1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

784 Commits

Author SHA1 Message Date
Werner Koch
21d9bd8b87
build: Always use EXTERN_UNLESS_MAIN_MODULE pattern.
* common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only
here but now without the Norcroft-C.  Change all other places where it
gets defined.
* common/iobuf.h (iobuf_debug_mode): Declare unconditionally as
extern.
* common/iobuf.c (iobuf_debug_mode): Define it here.
* agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in
all main modules of all other programs.

* g10/main.h: Put util.h before the local header files.
--

This change is required for use with gcc/ld's LTO feature which does
not allow common blocks.  Further gcc 10 will make -fno-common the
default and thus this chnage is always needed.  What a pitty.

Co-authored-by: Tomáš Mráz
GnuPG-bug-id: 4831
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-10 16:37:34 +01:00
NIIBE Yutaka
9b41f58c8a scd,ccid: Add support of GEMPC_EZIO.
* scd/ccid-driver.h (GEMPC_EZIO): New.
* scd/ccid-driver.c (ccid_transceive_secure): Support GEMPC_EZIO.

--

This is backport from master.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-11-15 15:49:46 +09:00
Werner Koch
0a9053eff0
scd:nks: Extend keypairinfo with usage flags.
* scd/app-nks.c (do_learn_status_core): Return usage.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-21 13:59:20 +02:00
Werner Koch
6f67abcc03
scd:openpgp: Extend keypairinfo with usage flags.
* scd/app-openpgp.c (send_keypair_info): Return usage.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-21 13:59:18 +02:00
Werner Koch
23784f8bf0
scd: New standard attributes $ENCRKEYID and $SIGNKEYID.
* g10/call-agent.c (agent_scd_keypairinfo): Use --keypairinfo.
* sm/call-agent.c (gpgsm_agent_scd_keypairinfo): Ditto.
* scd/app-openpgp.c (do_getattr): Add attributes "$ENCRKEYID" and
"$SIGNKEYID".
* scd/app-nks.c (do_getattr): Add attributes too.
--

We already have $AUTHKEYID to locate the keyref of the key to be used
with ssh.  It will also be useful to have default keyref for
encryption and signing.  For example, this will allow us to replace
the use of "OPENPGP.2" by a app type specific keyref.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 2b1135cf920cf3d863813d60f032d476dcccfb58)

Removed changes for the non-existing app-piv.c.
Added support for NKS.
2019-08-21 11:00:18 +02:00
Werner Koch
d410b5f930
gpg: Repurpose the ISO defined DO "sex" to "salutation".
* g10/card-util.c (current_card_status): String changes.
(change_sex): Description change.
(cmds): Add "salutation"; keep "sex" as an alias.
--

Note that we can't change the used values or tags but at least the UI
should show reflect the real purpose of the field.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 166f3f9ec40888e10cb0c51017944bfc57503fc1)
2019-08-21 10:00:55 +02:00
NIIBE Yutaka
879660bf45 scd: Handle CCID bwi of time extension.
* scd/ccid-driver.c (bulk_in): Increase timeout by the multiplier
value as defined section 6.2.6 in CCID specification.

--

Backport master commit of:
	996c497a864d820af06333014b2c5f74d1054866

For TPDU level transfer, it was handled.  This is fix for APDU level
transfer.

GnuPG-bug-id: 4646
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-08-12 10:39:35 +09:00
NIIBE Yutaka
f8961a576d scd: Fix bBWI value.
* scd/ccid-driver.c (ccid_transceive_apdu_level): Use bBWI=0 for APDU
level transfer.
(ccid_transceive): Use bBWI=0 or the value returend by WTX for TPDU
level transfer.

--

Backported master commit of:
	858dc9564326e65e6d8771af160d4513aea1e4eb

GnuPG-bug-id: 4654
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-08-12 10:29:20 +09:00
Daniel Kahn Gillmor
520f5d70e4 spelling: Fix "synchronize"
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-06-23 20:17:47 -04:00
Werner Koch
cb20659674
scd: Add dummy option --application-priority.
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-02 13:32:25 +02:00
NIIBE Yutaka
38c2a9a644
g10: Fix symmetric cipher algo constant for ECDH.
* g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for
ECC strength 384, according to RFC-6637.

--

Reported-by: Trevor Bentley
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit af3efd149f555d36a455cb2ea311ff81caf5124c)
2019-03-27 12:29:45 +01:00
Werner Koch
e7eafe1019
scd: Fix flushing of CA-FPR data objects
* scd/app-openpgp.c (do_setattr): Add new table item to flush a
different tag.

--

For whatever reasons the OpenPGP card reads the 3 CA fingerprints from
one object but sets them individually using 3 different tags.  The
cache flushing was not prepared for this and so a changed CA
fingerprint showed only up after a card reset.  This patch fixes it.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit c9f4c1f0de06672c6ae2b793d86cc001d131f9a6)

Fixed conflict by removing the UIF-* entries from the table.
2019-03-07 10:39:46 +01:00
Werner Koch
0eb8095626
scd: Don't let the "undefined" app cause a conflict error.
* scd/app.c (check_conflict): Ignore "undefined".

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 5ecc7a02609dde65096ddb12e0ff8f6bce3b774a)
2019-02-25 08:50:31 +01:00
NIIBE Yutaka
90e5f49b6a scd: Distinguish cancel by user and protocol error.
* scd/apdu.h (SW_HOST_CANCELLED): New.
* scd/apdu.c (host_sw_string): Support SW_HOST_CANCELLED.
(pcsc_error_to_sw): Return SW_HOST_CANCELLED for PCSC_E_CANCELLED.
* scd/iso7816.c (map_sw): Return GPG_ERR_INV_RESPONSE for
SW_HOST_ABORTED and GPG_ERR_CANCELED for SW_HOST_CANCELLED.

--
Cherry-picked master commit of:
	2396055c096884d521c26b76f26263a146207c24

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-02-19 15:51:14 +09:00
Werner Koch
14816c7980
scd: Make app_genkey and supporting ISO function more flexible.
* scd/app.c (app_genkey): Add arg keytype.
* scd/app-common.h (struct app_ctx_s): Fitto for the genkey member.
* scd/command.c (cmd_genkey): Adjust for change.
* scd/iso7816.c (do_generate_keypair): Replace arg read_only by new
args p1 and p2.
(iso7816_read_public_key): Adjust for this.
(iso7816_generate_keypair): Add new args p1 and p2.
* scd/app-openpgp.c (do_genkey): Adjust for changes.
--

The OpenPGP card creates keys according to parameters read from a data
object.  Other cards we are about to implement require a direct
specification of the requested keytype.  This patch implements the
required changes.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 9a9cb0257aebb1480b999fdf9d90904083eb8e3c)
2019-02-11 10:59:32 +01:00
Werner Koch
c075274aac
scd: Fix parameter name of app_change_key.
* scd/app-common.h (APP_GENKEY_FLAG_FORCE): New.
* scd/app.c (app_change_pin): Rename arg reset_mode to flags and
change from int to unsigned int.
--

This is basically a documentation fix.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit c26af8ac263ea006ed32e110a09271e4bfbf1f37)
2019-02-11 10:59:25 +01:00
Werner Koch
6651a0640d
scd: Allow standard keyref scheme for app-openpgp.
* scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with
"OPENPGP."
--

The generic keyref allows for better error detection in case a keyref
is send to a wrong card.  This has been taken from master commit
3231ecdafd71ac47b734469b07170756979ede72 which has additional changed
for gpg-card-tool, which is only available there.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-02-11 10:59:22 +01:00
Werner Koch
d4082ff430
scd: Add option --clear to PASSWD.
* scd/command.c (cmd_passwd): Add option --clear.
(send_status_printf): New.
* scd/app-common.h (APP_CHANGE_FLAG_CLEAR): New.
* scd/app-nks.c (do_change_pin): Return an error if that option is
used.
* scd/app-openpgp.c (do_change_pin): Ditto.
--

Card application may support this option to clear the PIN verification
status of a specific PIN.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 29929e65521279eabc98a67c766fe485057405a9)
2019-01-22 10:14:55 +01:00
Werner Koch
9309175de8
scd: One new and one improved 7816 function.
* scd/apdu.c (apdu_send_direct): New arg R_SW.
* scd/command.c (cmd_apdu): Ditto.
* scd/iso7816.c (iso7816_apdu_direct): New arg R_SW.
(iso7816_general_authenticate): New.
* scd/app-nks.c (get_chv_status, get_nks_version): Pass NULL for new
arg.
--

iso7816_general_authenticate will be used for the PIV card support.
The new arg to iso7816_apdu_direct and apdu_send_direct allows to get
the raw status word back without the need to handle an output buffer.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 70bb5c7931598590b1acfae90bf4657f5911d2d3)
2019-01-22 10:13:28 +01:00
NIIBE Yutaka
9dc76d599c scd: Fix for USB INTERRUPT transfer.
* scd/ccid-driver.c (intr_cb): When LIBUSB_TRANSFER_NO_DEVICE,
just handle this event as failure.

--

Cherry-picked from master commit:

	5ab3bc422a5cc1a646c168b547f2b6538b3a4ffa

It used to try another interrupt transfer request to make sure
if it fails again.

GnuPG-bug-id: 4308
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-01-17 08:13:17 +09:00
NIIBE Yutaka
ffe31f405f scd: Support "acknowledge button" feature.
* scd/apdu.c (set_prompt_cb): New member function.
(set_prompt_cb_ccid_reader): New function.
(open_ccid_reader): Initialize with set_prompt_cb_ccid_reader.
(apdu_set_prompt_cb): New.
* scd/app.c (lock_app, unlock_app): Add call to apdu_set_prompt_cb.
* ccid-driver.c (ccid_set_prompt_cb): New.
(bulk_in): Call ->prompt_cb when timer extension.
* scd/command.c (popup_prompt): New.

--

Cherry-picked master commit of:
	7a5a4c4cac8709f7c413e94cd0b40f4123baa1e5

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-12-18 10:18:23 +09:00
NIIBE Yutaka
d4bc805152 scd: Make "learn" report about KDF data object.
* scd/app-openpgp.c (do_learn_status): Report KDF attr.
* g10/card-util.c (current_card_status): Output KDF for with_colons.

--

Backport of master commit: 05d163aebc04db109ec5e004eb04a4b3796f6421
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-12-06 17:11:55 +09:00
NIIBE Yutaka
7e2b0488d1 scd: Fix signing authentication status.
* scd/app-openpgp.c (do_sign): Clear DID_CHV1 after signing.

--

Cherry-picked from master commit of:
	78f542e1f4495195db2e668f9cd41657fb1afc77

We have a corner case: In "not forced" situation and authenticated,
and it is changed to "forced", card implementaiton can actually accept
signing, but GnuPG requires authentication, because it is "forced".

GnuPG-bug-id: 4177
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-10-15 11:20:47 +09:00
Jiří Keresteš
d43248af92
scd: Add support for Trustica Cryptoucan.
(cherry picked from commit 967d3649d24aba623133808e8d01675dff389fbb)
2018-07-29 18:39:18 +02:00
NIIBE Yutaka
cb1731c23c scd: Writing KDF resets auth state.
* scd/app-openpgp.c (do_setattr): Clear auth state.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-04-03 20:30:29 +09:00
NIIBE Yutaka
0c097575a9 g10,scd: Support single salt for KDF data object.
* g10/card-util.c (gen_kdf_data): Support single salt.
(kdf_setup): Can have argument for single salt.
* scd/app-openpgp.c (pin2hash_if_kdf): Support single salt.

--

Gnuk has "admin-less" mode.  To support "admin-less" mode with KDF
feature, salt should be same for user and admin.  Thus, I introduce a
valid use of single salt.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-30 12:48:04 +09:00
NIIBE Yutaka
2969271876 scd: Support changing key attribute back to RSA.
* scd/app-openpgp.c (change_rsa_keyattr): Try usual RSA.

