* scd/app-sc-hsm.c: Re-indendet some parts and set some vars to NULL
after xfree for improbed robustness.
(read_ef_prkd): Replace serial operator by blocks for better
readability.
(apply_PKCS_padding): Rewrite for easier auditing.
(strip_PKCS15_padding): Ditto. Add stricter check on SRCLEN.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-sc-hsm.c (select_and_read_binary): Use SW_ macro.
(parse_certid): Remove useless test.
(send_certinfo, send_keypairinfo): Shrink malloc to the needed size.
(do_getattr): Ditto.
(verify_pin): Use SW_ macro.
(do_decipher): Replace OFS variable and extend comment.
--
Code parts which have not been audited are marked with a warning
pragma.
* scd/app-sc-hsm.c: New.
* scd/app.c (select_application, get_supported_applications): Register
new app.
--
Add a read/only driver for scdaemon that provides access to keys and
certificates on a SmartCard-HSM (www.smartcard-hsm.com).
The driver supports RSA and ECC keys on SmartCard-HSM cards and
USB-Sticks.
The driver does not yet support the MicroSD edition.
--
ChangeLog and FSF copyright year fix by wk.
* scd/ccid-driver.h (VENDOR_REINER, CYBERJACK_GO): New.
* scd/ccid-driver.c (ccid_transceive_secure): Handle the case for
VENDOR_REINER. Original work was by Alina Friedrichsen (tiny change).
--
This is revised version which adapts changes of ccid-driver and was
later ported from branch-2.0 to master (2.1)
* configure.ac (HAVE_NPTH): New ac_define.
* common/estream.c: Use USE_NPTH instead of HAVE_NPTH.
* common/http.c: Ditto. Replace remaining calls to pth by npth calls.
(connect_server): Remove useless _().
* common/exechelp-posix.c, common/exechelp-w32.c
* common/exechelp-w32ce.c: Use HAVE_PTH to include npth.h.
* common/init.c (_init_common_subsystems): Remove call to pth_init.
* common/sysutils.c (gnupg_sleep): Use npth_sleep.
* scd/ccid-driver.c (my_sleep): Ditto.
--
USE_NPTH is used in case were we may build with and without nPth. The
missing definition HAVE_NPTH didn't allowed us to build outher sources
with nPTh support.
* scd/app-openpgp.c (KEY_TYPE_EDDSA, CURVE_ED25519): New.
(struct app_local_s): Add eddsa.
(get_algo_byte, store_fpr): Support KEY_TYPE_EDDSA.
(get_ecc_key_parameters, get_curve_name): Support CURVE_ED25519.
(send_key_attr, get_public_key): Support KEY_TYPE_EDDSA.
(build_ecc_privkey_template): Rename as it supports both of
ECDSA and EdDSA.
(ecc_writekey): Rename. Support CURVE_ED25519, too.
(do_writekey): Follow the change of ecc_writekey.
(do_auth): Support KEY_TYPE_EDDSA.
(parse_ecc_curve): Support CURVE_ED25519. Bug fix for other curves.
(parse_algorithm_attribute): Bug fix for ECDH. Support EdDSA.
* scd/apdu.c (new_reader_slot): Acquire lock.
(open_ct_reader, open_pcsc_reader_direct, open_pcsc_reader_wrapped)
(open_ccid_reader, open_rapdu_reader): Release lock.
(lock_slot, trylock_slot, unlock_slot): Move more to the top.
--
Fixes a test case of:
No libpcsclite1 installed.
Run gpg-agent
Run command "gpg-connect-agent learn /bye" with no card/token
Sometimes it fails: ERR 100663356 Not supported <SCD>
While it should be always: ERR 100663404 Card error <SCD>
(cherry picked from commit 4f557cb9c2)
Resolved conflicts:
scd/apdu.c: pth/npth changes. Move lock helpers to the top.
Take care of removed pcsc_no_service.
* scd/pcsc-wrapper.c [__APPLE__]: Fix syntax error.
--
For W32 and probably for Cygwin we don't need the wrapper, thus the
problems does not exhibit itself.
(cherry picked from commit 8ddf604659)
* scd/scdaemon.c (opts): Ignore --disable-keypad.
--
The renaming of --disable-keypad to --disable-pinpad might mess up
configuration files managed with a GUI. The GUI does not not anymore
know about the old option and would allow the user to switch
"disable-pinpad" on. However, a "disable-keypad" might still linger
in the conf file with gpgconf not knowing about it. Thus the conf
file would always be rejected and manual intervention would be
required. Ignoring the old option nicely solves the problem.
(cherry picked from commit e24e92d7e2)
Replace hardwired strings at many places with new macros from config.h
and use the new strusage macro replacement feature.
* common/asshelp.c (lock_spawning) [W32]: Change the names of the spawn
sentinels.
