| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
* common/stringhelp.c (has_leading_keyword): New.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac [freebsd]: Do not add /usr/local to CPPFLAGS and
LDFLAGS.
--
Back in ~2000 we introduced a quick hack to make building of Libgcrypt
on FreeBSD easier by always adding -I/usr/local/include and
-L/usr/local/lib . It turned out that this is a bad idea if one wants
to build with library version which is not installed in /usr/local.
The hack made was eventually (in 2003) copied from Libgcrypt to
GnuPG-2.
|
| |
|
|
| |
--
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* g10/call-agent.h (agent_keytocard): New.
* g10/call-agent.c (agent_keytocard): New.
* g10/card-util.c (replace_existing_key_p): Returns 1 when replace.
(card_generate_subkey): Check return value of replace_existing_key_p.
(card_store_subkey): Implement again using agent_keytocard.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* agent/agent.h (divert_writekey, agent_card_writekey): New.
* agent/call-scd.c (inq_writekey_parms, agent_card_writekey): New.
* agent/command.c (cmd_keytocard, hlp_keytocard): New.
(register_commands): Add cmd_keytocard.
* agent/divert-scd.c (divert_writekey): New.
|
| | |
| |
| |
| | |
* doc/help.ja.txt, po/ja.po: Updated.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* NEWS: Mention scd changes.
* agent/divert-scd.c (getpin_cb): Change message.
* agent/call-scd.c (inq_needpin): Change the protocol to
POPUPPINPADPROMPT and DISMISSPINPADPROMPT.
* scd/command.c (pin_cb): Likewise.
* scd/apdu.c (struct reader_table_s): Rename member functions.
(check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify,
check_ccid_pinpad, ccid_pinpad_operation, apdu_check_pinpad
apdu_pinpad_verify, apdu_pinpad_modify): Rename.
* scd/apdu.h (SW_HOST_NO_PINPAD, apdu_check_pinpad)
(apdu_pinpad_verify, apdu_pinpad_modify): Rename.
* scd/iso7816.h (iso7816_check_pinpad): Rename.
* scd/iso7816.c (map_sw): Use SW_HOST_NO_PINPAD.
(iso7816_check_pinpad): Rename.
(iso7816_verify_kp, iso7816_change_reference_data_kp): Follow
the change.
* scd/ccid-driver.h (CCID_DRIVER_ERR_NO_PINPAD): Rename.
* scd/ccid-driver.c (ccid_transceive_secure): Use it.
* scd/app-dinsig.c (verify_pin): Follow the change.
* scd/app-nks.c (verify_pin): Follow the change.
* scd/app-openpgp.c (check_pinpad_request): Rename.
(parse_login_data, verify_a_chv, verify_chv3, do_change_pin): Follow
the change.
* scd/scdaemon.c (oDisablePinpad, oEnablePinpadVarlen): Rename.
* scd/scdaemon.h (opt): Rename to disable_pinpad,
enable_pinpad_varlen.
* tools/gpgconf-comp.c (gc_options_scdaemon): Rename to
disable-pinpad.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/gpg.c: Include shareddefs.h.
(main): Add option --pinentry-mode.
* g10/options.h (struct opt): Add field pinentry_mode.
* g10/passphrase.c: Include shareddefs.h.
(have_static_passphrase): Take care of loopback pinentry_mode.
(read_passphrase_from_fd): Ditto.
(get_static_passphrase): New.
(passphrase_to_dek_ext): Factor some code out to ...
(emit_status_need_passphrase): new.
* g10/call-agent.c (start_agent): Send the pinentry mode.
(default_inq_cb): Take care of the PASSPHRASE inquiry. Return a
proper error code.
(agent_pksign): Add args keyid, mainkeyid and pubkey_algo.
(agent_pkdecrypt): Ditto.
* g10/pubkey-enc.c (get_it): Pass new args.
* g10/sign.c (do_sign): Pass new args.
* g10/call-agent.c (struct default_inq_parm_s): New. Change all
similar structs to reference this one. Change all users and inquire
callback to use this struct, instead of NULL or some undefined but not
used structs. This change will help to eventually get rid of global
variables.