--

In the OpenPGP card specification, there are multiple options to
support RSA (having P and Q or not, etc.), and it is implementation
dependent.  Since GnuPG doesn't have knowledge which card
implementation support which option and there is no way (yet) for card
to express itself which key attributes are supported, we haven't
supported key attribute change back to RSA.  But, many card
implementation uses P and Q, try this option.  If other cases,
factory-reset would be easier option.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-30 09:59:09 +09:00
NIIBE Yutaka
96918346be agent,scd: Use pointer to represent HANDLE.
* agent/call-scd.c [HAVE_W32_SYSTEM] (start_scd): Format with %p.
* scd/command.c [HAVE_W32_SYSTEM] (option_handler): Use void *.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-27 16:24:17 +09:00
NIIBE Yutaka
0152ba7c98 scd: Support KDF DO setup.
* g10/call-agent.c (learn_status_cb): Parse the capability for KDF.
* g10/card-util.c (gen_kdf_data, kdf_setup): New.
(card_edit): New admin command cmdKDFSETUP to call kdf_setup.
* scd/app-openpgp.c (do_getattr): Emit KDF capability.

--

GnuPG-bug-id: 3823
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-22 15:50:31 +09:00
NIIBE Yutaka
11bbd99477 scd: signal mask should be set just after npth_init.
* scd/scdaemon.c (setup_signal_mask): New.
(main): Call setup_signal_mask.
(handle_connections): Remove signal mask setup.

--

For new thread, signal mask is inherited by thread creation.
Thus, it is best to setup signal mask just after npth_init.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-19 16:36:30 +09:00
NIIBE Yutaka
fd23a0524d scd: Fix suspend/resume handling for CCID driver.
* scd/ccid-driver.c (intr_cb): Try submitting INTERRUPT urb
to see if it's suspend/resume.

--

Upon suspend/resume, LIBUSB_TRANSFER_NO_DEVICE is returned, since all
URBs are cancelled.  We need to see if it's real NODEV error or its by
suspend/resume.  We can distinguish by sending URB again.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-15 23:59:22 +09:00
NIIBE Yutaka
c84bae69e9 scd: After fatal error, shutdown a reader.
* scd/apdu.c (pcsc_send_apdu): Notify main loop after
fatal errors.

--

GnuPG-bug-id: 3825
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-13 12:53:49 +09:00
NIIBE Yutaka
71e5282c25 scd: Fix for GNU/Linux suspend/resume.
* configure.ac (require_pipe_to_unblock_pselect): Default is "yes".
* scd/scdaemon.c (scd_kick_the_loop): Minor clean up.

--

Normally SIGCONT or SIGUSR2 works for unblocking pselect.  But on my
machine with GNU/Linux, when a machine is suspend/resume-ed, pselect
keeps blocked, while signal itself is delivered.

It's better to use pipe.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-13 12:05:57 +09:00
NIIBE Yutaka
655f0b9ad0 scd: Fix typo in previous commit.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-12 10:17:05 +09:00
NIIBE Yutaka
1e27c0e04c scd: More fix with PC/SC for Windows.
* scd/apdu.c (pcsc_get_status): Return status based on CURRENT_STATUS.
Add debug log.

--

GnuPG-bug-id: 3825
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-09 08:56:50 +09:00
NIIBE Yutaka
f8b8b6aac2 scd: Fix status check when using PC/SC.
* scd/apdu.c (struct reader_table_s): Add field of current_state.
(new_reader_slot): Initialize current_state.
(pcsc_get_status): Keep the status in READER_TABLE array.
Return SW_HOST_NO_READER when PCSC_STATE_CHANGED.
* scd/scdaemon.c (handle_connections): Silence a warning.

--

To detect some change of card status, including suspend/resume
possibly, SCardGetStatusChange should be used keeping the
dwCurrentState field.

This change could improve situation for suspend/resume with Yubikey on
Windows.  Even not, this is doing the Right Thing.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-08 16:51:51 +09:00
Werner Koch
f19ff78f0f
common: Use new function to print status strings.
* common/asshelp2.c (vprint_assuan_status_strings): New.
(print_assuan_status_strings): New.
* agent/command.c (agent_write_status): Replace by call to new
function.
* dirmngr/server.c (dirmngr_status): Ditto.
* g13/server.c (g13_status): Ditto.
* g13/sh-cmd.c (g13_status): Ditto.
* sm/server.c (gpgsm_status2): Ditto.
* scd/command.c (send_status_info): Bump up N.
--

This fixes a potential overflow if LFs are passed to the status
string functions.  This is actually not the case and would be wrong
because neither the truncating in libassuan or our escaping is not the
Right Thing.  In any case the functions need to be more robust and
comply to the promised interface.  Thus the code has been factored out
to a helper function and N has been bumped up correctly and checked in
all cases.

For some uses this changes the behaviour in the error case (i.e. CR or
LF passed): It will now always be C-escaped and not passed to
libassuan which would truncate the line at the first LF.

Reported-by: private_pers
2018-02-14 12:21:44 +01:00
Arnaud Fontaine
25f3b69129 scd: Improve KDF-DO support
* scd/app-openpgp.c (pin2hash_if_kdf): Check the content of KDF DO.

--

Length check added by gniibe.

Signed-off-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
2018-02-13 09:28:13 +09:00
NIIBE Yutaka
0a3bec2c25 scd: Fix handling for Data Object with no data.
* scd/app-openpgp.c (get_cached_data): Return NULL for Data Object
with no data.

--

When GET_DATA returns no data with success (90 00), this routine
firstly returned buffer with length zero, and secondly (with cache)
returned NULL, which is inconsistent.  Now, it returns NULL for both
cases.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-02-12 18:56:58 +09:00
NIIBE Yutaka
015fe1c47b scd: Use pipe to kick the loop on NetBSD.
* configure.ac (HAVE_PSELECT_NO_EINTR): New.
* scd/scdaemon.c (scd_kick_the_loop): Write to pipe.
(handle_connections): Use pipe.

--

On NetBSD, signal to the same process cannot unblock pselect,
with unknown reason.  Use pipe instead, for such systems.

GnuPG-bug-id: 3778
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-02-07 12:43:07 +09:00
NIIBE Yutaka
91303b7df9 scd: Support KDF Data Object of OpenPGPcard V3.3.
* scd/app-openpgp.c (do_getattr, do_setattr): Add KDF support.
(pin2hash_if_kdf): New.
(verify_a_chv): Add PINLEN arg.  Use pin2hash_if_kdf.
(verify_chv2, do_sign): Follow the change of verify_a_chv.
(verify_chv3, do_change_pin): Use pin2hash_if_kdf.

--

GnuPG-bug-id: 3152
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-01-22 19:46:14 +09:00
NIIBE Yutaka
4f88b0f561 scd: Fix for inactive card at start by internal CCID driver.
* scd/ccid-driver.c (do_close_reader): Set NULL on close.
(bulk_in): Move DEBUGOUT and check by EP_INTR.
(ccid_get_atr): Clear powered_off flag after initial status check.

--

Many card readers automatically turn on inserted card, but some
defaults to turning off at start.

GnuPG-bug-id: 3508
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-12-27 17:20:03 +09:00
Werner Koch
c81a447190
Change backlog from 5 to 64 and provide option --listen-backlog.
* agent/gpg-agent.c (oListenBacklog): New const.
(opts): New option --listen-backlog.
(listen_backlog): New var.
(main): Parse new options.
(create_server_socket): Use var instead of 5.
* dirmngr/dirmngr.c: Likewise.
* scd/scdaemon.c: Likewise.
--

GnuPG-bug-id: 3473
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-12 14:14:40 +01:00
NIIBE Yutaka
0bb7fd0cab scd: Enable card removal check after select_application.
* scd/apdu.c (open_ccid_reader): Fix error handling of ccid_get_atr.
* scd/app.c (select_application): Always kick the loop if new APP.
* scd/ccid-driver.c (ccid_open_usb_reader): Don't setup at open.
(ccid_slot_status): Setup interrupt transfer when !ON_WIRE.

--

We can use the interrupt transfer to be notified about card status
change.  In this case, we don't need to issue PC_to_RDR_GetSlotStatus
command.  This change improve the setup the notification; it should be
done after registration of APP.

When the setup is done just after opening the USB connection (before
issuing PC_to_RDR_IccPowerOn), a reader might notifies about no card
availability (because of not yet powered on), even though the card is
ready to be powered on.

GnuPG-bug-id: 3508
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-11-21 12:19:15 +09:00
NIIBE Yutaka
827abe01a7
scd: Fix for large ECC keys.
* scd/app-openpgp.c (do_decipher): Support larger length.

--

Reported-by: Achim Pietig <achim@pietig.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-09-11 11:39:14 +02:00
Werner Koch
45d5f5800a
scd: Convey the correct length for Le
* scd/app-openpgp.c (determine_rsa_response): Round bits up.
--

Co-authored-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>

Arnaud wrote:

  Actually, when the incorrect expected response length (i.e. Le
  field) is transmitted to the card, the card's answer is missing a
  byte (i.e. ...  6101) so an additional command has to be sent to the
  card to retrieve the last byte. Using the correct length avoids to
  send the additional command to retrieve the missing byte, when the
  computed length is wrong.

Note that an value of 65537 for E is pretty standard and thus we can
avoid the 6101 return code inmost cases.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-27 16:42:52 +02:00
Werner Koch
0ef50340ef
w32: Also change the directory on daemon startup.
* agent/gpg-agent.c (main): Always to the chdir.
* dirmngr/dirmngr.c (main): Ditto.
* scd/scdaemon.c (main): Ditto.
--

Note that only dirmngr did not call the chdir with --no-detach.  thus
we kept it this way.

Tested gpg-agent by checking the properties shown by procexp.

Gnupg-bug-id: 2670
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-25 13:04:18 +02:00
Werner Koch
226f143ca0
common: New functions gnupg_daemon_rootdir and gnupg_chdir.
* common/sysutils.c (gnupg_chdir): New.
* common/homedir.c (gnupg_daemon_rootdir): New.
* agent/gpg-agent.c (main): Use these functions instead chdir("/").
* dirmngr/dirmngr.c (main): Ditto.
* scd/scdaemon.c (main): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-25 12:43:37 +02:00
Werner Koch
f2d2648a4d
Revert "w32: Change directory on daemon startup."
--
This reverts commit 78ebc62604d77600b9865950610717d28c6027a2.
Gnupg-bug-id: 2670
2017-07-25 12:19:08 +02:00
Marcus Brinkmann
78ebc62604 w32: Change directory on daemon startup.
* agent/gpg-agent.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.
* dirmngr/dirmngr.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.
* scd/scdaemon.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2670
2017-07-24 16:31:55 +02:00
NIIBE Yutaka
45e40487fb scd: Use unsigned int for fields.
* scd/app-openpgp.c (data_objects): Use unsigned ints.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-24 16:10:22 +09:00
NIIBE Yutaka
d8a55da715 scd: Fix SEGV in CCID driver.
* scd/ccid-driver.c (intr_cb): Only kick the loop for removal.
(bulk_in): Don't set POWERED_OFF when interrupt transfer is enabled.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-21 13:26:53 +09:00
NIIBE Yutaka
892e86b0dc scd: Add debug message for v3 card.
* scd/app-openpgp.c (show_caps): Output more messages.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-21 11:21:19 +09:00
NIIBE Yutaka
69614d5501 scd: Support longer data length for special DOs for v3 card.
* scd/app-openpgp.c (data_objects): Special DOs like "Login Data",
"URL", "Private DO N" can be longer size >= 256.
(struct app_local_s): Define bits for v3 card.
(get_cached_data): Use extcap.max_special_do for special DOs.
(app_select_openpgp): Detect if extcap_v3, kdf_do, and other bits.

--

GnuPG-bug-id: 3262
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-20 17:27:21 +09:00
NIIBE Yutaka
8defb21d34 scd: Fix error code on failure at usb_init.
* scd/ccid-driver.c (ccid_dev_scan): Return GPG_ERR_ENODEV.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-05-31 10:05:36 +09:00
NIIBE Yutaka
5c33649782 scd: Handle a failure of libusb_init.
* scd/ccid-driver.c (ccid_get_reader_list, ccid_dev_scan): Handle
failure.

--

Reported-by: Yuriy M. Kaminskiy <yumkam@gmail.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-05-31 09:49:54 +09:00
NIIBE Yutaka
5c8fe54809 Spelling fixes in docs and comments.
--

In addition, fix trailing spaces in tests/inittests.

