--
We need to use es_fopen on Windows to cope with non-ascii file names.
This is quite a large but fortunately straightforward change. At a
very few places we keep using stdio (for example due to the use of
popen).
GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/ccid-driver.c (ccid_slot_status): Handle LIBUSB_ERROR_TIMEOUT.
--
With SPR532, at the first connection, it fails by
LIBUSB_ERROR_TIMEOUT, but no retry.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/apdu.c (struct reader_table_s): Remove is_spr532.
(pcsc_vendor_specific_init): Send the ESC command for SPR532.
(pcsc_pinpad_verify, pcsc_pinpad_modify): Remove no_lc hack.
--
The "no_lc" hack lets PC/SC-lite send the ESC command for SPR532
internally, for pcsc_pinpad_verify. However, PC/SC-lite doesn't do
that for pcsc_pinpad_modify, unfortunately. Besides, I'm not sure
this hack works on Windows, which has different implementation of
PC/SC service.
It's better to send the ESC command by the driver explicitly, at the
initialization. Sending the ESC command results PCSC_E_NOT_TRANSACTED
error when a card is not active (that is the case, usually). We
ignore this error.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/ccid-driver.c (intr_cb): Handle the case of multiple messages.
--
SPR532 USB Smart Card Reader (also know as SPR332) may send two
messages at once for a single interrupt transfer. An example transfer
observed was like: 50 03 50 02, which is considered valid, according
to the CCID specification.
GnuPG-bug-id: 5065
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/app-openpgp.c (send_keypair_info): Emit the algo string as part
of a KEYPAIRINFO.
* scd/command.c (do_readkey): Ditto.
* scd/app-piv.c (do_readkey): Ditto.
* scd/app-nks.c (do_learn_status_core): Ditto.
(struct fid_cache_s): Add field algostr.
(flush_fid_cache): Release it.
(keygripstr_from_pk_file): Fill it and add it to the cache. Use a
single exit label.
* scd/app-help.c (app_help_get_keygrip_string_pk): Add new arg
r_algostr. Change all callers.
--
This is helpful so that callers do not need to parse the key for this
basic information. Use "scd readkey --info-only" to return the info
status line instead of the key material; using just --info returns the
info in addition to the key material.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/card-util.c (kdf_setup): Fix the default value.
* scd/app-openpgp.c (do_setattr): Support kdf-setup "off" by
Zeitcontrol. Make sure Gnuk and Yubikey work well.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/app-openpgp.c (verify_chv2): Call verify_a_chv with chvno=1
when needed.
--
Confusingly, verify_chv2 has two different purposes; One for
verifying with CHV2 (in addition to CHV1), and the call by
CHECKPIN. For the latter, we should check CHV1.
Fixes-commit: af189be481df02a77e088aa0a60a1fc02dfa12bf
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/app-openpgp.c (do_setattr): Call flush_cache_item always.
--
Only it was called when there was an object with KDF_DATA_LENGTH_MAX.
No matter the VALUELEN, it should be flushed.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/app-openpgp.c (data_objects): It may be longer.
Fixes-commit: 90d0072165cc5c6888f14462392a211de0c4b232
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--
The limit on 4 readers I introduced in 2003 is too low for some of our
use cases. 16 looks better. TODO: Return a useful error message in
gpg-card if the limit has been reached.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (data_objects): 0x00FA for binary data.
(do_getattr): Parse the data and send it in status lines.
(get_algorithm_attribute_string): New.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* cd/app-openpgp.c (data_objects): Add 0x00FA.
(do_getattr): Add KEY-ATTR-INFO.
--
See the section 4.4.3.11 Algorithm Information in the OpenPGP card
functional specification version 3.4.1.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/command.c (cmd_apdu): Add new option --data-atr.
* tools/gpg-card.c (cmd_apdu): Use that here. Also fix the --exlen
option and do not print the statusword in atr mode.
* tools/card-call-scd.c (scd_apdu): Detect atr mode anddon't assume a
status word.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app.c (app_new_register): Do not use apdu_get_slot.
--
apdu_get_slot() may only be used after the APP has been initialized.
Thus we need to pass teh slot here directly.
Fixes-commit: 9f148360a2bf04672b43ef7cec48e21d44b06ae1
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-common.h (cardtype_t): Add CARDTYPE_GNUK and
CARDTYPE_ZEITCONTROL.
* scd/app.c (strcardtype): Handle CARDTYPE_GNUK and
CARDTYPE_ZEITCONTROL.
(app_new_register): Detect Gnuk and Zeit Control implementation
by examining its ATR string.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/app-openpgp.c (verify_chv2): Check availability of keys in
question.
--
With buggy Gnuk (<= 1.2.15), when no encr/auth keys are available,
it fails decrementing the signature error counter. This change
can avoid the issue.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/apdu.c (open_ccid_reader): Add arg r_cciderr.
(apdu_open_reader): Print a note on EPERM of the USB device.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/ccid-driver.h (CCID_DRIVER_ERR_USB_*): New error codes.
* scd/apdu.h: New SW_HOST error codes.
* scd/apdu.c (host_sw_string): Print them
* scd/ccid-driver.c (map_libusb_error): New.
(ccid_open_usb_reader, bulk_in, abort_cmd): Map libusb error codes.
* scd/iso7816.c (map_sw): Map new codes to gpg-error.
--
This change will help to get low level error conditions from hipher
application code.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (cmd_sethash): Add option --pss and allow for
--hash=null.
* agent/agent.h (struct server_control_s): Add digest.is_pss and
zero where needed.
* agent/pksign.c (agent_pksign_do): Allow for PSS with cards.
* scd/command.c (cmd_pksign): Add for --hash=none.
--
This is not a full implementaion of PSS but allows scdaemon card
drivers to detect already PSS formatted data.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/apdu.c (close_pcsc_reader): Unlock the reader_table_lock.
(apdu_dev_list_finish): Release the context when no readers.
--
Fixes-commit: 46d185f60397f68830bfdfb99627b29aea5016f1
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/apdu.c (close_pcsc_reader): Check if it's not in the loop.
--
GnuPG-bug-id: 4998
Reported-by: Kevin Locke
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/iso7816.c (CMD_UPDATE_BINARY): New.
(iso7816_update_binary): New.
* scd/app-nks.c (do_deinit): Factor some code out to...
(flush_fid_cache): new.
(do_writecert): New.
(app_select_nks): Register new handler.
--
This can be used with gpg-card to write the 3 extra certificates of a
Telesec TCOS Signature Card v2. The card with the qualified signature
is distributed with the keys for encryption and advanced signatures
but without the certificates. The certificates can be downloaded from
the website after an mail confirmation. Unpacked the downloaded
zipfile has these certificates:
auth_zert.crt
sig_zert.crt
enc_zert.crt
Using gpg-card issue these commands:
writecert NKS-NKS3.4531 <sig_zert.crt
writecert NKS-NKS3.45B1 <enc_zert.crt
writecert NKS-NKS3.4571 <auth_zert.crt
Don't mix that up, tight now there is no checking that the
certificates match the public key. I also need to write another patch
to actually implement signing and encryption with these nistp256
certificates.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/command.c (cmd_serialno): Set/clear card removed flags for all
connections using the current card.
