GNUPG-1-9-BRANCH gnupg (6 files)
cvs user wk
cvs at cvs.gnupg.org
Mon May 23 21:58:01 CEST 2005
Date: Monday, May 23, 2005 @ 22:18:13
Author: wk
Path: /cvs/gnupg/gnupg
Tag: GNUPG-1-9-BRANCH
Modified: doc/scdaemon.texi scd/ChangeLog scd/Makefile.am scd/app-common.h
scd/app-openpgp.c scd/command.c
* Makefile.am: Do not build sc-copykeys anymore.
* app-openpgp.c (app_openpgp_storekey, app_openpgp_readkey)
(app_openpgp_cardinfo): Removed.
-------------------+
doc/scdaemon.texi | 31 +++++++
scd/ChangeLog | 6 +
scd/Makefile.am | 37 ++++----
scd/app-common.h | 19 ----
scd/app-openpgp.c | 214 ----------------------------------------------------
scd/command.c | 20 ++++
6 files changed, 75 insertions(+), 252 deletions(-)
Index: gnupg/doc/scdaemon.texi
diff -u gnupg/doc/scdaemon.texi:1.1.2.14 gnupg/doc/scdaemon.texi:1.1.2.15
--- gnupg/doc/scdaemon.texi:1.1.2.14 Fri May 20 22:39:36 2005
+++ gnupg/doc/scdaemon.texi Mon May 23 22:18:13 2005
@@ -478,12 +478,39 @@
@node Scdaemon PASSWD
@subsection Change PINs.
-TO BE WRITTEN.
+ at example
+ PASSWD [--reset] @var{chvno}
+ at end example
+
+Change the PIN or reset the retry counter of the card holder
+verification vector number @var{chvno}.
@node Scdaemon CHECKPIN
@subsection Perform a VERIFY operation.
-TO BE WRITTEN.
+ at example
+ CHECKPIN @var{idstr}
+ at end example
+
+Perform a VERIFY operation without doing anything else. This may be
+used to initialize a the PIN cache earlier to long lasting
+operations. Its use is highly application dependent:
+
+ at table @strong
+ at item OpenPGP
+
+Perform a simple verify operation for CHV1 and CHV2, so that further
+operations won't ask for CHV2 and it is possible to do a cheap check on
+the PIN: If there is something wrong with the PIN entry system, only the
+regular CHV will get blocked and not the dangerous CHV3. @var{idstr} is
+the usual card's serial number in hex notation; an optional fingerprint
+part will get ignored.
+
+There is however a special mode if @var{idstr} is suffixed with the
+literal string @code{[CHV3]}: In this case the Admin PIN is checked if
+and only if the retry counter is still at 3.
+
+ at end table
Index: gnupg/scd/ChangeLog
diff -u gnupg/scd/ChangeLog:1.25.2.80 gnupg/scd/ChangeLog:1.25.2.81
--- gnupg/scd/ChangeLog:1.25.2.80 Mon May 23 16:17:22 2005
+++ gnupg/scd/ChangeLog Mon May 23 22:18:13 2005
@@ -1,5 +1,10 @@
2005-05-23 Werner Koch <wk at g10code.com>
+ * Makefile.am: Do not build sc-copykeys anymore.
+
+ * app-openpgp.c (app_openpgp_storekey, app_openpgp_readkey)
+ (app_openpgp_cardinfo): Removed.
+
* ccid-driver.c (parse_ccid_descriptor): SCR335 FW version 5.14 is
good.
(do_close_reader): Never do a reset. The caller should instead
@@ -11,6 +16,7 @@
Thanks to Ludovic Rousseau for this hint and the magic numbers.
(print_command_failed): New.
(bulk_in): Use it here. Add new arg NO_DEBUG.
+ (ccid_slot_status): Disabled debugging.
