aboutsummaryrefslogtreecommitdiffstats
path: root/scd (follow)
Commit message (Collapse)AuthorAgeFilesLines
* scd:openpgp: Print a diagnostic for the use of default ECDH params.Werner Koch2023-11-231-10/+7
| | | | | | | | | | | * scd/app-openpgp.c (ecc_writekey): Remove the useless check and print a diagnostic if the default params are used. -- Note that here in 2.2 we use different default ECDH parameters than in 2.4 (AES192 instead of AES256 for 384 bit curves). GnuPG-bug-id: 6378
* scd:openpgp: Use a special compare for the serialno.Werner Koch2023-10-111-2/+9
| | | | | | | | | | | | | | * scd/app-openpgp.c (check_keyidstr): Ignore the card version and also compare case insensitive. (do_learn_status): Add mssing error handling. -- This is required because we changed what we emit as serialno of OpenPGP cards but existing keys still use the old form of the serial number (i.e. with a firmware version). This is so that existing stub keys of gpg-agent will continue to work. GnuPG-bug-id: 5100
* scd:openpgp: Allow the reading the key by keygrip.Werner Koch2023-10-111-4/+39
| | | | | | | | | * scd/app-openpgp.c (do_readkey): Allow the keygrip for the keyid. Use case insensitive match forthe keyid. (do_readcert): Allow the keygrip for the keyid. -- This patch is only to sync ths up with master.
* scd:openpgp: Extend KEYPAIRINFO with an algorithm string.Werner Koch2023-10-111-7/+56
| | | | | | | | * scd/app-openpgp.c (retrieve_fprtime_from_card): New. (send_keypair_info): Add more to KEYPAIRINFO. -- This is mainly needed to sync this version with master.
* scd:openpgp: Use shared fucntion for the dispserialno.Werner Koch2023-10-111-32/+46
| | | | | | | | | | | | | * scd/app-openpgp.c (wipe_and_free): New. (wipe_and_free_string): New. (get_disp_serialno): Remove. Replace callers by function app_get_dispserialno. (get_usage_string): New. (send_keypair_info): Use new function. -- The new function has the same behaviour. The wipe functions are not yet used.
* scd:openpgp: Some comment updatesWerner Koch2023-10-101-18/+29
| | | | --
* scd: Add handling of "Algorithm Information" DO.NIIBE Yutaka2023-10-101-0/+1
| | | | | | | | | | | | | | * cd/app-openpgp.c (data_objects): Add 0x00FA. (do_getattr): Add KEY-ATTR-INFO. -- See the section 4.4.3.11 Algorithm Information in the OpenPGP card functional specification version 3.4.1. Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 90d0072165cc5c6888f14462392a211de0c4b232) Some parts where already here.
* scd:openpgp: New KEY-STATUS attribute.Werner Koch2023-10-101-1/+2
| | | | | | | | * scd/app-openpgp.c (do_getattr): Return KEY-STATUS -- (cherry picked from commit 21496761226c1020a98e3ec7dd2b9dd013d4386b) Some things from the original commit where already here.
* scd:openpgp: Add attribute "UIF" for convenience.Werner Koch2023-10-101-7/+13
| | | | | | | | | | | | | * scd/app-openpgp.c (do_getattr): New attrubute "UIF". (do_learn_status): Use that. -- Actually this is not just convenience but will make it easier to add new keys to an openpgp card - we will need to change this only at one place. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 11f0700282c1eeaee8db6686c38aca0900271351)
* scd: Add handling of Ed448 key.NIIBE Yutaka2023-10-101-13/+12
| | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): Add ecc.algo field. (send_key_attr): Use ecc.algo field. (ecc_read_pubkey): Use ecc.algo field. (ecc_writekey): Ed448 means EdDSA. (parse_algorithm_attribute): Set ecc.algo field from card. Add checking for Ed25519 for ECC_FLAG_DJB_TWEAK flag. -- There used to be a possible support of Ed25519 with ECDSA, (instead of EdDSA). To distinguish key for Ed25519 for EdDSA, we use the flag: (flags eddsa). Ed448 has no support for ECDSA and defaults to EdDSA even if no such flag. Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit b743942a9719be59f1da67cd338248fe7ee5aeab)
* scd:openpgp: Support the ecdh-params arg for writing keys.Werner Koch2023-10-101-20/+72
