| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* scd/app-openpgp.c (do_auth): Check the length in the heuristic.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (do_auth): Don't exclude Ed25519 for removing
digest OID.
--
GnuPG-bug-id: 7589
Fixes-commit: 3132bd90dc8db9c7fd19ba201918e95891306dc5
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/util.h (openpgp_curve_to_oid): Add new argument to select OID
by OpenPGP version.
* common/openpgp-oid.c (openpgp_curve_to_oid): Implement returning
selected OID for Curve25519.
* common/openpgp-fpr.c (compute_openpgp_fpr_ecc): Follow the change,
selecting by the version.
* g10/export.c (match_curve_skey_pk): Likewise.
(transfer_format_to_openpgp): Likewise.
* g10/gpg.c (list_config): Likewise, print new OID.
* g10/keygen.c (ecckey_from_sexp): Likewise, selecting by the version.
* sm/encrypt.c (ecdh_encrypt): Likewise, don't care.
* sm/minip12.c (build_ecc_key_sequence): Likewise, new OID.
* scd/app-openpgp.c (ecdh_params, gen_challenge): Likewise, don't
care.
(ecc_read_pubkey, change_keyattr_from_string, ecc_writekey): Likewise,
old OID.
--
GnuPG-bug-id: 7316
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/command.c (cmd_getinfo): Add subcommand "manufacturer".
* scd/app-openpgp.c (get_manufacturer): Rename to ...
(app_openpgp_manufacturer): this and make global.
--
Example:
$ gpg-connect-agent 'scd getinfo manufacturer 42' /bye
D Magrathea
OK
|
|
--
These are non-substantive corrections for minor spelling mistakes
within the GnuPG codebase.
With something like this applied to the codebase, and a judiciously
tuned spellchecker integrated as part of a standard test suite, it
should be possible to keep a uniform orthography within the project.
GnuPG-bug-id: 7116
|
|
--
|
|
* scd/app-openpgp.c (get_cached_data): When it comes with
its tag and length for the constructed Data Object, remove
them.
--
Cherry-pick master commit of:
35ef87d8d9db42c3077996317781986a692552cc
GnuPG-bug-id: 7058
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (get_cached_data): When it comes with
its tag and length for the constructed Data Object, remove
them.
--
GnuPG-bug-id: 7058
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (data_objects): These are constructed objects.
--
GnuPG-bug-id: 7058
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
--
|
|
* scd/app-openpgp.c (do_change_pin): Fix PIN length check. Add "R"
flag to the reset code prompt.
--
When using the reset code it was not possible to set a PIN of length
6. The "R" flags fixes a funny prompt.
Fixes-commit: efe325ffdf21205b90f888c8f0248bbd4f61404b
scd:openpgp: Allow PIN length of 6 also with a reset code.
* scd/app-openpgp.c (do_change_pin): Fix PIN length check. Add "R"
flag to the reset code prompt.
--
When using the reset code it was not possible to set a PIN of length
6. The "R" flags fixes a funny prompt.
Fixes-commit: 2376cdff1318688d94c95fd01adc4b2139c4a8c7
|
|
* scd/app-openpgp.c (do_change_pin): Make sure new PIN length
is longer than MINLEN.
--
GnuPG-bug-id: 6843
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (ecc_writekey): Use default ECDH parameters and
remove the now useless check.
--
This seems to be better than bailing out. In almost all cases our
standard parameters are used and if not, well, the fingerprint will be
wrong.
GnuPG-bug-id: 6378
|
|
* scd/app-openpgp.c (build_enter_admin_pin_prompt): Fix to use
GPG_ERR_PIN_BLOCKED.
(check_pin): Likewise.
--
Cherry-pick from master commit:
e6b3d53db36dba8aef640fc0a99cc079551a965a
GnuPG-bug-id: 6425
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (build_enter_admin_pin_prompt): Fix to use
GPG_ERR_PIN_BLOCKED.
(check_pin): Likewise.
--
GnuPG-bug-id: 6425
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (do_change_pin): Use GPG_ERR_BAD_RESET_CODE where
appropriate.
* common/util.h: Add error codes missing in gpgrt 1.46.
* agent/call-pinentry.c (unlock_pinentry): Handle
GPG_ERR_BAD_RESET_CODE.
(agent_askpin): Ditlo. Also simply condition.
(agent_get_passphrase): Ditto.
