aboutsummaryrefslogtreecommitdiffstats
path: root/scd (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* scd:p15: Make it code work again for D-Trust cards.Werner Koch2021-02-234-29/+67
| | | | | | | | | | | | | | | | | | | * scd/app-p15.c (select_and_read_binary): Allow to skip the select. (select_and_read_record): Return the statusword. Silence error message for SW_FILE_STRUCT. (select_ef_by_path): Fix selection with a home_DF. (read_first_record): Fallback to read_binary for CardOS and return info about this. (read_ef_prkdf): Use info from read_first_record to decide whether to use record or binary mode. (read_ef_pukdf): Ditto. (read_ef_aodf): Ditto. (read_ef_cdf): Ditto. New arg cdftype for diagnostics. (read_p15_info): Pass cdftype. * scd/apdu.h (SW_FILE_STRUCT): New. * scd/apdu.c (apdu_strerror): Map that one to a string. * scd/iso7816.c (map_sw): and to a gpg-error.
* scd: Fix readkey --info in case a readkey command is available.Werner Koch2021-02-222-41/+35
| | | | | | | | * scd/command.c (do_readkey): Make --info also work if a readkey command is available. * scd/app-p15.c (cdf_object_from_certid): Fix a but introduced with the previous commit.
* scd:p15: Extract extended usage flagsand act upon them.Werner Koch2021-02-222-82/+239
| | | | | | | | | | | | | | | | | | | * scd/app-p15.c: Add a couple of oid constants. (struct cdf_object_s): Replace fields image and imagelen by cert. (struct prkdf_object_s): Add extusage flags (send_keypairinfo): Use them. (cdf_object_from_certid): Factor parts out to ... (cdf_object_from_objid): new function. (read_ef_prkdf): Move info printing to ... (read_p15_info): here. Fill the extusage flags. (readcert_by_cdf): Cache the ksba cert object instead of the binary cert. * scd/app.c (select_additional_application): Fix a log_debug call. (scd_update_reader_status_file): Ditto. -- This allows us to return only KEYPAIRINFO lines for keys we can actually use.
* scd: Minor tweak for easier backportingWerner Koch2021-02-193-23/+30
| | | | | | | | * scd/app-common.h (APP_CARD): New. Use it in app-*.c to access app->card. -- This should help to make backporting to 2.2 easier.
* scd:piv: Fix a typo in a string.Werner Koch2021-02-181-2/+2
| | | | --
* scd:p15: Read PuKDF and minor refactoring.Werner Koch2021-02-021-85/+447
| | | | | | | | | | | | | * scd/app-p15.c (pukdf_object_t): New. (struct app_local_s): Add field public_key_info. (release_pukdflist): New. (select_and_read_record): No diagnostic in case of not_found. (read_first_record): New. Factored out from the read_ef_ fucntions. (read_ef_pukdf): New. Basically a copy of read_ef_prkdf for now. (read_p15_info): Also read the public keys. (cardtype2str): New. (read_ef_tokeninfo): Print a string with the cardtype.
* scd:p15: Make file selection more robust.Werner Koch2021-01-271-37/+60
| | | | | | | | | | | | | | | | | | | * scd/app-p15.c: Include host2net.h. (DEFAULT_HOME_DF): New. (select_and_read_binary): Replace slot by app. Change callers. Use select_ef_by_path. (select_and_read_record): ditto. (select_ef_by_path): Make use use the home_df. (parse_certid): Adjust for always set home_df. (print_tokeninfo_tokenflags): Ditto. (app_select_p15): Take the home_df from the FCI returned by select. -- This uses modern APDUs and always selectd starting at the PCKS-15 home DF. We could have made this much simpler but the goal is to keep support for older cards although we can't test that easily. Signed-off-by: Werner Koch <[email protected]>
* scd: Define new status wordWerner Koch2021-01-274-9/+17
| | | | | | | | * scd/apdu.h (SW_NO_CURRENT_EF): New. -- This merely to show better diagnostics. Used for example by CardOS 5.3.
