From cvs at cvs.gnupg.org Mon Feb 4 01:19:30 2013 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Mon, 04 Feb 2013 01:19:30 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.19-68-g42dd395 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 42dd3956cc59297585c161ff735d89387a34d147 (commit) from 3cfe527fa57167d0477c0f6250ca28e8f4dd1b0e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 42dd3956cc59297585c161ff735d89387a34d147 Author: NIIBE Yutaka Date: Mon Feb 4 09:07:22 2013 +0900 agent: kill pinentry by SIGINT, fixing a bug to be killed by SIGINT. * agent/call-pinentry.c (atfork_cb): Reset signal mask and signal handler for child process. (agent_popup_message_stop): Send SIGINT (was: SIGKILL). -- pinentry-curses should be killed by SIGINT, so that it can reset terminal settings, but it didn't work. diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index 2483019..c945c13 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -170,6 +170,16 @@ static void atfork_cb (void *opaque, int where) { ctrl_t ctrl = opaque; +#ifndef HAVE_W32_SYSTEM + struct sigaction sa; + + /* Pop up message should be able to be killed by SIGINT. */ + sigemptyset (&sa.sa_mask); + sa.sa_handler = SIG_DFL; + sa.sa_flags = 0; + sigaction (SIGINT, &sa, NULL); + sigprocmask (SIG_SETMASK, &sa.sa_mask, NULL); /* Unblock all signals. */ +#endif if (!where) { @@ -1159,8 +1169,7 @@ agent_popup_message_stop (ctrl_t ctrl) assuan_set_flag (entry_ctx, ASSUAN_NO_WAITPID, 1); } else if (pid > 0) - kill (pid, SIGKILL); /* Need to use SIGKILL due to bad - interaction of SIGINT with Pth. */ + kill (pid, SIGINT); #endif /* Now wait for the thread to terminate. */ ----------------------------------------------------------------------- Summary of changes: agent/call-pinentry.c | 13 +++++++++++-- 1 files changed, 11 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 4 02:31:16 2013 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Mon, 04 Feb 2013 02:31:16 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.19-69-ge8ea109 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via e8ea10990d9b860d9f2863928887811f86c304b6 (commit) from 42dd3956cc59297585c161ff735d89387a34d147 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e8ea10990d9b860d9f2863928887811f86c304b6 Author: NIIBE Yutaka Date: Fri Jan 11 11:18:39 2013 +0900 SCD: Hold lock for pinpad input. * scd/apdu.c (apdu_check_keypad, apdu_keypad_verify) (apdu_keypad_modify): Hold lock to serialize communication. diff --git a/scd/apdu.c b/scd/apdu.c index 962eb71..3c549a3 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -3324,9 +3324,18 @@ apdu_check_keypad (int slot, int command, int pin_mode, return SW_HOST_NO_DRIVER; if (reader_table[slot].check_keypad) - return reader_table[slot].check_keypad (slot, command, + { + int sw; + + if ((sw = lock_slot (slot))) + return sw; + + sw = reader_table[slot].check_keypad (slot, command, pin_mode, pinlen_min, pinlen_max, pin_padlen); + unlock_slot (slot); + return sw; + } else return SW_HOST_NOT_SUPPORTED; } @@ -3347,8 +3356,17 @@ apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, int pin_mode, return SW_HOST_NO_DRIVER; if (reader_table[slot].keypad_verify) - return reader_table[slot].keypad_verify (slot, class, ins, p0, p1, + { + int sw; + + if ((sw = lock_slot (slot))) + return sw; + + sw = reader_table[slot].keypad_verify (slot, class, ins, p0, p1, &pininfo); + unlock_slot (slot); + return sw; + } else return SW_HOST_NOT_SUPPORTED; } @@ -3369,8 +3387,17 @@ apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, int pin_mode, return SW_HOST_NO_DRIVER; if (reader_table[slot].keypad_modify) - return reader_table[slot].keypad_modify (slot, class, ins, p0, p1, + { + int sw; + + if ((sw = lock_slot (slot))) + return sw; + + sw = reader_table[slot].keypad_modify (slot, class, ins, p0, p1, &pininfo); + unlock_slot (slot); + return sw; + } else return SW_HOST_NOT_SUPPORTED; } ----------------------------------------------------------------------- Summary of changes: scd/apdu.c | 33 ++++++++++++++++++++++++++++++--- 1 files changed, 30 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 5 05:48:41 2013 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 05 Feb 2013 05:48:41 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-144-ge791ac6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e791ac6683bfb90d5e40c0103324784bd58535c9 (commit) via 0407e642f796fb2780a77b7a1a86731d0de27e5d (commit) via bd5eded73a1268afdf81482f8408e5f640abf9c4 (commit) via a9ff97a10f7ae5a703ed1bccba294473ecc88d5d (commit) via 334ba6efa5a05d8849fae213128a0505e7615e13 (commit) via d5bf83a24cf3871b7d8cfe61049f70e1e206d09a (commit) via 82e1e837c29225cd55642b193cc04ce6191d19bb (commit) via 3aae780f9debaeb3560ff866b7e09d0923481c57 (commit) via 40a914a2e3052847b49c4b5e8ac8538e97efd18a (commit) via b526f6e223604b7c1852ef2aab9fc1ea691b1181 (commit) via ca89277cb4cb9558da97a71a4cb070cb77c9b536 (commit) via d9f6cc7502793ed41928042cc2f968c8c7effc22 (commit) from 65eb98966a569a91c97d0c23ba5582a9a7558de0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e791ac6683bfb90d5e40c0103324784bd58535c9 Author: NIIBE Yutaka Date: Mon Jan 28 11:46:40 2013 +0900 SCD: Add vendor specific initalization. * scd/ccid-driver.c (ccid_vendor_specific_init): New. (ccid_open_reader): Call ccid_vendor_specific_init. diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index e9f39f4..6d6c3db 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -303,6 +303,9 @@ static int bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length, size_t *nread, int expected_type, int seqno, int timeout, int no_debug); static int abort_cmd (ccid_driver_t handle, int seqno); +static int send_escape_cmd (ccid_driver_t handle, const unsigned char *data, + size_t datalen, unsigned char *result, + size_t resultmax, size_t *resultlen); /* Convert a little endian stored 4 byte value into an unsigned integer. */ @@ -1525,6 +1528,29 @@ ccid_get_reader_list (void) } +/* Vendor specific custom initialization. */ +static int +ccid_vendor_specific_init (ccid_driver_t handle) +{ + if (handle->id_vendor == VENDOR_VEGA && handle->id_product == VEGA_ALPHA) + { + /* + * Vega alpha has a feature to show retry counter on the pinpad + * display. But it assumes that the card returns the value of + * retry counter by VERIFY with empty data (return code of + * 63Cx). Unfortunately, existing OpenPGP cards don't support + * VERIFY command with empty data. This vendor specific command + * sequence is to disable the feature. + */ + const unsigned char cmd[] = "\xb5\x01\x00\x03\x00"; + + return send_escape_cmd (handle, cmd, sizeof (cmd), NULL, 0, NULL); + } + + return 0; +} + + /* Open the reader with the internal number READERNO and return a pointer to be used as handle in HANDLE. Returns 0 on success. */ int @@ -1633,6 +1659,8 @@ ccid_open_reader (ccid_driver_t *handle, const char *readerid) } } + rc = ccid_vendor_specific_init (*handle); + leave: free (ifcdesc_extra); if (rc) commit 0407e642f796fb2780a77b7a1a86731d0de27e5d Author: NIIBE Yutaka Date: Sun Jan 13 12:12:10 2013 +0900 SCD: Support P=N format for login data. * scd/app-openpgp.c (parse_login_data): Support P=N format. diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 9c85c61..dc35295 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -602,9 +602,9 @@ count_bits (const unsigned char *a, size_t len) P= - Where KEYPAD_REQUEST is 0 or a pair of two integers: ,. - 0 means use keypad with variable length input. , means use - keypad with fixed length input. N for user PIN, M for admin PIN. + Where KEYPAD_REQUEST is in the format of: or ,. + N for user PIN, M for admin PIN. If M is missing it means M=N. + 0 means to force not to use keypad. */ static void @@ -660,24 +660,22 @@ parse_login_data (app_t app) if (buflen) { - if (*buffer == '0') - { - buffer++; - buflen--; - if (buflen && !(*buffer == '\n' || *buffer == '\x18')) - goto next; - /* Disable use of pinpad. */ - app->app_local->keypad.specified = 1; - } - else if (digitp (buffer)) + if (digitp (buffer)) { char *q; int n, m; n = strtol (buffer, &q, 10); - if (*q++ != ',' || !digitp (q)) - goto next; - m = strtol (q, &q, 10); + if (q >= (char *)buffer + buflen + || *q == '\x18' || *q == '\n') + m = n; + else + { + if (*q++ != ',' || !digitp (q)) + goto next; + m = strtol (q, &q, 10); + } + buffer = q; if (buflen < ((unsigned char *)q - buffer)) { @@ -1540,14 +1538,16 @@ static int check_keypad_request (app_t app, pininfo_t *pininfo, int admin_pin) { if (app->app_local->keypad.specified == 0) /* No preference on card. */ - if (pininfo->fixedlen == 0) /* Reader has varlen capability. */ - return 0; /* Then, use pinpad. */ - else - /* - * Reader has limited capability, and it may not match PIN of - * the card. - */ - return 1; + { + if (pininfo->fixedlen == 0) /* Reader has varlen capability. */ + return 0; /* Then, use pinpad. */ + else + /* + * Reader has limited capability, and it may not match PIN of + * the card. + */ + return 1; + } if (admin_pin) pininfo->fixedlen = app->app_local->keypad.fixedlen_admin; commit bd5eded73a1268afdf81482f8408e5f640abf9c4 Author: NIIBE Yutaka Date: Fri Jan 11 13:19:17 2013 +0900 SCD: Better interoperability. * scd/apdu.c: Fill bTeoPrologue[2] field. -- ccid-1.4.5 or older requires this field is filled by application. diff --git a/scd/apdu.c b/scd/apdu.c index f1f2d01..ef7c54f 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -2084,7 +2084,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, pin_verify[11] = 0x00; /* bMsgIndex */ pin_verify[12] = 0x00; /* bTeoPrologue[0] */ pin_verify[13] = 0x00; /* bTeoPrologue[1] */ - pin_verify[14] = 0x00; /* bTeoPrologue[2] */ + pin_verify[14] = pininfo->fixedlen + 0x05; /* bTeoPrologue[2] */ pin_verify[15] = pininfo->fixedlen + 0x05; /* ulDataLength */ pin_verify[16] = 0x00; /* ulDataLength */ pin_verify[17] = 0x00; /* ulDataLength */ @@ -2178,7 +2178,7 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, pin_modify[16] = 0x00; /* bMsgIndex3 */ pin_modify[17] = 0x00; /* bTeoPrologue[0] */ pin_modify[18] = 0x00; /* bTeoPrologue[1] */ - pin_modify[19] = 0x00; /* bTeoPrologue[2] */ + pin_modify[19] = 2 * pininfo->fixedlen + 0x05; /* bTeoPrologue[2] */ pin_modify[20] = 2 * pininfo->fixedlen + 0x05; /* ulDataLength */ pin_modify[21] = 0x00; /* ulDataLength */ pin_modify[22] = 0x00; /* ulDataLength */ commit a9ff97a10f7ae5a703ed1bccba294473ecc88d5d Author: NIIBE Yutaka Date: Fri Jan 11 10:41:38 2013 +0900 SCD: Defaults to use pinpad if the reader has the capability. * scd/app-openpgp.c (struct app_local_s): Remove VARLEN. (parse_login_data): "P=0" means to disable pinpad. (check_keypad_request): Default is to use pinpad if available. diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 1188770..9c85c61 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -195,7 +195,6 @@ struct app_local_s { struct { unsigned int specified:1; - unsigned int varlen:1; int fixedlen_user; int fixedlen_admin; } keypad; @@ -619,9 +618,8 @@ parse_login_data (app_t app) app->app_local->flags.no_sync = 0; app->app_local->flags.def_chv2 = 0; app->app_local->keypad.specified = 0; - app->app_local->keypad.varlen = 0; - app->app_local->keypad.fixedlen_user = 6; - app->app_local->keypad.fixedlen_admin = 8; + app->app_local->keypad.fixedlen_user = -1; + app->app_local->keypad.fixedlen_admin = -1; /* Read the DO. */ relptr = get_one_do (app, 0x005E, &buffer, &buflen, NULL); @@ -668,8 +666,8 @@ parse_login_data (app_t app) buflen--; if (buflen && !(*buffer == '\n' || *buffer == '\x18')) goto next; + /* Disable use of pinpad. */ app->app_local->keypad.specified = 1; - app->app_local->keypad.varlen = 1; } else if (digitp (buffer)) { @@ -1534,34 +1532,36 @@ do_readcert (app_t app, const char *certid, } -/* Decide if we use keypad of reader for PIN input according to the - user preference on the card. Returns 0 if we use keypad, 1 otherwise. */ +/* Decide if we use the keypad of the reader for PIN input according + to the user preference on the card, and the capability of the + reader. This routine is only called when the reader has keypad. + Returns 0 if we use keypad, 1 otherwise. */ static int check_keypad_request (app_t app, pininfo_t *pininfo, int admin_pin) { - /* User specifies no preference on card, then, use pinentry. */ - if (app->app_local->keypad.specified == 0) - return 1; - - if (app->app_local->keypad.varlen) - if (pininfo->fixedlen == 0) - return 0; + if (app->app_local->keypad.specified == 0) /* No preference on card. */ + if (pininfo->fixedlen == 0) /* Reader has varlen capability. */ + return 0; /* Then, use pinpad. */ else - /* On card, user specifies varlen but reader doesn't have the feature. */ + /* + * Reader has limited capability, and it may not match PIN of + * the card. + */ return 1; + + if (admin_pin) + pininfo->fixedlen = app->app_local->keypad.fixedlen_admin; else - { - if (admin_pin) - pininfo->fixedlen = app->app_local->keypad.fixedlen_admin; - else - pininfo->fixedlen = app->app_local->keypad.fixedlen_user; + pininfo->fixedlen = app->app_local->keypad.fixedlen_user; - if (pininfo->fixedlen < pininfo->minlen - || pininfo->fixedlen > pininfo->maxlen) - return 1; + if (pininfo->fixedlen < 0 /* User requests disable pinpad. */ + || pininfo->fixedlen < pininfo->minlen + || pininfo->fixedlen > pininfo->maxlen + /* Reader doesn't have the capability to input a PIN which + * length is FIXEDLEN. */) + return 1; - return 0; - } + return 0; } commit 334ba6efa5a05d8849fae213128a0505e7615e13 Author: NIIBE Yutaka Date: Thu Jan 10 15:58:43 2013 +0900 SCD: handle keypad request on the card. * scd/app-openpgp.c: Add 2013. (struct app_local_s): Add keypad structure. (parse_login_data): Add parsing keypad request on the card. (check_keypad_request): New. (verify_a_chv, verify_chv3, do_change_pin): Call check_keypad_request to determine use of keypad. diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index dcc3120..1188770 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -1,6 +1,6 @@ /* app-openpgp.c - The OpenPGP card application. * Copyright (C) 2003, 2004, 2005, 2007, 2008, - * 2009 Free Software Foundation, Inc. + * 2009, 2013 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -191,6 +191,15 @@ struct app_local_s { unsigned int def_chv2:1; /* Use 123456 for CHV2. */ } flags; + /* Keypad request specified on card. */ + struct + { + unsigned int specified:1; + unsigned int varlen:1; + int fixedlen_user; + int fixedlen_admin; + } keypad; + struct { unsigned int n_bits; /* Size of the modulus in bits. The rest @@ -581,17 +590,23 @@ count_bits (const unsigned char *a, size_t len) Everything up to a LF is considered a mailbox or account name. If the first LF is followed by DC4 (0x14) control sequence are expected up to the next LF. Control sequences are separated by FS - (0x18) and consist of key=value pairs. There is one key defined: + (0x18) and consist of key=value pairs. There are two keys defined: F= - Were FLAGS is a plain hexadecimal number representing flag values. + Where FLAGS is a plain hexadecimal number representing flag values. The lsb is here the rightmost bit. Defined flags bits are: Bit 0 = CHV1 and CHV2 are not syncronized Bit 1 = CHV2 has been been set to the default PIN of "123456" (this implies that bit 0 is also set). + P= + + Where KEYPAD_REQUEST is 0 or a pair of two integers: ,. + 0 means use keypad with variable length input. , means use + keypad with fixed length input. N for user PIN, M for admin PIN. + */ static void parse_login_data (app_t app) @@ -603,6 +618,10 @@ parse_login_data (app_t app) /* Set defaults. */ app->app_local->flags.no_sync = 0; app->app_local->flags.def_chv2 = 0; + app->app_local->keypad.specified = 0; + app->app_local->keypad.varlen = 0; + app->app_local->keypad.fixedlen_user = 6; + app->app_local->keypad.fixedlen_admin = 8; /* Read the DO. */ relptr = get_one_do (app, 0x005E, &buffer, &buflen, NULL); @@ -628,11 +647,56 @@ parse_login_data (app_t app) any leading digits but bail out on invalid characters. */ for (p=buffer+2, len = buflen-2; len && hexdigitp (p); p++, len--) lastdig = xtoi_1 (p); + buffer = p; + buflen = len; if (len && !(*p == '\n' || *p == '\x18')) goto next; /* Invalid characters in field. */ app->app_local->flags.no_sync = !!(lastdig & 1); app->app_local->flags.def_chv2 = (lastdig & 3) == 3; } + else if (buflen > 1 && *buffer == 'P' && buffer[1] == '=') + { + /* Keypad request control sequence found. */ + buffer += 2; + buflen -= 2; + + if (buflen) + { + if (*buffer == '0') + { + buffer++; + buflen--; + if (buflen && !(*buffer == '\n' || *buffer == '\x18')) + goto next; + app->app_local->keypad.specified = 1; + app->app_local->keypad.varlen = 1; + } + else if (digitp (buffer)) + { + char *q; + int n, m; + + n = strtol (buffer, &q, 10); + if (*q++ != ',' || !digitp (q)) + goto next; + m = strtol (q, &q, 10); + buffer = q; + if (buflen < ((unsigned char *)q - buffer)) + { + buflen = 0; + break; + } + else + buflen -= ((unsigned char *)q - buffer); + + if (buflen && !(*buffer == '\n' || *buffer == '\x18')) + goto next; + app->app_local->keypad.specified = 1; + app->app_local->keypad.fixedlen_user = n; + app->app_local->keypad.fixedlen_admin = m; + } + } + } next: for (; buflen && *buffer != '\x18'; buflen--, buffer++) if (*buffer == '\n') @@ -1470,6 +1534,37 @@ do_readcert (app_t app, const char *certid, } +/* Decide if we use keypad of reader for PIN input according to the + user preference on the card. Returns 0 if we use keypad, 1 otherwise. */ +static int +check_keypad_request (app_t app, pininfo_t *pininfo, int admin_pin) +{ + /* User specifies no preference on card, then, use pinentry. */ + if (app->app_local->keypad.specified == 0) + return 1; + + if (app->app_local->keypad.varlen) + if (pininfo->fixedlen == 0) + return 0; + else + /* On card, user specifies varlen but reader doesn't have the feature. */ + return 1; + else + { + if (admin_pin) + pininfo->fixedlen = app->app_local->keypad.fixedlen_admin; + else + pininfo->fixedlen = app->app_local->keypad.fixedlen_user; + + if (pininfo->fixedlen < pininfo->minlen + || pininfo->fixedlen > pininfo->maxlen) + return 1; + + return 0; + } +} + + /* Verify a CHV either using using the pinentry or if possibile by using a keypad. PINCB and PINCB_ARG describe the usual callback for the pinentry. CHVNO must be either 1 or 2. SIGCOUNT is only @@ -1537,7 +1632,8 @@ verify_a_chv (app_t app, if (!opt.disable_keypad - && !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) ) + && !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) + && !check_keypad_request (app, &pininfo, 0)) { /* The reader supports the verify command through the keypad. Note that the pincb appends a text to the prompt telling the @@ -1720,7 +1816,8 @@ verify_chv3 (app_t app, return rc; if (!opt.disable_keypad - && !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) ) + && !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) + && !check_keypad_request (app, &pininfo, 1)) { /* The reader supports the verify command through the keypad. */ rc = pincb (pincb_arg, prompt, NULL); @@ -1970,7 +2067,8 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, if (!opt.disable_keypad && !iso7816_check_keypad (app->slot, - ISO7816_CHANGE_REFERENCE_DATA, &pininfo)) + ISO7816_CHANGE_REFERENCE_DATA, &pininfo) + && !check_keypad_request (app, &pininfo, chvno == 3)) use_keypad = 1; if (reset_mode) commit d5bf83a24cf3871b7d8cfe61049f70e1e206d09a Author: NIIBE Yutaka Date: Thu Jan 10 15:52:24 2013 +0900 SCD: Minor fix of ccid-driver. * scd/ccid-driver.c (VENDOR_VEGA): Fix typo. diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index 95e85d9..e9f39f4 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -209,7 +209,7 @@ enum { VENDOR_SCM = 0x04e6, VENDOR_OMNIKEY= 0x076b, VENDOR_GEMPC = 0x08e6, - VENDER_VEGA = 0x0982, + VENDOR_VEGA = 0x0982, VENDOR_KAAN = 0x0d46, VENDOR_FSIJ = 0x234b, VENDOR_VASCO = 0x1a44 commit 82e1e837c29225cd55642b193cc04ce6191d19bb Author: NIIBE Yutaka Date: Thu Jan 10 10:49:27 2013 +0900 SCD: Add support of Covadis VEGA_ALPHA reader. * scd/ccid-driver.c: Add 2013. (VENDER_VEGA, VEGA_ALPHA):New. (ccid_transceive_secure): VEGA_ALPHA is same firmware as GEMPC_PINPAD. Change bNumberMessage to 0x01, as it works better (was: 0xff). diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index 83b419a..95e85d9 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -1,6 +1,6 @@ /* ccid-driver.c - USB ChipCardInterfaceDevices driver * Copyright (C) 2003, 2004, 2005, 2006, 2007 - * 2008, 2009 Free Software Foundation, Inc. + * 2008, 2009, 2013 Free Software Foundation, Inc. * Written by Werner Koch. * * This file is part of GnuPG. @@ -209,6 +209,7 @@ enum { VENDOR_SCM = 0x04e6, VENDOR_OMNIKEY= 0x076b, VENDOR_GEMPC = 0x08e6, + VENDER_VEGA = 0x0982, VENDOR_KAAN = 0x0d46, VENDOR_FSIJ = 0x234b, VENDOR_VASCO = 0x1a44 @@ -222,7 +223,8 @@ enum { #define SCM_SPR532 0xe003 #define CHERRY_ST2000 0x003e #define VASCO_920 0x0920 -#define GEMPC_PINPAD 0x3478 +#define GEMPC_PINPAD 0x3478 +#define VEGA_ALPHA 0x0008 /* A list and a table with special transport descriptions. */ enum { @@ -2382,7 +2384,7 @@ update_param_by_atr (unsigned char *param, unsigned char *atr, size_t atrlen) NEXTBYTE (); if (atr[i] == 0x3F) - param[1] |= 0x02; /* Convention is inverse. */ + param[1] |= 0x02; /* Convention is inverse. */ NEXTBYTE (); y = (atr[i] >> 4); @@ -2391,91 +2393,91 @@ update_param_by_atr (unsigned char *param, unsigned char *atr, size_t atrlen) if ((y & 1)) { - param[0] = atr[i]; /* TA1 - Fi & Di */ + param[0] = atr[i]; /* TA1 - Fi & Di */ NEXTBYTE (); } if ((y & 2)) - NEXTBYTE (); /* TB1 - ignore */ + NEXTBYTE (); /* TB1 - ignore */ if ((y & 4)) { - param[2] = atr[i]; /* TC1 - Guard Time */ + param[2] = atr[i]; /* TC1 - Guard Time */ NEXTBYTE (); } if ((y & 8)) { - y = (atr[i] >> 4); /* TD1 */ + y = (atr[i] >> 4); /* TD1 */ t = atr[i] & 0x0f; NEXTBYTE (); if ((y & 1)) - { /* TA2 - PPS mode */ - if ((atr[i] & 0x0f) != 1) - return -2; /* Wrong card protocol (!= 1). */ + { /* TA2 - PPS mode */ + if ((atr[i] & 0x0f) != 1) + return -2; /* Wrong card protocol (!= 1). */ - if ((atr[i] & 0x10) != 0x10) - return -3; /* Transmission parameters are implicitly defined. */ + if ((atr[i] & 0x10) != 0x10) + return -3; /* Transmission parameters are implicitly defined. */ - negotiable = 0; /* TA2 means specific mode. */ - NEXTBYTE (); - } + negotiable = 0; /* TA2 means specific mode. */ + NEXTBYTE (); + } if ((y & 2)) - NEXTBYTE (); /* TB2 - ignore */ + NEXTBYTE (); /* TB2 - ignore */ if ((y & 4)) - NEXTBYTE (); /* TC2 - ignore */ + NEXTBYTE (); /* TC2 - ignore */ if ((y & 8)) - { - y = (atr[i] >> 4); /* TD2 */ - t = atr[i] & 0x0f; - NEXTBYTE (); - } + { + y = (atr[i] >> 4); /* TD2 */ + t = atr[i] & 0x0f; + NEXTBYTE (); + } else - y = 0; + y = 0; while (y) - { - if ((y & 1)) - { /* TAx */ - if (t == 1) - param[5] = atr[i]; /* IFSC */ - else if (t == 15) - /* XXX: check voltage? */ - param[4] = (atr[i] >> 6); /* ClockStop */ - - NEXTBYTE (); - } - - if ((y & 2)) - { - if (t == 1) - param[3] = atr[i]; /* TBx - BWI & CWI */ - NEXTBYTE (); - } - - if ((y & 4)) - { - if (t == 1) - param[1] |= (atr[i] & 0x01); /* TCx - LRC/CRC */ - NEXTBYTE (); - - if (param[1] & 0x01) - return -4; /* CRC not supported yet. */ - } - - if ((y & 8)) - { - y = (atr[i] >> 4); /* TDx */ - t = atr[i] & 0x0f; - NEXTBYTE (); - } - else - y = 0; - } + { + if ((y & 1)) + { /* TAx */ + if (t == 1) + param[5] = atr[i]; /* IFSC */ + else if (t == 15) + /* XXX: check voltage? */ + param[4] = (atr[i] >> 6); /* ClockStop */ + + NEXTBYTE (); + } + + if ((y & 2)) + { + if (t == 1) + param[3] = atr[i]; /* TBx - BWI & CWI */ + NEXTBYTE (); + } + + if ((y & 4)) + { + if (t == 1) + param[1] |= (atr[i] & 0x01); /* TCx - LRC/CRC */ + NEXTBYTE (); + + if (param[1] & 0x01) + return -4; /* CRC not supported yet. */ + } + + if ((y & 8)) + { + y = (atr[i] >> 4); /* TDx */ + t = atr[i] & 0x0f; + NEXTBYTE (); + } + else + y = 0; + } } i += historical_bytes_num - 1; @@ -2604,16 +2606,16 @@ ccid_get_atr (ccid_driver_t handle, msglen = 10; rc = bulk_out (handle, msg, msglen, 0); if (!rc) - rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_Parameters, - seqno, 2000, 0); + rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_Parameters, + seqno, 2000, 0); if (rc) - DEBUGOUT ("GetParameters failed\n"); + DEBUGOUT ("GetParameters failed\n"); else if (msglen == 17 && msg[9] == 1) - got_param = 1; + got_param = 1; } else if (handle->auto_pps) ; - else if (rc == 1) /* It's negotiable, send PPS. */ + else if (rc == 1) /* It's negotiable, send PPS. */ { msg[0] = PC_to_RDR_XfrBlock; msg[5] = 0; /* slot */ @@ -2621,33 +2623,33 @@ ccid_get_atr (ccid_driver_t handle, msg[7] = 0; msg[8] = 0; msg[9] = 0; - msg[10] = 0xff; /* PPSS */ - msg[11] = 0x11; /* PPS0: PPS1, Protocol T=1 */ - msg[12] = param[0]; /* PPS1: Fi / Di */ + msg[10] = 0xff; /* PPSS */ + msg[11] = 0x11; /* PPS0: PPS1, Protocol T=1 */ + msg[12] = param[0]; /* PPS1: Fi / Di */ msg[13] = 0xff ^ 0x11 ^ param[0]; /* PCK */ set_msg_len (msg, 4); msglen = 10 + 4; rc = bulk_out (handle, msg, msglen, 0); if (rc) - return rc; + return rc; rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_DataBlock, - seqno, 5000, 0); + seqno, 5000, 0); if (rc) - return rc; + return rc; if (msglen != 10 + 4) - { - DEBUGOUT_1 ("Setting PPS failed: %d\n", msglen); - return CCID_DRIVER_ERR_CARD_IO_ERROR; - } + { + DEBUGOUT_1 ("Setting PPS failed: %d\n", msglen); + return CCID_DRIVER_ERR_CARD_IO_ERROR; + } if (msg[10] != 0xff || msg[11] != 0x11 || msg[12] != param[0]) - { - DEBUGOUT_1 ("Setting PPS failed: 0x%02x\n", param[0]); - return CCID_DRIVER_ERR_CARD_IO_ERROR; - } + { + DEBUGOUT_1 ("Setting PPS failed: 0x%02x\n", param[0]); + return CCID_DRIVER_ERR_CARD_IO_ERROR; + } } /* Setup parameters to select T=1. */ @@ -3298,7 +3300,7 @@ ccid_transceive (ccid_driver_t handle, int ccid_transceive_secure (ccid_driver_t handle, const unsigned char *apdu_buf, size_t apdu_buflen, - pininfo_t *pininfo, + pininfo_t *pininfo, unsigned char *resp, size_t maxresplen, size_t *nresp) { int rc; @@ -3360,16 +3362,17 @@ ccid_transceive_secure (ccid_driver_t handle, if (handle->id_product != CHERRY_ST2000) cherry_mode = 1; break; - case VENDOR_GEMPC: - if (handle->id_product == GEMPC_PINPAD) - { - enable_varlen = 0; - pininfo->minlen = 4; - pininfo->maxlen = 8; - break; - } - /* fall through */ default: + if ((handle->id_vendor == VENDOR_GEMPC && + handle->id_product == GEMPC_PINPAD) + || (handle->id_vendor == VENDOR_VEGA && + handle->id_product == VEGA_ALPHA)) + { + enable_varlen = 0; + pininfo->minlen = 4; + pininfo->maxlen = 8; + break; + } return CCID_DRIVER_ERR_NOT_SUPPORTED; } @@ -3412,8 +3415,8 @@ ccid_transceive_secure (ccid_driver_t handle, else { msg[13] = pininfo->fixedlen; /* bmPINBlockString: - 0 bits of pin length to insert. - PIN block size by fixedlen. */ + 0 bits of pin length to insert. + PIN block size by fixedlen. */ msg[14] = 0x00; /* bmPINLengthFormat: Units are bytes, position is 0. */ } @@ -3445,7 +3448,7 @@ ccid_transceive_secure (ccid_driver_t handle, msglen++; if (apdu_buf[1] == 0x20) - msg[msglen++] = 0xff; /* bNumberMessage: Default. */ + msg[msglen++] = 0x01; /* bNumberMessage. */ else msg[msglen++] = 0x03; /* bNumberMessage. */ commit 3aae780f9debaeb3560ff866b7e09d0923481c57 Author: NIIBE Yutaka Date: Wed Jan 9 16:40:41 2013 +0900 SCD: Support fixed length PIN input for keypad (PC/SC). * scd/apdu.c (pcsc_keypad_verify): SUpport fixed length PIN input for keypad. (pcsc_keypad_modify): Likewise. * scd/ccid-driver.c (ccid_transceive_secure): Clean up. diff --git a/scd/apdu.c b/scd/apdu.c index a207f9d..f1f2d01 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -2042,7 +2042,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, { int sw; unsigned char *pin_verify; - int len = PIN_VERIFY_STRUCTURE_SIZE; + int len = PIN_VERIFY_STRUCTURE_SIZE + pininfo->fixedlen; unsigned char result[2]; size_t resultlen = 2; @@ -2050,7 +2050,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, && (sw = reset_pcsc_reader (slot))) return sw; - if (pininfo->fixedlen != 0) + if (pininfo->fixedlen < 0 || pininfo->fixedlen >= 16) return SW_NOT_SUPPORTED; if (!pininfo->minlen) @@ -2071,7 +2071,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, pin_verify[0] = 0x00; /* bTimerOut */ pin_verify[1] = 0x00; /* bTimerOut2 */ pin_verify[2] = 0x82; /* bmFormatString: Byte, pos=0, left, ASCII. */ - pin_verify[3] = 0x00; /* bmPINBlockString */ + pin_verify[3] = pininfo->fixedlen; /* bmPINBlockString */ pin_verify[4] = 0x00; /* bmPINLengthFormat */ pin_verify[5] = pininfo->maxlen; /* wPINMaxExtraDigit */ pin_verify[6] = pininfo->minlen; /* wPINMaxExtraDigit */ @@ -2085,7 +2085,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, pin_verify[12] = 0x00; /* bTeoPrologue[0] */ pin_verify[13] = 0x00; /* bTeoPrologue[1] */ pin_verify[14] = 0x00; /* bTeoPrologue[2] */ - pin_verify[15] = 0x05; /* ulDataLength */ + pin_verify[15] = pininfo->fixedlen + 0x05; /* ulDataLength */ pin_verify[16] = 0x00; /* ulDataLength */ pin_verify[17] = 0x00; /* ulDataLength */ pin_verify[18] = 0x00; /* ulDataLength */ @@ -2093,7 +2093,9 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, pin_verify[20] = ins; /* abData[1] */ pin_verify[21] = p0; /* abData[2] */ pin_verify[22] = p1; /* abData[3] */ - pin_verify[23] = 0x00; /* abData[4] */ + pin_verify[23] = pininfo->fixedlen; /* abData[4] */ + if (pininfo->fixedlen) + memset (&pin_verify[24], 0xff, pininfo->fixedlen); if (DBG_CARD_IO) log_debug ("send secure: c=%02X i=%02X p1=%02X p2=%02X len=%d pinmax=%d\n", @@ -2123,7 +2125,7 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, { int sw; unsigned char *pin_modify; - int len = PIN_MODIFY_STRUCTURE_SIZE; + int len = PIN_MODIFY_STRUCTURE_SIZE + 2 * pininfo->fixedlen; unsigned char result[2]; size_t resultlen = 2; @@ -2131,7 +2133,7 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, && (sw = reset_pcsc_reader (slot))) return sw; - if (pininfo->fixedlen != 0) + if (pininfo->fixedlen < 0 || pininfo->fixedlen >= 16) return SW_NOT_SUPPORTED; if (!pininfo->minlen) @@ -2152,10 +2154,10 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, pin_modify[0] = 0x00; /* bTimerOut */ pin_modify[1] = 0x00; /* bTimerOut2 */ pin_modify[2] = 0x82; /* bmFormatString: Byte, pos=0, left, ASCII. */ - pin_modify[3] = 0x00; /* bmPINBlockString */ + pin_modify[3] = pininfo->fixedlen; /* bmPINBlockString */ pin_modify[4] = 0x00; /* bmPINLengthFormat */ pin_modify[5] = 0x00; /* bInsertionOffsetOld */ - pin_modify[6] = 0x00; /* bInsertionOffsetNew */ + pin_modify[6] = pininfo->fixedlen; /* bInsertionOffsetNew */ pin_modify[7] = pininfo->maxlen; /* wPINMaxExtraDigit */ pin_modify[8] = pininfo->minlen; /* wPINMaxExtraDigit */ pin_modify[9] = (p0 == 0 ? 