--
This new features allows to use gpg without a Pinentry. As a
prerequisite the agent must be configured to allow the loopback
pinentry mode (option --allow-loopback-pinentry). For example
gpg2 --pinentry-mode=loopback FILE.gpg
may be used to decrypt FILE.gpg while entering the passphrase on the
tty. If batch is used, --passphrase et al. may be used, if
--command-fd is used, the passphrase may be provided by another
process. Note that there are no try-again prompts in case of a bad
passphrase.
|
| | |
| |
| |
| | |
--
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* common/agent-opt.c: New.
* common/shareddefs.h: New.
* common/Makefile.am: Add new files.
* agent/agent.h: Include shareddefs.h.
(pinentry_mode_t): Factor out to shareddefs.h.
* agent/command.c (option_handler): Use parse_pinentry_mode.
|
| | |
| |
| |
| |
| |
| |
| | |
* agent/protect.c (hash_passphrase): Handle an empty passphrase.
--
This is mostly useful in loopback pinentry-mode.
|
| | |
| |
| |
| | |
* scd/app-openpgp.c (check_keypad_request): 0 means not to use pinpad.
|
| | |
| |
| |
| |
| | |
* scd/ccid-driver.c (ccid_vendor_specific_init): New.
(ccid_open_reader): Call ccid_vendor_specific_init.
|
| | |
| |
| |
| | |
* scd/app-openpgp.c (parse_login_data): Support P=N format.
|
| | |
| |
| |
| |
| |
| | |
* scd/apdu.c: Fill bTeoPrologue[2] field.
--
ccid-1.4.5 or older requires this field is filled by application.
|
| | |
| |
| |
| |
| |
| | |
* scd/app-openpgp.c (struct app_local_s): Remove VARLEN.
(parse_login_data): "P=0" means to disable pinpad.
(check_keypad_request): Default is to use pinpad if available.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/app-openpgp.c: Add 2013.
(struct app_local_s): Add keypad structure.
(parse_login_data): Add parsing keypad request on the card.
(check_keypad_request): New.
(verify_a_chv, verify_chv3, do_change_pin): Call check_keypad_request
to determine use of keypad.
|
| | |
| |
| |
| | |
* scd/ccid-driver.c (VENDOR_VEGA): Fix typo.
|
| | |
| |
| |
| |
| |
| |
| | |
* scd/ccid-driver.c: Add 2013.
(VENDER_VEGA, VEGA_ALPHA):New.
(ccid_transceive_secure): VEGA_ALPHA is same firmware as GEMPC_PINPAD.
Change bNumberMessage to 0x01, as it works better (was: 0xff).
|
| | |
| |
| |
| |
| |
| |
| | |
* scd/apdu.c (pcsc_keypad_verify): SUpport fixed length PIN input for
keypad.
(pcsc_keypad_modify): Likewise.
* scd/ccid-driver.c (ccid_transceive_secure): Clean up.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/iso7816.h (struct pininfo_s): Remove MODE and add FIXEDLEN.
* scd/app-dinsig.c (verify_pin): Initialize FIXEDLEN to unknown.
* scd/app-nks.c (verify_pin): Likewise.
* scd/app-openpgp.c (verify_a_chv, verify_chv3, do_change_pin):
Likewise.
* scd/apdu.c (check_pcsc_keypad): Add comment.
(pcsc_keypad_verify, pcsc_keypad_modify): PC/SC driver only support
readers with the feature of variable length input (yet).
(apdu_check_keypad): Set FIXEDLEN.
* scd/ccid-driver.c (ccid_transceive_secure): Add GEMPC_PINPAD
specific settings.
Support fixed length PIN input for keypad.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/iso7816.h (struct pininfo_s): Rename from iso7816_pininfo_s.
Change meaning of MODE.
(pininfo_t): Rename from iso7816_pininfo_t.
* scd/sc-copykeys.c: Include "iso7816.h".
* scd/scdaemon.c, scd/command.c: Likewise.
* scd/ccid-driver.c: Include "scdaemon.h" and "iso7816.h".
(ccid_transceive_secure): Follow the change of PININFO_T.
* scd/app.c: Include "apdu.h" after "iso7816.h".
* scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp)
(iso7816_change_reference_data_kp): Follow the change of API.
* scd/apdu.c (struct reader_table_s): Change API of CHECK_KEYPAD,
KEYPAD_VERIFY, KEYPAD_MODIFY to have arg of PININFO_T.
(check_pcsc_keypad, check_ccid_keypad): Likewise.
(apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify): Likewise.
(pcsc_keypad_verify, pcsc_keypad_modify, ct_send_apdu)
(pcsc_send_apdu_direct, pcsc_send_apdu_wrapped, pcsc_send_apdu)
(send_apdu_ccid, ccid_keypad_operation, my_rapdu_send_apdu, send_apdu)
(send_le): Follow the change of API.
* scd/apdu.h (apdu_check_keypad, apdu_keypad_verify)
(apdu_keypad_modify): Change the API.
* scd/app-dinsig.c, scd/app-nks.c, scd/app-openpgp.c: Follow the
change.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/apdu.c (struct pininfo_s): Use iso7816_pininfo_s.
(struct reader_table_s): Remove last arg from check_keypad method.
(check_pcsc_keypad, check_pcsc_keypad): Remove PIN_PADLEN.
(pcsc_keypad_verify, pcsc_keypad_modify): Don't check PIN_PADLEN.
(send_apdu_ccid, ccid_keypad_operation): Remove PIN_PADLEN.
(apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify):
Likewise.
* scd/apdu.h (apdu_check_keypad, apdu_keypad_verify)
(apdu_keypad_modify): Remove PIN_PADLEN.
* scd/ccid-driver.c (ccid_transceive_secure): Remove PIN_PADLEN.
* scd/ccid-driver.h (ccid_transceive_secure): Remove PIN_PADLEN.
* scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp)
(iso7816_change_reference_data_kp): Remove PADLEN.
* scd/iso7816.h (struct iso7816_pininfo_s): Remove PADLEN, PADCHAR.
--
In the OpenPGPcard specification, password comes with no padding. In
GnuPG, we support keypad input for OpenPGPcard only. Thus, it is
useless to try to support padding for keypad input.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/scdaemon.h (opt): Add enable_keypad_varlen.
* scd/scdaemon.c (cmd_and_opt_values): Add oEnableKeypadVarlen.
(opts, main): Add oEnableKeypadVarlen.
* scd/ccid-driver.c (GEMPC_PINPAD): New.
(ccid_transceive_secure): Add enable_varlen handling.
Enable GEMPC_PINPAD.
--
Note that GEMPC_PINPAD doesn't support variable length keypad input.
The feature of fixed length keypad input will be added soon.
|
| | |
| |
| |
| |
| | |
--
Also restructure the file and fix some obviously wrong things.
|
| | |
| |
| |
| |
| | |
* common/status.h (STATUS_BEGIN_STREAM, STATUS_END_STREAM)
(STATUS_SIEXPIRED): Remove unused codes.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* common/status.h (STATUS_PINENTRY_LAUNCHED): New.
* g10/server.c (server_local_s): Add field allow_pinentry_notify.
(option_handler): Add option "allow-pinentry-notify".
(gpg_proxy_pinentry_notify): New.
* g10/call-agent.c (default_inq_cb): Factor code out to the new
function.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* agent/call-pinentry.c (agent_popup_message_stop): Fix npth_join
return code.
--
pth_join returns TRUE (1) on success. But npth_join (and pthread_join)
returns 0 on success, returns error number on error.
|
| | |
| |
| |
| |
| | |
* g10/sign.c (update_keysig_packet): Override original signature's
digest algo in hashed data and for hash computation.
|
| | |
| |
| |
| | |
* configure.ac (build_scdaemon_extra): Remove $tmp cruft.
|
| | |
| |
| |
| |
| | |
* scd/apdu.c (apdu_check_keypad, apdu_keypad_verify)
(apdu_keypad_modify): Hold lock to serialize communication.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/ccid-driver.c (struct ccid_driver_s): Add auto_voltage,
auto_param, and auto_pps.
(parse_ccid_descriptor): Set auto_voltage, auto_param, and auto_pps.