* scd:p15: Factor the commonKeyAttributes parser out.Werner Koch2021-01-271-134/+206
| | | | | | | * scd/app-p15.c (read_ef_prkdf): Fix detection of unsupported key objects. Factor some code out to ... (parse_common_key_attr): new. --
* scd:p15: Factor the commonObjectAttributes parser out.Werner Koch2021-01-261-139/+112
| | | | | | * scd/app-p15.c (parse_common_obj_attr): New. (read_ef_prkdf): Use new function. (read_ef_aodf): Ditto.
* scd:p15: First step towards real CardOS 5 support.Werner Koch2021-01-264-76/+218
| | | | | | | | | | | | | | | | | | | | * scd/iso7816.c (iso7816_select_path): Add arg from_cdf. * scd/app-nks.c (do_readkey): Adjust for this change. * scd/app-p15.c (CARD_TYPE_CARDOS_53): New. (IS_CARDOS_5): New. (card_atr_list): Add standard ATR for CardOS 5.3. (select_and_read_binary): Remove the fallback to record read hack. (select_and_read_record): New. (select_ef_by_path): Rework and support CardOS feature. (read_ef_prkdf): Use read record for CardOS. (read_ef_cdf): Ditto. (read_ef_aodf): Ditto. Also fix bug in the detection of other unsupported attribute types. (verify_pin): Use IS_CARDOS_5 macro. (app_select_p15): Force direct method for CardOS. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Show the ATR as part of the TokenInfo diagnostics.Werner Koch2021-01-211-0/+12
| | | | | | | | | * scd/app-p15.c (read_ef_tokeninfo): Print the ATR in verbose mode. -- It is convenient to see the ATR close to the other info, Signed-off-by: Werner Koch <[email protected]>
* scd:nks: Add support for signing plain SHA-3 digests.Ingo Klöcker2021-01-061-17/+67
| | | | | | | | | | | * scd/app-nks.c (do_sign): Handle plain SHA-3 digests and verify encoding of ASN.1 encoded hashes. -- This makes it possible to create CSRs for NetKey card keys which are signed with SHA256 by default. GnuPG-bug-id: 5184
* scd:nks: Support READKEY with keygrip and for "NKS-IDLM" keyref.NIIBE Yutaka2020-12-111-0/+22
| | | | | | | | | | * scd/app-nks.c (do_readkey): Allow KEYGRIP access. Support NKS-IDLM.XXXX keyref. -- GnuPG-bug-id: 5150 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:nks: Factor out pubkey retrieval from keygrip handling.NIIBE Yutaka2020-12-111-84/+72
| | | | | | | * scd/app-nks.c (pubkey_from_pk_file): New. (keygripstr_from_pk_file): Use pubkey_from_pk_file. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:nks: Add support of KEYGRIP for do_readcert.NIIBE Yutaka2020-12-101-0/+18
| | | | | | | | | * scd/app-nks.c (do_readcert): Support KEYGRIP. -- GnuPG-bug-id: 5150 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:nks: Factor out iteration over filelist.NIIBE Yutaka2020-12-101-78/+114
| | | | | | | * scd/app-nks.c (iterate_over_filelist): New. (do_with_keygrip): Use iterate_over_filelist. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:ccid:spr532: Extend abort_cmd for initialization time.NIIBE Yutaka2020-12-091-11/+18
| | | | | | | | | * scd/ccid-driver.c (abort_cmd): Add INIT argument to support synchronize until success, even ignoring timeout. (bulk_in): Normal use case of abort_cmd. (ccid_vendor_specific_init): Initial use case of abort_cmd. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:ccid: Call libusb_clear_halt in ccid_vendor_specific_setup.NIIBE Yutaka2020-12-091-0/+1
| | | | | | | | | | * scd/ccid-driver.c (ccid_vendor_specific_setup): Only for SPR532, call libusb_clear_halt. -- GnuPG-bug-id: 5167 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:ccid: Revert the addition of libusb_clear_halt for EP_INTR.NIIBE Yutaka2020-12-091-1/+0
| | | | | | | | | * scd/ccid-driver.c (ccid_setup_intr): Don't call libusb_clear_halt. -- GnuPG-bug-id: 5167 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:yubikey: Fix support of Yubikey NEO.NIIBE Yutaka2020-12-081-0/+3
| | | | | | * scd/app-openpgp.c (get_public_key): Yubikey NEO also has this issue. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:nks: Fix caching keygrip (more).NIIBE Yutaka2020-12-031-5/+7
