aboutsummaryrefslogtreecommitdiffstats
path: root/scd (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* scd:nks: Don't flag the ESIGN keypair EF as encryption capable.Werner Koch2022-10-201-1/+1
| | | | | | | | | | | * scd/app-nks.c (filelist): Tweak 0x4531. -- Actually the certificate has no encryption usage but we should also tell that via KEYINFO so that this key is never tried to create an encryption certificate. (cherry picked from commit 3a2fb1c30633373d17880469e0b84ab2a9524585)
* scd:nks: Some code cleanup.Werner Koch2022-10-201-107/+100
| | | | | | | | | | | | | | * scd/app-nks.c (find_fid_by_keyref): Factor keyref parsing out to ... (parse_keyref): new. (do_readcert): Use new function instead of partly duplicated code. Make detection of keygrip more robust. (do_readkey): Make detection of keygrip more robust. (do_with_keygrip): Use get_nks_tag. -- Also added a couple of comments. (cherry picked from commit b92b3206e72b635fd815eaf85e7acc67c2a52ffe)
* scd:nks: Support the Telesec ESIGN application.Werner Koch2022-10-201-26/+81
| | | | | | | | | | | | | | | | | * scd/app-nks.c (find_fid_by_keyref): Disable the cache for now. (readcert_from_ef): Considere an all zero certificate as not found. (do_sign): Support ECC and the ESIGN application. -- This allows me to create qualified signatures using my Telesec card. There is of course more work to do but this is the first step. Note: The design of the FID cache needs to be reconsidered. Until that the lookup here has been disabled. The do_sign code should be revamped to be similar to what we do in app-p15. GnuPG-bug-id: 5219, 4938, 6252 Backported-from-master: 07eaf006c2763a6b40d2734b1c6704da466e0ed0
* scd:nks: Return USAGE information for KEYINFO command.NIIBE Yutaka2022-10-204-25/+26
| | | | | | | | | | | | | | | | | * scd/app-nks.c (set_usage_string): New. (do_learn_status_core, do_readkey): Use set_usage_string. (do_with_keygrip): Add USAGE to call send_keyinfo, using set_usage_string. * scd/command.c (send_keyinfo): Add arg usage. -- Signed-off-by: NIIBE Yutaka <[email protected]> Backported-from-master: 5264d3f58e8a8362900c3518bdd683ff9a23cccc GnuPG-bug-id: 6252 This backports only the NKS parts of the original patch Signed-off-by: Werner Koch <[email protected]>
* scd:nks: Handle APP_READKEY_FLAG_INFO.Werner Koch2022-10-201-52/+117
| | | | | | | | | | | | | | | * scd/app-nks.c (keygripstr_from_pk_file): Fix ignored error. (get_nks_tag): New. (do_learn_status_core): Use it. Make sure not to mange the KEYPAIRINFO line if no usage is known. (do_readkey): Output the KEYPAIRINFO for the keygrip case. -- Note that this only handles the most common case of providing a keygrip. $AUTHKEYID and ODLM are not yet supported. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 63320ba2f8147ee86f4406c9590f6b28cad4771d)
* scd:nks: Add support for signing plain SHA-2 digests.Ingo Klöcker2022-10-201-17/+67
| | | | | | | | | | | | * scd/app-nks.c (do_sign): Handle plain SHA-2 digests and verify encoding of ASN.1 encoded hashes. -- This makes it possible to create CSRs for NetKey card keys which are signed with SHA256 by default. GnuPG-bug-id: 5184 (cherry picked from commit 8fe976d5b9a0f2902868737dd502c749565222a6)
* scd:nks: Support READKEY with keygrip and for "NKS-IDLM" keyref.NIIBE Yutaka2022-10-201-0/+22
| | | | | | | | | | | * scd/app-nks.c (do_readkey): Allow KEYGRIP access. Support NKS-IDLM.XXXX keyref. -- GnuPG-bug-id: 5150 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 3b392630881350baabeba16fa760bad04be94d03)
* scd:nks: Factor out pubkey retrieval from keygrip handling.NIIBE Yutaka2022-10-201-84/+72
| | | | | | | | * scd/app-nks.c (pubkey_from_pk_file): New. (keygripstr_from_pk_file): Use pubkey_from_pk_file. Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit b7c087375d84c31ab8a645cd81e6b1e6185cb30d)
* scd:nks: Add support of KEYGRIP for do_readcert.NIIBE Yutaka2022-10-201-0/+18
| | | | | | | | | | * scd/app-nks.c (do_readcert): Support KEYGRIP. -- GnuPG-bug-id: 5150 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 4020cd9d656264bec5e7fb5e45c5e06eff8656c3)
* scd:nks: Factor out iteration over filelist.NIIBE Yutaka2022-10-201-78/+114