--
This seems to solve the problems I had in gpg-card and ssh. I am not
sure why the old code was done this way - maybe an oversight when
adding support for multiple cards.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
Fixes-commit: 074ab108e768b2f946d789c1f3a7f14a65e07c52
which was recently pushed to make use of $SOURCE_DATE_EPOCH
as fallback.
Also fixes two typos
* scd/app-openpgp.c (do_getattr): New attrubute "UIF".
(do_learn_status): Use that.
--
Actually this is not just convenience but will make it easier to add
new keys to an openpgp card - we will need to change this only at one
place.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app.c (select_all_additional_applications_internal): Re-select
first app. Add arg 'ctrl'.
--
Usually keygrip based access to the Yubikey does a switching back and
forth and thus keeps the card and scdaemon's internal state in sync.
However, if we do only a listing scdaemon did not reselect the first
application (e.g. OpenPGP) after adding other applications (e.g. PIV)
and thus led to wrong info returned in a listing.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-nks.c (get_dispserialno): Move more to the top.
(do_getattr): Add $DISPSERIALNO and SERIALNO. Make CHV-STATUS work
with NKS15.
(verify_pin): Use dedicated min. PIN lengths.
(parse_pwidstr): Support NKS15
--
GnuPG-bug-id: 4938
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-nks.c (struct fid_cache_s): New.
(struct app_local_s): Add field 'fid_cache'.
(do_deinit): Release the cache.
(keygripstr_from_pk_file): Implement the cache.
(find_fid_by_keyref): New
(do_sign, do_decipher): Use new function.
(do_with_keygrip): New.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-nks.c: Major rework to support non-RSA cards.
--
This is a fist step so support this ECC card. The code has been
reworked while taking care that old cards should keep on working.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app.c (send_card_and_app_list): Detect no app case.
--
This is a minor nug fix to return a better error message.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-p15.c (make_pin_prompt): Factor some code out to ...
(get_dispserialno): this.
(do_getattr): Use new fucntion for a $DISPSERIALNO.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-p15.c (struct prkdf_object_s): New fields common_name and
serial_number.
(release_prkdflist): Free them.
(keygrip_from_prkdf): Parse cert and set them.
(any_control_or_space): New.
(make_pin_prompt): New.
(verify_pin): Construct a pretty PIN prompt.
(do_sign): Remove debug output.
--
The D-Trust card has the SerialNumber part of the Subject printed on
the front matter, we assume this is also possible with other cards and
thus we show this as serial number.
The holder of the card is also extracted from the card's subject.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/iso7816.c (map_sw): Detect 0x63Cn status code.
--
I really wonder when that got lost and we ended up with a simple card
error.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/iso7816.c (iso7816_select_mf): New.
* scd/app-p15.c (card_product_t): New.
(struct app_local_s): Add field 'card_product'.
(read_ef_tokeninfo): Detect D-Trust card.
(prepare_verify_pin): Switch to D-Trust AID.
(do_decipher): Restore a SE for D-TRust cards. Chnage the passing
indicator to 0x81.
--
Using what I learned from a USB trace running the Governikus Signer
Software on Windows this fixes the left over problem with the new
D-Trust card support.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (get_manufacturer): New..
(do_getattr): Add new attribute "MANUFACTURER".
(do_learn_status): Always print it.
--
This will make it easy to maintain the list of OpenPGP vendors at just
one place.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-p15.c (prepare_verify_pin): Allow use without an AODF.
(verify_pin): Ditto.
(do_with_keygrip): Implement capability restrictions.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/command.c (cmd_keyinfo): Use Gcrypt constants for CAP.
* scd/app-openpgp.c (do_with_keygrip): Adjust for them.
* scd/app-piv.c (do_with_keygrip): Ditto.
--
That makes it easier to read. An open question is whether we should
allow several capabilities and whether they are the ORed or ANDed.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-p15.c (struct prkdf_object_s): Add flag pin_verified.
(verify_pin): Make use of it.
--
Theee is still a problem with the APDUs we send: Switching between
signing and decryption does work but not in the other way.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-p15.c (do_sign): Move keygrip_from_prkdf before PIN
verification.
(do_decipher): Add keygrip_from_prkdf.
--
This is required because that function may change the current file
which is set by prepare_verify_pin right before MSE. HAs alredy been
done on the backport to 2.2
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-p15.c (do_decipher): New.
--
tested using the D-TRUSt card and a SCR3310 reader. The Kobil KAAN
Advanced, I used for the signing tests could not be used because it
supports only Short APDU Level exchange.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg
r_pkey and change all callers.
(app_help_get_keygrip_string): Ditto.
* scd/app-p15.c (struct cdf_object_s): Use bit flags
(struct aodf_object_s): Ditto. Add field 'fid'.
(struct prkdf_object_s): Ditto. Add fields keygrip, keyalgo, and
keynbits.
(parse_certid): Allow a keygrip instead of a certid aka keyref.
(read_ef_aodf): Store the FID.
(keygripstr_from_prkdf): Rename to ...
(keygrip_from_prkdf): this. Remove arg r_gripstr and implement cache.
Change callers to directly use the values from the object. Also store
the algo and length of the key ion the object.
(keyref_from_keyinfo): New. Factored out code.
(do_sign): Support SHA-256 and >2048 bit RSA keys.
(do_with_keygrip): New.
(app_select_p15): Register new function.
--
This has been tested with a D-Trust card featuring 3072 bit keys.
Note that non-repudiation key for a qualified signature does not yet
work because we do not yet support rsaPSS padding. Thus a gpgsm
--learn shows a couple of Bad Signature errors for this key.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/iso7816.c (iso7816_read_binary): Factor code out to ...
(iso7816_read_binary_ext): new function. Add arg extended_mode.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
This removes almost all log_debug calls and uses opt.verbose and
log_info to show card information. Also avoid too long and thus
harder to read lines.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-p15.c (read_ef_odf): Detect the home_DF on the fly. Silence
the garbage warning for null bytes.
(print_tokeninfo_tokenflags): New.
(read_ef_tokeninfo): Print manufacturer, label, and flags.
(app_select_p15): No need to use the app_get_slot macro.
(CARD_TYPE_CARDOS_50): New const.
(card_atr_list): Detect CardOS 5.0
--
The card under test is a "Test-Signaturkarte D-TRUST Card 3.1" for a
mere 49 Euro and no specs available. D-Trust is a branch of the
German Bundesdruckerei. Compare that to Telesec and Yubikey who have
always been nice enough to send bunches of sample cards without a need
to wade through lots of forms and not even asking for money. Guess
which cards I prefer.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (check_keyidstr): Add optional arg r_use_auth to
test also for OpenPGP.3.
(do_sign): Enable that new mode.
--
This is very useful to allow gpgsm to use a certificate based on the
OpenPGP card's authentication key. That key is usually used for ssh
but it makes sense to use it also for user certificate based
authentication.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
* tools/gpgconf-comp.c: here.
(known_options_scdaemon): Remove "options".
(known_options_dirmngr): Remove "options".
(known_options_gpgsm): Remove "options".
(known_options_gpg): Remove "options" and "keyserver".
(struct gc_option_s): Rename active t gpgconf_list.
