aboutsummaryrefslogtreecommitdiffstats
path: root/scd/app-openpgp.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* scd: Use the correct gpg for the v1.0 OpenPGP card hack.Werner Koch2019-06-171-1/+2
| | | | | | | | | | | * scd/app-openpgp.c (get_public_key): Use gnupg_module_name instead of just "gpg". -- There is no bug report regarding this and it would be very unlikely but we should always use the gpg belonging to our code. Signed-off-by: Werner Koch <[email protected]>
* scd: Remove unused cruft from GnuPG 1.xWerner Koch2019-05-161-33/+0
| | | | | | | | | * scd/apdu.c: Remove code used only by GnuPG 1. * scd/app-openpgp.c: Ditto. * scd/ccid-driver.c: Ditto. * scd/iso7816.c: Ditto. Signed-off-by: Werner Koch <[email protected]>
* agent,scd: Scan and load all public keys for availability.NIIBE Yutaka2019-05-161-0/+4
| | | | | | | * agent/divert-scd.c (ask_for_card): Scan by SERIALNO command. * scd/app-openpgp.c (do_with_keygrip): Make sure to load pubkey. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add new command: KEYINFO.NIIBE Yutaka2019-04-251-0/+54
| | | | | | | | | | | | | | | * scd/app-common.h (struct app_ctx_s): Add with_keygrip function. * scd/app-openpgp.c (do_with_keygrip): New. * scd/app.c (app_do_with_keygrip): New. * scd/command.c (cmd_keyinfo): New. (send_keyinfo): New. -- KEYGRIP_ACTION_LOOKUP is not yet used. It will be used for directly asking PK* action to determine an APP. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Allow KEYGRIP as KEYIDSTR.NIIBE Yutaka2019-04-231-15/+52
| | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): Add keygrip_str. (store_keygrip): New. (read_public_key): Call store_keygrip to hold keygrip. (get_public_key): Likewise. (send_keypair_info): Use stored keygrip_str. (check_keyidstr): Allow use of KEYGRIP. (do_check_pin): Allow use of KEYGRIP of signing slot. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Factor out a function to check keyidstr.NIIBE Yutaka2019-04-221-126/+59
| | | | | | | * scd/app-openpgp.c (check_keyidstr): New. (do_sign, do_auth, do_decipher, do_check_pin): Use check_keyidstr. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: New options --info and --info-only for READKEY.Werner Koch2019-04-031-8/+19
| | | | | | | | | | | | | | | | | | | | | | * scd/command.c (cmd_readkey): New options --info and --info-only. * scd/app.c (app_readkey): New arg 'flags'. * scd/app-common.h (APP_READKEY_FLAG_INFO): New. (struct app_ctx_s): New args 'ctrl' and 'flags' for member readkey. Change all implementers. * scd/app-nks.c (do_readkey): Stub implementation of APP_READKEY_FLAG_INFO. * scd/app-openpgp.c (do_readkey): Implement APP_READKEY_FLAG_INFO. * scd/app-piv.c (do_readkey): Ditto. -- This feature allows to quickly get the keygrip and in most cases also the usage flags for one specific keyref. Example: <- readkey --info-only PIV.9D -> S KEYPAIRINFO FC6061FB457224370B85C6F34DD56CD29E669620 PIV.9D e -> OK Signed-off-by: Werner Koch <[email protected]>
* scd: New standard attributes $ENCRKEYID and $SIGNKEYID.Werner Koch2019-04-031-0/+14
| | | | | | | | | | | | | | | | * g10/call-agent.c (agent_scd_keypairinfo): Use --keypairinfo. * sm/call-agent.c (gpgsm_agent_scd_keypairinfo): Ditto. * scd/app-openpgp.c (do_getattr): Add attributes "$ENCRKEYID" and "$SIGNKEYID". * scd/app-piv.c (do_getattr): Ditto. -- We already have $AUTHKEYID to locate the keyref of the key to be used with ssh. It will also be useful to have default keyref for encryption and signing. For example, this will allow us to repalce the use of "OPENPGP.2" by a app type specific keyref. Signed-off-by: Werner Koch <[email protected]>
* Fix the previous commit.NIIBE Yutaka2019-03-131-3/+3