0x03 : 0x01); @@ -2177,7 +2179,7 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, pin_modify[17] = 0x00; /* bTeoPrologue[0] */ pin_modify[18] = 0x00; /* bTeoPrologue[1] */ pin_modify[19] = 0x00; /* bTeoPrologue[2] */ - pin_modify[20] = 0x05; /* ulDataLength */ + pin_modify[20] = 2 * pininfo->fixedlen + 0x05; /* ulDataLength */ pin_modify[21] = 0x00; /* ulDataLength */ pin_modify[22] = 0x00; /* ulDataLength */ pin_modify[23] = 0x00; /* ulDataLength */ @@ -2185,7 +2187,9 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, pin_modify[25] = ins; /* abData[1] */ pin_modify[26] = p0; /* abData[2] */ pin_modify[27] = p1; /* abData[3] */ - pin_modify[28] = 0x00; /* abData[4] */ + pin_modify[28] = 2 * pininfo->fixedlen; /* abData[4] */ + if (pininfo->fixedlen) + memset (&pin_modify[29], 0xff, 2 * pininfo->fixedlen); if (DBG_CARD_IO) log_debug ("send secure: c=%02X i=%02X p1=%02X p2=%02X len=%d pinmax=%d\n", diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index 3244c71..83b419a 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -3411,14 +3411,9 @@ ccid_transceive_secure (ccid_driver_t handle, } else { - if (pininfo->fixedlen == 0) - msg[13] = 0x00; /* bmPINBlockString: - 0 bits of pin length to insert. - 0 bytes of PIN block size. */ - else - msg[13] = pininfo->fixedlen; /* bmPINBlockString: - 0 bits of pin length to insert. - PIN block size by fixedlen. */ + msg[13] = pininfo->fixedlen; /* bmPINBlockString: + 0 bits of pin length to insert. + PIN block size by fixedlen. */ msg[14] = 0x00; /* bmPINLengthFormat: Units are bytes, position is 0. */ } @@ -3427,10 +3422,7 @@ ccid_transceive_secure (ccid_driver_t handle, if (apdu_buf[1] == 0x24) { msg[msglen++] = 0; /* bInsertionOffsetOld */ - if (pininfo->fixedlen == 0) - msg[msglen++] = 0; /* bInsertionOffsetNew */ - else - msg[msglen++] = pininfo->fixedlen; /* bInsertionOffsetNew */ + msg[msglen++] = pininfo->fixedlen; /* bInsertionOffsetNew */ } /* The following is a little endian word. */ commit 40a914a2e3052847b49c4b5e8ac8538e97efd18a Author: NIIBE Yutaka Date: Wed Jan 9 16:23:55 2013 +0900 SCD: Support fixed length PIN input for keypad. * scd/iso7816.h (struct pininfo_s): Remove MODE and add FIXEDLEN. * scd/app-dinsig.c (verify_pin): Initialize FIXEDLEN to unknown. * scd/app-nks.c (verify_pin): Likewise. * scd/app-openpgp.c (verify_a_chv, verify_chv3, do_change_pin): Likewise. * scd/apdu.c (check_pcsc_keypad): Add comment. (pcsc_keypad_verify, pcsc_keypad_modify): PC/SC driver only support readers with the feature of variable length input (yet). (apdu_check_keypad): Set FIXEDLEN. * scd/ccid-driver.c (ccid_transceive_secure): Add GEMPC_PINPAD specific settings. Support fixed length PIN input for keypad. diff --git a/scd/apdu.c b/scd/apdu.c index 5a58cfd..a207f9d 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -1986,7 +1986,7 @@ check_pcsc_keypad (int slot, int command, pininfo_t *pininfo) size_t len = 256; int sw; - (void)pininfo; + (void)pininfo; /* XXX: Identify reader and set pininfo->fixedlen. */ check_again: if (command == ISO7816_VERIFY) @@ -2050,7 +2050,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, && (sw = reset_pcsc_reader (slot))) return sw; - if (pininfo->mode != 1) + if (pininfo->fixedlen != 0) return SW_NOT_SUPPORTED; if (!pininfo->minlen) @@ -2131,7 +2131,7 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, && (sw = reset_pcsc_reader (slot))) return sw; - if (pininfo->mode != 1) + if (pininfo->fixedlen != 0) return SW_NOT_SUPPORTED; if (!pininfo->minlen) @@ -3397,7 +3397,7 @@ apdu_check_keypad (int slot, int command, pininfo_t *pininfo) return SW_HOST_NO_DRIVER; if (opt.enable_keypad_varlen) - pininfo->mode = 0; + pininfo->fixedlen = 0; if (reader_table[slot].check_keypad) { diff --git a/scd/app-dinsig.c b/scd/app-dinsig.c index f3f7d4b..9d4ebe2 100644 --- a/scd/app-dinsig.c +++ b/scd/app-dinsig.c @@ -288,7 +288,7 @@ verify_pin (app_t app, return 0; /* No need to verify it again. */ memset (&pininfo, 0, sizeof pininfo); - pininfo.mode = 1; + pininfo.fixedlen = -1; pininfo.minlen = 6; pininfo.maxlen = 8; diff --git a/scd/app-nks.c b/scd/app-nks.c index 4e7a43c..8a48871 100644 --- a/scd/app-nks.c +++ b/scd/app-nks.c @@ -788,7 +788,7 @@ verify_pin (app_t app, int pwid, const char *desc, desc = "PIN"; memset (&pininfo, 0, sizeof pininfo); - pininfo.mode = 1; + pininfo.fixedlen = -1; pininfo.minlen = 6; pininfo.maxlen = 16; diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 968ef98..dcc3120 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -1516,7 +1516,7 @@ verify_a_chv (app_t app, } memset (&pininfo, 0, sizeof pininfo); - pininfo.mode = 1; + pininfo.fixedlen = -1; pininfo.minlen = minlen; @@ -1712,7 +1712,7 @@ verify_chv3 (app_t app, char *prompt; memset (&pininfo, 0, sizeof pininfo); - pininfo.mode = 1; + pininfo.fixedlen = -1; pininfo.minlen = minlen; rc = build_enter_admin_pin_prompt (app, &prompt); @@ -1923,7 +1923,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, (void)ctrl; memset (&pininfo, 0, sizeof pininfo); - pininfo.mode = 1; + pininfo.fixedlen = -1; pininfo.minlen = minlen; if (reset_mode && chvno == 3) diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index c16c7ac..3244c71 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -3361,23 +3361,27 @@ ccid_transceive_secure (ccid_driver_t handle, cherry_mode = 1; break; case VENDOR_GEMPC: - enable_varlen = 0; if (handle->id_product == GEMPC_PINPAD) - break; + { + enable_varlen = 0; + pininfo->minlen = 4; + pininfo->maxlen = 8; + break; + } /* fall through */ default: return CCID_DRIVER_ERR_NOT_SUPPORTED; } if (enable_varlen) - pininfo->mode = 0; - - if (pininfo->mode != 0 && pininfo->mode != 1) - return CCID_DRIVER_ERR_NOT_SUPPORTED; + pininfo->fixedlen = 0; if (testmode) return 0; /* Success */ + if (pininfo->fixedlen < 0 || pininfo->fixedlen >= 16) + return CCID_DRIVER_ERR_NOT_SUPPORTED; + msg = send_buffer; if (handle->id_vendor == VENDOR_SCM) { @@ -3407,9 +3411,14 @@ ccid_transceive_secure (ccid_driver_t handle, } else { - msg[13] = 0x00; /* bmPINBlockString: - 0 bits of pin length to insert. - 0 bytes of PIN block size. */ + if (pininfo->fixedlen == 0) + msg[13] = 0x00; /* bmPINBlockString: + 0 bits of pin length to insert. + 0 bytes of PIN block size. */ + else + msg[13] = pininfo->fixedlen; /* bmPINBlockString: + 0 bits of pin length to insert. + PIN block size by fixedlen. */ msg[14] = 0x00; /* bmPINLengthFormat: Units are bytes, position is 0. */ } @@ -3418,7 +3427,10 @@ ccid_transceive_secure (ccid_driver_t handle, if (apdu_buf[1] == 0x24) { msg[msglen++] = 0; /* bInsertionOffsetOld */ - msg[msglen++] = 0; /* bInsertionOffsetNew */ + if (pininfo->fixedlen == 0) + msg[msglen++] = 0; /* bInsertionOffsetNew */ + else + msg[msglen++] = pininfo->fixedlen; /* bInsertionOffsetNew */ } /* The following is a little endian word. */ @@ -3457,10 +3469,18 @@ ccid_transceive_secure (ccid_driver_t handle, msg[msglen++] = 2; /* bMsgIndex3. */ } + /* Calculate Lc. */ + n = pininfo->fixedlen; + if (apdu_buf[1] == 0x24) + n += pininfo->fixedlen; + /* bTeoProlog follows: */ msg[msglen++] = handle->nonnull_nad? ((1 << 4) | 0): 0; msg[msglen++] = ((handle->t1_ns & 1) << 6); /* I-block */ - msg[msglen++] = 0; /* The apdulen will be filled in by the reader. */ + if (n) + msg[msglen++] = n + 5; /* apdulen should be filled for fixed length. */ + else + msg[msglen++] = 0; /* The apdulen will be filled in by the reader. */ /* APDU follows: */ msg[msglen++] = apdu_buf[0]; /* CLA */ msg[msglen++] = apdu_buf[1]; /* INS */ @@ -3468,6 +3488,12 @@ ccid_transceive_secure (ccid_driver_t handle, msg[msglen++] = apdu_buf[3]; /* P2 */ if (cherry_mode) msg[msglen++] = 0; + else if (pininfo->fixedlen != 0) + { + msg[msglen++] = n; + memset (&msg[msglen], 0xff, n); + msglen += n; + } /* An EDC is not required. */ set_msg_len (msg, msglen - 10); diff --git a/scd/iso7816.h b/scd/iso7816.h index e6dfecd..bf195ea 100644 --- a/scd/iso7816.h +++ b/scd/iso7816.h @@ -34,7 +34,12 @@ ccid-driver.c for details. */ struct pininfo_s { - int mode; /* 0: Use variable length input. 1: Use fixed length input. */ + int fixedlen; /* + * -1: Variable length input is not supported, + * no information of fixed length yet. + * 0: Use variable length input. + * >0: Fixed length of PIN. + */ int minlen; int maxlen; }; commit b526f6e223604b7c1852ef2aab9fc1ea691b1181 Author: NIIBE Yutaka Date: Wed Jan 9 14:10:08 2013 +0900 SCD: API cleanup for keypad handling. * scd/iso7816.h (struct pininfo_s): Rename from iso7816_pininfo_s. Change meaning of MODE. (pininfo_t): Rename from iso7816_pininfo_t. * scd/sc-copykeys.c: Include "iso7816.h". * scd/scdaemon.c, scd/command.c: Likewise. * scd/ccid-driver.c: Include "scdaemon.h" and "iso7816.h". (ccid_transceive_secure): Follow the change of PININFO_T. * scd/app.c: Include "apdu.h" after "iso7816.h". * scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp) (iso7816_change_reference_data_kp): Follow the change of API. * scd/apdu.c (struct reader_table_s): Change API of CHECK_KEYPAD, KEYPAD_VERIFY, KEYPAD_MODIFY to have arg of PININFO_T. (check_pcsc_keypad, check_ccid_keypad): Likewise. (apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify): Likewise. (pcsc_keypad_verify, pcsc_keypad_modify, ct_send_apdu) (pcsc_send_apdu_direct, pcsc_send_apdu_wrapped, pcsc_send_apdu) (send_apdu_ccid, ccid_keypad_operation, my_rapdu_send_apdu, send_apdu) (send_le): Follow the change of API. * scd/apdu.h (apdu_check_keypad, apdu_keypad_verify) (apdu_keypad_modify): Change the API. * scd/app-dinsig.c, scd/app-nks.c, scd/app-openpgp.c: Follow the change. diff --git a/scd/apdu.c b/scd/apdu.c index f66db4d..5a58cfd 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -60,10 +60,9 @@ #include "exechelp.h" #endif /* GNUPG_MAJOR_VERSION != 1 */ +#include "iso7816.h" #include "apdu.h" #include "ccid-driver.h" -#include "iso7816.h" - /* Due to conflicting use of threading libraries we usually can't link against libpcsclite. Instead we use a wrapper program. */ @@ -83,8 +82,6 @@ #define DLSTDCALL #endif -#define pininfo_s iso7816_pininfo_s - /* A structure to collect information pertaining to one reader slot. */ struct reader_table_s { @@ -99,12 +96,12 @@ struct reader_table_s { int (*reset_reader)(int); int (*get_status_reader)(int, unsigned int *); int (*send_apdu_reader)(int,unsigned char *,size_t, - unsigned char *, size_t *, struct pininfo_s *); - int (*check_keypad)(int, int, int, int, int); + unsigned char *, size_t *, pininfo_t *); + int (*check_keypad)(int, int, pininfo_t *); void (*dump_status_reader)(int); int (*set_progress_cb)(int, gcry_handler_progress_t, void*); - int (*keypad_verify)(int, int, int, int, int, struct pininfo_s *); - int (*keypad_modify)(int, int, int, int, int, struct pininfo_s *); + int (*keypad_verify)(int, int, int, int, int, pininfo_t *); + int (*keypad_modify)(int, int, int, int, int, pininfo_t *); struct { ccid_driver_t handle; @@ -322,12 +319,11 @@ static int reset_pcsc_reader (int slot); static int apdu_get_status_internal (int slot, int hang, int no_atr_reset, unsigned int *status, unsigned int *changed); -static int check_pcsc_keypad (int slot, int command, int pin_mode, - int pinlen_min, int pinlen_max); +static int check_pcsc_keypad (int slot, int command, pininfo_t *pininfo); static int pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, - struct pininfo_s *pininfo); + pininfo_t *pininfo); static int pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, - struct pininfo_s *pininfo); + pininfo_t *pininfo); @@ -600,7 +596,7 @@ ct_get_status (int slot, unsigned int *status) set to BUFLEN. Returns: CT API error code. */ static int ct_send_apdu (int slot, unsigned char *apdu, size_t apdulen, - unsigned char *buffer, size_t *buflen, struct pininfo_s *pininfo) + unsigned char *buffer, size_t *buflen, pininfo_t *pininfo) { int rc; unsigned char dad[1], sad[1]; @@ -1031,7 +1027,7 @@ pcsc_get_status (int slot, unsigned int *status) static int pcsc_send_apdu_direct (int slot, unsigned char *apdu, size_t apdulen, unsigned char *buffer, size_t *buflen, - struct pininfo_s *pininfo) + pininfo_t *pininfo) { long err; struct pcsc_io_request_s send_pci; @@ -1067,7 +1063,7 @@ pcsc_send_apdu_direct (int slot, unsigned char *apdu, size_t apdulen, static int pcsc_send_apdu_wrapped (int slot, unsigned char *apdu, size_t apdulen, unsigned char *buffer, size_t *buflen, - struct pininfo_s *pininfo) + pininfo_t *pininfo) { long err; reader_table_t slotp; @@ -1187,7 +1183,7 @@ pcsc_send_apdu_wrapped (int slot, unsigned char *apdu, size_t apdulen, static int pcsc_send_apdu (int slot, unsigned char *apdu, size_t apdulen, unsigned char *buffer, size_t *buflen, - struct pininfo_s *pininfo) + pininfo_t *pininfo) { #ifdef NEED_PCSC_WRAPPER return pcsc_send_apdu_wrapped (slot, apdu, apdulen, buffer, buflen, pininfo); @@ -1984,16 +1980,13 @@ open_pcsc_reader (const char *portstr) /* Check whether the reader supports the ISO command code COMMAND on the keypad. Return 0 on success. */ static int -check_pcsc_keypad (int slot, int command, int pin_mode, - int pinlen_min, int pinlen_max) +check_pcsc_keypad (int slot, int command, pininfo_t *pininfo) { unsigned char buf[256]; size_t len = 256; int sw; - (void)pin_mode; - (void)pinlen_min; - (void)pinlen_max; + (void)pininfo; check_again: if (command == ISO7816_VERIFY) @@ -2045,7 +2038,7 @@ check_pcsc_keypad (int slot, int command, int pin_mode, #define PIN_VERIFY_STRUCTURE_SIZE 24 static int pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, - struct pininfo_s *pininfo) + pininfo_t *pininfo) { int sw; unsigned char *pin_verify; @@ -2126,7 +2119,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, #define PIN_MODIFY_STRUCTURE_SIZE 29 static int pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, - struct pininfo_s *pininfo) + pininfo_t *pininfo) { int sw; unsigned char *pin_modify; @@ -2297,7 +2290,7 @@ get_status_ccid (int slot, unsigned int *status) static int send_apdu_ccid (int slot, unsigned char *apdu, size_t apdulen, unsigned char *buffer, size_t *buflen, - struct pininfo_s *pininfo) + pininfo_t *pininfo) { long err; size_t maxbuflen; @@ -2313,10 +2306,7 @@ send_apdu_ccid (int slot, unsigned char *apdu, size_t apdulen, maxbuflen = *buflen; if (pininfo) err = ccid_transceive_secure (reader_table[slot].ccid.handle, - apdu, apdulen, - pininfo->mode, - pininfo->minlen, - pininfo->maxlen, + apdu, apdulen, pininfo, buffer, maxbuflen, buflen); else err = ccid_transceive (reader_table[slot].ccid.handle, @@ -2334,22 +2324,19 @@ send_apdu_ccid (int slot, unsigned char *apdu, size_t apdulen, on the keypad. Return 0 on success. For a description of the pin parameters, see ccid-driver.c */ static int -check_ccid_keypad (int slot, int command, int pin_mode, - int pinlen_min, int pinlen_max) +check_ccid_keypad (int slot, int command, pininfo_t *pininfo) { unsigned char apdu[] = { 0, 0, 0, 0x81 }; apdu[1] = command; - return ccid_transceive_secure (reader_table[slot].ccid.handle, - apdu, sizeof apdu, - pin_mode, pinlen_min, pinlen_max, - NULL, 0, NULL); + return ccid_transceive_secure (reader_table[slot].ccid.handle, apdu, + sizeof apdu, pininfo, NULL, 0, NULL); } static int ccid_keypad_operation (int slot, int class, int ins, int p0, int p1, - struct pininfo_s *pininfo) + pininfo_t *pininfo) { unsigned char apdu[4]; int err, sw; @@ -2361,8 +2348,7 @@ ccid_keypad_operation (int slot, int class, int ins, int p0, int p1, apdu[2] = p0; apdu[3] = p1; err = ccid_transceive_secure (reader_table[slot].ccid.handle, - apdu, sizeof apdu, - pininfo->mode, pininfo->minlen, pininfo->maxlen, + apdu, sizeof apdu, pininfo, result, 2, &resultlen); if (err) return err; @@ -2580,7 +2566,7 @@ my_rapdu_get_status (int slot, unsigned int *status) static int my_rapdu_send_apdu (int slot, unsigned char *apdu, size_t apdulen, unsigned char *buffer, size_t *buflen, - struct pininfo_s *pininfo) + pininfo_t *pininfo) { int err; reader_table_t slotp; @@ -3405,12 +3391,14 @@ apdu_get_status (int slot, int hang, the keypad. Return 0 on success. For a description of the pin parameters, see ccid-driver.c */ int -apdu_check_keypad (int slot, int command, int pin_mode, - int pinlen_min, int pinlen_max) +apdu_check_keypad (int slot, int command, pininfo_t *pininfo) { if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; + if (opt.enable_keypad_varlen) + pininfo->mode = 0; + if (reader_table[slot].check_keypad) { int sw; @@ -3418,8 +3406,7 @@ apdu_check_keypad (int slot, int command, int pin_mode, if ((sw = lock_slot (slot))) return sw; - sw = reader_table[slot].check_keypad (slot, command, - pin_mode, pinlen_min, pinlen_max); + sw = reader_table[slot].check_keypad (slot, command, pininfo); unlock_slot (slot); return sw; } @@ -3429,15 +3416,9 @@ apdu_check_keypad (int slot, int command, int pin_mode, int -apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, int pin_mode, - int pinlen_min, int pinlen_max) +apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, + pininfo_t *pininfo) { - struct pininfo_s pininfo; - - pininfo.mode = pin_mode; - pininfo.minlen = pinlen_min; - pininfo.maxlen = pinlen_max; - if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; @@ -3449,7 +3430,7 @@ apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, int pin_mode, return sw; sw = reader_table[slot].keypad_verify (slot, class, ins, p0, p1, - &pininfo); + pininfo); unlock_slot (slot); return sw; } @@ -3459,15 +3440,9 @@ apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, int pin_mode, int -apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, int pin_mode, - int pinlen_min, int pinlen_max) +apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, + pininfo_t *pininfo) { - struct pininfo_s pininfo; - - pininfo.mode = pin_mode; - pininfo.minlen = pinlen_min; - pininfo.maxlen = pinlen_max; - if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; @@ -3479,7 +3454,7 @@ apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, int pin_mode, return sw; sw = reader_table[slot].keypad_modify (slot, class, ins, p0, p1, - &pininfo); + pininfo); unlock_slot (slot); return sw; } @@ -3492,7 +3467,7 @@ apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, int pin_mode, function should be called in locked state. */ static int send_apdu (int slot, unsigned char *apdu, size_t apdulen, - unsigned char *buffer, size_t *buflen, struct pininfo_s *pininfo) + unsigned char *buffer, size_t *buflen, pininfo_t *pininfo) { if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; @@ -3524,7 +3499,7 @@ static int send_le (int slot, int class, int ins, int p0, int p1, int lc, const char *data, int le, unsigned char **retbuf, size_t *retbuflen, - struct pininfo_s *pininfo, int extended_mode) + pininfo_t *pininfo, int extended_mode) { #define SHORT_RESULT_BUFFER_SIZE 258 /* We allocate 8 extra bytes as a safety margin towards a driver bug. */ diff --git a/scd/apdu.h b/scd/apdu.h index 6bf6176..c69fe36 100644 --- a/scd/apdu.h +++ b/scd/apdu.h @@ -114,12 +114,11 @@ int apdu_set_progress_cb (int slot, gcry_handler_progress_t cb, void *cb_arg); int apdu_reset (int slot); int apdu_get_status (int slot, int hang, unsigned int *status, unsigned int *changed); -int apdu_check_keypad (int slot, int command, int pin_mode, - int pinlen_min, int pinlen_max); +int apdu_check_keypad (int slot, int command, pininfo_t *pininfo); int apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, - int pin_mode, int pinlen_min, int pinlen_max); + pininfo_t *pininfo); int apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, - int pin_mode, int pinlen_min, int pinlen_max); + pininfo_t *pininfo); int apdu_send_simple (int slot, int extended_mode, int class, int ins, int p0, int p1, int lc, const char *data); diff --git a/scd/app-dinsig.c b/scd/app-dinsig.c index 50db78e..f3f7d4b 100644 --- a/scd/app-dinsig.c +++ b/scd/app-dinsig.c @@ -282,7 +282,7 @@ verify_pin (app_t app, { const char *s; int rc; - iso7816_pininfo_t pininfo; + pininfo_t pininfo; if ( app->did_chv1 && !app->force_chv1 ) return 0; /* No need to verify it again. */ diff --git a/scd/app-nks.c b/scd/app-nks.c index 28ccb9a..4e7a43c 100644 --- a/scd/app-nks.c +++ b/scd/app-nks.c @@ -781,7 +781,7 @@ verify_pin (app_t app, int pwid, const char *desc, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg) { - iso7816_pininfo_t pininfo; + pininfo_t pininfo; int rc; if (!desc) @@ -1144,7 +1144,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *pwidstr, int is_sigg; const char *newdesc; int pwid; - iso7816_pininfo_t pininfo; + pininfo_t pininfo; (void)ctrl; diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 5928ec6..968ef98 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -1489,7 +1489,7 @@ verify_a_chv (app_t app, int rc = 0; char *prompt_buffer = NULL; const char *prompt; - iso7816_pininfo_t pininfo; + pininfo_t pininfo; int minlen = 6; assert (chvno == 1 || chvno == 2); @@ -1707,7 +1707,7 @@ verify_chv3 (app_t app, if (!app->did_chv3) { - iso7816_pininfo_t pininfo; + pininfo_t pininfo; int minlen = 8; char *prompt; @@ -1917,7 +1917,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, char *pinvalue = NULL; int reset_mode = !!(flags & APP_CHANGE_FLAG_RESET); int set_resetcode = 0; - iso7816_pininfo_t pininfo; + pininfo_t pininfo; int use_keypad = 0; int minlen = 6; diff --git a/scd/app.c b/scd/app.c index dfb5991..e6a663e 100644 --- a/scd/app.c +++ b/scd/app.c @@ -26,8 +26,8 @@ #include "scdaemon.h" #include "app-common.h" -#include "apdu.h" #include "iso7816.h" +#include "apdu.h" #include "tlv.h" /* This table is used to keep track of locks on a per reader base. diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index 710d0e2..c16c7ac 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -89,6 +89,8 @@ #include +#include "scdaemon.h" +#include "iso7816.h" #include "ccid-driver.h" #define DRVNAME "ccid-driver: " @@ -3296,7 +3298,7 @@ ccid_transceive (ccid_driver_t handle, int ccid_transceive_secure (ccid_driver_t handle, const unsigned char *apdu_buf, size_t apdu_buflen, - int pin_mode, int pinlen_min, int pinlen_max, + pininfo_t *pininfo, unsigned char *resp, size_t maxresplen, size_t *nresp) { int rc; @@ -3307,7 +3309,7 @@ ccid_transceive_secure (ccid_driver_t handle, size_t dummy_nresp; int testmode; int cherry_mode = 0; - int enable_varlen = opt.enable_keypad_varlen; + int enable_varlen = 0; testmode = !resp && !nresp; @@ -3322,18 +3324,15 @@ ccid_transceive_secure (ccid_driver_t handle, else return CCID_DRIVER_ERR_NO_KEYPAD; - if (pin_mode != 1) - return CCID_DRIVER_ERR_NOT_SUPPORTED; - - if (!pinlen_min) - pinlen_min = 1; - if (!pinlen_max) - pinlen_max = 25; + if (!pininfo->minlen) + pininfo->minlen = 1; + if (!pininfo->maxlen) + pininfo->maxlen = 25; /* Note that the 25 is the maximum value the SPR532 allows. */ - if (pinlen_min < 1 || pinlen_min > 25 - || pinlen_max < 1 || pinlen_max > 25 - || pinlen_min > pinlen_max) + if (pininfo->minlen < 1 || pininfo->minlen > 25 + || pininfo->maxlen < 1 || pininfo->maxlen > 25 + || pininfo->minlen > pininfo->maxlen) return CCID_DRIVER_ERR_INV_VALUE; /* We have only tested a few readers so better don't risk anything @@ -3347,7 +3346,7 @@ ccid_transceive_secure (ccid_driver_t handle, break; case VENDOR_VASCO: /* Tested with DIGIPASS 920 */ enable_varlen = 1; - pinlen_max = 15; + pininfo->maxlen = 15; break; case VENDOR_CHERRY: enable_varlen = 1; @@ -3370,6 +3369,12 @@ ccid_transceive_secure (ccid_driver_t handle, return CCID_DRIVER_ERR_NOT_SUPPORTED; } + if (enable_varlen) + pininfo->mode = 0; + + if (pininfo->mode != 0 && pininfo->mode != 1) + return CCID_DRIVER_ERR_NOT_SUPPORTED; + if (testmode) return 0; /* Success */ @@ -3417,8 +3422,8 @@ ccid_transceive_secure (ccid_driver_t handle, } /* The following is a little endian word. */ - msg[msglen++] = pinlen_max; /* wPINMaxExtraDigit-Maximum. */ - msg[msglen++] = pinlen_min; /* wPINMaxExtraDigit-Minimum. */ + msg[msglen++] = pininfo->maxlen; /* wPINMaxExtraDigit-Maximum. */ + msg[msglen++] = pininfo->minlen; /* wPINMaxExtraDigit-Minimum. */ if (apdu_buf[1] == 0x24) msg[msglen++] = apdu_buf[2] == 0 ? 0x03 : 0x01; @@ -3431,7 +3436,7 @@ ccid_transceive_secure (ccid_driver_t handle, msg[msglen] = 0x02; /* bEntryValidationCondition: Validation key pressed */ - if (pinlen_min && pinlen_max && pinlen_min == pinlen_max) + if (pininfo->minlen && pininfo->maxlen && pininfo->minlen == pininfo->maxlen) msg[msglen] |= 0x01; /* Max size reached. */ msglen++; diff --git a/scd/ccid-driver.h b/scd/ccid-driver.h index e0f4895..217bb72 100644 --- a/scd/ccid-driver.h +++ b/scd/ccid-driver.h @@ -93,8 +93,7 @@ int ccid_transceive (ccid_driver_t handle, unsigned char *resp, size_t maxresplen, size_t *nresp); int ccid_transceive_secure (ccid_driver_t handle, const unsigned char *apdu, size_t apdulen, - int pin_mode, - int pinlen_min, int pinlen_max, + pininfo_t *pininfo, unsigned char *resp, size_t maxresplen, size_t *nresp); int ccid_transceive_escape (ccid_driver_t handle, const unsigned char *data, size_t datalen, diff --git a/scd/command.c b/scd/command.c index 40e61a4..343830a 100644 --- a/scd/command.c +++ b/scd/command.c @@ -34,6 +34,7 @@ #include #include #include "app-common.h" +#include "iso7816.h" #include "apdu.h" /* Required for apdu_*_reader (). */ #include "atr.h" #include "exechelp.h" diff --git a/scd/iso7816.c b/scd/iso7816.c index 966a741..b2324b4 100644 --- a/scd/iso7816.c +++ b/scd/iso7816.c @@ -269,12 +269,11 @@ iso7816_apdu_direct (int slot, const void *apdudata, size_t apdudatalen, /* Check whether the reader supports the ISO command code COMMAND on the keypad. Returns 0 on success. */ gpg_error_t -iso7816_check_keypad (int slot, int command, iso7816_pininfo_t *pininfo) +iso7816_check_keypad (int slot, int command, pininfo_t *pininfo) { int sw; - sw = apdu_check_keypad (slot, command, - pininfo->mode, pininfo->minlen, pininfo->maxlen); + sw = apdu_check_keypad (slot, command, pininfo); return iso7816_map_sw (sw); } @@ -283,12 +282,11 @@ iso7816_check_keypad (int slot, int command, iso7816_pininfo_t *pininfo) vector CHVNO. With PININFO non-NULL the keypad of the reader will be used. Returns 0 on success. */ gpg_error_t -iso7816_verify_kp (int slot, int chvno, iso7816_pininfo_t *pininfo) +iso7816_verify_kp (int slot, int chvno, pininfo_t *pininfo) { int sw; - sw = apdu_keypad_verify (slot, 0x00, CMD_VERIFY, 0, chvno, - pininfo->mode, pininfo->minlen, pininfo->maxlen); + sw = apdu_keypad_verify (slot, 0x00, CMD_VERIFY, 0, chvno, pininfo); return map_sw (sw); } @@ -309,14 +307,12 @@ iso7816_verify (int slot, int chvno, const char *chv, size_t chvlen) data" is done, otherwise an "exchange reference data". */ gpg_error_t iso7816_change_reference_data_kp (int slot, int chvno, int is_exchange, - iso7816_pininfo_t *pininfo) + pininfo_t *pininfo) { int sw; sw = apdu_keypad_modify (slot, 0x00, CMD_CHANGE_REFERENCE_DATA, - is_exchange ? 1 : 0, - chvno, pininfo->mode, pininfo->minlen, - pininfo->maxlen); + is_exchange ? 1 : 0, chvno, pininfo); return map_sw (sw); } diff --git a/scd/iso7816.h b/scd/iso7816.h index a4e5b70..e6dfecd 100644 --- a/scd/iso7816.h +++ b/scd/iso7816.h @@ -32,13 +32,13 @@ /* Information to be passed to keypad equipped readers. See ccid-driver.c for details. */ -struct iso7816_pininfo_s +struct pininfo_s { - int mode; /* A mode of 0 means: Do not use the keypad. */ + int mode; /* 0: Use variable length input. 1: Use fixed length input. */ int minlen; int maxlen; }; -typedef struct iso7816_pininfo_s iso7816_pininfo_t; +typedef struct pininfo_s pininfo_t; gpg_error_t iso7816_map_sw (int sw); @@ -58,16 +58,16 @@ gpg_error_t iso7816_apdu_direct (int slot, int handle_more, unsigned char **result, size_t *resultlen); gpg_error_t iso7816_check_keypad (int slot, int command, - iso7816_pininfo_t *pininfo); + pininfo_t *pininfo); gpg_error_t iso7816_verify (int slot, int chvno, const char *chv, size_t chvlen); -gpg_error_t iso7816_verify_kp (int slot, int chvno, iso7816_pininfo_t *pininfo); +gpg_error_t iso7816_verify_kp (int slot, int chvno, pininfo_t *pininfo); gpg_error_t iso7816_change_reference_data (int slot, int chvno, const char *oldchv, size_t oldchvlen, const char *newchv, size_t newchvlen); gpg_error_t iso7816_change_reference_data_kp (int slot, int chvno, int is_exchange, - iso7816_pininfo_t *pininfo); + pininfo_t *pininfo); gpg_error_t iso7816_reset_retry_counter (int slot, int chvno, const char *newchv, size_t newchvlen); gpg_error_t iso7816_reset_retry_counter_with_rc (int slot, int chvno, diff --git a/scd/sc-copykeys.c b/scd/sc-copykeys.c index 3f34d69..e503d36 100644 --- a/scd/sc-copykeys.c +++ b/scd/sc-copykeys.c @@ -33,6 +33,7 @@ #include "../common/ttyio.h" #include "../common/simple-pwquery.h" +#include "iso7816.h" #include "apdu.h" /* for open_reader */ #include "atr.h" #include "app-common.h" diff --git a/scd/scdaemon.c b/scd/scdaemon.c index 1b61894..f8a86c8 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -48,6 +48,7 @@ #include "i18n.h" #include "sysutils.h" #include "app-common.h" +#include "iso7816.h" #include "apdu.h" #include "ccid-driver.h" #include "mkdtemp.h" commit ca89277cb4cb9558da97a71a4cb070cb77c9b536 Author: NIIBE Yutaka Date: Mon Jan 7 14:20:55 2013 +0900 SCD: Clean up. Remove PADLEN for keypad input. * scd/apdu.c (struct pininfo_s): Use iso7816_pininfo_s. (struct reader_table_s): Remove last arg from check_keypad method. (check_pcsc_keypad, check_pcsc_keypad): Remove PIN_PADLEN. (pcsc_keypad_verify, pcsc_keypad_modify): Don't check PIN_PADLEN. (send_apdu_ccid, ccid_keypad_operation): Remove PIN_PADLEN. (apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify): Likewise. * scd/apdu.h (apdu_check_keypad, apdu_keypad_verify) (apdu_keypad_modify): Remove PIN_PADLEN. * scd/ccid-driver.c (ccid_transceive_secure): Remove PIN_PADLEN. * scd/ccid-driver.h (ccid_transceive_secure): Remove PIN_PADLEN. * scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp) (iso7816_change_reference_data_kp): Remove PADLEN. * scd/iso7816.h (struct iso7816_pininfo_s): Remove PADLEN, PADCHAR. -- In the OpenPGPcard specification, password comes with no padding. In GnuPG, we support keypad input for OpenPGPcard only. Thus, it is useless to try to support padding for keypad input. diff --git a/scd/apdu.c b/scd/apdu.c index 278e08a..f66db4d 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -83,15 +83,7 @@ #define DLSTDCALL #endif - -/* Helper to pass parameters related to keypad based operations. */ -struct pininfo_s -{ - int mode; - int minlen; - int maxlen; - int padlen; -}; +#define pininfo_s iso7816_pininfo_s /* A structure to collect information pertaining to one reader slot. */ @@ -108,7 +100,7 @@ struct reader_table_s { int (*get_status_reader)(int, unsigned int *); int (*send_apdu_reader)(int,unsigned char *,size_t, unsigned char *, size_t *, struct pininfo_s *); - int (*check_keypad)(int, int, int, int, int, int); + int (*check_keypad)(int, int, int, int, int); void (*dump_status_reader)(int); int (*set_progress_cb)(int, gcry_handler_progress_t, void*); int (*keypad_verify)(int, int, int, int, int, struct pininfo_s *); @@ -331,7 +323,7 @@ static int apdu_get_status_internal (int slot, int hang, int no_atr_reset, unsigned int *status, unsigned int *changed); static int check_pcsc_keypad (int slot, int command, int pin_mode, - int pinlen_min, int pinlen_max, int pin_padlen); + int pinlen_min, int pinlen_max); static int pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, struct pininfo_s *pininfo); static int pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, @@ -1993,7 +1985,7 @@ open_pcsc_reader (const char *portstr) on the keypad. Return 0 on success. */ static int check_pcsc_keypad (int slot, int command, int pin_mode, - int pinlen_min, int pinlen_max, int pin_padlen) + int pinlen_min, int pinlen_max) { unsigned char buf[256]; size_t len = 256; @@ -2002,7 +1994,6 @@ check_pcsc_keypad (int slot, int command, int pin_mode, (void)pin_mode; (void)pinlen_min; (void)pinlen_max; - (void)pin_padlen; check_again: if (command == ISO7816_VERIFY) @@ -2069,9 +2060,6 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, if (pininfo->mode != 1) return SW_NOT_SUPPORTED; - if (pininfo->padlen != 0) - return SW_NOT_SUPPORTED; - if (!pininfo->minlen) pininfo->minlen = 1; if (!pininfo->maxlen) @@ -2153,9 +2141,6 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, if (pininfo->mode != 1) return SW_NOT_SUPPORTED; - if (pininfo->padlen != 0) - return SW_NOT_SUPPORTED; - if (!pininfo->minlen) pininfo->minlen = 1; if (!pininfo->maxlen) @@ -2332,7 +2317,6 @@ send_apdu_ccid (int slot, unsigned char *apdu, size_t apdulen, pininfo->mode, pininfo->minlen, pininfo->maxlen, - pininfo->padlen, buffer, maxbuflen, buflen); else err = ccid_transceive (reader_table[slot].ccid.handle, @@ -2351,14 +2335,14 @@ send_apdu_ccid (int slot, unsigned char *apdu, size_t apdulen, parameters, see ccid-driver.c */ static int check_ccid_keypad (int slot, int command, int pin_mode, - int pinlen_min, int pinlen_max, int pin_padlen) + int pinlen_min, int pinlen_max) { unsigned char apdu[] = { 0, 0, 0, 0x81 }; apdu[1] = command; return ccid_transceive_secure (reader_table[slot].ccid.handle, apdu, sizeof apdu, - pin_mode, pinlen_min, pinlen_max, pin_padlen, + pin_mode, pinlen_min, pinlen_max, NULL, 0, NULL); } @@ -2379,7 +2363,6 @@ ccid_keypad_operation (int slot, int class, int ins, int p0, int p1, err = ccid_transceive_secure (reader_table[slot].ccid.handle, apdu, sizeof apdu, pininfo->mode, pininfo->minlen, pininfo->maxlen, - pininfo->padlen, result, 2, &resultlen); if (err) return err; @@ -3423,7 +3406,7 @@ apdu_get_status (int slot, int hang, parameters, see ccid-driver.c */ int apdu_check_keypad (int slot, int command, int pin_mode, - int pinlen_min, int pinlen_max, int pin_padlen) + int pinlen_min, int pinlen_max) { if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; @@ -3436,8 +3419,7 @@ apdu_check_keypad (int slot, int command, int pin_mode, return sw; sw = reader_table[slot].check_keypad (slot, command, - pin_mode, pinlen_min, pinlen_max, - pin_padlen); + pin_mode, pinlen_min, pinlen_max); unlock_slot (slot); return sw; } @@ -3448,14 +3430,13 @@ apdu_check_keypad (int slot, int command, int pin_mode, int apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, int pin_mode, - int pinlen_min, int pinlen_max, int pin_padlen) + int pinlen_min, int pinlen_max) { struct pininfo_s pininfo; pininfo.mode = pin_mode; pininfo.minlen = pinlen_min; pininfo.maxlen = pinlen_max; - pininfo.padlen = pin_padlen; if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; @@ -3479,14 +3460,13 @@ apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, int pin_mode, int apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, int pin_mode, - int pinlen_min, int pinlen_max, int pin_padlen) + int pinlen_min, int pinlen_max) { struct pininfo_s pininfo; pininfo.mode = pin_mode; pininfo.minlen = pinlen_min; pininfo.maxlen = pinlen_max; - pininfo.padlen = pin_padlen; if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; diff --git a/scd/apdu.h b/scd/apdu.h index bf55346..6bf6176 100644 --- a/scd/apdu.h +++ b/scd/apdu.h @@ -115,13 +115,11 @@ int apdu_reset (int slot); int apdu_get_status (int slot, int hang, unsigned int *status, unsigned int *changed); int apdu_check_keypad (int slot, int command, int pin_mode, - int pinlen_min, int pinlen_max, int pin_padlen); + int pinlen_min, int pinlen_max); int apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, - int pin_mode, int pinlen_min, int pinlen_max, - int pin_padlen); + int pin_mode, int pinlen_min, int pinlen_max); int apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, - int pin_mode, int pinlen_min, int pinlen_max, - int pin_padlen); + int pin_mode, int pinlen_min, int pinlen_max); int apdu_send_simple (int slot, int extended_mode, int class, int ins, int p0, int p1, int lc, const char *data); diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index f545c71..710d0e2 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -3288,7 +3288,7 @@ ccid_transceive (ccid_driver_t handle, The APDU should me made up of 4 bytes without Lc. PINLEN_MIN and PINLEN_MAX define the limits for the pin length. 