(gc_component_list_options): Do not act upon active.
(option_check_validity): Ditto.
(is_known_option): Make it work correctly for unknown options.
(retrieve_options_from_program): Use renamed flag gpgconf_list only to
detect duplicated items from --gpgconf-list. Do not set runtime.
Only e set the options if set by --gpgconf-list; never clear them.
* agent/gpg-agent.c: Simplify the --gpgconf-list output.
* dirmngr/dirmngr.c: Ditto.
* g10/gpg.c: Ditto.
* kbx/keyboxd.c: Ditto.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto.
* tests/openpgp/gpgconf.scm: Use "compliance" instead of "keyserver"
for the string arg test.
--
There is no need to read the list of options from the components
unless they convey a default value. It is better to consult only the
list we have in gpgconf-comp.c to decide on whether an option should
be displayed. Right, this might mess up thing if a newer gpgconf
version is used with an older component, but we already print warnings
in this case and in general we do not want to support this anymore -
the times of gpg 1.4. and 2.0 are long over now.
GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf-comp.c: Remove all regular option descriptions. They
are now read in from the component. Also remove a few meanwhile
obsolete options.
* agent/gpg-agent.c: Add option description which were only set in
gpgconf-comp.c.
* dirmngr/dirmngr.c: Ditto.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto.
* g10/gpg.c: Ditto.
--
This second part removes all regular option descriptions because they
can be read from the components. A few were missing in the components
and thus moved to there.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (do_setattr): For setting KDF DO, support standard
OpenPGP card, which needs to update PIN.
GnuPG-bug-id: 3891
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/scdaemon.c: Switch to the new option parser and enable a global
conf file.
* dirmngr/dirmngr.c: Ditto.
* g13/g13.c: Ditto.
* g13/g13-syshelp.c: Ditto. Do not force verbose mode.
* dirmngr/dirmngr_ldap.c: Switch to the new option parser.
* dirmngr/dirmngr-client.c: Switch to the new option parser.
--
This finalizes the switch to the new option parser. What's left is to
remove the old argparser code from common.
g13-syshelp does not anymore default to --verbose because that can now
be enabled in /etc/gnupg/g13-syshelp.conf.
GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/util.h: Remove argparse.h.
* common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS.
* configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
* agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include
argparse.h. Do this also for all main modules which use our option
parser except for gpg. Replace calls to strusage by calls to
gpgrt_strusage everywhere.
* g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and
oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile.
(main): Change type of pargs to gpgrt_argparse_t. Rework the option
parser to make use of the new gpgrt_argparser.
--
This is not yet finished but a make check works. gpg has the most
complex and oldest option handling and thus this is the first
migration target. SE-Linux checks and version-ed config files are
missing and will be added later.
GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
No functional changes, just fixing minor spelling issues.
---
Most of these were identified from the command line by running:
codespell \
--ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \
--skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \
doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \
NEWS README README.maint TODO
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* scd/app.c (send_serialno_and_app_status): Add fallback.
--
The app list was only printed for apps which support the with_keygrip
function. That is not the case for the netkey and otehr cards. The
new fallback prints the actual app name.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (send_keypair_info): Reaturn the key creation time
as part of a KEYPAIRINFO.
(do_readkey): Do not return the KEY-TIME anymore.
--
Sending the KEY_TIME status as part of a READKEY command was only
recently added. It is better to merge that into the KEYPAIRINFO line.
Another patch with chnage this for the consumers of that info.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (retrieve_fprtime_from_card): New.
(do_readkey): Send a KEY_TIME status.
--
It might be easier to fold this into KEYPAIRINFO but for backward
compatibility using a separate status line is safer.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (do_readkey): Use case insensitive match of the
keyref.
(do_writekey, do_sign, do_auth, do_decipher): Ditto.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (struct app_local_s): Add field keyalgo.
(parse_algorithm_attribute): Store the new keyalgo field.
(change_keyattr): Change info message.
(change_keyattr_from_string): Rewrite to also accept a keyref and a
keyalgo string.
(do_genkey): Change the keyattr if a keyalgo string is given.
--
Having this feature makes it easier to use OpenPGP cards in a similar
way to other cards. Note that the explicit changing via SETATTR is
still supported.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c (openpgp_curve_to_oid): Add optional arg R_NBITS.
Change all callers.
--
In particular for ed25519 and cv25519 it is quite useful to have an
ability to get the required algorithm.
* common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only
here but now without the Norcroft-C. Change all other places where it
gets defined.
* common/iobuf.h (iobuf_debug_mode): Declare unconditionally as
extern.
* common/iobuf.c (iobuf_debug_mode): Define it here.
* agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in
all main modules of all other programs.
* g10/main.h: Put util.h before the local header files.
--
This change is required for use with gcc/ld's LTO feature which does
not allow common blocks. Further gcc 10 will make -fno-common the
default and thus this chnage is always needed. What a pitty.
Co-authored-by: Tomáš Mráz
GnuPG-bug-id: 4831
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 21d9bd8b87a9f793a106095e3838eb71825189d7)
- Applied respective chnages also to gpg-card and keyboxd.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (send_key_attr): Use log_assert.
(do_genkey): Allow prefix.
--
It is more uniform to always use full keyref (e.g. "OPENPGP.1")
instead of just the key number.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app.c: Include membuf.h.
(app_switch_current_card): New.
(send_card_and_app_list): Factor code out to ...
(send_serialno_and_app_status): new.
(app_send_card_list): New.
(app_send_active_apps): New.
(app_switch_active_app): New.
* scd/command.c (cmd_switchcard): New.
(cmd_switchapp): New.
(register_commands): Register new commands.
(cmd_getinfo): New sub-commands "active_apps" and "all_active_apps".
--
These new commands allow to switch between known cards and are in
particular useful for the gpg-card tool.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-piv.c (ask_and_prepare_chv): here.
--
The test code from the last PIV change was accidently kept enabled.
Fixes-commit: 2dd6b4b998dd6e156e2e75ede0f40fb768c69f40
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (struct app_local_s): New field pincache.
(cache_pin): Set it.
(pin_from_cache): Consult it.
* scd/app-piv.c (struct app_local_s): New field pincache.
(cache_pin): Set it.
(pin_from_cache): Consult it.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/command.c (pincache_put): Add arg pinlen and change all callers
to provide it.
* scd/app-piv.c (cache_pin): New.
(pin_from_cache): New.
(ask_and_prepare_chv): Add args no_cache and r_unpaddedpinlen. Take
PIN from the cache. Return the unpadded length.
(verify_chv): Add arg ctrl. Cache the PIN.
(do_change_chv): Clear PIN cache.
--
The PIV pins are padded but we want to store the unpadded PIN. Thus
the changes to the function.
Code has has been tested by commenting the no_cache parameter because
we the current test certificate was created for PIV.9C which requires
a verification for each use. More testing is required.
GnuPG-bug-id: 4791
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app.c (maybe_switch_app): Factor reselect code out to ...
(run_reselect): new.
(app_write_learn_status): Tweak diagnostics.
(app_do_with_keygrip): Run reselect if a card has more than one
switchable application.
* agent/call-scd.c (agent_card_serialno): Ditto.
