aboutsummaryrefslogtreecommitdiffstats
path: root/scd (unfollow)
Commit message (Collapse)AuthorFilesLines
2022-04-25scd: Fix hard-coded constant for RSA auth.NIIBE Yutaka1-3/+9
* scd/app-openpgp.c (do_auth): Allow larger data for RSA-4096. -- OpenPGPcard specification says that it will be rejected by the card when it's larger. We have been the check on host side too, but it was written when it only had a support for RSA-2048. Signed-off-by: NIIBE Yutaka <[email protected]>
2022-04-22scd: Don't inhibit SSH authentication for larger data if it can.NIIBE Yutaka1-0/+5
* scd/app-openpgp.c (do_auth): Use command chaining if available. -- GnuPG-bug-id: 5935 Signed-off-by: NIIBE Yutaka <[email protected]>
2022-04-14scd: Renamed a constant in ccid-driver.cWerner Koch1-3/+3
* scd/ccid-driver.c (MAX_DEVICE): Rename to CCID_MAX_DEVICE. -- Just for documentation reasons.
2022-04-14scd: Minor code reorganizationWerner Koch1-16/+22
* scd/ccid-driver.c: Move struct defines to the top. --
2022-04-14scd: Fix memory leak in ccid-driver.Werner Koch1-9/+9
* scd/ccid-driver.c (ccid_dev_scan): Use loop var and not the count. -- Due to an assignment out of bounds this might lead to a crash if there are more than 15 readers. In any case it fixes a memory leak. Kudos to the friendly auditor who found that bug. Fixes-commit: 8a41e73c31adb86d4a7dca4da695e5ad1347811f
2022-04-13scd:p15: Improve the PIN prompt for Genua cards.Werner Koch1-4/+26
* scd/app-p15.c (CARD_PRODUCT_GENUA): New. (cardproduct2str): Add it. (read_p15_info): Detect and set GENUA (make_pin_prompt): Take holder string from the AODF.
2022-04-11scd: Support for GeNUA cards.Werner Koch1-1/+10
* scd/app-p15.c (read_p15_info): Disable extended mode for Genua cards.
2022-03-31scd,tpm2d: Fix for consistent use of socket FD.NIIBE Yutaka3-5/+5
* scd/command.c (scd_command_handler): Use gnupg_fd_t for the argument but no INT2FD to listen. Use GNUPG_INVALID_FD. * tpm2d/command.c (tpm2d_command_handler): Likewise. * scd/scdaemon.c (start_connection_thread): Follow the change. * tpm2d/tpm2daemon.c (start_connection_thread): Likewise. * scd/scdaemon.h (scd_command_handler): Use gnupg_fd_t. * tpm2d/tpm2daemon.h (tpm2d_command_handler): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
2022-03-29scd,w32: Fix socket resource leak.NIIBE Yutaka1-23/+26
* scd/scdaemon.c (main): Use gnupg_fd_t for socket, and use assuan_sock_close for the socket allocated by assuan_sock_new. (handle_connections): Use gnupg_fd_t for listen_fd. Use assuan_sock_close for the socket by npth_accept. -- GnuPG-bug-id: 5029 Signed-off-by: NIIBE Yutaka <[email protected]>
2022-03-15scd: Fix DEVINFO with no --watch.NIIBE Yutaka2-2/+2
* scd/app.c (app_send_devinfo): Fix for outputing once. * scd/command.c (hlp_devinfo): Fix comment. -- Signed-off-by: NIIBE Yutaka <[email protected]>
2022-03-11Fix previous commit.NIIBE Yutaka1-1/+4
-- Signed-off-by: NIIBE Yutaka <[email protected]>
2022-03-10scd: Enhance PASSWD command to accept KEYGRIP optionally.NIIBE Yutaka1-3/+8
* scd/command.c (cmd_passwd): Handle KEYGRIP optionally. -- GnuPG-bug-id: 5862 Signed-off-by: NIIBE Yutaka <[email protected]>
2022-03-10scd: Use same idiom for same work.NIIBE Yutaka1-4/+4
* scd/command.c (cmd_serialno, cmd_getattr): Use 'while' instead of 'for'. -- Signed-off-by: NIIBE Yutaka <[email protected]>
2022-03-04scd: Fix PK_AUTH with --challenge-response option.NIIBE Yutaka2-3/+6
* scd/app.c (app_auth): It's only APPTYPE_OPENPGP which supports the challenge response interaction. * scd/command.c (cmd_pkauth): It only wants if it works or not. -- GnuPG-bug-id: 5862 Signed-off-by: NIIBE Yutaka <[email protected]>
2022-03-03scd: Add --challenge-response option to PK_AUTH for OpenPGP card.NIIBE Yutaka3-26/+201