0 - may be used t enable reasonable defaults. PIN_PADLEN should be 0. + may be used t enable reasonable defaults. When called with RESP and NRESP set to NULL, the function will merely check whether the reader supports the secure command for the @@ -3297,7 +3297,6 @@ int ccid_transceive_secure (ccid_driver_t handle, const unsigned char *apdu_buf, size_t apdu_buflen, int pin_mode, int pinlen_min, int pinlen_max, - int pin_padlen, unsigned char *resp, size_t maxresplen, size_t *nresp) { int rc; @@ -3326,9 +3325,6 @@ ccid_transceive_secure (ccid_driver_t handle, if (pin_mode != 1) return CCID_DRIVER_ERR_NOT_SUPPORTED; - if (pin_padlen != 0) - return CCID_DRIVER_ERR_NOT_SUPPORTED; - if (!pinlen_min) pinlen_min = 1; if (!pinlen_max) diff --git a/scd/ccid-driver.h b/scd/ccid-driver.h index 121cb94..e0f4895 100644 --- a/scd/ccid-driver.h +++ b/scd/ccid-driver.h @@ -94,7 +94,7 @@ int ccid_transceive (ccid_driver_t handle, int ccid_transceive_secure (ccid_driver_t handle, const unsigned char *apdu, size_t apdulen, int pin_mode, - int pinlen_min, int pinlen_max, int pin_padlen, + int pinlen_min, int pinlen_max, unsigned char *resp, size_t maxresplen, size_t *nresp); int ccid_transceive_escape (ccid_driver_t handle, const unsigned char *data, size_t datalen, diff --git a/scd/iso7816.c b/scd/iso7816.c index 45f5e08..966a741 100644 --- a/scd/iso7816.c +++ b/scd/iso7816.c @@ -274,8 +274,7 @@ iso7816_check_keypad (int slot, int command, iso7816_pininfo_t *pininfo) int sw; sw = apdu_check_keypad (slot, command, - pininfo->mode, pininfo->minlen, pininfo->maxlen, - pininfo->padlen); + pininfo->mode, pininfo->minlen, pininfo->maxlen); return iso7816_map_sw (sw); } @@ -289,8 +288,7 @@ iso7816_verify_kp (int slot, int chvno, iso7816_pininfo_t *pininfo) int sw; sw = apdu_keypad_verify (slot, 0x00, CMD_VERIFY, 0, chvno, - pininfo->mode, pininfo->minlen, pininfo->maxlen, - pininfo->padlen); + pininfo->mode, pininfo->minlen, pininfo->maxlen); return map_sw (sw); } @@ -318,7 +316,7 @@ iso7816_change_reference_data_kp (int slot, int chvno, int is_exchange, sw = apdu_keypad_modify (slot, 0x00, CMD_CHANGE_REFERENCE_DATA, is_exchange ? 1 : 0, chvno, pininfo->mode, pininfo->minlen, - pininfo->maxlen, pininfo->padlen); + pininfo->maxlen); return map_sw (sw); } diff --git a/scd/iso7816.h b/scd/iso7816.h index 336208a..a4e5b70 100644 --- a/scd/iso7816.h +++ b/scd/iso7816.h @@ -37,8 +37,6 @@ struct iso7816_pininfo_s int mode; /* A mode of 0 means: Do not use the keypad. */ int minlen; int maxlen; - int padlen; - int padchar; }; typedef struct iso7816_pininfo_s iso7816_pininfo_t; commit d9f6cc7502793ed41928042cc2f968c8c7effc22 Author: NIIBE Yutaka Date: Wed Jan 9 13:24:57 2013 +0900 SCD: Add option enable-keypad-varlen and support for GEMPC_PINPAD. * scd/scdaemon.h (opt): Add enable_keypad_varlen. * scd/scdaemon.c (cmd_and_opt_values): Add oEnableKeypadVarlen. (opts, main): Add oEnableKeypadVarlen. * scd/ccid-driver.c (GEMPC_PINPAD): New. (ccid_transceive_secure): Add enable_varlen handling. Enable GEMPC_PINPAD. -- Note that GEMPC_PINPAD doesn't support variable length keypad input. The feature of fixed length keypad input will be added soon. diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index 5b3bcaf..f545c71 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -220,6 +220,7 @@ enum { #define SCM_SPR532 0xe003 #define CHERRY_ST2000 0x003e #define VASCO_920 0x0920 +#define GEMPC_PINPAD 0x3478 /* A list and a table with special transport descriptions. */ enum { @@ -3307,6 +3308,7 @@ ccid_transceive_secure (ccid_driver_t handle, size_t dummy_nresp; int testmode; int cherry_mode = 0; + int enable_varlen = opt.enable_keypad_varlen; testmode = !resp && !nresp; @@ -3345,11 +3347,14 @@ ccid_transceive_secure (ccid_driver_t handle, case VENDOR_SCM: /* Tested with SPR 532. */ case VENDOR_KAAN: /* Tested with KAAN Advanced (1.02). */ case VENDOR_FSIJ: /* Tested with the gnuk code (2011-01-05). */ + enable_varlen = 1; break; case VENDOR_VASCO: /* Tested with DIGIPASS 920 */ + enable_varlen = 1; pinlen_max = 15; break; case VENDOR_CHERRY: + enable_varlen = 1; /* The CHERRY XX44 keyboard echos an asterisk for each entered character on the keyboard channel. We use a special variant of PC_to_RDR_Secure which directs these characters to the @@ -3360,6 +3365,11 @@ ccid_transceive_secure (ccid_driver_t handle, if (handle->id_product != CHERRY_ST2000) cherry_mode = 1; break; + case VENDOR_GEMPC: + enable_varlen = 0; + if (handle->id_product == GEMPC_PINPAD) + break; + /* fall through */ default: return CCID_DRIVER_ERR_NOT_SUPPORTED; } diff --git a/scd/scdaemon.c b/scd/scdaemon.c index af4c9c1..1b61894 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -95,6 +95,7 @@ enum cmd_and_opt_values oAllowAdmin, oDenyAdmin, oDisableApplication, + oEnableKeypadVarlen, oDebugDisableTicker }; @@ -148,6 +149,8 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oDenyAdmin, "deny-admin", N_("deny the use of admin card commands")), ARGPARSE_s_s (oDisableApplication, "disable-application", "@"), + ARGPARSE_s_n (oEnableKeypadVarlen, "enable-keypad-varlen", + N_("use variable length input for keypad")), ARGPARSE_end () }; @@ -587,6 +590,8 @@ main (int argc, char **argv ) add_to_strlist (&opt.disabled_applications, pargs.r.ret_str); break; + case oEnableKeypadVarlen: opt.enable_keypad_varlen = 1; break; + default: pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR; break; diff --git a/scd/scdaemon.h b/scd/scdaemon.h index 74e8b7d..8f048d5 100644 --- a/scd/scdaemon.h +++ b/scd/scdaemon.h @@ -57,6 +57,7 @@ struct const char *reader_port; /* NULL or reder port to use. */ int disable_ccid; /* Disable the use of the internal CCID driver. */ int disable_keypad; /* Do not use a keypad. */ + int enable_keypad_varlen; /* Use variable length input for keypad. */ int allow_admin; /* Allow the use of admin commands for certain cards. */ strlist_t disabled_applications; /* Card applications we do not ----------------------------------------------------------------------- Summary of changes: scd/apdu.c | 149 +++++++++++------------------- scd/apdu.h | 9 +- scd/app-dinsig.c | 4 +- scd/app-nks.c | 6 +- scd/app-openpgp.c | 122 ++++++++++++++++++++++--- scd/app.c | 2 +- scd/ccid-driver.c | 270 ++++++++++++++++++++++++++++++++--------------------- scd/ccid-driver.h | 3 +- scd/command.c | 1 + scd/iso7816.c | 18 +--- scd/iso7816.h | 19 ++-- scd/sc-copykeys.c | 1 + scd/scdaemon.c | 6 + scd/scdaemon.h | 1 + 14 files changed, 365 insertions(+), 246 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 5 07:08:42 2013 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 05 Feb 2013 07:08:42 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-145-gc27315f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via c27315fc6466cceb862c9e67755a8e044e9b7688 (commit) from e791ac6683bfb90d5e40c0103324784bd58535c9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c27315fc6466cceb862c9e67755a8e044e9b7688 Author: NIIBE Yutaka Date: Tue Feb 5 14:59:29 2013 +0900 scd: Fix check_keypad_request. * scd/app-openpgp.c (check_keypad_request): 0 means not to use pinpad. diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index dc35295..3693833 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -1554,7 +1554,7 @@ check_keypad_request (app_t app, pininfo_t *pininfo, int admin_pin) else pininfo->fixedlen = app->app_local->keypad.fixedlen_user; - if (pininfo->fixedlen < 0 /* User requests disable pinpad. */ + if (pininfo->fixedlen == 0 /* User requests disable pinpad. */ || pininfo->fixedlen < pininfo->minlen || pininfo->fixedlen > pininfo->maxlen /* Reader doesn't have the capability to input a PIN which ----------------------------------------------------------------------- Summary of changes: scd/app-openpgp.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 6 06:15:32 2013 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 06 Feb 2013 06:15:32 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.19-84-g9fec82a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 9fec82a30bec953b09548840dac4e8999310498e (commit) via 4a2f1e51339df469cf2284ab342ea23e3921ec9f (commit) via c3070705a4060694bfe5112fa9c1edc9f5479bf4 (commit) via 031f783d8a3d242085985b6afb2d67e49e6a1454 (commit) via eec69e5366e00d958f3204eb1aad6871e976293f (commit) via 1788aad9c1a6a68a5ae841c8746aabf76e8a9c65 (commit) via 85bd703e78768ae5290a64c405f3c9fed46ecff2 (commit) via d1d51464d2db60a801f8f252c4a3386493989b31 (commit) via daafc1c8fdee0e0387dff6f42cfc3b01046480d4 (commit) via 15bf5a10d47ae288fc4174424551e2e19e6b7b6a (commit) via 15200f7001ce591233e4f266428d97c7e1ee29f1 (commit) via 4fe024cf33fcb1c0c789b548de39da2f61154cb9 (commit) via 3d863c298b5914958ef1462409dc097b4a076b52 (commit) via 7c110e997adda6252dbc7c2ff3fce1db3edaff94 (commit) via 2dbd347fbe9765e72041857a5922390e01cf95f1 (commit) from e8ea10990d9b860d9f2863928887811f86c304b6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9fec82a30bec953b09548840dac4e8999310498e Author: NIIBE Yutaka Date: Tue Feb 5 14:59:29 2013 +0900 scd: Fix check_keypad_request. * scd/app-openpgp.c (check_keypad_request): 0 means not to use pinpad. diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index c190098..78cdda3 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -1554,7 +1554,7 @@ check_keypad_request (app_t app, pininfo_t *pininfo, int admin_pin) else pininfo->fixedlen = app->app_local->keypad.fixedlen_user; - if (pininfo->fixedlen < 0 /* User requests disable pinpad. */ + if (pininfo->fixedlen == 0 /* User requests disable pinpad. */ || pininfo->fixedlen < pininfo->minlen || pininfo->fixedlen > pininfo->maxlen /* Reader doesn't have the capability to input a PIN which commit 4a2f1e51339df469cf2284ab342ea23e3921ec9f Author: NIIBE Yutaka Date: Tue Feb 5 14:37:14 2013 +0900 scd: Clean up. * apdu.h (apdu_send_simple_kp): Remove. * apdu.c (apdu_send_simple_kp): Remove. diff --git a/scd/apdu.c b/scd/apdu.c index fa5c205..f1e53ea 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -3795,24 +3795,6 @@ apdu_send_simple (int slot, int extended_mode, } -/* Same as apdu_send_simple but uses the keypad of the reader. */ -int -apdu_send_simple_kp (int slot, int class, int ins, int p0, int p1, - int lc, const char *data, - int pin_mode, - int pinlen_min, int pinlen_max, int pin_padlen) -{ - struct pininfo_s pininfo; - - pininfo.mode = pin_mode; - pininfo.minlen = pinlen_min; - pininfo.maxlen = pinlen_max; - pininfo.padlen = pin_padlen; - return send_le (slot, class, ins, p0, p1, lc, data, -1, - NULL, NULL, &pininfo, 0); -} - - /* This is a more generic version of the apdu sending routine. It takes an already formatted APDU in APDUDATA or length APDUDATALEN and returns with an APDU including the status word. With diff --git a/scd/apdu.h b/scd/apdu.h index 011806c..021508a 100644 --- a/scd/apdu.h +++ b/scd/apdu.h @@ -120,10 +120,6 @@ int apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, int apdu_send_simple (int slot, int extended_mode, int class, int ins, int p0, int p1, int lc, const char *data); -int apdu_send_simple_kp (int slot, int class, int ins, int p0, int p1, - int lc, const char *data, - int pin_mode, - int pinlen_min, int pinlen_max, int pin_padlen); int apdu_send (int slot, int extended_mode, int class, int ins, int p0, int p1, int lc, const char *data, unsigned char **retbuf, size_t *retbuflen); commit c3070705a4060694bfe5112fa9c1edc9f5479bf4 Author: NIIBE Yutaka Date: Mon Jan 28 11:46:40 2013 +0900 SCD: Add vendor specific initalization. * scd/ccid-driver.c (ccid_vendor_specific_init): New. (ccid_open_reader): Call ccid_vendor_specific_init. diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index fcc71ba..e01b20c 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -305,6 +305,9 @@ static int bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length, size_t *nread, int expected_type, int seqno, int timeout, int no_debug); static int abort_cmd (ccid_driver_t handle, int seqno); +static int send_escape_cmd (ccid_driver_t handle, const unsigned char *data, + size_t datalen, unsigned char *result, + size_t resultmax, size_t *resultlen); /* Convert a little endian stored 4 byte value into an unsigned integer. */ @@ -1526,7 +1529,30 @@ ccid_get_reader_list (void) } -/* Open the reader with the internal number READERNO and return a +/* Vendor specific custom initialization. */ +static int +ccid_vendor_specific_init (ccid_driver_t handle) +{ + if (handle->id_vendor == VENDOR_VEGA && handle->id_product == VEGA_ALPHA) + { + /* + * Vega alpha has a feature to show retry counter on the pinpad + * display. But it assumes that the card returns the value of + * retry counter by VERIFY with empty data (return code of + * 63Cx). Unfortunately, existing OpenPGP cards don't support + * VERIFY command with empty data. This vendor specific command + * sequence is to disable the feature. + */ + const unsigned char cmd[] = "\xb5\x01\x00\x03\x00"; + + return send_escape_cmd (handle, cmd, sizeof (cmd), NULL, 0, NULL); + } + + return 0; +} + + +/* Open the reader with the internal number READERNO and return a pointer to be used as handle in HANDLE. Returns 0 on success. */ int ccid_open_reader (ccid_driver_t *handle, const char *readerid) @@ -1634,6 +1660,8 @@ ccid_open_reader (ccid_driver_t *handle, const char *readerid) } } + rc = ccid_vendor_specific_init (*handle); + leave: free (ifcdesc_extra); if (rc) commit 031f783d8a3d242085985b6afb2d67e49e6a1454 Author: NIIBE Yutaka Date: Sun Jan 13 12:12:10 2013 +0900 SCD: Support P=N format for login data. * scd/app-openpgp.c (parse_login_data): Support P=N format. diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 0b3d21d..c190098 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -602,9 +602,9 @@ count_bits (const unsigned char *a, size_t len) P= - Where KEYPAD_REQUEST is 0 or a pair of two integers: ,. - 0 means use keypad with variable length input. , means use - keypad with fixed length input. N for user PIN, M for admin PIN. + Where KEYPAD_REQUEST is in the format of: or ,. + N for user PIN, M for admin PIN. If M is missing it means M=N. + 0 means to force not to use keypad. */ static void @@ -660,24 +660,22 @@ parse_login_data (app_t app) if (buflen) { - if (*buffer == '0') - { - buffer++; - buflen--; - if (buflen && !(*buffer == '\n' || *buffer == '\x18')) - goto next; - /* Disable use of pinpad. */ - app->app_local->keypad.specified = 1; - } - else if (digitp (buffer)) + if (digitp (buffer)) { char *q; int n, m; n = strtol (buffer, &q, 10); - if (*q++ != ',' || !digitp (q)) - goto next; - m = strtol (q, &q, 10); + if (q >= (char *)buffer + buflen + || *q == '\x18' || *q == '\n') + m = n; + else + { + if (*q++ != ',' || !digitp (q)) + goto next; + m = strtol (q, &q, 10); + } + buffer = q; if (buflen < ((unsigned char *)q - buffer)) { @@ -1540,14 +1538,16 @@ static int check_keypad_request (app_t app, pininfo_t *pininfo, int admin_pin) { if (app->app_local->keypad.specified == 0) /* No preference on card. */ - if (pininfo->fixedlen == 0) /* Reader has varlen capability. */ - return 0; /* Then, use pinpad. */ - else - /* - * Reader has limited capability, and it may not match PIN of - * the card. - */ - return 1; + { + if (pininfo->fixedlen == 0) /* Reader has varlen capability. */ + return 0; /* Then, use pinpad. */ + else + /* + * Reader has limited capability, and it may not match PIN of + * the card. + */ + return 1; + } if (admin_pin) pininfo->fixedlen = app->app_local->keypad.fixedlen_admin; commit eec69e5366e00d958f3204eb1aad6871e976293f Author: NIIBE Yutaka Date: Fri Jan 11 13:19:17 2013 +0900 SCD: Better interoperability. * scd/apdu.c: Fill bTeoPrologue[2] field. -- ccid-1.4.5 or older requires this field is filled by application. diff --git a/scd/apdu.c b/scd/apdu.c index 2e51ea2..fa5c205 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -2114,7 +2114,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, pin_verify[11] = 0x00; /* bMsgIndex */ pin_verify[12] = 0x00; /* bTeoPrologue[0] */ pin_verify[13] = 0x00; /* bTeoPrologue[1] */ - pin_verify[14] = 0x00; /* bTeoPrologue[2] */ + pin_verify[14] = pininfo->fixedlen + 0x05; /* bTeoPrologue[2] */ pin_verify[15] = pininfo->fixedlen + 0x05; /* ulDataLength */ pin_verify[16] = 0x00; /* ulDataLength */ pin_verify[17] = 0x00; /* ulDataLength */ @@ -2206,7 +2206,7 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, pin_modify[16] = 0x00; /* bMsgIndex3 */ pin_modify[17] = 0x00; /* bTeoPrologue[0] */ pin_modify[18] = 0x00; /* bTeoPrologue[1] */ - pin_modify[19] = 0x00; /* bTeoPrologue[2] */ + pin_modify[19] = 2 * pininfo->fixedlen + 0x05; /* bTeoPrologue[2] */ pin_modify[20] = 2 * pininfo->fixedlen + 0x05; /* ulDataLength */ pin_modify[21] = 0x00; /* ulDataLength */ pin_modify[22] = 0x00; /* ulDataLength */ commit 1788aad9c1a6a68a5ae841c8746aabf76e8a9c65 Author: NIIBE Yutaka Date: Fri Jan 11 10:41:38 2013 +0900 SCD: Defaults to use pinpad if the reader has the capability. * scd/app-openpgp.c (struct app_local_s): Remove VARLEN. (parse_login_data): "P=0" means to disable pinpad. (check_keypad_request): Default is to use pinpad if available. diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 5929473..0b3d21d 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -195,7 +195,6 @@ struct app_local_s { struct { unsigned int specified:1; - unsigned int varlen:1; int fixedlen_user; int fixedlen_admin; } keypad; @@ -619,9 +618,8 @@ parse_login_data (app_t app) app->app_local->flags.no_sync = 0; app->app_local->flags.def_chv2 = 0; app->app_local->keypad.specified = 0; - app->app_local->keypad.varlen = 0; - app->app_local->keypad.fixedlen_user = 6; - app->app_local->keypad.fixedlen_admin = 8; + app->app_local->keypad.fixedlen_user = -1; + app->app_local->keypad.fixedlen_admin = -1; /* Read the DO. */ relptr = get_one_do (app, 0x005E, &buffer, &buflen, NULL); @@ -668,8 +666,8 @@ parse_login_data (app_t app) buflen--; if (buflen && !(*buffer == '\n' || *buffer == '\x18')) goto next; + /* Disable use of pinpad. */ app->app_local->keypad.specified = 1; - app->app_local->keypad.varlen = 1; } else if (digitp (buffer)) { @@ -1534,34 +1532,36 @@ do_readcert (app_t app, const char *certid, } -/* Decide if we use keypad of reader for PIN input according to the - user preference on the card. Returns 0 if we use keypad, 1 otherwise. */ +/* Decide if we use the keypad of the reader for PIN input according + to the user preference on the card, and the capability of the + reader. This routine is only called when the reader has keypad. + Returns 0 if we use keypad, 1 otherwise. */ static int check_keypad_request (app_t app, pininfo_t *pininfo, int admin_pin) { - /* User specifies no preference on card, then, use pinentry. */ - if (app->app_local->keypad.specified == 0) - return 1; - - if (app->app_local->keypad.varlen) - if (pininfo->fixedlen == 0) - return 0; + if (app->app_local->keypad.specified == 0) /* No preference on card. */ + if (pininfo->fixedlen == 0) /* Reader has varlen capability. */ + return 0; /* Then, use pinpad. */ else - /* On card, user specifies varlen but reader doesn't have the feature. */ + /* + * Reader has limited capability, and it may not match PIN of + * the card. + */ return 1; + + if (admin_pin) + pininfo->fixedlen = app->app_local->keypad.fixedlen_admin; else - { - if (admin_pin) - pininfo->fixedlen = app->app_local->keypad.fixedlen_admin; - else - pininfo->fixedlen = app->app_local->keypad.fixedlen_user; + pininfo->fixedlen = app->app_local->keypad.fixedlen_user; - if (pininfo->fixedlen < pininfo->minlen - || pininfo->fixedlen > pininfo->maxlen) - return 1; + if (pininfo->fixedlen < 0 /* User requests disable pinpad. */ + || pininfo->fixedlen < pininfo->minlen + || pininfo->fixedlen > pininfo->maxlen + /* Reader doesn't have the capability to input a PIN which + * length is FIXEDLEN. */) + return 1; - return 0; - } + return 0; } commit 85bd703e78768ae5290a64c405f3c9fed46ecff2 Author: NIIBE Yutaka Date: Thu Jan 10 15:58:43 2013 +0900 SCD: handle keypad request on the card. * scd/app-openpgp.c: Add 2013. (struct app_local_s): Add keypad structure. (parse_login_data): Add parsing keypad request on the card. (check_keypad_request): New. (verify_a_chv, verify_chv3, do_change_pin): Call check_keypad_request to determine use of keypad. diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index d3c309e..5929473 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -1,6 +1,6 @@ /* app-openpgp.c - The OpenPGP card application. * Copyright (C) 2003, 2004, 2005, 2007, 2008, - * 2009 Free Software Foundation, Inc. + * 2009, 2013 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -191,6 +191,15 @@ struct app_local_s { unsigned int def_chv2:1; /* Use 123456 for CHV2. */ } flags; + /* Keypad request specified on card. */ + struct + { + unsigned int specified:1; + unsigned int varlen:1; + int fixedlen_user; + int fixedlen_admin; + } keypad; + struct { unsigned int n_bits; /* Size of the modulus in bits. The rest @@ -581,17 +590,23 @@ count_bits (const unsigned char *a, size_t len) Everything up to a LF is considered a mailbox or account name. If the first LF is followed by DC4 (0x14) control sequence are expected up to the next LF. Control sequences are separated by FS - (0x18) and consist of key=value pairs. There is one key defined: + (0x18) and consist of key=value pairs. There are two keys defined: F= - Were FLAGS is a plain hexadecimal number representing flag values. + Where FLAGS is a plain hexadecimal number representing flag values. The lsb is here the rightmost bit. Defined flags bits are: Bit 0 = CHV1 and CHV2 are not syncronized Bit 1 = CHV2 has been been set to the default PIN of "123456" (this implies that bit 0 is also set). + P= + + Where KEYPAD_REQUEST is 0 or a pair of two integers: ,. + 0 means use keypad with variable length input. , means use + keypad with fixed length input. N for user PIN, M for admin PIN. + */ static void parse_login_data (app_t app) @@ -603,6 +618,10 @@ parse_login_data (app_t app) /* Set defaults. */ app->app_local->flags.no_sync = 0; app->app_local->flags.def_chv2 = 0; + app->app_local->keypad.specified = 0; + app->app_local->keypad.varlen = 0; + app->app_local->keypad.fixedlen_user = 6; + app->app_local->keypad.fixedlen_admin = 8; /* Read the DO. */ relptr = get_one_do (app, 0x005E, &buffer, &buflen, NULL); @@ -628,11 +647,56 @@ parse_login_data (app_t app) any leading digits but bail out on invalid characters. */ for (p=buffer+2, len = buflen-2; len && hexdigitp (p); p++, len--) lastdig = xtoi_1 (p); + buffer = p; + buflen = len; if (len && !(*p == '\n' || *p == '\x18')) goto next; /* Invalid characters in field. */ app->app_local->flags.no_sync = !!(lastdig & 1); app->app_local->flags.def_chv2 = (lastdig & 3) == 3; } + else if (buflen > 1 && *buffer == 'P' && buffer[1] == '=') + { + /* Keypad request control sequence found. */ + buffer += 2; + buflen -= 2; + + if (buflen) + { + if (*buffer == '0') + { + buffer++; + buflen--; + if (buflen && !(*buffer == '\n' || *buffer == '\x18')) + goto next; + app->app_local->keypad.specified = 1; + app->app_local->keypad.varlen = 1; + } + else if (digitp (buffer)) + { + char *q; + int n, m; + + n = strtol (buffer, &q, 10); + if (*q++ != ',' || !digitp (q)) + goto next; + m = strtol (q, &q, 10); + buffer = q; + if (buflen < ((unsigned char *)q - buffer)) + { + buflen = 0; + break; + } + else + buflen -= ((unsigned char *)q - buffer); + + if (buflen && !(*buffer == '\n' || *buffer == '\x18')) + goto next; + app->app_local->keypad.specified = 1; + app->app_local->keypad.fixedlen_user = n; + app->app_local->keypad.fixedlen_admin = m; + } + } + } next: for (; buflen && *buffer != '\x18'; buflen--, buffer++) if (*buffer == '\n') @@ -1470,6 +1534,37 @@ do_readcert (app_t app, const char *certid, } +/* Decide if we use keypad of reader for PIN input according to the + user preference on the card. Returns 0 if we use keypad, 1 otherwise. */ +static int +check_keypad_request (app_t app, pininfo_t *pininfo, int admin_pin) +{ + /* User specifies no preference on card, then, use pinentry. */ + if (app->app_local->keypad.specified == 0) + return 1; + + if (app->app_local->keypad.varlen) + if (pininfo->fixedlen == 0) + return 0; + else + /* On card, user specifies varlen but reader doesn't have the feature. */ + return 1; + else + { + if (admin_pin) + pininfo->fixedlen = app->app_local->keypad.fixedlen_admin; + else + pininfo->fixedlen = app->app_local->keypad.fixedlen_user; + + if (pininfo->fixedlen < pininfo->minlen + || pininfo->fixedlen > pininfo->maxlen) + return 1; + + return 0; + } +} + + /* Verify a CHV either using using the pinentry or if possibile by using a keypad. PINCB and PINCB_ARG describe the usual callback for the pinentry. CHVNO must be either 1 or 2. SIGCOUNT is only @@ -1537,7 +1632,8 @@ verify_a_chv (app_t app, if (!opt.disable_keypad - && !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) ) + && !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) + && !check_keypad_request (app, &pininfo, 0)) { /* The reader supports the verify command through the keypad. Note that the pincb appends a text to the prompt telling the @@ -1720,7 +1816,8 @@ verify_chv3 (app_t app, return rc; if (!opt.disable_keypad - && !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) ) + && !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) + && !check_keypad_request (app, &pininfo, 1)) { /* The reader supports the verify command through the keypad. */ rc = pincb (pincb_arg, prompt, NULL); @@ -1970,7 +2067,8 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, if (!opt.disable_keypad && !iso7816_check_keypad (app->slot, - ISO7816_CHANGE_REFERENCE_DATA, &pininfo)) + ISO7816_CHANGE_REFERENCE_DATA, &pininfo) + && !check_keypad_request (app, &pininfo, chvno == 3)) use_keypad = 1; if (reset_mode) commit d1d51464d2db60a801f8f252c4a3386493989b31 Author: NIIBE Yutaka Date: Thu Jan 10 15:52:24 2013 +0900 SCD: Minor fix of ccid-driver. * scd/ccid-driver.c (VENDOR_VEGA): Fix typo. diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index ba32a42..fcc71ba 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -211,7 +211,7 @@ enum { VENDOR_SCM = 0x04e6, VENDOR_OMNIKEY= 0x076b, VENDOR_GEMPC = 0x08e6, - VENDER_VEGA = 0x0982, + VENDOR_VEGA = 0x0982, VENDOR_KAAN = 0x0d46, VENDOR_FSIJ = 0x234b, VENDOR_VASCO = 0x1a44 commit daafc1c8fdee0e0387dff6f42cfc3b01046480d4 Author: NIIBE Yutaka Date: Thu Jan 10 10:49:27 2013 +0900 SCD: Add support of Covadis VEGA_ALPHA reader. * scd/ccid-driver.c: Add 2013. (VENDER_VEGA, VEGA_ALPHA):New. (ccid_transceive_secure): VEGA_ALPHA is same firmware as GEMPC_PINPAD. Change bNumberMessage to 0x01, as it works better (was: 0xff). diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index ad404cd..ba32a42 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -1,6 +1,6 @@ /* ccid-driver.c - USB ChipCardInterfaceDevices driver * Copyright (C) 2003, 2004, 2005, 2006, 2007 - * 2008, 2009 Free Software Foundation, Inc. + * 2008, 2009, 2013 Free Software Foundation, Inc. * Written by Werner Koch. * * This file is part of GnuPG. @@ -211,6 +211,7 @@ enum { VENDOR_SCM = 0x04e6, VENDOR_OMNIKEY= 0x076b, VENDOR_GEMPC = 0x08e6, + VENDER_VEGA = 0x0982, VENDOR_KAAN = 0x0d46, VENDOR_FSIJ = 0x234b, VENDOR_VASCO = 0x1a44 @@ -224,7 +225,8 @@ enum { #define SCM_SPR532 0xe003 #define CHERRY_ST2000 0x003e #define VASCO_920 0x0920 -#define GEMPC_PINPAD 0x3478 +#define GEMPC_PINPAD 0x3478 +#define VEGA_ALPHA 0x0008 /* A list and a table with special transport descriptions. */ enum { @@ -2383,7 +2385,7 @@ update_param_by_atr (unsigned char *param, unsigned char *atr, size_t atrlen) NEXTBYTE (); if (atr[i] == 0x3F) - param[1] |= 0x02; /* Convention is inverse. */ + param[1] |= 0x02; /* Convention is inverse. */ NEXTBYTE (); y = (atr[i] >> 4); @@ -2392,91 +2394,91 @@ update_param_by_atr (unsigned char *param, unsigned char *atr, size_t atrlen) if ((y & 1)) { - param[0] = atr[i]; /* TA1 - Fi & Di */ + param[0] = atr[i]; /* TA1 - Fi & Di */ NEXTBYTE (); } if ((y & 2)) - NEXTBYTE (); /* TB1 - ignore */ + NEXTBYTE (); /* TB1 - ignore */ if ((y & 4)) { - param[2] = atr[i]; /* TC1 - Guard Time */ + param[2] = atr[i]; /* TC1 - Guard Time */ NEXTBYTE (); } if ((y & 8)) { - y = (atr[i] >> 4); /* TD1 */ + y = (atr[i] >> 4); /* TD1 */ t = atr[i] & 0x0f; NEXTBYTE (); if ((y & 1)) - { /* TA2 - PPS mode */ - if ((atr[i] & 0x0f) != 1) - return -2; /* Wrong card protocol (!