security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00
Code Activity
4,066 Commits 102 Branches 308 Tags 75 MiB
Commit Graph

109 Commits

Author SHA1 Message Date
Werner Koch
3627123dc8 Use inline functions to convert buffer data to scalars. 
* include/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--

This fixes sign extension on shift problems.  Hanno Böck found a case
with an invalid read due to this problem.  To fix that almost all uses
of "<< 24" and "<< 8" are changed by this patch to use an inline
function from host2net.h.

(back ported from commit 2183683bd633818dd031b090b5530951de76f392)

Signed-off-by: Werner Koch <wk@gnupg.org>
 2015-02-12 20:34:44 +01:00
Werner Koch
d92fe965f3 scd: Fix possibly inhibited checkpin of the admin pin. 
* scd/app-openpgp.c (do_check_pin): Do not check a byte of a released
buffer.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2015-01-09 09:07:28 +09:00
Joshua Rogers
40f476867c scd: fix get_public_key for OpenPGPcard v1.0. 
* scd/app-openpgp.c (get_public_key): correctly close 'fp' upon use.

--

Inside the get_public_key function, 'fp' was opened using popen, but
incorrectly closed using fclose.

Debian-Bug-Id: 773474
 2015-01-08 11:16:51 +09:00
Jonas Borgström
6acb1d06f0 scd: add support for RSA_CRT and RSA_CRT_N key import. 
* scd/app-openpgp.c (do_writekey): Added RSA_CRT and RSA_CRT_N support.

--

Updates of original patch by wk:

  -      unsigned char *rsa_u, *rsa_dp, rsa_dq;
  +      unsigned char *rsa_u, *rsa_dp, *rsa_dq;

and AUTHORS.  Missing signed-off-by assumed due to DCO send the other
day.

(cherry picked from commit cc67918c088e90c1d9a507af5f6288e8faa93d87)

Solved conflicts:
	AUTHORS => Removed
	scd/app-openpgp.c => s/.rsa.format/.format/.
 2013-08-29 18:11:01 +02:00
NIIBE Yutaka
9158f58822 scd: fix parsing login-data DO. 
* scd/app-openpgp.c (parse_login_data): Release RELPTR.  Fix parsing.

--

Signed-off-by: NIIBE Yutaka
 2013-08-27 10:28:50 +09:00
NIIBE Yutaka
c2744e97c8 scd: Rename 'keypad' to 'pinpad'. 
* NEWS: Mention scd changes.

* agent/divert-scd.c (getpin_cb): Change message.

* agent/call-scd.c (inq_needpin): Change the protocol to
POPUPPINPADPROMPT and DISMISSPINPADPROMPT.
* scd/command.c (pin_cb): Likewise.

* scd/apdu.c (struct reader_table_s): Rename member functions.
(check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify,
check_ccid_pinpad, ccid_pinpad_operation, apdu_check_pinpad
apdu_pinpad_verify, apdu_pinpad_modify): Rename.

* scd/apdu.h (SW_HOST_NO_PINPAD, apdu_check_pinpad)
(apdu_pinpad_verify, apdu_pinpad_modify): Rename.

* scd/iso7816.h (iso7816_check_pinpad): Rename.

* scd/iso7816.c (map_sw): Use SW_HOST_NO_PINPAD.
(iso7816_check_pinpad): Rename.
(iso7816_verify_kp, iso7816_change_reference_data_kp): Follow
the change.

* scd/ccid-driver.h (CCID_DRIVER_ERR_NO_PINPAD): Rename.
* scd/ccid-driver.c (ccid_transceive_secure): Use it.

* scd/app-dinsig.c (verify_pin): Follow the change.
* scd/app-nks.c (verify_pin): Follow the change.

* scd/app-openpgp.c (check_pinpad_request): Rename.
(parse_login_data, verify_a_chv, verify_chv3, do_change_pin): Follow
the change.

* scd/scdaemon.c (oDisablePinpad, oEnablePinpadVarlen): Rename.

* scd/scdaemon.h (opt): Rename to disable_pinpad,
enable_pinpad_varlen.