* g10/call-agent.c (status_sc_op_failure): Handle
GPG_ERR_BAD_RESET_CODE.
* g10/card-util.c (write_sc_op_status): Ditto.
* tools/card-call-scd.c (status_sc_op_failure): Ditto.
|
|
* agent/command.c (cmd_keytocard): Add new arg for ECDH params.
* scd/app-openpgp.c (ecc_writekey): Use provided ECDH params to
compute the fingerprint.
* g10/call-agent.c (agent_keytocard): Add arg ecdh_param_str.
* g10/keyid.c (ecdh_param_str_from_pk): New.
* g10/card-util.c (card_store_subkey): Pass ECDH params to writekey.
* g10/keygen.c (card_store_key_with_backup): Ditto.
* scd/app-openpgp.c (store_fpr): Add arg update.
(rsa_read_pubkey, ecc_read_pubkey): Add arg meta_update and avoid
writing the fingerprint back to the card if not set.
(read_public_key): Also add arg meta_update.
(get_public_key): Do not pass it as true here...
(do_genkey): ... but here.
(rsa_write_key, ecc_writekey): Force string the fingerprint.
--
The problem showed up because in 2.4 we changed the standard ECDH
parameter some years ago. Now when trying to write an ECDH key
created by 2.2 with 2.4 to an openpgp card, scdaemon computes a wrong
fingerprint and thus gpg was not able to find the key again by
fingerprint.
The patch also avoids updating the stored fingerprint in certain
situations.
This fix is somewhat related to
GnuPG-bug-id: 6378
|
|
* common/sexputil.c (get_rsa_pk_from_canon_sexp): Also allow private
keys.
(pubkey_algo_string): Ditto.
* scd/app-openpgp.c (do_writekey): Switch key attributes
--
The scd WRITEKEY command for OpenPGP cards missed proper support to
aautomagically switch key attributes based on the new key. We had
this only in GENKEY.
GnuPG-bug-id: 6378
|
|
* scd/app-openpgp.c (read_public_key): Fix the memory.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
--
|
|
--
|
|
* scd/app-openpgp.c (parse_algorithm_attribute): Handle the case
of firmware 5.4, too.
--
GnuPG-bug-id: 6070
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (do_readcert): Allow use of keygrip.
--
GnuPG-bug-id: 6002
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/command.c (hlp_keyinfo): Update.
(send_keyinfo): Add a USAGE argument.
* scd/scdaemon.h (send_keyinfo): Add a USAGE argument.
* scd/app-nks.c (set_usage_string): New.
(do_learn_status_core, do_readkey): Use set_usage_string.
(do_with_keygrip): Add USAGE to call send_keyinfo,
using set_usage_string.
* scd/app-openpgp.c (get_usage_string): New.
(send_keypair_info): Use get_usage_string.
(send_keyinfo_if_available): Add USAGE to call send_keyinfo,
using get_usage_string.
* scd/app-p15.c (set_usage_string): New.
(send_keypairinfo): Use set_usage_string.
(do_with_keygrip): Add USAGE to call send_keyinfo,
using set_usage_string.
* scd/app-piv.c (do_with_keygrip): Add USAGE to call send_keyinfo.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (parse_algorithm_attribute): Return the error.
(change_keyattr): Follow the change.
(app_select_openpgp): Handle the error of parse_algorithm_attribute.
--
This change allows following invocation of app_select_openpgp, which
may work well (if the problem is device side for initial connection).
GnuPG-bug-id: 5963
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
--
BTW, we should add a function to read out the entire table so that you
can ask scdaemon for that list. iirc, Kleopatra still uses a copy of
the table.
|
|
* scd/app-openpgp.c (parse_algorithm_attribute): Skip possibly bogus
octet in a key attribute.
--
GnuPG-bug-id: 5963
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (do_auth): Allow larger data for RSA-4096.
--
OpenPGPcard specification says that it will be rejected by the card
when it's larger. We have been the check on host side too, but it was
written when it only had a support for RSA-2048.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (do_auth): Use command chaining if available.
--
GnuPG-bug-id: 5935
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (rmd160_prefix, sha1_prefix, sha224_prefix)
(sha256_prefix, sha384_prefix, sha512_prefix): Move the scope up.
(gen_challenge): New.
(do_auth): Support challenge-response check if it signs correctly.
