aboutsummaryrefslogtreecommitdiffstats
path: root/scd/iso7816.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* scd:p15: Support ECDSA and ECDH for CardOS.Werner Koch2021-03-291-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/iso7816.c (iso7816_pso_csv): New. * scd/app-help.c (app_help_pubkey_from_cert): Uncompress a point if needed. * scd/app-p15.c (CARD_PRODUCT_RSCS): New. (struct prkdf_object_s): Add fields is_ecc, token_label, and tokenflags. (do_deinit): Free new fields. (cardproduct2str): New. (read_ef_prkdf): Set new is_ecc flag. (read_ef_tokeninfo): Store some data and move Tokeninfo diags to ... (read_p15_info): here. set the product info here after all data has been gathered. (send_keypairinfo): Chnage the way the gpgusage flags are used. (make_pin_prompt): If the token has a label and the current cert has no CN, show the label as holder info. (do_sign): Support ECDSA. Take care of the gpgusage flags. (do_decipher): Support ECDH. Take care of the gpgusage flags. -- This has been tested with Trusted Object Manager generated cards by Rohde & Schwarz Cybersecurity. Signed-off-by: Werner Koch <[email protected]>
* scd:openpgp: Allow reading and writing user certs for keys 1 and 2Werner Koch2021-03-191-0/+1
| | | | | | | | | | | | | | * scd/iso7816.c (CMD_SELECT_DATA): New. (iso7816_select_data): New. * scd/app-openpgp.c (do_readcert): Allow OpenPGP.1 and OPENPGP.2 (do_writecert): Ditto. (do_setattr): Add CERT-1 and CERT-2. -- This has been tested with a Zeitcontrol 3.4 card. A test with a Yubikey 5 (firmware 5.2.6) claiming to support 3.4 failed. Signed-off-by: Werner Koch <[email protected]>
* scd: Define new status wordWerner Koch2021-01-271-1/+1
| | | | | | | | * scd/apdu.h (SW_NO_CURRENT_EF): New. -- This merely to show better diagnostics. Used for example by CardOS 5.3.
* scd:p15: First step towards real CardOS 5 support.Werner Koch2021-01-261-1/+2
| | | | | | | | | | | | | | | | | | | | * scd/iso7816.c (iso7816_select_path): Add arg from_cdf. * scd/app-nks.c (do_readkey): Adjust for this change. * scd/app-p15.c (CARD_TYPE_CARDOS_53): New. (IS_CARDOS_5): New. (card_atr_list): Add standard ATR for CardOS 5.3. (select_and_read_binary): Remove the fallback to record read hack. (select_and_read_record): New. (select_ef_by_path): Rework and support CardOS feature. (read_ef_prkdf): Use read record for CardOS. (read_ef_cdf): Ditto. (read_ef_aodf): Ditto. Also fix bug in the detection of other unsupported attribute types. (verify_pin): Use IS_CARDOS_5 macro. (app_select_p15): Force direct method for CardOS. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Improve support for some CardOS based cards.Werner Koch2020-11-251-1/+6
| | | | | | | | | * scd/iso7816.c (iso7816_read_binary_ext): Add optional arg r_sw and change callers. (iso7816_read_record): Factor all code out to ... (iso7816_read_record_ext): new. * scd/app-p15.c (select_and_read_binary): Fallback to record reading. (read_ef_aodf): Clear EOF error.
