aboutsummaryrefslogtreecommitdiffstats
path: root/scd (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Replace most of the remaining stdio calls by estream calls.Werner Koch2020-10-211-4/+4
| | | | | | | | | | | | | -- We need to use es_fopen on Windows to cope with non-ascii file names. This is quite a large but fortunately straightforward change. At a very few places we keep using stdio (for example due to the use of popen). GnuPG-bug-id: 5098 Signed-off-by: Werner Koch <[email protected]> Backported-from-master: 390497ea115e1aca93feec297a5bd6ae7b1ba6dd
* scd: Add a workaround for Yubikey.NIIBE Yutaka2020-10-061-0/+6
| | | | | | | | | | | | | | | * scd/app-openpgp.c (get_public_key): Handle wrong code for Yubikey. -- Backport master commit of: 0db9c83555b4a8a0c52f96e96ec20dbfd3d75272 Yubikey version 5 s/n 609074582 returns 0x6982, version 5.2.4 s/n 610616049 returns 0x6581, where 0x6a88 is expected. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Silence compiler warning.NIIBE Yutaka2020-10-061-3/+3
| | | | | | | | | | | | * scd/app-openpgp.c (build_ecc_privkey_template): Fix allocation size. -- Cherry-picked from master commit of: 2a34a2afea5fcb5f4ed206afa110650db3dd7ef0 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Report any error for LEARN command.NIIBE Yutaka2020-10-061-28/+63
| | | | | | | | | | | | * scd/app-openpgp.c (do_learn_status): Report any error. -- Backport master commit of: 862d9c6face9b4ad61f6e59bf1ba9b5f5d05c58c Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID driver: More fix for SPR532.NIIBE Yutaka2020-10-061-4/+4
| | | | | | | | | | | | | * scd/ccid-driver.c (bulk_in): Handle the case of missing intr_cb. -- Backport master commit of: 920f258eb6018ecec1d63bad6a0fb0772f72affa GnuPG-bug-id: 5065 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID driver fix.NIIBE Yutaka2020-10-061-2/+5
| | | | | | | | | | | | | * scd/ccid-driver.c (intr_cb): More useful debug output. (ccid_slot_status): Remove redundant condition. -- Backport master commit of: 1444203ca32ccfa4bd5097d2d49565c4055c620b Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID driver: Call libusb_clear_halt at ccid_setup_intr.NIIBE Yutaka2020-10-061-3/+1
| | | | | | | | | | | | | * scd/ccid-driver.c (ccid_setup_intr): Reset the endpoint. (ccid_vendor_specific_init): Don't call libusb_clear_halt. -- Backport master commit of: 6af978713e4c69d7814f47e709f1dfb3fe9076d1 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID driver: Fix a failure path.NIIBE Yutaka2020-10-061-0/+1
| | | | | | | | | | | | | * scd/ccid-driver.c (ccid_open_usb_reader): On error, call libusb_release_interface. -- Backport master commit of: d561c936a217627bc29aac628a8d01f7003dcd28 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID: Handle LIBUSB_ERROR_TIMEOUT at ccid_get_atr.NIIBE Yutaka2020-10-061-1/+2
| | | | | | | | | | | | | | | * scd/ccid-driver.c (ccid_slot_status): Handle LIBUSB_ERROR_TIMEOUT. -- Backport master commit of: b1e8072320c19246962beb6d67dc5784b5a72364 With SPR532, at the first connection, it fails by LIBUSB_ERROR_TIMEOUT, but no retry. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Change handling of SPR532 card reader.NIIBE Yutaka2020-10-061-4/+17
| | | | | | | | | | | | | | | | * scd/ccid-driver.c (ccid_vendor_specific_init): Put some workaround for SPR532 initialization. (ccid_slot_status): Send ESCape command after GetSlotStatus. -- Backport master commit of: 684a52dffa8b7f79b26fe53b3ab10d7748a8fb37 GnuPG-bug-id: 5065 Fixes-commit: 4fae55f8ee11b3f710524e5e8b8a91b159949f2d Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: For SPR532, submit the ESCape command at initialization.NIIBE Yutaka2020-10-061-14/+13