GnuPG-bug-id: 3121
Reported-by: ka7 (klemens)
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-28 10:06:33 +09:00
NIIBE Yutaka
f053f99ed0 scd: Handle unexpected suspend/resume by CCID driver.
* scd/ccid-driver.c (bulk_in): Handle unexpected failure.

--

GnuPG-bug-id: 3083
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-12 11:21:08 +09:00
NIIBE Yutaka
7501f2e9c4 scd: Relax a condition for p15 driver.
* scd/app-p15.c (read_ef_aodf): Fix.

--

Fixes-commit: 3c1ad96f1ce838daf2d861b33e6611f6d3043d25
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-10 13:18:30 +09:00
NIIBE Yutaka
3c1ad96f1c scd: Relax a condition for p15 driver.
* scd/app-p15.c (read_ef_aodf): Remove possibly redundant condition.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-10 12:59:29 +09:00
NIIBE Yutaka
34199ef677 scd: Remove "special transport" support.
* scd/ccid-driver.c (transports, my_sleep, prepare_special_transport)
(writen): Remove.
(ccid_dev_scan, ccid_dev_scan_finish, ccid_get_BAI): Only for USB.
(ccid_open_reader, do_close_reader, bulk_out, bulk_in, abort_cmd)
(ccid_poll, ccid_transceive): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-10 12:25:06 +09:00
NIIBE Yutaka
cc420d3488 scd: Internal CCID reader cleanup.
* scd/ccid-reader.c (scan_usb_device): Only for scan mode, so, rename
from scan_or_find_usb_device.
(scan_devices): Likewise.  Remove support of special transport types.
(ccid_get_reader_list): Simplify.
(abort_cmd): Fix error return.
(send_escape_cmd): Fix for RESULTLEN == NULL.
(ccid_transceive_secure): Remove unnecessary var updates.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-07 13:30:35 +09:00
NIIBE Yutaka
3c93595d70 scd: Don't keep CCID reader open when card is not available.
* scd/apdu.c (open_ccid_reader): Fail if no ATR.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-07 12:18:16 +09:00
NIIBE Yutaka
d58275703f scd: Change the order of applications when accessed.
* scd/app.c (select_application): Move the app to top.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-27 13:56:02 +09:00
NIIBE Yutaka
0848cfcce7 scd: Fix timeout handling for key generation.
* scd/ccid-driver.c (CCID_CMD_TIMEOUT): Back to original value.
(CCID_CMD_TIMEOUT_LONGER): New.
(ccid_transceive): Add kludge for key generation.

--

At key generation of longer key size, OpenPGP card sends back "time
extension" with BWI=100, which is unusual value in the protocol and it
actually requires host having longer timeout like 43 seconds.

Reported-by: Szczepan Zalega <szczepan@nitrokey.com>
Fixes-commit: 6510df3a7cd2b5bf44fac1e4d50ee54b8c897daa
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-27 11:25:00 +09:00
NIIBE Yutaka
d6c7bf1f8a More change for common.
* g10, scd, test, tools: Follow the change of removal of -Icommon.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 20:32:09 +09:00
NIIBE Yutaka
70aca95d68 Remove -I option to common.
* dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
* g10/Makefile.am (AM_CPPFLAGS): Ditto.
* g13/Makefile.am (AM_CPPFLAGS): Ditto.
* kbx/Makefile.am (AM_CPPFLAGS): Ditto.
* scd/Makefile.am (AM_CPPFLAGS): Ditto.
* sm/Makefile.am (AM_CPPFLAGS): Ditto.
* tools/Makefile.am (AM_CPPFLAGS): Ditto.
* Throughout: Follow the change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 20:25:54 +09:00
NIIBE Yutaka
cc933a96f8 scd: Close THE_EVENT handle.
* scd/scdaemon.c (handle_connections): Close the handle.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 10:19:40 +09:00
NIIBE Yutaka
e6ca015ae1 scd: Fix compiler warnings for app-openpgp.c.
* scd/app-openpgp.c (retrieve_key_material): Remove touching I.
(do_change_pin): Make sure going to leave if PINVALUE == 0.
(rsa_writekey): Emit simpler log.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-06 15:14:18 +09:00
NIIBE Yutaka
9bf39ed75d scd: More cleanup of old code.
* scd/app-dinsig.c (do_sign): Remove assignment to HASHALGO.
* scd/app-p15.c (parse_keyusage_flags): Remove assign to MASK.
(read_ef_aodf): Likewise.
(read_ef_cdf): Change the control to parse_error.
* scd/app-sc-hsm.c (parse_keyusage_flags): Remove assign to MASK.
(read_ef_prkd): Remove assign to S.
(read_ef_prkd): Check if PRKDF is not null.
(read_ef_cd): Likewise for CDF.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-06 14:59:02 +09:00
NIIBE Yutaka
cb6337329d scd: Clean up old code.
* scd/apdu.c (CT_init, CT_data, CT_close): Remove.
(ct_error_string, ct_activate_card, close_ct_reader, reset_ct_reader)
(ct_get_status, ct_send_apdu, open_ct_reader): Remove.
(new_reader_slot) [NEED_PCSC_WRAPPER]: Remove fd and pid handling.
(writen, readn): Remove.
(pcsc_get_status, pcsc_send_apdu, control_pcsc, close_pcsc_reader)
(reset_pcsc_reader, open_pcsc_reader): Only DIRECT version.
(apdu_open_one_reader): Remove CT_api handling.
(apdu_get_status_internal, send_le): Fix to stop warnings.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-06 14:18:06 +09:00
NIIBE Yutaka
0703de01c8 scd: Fix API of select_file/_path.
* scd/iso7816.c (iso7816_select_file, iso7816_select_path): Remove
unused arguments.
* scd/app-dinsig.c (do_readcert): Follow the change.
* scd/app-help.c (app_help_read_length_of_cert): Likewise.
* scd/app-nks.c (keygripstr_from_pk_file, do_readcert, do_readkey)
(switch_application): Likewise.
* scd/app-p15.c (select_and_read_binary, select_ef_by_path)
(micardo_mse, app_select_p15): Likewise.
* scd/app.c (app_new_register): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-06 13:39:46 +09:00
NIIBE Yutaka
f9acc7d18b scd: Fix scd_kick_the_loop.
* scd/scdaemon.c (notify_fd): Remove.
(the_event) [W32]: New.
(main_thread_pid) [!W32]: New.
(handle_signal): Handle SIGCONT.
(scd_kick_the_loop): Use signal on UNIX and event on Windows.
(handle_connections): Likewise.
--

Code with CreateEvent is copied from gpg-agent.c.
Code for signal is copied from dkg's gpg-agent-idling in Debian.

GnuPG-bug-id: 2982
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-03 20:40:06 +09:00
Werner Koch
f98c8cb013
scd,agent: Improve the OpenPGP PIN prompt texts.
* scd/app-openpgp.c (get_prompt_info): Change texts.
* agent/call-pinentry.c (struct entry_features): New.
(getinfo_features_cb): New.
(start_pinentry): Set new fucntion as status callback.
(build_cmd_setdesc): New.  Replace all snprintf for SETDESC by this
one.
--

Suggested-by: Andre Heinecke
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-22 18:51:02 +01:00
Werner Koch
7ccabbc26a
Revert "scd: Nitpicks on the improved card prompts"
--
This reverts commit 143ca039e1e81140ae520cc1025f8e25c01acc80.

I have a more improved version in the works.
2017-02-22 18:49:43 +01:00
Andre Heinecke
143ca039e1
scd: Nitpicks on the improved card prompts
* src/app-openpgp.c (get_prompt_info): Change wording and order
slightly.

--

The word "Card" was repeated too much in the prompt and moving
signatures to the bottom results in a more consistent layout
between the prompts with signcount and the prompts without.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2017-02-22 17:11:02 +01:00
Werner Koch
e3944f34e3
scd: Improve the prompts for OpenPGP cards.
* scd/app-openpgp.c (get_disp_name): New.
(get_disp_serialno): New.
(get_prompt_info): New.
(build_enter_admin_pin_prompt): Rework the prompt texts.  Factor some
code out to ...
(get_remaining_tries): New.
(verify_a_chv): Print a remaining counter also for the standard PIN.
Rework the prompt texts.

* agent/divert-scd.c (ask_for_card): Pretty format an OpenPGP serial
no.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-22 15:48:33 +01:00
Yuri Chornoivan
24cf0606b4 Clean up word replication.
--

This fixes extra word repetitions (like "the the" or "is is") in the
code and docs.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-21 13:11:46 -05:00
NIIBE Yutaka
99d4dfe836 scd: Fix RESET command handling (more).
* scd/app-common.h (struct app_ctx_s): Add reset_requested.
* scd/app.c (app_reset): Locking APP, set reset_requested.
(deallocate_app): Release the lock.
(release_application): Add LOCKED_ALREADY argument.
(scd_update_reader_status_file): Hold the lock when accessing APP.
When reset_requested is set, close the reader and deallocate APP.
* scd/command.c (open_card_with_request, cmd_restart): Follow the
change of release_application.
(send_client_notifications): Here it calls release_application holding
the lock.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-02-17 11:50:40 +09:00
NIIBE Yutaka
7a666ccb44 scd: Minor fixes to silence compiler warnings.
* scd/app.c (app_reset): Initialize ERR.
* scd/scdaemon.c (scd_kick_the_loop, handle_connections): Catch the
return value.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-02-16 11:49:37 +09:00
NIIBE Yutaka
e2792813a5 scd: Fix RESET command handling.
* scd/app.c (release_application_internal): Remove.
(release_application): Merge release_application_internal.
(app_reset): Kick the loop and let close the reader.  Sleep is
required here to wait closing.
(scd_update_reader_status_file): When APP is no use, close it.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-02-15 18:23:01 +09:00
NIIBE Yutaka
da4c132cca scd: Fix use case of PC/SC.
* scd/apdu.c (apdu_open_reader): Add an argument APP_EMPTY.
When CCID driver fails to open, try PC/SC if APP is nothing.
* scd/app.c (select_application): Supply arg if APP is nothing.

--

After scanning available card readers by CCID driver, scdaemon should
try PC/SC service if no APP is registered yet.  Also, when the slot
is allocated for PC/SC (ccid.handle==NULL), it should not call
ccid_compare_BAI, otherwise scdaemon crashes.

Debian-bug-id: 852702, 854005, 854595, 854616

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-02-13 11:09:13 +09:00
NIIBE Yutaka
8ddc9268f6 scd: Fix regression tracking the connection count.
* scd/scdaemon.c (get_active_connection_count): New.
(start_connection_thread): Bump ACTIVE_CONNECTIONS up and down.
* scd/command.c (cmd_getinfo): Add subcommand "connections".

--

Apply gpg-agent change to scdaemon.  See the commit in 2016-08-06:
    40d16029ed8b334c371fa7f24ac762d47302826e

Then, add kicking the loop, so that main loop can notice the change of
the connection.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-02-01 08:58:01 +09:00
NIIBE Yutaka
e17fa5c75d scd: Remove --debug-disable-ticker option.
* scd/scdaemon.c (ticker_disabled): Remove.
(handle_tick, need_tick): Remove.
(handle_connections): Don't check ticker_disabled.

