aboutsummaryrefslogtreecommitdiffstats
path: root/scd (follow)
Commit message (Collapse)AuthorAgeFilesLines
* scd: Handle error of SCardStatus.gniibe/pcsc-get-statusNIIBE Yutaka2021-05-141-0/+2
| | | | | | | * scd/apdu.c (pcsc_get_status): On removal, it may return PCSC_E_INVALID_VALUE. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix possible race for watching thread doesn't exit.NIIBE Yutaka2021-05-141-3/+12
| | | | | | | * scd/apdu.c (release_pcsc_context): Synchronize the exit. (pcsc_init): Use joinable thread. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Change the exit condition of pcsc_thread.NIIBE Yutaka2021-05-141-1/+1
| | | | | | * scd/apdu.c (pcsc_thread): Check PCSC.CONTEXT. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Remove wrong assertion and add protection to PCSC.COUNT.NIIBE Yutaka2021-05-141-1/+2
| | | | | | | * scd/apdu.c (apdu_dev_list_finish): Fix for calling release_pcsc_context. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Release the context for pcsc_thred.NIIBE Yutaka2021-05-141-0/+1
| | | | | | * scd/apdu.c (pcsc_thread): Release the CONTEXT. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Use the thread to monitor PC/SC card status change.NIIBE Yutaka2021-05-131-7/+49
| | | | | | | | | | | | * scd/apdu.c (pcsc_thread): Use an independent context. Fix initialization of RDRSTATES. Call scd_kick_the_loop when detecting any change. (open_pcsc_reader): No requirement for periodical check. -- GnuPG-bug-id: 5437 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Use SCardStatus for pcsc_get_status.NIIBE Yutaka2021-05-131-53/+9
| | | | | | | | * scd/apdu.c (pcsc_get_status): Use SCardStatus. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Handle the error code of PCSC_E_READER_UNAVAILABLE.NIIBE Yutaka2021-05-131-0/+1
| | | | | | | | * scd/apdu.c (pcsc_error_to_sw): Add PCSC_E_READER_UNAVAILABLE. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add a thread for PS/SC which blocks at SCardGetStatusChange.NIIBE Yutaka2021-05-131-0/+72
| | | | | | | | | * scd/apdu.c (pcsc_thread): New. (pcsc_init): Invoke the thread. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Protect PCSC.CONTEXT in apdu_dev_list_start.NIIBE Yutaka2021-05-131-0/+6
| | | | | | | | | * scd/apdu.c (apdu_dev_list_start): Make sure using valid PCSC.CONTEXT. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* A few minor code cleanups and typo fixes.Werner Koch2021-05-111-1/+1
| | | | | | | | | | * agent/command-ssh.c (ssh_handler_request_identities): Remove double check of ERR. * g10/getkey.c (get_pubkey_byname): Remove double use of break. * g10/pkglue.c (pk_encrypt): Handle possible NULL-ptr access due to failed malloc. Signed-off-by: Werner Koch <[email protected]>
* scd: Serialize READER_TABLE access for PC/SC.NIIBE Yutaka2021-05-111-15/+19
| | | | | | | | | | | | | * scd/apdu.c (apdu_dev_list_start): Remove locking READER_TABLE_LOCK. Don't increment PCSC.COUNT here. (apdu_dev_list_finish): Don't decrement PCSC.COUNT here. (apdu_open_reader): Protect access with READER_TABLE_LOCK. -- GnuPG-bug-id: 5416 Fixes-commit: 8d81fd7c01e8dfacc719ff190f8e364014e32fdf Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix close_pcsc_reader.NIIBE Yutaka2021-05-101-9/+9
| | | | | | | | | | | * scd/apdu.c (close_pcsc_reader): Don't touch .RDRNAME field. (apdu_dev_list_finish): Clear .RDRNAME field and replace call of close_pcsc_reader by release_pcsc_context. Add assertion. -- GnuPG-bug-id: 5416 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Make sure releasing PC/SC context.NIIBE Yutaka2021-05-101-6/+16
| | | | | | | | | | | | * scd/apdu.c (release_pcsc_context): New. (close_pcsc_reader): Use release_pcsc_context. Add assertion. (apdu_dev_list_start): Replace call of close_pcsc_reader into release_pcsc_context, add condition. -- GnuPG-bug-id: 5416 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Increment PCSC.COUNT correctly.NIIBE Yutaka2021-05-071-2/+2
| | | | | | | | | * scd/apdu.c (open_pcsc_reader): PCSC.COUNT should be incremented before possible call of close_pcsc_reader. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix memory leak for RDRNAME and serialize access.NIIBE Yutaka2021-05-071-2/+6
| | | | | | | | | | * scd/apdu.c (close_pcsc_reader): Move locking to... (apdu_close_reader): ... here, as it's also needed for CCID driver. Free RDRNAME when closed. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix declarations for PC/SC access.NIIBE Yutaka2021-05-061-2/+2
| | | | | | | | * scd/apdu.c (pcsc_begin_transaction, pcsc_transmit): Use HANDLE. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Recover the partial match for PORTSTR for PC/SC.NIIBE Yutaka2021-05-061-1/+2
| | | | | | | | | * scd/apdu.c (apdu_open_reader): Allow partial match of PORTSTR again just like 2.2 does. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: When reader is specified, make sure only open once.NIIBE Yutaka2021-05-061-0/+5