| | | | | | | | | | | | | | * scd/ccid-driver.c (ccid_vendor_specific_init): Submit the ESC command for VENDOR_SCM. (ccid_transceive_secure): Don't submit the ESC command every time. -- Backport master commit of: 4fae55f8ee11b3f710524e5e8b8a91b159949f2d Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix CCID internal driver for interrupt transfer.NIIBE Yutaka2020-10-061-3/+36
| | | | | | | | | | | | | | | | | | * scd/ccid-driver.c (intr_cb): Handle the case of multiple messages. -- Backport master commit of: 7cbb513a2dc150a90a30c53316970df2a439d494 SPR532 USB Smart Card Reader (also know as SPR332) may send two messages at once for a single interrupt transfer. An example transfer observed was like: 50 03 50 02, which is considered valid, according to the CCID specification. GnuPG-bug-id: 5065 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Better handling of timeout and time extension.NIIBE Yutaka2020-10-061-7/+4
| | | | | | | | | | | | | | | * scd/ccid-driver.c (CCID_CMD_TIMEOUT_LONGER): Remove. (ccid_transceive): Don't use x4 blindly for bBWI, but use dynamically determined value. Use value from variable wait_more for bulk_in. Set wait_more by the value of time extension request. -- Backport master commit of: f1cf799a37f320d33cae445c74f3fc1936dd9995 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix internal CCID driver, so that -DTEST works.NIIBE Yutaka2020-10-061-41/+54
| | | | | | | | | | | | * scd/ccid-driver.c: Support a test program by ccid-driver. -- Backport from master commit: b31060425226b45deb21915bf5cd8b6ba62bd098 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: ccid-driver: Initial getting ATR more robustly.NIIBE Yutaka2020-10-061-18/+39
| | | | | | | | | | | | | | | * scd/ccid-driver.c (send_power_off): New. (do_close_reader): Use send_power_off. (ccid_get_atr): Add error recovery. -- Backport from master commit of: c51a5685554a06e00ae1e99070b44613b2f8d417 GnuPG-bug-id: 4616 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Clean up the structure for future fix of PC/SC.NIIBE Yutaka2020-10-063-18/+23
| | | | | | | | | | | | | | | | | | * scd/apdu.c (struct dev_list): Rename from ccid_table, with void*. (open_ccid_reader): Follow the change. (apdu_dev_list_start, apdu_dev_list_finish): Likewise. (apdu_open_reader): Likewise. * scd/ccid-driver.c (ccid_dev_scan): Use void *. (ccid_dev_scan_finish, ccid_get_BAI, ccid_open_usb_reader): Likewise. * scd/ccid-driver.h: Change the APIs. -- Backport from master commit of: f44aa290c1368a3119b2323664c0f356195c4206 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Map some error codes from libusb to ccid-driver error codes.Werner Koch2020-10-065-12/+57
| | | | | | | | | | | | | | | | | | | * scd/ccid-driver.h (CCID_DRIVER_ERR_USB_*): New error codes. * scd/apdu.h: New SW_HOST error codes. * scd/apdu.c (host_sw_string): Print them * scd/ccid-driver.c (map_libusb_error): New. (ccid_open_usb_reader, bulk_in, abort_cmd): Map libusb error codes. * scd/iso7816.c (map_sw): Map new codes to gpg-error. -- Backport from master commit: 9a8d7e41bba1926158a21ebdda542241493ef983 This change will help to get low level error conditions from hipher application code. Signed-off-by: Werner Koch <[email protected]>
* scd: internal driver: Submit SET_INTERFACE control transfer.NIIBE Yutaka2020-10-061-8/+6
| | | | | | | | | | | | | | | | | | | | | | * scd/ccid-driver.c (ccid_open_usb_reader): Alway submit SET_INTERFACE control transfer. -- Backport from master commit: 611faf1579a56925994d53eb08e1290a4b3958cf This handling is not mondatory, but it's better to do so, because there are card reader with pinpad and token with ack button, which support user interaction. User interaction status should be reset at open time. The status should be reset when the session is closed/stopped. In practice, since cleanup routine in a driver may not be called properly, it's good to submit SET_INTERFACE at open time. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID driver: Spelling cleanup.NIIBE Yutaka2020-10-061-2/+2
