aboutsummaryrefslogtreecommitdiffstats
path: root/scd (follow)
Commit message (Collapse)AuthorAgeFilesLines
* scd: Handle canonical serialno and app specific serialno differently.NIIBE Yutaka2020-10-273-8/+9
| | | | | | | | | | | | | | | * scd/app-common.h (card_get_serialno): Add IS_CANONICAL arg. * scd/app.c (app_send_devinfo): Use app specific serialno. (card_get_serialno): Support two different cases. (app_get_serialno): Return app specific serialno. (send_serialno_and_app_status): Return canonical serialno. * scd/command.c (cmd_serialno): Return app specific serialno. (cmd_learn): Return canonical serialno. -- GnuPG-bug-id: 5100 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Flush the cache when writing cert data object.NIIBE Yutaka2020-10-261-0/+1
| | | | | | | | | | * scd/app-piv.c (do_writecert): Flush the cache of the data object. -- Suggested-by: Ingo Klöcker GnuPG-bug-id: 5102 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID driver thing only for SPR532.NIIBE Yutaka2020-10-261-6/+14
| | | | | | | | | | | | | * scd/ccid-driver.c (ccid_vendor_specific_setup): New. Limit only for SPR532, excluding other readers by SCM. (ccid_slot_status): Use ccid_vendor_specific_setup. -- We follow the setup procedure of libccid implementation, which sends the escape command for SPR532 only. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID driver limiting only for SPR532.NIIBE Yutaka2020-10-241-1/+1
| | | | | | | * scd/ccid-driver.c (ccid_vendor_specific_init): Only do that for SPR532. Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Allow building with released libgpg-error.Werner Koch2020-10-231-0/+1
| | | | | | | | * common/sysutils.c (gnupg_access) [W32]: Fix for older libgpgrt. -- Fixes-commit: c94ee1386e0d5cdac51086c4d5b92de59c09c9b5 Signed-off-by: Werner Koch <[email protected]>
* scd: Handle Yubikey's multiple apps and serialno.NIIBE Yutaka2020-10-233-7/+72
| | | | | | | | | | | | | | * scd/app-common.h (yubikey_get_serialno): New. * scd/app-openpgp.c (yubikey_get_serialno): New. * scd/app.c (card_get_serialno): Use OpenPGP app's serialno, when it's enabled for Yubikey. (send_serialno_and_app_status): Use card_get_serialno, not directly accessing ->serialno. -- GnuPG-bug-id: 5100 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Use app_get_serialno for app_getattr.NIIBE Yutaka2020-10-231-1/+1
| | | | | | | | | * scd/app.c (app_getattr): Use app_get_serialno. -- GnuPG-bug-id: 5100 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Don't overwrite serialno for Yubikey.NIIBE Yutaka2020-10-231-3/+10
| | | | | | | | | * scd/app-openpgp.c (app_select_openpgp): Keep ->serialno. -- GnuPG-bug-id: 5100 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,openpgp: Use app_get_serialno function to get SERIALNO.NIIBE Yutaka2020-10-231-16/+17
| | | | | | | | | | * scd/app-openpgp.c (check_keyidstr): Don't directly access app->serialno, but use app_get_serialno. (do_with_keygrip): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* Replace most of the remaining stdio calls by estream calls.Werner Koch2020-10-201-4/+4
| | | | | | | | | | | | -- We need to use es_fopen on Windows to cope with non-ascii file names. This is quite a large but fortunately straightforward change. At a very few places we keep using stdio (for example due to the use of popen). GnuPG-bug-id: 5098 Signed-off-by: Werner Koch <[email protected]>
* scd: Internal CCID driver: More fix for SPR532.NIIBE Yutaka2020-09-301-4/+4
| | | | | | | | | * scd/ccid-driver.c (bulk_in): Handle the case of missing intr_cb. -- GnuPG-bug-id: 5065 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Report any error for LEARN command.NIIBE Yutaka2020-09-301-30/+67
| | | | | | * scd/app-openpgp.c (do_learn_status): Report any error. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID driver fix.NIIBE Yutaka2020-09-291-2/+5
| | | | | | | * scd/ccid-driver.c (intr_cb): More useful debug output. (ccid_slot_status): Remove redundant condition. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID driver: Call libusb_clear_halt at ccid_setup_intr.NIIBE Yutaka2020-09-291-3/+1
| | | | | | | * scd/ccid-driver.c (ccid_setup_intr): Reset the endpoint. (ccid_vendor_specific_init): Don't call libusb_clear_halt. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID driver: Fix a failure path.NIIBE Yutaka2020-09-281-0/+1