Support non-autoconf readers.
(update_param_by_atr): New.
(ccid_get_atr): Use 5V for PowerOn when auto_voltage is not supported.
Use 0x10 when nonnull_nad for SetParameters.
Call update_param_by_atr for parsing ATR, and use param for
SetParameters.
Send PPS if reader requires it and card is negotiable.
When bNadValue in the return values of SetParameters == 0,
clear handle->nonnull_nad flag.
--
This change is to support more card readers by the internal driver.
Tested with 08e6:3478 Gemplus PinPad Smart Card Reader.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* po/ja.po: Fix wrong translations for designated revocation.
Reported by Hideki Saito.
Conflicts:
po/ja.po
|
| | |
| |
| |
| | |
* po/ja.po: Fix fuzzy translations.
|
| | |
| |
| |
| | |
* po/ja.po: Update with POT.
|
| | |
| |
| |
| | |
* po/ja.po: Start from the new one of 2.0.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* kbx/keybox-blob.c (put_membuf): Use a NULL buf to store zero bytes.
(create_blob_finish): Write just the needed space.
(create_blob_finish): Switch to SHA-1.
* kbx/keybox-dump.c (print_checksum): New.
(_keybox_dump_blob): Print the checksum and the verification status.
--
The checksum was never used in the past. Due to fast SHA-1
computations in modern CPUs we now use SHA-1. Eventually we will
support a First blob flag to enable the use of a secret or public
HMAC-SHA1. The first may be used for authentication of keyblocks and
the latter to mitigate collission attacks on SHA-1. It is not clear
whether this will be useful at all.
|
| | |
| |
| |
| |
| |
| | |
--
Mainly formatting updates. The only actual change is the checksum
which is now declared as SHA-1.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* common/iobuf.c (iobuf_seek): Fix for temp streams.
* g10/pubkey-enc.c (get_session_key, get_it): Add some log_clock calls.
* g10/keydb.c (dump_search_desc): New.
(enum_keyblock_states, struct keyblock_cache): New.
(keyblock_cache_clear): New.
(keydb_get_keyblock, keydb_search): Implement a keyblock cache.
(keydb_update_keyblock, keydb_insert_keyblock, keydb_delete_keyblock)
(keydb_rebuild_caches, keydb_search_reset): Clear the cache.
--
Gpg uses the key database at several places without a central
coordination. This leads to several scans of the keybox for the same
key. To improve that we now use a simple cache to store a retrieved
keyblock in certain cases. In theory this caching could also be done
for old keyrings, but it is a bit more work and questionable whether
it is needed; the keybox scheme is anyway much faster than keyrings.
Using a keybox with 20000 384 bit ECDSA/ECHD keypairs and a 252 byte
sample text we get these values for encrypt and decrypt operations on
an Core i5 4*3.33Ghz system. The option --trust-model=always is used.
Times are given in milliseconds wall time.
| | enc | dec | dec,q |
|-----------+-----+-----+-------|
| key 1 | 48 | 96 | 70 |
| key 10000 | 60 | 98 | 80 |
| key 20000 | 69 | 106 | 88 |
| 10 keys | 540 | 290 | 70 |
The 10 keys test uses a mix of keys, the first one is used for
decryption but all keys are looked up so that information about are
printed. The last column gives decryption results w/o information
printing (--quiet).
The keybox is always scanned sequentially without using any index. By
adding an index to the keybox it will be possible to further reduce
the time required for keys stored to the end of the file.
|
| | |
| |
| |
| | |
* common/logging.c (log_clock): Print in microseconds.
|
| | |
| |
| |
| |
| |
| | |
* g10/keydb.h (keydb_search): Remove macro.
* g10/keydb.c (keydb_search2): Rename to keydb_search. Change all
callers.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/keydb.c (parse_keyblock_image): Add args PK_NO and UID_NO and
set the note flags accordingly.
(keydb_get_keyblock): Transfer PK_NO and UID_NO to parse_keyblock_image.
* kbx/keybox-search.c (blob_cmp_fpr, blob_cmp_fpr_part)
(blob_cmp_name, blob_cmp_mail): Return the key/user number.
(keybox_search): Set the key and user number into the found struct.