* scd:nks: Implement writecert for the Signature card v2.Werner Koch2020-07-021-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/iso7816.c (CMD_UPDATE_BINARY): New. (iso7816_update_binary): New. * scd/app-nks.c (do_deinit): Factor some code out to... (flush_fid_cache): new. (do_writecert): New. (app_select_nks): Register new handler. -- This can be used with gpg-card to write the 3 extra certificates of a Telesec TCOS Signature Card v2. The card with the qualified signature is distributed with the keys for encryption and advanced signatures but without the certificates. The certificates can be downloaded from the website after an mail confirmation. Unpacked the downloaded zipfile has these certificates: auth_zert.crt sig_zert.crt enc_zert.crt Using gpg-card issue these commands: writecert NKS-NKS3.4531 <sig_zert.crt writecert NKS-NKS3.45B1 <enc_zert.crt writecert NKS-NKS3.4571 <auth_zert.crt Don't mix that up, tight now there is no checking that the certificates match the public key. I also need to write another patch to actually implement signing and encryption with these nistp256 certificates. Signed-off-by: Werner Koch <[email protected]>
* scd: Factor common PIN status check out.Werner Koch2020-04-071-0/+10
| | | | | | | | | | | | | | * scd/iso7816.h (ISO7816_VERIFY_ERROR): New. (ISO7816_VERIFY_NO_PIN): New. (ISO7816_VERIFY_BLOCKED): New. (ISO7816_VERIFY_NULLPIN): New. (ISO7816_VERIFY_NOT_NEEDED): New. * scd/iso7816.c (iso7816_verify_status): New. * scd/app-nks.c (get_chv_status): Use new function. * scd/app-piv.c (get_chv_status): Ditto. (verify_chv): Ditto. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Fix decrypt followed by sign problem for D-Trust cards.Werner Koch2020-04-071-0/+1
| | | | | | | | | | | | | | | | | * scd/iso7816.c (iso7816_select_mf): New. * scd/app-p15.c (card_product_t): New. (struct app_local_s): Add field 'card_product'. (read_ef_tokeninfo): Detect D-Trust card. (prepare_verify_pin): Switch to D-Trust AID. (do_decipher): Restore a SE for D-TRust cards. Chnage the passing indicator to 0x81. -- Using what I learned from a USB trace running the Governikus Signer Software on Windows this fixes the left over problem with the new D-Trust card support. Signed-off-by: Werner Koch <[email protected]>
* scd: Add function for binary read in extended mode.Werner Koch2020-03-311-0/+3
| | | | | | | * scd/iso7816.c (iso7816_read_binary): Factor code out to ... (iso7816_read_binary_ext): new function. Add arg extended_mode. Signed-off-by: Werner Koch <[email protected]>
* scd:piv: Implement import of private keys for Yubikeys.Werner Koch2019-03-051-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/app-piv.c (concat_tlv_list): Add arg 'secure' and adjust callers. (writekey_rsa, writekey_ecc): New. (do_writekey): New. (do_writecert): Provide a better error message for an empty cert. (app_select_piv): Register do_writekey. * scd/iso7816.c (iso7816_send_apdu): New. * scd/app-common.h (APP_WRITEKEY_FLAG_FORCE): New. * agent/command.c (cmd_keytocard): Make the timestamp optional. * tools/card-call-scd.c (inq_writekey_parms): Remove. (scd_writekey): Rewrite. * tools/gpg-card.c (cmd_writekey): New. (enum cmdids): Add cmdWRITEKEY. (dispatch_command, interactive_loop): Call cmd_writekey. -- This has been tested with gpgsm and RSA keys. For ECC keys only partly tested using the sample OpenPGP nistp256 and nistp384 keys because gpgsm does not yet support ECC certificates and thus we can't write the certificates to the cert object after a writekey. Note that they nevertheless show up in "gpgcard list" because gpg-card searches for them in gpg and gpgsm. However, this does not work completely. Signed-off-by: Werner Koch <[email protected]>
* scd: Make app_genkey and supporting ISO function more flexible.Werner Koch2019-02-061-3/+5
