aboutsummaryrefslogtreecommitdiffstats
path: root/scd/app-openpgp.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* common,gpg,scd,sm: Fix for Curve25519 OID supporting new and old.NIIBE Yutaka2024-10-081-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | * common/util.h (openpgp_curve_to_oid): Add new argument to select OID by OpenPGP version. * common/openpgp-oid.c (openpgp_curve_to_oid): Implement returning selected OID for Curve25519. * common/openpgp-fpr.c (compute_openpgp_fpr_ecc): Follow the change, selecting by the version. * g10/export.c (match_curve_skey_pk): Likewise. (transfer_format_to_openpgp): Likewise. * g10/gpg.c (list_config): Likewise, print new OID. * g10/keygen.c (ecckey_from_sexp): Likewise, selecting by the version. * sm/encrypt.c (ecdh_encrypt): Likewise, don't care. * sm/minip12.c (build_ecc_key_sequence): Likewise, new OID. * scd/app-openpgp.c (ecdh_params, gen_challenge): Likewise, don't care. (ecc_read_pubkey, change_keyattr_from_string, ecc_writekey): Likewise, old OID. -- GnuPG-bug-id: 7316 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: New getinfo subcommand "manufacturer"Werner Koch2024-08-051-3/+3
| | | | | | | | | | | | | * scd/command.c (cmd_getinfo): Add subcommand "manufacturer". * scd/app-openpgp.c (get_manufacturer): Rename to ... (app_openpgp_manufacturer): this and make global. -- Example: $ gpg-connect-agent 'scd getinfo manufacturer 42' /bye D Magrathea OK
* indent: Fix spellingDaniel Kahn Gillmor2024-05-311-1/+1
| | | | | | | | | | | | | -- These are non-substantive corrections for minor spelling mistakes within the GnuPG codebase. With something like this applied to the codebase, and a judiciously tuned spellchecker integrated as part of a standard test suite, it should be possible to keep a uniform orthography within the project. GnuPG-bug-id: 7116
* scd:openpgp: Add new vendor.Werner Koch2024-05-221-0/+1
| | | | --
* scd:openpgp: Robust Data Object handling for constructed case.NIIBE Yutaka2024-04-151-0/+50
| | | | | | | | | | | * scd/app-openpgp.c (get_cached_data): When it comes with its tag and length for the constructed Data Object, remove them. -- GnuPG-bug-id: 7058 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:openpgp: Fix data_objects specification for F9 and FA.NIIBE Yutaka2024-03-271-2/+2
| | | | | | | | | * scd/app-openpgp.c (data_objects): These are constructed objects. -- GnuPG-bug-id: 7058 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add new OpenPGP vendorWerner Koch2024-03-261-0/+1
| | | | --
* scd:openpgp: Allow PIN length of 6 also with a reset code.Werner Koch2024-01-301-2/+15
| | | | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Fix PIN length check. Add "R" flag to the reset code prompt. -- When using the reset code it was not possible to set a PIN of length 6. The "R" flags fixes a funny prompt. Fixes-commit: efe325ffdf21205b90f888c8f0248bbd4f61404b scd:openpgp: Allow PIN length of 6 also with a reset code. * scd/app-openpgp.c (do_change_pin): Fix PIN length check. Add "R" flag to the reset code prompt. -- When using the reset code it was not possible to set a PIN of length 6. The "R" flags fixes a funny prompt. Fixes-commit: 2376cdff1318688d94c95fd01adc4b2139c4a8c7
* scd:openpgp: Add the length check for new PIN.NIIBE Yutaka2023-12-221-16/+32
| | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Make sure new PIN length is longer than MINLEN. -- GnuPG-bug-id: 6843 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:openpgp: Fallback to default ECDH params in writekey.Werner Koch2023-11-231-3/+5
| | | | | | | | | | | | * scd/app-openpgp.c (ecc_writekey): Use default ECDH parameters and remove the now useless check. -- This seems to be better than bailing out. In almost all cases our standard parameters are used and if not, well, the fingerprint will be wrong. GnuPG-bug-id: 6378
* scd: Return GPG_ERR_PIN_BLOCKED when it's blocked.NIIBE Yutaka2023-11-081-2/+2
| | | | | | | | | | | | | | * scd/app-openpgp.c (build_enter_admin_pin_prompt): Fix to use GPG_ERR_PIN_BLOCKED. (check_pin): Likewise. -- Cherry-pick from master commit: e6b3d53db36dba8aef640fc0a99cc079551a965a GnuPG-bug-id: 6425 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:openpgp: Return better error codes for the Reset Code.Werner Koch2023-10-061-3/+3
| | | | | | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Use GPG_ERR_BAD_RESET_CODE where appropriate. * common/util.h: Add error codes missing in gpgrt 1.46. * agent/call-pinentry.c (unlock_pinentry): Handle GPG_ERR_BAD_RESET_CODE. (agent_askpin): Ditlo. Also simply condition. (agent_get_passphrase): Ditto. * g10/call-agent.c (status_sc_op_failure): Handle GPG_ERR_BAD_RESET_CODE. * g10/card-util.c (write_sc_op_status): Ditto. * tools/card-call-scd.c (status_sc_op_failure): Ditto.
