| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dns.c (dns_inet_pton, dns_so_tcp_keep): Use automatic
variables.
(dns_poll, dns_send_nopipe): Likewise, adding const qualifier.
--
Compound literals is a feature of C99. Because we only use C90 plus
some limited features, in the project, it's better to avoid it.
Besides, we make sure when it's read-only.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
| |
* scd/app-piv.c (verify_chv): Add arg 'force'.
(do_sign): Use force for 0x9c.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* tools/card-tool-keys.c: Rename to card-keys.c.
* tools/card-tool-misc.c: Rename to card-misc.c.
* tools/card-tool-yubikey.c: Rename to card-yubikey.c.
* tools/card-tool.h: Rename to gpg-card.h.
* tools/gpg-card-tool-w32info.rc: Rename to gpg-card-w32info.rc
* doc/card-tool.texi: Rename top gpg-card.texi
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* agent/divert-scd.c (divert_pkdecrypt): Skip a flags parameter.
--
The libgcrypt docs say that a "flags" parameter should always be used
in the input of pkdecrypt. Thus we should allow that parameter also
when parsing an s-expression to figure out the algorithm for use with
scdaemon.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* gpgscm/scheme.c (gc_reservation_failure): Fix adding ";".
[!NDEBUG] (scheme_init_custom_alloc): Don't init seserved_lineno.
--
Picked from libgpg-error commit of:
8a9397896fd202dcfb3fb46259e43bc05a0ddd2e
In some build environment, NDEBUG is defined (although it's
bad practice). This change supports such a situation.
GnuPG-bug-id: 3959
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/ccid-driver.c (ccid_open_usb_reader): Alway submit SET_INTERFACE
control transfer.
--
This handling is not mondatory, but it's better to do so, because
there are card reader with pinpad and token with ack button, which
support user interaction.
User interaction status should be reset at open time. The status
should be reset when the session is closed/stopped. In practice,
since cleanup routine in a driver may not be called properly, it's
good to submit SET_INTERFACE at open time.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/certreqgen.c (create_request): Fix for certmode.
--
When using an existing key from a card for certificate signing (in
contrast to the default of generating a CSR), the code tried to use
the same key for signing instead of the Signing-Key parameter. It is
perfectly okay to use the regular signing path via gpg-agent for
certificate creation - only self-signed certificates with a key on the
card require the direct use of the card key (via "SCD PKSIGN").
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* tools/card-call-scd.c (learn_status_cb): Handle extended
KEYPARIRINFO.
* tools/card-tool.h (struct key_info_s): Add field 'usage'.
* tools/gpg-card-tool.c (list_one_kinfo): Show usage flags.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (send_keypair_info): Append usage string.
* scd/app-piv.c (struct data_object_s): Remove column 'binary'. Add
column 'usage'.
(dump_all_do): Adjust for removed 'binary'.
(send_keypair_and_cert_info): Append usage string.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* tools/gpg-card-tool.c (list_one_kinfo): Print the keyref.
--
The named keys are nice but knowing the actual keyref mapping to them
is also useful.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* scd/app.c (check_conflict): Ignore "undefined".
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* sm/misc.c (transform_sigval): Allow for larger values of MDALGO and
PKALGO.
--
Libgcrypt already defines larger values for them, so we should be
prepared in case we use them in the future.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (clear_chv_status): New.
(do_change_pin): Use clear_chv_status.
(do_sign): Call clear_chv_status on GPG_ERR_TIMEOUT.
(do_auth, do_decipher): Likewise.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
| |
* scd/apdu.h (SW_ACK_TIMEOUT): New.
* scd/iso7816.c (map_sw): Return GPG_ERR_TIMEOUT for SW_ACK_TIMEOUT.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/openpgp/defs.scm: Add "disable-scdaemon". Remove
"scdaemon-program".
* tests/gpgme/gpgme-defs.scm, tests/gpgsm/gpgsm-defs.scm: Likewise.
* tests/inittests, tests/pkits/inittests: Add "disable-scdaemon"
--
Before this change, running "make check" accesses USB device by
scdaemon on host computer. If there is any smartcard/token available,
it may affect test results. Because default key choice depends on
smartcard/token availability now and existing tests have nothing about
testing smartcard/token, disabling scdaemon is good.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/call-pinentry.c (watch_sock): New.
(do_getpin): Spawn the watching thread.
--
While we don't have npth_cancel (and it's difficult to implement it
correctly), this is a kind of best compromise allowing a thread's
polling when pinentry is active.
GnuPG-bug-id: 2011
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
| |
* agent/call-pinentry.c (struct entry_parm_s): Add status.
(do_getpin): Use param->status.
(agent_askpin): Copy param->status. to pininfo.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
| |
* agent/call-pinentry.c (do_getpin): New.