2005-05-21 Werner Koch <wk at g10code.com>
Index: gnupg/scd/Makefile.am
diff -u gnupg/scd/Makefile.am:1.15.2.13 gnupg/scd/Makefile.am:1.15.2.14
--- gnupg/scd/Makefile.am:1.15.2.13 Wed Apr 27 14:09:20 2005
+++ gnupg/scd/Makefile.am Mon May 23 22:18:13 2005
@@ -18,7 +18,7 @@
## Process this file with automake to produce Makefile.in
-bin_PROGRAMS = scdaemon sc-copykeys
+bin_PROGRAMS = scdaemon
if ! HAVE_W32_SYSTEM
pkglib_PROGRAMS = pcsc-wrapper
endif
@@ -47,22 +47,25 @@
$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(PTH_LIBS) $(LIBASSUAN_LIBS) \
$(LIBUSB_LIBS) -lgpg-error $(LIBINTL) $(DL_LIBS)
-sc_copykeys_SOURCES = \
- sc-copykeys.c scdaemon.h \
- apdu.c apdu.h \
- ccid-driver.c ccid-driver.h \
- iso7816.c iso7816.h \
- tlv.c tlv.h \
- atr.c atr.h \
- app.c app-common.h app-help.c $(card_apps)
-
-sc_copykeys_LDADD = \
- ../jnlib/libjnlib.a ../common/libcommon.a \
- ../common/libsimple-pwquery.a \
- $(LIBGCRYPT_LIBS) $(PTH_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) \
- $(LIBUSB_LIBS) \
- -lgpg-error @LIBINTL@ @DL_LIBS@
-
+# Removed for now: We need to decide whether it makes sense to
+# continue it at all, given that gpg has now all required
+# functionality.
+#sc_copykeys_SOURCES = \
+# sc-copykeys.c scdaemon.h \
+# apdu.c apdu.h \
+# ccid-driver.c ccid-driver.h \
+# iso7816.c iso7816.h \
+# tlv.c tlv.h \
+# atr.c atr.h \
+# app.c app-common.h app-help.c $(card_apps)
+#
+#sc_copykeys_LDADD = \
+# ../jnlib/libjnlib.a ../common/libcommon.a \
+# ../common/libsimple-pwquery.a \
+# $(LIBGCRYPT_LIBS) $(PTH_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) \
+# $(LIBUSB_LIBS) \
+# -lgpg-error @LIBINTL@ @DL_LIBS@
+#
pcsc_wrapper_SOURCES = pcsc-wrapper.c
pcsc_wrapper_LDADD = $(DL_LIBS)
pcsc_wrapper_CFLAGS =
Index: gnupg/scd/app-common.h
diff -u gnupg/scd/app-common.h:1.5.2.16 gnupg/scd/app-common.h:1.5.2.17
--- gnupg/scd/app-common.h:1.5.2.16 Fri May 20 22:39:36 2005
+++ gnupg/scd/app-common.h Mon May 23 22:18:13 2005
@@ -17,7 +17,7 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
- * $Id: app-common.h,v 1.5.2.16 2005/05/20 20:39:36 wk Exp $
+ * $Id: app-common.h,v 1.5.2.17 2005/05/23 20:18:13 wk Exp $
*/
#ifndef GNUPG_SCD_APP_COMMON_H
@@ -176,23 +176,6 @@
/*-- app-openpgp.c --*/
gpg_error_t app_select_openpgp (app_t app);
-gpg_error_t app_openpgp_cardinfo (app_t app,
- char **serialno,
- char **disp_name,
- char **pubkey_url,
- unsigned char **fpr1,
- unsigned char **fpr2,
- unsigned char **fpr3);
-gpg_error_t app_openpgp_storekey (app_t app, int keyno,
- unsigned char *template, size_t template_len,
- time_t created_at,
- const unsigned char *m, size_t mlen,
- const unsigned char *e, size_t elen,
- gpg_error_t (*pincb)(void*, const char *, char **),
- void *pincb_arg);
-gpg_error_t app_openpgp_readkey (app_t app, int keyno,
- unsigned char **m, size_t *mlen,
- unsigned char **e, size_t *elen);
/*-- app-nks.c --*/
gpg_error_t app_select_nks (app_t app);
Index: gnupg/scd/app-openpgp.c
diff -u gnupg/scd/app-openpgp.c:1.9.2.34 gnupg/scd/app-openpgp.c:1.9.2.35
--- gnupg/scd/app-openpgp.c:1.9.2.34 Sat May 21 20:49:00 2005
+++ gnupg/scd/app-openpgp.c Mon May 23 22:18:12 2005
@@ -17,7 +17,7 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
