From 26b4a012e3eb3a6ce79a1e53f7cdfbbdf8c8e8f5 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Mon, 28 Nov 2011 16:16:38 +0900 Subject: PC/SC pinpad support. Before this change, it is layered like following: iso7816_verify iso7816_verify_kp apdu_send_simple, apdu_send_simple_kp ... After this change, it will be layered like: iso7816_verify iso7816_verify_kp apdu_send_simple apdu_keypad_verify ... and apdu_send_simple_kp will be deprecated. For PC/SC API, we use: SCardControl API to compose CCID PC_to_RDR_Secure message SCardTransmit API to compose CCID PC_to_RDR_XfrBlock message Considering the support of PC/SC, we have nothing to share between _kp version of iso7816_* and no _kp version. --- scd/ChangeLog | 35 ++++++ scd/apdu.c | 362 ++++++++++++++++++++++++++++++++++++++++++++++++++++- scd/apdu.h | 3 + scd/app-dinsig.c | 2 +- scd/app-nks.c | 2 +- scd/app-openpgp.c | 4 +- scd/iso7816.c | 23 ++-- scd/iso7816.h | 4 +- scd/pcsc-wrapper.c | 50 +++++++- 9 files changed, 460 insertions(+), 25 deletions(-) (limited to 'scd') diff --git a/scd/ChangeLog b/scd/ChangeLog index 45c9c7c0c..9f991cec0 100644 --- a/scd/ChangeLog +++ b/scd/ChangeLog @@ -1,3 +1,38 @@ +2011-11-28 Niibe Yutaka + + * iso7816.h (iso7816_verify_kp): Remove arguments of CHV and CHVLEN. + + * iso7816.c (iso7816_verify_kp): Call apdu_keypad_verify. Only + handle thecase with PININFO. + (iso7816_verify): Call apdu_send_simple. + + * app-openpgp.c (verify_a_chv, verify_chv3): Follow the change of + iso7816_verify_kp. + + * app-nks.c (verify_pin): Likewise. + + * app-dinsig.c (verify_pin): Likewise. + + * apdu.c: Include "iso7816.h". + (struct reader_table_s): New memeber function keypad_verify. + Add fields verify_ioctl and modify_ioctl in pcsc. + (CM_IOCTL_GET_FEATURE_REQUEST, FEATURE_VERIFY_PIN_DIRECT) + (FEATURE_MODIFY_PIN_DIRECT): New. + (pcsc_control): New. + (control_pcsc_direct, control_pcsc_wrapped, control_pcsc) + (check_pcsc_keypad, pcsc_keypad_verify): New. + (ccid_keypad_verify, apdu_keypad_verify): New. + (new_reader_slot): Initialize with check_pcsc_keypad, + pcsc_keypad_verify, verify_ioctl and modify_ioctl. + (open_ct_reader): Initialize keypad_verify with NULL. + (open_ccid_reader): Initialize keypad_verify. + (open_rapdu_reader): Initialize keypad_verify with NULL. + (apdu_open_reader): Initialize pcsc_control. + + * pcsc-wrapper.c (load_pcsc_driver): Initialize pcsc_control. + (handle_control): New. + (main): Handle the case 6 of handle_control. + 2011-08-10 Werner Koch * command.c (cmd_killscd): Use the new assuan force close flag diff --git a/scd/apdu.c b/scd/apdu.c index ac563adef..866ebb916 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -62,6 +62,7 @@ #include "apdu.h" #include "ccid-driver.h" +#include "iso7816.h" /* Due to conflicting use of threading libraries we usually can't link @@ -110,6 +111,7 @@ struct reader_table_s { int (*check_keypad)(int, int, int, int, int, int); void (*dump_status_reader)(int); int (*set_progress_cb)(int, gcry_handler_progress_t, void*); + int (*keypad_verify)(int, int, int, int, int, struct pininfo_s *); struct { ccid_driver_t handle; @@ -118,6 +120,8 @@ struct reader_table_s { unsigned long context; unsigned long card; unsigned long protocol; + unsigned long verify_ioctl; + unsigned long modify_ioctl; #ifdef NEED_PCSC_WRAPPER int req_fd; int rsp_fd; @@ -236,6 +240,11 @@ static char (* DLSTDCALL CT_close) (unsigned short ctn); #define PCSC_E_READER_UNAVAILABLE 0x80100017 #define PCSC_W_REMOVED_CARD 0x80100069 +#define CM_IOCTL_GET_FEATURE_REQUEST (0x42000000 + 3400) +#define FEATURE_VERIFY_PIN_DIRECT 0x06 +#define FEATURE_MODIFY_PIN_DIRECT 0x07 + + /* The PC/SC error is defined as a long as per specs. Due to left shifts bit 31 will get sign extended. We use this mask to fix it. */ @@ -304,6 +313,13 @@ long (* DLSTDCALL pcsc_transmit) (unsigned long card, unsigned long *recv_len); long (* DLSTDCALL pcsc_set_timeout) (unsigned long context, unsigned long timeout); +long (* DLSTDCALL pcsc_control) (unsigned long card, + unsigned long control_code, + const void *send_buffer, + unsigned long send_len, + void *recv_buffer, + unsigned long recv_len, + unsigned long *bytes_returned); /* Flag set if PC/SC returned the no-service error. */ static int pcsc_no_service; @@ -315,6 +331,10 @@ static int reset_pcsc_reader (int slot); static int apdu_get_status_internal (int slot, int hang, int no_atr_reset, unsigned int *status, unsigned int *changed); +static int check_pcsc_keypad (int slot, int command, int pin_mode, + int pinlen_min, int pinlen_max, int pin_padlen); +static int pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, + struct pininfo_s *pininfo); @@ -358,9 +378,10 @@ new_reader_slot (void) reader_table[reader].reset_reader = NULL; reader_table[reader].get_status_reader = NULL; reader_table[reader].send_apdu_reader = NULL; - reader_table[reader].check_keypad = NULL; + reader_table[reader].check_keypad = check_pcsc_keypad; reader_table[reader].dump_status_reader = NULL; reader_table[reader].set_progress_cb = NULL; + reader_table[reader].keypad_verify = pcsc_keypad_verify; reader_table[reader].used = 1; reader_table[reader].any_status = 0; @@ -371,6 +392,8 @@ new_reader_slot (void) reader_table[reader].pcsc.rsp_fd = -1; reader_table[reader].pcsc.pid = (pid_t)(-1); #endif + reader_table[reader].pcsc.verify_ioctl = 0; + reader_table[reader].pcsc.modify_ioctl = 0; return reader; } @@ -645,6 +668,7 @@ open_ct_reader (int port) reader_table[reader].send_apdu_reader = ct_send_apdu; reader_table[reader].check_keypad = NULL; reader_table[reader].dump_status_reader = ct_dump_reader_status; + reader_table[reader].keypad_verify = NULL; dump_reader_status (reader); return reader; @@ -1170,6 +1194,150 @@ pcsc_send_apdu (int slot, unsigned char *apdu, size_t apdulen, } +#ifndef NEED_PCSC_WRAPPER +static int +control_pcsc_direct (int slot, unsigned long ioctl_code, + const unsigned char *cntlbuf, size_t len, + unsigned char *buffer, size_t *buflen) +{ + long err; + + err = pcsc_control (reader_table[slot].pcsc.card, ioctl_code, + cntlbuf, len, buffer, *buflen, buflen); + if (err) + { + log_error ("pcsc_control failed: %s (0x%lx)\n", + pcsc_error_string (err), err); + return pcsc_error_to_sw (err); + } + + return 0; +} +#endif /*!NEED_PCSC_WRAPPER*/ + + +#ifdef NEED_PCSC_WRAPPER +static int +control_pcsc_wrapped (int slot, unsigned long ioctl_code, + const unsigned char *cntlbuf, size_t len, + unsigned char *buffer, size_t *buflen) +{ + long err = PCSC_E_NOT_TRANSACTED; + reader_table_t slotp; + unsigned char msgbuf[9]; + int i, n; + size_t full_len; + + slotp = reader_table + slot; + + msgbuf[0] = 0x06; /* CONTROL command. */ + msgbuf[1] = ((len + 4) >> 24); + msgbuf[2] = ((len + 4) >> 16); + msgbuf[3] = ((len + 4) >> 8); + msgbuf[4] = ((len + 4) ); + msgbuf[5] = (ioctl_code >> 24); + msgbuf[6] = (ioctl_code >> 16); + msgbuf[7] = (ioctl_code >> 8); + msgbuf[8] = (ioctl_code ); + if ( writen (slotp->pcsc.req_fd, msgbuf, 9) + || writen (slotp->pcsc.req_fd, cntlbuf, len)) + { + log_error ("error sending PC/SC CONTROL request: %s\n", + strerror (errno)); + goto command_failed; + } + + /* Read the response. */ + if ((i=readn (slotp->pcsc.rsp_fd, msgbuf, 9, &len)) || len != 9) + { + log_error ("error receiving PC/SC CONTROL response: %s\n", + i? strerror (errno) : "premature EOF"); + goto command_failed; + } + len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; + if (msgbuf[0] != 0x81 || len < 4) + { + log_error ("invalid response header from PC/SC received\n"); + goto command_failed; + } + len -= 4; /* Already read the error code. */ + err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16) + | (msgbuf[7] << 8 ) | msgbuf[8]); + if (err) + { + log_error ("pcsc_control failed: %s (0x%lx)\n", + pcsc_error_string (err), err); + return pcsc_error_to_sw (err); + } + + full_len = len; + + n = *buflen < len ? *buflen : len; + if ((i=readn (slotp->pcsc.rsp_fd, buffer, n, &len)) || len != n) + { + log_error ("error receiving PC/SC CONTROL response: %s\n", + i? strerror (errno) : "premature EOF"); + goto command_failed; + } + *buflen = n; + + full_len -= len; + if (full_len) + { + log_error ("pcsc_send_apdu: provided buffer too short - truncated\n"); + err = PCSC_E_INVALID_VALUE; + } + /* We need to read any rest of the response, to keep the + protocol running. */ + while (full_len) + { + unsigned char dummybuf[128]; + + n = full_len < DIM (dummybuf) ? full_len : DIM (dummybuf); + if ((i=readn (slotp->pcsc.rsp_fd, dummybuf, n, &len)) || len != n) + { + log_error ("error receiving PC/SC CONTROL response: %s\n", + i? strerror (errno) : "premature EOF"); + goto command_failed; + } + full_len -= n; + } + + if (!err) + return 0; + + command_failed: + close (slotp->pcsc.req_fd); + close (slotp->pcsc.rsp_fd); + slotp->pcsc.req_fd = -1; + slotp->pcsc.rsp_fd = -1; + kill (slotp->pcsc.pid, SIGTERM); + slotp->pcsc.pid = (pid_t)(-1); + slotp->used = 0; + return pcsc_error_to_sw (err); +} +#endif /*NEED_PCSC_WRAPPER*/ + + + +/* Do some control with the value of IOCTL_CODE to the card inserted + to SLOT. Input buffer is specified by CNTLBUF of length LEN. + Output buffer is specified by BUFFER of length *BUFLEN, and the + actual output size will be stored at BUFLEN. Returns: A status word. + This routine is used for PIN pad input support. */ +static int +control_pcsc (int slot, unsigned long ioctl_code, + const unsigned char *cntlbuf, size_t len, + unsigned char *buffer, size_t *buflen) +{ +#ifdef NEED_PCSC_WRAPPER + return control_pcsc_wrapped (slot, ioctl_code, cntlbuf, len, buffer, buflen); +#else + return control_pcsc_direct (slot, ioctl_code, cntlbuf, len, buffer, buflen); +#endif +} + + #ifndef NEED_PCSC_WRAPPER static int close_pcsc_reader_direct (int slot) @@ -1808,6 +1976,138 @@ open_pcsc_reader (const char *portstr) } +/* Check whether the reader supports the ISO command code COMMAND + on the keypad. Return 0 on success. */ +static int +check_pcsc_keypad (int slot, int command, int pin_mode, + int pinlen_min, int pinlen_max, int pin_padlen) +{ + unsigned char buf[256]; + size_t len = 256; + int sw; + + (void)pin_mode; + (void)pinlen_min; + (void)pinlen_max; + (void)pin_padlen; + + check_again: + if (command == ISO7816_VERIFY) + { + if (reader_table[slot].pcsc.verify_ioctl == (unsigned long)-1) + return SW_NOT_SUPPORTED; + else if (reader_table[slot].pcsc.verify_ioctl != 0) + return 0; /* Success */ + } + else if (command == ISO7816_CHANGE_REFERENCE_DATA) + { + if (reader_table[slot].pcsc.modify_ioctl == (unsigned long)-1) + return SW_NOT_SUPPORTED; + else if (reader_table[slot].pcsc.modify_ioctl != 0) + return 0; /* Success */ + } + else + return SW_NOT_SUPPORTED; + + reader_table[slot].pcsc.verify_ioctl = (unsigned long)-1; + reader_table[slot].pcsc.modify_ioctl = (unsigned long)-1; + + sw = control_pcsc (slot, CM_IOCTL_GET_FEATURE_REQUEST, NULL, 0, buf, &len); + if (sw) + return SW_NOT_SUPPORTED; + else + { + unsigned char *p = buf; + + while (p < buf + len) + { + unsigned char code = *p++; + + p++; /* Skip length */ + if (code == FEATURE_VERIFY_PIN_DIRECT) + reader_table[slot].pcsc.verify_ioctl + = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + else if (code == FEATURE_MODIFY_PIN_DIRECT) + reader_table[slot].pcsc.modify_ioctl + = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + p += 4; + } + } + + goto check_again; +} + + +#define PIN_VERIFY_STRUCTURE_SIZE 23 +static int +pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, + struct pininfo_s *pininfo) +{ + int sw; + unsigned char *pin_verify; + unsigned long len = PIN_VERIFY_STRUCTURE_SIZE; + unsigned char result[2]; + size_t resultlen = 2; + + if (!reader_table[slot].atrlen + && (sw = reset_pcsc_reader (slot))) + return sw; + + if (pininfo->mode != 1) + return SW_NOT_SUPPORTED; + + if (pininfo->padlen != 0) + return SW_NOT_SUPPORTED; + + if (!pininfo->minlen) + pininfo->minlen = 1; + if (!pininfo->maxlen) + pininfo->maxlen = 25; + + /* Note that the 25 is the maximum value the SPR532 allows. */ + if (pininfo->minlen < 1 || pininfo->minlen > 25 + || pininfo->maxlen < 1 || pininfo->maxlen > 25 + || pininfo->minlen > pininfo->maxlen) + return SW_HOST_INV_VALUE; + + pin_verify = xtrymalloc (len); + if (!pin_verify) + return SW_HOST_OUT_OF_CORE; + + pin_verify[0] = 0x00; /* bTimerOut */ + pin_verify[1] = 0x00; /* bTimerOut2 */ + pin_verify[2] = 0x82; /* bmFormatString: Byte, pos=0, left, ASCII. */ + pin_verify[3] = 0x00; /* bmPINBlockString */ + pin_verify[4] = 0x00; /* bmPINLengthFormat */ + pin_verify[5] = pininfo->maxlen; /* wPINMaxExtraDigit */ + pin_verify[6] = pininfo->minlen; /* wPINMaxExtraDigit */ + pin_verify[7] = 0x02; /* bEntryValidationCondition: Validation key pressed */ + if (pininfo->minlen && pininfo->maxlen && pininfo->minlen == pininfo->maxlen) + pin_verify[7] |= 0x01; /* Max size reached. */ + pin_verify[8] = 0xff; /* bNumberMessage: Default */ + pin_verify[9] = 0x09; /* wLangId: 0x0409: US English */ + pin_verify[10] = 0x04; /* wLangId: 0x0409: US English */ + pin_verify[11] = 0x00; /* bMsgIndex */ + pin_verify[12] = 0x00; /* bTeoPrologue[0] */ + pin_verify[13] = 0x00; /* bTeoPrologue[1] */ + pin_verify[14] = 0x00; /* bTeoPrologue[2] */ + pin_verify[15] = 0x04; /* ulDataLength */ + pin_verify[16] = 0x00; /* ulDataLength */ + pin_verify[17] = 0x00; /* ulDataLength */ + pin_verify[18] = 0x00; /* ulDataLength */ + pin_verify[19] = class; /* abData[0] */ + pin_verify[20] = ins; /* abData[1] */ + pin_verify[21] = p0; /* abData[2] */ + pin_verify[22] = p1; /* abData[3] */ + + sw = control_pcsc (slot, reader_table[slot].pcsc.verify_ioctl, + pin_verify, len, result, &resultlen); + xfree (pin_verify); + if (sw || resultlen < 2) + return sw? sw : SW_HOST_INCOMPLETE_CARD_RESPONSE; + sw = (result[resultlen-2] << 8) | result[resultlen-1]; + return sw; +} #ifdef HAVE_LIBUSB /* @@ -1945,6 +2245,35 @@ check_ccid_keypad (int slot, int command, int pin_mode, } +static int +ccid_keypad_verify (int slot, int class, int ins, int p0, int p1, + struct pininfo_s *pininfo) +{ + unsigned char apdu[4]; + int err, sw; + unsigned char result[2]; + size_t resultlen = 2; + + apdu[0] = class; + apdu[1] = ins; + apdu[2] = p0; + apdu[3] = p1; + err = ccid_transceive_secure (reader_table[slot].ccid.handle, + apdu, sizeof apdu, + pininfo->mode, pininfo->minlen, pininfo->maxlen, + pininfo->padlen, + result, 2, &resultlen); + if (err) + return err; + + if (resultlen < 2) + return SW_HOST_INCOMPLETE_CARD_RESPONSE; + + sw = (result[resultlen-2] << 8) | result[resultlen-1]; + return sw; +} + + /* Open the reader and try to read an ATR. */ static int open_ccid_reader (const char *portstr) @@ -1989,6 +2318,7 @@ open_ccid_reader (const char *portstr) reader_table[slot].check_keypad = check_ccid_keypad; reader_table[slot].dump_status_reader = dump_ccid_reader_status; reader_table[slot].set_progress_cb = set_progress_cb_ccid_reader; + reader_table[slot].keypad_verify = ccid_keypad_verify; /* Our CCID reader code does not support T=0 at all, thus reset the flag. */ reader_table[slot].is_t0 = 0; @@ -2281,6 +2611,7 @@ open_rapdu_reader (int portno, reader_table[slot].send_apdu_reader = my_rapdu_send_apdu; reader_table[slot].check_keypad = NULL; reader_table[slot].dump_status_reader = NULL; + reader_table[slot].keypad_verify = NULL; dump_reader_status (slot); rapdu_msg_release (msg); @@ -2461,6 +2792,7 @@ apdu_open_reader (const char *portstr, int *r_no_service) pcsc_end_transaction = dlsym (handle, "SCardEndTransaction"); pcsc_transmit = dlsym (handle, "SCardTransmit"); pcsc_set_timeout = dlsym (handle, "SCardSetTimeout"); + pcsc_control = dlsym (handle, "SCardControl"); if (!pcsc_establish_context || !pcsc_release_context @@ -2473,12 +2805,13 @@ apdu_open_reader (const char *portstr, int *r_no_service) || !pcsc_begin_transaction || !pcsc_end_transaction || !pcsc_transmit + || !pcsc_control /* || !pcsc_set_timeout */) { /* Note that set_timeout is currently not used and also not available under Windows. */ log_error ("apdu_open_reader: invalid PC/SC driver " - "(%d%d%d%d%d%d%d%d%d%d%d%d)\n", + "(%d%d%d%d%d%d%d%d%d%d%d%d%d)\n", !!pcsc_establish_context, !!pcsc_release_context, !!pcsc_list_readers, @@ -2490,7 +2823,8 @@ apdu_open_reader (const char *portstr, int *r_no_service) !!pcsc_begin_transaction, !!pcsc_end_transaction, !!pcsc_transmit, - !!pcsc_set_timeout ); + !!pcsc_set_timeout, + !!pcsc_control ); dlclose (handle); return -1; } @@ -2894,6 +3228,28 @@ apdu_check_keypad (int slot, int command, int pin_mode, } +int +apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, int pin_mode, + int pinlen_min, int pinlen_max, int pin_padlen) +{ + struct pininfo_s pininfo; + + pininfo.mode = pin_mode; + pininfo.minlen = pinlen_min; + pininfo.maxlen = pinlen_max; + pininfo.padlen = pin_padlen; + + if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) + return SW_HOST_NO_DRIVER; + + if (reader_table[slot].keypad_verify) + return reader_table[slot].keypad_verify (slot, class, ins, p0, p1, + &pininfo); + else + return SW_HOST_NOT_SUPPORTED; +} + + /* Dispatcher for the actual send_apdu function. Note, that this function should be called in locked state. */ static int diff --git a/scd/apdu.h b/scd/apdu.h index 7c0188782..4dff9eb95 100644 --- a/scd/apdu.h +++ b/scd/apdu.h @@ -114,6 +114,9 @@ int apdu_get_status (int slot, int hang, unsigned int *status, unsigned int *changed); int apdu_check_keypad (int slot, int command, int pin_mode, int pinlen_min, int pinlen_max, int pin_padlen); +int apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, + int pin_mode, int pinlen_min, int pinlen_max, + int pin_padlen); int apdu_send_simple (int slot, int extended_mode, int class, int ins, int p0, int p1, int lc, const char *data); diff --git a/scd/app-dinsig.c b/scd/app-dinsig.c index 30beb8efb..50db78e1f 100644 --- a/scd/app-dinsig.c +++ b/scd/app-dinsig.c @@ -304,7 +304,7 @@ verify_pin (app_t app, gpg_strerror (rc)); return rc; } - rc = iso7816_verify_kp (app->slot, 0x81, "", 0, &pininfo); + rc = iso7816_verify_kp (app->slot, 0x81, &pininfo); /* Dismiss the prompt. */ pincb (pincb_arg, NULL, NULL); } diff --git a/scd/app-nks.c b/scd/app-nks.c index c1b2aa376..28ccb9af7 100644 --- a/scd/app-nks.c +++ b/scd/app-nks.c @@ -803,7 +803,7 @@ verify_pin (app_t app, int pwid, const char *desc, return rc; } - rc = iso7816_verify_kp (app->slot, pwid, "", 0, &pininfo); + rc = iso7816_verify_kp (app->slot, pwid, &pininfo); pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */ } else diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index eb0b4f029..d7efad562 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -1550,7 +1550,7 @@ verify_a_chv (app_t app, gpg_strerror (rc)); return rc; } - rc = iso7816_verify_kp (app->slot, 0x80+chvno, "", 0, &pininfo); + rc = iso7816_verify_kp (app->slot, 0x80+chvno, &pininfo); /* Dismiss the prompt. */ pincb (pincb_arg, NULL, NULL); @@ -1730,7 +1730,7 @@ verify_chv3 (app_t app, gpg_strerror (rc)); return rc; } - rc = iso7816_verify_kp (app->slot, 0x83, "", 0, &pininfo); + rc = iso7816_verify_kp (app->slot, 0x83, &pininfo); /* Dismiss the prompt. */ pincb (pincb_arg, NULL, NULL); } diff --git a/scd/iso7816.c b/scd/iso7816.c index 318fec8a2..1238552f6 100644 --- a/scd/iso7816.c +++ b/scd/iso7816.c @@ -281,22 +281,16 @@ iso7816_check_keypad (int slot, int command, iso7816_pininfo_t *pininfo) /* Perform a VERIFY command on SLOT using the card holder verification - vector CHVNO with a CHV of lenght CHVLEN. With PININFO non-NULL - the keypad of the reader will be used. Returns 0 on success. */ + vector CHVNO. With PININFO non-NULL the keypad of the reader will + be used. Returns 0 on success. */ gpg_error_t -iso7816_verify_kp (int slot, int chvno, const char *chv, size_t chvlen, - iso7816_pininfo_t *pininfo) +iso7816_verify_kp (int slot, int chvno, iso7816_pininfo_t *pininfo) { int sw; - if (pininfo && pininfo->mode) - sw = apdu_send_simple_kp (slot, 0x00, CMD_VERIFY, 0, chvno, chvlen, chv, - pininfo->mode, - pininfo->minlen, - pininfo->maxlen, - pininfo->padlen); - else - sw = apdu_send_simple (slot, 0, 0x00, CMD_VERIFY, 0, chvno, chvlen, chv); + sw = apdu_keypad_verify (slot, 0x00, CMD_VERIFY, 0, chvno, + pininfo->mode, pininfo->minlen, pininfo->maxlen, + pininfo->padlen); return map_sw (sw); } @@ -305,7 +299,10 @@ iso7816_verify_kp (int slot, int chvno, const char *chv, size_t chvlen, gpg_error_t iso7816_verify (int slot, int chvno, const char *chv, size_t chvlen) { - return iso7816_verify_kp (slot, chvno, chv, chvlen, NULL); + int sw; + + sw = apdu_send_simple (slot, 0, 0x00, CMD_VERIFY, 0, chvno, chvlen, chv); + return map_sw (sw); } /* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder diff --git a/scd/iso7816.h b/scd/iso7816.h index a37759dbe..58e81d458 100644 --- a/scd/iso7816.h +++ b/scd/iso7816.h @@ -63,9 +63,7 @@ gpg_error_t iso7816_check_keypad (int slot, int command, iso7816_pininfo_t *pininfo); gpg_error_t iso7816_verify (int slot, int chvno, const char *chv, size_t chvlen); -gpg_error_t iso7816_verify_kp (int slot, - int chvno, const char *chv, size_t chvlen, - iso7816_pininfo_t *pininfo); +gpg_error_t iso7816_verify_kp (int slot, int chvno, iso7816_pininfo_t *pininfo); gpg_error_t iso7816_change_reference_data (int slot, int chvno, const char *oldchv, size_t oldchvlen, const char *newchv, size_t newchvlen); diff --git a/scd/pcsc-wrapper.c b/scd/pcsc-wrapper.c index ee974ac7b..73b25f4b3 100644 --- a/scd/pcsc-wrapper.c +++ b/scd/pcsc-wrapper.c @@ -178,6 +178,13 @@ long (* pcsc_transmit) (unsigned long card, unsigned long *recv_len); long (* pcsc_set_timeout) (unsigned long context, unsigned long timeout); +long (* pcsc_control) (unsigned long card, + unsigned long control_code, + const void *send_buffer, + unsigned long send_len, + void *recv_buffer, + unsigned long recv_len, + unsigned long *bytes_returned); @@ -335,6 +342,7 @@ load_pcsc_driver (const char *libname) pcsc_end_transaction = dlsym (handle, "SCardEndTransaction"); pcsc_transmit = dlsym (handle, "SCardTransmit"); pcsc_set_timeout = dlsym (handle, "SCardSetTimeout"); + pcsc_control = dlsym (handle, "SCardControl"); if (!pcsc_establish_context || !pcsc_release_context @@ -347,13 +355,14 @@ load_pcsc_driver (const char *libname) || !pcsc_begin_transaction || !pcsc_end_transaction || !pcsc_transmit + || !pcsc_control /* || !pcsc_set_timeout */) { /* Note that set_timeout is currently not used and also not available under Windows. */ fprintf (stderr, "apdu_open_reader: invalid PC/SC driver " - "(%d%d%d%d%d%d%d%d%d%d%d%d)\n", + "(%d%d%d%d%d%d%d%d%d%d%d%d%d)\n", !!pcsc_establish_context, !!pcsc_release_context, !!pcsc_list_readers, @@ -365,7 +374,8 @@ load_pcsc_driver (const char *libname) !!pcsc_begin_transaction, !!pcsc_end_transaction, !!pcsc_transmit, - !!pcsc_set_timeout ); + !!pcsc_set_timeout, + !!pcsc_control ); dlclose (handle); exit (1); } @@ -720,6 +730,38 @@ handle_transmit (unsigned char *argbuf, size_t arglen) } +/* Handle a control request. The argument is expected to be a buffer + which contains CONTROL_CODE (4-byte) and INPUT_BYTES. + */ +static void +handle_control (unsigned char *argbuf, size_t arglen) +{ + long err; + unsigned long ioctl_code; + unsigned long recv_len = 1024; + unsigned char buffer[1024]; + + if (arglen < 4) + bad_request ("CONTROL"); + + ioctl_code = (argbuf[0] << 24) | (argbuf[1] << 16) | (argbuf[2] << 8) | argbuf[3]; + argbuf += 4; + arglen -= 4; + + recv_len = sizeof (buffer); + err = pcsc_control (pcsc_card, ioctl_code, argbuf, arglen, + buffer, recv_len, &recv_len); + if (err) + { + if (verbose) + fprintf (stderr, PGM": pcsc_control failed: %s (0x%lx)\n", + pcsc_error_string (err), err); + request_failed (err); + return; + } + request_succeeded (buffer, recv_len); +} + static void print_version (int with_help) @@ -831,6 +873,10 @@ main (int argc, char **argv) handle_reset (argbuffer, arglen); break; + case 6: + handle_control (argbuffer, arglen); + break; + default: fprintf (stderr, PGM ": invalid request 0x%02X\n", c); exit (1); -- cgit v1.2.3 From 57d4f7fae13810f4daed266139c33057de38d114 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Tue, 29 Nov 2011 11:59:32 +0900 Subject: PC/SC pinpad support (pinpad input for modify pass phrase). --- scd/ChangeLog | 20 ++++++++++ scd/apdu.c | 111 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ scd/apdu.h | 3 ++ scd/app-openpgp.c | 58 +++++++++++++++++++--------- scd/iso7816.c | 51 +++++++++++-------------- scd/iso7816.h | 4 +- 6 files changed, 196 insertions(+), 51 deletions(-) (limited to 'scd') diff --git a/scd/ChangeLog b/scd/ChangeLog index 9f991cec0..9c11fb309 100644 --- a/scd/ChangeLog +++ b/scd/ChangeLog @@ -1,3 +1,23 @@ +2011-11-29 Niibe Yutaka + + * iso7816.h (iso7816_change_reference_data_kp): Remove arguments + of OLDCHV, OLDCHVLEN, NEWCHV, and NEWCHVLEN. + + * iso7816.c (iso7816_change_reference_data_kp): Call + apdu_keypad_modify. + (iso7816_change_reference_data): Don't call + iso7816_change_reference_data_kp. + + * apdu.h (apdu_keypad_modify): New. + + * apdu.c (pcsc_keypad_modify, apdu_keypad_modify): New. + (struct reader_table_s): New memeber function keypad_modify. + (new_reader_slot, open_ct_reader, open_ccid_reader) + (open_rapdu_reader): Initialize keypad_modify. + + * app-openpgp.c (do_change_pin): Handle keypad and call + iso7816_change_reference_data_kp if it is the case. + 2011-11-28 Niibe Yutaka * iso7816.h (iso7816_verify_kp): Remove arguments of CHV and CHVLEN. diff --git a/scd/apdu.c b/scd/apdu.c index 866ebb916..380450df3 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -112,6 +112,7 @@ struct reader_table_s { void (*dump_status_reader)(int); int (*set_progress_cb)(int, gcry_handler_progress_t, void*); int (*keypad_verify)(int, int, int, int, int, struct pininfo_s *); + int (*keypad_modify)(int, int, int, int, int, struct pininfo_s *); struct { ccid_driver_t handle; @@ -335,6 +336,8 @@ static int check_pcsc_keypad (int slot, int command, int pin_mode, int pinlen_min, int pinlen_max, int pin_padlen); static int pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, struct pininfo_s *pininfo); +static int pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, + struct pininfo_s *pininfo); @@ -382,6 +385,7 @@ new_reader_slot (void) reader_table[reader].dump_status_reader = NULL; reader_table[reader].set_progress_cb = NULL; reader_table[reader].keypad_verify = pcsc_keypad_verify; + reader_table[reader].keypad_modify = pcsc_keypad_modify; reader_table[reader].used = 1; reader_table[reader].any_status = 0; @@ -669,6 +673,7 @@ open_ct_reader (int port) reader_table[reader].check_keypad = NULL; reader_table[reader].dump_status_reader = ct_dump_reader_status; reader_table[reader].keypad_verify = NULL; + reader_table[reader].keypad_modify = NULL; dump_reader_status (reader); return reader; @@ -2108,6 +2113,88 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, sw = (result[resultlen-2] << 8) | result[resultlen-1]; return sw; } + + +#define PIN_MODIFY_STRUCTURE_SIZE 28 +static int +pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, + struct pininfo_s *pininfo) +{ + int sw; + unsigned char *pin_modify; + unsigned long len = PIN_MODIFY_STRUCTURE_SIZE; + unsigned char result[2]; + size_t resultlen = 2; + + if (!reader_table[slot].atrlen + && (sw = reset_pcsc_reader (slot))) + return sw; + + if (pininfo->mode != 1) + return SW_NOT_SUPPORTED; + + if (pininfo->padlen != 0) + return SW_NOT_SUPPORTED; + + if (!pininfo->minlen) + pininfo->minlen = 1; + if (!pininfo->maxlen) + pininfo->maxlen = 25; + + /* Note that the 25 is the maximum value the SPR532 allows. */ + if (pininfo->minlen < 1 || pininfo->minlen > 25 + || pininfo->maxlen < 1 || pininfo->maxlen > 25 + || pininfo->minlen > pininfo->maxlen) + return SW_HOST_INV_VALUE; + + pin_modify = xtrymalloc (len); + if (!pin_modify) + return SW_HOST_OUT_OF_CORE; + + pin_modify[0] = 0x00; /* bTimerOut */ + pin_modify[1] = 0x00; /* bTimerOut2 */ + pin_modify[2] = 0x82; /* bmFormatString: Byte, pos=0, left, ASCII. */ + pin_modify[3] = 0x00; /* bmPINBlockString */ + pin_modify[4] = 0x00; /* bmPINLengthFormat */ + pin_modify[5] = 0x00; /* bInsertionOffsetOld */ + pin_modify[6] = 0x00; /* bInsertionOffsetNew */ + pin_modify[7] = pininfo->maxlen; /* wPINMaxExtraDigit */ + pin_modify[8] = pininfo->minlen; /* wPINMaxExtraDigit */ + pin_modify[9] = 0x03; /* bConfirmPIN + * 0x00: new PIN once + * 0x01: new PIN twice (confirmation) + * 0x02: old PIN and new PIN once + * 0x03: old PIN and new PIN twice (confirmation) + */ + pin_modify[10] = 0x02; /* bEntryValidationCondition: Validation key pressed */ + if (pininfo->minlen && pininfo->maxlen && pininfo->minlen == pininfo->maxlen) + pin_modify[10] |= 0x01; /* Max size reached. */ + pin_modify[11] = 0xff; /* bNumberMessage: Default */ + pin_modify[12] = 0x09; /* wLangId: 0x0409: US English */ + pin_modify[13] = 0x04; /* wLangId: 0x0409: US English */ + pin_modify[14] = 0x00; /* bMsgIndex1 */ + pin_modify[15] = 0x00; /* bMsgIndex2 */ + pin_modify[16] = 0x00; /* bMsgIndex3 */ + pin_modify[17] = 0x00; /* bTeoPrologue[0] */ + pin_modify[18] = 0x00; /* bTeoPrologue[1] */ + pin_modify[19] = 0x00; /* bTeoPrologue[2] */ + pin_modify[20] = 0x04; /* ulDataLength */ + pin_modify[21] = 0x00; /* ulDataLength */ + pin_modify[22] = 0x00; /* ulDataLength */ + pin_modify[23] = 0x00; /* ulDataLength */ + pin_modify[24] = class; /* abData[0] */ + pin_modify[25] = ins; /* abData[1] */ + pin_modify[26] = p0; /* abData[2] */ + pin_modify[27] = p1; /* abData[3] */ + + sw = control_pcsc (slot, reader_table[slot].pcsc.modify_ioctl, + pin_modify, len, result, &resultlen); + xfree (pin_modify); + if (sw || resultlen < 2) + return sw? sw : SW_HOST_INCOMPLETE_CARD_RESPONSE; + sw = (result[resultlen-2] << 8) | result[resultlen-1]; + return sw; +} #ifdef HAVE_LIBUSB /* @@ -2319,6 +2406,7 @@ open_ccid_reader (const char *portstr) reader_table[slot].dump_status_reader = dump_ccid_reader_status; reader_table[slot].set_progress_cb = set_progress_cb_ccid_reader; reader_table[slot].keypad_verify = ccid_keypad_verify; + reader_table[slot].keypad_modify = NULL; /* Our CCID reader code does not support T=0 at all, thus reset the flag. */ reader_table[slot].is_t0 = 0; @@ -2612,6 +2700,7 @@ open_rapdu_reader (int portno, reader_table[slot].check_keypad = NULL; reader_table[slot].dump_status_reader = NULL; reader_table[slot].keypad_verify = NULL; + reader_table[slot].keypad_modify = NULL; dump_reader_status (slot); rapdu_msg_release (msg); @@ -3250,6 +3339,28 @@ apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, int pin_mode, } +int +apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, int pin_mode, + int pinlen_min, int pinlen_max, int pin_padlen) +{ + struct pininfo_s pininfo; + + pininfo.mode = pin_mode; + pininfo.minlen = pinlen_min; + pininfo.maxlen = pinlen_max; + pininfo.padlen = pin_padlen; + + if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) + return SW_HOST_NO_DRIVER; + + if (reader_table[slot].keypad_modify) + return reader_table[slot].keypad_modify (slot, class, ins, p0, p1, + &pininfo); + else + return SW_HOST_NOT_SUPPORTED; +} + + /* Dispatcher for the actual send_apdu function. Note, that this function should be called in locked state. */ static int diff --git a/scd/apdu.h b/scd/apdu.h index 4dff9eb95..e5b4c0878 100644 --- a/scd/apdu.h +++ b/scd/apdu.h @@ -117,6 +117,9 @@ int apdu_check_keypad (int slot, int command, int pin_mode, int apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, int pin_mode, int pinlen_min, int pinlen_max, int pin_padlen); +int apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, + int pin_mode, int pinlen_min, int pinlen_max, + int pin_padlen); int apdu_send_simple (int slot, int extended_mode, int class, int ins, int p0, int p1, int lc, const char *data); diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index d7efad562..b3a3ae13a 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -1912,11 +1912,17 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, int chvno = atoi (chvnostr); char *resetcode = NULL; char *oldpinvalue = NULL; - char *pinvalue; + char *pinvalue = NULL; int reset_mode = !!(flags & APP_CHANGE_FLAG_RESET); int set_resetcode = 0; + iso7816_pininfo_t pininfo; + int use_keypad = 0; + int minlen = 6; (void)ctrl; + memset (&pininfo, 0, sizeof pininfo); + pininfo.mode = 1; + pininfo.minlen = minlen; if (reset_mode && chvno == 3) { @@ -1960,6 +1966,11 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, { /* Version 2 cards. */ + if (!opt.disable_keypad + && !iso7816_check_keypad (app->slot, + ISO7816_CHANGE_REFERENCE_DATA, &pininfo)) + use_keypad = 1; + if (reset_mode) { /* To reset a PIN the Admin PIN is required. */ @@ -1973,12 +1984,12 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, } else if (chvno == 1 || chvno == 3) { - int minlen = (chvno ==3)? 8 : 6; char *promptbuf = NULL; const char *prompt; if (chvno == 3) { + minlen = 8; rc = build_enter_admin_pin_prompt (app, &promptbuf); if (rc) goto leave; @@ -1986,7 +1997,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, } else prompt = _("||Please enter the PIN"); - rc = pincb (pincb_arg, prompt, &oldpinvalue); + rc = pincb (pincb_arg, prompt, use_keypad ? NULL : &oldpinvalue); xfree (promptbuf); promptbuf = NULL; if (rc) @@ -1996,7 +2007,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, goto leave; } - if (strlen (oldpinvalue) < minlen) + if (!use_keypad && strlen (oldpinvalue) < minlen) { log_info (_("PIN for CHV%d is too short;" " minimum length is %d\n"), chvno, minlen); @@ -2012,8 +2023,8 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, unsigned char *value; size_t valuelen; int remaining; - int minlen = 8; + minlen = 8; relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL); if (!relptr || valuelen < 7) { @@ -2060,17 +2071,20 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, else app->did_chv1 = app->did_chv2 = 0; - /* TRANSLATORS: Do not translate the "|*|" prefixes but - keep it at the start of the string. We need this elsewhere - to get some infos on the string. */ - rc = pincb (pincb_arg, - set_resetcode? _("|RN|New Reset Code") : - chvno == 3? _("|AN|New Admin PIN") : _("|N|New PIN"), - &pinvalue); - if (rc) + if (!use_keypad) { - log_error (_("error getting new PIN: %s\n"), gpg_strerror (rc)); - goto leave; + /* TRANSLATORS: Do not translate the "|*|" prefixes but + keep it at the start of the string. We need this elsewhere + to get some infos on the string. */ + rc = pincb (pincb_arg, + set_resetcode? _("|RN|New Reset Code") : + chvno == 3? _("|AN|New Admin PIN") : _("|N|New PIN"), + &pinvalue); + if (rc) + { + log_error (_("error getting new PIN: %s\n"), gpg_strerror (rc)); + goto leave; + } } @@ -2131,9 +2145,17 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, /* Version 2 cards. */ assert (chvno == 1 || chvno == 3); - rc = iso7816_change_reference_data (app->slot, 0x80 + chvno, - oldpinvalue, strlen (oldpinvalue), - pinvalue, strlen (pinvalue)); + if (use_keypad) + { + rc = iso7816_change_reference_data_kp (app->slot, 0x80 + chvno, + &pininfo); + /* Dismiss the prompt. */ + pincb (pincb_arg, NULL, NULL); + } + else + rc = iso7816_change_reference_data (app->slot, 0x80 + chvno, + oldpinvalue, strlen (oldpinvalue), + pinvalue, strlen (pinvalue)); } if (pinvalue) diff --git a/scd/iso7816.c b/scd/iso7816.c index 1238552f6..8d0f10557 100644 --- a/scd/iso7816.c +++ b/scd/iso7816.c @@ -305,17 +305,30 @@ iso7816_verify (int slot, int chvno, const char *chv, size_t chvlen) return map_sw (sw); } +/* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder + verification vector CHVNO. With PININFO non-NULL the keypad of the + reader will be used. */ +gpg_error_t +iso7816_change_reference_data_kp (int slot, int chvno, + iso7816_pininfo_t *pininfo) +{ + int sw; + + sw = apdu_keypad_modify (slot, 0x00, CMD_CHANGE_REFERENCE_DATA, 0, chvno, + pininfo->mode, pininfo->minlen, pininfo->maxlen, + pininfo->padlen); + return map_sw (sw); +} + /* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder verification vector CHVNO. If the OLDCHV is NULL (and OLDCHVLEN 0), a "change reference data" is done, otherwise an "exchange reference data". The new reference data is expected in NEWCHV of - length NEWCHVLEN. With PININFO non-NULL the keypad of the reader - will be used. */ + length NEWCHVLEN. */ gpg_error_t -iso7816_change_reference_data_kp (int slot, int chvno, - const char *oldchv, size_t oldchvlen, - const char *newchv, size_t newchvlen, - iso7816_pininfo_t *pininfo) +iso7816_change_reference_data (int slot, int chvno, + const char *oldchv, size_t oldchvlen, + const char *newchv, size_t newchvlen) { int sw; char *buf; @@ -332,35 +345,13 @@ iso7816_change_reference_data_kp (int slot, int chvno, memcpy (buf, oldchv, oldchvlen); memcpy (buf+oldchvlen, newchv, newchvlen); - if (pininfo && pininfo->mode) - sw = apdu_send_simple_kp (slot, 0x00, CMD_CHANGE_REFERENCE_DATA, - oldchvlen? 0 : 1, chvno, oldchvlen+newchvlen, buf, - pininfo->mode, - pininfo->minlen, - pininfo->maxlen, - pininfo->padlen); - else - sw = apdu_send_simple (slot, 0, 0x00, CMD_CHANGE_REFERENCE_DATA, - oldchvlen? 0 : 1, chvno, oldchvlen+newchvlen, buf); + sw = apdu_send_simple (slot, 0, 0x00, CMD_CHANGE_REFERENCE_DATA, + oldchvlen? 