aboutsummaryrefslogtreecommitdiffstats
path: root/scd (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* scd:p15: Print the internal card type.Werner Koch2020-11-251-0/+8
| | | | * scd/app-p15.c (read_ef_tokeninfo): Print the internal card type.
* scd:p15: Improve support for some CardOS based cards.Werner Koch2020-11-253-14/+68
| | | | | | | | | * scd/iso7816.c (iso7816_read_binary_ext): Add optional arg r_sw and change callers. (iso7816_read_record): Factor all code out to ... (iso7816_read_record_ext): new. * scd/app-p15.c (select_and_read_binary): Fallback to record reading. (read_ef_aodf): Clear EOF error.
* scd: Rework the handling of the displayed serial number.Werner Koch2020-11-255-119/+178
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/app.c (app_new_register): Call app_munge_serialno for Yubikeys. (app_munge_serialno): Handle Yubikey serial numbers. (card_get_serialno): Remove special Yubikey treatment. Drop arg is_canonical. (app_get_serialno): Clear ERRNO on error. (card_get_dispserialno): New. Also change formatting of Yubikey and OpenPGP numbers to match those printed on the card. (app_get_dispserialno): New. * scd/app-openpgp.c (do_getattr): Use app_get_dispserialno. (yubikey_get_serialno): Remove. * scd/app-piv.c (get_dispserialno): Remove. (do_getattr): Use app_get_dispserialno. -- This patch gets us back to a unique serial number for cards and provides a stable serial number as printed for Yubikeys. Because we use a slightly different serial number now for Yubikeys and cards only supporting OpenPGP card we need to come up with another change so that the version number of OpenPGP serial numbers are ignored when comparing card serial numbers. This is so that existing stub keys of gpg-agent will continue to work. GnuPG-bug-id: 5100 Signed-off-by: Werner Koch <[email protected]>
* scd: Fix an error return for READKEY.NIIBE Yutaka2020-11-251-0/+3
| | | | | | | | | | * scd/command.c (cmd_readkey): Return when error. -- GnuPG-bug-id: 5150 Suggested-by: Ingo Klöcker Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,nks: Fix SEGV for learn for older card.NIIBE Yutaka2020-11-251-0/+1
| | | | | | | | | | * scd/app-nks.c (keygripstr_from_pk_file): Set algostr. -- GnuPG-bug-id: 5144 Fixes-commit: 26da47ae53d51e16ae6867cd419ddbf124a94933 Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: Fix typosGavin L. Rebeiro2020-11-231-1/+1
| | | | | | | -- GnuPG-bug-id: 5071 Also fixed one in keyformat.txt [wk].
* Fix the previous comment changes help doc string.NIIBE Yutaka2020-11-201-1/+1
| | | | | | * scd/command.c (hlp_learn): Fix the doc string. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Do not print reader status change with --debug cardio.Werner Koch2020-11-111-1/+1
| | | | | | | | | -- ... but use --debug reader for this. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit bd3b698d8ec427a02f2fa793777f2a88bc356f25)
* card: Run factory-reset in locked stated.Werner Koch2020-11-091-10/+10
| | | | | | | | | | | | | | | | * scd/command.c (reset_notify): Add option --keep-lock. (do_reset): Add arg keep_lock. (cmd_lock): Send progress status. * g10/call-agent.c (agent_scd_apdu): Add more pseudo APDUs. * g10/card-util.c (send_apdu): Ditto. (factory_reset): Use lock commands. -- This is required so that for example Kleopatra does not detect the RESET and issues a SERIALNO of its own, thus conflicting with our SERIALNO undefined. Signed-off-by: Werner Koch <[email protected]>
* scd: Use lock_slot for apdu_send_direct.NIIBE Yutaka2020-11-051-1/+1
| | | | | | | | | | | | | * scd/apdu.c (apdu_send_direct): Use lock_slot. -- With trylock_slot, it may return SW_HOST_BUSY. This may occur when apdu_get_status is called by scd_update_reader_status_file. Simply using lock_slot is much easier for user of apdu_send_direct. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID driver: Fix a race condition on close.NIIBE Yutaka2020-11-051-12/+25
| | | | | | | | | | | | | | | | | | | | | * scd/ccid-driver.c (ccid_require_get_status): For VENDOR_SCM reader, return 0 only at the initial call. (bulk_in): Don't detect an error for VENDOR_SCM reader, just kicking the loop, to invoke scd_update_reader_status_file, which calls ccid_slot_status again. (ccid_slot_status): Move the call of ccid_vendor_specific_setup to... (ccid_get_atr): ... here. -- For readers with interrupt transfer support, it is only intr_cb which sets handle->powered_off to 1. Keeping this condition makes no race. The function ccid_slot_status can also detect a communication error, which causes apdu_close_reader (but not setting ->powered_off). GnuPG-bug-id: 5121 Fixes-commit: 920f258eb6018ecec1d63bad6a0fb0772f72affa Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Handle canonical serialno and app specific serialno differently.NIIBE Yutaka2020-10-273-8/+9