| | | | | | | | | -- Signed-off-by: Daniel Kahn Gillmor <[email protected]> Backport master commit of: 0904b8ef348a52335c378bee6dc90a978885d66f
* scd: Internal CCID driver: Clean up backport from master.NIIBE Yutaka2020-10-061-1/+1
| | | | | | | | | | | | | * scd/ccid-driver.c (print_error) [TEST]: Add missing break. Note that this is anyway an impossible case. -- Backport master commit of: 8fb14d3b3f9c5c27ff8b9f0e7e7207ec388687ff Signed-off-by: Werner Koch <[email protected]>
* w32: Add manifest files to most binariesWerner Koch2020-10-023-3/+23
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* doc: Typo fixesWerner Koch2020-10-021-1/+1
| | | | --
* scd: Fix the use case of verify_chv2 by CHECKPIN.NIIBE Yutaka2020-09-161-16/+20
| | | | | | | | | | | | | * scd/app-openpgp.c (verify_chv2): Call verify_a_chv with chvno=1 when needed. -- Backport of master commit of: 6e51f2044aebb885ea81dae259db1b7f477b1c44 Fixes-commit: d2f1a0a791db3eb03c003365cbcd010bd8066edb Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix a regression for OpenPGP card.NIIBE Yutaka2020-09-011-0/+5
| | | | | | | | | | | * scd/app-openpgp.c (verify_chv2): Make sure loading keys. -- Fixes-commit: d2f1a0a791db3eb03c003365cbcd010bd8066edb Reported-by: Michał Górny GnuPG-bug-id: 5039 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add condition for VERIFY with 0x82.NIIBE Yutaka2020-08-271-4/+9
| | | | | | | | | | | | | | | | * scd/app-openpgp.c (verify_chv2): Check availability of keys in question. -- Backport master commit of: af189be481df02a77e088aa0a60a1fc02dfa12bf With buggy Gnuk (<= 1.2.15), when no encr/auth keys are available, it fails decrementing the signature error counter. This change can avoid the issue. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix condition for C5 data object for newer Yubikey.NIIBE Yutaka2020-05-291-1/+1
| | | | | | | | | | | | * scd/app-openpgp.c (compare_fingerprint): Relax the condition. -- Cherry-picked from master commit of: f3df8dbb696fed192501fa7f741c2e0e0936a3d5 GnuPG-bug-id: 4957 Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Change argument order of log_printhex.Werner Koch2020-05-123-20/+20
| | | | | | | | | | | | * common/logging.c (log_printhex): Chnage order of args. Make it printf alike. Change all callers. * configure.ac: Add -Wno-format-zero-length -- This makes it consistent with modern libgpgrt logging and thus eases back porting from newer GnuPG versions which use libgpgrt logging. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Return a display S/N via Assuan.Werner Koch2020-04-151-21/+54
| | | | | | | | * scd/app-p15.c (make_pin_prompt): Factor some code out to ... (get_dispserialno): this. (do_getattr): Use new fucntion for a $DISPSERIALNO. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Show a pretty PIN prompt.Werner Koch2020-04-151-10/+200
| | | | | | | | | | | | | | | | | | | | | | | | * scd/app-p15.c (struct prkdf_object_s): New fields common_name and serial_number. (release_prkdflist): Free them. (keygrip_from_prkdf): Parse cert and set them. (any_control_or_space): New. (make_pin_prompt): New. (verify_pin): Construct a pretty PIN prompt. (do_sign): Remove debug output. -- The D-Trust card has the SerialNumber part of the Subject printed on the front matter, we assume this is also possible with other cards and thus we show this as serial number. The holder of the card is also extracted from the card's subject. Signed-off-by: Werner Koch <[email protected]> Backported from master. Signed-off-by: Werner Koch <[email protected]>
* scd: Return GPG_ERR_BAD_PIN on 0x63Cn status word.Werner Koch2020-04-151-0/+2
| | | | | | | | | | | * scd/iso7816.c (map_sw): Detect 0x63Cn status code. -- I really wonder when that got lost and we ended up with a simple card error. Signed-off-by: Werner Koch <[email protected]> Backported from master.