| | | | | | | | | | * scd/app-nks.c (keygripstr_from_pk_file): Distinguish by APP_ID. -- GnuPG-bug-id: 5150, 5161 Fixes-commit: 920154370834ad8d947aed19c9d914a27dde6baa Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix KEYINFO command with --data option.NIIBE Yutaka2020-12-031-4/+3
| | | | | | * scd/command.c (cmd_keyinfo): Handle --data option correctly. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:openpgp: Fix writing ECC key to card.NIIBE Yutaka2020-12-031-6/+27
| | | | | | | | | | * scd/app-openpgp.c (build_privkey_template): Adding another argument of ecc_d_fixed_len to handle variable-size MPI. -- GnuPG-bug-id: 5163 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:nks: Minor additions to the basic IDLM application support.Werner Koch2020-11-301-15/+25
| | | | | | | | | | | | | * scd/app-nks.c (filelist): Use special value -1 for IDLM pubkeys. (keygripstr_from_pk_file): Handle special value. (do_readcert): Ditto. (do_writecert): Ditto. -- This allows to get information about the keys from the card. However the do_readkey still requires a fallback to readcert. This does not work because there are no certificates yet on the card. The fix is to fully implement do_readkey.
* scd: New getinfo sub-command apdu_strerror.Werner Koch2020-11-272-15/+28
| | | | | | | | | * scd/apdu.c (apdu_strerror): Add missing status codes. * scd/command.c (cmd_getinfo): New sub-command apdu_strerror. -- This is quite handy for gpg-card's APDU command and avoids that we need to duplicate the mapping table or put it into a shared file.
* scd:ccid-driver: Fix pinpad error handling for cancel/timeout.NIIBE Yutaka2020-11-274-2/+17
| | | | | | | | | | | | | | * scd/apdu.h (SW_HOST_UI_CANCELLED, SW_HOST_UI_TIMEOUT): New. * scd/ccid-driver.h (CCID_DRIVER_ERR_UI_CANCELLED): New. (CCID_DRIVER_ERR_UI_TIMEOUT): New. * scd/ccid-driver.c (bulk_in): Handle PIN input cancel/timeout error. * scd/iso7816.c (map_sw): Support SW_HOST_UI_CANCELLED and SW_HOST_UI_TIMEOUT. -- GnuPG-bug-id: 4614 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix YK s/n and prettify the request card prompt for YubikeysWerner Koch2020-11-262-34/+20
| | | | | | | | | | * agent/divert-scd.c (ask_for_card): Detect and re-format the Yubikey prompt. * scd/app.c (app_munge_serialno): Fix Yubikey s/n munging. (card_get_dispserialno): Ditto. * scd/app-openpgp.c (get_disp_serialno): Remove. (get_prompt_info): Use app_get_dispserialno.-- --
* scd: Do not try to use a non-enabled app after card switching.Werner Koch2020-11-261-2/+19
| | | | | | | | | | | | | * scd/app.c (app_dump_state): Also print the refcount. (maybe_switch_app): Make sure the app exists on the card. -- When switching the current card and the card does not support the same apps as the former, we now reset the app to the first one. Testcase is to use a standard OpenPGP card and a P15 card. Signed-off-by: Werner Koch <[email protected]>
* scd: Add special serialno compare for OpenPGP cards.Werner Koch2020-11-262-10/+44
| | | | | | | | | | | | | | | | | * scd/app.c (is_same_serialno): New. (check_application_conflict): Use this. (select_application): Ditto. (app_switch_current_card): Ditto. * scd/app-openpgp.c (check_keyidstr): Ignore the card version and also compare case insensitive. -- This is required because we change what we emit as serialno of OpenPGP cards but existing keys still use the old form of the serial number (i.e. with a firmware version). See-commit: 3a8250c02031080c6c8eebd5dea03f5f87f9ddd7 Signed-off-by: Werner Koch <[email protected]>
* scd,nks: Fix caching keygrip.NIIBE Yutaka2020-11-261-3/+4
| | | | | | | | | | * scd/app-nks.c (keygripstr_from_pk_file): Identify by cfid if available. -- GnuPG-bug-id: 5150 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:p15: Print the internal card type.Werner Koch2020-11-251-0/+8
| | | | * scd/app-p15.c (read_ef_tokeninfo): Print the internal card type.
