aboutsummaryrefslogtreecommitdiffstats
path: root/scd/app-openpgp.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* scd: Use app_get_slot at more places.Werner Koch2022-11-251-33/+43
| | | | | | -- This is helpful for backporting other changes.
* scd:openpgp: Fix workaround for Yubikey heuristics.NIIBE Yutaka2022-07-131-8/+21
| | | | | | | | | | | | | * scd/app-openpgp.c (parse_algorithm_attribute): Handle the case of firmware 5.4, too. -- Cherry-picked master commit of: f34b9147eb3070bce80d53febaa564164cd6c977 GnuPG-bug-id: 6070 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fail when no good algorithm attribute.NIIBE Yutaka2022-07-131-18/+29
| | | | | | | | | | | | | | | | | * scd/app-openpgp.c (parse_algorithm_attribute): Return the error. (change_keyattr): Follow the change. (app_select_openpgp): Handle the error of parse_algorithm_attribute. -- Backport master commit of: 53eddf9b9ea01210f71b851b5cb92a5f1cdb6f7d This change allows following invocation of app_select_openpgp, which may work well (if the problem is device side for initial connection). GnuPG-bug-id: 5963 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Don't inhibit SSH authentication for larger data if it can.NIIBE Yutaka2022-07-121-0/+5
| | | | | | | | | | | | * scd/app-openpgp.c (do_auth): Use command chaining if available. -- Cherry-picked from master branch of: e8fb8e2b3e66d5ea8a3dc90afdc14611abf2c3da GnuPG-bug-id: 5935 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add workaround for ECC attribute on Yubikey.NIIBE Yutaka2022-05-101-1/+2
| | | | | | | | | | | | | * scd/app-openpgp.c (parse_algorithm_attribute): Skip possibly bogus octet in a key attribute. -- Apply master commit of: 054d14887ef8fa1cbadef4ed2ea28213f25f5d25 GnuPG-bug-id: 5963 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE.NIIBE Yutaka2021-11-151-0/+8
| | | | | | | | | | * scd/app-openpgp.c (do_auth): Use extended Lc, when supported. -- GnuPG-bug-id: 5682 Co-authored-by: Klas Lindfors Signed-off-by: NIIBE Yutaka <[email protected]>
* Update OpenPGP card vendor list.Werner Koch2021-07-041-1/+4
| | | | --
* scd: Fix unblock PIN by a Reset Code with KDF.Kirill Elagin2021-05-041-1/+1
| | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Use correct CHVNO=1 for pin2hash_if_kdf, for user's PIN. -- GnuPG-bug-id: 5413 Signed-off-by: Kirill Elagin <[email protected]> (cherry picked from commit f209d7d2db0e963a6ad1fa8c4f0c034ba0297842)
* scd: New option --pcsc-shared.Werner Koch2021-04-291-1/+1
| | | | | | | | | | | | | | | | | | * scd/scdaemon.h (opt): Add field opcsc_shared. * scd/scdaemon.c (opcscShared): New. (opts): Add "--pcsc-shared". (main): Set flag. * scd/apdu.c (connect_pcsc_card): Use it. (pcsc_get_status): Take flag in account. * scd/app-openpgp.c (verify_chv2): Do not auto verify chv1 in shared mode. -- This option should in general not be used. The patch tries to limit bad effects but using shared mode is somewhat dangerous depending on the other PC/SC users. (cherry picked from commit 5732e7a8e97cebf8e850c472e644e2a9b040836f)
* common: Extend the openpgp_curve_to_oid function.Werner Koch2021-04-291-4/+4
| | | | | | | | | | | * common/openpgp-oid.c (openpgp_curve_to_oid): Add optional arg R_NBITS. Change all callers. -- In particular for ed25519 and cv25519 it is quite useful to have an ability to get the required algorithm. (cherry picked from commit 24095101a5069f15a9aea7512498ac436a76814a)
* scd: Change parameters of readkey fucntion pointer.Werner Koch2021-02-191-2/+2
| | | | | | * scd/app-common.h (APP_READKEY_FLAG_ADVANCED): New. (struct app_ctx_s): Replace param advanced by flags in readkey. Change all users.
* scd: Pass ctrl parameter to more app functions.Werner Koch2021-02-191-11/+20
| | | | | | | | * scd/app-common.h (struct app_ctx_s): Add parameter ctrl to function pointers for readkey, setattr, sign, auth, decipher, and check_pin. -- This is a yet another patch to allow for easier backporting.
