| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| |
| |
| |
| |
| | |
--
Fixed conflicts:
NEWS - keep master
configure.ac - merge
g10/card-util.c - mostly 2.2
g10/sig-check.c - 2.2
|
| | |
| |
| |
| |
| |
| | |
* scd/app-openpgp.c (do_setattr): Clear auth state.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/card-util.c (gen_kdf_data): Support single salt.
(kdf_setup): Can have argument for single salt.
* scd/app-openpgp.c (pin2hash_if_kdf): Support single salt.
--
Gnuk has "admin-less" mode. To support "admin-less" mode with KDF
feature, salt should be same for user and admin. Thus, I introduce a
valid use of single salt.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/app-openpgp.c (change_rsa_keyattr): Try usual RSA.
--
In the OpenPGP card specification, there are multiple options to
support RSA (having P and Q or not, etc.), and it is implementation
dependent. Since GnuPG doesn't have knowledge which card
implementation support which option and there is no way (yet) for card
to express itself which key attributes are supported, we haven't
supported key attribute change back to RSA. But, many card
implementation uses P and Q, try this option. If other cases,
factory-reset would be easier option.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/call-agent.c (learn_status_cb): Parse the capability for KDF.
* g10/card-util.c (gen_kdf_data, kdf_setup): New.
(card_edit): New admin command cmdKDFSETUP to call kdf_setup.
* scd/app-openpgp.c (do_getattr): Emit KDF capability.
--
GnuPG-bug-id: 3823
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/app-openpgp.c (pin2hash_if_kdf): Check the content of KDF DO.
--
Length check added by gniibe.
Signed-off-by: Arnaud Fontaine <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/app-openpgp.c (get_cached_data): Return NULL for Data Object
with no data.
--
When GET_DATA returns no data with success (90 00), this routine
firstly returned buffer with length zero, and secondly (with cache)
returned NULL, which is inconsistent. Now, it returns NULL for both
cases.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |\|
| |
| |
| | |
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/app-openpgp.c (do_getattr, do_setattr): Add KDF support.
(pin2hash_if_kdf): New.
(verify_a_chv): Add PINLEN arg. Use pin2hash_if_kdf.
(verify_chv2, do_sign): Follow the change of verify_a_chv.
(verify_chv3, do_change_pin): Use pin2hash_if_kdf.
--
GnuPG-bug-id: 3152
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/app-openpgp.c (do_decipher): Support larger length.
--
Reported-by: Achim Pietig <[email protected]>
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* common/logging.c: Do not build any code if we can use the gpgrt_log
functions.
(log_logv_with_prefix): Rename to log_logv_prefix and change order of
args so that this function matches its printf like counterpart
gpgrt_logv_prefix. Change all callers.
(log_debug_with_string): Rename to log_debug_string. Change all
callers.
(log_printhex): Move first arg to end so that this function matches
its printf like counterpart gpgrt_log_printhex. Change all callers.
* common/logging.h: Divert to gpgrt/libgpg-error if we can use the
gpgrt_log functions.
(bug_at): Add inline versions if we can use the gpgrt_log functions.
* configure.ac (GPGRT_ENABLE_LOG_MACROS): Add to AH_BOTTOM.
(mycflags): Add -Wno-format-zero-length.
--
This patch enables the use of the log function from libgpgrt (aka
libgpg-error). Instead of checking a version number, we enable them
depending on macros set by recent gpg-error versions. Eventually the
whole divert stuff can be removed.
The -Wno-format-zero-length is required because log_printhex can be
called with an empty format string. Note that this is fully specified
standard C behaviour.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/card-util.c (current_card_status): String changes.
(change_sex): Description change.
(cmds): Add "salutation"; keep "sex" as an alias.
--
Note that we can't change the used values or tags but at least the UI
should show reflect the real purpose of the field.
Signed-off-by: Werner Koch <[email protected]>
|
| |/
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (do_decipher): Support larger length.