| | | | | | | | | | | | * g10/ecdh.c (kek_params_table): Revert the change. * scd/app-openpgp.c (ecdh_params): Use CIPHER_ALGO_AES256 for 384-bit key. -- Avoiding CIPHER_ALGO_AES192 is intentional here. Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix symmetric cipher algo constant for ECDH.NIIBE Yutaka2019-03-131-2/+2
| | | | | | | | | | * g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for ECC strength 384, according to RFC-6637. -- Reported-by: Trevor Bentley Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Rename a shared info field name.Werner Koch2019-03-051-12/+12
| | | | | | | | * scd/app-piv.c (app_select_piv): * scd/app-common.h (struct app_ctx_s): Rename 'card_version' to 'cardversion'. Rename all users. Add 'appversion'. Signed-off-by: Werner Koch <[email protected]>
* scd: Simplify the app_readkey parameters.Werner Koch2019-02-261-38/+8
| | | | | | | | | | | | | | * scd/app-help.c (app_help_pubkey_from_cert): New. * scd/command.c (cmd_readkey): Refactor to use that new function and handle the --advanced flag only here. * scd/app.c (app_readkey): Remove parm advanced. * scd/app-common.h (struct app_ctx_s): Remove parm advanced from the readkey member. * scd/app-nks.c (do_readkey): Adjust for removed parm. * scd/app-piv.c (do_readkey): Ditto. * scd/app-openpgp.c (do_readkey): Ditto. Signed-off-by: Werner Koch <[email protected]>
* scd: Extend KEYPAIRINFO by key usage info.Werner Koch2019-02-211-0/+10
| | | | | | | | | | * scd/app-openpgp.c (send_keypair_info): Append usage string. * scd/app-piv.c (struct data_object_s): Remove column 'binary'. Add column 'usage'. (dump_all_do): Adjust for removed 'binary'. (send_keypair_and_cert_info): Append usage string. Signed-off-by: Werner Koch <[email protected]>
* scd: Clear CHV status on timeout error.NIIBE Yutaka2019-02-211-34/+45
| | | | | | | | | * scd/app-openpgp.c (clear_chv_status): New. (do_change_pin): Use clear_chv_status. (do_sign): Call clear_chv_status on GPG_ERR_TIMEOUT. (do_auth, do_decipher): Likewise. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Make app_genkey and supporting ISO function more flexible.Werner Koch2019-02-061-3/+5
| | | | | | | | | | | | | | | | | | | * scd/app.c (app_genkey): Add arg keytype. * scd/app-common.h (struct app_ctx_s): Fitto for the genkey member. * scd/command.c (cmd_genkey): Adjust for change. * scd/iso7816.c (do_generate_keypair): Replace arg read_only by new args p1 and p2. (iso7816_read_public_key): Adjust for this. (iso7816_generate_keypair): Add new args p1 and p2. * scd/app-openpgp.c (do_genkey): Adjust for changes. -- The OpenPGP card creates keys according to parameters read from a data object. Other cards we are about to implement require a direct specification of the requested keytype. This patch implements the required changes. Signed-off-by: Werner Koch <[email protected]>
* scd: Allow standard keyref scheme for app-openpgp.Werner Koch2019-02-051-1/+14
| | | | | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with "OPENPGP." * tools/card-call-scd.c (scd_change_pin): Change API to use strings. * tools/gpg-card-tool.c (cmd_passwd): Adjust for change. (cmd_unblock): Ditto. -- The generic keyref allows for better error detection in case a keyref is send to a wrong card. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix flushing of CA-FPR data objectsWerner Koch2019-01-251-23/+25
| | | | | | | | | | | | | | * scd/app-openpgp.c (do_setattr): Add new table item to flush a different tag. -- For whatever reasons the OpenPGP card reads the 3 CA fingerprints from one object but sets them individually using 3 different tags. The cache flushing was not prepared for this and so a changed CA fingerprint showed only up after a card reset. This patch fixes it. Signed-off-by: Werner Koch <[email protected]>
* scd: Support PASSWD --clear for OpenPGP card.NIIBE Yutaka2019-01-231-1/+32
| | | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Implement handling APP_CHANGE_FLAG_CLEAR. -- It is specified in the specification version 3.1 or later. Some version 2 cards (including Gnuk) support this feature. Any version 1 card has no support for this feature. For CHVNO = 1, it clears for both of 81 and 82; That is, user's key usages for signing and others (decryption and auth). For CHVNO = 3, it clears for 83, admin key. For CHVNO = 2, it clears 82; That is, user's key usages others (decryption and auth). Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add option --clear to PASSWD.Werner Koch2019-01-211-0/+4
| | | | | | | | | | | | | | | * scd/command.c (cmd_passwd): Add option --clear. (send_status_printf): New. * scd/app-common.h (APP_CHANGE_FLAG_CLEAR): New. * scd/app-nks.c (do_change_pin): Return an error if that option is used. * scd/app-openpgp.c (do_change_pin): Ditto. -- Card application may support this option to clear the PIN verification status of a specific PIN. Signed-off-by: Werner Koch <[email protected]>
* doc: Typo fix in code commentWerner Koch2019-01-021-4/+4
| | | | --
* scd: Fix description string.NIIBE Yutaka2018-12-181-2/+2
| | | | | | * scd/app-openpgp.c (data_objects): Capitalize the word for usage. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Make "learn" report about KDF data object.NIIBE Yutaka2018-11-151-3/+8
| | | | | | | * scd/app-openpgp.c (do_learn_status): Report KDF attr. * g10/card-util.c (current_card_status): Output KDF for with_colons. Signed-off-by: NIIBE Yutaka <[email protected]>
* g10,scd: Improve UIF support.NIIBE Yutaka2018-10-251-3/+6
| | | | | | | | | | * g10/call-agent.c (learn_status_cb): Parse "bt" flag. * g10/call-agent.h: New member field "bt". * g10/card-util.c (uif): Limit its access only when it is supported. * scd/app-openpgp.c (do_setattr): Allow access to UIF objects only when there is a button. Signed-off-by: NIIBE Yutaka <[email protected]>
* all: fix spelling and typosDaniel Kahn Gillmor2018-10-241-1/+1
| | | | Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* scd: Fix signing authentication status.NIIBE Yutaka2018-10-151-1/+4
| | | | | | | | | | | | | * scd/app-openpgp.c (do_sign): Clear DID_CHV1 after signing. -- We have a corner case: In "not forced" situation and authenticated, and it is changed to "forced", card implementaiton can actually accept signing, but GnuPG requires authentication, because it is "forced". GnuPG-bug-id: 4177 Signed-off-by: NIIBE Yutaka <[email protected]>
* g10,scd: Support UIF changing command.NIIBE Yutaka2018-09-271-3/+15
| | | | | | | | | | | | | * g10/card-util.c (uif, cmdUIF): New. (card_edit): Add call to uif by cmdUIF. * scd/app-openpgp.c (do_getattr): Support UIF-1, UIF-2, and UIF-3. (do_setattr): Likewise. (do_learn_status): Learn UIF-1, UIF-2, and UIF-3. -- GnuPG-bug-id: 4158 Signed-off-by: NIIBE Yutaka <[email protected]>
* Merge branch 'STABLE-BRANCH-2-2' into masterWerner Koch2018-04-101-14/+47
|\ | | | | | | | | | | | | | | | | -- Fixed conflicts: NEWS - keep master configure.ac - merge g10/card-util.c - mostly 2.2 g10/sig-check.c - 2.2
| * scd: Writing KDF resets auth state.NIIBE Yutaka2018-04-031-1/+7
| | | | | | | | | | | | * scd/app-openpgp.c (do_setattr): Clear auth state. Signed-off-by: NIIBE Yutaka <[email protected]>
| * g10,scd: Support single salt for KDF data object.NIIBE Yutaka2018-03-301-7/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/card-util.c (gen_kdf_data): Support single salt. (kdf_setup): Can have argument for single salt. * scd/app-openpgp.c (pin2hash_if_kdf): Support single salt. -- Gnuk has "admin-less" mode. To support "admin-less" mode with KDF feature, salt should be same for user and admin. Thus, I introduce a valid use of single salt. Signed-off-by: NIIBE Yutaka <[email protected]>