0 : 1, chvno, oldchvlen+newchvlen, buf); xfree (buf); return map_sw (sw); } -/* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder - verification vector CHVNO. If the OLDCHV is NULL (and OLDCHVLEN - 0), a "change reference data" is done, otherwise an "exchange - reference data". The new reference data is expected in NEWCHV of - length NEWCHVLEN. */ -gpg_error_t -iso7816_change_reference_data (int slot, int chvno, - const char *oldchv, size_t oldchvlen, - const char *newchv, size_t newchvlen) -{ - return iso7816_change_reference_data_kp (slot, chvno, oldchv, oldchvlen, - newchv, newchvlen, NULL); -} - gpg_error_t iso7816_reset_retry_counter_kp (int slot, int chvno, diff --git a/scd/iso7816.h b/scd/iso7816.h index 58e81d458..5b99e869b 100644 --- a/scd/iso7816.h +++ b/scd/iso7816.h @@ -68,9 +68,7 @@ gpg_error_t iso7816_change_reference_data (int slot, int chvno, const char *oldchv, size_t oldchvlen, const char *newchv, size_t newchvlen); gpg_error_t iso7816_change_reference_data_kp (int slot, int chvno, - const char *oldchv, size_t oldchvlen, - const char *newchv, size_t newchvlen, - iso7816_pininfo_t *pininfo); + iso7816_pininfo_t *pininfo); gpg_error_t iso7816_reset_retry_counter (int slot, int chvno, const char *newchv, size_t newchvlen); gpg_error_t iso7816_reset_retry_counter_kp (int slot, int chvno, -- cgit v1.2.3 From 5a62b0d6ee7cecc2e41a429ccc586a1a129e1b04 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Tue, 29 Nov 2011 17:56:22 +0900 Subject: PC/SC pinpad support (pinpad input for modify pass phrase with resetcode, by admin). --- scd/ChangeLog | 24 +++++++++++++++++- scd/apdu.c | 51 +++++++++++++++++++------------------ scd/apdu.h | 4 --- scd/app-openpgp.c | 76 +++++++++++++++++++++++++++++++++++++------------------ scd/iso7816.c | 52 ++++++++++++++++++++++++------------- scd/iso7816.h | 5 ++-- 6 files changed, 139 insertions(+), 73 deletions(-) (limited to 'scd') diff --git a/scd/ChangeLog b/scd/ChangeLog index 9c11fb309..d0f779ebd 100644 --- a/scd/ChangeLog +++ b/scd/ChangeLog @@ -1,5 +1,27 @@ 2011-11-29 Niibe Yutaka + PC/SC pininput support for passphrase modification (2/2) + * apdu.h (apdu_send_simple_kp): Remove. + + * apdu.c (pcsc_keypad_modify): Add bConfirmPIN handling. + (apdu_send_simple_kp): Remove. + + * iso7816.h (iso7816_reset_retry_counter_kp): Remove arguments + of NEWCHV, and NEWCHVLEN. + (iso7816_reset_retry_counter_with_rc_kp, iso7816_put_data_kp): New. + + * iso7816.c (iso7816_reset_retry_counter_with_rc_kp): New. + (iso7816_reset_retry_counter_kp): Call apdu_keypad_modify. Only + handle the case with PININFO. + (iso7816_reset_retry_counter): Don't call + iso7816_reset_retry_counter_kp. + (iso7816_put_data_kp): New. + + * app-openpgp.c (do_change_pin): Add with_resetcode. + Handle keypad for unblocking pass phrase with resetcode, + setting up of resetcode, and unblocking by admin. + + PC/SC pininput support for passphrase modification (1/2) * iso7816.h (iso7816_change_reference_data_kp): Remove arguments of OLDCHV, OLDCHVLEN, NEWCHV, and NEWCHVLEN. @@ -23,7 +45,7 @@ * iso7816.h (iso7816_verify_kp): Remove arguments of CHV and CHVLEN. * iso7816.c (iso7816_verify_kp): Call apdu_keypad_verify. Only - handle thecase with PININFO. + handle the case with PININFO. (iso7816_verify): Call apdu_send_simple. * app-openpgp.c (verify_a_chv, verify_chv3): Follow the change of diff --git a/scd/apdu.c b/scd/apdu.c index 380450df3..4d11157e3 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -2125,6 +2125,32 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, unsigned long len = PIN_MODIFY_STRUCTURE_SIZE; unsigned char result[2]; size_t resultlen = 2; + unsigned char confirm_pin; + + /* bConfirmPIN + * 0x00: new PIN once + * 0x01: new PIN twice (confirmation) + * 0x02: old PIN and new PIN once + * 0x03: old PIN and new PIN twice (confirmation) + */ + switch (ins) + { + case ISO7816_CHANGE_REFERENCE_DATA: + confirm_pin = 0x03; + break; + case 0xDA: /* PUT_DATA */ + confirm_pin = 0x01; + break; + case ISO7816_RESET_RETRY_COUNTER: + if (p0 == 0) + confirm_pin = 0x03; + else + confirm_pin = 0x01; + break; + default: + confirm_pin = 0x00; + break; + } if (!reader_table[slot].atrlen && (sw = reset_pcsc_reader (slot))) @@ -2160,12 +2186,7 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, pin_modify[6] = 0x00; /* bInsertionOffsetNew */ pin_modify[7] = pininfo->maxlen; /* wPINMaxExtraDigit */ pin_modify[8] = pininfo->minlen; /* wPINMaxExtraDigit */ - pin_modify[9] = 0x03; /* bConfirmPIN - * 0x00: new PIN once - * 0x01: new PIN twice (confirmation) - * 0x02: old PIN and new PIN once - * 0x03: old PIN and new PIN twice (confirmation) - */ + pin_modify[9] = confirm_pin; pin_modify[10] = 0x02; /* bEntryValidationCondition: Validation key pressed */ if (pininfo->minlen && pininfo->maxlen && pininfo->minlen == pininfo->maxlen) pin_modify[10] |= 0x01; /* Max size reached. */ @@ -3794,24 +3815,6 @@ apdu_send_simple (int slot, int extended_mode, } -/* Same as apdu_send_simple but uses the keypad of the reader. */ -int -apdu_send_simple_kp (int slot, int class, int ins, int p0, int p1, - int lc, const char *data, - int pin_mode, - int pinlen_min, int pinlen_max, int pin_padlen) -{ - struct pininfo_s pininfo; - - pininfo.mode = pin_mode; - pininfo.minlen = pinlen_min; - pininfo.maxlen = pinlen_max; - pininfo.padlen = pin_padlen; - return send_le (slot, class, ins, p0, p1, lc, data, -1, - NULL, NULL, &pininfo, 0); -} - - /* This is a more generic version of the apdu sending routine. It takes an already formatted APDU in APDUDATA or length APDUDATALEN and returns with an APDU including the status word. With diff --git a/scd/apdu.h b/scd/apdu.h index e5b4c0878..ac1eeeb3b 100644 --- a/scd/apdu.h +++ b/scd/apdu.h @@ -123,10 +123,6 @@ int apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, int apdu_send_simple (int slot, int extended_mode, int class, int ins, int p0, int p1, int lc, const char *data); -int apdu_send_simple_kp (int slot, int class, int ins, int p0, int p1, - int lc, const char *data, - int pin_mode, - int pinlen_min, int pinlen_max, int pin_padlen); int apdu_send (int slot, int extended_mode, int class, int ins, int p0, int p1, int lc, const char *data, unsigned char **retbuf, size_t *retbuflen); diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index b3a3ae13a..08d641db6 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -1915,6 +1915,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, char *pinvalue = NULL; int reset_mode = !!(flags & APP_CHANGE_FLAG_RESET); int set_resetcode = 0; + int with_resetcode = 0; iso7816_pininfo_t pininfo; int use_keypad = 0; int minlen = 6; @@ -2024,6 +2025,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, size_t valuelen; int remaining; + with_resetcode = 1; minlen = 8; relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL); if (!relptr || valuelen < 7) @@ -2044,14 +2046,14 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, rc = pincb (pincb_arg, _("||Please enter the Reset Code for the card"), - &resetcode); + use_keypad ? NULL : &resetcode); if (rc) { log_info (_("PIN callback returned error: %s\n"), gpg_strerror (rc)); goto leave; } - if (strlen (resetcode) < minlen) + if (!use_keypad && strlen (resetcode) < minlen) { log_info (_("Reset Code is too short; minimum length is %d\n"), minlen); @@ -2088,40 +2090,65 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, } - if (resetcode) + if (with_resetcode) { - char *buffer; - - buffer = xtrymalloc (strlen (resetcode) + strlen (pinvalue) + 1); - if (!buffer) - rc = gpg_error_from_syserror (); + if (use_keypad) + { + rc = iso7816_reset_retry_counter_with_rc_kp (app->slot, 0x81, + &pininfo); + pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */ + } else { - strcpy (stpcpy (buffer, resetcode), pinvalue); - rc = iso7816_reset_retry_counter_with_rc (app->slot, 0x81, - buffer, strlen (buffer)); - wipememory (buffer, strlen (buffer)); - xfree (buffer); + char *buffer; + + buffer = xtrymalloc (strlen (resetcode) + strlen (pinvalue) + 1); + if (!buffer) + rc = gpg_error_from_syserror (); + else + { + strcpy (stpcpy (buffer, resetcode), pinvalue); + rc = iso7816_reset_retry_counter_with_rc (app->slot, 0x81, + buffer, strlen (buffer)); + wipememory (buffer, strlen (buffer)); + xfree (buffer); + } } } else if (set_resetcode) { - if (strlen (pinvalue) < 8) + if (use_keypad) { - log_error (_("Reset Code is too short; minimum length is %d\n"), 8); - rc = gpg_error (GPG_ERR_BAD_PIN); + rc = pincb (pincb_arg, _("|RN|New Reset Code"), NULL); + rc = iso7816_put_data_kp (app->slot, 0xD3, &pininfo); + pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */ } else - rc = iso7816_put_data (app->slot, 0, 0xD3, - pinvalue, strlen (pinvalue)); + if (strlen (pinvalue) < 8) + { + log_error (_("Reset Code is too short; minimum length is %d\n"), 8); + rc = gpg_error (GPG_ERR_BAD_PIN); + } + else + rc = iso7816_put_data (app->slot, 0, 0xD3, + pinvalue, strlen (pinvalue)); } else if (reset_mode) { - rc = iso7816_reset_retry_counter (app->slot, 0x81, - pinvalue, strlen (pinvalue)); - if (!rc && !app->app_local->extcap.is_v2) - rc = iso7816_reset_retry_counter (app->slot, 0x82, - pinvalue, strlen (pinvalue)); + if (use_keypad) + { + rc = pincb (pincb_arg, _("|N|New PIN"), NULL); + rc = iso7816_reset_retry_counter_kp (app->slot, 0x81, &pininfo); + pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */ + } + else + { + rc = iso7816_reset_retry_counter (app->slot, 0x81, + pinvalue, strlen (pinvalue)); + if (!rc && !app->app_local->extcap.is_v2) + rc = iso7816_reset_retry_counter (app->slot, 0x82, + pinvalue, strlen (pinvalue)); + } } else if (!app->app_local->extcap.is_v2) { @@ -2149,8 +2176,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, { rc = iso7816_change_reference_data_kp (app->slot, 0x80 + chvno, &pininfo); - /* Dismiss the prompt. */ - pincb (pincb_arg, NULL, NULL); + pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */ } else rc = iso7816_change_reference_data (app->slot, 0x80 + chvno, diff --git a/scd/iso7816.c b/scd/iso7816.c index 8d0f10557..8876b931a 100644 --- a/scd/iso7816.c +++ b/scd/iso7816.c @@ -354,26 +354,14 @@ iso7816_change_reference_data (int slot, int chvno, gpg_error_t -iso7816_reset_retry_counter_kp (int slot, int chvno, - const char *newchv, size_t newchvlen, - iso7816_pininfo_t *pininfo) +iso7816_reset_retry_counter_with_rc_kp (int slot, int chvno, + iso7816_pininfo_t *pininfo) { int sw; - if (!newchv || !newchvlen ) - return gpg_error (GPG_ERR_INV_VALUE); - - /* FIXME: The keypad mode has not yet been tested. */ - if (pininfo && pininfo->mode) - sw = apdu_send_simple_kp (slot, 0x00, CMD_RESET_RETRY_COUNTER, - 2, chvno, newchvlen, newchv, - pininfo->mode, - pininfo->minlen, - pininfo->maxlen, + sw = apdu_keypad_modify (slot, 0x00, CMD_RESET_RETRY_COUNTER, 0, chvno, + pininfo->mode, pininfo->minlen, pininfo->maxlen, pininfo->padlen); - else - sw = apdu_send_simple (slot, 0, 0x00, CMD_RESET_RETRY_COUNTER, - 2, chvno, newchvlen, newchv); return map_sw (sw); } @@ -393,11 +381,28 @@ iso7816_reset_retry_counter_with_rc (int slot, int chvno, } +gpg_error_t +iso7816_reset_retry_counter_kp (int slot, int chvno, + iso7816_pininfo_t *pininfo) +{ + int sw; + + sw = apdu_keypad_modify (slot, 0x00, CMD_RESET_RETRY_COUNTER, 2, chvno, + pininfo->mode, pininfo->minlen, pininfo->maxlen, + pininfo->padlen); + return map_sw (sw); +} + + gpg_error_t iso7816_reset_retry_counter (int slot, int chvno, const char *newchv, size_t newchvlen) { - return iso7816_reset_retry_counter_kp (slot, chvno, newchv, newchvlen, NULL); + int sw; + + sw = apdu_send_simple (slot, 0, 0x00, CMD_RESET_RETRY_COUNTER, + 2, chvno, newchvlen, newchv); + return map_sw (sw); } @@ -440,6 +445,19 @@ iso7816_get_data (int slot, int extended_mode, int tag, } +gpg_error_t +iso7816_put_data_kp (int slot, int tag, iso7816_pininfo_t *pininfo) +{ + int sw; + + sw = apdu_keypad_modify (slot, 0x00, CMD_PUT_DATA, + ((tag >> 8) & 0xff), (tag & 0xff), + pininfo->mode, pininfo->minlen, pininfo->maxlen, + pininfo->padlen); + return map_sw (sw); +} + + /* Perform a PUT DATA command on card in SLOT. Write DATA of length DATALEN to TAG. EXTENDED_MODE controls whether extended length headers or command chaining is used instead of single length diff --git a/scd/iso7816.h b/scd/iso7816.h index 5b99e869b..9ed7b219f 100644 --- a/scd/iso7816.h +++ b/scd/iso7816.h @@ -72,14 +72,15 @@ gpg_error_t iso7816_change_reference_data_kp (int slot, int chvno, gpg_error_t iso7816_reset_retry_counter (int slot, int chvno, const char *newchv, size_t newchvlen); gpg_error_t iso7816_reset_retry_counter_kp (int slot, int chvno, - const char *newchv, - size_t newchvlen, iso7816_pininfo_t *pininfo); gpg_error_t iso7816_reset_retry_counter_with_rc (int slot, int chvno, const char *data, size_t datalen); +gpg_error_t iso7816_reset_retry_counter_with_rc_kp (int slot, int chvno, + iso7816_pininfo_t *pininfo); gpg_error_t iso7816_get_data (int slot, int extended_mode, int tag, unsigned char **result, size_t *resultlen); +gpg_error_t iso7816_put_data_kp (int slot, int tag, iso7816_pininfo_t *pininfo); gpg_error_t iso7816_put_data (int slot, int extended_mode, int tag, const void *data, size_t datalen); gpg_error_t iso7816_put_data_odd (int slot, int extended_mode, int tag, -- cgit v1.2.3 From 2c5d02191203d54f6bb681a18d12550de6319c55 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Thu, 1 Dec 2011 11:09:51 +0900 Subject: Fix pinpad input support --- scd/ChangeLog | 5 ++++ scd/app-openpgp.c | 68 +++++++++++++++++++++++++++++++++++++++++-------------- 2 files changed, 56 insertions(+), 17 deletions(-) (limited to 'scd') diff --git a/scd/ChangeLog b/scd/ChangeLog index d0f779ebd..80cddec49 100644 --- a/scd/ChangeLog +++ b/scd/ChangeLog @@ -1,3 +1,8 @@ +2011-12-01 Niibe Yutaka + + * app-openpgp.c (do_change_pin): Fix pincb messages when + use_keypad == 1. + 2011-11-29 Niibe Yutaka PC/SC pininput support for passphrase modification (2/2) diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 08d641db6..b51eb5be1 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -1983,7 +1983,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, if (chvno == 2) set_resetcode = 1; } - else if (chvno == 1 || chvno == 3) + else if (!use_keypad && (chvno == 1 || chvno == 3)) { char *promptbuf = NULL; const char *prompt; @@ -1998,7 +1998,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, } else prompt = _("||Please enter the PIN"); - rc = pincb (pincb_arg, prompt, use_keypad ? NULL : &oldpinvalue); + rc = pincb (pincb_arg, prompt, &oldpinvalue); xfree (promptbuf); promptbuf = NULL; if (rc) @@ -2008,7 +2008,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, goto leave; } - if (!use_keypad && strlen (oldpinvalue) < minlen) + if (strlen (oldpinvalue) < minlen) { log_info (_("PIN for CHV%d is too short;" " minimum length is %d\n"), chvno, minlen); @@ -2044,21 +2044,24 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, goto leave; } - rc = pincb (pincb_arg, - _("||Please enter the Reset Code for the card"), - use_keypad ? NULL : &resetcode); - if (rc) - { - log_info (_("PIN callback returned error: %s\n"), - gpg_strerror (rc)); - goto leave; - } - if (!use_keypad && strlen (resetcode) < minlen) + if (!use_keypad) { - log_info (_("Reset Code is too short; minimum length is %d\n"), - minlen); - rc = gpg_error (GPG_ERR_BAD_PIN); - goto leave; + rc = pincb (pincb_arg, + _("||Please enter the Reset Code for the card"), + &resetcode); + if (rc) + { + log_info (_("PIN callback returned error: %s\n"), + gpg_strerror (rc)); + goto leave; + } + if (strlen (resetcode) < minlen) + { + log_info (_("Reset Code is too short; minimum length is %d\n"), + minlen); + rc = gpg_error (GPG_ERR_BAD_PIN); + goto leave; + } } } else @@ -2094,6 +2097,15 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, { if (use_keypad) { + rc = pincb (pincb_arg, + _("||Please enter the Reset Code for the card and New PIN"), + NULL); + if (rc) + { + log_info (_("PIN callback returned error: %s\n"), + gpg_strerror (rc)); + goto leave; + } rc = iso7816_reset_retry_counter_with_rc_kp (app->slot, 0x81, &pininfo); pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */ @@ -2120,6 +2132,12 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, if (use_keypad) { rc = pincb (pincb_arg, _("|RN|New Reset Code"), NULL); + if (rc) + { + log_info (_("PIN callback returned error: %s\n"), + gpg_strerror (rc)); + goto leave; + } rc = iso7816_put_data_kp (app->slot, 0xD3, &pininfo); pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */ } @@ -2138,6 +2156,12 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, if (use_keypad) { rc = pincb (pincb_arg, _("|N|New PIN"), NULL); + if (rc) + { + log_info (_("PIN callback returned error: %s\n"), + gpg_strerror (rc)); + goto leave; + } rc = iso7816_reset_retry_counter_kp (app->slot, 0x81, &pininfo); pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */ } @@ -2174,6 +2198,16 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, if (use_keypad) { + rc = pincb (pincb_arg, + chvno == 3 ? + _("||Please enter the Admin PIN and New Admin PIN") : + _("||Please enter the PIN and New PIN"), NULL); + if (rc) + { + log_info (_("PIN callback returned error: %s\n"), + gpg_strerror (rc)); + goto leave; + } rc = iso7816_change_reference_data_kp (app->slot, 0x80 + chvno, &pininfo); pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */ -- cgit v1.2.3 From 2336b09779d313c1594acf6df3bd8a8486e90458 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 1 Dec 2011 10:51:36 +0100 Subject: Generate the ChangeLog from commit logs. * scripts/gitlog-to-changelog: New script. Taken from gnulib. * scripts/git-log-fix: New file. * scripts/git-log-footer: New file. * doc/HACKING: Describe the ChangeLog policy * ChangeLog: New file. * Makefile.am (EXTRA_DIST): Add new files. (gen-ChangeLog): New. (dist-hook): Run gen-ChangeLog. Rename all ChangeLog files to ChangeLog-2011. --- scd/ChangeLog | 2581 --------------------------------------------------- scd/ChangeLog-2011 | 2592 ++++++++++++++++++++++++++++++++++++++++++++++++++++ scd/Makefile.am | 2 + 3 files changed, 2594 insertions(+), 2581 deletions(-) delete mode 100644 scd/ChangeLog create mode 100644 scd/ChangeLog-2011 (limited to 'scd') diff --git a/scd/ChangeLog b/scd/ChangeLog deleted file mode 100644 index 80cddec49..000000000 --- a/scd/ChangeLog +++ /dev/null @@ -1,2581 +0,0 @@ -2011-12-01 Niibe Yutaka - - * app-openpgp.c (do_change_pin): Fix pincb messages when - use_keypad == 1. - -2011-11-29 Niibe Yutaka - - PC/SC pininput support for passphrase modification (2/2) - * apdu.h (apdu_send_simple_kp): Remove. - - * apdu.c (pcsc_keypad_modify): Add bConfirmPIN handling. - (apdu_send_simple_kp): Remove. - - * iso7816.h (iso7816_reset_retry_counter_kp): Remove arguments - of NEWCHV, and NEWCHVLEN. - (iso7816_reset_retry_counter_with_rc_kp, iso7816_put_data_kp): New. - - * iso7816.c (iso7816_reset_retry_counter_with_rc_kp): New. - (iso7816_reset_retry_counter_kp): Call apdu_keypad_modify. Only - handle the case with PININFO. - (iso7816_reset_retry_counter): Don't call - iso7816_reset_retry_counter_kp. - (iso7816_put_data_kp): New. - - * app-openpgp.c (do_change_pin): Add with_resetcode. - Handle keypad for unblocking pass phrase with resetcode, - setting up of resetcode, and unblocking by admin. - - PC/SC pininput support for passphrase modification (1/2) - * iso7816.h (iso7816_change_reference_data_kp): Remove arguments - of OLDCHV, OLDCHVLEN, NEWCHV, and NEWCHVLEN. - - * iso7816.c (iso7816_change_reference_data_kp): Call - apdu_keypad_modify. - (iso7816_change_reference_data): Don't call - iso7816_change_reference_data_kp. - - * apdu.h (apdu_keypad_modify): New. - - * apdu.c (pcsc_keypad_modify, apdu_keypad_modify): New. - (struct reader_table_s): New memeber function keypad_modify. - (new_reader_slot, open_ct_reader, open_ccid_reader) - (open_rapdu_reader): Initialize keypad_modify. - - * app-openpgp.c (do_change_pin): Handle keypad and call - iso7816_change_reference_data_kp if it is the case. - -2011-11-28 Niibe Yutaka - - * iso7816.h (iso7816_verify_kp): Remove arguments of CHV and CHVLEN. - - * iso7816.c (iso7816_verify_kp): Call apdu_keypad_verify. Only - handle the case with PININFO. - (iso7816_verify): Call apdu_send_simple. - - * app-openpgp.c (verify_a_chv, verify_chv3): Follow the change of - iso7816_verify_kp. - - * app-nks.c (verify_pin): Likewise. - - * app-dinsig.c (verify_pin): Likewise. - - * apdu.c: Include "iso7816.h". - (struct reader_table_s): New memeber function keypad_verify. - Add fields verify_ioctl and modify_ioctl in pcsc. - (CM_IOCTL_GET_FEATURE_REQUEST, FEATURE_VERIFY_PIN_DIRECT) - (FEATURE_MODIFY_PIN_DIRECT): New. - (pcsc_control): New. - (control_pcsc_direct, control_pcsc_wrapped, control_pcsc) - (check_pcsc_keypad, pcsc_keypad_verify): New. - (ccid_keypad_verify, apdu_keypad_verify): New. - (new_reader_slot): Initialize with check_pcsc_keypad, - pcsc_keypad_verify, verify_ioctl and modify_ioctl. - (open_ct_reader): Initialize keypad_verify with NULL. - (open_ccid_reader): Initialize keypad_verify. - (open_rapdu_reader): Initialize keypad_verify with NULL. - (apdu_open_reader): Initialize pcsc_control. - - * pcsc-wrapper.c (load_pcsc_driver): Initialize pcsc_control. - (handle_control): New. - (main): Handle the case 6 of handle_control. - -2011-08-10 Werner Koch - - * command.c (cmd_killscd): Use the new assuan force close flag - if available. - -2011-08-08 Werner Koch - - * app-openpgp.c (do_decipher): Take care of accidentally passed - signed integer data with a leading 0. - -2011-06-16 Werner Koch - - * app-openpgp.c (send_key_data): Implemented chunked mode. - (change_keyattr): Increase limit to 4096. - (do_decipher): Adjust padding for 4096 bit keys. - -2011-02-23 Werner Koch - - * apdu.c (apdu_open_reader): Lock in to CCID if used once. - -2011-01-25 NIIBE Yutaka , - Grant Olson (wk) - - * command.c (do_reset, get_reader_slot) - (update_reader_status_file): Fix handling of the VALID flag for - unplugged readers. - -2011-01-25 Werner Koch - - From 2.0 branch, 2010-03-17: - - * command.c (open_card): Return GPG_ERR_NOT_OPERATIONAL if no - card services are available. - (get_reader_slot): Detect no services status. - (cmd_serialno): No reset if there are no services. - (scd_command_handler): Stop scdaemon in that case. - * apdu.c (pcsc_no_service): New. - (open_pcsc_reader_direct): Set it. - (apdu_open_reader): Add arg R_NO_SERVICE. - -2011-01-05 Werner Koch - - * ccid-driver.c (ccid_transceive_secure): Support the gnuk token. - -2010-11-16 Werner Koch - - * apdu.c (PCSC_UNKNOWN) [W32]: Fix all these values which don't - match those of libpcsc. Reported by Michael Petig. - -2010-10-27 Werner Koch - - * scdaemon.c (create_socket_name): Use TMPDIR. Change callers. - -2010-10-18 Werner Koch - - * app-openpgp.c (parse_algorithm_attribute): Remove extra const in - definition of DESC. - -2010-08-16 Werner Koch - - * scdaemon.c: Replace remaining printf by es_printf. - -2010-06-09 Werner Koch - - * scdaemon.c (main): s/log_set_get_tid_callback/log_set_pid_suffix_cb/. - (tid_log_callback): Adjust for this change. - -2010-03-11 Werner Koch - - * scdaemon.c: Include "asshelp.h". - (main): Remove assuan_set_assuan_log_prefix. Add - assuan_set_log_cb. - (handle_signal): Disable pth ctrl dumping. - * command.c (scd_command_handler): Remove assuan_set_log_stream. - -2010-03-10 Werner Koch - - * Makefile.am (scdaemon_LDADD): Remove libjnlib.a. - -2009-12-15 Werner Koch - - * iso7816.c (do_generate_keypair): s/readonly/read_only/ because - the first is a keyword in VMS C. - -2009-12-03 Werner Koch - - * scdaemon.c (set_debug): Allow for numerical debug leveles. Print - active debug flags. - -2009-11-25 Marcus Brinkmann - - * command.c (scd_command_handler): Use assuan_fd_t and - assuan_fdopen on fds. - -2009-11-05 Marcus Brinkmann - - * command.c (scd_command_handler): Call assuan_init_socket_server, - not assuan_init_socket_server_ext. - -2009-11-04 Werner Koch - - * command.c (register_commands): Add help arg to - assuan_register_command. Add help strings to all commands. - -2009-11-02 Marcus Brinkmann - - * command.c (reset_notify): Take LINE arg and return error. - (register_commands): Use assuan_handler_t type. - -2009-10-25 Werner Koch - - * scdaemon.c (scd_deinit_default_ctrl): Release IN_DATA. - * command.c (cmd_setdata): Release IN_DATA. Reported by Klaus - Flittner. - -2009-10-16 Marcus Brinkmann - - * AM_CFLAGS, scdaemon_LDADD: Use libassuan instead of libassuan-pth. - * scdaemon.c: Invoke ASSUAN_SYSTEM_PTH_IMPL. - (main): Call assuan_set_system_hooks and assuan_sock_init. - -2009-09-23 Marcus Brinkmann - - * command.c: Include "scdaemon.h" before because of - GPG_ERR_SOURCE_DEFAULT check. - (option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert) - (cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt) - (cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey) - (cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock) - (cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu) - (cmd_killscd): Return gpg_error_t instead of int. - (scd_command_handler): Allocate assuan context before starting server. - * scdaemon.c (main): Update to new Assuan API. - -2009-09-03 Werner Koch - - * app-openpgp.c (do_decipher): Compute required Le. - * iso7816.c (iso7816_decipher): Add new arg LE. - * app-nks.c (do_decipher): Adjust for change. - - * iso7816.c (iso7816_put_data, iso7816_put_data_odd): Turn DATA - into a void ptr. - -2009-08-05 Werner Koch - - * app-openpgp.c (change_keyattr_from_string): New. - (do_setattr): Support KEY-ATTR. - -2009-07-29 Marcus Brinkmann - - * ccid-driver.c (print_pr_data): Fix 64 bit compat problem. - -2009-07-24 Werner Koch - - * ccid-driver.c (parse_ccid_descriptor): Enable hack for SCR 3320. - -2009-07-21 Werner Koch - - * ccid-driver.c [HAVE_PTH]: Include pth.h. - (my_sleep): New. - (bulk_in): s/gnupg_sleep/my_sleep/. - -2009-07-20 Werner Koch - - * apdu.c [GNUPG_MAJOR_VERSION==1]: Include dynload.h. - -2009-07-16 Werner Koch - - * command.c (update_reader_status_file): Test for unplugged reader. - (TEST_CARD_REMOVAL): Ditto. - * app.c (select_application): Ditto. - * ccid-driver.c (bulk_out): Return CCID_DRIVER_ERR_NO_READER if a - reader was unplugged. - (struct ccid_driver_s): Turn nonnull_nad into an unsigned char. - Turn apdu_level, auto_ifsd, powered_off, has_pinpad into - bitfields. Add enodev_seen. - * apdu.c (apdu_prepare_exit): New. - (get_status_ccid): Return the status word and nut just -1. - * scdaemon.c (scd_exit): Call it. - -2009-07-13 Werner Koch - - * ccid-driver.c (struct ccid_driver_s): Add fields last_progress, - progress_cb and progress_cb_arg. - (ccid_set_progress_cb): New. - (print_progress): New. - (ccid_transceive): Call print_progress for wait time extensions. - * apdu.c (struct reader_table_s): Add field set_progress_cb. - (new_reader_slot): Clear that field. - (open_ccid_reader): Set it to .. - (set_progress_cb_ccid_reader): ... new fucntion. - * app.c (print_progress_line): New. - (lock_reader): Add arg CTRL to set a progress callback and - change all callers to provide it. - (unlock_reader): Remove the progress callback. - -2009-07-10 Werner Koch - - * iso7816.c (iso7816_compute_ds): Add args EXTENDED_MODE and LE. - Change all callers to use 0. - (iso7816_internal_authenticate): Add args EXTENDED_MODE and LE. - * app-openpgp.c (do_sign): Take exmode and Le from card - capabilities and pass them to iso7816_compute_ds. - (do_auth): Ditto for iso7816_internal_authenticate. - (change_keyattr): Reset CHV verification status. - -2009-07-09 Werner Koch - - * app-openpgp.c (change_keyattr): New. - (do_writekey): Call it. - - * app-openpgp.c (does_key_exist): Add arg GENERATING. Change - callers. - -2009-06-30 Werner Koch - - * ccid-driver.c (ccid_transceive): Set RESYNCING flag. - -2009-06-29 Werner Koch - - * ccid-driver.c (ccid_transceive): Add a hack to support extended - length for Omnikey readers. - (is_exlen_apdu): New. - (parse_ccid_descriptor): Track short+extended apdu exchange level. - -2009-06-18 Werner Koch - - * app-openpgp.c (verify_chv2): Remove special case for v2 cards. - (get_public_key): Use extended mode. - -2009-06-17 Werner Koch - - * iso7816.c (iso7816_get_data): Add arg EXTENDED_MODE. Change all - callers. - * app-openpgp.c (data_objects): Use bit flags. Add flag - TRY_EXTLENGTH. - (get_cached_data): Add arg TRY_EXTLEN and use it for iso7816_get_data. - (get_one_do): Use extended length APDU if necessary. - -2009-06-10 Werner Koch - - * app-openpgp.c (store_fpr): Change first arg to app_t; adjust - callers. Flush the cache. - -2009-06-09 Werner Koch - - * app-openpgp.c (do_readcert): Return NOT_FOUND if the retrieved - data has a length of zero. - (do_getattr): Add EXTCAP subkey "sm". - -2009-05-20 Werner Koch - - * app-openpgp.c (verify_chv2): Add case for v2 cards. - (verify_chv3): Factor some code out to .. - (build_enter_admin_pin_prompt): .. new. - (do_change_pin): Properly handle v2 cards. - -2009-05-19 Werner Koch - - * scdaemon.c (create_server_socket): Use SUN_LEN. - (JNLIB_NEED_AFLOCAL): Define. - -2009-05-13 Werner Koch - - * ccid-driver.c (abort_cmd): Add arg SEQNO and change callers. - (bulk_in): Retry on seqno mismatch. - - * apdu.c (send_le): Release result_buffer. - (apdu_send_direct): Implemend extended length. - * command.c (cmd_apdu): Add option "--exlen". - -2009-05-11 Werner Koch - - * apdu.c (send_le): Replace log_error by log_info. - -2009-05-08 Werner Koch - - * app-openpgp.c (do_genkey): Allow larger key sizes. - (do_decipher): Ditto. - * iso7816.c (do_generate_keypair): Add arg EXTENDED_MODE an LE. - (iso7816_generate_keypair, iso7816_read_public_key): Ditto. - Changed all callers. - * apdu.c (send_le): Implement extended length return values. - - * ccid-driver.c (bulk_in): Retry on EAGAIN. - (abort_cmd): Change seqno handling. - -2009-04-28 Werner Koch - - * app-help.c (app_help_count_bits): New. - - * app-nks.c (switch_application): Detect mass signature cards. - Take care of new NEED_APP_SELECT flag. - (do_sign): Don't allow mass signature cards. - (all_zero_p): New. - (do_readkey): New. - (app_select_nks): Register do_readkey. - -2009-04-01 Werner Koch - - * app-openpgp.c (do_setattr, do_writekey): Prepare for extended - length cards. - -2009-03-31 Werner Koch - - * command.c (percent_plus_unescape): Remove. - (cmd_setattr): Use percent_plus_unescape_inplace. - -2009-03-30 Werner Koch - - * app-nks.c (do_decipher): Make it work for TCOS 3. - * iso7816.c (iso7816_decipher): Add arg EXTENDED_MODE. - * apdu.c (apdu_send): Add arg EXTENDED_MODE and change all callers. - (apdu_send_le): Ditto. - (apdu_send_direct): Ditto, but not yet functional. - (send_le): Fix command chaining. Implement extended length option. - * ccid-driver.c (ccid_transceive): Remove restriction on apdu length. - (struct ccid_driver_s): Add field IFSC. - (ccid_get_atr): Set IFSC. - (ccid_transceive): Use negotiated IFSC and support S(IFS) command. - -2009-03-26 Werner Koch - - * command.c (cmd_pksign): Allow more hash algorithms. - - * scdaemon.h (MAX_DIGEST_LEN): Change to 64. - - * apdu.c (open_ccid_reader): Clear the is_to flag. - - * app-nks.c (filelist): Add field KID. - (do_getattr): Change standard authentication key. - (do_sign): Setup a security environment for TCOS 3 cards and support - all SHA-2 algorithms. - -2009-03-24 Werner Koch - - * command.c (struct server_local_s): Add flag - APP_CTX_MARKED_FOR_RELEASE. - (do_reset): Set the flag. - (open_card): Act on this flag. - * app-common.h (struct app_ctx_s): Add flag NO_REUSE. - (application_notify_card_reset): Set the flag. - * app.c (select_application, release_application): Take care of - that flag. - -2009-03-20 Werner Koch - - * app-nks.c (keygripstr_from_pk_file): Fix for TCOS 3 cards. - -2009-03-18 Werner Koch - - * apdu.c (open_pcsc_reader_wrapped): Use close_all_fds. - - * command.c (cmd_learn): Add option --keypairinfo. - * app.c (app_write_learn_status): Add arg FLAGS. - * app-common.h (struct app_ctx_s): Add arg FLAGS to LEARN_STATUS. - Change all implementors. - * app-p15.c (do_learn_status): Take care of flag bit 0. - * app-nks.c (do_learn_status, do_learn_status_core): Ditto. - -2009-03-10 Werner Koch - - * app-openpgp.c (send_key_attr): New. - (do_getattr): New attribute KEY_ATTR. - * command.c (send_status_direct): New. - -2009-03-06 Werner Koch - - * app-nks.c (do_learn_status): Factor code out to.. - (do_learn_status_core): .. new. - (do_readcert, do_sign, do_decipher): Switch to SigG if needed. - (verify_pin): Use DESC also for keypad based verify. - -2009-03-05 Werner Koch - - * app-openpgp.c (verify_a_chv): Remove special case for keypads. - (verify_chv3): Ditto. - - * app-nks.c (get_chv_status): New. - (parse_pwidstr): New. - (verify_pin): Add args PWID and DESC and use them. Remove the - CHV1 caching. - (do_change_pin): Allow PIN selection and add reset mode. - (do_learn_status): Use NKS-NKS3 tag for TCOS 3 cards. - (do_readcert, do_sign): Allow NKS-NKS3 tag. - -2009-03-04 Werner Koch - - * app-nks.c (do_getattr): New. - (app_select_nks): Register it. - (verify_pin): Factor some code out to... - (basic_pin_checks): New. - (do_change_pin): Call the basic check. - (app_select_nks): Move AID to .. - (aid_nks): .. new. - (aid_sigg): New. - (switch_application): New. - (do_getattr, do_learn_status, do_readcert, do_sign, do_decipher) - (do_change_pin, do_check_pin): Make sure we are in NKS mode. - -2009-03-03 Werner Koch - - * command.c (scd_command_handler): Remove dereference of STOPME - after free. - -2009-02-27 Werner Koch - - * app.c (get_supported_applications): New. - * command.c (cmd_getinfo): New subcommand "app_list" - (cmd_killscd): New. - (register_commands): Register command KILLSCD. - (struct server_local_s): Add field STOPME. - (scd_command_handler): Act upon this. - -2009-02-25 Werner Koch - - * apdu.c (apdu_get_status): Factor all code out to ... - (apdu_private_get_status): .. new. Add arg NO_ATR_RESET. - (apdu_connect): Call new function. - - * scdaemon.c: New option --debug-log-tid. - (tid_log_callback): New. - (main): Move debug-wait code after debug stream init. - -2009-02-24 Werner Koch - - * ccid-driver.c (ccid_get_atr): Move debug output to .. - (print_r2p_parameters): .. new. - (print_r2p_header, print_pr_data, print_r2p_unknown) - (print_r2p_datablock, print_r2p_slotstatus, print_r2p_escape) - (print_r2p_datarate): New. - (bulk_in): Call parameter printing. - (ccid_set_debug_level): Add debug level 3. - (convert_le_u16): New. - (print_p2r_header, print_p2r_iccpoweron, print_p2r_iccpoweroff) - (print_p2r_getslotstatus, print_p2r_xfrblock) - (print_p2r_getparameters, print_p2r_resetparameters) - (print_p2r_setparameters, print_p2r_escape, print_p2r_iccclock) - (print_p2r_to0apdu, print_p2r_secure, print_p2r_mechanical) - (print_p2r_abort, print_p2r_setdatarate, print_r2p_unknown): New. - (bulk_out): Add arg NO_DEBUG and change all callers to pass 0. - Call parameter printing. - (ccid_slot_status): Call with NO_DEBUG set. - (abort_cmd, send_escape_cmd, ccid_get_atr, ccid_get_atr) - (ccid_transceive_apdu_level, ccid_transceive) - (ccid_transceive_secure): Remove old debug print code. - -2009-02-12 Werner Koch - - * command.c (cmd_getinfo): Add new subcommand "deny_admin". - -2009-01-28 Werner Koch - - * scdaemon.c (main): Make --allow-admin the default and make the - option a dummy. - -2009-01-27 Werner Koch - - * app-geldkarte.c: Changed to use an AID. - - * app.c (app_munge_serialno): Add case for no serialno. - (app_get_serial_and_stamp): Ditto. - -2009-01-26 Werner Koch - - * app-geldkarte.c: New. - * Makefile.am (card_apps): Add new file. - * app.c (select_application): Test for geldkarte. - -2009-01-12 Werner Koch - - * command.c (send_client_notifications) [HAVE_W32_SYSTEM]: Fix - brackets. - -2009-01-08 Werner Koch - - * iso7816.c (iso7816_read_record, iso7816_read_binary): Pass 0 for - L_e because the problem with the CCID driver has gone. - (iso7816_apdu_direct): New. - - * app-nks.c (filelist): Add NKS_VER field. Add NKS 3 specific - entries. - (app_local_s, do_deinit): New. - (get_nks_version): New. - (app_select_nks): Setup local data. - (keygripstr_from_pk_file): Replace SLOT by APP and take care of - NKS version > 2. - (do_learn_status): Take care of NKS version. - -2009-01-05 Werner Koch - - * apdu.c (apdu_get_status): Save the last status. - -2008-12-18 Werner Koch - - * ccid-driver.c (abort_cmd): New. - (bulk_in): Call abort_cmd after severe errors. - - * apdu.c (reader_table_s): Add field ANY_STATUS. - (new_reader_slot): Clear it. - (apdu_get_status): Use ANY_STATUS to update the change counter. - Remove the use of the flag bit from LAST_STATUS everywhere. - * command.c (update_reader_status_file): Factor code out to ... - (send_client_notifications): New. Track signals already sent. - (update_reader_status_file): Shutdown the reader after a failed - apdu_get_status. - -2008-12-09 Werner Koch - - * scdaemon.c (main): Call i18n_init before init_common_subsystems. - -2008-12-08 Werner Koch - - * scdaemon.c (handle_connections): Sync ticker to the next full - interval. - (TIMERTICK_INTERVAL_USEC): Change to 500ms. - -2008-12-05 Werner Koch - - * app-openpgp.c (app_local_s): Add field ALGO_ATTR_CHANGE. - (app_select_openpgp): Parse new capability. - (show_caps): Show new capability. - -2008-12-03 Werner Koch - - * scdaemon.c (opts): Use ARGPARSE_ macros. Add option - --card-timeout. - * command.c (update_reader_status_file): Implement it. - -2008-11-18 Werner Koch - - * scdaemon.c (make_libversion): New. - (my_strusage): Print libgcrypt and libksba version. - -2008-11-03 Werner Koch - - * command.c (server_local_s): Add field DISCONNECT_ALLOWED. - (cmd_disconnect): Implement command. - (open_card): Reset disconnect flag. - (update_reader_status_file): Disconnect if allowed. - - * app-common.h (app_ctx_s): Remove INITIALIZED. Make REF_COUNT - unsigned. - * app.c (select_application): Remove INITIALIZED. - (app_write_learn_status, app_readcert, app_readkey, app_getattr) - (app_setattr, app_sign, app_decipher, app_writecert) - (app_writekey, app_get_challenge, app_change_pin, app_check_pin): - Replace INITIALIZED by REF_COUNT check. - (application_notify_card_removed): Rename to .. - (application_notify_card_reset): .. this. Change all callers. - * command.c (do_reset): Call application_notify_card_reset after - sending a reset. - (update_reader_status_file): Add arg SET_CARD_REMOVED. - (scd_update_reader_status_file): Pass true for new flag. - (do_reset): Pass false for new flag. - - * app.c (app_get_serial_and_stamp): Use bin2hex. - * app-help.c (app_help_get_keygrip_string): Ditto. - * app-p15.c (send_certinfo, send_keypairinfo, do_getattr): Ditto. - * app-openpgp.c (send_fpr_if_not_null, send_key_data) - (retrieve_fpr_from_card, send_keypair_info): Ditto. - * app-nks.c (keygripstr_from_pk_file): Ditto. - * command.c (cmd_apdu): Ditto. - -2008-10-21 Marcus Brinkmann - - * command.c (open_card): If connect error is SW_HOST_NO_CARD, - return a more descriptive error. - -2008-10-20 Werner Koch - - * pcsc-wrapper.c (read_32): Use provided arg and not stdin. Is - called with stdin, though. - (handle_close): Mark unused arg. - (handle_status, handle_reset): Ditto. - - * ccid-driver.c (ccid_check_card_presence): Mark not yet used arg. - - * scdaemon.c (scd_deinit_default_ctrl): Mark unused arg. - * command.c (cmd_unlock, cmd_restart, cmd_disconnect): Ditto. - * apdu.c (ct_get_status): Ditto. - (ct_send_apdu, pcsc_send_apdu_wrapped) - (apdu_open_remote_reader): Ditto. - * app.c (select_application): Ditto. - * app-openpgp.c (do_writecert, do_change_pin, do_writekey): Ditto. - * app-nks.c (do_change_pin, do_check_pin): Ditto. - -2008-10-16 Werner Koch - - * command.c (cmd_disconnect): New dummy command. - (register_commands): Register command. - -2008-10-15 Werner Koch - - * command.c (scd_command_handler): Return true if there is no more - active session. - * scdaemon.c (start_connection_thread): Set shutdown flag if - requested by command handler. - (main): Make PIPE_SERVER module global. - (handle_connections): Disable listen_fd if a shutdown is pending. - -2008-10-14 Werner Koch - - * apdu.c (reader_table_s): Add fields connect_card and - disconnect_card. - (new_reader_slot): Set them to NULL. - (apdu_connect, apdu_disconnect): New. - (apdu_close_reader, apdu_shutdown_reader): Call apdu_disconnect. - (connect_pcsc_card, disconnect_pcsc_card): new. - (reset_pcsc_reader_direct): Implement in terms of - disconnect_pcsc_card and connect_pcsc_card. - (apdu_get_atr): Return NULL if there is no ATR. - * sc-copykeys.c (main): Add call to apdu_connect. - * command.c (open_card): Ditto. - - * apdu.h (SW_HOST_ALREADY_CONNECTED): New. - (APDU_CARD_USABLE, APDU_CARD_PRESENT, APDU_CARD_ACTIVE): New. - * apdu.c: Replace constants by the new macros. - (open_pcsc_reader): Factor code out to ... - (open_pcsc_reader_direct, open_pcsc_reader_wrapped): New. - (reset_pcsc_reader): Factor code out to ... - (reset_pcsc_reader_direct, reset_pcsc_reader_wrapped): New. - (pcsc_get_status): Factor code out to ... - (pcsc_get_status_direct, pcsc_get_status_wrapped): New. - (pcsc_send_apdu): Factor code out to ... - (pcsc_send_apdu_direct, pcsc_send_apdu_wrapped): New. - (close_pcsc_reader): Factor code out to ... - (close_pcsc_reader_direct, close_pcsc_reader_wrapped): New. - - * command.c (update_reader_status_file): Open the reader if not - yet done. - - * scdaemon.c (TIMERTICK_INTERVAL_SEC, TIMERTICK_INTERVAL_USEC): - New to replace TIMERTICK_INTERVAL. Chnage from 2s (4 under W32) - to 250ms. - -2008-10-13 Werner Koch - - * command.c (option_handler) [W32]: Use strtoul with base 16. - (update_reader_status_file) [W32]: Set Event. - (scd_command_handler): Use INT2FD to silent warning. - -2008-09-29 Werner Koch - - * scdaemon.h (GCRY_MD_USER): Rename to GCRY_MODULE_ID_USER. - (GCRY_MD_USER_TLS_MD5SHA1): Rename to MD_USER_TLS_MD5SHA1 and - change all users. - -2008-09-28 Marcus Brinkmann - - * apdu.c (pcsc_get_status): Fix last change. - -2008-09-25 Werner Koch - - * app-openpgp.c (do_setattr): Do not allow setting of the reset - code. - (do_change_pin): Allow setting of the reset code. - -2008-09-24 Werner Koch - - * app-openpgp.c (verify_chv3): Set the did_chv3 flag which was - accidently removed on 2008-03-26. - (verify_chv2): Revert last change. - (do_change_pin): Do not change CHV2. Add reset code logic for v2 - cards. - * iso7816.c (iso7816_reset_retry_counter_with_rc): New. - - * app-openpgp.c (add_tlv, build_privkey_template): New. - (do_writekey): Support v2 keys and other key lengths than 1024. - * iso7816.c (iso7816_put_data_odd): New. - -2008-09-23 Werner Koch - - * app-openpgp.c (do_sign): Support SHA-2 digests. - (verify_chv2): No CHV auto-sync for v2 cards. - (do_auth): Allow 2048 bit keys. - (parse_algorithm_attribute): New. - (rsa_key_format_t): New. - (struct app_local_s): Add struct KEYATTR. - -2008-09-23 Marcus Brinkmann - - * apdu.c (pcsc_get_status): Be more relaxed with the usable flag - under Windows. - -2008-09-23 Werner Koch - - * app-openpgp.c (do_setattr): Use command chaining for long - values. - * iso7816.c (iso7816_put_data): Add arg EXTENDED_MODE. Change all - callers. - * apdu.c (apdu_send_simple): Add arg EXTENDED_MODE. Change all - callers. - (send_le): Implement command chaining. - * ccid-driver.c (ccid_transceive_apdu_level): Increase allowed - APDU size. - (ccid_transceive): Alow for APDUS of up to 259 bytes. - * apdu.h: Add new SW_ codes. - -2008-09-16 Werner Koch - - * command.c (cmd_writecert): New. - (register_commands): Register it. - * app-common.h (app_ctx_s): Add member WRITECERT. - * app.c (app_writecert): New. - * app-openpgp.c (do_writecert): New. - (parse_historical): New. - (show_extcap): New. - (dump_all_do): Print only the length of longs DOs. - * command.c (cmd_writekey, cmd_apdu, cmd_pksign) - (cmd_passwd): Replace open coding by skip_options. - -2008-08-30 Moritz - - * scdaemon.c (main): Use estream_asprintf instead of asprintf. - * command.c (update_reader_status_file): Likewise. - (cmd_serialno): Use estream_asprintf instead of asprintf - and xfree instead of free to release memory allocated - through (estream_)asprintf. - (cmd_learn): Likewise. - (pin_cb): Likewise. - * app-openpgp.c (get_public_key): Likewise. - -2008-08-18 Werner Koch - - * app-openpgp.c (do_setattr): Fix test for v2 cards. - -2008-08-11 Werner Koch - - * apdu.c (reset_pcsc_reader, open_pcsc_reader) - (reset_rapdu_reader, open_rapdu_reader): Allow ATRs of up to 33 - bytes. Provide maximum size of ATR buffer using DIM. Such long - ATR are never seen in reality but the PC/SC library of MAC OS X is - just too buggy. Reported by Ludovic Rousseau. Fixes bug #948. - -2008-07-30 Werner Koch - - * app-openpgp.c (verify_a_chv): Use xtrymalloc and make the prompt - for CHV2 more user friendly. - -2008-07-03 Werner Koch - - * app-openpgp.c (do_readcert): New. - (app_local_s): Add fields IS_V2 and MAX_CERTLEN_3. - (app_select_openpgp): Set them and register do_readcert. - (do_setattr): Allow storing of the certificate. - -2008-06-25 Werner Koch - - * app-dinsig.c (do_sign): Allow for SHA256. - -2008-06-24 Werner Koch - - * app-common.h (app_ctx_s): Renamed reset_mode parameter of - change_pin to mode_Flags and make it an unsigned int. - (APP_CHANGE_FLAG_RESET, APP_CHANGE_FLAG_NULLPIN): New. - * app-openpgp.c (do_change_pin): Adjust for that. - - * command.c (cmd_passwd): Add option --nullpin. - * app-nks.c (do_check_pin, do_change_pin): New. - (app_select_nks): Register new functions. - -2008-04-21 Moritz Schulte (wk) - - * app-openpgp.c (verify_a_chv): Make use of the default CHV flag. - -2008-03-26 Werner Koch - - * app-openpgp.c (verify_chv3): Support the keypad. - -2008-02-09 Marcus Brinkmann - - * scdaemon.c (main): Use CONFIG_FILENAME as filename if it is set - in gpgconf-list output. - -2007-12-10 Werner Koch - - * app-openpgp.c (do_decipher): Take care of cryptograms shorter - that 128 bytes. Fixes bug#851. - -2007-11-14 Werner Koch - - * scdaemon.c (main): Pass STANDARD_SOCKET flag to - create_server_socket. - -2007-11-13 Werner Koch - - * scdaemon.c (start_connection_thread): Do not call - assuan_sock_check_nonce if we are running in --server mode. - -2007-11-07 Werner Koch - - * scdaemon.h: Remove errors.h. - -2007-10-02 Werner Koch - - * command.c (cmd_getinfo): Add "pid" subcommand. - -2007-10-01 Werner Koch - - * scdaemon.c (create_server_socket): Use Assuan socket wrappers - and remove Windows specific code. - (socket_nonce): New. - (start_connection_thread): Check nonce. - -2007-09-14 Marcus Brinkmann - - * scdaemon.c (main): New variable STANDARD_SOCKET, which is 1 for - W32 targets. Use it for create_socket_name. - -2007-08-07 Werner Koch - - * tlv.c, tlv.h: Move to ../common/. - -2007-08-02 Werner Koch - - * scdaemon.c: Include gc-opt-flags.h and remove their definition - here. - -2007-08-01 Werner Koch - - * apdu.c (send_le): Implement exact length hack. Suggested by - Sten Lindgren. - -2007-07-05 Werner Koch - - * command.c (has_option_name, skip_options): New. - (cmd_genkey): Add option --timestamp. - (cmd_writekey): Enter confidential mode while inquiring the key data. - - * app.c (app_genkey): Add arg CREATETIME. - * app-common.h (app_ctx_s): Likewise - * app-openpgp.c (do_genkey): Ditto. Use it. - - -2007-07-04 Werner Koch - - * command.c (cmd_getinfo): New subcommand "version". - - * scdaemon.c (TIMERTICK_INTERVAL): New. - (handle_connections) [W32]: Enable a dummy sigs event. - (handle_connections): Use a proper count for select and not - FD_SETSIZE. - (fixed_gcry_pth_init, main): Kludge to fix pth initialization. - -2007-06-21 Werner Koch - - * scdaemon.h (ctrl_t): Remove. It is now declared in ../common/util.h. - -2007-06-18 Marcus Brinkmann - - * scdaemon.c (main): Percent escape output of --gpgconf-list. - -2007-06-12 Werner Koch - - * scdaemon.c (main): Replace some calls by init_common_subsystems. - -2007-06-11 Werner Koch - - * Makefile.am (scdaemon_LDADD): Use libcommonpth macro. - - * command.c (initialize_module_command): New. - * scdaemon.c (main) [W32]: Do not use sigpipe code. - (main): Call initialize_module_command. - -2007-06-06 Werner Koch - - * app-openpgp.c (do_sign): Fix arithmetic on void*. - - * app.c (dump_mutex_state) [W32]: Handle the W32Pth case. - - * apdu.c: Remove dynload.h. - - * scdaemon.c (i18n_init): Remove. - -2007-04-20 Werner Koch - - * sc-copykeys.c (my_gcry_logger): Removed. - (main): Call setup_libgcrypt_logging helper. - * scdaemon.c (my_gcry_logger): Removed. - (main): Call setup_libgcrypt_logging helper. - -2007-04-03 Werner Koch - - * command.c (cmd_getinfo): New subcommand "reader_list". - * ccid-driver.c (scan_or_find_devices): Ignore EBUSY in scan mode - for special transports. - -2007-03-07 Werner Koch - - * app-dinsig.c: Include i18n.h. - (verify_pin): Support PIN pads. - * app-nks.c (verify_pin): Ditto. - - * ccid-driver.c (bulk_in): Handle time extension before checking - the message type. - (ccid_transceive_secure): Support the Cherry XX44 keyboard. - Kudos to the nice folks at Cherry for helping with that. - -2007-02-18 Werner Koch - - * scdaemon.c (DEFAULT_PCSC_DRIVER): Add a default for OS X. - -2007-01-25 Werner Koch - - * Makefile.am (scdaemon_LDADD): Added LIBICONV. Noted by Billy - Halsey. - -2006-12-21 Werner Koch - - * app-openpgp.c (verify_chv2): Factored most code out into... - (verify_a_chv): ... new. - (do_sign): Factored verification code out to new function and - take care of a keypad entered PIN. - (compare_fingerprint): Print an additional diagnostic. - -2006-11-28 Werner Koch - - * apdu.c (send_le, apdu_send_direct): Increase RESULTLEN to 258 to - allow for full 256 byte and the status word. This might break - some old PC/SC drivers or cards, but we will see. Suggested by - Kenneth Wang. - -2006-11-23 Werner Koch - - * command.c (scd_command_handler): Fixed use of CTRL. - -2006-11-21 Werner Koch - - * Makefile.am (libexec_PROGRAMS): Put pscs-wrapper into libexec. - Renamed to gnupg-pcsc-wrapper. - * apdu.c (open_pcsc_reader): Use GNUPG_LIBEXECDIR to accces the - wrapper. Suggested by Eric Dorland. - -2006-11-20 Werner Koch - - * app-openpgp.c (verify_chv2): Support for keypads (only CHV2). - - * ccid-driver.c (ccid_transceive_secure): Made it work for Kaan - and SCM. - -2006-11-17 Werner Koch - - * ccid-driver.c (scan_or_find_devices): Use DEBUGOUT_2 instead of - log_debug. Removed few other log_debug. - - * iso7816.c (iso7816_check_keypad): Allow for a SW of 0. - - * command.c (pin_cb): New mode to prompt for a keypad entry. - - * scdaemon.c (main) : Add disable-keypad. - -2006-11-15 Werner Koch - - * app-p15.c (read_ef_odf): Cast one printf arg. - - * scdaemon.h (struct server_control_s): Add field THREAD_STARTUP. - * command.c (scd_command_handler): Add new arg CTRL. - * scdaemon.c (scd_init_default_ctrl): Made static. - (scd_deinit_default_ctrl): New. - (start_connection_thread): Call init/deinit of ctrl. - (handle_connections): Allocate CTRL. - - * apdu.c (PCSC_ERR_MASK): New. - (reset_pcsc_reader, pcsc_get_status, pcsc_send_apdu) - (close_pcsc_reader, open_pcsc_reader): Use it after shifting error - values. Reported by Henrik Nordstrom. Fixes bug #724. - -2006-10-24 Werner Koch - - * scdaemon.h (GCRY_MD_USER_TLS_MD5SHA1): New. - (MAX_DIGEST_LEN): Increased to 36. - * app-p15.c (do_sign): Support for TLS_MD5SHA1. - (do_auth): Detect TLS_MD5SHA1. - (do_sign): Tweaks for that digest. - -2006-10-23 Werner Koch - - * scdaemon.c (main): New command --gpgconf-test. - -2006-10-17 Werner Koch - - * Makefile.am (scdaemon_LDADD): Link against libcommonpth. - -2006-10-12 Werner Koch - - * apdu.c: Include pth.h after unistd.h for the sake of newer Pth - versions. - -2006-10-11 Werner Koch - - * app-openpgp.c (do_sign): Redirect to do_auth for OpenPGP.3. - -2006-10-06 Werner Koch - - * Makefile.am (AM_CFLAGS): Use PTH version of libassuan. - (scdaemon_LDADD): Ditto. - - * scdaemon.h (send_status_info): Mark with sentinel attribute. - -2006-10-02 Marcus Brinkmann - - * command.c (update_reader_status_file): Increase buffer of - NUMBUF2 (fixing typo). - -2006-09-24 Marcus Brinkmann - - * app-openpgp.c (do_sign): Advance INDATA by the SHA1 resp. RMD160 - prefix length. - -2006-09-14 Werner Koch - - Replaced all call gpg_error_from_errno(errno) by - gpg_error_from_syserror(). - - * command.c (scd_command_handler): Replaced - init_connected_socket_server by init_socket_server_ext. - -2006-09-07 Werner Koch - - * command.c (update_reader_status_file): Execute an event handler - if available. - -2006-09-06 Werner Koch - - * apdu.c (pcsc_end_transaction): - * pcsc-wrapper.c (pcsc_end_transaction: Fixed dclaration. - Reported by Bob Dunlop. - - * scdaemon.h (CTRL,APP): Removed and changed everywhere to - ctrl_t/app_t. - - Replaced all Assuan error codes by libgpg-error codes. Removed - all map_to_assuan_status and map_assuan_err. - - * scdaemon.c (main): Call assuan_set_assuan_err_source to have Assuan - switch to gpg-error codes. - * command.c (set_error): Adjusted. - -2006-09-02 Marcus Brinkmann - - * command.c (get_reader_slot): Return the slot_table index, not - the APDU slot number. - (update_reader_status_file): Use the slot_table index in the - update_card_removed invocation. - -2006-09-01 Marcus Brinkmann - - * command.c (cmd_getinfo): Handle status command. - -2006-08-30 Marcus Brinkmann - - * command.c (do_reset): Delay resetting CTRL->reader_slot until - after update_card_removed invocation. - -2006-08-28 Marcus Brinkmann - - * app-openpgp.c (do_decipher, do_sign): Allow "OPENPGP.2" - resp. "OPENPGP.1" for KEYIDSTR. - -2006-08-21 Werner Koch - - * pcsc-wrapper.c (handle_open, handle_close): Reset card and - protocol on error/close. - (handle_status): Don't set the state if the state is unknown. - (handle_reset): Ignore an error if already disconnected. May - happen due to system wake-up after hibernation. Suggested by Bob - Dunlop. - -2006-06-28 Werner Koch - - * app-openpgp.c (do_writekey): Fixed computation of memmove - length. This led to garbled keys if E was larger than one byte. - Thanks to Achim Pietig for hinting at the garbled E. - -2006-06-09 Marcus Brinkmann - - * Makefile.am (scdaemon_LDADD): Add $(NETLIBS). - -2006-04-14 Marcus Brinkmann - - * app.c (select_application): Cover up a slot mismatch error in - case it happens (it shouldn't happen). - (release_application): Use APP->slot. Lock the reader. - (application_notify_card_removed): Lock the reader. - -2006-04-11 Werner Koch - - * command.c (hex_to_buffer): New. - (cmd_apdu): New. - -2006-04-03 Werner Koch - - * scdaemon.c [__GLIBC__]: Default to libpcsclite.so.1. - -2006-03-21 Werner Koch - - * command.c (cmd_pksign): Add --hash option. - -2006-03-01 Werner Koch - - * command.c (status_file_update_lock): New. - (scd_update_reader_status_file): Use lock and factor existing code - out to .. - (update_reader_status_file): .. this. - (do_reset): Use the lock and call update_reader_status_file. - -2006-02-20 Werner Koch - - * apdu.c (open_pcsc_reader): Fixed double free. Thanks to Moritz. - -2006-02-09 Werner Koch - - * command.c (get_reader_slot, do_reset) - (scd_update_reader_status_file): Rewrote. - - * app.c (release_application): Factored code out to .. - (deallocate_app): new function. - (select_application): Introduce new saved application stuff. - (application_notify_card_removed): New. - * command.c (update_card_removed): Call it here. - (do_reset): And here. - - * app.c (check_application_conflict): New. - * command.c (open_card): Use it here. - (cmd_restart): New command. - - * command.c (cmd_lock): Fixed --wait option to actually terminate. - -2006-02-08 Werner Koch - - * ccid-driver.c (ccid_get_atr): Read Parameter and select T=1 - using these parameters. - (scan_or_find_devices): Check for NULL r_fd. - -2006-02-02 Werner Koch - - * ccid-driver.c (special_transport): New - (ccid_open_reader, do_close_reader, ccid_shutdown_reader) - (bulk_out, bulk_in): Add support for CardMan 4040 reader. - - * ccid-driver.c (scan_or_find_devices): Factored most code out to - (scan_or_find_usb_device): .. new. - (make_reader_id): Fixed vendor mask. - -2006-01-01 Werner Koch - - * app-openpgp.c (do_sign): Give user error if hash algorithm is - not supported by the card. - -2005-12-06 Werner Koch - - * apdu.c (open_pcsc_reader): Check that pcsc-wrapper is actually - installed. - -2005-11-23 Werner Koch - - * app-nks.c (verify_pin): Give a special error message for a Nullpin. - -2005-10-29 Werner Koch - - * ccid-driver.c (send_escape_cmd): New args RESULT, RESULTLEN and - RESULTMAX. Changed all callers. - (ccid_transceive_escape): New. - -2005-10-27 Werner Koch - - * apdu.c [__CYGWIN__]: Make cygwin environment similar to _WIN32. - Suggested by John P. Clizbe. - * scdaemon.c [__CYGWIN__]: Set default PC/SC driver to winscard.dll. - -2005-10-19 Werner Koch - - * ccid-driver.h (CCID_DRIVER_ERR_NO_KEYPAD): New. - * apdu.h (SW_HOST_NO_KEYPAD): New. - * iso7816.h (struct iso7816_pininfo_s): New. - * iso7816.c (map_sw): Support new code. - (iso7816_check_keypad): New. - (iso7816_verify_kp, iso7816_change_reference_data_kp) - (iso7816_reset_retry_counter_kp): New. Extended versions of the - original functions. - * apdu.c (host_sw_string): Support new code. - (reader_table_s): New field CHECK_KEYPAD. - (new_reader_slot, open_ct_reader, open_pcsc_reader) - (open_ccid_reader, open_rapdu_reader): Initialize it. - (check_ccid_keypad): New. - (apdu_check_keypad): New. - (apdu_send_le): Factored all code out to ... - (send_le): .. new. Takes an additional arg; changed all callers - of the orginal function to use this one with a NULL for the new - arg. - (apdu_send_simple_kp): New. - (ct_send_apdu, pcsc_send_apdu, my_rapdu_send_apdu) - (send_apdu_ccid): New arg PININFO. - (send_apdu_ccid): Use the new arg. - - * scdaemon.c: New option --disable-keypad. - -2005-10-08 Marcus Brinkmann - - * Makefile.am (scdaemon_LDADD): Add ../gl/libgnu.a after - ../common/libcommon.a. - -2005-09-20 Werner Koch - - * app-dinsig.c (verify_pin): Try ISO 9564 BCD encoding. - - * iso7816.c (iso7816_select_application): Add arg FLAGS. Changed - all callers to pass 0. - * app-openpgp.c (app_select_openpgp): But this one requires a - special flag. - - * app-p15.c (app_select_p15): Don't use select application for the - BELPIC. - -2005-09-09 Werner Koch - - * pcsc-wrapper.c (main): Removed bogus free. - - * app-p15.c (do_auth): New. - (do_getattr): New attribs $AUTHKEYID and $DISPSERIALNO. - * app-openpgp.c (do_getattr): Ditto. - -2005-09-08 Werner Koch - - * app-openpgp.c (do_getattr): New key $AUTHKEYID. - -2005-09-06 Werner Koch - - * app-p15.c (do_sign): Tweaked for BELPIC cards. - (read_home_df): New arg R_BELPIC. - (app_select_p15): Set card type for BELPIC. - -2005-09-05 Werner Koch - - * iso7816.c (iso7816_select_path): New. - * app-p15.c (select_ef_by_path): Allow for direct path selection. - (app_select_p15): Try using the Belgian variant of pkcs#15. - (read_home_df): New. - (read_ef_odf): Generalized. - (read_ef_tokeninfo): New. - (read_p15_info): Set serialnumber from TokenInfo. - (app_select_p15): Don't munge serialNumber - that must be done - only once. - - * iso7816.c (iso7816_read_binary): Use Le=0 when reading all - data. Handle 6C00 error and take 6B00 as indication for EOF. - * apdu.h (SW_EXACT_LENGTH_P): New. - * apdu.c (new_reader_slot, reset_pcsc_reader, pcsc_get_status) - (open_pcsc_reader): Set new reader state IS_T0. - (apdu_send_le): When doing T=0 make sure not to send Lc and Le. - Problem reported by Carl Meijer. - (apdu_send_direct): Initialize RESULTLEN. - * pcsc-wrapper.c (handle_status): Return the current protocol as - a new third word. - -2005-08-05 Werner Koch - - * apdu.c (open_rapdu_reader): Set the reader number. - -2005-07-05 Werner Koch - - * app-openpgp.c (do_readkey): Return a mallcoed copy of the key as - required by the description. Thanks to Moritz for tracking this - problem down. - -2005-06-21 Werner Koch - - * scdaemon.c (main): ifdef call to ccid_set_debug_level. - - * apdu.c (reset_pcsc_reader, open_pcsc_reader): Cast size_t to - ulong for printf. - -2005-06-06 Werner Koch - - * scdaemon.c (main): New option --debug-allow-core-dump. - -2005-06-03 Werner Koch - - * scdaemon.c (handle_connections): Make sure that the signals we - are handling are not blocked.Block signals while creating new - threads. - (handle_connections): Include the file descriptor into the name of - the thread. - -2005-06-02 Werner Koch - - * app.c (app_dump_state, dump_mutex_state): New. - * scdaemon.c (handle_signal): Print it on SIGUSR1. - - * app-openpgp.c (do_writekey): Typo fix. - - * command.c (open_card): Check for locked state even if an - application context is available. - - * app-common.h: Add REF_COUNT field. - * app.c (release_application, select_application): Implement - reference counting to share the context beween connections. - - * app.c (lock_reader, unlock_reader): Take SLOT instead of APP as - argument. Changed all callers. - (select_application): Unlock the reader on error. This should fix - the hangs I noticed last week. - - * scdaemon.h: Removed card_ctx_t cruft. - -2005-06-01 Werner Koch - - * scdaemon.c: Include mkdtemp.h. - -2005-05-31 Werner Koch - - * tlv.c [GNUPG_MAJOR_VERSION==1]: Define constants instead of - including a gnupg 1.4 header. - -2005-05-30 Werner Koch - - * tlv.c: Add hack to compile without gpg-error.h when used with - GnuPG 1.4. - -2005-05-23 Werner Koch - - * Makefile.am: Do not build sc-copykeys anymore. - - * app-openpgp.c (app_openpgp_storekey, app_openpgp_readkey) - (app_openpgp_cardinfo): Removed. - - * ccid-driver.c (parse_ccid_descriptor): SCR335 FW version 5.14 is - good. - (do_close_reader): Never do a reset. The caller should instead - make sure that the reader has been closed properly. The new retry - code in ccid_slot_status will make sure that the readersatrts up - fine even if the last process didn't closed the USB connection - properly. - (ccid_get_atr): For certain readers try switching to ISO mode. - Thanks to Ludovic Rousseau for this hint and the magic numbers. - (print_command_failed): New. - (bulk_in): Use it here. Add new arg NO_DEBUG. - (ccid_slot_status): Disabled debugging. - -2005-05-21 Werner Koch - - * scdaemon.c (handle_signal): Print thread info on SIGUSR1. - -2005-05-20 Werner Koch - - * ccid-driver.c: Replaced macro DEBUG_T1 by a new debug level. - (parse_ccid_descriptor): Mark SCR335 firmware version 5.18 good. - (ccid_transceive): Arghhh. The seqno is another bit in the - R-block than in the I block, this was wrong at one place. - - * scdaemon.c: New options --debug-ccid-driver and - --debug-disable-ticker. - - * app-openpgp.c (do_genkey, do_writekey): Factored code to check - for existing key out into .. - (does_key_exist): .. New function. - -2005-05-19 Werner Koch - - * tlv.c (parse_sexp): New. - - * command.c (cmd_writekey): New. - * app.c (app_writekey): New. - * app-common.c (app_t): Add function ptr WRITEKEY. - * app-openpgp.c (do_writekey): New. - - * app-openpgp.c (do_readkey) [GNUPG_MAJOR_VERSION==1]: Return error. - * app-common.h (app_t) [GNUPG_MAJOR_VERSION==1]: Add a field to - store the Assuan context. - -2005-05-17 Werner Koch - - * scdaemon.c: Removed non-pth code paths. - (create_socket_name, create_server_socket): New. Taken from - ../agent/gpg-agent. - (cleanup): Changed to adjust for SOCKET_NAME now being malloced. - (ticker_thread): Always use pth_event_occurred; it is again - defined for all decent PTH versions. - (handle_connections): New. Based on the gpg-agent code. - (start_connection_thread): Ditto. - (ticker_thread): Removed. - (cleanup_sh): Removed. - (main): Run the handler for the pipe server in a separate - thread. This replaces the old ticker thread. - (scd_get_socket_name): New. - * command.c (cmd_getinfo): New command GETINFO. - (scd_command_handler): Renamed argument and changed code to use an - already connected FD. - -2005-05-15 Werner Koch - - * app.c, app-common.h, app-nks.c, app-p15.c, app-dinsig.c - * app-openpgp.c: Change most function return types from int to - gpg_error_t. - * command.c (pin_cb): Ditto. - * sc-copykeys.c (pincb): Ditto. - - * app.c (lock_reader, unlock_reader): New. Changed call handler - wrappers to make use of these functions. - -2005-05-07 Werner Koch - - * ccid-driver.c (do_close_reader): Don't do a reset before close. - Some folks reported that it makes the SCR335 hang less often. - Look at the source on how to re-enable it. - -2005-04-27 Werner Koch - - * app-p15.c (micardo_mse): New. - (do_sign): Call it. - * iso7816.c (iso7816_manage_security_env): Allow passing DATA as - NULL to indicate an empty Lc. - * tlv.c (find_tlv): Check that a found object fits into the - buffer. - (find_tlv_unchecked): New as replacement for the old non-checking - variant. - * app.c (select_application): Keep on using the non-checking - variant. - * app-openpgp.c (get_one_do, dump_all_do): Ditto. - - - Removal of the old OpenSC based code. - - * app-p15.c: New. Basic support for pkcs15 cards without OpenSC. - There are quite a couple of things missing but at least I can use - my old TCOS cards from the Aegypten-1 development for signing. - * app.c (select_application): Detect pkcs15 applications. - * Makefile.am (scdaemon_SOURCES): Removed card.c, card-common.h - and card-p15.c because they are now obsolete. Added app-p15.c. - Removed all OpenSC stuff. - * command.c (do_reset, open_card, cmd_serialno, cmd_learn) - (cmd_readcert, cmd_readkey, cmd_pksign, cmd_pkdecrypt): Removed - all special cases for the old card.c based mechanisms. - * scdaemon.c, apdu.c: Removed all special cases for OpenSC. - -2005-04-20 Werner Koch - - * command.c: Use GPG_ERR_LOCKED instead of EBUSY. - -2005-04-14 Werner Koch - - * app-openpgp.c (retrieve_key_material): Rewritten. Return a - proper error code. - (retrieve_next_token): Removed. - (retrieve_fpr_from_card): Rewritten to make use of DO caching and - to take the KEYNO as arg. - (get_public_key): Renamed variable for clarity. - -2005-04-12 Werner Koch - - Basic support for several sessions. - - * command.c (scd_command_handler): Replace the primary_connection - stuff by a real connection list. Release the local context on - exit. - (scd_update_reader_status_file): Update accordingly. Send signal - to all connections who registered an event signal. - (cmd_lock, cmd_unlock, register_commands): New commands LOCK and - UNLOCK. - (cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt, cmd_setattr) - (cmd_genkey, cmd_passwd, cmd_checkpin): Return an error if reader - is locked. - (do_reset): Handle locking. - (open_card): Ditto. Share the reader slot with other sessions. - (get_reader_slot): New. - (update_card_removed): New. Use it in the TEST_CARD_REMOVAL macro. - -2005-04-07 Werner Koch - - * app-openpgp.c (do_check_pin): Add hack to allow verification of - CHV3. - (get_public_key): Don't use gcry functions to create S-expressions. - (do_deinit, do_readkey, do_genkey, send_keypair_info): Adjust for - above change. - -2005-03-29 Moritz Schulte - - * app-openpgp.c (retrieve_fpr_from_card): New function. - (retrieve_next_token): New function. - (retrieve_key_material): New function. - (get_public_key): Implement retrival of key through expernal - helper (gpg) in case the openpgp card is not cooperative enough. - -2005-03-16 Werner Koch - - * ccid-driver.c (parse_ccid_descriptor): Make SCM workaround - reader type specific. - (scan_or_find_devices): Do not check the interface subclass in the - SPR532 kludge, as this depends on the firmware version. - (ccid_get_atr): Get the Slot status first. This solves the - problem with readers hanging on recent Linux 2.6.x. - (bulk_in): Add argument TIMEOUT and changed all callers to pass an - appropriate one. Change the standard timeout from 10 to 5 seconds. - (ccid_slot_status): Add a retry code with an initial short timeout. - (do_close_reader): Do an usb_reset before closing the reader. - -2005-02-25 Werner Koch - - * app-openpgp.c (get_public_key): Make sure not to return negative - numbers. - (do_sign): Allow passing of indata with algorithm prefix. - (do_auth): Allow OPENPGP.3 as an alternative ID. - - * app.c (app_getattr): Return just the S/N but not the timestamp. - -2005-02-24 Werner Koch - - * app.c (app_getattr): Return APPTYPE or SERIALNO type even if the - application does dot support the getattr call. - - * app-openpgp.c (get_one_do): Never try to get a non cacheable - object from the cache. - (get_one_do): Add new arg to return an error code. Changed all - callers. - (do_getattr): Let it return a proper error code. - - * app.c (select_application): Return an error code and the - application context in an new arg. - * command.c (open_card): Adjusted for that. Don't use the - fallback if no card is present. Return an error if the card has - been removed without a reset. - (do_reset, cmd_serialno): Clear that error flag. - (TEST_CARD_REMOVAL): New. Use it with all command handlers. - (scd_update_reader_status_file): Set the error flag on all changes. - - * scdaemon.c (ticker_thread): Termintate if a shutdown is pending. - - * apdu.c: Added some PCSC error codes. - (pcsc_error_to_sw): New. - (reset_pcsc_reader, pcsc_get_status, pcsc_send_apdu) - (open_pcsc_reader): Do proper error code mapping. - -2005-03-16 Werner Koch - - * ccid-driver.c (parse_ccid_descriptor): Make SCM workaround - reader type specific. - (scan_or_find_devices): Do not check the interface subclass in the - SPR532 kludge, as this depends on the firmware version. - (ccid_get_atr): Get the Slot status first. This solves the - problem with readers hanging on recent Linux 2.6.x. - -2005-02-22 Werner Koch - - * app-openpgp.c (app_local_s): New field PK. - (do_deinit, do_genkey, app_openpgp_storekey): Clear it. - (get_public_key, send_keypair_info): New. - (do_learn_status): Send KEYPAIR info - - * app-common.h (app_ctx_t): Add function pointer READKEY. - * app.c (app_readkey): New. - * command.c (cmd_readkey): Use READKEY function if possible. - -2005-01-26 Werner Koch - - * ccid-driver.c (parse_ccid_descriptor): Need the CSM workaround - also for newer firmware versions. Need to get a list of fixed - firmware versions and use that. - -2005-01-25 Werner Koch - - * apdu.c (apdu_send_le, apdu_send_direct): Fix some compiler - warnings. - - * app-openpgp.c (get_cached_data): New arg GET_IMMEDIATE to bypass - the cache. Changed all callers. - (get_one_do): Bypass the cache if the value would have been read - directly for v1.1 cards.It makes things a bit slower but obnly for - 1.0 cards and there are not that many cards out in the wild. This - is required to fix a caching bug when generating new keys; as a - side effect of the retrieval of the the C4 DO from the 6E DO the - cached fingerprint will get updated to the old value and later - when signing the generated key the checking of the fingerprint - fails because it won't match the new one. Thanks to Moritz for - analyzing this problem. - (verify_chv3): Removed the CHV status reread logic because we - won't cache the C4 DO anymore. - -2004-12-28 Werner Koch - - * ccid-driver.c (find_endpoint): New. - (scan_or_find_devices): Add new args to return endpoint info and - interface number. - (ccid_open_reader, ccid_shutdown_reader): Take care of these new - args. - (bulk_in, bulk_out): Use the correct endpoints. - (ccid_transceive_apdu_level): New. - (ccid_transceive): Divert to above. - (parse_ccid_descriptor): Allow APDU level exchange mode. - (do_close_reader): Pass the interface number to usb_release_interface. - -2004-12-21 Werner Koch - - * scdaemon.c (main): Use default_homedir(). - -2004-12-18 Werner Koch - - * scdaemon.c (main) [W32]: Remove special Pth initialize.. - - * scdaemon.h (map_assuan_err): Define in terms of - map_assuan_err_with_source. - -2004-12-15 Werner Koch - - * scdaemon.c [W32]: Various hacks to make it run under W32. - - * command.c (scd_update_reader_status_file) [W32]: Don't use kill. - - * apdu.c [W32]: Disable use of pcsc_wrapper. - - * Makefile.am (scdaemon_LDADD): Reorder libs. - (sc_copykeys_LDADD): Add libassuan because it is needed for W32. - -2004-12-06 Werner Koch - - * Makefile.am (pkglib_PROGRAMS): Build only for W32. - -2004-10-22 Werner Koch - - * app-openpgp.c (verify_chv3): The minium length for CHV3 is - 8. Changed string to match the other ones. - -2004-10-21 Werner Koch - - * app-openpgp.c (do_sign): Replace asprintf by direct allocation. - This avoids problems with missing vasprintf implementations in - gnupg 1.4. - - * app-common.h (app_openpgp_storekey: Add prototype. - -2004-10-20 Werner Koch - - * sc-investigate: Removed. - * Makefile.am (sc_investigate): Removed. - - * pcsc-wrapper.c (load_pcsc_driver): Load get_status_change func. - (handle_open): Succeed even without a present card. - (handle_status, handle_reset): New. - - * apdu.c (apdu_open_reader): Load pcsc_get_status_change fucntion. - (pcsc_get_status): Implemented. - (reset_pcsc_reader): Implemented. - (open_pcsc_reader): Succeed even with no card inserted. - (open_ccid_reader): Set LAST_STATUS. - - * iso7816.c (iso7816_select_application): Always use 0 for P1. - -2004-10-18 Werner Koch - - * ccid-driver.c (ccid_get_atr): Reset T=1 state info. - -2004-10-14 Werner Koch - - * app-openpgp.c (parse_login_data): New. - (app_select_openpgp): Call it. - (do_setattr): Reparse it after change. - -2004-10-06 Werner Koch - - * ccid-driver.c (ccid_open_reader): Store the vendor ID. - (ccid_transceive_secure): New. - (parse_ccid_descriptor): Workaround for an SCM reader problem. - -2004-10-04 Werner Koch - - * ccid-driver.c (send_escape_cmd): New. - -2004-09-30 Werner Koch - - * Makefile.am: Adjusted for gettext 0.14. - - * app-openpgp.c (do_sign): Add the error string to the verify - failed messages. - -2004-09-27 Werner Koch - - From gnupg 1.3 - - * app-openpgp.c: Made all strings translatable. - (verify_chv3) [GNUPG_MAJOR_VERSION]: Make opt.allow_admin - available for use in gnupg 2. - (verify_chv3): Reimplemented countdown showing to use only - functions from this module. Flush the CVH status cache on a - successful read. - (get_one_do): Hack to bypass the cache for cards versions > 1.0. - (store_fpr): Store the creation date for card version > 1.0. - - * app-openpgp.c (app_openpgp_storekey): Call flush_cache. - (get_cached_data): Move local data initialization to .. - (app_select_openpgp): .. here. Read some flags for later use. - (do_getattr): New read-only attribute EXTCAP. - - * apdu.c (open_pcsc_reader): Do not print empty reader string. - - * ccid-driver.c (do_close_reader): Factored some code out from ... - (ccid_close_reader): ..here. - (ccid_shutdown_reader): New. - - * apdu.c (apdu_shutdown_reader): New. - (shutdown_ccid_reader): New. - - * apdu.c (open_ccid_reader): New arg PORTSTR. Pass it to - ccid_open_reader. - (apdu_open_reader): Pass portstr to open_ccid_reader. - (apdu_open_reader): No fallback if a full CCID reader id has been - given. - - * ccid-driver.c (ccid_get_reader_list): New. - (ccid_open_reader): Changed API to take a string for the reader. - Removed al the cruft for the libusb development vesion which seems - not to be maintained anymore and there are no packages anyway. - The stable library works just fine. - (struct ccid_reader_id_s): Deleted and replaced everywhere by a - simple string. - (usb_get_string_simple): Removed. - (bulk_in): Do valgrind hack here and not just everywhere. - - * ccid-driver.c (read_device_info): Removed. - (make_reader_id, scan_or_find_devices): New. - (ccid_open_reader): Simplified by make use of the new functions. - (ccid_set_debug_level): New. Changed the macros to make use of - it. It has turned out that it is often useful to enable debugging - at runtime so I added this option. - - From gnupg 1.3 - David Shaw - - * app-openpgp.c (verify_chv3): Show a countdown of how many wrong - admin PINs can be entered before the card is locked. - - * app-openpgp.c (get_cached_data): Avoid mallocing zero since it - breaks us when using --enable-m-guard. - - * ccid-driver.c (usb_get_string_simple): Replacement function to - work with older libusb. - - * ccid-driver.c (read_device_info): Fix segfault when usb device - is not accessible. - (ccid_open_reader): Allow working with an even older version of - libusb (usb_busses global instead of usb_get_busses()). - -2004-09-11 Werner Koch - - * app-openpgp.c (app_select_openpgp): Its app_munge_serialno and - not app_number_serialno. - -2004-08-20 Werner Koch - - * app.c (select_application): Fixed serial number extraction and - added the BMI card workaround. - (app_munge_serialno): New. - * app-openpgp.c (app_select_openpgp): Try munging