| | | | | | | * scd/ccid-driver.c (ccid_open_usb_reader): On error, call libusb_release_interface. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID: Handle LIBUSB_ERROR_TIMEOUT at ccid_get_atr.NIIBE Yutaka2020-09-281-1/+2
| | | | | | | | | | | * scd/ccid-driver.c (ccid_slot_status): Handle LIBUSB_ERROR_TIMEOUT. -- With SPR532, at the first connection, it fails by LIBUSB_ERROR_TIMEOUT, but no retry. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID: Clear the handle after use.NIIBE Yutaka2020-09-281-1/+5
| | | | | | | * scd/apdu.c (close_ccid_reader): Clear the handle. (open_ccid_reader): Likewise. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Change handling of SPR532 card reader.NIIBE Yutaka2020-09-281-4/+17
| | | | | | | | | | * scd/ccid-driver.c (ccid_vendor_specific_init): Put some workaround for SPR532 initialization. (ccid_slot_status): Send ESCape command after GetSlotStatus. GnuPG-bug-id: 5065 Fixes-commit: 4fae55f8ee11b3f710524e5e8b8a91b159949f2d Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: For PC/SC, send the ESC command at init for SPR532 reader.NIIBE Yutaka2020-09-251-25/+32
| | | | | | | | | | | | | | | | | | | | | * scd/apdu.c (struct reader_table_s): Remove is_spr532. (pcsc_vendor_specific_init): Send the ESC command for SPR532. (pcsc_pinpad_verify, pcsc_pinpad_modify): Remove no_lc hack. -- The "no_lc" hack lets PC/SC-lite send the ESC command for SPR532 internally, for pcsc_pinpad_verify. However, PC/SC-lite doesn't do that for pcsc_pinpad_modify, unfortunately. Besides, I'm not sure this hack works on Windows, which has different implementation of PC/SC service. It's better to send the ESC command by the driver explicitly, at the initialization. Sending the ESC command results PCSC_E_NOT_TRANSACTED error when a card is not active (that is the case, usually). We ignore this error. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: For SPR532, submit the ESCape command at initialization.NIIBE Yutaka2020-09-251-14/+13
| | | | | | | | | | * scd/ccid-driver.c (ccid_vendor_specific_init): Submit the ESC command for VENDOR_SCM. (ccid_transceive_secure): Don't submit the ESC command every time. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix CCID internal driver for interrupt transfer.NIIBE Yutaka2020-09-241-3/+36
| | | | | | | | | | | | | | * scd/ccid-driver.c (intr_cb): Handle the case of multiple messages. -- SPR532 USB Smart Card Reader (also know as SPR332) may send two messages at once for a single interrupt transfer. An example transfer observed was like: 50 03 50 02, which is considered valid, according to the CCID specification. GnuPG-bug-id: 5065 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Extend KEYPAIRINFO with an algorithm string.Werner Koch2020-09-216-22/+98
| | | | | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (send_keypair_info): Emit the algo string as part of a KEYPAIRINFO. * scd/command.c (do_readkey): Ditto. * scd/app-piv.c (do_readkey): Ditto. * scd/app-nks.c (do_learn_status_core): Ditto. (struct fid_cache_s): Add field algostr. (flush_fid_cache): Release it. (keygripstr_from_pk_file): Fill it and add it to the cache. Use a single exit label. * scd/app-help.c (app_help_get_keygrip_string_pk): Add new arg r_algostr. Change all callers. -- This is helpful so that callers do not need to parse the key for this basic information. Use "scd readkey --info-only" to return the info status line instead of the key material; using just --info returns the info in addition to the key material. Signed-off-by: Werner Koch <[email protected]>
* scd: Clear PIN cache when changing key attributes.NIIBE Yutaka2020-09-161-1/+4
| | | | | | * scd/app-openpgp.c (change_keyattr): Clear all PINs. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Clear caching PIN at KDF setup.NIIBE Yutaka2020-09-161-0/+4
| | | | | | * scd/app-openpgp.c (do_setattr): Clear PINs. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add better support for KDF feature.NIIBE Yutaka2020-09-161-0/+7
| | | | | | * scd/app-openpgp.c (do_setattr): Handle kdf-seup "off" for Gnuk. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg,scd: Fix handling of KDF feature.NIIBE Yutaka2020-09-161-11/+23
| | | | | | | | * g10/card-util.c (kdf_setup): Fix the default value. * scd/app-openpgp.c (do_setattr): Support kdf-setup "off" by Zeitcontrol. Make sure Gnuk and Yubikey work well. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix the use case of verify_chv2 by CHECKPIN.NIIBE Yutaka2020-09-151-21/+25
