aboutsummaryrefslogtreecommitdiffstats
path: root/scd (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* scd: Fix access to list of cards (1/3).NIIBE Yutaka2021-07-211-22/+115
| | | | | | | | | | | | | | | | * scd/app.c (card_list_lock): Use MRSW lock. (lock_r_card_list, unlock_r_card_list): New. (lock_w_card_list, unlock_w_card_list): New. (app_dump_state, app_send_devinfo): Use the MRSW lock. (select_application, app_switch_current_card): Likewise. (scd_update_reader_status_file): Likewise. (initialize_module_command, send_card_and_app_list): Likewise. (app_do_with_keygrip, app_wait): Likewise. -- GnuPG-bug-id: 5524 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Silence compiler waring about unused args.Werner Koch2021-07-082-0/+6
| | | | --
* scd: Detect external interference when PCSC_SHARED.NIIBE Yutaka2021-07-064-2/+72
| | | | | | | | | | | | | | * scd/app-common.h (check_aid): New method. * scd/app-openpgp.c (do_check_aid): New. * scd/app-piv.c (do_check_aid): New. * scd/app.c (check_external_interference): New. (maybe_switch_app): Check interference to determine switching is needed. -- GnuPG-bug-id: 5484 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:ccid: Handle LIBUSB_TRANSFER_OVERFLOW interrupt transfer.NIIBE Yutaka2021-06-231-0/+5
| | | | | | * scd/ccid-driver.c (intr_cb): Ignore LIBUSB_TRANSFER_OVERFLOW. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:p15: Prepare AODF parsing for other authentication types.Werner Koch2021-06-221-329/+372
| | | | | | | | | | | | | * scd/app-p15.c (auth_type_t): New. (struct aodf_object_s): Add field auth_type. (read_ef_aodf): Distinguish between pin and authkey types. Include the authtype in the verbose mode diags. -- Note that the bulk of chnages are just indentation chnages. There should be no functional change. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Add pre-check for ascii-numeric PINs.Werner Koch2021-06-181-1/+9
| | | | * scd/app-p15.c (verify_pin): acii-numerix is different than BCD.
* scd:p15: Add basic support for AET JCOP cards.Werner Koch2021-06-181-5/+42
| | | | | | | | | | | | | * scd/app-p15.c (CARD_TYPE_AET): New. (cardtype2str): Add string. (card_atr_list): Add corresponding ATR. (app_local_s): New flag no_extended_mode. Turn two other flags into bit flags. (select_ef_by_path): Hack to handle the 3FFF thing. (readcert_by_cdf): Do not use etxended mode for AET. (app_select_p15): Set no_extended_mode. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Handle cards with bad encoded path objects.Werner Koch2021-06-181-12/+16
| | | | | | | | | * scd/app-p15.c (read_ef_prkdf, read_ef_pukdf) (read_ef_cdf, read_ef_aodf): Allow for a zero length path and correctly skip unsupported auth types. -- Signed-off-by: Werner Koch <[email protected]>
* scd: Improve reading of binary records.Werner Koch2021-06-183-11/+10
| | | | | | | | | | | | | * scd/iso7816.c (iso7816_read_binary_ext): Handle the 0x6a86 SW the same as 6b00. * scd/apdu.c (apdu_get_atr): Modify debug messages. * scd/app-p15.c (app_select_p15): Print FCI on error. (read_p15_info): Clean up diag in presence of debug options. -- Some cards return 6a86 instead of 6b00. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix RESET handling.NIIBE Yutaka2021-06-171-1/+5
| | | | | | | | * scd/app.c (scd_update_reader_status_file): Clear ->reset_requested. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Support clearing of Reset Code by ''.NIIBE Yutaka2021-06-111-2/+3
| | | | | | | | * scd/app-openpgp.c (do_change_pin): Allow null-string. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add new card vendor.Werner Koch2021-06-101-0/+1
| | | | --
* scd: Fix serial number detection for Yubikey 5.NIIBE Yutaka2021-06-081-4/+5
| | | | | | | | | * scd/app.c (app_new_register): Handle serial number correctly. -- GnuPG-bug-id: 5442 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix READER-PORT option handling for PC/SC.NIIBE Yutaka2021-06-071-17/+27
| | | | | | | | | * scd/apdu.c (apdu_open_reader): READERNO should be -1 when READER-PORT is specified for PC/SC. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix zero-byte handling in ECC.NIIBE Yutaka2021-05-281-11/+3
| | | | | | | | | | * scd/app-openpgp.c (ecc_writekey): Don't remove zero-byte. -- Fixes-commit: a25c99b156ca9acaa7712e9c09a6df0a7a23c833 GnuPG-bug-id: 5163 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: avoid memory leaksJakub Jelen2021-05-203-7/+14
| | | | | | | | | | | | | * scd/app-p15.c (send_certinfo): free labelbuf (do_sign): goto leave instead of return * scd/app-piv.c (do_sign): goto leave instead of return, fix typo in variable name, avoid using uninitialized variables * scd/command.c (cmd_genkey): goto leave instead of return -- Signed-off-by: Jakub Jelen <[email protected]> GnuPG-bug-id: 5393
* scd:p15: Fix logic for appending product name to MANUFACTURER.Ingo Klöcker2021-05-181-2/+2
| | | | | | * scd/app-p15.c (do_getattr): Append product name to MANUFACTURER if manufacturer_id does not already contain a bracket and if we have a product name.
