* scd/app-openpgp.c (parse_algorithm_attribute): Return the error.
(change_keyattr): Follow the change.
(app_select_openpgp): Handle the error of parse_algorithm_attribute.
--
Backport master commit of:
53eddf9b9ea01210f71b851b5cb92a5f1cdb6f7d
This change allows following invocation of app_select_openpgp, which
may work well (if the problem is device side for initial connection).
GnuPG-bug-id: 5963
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/apdu.c (all_zero_p): New.
(send_le): Use it.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 9b6f574928546e6905a92c3e74d72478f1585c66)
* scd/app-p15.c (any_control_or_space_mem): New.
(get_dispserialno): Add new code.
--
This works with my test cards and now reflects what's printed on the
front matter of the card.
* scd/app-p15.c (readcert_by_cdf): Do not use extended mode if the CDF
object has no length info. Add debug output when reading a cert.
(read_p15_info): No more need to disable extended mode for GeNUA cards.
* scd/scdaemon.c (debug_flags): Add "card".
* scd/scdaemon.h (DBG_CARD_VALUE, DBG_CARD): New.
--
Some information from parsing the card are often very helpful.
However, the card_io triggered APDU dumps are in most cases too heavy.
Thus this new debug flag.
* scd/ccid-driver.c (ccid_dev_scan): Use loop var and not the count.
--
Due to an assignment out of bounds this might lead to a crash if there
are more than 15 readers. In any case it fixes a memory leak.
Kudos to the friendly auditor who found that bug.
Fixes-commit: 8a41e73c31adb86d4a7dca4da695e5ad1347811f
* scd/app-p15.c (CARD_PRODUCT_GENUA): New.
(cardproduct2str): Add it.
(read_p15_info): Detect and set GENUA
(make_pin_prompt): Take holder string from the AODF.
* scd/app-p15.c (auth_type_t): New.
(struct aodf_object_s): Add field auth_type.
(read_ef_aodf): Distinguish between pin and authkey types. Include
the authtype in the verbose mode diags.
--
Note that the bulk of changes are just indentation changes. There
should be no functional change.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e387cc97c82313457e4f79729a137e5871891bc1)
* scd/app-p15.c (CARD_TYPE_AET): New.
(cardtype2str): Add string.
(card_atr_list): Add corresponding ATR.
(app_local_s): New flag no_extended_mode. Turn two other flags into
bit flags.
(select_ef_by_path): Hack to handle the 3FFF thing.
(readcert_by_cdf): Do not use extended mode for AET.
(app_select_p15): Set no_extended_mode.
---
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 544ec7872aed24c296ea34fac777eca287f7bb47)
* scd/apdu.c (apdu_send_direct): Use lock_slot.
--
Cherry-pick the master commit of:
f808012ac2cf67ec563da178d963f300a7f2564d
With trylock_slot, it may return SW_HOST_BUSY. This may occur when
apdu_get_status is called by scd_update_reader_status_file.
Simply using lock_slot is much easier for user of apdu_send_direct.
GnuPG-bug-id: 5831
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--
This looks better and is also required for further simplifications of
gpgconf.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit daf5f4355db7c4203f5b7e01807956328a7d173c)
* tools/gpgconf-comp.c: Remove all regular option descriptions. They
are now read in from the component. Also remove a few meanwhile
obsolete options.
* agent/gpg-agent.c: Add option description which were only set in
gpgconf-comp.c.
* dirmngr/dirmngr.c: Ditto.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto.
* g10/gpg.c: Ditto.
--
This second part removes all regular option descriptions because they
can be read from the components. A few were missing in the components
and thus moved to there.
Signed-off-by: Werner Koch <wk@gnupg.org>
This is a backport from master (2.3).
* scd/apdu.c (select_a_reader): Only SPRx32 is in the white list.
--
GnuPG-bug-id: 5644
Fixes-commit: 752422a792cecf459b37f517d634bcf272292b14
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/apdu.c (pcsc): Add flag context_valid, remove count.
(close_pcsc_reader): Use new flag instead of looking at magic context
value.
(pcsc_init): Set new flag.
(open_pcsc_reader): Use new flag.