--
Reported-by: Achim Pietig <[email protected]>
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (determine_rsa_response): Round bits up.
--
Co-authored-by: Arnaud Fontaine <[email protected]>
Arnaud wrote:
Actually, when the incorrect expected response length (i.e. Le
field) is transmitted to the card, the card's answer is missing a
byte (i.e. ... 6101) so an additional command has to be sent to the
card to retrieve the last byte. Using the correct length avoids to
send the additional command to retrieve the missing byte, when the
computed length is wrong.
Note that an value of 65537 for E is pretty standard and thus we can
avoid the 6101 return code inmost cases.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* scd/app-openpgp.c (data_objects): Use unsigned ints.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
| |
* scd/app-openpgp.c (show_caps): Output more messages.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (data_objects): Special DOs like "Login Data",
"URL", "Private DO N" can be longer size >= 256.
(struct app_local_s): Define bits for v3 card.
(get_cached_data): Use extcap.max_special_do for special DOs.
(app_select_openpgp): Detect if extcap_v3, kdf_do, and other bits.
--
GnuPG-bug-id: 3262
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
--
In addition, fix trailing spaces in tests/inittests.
GnuPG-bug-id: 3121
Reported-by: ka7 (klemens)
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
* g10/Makefile.am (AM_CPPFLAGS): Ditto.
* g13/Makefile.am (AM_CPPFLAGS): Ditto.
* kbx/Makefile.am (AM_CPPFLAGS): Ditto.
* scd/Makefile.am (AM_CPPFLAGS): Ditto.
* sm/Makefile.am (AM_CPPFLAGS): Ditto.
* tools/Makefile.am (AM_CPPFLAGS): Ditto.
* Throughout: Follow the change.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
| |
* scd/app-openpgp.c (retrieve_key_material): Remove touching I.
(do_change_pin): Make sure going to leave if PINVALUE == 0.
(rsa_writekey): Emit simpler log.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (get_prompt_info): Change texts.
* agent/call-pinentry.c (struct entry_features): New.
(getinfo_features_cb): New.
(start_pinentry): Set new fucntion as status callback.
(build_cmd_setdesc): New. Replace all snprintf for SETDESC by this
one.
--
Suggested-by: Andre Heinecke
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
--
This reverts commit 143ca039e1e81140ae520cc1025f8e25c01acc80.
I have a more improved version in the works.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* src/app-openpgp.c (get_prompt_info): Change wording and order
slightly.
--
The word "Card" was repeated too much in the prompt and moving
signatures to the bottom results in a more consistent layout
between the prompts with signcount and the prompts without.
Signed-off-by: Andre Heinecke <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (get_disp_name): New.
(get_disp_serialno): New.
(get_prompt_info): New.
(build_enter_admin_pin_prompt): Rework the prompt texts. Factor some
code out to ...
(get_remaining_tries): New.
(verify_a_chv): Print a remaining counter also for the standard PIN.
Rework the prompt texts.
* agent/divert-scd.c (ask_for_card): Pretty format an OpenPGP serial
no.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
--
This fixes extra word repetitions (like "the the" or "is is") in the
code and docs.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app.c (app_get_serial_and_stamp): Remove.
(app_get_serialno): New.
(app_write_learn_status): Use send_status_direct.
(app_getattr): Use app_get_serialno for SERIALNO and
send with send_status_direct.
* scd/app-openpgp.c (do_getattr): Likewise.
* scd/command.c (cmd_serialno): Don't send TIMESTAMP of 0.
(cmd_learn): Likewise. Don't inquire with TIMESTAMP of 0.
--
In the SERIALNO protocol, timestamp used to be considered, but had never
used at all. In the new implementation, removed card/token is always
detected and connection becomes invalid, no timestamp is required any
more. Examined scute and poldi as well for this protocol change.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* common/t-iobuf.c (main): Replace variable-length-array.
* g10/gpgcompose.c (mksubpkt_callback): Ditto.
(encrypted): Ditto.