* scd: Detect Yubikey and provide nicer display-s/n.Werner Koch2021-02-191-7/+4
| | | | | | | | | * scd/app-common.h (struct app_ctx_s): Rename unused field card_version to cardversion. * scd/app.c (app_new_register): Add code rom 2.3 to detect the Yubikey and set cardversion. (app_get_dispserialno): New. * scd/app-openpgp.c (do_getattr): Use app_get_dispserialno.
* scd: Change the apptype from a string to an enum.Werner Koch2021-02-191-13/+13
| | | | | | | | | | | | | | | | | | * scd/app-common.h (cardtype_t): New. (apptype_t): New. (struct app_ctx_s): Change type of field apptype. Add fields appversion and cardtype. Adjust all app-*.c for the new type. * scd/app.c (supported_app_list): New. (strapptype): New. (apptype_from_name): New. (app_dump_state): Use strapptype. (app_write_learn_status): Ditto. (app_getattr): Ditto. (check_conflict): Use apptype_from_name and integer comparison. * scd/app-openpgp.c: Replace app->card_version by app->appversion. -- This is another patch to make backporting from 2.3 easier.
* scd: Add some compatibility code for easier backporting.Werner Koch2021-02-191-1/+0
| | | | | | | | | | | | | | | | | | | | | | | * scd/app-common.h (APP_WRITEKEY_FLAG_FORCE): New. (APP_READKEY_FLAG_INFO): New. (APP_LEARN_FLAG_KEYPAIRINFO): New. (APP_LEARN_FLAG_MULTI): New. (struct app_ctx_s): New forward declaration. (struct app_ctx_s): Add members prep_reselect, reselect, and with_keygrip. (KEYGRIP_ACTION_SEND_DATA): New. (KEYGRIP_ACTION_WRITE_STATUS): New. (KEYGRIP_ACTION_LOOKUP): New. (APP_CARD): New macro. * scd/scdaemon.h: Include app-common.h and remove from all other files. (app_t): Move typedef to ... * scd/app-common.h: here. -- These changes will make it easier to backport changes from 2.3 to 2.2. Signed-off-by: Werner Koch <[email protected]>
* scd:openpgp: Fix writing ECC key to card.NIIBE Yutaka2020-12-071-6/+27
| | | | | | | | | | | | | * scd/app-openpgp.c (build_privkey_template): Adding another argument of ecc_d_fixed_len to handle variable-size MPI. -- Backport from master commit of: a25c99b156ca9acaa7712e9c09a6df0a7a23c833 GnuPG-bug-id: 5163 Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: Fix typosGavin L. Rebeiro2020-11-231-1/+1
| | | | | | | | | -- GnuPG-bug-id: 5071 Also fixed one in keyformat.txt [wk]. (cherry picked from commit 572bcacc287d24d0a2cc56442f9fb6a9ac49e12d)
* scd:openpgp: Public keys should be available for check_keyidstr.NIIBE Yutaka2020-11-191-0/+5
| | | | | | | | | | * scd/app-openpgp.c (check_keyidstr): Call get_public_key. -- GnuPG-bug-id: 5065 Fixes-commit: 1049f06c6d2e1a833af4c73ea67a05417bbd0967 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:openpgp: Drop support for GnuPG 1.Werner Koch2020-11-161-36/+1
| | | | | | | | | | -- It does not make sense to keep support form GnuPG 1 here given that we don't intend to ever backport any of the current stuff to the legacy version. Signed-off-by: Werner Koch <[email protected]>
* scd:openpgp: Allow keygrip to be used to reference a keyWerner Koch2020-11-161-141/+129
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): Add keygrip_str. (store_keygrip): New. (read_public_key): Store the keygrip. (get_public_key): Sitto. (send_keypair_info): USe the stored keygrip. (check_keyidstr): New. Factored out from other functions and extended. (do_sign): Use check_keyidstr. (do_auth): Ditto. (do_decipher): Ditto. (do_check_pin): Ditto. -- This code is a backport of commits: b0f0791e4ade845b2a0e2a94dbda4f3bf1ceb039 cd: Factor out a function to check keyidstr. 4c4999b8185ace55eb5f3a6fa7d3dc0a77267b63 scd:openpgp: Allow PKSIGN with keygrip also for OPENPGP.3. e769609cd3c12d2e26955538399172016f78d2d4 scd: Allow KEYGRIP as KEYIDSTR. Co-authored-by: NIIBE Yutaka <[email protected]> Signed-off-by: Werner Koch <[email protected]>
* scd: Add a workaround for Yubikey.NIIBE Yutaka2020-10-061-0/+6
