1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

270 Commits

Author SHA1 Message Date
NIIBE Yutaka
c50c11d575 scd: Fix for EdDSA.
* scd/app-openpgp.c (get_algo_byte): It catches 22.
(store_fpr): It's MPI usually, but it's opaque bytes for EdDSA.
2014-12-08 10:21:55 +09:00
NIIBE Yutaka
8720125f5a scd: Fix for NIST P-256.
* g10/card-util.c (card_store_subkey): Error check.
* scd/app-opengpg.c (ecc_writekey): Support NIST P-256.
(do_writekey): Error check.
2014-12-05 14:20:50 +09:00
Werner Koch
519305feb8 Switch to the libgpg-error provided estream.
* configure.ac (NEED_GPG_ERROR_VERSION): Reguire 1.14.
(GPGRT_ENABLE_ES_MACROS): Define.
(estream_INIT): Remove.
* m4/estream.m4: Remove.
* common/estream-printf.c, common/estream-printf.h: Remove.
* common/estream.c, common/estream.h: Remove.
* common/init.c (_init_common_subsystems): Call gpgrt initialization.
2014-08-26 17:47:54 +02:00
NIIBE Yutaka
3132bd90dc scd: EdDSA support.
* scd/app-openpgp.c (KEY_TYPE_EDDSA, CURVE_ED25519): New.
(struct app_local_s): Add eddsa.
(get_algo_byte, store_fpr): Support KEY_TYPE_EDDSA.
(get_ecc_key_parameters, get_curve_name): Support CURVE_ED25519.
(send_key_attr, get_public_key): Support KEY_TYPE_EDDSA.
(build_ecc_privkey_template): Rename as it supports both of
ECDSA and EdDSA.
(ecc_writekey): Rename.  Support CURVE_ED25519, too.
(do_writekey): Follow the change of ecc_writekey.
(do_auth): Support KEY_TYPE_EDDSA.
(parse_ecc_curve): Support CURVE_ED25519.  Bug fix for other curves.
(parse_algorithm_attribute): Bug fix for ECDH.  Support EdDSA.
2014-04-09 09:30:19 +09:00
Werner Koch
36dfc37e43 scd: Silent compiler warnings about unused variables.
* scd/app-openpgp.c (build_ecdsa_privkey_template): Mark unused arg.
(ecdh_writekey): Mark unused args.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-04-08 10:02:08 +02:00
NIIBE Yutaka
781b941743 scd: writekey support of ECC.
* scd/app-openpgp.c (CURVE_SEC_P256K1, get_algo_byte): New.
(store_fpr): Support ECC keys with varargs.
(get_ecc_key_parameters, get_curve_name): Support secp256k1.
(parse_ecc_curve): Likewise.
(build_ecdsa_privkey_template, rsa_writekey, ecdsa_writekey): New.
(ecdh_writekey): New.  Not implemented yet.
(do_writekey): Call rsa_writekey, ecdsa_writekey, or ecdh_writekey.
(do_genkey): Follow the change of store_fpr.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2014-03-12 17:25:33 +09:00
Jonas Borgström
cc67918c08 scd: add support for RSA_CRT and RSA_CRT_N key import.
* scd/app-openpgp.c (do_writekey): Added RSA_CRT and RSA_CRT_N support.

--

Updates of original patch by wk:

  -      unsigned char *rsa_u, *rsa_dp, rsa_dq;
  +      unsigned char *rsa_u, *rsa_dp, *rsa_dq;

and AUTHORS.  Missing signed-off-by assumed due to DCO send the other
day.
2013-08-29 17:53:14 +02:00
Werner Koch
780ba32336 gpg: Make decryption with the OpenPGP card work.
* scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New.
* scd/app-openpgp.c (do_decipher): Add arg R_INFO.
* scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy.
* scd/app.c (app_decipher): Add arg R_INFO.
* scd/command.c (cmd_pkdecrypt): Print status line "PADDING".
* agent/call-scd.c (padding_info_cb): New.
(agent_card_pkdecrypt): Add arg R_PADDING.
* agent/divert-scd.c (divert_pkdecrypt): Ditto.
* agent/pkdecrypt.c (agent_pkdecrypt): Ditto.
* agent/command.c (cmd_pkdecrypt):  Print status line "PADDING".
* g10/call-agent.c (padding_info_cb): New.
(agent_pkdecrypt): Add arg R_PADDING.
* g10/pubkey-enc.c (get_it): Use padding info.
--

Decryption using a card never worked in gpg 2.1 because the
information whether the pkcs#1 padding needs to be removed was not
available.  Gpg < 2.1 too this info from the secret sub key but that
has gone in 2.1.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-28 17:40:32 +02:00
NIIBE Yutaka
b6d54f1196 scd: fix parsing login-data DO.
* scd/app-openpgp.c (parse_login_data): Release RELPTR.  Fix parsing.

