diff options
| author | Werner Koch <[email protected]> | 2019-03-05 14:49:20 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2019-03-05 14:49:20 +0000 |
| commit | e897e1e255ef9870dfd1639d6f4e97bdf4e83b34 (patch) | |
| tree | 5571c7633161ca25697fa7222ea8ec64f50091ce /scd/iso7816.c | |
| parent | gpg: Make invalid primary key algos obvious in key listings. (diff) | |
| download | gnupg-e897e1e255ef9870dfd1639d6f4e97bdf4e83b34.tar.gz gnupg-e897e1e255ef9870dfd1639d6f4e97bdf4e83b34.zip | |
scd:piv: Implement import of private keys for Yubikeys.
* scd/app-piv.c (concat_tlv_list): Add arg 'secure' and adjust
callers.
(writekey_rsa, writekey_ecc): New.
(do_writekey): New.
(do_writecert): Provide a better error message for an empty cert.
(app_select_piv): Register do_writekey.
* scd/iso7816.c (iso7816_send_apdu): New.
* scd/app-common.h (APP_WRITEKEY_FLAG_FORCE): New.
* agent/command.c (cmd_keytocard): Make the timestamp optional.
* tools/card-call-scd.c (inq_writekey_parms): Remove.
(scd_writekey): Rewrite.
* tools/gpg-card.c (cmd_writekey): New.
(enum cmdids): Add cmdWRITEKEY.
(dispatch_command, interactive_loop): Call cmd_writekey.
--
This has been tested with gpgsm and RSA keys. For ECC keys only
partly tested using the sample OpenPGP nistp256 and nistp384 keys
because gpgsm does not yet support ECC certificates and thus we can't
write the certificates to the cert object after a writekey. Note that
they nevertheless show up in "gpgcard list" because gpg-card searches
for them in gpg and gpgsm. However, this does not work completely.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'scd/iso7816.c')
| -rw-r--r-- | scd/iso7816.c | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/scd/iso7816.c b/scd/iso7816.c index a9cd73014..d9f3336c7 100644 --- a/scd/iso7816.c +++ b/scd/iso7816.c @@ -222,6 +222,39 @@ iso7816_list_directory (int slot, int list_dirs, } +/* Wrapper around apdu_send. RESULT can be NULL if no result is + * expected. In addition to an gpg-error return code the actual + * status word is stored at R_SW unless that is NULL. */ +gpg_error_t +iso7816_send_apdu (int slot, int extended_mode, + int class, int ins, int p0, int p1, + int lc, const void *data, + unsigned int *r_sw, + unsigned char **result, size_t *resultlen) +{ + int sw; + + if (result) + { + *result = NULL; + *resultlen = 0; + } + + sw = apdu_send (slot, extended_mode, class, ins, p0, p1, lc, data, + result, resultlen); + if (sw != SW_SUCCESS && result) + { + /* Make sure that pending buffers are released. */ + xfree (*result); + *result = NULL; + *resultlen = 0; + } + if (r_sw) + *r_sw = sw; + return map_sw (sw); +} + + /* This function sends an already formatted APDU to the card. With HANDLE_MORE set to true a MORE DATA status will be handled internally. The return value is a gpg error code (i.e. a mapped |