| | | | | | | | * scd/app-nks.c (iterate_over_filelist): New. (do_with_keygrip): Use iterate_over_filelist. Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 6c4365847666cefac73ccc743a99fac473da2186)
* scd:nks: Fix caching keygrip (more).NIIBE Yutaka2022-10-201-5/+7
| | | | | | | | | | | * scd/app-nks.c (keygripstr_from_pk_file): Distinguish by APP_ID. -- GnuPG-bug-id: 5150, 5161 Signed-off-by: NIIBE Yutaka <[email protected]> Backported-from-master: 87d2c579cc38c1d2787945650125fb0e0336652c Fixes-commit: 00f594e3ecb26b010e87d5491b648369e7a92408
* scd:nks: Minor additions to the basic IDLM application support.Werner Koch2022-10-201-15/+25
| | | | | | | | | | | | | | | * scd/app-nks.c (filelist): Use special value -1 for IDLM pubkeys. (keygripstr_from_pk_file): Handle special value. (do_readcert): Ditto. (do_writecert): Ditto. -- This allows to get information about the keys from the card. However the do_readkey still requires a fallback to readcert. This does not work because there are no certificates yet on the card. The fix is to fully implement do_readkey. (cherry picked from commit 806547d9d243b26c2275fc00c645ee39d258b49b)
* scd,nks: Fix caching keygrip.NIIBE Yutaka2022-10-201-3/+4
| | | | | | | | | | * scd/app-nks.c (keygripstr_from_pk_file): Identify by cfid if available. -- GnuPG-bug-id: 5150, 6252 Signed-off-by: NIIBE Yutaka <[email protected]> Backported-from-master: 920154370834ad8d947aed19c9d914a27dde6baa:
* scd:nks: Emit the algo string with KEYPAIRINFOWerner Koch2022-10-201-15/+48
| | | | | | | | | | | | | | | | | | | * scd/app-nks.c (do_learn_status_core): Emit the algo string as part of a KEYPAIRINFO. (struct fid_cache_s): Add field algostr. (flush_fid_cache): Release it. (keygripstr_from_pk_file): Fill it and add it to the cache. Use a single exit label. Set algostr. -- Signed-off-by: Werner Koch <[email protected]> Backported-from-master: 26da47ae53d51e16ae6867cd419ddbf124a94933 Backported-from-master: 006944b856ee2202905290e8a2f5523a7877d444 GnuPG-bug-id: 6252, 5144 This has been backported to keep this, and only this, module in sync with master. All other changes from the original patch have been stripped.
* scd:nks: Implement writecert for the Signature card v2.Werner Koch2022-10-203-8/+134
| | | | | | | | | | | | | | | | | | * scd/iso7816.c (CMD_UPDATE_BINARY): New. (iso7816_update_binary): New. * scd/app-nks.c (do_deinit): Factor some code out to... (flush_fid_cache): new. (do_writecert): New. (app_select_nks): Register new handler. -- This has been backported only to make the following backpoorts easier. The code is only used in 2.3; for details see the original commit message. Signed-off-by: Werner Koch <[email protected]> Backported-from-master: c1663c690b29d2dea8bc782c42de5eca08a24cc9 GnuPG-bug-id: 6252
* scd:nks: Fix certificate read problem with TCOS signature card v2.Werner Koch2022-10-201-0/+2
| | | | | | | | | | * scd/app-nks.c (filelist): Add a dedicated key entry for ESIGN. (do_readcert): Test for the app_id. -- Signed-off-by: Werner Koch <[email protected]> Backported-from-master: 07aef873ebc77241e9a2be225537319f6fc15a41 GnuPG-bug-id: 6252
* scd:nks: Fix remaining tries warning in --reset mode.Werner Koch2022-10-201-9/+10
| | | | | | | | | * scd/app-nks.c (do_change_pin): Change computation of 'remaining'. -- Signed-off-by: Werner Koch <[email protected]> Backported-from-master: 2429e8559844e27de478d7e90834a714b3748834 GnuPG-bug-id: 6252
* scd:nks: Add framework to support IDKey cards.Werner Koch2022-10-201-51/+124
| | | | | | | | | | | | | | | | | | | | | * scd/app-nks.c (NKS_APP_IDLM): New. (struct app_local_s): Replace NKS_VERSION by the global APPVERSION. (do_learn_status): Always send CHV-STATUS. (find_fid_by_keyref): Basic support for IDLM only use. (do_learn_status_core): Ditto. (do_readcert): Ditto. (verify_pin): Ditto. (parse_pwidstr): Ditto. (do_with_keygrip): Ditto. (switch_application): Ditto. (app_select_nks): Fallback to IDLM. -- Backported-from-master: 1f6a39092fe4b5f02bc4741a0a23d102d30f4063 GnuPG-bug-id: 6252 Also not directly required for the Signature Card 2.0, it is easier to port this patch as well.