--

Signed-off-by: NIIBE Yutaka
2013-08-27 10:23:09 +09:00
NIIBE Yutaka
006782068e scd: fix missing close paren.
* scd/app-openpgp.c (du_auth): Fix.

--
2013-03-15 08:33:13 +09:00
NIIBE Yutaka
73ad742dea scd: support ECDSA signing.
* scd/app-openpgp.c (do_sign): Only prepend message digest block
for RSA or do_auth.
(do_auth): Remove message digest block for ECDSA.

--

If we don't need to check the message digest block by SCDaemon, we
don't requite the message digest block for ECDSA by gpg-agent.
2013-03-09 09:36:21 +09:00
NIIBE Yutaka
010bc7f4f0 scd: support ECDSA public key.
* scd/app-openpgp.c (key_type_t): New.
(CURVE_NIST_P256, CURVE_NIST_P384, CURVE_NIST_P521): New.
(struct app_local_s): Change keyattr to have key_type and union.
(get_ecc_key_parameters, get_curve_name): New.
(send_key_attr, get_public_key): Support ECDSA.
(build_privkey_template, do_writekey, do_genkey): Follow the change
of the member KEY_ATTR.
(parse_historical): New.
(parse_algorithm_attribute): Support ECDSA.
--

Add ECDSA support to OpenPGP card.
2013-03-08 11:40:37 +09:00
NIIBE Yutaka
7253093add scd: Rename 'keypad' to 'pinpad'.
* NEWS: Mention scd changes.

* agent/divert-scd.c (getpin_cb): Change message.

* agent/call-scd.c (inq_needpin): Change the protocol to
POPUPPINPADPROMPT and DISMISSPINPADPROMPT.
* scd/command.c (pin_cb): Likewise.

* scd/apdu.c (struct reader_table_s): Rename member functions.
(check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify,
check_ccid_pinpad, ccid_pinpad_operation, apdu_check_pinpad
apdu_pinpad_verify, apdu_pinpad_modify): Rename.

* scd/apdu.h (SW_HOST_NO_PINPAD, apdu_check_pinpad)
(apdu_pinpad_verify, apdu_pinpad_modify): Rename.

* scd/iso7816.h (iso7816_check_pinpad): Rename.

* scd/iso7816.c (map_sw): Use SW_HOST_NO_PINPAD.
(iso7816_check_pinpad): Rename.
(iso7816_verify_kp, iso7816_change_reference_data_kp): Follow
the change.

* scd/ccid-driver.h (CCID_DRIVER_ERR_NO_PINPAD): Rename.
* scd/ccid-driver.c (ccid_transceive_secure): Use it.

* scd/app-dinsig.c (verify_pin): Follow the change.
* scd/app-nks.c (verify_pin): Follow the change.

* scd/app-openpgp.c (check_pinpad_request): Rename.
(parse_login_data, verify_a_chv, verify_chv3, do_change_pin): Follow
the change.

* scd/scdaemon.c (oDisablePinpad, oEnablePinpadVarlen): Rename.

* scd/scdaemon.h (opt): Rename to disable_pinpad,
enable_pinpad_varlen.