serialno. - -2004-08-05 Werner Koch - - * scdaemon.c (main): New option --disable-application. - * app.c (is_app_allowed): New. - (select_application): Use it to check for disabled applications. - - * ccid-driver.h (CCID_DRIVER_ERR_ABORTED): New. - * ccid-driver.c (ccid_open_reader): Support the stable 0.1 version - of libusb. - (ccid_get_atr): Handle short messages. - - * apdu.c (my_rapdu_get_status): Implemented. - -2004-07-27 Moritz Schulte - - * apdu.c: Include . - - * Makefile.am: Use @DL_LIBS@ instead of -ldl. - -2004-07-22 Werner Koch - - * Makefile.am: Make OpenSC lib link after libgcrypt. Do not link - to pth. - * apdu.c: Don't use Pth if we use OpenSC. - * sc-investigate.c, scdaemon.c: Disable use of pth if OpenSC is used. - - * scdaemon.c (main): Bumbed thread stack size up to 512k. - -2004-07-16 Werner Koch - - * apdu.c (reader_table_s): Add function pointers for the backends. - (apdu_close_reader, apdu_get_status, apdu_activate) - (send_apdu): Make use of them. - (new_reader_slot): Intialize them to NULL. - (dump_ccid_reader_status, ct_dump_reader_status): New. - (dump_pcsc_reader_status): New. - (open_ct_reader, open_pcsc_reader, open_ccid_reader) - (open_osc_reader, open_rapdu_reader): Intialize function pointers. - (ct_activate_card, ct_send_apdu, pcsc_send_apdu, osc_send_apdu) - (error_string): Removed. Replaced by apdu_strerror. - (get_ccid_error_string): Removed. - (ct_activate_card): Remove the unused loop. - (reset_ct_reader): Implemented. - (ct_send_apdu): Activate the card if not yet done. - (pcsc_send_apdu): Ditto. - -2004-07-15 Werner Koch - - * ccid-driver.h: Add error codes. - * ccid-driver.c: Implement more or less proper error codes all - over the place. - - * apdu.c (apdu_send_direct): New. - (get_ccid_error_string): Add some error code mappings. - (send_apdu): Pass error codes along for drivers already supporting - them. - (host_sw_string): New. - (get_ccid_error_string): Use above. - (send_apdu_ccid): Reset the reader if it has not yet been done. - (open_ccid_reader): Don't care if the ATR can't be read. - (apdu_activate_card): New. - (apdu_strerror): New. - (dump_reader_status): Only enable it with opt.VERBOSE. - * iso7816.c (map_sw): Add mappings for the new error codes. - -2004-07-02 Werner Koch - - * apdu.c (open_ct_reader, open_pcsc_reader, open_ccid_reader) - (reset_ccid_reader, open_osc_reader): Call dump_reader_status only - in verbose mode. - -2004-07-01 Werner Koch - - * sc-investigate.c: Initialize Pth which is now required. - (interactive_shell): New command "readpk". - - * app-openpgp.c (do_getattr): Fix for sending CA-FPR. - -2004-06-30 Werner Koch - - * app-openpgp.c (app_openpgp_readkey): Fixed check for valid - exponent. - -2004-06-18 Werner Koch - - * sc-investigate.c (my_read_line): Renamed from read_line. - -2004-06-16 Werner Koch - - * apdu.c (osc_get_status): Fixed type in function name. Noted by - Axel Thimm. Yes, I didn't tested it with OpenSC :-(. - -2004-04-28 Werner Koch - - * app-openpgp.c (do_setattr): Sync FORCE_CHV1. - -2004-04-27 Werner Koch - - * app-common.h: Do not include ksba.h for gnupg 1. - -2004-04-26 Werner Koch - - * app-common.h: New members FNC.DEINIT and APP_LOCAL. - * app.c (release_application): Call new deconstructor. - * app-openpgp.c (do_deinit): New. - (get_cached_data, flush_cache_item, flush_cache_after_error) - (flush_cache): New. - (get_one_do): Replaced arg SLOT by APP. Make used of cached data. - (verify_chv2, verify_chv3): Flush some cache item after error. - (do_change_pin): Ditto. - (do_sign): Ditto. - (do_setattr): Flush cache item. - (do_genkey): Flush the entire cache. - (compare_fingerprint): Use cached data. - - * scdaemon.c (main): Do the last change the usual way. This is so - that we can easily test for versioned config files above. - -2004-04-26 Marcus Brinkmann - - * scdaemon.c (main): For now, always print default filename for - --gpgconf-list, and never /dev/null. - -2004-04-21 Werner Koch - - * command.c (scd_update_reader_status_file): Send a signal back to - the client. - (option_handler): Parse the new event-signal option. - - * scdaemon.c (handle_signal): Do not use SIGUSR{1,2} anymore for - changing the verbosity. - -2004-04-20 Werner Koch - - * command.c (scd_update_reader_status_file): Write status files. - - * app-help.c (app_help_read_length_of_cert): Fixed calculation of - R_CERTOFF. - - * pcsc-wrapper.c: New. - * Makefile.am (pkglib_PROGRAMS): Install it here. - * apdu.c (writen, readn): New. - (open_pcsc_reader, pcsc_send_apdu, close_pcsc_reader): Use the - pcsc-wrapper if we are using Pth. - (apdu_send_le): Reinitialize RESULTLEN. Handle SW_EOF_REACHED - like SW_SUCCESS. - -2004-04-19 Werner Koch - - * ccid-driver.c (parse_ccid_descriptor): Store some of the reader - features away. New arg HANDLE - (read_device_info): New arg HANDLE. Changed caller. - (bulk_in): Handle time extension requests. - (ccid_get_atr): Setup parameters and the IFSD. - (compute_edc): New. Factored out code. - (ccid_transceive): Use default NADs when required. - -2004-04-14 Werner Koch - - * scdaemon.h (server_control_s): Add member READER_SLOT. - * scdaemon.c (scd_init_default_ctrl): Initialize READER_SLOT to -1. - * command.c (open_card): Reuse an open slot. - (reset_notify): Just reset the slot if supported by the reader. - (do_reset): Factored code from above out. - (scd_command_handler): Use it for cleanup. - - * apdu.h: New pseudo stati SW_HOST_NOT_SUPPORTED, - SW_HOST_LOCKING_FAILED and SW_HOST_BUSY. - * iso7816.c (map_sw): Map it. - - * ccid-driver.c (ccid_slot_status): Add arg STATUSBITS. - * apdu.c (apdu_get_status): New. - (ct_get_status, pcsc_get_status, ocsc_get_status): New stubs. - (get_status_ccid): New. - (apdu_reset): New. - (reset_ct_reader, reset_pcsc_reader, reset_osc_reader): New stubs. - (reset_ccid_reader): New. - (apdu_enum_reader): New. - - * apdu.c (lock_slot, trylock_slot, unlock_slot): New helpers. - (new_reader_slot) [USE_GNU_PTH]: Init mutex. - (apdu_reset, apdu_get_status, apdu_send_le): Run functions - in locked mode. - - * command.c (scd_update_reader_status_file): New. - * scdaemon.c (handle_tick): Call it. - -2004-04-13 Werner Koch - - * scdaemon.c: Convert to a Pth application. - (handle_signal, ticker_thread, handle_tick): New. - (main): Fire up the ticker thread in server mode. - -2004-03-23 Werner Koch - - * scdaemon.c (main) : Fixed output for pcsc_driver. - -2004-03-17 Werner Koch - - * tlv.c (parse_ber_header): Do not check for tag overflow - it - does not make sense. Simplified the check for length overflow. - - * scdaemon.c (main) : Fixed default value quoting. - -2004-03-16 Werner Koch - - * app-dinsig.c: Implemented. Based on app-nks.c and card-dinsig.c - * app-nks.c (get_length_of_cert): Removed. - * app-help.c: New. - (app_help_read_length_of_cert): New. Code taken from above. New - optional arg R_CERTOFF. - - * card-dinsig.c: Removed. - * card.c (card_get_serial_and_stamp): Do not bind to the old and - never finsiged card-dinsig.c. - - * iso7816.c (iso7816_read_binary): Allow for an NMAX > 254. - -2004-03-11 Werner Koch - - * scdaemon.h (out_of_core): Removed. Replaced callers by standard - gpg_error function. - - * apdu.c, iso7816.c, ccid-driver.c [GNUPG_SCD_MAIN_HEADER]: Allow - to include a header defined by the compiler. This helps us to - reuse the source in other software. - -2004-03-10 Werner Koch - - * iso7816.c (iso7816_read_record): New arg SHORT_EF. Changed all - callers. - -2004-02-18 Werner Koch - - * sc-investigate.c (main): Setup the used character set. - * scdaemon.c (main): Ditto. - - * scdaemon.c (set_debug): New. Add option --debug-level. - (main): Add option --gpgconf-list. - -2004-02-12 Werner Koch - - * Makefile.am: Include cmacros.am for common flags. - -2004-01-29 Werner Koch - - * command.c (reset_notify): Release the application context and - close the reader. - -2004-01-28 Werner Koch - - * iso7816.c (iso7816_manage_security_env): New. - (iso7816_decipher): Add PADIND argument. - -2004-01-27 Werner Koch - - * command.c (cmd_readcert, cmd_readkey): Work on a copy of LINE. - - * app-common.h (app_ctx_s): Added readcert field. - * app.c (app_readcert): New. - * tlv.c (parse_ber_header): Added; taken from libksba. - -2004-01-26 Werner Koch - - * card.c (map_sc_err): Use SCD as the error source. - - * command.c (open_card): ADD arg NAME to allow requesting a - specific application. Changed all callers. - (cmd_serialno): Allow optional argument to select the desired - application. - - * app-nks.c: New. - - * scdaemon.h (opt): Add READER_PORT. - * scdaemon.c (main): Set it here. - * app.c (app_set_default_reader_port): Removed. - (select_application): Add NAME arg and figure out a - default serial number from the GDO. Add SLOT arg and remove all - reader management. - (release_application): New. - (app_write_learn_status): Output an APPTYPE status line. - * command.c (open_card): Adapt for select_application change. - * app-openpgp.c (app_select_openpgp): Removed SN and SNLEN args - and set it directly. Changed all callers. - -2004-01-25 Werner Koch - - * iso7816.c (iso7816_select_application): P1 kludge for OpenPGP - card. - * app-openpgp.c (find_tlv): Factor out this function to .. - * tlv.c, tlv.h: .. new. - - * scdaemon.h: Introduced app_t and ctrl_t as the new types for APP - and CTRL. - -2004-01-21 Werner Koch - - * apdu.c (apdu_send_le): Treat SW_EOF_REACHED as a warning. - -2004-01-20 Werner Koch - - * iso7816.c (iso7816_read_binary): New. - (iso7816_select_file): New. - (iso7816_list_directory): New. - - * sc-investigate.c: Add option -i. - (select_app, read_line, interactive_shell): New. - -2004-01-16 Werner Koch - - * apdu.h: Add SW_FILE_NOT_FOUND. - * iso7816.c (map_sw): Map it to GPG_ERR_ENOENT. - * iso7816.c (iso7816_select_file): New. - - * app-dinsig.c: New file w/o any real code yet. - * Makefile.am (scdaemon_SOURCES,sc_investigate_SOURCES): Add file. - - * sc-investigate.c: Add option --disable-ccid. - -2003-12-19 Werner Koch - - * apdu.c (apdu_send_le): Send a get_response with the indicated - length and not the 64 bytes we used for testing. - - * app-openpgp.c (verify_chv2, verify_chv3, do_sign): Check the - minimum length of the passphrase, so that we don't need to - decrement the retry counter. - -2003-12-17 Werner Koch - - * card-p15.c (p15_enum_keypairs): Replaced KRC by RC. - * card-dinsig.c (dinsig_enum_keypairs): Ditto. - -2003-12-16 Werner Koch - - * scdaemon.c (main): Set the prefixes for assuan logging. - -2003-11-17 Werner Koch - - * scdaemon.c, scdaemon.h: New options --allow-admin and --deny-admin. - * app-openpgp.c (verify_chv3): Check it here. - -2003-11-12 Werner Koch - - Adjusted for API changes in Libksba. - -2003-10-30 Werner Koch - - * apdu.c (close_ct_reader, close_pcsc_reader): Implemented. - (get_ccid_error_string): New. Not very useful messages, though. - -2003-10-25 Werner Koch - - * ccid-driver.c (ccid_open_reader): Return an error if no USB - devices are found. - - * command.c (cmd_genkey, cmd_passwd): Fixed faulty use of - !spacep(). - - * apdu.c (apdu_open_reader): Hacks for PC/SC under Windows. - -2003-10-20 Werner Koch - - * command.c (cmd_checkpin): New. - (register_commands): Add command CHECKPIN. - * app.c (app_check_pin): New. - * app-openpgp.c (check_against_given_fingerprint): New. Factored - out that code elsewhere. - (do_check_pin): New. - -2003-10-10 Werner Koch - - * ccid-driver.c (ccid_close_reader): New. - - * apdu.c (close_ccid_reader, close_ct_reader, close_csc_reader) - (close_osc_reader, apdu_close_reader): New. Not all are properly - implemented yet. - -2003-10-09 Werner Koch - - * ccid-driver.c (ccid_transceive): Add T=1 chaining for sending. - -2003-10-08 Werner Koch - - * app-openpgp.c (do_getattr): Support SERIALNO and AID. - -2003-10-01 Werner Koch - - * ccid-driver.c: Detect GnuPG 1.3 and include appropriate files. - * apdu.c: Ditto. - * app-openpgp.c: Ditto. - * iso7816.c: Ditto. - (generate_keypair): Renamed to .. - (do_generate_keypair): .. this. - * app-common.h [GNUPG_MAJOR_VERSION]: New. - * iso7816.h [GNUPG_MAJOR_VERSION]: Include cardglue.h - -2003-09-30 Werner Koch - - * command.c (cmd_getattr): New command GETATTR. - * app.c (app_setattr): New. - (do_getattr): New. - (do_learn_status): Reimplemented in terms of do_getattr. - - * app-openpgp.c (do_change_pin): Make sure CVH1 and CHV2 are - always synced. - (verify_chv2, verify_chv3): New. Factored out common code. - (do_setattr, do_sign, do_auth, do_decipher): Change the names of - the prompts to match that we have only 2 different PINs. - (app_select_openpgp): Check whether the card enforced CHV1. - (convert_sig_counter_value): New. Factor out code from - get_sig_counter. - -2003-09-28 Werner Koch - - * app-openpgp.c (dump_all_do): Use gpg_err_code and not gpg_error. - -2003-09-19 Werner Koch - - * ccid-driver.c (parse_ccid_descriptor): New. - (read_device_info): New. - (ccid_open_reader): Check that the device has all required features. - -2003-09-06 Werner Koch - - * scdaemon.c (main): --pcsc-driver again defaults to pcsclite. - David Corcoran was so kind to remove the GPL incompatible - advertisng clause from pcsclite. - * apdu.c (apdu_open_reader): Actually make pcsc-driver option work. - -2003-09-05 Werner Koch - - * ccid-driver.c: More work, data can now actually be retrieved. - * ccid-driver.c, ccid-driver.h: Alternativley allow use under BSD - conditions. - -2003-09-02 Werner Koch - - * scdaemon.c, scdaemon.h: New option --pcsc-ccid. - * ccid-driver.c, ccid-driver.h: New but far from being useful. - * Makefile.am: Add above. - * apdu.c: Add support for that ccid driver. - -2003-08-26 Timo Schulz - - * apdu.c (new_reader_slot): Only set 'is_osc' when OpenSC - is used. - -2003-08-25 Werner Koch - - * command.c (cmd_setattr): Use a copy of LINE. - (cmd_genkey): Use a copy of KEYNO. - (cmd_passwd): Use a copy of CHVNOSTR. - (cmd_pksign, cmd_pkauth, cmd_pkdecrypt): s/strdup/xtrystrdup/. - -2003-08-19 Werner Koch - - * scdaemon.c, scdaemon.h: New option --pcsc-driver. - * apdu.c (apdu_open_reader): Use that option here instead of a - hardcoded one. - -2003-08-18 Werner Koch - - * Makefile.am: Add OPENSC_LIBS to all programs. - - * scdaemon.c, scdaemon.h: New option --disable-opensc. - * card.c (card_open): Implement it. - * apdu.c (open_osc_reader, osc_send_apdu): New. - (apdu_open_reader) [HAVE_OPENSC]: Use the opensc driver if not - disabled. - (error_string) [HAVE_OPENSC]: Use sc_strerror. - (send_apdu) [HAVE_OPENSC]: Call osc_apdu_send. - - * card-p15.c (p15_enum_keypairs, p15_prepare_key): Adjusted for - libgpg-error. - -2003-08-14 Timo Schulz - - * apdu.c (ct_activate_card): Change the code a little to avoid - problems with other readers. - * Always use 'dynload.h' instead of 'dlfcn.h'. - -2003-08-05 Werner Koch - - * app-openpgp.c (dump_all_do): Don't analyze constructed DOs after - an error. - -2003-08-04 Werner Koch - - * app.c (app_set_default_reader_port): New. - (select_application): Use it here. - * scdaemon.c (main): and here. - * sc-copykeys.c: --reader-port does now take a string. - * sc-investigate.c, scdaemon.c: Ditto. - * apdu.c (apdu_open_reader): Ditto. Load pcsclite if no ctapi - driver is configured. Always include code for ctapi. - (new_reader_slot): Don't test for already used ports and remove - port arg. - (open_pcsc_reader, pcsc_send_apdu, pcsc_error_string): New. - (apdu_send_le): Changed RC to long to cope with PC/SC. - - * scdaemon.c, scdaemon.h: New option --ctapi-driver. - * sc-investigate.c, sc-copykeys.c: Ditto. - -2003-07-31 Werner Koch - - * Makefile.am (scdaemon_LDADD): Added INTLLIBS. - -2003-07-28 Werner Koch - - * app-openpgp.c (do_setattr): Change implementation. Allow all - useful DOs. - -2003-07-27 Werner Koch - - Adjusted for gcry_mpi_print and gcry_mpi_scan API change. - -2003-07-24 Werner Koch - - * app-openpgp.c (do_learn_status): Print more status information. - (app_select_openpgp): Store the card version. - (store_fpr): Add argument card_version and fix DOs for old cards. - (app_openpgp_storekey): Likewise. - -2003-07-23 Werner Koch - - * command.c (cmd_pkauth): New. - (cmd_setdata): Check whether data was given at all to avoid - passing 0 to malloc. - - * app.c (app_auth): New. - * app-openpgp.c (do_auth): New. - -2003-07-22 Werner Koch - - * command.c (cmd_passwd): New. - * app.c (app_change_pin): New. - * app-openpgp.c (do_change_pin): New. - * iso7816.c (iso7816_reset_retry_counter): Implemented. - - * sc-investigate.c (main): New option --gen-random. - * iso7816.c (iso7816_get_challenge): Don't create APDUs with a - length larger than 255. - -2003-07-17 Werner Koch - - * command.c (cmd_random): New command RANDOM. - - * iso7816.c (map_sw): New. Use it in this file to return - meaningful error messages. Changed all public fucntions to return - a gpg_error_t. - (iso7816_change_reference_data): New. - * apdu.c (apdu_open_reader): Use faked status words for soem - system errors. - -2003-07-16 Werner Koch - - * apdu.c (apdu_send_simple): Use apdu_send_le so that we can - specify not to send Le as it should be. - -2003-07-15 Werner Koch - - * Makefile.am: Add sc-copykeys program. - * sc-copykeys.c: New. - * app-openpgp.c (app_openpgp_storekey): New. - (app_openpgp_cardinfo): New. - (count_bits): New. - (store_fpr): And use it here to get the actual length in bit. - -2003-07-03 Werner Koch - - * app-openpgp.c (do_setattr): Add setting of the URL. - (app_select_openpgp): Dump card data only in very verbose mode. - (do_decipher): New. - -2003-07-02 Werner Koch - - * app-openpgp.c (get_sig_counter): New. - (do_sign): Print the signature counter and enable the PIN callback. - (do_genkey): Implement the PIN callback. - -2003-07-01 Werner Koch - - * app-openpgp.c (store_fpr): Fixed fingerprint calculation. - -2003-06-26 Werner Koch - - * app-openpgp.c (find_tlv): Fixed length header parsing. - - * app.c (app_genkey): New. - * command.c (cmd_genkey): New. - -2003-06-25 Werner Koch - - * command.c (percent_plus_unescape): New. - (cmd_setattr): New. - -2003-06-24 Werner Koch - - * command.c (send_status_info): New. - - * app-openpgp.c (app_select_openpgp): Replace SLOT arg by APP arg - and setup the function pointers in APP on success. Changed callers. - * app.c: New. - * app-common.h: New. - * scdaemon.h (APP): New type to handle applications. - (server_control_s): Add an APP context field. - - * command.c (cmd_serialno): Handle applications. - (cmd_pksign): Ditto. - (cmd_pkdecrypt): Ditto. - (reset_notify): Ditto. - (cmd_learn): For now return error for application contexts. - (cmd_readcert): Ditto. - (cmd_readkey): Ditto. - -2003-06-04 Werner Koch - - * card.c (map_sc_err): Renamed gpg_make_err to gpg_err_make. - - Renamed error codes from INVALID to INV and removed _ERROR suffixes. - -2003-06-03 Werner Koch - - Changed all error codes in all files to the new libgpg-error scheme. - - * scdaemon.h: Include gpg-error.h and errno.h - * card.c (map_sc_err): Use unknown for the error source. - * Makefile.am: Link with libgpg-error - -2003-05-14 Werner Koch - - * atr.c, atr.h: New. - * sc-investigate.c: Dump the ATR in a human readable format. - -2003-05-08 Werner Koch - - * scdaemon.h (DBG_CARD_IO_VALUE): New. - - * sc-investigate.c: New. - * scdaemon.c (main): Removed --print-atr option. - - * iso7816.c, iso7816.h, app-openpgp.c: New. - -2003-04-29 Werner Koch - - * scdaemon.c: New options --print-atr and --reader-port - * apdu.c, apdu.h: New - - * card.c, card-p15.c, card-dinsig.c: Allow build without OpenSC. - - * Makefile.am (LDFLAGS): Removed. - - * command.c (register_commands): Adjusted for new Assuan semantics. - -2002-08-21 Werner Koch - - * scdaemon.c (main): New option --daemon so that the program is - not accidently started in the background. - -2002-08-16 Werner Koch - - * scdaemon.c: Include i18n.h. - - * card-common.h (struct p15_private_s): Forward declaration. Add - it to card_ctx_s. - * card.c (card_close): Make sure private data is released. - (card_enum_certs): New. - * card-p15.c (p15_release_private_data): New. - (init_private_data): New to work around an OpenSC weirdness. - (p15_enum_keypairs): Do an OpenSC get_objects only once. - (p15_enum_certs): New. - (card_p15_bind): Bind new function. - * command.c (cmd_learn): Return information about the certificates. - -2002-08-09 Werner Koch - - * card.c (card_get_serial_and_stamp): Use the tokeinfo serial - number as a fallback. Add a special prefix for serial numbers. - -2002-07-30 Werner Koch - - Changes to cope with OpenSC 0.7.0: - - * card.c: Removed the check for the packed opensc version. - Changed include file names of opensc. - (map_sc_err): Adjusted error codes for new opensc version. - * card-p15.c: Changed include filename of opensc. - * card-dinsig.c: Ditto. - - * card-p15.c (p15_decipher): Add flags argument to OpenSC call. - -2002-07-24 Werner Koch - - * card.c (find_simple_tlv, find_iccsn): New. - (card_get_serial_and_stamp): Improved serial number parser. - -2002-06-27 Werner Koch - - * scdaemon.c (main): Use GNUPG_DEFAULT_HOMEDIR constant. - -2002-06-15 Werner Koch - - * card-dinsig.c: Documented some stuff from the DIN norm. - -2002-04-15 Werner Koch - - * command.c (cmd_pksign, cmd_pkdecrypt): Use a copy of the key ID. - -2002-04-12 Werner Koch - - * scdaemon.c: New option --debug-sc N. - * card.c (card_open): set it here. - - * card-p15.c (p15_prepare_key): Factored out common code from ... - (p15_sign, p15_decipher): here and made the decryption work the - regular way. - -2002-04-10 Werner Koch - - * card.c (card_open): Return immediately when no reader is available. - -2002-03-27 Werner Koch - - * card.c (card_open, card_close): Adjusted for changes in OpenSC. - -2002-03-10 Werner Koch - - * card-p15.c, card-dinsig.c, card-common.h: New. - * card.c: Factored most code out to the new modules, so that we - can better support different types of card applications. - -2002-01-26 Werner Koch - - * scdaemon.c scdaemon.h, command.c: New. Based on the code from - the gpg-agent. - - - Copyright 2002, 2003, 2004, 2005, 2007, 2008 Free Software Foundation, Inc. - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even the - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/scd/ChangeLog-2011 b/scd/ChangeLog-2011 new file mode 100644 index 000000000..9184af4c5 --- /dev/null +++ b/scd/ChangeLog-2011 @@ -0,0 +1,2592 @@ +2011-12-01 Werner Koch + + NB: ChangeLog files are no longer manually maintained. Starting + on December 1st, 2011 we put change information only in the GIT + commit log, and generate a top-level ChangeLog file from logs at + "make dist". See doc/HACKING for details. + +2011-12-01 Niibe Yutaka + + * app-openpgp.c (do_change_pin): Fix pincb messages when + use_keypad == 1. + +2011-11-29 Niibe Yutaka + + PC/SC pininput support for passphrase modification (2/2) + * apdu.h (apdu_send_simple_kp): Remove. + + * apdu.c (pcsc_keypad_modify): Add bConfirmPIN handling. + (apdu_send_simple_kp): Remove. + + * iso7816.h (iso7816_reset_retry_counter_kp): Remove arguments + of NEWCHV, and NEWCHVLEN. + (iso7816_reset_retry_counter_with_rc_kp, iso7816_put_data_kp): New. + + * iso7816.c (iso7816_reset_retry_counter_with_rc_kp): New. + (iso7816_reset_retry_counter_kp): Call apdu_keypad_modify. Only + handle the case with PININFO. + (iso7816_reset_retry_counter): Don't call + iso7816_reset_retry_counter_kp. + (iso7816_put_data_kp): New. + + * app-openpgp.c (do_change_pin): Add with_resetcode. + Handle keypad for unblocking pass phrase with resetcode, + setting up of resetcode, and unblocking by admin. + + PC/SC pininput support for passphrase modification (1/2) + * iso7816.h (iso7816_change_reference_data_kp): Remove arguments + of OLDCHV, OLDCHVLEN, NEWCHV, and NEWCHVLEN. + + * iso7816.c (iso7816_change_reference_data_kp): Call + apdu_keypad_modify. + (iso7816_change_reference_data): Don't call + iso7816_change_reference_data_kp. + + * apdu.h (apdu_keypad_modify): New. + + * apdu.c (pcsc_keypad_modify, apdu_keypad_modify): New. + (struct reader_table_s): New memeber function keypad_modify. + (new_reader_slot, open_ct_reader, open_ccid_reader) + (open_rapdu_reader): Initialize keypad_modify. + + * app-openpgp.c (do_change_pin): Handle keypad and call + iso7816_change_reference_data_kp if it is the case. + +2011-11-28 Niibe Yutaka + + * iso7816.h (iso7816_verify_kp): Remove arguments of CHV and CHVLEN. + + * iso7816.c (iso7816_verify_kp): Call apdu_keypad_verify. Only + handle the case with PININFO. + (iso7816_verify): Call apdu_send_simple. + + * app-openpgp.c (verify_a_chv, verify_chv3): Follow the change of + iso7816_verify_kp. + + * app-nks.c (verify_pin): Likewise. + + * app-dinsig.c (verify_pin): Likewise. + + * apdu.c: Include "iso7816.h". + (struct reader_table_s): New memeber function keypad_verify. + Add fields verify_ioctl and modify_ioctl in pcsc. + (CM_IOCTL_GET_FEATURE_REQUEST, FEATURE_VERIFY_PIN_DIRECT) + (FEATURE_MODIFY_PIN_DIRECT): New. + (pcsc_control): New. + (control_pcsc_direct, control_pcsc_wrapped, control_pcsc) + (check_pcsc_keypad, pcsc_keypad_verify): New. + (ccid_keypad_verify, apdu_keypad_verify): New. + (new_reader_slot): Initialize with check_pcsc_keypad, + pcsc_keypad_verify, verify_ioctl and modify_ioctl. + (open_ct_reader): Initialize keypad_verify with NULL. + (open_ccid_reader): Initialize keypad_verify. + (open_rapdu_reader): Initialize keypad_verify with NULL. + (apdu_open_reader): Initialize pcsc_control. + + * pcsc-wrapper.c (load_pcsc_driver): Initialize pcsc_control. + (handle_control): New. + (main): Handle the case 6 of handle_control. + +2011-08-10 Werner Koch + + * command.c (cmd_killscd): Use the new assuan force close flag + if available. + +2011-08-08 Werner Koch + + * app-openpgp.c (do_decipher): Take care of accidentally passed + signed integer data with a leading 0. + +2011-06-16 Werner Koch + + * app-openpgp.c (send_key_data): Implemented chunked mode. + (change_keyattr): Increase limit to 4096. + (do_decipher): Adjust padding for 4096 bit keys. + +2011-02-23 Werner Koch + + * apdu.c (apdu_open_reader): Lock in to CCID if used once. + +2011-01-25 NIIBE Yutaka , + Grant Olson (wk) + + * command.c (do_reset, get_reader_slot) + (update_reader_status_file): Fix handling of the VALID flag for + unplugged readers. + +2011-01-25 Werner Koch + + From 2.0 branch, 2010-03-17: + + * command.c (open_card): Return GPG_ERR_NOT_OPERATIONAL if no + card services are available. + (get_reader_slot): Detect no services status. + (cmd_serialno): No reset if there are no services. + (scd_command_handler): Stop scdaemon in that case. + * apdu.c (pcsc_no_service): New. + (open_pcsc_reader_direct): Set it. + (apdu_open_reader): Add arg R_NO_SERVICE. + +2011-01-05 Werner Koch + + * ccid-driver.c (ccid_transceive_secure): Support the gnuk token. + +2010-11-16 Werner Koch + + * apdu.c (PCSC_UNKNOWN) [W32]: Fix all these values which don't + match those of libpcsc. Reported by Michael Petig. + +2010-10-27 Werner Koch + + * scdaemon.c (create_socket_name): Use TMPDIR. Change callers. + +2010-10-18 Werner Koch + + * app-openpgp.c (parse_algorithm_attribute): Remove extra const in + definition of DESC. + +2010-08-16 Werner Koch + + * scdaemon.c: Replace remaining printf by es_printf. + +2010-06-09 Werner Koch + + * scdaemon.c (main): s/log_set_get_tid_callback/log_set_pid_suffix_cb/. + (tid_log_callback): Adjust for this change. + +2010-03-11 Werner Koch + + * scdaemon.c: Include "asshelp.h". + (main): Remove assuan_set_assuan_log_prefix. Add + assuan_set_log_cb. + (handle_signal): Disable pth ctrl dumping. + * command.c (scd_command_handler): Remove assuan_set_log_stream. + +2010-03-10 Werner Koch + + * Makefile.am (scdaemon_LDADD): Remove libjnlib.a. + +2009-12-15 Werner Koch + + * iso7816.c (do_generate_keypair): s/readonly/read_only/ because + the first is a keyword in VMS C. + +2009-12-03 Werner Koch + + * scdaemon.c (set_debug): Allow for numerical debug leveles. Print + active debug flags. + +2009-11-25 Marcus Brinkmann + + * command.c (scd_command_handler): Use assuan_fd_t and + assuan_fdopen on fds. + +2009-11-05 Marcus Brinkmann + + * command.c (scd_command_handler): Call assuan_init_socket_server, + not assuan_init_socket_server_ext. + +2009-11-04 Werner Koch + + * command.c (register_commands): Add help arg to + assuan_register_command. Add help strings to all commands. + +2009-11-02 Marcus Brinkmann + + * command.c (reset_notify): Take LINE arg and return error. + (register_commands): Use assuan_handler_t type. + +2009-10-25 Werner Koch + + * scdaemon.c (scd_deinit_default_ctrl): Release IN_DATA. + * command.c (cmd_setdata): Release IN_DATA. Reported by Klaus + Flittner. + +2009-10-16 Marcus Brinkmann + + * AM_CFLAGS, scdaemon_LDADD: Use libassuan instead of libassuan-pth. + * scdaemon.c: Invoke ASSUAN_SYSTEM_PTH_IMPL. + (main): Call assuan_set_system_hooks and assuan_sock_init. + +2009-09-23 Marcus Brinkmann + + * command.c: Include "scdaemon.h" before because of + GPG_ERR_SOURCE_DEFAULT check. + (option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert) + (cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt) + (cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey) + (cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock) + (cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu) + (cmd_killscd): Return gpg_error_t instead of int. + (scd_command_handler): Allocate assuan context before starting server. + * scdaemon.c (main): Update to new Assuan API. + +2009-09-03 Werner Koch + + * app-openpgp.c (do_decipher): Compute required Le. + * iso7816.c (iso7816_decipher): Add new arg LE. + * app-nks.c (do_decipher): Adjust for change. + + * iso7816.c (iso7816_put_data, iso7816_put_data_odd): Turn DATA + into a void ptr. + +2009-08-05 Werner Koch + + * app-openpgp.c (change_keyattr_from_string): New. + (do_setattr): Support KEY-ATTR. + +2009-07-29 Marcus Brinkmann + + * ccid-driver.c (print_pr_data): Fix 64 bit compat problem. + +2009-07-24 Werner Koch + + * ccid-driver.c (parse_ccid_descriptor): Enable hack for SCR 3320. + +2009-07-21 Werner Koch + + * ccid-driver.c [HAVE_PTH]: Include pth.h. + (my_sleep): New. + (bulk_in): s/gnupg_sleep/my_sleep/. + +2009-07-20 Werner Koch + + * apdu.c [GNUPG_MAJOR_VERSION==1]: Include dynload.h. + +2009-07-16 Werner Koch + + * command.c (update_reader_status_file): Test for unplugged reader. + (TEST_CARD_REMOVAL): Ditto. + * app.c (select_application): Ditto. + * ccid-driver.c (bulk_out): Return CCID_DRIVER_ERR_NO_READER if a + reader was unplugged. + (struct ccid_driver_s): Turn nonnull_nad into an unsigned char. + Turn apdu_level, auto_ifsd, powered_off, has_pinpad into + bitfields. Add enodev_seen. + * apdu.c (apdu_prepare_exit): New. + (get_status_ccid): Return the status word and nut just -1. + * scdaemon.c (scd_exit): Call it. + +2009-07-13 Werner Koch + + * ccid-driver.c (struct ccid_driver_s): Add fields last_progress, + progress_cb and progress_cb_arg. + (ccid_set_progress_cb): New. + (print_progress): New. + (ccid_transceive): Call print_progress for wait time extensions. + * apdu.c (struct reader_table_s): Add field set_progress_cb. + (new_reader_slot): Clear that field. + (open_ccid_reader): Set it to .. + (set_progress_cb_ccid_reader): ... new fucntion. + * app.c (print_progress_line): New. + (lock_reader): Add arg CTRL to set a progress callback and + change all callers to provide it. + (unlock_reader): Remove the progress callback. + +2009-07-10 Werner Koch + + * iso7816.c (iso7816_compute_ds): Add args EXTENDED_MODE and LE. + Change all callers to use 0. + (iso7816_internal_authenticate): Add args EXTENDED_MODE and LE. + * app-openpgp.c (do_sign): Take exmode and Le from card + capabilities and pass them to iso7816_compute_ds. + (do_auth): Ditto for iso7816_internal_authenticate. + (change_keyattr): Reset CHV verification status. + +2009-07-09 Werner Koch + + * app-openpgp.c (change_keyattr): New. + (do_writekey): Call it. + + * app-openpgp.c (does_key_exist): Add arg GENERATING. Change + callers. + +2009-06-30 Werner Koch + + * ccid-driver.c (ccid_transceive): Set RESYNCING flag. + +2009-06-29 Werner Koch + + * ccid-driver.c (ccid_transceive): Add a hack to support extended + length for Omnikey readers. + (is_exlen_apdu): New. + (parse_ccid_descriptor): Track short+extended apdu exchange level. + +2009-06-18 Werner Koch + + * app-openpgp.c (verify_chv2): Remove special case for v2 cards. + (get_public_key): Use extended mode. + +2009-06-17 Werner Koch + + * iso7816.c (iso7816_get_data): Add arg EXTENDED_MODE. Change all + callers. + * app-openpgp.c (data_objects): Use bit flags. Add flag + TRY_EXTLENGTH. + (get_cached_data): Add arg TRY_EXTLEN and use it for iso7816_get_data. + (get_one_do): Use extended length APDU if necessary. + +2009-06-10 Werner Koch + + * app-openpgp.c (store_fpr): Change first arg to app_t; adjust + callers. Flush the cache. + +2009-06-09 Werner Koch + + * app-openpgp.c (do_readcert): Return NOT_FOUND if the retrieved + data has a length of zero. + (do_getattr): Add EXTCAP subkey "sm". + +2009-05-20 Werner Koch + + * app-openpgp.c (verify_chv2): Add case for v2 cards. + (verify_chv3): Factor some code out to .. + (build_enter_admin_pin_prompt): .. new. + (do_change_pin): Properly handle v2 cards. + +2009-05-19 Werner Koch + + * scdaemon.c (create_server_socket): Use SUN_LEN. + (JNLIB_NEED_AFLOCAL): Define. + +2009-05-13 Werner Koch + + * ccid-driver.c (abort_cmd): Add arg SEQNO and change callers. + (bulk_in): Retry on seqno mismatch. + + * apdu.c (send_le): Release result_buffer. + (apdu_send_direct): Implemend extended length. + * command.c (cmd_apdu): Add option "--exlen". + +2009-05-11 Werner Koch + + * apdu.c (send_le): Replace log_error by log_info. + +2009-05-08 Werner Koch + + * app-openpgp.c (do_genkey): Allow larger key sizes. + (do_decipher): Ditto. + * iso7816.c (do_generate_keypair): Add arg EXTENDED_MODE an LE. + (iso7816_generate_keypair, iso7816_read_public_key): Ditto. + Changed all callers. + * apdu.c (send_le): Implement extended length return values. + + * ccid-driver.c (bulk_in): Retry on EAGAIN. + (abort_cmd): Change seqno handling. + +2009-04-28 Werner Koch + + * app-help.c (app_help_count_bits): New. + + * app-nks.c (switch_application): Detect mass signature cards. + Take care of new NEED_APP_SELECT flag. + (do_sign): Don't allow mass signature cards. + (all_zero_p): New. + (do_readkey): New. + (app_select_nks): Register do_readkey. + +2009-04-01 Werner Koch + + * app-openpgp.c (do_setattr, do_writekey): Prepare for extended + length cards. + +2009-03-31 Werner Koch + + * command.c (percent_plus_unescape): Remove. + (cmd_setattr): Use percent_plus_unescape_inplace. + +2009-03-30 Werner Koch + + * app-nks.c (do_decipher): Make it work for TCOS 3. + * iso7816.c (iso7816_decipher): Add arg EXTENDED_MODE. + * apdu.c (apdu_send): Add arg EXTENDED_MODE and change all callers. + (apdu_send_le): Ditto. + (apdu_send_direct): Ditto, but not yet functional. + (send_le): Fix command chaining. Implement extended length option. + * ccid-driver.c (ccid_transceive): Remove restriction on apdu length. + (struct ccid_driver_s): Add field IFSC. + (ccid_get_atr): Set IFSC. + (ccid_transceive): Use negotiated IFSC and support S(IFS) command. + +2009-03-26 Werner Koch + + * command.c (cmd_pksign): Allow more hash algorithms. + + * scdaemon.h (MAX_DIGEST_LEN): Change to 64. + + * apdu.c (open_ccid_reader): Clear the is_to flag. + + * app-nks.c (filelist): Add field KID. + (do_getattr): Change standard authentication key. + (do_sign): Setup a security environment for TCOS 3 cards and support + all SHA-2 algorithms. + +2009-03-24 Werner Koch + + * command.c (struct server_local_s): Add flag + APP_CTX_MARKED_FOR_RELEASE. + (do_reset): Set the flag. + (open_card): Act on this flag. + * app-common.h (struct app_ctx_s): Add flag NO_REUSE. + (application_notify_card_reset): Set the flag. + * app.c (select_application, release_application): Take care of + that flag. + +2009-03-20 Werner Koch + + * app-nks.c (keygripstr_from_pk_file): Fix for TCOS 3 cards. + +2009-03-18 Werner Koch + + * apdu.c (open_pcsc_reader_wrapped): Use close_all_fds. + + * command.c (cmd_learn): Add option --keypairinfo. + * app.c (app_write_learn_status): Add arg FLAGS. + * app-common.h (struct app_ctx_s): Add arg FLAGS to LEARN_STATUS. + Change all implementors. + * app-p15.c (do_learn_status): Take care of flag bit 0. + * app-nks.c (do_learn_status, do_learn_status_core): Ditto. + +2009-03-10 Werner Koch + + * app-openpgp.c (send_key_attr): New. + (do_getattr): New attribute KEY_ATTR. + * command.c (send_status_direct): New. + +2009-03-06 Werner Koch + + * app-nks.c (do_learn_status): Factor code out to.. + (do_learn_status_core): .. new. + (do_readcert, do_sign, do_decipher): Switch to SigG if needed. + (verify_pin): Use DESC also for keypad based verify. + +2009-03-05 Werner Koch + + * app-openpgp.c (verify_a_chv): Remove special case for keypads. + (verify_chv3): Ditto. + + * app-nks.c (get_chv_status): New. + (parse_pwidstr): New. + (verify_pin): Add args PWID and DESC and use them. Remove the + CHV1 caching. + (do_change_pin): Allow PIN selection and add reset mode. + (do_learn_status): Use NKS-NKS3 tag for TCOS 3 cards. + (do_readcert, do_sign): Allow NKS-NKS3 tag. + +2009-03-04 Werner Koch + + * app-nks.c (do_getattr): New. + (app_select_nks): Register it. + (verify_pin): Factor some code out to... + (basic_pin_checks): New. + (do_change_pin): Call the basic check. + (app_select_nks): Move AID to .. + (aid_nks): .. new. + (aid_sigg): New. + (switch_application): New. + (do_getattr, do_learn_status, do_readcert, do_sign, do_decipher) + (do_change_pin, do_check_pin): Make sure we are in NKS mode. + +2009-03-03 Werner Koch + + * command.c (scd_command_handler): Remove dereference of STOPME + after free. + +2009-02-27 Werner Koch + + * app.c (get_supported_applications): New. + * command.c (cmd_getinfo): New subcommand "app_list" + (cmd_killscd): New. + (register_commands): Register