= 1). */ + { /* TA2 - PPS mode */ + if ((atr[i] & 0x0f) != 1) + return -2; /* Wrong card protocol (!= 1). */ - if ((atr[i] & 0x10) != 0x10) - return -3; /* Transmission parameters are implicitly defined. */ + if ((atr[i] & 0x10) != 0x10) + return -3; /* Transmission parameters are implicitly defined. */ - negotiable = 0; /* TA2 means specific mode. */ - NEXTBYTE (); - } + negotiable = 0; /* TA2 means specific mode. */ + NEXTBYTE (); + } if ((y & 2)) - NEXTBYTE (); /* TB2 - ignore */ + NEXTBYTE (); /* TB2 - ignore */ if ((y & 4)) - NEXTBYTE (); /* TC2 - ignore */ + NEXTBYTE (); /* TC2 - ignore */ if ((y & 8)) - { - y = (atr[i] >> 4); /* TD2 */ - t = atr[i] & 0x0f; - NEXTBYTE (); - } + { + y = (atr[i] >> 4); /* TD2 */ + t = atr[i] & 0x0f; + NEXTBYTE (); + } else - y = 0; + y = 0; while (y) - { - if ((y & 1)) - { /* TAx */ - if (t == 1) - param[5] = atr[i]; /* IFSC */ - else if (t == 15) - /* XXX: check voltage? */ - param[4] = (atr[i] >> 6); /* ClockStop */ - - NEXTBYTE (); - } - - if ((y & 2)) - { - if (t == 1) - param[3] = atr[i]; /* TBx - BWI & CWI */ - NEXTBYTE (); - } - - if ((y & 4)) - { - if (t == 1) - param[1] |= (atr[i] & 0x01); /* TCx - LRC/CRC */ - NEXTBYTE (); - - if (param[1] & 0x01) - return -4; /* CRC not supported yet. */ - } - - if ((y & 8)) - { - y = (atr[i] >> 4); /* TDx */ - t = atr[i] & 0x0f; - NEXTBYTE (); - } - else - y = 0; - } + { + if ((y & 1)) + { /* TAx */ + if (t == 1) + param[5] = atr[i]; /* IFSC */ + else if (t == 15) + /* XXX: check voltage? */ + param[4] = (atr[i] >> 6); /* ClockStop */ + + NEXTBYTE (); + } + + if ((y & 2)) + { + if (t == 1) + param[3] = atr[i]; /* TBx - BWI & CWI */ + NEXTBYTE (); + } + + if ((y & 4)) + { + if (t == 1) + param[1] |= (atr[i] & 0x01); /* TCx - LRC/CRC */ + NEXTBYTE (); + + if (param[1] & 0x01) + return -4; /* CRC not supported yet. */ + } + + if ((y & 8)) + { + y = (atr[i] >> 4); /* TDx */ + t = atr[i] & 0x0f; + NEXTBYTE (); + } + else + y = 0; + } } i += historical_bytes_num - 1; @@ -2605,16 +2607,16 @@ ccid_get_atr (ccid_driver_t handle, msglen = 10; rc = bulk_out (handle, msg, msglen, 0); if (!rc) - rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_Parameters, - seqno, 2000, 0); + rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_Parameters, + seqno, 2000, 0); if (rc) - DEBUGOUT ("GetParameters failed\n"); + DEBUGOUT ("GetParameters failed\n"); else if (msglen == 17 && msg[9] == 1) - got_param = 1; + got_param = 1; } else if (handle->auto_pps) ; - else if (rc == 1) /* It's negotiable, send PPS. */ + else if (rc == 1) /* It's negotiable, send PPS. */ { msg[0] = PC_to_RDR_XfrBlock; msg[5] = 0; /* slot */ @@ -2622,33 +2624,33 @@ ccid_get_atr (ccid_driver_t handle, msg[7] = 0; msg[8] = 0; msg[9] = 0; - msg[10] = 0xff; /* PPSS */ - msg[11] = 0x11; /* PPS0: PPS1, Protocol T=1 */ - msg[12] = param[0]; /* PPS1: Fi / Di */ + msg[10] = 0xff; /* PPSS */ + msg[11] = 0x11; /* PPS0: PPS1, Protocol T=1 */ + msg[12] = param[0]; /* PPS1: Fi / Di */ msg[13] = 0xff ^ 0x11 ^ param[0]; /* PCK */ set_msg_len (msg, 4); msglen = 10 + 4; rc = bulk_out (handle, msg, msglen, 0); if (rc) - return rc; + return rc; rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_DataBlock, - seqno, 5000, 0); + seqno, 5000, 0); if (rc) - return rc; + return rc; if (msglen != 10 + 4) - { - DEBUGOUT_1 ("Setting PPS failed: %d\n", msglen); - return CCID_DRIVER_ERR_CARD_IO_ERROR; - } + { + DEBUGOUT_1 ("Setting PPS failed: %d\n", msglen); + return CCID_DRIVER_ERR_CARD_IO_ERROR; + } if (msg[10] != 0xff || msg[11] != 0x11 || msg[12] != param[0]) - { - DEBUGOUT_1 ("Setting PPS failed: 0x%02x\n", param[0]); - return CCID_DRIVER_ERR_CARD_IO_ERROR; - } + { + DEBUGOUT_1 ("Setting PPS failed: 0x%02x\n", param[0]); + return CCID_DRIVER_ERR_CARD_IO_ERROR; + } } /* Setup parameters to select T=1. */ @@ -3299,7 +3301,7 @@ ccid_transceive (ccid_driver_t handle, int ccid_transceive_secure (ccid_driver_t handle, const unsigned char *apdu_buf, size_t apdu_buflen, - pininfo_t *pininfo, + pininfo_t *pininfo, unsigned char *resp, size_t maxresplen, size_t *nresp) { int rc; @@ -3361,16 +3363,17 @@ ccid_transceive_secure (ccid_driver_t handle, if (handle->id_product != CHERRY_ST2000) cherry_mode = 1; break; - case VENDOR_GEMPC: - if (handle->id_product == GEMPC_PINPAD) - { - enable_varlen = 0; - pininfo->minlen = 4; - pininfo->maxlen = 8; - break; - } - /* fall through */ default: + if ((handle->id_vendor == VENDOR_GEMPC && + handle->id_product == GEMPC_PINPAD) + || (handle->id_vendor == VENDOR_VEGA && + handle->id_product == VEGA_ALPHA)) + { + enable_varlen = 0; + pininfo->minlen = 4; + pininfo->maxlen = 8; + break; + } return CCID_DRIVER_ERR_NOT_SUPPORTED; } @@ -3413,8 +3416,8 @@ ccid_transceive_secure (ccid_driver_t handle, else { msg[13] = pininfo->fixedlen; /* bmPINBlockString: - 0 bits of pin length to insert. - PIN block size by fixedlen. */ + 0 bits of pin length to insert. + PIN block size by fixedlen. */ msg[14] = 0x00; /* bmPINLengthFormat: Units are bytes, position is 0. */ } @@ -3446,7 +3449,7 @@ ccid_transceive_secure (ccid_driver_t handle, msglen++; if (apdu_buf[1] == 0x20) - msg[msglen++] = 0xff; /* bNumberMessage: Default. */ + msg[msglen++] = 0x01; /* bNumberMessage. */ else msg[msglen++] = 0x03; /* bNumberMessage. */ commit 15bf5a10d47ae288fc4174424551e2e19e6b7b6a Author: NIIBE Yutaka Date: Wed Jan 9 16:40:41 2013 +0900 SCD: Support fixed length PIN input for keypad (PC/SC). * scd/apdu.c (pcsc_keypad_verify): SUpport fixed length PIN input for keypad. (pcsc_keypad_modify): Likewise. * scd/ccid-driver.c (ccid_transceive_secure): Clean up. diff --git a/scd/apdu.c b/scd/apdu.c index dddaa1e..2e51ea2 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -2072,7 +2072,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, { int sw; unsigned char *pin_verify; - int len = PIN_VERIFY_STRUCTURE_SIZE; + int len = PIN_VERIFY_STRUCTURE_SIZE + pininfo->fixedlen; unsigned char result[2]; size_t resultlen = 2; @@ -2080,7 +2080,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, && (sw = reset_pcsc_reader (slot))) return sw; - if (pininfo->fixedlen != 0) + if (pininfo->fixedlen < 0 || pininfo->fixedlen >= 16) return SW_NOT_SUPPORTED; if (!pininfo->minlen) @@ -2101,7 +2101,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, pin_verify[0] = 0x00; /* bTimerOut */ pin_verify[1] = 0x00; /* bTimerOut2 */ pin_verify[2] = 0x82; /* bmFormatString: Byte, pos=0, left, ASCII. */ - pin_verify[3] = 0x00; /* bmPINBlockString */ + pin_verify[3] = pininfo->fixedlen; /* bmPINBlockString */ pin_verify[4] = 0x00; /* bmPINLengthFormat */ pin_verify[5] = pininfo->maxlen; /* wPINMaxExtraDigit */ pin_verify[6] = pininfo->minlen; /* wPINMaxExtraDigit */ @@ -2115,7 +2115,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, pin_verify[12] = 0x00; /* bTeoPrologue[0] */ pin_verify[13] = 0x00; /* bTeoPrologue[1] */ pin_verify[14] = 0x00; /* bTeoPrologue[2] */ - pin_verify[15] = 0x05; /* ulDataLength */ + pin_verify[15] = pininfo->fixedlen + 0x05; /* ulDataLength */ pin_verify[16] = 0x00; /* ulDataLength */ pin_verify[17] = 0x00; /* ulDataLength */ pin_verify[18] = 0x00; /* ulDataLength */ @@ -2123,7 +2123,9 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, pin_verify[20] = ins; /* abData[1] */ pin_verify[21] = p0; /* abData[2] */ pin_verify[22] = p1; /* abData[3] */ - pin_verify[23] = 0x00; /* abData[4] */ + pin_verify[23] = pininfo->fixedlen; /* abData[4] */ + if (pininfo->fixedlen) + memset (&pin_verify[24], 0xff, pininfo->fixedlen); if (DBG_CARD_IO) log_debug ("send secure: c=%02X i=%02X p1=%02X p2=%02X len=%d pinmax=%d\n", @@ -2151,7 +2153,7 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, { int sw; unsigned char *pin_modify; - int len = PIN_MODIFY_STRUCTURE_SIZE; + int len = PIN_MODIFY_STRUCTURE_SIZE + 2 * pininfo->fixedlen; unsigned char result[2]; size_t resultlen = 2; @@ -2159,7 +2161,7 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, && (sw = reset_pcsc_reader (slot))) return sw; - if (pininfo->fixedlen != 0) + if (pininfo->fixedlen < 0 || pininfo->fixedlen >= 16) return SW_NOT_SUPPORTED; if (!pininfo->minlen) @@ -2180,10 +2182,10 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, pin_modify[0] = 0x00; /* bTimerOut */ pin_modify[1] = 0x00; /* bTimerOut2 */ pin_modify[2] = 0x82; /* bmFormatString: Byte, pos=0, left, ASCII. */ - pin_modify[3] = 0x00; /* bmPINBlockString */ + pin_modify[3] = pininfo->fixedlen; /* bmPINBlockString */ pin_modify[4] = 0x00; /* bmPINLengthFormat */ pin_modify[5] = 0x00; /* bInsertionOffsetOld */ - pin_modify[6] = 0x00; /* bInsertionOffsetNew */ + pin_modify[6] = pininfo->fixedlen; /* bInsertionOffsetNew */ pin_modify[7] = pininfo->maxlen; /* wPINMaxExtraDigit */ pin_modify[8] = pininfo->minlen; /* wPINMaxExtraDigit */ pin_modify[9] = (p0 == 0 ? 0x03 : 0x01); @@ -2205,7 +2207,7 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, pin_modify[17] = 0x00; /* bTeoPrologue[0] */ pin_modify[18] = 0x00; /* bTeoPrologue[1] */ pin_modify[19] = 0x00; /* bTeoPrologue[2] */ - pin_modify[20] = 0x05; /* ulDataLength */ + pin_modify[20] = 2 * pininfo->fixedlen + 0x05; /* ulDataLength */ pin_modify[21] = 0x00; /* ulDataLength */ pin_modify[22] = 0x00; /* ulDataLength */ pin_modify[23] = 0x00; /* ulDataLength */ @@ -2213,7 +2215,9 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, pin_modify[25] = ins; /* abData[1] */ pin_modify[26] = p0; /* abData[2] */ pin_modify[27] = p1; /* abData[3] */ - pin_modify[28] = 0x00; /* abData[4] */ + pin_modify[28] = 2 * pininfo->fixedlen; /* abData[4] */ + if (pininfo->fixedlen) + memset (&pin_modify[29], 0xff, 2 * pininfo->fixedlen); if (DBG_CARD_IO) log_debug ("send secure: c=%02X i=%02X p1=%02X p2=%02X len=%d pinmax=%d\n", diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index 7cb5398..ad404cd 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -3412,14 +3412,9 @@ ccid_transceive_secure (ccid_driver_t handle, } else { - if (pininfo->fixedlen == 0) - msg[13] = 0x00; /* bmPINBlockString: - 0 bits of pin length to insert. - 0 bytes of PIN block size. */ - else - msg[13] = pininfo->fixedlen; /* bmPINBlockString: - 0 bits of pin length to insert. - PIN block size by fixedlen. */ + msg[13] = pininfo->fixedlen; /* bmPINBlockString: + 0 bits of pin length to insert. + PIN block size by fixedlen. */ msg[14] = 0x00; /* bmPINLengthFormat: Units are bytes, position is 0. */ } @@ -3428,10 +3423,7 @@ ccid_transceive_secure (ccid_driver_t handle, if (apdu_buf[1] == 0x24) { msg[msglen++] = 0; /* bInsertionOffsetOld */ - if (pininfo->fixedlen == 0) - msg[msglen++] = 0; /* bInsertionOffsetNew */ - else - msg[msglen++] = pininfo->fixedlen; /* bInsertionOffsetNew */ + msg[msglen++] = pininfo->fixedlen; /* bInsertionOffsetNew */ } /* The following is a little endian word. */ commit 15200f7001ce591233e4f266428d97c7e1ee29f1 Author: NIIBE Yutaka Date: Wed Jan 9 16:23:55 2013 +0900 SCD: Support fixed length PIN input for keypad. * scd/iso7816.h (struct pininfo_s): Remove MODE and add FIXEDLEN. * scd/app-dinsig.c (verify_pin): Initialize FIXEDLEN to unknown. * scd/app-nks.c (verify_pin): Likewise. * scd/app-openpgp.c (verify_a_chv, verify_chv3, do_change_pin): Likewise. * scd/apdu.c (check_pcsc_keypad): Add comment. (pcsc_keypad_verify, pcsc_keypad_modify): PC/SC driver only support readers with the feature of variable length input (yet). (apdu_check_keypad): Set FIXEDLEN. * scd/ccid-driver.c (ccid_transceive_secure): Add GEMPC_PINPAD specific settings. Support fixed length PIN input for keypad. diff --git a/scd/apdu.c b/scd/apdu.c index 2fd2d4b..dddaa1e 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -2016,7 +2016,7 @@ check_pcsc_keypad (int slot, int command, pininfo_t *pininfo) size_t len = 256; int sw; - (void)pininfo; + (void)pininfo; /* XXX: Identify reader and set pininfo->fixedlen. */ check_again: if (command == ISO7816_VERIFY) @@ -2080,7 +2080,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, && (sw = reset_pcsc_reader (slot))) return sw; - if (pininfo->mode != 1) + if (pininfo->fixedlen != 0) return SW_NOT_SUPPORTED; if (!pininfo->minlen) @@ -2159,7 +2159,7 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, && (sw = reset_pcsc_reader (slot))) return sw; - if (pininfo->mode != 1) + if (pininfo->fixedlen != 0) return SW_NOT_SUPPORTED; if (!pininfo->minlen) @@ -3292,7 +3292,7 @@ apdu_check_keypad (int slot, int command, pininfo_t *pininfo) return SW_HOST_NO_DRIVER; if (opt.enable_keypad_varlen) - pininfo->mode = 0; + pininfo->fixedlen = 0; if (reader_table[slot].check_keypad) { diff --git a/scd/app-dinsig.c b/scd/app-dinsig.c index 5a2a902..07a152a 100644 --- a/scd/app-dinsig.c +++ b/scd/app-dinsig.c @@ -288,7 +288,7 @@ verify_pin (app_t app, return 0; /* No need to verify it again. */ memset (&pininfo, 0, sizeof pininfo); - pininfo.mode = 1; + pininfo.fixedlen = -1; pininfo.minlen = 6; pininfo.maxlen = 8; diff --git a/scd/app-nks.c b/scd/app-nks.c index c53f45a..b8350b6 100644 --- a/scd/app-nks.c +++ b/scd/app-nks.c @@ -788,7 +788,7 @@ verify_pin (app_t app, int pwid, const char *desc, desc = "PIN"; memset (&pininfo, 0, sizeof pininfo); - pininfo.mode = 1; + pininfo.fixedlen = -1; pininfo.minlen = 6; pininfo.maxlen = 16; diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 5292f1d..d3c309e 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -1516,7 +1516,7 @@ verify_a_chv (app_t app, } memset (&pininfo, 0, sizeof pininfo); - pininfo.mode = 1; + pininfo.fixedlen = -1; pininfo.minlen = minlen; @@ -1712,7 +1712,7 @@ verify_chv3 (app_t app, char *prompt; memset (&pininfo, 0, sizeof pininfo); - pininfo.mode = 1; + pininfo.fixedlen = -1; pininfo.minlen = minlen; rc = build_enter_admin_pin_prompt (app, &prompt); @@ -1923,7 +1923,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, (void)ctrl; memset (&pininfo, 0, sizeof pininfo); - pininfo.mode = 1; + pininfo.fixedlen = -1; pininfo.minlen = minlen; if (reset_mode && chvno == 3) diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index b057861..7cb5398 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -3362,23 +3362,27 @@ ccid_transceive_secure (ccid_driver_t handle, cherry_mode = 1; break; case VENDOR_GEMPC: - enable_varlen = 0; if (handle->id_product == GEMPC_PINPAD) - break; + { + enable_varlen = 0; + pininfo->minlen = 4; + pininfo->maxlen = 8; + break; + } /* fall through */ default: return CCID_DRIVER_ERR_NOT_SUPPORTED; } if (enable_varlen) - pininfo->mode = 0; - - if (pininfo->mode != 0 && pininfo->mode != 1) - return CCID_DRIVER_ERR_NOT_SUPPORTED; + pininfo->fixedlen = 0; if (testmode) return 0; /* Success */ - + + if (pininfo->fixedlen < 0 || pininfo->fixedlen >= 16) + return CCID_DRIVER_ERR_NOT_SUPPORTED; + msg = send_buffer; if (handle->id_vendor == VENDOR_SCM) { @@ -3408,9 +3412,14 @@ ccid_transceive_secure (ccid_driver_t handle, } else { - msg[13] = 0x00; /* bmPINBlockString: - 0 bits of pin length to insert. - 0 bytes of PIN block size. */ + if (pininfo->fixedlen == 0) + msg[13] = 0x00; /* bmPINBlockString: + 0 bits of pin length to insert. + 0 bytes of PIN block size. */ + else + msg[13] = pininfo->fixedlen; /* bmPINBlockString: + 0 bits of pin length to insert. + PIN block size by fixedlen. */ msg[14] = 0x00; /* bmPINLengthFormat: Units are bytes, position is 0. */ } @@ -3419,7 +3428,10 @@ ccid_transceive_secure (ccid_driver_t handle, if (apdu_buf[1] == 0x24) { msg[msglen++] = 0; /* bInsertionOffsetOld */ - msg[msglen++] = 0; /* bInsertionOffsetNew */ + if (pininfo->fixedlen == 0) + msg[msglen++] = 0; /* bInsertionOffsetNew */ + else + msg[msglen++] = pininfo->fixedlen; /* bInsertionOffsetNew */ } /* The following is a little endian word. */ @@ -3458,10 +3470,18 @@ ccid_transceive_secure (ccid_driver_t handle, msg[msglen++] = 2; /* bMsgIndex3. */ } + /* Calculate Lc. */ + n = pininfo->fixedlen; + if (apdu_buf[1] == 0x24) + n += pininfo->fixedlen; + /* bTeoProlog follows: */ msg[msglen++] = handle->nonnull_nad? ((1 << 4) | 0): 0; msg[msglen++] = ((handle->t1_ns & 1) << 6); /* I-block */ - msg[msglen++] = 0; /* The apdulen will be filled in by the reader. */ + if (n) + msg[msglen++] = n + 5; /* apdulen should be filled for fixed length. */ + else + msg[msglen++] = 0; /* The apdulen will be filled in by the reader. */ /* APDU follows: */ msg[msglen++] = apdu_buf[0]; /* CLA */ msg[msglen++] = apdu_buf[1]; /* INS */ @@ -3469,6 +3489,12 @@ ccid_transceive_secure (ccid_driver_t handle, msg[msglen++] = apdu_buf[3]; /* P2 */ if (cherry_mode) msg[msglen++] = 0; + else if (pininfo->fixedlen != 0) + { + msg[msglen++] = n; + memset (&msg[msglen], 0xff, n); + msglen += n; + } /* An EDC is not required. */ set_msg_len (msg, msglen - 10); diff --git a/scd/iso7816.h b/scd/iso7816.h index 3db07a5..0815781 100644 --- a/scd/iso7816.h +++ b/scd/iso7816.h @@ -34,7 +34,12 @@ ccid-driver.c for details. */ struct pininfo_s { - int mode; /* 0: Use variable length input. 1: Use fixed length input. */ + int fixedlen; /* + * -1: Variable length input is not supported, + * no information of fixed length yet. + * 0: Use variable length input. + * >0: Fixed length of PIN. + */ int minlen; int maxlen; }; commit 4fe024cf33fcb1c0c789b548de39da2f61154cb9 Author: NIIBE Yutaka Date: Wed Jan 9 14:10:08 2013 +0900 SCD: API cleanup for keypad handling. * scd/iso7816.h (struct pininfo_s): Rename from iso7816_pininfo_s. Change meaning of MODE. (pininfo_t): Rename from iso7816_pininfo_t. * scd/sc-copykeys.c: Include "iso7816.h". * scd/scdaemon.c, scd/command.c: Likewise. * scd/ccid-driver.c: Include "scdaemon.h" and "iso7816.h". (ccid_transceive_secure): Follow the change of PININFO_T. * scd/app.c: Include "apdu.h" after "iso7816.h". * scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp) (iso7816_change_reference_data_kp): Follow the change of API. * scd/apdu.c (struct reader_table_s): Change API of CHECK_KEYPAD, KEYPAD_VERIFY, KEYPAD_MODIFY to have arg of PININFO_T. (check_pcsc_keypad, check_ccid_keypad): Likewise. (apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify): Likewise. (pcsc_keypad_verify, pcsc_keypad_modify, ct_send_apdu) (pcsc_send_apdu_direct, pcsc_send_apdu_wrapped, pcsc_send_apdu) (send_apdu_ccid, ccid_keypad_operation, my_rapdu_send_apdu, send_apdu) (send_le): Follow the change of API. * scd/apdu.h (apdu_check_keypad, apdu_keypad_verify) (apdu_keypad_modify): Change the API. * scd/app-dinsig.c, scd/app-nks.c, scd/app-openpgp.c: Follow the change. diff --git a/scd/apdu.c b/scd/apdu.c index 21cd574..2fd2d4b 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -59,10 +59,9 @@ #include "exechelp.h" #endif /* GNUPG_MAJOR_VERSION != 1 */ +#include "iso7816.h" #include "apdu.h" #include "ccid-driver.h" -#include "iso7816.h" - /* Due to conflicting use of threading libraries we usually can't link against libpcsclite. Instead we use a wrapper program. */ @@ -82,8 +81,6 @@ #define DLSTDCALL #endif -#define pininfo_s iso7816_pininfo_s - /* A structure to collect information pertaining to one reader slot. */ struct reader_table_s { @@ -98,12 +95,12 @@ struct reader_table_s { int (*reset_reader)(int); int (*get_status_reader)(int, unsigned int *); int (*send_apdu_reader)(int,unsigned char *,size_t, - unsigned char *, size_t *, struct pininfo_s *); - int (*check_keypad)(int, int, int, int, int); + unsigned char *, size_t *, pininfo_t *); + int (*check_keypad)(int, int, pininfo_t *); void (*dump_status_reader)(int); int (*set_progress_cb)(int, gcry_handler_progress_t, void*); - int (*keypad_verify)(int, int, int, int, int, struct pininfo_s *); - int (*keypad_modify)(int, int, int, int, int, struct pininfo_s *); + int (*keypad_verify)(int, int, int, int, int, pininfo_t *); + int (*keypad_modify)(int, int, int, int, int, pininfo_t *); struct { ccid_driver_t handle; @@ -304,12 +301,11 @@ static int reset_pcsc_reader (int slot); static int apdu_get_status_internal (int slot, int hang, int no_atr_reset, unsigned int *status, unsigned int *changed); -static int check_pcsc_keypad (int slot, int command, int pin_mode, - int pinlen_min, int pinlen_max); +static int check_pcsc_keypad (int slot, int command, pininfo_t *pininfo); static int pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, - struct pininfo_s *pininfo); + pininfo_t *pininfo); static int pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, - struct pininfo_s *pininfo); + pininfo_t *pininfo); @@ -621,7 +617,7 @@ ct_get_status (int slot, unsigned int *status) set to BUFLEN. Returns: CT API error code. */ static int ct_send_apdu (int slot, unsigned char *apdu, size_t apdulen, - unsigned char *buffer, size_t *buflen, struct pininfo_s *pininfo) + unsigned char *buffer, size_t *buflen, pininfo_t *pininfo) { int rc; unsigned char dad[1], sad[1]; @@ -1053,7 +1049,7 @@ pcsc_get_status (int slot, unsigned int *status) static int pcsc_send_apdu_direct (int slot, unsigned char *apdu, size_t apdulen, unsigned char *buffer, size_t *buflen, - struct pininfo_s *pininfo) + pininfo_t *pininfo) { long err; struct pcsc_io_request_s send_pci; @@ -1089,7 +1085,7 @@ pcsc_send_apdu_direct (int slot, unsigned char *apdu, size_t apdulen, static int pcsc_send_apdu_wrapped (int slot, unsigned char *apdu, size_t apdulen, unsigned char *buffer, size_t *buflen, - struct pininfo_s *pininfo) + pininfo_t *pininfo) { long err; reader_table_t slotp; @@ -1208,7 +1204,7 @@ pcsc_send_apdu_wrapped (int slot, unsigned char *apdu, size_t apdulen, static int pcsc_send_apdu (int slot, unsigned char *apdu, size_t apdulen, unsigned char *buffer, size_t *buflen, - struct pininfo_s *pininfo) + pininfo_t *pininfo) { #ifdef NEED_PCSC_WRAPPER return pcsc_send_apdu_wrapped (slot, apdu, apdulen, buffer, buflen, pininfo); @@ -2014,16 +2010,13 @@ open_pcsc_reader (const char *portstr) /* Check whether the reader supports the ISO command code COMMAND on the keypad. Return 0 on success. */ static int -check_pcsc_keypad (int slot, int command, int pin_mode, - int pinlen_min, int pinlen_max) +check_pcsc_keypad (int slot, int command, pininfo_t *pininfo) { unsigned char buf[256]; size_t len = 256; int sw; - (void)pin_mode; - (void)pinlen_min; - (void)pinlen_max; + (void)pininfo; check_again: if (command == ISO7816_VERIFY) @@ -2075,7 +2068,7 @@ check_pcsc_keypad (int slot, int command, int pin_mode, #define PIN_VERIFY_STRUCTURE_SIZE 24 static int pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, - struct pininfo_s *pininfo) + pininfo_t *pininfo) { int sw; unsigned char *pin_verify; @@ -2154,7 +2147,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, #define PIN_MODIFY_STRUCTURE_SIZE 29 static int pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, - struct pininfo_s *pininfo) + pininfo_t *pininfo) { int sw; unsigned char *pin_modify; @@ -2325,7 +2318,7 @@ get_status_ccid (int slot, unsigned int *status) static int send_apdu_ccid (int slot, unsigned char *apdu, size_t apdulen, unsigned char *buffer, size_t *buflen, - struct pininfo_s *pininfo) + pininfo_t *pininfo) { long err; size_t maxbuflen; @@ -2341,10 +2334,7 @@ send_apdu_ccid (int slot, unsigned char *apdu, size_t apdulen, maxbuflen = *buflen; if (pininfo) err = ccid_transceive_secure (reader_table[slot].ccid.handle, - apdu, apdulen, - pininfo->mode, - pininfo->minlen, - pininfo->maxlen, + apdu, apdulen, pininfo, buffer, maxbuflen, buflen); else err = ccid_transceive (reader_table[slot].ccid.handle, @@ -2362,22 +2352,19 @@ send_apdu_ccid (int slot, unsigned char *apdu, size_t apdulen, on the keypad. Return 0 on success. For a description of the pin parameters, see ccid-driver.c */ static int -check_ccid_keypad (int slot, int command, int pin_mode, - int pinlen_min, int pinlen_max) +check_ccid_keypad (int slot, int command, pininfo_t *pininfo) { unsigned char apdu[] = { 0, 0, 0, 0x81 }; apdu[1] = command; - return ccid_transceive_secure (reader_table[slot].ccid.handle, - apdu, sizeof apdu, - pin_mode, pinlen_min, pinlen_max, - NULL, 0, NULL); + return ccid_transceive_secure (reader_table[slot].ccid.handle, apdu, + sizeof apdu, pininfo, NULL, 0, NULL); } static int ccid_keypad_operation (int slot, int class, int ins, int p0, int p1, - struct pininfo_s *pininfo) + pininfo_t *pininfo) { unsigned char apdu[4]; int err, sw; @@ -2389,8 +2376,7 @@ ccid_keypad_operation (int slot, int class, int ins, int p0, int p1, apdu[2] = p0; apdu[3] = p1; err = ccid_transceive_secure (reader_table[slot].ccid.handle, - apdu, sizeof apdu, - pininfo->mode, pininfo->minlen, pininfo->maxlen, + apdu, sizeof apdu, pininfo, result, 2, &resultlen); if (err) return err; @@ -2610,7 +2596,7 @@ my_rapdu_get_status (int slot, unsigned int *status) static int my_rapdu_send_apdu (int slot, unsigned char *apdu, size_t apdulen, unsigned char *buffer, size_t *buflen, - struct pininfo_s *pininfo) + pininfo_t *pininfo) { int err; reader_table_t slotp; @@ -3300,12 +3286,14 @@ apdu_get_status (int slot, int hang, the keypad. Return 0 on success. For a description of the pin parameters, see ccid-driver.c */ int -apdu_check_keypad (int slot, int command, int pin_mode, - int pinlen_min, int pinlen_max) +apdu_check_keypad (int slot, int command, pininfo_t *pininfo) { if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; + if (opt.enable_keypad_varlen) + pininfo->mode = 0; + if (reader_table[slot].check_keypad) { int sw; @@ -3313,8 +3301,7 @@ apdu_check_keypad (int slot, int command, int pin_mode, if ((sw = lock_slot (slot))) return sw; - sw = reader_table[slot].check_keypad (slot, command, - pin_mode, pinlen_min, pinlen_max); + sw = reader_table[slot].check_keypad (slot, command, pininfo); unlock_slot (slot); return sw; } @@ -3324,15 +3311,9 @@ apdu_check_keypad (int slot, int command, int pin_mode, int -apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, int pin_mode, - int pinlen_min, int pinlen_max) +apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, + pininfo_t *pininfo) { - struct pininfo_s pininfo; - - pininfo.mode = pin_mode; - pininfo.minlen = pinlen_min; - pininfo.maxlen = pinlen_max; - if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; @@ -3344,7 +3325,7 @@ apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, int pin_mode, return sw; sw = reader_table[slot].keypad_verify (slot, class, ins, p0, p1, - &pininfo); + pininfo); unlock_slot (slot); return sw; } @@ -3354,15 +3335,9 @@ apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, int pin_mode, int -apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, int pin_mode, - int pinlen_min, int pinlen_max) +apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, + pininfo_t *pininfo) { - struct pininfo_s pininfo; - - pininfo.mode = pin_mode; - pininfo.minlen = pinlen_min; - pininfo.maxlen = pinlen_max; - if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; @@ -3374,7 +3349,7 @@ apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, int pin_mode, return sw; sw = reader_table[slot].keypad_modify (slot, class, ins, p0, p1, - &pininfo); + pininfo); unlock_slot (slot); return sw; } @@ -3387,7 +3362,7 @@ apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, int pin_mode, function should be called in locked state. */ static int send_apdu (int slot, unsigned char *apdu, size_t apdulen, - unsigned char *buffer, size_t *buflen, struct pininfo_s *pininfo) + unsigned char *buffer, size_t *buflen, pininfo_t *pininfo) { if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; @@ -3419,7 +3394,7 @@ static int send_le (int slot, int class, int ins, int p0, int p1, int lc, const char *data, int le, unsigned char **retbuf, size_t *retbuflen, - struct pininfo_s *pininfo, int extended_mode) + pininfo_t *pininfo, int extended_mode) { #define SHORT_RESULT_BUFFER_SIZE 258 /* We allocate 8 extra bytes as a safety margin towards a driver bug. */ diff --git a/scd/apdu.h b/scd/apdu.h index 64c2162..011806c 100644 --- a/scd/apdu.h +++ b/scd/apdu.h @@ -112,12 +112,11 @@ int apdu_activate (int slot); int apdu_reset (int slot); int apdu_get_status (int slot, int hang, unsigned int *status, unsigned int *changed); -int apdu_check_keypad (int slot, int command, int pin_mode, - int pinlen_min, int pinlen_max); +int apdu_check_keypad (int slot, int command, pininfo_t *pininfo); int apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, - int pin_mode, int pinlen_min, int pinlen_max); + pininfo_t *pininfo); int apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, - int pin_mode, int pinlen_min, int pinlen_max); + pininfo_t *pininfo); int apdu_send_simple (int slot, int extended_mode, int class, int ins, int p0, int p1, int lc, const char *data); diff --git a/scd/app-dinsig.c b/scd/app-dinsig.c index 697cdf6..5a2a902 100644 --- a/scd/app-dinsig.c +++ b/scd/app-dinsig.c @@ -282,7 +282,7 @@ verify_pin (app_t app, { const char *s; int rc; - iso7816_pininfo_t pininfo; + pininfo_t pininfo; if ( app->did_chv1 && !app->force_chv1 ) return 0; /* No need to verify it again. */ diff --git a/scd/app-nks.c b/scd/app-nks.c index b51e1fc..c53f45a 100644 --- a/scd/app-nks.c +++ b/scd/app-nks.c @@ -781,7 +781,7 @@ verify_pin (app_t app, int pwid, const char *desc, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg) { - iso7816_pininfo_t pininfo; + pininfo_t pininfo; int rc; if (!desc) @@ -1144,7 +1144,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *pwidstr, int is_sigg; const char *newdesc; int pwid; - iso7816_pininfo_t pininfo; + pininfo_t pininfo; (void)ctrl; diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 98af5e8..5292f1d 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -1489,7 +1489,7 @@ verify_a_chv (app_t app, int rc = 0; char *prompt_buffer = NULL; const char *prompt; - iso7816_pininfo_t pininfo; + pininfo_t pininfo; int minlen = 6; assert (chvno == 1 || chvno == 2); @@ -1707,7 +1707,7 @@ verify_chv3 (app_t app, if (!app->did_chv3) { - iso7816_pininfo_t pininfo; + pininfo_t pininfo; int minlen = 8; char *prompt; @@ -1917,7 +1917,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, char *pinvalue = NULL; int reset_mode = !!