--

Now, removal of device/card is only done by the function
scd_update_reader_status_file, it should be called if needed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-01-31 15:29:08 +09:00
NIIBE Yutaka
f08d37af04 scd: Fix SERIALNO for multiple devices.
* scd/app.c (select_application): Fix the logic if periodical check is
needed.  If it is needed for newly found device(s), kick the loop.
(scd_update_reader_status_file): Return value if select(2) should be
called with timeout.
* scd/ccid-driver.c (ccid_require_get_status): Don't return 0 for
token with no interrupt transfer for now.
* scd/command.c (open_card_with_request): Fix scan by SERIALNO.
* scd/scdaemon.c (update_usb): Remove.
(handle_connections): Evaluate need_tick after handle_tick.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-01-31 13:04:22 +09:00
NIIBE Yutaka
2a025039c1 scd: Fix GetSlotStatus.
* scd/apdu.c (get_status_reader): Add ON_WIRE arg, here.
(ct_get_status, pcsc_get_status_direct, pcsc_get_status_wrapped)
(pcsc_get_status, get_status_ccid, my_rapdu_get_status): Likewise.
(reset_pcsc_reader_wrapped, open_pcsc_reader_wrapped): Follow the
change.
(apdu_get_status_internal): It's lower-level driver which judge
it's not needed.  Otherwise, it can't detect the removal.
* scd/ccid-driver.c (ccid_slot_status): After the POWERED_OFF check,
we can skip sending GetSlotStatus packet on wire, when no need.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Fixes-commit: c8eee4d396a751d41fd1ee1e1b87b851fca172a
2017-01-30 09:32:03 +09:00
NIIBE Yutaka
7c8eee4d39 scd: Don't send GET_STATUS packet if not needed.
* scd/apdu.c (apdu_get_status_internal): Add ON_WIRE arg.
(apdu_connect): Call apdu_get_status_internal with ON_WIRE enabled.
(apdu_get_status): For periodical check, call apdu_get_status_internal
with ON_WIRE disabled.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-01-30 09:05:37 +09:00
NIIBE Yutaka
216afba0d9 scd: Fix cancel INTERRUPT transfer.
* scd/ccid-driver.c (do_close_reader): Don't lock events, but check the
return value of libusb_cancel_transfer.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-01-30 08:19:32 +09:00
NIIBE Yutaka
f3d9b2582b scd: More changes on watching removal of card/reader.
* scd/app-common.h (struct app_ctx_s): Rename field to
periodical_check_needed.
* scd/scdaemon.c (update_usb): Rename from update_fdset_for_usb.
Don't use libusb_get_pollfds any more.
(scd_kick_the_loop): New.
(need_tick): Follow the rename.
(handle_connections): No libusb event handling here.
* scd/app.c (app_new_register): Follow the change of rename.
(select_application, scd_update_reader_status_file): Likewise.
* scd/ccid-driver.c (ccid_usb_thread_is_alive): New.
(intr_cb): Call scd_kick_the_loop.
(ccid_usb_thread): New.  Thread to invoke INTERRUPT callback.
(ccid_open_usb_reader): Add thread invocation.
(ccid_require_get_status): Remove
LIBUSB_WORKS_EXPECTED_FOR_INTERRUPT_ENDP.
(do_close_reader): Carefully handle handle->transfer.
(get_escaped_usb_string): Insert npth_unprotect/npth_protect.
(do_close_reader, bulk_out, bulk_in, abort_cmd, ccid_slot_status)
(ccid_transceive, ccid_transceive_secure): Likewise.

--

It found that libusb_get_pollfds is not supported on Windows.
Besides, it's a bit difficult to use for the select loop.
Thus, we use the thread named ccid_usb_thread, instead.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-01-28 00:36:27 +09:00
NIIBE Yutaka
f92fe33f11 scd: Fix release of transfer object.
* scd/ccid-driver.c (intr_cb): Handle LIBUSB_TRANSFER_CANCELLED.
(do_close_reader): When callback is active, call
libusb_cancel_transfer and wait callback is fired off.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-01-27 22:32:12 +09:00
NIIBE Yutaka
25cc8575da scd: Improve watching USB device removal.
* scd/apdu.c(struct reader_table_s): Add require_get_status.
(apdu_connect): Change return value meaning.  Call apdu_reset here.
* scd/app.c (app_new_register): Add require_get_status.
(select_application): Use the return value of apdu_connect.
(scd_update_reader_status_file): Call update_fdset_for_usb with
checking all_have_intr_endp.
(app_list_start, app_list_finish): Remove.
* scd/ccid-driver.c (struct ccid_driver_s): Add transfer.
(intr_cb): Don't call libusb_transfer in this callback.
(ccid_require_get_status): New.
(do_close_reader): Call libusb_transfer here.
* scd/scdaemon.c (update_fdset_for_usb): Remove the first argument.

--

With Gnuk Token, it works fine as expected.  With Gemalto reader,
intr_cb is not called when card is removed.  So, the macro
LIBUSB_WORKS_EXPECTED_FOR_INTERRUPT_ENDP is not defined yet.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-01-27 18:01:52 +09:00
NIIBE Yutaka
031e3fa7b9 scd: Wake up the select when new USB scan.
* scd/scdaemon.c (update_fdset_for_usb): Wake up the select(2).
(handle_connections): Use a kind of "self-pipe" technique.

--

Use pipe to wake up select(2).  If UNIX-only, signal could be used.  For
portability, "self-pipe" is better, here.  Setup for non-blocking for
pipe fds are not needed, because speed of USB device insertion is
limited by human physical interaction;  No one can do hundreds of
device insertion/removal-s per second.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-01-27 14:34:21 +09:00
NIIBE Yutaka
881dcdfd84 scd: Only submit apdu_get_status when needed.
* scd/apdu.c (apdu_dev_list_finish): Return Boolean value if
all device support INTERRUPT transfer.
* scd/ccid-driver.c (ccid_dev_scan_finish): Likewise.
* scd/app.c (app_new_register): Fix initial value of card_status.
(select_application): Call update_fdset_for_usb.
(scd_update_reader_status_file): Ditto.
* scd/scdaemon.c (update_fdset_for_usb, need_tick): New.
(handle_connections): Call handle_tick when select returns.
Let select watch USB file descriptors, too.
Call libusb_handle_events_timeout_completed for INTERRUPT transfer.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-01-26 22:02:41 +09:00
NIIBE Yutaka
9b06633c81 scd: Fix APP reference counting.
* scd/app.c (scd_update_reader_status_file): Don't call another
release_application_internal.
* scd/command.c (open_card_with_request): Don't require APPTYPE !=
NULL.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-01-26 19:32:51 +09:00
NIIBE Yutaka
bb5ceb78c3 scd: Add INTERRUPT endp support to CCID driver.
* scd/app.c (scd_update_reader_status_file): Fix releas of APP.
* scd/ccid-driver.c (struct ccid_driver_s): Add INTR_BUF.
(intr_cb, ccid_setup_intr): New.
(ccid_open_usb_reader): Call ccid_setup_intr.
(ccid_slot_status): Return CCID_DRIVER_ERR_NO_READER when removed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-01-26 16:54:40 +09:00
Werner Koch
af5979a42b
Fix format string errors and some missing error case initialization.
* common/logging.c (do_logv): Remove extra parentheses in comparison.

* dirmngr/dns-stuff.c (resolve_addr_libdns): Init RES so that
dns_res_close is given a defined value in the error case.

* dirmngr/http.c (cookie_read, cookie_write) [HTTP_USE_NTBTLS]: Fix
format string char.

* dirmngr/ks-engine-hkp.c (ks_hkp_help): Remove duplicate "const".
* dirmngr/ks-engine-http.c (ks_http_help): Ditto.
* dirmngr/ks-engine-kdns.c (ks_kdns_help): Ditto.
* dirmngr/ks-engine-ldap.c (ks_ldap_help): Ditto.

* scd/app-p15.c (send_keypairinfo, do_getattr): Fix format string
char.
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Init PID for the
error case.
(scdaemon_runtime_change): Ditto.
(dirmngr_runtime_change): Ditto.

* tools/gpgconf.c (query_swdb): Init VALUE_SIZE_UL.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-23 16:33:01 +01:00
NIIBE Yutaka
21c9ebb908 scd: Fix INTERRUPT transfer.
* scd/ccid-driver.c (find_endpoint): Don't return Bulk endpoint as
Interrupt endpoint.
(ccid_poll): Call libusb_interrupt_transfer.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-01-23 16:12:41 +09:00
NIIBE Yutaka
79cea89774 scd: Cleanup SERIALNO protocol.
* scd/app.c (app_get_serial_and_stamp): Remove.
(app_get_serialno): New.
(app_write_learn_status): Use send_status_direct.
(app_getattr): Use app_get_serialno for SERIALNO and
send with send_status_direct.
* scd/app-openpgp.c (do_getattr): Likewise.
* scd/command.c (cmd_serialno): Don't send TIMESTAMP of 0.
(cmd_learn): Likewise.  Don't inquire with TIMESTAMP of 0.

--

In the SERIALNO protocol, timestamp used to be considered, but had never
used at all.  In the new implementation, removed card/token is always
detected and connection becomes invalid, no timestamp is required any
more.  Examined scute and poldi as well for this protocol change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-01-18 16:03:47 +09:00
NIIBE Yutaka
8b1f24a29e scd: Add "card_list" sub command for GETINFO.
* scd/app.c (app_send_card_list): New.
* scd/command.c (cmd_getinfo): Fix "status" sub command.
Add "card_list" sub command.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-01-18 15:19:38 +09:00
NIIBE Yutaka
2e6f1c99d4 scd: Add --demand option for SERIALNO.
* scd/app.c (select_application): Add SERIALNO_BIN and SERIALNO_BIN_LEN
arguments.  Return matched APP with a serial number when specified.
* scd/command.c (open_card): Modify for the implicit open only.
(open_card_with_request): New for explicit open and support match with a
serial number.
(cmd_serialno): Support --demand option.
(cmd_learn, cmd_readcert, cmd_readkey, cmd_pksign, cmd_pkauth)
(cmd_pkdecrypt, cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey)
(cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_apdu): Follow
the change of open_card.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-01-16 10:26:16 +09:00
NIIBE Yutaka
858e14cd79 scd: Fix for --disable-ccid for scdaemon.
* scd/apdu.c (apdu_dev_list_finish): Don't call ccid_dev_scan_finish
with no table.
(apdu_open_reader): Only increment when it's zero.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-01-06 10:35:46 +09:00
NIIBE Yutaka
62268a2732 scd: Fix for --disable-ccid-driver.
* scd/apdu.c [HAVE_LIBUSB] (apdu_dev_list_start): Conditionalize.
[HAVE_LIBUSB] (apdu_dev_list_finish, apdu_open_reader): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-01-06 10:07:40 +09:00
NIIBE Yutaka
8a41e73c31 scd: Support multiple readers by CCID driver.
* scd/apdu.c (new_reader_slot): Lock is now in apdu_dev_list_start.
(close_pcsc_reader_direct, close_ccid_reader): RDRNAME is handled...
(apdu_close_reader): ... by this function now.
(apdu_prepare_exit): Likewise.
(open_ccid_reader): Open with dev_list.
(apdu_dev_list_start, apdu_dev_list_finish): New.
(apdu_open_one_reader): New.
(apdu_open_reader): Support multiple readers.
* scd/app.c (select_application): With SCAN, opening all readers
available, and register as new APP.
(app_write_learn_status): app->ref_count == 0 is valid for APP which is
not yet used.
(app_list_start, app_list_finish): New.
* scd/ccid-driver.c (struct ccid_driver_s): Remove RID and BCD_DEVICE.
Add BAI.
(parse_ccid_descriptor): BCD_DEVICE is now on the arguments.
(ccid_dev_scan, ccid_dev_scan_finish): New.
(ccid_get_BAI, ccid_compare_BAI, ccid_open_usb_reader): New.
(ccid_open_reader): Support multiple readers.
(ccid_set_progress_cb, ccid_close_reader): No RID any more.
--

With this change, multiple readers/tokens are supported by the internal
CCID driver of GnuPG.  Until the changes of upper layers (scdaemon,
gpg-agent, and gpg front end), only a single reader is used, though.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-01-06 09:47:31 +09:00
Werner Koch
6b84ecbf31
Replace use of variable-length-arrays.
* common/t-iobuf.c (main): Replace variable-length-array.
* g10/gpgcompose.c (mksubpkt_callback): Ditto.
(encrypted): Ditto.
* g10/t-stutter.c (log_hexdump): Ditto.
(oracle_test): Ditto.
* g10/tofu.c (get_policy): Ditto.  Use "%zu" for size_t.
* scd/app-openpgp.c (ecc_writekey): Replace variable-length-array.
Check for zero length OID_LEN.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-02 13:29:18 +01:00
NIIBE Yutaka
337690441f scd: Fix select_application.
* scd/app.c (select_application): Fix the condition for open.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-12-30 15:17:50 +09:00
NIIBE Yutaka
f300e12a79 scd: Fix card removal monitor.
* scd/app.c (app_reset): Call send_client_notification with REMOVAL.
(scd_update_reader_status_file): Likewise.
* scd/command.c (send_client_notifications): Distinguish removal.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-12-30 13:17:49 +09:00
NIIBE Yutaka
cdc8d0bd93 scd: Improve internal CCID driver.
* scd/ccid-driver.c (scan_or_find_usb_device): Don't scan for
configuration but use active configuration.  Support alt_setting.
(scan_or_find_devices): Support alt_setting.
(ccid_open_reader): Support alt_setting.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-12-29 11:31:25 +09:00
NIIBE Yutaka
c48cf7e32f scd: Fix a race condition for new_reader_slot.
* scd/apdu.c (reader_table_lock, apdu_init): New.
(new_reader_slot): Serialize by reader_table_lock.
* scd/app.c (lock_app, unlock_app, app_new_register): Fix error code
usage.
(initialize_module_command): Call apdu_init.
* scd/scdaemon.c (main): Handle error for initialize_module_command.