* scd:nks: Get the PIN prompts right for the Signature CardWerner Koch2022-10-201-56/+136
| | | | | | | | | | | | | * scd/app-nks.c (get_dispserialno): Move more to the top. (do_getattr): Add $DISPSERIALNO and SERIALNO. Make CHV-STATUS work with NKS15. (verify_pin): Use dedicated min. PIN lengths. (parse_pwidstr): Support NKS15 -- GnuPG-bug-id: 4938 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit aecc008acb64ebbb6c667c4a128af4e61da57f84)
* scd:nks: Support decryption using ECDH.Werner Koch2022-10-201-74/+307
| | | | | | | | | | | | | | | | | | * scd/app-nks.c (struct fid_cache_s): Add field 'algo'. (keygripstr_from_pk_file): Add arg 'r_algo' to return the algo. (find_fid_by_keyref): Ditto. (get_dispserialno): New. (make_prompt): New. (verify_pin): Provide better prompts. (do_decipher): Support ECDH. (parse_pwidstr): Add hack tospecify any pwid.. (do_change_pin): Support Signature Card V2.0 (NKS15) style NullPIN. Provide a better prompt. -- GnuPG-bug-id: 4938, 6252 Signed-off-by: Werner Koch <[email protected]> Backported-from-master: af45d884aa1c3eccbc6972a2e5197ece3fd1987a
* scd:nks: Add do_with_keygrip and implement a cache.Werner Koch2022-10-201-90/+349
| | | | | | | | | | | | | | | * scd/app-nks.c (struct fid_cache_s): New. (struct app_local_s): Add field 'fid_cache'. (do_deinit): Release the cache. (keygripstr_from_pk_file): Implement the cache. (find_fid_by_keyref): New (do_sign, do_decipher): Use new function. (do_with_keygrip): New. -- Signed-off-by: Werner Koch <[email protected]> Backported-from-master: 1e72a1a218490c0fc07811a02ddad6cc38913f77 GnuPG-bug-id: 6252
* scd:nks: Allow retrieving certificates from a Signature Card v.20Werner Koch2022-10-201-165/+302
| | | | | | | | | | | | | * scd/app-nks.c: Major rework to support non-RSA cards. -- This is a fist step so support this ECC card. The code has been reworked while taking care that old cards should keep on working. Signed-off-by: Werner Koch <[email protected]> Backported-from-master: f05a32e5c9db7d0840c74fccc350a9e0ff5fb819 GnuPG-bug-id: 6252
* scd: Add npth_unprotect/npth_protect for blocking operations.NIIBE Yutaka2022-08-311-0/+20
| | | | | | | | | | * scd/ccid-driver.c (ccid_open_usb_reader): Name the thread. (ccid_vendor_specific_setup, ccid_open_usb_reader): Wrap blocking operations by npth_unprotect/npth_protect. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:openpgp: Fix workaround for Yubikey heuristics.NIIBE Yutaka2022-07-131-8/+21
| | | | | | | | | | | | | * scd/app-openpgp.c (parse_algorithm_attribute): Handle the case of firmware 5.4, too. -- Cherry-picked master commit of: f34b9147eb3070bce80d53febaa564164cd6c977 GnuPG-bug-id: 6070 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fail when no good algorithm attribute.NIIBE Yutaka2022-07-131-18/+29
| | | | | | | | | | | | | | | | | * scd/app-openpgp.c (parse_algorithm_attribute): Return the error. (change_keyattr): Follow the change. (app_select_openpgp): Handle the error of parse_algorithm_attribute. -- Backport master commit of: 53eddf9b9ea01210f71b851b5cb92a5f1cdb6f7d This change allows following invocation of app_select_openpgp, which may work well (if the problem is device side for initial connection). GnuPG-bug-id: 5963 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Don't inhibit SSH authentication for larger data if it can.NIIBE Yutaka2022-07-121-0/+5
| | | | | | | | | | | | * scd/app-openpgp.c (do_auth): Use command chaining if available. -- Cherry-picked from master branch of: e8fb8e2b3e66d5ea8a3dc90afdc14611abf2c3da GnuPG-bug-id: 5935 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent,scd: Make sure to set CONFIDENTIAL flag in Assuan.NIIBE Yutaka2022-06-091-0/+2