* scd:p15: Improve support for some CardOS based cards.Werner Koch2020-11-253-14/+68
| | | | | | | | | * scd/iso7816.c (iso7816_read_binary_ext): Add optional arg r_sw and change callers. (iso7816_read_record): Factor all code out to ... (iso7816_read_record_ext): new. * scd/app-p15.c (select_and_read_binary): Fallback to record reading. (read_ef_aodf): Clear EOF error.
* scd: Rework the handling of the displayed serial number.Werner Koch2020-11-255-119/+178
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/app.c (app_new_register): Call app_munge_serialno for Yubikeys. (app_munge_serialno): Handle Yubikey serial numbers. (card_get_serialno): Remove special Yubikey treatment. Drop arg is_canonical. (app_get_serialno): Clear ERRNO on error. (card_get_dispserialno): New. Also change formatting of Yubikey and OpenPGP numbers to match those printed on the card. (app_get_dispserialno): New. * scd/app-openpgp.c (do_getattr): Use app_get_dispserialno. (yubikey_get_serialno): Remove. * scd/app-piv.c (get_dispserialno): Remove. (do_getattr): Use app_get_dispserialno. -- This patch gets us back to a unique serial number for cards and provides a stable serial number as printed for Yubikeys. Because we use a slightly different serial number now for Yubikeys and cards only supporting OpenPGP card we need to come up with another change so that the version number of OpenPGP serial numbers are ignored when comparing card serial numbers. This is so that existing stub keys of gpg-agent will continue to work. GnuPG-bug-id: 5100 Signed-off-by: Werner Koch <[email protected]>
* scd: Fix an error return for READKEY.NIIBE Yutaka2020-11-251-0/+3
| | | | | | | | | | * scd/command.c (cmd_readkey): Return when error. -- GnuPG-bug-id: 5150 Suggested-by: Ingo Klöcker Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,nks: Fix SEGV for learn for older card.NIIBE Yutaka2020-11-251-0/+1
| | | | | | | | | | * scd/app-nks.c (keygripstr_from_pk_file): Set algostr. -- GnuPG-bug-id: 5144 Fixes-commit: 26da47ae53d51e16ae6867cd419ddbf124a94933 Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: Fix typosGavin L. Rebeiro2020-11-231-1/+1
| | | | | | | -- GnuPG-bug-id: 5071 Also fixed one in keyformat.txt [wk].