* scd: Remove wrong assertion and add protection to PCSC.COUNT.NIIBE Yutaka2021-05-141-1/+2
| | | | | | | * scd/apdu.c (apdu_dev_list_finish): Fix for calling release_pcsc_context. Signed-off-by: NIIBE Yutaka <[email protected]>
* A few minor code cleanups and typo fixes.Werner Koch2021-05-111-1/+1
| | | | | | | | | | * agent/command-ssh.c (ssh_handler_request_identities): Remove double check of ERR. * g10/getkey.c (get_pubkey_byname): Remove double use of break. * g10/pkglue.c (pk_encrypt): Handle possible NULL-ptr access due to failed malloc. Signed-off-by: Werner Koch <[email protected]>
* scd: Serialize READER_TABLE access for PC/SC.NIIBE Yutaka2021-05-111-15/+19
| | | | | | | | | | | | | * scd/apdu.c (apdu_dev_list_start): Remove locking READER_TABLE_LOCK. Don't increment PCSC.COUNT here. (apdu_dev_list_finish): Don't decrement PCSC.COUNT here. (apdu_open_reader): Protect access with READER_TABLE_LOCK. -- GnuPG-bug-id: 5416 Fixes-commit: 8d81fd7c01e8dfacc719ff190f8e364014e32fdf Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix close_pcsc_reader.NIIBE Yutaka2021-05-101-9/+9
| | | | | | | | | | | * scd/apdu.c (close_pcsc_reader): Don't touch .RDRNAME field. (apdu_dev_list_finish): Clear .RDRNAME field and replace call of close_pcsc_reader by release_pcsc_context. Add assertion. -- GnuPG-bug-id: 5416 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Make sure releasing PC/SC context.NIIBE Yutaka2021-05-101-6/+16
| | | | | | | | | | | | * scd/apdu.c (release_pcsc_context): New. (close_pcsc_reader): Use release_pcsc_context. Add assertion. (apdu_dev_list_start): Replace call of close_pcsc_reader into release_pcsc_context, add condition. -- GnuPG-bug-id: 5416 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Increment PCSC.COUNT correctly.NIIBE Yutaka2021-05-071-2/+2
| | | | | | | | | * scd/apdu.c (open_pcsc_reader): PCSC.COUNT should be incremented before possible call of close_pcsc_reader. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix memory leak for RDRNAME and serialize access.NIIBE Yutaka2021-05-071-2/+6
| | | | | | | | | | * scd/apdu.c (close_pcsc_reader): Move locking to... (apdu_close_reader): ... here, as it's also needed for CCID driver. Free RDRNAME when closed. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix declarations for PC/SC access.NIIBE Yutaka2021-05-061-2/+2
| | | | | | | | * scd/apdu.c (pcsc_begin_transaction, pcsc_transmit): Use HANDLE. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Recover the partial match for PORTSTR for PC/SC.NIIBE Yutaka2021-05-061-1/+2
| | | | | | | | | * scd/apdu.c (apdu_open_reader): Allow partial match of PORTSTR again just like 2.2 does. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: When reader is specified, make sure only open once.NIIBE Yutaka2021-05-061-0/+5
| | | | | | | | | * scd/apdu.c (apdu_open_reader): Make sure not to try multiple times, when PORTSTR is specified. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix PC/SC removed card problemWerner Koch2021-04-291-0/+11
| | | | | | | | | | | * scd/apdu.c (pcsc_cancel): New. (pcsc_init): Load new function. (connect_pcsc_card): Use it after a removed card error. -- Well, that was easier than I expected yesterday. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Fix the name of a card.Werner Koch2021-04-281-1/+1
| | | | --
* scd: Fix problem with reader list becoming empty.Werner Koch2021-04-282-22/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/apdu.c (close_pcsc_reader): Do not decrement refcount if already zero. Always release context if or becomes zero. (apdu_dev_list_start): Unlock prior to close_pcsc_reader. For PC/SC increment the count. Always release the lock. (apdu_dev_list_finish): No more unlocking. Use close_pcsc_reader instead of code duplication. * scd/apdu.c (pcsc_error_string): Add an error code. * scd/scdaemon.c (scd_kick_the_loop): Fix a diagnostic. -- There was an obvious bug in that the pcsc.count could go below zero and thus there was no chance to get the context release. Releasing and recreating the context is at least under Windows important to get rit of the PCSC_E_SERVICE_STOPPED. Also removes a potential problem in holding the reader_table_lock between calls to apdu_dev_list_start apdu_dev_list_finish. There is no need for this. Instead we bump the pcsc.count. The reader_table_lock strategy should be reviewed; we may be able to remove it. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix unblock PIN by a Reset Code with KDF.Kirill Elagin2021-04-271-1/+1
| | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Use correct CHVNO=1 for pin2hash_if_kdf, for user's PIN. -- GnuPG-bug-id: 5413 Signed-off-by: Kirill Elagin <[email protected]>
* scd:p15: Fix last commit and improve D-TRUST detection.Werner Koch2021-04-251-7/+16
| | | | | | | | * scd/app-p15.c (read_p15_info): Improve D-TRUST card detection. (do_getattr): Fix faulty code for the last commit. Append the product name to MANUFACTURER. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Shorten the displayed s/n of RSCS cardsWerner Koch2021-04-251-1/+9
| | | | | | | | | | * scd/app-p15.c (get_dispserialno): Add dedicated handling for RSCS. -- In fact we fix the display of the s/n because the s/n was taken from a certificate. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix PSO_CSV for 512 bit curvesWerner Koch2021-04-221-6/+20
| | | | | | * scd/iso7816.c (iso7816_pso_csv): Use BER-TLV instead of SIMPLE-TLV Signed-off-by: Werner Koch <[email protected]>
* Support log-file option from common.conf for all daemon.Werner Koch2021-04-201-0/+12
| | | | | | | | | | | | | | | | * agent/gpg-agent.c: Include comopt.h. (main): Read log-file option from common.conf. (reread_configuration): Ditto. * dirmngr/dirmngr.c: Include comopt.h. (main): Read log-file option from common.conf. (reread_configuration): Ditto. * kbx/keyboxd.c: Include comopt.h. (main): Read log-file option from common.conf. (reread_configuration): Ditto. * scd/scdaemon.c: Include comopt.h. (main): Read log-file option from common.conf. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Support attribute KEY-FPR.Werner Koch2021-04-161-5/+170
| | | | | | | | | | | | | * scd/app-p15.c: Include openpgpdefs.h. (struct prkdf_object_s): Add fields have_keytime and ecdh_kdf. (read_p15_info): Set ecdh_kdf. (keygrip_from_prkdf): Flag that we have the keytime. (send_keypairinfo): Send the key time only if valid. (send_key_fpr_line): New. (send_key_fpr): New. (do_getattr): Add KEY-FPR. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix memory leaks.Jakub Jelen2021-04-132-1/+5
| | | | | | | | | | * scd/apdu.c (apdu_dev_list_start): Free DL. * scd/app-nks.c (pubkey_from_pk_file): Fix typo in condition. -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <[email protected]>
* scd:p15: Match private keys with certificates also by labels.Werner Koch2021-04-121-28/+59
| | | | | | | | | | | | | | * scd/app-p15.c (cdf_object_from_label): New. (cdf_object_from_certid): Fallback to label matching. (read_p15_info): Ditto. (keygrip_from_prkdf): Ditto. Replace duplicated code by a call to cdf_object_from_objid. -- In case there is no certificate for a private key we now also try to find a certificate using a matching label. Signed-off-by: Werner Koch <[email protected]>
* scd:nks: Handle APP_READKEY_FLAG_INFO.Werner Koch2021-04-081-62/+117
| | | | | | | | | | | | | | * scd/app-nks.c (keygripstr_from_pk_file): Fix ignored error. (get_nks_tag): New. (do_learn_status_core): Use it. Make sure not to mange the KEYPAIRINFO line if no usage is known. (do_readkey): Output the KEYPAIRINFO for the keygrip case. -- Note that this only handles the most common case of providing a keygrip. $AUTHKEYID and ODLM are not yet supported. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix duplicate output of KEYPAIRINFO by readkey command.Werner Koch2021-04-082-12/+14
| | | | | | | | | | | | | * scd/app-help.c (app_help_get_keygrip_string_pk): Make HEXKEYGRIP parm optional. * scd/command.c (do_readkey): Remove duplicate output of keypairinfo lines. -- Note that this change needs a fix in app-p15 which does not yet handle the APP_READKEY_FLAG_INFO. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix CCID driver for SCM SPR332/SPR532.NIIBE Yutaka2021-04-081-1/+13