* tools/card-call-scd.c (start_agent): Use option --all with SERIALNO.
(scd_serialno): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (wipe_and_free, wipe_and_free_string): Use them
everywere where we do a wipememory followed by a free.
(pin2hash_if_kdf): Change interface. The input PIN is not anymore
changed. Further there are no more assumptions about the length of
the provided buffer.
(cache_pin): Restructure.
(chvno_to_keyref): New.
(pin_from_cache): New.
(verify_a_chv): Add arg CTRL. Adjust for changed pin2hash_if_kdf.
Chache and retrieve the PIN here.
(verify_chv2): Do not cache the PIN here.
(build_enter_admin_pin_prompt): Add arg 'r_remaining'.
(verify_chv3): Adjust for changed pin2hash_if_kdf. Implement the PIN
cache.
(do_change_pin): Clear the PIN cache. Do not change the PIN here.
Lots of adjustments to cope with the chnaged pin2hash_if_kdf.
(do_sign): Do not cache the PIN here.
--
Note that some of the changes are required because we can't rely that
the PIN is always cached in secure memory. Thus it is better to do an
explicit wipe.
Testing the PIN cache can currently only be done my modifying the
code to do a verification for each operation. Only some basic testing
has been done. Clearing the PIN cache is also not fully
implemented. With the forthcoming changes to app-piv we should be
enter able to test the PIN cache.
Missing stuff:
- The agent should be able to selectively clear the cache on a per
slot base.
- We should replace AESWRAP by OCB.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/call-scd.c (handle_pincache_put): Do not decrypt.
(handle_pincache_get): New.
(inq_needpin): Call it.
* scd/command.c (set_key_for_pincache): New.
(pincache_put): Restructure and set key.
(pincache_get): Ditto.
--
This change does away with encrypting and decrypting the cached PIN in
the agent. There is no need for this we can simply cache the
cryptogram and let scdaemon decrypt after retrieving it from the
agent. This way we do not need to share a key between gpg-agent and
scdaemon and further the cached content is invalid after the scdaemon
process has been replaced.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/command.c (pincache_put): New. Uses a dummy key for now.
(pincache_get): New.
* scd/app.c (select_application): Flush the PIN cache.
(scd_update_reader_status_file): Ditto.
(maybe_switch_app): Call the new prep_reselect function.
(app_write_learn_status): Ditto.
* scd/app-openpgp.c (cache_pin): New helper to cache a PIN.
(verify_chv2): Call it.
(verify_chv3): Call it.
(clear_chv_status): Call it.
(do_change_pin): Call it.
* scd/app-common.h (struct app_ctx_s): Add function 'prep_select'.
* scd/app-openpgp.c (do_prep_reselect): New stub function.
(app_select_openpgp): Set new stub function.
* scd/app-piv.c (do_prep_reselect): New stub function.
(app_select_piv): Set new stub function.
* scd/app-common.h (struct app_ctx_s): Add parameter ctrl to setattr,
sign, auth, decipher, and check_pin. Change all implementations and
callers to pass such a parameter.
--
This is work in progress.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/command.c (open_card_with_request): Use NULL instead of
APPTYPE_NULL.
--
Using the enum is wrong because a string is expected. However it did
harm anything because the value of the enum is 0 and thus equivalent
to NULL.
Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx/keybox.h: Fix naming of arguments.
* scd/ccid-driver.c (print_error) [TEST]: Add missing break. Note
that this is anyway an impossible case.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/apdu.c (apdu_open_reader): Skip use of a reader if it's not the
one specified when it is specified.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/app.c (apptype_from_keyref): New.
(maybe_switch_app): Add arg 'keyref' and use this also for switching.
Change all callers to pass a keyref if needed.
--
A drawback of this auto-switching is that the PIN cache of the cards
are cleared. That could be mitigated by having our own cache but we
always tried to avoid that.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (do_reselect): Clear PIN cache flags.
--
It seems that the verification status of the OpenPGP app on a Yubikey
is reset on a select. We need to reflect this in our cache to avoid a
"Bad PIN" error on computing a signature.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/command.c (cmd_serialno): Add option --all.
(open_card_with_request): Implement that option.
* scd/app.c (select_all_additional_applications_internal): New.
(select_additional_application): Add mode to call new function.
--
This option is currently only useful for Yubikeys and basically
ignored with other cards. Its use is
SERIALNO --all
LEARN --force --multi
which will then print keypairinfo and other stuff for the OpenPGP and
PIV application of a Yubikey. Scute is going to use this to allow
using certificates from OpenPGP and PIV at the same time.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app.c (select_additional_application): Return error for unknown
NAME.
--
ERR was only set but not used.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-common.h (APP_LEARN_FLAG_MULTI): New.
* scd/command.c (cmd_learn): Add option --multi.
* scd/app.c (app_write_learn_status): Factor some code out to ...
(write_learn_status_core): new.
(app_write_learn_status): Implement flag --multi.
--
This new option is intended to return information about all active
applications of the current card. Thus if a "SERIALNO openpgp" and a
"SERIALNO piv" has been done in a session the command "LEARN --force
--multi" returns information about both applications.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-common.h (APP_LEARN_FLAG_KEYPAIRINFO): New flag macro..
* scd/command.c (cmd_learn): Pass that flag instead of a plain number.
* scd/app-nks.c (do_learn_status_core): Use new flag.
* scd/app-p15.c (do_learn_status): Ditto.
* scd/app-piv.c (do_learn_status): Ditto.
* scd/app-sc-hsm.c (do_learn_status): Ditto.
* scd/app.c (app_write_learn_status): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-nks.c (do_getattr): Add new attributes.
--
Note that these were already added to 2.2 as part of
commit 23784f8bf0ac6d6c52cb2de2f99f46017a92c11a
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app.c (select_additional_application): Initialize card of APP.
Break after the selection.
Don't free APP if success.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/ccid-driver.c (bulk_in): Increase timeout by the multiplier
value as defined section 6.2.6 in CCID specification.
--
For TPDU level transfer, it was handled. This is fix for APDU level
transfer.
GnuPG-bug-id: 4646
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/ccid-driver.c (ccid_transceive_apdu_level): Use bBWI=0 for APDU
level transfer.
(ccid_transceive): Use bBWI=0 or the value returend by WTX for TPDU
level transfer.
GnuPG-bug-id: 4654
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/app.c (check_application_conflict): Add args to pass a serialno.
* scd/command.c (open_card_with_request): Pass the serialno to
check_application_conflict.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app.c (compare_card_list_items): New.
(app_send_card_list): Sort the card objects by slot.
--
This is required so that in gpg-card a "list N" command always returns
the expected card. Sorting by slot should be sufficient.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-common.h (struct app_ctx_s): Add func ptr 'reselect'.
* scd/app-piv.c (do_reselect): New.
(app_select_piv): Move AID constant to file scope.
* scd/app-openpgp.c (do_reselect): New.
(app_select_openpgp): Move AID constant to file scope.
* scd/app.c (apptype_from_name): New.
(check_application_conflict): Check against all apps of the card.
Always set current_apptype.
(select_additional_application): New.
(maybe_switch_app): New.
