| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* scd/app-nks.c (keygripstr_from_pk_file): Set algostr.
--
GnuPG-bug-id: 5144
Fixes-commit: 26da47ae53d51e16ae6867cd419ddbf124a94933
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
--
GnuPG-bug-id: 5071
Also fixed one in keyformat.txt [wk].
|
|
* scd/command.c (hlp_learn): Fix the doc string.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
--
... but use --debug reader for this.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit bd3b698d8ec427a02f2fa793777f2a88bc356f25)
|
|
* scd/command.c (reset_notify): Add option --keep-lock.
(do_reset): Add arg keep_lock.
(cmd_lock): Send progress status.
* g10/call-agent.c (agent_scd_apdu): Add more pseudo APDUs.
* g10/card-util.c (send_apdu): Ditto.
(factory_reset): Use lock commands.
--
This is required so that for example Kleopatra does not detect the
RESET and issues a SERIALNO of its own, thus conflicting with our
SERIALNO undefined.
Signed-off-by: Werner Koch <[email protected]>
|
|
* scd/apdu.c (apdu_send_direct): Use lock_slot.
--
With trylock_slot, it may return SW_HOST_BUSY. This may occur when
apdu_get_status is called by scd_update_reader_status_file.
Simply using lock_slot is much easier for user of apdu_send_direct.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/ccid-driver.c (ccid_require_get_status): For VENDOR_SCM reader,
return 0 only at the initial call.
(bulk_in): Don't detect an error for VENDOR_SCM reader, just kicking
the loop, to invoke scd_update_reader_status_file, which calls
ccid_slot_status again.
(ccid_slot_status): Move the call of ccid_vendor_specific_setup to...
(ccid_get_atr): ... here.
--
For readers with interrupt transfer support, it is only intr_cb which
sets handle->powered_off to 1. Keeping this condition makes no race.
The function ccid_slot_status can also detect a communication error,
which causes apdu_close_reader (but not setting ->powered_off).
GnuPG-bug-id: 5121
Fixes-commit: 920f258eb6018ecec1d63bad6a0fb0772f72affa
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-common.h (card_get_serialno): Add IS_CANONICAL arg.
* scd/app.c (app_send_devinfo): Use app specific serialno.
(card_get_serialno): Support two different cases.
(app_get_serialno): Return app specific serialno.
(send_serialno_and_app_status): Return canonical serialno.
* scd/command.c (cmd_serialno): Return app specific serialno.
(cmd_learn): Return canonical serialno.
--
GnuPG-bug-id: 5100
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-piv.c (do_writecert): Flush the cache of the data object.
--
Suggested-by: Ingo Klöcker
GnuPG-bug-id: 5102
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/ccid-driver.c (ccid_vendor_specific_setup): New. Limit
only for SPR532, excluding other readers by SCM.
(ccid_slot_status): Use ccid_vendor_specific_setup.
--
We follow the setup procedure of libccid implementation, which sends
the escape command for SPR532 only.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/ccid-driver.c (ccid_vendor_specific_init): Only do that for
SPR532.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/sysutils.c (gnupg_access) [W32]: Fix for older libgpgrt.
--
Fixes-commit: c94ee1386e0d5cdac51086c4d5b92de59c09c9b5
Signed-off-by: Werner Koch <[email protected]>
|
|
* scd/app-common.h (yubikey_get_serialno): New.
* scd/app-openpgp.c (yubikey_get_serialno): New.
* scd/app.c (card_get_serialno): Use OpenPGP app's serialno,
when it's enabled for Yubikey.
(send_serialno_and_app_status): Use card_get_serialno, not
directly accessing ->serialno.
--
GnuPG-bug-id: 5100
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app.c (app_getattr): Use app_get_serialno.
--
GnuPG-bug-id: 5100
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (app_select_openpgp): Keep ->serialno.
--
GnuPG-bug-id: 5100
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (check_keyidstr): Don't directly access
app->serialno, but use app_get_serialno.
