diff options
Diffstat (limited to 'g10/card-util.c')
| -rw-r--r-- | g10/card-util.c | 171 |
1 files changed, 116 insertions, 55 deletions
diff --git a/g10/card-util.c b/g10/card-util.c index b7eedc0c8..a1a099d85 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -216,6 +216,7 @@ get_manufacturer (unsigned int no) case 0x1337: return "Warsaw Hackerspace"; case 0x2342: return "warpzone"; /* hackerspace Muenster. */ + case 0x4354: return "Confidential Technologies"; /* cotech.de */ case 0x63AF: return "Trustica"; case 0xBD0E: return "Paranoidlabs"; case 0xF517: return "FSIJ"; @@ -231,13 +232,14 @@ get_manufacturer (unsigned int no) static void -print_sha1_fpr (estream_t fp, const unsigned char *fpr) +print_shax_fpr (estream_t fp, const unsigned char *fpr, unsigned int fprlen) { int i; if (fpr) { - for (i=0; i < 20 ; i+=2, fpr += 2 ) + /* FIXME: Fix formatting for FPRLEN != 20 */ + for (i=0; i < fprlen ; i+=2, fpr += 2 ) { if (i == 10 ) tty_fprintf (fp, " "); @@ -251,13 +253,14 @@ print_sha1_fpr (estream_t fp, const unsigned char *fpr) static void -print_sha1_fpr_colon (estream_t fp, const unsigned char *fpr) +print_shax_fpr_colon (estream_t fp, + const unsigned char *fpr, unsigned int fprlen) { int i; if (fpr) { - for (i=0; i < 20 ; i++, fpr++) + for (i=0; i < fprlen ; i++, fpr++) es_fprintf (fp, "%02X", *fpr); } es_putc (':', fp); @@ -273,7 +276,7 @@ print_keygrip (estream_t fp, const unsigned char *grp) { tty_fprintf (fp, " keygrip ....: "); for (i=0; i < 20 ; i++, grp++) - es_fprintf (fp, "%02X", *grp); + tty_fprintf (fp, "%02X", *grp); tty_fprintf (fp, "\n"); } } @@ -356,25 +359,25 @@ print_isoname (estream_t fp, const char *text, /* Return true if the SHA1 fingerprint FPR consists only of zeroes. */ static int -fpr_is_zero (const char *fpr) +fpr_is_zero (const char *fpr, unsigned int fprlen) { int i; - for (i=0; i < 20 && !fpr[i]; i++) + for (i=0; i < fprlen && !fpr[i]; i++) ; - return (i == 20); + return (i == fprlen); } -/* Return true if the SHA1 fingerprint FPR consists only of 0xFF. */ +/* Return true if the fingerprint FPR consists only of 0xFF. */ static int -fpr_is_ff (const char *fpr) +fpr_is_ff (const char *fpr, unsigned int fprlen) { int i; - for (i=0; i < 20 && fpr[i] == '\xff'; i++) + for (i=0; i < fprlen && fpr[i] == '\xff'; i++) ; - return (i == 20); + return (i == fprlen); } @@ -389,6 +392,7 @@ current_card_status (ctrl_t ctrl, estream_t fp, int rc; unsigned int uval; const unsigned char *thefpr; + unsigned int thefprlen; int i; if (serialno && serialnobuflen) @@ -521,22 +525,25 @@ current_card_status (ctrl_t ctrl, estream_t fp, } es_fputs ("cafpr:", fp); - print_sha1_fpr_colon (fp, info.cafpr1valid? info.cafpr1:NULL); - print_sha1_fpr_colon (fp, info.cafpr2valid? info.cafpr2:NULL); - print_sha1_fpr_colon (fp, info.cafpr3valid? info.cafpr3:NULL); + print_shax_fpr_colon (fp, info.cafpr1len? info.cafpr1:NULL, + info.cafpr2len); + print_shax_fpr_colon (fp, info.cafpr2len? info.cafpr2:NULL, + info.cafpr2len); + print_shax_fpr_colon (fp, info.cafpr3len? info.cafpr3:NULL, + info.cafpr3len); es_putc ('\n', fp); es_fputs ("fpr:", fp); - print_sha1_fpr_colon (fp, info.fpr1valid? info.fpr1:NULL); - print_sha1_fpr_colon (fp, info.fpr2valid? info.fpr2:NULL); - print_sha1_fpr_colon (fp, info.fpr3valid? info.fpr3:NULL); + print_shax_fpr_colon (fp, info.fpr1len? info.fpr1:NULL, info.fpr1len); + print_shax_fpr_colon (fp, info.fpr2len? info.fpr2:NULL, info.fpr2len); + print_shax_fpr_colon (fp, info.fpr3len? info.fpr3:NULL, info.fpr3len); es_putc ('\n', fp); es_fprintf (fp, "fprtime:%lu:%lu:%lu:\n", (unsigned long)info.fpr1time, (unsigned long)info.fpr2time, (unsigned long)info.fpr3time); es_fputs ("grp:", fp); - print_sha1_fpr_colon (fp, info.grp1); - print_sha1_fpr_colon (fp, info.grp2); - print_sha1_fpr_colon (fp, info.grp3); + print_shax_fpr_colon (fp, info.grp1, sizeof info.grp1); + print_shax_fpr_colon (fp, info.grp2, sizeof info.grp2); + print_shax_fpr_colon (fp, info.grp3, sizeof info.grp3); es_putc ('\n', fp); } else @@ -566,20 +573,20 @@ current_card_status (ctrl_t ctrl, estream_t fp, print_name (fp, "Private DO 3 .....: ", info.private_do[2]); if (info.private_do[3]) print_name (fp, "Private DO 4 .....: ", info.private_do[3]); - if (info.cafpr1valid) + if (info.cafpr1len) { tty_fprintf (fp, "CA fingerprint %d .:", 1); - print_sha1_fpr (fp, info.cafpr1); + print_shax_fpr (fp, info.cafpr1, info.cafpr1len); } - if (info.cafpr2valid) + if (info.cafpr2len) { tty_fprintf (fp, "CA fingerprint %d .:", 2); - print_sha1_fpr (fp, info.cafpr2); + print_shax_fpr (fp, info.cafpr2, info.cafpr2len); } - if (info.cafpr3valid) + if (info.cafpr3len) { tty_fprintf (fp, "CA fingerprint %d .:", 3); - print_sha1_fpr (fp, info.cafpr3); + print_shax_fpr (fp, info.cafpr3, info.cafpr3len); } tty_fprintf (fp, "Signature PIN ....: %s\n", info.chv1_cached? _("not forced"): _("forced")); @@ -612,24 +619,24 @@ current_card_status (ctrl_t ctrl, estream_t fp, info.chvretry[0], info.chvretry[1], info.chvretry[2]); tty_fprintf (fp, "Signature counter : %lu\n", info.sig_counter); tty_fprintf (fp, "Signature key ....:"); - print_sha1_fpr (fp, info.fpr1valid? info.fpr1:NULL); - if (info.fpr1valid && info.fpr1time) + print_shax_fpr (fp, info.fpr1len? info.fpr1:NULL, info.fpr1len); + if (info.fpr1len && info.fpr1time) { tty_fprintf (fp, " created ....: %s\n", isotimestamp (info.fpr1time)); print_keygrip (fp, info.grp1); } tty_fprintf (fp, "Encryption key....:"); - print_sha1_fpr (fp, info.fpr2valid? info.fpr2:NULL); - if (info.fpr2valid && info.fpr2time) + print_shax_fpr (fp, info.fpr2len? info.fpr2:NULL, info.fpr2len); + if (info.fpr2len && info.fpr2time) { tty_fprintf (fp, " created ....: %s\n", isotimestamp (info.fpr2time)); print_keygrip (fp, info.grp2); } tty_fprintf (fp, "Authentication key:"); - print_sha1_fpr (fp, info.fpr3valid? info.fpr3:NULL); - if (info.fpr3valid && info.fpr3time) + print_shax_fpr (fp, info.fpr3len? info.fpr3:NULL, info.fpr3len); + if (info.fpr3len && info.fpr3time) { tty_fprintf (fp, " created ....: %s\n", isotimestamp (info.fpr3time)); @@ -637,12 +644,14 @@ current_card_status (ctrl_t ctrl, estream_t fp, } tty_fprintf (fp, "General key info..: "); - thefpr = (info.fpr1valid? info.fpr1 : info.fpr2valid? info.fpr2 : - info.fpr3valid? info.fpr3 : NULL); - /* If the fingerprint is all 0xff, the key has no asssociated + thefpr = (info.fpr1len? info.fpr1 : info.fpr2len? info.fpr2 : + info.fpr3len? info.fpr3 : NULL); + thefprlen = (info.fpr1len? info.fpr1len : info.fpr2len? info.fpr2len : + info.fpr3len? info.fpr3len : 0); + /* If the fingerprint is all 0xff, the key has no associated OpenPGP certificate. */ - if ( thefpr && !fpr_is_ff (thefpr) - && !get_pubkey_byfprint (ctrl, pk, &keyblock, thefpr, 20)) + if ( thefpr && !fpr_is_ff (thefpr, thefprlen) + && !get_pubkey_byfprint (ctrl, pk, &keyblock, thefpr, thefprlen)) { print_pubkey_info (ctrl, fp, pk); if (keyblock) @@ -666,7 +675,7 @@ card_status (ctrl_t ctrl, estream_t fp, const char *serialno) { int err; strlist_t card_list, sl; - char *serialno0; + char *serialno0, *serialno1; int all_cards = 0; if (serialno == NULL) @@ -692,8 +701,6 @@ card_status (ctrl_t ctrl, estream_t fp, const char *serialno) for (sl = card_list; sl; sl = sl->next) { - char *serialno1; - if (!all_cards && strcmp (serialno, sl->d)) continue; @@ -714,7 +721,8 @@ card_status (ctrl_t ctrl, estream_t fp, const char *serialno) } /* Select the original card again. */ - err = agent_scd_serialno (&serialno0, serialno0); + err = agent_scd_serialno (&serialno1, serialno0); + xfree (serialno1); leave: xfree (serialno0); @@ -845,9 +853,10 @@ fetch_url (ctrl_t ctrl) rc = keyserver_fetch (ctrl, sl, KEYORG_URL); free_strlist (sl); } - else if (info.fpr1valid) + else if (info.fpr1len) { - rc = keyserver_import_fprint (ctrl, info.fpr1, 20, opt.keyserver, 0); + rc = keyserver_import_fprint (ctrl, info.fpr1, info.fpr1len, + opt.keyserver, 0); } } @@ -1309,11 +1318,11 @@ static void show_card_key_info (struct agent_card_info_s *info) { tty_fprintf (NULL, "Signature key ....:"); - print_sha1_fpr (NULL, info->fpr1valid? info->fpr1:NULL); + print_shax_fpr (NULL, info->fpr1len? info->fpr1:NULL, info->fpr1len); tty_fprintf (NULL, "Encryption key....:"); - print_sha1_fpr (NULL, info->fpr2valid? info->fpr2:NULL); + print_shax_fpr (NULL, info->fpr2len? info->fpr2:NULL, info->fpr2len); tty_fprintf (NULL, "Authentication key:"); - print_sha1_fpr (NULL, info->fpr3valid? info->fpr3:NULL); + print_shax_fpr (NULL, info->fpr3len? info->fpr3:NULL, info->fpr3len); tty_printf ("\n"); } @@ -1324,9 +1333,9 @@ replace_existing_key_p (struct agent_card_info_s *info, int keyno) { log_assert (keyno >= 0 && keyno <= 3); - if ((keyno == 1 && info->fpr1valid) - || (keyno == 2 && info->fpr2valid) - || (keyno == 3 && info->fpr3valid)) + if ((keyno == 1 && info->fpr1len) + || (keyno == 2 && info->fpr2len) + || (keyno == 3 && info->fpr3len)) { tty_printf ("\n"); log_info ("WARNING: such a key has already been stored on the card!