* scd/app-p15.c (prepare_verify_pin): Allow use without an AODF.
(verify_pin): Ditto.
(do_with_keygrip): Implement capability restrictions.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/command.c (cmd_keyinfo): Use Gcrypt constants for CAP.
* scd/app-openpgp.c (do_with_keygrip): Adjust for them.
* scd/app-piv.c (do_with_keygrip): Ditto.
--
That makes it easier to read. An open question is whether we should
allow several capabilities and whether they are the ORed or ANDed.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-p15.c (struct prkdf_object_s): Add flag pin_verified.
(verify_pin): Make use of it.
--
Theee is still a problem with the APDUs we send: Switching between
signing and decryption does work but not in the other way.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-p15.c (do_sign): Move keygrip_from_prkdf before PIN
verification.
(do_decipher): Add keygrip_from_prkdf.
--
This is required because that function may change the current file
which is set by prepare_verify_pin right before MSE. HAs alredy been
done on the backport to 2.2
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-p15.c (do_decipher): New.
--
tested using the D-TRUSt card and a SCR3310 reader. The Kobil KAAN
Advanced, I used for the signing tests could not be used because it
supports only Short APDU Level exchange.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg
r_pkey and change all callers.
(app_help_get_keygrip_string): Ditto.
* scd/app-p15.c (struct cdf_object_s): Use bit flags
(struct aodf_object_s): Ditto. Add field 'fid'.
(struct prkdf_object_s): Ditto. Add fields keygrip, keyalgo, and
keynbits.
(parse_certid): Allow a keygrip instead of a certid aka keyref.
(read_ef_aodf): Store the FID.
(keygripstr_from_prkdf): Rename to ...
(keygrip_from_prkdf): this. Remove arg r_gripstr and implement cache.
Change callers to directly use the values from the object. Also store
the algo and length of the key ion the object.
(keyref_from_keyinfo): New. Factored out code.
(do_sign): Support SHA-256 and >2048 bit RSA keys.
(do_with_keygrip): New.
(app_select_p15): Register new function.
--
This has been tested with a D-Trust card featuring 3072 bit keys.
Note that non-repudiation key for a qualified signature does not yet
work because we do not yet support rsaPSS padding. Thus a gpgsm
--learn shows a couple of Bad Signature errors for this key.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/iso7816.c (iso7816_read_binary): Factor code out to ...
(iso7816_read_binary_ext): new function. Add arg extended_mode.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
This removes almost all log_debug calls and uses opt.verbose and
log_info to show card information. Also avoid too long and thus
harder to read lines.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-p15.c (read_ef_odf): Detect the home_DF on the fly. Silence
the garbage warning for null bytes.
(print_tokeninfo_tokenflags): New.
(read_ef_tokeninfo): Print manufacturer, label, and flags.
(app_select_p15): No need to use the app_get_slot macro.
(CARD_TYPE_CARDOS_50): New const.
(card_atr_list): Detect CardOS 5.0
--
The card under test is a "Test-Signaturkarte D-TRUST Card 3.1" for a
mere 49 Euro and no specs available. D-Trust is a branch of the
German Bundesdruckerei. Compare that to Telesec and Yubikey who have
always been nice enough to send bunches of sample cards without a need
to wade through lots of forms and not even asking for money. Guess
which cards I prefer.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (check_keyidstr): Add optional arg r_use_auth to
test also for OpenPGP.3.
(do_sign): Enable that new mode.
--
This is very useful to allow gpgsm to use a certificate based on the
OpenPGP card's authentication key. That key is usually used for ssh
but it makes sense to use it also for user certificate based
authentication.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
* tools/gpgconf-comp.c: here.
(known_options_scdaemon): Remove "options".
(known_options_dirmngr): Remove "options".
(known_options_gpgsm): Remove "options".
(known_options_gpg): Remove "options" and "keyserver".
(struct gc_option_s): Rename active t gpgconf_list.
(gc_component_list_options): Do not act upon active.
(option_check_validity): Ditto.
(is_known_option): Make it work correctly for unknown options.
(retrieve_options_from_program): Use renamed flag gpgconf_list only to
detect duplicated items from --gpgconf-list. Do not set runtime.
Only e set the options if set by --gpgconf-list; never clear them.
* agent/gpg-agent.c: Simplify the --gpgconf-list output.
* dirmngr/dirmngr.c: Ditto.
* g10/gpg.c: Ditto.
* kbx/keyboxd.c: Ditto.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto.
* tests/openpgp/gpgconf.scm: Use "compliance" instead of "keyserver"
for the string arg test.
--
There is no need to read the list of options from the components
unless they convey a default value. It is better to consult only the
list we have in gpgconf-comp.c to decide on whether an option should
be displayed. Right, this might mess up thing if a newer gpgconf
version is used with an older component, but we already print warnings
in this case and in general we do not want to support this anymore -
the times of gpg 1.4. and 2.0 are long over now.
GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf-comp.c: Remove all regular option descriptions. They
are now read in from the component. Also remove a few meanwhile
obsolete options.
* agent/gpg-agent.c: Add option description which were only set in
gpgconf-comp.c.
* dirmngr/dirmngr.c: Ditto.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto.
* g10/gpg.c: Ditto.
--
This second part removes all regular option descriptions because they
can be read from the components. A few were missing in the components
and thus moved to there.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (do_setattr): For setting KDF DO, support standard
OpenPGP card, which needs to update PIN.
GnuPG-bug-id: 3891
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/scdaemon.c: Switch to the new option parser and enable a global
conf file.
* dirmngr/dirmngr.c: Ditto.
* g13/g13.c: Ditto.
* g13/g13-syshelp.c: Ditto. Do not force verbose mode.
* dirmngr/dirmngr_ldap.c: Switch to the new option parser.
* dirmngr/dirmngr-client.c: Switch to the new option parser.
--
This finalizes the switch to the new option parser. What's left is to
remove the old argparser code from common.
g13-syshelp does not anymore default to --verbose because that can now
be enabled in /etc/gnupg/g13-syshelp.conf.
GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/util.h: Remove argparse.h.
* common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS.
* configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
* agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include
argparse.h. Do this also for all main modules which use our option
parser except for gpg. Replace calls to strusage by calls to
gpgrt_strusage everywhere.
* g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and
oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile.
(main): Change type of pargs to gpgrt_argparse_t. Rework the option
parser to make use of the new gpgrt_argparser.
--
This is not yet finished but a make check works. gpg has the most
complex and oldest option handling and thus this is the first
migration target. SE-Linux checks and version-ed config files are
missing and will be added later.
GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
No functional changes, just fixing minor spelling issues.
---
Most of these were identified from the command line by running:
codespell \
--ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \
--skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \
doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \
NEWS README README.maint TODO
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* scd/app.c (send_serialno_and_app_status): Add fallback.
--
The app list was only printed for apps which support the with_keygrip
function. That is not the case for the netkey and otehr cards. The
new fallback prints the actual app name.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (send_keypair_info): Reaturn the key creation time
as part of a KEYPAIRINFO.
(do_readkey): Do not return the KEY-TIME anymore.
--
Sending the KEY_TIME status as part of a READKEY command was only
recently added. It is better to merge that into the KEYPAIRINFO line.
Another patch with chnage this for the consumers of that info.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (retrieve_fprtime_from_card): New.
(do_readkey): Send a KEY_TIME status.
--
It might be easier to fold this into KEYPAIRINFO but for backward
compatibility using a separate status line is safer.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (do_readkey): Use case insensitive match of the
keyref.
(do_writekey, do_sign, do_auth, do_decipher): Ditto.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (struct app_local_s): Add field keyalgo.
(parse_algorithm_attribute): Store the new keyalgo field.
(change_keyattr): Change info message.
(change_keyattr_from_string): Rewrite to also accept a keyref and a
keyalgo string.
(do_genkey): Change the keyattr if a keyalgo string is given.
--
Having this feature makes it easier to use OpenPGP cards in a similar
way to other cards. Note that the explicit changing via SETATTR is
still supported.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c (openpgp_curve_to_oid): Add optional arg R_NBITS.
Change all callers.
--
In particular for ed25519 and cv25519 it is quite useful to have an
ability to get the required algorithm.
* common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only
here but now without the Norcroft-C. Change all other places where it
gets defined.
* common/iobuf.h (iobuf_debug_mode): Declare unconditionally as
extern.
* common/iobuf.c (iobuf_debug_mode): Define it here.
* agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in
all main modules of all other programs.
* g10/main.h: Put util.h before the local header files.
--
This change is required for use with gcc/ld's LTO feature which does
not allow common blocks. Further gcc 10 will make -fno-common the
default and thus this chnage is always needed. What a pitty.
Co-authored-by: Tomáš Mráz
GnuPG-bug-id: 4831
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 21d9bd8b87)
- Applied respective chnages also to gpg-card and keyboxd.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (send_key_attr): Use log_assert.
(do_genkey): Allow prefix.
--
It is more uniform to always use full keyref (e.g. "OPENPGP.1")
instead of just the key number.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app.c: Include membuf.h.
(app_switch_current_card): New.
(send_card_and_app_list): Factor code out to ...
(send_serialno_and_app_status): new.
(app_send_card_list): New.
(app_send_active_apps): New.
(app_switch_active_app): New.
* scd/command.c (cmd_switchcard): New.
(cmd_switchapp): New.
(register_commands): Register new commands.
(cmd_getinfo): New sub-commands "active_apps" and "all_active_apps".
--
These new commands allow to switch between known cards and are in
particular useful for the gpg-card tool.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-piv.c (ask_and_prepare_chv): here.