* tools/gpgconf-comp.c (gc_options_scdaemon): Rename to
disable-pinpad.
2013-02-08 09:06:39 +09:00
NIIBE Yutaka
c27315fc64 scd: Fix check_keypad_request.
* scd/app-openpgp.c (check_keypad_request): 0 means not to use pinpad.
2013-02-05 14:59:29 +09:00
NIIBE Yutaka
0407e642f7 SCD: Support P=N format for login data.
* scd/app-openpgp.c (parse_login_data): Support P=N format.
2013-02-05 13:37:07 +09:00
NIIBE Yutaka
a9ff97a10f SCD: Defaults to use pinpad if the reader has the capability.
* scd/app-openpgp.c (struct app_local_s): Remove VARLEN.
(parse_login_data): "P=0" means to disable pinpad.
(check_keypad_request): Default is to use pinpad if available.
2013-02-05 13:37:06 +09:00
NIIBE Yutaka
334ba6efa5 SCD: handle keypad request on the card.
* scd/app-openpgp.c: Add 2013.
(struct app_local_s): Add keypad structure.
(parse_login_data): Add parsing keypad request on the card.
(check_keypad_request): New.
(verify_a_chv, verify_chv3, do_change_pin): Call check_keypad_request
to determine use of keypad.
2013-02-05 13:37:06 +09:00
NIIBE Yutaka
40a914a2e3 SCD: Support fixed length PIN input for keypad.
* scd/iso7816.h (struct pininfo_s): Remove MODE and add FIXEDLEN.
* scd/app-dinsig.c (verify_pin): Initialize FIXEDLEN to unknown.
* scd/app-nks.c (verify_pin): Likewise.
* scd/app-openpgp.c (verify_a_chv, verify_chv3, do_change_pin):
Likewise.
* scd/apdu.c (check_pcsc_keypad): Add comment.
(pcsc_keypad_verify, pcsc_keypad_modify): PC/SC driver only support
readers with the feature of variable length input (yet).
(apdu_check_keypad): Set FIXEDLEN.
* scd/ccid-driver.c (ccid_transceive_secure): Add GEMPC_PINPAD
specific settings.
Support fixed length PIN input for keypad.
2013-02-05 13:37:06 +09:00
NIIBE Yutaka
b526f6e223 SCD: API cleanup for keypad handling.
* scd/iso7816.h (struct pininfo_s): Rename from iso7816_pininfo_s.
Change meaning of MODE.
(pininfo_t): Rename from iso7816_pininfo_t.
* scd/sc-copykeys.c: Include "iso7816.h".
* scd/scdaemon.c, scd/command.c: Likewise.
* scd/ccid-driver.c: Include "scdaemon.h" and "iso7816.h".
(ccid_transceive_secure): Follow the change of PININFO_T.
* scd/app.c: Include "apdu.h" after "iso7816.h".
* scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp)
(iso7816_change_reference_data_kp): Follow the change of API.
* scd/apdu.c (struct reader_table_s): Change API of CHECK_KEYPAD,
KEYPAD_VERIFY, KEYPAD_MODIFY to have arg of PININFO_T.
(check_pcsc_keypad, check_ccid_keypad): Likewise.
(apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify): Likewise.
(pcsc_keypad_verify, pcsc_keypad_modify, ct_send_apdu)
(pcsc_send_apdu_direct,  pcsc_send_apdu_wrapped, pcsc_send_apdu)
(send_apdu_ccid, ccid_keypad_operation, my_rapdu_send_apdu, send_apdu)
(send_le): Follow the change of API.
* scd/apdu.h (apdu_check_keypad, apdu_keypad_verify)
(apdu_keypad_modify): Change the API.
* scd/app-dinsig.c, scd/app-nks.c, scd/app-openpgp.c: Follow the
change.
2013-02-05 13:37:06 +09:00
NIIBE Yutaka
e7dca3e83e SCD: Fix the process of writing key or generating key.
* scd/app-openpgp.c (store_fpr): Flush KEY-FPR and KEY-TIME.
2012-12-13 13:44:43 +09:00
Werner Koch
905b6a36d3 Allow decryption with card keys > 3072 bits
* scd/command.c (MAXLEN_SETDATA): New.
(cmd_setdata): Add option --append.
* agent/call-scd.c (agent_card_pkdecrypt): Use new option for long
data.

* scd/app-openpgp.c (struct app_local_s): Add field manufacturer.
(app_select_openpgp): Store manufacturer.
(do_decipher): Print a note for broken cards.

--

Please note that I was not able to run a full test because I only have
broken cards (S/N < 346) available.
2012-11-06 14:48:06 +01:00
David Prévot
94e663885b Actually show translators comments in PO files
--
2012-08-24 09:42:31 +02:00
Werner Koch
096e7457ec Change all quotes in strings and comments to the new GNU standard.
The asymmetric quotes used by GNU in the past (`...') don't render
nicely on modern systems.  We now use two \x27 characters ('...').

The proper solution would be to use the correct Unicode symmetric
quotes here.  However this has the disadvantage that the system
requires Unicode support.  We don't want that today.  If Unicode is
available a generated po file can be used to output proper quotes.  A
simple sed script like the one used for en@quote is sufficient to
change them.

The changes have been done by applying

  sed -i "s/\`\([^'\`]*\)'/'\1'/g"

to most files and fixing obvious problems by hand.  The msgid strings in
the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
NIIBE Yutaka
bf37c32367 Fix pinpad input support for passphrase modification.
* apdu.c (pcsc_keypad_verify): Have dummy Lc field with value 0.
(pcsc_keypad_modify): Likewise.
(pcsc_keypad_modify): It's only for ISO7816_CHANGE_REFERENCE_DATA.
bConfirmPIN value is determined by the parameter p0.

* app-openpgp.c (do_change_pin): The flag use_keypad should be 0 when
reset_mode is on, or resetcode is on.  use_keypad only makes sense for
iso7816_change_reference_data_kp.

* iso7816.h (iso7816_put_data_kp): Remove.
(iso7816_reset_retry_counter_kp): Remove.
(iso7816_reset_retry_counter_with_rc_kp): Remove.
(iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.