| * scd: Support changing key attribute back to RSA.NIIBE Yutaka2018-03-301-6/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (change_rsa_keyattr): Try usual RSA. -- In the OpenPGP card specification, there are multiple options to support RSA (having P and Q or not, etc.), and it is implementation dependent. Since GnuPG doesn't have knowledge which card implementation support which option and there is no way (yet) for card to express itself which key attributes are supported, we haven't supported key attribute change back to RSA. But, many card implementation uses P and Q, try this option. If other cases, factory-reset would be easier option. Signed-off-by: NIIBE Yutaka <[email protected]>
* | Merge branch 'STABLE-BRANCH-2-2' into masterWerner Koch2018-03-271-2/+3
|\|
| * scd: Support KDF DO setup.NIIBE Yutaka2018-03-221-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | * g10/call-agent.c (learn_status_cb): Parse the capability for KDF. * g10/card-util.c (gen_kdf_data, kdf_setup): New. (card_edit): New admin command cmdKDFSETUP to call kdf_setup. * scd/app-openpgp.c (do_getattr): Emit KDF capability. -- GnuPG-bug-id: 3823 Signed-off-by: NIIBE Yutaka <[email protected]>
* | Merge branch 'STABLE-BRANCH-2-2'Werner Koch2018-02-221-3/+8
|\|
| * scd: Improve KDF-DO supportArnaud Fontaine2018-02-131-1/+2
| | | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (pin2hash_if_kdf): Check the content of KDF DO. -- Length check added by gniibe. Signed-off-by: Arnaud Fontaine <[email protected]>
| * scd: Fix handling for Data Object with no data.NIIBE Yutaka2018-02-121-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (get_cached_data): Return NULL for Data Object with no data. -- When GET_DATA returns no data with success (90 00), this routine firstly returned buffer with length zero, and secondly (with cache) returned NULL, which is inconsistent. Now, it returns NULL for both cases. Signed-off-by: NIIBE Yutaka <[email protected]>
* | Merge branch 'STABLE-BRANCH-2-2' into masterWerner Koch2018-01-251-25/+94
|\| | | | | | | Signed-off-by: Werner Koch <[email protected]>
| * scd: Support KDF Data Object of OpenPGPcard V3.3.NIIBE Yutaka2018-01-221-25/+94
| | | | | | | | | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (do_getattr, do_setattr): Add KDF support. (pin2hash_if_kdf): New. (verify_a_chv): Add PINLEN arg. Use pin2hash_if_kdf. (verify_chv2, do_sign): Follow the change of verify_a_chv. (verify_chv3, do_change_pin): Use pin2hash_if_kdf. -- GnuPG-bug-id: 3152 Signed-off-by: NIIBE Yutaka <[email protected]>
| * scd: Fix for large ECC keys.NIIBE Yutaka2017-09-111-8/+32
| | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (do_decipher): Support larger length. -- Reported-by: Achim Pietig <[email protected]> Signed-off-by: NIIBE Yutaka <[email protected]>
* | Use the gpgrt log functions if possible.Werner Koch2017-11-271-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/logging.c: Do not build any code if we can use the gpgrt_log functions. (log_logv_with_prefix): Rename to log_logv_prefix and change order of args so that this function matches its printf like counterpart gpgrt_logv_prefix. Change all callers. (log_debug_with_string): Rename to log_debug_string. Change all callers. (log_printhex): Move first arg to end so that this function matches its printf like counterpart gpgrt_log_printhex. Change all callers. * common/logging.h: Divert to gpgrt/libgpg-error if we can use the gpgrt_log functions. (bug_at): Add inline versions if we can use the gpgrt_log functions. * configure.ac (GPGRT_ENABLE_LOG_MACROS): Add to AH_BOTTOM. (mycflags): Add -Wno-format-zero-length. -- This patch enables the use of the log function from libgpgrt (aka libgpg-error). Instead of checking a version number, we enable them depending on macros set by recent gpg-error versions. Eventually the whole divert stuff can be removed. The -Wno-format-zero-length is required because log_printhex can be called with an empty format string. Note that this is fully specified standard C behaviour. Signed-off-by: Werner Koch <[email protected]>