| | | | | | | | | * scd/apdu.c (apdu_open_reader): Make sure not to try multiple times, when PORTSTR is specified. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix PC/SC removed card problemWerner Koch2021-04-291-0/+11
| | | | | | | | | | | * scd/apdu.c (pcsc_cancel): New. (pcsc_init): Load new function. (connect_pcsc_card): Use it after a removed card error. -- Well, that was easier than I expected yesterday. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Fix the name of a card.Werner Koch2021-04-281-1/+1
| | | | --
* scd: Fix problem with reader list becoming empty.Werner Koch2021-04-282-22/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/apdu.c (close_pcsc_reader): Do not decrement refcount if already zero. Always release context if or becomes zero. (apdu_dev_list_start): Unlock prior to close_pcsc_reader. For PC/SC increment the count. Always release the lock. (apdu_dev_list_finish): No more unlocking. Use close_pcsc_reader instead of code duplication. * scd/apdu.c (pcsc_error_string): Add an error code. * scd/scdaemon.c (scd_kick_the_loop): Fix a diagnostic. -- There was an obvious bug in that the pcsc.count could go below zero and thus there was no chance to get the context release. Releasing and recreating the context is at least under Windows important to get rit of the PCSC_E_SERVICE_STOPPED. Also removes a potential problem in holding the reader_table_lock between calls to apdu_dev_list_start apdu_dev_list_finish. There is no need for this. Instead we bump the pcsc.count. The reader_table_lock strategy should be reviewed; we may be able to remove it. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix unblock PIN by a Reset Code with KDF.Kirill Elagin2021-04-271-1/+1
| | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Use correct CHVNO=1 for pin2hash_if_kdf, for user's PIN. -- GnuPG-bug-id: 5413 Signed-off-by: Kirill Elagin <[email protected]>
* scd:p15: Fix last commit and improve D-TRUST detection.Werner Koch2021-04-251-7/+16
| | | | | | | | * scd/app-p15.c (read_p15_info): Improve D-TRUST card detection. (do_getattr): Fix faulty code for the last commit. Append the product name to MANUFACTURER. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Shorten the displayed s/n of RSCS cardsWerner Koch2021-04-251-1/+9
| | | | | | | | | | * scd/app-p15.c (get_dispserialno): Add dedicated handling for RSCS. -- In fact we fix the display of the s/n because the s/n was taken from a certificate. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix PSO_CSV for 512 bit curvesWerner Koch2021-04-221-6/+20
| | | | | | * scd/iso7816.c (iso7816_pso_csv): Use BER-TLV instead of SIMPLE-TLV Signed-off-by: Werner Koch <[email protected]>
* Support log-file option from common.conf for all daemon.Werner Koch2021-04-201-0/+12
| | | | | | | | | | | | | | | | * agent/gpg-agent.c: Include comopt.h. (main): Read log-file option from common.conf. (reread_configuration): Ditto. * dirmngr/dirmngr.c: Include comopt.h. (main): Read log-file option from common.conf. (reread_configuration): Ditto. * kbx/keyboxd.c: Include comopt.h. (main): Read log-file option from common.conf. (reread_configuration): Ditto. * scd/scdaemon.c: Include comopt.h. (main): Read log-file option from common.conf. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Support attribute KEY-FPR.Werner Koch2021-04-161-5/+170
| | | | | | | | | | | | | * scd/app-p15.c: Include openpgpdefs.h. (struct prkdf_object_s): Add fields have_keytime and ecdh_kdf. (read_p15_info): Set ecdh_kdf. (keygrip_from_prkdf): Flag that we have the keytime. (send_keypairinfo): Send the key time only if valid. (send_key_fpr_line): New. (send_key_fpr): New. (do_getattr): Add KEY-FPR. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix memory leaks.Jakub Jelen2021-04-132-1/+5
| | | | | | | | | | * scd/apdu.c (apdu_dev_list_start): Free DL. * scd/app-nks.c (pubkey_from_pk_file): Fix typo in condition. -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <[email protected]>
* scd:p15: Match private keys with certificates also by labels.Werner Koch2021-04-121-28/+59
| | | | | | | | | | | | | | * scd/app-p15.c (cdf_object_from_label): New. (cdf_object_from_certid): Fallback to label matching. (read_p15_info): Ditto. (keygrip_from_prkdf): Ditto. Replace duplicated code by a call to cdf_object_from_objid. -- In case there is no certificate for a private key we now also try to find a certificate using a matching label. Signed-off-by: Werner Koch <[email protected]>
* scd:nks: Handle APP_READKEY_FLAG_INFO.Werner Koch2021-04-081-62/+117
