aboutsummaryrefslogtreecommitdiffstats
path: root/scd (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* scd:openpgp: New vendorWerner Koch2022-07-281-0/+1
| | | | --
* scd:openpgp: Fix workaround for Yubikey heuristics.NIIBE Yutaka2022-07-131-8/+21
| | | | | | | | | | * scd/app-openpgp.c (parse_algorithm_attribute): Handle the case of firmware 5.4, too. -- GnuPG-bug-id: 6070 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Support specifying keygrip for learn command.NIIBE Yutaka2022-06-101-2/+8
| | | | | | | | | * scd/command.c (cmd_learn): Allow keygrip argument. -- GnuPG-bug-id: 6002 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,openpgp: Support READCERT by keygrip.NIIBE Yutaka2022-06-101-1/+22
| | | | | | | | | * scd/app-openpgp.c (do_readcert): Allow use of keygrip. -- GnuPG-bug-id: 6002 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:nks: Don't flag the ESIGN keypair EF as encryption capable.Werner Koch2022-06-011-1/+1
| | | | | | | | | * scd/app-nks.c (filelist): Tweak 0x4531. -- Actually the certificate has no encryption usage but we should also tell that via KEYINFO so that this key is never tried to create an encryption certificate.
* scd:nks: Some code cleanup.Werner Koch2022-06-011-107/+100
| | | | | | | | | | | | * scd/app-nks.c (find_fid_by_keyref): Factor keyref parsing out to ... (parse_keyref): new. (do_readcert): Use new function instead of partly duplicated code. Make detection of keygrip more robust. (do_readkey): Make detection of keygrip more robust. (do_with_keygrip): Use get_nks_tag. -- Also added a couple of comments.
* scd:nks: Support the Telesec ESIGN application.Werner Koch2022-05-291-26/+81
| | | | | | | | | | | | | | | | * scd/app-nks.c (find_fid_by_keyref): Disable the cache for now. (readcert_from_ef): Considere an all zero certificate as not found. (do_sign): Support ECC and the ESIGN application. -- This allows me to create qualified signatures using my Telesec card. There is of course more work to do but this is the first step. Note: The design of the FID cache needs to be reconsidered. Until that the lookup here has been disabled. The do_sign code should be revamped to be similar to what we do in app-p15. GnuPG-bug-id: 5219, 4938
* scd: Return USAGE information for KEYINFO command.NIIBE Yutaka2022-05-266-71/+103
| | | | | | | | | | | | | | | | | | | | | | | * scd/command.c (hlp_keyinfo): Update. (send_keyinfo): Add a USAGE argument. * scd/scdaemon.h (send_keyinfo): Add a USAGE argument. * scd/app-nks.c (set_usage_string): New. (do_learn_status_core, do_readkey): Use set_usage_string. (do_with_keygrip): Add USAGE to call send_keyinfo, using set_usage_string. * scd/app-openpgp.c (get_usage_string): New. (send_keypair_info): Use get_usage_string. (send_keyinfo_if_available): Add USAGE to call send_keyinfo, using get_usage_string. * scd/app-p15.c (set_usage_string): New. (send_keypairinfo): Use set_usage_string. (do_with_keygrip): Add USAGE to call send_keyinfo, using set_usage_string. * scd/app-piv.c (do_with_keygrip): Add USAGE to call send_keyinfo. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,piv: Fix status report of KEYPAIRINFO.NIIBE Yutaka2022-05-261-1/+1
| | | | | | | | * scd/app-piv.c (do_readkey): Use "-" for usage when not available. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent,scd: Make sure to set CONFIDENTIAL flag in Assuan.NIIBE Yutaka2022-05-251-0/+2
| | | | | | | | | | | | | * agent/call-scd.c (inq_needpin): Call assuan_begin_confidential and assuan_end_confidential, and wipe the memory after use. * agent/command.c (cmd_preset_passphrase): Likewise. (cmd_put_secret): Likewise. * scd/command.c (pin_cb): Likewise. -- GnuPG-bug-id: 5977 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Support automatic card selection for READCERT with keygrip.NIIBE Yutaka2022-05-241-1/+5
| | | | | | | | | * scd/command.c (cmd_readcert): Select by KEYGRIP. -- GnuPG-bug-id: 6003 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix use of SCardListReaders for PC/SC.NIIBE Yutaka2022-05-171-1/+1
| | | | | | | | | | * scd/apdu.c (apdu_dev_list_start): Initialize NREADER. -- Reported-by: Ludovic Rousseau GnuPG-bug-id: 5979 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fail when no good algorithm attribute.NIIBE Yutaka2022-05-111-19/+30
| | | | | | | | | | | | | | * scd/app-openpgp.c (parse_algorithm_attribute): Return the error. (change_keyattr): Follow the change. (app_select_openpgp): Handle the error of parse_algorithm_attribute. -- This change allows following invocation of app_select_openpgp, which may work well (if the problem is device side for initial connection). GnuPG-bug-id: 5963 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:openpgp: New card vendor.Werner Koch2022-05-101-0/+1
| | | | | | | | -- BTW, we should add a function to read out the entire table so that you can ask scdaemon for that list. iirc, Kleopatra still uses a copy of the table.