(keybox_get_keyblock): Add args R_PK_NO and R_UID_NO and set them from
the found struct.
--
getkey.c needs to know whether the correct subkey was found. Thus we
need to set the node flags the same way we did it with the keyring
storage.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* common/logging.c (log_clock): New.
* g10/gpg.c (set_debug): Print clock debug flag.
* g10/options.h (DBG_CLOCK_VALUE, DBG_CLOCK): New.
--
To actually use log_clock you need to enable the code in
logginc.c:log_check() and link against librt. --debug 4096 may then
be used to enable it at runtime.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* kbx/keybox-search.c (blob_cmp_name): Add arg X509 and adjust for PGP
use. Change callers.
(blob_cmp_mail): Add arg X509 and find the mailbox offset for PGP.
Chnage callers.
(has_subject_or_alt): Rename to has_username.
(has_username): Allow blobtype PGP.
(has_mail): Ditto.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/getkey.c (cache_public_key): Make room in the cache if needed.
--
To create the selfsigs, the key generation code makes use of the key
cache. However, after 4096 the cache is filled up and then disabled.
Thus generating more than 4096 keys in one run was not possible. We
now clear the first half the inserted keys every time the cache gets
full.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/keydb.c (parse_keyblock_image): Add arg SIGSTATUS.
(keydb_get_keyblock): Handle it.
(build_keyblock_image): Add arg SIGSTATUS.
(keydb_insert_keyblock): Handle it.
* kbx/keybox-blob.c (pgp_create_sig_part): Add arg SIGSTATUS.
(_keybox_create_openpgp_blob): Ditto.
* kbx/kbxutil.c (import_openpgp): Adjust for above change.
* kbx/keybox.h (KEYBOX_FLAG_SIG_INFO): New.
* kbx/keybox-search.c (_keybox_get_flag_location): Handle new flag.
(keybox_get_keyblock): Add arg R_SIGSTATUS.
* kbx/keybox-update.c (keybox_insert_keyblock): Add arg SIGSTATUS.
--
With this change a key listing using the keybox format is now double
as fast as using a keyring. The memory use dropped as well. Measured
with about 1500 keys.
|
| | |
| |
| |
| | |
* kbx/keybox-dump.c (_keybox_dump_blob): Print the expirate timestamp.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/getkey.c (get_pubkey_fast): Improve the assertion.
* kbx/keybox.h: Include iobuf.h.
* kbx/keybox-blob.c (keyboxblob_uid): Add field OFF.
(KEYBOX_WITH_OPENPGP): Remove use of this macro.
(pgp_create_key_part_single): New.
(pgp_temp_store_kid): Change to use the keybox-openpgp parser.
(pgp_create_key_part): Ditto.
(pgp_create_uid_part): Ditto.
(pgp_create_sig_part): Ditto.
(pgp_create_blob_keyblock): Ditto.
(_keybox_create_openpgp_blob): Ditto.
* kbx/keybox-search.c (keybox_get_keyblock): New.
* kbx/keybox-update.c (keybox_insert_keyblock): New.
* g10/keydb.c (parse_keyblock_image):
(keydb_get_keyblock): Support keybox.
(build_keyblock_image): New.
(keydb_insert_keyblock): Support keybox.
* kbx/kbxutil.c (import_openpgp, main): Add option --dry-run and print
a kbx file to stdout.
* kbx/keybox-file.c (_keybox_read_blob2): Allow keyblocks up to 10^6
bytes.
--
Import and key listing does now work with the keybox format. It is
still quite slow and signature caching is completely missing.
Increasing the maximum allowed length for a keyblock was required due
to a 700k keyblock which inhibited kbxutil to list the file.
kbxutil's option name --import-openpgp is not quite appropriate
because it only creates KBX blobs from OpenPGP data.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* kbx/keybox-defs.h (_keybox_openpgp_key_info): Add field ALGO.
* kbx/keybox-openpgp.c (parse_key): Store algo.
* kbx/kbxutil.c (dump_openpgp_key): Print algo number.
* kbx/keybox-dump.c (_keybox_dump_blob): Print identical Sig-Expire
value lines with a range of indices.
|
