agent.c (gpgsm_agent_scd_keypairinfo): Ditto.
* scd/app-openpgp.c (do_getattr): Add attributes "$ENCRKEYID" and
"$SIGNKEYID".
* scd/app-nks.c (do_getattr): Add attributes too.
--

We already have $AUTHKEYID to locate the keyref of the key to be used
with ssh.  It will also be useful to have default keyref for
encryption and signing.  For example, this will allow us to replace
the use of "OPENPGP.2" by a app type specific keyref.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 2b1135cf920cf3d863813d60f032d476dcccfb58)

Removed changes for the non-existing app-piv.c.
Added support for NKS.
2019-08-21 11:00:18 +02:00
Werner Koch
d410b5f930
gpg: Repurpose the ISO defined DO "sex" to "salutation".
* g10/card-util.c (current_card_status): String changes.
(change_sex): Description change.
(cmds): Add "salutation"; keep "sex" as an alias.
--

Note that we can't change the used values or tags but at least the UI
should show reflect the real purpose of the field.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 166f3f9ec40888e10cb0c51017944bfc57503fc1)
2019-08-21 10:00:55 +02:00
Daniel Kahn Gillmor
520f5d70e4 spelling: Fix "synchronize"
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-06-23 20:17:47 -04:00
NIIBE Yutaka
38c2a9a644
g10: Fix symmetric cipher algo constant for ECDH.
* g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for
ECC strength 384, according to RFC-6637.

--

Reported-by: Trevor Bentley
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit af3efd149f555d36a455cb2ea311ff81caf5124c)
2019-03-27 12:29:45 +01:00
Werner Koch
e7eafe1019
scd: Fix flushing of CA-FPR data objects
* scd/app-openpgp.c (do_setattr): Add new table item to flush a
different tag.

--

For whatever reasons the OpenPGP card reads the 3 CA fingerprints from
one object but sets them individually using 3 different tags.  The
cache flushing was not prepared for this and so a changed CA
fingerprint showed only up after a card reset.  This patch fixes it.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit c9f4c1f0de06672c6ae2b793d86cc001d131f9a6)

Fixed conflict by removing the UIF-* entries from the table.
2019-03-07 10:39:46 +01:00
Werner Koch
14816c7980
scd: Make app_genkey and supporting ISO function more flexible.
* scd/app.c (app_genkey): Add arg keytype.
* scd/app-common.h (struct app_ctx_s): Fitto for the genkey member.
* scd/command.c (cmd_genkey): Adjust for change.
* scd/iso7816.c (do_generate_keypair): Replace arg read_only by new
args p1 and p2.
(iso7816_read_public_key): Adjust for this.
(iso7816_generate_keypair): Add new args p1 and p2.
* scd/app-openpgp.c (do_genkey): Adjust for changes.
--

The OpenPGP card creates keys according to parameters read from a data
object.  Other cards we are about to implement require a direct
specification of the requested keytype.  This patch implements the
required changes.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 9a9cb0257aebb1480b999fdf9d90904083eb8e3c)
2019-02-11 10:59:32 +01:00
Werner Koch
6651a0640d
scd: Allow standard keyref scheme for app-openpgp.
* scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with
"OPENPGP."
--

The generic keyref allows for better error detection in case a keyref
is send to a wrong card.  This has been taken from master commit
3231ecdafd71ac47b734469b07170756979ede72 which has additional changed
for gpg-card-tool, which is only available there.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-02-11 10:59:22 +01:00
Werner Koch
d4082ff430
scd: Add option --clear to PASSWD.
* scd/command.c (cmd_passwd): Add option --clear.
(send_status_printf): New.
* scd/app-common.h (APP_CHANGE_FLAG_CLEAR): New.
* scd/app-nks.c (do_change_pin): Return an error if that option is
used.
* scd/app-openpgp.c (do_change_pin): Ditto.
--

Card application may support this option to clear the PIN verification
status of a specific PIN.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 29929e65521279eabc98a67c766fe485057405a9)
2019-01-22 10:14:55 +01:00
NIIBE Yutaka
d4bc805152 scd: Make "learn" report about KDF data object.
* scd/app-openpgp.c (do_learn_status): Report KDF attr.
* g10/card-util.c (current_card_status): Output KDF for with_colons.