* gpg: Fix writing ECDH keys to OpenPGP smartcards.Werner Koch2023-04-211-21/+65
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_keytocard): Add new arg for ECDH params. * scd/app-openpgp.c (ecc_writekey): Use provided ECDH params to compute the fingerprint. * g10/call-agent.c (agent_keytocard): Add arg ecdh_param_str. * g10/keyid.c (ecdh_param_str_from_pk): New. * g10/card-util.c (card_store_subkey): Pass ECDH params to writekey. * g10/keygen.c (card_store_key_with_backup): Ditto. * scd/app-openpgp.c (store_fpr): Add arg update. (rsa_read_pubkey, ecc_read_pubkey): Add arg meta_update and avoid writing the fingerprint back to the card if not set. (read_public_key): Also add arg meta_update. (get_public_key): Do not pass it as true here... (do_genkey): ... but here. (rsa_write_key, ecc_writekey): Force string the fingerprint. -- The problem showed up because in 2.4 we changed the standard ECDH parameter some years ago. Now when trying to write an ECDH key created by 2.2 with 2.4 to an openpgp card, scdaemon computes a wrong fingerprint and thus gpg was not able to find the key again by fingerprint. The patch also avoids updating the stored fingerprint in certain situations. This fix is somewhat related to GnuPG-bug-id: 6378
* scd,openpgp: Switch key attributes between RSA and ECC in writekey.Werner Koch2023-03-151-5/+30
| | | | | | | | | | | | | | * common/sexputil.c (get_rsa_pk_from_canon_sexp): Also allow private keys. (pubkey_algo_string): Ditto. * scd/app-openpgp.c (do_writekey): Switch key attributes -- The scd WRITEKEY command for OpenPGP cards missed proper support to aautomagically switch key attributes based on the new key. We had this only in GENKEY. GnuPG-bug-id: 6378
* scd: Fix checking memory allocation.NIIBE Yutaka2023-03-081-1/+1
| | | | | | | | * scd/app-openpgp.c (read_public_key): Fix the memory. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:opengpg: Minor vendor name fixWerner Koch2022-07-281-1/+1
| | | | --
* scd:openpgp: New vendorWerner Koch2022-07-281-0/+1
| | | | --
* scd:openpgp: Fix workaround for Yubikey heuristics.NIIBE Yutaka2022-07-131-8/+21
| | | | | | | | | | * scd/app-openpgp.c (parse_algorithm_attribute): Handle the case of firmware 5.4, too. -- GnuPG-bug-id: 6070 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,openpgp: Support READCERT by keygrip.NIIBE Yutaka2022-06-101-1/+22
| | | | | | | | | * scd/app-openpgp.c (do_readcert): Allow use of keygrip. -- GnuPG-bug-id: 6002 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Return USAGE information for KEYINFO command.NIIBE Yutaka2022-05-261-8/+18
| | | | | | | | | | | | | | | | | | | | | | | * scd/command.c (hlp_keyinfo): Update. (send_keyinfo): Add a USAGE argument. * scd/scdaemon.h (send_keyinfo): Add a USAGE argument. * scd/app-nks.c (set_usage_string): New. (do_learn_status_core, do_readkey): Use set_usage_string. (do_with_keygrip): Add USAGE to call send_keyinfo, using set_usage_string. * scd/app-openpgp.c (get_usage_string): New. (send_keypair_info): Use get_usage_string. (send_keyinfo_if_available): Add USAGE to call send_keyinfo, using get_usage_string. * scd/app-p15.c (set_usage_string): New. (send_keypairinfo): Use set_usage_string. (do_with_keygrip): Add USAGE to call send_keyinfo, using set_usage_string. * scd/app-piv.c (do_with_keygrip): Add USAGE to call send_keyinfo. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fail when no good algorithm attribute.NIIBE Yutaka2022-05-111-19/+30
| | | | | | | | | | | | | | * scd/app-openpgp.c (parse_algorithm_attribute): Return the error. (change_keyattr): Follow the change. (app_select_openpgp): Handle the error of parse_algorithm_attribute. -- This change allows following invocation of app_select_openpgp, which may work well (if the problem is device side for initial connection). GnuPG-bug-id: 5963 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:openpgp: New card vendor.Werner Koch2022-05-101-0/+1
| | | | | | | | -- BTW, we should add a function to read out the entire table so that you can ask scdaemon for that list. iirc, Kleopatra still uses a copy of the table.