(app_write_learn_status, app_readcert, app_readkey, app_getattr)
(app_setattr, app_sign, app_auth, app_decipher, app_writecert)
(app_writekey, app_genkey, app_change_pin, app_check_pin): Use it here.
(app_do_with_keygrip): Force reselect on success.
(app_new_register): Move setting of CURRENT_APPTYPE to ...
(select_application): here so that it will be set to the requested
card.
* scd/command.c (open_card_with_request): Select additional
application if possible.
--
Noet that we will likely need to rework this even more so to get well
defined semantics for card access.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app.c (app_do_with_keygrip): Lock the card.
--
Better safe than sorry.
We should also review the card reference counting to see whether we
better ref the returned card object already here.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app.c: Chnage all function dispatcher.
--
This change will allow us to easier integrate an app swithcing logic.
The change should have no user visible effect. The error checking we
do now with the card locked will rarely be asserted. It is the
correct thing to do anyway.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app.c (check_conflict): Fold into ...
(check_application_conflict): this and adjust callers. Return a
different error code if it is possible to switch apps.
--
Right now this change does nothing visible.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/scdaemon.h: Include app-common.h. Remove inclusion of that
header from all other files.
(card_t, app_t): Move typedef to ...
* scd/app-common.h: here. Use them in the defs.
--
In another patch we will need apptype_t in the ctrl object and thus we
need to reorganize things a bit now. Given that most files need
app-common anyway it makes sense to always include it.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-common.h (cardtype_t): New.
(apptype_t): New.
(struct card_ctx_s): Change type of cardtype.
(struct app_ctx_s): Change type of apptype. Adjust all users.
* scd/app.c (struct app_priority_list_s): Add field apptype.
(strcardtype): New. Use as needed.
(strapptype): New. Use as needed.
--
Using strcmp is lame and we can't use a switch to let the compiler
complain about missed cases.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-common.h (struct card_ctx_s): New.
(struct app_ctx_s): Factor card specific fields out to card_ctx_s.
(app_get_slot): New.
* scd/scdaemon.h (card_t): New.
(struct server_control_s): Rename field app_ctx to card_ctx and change
all users.
* scd/app-dinsig.c: Use app_get_slot and adjust for chang in card
related fields.
* scd/app-geldkarte.c: Ditto.
* scd/app-nks.c: Ditto.
* scd/app-openpgp.c: Ditto.
* scd/app-p15.c: Ditto.
* scd/app-sc-hsm.c: Ditto.
* scd/app.c: Lost of changes to adjust for the changed data
structures. Change all callers.
(app_list_lock): Rename to card_list_lock.
(app_top): Remove.
(card_top): New.
(lock_app): Rename to lock_card and change arg type.
(unlock_app): Rename to unlock_card.
(app_dump_state): Print card and app info.
(app_reset): Rename to card_reset.
(app_new_register): Change for the new data structure.
(deallocate_card): Dealloc card and all apps.
(app_ref): Rename to card_ref.
(app_unref): Rename to card_unref.
(app_unref_locked): Rename to card_unref_locked.
(card_get_serialno): New.
* scd/command.c (cmd_pkdecrypt): Actually use the looked up card and
former app object and not the standard one from the context.
--
Although quite large, this is a straightforward change to separate
card/token related data from card application related data. Before
this change there was a one-to-one relation between card and
application and no way to represent several applications on a card.
The new data structure will allow for such a representation.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app.c (app_ref): New.
(app_unref): New.
(release_application): Renamed to ...
(app_unref_locked): this and remove arg locked_already. Change
callers to use this or app_ref.
* scd/command.c (open_card_with_request):
(cmd_pksign, cmd_pkauth, cmd_pkdecrypt): Use app_ref and app_unref
instead of accessing the counter directly.
--
This is better in case we need to debug stuff. There is a real change
however: We now lock and unlock the app before changing the reference
count.
The whole app locking business should be reviewed because we pass
pointers along without immediately bumping the refcount.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (do_with_keygrip): Return a real error code to
avoid misinterpretation of the result. Also fix the case for a too
small buffer.
--
The only real chnage is the case for a too small buffer. That should
in general never happen but if so we now return an error instead of
success.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (get_public_key): Use gnupg_module_name instead of
just "gpg".
--
There is no bug report regarding this and it would be very unlikely
but we should always use the gpg belonging to our code.
Signed-off-by: Werner Koch <wk@gnupg.org>
* doc/scdaemon.texi (card-timeout): Remove.
* scd/scdaemon.c (main): Remove oCardTimeout handling.
--
There was the card-timeout option in GnuPG 2.0, but it was never
implemented correctly. The intention of this option was to allow
sharing smartcard among multiple applications, but this didn't work
well as user's expectation (it only worked with DISCONNECT command).
This is because other parts of scdaemon assumes exclusive access. In
GnuPG 2.1, the support of the option was removed, improving
"DISCONNECT" command always works well without this option.
GnuPG-bug-id: 3383
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/apdu.c (struct pcsc_io_request_s): Use pcsc_dword_t for Windows.
--
This fix is for correctness and for the future when we will support
64-bit Windows.
GnuPG-bug-id: 4454
Suggested-by: Juris Ozols
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/command.c (cmd_pksign, cmd_pkauth, cmd_pkdecrypt): When length
of keyidstr is 40, it is considered as a keygrip for direct use.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/app-common.h (struct app_ctx_s): Add with_keygrip function.
* scd/app-openpgp.c (do_with_keygrip): New.
* scd/app.c (app_do_with_keygrip): New.
* scd/command.c (cmd_keyinfo): New.
(send_keyinfo): New.
--
KEYGRIP_ACTION_LOOKUP is not yet used. It will be used for directly
asking PK* action to determine an APP.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/app-openpgp.c (struct app_local_s): Add keygrip_str.
(store_keygrip): New.
(read_public_key): Call store_keygrip to hold keygrip.
(get_public_key): Likewise.
(send_keypair_info): Use stored keygrip_str.
(check_keyidstr): Allow use of KEYGRIP.
(do_check_pin): Allow use of KEYGRIP of signing slot.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/ccid-driver.c (CCID_CMD_TIMEOUT_LONGER): Remove.
(ccid_transceive): Don't use x4 blindly for bBWI, but use dynamically
determined value. Use value from variable wait_more for bulk_in.
Set wait_more by the value of time extension request.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/command.c (cmd_readkey): New options --info and --info-only.
* scd/app.c (app_readkey): New arg 'flags'.
* scd/app-common.h (APP_READKEY_FLAG_INFO): New.
(struct app_ctx_s): New args 'ctrl' and 'flags' for member readkey.
Change all implementers.
* scd/app-nks.c (do_readkey): Stub implementation of
APP_READKEY_FLAG_INFO.
* scd/app-openpgp.c (do_readkey): Implement APP_READKEY_FLAG_INFO.
* scd/app-piv.c (do_readkey): Ditto.
--
This feature allows to quickly get the keygrip and in most cases also
the usage flags for one specific keyref. Example:
<- readkey --info-only PIV.9D
-> S KEYPAIRINFO FC6061FB457224370B85C6F34DD56CD29E669620 PIV.9D e
-> OK
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/call-agent.c (agent_scd_keypairinfo): Use --keypairinfo.