| | | | | | | | | | | | | | | * agent/call-scd.c (inq_needpin): Call assuan_begin_confidential and assuan_end_confidential, and wipe the memory after use. * agent/command.c (cmd_preset_passphrase): Likewise. * scd/command.c (pin_cb): Likewise. -- Backport the change of master commit of: 052f58422dca1044aba7acb4cf57416e7a8cb01f GnuPG-bug-id: 5977 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:p15: Fix accidental commit of debug codeWerner Koch2022-06-011-6/+3
| | | | | | | * scd/app-p15.c (do_sign): Revert MSE setting. -- Fixes-commit: 91acbdc93c8a6ae06b483a27c8bb7c33a978108d
* scd: Shorten cardio debug output for all zeroes.Werner Koch2022-06-011-4/+33
| | | | | | | | * scd/apdu.c (all_zero_p): New. (send_le): Use it. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 9b6f574928546e6905a92c3e74d72478f1585c66)
* scd: Fix use of SCardListReaders for PC/SC.NIIBE Yutaka2022-05-171-1/+1
| | | | | | | | | | | | | * scd/apdu.c (open_pcsc_reader): Initialize NREADER. -- Backport master commit of: 1b1684cf6192d9edb90a54ebe4a0e66b3d59a44b Reported-by: Ludovic Rousseau GnuPG-bug-id: 5979 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add workaround for ECC attribute on Yubikey.NIIBE Yutaka2022-05-101-1/+2
| | | | | | | | | | | | | * scd/app-openpgp.c (parse_algorithm_attribute): Skip possibly bogus octet in a key attribute. -- Apply master commit of: 054d14887ef8fa1cbadef4ed2ea28213f25f5d25 GnuPG-bug-id: 5963 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:p15: Improve the displayed S/N for Technology Nexus cards.Werner Koch2022-05-061-6/+42
| | | | | | | | | * scd/app-p15.c (any_control_or_space_mem): New. (get_dispserialno): Add new code. -- This works with my test cards and now reflects what's printed on the front matter of the card.
* scd:p15: Fix the the sanity check of the displayed S/N.Werner Koch2022-05-061-2/+6
| | | | | | | | | * scd/app-p15.c (any_control_or_space): Fix loop. -- This check is only done to avoid printing wrongly encoded S/N for human consumption. e
* scd:p15: Fix reading certificates without length info.Werner Koch2022-05-051-6/+23
| | | | | | * scd/app-p15.c (readcert_by_cdf): Do not use extended mode if the CDF object has no length info. Add debug output when reading a cert. (read_p15_info): No more need to disable extended mode for GeNUA cards.
* scd: New debug flags "card".Werner Koch2022-05-052-1/+4
| | | | | | | | | | * scd/scdaemon.c (debug_flags): Add "card". * scd/scdaemon.h (DBG_CARD_VALUE, DBG_CARD): New. -- Some information from parsing the card are often very helpful. However, the card_io triggered APDU dumps are in most cases too heavy. Thus this new debug flag.
* scd: Minor code reorganizationWerner Koch2022-04-141-17/+22
| | | | | * scd/ccid-driver.c: Move struct defines to the top. (MAX_DEVICE): Rename to CCID_MAX_DEVICE.
* scd: Fix memory leak in ccid-driver.Werner Koch2022-04-141-9/+9
| | | | | | | | | | | * scd/ccid-driver.c (ccid_dev_scan): Use loop var and not the count. -- Due to an assignment out of bounds this might lead to a crash if there are more than 15 readers. In any case it fixes a memory leak. Kudos to the friendly auditor who found that bug. Fixes-commit: 8a41e73c31adb86d4a7dca4da695e5ad1347811f
* scd:p15: Improve the PIN prompt for Genua cards.Werner Koch2022-04-131-4/+26
| | | | | | | * scd/app-p15.c (CARD_PRODUCT_GENUA): New. (cardproduct2str): Add it. (read_p15_info): Detect and set GENUA (make_pin_prompt): Take holder string from the AODF.
* scd:p15: Support for GeNUA cards.Werner Koch2022-04-131-1/+10
| | | | | * scd/app-p15.c (read_p15_info): Disable extended mode for Genua cards.
