aboutsummaryrefslogtreecommitdiffstats
path: root/scd (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* scd: Extend KEYPAIRINFO with an algorithm string.Werner Koch2020-09-216-22/+98
| | | | | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (send_keypair_info): Emit the algo string as part of a KEYPAIRINFO. * scd/command.c (do_readkey): Ditto. * scd/app-piv.c (do_readkey): Ditto. * scd/app-nks.c (do_learn_status_core): Ditto. (struct fid_cache_s): Add field algostr. (flush_fid_cache): Release it. (keygripstr_from_pk_file): Fill it and add it to the cache. Use a single exit label. * scd/app-help.c (app_help_get_keygrip_string_pk): Add new arg r_algostr. Change all callers. -- This is helpful so that callers do not need to parse the key for this basic information. Use "scd readkey --info-only" to return the info status line instead of the key material; using just --info returns the info in addition to the key material. Signed-off-by: Werner Koch <[email protected]>
* scd: Clear PIN cache when changing key attributes.NIIBE Yutaka2020-09-161-1/+4
| | | | | | * scd/app-openpgp.c (change_keyattr): Clear all PINs. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Clear caching PIN at KDF setup.NIIBE Yutaka2020-09-161-0/+4
| | | | | | * scd/app-openpgp.c (do_setattr): Clear PINs. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add better support for KDF feature.NIIBE Yutaka2020-09-161-0/+7
| | | | | | * scd/app-openpgp.c (do_setattr): Handle kdf-seup "off" for Gnuk. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg,scd: Fix handling of KDF feature.NIIBE Yutaka2020-09-161-11/+23
| | | | | | | | * g10/card-util.c (kdf_setup): Fix the default value. * scd/app-openpgp.c (do_setattr): Support kdf-setup "off" by Zeitcontrol. Make sure Gnuk and Yubikey work well. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix the use case of verify_chv2 by CHECKPIN.NIIBE Yutaka2020-09-151-21/+25
| | | | | | | | | | | | | | * scd/app-openpgp.c (verify_chv2): Call verify_a_chv with chvno=1 when needed. -- Confusingly, verify_chv2 has two different purposes; One for verifying with CHV2 (in addition to CHV1), and the call by CHECKPIN. For the latter, we should check CHV1. Fixes-commit: af189be481df02a77e088aa0a60a1fc02dfa12bf Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:piv: Avoid conflict when writing a cert.Werner Koch2020-09-111-1/+63
| | | | | | | | | * scd/app-piv.c (map_curve_name_to_oid): New. (my_cmp_public_key): New. (do_writecert): Replace simple memcmp by cmp_canon_sexp. -- GnuPG-bug-id: 5061
* scd: Flush KDF DO (0x00F9) when it's being set.NIIBE Yutaka2020-09-101-3/+3
| | | | | | | | | | | * scd/app-openpgp.c (do_setattr): Call flush_cache_item always. -- Only it was called when there was an object with KDF_DATA_LENGTH_MAX. No matter the VALUELEN, it should be flushed. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add a workaround for Yubikey.NIIBE Yutaka2020-09-081-0/+3
| | | | | | | | | | | * scd/app-openpgp.c (get_public_key): Handle wrong code for Yubikey. -- Yubikey version 5 s/n 609074582 returns 0x6982, version 5.2.4 s/n 610616049 returns 0x6581, where 0x6a88 is expected. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix handling 0x00FA to support OpenPGP card 3.4.NIIBE Yutaka2020-09-071-1/+1
| | | | | | | * scd/app-openpgp.c (data_objects): It may be longer. Fixes-commit: 90d0072165cc5c6888f14462392a211de0c4b232 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Increase the number of supported readers from 4 to 16.Werner Koch2020-09-042-2/+3
| | | | | | | | | | -- The limit on 4 readers I introduced in 2003 is too low for some of our use cases. 16 looks better. TODO: Return a useful error message in gpg-card if the limit has been reached. Signed-off-by: Werner Koch <[email protected]>