command KILLSCD. + (struct server_local_s): Add field STOPME. + (scd_command_handler): Act upon this. + +2009-02-25 Werner Koch + + * apdu.c (apdu_get_status): Factor all code out to ... + (apdu_private_get_status): .. new. Add arg NO_ATR_RESET. + (apdu_connect): Call new function. + + * scdaemon.c: New option --debug-log-tid. + (tid_log_callback): New. + (main): Move debug-wait code after debug stream init. + +2009-02-24 Werner Koch + + * ccid-driver.c (ccid_get_atr): Move debug output to .. + (print_r2p_parameters): .. new. + (print_r2p_header, print_pr_data, print_r2p_unknown) + (print_r2p_datablock, print_r2p_slotstatus, print_r2p_escape) + (print_r2p_datarate): New. + (bulk_in): Call parameter printing. + (ccid_set_debug_level): Add debug level 3. + (convert_le_u16): New. + (print_p2r_header, print_p2r_iccpoweron, print_p2r_iccpoweroff) + (print_p2r_getslotstatus, print_p2r_xfrblock) + (print_p2r_getparameters, print_p2r_resetparameters) + (print_p2r_setparameters, print_p2r_escape, print_p2r_iccclock) + (print_p2r_to0apdu, print_p2r_secure, print_p2r_mechanical) + (print_p2r_abort, print_p2r_setdatarate, print_r2p_unknown): New. + (bulk_out): Add arg NO_DEBUG and change all callers to pass 0. + Call parameter printing. + (ccid_slot_status): Call with NO_DEBUG set. + (abort_cmd, send_escape_cmd, ccid_get_atr, ccid_get_atr) + (ccid_transceive_apdu_level, ccid_transceive) + (ccid_transceive_secure): Remove old debug print code. + +2009-02-12 Werner Koch + + * command.c (cmd_getinfo): Add new subcommand "deny_admin". + +2009-01-28 Werner Koch + + * scdaemon.c (main): Make --allow-admin the default and make the + option a dummy. + +2009-01-27 Werner Koch + + * app-geldkarte.c: Changed to use an AID. + + * app.c (app_munge_serialno): Add case for no serialno. + (app_get_serial_and_stamp): Ditto. + +2009-01-26 Werner Koch + + * app-geldkarte.c: New. + * Makefile.am (card_apps): Add new file. + * app.c (select_application): Test for geldkarte. + +2009-01-12 Werner Koch + + * command.c (send_client_notifications) [HAVE_W32_SYSTEM]: Fix + brackets. + +2009-01-08 Werner Koch + + * iso7816.c (iso7816_read_record, iso7816_read_binary): Pass 0 for + L_e because the problem with the CCID driver has gone. + (iso7816_apdu_direct): New. + + * app-nks.c (filelist): Add NKS_VER field. Add NKS 3 specific + entries. + (app_local_s, do_deinit): New. + (get_nks_version): New. + (app_select_nks): Setup local data. + (keygripstr_from_pk_file): Replace SLOT by APP and take care of + NKS version > 2. + (do_learn_status): Take care of NKS version. + +2009-01-05 Werner Koch + + * apdu.c (apdu_get_status): Save the last status. + +2008-12-18 Werner Koch + + * ccid-driver.c (abort_cmd): New. + (bulk_in): Call abort_cmd after severe errors. + + * apdu.c (reader_table_s): Add field ANY_STATUS. + (new_reader_slot): Clear it. + (apdu_get_status): Use ANY_STATUS to update the change counter. + Remove the use of the flag bit from LAST_STATUS everywhere. + * command.c (update_reader_status_file): Factor code out to ... + (send_client_notifications): New. Track signals already sent. + (update_reader_status_file): Shutdown the reader after a failed + apdu_get_status. + +2008-12-09 Werner Koch + + * scdaemon.c (main): Call i18n_init before init_common_subsystems. + +2008-12-08 Werner Koch + + * scdaemon.c (handle_connections): Sync ticker to the next full + interval. + (TIMERTICK_INTERVAL_USEC): Change to 500ms. + +2008-12-05 Werner Koch + + * app-openpgp.c (app_local_s): Add field ALGO_ATTR_CHANGE. + (app_select_openpgp): Parse new capability. + (show_caps): Show new capability. + +2008-12-03 Werner Koch + + * scdaemon.c (opts): Use ARGPARSE_ macros. Add option + --card-timeout. + * command.c (update_reader_status_file): Implement it. + +2008-11-18 Werner Koch + + * scdaemon.c (make_libversion): New. + (my_strusage): Print libgcrypt and libksba version. + +2008-11-03 Werner Koch + + * command.c (server_local_s): Add field DISCONNECT_ALLOWED. + (cmd_disconnect): Implement command. + (open_card): Reset disconnect flag. + (update_reader_status_file): Disconnect if allowed. + + * app-common.h (app_ctx_s): Remove INITIALIZED. Make REF_COUNT + unsigned. + * app.c (select_application): Remove INITIALIZED. + (app_write_learn_status, app_readcert, app_readkey, app_getattr) + (app_setattr, app_sign, app_decipher, app_writecert) + (app_writekey, app_get_challenge, app_change_pin, app_check_pin): + Replace INITIALIZED by REF_COUNT check. + (application_notify_card_removed): Rename to .. + (application_notify_card_reset): .. this. Change all callers. + * command.c (do_reset): Call application_notify_card_reset after + sending a reset. + (update_reader_status_file): Add arg SET_CARD_REMOVED. + (scd_update_reader_status_file): Pass true for new flag. + (do_reset): Pass false for new flag. + + * app.c (app_get_serial_and_stamp): Use bin2hex. + * app-help.c (app_help_get_keygrip_string): Ditto. + * app-p15.c (send_certinfo, send_keypairinfo, do_getattr): Ditto. + * app-openpgp.c (send_fpr_if_not_null, send_key_data) + (retrieve_fpr_from_card, send_keypair_info): Ditto. + * app-nks.c (keygripstr_from_pk_file): Ditto. + * command.c (cmd_apdu): Ditto. + +2008-10-21 Marcus Brinkmann + + * command.c (open_card): If connect error is SW_HOST_NO_CARD, + return a more descriptive error. + +2008-10-20 Werner Koch + + * pcsc-wrapper.c (read_32): Use provided arg and not stdin. Is + called with stdin, though. + (handle_close): Mark unused arg. + (handle_status, handle_reset): Ditto. + + * ccid-driver.c (ccid_check_card_presence): Mark not yet used arg. + + * scdaemon.c (scd_deinit_default_ctrl): Mark unused arg. + * command.c (cmd_unlock, cmd_restart, cmd_disconnect): Ditto. + * apdu.c (ct_get_status): Ditto. + (ct_send_apdu, pcsc_send_apdu_wrapped) + (apdu_open_remote_reader): Ditto. + * app.c (select_application): Ditto. + * app-openpgp.c (do_writecert, do_change_pin, do_writekey): Ditto. + * app-nks.c (do_change_pin, do_check_pin): Ditto. + +2008-10-16 Werner Koch + + * command.c (cmd_disconnect): New dummy command. + (register_commands): Register command. + +2008-10-15 Werner Koch + + * command.c (scd_command_handler): Return true if there is no more + active session. + * scdaemon.c (start_connection_thread): Set shutdown flag if + requested by command handler. + (main): Make PIPE_SERVER module global. + (handle_connections): Disable listen_fd if a shutdown is pending. + +2008-10-14 Werner Koch + + * apdu.c (reader_table_s): Add fields connect_card and + disconnect_card. + (new_reader_slot): Set them to NULL. + (apdu_connect, apdu_disconnect): New. + (apdu_close_reader, apdu_shutdown_reader): Call apdu_disconnect. + (connect_pcsc_card, disconnect_pcsc_card): new. + (reset_pcsc_reader_direct): Implement in terms of + disconnect_pcsc_card and connect_pcsc_card. + (apdu_get_atr): Return NULL if there is no ATR. + * sc-copykeys.c (main): Add call to apdu_connect. + * command.c (open_card): Ditto. + + * apdu.h (SW_HOST_ALREADY_CONNECTED): New. + (APDU_CARD_USABLE, APDU_CARD_PRESENT, APDU_CARD_ACTIVE): New. + * apdu.c: Replace constants by the new macros. + (open_pcsc_reader): Factor code out to ... + (open_pcsc_reader_direct, open_pcsc_reader_wrapped): New. + (reset_pcsc_reader): Factor code out to ... + (reset_pcsc_reader_direct, reset_pcsc_reader_wrapped): New. + (pcsc_get_status): Factor code out to ... + (pcsc_get_status_direct, pcsc_get_status_wrapped): New. + (pcsc_send_apdu): Factor code out to ... + (pcsc_send_apdu_direct, pcsc_send_apdu_wrapped): New. + (close_pcsc_reader): Factor code out to ... + (close_pcsc_reader_direct, close_pcsc_reader_wrapped): New. + + * command.c (update_reader_status_file): Open the reader if not + yet done. + + * scdaemon.c (TIMERTICK_INTERVAL_SEC, TIMERTICK_INTERVAL_USEC): + New to replace TIMERTICK_INTERVAL. Chnage from 2s (4 under W32) + to 250ms. + +2008-10-13 Werner Koch + + * command.c (option_handler) [W32]: Use strtoul with base 16. + (update_reader_status_file) [W32]: Set Event. + (scd_command_handler): Use INT2FD to silent warning. + +2008-09-29 Werner Koch + + * scdaemon.h (GCRY_MD_USER): Rename to GCRY_MODULE_ID_USER. + (GCRY_MD_USER_TLS_MD5SHA1): Rename to MD_USER_TLS_MD5SHA1 and + change all users. + +2008-09-28 Marcus Brinkmann + + * apdu.c (pcsc_get_status): Fix last change. + +2008-09-25 Werner Koch + + * app-openpgp.c (do_setattr): Do not allow setting of the reset + code. + (do_change_pin): Allow setting of the reset code. + +2008-09-24 Werner Koch + + * app-openpgp.c (verify_chv3): Set the did_chv3 flag which was + accidently removed on 2008-03-26. + (verify_chv2): Revert last change. + (do_change_pin): Do not change CHV2. Add reset code logic for v2 + cards. + * iso7816.c (iso7816_reset_retry_counter_with_rc): New. + + * app-openpgp.c (add_tlv, build_privkey_template): New. + (do_writekey): Support v2 keys and other key lengths than 1024. + * iso7816.c (iso7816_put_data_odd): New. + +2008-09-23 Werner Koch + + * app-openpgp.c (do_sign): Support SHA-2 digests. + (verify_chv2): No CHV auto-sync for v2 cards. + (do_auth): Allow 2048 bit keys. + (parse_algorithm_attribute): New. + (rsa_key_format_t): New. + (struct app_local_s): Add struct KEYATTR. + +2008-09-23 Marcus Brinkmann + + * apdu.c (pcsc_get_status): Be more relaxed with the usable flag + under Windows. + +2008-09-23 Werner Koch + + * app-openpgp.c (do_setattr): Use command chaining for long + values. + * iso7816.c (iso7816_put_data): Add arg EXTENDED_MODE. Change all + callers. + * apdu.c (apdu_send_simple): Add arg EXTENDED_MODE. Change all + callers. + (send_le): Implement command chaining. + * ccid-driver.c (ccid_transceive_apdu_level): Increase allowed + APDU size. + (ccid_transceive): Alow for APDUS of up to 259 bytes. + * apdu.h: Add new SW_ codes. + +2008-09-16 Werner Koch + + * command.c (cmd_writecert): New. + (register_commands): Register it. + * app-common.h (app_ctx_s): Add member WRITECERT. + * app.c (app_writecert): New. + * app-openpgp.c (do_writecert): New. + (parse_historical): New. + (show_extcap): New. + (dump_all_do): Print only the length of longs DOs. + * command.c (cmd_writekey, cmd_apdu, cmd_pksign) + (cmd_passwd): Replace open coding by skip_options. + +2008-08-30 Moritz + + * scdaemon.c (main): Use estream_asprintf instead of asprintf. + * command.c (update_reader_status_file): Likewise. + (cmd_serialno): Use estream_asprintf instead of asprintf + and xfree instead of free to release memory allocated + through (estream_)asprintf. + (cmd_learn): Likewise. + (pin_cb): Likewise. + * app-openpgp.c (get_public_key): Likewise. + +2008-08-18 Werner Koch + + * app-openpgp.c (do_setattr): Fix test for v2 cards. + +2008-08-11 Werner Koch + + * apdu.c (reset_pcsc_reader, open_pcsc_reader) + (reset_rapdu_reader, open_rapdu_reader): Allow ATRs of up to 33 + bytes. Provide maximum size of ATR buffer using DIM. Such long + ATR are never seen in reality but the PC/SC library of MAC OS X is + just too buggy. Reported by Ludovic Rousseau. Fixes bug #948. + +2008-07-30 Werner Koch + + * app-openpgp.c (verify_a_chv): Use xtrymalloc and make the prompt + for CHV2 more user friendly. + +2008-07-03 Werner Koch + + * app-openpgp.c (do_readcert): New. + (app_local_s): Add fields IS_V2 and MAX_CERTLEN_3. + (app_select_openpgp): Set them and register do_readcert. + (do_setattr): Allow storing of the certificate. + +2008-06-25 Werner Koch + + * app-dinsig.c (do_sign): Allow for SHA256. + +2008-06-24 Werner Koch + + * app-common.h (app_ctx_s): Renamed reset_mode parameter of + change_pin to mode_Flags and make it an unsigned int. + (APP_CHANGE_FLAG_RESET, APP_CHANGE_FLAG_NULLPIN): New. + * app-openpgp.c (do_change_pin): Adjust for that. + + * command.c (cmd_passwd): Add option --nullpin. + * app-nks.c (do_check_pin, do_change_pin): New. + (app_select_nks): Register new functions. + +2008-04-21 Moritz Schulte (wk) + + * app-openpgp.c (verify_a_chv): Make use of the default CHV flag. + +2008-03-26 Werner Koch + + * app-openpgp.c (verify_chv3): Support the keypad. + +2008-02-09 Marcus Brinkmann + + * scdaemon.c (main): Use CONFIG_FILENAME as filename if it is set + in gpgconf-list output. + +2007-12-10 Werner Koch + + * app-openpgp.c (do_decipher): Take care of cryptograms shorter + that 128 bytes. Fixes bug#851. + +2007-11-14 Werner Koch + + * scdaemon.c (main): Pass STANDARD_SOCKET flag to + create_server_socket. + +2007-11-13 Werner Koch + + * scdaemon.c (start_connection_thread): Do not call + assuan_sock_check_nonce if we are running in --server mode. + +2007-11-07 Werner Koch + + * scdaemon.h: Remove errors.h. + +2007-10-02 Werner Koch + + * command.c (cmd_getinfo): Add "pid" subcommand. + +2007-10-01 Werner Koch + + * scdaemon.c (create_server_socket): Use Assuan socket wrappers + and remove Windows specific code. + (socket_nonce): New. + (start_connection_thread): Check nonce. + +2007-09-14 Marcus Brinkmann + + * scdaemon.c (main): New variable STANDARD_SOCKET, which is 1 for + W32 targets. Use it for create_socket_name. + +2007-08-07 Werner Koch + + * tlv.c, tlv.h: Move to ../common/. + +2007-08-02 Werner Koch + + * scdaemon.c: Include gc-opt-flags.h and remove their definition + here. + +2007-08-01 Werner Koch + + * apdu.c (send_le): Implement exact length hack. Suggested by + Sten Lindgren. + +2007-07-05 Werner Koch + + * command.c (has_option_name, skip_options): New. + (cmd_genkey): Add option --timestamp. + (cmd_writekey): Enter confidential mode while inquiring the key data. + + * app.c (app_genkey): Add arg CREATETIME. + * app-common.h (app_ctx_s): Likewise + * app-openpgp.c (do_genkey): Ditto. Use it. + + +2007-07-04 Werner Koch + + * command.c (cmd_getinfo): New subcommand "version". + + * scdaemon.c (TIMERTICK_INTERVAL): New. + (handle_connections) [W32]: Enable a dummy sigs event. + (handle_connections): Use a proper count for select and not + FD_SETSIZE. + (fixed_gcry_pth_init, main): Kludge to fix pth initialization. + +2007-06-21 Werner Koch + + * scdaemon.h (ctrl_t): Remove. It is now declared in ../common/util.h. + +2007-06-18 Marcus Brinkmann + + * scdaemon.c (main): Percent escape output of --gpgconf-list. + +2007-06-12 Werner Koch + + * scdaemon.c (main): Replace some calls by init_common_subsystems. + +2007-06-11 Werner Koch + + * Makefile.am (scdaemon_LDADD): Use libcommonpth macro. + + * command.c (initialize_module_command): New. + * scdaemon.c (main) [W32]: Do not use sigpipe code. + (main): Call initialize_module_command. + +2007-06-06 Werner Koch + + * app-openpgp.c (do_sign): Fix arithmetic on void*. + + * app.c (dump_mutex_state) [W32]: Handle the W32Pth case. + + * apdu.c: Remove dynload.h. + + * scdaemon.c (i18n_init): Remove. + +2007-04-20 Werner Koch + + * sc-copykeys.c (my_gcry_logger): Removed. + (main): Call setup_libgcrypt_logging helper. + * scdaemon.c (my_gcry_logger): Removed. + (main): Call setup_libgcrypt_logging helper. + +2007-04-03 Werner Koch + + * command.c (cmd_getinfo): New subcommand "reader_list". + * ccid-driver.c (scan_or_find_devices): Ignore EBUSY in scan mode + for special transports. + +2007-03-07 Werner Koch + + * app-dinsig.c: Include i18n.h. + (verify_pin): Support PIN pads. + * app-nks.c (verify_pin): Ditto. + + * ccid-driver.c (bulk_in): Handle time extension before checking + the message type. + (ccid_transceive_secure): Support the Cherry XX44 keyboard. + Kudos to the nice folks at Cherry for helping with that. + +2007-02-18 Werner Koch + + * scdaemon.c (DEFAULT_PCSC_DRIVER): Add a default for OS X. + +2007-01-25 Werner Koch + + * Makefile.am (scdaemon_LDADD): Added LIBICONV. Noted by Billy + Halsey. + +2006-12-21 Werner Koch + + * app-openpgp.c (verify_chv2): Factored most code out into... + (verify_a_chv): ... new. + (do_sign): Factored verification code out to new function and + take care of a keypad entered PIN. + (compare_fingerprint): Print an additional diagnostic. + +2006-11-28 Werner Koch + + * apdu.c (send_le, apdu_send_direct): Increase RESULTLEN to 258 to + allow for full 256 byte and the status word. This might break + some old PC/SC drivers or cards, but we will see. Suggested by + Kenneth Wang. + +2006-11-23 Werner Koch + + * command.c (scd_command_handler): Fixed use of CTRL. + +2006-11-21 Werner Koch + + * Makefile.am (libexec_PROGRAMS): Put pscs-wrapper into libexec. + Renamed to gnupg-pcsc-wrapper. + * apdu.c (open_pcsc_reader): Use GNUPG_LIBEXECDIR to accces the + wrapper. Suggested by Eric Dorland. + +2006-11-20 Werner Koch + + * app-openpgp.c (verify_chv2): Support for keypads (only CHV2). + + * ccid-driver.c (ccid_transceive_secure): Made it work for Kaan + and SCM. + +2006-11-17 Werner Koch + + * ccid-driver.c (scan_or_find_devices): Use DEBUGOUT_2 instead of + log_debug. Removed few other log_debug. + + * iso7816.c (iso7816_check_keypad): Allow for a SW of 0. + + * command.c (pin_cb): New mode to prompt for a keypad entry. + + * scdaemon.c (main) : Add disable-keypad. + +2006-11-15 Werner Koch + + * app-p15.c (read_ef_odf): Cast one printf arg. + + * scdaemon.h (struct server_control_s): Add field THREAD_STARTUP. + * command.c (scd_command_handler): Add new arg CTRL. + * scdaemon.c (scd_init_default_ctrl): Made static. + (scd_deinit_default_ctrl): New. + (start_connection_thread): Call init/deinit of ctrl. + (handle_connections): Allocate CTRL. + + * apdu.c (PCSC_ERR_MASK): New. + (reset_pcsc_reader, pcsc_get_status, pcsc_send_apdu) + (close_pcsc_reader, open_pcsc_reader): Use it after shifting error + values. Reported by Henrik Nordstrom. Fixes bug #724. + +2006-10-24 Werner Koch + + * scdaemon.h (GCRY_MD_USER_TLS_MD5SHA1): New. + (MAX_DIGEST_LEN): Increased to 36. + * app-p15.c (do_sign): Support for TLS_MD5SHA1. + (do_auth): Detect TLS_MD5SHA1. + (do_sign): Tweaks for that digest. + +2006-10-23 Werner Koch + + * scdaemon.c (main): New command --gpgconf-test. + +2006-10-17 Werner Koch + + * Makefile.am (scdaemon_LDADD): Link against libcommonpth. + +2006-10-12 Werner Koch + + * apdu.c: Include pth.h after unistd.h for the sake of newer Pth + versions. + +2006-10-11 Werner Koch + + * app-openpgp.c (do_sign): Redirect to do_auth for OpenPGP.3. + +2006-10-06 Werner Koch + + * Makefile.am (AM_CFLAGS): Use PTH version of libassuan. + (scdaemon_LDADD): Ditto. + + * scdaemon.h (send_status_info): Mark with sentinel attribute. + +2006-10-02 Marcus Brinkmann + + * command.c (update_reader_status_file): Increase buffer of + NUMBUF2 (fixing typo). + +2006-09-24 Marcus Brinkmann + + * app-openpgp.c (do_sign): Advance INDATA by the SHA1 resp. RMD160 + prefix length. + +2006-09-14 Werner Koch + + Replaced all call gpg_error_from_errno(errno) by + gpg_error_from_syserror(). + + * command.c (scd_command_handler): Replaced + init_connected_socket_server by init_socket_server_ext. + +2006-09-07 Werner Koch + + * command.c (update_reader_status_file): Execute an event handler + if available. + +2006-09-06 Werner Koch + + * apdu.c (pcsc_end_transaction): + * pcsc-wrapper.c (pcsc_end_transaction: Fixed dclaration. + Reported by Bob Dunlop. + + * scdaemon.h (CTRL,APP): Removed and changed everywhere to + ctrl_t/app_t. + + Replaced all Assuan error codes by libgpg-error codes. Removed + all map_to_assuan_status and map_assuan_err. + + * scdaemon.c (main): Call assuan_set_assuan_err_source to have Assuan + switch to gpg-error codes. + * command.c (set_error): Adjusted. + +2006-09-02 Marcus Brinkmann + + * command.c (get_reader_slot): Return the slot_table index, not + the APDU slot number. + (update_reader_status_file): Use the slot_table index in the + update_card_removed invocation. + +2006-09-01 Marcus Brinkmann + + * command.c (cmd_getinfo): Handle status command. + +2006-08-30 Marcus Brinkmann + + * command.c (do_reset): Delay resetting CTRL->reader_slot until + after update_card_removed invocation. + +2006-08-28 Marcus Brinkmann + + * app-openpgp.c (do_decipher, do_sign): Allow "OPENPGP.2" + resp. "OPENPGP.1" for KEYIDSTR. + +2006-08-21 Werner Koch + + * pcsc-wrapper.c (handle_open, handle_close): Reset card and + protocol on error/close. + (handle_status): Don't set the state if the state is unknown. + (handle_reset): Ignore an error if already disconnected. May + happen due to system wake-up after hibernation. Suggested by Bob + Dunlop. + +2006-06-28 Werner Koch + + * app-openpgp.c (do_writekey): Fixed computation of memmove + length. This led to garbled keys if E was larger than one byte. + Thanks to Achim Pietig for hinting at the garbled E. + +2006-06-09 Marcus Brinkmann + + * Makefile.am (scdaemon_LDADD): Add $(NETLIBS). + +2006-04-14 Marcus Brinkmann + + * app.c (select_application): Cover up a slot mismatch error in + case it happens (it shouldn't happen). + (release_application): Use APP->slot. Lock the reader. + (application_notify_card_removed): Lock the reader. + +2006-04-11 Werner Koch + + * command.c (hex_to_buffer): New. + (cmd_apdu): New. + +2006-04-03 Werner Koch + + * scdaemon.c [__GLIBC__]: Default to libpcsclite.so.1. + +2006-03-21 Werner Koch + + * command.c (cmd_pksign): Add --hash option. + +2006-03-01 Werner Koch + + * command.c (status_file_update_lock): New. + (scd_update_reader_status_file): Use lock and factor existing code + out to .. + (update_reader_status_file): .. this. + (do_reset): Use the lock and call update_reader_status_file. + +2006-02-20 Werner Koch + + * apdu.c (open_pcsc_reader): Fixed double free. Thanks to Moritz. + +2006-02-09 Werner Koch + + * command.c (get_reader_slot, do_reset) + (scd_update_reader_status_file): Rewrote. + + * app.c (release_application): Factored code out to .. + (deallocate_app): new function. + (select_application): Introduce new saved application stuff. + (application_notify_card_removed): New. + * command.c (update_card_removed): Call it here. + (do_reset): And here. + + * app.c (check_application_conflict): New. + * command.c (open_card): Use it here. + (cmd_restart): New command. + + * command.c (cmd_lock): Fixed --wait option to actually terminate. + +2006-02-08 Werner Koch + + * ccid-driver.c (ccid_get_atr): Read Parameter and select T=1 + using these parameters. + (scan_or_find_devices): Check for NULL r_fd. + +2006-02-02 Werner Koch + + * ccid-driver.c (special_transport): New + (ccid_open_reader, do_close_reader, ccid_shutdown_reader) + (bulk_out, bulk_in): Add support for CardMan 4040 reader. + + * ccid-driver.c (scan_or_find_devices): Factored most code out to + (scan_or_find_usb_device): .. new. + (make_reader_id): Fixed vendor mask. + +2006-01-01 Werner Koch + + * app-openpgp.c (do_sign): Give user error if hash algorithm is + not supported by the card. + +2005-12-06 Werner Koch + + * apdu.c (open_pcsc_reader): Check that pcsc-wrapper is actually + installed. + +2005-11-23 Werner Koch + + * app-nks.c (verify_pin): Give a special error message for a Nullpin. + +2005-10-29 Werner Koch + + * ccid-driver.c (send_escape_cmd): New args RESULT, RESULTLEN and + RESULTMAX. Changed all callers. + (ccid_transceive_escape): New. + +2005-10-27 Werner Koch + + * apdu.c [__CYGWIN__]: Make cygwin environment similar to _WIN32. + Suggested by John P. Clizbe. + * scdaemon.c [__CYGWIN__]: Set default PC/SC driver to winscard.dll. + +2005-10-19 Werner Koch + + * ccid-driver.h (CCID_DRIVER_ERR_NO_KEYPAD): New. + * apdu.h (SW_HOST_NO_KEYPAD): New. + * iso7816.h (struct iso7816_pininfo_s): New. + * iso7816.c (map_sw): Support new code. + (iso7816_check_keypad): New. + (iso7816_verify_kp, iso7816_change_reference_data_kp) + (iso7816_reset_retry_counter_kp): New. Extended versions of the + original functions. + * apdu.c (host_sw_string): Support new code. + (reader_table_s): New field CHECK_KEYPAD. + (new_reader_slot, open_ct_reader, open_pcsc_reader) + (open_ccid_reader, open_rapdu_reader): Initialize it. + (check_ccid_keypad): New. + (apdu_check_keypad): New. + (apdu_send_le): Factored all code out to ... + (send_le): .. new. Takes an additional arg; changed all callers + of the orginal function to use this one with a NULL for the new + arg. + (apdu_send_simple_kp): New. + (ct_send_apdu, pcsc_send_apdu, my_rapdu_send_apdu) + (send_apdu_ccid): New arg PININFO. + (send_apdu_ccid): Use the new arg. + + * scdaemon.c: New option --disable-keypad. + +2005-10-08 Marcus Brinkmann + + * Makefile.am (scdaemon_LDADD): Add ../gl/libgnu.a after + ../common/libcommon.a. + +2005-09-20 Werner Koch + + * app-dinsig.c (verify_pin): Try ISO 9564 BCD encoding. + + * iso7816.c (iso7816_select_application): Add arg FLAGS. Changed + all callers to pass 0. + * app-openpgp.c (app_select_openpgp): But this one requires a + special flag. + + * app-p15.c (app_select_p15): Don't use select application for the + BELPIC. + +2005-09-09 Werner Koch + + * pcsc-wrapper.c (main): Removed bogus free. + + * app-p15.c (do_auth): New. + (do_getattr): New attribs $AUTHKEYID and $DISPSERIALNO. + * app-openpgp.c (do_getattr): Ditto. + +2005-09-08 Werner Koch + + * app-openpgp.c (do_getattr): New key $AUTHKEYID. + +2005-09-06 Werner Koch + + * app-p15.c (do_sign): Tweaked for BELPIC cards. + (read_home_df): New arg R_BELPIC. + (app_select_p15): Set card type for BELPIC. + +2005-09-05 Werner Koch + + * iso7816.c (iso7816_select_path): New. + * app-p15.c (select_ef_by_path): Allow for direct path selection. + (app_select_p15): Try using the Belgian variant of pkcs#15. + (read_home_df): New. + (read_ef_odf): Generalized. + (read_ef_tokeninfo): New. + (read_p15_info): Set serialnumber from TokenInfo. + (app_select_p15): Don't munge serialNumber - that must be done + only once. + + * iso7816.c (iso7816_read_binary): Use Le=0 when reading all + data. Handle 6C00 error and take 6B00 as indication for EOF. + * apdu.h (SW_EXACT_LENGTH_P): New. + * apdu.c (new_reader_slot, reset_pcsc_reader, pcsc_get_status) + (open_pcsc_reader): Set new reader state IS_T0. + (apdu_send_le): When doing T=0 make sure not to send Lc and Le. + Problem reported by Carl Meijer. + (apdu_send_direct): Initialize RESULTLEN. + * pcsc-wrapper.c (handle_status): Return the current protocol as + a new third word. + +2005-08-05 Werner Koch + + * apdu.c (open_rapdu_reader): Set the reader number. + +2005-07-05 Werner Koch + + * app-openpgp.c (do_readkey): Return a mallcoed copy of the key as + required by the description. Thanks to Moritz for tracking this + problem down. + +2005-06-21 Werner Koch + + * scdaemon.c (main): ifdef call to ccid_set_debug_level. + + * apdu.c (reset_pcsc_reader, open_pcsc_reader): Cast size_t to + ulong for printf. + +2005-06-06 Werner Koch + + * scdaemon.c (main): New option --debug-allow-core-dump. + +2005-06-03 Werner Koch + + * scdaemon.c (handle_connections): Make sure that the signals we + are handling are not blocked.Block signals while creating new + threads. + (handle_connections): Include the file descriptor into the name of + the thread. + +2005-06-02 Werner Koch + + * app.c (app_dump_state, dump_mutex_state): New. + * scdaemon.c (handle_signal): Print it on SIGUSR1. + + * app-openpgp.c (do_writekey): Typo fix. + + * command.c (open_card): Check for locked state even if an + application context is available. + + * app-common.h: Add REF_COUNT field. + * app.c (release_application, select_application): Implement + reference counting to share the context beween connections. + + * app.c (lock_reader, unlock_reader): Take SLOT instead of APP as + argument. Changed all callers. + (select_application): Unlock the reader on error. This should fix + the hangs I noticed last week. + + * scdaemon.h: Removed card_ctx_t cruft. + +2005-06-01 Werner Koch + + * scdaemon.c: Include mkdtemp.h. + +2005-05-31 Werner Koch + + * tlv.c [GNUPG_MAJOR_VERSION==1]: Define constants instead of + including a gnupg 1.4 header. + +2005-05-30 Werner Koch + + * tlv.c: Add hack to compile without gpg-error.h when used with + GnuPG 1.4. + +2005-05-23 Werner Koch + + * Makefile.am: Do not build sc-copykeys anymore. + + * app-openpgp.c (app_openpgp_storekey, app_openpgp_readkey) + (app_openpgp_cardinfo): Removed. + + * ccid-driver.c (parse_ccid_descriptor): SCR335 FW version 5.14 is + good. + (do_close_reader): Never do a reset. The caller should instead + make sure that the reader has been closed properly. The new retry + code in ccid_slot_status will make sure that the readersatrts up + fine even if the last process didn't closed the USB connection + properly. + (ccid_get_atr): For certain readers try switching to ISO mode. + Thanks to Ludovic Rousseau for this hint and the magic numbers. + (print_command_failed): New. + (bulk_in): Use it here. Add new arg NO_DEBUG. + (ccid_slot_status): Disabled debugging. + +2005-05-21 Werner Koch + + * scdaemon.c (handle_signal): Print thread info on SIGUSR1. + +2005-05-20 Werner Koch + + * ccid-driver.c: Replaced macro DEBUG_T1 by a new debug level. + (parse_ccid_descriptor): Mark SCR335 firmware version 5.18 good. + (ccid_transceive): Arghhh. The seqno is another bit in the + R-block than in the I block, this was wrong at one place. + + * scdaemon.c: New options --debug-ccid-driver and + --debug-disable-ticker. + + * app-openpgp.c (do_genkey, do_writekey): Factored code to check + for existing key out into .. + (does_key_exist): .. New function. + +2005-05-19 Werner Koch + + * tlv.c (parse_sexp): New. + + * command.c (cmd_writekey): New. + * app.c (app_writekey): New. + * app-common.c (app_t): Add function ptr WRITEKEY. + * app-openpgp.c (do_writekey): New. + + * app-openpgp.c (do_readkey) [GNUPG_MAJOR_VERSION==1]: Return error. + * app-common.h (app_t) [GNUPG_MAJOR_VERSION==1]: Add a field to + store the Assuan context. + +2005-05-17 Werner Koch + + * scdaemon.c: Removed non-pth code paths. + (create_socket_name, create_server_socket): New. Taken from + ../agent/gpg-agent. + (cleanup): Changed to adjust for SOCKET_NAME now being malloced. + (ticker_thread): Always use pth_event_occurred; it is again + defined for all decent PTH versions. + (handle_connections): New. Based on the gpg-agent code. + (start_connection_thread): Ditto. + (ticker_thread): Removed. + (cleanup_sh): Removed. + (main): Run the handler for the pipe server in a separate + thread. This replaces the old ticker thread. + (scd_get_socket_name): New. + * command.c (cmd_getinfo): New command GETINFO. + (scd_command_handler): Renamed argument and changed code to use an + already connected FD. + +2005-05-15 Werner Koch + + * app.c, app-common.h, app-nks.c, app-p15.c, app-dinsig.c + * app-openpgp.c: Change most function return types from int to + gpg_error_t. + * command.c (pin_cb): Ditto. + * sc-copykeys.c (pincb): Ditto. + + * app.c (lock_reader, unlock_reader): New. Changed call handler + wrappers to make use of these functions. + +2005-05-07 Werner Koch + + * ccid-driver.c (do_close_reader): Don't do a reset before close. + Some folks reported that it makes the SCR335 hang less often. + Look at the source on how to re-enable it. + +2005-04-27 Werner Koch + + * app-p15.c (micardo_mse): New. + (do_sign): Call it. + * iso7816.c (iso7816_manage_security_env): Allow passing DATA as + NULL to indicate an empty Lc. + * tlv.c (find_tlv): Check that a found object fits into the + buffer. + (find_tlv_unchecked): New as replacement for the old non-checking + variant. + * app.c (select_application): Keep on using the non-checking + variant. + * app-openpgp.c (get_one_do, dump_all_do): Ditto. + + + Removal of the old OpenSC based code. + + * app-p15.c: New. Basic support for pkcs15 cards without OpenSC. + There are quite a couple of things missing but at least I can use + my old TCOS cards from the Aegypten-1 development for signing. + * app.c (select_application): Detect pkcs15 applications. + * Makefile.am (scdaemon_SOURCES): Removed card.c, card-common.h + and card-p15.c because they are now obsolete. Added app-p15.c. + Removed all OpenSC stuff. + * command.c (do_reset, open_card, cmd_serialno, cmd_learn) + (cmd_readcert, cmd_readkey, cmd_pksign, cmd_pkdecrypt): Removed + all special cases for the old card.c based mechanisms. + * scdaemon.c, apdu.c: Removed all special cases for OpenSC. + +2005-04-20 Werner Koch + + * command.c: Use GPG_ERR_LOCKED instead of EBUSY. + +2005-04-14 Werner Koch + + * app-openpgp.c (retrieve_key_material): Rewritten. Return a + proper error code. + (retrieve_next_token): Removed. + (retrieve_fpr_from_card): Rewritten to make use of DO caching and + to take the KEYNO as arg. + (get_public_key): Renamed variable for clarity. + +2005-04-12 Werner Koch + + Basic support for several sessions. + + * command.c (scd_command_handler): Replace the primary_connection + stuff by a real connection list. Release the local context on + exit. + (scd_update_reader_status_file): Update accordingly. Send signal + to all connections who registered an event signal. + (cmd_lock, cmd_unlock, register_commands): New commands LOCK and + UNLOCK. + (cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt, cmd_setattr) + (cmd_genkey, cmd_passwd, cmd_checkpin): Return an error if reader + is locked. + (do_reset): Handle locking. + (open_card): Ditto. Share the reader slot with other sessions. + (get_reader_slot): New. + (update_card_removed): New. Use it in the TEST_CARD_REMOVAL macro. + +2005-04-07 Werner Koch + + * app-openpgp.c (do_check_pin): Add hack to allow verification of + CHV3. + (get_public_key): Don't use gcry functions to create S-expressions. + (do_deinit, do_readkey, do_genkey, send_keypair_info): Adjust for + above change. + +2005-03-29 Moritz Schulte + + * app-openpgp.c (retrieve_fpr_from_card): New function. + (retrieve_next_token): New function. + (retrieve_key_material): New function. + (get_public_key): Implement retrival of key through expernal + helper (gpg) in case the openpgp card is not cooperative enough. + +2005-03-16 Werner Koch + + * ccid-driver.c (parse_ccid_descriptor): Make SCM workaround + reader type specific. + (scan_or_find_devices): Do not check the interface subclass in the + SPR532 kludge, as this depends on the firmware version. + (ccid_get_atr): Get the Slot status first. This solves the + problem with readers hanging on recent Linux 2.6.x. + (bulk_in): Add argument TIMEOUT and changed all callers to pass an + appropriate one. Change the standard timeout from 10 to 5 seconds. + (ccid_slot_status): Add a retry code with an initial short timeout. + (do_close_reader): Do an usb_reset before closing the reader. + +2005-02-25 Werner Koch + + * app-openpgp.c (get_public_key): Make sure not to return negative + numbers. + (do_sign): Allow passing of indata with algorithm prefix. + (do_auth): Allow OPENPGP.3 as an alternative ID. + + * app.c (app_getattr): Return just the S/N but not the timestamp. + +2005-02-24 Werner Koch + + * app.c (app_getattr): Return APPTYPE or SERIALNO type even if the + application does dot support the getattr call. + + * app-openpgp.c (get_one_do): Never try to get a non cacheable + object from the cache. + (get_one_do): Add new arg to return an error code. Changed all + callers. + (do_getattr): Let it return a proper error code. + + * app.c (select_application): Return an error code and the + application context in an new arg. + * command.c (open_card): Adjusted for that. Don't use the + fallback if no card is present. Return an error if the card has + been removed without a reset. + (do_reset, cmd_serialno): Clear that error flag. + (TEST_CARD_REMOVAL): New. Use it with all command handlers. + (scd_update_reader_status_file): Set the error flag on all changes. + + * scdaemon.c (ticker_thread): Termintate if a shutdown is pending. + + * apdu.c: Added some PCSC error codes. + (pcsc_error_to_sw): New. + (reset_pcsc_reader, pcsc_get_status, pcsc_send_apdu) + (open_pcsc_reader): Do proper error code mapping. + +2005-03-16 Werner Koch + + * ccid-driver.c (parse_ccid_descriptor): Make SCM workaround + reader type specific. + (scan_or_find_devices): Do not check the interface subclass in the + SPR532 kludge, as this depends on the firmware version. + (ccid_get_atr): Get the Slot status first. This solves the + problem with readers hanging on recent Linux 2.6.x. + +2005-02-22 Werner Koch + + * app-openpgp.c (app_local_s): New field PK. + (do_deinit, do_genkey, app_openpgp_storekey): Clear it. + (get_public_key, send_keypair_info): New. + (do_learn_status): Send KEYPAIR info + + * app-common.h (app_ctx_t): Add function pointer READKEY. + * app.c (app_readkey): New. + * command.c (cmd_readkey): Use READKEY function if possible. + +2005-01-26 Werner Koch + + * ccid-driver.c (parse_ccid_descriptor): Need the CSM workaround + also for newer firmware versions. Need to get a list of fixed + firmware versions and use that. + +2005-01-25 Werner Koch + + * apdu.c (apdu_send_le, apdu_send_direct): Fix some compiler + warnings. + + * app-openpgp.c (get_cached_data): New arg GET_IMMEDIATE to bypass + the cache. Changed all callers. + (get_one_do): Bypass the cache if the value would have been read + directly for v1.1 cards.It makes things a bit slower but obnly for + 1.0 cards and there are not that many cards out in the wild. This + is required to fix a caching bug when generating new keys; as a + side effect of the retrieval of the the C4 DO from the 6E DO the + cached fingerprint will get updated to the old value and later + when signing the generated key the checking of the fingerprint + fails because it won't match the new one. Thanks to Moritz for + analyzing this problem. + (verify_chv3): Removed the CHV status reread logic because we + won't cache the C4 DO anymore. + +2004-12-28 Werner Koch + + * ccid-driver.c (find_endpoint): New. + (scan_or_find_devices): Add new args to return endpoint info and + interface number. + (ccid_open_reader, ccid_shutdown_reader): Take care of these new + args. + (bulk_in, bulk_out): Use the correct endpoints. + (ccid_transceive_apdu_level): New. + (ccid_transceive): Divert to above. + (parse_ccid_descriptor): Allow APDU level exchange mode. + (do_close_reader): Pass the interface number to usb_release_interface. + +2004-12-21 Werner Koch + + * scdaemon.c (main): Use