* scd:p15: Improve the displayed S/N for Technology Nexus cards.Werner Koch2022-05-061-3/+36
| | | | | | | | | * scd/app-p15.c (any_control_or_space_mem): New. (get_dispserialno): Add new code. -- This works with my test cards and now reflects what's printed on the front matter of the card.
* scd:p15: Fix the the sanity check of the displayed S/N.Werner Koch2022-05-061-2/+6
| | | | | | | | | * scd/app-p15.c (any_control_or_space): Fix loop. -- This check is only done to avoid printing wrongly encoded S/N for human consumption. e
* scd: Add workaround for ECC attribute on Yubikey.NIIBE Yutaka2022-05-061-1/+2
| | | | | | | | | | * scd/app-openpgp.c (parse_algorithm_attribute): Skip possibly bogus octet in a key attribute. -- GnuPG-bug-id: 5963 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:p15: Fix reading certificates without length info.Werner Koch2022-05-051-6/+23
| | | | | | * scd/app-p15.c (readcert_by_cdf): Do not use extended mode if the CDF object has no length info. Add debug output when reading a cert. (read_p15_info): No more need to disable extended mode for GeNUA cards.
* scd: New debug flags "card".Werner Koch2022-05-052-2/+5
| | | | | | | | | | * scd/scdaemon.c (debug_flags): Add "card". * scd/scdaemon.h (DBG_CARD_VALUE, DBG_CARD): New. -- Some information from parsing the card are often very helpful. However, the card_io triggered APDU dumps are in most cases too heavy. Thus this new debug flag.
* scd: Fix hard-coded constant for RSA auth.NIIBE Yutaka2022-04-251-3/+9
| | | | | | | | | | | | * scd/app-openpgp.c (do_auth): Allow larger data for RSA-4096. -- OpenPGPcard specification says that it will be rejected by the card when it's larger. We have been the check on host side too, but it was written when it only had a support for RSA-2048. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Don't inhibit SSH authentication for larger data if it can.NIIBE Yutaka2022-04-221-0/+5
| | | | | | | | | * scd/app-openpgp.c (do_auth): Use command chaining if available. -- GnuPG-bug-id: 5935 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Renamed a constant in ccid-driver.cWerner Koch2022-04-141-3/+3
| | | | | | | * scd/ccid-driver.c (MAX_DEVICE): Rename to CCID_MAX_DEVICE. -- Just for documentation reasons.
* scd: Minor code reorganizationWerner Koch2022-04-141-16/+22
| | | | | * scd/ccid-driver.c: Move struct defines to the top. --
* scd: Fix memory leak in ccid-driver.Werner Koch2022-04-141-9/+9
| | | | | | | | | | | * scd/ccid-driver.c (ccid_dev_scan): Use loop var and not the count. -- Due to an assignment out of bounds this might lead to a crash if there are more than 15 readers. In any case it fixes a memory leak. Kudos to the friendly auditor who found that bug. Fixes-commit: 8a41e73c31adb86d4a7dca4da695e5ad1347811f
* scd:p15: Improve the PIN prompt for Genua cards.Werner Koch2022-04-131-4/+26
| | | | | | | * scd/app-p15.c (CARD_PRODUCT_GENUA): New. (cardproduct2str): Add it. (read_p15_info): Detect and set GENUA (make_pin_prompt): Take holder string from the AODF.
* scd: Support for GeNUA cards.Werner Koch2022-04-111-1/+10
| | | | | * scd/app-p15.c (read_p15_info): Disable extended mode for Genua cards.
