* scd/app-p15.c (auth_type_t): New.
(struct aodf_object_s): Add field auth_type.
(read_ef_aodf): Distinguish between pin and authkey types. Include
the authtype in the verbose mode diags.
--
Note that the bulk of chnages are just indentation chnages. There
should be no functional change.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-p15.c (CARD_TYPE_AET): New.
(cardtype2str): Add string.
(card_atr_list): Add corresponding ATR.
(app_local_s): New flag no_extended_mode. Turn two other flags into
bit flags.
(select_ef_by_path): Hack to handle the 3FFF thing.
(readcert_by_cdf): Do not use etxended mode for AET.
(app_select_p15): Set no_extended_mode.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-p15.c (read_ef_prkdf, read_ef_pukdf)
(read_ef_cdf, read_ef_aodf): Allow for a zero length path and
correctly skip unsupported auth types.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/iso7816.c (iso7816_read_binary_ext): Handle the 0x6a86 SW the
same as 6b00.
* scd/apdu.c (apdu_get_atr): Modify debug messages.
* scd/app-p15.c (app_select_p15): Print FCI on error.
(read_p15_info): Clean up diag in presence of debug options.
--
Some cards return 6a86 instead of 6b00.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command-ssh.c (ssh_handler_request_identities): Remove double
check of ERR.
* g10/getkey.c (get_pubkey_byname): Remove double use of break.
* g10/pkglue.c (pk_encrypt): Handle possible NULL-ptr access due to
failed malloc.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/apdu.c (open_pcsc_reader): PCSC.COUNT should
be incremented before possible call of close_pcsc_reader.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/apdu.c (pcsc_cancel): New.
(pcsc_init): Load new function.
(connect_pcsc_card): Use it after a removed card error.
--
Well, that was easier than I expected yesterday.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/apdu.c (close_pcsc_reader): Do not decrement refcount if already
zero. Always release context if or becomes zero.
(apdu_dev_list_start): Unlock prior to close_pcsc_reader. For PC/SC
increment the count. Always release the lock.
(apdu_dev_list_finish): No more unlocking. Use close_pcsc_reader
instead of code duplication.
* scd/apdu.c (pcsc_error_string): Add an error code.
* scd/scdaemon.c (scd_kick_the_loop): Fix a diagnostic.
--
There was an obvious bug in that the pcsc.count could go below zero
and thus there was no chance to get the context release. Releasing
and recreating the context is at least under Windows important to get
rit of the PCSC_E_SERVICE_STOPPED.
Also removes a potential problem in holding the reader_table_lock
between calls to apdu_dev_list_start apdu_dev_list_finish. There is
no need for this. Instead we bump the pcsc.count.
The reader_table_lock strategy should be reviewed; we may be able to
remove it.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-p15.c (read_p15_info): Improve D-TRUST card detection.
(do_getattr): Fix faulty code for the last commit. Append the product
name to MANUFACTURER.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-p15.c (get_dispserialno): Add dedicated handling for RSCS.
--
In fact we fix the display of the s/n because the s/n was taken from a
certificate.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-p15.c: Include openpgpdefs.h.
(struct prkdf_object_s): Add fields have_keytime and ecdh_kdf.
(read_p15_info): Set ecdh_kdf.
(keygrip_from_prkdf): Flag that we have the keytime.
(send_keypairinfo): Send the key time only if valid.
(send_key_fpr_line): New.
(send_key_fpr): New.
(do_getattr): Add KEY-FPR.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-p15.c (cdf_object_from_label): New.
(cdf_object_from_certid): Fallback to label matching.
(read_p15_info): Ditto.
(keygrip_from_prkdf): Ditto. Replace duplicated code by a call to
cdf_object_from_objid.
--
In case there is no certificate for a private key we now also try to
find a certificate using a matching label.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-nks.c (keygripstr_from_pk_file): Fix ignored error.
(get_nks_tag): New.
(do_learn_status_core): Use it. Make sure not to mange the
KEYPAIRINFO line if no usage is known.
(do_readkey): Output the KEYPAIRINFO for the keygrip case.
--
Note that this only handles the most common case of providing a
keygrip. $AUTHKEYID and ODLM are not yet supported.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-help.c (app_help_get_keygrip_string_pk): Make HEXKEYGRIP
parm optional.
* scd/command.c (do_readkey): Remove duplicate output of keypairinfo
lines.
--
Note that this change needs a fix in app-p15 which does not yet handle
the APP_READKEY_FLAG_INFO.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/ccid-driver.c (ccid_vendor_specific_pinpad_setup): New.
(ccid_vendor_specific_setup): Only send CLEAR_HALT.
(ccid_transceive_secure): Each time, use send_escape_cmd.
--
GnuPG-bug-id: 5297
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/command.c (cmd_learn): Add flag --reread.
* scd/app-common.h (struct app_ctx_s): New field need_reset.
* scd/app.c (write_learn_status_core): Set need_reset if we notice an
error after returning from a reread. Change all callers of card
functions to return GPG_ERR_CARD_RESET so that that app is not anymore
used.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-p15.c (do_deinit): Factor code out to ...
(release_lists, release_tokeninfo): new.
(read_ef_tokeninfo): Reset all data before reading.
(read_p15_info): Ditto.
(do_learn_status): Implement reread flag.
--
Objects of a card may be protected by a PIN and thus only readble
after a verify command. This new flag makes it possible to gather the
entire PKCS#15 card info again without a need for a reset (and thus
loss of the verify status).
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-p15.c (do_sign): Rewrite.
--
This basically works now but for my test card I need to pass
--cert-digest-algo-512 manually. Need to check this again and
automate it. It will also be useful to take the NotBefore timestamp
from the dummy X.509 certificate and use that for the PGP key creation
time.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/iso7816.c (iso7816_pso_csv): New.
* scd/app-help.c (app_help_pubkey_from_cert): Uncompress a point if
needed.
* scd/app-p15.c (CARD_PRODUCT_RSCS): New.
(struct prkdf_object_s): Add fields is_ecc, token_label, and
tokenflags.
(do_deinit): Free new fields.
(cardproduct2str): New.
(read_ef_prkdf): Set new is_ecc flag.
(read_ef_tokeninfo): Store some data and move Tokeninfo diags to ...
(read_p15_info): here. set the product info here after all data has
been gathered.
(send_keypairinfo): Chnage the way the gpgusage flags are used.
(make_pin_prompt): If the token has a label and the current cert has
no CN, show the label as holder info.
(do_sign): Support ECDSA. Take care of the gpgusage flags.
(do_decipher): Support ECDH. Take care of the gpgusage flags.
--
This has been tested with Trusted Object Manager generated cards by
Rohde & Schwarz Cybersecurity.
Signed-off-by: Werner Koch <wk@gnupg.org>