| | | | | | | | | | | | | | | | | | | * scd/app.c (app_genkey): Add arg keytype. * scd/app-common.h (struct app_ctx_s): Fitto for the genkey member. * scd/command.c (cmd_genkey): Adjust for change. * scd/iso7816.c (do_generate_keypair): Replace arg read_only by new args p1 and p2. (iso7816_read_public_key): Adjust for this. (iso7816_generate_keypair): Add new args p1 and p2. * scd/app-openpgp.c (do_genkey): Adjust for changes. -- The OpenPGP card creates keys according to parameters read from a data object. Other cards we are about to implement require a direct specification of the requested keytype. This patch implements the required changes. Signed-off-by: Werner Koch <[email protected]>
* scd: One new and one improved 7816 function.Werner Koch2019-01-201-1/+8
| | | | | | | | | | | | | | | | * scd/apdu.c (apdu_send_direct): New arg R_SW. * scd/command.c (cmd_apdu): Ditto. * scd/iso7816.c (iso7816_apdu_direct): New arg R_SW. (iso7816_general_authenticate): New. * scd/app-nks.c (get_chv_status, get_nks_version): Pass NULL for new arg. -- iso7816_general_authenticate will be used for the PIV card support. The new arg to iso7816_apdu_direct and apdu_send_direct allows to get the raw status word back without the need to handle an output buffer. Signed-off-by: Werner Koch <[email protected]>
* scd: Add two variants to the set of ISO7816 functions.Werner Koch2019-01-031-0/+7
| | | | | | | * scd/iso7816.c (iso7816_select_application_ext): New. (iso7816_get_data_odd): New. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix API of select_file/_path.NIIBE Yutaka2017-03-061-5/+3
| | | | | | | | | | | | | | | | * scd/iso7816.c (iso7816_select_file, iso7816_select_path): Remove unused arguments. * scd/app-dinsig.c (do_readcert): Follow the change. * scd/app-help.c (app_help_read_length_of_cert): Likewise. * scd/app-nks.c (keygripstr_from_pk_file, do_readcert, do_readkey) (switch_application): Likewise. * scd/app-p15.c (select_and_read_binary, select_ef_by_path) (micardo_mse, app_select_p15): Likewise. * scd/app.c (app_new_register): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* Change all http://www.gnu.org in license notices to https://Werner Koch2016-11-051-1/+1
| | | | --
* scd: minor cleanup to merge other works.NIIBE Yutaka2016-10-181-2/+2
| | | | | | | | | * scd/iso7816.c (do_generate_keypair): Use const char * for DATA. (iso7816_generate_keypair, iso7816_read_public_key): Likewise. * scd/app-openpgp.c (get_public_key): Follow the change. (do_genkey): Ditto. Use ERR instead of RC. Use u32 for CREATED_AT. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Rename 'keypad' to 'pinpad'.NIIBE Yutaka2013-02-081-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * NEWS: Mention scd changes. * agent/divert-scd.c (getpin_cb): Change message. * agent/call-scd.c (inq_needpin): Change the protocol to POPUPPINPADPROMPT and DISMISSPINPADPROMPT. * scd/command.c (pin_cb): Likewise. * scd/apdu.c (struct reader_table_s): Rename member functions. (check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify, check_ccid_pinpad, ccid_pinpad_operation, apdu_check_pinpad apdu_pinpad_verify, apdu_pinpad_modify): Rename. * scd/apdu.h (SW_HOST_NO_PINPAD, apdu_check_pinpad) (apdu_pinpad_verify, apdu_pinpad_modify): Rename. * scd/iso7816.h (iso7816_check_pinpad): Rename. * scd/iso7816.c (map_sw): Use SW_HOST_NO_PINPAD. (iso7816_check_pinpad): Rename. (iso7816_verify_kp, iso7816_change_reference_data_kp): Follow the change. * scd/ccid-driver.h (CCID_DRIVER_ERR_NO_PINPAD): Rename. * scd/ccid-driver.c (ccid_transceive_secure): Use it. * scd/app-dinsig.c (verify_pin): Follow the change. * scd/app-nks.c (verify_pin): Follow the change. * scd/app-openpgp.c (check_pinpad_request): Rename. (parse_login_data, verify_a_chv, verify_chv3, do_change_pin): Follow the change. * scd/scdaemon.c (oDisablePinpad, oEnablePinpadVarlen): Rename. * scd/scdaemon.h (opt): Rename to disable_pinpad, enable_pinpad_varlen. * tools/gpgconf-comp.c (gc_options_scdaemon): Rename to disable-pinpad.