| | | | | | | | | | | | | | | * scd/app-openpgp.c (get_public_key): Handle wrong code for Yubikey. -- Backport master commit of: 0db9c83555b4a8a0c52f96e96ec20dbfd3d75272 Yubikey version 5 s/n 609074582 returns 0x6982, version 5.2.4 s/n 610616049 returns 0x6581, where 0x6a88 is expected. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Silence compiler warning.NIIBE Yutaka2020-10-061-3/+3
| | | | | | | | | | | | * scd/app-openpgp.c (build_ecc_privkey_template): Fix allocation size. -- Cherry-picked from master commit of: 2a34a2afea5fcb5f4ed206afa110650db3dd7ef0 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Report any error for LEARN command.NIIBE Yutaka2020-10-061-28/+63
| | | | | | | | | | | | * scd/app-openpgp.c (do_learn_status): Report any error. -- Backport master commit of: 862d9c6face9b4ad61f6e59bf1ba9b5f5d05c58c Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix the use case of verify_chv2 by CHECKPIN.NIIBE Yutaka2020-09-161-16/+20
| | | | | | | | | | | | | * scd/app-openpgp.c (verify_chv2): Call verify_a_chv with chvno=1 when needed. -- Backport of master commit of: 6e51f2044aebb885ea81dae259db1b7f477b1c44 Fixes-commit: d2f1a0a791db3eb03c003365cbcd010bd8066edb Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix a regression for OpenPGP card.NIIBE Yutaka2020-09-011-0/+5
| | | | | | | | | | | * scd/app-openpgp.c (verify_chv2): Make sure loading keys. -- Fixes-commit: d2f1a0a791db3eb03c003365cbcd010bd8066edb Reported-by: Michał Górny GnuPG-bug-id: 5039 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add condition for VERIFY with 0x82.NIIBE Yutaka2020-08-271-4/+9
| | | | | | | | | | | | | | | | * scd/app-openpgp.c (verify_chv2): Check availability of keys in question. -- Backport master commit of: af189be481df02a77e088aa0a60a1fc02dfa12bf With buggy Gnuk (<= 1.2.15), when no encr/auth keys are available, it fails decrementing the signature error counter. This change can avoid the issue. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix condition for C5 data object for newer Yubikey.NIIBE Yutaka2020-05-291-1/+1
| | | | | | | | | | | | * scd/app-openpgp.c (compare_fingerprint): Relax the condition. -- Cherry-picked from master commit of: f3df8dbb696fed192501fa7f741c2e0e0936a3d5 GnuPG-bug-id: 4957 Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Change argument order of log_printhex.Werner Koch2020-05-121-6/+6
| | | | | | | | | | | | * common/logging.c (log_printhex): Chnage order of args. Make it printf alike. Change all callers. * configure.ac: Add -Wno-format-zero-length -- This makes it consistent with modern libgpgrt logging and thus eases back porting from newer GnuPG versions which use libgpgrt logging. Signed-off-by: Werner Koch <[email protected]>
* scd:openpgp: New attribute "MANUFACTURER".Werner Koch2020-04-151-0/+50
| | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (get_manufacturer): New.. (do_getattr): Add new attribute "MANUFACTURER". (do_learn_status): Always print it. -- This will make it easy to maintain the list of OpenPGP vendors at just one place. Signed-off-by: Werner Koch <[email protected]> Backported from master: .. or well in master and 2.2 Signed-off-by: Werner Koch <[email protected]>
* scd: Fix pinpad handling when KDF enabled.NIIBE Yutaka2020-03-181-0/+2
| | | | | | | | | | * scd/app-openpgp.c (do_getattr): Send the KDF DO information. -- Fixes-commit: 95c7498b76231d3297541172d878f6a26702539b Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 11da441016222337284c519ff56aca34e3042373)
* scd: Disable pinpad if it's impossible by KDF DO.NIIBE Yutaka2020-03-181-6/+29
| | | | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): Add pinpad.disabled field. (do_getattr): Set pinpad.disabled field. (check_pinpad_request): Use the pinpad.disabled field. (do_setattr): Update pinpad.disabled field. -- GnuPG-bug-id: 4832 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 95c7498b76231d3297541172d878f6a26702539b) Signed-off-by: Werner Koch <[email protected]>
* scd:openpgp: Extend keypairinfo with usage flags.Werner Koch2019-08-211-0/+10
| | | | | | | * scd/app-openpgp.c (send_keypair_info): Return usage. -- Signed-off-by: Werner Koch <[email protected]>
