aboutsummaryrefslogtreecommitdiffstats
path: root/scd (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* scd:nks: Add support of KEYGRIP for do_readcert.NIIBE Yutaka2022-10-201-0/+18
| | | | | | | | | | * scd/app-nks.c (do_readcert): Support KEYGRIP. -- GnuPG-bug-id: 5150 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 4020cd9d656264bec5e7fb5e45c5e06eff8656c3)
* scd:nks: Factor out iteration over filelist.NIIBE Yutaka2022-10-201-78/+114
| | | | | | | | * scd/app-nks.c (iterate_over_filelist): New. (do_with_keygrip): Use iterate_over_filelist. Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 6c4365847666cefac73ccc743a99fac473da2186)
* scd:nks: Fix caching keygrip (more).NIIBE Yutaka2022-10-201-5/+7
| | | | | | | | | | | * scd/app-nks.c (keygripstr_from_pk_file): Distinguish by APP_ID. -- GnuPG-bug-id: 5150, 5161 Signed-off-by: NIIBE Yutaka <[email protected]> Backported-from-master: 87d2c579cc38c1d2787945650125fb0e0336652c Fixes-commit: 00f594e3ecb26b010e87d5491b648369e7a92408
* scd:nks: Minor additions to the basic IDLM application support.Werner Koch2022-10-201-15/+25
| | | | | | | | | | | | | | | * scd/app-nks.c (filelist): Use special value -1 for IDLM pubkeys. (keygripstr_from_pk_file): Handle special value. (do_readcert): Ditto. (do_writecert): Ditto. -- This allows to get information about the keys from the card. However the do_readkey still requires a fallback to readcert. This does not work because there are no certificates yet on the card. The fix is to fully implement do_readkey. (cherry picked from commit 806547d9d243b26c2275fc00c645ee39d258b49b)
* scd,nks: Fix caching keygrip.NIIBE Yutaka2022-10-201-3/+4
| | | | | | | | | | * scd/app-nks.c (keygripstr_from_pk_file): Identify by cfid if available. -- GnuPG-bug-id: 5150, 6252 Signed-off-by: NIIBE Yutaka <[email protected]> Backported-from-master: 920154370834ad8d947aed19c9d914a27dde6baa:
* scd:nks: Emit the algo string with KEYPAIRINFOWerner Koch2022-10-201-15/+48
| | | | | | | | | | | | | | | | | | | * scd/app-nks.c (do_learn_status_core): Emit the algo string as part of a KEYPAIRINFO. (struct fid_cache_s): Add field algostr. (flush_fid_cache): Release it. (keygripstr_from_pk_file): Fill it and add it to the cache. Use a single exit label. Set algostr. -- Signed-off-by: Werner Koch <[email protected]> Backported-from-master: 26da47ae53d51e16ae6867cd419ddbf124a94933 Backported-from-master: 006944b856ee2202905290e8a2f5523a7877d444 GnuPG-bug-id: 6252, 5144 This has been backported to keep this, and only this, module in sync with master. All other changes from the original patch have been stripped.
* scd:nks: Implement writecert for the Signature card v2.Werner Koch2022-10-203-8/+134
| | | | | | | | | | | | | | | | | | * scd/iso7816.c (CMD_UPDATE_BINARY): New. (iso7816_update_binary): New. * scd/app-nks.c (do_deinit): Factor some code out to... (flush_fid_cache): new. (do_writecert): New. (app_select_nks): Register new handler. -- This has been backported only to make the following backpoorts easier. The code is only used in 2.3; for details see the original commit message. Signed-off-by: Werner Koch <[email protected]> Backported-from-master: c1663c690b29d2dea8bc782c42de5eca08a24cc9 GnuPG-bug-id: 6252
* scd:nks: Fix certificate read problem with TCOS signature card v2.Werner Koch2022-10-201-0/+2
| | | | | | | | | | * scd/app-nks.c (filelist): Add a dedicated key entry for ESIGN. (do_readcert): Test for the app_id. -- Signed-off-by: Werner Koch <[email protected]> Backported-from-master: 07aef873ebc77241e9a2be225537319f6fc15a41 GnuPG-bug-id: 6252
* scd:nks: Fix remaining tries warning in --reset mode.Werner Koch2022-10-201-9/+10
| | | | | | | | | * scd/app-nks.c (do_change_pin): Change computation of 'remaining'. -- Signed-off-by: Werner Koch <[email protected]> Backported-from-master: 2429e8559844e27de478d7e90834a714b3748834 GnuPG-bug-id: 6252
* scd:nks: Add framework to support IDKey cards.Werner Koch2022-10-201-51/+124
| | | | | | | | | | | | | | | | | | | | | * scd/app-nks.c (NKS_APP_IDLM): New. (struct app_local_s): Replace NKS_VERSION by the global APPVERSION. (do_learn_status): Always send CHV-STATUS. (find_fid_by_keyref): Basic support for IDLM only use. (do_learn_status_core): Ditto. (do_readcert): Ditto. (verify_pin): Ditto. (parse_pwidstr): Ditto. (do_with_keygrip): Ditto. (switch_application): Ditto. (app_select_nks): Fallback to IDLM. -- Backported-from-master: 1f6a39092fe4b5f02bc4741a0a23d102d30f4063 GnuPG-bug-id: 6252 Also not directly required for the Signature Card 2.0, it is easier to port this patch as well.