* SCD: Support fixed length PIN input for keypad.NIIBE Yutaka2013-02-051-1/+6
| | | | | | | | | | | | | | | * scd/iso7816.h (struct pininfo_s): Remove MODE and add FIXEDLEN. * scd/app-dinsig.c (verify_pin): Initialize FIXEDLEN to unknown. * scd/app-nks.c (verify_pin): Likewise. * scd/app-openpgp.c (verify_a_chv, verify_chv3, do_change_pin): Likewise. * scd/apdu.c (check_pcsc_keypad): Add comment. (pcsc_keypad_verify, pcsc_keypad_modify): PC/SC driver only support readers with the feature of variable length input (yet). (apdu_check_keypad): Set FIXEDLEN. * scd/ccid-driver.c (ccid_transceive_secure): Add GEMPC_PINPAD specific settings. Support fixed length PIN input for keypad.
* SCD: API cleanup for keypad handling.NIIBE Yutaka2013-02-051-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | * scd/iso7816.h (struct pininfo_s): Rename from iso7816_pininfo_s. Change meaning of MODE. (pininfo_t): Rename from iso7816_pininfo_t. * scd/sc-copykeys.c: Include "iso7816.h". * scd/scdaemon.c, scd/command.c: Likewise. * scd/ccid-driver.c: Include "scdaemon.h" and "iso7816.h". (ccid_transceive_secure): Follow the change of PININFO_T. * scd/app.c: Include "apdu.h" after "iso7816.h". * scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp) (iso7816_change_reference_data_kp): Follow the change of API. * scd/apdu.c (struct reader_table_s): Change API of CHECK_KEYPAD, KEYPAD_VERIFY, KEYPAD_MODIFY to have arg of PININFO_T. (check_pcsc_keypad, check_ccid_keypad): Likewise. (apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify): Likewise. (pcsc_keypad_verify, pcsc_keypad_modify, ct_send_apdu) (pcsc_send_apdu_direct, pcsc_send_apdu_wrapped, pcsc_send_apdu) (send_apdu_ccid, ccid_keypad_operation, my_rapdu_send_apdu, send_apdu) (send_le): Follow the change of API. * scd/apdu.h (apdu_check_keypad, apdu_keypad_verify) (apdu_keypad_modify): Change the API. * scd/app-dinsig.c, scd/app-nks.c, scd/app-openpgp.c: Follow the change.
* SCD: Clean up. Remove PADLEN for keypad input.NIIBE Yutaka2013-02-051-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | * scd/apdu.c (struct pininfo_s): Use iso7816_pininfo_s. (struct reader_table_s): Remove last arg from check_keypad method. (check_pcsc_keypad, check_pcsc_keypad): Remove PIN_PADLEN. (pcsc_keypad_verify, pcsc_keypad_modify): Don't check PIN_PADLEN. (send_apdu_ccid, ccid_keypad_operation): Remove PIN_PADLEN. (apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify): Likewise. * scd/apdu.h (apdu_check_keypad, apdu_keypad_verify) (apdu_keypad_modify): Remove PIN_PADLEN. * scd/ccid-driver.c (ccid_transceive_secure): Remove PIN_PADLEN. * scd/ccid-driver.h (ccid_transceive_secure): Remove PIN_PADLEN. * scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp) (iso7816_change_reference_data_kp): Remove PADLEN. * scd/iso7816.h (struct iso7816_pininfo_s): Remove PADLEN, PADCHAR. -- In the OpenPGPcard specification, password comes with no padding. In GnuPG, we support keypad input for OpenPGPcard only. Thus, it is useless to try to support padding for keypad input.
