From wk at gnupg.org Mon Jan 3 10:07:07 2011 From: wk at gnupg.org (Werner Koch) Date: Mon, 03 Jan 2011 10:07:07 +0100 Subject: Issues with the change to git - typos and errors cloning the repository In-Reply-To: <1293796833.4153.4.camel@haktar.wgdd.de> (Daniel Leidert's message of "Fri, 31 Dec 2010 13:00:33 +0100") References: <1293796833.4153.4.camel@haktar.wgdd.de> Message-ID: <87hbdq8if8.fsf@vigenere.g10code.de> On Fri, 31 Dec 2010 13:00, daniel.leidert.spam at gmx.net said: > (3) http://git.gnupg.org/cgi-bin/gitweb.cgi says "cvs.gnupg.org > Git ...". Why does the title say "cvs.gnupg.org" and not git.g.o? Changed to git.gnupg.org. Now please don't complain that svn.gnupg.org show git in its titke. svn, cvs and git are all on the same server. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Mon Jan 3 19:06:27 2011 From: wk at gnupg.org (Werner Koch) Date: Mon, 03 Jan 2011 19:06:27 +0100 Subject: Migration to GIT complete Message-ID: <87ipy57tgc.fsf@vigenere.g10code.de> Hi! Some of you might have noticed that over the last week I migrated GnuPG and some related projects from Subversion to GIT. The trunk versions of Subversions should now all have a README telling that the repo is now maintained by GIT. If you want to checkout something you need to use git clone git://git.gnupg.org/FOO.git where foo is gnupg, libgcrypt, libassuan, libgpg-error and so on. http://git.gnupg.org has a link to the git browser which lists all projects. The gnupg-commits mailing list will receive the usual messages from changes the main repository. The old subversion archives are now in read-only mode and kept so that references to them will continue to work. www.gnupg.org is still kept in a CVS; I'd like to change this also but the website needs a general overhaul anyway thus there is no point in switching it to GIT Happy New Year, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From dkg at fifthhorseman.net Mon Jan 3 19:18:55 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Mon, 03 Jan 2011 13:18:55 -0500 Subject: Migration to GIT complete In-Reply-To: <87ipy57tgc.fsf@vigenere.g10code.de> References: <87ipy57tgc.fsf@vigenere.g10code.de> Message-ID: <4D22130F.1050406@fifthhorseman.net> On 01/03/2011 01:06 PM, Werner Koch wrote: > Some of you might have noticed that over the last week I migrated GnuPG > and some related projects from Subversion to GIT. The trunk versions of > Subversions should now all have a README telling that the repo is now > maintained by GIT. Thanks for doing this work, Werner! This is very welcome news for the new decade :) --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From gniibe at fsij.org Wed Jan 5 05:10:08 2011 From: gniibe at fsij.org (NIIBE Yutaka) Date: Wed, 05 Jan 2011 13:10:08 +0900 Subject: smartcard: PIN pad support Message-ID: <4D23EF20.3060206@fsij.org> Hi, I am adding PIN pad support to Gnuk. I did some experiments and found things. Here is the summary of PIN pad support status. Please correct me, if I'm wrong. * PIN pad support is only available for GnuPG's in-stock ccid-driver. * It is not available for PC/SC lite backend (yet). * It is only used for VERIFY command. Yes, we have the functions iso7816_change_reference_data_kp and iso7816_reset_retry_counter_kp, but callers are not yet implemented to support PIN pad. * ccid-driver only support a few readers for PIN pad. I needed following patch for Gnuk. diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index b71ff6a..60c341e 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -209,7 +209,8 @@ enum { VENDOR_SCM = 0x04e6, VENDOR_OMNIKEY= 0x076b, VENDOR_GEMPC = 0x08e6, - VENDOR_KAAN = 0x0d46 + VENDOR_KAAN = 0x0d46, + VENDOR_FSIJ = 0x234B }; /* A list and a table with special transport descriptions. */ @@ -3072,6 +3073,7 @@ ccid_transceive_secure (ccid_driver_t handle, { case VENDOR_SCM: /* Tested with SPR 532. */ case VENDOR_KAAN: /* Tested with KAAN Advanced (1.02). */ + case VENDOR_FSIJ: break; case VENDOR_CHERRY: /* The CHERRY XX44 keyboard echos an asterisk for each entered -- From wk at gnupg.org Wed Jan 5 09:10:30 2011 From: wk at gnupg.org (Werner Koch) Date: Wed, 05 Jan 2011 09:10:30 +0100 Subject: smartcard: PIN pad support In-Reply-To: <4D23EF20.3060206@fsij.org> (NIIBE Yutaka's message of "Wed, 05 Jan 2011 13:10:08 +0900") References: <4D23EF20.3060206@fsij.org> Message-ID: <87bp3v6aa1.fsf@vigenere.g10code.de> On Wed, 5 Jan 2011 05:10, gniibe at fsij.org said: > * It is only used for VERIFY command. > > Yes, we have the functions iso7816_change_reference_data_kp and > iso7816_reset_retry_counter_kp, but callers are not yet > implemented to support PIN pad. Right. My fear is that a little bug in the code or one of the readers turns the card into a brick (v1 cards) or renders the keys unusable (v2). Thus this support would need extensive testing. > I needed following patch for Gnuk. Will apply this. Thanks. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From bernhard at intevation.de Fri Jan 7 12:51:06 2011 From: bernhard at intevation.de (Bernhard Reiter) Date: Fri, 7 Jan 2011 12:51:06 +0100 Subject: dirmngr consuming too much power because of select() loop? (deb:507361) Message-ID: <201101071251.09149.bernhard@intevation.de> Werner, seems like http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507361 is worth a response. | Version: 1.0.1-3 |dirmngr is seen often in top of powertop results on a idle kde4 |system. Looking at strace, looks like dirmngr has select() timeout |based loop. That is bad in power managment perspective. CPU can't |dynamically sleep long periods when applications wake it up.. [..] -- Managing Director - Owner: www.intevation.net (Free Software Company) Deputy Coordinator Germany: fsfe.org. Board member: www.kolabsys.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3696 bytes Desc: not available URL: From bernhard at intevation.de Fri Jan 7 13:02:45 2011 From: bernhard at intevation.de (Bernhard Reiter) Date: Fri, 7 Jan 2011 13:02:45 +0100 Subject: dirmngr: restricting access to socket, why? Debian Default Message-ID: <201101071302.49877.bernhard@intevation.de> Hi Peter, Hi Werner, the current revisions of dirmngr in Debian restricts access to the system service to users in gid "dirmngr" (e.g. 1.0.3-1 or 1.1.0-0kk1 [1]). Is there a reason to do so? The result of the default is that regular users cannot use this system service and they should be able to do this, in my view. Or do you know a reason why they should not that I have missed? This could be a missunderstanding, because: http://gnupg.org/documentation/manuals/dirmngr/Installation.html#Installation says: /var/run/dirmngr This directory keeps the socket file for accsing dirmngr services. The name of the socket file will be socket. Make sure that this directory has the proper permissions to let dirmngr create the socket file and that eligible users may read and write to that socket. I guess Werner or Marcus mentioned that so that enough access is granted, not restricted. So I suggest to change the default in cat /etc/default/dirmngr # Defaults for dirmngr init script # sourced by /etc/init.d/dirmngr # This variable contols the access mode of the dirmngr socket. Set it # to 0770 to allow only users in the "dirmngr" group to access the # socket and thus use the daemon. Set it to 0777 to allow everyone to # use the daemon. The default is 0770. DIRMNGR_SOCKET_MODE=0770 to 0777. :) Peter, an extra thank you for maintaining Debian packages! Note that 1.1.0 is out and that afterwards dirmngrs will come with the gnupg 2.1 sources. Let me know if I should created Debian reports for this or not. Best Regards, Bernhard [1] packages by us for Lenny. There is already 1.1.0 available. http://files.kolab.org/apt/releases/dists/lenny/experimental/source/ -- Managing Director - Owner: www.intevation.net (Free Software Company) Deputy Coordinator Germany: fsfe.org. Board member: www.kolabsys.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From bernhard at intevation.de Fri Jan 7 13:10:04 2011 From: bernhard at intevation.de (Bernhard Reiter) Date: Fri, 7 Jan 2011 13:10:04 +0100 Subject: dirmngr 1.1.0 hanging when looking up crls? Message-ID: <201101071310.04679.bernhard@intevation.de> Is it wanted behaviour that dirmngr does not reply to pings when looking up stuff? I've started a gpgsm --verify which issued something to dirmngr, here is the last line from the dirmngr.log: 2011-01-07 13:04:13 dirmngr[8015.0] Es ist keine CRL f?r den Issuer mit der ID C8251103FB3E52E816DE6FD2DDBDFB85D4EFE240 vorhanden Now dirmngr-client --ping does not return for a different or the same user for minutes. Bernhard -- Managing Director - Owner: www.intevation.net (Free Software Company) Deputy Coordinator Germany: fsfe.org. Board member: www.kolabsys.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From bernhard at intevation.de Fri Jan 7 16:15:32 2011 From: bernhard at intevation.de (Bernhard Reiter) Date: Fri, 7 Jan 2011 16:15:32 +0100 Subject: dirmngr: restricting access to socket, why? Debian Default In-Reply-To: <1294409950.22580.1.camel@fsopti579.F-Secure.com> References: <201101071302.49877.bernhard@intevation.de> <1294409950.22580.1.camel@fsopti579.F-Secure.com> Message-ID: <201101071615.33416.bernhard@intevation.de> Am Freitag, 7. Januar 2011 15:19:10 schrieb Peter Eisentraut: > On fre, 2011-01-07 at 13:02 +0100, Bernhard Reiter wrote: > > the current revisions of dirmngr in Debian restricts access to the > > system service to users in gid "dirmngr" (e.g. 1.0.3-1 or 1.1.0-0kk1 > > [1]). > > > > Is there a reason to do so? > > This was done according to the advice from the upstream authors. ?I'd be > glad to review it if updated advice were issued. ;-) Yes, this is why I've asked Werner, because I do not understand the reason behind doing it the way it is done. One possible reason could be to protect the service from being "attacked" from inside of the system, but in this case all regular users would need to be put into the dirmngr group. If there is a way to do so in Debian, this would also be a workable solution. However desktop users will not understand and usually not discover that they have to do something to access the system dirmngr. ;) Bernhard -- Managing Director - Owner: www.intevation.net (Free Software Company) Deputy Coordinator Germany: fsfe.org. Board member: www.kolabsys.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From wk at gnupg.org Fri Jan 7 17:52:07 2011 From: wk at gnupg.org (Werner Koch) Date: Fri, 07 Jan 2011 17:52:07 +0100 Subject: dirmngr consuming too much power because of select() loop? (deb:507361) In-Reply-To: <201101071251.09149.bernhard@intevation.de> (Bernhard Reiter's message of "Fri, 7 Jan 2011 12:51:06 +0100") References: <201101071251.09149.bernhard@intevation.de> Message-ID: <87ipy03bd4.fsf@vigenere.g10code.de> On Fri, 7 Jan 2011 12:51, bernhard at intevation.de said: > Werner, seems like > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507361 > is worth a response. As you know the project dirmngr is dead now. Dirmngr has been integrated into GnuPG proper and all changes will de done there. Sure, we can use the same timeout system as for gpg-agent here (aligning timeouts to the full second). Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Fri Jan 7 18:01:39 2011 From: wk at gnupg.org (Werner Koch) Date: Fri, 07 Jan 2011 18:01:39 +0100 Subject: dirmngr: restricting access to socket, why? Debian Default In-Reply-To: <201101071615.33416.bernhard@intevation.de> (Bernhard Reiter's message of "Fri, 7 Jan 2011 16:15:32 +0100") References: <201101071302.49877.bernhard@intevation.de> <1294409950.22580.1.camel@fsopti579.F-Secure.com> <201101071615.33416.bernhard@intevation.de> Message-ID: <87ei8o3ax8.fsf@vigenere.g10code.de> > Am Freitag, 7. Januar 2011 15:19:10 schrieb Peter Eisentraut: >> This was done according to the advice from the upstream authors. ?I'd be >> glad to review it if updated advice were issued. ;-) I can't remember that; might be a misunderstanding. I was more thinking of a dirmngr running under the user dirmngr than under root. I have not installed a recent Debian dirmngr thus I can't check this. Permission for the socket should be given to all regular users on the system. This is in particular important for the forthcoming 2.1 GnuPG where dirmngr will also be used to access pgp keyservers. Shalom-Salam, Werner p.s. I did not receive Peter's mail yet. -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Fri Jan 7 18:05:19 2011 From: wk at gnupg.org (Werner Koch) Date: Fri, 07 Jan 2011 18:05:19 +0100 Subject: dirmngr 1.1.0 hanging when looking up crls? In-Reply-To: <201101071310.04679.bernhard@intevation.de> (Bernhard Reiter's message of "Fri, 7 Jan 2011 13:10:04 +0100") References: <201101071310.04679.bernhard@intevation.de> Message-ID: <87aajc3ar4.fsf@vigenere.g10code.de> On Fri, 7 Jan 2011 13:10, bernhard at intevation.de said: > Is it wanted behaviour that dirmngr does not reply to pings when > looking up stuff? No. It might be waiting for a DNS timeout - we can't do much about this right now. What OS? More detailed info required. If possible try to replicate this problem with dirmngr 2.1. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From ans at immerda.ch Fri Jan 7 17:09:05 2011 From: ans at immerda.ch (Ans) Date: Fri, 07 Jan 2011 17:09:05 +0100 Subject: email-adress strings in comments Message-ID: <4D273AA1.4080600@immerda.ch> Hi I just found out that it's possible to create keys with email adresses in the comment field, like this: uid sdgsdg sgsg () which can trick the keylookup: gpg --list-key "" lists this key, even tough this would be just a comment. cheers, Ans From bernhard at intevation.de Mon Jan 10 10:12:24 2011 From: bernhard at intevation.de (Bernhard Reiter) Date: Mon, 10 Jan 2011 10:12:24 +0100 Subject: dirmngr: restricting access to socket, why? Debian Default In-Reply-To: <87ei8o3ax8.fsf@vigenere.g10code.de> References: <201101071302.49877.bernhard@intevation.de> <201101071615.33416.bernhard@intevation.de> <87ei8o3ax8.fsf@vigenere.g10code.de> Message-ID: <20110110091207.58B7E94D9C4@kolab.intevation.de> Am Freitag 07 Januar 2011, 18:01:39 schrieb Werner Koch: > p.s. I did not receive Peter's mail yet. He'd send it to the list only, so it is stuck in moderation. -- Send with Kontact Mobile on N900 From wk at gnupg.org Mon Jan 10 10:30:30 2011 From: wk at gnupg.org (Werner Koch) Date: Mon, 10 Jan 2011 10:30:30 +0100 Subject: dirmngr: restricting access to socket, why? Debian Default In-Reply-To: <20110110091207.58B7E94D9C4@kolab.intevation.de> (Bernhard Reiter's message of "Mon, 10 Jan 2011 10:12:24 +0100") References: <201101071302.49877.bernhard@intevation.de> <201101071615.33416.bernhard@intevation.de> <87ei8o3ax8.fsf@vigenere.g10code.de> <20110110091207.58B7E94D9C4@kolab.intevation.de> Message-ID: <87oc7p14y1.fsf@vigenere.g10code.de> On Mon, 10 Jan 2011 10:12, bernhard at intevation.de said: > He'd send it to the list only, so it is stuck in moderation. No that is not the case. It is more likely that it was falsely considered spam (HTML?). Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From bernhard at intevation.de Mon Jan 10 12:56:23 2011 From: bernhard at intevation.de (Bernhard Reiter) Date: Mon, 10 Jan 2011 12:56:23 +0100 Subject: dirmngr 1.1.0 hanging when looking up crls? In-Reply-To: <87aajc3ar4.fsf@vigenere.g10code.de> References: <201101071310.04679.bernhard@intevation.de> <87aajc3ar4.fsf@vigenere.g10code.de> Message-ID: <201101101256.29346.bernhard@intevation.de> Am Freitag, 7. Januar 2011 18:05:19 schrieb Werner Koch: > On Fri, ?7 Jan 2011 13:10, bernhard at intevation.de said: > > Is it wanted behaviour that dirmngr does not reply to pings when > > looking up stuff? > > No. ?It might be waiting for a DNS timeout - we can't do much about this > right now. > > What OS? ?More detailed info required. ? GNU/Linux (Debian Lenny), S/MIME. Might be related to a specific certificate. > If possible try to replicate this problem with dirmngr 2.1. I do not have it packaged right now. But I'll see what I can do next time. -- Managing Director - Owner: www.intevation.net (Free Software Company) Deputy Coordinator Germany: fsfe.org. Board member: www.kolabsys.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From sascha-ml-reply-to-2011-1 at silbe.org Mon Jan 10 19:09:49 2011 From: sascha-ml-reply-to-2011-1 at silbe.org (Sascha Silbe) Date: Mon, 10 Jan 2011 19:09:49 +0100 Subject: --list-secret-keys abysmally slow Message-ID: <1294682986-sup-1097@xo15-sascha.sascha.silbe.org> Hi! (Originally report as issue #1312 [1], but I was told to post here instead). --list-secret-keys takes a lot of time in the latest development version: sascha.silbe at twin:~$ time gpg2 --list-secret-keys gpg: please do a --check-trustdb /home/sascha.silbe/.gnupg/pubring.gpg ------------------------------------- sec# 4096R/A13AC1B1 2008-06-03 [expires: 2013-06-02] uid Sascha Silbe uid Sascha Silbe ssb# 2048R/2E966FF1 2008-06-03 [expires: 2013-06-02] ssb# 2048R/4C1770DA 2008-06-03 [expires: 2013-06-02] ssb 2048R/7775EB20 2010-03-07 real 0m11.769s user 0m10.273s sys 0m0.544s sascha.silbe at twin:~$ This is on my fastest system, containing an Athlon X2 BE-2300. As it's entirely CPU bound I expect it to be much worse on my other systems. 2.0.14 OTOH is reasonably fast and lists a lot more keys (one of which isn't expired): sascha.silbe at twin:~$ time /usr/bin/gpg2 --list-secret-keys gpg: please do a --check-trustdb /home/sascha.silbe/.gnupg/secring.gpg ------------------------------------- sec 1024D/6135C35B 2000-06-15 uid Sascha Silbe uid Old key - please use 74E5CF87 instead ssb 2048g/876FE678 2000-06-15 sec 768R/E24E152D 1997-07-31 uid Sascha M. Silbe - 768-Key uid Sascha M. Silbe - 768-Key sec 2048R/200B8F6D 1997-07-31 uid Sascha M. Silbe - 2048-Key uid Sascha M. Silbe - 2048-Key sec 1024R/3BDC71ED 1997-07-31 uid Sascha M. Silbe - 1024-Key uid Sascha M. Silbe - 1024-Key sec 1024R/7337BD6D 1999-06-12 uid Sascha Silbe uid Old key - please use 74E5CF87 instead sec 1024D/74E5CF87 2002-06-07 [expires: 2005-11-10] uid Sascha Silbe uid Sascha Silbe uid Sascha Silbe uid Sascha Silbe ssb 2048g/4623B45A 2002-06-07 sec 1024D/F9FB6446 2005-08-20 [expires: 2010-08-19] uid Sascha Silbe ssb 2048g/56B5E5DA 2005-08-20 ssb 1024D/A57475A3 2007-02-09 sec 4096R/A13AC1B1 2008-06-03 [expires: 2013-06-02] uid Sascha Silbe uid Sascha Silbe ssb 2048R/2E966FF1 2008-06-03 ssb 2048R/4C1770DA 2008-06-03 ssb 2048R/7775EB20 2010-03-07 sec 4096R/666005F4 2008-12-29 [expires: 2016-12-27] [uid omitted for privacy reasons] real 0m0.109s user 0m0.016s sys 0m0.044s sascha.silbe at twin:~$ strace'ing gpg2 and gpg-agent suggests that all public keys are probed. With currently about 7k public keys in the ring (prior to an HD crash it was even more) it's clear why --list-secret-keys is that slow. This is probably a known / expected issue (the gpg-agent protocol doesn't seem to have a command for listing secret keys), but I didn't find it documented anywhere. PS: The difference in the number of secret keys was related to the fact that I had not "imported" the ~/.gnupg/secring.gpg yet. The secret key stubs for my main key might have come from using gpg-agent in ssh-agent "emulation" mode before (with 2.0.14). The performance did not change after the import. Sascha [1] https://bugs.g10code.com/gnupg/issue1312 -- http://sascha.silbe.org/ http://www.infra-silbe.de/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: not available URL: From benjamin at py-soft.co.uk Mon Jan 10 21:22:17 2011 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Mon, 10 Jan 2011 20:22:17 +0000 Subject: GnuPG2 release Message-ID: <-970941635870816125@unknownmsgid> Unfortunately, I cannot find the message now; am I correct in understanding that a new release of GnuPG2 is planned this week? Take care, Ben Sent from my iPhone From wk at gnupg.org Tue Jan 11 11:17:40 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 11 Jan 2011 11:17:40 +0100 Subject: GnuPG2 release In-Reply-To: <-970941635870816125@unknownmsgid> (Benjamin Donnachie's message of "Mon, 10 Jan 2011 20:22:17 +0000") References: <-970941635870816125@unknownmsgid> Message-ID: <87bp3n218b.fsf@vigenere.g10code.de> On Mon, 10 Jan 2011 21:22, benjamin at py-soft.co.uk said: > Unfortunately, I cannot find the message now; am I correct in > understanding that a new release of GnuPG2 is planned this week? I mentioned on Sunday that I consider to do a new release soon. Do you have something I should add to 2.0.17? Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From benjamin at py-soft.co.uk Tue Jan 11 11:33:01 2011 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Tue, 11 Jan 2011 10:33:01 +0000 Subject: GnuPG2 release In-Reply-To: <87bp3n218b.fsf@vigenere.g10code.de> References: <-970941635870816125@unknownmsgid> <87bp3n218b.fsf@vigenere.g10code.de> Message-ID: On 11 January 2011 10:17, Werner Koch wrote: > I mentioned on Sunday that I consider to do a new release soon. ?Do you > have something I should add to 2.0.17? I am currently working on a new build for MacGPG2 but will hold off for a few days if you have a new release in the pipeline. Take care, Ben From gniibe at fsij.org Wed Jan 12 06:40:35 2011 From: gniibe at fsij.org (NIIBE Yutaka) Date: Wed, 12 Jan 2011 14:40:35 +0900 Subject: smartcard: PIN pad support In-Reply-To: <87bp3v6aa1.fsf@vigenere.g10code.de> References: <4D23EF20.3060206@fsij.org> <87bp3v6aa1.fsf@vigenere.g10code.de> Message-ID: <4D2D3ED3.8030403@fsij.org> 2011-01-05 17:10, Werner Koch wrote: > On Wed, 5 Jan 2011 05:10, gniibe at fsij.org said: > >> * It is only used for VERIFY command. >> >> Yes, we have the functions iso7816_change_reference_data_kp and >> iso7816_reset_retry_counter_kp, but callers are not yet >> implemented to support PIN pad. > > Right. My fear is that a little bug in the code or one of the readers > turns the card into a brick (v1 cards) or renders the keys unusable (v2). > Thus this support would need extensive testing. Thanks for your reply. I understand the current situation. I think that iso7816_reset_retry_counter_kp is not needed (iso7816_verify_kp and iso7816_change_reference_data_kp only) because CCID protocol only defines PIN Verification and PIN Modification operations. I am testing GnuPG version 2 on Debian with pcsc-lite. Attached is a patch to enable pcsc-lite backend to support PINPAD input. Note that I don't think this is ready to merge (yet), because it's not that clean and there are code duplicates and interface mismatches, etc. This is to show it's not that far for pcsc-lite. For pcsc-lite (I guess that it's same for PCSC on Windows), the CCID message of PC_to_RDR_Secure (= 0x69) can be composed by SCardControl API. 8<------------------------------------------------- diff --git a/scd/Makefile.am b/scd/Makefile.am index 923ebfe..b2aab01 100644 --- a/scd/Makefile.am +++ b/scd/Makefile.am @@ -22,7 +22,7 @@ if ! HAVE_W32_SYSTEM libexec_PROGRAMS = gnupg-pcsc-wrapper endif -AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -I$(top_srcdir)/common +AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -I$(top_srcdir)/common -I/usr/include/PCSC include $(top_srcdir)/am/cmacros.am diff --git a/scd/apdu.c b/scd/apdu.c index 80c933e..656801d 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -33,6 +33,8 @@ # include # include #endif +#include +#include /* If requested include the definitions for the remote APDU protocol @@ -121,6 +123,9 @@ struct reader_table_s { int req_fd; int rsp_fd; pid_t pid; +#else + unsigned long verify_ioctl; + unsigned long modify_ioctl; #endif /*NEED_PCSC_WRAPPER*/ } pcsc; #ifdef USE_G10CODE_RAPDU @@ -303,6 +308,13 @@ long (* DLSTDCALL pcsc_transmit) (unsigned long card, unsigned long *recv_len); long (* DLSTDCALL pcsc_set_timeout) (unsigned long context, unsigned long timeout); +long (* DLSTDCALL pcsc_control) (unsigned long card, + unsigned long control_code, + const void *send_buffer, + unsigned long send_len, + void *recv_buffer, + unsigned long recv_len, + unsigned long *bytes_returned); /* Prototypes. */ @@ -311,6 +323,8 @@ static int reset_pcsc_reader (int slot); static int apdu_get_status_internal (int slot, int hang, int no_atr_reset, unsigned int *status, unsigned int *changed); +static int pcsc_check_keypad (int slot, int command, int pin_mode, + int pinlen_min, int pinlen_max, int pin_padlen); @@ -354,7 +368,7 @@ new_reader_slot (void) reader_table[reader].reset_reader = NULL; reader_table[reader].get_status_reader = NULL; reader_table[reader].send_apdu_reader = NULL; - reader_table[reader].check_keypad = NULL; + reader_table[reader].check_keypad = pcsc_check_keypad; reader_table[reader].dump_status_reader = NULL; reader_table[reader].set_progress_cb = NULL; @@ -1165,6 +1179,170 @@ pcsc_send_apdu (int slot, unsigned char *apdu, size_t apdulen, #endif } +#ifdef NEED_PCSC_WRAPPER +static int +pcsc_control_wrapped (int slot, const unsigned char *controlbuf, size_t len, + unsigned char *buffer, size_t *buflen) +{ + long err = PCSC_E_NOT_TRANSACTED; + reader_table_t slotp; + unsigned char msgbuf[9]; + int i, n; + size_t full_len; + + slotp = reader_table + slot; + + msgbuf[0] = 0x06; /* CONTROL command. */ + msgbuf[1] = (len >> 24); + msgbuf[2] = (len >> 16); + msgbuf[3] = (len >> 8); + msgbuf[4] = (len ); + if ( writen (slotp->pcsc.req_fd, msgbuf, 5) + || writen (slotp->pcsc.req_fd, controlbuf, len)) + { + log_error ("error sending PC/SC CONTROL request: %s\n", + strerror (errno)); + goto command_failed; + } + + /* Read the response. */ + if ((i=readn (slotp->pcsc.rsp_fd, msgbuf, 9, &len)) || len != 9) + { + log_error ("error receiving PC/SC CONTROL response: %s\n", + i? strerror (errno) : "premature EOF"); + goto command_failed; + } + len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; + if (msgbuf[0] != 0x81 || len < 4) + { + log_error ("invalid response header from PC/SC received\n"); + goto command_failed; + } + len -= 4; /* Already read the error code. */ + err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16) + | (msgbuf[7] << 8 ) | msgbuf[8]); + if (err) + { + log_error ("pcsc_control failed: %s (0x%lx)\n", + pcsc_error_string (err), err); + return err; + } + + full_len = len; + + n = *buflen < len ? *buflen : len; + if ((i=readn (slotp->pcsc.rsp_fd, buffer, n, &len)) || len != n) + { + log_error ("error receiving PC/SC CONTROL response: %s\n", + i? strerror (errno) : "premature EOF"); + goto command_failed; + } + *buflen = n; + + full_len -= len; + if (full_len) + { + log_error ("pcsc_send_apdu: provided buffer too short - truncated\n"); + err = PCSC_E_INVALID_VALUE; + } + /* We need to read any rest of the response, to keep the + protocol running. */ + while (full_len) + { + unsigned char dummybuf[128]; + + n = full_len < DIM (dummybuf) ? full_len : DIM (dummybuf); + if ((i=readn (slotp->pcsc.rsp_fd, dummybuf, n, &len)) || len != n) + { + log_error ("error receiving PC/SC CONTROL response: %s\n", + i? strerror (errno) : "premature EOF"); + goto command_failed; + } + full_len -= n; + } + + if (!err) + return 0; + + command_failed: + close (slotp->pcsc.req_fd); + close (slotp->pcsc.rsp_fd); + slotp->pcsc.req_fd = -1; + slotp->pcsc.rsp_fd = -1; + kill (slotp->pcsc.pid, SIGTERM); + slotp->pcsc.pid = (pid_t)(-1); + slotp->used = 0; + return err; +} +#endif /*NEED_PCSC_WRAPPER*/ + +static int +pcsc_pinpad_verify (int slot, unsigned char *apdu, size_t apdulen, + unsigned char *buffer, size_t *buflen, + struct pininfo_s *pininfo) +{ + long err; + PIN_VERIFY_STRUCTURE *pin_verify; + unsigned long len = sizeof (PIN_VERIFY_STRUCTURE) + apdulen - 1; + + if (!reader_table[slot].atrlen + && (err = reset_pcsc_reader (slot))) + return err; + + pin_verify = xtrymalloc (len); + if (!pin_verify) + return SW_HOST_OUT_OF_CORE; + + pin_verify->bTimerOut = 0x00; + pin_verify->bTimerOut2 = 0x00; + pin_verify->bmFormatString = 0x82; /* Byte, pos=0, left, ASCII. */ + pin_verify->bmPINBlockString = 0x00; + pin_verify->bmPINLengthFormat = 0x00; + ((unsigned char *)&pin_verify->wPINMaxExtraDigit)[0] = pininfo->maxlen; + ((unsigned char *)&pin_verify->wPINMaxExtraDigit)[1] = pininfo->minlen; + pin_verify->bEntryValidationCondition = 0x02; /* Validation key pressed */ + pin_verify->bNumberMessage = 0xff; /* Default */ + /* LangId = 0x0409: US English */ + ((unsigned char *)&pin_verify->wLangId)[0] = 0x09; + ((unsigned char *)&pin_verify->wLangId)[1] = 0x04; + pin_verify->bMsgIndex = 0x00; + pin_verify->bTeoPrologue[0] = 0x00; + pin_verify->bTeoPrologue[1] = 0x00; + pin_verify->bTeoPrologue[2] = 0x00; + ((unsigned char *)&pin_verify->ulDataLength)[0] = apdulen & 0xff; + ((unsigned char *)&pin_verify->ulDataLength)[1] = (apdulen >> 8) & 0xff; + ((unsigned char *)&pin_verify->ulDataLength)[2] = (apdulen >> 16) & 0xff; + ((unsigned char *)&pin_verify->ulDataLength)[3] = apdulen >> 24; + memcpy (pin_verify->abData, apdu, apdulen); + +#ifdef NEED_PCSC_WRAPPER + err = pcsc_control_wrapped (slot, (const unsigned char *)pin_verify, + len, buffer, buflen); +#else + err = pcsc_control (reader_table[slot].pcsc.card, + reader_table[slot].pcsc.verify_ioctl, + pin_verify, len, buffer, *buflen, buflen); +#endif + + if (err) + log_error ("pcsc_control failed: %s (0x%lx)\n", + pcsc_error_string (err), err); + xfree (pin_verify); + return pcsc_error_to_sw (err); +} + +static int +pcsc_check_keypad (int slot, int command, int pin_mode, + int pinlen_min, int pinlen_max, int pin_padlen) +{ + (void)slot; + (void)command; + (void)pin_mode; + (void)pinlen_min; + (void)pinlen_max; + (void)pin_padlen; + return 0; /* Success */ +} #ifndef NEED_PCSC_WRAPPER static int @@ -1261,6 +1439,14 @@ close_pcsc_reader (int slot) /* Connect a PC/SC card. */ #ifndef NEED_PCSC_WRAPPER +/* Convert a big endian stored 4 byte value into an unsigned + integer. */ +static unsigned int +convert_be_u32 (const unsigned char *buf) +{ + return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]; +} + static int connect_pcsc_card (int slot) { @@ -1314,6 +1500,28 @@ connect_pcsc_card (int slot) | APDU_CARD_PRESENT | APDU_CARD_ACTIVE); reader_table[slot].is_t0 = !!(card_protocol & PCSC_PROTOCOL_T0); + reader_table[slot].pcsc.verify_ioctl = 0; + reader_table[slot].pcsc.modify_ioctl = 0; + err = pcsc_control (reader_table[slot].pcsc.card, + CM_IOCTL_GET_FEATURE_REQUEST, NULL, 0, + reader, sizeof reader, &readerlen); + if (err) + log_error ("pcsc_control failed: %s (0x%lx)\n", + pcsc_error_string (err), err); + else + { + PCSC_TLV_STRUCTURE *pcsc_tlv; + int i; + + pcsc_tlv = (PCSC_TLV_STRUCTURE *)reader; + for (i = 0; i < readerlen / sizeof (PCSC_TLV_STRUCTURE); i++) + if (pcsc_tlv[i].tag == FEATURE_VERIFY_PIN_DIRECT) + reader_table[slot].pcsc.verify_ioctl + = convert_be_u32 ((const unsigned char *)&pcsc_tlv[i].value); + else if (pcsc_tlv[i].tag == FEATURE_MODIFY_PIN_DIRECT) + reader_table[slot].pcsc.modify_ioctl + = convert_be_u32 ((const unsigned char *)&pcsc_tlv[i].value); + } } } @@ -2438,6 +2646,7 @@ apdu_open_reader (const char *portstr) pcsc_end_transaction = dlsym (handle, "SCardEndTransaction"); pcsc_transmit = dlsym (handle, "SCardTransmit"); pcsc_set_timeout = dlsym (handle, "SCardSetTimeout"); + pcsc_control = dlsym (handle, "SCardControl"); if (!pcsc_establish_context || !pcsc_release_context @@ -2450,12 +2659,13 @@ apdu_open_reader (const char *portstr) || !pcsc_begin_transaction || !pcsc_end_transaction || !pcsc_transmit + || !pcsc_control /* || !pcsc_set_timeout */) { /* Note that set_timeout is currently not used and also not available under Windows. */ log_error ("apdu_open_reader: invalid PC/SC driver " - "(%d%d%d%d%d%d%d%d%d%d%d%d)\n", + "(%d%d%d%d%d%d%d%d%d%d%d%d%d)\n", !!pcsc_establish_context, !!pcsc_release_context, !!pcsc_list_readers, @@ -2467,7 +2677,8 @@ apdu_open_reader (const char *portstr) !!pcsc_begin_transaction, !!pcsc_end_transaction, !!pcsc_transmit, - !!pcsc_set_timeout ); + !!pcsc_set_timeout, + !!pcsc_control ); dlclose (handle); return -1; } @@ -3301,6 +3512,7 @@ apdu_send_simple (int slot, int extended_mode, /* Same as apdu_send_simple but uses the keypad of the reader. */ +#if 0 int apdu_send_simple_kp (int slot, int class, int ins, int p0, int p1, int lc, const char *data, @@ -3316,7 +3528,49 @@ apdu_send_simple_kp (int slot, int class, int ins, int p0, int p1, return send_le (slot, class, ins, p0, p1, lc, data, -1, NULL, NULL, &pininfo, 0); } +#else +int +apdu_send_simple_kp (int slot, int class, int ins, int p0, int p1, + int lc, const char *data, + int pin_mode, + int pinlen_min, int pinlen_max, int pin_padlen) +{ + unsigned char apdu[4]; + size_t apdulen; + struct pininfo_s pininfo; + unsigned char result[2]; + size_t resultlen = 2; + long rc; + int sw; + + (void)data; + (void)lc; + apdulen = 0; + apdu[apdulen++] = class; + apdu[apdulen++] = ins; + apdu[apdulen++] = p0; + apdu[apdulen++] = p1; + pininfo.mode = pin_mode; + pininfo.minlen = pinlen_min; + pininfo.maxlen = pinlen_max; + pininfo.padlen = pin_padlen; + + if ((sw = lock_slot (slot))) + return sw; + rc = pcsc_pinpad_verify (slot, apdu, apdulen, result, &resultlen, &pininfo); + if (rc || resultlen < 2) + { + log_info ("apdu_send_simple_kp(%d) failed: %s\n", + slot, apdu_strerror (rc)); + unlock_slot (slot); + return rc? rc : SW_HOST_INCOMPLETE_CARD_RESPONSE; + } + sw = (result[resultlen-2] << 8) | result[resultlen-1]; + unlock_slot (slot); + return sw; +} +#endif /* This is a more generic version of the apdu sending routine. It takes an already formatted APDU in APDUDATA or length APDUDATALEN diff --git a/scd/pcsc-wrapper.c b/scd/pcsc-wrapper.c index a7b2198..53ecb4e 100644 --- a/scd/pcsc-wrapper.c +++ b/scd/pcsc-wrapper.c @@ -47,6 +47,8 @@ #include #include #include +#include +#include #define PGM "pcsc-wrapper" @@ -133,6 +135,8 @@ static unsigned long pcsc_context; /* The current PC/CS context. */ static char *current_rdrname; static unsigned long pcsc_card; static unsigned long pcsc_protocol; +static unsigned long verify_ioctl; +static unsigned long modify_ioctl; static unsigned char current_atr[33]; static size_t current_atrlen; @@ -178,6 +182,13 @@ long (* pcsc_transmit) (unsigned long card, unsigned long *recv_len); long (* pcsc_set_timeout) (unsigned long context, unsigned long timeout); +long (* pcsc_control) (unsigned long card, + unsigned long control_code, + const void *send_buffer, + unsigned long send_len, + void *recv_buffer, + unsigned long recv_len, + unsigned long *bytes_returned); @@ -335,6 +346,7 @@ load_pcsc_driver (const char *libname) pcsc_end_transaction = dlsym (handle, "SCardEndTransaction"); pcsc_transmit = dlsym (handle, "SCardTransmit"); pcsc_set_timeout = dlsym (handle, "SCardSetTimeout"); + pcsc_control = dlsym (handle, "SCardControl"); if (!pcsc_establish_context || !pcsc_release_context @@ -347,13 +359,14 @@ load_pcsc_driver (const char *libname) || !pcsc_begin_transaction || !pcsc_end_transaction || !pcsc_transmit + || !pcsc_control /* || !pcsc_set_timeout */) { /* Note that set_timeout is currently not used and also not available under Windows. */ fprintf (stderr, "apdu_open_reader: invalid PC/SC driver " - "(%d%d%d%d%d%d%d%d%d%d%d%d)\n", + "(%d%d%d%d%d%d%d%d%d%d%d%d%d)\n", !!pcsc_establish_context, !!pcsc_release_context, !!pcsc_list_readers, @@ -365,7 +378,8 @@ load_pcsc_driver (const char *libname) !!pcsc_begin_transaction, !!pcsc_end_transaction, !!pcsc_transmit, - !!pcsc_set_timeout ); + !!pcsc_set_timeout, + !!pcsc_control); dlclose (handle); exit (1); } @@ -373,6 +387,14 @@ load_pcsc_driver (const char *libname) +/* Convert a big endian stored 4 byte value into an unsigned + integer. */ +static unsigned int +convert_be_u32 (const unsigned char *buf) +{ + return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]; +} + /* Handle a open request. The argument is expected to be a string with the port identification. ARGBUF is always guaranteed to be @@ -504,6 +526,30 @@ handle_open (unsigned char *argbuf, size_t arglen) } memcpy (current_atr, atr, atrlen); current_atrlen = atrlen; + + verify_ioctl = 0; + modify_ioctl = 0; + err = pcsc_control (pcsc_card, + CM_IOCTL_GET_FEATURE_REQUEST, NULL, 0, + reader, sizeof reader, &readerlen); + if (err) + { + if (verbose) + fprintf (stderr, PGM": pcsc_control failed: %s (0x%lx)\n", + pcsc_error_string (err), err); + } + else + { + PCSC_TLV_STRUCTURE *pcsc_tlv; + int i; + + pcsc_tlv = (PCSC_TLV_STRUCTURE *)reader; + for (i = 0; i < readerlen / sizeof (PCSC_TLV_STRUCTURE); i++) + if (pcsc_tlv[i].tag == FEATURE_VERIFY_PIN_DIRECT) + verify_ioctl = convert_be_u32 ((const unsigned char *)&pcsc_tlv[i].value); + else if (pcsc_tlv[i].tag == FEATURE_MODIFY_PIN_DIRECT) + modify_ioctl = convert_be_u32 ((const unsigned char *)&pcsc_tlv[i].value); + } } } @@ -723,6 +769,29 @@ handle_transmit (unsigned char *argbuf, size_t arglen) static void +handle_control (unsigned char *argbuf, size_t arglen) +{ + long err; + unsigned long recv_len = 1024; + unsigned char buffer[1024]; + + recv_len = sizeof (buffer); + err = pcsc_control (pcsc_card, verify_ioctl, argbuf, arglen, + buffer, recv_len, &recv_len); + if (err) + { + if (verbose) + fprintf (stderr, PGM": pcsc_control failed: %s (0x%lx)\n", + pcsc_error_string (err), err); + request_failed (err); + return; + } + request_succeeded (buffer, recv_len); +} + + + +static void print_version (int with_help) { fputs (MYVERSION_LINE "\n" @@ -832,6 +901,10 @@ main (int argc, char **argv) handle_reset (argbuffer, arglen); break; + case 6: + handle_control (argbuffer, arglen); + break; + default: fprintf (stderr, PGM ": invalid request 0x%02X\n", c); exit (1); From nils.faerber at kernelconcepts.de Wed Jan 12 09:53:41 2011 From: nils.faerber at kernelconcepts.de (Nils Faerber) Date: Wed, 12 Jan 2011 09:53:41 +0100 Subject: smartcard: PIN pad support In-Reply-To: <4D2D3ED3.8030403@fsij.org> References: <4D23EF20.3060206@fsij.org> <87bp3v6aa1.fsf@vigenere.g10code.de> <4D2D3ED3.8030403@fsij.org> Message-ID: <4D2D6C15.4020208@kernelconcepts.de> Hi! I cannot say much about the patch - I just wanted to encourage you to: Great thing that you did this! This is something that I have been waiting for for a long time. I know that Werner is very busy with other things so I am happy to see that someone else picked up the ball. Thank you! And I hope that this will become mainline GnuPG as soon as possible. PS: But please check your email client... that patch that was attached to your post is nice for reading but was not a proper attachment that one could easily extract and apply... Cheers nils Am 12.01.2011 06:40, schrieb NIIBE Yutaka: > 2011-01-05 17:10, Werner Koch wrote: >> On Wed, 5 Jan 2011 05:10, gniibe at fsij.org said: >> >>> * It is only used for VERIFY command. >>> >>> Yes, we have the functions iso7816_change_reference_data_kp and >>> iso7816_reset_retry_counter_kp, but callers are not yet >>> implemented to support PIN pad. >> >> Right. My fear is that a little bug in the code or one of the readers >> turns the card into a brick (v1 cards) or renders the keys unusable (v2). >> Thus this support would need extensive testing. > > Thanks for your reply. I understand the current situation. > > I think that iso7816_reset_retry_counter_kp is not needed > (iso7816_verify_kp and iso7816_change_reference_data_kp only) because > CCID protocol only defines PIN Verification and PIN Modification > operations. > > I am testing GnuPG version 2 on Debian with pcsc-lite. Attached is a > patch to enable pcsc-lite backend to support PINPAD input. Note that > I don't think this is ready to merge (yet), because it's not that > clean and there are code duplicates and interface mismatches, etc. > This is to show it's not that far for pcsc-lite. > > For pcsc-lite (I guess that it's same for PCSC on Windows), the CCID > message of PC_to_RDR_Secure (= 0x69) can be composed by SCardControl > API. > > > 8<------------------------------------------------- > > diff --git a/scd/Makefile.am b/scd/Makefile.am > index 923ebfe..b2aab01 100644 > --- a/scd/Makefile.am > +++ b/scd/Makefile.am > @@ -22,7 +22,7 @@ if ! HAVE_W32_SYSTEM > libexec_PROGRAMS = gnupg-pcsc-wrapper > endif > > -AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -I$(top_srcdir)/common > +AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -I$(top_srcdir)/common -I/usr/include/PCSC > > include $(top_srcdir)/am/cmacros.am > > diff --git a/scd/apdu.c b/scd/apdu.c > index 80c933e..656801d 100644 > --- a/scd/apdu.c > +++ b/scd/apdu.c > @@ -33,6 +33,8 @@ > # include > # include > #endif > +#include > +#include > > > /* If requested include the definitions for the remote APDU protocol > @@ -121,6 +123,9 @@ struct reader_table_s { > int req_fd; > int rsp_fd; > pid_t pid; > +#else > + unsigned long verify_ioctl; > + unsigned long modify_ioctl; > #endif /*NEED_PCSC_WRAPPER*/ > } pcsc; > #ifdef USE_G10CODE_RAPDU > @@ -303,6 +308,13 @@ long (* DLSTDCALL pcsc_transmit) (unsigned long card, > unsigned long *recv_len); > long (* DLSTDCALL pcsc_set_timeout) (unsigned long context, > unsigned long timeout); > +long (* DLSTDCALL pcsc_control) (unsigned long card, > + unsigned long control_code, > + const void *send_buffer, > + unsigned long send_len, > + void *recv_buffer, > + unsigned long recv_len, > + unsigned long *bytes_returned); > > > /* Prototypes. */ > @@ -311,6 +323,8 @@ static int reset_pcsc_reader (int slot); > static int apdu_get_status_internal (int slot, int hang, int no_atr_reset, > unsigned int *status, > unsigned int *changed); > +static int pcsc_check_keypad (int slot, int command, int pin_mode, > + int pinlen_min, int pinlen_max, int pin_padlen); > > > > @@ -354,7 +368,7 @@ new_reader_slot (void) > reader_table[reader].reset_reader = NULL; > reader_table[reader].get_status_reader = NULL; > reader_table[reader].send_apdu_reader = NULL; > - reader_table[reader].check_keypad = NULL; > + reader_table[reader].check_keypad = pcsc_check_keypad; > reader_table[reader].dump_status_reader = NULL; > reader_table[reader].set_progress_cb = NULL; > > @@ -1165,6 +1179,170 @@ pcsc_send_apdu (int slot, unsigned char *apdu, size_t apdulen, > #endif > } > > +#ifdef NEED_PCSC_WRAPPER > +static int > +pcsc_control_wrapped (int slot, const unsigned char *controlbuf, size_t len, > + unsigned char *buffer, size_t *buflen) > +{ > + long err = PCSC_E_NOT_TRANSACTED; > + reader_table_t slotp; > + unsigned char msgbuf[9]; > + int i, n; > + size_t full_len; > + > + slotp = reader_table + slot; > + > + msgbuf[0] = 0x06; /* CONTROL command. */ > + msgbuf[1] = (len >> 24); > + msgbuf[2] = (len >> 16); > + msgbuf[3] = (len >> 8); > + msgbuf[4] = (len ); > + if ( writen (slotp->pcsc.req_fd, msgbuf, 5) > + || writen (slotp->pcsc.req_fd, controlbuf, len)) > + { > + log_error ("error sending PC/SC CONTROL request: %s\n", > + strerror (errno)); > + goto command_failed; > + } > + > + /* Read the response. */ > + if ((i=readn (slotp->pcsc.rsp_fd, msgbuf, 9, &len)) || len != 9) > + { > + log_error ("error receiving PC/SC CONTROL response: %s\n", > + i? strerror (errno) : "premature EOF"); > + goto command_failed; > + } > + len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; > + if (msgbuf[0] != 0x81 || len < 4) > + { > + log_error ("invalid response header from PC/SC received\n"); > + goto command_failed; > + } > + len -= 4; /* Already read the error code. */ > + err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16) > + | (msgbuf[7] << 8 ) | msgbuf[8]); > + if (err) > + { > + log_error ("pcsc_control failed: %s (0x%lx)\n", > + pcsc_error_string (err), err); > + return err; > + } > + > + full_len = len; > + > + n = *buflen < len ? *buflen : len; > + if ((i=readn (slotp->pcsc.rsp_fd, buffer, n, &len)) || len != n) > + { > + log_error ("error receiving PC/SC CONTROL response: %s\n", > + i? strerror (errno) : "premature EOF"); > + goto command_failed; > + } > + *buflen = n; > + > + full_len -= len; > + if (full_len) > + { > + log_error ("pcsc_send_apdu: provided buffer too short - truncated\n"); > + err = PCSC_E_INVALID_VALUE; > + } > + /* We need to read any rest of the response, to keep the > + protocol running. */ > + while (full_len) > + { > + unsigned char dummybuf[128]; > + > + n = full_len < DIM (dummybuf) ? full_len : DIM (dummybuf); > + if ((i=readn (slotp->pcsc.rsp_fd, dummybuf, n, &len)) || len != n) > + { > + log_error ("error receiving PC/SC CONTROL response: %s\n", > + i? strerror (errno) : "premature EOF"); > + goto command_failed; > + } > + full_len -= n; > + } > + > + if (!err) > + return 0; > + > + command_failed: > + close (slotp->pcsc.req_fd); > + close (slotp->pcsc.rsp_fd); > + slotp->pcsc.req_fd = -1; > + slotp->pcsc.rsp_fd = -1; > + kill (slotp->pcsc.pid, SIGTERM); > + slotp->pcsc.pid = (pid_t)(-1); > + slotp->used = 0; > + return err; > +} > +#endif /*NEED_PCSC_WRAPPER*/ > + > +static int > +pcsc_pinpad_verify (int slot, unsigned char *apdu, size_t apdulen, > + unsigned char *buffer, size_t *buflen, > + struct pininfo_s *pininfo) > +{ > + long err; > + PIN_VERIFY_STRUCTURE *pin_verify; > + unsigned long len = sizeof (PIN_VERIFY_STRUCTURE) + apdulen - 1; > + > + if (!reader_table[slot].atrlen > + && (err = reset_pcsc_reader (slot))) > + return err; > + > + pin_verify = xtrymalloc (len); > + if (!pin_verify) > + return SW_HOST_OUT_OF_CORE; > + > + pin_verify->bTimerOut = 0x00; > + pin_verify->bTimerOut2 = 0x00; > + pin_verify->bmFormatString = 0x82; /* Byte, pos=0, left, ASCII. */ > + pin_verify->bmPINBlockString = 0x00; > + pin_verify->bmPINLengthFormat = 0x00; > + ((unsigned char *)&pin_verify->wPINMaxExtraDigit)[0] = pininfo->maxlen; > + ((unsigned char *)&pin_verify->wPINMaxExtraDigit)[1] = pininfo->minlen; > + pin_verify->bEntryValidationCondition = 0x02; /* Validation key pressed */ > + pin_verify->bNumberMessage = 0xff; /* Default */ > + /* LangId = 0x0409: US English */ > + ((unsigned char *)&pin_verify->wLangId)[0] = 0x09; > + ((unsigned char *)&pin_verify->wLangId)[1] = 0x04; > + pin_verify->bMsgIndex = 0x00; > + pin_verify->bTeoPrologue[0] = 0x00; > + pin_verify->bTeoPrologue[1] = 0x00; > + pin_verify->bTeoPrologue[2] = 0x00; > + ((unsigned char *)&pin_verify->ulDataLength)[0] = apdulen & 0xff; > + ((unsigned char *)&pin_verify->ulDataLength)[1] = (apdulen >> 8) & 0xff; > + ((unsigned char *)&pin_verify->ulDataLength)[2] = (apdulen >> 16) & 0xff; > + ((unsigned char *)&pin_verify->ulDataLength)[3] = apdulen >> 24; > + memcpy (pin_verify->abData, apdu, apdulen); > + > +#ifdef NEED_PCSC_WRAPPER > + err = pcsc_control_wrapped (slot, (const unsigned char *)pin_verify, > + len, buffer, buflen); > +#else > + err = pcsc_control (reader_table[slot].pcsc.card, > + reader_table[slot].pcsc.verify_ioctl, > + pin_verify, len, buffer, *buflen, buflen); > +#endif > + > + if (err) > + log_error ("pcsc_control failed: %s (0x%lx)\n", > + pcsc_error_string (err), err); > + xfree (pin_verify); > + return pcsc_error_to_sw (err); > +} > + > +static int > +pcsc_check_keypad (int slot, int command, int pin_mode, > + int pinlen_min, int pinlen_max, int pin_padlen) > +{ > + (void)slot; > + (void)command; > + (void)pin_mode; > + (void)pinlen_min; > + (void)pinlen_max; > + (void)pin_padlen; > + return 0; /* Success */ > +} > > #ifndef NEED_PCSC_WRAPPER > static int > @@ -1261,6 +1439,14 @@ close_pcsc_reader (int slot) > > /* Connect a PC/SC card. */ > #ifndef NEED_PCSC_WRAPPER > +/* Convert a big endian stored 4 byte value into an unsigned > + integer. */ > +static unsigned int > +convert_be_u32 (const unsigned char *buf) > +{ > + return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]; > +} > + > static int > connect_pcsc_card (int slot) > { > @@ -1314,6 +1500,28 @@ connect_pcsc_card (int slot) > | APDU_CARD_PRESENT > | APDU_CARD_ACTIVE); > reader_table[slot].is_t0 = !!(card_protocol & PCSC_PROTOCOL_T0); > + reader_table[slot].pcsc.verify_ioctl = 0; > + reader_table[slot].pcsc.modify_ioctl = 0; > + err = pcsc_control (reader_table[slot].pcsc.card, > + CM_IOCTL_GET_FEATURE_REQUEST, NULL, 0, > + reader, sizeof reader, &readerlen); > + if (err) > + log_error ("pcsc_control failed: %s (0x%lx)\n", > + pcsc_error_string (err), err); > + else > + { > + PCSC_TLV_STRUCTURE *pcsc_tlv; > + int i; > + > + pcsc_tlv = (PCSC_TLV_STRUCTURE *)reader; > + for (i = 0; i < readerlen / sizeof (PCSC_TLV_STRUCTURE); i++) > + if (pcsc_tlv[i].tag == FEATURE_VERIFY_PIN_DIRECT) > + reader_table[slot].pcsc.verify_ioctl > + = convert_be_u32 ((const unsigned char *)&pcsc_tlv[i].value); > + else if (pcsc_tlv[i].tag == FEATURE_MODIFY_PIN_DIRECT) > + reader_table[slot].pcsc.modify_ioctl > + = convert_be_u32 ((const unsigned char *)&pcsc_tlv[i].value); > + } > } > } > > @@ -2438,6 +2646,7 @@ apdu_open_reader (const char *portstr) > pcsc_end_transaction = dlsym (handle, "SCardEndTransaction"); > pcsc_transmit = dlsym (handle, "SCardTransmit"); > pcsc_set_timeout = dlsym (handle, "SCardSetTimeout"); > + pcsc_control = dlsym (handle, "SCardControl"); > > if (!pcsc_establish_context > || !pcsc_release_context > @@ -2450,12 +2659,13 @@ apdu_open_reader (const char *portstr) > || !pcsc_begin_transaction > || !pcsc_end_transaction > || !pcsc_transmit > + || !pcsc_control > /* || !pcsc_set_timeout */) > { > /* Note that set_timeout is currently not used and also not > available under Windows. */ > log_error ("apdu_open_reader: invalid PC/SC driver " > - "(%d%d%d%d%d%d%d%d%d%d%d%d)\n", > + "(%d%d%d%d%d%d%d%d%d%d%d%d%d)\n", > !!pcsc_establish_context, > !!pcsc_release_context, > !!pcsc_list_readers, > @@ -2467,7 +2677,8 @@ apdu_open_reader (const char *portstr) > !!pcsc_begin_transaction, > !!pcsc_end_transaction, > !!pcsc_transmit, > - !!pcsc_set_timeout ); > + !!pcsc_set_timeout, > + !!pcsc_control ); > dlclose (handle); > return -1; > } > @@ -3301,6 +3512,7 @@ apdu_send_simple (int slot, int extended_mode, > > > /* Same as apdu_send_simple but uses the keypad of the reader. */ > +#if 0 > int > apdu_send_simple_kp (int slot, int class, int ins, int p0, int p1, > int lc, const char *data, > @@ -3316,7 +3528,49 @@ apdu_send_simple_kp (int slot, int class, int ins, int p0, int p1, > return send_le (slot, class, ins, p0, p1, lc, data, -1, > NULL, NULL, &pininfo, 0); > } > +#else > +int > +apdu_send_simple_kp (int slot, int class, int ins, int p0, int p1, > + int lc, const char *data, > + int pin_mode, > + int pinlen_min, int pinlen_max, int pin_padlen) > +{ > + unsigned char apdu[4]; > + size_t apdulen; > + struct pininfo_s pininfo; > + unsigned char result[2]; > + size_t resultlen = 2; > + long rc; > + int sw; > + > + (void)data; > + (void)lc; > + apdulen = 0; > + apdu[apdulen++] = class; > + apdu[apdulen++] = ins; > + apdu[apdulen++] = p0; > + apdu[apdulen++] = p1; > + pininfo.mode = pin_mode; > + pininfo.minlen = pinlen_min; > + pininfo.maxlen = pinlen_max; > + pininfo.padlen = pin_padlen; > + > + if ((sw = lock_slot (slot))) > + return sw; > > + rc = pcsc_pinpad_verify (slot, apdu, apdulen, result, &resultlen, &pininfo); > + if (rc || resultlen < 2) > + { > + log_info ("apdu_send_simple_kp(%d) failed: %s\n", > + slot, apdu_strerror (rc)); > + unlock_slot (slot); > + return rc? rc : SW_HOST_INCOMPLETE_CARD_RESPONSE; > + } > + sw = (result[resultlen-2] << 8) | result[resultlen-1]; > + unlock_slot (slot); > + return sw; > +} > +#endif > > /* This is a more generic version of the apdu sending routine. It > takes an already formatted APDU in APDUDATA or length APDUDATALEN > diff --git a/scd/pcsc-wrapper.c b/scd/pcsc-wrapper.c > index a7b2198..53ecb4e 100644 > --- a/scd/pcsc-wrapper.c > +++ b/scd/pcsc-wrapper.c > @@ -47,6 +47,8 @@ > #include > #include > #include > +#include > +#include > > > #define PGM "pcsc-wrapper" > @@ -133,6 +135,8 @@ static unsigned long pcsc_context; /* The current PC/CS context. */ > static char *current_rdrname; > static unsigned long pcsc_card; > static unsigned long pcsc_protocol; > +static unsigned long verify_ioctl; > +static unsigned long modify_ioctl; > static unsigned char current_atr[33]; > static size_t current_atrlen; > > @@ -178,6 +182,13 @@ long (* pcsc_transmit) (unsigned long card, > unsigned long *recv_len); > long (* pcsc_set_timeout) (unsigned long context, > unsigned long timeout); > +long (* pcsc_control) (unsigned long card, > + unsigned long control_code, > + const void *send_buffer, > + unsigned long send_len, > + void *recv_buffer, > + unsigned long recv_len, > + unsigned long *bytes_returned); > > > > @@ -335,6 +346,7 @@ load_pcsc_driver (const char *libname) > pcsc_end_transaction = dlsym (handle, "SCardEndTransaction"); > pcsc_transmit = dlsym (handle, "SCardTransmit"); > pcsc_set_timeout = dlsym (handle, "SCardSetTimeout"); > + pcsc_control = dlsym (handle, "SCardControl"); > > if (!pcsc_establish_context > || !pcsc_release_context > @@ -347,13 +359,14 @@ load_pcsc_driver (const char *libname) > || !pcsc_begin_transaction > || !pcsc_end_transaction > || !pcsc_transmit > + || !pcsc_control > /* || !pcsc_set_timeout */) > { > /* Note that set_timeout is currently not used and also not > available under Windows. */ > fprintf (stderr, > "apdu_open_reader: invalid PC/SC driver " > - "(%d%d%d%d%d%d%d%d%d%d%d%d)\n", > + "(%d%d%d%d%d%d%d%d%d%d%d%d%d)\n", > !!pcsc_establish_context, > !!pcsc_release_context, > !!pcsc_list_readers, > @@ -365,7 +378,8 @@ load_pcsc_driver (const char *libname) > !!pcsc_begin_transaction, > !!pcsc_end_transaction, > !!pcsc_transmit, > - !!pcsc_set_timeout ); > + !!pcsc_set_timeout, > + !!pcsc_control); > dlclose (handle); > exit (1); > } > @@ -373,6 +387,14 @@ load_pcsc_driver (const char *libname) > > > > +/* Convert a big endian stored 4 byte value into an unsigned > + integer. */ > +static unsigned int > +convert_be_u32 (const unsigned char *buf) > +{ > + return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]; > +} > + > > /* Handle a open request. The argument is expected to be a string > with the port identification. ARGBUF is always guaranteed to be > @@ -504,6 +526,30 @@ handle_open (unsigned char *argbuf, size_t arglen) > } > memcpy (current_atr, atr, atrlen); > current_atrlen = atrlen; > + > + verify_ioctl = 0; > + modify_ioctl = 0; > + err = pcsc_control (pcsc_card, > + CM_IOCTL_GET_FEATURE_REQUEST, NULL, 0, > + reader, sizeof reader, &readerlen); > + if (err) > + { > + if (verbose) > + fprintf (stderr, PGM": pcsc_control failed: %s (0x%lx)\n", > + pcsc_error_string (err), err); > + } > + else > + { > + PCSC_TLV_STRUCTURE *pcsc_tlv; > + int i; > + > + pcsc_tlv = (PCSC_TLV_STRUCTURE *)reader; > + for (i = 0; i < readerlen / sizeof (PCSC_TLV_STRUCTURE); i++) > + if (pcsc_tlv[i].tag == FEATURE_VERIFY_PIN_DIRECT) > + verify_ioctl = convert_be_u32 ((const unsigned char *)&pcsc_tlv[i].value); > + else if (pcsc_tlv[i].tag == FEATURE_MODIFY_PIN_DIRECT) > + modify_ioctl = convert_be_u32 ((const unsigned char *)&pcsc_tlv[i].value); > + } > } > } > > @@ -723,6 +769,29 @@ handle_transmit (unsigned char *argbuf, size_t arglen) > > > static void > +handle_control (unsigned char *argbuf, size_t arglen) > +{ > + long err; > + unsigned long recv_len = 1024; > + unsigned char buffer[1024]; > + > + recv_len = sizeof (buffer); > + err = pcsc_control (pcsc_card, verify_ioctl, argbuf, arglen, > + buffer, recv_len, &recv_len); > + if (err) > + { > + if (verbose) > + fprintf (stderr, PGM": pcsc_control failed: %s (0x%lx)\n", > + pcsc_error_string (err), err); > + request_failed (err); > + return; > + } > + request_succeeded (buffer, recv_len); > +} > + > + > + > +static void > print_version (int with_help) > { > fputs (MYVERSION_LINE "\n" > @@ -832,6 +901,10 @@ main (int argc, char **argv) > handle_reset (argbuffer, arglen); > break; > > + case 6: > + handle_control (argbuffer, arglen); > + break; > + > default: > fprintf (stderr, PGM ": invalid request 0x%02X\n", c); > exit (1); > -- kernel concepts GbR Tel: +49-271-771091-12 Sieghuetter Hauptweg 48 D-57072 Siegen Mob: +49-176-21024535 http://www.kernelconcepts.de From wk at gnupg.org Wed Jan 12 17:26:08 2011 From: wk at gnupg.org (Werner Koch) Date: Wed, 12 Jan 2011 17:26:08 +0100 Subject: [Announce] New signing key Message-ID: <87wrmaxf4v.fsf@vigenere.g10code.de> Hi! The key used to sign GnuPG releases expired at the end of last year. I prolonged the lifetime of that key for another 6 months to avoid the frequently asked question if signatures made in the past by an expired key are now invalid (in short: they are not). I will sign future distributions with this new 2048-bit RSA key which has also been generated on a smartcard: pub 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 uid Werner Koch (dist sig) sub 2048R/AC87C71A 2011-01-12 [expires: 2019-12-31] Please get a copy of the key, either from the attachment, a keyserver or using one of these commands: gpg --fetch-key finger:wk 'at' g10code 'dot' com gpg --fetch-key http://werner.eifelkommune.de/mykey.asc [Please replace 'at' and 'dot' as usual and use gpg2 if you like] The key has been signed by my main key 1E42B367. The authentication subkey listed above is currently not used. Note also that my old standard key 5B0358A2 expires in 6 months and won't be prolonged. 1E42B367 is now well connected in the Web of Trust. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From gniibe at fsij.org Thu Jan 13 03:06:57 2011 From: gniibe at fsij.org (NIIBE Yutaka) Date: Thu, 13 Jan 2011 11:06:57 +0900 Subject: [PATCH] pcsc pinpad support (part 1) Message-ID: <4D2E5E41.4030602@fsij.org> Hi, I am submitting a series of patches for pcsc pinpad support. While I am sure that I have done copyright paper work to FSF for Emacs, GCC, etc., I am not sure that I have filed for GnuPG. Please instruct me, if any paper work is required. The first patch is adding pcsc_control handle and two fields to reader_table_s structure; verify_ioctl and modify_ioctl which correspond to the operations of PIN Verification and PIN Modification. (In the forthcoming another patch,) the value of verify_ioctl and modify_ioctl will be filled using pcsc_control. Since the value is in the format of big-endian TLV (Tag-Length-Value), convert_be_u32 is added. This patch is generated by "git format-patch" command. No, it's not attachment (sorry for my previous mail where I said "attach"), as I think it would be better for git users. Compilation tested on Debian GNU/Linux. I don't have development environment on Windows. Lastly, thanks to Nils Faerber for the encouragement. 2011-01-13 NIIBE Yutaka * pcsc-wrapper.c (pcsc_control): New. (load_pcsc_driver): Initialize pcsc_control. * apdu.c (struct reader_table_s): Add fields verify_ioctl and modify_ioctl in pcsc. (new_reader_slot): Initialize them. (convert_be_u32): New. (pcsc_control): New. (apdu_open_reader): Initialize pcsc_control. --- scd/apdu.c | 26 ++++++++++++++++++++++++-- scd/pcsc-wrapper.c | 14 ++++++++++++-- 3 files changed, 48 insertions(+), 4 deletions(-) diff --git a/scd/apdu.c b/scd/apdu.c index 80c933e..cd8a192 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -117,6 +117,8 @@ struct reader_table_s { unsigned long context; unsigned long card; unsigned long protocol; + unsigned long verify_ioctl; + unsigned long modify_ioctl; #ifdef NEED_PCSC_WRAPPER int req_fd; int rsp_fd; @@ -303,6 +305,13 @@ long (* DLSTDCALL pcsc_transmit) (unsigned long card, unsigned long *recv_len); long (* DLSTDCALL pcsc_set_timeout) (unsigned long context, unsigned long timeout); +long (* DLSTDCALL pcsc_control) (unsigned long card, + unsigned long control_code, + const void *send_buffer, + unsigned long send_len, + void *recv_buffer, + unsigned long recv_len, + unsigned long *bytes_returned); /* Prototypes. */ @@ -367,6 +376,8 @@ new_reader_slot (void) reader_table[reader].pcsc.rsp_fd = -1; reader_table[reader].pcsc.pid = (pid_t)(-1); #endif + reader_table[slot].pcsc.verify_ioctl = 0; + reader_table[slot].pcsc.modify_ioctl = 0; return reader; } @@ -1261,6 +1272,14 @@ close_pcsc_reader (int slot) /* Connect a PC/SC card. */ #ifndef NEED_PCSC_WRAPPER +/* Convert a big endian stored 4 byte value into an unsigned + integer. */ +static unsigned int +convert_be_u32 (const unsigned char *buf) +{ + return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]; +} + static int connect_pcsc_card (int slot) { @@ -2438,6 +2457,7 @@ apdu_open_reader (const char *portstr) pcsc_end_transaction = dlsym (handle, "SCardEndTransaction"); pcsc_transmit = dlsym (handle, "SCardTransmit"); pcsc_set_timeout = dlsym (handle, "SCardSetTimeout"); + pcsc_control = dlsym (handle, "SCardControl"); if (!pcsc_establish_context || !pcsc_release_context @@ -2450,12 +2470,13 @@ apdu_open_reader (const char *portstr) || !pcsc_begin_transaction || !pcsc_end_transaction || !pcsc_transmit + || !pcsc_control /* || !pcsc_set_timeout */) { /* Note that set_timeout is currently not used and also not available under Windows. */ log_error ("apdu_open_reader: invalid PC/SC driver " - "(%d%d%d%d%d%d%d%d%d%d%d%d)\n", + "(%d%d%d%d%d%d%d%d%d%d%d%d%d)\n", !!pcsc_establish_context, !!pcsc_release_context, !!pcsc_list_readers, @@ -2467,7 +2488,8 @@ apdu_open_reader (const char *portstr) !!pcsc_begin_transaction, !!pcsc_end_transaction, !!pcsc_transmit, - !!pcsc_set_timeout ); + !!pcsc_set_timeout, + !!pcsc_control ); dlclose (handle); return -1; } diff --git a/scd/pcsc-wrapper.c b/scd/pcsc-wrapper.c index a7b2198..a61fde1 100644 --- a/scd/pcsc-wrapper.c +++ b/scd/pcsc-wrapper.c @@ -178,6 +178,13 @@ long (* pcsc_transmit) (unsigned long card, unsigned long *recv_len); long (* pcsc_set_timeout) (unsigned long context, unsigned long timeout); +long (* pcsc_control) (unsigned long card, + unsigned long control_code, + const void *send_buffer, + unsigned long send_len, + void *recv_buffer, + unsigned long recv_len, + unsigned long *bytes_returned); @@ -335,6 +342,7 @@ load_pcsc_driver (const char *libname) pcsc_end_transaction = dlsym (handle, "SCardEndTransaction"); pcsc_transmit = dlsym (handle, "SCardTransmit"); pcsc_set_timeout = dlsym (handle, "SCardSetTimeout"); + pcsc_control = dlsym (handle, "SCardControl"); if (!pcsc_establish_context || !pcsc_release_context @@ -347,13 +355,14 @@ load_pcsc_driver (const char *libname) || !pcsc_begin_transaction || !pcsc_end_transaction || !pcsc_transmit + || !pcsc_control /* || !pcsc_set_timeout */) { /* Note that set_timeout is currently not used and also not available under Windows. */ fprintf (stderr, "apdu_open_reader: invalid PC/SC driver " - "(%d%d%d%d%d%d%d%d%d%d%d%d)\n", + "(%d%d%d%d%d%d%d%d%d%d%d%d%d)\n", !!pcsc_establish_context, !!pcsc_release_context, !!pcsc_list_readers, @@ -365,7 +374,8 @@ load_pcsc_driver (const char *libname) !!pcsc_begin_transaction, !!pcsc_end_transaction, !!pcsc_transmit, - !!pcsc_set_timeout ); + !!pcsc_set_timeout, + !!pcsc_control ); dlclose (handle); exit (1); } -- 1.7.2.3 From gniibe at fsij.org Thu Jan 13 05:59:39 2011 From: gniibe at fsij.org (NIIBE Yutaka) Date: Thu, 13 Jan 2011 13:59:39 +0900 Subject: [PATCH] pcsc pinpad support (part 1) In-Reply-To: <4D2E5E41.4030602@fsij.org> References: <4D2E5E41.4030602@fsij.org> Message-ID: <4D2E86BB.3020602@fsij.org> This is the replacement of the (part 1) patch. 2011-01-13 11:06, NIIBE Yutaka wrote: > I am submitting a series of patches for pcsc pinpad support. [...] > The first patch is adding pcsc_control handle and two fields to > reader_table_s structure; verify_ioctl and modify_ioctl which > correspond to the operations of PIN Verification and PIN Modification. > > (In the forthcoming another patch,) the value of verify_ioctl and > modify_ioctl will be filled using pcsc_control. Since the value is in > the format of big-endian TLV (Tag-Length-Value), convert_be_u32 is > added. This patch includes filling of verify_ioctl and modify_ioctl too. I don't use convert_be_u32, this time. Perhaps, check_pcsc_keypad should be more restrictive like check_ccid_keypad. This implementation just returns "Yes", when the reader says so. 2011-01-13 NIIBE Yutaka * pcsc-wrapper.c (load_pcsc_driver): Initialize pcsc_control. (handle_control): New. (main): Handle the case 6 of handle_control. * apdu.c: Include "iso7816.h". (struct reader_table_s): Add fields verify_ioctl and modify_ioctl in pcsc. (CM_IOCTL_GET_FEATURE_REQUEST, FEATURE_VERIFY_PIN_DIRECT) (FEATURE_MODIFY_PIN_DIRECT): New. (pcsc_control): New. (check_pcsc_keypad): New. (control_pcsc_direct, control_pcsc_wrapped, control_pcsc): New. (new_reader_slot): Initialize with check_pcsc_keypad, verify_ioctl and modify_ioctl. (apdu_open_reader): Initialize pcsc_control. --- scd/apdu.c | 232 +++++++++++++++++++++++++++++++++++++++++++++++++++- scd/pcsc-wrapper.c | 50 +++++++++++- 2 files changed, 277 insertions(+), 5 deletions(-) diff --git a/scd/apdu.c b/scd/apdu.c index 80c933e..4942d05 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -61,6 +61,7 @@ #include "apdu.h" #include "ccid-driver.h" +#include "iso7816.h" /* Due to conflicting use of threading libraries we usually can't link @@ -117,6 +118,8 @@ struct reader_table_s { unsigned long context; unsigned long card; unsigned long protocol; + unsigned long verify_ioctl; + unsigned long modify_ioctl; #ifdef NEED_PCSC_WRAPPER int req_fd; int rsp_fd; @@ -235,6 +238,11 @@ static char (* DLSTDCALL CT_close) (unsigned short ctn); #define PCSC_E_READER_UNAVAILABLE 0x80100017 #define PCSC_W_REMOVED_CARD 0x80100069 +#define CM_IOCTL_GET_FEATURE_REQUEST (0x42000000 + 3400) +#define FEATURE_VERIFY_PIN_DIRECT 0x06 +#define FEATURE_MODIFY_PIN_DIRECT 0x07 + + /* The PC/SC error is defined as a long as per specs. Due to left shifts bit 31 will get sign extended. We use this mask to fix it. */ @@ -303,6 +311,13 @@ long (* DLSTDCALL pcsc_transmit) (unsigned long card, unsigned long *recv_len); long (* DLSTDCALL pcsc_set_timeout) (unsigned long context, unsigned long timeout); +long (* DLSTDCALL pcsc_control) (unsigned long card, + unsigned long control_code, + const void *send_buffer, + unsigned long send_len, + void *recv_buffer, + unsigned long recv_len, + unsigned long *bytes_returned); /* Prototypes. */ @@ -311,6 +326,8 @@ static int reset_pcsc_reader (int slot); static int apdu_get_status_internal (int slot, int hang, int no_atr_reset, unsigned int *status, unsigned int *changed); +static int check_pcsc_keypad (int slot, int command, int pin_mode, + int pinlen_min, int pinlen_max, int pin_padlen); @@ -354,7 +371,7 @@ new_reader_slot (void) reader_table[reader].reset_reader = NULL; reader_table[reader].get_status_reader = NULL; reader_table[reader].send_apdu_reader = NULL; - reader_table[reader].check_keypad = NULL; + reader_table[reader].check_keypad = check_pcsc_keypad; reader_table[reader].dump_status_reader = NULL; reader_table[reader].set_progress_cb = NULL; @@ -367,6 +384,8 @@ new_reader_slot (void) reader_table[reader].pcsc.rsp_fd = -1; reader_table[reader].pcsc.pid = (pid_t)(-1); #endif + reader_table[reader].pcsc.verify_ioctl = 0; + reader_table[reader].pcsc.modify_ioctl = 0; return reader; } @@ -1168,6 +1187,150 @@ pcsc_send_apdu (int slot, unsigned char *apdu, size_t apdulen, #ifndef NEED_PCSC_WRAPPER static int +control_pcsc_direct (int slot, unsigned long ioctl_code, + const unsigned char *cntlbuf, size_t len, + unsigned char *buffer, size_t *buflen) +{ + long err; + + err = pcsc_control (reader_table[slot].pcsc.card, ioctl_code, + cntlbuf, len, buffer, *buflen, buflen); + if (err) + { + log_error ("pcsc_control failed: %s (0x%lx)\n", + pcsc_error_string (err), err); + return pcsc_error_to_sw (err); + } + + return 0; +} +#endif /*!NEED_PCSC_WRAPPER*/ + + +#ifdef NEED_PCSC_WRAPPER +static int +control_pcsc_wrapped (int slot, unsigned long ioctl_code, + const unsigned char *cntlbuf, size_t len, + unsigned char *buffer, size_t *buflen) +{ + long err = PCSC_E_NOT_TRANSACTED; + reader_table_t slotp; + unsigned char msgbuf[9]; + int i, n; + size_t full_len; + + slotp = reader_table + slot; + + msgbuf[0] = 0x06; /* CONTROL command. */ + msgbuf[1] = ((len + 4) >> 24); + msgbuf[2] = ((len + 4) >> 16); + msgbuf[3] = ((len + 4) >> 8); + msgbuf[4] = ((len + 4) ); + msgbuf[5] = (ioctl_code >> 24); + msgbuf[6] = (ioctl_code >> 16); + msgbuf[7] = (ioctl_code >> 8); + msgbuf[8] = (ioctl_code ); + if ( writen (slotp->pcsc.req_fd, msgbuf, 9) + || writen (slotp->pcsc.req_fd, cntlbuf, len)) + { + log_error ("error sending PC/SC CONTROL request: %s\n", + strerror (errno)); + goto command_failed; + } + + /* Read the response. */ + if ((i=readn (slotp->pcsc.rsp_fd, msgbuf, 9, &len)) || len != 9) + { + log_error ("error receiving PC/SC CONTROL response: %s\n", + i? strerror (errno) : "premature EOF"); + goto command_failed; + } + len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; + if (msgbuf[0] != 0x81 || len < 4) + { + log_error ("invalid response header from PC/SC received\n"); + goto command_failed; + } + len -= 4; /* Already read the error code. */ + err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16) + | (msgbuf[7] << 8 ) | msgbuf[8]); + if (err) + { + log_error ("pcsc_control failed: %s (0x%lx)\n", + pcsc_error_string (err), err); + return pcsc_error_to_sw (err); + } + + full_len = len; + + n = *buflen < len ? *buflen : len; + if ((i=readn (slotp->pcsc.rsp_fd, buffer, n, &len)) || len != n) + { + log_error ("error receiving PC/SC CONTROL response: %s\n", + i? strerror (errno) : "premature EOF"); + goto command_failed; + } + *buflen = n; + + full_len -= len; + if (full_len) + { + log_error ("pcsc_send_apdu: provided buffer too short - truncated\n"); + err = PCSC_E_INVALID_VALUE; + } + /* We need to read any rest of the response, to keep the + protocol running. */ + while (full_len) + { + unsigned char dummybuf[128]; + + n = full_len < DIM (dummybuf) ? full_len : DIM (dummybuf); + if ((i=readn (slotp->pcsc.rsp_fd, dummybuf, n, &len)) || len != n) + { + log_error ("error receiving PC/SC CONTROL response: %s\n", + i? strerror (errno) : "premature EOF"); + goto command_failed; + } + full_len -= n; + } + + if (!err) + return 0; + + command_failed: + close (slotp->pcsc.req_fd); + close (slotp->pcsc.rsp_fd); + slotp->pcsc.req_fd = -1; + slotp->pcsc.rsp_fd = -1; + kill (slotp->pcsc.pid, SIGTERM); + slotp->pcsc.pid = (pid_t)(-1); + slotp->used = 0; + return pcsc_error_to_sw (err); +} +#endif /*NEED_PCSC_WRAPPER*/ + + + +/* Do some control with the value of IOCTL_CODE to the card inserted + to SLOT. Input buffer is specified by CNTLBUF of length LEN. + Output buffer is specified by BUFFER of length *BUFLEN, and the + actual output size will be stored at BUFLEN. Returns: A status word. + This routine is used for PIN pad input support. */ +static int +control_pcsc (int slot, unsigned long ioctl_code, + const unsigned char *cntlbuf, size_t len, + unsigned char *buffer, size_t *buflen) +{ +#ifdef NEED_PCSC_WRAPPER + return control_pcsc_wrapped (slot, ioctl_code, cntlbuf, len, buffer, buflen); +#else + return control_pcsc_direct (slot, ioctl_code, cntlbuf, len, buffer, buflen); +#endif +} + + +#ifndef NEED_PCSC_WRAPPER +static int close_pcsc_reader_direct (int slot) { pcsc_release_context (reader_table[slot].pcsc.context); @@ -1802,6 +1965,66 @@ open_pcsc_reader (const char *portstr) } +/* Check whether the reader supports the ISO command code COMMAND + on the keypad. Return 0 on success. */ +static int +check_pcsc_keypad (int slot, int command, int pin_mode, + int pinlen_min, int pinlen_max, int pin_padlen) +{ + unsigned char buf[256]; + size_t len = 256; + int sw; + + (void)pin_mode; + (void)pinlen_min; + (void)pinlen_max; + (void)pin_padlen; + + check_again: + if (command == ISO7816_VERIFY) + { + if (reader_table[slot].pcsc.verify_ioctl == (unsigned long)-1) + return SW_NOT_SUPPORTED; + else if (reader_table[slot].pcsc.verify_ioctl != 0) + return 0; /* Success */ + } + else if (command == ISO7816_CHANGE_REFERENCE_DATA) + { + if (reader_table[slot].pcsc.modify_ioctl == (unsigned long)-1) + return SW_NOT_SUPPORTED; + else if (reader_table[slot].pcsc.modify_ioctl != 0) + return 0; /* Success */ + } + else + return SW_NOT_SUPPORTED; + + reader_table[slot].pcsc.verify_ioctl = (unsigned long)-1; + reader_table[slot].pcsc.modify_ioctl = (unsigned long)-1; + + sw = control_pcsc (slot, CM_IOCTL_GET_FEATURE_REQUEST, NULL, 0, buf, &len); + if (sw) + return SW_NOT_SUPPORTED; + else + { + unsigned char *p = buf; + + while (p < buf + len) + { + unsigned char code = *p++; + + p++; /* Skip length */ + if (code == FEATURE_VERIFY_PIN_DIRECT) + reader_table[slot].pcsc.verify_ioctl + = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + else if (code == FEATURE_MODIFY_PIN_DIRECT) + reader_table[slot].pcsc.modify_ioctl + = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + p += 4; + } + } + + goto check_again; +} #ifdef HAVE_LIBUSB /* @@ -2438,6 +2661,7 @@ apdu_open_reader (const char *portstr) pcsc_end_transaction = dlsym (handle, "SCardEndTransaction"); pcsc_transmit = dlsym (handle, "SCardTransmit"); pcsc_set_timeout = dlsym (handle, "SCardSetTimeout"); + pcsc_control = dlsym (handle, "SCardControl"); if (!pcsc_establish_context || !pcsc_release_context @@ -2450,12 +2674,13 @@ apdu_open_reader (const char *portstr) || !pcsc_begin_transaction || !pcsc_end_transaction || !pcsc_transmit + || !pcsc_control /* || !pcsc_set_timeout */) { /* Note that set_timeout is currently not used and also not available under Windows. */ log_error ("apdu_open_reader: invalid PC/SC driver " - "(%d%d%d%d%d%d%d%d%d%d%d%d)\n", + "(%d%d%d%d%d%d%d%d%d%d%d%d%d)\n", !!pcsc_establish_context, !!pcsc_release_context, !!pcsc_list_readers, @@ -2467,7 +2692,8 @@ apdu_open_reader (const char *portstr) !!pcsc_begin_transaction, !!pcsc_end_transaction, !!pcsc_transmit, - !!pcsc_set_timeout ); + !!pcsc_set_timeout, + !!pcsc_control ); dlclose (handle); return -1; } diff --git a/scd/pcsc-wrapper.c b/scd/pcsc-wrapper.c index a7b2198..9379655 100644 --- a/scd/pcsc-wrapper.c +++ b/scd/pcsc-wrapper.c @@ -178,6 +178,13 @@ long (* pcsc_transmit) (unsigned long card, unsigned long *recv_len); long (* pcsc_set_timeout) (unsigned long context, unsigned long timeout); +long (* pcsc_control) (unsigned long card, + unsigned long control_code, + const void *send_buffer, + unsigned long send_len, + void *recv_buffer, + unsigned long recv_len, + unsigned long *bytes_returned); @@ -335,6 +342,7 @@ load_pcsc_driver (const char *libname) pcsc_end_transaction = dlsym (handle, "SCardEndTransaction"); pcsc_transmit = dlsym (handle, "SCardTransmit"); pcsc_set_timeout = dlsym (handle, "SCardSetTimeout"); + pcsc_control = dlsym (handle, "SCardControl"); if (!pcsc_establish_context || !pcsc_release_context @@ -347,13 +355,14 @@ load_pcsc_driver (const char *libname) || !pcsc_begin_transaction || !pcsc_end_transaction || !pcsc_transmit + || !pcsc_control /* || !pcsc_set_timeout */) { /* Note that set_timeout is currently not used and also not available under Windows. */ fprintf (stderr, "apdu_open_reader: invalid PC/SC driver " - "(%d%d%d%d%d%d%d%d%d%d%d%d)\n", + "(%d%d%d%d%d%d%d%d%d%d%d%d%d)\n", !!pcsc_establish_context, !!pcsc_release_context, !!pcsc_list_readers, @@ -365,7 +374,8 @@ load_pcsc_driver (const char *libname) !!pcsc_begin_transaction, !!pcsc_end_transaction, !!pcsc_transmit, - !!pcsc_set_timeout ); + !!pcsc_set_timeout, + !!pcsc_control ); dlclose (handle); exit (1); } @@ -721,6 +731,38 @@ handle_transmit (unsigned char *argbuf, size_t arglen) } +/* Handle a control request. The argument is expected to be a buffer + which contains CONTROL_CODE (4-byte) and INPUT_BYTES. + */ +static void +handle_control (unsigned char *argbuf, size_t arglen) +{ + long err; + unsigned long ioctl_code; + unsigned long recv_len = 1024; + unsigned char buffer[1024]; + + if (arglen < 4) + bad_request ("CONTROL"); + + ioctl_code = (argbuf[0] << 24) | (argbuf[1] << 16) | (argbuf[2] << 8) | argbuf[3]; + argbuf += 4; + arglen -= 4; + + recv_len = sizeof (buffer); + err = pcsc_control (pcsc_card, ioctl_code, argbuf, arglen, + buffer, recv_len, &recv_len); + if (err) + { + if (verbose) + fprintf (stderr, PGM": pcsc_control failed: %s (0x%lx)\n", + pcsc_error_string (err), err); + request_failed (err); + return; + } + request_succeeded (buffer, recv_len); +} + static void print_version (int with_help) @@ -832,6 +874,10 @@ main (int argc, char **argv) handle_reset (argbuffer, arglen); break; + case 6: + handle_control (argbuffer, arglen); + break; + default: fprintf (stderr, PGM ": invalid request 0x%02X\n", c); exit (1); -- 1.7.2.3 From gniibe at fsij.org Thu Jan 13 07:56:01 2011 From: gniibe at fsij.org (NIIBE Yutaka) Date: Thu, 13 Jan 2011 15:56:01 +0900 Subject: [PATCH] pcsc pinpad support (part 2) In-Reply-To: <4D2E86BB.3020602@fsij.org> References: <4D2E5E41.4030602@fsij.org> <4D2E86BB.3020602@fsij.org> Message-ID: <4D2EA201.3090200@fsij.org> Here is the part 2. It does same pininfo condition check like ccid_transceive_secure in ccid-driver.c does. 2011-01-13 NIIBE Yutaka * apdu.c (pcsc_pinpad_verify): New. --- scd/apdu.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 72 insertions(+), 0 deletions(-) diff --git a/scd/apdu.c b/scd/apdu.c index 4942d05..bc75dc9 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -2025,6 +2025,78 @@ check_pcsc_keypad (int slot, int command, int pin_mode, goto check_again; } + + +#define PIN_VERIFY_STRUCTURE_SIZE 23 +static int +pcsc_pinpad_verify (int slot, int class, int ins, int p0, int p1, + struct pininfo_s *pininfo) +{ + int sw; + unsigned char *pin_verify; + unsigned long len = PIN_VERIFY_STRUCTURE_SIZE; + unsigned char result[2]; + size_t resultlen = 2; + + if (!reader_table[slot].atrlen + && (sw = reset_pcsc_reader (slot))) + return sw; + + if (pininfo->mode != 1) + return SW_NOT_SUPPORTED; + + if (pininfo->padlen != 0) + return SW_NOT_SUPPORTED; + + if (!pininfo->minlen) + pininfo->minlen = 1; + if (!pininfo->maxlen) + pininfo->maxlen = 25; + + /* Note that the 25 is the maximum value the SPR532 allows. */ + if (pininfo->minlen < 1 || pininfo->minlen > 25 + || pininfo->maxlen < 1 || pininfo->maxlen > 25 + || pininfo->minlen > pininfo->maxlen) + return SW_HOST_INV_VALUE; + + pin_verify = xtrymalloc (len); + if (!pin_verify) + return SW_HOST_OUT_OF_CORE; + + pin_verify[0] = 0x00; /* bTimerOut */ + pin_verify[1] = 0x00; /* bTimerOut2 */ + pin_verify[2] = 0x82; /* bmFormatString: Byte, pos=0, left, ASCII. */ + pin_verify[3] = 0x00; /* bmPINBlockString */ + pin_verify[4] = 0x00; /* bmPINLengthFormat */ + pin_verify[5] = pininfo->maxlen; /* wPINMaxExtraDigit */ + pin_verify[6] = pininfo->minlen; /* wPINMaxExtraDigit */ + pin_verify[7] = 0x02; /* bEntryValidationCondition: Validation key pressed */ + if (pininfo->minlen && pininfo->maxlen && pininfo->minlen == pininfo->maxlen) + pin_verify[7] |= 0x01; /* Max size reached. */ + pin_verify[8] = 0xff; /* bNumberMessage: Default */ + pin_verify[9] = 0x09; /* wLangId: 0x0409: US English */ + pin_verify[10] = 0x04; /* wLangId: 0x0409: US English */ + pin_verify[11] = 0x00; /* bMsgIndex */ + pin_verify[12] = 0x00; /* bTeoPrologue[0] */ + pin_verify[13] = 0x00; /* bTeoPrologue[1] */ + pin_verify[14] = 0x00; /* bTeoPrologue[2] */ + pin_verify[15] = 0x04; /* ulDataLength */ + pin_verify[16] = 0x00; /* ulDataLength */ + pin_verify[17] = 0x00; /* ulDataLength */ + pin_verify[18] = 0x00; /* ulDataLength */ + pin_verify[19] = class; /* abData[0] */ + pin_verify[20] = ins; /* abData[1] */ + pin_verify[21] = p0; /* abData[2] */ + pin_verify[22] = p1; /* abData[3] */ + + sw = control_pcsc (slot, reader_table[slot].pcsc.verify_ioctl, + pin_verify, len, result, &resultlen); + xfree (pin_verify); + if (sw || resultlen < 2) + return sw? sw : SW_HOST_INCOMPLETE_CARD_RESPONSE; + sw = (result[resultlen-2] << 8) | result[resultlen-1]; + return sw; +} #ifdef HAVE_LIBUSB /* -- 1.7.2.3 From gniibe at fsij.org Thu Jan 13 08:38:31 2011 From: gniibe at fsij.org (NIIBE Yutaka) Date: Thu, 13 Jan 2011 16:38:31 +0900 Subject: [PATCH] fix wLangId in ccid-driver.c In-Reply-To: <4D2EA201.3090200@fsij.org> References: <4D2E5E41.4030602@fsij.org> <4D2E86BB.3020602@fsij.org> <4D2EA201.3090200@fsij.org> Message-ID: <4D2EABF7.9010905@fsij.org> This is not a part of pin pad support series of mine. As I found the bug while I am preparing the patches, I report this. As CCID protocol is little endian, wLangId of US English = 0x0409 is represented as two bytes of 0x09 then 0x04. It is really confusing that the code like following is floating around: pin_verify -> wLangId = HOST_TO_CCID_16(0x0904); But, it is 0x0409 (not 0x0904). It is defined in the documentation: http://www.usb.org/developers/docs/USB_LANGIDs.pdf and origin of this table is Microsoft. We can see it at: http://msdn.microsoft.com/en-us/library/bb165625%28VS.80%29.aspx Yes, it would be better not to hard-code 0x0409. It would be better to try current locale of the user, or to use the first entry of string descriptor. I don't have time to implement such a thing... diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index 98268c0..413a535 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -3136,8 +3136,8 @@ ccid_transceive_secure (ccid_driver_t handle, if (pinlen_min && pinlen_max && pinlen_min == pinlen_max) msg[17] |= 0x01; /* Max size reached. */ msg[18] = 0xff; /* bNumberMessage: Default. */ - msg[19] = 0x04; /* wLangId-High. */ - msg[20] = 0x09; /* wLangId-Low: English FIXME: use the first entry. */ + msg[19] = 0x09; /* wLangId-Low: English FIXME: use the first entry. */ + msg[20] = 0x04; /* wLangId-High. */ msg[21] = 0; /* bMsgIndex. */ /* bTeoProlog follows: */ msg[22] = handle->nonnull_nad? ((1 << 4) | 0): 0; From wk at gnupg.org Thu Jan 13 10:09:02 2011 From: wk at gnupg.org (Werner Koch) Date: Thu, 13 Jan 2011 10:09:02 +0100 Subject: Signing with SHA256 by Smartcard? In-Reply-To: <4CDFCDC0.1060603@fsij.org> (NIIBE Yutaka's message of "Sun, 14 Nov 2010 20:53:36 +0900") References: <4CDFCDC0.1060603@fsij.org> Message-ID: <8739oxxj9t.fsf@vigenere.g10code.de> On Sun, 14 Nov 2010 12:53, gniibe at fsij.org said: > Don't we need to fix agent/call-scd.c? Right, I experienced the same problem. I will fix that. -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Thu Jan 13 17:08:57 2011 From: wk at gnupg.org (Werner Koch) Date: Thu, 13 Jan 2011 17:08:57 +0100 Subject: [Announce] GnuPG 2.0.17 released Message-ID: <87hbdcwzty.fsf@vigenere.g10code.de> Hello! We are pleased to announce the availability of a new stable GnuPG-2 release: Version 2.0.17. The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data, create digital signatures, help authenticating using Secure Shell and to provide a framework for public key cryptography. It includes an advanced key management facility and is compliant with the OpenPGP and S/MIME standards. GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.11) in that it splits up functionality into several modules. However, both versions may be installed alongside without any conflict. In fact, the gpg version from GnuPG-1 is able to make use of the gpg-agent as included in GnuPG-2 and allows for seamless passphrase caching. The advantage of GnuPG-1 is its smaller size and the lack of dependency on other modules at run and build time. We will keep maintaining GnuPG-1 versions because they are very useful for small systems and for server based applications requiring only OpenPGP support. GnuPG is distributed under the terms of the GNU General Public License (GPL version 3). GnuPG-2 works best on GNU/Linux or *BSD systems. What's New =========== * Allow more hash algorithms with the OpenPGP v2 card. * The gpg-agent now tests for a new gpg-agent.conf on a HUP. * Fixed output of "gpgconf --check-options". * Fixed a bug where Scdaemon sends a signal to Gpg-agent running in non-daemon mode. * Fixed TTY management for pinentries and session variable update problem. * Minor bug fixes. Getting the Software ==================== Please follow the instructions found at http://www.gnupg.org/download/ or read on: GnuPG 2.0.17 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the FTP server and its mirrors you should find the following files in the gnupg/ directory: gnupg-2.0.17.tar.bz2 (3904k) gnupg-2.0.17.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-2.0.16-2.0.17.diff.bz2 (75k) A patch file to upgrade a 2.0.16 GnuPG source tree. This patch does not include updates of the language files. Note, that we don't distribute gzip compressed tarballs for GnuPG-2. Checking the Integrity ====================== In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-2.0.17.tar.bz2 you would use this command: gpg --verify gnupg-2.0.17.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using the command finger wk ,at' g10code.com or using a keyserver like gpg --keyserver keys.gnupg.net --recv-key 4F25E3B6 The distribution key 4F25E3B6 is signed by the well known key 1E42B367. NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION! * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file gnupg-2.0.17.tar.bz2, you would run the sha1sum command like this: sha1sum gnupg-2.0.17.tar.bz2 and check that the output matches the first line from the following list: 41ef5460417ca0a1131fc730849fe3afd49ad2de gnupg-2.0.17.tar.bz2 ba49d5ab2659bfe6403d52df58722f439e393bbb gnupg-2.0.16-2.0.17.diff.bz2 Internationalization ==================== GnuPG comes with support for 27 languages. Due to a lot of new and changed strings many translations are not entirely complete. Jakub Bogusz, Petr Pisar, Jedi and Daniel Nylander have been kind enough to update their translations on short notice. Thus the Chinese, Czech, German, Polish and Swedish translations are complete. Documentation ============= We are currently working on an installation guide to explain in more detail how to configure the new features. As of now the chapters on gpg-agent and gpgsm include brief information on how to set up the whole thing. Please watch the GnuPG website for updates of the documentation. In the meantime you may search the GnuPG mailing list archives or ask on the gnupg-users mailing lists for advise on how to solve problems. Many of the new features are around for several years and thus enough public knowledge is already available. KDE's KMail is the most prominent user of GnuPG-2. In fact it has been developed along with the KMail folks. Mutt users might want to use the configure option "--enable-gpgme" and "set use_crypt_gpgme" in ~/.muttrc to make use of GnuPG-2 to enable S/MIME in addition to a reworked OpenPGP support. The manual is also available online in HTML format at http://www.gnupg.org/documentation/manuals/gnupg/ and in Portable Document Format at http://www.gnupg.org/documentation/manuals/gnupg.pdf . Support ======= Improving GnuPG is costly, but you can help! We are looking for organizations that find GnuPG useful and wish to contribute back. You can contribute by reporting bugs, improve the software, order extensions or support or more general by donating money to the Free Software movement (e.g. http://www.fsfeurope.org/help/donate.en.html). Commercial support contracts for GnuPG are available, and they help finance continued maintenance. g10 Code GmbH, a Duesseldorf based company owned and headed by GnuPG's principal author, is currently funding GnuPG development. We are always looking for interesting development projects. The GnuPG service directory is available at: http://www.gnupg.org/service.html Thanks ====== We have to thank all the people who helped with this release, be it testing, coding, translating, suggesting, auditing, administering the servers, spreading the word or answering questions on the mailing lists. Happy Hacking, The GnuPG Team -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From gniibe at fsij.org Fri Jan 14 02:55:27 2011 From: gniibe at fsij.org (NIIBE Yutaka) Date: Fri, 14 Jan 2011 10:55:27 +0900 Subject: [PATCH] pcsc pinpad support (part 3) In-Reply-To: <4D2EA201.3090200@fsij.org> References: <4D2E5E41.4030602@fsij.org> <4D2E86BB.3020602@fsij.org> <4D2EA201.3090200@fsij.org> Message-ID: <4D2FAD0F.9070500@fsij.org> Here is the part 3. You can test the feature of pcsc pinpad suport with part 1, part 2 and part 3. Before this change, it is layered like following: iso7816_verify iso7816_verify_kp apdu_send_simple, apdu_send_simple_kp ... After this change, it will be layered like: iso7816_verify iso7816_verify_kp apdu_send_simple apdu_keypad_verify ... and apdu_send_simple_kp will be deprecated. For PC/SC API, we use SCardControl API to compose CCID PC_to_RDR_Secure message and SCardTransmit API to compose CCID PC_to_RDR_XfrBlock message. Considering the support of PC/SC, we have nothing to share between _kp version of iso7816_* and no _kp version. (This will be more clear when we support change_reference_data.) 2011-01-14 NIIBE Yutaka * apdu.h (apdu_keypad_verify): New. * apdu.c (struct reader_table_s): Add keypad_verify. (pcsc_keypad_verify): Rename from pcsc_pinpad_verify. (ccid_keypad_verify): New. (apdu_keypad_verify): New. * iso7816.c (iso7816_verify_kp): Call apdu_keypad_verify. Only handle the case with PININFO. (iso7816_verify): Call apdu_send_simple. * iso7816.h (iso7816_verify_kp): Remove argument of CHV and CHVLEN. * app-openpgp.c (verify_a_chv, verify_chv3): Follow the change of iso7816_verify_kp. * app-dinsig.c (verify_pin): Likewise. * app-nks.c (verify_pin): Likewise. --- scd/apdu.