default_homedir(). + +2004-12-18 Werner Koch + + * scdaemon.c (main) [W32]: Remove special Pth initialize.. + + * scdaemon.h (map_assuan_err): Define in terms of + map_assuan_err_with_source. + +2004-12-15 Werner Koch + + * scdaemon.c [W32]: Various hacks to make it run under W32. + + * command.c (scd_update_reader_status_file) [W32]: Don't use kill. + + * apdu.c [W32]: Disable use of pcsc_wrapper. + + * Makefile.am (scdaemon_LDADD): Reorder libs. + (sc_copykeys_LDADD): Add libassuan because it is needed for W32. + +2004-12-06 Werner Koch + + * Makefile.am (pkglib_PROGRAMS): Build only for W32. + +2004-10-22 Werner Koch + + * app-openpgp.c (verify_chv3): The minium length for CHV3 is + 8. Changed string to match the other ones. + +2004-10-21 Werner Koch + + * app-openpgp.c (do_sign): Replace asprintf by direct allocation. + This avoids problems with missing vasprintf implementations in + gnupg 1.4. + + * app-common.h (app_openpgp_storekey: Add prototype. + +2004-10-20 Werner Koch + + * sc-investigate: Removed. + * Makefile.am (sc_investigate): Removed. + + * pcsc-wrapper.c (load_pcsc_driver): Load get_status_change func. + (handle_open): Succeed even without a present card. + (handle_status, handle_reset): New. + + * apdu.c (apdu_open_reader): Load pcsc_get_status_change fucntion. + (pcsc_get_status): Implemented. + (reset_pcsc_reader): Implemented. + (open_pcsc_reader): Succeed even with no card inserted. + (open_ccid_reader): Set LAST_STATUS. + + * iso7816.c (iso7816_select_application): Always use 0 for P1. + +2004-10-18 Werner Koch + + * ccid-driver.c (ccid_get_atr): Reset T=1 state info. + +2004-10-14 Werner Koch + + * app-openpgp.c (parse_login_data): New. + (app_select_openpgp): Call it. + (do_setattr): Reparse it after change. + +2004-10-06 Werner Koch + + * ccid-driver.c (ccid_open_reader): Store the vendor ID. + (ccid_transceive_secure): New. + (parse_ccid_descriptor): Workaround for an SCM reader problem. + +2004-10-04 Werner Koch + + * ccid-driver.c (send_escape_cmd): New. + +2004-09-30 Werner Koch + + * Makefile.am: Adjusted for gettext 0.14. + + * app-openpgp.c (do_sign): Add the error string to the verify + failed messages. + +2004-09-27 Werner Koch + + From gnupg 1.3 + + * app-openpgp.c: Made all strings translatable. + (verify_chv3) [GNUPG_MAJOR_VERSION]: Make opt.allow_admin + available for use in gnupg 2. + (verify_chv3): Reimplemented countdown showing to use only + functions from this module. Flush the CVH status cache on a + successful read. + (get_one_do): Hack to bypass the cache for cards versions > 1.0. + (store_fpr): Store the creation date for card version > 1.0. + + * app-openpgp.c (app_openpgp_storekey): Call flush_cache. + (get_cached_data): Move local data initialization to .. + (app_select_openpgp): .. here. Read some flags for later use. + (do_getattr): New read-only attribute EXTCAP. + + * apdu.c (open_pcsc_reader): Do not print empty reader string. + + * ccid-driver.c (do_close_reader): Factored some code out from ... + (ccid_close_reader): ..here. + (ccid_shutdown_reader): New. + + * apdu.c (apdu_shutdown_reader): New. + (shutdown_ccid_reader): New. + + * apdu.c (open_ccid_reader): New arg PORTSTR. Pass it to + ccid_open_reader. + (apdu_open_reader): Pass portstr to open_ccid_reader. + (apdu_open_reader): No fallback if a full CCID reader id has been + given. + + * ccid-driver.c (ccid_get_reader_list): New. + (ccid_open_reader): Changed API to take a string for the reader. + Removed al the cruft for the libusb development vesion which seems + not to be maintained anymore and there are no packages anyway. + The stable library works just fine. + (struct ccid_reader_id_s): Deleted and replaced everywhere by a + simple string. + (usb_get_string_simple): Removed. + (bulk_in): Do valgrind hack here and not just everywhere. + + * ccid-driver.c (read_device_info): Removed. + (make_reader_id, scan_or_find_devices): New. + (ccid_open_reader): Simplified by make use of the new functions. + (ccid_set_debug_level): New. Changed the macros to make use of + it. It has turned out that it is often useful to enable debugging + at runtime so I added this option. + + From gnupg 1.3 - David Shaw + + * app-openpgp.c (verify_chv3): Show a countdown of how many wrong + admin PINs can be entered before the card is locked. + + * app-openpgp.c (get_cached_data): Avoid mallocing zero since it + breaks us when using --enable-m-guard. + + * ccid-driver.c (usb_get_string_simple): Replacement function to + work with older libusb. + + * ccid-driver.c (read_device_info): Fix segfault when usb device + is not accessible. + (ccid_open_reader): Allow working with an even older version of + libusb (usb_busses global instead of usb_get_busses()). + +2004-09-11 Werner Koch + + * app-openpgp.c (app_select_openpgp): Its app_munge_serialno and + not app_number_serialno. + +2004-08-20 Werner Koch + + * app.c (select_application): Fixed serial number extraction and + added the BMI card workaround. + (app_munge_serialno): New. + * app-openpgp.c (app_select_openpgp): Try munging serialno. + +2004-08-05 Werner Koch + + * scdaemon.c (main): New option --disable-application. + * app.c (is_app_allowed): New. + (select_application): Use it to check for disabled applications. + + * ccid-driver.h (CCID_DRIVER_ERR_ABORTED): New. + * ccid-driver.c (ccid_open_reader): Support the stable 0.1 version + of libusb. + (ccid_get_atr): Handle short messages. + + * apdu.c (my_rapdu_get_status): Implemented. + +2004-07-27 Moritz Schulte + + * apdu.c: Include . + + * Makefile.am: Use @DL_LIBS@ instead of -ldl. + +2004-07-22 Werner Koch + + * Makefile.am: Make OpenSC lib link after libgcrypt. Do not link + to pth. + * apdu.c: Don't use Pth if we use OpenSC. + * sc-investigate.c, scdaemon.c: Disable use of pth if OpenSC is used. + + * scdaemon.c (main): Bumbed thread stack size up to 512k. + +2004-07-16 Werner Koch + + * apdu.c (reader_table_s): Add function pointers for the backends. + (apdu_close_reader, apdu_get_status, apdu_activate) + (send_apdu): Make use of them. + (new_reader_slot): Intialize them to NULL. + (dump_ccid_reader_status, ct_dump_reader_status): New. + (dump_pcsc_reader_status): New. + (open_ct_reader, open_pcsc_reader, open_ccid_reader) + (open_osc_reader, open_rapdu_reader): Intialize function pointers. + (ct_activate_card, ct_send_apdu, pcsc_send_apdu, osc_send_apdu) + (error_string): Removed. Replaced by apdu_strerror. + (get_ccid_error_string): Removed. + (ct_activate_card): Remove the unused loop. + (reset_ct_reader): Implemented. + (ct_send_apdu): Activate the card if not yet done. + (pcsc_send_apdu): Ditto. + +2004-07-15 Werner Koch + + * ccid-driver.h: Add error codes. + * ccid-driver.c: Implement more or less proper error codes all + over the place. + + * apdu.c (apdu_send_direct): New. + (get_ccid_error_string): Add some error code mappings. + (send_apdu): Pass error codes along for drivers already supporting + them. + (host_sw_string): New. + (get_ccid_error_string): Use above. + (send_apdu_ccid): Reset the reader if it has not yet been done. + (open_ccid_reader): Don't care if the ATR can't be read. + (apdu_activate_card): New. + (apdu_strerror): New. + (dump_reader_status): Only enable it with opt.VERBOSE. + * iso7816.c (map_sw): Add mappings for the new error codes. + +2004-07-02 Werner Koch + + * apdu.c (open_ct_reader, open_pcsc_reader, open_ccid_reader) + (reset_ccid_reader, open_osc_reader): Call dump_reader_status only + in verbose mode. + +2004-07-01 Werner Koch + + * sc-investigate.c: Initialize Pth which is now required. + (interactive_shell): New command "readpk". + + * app-openpgp.c (do_getattr): Fix for sending CA-FPR. + +2004-06-30 Werner Koch + + * app-openpgp.c (app_openpgp_readkey): Fixed check for valid + exponent. + +2004-06-18 Werner Koch + + * sc-investigate.c (my_read_line): Renamed from read_line. + +2004-06-16 Werner Koch + + * apdu.c (osc_get_status): Fixed type in function name. Noted by + Axel Thimm. Yes, I didn't tested it with OpenSC :-(. + +2004-04-28 Werner Koch + + * app-openpgp.c (do_setattr): Sync FORCE_CHV1. + +2004-04-27 Werner Koch + + * app-common.h: Do not include ksba.h for gnupg 1. + +2004-04-26 Werner Koch + + * app-common.h: New members FNC.DEINIT and APP_LOCAL. + * app.c (release_application): Call new deconstructor. + * app-openpgp.c (do_deinit): New. + (get_cached_data, flush_cache_item, flush_cache_after_error) + (flush_cache): New. + (get_one_do): Replaced arg SLOT by APP. Make used of cached data. + (verify_chv2, verify_chv3): Flush some cache item after error. + (do_change_pin): Ditto. + (do_sign): Ditto. + (do_setattr): Flush cache item. + (do_genkey): Flush the entire cache. + (compare_fingerprint): Use cached data. + + * scdaemon.c (main): Do the last change the usual way. This is so + that we can easily test for versioned config files above. + +2004-04-26 Marcus Brinkmann + + * scdaemon.c (main): For now, always print default filename for + --gpgconf-list, and never /dev/null. + +2004-04-21 Werner Koch + + * command.c (scd_update_reader_status_file): Send a signal back to + the client. + (option_handler): Parse the new event-signal option. + + * scdaemon.c (handle_signal): Do not use SIGUSR{1,2} anymore for + changing the verbosity. + +2004-04-20 Werner Koch + + * command.c (scd_update_reader_status_file): Write status files. + + * app-help.c (app_help_read_length_of_cert): Fixed calculation of + R_CERTOFF. + + * pcsc-wrapper.c: New. + * Makefile.am (pkglib_PROGRAMS): Install it here. + * apdu.c (writen, readn): New. + (open_pcsc_reader, pcsc_send_apdu, close_pcsc_reader): Use the + pcsc-wrapper if we are using Pth. + (apdu_send_le): Reinitialize RESULTLEN. Handle SW_EOF_REACHED + like SW_SUCCESS. + +2004-04-19 Werner Koch + + * ccid-driver.c (parse_ccid_descriptor): Store some of the reader + features away. New arg HANDLE + (read_device_info): New arg HANDLE. Changed caller. + (bulk_in): Handle time extension requests. + (ccid_get_atr): Setup parameters and the IFSD. + (compute_edc): New. Factored out code. + (ccid_transceive): Use default NADs when required. + +2004-04-14 Werner Koch + + * scdaemon.h (server_control_s): Add member READER_SLOT. + * scdaemon.c (scd_init_default_ctrl): Initialize READER_SLOT to -1. + * command.c (open_card): Reuse an open slot. + (reset_notify): Just reset the slot if supported by the reader. + (do_reset): Factored code from above out. + (scd_command_handler): Use it for cleanup. + + * apdu.h: New pseudo stati SW_HOST_NOT_SUPPORTED, + SW_HOST_LOCKING_FAILED and SW_HOST_BUSY. + * iso7816.c (map_sw): Map it. + + * ccid-driver.c (ccid_slot_status): Add arg STATUSBITS. + * apdu.c (apdu_get_status): New. + (ct_get_status, pcsc_get_status, ocsc_get_status): New stubs. + (get_status_ccid): New. + (apdu_reset): New. + (reset_ct_reader, reset_pcsc_reader, reset_osc_reader): New stubs. + (reset_ccid_reader): New. + (apdu_enum_reader): New. + + * apdu.c (lock_slot, trylock_slot, unlock_slot): New helpers. + (new_reader_slot) [USE_GNU_PTH]: Init mutex. + (apdu_reset, apdu_get_status, apdu_send_le): Run functions + in locked mode. + + * command.c (scd_update_reader_status_file): New. + * scdaemon.c (handle_tick): Call it. + +2004-04-13 Werner Koch + + * scdaemon.c: Convert to a Pth application. + (handle_signal, ticker_thread, handle_tick): New. + (main): Fire up the ticker thread in server mode. + +2004-03-23 Werner Koch + + * scdaemon.c (main) : Fixed output for pcsc_driver. + +2004-03-17 Werner Koch + + * tlv.c (parse_ber_header): Do not check for tag overflow - it + does not make sense. Simplified the check for length overflow. + + * scdaemon.c (main) : Fixed default value quoting. + +2004-03-16 Werner Koch + + * app-dinsig.c: Implemented. Based on app-nks.c and card-dinsig.c + * app-nks.c (get_length_of_cert): Removed. + * app-help.c: New. + (app_help_read_length_of_cert): New. Code taken from above. New + optional arg R_CERTOFF. + + * card-dinsig.c: Removed. + * card.c (card_get_serial_and_stamp): Do not bind to the old and + never finsiged card-dinsig.c. + + * iso7816.c (iso7816_read_binary): Allow for an NMAX > 254. + +2004-03-11 Werner Koch + + * scdaemon.h (out_of_core): Removed. Replaced callers by standard + gpg_error function. + + * apdu.c, iso7816.c, ccid-driver.c [GNUPG_SCD_MAIN_HEADER]: Allow + to include a header defined by the compiler. This helps us to + reuse the source in other software. + +2004-03-10 Werner Koch + + * iso7816.c (iso7816_read_record): New arg SHORT_EF. Changed all + callers. + +2004-02-18 Werner Koch + + * sc-investigate.c (main): Setup the used character set. + * scdaemon.c (main): Ditto. + + * scdaemon.c (set_debug): New. Add option --debug-level. + (main): Add option --gpgconf-list. + +2004-02-12 Werner Koch + + * Makefile.am: Include cmacros.am for common flags. + +2004-01-29 Werner Koch + + * command.c (reset_notify): Release the application context and + close the reader. + +2004-01-28 Werner Koch + + * iso7816.c (iso7816_manage_security_env): New. + (iso7816_decipher): Add PADIND argument. + +2004-01-27 Werner Koch + + * command.c (cmd_readcert, cmd_readkey): Work on a copy of LINE. + + * app-common.h (app_ctx_s): Added readcert field. + * app.c (app_readcert): New. + * tlv.c (parse_ber_header): Added; taken from libksba. + +2004-01-26 Werner Koch + + * card.c (map_sc_err): Use SCD as the error source. + + * command.c (open_card): ADD arg NAME to allow requesting a + specific application. Changed all callers. + (cmd_serialno): Allow optional argument to select the desired + application. + + * app-nks.c: New. + + * scdaemon.h (opt): Add READER_PORT. + * scdaemon.c (main): Set it here. + * app.c (app_set_default_reader_port): Removed. + (select_application): Add NAME arg and figure out a + default serial number from the GDO. Add SLOT arg and remove all + reader management. + (release_application): New. + (app_write_learn_status): Output an APPTYPE status line. + * command.c (open_card): Adapt for select_application change. + * app-openpgp.c (app_select_openpgp): Removed SN and SNLEN args + and set it directly. Changed all callers. + +2004-01-25 Werner Koch + + * iso7816.c (iso7816_select_application): P1 kludge for OpenPGP + card. + * app-openpgp.c (find_tlv): Factor out this function to .. + * tlv.c, tlv.h: .. new. + + * scdaemon.h: Introduced app_t and ctrl_t as the new types for APP + and CTRL. + +2004-01-21 Werner Koch + + * apdu.c (apdu_send_le): Treat SW_EOF_REACHED as a warning. + +2004-01-20 Werner Koch + + * iso7816.c (iso7816_read_binary): New. + (iso7816_select_file): New. + (iso7816_list_directory): New. + + * sc-investigate.c: Add option -i. + (select_app, read_line, interactive_shell): New. + +2004-01-16 Werner Koch + + * apdu.h: Add SW_FILE_NOT_FOUND. + * iso7816.c (map_sw): Map it to GPG_ERR_ENOENT. + * iso7816.c (iso7816_select_file): New. + + * app-dinsig.c: New file w/o any real code yet. + * Makefile.am (scdaemon_SOURCES,sc_investigate_SOURCES): Add file. + + * sc-investigate.c: Add option --disable-ccid. + +2003-12-19 Werner Koch + + * apdu.c (apdu_send_le): Send a get_response with the indicated + length and not the 64 bytes we used for testing. + + * app-openpgp.c (verify_chv2, verify_chv3, do_sign): Check the + minimum length of the passphrase, so that we don't need to + decrement the retry counter. + +2003-12-17 Werner Koch + + * card-p15.c (p15_enum_keypairs): Replaced KRC by RC. + * card-dinsig.c (dinsig_enum_keypairs): Ditto. + +2003-12-16 Werner Koch + + * scdaemon.c (main): Set the prefixes for assuan logging. + +2003-11-17 Werner Koch + + * scdaemon.c, scdaemon.h: New options --allow-admin and --deny-admin. + * app-openpgp.c (verify_chv3): Check it here. + +2003-11-12 Werner Koch + + Adjusted for API changes in Libksba. + +2003-10-30 Werner Koch + + * apdu.c (close_ct_reader, close_pcsc_reader): Implemented. + (get_ccid_error_string): New. Not very useful messages, though. + +2003-10-25 Werner Koch + + * ccid-driver.c (ccid_open_reader): Return an error if no USB + devices are found. + + * command.c (cmd_genkey, cmd_passwd): Fixed faulty use of + !spacep(). + + * apdu.c (apdu_open_reader): Hacks for PC/SC under Windows. + +2003-10-20 Werner Koch + + * command.c (cmd_checkpin): New. + (register_commands): Add command CHECKPIN. + * app.c (app_check_pin): New. + * app-openpgp.c (check_against_given_fingerprint): New. Factored + out that code elsewhere. + (do_check_pin): New. + +2003-10-10 Werner Koch + + * ccid-driver.c (ccid_close_reader): New. + + * apdu.c (close_ccid_reader, close_ct_reader, close_csc_reader) + (close_osc_reader, apdu_close_reader): New. Not all are properly + implemented yet. + +2003-10-09 Werner Koch + + * ccid-driver.c (ccid_transceive): Add T=1 chaining for sending. + +2003-10-08 Werner Koch + + * app-openpgp.c (do_getattr): Support SERIALNO and AID. + +2003-10-01 Werner Koch + + * ccid-driver.c: Detect GnuPG 1.3 and include appropriate files. + * apdu.c: Ditto. + * app-openpgp.c: Ditto. + * iso7816.c: Ditto. + (generate_keypair): Renamed to .. + (do_generate_keypair): .. this. + * app-common.h [GNUPG_MAJOR_VERSION]: New. + * iso7816.h [GNUPG_MAJOR_VERSION]: Include cardglue.h + +2003-09-30 Werner Koch + + * command.c (cmd_getattr): New command GETATTR. + * app.c (app_setattr): New. + (do_getattr): New. + (do_learn_status): Reimplemented in terms of do_getattr. + + * app-openpgp.c (do_change_pin): Make sure CVH1 and CHV2 are + always synced. + (verify_chv2, verify_chv3): New. Factored out common code. + (do_setattr, do_sign, do_auth, do_decipher): Change the names of + the prompts to match that we have only 2 different PINs. + (app_select_openpgp): Check whether the card enforced CHV1. + (convert_sig_counter_value): New. Factor out code from + get_sig_counter. + +2003-09-28 Werner Koch + + * app-openpgp.c (dump_all_do): Use gpg_err_code and not gpg_error. + +2003-09-19 Werner Koch + + * ccid-driver.c (parse_ccid_descriptor): New. + (read_device_info): New. + (ccid_open_reader): Check that the device has all required features. + +2003-09-06 Werner Koch + + * scdaemon.c (main): --pcsc-driver again defaults to pcsclite. + David Corcoran was so kind to remove the GPL incompatible + advertisng clause from pcsclite. + * apdu.c (apdu_open_reader): Actually make pcsc-driver option work. + +2003-09-05 Werner Koch + + * ccid-driver.c: More work, data can now actually be retrieved. + * ccid-driver.c, ccid-driver.h: Alternativley allow use under BSD + conditions. + +2003-09-02 Werner Koch + + * scdaemon.c, scdaemon.h: New option --pcsc-ccid. + * ccid-driver.c, ccid-driver.h: New but far from being useful. + * Makefile.am: Add above. + * apdu.c: Add support for that ccid driver. + +2003-08-26 Timo Schulz + + * apdu.c (new_reader_slot): Only set 'is_osc' when OpenSC + is used. + +2003-08-25 Werner Koch + + * command.c (cmd_setattr): Use a copy of LINE. + (cmd_genkey): Use a copy of KEYNO. + (cmd_passwd): Use a copy of CHVNOSTR. + (cmd_pksign, cmd_pkauth, cmd_pkdecrypt): s/strdup/xtrystrdup/. + +2003-08-19 Werner Koch + + * scdaemon.c, scdaemon.h: New option --pcsc-driver. + * apdu.c (apdu_open_reader): Use that option here instead of a + hardcoded one. + +2003-08-18 Werner Koch + + * Makefile.am: Add OPENSC_LIBS to all programs. + + * scdaemon.c, scdaemon.h: New option --disable-opensc. + * card.c (card_open): Implement it. + * apdu.c (open_osc_reader, osc_send_apdu): New. + (apdu_open_reader) [HAVE_OPENSC]: Use the opensc driver if not + disabled. + (error_string) [HAVE_OPENSC]: Use sc_strerror. + (send_apdu) [HAVE_OPENSC]: Call osc_apdu_send. + + * card-p15.c (p15_enum_keypairs, p15_prepare_key): Adjusted for + libgpg-error. + +2003-08-14 Timo Schulz + + * apdu.c (ct_activate_card): Change the code a little to avoid + problems with other readers. + * Always use 'dynload.h' instead of 'dlfcn.h'. + +2003-08-05 Werner Koch + + * app-openpgp.c (dump_all_do): Don't analyze constructed DOs after + an error. + +2003-08-04 Werner Koch + + * app.c (app_set_default_reader_port): New. + (select_application): Use it here. + * scdaemon.c (main): and here. + * sc-copykeys.c: --reader-port does now take a string. + * sc-investigate.c, scdaemon.c: Ditto. + * apdu.c (apdu_open_reader): Ditto. Load pcsclite if no ctapi + driver is configured. Always include code for ctapi. + (new_reader_slot): Don't test for already used ports and remove + port arg. + (open_pcsc_reader, pcsc_send_apdu, pcsc_error_string): New. + (apdu_send_le): Changed RC to long to cope with PC/SC. + + * scdaemon.c, scdaemon.h: New option --ctapi-driver. + * sc-investigate.c, sc-copykeys.c: Ditto. + +2003-07-31 Werner Koch + + * Makefile.am (scdaemon_LDADD): Added INTLLIBS. + +2003-07-28 Werner Koch + + * app-openpgp.c (do_setattr): Change implementation. Allow all + useful DOs. + +2003-07-27 Werner Koch + + Adjusted for gcry_mpi_print and gcry_mpi_scan API change. + +2003-07-24 Werner Koch + + * app-openpgp.c (do_learn_status): Print more status information. + (app_select_openpgp): Store the card version. + (store_fpr): Add argument card_version and fix DOs for old cards. + (app_openpgp_storekey): Likewise. + +2003-07-23 Werner Koch + + * command.c (cmd_pkauth): New. + (cmd_setdata): Check whether data was given at all to avoid + passing 0 to malloc. + + * app.c (app_auth): New. + * app-openpgp.c (do_auth): New. + +2003-07-22 Werner Koch + + * command.c (cmd_passwd): New. + * app.c (app_change_pin): New. + * app-openpgp.c (do_change_pin): New. + * iso7816.c (iso7816_reset_retry_counter): Implemented. + + * sc-investigate.c (main): New option --gen-random. + * iso7816.c (iso7816_get_challenge): Don't create APDUs with a + length larger than 255. + +2003-07-17 Werner Koch + + * command.c (cmd_random): New command RANDOM. + + * iso7816.c (map_sw): New. Use it in this file to return + meaningful error messages. Changed all public fucntions to return + a gpg_error_t. + (iso7816_change_reference_data): New. + * apdu.c (apdu_open_reader): Use faked status words for soem + system errors. + +2003-07-16 Werner Koch + + * apdu.c (apdu_send_simple): Use apdu_send_le so that we can + specify not to send Le as it should be. + +2003-07-15 Werner Koch + + * Makefile.am: Add sc-copykeys program. + * sc-copykeys.c: New. + * app-openpgp.c (app_openpgp_storekey): New. + (app_openpgp_cardinfo): New. + (count_bits): New. + (store_fpr): And use it here to get the actual length in bit. + +2003-07-03 Werner Koch + + * app-openpgp.c (do_setattr): Add setting of the URL. + (app_select_openpgp): Dump card data only in very verbose mode. + (do_decipher): New. + +2003-07-02 Werner Koch + + * app-openpgp.c (get_sig_counter): New. + (do_sign): Print the signature counter and enable the PIN callback. + (do_genkey): Implement the PIN callback. + +2003-07-01 Werner Koch + + * app-openpgp.c (store_fpr): Fixed fingerprint calculation. + +2003-06-26 Werner Koch + + * app-openpgp.c (find_tlv): Fixed length header parsing. + + * app.c (app_genkey): New. + * command.c (cmd_genkey): New. + +2003-06-25 Werner Koch + + * command.c (percent_plus_unescape): New. + (cmd_setattr): New. + +2003-06-24 Werner Koch + + * command.c (send_status_info): New. + + * app-openpgp.c (app_select_openpgp): Replace SLOT arg by APP arg + and setup the function pointers in APP on success. Changed callers. + * app.c: New. + * app-common.h: New. + * scdaemon.h (APP): New type to handle applications. + (server_control_s): Add an APP context field. + + * command.c (cmd_serialno): Handle applications. + (cmd_pksign): Ditto. + (cmd_pkdecrypt): Ditto. + (reset_notify): Ditto. + (cmd_learn): For now return error for application contexts. + (cmd_readcert): Ditto. + (cmd_readkey): Ditto. + +2003-06-04 Werner Koch + + * card.c (map_sc_err): Renamed gpg_make_err to gpg_err_make. + + Renamed error codes from INVALID to INV and removed _ERROR suffixes. + +2003-06-03 Werner Koch + + Changed all error codes in all files to the new libgpg-error scheme. + + * scdaemon.h: Include gpg-error.h and errno.h + * card.c (map_sc_err): Use unknown for the error source. + * Makefile.am: Link with libgpg-error + +2003-05-14 Werner Koch + + * atr.c, atr.h: New. + * sc-investigate.c: Dump the ATR in a human readable format. + +2003-05-08 Werner Koch + + * scdaemon.h (DBG_CARD_IO_VALUE): New. + + * sc-investigate.c: New. + * scdaemon.c (main): Removed --print-atr option. + + * iso7816.c, iso7816.h, app-openpgp.c: New. + +2003-04-29 Werner Koch + + * scdaemon.c: New options --print-atr and --reader-port + * apdu.c, apdu.h: New + + * card.c, card-p15.c, card-dinsig.c: Allow build without OpenSC. + + * Makefile.am (LDFLAGS): Removed. + + * command.c (register_commands): Adjusted for new Assuan semantics. + +2002-08-21 Werner Koch + + * scdaemon.c (main): New option --daemon so that the program is + not accidently started in the background. + +2002-08-16 Werner Koch + + * scdaemon.c: Include i18n.h. + + * card-common.h (struct p15_private_s): Forward declaration. Add + it to card_ctx_s. + * card.c (card_close): Make sure private data is released. + (card_enum_certs): New. + * card-p15.c (p15_release_private_data): New. + (init_private_data): New to work around an OpenSC weirdness. + (p15_enum_keypairs): Do an OpenSC get_objects only once. + (p15_enum_certs): New. + (card_p15_bind): Bind new function. + * command.c (cmd_learn): Return information about the certificates. + +2002-08-09 Werner Koch + + * card.c (card_get_serial_and_stamp): Use the tokeinfo serial + number as a fallback. Add a special prefix for serial numbers. + +2002-07-30 Werner Koch + + Changes to cope with OpenSC 0.7.0: + + * card.c: Removed the check for the packed opensc version. + Changed include file names of opensc. + (map_sc_err): Adjusted error codes for new opensc version. + * card-p15.c: Changed include filename of opensc. + * card-dinsig.c: Ditto. + + * card-p15.c (p15_decipher): Add flags argument to OpenSC call. + +2002-07-24 Werner Koch + + * card.c (find_simple_tlv, find_iccsn): New. + (card_get_serial_and_stamp): Improved serial number parser. + +2002-06-27 Werner Koch + + * scdaemon.c (main): Use GNUPG_DEFAULT_HOMEDIR constant. + +2002-06-15 Werner Koch + + * card-dinsig.c: Documented some stuff from the DIN norm. + +2002-04-15 Werner Koch + + * command.c (cmd_pksign, cmd_pkdecrypt): Use a copy of the key ID. + +2002-04-12 Werner Koch + + * scdaemon.c: New option --debug-sc N. + * card.c (card_open): set it here. + + * card-p15.c (p15_prepare_key): Factored out common code from ... + (p15_sign, p15_decipher): here and made the decryption work the + regular way. + +2002-04-10 Werner Koch + + * card.c (card_open): Return immediately when no reader is available. + +2002-03-27 Werner Koch + + * card.c (card_open, card_close): Adjusted for changes in OpenSC. + +2002-03-10 Werner Koch + + * card-p15.c, card-dinsig.c, card-common.h: New. + * card.c: Factored most code out to the new modules, so that we + can better support different types of card applications. + +2002-01-26 Werner Koch + + * scdaemon.c scdaemon.h, command.c: New. Based on the code from + the gpg-agent. + + + Copyright 2002, 2003, 2004, 2005, 2007, 2008 Free Software Foundation, Inc. + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +Local Variables: +buffer-read-only: t +End: diff --git a/scd/Makefile.am b/scd/Makefile.am index 9153a4403..bdd457acd 100644 --- a/scd/Makefile.am +++ b/scd/Makefile.am @@ -17,6 +17,8 @@ ## Process this file with automake to produce Makefile.in +EXTRA_DIST = ChangeLog-2011 + bin_PROGRAMS = scdaemon if ! HAVE_W32_SYSTEM libexec_PROGRAMS = gnupg-pcsc-wrapper -- cgit v1.2.3 From bf37c32367ba149559385ee90b6435cef8bd6412 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Fri, 2 Dec 2011 13:57:12 +0900 Subject: Fix pinpad input support for passphrase modification. * apdu.c (pcsc_keypad_verify): Have dummy Lc field with value 0. (pcsc_keypad_modify): Likewise. (pcsc_keypad_modify): It's only for ISO7816_CHANGE_REFERENCE_DATA. bConfirmPIN value is determined by the parameter p0. * app-openpgp.c (do_change_pin): The flag use_keypad should be 0 when reset_mode is on, or resetcode is on. use_keypad only makes sense for iso7816_change_reference_data_kp. * iso7816.h (iso7816_put_data_kp): Remove. (iso7816_reset_retry_counter_kp): Remove. (iso7816_reset_retry_counter_with_rc_kp): Remove. (iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE. * iso7816.c (iso7816_put_data_kp): Remove. (iso7816_reset_retry_counter_kp): Remove. (iso7816_reset_retry_counter_with_rc_kp): Remove. (iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE. --- scd/apdu.c | 44 ++++--------- scd/app-openpgp.c | 182 ++++++++++++++++++++---------------------------------- scd/iso7816.c | 51 +++------------ scd/iso7816.h | 6 +- 4 files changed, 89 insertions(+), 194 deletions(-) (limited to 'scd') diff --git a/scd/apdu.c b/scd/apdu.c index 4d11157e3..c130d89bc 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -2043,7 +2043,7 @@ check_pcsc_keypad (int slot, int command, int pin_mode, } -#define PIN_VERIFY_STRUCTURE_SIZE 23 +#define PIN_VERIFY_STRUCTURE_SIZE 24 static int pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, struct pininfo_s *pininfo) @@ -2096,7 +2096,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, pin_verify[12] = 0x00; /* bTeoPrologue[0] */ pin_verify[13] = 0x00; /* bTeoPrologue[1] */ pin_verify[14] = 0x00; /* bTeoPrologue[2] */ - pin_verify[15] = 0x04; /* ulDataLength */ + pin_verify[15] = 0x05; /* ulDataLength */ pin_verify[16] = 0x00; /* ulDataLength */ pin_verify[17] = 0x00; /* ulDataLength */ pin_verify[18] = 0x00; /* ulDataLength */ @@ -2104,6 +2104,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, pin_verify[20] = ins; /* abData[1] */ pin_verify[21] = p0; /* abData[2] */ pin_verify[22] = p1; /* abData[3] */ + pin_verify[23] = 0x00; /* abData[4] */ sw = control_pcsc (slot, reader_table[slot].pcsc.verify_ioctl, pin_verify, len, result, &resultlen); @@ -2115,7 +2116,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, } -#define PIN_MODIFY_STRUCTURE_SIZE 28 +#define PIN_MODIFY_STRUCTURE_SIZE 29 static int pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, struct pininfo_s *pininfo) @@ -2125,32 +2126,6 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, unsigned long len = PIN_MODIFY_STRUCTURE_SIZE; unsigned char result[2]; size_t resultlen = 2; - unsigned char confirm_pin; - - /* bConfirmPIN - * 0x00: new PIN once - * 0x01: new PIN twice (confirmation) - * 0x02: old PIN and new PIN once - * 0x03: old PIN and new PIN twice (confirmation) - */ - switch (ins) - { - case ISO7816_CHANGE_REFERENCE_DATA: - confirm_pin = 0x03; - break; - case 0xDA: /* PUT_DATA */ - confirm_pin = 0x01; - break; - case ISO7816_RESET_RETRY_COUNTER: - if (p0 == 0) - confirm_pin = 0x03; - else - confirm_pin = 0x01; - break; - default: - confirm_pin = 0x00; - break; - } if (!reader_table[slot].atrlen && (sw = reset_pcsc_reader (slot))) @@ -2186,7 +2161,13 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, pin_modify[6] = 0x00; /* bInsertionOffsetNew */ pin_modify[7] = pininfo->maxlen; /* wPINMaxExtraDigit */ pin_modify[8] = pininfo->minlen; /* wPINMaxExtraDigit */ - pin_modify[9] = confirm_pin; + pin_modify[9] = (p0 == 0 ? 0x03 : 0x01); + /* bConfirmPIN + * 0x00: new PIN once + * 0x01: new PIN twice (confirmation) + * 0x02: old PIN and new PIN once + * 0x03: old PIN and new PIN twice (confirmation) + */ pin_modify[10] = 0x02; /* bEntryValidationCondition: Validation key pressed */ if (pininfo->minlen && pininfo->maxlen && pininfo->minlen == pininfo->maxlen) pin_modify[10] |= 0x01; /* Max size reached. */ @@ -2199,7 +2180,7 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, pin_modify[17] = 0x00; /* bTeoPrologue[0] */ pin_modify[18] = 0x00; /* bTeoPrologue[1] */ pin_modify[19] = 0x00; /* bTeoPrologue[2] */ - pin_modify[20] = 0x04; /* ulDataLength */ + pin_modify[20] = 0x05; /* ulDataLength */ pin_modify[21] = 0x00; /* ulDataLength */ pin_modify[22] = 0x00; /* ulDataLength */ pin_modify[23] = 0x00; /* ulDataLength */ @@ -2207,6 +2188,7 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, pin_modify[25] = ins; /* abData[1] */ pin_modify[26] = p0; /* abData[2] */ pin_modify[27] = p1; /* abData[3] */ + pin_modify[28] = 0x00; /* abData[4] */ sw = control_pcsc (slot, reader_table[slot].pcsc.modify_ioctl, pin_modify, len, result, &resultlen); diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index b51eb5be1..e3a448413 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -1915,7 +1915,6 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, char *pinvalue = NULL; int reset_mode = !!(flags & APP_CHANGE_FLAG_RESET); int set_resetcode = 0; - int with_resetcode = 0; iso7816_pininfo_t pininfo; int use_keypad = 0; int minlen = 6; @@ -1975,6 +1974,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, if (reset_mode) { /* To reset a PIN the Admin PIN is required. */ + use_keypad = 0; app->did_chv3 = 0; rc = verify_chv3 (app, pincb, pincb_arg); if (rc) @@ -1983,37 +1983,40 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, if (chvno == 2) set_resetcode = 1; } - else if (!use_keypad && (chvno == 1 || chvno == 3)) + else if (chvno == 1 || chvno == 3) { - char *promptbuf = NULL; - const char *prompt; - - if (chvno == 3) + if (!use_keypad) { - minlen = 8; - rc = build_enter_admin_pin_prompt (app, &promptbuf); + char *promptbuf = NULL; + const char *prompt; + + if (chvno == 3) + { + minlen = 8; + rc = build_enter_admin_pin_prompt (app, &promptbuf); + if (rc) + goto leave; + prompt = promptbuf; + } + else + prompt = _("||Please enter the PIN"); + rc = pincb (pincb_arg, prompt, &oldpinvalue); + xfree (promptbuf); + promptbuf = NULL; if (rc) - goto leave; - prompt = promptbuf; - } - else - prompt = _("||Please enter the PIN"); - rc = pincb (pincb_arg, prompt, &oldpinvalue); - xfree (promptbuf); - promptbuf = NULL; - if (rc) - { - log_info (_("PIN callback returned error: %s\n"), - gpg_strerror (rc)); - goto leave; - } + { + log_info (_("PIN callback returned error: %s\n"), + gpg_strerror (rc)); + goto leave; + } - if (strlen (oldpinvalue) < minlen) - { - log_info (_("PIN for CHV%d is too short;" - " minimum length is %d\n"), chvno, minlen); - rc = gpg_error (GPG_ERR_BAD_PIN); - goto leave; + if (strlen (oldpinvalue) < minlen) + { + log_info (_("PIN for CHV%d is too short;" + " minimum length is %d\n"), chvno, minlen); + rc = gpg_error (GPG_ERR_BAD_PIN); + goto leave; + } } } else if (chvno == 2) @@ -2025,7 +2028,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, size_t valuelen; int remaining; - with_resetcode = 1; + use_keypad = 0; minlen = 8; relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL); if (!relptr || valuelen < 7) @@ -2044,24 +2047,21 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, goto leave; } - if (!use_keypad) + rc = pincb (pincb_arg, + _("||Please enter the Reset Code for the card"), + &resetcode); + if (rc) { - rc = pincb (pincb_arg, - _("||Please enter the Reset Code for the card"), - &resetcode); - if (rc) - { - log_info (_("PIN callback returned error: %s\n"), - gpg_strerror (rc)); - goto leave; - } - if (strlen (resetcode) < minlen) - { - log_info (_("Reset Code is too short; minimum length is %d\n"), - minlen); - rc = gpg_error (GPG_ERR_BAD_PIN); - goto leave; - } + log_info (_("PIN callback returned error: %s\n"), + gpg_strerror (rc)); + goto leave; + } + if (strlen (resetcode) < minlen) + { + log_info (_("Reset Code is too short; minimum length is %d\n"), + minlen); + rc = gpg_error (GPG_ERR_BAD_PIN); + goto leave; } } else @@ -2093,86 +2093,40 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, } - if (with_resetcode) + if (resetcode) { - if (use_keypad) - { - rc = pincb (pincb_arg, - _("||Please enter the Reset Code for the card and New PIN"), - NULL); - if (rc) - { - log_info (_("PIN callback returned error: %s\n"), - gpg_strerror (rc)); - goto leave; - } - rc = iso7816_reset_retry_counter_with_rc_kp (app->slot, 0x81, - &pininfo); - pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */ - } + char *buffer; + + buffer = xtrymalloc (strlen (resetcode) + strlen (pinvalue) + 1); + if (!buffer) + rc = gpg_error_from_syserror (); else { - char *buffer; - - buffer = xtrymalloc (strlen (resetcode) + strlen (pinvalue) + 1); - if (!buffer) - rc = gpg_error_from_syserror (); - else - { - strcpy (stpcpy (buffer, resetcode), pinvalue); - rc = iso7816_reset_retry_counter_with_rc (app->slot, 0x81, - buffer, strlen (buffer)); - wipememory (buffer, strlen (buffer)); - xfree (buffer); - } + strcpy (stpcpy (buffer, resetcode), pinvalue); + rc = iso7816_reset_retry_counter_with_rc (app->slot, 0x81, + buffer, strlen (buffer)); + wipememory (buffer, strlen (buffer)); + xfree (buffer); } } else if (set_resetcode) { - if (use_keypad) + if (strlen (pinvalue) < 8) { - rc = pincb (pincb_arg, _("|RN|New Reset Code"), NULL); - if (rc) - { - log_info (_("PIN callback returned error: %s\n"), - gpg_strerror (rc)); - goto leave; - } - rc = iso7816_put_data_kp (app->slot, 0xD3, &pininfo); - pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */ + log_error (_("Reset Code is too short; minimum length is %d\n"), 8); + rc = gpg_error (GPG_ERR_BAD_PIN); } else - if (strlen (pinvalue) < 8) - { - log_error (_("Reset Code is too short; minimum length is %d\n"), 8); - rc = gpg_error (GPG_ERR_BAD_PIN); - } - else - rc = iso7816_put_data (app->slot, 0, 0xD3, - pinvalue, strlen (pinvalue)); + rc = iso7816_put_data (app->slot, 0, 0xD3, + pinvalue, strlen (pinvalue)); } else if (reset_mode) { - if (use_keypad) - { - rc = pincb (pincb_arg, _("|N|New PIN"), NULL); - if (rc) - { - log_info (_("PIN callback returned error: %s\n"), - gpg_strerror (rc)); - goto leave; - } - rc = iso7816_reset_retry_counter_kp (app->slot, 0x81, &pininfo); - pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */ - } - else - { - rc = iso7816_reset_retry_counter (app->slot, 0x81, - pinvalue, strlen (pinvalue)); - if (!rc && !app->app_local->extcap.is_v2) - rc = iso7816_reset_retry_counter (app->slot, 0x82, - pinvalue, strlen (pinvalue)); - } + rc = iso7816_reset_retry_counter (app->slot, 0x81, + pinvalue, strlen (pinvalue)); + if (!rc && !app->app_local->extcap.is_v2) + rc = iso7816_reset_retry_counter (app->slot, 0x82, + pinvalue, strlen (pinvalue)); } else if (!app->app_local->extcap.is_v2) { @@ -2208,7 +2162,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, gpg_strerror (rc)); goto leave; } - rc = iso7816_change_reference_data_kp (app->slot, 0x80 + chvno, + rc = iso7816_change_reference_data_kp (app->slot, 0x80 + chvno, 0, &pininfo); pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */ } diff --git a/scd/iso7816.c b/scd/iso7816.c index 8876b931a..45f5e08bf 100644 --- a/scd/iso7816.c +++ b/scd/iso7816.c @@ -307,16 +307,18 @@ iso7816_verify (int slot, int chvno, const char *chv, size_t chvlen) /* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder verification vector CHVNO. With PININFO non-NULL the keypad of the - reader will be used. */ + reader will be used. If IS_EXCHANGE is 0, a "change reference + data" is done, otherwise an "exchange reference data". */ gpg_error_t -iso7816_change_reference_data_kp (int slot, int chvno, +iso7816_change_reference_data_kp (int slot, int chvno, int is_exchange, iso7816_pininfo_t *pininfo) { int sw; - sw = apdu_keypad_modify (slot, 0x00, CMD_CHANGE_REFERENCE_DATA, 0, chvno, - pininfo->mode, pininfo->minlen, pininfo->maxlen, - pininfo->padlen); + sw = apdu_keypad_modify (slot, 0x00, CMD_CHANGE_REFERENCE_DATA, + is_exchange ? 