--

This is a long standing bug.  There are two different things; The
serialization of allocating a new SLOT, and the serialization of using
the SLOT.  The latter was implemented in new_reader_slot by lock_slot.
However, the former was not done.  Thus, there was a possible race where
a same SLOT is allocated to multiple threads.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-12-29 10:07:43 +09:00
NIIBE Yutaka
4cc9fc5eb9 scd: APP centric approach for device management.
* scd/app.c (lock_app): Rename from lock_reader and use internal field
of APP.
(unlock_app): Likewise.
(app_dump_state): Use APP.
(application_notify_card_reset): Remove.
(check_conflict): Change API for APP, instead of SLOT.
(check_application_conflict): Likewise.
(release_application_internal): New.
(app_reset): New.
(app_new_register): New.
(select_application): Change API for APP, instead of SLOT.
(deallocate_app, release_application): Modify for manage link.
(report_change): New.
(scd_update_reader_status_file): Moved from command.c and
use APP list, instead of VREADER.
(initialize_module_command): Moved from command.c.

* scd/command.c (TEST_CARD_REMOVAL): Remove.
(IS_LOCKED): Simplify.
(vreader_table): Remove.
(vreader_slot, update_card_removed): Remove.
(do_reset): Call app_reset.
(get_current_reader): Remove.
(open_card): Add SCAN arg.
(cmd_serialno): No retry, since retry is done in lower layer in apdu.c.
No do_reset, since it is done in lower layer.
Add clearing card_removed flag.
(cmd_disconnect): Call apdu_disconnect.
(send_client_notifications): Modify for APP.
(update_reader_status_file): Remove.

--

APP is the abstraction of the card application.  For management of
cards, it is better to focus on the APP instead of the physical reader.
This change makes support of multiple card/token easier.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-12-28 12:29:17 +09:00
NIIBE Yutaka
f9882d8336 scd: Simplify monitoring card removal.
* scd/apdu.c (struct reader_table_s): Remove any_status, last_status,
status, and change_counter field.
(new_reader_slot, dump_reader_status, ct_activate_card, open_ct_reader)
(connect_pcsc_card, open_pcsc_reader_direct, open_pcsc_reader_wrapped)
(open_ccid_reader, apdu_reset): Follow the change.
(ct_dump_reader_status): Remove.
(apdu_get_status_internal, apdu_get_status): Remove CHANGED arg.
(apdu_connect): Follow the change.
* scd/command.c (struct vreader_s): Remove reset_failed, any, and
changed field.
(cmd_getinfo, update_reader_status_file): Follow the change.

--

In the past, scdaemon monitors card insertion (as well as removal), so
the code has been complicated, and there has been duplication in two
layers.  Now, it only monitors card removal, it's now simplified.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-12-28 11:14:29 +09:00
NIIBE Yutaka
c7ec9c4224 scd: Improve internal CCID driver.
* scd/ccid-driver.c (scan_or_find_usb_device): Fix return value.
Support device with multiple CCID interfaces.  Fix the case with
READERNO.  Support partial string match of "reader-port" like PC/SC
driver.

--

I don't know any device with multiple CCID interfaces, though.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-12-27 11:58:54 +09:00
NIIBE Yutaka
8431f5a7e8 scd: Clean up internal API for APP.
* scd/app-common.h (app_readcert, app_readkey, app_setattr, app_sign,
app_auth, app_decipher, app_get_challenge, app_check_pin): Add CTRL as
the second argument.
* scd/app.c: Supply CTRL to lock_reader calls.
* scd/command.c (cmd_readcert, cmd_readkey, cmd_pksign, cmd_auth,
cmd_pkdecrypt, cmd_setattr, cmd_random, cmd_checkpin): Follow the
change.

--

APP is an abstraction of the "card application".  Most methods of APP
should have CTRL argument to report back progress to the session.  This
change fixes FIXMEs for missing CTRL.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-12-22 21:14:26 +09:00
Werner Koch
e384405b6e
Remove unused debug flags and add "dns" and "network".
* g10/options.h (DBG_CARD_IO_VALUE, DBG_CARD_IO): Remove.
* g10/gpg.c (debug_flags): Remove "cardio".
* agent/agent.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove.
* agent/gpg-agent.c (debug_flags): Remove "command".
* scd/scdaemon.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove.
* scd/scdaemon.c (debug_flags): Remove "command".
* dirmngr/dirmngr.h (DBG_DNS_VALUE, DBG_DNS): New.
(DBG_NETWORK_VALUE, DNG_NETWORK): New.
* dirmngr/dirmngr.c (debug_flags): Add "dns" and "network".
--

Note that "dns" and "network" are not yet used but will soon be added
to dirmngr.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-19 09:41:15 +01:00
Werner Koch
ce29272e24
gpg: New option --default-new-key-algo.
* common/openpgp-oid.c (openpgp_is_curve_supported): Add optional arg
R_ALGO and change all callers.
* common/util.h (GPG_ERR_UNKNOWN_FLAG): New error code.
* g10/options.h (struct opt): Add field DEF_NEW_KEY_ALGO.
* g10/gpg.c (oDefaultNewKeyAlgo): New enum.
(opts): New option "--default-new-key-algo".
(main): Set the option.
* g10/keygen.c: Remove DEFAULT_STD_ FUTURE_STD_ constants and replace
them by ...
(DEFAULT_STD_KEY_PARAM, FUTURE_STD_KEY_PARAM): new string constants.
(get_keysize_range): Remove arg R_DEF and return that value instead.
Change all callers.
(gen_rsa): Use get_keysize_range instead of the removed
DEFAULT_STD_KEYSIZE.
(parse_key_parameter_part): New function.
(parse_key_parameter_string): New function.
(quick_generate_keypair): Refactor using parse_key_parameter_string.
(generate_keypair): Ditto.
(parse_algo_usage_expire): Ditto.
--

This new option is intended to be used in the forthcoming
--set-profile command of gpgconf.  It allows to provide a gpg
configuration with custom defaults for a new key using the simple
commands which use the default algorithm set.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-02 19:47:40 +01:00
NIIBE Yutaka
b89e63e5c3 scd: Support OpenPGP card V3 for RSA.
* scd/app-openpgp.c (struct app_local_s): Remove max_cmd_data and
max_rsp_data fields as Extended Capabilities bits are different.
(get_cached_data) Use extcap.max_certlen_3.
(get_one_do): Don't use exmode=1.
(determine_rsa_response): New.
(get_public_key, do_genkey): Call determine_rsa_response.
(do_sign): Use keyattr[0].rsa.n_bits / 8, instead of max_rsp_data.
(do_auth): Use keyattr[2].rsa.n_bits / 8, instead of max_rsp_data.
(do_decipher): Likewise with Use keyattr[1].rsa.n_bits / 8.
(show_caps): Remove max_cmd_data and max_rsp_data.
(app_select_openpgp): Likewise.

--

OpenPGP card V3 had introduced incompatible change in Extended
Capabilities bits.  We can work around by this change by not
using those bits.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-11-25 16:35:15 +09:00
NIIBE Yutaka
5c2db9dedf scd: Fix receive buffer size.
* scd/apdu.c (send_le): Fix the size, adding two for status
bytes to Le.

--

This is long standing bug.  So far, Le was not exact value.
Since forthcoming change will introduce exact value of expected length
of response data, this change is needed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-11-22 20:53:57 +09:00
NIIBE Yutaka
b6066ab18a scd: Don't limit to ST-2xxx for PC/SC.
* scd/apdu.c (pcsc_vendor_specific_init): Only check vender ID.

--

Some other products by Cherry works with pinpad, although it only works
for smaller keys (RSA 1024).  TPDU support is good for larger keys.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-11-18 08:54:04 +09:00
Werner Koch
4839e6d002
scd,dirmngr: Keep the standard fds when daemonizing.
* dirmngr/dirmngr.c (main): Before calling setsid do not close the
standard fds but connect them to /dev/null.
* scd/scdaemon.c (main): Ditto.  Noet that the old test for a log
stream was even reverted.

--

Note that this was fixed for gpg-agent 10 years ago on 2006-11-09.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 21:17:47 +01:00
NIIBE Yutaka
4ee4d0b021 scd: Fix status info encoding.
* scd/command.c (send_status_info): Do percent plus encoding correctly.

--

Reported-by: David Härdeman <david@hardeman.nu>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-11-14 10:25:43 +09:00
Werner Koch
4d7dc432b5
Change all http://www.gnu.org in license notices to https://
--
2016-11-05 12:02:19 +01:00
NIIBE Yutaka
cd00b07ec2 scd: Fix length error for READKEY.
* scd/app-openpgp.c (do_readkey): Decrement the length.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-11-04 15:34:35 +09:00
NIIBE Yutaka
f9da935c3e scd: Add --advanced option for READKEY.
* scd/command.c (cmd_readkey) : Support ADVANCED arg.
* scd/app.c (app_readcert): Add ADVANCED arg.
* scd/app-openpgp.c (do_readkey): Implement ADVANCED arg.
* scd/app-nks.c (do_readkey): Error return with GPG_ERR_NOT_SUPPORTED.

--
"SCD READKEY --advanced OPENPGP.3" returns key in advanced format.
With this suport, poldi-ctrl will be no longer needed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-11-04 13:45:57 +09:00
Daniel Kahn Gillmor
68b59bbc42 Spelling: correct spelling of "passphrase".
There were several different variant spellings of "passphrase".  This
should fix them all for all English text.

I did notice that po/it.po contains multiple instances of
"passhprase", which also looks suspect to me, but i do not know
Italian, so i did not try to correct it.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-11-02 12:53:58 +01:00
Justus Winter
445f0c13d7 Fix typos.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-27 14:59:56 +02:00
NIIBE Yutaka
6bbd97d6c7 scd: Add 0x41 prefix for x-coordinate only result.
* scd/app-openpgp.c (do_decipher): When it's x-coordinate only, add the
prefix 0x41.

--
Card should return fixed size bytes, either in format of
(04 || X || Y) or (X, x-coordinate only).

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-27 13:04:29 +09:00
NIIBE Yutaka
b1828c17fc scd: Use canonical curve name of libgcrypt.
* scd/app-openpgp.c (send_key_attr): Use curve instead of OID.
(ecdh_params): New.
(ecc_read_pubkey): Use ecdh_params.  Use curve name.
(ecc_writekey): Likewise.
(ecc_curve): Rename from ecc_oid.
(parse_algorithm_attribute): Use ecc_curve.
* g10/call-agent.c (learn_status_cb): Use openpgp_is_curve_supported to
intern the curve name string.
* g10/card-util.c (card_status): Conver curve name to alias for print.
--
Now, sdcaemon answer for KEY-ATTR is in the canonical curve name
instead of the alias.  Since it is used of key generation for
card encryption key with backup, it should be canonical name.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-24 11:22:44 +09:00
NIIBE Yutaka
d2653b1a6d g10,scd: Fix ECC keygen.
* g10/keygen.c (generate_keypair): For card key generation, fill
parameters by KEY-ATTR.