(agent_askpin, agent_get_passphrase): Use do_getpin.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/call-agent.c (gpgsm_scd_pksign): Allow SHA512. Create proper
S-expression for EdDSA signature.
* sm/certreqgen.c (create_request): Force use of SHA512 when
using a ed25519 key.
* sm/misc.c (transform_sigval): Insert OID for ed25519.
--
GnuPG-bug-id: 4013
Signed-off-by: Damien Goutte-Gattat <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/call-agent.c (gpgsm_scd_pksign): Identify type of signing key
and format resulting S-expression accordingly.
* sm/misc.c (transform_sigval): Support ECDSA signatures.
--
Current GpgSM implementation assumes card-based keys are RSA keys.
This patch introduces support for ECDSA keys.
By itself this patch is not sufficient, we also need support
from libksba.
GnuPG-bug-id: 4092
Signed-off-by: Damien Goutte-Gattat <[email protected]>
|
| |
|
|
| |
Signed-off-by: Ingvar Hagelund <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/card-tool-yubikey.c: New.
* tools/Makefile.am (gpg_card_tool_SOURCES): Add it.
* tools/card-call-scd.c (scd_apdu): Allow returning data.
* tools/card-tool-misc.c (send_apdu): New. Move from gpg-card-tool.c
and let it return data. Change all callers.
* tools/gpg-card-tool.c (cmd_writecert): Prepend the certref with the
current application type.
(cmd_yubikey): New.
--
This command allows listing of active applications and to enable or
disable selected applications. This is in particular useful to
disable the OpenPGP application so that the PIV support can easily be
tested.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* scd/app-piv.c (do_decipher): New.
--
Note that ECDH decryption has not been tested due to the lack of ECC
support in gpgsm.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* common/util.h (GPG_ERR_NO_AUTH, GPG_ERR_BAD_AUTH): Add replacement
codes for gpgrt < 1.36.
* scd/app-piv.c (auth_adm_key):
(do_genkey, do_writecert): Use better error codes.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* scd/app-piv.c (concat_tlv_list): New.
(get_key_algorithm_by_dobj): Rename args for clarity.
(do_auth): factor all code out to ...
(do_sign): new. Implement RSA signing.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Get and show algo.
--
This extends the prompt to show something like
Serial number of the card: FF020001008A77F6
Available keys:
(1) 4130F84FA3704F4645924AEC3FFA48AD26D33656 PIV.9A nistp384
(2) AB2988FB8C227BCD5175BF92F66AA3A95AE83214 PIV.9E rsa2048
(3) DB7DDAEAA88534BA45CCD7A9B761425103EA2090 PIV.9C rsa2048
(4) BABB48C3D80ACCF9839F101DF2910966C8B988DF PIV.9D nistp256
Your selection? 1
Having the algorithm here is helpful in particular because right now
we support only RSA with X.509. Take care: PIV card based certificate
creation does not yet work.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/card-tool-misc.c (pubkey_algo_string): Move to ...
* common/sexputil.c (pubkey_algo_string): here.
--
The new gpg format for public key algorithms is useful at other places
as well. Thus we make this new function available. Note that the
code we use in gpg is not based on s-expressions and thus a new
function was required.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/card-call-scd.c (scd_genkey_cb): Make createtime optional.
(scd_genkey_cb): Ditto. Add arg algo.
* tools/gpg-card-tool.c (cmd_generate): Add options and factor card
specific code out to ...
(generate_openpgp, generate_generic): new functions.
--
This patch keeps the interactive OpenPGP mode but adds a pure command
line mode for other cards; in particular PIV cards. What we still
need to do is:
a) Add an interactive mode for PIV cards
b) Add a command line mode for OpenPGP cards.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* scd/app-piv.c (genkey_parse_ecc): New.
(get_keygrip_by_tag): Call that one.
(do_readkey): Call that one.
* scd/command.c (cmd_genkey): Add option --algo.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* common/server-help.c (get_option_value): New.
* common/stringhelp.c (ascii_strupr): New.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* tools/card-call-scd.c (scd_readkey): New.
* tools/card-tool-misc.c (pubkey_algo_string): New.
* tools/gpg-card-tool.c (list_one_kinfo): Print the algo.
--
It is convenient to see the actual algorithm of keys even if no
certificate has yet been created.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* tools/card-tool-keys.c (get_matching_keys): Fix segv.
* tools/gpg-card-tool.c (main): Init info.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-piv.c (struct genkey_result_s): Remove type and all users.
(send_keypair_and_cert_info): Print certinfo only if we got a cert..
(readcert_by_tag): Add arg r_mechanism and implement reading of public
keys.
(get_keygrip_by_tag): Use a public key to compute the keygrip.
(do_readcert): Make sure to only return a certificate.
(do_readkey): Read public key from the DO if a certificate is missing.
(get_key_algorithm_by_dobj): Get the algorithm also from a public key.
(does_key_exist): String changes.