- * $Id: app-openpgp.c,v 1.9.2.34 2005/05/21 18:49:00 wk Exp $
+ * $Id: app-openpgp.c,v 1.9.2.35 2005/05/23 20:18:12 wk Exp $
*/
#include <config.h>
@@ -2521,215 +2521,3 @@
-/* This function is a hack to retrieve essential information about the
- card to be displayed by simple tools. It mostly resembles what the
- LEARN command returns. All parameters return allocated strings or
- buffers or NULL if the data object is not available. All returned
- values are sanitized. */
-gpg_error_t
-app_openpgp_cardinfo (app_t app,
- char **serialno,
- char **disp_name,
- char **pubkey_url,
- unsigned char **fpr1,
- unsigned char **fpr2,
- unsigned char **fpr3)
-{
- int rc;
- void *relptr;
- unsigned char *value;
- size_t valuelen;
-
- if (serialno)
- {
- time_t dummy;
-
- *serialno = NULL;
- rc = app_get_serial_and_stamp (app, serialno, &dummy);
- if (rc)
- {
- log_error (_("error getting serial number: %s\n"),
- gpg_strerror (rc));
- return rc;
- }
- }
-
- if (disp_name)
- {
- *disp_name = NULL;
- relptr = get_one_do (app, 0x005B, &value, &valuelen, NULL);
- if (relptr)
- {
- *disp_name = make_printable_string (value, valuelen, 0);
- xfree (relptr);
- }
- }
-
- if (pubkey_url)
- {
- *pubkey_url = NULL;
- relptr = get_one_do (app, 0x5F50, &value, &valuelen, NULL);
- if (relptr)
- {
- *pubkey_url = make_printable_string (value, valuelen, 0);
- xfree (relptr);
- }
- }
-
- if (fpr1)
- *fpr1 = NULL;
- if (fpr2)
- *fpr2 = NULL;
- if (fpr3)
- *fpr3 = NULL;
- relptr = get_one_do (app, 0x00C5, &value, &valuelen, NULL);
- if (relptr && valuelen >= 60)
- {
- if (fpr1)
- {
- *fpr1 = xmalloc (20);
- memcpy (*fpr1, value + 0, 20);
- }
- if (fpr2)
- {
- *fpr2 = xmalloc (20);
- memcpy (*fpr2, value + 20, 20);
- }
- if (fpr3)
- {
- *fpr3 = xmalloc (20);
- memcpy (*fpr3, value + 40, 20);
- }
- }
- xfree (relptr);
-
- return 0;
-}
-
-
-
-/* This function is currently only used by the sc-copykeys program to
- store a key on the smartcard. app_t ist the application handle,
- KEYNO is the number of the key and PINCB, PINCB_ARG are used to ask
- for the SO PIN. TEMPLATE and TEMPLATE_LEN describe a buffer with
- the key template to store. CREATED_AT is the timestamp used to
- create the fingerprint. M, MLEN is the RSA modulus and E, ELEN the
- RSA public exponent. This function silently overwrites an existing
- key.*/
-gpg_error_t
-app_openpgp_storekey (app_t app, int keyno,
- unsigned char *template, size_t template_len,
- time_t created_at,
- const unsigned char *m, size_t mlen,
- const unsigned char *e, size_t elen,
- gpg_error_t (*pincb)(void*, const char *, char **),
- void *pincb_arg)
-{
- int rc;
- unsigned char fprbuf[20];
-
- if (keyno < 1 || keyno > 3)
- return gpg_error (GPG_ERR_INV_ID);
- keyno--;
-
- rc = verify_chv3 (app, pincb, pincb_arg);
- if (rc)
- goto leave;
-
- flush_cache (app);
-
- xfree (app->app_local->pk[keyno].key);
- app->app_local->pk[keyno].key = NULL;
- app->app_local->pk[keyno].keylen = 0;
- app->app_local->pk[keyno].read_done = 0;
-
- rc = iso7816_put_data (app->slot,
- (app->card_version > 0x0007? 0xE0 : 0xE9) + keyno,
- template, template_len);
- if (rc)
- {
- log_error (_("failed to store the key: %s\n"), gpg_strerror (rc));