* iso7816.c (iso7816_put_data_kp): Remove.
(iso7816_reset_retry_counter_kp): Remove.
(iso7816_reset_retry_counter_with_rc_kp): Remove.
(iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.
2011-12-02 13:57:12 +09:00
NIIBE Yutaka
2c5d021912 Fix pinpad input support 2011-12-01 11:09:51 +09:00
NIIBE Yutaka
5a62b0d6ee PC/SC pinpad support (pinpad input for modify pass phrase with resetcode, by admin). 2011-11-29 17:56:22 +09:00
NIIBE Yutaka
57d4f7fae1 PC/SC pinpad support (pinpad input for modify pass phrase). 2011-11-29 11:59:32 +09:00
NIIBE Yutaka
26b4a012e3 PC/SC pinpad support.
Before this change, it is layered like following:

	iso7816_verify
        iso7816_verify_kp
	apdu_send_simple, apdu_send_simple_kp
	...

After this change, it will be layered like:

	iso7816_verify      iso7816_verify_kp
        apdu_send_simple    apdu_keypad_verify
	...

and apdu_send_simple_kp will be deprecated.

For PC/SC API, we use:
  SCardControl API to compose CCID PC_to_RDR_Secure message
  SCardTransmit API to compose CCID PC_to_RDR_XfrBlock message

Considering the support of PC/SC, we have nothing to share between _kp
version of iso7816_* and no _kp version.
2011-11-28 16:16:38 +09:00
Werner Koch
14e0b60efd Adjust for signed integer passed to OpenPGP card decrypt. 2011-08-08 10:44:03 +02:00
Werner Koch
37228cfa05 Allow generation of card keys up to 4096 bit.
This patch implementes a chunk mode to pass the key parameters from
scdaemon to gpg.  This allows to pass arbitrary long key paremeters;
it is used for keys larger than 3072 bit.