--

Backport of master commit: 05d163aebc04db109ec5e004eb04a4b3796f6421
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-12-06 17:11:55 +09:00
NIIBE Yutaka
7e2b0488d1 scd: Fix signing authentication status.
* scd/app-openpgp.c (do_sign): Clear DID_CHV1 after signing.

--

Cherry-picked from master commit of:
	78f542e1f4495195db2e668f9cd41657fb1afc77

We have a corner case: In "not forced" situation and authenticated,
and it is changed to "forced", card implementaiton can actually accept
signing, but GnuPG requires authentication, because it is "forced".

GnuPG-bug-id: 4177
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-10-15 11:20:47 +09:00
NIIBE Yutaka
cb1731c23c scd: Writing KDF resets auth state.
* scd/app-openpgp.c (do_setattr): Clear auth state.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-04-03 20:30:29 +09:00
NIIBE Yutaka
0c097575a9 g10,scd: Support single salt for KDF data object.
* g10/card-util.c (gen_kdf_data): Support single salt.
(kdf_setup): Can have argument for single salt.
* scd/app-openpgp.c (pin2hash_if_kdf): Support single salt.

--

Gnuk has "admin-less" mode.  To support "admin-less" mode with KDF
feature, salt should be same for user and admin.  Thus, I introduce a
valid use of single salt.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-30 12:48:04 +09:00
NIIBE Yutaka
2969271876 scd: Support changing key attribute back to RSA.
* scd/app-openpgp.c (change_rsa_keyattr): Try usual RSA.

--

In the OpenPGP card specification, there are multiple options to
support RSA (having P and Q or not, etc.), and it is implementation
dependent.  Since GnuPG doesn't have knowledge which card
implementation support which option and there is no way (yet) for card
to express itself which key attributes are supported, we haven't
supported key attribute change back to RSA.  But, many card
implementation uses P and Q, try this option.  If other cases,
factory-reset would be easier option.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-30 09:59:09 +09:00
NIIBE Yutaka
0152ba7c98 scd: Support KDF DO setup.
* g10/call-agent.c (learn_status_cb): Parse the capability for KDF.
* g10/card-util.c (gen_kdf_data, kdf_setup): New.
(card_edit): New admin command cmdKDFSETUP to call kdf_setup.
* scd/app-openpgp.c (do_getattr): Emit KDF capability.

--

GnuPG-bug-id: 3823
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-22 15:50:31 +09:00
Arnaud Fontaine
25f3b69129 scd: Improve KDF-DO support
* scd/app-openpgp.c (pin2hash_if_kdf): Check the content of KDF DO.

--

Length check added by gniibe.

Signed-off-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
2018-02-13 09:28:13 +09:00
NIIBE Yutaka
0a3bec2c25 scd: Fix handling for Data Object with no data.
* scd/app-openpgp.c (get_cached_data): Return NULL for Data Object
with no data.

--

When GET_DATA returns no data with success (90 00), this routine
firstly returned buffer with length zero, and secondly (with cache)
returned NULL, which is inconsistent.  Now, it returns NULL for both
cases.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-02-12 18:56:58 +09:00
NIIBE Yutaka
91303b7df9 scd: Support KDF Data Object of OpenPGPcard V3.3.
* scd/app-openpgp.c (do_getattr, do_setattr): Add KDF support.
(pin2hash_if_kdf): New.
(verify_a_chv): Add PINLEN arg.  Use pin2hash_if_kdf.
(verify_chv2, do_sign): Follow the change of verify_a_chv.
(verify_chv3, do_change_pin): Use pin2hash_if_kdf.

--

GnuPG-bug-id: 3152
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-01-22 19:46:14 +09:00
NIIBE Yutaka
827abe01a7
scd: Fix for large ECC keys.
* scd/app-openpgp.c (do_decipher): Support larger length.