| | | | | | | | | | | | | | * scd/app-openpgp.c (verify_chv2): Call verify_a_chv with chvno=1 when needed. -- Confusingly, verify_chv2 has two different purposes; One for verifying with CHV2 (in addition to CHV1), and the call by CHECKPIN. For the latter, we should check CHV1. Fixes-commit: af189be481df02a77e088aa0a60a1fc02dfa12bf Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:piv: Avoid conflict when writing a cert.Werner Koch2020-09-111-1/+63
| | | | | | | | | * scd/app-piv.c (map_curve_name_to_oid): New. (my_cmp_public_key): New. (do_writecert): Replace simple memcmp by cmp_canon_sexp. -- GnuPG-bug-id: 5061
* scd: Flush KDF DO (0x00F9) when it's being set.NIIBE Yutaka2020-09-101-3/+3
| | | | | | | | | | | * scd/app-openpgp.c (do_setattr): Call flush_cache_item always. -- Only it was called when there was an object with KDF_DATA_LENGTH_MAX. No matter the VALUELEN, it should be flushed. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add a workaround for Yubikey.NIIBE Yutaka2020-09-081-0/+3
| | | | | | | | | | | * scd/app-openpgp.c (get_public_key): Handle wrong code for Yubikey. -- Yubikey version 5 s/n 609074582 returns 0x6982, version 5.2.4 s/n 610616049 returns 0x6581, where 0x6a88 is expected. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix handling 0x00FA to support OpenPGP card 3.4.NIIBE Yutaka2020-09-071-1/+1
| | | | | | | * scd/app-openpgp.c (data_objects): It may be longer. Fixes-commit: 90d0072165cc5c6888f14462392a211de0c4b232 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Increase the number of supported readers from 4 to 16.Werner Koch2020-09-042-2/+3
| | | | | | | | | | -- The limit on 4 readers I introduced in 2003 is too low for some of our use cases. 16 looks better. TODO: Return a useful error message in gpg-card if the limit has been reached. Signed-off-by: Werner Koch <[email protected]>
* scd: Support GET DATA response with no header for DO 0x00FA.NIIBE Yutaka2020-09-041-25/+28
| | | | | | * scd/app-openpgp.c (do_getattr): Support Gnuk, as well. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Parse "Algorithm Information" data object in scdaemon.NIIBE Yutaka2020-09-041-2/+106
| | | | | | | | * scd/app-openpgp.c (data_objects): 0x00FA for binary data. (do_getattr): Parse the data and send it in status lines. (get_algorithm_attribute_string): New. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add handling of "Algorithm Information" DO.NIIBE Yutaka2020-09-031-0/+2
| | | | | | | | | | | | * cd/app-openpgp.c (data_objects): Add 0x00FA. (do_getattr): Add KEY-ATTR-INFO. -- See the section 4.4.3.11 Algorithm Information in the OpenPGP card functional specification version 3.4.1. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: New option to APDU command to return the ATR as data.Werner Koch2020-08-271-2/+16
| | | | | | | | | | * scd/command.c (cmd_apdu): Add new option --data-atr. * tools/gpg-card.c (cmd_apdu): Use that here. Also fix the --exlen option and do not print the statusword in atr mode. * tools/card-call-scd.c (scd_apdu): Detect atr mode anddon't assume a status word. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix reading of the ATR for card type detection.Werner Koch2020-08-271-1/+1
| | | | | | | | | | | * scd/app.c (app_new_register): Do not use apdu_get_slot. -- apdu_get_slot() may only be used after the APP has been initialized. Thus we need to pass teh slot here directly. Fixes-commit: 9f148360a2bf04672b43ef7cec48e21d44b06ae1 Signed-off-by: Werner Koch <[email protected]>
* scd: Add heuristics to identify cardtype.NIIBE Yutaka2020-08-272-3/+23
| | | | | | | | | | | * scd/app-common.h (cardtype_t): Add CARDTYPE_GNUK and CARDTYPE_ZEITCONTROL. * scd/app.c (strcardtype): Handle CARDTYPE_GNUK and CARDTYPE_ZEITCONTROL. (app_new_register): Detect Gnuk and Zeit Control implementation by examining its ATR string. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add condition for VERIFY with 0x82.NIIBE Yutaka2020-08-271-4/+9
| | | | | | | | | | | | | * scd/app-openpgp.c (verify_chv2): Check availability of keys in question. -- With buggy Gnuk (<= 1.2.15), when no encr/auth keys are available, it fails decrementing the signature error counter. This change can avoid the issue. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix possible uninitialized variables.NIIBE Yutaka2020-08-192-8/+8