| | | | | | | | | | | | | | | | | * scd/app-openpgp.c (ecc_writekey): Use provided ECDH params to compute the fingerprint. Add a default for use by gnupg 2.2. (store_fpr): Add arg update. (rsa_read_pubkey, ecc_read_pubkey): Add arg meta_update and avoid writing the fingerprint back to the card if not set. (read_public_key): Also add arg meta_update. (get_public_key): Do not pass it as true here... (do_genkey): ... but here. -- This is based on commit c03ba92576e34f791430ab1c68814ff16c81407b and done here to ease backporting. There is no functional change. GnuPG-bug-id: 6378
* scd:openpgp: Handle wrong error return code of Yubikey.Werner Koch2023-10-101-5/+6
| | | | | | | | | | * scd/app-openpgp.c (get_public_key): Handle wrong error code by Yubikeys. -- This has been taken from commits 0db9c83555b4a8a0c52f96e96ec20dbfd3d75272 946555ea3ceb823b95ed13654ae4fd667daa4337
* scd: Fix description string.NIIBE Yutaka2023-10-101-2/+2
| | | | | | | * scd/app-openpgp.c (data_objects): Capitalize the word for usage. Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit e6b7e0ff9990813ac9f11b2d9d92596d6379ebfe)
* scd:openpgp: Support UIF changing command.NIIBE Yutaka2023-10-101-4/+22
| | | | | | | | | | | | | | | | | | | * g10/card-util.c (uif, cmdUIF): New. (card_edit): Add call to uif by cmdUIF. * scd/app-openpgp.c (do_getattr): Support UIF-1, UIF-2, and UIF-3. (do_setattr): Likewise. (do_learn_status): Learn UIF-1, UIF-2, and UIF-3. -- GnuPG-bug-id: 4158 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 0cb65564e022fface5ada4de8e0c2c4c3d0ac8ad) Also included the relevant part from commit 0240345728a84d8f235ce05889e83963e52742eb Note that this patch is mainly to simplifying backporting and not to support the UIF.
* scd:openpgp: Small speedup reading card properties.Werner Koch2023-10-101-2/+19
| | | | | | | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): Add new flag. (get_cached_data): Force chace use if flag is set. (app_select_openpgp): Avoid reading DO 6E multiple times. -- The do not cache property of 6E was introduced so that we can change for example key attributes without getting into with the cache. However, for initial reading the cache makes a lot of sense and thus we now use this hack to only temporary cache. A better strategy would be to clear the cache when we change card data but that is more error prone. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d5fb5983232cf4d60cf6aa00d0ae5a16cf948e19)
* scd:openpgp: Allow reading and writing user certs for keys 1 and 2Werner Koch2023-10-103-22/+127
| | | | | | | | | | | | | | | * scd/iso7816.c (CMD_SELECT_DATA): New. (iso7816_select_data): New. * scd/app-openpgp.c (do_readcert): Allow OpenPGP.1 and OPENPGP.2 (do_writecert): Ditto. (do_setattr): Add CERT-1 and CERT-2. -- This has been tested with a Zeitcontrol 3.4 card. A test with a Yubikey 5 (firmware 5.2.6) claiming to support 3.4 failed. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 37b1c5c2004c1147a13b388863aaa8f0caf7d71f)
* scd: Allow standard keyref scheme for app-openpgp.Werner Koch2023-10-101-0/+11
| | | | | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with "OPENPGP." -- The generic keyref allows for better error detection in case a keyref is send to a wrong card. This has been taken from master commit 3231ecdafd71ac47b734469b07170756979ede72 which has additional changed for gpg-card-tool, which is only available there. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 6651a0640d0f1b4dd161210dc55974d9b93b7253)
* scd:openpgp: Support GET DATA response with no header for DO 0x00FA.NIIBE Yutaka2023-10-101-2/+2
| | | | | | | | * scd/app-openpgp.c (do_getattr): Support Gnuk, as well. -- Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 43bbc25b0f57dec24412886ff46041e0b1f3de26)
* scd:openpgp: Pass arg ctrl to more functions.Werner Koch2023-10-101-50/+49
| | | | | | | | | | | | | | | * scd/app-openpgp.c (verify_a_chv): Add currently unused arg ctrl. Adjust callers. (verify_chv3): Ditto. (verify_chv2): Add arg ctrl. Adjust callers. (change_keyattr): Ditto. (change_rsa_keyattr): Ditto. (change_keyattr_from_string): Ditto. (rsa_writekey): Ditto. (ecc_writekey): Ditto. -- This helps in backporting from master.