Note: the card key generation in gpg is currently broken.  The keys
are generated but it is not possible to create the self-signature
because at that time the gpg-agent does not yet know about the new
keys and thus can't divert the sign request to the card.  We either
need to run the learn command right after calling agent_scd_genkey or
implement a way to sign using the currently inserted card.  Another
option would be to get rid of agent_scd_genkey and implement the
feature directly in agent_genkey.
2011-06-16 14:27:33 +02:00
Werner Koch
b008274afd Nuked almost all trailing white space.
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces.  In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much.  For future commits the pre-commit scripts
checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Werner Koch
6872919efe Fix a signing problem with the card 2010-10-18 12:59:19 +00:00
Werner Koch
983f91937c Fix for extended length Le in decipher 2009-09-03 10:57:23 +00:00
Werner Koch
e57d2a8630 Ask for the keysize when generating a new card key. 2009-08-05 11:24:43 +00:00
Werner Koch
806b0acad7 Better reset the PIN verification stati after changing the key attributes. 2009-07-10 10:47:30 +00:00
Werner Koch
96abdb1386 Fix for card keys > 2048 bit. 2009-07-10 10:15:33 +00:00
Werner Koch
31084d6dc9 Support writing of existing keys with non-matching key sizes. 2009-07-09 14:54:18 +00:00
Werner Koch
d8d1ca6151 Reworked the estream memory buffer allocation.
Committed already posted patches for the v2 card.
2009-06-29 10:43:57 +00:00
Werner Koch
5f8acaccc0 Add readcert command.
fix reading large certificates.
2009-06-17 09:45:50 +00:00
Werner Koch
bdbeb0ac2b app-openpgp changes 2009-06-09 19:11:28 +00:00
Werner Koch
db47caf05b Typo fix. Updated German translation. 2009-06-08 09:11:27 +00:00
Werner Koch
e095815c4d Make PIN changing code work for v2 cards. 2009-05-20 16:12:25 +00:00
Werner Koch
c4e92c3344 Made card key generate with backup key work for 2048 bit.
Improved card key generation prompts.
2009-05-15 19:26:46 +00:00
Werner Koch
eeca39ae50 More support for Netkey cards.
Small changes to teh CCID driver.
Support 2048 bit OpenPGP cards.
2009-05-08 15:07:45 +00:00
Werner Koch
9d6a2a60c2 Prepare for OpenPGP cards with extended length support. 2009-04-01 14:38:22 +00:00
Werner Koch
98e1a75e20 Implement decryption for TCOS 3 cards. 2009-03-30 12:46:06 +00:00
Werner Koch
a3b63ac1dc Add server option with-ephemeral-keys.
Extend SCD LEARN command.
2009-03-18 11:18:56 +00:00
Werner Koch
1eeefbf7f7 Add new attribute KEY-ATTR. 2009-03-10 16:10:35 +00:00
Werner Koch
59d7a54e72 New PIN Callback attributes in gpg-agent.
Common prompts for keypad and simple card reader.
More support for Netkey cards;  PIN management works now.
2009-03-05 19:19:37 +00:00
Werner Koch
041c764672 Add option --card-timeout.
Add a new attribyte to app-openpgp.c
Fix two portability bugs.
Have gpg-connect-agent autostart gpg-agent on W32.
2008-12-05 12:01:01 +00:00
Werner Koch
338ddd0bb6 Use bin2hex if possible. 2008-11-03 10:54:18 +00:00
Werner Koch
0a5f742466 Marked all unused args on non-W32 platforms. 2008-10-20 13:53:23 +00:00
Werner Koch
96f16f736e Finished support for v2 cards with the exception of secure messaging. 2008-09-25 10:06:02 +00:00
Werner Koch
761e997af5 Improvements for 2k keys. 2008-09-23 15:42:11 +00:00
Werner Koch
f899b9683b Support the Certifciate DO of the v2 OpenPGP cards. 2008-09-23 09:57:45 +00:00
Moritz Schulte
72110961f1 2008-08-30 Moritz <moritz@gnu.org>
* scdaemon.c (main): Use estream_asprintf instead of asprintf.
	* command.c (update_reader_status_file): Likewise.
	(cmd_serialno): Use estream_asprintf instead of asprintf
	and xfree instead of free to release memory allocated
	through (estream_)asprintf.
	(cmd_learn): Likewise.
	(pin_cb): Likewise.
	* app-openpgp.c (get_public_key): Likewise.
2008-08-31 11:55:09 +00:00
Werner Koch
8e89644451 Fix new test for v2 cards. 2008-08-18 11:08:04 +00:00
Werner Koch
e27ca6e059 prompt change. 2008-07-30 10:25:18 +00:00
Werner Koch
9d5a10a453 Do not run the setuid test if running under as root proper.
Documentation fixes.
Some enhancements for the new OpenPGP Card.
2008-07-17 19:40:53 +00:00
Werner Koch
4817ff6528 Add support for the TCOS NullPIN feature. 2008-06-24 16:00:29 +00:00
Werner Koch
6e17d90e09 Use default PIN flag 2008-04-21 07:53:20 +00:00
Werner Koch
a2ede07293 Preparing a release. 2008-03-26 09:20:40 +00:00
Werner Koch
bae4b256c7 Support DSA2.
Support Camellia for testing.
More audit stuff.
2007-12-12 10:28:30 +00:00
Werner Koch
bc482052f8 Fix for bug 851.
Fixed auto generation of the stub key for the card.
Allow to encrypt toElgamal encryption keys of type 20.
2007-12-10 15:19:34 +00:00
Werner Koch
4631bc8ddf Fixed card key generation of gpg2.
Reveal less information about timings while generating a key.
2007-07-05 16:58:19 +00:00
Werner Koch
93d3811abc Changed to GPLv3.
Removed intl/.
2007-07-04 19:49:40 +00:00
Werner Koch
2c9791db55 First steps towards supporting W32.
This is mainly source code reorganization.
Update gnulib.
g10/ does currently not build.
2007-06-06 18:12:30 +00:00
Werner Koch
0ed45ac1b3 The keypad is now also used for OpenPGP signing keys. 2006-12-21 12:13:44 +00:00
Werner Koch
5885142c83 Made some PIN pads work.
Some cleanups for 64 bit CPUs.
2006-11-20 16:49:41 +00:00
Werner Koch
43825e9dae Allow pkcs#10 creation directkly from a smart card 2006-10-11 17:52:15 +00:00
Werner Koch
158a69aff7 bug fixes 2006-10-05 11:06:42 +00:00
Marcus Brinkmann
2301fc2926 2006-09-24 Marcus Brinkmann <marcus@g10code.de>
* app-openpgp.c (do_sign): Advance INDATA by the SHA1 resp. RMD160
        prefix length.
2006-09-23 23:32:44 +00:00
Werner Koch
03d3322e5f Take advantage of newer gpg-error features. 2006-09-14 16:50:33 +00:00
Marcus Brinkmann
8ffa3b4cbb 2006-08-28 Marcus Brinkmann <marcus@g10code.de>
* app-openpgp.c (do_decipher, do_sign): Allow "OPENPGP.2"
        resp. "OPENPGP.1" for KEYIDSTR.
2006-08-29 18:29:30 +00:00
Werner Koch
6c208fea32 A couple of fixes. gpg2's key generation does now work. 2006-06-30 09:42:08 +00:00
Werner Koch
f98537733a Updated FSF's address. 2006-06-20 17:21:37 +00:00
Werner Koch
c664309a0a Added command APDU 2006-04-11 13:53:21 +00:00
Werner Koch
a5465705fb Support for CardMan 4040 2006-02-06 16:13:20 +00:00
Werner Koch
6a13cf2c3d Preparing an interim release 2005-11-28 11:52:25 +00:00
Werner Koch
6f90f05cb2 Bug fixes and ssh support for the BELPIC. 2005-09-09 11:18:08 +00:00
Werner Koch
68191d0c93 * keylist.c (email_kludge): Reworked.
* certdump.c (gpgsm_print_serial, gpgsm_dump_serial): Cast printf
arg to unsigned.
* call-dirmngr.c (gpgsm_dirmngr_run_command): Ditto
2005-07-20 15:05:05 +00:00
Werner Koch
deeba405a9 gcc-4 defaults forced me to edit many many files to get rid of the
char * vs. unsigned char * warnings.  The GNU coding standards used to
say that these mismatches are okay and better than a bunch of casts.
Obviously this has changed now.
2005-06-16 08:12:03 +00:00
Werner Koch
f1dac8851d * command.c (cmd_updatestartuptty): New.
* gpg-agent.c: New option --write-env-file.