(do_with_keygrip): Likewise.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
--
We need to use es_fopen on Windows to cope with non-ascii file names.
This is quite a large but fortunately straightforward change. At a
very few places we keep using stdio (for example due to the use of
popen).
GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <[email protected]>
|
|
* scd/ccid-driver.c (bulk_in): Handle the case of missing intr_cb.
--
GnuPG-bug-id: 5065
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (do_learn_status): Report any error.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/ccid-driver.c (intr_cb): More useful debug output.
(ccid_slot_status): Remove redundant condition.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/ccid-driver.c (ccid_setup_intr): Reset the endpoint.
(ccid_vendor_specific_init): Don't call libusb_clear_halt.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/ccid-driver.c (ccid_open_usb_reader): On error, call
libusb_release_interface.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/ccid-driver.c (ccid_slot_status): Handle LIBUSB_ERROR_TIMEOUT.
--
With SPR532, at the first connection, it fails by
LIBUSB_ERROR_TIMEOUT, but no retry.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/apdu.c (close_ccid_reader): Clear the handle.
(open_ccid_reader): Likewise.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/ccid-driver.c (ccid_vendor_specific_init): Put some workaround
for SPR532 initialization.
(ccid_slot_status): Send ESCape command after GetSlotStatus.
GnuPG-bug-id: 5065
Fixes-commit: 4fae55f8ee11b3f710524e5e8b8a91b159949f2d
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/apdu.c (struct reader_table_s): Remove is_spr532.
(pcsc_vendor_specific_init): Send the ESC command for SPR532.
(pcsc_pinpad_verify, pcsc_pinpad_modify): Remove no_lc hack.
--
The "no_lc" hack lets PC/SC-lite send the ESC command for SPR532
internally, for pcsc_pinpad_verify. However, PC/SC-lite doesn't do
that for pcsc_pinpad_modify, unfortunately. Besides, I'm not sure
this hack works on Windows, which has different implementation of
PC/SC service.
It's better to send the ESC command by the driver explicitly, at the
initialization. Sending the ESC command results PCSC_E_NOT_TRANSACTED
error when a card is not active (that is the case, usually). We
ignore this error.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/ccid-driver.c (ccid_vendor_specific_init): Submit the ESC
command for VENDOR_SCM.
(ccid_transceive_secure): Don't submit the ESC command every time.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/ccid-driver.c (intr_cb): Handle the case of multiple messages.
--
SPR532 USB Smart Card Reader (also know as SPR332) may send two
messages at once for a single interrupt transfer. An example transfer
observed was like: 50 03 50 02, which is considered valid, according
to the CCID specification.
GnuPG-bug-id: 5065
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (send_keypair_info): Emit the algo string as part
of a KEYPAIRINFO.
* scd/command.c (do_readkey): Ditto.
* scd/app-piv.c (do_readkey): Ditto.
* scd/app-nks.c (do_learn_status_core): Ditto.
(struct fid_cache_s): Add field algostr.
(flush_fid_cache): Release it.
(keygripstr_from_pk_file): Fill it and add it to the cache. Use a
single exit label.
* scd/app-help.c (app_help_get_keygrip_string_pk): Add new arg
r_algostr. Change all callers.
--
This is helpful so that callers do not need to parse the key for this
basic information. Use "scd readkey --info-only" to return the info
status line instead of the key material; using just --info returns the
info in addition to the key material.
Signed-off-by: Werner Koch <[email protected]>
|
|
* scd/app-openpgp.c (change_keyattr): Clear all PINs.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (do_setattr): Clear PINs.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (do_setattr): Handle kdf-seup "off" for Gnuk.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/card-util.c (kdf_setup): Fix the default value.
* scd/app-openpgp.c (do_setattr): Support kdf-setup "off" by
Zeitcontrol. Make sure Gnuk and Yubikey work well.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (verify_chv2): Call verify_a_chv with chvno=1
when needed.