* sm/call-agent.c (gpgsm_agent_scd_keypairinfo): Ditto.
* scd/app-openpgp.c (do_getattr): Add attributes "$ENCRKEYID" and
"$SIGNKEYID".
* scd/app-piv.c (do_getattr): Ditto.
--
We already have $AUTHKEYID to locate the keyref of the key to be used
with ssh. It will also be useful to have default keyref for
encryption and signing. For example, this will allow us to repalce
the use of "OPENPGP.2" by a app type specific keyref.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app.c (app_new_register): Detect yk4 version numbers.
--
Having the version of the yubikey is important to select which other
methods can be used with a Yubikey. Note that we do not detect the
formfactor of a Yubikey 4 and instead use 0 for our serial number
prefix. This does not affect app-openpgp becuase there we use the app
specific serial number.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for
ECC strength 384, according to RFC-6637.
--
Reported-by: Trevor Bentley
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/app.c (app_new_register): Set card version for Yubikeys.
(app_write_learn_status): Print CARDVERSION and APPVERSION.
* tools/card-call-scd.c (learn_status_cb): Detect them.
* tools/gpg-card.h (struct card_info_s): Add appversion and
cardversion.
* tools/gpg-card.c (list_openpgp): Remove version printing from serial
number.
(print_a_version): New.
(list_card): Print card and app version.
(cmd_generate): Do not allow broken Yubikeys.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-piv.c (concat_tlv_list): Add arg 'secure' and adjust
callers.
(writekey_rsa, writekey_ecc): New.
(do_writekey): New.
(do_writecert): Provide a better error message for an empty cert.
(app_select_piv): Register do_writekey.
* scd/iso7816.c (iso7816_send_apdu): New.
* scd/app-common.h (APP_WRITEKEY_FLAG_FORCE): New.
* agent/command.c (cmd_keytocard): Make the timestamp optional.
* tools/card-call-scd.c (inq_writekey_parms): Remove.
(scd_writekey): Rewrite.
* tools/gpg-card.c (cmd_writekey): New.
(enum cmdids): Add cmdWRITEKEY.
(dispatch_command, interactive_loop): Call cmd_writekey.
--
This has been tested with gpgsm and RSA keys. For ECC keys only
partly tested using the sample OpenPGP nistp256 and nistp384 keys
because gpgsm does not yet support ECC certificates and thus we can't
write the certificates to the cert object after a writekey. Note that
they nevertheless show up in "gpgcard list" because gpg-card searches
for them in gpg and gpgsm. However, this does not work completely.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-piv.c (do_readcert): Add hack to read Yubikey attestaions.
--
Use
gpg-card 'readcert PIV.ATST.9A >x.crt'
to store the attestation certificate for 9A into X.CRT.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-piv.c (do_readkey): Read the key from the cert here instead
of letting the upper layer do this.
(do_writecert): Check that the cert matches the key and that a key has
already been generated.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-help.c (app_help_pubkey_from_cert): New.
* scd/command.c (cmd_readkey): Refactor to use that new function and
handle the --advanced flag only here.
* scd/app.c (app_readkey): Remove parm advanced.
* scd/app-common.h (struct app_ctx_s): Remove parm advanced from the
readkey member.
* scd/app-nks.c (do_readkey): Adjust for removed parm.
* scd/app-piv.c (do_readkey): Ditto.
* scd/app-openpgp.c (do_readkey): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/ccid-driver.c (ccid_open_usb_reader): Alway submit SET_INTERFACE
control transfer.
--
This handling is not mondatory, but it's better to do so, because
there are card reader with pinpad and token with ack button, which
support user interaction.
User interaction status should be reset at open time. The status
should be reset when the session is closed/stopped. In practice,
since cleanup routine in a driver may not be called properly, it's
good to submit SET_INTERFACE at open time.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/app-piv.c (do_decipher): New.
--
Note that ECDH decryption has not been tested due to the lack of ECC
support in gpgsm.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-piv.c (concat_tlv_list): New.
(get_key_algorithm_by_dobj): Rename args for clarity.
(do_auth): factor all code out to ...
(do_sign): new. Implement RSA signing.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-piv.c (struct genkey_result_s): Remove type and all users.
(send_keypair_and_cert_info): Print certinfo only if we got a cert..
(readcert_by_tag): Add arg r_mechanism and implement reading of public
keys.
(get_keygrip_by_tag): Use a public key to compute the keygrip.
(do_readcert): Make sure to only return a certificate.
(do_readkey): Read public key from the DO if a certificate is missing.
(get_key_algorithm_by_dobj): Get the algorithm also from a public key.
(does_key_exist): String changes.
(do_genkey): Remove result caching and store public key in the DO.
--
This removes the result cache and instead stores the public key in the
certificate object. This allows to properly list public keys at any
time after generating a key and before a new certificate is stored
there.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-piv.c (struct genkey_result_s): new.
(struct app_local_s): add member genkey_results.
(do_deinit): Free that one.
(flush_cached_data): Extend to delete all items.
(keyref_from_dobj): New.
(do_readkey): New.
(do_auth): Use keyref_from_dobj.
(does_key_exist): New.
(genkey_parse_rsa): New.
(do_genkey): New.
--
We need to extend the GENKEY in command.c to support other algos.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app.c (app_genkey): Add arg keytype.
* scd/app-common.h (struct app_ctx_s): Fitto for the genkey member.
* scd/command.c (cmd_genkey): Adjust for change.
* scd/iso7816.c (do_generate_keypair): Replace arg read_only by new
args p1 and p2.
(iso7816_read_public_key): Adjust for this.
(iso7816_generate_keypair): Add new args p1 and p2.
* scd/app-openpgp.c (do_genkey): Adjust for changes.
--
The OpenPGP card creates keys according to parameters read from a data
object. Other cards we are about to implement require a direct
specification of the requested keytype. This patch implements the
required changes.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-common.h (APP_GENKEY_FLAG_FORCE): New.
* scd/app.c (app_change_pin): Rename arg reset_mode to flags and
change from int to unsigned int.
--
This is basically a documentation fix.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with
"OPENPGP."
* tools/card-call-scd.c (scd_change_pin): Change API to use strings.
* tools/gpg-card-tool.c (cmd_passwd): Adjust for change.
(cmd_unblock): Ditto.
--
The generic keyref allows for better error detection in case a keyref
is send to a wrong card.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (do_setattr): Add new table item to flush a
different tag.
--
For whatever reasons the OpenPGP card reads the 3 CA fingerprints from
one object but sets them individually using 3 different tags. The
cache flushing was not prepared for this and so a changed CA
fingerprint showed only up after a card reset. This patch fixes it.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (do_change_pin): Implement handling
APP_CHANGE_FLAG_CLEAR.
--
It is specified in the specification version 3.1 or later. Some
version 2 cards (including Gnuk) support this feature. Any version 1
card has no support for this feature.
For CHVNO = 1, it clears for both of 81 and 82; That is, user's key
usages for signing and others (decryption and auth).
For CHVNO = 3, it clears for 83, admin key.
For CHVNO = 2, it clears 82; That is, user's key usages
others (decryption and auth).
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/app-piv.c (parse_pin_keyref): New.
(get_chv_status): New.