* scd: Support GET DATA response with no header for DO 0x00FA.NIIBE Yutaka2020-09-041-25/+28
| | | | | | * scd/app-openpgp.c (do_getattr): Support Gnuk, as well. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Parse "Algorithm Information" data object in scdaemon.NIIBE Yutaka2020-09-041-2/+106
| | | | | | | | * scd/app-openpgp.c (data_objects): 0x00FA for binary data. (do_getattr): Parse the data and send it in status lines. (get_algorithm_attribute_string): New. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add handling of "Algorithm Information" DO.NIIBE Yutaka2020-09-031-0/+2
| | | | | | | | | | | | * cd/app-openpgp.c (data_objects): Add 0x00FA. (do_getattr): Add KEY-ATTR-INFO. -- See the section 4.4.3.11 Algorithm Information in the OpenPGP card functional specification version 3.4.1. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: New option to APDU command to return the ATR as data.Werner Koch2020-08-271-2/+16
| | | | | | | | | | * scd/command.c (cmd_apdu): Add new option --data-atr. * tools/gpg-card.c (cmd_apdu): Use that here. Also fix the --exlen option and do not print the statusword in atr mode. * tools/card-call-scd.c (scd_apdu): Detect atr mode anddon't assume a status word. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix reading of the ATR for card type detection.Werner Koch2020-08-271-1/+1
| | | | | | | | | | | * scd/app.c (app_new_register): Do not use apdu_get_slot. -- apdu_get_slot() may only be used after the APP has been initialized. Thus we need to pass teh slot here directly. Fixes-commit: 9f148360a2bf04672b43ef7cec48e21d44b06ae1 Signed-off-by: Werner Koch <[email protected]>
* scd: Add heuristics to identify cardtype.NIIBE Yutaka2020-08-272-3/+23
| | | | | | | | | | | * scd/app-common.h (cardtype_t): Add CARDTYPE_GNUK and CARDTYPE_ZEITCONTROL. * scd/app.c (strcardtype): Handle CARDTYPE_GNUK and CARDTYPE_ZEITCONTROL. (app_new_register): Detect Gnuk and Zeit Control implementation by examining its ATR string. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add condition for VERIFY with 0x82.NIIBE Yutaka2020-08-271-4/+9
| | | | | | | | | | | | | * scd/app-openpgp.c (verify_chv2): Check availability of keys in question. -- With buggy Gnuk (<= 1.2.15), when no encr/auth keys are available, it fails decrementing the signature error counter. This change can avoid the issue. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix possible uninitialized variables.NIIBE Yutaka2020-08-192-8/+8
| | | | | | | | * scd/app-openpgp.c (do_change_pin): Initialize resultlen2. (do_change_pin): Don't call wipe_and_free on the error path. Initialize bufferlen2. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Log info about CCIDs with permission problems.Werner Koch2020-08-121-3/+13
| | | | | | | * scd/apdu.c (open_ccid_reader): Add arg r_cciderr. (apdu_open_reader): Print a note on EPERM of the USB device. Signed-off-by: Werner Koch <[email protected]>
* scd: Map some error codes from libusb to ccid-driver error codes.Werner Koch2020-08-125-12/+57
| | | | | | | | | | | | | | | * scd/ccid-driver.h (CCID_DRIVER_ERR_USB_*): New error codes. * scd/apdu.h: New SW_HOST error codes. * scd/apdu.c (host_sw_string): Print them * scd/ccid-driver.c (map_libusb_error): New. (ccid_open_usb_reader, bulk_in, abort_cmd): Map libusb error codes. * scd/iso7816.c (map_sw): Map new codes to gpg-error. -- This change will help to get low level error conditions from hipher application code. Signed-off-by: Werner Koch <[email protected]>
* scd:piv: Allow signing using PSS.Werner Koch2020-08-101-1/+10