* scd: Factor common PIN status check out.Werner Koch2020-04-153-41/+48
| | | | | | | | | | | | | | | | | | * scd/iso7816.h (ISO7816_VERIFY_ERROR): New. (ISO7816_VERIFY_NO_PIN): New. (ISO7816_VERIFY_BLOCKED): New. (ISO7816_VERIFY_NULLPIN): New. (ISO7816_VERIFY_NOT_NEEDED): New. * scd/iso7816.c (iso7816_verify_status): New. * scd/app-nks.c (get_chv_status): Use new function. -- Signed-off-by: Werner Koch <[email protected]> Backported from master: - Removed the non-existant app-piv.c patches. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Fix decrypt followed by sign problem for D-Trust cards.Werner Koch2020-04-153-14/+112
| | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/iso7816.c (iso7816_select_mf): New. * scd/app-p15.c (card_product_t): New. (struct app_local_s): Add field 'card_product'. (read_ef_tokeninfo): Detect D-Trust card. (prepare_verify_pin): Switch to D-Trust AID. (do_decipher): Restore a SE for D-TRust cards. Change the padding indicator to 0x81. * common/percent.c (percent_data_escape): new. Taken from master. -- Using what I learned from a USB trace running the Governikus Signer Software on Windows this fixes the left over problem with the new D-Trust card support. Signed-off-by: Werner Koch <[email protected]> Backported from master. This required to add the percent_data_escape function we introduced in master on 2018-07-02: commit 58baf40af641f8cbf597e508a292e85ae94688f1 common: New function percent_data_escape. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Emit MANUFACTURER, $ENCRKEYID, $SIGNKEYID.Werner Koch2020-04-151-19/+62
| | | | | | | | | | | | | * scd/app-p15.c (read_ef_tokeninfo): Store manufacturer_id. (do_getattr): Implement MANUFACTURER, $ENCRKEYID and $SIGNKEYID. (send_keypairinfo): Also print usage flags. -- Signed-off-by: Werner Koch <[email protected]> Backported from master. Signed-off-by: Werner Koch <[email protected]>
* scd:openpgp: New attribute "MANUFACTURER".Werner Koch2020-04-151-0/+50
| | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (get_manufacturer): New.. (do_getattr): Add new attribute "MANUFACTURER". (do_learn_status): Always print it. -- This will make it easy to maintain the list of OpenPGP vendors at just one place. Signed-off-by: Werner Koch <[email protected]> Backported from master: .. or well in master and 2.2 Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Rename some variables and functions for clarity.Werner Koch2020-04-151-20/+20
| | | | | | | | | | | * scd/app-p15.c: Rename keyinfo to prkdf. Signed-off-by: Werner Koch <[email protected]> Backported from master. Removed the do_with_keygrip related parts because that function is not available. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Cache the PIN.Werner Koch2020-04-151-0/+8
| | | | | | | | | | | * scd/app-p15.c (struct prkdf_object_s): Add flag pin_verified. (verify_pin): Make use of it. -- Theee is still a problem with the APDUs we send: Switching between signing and decryption does work but not in the other way. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Add missing keygrip retrieval for decryption.Werner Koch2020-04-011-0/+8
| | | | | | | | | | * scd/app-p15.c (do_decipher): Get the keygrip. -- This was lost during the backport. Fixes-commit: 4af38ea5e450b3eb79af98b9876b2b968110a459 Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Support decryption with CardOS 5 cards.Werner Koch2020-04-011-2/+99
| | | | | | | | | | | | | | | * scd/app-p15.c (do_decipher): New. -- tested using the D-TRUSt card and a SCR3310 reader. The Kobil KAAN Advanced, I used for the signing tests could not be used because it supports only Short APDU Level exchange. Signed-off-by: Werner Koch <[email protected]> Back ported from master. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Factor PIN verification out to a new function.Werner Koch2020-04-011-189/+224
| | | | | | | | | | | | * scd/app-p15.c (do_sign): Factor code out to ... (prepare_verify_pin, verify_pin): new functions. -- Signed-off-by: Werner Koch <[email protected]> Bakc ported from master Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Support signing with CardOS 5 cards.Werner Koch2020-04-015-101/+285
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg r_pkey and change all callers. (app_help_get_keygrip_string): Ditto. * scd/app-p15.c (struct cdf_object_s): Use bit flags (struct aodf_object_s): Ditto. Add field 'fid'. (struct prkdf_object_s): Ditto. Add fields keygrip, keyalgo, and keynbits. (parse_certid): Allow a keygrip instead of a certid aka keyref. (read_ef_aodf): Store the FID. (keygripstr_from_prkdf): Rename to ... (keygrip_from_prkdf): this. Remove arg r_gripstr and implement cache. Change callers to directly use the values from the object. Also store the algo and length of the key ion the object. (keyref_from_keyinfo): New. Factored out code. (do_sign): Support SHA-256 and >2048 bit RSA keys. common/scd:p15: Support signing with CardOS 5 cards. * common/util.h (KEYGRIP_LEN): New. -- This has been tested with a D-Trust card featuring 3072 bit keys. Note that non-repudiation key for a qualified signature does not yet work because we do not yet support rsaPSS padding. Thus a gpgsm --learn shows a couple of Bad Signature errors for this key. Signed-off-by: Werner Koch <[email protected]> Back ported from master: - Removed do_with_keygrip - Added KEYGRIP_LEN - app_help_get_keygrip_string_pk actually added. - Move keygrip_from_prkdf in do_sign before the verification. It used to work in master only because there it is implictly called prior to signing by do_with_keygrip Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Read certificates in extended mode.Werner Koch2020-04-012-1/+17
| | | | | | | | | | | | * scd/app-p15.c (readcert_by_cdf): Allow reading in extended mode. * scd/app-common.h (app_get_slot): New. -- Signed-off-by: Werner Koch <[email protected]> (Back ported from master) Added app_get_slot.