--
Confusingly, verify_chv2 has two different purposes; One for
verifying with CHV2 (in addition to CHV1), and the call by
CHECKPIN. For the latter, we should check CHV1.
Fixes-commit: af189be481df02a77e088aa0a60a1fc02dfa12bf
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-piv.c (map_curve_name_to_oid): New.
(my_cmp_public_key): New.
(do_writecert): Replace simple memcmp by cmp_canon_sexp.
--
GnuPG-bug-id: 5061
|
|
* scd/app-openpgp.c (do_setattr): Call flush_cache_item always.
--
Only it was called when there was an object with KDF_DATA_LENGTH_MAX.
No matter the VALUELEN, it should be flushed.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (get_public_key): Handle wrong code for Yubikey.
--
Yubikey version 5 s/n 609074582 returns 0x6982, version 5.2.4 s/n
610616049 returns 0x6581, where 0x6a88 is expected.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (data_objects): It may be longer.
Fixes-commit: 90d0072165cc5c6888f14462392a211de0c4b232
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
--
The limit on 4 readers I introduced in 2003 is too low for some of our
use cases. 16 looks better. TODO: Return a useful error message in
gpg-card if the limit has been reached.
Signed-off-by: Werner Koch <[email protected]>
|
|
* scd/app-openpgp.c (do_getattr): Support Gnuk, as well.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (data_objects): 0x00FA for binary data.
(do_getattr): Parse the data and send it in status lines.
(get_algorithm_attribute_string): New.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* cd/app-openpgp.c (data_objects): Add 0x00FA.
(do_getattr): Add KEY-ATTR-INFO.
--
See the section 4.4.3.11 Algorithm Information in the OpenPGP card
functional specification version 3.4.1.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/command.c (cmd_apdu): Add new option --data-atr.
* tools/gpg-card.c (cmd_apdu): Use that here. Also fix the --exlen
option and do not print the statusword in atr mode.
* tools/card-call-scd.c (scd_apdu): Detect atr mode anddon't assume a
status word.
Signed-off-by: Werner Koch <[email protected]>
|
|
* scd/app.c (app_new_register): Do not use apdu_get_slot.
--
apdu_get_slot() may only be used after the APP has been initialized.
Thus we need to pass teh slot here directly.
Fixes-commit: 9f148360a2bf04672b43ef7cec48e21d44b06ae1
Signed-off-by: Werner Koch <[email protected]>
|
|
* scd/app-common.h (cardtype_t): Add CARDTYPE_GNUK and
CARDTYPE_ZEITCONTROL.
* scd/app.c (strcardtype): Handle CARDTYPE_GNUK and
CARDTYPE_ZEITCONTROL.
(app_new_register): Detect Gnuk and Zeit Control implementation
by examining its ATR string.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (verify_chv2): Check availability of keys in
question.
--
With buggy Gnuk (<= 1.2.15), when no encr/auth keys are available,
it fails decrementing the signature error counter. This change
can avoid the issue.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (do_change_pin): Initialize resultlen2.
(do_change_pin): Don't call wipe_and_free on the error path.
Initialize bufferlen2.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/apdu.c (open_ccid_reader): Add arg r_cciderr.
(apdu_open_reader): Print a note on EPERM of the USB device.
Signed-off-by: Werner Koch <[email protected]>
|
|
* scd/ccid-driver.h (CCID_DRIVER_ERR_USB_*): New error codes.
* scd/apdu.h: New SW_HOST error codes.
* scd/apdu.c (host_sw_string): Print them
* scd/ccid-driver.c (map_libusb_error): New.
(ccid_open_usb_reader, bulk_in, abort_cmd): Map libusb error codes.
* scd/iso7816.c (map_sw): Map new codes to gpg-error.
--
This change will help to get low level error conditions from hipher
application code.
Signed-off-by: Werner Koch <[email protected]>
|
|
* scd/app-piv.c (do_sign): Allow for PSS.
--
This has been tested with Scute and Openvpn.
Signed-off-by: Werner Koch <[email protected]>
|