* scd/app-openpgp.c (ecc_read_pubkey): OID should be freed at last,
after its reference by OIDBUF is finished.
(ecc_writekey): Likewise.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 21:37:04 +09:00
NIIBE Yutaka
693e657ff0 scd: Fix segfault changing key attr.
* asc/app-openpgp.c (change_keyattr_from_string): Release after
allocated.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 16:27:46 +09:00
NIIBE Yutaka
6e85ac77af Fix use cases of snprintf.
* agent/call-pinentry.c, agent/call-scd.c, agent/command.c,
build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c,
dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c,
g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c,
sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 12:04:46 +09:00
NIIBE Yutaka
b680f79cc1 scd: GENKEY updates the public key in APP.
* scd/app-openpgp.c (rsa_read_pubkey, ecc_read_pubkey): New.
(read_public_key): New.
(get_public_key, do_genkey): Use read_public_key.

--

With this change, since GENKEY updates the public key (pk[keyno].key) in
APP, READKEY will be possible after the command even for the old
card (version <= 0x0100).

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-20 16:25:47 +09:00
NIIBE Yutaka
34439da2d6 scd: Support ECC key generation.
* scd/app-openpgp.c (get_public_key): Fix a message.
(change_keyattr_from_string, ecc_writekey): Call mpi_release sooner.
(do_genkey): Add ECC support.

--

In OpenPGP card specification 3.0, ECC is introduced.  So far, do_genkey
only supported RSA.  Since KDF spec. is needed to calculate the
fingerprint, it is hard coded in app-openpgp.c.  But it's defined by
OpenPGP ECC (RFC-6637), and card does nothing with KDF in fact.

Co-authored-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-18 22:58:00 +09:00
NIIBE Yutaka
f1845f25db scd: minor cleanup to merge other works.
* scd/iso7816.c (do_generate_keypair): Use const char * for DATA.
(iso7816_generate_keypair, iso7816_read_public_key): Likewise.
* scd/app-openpgp.c (get_public_key): Follow the change.
(do_genkey): Ditto.  Use ERR instead of RC.  Use u32 for CREATED_AT.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-18 20:48:08 +09:00
NIIBE Yutaka
25428be521 scd: Fix keytocard for ECC.
* scd/app-openpgp.c (build_ecc_privkey_template): Size can be greater
than 128 when it comes with public key for curve of larger field.

--

Reported-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-17 12:02:28 +09:00
NIIBE Yutaka
fc0b392e76 agent, dirmngr, scd: Fix init_common_subsystems.
* common/init.c (_init_common_subsystems): Don't call
gpgrt_set_syscall_clamp in this function.
* agent/gpg-agent.c, dirmngr/dirmngr.c, scd/scdaemon.c: Call
gpgrt_set_syscall_clamp after npth_init.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-07 10:45:22 +09:00
NIIBE Yutaka
eda17649f8 agent, dirmngr, scd: npth_init must be after fork.
* agent/gpg-agent.c (thread_init_once, initialize_modules): New.
(main): Make sure no daemonizing-fork call after npth_init, and no npth
calls before npth_init, with care of npth calls by assuan hooks.
* dirmngr/dirmngr.c (thread_init): New.
(main): Make sure npth_init must not be called before daemonizing fork.
* scd/scdaemon.c (main): Likewise.

--

It is simply the best for nPth not to allow the daemonizing fork after
npth_init, because semantics and implementations of forked child process
in a threaded application is a difficult corner case.

GnuPG-bug-id: 1779
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-04 09:01:13 +09:00
NIIBE Yutaka
dd06d33655 scd: Add support of ECC pubkey attribute.
* scd/app-openpgp.c (ECC_FLAG_PUBKEY): New.
(send_key_attr, get_public_key, ecc_writekey, do_auth, do_decipher)
(parse_algorithm_attribute): Check ECC_FLAG_DJB_TWEAK.
(build_ecc_privkey_template): Add ECC_Q and ECC_Q_LEN.
Support offering public key when ECC_FLAG_PUBKEY sets.
(ecc_writekey): Supply ECC_Q and ECC_Q_LEN.
(parse_algorithm_attribute): Parse pubkey-required byte.

--

OpenPGPcard protocol specification version 3.2 supports algorithm
attributes for ECC key which specifies public key data is required for
"keytocard" command.  This change supports the feature.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-09-16 15:36:45 +09:00
Werner Koch
0ac671f8a2
common: Add an assuan logging monitor.
* common/asshelp.c (my_log_monitor): New var.
(my_libassuan_log_handler): Run that monitor.
(setup_libassuan_logging): Add arg to set a log monitor and change all
callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-05 11:58:48 +02:00
NIIBE Yutaka
f9e49c80e7 scd: Fix an action after card removal.
* scd/command.c (update_card_removed): Call apdu_close_reader here.

--

This is update of the commit 8fe81055762d9c9e6f03fb7853a985c94ef73ac3
It is better apdu_close_reader is called in update_card_removed.

The commit 1598a4476466822e7e9c757ac471089d3db4b545 introduced a
regression, it doesn't close the reader after removal of the card, while
the code before the commit call apdu_close_reader in do_reset.
So, this fix.

GnuPG-bug-id: 2449
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-09-03 15:27:30 +09:00
NIIBE Yutaka
8fe8105576 scd: Release the card reader after card removal.
* scd/command.c (update_reader_status_file): Call apdu_close_reader.

--

GnuPG-bug-id: 2651
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-09-02 14:45:26 +09:00
NIIBE Yutaka
d1ae710335 scd: Clean up unused shutdown method.
* scd/apdu.c (shutdown_ccid_reader, apdu_shutdown_reader): Remove.
(reset_ccid_reader): Don't set shutdown_reader.
* scd/ccid-driver.c (ccid_shutdown_reader): Remove.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-09-02 13:58:33 +09:00
Daniel Kahn Gillmor
61c2a1fa6d
Call log_set_prefix() with human-readable labels.
* agent/preset-passphrase.c, agent/protect-tool.c, dirmngr/dirmngr.c
* dirmngr/t-http.c, g10/gpg.c, g10/gpgv.c, g13/g13-syshelp.c
* g13/g13.c, kbx/kbxutil.c, scd/scdaemon.c, sm/gpgsm.c
* tests/gpgscm/main.c, tools/gpg-check-pattern.c
* tools/gpg-connect-agent.c, tools/gpgconf.c, tools/gpgtar.c
* tools/symcryptrun.c: Invoke log_set_prefix() with
human-readable labels.

--

Some invocations of log_set_prefix() were done with raw numeric values
instead of values that humans can understand.  Use symbolic
representations instead of numeric for better readability.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-12 12:16:19 +02:00
Ben Kibbey
49829c29e5 Cleanup initialization of libgcrypt.
* common/init.c (init_common_subsystems): Initialize libgcrypt.
* dirmngr/Makefile.am (dirmngr_ldap): Link with libgcrypt.

--
Most other modules already call gcry_check_version() after
init_common_subsystems() so may as well move initialization of libgcrypt
to here. Also fixes a warning in the system log from gpgconf --homedir.

Signed-off-by: Ben Kibbey <bjk@luxsci.net>
2016-08-09 10:47:46 +02:00
Daniel Kahn Gillmor
dc107b7850 More cleanup of "allow to".
* README, agent/command.c, agent/keyformat.txt, common/i18n.c,
  common/iobuf.c, common/keyserver.h, dirmngr/cdblib.c,
  dirmngr/ldap-wrapper.c, doc/DETAILS, doc/TRANSLATE,
  doc/announce-2.1.txt, doc/gpg.texi, doc/gpgsm.texi,
  doc/scdaemon.texi, doc/tools.texi, doc/whats-new-in-2.1.txt,
  g10/export.c, g10/getkey.c, g10/import.c, g10/keyedit.c, m4/ksba.m4,
  m4/libgcrypt.m4, m4/ntbtls.m4, po/ca.po, po/cs.po, po/da.po,
  po/de.po, po/el.po, po/eo.po, po/es.po, po/et.po, po/fi.po,
  po/fr.po, po/gl.po, po/hu.po, po/id.po, po/it.po, po/ja.po,
  po/nb.po, po/pl.po, po/pt.po, po/ro.po, po/ru.po, po/sk.po,
  po/sv.po, po/tr.po, po/uk.po, po/zh_CN.po, po/zh_TW.po,
  scd/app-p15.c, scd/ccid-driver.c, scd/command.c, sm/gpgsm.c,
  sm/sign.c, tools/gpgconf-comp.c, tools/gpgtar.h: replace "Allow to"
  with clearer text.

In standard English, the normal construction is "${XXX} allows ${YYY}
to" -- that is, the subject (${XXX}) of the sentence is allowing the
object (${YYY}) to do something.  When the object is missing, the
phrasing sounds awkward, even if the object is implied by context.
There's almost always a better construction that isn't as awkward.

These changes should make the language a bit clearer.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-03 16:55:33 +02:00
NIIBE Yutaka
1598a44764 scd: Fix card removal/reset on multiple contexts.
* scd/app.c (application_notify_card_reset): Add message for debug.
*scd/command.c (update_card_removed): Call release_application and set
SLOT -1 here.
(struct server_local_s): Remove app_ctx_marked_for_release.
(do_reset): Don't mark release but call release_application here.
(open_card): Remove app_ctx_marked_for_release handling.
(update_reader_status_file): Don't set SLOT here, so that it can be
released the APP by application_notify_card_reset in
update_card_removed.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-07-20 11:35:05 +09:00
NIIBE Yutaka
0c1fd4e988 scd: Fix race conditions for release_application.
* scd/command.c (do_reset, cmd_restart): Reset app_ctx before calling
release_application.

--

Thanks to Ben Warren for the report.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-07-19 10:53:39 +09:00
Niibe Yutaka
971064f8b7 scd: Reset nonnull_nad to zero for VENDOR_GEMPC.
* (parse_ccid_descriptor): nonnull_nad = 0 for all GEMPC device.

--

We can't use the driver for 08E6:3438, while it works well under PC/SC
service.  I found that the library of ccid always uses the node
address = ZERO for all transactions.  So, we extend the same handling
for not only GEMPC_CT30, but also for all its devices.

Debian-bug-id: 814584
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-06-19 11:24:50 +09:00
Werner Koch
4e41745b3e
scd: Make option --homedir work.
* scd/scdaemon.c (opts): Add --homedir.
--

Without that entry the homedir setting won't work.

GnuPG-bug-id: 2386
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-17 08:36:07 +02:00
Werner Koch
8127043d54
Explicitly restrict socket permissions.
* agent/gpg-agent.c (create_server_socket): Call chmod before listen.
* scd/scdaemon.c (create_server_socket): Ditto.
* dirmngr/dirmngr.c (main): Ditto.
--

This is just in case of a improperly set umask.  Note that a connect
requires a write permissions.
2016-06-08 16:18:02 +02:00
Werner Koch
6790115fd9
w32: Fix recent build regression.
* common/homedir.c (_gnupg_socketdir_internal) [W32]: Add definition
for NAME.
* g10/gpg.c (main) [W32]:  Fix use og gnupg_homedir.

* agent/gpg-agent.c (remove_socket): Remove unused var P.
* scd/scdaemon.c (cleanup): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-08 15:14:06 +02:00
Werner Koch
0faf895154
Do not try to remove the enclosing directory of sockets.
* agent/gpg-agent.c (remove_socket): Do not remove the enclosing
directory.
* scd/scdaemon.c (cleanup): Ditto.

--

The socket directory is now below /run or at ~/.gnupg.  Thus we should
not try to remove the directory of the socket.  The auto-removal was
introduced at a time we used a temporary directory for the sockets.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-08 09:04:29 +02:00
Werner Koch
36550dde99
common: New function gnupg_socketdir.
* common/homedir.c (gnupg_socketdir): New.
* agent/gpg-agent.c (create_socket_name): Use new function instead of
gnupg_homedir.
(check_own_socket): Ditto.
(check_for_running_agent): Ditto.
* agent/preset-passphrase.c (main): Ditto.
* common/asshelp.c (start_new_gpg_agent): Ditto.
* scd/scdaemon.c (create_socket_name): Ditto.
* tools/gpgconf.c (main): Ditto.
* tools/symcryptrun.c (main): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-07 13:48:46 +02:00
Werner Koch
22a7ef01aa
Replace use of opt.homedir by accessor functions.
* common/homedir.c (the_gnupg_homedir): New var.
(gnupg_set_homedir): New.
(gnupg_homedir): New.
* g10/options.h (struct opt): Remove 'homedir' and replace all users
by the new accessor functions.
* g13/g13-common.h (struct opt): Ditto.
* scd/scdaemon.h (struct opt): Ditto.
* sm/gpgsm.h (struct opt): Ditto.
* dirmngr/dirmngr.h (struct opt): Ditto.
* agent/preset-passphrase.c (opt_homedir): Ditto.
* agent/protect-tool.c (opt_homedir): Ditto.
--

This will make detection of a non-default homedir easier.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-07 10:59:46 +02:00
NIIBE Yutaka
6677d8b614 scd: More fix of error return path.
* scd/command.c (open_card): Return GPG_ERR_ENODEV on the failure of
apdu_connect.