| | | | | | | | | * scd/app-piv.c (do_sign): Allow for PSS. -- This has been tested with Scute and Openvpn. Signed-off-by: Werner Koch <[email protected]>
* agent: Add option --pss to pksign to be used by smartcards.Werner Koch2020-08-101-1/+3
| | | | | | | | | | | | | | | * agent/command.c (cmd_sethash): Add option --pss and allow for --hash=null. * agent/agent.h (struct server_control_s): Add digest.is_pss and zero where needed. * agent/pksign.c (agent_pksign_do): Allow for PSS with cards. * scd/command.c (cmd_pksign): Add for --hash=none. -- This is not a full implementaion of PSS but allows scdaemon card drivers to detect already PSS formatted data. Signed-off-by: Werner Koch <[email protected]>
* scd: Silence compiler warning.NIIBE Yutaka2020-07-311-3/+3
| | | | | | * scd/app-openpgp.c (build_ecc_privkey_template): Fix allocation size. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix closing reader and reeleasing context in PC/SC.NIIBE Yutaka2020-07-171-0/+7
| | | | | | | | | | * scd/apdu.c (close_pcsc_reader): Unlock the reader_table_lock. (apdu_dev_list_finish): Release the context when no readers. -- Fixes-commit: 46d185f60397f68830bfdfb99627b29aea5016f1 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: PC/SC: Don't release the context when it's in use.NIIBE Yutaka2020-07-171-1/+1
| | | | | | | | | | * scd/apdu.c (close_pcsc_reader): Check if it's not in the loop. -- GnuPG-bug-id: 4998 Reported-by: Kevin Locke Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:nks: Implement writecert for the Signature card v2.Werner Koch2020-07-023-8/+133
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/iso7816.c (CMD_UPDATE_BINARY): New. (iso7816_update_binary): New. * scd/app-nks.c (do_deinit): Factor some code out to... (flush_fid_cache): new. (do_writecert): New. (app_select_nks): Register new handler. -- This can be used with gpg-card to write the 3 extra certificates of a Telesec TCOS Signature Card v2. The card with the qualified signature is distributed with the keys for encryption and advanced signatures but without the certificates. The certificates can be downloaded from the website after an mail confirmation. Unpacked the downloaded zipfile has these certificates: auth_zert.crt sig_zert.crt enc_zert.crt Using gpg-card issue these commands: writecert NKS-NKS3.4531 <sig_zert.crt writecert NKS-NKS3.45B1 <enc_zert.crt writecert NKS-NKS3.4571 <auth_zert.crt Don't mix that up, tight now there is no checking that the certificates match the public key. I also need to write another patch to actually implement signing and encryption with these nistp256 certificates. Signed-off-by: Werner Koch <[email protected]>
* scd:nks: Fix certificate read problem with TCOS signature card v2.Werner Koch2020-06-301-0/+2
| | | | | | | * scd/app-nks.c (filelist): Add a dedicated key entry for ESIGN. (do_readcert): Test for the app_id. Signed-off-by: Werner Koch <[email protected]>
* scd: Change how the removed card flag is set.Werner Koch2020-06-301-13/+14
| | | | | | | | | | | | * scd/command.c (cmd_serialno): Set/clear card removed flags for all connections using the current card. -- This seems to solve the problems I had in gpg-card and ssh. I am not sure why the old code was done this way - maybe an oversight when adding support for multiple cards. Signed-off-by: Werner Koch <[email protected]>
* scd: Shorten cardio debug output for all zeroes.Werner Koch2020-06-291-4/+33
| | | | | | | * scd/apdu.c (all_zero_p): New. (send_le): Use it. Signed-off-by: Werner Koch <[email protected]>
* scd:nks: Fix remaining tries warning in --reset mode.Werner Koch2020-06-251-9/+10
| | | | | | * scd/app-nks.c (do_change_pin): Chnage computaion of 'remaining'. Signed-off-by: Werner Koch <[email protected]>
