security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Activity
9,619 Commits 100 Branches 301 Tags 69 MiB
Commit Graph

1000 Commits

Author SHA1 Message Date
NIIBE Yutaka 2848fe4c84 scd: Fix hard-coded constant for RSA auth. 
* scd/app-openpgp.c (do_auth): Allow larger data for RSA-4096.

--

OpenPGPcard specification says that it will be rejected by the card
when it's larger.  We have been the check on host side too, but it was
written when it only had a support for RSA-2048.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-04-25 11:14:10 +09:00
NIIBE Yutaka e8fb8e2b3e scd: Don't inhibit SSH authentication for larger data if it can. 
* scd/app-openpgp.c (do_auth): Use command chaining if available.

--

GnuPG-bug-id: 5935
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-04-22 11:50:19 +09:00
Werner Koch dd727ec968
scd: Renamed a constant in ccid-driver.c 
* scd/ccid-driver.c (MAX_DEVICE): Rename to CCID_MAX_DEVICE.
--

Just for documentation reasons.
 2022-04-14 10:26:40 +02:00
Werner Koch 6294ae282d
scd: Minor code reorganization 
* scd/ccid-driver.c: Move struct defines to the top.
--
 2022-04-14 10:15:23 +02:00
Werner Koch 8ac92f0e80
scd: Fix memory leak in ccid-driver. 
* scd/ccid-driver.c (ccid_dev_scan): Use loop var and not the count.
--

Due to an assignment out of bounds this might lead to a crash if there
are more than 15 readers.  In any case it fixes a memory leak.
Kudos to the friendly auditor who found that bug.

Fixes-commit: 8a41e73c31
 2022-04-14 10:15:23 +02:00
Werner Koch 618aa8689a
scd:p15: Improve the PIN prompt for Genua cards. 
* scd/app-p15.c (CARD_PRODUCT_GENUA): New.
(cardproduct2str): Add it.
(read_p15_info): Detect and set GENUA
(make_pin_prompt): Take holder string from the AODF.
 2022-04-13 13:06:27 +02:00
Werner Koch 0dcc249852
scd: Support for GeNUA cards. 
* scd/app-p15.c (read_p15_info): Disable extended mode for Genua
cards.
 2022-04-11 17:48:45 +02:00
NIIBE Yutaka f584ad9504 scd,tpm2d: Fix for consistent use of socket FD. 
* scd/command.c (scd_command_handler): Use gnupg_fd_t for the argument
but no INT2FD to listen.  Use GNUPG_INVALID_FD.
* tpm2d/command.c (tpm2d_command_handler): Likewise.
* scd/scdaemon.c (start_connection_thread): Follow the change.
* tpm2d/tpm2daemon.c (start_connection_thread): Likewise.
* scd/scdaemon.h (scd_command_handler): Use gnupg_fd_t.
* tpm2d/tpm2daemon.h (tpm2d_command_handler): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-03-31 21:03:13 +09:00
NIIBE Yutaka a67a09be30 scd,w32: Fix socket resource leak. 
* scd/scdaemon.c (main): Use gnupg_fd_t for socket, and use
assuan_sock_close for the socket allocated by assuan_sock_new.
(handle_connections): Use gnupg_fd_t for listen_fd.
Use assuan_sock_close for the socket by npth_accept.

--

GnuPG-bug-id: 5029
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-03-29 09:55:02 +09:00
NIIBE Yutaka c6dd9ff929 scd: Fix DEVINFO with no --watch. 
* scd/app.c (app_send_devinfo): Fix for outputing once.
* scd/command.c (hlp_devinfo): Fix comment.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-03-15 15:19:11 +09:00
NIIBE Yutaka 665b59a066 Fix previous commit. 
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-03-11 14:09:22 +09:00
NIIBE Yutaka 934864d399 scd: Enhance PASSWD command to accept KEYGRIP optionally. 
* scd/command.c (cmd_passwd): Handle KEYGRIP optionally.

--

GnuPG-bug-id: 5862
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-03-10 11:11:38 +09:00
NIIBE Yutaka d577ed2956 scd: Use same idiom for same work. 
* scd/command.c (cmd_serialno, cmd_getattr): Use 'while' instead of
'for'.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-03-10 11:02:11 +09:00
NIIBE Yutaka 58e6990eaa scd: Fix PK_AUTH with --challenge-response option. 
* scd/app.c (app_auth): It's only APPTYPE_OPENPGP which supports
the challenge response interaction.
* scd/command.c (cmd_pkauth): It only wants if it works or not.

