aboutsummaryrefslogtreecommitdiffstats
path: root/scd/app-openpgp.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* scd,openpgp: Support READCERT by keygrip.NIIBE Yutaka2022-06-101-1/+22
| | | | | | | | | * scd/app-openpgp.c (do_readcert): Allow use of keygrip. -- GnuPG-bug-id: 6002 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Return USAGE information for KEYINFO command.NIIBE Yutaka2022-05-261-8/+18
| | | | | | | | | | | | | | | | | | | | | | | * scd/command.c (hlp_keyinfo): Update. (send_keyinfo): Add a USAGE argument. * scd/scdaemon.h (send_keyinfo): Add a USAGE argument. * scd/app-nks.c (set_usage_string): New. (do_learn_status_core, do_readkey): Use set_usage_string. (do_with_keygrip): Add USAGE to call send_keyinfo, using set_usage_string. * scd/app-openpgp.c (get_usage_string): New. (send_keypair_info): Use get_usage_string. (send_keyinfo_if_available): Add USAGE to call send_keyinfo, using get_usage_string. * scd/app-p15.c (set_usage_string): New. (send_keypairinfo): Use set_usage_string. (do_with_keygrip): Add USAGE to call send_keyinfo, using set_usage_string. * scd/app-piv.c (do_with_keygrip): Add USAGE to call send_keyinfo. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fail when no good algorithm attribute.NIIBE Yutaka2022-05-111-19/+30
| | | | | | | | | | | | | | * scd/app-openpgp.c (parse_algorithm_attribute): Return the error. (change_keyattr): Follow the change. (app_select_openpgp): Handle the error of parse_algorithm_attribute. -- This change allows following invocation of app_select_openpgp, which may work well (if the problem is device side for initial connection). GnuPG-bug-id: 5963 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:openpgp: New card vendor.Werner Koch2022-05-101-0/+1
| | | | | | | | -- BTW, we should add a function to read out the entire table so that you can ask scdaemon for that list. iirc, Kleopatra still uses a copy of the table.
* scd: Add workaround for ECC attribute on Yubikey.NIIBE Yutaka2022-05-061-1/+2
| | | | | | | | | | * scd/app-openpgp.c (parse_algorithm_attribute): Skip possibly bogus octet in a key attribute. -- GnuPG-bug-id: 5963 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix hard-coded constant for RSA auth.NIIBE Yutaka2022-04-251-3/+9
| | | | | | | | | | | | * scd/app-openpgp.c (do_auth): Allow larger data for RSA-4096. -- OpenPGPcard specification says that it will be rejected by the card when it's larger. We have been the check on host side too, but it was written when it only had a support for RSA-2048. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Don't inhibit SSH authentication for larger data if it can.NIIBE Yutaka2022-04-221-0/+5
| | | | | | | | | * scd/app-openpgp.c (do_auth): Use command chaining if available. -- GnuPG-bug-id: 5935 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add --challenge-response option to PK_AUTH for OpenPGP card.NIIBE Yutaka2022-03-031-23/+184
| | | | | | | | | | | | | | * scd/app-openpgp.c (rmd160_prefix, sha1_prefix, sha224_prefix) (sha256_prefix, sha384_prefix, sha512_prefix): Move the scope up. (gen_challenge): New. (do_auth): Support challenge-response check if it signs correctly. * scd/app.c (app_auth): Remove the check INDATA and INDATALEN. * scd/command.c (cmd_pkauth): Support --challenge-response option. -- GnuPG-bug-id: 5862 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE.NIIBE Yutaka2021-11-151-0/+8
| | | | | | | | | | * scd/app-openpgp.c (do_auth): Use extended Lc, when supported. -- GnuPG-bug-id: 5682 Co-authored-by: Klas Lindfors Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add new OpenPGP card vendor.Werner Koch2021-11-041-0/+1
| | | | --
* scd: Silence compiler waring about unused args.Werner Koch2021-07-081-0/+3
| | | | --
* scd: Detect external interference when PCSC_SHARED.NIIBE Yutaka2021-07-061-0/+13
| | | | | | | | | | | | | | * scd/app-common.h (check_aid): New method. * scd/app-openpgp.c (do_check_aid): New. * scd/app-piv.c (do_check_aid): New. * scd/app.c (check_external_interference): New. (maybe_switch_app): Check interference to determine switching is needed. -- GnuPG-bug-id: 5484 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Support clearing of Reset Code by ''.NIIBE Yutaka2021-06-111-2/+3