* gpg-agent.c (handle_connections): Make sure that the signals we
are handling are not blocked.Block signals while creating new
threads.

* estream.c: Use HAVE_CONFIG_H and not USE_CONFIG_H!
(es_func_fd_read, es_func_fd_write): Protect against EINTR.

* gpg-agent.texi (Agent UPDATESTARTUPTTY): New.

* scdaemon.c (handle_connections): Make sure that the signals we
are handling are not blocked.Block signals while creating new
threads.
(handle_connections): Include the file descriptor into the name of
the thread.
2005-06-03 13:57:24 +00:00
Werner Koch
e96af3715b * call-scd.c (inq_needpin): Skip leading spaces in of PIN
description.
* divert-scd.c (getpin_cb): Enhanced to cope with description
flags.
* query.c (agent_askpin): Add arg PROMPT_TEXT. Changed all
callers.
2005-05-24 12:37:36 +00:00
Werner Koch
a43586d0e8 * Makefile.am: Do not build sc-copykeys anymore.
* app-openpgp.c (app_openpgp_storekey, app_openpgp_readkey)
(app_openpgp_cardinfo): Removed.
2005-05-23 20:18:13 +00:00
Werner Koch
05e1dc22f0 * call-scd.c (start_scd): Don't test for an alive scdaemon here.
(agent_scd_check_aliveness): New.
* gpg-agent.c (handle_tick): Test for an alive scdaemon.
(handle_signal): Print thread info on SIGUSR1.

* scdaemon.c (handle_signal): Print thread info on SIGUSR1.
2005-05-21 18:49:00 +00:00
Werner Koch
41862f5f13 * protect-tool.c: New option --canonical.
(show_file): Implement it.

* keyformat.txt: Define the created-at attribute for keys.

* ccid-driver.c: Replaced macro DEBUG_T1 by a new debug level.
(parse_ccid_descriptor): Mark SCR335 firmware version 5.18 good.
(ccid_transceive): Arghhh.  The seqno is another bit in the
R-block than in the I block, this was wrong at one place.

* scdaemon.c: New options --debug-ccid-driver and
--debug-disable-ticker.

* app-openpgp.c (do_genkey, do_writekey): Factored code to check
for existing key out into ..
(does_key_exist): .. New function.

* gpg-connect-agent.c (add_definq, show_definq, clear_definq)
(handle_inquire): New.
(read_and_print_response): Handle INQUIRE command.
(main): Implement control commands.
2005-05-20 20:39:36 +00:00
Werner Koch
4237a9cc7f Changed the scdaemon to handle concurrent sessions. Adjusted
gpg-agent accordingly. Code cleanups.
2005-05-18 10:48:06 +00:00
Werner Koch
eb3f014b5d * app-p15.c (micardo_mse): New.
(do_sign): Call it.
* iso7816.c (iso7816_manage_security_env): Allow passing DATA as
NULL to indicate an empty Lc.
* tlv.c (find_tlv): Check that a found object fits into the
buffer.
(find_tlv_unchecked): New as replacement for the old non-checking
variant.
* app.c (select_application): Keep on using the non-checking
variant.
* app-openpgp.c (get_one_do, dump_all_do): Ditto.
2005-04-27 19:47:53 +00:00
Werner Koch
9f9a18c011 (retrieve_key_material): Rewritten. Return a
proper error code.
(retrieve_next_token): Removed.
(retrieve_fpr_from_card): Rewritten to make use of DO caching and
to take the KEYNO as arg.
(get_public_key): Renamed variable for clarity.
2005-04-14 17:25:43 +00:00
Werner Koch
6b002f0602 * app-openpgp.c (do_check_pin): Add hack to allow verification of
CHV3.
(get_public_key): Don't use gcry functions to create S-expressions.
(do_deinit, do_readkey, do_genkey, send_keypair_info): Adjust for
above change.
2005-04-11 16:20:10 +00:00
Moritz Schulte
9476729709 2005-03-29 Moritz Schulte <moritz@g10code.com>
* app-openpgp.c (retrieve_fpr_from_card): New function.
	(retrieve_next_token): New function.
	(retrieve_key_material): New function.
	(get_public_key): Implement retrival of key through expernal
	helper (gpg) in case the openpgp card is not cooperative enough.
2005-03-29 20:46:18 +00:00
Werner Koch
faef9f929b * findkey.c (modify_description): Keep invalid % escapes, so that
%0A may pass through.