* scd:nks: Get the PIN prompts right for the Signature CardWerner Koch2022-10-201-56/+136
| | | | | | | | | | | | | * scd/app-nks.c (get_dispserialno): Move more to the top. (do_getattr): Add $DISPSERIALNO and SERIALNO. Make CHV-STATUS work with NKS15. (verify_pin): Use dedicated min. PIN lengths. (parse_pwidstr): Support NKS15 -- GnuPG-bug-id: 4938 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit aecc008acb64ebbb6c667c4a128af4e61da57f84)
* scd:nks: Support decryption using ECDH.Werner Koch2022-10-201-74/+307
| | | | | | | | | | | | | | | | | | * scd/app-nks.c (struct fid_cache_s): Add field 'algo'. (keygripstr_from_pk_file): Add arg 'r_algo' to return the algo. (find_fid_by_keyref): Ditto. (get_dispserialno): New. (make_prompt): New. (verify_pin): Provide better prompts. (do_decipher): Support ECDH. (parse_pwidstr): Add hack tospecify any pwid.. (do_change_pin): Support Signature Card V2.0 (NKS15) style NullPIN. Provide a better prompt. -- GnuPG-bug-id: 4938, 6252 Signed-off-by: Werner Koch <[email protected]> Backported-from-master: af45d884aa1c3eccbc6972a2e5197ece3fd1987a
* scd:nks: Add do_with_keygrip and implement a cache.Werner Koch2022-10-201-90/+349
| | | | | | | | | | | | | | | * scd/app-nks.c (struct fid_cache_s): New. (struct app_local_s): Add field 'fid_cache'. (do_deinit): Release the cache. (keygripstr_from_pk_file): Implement the cache. (find_fid_by_keyref): New (do_sign, do_decipher): Use new function. (do_with_keygrip): New. -- Signed-off-by: Werner Koch <[email protected]> Backported-from-master: 1e72a1a218490c0fc07811a02ddad6cc38913f77 GnuPG-bug-id: 6252
* scd:nks: Allow retrieving certificates from a Signature Card v.20Werner Koch2022-10-201-165/+302
| | | | | | | | | | | | | * scd/app-nks.c: Major rework to support non-RSA cards. -- This is a fist step so support this ECC card. The code has been reworked while taking care that old cards should keep on working. Signed-off-by: Werner Koch <[email protected]> Backported-from-master: f05a32e5c9db7d0840c74fccc350a9e0ff5fb819 GnuPG-bug-id: 6252
* scd: Add npth_unprotect/npth_protect for blocking operations.NIIBE Yutaka2022-08-311-0/+20
| | | | | | | | | | * scd/ccid-driver.c (ccid_open_usb_reader): Name the thread. (ccid_vendor_specific_setup, ccid_open_usb_reader): Wrap blocking operations by npth_unprotect/npth_protect. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:openpgp: Fix workaround for Yubikey heuristics.NIIBE Yutaka2022-07-131-8/+21
| | | | | | | | | | | | | * scd/app-openpgp.c (parse_algorithm_attribute): Handle the case of firmware 5.4, too. -- Cherry-picked master commit of: f34b9147eb3070bce80d53febaa564164cd6c977 GnuPG-bug-id: 6070 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fail when no good algorithm attribute.NIIBE Yutaka2022-07-131-18/+29
| | | | | | | | | | | | | | | | | * scd/app-openpgp.c (parse_algorithm_attribute): Return the error. (change_keyattr): Follow the change. (app_select_openpgp): Handle the error of parse_algorithm_attribute. -- Backport master commit of: 53eddf9b9ea01210f71b851b5cb92a5f1cdb6f7d This change allows following invocation of app_select_openpgp, which may work well (if the problem is device side for initial connection). GnuPG-bug-id: 5963 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Don't inhibit SSH authentication for larger data if it can.NIIBE Yutaka2022-07-121-0/+5
| | | | | | | | | | | | * scd/app-openpgp.c (do_auth): Use command chaining if available. -- Cherry-picked from master branch of: e8fb8e2b3e66d5ea8a3dc90afdc14611abf2c3da GnuPG-bug-id: 5935 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent,scd: Make sure to set CONFIDENTIAL flag in Assuan.NIIBE Yutaka2022-06-091-0/+2
