aboutsummaryrefslogtreecommitdiffstats
path: root/scd (follow)
Commit message (Collapse)AuthorAgeFilesLines
* scd: Add npth_unprotect/npth_protect for blocking operations.NIIBE Yutaka2022-08-311-0/+20
| | | | | | | | | | * scd/ccid-driver.c (ccid_open_usb_reader): Name the thread. (ccid_vendor_specific_setup, ccid_open_usb_reader): Wrap blocking operations by npth_unprotect/npth_protect. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:openpgp: Fix workaround for Yubikey heuristics.NIIBE Yutaka2022-07-131-8/+21
| | | | | | | | | | | | | * scd/app-openpgp.c (parse_algorithm_attribute): Handle the case of firmware 5.4, too. -- Cherry-picked master commit of: f34b9147eb3070bce80d53febaa564164cd6c977 GnuPG-bug-id: 6070 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fail when no good algorithm attribute.NIIBE Yutaka2022-07-131-18/+29
| | | | | | | | | | | | | | | | | * scd/app-openpgp.c (parse_algorithm_attribute): Return the error. (change_keyattr): Follow the change. (app_select_openpgp): Handle the error of parse_algorithm_attribute. -- Backport master commit of: 53eddf9b9ea01210f71b851b5cb92a5f1cdb6f7d This change allows following invocation of app_select_openpgp, which may work well (if the problem is device side for initial connection). GnuPG-bug-id: 5963 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Don't inhibit SSH authentication for larger data if it can.NIIBE Yutaka2022-07-121-0/+5
| | | | | | | | | | | | * scd/app-openpgp.c (do_auth): Use command chaining if available. -- Cherry-picked from master branch of: e8fb8e2b3e66d5ea8a3dc90afdc14611abf2c3da GnuPG-bug-id: 5935 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent,scd: Make sure to set CONFIDENTIAL flag in Assuan.NIIBE Yutaka2022-06-091-0/+2
| | | | | | | | | | | | | | | * agent/call-scd.c (inq_needpin): Call assuan_begin_confidential and assuan_end_confidential, and wipe the memory after use. * agent/command.c (cmd_preset_passphrase): Likewise. * scd/command.c (pin_cb): Likewise. -- Backport the change of master commit of: 052f58422dca1044aba7acb4cf57416e7a8cb01f GnuPG-bug-id: 5977 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:p15: Fix accidental commit of debug codeWerner Koch2022-06-011-6/+3
| | | | | | | * scd/app-p15.c (do_sign): Revert MSE setting. -- Fixes-commit: 91acbdc93c8a6ae06b483a27c8bb7c33a978108d
* scd: Shorten cardio debug output for all zeroes.Werner Koch2022-06-011-4/+33
| | | | | | | | * scd/apdu.c (all_zero_p): New. (send_le): Use it. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 9b6f574928546e6905a92c3e74d72478f1585c66)
* scd: Fix use of SCardListReaders for PC/SC.NIIBE Yutaka2022-05-171-1/+1
| | | | | | | | | | | | | * scd/apdu.c (open_pcsc_reader): Initialize NREADER. -- Backport master commit of: 1b1684cf6192d9edb90a54ebe4a0e66b3d59a44b Reported-by: Ludovic Rousseau GnuPG-bug-id: 5979 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add workaround for ECC attribute on Yubikey.NIIBE Yutaka2022-05-101-1/+2
| | | | | | | | | | | | | * scd/app-openpgp.c (parse_algorithm_attribute): Skip possibly bogus octet in a key attribute. -- Apply master commit of: 054d14887ef8fa1cbadef4ed2ea28213f25f5d25 GnuPG-bug-id: 5963 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:p15: Improve the displayed S/N for Technology Nexus cards.Werner Koch2022-05-061-6/+42
| | | | | | | | | * scd/app-p15.c (any_control_or_space_mem): New. (get_dispserialno): Add new code. -- This works with my test cards and now reflects what's printed on the front matter of the card.
* scd:p15: Fix the the sanity check of the displayed S/N.Werner Koch2022-05-061-2/+6
| | | | | | | | | * scd/app-p15.c (any_control_or_space): Fix loop. -- This check is only done to avoid printing wrongly encoded S/N for human consumption. e
* scd:p15: Fix reading certificates without length info.Werner Koch2022-05-051-6/+23
| | | | | | * scd/app-p15.c (readcert_by_cdf): Do not use extended mode if the CDF object has no length info. Add debug output when reading a cert. (read_p15_info): No more need to disable extended mode for GeNUA cards.