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++- scd/apdu.h | 3 ++ scd/app-dinsig.c | 2 +- scd/app-nks.c | 2 +- scd/app-openpgp.c | 4 +- scd/iso7816.c | 23 ++++++++----------- scd/iso7816.h | 4 +-- 7 files changed, 77 insertions(+), 21 deletions(-) diff --git a/scd/apdu.c b/scd/apdu.c index bc75dc9..5b7f883 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -110,6 +110,7 @@ struct reader_table_s { int (*check_keypad)(int, int, int, int, int, int); void (*dump_status_reader)(int); int (*set_progress_cb)(int, gcry_handler_progress_t, void*); + int (*keypad_verify)(int, int, int, int, int, struct pininfo_s *); struct { ccid_driver_t handle; @@ -328,6 +329,8 @@ static int apdu_get_status_internal (int slot, int hang, int no_atr_reset, unsigned int *changed); static int check_pcsc_keypad (int slot, int command, int pin_mode, int pinlen_min, int pinlen_max, int pin_padlen); +static int pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, + struct pininfo_s *pininfo); @@ -374,6 +377,7 @@ new_reader_slot (void) reader_table[reader].check_keypad = check_pcsc_keypad; reader_table[reader].dump_status_reader = NULL; reader_table[reader].set_progress_cb = NULL; + reader_table[reader].keypad_verify = pcsc_keypad_verify; reader_table[reader].used = 1; reader_table[reader].any_status = 0; @@ -660,6 +664,7 @@ open_ct_reader (int port) reader_table[reader].send_apdu_reader = ct_send_apdu; reader_table[reader].check_keypad = NULL; reader_table[reader].dump_status_reader = ct_dump_reader_status; + reader_table[reader].keypad_verify = NULL; dump_reader_status (reader); return reader; @@ -2029,7 +2034,7 @@ check_pcsc_keypad (int slot, int command, int pin_mode, #define PIN_VERIFY_STRUCTURE_SIZE 23 static int -pcsc_pinpad_verify (int slot, int class, int ins, int p0, int p1, +pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, struct pininfo_s *pininfo) { int sw; @@ -2234,6 +2239,35 @@ check_ccid_keypad (int slot, int command, int pin_mode, } +static int +ccid_keypad_verify (int slot, int class, int ins, int p0, int p1, + struct pininfo_s *pininfo) +{ + unsigned char apdu[4]; + int err, sw; + unsigned char result[2]; + size_t resultlen = 2; + + apdu[0] = class; + apdu[1] = ins; + apdu[2] = p0; + apdu[3] = p1; + err = ccid_transceive_secure (reader_table[slot].ccid.handle, + apdu, sizeof apdu, + pininfo->mode, pininfo->minlen, pininfo->maxlen, + pininfo->padlen, + result, 2, &resultlen); + if (err) + return err; + + if (resultlen < 2) + return SW_HOST_INCOMPLETE_CARD_RESPONSE; + + sw = (result[resultlen-2] << 8) | result[resultlen-1]; + return sw; +} + + /* Open the reader and try to read an ATR. */ static int open_ccid_reader (const char *portstr) @@ -2278,6 +2312,7 @@ open_ccid_reader (const char *portstr) reader_table[slot].check_keypad = check_ccid_keypad; reader_table[slot].dump_status_reader = dump_ccid_reader_status; reader_table[slot].set_progress_cb = set_progress_cb_ccid_reader; + reader_table[slot].keypad_verify = ccid_keypad_verify; /* Our CCID reader code does not support T=0 at all, thus reset the flag. */ reader_table[slot].is_t0 = 0; @@ -2570,6 +2605,7 @@ open_rapdu_reader (int portno, reader_table[slot].send_apdu_reader = my_rapdu_send_apdu; reader_table[slot].check_keypad = NULL; reader_table[slot].dump_status_reader = NULL; + reader_table[slot].keypad_verify = NULL; dump_reader_status (slot); rapdu_msg_release (msg); @@ -3165,6 +3201,28 @@ apdu_check_keypad (int slot, int command, int pin_mode, } +int +apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, int pin_mode, + int pinlen_min, int pinlen_max, int pin_padlen) +{ + struct pininfo_s pininfo; + + pininfo.mode = pin_mode; + pininfo.minlen = pinlen_min; + pininfo.maxlen = pinlen_max; + pininfo.padlen = pin_padlen; + + if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) + return SW_HOST_NO_DRIVER; + + if (reader_table[slot].keypad_verify) + return reader_table[slot].keypad_verify (slot, class, ins, p0, p1, + &pininfo); + else + return SW_HOST_NOT_SUPPORTED; +} + + /* Dispatcher for the actual send_apdu function. Note, that this function should be called in locked state. */ static int diff --git a/scd/apdu.h b/scd/apdu.h index c47dea8..4d21fb8 100644 --- a/scd/apdu.h +++ b/scd/apdu.h @@ -114,6 +114,9 @@ int apdu_get_status (int slot, int hang, unsigned int *status, unsigned int *changed); int apdu_check_keypad (int slot, int command, int pin_mode, int pinlen_min, int pinlen_max, int pin_padlen); +int apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, + int pin_mode, int pinlen_min, int pinlen_max, + int pin_padlen); int apdu_send_simple (int slot, int extended_mode, int class, int ins, int p0, int p1, int lc, const char *data); diff --git a/scd/app-dinsig.c b/scd/app-dinsig.c index 46e9a6a..34fbd13 100644 --- a/scd/app-dinsig.c +++ b/scd/app-dinsig.c @@ -304,7 +304,7 @@ verify_pin (app_t app, gpg_strerror (rc)); return rc; } - rc = iso7816_verify_kp (app->slot, 0x81, "", 0, &pininfo); + rc = iso7816_verify_kp (app->slot, 0x81, &pininfo); /* Dismiss the prompt. */ pincb (pincb_arg, NULL, NULL); } diff --git a/scd/app-nks.c b/scd/app-nks.c index 076b913..27a6413 100644 --- a/scd/app-nks.c +++ b/scd/app-nks.c @@ -803,7 +803,7 @@ verify_pin (app_t app, int pwid, const char *desc, return rc; } - rc = iso7816_verify_kp (app->slot, pwid, "", 0, &pininfo); + rc = iso7816_verify_kp (app->slot, pwid, &pininfo); pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */ } else diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 029d99f..ac8eacb 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -1541,7 +1541,7 @@ verify_a_chv (app_t app, gpg_strerror (rc)); return rc; } - rc = iso7816_verify_kp (app->slot, 0x80+chvno, "", 0, &pininfo); + rc = iso7816_verify_kp (app->slot, 0x80+chvno, &pininfo); /* Dismiss the prompt. */ pincb (pincb_arg, NULL, NULL); @@ -1721,7 +1721,7 @@ verify_chv3 (app_t app, gpg_strerror (rc)); return rc; } - rc = iso7816_verify_kp (app->slot, 0x83, "", 0, &pininfo); + rc = iso7816_verify_kp (app->slot, 0x83, &pininfo); /* Dismiss the prompt. */ pincb (pincb_arg, NULL, NULL); } diff --git a/scd/iso7816.c b/scd/iso7816.c index b55da41..8490dad 100644 --- a/scd/iso7816.c +++ b/scd/iso7816.c @@ -281,22 +281,16 @@ iso7816_check_keypad (int slot, int command, iso7816_pininfo_t *pininfo) /* Perform a VERIFY command on SLOT using the card holder verification - vector CHVNO with a CHV of lenght CHVLEN. With PININFO non-NULL - the keypad of the reader will be used. Returns 0 on success. */ + vector CHVNO. With PININFO non-NULL the keypad of the reader will + be used. Returns 0 on success. */ gpg_error_t -iso7816_verify_kp (int slot, int chvno, const char *chv, size_t chvlen, - iso7816_pininfo_t *pininfo) +iso7816_verify_kp (int slot, int chvno, iso7816_pininfo_t *pininfo) { int sw; - if (pininfo && pininfo->mode) - sw = apdu_send_simple_kp (slot, 0x00, CMD_VERIFY, 0, chvno, chvlen, chv, - pininfo->mode, - pininfo->minlen, - pininfo->maxlen, - pininfo->padlen); - else - sw = apdu_send_simple (slot, 0, 0x00, CMD_VERIFY, 0, chvno, chvlen, chv); + sw = apdu_keypad_verify (slot, 0x00, CMD_VERIFY, 0, chvno, + pininfo->mode, pininfo->minlen, pininfo->maxlen, + pininfo->padlen); return map_sw (sw); } @@ -305,7 +299,10 @@ iso7816_verify_kp (int slot, int chvno, const char *chv, size_t chvlen, gpg_error_t iso7816_verify (int slot, int chvno, const char *chv, size_t chvlen) { - return iso7816_verify_kp (slot, chvno, chv, chvlen, NULL); + int sw; + + sw = apdu_send_simple (slot, 0, 0x00, CMD_VERIFY, 0, chvno, chvlen, chv); + return map_sw (sw); } /* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder diff --git a/scd/iso7816.h b/scd/iso7816.h index 8519712..6af4701 100644 --- a/scd/iso7816.h +++ b/scd/iso7816.h @@ -63,9 +63,7 @@ gpg_error_t iso7816_check_keypad (int slot, int command, iso7816_pininfo_t *pininfo); gpg_error_t iso7816_verify (int slot, int chvno, const char *chv, size_t chvlen); -gpg_error_t iso7816_verify_kp (int slot, - int chvno, const char *chv, size_t chvlen, - iso7816_pininfo_t *pininfo); +gpg_error_t iso7816_verify_kp (int slot, int chvno, iso7816_pininfo_t *pininfo); gpg_error_t iso7816_change_reference_data (int slot, int chvno, const char *oldchv, size_t oldchvlen, const char *newchv, size_t newchvlen); -- 1.7.2.3 From gniibe at fsij.org Fri Jan 14 08:15:50 2011 From: gniibe at fsij.org (NIIBE Yutaka) Date: Fri, 14 Jan 2011 16:15:50 +0900 Subject: Gnuk version 0.6 Message-ID: <4D2FF826.2050209@fsij.org> Gnuk version 0.6 is out. Highlights are (from NEWS): * Experimental PIN-pad support is added. Local PIN-pad input is supported for boards which have input hardware. PIN input using consumer IR receive module is tested with STBee Mini and STM8S Discovery. * USB device serial number is virtually unique now. STM32F103 has 96-bit unique chip identifier. We take advantage of this, Gnuk Token has virtually unique USB serial number. * Card serial number is determined at run time by chip identifier. Until version 0.5, card serial number was compile time option. If we used same binary for different devices, card serial number was same. Now, we use STM32F103's 96-bit unique chip identifier for card serial number (when you don't use --with-fixed-serial option). * More improved USB-CCID/ICCD implementation. The changes in 0.5 was not that good for libccid 1.3.11, which has small buffer (only 262-byte APDU). Workaround for libccid 1.3.11 is implemented. Enjoy, -- From gniibe at fsij.org Sat Jan 15 14:09:20 2011 From: gniibe at fsij.org (NIIBE Yutaka) Date: Sat, 15 Jan 2011 22:09:20 +0900 Subject: Gnuk version 0.7 In-Reply-To: <4D2FF826.2050209@fsij.org> References: <4D2FF826.2050209@fsij.org> Message-ID: <4D319C80.1020303@fsij.org> Gnuk version 0.7 is out. That's because I introduced a severe bug in 0.6. Version 0.7 is just for this bug fix. -- From kgo at grant-olson.net Sun Jan 16 02:20:18 2011 From: kgo at grant-olson.net (Grant Olson) Date: Sat, 15 Jan 2011 20:20:18 -0500 Subject: Tips running gpg-agent/scdaemon in a dev env? Message-ID: <4D3247D2.4090400@grant-olson.net> Short story =========== I'm looking for some tips to make it easy to develop and test changes with scdaemon, without having to do make install and restarting my X session. Any tips would be appreciated. Long Story ========== I've got a cryptostick, and it's been annoying me that scdaemon dies whenever I unplug the device. It seems scdaemon expects you to have a card reader that is always there, and a card that you would remove and re-insert. Since the cryptostick is one of those USB reader/cards, I need to kill the scdaemon process whenever I remove the card and re-insert it later. I thought I'd see if I could fix this. My pertinent background: I'm a proficient C programmer, and have written some patches for other open source projects, but most of that is at an 'application' level. I haven't done much dealing with background processes and daemons and talking to hardware. So I might be asking some stupid questions. I did checkout STABLE-BRANCH-2.0 from git, and got everything compiled and ran a 'make install'. The newly compiled version works just fine on my Ubuntu 10.4 machine. The first problem I ran into was that gpg-agent was always starting up on my box, even if I didn't start it up in .xsession. Then when I killed it, the process sat around, but it was listed as . I finally tracked that down to /etc/X11/Xsession.d, where gpg-agent would automatically be started if 'use-agent' was set in gpg.conf. I disabled that, restarted, and gpg-agent wasn't running in the background anymore. At this point, I was hoping I could at least run 'gpg-agent --daemon --no-detach' and that would at least provide a usable gpg-agent. But when I try to run a simple command, I no longer find my card: grant at johnsmallberries:~$ . ./.gnupg/gpg-agent-info-johnsmallberries grant at johnsmallberries:~$ gpg2 --card-status gpg: can't connect to the agent - trying fall back scdaemon[2511]: PC/SC OPEN failed: unknown PC/SC error code gpg: selecting openpgp failed: Card error gpg: OpenPGP card not available: Card error grant at johnsmallberries:~$ scdaemon[2511]: scdaemon (GnuPG) 2.0.17-git56b2bc2 stopped If anyone could provide some tips so that I can get to the point where I can easily start/stop gpg-agent and scdaemon at will while developing, I'd greatly appreciate it. -Grant -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 554 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Sun Jan 16 13:57:42 2011 From: wk at gnupg.org (Werner Koch) Date: Sun, 16 Jan 2011 13:57:42 +0100 Subject: Tips running gpg-agent/scdaemon in a dev env? In-Reply-To: <4D3247D2.4090400@grant-olson.net> (Grant Olson's message of "Sat, 15 Jan 2011 20:20:18 -0500") References: <4D3247D2.4090400@grant-olson.net> Message-ID: <87zkr1t395.fsf@vigenere.g10code.de> On Sun, 16 Jan 2011 02:20, kgo at grant-olson.net said: > If anyone could provide some tips so that I can get to the point where I > can easily start/stop gpg-agent and scdaemon at will while developing, For testing I do this. I add a disable-scdaemon to ~/.gnupg/gpg-agent.conf . This allows to keep on using gpg-agent. For testing I have a new gnupg home directory, cd to it and then run gpg-agent this way: cd /home/me/testdir GNUPGHOME=$(pwd) ~/b/gnupg/gpg-agent --daemon sh The creates a new shell with all environment variables properly set up. If you want to test a new version of gpg-agent, just enter "exit" to leave this shell and wait a few seconds until the still running gpg-agent detected that the shell terminated and terminate itself. You may test this by running gpg-connect-agent. For example gpg-connect-agent 'getinfo socket_name' /bye quickliy shows tou the socket gpg-agent is using. gpg-connect-agent 'getinfo pid' /bye shows the pid; you may also run gpg-connect-agent interactivly. For example: gpg-connect-agent > scd serialno Starts scdameon if it is not already running and sends the SERIALNO command to scdameon (via gpg-agent). Running watchgnupg on a log socket dedicated to the test environment is also very helpful; add log-file socket:///home/me/testdir/S.log debug 1024 verbose to testdir/gpg-agent.conf and testdir/scdaemon.conf. In some xterm run watchgnupg --force /home/me/testdir/S.log to see what's going on. Salam-Shalom, Werner p.s. If you want to send patches, be aware that we need copyright assignments to the FSF. A couple of patches to solve your problem have already been posted to this ML. -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From kgo at grant-olson.net Sun Jan 16 20:09:48 2011 From: kgo at grant-olson.net (Grant Olson) Date: Sun, 16 Jan 2011 14:09:48 -0500 Subject: Tips running gpg-agent/scdaemon in a dev env? In-Reply-To: <87zkr1t395.fsf@vigenere.g10code.de> References: <4D3247D2.4090400@grant-olson.net> <87zkr1t395.fsf@vigenere.g10code.de> Message-ID: <4D33427C.8020909@grant-olson.net> On 1/16/11 7:57 AM, Werner Koch wrote: > > p.s. If you want to send patches, be aware that we need copyright > assignments to the FSF. A couple of patches to solve your problem have > already been posted to this ML. > First of all, thanks for the detailed explanation on getting thing up and running. It's more than I could have hoped for. I have no problem filling out copyright assignment paperwork, but are you saying people provided patches but no copyright assignment? Or are these patches expected to be integrated? Or are they in limbo? I just don't want to redo the work if the problem is solved and will be available in gnupg. And I also don't want to look at the patches if they're not legally cleared, I'd rather write wholly original code for copyright purposes. -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war." -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 559 bytes Desc: OpenPGP digital signature URL: From gniibe at fsij.org Mon Jan 17 07:50:07 2011 From: gniibe at fsij.org (NIIBE Yutaka) Date: Mon, 17 Jan 2011 15:50:07 +0900 Subject: [PATCH] pcsc pinpad support (part 4) In-Reply-To: <4D2FAD0F.9070500@fsij.org> References: <4D2E5E41.4030602@fsij.org> <4D2E86BB.3020602@fsij.org> <4D2EA201.3090200@fsij.org> <4D2FAD0F.9070500@fsij.org> Message-ID: <4D33E69F.5050202@fsij.org> Here is the part 4. Compilation is tested, but it is not tested well. I don't have a reader with keypad (I am implementing the feature in Gnuk now). Please report your result(s) if you test these patch series. Thanks in advance. 2011-01-17 NIIBE Yutaka * apdu.h (apdu_keypad_modify): New. * apdu.c (reader_table_s: Add field for keypad_modify. (pcsc_keypad_modify): New. (apdu_keypad_modify): New. * app-openpgp.c (do_change_pin): Handle keypad and call iso7816_change_reference_data_kp if it is the case. * iso7816.h (iso7816_change_reference_data_kp): Remove arguments of OLDCHV, OLDCHVLEN, NEWCHV, and NEWCHVLEN. * iso7816.c (iso7816_change_reference_data_kp): Call apdu_keypad_modify. (iso7816_change_reference_data): Don't call iso7816_change_reference_data_kp. --- scd/apdu.c | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++ scd/apdu.h | 3 + scd/app-openpgp.c | 60 ++++++++++++++++++++--------- scd/iso7816.c | 53 ++++++++++--------------- scd/iso7816.h | 4 +- 5 files changed, 178 insertions(+), 53 deletions(-) diff --git a/scd/apdu.c b/scd/apdu.c index 5b7f883..df19640 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -111,6 +111,7 @@ struct reader_table_s { void (*dump_status_reader)(int); int (*set_progress_cb)(int, gcry_handler_progress_t, void*); int (*keypad_verify)(int, int, int, int, int, struct pininfo_s *); + int (*keypad_modify)(int, int, int, int, int, struct pininfo_s *); struct { ccid_driver_t handle; @@ -331,6 +332,8 @@ static int check_pcsc_keypad (int slot, int command, int pin_mode, int pinlen_min, int pinlen_max, int pin_padlen); static int pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, struct pininfo_s *pininfo); +static int pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, + struct pininfo_s *pininfo); @@ -378,6 +381,7 @@ new_reader_slot (void) reader_table[reader].dump_status_reader = NULL; reader_table[reader].set_progress_cb = NULL; reader_table[reader].keypad_verify = pcsc_keypad_verify; + reader_table[reader].keypad_modify = pcsc_keypad_modify; reader_table[reader].used = 1; reader_table[reader].any_status = 0; @@ -665,6 +669,7 @@ open_ct_reader (int port) reader_table[reader].check_keypad = NULL; reader_table[reader].dump_status_reader = ct_dump_reader_status; reader_table[reader].keypad_verify = NULL; + reader_table[reader].keypad_modify = NULL; dump_reader_status (reader); return reader; @@ -2102,6 +2107,88 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, sw = (result[resultlen-2] << 8) | result[resultlen-1]; return sw; } + + +#define PIN_MODIFY_STRUCTURE_SIZE 28 +static int +pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, + struct pininfo_s *pininfo) +{ + int sw; + unsigned char *pin_modify; + unsigned long len = PIN_MODIFY_STRUCTURE_SIZE; + unsigned char result[2]; + size_t resultlen = 2; + + if (!reader_table[slot].atrlen + && (sw = reset_pcsc_reader (slot))) + return sw; + + if (pininfo->mode != 1) + return SW_NOT_SUPPORTED; + + if (pininfo->padlen != 0) + return SW_NOT_SUPPORTED; + + if (!pininfo->minlen) + pininfo->minlen = 1; + if (!pininfo->maxlen) + pininfo->maxlen = 25; + + /* Note that the 25 is the maximum value the SPR532 allows. */ + if (pininfo->minlen < 1 || pininfo->minlen > 25 + || pininfo->maxlen < 1 || pininfo->maxlen > 25 + || pininfo->minlen > pininfo->maxlen) + return SW_HOST_INV_VALUE; + + pin_modify = xtrymalloc (len); + if (!pin_modify) + return SW_HOST_OUT_OF_CORE; + + pin_modify[0] = 0x00; /* bTimerOut */ + pin_modify[1] = 0x00; /* bTimerOut2 */ + pin_modify[2] = 0x82; /* bmFormatString: Byte, pos=0, left, ASCII. */ + pin_modify[3] = 0x00; /* bmPINBlockString */ + pin_modify[4] = 0x00; /* bmPINLengthFormat */ + pin_modify[5] = 0x00; /* bInsertionOffsetOld */ + pin_modify[6] = 0x00; /* bInsertionOffsetNew */ + pin_modify[7] = pininfo->maxlen; /* wPINMaxExtraDigit */ + pin_modify[8] = pininfo->minlen; /* wPINMaxExtraDigit */ + pin_modify[9] = 0x03; /* bConfirmPIN + * 0x00: new PIN once + * 0x01: new PIN twice (confirmation) + * 0x02: old PIN and new PIN once + * 0x03: old PIN and new PIN twice (confirmation) + */ + pin_modify[10] = 0x02; /* bEntryValidationCondition: Validation key pressed */ + if (pininfo->minlen && pininfo->maxlen && pininfo->minlen == pininfo->maxlen) + pin_modify[10] |= 0x01; /* Max size reached. */ + pin_modify[11] = 0xff; /* bNumberMessage: Default */ + pin_modify[12] = 0x09; /* wLangId: 0x0409: US English */ + pin_modify[13] = 0x04; /* wLangId: 0x0409: US English */ + pin_modify[14] = 0x00; /* bMsgIndex1 */ + pin_modify[15] = 0x00; /* bMsgIndex2 */ + pin_modify[16] = 0x00; /* bMsgIndex3 */ + pin_modify[17] = 0x00; /* bTeoPrologue[0] */ + pin_modify[18] = 0x00; /* bTeoPrologue[1] */ + pin_modify[19] = 0x00; /* bTeoPrologue[2] */ + pin_modify[20] = 0x04; /* ulDataLength */ + pin_modify[21] = 0x00; /* ulDataLength */ + pin_modify[22] = 0x00; /* ulDataLength */ + pin_modify[23] = 0x00; /* ulDataLength */ + pin_modify[24] = class; /* abData[0] */ + pin_modify[25] = ins; /* abData[1] */ + pin_modify[26] = p0; /* abData[2] */ + pin_modify[27] = p1; /* abData[3] */ + + sw = control_pcsc (slot, reader_table[slot].pcsc.modify_ioctl, + pin_modify, len, result, &resultlen); + xfree (pin_modify); + if (sw || resultlen < 2) + return sw? sw : SW_HOST_INCOMPLETE_CARD_RESPONSE; + sw = (result[resultlen-2] << 8) | result[resultlen-1]; + return sw; +} #ifdef HAVE_LIBUSB /* @@ -2313,6 +2400,7 @@ open_ccid_reader (const char *portstr) reader_table[slot].dump_status_reader = dump_ccid_reader_status; reader_table[slot].set_progress_cb = set_progress_cb_ccid_reader; reader_table[slot].keypad_verify = ccid_keypad_verify; + reader_table[slot].keypad_modify = NULL; /* Our CCID reader code does not support T=0 at all, thus reset the flag. */ reader_table[slot].is_t0 = 0; @@ -2606,6 +2694,7 @@ open_rapdu_reader (int portno, reader_table[slot].check_keypad = NULL; reader_table[slot].dump_status_reader = NULL; reader_table[slot].keypad_verify = NULL; + reader_table[slot].keypad_modify = NULL; dump_reader_status (slot); rapdu_msg_release (msg); @@ -3223,6 +3312,28 @@ apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, int pin_mode, } +int +apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, int pin_mode, + int pinlen_min, int pinlen_max, int pin_padlen) +{ + struct pininfo_s pininfo; + + pininfo.mode = pin_mode; + pininfo.minlen = pinlen_min; + pininfo.maxlen = pinlen_max; + pininfo.padlen = pin_padlen; + + if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) + return SW_HOST_NO_DRIVER; + + if (reader_table[slot].keypad_modify) + return reader_table[slot].keypad_modify (slot, class, ins, p0, p1, + &pininfo); + else + return SW_HOST_NOT_SUPPORTED; +} + + /* Dispatcher for the actual send_apdu function. Note, that this function should be called in locked state. */ static int diff --git a/scd/apdu.h b/scd/apdu.h index 4d21fb8..dbfffcc 100644 --- a/scd/apdu.h +++ b/scd/apdu.h @@ -117,6 +117,9 @@ int apdu_check_keypad (int slot, int command, int pin_mode, int apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, int pin_mode, int pinlen_min, int pinlen_max, int pin_padlen); +int apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, + int pin_mode, int pinlen_min, int pinlen_max, + int pin_padlen); int apdu_send_simple (int slot, int extended_mode, int class, int ins, int p0, int p1, int lc, const char *data); diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index ac8eacb..48af0ca 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -1906,8 +1906,14 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, char *pinvalue; int reset_mode = !!