| | | | | | | | | | | | | | * scd/app-nks.c (keygripstr_from_pk_file): Fix ignored error. (get_nks_tag): New. (do_learn_status_core): Use it. Make sure not to mange the KEYPAIRINFO line if no usage is known. (do_readkey): Output the KEYPAIRINFO for the keygrip case. -- Note that this only handles the most common case of providing a keygrip. $AUTHKEYID and ODLM are not yet supported. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix duplicate output of KEYPAIRINFO by readkey command.Werner Koch2021-04-082-12/+14
| | | | | | | | | | | | | * scd/app-help.c (app_help_get_keygrip_string_pk): Make HEXKEYGRIP parm optional. * scd/command.c (do_readkey): Remove duplicate output of keypairinfo lines. -- Note that this change needs a fix in app-p15 which does not yet handle the APP_READKEY_FLAG_INFO. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix CCID driver for SCM SPR332/SPR532.NIIBE Yutaka2021-04-081-1/+13
| | | | | | | | | | | * scd/ccid-driver.c (ccid_vendor_specific_pinpad_setup): New. (ccid_vendor_specific_setup): Only send CLEAR_HALT. (ccid_transceive_secure): Each time, use send_escape_cmd. -- GnuPG-bug-id: 5297 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: New flag --reread for LEARNWerner Koch2021-04-013-39/+101
| | | | | | | | | | | * scd/command.c (cmd_learn): Add flag --reread. * scd/app-common.h (struct app_ctx_s): New field need_reset. * scd/app.c (write_learn_status_core): Set need_reset if we notice an error after returning from a reread. Change all callers of card functions to return GPG_ERR_CARD_RESET so that that app is not anymore used. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: New flag APP_LEARN_FLAG_REREAD.Werner Koch2021-04-012-27/+73
| | | | | | | | | | | | | | | | * scd/app-p15.c (do_deinit): Factor code out to ... (release_lists, release_tokeninfo): new. (read_ef_tokeninfo): Reset all data before reading. (read_p15_info): Ditto. (do_learn_status): Implement reread flag. -- Objects of a card may be protected by a PIN and thus only readble after a verify command. This new flag makes it possible to gather the entire PKCS#15 card info again without a need for a reset (and thus loss of the verify status). Signed-off-by: Werner Koch <[email protected]>
* scd: Replace all assert macros by the log_assert macro.Werner Koch2021-03-319-44/+35
| | | | Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Return labels for keys and certificates.Werner Koch2021-03-302-1/+43
| | | | | | | * scd/app-p15.c (send_certinfo): Extend certinfo. (do_getattr): Support KEY-LABEL. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: For CardOS make use of ISO7816_VERIFY_NOT_NEEDED.Werner Koch2021-03-301-11/+17
| | | | | | * scd/app-p15.c (verify_pin): Take care of verify status. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Return the creation time of the keys.Werner Koch2021-03-301-0/+32
| | | | | | | | * scd/app-p15.c (struct prkdf_object_s): Add keytime and keyalgostr. (keygrip_from_prkdf): Set them. (send_keypairinfo): Extend KEYPAIRINFO. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Make RSA with SHA512 work with CardOS.Werner Koch2021-03-291-121/+117
| | | | | | | | | | | | | * scd/app-p15.c (do_sign): Rewrite. -- This basically works now but for my test card I need to pass --cert-digest-algo-512 manually. Need to check this again and automate it. It will also be useful to take the NotBefore timestamp from the dummy X.509 certificate and use that for the PGP key creation time. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Support ECDSA and ECDH for CardOS.Werner Koch2021-03-294-102/+378
| | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/iso7816.c (iso7816_pso_csv): New. * scd/app-help.c (app_help_pubkey_from_cert): Uncompress a point if needed. * scd/app-p15.c (CARD_PRODUCT_RSCS): New. (struct prkdf_object_s): Add fields is_ecc, token_label, and tokenflags. (do_deinit): Free new fields. (cardproduct2str): New. (read_ef_prkdf): Set new is_ecc flag. (read_ef_tokeninfo): Store some data and move Tokeninfo diags to ... (read_p15_info): here. set the product info here after all data has been gathered. (send_keypairinfo): Chnage the way the gpgusage flags are used. (make_pin_prompt): If the token has a label and the current cert has no CN, show the label as holder info. (do_sign): Support ECDSA. Take care of the gpgusage flags. (do_decipher): Support ECDH. Take care of the gpgusage flags. -- This has been tested with Trusted Object Manager generated cards by Rohde & Schwarz Cybersecurity. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix PC/SC error handling at apdu_dev_list_start.NIIBE Yutaka2021-03-261-1/+3
| | | | | | | | | | | * scd/apdu.c (PCSC_E_NO_READERS_AVAILABLE): Add. (pcsc_error_to_sw): Handle PCSC_E_NO_READERS_AVAILABLE. (apdu_dev_list_start): Return error correctly. -- GnuPG-bug-id: 4864 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:p15: Make $SIGNKEY et al determination more fault tolerant.Werner Koch2021-03-241-16/+21
| | | | | * scd/app-p15.c (do_getattr): Change how we use gpgUsage to figure out the keys to use.