1 : 0, + chvno, pininfo->mode, pininfo->minlen, + pininfo->maxlen, pininfo->padlen); return map_sw (sw); } @@ -353,19 +355,6 @@ iso7816_change_reference_data (int slot, int chvno, } -gpg_error_t -iso7816_reset_retry_counter_with_rc_kp (int slot, int chvno, - iso7816_pininfo_t *pininfo) -{ - int sw; - - sw = apdu_keypad_modify (slot, 0x00, CMD_RESET_RETRY_COUNTER, 0, chvno, - pininfo->mode, pininfo->minlen, pininfo->maxlen, - pininfo->padlen); - return map_sw (sw); -} - - gpg_error_t iso7816_reset_retry_counter_with_rc (int slot, int chvno, const char *data, size_t datalen) @@ -381,19 +370,6 @@ iso7816_reset_retry_counter_with_rc (int slot, int chvno, } -gpg_error_t -iso7816_reset_retry_counter_kp (int slot, int chvno, - iso7816_pininfo_t *pininfo) -{ - int sw; - - sw = apdu_keypad_modify (slot, 0x00, CMD_RESET_RETRY_COUNTER, 2, chvno, - pininfo->mode, pininfo->minlen, pininfo->maxlen, - pininfo->padlen); - return map_sw (sw); -} - - gpg_error_t iso7816_reset_retry_counter (int slot, int chvno, const char *newchv, size_t newchvlen) @@ -445,19 +421,6 @@ iso7816_get_data (int slot, int extended_mode, int tag, } -gpg_error_t -iso7816_put_data_kp (int slot, int tag, iso7816_pininfo_t *pininfo) -{ - int sw; - - sw = apdu_keypad_modify (slot, 0x00, CMD_PUT_DATA, - ((tag >> 8) & 0xff), (tag & 0xff), - pininfo->mode, pininfo->minlen, pininfo->maxlen, - pininfo->padlen); - return map_sw (sw); -} - - /* Perform a PUT DATA command on card in SLOT. Write DATA of length DATALEN to TAG. EXTENDED_MODE controls whether extended length headers or command chaining is used instead of single length diff --git a/scd/iso7816.h b/scd/iso7816.h index 9ed7b219f..336208aba 100644 --- a/scd/iso7816.h +++ b/scd/iso7816.h @@ -68,19 +68,15 @@ gpg_error_t iso7816_change_reference_data (int slot, int chvno, const char *oldchv, size_t oldchvlen, const char *newchv, size_t newchvlen); gpg_error_t iso7816_change_reference_data_kp (int slot, int chvno, + int is_exchange, iso7816_pininfo_t *pininfo); gpg_error_t iso7816_reset_retry_counter (int slot, int chvno, const char *newchv, size_t newchvlen); -gpg_error_t iso7816_reset_retry_counter_kp (int slot, int chvno, - iso7816_pininfo_t *pininfo); gpg_error_t iso7816_reset_retry_counter_with_rc (int slot, int chvno, const char *data, size_t datalen); -gpg_error_t iso7816_reset_retry_counter_with_rc_kp (int slot, int chvno, - iso7816_pininfo_t *pininfo); gpg_error_t iso7816_get_data (int slot, int extended_mode, int tag, unsigned char **result, size_t *resultlen); -gpg_error_t iso7816_put_data_kp (int slot, int tag, iso7816_pininfo_t *pininfo); gpg_error_t iso7816_put_data (int slot, int extended_mode, int tag, const void *data, size_t datalen); gpg_error_t iso7816_put_data_odd (int slot, int extended_mode, int tag, -- cgit v1.2.3 From 239659d3a0b8c0c378734ca3d1e9210a02e24da7 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 2 Dec 2011 18:09:58 +0100 Subject: Support the Cherry ST-2000 card reader. * scd/ccid-driver.c (SCM_SCR331, SCM_SCR331DI, SCM_SCR335) (SCM_SCR3320, SCM_SPR532, CHERRY_ST2000): New constants. (parse_ccid_descriptor): Use them. (scan_or_find_usb_device, ccid_transceive_secure): Handle Cherry ST-2000. Suggested by Matthias-Christian Ott. --- scd/ccid-driver.c | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) (limited to 'scd') diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index eb1962594..7338ccc6f 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -213,6 +213,15 @@ enum { VENDOR_FSIJ = 0x234B }; +/* Some product ids. */ +#define SCM_SCR331 0xe001 +#define SCM_SCR331DI 0x5111 +#define SCM_SCR335 0x5115 +#define SCM_SCR3320 0x5117 +#define SCM_SPR532 0xe003 +#define CHERRY_ST2000 0x003e + + /* A list and a table with special transport descriptions. */ enum { TRANSPORT_USB = 0, /* Standard USB transport. */ @@ -954,11 +963,11 @@ parse_ccid_descriptor (ccid_driver_t handle, */ if (handle->id_vendor == VENDOR_SCM && handle->max_ifsd > 48 - && ( (handle->id_product == 0xe001 && handle->bcd_device < 0x0516) - ||(handle->id_product == 0x5111 && handle->bcd_device < 0x0620) - ||(handle->id_product == 0x5115 && handle->bcd_device < 0x0514) - ||(handle->id_product == 0xe003 && handle->bcd_device < 0x0504) - ||(handle->id_product == 0x5117 && handle->bcd_device < 0x0522) + && ( (handle->id_product == SCM_SCR331 && handle->bcd_device < 0x0516) + ||(handle->id_product == SCM_SCR331DI && handle->bcd_device < 0x0620) + ||(handle->id_product == SCM_SCR335 && handle->bcd_device < 0x0514) + ||(handle->id_product == SCM_SPR532 && handle->bcd_device < 0x0504) + ||(handle->id_product == SCM_SCR3320 && handle->bcd_device < 0x0522) )) { DEBUGOUT ("enabling workaround for buggy SCM readers\n"); @@ -1138,16 +1147,20 @@ scan_or_find_usb_device (int scan_mode, { ifcdesc = (interface->altsetting + set_no); /* The second condition is for older SCM SPR 532 who did - not know about the assigned CCID class. Instead of - trying to interpret the strings we simply check the - product ID. */ + not know about the assigned CCID class. The third + condition does the same for a Cherry SmartTerminal + ST-2000. Instead of trying to interpret the strings + we simply check the product ID. */ if (ifcdesc && ifcdesc->extra && ((ifcdesc->bInterfaceClass == 11 && ifcdesc->bInterfaceSubClass == 0 && ifcdesc->bInterfaceProtocol == 0) || (ifcdesc->bInterfaceClass == 255 && dev->descriptor.idVendor == VENDOR_SCM - && dev->descriptor.idProduct == 0xe003))) + && dev->descriptor.idProduct == SCM_SPR532) + || (ifcdesc->bInterfaceClass == 255 + && dev->descriptor.idVendor == VENDOR_CHERRY + && dev->descriptor.idProduct == CHERRY_ST2000))) { idev = usb_open (dev); if (!idev) @@ -3083,7 +3096,8 @@ ccid_transceive_secure (ccid_driver_t handle, Lc byte to the APDU. It seems that it will be replaced with the actual length instead of being appended before the APDU is send to the card. */ - cherry_mode = 1; + if (handle->id_product != CHERRY_ST2000) + cherry_mode = 1; break; default: return CCID_DRIVER_ERR_NOT_SUPPORTED; -- cgit v1.2.3 From cd29dc0f1cf7f3bd7938ffa65bf13f9a75d8c156 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 12 Dec 2011 20:34:12 +0100 Subject: Fix detection of card removal and insertion. * scd/apdu.c (apdu_connect): Return status codes for no card available and inactive card. * scd/command.c (TEST_CARD_REMOVAL): Also test for GPG_ERR_CARD_RESET. (open_card): Map apdu_connect status to GPG_ERR_CARD_RESET. --- scd/apdu.c | 15 +++++++++++++-- scd/command.c | 8 +++++--- 2 files changed, 18 insertions(+), 5 deletions(-) (limited to 'scd') diff --git a/scd/apdu.c b/scd/apdu.c index c130d89bc..ae910825f 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -3051,11 +3051,14 @@ apdu_enum_reader (int slot, int *used) /* Connect a card. This is used to power up the card and make sure - that an ATR is available. */ + that an ATR is available. Depending on the reader backend it may + return an error for an inactive card or if no card is + available. */ int apdu_connect (int slot) { int sw; + unsigned int status; if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; @@ -3080,7 +3083,15 @@ apdu_connect (int slot) scdaemon is fired up and apdu_get_status has not yet been called. Without that we would force a reset of the card with the next call to apdu_get_status. */ - apdu_get_status_internal (slot, 1, 1, NULL, NULL); + apdu_get_status_internal (slot, 1, 1, &status, NULL); + if (sw) + ; + else if (!(status & APDU_CARD_PRESENT)) + sw = SW_HOST_NO_CARD; + else if (((status & APDU_CARD_PRESENT) && !(status & APDU_CARD_ACTIVE)) + || !reader_table[slot].atrlen) + sw = SW_HOST_CARD_INACTIVE; + return sw; } diff --git a/scd/command.c b/scd/command.c index 9bb500523..655032fee 100644 --- a/scd/command.c +++ b/scd/command.c @@ -60,6 +60,7 @@ int _r = (r); \ if (gpg_err_code (_r) == GPG_ERR_CARD_NOT_PRESENT \ || gpg_err_code (_r) == GPG_ERR_CARD_REMOVED \ + || gpg_err_code (_r) == GPG_ERR_CARD_RESET \ || gpg_err_code (_r) == GPG_ERR_ENODEV ) \ update_card_removed ((c)->reader_slot, 1); \ } while (0) @@ -420,9 +421,8 @@ get_reader_slot (void) return 0; } -/* If the card has not yet been opened, do it. Note that this - function returns an Assuan error, so don't map the error a second - time. */ + +/* If the card has not yet been opened, do it. */ static gpg_error_t open_card (ctrl_t ctrl, const char *apptype) { @@ -477,6 +477,8 @@ open_card (ctrl_t ctrl, const char *apptype) { if (sw == SW_HOST_NO_CARD) err = gpg_error (GPG_ERR_CARD_NOT_PRESENT); + else if (sw == SW_HOST_CARD_INACTIVE) + err = gpg_error (GPG_ERR_CARD_RESET); else err = gpg_error (GPG_ERR_CARD); } -- cgit v1.2.3 From 11164662788036c4b15d30555ea33ec0b6f5a670 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 12 Dec 2011 21:02:54 +0100 Subject: scd: Retry command SERIALNO for an inactive card. * scd/command.c (cmd_serialno): Retry once for an inactive card. --- scd/command.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'scd') diff --git a/scd/command.c b/scd/command.c index 655032fee..b2a504cf0 100644 --- a/scd/command.c +++ b/scd/command.c @@ -518,8 +518,10 @@ cmd_serialno (assuan_context_t ctx, char *line) char *serial_and_stamp; char *serial; time_t stamp; + int retries = 0; /* Clear the remove flag so that the open_card is able to reread it. */ + retry: if (!reader_disabled && ctrl->server_local->card_removed) { if ( IS_LOCKED (ctrl) ) @@ -528,7 +530,12 @@ cmd_serialno (assuan_context_t ctx, char *line) } if ((rc = open_card (ctrl, *line? line:NULL))) - return rc; + { + /* In case of an inactive card, retry once. */ + if (gpg_err_code (rc) == GPG_ERR_CARD_RESET && retries++ < 1) + goto retry; + return rc; + } rc = app_get_serial_and_stamp (ctrl->app_ctx, &serial, &stamp); if (rc) -- cgit v1.2.3 From 24e121ef261731069868ca403b818f1168237f53 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 13 Dec 2011 16:55:42 +0100 Subject: scd: Introduce a virtual reader table. The vreader table makes the code more clear by explicitly talking about APDU slots and reader indices. It also accommodates for future extensions. * scd/scdaemon.h (server_control_s): Remove READER_SLOT. * scd/scdaemon.c (scd_init_default_ctrl): Do not init READER_SLOT. * scd/app.c (check_application_conflict): Add arg SLOT. * scd/command.c (slot_status_s): Rename to vreader_s. (server_local_s): Add field VREADER_IDX as replacement for the READER_SLOT in server_control_s. Change all users. (slot_table): Rename to vreader_table. Change all users. (vreader_slot): New. (do_reset, cmd_apdu): Map vreader to apdu slot. (get_reader_slot): Rename to get_current_reader. Return -1 on error. (open_card): Map vreader toapdu slot. Pass slot to check_application_conflict. (scd_command_handler): Init VREADER_IDX. (update_reader_status_file): Reset SLOT field on error. --- scd/app-common.h | 3 +- scd/app.c | 7 +- scd/command.c | 213 +++++++++++++++++++++++++++++++------------------------ scd/scdaemon.c | 2 +- scd/scdaemon.h | 3 - 5 files changed, 129 insertions(+), 99 deletions(-) (limited to 'scd') diff --git a/scd/app-common.h b/scd/app-common.h index 6a1e2a763..e3d23c2b4 100644 --- a/scd/app-common.h +++ b/scd/app-common.h @@ -143,7 +143,8 @@ size_t app_help_read_length_of_cert (int slot, int fid, size_t *r_certoff); /*-- app.c --*/ void app_dump_state (void); void application_notify_card_reset (int slot); -gpg_error_t check_application_conflict (ctrl_t ctrl, const char *name); +gpg_error_t check_application_conflict (ctrl_t ctrl, int slot, + const char *name); gpg_error_t select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app); char *get_supported_applications (void); diff --git a/scd/app.c b/scd/app.c index 6d652360c..6f0d7560b 100644 --- a/scd/app.c +++ b/scd/app.c @@ -213,18 +213,19 @@ application_notify_card_reset (int slot) used to request a specific application and the connection has already done a select_application. */ gpg_error_t -check_application_conflict (ctrl_t ctrl, const char *name) +check_application_conflict (ctrl_t ctrl, int slot, const char *name) { - int slot = ctrl->reader_slot; app_t app; + (void)ctrl; + if (slot < 0 || slot >= DIM (lock_table)) return gpg_error (GPG_ERR_INV_VALUE); app = lock_table[slot].initialized ? lock_table[slot].app : NULL; if (app && app->apptype && name) if ( ascii_strcasecmp (app->apptype, name)) - return gpg_error (GPG_ERR_CONFLICT); + return gpg_error (GPG_ERR_CONFLICT); return 0; } diff --git a/scd/command.c b/scd/command.c index b2a504cf0..2ade38afb 100644 --- a/scd/command.c +++ b/scd/command.c @@ -1,6 +1,6 @@ /* command.c - SCdaemon command handler * Copyright (C) 2001, 2002, 2003, 2004, 2005, - * 2007, 2008, 2009 Free Software Foundation, Inc. + * 2007, 2008, 2009, 2011 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -62,32 +62,37 @@ || gpg_err_code (_r) == GPG_ERR_CARD_REMOVED \ || gpg_err_code (_r) == GPG_ERR_CARD_RESET \ || gpg_err_code (_r) == GPG_ERR_ENODEV ) \ - update_card_removed ((c)->reader_slot, 1); \ + update_card_removed ((c)->server_local->vreader_idx, 1); \ } while (0) -#define IS_LOCKED(c) \ - (locked_session && locked_session != (c)->server_local \ - && (c)->reader_slot != -1 && locked_session->ctrl_backlink \ - && (c)->reader_slot == locked_session->ctrl_backlink->reader_slot) +#define IS_LOCKED(c) \ + (locked_session \ + && locked_session != (c)->server_local \ + && (c)->server_local->vreader_idx != -1 \ + && locked_session->ctrl_backlink \ + && ((c)->server_local->vreader_idx \ + == locked_session->ctrl_backlink->server_local->vreader_idx)) /* Flag indicating that the reader has been disabled. */ static int reader_disabled; -/* This structure is used to keep track of open readers (slots). */ -struct slot_status_s +/* This structure is used to keep track of user readers. To + eventually accommodate this structure for RFID cards, where more + than one card is used per reader, we name it virtual reader. */ +struct vreader_s { int valid; /* True if the other objects are valid. */ - int slot; /* Slot number of the reader or -1 if not open. */ + int slot; /* APDU slot number of the reader or -1 if not open. */ int reset_failed; /* A reset failed. */ int any; /* Flag indicating whether any status check has been done. This is set once to indicate that the status tracking for the slot has been initialized. */ - unsigned int status; /* Last status of the slot. */ - unsigned int changed; /* Last change counter of the slot. */ + unsigned int status; /* Last status of the reader. */ + unsigned int changed; /* Last change counter of the reader. */ }; @@ -114,6 +119,9 @@ struct server_local_s int event_signal; /* Or 0 if not used. */ #endif + /* Index into the vreader table (command.c) or -1 if not open. */ + int vreader_idx; + /* True if the card has been removed and a reset is required to continue operation. */ int card_removed; @@ -132,10 +140,8 @@ struct server_local_s }; -/* The table with information on all used slots. FIXME: This is a - different slot number than the one used by the APDU layer, and - should be renamed. */ -static struct slot_status_s slot_table[10]; +/* The table with information on all used virtual readers. */ +static struct vreader_s vreader_table[10]; /* To keep track of all running sessions, we link all active server @@ -174,25 +180,37 @@ initialize_module_command (void) } -/* Update the CARD_REMOVED element of all sessions using the reader - given by SLOT to VALUE. */ +/* Update the CARD_REMOVED element of all sessions using the virtual + reader given by VRDR to VALUE. */ static void -update_card_removed (int slot, int value) +update_card_removed (int vrdr, int value) { struct server_local_s *sl; for (sl=session_list; sl; sl = sl->next_session) if (sl->ctrl_backlink - && sl->ctrl_backlink->reader_slot == slot) + && sl->ctrl_backlink->server_local->vreader_idx == vrdr) { sl->card_removed = value; } /* Let the card application layer know about the removal. */ if (value) - application_notify_card_reset (slot); + application_notify_card_reset (vrdr); } +/* Helper to return the slot number for a given virtual reader index + VRDR. In case on an error -1 is returned. */ +static int +vreader_slot (int vrdr) +{ + if (vrdr == -1 || !(vrdr >= 0 && vrdr < DIM(vreader_table))) + return -1; + if (!vreader_table [vrdr].valid) + return -1; + return vreader_table[vrdr].slot; +} + /* Check whether the option NAME appears in LINE. Returns 1 or 0. */ static int @@ -279,9 +297,9 @@ hex_to_buffer (const char *string, size_t *r_length) static void do_reset (ctrl_t ctrl, int send_reset) { - int slot = ctrl->reader_slot; + int vrdr = ctrl->server_local->vreader_idx; - if (!(slot == -1 || (slot >= 0 && slot < DIM(slot_table)))) + if (!(vrdr == -1 || (vrdr >= 0 && vrdr < DIM(vreader_table)))) BUG (); /* If there is an active application, release it. Tell all other @@ -297,7 +315,7 @@ do_reset (ctrl_t ctrl, int send_reset) for (sl=session_list; sl; sl = sl->next_session) if (sl->ctrl_backlink - && sl->ctrl_backlink->reader_slot == slot) + && sl->ctrl_backlink->server_local->vreader_idx == vrdr) { sl->app_ctx_marked_for_release = 1; } @@ -306,13 +324,13 @@ do_reset (ctrl_t ctrl, int send_reset) /* If we want a real reset for the card, send the reset APDU and tell the application layer about it. */ - if (slot != -1 && send_reset && !IS_LOCKED (ctrl) ) + if (vrdr != -1 && send_reset && !IS_LOCKED (ctrl) ) { - if (apdu_reset (slot)) + if (apdu_reset (vreader_table[vrdr].slot)) { - slot_table[slot].valid = 0; + vreader_table[vrdr].valid = 0; } - application_notify_card_reset (slot); + application_notify_card_reset (vrdr); } /* If we hold a lock, unlock now. */ @@ -325,21 +343,21 @@ do_reset (ctrl_t ctrl, int send_reset) /* Reset the card removed flag for the current reader. We need to take the lock here so that the ticker thread won't concurrently try to update the file. Calling update_reader_status_file is - required to get hold of the new status of the card in the slot + required to get hold of the new status of the card in the vreader table. */ if (!pth_mutex_acquire (&status_file_update_lock, 0, NULL)) { - log_error ("failed to acquire status_fle_update lock\n"); - ctrl->reader_slot = -1; + log_error ("failed to acquire status_file_update lock\n"); + ctrl->server_local->vreader_idx = -1; return; } update_reader_status_file (0); /* Update slot status table. */ - update_card_removed (slot, 0); /* Clear card_removed flag. */ + update_card_removed (vrdr, 0); /* Clear card_removed flag. */ if (!pth_mutex_release (&status_file_update_lock)) log_error ("failed to release status_file_update lock\n"); /* Do this last, so that the update_card_removed above does its job. */ - ctrl->reader_slot = -1; + ctrl->server_local->vreader_idx = -1; } @@ -379,35 +397,38 @@ option_handler (assuan_context_t ctx, const char *key, const char *value) } -/* Return the slot of the current reader or open the reader if no - other sessions are using a reader. Note, that we currently support +/* Return the index of the current reader or open the reader if no + other sessions are using that reader. If it is not possible to + open the reader -1 is returned. Note, that we currently support only one reader but most of the code (except for this function) should be able to cope with several readers. */ static int -get_reader_slot (void) +get_current_reader (void) { - struct slot_status_s *ss; + struct vreader_s *vr; - ss = &slot_table[0]; /* One reader for now. */ + /* We only support one reader for now. */ + vr = &vreader_table[0]; - /* Initialize the item if needed. */ - if (!ss->valid) + /* Initialize the vreader item if not yet done. */ + if (!vr->valid) { - ss->slot = -1; - ss->valid = 1; + vr->slot = -1; + vr->valid = 1; } /* Try to open the reader. */ - if (ss->slot == -1) + if (vr->slot == -1) { int no_service_flag; - ss->slot = apdu_open_reader (opt.reader_port, &no_service_flag); + + vr->slot = apdu_open_reader (opt.reader_port, &no_service_flag); /* If we still don't have a slot, we have no readers. Invalidate for now until a reader is attached. */ - if(ss->slot == -1) + if (vr->slot == -1) { - ss->valid = 0; + vr->valid = 0; } if (no_service_flag) @@ -417,8 +438,8 @@ get_reader_slot (void) } } - /* Return the slot_table index. */ - return 0; + /* Return the vreader index or -1. */ + return vr->valid ? 0 : -1; } @@ -427,7 +448,7 @@ static gpg_error_t open_card (ctrl_t ctrl, const char *apptype) { gpg_error_t err; - int slot; + int vrdr; if (reader_disabled) return gpg_error (GPG_ERR_NOT_OPERATIONAL); @@ -455,21 +476,25 @@ open_card (ctrl_t ctrl, const char *apptype) need to check that the client didn't requested a specific application different from the one in use before we continue. */ if (ctrl->app_ctx) - return check_application_conflict (ctrl, apptype); + { + return check_application_conflict + (ctrl, vreader_slot (ctrl->server_local->vreader_idx), apptype); + } - /* Setup the slot and select the application. */ - if (ctrl->reader_slot != -1) - slot = ctrl->reader_slot; + /* Setup the vreader and select the application. */ + if (ctrl->server_local->vreader_idx != -1) + vrdr = ctrl->server_local->vreader_idx; else - slot = get_reader_slot (); - ctrl->reader_slot = slot; - if (slot == -1) + vrdr = get_current_reader (); + ctrl->server_local->vreader_idx = vrdr; + if (vrdr == -1) err = gpg_error (reader_disabled? GPG_ERR_NOT_OPERATIONAL: GPG_ERR_CARD); else { /* Fixme: We should move the apdu_connect call to select_application. */ int sw; + int slot = vreader_slot (vrdr); ctrl->server_local->disconnect_allowed = 0; sw = apdu_connect (slot); @@ -1615,8 +1640,8 @@ static const char hlp_getinfo[] = "\n" "socket_name - Return the name of the socket.\n" "\n" - "status - Return the status of the current slot (in the future, may\n" - "also return the status of all slots). The status is a list of\n" + "status - Return the status of the current reader (in the future, may\n" + "also return the status of all readers). The status is a list of\n" "one-character flags. The following flags are currently defined:\n" " 'u' Usable card present. This is the normal state during operation.\n" " 'r' Card removed. A reset is necessary.\n" @@ -1660,22 +1685,22 @@ cmd_getinfo (assuan_context_t ctx, char *line) else if (!strcmp (line, "status")) { ctrl_t ctrl = assuan_get_pointer (ctx); - int slot = ctrl->reader_slot; + int vrdr = ctrl->server_local->vreader_idx; char flag = 'r'; - if (!ctrl->server_local->card_removed && slot != -1) + if (!ctrl->server_local->card_removed && vrdr != -1) { - struct slot_status_s *ss; + struct vreader_s *vr; - if (!(slot >= 0 && slot < DIM(slot_table))) + if (!(vrdr >= 0 && vrdr < DIM(vreader_table))) BUG (); - ss = &slot_table[slot]; + vr = &vreader_table[vrdr]; - if (!ss->valid) + if (!vr->valid) BUG (); - if (ss->any && (ss->status & 1)) + if (vr->any && (vr->status & 1)) flag = 'u'; } rc = assuan_send_data (ctx, &flag, 1); @@ -1790,6 +1815,7 @@ cmd_apdu (assuan_context_t ctx, char *line) int handle_more; const char *s; size_t exlen; + int slot; with_atr = has_option (line, "--atr"); handle_more = has_option (line, "--more"); @@ -1812,13 +1838,15 @@ cmd_apdu (assuan_context_t ctx, char *line) if ((rc = open_card (ctrl, NULL))) return rc; + slot = vreader_slot (ctrl->server_local->vreader_idx); + if (with_atr) { unsigned char *atr; size_t atrlen; char hexbuf[400]; - atr = apdu_get_atr (ctrl->reader_slot, &atrlen); + atr = apdu_get_atr (slot, &atrlen); if (!atr || atrlen > sizeof hexbuf - 2 ) { rc = gpg_error (GPG_ERR_INV_CARD); @@ -1840,7 +1868,7 @@ cmd_apdu (assuan_context_t ctx, char *line) unsigned char *result = NULL; size_t resultlen; - rc = apdu_send_direct (ctrl->reader_slot, exlen, + rc = apdu_send_direct (slot, exlen, apdu, apdulen, handle_more, &result, &resultlen); if (rc) @@ -1990,12 +2018,13 @@ scd_command_handler (ctrl_t ctrl, int fd) session_list = ctrl->server_local; ctrl->server_local->ctrl_backlink = ctrl; ctrl->server_local->assuan_ctx = ctx; + ctrl->server_local->vreader_idx = -1; /* We open the reader right at startup so that the ticker is able to update the status file. */ - if (ctrl->reader_slot == -1) + if (ctrl->server_local->vreader_idx == -1) { - ctrl->reader_slot = get_reader_slot (); + ctrl->server_local->vreader_idx = get_current_reader (); } /* Command processing loop. */ @@ -2197,32 +2226,33 @@ update_reader_status_file (int set_card_removed_flag) int idx; unsigned int status, changed; - /* Make sure that the reader has been opened. Like get_reader_slot, + /* Make sure that a reader has been opened. Like get_current_reader, this part of the code assumes that there is only one reader. */ - if (!slot_table[0].valid) - (void)get_reader_slot (); + if (!vreader_table[0].valid) + (void)get_current_reader (); /* Note, that we only try to get the status, because it does not make sense to wait here for a operation to complete. If we are busy working with a card, delays in the status file update should be acceptable. */ - for (idx=0; idx < DIM(slot_table); idx++) + for (idx=0; idx < DIM(vreader_table); idx++) { - struct slot_status_s *ss = slot_table + idx; + struct vreader_s *vr = vreader_table + idx; struct server_local_s *sl; int sw_apdu; - if (!ss->valid || ss->slot == -1) + if (!vr->valid || vr->slot == -1) continue; /* Not valid or reader not yet open. */ - sw_apdu = apdu_get_status (ss->slot, 0, &status, &changed); + sw_apdu = apdu_get_status (vr->slot, 0, &status, &changed); if (sw_apdu == SW_HOST_NO_READER) { /* Most likely the _reader_ has been unplugged. */ - apdu_close_reader(ss->slot); - ss->valid = 0; + apdu_close_reader (vr->slot); + vr->slot = -1; + vr->valid = 0; status = 0; - changed = ss->changed; + changed = vr->changed; } else if (sw_apdu) { @@ -2230,21 +2260,21 @@ update_reader_status_file (int set_card_removed_flag) continue; } - if (!ss->any || ss->status != status || ss->changed != changed ) + if (!vr->any || vr->status != status || vr->changed != changed ) { char *fname; char templ[50]; FILE *fp; - log_info ("updating slot %d status: 0x%04X->0x%04X (%u->%u)\n", - ss->slot, ss->status, status, ss->changed, changed); - ss->status = status; - ss->changed = changed; + log_info ("updating reader %d (%d) status: 0x%04X->0x%04X (%u->%u)\n", + idx, vr->slot, vr->status, status, vr->changed, changed); + vr->status = status; + vr->changed = changed; - /* FIXME: Should this be IDX instead of ss->slot? This + /* FIXME: Should this be IDX instead of vr->slot? This depends on how client sessions will associate the reader status with their session. */ - snprintf (templ, sizeof templ, "reader_%d.status", ss->slot); + snprintf (templ, sizeof templ, "reader_%d.status", vr->slot); fname = make_filename (opt.homedir, templ, NULL ); fp = fopen (fname, "w"); if (fp) @@ -2272,8 +2302,8 @@ update_reader_status_file (int set_card_removed_flag) envs[0] = envstr; envs[1] = NULL; - sprintf (numbuf1, "%d", ss->slot); - sprintf (numbuf2, "0x%04X", ss->status); + sprintf (numbuf1, "%d", vr->slot); + sprintf (numbuf2, "0x%04X", vr->status); sprintf (numbuf3, "0x%04X", status); args[0] = "--reader-port"; args[1] = numbuf1; @@ -2301,10 +2331,10 @@ update_reader_status_file (int set_card_removed_flag) /* Set the card removed flag for all current sessions. We will set this on any card change because a reset or SERIALNO request must be done in any case. */ - if (ss->any && set_card_removed_flag) + if (vr->any && set_card_removed_flag) update_card_removed (idx, 1); - ss->any = 1; + vr->any = 1; /* Send a signal to all clients who applied for it. */ send_client_notifications (); @@ -2320,8 +2350,9 @@ update_reader_status_file (int set_card_removed_flag) { /* FIXME: Use a real timeout. */ /* At least one connection and all allow a disconnect. */ - log_info ("disconnecting card in slot %d\n", ss->slot); - apdu_disconnect (ss->slot); + log_info ("disconnecting card in reader %d (%d)\n", + idx, vr->slot); + apdu_disconnect (vr->slot); } } diff --git a/scd/scdaemon.c b/scd/scdaemon.c index 0999847ef..b4eee396e 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -913,7 +913,7 @@ scd_exit (int rc) static void scd_init_default_ctrl (ctrl_t ctrl) { - ctrl->reader_slot = -1; + (void)ctrl; } static void diff --git a/scd/scdaemon.h b/scd/scdaemon.h index 0cf2f249d..4c0a66330 100644 --- a/scd/scdaemon.h +++ b/scd/scdaemon.h @@ -97,9 +97,6 @@ struct server_control_s /* Local data of the server; used only in command.c. */ struct server_local_s *server_local; - /* Slot of the open reader or -1 if not open. */ - int reader_slot; - /* The application context used with this connection or NULL if none associated. Note that this is shared with the other connections: All connections accessing the same reader are using the same -- cgit v1.2.3 From 00c760f628f4cf0fc11e79d305c172f98123f815 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 13 Dec 2011 17:59:00 +0100 Subject: scd: New option --debug-assuan-log-cats. * scd/scdaemon.c (oDebugAssuanLogCats): New. (opts): Add option --debug-assuan-log-cats. (main): Implement option. * common/asshelp.c (set_libassuan_log_cats): New. -- The old way of setting the logging categories with an environment variable is awkward if sdaemon is spawned from a running gpg-agent. --- scd/scdaemon.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'scd') diff --git a/scd/scdaemon.c b/scd/scdaemon.c index b4eee396e..c8905d4f0 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -72,6 +72,7 @@ enum cmd_and_opt_values oDebugAllowCoreDump, oDebugCCIDDriver, oDebugLogTid, + oDebugAssuanLogCats, oNoGreeting, oNoOptions, oHomedir, @@ -121,6 +122,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oDebugCCIDDriver, "debug-ccid-driver", "@"), ARGPARSE_s_n (oDebugDisableTicker, "debug-disable-ticker", "@"), ARGPARSE_s_n (oDebugLogTid, "debug-log-tid", "@"), + ARGPARSE_p_u (oDebugAssuanLogCats, "debug-assuan-log-cats", "@"), ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")), ARGPARSE_s_s (oLogFile, "log-file", N_("|FILE|write a log to FILE")), ARGPARSE_s_s (oReaderPort, "reader-port", @@ -553,6 +555,9 @@ main (int argc, char **argv ) case oDebugLogTid: log_set_pid_suffix_cb (tid_log_callback); break; + case oDebugAssuanLogCats: + set_libassuan_log_cats (pargs.r.ret_ulong); + break; case oOptions: /* config files may not be nested (silently ignore them) */ -- cgit v1.2.3 From 07ea8c56b507b06d4bd70e94fa51914659afac4b Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 14 Dec 2011 10:21:15 +0100 Subject: scd: Add debug option for reader function calls. * scd/scdaemon.h (DBG_READER_VALUE, DBG_READER): New. * scd/apdu.c (apdu_open_reader, apdu_close_reader) (apdu_shutdown_reader, apdu_connect, apdu_disconnect) (apdu_reset, apdu_get_atr, apdu_get_status): Add debug code. (apdu_activate): Remove this unused function. --- scd/apdu.c | 205 +++++++++++++++++++++++++++++++++++++++------------------ scd/apdu.h | 1 - scd/scdaemon.h | 4 +- 3 files changed, 143 insertions(+), 67 deletions(-) (limited to 'scd') diff --git a/scd/apdu.c b/scd/apdu.c index ae910825f..c37e8c4c3 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -2772,6 +2772,9 @@ apdu_open_reader (const char *portstr, int *r_no_service) static int pcsc_api_loaded, ct_api_loaded; int slot; + if (DBG_READER) + log_debug ("enter: apdu_open_reader: portstr=%s\n", portstr); + if (r_no_service) *r_no_service = 0; @@ -2786,6 +2789,8 @@ apdu_open_reader (const char *portstr, int *r_no_service) if (slot != -1) { once_available = 1; + if (DBG_READER) + log_debug ("leave: apdu_open_reader => slot=%d [ccid]\n", slot); return slot; /* got one */ } @@ -2796,14 +2801,22 @@ apdu_open_reader (const char *portstr, int *r_no_service) and over again. To reset this flag "gpgconf --kill scdaemon" can be used. */ if (once_available) - return -1; + { + if (DBG_READER) + log_debug ("leave: apdu_open_reader => slot=-1 (once_avail)\n"); + return -1; + } /* If a CCID reader specification has been given, the user does not want a fallback to other drivers. */ if (portstr) for (s=portstr, i=0; *s; s++) if (*s == ':' && (++i == 3)) - return -1; + { + if (DBG_READER) + log_debug ("leave: apdu_open_reader => slot=-1 (no ccid)\n"); + return -1; + } } #endif /* HAVE_LIBUSB */ @@ -2928,6 +2941,8 @@ apdu_open_reader (const char *portstr, int *r_no_service) if (slot == -1 && r_no_service && pcsc_no_service) *r_no_service = 1; + if (DBG_READER) + log_debug ("leave: apdu_open_reader => slot=%d [pc/sc]\n", slot); return slot; } @@ -2982,13 +2997,31 @@ apdu_close_reader (int slot) { int sw; + if (DBG_READER) + log_debug ("enter: apdu_close_reader: slot=%d\n", slot); + if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) - return SW_HOST_NO_DRIVER; + { + if (DBG_READER) + log_debug ("leave: apdu_close_reader => SW_HOST_NO_DRIVER\n"); + return SW_HOST_NO_DRIVER; + } sw = apdu_disconnect (slot); if (sw) - return sw; + { + if (DBG_READER) + log_debug ("leave: apdu_close_reader => 0x%x (apdu_disconnect)\n", sw); + return sw; + } if (reader_table[slot].close_reader) - return reader_table[slot].close_reader (slot); + { + sw = reader_table[slot].close_reader (slot); + if (DBG_READER) + log_debug ("leave: apdu_close_reader => 0x%x (close_reader)\n", sw); + return sw; + } + if (DBG_READER) + log_debug ("leave: apdu_close_reader => SW_HOST_NOT_SUPPORTED\n"); return SW_HOST_NOT_SUPPORTED; } @@ -3027,13 +3060,32 @@ apdu_shutdown_reader (int slot) { int sw; + if (DBG_READER) + log_debug ("enter: apdu_shutdown_reader: slot=%d\n", slot); + if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) - return SW_HOST_NO_DRIVER; + { + if (DBG_READER) + log_debug ("leave: apdu_shutdown_reader => SW_HOST_NO_DRIVER\n"); + return SW_HOST_NO_DRIVER; + } sw = apdu_disconnect (slot); if (sw) - return sw; + { + if (DBG_READER) + log_debug ("leave: apdu_shutdown_reader => 0x%x (apdu_disconnect)\n", + sw); + return sw; + } if (reader_table[slot].shutdown_reader) - return reader_table[slot].shutdown_reader (slot); + { + sw = reader_table[slot].shutdown_reader (slot); + if (DBG_READER) + log_debug ("leave: apdu_shutdown_reader => 0x%x (close_reader)\n", sw); + return sw; + } + if (DBG_READER) + log_debug ("leave: apdu_shutdown_reader => SW_HOST_NOT_SUPPORTED\n"); return SW_HOST_NOT_SUPPORTED; } @@ -3060,8 +3112,15 @@ apdu_connect (int slot) int sw; unsigned int status; + if (DBG_READER) + log_debug ("enter: apdu_connect: slot=%d\n", slot); + if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) - return SW_HOST_NO_DRIVER; + { + if (DBG_READER) + log_debug ("leave: apdu_connect => SW_HOST_NO_DRIVER\n"); + return SW_HOST_NO_DRIVER; + } /* Only if the access method provides a connect function we use it. If not, we expect that the card has been implicitly connected by @@ -3092,6 +3151,8 @@ apdu_connect (int slot) || !reader_table[slot].atrlen) sw = SW_HOST_CARD_INACTIVE; + if (DBG_READER) + log_debug ("leave: apdu_connect => sw=0x%x\n", sw); return sw; } @@ -3102,8 +3163,15 @@ apdu_disconnect (int slot) { int sw; + if (DBG_READER) + log_debug ("enter: apdu_disconnect: slot=%d\n", slot); + if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) - return SW_HOST_NO_DRIVER; + { + if (DBG_READER) + log_debug ("leave: apdu_disconnect => SW_HOST_NO_DRIVER\n"); + return SW_HOST_NO_DRIVER; + } if (reader_table[slot].disconnect_card) { @@ -3116,6 +3184,9 @@ apdu_disconnect (int slot) } else sw = 0; + + if (DBG_READER) + log_debug ("leave: apdu_disconnect => sw=0x%x\n", sw); return sw; } @@ -3151,11 +3222,22 @@ apdu_reset (int slot) { int sw; + if (DBG_READER) + log_debug ("enter: apdu_reset: slot=%d\n", slot); + if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) - return SW_HOST_NO_DRIVER; + { + if (DBG_READER) + log_debug ("leave: apdu_reset => SW_HOST_NO_DRIVER\n"); + return SW_HOST_NO_DRIVER; + } if ((sw = lock_slot (slot))) - return sw; + { + if (DBG_READER) + log_debug ("leave: apdu_reset => sw=0x%x (lock_slot)\n", sw); + return sw; + } reader_table[slot].last_status = 0; if (reader_table[slot].reset_reader) @@ -3171,73 +3253,47 @@ apdu_reset (int slot) } unlock_slot (slot); + if (DBG_READER) + log_debug ("leave: apdu_reset => sw=0x%x\n", sw); return sw; } -/* Activate a card if it has not yet been done. This is a kind of - reset-if-required. It is useful to test for presence of a card - before issuing a bunch of apdu commands. It does not wait on a - locked card. */ -int -apdu_activate (int slot) -{ - int sw; - unsigned int s; - - if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) - return SW_HOST_NO_DRIVER; - - if ((sw = trylock_slot (slot))) - return sw; - - if (reader_table[slot].get_status_reader) - sw = reader_table[slot].get_status_reader (slot, &s); - - if (!sw) - { - if (!