(flags & APP_CHANGE_FLAG_RESET); int set_resetcode = 0; + iso7816_pininfo_t pininfo; + int use_keypad = 0; + int minlen = 6; (void)ctrl; + memset (&pininfo, 0, sizeof pininfo); + pininfo.mode = 1; + pininfo.minlen = minlen; if (reset_mode && chvno == 3) { @@ -1951,6 +1957,11 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, { /* Version 2 cards. */ + if (!opt.disable_keypad + && !iso7816_check_keypad (app->slot, + ISO7816_CHANGE_REFERENCE_DATA, &pininfo)) + use_keypad = 1; + if (reset_mode) { /* To reset a PIN the Admin PIN is required. */ @@ -1964,12 +1975,12 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, } else if (chvno == 1 || chvno == 3) { - int minlen = (chvno ==3)? 8 : 6; char *promptbuf = NULL; const char *prompt; if (chvno == 3) { + minlen = 8; rc = build_enter_admin_pin_prompt (app, &promptbuf); if (rc) goto leave; @@ -1977,7 +1988,9 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, } else prompt = _("||Please enter the PIN"); - rc = pincb (pincb_arg, prompt, &oldpinvalue); + + rc = pincb (pincb_arg, prompt, use_keypad ? NULL : &oldpinvalue); + xfree (promptbuf); promptbuf = NULL; if (rc) @@ -1987,7 +2000,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, goto leave; } - if (strlen (oldpinvalue) < minlen) + if (!use_keypad && strlen (oldpinvalue) < minlen) { log_info (_("PIN for CHV%d is too short;" " minimum length is %d\n"), chvno, minlen); @@ -2003,8 +2016,8 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, unsigned char *value; size_t valuelen; int remaining; - int minlen = 8; + minlen = 8; relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL); if (!relptr || valuelen < 7) { @@ -2051,17 +2064,20 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, else app->did_chv1 = app->did_chv2 = 0; - /* TRANSLATORS: Do not translate the "|*|" prefixes but - keep it at the start of the string. We need this elsewhere - to get some infos on the string. */ - rc = pincb (pincb_arg, - set_resetcode? _("|RN|New Reset Code") : - chvno == 3? _("|AN|New Admin PIN") : _("|N|New PIN"), - &pinvalue); - if (rc) + if (!use_keypad) { - log_error (_("error getting new PIN: %s\n"), gpg_strerror (rc)); - goto leave; + /* TRANSLATORS: Do not translate the "|*|" prefixes but + keep it at the start of the string. We need this elsewhere + to get some infos on the string. */ + rc = pincb (pincb_arg, + set_resetcode? _("|RN|New Reset Code") : + chvno == 3? _("|AN|New Admin PIN") : _("|N|New PIN"), + &pinvalue); + if (rc) + { + log_error (_("error getting new PIN: %s\n"), gpg_strerror (rc)); + goto leave; + } } @@ -2121,10 +2137,18 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, { /* Version 2 cards. */ assert (chvno == 1 || chvno == 3); - - rc = iso7816_change_reference_data (app->slot, 0x80 + chvno, - oldpinvalue, strlen (oldpinvalue), - pinvalue, strlen (pinvalue)); + + if (use_keypad) + { + rc = iso7816_change_reference_data_kp (app->slot, 0x80 + chvno, + &pininfo); + /* Dismiss the prompt. */ + pincb (pincb_arg, NULL, NULL); + } + else + rc = iso7816_change_reference_data (app->slot, 0x80 + chvno, + oldpinvalue, strlen (oldpinvalue), + pinvalue, strlen (pinvalue)); } if (pinvalue) diff --git a/scd/iso7816.c b/scd/iso7816.c index 8490dad..117de04 100644 --- a/scd/iso7816.c +++ b/scd/iso7816.c @@ -306,16 +306,29 @@ iso7816_verify (int slot, int chvno, const char *chv, size_t chvlen) } /* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder + verification vector CHVNO. With PININFO non-NULL the keypad of the + reader will be used. */ +gpg_error_t +iso7816_change_reference_data_kp (int slot, int chvno, + iso7816_pininfo_t *pininfo) +{ + int sw; + + sw = apdu_keypad_modify (slot, 0x00, CMD_CHANGE_REFERENCE_DATA, 0, chvno, + pininfo->mode, pininfo->minlen, pininfo->maxlen, + pininfo->padlen); + return map_sw (sw); +} + +/* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder verification vector CHVNO. If the OLDCHV is NULL (and OLDCHVLEN 0), a "change reference data" is done, otherwise an "exchange reference data". The new reference data is expected in NEWCHV of - length NEWCHVLEN. With PININFO non-NULL the keypad of the reader - will be used. */ + length NEWCHVLEN. */ gpg_error_t -iso7816_change_reference_data_kp (int slot, int chvno, - const char *oldchv, size_t oldchvlen, - const char *newchv, size_t newchvlen, - iso7816_pininfo_t *pininfo) +iso7816_change_reference_data (int slot, int chvno, + const char *oldchv, size_t oldchvlen, + const char *newchv, size_t newchvlen) { int sw; char *buf; @@ -332,36 +345,12 @@ iso7816_change_reference_data_kp (int slot, int chvno, memcpy (buf, oldchv, oldchvlen); memcpy (buf+oldchvlen, newchv, newchvlen); - if (pininfo && pininfo->mode) - sw = apdu_send_simple_kp (slot, 0x00, CMD_CHANGE_REFERENCE_DATA, - oldchvlen? 0 : 1, chvno, oldchvlen+newchvlen, buf, - pininfo->mode, - pininfo->minlen, - pininfo->maxlen, - pininfo->padlen); - else - sw = apdu_send_simple (slot, 0, 0x00, CMD_CHANGE_REFERENCE_DATA, - oldchvlen? 0 : 1, chvno, oldchvlen+newchvlen, buf); + sw = apdu_send_simple (slot, 0, 0x00, CMD_CHANGE_REFERENCE_DATA, + oldchvlen? 0 : 1, chvno, oldchvlen+newchvlen, buf); xfree (buf); return map_sw (sw); - } -/* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder - verification vector CHVNO. If the OLDCHV is NULL (and OLDCHVLEN - 0), a "change reference data" is done, otherwise an "exchange - reference data". The new reference data is expected in NEWCHV of - length NEWCHVLEN. */ -gpg_error_t -iso7816_change_reference_data (int slot, int chvno, - const char *oldchv, size_t oldchvlen, - const char *newchv, size_t newchvlen) -{ - return iso7816_change_reference_data_kp (slot, chvno, oldchv, oldchvlen, - newchv, newchvlen, NULL); -} - - gpg_error_t iso7816_reset_retry_counter_kp (int slot, int chvno, const char *newchv, size_t newchvlen, diff --git a/scd/iso7816.h b/scd/iso7816.h index 6af4701..6d52702 100644 --- a/scd/iso7816.h +++ b/scd/iso7816.h @@ -68,9 +68,7 @@ gpg_error_t iso7816_change_reference_data (int slot, int chvno, const char *oldchv, size_t oldchvlen, const char *newchv, size_t newchvlen); gpg_error_t iso7816_change_reference_data_kp (int slot, int chvno, - const char *oldchv, size_t oldchvlen, - const char *newchv, size_t newchvlen, - iso7816_pininfo_t *pininfo); + iso7816_pininfo_t *pininfo); gpg_error_t iso7816_reset_retry_counter (int slot, int chvno, const char *newchv, size_t newchvlen); gpg_error_t iso7816_reset_retry_counter_kp (int slot, int chvno, -- 1.7.2.3 From wk at gnupg.org Mon Jan 17 09:53:06 2011 From: wk at gnupg.org (Werner Koch) Date: Mon, 17 Jan 2011 09:53:06 +0100 Subject: Tips running gpg-agent/scdaemon in a dev env? In-Reply-To: <4D33427C.8020909@grant-olson.net> (Grant Olson's message of "Sun, 16 Jan 2011 14:09:48 -0500") References: <4D3247D2.4090400@grant-olson.net> <87zkr1t395.fsf@vigenere.g10code.de> <4D33427C.8020909@grant-olson.net> Message-ID: <87d3nvud1p.fsf@vigenere.g10code.de> On Sun, 16 Jan 2011 20:09, kgo at grant-olson.net said: > you saying people provided patches but no copyright assignment? Or are > these patches expected to be integrated? Or are they in limbo? I just I have not looked closely at them. Sure they shall be integrated; thoses fixes are rather small but according the comments they are not a full fix. gniibe recently did some work on scdaemon and posted patches to this ML. They will be integrated as soon as we have finished the paper work. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From kgo at grant-olson.net Tue Jan 18 06:29:10 2011 From: kgo at grant-olson.net (Grant Olson) Date: Tue, 18 Jan 2011 00:29:10 -0500 Subject: How should I detect if I've got a reader/smartcard combo? Message-ID: <4D352526.5070008@grant-olson.net> I've got a working patch on my machine that lets me unplug my reader/smartcard combo at will. But it still needs some cleanup on a few things before I can send it to the list. There's one thing in particular I'd appreciate some advice on. Right now I detect when the device is removed by catching a change in the slot status. When the slot status equals zero it looks like this means the card has been removed. At that point I unload the reader. This is working fine for me, but I imagine its less than ideal for a stand-alone reader. I imagine we want to keep scdaemon attached to the reader. If it was just a cryptostick issue, I could just check the vendor id. But I believe OmniKey and SCM both have similar devices. Can I query through an existing scdaemon function to see if there's a reader attached? Or look to see if a particular device exists? Or should I be doing something else completely? Are there approaches that will work better with Windows boxes? Etc... I actually did order a reader and stand-alone card last week after killing scdaemon one too many times, so I should be able to test both configurations once those show up. Any and all input is appreciated. -Grant -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 565 bytes Desc: OpenPGP digital signature URL: From bernhard at intevation.de Tue Jan 18 15:29:20 2011 From: bernhard at intevation.de (Bernhard Reiter) Date: Tue, 18 Jan 2011 15:29:20 +0100 Subject: libgcrypt 1.4.6 mpi on amd build fails? Message-ID: <201101181529.24436.bernhard@intevation.de> config.status: linking mpi/amd64/mpih-add1.S to mpi/mpih-add1-asm.S [..] Libgcrypt v1.4.6 has been configured as follows: Platform: GNU/Linux (x86_64-unknown-linux-gnu) bin/sh ../libtool --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -Wa,--noexecstack -g -O2 -MT mpih-add1-asm.lo -MD -MP -MF .deps/mpih-add1-asm.Tpo -c -o mpih-add1-asm.lo mpih-add1-asm.S gcc -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -Wa,--noexecstack -g -O2 -MT mpih-add1-asm.lo -MD -MP -MF .deps/mpih-add1-asm.Tpo -c mpih-add1-asm.S -fPIC -DPIC -o .libs/mpih-add1-asm.o mpih-add1-asm.S: Assembler messages: mpih-add1-asm.S:46: Error: bad register name `%rsi,%rcx,8)' mpih-add1-asm.S:47: Error: bad register name `%rdi,%rcx,8)' mpih-add1-asm.S:48: Error: bad register name `%rdx,%rcx,8)' mpih-add1-asm.S:49: Error: bad register name `%rcx' mpih-add1-asm.S:53: Error: bad register name `%rsi,%rcx,8)' mpih-add1-asm.S:54: Error: bad register name `%rdx,%rcx,8)' mpih-add1-asm.S:55: Error: bad register name `%r10' mpih-add1-asm.S:56: Error: bad register name `%rax' mpih-add1-asm.S:57: Error: bad register name `%rcx' mpih-add1-asm.S:60: Error: bad register name `%rcx' mpih-add1-asm.S:61: Error: bad register name `%rax' make[2]: *** [mpih-add1-asm.lo] Fehler 1 This is on Debian Lenny 32 userland, running the 2.6.26-2-amd64 (Debian 2.6.26-26lenny1) kernel. -- Managing Director - Owner: www.intevation.net (Free Software Company) Deputy Coordinator Germany: fsfe.org. Board member: www.kolabsys.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From bernhard at intevation.de Tue Jan 18 16:26:56 2011 From: bernhard at intevation.de (Bernhard Reiter) Date: Tue, 18 Jan 2011 16:26:56 +0100 Subject: dirmngr 1.1.0 hanging when looking up crls? In-Reply-To: <201101101256.29346.bernhard@intevation.de> References: <201101071310.04679.bernhard@intevation.de> <87aajc3ar4.fsf@vigenere.g10code.de> <201101101256.29346.bernhard@intevation.de> Message-ID: <201101181627.00091.bernhard@intevation.de> Am Montag, 10. Januar 2011 12:56:23 schrieb Bernhard Reiter: > Am Freitag, 7. Januar 2011 18:05:19 schrieb Werner Koch: > > On Fri, ?7 Jan 2011 13:10, bernhard at intevation.de said: > > > Is it wanted behaviour that dirmngr does not reply to pings when > > > looking up stuff? > > > > No. ?It might be waiting for a DNS timeout - we can't do much about this > > right now. > > > > What OS? ?More detailed info required. ? > > GNU/Linux (Debian Lenny), S/MIME. > Might be related to a specific certificate. > > > If possible try to replicate this problem with dirmngr 2.1. > > I do not have it packaged right now. But I'll see what I can do next time. Reproduced with dirmngr 2.1.0beta, https://bugs.g10code.com/gnupg/issue1313 (dirmngr unresponsive when waiting for some http CRL connect() -> ping and other requests fail) -- Managing Director - Owner: www.intevation.net (Free Software Company) Deputy Coordinator Germany: fsfe.org. Board member: www.kolabsys.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3696 bytes Desc: not available URL: From gniibe at fsij.org Wed Jan 19 01:02:26 2011 From: gniibe at fsij.org (NIIBE Yutaka) Date: Wed, 19 Jan 2011 09:02:26 +0900 Subject: How should I detect if I've got a reader/smartcard combo? In-Reply-To: <4D352526.5070008@grant-olson.net> References: <4D352526.5070008@grant-olson.net> Message-ID: <4D362A12.2050706@fsij.org> Hi, 2011-01-18 14:29, Grant Olson wrote: > I've got a working patch on my machine that lets me unplug my > reader/smartcard combo at will. But it still needs some cleanup on a > few things before I can send it to the list. There's one thing in > particular I'd appreciate some advice on. I think that I have something similar problem. I am using a USB Token which I develop for myself. My current solution was posted here: http://lists.gnupg.org/pipermail/gnupg-devel/2010-November/025828.html This is a patch to keep scdaemon running well. These days, I rather think another approach would be better. * scdaemon is going to exit when it detects reader unplugged * gpg-agent handles terminate of scdaemon * gpg-agent once again does "learn" when user accesses the card In fact, I do like the following in my experiments manually: (1) identify scdaemon and kill it (2) let gpg-agent to "learn" again to invoke scdaemon again $ gpg-connect-agent learn /bye -- From kgo at grant-olson.net Wed Jan 19 01:26:14 2011 From: kgo at grant-olson.net (Grant Olson) Date: Tue, 18 Jan 2011 19:26:14 -0500 Subject: How should I detect if I've got a reader/smartcard combo? In-Reply-To: <4D362A12.2050706@fsij.org> References: <4D352526.5070008@grant-olson.net> <4D362A12.2050706@fsij.org> Message-ID: <4D362FA6.6030508@grant-olson.net> On 1/18/11 7:02 PM, NIIBE Yutaka wrote: > > I think that I have something similar problem. I am using a USB Token > which I develop for myself. > > My current solution was posted here: > http://lists.gnupg.org/pipermail/gnupg-devel/2010-November/025828.html > > This is a patch to keep scdaemon running well. > I did try your patch. It didn't apply cleanly to the head of STABLE-BRANCH-2.0 because of some changes. It was easy enough to figure out how to manually merge, but it didn't seem to work for me at all with some manual tests. > These days, I rather think another approach would be better. > > * scdaemon is going to exit when it detects reader unplugged > > * gpg-agent handles terminate of scdaemon > > * gpg-agent once again does "learn" when user accesses the card > My fix does two things so far: 1) Closes the reader when the card is removed. This works fine for a combo device, but I don't think we want to do this all the time. 2) Keeps the reader slots marked as invalid if we can't initialize any device. Currently, if you run an operation without a card plugged in, CCID intitialization fails. Then PC/SC initialization fails, but it still leaves a slot open with a bad configuration. Because of this, scdaemon no longer even tries to connect to CCID, and just complains it can't find a card via the PC/SC driver. There are two problems I still need to deal with. 1) Like I said, what do I do for a normal reader/card combo? I don't think we want to kill that when the card is removed. 2) Now that the slots are invalid after you yank out the card, scdaemon polls for the hardware in an infinite loop. It seems to me scdaemon should try once and no more. If it can't find hardware, it should wait until gpg-agent requests another operation before trying to re-detect the reader. If I get issue two taken care of, I'll post a patch so you can see how it works with Gnuk. -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war." From kgo at grant-olson.net Wed Jan 19 04:42:38 2011 From: kgo at grant-olson.net (Grant Olson) Date: Tue, 18 Jan 2011 22:42:38 -0500 Subject: libgcrypt 1.4.6 mpi on amd build fails? In-Reply-To: <201101181529.24436.bernhard@intevation.de> References: <201101181529.24436.bernhard@intevation.de> Message-ID: <4D365DAE.7080101@grant-olson.net> On 1/18/11 9:29 AM, Bernhard Reiter wrote: > config.status: linking mpi/amd64/mpih-add1.S to mpi/mpih-add1-asm.S > [..] > Libgcrypt v1.4.6 has been configured as follows: > Platform: GNU/Linux (x86_64-unknown-linux-gnu) > > > bin/sh ../libtool --mode=compile > gcc -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -Wa,--noexecstack -g -O2 -MT > mpih-add1-asm.lo -MD -MP -MF .deps/mpih-add1-asm.Tpo -c -o mpih-add1-asm.lo > mpih-add1-asm.S > gcc -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -Wa,--noexecstack -g -O2 -MT > mpih-add1-asm.lo -MD -MP -MF .deps/mpih-add1-asm.Tpo -c > mpih-add1-asm.S -fPIC -DPIC -o .libs/mpih-add1-asm.o > mpih-add1-asm.S: Assembler messages: > mpih-add1-asm.S:46: Error: bad register name `%rsi,%rcx,8)' > mpih-add1-asm.S:47: Error: bad register name `%rdi,%rcx,8)' > mpih-add1-asm.S:48: Error: bad register name `%rdx,%rcx,8)' > mpih-add1-asm.S:49: Error: bad register name `%rcx' > mpih-add1-asm.S:53: Error: bad register name `%rsi,%rcx,8)' > mpih-add1-asm.S:54: Error: bad register name `%rdx,%rcx,8)' > mpih-add1-asm.S:55: Error: bad register name `%r10' > mpih-add1-asm.S:56: Error: bad register name `%rax' > mpih-add1-asm.S:57: Error: bad register name `%rcx' > mpih-add1-asm.S:60: Error: bad register name `%rcx' > mpih-add1-asm.S:61: Error: bad register name `%rax' > make[2]: *** [mpih-add1-asm.lo] Fehler 1 > > This is on Debian Lenny 32 userland, running the 2.6.26-2-amd64 (Debian > 2.6.26-26lenny1) kernel. > I had a similar problem compiling on mac. running ./configure with the --disable-asm flag fixed it for me. I'm not sure if that'll help you out, but it's worth a try. -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war." From gniibe at fsij.org Wed Jan 19 07:53:56 2011 From: gniibe at fsij.org (NIIBE Yutaka) Date: Wed, 19 Jan 2011 15:53:56 +0900 Subject: pcsc pinpad support (part 5) In-Reply-To: <4D33E69F.5050202@fsij.org> References: <4D2E5E41.4030602@fsij.org> <4D2E86BB.3020602@fsij.org> <4D2EA201.3090200@fsij.org> <4D2FAD0F.9070500@fsij.org> <4D33E69F.5050202@fsij.org> Message-ID: <4D368A84.4070208@fsij.org> Here is the part 5, fixing a bug introduced in part 4. I test part 1 to part 5 with Gnuk version 0.8, which is about to be released. Please test and report the result. Note that PIN modification is only supported for OpenPGP card verion 2. --- scd/app-openpgp.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 48af0ca..18c56f2 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -1903,7 +1903,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, int chvno = atoi (chvnostr); char *resetcode = NULL; char *oldpinvalue = NULL; - char *pinvalue; + char *pinvalue = NULL; int reset_mode = !!(flags & APP_CHANGE_FLAG_RESET); int set_resetcode = 0; iso7816_pininfo_t pininfo; -- 1.7.2.3 From gniibe at fsij.org Wed Jan 19 07:59:34 2011 From: gniibe at fsij.org (NIIBE Yutaka) Date: Wed, 19 Jan 2011 15:59:34 +0900 Subject: Gnuk version 0.8 Message-ID: <4D368BD6.2050408@fsij.org> Gnuk version 0.8 is out. Gnuk is a software for USB Token which follows OpenPGP card protocol version 2. It runs on STM32 processor. Highlight is: * Experimental PIN-pad modification support is added. PIN input using rotally encoder and push switch is tested with STBee Mini. By this hardware, PIN-pad modification is supported. You can download it from: http://www.gniibe.org/oitoite/gnuk/ Please visit at http://www.fsij.org/gnuk/ for Gnuk news. -- From wk at gnupg.org Wed Jan 19 09:12:34 2011 From: wk at gnupg.org (Werner Koch) Date: Wed, 19 Jan 2011 09:12:34 +0100 Subject: libgcrypt 1.4.6 mpi on amd build fails? In-Reply-To: <201101181529.24436.bernhard@intevation.de> (Bernhard Reiter's message of "Tue, 18 Jan 2011 15:29:20 +0100") References: <201101181529.24436.bernhard@intevation.de> Message-ID: <8739ops45p.fsf@vigenere.g10code.de> On Tue, 18 Jan 2011 15:29, bernhard at intevation.de said: > This is on Debian Lenny 32 userland, running the 2.6.26-2-amd64 (Debian You are cross-compiling from ia32 to amd64. You need to use a correct cross-build setup which you obviously don't have. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From bernhard at intevation.de Wed Jan 19 09:34:23 2011 From: bernhard at intevation.de (Bernhard Reiter) Date: Wed, 19 Jan 2011 09:34:23 +0100 Subject: libgcrypt 1.4.6 mpi on amd build fails? In-Reply-To: <8739ops45p.fsf@vigenere.g10code.de> References: <201101181529.24436.bernhard@intevation.de> <8739ops45p.fsf@vigenere.g10code.de> Message-ID: <201101190934.26057.bernhard@intevation.de> Am Mittwoch, 19. Januar 2011 09:12:34 schrieb Werner Koch: > On Tue, 18 Jan 2011 15:29, bernhard at intevation.de said: > > This is on Debian Lenny 32 userland, running the 2.6.26-2-amd64 (Debian > > You are cross-compiling from ia32 to amd64. I don't mean to, I am just running a 64 kernel, but full user land, so I want to build for ia32 which any other build I've tried did. > You need to use a correct > cross-build setup which you obviously don't have. If libgcrypt's mpi configure has detected a cross-build setup, looks like a defect to me. Grant, thanks for the hint below: Am Mittwoch, 19. Januar 2011 04:42:38 schrieb Grant Olson: > I had a similar problem compiling on mac. running ./configure with the > --disable-asm flag fixed it for me. I'm not sure if that'll help you > out, but it's worth a try. Yes, this is what I did afterwards and it worked. Switching off the assembler optimisations. -- Managing Director - Owner: www.intevation.net (Free Software Company) Deputy Coordinator Germany: fsfe.org. Board member: www.kolabsys.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3696 bytes Desc: not available URL: From wk at gnupg.org Wed Jan 19 11:37:35 2011 From: wk at gnupg.org (Werner Koch) Date: Wed, 19 Jan 2011 11:37:35 +0100 Subject: libgcrypt 1.4.6 mpi on amd build fails? In-Reply-To: <201101190934.26057.bernhard@intevation.de> (Bernhard Reiter's message of "Wed, 19 Jan 2011 09:34:23 +0100") References: <201101181529.24436.bernhard@intevation.de> <8739ops45p.fsf@vigenere.g10code.de> <201101190934.26057.bernhard@intevation.de> Message-ID: <87pqrtqivk.fsf@vigenere.g10code.de> On Wed, 19 Jan 2011 09:34, bernhard at intevation.de said: > If libgcrypt's mpi configure has detected a cross-build setup, > looks like a defect to me. Configure is never able to detect a cross build environment. The kernel (i.e. uname) claims that you are running an amd64 system but the user land does not match the corresponding tools are not installed. ./config.guess show you the build system autoconf guessed. You may override this by using something like ./configure --build=i686-pc-linux-gnu Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From simon at josefsson.org Wed Jan 19 19:52:23 2011 From: simon at josefsson.org (Simon Josefsson) Date: Wed, 19 Jan 2011 19:52:23 +0100 Subject: libgcrypt 1.4.6 mpi on amd build fails? In-Reply-To: <8739ops45p.fsf@vigenere.g10code.de> (Werner Koch's message of "Wed, 19 Jan 2011 09:12:34 +0100") References: <201101181529.24436.bernhard@intevation.de> <8739ops45p.fsf@vigenere.g10code.de> Message-ID: <87wrm0afq0.fsf@latte.josefsson.org> Werner Koch writes: > On Tue, 18 Jan 2011 15:29, bernhard at intevation.de said: > >> This is on Debian Lenny 32 userland, running the 2.6.26-2-amd64 (Debian > > You are cross-compiling from ia32 to amd64. You need to use a correct > cross-build setup which you obviously don't have. Why is the asm stuff enabled in this situation? Instead, how about whitelisting the few combinations that are known to work (i.e., non-cross compiles on modern and tested systems) and let people building for other environments be required to specify --enable-asm to get the assembler code? /Simon From wk at gnupg.org Wed Jan 19 21:08:06 2011 From: wk at gnupg.org (Werner Koch) Date: Wed, 19 Jan 2011 21:08:06 +0100 Subject: libgcrypt 1.4.6 mpi on amd build fails? In-Reply-To: <87wrm0afq0.fsf@latte.josefsson.org> (Simon Josefsson's message of "Wed, 19 Jan 2011 19:52:23 +0100") References: <201101181529.24436.bernhard@intevation.de> <8739ops45p.fsf@vigenere.g10code.de> <87wrm0afq0.fsf@latte.josefsson.org> Message-ID: <87oc7cpsgp.fsf@vigenere.g10code.de> On Wed, 19 Jan 2011 19:52, simon at josefsson.org said: > Why is the asm stuff enabled in this situation? Instead, how about > whitelisting the few combinations that are known to work (i.e., > non-cross compiles on modern and tested systems) and let people building We do exactly this (mpi/config.links). However if config.guess guesses the wrong system we can't do much about it. We want to fix either config.guess to detect the system properly or the autoconf cross compiler test. This kk1 version is a Debian build of libgcrypt and they usually replace config.sub with modern versions, but I am not sure about this specific one. In any case, a system with a 64 bit kernel and a 32 bit user land is non-standard (although common it seems). Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From kgo at grant-olson.net Thu Jan 20 05:51:26 2011 From: kgo at grant-olson.net (Grant Olson) Date: Wed, 19 Jan 2011 23:51:26 -0500 Subject: Patch for scdaemon and reader/smartcard combo devices Message-ID: <4D37BF4E.4070208@grant-olson.net> Hey all, Here's a patch that lets you unplug and replug a reader/smartcard combo device without having to restart scdaemon. I've tested on a cryptostick, on both Ubuntu 10.4 and OSX Snow Leopard, making sure to test the following actions: - attempting to sign/encrypt without a card. - signing/encrypting once, removing and reinserting the card, signing/encrypting again. - signing/encrypting once, removing the card, attempting to sign/encrypt, inserting the card, and successfully signing and encrypting. I'll also continue to use a build with this patch daily to see if anything falls out. If NIIBE or anyone else using a card/reader combo could test this with their hardware, I'd appreciate it greatly. I think it should also work with any USB reader, even if you're using a seperate smart-card. Werner, if the patch looks good to you, just let me know what copyright assignment paperwork I need to fill out, where I need to do it, and I'll get that done ASAP. - Grant From 0426c33c2c23f709b6659bc6b9f72b77a969570f Mon Sep 17 00:00:00 2001 From: Grant Olson Date: Wed, 19 Jan 2011 20:05:23 -0500 Subject: [PATCH 2/2] Fix so smartcard reader/card combos don't break scdaemon when un/re-plugged. - Make sure slot table entries get invalidated if all readers fail or else we get stuck with a bad PC/SC entry. - Treat no reader error same as no card error -- not fatal. - Close the apdu reader slot if we detect the reader has been unplugged --- scd/apdu.c | 5 +++-- scd/command.c | 10 ++++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/scd/apdu.c b/scd/apdu.c index 0fe044c..1bdc673 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -769,6 +769,7 @@ pcsc_error_to_sw (long ec) case PCSC_E_SHARING_VIOLATION: rc = SW_HOST_LOCKING_FAILED; break; case PCSC_E_NO_SMARTCARD: rc = SW_HOST_NO_CARD; break; case PCSC_W_REMOVED_CARD: rc = SW_HOST_NO_CARD; break; + case PCSC_E_UNKNOWN_READER: rc = SW_HOST_NO_READER; break; case PCSC_E_INVALID_TARGET: case PCSC_E_INVALID_VALUE: @@ -1412,10 +1413,10 @@ reset_pcsc_reader_wrapped (int slot) { log_error ("PC/SC RESET failed: %s (0x%lx)\n", pcsc_error_string (err), err); - /* If the error code is no smart card, we should not considere + /* If the error code is no smart card or no reader, we should not consider this a major error and close the wrapper. */ sw = pcsc_error_to_sw (err); - if (err == PCSC_E_NO_SMARTCARD) + if (err == PCSC_E_NO_SMARTCARD || err == PCSC_E_UNKNOWN_READER) return sw; goto command_failed; } diff --git a/scd/command.c b/scd/command.c index e2cd1f5..d31d7af 100644 --- a/scd/command.c +++ b/scd/command.c @@ -401,6 +401,14 @@ get_reader_slot (void) { int no_service_flag; ss->slot = apdu_open_reader (opt.reader_port, &no_service_flag); + + /* If we still don't have a slot, we have no readers. + Invalidate for now until a reader is attached. */ + if(ss->slot == -1) + { + ss->valid = 0; + } + if (no_service_flag) { log_info ("no card services - disabling scdaemon\n"); @@ -2192,6 +2200,8 @@ update_reader_status_file (int set_card_removed_flag) if (sw_apdu == SW_HOST_NO_READER) { /* Most likely the _reader_ has been unplugged. */ + apdu_close_reader(ss->slot); + ss->valid = 0; status = 0; changed = ss->changed; } -- 1.7.0.4 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 565 bytes Desc: OpenPGP digital signature URL: From gniibe at fsij.org Fri Jan 21 01:52:57 2011 From: gniibe at fsij.org (NIIBE Yutaka) Date: Fri, 21 Jan 2011 09:52:57 +0900 Subject: Patch for scdaemon and reader/smartcard combo devices In-Reply-To: <4D37BF4E.4070208@grant-olson.net> References: <4D37BF4E.4070208@grant-olson.net> Message-ID: <4D38D8E9.9020808@fsij.org> The patch for scd/command.c couldn't be applied for me. What branch are you working? I have tried your patch to STABLE-BRANCH-2-0 and master, but it failed for both cases. 2011-01-20 13:51, Grant Olson wrote: > diff --git a/scd/command.c b/scd/command.c > index e2cd1f5..d31d7af 100644 > --- a/scd/command.c > +++ b/scd/command.c > @@ -401,6 +401,14 @@ get_reader_slot (void) > { > int no_service_flag; > ss->slot = apdu_open_reader (opt.reader_port, &no_service_flag); > + > + /* If we still don't have a slot, we have no readers. > + Invalidate for now until a reader is attached. */ > + if(ss->slot == -1) > + { > + ss->valid = 0; > + } > + > if (no_service_flag) > { > log_info ("no card services - disabling scdaemon\n"); > @@ -2192,6 +2200,8 @@ update_reader_status_file (int set_card_removed_flag) > if (sw_apdu == SW_HOST_NO_READER) > { > /* Most likely the _reader_ has been unplugged. */ > + apdu_close_reader(ss->slot); > + ss->valid = 0; > status = 0; > changed = ss->changed; > } -- From gniibe at fsij.org Fri Jan 21 02:03:15 2011 From: gniibe at fsij.org (NIIBE Yutaka) Date: Fri, 21 Jan 2011 10:03:15 +0900 Subject: master: NEED_LIBGCRYPT_VERSION=1.4.6 Message-ID: <4D38DB53.1080400@fsij.org> I think that GCRY_CIPHER_MODE_AESWRAP is new thing in libgcyrpt 1.4.6. The master branch requires 1.4.6 and more. -- From kgo at grant-olson.net Fri Jan 21 02:09:35 2011 From: kgo at grant-olson.net (Grant Olson) Date: Thu, 20 Jan 2011 20:09:35 -0500 Subject: Patch for scdaemon and reader/smartcard combo devices In-Reply-To: <4D38D8E9.9020808@fsij.org> References: <4D37BF4E.4070208@grant-olson.net> <4D38D8E9.9020808@fsij.org> Message-ID: <4D38DCCF.4000009@grant-olson.net> On 01/20/2011 07:52 PM, NIIBE Yutaka wrote: > The patch for scd/command.c couldn't be applied for me. > > What branch are you working? I have tried your patch to > STABLE-BRANCH-2-0 and master, but it failed for both cases. > First, thanks for testing this for me. It's greatly appreciated. I was working off of STABLE-BRANCH-2-0. I did just try to re-apply the patch, and it worked for me. I'm going to try to attach the patch file to this email, but I imagine the list server might strip the attachment, so I'm CC'ing you directly as well. Here's the transcript where I just re-applied the patch to STABLE-BRANCH-2-0: grant at johnsmallberries:~/src/gnupg$ ls 0* 0001-.gitignore.patch 0002-Fix-so-smartcard-reader-card-combos-don-t-break-scda.patch grant at johnsmallberries:~/src/gnupg$ git status # On branch scdaemon # Untracked files: # (use "git add ..." to include in what will be committed) # # 0001-.gitignore.patch # 0002-Fix-so-smartcard-reader-card-combos-don-t-break-scda.patch # agent/#call-scd.c# # agent/.#call-scd.c # bar.txt # bar.txt.gpg nothing added to commit but untracked files present (use "git add" to track) grant at johnsmallberries:~/src/gnupg$ git checkout STABLE-BRANCH-2-0 Switched to branch 'STABLE-BRANCH-2-0' grant at johnsmallberries:~/src/gnupg$ git log -n1 commit 846d5744078bef2d781c0847cd5686f8c5016b40 Author: Werner Koch Date: Thu Jan 13 17:04:47 2011 +0100 Post release updates grant at johnsmallberries:~/src/gnupg$ git checkout test-patch error: pathspec 'test-patch' did not match any file(s) known to git. grant at johnsmallberries:~/src/gnupg$ git checkout -b test-patch Switched to a new branch 'test-patch' grant at johnsmallberries:~/src/gnupg$ git log -n1 commit 846d5744078bef2d781c0847cd5686f8c5016b40 Author: Werner Koch Date: Thu Jan 13 17:04:47 2011 +0100 Post release updates grant at johnsmallberries:~/src/gnupg$ git apply 0002-Fix-so-smartcard-reader-card-combos-don-t-break-scda.patch 0002-Fix-so-smartcard-reader-card-combos-don-t-break-scda.patch:57: trailing whitespace. warning: 1 line adds whitespace errors. grant at johnsmallberries:~/src/gnupg$ ^C grant at johnsmallberries:~/src/gnupg$ ^C grant at johnsmallberries:~/src/gnupg$ git diff diff --git a/scd/apdu.c b/scd/apdu.c index 0fe044c..1bdc673 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -769,6 +769,7 @@ pcsc_error_to_sw (long ec) case PCSC_E_SHARING_VIOLATION: rc = SW_HOST_LOCKING_FAILED; break; case PCSC_E_NO_SMARTCARD: rc = SW_HOST_NO_CARD; break; case PCSC_W_REMOVED_CARD: rc = SW_HOST_NO_CARD; break; + case PCSC_E_UNKNOWN_READER: rc = SW_HOST_NO_READER; break; case PCSC_E_INVALID_TARGET: case PCSC_E_INVALID_VALUE: @@ -1412,10 +1413,10 @@ reset_pcsc_reader_wrapped (int slot) { log_error ("PC/SC RESET failed: %s (0x%lx)\n", pcsc_error_string (err), err); - /* If the error code is no smart card, we should not considere + /* If the error code is no smart card or no reader, we should not conside this a major error and close the wrapper. */ sw = pcsc_error_to_sw (err); - if (err == PCSC_E_NO_SMARTCARD) + if (err == PCSC_E_NO_SMARTCARD || err == PCSC_E_UNKNOWN_READER) return sw; goto command_failed; } diff --git a/scd/command.c b/scd/command.c index e2cd1f5..d31d7af 100644 --- a/scd/command.c +++ b/scd/command.c @@ -401,6 +401,14 @@ get_reader_slot (void) { int no_service_flag; ss->slot = apdu_open_reader (opt.reader_port, &no_service_flag); + + /* If we still don't have a slot, we have no readers. + Invalidate for now until a reader is attached. */ + if(ss->slot == -1) + { + ss->valid = 0; + } + if (no_service_flag) { log_info ("no card services - disabling scdaemon\n"); @@ -2192,6 +2200,8 @@ update_reader_status_file (int set_card_removed_flag) if (sw_apdu == SW_HOST_NO_READER) { /* Most likely the _reader_ has been unplugged. */ + apdu_close_reader(ss->slot); + ss->valid = 0; status = 0; changed = ss->changed; } grant at johnsmallberries:~/src/gnupg$ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0002-Fix-so-smartcard-reader-card-combos-don-t-break-scda.patch Type: text/x-patch Size: 2558 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 565 bytes Desc: OpenPGP digital signature URL: From gniibe at fsij.org Fri Jan 21 03:52:49 2011 From: gniibe at fsij.org (NIIBE Yutaka) Date: Fri, 21 Jan 2011 11:52:49 +0900 Subject: Patch for scdaemon and reader/smartcard combo devices In-Reply-To: <4D38DCCF.4000009@grant-olson.net> References: <4D37BF4E.4070208@grant-olson.net> <4D38D8E9.9020808@fsij.org> <4D38DCCF.4000009@grant-olson.net> Message-ID: <4D38F501.8010607@fsij.org> 2011-01-21 10:09, Grant Olson wrote: > I was working off of STABLE-BRANCH-2-0. I do it again with STABLE-BRANCH-2-0, and it is successfully applied. My environment is pcscd 1.5.5-3 and libccid 1.3.11-1 on Debian sid. Yes, I use a Gnuk token (version 0.8). I did: * attempting to sign without a card. * signing once, removing and reinserting the card, signing again. and it works fine. However, * signing once, removing the card, attempting to sign, inserting the card, and signing again doesn't work well. The log of scdaemon is: ---------------------------------- scdaemon[11554]: chan_7 <- RESTART scdaemon[11554]: chan_7 -> OK 2011-01-21 11:11:10 scdaemon[11554] updating slot 0 status: 0x0007->0x0000 (1->2) 2011-01-21 11:11:10 scdaemon[11554] sending signal 12 to client 2753 scdaemon[11554]: chan_7 <- SERIALNO openpgp 2011-01-21 11:11:14 scdaemon[11554] PC/SC RESET failed: invalid value (0x80100011) scdaemon[11554]: chan_7 -> ERR 100663404 Card error scdaemon[11554]: chan_7 <- RESTART scdaemon[11554]: chan_7 -> OK scdaemon[11554]: chan_7 <- SERIALNO openpgp scdaemon[11554]: chan_7 -> ERR 100663404 Card error scdaemon[11554]: chan_7 <- RESTART scdaemon[11554]: chan_7 -> OK ---------------------------------- So, I added: diff --git a/scd/apdu.c b/scd/apdu.c index 1bdc673..458bcdd 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -1416,7 +1416,8 @@ reset_pcsc_reader_wrapped (int slot) /* If the error code is no smart card or no reader, we should not consider this a major error and close the wrapper. */ sw = pcsc_error_to_sw (err); - if (err == PCSC_E_NO_SMARTCARD || err == PCSC_E_UNKNOWN_READER) + if (err == PCSC_E_NO_SMARTCARD || err == PCSC_E_UNKNOWN_READER + || err == PCSC_E_INVALID_VALUE) return sw; goto command_failed; } Then, * signing once, removing the card, attempting to sign, inserting the card, and signing again works fine too. -- From gniibe at fsij.org Fri Jan 21 04:56:34 2011 From: gniibe at fsij.org (NIIBE Yutaka) Date: Fri, 21 Jan 2011 12:56:34 +0900 Subject: Patch for scdaemon and reader/smartcard combo devices In-Reply-To: <4D38DCCF.4000009@grant-olson.net> References: <4D37BF4E.4070208@grant-olson.net> <4D38D8E9.9020808@fsij.org> <4D38DCCF.4000009@grant-olson.net> Message-ID: <4D3903F2.4020600@fsij.org> 2011-01-21 10:09, Grant Olson wrote: > @@ -1412,10 +1413,10 @@ reset_pcsc_reader_wrapped (int slot) > { > log_error ("PC/SC RESET failed: %s (0x%lx)\n", > pcsc_error_string (err), err); > - /* If the error code is no smart card, we should not considere > + /* If the error code is no smart card or no reader, we should not > conside > this a major error and close the wrapper. */ > sw = pcsc_error_to_sw (err); > - if (err == PCSC_E_NO_SMARTCARD) > + if (err == PCSC_E_NO_SMARTCARD || err == PCSC_E_UNKNOWN_READER) > return sw; > goto command_failed; > } It seems that I have found an issue for this change. Today, I need to test two Gnuk Tokens, and I tried your patched version of scdaemon. The tokens are: (A) STM8S Discovery Kit (B) CQ STARM When I insert (A) and use it, then remove it and insert (B). It doesn't work. Here is the log of scdaemon: -------------------- 2011-01-21 12:41:52 scdaemon[11689] PC/SC RESET failed: unknown reader (0x80100009) 2011-01-21 12:41:52 scdaemon[11689] DBG: send apdu: c=00 i=A4 p1=00 p2=0C lc=2 le=-1 em=0 2011-01-21 12:41:52 scdaemon[11689] PC/SC RESET failed: unknown reader (0x80100009) 2011-01-21 12:41:52 scdaemon[11689] apdu_send_simple(0) failed: no reader -------------------- Removing (B) and inserting (A) again, it works. But I have no way to use (B) any more without killing scdaemon, and leting gpg-agent learn for (B) to use (B). But this time, I have no way to use back to (A)... -- From kgo at grant-olson.net Fri Jan 21 04:59:30 2011 From: kgo at grant-olson.net (Grant Olson) Date: Thu, 20 Jan 2011 22:59:30 -0500 Subject: Patch for scdaemon and reader/smartcard combo devices In-Reply-To: <4D38F501.8010607@fsij.org> References: <4D37BF4E.4070208@grant-olson.net> <4D38D8E9.9020808@fsij.org> <4D38DCCF.4000009@grant-olson.net> <4D38F501.8010607@fsij.org> Message-ID: <4D3904A2.50100@grant-olson.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/20/2011 09:52 PM, NIIBE Yutaka wrote: > > * signing once, removing the card, attempting to sign, inserting the > card, and signing again > > doesn't work well. The log of scdaemon is: > > ... > > So, I added: > > diff --git a/scd/apdu.c b/scd/apdu.c > index 1bdc673..458bcdd 100644 > --- a/scd/apdu.c > +++ b/scd/apdu.c > @@ -1416,7 +1416,8 @@ reset_pcsc_reader_wrapped (int slot) > /* If the error code is no smart card or no reader, we should not consider > this a major error and close the wrapper. */ > sw = pcsc_error_to_sw (err); > - if (err == PCSC_E_NO_SMARTCARD || err == PCSC_E_UNKNOWN_READER) > + if (err == PCSC_E_NO_SMARTCARD || err == PCSC_E_UNKNOWN_READER > + || err == PCSC_E_INVALID_VALUE) > return sw; > goto command_failed; > } > > Then, > > * signing once, removing the card, attempting to sign, inserting the > card, and signing again > > works fine too. Thanks. I'm not having that problem, but I'll add that patch locally to make sure it doesn't break anything on my config. So far for me, Ubuntu has been working flawlessly. OSX is a little flaky. It works, but as long at the card isn't unplugged for more than 2-1/2 minutes. That's better than before. I think the original patch uncovered another problem, I don't think it introduced an error. But anyway I'll try to get that issue resolved here. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNOQSYAAoJEP5F5V2hilTWp6wH/0I27D/azOeahnDie2+4YE0A PIR0R3fMV9sEwH8ugr8JN4bjvdgdf9AvqSWQ6u3geud3MJXTLmpYxpUvkQXtDP3A vBKouUMrH9MpiI1JuffkEGQcO1mX3iOsQFQnXV7GSkSBs3JQKu8I+JepW38IXdBa vtvOBQ4x1pMk82/GyiUDpGLaXcHvoLA7/VdJfX7JsDR5TGzE9s+WqE9TkW8qdxJv 9HTTkUd5igDUFlRB7kzPDQQr9gaRut9EZyBfNFNDSWIYu1tksuP5hb8En1VbZ1Yg HuvwBz0vTtVKbwlfU+NGtVnmZ877+h3W/aEcvWCFeb0LUv/59yRekhEEr/AHGtU= =/WWG -----END PGP SIGNATURE----- From kgo at grant-olson.net Fri Jan 21 05:08:29 2011 From: kgo at grant-olson.net (Grant Olson) Date: Thu, 20 Jan 2011 23:08:29 -0500 Subject: Patch for scdaemon and reader/smartcard combo devices In-Reply-To: <4D3903F2.4020600@fsij.org> References: <4D37BF4E.4070208@grant-olson.net> <4D38D8E9.9020808@fsij.org> <4D38DCCF.4000009@grant-olson.net> <4D3903F2.4020600@fsij.org> Message-ID: <4D3906BD.9090702@grant-olson.