* scd: Add function for binary read in extended mode.Werner Koch2020-04-012-4/+17
| | | | | | | * scd/iso7816.c (iso7816_read_binary): Factor code out to ... (iso7816_read_binary_ext): new function. Add arg extended_mode. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Improve diagnosticsWerner Koch2020-04-011-164/+202
| | | | | | | | | | | | -- This removes almost all log_debug calls and uses opt.verbose and log_info to show card information. Also avoid too long and thus harder to read lines. Signed-off-by: Werner Koch <[email protected]> (back ported from master)
* scd:p15: Detect CardOS 5 cards and print some basic infos.Werner Koch2020-04-011-15/+150
| | | | | | | | | | | | | | | | | | | | | | * scd/app-p15.c (read_ef_odf): Detect the home_DF on the fly. Silence the garbage warning for null bytes. (print_tokeninfo_tokenflags): New. (read_ef_tokeninfo): Print manufacturer, label, and flags. (app_select_p15): No need to use the app_get_slot macro. (CARD_TYPE_CARDOS_50): New const. (card_atr_list): Detect CardOS 5.0 -- The card under test is a "Test-Signaturkarte D-TRUST Card 3.1" for a mere 49 Euro and no specs available. D-Trust is a branch of the German Bundesdruckerei. Compare that to Telesec and Yubikey who have always been nice enough to send bunches of sample cards without a need to wade through lots of forms and not even asking for money. Guess which cards I prefer. Signed-off-by: Werner Koch <[email protected]> (backported from master)
* scd: Fix pinpad handling when KDF enabled.NIIBE Yutaka2020-03-181-0/+2
| | | | | | | | | | * scd/app-openpgp.c (do_getattr): Send the KDF DO information. -- Fixes-commit: 95c7498b76231d3297541172d878f6a26702539b Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 11da441016222337284c519ff56aca34e3042373)
* scd: Disable pinpad if it's impossible by KDF DO.NIIBE Yutaka2020-03-181-6/+29
| | | | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): Add pinpad.disabled field. (do_getattr): Set pinpad.disabled field. (check_pinpad_request): Use the pinpad.disabled field. (do_setattr): Update pinpad.disabled field. -- GnuPG-bug-id: 4832 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 95c7498b76231d3297541172d878f6a26702539b) Signed-off-by: Werner Koch <[email protected]>
* build: Always use EXTERN_UNLESS_MAIN_MODULE pattern.Werner Koch2020-02-102-0/+2
| | | | | | | | | | | | | | | | | | | | | | * common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only here but now without the Norcroft-C. Change all other places where it gets defined. * common/iobuf.h (iobuf_debug_mode): Declare unconditionally as extern. * common/iobuf.c (iobuf_debug_mode): Define it here. * agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in all main modules of all other programs. * g10/main.h: Put util.h before the local header files. -- This change is required for use with gcc/ld's LTO feature which does not allow common blocks. Further gcc 10 will make -fno-common the default and thus this chnage is always needed. What a pitty. Co-authored-by: Tomáš Mráz GnuPG-bug-id: 4831 Signed-off-by: Werner Koch <[email protected]>
* scd,ccid: Add support of GEMPC_EZIO.NIIBE Yutaka2019-11-152-5/+20
| | | | | | | | | | | * scd/ccid-driver.h (GEMPC_EZIO): New. * scd/ccid-driver.c (ccid_transceive_secure): Support GEMPC_EZIO. -- This is backport from master. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:nks: Extend keypairinfo with usage flags.Werner Koch2019-08-211-0/+11
| | | | | | * scd/app-nks.c (do_learn_status_core): Return usage. Signed-off-by: Werner Koch <[email protected]>
* scd:openpgp: Extend keypairinfo with usage flags.Werner Koch2019-08-211-0/+10
| | | | | | | * scd/app-openpgp.c (send_keypair_info): Return usage. -- Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 18:06:51 +0000