(apdu_init): Clear new flag.
* scd/apdu.c: Remove assert.h. Replace all assert by log_assert.
--
The previous fix 192113552faa98f40cc91fe014ec55861474626c did not
help, thus the new hypothesis is that PC/SC might return a valid
context with the value -1. We now use a dedicated flag to track the
validity of the context.
The reference counting seems to be superfluous and is a relict due to
backporting from 2.3. Removed.
* scd/apdu.c: Include membuf.h.
(pcsc): Add reader_list field.
(open_pcsc_reader): Fill that field.
(apdu_get_reader_list): New.
* scd/command.c: Remove header ccid-driver.h.
(pretty_assuan_send_data): New.
(cmd_getinfo): Print all reader names.
--
Note that depending on the card backend (ccid or PC/SC) it might be
necessary to first send a reset followed by SERIALNO to get an updated
list of reader. Or well send KILLSCD.
The pretty printing of Assuan data lines does only work if you connect
direct to scdaemon because the wrapper in gpg-agent does not know
about this and combines the Assuan lines again.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/apdu.c (close_pcsc_reader): Don't ref-count if the context is
invalid.
(open_pcsc_reader): Compare the context against -1 which is our
indicator for an invalid context.
--
I got a crash report for Windows:
DBG: chan_0x000000a4 <- RESTART
DBG: chan_0x000000a4 -> OK
DBG: chan_0x000000a4 <- SERIALNO
DBG: open_pcsc_reader(portstr=(null))
reader slot 0: not connected
DBG: open_pcsc_reader => slot=0
DBG: enter: apdu_connect: slot=0
pcsc_connect failed: invalid PC/SC error code (0x6)
reader slot 0: not connected
DBG: leave: apdu_connect => sw=0x1000b
DBG: enter: apdu_close_reader: slot=0
DBG: enter: apdu_disconnect: slot=0
DBG: leave: apdu_disconnect => sw=0x0
Ohhhh jeeee: Assertion "pcsc.count > 0" in
close_pcsc_reader failed (...2.2.28/scd/apdu.c:817)
no smartcard reader was connected but the box might sport a virtual
reader. This patch should make it more robust.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/ccid-driver.c (abort_cmd): Add INIT argument to support
synchronize until success, even ignoring timeout.
(bulk_in): Normal use case of abort_cmd.
(ccid_vendor_specific_init): Initial use case of abort_cmd.
--
Another backport to stabilize SCM SPR332/SPR532 card reader.
GnuPG-bug-id: 5297
Backport-master-commit: a9aa30ed2c2c399c2baa6a5aa2624d8fdee6286f
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/iso7816.c (map_sw): Recognize 6A86.
--
Yubikey NEO does not support the YK4_GET_CAPA command (001D000000),
and it will be screwed up with the command.
GnuPG-bug-id: 5487
Back-port-master-commit: 13bc0431ff1ce51246694208df611cc4561fb4b3
Fixes-commit: ec56996029d95d4bd26e1badfe207232270c6247
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/app-p15.c (send_certinfo): free labelbuf
(do_sign): goto leave instead of return
* scd/command.c (cmd_genkey): goto leave instead of return
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
GnuPG-bug-id: 5393
Modifified for this backport:
* scd/command.c (cmd_genkey): Make it easier to read by replacing
keyno with orig_line.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/apdu.c (pcsc): New variable.
(struct reader_table_s): Remove pcsc.context from member.
(pcsc_get_status, connect_pcsc_card): Use pcsc.context.
(close_pcsc_reader): Release pcsc.context here with reference count.
(apdu_open_one_reader): Move API loading to ...
(pcsc_init): new.
(apdu_open_one_reader): Remove.
(apdu_open_reader): Call open_pcsc_reader instead of
apdu_open_one_reader.
(open_pcsc_reader): Call pcsc_init if needed. Call close_pcsc_reader
instead of pcsc_release_context. Make reader parsing more robust.
(apdu_init): Initialize pcsc.count and pcsc.context.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Backported-from-master: 1080e91efd60cb41c2d6dbafaee810e5967a3161)
The backport also adds some other chnages as described above.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/apdu.c (pcsc_cancel): New.