* agent.h (server_control_s): New field USE_AUTH_CALL.
* call-scd.c (agent_card_pksign): Make use of it.
* command-ssh.c (data_sign): Set the flag.
(ssh_send_key_public): New arg OVERRIDE_COMMENT.
(card_key_available): Add new arg CARDSN.
(ssh_handler_request_identities): Use the card s/n as comment.
(sexp_key_extract): Use GCRYMPI_FMT_STD.
(data_sign): Ditto.

* learncard.c (make_shadow_info): Moved to ..
* protect.c (make_shadow_info): .. here. Return NULL on malloc
failure. Made global.
* agent.h: Add prototype.

* xasprintf.c (xtryasprintf): New.

* app-openpgp.c (get_public_key): Make sure not to return negative
numbers.
(do_sign): Allow passing of indata with algorithm prefix.
(do_auth): Allow OPENPGP.3 as an alternative ID.

* app.c (app_getattr): Return just the S/N but not the timestamp.

* no-libgcrypt.c (gcry_strdup): New.
2005-02-25 16:14:55 +00:00
Werner Koch
3af261572b * gpg-agent.c (handle_connections): Need to check for events if
select returns with -1.

* tools.texi (gpg-connect-agent): New.

* app-openpgp.c (get_one_do): Never try to get a non cacheable
object from the cache.
(get_one_do): Add new arg to return an error code.  Changed all
callers.
(do_getattr): Let it return a proper error code.

* app.c (select_application): Return an error code and the
application context in an new arg.
* command.c (open_card): Adjusted for that.  Don't use the
fallback if no card is present.  Return an error if the card has
been removed without a reset.
(do_reset, cmd_serialno): Clear that error flag.
(TEST_CARD_REMOVAL): New. Use it with all command handlers.

* scdaemon.c (ticker_thread): Termintate if a shutdown is pending.

* apdu.c: Added some PCSC error codes.
(pcsc_error_to_sw): New.
(reset_pcsc_reader, pcsc_get_status, pcsc_send_apdu)
(open_pcsc_reader): Do proper error code mapping.

* gpg-connect-agent.c: New.
* Makefile.am: Add it.
2005-02-24 17:36:11 +00:00
Werner Koch
8c77433de9 * app-openpgp.c (app_local_s): New field PK.
(do_deinit, do_genkey, app_openpgp_storekey): Clear it.
(get_public_key, send_keypair_info): New.
(do_learn_status): Send KEYPAIR info

* app-common.h (app_ctx_t): Add function pointer READKEY.
* app.c (app_readkey): New.
* command.c (cmd_readkey): Use READKEY function if possible.
2005-02-22 17:29:07 +00:00
Werner Koch
625bafa4da Forgot to commit the recent fixed to scd and logging - doing it now 2005-02-03 13:20:57 +00:00
Werner Koch
17c2c40601 Compile fixes. 2004-10-22 16:03:04 +00:00
Werner Koch
9aa7d0bc35 * app-openpgp.c (do_sign): Replace asprintf by direct allocation.
This avoids problems with missing vasprintf implementations in
	gnupg 1.4.

	* app-common.h (app_openpgp_storekey: Add prototype.
2004-10-22 09:41:56 +00:00
Werner Koch
2c31e2f853 (parse_login_data): New.
(app_select_openpgp): Call it.
(do_setattr): Reparse it after change.
2004-10-14 13:22:03 +00:00
Werner Koch
e1f3dc1c77 Added ID keywords because these files are often used in other packages. 2004-10-14 09:12:36 +00:00
Werner Koch
f67c66e56f * de.po: Updated.
* POTFILES.in: Add more files.

* app-openpgp.c (do_sign): Add the error string to the verify
failed messages.