* scd/app-openpgp.c (rmd160_prefix, sha1_prefix, sha224_prefix) (sha256_prefix, sha384_prefix, sha512_prefix): Move the scope up. (gen_challenge): New. (do_auth): Support challenge-response check if it signs correctly. * scd/app.c (app_auth): Remove the check INDATA and INDATALEN. * scd/command.c (cmd_pkauth): Support --challenge-response option. -- GnuPG-bug-id: 5862 Signed-off-by: NIIBE Yutaka <[email protected]>
2022-03-02scd: Let READKEY support --format=ssh option.NIIBE Yutaka1-16/+56
* scd/command.c (do_readkey): Support --format=ssh option. * common/ssh-utils.c (ssh_public_key_in_base64): New. * common/ssh-utils.h (ssh_public_key_in_base64): New declaration. -- Code duplication (agent/command-ssh.c) will be cleaned up later. Signed-off-by: NIIBE Yutaka <[email protected]>
2022-02-21scd:p15: Used extended mode already for RSA 2048Werner Koch1-2/+2
* scd/app-p15.c (do_sign, do_decipher): Replace GT by GE. --
2022-01-04scd,pcsc: Fix error handling for a reader with reader-port.NIIBE Yutaka1-5/+1
* scd/apdu.c (apdu_open_reader): Make sure dl->idx is always incremented to handle error from open_pcsc_reader correctly. -- Reported-by: Anže Jenšterle GnuPG-bug-id: 5758 Signed-off-by: NIIBE Yutaka <[email protected]>
2021-11-15scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE.NIIBE Yutaka1-0/+8
* scd/app-openpgp.c (do_auth): Use extended Lc, when supported. -- GnuPG-bug-id: 5682 Co-authored-by: Klas Lindfors Signed-off-by: NIIBE Yutaka <[email protected]>
2021-11-12scd: Avoid memory leak.Jakub Jelen1-0/+1
* scd/command.c (cmd_readkey): Free allocated memory on failure path. -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <[email protected]>
2021-11-04scd: Add new OpenPGP card vendor.Werner Koch1-0/+1
--
2021-11-02scd: Simplify the loop of DEVINFO.NIIBE Yutaka1-11/+5
* scd/app.c (app_send_devinfo): Factor out lock/unlock. -- Signed-off-by: NIIBE Yutaka <[email protected]>
2021-10-29scd: Fix the previous commit.NIIBE Yutaka1-5/+1
Signed-off-by: NIIBE Yutaka <[email protected]>
2021-10-29scd: Modify DEVINFO behavior to support looping forever.NIIBE Yutaka3-79/+104
* scd/app.c (struct mrsw_lock): Add notify_cond member. (notify_cond): Remove. (card_list_r_lock, card_list_r_unlock): Rename. (card_list_w_lock, card_list_w_unlock): Rename. (card_list_signal, card_list_wait): New, fixing thinko about notify/wakeup with MRSW lock. (app_send_devinfo): Support looping. (select_application): Notify app_send_devinfo thread for newly detected device. (initialize_module_command): Initialize notify_cond member. (app_wait): Remove. * scd/command.c (cmd_devinfo): Use new API of app_send_devinfo. * scd/scdaemon.h (app_wait): Remove. -- GnuPG-bug-id: 5359 Signed-off-by: NIIBE Yutaka <[email protected]>
2021-10-05agent,dirmngr,kbx,scd,tpm2d: Use gnupg_sleep.NIIBE Yutaka2-4/+4
* agent/findkey.c (unprotect): Use gnupg_sleep. * agent/gpg-agent.c (handle_connections): Likewise. * dirmngr/crlfetch.c (handle_connections): Likewise. * kbx/keyboxd.c (handle_connections): Likewise. * tpm2d/tpm3daemon.c (handle_connections): Likewise. * scd/scdaemon.c (handle_connections): Likewise. * scd/command.c (cmd_lock): Likewise. * dirmngr/ldap-wrapper.c (ldap_reaper_thread): Likewise. (ldap_wrapper_wait_connections): Use gnupg_usleep. -- Signed-off-by: NIIBE Yutaka <[email protected]>
2021-09-09sm: Add LotW support to the key listingWerner Koch1-2/+2
* sm/certdump.c (parse_dn_part): Translate OID to "Callsign" * sm/keylist.c (oidtranstbl): Some more OIDs. -- This is Ham thingy to make it easier to read LotW certificates. Signed-off-by: Werner Koch <[email protected]>
2021-08-20scd: Don't release the context until list_finish for PC/SC.NIIBE Yutaka1-1/+8
* scd/apdu.c (apdu_dev_list_start): Increment PCSC.COUNT here. (apdu_dev_list_finish): Decrement PCSC.COUNT. -- GnuPG-bug-id: 5416 Fixes-commit: 32baa9acfb153004bdb2509f9516482b78f256a4 Signed-off-by: NIIBE Yutaka <[email protected]>
2021-07-22scd: Small clean up for card access.NIIBE Yutaka2-10/+11