--

Reported-by: Achim Pietig <achim@pietig.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-09-11 11:39:14 +02:00
Werner Koch
45d5f5800a
scd: Convey the correct length for Le
* scd/app-openpgp.c (determine_rsa_response): Round bits up.
--

Co-authored-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>

Arnaud wrote:

  Actually, when the incorrect expected response length (i.e. Le
  field) is transmitted to the card, the card's answer is missing a
  byte (i.e. ...  6101) so an additional command has to be sent to the
  card to retrieve the last byte. Using the correct length avoids to
  send the additional command to retrieve the missing byte, when the
  computed length is wrong.

Note that an value of 65537 for E is pretty standard and thus we can
avoid the 6101 return code inmost cases.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-27 16:42:52 +02:00
NIIBE Yutaka
45e40487fb scd: Use unsigned int for fields.
* scd/app-openpgp.c (data_objects): Use unsigned ints.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-24 16:10:22 +09:00
NIIBE Yutaka
892e86b0dc scd: Add debug message for v3 card.
* scd/app-openpgp.c (show_caps): Output more messages.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-21 11:21:19 +09:00
NIIBE Yutaka
69614d5501 scd: Support longer data length for special DOs for v3 card.
* scd/app-openpgp.c (data_objects): Special DOs like "Login Data",
"URL", "Private DO N" can be longer size >= 256.
(struct app_local_s): Define bits for v3 card.
(get_cached_data): Use extcap.max_special_do for special DOs.
(app_select_openpgp): Detect if extcap_v3, kdf_do, and other bits.

--

GnuPG-bug-id: 3262
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-20 17:27:21 +09:00
NIIBE Yutaka
5c8fe54809 Spelling fixes in docs and comments.
--

In addition, fix trailing spaces in tests/inittests.

GnuPG-bug-id: 3121
Reported-by: ka7 (klemens)
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-28 10:06:33 +09:00
NIIBE Yutaka
70aca95d68 Remove -I option to common.
* dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
* g10/Makefile.am (AM_CPPFLAGS): Ditto.
* g13/Makefile.am (AM_CPPFLAGS): Ditto.
* kbx/Makefile.am (AM_CPPFLAGS): Ditto.
* scd/Makefile.am (AM_CPPFLAGS): Ditto.
* sm/Makefile.am (AM_CPPFLAGS): Ditto.
* tools/Makefile.am (AM_CPPFLAGS): Ditto.
* Throughout: Follow the change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 20:25:54 +09:00
NIIBE Yutaka
e6ca015ae1 scd: Fix compiler warnings for app-openpgp.c.
* scd/app-openpgp.c (retrieve_key_material): Remove touching I.
(do_change_pin): Make sure going to leave if PINVALUE == 0.
(rsa_writekey): Emit simpler log.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-06 15:14:18 +09:00
Werner Koch
f98c8cb013
scd,agent: Improve the OpenPGP PIN prompt texts.
* scd/app-openpgp.c (get_prompt_info): Change texts.
* agent/call-pinentry.c (struct entry_features): New.
(getinfo_features_cb): New.
(start_pinentry): Set new fucntion as status callback.
(build_cmd_setdesc): New.  Replace all snprintf for SETDESC by this
one.
--

Suggested-by: Andre Heinecke
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-22 18:51:02 +01:00
Werner Koch
7ccabbc26a
Revert "scd: Nitpicks on the improved card prompts"
--
This reverts commit 143ca039e1e81140ae520cc1025f8e25c01acc80.

I have a more improved version in the works.
2017-02-22 18:49:43 +01:00
Andre Heinecke
143ca039e1
scd: Nitpicks on the improved card prompts
* src/app-openpgp.c (get_prompt_info): Change wording and order
slightly.

--

The word "Card" was repeated too much in the prompt and moving
signatures to the bottom results in a more consistent layout
between the prompts with signcount and the prompts without.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2017-02-22 17:11:02 +01:00
Werner Koch
e3944f34e3
scd: Improve the prompts for OpenPGP cards.
* scd/app-openpgp.c (get_disp_name): New.
(get_disp_serialno): New.
(get_prompt_info): New.
(build_enter_admin_pin_prompt): Rework the prompt texts.  Factor some
code out to ...
(get_remaining_tries): New.
(verify_a_chv): Print a remaining counter also for the standard PIN.
Rework the prompt texts.