--
The test code from the last PIV change was accidently kept enabled.
Fixes-commit: 2dd6b4b998
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (struct app_local_s): New field pincache.
(cache_pin): Set it.
(pin_from_cache): Consult it.
* scd/app-piv.c (struct app_local_s): New field pincache.
(cache_pin): Set it.
(pin_from_cache): Consult it.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/command.c (pincache_put): Add arg pinlen and change all callers
to provide it.
* scd/app-piv.c (cache_pin): New.
(pin_from_cache): New.
(ask_and_prepare_chv): Add args no_cache and r_unpaddedpinlen. Take
PIN from the cache. Return the unpadded length.
(verify_chv): Add arg ctrl. Cache the PIN.
(do_change_chv): Clear PIN cache.
--
The PIV pins are padded but we want to store the unpadded PIN. Thus
the changes to the function.
Code has has been tested by commenting the no_cache parameter because
we the current test certificate was created for PIV.9C which requires
a verification for each use. More testing is required.
GnuPG-bug-id: 4791
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app.c (maybe_switch_app): Factor reselect code out to ...
(run_reselect): new.
(app_write_learn_status): Tweak diagnostics.
(app_do_with_keygrip): Run reselect if a card has more than one
switchable application.
* agent/call-scd.c (agent_card_serialno): Ditto.
* tools/card-call-scd.c (start_agent): Use option --all with SERIALNO.
(scd_serialno): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (wipe_and_free, wipe_and_free_string): Use them
everywere where we do a wipememory followed by a free.
(pin2hash_if_kdf): Change interface. The input PIN is not anymore
changed. Further there are no more assumptions about the length of
the provided buffer.
(cache_pin): Restructure.
(chvno_to_keyref): New.
(pin_from_cache): New.
(verify_a_chv): Add arg CTRL. Adjust for changed pin2hash_if_kdf.
Chache and retrieve the PIN here.
(verify_chv2): Do not cache the PIN here.
(build_enter_admin_pin_prompt): Add arg 'r_remaining'.
(verify_chv3): Adjust for changed pin2hash_if_kdf. Implement the PIN
cache.
(do_change_pin): Clear the PIN cache. Do not change the PIN here.
Lots of adjustments to cope with the chnaged pin2hash_if_kdf.
(do_sign): Do not cache the PIN here.
--
Note that some of the changes are required because we can't rely that
the PIN is always cached in secure memory. Thus it is better to do an
explicit wipe.
Testing the PIN cache can currently only be done my modifying the
code to do a verification for each operation. Only some basic testing
has been done. Clearing the PIN cache is also not fully
implemented. With the forthcoming changes to app-piv we should be
enter able to test the PIN cache.
Missing stuff:
- The agent should be able to selectively clear the cache on a per
slot base.
- We should replace AESWRAP by OCB.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/call-scd.c (handle_pincache_put): Do not decrypt.
(handle_pincache_get): New.
(inq_needpin): Call it.
* scd/command.c (set_key_for_pincache): New.
(pincache_put): Restructure and set key.
(pincache_get): Ditto.
--
This change does away with encrypting and decrypting the cached PIN in
the agent. There is no need for this we can simply cache the
cryptogram and let scdaemon decrypt after retrieving it from the
agent. This way we do not need to share a key between gpg-agent and
scdaemon and further the cached content is invalid after the scdaemon
process has been replaced.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/command.c (pincache_put): New. Uses a dummy key for now.
(pincache_get): New.
* scd/app.c (select_application): Flush the PIN cache.
(scd_update_reader_status_file): Ditto.
(maybe_switch_app): Call the new prep_reselect function.
(app_write_learn_status): Ditto.
* scd/app-openpgp.c (cache_pin): New helper to cache a PIN.
(verify_chv2): Call it.
(verify_chv3): Call it.
(clear_chv_status): Call it.
(do_change_pin): Call it.
* scd/app-common.h (struct app_ctx_s): Add function 'prep_select'.
* scd/app-openpgp.c (do_prep_reselect): New stub function.
(app_select_openpgp): Set new stub function.
* scd/app-piv.c (do_prep_reselect): New stub function.
(app_select_piv): Set new stub function.
* scd/app-common.h (struct app_ctx_s): Add parameter ctrl to setattr,
sign, auth, decipher, and check_pin. Change all implementations and
callers to pass such a parameter.
--
This is work in progress.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/command.c (open_card_with_request): Use NULL instead of
APPTYPE_NULL.
--
Using the enum is wrong because a string is expected. However it did
harm anything because the value of the enum is 0 and thus equivalent
to NULL.
Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx/keybox.h: Fix naming of arguments.
* scd/ccid-driver.c (print_error) [TEST]: Add missing break. Note
that this is anyway an impossible case.
Signed-off-by: Werner Koch <wk@gnupg.org>
Werner Koch