* scd: New standard attributes $ENCRKEYID and $SIGNKEYID.Werner Koch2019-08-211-0/+14
| | | | | | | | | | | | | | | | | | | | * g10/call-agent.c (agent_scd_keypairinfo): Use --keypairinfo. * sm/call-agent.c (gpgsm_agent_scd_keypairinfo): Ditto. * scd/app-openpgp.c (do_getattr): Add attributes "$ENCRKEYID" and "$SIGNKEYID". * scd/app-nks.c (do_getattr): Add attributes too. -- We already have $AUTHKEYID to locate the keyref of the key to be used with ssh. It will also be useful to have default keyref for encryption and signing. For example, this will allow us to replace the use of "OPENPGP.2" by a app type specific keyref. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 2b1135cf920cf3d863813d60f032d476dcccfb58) Removed changes for the non-existing app-piv.c. Added support for NKS.
* gpg: Repurpose the ISO defined DO "sex" to "salutation".Werner Koch2019-08-211-1/+1
| | | | | | | | | | | | | * g10/card-util.c (current_card_status): String changes. (change_sex): Description change. (cmds): Add "salutation"; keep "sex" as an alias. -- Note that we can't change the used values or tags but at least the UI should show reflect the real purpose of the field. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 166f3f9ec40888e10cb0c51017944bfc57503fc1)
* spelling: Fix "synchronize"Daniel Kahn Gillmor2019-06-241-1/+1
| | | | Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* g10: Fix symmetric cipher algo constant for ECDH.NIIBE Yutaka2019-03-271-2/+2
| | | | | | | | | | | * g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for ECC strength 384, according to RFC-6637. -- Reported-by: Trevor Bentley Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit af3efd149f555d36a455cb2ea311ff81caf5124c)
* scd: Fix flushing of CA-FPR data objectsWerner Koch2019-03-071-20/+22
| | | | | | | | | | | | | | | | | * scd/app-openpgp.c (do_setattr): Add new table item to flush a different tag. -- For whatever reasons the OpenPGP card reads the 3 CA fingerprints from one object but sets them individually using 3 different tags. The cache flushing was not prepared for this and so a changed CA fingerprint showed only up after a card reset. This patch fixes it. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit c9f4c1f0de06672c6ae2b793d86cc001d131f9a6) Fixed conflict by removing the UIF-* entries from the table.
* scd: Make app_genkey and supporting ISO function more flexible.Werner Koch2019-02-111-3/+5
| | | | | | | | | | | | | | | | | | | | * scd/app.c (app_genkey): Add arg keytype. * scd/app-common.h (struct app_ctx_s): Fitto for the genkey member. * scd/command.c (cmd_genkey): Adjust for change. * scd/iso7816.c (do_generate_keypair): Replace arg read_only by new args p1 and p2. (iso7816_read_public_key): Adjust for this. (iso7816_generate_keypair): Add new args p1 and p2. * scd/app-openpgp.c (do_genkey): Adjust for changes. -- The OpenPGP card creates keys according to parameters read from a data object. Other cards we are about to implement require a direct specification of the requested keytype. This patch implements the required changes. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 9a9cb0257aebb1480b999fdf9d90904083eb8e3c)
* scd: Allow standard keyref scheme for app-openpgp.Werner Koch2019-02-111-1/+14
| | | | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with "OPENPGP." -- The generic keyref allows for better error detection in case a keyref is send to a wrong card. This has been taken from master commit 3231ecdafd71ac47b734469b07170756979ede72 which has additional changed for gpg-card-tool, which is only available there. Signed-off-by: Werner Koch <[email protected]>
* scd: Add option --clear to PASSWD.Werner Koch2019-01-221-0/+4
| | | | | | | | | | | | | | | | * scd/command.c (cmd_passwd): Add option --clear. (send_status_printf): New. * scd/app-common.h (APP_CHANGE_FLAG_CLEAR): New. * scd/app-nks.c (do_change_pin): Return an error if that option is used. * scd/app-openpgp.c (do_change_pin): Ditto. -- Card application may support this option to clear the PIN verification status of a specific PIN. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 29929e65521279eabc98a67c766fe485057405a9)