| | | | | | | | | | | | | | | * scd/app-common.h (card_get_serialno): Add IS_CANONICAL arg. * scd/app.c (app_send_devinfo): Use app specific serialno. (card_get_serialno): Support two different cases. (app_get_serialno): Return app specific serialno. (send_serialno_and_app_status): Return canonical serialno. * scd/command.c (cmd_serialno): Return app specific serialno. (cmd_learn): Return canonical serialno. -- GnuPG-bug-id: 5100 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Flush the cache when writing cert data object.NIIBE Yutaka2020-10-261-0/+1
| | | | | | | | | | * scd/app-piv.c (do_writecert): Flush the cache of the data object. -- Suggested-by: Ingo Klöcker GnuPG-bug-id: 5102 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID driver thing only for SPR532.NIIBE Yutaka2020-10-261-6/+14
| | | | | | | | | | | | | * scd/ccid-driver.c (ccid_vendor_specific_setup): New. Limit only for SPR532, excluding other readers by SCM. (ccid_slot_status): Use ccid_vendor_specific_setup. -- We follow the setup procedure of libccid implementation, which sends the escape command for SPR532 only. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID driver limiting only for SPR532.NIIBE Yutaka2020-10-241-1/+1
| | | | | | | * scd/ccid-driver.c (ccid_vendor_specific_init): Only do that for SPR532. Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Allow building with released libgpg-error.Werner Koch2020-10-231-0/+1
| | | | | | | | * common/sysutils.c (gnupg_access) [W32]: Fix for older libgpgrt. -- Fixes-commit: c94ee1386e0d5cdac51086c4d5b92de59c09c9b5 Signed-off-by: Werner Koch <[email protected]>
* scd: Handle Yubikey's multiple apps and serialno.NIIBE Yutaka2020-10-233-7/+72
| | | | | | | | | | | | | | * scd/app-common.h (yubikey_get_serialno): New. * scd/app-openpgp.c (yubikey_get_serialno): New. * scd/app.c (card_get_serialno): Use OpenPGP app's serialno, when it's enabled for Yubikey. (send_serialno_and_app_status): Use card_get_serialno, not directly accessing ->serialno. -- GnuPG-bug-id: 5100 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Use app_get_serialno for app_getattr.NIIBE Yutaka2020-10-231-1/+1
| | | | | | | | | * scd/app.c (app_getattr): Use app_get_serialno. -- GnuPG-bug-id: 5100 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Don't overwrite serialno for Yubikey.NIIBE Yutaka2020-10-231-3/+10
| | | | | | | | | * scd/app-openpgp.c (app_select_openpgp): Keep ->serialno. -- GnuPG-bug-id: 5100 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,openpgp: Use app_get_serialno function to get SERIALNO.NIIBE Yutaka2020-10-231-16/+17
| | | | | | | | | | * scd/app-openpgp.c (check_keyidstr): Don't directly access app->serialno, but use app_get_serialno. (do_with_keygrip): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* Replace most of the remaining stdio calls by estream calls.Werner Koch2020-10-201-4/+4
| | | | | | | | | | | | -- We need to use es_fopen on Windows to cope with non-ascii file names. This is quite a large but fortunately straightforward change. At a very few places we keep using stdio (for example due to the use of popen). GnuPG-bug-id: 5098 Signed-off-by: Werner Koch <[email protected]>
* scd: Internal CCID driver: More fix for SPR532.NIIBE Yutaka2020-09-301-4/+4
| | | | | | | | | * scd/ccid-driver.c (bulk_in): Handle the case of missing intr_cb. -- GnuPG-bug-id: 5065 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Report any error for LEARN command.NIIBE Yutaka2020-09-301-30/+67
| | | | | | * scd/app-openpgp.c (do_learn_status): Report any error. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID driver fix.NIIBE Yutaka2020-09-291-2/+5
| | | | | | | * scd/ccid-driver.c (intr_cb): More useful debug output. (ccid_slot_status): Remove redundant condition. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID driver: Call libusb_clear_halt at ccid_setup_intr.NIIBE Yutaka2020-09-291-3/+1
| | | | | | | * scd/ccid-driver.c (ccid_setup_intr): Reset the endpoint. (ccid_vendor_specific_init): Don't call libusb_clear_halt. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID driver: Fix a failure path.NIIBE Yutaka2020-09-281-0/+1