* Fix pinpad input support for passphrase modification.NIIBE Yutaka2011-12-021-5/+1
| | | | | | | | | | | | | | | | | | | | | * apdu.c (pcsc_keypad_verify): Have dummy Lc field with value 0. (pcsc_keypad_modify): Likewise. (pcsc_keypad_modify): It's only for ISO7816_CHANGE_REFERENCE_DATA. bConfirmPIN value is determined by the parameter p0. * app-openpgp.c (do_change_pin): The flag use_keypad should be 0 when reset_mode is on, or resetcode is on. use_keypad only makes sense for iso7816_change_reference_data_kp. * iso7816.h (iso7816_put_data_kp): Remove. (iso7816_reset_retry_counter_kp): Remove. (iso7816_reset_retry_counter_with_rc_kp): Remove. (iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE. * iso7816.c (iso7816_put_data_kp): Remove. (iso7816_reset_retry_counter_kp): Remove. (iso7816_reset_retry_counter_with_rc_kp): Remove. (iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.
* PC/SC pinpad support (pinpad input for modify pass phrase with resetcode, by ↵NIIBE Yutaka2011-11-291-2/+3
| | | | admin).
* PC/SC pinpad support (pinpad input for modify pass phrase).NIIBE Yutaka2011-11-291-3/+1
|
* PC/SC pinpad support.NIIBE Yutaka2011-11-281-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | Before this change, it is layered like following: iso7816_verify iso7816_verify_kp apdu_send_simple, apdu_send_simple_kp ... After this change, it will be layered like: iso7816_verify iso7816_verify_kp apdu_send_simple apdu_keypad_verify ... and apdu_send_simple_kp will be deprecated. For PC/SC API, we use: SCardControl API to compose CCID PC_to_RDR_Secure message SCardTransmit API to compose CCID PC_to_RDR_XfrBlock message Considering the support of PC/SC, we have nothing to share between _kp version of iso7816_* and no _kp version.
* Nuked almost all trailing white space.post-nuke-of-trailing-wsWerner Koch2011-02-041-1/+1
| | | | | | | | We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
* Fix for extended length Le in decipherWerner Koch2009-09-031-5/+3
|
* Fix for card keys > 2048 bit.Werner Koch2009-07-101-2/+4
|
* Add readcert command.Werner Koch2009-06-171-1/+1
| | | | | fix reading large certificates.
* More support for Netkey cards.Werner Koch2009-05-081-6/+8
| | | | | | Small changes to teh CCID driver. Support 2048 bit OpenPGP cards.
* Implement decryption for TCOS 3 cards.Werner Koch2009-03-301-1/+1
|
* Add limited support for NetKey 3.0 cards.Werner Koch2009-01-081-0/+4
|
* Finished support for v2 cards with the exception of secure messaging.Werner Koch2008-09-251-0/+5
|
* Support the Certifciate DO of the v2 OpenPGP cards.Werner Koch2008-09-231-1/+1
|
* Changed to GPLv3.Werner Koch2007-07-041-4/+2
| | | | | Removed intl/.
* Preparing an interim releaseWerner Koch2005-11-281-1/+34
|
* Bug fixes and ssh support for the BELPIC.Werner Koch2005-09-091-1/+2
|
* Basically made Belgian EID cards work.Werner Koch2005-09-051-0/+3
| | | | | | Signature creation has not yet been tested. Also other changes to better cope with T=0 cards.
* Added ID keywords because these files are often used in other packages.Werner Koch2004-10-141-0/+4
|
* *** empty log message ***Werner Koch2004-03-161-0/+1
|
* (iso7816_manage_security_env): New.Werner Koch2004-01-281-0/+4
| | | | | | | (iso7816_decipher): Add PADIND argument. ** app-nks.c is now functional **
* Some minor bug fixes, new test utilities and started support for otherWerner Koch2004-01-271-0/+8
| | | | | smartcard applications.
* Fixes to make inclusion of card raleted source files into 1.3 easier.Werner Koch2003-10-021-0/+4
|
* This commit was manufactured by cvs2svn to create branchRepo Admin2003-08-051-0/+56
'GNUPG-1-9-BRANCH'.
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 09:36:02 +0000