* scd:openpgp: Replace assert by log_assert.Werner Koch2023-10-101-17/+17
| | | | | * scd/app-openpgp.c: Remope assert.h. Replace all assert by log_assert.
* scd:openpgp: Fix computing fingerprint for ECC with SOS.NIIBE Yutaka2023-10-101-1/+22
| | | | | | | | | | | * scd/app-openpgp.c (count_sos_bits): New. Count as sos_write does. (store_fpr): For ECC, use count_sos_bits. -- Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 95156ef9bfb6a3a525454d50ae2f5b538ccbd774) and (cherry picked from commit f482e4bd121ff2862bfb53a82f1d5c2cf3524a10)
* scd:openpgp: Very minor refactoringWerner Koch2023-10-101-3/+5
| | | | | * scd/app-openpgp.c (app_select_openpgp): Move AID definition to ... (openpgp_aid): new.
* scd:openpgp: Rename an internal variable.Werner Koch2023-10-101-13/+14
| | | | | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): s/extcap_v3/is_v3/. s/max_certlen_3/max_certlen. Change users. -- The extcap_v3 flag is set if the version is 3 or later and as such does not only declare that the v3 extcap layout is used. Make this clear by renaming. Likewise for max_certlen_3. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit bbdb48ec0ddd99ce23fcba42949c00a2594fb9a5)
* scd,w32: Fix build dependencyWerner Koch2023-08-291-1/+3
| | | | | | * scd/Makefile.am (scdaemon_DEPENDENCIES): Fix. -- Fixes-commit: 625fb548998fb4d48b23c6e4cfa5bfa72f1d74e2
* w32: Add missing manifests and set a requestedExecutionLevel.Werner Koch2023-05-252-3/+13
| | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.w32-manifest.in: New. * dirmngr/dirmngr-client-w32info.rc: New. * dirmngr/dirmngr-client.w32-manifest.in: New. * dirmngr/dirmngr-w32info.rc: New. * dirmngr/dirmngr.w32-manifest.in: New. * dirmngr/dirmngr_ldap-w32info.rc: New. * dirmngr/dirmngr_ldap.w32-manifest.in: New. * g10/gpgv-w32info.rc: New. * g10/gpgv.w32-manifest.in: New. * kbx/keyboxd.w32-manifest.in: New. * scd/scdaemon.w32-manifest.in: New. * sm/gpgsm.w32-manifest.in: New. -- This avoids the use of the VirtualStore uner Windows. GnuPG-bug-id: 6503 Backported from 2.4; some manifest files already existed in 2.2 but not in 2.4
* scd: Fix cmd_apdu on error.NIIBE Yutaka2023-05-102-2/+5
| | | | | | | | | | * scd/command.c (cmd_apdu): Fix the code path on error. -- GnuPG-bug-id: 6476 Reported-by: Robin Krahl Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,p15: Enforce a min. PIN length for certain cards.Werner Koch2023-04-201-5/+10
| | | | * scd/app-p15.c (verify_pin): Enforce 6 for RSCS cards.
* scd,openpgp: Switch key attributes between RSA and ECC in writekey.Werner Koch2023-03-141-5/+28
| | | | | | | | | | | | | | * common/sexputil.c (get_rsa_pk_from_canon_sexp): Also allow private keys. (pubkey_algo_string): Ditto. * scd/app-openpgp.c (do_writekey): Switch key attributes -- The scd WRITEKEY command for OpenPGP cards missed proper support to aautomagically switch key attributes based on the new key. We had this only in GENKEY. GnuPG-bug-id: 6378
* scd: Fix checking memory allocation.NIIBE Yutaka2023-03-081-1/+1
| | | | | | | | * scd/app-openpgp.c (read_public_key): Fix the memory. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Parse "Algorithm Information" data object in scdaemon.NIIBE Yutaka2023-02-171-1/+117
| | | | | | | | | | | * scd/app-openpgp.c (data_objects): 0x00FA for binary data. (do_getattr): Parse the data and send it in status lines. (get_algorithm_attribute_string): New. -- Signed-off-by: NIIBE Yutaka <[email protected]> Backported-from-master: eba2563dabbb4f61537900289fbe3ae113904733 Backported-from-master: 43bbc25b0f57dec24412886ff46041e0b1f3de26
* scd:p15: Add pre-check for ascii-numeric PINs.Werner Koch2023-02-171-3/+11
| | | | | | | * scd/app-p15.c (verify_pin): ascii-numeric is different than BCD. (cherry picked from commit 029924a46e08ffcda038d89f06abfb41c980a9ad) Added a few typo fixes.