* build: Fix recent commit for SOURCE_DATE_EPOCH.Werner Koch2020-06-081-1/+1
| | | | | | | | | | -- Fixes-commit: 074ab108e768b2f946d789c1f3a7f14a65e07c52 which was recently pushed to make use of $SOURCE_DATE_EPOCH as fallback. Also fixes two typos
* scd: Fix condition for C5 data object for newer Yubikey.NIIBE Yutaka2020-05-291-1/+1
| | | | | | | * scd/app-openpgp.c (compare_fingerprint): Relax the condition. GnuPG-bug-id: 4957 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:openpgp: New KEY-STATUS attribute.Werner Koch2020-05-271-1/+10
| | | | * scd/app-openpgp.c (do_getattr): Return KEY-STATUS
* scd:openpgp: Add attribute "UIF" for convenience.Werner Koch2020-05-261-5/+11
| | | | | | | | | | | | * scd/app-openpgp.c (do_getattr): New attrubute "UIF". (do_learn_status): Use that. -- Actually this is not just convenience but will make it easier to add new keys to an openpgp card - we will need to change this only at one place. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix Yubikey app switching problemWerner Koch2020-05-261-4/+12
| | | | | | | | | | | | | | * scd/app.c (select_all_additional_applications_internal): Re-select first app. Add arg 'ctrl'. -- Usually keygrip based access to the Yubikey does a switching back and forth and thus keeps the card and scdaemon's internal state in sync. However, if we do only a listing scdaemon did not reselect the first application (e.g. OpenPGP) after adding other applications (e.g. PIV) and thus led to wrong info returned in a listing. Signed-off-by: Werner Koch <[email protected]>
* scd:nks: Add framework to support IDKey cards.Werner Koch2020-05-071-51/+124
| | | | | | | | | | | | | | | * scd/app-nks.c (NKS_APP_IDLM): New. (struct app_local_s): Replace NKS_VERSION by the global APPVERSION. (do_learn_status): Always send CHV-STATUS. (find_fid_by_keyref): Basic support for IDLM only use. (do_learn_status_core): Ditto. (do_readcert): Ditto. (verify_pin): Ditto. (parse_pwidstr): Ditto. (do_with_keygrip): Ditto. (switch_application): Ditto. (app_select_nks): Fallback to IDLM. --
* scd:nks: Get the PIN prompts right for the Signature CardWerner Koch2020-05-071-56/+136
| | | | | | | | | | | | * scd/app-nks.c (get_dispserialno): Move more to the top. (do_getattr): Add $DISPSERIALNO and SERIALNO. Make CHV-STATUS work with NKS15. (verify_pin): Use dedicated min. PIN lengths. (parse_pwidstr): Support NKS15 -- GnuPG-bug-id: 4938 Signed-off-by: Werner Koch <[email protected]>
* scd:nks: Support decryption using ECDH.Werner Koch2020-05-071-75/+307
| | | | | | | | | | | | | | | | | * scd/app-nks.c (struct fid_cache_s): Add field 'algo'. (keygripstr_from_pk_file): Add arg 'r_algo' to return the algo. (find_fid_by_keyref): Ditto. (get_dispserialno): New. (make_prompt): New. (verify_pin): Provide better prompts. (do_decipher): Support ECDH. (parse_pwidstr): Add hack tospecify any pwid.. (do_change_pin): Support Signature Card V2.0 (NKS15) style NullPIN. Provide a better prompt. -- GnuPG-bug-id: 4938 Signed-off-by: Werner Koch <[email protected]>
* scd: Extend an internal function to also return the algo.Werner Koch2020-05-058-17/+24
| | | | | | | | * scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg r_algo. Change all callers. (app_help_get_keygrip_string): Ditto. Signed-off-by: Werner Koch <[email protected]>
* scd:nks: Add do_with_keygrip and implement a cache.Werner Koch2020-05-041-90/+349
| | | | | | | | | | | | * scd/app-nks.c (struct fid_cache_s): New. (struct app_local_s): Add field 'fid_cache'. (do_deinit): Release the cache. (keygripstr_from_pk_file): Implement the cache. (find_fid_by_keyref): New (do_sign, do_decipher): Use new function. (do_with_keygrip): New. Signed-off-by: Werner Koch <[email protected]>