* scd/app.c (app_get_challenge): Remove the check to ref_count. * scd/command.c (send_client_notifications): Update comments. Signed-off-by: NIIBE Yutaka <[email protected]>
2021-07-22scd: Fix direct use of card with no ctrl->card_ctx.NIIBE Yutaka1-1/+1
* scd/app.c (maybe_switch_app): Remove check of ref_count. -- Fixes-commit: 0d6b4210cf31d1c3ca0e8b034537a158fe3caca8 Signed-off-by: NIIBE Yutaka <[email protected]>
2021-07-21scd: Fix access to list of cards (3/3).NIIBE Yutaka3-315/+315
* scd/app-common.h (card_reset): Simplify more. (select_additional_application): Supply CARD. (card_ref, card_unref): Remove. (card_get, card_put): New. * scd/app.c (card_reset): No locking/unlocking inside. (app_switch_current_card): Fix comment. (select_additional_application): No locking/unlocking inside. (do_with_keygrip): New, unlocked version. (card_get): New, with support of KEYGRIP. (card_unref): Remove. (card_put): New. (app_write_learn_status, app_readcert: No locking/unlocking inside. (app_readkey, app_getattr, app_setattr, app_sign, app_auth): Likewise. (app_decipher, app_writecert, app_writekey): Likewise. (app_genkey, app_get_challenge, app_change_pin): Likewise. (app_check_pin, app_switch_active_app): Likewise. * scd/command.c (do_reset): Use card_get/card_put. (open_card_with_request): Use card_get/card_put, return CARD locked. (cmd_serialno): Follow the change of open_card_with_request. (cmd_switchapp): Use card_get/card_put. (cmd_learn, cmd_readcert, cmd_readkey, cmd_pksign): Likewise. (cmd_pkauth, cmd_pkdecrypt, cmd_getattr): Likewise. (cmd_setattr, cmd_writecert, cmd_writekey): Likewise. (cmd_genkey, cmd_random, cmd_passwd): Likewise. (cmd_checkpin, cmd_getinfo, cmd_restart): Likewise. (cmd_disconnect, cmd_apdu, cmd_devinfo): Likewise. Signed-off-by: NIIBE Yutaka <[email protected]>
2021-07-21scd: Fix access to list of cards (2/3).NIIBE Yutaka3-30/+28
* scd/app-common.h (card_reset, select_application): Simplify. * scd/app.c (card_reset, select_application): Simplify. * scd/command.c (do_reset): Follow the change. (open_card, open_card_with_request): Follow the change. -- Signed-off-by: NIIBE Yutaka <[email protected]>
2021-07-21scd: Fix access to list of cards (1/3).NIIBE Yutaka1-22/+115
* scd/app.c (card_list_lock): Use MRSW lock. (lock_r_card_list, unlock_r_card_list): New. (lock_w_card_list, unlock_w_card_list): New. (app_dump_state, app_send_devinfo): Use the MRSW lock. (select_application, app_switch_current_card): Likewise. (scd_update_reader_status_file): Likewise. (initialize_module_command, send_card_and_app_list): Likewise. (app_do_with_keygrip, app_wait): Likewise. -- GnuPG-bug-id: 5524 Signed-off-by: NIIBE Yutaka <[email protected]>
2021-07-08scd: Silence compiler waring about unused args.Werner Koch2-0/+6
--
2021-07-06scd: Detect external interference when PCSC_SHARED.NIIBE Yutaka4-2/+72
* scd/app-common.h (check_aid): New method. * scd/app-openpgp.c (do_check_aid): New. * scd/app-piv.c (do_check_aid): New. * scd/app.c (check_external_interference): New. (maybe_switch_app): Check interference to determine switching is needed. -- GnuPG-bug-id: 5484 Signed-off-by: NIIBE Yutaka <[email protected]>
2021-06-23scd:ccid: Handle LIBUSB_TRANSFER_OVERFLOW interrupt transfer.NIIBE Yutaka1-0/+5
* scd/ccid-driver.c (intr_cb): Ignore LIBUSB_TRANSFER_OVERFLOW. Signed-off-by: NIIBE Yutaka <[email protected]>
2021-06-22scd:p15: Prepare AODF parsing for other authentication types.Werner Koch1-329/+372
* scd/app-p15.c (auth_type_t): New. (struct aodf_object_s): Add field auth_type. (read_ef_aodf): Distinguish between pin and authkey types. Include the authtype in the verbose mode diags. -- Note that the bulk of chnages are just indentation chnages. There should be no functional change. Signed-off-by: Werner Koch <[email protected]>
2021-06-18scd:p15: Add pre-check for ascii-numeric PINs.Werner Koch1-1/+9
* scd/app-p15.c (verify_pin): acii-numerix is different than BCD.