\n"); @@ -1620,9 +1629,9 @@ generate_card_keys (ctrl_t ctrl) else want_backup = 0; - if ( (info.fpr1valid && !fpr_is_zero (info.fpr1)) - || (info.fpr2valid && !fpr_is_zero (info.fpr2)) - || (info.fpr3valid && !fpr_is_zero (info.fpr3))) + if ( (info.fpr1len && !fpr_is_zero (info.fpr1, info.fpr1len)) + || (info.fpr2len && !fpr_is_zero (info.fpr2, info.fpr2len)) + || (info.fpr3len && !fpr_is_zero (info.fpr3, info.fpr3len))) { tty_printf ("\n"); log_info (_("Note: keys are already stored on the card!\n")); @@ -2101,6 +2110,49 @@ kdf_setup (const char *args) leave: agent_release_card_info (&info); } + +static void +uif (int arg_number, const char *arg_rest) +{ + struct agent_card_info_s info; + int feature_available; + gpg_error_t err; + char name[100]; + unsigned char data[2]; + + memset (&info, 0, sizeof info); + + err = agent_scd_getattr ("EXTCAP", &info); + if (err) + { + log_error (_("error getting card info: %s\n"), gpg_strerror (err)); + return; + } + + feature_available = info.extcap.bt; + agent_release_card_info (&info); + + if (!feature_available) + { + log_error (_("This command is not supported by this card\n")); + tty_printf ("\n"); + return; + } + + snprintf (name, sizeof name, "UIF-%d", arg_number); + if ( !strcmp (arg_rest, "off") ) + data[0] = 0x00; + else if ( !strcmp (arg_rest, "on") ) + data[0] = 0x01; + else if ( !strcmp (arg_rest, "permanent") ) + data[0] = 0x02; + + data[1] = 0x20; + + err = agent_scd_setattr (name, data, 2, NULL); + if (err) + log_error (_("error for setup UIF: %s\n"), gpg_strerror (err)); +} /* Data used by the command parser. This needs to be outside of the function scope to allow readline based command completion. */ @@ -2111,7 +2163,7 @@ enum cmdids cmdNAME, cmdURL, cmdFETCH, cmdLOGIN, cmdLANG, cmdSEX, cmdCAFPR, cmdFORCESIG, cmdGENERATE, cmdPASSWD, cmdPRIVATEDO, cmdWRITECERT, cmdREADCERT, cmdUNBLOCK, cmdFACTORYRESET, cmdKDFSETUP, - cmdKEYATTR, + cmdKEYATTR, cmdUIF, cmdINVCMD }; @@ -2143,10 +2195,11 @@ static struct { "generate", cmdGENERATE, 1, N_("generate new keys")}, { "passwd" , cmdPASSWD, 0, N_("menu to change or unblock the PIN")}, { "verify" , cmdVERIFY, 0, N_("verify the PIN and list all data")}, - { "unblock" , cmdUNBLOCK,0, N_("unblock the PIN using a Reset Code") }, + { "unblock" , cmdUNBLOCK,0, N_("unblock the PIN using a Reset Code")}, { "factory-reset", cmdFACTORYRESET, 1, N_("destroy all keys and data")}, { "kdf-setup", cmdKDFSETUP, 1, N_("setup KDF for PIN authentication")}, { "key-attr", cmdKEYATTR, 1, N_("change the key attribute")}, + { "uif", cmdUIF, 1, N_("change the User Interaction Flag")}, /* Note, that we do not announce these command yet. */ { "privatedo", cmdPRIVATEDO, 0, NULL }, { "readcert", cmdREADCERT, 0, NULL }, @@ -2438,6 +2491,14 @@ card_edit (ctrl_t ctrl, strlist_t commands) key_attr (); break; + case cmdUIF: + if ( arg_number < 1 || arg_number > 3 ) + tty_printf ("usage: uif N [on|off|permanent]\n" + " 1 <= N <= 3\n"); + else + uif (arg_number, arg_rest); + break; + case cmdQUIT: goto leave; |