* scd:nks: Allow retrieving certificates from a Signature Card v.20Werner Koch2020-04-171-164/+299
| | | | | | | | | | * scd/app-nks.c: Major rework to support non-RSA cards. -- This is a fist step so support this ECC card. The code has been reworked while taking care that old cards should keep on working. Signed-off-by: Werner Koch <[email protected]>
* scd: Detect missing card in "getinfo all_active_apps".Werner Koch2020-04-171-0/+5
| | | | | | | | | * scd/app.c (send_card_and_app_list): Detect no app case. -- This is a minor nug fix to return a better error message. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Return a display S/N via Assuan.Werner Koch2020-04-091-21/+54
| | | | | | | | * scd/app-p15.c (make_pin_prompt): Factor some code out to ... (get_dispserialno): this. (do_getattr): Use new fucntion for a $DISPSERIALNO. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Show a pretty PIN prompt.Werner Koch2020-04-071-13/+197
| | | | | | | | | | | | | | | | | | | | * scd/app-p15.c (struct prkdf_object_s): New fields common_name and serial_number. (release_prkdflist): Free them. (keygrip_from_prkdf): Parse cert and set them. (any_control_or_space): New. (make_pin_prompt): New. (verify_pin): Construct a pretty PIN prompt. (do_sign): Remove debug output. -- The D-Trust card has the SerialNumber part of the Subject printed on the front matter, we assume this is also possible with other cards and thus we show this as serial number. The holder of the card is also extracted from the card's subject. Signed-off-by: Werner Koch <[email protected]>
* scd: Return GPG_ERR_BAD_PIN on 0x63Cn status word.Werner Koch2020-04-071-0/+2
| | | | | | | | | | * scd/iso7816.c (map_sw): Detect 0x63Cn status code. -- I really wonder when that got lost and we ended up with a simple card error. Signed-off-by: Werner Koch <[email protected]>
* scd: Factor common PIN status check out.Werner Koch2020-04-074-82/+57
| | | | | | | | | | | | | | * scd/iso7816.h (ISO7816_VERIFY_ERROR): New. (ISO7816_VERIFY_NO_PIN): New. (ISO7816_VERIFY_BLOCKED): New. (ISO7816_VERIFY_NULLPIN): New. (ISO7816_VERIFY_NOT_NEEDED): New. * scd/iso7816.c (iso7816_verify_status): New. * scd/app-nks.c (get_chv_status): Use new function. * scd/app-piv.c (get_chv_status): Ditto. (verify_chv): Ditto. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Fix decrypt followed by sign problem for D-Trust cards.Werner Koch2020-04-073-14/+91
| | | | | | | | | | | | | | | | | * scd/iso7816.c (iso7816_select_mf): New. * scd/app-p15.c (card_product_t): New. (struct app_local_s): Add field 'card_product'. (read_ef_tokeninfo): Detect D-Trust card. (prepare_verify_pin): Switch to D-Trust AID. (do_decipher): Restore a SE for D-TRust cards. Chnage the passing indicator to 0x81. -- Using what I learned from a USB trace running the Governikus Signer Software on Windows this fixes the left over problem with the new D-Trust card support. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Emit MANUFACTURER, $ENCRKEYID, $SIGNKEYID.Werner Koch2020-04-031-18/+62
| | | | | | | | | * scd/app-p15.c (read_ef_tokeninfo): Store manufacturer_id. (do_getattr): Implement MANUFACTURER, $ENCRKEYID and $SIGNKEYID. (send_keypairinfo): Also print usage flags. -- Signed-off-by: Werner Koch <[email protected]>
* scd:openpgp: New attribute "MANUFACTURER".Werner Koch2020-04-031-0/+50
| | | | | | | | | | | | * scd/app-openpgp.c (get_manufacturer): New.. (do_getattr): Add new attribute "MANUFACTURER". (do_learn_status): Always print it. -- This will make it easy to maintain the list of OpenPGP vendors at just one place. Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 22:29:16 +0000