* scd:p15: Use APP_CARD macro at some other places.Werner Koch2023-02-171-4/+4
| | | | | | -- This makes back porting easier.
* scd: Improve reading of binary records.Werner Koch2023-02-173-10/+5
| | | | | | | | | | | | | | * scd/iso7816.c (iso7816_read_binary_ext): Handle the 0x6a86 SW the same as 6b00. * scd/apdu.c (apdu_get_atr): Modify debug messages. * scd/app-p15.c (app_select_p15): Print FCI on error. (read_p15_info): Clean up diag in presence of debug options. -- Some cards return 6a86 instead of 6b00. Signed-off-by: Werner Koch <[email protected]> Backported-from-master: 44f977d0e332e77fb8a775c4837c00118bbe08cb
* scd:p15: Handle cards with bad encoded path objects.Werner Koch2023-02-171-9/+13
| | | | | | | | | | * scd/app-p15.c (read_ef_prkdf, read_ef_pukdf) (read_ef_cdf, read_ef_aodf): Allow for a zero length path and correctly skip unsupported auth types. -- Signed-off-by: Werner Koch <[email protected]> Backported-from-master: 7a8545c91b09277b0833dc0e5881ba5d1c8dbca3
* scd:openpgp: Allow auto-changing of the key attributes in genkey.Werner Koch2023-01-132-69/+212
| | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): Add field keyalgo. (parse_algorithm_attribute): Store the new keyalgo field. (change_keyattr): Change info message. (change_keyattr_from_string): Rewrite to also accept a keyref and a keyalgo string. (do_genkey): Change the keyattr if a keyalgo string is given. * scd/command.c (cmd_genkey): Add option --algo. -- Having this feature makes it easier to use OpenPGP cards in a similar way to other cards. Note that the explicit changing via SETATTR is still supported. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d7d75da50543bc7259c5a6e6367b58cbca7f1b7b) (cherry picked from commit b349adc5c0d00d2fc405a45bd078f1580b5610cc)
* scd: Return CARDTYPE, CARDVERSION, and APPVERSION.Werner Koch2023-01-131-2/+31
| | | | | | * scd/app.c (strcardtype): New. (app_write_learn_status): Return more info. (app_getattr): Allow for CARDTYPE.
* scd:p15: Skip deleted records.Werner Koch2022-12-081-8/+37
| | | | | | | | | | | | * scd/app-p15.c (select_and_read_record): Special case deleted records. Support 3 byte TLVs. (read_ef_prkdf): Skip deleted records. (read_ef_pukdf): Ditto. (read_ef_cdf): Ditto. (read_ef_aodf): Ditto. -- This fixes a problem with some CardOS 5 applications.
* scd: Redact --debug cardio output of a VERIFY APDU.Werner Koch2022-11-251-2/+16
| | | | | | | | | | * scd/apdu.c (pcsc_send_apdu) [DBG_CARD_IO]: Detect and redact a VERIFY. (send_apdu_ccid): Ditto. -- This should handle the most common case. GnuPG-bug-id: 5085
* scd:nks: Fix ECC signing if key not given by keygrip.Werner Koch2022-11-251-0/+2
| | | | * scd/app-nks.c (keygripstr_from_pk_file): Set r_algo if not in cache.
* scd:nks: Support non-ESIGN signing with the Signature Card v2Werner Koch2022-11-251-8/+20
| | | | | | | | * scd/app-nks.c (do_sign): Handle ECC for NKS cards -- Backported-from-master: 959c627892121ce9707bfa36f2510216b4f6f247 GnuPG-bug-id: 6252
* scd: Use app_get_slot at more places.Werner Koch2022-11-254-65/+84
| | | | | | -- This is helpful for backporting other changes.
* scd: Use APP_LEARN_FLAG_KEYPAIRINFO with more apps.Werner Koch2022-11-252-2/+2
| | | | | | | | * scd/app-nks.c (do_learn_status_core): Use new flag. * scd/app-sc-hsm.c (do_learn_status): Ditto. -- The flag was already backported to some apps but not to these.