(flags & APP_CHANGE_FLAG_RESET); int set_resetcode = 0; - iso7816_pininfo_t pininfo; + pininfo_t pininfo; int use_keypad = 0; int minlen = 6; diff --git a/scd/app.c b/scd/app.c index 7cbbf6e..8bdfefa 100644 --- a/scd/app.c +++ b/scd/app.c @@ -26,8 +26,8 @@ #include "scdaemon.h" #include "app-common.h" -#include "apdu.h" #include "iso7816.h" +#include "apdu.h" #include "tlv.h" /* This table is used to keep track of locks on a per reader base. diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index b8a9809..b057861 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -91,6 +91,8 @@ #include +#include "scdaemon.h" +#include "iso7816.h" #include "ccid-driver.h" #define DRVNAME "ccid-driver: " @@ -3297,7 +3299,7 @@ ccid_transceive (ccid_driver_t handle, int ccid_transceive_secure (ccid_driver_t handle, const unsigned char *apdu_buf, size_t apdu_buflen, - int pin_mode, int pinlen_min, int pinlen_max, + pininfo_t *pininfo, unsigned char *resp, size_t maxresplen, size_t *nresp) { int rc; @@ -3308,7 +3310,7 @@ ccid_transceive_secure (ccid_driver_t handle, size_t dummy_nresp; int testmode; int cherry_mode = 0; - int enable_varlen = opt.enable_keypad_varlen; + int enable_varlen = 0; testmode = !resp && !nresp; @@ -3322,19 +3324,16 @@ ccid_transceive_secure (ccid_driver_t handle, ; else return CCID_DRIVER_ERR_NO_KEYPAD; - - if (pin_mode != 1) - return CCID_DRIVER_ERR_NOT_SUPPORTED; - if (!pinlen_min) - pinlen_min = 1; - if (!pinlen_max) - pinlen_max = 25; + if (!pininfo->minlen) + pininfo->minlen = 1; + if (!pininfo->maxlen) + pininfo->maxlen = 25; /* Note that the 25 is the maximum value the SPR532 allows. */ - if (pinlen_min < 1 || pinlen_min > 25 - || pinlen_max < 1 || pinlen_max > 25 - || pinlen_min > pinlen_max) + if (pininfo->minlen < 1 || pininfo->minlen > 25 + || pininfo->maxlen < 1 || pininfo->maxlen > 25 + || pininfo->minlen > pininfo->maxlen) return CCID_DRIVER_ERR_INV_VALUE; /* We have only tested a few readers so better don't risk anything @@ -3348,7 +3347,7 @@ ccid_transceive_secure (ccid_driver_t handle, break; case VENDOR_VASCO: /* Tested with DIGIPASS 920 */ enable_varlen = 1; - pinlen_max = 15; + pininfo->maxlen = 15; break; case VENDOR_CHERRY: enable_varlen = 1; @@ -3371,6 +3370,12 @@ ccid_transceive_secure (ccid_driver_t handle, return CCID_DRIVER_ERR_NOT_SUPPORTED; } + if (enable_varlen) + pininfo->mode = 0; + + if (pininfo->mode != 0 && pininfo->mode != 1) + return CCID_DRIVER_ERR_NOT_SUPPORTED; + if (testmode) return 0; /* Success */ @@ -3418,8 +3423,8 @@ ccid_transceive_secure (ccid_driver_t handle, } /* The following is a little endian word. */ - msg[msglen++] = pinlen_max; /* wPINMaxExtraDigit-Maximum. */ - msg[msglen++] = pinlen_min; /* wPINMaxExtraDigit-Minimum. */ + msg[msglen++] = pininfo->maxlen; /* wPINMaxExtraDigit-Maximum. */ + msg[msglen++] = pininfo->minlen; /* wPINMaxExtraDigit-Minimum. */ if (apdu_buf[1] == 0x24) msg[msglen++] = apdu_buf[2] == 0 ? 0x03 : 0x01; @@ -3432,7 +3437,7 @@ ccid_transceive_secure (ccid_driver_t handle, msg[msglen] = 0x02; /* bEntryValidationCondition: Validation key pressed */ - if (pinlen_min && pinlen_max && pinlen_min == pinlen_max) + if (pininfo->minlen && pininfo->maxlen && pininfo->minlen == pininfo->maxlen) msg[msglen] |= 0x01; /* Max size reached. */ msglen++; diff --git a/scd/ccid-driver.h b/scd/ccid-driver.h index d5e40ca..549e858 100644 --- a/scd/ccid-driver.h +++ b/scd/ccid-driver.h @@ -93,8 +93,7 @@ int ccid_transceive (ccid_driver_t handle, unsigned char *resp, size_t maxresplen, size_t *nresp); int ccid_transceive_secure (ccid_driver_t handle, const unsigned char *apdu, size_t apdulen, - int pin_mode, - int pinlen_min, int pinlen_max, + pininfo_t *pininfo, unsigned char *resp, size_t maxresplen, size_t *nresp); int ccid_transceive_escape (ccid_driver_t handle, const unsigned char *data, size_t datalen, diff --git a/scd/command.c b/scd/command.c index 2123b9d..cea71bf 100644 --- a/scd/command.c +++ b/scd/command.c @@ -34,6 +34,7 @@ #include #include #include "app-common.h" +#include "iso7816.h" #include "apdu.h" /* Required for apdu_*_reader (). */ #include "exechelp.h" #ifdef HAVE_LIBUSB diff --git a/scd/iso7816.c b/scd/iso7816.c index 23b84cf..78e3c81 100644 --- a/scd/iso7816.c +++ b/scd/iso7816.c @@ -269,12 +269,11 @@ iso7816_apdu_direct (int slot, const void *apdudata, size_t apdudatalen, /* Check whether the reader supports the ISO command code COMMAND on the keypad. Returns 0 on success. */ gpg_error_t -iso7816_check_keypad (int slot, int command, iso7816_pininfo_t *pininfo) +iso7816_check_keypad (int slot, int command, pininfo_t *pininfo) { int sw; - sw = apdu_check_keypad (slot, command, - pininfo->mode, pininfo->minlen, pininfo->maxlen); + sw = apdu_check_keypad (slot, command, pininfo); return iso7816_map_sw (sw); } @@ -283,12 +282,11 @@ iso7816_check_keypad (int slot, int command, iso7816_pininfo_t *pininfo) vector CHVNO. With PININFO non-NULL the keypad of the reader will be used. Returns 0 on success. */ gpg_error_t -iso7816_verify_kp (int slot, int chvno, iso7816_pininfo_t *pininfo) +iso7816_verify_kp (int slot, int chvno, pininfo_t *pininfo) { int sw; - sw = apdu_keypad_verify (slot, 0x00, CMD_VERIFY, 0, chvno, - pininfo->mode, pininfo->minlen, pininfo->maxlen); + sw = apdu_keypad_verify (slot, 0x00, CMD_VERIFY, 0, chvno, pininfo); return map_sw (sw); } @@ -309,14 +307,12 @@ iso7816_verify (int slot, int chvno, const char *chv, size_t chvlen) data" is done, otherwise an "exchange reference data". */ gpg_error_t iso7816_change_reference_data_kp (int slot, int chvno, int is_exchange, - iso7816_pininfo_t *pininfo) + pininfo_t *pininfo) { int sw; sw = apdu_keypad_modify (slot, 0x00, CMD_CHANGE_REFERENCE_DATA, - is_exchange ? 1 : 0, - chvno, pininfo->mode, pininfo->minlen, - pininfo->maxlen); + is_exchange ? 1 : 0, chvno, pininfo); return map_sw (sw); } diff --git a/scd/iso7816.h b/scd/iso7816.h index 1d66f6d..3db07a5 100644 --- a/scd/iso7816.h +++ b/scd/iso7816.h @@ -32,13 +32,13 @@ /* Information to be passed to keypad equipped readers. See ccid-driver.c for details. */ -struct iso7816_pininfo_s +struct pininfo_s { - int mode; /* A mode of 0 means: Do not use the keypad. */ + int mode; /* 0: Use variable length input. 1: Use fixed length input. */ int minlen; int maxlen; }; -typedef struct iso7816_pininfo_s iso7816_pininfo_t; +typedef struct pininfo_s pininfo_t; gpg_error_t iso7816_map_sw (int sw); @@ -58,16 +58,16 @@ gpg_error_t iso7816_apdu_direct (int slot, int handle_more, unsigned char **result, size_t *resultlen); gpg_error_t iso7816_check_keypad (int slot, int command, - iso7816_pininfo_t *pininfo); + pininfo_t *pininfo); gpg_error_t iso7816_verify (int slot, int chvno, const char *chv, size_t chvlen); -gpg_error_t iso7816_verify_kp (int slot, int chvno, iso7816_pininfo_t *pininfo); +gpg_error_t iso7816_verify_kp (int slot, int chvno, pininfo_t *pininfo); gpg_error_t iso7816_change_reference_data (int slot, int chvno, const char *oldchv, size_t oldchvlen, const char *newchv, size_t newchvlen); gpg_error_t iso7816_change_reference_data_kp (int slot, int chvno, int is_exchange, - iso7816_pininfo_t *pininfo); + pininfo_t *pininfo); gpg_error_t iso7816_reset_retry_counter (int slot, int chvno, const char *newchv, size_t newchvlen); gpg_error_t iso7816_reset_retry_counter_with_rc (int slot, int chvno, diff --git a/scd/sc-copykeys.c b/scd/sc-copykeys.c index 615e4b2..5217645 100644 --- a/scd/sc-copykeys.c +++ b/scd/sc-copykeys.c @@ -33,6 +33,7 @@ #include "../common/ttyio.h" #include "../common/simple-pwquery.h" +#include "iso7816.h" #include "apdu.h" /* for open_reader */ #include "atr.h" #include "app-common.h" diff --git a/scd/scdaemon.c b/scd/scdaemon.c index 98f037f..ce72d25 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -48,6 +48,7 @@ #include "i18n.h" #include "sysutils.h" #include "app-common.h" +#include "iso7816.h" #include "apdu.h" #include "ccid-driver.h" #include "mkdtemp.h" commit 3d863c298b5914958ef1462409dc097b4a076b52 Author: NIIBE Yutaka Date: Mon Jan 7 14:20:55 2013 +0900 SCD: Clean up. Remove PADLEN for keypad input. * scd/apdu.c (struct pininfo_s): Use iso7816_pininfo_s. (struct reader_table_s): Remove last arg from check_keypad method. (check_pcsc_keypad, check_pcsc_keypad): Remove PIN_PADLEN. (pcsc_keypad_verify, pcsc_keypad_modify): Don't check PIN_PADLEN. (send_apdu_ccid, ccid_keypad_operation): Remove PIN_PADLEN. (apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify): Likewise. * scd/apdu.h (apdu_check_keypad, apdu_keypad_verify) (apdu_keypad_modify): Remove PIN_PADLEN. * scd/ccid-driver.c (ccid_transceive_secure): Remove PIN_PADLEN. * scd/ccid-driver.h (ccid_transceive_secure): Remove PIN_PADLEN. * scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp) (iso7816_change_reference_data_kp): Remove PADLEN. * scd/iso7816.h (struct iso7816_pininfo_s): Remove PADLEN, PADCHAR. -- In the OpenPGPcard specification, password comes with no padding. In GnuPG, we support keypad input for OpenPGPcard only. Thus, it is useless to try to support padding for keypad input. diff --git a/scd/apdu.c b/scd/apdu.c index 3c549a3..21cd574 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -82,15 +82,7 @@ #define DLSTDCALL #endif - -/* Helper to pass parameters related to keypad based operations. */ -struct pininfo_s -{ - int mode; - int minlen; - int maxlen; - int padlen; -}; +#define pininfo_s iso7816_pininfo_s /* A structure to collect information pertaining to one reader slot. */ @@ -107,7 +99,7 @@ struct reader_table_s { int (*get_status_reader)(int, unsigned int *); int (*send_apdu_reader)(int,unsigned char *,size_t, unsigned char *, size_t *, struct pininfo_s *); - int (*check_keypad)(int, int, int, int, int, int); + int (*check_keypad)(int, int, int, int, int); void (*dump_status_reader)(int); int (*set_progress_cb)(int, gcry_handler_progress_t, void*); int (*keypad_verify)(int, int, int, int, int, struct pininfo_s *); @@ -313,7 +305,7 @@ static int apdu_get_status_internal (int slot, int hang, int no_atr_reset, unsigned int *status, unsigned int *changed); static int check_pcsc_keypad (int slot, int command, int pin_mode, - int pinlen_min, int pinlen_max, int pin_padlen); + int pinlen_min, int pinlen_max); static int pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, struct pininfo_s *pininfo); static int pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, @@ -2023,7 +2015,7 @@ open_pcsc_reader (const char *portstr) on the keypad. Return 0 on success. */ static int check_pcsc_keypad (int slot, int command, int pin_mode, - int pinlen_min, int pinlen_max, int pin_padlen) + int pinlen_min, int pinlen_max) { unsigned char buf[256]; size_t len = 256; @@ -2032,7 +2024,6 @@ check_pcsc_keypad (int slot, int command, int pin_mode, (void)pin_mode; (void)pinlen_min; (void)pinlen_max; - (void)pin_padlen; check_again: if (command == ISO7816_VERIFY) @@ -2099,9 +2090,6 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, if (pininfo->mode != 1) return SW_NOT_SUPPORTED; - if (pininfo->padlen != 0) - return SW_NOT_SUPPORTED; - if (!pininfo->minlen) pininfo->minlen = 1; if (!pininfo->maxlen) @@ -2181,9 +2169,6 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, if (pininfo->mode != 1) return SW_NOT_SUPPORTED; - if (pininfo->padlen != 0) - return SW_NOT_SUPPORTED; - if (!pininfo->minlen) pininfo->minlen = 1; if (!pininfo->maxlen) @@ -2360,7 +2345,6 @@ send_apdu_ccid (int slot, unsigned char *apdu, size_t apdulen, pininfo->mode, pininfo->minlen, pininfo->maxlen, - pininfo->padlen, buffer, maxbuflen, buflen); else err = ccid_transceive (reader_table[slot].ccid.handle, @@ -2379,14 +2363,14 @@ send_apdu_ccid (int slot, unsigned char *apdu, size_t apdulen, parameters, see ccid-driver.c */ static int check_ccid_keypad (int slot, int command, int pin_mode, - int pinlen_min, int pinlen_max, int pin_padlen) + int pinlen_min, int pinlen_max) { unsigned char apdu[] = { 0, 0, 0, 0x81 }; apdu[1] = command; return ccid_transceive_secure (reader_table[slot].ccid.handle, apdu, sizeof apdu, - pin_mode, pinlen_min, pinlen_max, pin_padlen, + pin_mode, pinlen_min, pinlen_max, NULL, 0, NULL); } @@ -2407,7 +2391,6 @@ ccid_keypad_operation (int slot, int class, int ins, int p0, int p1, err = ccid_transceive_secure (reader_table[slot].ccid.handle, apdu, sizeof apdu, pininfo->mode, pininfo->minlen, pininfo->maxlen, - pininfo->padlen, result, 2, &resultlen); if (err) return err; @@ -3318,7 +3301,7 @@ apdu_get_status (int slot, int hang, parameters, see ccid-driver.c */ int apdu_check_keypad (int slot, int command, int pin_mode, - int pinlen_min, int pinlen_max, int pin_padlen) + int pinlen_min, int pinlen_max) { if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; @@ -3331,8 +3314,7 @@ apdu_check_keypad (int slot, int command, int pin_mode, return sw; sw = reader_table[slot].check_keypad (slot, command, - pin_mode, pinlen_min, pinlen_max, - pin_padlen); + pin_mode, pinlen_min, pinlen_max); unlock_slot (slot); return sw; } @@ -3343,14 +3325,13 @@ apdu_check_keypad (int slot, int command, int pin_mode, int apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, int pin_mode, - int pinlen_min, int pinlen_max, int pin_padlen) + int pinlen_min, int pinlen_max) { struct pininfo_s pininfo; pininfo.mode = pin_mode; pininfo.minlen = pinlen_min; pininfo.maxlen = pinlen_max; - pininfo.padlen = pin_padlen; if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; @@ -3374,14 +3355,13 @@ apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, int pin_mode, int apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, int pin_mode, - int pinlen_min, int pinlen_max, int pin_padlen) + int pinlen_min, int pinlen_max) { struct pininfo_s pininfo; pininfo.mode = pin_mode; pininfo.minlen = pinlen_min; pininfo.maxlen = pinlen_max; - pininfo.padlen = pin_padlen; if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; diff --git a/scd/apdu.h b/scd/apdu.h index 61501c4..64c2162 100644 --- a/scd/apdu.h +++ b/scd/apdu.h @@ -113,13 +113,11 @@ int apdu_reset (int slot); int apdu_get_status (int slot, int hang, unsigned int *status, unsigned int *changed); int apdu_check_keypad (int slot, int command, int pin_mode, - int pinlen_min, int pinlen_max, int pin_padlen); + int pinlen_min, int pinlen_max); int apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, - int pin_mode, int pinlen_min, int pinlen_max, - int pin_padlen); + int pin_mode, int pinlen_min, int pinlen_max); int apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, - int pin_mode, int pinlen_min, int pinlen_max, - int pin_padlen); + int pin_mode, int pinlen_min, int pinlen_max); int apdu_send_simple (int slot, int extended_mode, int class, int ins, int p0, int p1, int lc, const char *data); diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index 6d135e0..b8a9809 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -3289,8 +3289,8 @@ ccid_transceive (ccid_driver_t handle, The APDU should me made up of 4 bytes without Lc. PINLEN_MIN and PINLEN_MAX define the limits for the pin length. 0 - may be used t enable reasonable defaults. PIN_PADLEN should be 0. - + may be used t enable reasonable defaults. + When called with RESP and NRESP set to NULL, the function will merely check whether the reader supports the secure command for the given APDU and PIN_MODE. */ @@ -3298,7 +3298,6 @@ int ccid_transceive_secure (ccid_driver_t handle, const unsigned char *apdu_buf, size_t apdu_buflen, int pin_mode, int pinlen_min, int pinlen_max, - int pin_padlen, unsigned char *resp, size_t maxresplen, size_t *nresp) { int rc; @@ -3327,9 +3326,6 @@ ccid_transceive_secure (ccid_driver_t handle, if (pin_mode != 1) return CCID_DRIVER_ERR_NOT_SUPPORTED; - if (pin_padlen != 0) - return CCID_DRIVER_ERR_NOT_SUPPORTED; - if (!pinlen_min) pinlen_min = 1; if (!pinlen_max) diff --git a/scd/ccid-driver.h b/scd/ccid-driver.h index 6bb1913..d5e40ca 100644 --- a/scd/ccid-driver.h +++ b/scd/ccid-driver.h @@ -93,8 +93,8 @@ int ccid_transceive (ccid_driver_t handle, unsigned char *resp, size_t maxresplen, size_t *nresp); int ccid_transceive_secure (ccid_driver_t handle, const unsigned char *apdu, size_t apdulen, - int pin_mode, - int pinlen_min, int pinlen_max, int pin_padlen, + int pin_mode, + int pinlen_min, int pinlen_max, unsigned char *resp, size_t maxresplen, size_t *nresp); int ccid_transceive_escape (ccid_driver_t handle, const unsigned char *data, size_t datalen, diff --git a/scd/iso7816.c b/scd/iso7816.c index 12daff9..23b84cf 100644 --- a/scd/iso7816.c +++ b/scd/iso7816.c @@ -273,9 +273,8 @@ iso7816_check_keypad (int slot, int command, iso7816_pininfo_t *pininfo) { int sw; - sw = apdu_check_keypad (slot, command, - pininfo->mode, pininfo->minlen, pininfo->maxlen, - pininfo->padlen); + sw = apdu_check_keypad (slot, command, + pininfo->mode, pininfo->minlen, pininfo->maxlen); return iso7816_map_sw (sw); } @@ -289,8 +288,7 @@ iso7816_verify_kp (int slot, int chvno, iso7816_pininfo_t *pininfo) int sw; sw = apdu_keypad_verify (slot, 0x00, CMD_VERIFY, 0, chvno, - pininfo->mode, pininfo->minlen, pininfo->maxlen, - pininfo->padlen); + pininfo->mode, pininfo->minlen, pininfo->maxlen); return map_sw (sw); } @@ -318,7 +316,7 @@ iso7816_change_reference_data_kp (int slot, int chvno, int is_exchange, sw = apdu_keypad_modify (slot, 0x00, CMD_CHANGE_REFERENCE_DATA, is_exchange ? 1 : 0, chvno, pininfo->mode, pininfo->minlen, - pininfo->maxlen, pininfo->padlen); + pininfo->maxlen); return map_sw (sw); } diff --git a/scd/iso7816.h b/scd/iso7816.h index d12855b..1d66f6d 100644 --- a/scd/iso7816.h +++ b/scd/iso7816.h @@ -37,8 +37,6 @@ struct iso7816_pininfo_s int mode; /* A mode of 0 means: Do not use the keypad. */ int minlen; int maxlen; - int padlen; - int padchar; }; typedef struct iso7816_pininfo_s iso7816_pininfo_t; commit 7c110e997adda6252dbc7c2ff3fce1db3edaff94 Author: NIIBE Yutaka Date: Wed Jan 9 13:24:57 2013 +0900 SCD: Add option enable-keypad-varlen and support for GEMPC_PINPAD. * scd/scdaemon.h (opt): Add enable_keypad_varlen. * scd/scdaemon.c (cmd_and_opt_values): Add oEnableKeypadVarlen. (opts, main): Add oEnableKeypadVarlen. * scd/ccid-driver.c (GEMPC_PINPAD): New. (ccid_transceive_secure): Add enable_varlen handling. Enable GEMPC_PINPAD. -- Note that GEMPC_PINPAD doesn't support variable length keypad input. The feature of fixed length keypad input will be added soon. diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index dc50d47..6d135e0 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -222,6 +222,7 @@ enum { #define SCM_SPR532 0xe003 #define CHERRY_ST2000 0x003e #define VASCO_920 0x0920 +#define GEMPC_PINPAD 0x3478 /* A list and a table with special transport descriptions. */ enum { @@ -3308,6 +3309,7 @@ ccid_transceive_secure (ccid_driver_t handle, size_t dummy_nresp; int testmode; int cherry_mode = 0; + int enable_varlen = opt.enable_keypad_varlen; testmode = !resp && !nresp; @@ -3346,11 +3348,14 @@ ccid_transceive_secure (ccid_driver_t handle, case VENDOR_SCM: /* Tested with SPR 532. */ case VENDOR_KAAN: /* Tested with KAAN Advanced (1.02). */ case VENDOR_FSIJ: /* Tested with Gnuk (0.21). */ + enable_varlen = 1; break; case VENDOR_VASCO: /* Tested with DIGIPASS 920 */ + enable_varlen = 1; pinlen_max = 15; break; case VENDOR_CHERRY: + enable_varlen = 1; /* The CHERRY XX44 keyboard echos an asterisk for each entered character on the keyboard channel. We use a special variant of PC_to_RDR_Secure which directs these characters to the @@ -3361,6 +3366,11 @@ ccid_transceive_secure (ccid_driver_t handle, if (handle->id_product != CHERRY_ST2000) cherry_mode = 1; break; + case VENDOR_GEMPC: + enable_varlen = 0; + if (handle->id_product == GEMPC_PINPAD) + break; + /* fall through */ default: return CCID_DRIVER_ERR_NOT_SUPPORTED; } diff --git a/scd/scdaemon.c b/scd/scdaemon.c index defd039..98f037f 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -91,6 +91,7 @@ enum cmd_and_opt_values oAllowAdmin, oDenyAdmin, oDisableApplication, + oEnableKeypadVarlen, oDebugDisableTicker }; @@ -143,6 +144,8 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oDenyAdmin, "deny-admin", N_("deny the use of admin card commands")), ARGPARSE_s_s (oDisableApplication, "disable-application", "@"), + ARGPARSE_s_n (oEnableKeypadVarlen, "enable-keypad-varlen", + N_("use variable length input for keypad")), ARGPARSE_end () }; @@ -594,6 +597,8 @@ main (int argc, char **argv ) add_to_strlist (&opt.disabled_applications, pargs.r.ret_str); break; + case oEnableKeypadVarlen: opt.enable_keypad_varlen = 1; break; + default: pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR; break; diff --git a/scd/scdaemon.h b/scd/scdaemon.h index c429396..3eb0fe8 100644 --- a/scd/scdaemon.h +++ b/scd/scdaemon.h @@ -57,6 +57,7 @@ struct const char *reader_port; /* NULL or reder port to use. */ int disable_ccid; /* Disable the use of the internal CCID driver. */ int disable_keypad; /* Do not use a keypad. */ + int enable_keypad_varlen; /* Use variable length input for keypad. */ int allow_admin; /* Allow the use of admin commands for certain cards. */ strlist_t disabled_applications; /* Card applications we do not commit 2dbd347fbe9765e72041857a5922390e01cf95f1 Author: NIIBE Yutaka Date: Tue Jan 8 15:22:31 2013 +0900 SCD: Support not-so-smart card readers. * scd/ccid-driver.c (struct ccid_driver_s): Add auto_voltage, auto_param, and auto_pps. (parse_ccid_descriptor): Set auto_voltage, auto_param, and auto_pps. Support non-autoconf readers. (update_param_by_atr): New. (ccid_get_atr): Use 5V for PowerOn when auto_voltage is not supported. Use 0x10 when nonnull_nad for SetParameters. Call update_param_by_atr for parsing ATR, and use param for SetParameters. Send PPS if reader requires it and card is negotiable. When bNadValue in the return values of SetParameters == 0, clear handle->nonnull_nad flag. -- This change is to support more card readers by the internal driver. Tested with 08e6:3478 Gemplus PinPad Smart Card Reader. diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index 49dde61..dc50d47 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -266,6 +266,9 @@ struct ccid_driver_s unsigned char apdu_level:2; /* Reader supports short APDU level exchange. With a value of 2 short and extended level is supported.*/ + unsigned int auto_voltage:1; + unsigned int auto_param:1; + unsigned int auto_pps:1; unsigned int auto_ifsd:1; unsigned int powered_off:1; unsigned int has_pinpad:2; @@ -760,7 +763,7 @@ parse_ccid_descriptor (ccid_driver_t handle, { unsigned int i; unsigned int us; - int have_t1 = 0, have_tpdu=0, have_auto_conf = 0; + int have_t1 = 0, have_tpdu=0; handle->nonnull_nad = 0; @@ -769,6 +772,9 @@ parse_ccid_descriptor (ccid_driver_t handle, handle->ifsd = 0; handle->has_pinpad = 0; handle->apdu_level = 0; + handle->auto_voltage = 0; + handle->auto_param = 0; + handle->auto_pps = 0; DEBUGOUT_3 ("idVendor: %04X idProduct: %04X bcdDevice: %04X\n", handle->id_vendor, handle->id_product, handle->bcd_device); if (buflen < 54 || buf[0] < 54) @@ -844,22 +850,31 @@ parse_ccid_descriptor (ccid_driver_t handle, DEBUGOUT_1 (" dwFeatures %08X\n", us); if ((us & 0x0002)) { - DEBUGOUT (" Auto configuration based on ATR\n"); - have_auto_conf = 1; + DEBUGOUT (" Auto configuration based on ATR (assumes auto voltage)\n"); + handle->auto_voltage = 1; } if ((us & 0x0004)) DEBUGOUT (" Auto activation on insert\n"); if ((us & 0x0008)) - DEBUGOUT (" Auto voltage selection\n"); + { + DEBUGOUT (" Auto voltage selection\n"); + handle->auto_voltage = 1; + } if ((us & 0x0010)) DEBUGOUT (" Auto clock change\n"); if ((us & 0x0020)) DEBUGOUT (" Auto baud rate change\n"); if ((us & 0x0040)) - DEBUGOUT (" Auto parameter negotiation made by CCID\n"); + { + DEBUGOUT (" Auto parameter negotiation made by CCID\n"); + handle->auto_param = 1; + } else if ((us & 0x0080)) - DEBUGOUT (" Auto PPS made by CCID\n"); - else if ((us & (0x0040 | 0x0080))) + { + DEBUGOUT (" Auto PPS made by CCID\n"); + handle->auto_pps = 1; + } + if ((us & (0x0040 | 0x0080)) == (0x0040 | 0x0080)) DEBUGOUT (" WARNING: conflicting negotiation features\n"); if ((us & 0x0100)) @@ -936,11 +951,10 @@ parse_ccid_descriptor (ccid_driver_t handle, DEBUGOUT_LF (); } - if (!have_t1 || !(have_tpdu || handle->apdu_level) || !have_auto_conf) + if (!have_t1 || !(have_tpdu || handle->apdu_level)) { DEBUGOUT ("this drivers requires that the reader supports T=1, " - "TPDU or APDU level exchange and auto configuration - " - "this is not available\n"); + "TPDU or APDU level exchange - this is not available\n"); return -1; } @@ -2339,6 +2353,151 @@ ccid_slot_status (ccid_driver_t handle, int *statusbits) } +/* Parse ATR string (of ATRLEN) and update parameters at PARAM. + Calling this routine, it should prepare default values at PARAM + beforehand. This routine assumes that card is accessed by T=1 + protocol. It doesn't analyze historical bytes at all. + + Returns < 0 value on error: + -1 for parse error or integrity check error + -2 for card doesn't support T=1 protocol + -3 for parameters are nod explicitly defined by ATR + -4 for this driver doesn't support CRC + + Returns >= 0 on success: + 0 for card is negotiable mode + 1 for card is specific mode (and not negotiable) + */ +static int +update_param_by_atr (unsigned char *param, unsigned char *atr, size_t atrlen) +{ + int i = -1; + int t, y, chk; + int historical_bytes_num, negotiable = 1; + +#define NEXTBYTE() do { i++; if (atrlen <= i) return -1; } while (0) + + NEXTBYTE (); + + if (atr[i] == 0x3F) + param[1] |= 0x02; /* Convention is inverse. */ + NEXTBYTE (); + + y = (atr[i] >> 4); + historical_bytes_num = atr[i] & 0x0f; + NEXTBYTE (); + + if ((y & 1)) + { + param[0] = atr[i]; /* TA1 - Fi & Di */ + NEXTBYTE (); + } + + if ((y & 2)) + NEXTBYTE (); /* TB1 - ignore */ + + if ((y & 4)) + { + param[2] = atr[i]; /* TC1 - Guard Time */ + NEXTBYTE (); + } + + if ((y & 8)) + { + y = (atr[i] >> 4); /* TD1 */ + t = atr[i] & 0x0f; + NEXTBYTE (); + + if ((y & 1)) + { /* TA2 - PPS mode */ + if ((atr[i] & 0x0f) != 1) + return -2; /* Wrong card protocol (!= 1). */ + + if ((atr[i] & 0x10) != 0x10) + return -3; /* Transmission parameters are implicitly defined. */ + + negotiable = 0; /* TA2 means specific mode. */ + NEXTBYTE (); + } + + if ((y & 2)) + NEXTBYTE (); /* TB2 - ignore */ + + if ((y & 4)) + NEXTBYTE (); /* TC2 - ignore */ + + if ((y & 8)) + { + y = (atr[i] >> 4); /* TD2 */ + t = atr[i] & 0x0f; + NEXTBYTE (); + } + else + y = 0; + + while (y) + { + if ((y & 1)) + { /* TAx */ + if (t == 1) + param[5] = atr[i]; /* IFSC */ + else if (t == 15) + /* XXX: check voltage? */ + param[4] = (atr[i] >> 6); /* ClockStop */ + + NEXTBYTE (); + } + + if ((y & 2)) + { + if (t == 1) + param[3] = atr[i]; /* TBx - BWI & CWI */ + NEXTBYTE (); + } + + if ((y & 4)) + { + if (t == 1) + param[1] |= (atr[i] & 0x01); /* TCx - LRC/CRC */ + NEXTBYTE (); + + if (param[1] & 0x01) + return -4; /* CRC not supported yet. */ + } + + if ((y & 8)) + { + y = (atr[i] >> 4); /* TDx */ + t = atr[i] & 0x0f; + NEXTBYTE (); + } + else + y = 0; + } + } + + i += historical_bytes_num - 1; + NEXTBYTE (); + if (atrlen != i+1) + return -1; + +#undef NEXTBYTE + + chk = 0; + do + { + chk ^= atr[i]; + i--; + } + while (i > 0); + + if (chk != 0) + return -1; + + return negotiable; +} + + /* Return the ATR of the card. This is not a cached value and thus an actual reset is done. */ int @@ -2355,6 +2514,15 @@ ccid_get_atr (ccid_driver_t handle, unsigned int edc; int tried_iso = 0; int got_param; + unsigned char param[7] = { /* For Protocol T=1 */ + 0x11, /* bmFindexDindex */ + 0x10, /* bmTCCKST1 */ + 0x00, /* bGuardTimeT1 */ + 0x4d, /* bmWaitingIntegersT1 */ + 0x00, /* bClockStop */ + 0x20, /* bIFSC */ + 0x00 /* bNadValue */ + }; /* First check whether a card is available. */ rc = ccid_slot_status (handle, &statusbits); @@ -2369,7 +2537,8 @@ ccid_get_atr (ccid_driver_t handle, msg[0] = PC_to_RDR_IccPowerOn; msg[5] = 0; /* slot */ msg[6] = seqno = handle->seqno++; - msg[7] = 0; /* power select (0=auto, 1=5V, 2=3V, 3=1.8V) */ + /* power select (0=auto, 1=5V, 2=3V, 3=1.8V) */ + msg[7] = handle->auto_voltage ? 0 : 1; msg[8] = 0; /* RFU */ msg[9] = 0; /* RFU */ set_msg_len (msg, 0); @@ -2411,23 +2580,73 @@ ccid_get_atr (ccid_driver_t handle, *atrlen = n; } + param[6] = handle->nonnull_nad? ((1 << 4) | 0): 0; + rc = update_param_by_atr (param, msg+10, msglen - 10); + if (rc < 0) + { + DEBUGOUT_1 ("update_param_by_atr failed: %d\n", rc); + return CCID_DRIVER_ERR_CARD_IO_ERROR; + } + got_param = 0; - msg[0] = PC_to_RDR_GetParameters; - msg[5] = 0; /* slot */ - msg[6] = seqno = handle->seqno++; - msg[7] = 0; /* RFU */ - msg[8] = 0; /* RFU */ - msg[9] = 0; /* RFU */ - set_msg_len (msg, 0); - msglen = 10; - rc = bulk_out (handle, msg, msglen, 0); - if (!rc) - rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_Parameters, - seqno, 2000, 0); - if (rc) - DEBUGOUT ("GetParameters failed\n"); - else if (msglen == 17 && msg[9] == 1) - got_param = 1; + + if (handle->auto_param) + { + msg[0] = PC_to_RDR_GetParameters; + msg[5] = 0; /* slot */ + msg[6] = seqno = handle->seqno++; + msg[7] = 0; /* RFU */ + msg[8] = 0; /* RFU */ + msg[9] = 0; /* RFU */ + set_msg_len (msg, 0); + msglen = 10; + rc = bulk_out (handle, msg, msglen, 0); + if (!rc) + rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_Parameters, + seqno, 2000, 0); + if (rc) + DEBUGOUT ("GetParameters failed\n"); + else if (msglen == 17 && msg[9] == 1) + got_param = 1; + } + else if (handle->auto_pps) + ; + else if (rc == 1) /* It's negotiable, send PPS. */ + { + msg[0] = PC_to_RDR_XfrBlock; + msg[5] = 0; /* slot */ + msg[6] = seqno = handle->seqno++; + msg[7] = 0; + msg[8] = 0; + msg[9] = 0; + msg[10] = 0xff; /* PPSS */ + msg[11] = 0x11; /* PPS0: PPS1, Protocol T=1 */ + msg[12] = param[0]; /* PPS1: Fi / Di */ + msg[13] = 0xff ^ 0x11 ^ param[0]; /* PCK */ + set_msg_len (msg, 4); + msglen = 10 + 4; + + rc = bulk_out (handle, msg, msglen, 0); + if (rc) + return rc; + + rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_DataBlock, + seqno, 5000, 0); + if (rc) + return rc; + + if (msglen != 10 + 4) + { + DEBUGOUT_1 ("Setting PPS failed: %d\n", msglen); + return CCID_DRIVER_ERR_CARD_IO_ERROR; + } + + if (msg[10] != 0xff || msg[11] != 0x11 || msg[12] != param[0]) + { + DEBUGOUT_1 ("Setting PPS failed: 0x%02x\n", param[0]); + return CCID_DRIVER_ERR_CARD_IO_ERROR; + } + } /* Setup parameters to select T=1. */ msg[0] = PC_to_RDR_SetParameters; @@ -2438,16 +2657,7 @@ ccid_get_atr (ccid_driver_t handle, msg[9] = 0; /* RFU */ if (!got_param) - { - /* FIXME: Get those values from the ATR. */ - msg[10]= 0x01; /* Fi/Di */ - msg[11]= 0x10; /* LRC, direct convention. */ - msg[12]= 0; /* Extra guardtime. */ - msg[13]= 0x41; /* BWI/CWI */ - msg[14]= 0; /* No clock stoppping. */ - msg[15]= 254; /* IFSC */ - msg[16]= 0; /* Does not support non default NAD values. */ - } + memcpy (&msg[10], param, 7); set_msg_len (msg, 7); msglen = 10 + 7; @@ -2464,6 +2674,12 @@ ccid_get_atr (ccid_driver_t handle, else handle->ifsc = 128; /* Something went wrong, assume 128 bytes. */ + if (handle->nonnull_nad && msglen > 16 && msg[16] == 0) + { + DEBUGOUT ("Use Null-NAD, clearing handle->nonnull_nad.