--

GnuPG-bug-id: 5862
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-03-04 10:11:38 +09:00
NIIBE Yutaka 44621120a2 scd: Add --challenge-response option to PK_AUTH for OpenPGP card. 
* scd/app-openpgp.c (rmd160_prefix, sha1_prefix, sha224_prefix)
(sha256_prefix, sha384_prefix, sha512_prefix): Move the scope up.
(gen_challenge): New.
(do_auth): Support challenge-response check if it signs correctly.
* scd/app.c (app_auth): Remove the check INDATA and INDATALEN.
* scd/command.c (cmd_pkauth): Support --challenge-response option.

--

GnuPG-bug-id: 5862
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-03-03 17:45:49 +09:00
NIIBE Yutaka 8e650dbd48 scd: Let READKEY support --format=ssh option. 
* scd/command.c (do_readkey): Support --format=ssh option.
* common/ssh-utils.c (ssh_public_key_in_base64): New.
* common/ssh-utils.h (ssh_public_key_in_base64): New declaration.

--

Code duplication (agent/command-ssh.c) will be cleaned up later.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-03-02 14:07:46 +09:00
Werner Koch 597253ca17
scd:p15: Used extended mode already for RSA 2048 
* scd/app-p15.c (do_sign, do_decipher): Replace GT by GE.
--
 2022-02-21 12:17:08 +01:00
NIIBE Yutaka f9c9938b28 scd,pcsc: Fix error handling for a reader with reader-port. 
* scd/apdu.c (apdu_open_reader): Make sure dl->idx is always
incremented to handle error from open_pcsc_reader correctly.

--

Reported-by: Anže Jenšterle
GnuPG-bug-id: 5758
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-01-04 14:56:29 +09:00
NIIBE Yutaka a575b0aba5 scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE. 
* scd/app-openpgp.c (do_auth): Use extended Lc, when supported.

--

GnuPG-bug-id: 5682
Co-authored-by: Klas Lindfors
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-11-15 11:40:41 +09:00
Jakub Jelen c0b1bcc5c6 scd: Avoid memory leak. 
* scd/command.c (cmd_readkey): Free allocated memory on failure path.

--

GnuPG-bug-id: 5393
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 2021-11-12 15:35:38 +09:00
Werner Koch c36f9917bb
scd: Add new OpenPGP card vendor. 
--
 2021-11-04 16:35:41 +01:00
NIIBE Yutaka 49f7fcb90b scd: Simplify the loop of DEVINFO. 
* scd/app.c (app_send_devinfo): Factor out lock/unlock.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-11-02 14:06:16 +09:00
NIIBE Yutaka 99e00ec6db scd: Fix the previous commit. 
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-10-29 11:47:17 +09:00
NIIBE Yutaka 48e824b6ea scd: Modify DEVINFO behavior to support looping forever. 
* scd/app.c (struct mrsw_lock): Add notify_cond member.
(notify_cond): Remove.
(card_list_r_lock, card_list_r_unlock): Rename.
(card_list_w_lock, card_list_w_unlock): Rename.
(card_list_signal, card_list_wait): New, fixing thinko about
notify/wakeup with MRSW lock.
(app_send_devinfo): Support looping.
(select_application): Notify app_send_devinfo thread for newly
detected device.
(initialize_module_command): Initialize notify_cond member.
(app_wait): Remove.
* scd/command.c (cmd_devinfo): Use new API of app_send_devinfo.
* scd/scdaemon.h (app_wait): Remove.

--

GnuPG-bug-id: 5359
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-10-29 10:58:26 +09:00
NIIBE Yutaka 3918fa1a94 agent,dirmngr,kbx,scd,tpm2d: Use gnupg_sleep. 
* agent/findkey.c (unprotect): Use gnupg_sleep.
* agent/gpg-agent.c (handle_connections): Likewise.
* dirmngr/crlfetch.c (handle_connections): Likewise.
* kbx/keyboxd.c (handle_connections): Likewise.
* tpm2d/tpm3daemon.c (handle_connections): Likewise.
* scd/scdaemon.c (handle_connections): Likewise.
* scd/command.c (cmd_lock): Likewise.
* dirmngr/ldap-wrapper.c (ldap_reaper_thread): Likewise.
(ldap_wrapper_wait_connections): Use gnupg_usleep.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-10-05 14:05:56 +09:00
Werner Koch 255d4d5815
sm: Add LotW support to the key listing 
* sm/certdump.c (parse_dn_part): Translate OID to "Callsign"
* sm/keylist.c (oidtranstbl): Some more OIDs.
--

This is Ham thingy to make it easier to read LotW certificates.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2021-09-09 13:30:22 +02:00
NIIBE Yutaka 1565baa93a scd: Don't release the context until list_finish for PC/SC. 
* scd/apdu.c (apdu_dev_list_start): Increment PCSC.COUNT here.
(apdu_dev_list_finish): Decrement PCSC.COUNT.