* keylist.c (list_cert_colon): Make sure that the expired flag has
a higher precedence than the invalid flag.
2004-09-30 13:24:33 +00:00
Werner Koch
f100401478 (show_key_with_all_names): Print the card S/N.
* app-openpgp.c (app_select_openpgp): Its app_munge_serialno and
not app_number_serialno.
2004-09-20 18:47:11 +00:00
Werner Koch
9d74d40da1 * app.c (select_application): Fixed serial number extraction and
added the BMI card workaround.
(app_munge_serialno): New.
* app-openpgp.c (app_select_openpgp): Try munging serialno.
2004-09-09 07:28:47 +00:00
Werner Koch
bcaa520ad6 (do_getattr): Fix for sending CA-FPR. 2004-07-01 17:41:33 +00:00
Werner Koch
7d486a0969 * app-openpgp.c (do_setattr): Sync FORCE_CHV1. 2004-04-29 17:25:57 +00:00
Werner Koch
4c96cb0683 * app-common.h: Do not include ksba.h for gnupg 1. 2004-04-28 09:00:05 +00:00
Werner Koch
869a2bbad2 * app-common.h: New members FNC.DEINIT and APP_LOCAL.
* app.c (release_application): Call new deconstructor.
* app-openpgp.c (do_deinit): New.
(get_cached_data, flush_cache_item, flush_cache_after_error)
(flush_cache): New.
(get_one_do): Replaced arg SLOT by APP.  Make used of cached data.
(verify_chv2, verify_chv3): Flush some cache item after error.
(do_change_pin): Ditto.
(do_sign): Ditto.
(do_setattr): Flush cache item.
(do_genkey): Flush the entire cache.
(compare_fingerprint): Use cached data.
2004-04-26 18:28:06 +00:00
Werner Koch
e209ea3c39 * app-dinsig.c: Implemented. Based on app-nks.c and card-dinsig.c
* app-nks.c (get_length_of_cert): Removed.
* app-help.c: New.
(app_help_read_length_of_cert): New.  Code taken from above.  New
optional arg R_CERTOFF.

* card-dinsig.c: Removed.
* card.c (card_get_serial_and_stamp): Do not bind to the old and
never finsiged card-dinsig.c.

* iso7816.c (iso7816_read_binary): Allow for an NMAX > 254.
2004-03-16 18:59:21 +00:00
Werner Koch
f8d44bc637 *** empty log message *** 2004-03-16 10:49:37 +00:00
Werner Koch
97958029f6 (iso7816_manage_security_env): New.
(iso7816_decipher): Add PADIND argument.

** app-nks.c is now functional **
2004-01-28 16:21:57 +00:00
Werner Koch
eb24d8b751 Some minor bug fixes, new test utilities and started support for other
smartcard applications.
2004-01-27 16:40:42 +00:00
Werner Koch
28db0fabb4 * apdu.c (apdu_send_le): Send a get_response with the indicated
length and not the 64 bytes we used for testing.
* app-openpgp.c (verify_chv2, verify_chv3, do_sign): Check the
minimum length of the passphrase, so that we don't need to
decrement the retry counter.
2003-12-23 10:25:24 +00:00
Werner Koch
7134af9fdb * scdaemon.c, scdaemon.h: New options --allow-admin and --deny-admin.
* app-openpgp.c (verify_chv3): Check it here.
2003-12-01 10:54:09 +00:00
Werner Koch
21be16dba9 * command.c (cmd_checkpin): New.
(register_commands): Add command CHECKPIN.
* app.c (app_check_pin): New.
* app-openpgp.c (check_against_given_fingerprint): New. Factored
out that code elsewhere.
(do_check_pin): New.
2003-10-21 17:12:50 +00:00
Werner Koch
30342b06ef * call-agent.c (agent_scd_getattr): Don't clear the passed info
structure, so that it can indeed be updated.

* card-util.c (fpr_is_zero): New.
(generate_card_keys): New.
(card_edit): New command "generate".
* keygen.c (generate_keypair): New arg CARD_SERIALNO, removed call
to check_smartcard.
(check_smartcard,show_smartcard): Removed.
(show_sha1_fpr,fpr_is_zero): Removed.

* app-openpgp.c (do_getattr): Support SERIALNO and AID.
2003-10-08 10:46:58 +00:00
Werner Koch
f194ebc782 Fixes to make inclusion of card raleted source files into 1.3 easier. 2003-10-02 10:27:34 +00:00
Werner Koch
59a61b3c93 * command.c (cmd_getattr): New command GETATTR.
* app.c (app_setattr): New.
(do_getattr): New.
(do_learn_status): Reimplemented in terms of do_getattr.

* app-openpgp.c (do_change_pin): Make sure CVH1 and CHV2 are
always synced.
(verify_chv2, verify_chv3): New. Factored out common code.
(do_setattr, do_sign, do_auth, do_decipher): Change the names of
the prompts to match that we have only 2 different PINs.
(app_select_openpgp): Check whether the card enforced CHV1.
(convert_sig_counter_value): New. Factor out code from
get_sig_counter.
2003-09-30 17:35:05 +00:00
Werner Koch
3af881581f Minor fixes 2003-09-30 13:22:33 +00:00
Werner Koch
1bcf8ef9de Cleanups, fixes and PC/SC support 2003-08-05 17:11:04 +00:00
Repo Admin
9ca4830a5b This commit was manufactured by cvs2svn to create branch
'GNUPG-1-9-BRANCH'.
2003-08-05 17:11:04 +00:00