\n"); + handle->nonnull_nad = 0; + } + handle->t1_ns = 0; handle->t1_nr = 0; ----------------------------------------------------------------------- Summary of changes: scd/apdu.c | 167 +++++++--------------- scd/apdu.h | 13 +-- scd/app-dinsig.c | 4 +- scd/app-nks.c | 6 +- scd/app-openpgp.c | 122 ++++++++++++++-- scd/app.c | 2 +- scd/ccid-driver.c | 410 ++++++++++++++++++++++++++++++++++++++++++++--------- scd/ccid-driver.h | 3 +- scd/command.c | 1 + scd/iso7816.c | 18 +-- scd/iso7816.h | 19 ++- scd/sc-copykeys.c | 1 + scd/scdaemon.c | 6 + scd/scdaemon.h | 1 + 14 files changed, 543 insertions(+), 230 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 6 17:46:57 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 06 Feb 2013 17:46:57 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.3.2-26-g51fd6d8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 51fd6d8292cb41d743407e6ac9d86a5ab8e68d8c (commit) from 322552a88db47896881e55c00ca301137cd160c6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 51fd6d8292cb41d743407e6ac9d86a5ab8e68d8c Author: Werner Koch Date: Wed Feb 6 17:35:40 2013 +0100 Use gpg_error_from_syserror instead of directly accessing errno. -- Also fixed a couple of minor thing; e.g. save the error before calling cleanup functions. Do not save the errno if only free is called in between. diff --git a/src/data-compat.c b/src/data-compat.c index b3b8867..e9ca90a 100644 --- a/src/data-compat.c +++ b/src/data-compat.c @@ -60,7 +60,7 @@ gpgme_data_new_from_filepart (gpgme_data_t *r_dh, const char *fname, if (fname) stream = fopen (fname, "rb"); if (!stream) - return TRACE_ERR (gpg_error_from_errno (errno)); + return TRACE_ERR (gpg_error_from_syserror ()); #ifdef HAVE_FSEEKO res = fseeko (stream, offset, SEEK_SET); @@ -71,31 +71,31 @@ gpgme_data_new_from_filepart (gpgme_data_t *r_dh, const char *fname, if (res) { - int saved_errno = errno; + int saved_err = gpg_error_from_syserror (); if (fname) fclose (stream); - return TRACE_ERR (gpg_error_from_errno (saved_errno)); + return TRACE_ERR (saved_err); } buf = malloc (length); if (!buf) { - int saved_errno = errno; + int saved_err = gpg_error_from_syserror (); if (fname) fclose (stream); - return TRACE_ERR (gpg_error_from_errno (saved_errno)); + return TRACE_ERR (saved_err); } while (fread (buf, length, 1, stream) < 1 && ferror (stream) && errno == EINTR); if (ferror (stream)) { - int saved_errno = errno; + int saved_err = gpg_error_from_syserror (); if (buf) free (buf); if (fname) fclose (stream); - return TRACE_ERR (gpg_error_from_errno (saved_errno)); + return TRACE_ERR (saved_err); } if (fname) @@ -135,7 +135,7 @@ gpgme_data_new_from_file (gpgme_data_t *r_dh, const char *fname, int copy) return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); if (stat (fname, &statbuf) < 0) - return TRACE_ERR (gpg_error_from_errno (errno)); + return TRACE_ERR (gpg_error_from_syserror ()); err = gpgme_data_new_from_filepart (r_dh, fname, NULL, 0, statbuf.st_size); return TRACE_ERR (err); @@ -247,8 +247,8 @@ gpgme_data_rewind (gpgme_data_t dh) gpgme_error_t err; TRACE_BEG (DEBUG_DATA, "gpgme_data_rewind", dh); - err = (gpgme_data_seek (dh, 0, SEEK_SET) == -1) - ? gpg_error_from_errno (errno) : 0; + err = ((gpgme_data_seek (dh, 0, SEEK_SET) == -1) + ? gpg_error_from_syserror () : 0); return TRACE_ERR (err); } diff --git a/src/data-mem.c b/src/data-mem.c index 634f8a5..fc7694d 100644 --- a/src/data-mem.c +++ b/src/data-mem.c @@ -202,9 +202,9 @@ gpgme_data_new_from_mem (gpgme_data_t *r_dh, const char *buffer, char *bufcpy = malloc (size); if (!bufcpy) { - int saved_errno = errno; + int saved_err = gpg_error_from_syserror (); _gpgme_data_release (*r_dh); - return TRACE_ERR (gpg_error_from_errno (saved_errno)); + return TRACE_ERR (saved_err); } memcpy (bufcpy, buffer, size); (*r_dh)->data.mem.buffer = bufcpy; @@ -242,9 +242,9 @@ gpgme_data_release_and_get_mem (gpgme_data_t dh, size_t *r_len) str = malloc (dh->data.mem.length); if (!str) { - int saved_errno = errno; + int saved_err = gpg_error_from_syserror (); gpgme_data_release (dh); - TRACE_ERR (gpg_error_from_errno (saved_errno)); + TRACE_ERR (saved_err); return NULL; } memcpy (str, dh->data.mem.orig_buffer, dh->data.mem.length); diff --git a/src/engine-assuan.c b/src/engine-assuan.c index 0963f4a..a3c9e92 100644 --- a/src/engine-assuan.c +++ b/src/engine-assuan.c @@ -394,7 +394,7 @@ llass_set_locale (void *engine, int category, const char *value) return 0; if (asprintf (&optstr, "OPTION %s=%s", catstr, value) < 0) - err = gpg_error_from_errno (errno); + err = gpg_error_from_syserror (); else { err = assuan_transact (llass->assuan_ctx, optstr, NULL, NULL, diff --git a/src/engine-g13.c b/src/engine-g13.c index 9850d6b..9231a9a 100644 --- a/src/engine-g13.c +++ b/src/engine-g13.c @@ -225,7 +225,7 @@ g13_new (void **engine, const char *file_name, const char *home_dir) g13 = calloc (1, sizeof *g13); if (!g13) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); g13->status_cb.fd = -1; g13->status_cb.dir = 1; @@ -269,7 +269,7 @@ g13_new (void **engine, const char *file_name, const char *home_dir) if (asprintf (&optstr, "OPTION display=%s", dft_display) < 0) { free (dft_display); - err = gpg_error_from_errno (errno); + err = gpg_error_from_syserror (); goto leave; } free (dft_display); @@ -295,7 +295,7 @@ g13_new (void **engine, const char *file_name, const char *home_dir) { if (asprintf (&optstr, "OPTION ttyname=%s", dft_ttyname) < 0) { - err = gpg_error_from_errno (errno); + err = gpg_error_from_syserror (); goto leave; } err = assuan_transact (g13->assuan_ctx, optstr, NULL, NULL, NULL, @@ -312,7 +312,7 @@ g13_new (void **engine, const char *file_name, const char *home_dir) if (asprintf (&optstr, "OPTION ttytype=%s", dft_ttytype) < 0) { free (dft_ttytype); - err = gpg_error_from_errno (errno); + err = gpg_error_from_syserror (); goto leave; } free (dft_ttytype); @@ -390,7 +390,7 @@ g13_set_locale (void *engine, int category, const char *value) return 0; if (asprintf (&optstr, "OPTION %s=%s", catstr, value) < 0) - err = gpg_error_from_errno (errno); + err = gpg_error_from_syserror (); else { err = assuan_transact (g13->assuan_ctx, optstr, NULL, NULL, diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 4c7a8b2..825a450 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -210,7 +210,7 @@ _add_arg (engine_gpg_t gpg, const char *arg, int front, int *arg_locp) a = malloc (sizeof *a + strlen (arg)); if (!a) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); a->data = NULL; a->dup_to = -1; @@ -269,7 +269,7 @@ add_data (engine_gpg_t gpg, gpgme_data_t data, int dup_to, int inbound) a = malloc (sizeof *a - 1); if (!a) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); a->next = NULL; a->data = data; a->inbound = inbound; @@ -424,14 +424,14 @@ gpg_new (void **engine, const char *file_name, const char *home_dir) gpg = calloc (1, sizeof *gpg); if (!gpg) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); if (file_name) { gpg->file_name = strdup (file_name); if (!gpg->file_name) { - rc = gpg_error_from_errno (errno); + rc = gpg_error_from_syserror (); goto leave; } } @@ -452,14 +452,14 @@ gpg_new (void **engine, const char *file_name, const char *home_dir) gpg->status.buffer = malloc (gpg->status.bufsize); if (!gpg->status.buffer) { - rc = gpg_error_from_errno (errno); + rc = gpg_error_from_syserror (); goto leave; } /* In any case we need a status pipe - create it right here and don't handle it with our generic gpgme_data_t mechanism. */ if (_gpgme_io_pipe (gpg->status.fd, 1) == -1) { - rc = gpg_error_from_errno (errno); + rc = gpg_error_from_syserror (); goto leave; } if (_gpgme_io_set_close_notify (gpg->status.fd[0], @@ -630,14 +630,14 @@ gpg_set_colon_line_handler (void *engine, engine_colon_line_handler_t fnc, gpg->colon.readpos = 0; gpg->colon.buffer = malloc (gpg->colon.bufsize); if (!gpg->colon.buffer) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); if (_gpgme_io_pipe (gpg->colon.fd, 1) == -1) { - int saved_errno = errno; + int saved_err = gpg_error_from_syserror (); free (gpg->colon.buffer); gpg->colon.buffer = NULL; - return gpg_error_from_errno (saved_errno); + return saved_err; } if (_gpgme_io_set_close_notify (gpg->colon.fd[0], close_notify_handler, gpg) || _gpgme_io_set_close_notify (gpg->colon.fd[1], @@ -775,23 +775,23 @@ build_argv (engine_gpg_t gpg) argv = calloc (argc + 1, sizeof *argv); if (!argv) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); fd_data_map = calloc (datac + 1, sizeof *fd_data_map); if (!fd_data_map) { - int saved_errno = errno; + int saved_err = gpg_error_from_syserror (); free_argv (argv); - return gpg_error_from_errno (saved_errno); + return saved_err; } argc = datac = 0; argv[argc] = strdup ("gpg"); /* argv[0] */ if (!argv[argc]) { - int saved_errno = errno; + int saved_err = gpg_error_from_syserror (); free (fd_data_map); free_argv (argv); - return gpg_error_from_errno (saved_errno); + return saved_err; } argc++; if (need_special) @@ -799,10 +799,10 @@ build_argv (engine_gpg_t gpg) argv[argc] = strdup ("--enable-special-filenames"); if (!argv[argc]) { - int saved_errno = errno; + int saved_err = gpg_error_from_syserror (); free (fd_data_map); free_argv (argv); - return gpg_error_from_errno (saved_errno); + return saved_err; } argc++; } @@ -811,10 +811,10 @@ build_argv (engine_gpg_t gpg) argv[argc] = strdup ("--use-agent"); if (!argv[argc]) { - int saved_errno = errno; + int saved_err = gpg_error_from_syserror (); free (fd_data_map); free_argv (argv); - return gpg_error_from_errno (saved_errno); + return saved_err; } argc++; } @@ -823,20 +823,20 @@ build_argv (engine_gpg_t gpg) argv[argc] = strdup ("--batch"); if (!argv[argc]) { - int saved_errno = errno; + int saved_err = gpg_error_from_syserror (); free (fd_data_map); free_argv (argv); - return gpg_error_from_errno (saved_errno); + return saved_err; } argc++; } argv[argc] = strdup ("--no-sk-comment"); if (!argv[argc]) { - int saved_errno = errno; + int saved_err = gpg_error_from_syserror (); free (fd_data_map); free_argv (argv); - return gpg_error_from_errno (saved_errno); + return saved_err; } argc++; for (a = gpg->arglist; a; a = a->next) @@ -908,10 +908,10 @@ build_argv (engine_gpg_t gpg) argv[argc] = malloc (buflen); if (!argv[argc]) { - int saved_errno = errno; + int saved_err = gpg_error_from_syserror (); free (fd_data_map); free_argv (argv); - return gpg_error_from_errno (saved_errno); + return saved_err; } ptr = argv[argc]; @@ -933,10 +933,10 @@ build_argv (engine_gpg_t gpg) argv[argc] = strdup (a->arg); if (!argv[argc]) { - int saved_errno = errno; + int saved_err = gpg_error_from_syserror (); free (fd_data_map); free_argv (argv); - return gpg_error_from_errno (saved_errno); + return saved_err; } argc++; } @@ -987,13 +987,13 @@ read_status (engine_gpg_t gpg) bufsize += 1024; buffer = realloc (buffer, bufsize); if (!buffer) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); } nread = _gpgme_io_read (gpg->status.fd[0], buffer + readpos, bufsize-readpos); if (nread == -1) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); if (!nread) { @@ -1043,7 +1043,7 @@ read_status (engine_gpg_t gpg) free (gpg->cmd.keyword); gpg->cmd.keyword = strdup (rest); if (!gpg->cmd.keyword) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); /* This should be the last thing we have received and the next thing will be that the command handler does its action. */ @@ -1163,12 +1163,12 @@ read_colon_line (engine_gpg_t gpg) bufsize += 1024; buffer = realloc (buffer, bufsize); if (!buffer) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); } nread = _gpgme_io_read (gpg->colon.fd[0], buffer+readpos, bufsize-readpos); if (nread == -1) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); if (!nread) { @@ -1259,7 +1259,6 @@ static gpgme_error_t start (engine_gpg_t gpg) { gpgme_error_t rc; - int saved_errno; int i, n; int status; struct spawn_fd_item_s *fd_list; @@ -1299,7 +1298,7 @@ start (engine_gpg_t gpg) n++; fd_list = calloc (n, sizeof *fd_list); if (! fd_list) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); /* Build the fd list for the child. */ n = 0; @@ -1327,11 +1326,12 @@ start (engine_gpg_t gpg) _gpgme_get_gpg_path (), gpg->argv, IOSPAWN_FLAG_ALLOW_SET_FG, fd_list, NULL, NULL, &pid); - saved_errno = errno; - - free (fd_list); - if (status == -1) - return gpg_error_from_errno (saved_errno); + { + int saved_err = gpg_error_from_syserror (); + free (fd_list); + if (status == -1) + return saved_err; + } /*_gpgme_register_term_handler ( closure, closure_value, pid );*/ @@ -1495,7 +1495,7 @@ append_args_from_sig_notations (engine_gpg_t gpg, gpgme_ctx_t ctx /* FIXME */) arg = malloc (1 + notation->name_len + 1 + notation->value_len + 1); if (!arg) - err = gpg_error_from_errno (errno); + err = gpg_error_from_syserror (); if (!err) { @@ -1531,7 +1531,7 @@ append_args_from_sig_notations (engine_gpg_t gpg, gpgme_ctx_t ctx /* FIXME */) { value = malloc (1 + notation->value_len + 1); if (!value) - err = gpg_error_from_errno (errno); + err = gpg_error_from_syserror (); else { value[0] = '!'; @@ -2061,7 +2061,7 @@ gpg_keylist_preprocess (char *line, char **r_line) if (asprintf (r_line, "pub:o%s:%s:%s:%s:%s:%s::::::::", field[6], field[3], field[2], field[1], field[4], field[5]) < 0) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); return 0; case RT_UID: @@ -2086,7 +2086,7 @@ gpg_keylist_preprocess (char *line, char **r_line) char *dst; if (! uid) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); src = field[1]; dst = uid; while (*src) @@ -2114,7 +2114,7 @@ gpg_keylist_preprocess (char *line, char **r_line) if (asprintf (r_line, "uid:o%s::::%s:%s:::%s:", field[4], field[2], field[3], uid) < 0) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); } return 0; diff --git a/src/engine-gpgconf.c b/src/engine-gpgconf.c index b50b635..96c6b3d 100644 --- a/src/engine-gpgconf.c +++ b/src/engine-gpgconf.c @@ -96,7 +96,7 @@ gpgconf_new (void **engine, const char *file_name, const char *home_dir) gpgconf = calloc (1, sizeof *gpgconf); if (!gpgconf) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); gpgconf->file_name = strdup (file_name ? file_name : _gpgme_get_gpgconf_path ()); diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c index 52873ac..c4272a4 100644 --- a/src/engine-gpgsm.c +++ b/src/engine-gpgsm.c @@ -1196,9 +1196,9 @@ set_recipients (engine_gpgsm_t gpgsm, gpgme_key_t recp[]) char *newline = realloc (line, newlen); if (! newline) { - int saved_errno = errno; + int saved_err = gpg_error_from_syserror (); free (line); - return gpg_error_from_errno (saved_errno); + return saved_err; } line = newline; linelen = newlen; diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c index 5468a44..92aebbb 100644 --- a/src/engine-uiserver.c +++ b/src/engine-uiserver.c @@ -308,8 +308,8 @@ uiserver_new (void **engine, const char *file_name, const char *home_dir) { if (asprintf (&optstr, "OPTION display=%s", dft_display) < 0) { + err = gpg_error_from_syserror (); free (dft_display); - err = gpg_error_from_errno (errno); goto leave; } free (dft_display); @@ -335,7 +335,7 @@ uiserver_new (void **engine, const char *file_name, const char *home_dir) { if (asprintf (&optstr, "OPTION ttyname=%s", dft_ttyname) < 0) { - err = gpg_error_from_errno (errno); + err = gpg_error_from_syserror (); goto leave; } err = assuan_transact (uiserver->assuan_ctx, optstr, NULL, NULL, NULL, @@ -351,8 +351,8 @@ uiserver_new (void **engine, const char *file_name, const char *home_dir) { if (asprintf (&optstr, "OPTION ttytype=%s", dft_ttytype) < 0) { + err = gpg_error_from_syserror (); free (dft_ttytype); - err = gpg_error_from_errno (errno); goto leave; } free (dft_ttytype); @@ -425,7 +425,7 @@ uiserver_set_locale (void *engine, int category, const char *value) return 0; if (asprintf (&optstr, "OPTION %s=%s", catstr, value) < 0) - err = gpg_error_from_errno (errno); + err = gpg_error_from_syserror (); else { err = assuan_transact (uiserver->assuan_ctx, optstr, NULL, NULL, @@ -553,7 +553,7 @@ uiserver_set_fd (engine_uiserver_t uiserver, fd_type_t fd_type, const char *opt) int fds[2]; if (_gpgme_io_pipe (fds, 0) < 0) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); iocb_data->fd = dir ? fds[0] : fds[1]; iocb_data->server_fd = dir ? fds[1] : fds[0]; @@ -694,7 +694,7 @@ status_handler (void *opaque, int fd) { char *newline = realloc (*aline, *alinelen + linelen + 1); if (!newline) - err = gpg_error_from_errno (errno); + err = gpg_error_from_syserror (); else { *aline = newline; @@ -779,7 +779,7 @@ status_handler (void *opaque, int fd) if (!nwritten || (nwritten < 0 && errno != EINTR) || nwritten > linelen) { - err = gpg_error_from_errno (errno); + err = gpg_error_from_syserror (); break; } src += nwritten; @@ -943,7 +943,7 @@ _uiserver_decrypt (void *engine, int verify, if (asprintf (&cmd, "DECRYPT%s%s", protocol, verify ? "" : " --no-verify") < 0) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); uiserver->input_cb.data = ciph; err = uiserver_set_fd (uiserver, INPUT_FD, @@ -995,7 +995,7 @@ set_recipients (engine_uiserver_t uiserver, gpgme_key_t recp[]) linelen = 10 + 40 + 1; /* "RECIPIENT " + guess + '\0'. */ line = malloc (10 + 40 + 1); if (!line) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); strcpy (line, "RECIPIENT "); for (i=0; !err && recp[i]; i++) { @@ -1015,9 +1015,9 @@ set_recipients (engine_uiserver_t uiserver, gpgme_key_t recp[]) char *newline = realloc (line, newlen); if (! newline) { - int saved_errno = errno; + int saved_err = gpg_error_from_syserror (); free (line); - return gpg_error_from_errno (saved_errno); + return saved_err; } line = newline; linelen = newlen; @@ -1070,7 +1070,7 @@ uiserver_encrypt (void *engine, gpgme_key_t recp[], gpgme_encrypt_flags_t flags, if (asprintf (&cmd, "PREP_ENCRYPT%s%s", protocol, (flags & GPGME_ENCRYPT_EXPECT_SIGN) ? " --expect-sign" : "") < 0) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); } else { @@ -1078,7 +1078,7 @@ uiserver_encrypt (void *engine, gpgme_key_t recp[], gpgme_encrypt_flags_t flags, return gpg_error (GPG_ERR_INV_VALUE); if (asprintf (&cmd, "ENCRYPT%s", protocol) < 0) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); } if (plain) @@ -1147,7 +1147,7 @@ uiserver_sign (void *engine, gpgme_data_t in, gpgme_data_t out, if (asprintf (&cmd, "SIGN%s%s", protocol, (mode == GPGME_SIG_MODE_DETACH) ? " --detached" : "") < 0) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); key = gpgme_signers_enum (ctx, 0); if (key) @@ -1222,7 +1222,7 @@ uiserver_verify (void *engine, gpgme_data_t sig, gpgme_data_t signed_text, return gpgme_error (GPG_ERR_UNSUPPORTED_PROTOCOL); if (asprintf (&cmd, "VERIFY%s", protocol) < 0) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); uiserver->input_cb.data = sig; err = uiserver_set_fd (uiserver, INPUT_FD, diff --git a/src/engine.c b/src/engine.c index f72ce7f..d74f186 100644 --- a/src/engine.c +++ b/src/engine.c @@ -226,7 +226,7 @@ gpgme_get_engine_info (gpgme_engine_info_t *info) *lastp = malloc (sizeof (*engine_info)); if (!*lastp || !file_name) { - int saved_errno = errno; + int saved_err = gpg_error_from_syserror (); _gpgme_engine_info_release (engine_info); engine_info = NULL; @@ -237,7 +237,7 @@ gpgme_get_engine_info (gpgme_engine_info_t *info) free (home_dir); UNLOCK (engine_info_lock); - return gpg_error_from_errno (saved_errno); + return saved_err; } (*lastp)->protocol = proto_list[proto]; @@ -294,7 +294,7 @@ _gpgme_engine_info_copy (gpgme_engine_info_t *r_info) { home_dir = strdup (info->home_dir); if (!home_dir) - err = gpg_error_from_errno (errno); + err = gpg_error_from_syserror (); } else home_dir = NULL; @@ -303,7 +303,7 @@ _gpgme_engine_info_copy (gpgme_engine_info_t *r_info) { version = strdup (info->version); if (!version) - err = gpg_error_from_errno (errno); + err = gpg_error_from_syserror (); } else version = NULL; @@ -311,7 +311,7 @@ _gpgme_engine_info_copy (gpgme_engine_info_t *r_info) *lastp = malloc (sizeof (*engine_info)); if (!*lastp || !file_name || err) { - int saved_errno = errno; + int saved_err = gpg_error_from_syserror (); _gpgme_engine_info_release (new_info); @@ -323,7 +323,7 @@ _gpgme_engine_info_copy (gpgme_engine_info_t *r_info) free (version); UNLOCK (engine_info_lock); - return gpg_error_from_errno (saved_errno); + return saved_err; } (*lastp)->protocol = info->protocol; @@ -372,7 +372,7 @@ _gpgme_set_engine_info (gpgme_engine_info_t info, gpgme_protocol_t proto, new_file_name = strdup (ofile_name); } if (!new_file_name) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); if (home_dir) { @@ -380,7 +380,7 @@ _gpgme_set_engine_info (gpgme_engine_info_t info, gpgme_protocol_t proto, if (!new_home_dir) { free (new_file_name); - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); } } else @@ -392,7 +392,7 @@ _gpgme_set_engine_info (gpgme_engine_info_t info, gpgme_protocol_t proto, if (!new_home_dir) { free (new_file_name); - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); } } else @@ -454,7 +454,7 @@ _gpgme_engine_new (gpgme_engine_info_t info, engine_t *r_engine) engine = calloc (1, sizeof *engine); if (!engine) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); engine->ops = engine_ops[info->protocol]; if (engine->ops->new) diff --git a/src/genkey.c b/src/genkey.c index 13765d4..fd6685e 100644 --- a/src/genkey.c +++ b/src/genkey.c @@ -113,7 +113,7 @@ genkey_status_handler (void *priv, gpgme_status_code_t code, char *args) free (opd->result.fpr); opd->result.fpr = strdup (&args[2]); if (!opd->result.fpr) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); } } break; diff --git a/src/get-env.c b/src/get-env.c index bcd4594..57fd419 100644 --- a/src/get-env.c +++ b/src/get-env.c @@ -46,7 +46,7 @@ _gpgme_getenv (const char *name, char **value) { *value = strdup (env_value); if (!*value) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); } return 0; } diff --git a/src/gpgme-tool.c b/src/gpgme-tool.c index eb1fbb8..eca1906 100644 --- a/src/gpgme-tool.c +++ b/src/gpgme-tool.c @@ -1614,7 +1614,7 @@ gt_recipients_add (gpgme_tool_t gt, const char *pattern) gpgme_key_t key; if (gt->recipients_nr >= MAX_RECIPIENTS) - return gpg_error_from_errno (ENOMEM); + return gpg_error (GPG_ERR_ENOMEM); if (gpgme_get_protocol (gt->ctx) == GPGME_PROTOCOL_UISERVER) err = gpgme_key_from_uid (&key, pattern); diff --git a/src/gpgme.c b/src/gpgme.c index 2c6ac87..86099d6 100644 --- a/src/gpgme.c +++ b/src/gpgme.c @@ -87,7 +87,7 @@ gpgme_new (gpgme_ctx_t *r_ctx) ctx = calloc (1, sizeof *ctx); if (!ctx) - return TRACE_ERR (gpg_error_from_errno (errno)); + return TRACE_ERR (gpg_error_from_syserror ()); INIT_LOCK (ctx->lock); @@ -95,7 +95,7 @@ gpgme_new (gpgme_ctx_t *r_ctx) if (!ctx->engine_info) { free (ctx); - return TRACE_ERR (gpg_error_from_errno (errno)); + return TRACE_ERR (gpg_error_from_syserror ()); } ctx->keylist_mode = GPGME_KEYLIST_MODE_LOCAL; @@ -110,10 +110,11 @@ gpgme_new (gpgme_ctx_t *r_ctx) ctx->lc_ctype = strdup (def_lc_ctype); if (!ctx->lc_ctype) { + int saved_err = gpg_error_from_syserror (); UNLOCK (def_lc_lock); _gpgme_engine_info_release (ctx->engine_info); free (ctx); - return TRACE_ERR (gpg_error_from_errno (errno)); + return TRACE_ERR (saved_err); } } else @@ -124,12 +125,13 @@ gpgme_new (gpgme_ctx_t *r_ctx) ctx->lc_messages = strdup (def_lc_messages); if (!ctx->lc_messages) { + int saved_err = gpg_error_from_syserror (); UNLOCK (def_lc_lock); if (ctx->lc_ctype) free (ctx->lc_ctype); _gpgme_engine_info_release (ctx->engine_info); free (ctx); - return TRACE_ERR (gpg_error_from_errno (errno)); + return TRACE_ERR (saved_err); } } else @@ -676,14 +678,14 @@ gpgme_set_locale (gpgme_ctx_t ctx, int category, const char *value) if (failed) { - int saved_errno = errno; + int saved_err = gpg_error_from_syserror (); if (new_lc_ctype) free (new_lc_ctype); if (new_lc_messages) free (new_lc_messages); - return TRACE_ERR (gpg_error_from_errno (saved_errno)); + return TRACE_ERR (saved_err); } #define SET_ONE_LOCALE(lcat, ucat) \ diff --git a/src/import.c b/src/import.c index d4edaba..6233a15 100644 --- a/src/import.c +++ b/src/import.c @@ -174,9 +174,8 @@ parse_import (char *args, gpgme_import_status_t *import_status, int problem) import->fpr = strdup (args); if (!import->fpr) { - int saved_errno = errno; free (import); - return gpg_error_from_errno (saved_errno); + return gpg_error_from_syserror (); } *import_status = import; diff --git a/src/key.c b/src/key.c index 1094f19..59d4908 100644 --- a/src/key.c +++ b/src/key.c @@ -46,7 +46,7 @@ _gpgme_key_new (gpgme_key_t *r_key) key = calloc (1, sizeof *key); if (!key) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); key->_refs = 1; *r_key = key; @@ -61,7 +61,7 @@ _gpgme_key_add_subkey (gpgme_key_t key, gpgme_subkey_t *r_subkey) subkey = calloc (1, sizeof *subkey); if (!subkey) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); subkey->keyid = subkey->_keyid; subkey->_keyid[16] = '\0'; @@ -215,7 +215,7 @@ _gpgme_key_append_name (gpgme_key_t key, const char *src, int convert) size, so that we are able to store the parsed stuff there too. */ uid = malloc (sizeof (*uid) + 2 * src_len + 3); if (!uid) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); memset (uid, 0, sizeof *uid); uid->uid = ((char *) uid) + sizeof (*uid); diff --git a/src/keylist.c b/src/keylist.c index 3d240aa..465b472 100644 --- a/src/keylist.c +++ b/src/keylist.c @@ -558,7 +558,7 @@ keylist_colon_handler (void *priv, char *line) { key->issuer_serial = strdup (field[7]); if (!key->issuer_serial) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); } /* Field 9 has the ownertrust. */ @@ -653,7 +653,7 @@ keylist_colon_handler (void *priv, char *line) if (fields >= 10) { if (_gpgme_key_append_name (key, field[9], 1)) - return gpg_error_from_errno (GPG_ERR_ENOMEM); /* FIXME */ + return gpg_error (GPG_ERR_ENOMEM); /* FIXME */ else { if (field[1]) @@ -674,7 +674,7 @@ keylist_colon_handler (void *priv, char *line) { subkey->fpr = strdup (field[9]); if (!subkey->fpr) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); } } @@ -683,7 +683,7 @@ keylist_colon_handler (void *priv, char *line) { key->chain_id = strdup (field[12]); if (!key->chain_id) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); } break; diff --git a/src/op-support.c b/src/op-support.c index d42a247..6a0817c 100644 --- a/src/op-support.c +++ b/src/op-support.c @@ -56,7 +56,7 @@ _gpgme_op_data_lookup (gpgme_ctx_t ctx, ctx_op_data_id_t type, void **hook, data = calloc (1, sizeof (struct ctx_op_data) + size); if (!data) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); data->magic = CTX_OP_DATA_MAGIC; data->next = ctx->op_data; data->type = type; @@ -192,7 +192,7 @@ _gpgme_parse_inv_recp (char *args, gpgme_invalid_key_t *key) inv_key = malloc (sizeof (*inv_key)); if (!inv_key) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); inv_key->next = NULL; gpg_err_set_errno (0); reason = strtol (args, &tail, 0); @@ -266,9 +266,8 @@ _gpgme_parse_inv_recp (char *args, gpgme_invalid_key_t *key) inv_key->fpr = strdup (tail); if (!inv_key->fpr) { - int saved_errno = errno; free (inv_key); - return gpg_error_from_errno (saved_errno); + return gpg_error_from_syserror (); } } else diff --git a/src/passphrase.c b/src/passphrase.c index 7e5508e..00e9d99 100644 --- a/src/passphrase.c +++ b/src/passphrase.c @@ -77,7 +77,7 @@ _gpgme_passphrase_status_handler (void *priv, gpgme_status_code_t code, if (opd->uid_hint) free (opd->uid_hint); if (!(opd->uid_hint = strdup (args))) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); break; case GPGME_STATUS_BAD_PASSPHRASE: @@ -97,7 +97,7 @@ _gpgme_passphrase_status_handler (void *priv, gpgme_status_code_t code, free (opd->passphrase_info); opd->passphrase_info = strdup (args); if (!opd->passphrase_info) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); break; case GPGME_STATUS_MISSING_PASSPHRASE: diff --git a/src/progress.c b/src/progress.c index a4e48f1..c10ccaa 100644 --- a/src/progress.c +++ b/src/progress.c @@ -47,7 +47,7 @@ _gpgme_progress_status_handler (void *priv, gpgme_status_code_t code, args_cpy = strdup (args); if (!args_cpy) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); p = strchr (args_cpy, ' '); if (p) diff --git a/src/sig-notation.c b/src/sig-notation.c index 46efac6..c747ad6 100644 --- a/src/sig-notation.c +++ b/src/sig-notation.c @@ -79,7 +79,7 @@ _gpgme_sig_notation_create (gpgme_sig_notation_t *notationp, notation = calloc (1, sizeof (*notation)); if (!notation) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); /* This is critical. We want to reliably identify policy URLs by using a NULL pointer for NAME. So all notations must have a NAME @@ -91,7 +91,7 @@ _gpgme_sig_notation_create (gpgme_sig_notation_t *notationp, notation->name = malloc (name_len + 1); if (!notation->name) { - err = gpg_error_from_errno (errno); + err = gpg_error_from_syserror (); goto err; } @@ -107,7 +107,7 @@ _gpgme_sig_notation_create (gpgme_sig_notation_t *notationp, notation->value = malloc (value_len + 1); if (!notation->value) { - err = gpg_error_from_errno (errno); + err = gpg_error_from_syserror (); goto err; } diff --git a/src/sign.c b/src/sign.c index 67280e9..e910799 100644 --- a/src/sign.c +++ b/src/sign.c @@ -234,9 +234,8 @@ parse_sig_created (char *args, gpgme_new_signature_t *sigp) sig->fpr = strdup (args); if (!sig->fpr) { - int saved_errno = errno; free (sig); - return gpg_error_from_errno (saved_errno); + return gpg_error_from_syserror (); } *sigp = sig; return 0; diff --git a/src/signers.c b/src/signers.c index b2e8cfa..88f923c 100644 --- a/src/signers.c +++ b/src/signers.c @@ -80,7 +80,7 @@ gpgme_signers_add (gpgme_ctx_t ctx, const gpgme_key_t key) newarr = realloc (ctx->signers, n * sizeof (*newarr)); if (!newarr) - return TRACE_ERR (gpg_error_from_errno (errno)); + return TRACE_ERR (gpg_error_from_syserror ()); for (j = ctx->signers_size; j < n; j++) newarr[j] = NULL; ctx->signers = newarr; diff --git a/src/trust-item.c b/src/trust-item.c index 5a0b544..f9378c6 100644 --- a/src/trust-item.c +++ b/src/trust-item.c @@ -47,7 +47,7 @@ _gpgme_trust_item_new (gpgme_trust_item_t *r_item) item = calloc (1, sizeof *item); if (!item) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); item->_refs = 1; item->keyid = item->_keyid; item->_keyid[16] = '\0'; diff --git a/src/trustlist.c b/src/trustlist.c index ca7d7ee..d456780 100644 --- a/src/trustlist.c +++ b/src/trustlist.c @@ -111,9 +111,9 @@ trustlist_colon_handler (void *priv, char *line) item->name = strdup (p); if (!item->name) { - int saved_errno = errno; + int saved_err = gpg_error_from_syserror (); gpgme_trust_item_unref (item); - return gpg_error_from_errno (saved_errno); + return saved_err; } break; } diff --git a/src/wait-global.c b/src/wait-global.c index 9a194b0..f03775e 100644 --- a/src/wait-global.c +++ b/src/wait-global.c @@ -97,7 +97,7 @@ ctx_active (gpgme_ctx_t ctx) { struct ctx_list_item *li = malloc (sizeof (struct ctx_list_item)); if (!li) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); li->ctx = ctx; LOCK (ctx_list_lock); @@ -269,10 +269,10 @@ gpgme_wait_ext (gpgme_ctx_t ctx, gpgme_error_t *status, fdt.fds = malloc (i * sizeof (struct io_select_fd_s)); if (!fdt.fds) { - int saved_errno = errno; + int saved_err = gpg_error_from_syserror (); UNLOCK (ctx_list_lock); if (status) - *status = gpg_error_from_errno (saved_errno); + *status = saved_err; if (op_err) *op_err = 0; return NULL; @@ -290,10 +290,10 @@ gpgme_wait_ext (gpgme_ctx_t ctx, gpgme_error_t *status, nr = _gpgme_io_select (fdt.fds, fdt.size, 0); if (nr < 0) { - int saved_errno = errno; + int saved_err = gpg_error_from_syserror (); free (fdt.fds); if (status) - *status = gpg_error_from_errno (saved_errno); + *status = saved_err; if (op_err) *op_err = 0; return NULL; diff --git a/src/wait-private.c b/src/wait-private.c index aab8fb7..9a43110 100644 --- a/src/wait-private.c +++ b/src/wait-private.c @@ -91,7 +91,7 @@ _gpgme_wait_on_condition (gpgme_ctx_t ctx, volatile int *cond, { /* An error occured. Close all fds in this context, and signal it. */ - err = gpg_error_from_errno (errno); + err = gpg_error_from_syserror (); _gpgme_cancel_with_err (ctx, err, 0); return