--

GnuPG-bug-id: 5416
Fixes-commit: 32baa9acfb
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-08-20 15:22:28 +09:00
NIIBE Yutaka 5c8124b8b9 scd: Small clean up for card access. 
* scd/app.c (app_get_challenge): Remove the check to ref_count.
* scd/command.c (send_client_notifications): Update comments.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-07-22 11:22:47 +09:00
NIIBE Yutaka 50ad29f9a7 scd: Fix direct use of card with no ctrl->card_ctx. 
* scd/app.c (maybe_switch_app): Remove check of ref_count.

--

Fixes-commit: 0d6b4210cf
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-07-22 09:43:30 +09:00
NIIBE Yutaka 0d6b4210cf scd: Fix access to list of cards (3/3). 
* scd/app-common.h (card_reset): Simplify more.
(select_additional_application): Supply CARD.
(card_ref, card_unref): Remove.
(card_get, card_put): New.
* scd/app.c (card_reset): No locking/unlocking inside.
(app_switch_current_card): Fix comment.
(select_additional_application): No locking/unlocking inside.
(do_with_keygrip): New, unlocked version.
(card_get): New, with support of KEYGRIP.
(card_unref): Remove.
(card_put): New.
(app_write_learn_status, app_readcert: No locking/unlocking inside.
(app_readkey, app_getattr, app_setattr, app_sign, app_auth): Likewise.
(app_decipher, app_writecert, app_writekey): Likewise.
(app_genkey, app_get_challenge, app_change_pin): Likewise.
(app_check_pin, app_switch_active_app): Likewise.
* scd/command.c (do_reset): Use card_get/card_put.
(open_card_with_request): Use card_get/card_put, return CARD locked.
(cmd_serialno): Follow the change of open_card_with_request.
(cmd_switchapp): Use card_get/card_put.
(cmd_learn, cmd_readcert, cmd_readkey, cmd_pksign): Likewise.
(cmd_pkauth, cmd_pkdecrypt, cmd_getattr): Likewise.
(cmd_setattr, cmd_writecert, cmd_writekey): Likewise.
(cmd_genkey, cmd_random, cmd_passwd): Likewise.
(cmd_checkpin, cmd_getinfo, cmd_restart): Likewise.
(cmd_disconnect, cmd_apdu, cmd_devinfo): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-07-21 17:22:26 +09:00
NIIBE Yutaka b436fb6766 scd: Fix access to list of cards (2/3). 
* scd/app-common.h (card_reset, select_application): Simplify.
* scd/app.c (card_reset, select_application): Simplify.
* scd/command.c (do_reset): Follow the change.
(open_card, open_card_with_request): Follow the change.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-07-21 15:59:03 +09:00
NIIBE Yutaka 216945a80e scd: Fix access to list of cards (1/3). 
* scd/app.c (card_list_lock): Use MRSW lock.
(lock_r_card_list, unlock_r_card_list): New.
(lock_w_card_list, unlock_w_card_list): New.
(app_dump_state, app_send_devinfo): Use the MRSW lock.
(select_application, app_switch_current_card): Likewise.
(scd_update_reader_status_file): Likewise.
(initialize_module_command, send_card_and_app_list): Likewise.
(app_do_with_keygrip, app_wait): Likewise.

--

GnuPG-bug-id: 5524
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-07-21 15:34:16 +09:00
Werner Koch 924c8221fb
scd: Silence compiler waring about unused args. 
--
 2021-07-08 14:11:10 +02:00
NIIBE Yutaka 044e5a3c38 scd: Detect external interference when PCSC_SHARED. 
* scd/app-common.h (check_aid): New method.
* scd/app-openpgp.c (do_check_aid): New.
* scd/app-piv.c (do_check_aid): New.
* scd/app.c (check_external_interference): New.
(maybe_switch_app): Check interference to determine switching is
needed.