* tools/gpgconf-comp.c (gc_options_scdaemon): Rename to
disable-pinpad.
 2013-02-08 09:20:43 +09:00
NIIBE Yutaka
9fec82a30b scd: Fix check_keypad_request. 
* scd/app-openpgp.c (check_keypad_request): 0 means not to use pinpad.
 2013-02-05 15:01:37 +09:00
NIIBE Yutaka
031f783d8a SCD: Support P=N format for login data. 
* scd/app-openpgp.c (parse_login_data): Support P=N format.
 2013-02-05 14:14:23 +09:00
NIIBE Yutaka
1788aad9c1 SCD: Defaults to use pinpad if the reader has the capability. 
* scd/app-openpgp.c (struct app_local_s): Remove VARLEN.
(parse_login_data): "P=0" means to disable pinpad.
(check_keypad_request): Default is to use pinpad if available.
 2013-02-05 14:13:33 +09:00
NIIBE Yutaka
85bd703e78 SCD: handle keypad request on the card. 
* scd/app-openpgp.c: Add 2013.
(struct app_local_s): Add keypad structure.
(parse_login_data): Add parsing keypad request on the card.
(check_keypad_request): New.
(verify_a_chv, verify_chv3, do_change_pin): Call check_keypad_request
to determine use of keypad.
 2013-02-05 14:12:58 +09:00
NIIBE Yutaka
15200f7001 SCD: Support fixed length PIN input for keypad. 
* scd/iso7816.h (struct pininfo_s): Remove MODE and add FIXEDLEN.
* scd/app-dinsig.c (verify_pin): Initialize FIXEDLEN to unknown.
* scd/app-nks.c (verify_pin): Likewise.
* scd/app-openpgp.c (verify_a_chv, verify_chv3, do_change_pin):
Likewise.
* scd/apdu.c (check_pcsc_keypad): Add comment.
(pcsc_keypad_verify, pcsc_keypad_modify): PC/SC driver only support
readers with the feature of variable length input (yet).
(apdu_check_keypad): Set FIXEDLEN.
* scd/ccid-driver.c (ccid_transceive_secure): Add GEMPC_PINPAD
specific settings.
Support fixed length PIN input for keypad.
 2013-02-05 14:11:19 +09:00
NIIBE Yutaka
4fe024cf33 SCD: API cleanup for keypad handling. 
* scd/iso7816.h (struct pininfo_s): Rename from iso7816_pininfo_s.
Change meaning of MODE.
(pininfo_t): Rename from iso7816_pininfo_t.
* scd/sc-copykeys.c: Include "iso7816.h".
* scd/scdaemon.c, scd/command.c: Likewise.
* scd/ccid-driver.c: Include "scdaemon.h" and "iso7816.h".
(ccid_transceive_secure): Follow the change of PININFO_T.
* scd/app.c: Include "apdu.h" after "iso7816.h".
* scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp)
(iso7816_change_reference_data_kp): Follow the change of API.
* scd/apdu.c (struct reader_table_s): Change API of CHECK_KEYPAD,
KEYPAD_VERIFY, KEYPAD_MODIFY to have arg of PININFO_T.
(check_pcsc_keypad, check_ccid_keypad): Likewise.
(apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify): Likewise.
(pcsc_keypad_verify, pcsc_keypad_modify, ct_send_apdu)
(pcsc_send_apdu_direct,  pcsc_send_apdu_wrapped, pcsc_send_apdu)
(send_apdu_ccid, ccid_keypad_operation, my_rapdu_send_apdu, send_apdu)
(send_le): Follow the change of API.
* scd/apdu.h (apdu_check_keypad, apdu_keypad_verify)
(apdu_keypad_modify): Change the API.
* scd/app-dinsig.c, scd/app-nks.c, scd/app-openpgp.c: Follow the
change.
 2013-02-05 14:09:47 +09:00
NIIBE Yutaka
3e7cc25d4a SCD: Fix the process of writing key or generating key. 
* scd/app-openpgp.c (store_fpr): Flush KEY-FPR and KEY-TIME.
 2012-12-13 13:36:23 +09:00
Werner Koch
ab4ea45f54 Allow decryption with card keys > 3072 bit 
* scd/command.c (MAXLEN_SETDATA): New.
(cmd_setdata): Add option --append.
* g10/call-agent.c (agent_scd_pkdecrypt): Use new option for long data

* scd/app-openpgp.c (struct app_local_s): Add field manufacturer.
(app_select_openpgp): Store manufacturer.
(do_decipher): Print a note for broken cards.