* scd:p15: Prepare AODF parsing for other authentication types.Werner Koch2022-04-131-329/+372
| | | | | | | | | | | | | | * scd/app-p15.c (auth_type_t): New. (struct aodf_object_s): Add field auth_type. (read_ef_aodf): Distinguish between pin and authkey types. Include the authtype in the verbose mode diags. -- Note that the bulk of changes are just indentation changes. There should be no functional change. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e387cc97c82313457e4f79729a137e5871891bc1)
* scd:p15: Add basic support for AET JCOP cards.Werner Koch2022-04-131-5/+46
| | | | | | | | | | | | | | * scd/app-p15.c (CARD_TYPE_AET): New. (cardtype2str): Add string. (card_atr_list): Add corresponding ATR. (app_local_s): New flag no_extended_mode. Turn two other flags into bit flags. (select_ef_by_path): Hack to handle the 3FFF thing. (readcert_by_cdf): Do not use extended mode for AET. (app_select_p15): Set no_extended_mode. --- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 544ec7872aed24c296ea34fac777eca287f7bb47)
* scd:p15: Used extended mode already for RSA 2048Werner Koch2022-02-211-2/+2
| | | | | * scd/app-p15.c (do_sign, do_decipher): Replace GT by GE. --
* scd: Use lock_slot for apdu_send_direct.NIIBE Yutaka2022-02-171-1/+1
| | | | | | | | | | | | | | | | | * scd/apdu.c (apdu_send_direct): Use lock_slot. -- Cherry-pick the master commit of: f808012ac2cf67ec563da178d963f300a7f2564d With trylock_slot, it may return SW_HOST_BUSY. This may occur when apdu_get_status is called by scd_update_reader_status_file. Simply using lock_slot is much easier for user of apdu_send_direct. GnuPG-bug-id: 5831 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Also prefer Yubikeys if no reader port is given.Werner Koch2022-01-251-1/+2
| | | | * scd/apdu.c (select_a_reader): Extend the white list.
* scd: Re-group the options in the --help output.Werner Koch2021-12-291-10/+22
| | | | | | | | | | -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit daf5f4355db7c4203f5b7e01807956328a7d173c)
* gpgconf: Support reading global options (part 2).Werner Koch2021-12-291-2/+3
| | | | | | | | | | | | | | | | | | | | | * tools/gpgconf-comp.c: Remove all regular option descriptions. They are now read in from the component. Also remove a few meanwhile obsolete options. * agent/gpg-agent.c: Add option description which were only set in gpgconf-comp.c. * dirmngr/dirmngr.c: Ditto. * scd/scdaemon.c: Ditto. * sm/gpgsm.c: Ditto. * g10/gpg.c: Ditto. -- This second part removes all regular option descriptions because they can be read from the components. A few were missing in the components and thus moved to there. Signed-off-by: Werner Koch <[email protected]> This is a backport from master (2.3).
* scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE.NIIBE Yutaka2021-11-151-0/+8
| | | | | | | | | | * scd/app-openpgp.c (do_auth): Use extended Lc, when supported. -- GnuPG-bug-id: 5682 Co-authored-by: Klas Lindfors Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: More conservative selection of a card reader.NIIBE Yutaka2021-11-101-1/+1
| | | | | | | | | | * scd/apdu.c (select_a_reader): Only SPRx32 is in the white list. -- GnuPG-bug-id: 5644 Fixes-commit: 752422a792cecf459b37f517d634bcf272292b14 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Select a reader for PC/SC.NIIBE Yutaka2021-10-221-4/+76
| | | | | | | | | | * scd/apdu.c (select_a_reader): New. (open_pcsc_reader): Use select_a_reader. -- GnuPG-bug-id: 5644 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Remove context reference counting from pc/scWerner Koch2021-09-141-22/+16
| | | | | | | | | | | | | | | | | | | | * scd/apdu.c (pcsc): Add flag context_valid, remove count. (close_pcsc_reader): Use new flag instead of looking at magic context value. (pcsc_init): Set new flag. (open_pcsc_reader): Use new flag. (apdu_init): Clear new flag. * scd/apdu.c: Remove assert.h. Replace all assert by log_assert. -- The previous fix 192113552faa98f40cc91fe014ec55861474626c did not help, thus the new hypothesis is that PC/SC might return a valid context with the value -1. We now use a dedicated flag to track the validity of the context. The reference counting seems to be superfluous and is a relict due to backporting from 2.3. Removed.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 19:45:24 +0000