* scd: Make "learn" report about KDF data object.NIIBE Yutaka2018-12-061-0/+2
| | | | | | | | | | * scd/app-openpgp.c (do_learn_status): Report KDF attr. * g10/card-util.c (current_card_status): Output KDF for with_colons. -- Backport of master commit: 05d163aebc04db109ec5e004eb04a4b3796f6421 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix signing authentication status.NIIBE Yutaka2018-10-151-1/+4
| | | | | | | | | | | | | | | | * scd/app-openpgp.c (do_sign): Clear DID_CHV1 after signing. -- Cherry-picked from master commit of: 78f542e1f4495195db2e668f9cd41657fb1afc77 We have a corner case: In "not forced" situation and authenticated, and it is changed to "forced", card implementaiton can actually accept signing, but GnuPG requires authentication, because it is "forced". GnuPG-bug-id: 4177 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Writing KDF resets auth state.NIIBE Yutaka2018-04-031-1/+7
| | | | | | * scd/app-openpgp.c (do_setattr): Clear auth state. Signed-off-by: NIIBE Yutaka <[email protected]>
* g10,scd: Support single salt for KDF data object.NIIBE Yutaka2018-03-301-7/+22
| | | | | | | | | | | | | | * g10/card-util.c (gen_kdf_data): Support single salt. (kdf_setup): Can have argument for single salt. * scd/app-openpgp.c (pin2hash_if_kdf): Support single salt. -- Gnuk has "admin-less" mode. To support "admin-less" mode with KDF feature, salt should be same for user and admin. Thus, I introduce a valid use of single salt. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Support changing key attribute back to RSA.NIIBE Yutaka2018-03-301-6/+18
| | | | | | | | | | | | | | | | | * scd/app-openpgp.c (change_rsa_keyattr): Try usual RSA. -- In the OpenPGP card specification, there are multiple options to support RSA (having P and Q or not, etc.), and it is implementation dependent. Since GnuPG doesn't have knowledge which card implementation support which option and there is no way (yet) for card to express itself which key attributes are supported, we haven't supported key attribute change back to RSA. But, many card implementation uses P and Q, try this option. If other cases, factory-reset would be easier option. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Support KDF DO setup.NIIBE Yutaka2018-03-221-2/+3
| | | | | | | | | | | | * g10/call-agent.c (learn_status_cb): Parse the capability for KDF. * g10/card-util.c (gen_kdf_data, kdf_setup): New. (card_edit): New admin command cmdKDFSETUP to call kdf_setup. * scd/app-openpgp.c (do_getattr): Emit KDF capability. -- GnuPG-bug-id: 3823 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Improve KDF-DO supportArnaud Fontaine2018-02-131-1/+2
| | | | | | | | | | * scd/app-openpgp.c (pin2hash_if_kdf): Check the content of KDF DO. -- Length check added by gniibe. Signed-off-by: Arnaud Fontaine <[email protected]>
* scd: Fix handling for Data Object with no data.NIIBE Yutaka2018-02-121-2/+6
| | | | | | | | | | | | | | * scd/app-openpgp.c (get_cached_data): Return NULL for Data Object with no data. -- When GET_DATA returns no data with success (90 00), this routine firstly returned buffer with length zero, and secondly (with cache) returned NULL, which is inconsistent. Now, it returns NULL for both cases. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Support KDF Data Object of OpenPGPcard V3.3.NIIBE Yutaka2018-01-221-25/+94
| | | | | | | | | | | | | * scd/app-openpgp.c (do_getattr, do_setattr): Add KDF support. (pin2hash_if_kdf): New. (verify_a_chv): Add PINLEN arg. Use pin2hash_if_kdf. (verify_chv2, do_sign): Follow the change of verify_a_chv. (verify_chv3, do_change_pin): Use pin2hash_if_kdf. -- GnuPG-bug-id: 3152 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix for large ECC keys.NIIBE Yutaka2017-09-111-8/+32
| | | | | | | | | * scd/app-openpgp.c (do_decipher): Support larger length. -- Reported-by: Achim Pietig <[email protected]> Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 09:58:07 +0000