--

Please note that I was not able to run a full test because I only have
broken cards (S/N < 346) available.
 2012-11-06 14:39:22 +01:00
Werner Koch
c0a20d6124 Remove trailing white space from some files 
--
 2012-11-06 14:34:32 +01:00
David Prévot
bc95b35289 Actually show translators comments in PO files 2012-08-24 10:33:28 +02:00
NIIBE Yutaka
196a60078b Fix pinpad input support for passphrase modification. (backport) 
* apdu.c (pcsc_keypad_verify): Have dummy Lc field with value 0.
(pcsc_keypad_modify): Likewise.
(pcsc_keypad_modify): It's only for ISO7816_CHANGE_REFERENCE_DATA.
bConfirmPIN value is determined by the parameter p0.

* app-openpgp.c (do_change_pin): The flag use_keypad should be 0 when
reset_mode is on, or resetcode is on.  use_keypad only makes sense for
iso7816_change_reference_data_kp.

* iso7816.h (iso7816_put_data_kp): Remove.
(iso7816_reset_retry_counter_kp): Remove.
(iso7816_reset_retry_counter_with_rc_kp): Remove.
(iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.

* iso7816.c (iso7816_put_data_kp): Remove.
(iso7816_reset_retry_counter_kp): Remove.
(iso7816_reset_retry_counter_with_rc_kp): Remove.
(iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.
 2012-06-25 10:04:23 +09:00
NIIBE Yutaka
056e1329b0 scd: Fix pinpad input support (backport from master) 
* app-openpgp.c (do_change_pin): Fix pincb messages when
use_keypad == 1.
 2012-06-25 10:04:23 +09:00
NIIBE Yutaka
f98a5e8480 scd: PC/SC pinpad support (pinpad input for modify pass phrase). (backport) 
* iso7816.h (iso7816_change_reference_data_kp): Remove arguments
of OLDCHV, OLDCHVLEN, NEWCHV, and NEWCHVLEN.

* iso7816.c (iso7816_change_reference_data_kp): Call
apdu_keypad_modify.
(iso7816_change_reference_data): Don't call
iso7816_change_reference_data_kp.

* apdu.h (apdu_keypad_modify): New.

* apdu.c (pcsc_keypad_modify, apdu_keypad_modify): New.
(struct reader_table_s): New memeber function keypad_modify.
(new_reader_slot, open_ct_reader, open_ccid_reader)
(open_rapdu_reader): Initialize keypad_modify.

* app-openpgp.c (do_change_pin): Handle keypad and call
iso7816_change_reference_data_kp if it is the case.
 2012-06-25 10:04:22 +09:00
NIIBE Yutaka
c2525d507d scd: PC/SC pinpad support. (Backported from master.) 
* iso7816.h (iso7816_verify_kp): Remove arguments of CHV and CHVLEN.

* iso7816.c (iso7816_verify_kp): Call apdu_keypad_verify. Only
handle thecase with PININFO.
(iso7816_verify): Call apdu_send_simple.

* app-openpgp.c (verify_a_chv, verify_chv3): Follow the change of
iso7816_verify_kp.

* app-nks.c (verify_pin): Likewise.

* app-dinsig.c (verify_pin): Likewise.

* apdu.c: Include "iso7816.h".
(struct reader_table_s): New memeber function keypad_verify.
Add fields verify_ioctl and modify_ioctl in pcsc.
(CM_IOCTL_GET_FEATURE_REQUEST, FEATURE_VERIFY_PIN_DIRECT)
(FEATURE_MODIFY_PIN_DIRECT): New.
(pcsc_control): New.
(control_pcsc_direct, control_pcsc_wrapped, control_pcsc)
(check_pcsc_keypad, pcsc_keypad_verify): New.
(ccid_keypad_verify, apdu_keypad_verify): New.
(new_reader_slot): Initialize with check_pcsc_keypad,
pcsc_keypad_verify, verify_ioctl and modify_ioctl.
(open_ct_reader): Initialize keypad_verify with NULL.
(open_ccid_reader): Initialize keypad_verify.
(open_rapdu_reader): Initialize keypad_verify with NULL.
(apdu_open_reader): Initialize pcsc_control.