| | | | | | | * scd/ccid-driver.c (ccid_open_usb_reader): On error, call libusb_release_interface. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID: Handle LIBUSB_ERROR_TIMEOUT at ccid_get_atr.NIIBE Yutaka2020-09-281-1/+2
| | | | | | | | | | | * scd/ccid-driver.c (ccid_slot_status): Handle LIBUSB_ERROR_TIMEOUT. -- With SPR532, at the first connection, it fails by LIBUSB_ERROR_TIMEOUT, but no retry. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID: Clear the handle after use.NIIBE Yutaka2020-09-281-1/+5
| | | | | | | * scd/apdu.c (close_ccid_reader): Clear the handle. (open_ccid_reader): Likewise. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Change handling of SPR532 card reader.NIIBE Yutaka2020-09-281-4/+17
| | | | | | | | | | * scd/ccid-driver.c (ccid_vendor_specific_init): Put some workaround for SPR532 initialization. (ccid_slot_status): Send ESCape command after GetSlotStatus. GnuPG-bug-id: 5065 Fixes-commit: 4fae55f8ee11b3f710524e5e8b8a91b159949f2d Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: For PC/SC, send the ESC command at init for SPR532 reader.NIIBE Yutaka2020-09-251-25/+32
| | | | | | | | | | | | | | | | | | | | | * scd/apdu.c (struct reader_table_s): Remove is_spr532. (pcsc_vendor_specific_init): Send the ESC command for SPR532. (pcsc_pinpad_verify, pcsc_pinpad_modify): Remove no_lc hack. -- The "no_lc" hack lets PC/SC-lite send the ESC command for SPR532 internally, for pcsc_pinpad_verify. However, PC/SC-lite doesn't do that for pcsc_pinpad_modify, unfortunately. Besides, I'm not sure this hack works on Windows, which has different implementation of PC/SC service. It's better to send the ESC command by the driver explicitly, at the initialization. Sending the ESC command results PCSC_E_NOT_TRANSACTED error when a card is not active (that is the case, usually). We ignore this error. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: For SPR532, submit the ESCape command at initialization.NIIBE Yutaka2020-09-251-14/+13
| | | | | | | | | | * scd/ccid-driver.c (ccid_vendor_specific_init): Submit the ESC command for VENDOR_SCM. (ccid_transceive_secure): Don't submit the ESC command every time. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix CCID internal driver for interrupt transfer.NIIBE Yutaka2020-09-241-3/+36
| | | | | | | | | | | | | | * scd/ccid-driver.c (intr_cb): Handle the case of multiple messages. -- SPR532 USB Smart Card Reader (also know as SPR332) may send two messages at once for a single interrupt transfer. An example transfer observed was like: 50 03 50 02, which is considered valid, according to the CCID specification. GnuPG-bug-id: 5065 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Extend KEYPAIRINFO with an algorithm string.Werner Koch2020-09-216-22/+98
| | | | | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (send_keypair_info): Emit the algo string as part of a KEYPAIRINFO. * scd/command.c (do_readkey): Ditto. * scd/app-piv.c (do_readkey): Ditto. * scd/app-nks.c (do_learn_status_core): Ditto. (struct fid_cache_s): Add field algostr. (flush_fid_cache): Release it. (keygripstr_from_pk_file): Fill it and add it to the cache. Use a single exit label. * scd/app-help.c (app_help_get_keygrip_string_pk): Add new arg r_algostr. Change all callers. -- This is helpful so that callers do not need to parse the key for this basic information. Use "scd readkey --info-only" to return the info status line instead of the key material; using just --info returns the info in addition to the key material. Signed-off-by: Werner Koch <[email protected]>
* scd: Clear PIN cache when changing key attributes.NIIBE Yutaka2020-09-161-1/+4
| | | | | | * scd/app-openpgp.c (change_keyattr): Clear all PINs. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Clear caching PIN at KDF setup.NIIBE Yutaka2020-09-161-0/+4
| | | | | | * scd/app-openpgp.c (do_setattr): Clear PINs. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add better support for KDF feature.NIIBE Yutaka2020-09-161-0/+7
| | | | | | * scd/app-openpgp.c (do_setattr): Handle kdf-seup "off" for Gnuk. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg,scd: Fix handling of KDF feature.NIIBE Yutaka2020-09-161-11/+23
| | | | | | | | * g10/card-util.c (kdf_setup): Fix the default value. * scd/app-openpgp.c (do_setattr): Support kdf-setup "off" by Zeitcontrol. Make sure Gnuk and Yubikey work well. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix the use case of verify_chv2 by CHECKPIN.NIIBE Yutaka2020-09-151-21/+25