(do_getattr): Add name CHV-STATUS.
(verify_pin): Add arg keyref to support other PINs.
(do_change_pin): New. Right now limited to --clear.
(do_check_pin): New.
(app_select_piv): Register new commands.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/command.c (cmd_passwd): Add option --clear.
(send_status_printf): New.
* scd/app-common.h (APP_CHANGE_FLAG_CLEAR): New.
* scd/app-nks.c (do_change_pin): Return an error if that option is
used.
* scd/app-openpgp.c (do_change_pin): Ditto.
--
Card application may support this option to clear the PIN verification
status of a specific PIN.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-piv.c: New.
* scd/Makefile.am (card_apps): Add app-piv.c
* scd/app.c (app_new_register): Try to get a Yubikey serial number.
Detect the PIV application.
(get_supported_applications): Add "piv".
--
Right now this allows the use of the authentication key (9A) for SSH
authentication. More support will follow soon.
Tested with Yubikey-5.
* scd/apdu.c (apdu_send_direct): New arg R_SW.
* scd/command.c (cmd_apdu): Ditto.
* scd/iso7816.c (iso7816_apdu_direct): New arg R_SW.
(iso7816_general_authenticate): New.
* scd/app-nks.c (get_chv_status, get_nks_version): Pass NULL for new
arg.
--
iso7816_general_authenticate will be used for the PIV card support.
The new arg to iso7816_apdu_direct and apdu_send_direct allows to get
the raw status word back without the need to handle an output buffer.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/ccid-driver.c (intr_cb): When LIBUSB_TRANSFER_NO_DEVICE,
just handle this event as failure.
--
It used to try another interrupt transfer request to make sure
if it fails again.
GnuPG-bug-id: 4308
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/command.c (cmd_readkey): Reformat for advanced mode.
--
The --advanced option used to work only if the driver supported that
but not if we extracted the public key from an x.509 certificate.
This patch fixes that.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app.c (app_new_register): Don't lock APP_LIST_LOCK here.
(select_application): Lock with APP_LIST_LOCK earlier.
--
What we want to do here is to serialize the call of
select_application. In the old code, it was possible
that a call of select_application was blocked internally,
and then another call of select_application entered.
We can have a dedicated lock for call of select_application,
but it is easier to re-use APP_LIST_LOCK.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/call-agent.c (learn_status_cb): Parse "bt" flag.
* g10/call-agent.h: New member field "bt".
* g10/card-util.c (uif): Limit its access only when it is supported.
* scd/app-openpgp.c (do_setattr): Allow access to UIF objects only
when there is a button.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/app-openpgp.c (do_sign): Clear DID_CHV1 after signing.
--
We have a corner case: In "not forced" situation and authenticated,
and it is changed to "forced", card implementaiton can actually accept
signing, but GnuPG requires authentication, because it is "forced".
GnuPG-bug-id: 4177
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/card-util.c (gen_kdf_data): Support single salt.
(kdf_setup): Can have argument for single salt.
* scd/app-openpgp.c (pin2hash_if_kdf): Support single salt.
--
Gnuk has "admin-less" mode. To support "admin-less" mode with KDF
feature, salt should be same for user and admin. Thus, I introduce a
valid use of single salt.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/app-openpgp.c (change_rsa_keyattr): Try usual RSA.
--
In the OpenPGP card specification, there are multiple options to
support RSA (having P and Q or not, etc.), and it is implementation
dependent. Since GnuPG doesn't have knowledge which card
implementation support which option and there is no way (yet) for card
to express itself which key attributes are supported, we haven't
supported key attribute change back to RSA. But, many card
implementation uses P and Q, try this option. If other cases,
factory-reset would be easier option.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/scdaemon.c (setup_signal_mask): New.
(main): Call setup_signal_mask.
(handle_connections): Remove signal mask setup.
--
For new thread, signal mask is inherited by thread creation.
Thus, it is best to setup signal mask just after npth_init.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/ccid-driver.c (intr_cb): Try submitting INTERRUPT urb
to see if it's suspend/resume.
--
Upon suspend/resume, LIBUSB_TRANSFER_NO_DEVICE is returned, since all
URBs are cancelled. We need to see if it's real NODEV error or its by
suspend/resume. We can distinguish by sending URB again.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* configure.ac (require_pipe_to_unblock_pselect): Default is "yes".
* scd/scdaemon.c (scd_kick_the_loop): Minor clean up.
--
Normally SIGCONT or SIGUSR2 works for unblocking pselect. But on my
machine with GNU/Linux, when a machine is suspend/resume-ed, pselect
keeps blocked, while signal itself is delivered.
It's better to use pipe.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/apdu.c (struct reader_table_s): Add field of current_state.
(new_reader_slot): Initialize current_state.
(pcsc_get_status): Keep the status in READER_TABLE array.
Return SW_HOST_NO_READER when PCSC_STATE_CHANGED.
* scd/scdaemon.c (handle_connections): Silence a warning.
--
To detect some change of card status, including suspend/resume
possibly, SCardGetStatusChange should be used keeping the
dwCurrentState field.
This change could improve situation for suspend/resume with Yubikey on
Windows. Even not, this is doing the Right Thing.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/asshelp2.c (vprint_assuan_status_strings): New.
(print_assuan_status_strings): New.
* agent/command.c (agent_write_status): Replace by call to new
function.
* dirmngr/server.c (dirmngr_status): Ditto.
* g13/server.c (g13_status): Ditto.
* g13/sh-cmd.c (g13_status): Ditto.
* sm/server.c (gpgsm_status2): Ditto.
* scd/command.c (send_status_info): Bump up N.
--
This fixes a potential overflow if LFs are passed to the status
string functions. This is actually not the case and would be wrong
because neither the truncating in libassuan or our escaping is not the
Right Thing. In any case the functions need to be more robust and
comply to the promised interface. Thus the code has been factored out
to a helper function and N has been bumped up correctly and checked in
all cases.
For some uses this changes the behaviour in the error case (i.e. CR or
LF passed): It will now always be C-escaped and not passed to
libassuan which would truncate the line at the first LF.
Reported-by: private_pers
* scd/app-openpgp.c (get_cached_data): Return NULL for Data Object
with no data.
--
When GET_DATA returns no data with success (90 00), this routine
firstly returned buffer with length zero, and secondly (with cache)
returned NULL, which is inconsistent. Now, it returns NULL for both
cases.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* configure.ac (HAVE_PSELECT_NO_EINTR): New.
* scd/scdaemon.c (scd_kick_the_loop): Write to pipe.
(handle_connections): Use pipe.
--
On NetBSD, signal to the same process cannot unblock pselect,
with unknown reason. Use pipe instead, for such systems.
GnuPG-bug-id: 3778
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/ccid-driver.c (do_close_reader): Set NULL on close.
(bulk_in): Move DEBUGOUT and check by EP_INTR.
(ccid_get_atr): Clear powered_off flag after initial status check.
--
Many card readers automatically turn on inserted card, but some
defaults to turning off at start.
GnuPG-bug-id: 3508
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/gpg-agent.c (oListenBacklog): New const.
(opts): New option --listen-backlog.
(listen_backlog): New var.
(main): Parse new options.
(create_server_socket): Use var instead of 5.