* scd: Add workaround for ECC attribute on Yubikey.NIIBE Yutaka2022-05-061-1/+2
| | | | | | | | | | * scd/app-openpgp.c (parse_algorithm_attribute): Skip possibly bogus octet in a key attribute. -- GnuPG-bug-id: 5963 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix hard-coded constant for RSA auth.NIIBE Yutaka2022-04-251-3/+9
| | | | | | | | | | | | * scd/app-openpgp.c (do_auth): Allow larger data for RSA-4096. -- OpenPGPcard specification says that it will be rejected by the card when it's larger. We have been the check on host side too, but it was written when it only had a support for RSA-2048. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Don't inhibit SSH authentication for larger data if it can.NIIBE Yutaka2022-04-221-0/+5
| | | | | | | | | * scd/app-openpgp.c (do_auth): Use command chaining if available. -- GnuPG-bug-id: 5935 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add --challenge-response option to PK_AUTH for OpenPGP card.NIIBE Yutaka2022-03-031-23/+184
| | | | | | | | | | | | | | * scd/app-openpgp.c (rmd160_prefix, sha1_prefix, sha224_prefix) (sha256_prefix, sha384_prefix, sha512_prefix): Move the scope up. (gen_challenge): New. (do_auth): Support challenge-response check if it signs correctly. * scd/app.c (app_auth): Remove the check INDATA and INDATALEN. * scd/command.c (cmd_pkauth): Support --challenge-response option. -- GnuPG-bug-id: 5862 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE.NIIBE Yutaka2021-11-151-0/+8
| | | | | | | | | | * scd/app-openpgp.c (do_auth): Use extended Lc, when supported. -- GnuPG-bug-id: 5682 Co-authored-by: Klas Lindfors Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add new OpenPGP card vendor.Werner Koch2021-11-041-0/+1
| | | | --
* scd: Silence compiler waring about unused args.Werner Koch2021-07-081-0/+3
| | | | --
* scd: Detect external interference when PCSC_SHARED.NIIBE Yutaka2021-07-061-0/+13
| | | | | | | | | | | | | | * scd/app-common.h (check_aid): New method. * scd/app-openpgp.c (do_check_aid): New. * scd/app-piv.c (do_check_aid): New. * scd/app.c (check_external_interference): New. (maybe_switch_app): Check interference to determine switching is needed. -- GnuPG-bug-id: 5484 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Support clearing of Reset Code by ''.NIIBE Yutaka2021-06-111-2/+3
| | | | | | | | * scd/app-openpgp.c (do_change_pin): Allow null-string. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add new card vendor.Werner Koch2021-06-101-0/+1
| | | | --
* scd: Fix zero-byte handling in ECC.NIIBE Yutaka2021-05-281-11/+3
| | | | | | | | | | * scd/app-openpgp.c (ecc_writekey): Don't remove zero-byte. -- Fixes-commit: a25c99b156ca9acaa7712e9c09a6df0a7a23c833 GnuPG-bug-id: 5163 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix unblock PIN by a Reset Code with KDF.Kirill Elagin2021-04-271-1/+1
| | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Use correct CHVNO=1 for pin2hash_if_kdf, for user's PIN. -- GnuPG-bug-id: 5413 Signed-off-by: Kirill Elagin <[email protected]>
* scd: Replace all assert macros by the log_assert macro.Werner Koch2021-03-311-16/+15
| | | | Signed-off-by: Werner Koch <[email protected]>
* scd:openpgp: Allow reading and writing user certs for keys 1 and 2Werner Koch2021-03-191-22/+86
| | | | | | | | | | | | | | * scd/iso7816.c (CMD_SELECT_DATA): New. (iso7816_select_data): New. * scd/app-openpgp.c (do_readcert): Allow OpenPGP.1 and OPENPGP.2 (do_writecert): Ditto. (do_setattr): Add CERT-1 and CERT-2. -- This has been tested with a Zeitcontrol 3.4 card. A test with a Yubikey 5 (firmware 5.2.6) claiming to support 3.4 failed. Signed-off-by: Werner Koch <[email protected]>
* scd:openpgp: Rename an internal variable.Werner Koch2021-03-191-13/+14
| | | | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): s/extcap_v3/is_v3/. s/max_certlen_3/max_certlen. Change users. -- The extcap_v3 flag is set if the version is 3 or later and as such does not only declare that the v3 extcap layout is used. Make this clear by renaming. Likewise for max_certlen_3. Signed-off-by: Werner Koch <[email protected]>
* scd:openpgp: Small speedup reading card properties.Werner Koch2021-03-191-2/+18
| | | | | | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): Add new flag. (get_cached_data): Force chace use if flag is set. (app_select_openpgp): Avoid reading DO 6E multiple times. -- The do not cache property of 6E was introduced so that we can change for example key attributes without getting into with the cache. However, for initial reading the cache makes a lot of sense and thus we now use this hack to only temporary cache. A better strategy would be to clear the cache when we change card data but that is more error prone. Signed-off-by: Werner Koch <[email protected]>
* scd: Add handling of Ed448 key.NIIBE Yutaka2021-03-151-13/+12
| | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): Add ecc.algo field. (send_key_attr): Use ecc.algo field. (ecc_read_pubkey): Use ecc.algo field. (ecc_writekey): Ed448 means EdDSA. (parse_algorithm_attribute): Set ecc.algo field from card. Add checking for Ed25519 for ECC_FLAG_DJB_TWEAK flag. -- There used to be a possible support of Ed25519 with ECDSA, (instead of EdDSA). To distinguish key for Ed25519 for EdDSA, we use the flag: (flags eddsa). Ed448 has no support for ECDSA and defaults to EdDSA even if no such flag. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix count_sos_bits handling.NIIBE Yutaka2021-03-151-3/+3
| | | | | | * scd/app-openpgp.c (count_sos_bits): Handle an exceptional case. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: New option --pcsc-shared.Werner Koch2021-03-121-2/+7
| | | | | | | | | | | | | | | | | * scd/scdaemon.h (opt): Add field opcsc_shared. * scd/scdaemon.c (opcscShared): New. (opts): Add "--pcsc-shared". (main): Set flag. * scd/apdu.c (connect_pcsc_card): Use it. (pcsc_get_status): Take flag in account. * scd/app-openpgp.c (cache_pin): Bypass in shared mode. (verify_chv2: Do not auto verify chv1 in shared mode. * scd/app-piv.c (cache_pin): By pass caceh in shared mode. -- This option should in general not be used. The patch tries to limit bad effects but using shared mode is somewhat dangerous depending on the other PC/SC users.
* scd: Fix computing fingerprint for ECC with SOS.NIIBE Yutaka2021-03-121-1/+22
| | | | | | | | | * scd/app-openpgp.c (count_sos_bits): New. Count as sos_write does. (store_fpr): For ECC, use count_sos_bits. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Swapped openpgp card vendor 0x000a with new 0x000d.Werner Koch2021-03-091-1/+2
| | | | --
* scd: Add new Openpgp card vendor nameWerner Koch2021-03-091-0/+1
| | | | --
* scd: Fix for X448.NIIBE Yutaka2021-03-081-0/+2
| | | | | | * scd/app-openpgp.c (do_decipher): Support with no prefix. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Minor tweak for easier backportingWerner Koch2021-02-191-12/+12
| | | | | | | | * scd/app-common.h (APP_CARD): New. Use it in app-*.c to access app->card. -- This should help to make backporting to 2.2 easier.
* scd:yubikey: Fix support of Yubikey NEO.NIIBE Yutaka2020-12-081-0/+3
| | | | | | * scd/app-openpgp.c (get_public_key): Yubikey NEO also has this issue. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:openpgp: Fix writing ECC key to card.NIIBE Yutaka2020-12-031-6/+27
| | | | | | | | | | * scd/app-openpgp.c (build_privkey_template): Adding another argument of ecc_d_fixed_len to handle variable-size MPI. -- GnuPG-bug-id: 5163 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix YK s/n and prettify the request card prompt for YubikeysWerner Koch2020-11-261-25/+1
| | | | | | | | | | * agent/divert-scd.c (ask_for_card): Detect and re-format the Yubikey prompt. * scd/app.c (app_munge_serialno): Fix Yubikey s/n munging. (card_get_dispserialno): Ditto. * scd/app-openpgp.c (get_disp_serialno): Remove. (get_prompt_info): Use app_get_dispserialno.-- --
* scd: Add special serialno compare for OpenPGP cards.Werner Koch2020-11-261-4/+9
| | | | | | | | | | | | | | | | | * scd/app.c (is_same_serialno): New. (check_application_conflict): Use this. (select_application): Ditto. (app_switch_current_card): Ditto. * scd/app-openpgp.c (check_keyidstr): Ignore the card version and also compare case insensitive. -- This is required because we change what we emit as serialno of OpenPGP cards but existing keys still use the old form of the serial number (i.e. with a firmware version). See-commit: 3a8250c02031080c6c8eebd5dea03f5f87f9ddd7 Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 09:29:14 +0000