2021-06-18scd:p15: Add basic support for AET JCOP cards.Werner Koch1-5/+42
* scd/app-p15.c (CARD_TYPE_AET): New. (cardtype2str): Add string. (card_atr_list): Add corresponding ATR. (app_local_s): New flag no_extended_mode. Turn two other flags into bit flags. (select_ef_by_path): Hack to handle the 3FFF thing. (readcert_by_cdf): Do not use etxended mode for AET. (app_select_p15): Set no_extended_mode. Signed-off-by: Werner Koch <[email protected]>
2021-06-18scd:p15: Handle cards with bad encoded path objects.Werner Koch1-12/+16
* scd/app-p15.c (read_ef_prkdf, read_ef_pukdf) (read_ef_cdf, read_ef_aodf): Allow for a zero length path and correctly skip unsupported auth types. -- Signed-off-by: Werner Koch <[email protected]>
2021-06-18scd: Improve reading of binary records.Werner Koch3-11/+10
* scd/iso7816.c (iso7816_read_binary_ext): Handle the 0x6a86 SW the same as 6b00. * scd/apdu.c (apdu_get_atr): Modify debug messages. * scd/app-p15.c (app_select_p15): Print FCI on error. (read_p15_info): Clean up diag in presence of debug options. -- Some cards return 6a86 instead of 6b00. Signed-off-by: Werner Koch <[email protected]>
2021-06-17scd: Fix RESET handling.NIIBE Yutaka1-1/+5
* scd/app.c (scd_update_reader_status_file): Clear ->reset_requested. -- Signed-off-by: NIIBE Yutaka <[email protected]>
2021-06-11scd: Support clearing of Reset Code by ''.NIIBE Yutaka1-2/+3
* scd/app-openpgp.c (do_change_pin): Allow null-string. -- Signed-off-by: NIIBE Yutaka <[email protected]>
2021-06-10scd: Add new card vendor.Werner Koch1-0/+1
--
2021-06-08scd: Fix serial number detection for Yubikey 5.NIIBE Yutaka1-4/+5
* scd/app.c (app_new_register): Handle serial number correctly. -- GnuPG-bug-id: 5442 Signed-off-by: NIIBE Yutaka <[email protected]>
2021-06-07scd: Fix READER-PORT option handling for PC/SC.NIIBE Yutaka1-17/+27
* scd/apdu.c (apdu_open_reader): READERNO should be -1 when READER-PORT is specified for PC/SC. -- Signed-off-by: NIIBE Yutaka <[email protected]>
2021-05-28scd: Fix zero-byte handling in ECC.NIIBE Yutaka1-11/+3
* scd/app-openpgp.c (ecc_writekey): Don't remove zero-byte. -- Fixes-commit: a25c99b156ca9acaa7712e9c09a6df0a7a23c833 GnuPG-bug-id: 5163 Signed-off-by: NIIBE Yutaka <[email protected]>
2021-05-20scd: avoid memory leaksJakub Jelen3-7/+14
* scd/app-p15.c (send_certinfo): free labelbuf (do_sign): goto leave instead of return * scd/app-piv.c (do_sign): goto leave instead of return, fix typo in variable name, avoid using uninitialized variables * scd/command.c (cmd_genkey): goto leave instead of return -- Signed-off-by: Jakub Jelen <[email protected]> GnuPG-bug-id: 5393
2021-05-18scd:p15: Fix logic for appending product name to MANUFACTURER.Ingo Klöcker1-2/+2
* scd/app-p15.c (do_getattr): Append product name to MANUFACTURER if manufacturer_id does not already contain a bracket and if we have a product name.
2021-05-14scd: Remove wrong assertion and add protection to PCSC.COUNT.NIIBE Yutaka1-1/+2
* scd/apdu.c (apdu_dev_list_finish): Fix for calling release_pcsc_context. Signed-off-by: NIIBE Yutaka <[email protected]>
2021-05-11A few minor code cleanups and typo fixes.Werner Koch1-1/+1
* agent/command-ssh.c (ssh_handler_request_identities): Remove double check of ERR. * g10/getkey.c (get_pubkey_byname): Remove double use of break. * g10/pkglue.c (pk_encrypt): Handle possible NULL-ptr access due to failed malloc. Signed-off-by: Werner Koch <[email protected]>