* scd/app.c (app_auth): Remove the check INDATA and INDATALEN.
* scd/command.c (cmd_pkauth): Support --challenge-response option.
--
GnuPG-bug-id: 5862
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (do_auth): Use extended Lc, when supported.
--
GnuPG-bug-id: 5682
Co-authored-by: Klas Lindfors
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
--
|
|
--
|
|
* scd/app-common.h (check_aid): New method.
* scd/app-openpgp.c (do_check_aid): New.
* scd/app-piv.c (do_check_aid): New.
* scd/app.c (check_external_interference): New.
(maybe_switch_app): Check interference to determine switching is
needed.
--
GnuPG-bug-id: 5484
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (do_change_pin): Allow null-string.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
--
|
|
* scd/app-openpgp.c (ecc_writekey): Don't remove zero-byte.
--
Fixes-commit: a25c99b156ca9acaa7712e9c09a6df0a7a23c833
GnuPG-bug-id: 5163
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (do_change_pin): Use correct CHVNO=1 for
pin2hash_if_kdf, for user's PIN.
--
GnuPG-bug-id: 5413
Signed-off-by: Kirill Elagin <[email protected]>
|
|
Signed-off-by: Werner Koch <[email protected]>
|
|
* scd/iso7816.c (CMD_SELECT_DATA): New.
(iso7816_select_data): New.
* scd/app-openpgp.c (do_readcert): Allow OpenPGP.1 and OPENPGP.2
(do_writecert): Ditto.
(do_setattr): Add CERT-1 and CERT-2.
--
This has been tested with a Zeitcontrol 3.4 card. A test with a
Yubikey 5 (firmware 5.2.6) claiming to support 3.4 failed.
Signed-off-by: Werner Koch <[email protected]>
|
|
* scd/app-openpgp.c (struct app_local_s): s/extcap_v3/is_v3/.
s/max_certlen_3/max_certlen. Change users.
--
The extcap_v3 flag is set if the version is 3 or later and as such
does not only declare that the v3 extcap layout is used. Make this
clear by renaming.
Likewise for max_certlen_3.
Signed-off-by: Werner Koch <[email protected]>
|
|
* scd/app-openpgp.c (struct app_local_s): Add new flag.
(get_cached_data): Force chace use if flag is set.
(app_select_openpgp): Avoid reading DO 6E multiple times.
--
The do not cache property of 6E was introduced so that we can change
for example key attributes without getting into with the cache.
However, for initial reading the cache makes a lot of sense and thus we
now use this hack to only temporary cache. A better strategy would be
to clear the cache when we change card data but that is more error
prone.
Signed-off-by: Werner Koch <[email protected]>
|
|
* scd/app-openpgp.c (struct app_local_s): Add ecc.algo field.
(send_key_attr): Use ecc.algo field.
(ecc_read_pubkey): Use ecc.algo field.
(ecc_writekey): Ed448 means EdDSA.
(parse_algorithm_attribute): Set ecc.algo field from card.
Add checking for Ed25519 for ECC_FLAG_DJB_TWEAK flag.
--
There used to be a possible support of Ed25519 with ECDSA, (instead of
EdDSA). To distinguish key for Ed25519 for EdDSA, we use the
flag: (flags eddsa). Ed448 has no support for ECDSA and defaults to
EdDSA even if no such flag.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (count_sos_bits): Handle an exceptional case.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/scdaemon.h (opt): Add field opcsc_shared.
* scd/scdaemon.c (opcscShared): New.
(opts): Add "--pcsc-shared".
(main): Set flag.
* scd/apdu.c (connect_pcsc_card): Use it.
(pcsc_get_status): Take flag in account.
* scd/app-openpgp.c (cache_pin): Bypass in shared mode.
(verify_chv2: Do not auto verify chv1 in shared mode.
* scd/app-piv.c (cache_pin): By pass caceh in shared mode.
--
This option should in general not be used. The patch tries to limit
bad effects but using shared mode is somewhat dangerous depending on
the other PC/SC users.
|
|
* scd/app-openpgp.c (count_sos_bits): New. Count as sos_write does.
(store_fpr): For ECC, use count_sos_bits.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
--
|
|
--
|
|
* scd/app-openpgp.c (do_decipher): Support with no prefix.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-common.h (APP_CARD): New. Use it in app-*.c to access
app->card.
--
This should help to make backporting to 2.2 easier.
|