* scd:openpgp: Allow reading and writing user certs for keys 1 and 2Werner Koch2021-03-193-22/+126
| | | | | | | | | | | | | | * scd/iso7816.c (CMD_SELECT_DATA): New. (iso7816_select_data): New. * scd/app-openpgp.c (do_readcert): Allow OpenPGP.1 and OPENPGP.2 (do_writecert): Ditto. (do_setattr): Add CERT-1 and CERT-2. -- This has been tested with a Zeitcontrol 3.4 card. A test with a Yubikey 5 (firmware 5.2.6) claiming to support 3.4 failed. Signed-off-by: Werner Koch <[email protected]>
* scd:openpgp: Rename an internal variable.Werner Koch2021-03-191-13/+14
| | | | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): s/extcap_v3/is_v3/. s/max_certlen_3/max_certlen. Change users. -- The extcap_v3 flag is set if the version is 3 or later and as such does not only declare that the v3 extcap layout is used. Make this clear by renaming. Likewise for max_certlen_3. Signed-off-by: Werner Koch <[email protected]>
* scd:openpgp: Small speedup reading card properties.Werner Koch2021-03-191-2/+18
| | | | | | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): Add new flag. (get_cached_data): Force chace use if flag is set. (app_select_openpgp): Avoid reading DO 6E multiple times. -- The do not cache property of 6E was introduced so that we can change for example key attributes without getting into with the cache. However, for initial reading the cache makes a lot of sense and thus we now use this hack to only temporary cache. A better strategy would be to clear the cache when we change card data but that is more error prone. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Allow to use an auth object label with cmd CHECKPIN.Werner Koch2021-03-182-21/+46
| | | | | | | | | | | | | * scd/app-p15.c (prepare_verify_pin): Allow for PRKDF to be NULL. (make_pin_prompt): Ditto. (verify_pin): Ditto. (do_check_pin): Allow using the Label to specify a PIN. -- Note that a label may not work in all cases because we can't select the protected object's EF first. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: New attribute CHV-LABEL.Werner Koch2021-03-181-18/+41
| | | | | | | | | | | * scd/app-p15.c (parse_common_obj_attr): Map spaces in the lapel to underscores. (read_ef_aodf): Prettify printing of the type. (do_getattr): New attribute CHV-LABEL (do_learn_status): Emit CHV-LABEL. (verify_pin): Distinguish the PIN prompts. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Implement CHV-STATUS attributeWerner Koch2021-03-163-8/+119
| | | | | | | * scd/command.c (send_status_direct): Return an error. * scd/app-p15.c (do_learn_status): Emit CHV-STATUS. (compare_aodf_objid): New. (do_getattr): Implement CHV-STATUS.
* scd: Add handling of Ed448 key.NIIBE Yutaka2021-03-151-13/+12
| | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): Add ecc.algo field. (send_key_attr): Use ecc.algo field. (ecc_read_pubkey): Use ecc.algo field. (ecc_writekey): Ed448 means EdDSA. (parse_algorithm_attribute): Set ecc.algo field from card. Add checking for Ed25519 for ECC_FLAG_DJB_TWEAK flag. -- There used to be a possible support of Ed25519 with ECDSA, (instead of EdDSA). To distinguish key for Ed25519 for EdDSA, we use the flag: (flags eddsa). Ed448 has no support for ECDSA and defaults to EdDSA even if no such flag. Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-19 15:24:11 +0000