| | | | | | | | * scd/app-openpgp.c (do_change_pin): Allow null-string. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add new card vendor.Werner Koch2021-06-101-0/+1
| | | | --
* scd: Fix zero-byte handling in ECC.NIIBE Yutaka2021-05-281-11/+3
| | | | | | | | | | * scd/app-openpgp.c (ecc_writekey): Don't remove zero-byte. -- Fixes-commit: a25c99b156ca9acaa7712e9c09a6df0a7a23c833 GnuPG-bug-id: 5163 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix unblock PIN by a Reset Code with KDF.Kirill Elagin2021-04-271-1/+1
| | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Use correct CHVNO=1 for pin2hash_if_kdf, for user's PIN. -- GnuPG-bug-id: 5413 Signed-off-by: Kirill Elagin <[email protected]>
* scd: Replace all assert macros by the log_assert macro.Werner Koch2021-03-311-16/+15
| | | | Signed-off-by: Werner Koch <[email protected]>
* scd:openpgp: Allow reading and writing user certs for keys 1 and 2Werner Koch2021-03-191-22/+86
| | | | | | | | | | | | | | * scd/iso7816.c (CMD_SELECT_DATA): New. (iso7816_select_data): New. * scd/app-openpgp.c (do_readcert): Allow OpenPGP.1 and OPENPGP.2 (do_writecert): Ditto. (do_setattr): Add CERT-1 and CERT-2. -- This has been tested with a Zeitcontrol 3.4 card. A test with a Yubikey 5 (firmware 5.2.6) claiming to support 3.4 failed. Signed-off-by: Werner Koch <[email protected]>
* scd:openpgp: Rename an internal variable.Werner Koch2021-03-191-13/+14
| | | | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): s/extcap_v3/is_v3/. s/max_certlen_3/max_certlen. Change users. -- The extcap_v3 flag is set if the version is 3 or later and as such does not only declare that the v3 extcap layout is used. Make this clear by renaming. Likewise for max_certlen_3. Signed-off-by: Werner Koch <[email protected]>
* scd:openpgp: Small speedup reading card properties.Werner Koch2021-03-191-2/+18
| | | | | | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): Add new flag. (get_cached_data): Force chace use if flag is set. (app_select_openpgp): Avoid reading DO 6E multiple times. -- The do not cache property of 6E was introduced so that we can change for example key attributes without getting into with the cache. However, for initial reading the cache makes a lot of sense and thus we now use this hack to only temporary cache. A better strategy would be to clear the cache when we change card data but that is more error prone. Signed-off-by: Werner Koch <[email protected]>
* scd: Add handling of Ed448 key.NIIBE Yutaka2021-03-151-13/+12
| | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): Add ecc.algo field. (send_key_attr): Use ecc.algo field. (ecc_read_pubkey): Use ecc.algo field. (ecc_writekey): Ed448 means EdDSA. (parse_algorithm_attribute): Set ecc.algo field from card. Add checking for Ed25519 for ECC_FLAG_DJB_TWEAK flag. -- There used to be a possible support of Ed25519 with ECDSA, (instead of EdDSA). To distinguish key for Ed25519 for EdDSA, we use the flag: (flags eddsa). Ed448 has no support for ECDSA and defaults to EdDSA even if no such flag. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix count_sos_bits handling.NIIBE Yutaka2021-03-151-3/+3
| | | | | | * scd/app-openpgp.c (count_sos_bits): Handle an exceptional case. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: New option --pcsc-shared.Werner Koch2021-03-121-2/+7
| | | | | | | | | | | | | | | | | * scd/scdaemon.h (opt): Add field opcsc_shared. * scd/scdaemon.c (opcscShared): New. (opts): Add "--pcsc-shared". (main): Set flag. * scd/apdu.c (connect_pcsc_card): Use it. (pcsc_get_status): Take flag in account. * scd/app-openpgp.c (cache_pin): Bypass in shared mode. (verify_chv2: Do not auto verify chv1 in shared mode. * scd/app-piv.c (cache_pin): By pass caceh in shared mode. -- This option should in general not be used. The patch tries to limit bad effects but using shared mode is somewhat dangerous depending on the other PC/SC users.