| | | | | | | | | | | | | | | * agent/call-scd.c (inq_needpin): Call assuan_begin_confidential and assuan_end_confidential, and wipe the memory after use. * agent/command.c (cmd_preset_passphrase): Likewise. * scd/command.c (pin_cb): Likewise. -- Backport the change of master commit of: 052f58422dca1044aba7acb4cf57416e7a8cb01f GnuPG-bug-id: 5977 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:p15: Fix accidental commit of debug codeWerner Koch2022-06-011-6/+3
| | | | | | | * scd/app-p15.c (do_sign): Revert MSE setting. -- Fixes-commit: 91acbdc93c8a6ae06b483a27c8bb7c33a978108d
* scd: Shorten cardio debug output for all zeroes.Werner Koch2022-06-011-4/+33
| | | | | | | | * scd/apdu.c (all_zero_p): New. (send_le): Use it. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 9b6f574928546e6905a92c3e74d72478f1585c66)
* scd: Fix use of SCardListReaders for PC/SC.NIIBE Yutaka2022-05-171-1/+1
| | | | | | | | | | | | | * scd/apdu.c (open_pcsc_reader): Initialize NREADER. -- Backport master commit of: 1b1684cf6192d9edb90a54ebe4a0e66b3d59a44b Reported-by: Ludovic Rousseau GnuPG-bug-id: 5979 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add workaround for ECC attribute on Yubikey.NIIBE Yutaka2022-05-101-1/+2
| | | | | | | | | | | | | * scd/app-openpgp.c (parse_algorithm_attribute): Skip possibly bogus octet in a key attribute. -- Apply master commit of: 054d14887ef8fa1cbadef4ed2ea28213f25f5d25 GnuPG-bug-id: 5963 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:p15: Improve the displayed S/N for Technology Nexus cards.Werner Koch2022-05-061-6/+42
| | | | | | | | | * scd/app-p15.c (any_control_or_space_mem): New. (get_dispserialno): Add new code. -- This works with my test cards and now reflects what's printed on the front matter of the card.
* scd:p15: Fix the the sanity check of the displayed S/N.Werner Koch2022-05-061-2/+6
| | | | | | | | | * scd/app-p15.c (any_control_or_space): Fix loop. -- This check is only done to avoid printing wrongly encoded S/N for human consumption. e
* scd:p15: Fix reading certificates without length info.Werner Koch2022-05-051-6/+23
| | | | | | * scd/app-p15.c (readcert_by_cdf): Do not use extended mode if the CDF object has no length info. Add debug output when reading a cert. (read_p15_info): No more need to disable extended mode for GeNUA cards.
* scd: New debug flags "card".Werner Koch2022-05-052-1/+4
| | | | | | | | | | * scd/scdaemon.c (debug_flags): Add "card". * scd/scdaemon.h (DBG_CARD_VALUE, DBG_CARD): New. -- Some information from parsing the card are often very helpful. However, the card_io triggered APDU dumps are in most cases too heavy. Thus this new debug flag.
* scd: Minor code reorganizationWerner Koch2022-04-141-17/+22
| | | | | * scd/ccid-driver.c: Move struct defines to the top. (MAX_DEVICE): Rename to CCID_MAX_DEVICE.
* scd: Fix memory leak in ccid-driver.Werner Koch2022-04-141-9/+9
| | | | | | | | | | | * scd/ccid-driver.c (ccid_dev_scan): Use loop var and not the count. -- Due to an assignment out of bounds this might lead to a crash if there are more than 15 readers. In any case it fixes a memory leak. Kudos to the friendly auditor who found that bug. Fixes-commit: 8a41e73c31adb86d4a7dca4da695e5ad1347811f
* scd:p15: Improve the PIN prompt for Genua cards.Werner Koch2022-04-131-4/+26
| | | | | | | * scd/app-p15.c (CARD_PRODUCT_GENUA): New. (cardproduct2str): Add it. (read_p15_info): Detect and set GENUA (make_pin_prompt): Take holder string from the AODF.