- rc = gpg_error (GPG_ERR_CARD);
- goto leave;
- }
-
-/* log_printhex ("RSA n:", m, mlen); */
-/* log_printhex ("RSA e:", e, elen); */
-
- rc = store_fpr (app->slot, keyno, (u32)created_at,
- m, mlen, e, elen, fprbuf, app->card_version);
-
- leave:
- return rc;
-}
-
-
-/* Utility function for external tools: Read the public RSA key at
- KEYNO and return modulus and exponent in (M,MLEN) and (E,ELEN). */
-gpg_error_t
-app_openpgp_readkey (app_t app, int keyno, unsigned char **m, size_t *mlen,
- unsigned char **e, size_t *elen)
-{
- int rc;
- const unsigned char *keydata, *a;
- unsigned char *buffer;
- size_t buflen, keydatalen, alen;
-
- *m = NULL;
- *e = NULL;
-
- if (keyno < 1 || keyno > 3)
- return gpg_error (GPG_ERR_INV_ID);
- keyno--;
-
- rc = iso7816_read_public_key(app->slot,
- keyno == 0? "\xB6" :
- keyno == 1? "\xB8" : "\xA4",
- 2,
- &buffer, &buflen);
- if (rc)
- {
- rc = gpg_error (GPG_ERR_CARD);
- log_error (_("reading the key failed\n"));
- goto leave;
- }
-
- keydata = find_tlv (buffer, buflen, 0x7F49, &keydatalen);
- if (!keydata)
- {
- log_error (_("response does not contain the public key data\n"));
- rc = gpg_error (GPG_ERR_CARD);
- goto leave;
- }
-
- a = find_tlv (keydata, keydatalen, 0x0081, &alen);
- if (!a)
- {
- log_error (_("response does not contain the RSA modulus\n"));
- rc = gpg_error (GPG_ERR_CARD);
- goto leave;
- }
- *mlen = alen;
- *m = xmalloc (alen);
- memcpy (*m, a, alen);
-
- a = find_tlv (keydata, keydatalen, 0x0082, &alen);
- if (!a)
- {
- log_error (_("response does not contain the RSA public exponent\n"));
- rc = gpg_error (GPG_ERR_CARD);
- goto leave;
- }
- *elen = alen;
- *e = xmalloc (alen);
- memcpy (*e, a, alen);
-
- leave:
- xfree (buffer);
- if (rc)
- {
- xfree (*m); *m = NULL;
- xfree (*e); *e = NULL;
- }
- return rc;
-}
Index: gnupg/scd/command.c
diff -u gnupg/scd/command.c:1.19.2.24 gnupg/scd/command.c:1.19.2.25
--- gnupg/scd/command.c:1.19.2.24 Fri May 20 22:39:35 2005
+++ gnupg/scd/command.c Mon May 23 22:18:12 2005
@@ -1095,7 +1095,7 @@
�
/* PASSWD [--reset] <chvno>
- Change the PIN or reset thye retry counter of the card holder
+ Change the PIN or reset the retry counter of the card holder
verfication vector CHVNO. */
static int
cmd_passwd (assuan_context_t ctx, char *line)
@@ -1142,7 +1142,23 @@
}
-/* CHECKPIN <hexified_id>
+/* CHECKPIN <idstr>
+
+ Perform a VERIFY operation without doing anything else. This may
+ be used to initialize a the PIN cache earlier to long lasting
+ operations. Its use is highly application dependent.
+
+ For OpenPGP:
+
+ Perform a simple verify operation for CHV1 and CHV2, so that
+ further operations won't ask for CHV2 and it is possible to do a
+ cheap check on the PIN: If there is something wrong with the PIN
+ entry system, only the regular CHV will get blocked and not the
+ dangerous CHV3. IDSTR is the usual card's serial number in hex
+ notation; an optional fingerprint part will get ignored. There
+ is however a special mode if the IDSTR is sffixed with the
+ literal string "[CHV3]": In this case the Admin PIN is checked
+ if and only if the retry counter is still at 3.
*/
static int
More information about the Gnupg-commits
mailing list