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/20/2011 10:56 PM, NIIBE Yutaka wrote: > 2011-01-21 10:09, Grant Olson wrote: >> @@ -1412,10 +1413,10 @@ reset_pcsc_reader_wrapped (int slot) >> { >> log_error ("PC/SC RESET failed: %s (0x%lx)\n", >> pcsc_error_string (err), err); >> - /* If the error code is no smart card, we should not considere >> + /* If the error code is no smart card or no reader, we should not >> conside >> this a major error and close the wrapper. */ >> sw = pcsc_error_to_sw (err); >> - if (err == PCSC_E_NO_SMARTCARD) >> + if (err == PCSC_E_NO_SMARTCARD || err == PCSC_E_UNKNOWN_READER) >> return sw; >> goto command_failed; >> } > > It seems that I have found an issue for this change. > > Today, I need to test two Gnuk Tokens, and I tried your patched version > of scdaemon. The tokens are: > > (A) STM8S Discovery Kit > > (B) CQ STARM > > When I insert (A) and use it, then remove it and insert (B). > > It doesn't work. Here is the log of scdaemon: > -------------------- > 2011-01-21 12:41:52 scdaemon[11689] PC/SC RESET failed: unknown reader (0x80100009) > 2011-01-21 12:41:52 scdaemon[11689] DBG: send apdu: c=00 i=A4 p1=00 p2=0C lc=2 le=-1 em=0 > 2011-01-21 12:41:52 scdaemon[11689] PC/SC RESET failed: unknown reader (0x80100009) > 2011-01-21 12:41:52 scdaemon[11689] apdu_send_simple(0) failed: no reader > -------------------- > > Removing (B) and inserting (A) again, it works. > > But I have no way to use (B) any more without killing scdaemon, and leting gpg-agent > learn for (B) to use (B). But this time, I have no way to use back to (A)... I just want to confirm, did this work before? Some parts of the code seem to be able to handle multiple readers. Other parts seem to say we can really only use one reader. I just want to make sure this is a new error. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNOQa1AAoJEP5F5V2hilTWDeEIAIa8MEnRfP/13NEaSHQFZHt8 tR271kB7dE/PVq5kdUUNiZVe8/ZnOmlw+8GaF9M2yPSFDJRSCCbz+zJzPQKn0yFd zxM4wtjv1No7IImHoxuPvieM7JmvP50E14rVELpSGmkraQ0VZIjf4dqryIGow+qh m6c/obSLKKbiePlZ6pBFtgNaEmwDeeZZW/bjbdKGTIL0wPcA/zw9Euuz9fLTadbf fiRiVnRtH4MnDJgZtn3NNvlRXKCDgqcpsXxBCxoYhYLd6m6xfNOB76G1HRyGT97E tO7WWf8yc9Os2Roo7IiOqEYTmO8muT2TNRmiECnx0pE8bifrnzXx3VE4RuIrb5Q= =LEve -----END PGP SIGNATURE----- From gniibe at fsij.org Fri Jan 21 05:18:07 2011 From: gniibe at fsij.org (NIIBE Yutaka) Date: Fri, 21 Jan 2011 13:18:07 +0900 Subject: Patch for scdaemon and reader/smartcard combo devices In-Reply-To: <4D3906BD.9090702@grant-olson.net> References: <4D37BF4E.4070208@grant-olson.net> <4D38D8E9.9020808@fsij.org> <4D38DCCF.4000009@grant-olson.net> <4D3903F2.4020600@fsij.org> <4D3906BD.9090702@grant-olson.net> Message-ID: <4D3908FF.3040904@fsij.org> 2011-01-21 13:08, Grant Olson wrote: > I just want to confirm, did this work before? Some parts of the code > seem to be able to handle multiple readers. Other parts seem to say we > can really only use one reader. I just want to make sure this is a new > error. Yes, this is new error. Now, I confirmed that scdaemon (2.0.14 with my own patches) works fine with two different tokens interchangeably. -- From kgo at grant-olson.net Fri Jan 21 06:11:27 2011 From: kgo at grant-olson.net (Grant Olson) Date: Fri, 21 Jan 2011 00:11:27 -0500 Subject: Patch for scdaemon and reader/smartcard combo devices In-Reply-To: <4D3908FF.3040904@fsij.org> References: <4D37BF4E.4070208@grant-olson.net> <4D38D8E9.9020808@fsij.org> <4D38DCCF.4000009@grant-olson.net> <4D3903F2.4020600@fsij.org> <4D3906BD.9090702@grant-olson.net> <4D3908FF.3040904@fsij.org> Message-ID: <4D39157F.3020106@grant-olson.net> Meant to send this to the list... -------- Original Message -------- Subject: Re: Patch for scdaemon and reader/smartcard combo devices Date: Fri, 21 Jan 2011 00:09:05 -0500 From: Grant Olson To: NIIBE Yutaka On 1/20/11 11:18 PM, NIIBE Yutaka wrote: > 2011-01-21 13:08, Grant Olson wrote: >> I just want to confirm, did this work before? Some parts of the code >> seem to be able to handle multiple readers. Other parts seem to say we >> can really only use one reader. I just want to make sure this is a new >> error. > > Yes, this is new error. > > Now, I confirmed that scdaemon (2.0.14 with my own patches) works fine > with two different tokens interchangeably. Hey NIIBE, This is actually similar to the error I was getting on Mac OSX only. I removed the offending line, and incorporated the stuff from your original patch, and it actually seems to be working for me. At the moment, I don't have two cards/readers to test, but I should be getting some next week. If its not too much trouble, could you try this patch on top of my original one? I'm hoping it'll take care of both issues you encountered. I'll continue to run with the new code on OSX and Ubuntu over the weekend... diff --git a/scd/apdu.c b/scd/apdu.c index 1bdc673..ccb192b 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -1416,7 +1416,7 @@ reset_pcsc_reader_wrapped (int slot) /* If the error code is no smart card or no reader, we should not conside this a major error and close the wrapper. */ sw = pcsc_error_to_sw (err); - if (err == PCSC_E_NO_SMARTCARD || err == PCSC_E_UNKNOWN_READER) + if (err == PCSC_E_NO_SMARTCARD) return sw; goto command_failed; } diff --git a/scd/command.c b/scd/command.c index f1b0d49..95ed702 100644 --- a/scd/command.c +++ b/scd/command.c @@ -309,7 +309,7 @@ do_reset (ctrl_t ctrl, int send_reset) { if (apdu_reset (slot)) { - slot_table[slot].reset_failed = 1; + slot_table[slot].valid = 0; -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war." -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 570 bytes Desc: OpenPGP digital signature URL: From gniibe at fsij.org Fri Jan 21 06:58:49 2011 From: gniibe at fsij.org (NIIBE Yutaka) Date: Fri, 21 Jan 2011 14:58:49 +0900 Subject: Patch for scdaemon and reader/smartcard combo devices In-Reply-To: <4D39157F.3020106@grant-olson.net> References: <4D37BF4E.4070208@grant-olson.net> <4D38D8E9.9020808@fsij.org> <4D38DCCF.4000009@grant-olson.net> <4D3903F2.4020600@fsij.org> <4D3906BD.9090702@grant-olson.net> <4D3908FF.3040904@fsij.org> <4D39157F.3020106@grant-olson.net> Message-ID: <4D392099.2090903@fsij.org> 2011-01-21 14:11, Grant Olson wrote: > If its not too much trouble, could you try this patch on top of my > original one? I tested this patch over your previous one on STABLE-BRANCH-2-0. It works fine with two tokens interchangeably. -- From kgo at grant-olson.net Fri Jan 21 07:09:40 2011 From: kgo at grant-olson.net (Grant Olson) Date: Fri, 21 Jan 2011 01:09:40 -0500 Subject: Patch for scdaemon and reader/smartcard combo devices In-Reply-To: <4D392099.2090903@fsij.org> References: <4D37BF4E.4070208@grant-olson.net> <4D38D8E9.9020808@fsij.org> <4D38DCCF.4000009@grant-olson.net> <4D3903F2.4020600@fsij.org> <4D3906BD.9090702@grant-olson.net> <4D3908FF.3040904@fsij.org> <4D39157F.3020106@grant-olson.net> <4D392099.2090903@fsij.org> Message-ID: <4D392324.5060802@grant-olson.net> On 1/21/11 12:58 AM, NIIBE Yutaka wrote: > 2011-01-21 14:11, Grant Olson wrote: >> If its not too much trouble, could you try this patch on top of my >> original one? > > I tested this patch over your previous one on STABLE-BRANCH-2-0. > > It works fine with two tokens interchangeably. Awesome! Thanks for doing all this testing and for the original patch. The lastest code seems to work with any test scenario I can think of, so I think we're in good shape. -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war." -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 570 bytes Desc: OpenPGP digital signature URL: From kgo at grant-olson.net Fri Jan 21 07:51:23 2011 From: kgo at grant-olson.net (Grant Olson) Date: Fri, 21 Jan 2011 01:51:23 -0500 Subject: Completed patch for scdaemon and smartcard/reader combos In-Reply-To: <4D392324.5060802@grant-olson.net> References: <4D37BF4E.4070208@grant-olson.net> <4D38D8E9.9020808@fsij.org> <4D38DCCF.4000009@grant-olson.net> <4D3903F2.4020600@fsij.org> <4D3906BD.9090702@grant-olson.net> <4D3908FF.3040904@fsij.org> <4D39157F.3020106@grant-olson.net> <4D392099.2090903@fsij.org> <4D392324.5060802@grant-olson.net> Message-ID: <4D392CEB.9070901@grant-olson.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This is three-quarters NIIBE and one-quarter me, but I though it would be easier to have a single complete patch that applies to STABLE-BRANCH-2-0 than two patches floating around. - From 6c150e73c3bb03bc1cbf6021cba2af32a624b76c Mon Sep 17 00:00:00 2001 From: grant Date: Fri, 21 Jan 2011 00:36:02 -0500 Subject: [PATCH] Fix for scdaemon so you cand remove and reinsert card/reader combos without locking up the daemon. This is basically NIIBE Yatuka's patch here: http://lists.gnupg.org/pipermail/gnupg-devel/2010-November/025828.html Plus another check that closes down the reader explicitly if we get a SW_HOST_NO_READER error, so that an unplugged reader doesn't hold onto the first slot, preventing us from getting to the active plugged reader. - --- scd/command.c | 12 +++++++++++- 1 files changed, 11 insertions(+), 1 deletions(-) diff --git a/scd/command.c b/scd/command.c index e2cd1f5..ba0d997 100644 - --- a/scd/command.c +++ b/scd/command.c @@ -309,7 +309,7 @@ do_reset (ctrl_t ctrl, int send_reset) { if (apdu_reset (slot)) { - - slot_table[slot].reset_failed = 1; + slot_table[slot].valid = 0; } application_notify_card_reset (slot); } @@ -401,6 +401,14 @@ get_reader_slot (void) { int no_service_flag; ss->slot = apdu_open_reader (opt.reader_port, &no_service_flag); + + /* If we still don't have a slot, we have no readers. + Invalidate for now until a reader is attached. */ + if(ss->slot == -1) + { + ss->valid = 0; + } + if (no_service_flag) { log_info ("no card services - disabling scdaemon\n"); @@ -2192,6 +2200,8 @@ update_reader_status_file (int set_card_removed_flag) if (sw_apdu == SW_HOST_NO_READER) { /* Most likely the _reader_ has been unplugged. */ + apdu_close_reader(ss->slot); + ss->valid = 0; status = 0; changed = ss->changed; } - -- 1.7.1 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18-gitabceb05 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCgAGBQJNOSzhAAoJEP5F5V2hilTWfEAH/1zfgg4dpBjmqfwaTGRgwecC ZWD9WAu/V9PvFUaAES2HTax+Vnrh3HAf9Mwflpzp34+vTbctpkcW9CNb018fu81c y3hgUmmQdunJx+ZhZHTvMZE3Qxl6sX57cBMSnkVW/H+nleMYf3wwMG3JskeUNOmP 7QJjJZo+mRT1czEx0psY3EqAZpfKhYBhfBygb3S4Zidzwp32Xx1F8v0He5PwiS8H HmgnlW/K+0XL+rLuwGBPo7YjPWEtpcxWhBKPTylPqw5WKfhGnIZS7m03WevXfegN +KmK3zHqs/JpDP+U+8fuNhaNDlpqF0LzeuNh1wAUQvu93vCGUuH8XBrUHQj2y3w= =hB+O -----END PGP SIGNATURE----- From dkg at fifthhorseman.net Sat Jan 22 00:02:05 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 21 Jan 2011 18:02:05 -0500 Subject: default-sig-expire in libgpgme? Message-ID: <4D3A106D.1070105@fifthhorseman.net> hi gnupg folks-- i'd like to be able to set an expiration on data signatures made from libgpgme, but i don't see any way to set the equivalent of set-default-expire via the gpgme interface. is there a way to do it, or is this feature not exposed through gpgme? pointers welcome, including advice on how i could have searched for or answered this question myself from the existing documentation. regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Sat Jan 22 00:06:04 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 21 Jan 2011 18:06:04 -0500 Subject: default-sig-expire in libgpgme? In-Reply-To: <4D3A106D.1070105@fifthhorseman.net> References: <4D3A106D.1070105@fifthhorseman.net> Message-ID: <4D3A115C.5050809@fifthhorseman.net> On 01/21/2011 06:02 PM, Daniel Kahn Gillmor wrote: > i'd like to be able to set an expiration on data signatures made from > libgpgme, but i don't see any way to set the equivalent of > set-default-expire via the gpgme interface. gah. subject right, body wrong. i meant to ask about "default-sig-expire", not "set-default-expire", which is an option that does not exist anywhere. sorry for the confusion. any pointers? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Mon Jan 24 12:43:00 2011 From: wk at gnupg.org (Werner Koch) Date: Mon, 24 Jan 2011 12:43:00 +0100 Subject: ECC support has been merged Message-ID: <87d3nmo7cr.fsf@vigenere.g10code.de> Hi! Over the last months Andrey Jivsov worked on ECC support for GnuPG. This ECC support is based on an OpenPGP I-D by him which has been agreed upon in the OpenPGP WG quite some time ago. It is not finished or ready for use but it seems to work and interoperate with the PGP implementation of the Draft (Andrey, is that correct?). It took quite some time to get the legal papers signed. Due to this delay the GnuPG code base changed a lot and thus Andrey was more or less forced to adjust it to the new base. I went over the changes and merged them with the now latest GnuPG code base. If you want to test it, you need to checkout the ECC-INTEGRATION-2-1 branch from the GnuPG git. This should even with Libgcrypt 1.4.6 but it won't completely support ECC because we are missing ECDH support in Libgcrypt 1.4. Thus you also need to checkout ECC-INTEGRATION-1-5 from the Libgcrypt git. Over the next weeks I will go over the code to cleanup some minor things and soon after that a 2.1 beta will be released. Kudos to Andrey for his work. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Tue Jan 25 09:53:14 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 25 Jan 2011 09:53:14 +0100 Subject: default-sig-expire in libgpgme? In-Reply-To: <4D3A106D.1070105@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Fri, 21 Jan 2011 18:02:05 -0500") References: <4D3A106D.1070105@fifthhorseman.net> Message-ID: <87lj29mkjp.fsf@vigenere.g10code.de> On Sat, 22 Jan 2011 00:02, dkg at fifthhorseman.net said: > is there a way to do it, or is this feature not exposed through gpgme? As most of the exotic features it is not available via gpgme. You may use a different config file and home directory and select that one in gpgme. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Tue Jan 25 22:05:47 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 25 Jan 2011 22:05:47 +0100 Subject: Completed patch for scdaemon and smartcard/reader combos In-Reply-To: <4D392CEB.9070901@grant-olson.net> (Grant Olson's message of "Fri, 21 Jan 2011 01:51:23 -0500") References: <4D37BF4E.4070208@grant-olson.net> <4D38D8E9.9020808@fsij.org> <4D38DCCF.4000009@grant-olson.net> <4D3903F2.4020600@fsij.org> <4D3906BD.9090702@grant-olson.net> <4D3908FF.3040904@fsij.org> <4D39157F.3020106@grant-olson.net> <4D392099.2090903@fsij.org> <4D392324.5060802@grant-olson.net> <4D392CEB.9070901@grant-olson.net> Message-ID: <87y668lmms.fsf@vigenere.g10code.de> On Fri, 21 Jan 2011 07:51, kgo at grant-olson.net said: > This is three-quarters NIIBE and one-quarter me, but I though it would > be easier to have a single complete patch that applies to > STABLE-BRANCH-2-0 than two patches floating around. I applied this small patch to 2.0 and 2.1. Many thanks for fixing this problem. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From gniibe at fsij.org Thu Jan 27 02:43:43 2011 From: gniibe at fsij.org (NIIBE Yutaka) Date: Thu, 27 Jan 2011 10:43:43 +0900 Subject: scute in Debian? Message-ID: <4D40CDCF.60008@fsij.org> Hi, I am currently trying to use Gnuk Token for client authentication with SSL in Mozilla. Now, I am trying scute. I found that it is not in Debian yet, and I couldn't find WNPP or something. If there is no problem to package it for Debian, I am willing to do so. Any opinions? * * * This week, I tried OpenSC, and found that parts of OpenSC works fine with some modifications. But, it seems for me that OpenSC is not good for OpenPGP card, which main purpose is GnuPG. Setting up OpenSC for Mozilla, I encounter this issue of scdaemon: 2011-01-27 10:17:15 scdaemon[12659] PC/SC OPEN failed: sharing violation That is, scdaemon couldn't connect the token because Mozilla is connecting. Exiting Mozilla, scdaemon works again. If a person only used Mozilla, OpenSC would be OK for OpenPGP card... If I understand correctly, scute use gpg-agant+scdaemon, thus, we don't have this issue. -- From wk at gnupg.org Thu Jan 27 12:06:02 2011 From: wk at gnupg.org (Werner Koch) Date: Thu, 27 Jan 2011 12:06:02 +0100 Subject: scute in Debian? In-Reply-To: <4D40CDCF.60008@fsij.org> (NIIBE Yutaka's message of "Thu, 27 Jan 2011 10:43:43 +0900") References: <4D40CDCF.60008@fsij.org> Message-ID: <87r5byli79.fsf@gnupg.org> On Thu, 27 Jan 2011 02:43, gniibe at fsij.org said: > Now, I am trying scute. I found that it is not in Debian yet, and I > couldn't find WNPP or something. If there is no problem to package it > for Debian, I am willing to do so. Any opinions? We have not done any work on Scute for quite some time. The reason might simply be that Scute is not really known and thus no pressure to work on it ;-). What scute needs is support for encryption so that it will be able to work with Thunderbird. Having a Debian package would be helpful to get more users. > If I understand correctly, scute use gpg-agant+scdaemon, thus, we don't > have this issue. That is the idea behind Scute. We provide a pkcs#11 driver on top of gpg-agent and scdaemon and thus scdaemon can use exclusive excess and thus optimize smartcard operations. Note that scdaemon has an APDU command to directly work with a card. Another feature which Scute could implement is to use on-disk keys, for example a regular gpg key. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From cyril.soler at imag.fr Thu Jan 27 13:27:08 2011 From: cyril.soler at imag.fr (Cyril Soler) Date: Thu, 27 Jan 2011 13:27:08 +0100 Subject: gpgme export-minimal option Message-ID: <4D41649C.6020702@imag.fr> Dear gnupg devs, Some time ago, I asked the gpgme devel team if they could add an option into gpgme to enable to export GPG certs with the "export-minimal" option, to get shorted keys. I got answered that it was done, but I can't find it in the current released version 1.3.0 on the website. Could you confirm that this option is available, in which version , and how I can use it ? Exporting keys without signatures is indeed quit important to the project I'm working in (http://retroshare.sourceforge.net) since we're exchanging GPG certs between friends, and those tend to grow larger with time. Thanks a lot Cyril From kgo at grant-olson.net Fri Jan 28 03:08:58 2011 From: kgo at grant-olson.net (Grant Olson) Date: Thu, 27 Jan 2011 21:08:58 -0500 Subject: Are smartcard patches for 2.1 helpful at this point in time? Message-ID: <4D42253A.8050600@grant-olson.net> While I had a dev environment for gnupg set up, I thought I'd see if I could run 2.1 beta on my machines. It turns out there's still a lot of issues with smartcards. I think between the last announcement for the beta, and some comments in the code, these are known issues and not major surprises to anyone. Issues I've noticed so far: 1) gpg --card-status doesn't generate the new format stub keys, but running LEARN from gpg-connect-agent will. 2) Signing only works if you're using SHA1. ( I do have a patch for this.) 3) Decrypting files doesn't seem to work. It complains that I'm using the wrong key. I'm happy to invest some time working on these issues. I've also got a spare card, so I can test generating keys directly on the card, migrating existing keys, and things like that. But before I go too crazy I just wanted to make sure that (a) any patches would be useful, (b) the codebase is in good enough shape for them; there's no a major refactor on the way that'll invalidate them, and (c) I'm not working in parallel with any official developers. (Last time I spent two days working on a fix for an open source project, someone checked in basically the same code two hours before I generated the patch file...) -Grant -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 565 bytes Desc: OpenPGP digital signature URL: From tomp at idirect.com Sat Jan 29 09:15:37 2011 From: tomp at idirect.com (Tom Pegios) Date: Sat, 29 Jan 2011 03:15:37 -0500 Subject: Dirmngr still version 1.1.0 even after 2 updates Message-ID: <4D43CCA9.9030400@idirect.com> Dirmngr was been updated on 2010-12-14 and on 2010-11-16 but configure.ac for both revisions still shows: m4_define([my_version], [1.1.0]) m4_define([my_issvn], [no]) I believe both lines need to be updated. Will this repository be moved over to git ??? Regards Tom Pegios From wk at gnupg.org Sun Jan 30 11:55:00 2011 From: wk at gnupg.org (Werner Koch) Date: Sun, 30 Jan 2011 11:55:00 +0100 Subject: Are smartcard patches for 2.1 helpful at this point in time? In-Reply-To: <4D42253A.8050600@grant-olson.net> (Grant Olson's message of "Thu, 27 Jan 2011 21:08:58 -0500") References: <4D42253A.8050600@grant-olson.net> Message-ID: <87k4hmiruj.fsf@gnupg.org> On Fri, 28 Jan 2011 03:08, kgo at grant-olson.net said: > could run 2.1 beta on my machines. It turns out there's still a lot of > issues with smartcards. I think between the last announcement for the That's right. I fixed a couple of them in the last weeks but there are other things with higher priority. I don't think that you shuld do invest to much time into looking into these bugs. I have a lot of fixmes and #warning in the code which I just need to fix. Last week we officially finished the Kontact (KDE) for mobile phones (Kontact Touch) project and thus I should have more time to work on GnuPG proper. The plan is to finish the ECC integration within the next week and merge it into master. The we should do the smartcard stuff and release a beta2. > them; there's no a major refactor on the way that'll invalidate them, > and (c) I'm not working in parallel with any official developers. (Last Given that you are very interested in this stuff, I'll post more progress info about my work. (d) copyright assignments are filed. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Sun Jan 30 11:57:58 2011 From: wk at gnupg.org (Werner Koch) Date: Sun, 30 Jan 2011 11:57:58 +0100 Subject: Dirmngr still version 1.1.0 even after 2 updates In-Reply-To: <4D43CCA9.9030400@idirect.com> (Tom Pegios's message of "Sat, 29 Jan 2011 03:15:37 -0500") References: <4D43CCA9.9030400@idirect.com> Message-ID: <87fwsairpl.fsf@gnupg.org> On Sat, 29 Jan 2011 09:15, tomp at idirect.com said: > m4_define([my_issvn], [no]) Ah well, I should have set this to yes. Maybe I should do a new release. > Will this repository be moved over to git ??? No. Dirmngr has been merged with GnuPG. From 2.1.0-beta1: * Dirmngr is now a part of this package. Dirmngr is now also expected to run as a system service and the configuration directories are changed to the GnuPG name space. beta2 will have these chnanges as well: * Dirmngr has taken over the function of the keyserver helpers. Thus we now have a specified direct interface to keyservers via Dirmngr. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.