* agent/divert-scd.c (ask_for_card): Pretty format an OpenPGP serial
no.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-22 15:48:33 +01:00
Yuri Chornoivan
24cf0606b4 Clean up word replication.
--

This fixes extra word repetitions (like "the the" or "is is") in the
code and docs.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-21 13:11:46 -05:00
NIIBE Yutaka
79cea89774 scd: Cleanup SERIALNO protocol.
* scd/app.c (app_get_serial_and_stamp): Remove.
(app_get_serialno): New.
(app_write_learn_status): Use send_status_direct.
(app_getattr): Use app_get_serialno for SERIALNO and
send with send_status_direct.
* scd/app-openpgp.c (do_getattr): Likewise.
* scd/command.c (cmd_serialno): Don't send TIMESTAMP of 0.
(cmd_learn): Likewise.  Don't inquire with TIMESTAMP of 0.

--

In the SERIALNO protocol, timestamp used to be considered, but had never
used at all.  In the new implementation, removed card/token is always
detected and connection becomes invalid, no timestamp is required any
more.  Examined scute and poldi as well for this protocol change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-01-18 16:03:47 +09:00
Werner Koch
6b84ecbf31
Replace use of variable-length-arrays.
* common/t-iobuf.c (main): Replace variable-length-array.
* g10/gpgcompose.c (mksubpkt_callback): Ditto.
(encrypted): Ditto.
* g10/t-stutter.c (log_hexdump): Ditto.
(oracle_test): Ditto.
* g10/tofu.c (get_policy): Ditto.  Use "%zu" for size_t.
* scd/app-openpgp.c (ecc_writekey): Replace variable-length-array.
Check for zero length OID_LEN.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-02 13:29:18 +01:00
Werner Koch
ce29272e24
gpg: New option --default-new-key-algo.
* common/openpgp-oid.c (openpgp_is_curve_supported): Add optional arg
R_ALGO and change all callers.
* common/util.h (GPG_ERR_UNKNOWN_FLAG): New error code.
* g10/options.h (struct opt): Add field DEF_NEW_KEY_ALGO.
* g10/gpg.c (oDefaultNewKeyAlgo): New enum.
(opts): New option "--default-new-key-algo".
(main): Set the option.
* g10/keygen.c: Remove DEFAULT_STD_ FUTURE_STD_ constants and replace
them by ...
(DEFAULT_STD_KEY_PARAM, FUTURE_STD_KEY_PARAM): new string constants.
(get_keysize_range): Remove arg R_DEF and return that value instead.
Change all callers.
(gen_rsa): Use get_keysize_range instead of the removed
DEFAULT_STD_KEYSIZE.
(parse_key_parameter_part): New function.
(parse_key_parameter_string): New function.
(quick_generate_keypair): Refactor using parse_key_parameter_string.
(generate_keypair): Ditto.
(parse_algo_usage_expire): Ditto.
--

This new option is intended to be used in the forthcoming
--set-profile command of gpgconf.  It allows to provide a gpg
configuration with custom defaults for a new key using the simple
commands which use the default algorithm set.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-02 19:47:40 +01:00
NIIBE Yutaka
b89e63e5c3 scd: Support OpenPGP card V3 for RSA.
* scd/app-openpgp.c (struct app_local_s): Remove max_cmd_data and
max_rsp_data fields as Extended Capabilities bits are different.
(get_cached_data) Use extcap.max_certlen_3.
(get_one_do): Don't use exmode=1.
(determine_rsa_response): New.
(get_public_key, do_genkey): Call determine_rsa_response.
(do_sign): Use keyattr[0].rsa.n_bits / 8, instead of max_rsp_data.
(do_auth): Use keyattr[2].rsa.n_bits / 8, instead of max_rsp_data.
(do_decipher): Likewise with Use keyattr[1].rsa.n_bits / 8.
(show_caps): Remove max_cmd_data and max_rsp_data.
(app_select_openpgp): Likewise.