| | | | | | | | | | | | | | * scd/app-openpgp.c (verify_chv2): Call verify_a_chv with chvno=1 when needed. -- Confusingly, verify_chv2 has two different purposes; One for verifying with CHV2 (in addition to CHV1), and the call by CHECKPIN. For the latter, we should check CHV1. Fixes-commit: af189be481df02a77e088aa0a60a1fc02dfa12bf Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:piv: Avoid conflict when writing a cert.Werner Koch2020-09-111-1/+63
| | | | | | | | | * scd/app-piv.c (map_curve_name_to_oid): New. (my_cmp_public_key): New. (do_writecert): Replace simple memcmp by cmp_canon_sexp. -- GnuPG-bug-id: 5061
* scd: Flush KDF DO (0x00F9) when it's being set.NIIBE Yutaka2020-09-101-3/+3
| | | | | | | | | | | * scd/app-openpgp.c (do_setattr): Call flush_cache_item always. -- Only it was called when there was an object with KDF_DATA_LENGTH_MAX. No matter the VALUELEN, it should be flushed. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add a workaround for Yubikey.NIIBE Yutaka2020-09-081-0/+3
| | | | | | | | | | | * scd/app-openpgp.c (get_public_key): Handle wrong code for Yubikey. -- Yubikey version 5 s/n 609074582 returns 0x6982, version 5.2.4 s/n 610616049 returns 0x6581, where 0x6a88 is expected. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix handling 0x00FA to support OpenPGP card 3.4.NIIBE Yutaka2020-09-071-1/+1
| | | | | | | * scd/app-openpgp.c (data_objects): It may be longer. Fixes-commit: 90d0072165cc5c6888f14462392a211de0c4b232 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Increase the number of supported readers from 4 to 16.Werner Koch2020-09-042-2/+3
| | | | | | | | | | -- The limit on 4 readers I introduced in 2003 is too low for some of our use cases. 16 looks better. TODO: Return a useful error message in gpg-card if the limit has been reached. Signed-off-by: Werner Koch <[email protected]>
* scd: Support GET DATA response with no header for DO 0x00FA.NIIBE Yutaka2020-09-041-25/+28
| | | | | | * scd/app-openpgp.c (do_getattr): Support Gnuk, as well. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Parse "Algorithm Information" data object in scdaemon.NIIBE Yutaka2020-09-041-2/+106
| | | | | | | | * scd/app-openpgp.c (data_objects): 0x00FA for binary data. (do_getattr): Parse the data and send it in status lines. (get_algorithm_attribute_string): New. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add handling of "Algorithm Information" DO.NIIBE Yutaka2020-09-031-0/+2
| | | | | | | | | | | | * cd/app-openpgp.c (data_objects): Add 0x00FA. (do_getattr): Add KEY-ATTR-INFO. -- See the section 4.4.3.11 Algorithm Information in the OpenPGP card functional specification version 3.4.1. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: New option to APDU command to return the ATR as data.Werner Koch2020-08-271-2/+16
| | | | | | | | | | * scd/command.c (cmd_apdu): Add new option --data-atr. * tools/gpg-card.c (cmd_apdu): Use that here. Also fix the --exlen option and do not print the statusword in atr mode. * tools/card-call-scd.c (scd_apdu): Detect atr mode anddon't assume a status word. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix reading of the ATR for card type detection.Werner Koch2020-08-271-1/+1
| | | | | | | | | | | * scd/app.c (app_new_register): Do not use apdu_get_slot. -- apdu_get_slot() may only be used after the APP has been initialized. Thus we need to pass teh slot here directly. Fixes-commit: 9f148360a2bf04672b43ef7cec48e21d44b06ae1 Signed-off-by: Werner Koch <[email protected]>
* scd: Add heuristics to identify cardtype.NIIBE Yutaka2020-08-272-3/+23
| | | | | | | | | | | * scd/app-common.h (cardtype_t): Add CARDTYPE_GNUK and CARDTYPE_ZEITCONTROL. * scd/app.c (strcardtype): Handle CARDTYPE_GNUK and CARDTYPE_ZEITCONTROL. (app_new_register): Detect Gnuk and Zeit Control implementation by examining its ATR string. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add condition for VERIFY with 0x82.NIIBE Yutaka2020-08-271-4/+9
| | | | | | | | | | | | | * scd/app-openpgp.c (verify_chv2): Check availability of keys in question. -- With buggy Gnuk (<= 1.2.15), when no encr/auth keys are available, it fails decrementing the signature error counter. This change can avoid the issue. Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-10 13:46:23 +0000