(pcsc_init): Load new function.
(connect_pcsc_card): Use it after a removed card error.
--
Backported-from-master: 8d81fd7c01e8dfacc719ff190f8e364014e32fdf
* scd/command.c (do_readkey): Implement this.
* scd/app-help.c (app_help_get_keygrip_string_pk): Make HEXKEYGRIP
parm optional. Add arg R_ALGOSTR.
--
This patch basically mimics what we do in 2.3.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/scdaemon.h (opt): Add field opcsc_shared.
* scd/scdaemon.c (opcscShared): New.
(opts): Add "--pcsc-shared".
(main): Set flag.
* scd/apdu.c (connect_pcsc_card): Use it.
(pcsc_get_status): Take flag in account.
* scd/app-openpgp.c (verify_chv2): Do not auto verify chv1 in shared
mode.
--
This option should in general not be used. The patch tries to limit
bad effects but using shared mode is somewhat dangerous depending on
the other PC/SC users.
(cherry picked from commit 5732e7a8e97cebf8e850c472e644e2a9b040836f)
* scd/app-help.c (app_help_pubkey_from_cert): New. Taken from 2.3.
* scd/command.c (cmd_readkey): Rewrite using new helper.
--
Actually the readkey functions needs to return the uncompressed points
but if there is no readkey function, like in app-p15.c, readcert is
used and here we need to extract and the key and uncompress the point.
Noet that the --advanced flag did not and still does not work if the
key is fetched via readcert.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
This reflects the state of
commit 1f846823b397d68eaa8a31422f78c99f8e9ff738
featuring these commits:
1f846823b scd:p15: Fix the name of a card.
cc5aa68b6 scd:p15: Fix last commit and improve D-TRUST detection.
21e3f750b scd:p15: Shorten the displayed s/n of RSCS cards
30f90fc85 scd:p15: Support attribute KEY-FPR.
ecb9265b8 scd:p15: Match private keys with certificates also by ...
e17d3f866 scd:p15: New flag APP_LEARN_FLAG_REREAD.
1c16878ef scd: Replace all assert macros by the log_assert macro.
7f9126363 scd:p15: Return labels for keys and certificates.
651c07a73 scd:p15: For CardOS make use of ISO7816_VERIFY_NOT_NEEDED.
de4d3c99a scd:p15: Return the creation time of the keys.
592f48011 scd:p15: Make RSA with SHA512 work with CardOS.
a494b29af scd:p15: Support ECDSA and ECDH for CardOS.
964363e78 scd:p15: Make $SIGNKEY et al determination more fault ...
85082a83c scd:p15: Allow to use an auth object label with cmd CHECKPIN.
ef29a960b scd:p15: New attribute CHV-LABEL.
bf1d7bc36 scd:p15: Implement CHV-STATUS attribute
0f191a070 scd:p15: Fix faulty removal of a test code change.
08b5ac492 scd:p15: Support special extended usage flags for OpenPGP ...
d51a5ca10 scd:p15: Read out the access flags.
cfdaf2bcc scd:p15: Get the label value of all objects for better diag...
33aaa37e5 scd:p15: Make it code work again for D-Trust cards.
488eaedc9 scd:p15: Extract extended usage flagsand act upon them.
0c080ed57 scd:p15: Read PuKDF and minor refactoring.
1e197c29e scd:p15: Make file selection more robust.
5bcbc8cee scd:p15: Factor the commonKeyAttributes parser out.
fb84674d6 scd:p15: Factor the commonObjectAttributes parser out.
fc287c055 scd:p15: First step towards real CardOS 5 support.
60499d989 scd:p15: Show the ATR as part of the TokenInfo diagnostics.
00037f499 scd:p15: Print the internal card type.
c7b9a4ee4 scd:p15: Improve support for some CardOS based cards.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c (openpgp_curve_to_oid): Add optional arg R_NBITS.
Change all callers.
--
In particular for ed25519 and cv25519 it is quite useful to have an
ability to get the required algorithm.
(cherry picked from commit 24095101a5069f15a9aea7512498ac436a76814a)