* | gpg: Repurpose the ISO defined DO "sex" to "salutation".Werner Koch2017-11-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | * g10/card-util.c (current_card_status): String changes. (change_sex): Description change. (cmds): Add "salutation"; keep "sex" as an alias. -- Note that we can't change the used values or tags but at least the UI should show reflect the real purpose of the field. Signed-off-by: Werner Koch <[email protected]>
* | scd: Fix for large ECC keys.NIIBE Yutaka2017-08-291-8/+32
|/ | | | | | | | | * scd/app-openpgp.c (do_decipher): Support larger length. -- Reported-by: Achim Pietig <[email protected]> Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Convey the correct length for LeWerner Koch2017-08-271-2/+2
| | | | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (determine_rsa_response): Round bits up. -- Co-authored-by: Arnaud Fontaine <[email protected]> Arnaud wrote: Actually, when the incorrect expected response length (i.e. Le field) is transmitted to the card, the card's answer is missing a byte (i.e. ... 6101) so an additional command has to be sent to the card to retrieve the last byte. Using the correct length avoids to send the additional command to retrieve the missing byte, when the computed length is wrong. Note that an value of 65537 for E is pretty standard and thus we can avoid the 6101 return code inmost cases. Signed-off-by: Werner Koch <[email protected]>
* scd: Use unsigned int for fields.NIIBE Yutaka2017-07-241-5/+5
| | | | | | * scd/app-openpgp.c (data_objects): Use unsigned ints. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add debug message for v3 card.NIIBE Yutaka2017-07-211-8/+17
| | | | | | * scd/app-openpgp.c (show_caps): Output more messages. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Support longer data length for special DOs for v3 card.NIIBE Yutaka2017-07-201-16/+45
| | | | | | | | | | | | | * scd/app-openpgp.c (data_objects): Special DOs like "Login Data", "URL", "Private DO N" can be longer size >= 256. (struct app_local_s): Define bits for v3 card. (get_cached_data): Use extcap.max_special_do for special DOs. (app_select_openpgp): Detect if extcap_v3, kdf_do, and other bits. -- GnuPG-bug-id: 3262 Signed-off-by: NIIBE Yutaka <[email protected]>
* Spelling fixes in docs and comments.NIIBE Yutaka2017-04-281-2/+2
| | | | | | | | | | -- In addition, fix trailing spaces in tests/inittests. GnuPG-bug-id: 3121 Reported-by: ka7 (klemens) Signed-off-by: NIIBE Yutaka <[email protected]>
* Remove -I option to common.NIIBE Yutaka2017-03-071-5/+5
| | | | | | | | | | | | | * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix compiler warnings for app-openpgp.c.NIIBE Yutaka2017-03-061-4/+2
| | | | | | | | * scd/app-openpgp.c (retrieve_key_material): Remove touching I. (do_change_pin): Make sure going to leave if PINVALUE == 0. (rsa_writekey): Emit simpler log. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,agent: Improve the OpenPGP PIN prompt texts.Werner Koch2017-02-221-7/+18
| | | | | | | | | | | | | * scd/app-openpgp.c (get_prompt_info): Change texts. * agent/call-pinentry.c (struct entry_features): New. (getinfo_features_cb): New. (start_pinentry): Set new fucntion as status callback. (build_cmd_setdesc): New. Replace all snprintf for SETDESC by this one. -- Suggested-by: Andre Heinecke Signed-off-by: Werner Koch <[email protected]>
* Revert "scd: Nitpicks on the improved card prompts"Werner Koch2017-02-221-7/+7
| | | | | | | -- This reverts commit 143ca039e1e81140ae520cc1025f8e25c01acc80. I have a more improved version in the works.
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-28 01:46:55 +0000