* dirmngr/dirmngr.c: Likewise.
* scd/scdaemon.c: Likewise.
--
GnuPG-bug-id: 3473
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/logging.c: Do not build any code if we can use the gpgrt_log
functions.
(log_logv_with_prefix): Rename to log_logv_prefix and change order of
args so that this function matches its printf like counterpart
gpgrt_logv_prefix. Change all callers.
(log_debug_with_string): Rename to log_debug_string. Change all
callers.
(log_printhex): Move first arg to end so that this function matches
its printf like counterpart gpgrt_log_printhex. Change all callers.
* common/logging.h: Divert to gpgrt/libgpg-error if we can use the
gpgrt_log functions.
(bug_at): Add inline versions if we can use the gpgrt_log functions.
* configure.ac (GPGRT_ENABLE_LOG_MACROS): Add to AH_BOTTOM.
(mycflags): Add -Wno-format-zero-length.
--
This patch enables the use of the log function from libgpgrt (aka
libgpg-error). Instead of checking a version number, we enable them
depending on macros set by recent gpg-error versions. Eventually the
whole divert stuff can be removed.
The -Wno-format-zero-length is required because log_printhex can be
called with an empty format string. Note that this is fully specified
standard C behaviour.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/apdu.c (open_ccid_reader): Fix error handling of ccid_get_atr.
* scd/app.c (select_application): Always kick the loop if new APP.
* scd/ccid-driver.c (ccid_open_usb_reader): Don't setup at open.
(ccid_slot_status): Setup interrupt transfer when !ON_WIRE.
--
We can use the interrupt transfer to be notified about card status
change. In this case, we don't need to issue PC_to_RDR_GetSlotStatus
command. This change improve the setup the notification; it should be
done after registration of APP.
When the setup is done just after opening the USB connection (before
issuing PC_to_RDR_IccPowerOn), a reader might notifies about no card
availability (because of not yet powered on), even though the card is
ready to be powered on.
GnuPG-bug-id: 3508
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/card-util.c (current_card_status): String changes.
(change_sex): Description change.
(cmds): Add "salutation"; keep "sex" as an alias.
--
Note that we can't change the used values or tags but at least the UI
should show reflect the real purpose of the field.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (determine_rsa_response): Round bits up.
--
Co-authored-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
Arnaud wrote:
Actually, when the incorrect expected response length (i.e. Le
field) is transmitted to the card, the card's answer is missing a
byte (i.e. ... 6101) so an additional command has to be sent to the
card to retrieve the last byte. Using the correct length avoids to
send the additional command to retrieve the missing byte, when the
computed length is wrong.
Note that an value of 65537 for E is pretty standard and thus we can
avoid the 6101 return code inmost cases.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (main): Always to the chdir.
* dirmngr/dirmngr.c (main): Ditto.
* scd/scdaemon.c (main): Ditto.
--
Note that only dirmngr did not call the chdir with --no-detach. thus
we kept it this way.
Tested gpg-agent by checking the properties shown by procexp.
Gnupg-bug-id: 2670
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.
* dirmngr/dirmngr.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.
* scd/scdaemon.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.
Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2670
* scd/ccid-driver.c (intr_cb): Only kick the loop for removal.
(bulk_in): Don't set POWERED_OFF when interrupt transfer is enabled.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/app-openpgp.c (data_objects): Special DOs like "Login Data",
"URL", "Private DO N" can be longer size >= 256.
(struct app_local_s): Define bits for v3 card.
(get_cached_data): Use extcap.max_special_do for special DOs.
(app_select_openpgp): Detect if extcap_v3, kdf_do, and other bits.
--
GnuPG-bug-id: 3262
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/ccid-reader.c (scan_usb_device): Only for scan mode, so, rename
from scan_or_find_usb_device.
(scan_devices): Likewise. Remove support of special transport types.
(ccid_get_reader_list): Simplify.
(abort_cmd): Fix error return.
(send_escape_cmd): Fix for RESULTLEN == NULL.
(ccid_transceive_secure): Remove unnecessary var updates.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/ccid-driver.c (CCID_CMD_TIMEOUT): Back to original value.
(CCID_CMD_TIMEOUT_LONGER): New.
(ccid_transceive): Add kludge for key generation.
--
At key generation of longer key size, OpenPGP card sends back "time
extension" with BWI=100, which is unusual value in the protocol and it
actually requires host having longer timeout like 43 seconds.
Reported-by: Szczepan Zalega <szczepan@nitrokey.com>
Fixes-commit: 6510df3a7cd2b5bf44fac1e4d50ee54b8c897daa
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/app-dinsig.c (do_sign): Remove assignment to HASHALGO.
* scd/app-p15.c (parse_keyusage_flags): Remove assign to MASK.
(read_ef_aodf): Likewise.
(read_ef_cdf): Change the control to parse_error.
* scd/app-sc-hsm.c (parse_keyusage_flags): Remove assign to MASK.
(read_ef_prkd): Remove assign to S.
(read_ef_prkd): Check if PRKDF is not null.
(read_ef_cd): Likewise for CDF.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/scdaemon.c (notify_fd): Remove.
(the_event) [W32]: New.
(main_thread_pid) [!W32]: New.
(handle_signal): Handle SIGCONT.
(scd_kick_the_loop): Use signal on UNIX and event on Windows.
(handle_connections): Likewise.
--
Code with CreateEvent is copied from gpg-agent.c.
Code for signal is copied from dkg's gpg-agent-idling in Debian.
GnuPG-bug-id: 2982
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/app-openpgp.c (get_prompt_info): Change texts.
* agent/call-pinentry.c (struct entry_features): New.
(getinfo_features_cb): New.
(start_pinentry): Set new fucntion as status callback.
(build_cmd_setdesc): New. Replace all snprintf for SETDESC by this
one.
--
Suggested-by: Andre Heinecke
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/app-openpgp.c (get_prompt_info): Change wording and order
slightly.
--
The word "Card" was repeated too much in the prompt and moving
signatures to the bottom results in a more consistent layout
between the prompts with signcount and the prompts without.
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* scd/app-openpgp.c (get_disp_name): New.
(get_disp_serialno): New.
(get_prompt_info): New.
(build_enter_admin_pin_prompt): Rework the prompt texts. Factor some
code out to ...
(get_remaining_tries): New.
(verify_a_chv): Print a remaining counter also for the standard PIN.
Rework the prompt texts.
* agent/divert-scd.c (ask_for_card): Pretty format an OpenPGP serial
no.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-common.h (struct app_ctx_s): Add reset_requested.
* scd/app.c (app_reset): Locking APP, set reset_requested.
(deallocate_app): Release the lock.
(release_application): Add LOCKED_ALREADY argument.
(scd_update_reader_status_file): Hold the lock when accessing APP.
When reset_requested is set, close the reader and deallocate APP.
* scd/command.c (open_card_with_request, cmd_restart): Follow the
change of release_application.
(send_client_notifications): Here it calls release_application holding
the lock.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/app.c (release_application_internal): Remove.
(release_application): Merge release_application_internal.
(app_reset): Kick the loop and let close the reader. Sleep is
required here to wait closing.
(scd_update_reader_status_file): When APP is no use, close it.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>