* scd: New debug flags "card".Werner Koch2022-05-052-1/+4
| | | | | | | | | | * scd/scdaemon.c (debug_flags): Add "card". * scd/scdaemon.h (DBG_CARD_VALUE, DBG_CARD): New. -- Some information from parsing the card are often very helpful. However, the card_io triggered APDU dumps are in most cases too heavy. Thus this new debug flag.
* scd: Minor code reorganizationWerner Koch2022-04-141-17/+22
| | | | | * scd/ccid-driver.c: Move struct defines to the top. (MAX_DEVICE): Rename to CCID_MAX_DEVICE.
* scd: Fix memory leak in ccid-driver.Werner Koch2022-04-141-9/+9
| | | | | | | | | | | * scd/ccid-driver.c (ccid_dev_scan): Use loop var and not the count. -- Due to an assignment out of bounds this might lead to a crash if there are more than 15 readers. In any case it fixes a memory leak. Kudos to the friendly auditor who found that bug. Fixes-commit: 8a41e73c31adb86d4a7dca4da695e5ad1347811f
* scd:p15: Improve the PIN prompt for Genua cards.Werner Koch2022-04-131-4/+26
| | | | | | | * scd/app-p15.c (CARD_PRODUCT_GENUA): New. (cardproduct2str): Add it. (read_p15_info): Detect and set GENUA (make_pin_prompt): Take holder string from the AODF.
* scd:p15: Support for GeNUA cards.Werner Koch2022-04-131-1/+10
| | | | | * scd/app-p15.c (read_p15_info): Disable extended mode for Genua cards.
* scd:p15: Prepare AODF parsing for other authentication types.Werner Koch2022-04-131-329/+372
| | | | | | | | | | | | | | * scd/app-p15.c (auth_type_t): New. (struct aodf_object_s): Add field auth_type. (read_ef_aodf): Distinguish between pin and authkey types. Include the authtype in the verbose mode diags. -- Note that the bulk of changes are just indentation changes. There should be no functional change. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e387cc97c82313457e4f79729a137e5871891bc1)
* scd:p15: Add basic support for AET JCOP cards.Werner Koch2022-04-131-5/+46
| | | | | | | | | | | | | | * scd/app-p15.c (CARD_TYPE_AET): New. (cardtype2str): Add string. (card_atr_list): Add corresponding ATR. (app_local_s): New flag no_extended_mode. Turn two other flags into bit flags. (select_ef_by_path): Hack to handle the 3FFF thing. (readcert_by_cdf): Do not use extended mode for AET. (app_select_p15): Set no_extended_mode. --- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 544ec7872aed24c296ea34fac777eca287f7bb47)
* scd:p15: Used extended mode already for RSA 2048Werner Koch2022-02-211-2/+2
| | | | | * scd/app-p15.c (do_sign, do_decipher): Replace GT by GE. --
* scd: Use lock_slot for apdu_send_direct.NIIBE Yutaka2022-02-171-1/+1
| | | | | | | | | | | | | | | | | * scd/apdu.c (apdu_send_direct): Use lock_slot. -- Cherry-pick the master commit of: f808012ac2cf67ec563da178d963f300a7f2564d With trylock_slot, it may return SW_HOST_BUSY. This may occur when apdu_get_status is called by scd_update_reader_status_file. Simply using lock_slot is much easier for user of apdu_send_direct. GnuPG-bug-id: 5831 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Also prefer Yubikeys if no reader port is given.Werner Koch2022-01-251-1/+2
| | | | * scd/apdu.c (select_a_reader): Extend the white list.
* scd: Re-group the options in the --help output.Werner Koch2021-12-291-10/+22
| | | | | | | | | | -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit daf5f4355db7c4203f5b7e01807956328a7d173c)
* gpgconf: Support reading global options (part 2).Werner Koch2021-12-291-2/+3
| | | | | | | | | | | | | | | | | | | | | * tools/gpgconf-comp.c: Remove all regular option descriptions. They are now read in from the component. Also remove a few meanwhile obsolete options. * agent/gpg-agent.c: Add option description which were only set in gpgconf-comp.c. * dirmngr/dirmngr.c: Ditto. * scd/scdaemon.c: Ditto. * sm/gpgsm.c: Ditto. * g10/gpg.c: Ditto. -- This second part removes all regular option descriptions because they can be read from the components. A few were missing in the components and thus moved to there. Signed-off-by: Werner Koch <[email protected]> This is a backport from master (2.3).
* scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE.NIIBE Yutaka2021-11-151-0/+8
| | | | | | | | | | * scd/app-openpgp.c (do_auth): Use extended Lc, when supported. -- GnuPG-bug-id: 5682 Co-authored-by: Klas Lindfors Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: More conservative selection of a card reader.NIIBE Yutaka2021-11-101-1/+1
| | | | | | | | | | * scd/apdu.c (select_a_reader): Only SPRx32 is in the white list. -- GnuPG-bug-id: 5644 Fixes-commit: 752422a792cecf459b37f517d634bcf272292b14 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Select a reader for PC/SC.NIIBE Yutaka2021-10-221-4/+76
| | | | | | | | | | * scd/apdu.c (select_a_reader): New. (open_pcsc_reader): Use select_a_reader. -- GnuPG-bug-id: 5644 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Remove context reference counting from pc/scWerner Koch2021-09-141-22/+16
| | | | | | | | | | | | | | | | | | | | * scd/apdu.c (pcsc): Add flag context_valid, remove count. (close_pcsc_reader): Use new flag instead of looking at magic context value. (pcsc_init): Set new flag. (open_pcsc_reader): Use new flag. (apdu_init): Clear new flag. * scd/apdu.c: Remove assert.h. Replace all assert by log_assert. -- The previous fix 192113552faa98f40cc91fe014ec55861474626c did not help, thus the new hypothesis is that PC/SC might return a valid context with the value -1. We now use a dedicated flag to track the validity of the context. The reference counting seems to be superfluous and is a relict due to backporting from 2.3. Removed.
* scd: Support PC/SC for "getinfo reader_list".Werner Koch2021-09-083-12/+88
| | | | | | | | | | | | | | | | | | | | | * scd/apdu.c: Include membuf.h. (pcsc): Add reader_list field. (open_pcsc_reader): Fill that field. (apdu_get_reader_list): New. * scd/command.c: Remove header ccid-driver.h. (pretty_assuan_send_data): New. (cmd_getinfo): Print all reader names. -- Note that depending on the card backend (ccid or PC/SC) it might be necessary to first send a reset followed by SERIALNO to get an updated list of reader. Or well send KILLSCD. The pretty printing of Assuan data lines does only work if you connect direct to scdaemon because the wrapper in gpg-agent does not know about this and combines the Assuan lines again. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix possible assertion in close_pcsc_reader.Werner Koch2021-09-071-6/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/apdu.c (close_pcsc_reader): Don't ref-count if the context is invalid. (open_pcsc_reader): Compare the context against -1 which is our indicator for an invalid context. -- I got a crash report for Windows: DBG: chan_0x000000a4 <- RESTART DBG: chan_0x000000a4 -> OK DBG: chan_0x000000a4 <- SERIALNO DBG: open_pcsc_reader(portstr=(null)) reader slot 0: not connected DBG: open_pcsc_reader => slot=0 DBG: enter: apdu_connect: slot=0 pcsc_connect failed: invalid PC/SC error code (0x6) reader slot 0: not connected DBG: leave: apdu_connect => sw=0x1000b DBG: enter: apdu_close_reader: slot=0 DBG: enter: apdu_disconnect: slot=0 DBG: leave: apdu_disconnect => sw=0x0 Ohhhh jeeee: Assertion "pcsc.count > 0" in close_pcsc_reader failed (...2.2.28/scd/apdu.c:817) no smartcard reader was connected but the box might sport a virtual reader. This patch should make it more robust. Signed-off-by: Werner Koch <[email protected]>
* Update OpenPGP card vendor list.Werner Koch2021-07-041-1/+4
| | | | --
* scd:ccid: Handle LIBUSB_TRANSFER_OVERFLOW interrupt transfer.NIIBE Yutaka2021-06-231-0/+5
| | | | | | | | | * scd/ccid-driver.c (intr_cb): Ignore LIBUSB_TRANSFER_OVERFLOW. -- Backport-master-commit: 25ae80b8eb6e9011049d76440ad7d250c1d02f7c Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:ccid:spr532: Extend abort_cmd for initialization time.NIIBE Yutaka2021-06-231-11/+18
| | | | | | | | | | | | | | | * scd/ccid-driver.c (abort_cmd): Add INIT argument to support synchronize until success, even ignoring timeout. (bulk_in): Normal use case of abort_cmd. (ccid_vendor_specific_init): Initial use case of abort_cmd. -- Another backport to stabilize SCM SPR332/SPR532 card reader. GnuPG-bug-id: 5297 Backport-master-commit: a9aa30ed2c2c399c2baa6a5aa2624d8fdee6286f Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Error code map fix for older Yubikey.NIIBE Yutaka2021-06-141-0/+1