--

GnuPG-bug-id: 2306
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-05-02 15:59:22 +09:00
NIIBE Yutaka
cb4fee8bb6 scd: Fix error return path.
* scd/ccid-driver.c (bulk_in): Remove EAGAIN handling.
Handle LIBUSB_ERROR_NO_DEVICE to return CCID_DRIVER_ERR_NO_READER.

--

GnuPG-bug-id: 2306
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-04-28 12:43:48 +09:00
NIIBE Yutaka
508b0deb70 scd: Fix memory leaks.
* scd/ccid-driver.c (scan_or_find_usb_device): Return on
LIBUSB_ERROR_NO_MEM.  Free CONFIG before return except on error.
(scan_or_find_devices): Free device list.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-04-28 00:08:08 +09:00
NIIBE Yutaka
7a32f87ccc scd: Bug fix for a device with multiple interfaces.
* scd/ccid-driver.c (scan_or_find_usb_device): Use IFC_NO when
accessing interface information.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-03-07 20:12:38 +09:00
Justus Winter
e77c85577d common: Consolidate Assuan server argument handling.
* common/Makefile.am (common_sources): Add new files.
* common/server-help.c: New file.
* common/server-help.h: Likewise.
* agent/command.c: Drop argument handling primitives in favor of using
the consolidated ones.
* dirmngr/server.c: Likewise.
* g10/server.c: Likewise.
* g13/server.c: Likewise.
* scd/command.c: Likewise.
* sm/server.c: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-03-02 14:14:33 +01:00
Werner Koch
3d952a2fe5
scd: Fix size_t/int mismatch in libusb
* scd/ccid-driver.c (bulk_in, abort_cmd, ccid_poll): Change msglen to
int.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-27 14:31:13 +01:00
NIIBE Yutaka
d0d9708970 scd: Migrate to new API of libusb 1.0.
* configure.ac (LIBUSB_CPPFLAGS): New.
* scd/Makefile.am (AM_CPPFLAGS): Add LIBUSB_CPPFLAGS.
* scd/ccid-driver.c: Use libusb 1.0 API.
--

Changes are straightforward, not use any new features.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-01-27 12:24:05 +09:00
Werner Koch
437965e562
Use ngettext for some strings.
* scd/app-openpgp.c (build_enter_admin_pin_prompt): Use ngettext for
some diagnostics.
(do_genkey): Ditto.
* g10/keyedit.c (check_all_keysigs, menu_delsig, menu_clean): Ditto.
* g10/keylist.c (print_signature_stats): Ditto.
* g10/keyserver.c (keyserver_refresh): Ditto.
* g10/sig-check.c (check_signature_metadata_validity): Ditto.
* g10/sign.c (do_sign): Ditto.
* g10/trustdb.c (reset_trust_records): Ditto.
(validate_keys): Use a table like diagnostic output.
--

Suggested-by: Ineiev <ineiev@gnu.org>
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-18 11:20:15 +01:00
NIIBE Yutaka
d40975cbe8 scd: Fix regression for generating RSA keys on card.
* scd/app-openpgp.c (do_genkey): Strip leading zeros for fingerprint
computation.

--

This bug is difficult to reproduce because the probability is 1/256,
and key generation takes long time.  The regression was introduced
when we add the support for ECC.

GnuPG-bug-id: 2150
2015-12-14 14:37:18 +09:00
Daniel Hoffend
d1a97585c5 scd: Fix removal of unplugged usb readers on Windows.
* scd/apdu.c (pcsc_error_to_sw): map PCSC_E_NO_SERVICE and
PCSC_E_SERVICE_STOPPED to the internal SW_HOST_NO_READER error code.

--

Signed-off-by: Daniel Hoffend <dh@dotlan.net>
GnuPG-bug-id: 2167

In Windows 8 (and later), PC/SC service only runs when reader/token is
plugged in.  After its removal, it returns PCSC_E_NO_SERVICE error.
This error should be handled as no reader.  This comment is by gniibe.
2015-12-10 11:02:16 +09:00
NIIBE Yutaka
f03976f110 scd: Fix for removing the prefix.
* scd/app-openopg.c (do_decipher): Fix the condition.
2015-12-04 14:37:05 +09:00
NIIBE Yutaka
9639af5f16 scd: Simplify saving application context.
* scd/app.c (lock_table): Remove LAST_APP field.
(lock_reader, app_dump_state, application_notify_card_reset)
(release_application): Follow the change.
(check_conflict): New.
(check_application_conflict): Lock the slot and call check_conflict.
(select_application): Call check_conflict and not use LAST_APP.

--

We don't need LAST_APP field but just keep the application context by
APP field.  Since we have a reference counter, it is possible if we
can deallocate or not.
2015-12-04 14:13:23 +09:00
NIIBE Yutaka
f747adfa21 scd: More fix for Curve25519 prefix handling.
* scd/app-openpgp.c (do_decipher): Handle trancated cipher text.
Also fix xfree bug introduced.

--

In old format with no prefix, cipher text can be trancated when it
is parsed as MPI.  Recover the value adding back zeros.

Fixes-commit: 11b2691eddc42e91651e4f95dd2731255a3e9211
2015-12-04 14:02:48 +09:00
Werner Koch
e28f2e7a2f
scd: Another fix for Curve25519 prefix handling.
* scd/app-openpgp.c (do_decipher): Check 0x02 also for 16+1 byte long
INDATA.
(do_decipher): Fix integer arithmetic in void pointer.
(do_decipher): Add missing memcpy.
--

I have not tested this fix but it is obvious.

Fixes-commit: 11b2691eddc42e91651e4f95dd2731255a3e9211
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 13:46:03 +01:00
NIIBE Yutaka
f42c50dbf0 scd: Fix "Conflicting usage" bug.
* scd/apdu.c (apdu_close_reader): Call CLOSE_READER method even if we
  got an error from apdu_disconnect.
* scd/app-common.h (no_reuse): Remove.
* scd/app.c (application_notify_card_reset): Deallocate APP here.
(select_application, release_application): Don't use NO_REUSE.

--

Reproducible scenario: Invoke gpg --card-edit session from a terminal.
Invoke another gpg --card-edit session from another.  Remove a token.
Insert a token again.  Type RET on both terminals.  One of terminal
answers "Conflicting usage".

Perhaps, having NO_REUSE field was to avoid race conditions.  Now,
APP can be safely deallocated by application_notify_card_reset.

Thanks to the2nd.
2015-12-03 11:26:24 +09:00
NIIBE Yutaka
11b2691edd scd: Fix for Curve25519 prefix handling.
* scd/app-openpgp.c (do_decipher): More condition for AES decipher.
  Handle the prefix in cipher text.  Always add the prefix in result.
2015-12-03 08:48:51 +09:00
Werner Koch
69db3285e4
build: Require at least Libassuan 2.4.1.
* configure.ac (NEED_LIBASSUAN_VERSION): Set to 2.4.1.
* agent/gpg-agent.c (create_server_socket): Remove check for
libassuan >= 2.3.0 and >= 2.1.4.
(main): Remove check for libassuan >= 2.1.4.
* scd/scdaemon.c (create_server_socket): Remove check for
libassuan >= 2.1.4.
* dirmngr/dirmngr.c (set_tor_mode): Remove check for
libassuan >= 2.3.0.
* dirmngr/http.c (http_raw_connect, send_request): Remove checks for
libassuan >= 2.3.0.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-02 18:57:49 +01:00
Justus Winter
6a37b45a7f scd: Improve error handling.
* scd/app-openpgp.c (get_public_key): Improve error handling.
--
Found using the Clang Static Analyzer.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-11-19 15:46:29 +01:00
Justus Winter
a9e0905342 Fix typos found using codespell.
* agent/cache.c: Fix typos.
* agent/call-pinentry.c: Likewise.
* agent/call-scd.c: Likewise.
* agent/command-ssh.c: Likewise.
* agent/command.c: Likewise.
* agent/divert-scd.c: Likewise.
* agent/findkey.c: Likewise.
* agent/gpg-agent.c: Likewise.
* agent/w32main.c: Likewise.
* common/argparse.c: Likewise.
* common/audit.c: Likewise.
* common/audit.h: Likewise.
* common/convert.c: Likewise.
* common/dotlock.c: Likewise.
* common/exechelp-posix.c: Likewise.
* common/exechelp-w32.c: Likewise.
* common/exechelp-w32ce.c: Likewise.
* common/exechelp.h: Likewise.
* common/helpfile.c: Likewise.
* common/i18n.h: Likewise.
* common/iobuf.c: Likewise.
* common/iobuf.h: Likewise.
* common/localename.c: Likewise.
* common/logging.c: Likewise.
* common/openpgp-oid.c: Likewise.
* common/session-env.c: Likewise.
* common/sexputil.c: Likewise.
* common/sysutils.c: Likewise.
* common/t-sexputil.c: Likewise.
* common/ttyio.c: Likewise.
* common/util.h: Likewise.
* dirmngr/cdblib.c: Likewise.
* dirmngr/certcache.c: Likewise.
* dirmngr/crlcache.c: Likewise.
* dirmngr/dirmngr-client.c: Likewise.
* dirmngr/dirmngr.c: Likewise.
* dirmngr/dirmngr_ldap.c: Likewise.
* dirmngr/dns-stuff.c: Likewise.
* dirmngr/http.c: Likewise.
* dirmngr/ks-engine-hkp.c: Likewise.
* dirmngr/ks-engine-ldap.c: Likewise.
* dirmngr/ldap-wrapper.c: Likewise.
* dirmngr/ldap.c: Likewise.
* dirmngr/misc.c: Likewise.
* dirmngr/ocsp.c: Likewise.
* dirmngr/validate.c: Likewise.
* g10/encrypt.c: Likewise.
* g10/getkey.c: Likewise.
* g10/gpg.c: Likewise.
* g10/gpgv.c: Likewise.
* g10/import.c: Likewise.
* g10/keydb.c: Likewise.
* g10/keydb.h: Likewise.
* g10/keygen.c: Likewise.
* g10/keyid.c: Likewise.
* g10/keylist.c: Likewise.
* g10/keyring.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/misc.c: Likewise.
* g10/options.h: Likewise.
* g10/packet.h: Likewise.
* g10/parse-packet.c: Likewise.
* g10/pkclist.c: Likewise.
* g10/pkglue.c: Likewise.
* g10/plaintext.c: Likewise.
* g10/server.c: Likewise.
* g10/sig-check.c: Likewise.
* g10/sqlite.c: Likewise.
* g10/tdbio.c: Likewise.
* g10/test-stubs.c: Likewise.
* g10/tofu.c: Likewise.
* g10/trust.c: Likewise.
* g10/trustdb.c: Likewise.
* g13/create.c: Likewise.
* g13/mountinfo.c: Likewise.
* kbx/keybox-blob.c: Likewise.
* kbx/keybox-file.c: Likewise.
* kbx/keybox-init.c: Likewise.
* kbx/keybox-search-desc.h: Likewise.
* kbx/keybox-search.c: Likewise.
* kbx/keybox-update.c: Likewise.
* scd/apdu.c: Likewise.
* scd/app-openpgp.c: Likewise.
* scd/app-p15.c: Likewise.
* scd/app.c: Likewise.
* scd/ccid-driver.c: Likewise.
* scd/command.c: Likewise.
* scd/iso7816.c: Likewise.
* sm/base64.c: Likewise.
* sm/call-agent.c: Likewise.
* sm/call-dirmngr.c: Likewise.
* sm/certchain.c: Likewise.
* sm/gpgsm.c: Likewise.
* sm/import.c: Likewise.
* sm/keydb.c: Likewise.
* sm/minip12.c: Likewise.
* sm/qualified.c: Likewise.
* sm/server.c: Likewise.
* tools/gpg-check-pattern.c: Likewise.
* tools/gpgconf-comp.c: Likewise.
* tools/gpgkey2ssh.c: Likewise.
* tools/gpgparsemail.c: Likewise.
* tools/gpgtar.c: Likewise.
* tools/rfc822parse.c: Likewise.
* tools/symcryptrun.c: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-11-17 12:50:22 +01:00
NIIBE Yutaka
bce0e3f71d scd: Add reder information to --card-status.
* g10/call-agent.h, g10/call-agent.c (agent_release_card_info)
g10/card-util.c (card_status): Add READER.
* scd/apdu.c (close_ccid_reader, open_ccid_reader): Handle RDRNAME.
(apdu_get_reader_name): New.
* scd/ccid-driver.c (ccid_open_reader): Add argument to RDRNAME_P.
* scd/command.c (cmd_learn): Return READER information.
2015-11-09 16:15:44 +09:00
NIIBE Yutaka
1e94a672ef scd: Fix error handling with libusb-compat library.
* scd/ccid-driver.c (bulk_out): Use LIBUSB_ERRNO_NO_SUCH_DEVICE.