(do_genkey): Remove result caching and store public key in the DO.
--
This removes the result cache and instead stores the public key in the
certificate object. This allows to properly list public keys at any
time after generating a key and before a new certificate is stored
there.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-piv.c (add_tlv): New.
(put_data): New.
(do_writecert): New.
(do_setattr): Remove usused special mode 0.
* tools/gpg-card-tool.c (cmd_writecert): Allow other cards than
OPENPGP.
(cmd_readcert): Ditto.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-piv.c (struct genkey_result_s): new.
(struct app_local_s): add member genkey_results.
(do_deinit): Free that one.
(flush_cached_data): Extend to delete all items.
(keyref_from_dobj): New.
(do_readkey): New.
(do_auth): Use keyref_from_dobj.
(does_key_exist): New.
(genkey_parse_rsa): New.
(do_genkey): New.
--
We need to extend the GENKEY in command.c to support other algos.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app.c (app_genkey): Add arg keytype.
* scd/app-common.h (struct app_ctx_s): Fitto for the genkey member.
* scd/command.c (cmd_genkey): Adjust for change.
* scd/iso7816.c (do_generate_keypair): Replace arg read_only by new
args p1 and p2.
(iso7816_read_public_key): Adjust for this.
(iso7816_generate_keypair): Add new args p1 and p2.
* scd/app-openpgp.c (do_genkey): Adjust for changes.
--
The OpenPGP card creates keys according to parameters read from a data
object. Other cards we are about to implement require a direct
specification of the requested keytype. This patch implements the
required changes.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* scd/app-common.h (APP_GENKEY_FLAG_FORCE): New.
* scd/app.c (app_change_pin): Rename arg reset_mode to flags and
change from int to unsigned int.
--
This is basically a documentation fix.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
| |
* scd/app-piv.c: Some refactoring
(do_change_chv): Implement.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with
"OPENPGP."
* tools/card-call-scd.c (scd_change_pin): Change API to use strings.
* tools/gpg-card-tool.c (cmd_passwd): Adjust for change.
(cmd_unblock): Ditto.
--
The generic keyref allows for better error detection in case a keyref
is send to a wrong card.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/card-tool.h (opt): Add field 'initialized'.
* tools/card-call-scd.c (scd_learn): Set it.
* tools/gpg-card-tool.c (main): Reworked.
(dispatch_command): New.
--
This work is not yet finished because most commands need some tweaks
for non-interactive work. What you already can do are things like:
$ gpg-card-tool list -- 'auth <oldkey' \
-- auth --setkey --raw 123456781234567812345678 -- help auth
Which will list the current card, authenticate using a hex encoded key
from the file "oldkey", set the new admin key to "123...78", and print
help for the auth command. Note that the -- acts as a delimiter
between commands. To use a double dash as argument to a command the
entire command must be quoted.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* tools/card-tool-misc.c (hex_to_buffer): New.
* tools/gpg-card-tool.c (get_data_from_file): Change to allow returning
a string.
(cmd_authenticate): New.
(cmds): Add command "authenticate".
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* scd/app-piv.c (flush_cached_data): New.
(auth_adm_key): New.
(set_adm_key): New.
(do_setattr): New.
* scd/command.c (MAXLEN_SETATTRDATA): New.
(cmd_setattr): Add an inquire option.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/card-tool-keys.c (keyblock_cache): New var.
(release_keyblock): Factor code out to a new do_release_keyblock. Add
a cache.
(flush_keyblock_cache): New.
(get_matching_keys): Use the cache.
* tools/gpg-card-tool.c (cmds): Add command "reset".
(interactive_loop): Implement reset.
--
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/card-tool-keys.c: New.
* tools/Makefile.am (gpg_card_tool_SOURCES): Add file.
* tools/card-tool.h (struct pubkey_s, pubkey_t): New.
(struct userid_s, userid_t): New.
(struct keyblock_s, keyblock_t): New.
* common/util.h (GNUPG_PROTOCOL_): New const
* tools/gpg-card-tool.c (aTest): Add temporary command.
(list_one_kinfo): Print info from gpg and gpgsm.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/keylist.c (list_one): Emit status line.
--
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* common/exectool.c (read_and_log_buffer_t): Take care of a --quiet
argument.
(gnupg_exec_tool_stream): Ditto.
--
If we pass --quiet to a program it should really shutup and the parent
should be quite as well.
|
| |
|
|
|
|
|
|
|
|
| |
* g10/misc.c (map_pk_gcry_to_openpgp): Add EdDSA mapping.
--
Due to this missing mapping a "gpg --export --full-gen-key" with
selection "13 - Existing key" did not worked for an ed25519 key.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* common/miscellaneous.c (decode_c_string): New.
--
This is basically a copy from the code we use in gpgme and gpa.
Signed-off-by: Werner Koch <[email protected]>
|