* pcsc-wrapper.c (load_pcsc_driver): Initialize pcsc_control.
(handle_control): New.
(main): Handle the case 6 of handle_control.
 2012-06-25 10:04:22 +09:00
Werner Koch
fb44677c9f Allow generation of card keys up to 4096 bit. 
This patch implementes a chunk mode to pass the key parameters from
scdaemon to gpg.  This allows to pass arbitrary long key paremeters;
it is used for keys larger than 3072 bit.
 2011-07-07 11:20:53 +02:00
Werner Koch
983f91937c Fix for extended length Le in decipher 2009-09-03 10:57:23 +00:00
Werner Koch
e57d2a8630 Ask for the keysize when generating a new card key. 2009-08-05 11:24:43 +00:00
Werner Koch
806b0acad7 Better reset the PIN verification stati after changing the key attributes. 2009-07-10 10:47:30 +00:00
Werner Koch
96abdb1386 Fix for card keys > 2048 bit. 2009-07-10 10:15:33 +00:00
Werner Koch
31084d6dc9 Support writing of existing keys with non-matching key sizes. 2009-07-09 14:54:18 +00:00
Werner Koch
d8d1ca6151 Reworked the estream memory buffer allocation. 
Committed already posted patches for the v2 card.
 2009-06-29 10:43:57 +00:00
Werner Koch
5f8acaccc0 Add readcert command. 
fix reading large certificates.
 2009-06-17 09:45:50 +00:00
Werner Koch
bdbeb0ac2b app-openpgp changes 2009-06-09 19:11:28 +00:00
Werner Koch
db47caf05b Typo fix. Updated German translation. 2009-06-08 09:11:27 +00:00
Werner Koch
e095815c4d Make PIN changing code work for v2 cards. 2009-05-20 16:12:25 +00:00
Werner Koch
c4e92c3344 Made card key generate with backup key work for 2048 bit. 
Improved card key generation prompts.
 2009-05-15 19:26:46 +00:00
Werner Koch
eeca39ae50 More support for Netkey cards. 
Small changes to teh CCID driver.
Support 2048 bit OpenPGP cards.
 2009-05-08 15:07:45 +00:00
Werner Koch
9d6a2a60c2 Prepare for OpenPGP cards with extended length support. 2009-04-01 14:38:22 +00:00
Werner Koch
98e1a75e20 Implement decryption for TCOS 3 cards. 2009-03-30 12:46:06 +00:00
Werner Koch
a3b63ac1dc Add server option with-ephemeral-keys. 
Extend SCD LEARN command.
 2009-03-18 11:18:56 +00:00
Werner Koch
1eeefbf7f7 Add new attribute KEY-ATTR. 2009-03-10 16:10:35 +00:00
Werner Koch
59d7a54e72 New PIN Callback attributes in gpg-agent. 
Common prompts for keypad and simple card reader.
More support for Netkey cards;  PIN management works now.
 2009-03-05 19:19:37 +00:00
Werner Koch
041c764672 Add option --card-timeout. 
Add a new attribyte to app-openpgp.c
Fix two portability bugs.
Have gpg-connect-agent autostart gpg-agent on W32.
 2008-12-05 12:01:01 +00:00
Werner Koch
338ddd0bb6 Use bin2hex if possible. 2008-11-03 10:54:18 +00:00
Werner Koch
0a5f742466 Marked all unused args on non-W32 platforms. 2008-10-20 13:53:23 +00:00
Werner Koch
96f16f736e Finished support for v2 cards with the exception of secure messaging. 2008-09-25 10:06:02 +00:00
Werner Koch
761e997af5 Improvements for 2k keys. 2008-09-23 15:42:11 +00:00
Werner Koch
f899b9683b Support the Certifciate DO of the v2 OpenPGP cards. 2008-09-23 09:57:45 +00:00
Moritz Schulte
72110961f1 2008-08-30 Moritz <moritz@gnu.org> 
* scdaemon.c (main): Use estream_asprintf instead of asprintf.
	* command.c (update_reader_status_file): Likewise.
	(cmd_serialno): Use estream_asprintf instead of asprintf
	and xfree instead of free to release memory allocated
	through (estream_)asprintf.
	(cmd_learn): Likewise.
	(pin_cb): Likewise.
	* app-openpgp.c (get_public_key): Likewise.
 2008-08-31 11:55:09 +00:00
Werner Koch
8e89644451 Fix new test for v2 cards. 2008-08-18 11:08:04 +00:00
Werner Koch
e27ca6e059 prompt change. 2008-07-30 10:25:18 +00:00
Werner Koch
9d5a10a453 Do not run the setuid test if running under as root proper. 
Documentation fixes.
Some enhancements for the new OpenPGP Card.
 2008-07-17 19:40:53 +00:00
Werner Koch
4817ff6528 Add support for the TCOS NullPIN feature. 2008-06-24 16:00:29 +00:00
Werner Koch
6e17d90e09 Use default PIN flag 2008-04-21 07:53:20 +00:00