* scd:nks: Don't flag the ESIGN keypair EF as encryption capable.Werner Koch2022-10-201-1/+1
| | | | | | | | | | | * scd/app-nks.c (filelist): Tweak 0x4531. -- Actually the certificate has no encryption usage but we should also tell that via KEYINFO so that this key is never tried to create an encryption certificate. (cherry picked from commit 3a2fb1c30633373d17880469e0b84ab2a9524585)
* scd:nks: Some code cleanup.Werner Koch2022-10-201-107/+100
| | | | | | | | | | | | | | * scd/app-nks.c (find_fid_by_keyref): Factor keyref parsing out to ... (parse_keyref): new. (do_readcert): Use new function instead of partly duplicated code. Make detection of keygrip more robust. (do_readkey): Make detection of keygrip more robust. (do_with_keygrip): Use get_nks_tag. -- Also added a couple of comments. (cherry picked from commit b92b3206e72b635fd815eaf85e7acc67c2a52ffe)
* scd:nks: Support the Telesec ESIGN application.Werner Koch2022-10-201-26/+81
| | | | | | | | | | | | | | | | | * scd/app-nks.c (find_fid_by_keyref): Disable the cache for now. (readcert_from_ef): Considere an all zero certificate as not found. (do_sign): Support ECC and the ESIGN application. -- This allows me to create qualified signatures using my Telesec card. There is of course more work to do but this is the first step. Note: The design of the FID cache needs to be reconsidered. Until that the lookup here has been disabled. The do_sign code should be revamped to be similar to what we do in app-p15. GnuPG-bug-id: 5219, 4938, 6252 Backported-from-master: 07eaf006c2763a6b40d2734b1c6704da466e0ed0
* scd:nks: Return USAGE information for KEYINFO command.NIIBE Yutaka2022-10-204-25/+26
| | | | | | | | | | | | | | | | | * scd/app-nks.c (set_usage_string): New. (do_learn_status_core, do_readkey): Use set_usage_string. (do_with_keygrip): Add USAGE to call send_keyinfo, using set_usage_string. * scd/command.c (send_keyinfo): Add arg usage. -- Signed-off-by: NIIBE Yutaka <[email protected]> Backported-from-master: 5264d3f58e8a8362900c3518bdd683ff9a23cccc GnuPG-bug-id: 6252 This backports only the NKS parts of the original patch Signed-off-by: Werner Koch <[email protected]>
* scd:nks: Handle APP_READKEY_FLAG_INFO.Werner Koch2022-10-201-52/+117
| | | | | | | | | | | | | | | * scd/app-nks.c (keygripstr_from_pk_file): Fix ignored error. (get_nks_tag): New. (do_learn_status_core): Use it. Make sure not to mange the KEYPAIRINFO line if no usage is known. (do_readkey): Output the KEYPAIRINFO for the keygrip case. -- Note that this only handles the most common case of providing a keygrip. $AUTHKEYID and ODLM are not yet supported. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 63320ba2f8147ee86f4406c9590f6b28cad4771d)
* scd:nks: Add support for signing plain SHA-2 digests.Ingo Klöcker2022-10-201-17/+67
| | | | | | | | | | | | * scd/app-nks.c (do_sign): Handle plain SHA-2 digests and verify encoding of ASN.1 encoded hashes. -- This makes it possible to create CSRs for NetKey card keys which are signed with SHA256 by default. GnuPG-bug-id: 5184 (cherry picked from commit 8fe976d5b9a0f2902868737dd502c749565222a6)
* scd:nks: Support READKEY with keygrip and for "NKS-IDLM" keyref.NIIBE Yutaka2022-10-201-0/+22
| | | | | | | | | | | * scd/app-nks.c (do_readkey): Allow KEYGRIP access. Support NKS-IDLM.XXXX keyref. -- GnuPG-bug-id: 5150 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 3b392630881350baabeba16fa760bad04be94d03)
* scd:nks: Factor out pubkey retrieval from keygrip handling.NIIBE Yutaka2022-10-201-84/+72
| | | | | | | | * scd/app-nks.c (pubkey_from_pk_file): New. (keygripstr_from_pk_file): Use pubkey_from_pk_file. Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit b7c087375d84c31ab8a645cd81e6b1e6185cb30d)
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 11:52:21 +0000