| | | | | | | | | | | | | | * scd/iso7816.c (map_sw): Recognize 6A86. -- Yubikey NEO does not support the YK4_GET_CAPA command (001D000000), and it will be screwed up with the command. GnuPG-bug-id: 5487 Back-port-master-commit: 13bc0431ff1ce51246694208df611cc4561fb4b3 Fixes-commit: ec56996029d95d4bd26e1badfe207232270c6247 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix serial number detection for Yubikey 5.Werner Koch2021-06-101-4/+5
| | | | | | | | | | * scd/app.c (app_new_register): Handle serial number correctly. -- GnuPG-bug-id: 5442 Signed-off-by: NIIBE Yutaka <[email protected]> Backported-from-master: c3a9ee0b658887ca9baa4514187b17857fdf6586
* scd: Release memory for RDRNAME.NIIBE Yutaka2021-05-211-0/+2
| | | | | | | | * scd/apdu.c (apdu_close_reader): Free RDRNAME field. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: avoid memory leaksJakub Jelen2021-05-202-14/+24
| | | | | | | | | | | | | | | | | | * scd/app-p15.c (send_certinfo): free labelbuf (do_sign): goto leave instead of return * scd/command.c (cmd_genkey): goto leave instead of return -- Signed-off-by: Jakub Jelen <[email protected]> GnuPG-bug-id: 5393 Modifified for this backport: * scd/command.c (cmd_genkey): Make it easier to read by replacing keyno with orig_line. Signed-off-by: Werner Koch <[email protected]>
* Assorted memory leak fixes on the error code paths.Werner Koch2021-05-201-1/+1
| | | | | | | | | | | | | | | | | | -- These are taken from these commits: 98c52ae * card: Intialize pointer to avoid double free fc5fac8 * kbx: Avoid uninitialized read fa0771f * g10: Avoid memory leaks 25aa353 * dirmgr: Avoid double free 33a2362 * agent: Fix memory leaks e6132bc * sm: Avoid memory leaks and double double-free 2af7bb2 * g10: Fix memory leaks 0d2c1e9 * dirmgr: clean up memory on error code paths GnuPG-bug-id: 5393 Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Fix logic for appending product name to MANUFACTURER.Ingo Klöcker2021-05-181-2/+2
| | | | | | * scd/app-p15.c (do_getattr): Append product name to MANUFACTURER if manufacturer_id does not already contain a bracket and if we have a product name.
* scd,pcsc: Use a single context.NIIBE Yutaka2021-05-071-150/+167
| | | | | | | | | | | | | | | | | | | | | | * scd/apdu.c (pcsc): New variable. (struct reader_table_s): Remove pcsc.context from member. (pcsc_get_status, connect_pcsc_card): Use pcsc.context. (close_pcsc_reader): Release pcsc.context here with reference count. (apdu_open_one_reader): Move API loading to ... (pcsc_init): new. (apdu_open_one_reader): Remove. (apdu_open_reader): Call open_pcsc_reader instead of apdu_open_one_reader. (open_pcsc_reader): Call pcsc_init if needed. Call close_pcsc_reader instead of pcsc_release_context. Make reader parsing more robust. (apdu_init): Initialize pcsc.count and pcsc.context. -- Signed-off-by: NIIBE Yutaka <[email protected]> Backported-from-master: 1080e91efd60cb41c2d6dbafaee810e5967a3161) The backport also adds some other chnages as described above. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix possible PC/SC removed card problemWerner Koch2021-05-041-0/+12
| | | | | | | | | * scd/apdu.c (pcsc_cancel): New. (pcsc_init): Load new function. (connect_pcsc_card): Use it after a removed card error. -- Backported-from-master: 8d81fd7c01e8dfacc719ff190f8e364014e32fdf
* scd: Add string for another PC/SC error code.Werner Koch2021-05-042-1/+5
| | | | | | | | * scd/apdu.c (PCSC_E_NO_READERS_AVAILABLE): New. (pcsc_error_string): Add a description for this. * scd/scdaemon.c (scd_kick_the_loop): Fix diagnostic. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix unblock PIN by a Reset Code with KDF.Kirill Elagin2021-05-041-1/+1
| | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Use correct CHVNO=1 for pin2hash_if_kdf, for user's PIN. -- GnuPG-bug-id: 5413 Signed-off-by: Kirill Elagin <[email protected]> (cherry picked from commit f209d7d2db0e963a6ad1fa8c4f0c034ba0297842)
* scd: Add option --info to emit KEYPAIRINFO by readkey command.Werner Koch2021-05-033-13/+65