* Fix the previous comment changes help doc string.NIIBE Yutaka2020-11-201-1/+1
| | | | | | * scd/command.c (hlp_learn): Fix the doc string. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Do not print reader status change with --debug cardio.Werner Koch2020-11-111-1/+1
| | | | | | | | | -- ... but use --debug reader for this. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit bd3b698d8ec427a02f2fa793777f2a88bc356f25)
* card: Run factory-reset in locked stated.Werner Koch2020-11-091-10/+10
| | | | | | | | | | | | | | | | * scd/command.c (reset_notify): Add option --keep-lock. (do_reset): Add arg keep_lock. (cmd_lock): Send progress status. * g10/call-agent.c (agent_scd_apdu): Add more pseudo APDUs. * g10/card-util.c (send_apdu): Ditto. (factory_reset): Use lock commands. -- This is required so that for example Kleopatra does not detect the RESET and issues a SERIALNO of its own, thus conflicting with our SERIALNO undefined. Signed-off-by: Werner Koch <[email protected]>
* scd: Use lock_slot for apdu_send_direct.NIIBE Yutaka2020-11-051-1/+1
| | | | | | | | | | | | | * scd/apdu.c (apdu_send_direct): Use lock_slot. -- With trylock_slot, it may return SW_HOST_BUSY. This may occur when apdu_get_status is called by scd_update_reader_status_file. Simply using lock_slot is much easier for user of apdu_send_direct. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID driver: Fix a race condition on close.NIIBE Yutaka2020-11-051-12/+25
| | | | | | | | | | | | | | | | | | | | | * scd/ccid-driver.c (ccid_require_get_status): For VENDOR_SCM reader, return 0 only at the initial call. (bulk_in): Don't detect an error for VENDOR_SCM reader, just kicking the loop, to invoke scd_update_reader_status_file, which calls ccid_slot_status again. (ccid_slot_status): Move the call of ccid_vendor_specific_setup to... (ccid_get_atr): ... here. -- For readers with interrupt transfer support, it is only intr_cb which sets handle->powered_off to 1. Keeping this condition makes no race. The function ccid_slot_status can also detect a communication error, which causes apdu_close_reader (but not setting ->powered_off). GnuPG-bug-id: 5121 Fixes-commit: 920f258eb6018ecec1d63bad6a0fb0772f72affa Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Handle canonical serialno and app specific serialno differently.NIIBE Yutaka2020-10-273-8/+9
| | | | | | | | | | | | | | | * scd/app-common.h (card_get_serialno): Add IS_CANONICAL arg. * scd/app.c (app_send_devinfo): Use app specific serialno. (card_get_serialno): Support two different cases. (app_get_serialno): Return app specific serialno. (send_serialno_and_app_status): Return canonical serialno. * scd/command.c (cmd_serialno): Return app specific serialno. (cmd_learn): Return canonical serialno. -- GnuPG-bug-id: 5100 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Flush the cache when writing cert data object.NIIBE Yutaka2020-10-261-0/+1
| | | | | | | | | | * scd/app-piv.c (do_writecert): Flush the cache of the data object. -- Suggested-by: Ingo Klöcker GnuPG-bug-id: 5102 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID driver thing only for SPR532.NIIBE Yutaka2020-10-261-6/+14
| | | | | | | | | | | | | * scd/ccid-driver.c (ccid_vendor_specific_setup): New. Limit only for SPR532, excluding other readers by SCM. (ccid_slot_status): Use ccid_vendor_specific_setup. -- We follow the setup procedure of libccid implementation, which sends the escape command for SPR532 only. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID driver limiting only for SPR532.NIIBE Yutaka2020-10-241-1/+1
| | | | | | | * scd/ccid-driver.c (ccid_vendor_specific_init): Only do that for SPR532. Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Allow building with released libgpg-error.Werner Koch2020-10-231-0/+1
| | | | | | | | * common/sysutils.c (gnupg_access) [W32]: Fix for older libgpgrt. -- Fixes-commit: c94ee1386e0d5cdac51086c4d5b92de59c09c9b5 Signed-off-by: Werner Koch <[email protected]>
* scd: Handle Yubikey's multiple apps and serialno.NIIBE Yutaka2020-10-233-7/+72
| | | | | | | | | | | | | | * scd/app-common.h (yubikey_get_serialno): New. * scd/app-openpgp.c (yubikey_get_serialno): New. * scd/app.c (card_get_serialno): Use OpenPGP app's serialno, when it's enabled for Yubikey. (send_serialno_and_app_status): Use card_get_serialno, not directly accessing ->serialno. -- GnuPG-bug-id: 5100 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Use app_get_serialno for app_getattr.NIIBE Yutaka2020-10-231-1/+1
| | | | | | | | | * scd/app.c (app_getattr): Use app_get_serialno. -- GnuPG-bug-id: 5100 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Don't overwrite serialno for Yubikey.NIIBE Yutaka2020-10-231-3/+10
| | | | | | | | | * scd/app-openpgp.c (app_select_openpgp): Keep ->serialno. -- GnuPG-bug-id: 5100 Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-19 17:58:34 +0000