* scd:p15: Support for GeNUA cards.Werner Koch2022-04-131-1/+10
| | | | | * scd/app-p15.c (read_p15_info): Disable extended mode for Genua cards.
* scd:p15: Prepare AODF parsing for other authentication types.Werner Koch2022-04-131-329/+372
| | | | | | | | | | | | | | * scd/app-p15.c (auth_type_t): New. (struct aodf_object_s): Add field auth_type. (read_ef_aodf): Distinguish between pin and authkey types. Include the authtype in the verbose mode diags. -- Note that the bulk of changes are just indentation changes. There should be no functional change. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e387cc97c82313457e4f79729a137e5871891bc1)
* scd:p15: Add basic support for AET JCOP cards.Werner Koch2022-04-131-5/+46
| | | | | | | | | | | | | | * scd/app-p15.c (CARD_TYPE_AET): New. (cardtype2str): Add string. (card_atr_list): Add corresponding ATR. (app_local_s): New flag no_extended_mode. Turn two other flags into bit flags. (select_ef_by_path): Hack to handle the 3FFF thing. (readcert_by_cdf): Do not use extended mode for AET. (app_select_p15): Set no_extended_mode. --- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 544ec7872aed24c296ea34fac777eca287f7bb47)
* scd:p15: Used extended mode already for RSA 2048Werner Koch2022-02-211-2/+2
| | | | | * scd/app-p15.c (do_sign, do_decipher): Replace GT by GE. --
* scd: Use lock_slot for apdu_send_direct.NIIBE Yutaka2022-02-171-1/+1
| | | | | | | | | | | | | | | | | * scd/apdu.c (apdu_send_direct): Use lock_slot. -- Cherry-pick the master commit of: f808012ac2cf67ec563da178d963f300a7f2564d With trylock_slot, it may return SW_HOST_BUSY. This may occur when apdu_get_status is called by scd_update_reader_status_file. Simply using lock_slot is much easier for user of apdu_send_direct. GnuPG-bug-id: 5831 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Also prefer Yubikeys if no reader port is given.Werner Koch2022-01-251-1/+2
| | | | * scd/apdu.c (select_a_reader): Extend the white list.
* scd: Re-group the options in the --help output.Werner Koch2021-12-291-10/+22
| | | | | | | | | | -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit daf5f4355db7c4203f5b7e01807956328a7d173c)
* gpgconf: Support reading global options (part 2).Werner Koch2021-12-291-2/+3
| | | | | | | | | | | | | | | | | | | | | * tools/gpgconf-comp.c: Remove all regular option descriptions. They are now read in from the component. Also remove a few meanwhile obsolete options. * agent/gpg-agent.c: Add option description which were only set in gpgconf-comp.c. * dirmngr/dirmngr.c: Ditto. * scd/scdaemon.c: Ditto. * sm/gpgsm.c: Ditto. * g10/gpg.c: Ditto. -- This second part removes all regular option descriptions because they can be read from the components. A few were missing in the components and thus moved to there. Signed-off-by: Werner Koch <[email protected]> This is a backport from master (2.3).
* scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE.NIIBE Yutaka2021-11-151-0/+8
| | | | | | | | | | * scd/app-openpgp.c (do_auth): Use extended Lc, when supported. -- GnuPG-bug-id: 5682 Co-authored-by: Klas Lindfors Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: More conservative selection of a card reader.NIIBE Yutaka2021-11-101-1/+1
| | | | | | | | | | * scd/apdu.c (select_a_reader): Only SPRx32 is in the white list. -- GnuPG-bug-id: 5644 Fixes-commit: 752422a792cecf459b37f517d634bcf272292b14 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Select a reader for PC/SC.NIIBE Yutaka2021-10-221-4/+76
| | | | | | | | | | * scd/apdu.c (select_a_reader): New. (open_pcsc_reader): Use select_a_reader. -- GnuPG-bug-id: 5644 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Remove context reference counting from pc/scWerner Koch2021-09-141-22/+16
| | | | | | | | | | | | | | | | | | | | * scd/apdu.c (pcsc): Add flag context_valid, remove count. (close_pcsc_reader): Use new flag instead of looking at magic context value. (pcsc_init): Set new flag. (open_pcsc_reader): Use new flag. (apdu_init): Clear new flag. * scd/apdu.c: Remove assert.h. Replace all assert by log_assert. -- The previous fix 192113552faa98f40cc91fe014ec55861474626c did not help, thus the new hypothesis is that PC/SC might return a valid context with the value -1. We now use a dedicated flag to track the validity of the context. The reference counting seems to be superfluous and is a relict due to backporting from 2.3. Removed.