* g10/t-stutter.c (log_hexdump): Ditto.
(oracle_test): Ditto.
* g10/tofu.c (get_policy): Ditto. Use "%zu" for size_t.
* scd/app-openpgp.c (ecc_writekey): Replace variable-length-array.
Check for zero length OID_LEN.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/openpgp-oid.c (openpgp_is_curve_supported): Add optional arg
R_ALGO and change all callers.
* common/util.h (GPG_ERR_UNKNOWN_FLAG): New error code.
* g10/options.h (struct opt): Add field DEF_NEW_KEY_ALGO.
* g10/gpg.c (oDefaultNewKeyAlgo): New enum.
(opts): New option "--default-new-key-algo".
(main): Set the option.
* g10/keygen.c: Remove DEFAULT_STD_ FUTURE_STD_ constants and replace
them by ...
(DEFAULT_STD_KEY_PARAM, FUTURE_STD_KEY_PARAM): new string constants.
(get_keysize_range): Remove arg R_DEF and return that value instead.
Change all callers.
(gen_rsa): Use get_keysize_range instead of the removed
DEFAULT_STD_KEYSIZE.
(parse_key_parameter_part): New function.
(parse_key_parameter_string): New function.
(quick_generate_keypair): Refactor using parse_key_parameter_string.
(generate_keypair): Ditto.
(parse_algo_usage_expire): Ditto.
--
This new option is intended to be used in the forthcoming
--set-profile command of gpgconf. It allows to provide a gpg
configuration with custom defaults for a new key using the simple
commands which use the default algorithm set.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (struct app_local_s): Remove max_cmd_data and
max_rsp_data fields as Extended Capabilities bits are different.
(get_cached_data) Use extcap.max_certlen_3.
(get_one_do): Don't use exmode=1.
(determine_rsa_response): New.
(get_public_key, do_genkey): Call determine_rsa_response.
(do_sign): Use keyattr[0].rsa.n_bits / 8, instead of max_rsp_data.
(do_auth): Use keyattr[2].rsa.n_bits / 8, instead of max_rsp_data.
(do_decipher): Likewise with Use keyattr[1].rsa.n_bits / 8.
(show_caps): Remove max_cmd_data and max_rsp_data.
(app_select_openpgp): Likewise.
--
OpenPGP card V3 had introduced incompatible change in Extended
Capabilities bits. We can work around by this change by not
using those bits.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
| |
* scd/app-openpgp.c (do_readkey): Decrement the length.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/command.c (cmd_readkey) : Support ADVANCED arg.
* scd/app.c (app_readcert): Add ADVANCED arg.
* scd/app-openpgp.c (do_readkey): Implement ADVANCED arg.
* scd/app-nks.c (do_readkey): Error return with GPG_ERR_NOT_SUPPORTED.
--
"SCD READKEY --advanced OPENPGP.3" returns key in advanced format.
With this suport, poldi-ctrl will be no longer needed.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (do_decipher): When it's x-coordinate only, add the
prefix 0x41.
--
Card should return fixed size bytes, either in format of
(04 || X || Y) or (X, x-coordinate only).
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (send_key_attr): Use curve instead of OID.
(ecdh_params): New.
(ecc_read_pubkey): Use ecdh_params. Use curve name.
(ecc_writekey): Likewise.
(ecc_curve): Rename from ecc_oid.
(parse_algorithm_attribute): Use ecc_curve.
* g10/call-agent.c (learn_status_cb): Use openpgp_is_curve_supported to
intern the curve name string.
* g10/card-util.c (card_status): Conver curve name to alias for print.
--
Now, sdcaemon answer for KEY-ATTR is in the canonical curve name
instead of the alias. Since it is used of key generation for
card encryption key with backup, it should be canonical name.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/keygen.c (generate_keypair): For card key generation, fill
parameters by KEY-ATTR.
* scd/app-openpgp.c (ecc_read_pubkey): OID should be freed at last,
after its reference by OIDBUF is finished.