| | | | | | | | | | | * scd/ccid-driver.c (ccid_vendor_specific_pinpad_setup): New. (ccid_vendor_specific_setup): Only send CLEAR_HALT. (ccid_transceive_secure): Each time, use send_escape_cmd. -- GnuPG-bug-id: 5297 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: New flag --reread for LEARNWerner Koch2021-04-013-39/+101
| | | | | | | | | | | * scd/command.c (cmd_learn): Add flag --reread. * scd/app-common.h (struct app_ctx_s): New field need_reset. * scd/app.c (write_learn_status_core): Set need_reset if we notice an error after returning from a reread. Change all callers of card functions to return GPG_ERR_CARD_RESET so that that app is not anymore used. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: New flag APP_LEARN_FLAG_REREAD.Werner Koch2021-04-012-27/+73
| | | | | | | | | | | | | | | | * scd/app-p15.c (do_deinit): Factor code out to ... (release_lists, release_tokeninfo): new. (read_ef_tokeninfo): Reset all data before reading. (read_p15_info): Ditto. (do_learn_status): Implement reread flag. -- Objects of a card may be protected by a PIN and thus only readble after a verify command. This new flag makes it possible to gather the entire PKCS#15 card info again without a need for a reset (and thus loss of the verify status). Signed-off-by: Werner Koch <[email protected]>
* scd: Replace all assert macros by the log_assert macro.Werner Koch2021-03-319-44/+35
| | | | Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Return labels for keys and certificates.Werner Koch2021-03-302-1/+43
| | | | | | | * scd/app-p15.c (send_certinfo): Extend certinfo. (do_getattr): Support KEY-LABEL. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: For CardOS make use of ISO7816_VERIFY_NOT_NEEDED.Werner Koch2021-03-301-11/+17
| | | | | | * scd/app-p15.c (verify_pin): Take care of verify status. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Return the creation time of the keys.Werner Koch2021-03-301-0/+32
| | | | | | | | * scd/app-p15.c (struct prkdf_object_s): Add keytime and keyalgostr. (keygrip_from_prkdf): Set them. (send_keypairinfo): Extend KEYPAIRINFO. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Make RSA with SHA512 work with CardOS.Werner Koch2021-03-291-121/+117
| | | | | | | | | | | | | * scd/app-p15.c (do_sign): Rewrite. -- This basically works now but for my test card I need to pass --cert-digest-algo-512 manually. Need to check this again and automate it. It will also be useful to take the NotBefore timestamp from the dummy X.509 certificate and use that for the PGP key creation time. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Support ECDSA and ECDH for CardOS.Werner Koch2021-03-294-102/+378
| | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/iso7816.c (iso7816_pso_csv): New. * scd/app-help.c (app_help_pubkey_from_cert): Uncompress a point if needed. * scd/app-p15.c (CARD_PRODUCT_RSCS): New. (struct prkdf_object_s): Add fields is_ecc, token_label, and tokenflags. (do_deinit): Free new fields. (cardproduct2str): New. (read_ef_prkdf): Set new is_ecc flag. (read_ef_tokeninfo): Store some data and move Tokeninfo diags to ... (read_p15_info): here. set the product info here after all data has been gathered. (send_keypairinfo): Chnage the way the gpgusage flags are used. (make_pin_prompt): If the token has a label and the current cert has no CN, show the label as holder info. (do_sign): Support ECDSA. Take care of the gpgusage flags. (do_decipher): Support ECDH. Take care of the gpgusage flags. -- This has been tested with Trusted Object Manager generated cards by Rohde & Schwarz Cybersecurity. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix PC/SC error handling at apdu_dev_list_start.NIIBE Yutaka2021-03-261-1/+3
| | | | | | | | | | | * scd/apdu.c (PCSC_E_NO_READERS_AVAILABLE): Add. (pcsc_error_to_sw): Handle PCSC_E_NO_READERS_AVAILABLE. (apdu_dev_list_start): Return error correctly. -- GnuPG-bug-id: 4864 Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-10 12:55:26 +0000