security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-09 21:28:51 +01:00
Code Activity
10,521 Commits 101 Branches 306 Tags 73 MiB
9aa6faaf10
Commit Graph

61 Commits

Author SHA1 Message Date
Werner Koch
53beea56af
scd: Implement RSA signing for PIV cards. 
* scd/app-piv.c (concat_tlv_list): New.
(get_key_algorithm_by_dobj): Rename args for clarity.
(do_auth): factor all code out to ...
(do_sign): new.  Implement RSA signing.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2019-02-08 17:03:32 +01:00
Werner Koch
b349adc5c0
scd: Allow generating ECC curves on PIV cards. 
* scd/app-piv.c (genkey_parse_ecc): New.
(get_keygrip_by_tag): Call that one.
(do_readkey): Call that one.
* scd/command.c (cmd_genkey): Add option --algo.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2019-02-08 11:53:34 +01:00
Werner Koch
5bf1212000
scd: Store a new PIV public key in the certificate DO. 
* scd/app-piv.c (struct genkey_result_s): Remove type and all users.
(send_keypair_and_cert_info): Print certinfo only if we got a cert..
(readcert_by_tag): Add arg r_mechanism and implement reading of public
keys.
(get_keygrip_by_tag): Use a public key to compute the keygrip.
(do_readcert): Make sure to only return a certificate.
(do_readkey): Read public key from the DO if a certificate is missing.
(get_key_algorithm_by_dobj): Get the algorithm also from a public key.
(does_key_exist): String changes.
(do_genkey): Remove result caching and store public key in the DO.
--

This removes the result cache and instead stores the public key in the
certificate object.  This allows to properly list public keys at any
time after generating a key and before a new certificate is stored
there.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2019-02-07 16:14:09 +01:00
Werner Koch
fcec5b40e5
card: Support reading and writing PIV certificates 
* scd/app-piv.c (add_tlv): New.
(put_data): New.
(do_writecert): New.
(do_setattr): Remove usused special mode 0.
* tools/gpg-card-tool.c (cmd_writecert): Allow other cards than
OPENPGP.
(cmd_readcert): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2019-02-07 11:05:22 +01:00
Werner Koch
b5b1f72158
scd: Add genkey command to app-piv (rsa-only) 
* scd/app-piv.c (struct genkey_result_s): new.
(struct app_local_s): add member genkey_results.
(do_deinit): Free that one.
(flush_cached_data): Extend to delete all items.
(keyref_from_dobj): New.
(do_readkey): New.
(do_auth): Use keyref_from_dobj.
(does_key_exist): New.
(genkey_parse_rsa): New.
(do_genkey): New.
--

We need to extend the GENKEY in command.c to support other algos.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2019-02-06 20:47:07 +01:00
Werner Koch
e9e876cb55
scd: Implement PIN changing and unblocking for PIV cards. 
* scd/app-piv.c: Some refactoring
(do_change_chv): Implement.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2019-02-06 09:46:23 +01:00
Werner Koch
1d57450f3e
scd: Add DES authentication for PIV card. 
* scd/app-piv.c (flush_cached_data): New.
(auth_adm_key): New.
(set_adm_key): New.
(do_setattr): New.
* scd/command.c (MAXLEN_SETATTRDATA): New.
(cmd_setattr): Add an inquire option.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2019-01-31 14:26:17 +01:00
Werner Koch
79bed504e5
card: Support factory reset for Yubikey PIV application. 
* scd/app-common.h (struct app_ctx_s): Add field cardtype.
* scd/app.c (app_new_register): Set cardtype for yubikey.
(app_getattr): Add CARDTYPE.
(app_write_learn_status): Emit new attribute.
* scd/app-piv.c (do_getattr): Add CHV-USAGE.
(do_learn_status): Emit it.
* tools/card-tool.h (struct card_info_s): Add field cardtype.
* tools/card-call-scd.c (learn_status_cb): Parse "CARDTYPE".

* tools/gpg-card-tool.c (list_piv): Print PIN usage policy.
(list_card): Print card type.
(cmd_factoryreset): Implement for Yubikey with PIV.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2019-01-29 13:46:52 +01:00
Werner Koch
9325c92284
card: Print keyinfo for PIV cards. 
* scd/app-piv.c (do_learn_status): Print CHV-STATUS.
* tools/card-tool.h (struct card_info_s): Rename chvretry to chvinfo.
* tools/card-call-scd.c (learn_status_cb): Depend CHV-STATUS on app
type.
* tools/gpg-card-tool.c (list_piv): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2019-01-29 09:32:20 +01:00
Werner Koch
fa9d703de5
scd: Support CHV-STATUS and CHECKPIN for PIV. 
* scd/app-piv.c (parse_pin_keyref): New.
(get_chv_status): New.
(do_getattr): Add name CHV-STATUS.
(verify_pin): Add arg keyref to support other PINs.
(do_change_pin): New.  Right now limited to --clear.
(do_check_pin): New.
(app_select_piv): Register new commands.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2019-01-21 15:01:45 +01:00
Werner Koch
ec56996029
scd: Add very basic support for PIV cards. 
* scd/app-piv.c: New.
* scd/Makefile.am (card_apps): Add app-piv.c
* scd/app.c (app_new_register): Try to get a Yubikey serial number.
Detect the PIV application.
(get_supported_applications): Add "piv".
--

Right now this allows the use of the authentication key (9A) for SSH
authentication.  More support will follow soon.

Tested with Yubikey-5.
 2019-01-20 11:45:57 +01:00