| | | | | | | | | | | * scd/command.c (do_readkey): Implement this. * scd/app-help.c (app_help_get_keygrip_string_pk): Make HEXKEYGRIP parm optional. Add arg R_ALGOSTR. -- This patch basically mimics what we do in 2.3. Signed-off-by: Werner Koch <[email protected]>
* scd: New option --pcsc-shared.Werner Koch2021-04-294-3/+8
| | | | | | | | | | | | | | | | | | * scd/scdaemon.h (opt): Add field opcsc_shared. * scd/scdaemon.c (opcscShared): New. (opts): Add "--pcsc-shared". (main): Set flag. * scd/apdu.c (connect_pcsc_card): Use it. (pcsc_get_status): Take flag in account. * scd/app-openpgp.c (verify_chv2): Do not auto verify chv1 in shared mode. -- This option should in general not be used. The patch tries to limit bad effects but using shared mode is somewhat dangerous depending on the other PC/SC users. (cherry picked from commit 5732e7a8e97cebf8e850c472e644e2a9b040836f)
* scd: Rewrite READKEY to allow for compressed points.Werner Koch2021-04-293-43/+75
| | | | | | | | | | | | | | | * scd/app-help.c (app_help_pubkey_from_cert): New. Taken from 2.3. * scd/command.c (cmd_readkey): Rewrite using new helper. -- Actually the readkey functions needs to return the uncompressed points but if there is no readkey function, like in app-p15.c, readcert is used and here we need to extract and the key and uncompress the point. Noet that the --advanced flag did not and still does not work if the key is fetched via readcert. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Update from current GnuPG 2.3Werner Koch2021-04-291-838/+2726
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | -- This reflects the state of commit 1f846823b397d68eaa8a31422f78c99f8e9ff738 featuring these commits: 1f846823b scd:p15: Fix the name of a card. cc5aa68b6 scd:p15: Fix last commit and improve D-TRUST detection. 21e3f750b scd:p15: Shorten the displayed s/n of RSCS cards 30f90fc85 scd:p15: Support attribute KEY-FPR. ecb9265b8 scd:p15: Match private keys with certificates also by ... e17d3f866 scd:p15: New flag APP_LEARN_FLAG_REREAD. 1c16878ef scd: Replace all assert macros by the log_assert macro. 7f9126363 scd:p15: Return labels for keys and certificates. 651c07a73 scd:p15: For CardOS make use of ISO7816_VERIFY_NOT_NEEDED. de4d3c99a scd:p15: Return the creation time of the keys. 592f48011 scd:p15: Make RSA with SHA512 work with CardOS. a494b29af scd:p15: Support ECDSA and ECDH for CardOS. 964363e78 scd:p15: Make $SIGNKEY et al determination more fault ... 85082a83c scd:p15: Allow to use an auth object label with cmd CHECKPIN. ef29a960b scd:p15: New attribute CHV-LABEL. bf1d7bc36 scd:p15: Implement CHV-STATUS attribute 0f191a070 scd:p15: Fix faulty removal of a test code change. 08b5ac492 scd:p15: Support special extended usage flags for OpenPGP ... d51a5ca10 scd:p15: Read out the access flags. cfdaf2bcc scd:p15: Get the label value of all objects for better diag... 33aaa37e5 scd:p15: Make it code work again for D-Trust cards. 488eaedc9 scd:p15: Extract extended usage flagsand act upon them. 0c080ed57 scd:p15: Read PuKDF and minor refactoring. 1e197c29e scd:p15: Make file selection more robust. 5bcbc8cee scd:p15: Factor the commonKeyAttributes parser out. fb84674d6 scd:p15: Factor the commonObjectAttributes parser out. fc287c055 scd:p15: First step towards real CardOS 5 support. 60499d989 scd:p15: Show the ATR as part of the TokenInfo diagnostics. 00037f499 scd:p15: Print the internal card type. c7b9a4ee4 scd:p15: Improve support for some CardOS based cards. Signed-off-by: Werner Koch <[email protected]>
* common: Extend the openpgp_curve_to_oid function.Werner Koch2021-04-291-4/+4
| | | | | | | | | | | * common/openpgp-oid.c (openpgp_curve_to_oid): Add optional arg R_NBITS. Change all callers. -- In particular for ed25519 and cv25519 it is quite useful to have an ability to get the required algorithm. (cherry picked from commit 24095101a5069f15a9aea7512498ac436a76814a)
* scd: New function send_keyinfo to assist in backporting.Werner Koch2021-04-292-0/+30
| | | | * scd/command.c (send_keyinfo): New.
* scd: Minor changes to assist in backporting from 2.3Werner Koch2021-04-293-5/+9
| | | | | * scd/command.c (send_status_direct): Return an error code. * scd/app-common.h (APP_LEARN_FLAG_REREAD): New.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-22 02:25:32 +0000