* scd,tpm2d: Fix for consistent use of socket FD.NIIBE Yutaka2022-03-313-5/+5
| | | | | | | | | | | | | | * scd/command.c (scd_command_handler): Use gnupg_fd_t for the argument but no INT2FD to listen. Use GNUPG_INVALID_FD. * tpm2d/command.c (tpm2d_command_handler): Likewise. * scd/scdaemon.c (start_connection_thread): Follow the change. * tpm2d/tpm2daemon.c (start_connection_thread): Likewise. * scd/scdaemon.h (scd_command_handler): Use gnupg_fd_t. * tpm2d/tpm2daemon.h (tpm2d_command_handler): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,w32: Fix socket resource leak.NIIBE Yutaka2022-03-291-23/+26
| | | | | | | | | | | | * scd/scdaemon.c (main): Use gnupg_fd_t for socket, and use assuan_sock_close for the socket allocated by assuan_sock_new. (handle_connections): Use gnupg_fd_t for listen_fd. Use assuan_sock_close for the socket by npth_accept. -- GnuPG-bug-id: 5029 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix DEVINFO with no --watch.NIIBE Yutaka2022-03-152-2/+2
| | | | | | | | | * scd/app.c (app_send_devinfo): Fix for outputing once. * scd/command.c (hlp_devinfo): Fix comment. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* Fix previous commit.NIIBE Yutaka2022-03-111-1/+4
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Enhance PASSWD command to accept KEYGRIP optionally.NIIBE Yutaka2022-03-101-3/+8
| | | | | | | | | * scd/command.c (cmd_passwd): Handle KEYGRIP optionally. -- GnuPG-bug-id: 5862 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Use same idiom for same work.NIIBE Yutaka2022-03-101-4/+4
| | | | | | | | | * scd/command.c (cmd_serialno, cmd_getattr): Use 'while' instead of 'for'. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix PK_AUTH with --challenge-response option.NIIBE Yutaka2022-03-042-3/+6
| | | | | | | | | | | * scd/app.c (app_auth): It's only APPTYPE_OPENPGP which supports the challenge response interaction. * scd/command.c (cmd_pkauth): It only wants if it works or not. -- GnuPG-bug-id: 5862 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add --challenge-response option to PK_AUTH for OpenPGP card.NIIBE Yutaka2022-03-033-26/+201
| | | | | | | | | | | | | | * scd/app-openpgp.c (rmd160_prefix, sha1_prefix, sha224_prefix) (sha256_prefix, sha384_prefix, sha512_prefix): Move the scope up. (gen_challenge): New. (do_auth): Support challenge-response check if it signs correctly. * scd/app.c (app_auth): Remove the check INDATA and INDATALEN. * scd/command.c (cmd_pkauth): Support --challenge-response option. -- GnuPG-bug-id: 5862 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Let READKEY support --format=ssh option.NIIBE Yutaka2022-03-021-16/+56
| | | | | | | | | | | | * scd/command.c (do_readkey): Support --format=ssh option. * common/ssh-utils.c (ssh_public_key_in_base64): New. * common/ssh-utils.h (ssh_public_key_in_base64): New declaration. -- Code duplication (agent/command-ssh.c) will be cleaned up later. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:p15: Used extended mode already for RSA 2048Werner Koch2022-02-211-2/+2
| | | | | * scd/app-p15.c (do_sign, do_decipher): Replace GT by GE. --
* scd,pcsc: Fix error handling for a reader with reader-port.NIIBE Yutaka2022-01-041-5/+1
| | | | | | | | | | | * scd/apdu.c (apdu_open_reader): Make sure dl->idx is always incremented to handle error from open_pcsc_reader correctly. -- Reported-by: Anže Jenšterle GnuPG-bug-id: 5758 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE.NIIBE Yutaka2021-11-151-0/+8
| | | | | | | | | | * scd/app-openpgp.c (do_auth): Use extended Lc, when supported. -- GnuPG-bug-id: 5682 Co-authored-by: Klas Lindfors Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Avoid memory leak.Jakub Jelen2021-11-121-0/+1
| | | | | | | | | * scd/command.c (cmd_readkey): Free allocated memory on failure path. -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <[email protected]>
* scd: Add new OpenPGP card vendor.Werner Koch2021-11-041-0/+1
| | | | --
* scd: Simplify the loop of DEVINFO.NIIBE Yutaka2021-11-021-11/+5
| | | | | | | | * scd/app.c (app_send_devinfo): Factor out lock/unlock. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix the previous commit.NIIBE Yutaka2021-10-291-5/+1
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Modify DEVINFO behavior to support looping forever.NIIBE Yutaka2021-10-293-79/+104
