scd: Enhance KEYINFO command to limit listing with capability.

* scd/app-common.h: Add CAPABILITY argument to the WITH_KEYGRIP.
(app_do_with_keygrip): Likewise.
* scd/app-openpgp.c (send_keyinfo_if_available): New.
(do_with_keygrip): Support listing with CAPABILITY.
* scd/app-piv.c (do_with_keygrip): Likewise.
* scd/app.c (maybe_switch_app): Supply the argument.
(app_do_with_keygrip): Add CAPABILITY argument.
* scd/command.c (cmd_pksign, cmd_pkauth): Supply the argument.
(cmd_pkdecrypt): Likewise.
(cmd_keyinfo): Support listing with CAPABILITY.

--

GnuPG-bug-id: 4784
Signed-off-by: NIIBE Yutaka <[email protected]>

1 files changed, 17 insertions, 1 deletions

diff --git a/scd/app-piv.c b/scd/app-piv.c
index 3cc7754df..0b1cb8208 100644
--- a/scd/app-piv.c
+++ b/scd/app-piv.c
@@ -3330,7 +3330,7 @@ do_writecert (app_t app, ctrl_t ctrl,
 /* Process the various keygrip based info requests.  */
 static gpg_error_t
 do_with_keygrip (app_t app, ctrl_t ctrl, int action,
-                 const char *want_keygripstr)
+                 const char *want_keygripstr, int capability)
 {
   gpg_error_t err;
   char *keygripstr = NULL;
@@ -3389,6 +3389,22 @@ do_with_keygrip (app_t app, ctrl_t ctrl, int action,
         }
       else if (!want_keygripstr || !strcmp (keygripstr, want_keygripstr))
         {
+          if (capability == 1)
+            {
+              if (strcmp (data_objects[i].keyref, "9C"))
+                continue;
+            }
+          if (capability == 2)
+            {
+              if (strcmp (data_objects[i].keyref, "9D"))
+                continue;
+            }
+          if (capability == 3)
+            {
+              if (strcmp (data_objects[i].keyref, "9A"))
+                continue;
+            }
+
           snprintf (idbuf, sizeof idbuf, "PIV.%s", data_objects[i].keyref);
           send_keyinfo (ctrl, data, keygripstr, serialno, idbuf);
           if (want_keygripstr)