(ecc_writekey): Likewise.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
| |
* asc/app-openpgp.c (change_keyattr_from_string): Release after
allocated.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* agent/call-pinentry.c, agent/call-scd.c, agent/command.c,
build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c,
dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c,
g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c,
sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (rsa_read_pubkey, ecc_read_pubkey): New.
(read_public_key): New.
(get_public_key, do_genkey): Use read_public_key.
--
With this change, since GENKEY updates the public key (pk[keyno].key) in
APP, READKEY will be possible after the command even for the old
card (version <= 0x0100).
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (get_public_key): Fix a message.
(change_keyattr_from_string, ecc_writekey): Call mpi_release sooner.
(do_genkey): Add ECC support.
--
In OpenPGP card specification 3.0, ECC is introduced. So far, do_genkey
only supported RSA. Since KDF spec. is needed to calculate the
fingerprint, it is hard coded in app-openpgp.c. But it's defined by
OpenPGP ECC (RFC-6637), and card does nothing with KDF in fact.
Co-authored-by: Arnaud Fontaine <[email protected]>
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* scd/iso7816.c (do_generate_keypair): Use const char * for DATA.
(iso7816_generate_keypair, iso7816_read_public_key): Likewise.
* scd/app-openpgp.c (get_public_key): Follow the change.
(do_genkey): Ditto. Use ERR instead of RC. Use u32 for CREATED_AT.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (build_ecc_privkey_template): Size can be greater
than 128 when it comes with public key for curve of larger field.
--
Reported-by: Arnaud Fontaine <[email protected]>
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (ECC_FLAG_PUBKEY): New.
(send_key_attr, get_public_key, ecc_writekey, do_auth, do_decipher)
(parse_algorithm_attribute): Check ECC_FLAG_DJB_TWEAK.
(build_ecc_privkey_template): Add ECC_Q and ECC_Q_LEN.
Support offering public key when ECC_FLAG_PUBKEY sets.
(ecc_writekey): Supply ECC_Q and ECC_Q_LEN.
(parse_algorithm_attribute): Parse pubkey-required byte.
--
OpenPGPcard protocol specification version 3.2 supports algorithm
attributes for ECC key which specifies public key data is required for
"keytocard" command. This change supports the feature.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (build_enter_admin_pin_prompt): Use ngettext for
some diagnostics.
(do_genkey): Ditto.
* g10/keyedit.c (check_all_keysigs, menu_delsig, menu_clean): Ditto.
* g10/keylist.c (print_signature_stats): Ditto.
* g10/keyserver.c (keyserver_refresh): Ditto.
* g10/sig-check.c (check_signature_metadata_validity): Ditto.
* g10/sign.c (do_sign): Ditto.
* g10/trustdb.c (reset_trust_records): Ditto.
(validate_keys): Use a table like diagnostic output.
--
Suggested-by: Ineiev <[email protected]>
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (do_genkey): Strip leading zeros for fingerprint
computation.
--
This bug is difficult to reproduce because the probability is 1/256,
and key generation takes long time. The regression was introduced
when we add the support for ECC.
GnuPG-bug-id: 2150
|
| |
|
|
| |
* scd/app-openopg.c (do_decipher): Fix the condition.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (do_decipher): Handle trancated cipher text.
Also fix xfree bug introduced.
--
In old format with no prefix, cipher text can be trancated when it
is parsed as MPI. Recover the value adding back zeros.
Fixes-commit: 11b2691eddc42e91651e4f95dd2731255a3e9211
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (do_decipher): Check 0x02 also for 16+1 byte long
INDATA.
(do_decipher): Fix integer arithmetic in void pointer.
(do_decipher): Add missing memcpy.
--
I have not tested this fix but it is obvious.
Fixes-commit: 11b2691eddc42e91651e4f95dd2731255a3e9211
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
| |
* scd/app-openpgp.c (do_decipher): More condition for AES decipher.
Handle the prefix in cipher text. Always add the prefix in result.
|