* scd: Fix computing fingerprint for ECC with SOS.NIIBE Yutaka2021-03-121-1/+22
| | | | | | | | | * scd/app-openpgp.c (count_sos_bits): New. Count as sos_write does. (store_fpr): For ECC, use count_sos_bits. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Swapped openpgp card vendor 0x000a with new 0x000d.Werner Koch2021-03-091-1/+2
| | | | --
* scd: Add new Openpgp card vendor nameWerner Koch2021-03-091-0/+1
| | | | --
* scd: Fix for X448.NIIBE Yutaka2021-03-081-0/+2
| | | | | | * scd/app-openpgp.c (do_decipher): Support with no prefix. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Minor tweak for easier backportingWerner Koch2021-02-191-12/+12
| | | | | | | | * scd/app-common.h (APP_CARD): New. Use it in app-*.c to access app->card. -- This should help to make backporting to 2.2 easier.
* scd:yubikey: Fix support of Yubikey NEO.NIIBE Yutaka2020-12-081-0/+3
| | | | | | * scd/app-openpgp.c (get_public_key): Yubikey NEO also has this issue. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:openpgp: Fix writing ECC key to card.NIIBE Yutaka2020-12-031-6/+27
| | | | | | | | | | * scd/app-openpgp.c (build_privkey_template): Adding another argument of ecc_d_fixed_len to handle variable-size MPI. -- GnuPG-bug-id: 5163 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix YK s/n and prettify the request card prompt for YubikeysWerner Koch2020-11-261-25/+1
| | | | | | | | | | * agent/divert-scd.c (ask_for_card): Detect and re-format the Yubikey prompt. * scd/app.c (app_munge_serialno): Fix Yubikey s/n munging. (card_get_dispserialno): Ditto. * scd/app-openpgp.c (get_disp_serialno): Remove. (get_prompt_info): Use app_get_dispserialno.-- --
* scd: Add special serialno compare for OpenPGP cards.Werner Koch2020-11-261-4/+9
| | | | | | | | | | | | | | | | | * scd/app.c (is_same_serialno): New. (check_application_conflict): Use this. (select_application): Ditto. (app_switch_current_card): Ditto. * scd/app-openpgp.c (check_keyidstr): Ignore the card version and also compare case insensitive. -- This is required because we change what we emit as serialno of OpenPGP cards but existing keys still use the old form of the serial number (i.e. with a firmware version). See-commit: 3a8250c02031080c6c8eebd5dea03f5f87f9ddd7 Signed-off-by: Werner Koch <[email protected]>
* scd: Rework the handling of the displayed serial number.Werner Koch2020-11-251-45/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/app.c (app_new_register): Call app_munge_serialno for Yubikeys. (app_munge_serialno): Handle Yubikey serial numbers. (card_get_serialno): Remove special Yubikey treatment. Drop arg is_canonical. (app_get_serialno): Clear ERRNO on error. (card_get_dispserialno): New. Also change formatting of Yubikey and OpenPGP numbers to match those printed on the card. (app_get_dispserialno): New. * scd/app-openpgp.c (do_getattr): Use app_get_dispserialno. (yubikey_get_serialno): Remove. * scd/app-piv.c (get_dispserialno): Remove. (do_getattr): Use app_get_dispserialno. -- This patch gets us back to a unique serial number for cards and provides a stable serial number as printed for Yubikeys. Because we use a slightly different serial number now for Yubikeys and cards only supporting OpenPGP card we need to come up with another change so that the version number of OpenPGP serial numbers are ignored when comparing card serial numbers. This is so that existing stub keys of gpg-agent will continue to work. GnuPG-bug-id: 5100 Signed-off-by: Werner Koch <[email protected]>
* doc: Fix typosGavin L. Rebeiro2020-11-231-1/+1
| | | | | | | -- GnuPG-bug-id: 5071 Also fixed one in keyformat.txt [wk].
