From 44621120a269ba67408fe1ea067af8cbd1cbb35e Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Thu, 3 Mar 2022 17:45:49 +0900 Subject: scd: Add --challenge-response option to PK_AUTH for OpenPGP card. * scd/app-openpgp.c (rmd160_prefix, sha1_prefix, sha224_prefix) (sha256_prefix, sha384_prefix, sha512_prefix): Move the scope up. (gen_challenge): New. (do_auth): Support challenge-response check if it signs correctly. * scd/app.c (app_auth): Remove the check INDATA and INDATALEN. * scd/command.c (cmd_pkauth): Support --challenge-response option. -- GnuPG-bug-id: 5862 Signed-off-by: NIIBE Yutaka --- scd/command.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'scd/command.c') diff --git a/scd/command.c b/scd/command.c index dfd1ee538..392b678c4 100644 --- a/scd/command.c +++ b/scd/command.c @@ -41,6 +41,7 @@ #endif #include "../common/asshelp.h" #include "../common/server-help.h" +#include "../common/ssh-utils.h" /* Maximum length allowed as a PIN; used for INQUIRE NEEDPIN. That * length needs to small compared to the maximum Assuan line length. */ @@ -1074,7 +1075,7 @@ cmd_pksign (assuan_context_t ctx, char *line) static const char hlp_pkauth[] = - "PKAUTH "; + "PKAUTH [--challenge-response] "; static gpg_error_t cmd_pkauth (assuan_context_t ctx, char *line) { @@ -1085,11 +1086,17 @@ cmd_pkauth (assuan_context_t ctx, char *line) char *keyidstr; card_t card; const char *keygrip = NULL; + int challenge_response = 0; if ((rc = open_card (ctrl))) return rc; - /* We have to use a copy of the key ID because the function may use + if (has_option (line, "--challenge-response")) + challenge_response = 1; + + line = skip_options (line); + + /* We have to use a copy of the key ID because the function may use the pin_cb which in turn uses the assuan line buffer and thus overwriting the original line with the keyid */ keyidstr = xtrystrdup (line); @@ -1101,6 +1108,13 @@ cmd_pkauth (assuan_context_t ctx, char *line) if (strlen (keyidstr) == 40) keygrip = keyidstr; + if (challenge_response) + { + xfree (ctrl->in_data.value); + ctrl->in_data.value = NULL; + ctrl->in_data.valuelen = 0; + } + card = card_get (ctrl, keygrip); if (card) { -- cgit v1.2.3