--

GnuPG-bug-id: 5484
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-07-06 14:52:29 +09:00
NIIBE Yutaka 25ae80b8eb scd:ccid: Handle LIBUSB_TRANSFER_OVERFLOW interrupt transfer. 
* scd/ccid-driver.c (intr_cb): Ignore LIBUSB_TRANSFER_OVERFLOW.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-06-23 12:08:20 +09:00
Werner Koch e387cc97c8
scd:p15: Prepare AODF parsing for other authentication types. 
* scd/app-p15.c (auth_type_t): New.
(struct aodf_object_s): Add field auth_type.
(read_ef_aodf): Distinguish between pin and authkey types.  Include
the authtype in the verbose mode diags.
--

Note that the bulk of chnages are just indentation chnages.  There
should be no functional change.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2021-06-22 11:11:46 +02:00
Werner Koch 029924a46e
scd:p15: Add pre-check for ascii-numeric PINs. 
* scd/app-p15.c (verify_pin): acii-numerix is different than BCD.
 2021-06-18 18:02:08 +02:00
Werner Koch 544ec7872a
scd:p15: Add basic support for AET JCOP cards. 
* scd/app-p15.c (CARD_TYPE_AET): New.
(cardtype2str): Add string.
(card_atr_list): Add corresponding ATR.
(app_local_s): New flag no_extended_mode.  Turn two other flags into
bit flags.
(select_ef_by_path): Hack to handle the 3FFF thing.
(readcert_by_cdf): Do not use etxended mode for AET.
(app_select_p15): Set no_extended_mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2021-06-18 17:42:38 +02:00
Werner Koch 7a8545c91b
scd:p15: Handle cards with bad encoded path objects. 
* scd/app-p15.c (read_ef_prkdf, read_ef_pukdf)
(read_ef_cdf, read_ef_aodf): Allow for a zero length path and
correctly skip unsupported auth types.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
 2021-06-18 17:42:38 +02:00
Werner Koch 44f977d0e3
scd: Improve reading of binary records. 
* scd/iso7816.c (iso7816_read_binary_ext): Handle the 0x6a86 SW the
same as 6b00.
* scd/apdu.c (apdu_get_atr): Modify debug messages.
* scd/app-p15.c (app_select_p15): Print FCI on error.
(read_p15_info): Clean up diag in presence of debug options.
--

Some cards return 6a86 instead of 6b00.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2021-06-18 17:42:38 +02:00
NIIBE Yutaka 7718244168 scd: Fix RESET handling. 
* scd/app.c (scd_update_reader_status_file): Clear ->reset_requested.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-06-17 16:07:09 +09:00
NIIBE Yutaka 4e02db75e3 scd: Support clearing of Reset Code by ''. 
* scd/app-openpgp.c (do_change_pin): Allow null-string.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-06-11 13:42:01 +09:00
Werner Koch cd53c6d0f3
scd: Add new card vendor. 
--
 2021-06-10 21:55:36 +02:00
NIIBE Yutaka c3a9ee0b65 scd: Fix serial number detection for Yubikey 5. 
* scd/app.c (app_new_register): Handle serial number correctly.

--

GnuPG-bug-id: 5442
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-06-08 10:37:48 +09:00
NIIBE Yutaka ee5b6af370 scd: Fix READER-PORT option handling for PC/SC. 
* scd/apdu.c (apdu_open_reader): READERNO should be -1 when
READER-PORT is specified for PC/SC.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-06-07 11:38:25 +09:00
NIIBE Yutaka 5b1806454c scd: Fix zero-byte handling in ECC. 
* scd/app-openpgp.c (ecc_writekey): Don't remove zero-byte.

--

Fixes-commit: a25c99b156
GnuPG-bug-id: 5163
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-05-28 11:34:56 +09:00
Jakub Jelen 27e7bde12e
scd: avoid memory leaks 
* scd/app-p15.c (send_certinfo): free labelbuf
  (do_sign): goto leave instead of return
* scd/app-piv.c (do_sign): goto leave instead of return, fix typo in
  variable name, avoid using uninitialized variables
* scd/command.c (cmd_genkey): goto leave instead of return

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
GnuPG-bug-id: 5393
 2021-05-20 14:48:18 +02:00
Ingo Klöcker 65bc5ea95e scd:p15: Fix logic for appending product name to MANUFACTURER. 
* scd/app-p15.c (do_getattr): Append product name to MANUFACTURER if
manufacturer_id does not already contain a bracket and if we have a
product name.
 2021-05-18 09:45:06 +02:00
NIIBE Yutaka 58b330e935 scd: Remove wrong assertion and add protection to PCSC.COUNT. 
* scd/apdu.c (apdu_dev_list_finish): Fix for calling
release_pcsc_context.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-05-14 13:06:10 +09:00
Werner Koch 965bb0693c
A few minor code cleanups and typo fixes. 
* agent/command-ssh.c (ssh_handler_request_identities): Remove double
check of ERR.
* g10/getkey.c (get_pubkey_byname): Remove double use of break.
* g10/pkglue.c (pk_encrypt): Handle possible NULL-ptr access due to
failed malloc.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2021-05-11 09:06:34 +02:00