(s & 2)) /* Card not present. */ - sw = SW_HOST_NO_CARD; - else if ( ((s & 2) && !(s & 4)) - || !reader_table[slot].atrlen ) - { - /* We don't have an ATR or a card is present though inactive: - do a reset now. */ - if (reader_table[slot].reset_reader) - { - reader_table[slot].last_status = 0; - sw = reader_table[slot].reset_reader (slot); - if (!sw) - { - /* If we got to here we know that a card is present - and usable. Thus remember this. */ - reader_table[slot].last_status = (APDU_CARD_USABLE - | APDU_CARD_PRESENT - | APDU_CARD_ACTIVE); - } - } - } - } - - unlock_slot (slot); - return sw; -} - - +/* Return the ATR or NULL if none is available. On success the length + of the ATR is stored at ATRLEN. The caller must free the returned + value. */ unsigned char * apdu_get_atr (int slot, size_t *atrlen) { unsigned char *buf; + if (DBG_READER) + log_debug ("enter: apdu_get_atr: slot=%d\n", slot); + if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) - return NULL; + { + if (DBG_READER) + log_debug ("leave: apdu_get_atr => NULL (bad slot)\n"); + return NULL; + } if (!reader_table[slot].atrlen) - return NULL; + { + if (DBG_READER) + log_debug ("leave: apdu_get_atr => NULL (no ATR)\n"); + return NULL; + } + buf = xtrymalloc (reader_table[slot].atrlen); if (!buf) - return NULL; + { + if (DBG_READER) + log_debug ("leave: apdu_get_atr => NULL (out of core)\n"); + return NULL; + } memcpy (buf, reader_table[slot].atr, reader_table[slot].atrlen); *atrlen = reader_table[slot].atrlen; + if (DBG_READER) + log_debug ("leave: apdu_get_atr => atrlen=%zu\n", *atrlen); return buf; } @@ -3308,7 +3364,26 @@ int apdu_get_status (int slot, int hang, unsigned int *status, unsigned int *changed) { - return apdu_get_status_internal (slot, hang, 0, status, changed); + int sw; + + if (DBG_READER) + log_debug ("enter: apdu_get_status: slot=%d hang=%d\n", slot, hang); + sw = apdu_get_status_internal (slot, hang, 0, status, changed); + if (DBG_READER) + { + if (status && changed) + log_debug ("leave: apdu_get_status => sw=0x%x status=%u changecnt=%u\n", + sw, *status, *changed); + else if (status) + log_debug ("leave: apdu_get_status => sw=0x%x status=%u\n", + sw, *status); + else if (changed) + log_debug ("leave: apdu_get_status => sw=0x%x changed=%u\n", + sw, *changed); + else + log_debug ("leave: apdu_get_status => sw=0x%x\n", sw); + } + return sw; } diff --git a/scd/apdu.h b/scd/apdu.h index ac1eeeb3b..f70425620 100644 --- a/scd/apdu.h +++ b/scd/apdu.h @@ -108,7 +108,6 @@ int apdu_disconnect (int slot); int apdu_set_progress_cb (int slot, gcry_handler_progress_t cb, void *cb_arg); -int apdu_activate (int slot); int apdu_reset (int slot); int apdu_get_status (int slot, int hang, unsigned int *status, unsigned int *changed); diff --git a/scd/scdaemon.h b/scd/scdaemon.h index 4c0a66330..74e8b7d44 100644 --- a/scd/scdaemon.h +++ b/scd/scdaemon.h @@ -72,8 +72,9 @@ struct #define DBG_CACHE_VALUE 64 /* debug the caching */ #define DBG_MEMSTAT_VALUE 128 /* show memory statistics */ #define DBG_HASHING_VALUE 512 /* debug hashing operations */ -#define DBG_ASSUAN_VALUE 1024 +#define DBG_ASSUAN_VALUE 1024 #define DBG_CARD_IO_VALUE 2048 +#define DBG_READER_VALUE 4096 /* Trace reader related functions. */ #define DBG_COMMAND (opt.debug & DBG_COMMAND_VALUE) #define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE) @@ -82,6 +83,7 @@ struct #define DBG_HASHING (opt.debug & DBG_HASHING_VALUE) #define DBG_ASSUAN (opt.debug & DBG_ASSUAN_VALUE) #define DBG_CARD_IO (opt.debug & DBG_CARD_IO_VALUE) +#define DBG_READER (opt.debug & DBG_READER_VALUE) struct server_local_s; struct app_ctx_s; -- cgit v1.2.3 From 2d91febbd8d30beb7eb33f7aa80ffd5691d1d3cc Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 14 Dec 2011 10:30:01 +0100 Subject: scd: Fix resetting and closing of the reader. * scd/command.c (update_card_removed): Do no act on an invalid VRDR. (do_reset): Ignore apdu_reset error codes for no and inactive card. Close the reader before setting the slot to -1. (update_reader_status_file): Notify the application before closing the reader. -- With this change the scd now works as it did in the past. In particular there is no more endless loop trying to open the reader by the update_reader_status_file ticker function. That bug basically blocked all card operations until the scdaemon was killed. --- scd/command.c | 57 +++++++++++++++++++++++++++++++++------------------------ 1 file changed, 33 insertions(+), 24 deletions(-) (limited to 'scd') diff --git a/scd/command.c b/scd/command.c index 2ade38afb..0f5744829 100644 --- a/scd/command.c +++ b/scd/command.c @@ -180,6 +180,19 @@ initialize_module_command (void) } +/* Helper to return the slot number for a given virtual reader index + VRDR. In case on an error -1 is returned. */ +static int +vreader_slot (int vrdr) +{ + if (vrdr == -1 || !(vrdr >= 0 && vrdr < DIM(vreader_table))) + return -1; + if (!vreader_table [vrdr].valid) + return -1; + return vreader_table[vrdr].slot; +} + + /* Update the CARD_REMOVED element of all sessions using the virtual reader given by VRDR to VALUE. */ static void @@ -187,6 +200,9 @@ update_card_removed (int vrdr, int value) { struct server_local_s *sl; + if (vrdr == -1) + return; + for (sl=session_list; sl; sl = sl->next_session) if (sl->ctrl_backlink && sl->ctrl_backlink->server_local->vreader_idx == vrdr) @@ -195,20 +211,7 @@ update_card_removed (int vrdr, int value) } /* Let the card application layer know about the removal. */ if (value) - application_notify_card_reset (vrdr); -} - - -/* Helper to return the slot number for a given virtual reader index - VRDR. In case on an error -1 is returned. */ -static int -vreader_slot (int vrdr) -{ - if (vrdr == -1 || !(vrdr >= 0 && vrdr < DIM(vreader_table))) - return -1; - if (!vreader_table [vrdr].valid) - return -1; - return vreader_table[vrdr].slot; + application_notify_card_reset (vreader_slot (vrdr)); } @@ -298,6 +301,7 @@ static void do_reset (ctrl_t ctrl, int send_reset) { int vrdr = ctrl->server_local->vreader_idx; + int slot; if (!(vrdr == -1 || (vrdr >= 0 && vrdr < DIM(vreader_table)))) BUG (); @@ -324,13 +328,22 @@ do_reset (ctrl_t ctrl, int send_reset) /* If we want a real reset for the card, send the reset APDU and tell the application layer about it. */ - if (vrdr != -1 && send_reset && !IS_LOCKED (ctrl) ) + slot = vreader_slot (vrdr); + if (slot != -1 && send_reset && !IS_LOCKED (ctrl) ) { - if (apdu_reset (vreader_table[vrdr].slot)) + application_notify_card_reset (slot); + switch (apdu_reset (slot)) { - vreader_table[vrdr].valid = 0; + case 0: + break; + case SW_HOST_NO_CARD: + case SW_HOST_CARD_INACTIVE: + break; + default: + apdu_close_reader (slot); + vreader_table[vrdr].slot = slot = -1; + break; } - application_notify_card_reset (vrdr); } /* If we hold a lock, unlock now. */ @@ -1696,11 +1709,7 @@ cmd_getinfo (assuan_context_t ctx, char *line) BUG (); vr = &vreader_table[vrdr]; - - if (!vr->valid) - BUG (); - - if (vr->any && (vr->status & 1)) + if (vr->valid && vr->any && (vr->status & 1)) flag = 'u'; } rc = assuan_send_data (ctx, &flag, 1); @@ -2248,9 +2257,9 @@ update_reader_status_file (int set_card_removed_flag) if (sw_apdu == SW_HOST_NO_READER) { /* Most likely the _reader_ has been unplugged. */ + application_notify_card_reset (vr->slot); apdu_close_reader (vr->slot); vr->slot = -1; - vr->valid = 0; status = 0; changed = vr->changed; } -- cgit v1.2.3 From dcd64131c60efd0189aa05d5dbce6b93547b04e3 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 14 Dec 2011 17:00:50 +0100 Subject: scd: Add the "undefined" stub application. * scd/app.c (select_application): Implement the "undefined" application. --- scd/app.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'scd') diff --git a/scd/app.c b/scd/app.c index 6f0d7560b..63ef4fa65 100644 --- a/scd/app.c +++ b/scd/app.c @@ -387,6 +387,14 @@ select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app) if (err && is_app_allowed ("geldkarte") && (!name || !strcmp (name, "geldkarte"))) err = app_select_geldkarte (app); + if (err && is_app_allowed ("undefined") + && (name && !strcmp (name, "undefined"))) + { + /* We switch to the "undefined" application only if explicitly + requested. */ + app->apptype = "UNDEFINED"; + err = 0; + } if (err && name) err = gpg_error (GPG_ERR_NOT_SUPPORTED); @@ -422,6 +430,8 @@ get_supported_applications (void) "p15", "dinsig", "geldkarte", + /* Note: "undefined" is not listed here because it needs special + treatment by the client. */ NULL }; int idx; -- cgit v1.2.3 From 0bac31ee9f74a25d76b08c3e0355a338908f083a Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 14 Dec 2011 18:48:47 +0100 Subject: scd: Add more status word values for documentation. --- scd/apdu.c | 7 +++++-- scd/apdu.h | 3 +++ 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'scd') diff --git a/scd/apdu.c b/scd/apdu.c index c37e8c4c3..5a518465c 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -463,8 +463,11 @@ apdu_strerror (int rc) case SW_FILE_NOT_FOUND : return "file not found"; case SW_RECORD_NOT_FOUND:return "record not found"; case SW_REF_NOT_FOUND : return "reference not found"; - case SW_BAD_LC : return "bad Lc"; - case SW_BAD_P0_P1 : return "bad P0 or P1"; + case SW_NOT_ENOUGH_MEMORY: return "not enough memory space in the file"; + case SW_INCONSISTENT_LC: return "Lc inconsistent with TLV structure."; + case SW_INCORRECT_P0_P1: return "incorrect parameters P0,P1"; + case SW_BAD_LC : return "Lc inconsistent with P0,P1"; + case SW_BAD_P0_P1 : return "bad P0,P1"; case SW_INS_NOT_SUP : return "instruction not supported"; case SW_CLA_NOT_SUP : return "class not supported"; case SW_SUCCESS : return "success"; diff --git a/scd/apdu.h b/scd/apdu.h index f70425620..75025469e 100644 --- a/scd/apdu.h +++ b/scd/apdu.h @@ -41,6 +41,9 @@ enum { SW_NOT_SUPPORTED = 0x6a81, SW_FILE_NOT_FOUND = 0x6a82, SW_RECORD_NOT_FOUND = 0x6a83, + SW_NOT_ENOUGH_MEMORY= 0x6a84, /* Not enough memory space in the file. */ + SW_INCONSISTENT_LC = 0x6a85, /* Lc inconsistent with TLV structure. */ + SW_INCORRECT_P0_P1 = 0x6a86, SW_BAD_LC = 0x6a87, /* Lc does not match command or p1/p2. */ SW_REF_NOT_FOUND = 0x6a88, SW_BAD_P0_P1 = 0x6b00, -- cgit v1.2.3 From 792e137ec7997a0ff5c54ff970611238d28d4ba8 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 14 Dec 2011 18:56:10 +0100 Subject: scd: Skip S/N reading for the "undefined" application. * scd/app.c (select_application): Skip serial number reading. --- scd/app.c | 97 ++++++++++++++++++++++++++++++++++----------------------------- 1 file changed, 52 insertions(+), 45 deletions(-) (limited to 'scd') diff --git a/scd/app.c b/scd/app.c index 63ef4fa65..31e56fb3f 100644 --- a/scd/app.c +++ b/scd/app.c @@ -242,11 +242,14 @@ select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app) app_t app = NULL; unsigned char *result = NULL; size_t resultlen; + int want_undefined; (void)ctrl; *r_app = NULL; + want_undefined = (name && !strcmp (name, "undefined")); + err = lock_reader (slot, ctrl); if (err) return err; @@ -326,45 +329,49 @@ select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app) /* Fixme: We should now first check whether a card is at all present. */ - /* Try to read the GDO file first to get a default serial number. */ - err = iso7816_select_file (slot, 0x3F00, 1, NULL, NULL); - if (!err) - err = iso7816_select_file (slot, 0x2F02, 0, NULL, NULL); - if (!err) - err = iso7816_read_binary (slot, 0, 0, &result, &resultlen); - if (!err) + /* Try to read the GDO file first to get a default serial number. + We skip this if the undefined application has been requested. */ + if (!want_undefined) { - size_t n; - const unsigned char *p; - - p = find_tlv_unchecked (result, resultlen, 0x5A, &n); - if (p) - resultlen -= (p-result); - if (p && n > resultlen && n == 0x0d && resultlen+1 == n) - { - /* The object it does not fit into the buffer. This is an - invalid encoding (or the buffer is too short. However, I - have some test cards with such an invalid encoding and - therefore I use this ugly workaround to return something - I can further experiment with. */ - log_info ("enabling BMI testcard workaround\n"); - n--; - } - - if (p && n <= resultlen) + err = iso7816_select_file (slot, 0x3F00, 1, NULL, NULL); + if (!err) + err = iso7816_select_file (slot, 0x2F02, 0, NULL, NULL); + if (!err) + err = iso7816_read_binary (slot, 0, 0, &result, &resultlen); + if (!err) { - /* The GDO file is pretty short, thus we simply reuse it for - storing the serial number. */ - memmove (result, p, n); - app->serialno = result; - app->serialnolen = n; - err = app_munge_serialno (app); - if (err) - goto leave; + size_t n; + const unsigned char *p; + + p = find_tlv_unchecked (result, resultlen, 0x5A, &n); + if (p) + resultlen -= (p-result); + if (p && n > resultlen && n == 0x0d && resultlen+1 == n) + { + /* The object it does not fit into the buffer. This is an + invalid encoding (or the buffer is too short. However, I + have some test cards with such an invalid encoding and + therefore I use this ugly workaround to return something + I can further experiment with. */ + log_info ("enabling BMI testcard workaround\n"); + n--; + } + + if (p && n <= resultlen) + { + /* The GDO file is pretty short, thus we simply reuse it for + storing the serial number. */ + memmove (result, p, n); + app->serialno = result; + app->serialnolen = n; + err = app_munge_serialno (app); + if (err) + goto leave; + } + else + xfree (result); + result = NULL; } - else - xfree (result); - result = NULL; } /* For certain error codes, there is no need to try more. */ @@ -373,7 +380,15 @@ select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app) goto leave; /* Figure out the application to use. */ - err = gpg_error (GPG_ERR_NOT_FOUND); + if (want_undefined) + { + /* We switch to the "undefined" application only if explicitly + requested. */ + app->apptype = "UNDEFINED"; + err = 0; + } + else + err = gpg_error (GPG_ERR_NOT_FOUND); if (err && is_app_allowed ("openpgp") && (!name || !strcmp (name, "openpgp"))) @@ -387,14 +402,6 @@ select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app) if (err && is_app_allowed ("geldkarte") && (!name || !strcmp (name, "geldkarte"))) err = app_select_geldkarte (app); - if (err && is_app_allowed ("undefined") - && (name && !strcmp (name, "undefined"))) - { - /* We switch to the "undefined" application only if explicitly - requested. */ - app->apptype = "UNDEFINED"; - err = 0; - } if (err && name) err = gpg_error (GPG_ERR_NOT_SUPPORTED); -- cgit v1.2.3 From b22d62bd1481dfe13d60a6d16b09b9297944f063 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 15 Dec 2011 14:47:04 +0100 Subject: scd: Add option --dump-atr to command APDU. * scd/atr.c: Rewrite. * scd/Makefile.am (scdaemon_SOURCES): Add atr.c and atr.h. * scd/command.c (cmd_apdu): Add option --dump-atr. --- scd/Makefile.am | 1 + scd/atr.c | 252 ++++++++++++++++---------------------------------------- scd/atr.h | 2 +- scd/command.c | 36 +++++++- 4 files changed, 107 insertions(+), 184 deletions(-) (limited to 'scd') diff --git a/scd/Makefile.am b/scd/Makefile.am index bdd457acd..b42e53dff 100644 --- a/scd/Makefile.am +++ b/scd/Makefile.am @@ -37,6 +37,7 @@ card_apps = app-openpgp.c app-nks.c app-dinsig.c app-p15.c app-geldkarte.c scdaemon_SOURCES = \ scdaemon.c scdaemon.h \ command.c \ + atr.c atr.h \ apdu.c apdu.h \ ccid-driver.c ccid-driver.h \ iso7816.c iso7816.h \ diff --git a/scd/atr.c b/scd/atr.c index 16f26fb7d..b8668a41d 100644 --- a/scd/atr.c +++ b/scd/atr.c @@ -1,5 +1,5 @@ /* atr.c - ISO 7816 ATR fucntions - * Copyright (C) 2003 Free Software Foundation, Inc. + * Copyright (C) 2003, 2011 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -24,10 +24,9 @@ #include #include -#include "scdaemon.h" -#include "apdu.h" +#include "../common/estream.h" +#include "../common/logging.h" #include "atr.h" -#include "dynload.h" static int const fi_table[16] = { 0, 372, 558, 744, 1116,1488, 1860, -1, -1, 512, 768, 1024, 1536, 2048, -1, -1 }; @@ -35,37 +34,42 @@ static int const di_table[16] = { -1, 1, 2, 4, 8, 16, -1, -1, 0, -1, -2, -4, -8, -16, -32, -64}; -/* Dump the ATR of the card at SLOT in a human readable format to - stream FP. */ -int -atr_dump (int slot, FILE *fp) +/* Dump the ATR in (BUFFER,BUFLEN) to a human readable format and + return that as a malloced buffer. The caller must release this + buffer using es_free! On error this function returns NULL and sets + ERRNO. */ +char * +atr_dump (const void *buffer, size_t buflen) { - unsigned char *atrbuffer, *atr; - size_t atrlen; + const unsigned char *atr = buffer; + size_t atrlen = buflen; + estream_t fp; int have_ta, have_tb, have_tc, have_td; int n_historical; int idx, val; unsigned char chksum; + char *result; - atr = atrbuffer = apdu_get_atr (slot, &atrlen); - if (!atr) - return gpg_error (GPG_ERR_GENERAL); + fp = es_fopenmem (0, "rwb"); + if (!fp) + return NULL; - fprintf (fp, "Info on ATR of length %u at slot %d\n", - (unsigned int)atrlen, slot); if (!atrlen) { - fprintf (fp, "error: empty ATR\n"); + es_fprintf (fp, "error: empty ATR\n"); goto bailout; } + for (idx=0; idx < atrlen ; idx++) + es_fprintf (fp, "%s%02X", idx?" ":"", atr[idx]); + es_putc ('\n', fp); if (*atr == 0x3b) - fputs ("direct convention\n", fp); + es_fputs ("Direct convention\n", fp); else if (*atr == 0x3f) - fputs ("inverse convention\n", fp); + es_fputs ("Inverse convention\n", fp); else - fprintf (fp,"error: invalid TS character 0x%02x\n", *atr); + es_fprintf (fp,"error: invalid TS character 0x%02x\n", *atr); if (!--atrlen) goto bailout; atr++; @@ -79,34 +83,34 @@ atr_dump (int slot, FILE *fp) have_tc = !!(*atr & 0x40); have_td = !!(*atr & 0x80); n_historical = (*atr & 0x0f); - fprintf (fp, "%d historical characters indicated\n", n_historical); + es_fprintf (fp, "%d historical characters indicated\n", n_historical); if (have_ta + have_tb + have_tc + have_td + n_historical > atrlen) - fputs ("error: ATR shorter than indicated by format character\n", fp); + es_fputs ("error: ATR shorter than indicated by format character\n", fp); if (!--atrlen) goto bailout; atr++; if (have_ta) { - fputs ("TA1: F=", fp); + es_fputs ("TA1: F=", fp); val = fi_table[(*atr >> 4) & 0x0f]; if (!val) - fputs ("internal clock", fp); + es_fputs ("internal clock", fp); else if (val == -1) - fputs ("RFU", fp); + es_fputs ("RFU", fp); else - fprintf (fp, "%d", val); - fputs (" D=", fp); + es_fprintf (fp, "%d", val); + es_fputs (" D=", fp); val = di_table[*atr & 0x0f]; if (!val) - fputs ("[impossible value]\n", fp); + es_fputs ("[impossible value]\n", fp); else if (val == -1) - fputs ("RFU\n", fp); + es_fputs ("RFU\n", fp); else if (val < 0 ) - fprintf (fp, "1/%d\n", val); + es_fprintf (fp, "1/%d\n", val); else - fprintf (fp, "%d\n", val); + es_fprintf (fp, "%d\n", val); if (!--atrlen) goto bailout; @@ -115,8 +119,9 @@ atr_dump (int slot, FILE *fp) if (have_tb) { - fprintf (fp, "TB1: II=%d PI1=%d%s\n", (*atr >> 5) & 3, *atr & 0x1f, - (*atr & 0x80)? " [high bit not cleared]":""); + es_fprintf (fp, "TB1: II=%d PI1=%d%s\n", + ((*atr >> 5) & 3), (*atr & 0x1f), + (*atr & 0x80)? " [high bit not cleared]":""); if (!--atrlen) goto bailout; atr++; @@ -125,9 +130,9 @@ atr_dump (int slot, FILE *fp) if (have_tc) { if (*atr == 255) - fputs ("TC1: guard time shortened to 1 etu\n", fp); + es_fputs ("TC1: guard time shortened to 1 etu\n", fp); else - fprintf (fp, "TC1: (extra guard time) N=%d\n", *atr); + es_fprintf (fp, "TC1: (extra guard time) N=%d\n", *atr); if (!--atrlen) goto bailout; @@ -140,10 +145,11 @@ atr_dump (int slot, FILE *fp) have_tb = !!(*atr & 0x20); have_tc = !!(*atr & 0x40); have_td = !!(*atr & 0x80); - fprintf (fp, "TD1: protocol T%d supported\n", *atr & 0x0f); + es_fprintf (fp, "TD1: protocol T%d supported\n", (*atr & 0x0f)); if (have_ta + have_tb + have_tc + have_td + n_historical > atrlen) - fputs ("error: ATR shorter than indicated by format character\n", fp); + es_fputs ("error: ATR shorter than indicated by format character\n", + fp); if (!--atrlen) goto bailout; @@ -154,12 +160,12 @@ atr_dump (int slot, FILE *fp) if (have_ta) { - fprintf (fp, "TA2: (PTS) %stoggle, %splicit, T=%02X\n", - (*atr & 0x80)? "no-":"", - (*atr & 0x10)? "im": "ex", - (*atr & 0x0f)); + es_fprintf (fp, "TA2: (PTS) %stoggle, %splicit, T=%02X\n", + (*atr & 0x80)? "no-":"", + (*atr & 0x10)? "im": "ex", + (*atr & 0x0f)); if ((*atr & 0x60)) - fprintf (fp, "note: reserved bits are set (TA2=0x%02X)\n", *atr); + es_fprintf (fp, "note: reserved bits are set (TA2=0x%02X)\n", *atr); if (!--atrlen) goto bailout; atr++; @@ -167,7 +173,7 @@ atr_dump (int slot, FILE *fp) if (have_tb) { - fprintf (fp, "TB2: PI2=%d\n", *atr); + es_fprintf (fp, "TB2: PI2=%d\n", *atr); if (!--atrlen) goto bailout; atr++; @@ -175,7 +181,7 @@ atr_dump (int slot, FILE *fp) if (have_tc) { - fprintf (fp, "TC2: PWI=%d\n", *atr); + es_fprintf (fp, "TC2: PWI=%d\n", *atr); if (!--atrlen) goto bailout; atr++; @@ -187,10 +193,11 @@ atr_dump (int slot, FILE *fp) have_tb = !!(*atr & 0x20); have_tc = !!(*atr & 0x40); have_td = !!(*atr & 0x80); - fprintf (fp, "TD2: protocol T%d supported\n", *atr & 0x0f); + es_fprintf (fp, "TD2: protocol T%d supported\n", *atr & 0x0f); if (have_ta + have_tb + have_tc + have_td + n_historical > atrlen) - fputs ("error: ATR shorter than indicated by format character\n", fp); + es_fputs ("error: ATR shorter than indicated by format character\n", + fp); if (!--atrlen) goto bailout; @@ -203,7 +210,7 @@ atr_dump (int slot, FILE *fp) { if (have_ta) { - fprintf (fp, "TA%d: IFSC=%d\n", idx, *atr); + es_fprintf (fp, "TA%d: IFSC=%d\n", idx, *atr); if (!--atrlen) goto bailout; atr++; @@ -211,7 +218,7 @@ atr_dump (int slot, FILE *fp) if (have_tb) { - fprintf (fp, "TB%d: BWI=%d CWI=%d\n", + es_fprintf (fp, "TB%d: BWI=%d CWI=%d\n", idx, (*atr >> 4) & 0x0f, *atr & 0x0f); if (!--atrlen) goto bailout; @@ -220,7 +227,7 @@ atr_dump (int slot, FILE *fp) if (have_tc) { - fprintf (fp, "TC%d: 0x%02X\n", idx, *atr); + es_fprintf (fp, "TC%d: 0x%02X\n", idx, *atr); if (!--atrlen) goto bailout; atr++; @@ -232,11 +239,12 @@ atr_dump (int slot, FILE *fp) have_tb = !!(*atr & 0x20); have_tc = !!(*atr & 0x40); have_td = !!(*atr & 0x80); - fprintf (fp, "TD%d: protocol T%d supported\n", idx, *atr & 0x0f); + es_fprintf (fp, "TD%d: protocol T%d supported\n", idx, *atr & 0x0f); if (have_ta + have_tb + have_tc + have_td + n_historical > atrlen) - fputs ("error: ATR shorter than indicated by format character\n", - fp); + es_fputs ("error: " + "ATR shorter than indicated by format character\n", + fp); if (!--atrlen) goto bailout; @@ -247,150 +255,36 @@ atr_dump (int slot, FILE *fp) } if (n_historical + 1 > atrlen) - fputs ("error: ATR shorter than required for historical bytes " - "and checksum\n", fp); + es_fputs ("error: ATR shorter than required for historical bytes " + "and checksum\n", fp); if (n_historical) { - fputs ("Historical:", fp); + es_fputs ("HCH:", fp); for (; n_historical && atrlen ; n_historical--, atrlen--, atr++) - fprintf (fp, " %02X", *atr); - putchar ('\n'); + es_fprintf (fp, " %02X", *atr); + es_putc ('\n', fp); } if (!atrlen) - fputs ("error: checksum missing\n", fp); + es_fputs ("error: checksum missing\n", fp); else if (*atr == chksum) - fprintf (fp, "TCK: %02X (good)\n", *atr); + es_fprintf (fp, "TCK: %02X (good)\n", *atr); else - fprintf (fp, "TCK: %02X (bad; calculated %02X)\n", *atr, chksum); + es_fprintf (fp, "TCK: %02X (bad; computed %02X)\n", *atr, chksum); atrlen--; if (atrlen) - fprintf (fp, "error: %u bytes garbage at end of ATR\n", - (unsigned int)atrlen ); + es_fprintf (fp, "error: %u bytes garbage at end of ATR\n", + (unsigned int)atrlen ); bailout: - xfree (atrbuffer); - - return 0; -} - - -/* Note: This code has not yet been tested! It shall return -1 on - error or the number of historical bytes and store them at - HISTORICAL. */ -int -atr_get_historical (int slot, unsigned char historical[]) -{ - int result = -1; - unsigned char *atrbuffer = NULL; - unsigned char *atr; - size_t atrlen; - int have_ta, have_tb, have_tc, have_td; - int n_historical; - int idx; - unsigned char chksum; - - atr = atrbuffer = apdu_get_atr (slot, &atrlen); - if (!atr || atrlen < 2) - goto leave; - atrlen--; - atr++; - - chksum = *atr; - for (idx=1; idx < atrlen-1; idx++) - chksum ^= atr[idx]; - - have_ta = !!(*atr & 0x10); - have_tb = !!(*atr & 0x20); - have_tc = !!(*atr & 0x40); - have_td = !!(*atr & 0x80); - n_historical = (*atr & 0x0f); - - if (have_ta + have_tb + have_tc + have_td + n_historical >= atrlen) - goto leave; /* ATR shorter than indicated by format character. */ - atrlen--; - atr++; - - if (have_ta + have_tb + have_tc >= atrlen) - goto leave; - atrlen -= have_ta + have_tb + have_tc; - atr += have_ta + have_tb + have_tc; - - if (have_td) - { - have_ta = !!(*atr & 0x10); - have_tb = !!(*atr & 0x20); - have_tc = !!(*atr & 0x40); - have_td = !!(*atr & 0x80); - if (have_ta + have_tb + have_tc + have_td + n_historical >= atrlen) - goto leave; /* ATR shorter than indicated by format character. */ - atrlen--; - atr++; - } - else - have_ta = have_tb = have_tc = have_td = 0; - - if (have_ta + have_tb + have_tc >= atrlen) - goto leave; - atrlen -= have_ta + have_tb + have_tc; - atr += have_ta + have_tb + have_tc; - - if (have_td) + es_putc ('\0', fp); /* We want a string. */ + if (es_fclose_snatch (fp, (void**)&result, NULL)) { - have_ta = !!(*atr & 0x10); - have_tb = !!(*atr & 0x20); - have_tc = !!(*atr & 0x40); - have_td = !!(*atr & 0x80); - if (have_ta + have_tb + have_tc + have_td + n_historical >= atrlen) - goto leave; /* ATR shorter than indicated by format character. */ - atrlen--; - atr++; + log_error ("oops: es_fclose_snatch failed: %s\n", strerror (errno)); + return NULL; } - else - have_ta = have_tb = have_tc = have_td = 0; - - for (idx = 3; have_ta || have_tb || have_tc || have_td; idx++) - { - if (have_ta + have_tb + have_tc >= atrlen) - goto leave; - atrlen -= have_ta + have_tb + have_tc; - atr += have_ta + have_tb + have_tc; - - if (have_td) - { - have_ta = !!(*atr & 0x10); - have_tb = !!(*atr & 0x20); - have_tc = !!(*atr & 0x40); - have_td = !!(*atr & 0x80); - if (have_ta + have_tb + have_tc + have_td + n_historical >= atrlen) - goto leave; /* ATR shorter than indicated by format character. */ - atrlen--; - atr++; - } - else - have_ta = have_tb = have_tc = have_td = 0; - } - - if (n_historical >= atrlen) - goto leave; /* ATR shorter than required for historical bytes. */ - - if (n_historical) - { - for (idx=0; n_historical && atrlen; n_historical--, atrlen--, atr++) - historical[idx] = *atr; - } - - if (!atrlen || *atr != chksum) - goto leave; - - /* Don't care about garbage at the end of the ATR. */ - - result = n_historical; - - leave: - xfree (atrbuffer); return result; } diff --git a/scd/atr.h b/scd/atr.h index 5f07522d1..b06a83a60 100644 --- a/scd/atr.h +++ b/scd/atr.h @@ -20,7 +20,7 @@ #ifndef ATR_H #define ATR_H -int atr_dump (int slot, FILE *fp); +char *atr_dump (const void *buffer, size_t buflen); diff --git a/scd/command.c b/scd/command.c index 0f5744829..afd5ef231 100644 --- a/scd/command.c +++ b/scd/command.c @@ -35,11 +35,13 @@ #include #include "app-common.h" #include "apdu.h" /* Required for apdu_*_reader (). */ +#include "atr.h" #include "exechelp.h" #ifdef HAVE_LIBUSB #include "ccid-driver.h" #endif + /* Maximum length allowed as a PIN; used for INQUIRE NEEDPIN */ #define MAXLEN_PIN 100 @@ -1795,7 +1797,7 @@ cmd_disconnect (assuan_context_t ctx, char *line) static const char hlp_apdu[] = - "APDU [--atr] [--more] [--exlen[=N]] [hexstring]\n" + "APDU [--[dump-]atr] [--more] [--exlen[=N]] [hexstring]\n" "\n" "Send an APDU to the current reader. This command bypasses the high\n" "level functions and sends the data directly to the card. HEXSTRING\n" @@ -1826,7 +1828,10 @@ cmd_apdu (assuan_context_t ctx, char *line) size_t exlen; int slot; - with_atr = has_option (line, "--atr"); + if (has_option (line, "--dump-atr")) + with_atr = 2; + else + with_atr = has_option (line, "--atr"); handle_more = has_option (line, "--more"); if ((s=has_option_name (line, "--exlen"))) @@ -1861,9 +1866,32 @@ cmd_apdu (assuan_context_t ctx, char *line) rc = gpg_error (GPG_ERR_INV_CARD); goto leave; } - bin2hex (atr, atrlen, hexbuf); + if (with_atr == 2) + { + char *string, *p, *pend; + + string = atr_dump (atr, atrlen); + if (string) + { + for (rc=0, p=string; !rc && (pend = strchr (p, '\n')); p = pend+1) + { + rc = assuan_send_data (ctx, p, pend - p + 1); + if (!rc) + rc = assuan_send_data (ctx, NULL, 0); + } + if (!rc && *p) + rc = assuan_send_data (ctx, p, strlen (p)); + es_free (string); + if (rc) + goto leave; + } + } + else + { + bin2hex (atr, atrlen, hexbuf); + send_status_info (ctrl, "CARD-ATR", hexbuf, strlen (hexbuf), NULL, 0); + } xfree (atr); - send_status_info (ctrl, "CARD-ATR", hexbuf, strlen (hexbuf), NULL, 0); } apdu = hex_to_buffer (line, &apdulen); -- cgit v1.2.3 From 27089564b6453deaf7b4ffe7cc5f5f290b6d892b Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 15 Dec 2011 21:45:35 +0100 Subject: scd: Prefer application Geldkarte over DINSIG. * scd/app.c (select_application): Reorder application tests. -- Although the DINSIG application is available on most German cards, it is in reality not used. Thus showing the Geldkarte application is more desirable for a good user experience. --- scd/app.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'scd') diff --git a/scd/app.c b/scd/app.c index 31e56fb3f..76dc8b4de 100644 --- a/scd/app.c +++ b/scd/app.c @@ -397,11 +397,11 @@ select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app) err = app_select_nks (app); if (err && is_app_allowed ("p15") && (!name || !strcmp (name, "p15"))) err = app_select_p15 (app); - if (err && is_app_allowed ("dinsig") && (!name || !strcmp (name, "dinsig"))) - err = app_select_dinsig (app); if (err && is_app_allowed ("geldkarte") && (!name || !strcmp (name, "geldkarte"))) err = app_select_geldkarte (app); + if (err && is_app_allowed ("dinsig") && (!name || !strcmp (name, "dinsig"))) + err = app_select_dinsig (app); if (err && name) err = gpg_error (GPG_ERR_NOT_SUPPORTED); @@ -435,8 +435,8 @@ get_supported_applications (void) "openpgp", "nks", "p15", - "dinsig", "geldkarte", + "dinsig", /* Note: "undefined" is not listed here because it needs special treatment by the client. */ NULL -- cgit v1.2.3 From f4b7f7146349c388a2f3ce224ff2006606c66232 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 19 Dec 2011 18:26:47 +0100 Subject: scd: Fix for card change returning GPG_ERR_CARD_RESET. * scd/apdu.c (apdu_connect): Do not test for zero atrlen. -- When gpg-agent prompts for insertion of a card this error would be returned. Co-authored-by: Ben Kibbey --- scd/apdu.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'scd') diff --git a/scd/apdu.c b/scd/apdu.c index 5a518465c..f47007551 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -3150,8 +3150,7 @@ apdu_connect (int slot) ; else if (!(status & APDU_CARD_PRESENT)) sw = SW_HOST_NO_CARD; - else if (((status & APDU_CARD_PRESENT) && !(status & APDU_CARD_ACTIVE)) - || !reader_table[slot].atrlen) + else if ((status & APDU_CARD_PRESENT) && !(status & APDU_CARD_ACTIVE)) sw = SW_HOST_CARD_INACTIVE; if (DBG_READER) -- cgit v1.2.3 From 07f20f313a0b13e5c93168a8a62ff1cbb94a4514 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Tue, 20 Dec 2011 13:34:27 +0900 Subject: Add error log and debug log for pcsc_keypad_verify and pcsc_keypad_modify. * scd/apdu.c (pcsc_keypad_verify): Add debug log and error log. (pcsc_keypad_modify): Likewise. --- scd/apdu.c | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) (limited to 'scd') diff --git a/scd/apdu.c b/scd/apdu.c index f47007551..7bb122d30 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -2053,7 +2053,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, { int sw; unsigned char *pin_verify; - unsigned long len = PIN_VERIFY_STRUCTURE_SIZE; + int len = PIN_VERIFY_STRUCTURE_SIZE; unsigned char result[2]; size_t resultlen = 2; @@ -2109,12 +2109,21 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, pin_verify[22] = p1; /* abData[3] */ pin_verify[23] = 0x00; /* abData[4] */ + if (DBG_CARD_IO) + log_debug ("send secure: c=%02X i=%02X p1=%02X p2=%02X len=%d pinmax=%d\n", + class, ins, p0, p1, len, pininfo->maxlen); + sw = control_pcsc (slot, reader_table[slot].pcsc.verify_ioctl, pin_verify, len, result, &resultlen); xfree (pin_verify); if (sw || resultlen < 2) - return sw? sw : SW_HOST_INCOMPLETE_CARD_RESPONSE; + { + log_error ("control_pcsc failed: %d\n", sw); + return sw? sw: SW_HOST_INCOMPLETE_CARD_RESPONSE; + } sw = (result[resultlen-2] << 8) | result[resultlen-1]; + if (DBG_CARD_IO) + log_debug (" response: sw=%04X datalen=%d\n", sw, (unsigned int)resultlen); return sw; } @@ -2126,7 +2135,7 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, { int sw; unsigned char *pin_modify; - unsigned long len = PIN_MODIFY_STRUCTURE_SIZE; + int len = PIN_MODIFY_STRUCTURE_SIZE; unsigned char result[2]; size_t resultlen = 2; @@ -2193,12 +2202,21 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, pin_modify[27] = p1; /* abData[3] */ pin_modify[28] = 0x00; /* abData[4] */ + if (DBG_CARD_IO) + log_debug ("send secure: c=%02X i=%02X p1=%02X p2=%02X len=%d pinmax=%d\n", + class, ins, p0, p1, len, (int)pininfo->maxlen); + sw = control_pcsc (slot, reader_table[slot].pcsc.modify_ioctl, pin_modify, len, result, &resultlen); xfree (pin_modify); if (sw || resultlen < 2) - return sw? sw : SW_HOST_INCOMPLETE_CARD_RESPONSE; + { + log_error ("control_pcsc failed: %d\n", sw); + return sw? sw : SW_HOST_INCOMPLETE_CARD_RESPONSE; + } sw = (result[resultlen-2] << 8) | result[resultlen-1]; + if (DBG_CARD_IO) + log_debug (" response: sw=%04X datalen=%d\n", sw, (unsigned int)resultlen); return sw; } -- cgit v1.2.3 From 366512abe44d9e71bb2c699c29477afa6ac71cdd Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 20 Dec 2011 11:12:21 +0100 Subject: Require Libassuan 2.0.3 * configure.ac: Require Libassuan 2.0.3. * agent/call-scd.c (ASSUAN_CONVEY_COMMENTS): Remove macro replacement. * agent/command.c (cmd_killagent) [ASSUAN_FORCE_CLOSE]: Remove dependency. (cmd_killagent) [ASSUAN_FORCE_CLOSE]: Ditto. * scd/command.c (cmd_killscd) [ASSUAN_FORCE_CLOSE]: Ditto. --- scd/command.c | 7 ------- 1 file changed, 7 deletions(-) (limited to 'scd') diff --git a/scd/command.c b/scd/command.c index afd5ef231..88f8ec2c9 100644 --- a/scd/command.c +++ b/scd/command.c @@ -1936,15 +1936,8 @@ cmd_killscd (assuan_context_t ctx, char *line) (void)line; ctrl->server_local->stopme = 1; -#ifdef ASSUAN_FORCE_CLOSE assuan_set_flag (ctx, ASSUAN_FORCE_CLOSE, 1); return 0; -#else - /* Actually returning an EOF does not anymore work with modern - Libassuan versions. However we keep that non working code until - we make a Libassuan with the force close flag a requirement. */ - return gpg_error (GPG_ERR_EOF); -#endif } -- cgit v1.2.3 From a2d9e48fcca6cfc2dfadef6dbd3579a30314676b Mon Sep 17 00:00:00 2001 From: Marcus Brinkmann Date: Mon, 2 Jan 2012 22:15:00 +0100 Subject: Only set gcrypt thread callback for older version of gcrypt. * agent/gpg-agent.c, dirmngr/dirmngr.c, g13/g13.c, scd/scdaemon.c (USE_GCRY_THREAD_CBS): New macro, defined if GCRY_THREAD_OPTION_VERSION is 0. (fixed_gcry_pth_init) [!USE_GCRY_THREAD_CBS]: Don't define. (main) [!USE_GCRY_THREAD_CBS]: Do not install thread callbacks. --- scd/scdaemon.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'scd') diff --git a/scd/scdaemon.c b/scd/scdaemon.c index c8905d4f0..128ecc31d 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -208,12 +208,18 @@ static void handle_connections (int listen_fd); /* Pth wrapper function definitions. */ ASSUAN_SYSTEM_PTH_IMPL; +#if defined(GCRY_THREAD_OPTION_VERSION) && (GCRY_THREAD_OPTION_VERSION == 0) +#define USE_GCRY_THREAD_CBS 1 +#endif + +#ifdef USE_GCRY_THREAD_CBS GCRY_THREAD_OPTION_PTH_IMPL; + static int fixed_gcry_pth_init (void) { return pth_self ()? 0 : (pth_init () == FALSE) ? errno : 0; } - +#endif static char * @@ -413,6 +419,7 @@ main (int argc, char **argv ) /* Libgcrypt requires us to register the threading model first. Note that this will also do the pth_init. */ +#ifdef USE_GCRY_THREAD_CBS gcry_threads_pth.init = fixed_gcry_pth_init; err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth); if (err) @@ -420,6 +427,7 @@ main (int argc, char **argv ) log_fatal ("can't register GNU Pth with Libgcrypt: %s\n", gpg_strerror (err)); } +#endif /* Check that the libraries are suitable. Do it here because the option parsing may need services of the library */ -- cgit v1.2.3 From d01d9ff11f46cbd61b7b8c0e04431e4f0c4a8580 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 3 Jan 2012 11:13:30 +0100 Subject: Terminate csh commands with a semicolon. Fixes bug#1386. * agent/gpg-agent.c (main): Terminate csh style output with a semicolon. * scd/scdaemon.c: Ditto. --- scd/scdaemon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scd') diff --git a/scd/scdaemon.c b/scd/scdaemon.c index 128ecc31d..6f8d01049 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -843,7 +843,7 @@ main (int argc, char **argv ) if (csh_style) { *strchr (infostr, '=') = ' '; - es_printf ( "setenv %s\n", infostr); + es_printf ( "setenv %s;\n", infostr); } else { -- cgit v1.2.3 From 0dce26778ef8abd4fc40de689d7ec9b720d26430 Mon Sep 17 00:00:00 2001 From: Marcus Brinkmann Date: Tue, 3 Jan 2012 17:08:01 +0100 Subject: Fix compiler warnings. * common/dotlock.c (use_hardlinks_p, dotlock_take_unix): Check return value of link(). * g13/g13.c: Make sure err is initialized. * scd/scdaemon.c (main) [!USE_GCRY_THREAD_CBS]: Do not define ERR. --- scd/scdaemon.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'scd') diff --git a/scd/scdaemon.c b/scd/scdaemon.c index 6f8d01049..e26beba13 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -382,7 +382,9 @@ main (int argc, char **argv ) { ARGPARSE_ARGS pargs; int orig_argc; +#ifdef USE_GCRY_THREAD_CBS gpg_error_t err; +#endif char **orig_argv; FILE *configfp = NULL; char *configname = NULL; -- cgit v1.2.3