--

With libusb-compat library, the error is different than original
libusb.  (The libusb-compat library is used by Fedora.)
2015-11-04 21:07:49 +09:00
NIIBE Yutaka
c5a9fedba6 scd: fix change_keyattr.
* scd/app-openpgp.c (change_keyattr_from_string): Fix parsing.
2015-11-04 10:48:59 +09:00
NIIBE Yutaka
6bb7206e35 scd: Handle error correctly.
* scd/apdu.c (apdu_connect): Initialize variables and check an error
of apdu_get_status_internal.
2015-09-28 13:41:59 +09:00
NIIBE Yutaka
708b7eccde scd: Fix KEYTOCARD handling for ECC key.
* scd/app-openpgp.c (ecc_writekey): Only public key can be native
format.
2015-09-19 16:27:36 +09:00
NIIBE Yutaka
6510df3a7c scd: Fix ccid-driver timeout for OpenPGPcard v2.1.
* scd/ccid-driver.c (CCID_CMD_TIMEOUT): New.
(ccid_transceive_apdu_level, ccid_transceive): Use.

--

It is reported that key generation causes timeout with OpenPGPcard
v2.1.  Ideally, timeout value could be determined at run-time by
examining card's ATR.  Compile-time fixed value is OK for internal
CCID driver.
2015-09-17 11:21:44 +09:00
NIIBE Yutaka
f10b427d0e scd: Force key attribute change for writekey.
* scd/app-openpgp.c (change_rsa_keyattr): New.
(change_keyattr_from_string): Use change_rsa_keyattr.
(rsa_writekey): Call change_rsa_keyattr when different size.
(ecc_writekey): Try to change key attribute.
2015-09-07 13:49:47 +09:00
NIIBE Yutaka
fd689e8542 scd: KEYNO cleanup.
* scd/app-openpgp.c (get_public_key, send_keypair_info, do_readkey)
(change_keyattr, change_keyattr_from_string, ecc_writekey, do_genkey)
(compare_fingerprint, check_against_given_fingerprint): KEYNO starts
from 0.
2015-09-07 13:09:01 +09:00
Werner Koch
836a3e4315
Typo fixes
--
2015-09-01 07:37:11 +02:00
NIIBE Yutaka
e5891a82c3 Curve25519 support.
* agent/cvt-openpgp.c (get_keygrip): Handle Curve25519.
(convert_secret_key, convert_transfer_key): Ditto.
* common/openpgp-oid.c (oidtable): Add Curve25519.
(oid_crv25519, openpgp_oid_is_crv25519): New.
* common/util.h (openpgp_oid_is_crv25519): New.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Handle the case
with Montgomery curve which uses x-only coordinate.
* g10/keygen.c (gen_ecc): Handle Curve25519.
(ask_curve): Change the API and second arg is to return subkey algo.
(generate_keypair, generate_subkeypair): Follow chage of ask_curve.
* g10/keyid.c (keygrip_from_pk): Handle Curve25519.
* g10/pkglue.c (pk_encrypt): Handle Curve25519.
* g10/pubkey-enc.c (get_it): Handle the case with Montgomery curve.
* scd/app-openpgp.c (ECC_FLAG_DJB_TWEAK): New.
(send_key_attr): Work with general ECC, Ed25519, and Curve25519.
(get_public_key): Likewise.
(ecc_writekey): Handle flag_djb_tweak.

--

When libgcrypt has Curve25519, GnuPG now supports Curve25519.
2015-08-06 17:00:41 +09:00
NIIBE Yutaka
a6e4053089 common: extend API of openpgp_oid_to_curve for canonical name.
* common/openpgp-oid.c (openpgp_oid_to_curve): Add CANON argument.
* common/util.h: Update.
* g10/import.c (transfer_secret_keys): Follow the change.
* g10/keyid.c (pubkey_string): Likewise.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Likewise.
* parse-packet.c (parse_key): Likewise.
* scd/app-openpgp.c (send_key_attr, get_public_key): Likewise.

--

Change the function so that caller can select canonical name of curve
or name for printing.  Suggested by wk.
2015-08-06 16:51:14 +09:00
NIIBE Yutaka
d088d2c816 scd: Fix ecc_oid.
* scd/app-openpgp.c (ecc_oid): Call with OIDBUF.
2015-08-05 08:17:46 +09:00
NIIBE Yutaka
0751571cac scd: Fix ECC support.
* scd/app-openpgp.c (send_key_attr): Send KEYNO.
(get_public_key): Fix SEXP composing.
(ecc_writekey): Fix OID length calculation.
(ecc_oid): Prepend the length before query.
(parse_algorithm_attribute): Handle the case the curve is not available.
2015-08-05 07:59:50 +09:00
Werner Koch
55e64f47a5
scd: Fix size_t/unsigned int mismatch.
* scd/app-openpgp.c (ecc_writekey): Use extra var n.
2015-07-26 12:55:53 +02:00
Werner Koch
d382242fb6
Replace GNUPG_GCC_A_ macros by GPGRT_ATTR_ macros.
* common/util.h: Provide replacement for GPGRT_ATTR_ macros when using
libgpg-error < 1.20.
* common/mischelp.h: Ditto.
* common/types.h: Ditto.
--

Given that libgpg-error is a dependency of all GnuPG related libraries
it is better to define such macros at only one place instead of having
similar macros at a lot of places.  For now we need repalcement
macros, though.
2015-07-26 12:50:24 +02:00
NIIBE Yutaka
ef080d5c7f scd: support any curves defined by libgcrypt.
* g10/call-agent.h (struct agent_card_info_s): Add curve field.
* g10/call-agent.c (learn_status_cb): Use curve name.
* g10/card-util.c (card_status): Show pubkey name.
* scd/app-openpgp.c (struct app_local_s): Record OID and flags.
(store_fpr): Use ALGO instead of key type.
(send_key_attr): Use curve name instead of OID.
(get_public_key): Clean up by OID to curve name.
(ecc_writekey): Support any curves in libgcrypt.
(do_genkey, do_auth, ): Follow the change.
(ecc_oid): New.
(parse_algorithm_attribute): Show OID here.
2015-07-25 12:09:23 +09:00
NIIBE Yutaka
dbf4534f49 scd: Format change to specify "rsa2048" for KEY-ATTR.
* g10/card-util.c (do_change_keysize): Put "rsa".
* scd/app-openpgp.c (change_keyattr, change_keyattr_from_string):
Change the command format.
(rsa_writekey): Check key type.
(do_writekey): Remove "ecdh" and "ecdsa" support which was available
in experimental libgcrypt before 1.6.0.
2015-07-23 14:10:03 +09:00
NIIBE Yutaka
9901be3956 scd: change_keyattr_from_string for ECC.
* scd/app-openpgp.c (change_keyattr, change_keyattr_from_string):
Support ECC.
(rsa_writekey): Don't change key attribute.
2015-07-21 14:27:02 +09:00
NIIBE Yutaka
f5d356fb5b scd: Use openpgpdefs.h for constants.
* scd/app-openpgp.c: Include openpgpdefs.h.
2015-07-17 09:34:47 +09:00
NIIBE Yutaka
67b2dc7636 scd: Remove unused files.
* scd/Makefile.am (sc_copykeys_*): Remove.
* scd/sc-copykeys.c: Remove.
* scd/pcsc-wrapper.c: Remove.
* scd/{card-common.h,card-dinsig.c,card-p15.c,card.c}: Remove.

--

sc-copykeys doesn't work any more because it's based on old API.
pcsc-wrapper has gone because of nPth which is compatible to pthreads.
The card* files are old files, now we have app*.
2015-07-09 12:51:03 +09:00
NIIBE Yutaka
45c49a0030 scd: Support AES decryption for OpenPGPcard v3.0.
* scd/app-openpgp.c (do_decipher): Support AES decryption.
2015-07-02 12:14:40 +09:00
NIIBE Yutaka
d2fdf2e1b6 scd: Support button flag and AES key data for OpenPGPcard v3.0.
* scd/app-openpgp.c (do_getattr, show_caps, app_select_openpgp):
Support button and symmetric decryption.
(do_setattr): Support setting AESKEY.
2015-06-26 15:14:27 +09:00
Werner Koch
54a0ed3d9b
Allow use of debug flag names for all tools.
* g13/g13.c: Make use of debug_parse_flag.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto
* agent/gpg-agent.c: Ditto.  But do not terminate on "help"
* dirmngr/dirmngr.c: Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-23 09:13:45 +02:00
NIIBE Yutaka
5e1d2fe655 scd: pinpad workaround for PC/SC implementations.
* scd/adpu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Bigger buffer
for TPDU card reader.

--

GnuPG-bug-id: 2003, 2004

This is needed for PC/SC on Debian Jessie.  Note that it's not only
for Cherry ST-2000, but also, for any TPDU card readers.
2015-06-23 10:10:15 +09:00
NIIBE Yutaka
444e9232aa scd: Fix Cherry ST-2000 support for pinpad input.
* scd/apdu.c (pcsc_vendor_specific_init): Set pinmax to 15.
* scd/ccid-driver.c (ccid_transceive_secure): Add zero for the
template of APDU.

--

GnuPG-bug-id: 2003, 2004
2015-06-22 14:31:25 +09:00
NIIBE Yutaka
cf508a1f7f scd: do_decipher change for OpenPGPcard v3.0.
* scd/app-openpgp.c (do_decipher): Add a header for ECDH.
2015-06-05 14:02:40 +09:00
NIIBE Yutaka
e5c69e87be scd: Fix key template of ECC.
* scd/app-openpgp.c (build_ecc_privkey_template): Use correct value.

--

Forthcoming OpenPGPcard specification 3.0 will address this 0x92.
2015-05-29 14:06:38 +09:00
NIIBE Yutaka
01a2a61bc4 scd: PC/SC reader selection by partial string match.
* scd/apdu.c (open_pcsc_reader_direct): Partial string match.

--

The card reader name by PC/SC service might include USB bus,
which varies (on some platform like GNU/Linux).  Thus, it's
better to match partial string.

Original patch was submitted by anstein.  I changed it to fallback to
the first reader if no match found.

Note that we need to change pcsc-wrapper.c in 2.0 backport.

GnuPG-bug-id: 1618, 1930
2015-04-30 12:36:38 +09:00
Werner Koch
575230d91b
common: Remove two JNLIB_ macros (jnlib merge).
* configure.ac: Merge seperate jnlib checks.
(HAVE_JNLIB_LOGGING): Remove.
* common/logging.c, common/simple-pwquery.c (JNLIB_NEED_AFLOCAL):
Rename to GNUPG_COMMON_NEED_AFLOCAL.  Change all tests.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-24 16:10:15 +02:00