| | | | | | | | | | | | | | | | | | | | | * scd/app.c (struct mrsw_lock): Add notify_cond member. (notify_cond): Remove. (card_list_r_lock, card_list_r_unlock): Rename. (card_list_w_lock, card_list_w_unlock): Rename. (card_list_signal, card_list_wait): New, fixing thinko about notify/wakeup with MRSW lock. (app_send_devinfo): Support looping. (select_application): Notify app_send_devinfo thread for newly detected device. (initialize_module_command): Initialize notify_cond member. (app_wait): Remove. * scd/command.c (cmd_devinfo): Use new API of app_send_devinfo. * scd/scdaemon.h (app_wait): Remove. -- GnuPG-bug-id: 5359 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent,dirmngr,kbx,scd,tpm2d: Use gnupg_sleep.NIIBE Yutaka2021-10-052-4/+4
| | | | | | | | | | | | | | | | * agent/findkey.c (unprotect): Use gnupg_sleep. * agent/gpg-agent.c (handle_connections): Likewise. * dirmngr/crlfetch.c (handle_connections): Likewise. * kbx/keyboxd.c (handle_connections): Likewise. * tpm2d/tpm3daemon.c (handle_connections): Likewise. * scd/scdaemon.c (handle_connections): Likewise. * scd/command.c (cmd_lock): Likewise. * dirmngr/ldap-wrapper.c (ldap_reaper_thread): Likewise. (ldap_wrapper_wait_connections): Use gnupg_usleep. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* sm: Add LotW support to the key listingWerner Koch2021-09-091-2/+2
| | | | | | | | | | * sm/certdump.c (parse_dn_part): Translate OID to "Callsign" * sm/keylist.c (oidtranstbl): Some more OIDs. -- This is Ham thingy to make it easier to read LotW certificates. Signed-off-by: Werner Koch <[email protected]>
* scd: Don't release the context until list_finish for PC/SC.NIIBE Yutaka2021-08-201-1/+8
| | | | | | | | | | | * scd/apdu.c (apdu_dev_list_start): Increment PCSC.COUNT here. (apdu_dev_list_finish): Decrement PCSC.COUNT. -- GnuPG-bug-id: 5416 Fixes-commit: 32baa9acfb153004bdb2509f9516482b78f256a4 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Small clean up for card access.NIIBE Yutaka2021-07-222-10/+11
| | | | | | | * scd/app.c (app_get_challenge): Remove the check to ref_count. * scd/command.c (send_client_notifications): Update comments. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix direct use of card with no ctrl->card_ctx.NIIBE Yutaka2021-07-221-1/+1
| | | | | | | | | * scd/app.c (maybe_switch_app): Remove check of ref_count. -- Fixes-commit: 0d6b4210cf31d1c3ca0e8b034537a158fe3caca8 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix access to list of cards (3/3).NIIBE Yutaka2021-07-213-315/+315
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/app-common.h (card_reset): Simplify more. (select_additional_application): Supply CARD. (card_ref, card_unref): Remove. (card_get, card_put): New. * scd/app.c (card_reset): No locking/unlocking inside. (app_switch_current_card): Fix comment. (select_additional_application): No locking/unlocking inside. (do_with_keygrip): New, unlocked version. (card_get): New, with support of KEYGRIP. (card_unref): Remove. (card_put): New. (app_write_learn_status, app_readcert: No locking/unlocking inside. (app_readkey, app_getattr, app_setattr, app_sign, app_auth): Likewise. (app_decipher, app_writecert, app_writekey): Likewise. (app_genkey, app_get_challenge, app_change_pin): Likewise. (app_check_pin, app_switch_active_app): Likewise. * scd/command.c (do_reset): Use card_get/card_put. (open_card_with_request): Use card_get/card_put, return CARD locked. (cmd_serialno): Follow the change of open_card_with_request. (cmd_switchapp): Use card_get/card_put. (cmd_learn, cmd_readcert, cmd_readkey, cmd_pksign): Likewise. (cmd_pkauth, cmd_pkdecrypt, cmd_getattr): Likewise. (cmd_setattr, cmd_writecert, cmd_writekey): Likewise. (cmd_genkey, cmd_random, cmd_passwd): Likewise. (cmd_checkpin, cmd_getinfo, cmd_restart): Likewise. (cmd_disconnect, cmd_apdu, cmd_devinfo): Likewise. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix access to list of cards (2/3).NIIBE Yutaka2021-07-213-30/+28
| | | | | | | | | | | * scd/app-common.h (card_reset, select_application): Simplify. * scd/app.c (card_reset, select_application): Simplify. * scd/command.c (do_reset): Follow the change. (open_card, open_card_with_request): Follow the change. -- Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-10 10:59:18 +0000