* scd: Support PC/SC for "getinfo reader_list".Werner Koch2021-09-083-12/+88
| | | | | | | | | | | | | | | | | | | | | * scd/apdu.c: Include membuf.h. (pcsc): Add reader_list field. (open_pcsc_reader): Fill that field. (apdu_get_reader_list): New. * scd/command.c: Remove header ccid-driver.h. (pretty_assuan_send_data): New. (cmd_getinfo): Print all reader names. -- Note that depending on the card backend (ccid or PC/SC) it might be necessary to first send a reset followed by SERIALNO to get an updated list of reader. Or well send KILLSCD. The pretty printing of Assuan data lines does only work if you connect direct to scdaemon because the wrapper in gpg-agent does not know about this and combines the Assuan lines again. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix possible assertion in close_pcsc_reader.Werner Koch2021-09-071-6/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/apdu.c (close_pcsc_reader): Don't ref-count if the context is invalid. (open_pcsc_reader): Compare the context against -1 which is our indicator for an invalid context. -- I got a crash report for Windows: DBG: chan_0x000000a4 <- RESTART DBG: chan_0x000000a4 -> OK DBG: chan_0x000000a4 <- SERIALNO DBG: open_pcsc_reader(portstr=(null)) reader slot 0: not connected DBG: open_pcsc_reader => slot=0 DBG: enter: apdu_connect: slot=0 pcsc_connect failed: invalid PC/SC error code (0x6) reader slot 0: not connected DBG: leave: apdu_connect => sw=0x1000b DBG: enter: apdu_close_reader: slot=0 DBG: enter: apdu_disconnect: slot=0 DBG: leave: apdu_disconnect => sw=0x0 Ohhhh jeeee: Assertion "pcsc.count > 0" in close_pcsc_reader failed (...2.2.28/scd/apdu.c:817) no smartcard reader was connected but the box might sport a virtual reader. This patch should make it more robust. Signed-off-by: Werner Koch <[email protected]>
* Update OpenPGP card vendor list.Werner Koch2021-07-041-1/+4
| | | | --
* scd:ccid: Handle LIBUSB_TRANSFER_OVERFLOW interrupt transfer.NIIBE Yutaka2021-06-231-0/+5
| | | | | | | | | * scd/ccid-driver.c (intr_cb): Ignore LIBUSB_TRANSFER_OVERFLOW. -- Backport-master-commit: 25ae80b8eb6e9011049d76440ad7d250c1d02f7c Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:ccid:spr532: Extend abort_cmd for initialization time.NIIBE Yutaka2021-06-231-11/+18
| | | | | | | | | | | | | | | * scd/ccid-driver.c (abort_cmd): Add INIT argument to support synchronize until success, even ignoring timeout. (bulk_in): Normal use case of abort_cmd. (ccid_vendor_specific_init): Initial use case of abort_cmd. -- Another backport to stabilize SCM SPR332/SPR532 card reader. GnuPG-bug-id: 5297 Backport-master-commit: a9aa30ed2c2c399c2baa6a5aa2624d8fdee6286f Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Error code map fix for older Yubikey.NIIBE Yutaka2021-06-141-0/+1
| | | | | | | | | | | | | | * scd/iso7816.c (map_sw): Recognize 6A86. -- Yubikey NEO does not support the YK4_GET_CAPA command (001D000000), and it will be screwed up with the command. GnuPG-bug-id: 5487 Back-port-master-commit: 13bc0431ff1ce51246694208df611cc4561fb4b3 Fixes-commit: ec56996029d95d4bd26e1badfe207232270c6247 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix serial number detection for Yubikey 5.Werner Koch2021-06-101-4/+5
| | | | | | | | | | * scd/app.c (app_new_register): Handle serial number correctly. -- GnuPG-bug-id: 5442 Signed-off-by: NIIBE Yutaka <[email protected]> Backported-from-master: c3a9ee0b658887ca9baa4514187b17857fdf6586
* scd: Release memory for RDRNAME.NIIBE Yutaka2021-05-211-0/+2
| | | | | | | | * scd/apdu.c (apdu_close_reader): Free RDRNAME field. -- Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 16:32:42 +0000