--

OpenPGP card V3 had introduced incompatible change in Extended
Capabilities bits.  We can work around by this change by not
using those bits.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-11-25 16:35:15 +09:00
Werner Koch
4d7dc432b5
Change all http://www.gnu.org in license notices to https://
--
2016-11-05 12:02:19 +01:00
NIIBE Yutaka
cd00b07ec2 scd: Fix length error for READKEY.
* scd/app-openpgp.c (do_readkey): Decrement the length.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-11-04 15:34:35 +09:00
NIIBE Yutaka
f9da935c3e scd: Add --advanced option for READKEY.
* scd/command.c (cmd_readkey) : Support ADVANCED arg.
* scd/app.c (app_readcert): Add ADVANCED arg.
* scd/app-openpgp.c (do_readkey): Implement ADVANCED arg.
* scd/app-nks.c (do_readkey): Error return with GPG_ERR_NOT_SUPPORTED.

--
"SCD READKEY --advanced OPENPGP.3" returns key in advanced format.
With this suport, poldi-ctrl will be no longer needed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-11-04 13:45:57 +09:00
NIIBE Yutaka
6bbd97d6c7 scd: Add 0x41 prefix for x-coordinate only result.
* scd/app-openpgp.c (do_decipher): When it's x-coordinate only, add the
prefix 0x41.

--
Card should return fixed size bytes, either in format of
(04 || X || Y) or (X, x-coordinate only).

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-27 13:04:29 +09:00
NIIBE Yutaka
b1828c17fc scd: Use canonical curve name of libgcrypt.
* scd/app-openpgp.c (send_key_attr): Use curve instead of OID.
(ecdh_params): New.
(ecc_read_pubkey): Use ecdh_params.  Use curve name.
(ecc_writekey): Likewise.
(ecc_curve): Rename from ecc_oid.
(parse_algorithm_attribute): Use ecc_curve.
* g10/call-agent.c (learn_status_cb): Use openpgp_is_curve_supported to
intern the curve name string.
* g10/card-util.c (card_status): Conver curve name to alias for print.
--
Now, sdcaemon answer for KEY-ATTR is in the canonical curve name
instead of the alias.  Since it is used of key generation for
card encryption key with backup, it should be canonical name.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-24 11:22:44 +09:00
NIIBE Yutaka
d2653b1a6d g10,scd: Fix ECC keygen.
* g10/keygen.c (generate_keypair): For card key generation, fill
parameters by KEY-ATTR.

* scd/app-openpgp.c (ecc_read_pubkey): OID should be freed at last,
after its reference by OIDBUF is finished.
(ecc_writekey): Likewise.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 21:37:04 +09:00
NIIBE Yutaka
693e657ff0 scd: Fix segfault changing key attr.
* asc/app-openpgp.c (change_keyattr_from_string): Release after
allocated.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 16:27:46 +09:00
NIIBE Yutaka
6e85ac77af Fix use cases of snprintf.
* agent/call-pinentry.c, agent/call-scd.c, agent/command.c,
build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c,
dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c,
g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c,
sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 12:04:46 +09:00
NIIBE Yutaka
b680f79cc1 scd: GENKEY updates the public key in APP.
* scd/app-openpgp.c (rsa_read_pubkey, ecc_read_pubkey): New.
(read_public_key): New.
(get_public_key, do_genkey): Use read_public_key.

--

With this change, since GENKEY updates the public key (pk[keyno].key) in
APP, READKEY will be possible after the command even for the old
card (version <= 0x0100).

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-20 16:25:47 +09:00
NIIBE Yutaka
34439da2d6 scd: Support ECC key generation.
* scd/app-openpgp.c (get_public_key): Fix a message.
(change_keyattr_from_string, ecc_writekey): Call mpi_release sooner.
(do_genkey): Add ECC support.

--

In OpenPGP card specification 3.0, ECC is introduced.  So far, do_genkey
only supported RSA.  Since KDF spec. is needed to calculate the
fingerprint, it is hard coded in app-openpgp.c.  But it's defined by
OpenPGP ECC (RFC-6637), and card does nothing with KDF in fact.

Co-authored-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-18 22:58:00 +09:00