* agent/command.c (cmd_import_key): Use asprintf to create the prompt.
* scd/apdu.c (check_pcsc_pinpad): Set ->minlen and ->maxlen only when
those are specified.
(pcsc_pinpad_modify): Remove old check code.
--
GnuPG-bug-id: 1549
* scd/apdu.c (open_pcsc_reader_direct): Don't call
pcsc_vendor_specific_init here, but...
(connect_pcsc_card): Call it here.
--
Thanks to Martin Wolters for the bug report.
* scd/ccid-driver.c: Move vendor and product ids to ...
* scd/ccid-driver.h: here.
* scd/apdu.c (CCID_DRIVER_INCLUDE_USB_IDS): Define to include ids.
(pcsc_vendor_specific_init): Use vendor and product id macros.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (do_writekey): Added RSA_CRT and RSA_CRT_N support.
--
Updates of original patch by wk:
- unsigned char *rsa_u, *rsa_dp, rsa_dq;
+ unsigned char *rsa_u, *rsa_dp, *rsa_dq;
and AUTHORS. Missing signed-off-by assumed due to DCO send the other
day.
* scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New.
* scd/app-openpgp.c (do_decipher): Add arg R_INFO.
* scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy.
* scd/app.c (app_decipher): Add arg R_INFO.
* scd/command.c (cmd_pkdecrypt): Print status line "PADDING".
* agent/call-scd.c (padding_info_cb): New.
(agent_card_pkdecrypt): Add arg R_PADDING.
* agent/divert-scd.c (divert_pkdecrypt): Ditto.
* agent/pkdecrypt.c (agent_pkdecrypt): Ditto.
* agent/command.c (cmd_pkdecrypt): Print status line "PADDING".
* g10/call-agent.c (padding_info_cb): New.
(agent_pkdecrypt): Add arg R_PADDING.
* g10/pubkey-enc.c (get_it): Use padding info.
--
Decryption using a card never worked in gpg 2.1 because the
information whether the pkcs#1 padding needs to be removed was not
available. Gpg < 2.1 too this info from the secret sub key but that
has gone in 2.1.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (cmd_preset_passphrase, pinentry_loopback): Use %zu
in format string.
* scd/ccid-driver.c (ccid_get_atr): Ditto.
* agent/command-ssh.c (stream_read_string): Init arg STRING_SIZE to
avoid maybe_unitialized warning.
--
Actually the first one might have been a problem on big endian
machines.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/apdu.c (CM_IOCTL_GET_FEATURE_REQUEST): Use SCARD_CTL_CODE.
(SCARD_CTL_CODE): Define if not defined.
(reader_table_s): Add is_spr532.
(new_reader_slot): Clear it.
(check_pcsc_pinpad): Set it.
(pcsc_pinpad_verify, pcsc_pinpad_modify): Add fix for SPR532.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/command.c (update_reader_status_file): Add condition
vr->status == 0.
--
To reproduce the bug: (1) insert card,
(2) run "gpg2 --card-status",
(3) remove card, (4) invoke "gpg2 --card-edit",
(5) invoke some command like "verify"
The last step fails (but with no error message to user).
* scd/apdu.c (pcsc_dword_t): New. It was named as DWORD (double-word)
when a word was 16-bit.
(struct reader_table_s): Fixes for types.
(struct pcsc_readerstate_s) [__APPLE__]: Enable #pragma pack(1).
Throughout: Fixes for types.
* scd/pcsc-wrapper.c: Likewise.
--
Problem reported for 1.4.x by the issue 1358.
* scd/apdu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Default value
of maxlen for pinpad input is now 15 (was: 25).
* scd/ccid-driver.c (ccid_transceive_secure): Likewise.
--
For newer PC/SC, it is better to use FEATURE_GET_TLV_PROPERTIES to get
bMaxPINSize.
* scd/ccid-driver.c (ccid_transceive_apdu_level): Support larger
APDU.
--
This is still ad hoc change, but it's OK. Supporting full extended
APDU exchange level is not worth yet.
* scd/app-openpgp.c (do_sign): Only prepend message digest block
for RSA or do_auth.
(do_auth): Remove message digest block for ECDSA.
--
If we don't need to check the message digest block by SCDaemon, we
don't requite the message digest block for ECDSA by gpg-agent.
* scd/app-openpgp.c (key_type_t): New.
(CURVE_NIST_P256, CURVE_NIST_P384, CURVE_NIST_P521): New.
(struct app_local_s): Change keyattr to have key_type and union.
(get_ecc_key_parameters, get_curve_name): New.
(send_key_attr, get_public_key): Support ECDSA.
(build_privkey_template, do_writekey, do_genkey): Follow the change
of the member KEY_ATTR.
(parse_historical): New.
(parse_algorithm_attribute): Support ECDSA.
--
Add ECDSA support to OpenPGP card.