* scd: Handle Yubikey's multiple apps and serialno.NIIBE Yutaka2020-10-231-0/+33
| | | | | | | | | | | | | | * scd/app-common.h (yubikey_get_serialno): New. * scd/app-openpgp.c (yubikey_get_serialno): New. * scd/app.c (card_get_serialno): Use OpenPGP app's serialno, when it's enabled for Yubikey. (send_serialno_and_app_status): Use card_get_serialno, not directly accessing ->serialno. -- GnuPG-bug-id: 5100 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Don't overwrite serialno for Yubikey.NIIBE Yutaka2020-10-231-3/+10
| | | | | | | | | * scd/app-openpgp.c (app_select_openpgp): Keep ->serialno. -- GnuPG-bug-id: 5100 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,openpgp: Use app_get_serialno function to get SERIALNO.NIIBE Yutaka2020-10-231-16/+17
| | | | | | | | | | * scd/app-openpgp.c (check_keyidstr): Don't directly access app->serialno, but use app_get_serialno. (do_with_keygrip): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Report any error for LEARN command.NIIBE Yutaka2020-09-301-30/+67
| | | | | | * scd/app-openpgp.c (do_learn_status): Report any error. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Extend KEYPAIRINFO with an algorithm string.Werner Koch2020-09-211-2/+21
| | | | | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (send_keypair_info): Emit the algo string as part of a KEYPAIRINFO. * scd/command.c (do_readkey): Ditto. * scd/app-piv.c (do_readkey): Ditto. * scd/app-nks.c (do_learn_status_core): Ditto. (struct fid_cache_s): Add field algostr. (flush_fid_cache): Release it. (keygripstr_from_pk_file): Fill it and add it to the cache. Use a single exit label. * scd/app-help.c (app_help_get_keygrip_string_pk): Add new arg r_algostr. Change all callers. -- This is helpful so that callers do not need to parse the key for this basic information. Use "scd readkey --info-only" to return the info status line instead of the key material; using just --info returns the info in addition to the key material. Signed-off-by: Werner Koch <[email protected]>
* scd: Clear PIN cache when changing key attributes.NIIBE Yutaka2020-09-161-1/+4
| | | | | | * scd/app-openpgp.c (change_keyattr): Clear all PINs. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Clear caching PIN at KDF setup.NIIBE Yutaka2020-09-161-0/+4
| | | | | | * scd/app-openpgp.c (do_setattr): Clear PINs. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add better support for KDF feature.NIIBE Yutaka2020-09-161-0/+7
| | | | | | * scd/app-openpgp.c (do_setattr): Handle kdf-seup "off" for Gnuk. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg,scd: Fix handling of KDF feature.NIIBE Yutaka2020-09-161-11/+23
| | | | | | | | * g10/card-util.c (kdf_setup): Fix the default value. * scd/app-openpgp.c (do_setattr): Support kdf-setup "off" by Zeitcontrol. Make sure Gnuk and Yubikey work well. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix the use case of verify_chv2 by CHECKPIN.NIIBE Yutaka2020-09-151-21/+25
| | | | | | | | | | | | | | * scd/app-openpgp.c (verify_chv2): Call verify_a_chv with chvno=1 when needed. -- Confusingly, verify_chv2 has two different purposes; One for verifying with CHV2 (in addition to CHV1), and the call by CHECKPIN. For the latter, we should check CHV1. Fixes-commit: af189be481df02a77e088aa0a60a1fc02dfa12bf Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Flush KDF DO (0x00F9) when it's being set.NIIBE Yutaka2020-09-101-3/+3
| | | | | | | | | | | * scd/app-openpgp.c (do_setattr): Call flush_cache_item always. -- Only it was called when there was an object with KDF_DATA_LENGTH_MAX. No matter the VALUELEN, it should be flushed. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add a workaround for Yubikey.NIIBE Yutaka2020-09-081-0/+3
| | | | | | | | | | | * scd/app-openpgp.c (get_public_key): Handle wrong code for Yubikey. -- Yubikey version 5 s/n 609074582 returns 0x6982, version 5.2.4 s/n 610616049 returns 0x6581, where 0x6a88 is expected. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix handling 0x00FA to support OpenPGP card 3.4.NIIBE Yutaka2020-09-071-1/+1
| | | | | | | * scd/app-openpgp.c (data_objects): It may be longer. Fixes-commit: 90d0072165cc5c6888f14462392a211de0c4b232 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Support GET DATA response with no header for DO 0x00FA.NIIBE Yutaka2020-09-041-25/+28
| | | | | | * scd/app-openpgp.c (do_getattr): Support Gnuk, as well. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Parse "Algorithm Information" data object in scdaemon.NIIBE Yutaka2020-09-041-2/+106
| | | | | | | | * scd/app-openpgp.c (data_objects): 0x00FA for binary data. (do_getattr): Parse the data and send it in status lines. (get_algorithm_attribute_string): New. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add handling of "Algorithm Information" DO.NIIBE Yutaka2020-09-031-0/+2
| | | | | | | | | | | | * cd/app-openpgp.c (data_objects): Add 0x00FA. (do_getattr): Add KEY-ATTR-INFO. -- See the section 4.4.3.11 Algorithm Information in the OpenPGP card functional specification version 3.4.1. Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 18:53:38 +0000