| | | | | | | | * scd/app-openpgp.c (do_change_pin): Initialize resultlen2. (do_change_pin): Don't call wipe_and_free on the error path. Initialize bufferlen2. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Log info about CCIDs with permission problems.Werner Koch2020-08-121-3/+13
| | | | | | | * scd/apdu.c (open_ccid_reader): Add arg r_cciderr. (apdu_open_reader): Print a note on EPERM of the USB device. Signed-off-by: Werner Koch <[email protected]>
* scd: Map some error codes from libusb to ccid-driver error codes.Werner Koch2020-08-125-12/+57
| | | | | | | | | | | | | | | * scd/ccid-driver.h (CCID_DRIVER_ERR_USB_*): New error codes. * scd/apdu.h: New SW_HOST error codes. * scd/apdu.c (host_sw_string): Print them * scd/ccid-driver.c (map_libusb_error): New. (ccid_open_usb_reader, bulk_in, abort_cmd): Map libusb error codes. * scd/iso7816.c (map_sw): Map new codes to gpg-error. -- This change will help to get low level error conditions from hipher application code. Signed-off-by: Werner Koch <[email protected]>
* scd:piv: Allow signing using PSS.Werner Koch2020-08-101-1/+10
| | | | | | | | | * scd/app-piv.c (do_sign): Allow for PSS. -- This has been tested with Scute and Openvpn. Signed-off-by: Werner Koch <[email protected]>
* agent: Add option --pss to pksign to be used by smartcards.Werner Koch2020-08-101-1/+3
| | | | | | | | | | | | | | | * agent/command.c (cmd_sethash): Add option --pss and allow for --hash=null. * agent/agent.h (struct server_control_s): Add digest.is_pss and zero where needed. * agent/pksign.c (agent_pksign_do): Allow for PSS with cards. * scd/command.c (cmd_pksign): Add for --hash=none. -- This is not a full implementaion of PSS but allows scdaemon card drivers to detect already PSS formatted data. Signed-off-by: Werner Koch <[email protected]>
* scd: Silence compiler warning.NIIBE Yutaka2020-07-311-3/+3
| | | | | | * scd/app-openpgp.c (build_ecc_privkey_template): Fix allocation size. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix closing reader and reeleasing context in PC/SC.NIIBE Yutaka2020-07-171-0/+7
| | | | | | | | | | * scd/apdu.c (close_pcsc_reader): Unlock the reader_table_lock. (apdu_dev_list_finish): Release the context when no readers. -- Fixes-commit: 46d185f60397f68830bfdfb99627b29aea5016f1 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: PC/SC: Don't release the context when it's in use.NIIBE Yutaka2020-07-171-1/+1
| | | | | | | | | | * scd/apdu.c (close_pcsc_reader): Check if it's not in the loop. -- GnuPG-bug-id: 4998 Reported-by: Kevin Locke Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:nks: Implement writecert for the Signature card v2.Werner Koch2020-07-023-8/+133
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/iso7816.c (CMD_UPDATE_BINARY): New. (iso7816_update_binary): New. * scd/app-nks.c (do_deinit): Factor some code out to... (flush_fid_cache): new. (do_writecert): New. (app_select_nks): Register new handler. -- This can be used with gpg-card to write the 3 extra certificates of a Telesec TCOS Signature Card v2. The card with the qualified signature is distributed with the keys for encryption and advanced signatures but without the certificates. The certificates can be downloaded from the website after an mail confirmation. Unpacked the downloaded zipfile has these certificates: auth_zert.crt sig_zert.crt enc_zert.crt Using gpg-card issue these commands: writecert NKS-NKS3.4531 <sig_zert.crt writecert NKS-NKS3.45B1 <enc_zert.crt writecert NKS-NKS3.4571 <auth_zert.crt Don't mix that up, tight now there is no checking that the certificates match the public key. I also need to write another patch to actually implement signing and encryption with these nistp256 certificates. Signed-off-by: Werner Koch <[email protected]>
* scd:nks: Fix certificate read problem with TCOS signature card v2.Werner Koch2020-06-301-0/+2
| | | | | | | * scd/app-nks.c (filelist): Add a dedicated key entry for ESIGN. (do_readcert): Test for the app_id. Signed-off-by: Werner Koch <[email protected]>
* scd: Change how the removed card flag is set.Werner Koch2020-06-301-13/+14
| | | | | | | | | | | | * scd/command.c (cmd_serialno): Set/clear card removed flags for all connections using the current card. -- This seems to solve the problems I had in gpg-card and ssh. I am not sure why the old code was done this way - maybe an oversight when adding support for multiple cards. Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-12 09:25:57 +0000