err; diff --git a/src/wait.c b/src/wait.c index 992f235..20b2303 100644 --- a/src/wait.c +++ b/src/wait.c @@ -73,7 +73,7 @@ fd_table_put (fd_table_t fdt, int fd, int dir, void *opaque, int *idx) new_fds = realloc (fdt->fds, (fdt->size + FDT_ALLOCSIZE) * sizeof (*new_fds)); if (!new_fds) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); fdt->fds = new_fds; fdt->size += FDT_ALLOCSIZE; @@ -113,16 +113,15 @@ _gpgme_add_io_cb (void *data, int fd, int dir, gpgme_io_cb_t fnc, tag = malloc (sizeof *tag); if (!tag) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); tag->ctx = ctx; /* Allocate a structure to hold information about the handler. */ item = calloc (1, sizeof *item); if (!item) { - int saved_errno = errno; free (tag); - return gpg_error_from_errno (saved_errno); + return gpg_error_from_syserror (); } item->ctx = ctx; item->dir = dir; ----------------------------------------------------------------------- Summary of changes: src/data-compat.c | 20 ++++++------ src/data-mem.c | 8 ++-- src/engine-assuan.c | 2 +- src/engine-g13.c | 10 +++--- src/engine-gpg.c | 86 ++++++++++++++++++++++++------------------------ src/engine-gpgconf.c | 2 +- src/engine-gpgsm.c | 4 +- src/engine-uiserver.c | 30 ++++++++-------- src/engine.c | 20 ++++++------ src/genkey.c | 2 +- src/get-env.c | 2 +- src/gpgme-tool.c | 2 +- src/gpgme.c | 14 ++++--- src/import.c | 3 +- src/key.c | 6 ++-- src/keylist.c | 8 ++-- src/op-support.c | 7 ++-- src/passphrase.c | 4 +- src/progress.c | 2 +- src/sig-notation.c | 6 ++-- src/sign.c | 3 +- src/signers.c | 2 +- src/trust-item.c | 2 +- src/trustlist.c | 4 +- src/wait-global.c | 10 +++--- src/wait-private.c | 2 +- src/wait.c | 7 ++-- 27 files changed, 133 insertions(+), 135 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 7 20:50:16 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 07 Feb 2013 20:50:16 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-149-g21feecd Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 21feecd48f990b2569cb4b385dea3e57b9501525 (commit) via 84de484bc3eaeeba755412918b01bc8444a532ee (commit) via 8b2b8dfe5c4cd346bbea2c228e75737bbeeca4c4 (commit) via 4483a4f0ea030046137ba04905eb5220c14a2161 (commit) from c27315fc6466cceb862c9e67755a8e044e9b7688 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 21feecd48f990b2569cb4b385dea3e57b9501525 Author: Werner Koch Date: Thu Feb 7 20:37:58 2013 +0100 gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase. diff --git a/NEWS b/NEWS index a8352ca..b81759c 100644 --- a/NEWS +++ b/NEWS @@ -11,6 +11,8 @@ Noteworthy changes in version 2.1.0beta4 (unreleased) * The hash algorithm is now printed for sig records in key listings. + * New option --pinentry-mode for GPG. + Noteworthy changes in version 2.1.0beta3 (2011-12-20) ----------------------------------------------------- diff --git a/doc/gpg.texi b/doc/gpg.texi index d679000..cf647e1 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2611,6 +2611,26 @@ Note that this passphrase is only used if the option @option{--batch} has also been given. This is different from @command{gpg}. @end ifclear + at ifset gpgtwoone + at item --pinentry-mode @code{mode} + at opindex pinentry-mode +Set the pinentry mode to @code{mode}. Allowed values for @code{mode} +are: + at table @asis + @item default + Use the default of the agent, which is @code{ask}. + @item ask + Force the use of the Pinentry. + @item cancel + Emulate use of Pinentry's cancel button. + @item error + Return a Pinentry error (``No Pinentry''). + @item loopback + Redirect Pinentry queries to the caller. Note that in contrast to + Pinentry the user is not prompted again if he enters a bad password. + at end table + at end ifset + @item --command-fd @code{n} @opindex command-fd This is a replacement for the deprecated shared-memory IPC mode. diff --git a/g10/call-agent.c b/g10/call-agent.c index a4d1dbb..ed141da 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -1,6 +1,6 @@ /* call-agent.c - Divert GPG operations to the agent. * Copyright (C) 2001, 2002, 2003, 2006, 2007, 2008, 2009, - * 2010, 2011 Free Software Foundation, Inc. + * 2010, 2011, 2013 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -40,47 +40,60 @@ #include "sysutils.h" #include "call-agent.h" #include "status.h" +#include "../common/shareddefs.h" #ifndef DBG_ASSUAN # define DBG_ASSUAN 1 #endif +#define CONTROL_D ('D' - 'A' + 1) + + static assuan_context_t agent_ctx = NULL; static int did_early_card_test; -struct cipher_parm_s +struct default_inq_parm_s { ctrl_t ctrl; assuan_context_t ctx; + struct { + u32 *keyid; + u32 *mainkeyid; + int pubkey_algo; + } keyinfo; +}; + +struct cipher_parm_s +{ + struct default_inq_parm_s *dflt; + assuan_context_t ctx; unsigned char *ciphertext; size_t ciphertextlen; }; struct writecert_parm_s { - assuan_context_t ctx; + struct default_inq_parm_s *dflt; const unsigned char *certdata; size_t certdatalen; }; struct writekey_parm_s { - assuan_context_t ctx; + struct default_inq_parm_s *dflt; const unsigned char *keydata; size_t keydatalen; }; struct genkey_parm_s { - ctrl_t ctrl; - assuan_context_t ctx; + struct default_inq_parm_s *dflt; const char *keyparms; }; struct import_key_parm_s { - ctrl_t ctrl; - assuan_context_t ctx; + struct default_inq_parm_s *dflt; const void *key; size_t keylen; }; @@ -161,6 +174,19 @@ start_agent (ctrl_t ctrl, int for_card) here used to indirectly enable GPG_ERR_FULLY_CANCELED. */ assuan_transact (agent_ctx, "OPTION agent-awareness=2.1.0", NULL, NULL, NULL, NULL, NULL, NULL); + /* Pass on the pinentry mode. */ + if (opt.pinentry_mode) + { + char *tmp = xasprintf ("OPTION pinentry-mode=%s", + str_pinentry_mode (opt.pinentry_mode)); + rc = assuan_transact (agent_ctx, tmp, + NULL, NULL, NULL, NULL, NULL, NULL); + xfree (tmp); + if (rc) + log_error ("setting pinentry mode '%s' failed: %s\n", + str_pinentry_mode (opt.pinentry_mode), + gpg_strerror (rc)); + } } } @@ -307,21 +333,46 @@ get_serialno_cb (void *opaque, const char *line) static gpg_error_t default_inq_cb (void *opaque, const char *line) { - gpg_error_t err; - ctrl_t ctrl = opaque; + gpg_error_t err = 0; + struct default_inq_parm_s *parm = opaque; if (!strncmp (line, "PINENTRY_LAUNCHED", 17) && (line[17]==' '||!line[17])) { - err = gpg_proxy_pinentry_notify (ctrl, line); + err = gpg_proxy_pinentry_notify (parm->ctrl, line); if (err) log_error (_("failed to proxy %s inquiry to client\n"), "PINENTRY_LAUNCHED"); /* We do not pass errors to avoid breaking other code. */ } + else if (!strncmp (line, "PASSPHRASE", 10) && (line[10]==' '||!line[10]) + && opt.pinentry_mode == PINENTRY_MODE_LOOPBACK) + { + if (have_static_passphrase ()) + { + const char *s = get_static_passphrase (); + err = assuan_send_data (parm->ctx, s, strlen (s)); + } + else + { + char *pw; + + if (parm->keyinfo.keyid) + emit_status_need_passphrase (parm->keyinfo.keyid, + parm->keyinfo.mainkeyid, + parm->keyinfo.pubkey_algo); + pw = cpr_get_hidden ("passphrase.enter", _("Enter passphrase: ")); + cpr_kill_prompt (); + if (*pw == CONTROL_D && !pw[1]) + err = gpg_error (GPG_ERR_CANCELED); + else + err = assuan_send_data (parm->ctx, pw, strlen (pw)); + xfree (pw); + } + } else log_debug ("ignoring gpg-agent inquiry '%s'\n", line); - return 0; + return err; } @@ -516,6 +567,9 @@ int agent_learn (struct agent_card_info_s *info) { int rc; + struct default_inq_parm_s parm; + + memset (&parm, 0, sizeof parm); rc = start_agent (NULL, 1); if (rc) @@ -533,10 +587,10 @@ agent_learn (struct agent_card_info_s *info) if (rc) return rc; - + parm.ctx = agent_ctx; memset (info, 0, sizeof *info); rc = assuan_transact (agent_ctx, "SCD LEARN --force", - dummy_data_cb, NULL, default_inq_cb, NULL, + dummy_data_cb, NULL, default_inq_cb, &parm, learn_status_cb, info); /* Also try to get the key attributes. */ if (!rc) @@ -553,6 +607,9 @@ agent_scd_getattr (const char *name, struct agent_card_info_s *info) { int rc; char line[ASSUAN_LINELENGTH]; + struct default_inq_parm_s parm; + + memset (&parm, 0, sizeof parm); if (!*name) return gpg_error (GPG_ERR_INV_VALUE); @@ -566,7 +623,8 @@ agent_scd_getattr (const char *name, struct agent_card_info_s *info) if (rc) return rc; - rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, NULL, + parm.ctx = agent_ctx; + rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, &parm, learn_status_cb, info); return rc; @@ -584,6 +642,9 @@ agent_scd_setattr (const char *name, int rc; char line[ASSUAN_LINELENGTH]; char *p; + struct default_inq_parm_s parm; + + memset (&parm, 0, sizeof parm); (void)serialno; @@ -615,8 +676,9 @@ agent_scd_setattr (const char *name, rc = start_agent (NULL, 1); if (!rc) { + parm.ctx = agent_ctx; rc = assuan_transact (agent_ctx, line, NULL, NULL, - default_inq_cb, NULL, NULL, NULL); + default_inq_cb, &parm, NULL, NULL); } status_sc_op_failure (rc); @@ -636,10 +698,11 @@ inq_writecert_parms (void *opaque, const char *line) if (!strncmp (line, "CERTDATA", 8) && (line[8]==' '||!line[8])) { - rc = assuan_send_data (parm->ctx, parm->certdata, parm->certdatalen); + rc = assuan_send_data (parm->dflt->ctx, + parm->certdata, parm->certdatalen); } else - rc = default_inq_cb (opaque, line); + rc = default_inq_cb (parm->dflt, line); return rc; } @@ -653,6 +716,9 @@ agent_scd_writecert (const char *certidstr, int rc; char line[ASSUAN_LINELENGTH]; struct writecert_parm_s parms; + struct default_inq_parm_s dfltparm; + + memset (&dfltparm, 0, sizeof dfltparm); rc = start_agent (NULL, 1); if (rc) @@ -662,7 +728,8 @@ agent_scd_writecert (const char *certidstr, snprintf (line, DIM(line)-1, "SCD WRITECERT %s", certidstr); line[DIM(line)-1] = 0; - parms.ctx = agent_ctx; + dfltparm.ctx = agent_ctx; + parms.dflt = &dfltparm; parms.certdata = certdata; parms.certdatalen = certdatalen; @@ -684,10 +751,10 @@ inq_writekey_parms (void *opaque, const char *line) if (!strncmp (line, "KEYDATA", 7) && (line[7]==' '||!line[7])) { - rc = assuan_send_data (parm->ctx, parm->keydata, parm->keydatalen); + rc = assuan_send_data (parm->dflt->ctx, parm->keydata, parm->keydatalen); } else - rc = default_inq_cb (opaque, line); + rc = default_inq_cb (parm->dflt, line); return rc; } @@ -701,6 +768,9 @@ agent_scd_writekey (int keyno, const char *serialno, int rc; char line[ASSUAN_LINELENGTH]; struct writekey_parm_s parms; + struct default_inq_parm_s dfltparm; + + memset (&dfltparm, 0, sizeof dfltparm); (void)serialno; @@ -712,7 +782,8 @@ agent_scd_writekey (int keyno, const char *serialno, snprintf (line, DIM(line)-1, "SCD WRITEKEY --force OPENPGP.%d", keyno); line[DIM(line)-1] = 0; - parms.ctx = agent_ctx; + dfltparm.ctx = agent_ctx; + parms.dflt = &dfltparm; parms.keydata = keydata; parms.keydatalen = keydatalen; @@ -837,6 +908,9 @@ agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force, char line[ASSUAN_LINELENGTH]; gnupg_isotime_t tbuf; struct scd_genkey_parm_s parms; + struct default_inq_parm_s dfltparm; + + memset (&dfltparm, 0, sizeof dfltparm); (void)serialno; @@ -858,9 +932,10 @@ agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force, keyno); line[DIM(line)-1] = 0; + dfltparm.ctx = agent_ctx; memset (info, 0, sizeof *info); rc = assuan_transact (agent_ctx, line, - NULL, NULL, default_inq_cb, NULL, + NULL, NULL, default_inq_cb, &dfltparm, scd_genkey_cb, &parms); xfree (parms.savedbytes); @@ -986,19 +1061,25 @@ agent_scd_readcert (const char *certidstr, char line[ASSUAN_LINELENGTH]; membuf_t data; size_t len; + struct default_inq_parm_s dfltparm; + + memset (&dfltparm, 0, sizeof dfltparm); *r_buf = NULL; rc = start_agent (NULL, 1); if (rc) return rc; + dfltparm.ctx = agent_ctx; + init_membuf (&data, 2048); snprintf (line, DIM(line)-1, "SCD READCERT %s", certidstr); line[DIM(line)-1] = 0; rc = assuan_transact (agent_ctx, line, membuf_data_cb, &data, - default_inq_cb, NULL, NULL, NULL); + default_inq_cb, &dfltparm, + NULL, NULL); if (rc) { xfree (get_membuf (&data, &len)); @@ -1029,6 +1110,9 @@ agent_scd_change_pin (int chvno, const char *serialno) int rc; char line[ASSUAN_LINELENGTH]; const char *reset = ""; + struct default_inq_parm_s dfltparm; + + memset (&dfltparm, 0, sizeof dfltparm); (void)serialno; @@ -1039,11 +1123,14 @@ agent_scd_change_pin (int chvno, const char *serialno) rc = start_agent (NULL, 1); if (rc) return rc; + dfltparm.ctx = agent_ctx; snprintf (line, DIM(line)-1, "SCD PASSWD %s %d", reset, chvno); line[DIM(line)-1] = 0; - rc = assuan_transact (agent_ctx, line, NULL, NULL, - default_inq_cb, NULL, NULL, NULL); + rc = assuan_transact (agent_ctx, line, + NULL, NULL, + default_inq_cb, &dfltparm, + NULL, NULL); status_sc_op_failure (rc); return rc; } @@ -1057,16 +1144,21 @@ agent_scd_checkpin (const char *serialno) { int rc; char line[ASSUAN_LINELENGTH]; + struct default_inq_parm_s dfltparm; + + memset (&dfltparm, 0, sizeof dfltparm); rc = start_agent (NULL, 1); if (rc) return rc; + dfltparm.ctx = agent_ctx; snprintf (line, DIM(line)-1, "SCD CHECKPIN %s", serialno); line[DIM(line)-1] = 0; rc = assuan_transact (agent_ctx, line, NULL, NULL, - default_inq_cb, NULL, NULL, NULL); + default_inq_cb, &dfltparm, + NULL, NULL); status_sc_op_failure (rc); return rc; } @@ -1102,12 +1194,16 @@ agent_get_passphrase (const char *cache_id, char *arg3 = NULL; char *arg4 = NULL; membuf_t data; + struct default_inq_parm_s dfltparm; + + memset (&dfltparm, 0, sizeof dfltparm); *r_passphrase = NULL; rc = start_agent (NULL, 0); if (rc) return rc; + dfltparm.ctx = agent_ctx; /* Check that the gpg-agent understands the repeat option. */ if (assuan_transact (agent_ctx, @@ -1145,7 +1241,8 @@ agent_get_passphrase (const char *cache_id, init_membuf_secure (&data, 64); rc = assuan_transact (agent_ctx, line, membuf_data_cb, &data, - default_inq_cb, NULL, NULL, NULL); + default_inq_cb, &dfltparm, + NULL, NULL); if (rc) xfree (get_membuf (&data, NULL)); @@ -1172,6 +1269,9 @@ agent_clear_passphrase (const char *cache_id) { int rc; char line[ASSUAN_LINELENGTH]; + struct default_inq_parm_s dfltparm; + + memset (&dfltparm, 0, sizeof dfltparm); if (!cache_id || !*cache_id) return 0; @@ -1179,11 +1279,14 @@ agent_clear_passphrase (const char *cache_id) rc = start_agent (NULL, 0); if (rc) return rc; + dfltparm.ctx = agent_ctx; snprintf (line, DIM(line)-1, "CLEAR_PASSPHRASE %s", cache_id); line[DIM(line)-1] = 0; - return assuan_transact (agent_ctx, line, NULL, NULL, - default_inq_cb, NULL, NULL, NULL); + return assuan_transact (agent_ctx, line, + NULL, NULL, + default_inq_cb, &dfltparm, + NULL, NULL); } @@ -1195,10 +1298,14 @@ gpg_agent_get_confirmation (const char *desc) int rc; char *tmp; char line[ASSUAN_LINELENGTH]; + struct default_inq_parm_s dfltparm; + + memset (&dfltparm, 0, sizeof dfltparm); rc = start_agent (NULL, 0); if (rc) return rc; + dfltparm.ctx = agent_ctx; tmp = percent_plus_escape (desc); if (!tmp) @@ -1207,8 +1314,10 @@ gpg_agent_get_confirmation (const char *desc) line[DIM(line)-1] = 0; xfree (tmp); - rc = assuan_transact (agent_ctx, line, NULL, NULL, - default_inq_cb, NULL, NULL, NULL); + rc = assuan_transact (agent_ctx, line, + NULL, NULL, + default_inq_cb, &dfltparm, + NULL, NULL); return rc; } @@ -1439,11 +1548,11 @@ inq_genkey_parms (void *opaque, const char *line) if (!strncmp (line, "KEYPARAM", 8) && (line[8]==' '||!line[8])) { - err = assuan_send_data (parm->ctx, + err = assuan_send_data (parm->dflt->ctx, parm->keyparms, strlen (parm->keyparms)); } else - err = default_inq_cb (parm->ctrl, line); + err = default_inq_cb (parm->dflt, line); return err; } @@ -1460,15 +1569,20 @@ agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, gpg_error_t err; struct genkey_parm_s gk_parm; struct cache_nonce_parm_s cn_parm; + struct default_inq_parm_s dfltparm; membuf_t data; size_t len; unsigned char *buf; char line[ASSUAN_LINELENGTH]; + memset (&dfltparm, 0, sizeof dfltparm); + dfltparm.ctrl = ctrl; + *r_pubkey = NULL; err = start_agent (ctrl, 0); if (err) return err; + dfltparm.ctx = agent_ctx; err = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL); @@ -1476,8 +1590,7 @@ agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, return err; init_membuf (&data, 1024); - gk_parm.ctrl = ctrl; - gk_parm.ctx = agent_ctx; + gk_parm.dflt = &dfltparm; gk_parm.keyparms = keyparms; snprintf (line, sizeof line, "GENKEY%s%s%s", no_protection? " --no-protection":"", @@ -1521,11 +1634,16 @@ agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip, size_t len; unsigned char *buf; char line[ASSUAN_LINELENGTH]; + struct default_inq_parm_s dfltparm; + + memset (&dfltparm, 0, sizeof dfltparm); + dfltparm.ctrl = ctrl; *r_pubkey = NULL; err = start_agent (ctrl, 0); if (err) return err; + dfltparm.ctx = agent_ctx; err = assuan_transact (agent_ctx, "RESET",NULL, NULL, NULL, NULL, NULL, NULL); if (err) @@ -1536,7 +1654,8 @@ agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip, init_membuf (&data, 1024); err = assuan_transact (agent_ctx, line, membuf_data_cb, &data, - default_inq_cb, NULL, NULL, NULL); + default_inq_cb, &dfltparm, + NULL, NULL); if (err) { xfree (get_membuf (&data, &len)); @@ -1565,17 +1684,26 @@ agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip, gpg_error_t agent_pksign (ctrl_t ctrl, const char *cache_nonce, const char *keygrip, const char *desc, + u32 *keyid, u32 *mainkeyid, int pubkey_algo, unsigned char *digest, size_t digestlen, int digestalgo, gcry_sexp_t *r_sigval) { gpg_error_t err; char line[ASSUAN_LINELENGTH]; membuf_t data; + struct default_inq_parm_s dfltparm; + + memset (&dfltparm, 0, sizeof dfltparm); + dfltparm.ctrl = ctrl; + dfltparm.keyinfo.keyid = keyid; + dfltparm.keyinfo.mainkeyid = mainkeyid; + dfltparm.keyinfo.pubkey_algo = pubkey_algo; *r_sigval = NULL; err = start_agent (ctrl, 0); if (err) return err; + dfltparm.ctx = agent_ctx; if (digestlen*2 + 50 > DIM(line)) return gpg_error (GPG_ERR_GENERAL); @@ -1613,8 +1741,9 @@ agent_pksign (ctrl_t ctrl, const char *cache_nonce, cache_nonce? " -- ":"", cache_nonce? cache_nonce:""); err = assuan_transact (agent_ctx, line, - membuf_data_cb, &data, default_inq_cb, ctrl, - NULL, NULL); + membuf_data_cb, &data, + default_inq_cb, &dfltparm, + NULL, NULL); if (err) xfree (get_membuf (&data, NULL)); else @@ -1647,11 +1776,12 @@ inq_ciphertext_cb (void *opaque, const char *line) if (!strncmp (line, "CIPHERTEXT", 10) && (line[10]==' '||!line[10])) { assuan_begin_confidential (parm->ctx); - rc = assuan_send_data (parm->ctx, parm->ciphertext, parm->ciphertextlen); + rc = assuan_send_data (parm->dflt->ctx, + parm->ciphertext, parm->ciphertextlen); assuan_end_confidential (parm->ctx); } else - rc = default_inq_cb (parm->ctrl, line); + rc = default_inq_cb (parm->dflt, line); return rc; } @@ -1660,9 +1790,12 @@ inq_ciphertext_cb (void *opaque, const char *line) /* Call the agent to do a decrypt operation using the key identified by the hex string KEYGRIP and the input data S_CIPHERTEXT. On the success the decoded value is stored verbatim at R_BUF and its - length at R_BUF; the callers needs to release it. */ + length at R_BUF; the callers needs to release it. KEYID, MAINKEYID + and PUBKEY_ALGO are used to construct additional promots or status + messages. */ gpg_error_t agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc, + u32 *keyid, u32 *mainkeyid, int pubkey_algo, gcry_sexp_t s_ciphertext, unsigned char **r_buf, size_t *r_buflen) { @@ -1671,6 +1804,13 @@ agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc, membuf_t data; size_t n, len; char *p, *buf, *endp; + struct default_inq_parm_s dfltparm; + + memset (&dfltparm, 0, sizeof dfltparm); + dfltparm.ctrl = ctrl; + dfltparm.keyinfo.keyid = keyid; + dfltparm.keyinfo.mainkeyid = mainkeyid; + dfltparm.keyinfo.pubkey_algo = pubkey_algo; if (!keygrip || strlen(keygrip) != 40 || !s_ciphertext || !r_buf || !r_buflen) return gpg_error (GPG_ERR_INV_VALUE); @@ -1679,6 +1819,7 @@ agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc, err = start_agent (ctrl, 0); if (err) return err; + dfltparm.ctx = agent_ctx; err = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL); @@ -1704,7 +1845,7 @@ agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc, { struct cipher_parm_s parm; - parm.ctrl = ctrl; + parm.dflt = &dfltparm; parm.ctx = agent_ctx; err = make_canon_sexp (s_ciphertext, &parm.ciphertext, &parm.ciphertextlen); if (err) @@ -1773,11 +1914,16 @@ agent_keywrap_key (ctrl_t ctrl, int forexport, void **r_kek, size_t *r_keklen) size_t len; unsigned char *buf; char line[ASSUAN_LINELENGTH]; + struct default_inq_parm_s dfltparm; + + memset (&dfltparm, 0, sizeof dfltparm); + dfltparm.ctrl = ctrl; *r_kek = NULL; err = start_agent (ctrl, 0); if (err) return err; + dfltparm.ctx = agent_ctx; snprintf (line, DIM(line)-1, "KEYWRAP_KEY %s", forexport? "--export":"--import"); @@ -1785,7 +1931,8 @@ agent_keywrap_key (ctrl_t ctrl, int forexport, void **r_kek, size_t *r_keklen) init_membuf_secure (&data, 64); err = assuan_transact (agent_ctx, line, membuf_data_cb, &data, - default_inq_cb, ctrl, NULL, NULL); + default_inq_cb, &dfltparm, + NULL, NULL); if (err) { xfree (get_membuf (&data, &len)); @@ -1810,10 +1957,10 @@ inq_import_key_parms (void *opaque, const char *line) if (!strncmp (line, "KEYDATA", 7) && (line[7]==' '||!line[7])) { - err = assuan_send_data (parm->ctx, parm->key, parm->keylen); + err = assuan_send_data (parm->dflt->ctx, parm->key, parm->keylen); } else - err = default_inq_cb (parm->ctrl, line); + err = default_inq_cb (parm->dflt, line); return err; } @@ -1828,10 +1975,15 @@ agent_import_key (ctrl_t ctrl, const char *desc, char **cache_nonce_addr, struct import_key_parm_s parm; struct cache_nonce_parm_s cn_parm; char line[ASSUAN_LINELENGTH]; + struct default_inq_parm_s dfltparm; + + memset (&dfltparm, 0, sizeof dfltparm); + dfltparm.ctrl = ctrl; err = start_agent (ctrl, 0); if (err) return err; + dfltparm.ctx = agent_ctx; if (desc) { @@ -1843,8 +1995,7 @@ agent_import_key (ctrl_t ctrl, const char *desc, char **cache_nonce_addr, return err; } - parm.ctrl = ctrl; - parm.ctx = agent_ctx; + parm.dflt = &dfltparm; parm.key = key; parm.keylen = keylen; @@ -1854,7 +2005,8 @@ agent_import_key (ctrl_t ctrl, const char *desc, char **cache_nonce_addr, cn_parm.cache_nonce_addr = cache_nonce_addr; cn_parm.passwd_nonce_addr = NULL; err = assuan_transact (agent_ctx, line, - NULL, NULL, inq_import_key_parms, &parm, + NULL, NULL, + inq_import_key_parms, &parm, cache_nonce_status_cb, &cn_parm); return err; } @@ -1876,12 +2028,17 @@ agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc, size_t len; unsigned char *buf; char line[ASSUAN_LINELENGTH]; + struct default_inq_parm_s dfltparm; + + memset (&dfltparm, 0, sizeof dfltparm); + dfltparm.ctrl = ctrl; *r_result = NULL; err = start_agent (ctrl, 0); if (err) return err; + dfltparm.ctx = agent_ctx; if (desc) { @@ -1902,7 +2059,7 @@ agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc, cn_parm.passwd_nonce_addr = NULL; err = assuan_transact (agent_ctx, line, membuf_data_cb, &data, - default_inq_cb, ctrl, + default_inq_cb, &dfltparm, cache_nonce_status_cb, &cn_parm); if (err) { @@ -1932,14 +2089,20 @@ agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, gpg_error_t err; struct cache_nonce_parm_s cn_parm; char line[ASSUAN_LINELENGTH]; + struct default_inq_parm_s dfltparm; + + memset (&dfltparm, 0, sizeof dfltparm); + dfltparm.ctrl = ctrl; err = start_agent (ctrl, 0); if (err) return err; + dfltparm.ctx = agent_ctx; if (!hexkeygrip || strlen (hexkeygrip) != 40) return gpg_error (GPG_ERR_INV_VALUE); + if (desc) { snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc); @@ -1958,7 +2121,7 @@ agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, cn_parm.cache_nonce_addr = cache_nonce_addr; cn_parm.passwd_nonce_addr = passwd_nonce_addr; err = assuan_transact (agent_ctx, line, NULL, NULL, - default_inq_cb, ctrl, + default_inq_cb, &dfltparm, cache_nonce_status_cb, &cn_parm); return err; } diff --git a/g10/call-agent.h b/g10/call-agent.h index 43de14f..de05d7a 100644 --- a/g10/call-agent.h +++ b/g10/call-agent.h @@ -155,12 +155,14 @@ gpg_error_t agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip, /* Create a signature. */ gpg_error_t agent_pksign (ctrl_t ctrl, const char *cache_nonce, const char *hexkeygrip, const char *desc, + u32 *keyid, u32 *mainkeyid, int pubkey_algo, unsigned char *digest, size_t digestlen, int digestalgo, gcry_sexp_t *r_sigval); /* Decrypt a ciphertext. */ gpg_error_t agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc, + u32 *keyid, u32 *mainkeyid, int pubkey_algo, gcry_sexp_t s_ciphertext, unsigned char **r_buf, size_t *r_buflen); diff --git a/g10/gpg.c b/g10/gpg.c index b614a94..9adc21a 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -56,6 +56,7 @@ #include "asshelp.h" #include "call-dirmngr.h" #include "../common/init.h" +#include "../common/shareddefs.h" #if defined(HAVE_DOSISH_SYSTEM) || defined(__CYGWIN__) #define MY_O_BINARY O_BINARY @@ -217,6 +218,7 @@ enum cmd_and_opt_values oPassphraseFD, oPassphraseFile, oPassphraseRepeat, + oPinentryMode, oCommandFD, oCommandFile, oQuickRandom, @@ -611,6 +613,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_i (oPassphraseFD, "passphrase-fd", "@"), ARGPARSE_s_s (oPassphraseFile, "passphrase-file", "@"), ARGPARSE_s_i (oPassphraseRepeat,"passphrase-repeat", "@"), + ARGPARSE_s_s (oPinentryMode, "pinentry-mode", "@"), ARGPARSE_s_i (oCommandFD, "command-fd", "@"), ARGPARSE_s_s (oCommandFile, "command-file", "@"), ARGPARSE_s_n (oQuickRandom, "debug-quick-random", "@"), @@ -2593,7 +2596,16 @@ main (int argc, char **argv) case oPassphraseFile: pwfd = open_info_file (pargs.r.ret_str, 0, 1); break; - case oPassphraseRepeat: opt.passphrase_repeat=pargs.r.ret_int; break; + case oPassphraseRepeat: + opt.passphrase_repeat = pargs.r.ret_int; + break; + + case oPinentryMode: + opt.pinentry_mode = parse_pinentry_mode (pargs.r.ret_str); + if (opt.pinentry_mode == -1) + log_error (_("invalid pinentry mode '%s'\n"), pargs.r.ret_str); + break; + case oCommandFD: opt.command_fd = translate_sys2libc_fd_int (pargs.r.ret_int, 0); break; diff --git a/g10/keydb.h b/g10/keydb.h index 22c2b67..fd80c25 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -181,6 +181,7 @@ unsigned char encode_s2k_iterations (int iterations); assuan_context_t agent_open (int try, const char *orig_codeset); void agent_close (assuan_context_t ctx); int have_static_passphrase(void); +const char *get_static_passphrase (void); void set_passphrase_from_string(const char *pass); void read_passphrase_from_fd( int fd ); void passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo ); @@ -196,6 +197,8 @@ void set_next_passphrase( const char *s ); char *get_last_passphrase(void); void next_to_last_passphrase(void); +void emit_status_need_passphrase (u32 *keyid, u32 *mainkeyid, int pubkey_algo); + char *gpg_format_keydesc (PKT_public_key *pk, int mode, int escaped); diff --git a/g10/options.h b/g10/options.h index e67d0ce..223b115 100644 --- a/g10/options.h +++ b/g10/options.h @@ -242,6 +242,7 @@ struct } *auto_key_locate; int passphrase_repeat; + int pinentry_mode; } opt; /* CTRL is used to keep some global variables we currently can't diff --git a/g10/passphrase.c b/g10/passphrase.c index cc56555..d872e36 100644 --- a/g10/passphrase.c +++ b/g10/passphrase.c @@ -43,7 +43,7 @@ #include "i18n.h" #include "status.h" #include "call-agent.h" - +#include "../common/shareddefs.h" static char *fd_passwd = NULL; static char *next_pw = NULL; @@ -104,9 +104,21 @@ encode_s2k_iterations (int iterations) int have_static_passphrase() { - return !!fd_passwd && opt.batch; + return (!!fd_passwd + && (opt.batch || opt.pinentry_mode == PINENTRY_MODE_LOOPBACK)); +} + +/* Return a static passphrase. The returned value is only valid as + long as no other passphrase related function is called. NULL may + be returned if no passphrase has been set; better use + have_static_passphrase first. */ +const char * +get_static_passphrase (void) +{ + return fd_passwd; } + /**************** * Set the passphrase to be used for the next query and only for the next * one. @@ -156,7 +168,7 @@ read_passphrase_from_fd( int fd ) int i, len; char *pw; - if ( !opt.batch ) + if ( !opt.batch && opt.pinentry_mode != PINENTRY_MODE_LOOPBACK) { /* Not used but we have to do a dummy read, so that it won't end up at the begin of the message if the quite usual trick to prepend the passphtrase to the message is used. */ @@ -187,7 +199,7 @@ read_passphrase_from_fd( int fd ) break; } pw[i] = 0; - if (!opt.batch) + if (!opt.batch && opt.pinentry_mode != PINENTRY_MODE_LOOPBACK) tty_printf("\b\b\b \n" ); xfree ( fd_passwd ); @@ -458,30 +470,9 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo, if ( keyid ) { - u32 used_kid[2]; - char *us; - - if ( keyid[2] && keyid[3] ) - { - used_kid[0] = keyid[2]; - used_kid[1] = keyid[3]; - } - else - { - used_kid[0] = keyid[0]; - used_kid[1] = keyid[1]; - } - - us = get_long_user_id_string ( keyid ); - write_status_text ( STATUS_USERID_HINT, us ); - xfree(us); - - snprintf (buf, sizeof buf -1, "%08lX%08lX %08lX%08lX %d 0", - (ulong)keyid[0], (ulong)keyid[1], - (ulong)used_kid[0], (ulong)used_kid[1], - pubkey_algo ); - - write_status_text ( STATUS_NEED_PASSPHRASE, buf ); + emit_status_need_passphrase (keyid, + keyid[2] && keyid[3]? keyid+2:NULL, + pubkey_algo); } else { @@ -614,6 +605,29 @@ passphrase_to_dek (u32 *keyid, int pubkey_algo, } +/* Emit the USERID_HINT and the NEED_PASSPHRASE status messages. + MAINKEYID may be NULL. */ +void +emit_status_need_passphrase (u32 *keyid, u32 *mainkeyid, int pubkey_algo) +{ + char buf[50]; + char *us; + + us = get_long_user_id_string (keyid); + write_status_text (STATUS_USERID_HINT, us); + xfree (us); + + snprintf (buf, sizeof buf -1, "%08lX%08lX %08lX%08lX %d 0", + (ulong)keyid[0], + (ulong)keyid[1], + (ulong)(mainkeyid? mainkeyid[0]:keyid[0]), + (ulong)(mainkeyid? mainkeyid[1]:keyid[1]), + pubkey_algo); + + write_status_text (STATUS_NEED_PASSPHRASE, buf); +} + + /* Return an allocated utf-8 string describing the key PK. If ESCAPED is true spaces and control characters are percent or plus escaped. MODE 0 is for the common prompt, MODE 1 for the import prompt. */ diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index 254e810..a98a723 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -193,7 +193,9 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid) /* Decrypt. */ desc = gpg_format_keydesc (sk, 0, 1); - err = agent_pkdecrypt (NULL, keygrip, desc, s_data, &frame, &nframe); + err = agent_pkdecrypt (NULL, keygrip, + desc, sk->keyid, sk->main_keyid, sk->pubkey_algo, + s_data, &frame, &nframe); xfree (desc); gcry_sexp_release (s_data); if (err) diff --git a/g10/sign.c b/g10/sign.c index 501f1ff..8944067 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -272,6 +272,7 @@ do_sign (PKT_public_key *pksk, PKT_signature *sig, desc = gpg_format_keydesc (pksk, 0, 1); err = agent_pksign (NULL/*ctrl*/, cache_nonce, hexgrip, desc, + pksk->keyid, pksk->main_keyid, pksk->pubkey_algo, dp, gcry_md_get_algo_dlen (mdalgo), mdalgo, &s_sigval); xfree (desc); commit 84de484bc3eaeeba755412918b01bc8444a532ee Author: Werner Koch Date: Thu Feb 7 20:18:31 2013 +0100 doc: Fix description for NEED_PASSPHRASE status. -- diff --git a/doc/DETAILS b/doc/DETAILS index 6d30efe..a52979f 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -664,7 +664,7 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: *** USERID_HINT Give a hint about the user ID for a certain keyID. -*** NEED_PASSPHRASE +*** NEED_PASSPHRASE Issued whenever a passphrase is needed. KEYTYPE is the numerical value of the public key algorithm or 0 if this is not applicable, KEYLENGTH is the length of the key or 0 if it is not known (this commit 8b2b8dfe5c4cd346bbea2c228e75737bbeeca4c4 Author: Werner Koch Date: Wed Feb 6 12:49:52 2013 +0100 agent: Move a typedef to common and provide parse_pinentry_mode. * common/agent-opt.c: New. * common/shareddefs.h: New. * common/Makefile.am: Add new files. * agent/agent.h: Include shareddefs.h. (pinentry_mode_t): Factor out to shareddefs.h. * agent/command.c (option_handler): Use parse_pinentry_mode. diff --git a/agent/agent.h b/agent/agent.h index 45bc507..8b1cae9 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -34,6 +34,7 @@ #include "../common/membuf.h" #include "../common/sysutils.h" /* (gnupg_fd_t) */ #include "../common/session-env.h" +#include "../common/shareddefs.h" /* To convey some special hash algorithms we use algorithm numbers reserved for application use. */ @@ -46,16 +47,6 @@ #define MAX_DIGEST_LEN 64 -/* Values for the pinentry mode. */ -typedef enum - { - PINENTRY_MODE_ASK = 0, /* Ask via pinentry (default). */ - PINENTRY_MODE_CANCEL, /* Always return a cancel error. */ - PINENTRY_MODE_ERROR, /* Return error code for no pinentry. */ - PINENTRY_MODE_LOOPBACK,/* Use an inquiry to get the value. */ - } -pinentry_mode_t; - /* A large struct name "opt" to keep global flags */ struct diff --git a/agent/command.c b/agent/command.c index 3ba921b..715e70a 100644 --- a/agent/command.c +++ b/agent/command.c @@ -2548,21 +2548,13 @@ option_handler (assuan_context_t ctx, const char *key, const char *value) ctrl->server_local->allow_pinentry_notify = 1; else if (!strcmp (key, "pinentry-mode")) { - if (!strcmp (value, "ask") || !strcmp (value, "default")) - ctrl->pinentry_mode = PINENTRY_MODE_ASK; - else if (!strcmp (value, "cancel")) - ctrl->pinentry_mode = PINENTRY_MODE_CANCEL; - else if (!strcmp (value, "error")) - ctrl->pinentry_mode = PINENTRY_MODE_ERROR; - else if (!strcmp (value, "loopback")) - { - if (opt.allow_loopback_pinentry) - ctrl->pinentry_mode = PINENTRY_MODE_LOOPBACK; - else - err = gpg_error (GPG_ERR_NOT_SUPPORTED); - } - else + int tmp = parse_pinentry_mode (value); + if (tmp == -1) err = gpg_error (GPG_ERR_INV_VALUE); + else if (tmp == PINENTRY_MODE_LOOPBACK && !opt.allow_loopback_pinentry) + err = gpg_error (GPG_ERR_NOT_SUPPORTED); + else + ctrl->pinentry_mode = tmp; } else if (!strcmp (key, "cache-ttl-opt-preset")) { diff --git a/common/Makefile.am b/common/Makefile.am index e0f4b80..ff8fee3 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -59,6 +59,7 @@ common_sources = \ util.h i18n.c i18n.h \ estream.c estream.h estream-printf.c estream-printf.h \ status.c status.h\ + shareddefs.h \ openpgpdefs.h \ gc-opt-flags.h \ keyserver.h \ @@ -92,6 +93,7 @@ common_sources = \ userids.c userids.h \ openpgp-oid.c \ ssh-utils.c ssh-utils.h \ + agent-opt.c \ helpfile.c # To make the code easier to read we have split home some code into diff --git a/common/agent-opt.c b/common/agent-opt.c new file mode 100644 index 0000000..4317ba3 --- /dev/null +++ b/common/agent-opt.c @@ -0,0 +1,71 @@ +/* agent-opt.c - Helper for certain agent options + * Copyright (C) 2013 Free Software Foundation, Inc. + * + * This file is part of GnuPG. + * + * This file is free software; you can redistribute it and/or modify + * it under the terms of either + * + * - the GNU Lesser General Public License as published by the Free + * Software Foundation; either version 3 of the License, or (at + * your option) any later version. + * + * or + * + * - the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * or both in parallel, as here. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include +#include +#include + +#include "shareddefs.h" + + +/* Parse VALUE and return an integer representing a pinentry_mode_t. + (-1) is returned for an invalid VALUE. */ +int +parse_pinentry_mode (const char *value) +{ + int result; + + if (!strcmp (value, "ask") || !strcmp (value, "default")) + result = PINENTRY_MODE_ASK; + else if (!strcmp (value, "cancel")) + result = PINENTRY_MODE_CANCEL; + else if (!strcmp (value, "error")) + result = PINENTRY_MODE_ERROR; + else if (!strcmp (value, "loopback")) + result = PINENTRY_MODE_LOOPBACK; + else + result = -1; + + return result; +} + +/* Return the string representation for the pinentry MODE. Returns + "?" for an invalid mode. */ +const char * +str_pinentry_mode (pinentry_mode_t mode) +{ + switch (mode) + { + case PINENTRY_MODE_ASK: return "ask"; + case PINENTRY_MODE_CANCEL: return "cancel"; + case PINENTRY_MODE_ERROR: return "error"; + case PINENTRY_MODE_LOOPBACK: return "loopback"; + } + return "?"; +} diff --git a/common/shareddefs.h b/common/shareddefs.h new file mode 100644 index 0000000..604b7e9 --- /dev/null +++ b/common/shareddefs.h @@ -0,0 +1,48 @@ +/* shareddefs.h - Constants and helpers useful for all modules + * Copyright (C) 2013 Free Software Foundation, Inc. + * + * This file is free software; you can redistribute it and/or modify + * it under the terms of either + * + * - the GNU Lesser General Public License as published by the Free + * Software Foundation; either version 3 of the License, or (at + * your option) any later version. + * + * or + * + * - the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * or both in parallel, as here. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#ifndef GNUPG_COMMON_SHAREDDEFS_H +#define GNUPG_COMMON_SHAREDDEFS_H + +/* Values for the pinentry mode. */ +typedef enum + { + PINENTRY_MODE_ASK = 0, /* Ask via pinentry (default). */ + PINENTRY_MODE_CANCEL, /* Always return a cancel error. */ + PINENTRY_MODE_ERROR, /* Return error code for no pinentry. */ + PINENTRY_MODE_LOOPBACK /* Use an inquiry to get the value. */ + } +pinentry_mode_t; + + +/*-- agent-opt.c --*/ +int parse_pinentry_mode (const char *value); +const char *str_pinentry_mode (pinentry_mode_t mode); + + + +#endif /*GNUPG_COMMON_SHAREDDEFS_H*/ commit 4483a4f0ea030046137ba04905eb5220c14a2161 Author: Werner Koch Date: Wed Feb 6 12:42:07 2013 +0100 agent: Return a better error code if no passphrase was given. * agent/protect.c (hash_passphrase): Handle an empty passphrase. -- This is mostly useful in loopback pinentry-mode. diff --git a/agent/protect.c b/agent/protect.c index d26573d..3e2cbb9 100644 --- a/agent/protect.c +++ b/agent/protect.c @@ -1075,7 +1075,11 @@ hash_passphrase (const char *passphrase, int hashalgo, unsigned long s2kcount, unsigned char *key, size_t keylen) { - + /* The key derive function does not support a zero length string for + the passphrase in the S2K modes. Return a better suited error + code than GPG_ERR_INV_DATA. */ + if (!passphrase || !*passphrase) + return gpg_error (GPG_ERR_NO_PASSPHRASE); return gcry_kdf_derive (passphrase, strlen (passphrase), s2kmode == 3? GCRY_KDF_ITERSALTED_S2K : s2kmode == 1? GCRY_KDF_SALTED_S2K : ----------------------------------------------------------------------- Summary of changes: NEWS | 2 + agent/agent.h | 11 +-- agent/command.c | 20 +-- agent/protect.c | 6 +- common/Makefile.am | 2 + common/agent-opt.c | 71 +++++++++++ common/{srv.h => shareddefs.h} | 45 +++---- doc/DETAILS | 2 +- doc/gpg.texi | 20 +++ g10/call-agent.c | 265 ++++++++++++++++++++++++++++++++-------- g10/call-agent.h | 2 + g10/gpg.c | 14 ++- g10/keydb.h | 3 + g10/options.h | 1 + g10/passphrase.c | 70 +++++++---- g10/pubkey-enc.c | 4 +- g10/sign.c | 1 + 17 files changed, 404 insertions(+), 135 deletions(-) create mode 100644 common/agent-opt.c copy common/{srv.h => shareddefs.h} (57%) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 7 20:53:28 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 07 Feb 2013 20:53:28 +0100 Subject: [git] Assuan - branch, master, updated. libassuan-2.0.3-14-gf17039b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via f17039b1ece8a8b2c56766f86b002536c7599699 (commit) from cd96daf5a4ddb4a7e9e373220a7aaead0a97c8cf (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f17039b1ece8a8b2c56766f86b002536c7599699 Author: Werner Koch Date: Thu Feb 7 20:42:44 2013 +0100 Make assuan_transact more robust against inquiry errors. * src/client.c (assuan_transact): Send an CAN after an error return from the inquiry callback. diff --git a/src/client.c b/src/client.c index 64efffd..de0e88b 100644 --- a/src/client.c +++ b/src/client.c @@ -79,7 +79,7 @@ assuan_client_read_response (assuan_context_t ctx, *line_r = NULL; *linelen_r = 0; - do + do { do { @@ -90,7 +90,7 @@ assuan_client_read_response (assuan_context_t ctx, return rc; line = ctx->inbound.line; linelen = ctx->inbound.linelen; - } + } while (!linelen); /* For data lines, we deescape immediately. The user will never @@ -137,14 +137,14 @@ assuan_client_parse_response (assuan_context_t ctx, char *line, int linelen, *off = 2; } else if (linelen >= 1 - && line[0] == 'S' + && line[0] == 'S' && (line[1] == '\0' || line[1] == ' ')) { *response = ASSUAN_RESPONSE_STATUS; *off = 1; while (line[*off] == ' ') ++*off; - } + } else if (linelen >= 2 && line[0] == 'O' && line[1] == 'K' && (line[2] == '\0' || line[2] == ' ')) @@ -162,11 +162,11 @@ assuan_client_parse_response (assuan_context_t ctx, char *line, int linelen, *off = 3; while (line[*off] == ' ') ++*off; - } + } else if (linelen >= 7 && line[0] == 'I' && line[1] == 'N' && line[2] == 'Q' && line[3] == 'U' && line[4] == 'I' && line[5] == 'R' - && line[6] == 'E' + && line[6] == 'E' && (line[7] == '\0' || line[7] == ' ')) { *response = ASSUAN_RESPONSE_INQUIRE; @@ -225,9 +225,9 @@ _assuan_read_from_server (assuan_context_t ctx, assuan_response_t *response, * @inquire_cb_arg: first argument passed to @inquire_cb * @status_cb: Callback function for a status response * @status_cb_arg: first argument passed to @status_cb - * + * * FIXME: Write documentation - * + * * Return value: 0 on success or an error code. The error code may be * the one one returned by the server via error lines or from the * callback functions. Take care: If a callback returns an error @@ -271,7 +271,7 @@ assuan_transact (assuan_context_t ctx, { if (!data_cb) rc = _assuan_error (ctx, GPG_ERR_ASS_NO_DATA_CB); - else + else { rc = data_cb (data_cb_arg, line, linelen); if (!rc) @@ -291,6 +291,15 @@ assuan_transact (assuan_context_t ctx, rc = inquire_cb (inquire_cb_arg, line); if (!rc) rc = assuan_send_data (ctx, NULL, 0); /* flush and send END */ + else + { /* Flush and send CAN. */ + /* Note that in this error case we don't want to return + an error code from sending the cancel. The dummy + read is to remove the response from the server which + we are not interested in. */ + assuan_send_data (ctx, NULL, 1); + _assuan_read_from_server (ctx, &response, &off, 0); + } if (!rc) goto again; } @@ -314,7 +323,7 @@ assuan_transact (assuan_context_t ctx, { if (!data_cb) rc = _assuan_error (ctx, GPG_ERR_ASS_NO_DATA_CB); - else + else { rc = data_cb (data_cb_arg, NULL, 0); if (!rc) ----------------------------------------------------------------------- Summary of changes: src/client.c | 29 +++++++++++++++++++---------- 1 files changed, 19 insertions(+), 10 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 7 21:14:52 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 07 Feb 2013 21:14:52 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.3.2-29-g02a2cf0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 02a2cf0ccb4d01700adf6d18316d7705d519a048 (commit) via 61a0d92b679f248505f1bf16386bc41a5bf2ba1d (commit) via 29eced50687dd8a39dafe704102ae09ea8e8533a (commit) from 51fd6d8292cb41d743407e6ac9d86a5ab8e68d8c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 02a2cf0ccb4d01700adf6d18316d7705d519a048 Author: Werner Koch Date: Thu Feb 7 21:03:02 2013 +0100 gpgme_tool: Support GPG's new pinentry-mode. * src/gpgme-tool.c (log_error): Do not always print the error source. (gt_set_pinentry_mode): New. (server_passphrase_cb): New. (cmd_pinentry_mode): New. (register_commands): Add cmd_pinentry_mode. (options): Add option --gpg-binary. (struct args): Add field gpg-binary. (parse_options, main): Implement that option. diff --git a/src/gpgme-tool.c b/src/gpgme-tool.c index eca1906..978c387 100644 --- a/src/gpgme-tool.c +++ b/src/gpgme-tool.c @@ -1,5 +1,5 @@ /* gpgme-tool.c - Assuan server exposing GnuPG Made Easy operations. - Copyright (C) 2009, 2010, 2012 g10 Code GmbH + Copyright (C) 2009, 2010, 2012, 2013 g10 Code GmbH Copyright (C) 2001, 2003, 2009, 2011 Free Software Foundation, Inc. This file is part of GPGME. @@ -645,8 +645,11 @@ log_error (int status, gpg_error_t errnum, const char *fmt, ...) vfprintf (log_stream, fmt, ap); va_end (ap); if (errnum) - fprintf (log_stream, ": %s <%s>", gpg_strerror (errnum), - gpg_strsource (errnum)); + { + fprintf (log_stream, ": %s", gpg_strerror (errnum)); + if (gpg_err_source (errnum) != GPG_ERR_SOURCE_GPGME) + fprintf (log_stream, " <%s>", gpg_strsource (errnum)); + } fprintf (log_stream, "\n"); if (status) exit (status); @@ -1466,6 +1469,10 @@ typedef struct gpgme_tool *gpgme_tool_t; /* Forward declaration. */ void gt_write_status (gpgme_tool_t gt, status_t status, ...) GT_GCC_A_SENTINEL(0); +static gpg_error_t +server_passphrase_cb (void *opaque, const char *uid_hint, const char *info, + int was_bad, int fd); + void _gt_progress_cb (void *opaque, const char *what, @@ -1495,9 +1502,10 @@ _gt_gpgme_new (gpgme_tool_t gt, gpgme_ctx_t *ctx) void gt_init (gpgme_tool_t gt) { - memset (gt, '\0', sizeof (*gt)); gpg_error_t err; + memset (gt, '\0', sizeof (*gt)); + err = _gt_gpgme_new (gt, >->ctx); if (err) log_error (1, err, "can't create gpgme context"); @@ -1777,6 +1785,19 @@ gt_get_sub_protocol (gpgme_tool_t gt) gpg_error_t +gt_set_pinentry_mode (gpgme_tool_t gt, gpgme_pinentry_mode_t mode, void *opaque) +{ + gpg_error_t err; + + gpgme_set_passphrase_cb (gt->ctx, NULL, NULL); + err = gpgme_set_pinentry_mode (gt->ctx, mode); + if (!err && mode == GPGME_PINENTRY_MODE_LOOPBACK) + gpgme_set_passphrase_cb (gt->ctx, server_passphrase_cb, opaque); + return err; +} + + +gpg_error_t gt_set_armor (gpgme_tool_t gt, int armor) { gpgme_set_armor (gt->ctx, armor); @@ -2151,6 +2172,41 @@ server_write_data (void *hook, const void *buf, size_t len) } +static gpg_error_t +server_passphrase_cb (void *opaque, const char *uid_hint, const char *info, + int was_bad, int fd) +{ + struct server *server = opaque; + gpg_error_t err; + unsigned char *buf = NULL; + size_t buflen = 0; + + if (server && server->assuan_ctx) + { + if (uid_hint) + assuan_write_status (server->assuan_ctx, "USERID_HINT", uid_hint); + if (info) + assuan_write_status (server->assuan_ctx, "NEED_PASSPHRASE", info); + + err = assuan_inquire (server->assuan_ctx, "PASSPHRASE", + &buf, &buflen, 100); + } + else + err = gpg_error (GPG_ERR_NO_PASSPHRASE); + + if (!err) + { + /* We take care to always send a LF. */ + if (gpgme_io_writen (fd, buf, buflen)) + err = gpg_error_from_syserror (); + else if (!memchr (buf, '\n', buflen) && gpgme_io_writen (fd, "\n", 1)) + err = gpg_error_from_syserror (); + } + free (buf); + return err; +} + + /* Wrapper around assuan_command_parse_fd to also handle a "file=FILENAME" argument. On success either a filename is returned at FILENAME or a file descriptor at RFD; the other one is set to @@ -2367,6 +2423,39 @@ cmd_sub_protocol (assuan_context_t ctx, char *line) } +static const char hlp_pinentry_mode[] = + "PINENTRY_MODE \n" + "\n" + "Set the pinentry mode to NAME. Allowedvalues for NAME are:\n" + " default - reset to the default of the engine,\n" + " ask - force the use of the pinentry,\n" + " cancel - emulate use of pinentry's cancel button,\n" + " error - return a pinentry error,\n" + " loopback - redirect pinentry queries to the caller.\n" + "Note that only recent versions of GPG support changing the pinentry mode."; +static gpg_error_t +cmd_pinentry_mode (assuan_context_t ctx, char *line) +{ + struct server *server = assuan_get_pointer (ctx); + gpgme_pinentry_mode_t mode; + + if (!line || !*line || !strcmp (line, "default")) + mode = GPGME_PINENTRY_MODE_DEFAULT; + else if (!strcmp (line, "ask")) + mode = GPGME_PINENTRY_MODE_ASK; + else if (!strcmp (line, "cancel")) + mode = GPGME_PINENTRY_MODE_CANCEL; + else if (!strcmp (line, "error")) + mode = GPGME_PINENTRY_MODE_ERROR; + else if (!strcmp (line, "loopback")) + mode = GPGME_PINENTRY_MODE_LOOPBACK; + else + return gpg_error (GPG_ERR_INV_VALUE); + + return gt_set_pinentry_mode (server->gt, mode, server); +} + + static const char hlp_armor[] = "ARMOR [true|false]\n" "\n" @@ -3354,6 +3443,7 @@ register_commands (assuan_context_t ctx) { "ENGINE", cmd_engine, hlp_engine }, { "PROTOCOL", cmd_protocol, hlp_protocol }, { "SUB_PROTOCOL", cmd_sub_protocol, hlp_sub_protocol }, + { "PINENTRY_MODE", cmd_pinentry_mode, hlp_pinentry_mode }, { "ARMOR", cmd_armor, hlp_armor }, { "TEXTMODE", cmd_textmode, hlp_textmode }, { "INCLUDE_CERTS", cmd_include_certs, hlp_include_certs }, @@ -3410,7 +3500,6 @@ register_commands (assuan_context_t ctx) } -/* TODO: password callback can do INQUIRE. */ void gpgme_server (gpgme_tool_t gt) { @@ -3495,6 +3584,7 @@ static char args_doc[] = "COMMAND [OPTIONS...]"; static struct argp_option options[] = { { "server", 's', 0, 0, "Server mode" }, + { "gpg-binary", 501, "FILE", 0, "Use FILE for the GPG backend" }, { 0 } }; @@ -3504,6 +3594,7 @@ static struct argp argp = { options, parse_options, args_doc, doc }; struct args { enum { CMD_DEFAULT, CMD_SERVER } cmd; + const char *gpg_binary; }; void @@ -3524,6 +3615,10 @@ parse_options (int key, char *arg, struct argp_state *state) case 's': args->cmd = CMD_SERVER; break; + + case 501: + args->gpg_binary = arg; + break; #if 0 case ARGP_KEY_ARG: if (state->arg_num >= 2) @@ -3548,6 +3643,7 @@ main (int argc, char *argv[]) { struct args args; struct gpgme_tool gt; + gpg_error_t err; #ifdef HAVE_SETLOCALE setlocale (LC_ALL, ""); @@ -3565,6 +3661,18 @@ main (int argc, char *argv[]) argp_parse (&argp, argc, argv, 0, 0, &args); log_init (); + if (args.gpg_binary) + { + if (access (args.gpg_binary, X_OK)) + err = gpg_error_from_syserror (); + else + err = gpgme_set_engine_info (GPGME_PROTOCOL_OpenPGP, + args.gpg_binary, NULL); + if (err) + log_error (1, err, "error witching OpenPGP engine to '%s'", + args.gpg_binary); + } + gt_init (>); switch (args.cmd) diff --git a/src/gpgme.def b/src/gpgme.def index 25cecb9..ccee05a 100644 --- a/src/gpgme.def +++ b/src/gpgme.def @@ -205,5 +205,8 @@ EXPORTS gpgme_set_global_flag @156 gpgme_io_writen @157 + + gpgme_set_pinentry_mode @158 + ; END diff --git a/src/libgpgme.vers b/src/libgpgme.vers index 565ec2c..c178af9 100644 --- a/src/libgpgme.vers +++ b/src/libgpgme.vers @@ -83,6 +83,8 @@ GPGME_1.1 { gpgme_set_global_flag; gpgme_io_writen; + + gpgme_set_pinentry_mode; }; commit 61a0d92b679f248505f1bf16386bc41a5bf2ba1d Author: Werner Koch Date: Thu Feb 7 20:59:16 2013 +0100 Add public function gpgme_set_pinentry_mode. * src/gpgme.c (gpgme_set_pinentry_mode): New. * src/gpgme.h.in (gpgme_pinentry_t): New. (gpgme_set_pinentry_mode): New. * src/context.h (struct gpgme_context): Add field pinentry_mode. * src/engine-backend.h (struct engine_ops): Add field set_pinentry_mode. * src/engine-gpg.c (struct engine_gpg): Add field pinentry_mode. (build_argv): Implement pinentry_mode. (gpg_set_pinentry_mode): New. (_gpgme_engine_ops_gpg): Register gpg_set_pinentry_mode. -- Note that this new fucntion may only be used with gpg 2.1. diff --git a/NEWS b/NEWS index b4b3086..7499b14 100644 --- a/NEWS +++ b/NEWS @@ -3,7 +3,15 @@ Noteworthy changes in version 1.3.3 (unreleased) * Interface changes relative to the 1.3.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + gpgme_io_writen NEW. gpgme_set_global_flag NEW. + gpgme_set_pinentry_mode NEW. + gpgme_pinentry_mode_t NEW. + GPGME_PINENTRY_MODE_DEFAULT NEW. + GPGME_PINENTRY_MODE_ASK NEW. + GPGME_PINENTRY_MODE_CANCEL NEW. + GPGME_PINENTRY_MODE_ERROR NEW. + GPGME_PINENTRY_MODE_LOOPBACK NEW. Noteworthy changes in version 1.3.2 (2012-05-02) diff --git a/src/context.h b/src/context.h index d984324..e921436 100644 --- a/src/context.h +++ b/src/context.h @@ -101,6 +101,9 @@ struct gpgme_context /* Flags for keylist mode. */ gpgme_keylist_mode_t keylist_mode; + /* The current pinnetry mode. */ + gpgme_pinentry_mode_t pinentry_mode; + /* Number of certs to be included. */ unsigned int include_certs; diff --git a/src/engine-assuan.c b/src/engine-assuan.c index a3c9e92..5ef3047 100644 --- a/src/engine-assuan.c +++ b/src/engine-assuan.c @@ -781,5 +781,7 @@ struct engine_ops _gpgme_engine_ops_assuan = llass_set_io_cbs, llass_io_event, llass_cancel, - llass_cancel_op + llass_cancel_op, + NULL, /* passwd */ + NULL /* set_pinentry_mode */ }; diff --git a/src/engine-backend.h b/src/engine-backend.h index 1adac92..a4c0eb2 100644 --- a/src/engine-backend.h +++ b/src/engine-backend.h @@ -121,6 +121,9 @@ struct engine_ops /* Change the passphrase for KEY. */ gpgme_error_t (*passwd) (void *engine, gpgme_key_t key, unsigned int flags); + + /* Set the pinentry mode. */ + gpgme_error_t (*set_pinentry_mode) (void *engine, gpgme_pinentry_mode_t mode); }; diff --git a/src/engine-g13.c b/src/engine-g13.c index 9231a9a..de0aac8 100644 --- a/src/engine-g13.c +++ b/src/engine-g13.c @@ -798,4 +798,6 @@ struct engine_ops _gpgme_engine_ops_g13 = g13_io_event, g13_cancel, g13_cancel_op, + NULL, /* passwd */ + NULL /* set_pinentry_mode */ }; diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 825a450..3f02503 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -134,6 +134,7 @@ struct engine_gpg } cmd; struct gpgme_io_cbs io_cbs; + gpgme_pinentry_mode_t pinentry_mode; }; typedef struct engine_gpg *engine_gpg_t; @@ -769,6 +770,8 @@ build_argv (engine_gpg_t gpg) argc++; if (use_agent) argc++; + if (gpg->pinentry_mode) + argc++; if (!gpg->cmd.used) argc++; /* --batch */ argc += 1; /* --no-sk-comment */ @@ -818,6 +821,32 @@ build_argv (engine_gpg_t gpg) } argc++; } + + if (gpg->pinentry_mode) + { + const char *s = NULL; + switch (gpg->pinentry_mode) + { + case GPGME_PINENTRY_MODE_DEFAULT: break; + case GPGME_PINENTRY_MODE_ASK: s = "--pinentry-mode=ask"; break; + case GPGME_PINENTRY_MODE_CANCEL: s = "--pinentry-mode=cancel"; break; + case GPGME_PINENTRY_MODE_ERROR: s = "--pinentry-mode=error"; break; + case GPGME_PINENTRY_MODE_LOOPBACK:s = "--pinentry-mode=loopback"; break; + } + if (s) + { + argv[argc] = strdup (s); + if (!argv[argc]) + { + int saved_err = gpg_error_from_syserror (); + free (fd_data_map); + free_argv (argv); + return saved_err; + } + argc++; + } + } + if (!gpg->cmd.used) { argv[argc] = strdup ("--batch"); @@ -2348,6 +2377,17 @@ gpg_set_io_cbs (void *engine, gpgme_io_cbs_t io_cbs) gpg->io_cbs = *io_cbs; } + +static gpgme_error_t +gpg_set_pinentry_mode (void *engine, gpgme_pinentry_mode_t mode) +{ + engine_gpg_t gpg = engine; + + gpg->pinentry_mode = mode; + return 0; +} + + struct engine_ops _gpgme_engine_ops_gpg = { @@ -2389,5 +2429,6 @@ struct engine_ops _gpgme_engine_ops_gpg = gpg_io_event, gpg_cancel, NULL, /* cancel_op */ - gpg_passwd + gpg_passwd, + gpg_set_pinentry_mode }; diff --git a/src/engine-gpgconf.c b/src/engine-gpgconf.c index 96c6b3d..fec0fc3 100644 --- a/src/engine-gpgconf.c +++ b/src/engine-gpgconf.c @@ -925,5 +925,8 @@ struct engine_ops _gpgme_engine_ops_gpgconf = gpgconf_conf_save, gpgconf_set_io_cbs, NULL, /* io_event */ - NULL /* cancel */ + NULL, /* cancel */ + NULL, /* cancel_op */ + NULL, /* passwd */ + NULL /* set_pinentry_mode */ }; diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c index c4272a4..79adde2 100644 --- a/src/engine-gpgsm.c +++ b/src/engine-gpgsm.c @@ -1986,5 +1986,6 @@ struct engine_ops _gpgme_engine_ops_gpgsm = gpgsm_io_event, gpgsm_cancel, NULL, /* cancel_op */ - gpgsm_passwd + gpgsm_passwd, + NULL /* set_pinentry_mode */ }; diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c index 92aebbb..abdd79e 100644 --- a/src/engine-uiserver.c +++ b/src/engine-uiserver.c @@ -1339,4 +1339,6 @@ struct engine_ops _gpgme_engine_ops_uiserver = uiserver_io_event, uiserver_cancel, NULL /* cancel_op */ + NULL, /* passwd */ + NULL /* set_pinentry_mode */ }; diff --git a/src/engine.c b/src/engine.c index d74f186..09f379c 100644 --- a/src/engine.c +++ b/src/engine.c @@ -923,3 +923,16 @@ _gpgme_engine_op_passwd (engine_t engine, gpgme_key_t key, return (*engine->ops->passwd) (engine->engine, key, flags); } + +/* Set the pinentry mode for ENGINE to MODE. */ +gpgme_error_t +_gpgme_engine_set_pinentry_mode (engine_t engine, gpgme_pinentry_mode_t mode) +{ + if (!engine) + return gpg_error (GPG_ERR_INV_VALUE); + + if (!engine->ops->set_pinentry_mode) + return gpg_error (GPG_ERR_NOT_IMPLEMENTED); + + return (*engine->ops->set_pinentry_mode) (engine->engine, mode); +} diff --git a/src/engine.h b/src/engine.h index e868307..a0287ad 100644 --- a/src/engine.h +++ b/src/engine.h @@ -160,5 +160,8 @@ gpgme_error_t _gpgme_engine_cancel_op (engine_t engine); gpgme_error_t _gpgme_engine_op_passwd (engine_t engine, gpgme_key_t key, unsigned int flags); +gpgme_error_t _gpgme_engine_set_pinentry_mode (engine_t engine, + gpgme_pinentry_mode_t mode); + #endif /* ENGINE_H */ diff --git a/src/gpgme.c b/src/gpgme.c index 79895db..76c13b1 100644 --- a/src/gpgme.c +++ b/src/gpgme.c @@ -53,8 +53,8 @@ DEFINE_STATIC_LOCK (result_ref_lock); /* Set the global flag NAME to VALUE. Return 0 on success. Note that - this function does use gpgme_error and thus a non-zero return value - merely means "error". Certain flags may be set before + this function does not use gpgme_error and thus a non-zero return + value merely means "error". Certain flags may be set before gpgme_check_version is called. See the manual for a description of supported flags. The caller must assure that this function is called only by one thread at a time. */ @@ -512,6 +512,33 @@ gpgme_get_keylist_mode (gpgme_ctx_t ctx) } +/* Set the pinentry mode for CTX to MODE. */ +gpgme_error_t +gpgme_set_pinentry_mode (gpgme_ctx_t ctx, gpgme_keylist_mode_t mode) +{ + TRACE1 (DEBUG_CTX, "gpgme_set_pinentry_mode", ctx, "pinentry_mode=%u", + (unsigned int)mode); + + if (!ctx) + return gpg_error (GPG_ERR_INV_VALUE); + + switch (mode) + { + case GPGME_PINENTRY_MODE_DEFAULT: + case GPGME_PINENTRY_MODE_ASK: + case GPGME_PINENTRY_MODE_CANCEL: + case GPGME_PINENTRY_MODE_ERROR: + case GPGME_PINENTRY_MODE_LOOPBACK: + break; + default: + return gpg_error (GPG_ERR_INV_VALUE); + } + + ctx->pinentry_mode = mode; + return 0; +} + + /* This function sets a callback function to be used to pass a passphrase to gpg. */ void diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 27ef195..4ec2367 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -1,7 +1,7 @@ /* gpgme.h - Public interface to GnuPG Made Easy. -*- c -*- Copyright (C) 2000 Werner Koch (dd9jn) Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007, 2009 - 2010, 2011, 2012 g10 Code GmbH + 2010, 2011, 2012, 2013 g10 Code GmbH This file is part of GPGME. @@ -354,6 +354,18 @@ gpgme_protocol_t; typedef unsigned int gpgme_keylist_mode_t; +/* The pinentry modes. */ +typedef enum + { + GPGME_PINENTRY_MODE_DEFAULT = 0, + GPGME_PINENTRY_MODE_ASK = 1, + GPGME_PINENTRY_MODE_CANCEL = 2, + GPGME_PINENTRY_MODE_ERROR = 3, + GPGME_PINENTRY_MODE_LOOPBACK = 4 + } +gpgme_pinentry_mode_t; + + /* The available export mode flags. */ #define GPGME_EXPORT_MODE_EXTERN 2 #define GPGME_EXPORT_MODE_MINIMAL 4 @@ -859,6 +871,10 @@ gpgme_error_t gpgme_set_keylist_mode (gpgme_ctx_t ctx, /* Get keylist mode in CTX. */ gpgme_keylist_mode_t gpgme_get_keylist_mode (gpgme_ctx_t ctx); +/* Set the pinentry mode for CTX to MODE. */ +gpgme_error_t gpgme_set_pinentry_mode (gpgme_ctx_t ctx, + gpgme_pinentry_mode_t mode); + /* Set the passphrase callback function in CTX to CB. HOOK_VALUE is passed as first argument to the passphrase callback function. */ void gpgme_set_passphrase_cb (gpgme_ctx_t ctx, diff --git a/src/op-support.c b/src/op-support.c index 6a0817c..edd317d 100644 --- a/src/op-support.c +++ b/src/op-support.c @@ -134,6 +134,15 @@ _gpgme_op_reset (gpgme_ctx_t ctx, int type) #endif if (gpg_err_code (err) == GPG_ERR_NOT_IMPLEMENTED) err = 0; + + if (!err) + { + err = _gpgme_engine_set_pinentry_mode (ctx->engine, + ctx->pinentry_mode); + if (gpg_err_code (err) == GPG_ERR_NOT_IMPLEMENTED) + err = 0; + } + if (err) { _gpgme_engine_release (ctx->engine); commit 29eced50687dd8a39dafe704102ae09ea8e8533a Author: Werner Koch Date: Thu Feb 7 20:51:29 2013 +0100 Add public function gpgme_io_writen. * src/gpgme.c (gpgme_io_read): New. -- This is a writen style variant for gpgme_io_write. It is often easier to use this one in passphrase and edit callbacks. diff --git a/doc/gpgme.texi b/doc/gpgme.texi index d074b42..b73f425 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -2374,9 +2374,10 @@ previous attempts failed, then @var{prev_was_bad} is 1, otherwise it will be 0. The user must write the passphrase, followed by a newline character, -to the file descriptor @var{fd}. If the user returns 0 indicating -success, the user must at least write a newline character before -returning from the callback. +to the file descriptor @var{fd}. The function @code{gpgme_io_writen} +should be used for the write operation. Note that if the user returns +0 to indicate success, the user must at least write a newline +character before returning from the callback. If an error occurs, return the corresponding @code{gpgme_error_t} value. You can use the error code @code{GPG_ERR_CANCELED} to abort diff --git a/src/gpgme.c b/src/gpgme.c index 86099d6..79895db 100644 --- a/src/gpgme.c +++ b/src/gpgme.c @@ -634,6 +634,30 @@ gpgme_io_write (int fd, const void *buffer, size_t count) return TRACE_SYSRES (ret); } +/* This function provides access to the internal write function. It + is to be used by user callbacks to return data to gpgme. See + gpgme_passphrase_cb_t and gpgme_edit_cb_t. Note that this is a + variant of gpgme_io_write which guarantees that all COUNT bytes are + written or an error is return. Returns: 0 on success or -1 on + error and the sets errno. */ +int +gpgme_io_writen (int fd, const void *buffer, size_t count) +{ + int ret = 0; + TRACE_BEG2 (DEBUG_GLOBAL, "gpgme_io_writen", fd, + "buffer=%p, count=%u", buffer, count); + while (count) + { + ret = _gpgme_io_write (fd, buffer, count); + if (ret < 0) + break; + buffer += ret; + count -= ret; + ret = 0; + } + return TRACE_SYSRES (ret); +} + /* This function returns the callback function for I/O. */ void diff --git a/src/gpgme.def b/src/gpgme.def index 56a6428..25cecb9 100644 --- a/src/gpgme.def +++ b/src/gpgme.def @@ -20,128 +20,128 @@ EXPORTS gpgme_check_version @1 - gpgme_get_engine_info @2 - gpgme_engine_check_version @3 - - gpgme_err_code_from_errno @4 - gpgme_err_code_to_errno @5 - gpgme_err_make_from_errno @6 - gpgme_error_from_errno @7 - gpgme_strerror @8 - gpgme_strerror_r @9 - gpgme_strsource @10 - - gpgme_data_get_encoding @11 - gpgme_data_new @12 - gpgme_data_new_from_cbs @13 - gpgme_data_new_from_fd @14 - gpgme_data_new_from_file @15 - gpgme_data_new_from_filepart @16 - gpgme_data_new_from_mem @17 - gpgme_data_new_from_stream @18 - gpgme_data_read @19 - gpgme_data_release @20 - gpgme_data_release_and_get_mem @21 - gpgme_data_seek @22 - gpgme_data_set_encoding @23 - gpgme_data_write @24 - - gpgme_get_protocol_name @25 - gpgme_hash_algo_name @26 - gpgme_pubkey_algo_name @27 - - gpgme_new @28 - gpgme_get_armor @29 - gpgme_get_include_certs @30 - gpgme_get_io_cbs @31 - gpgme_get_keylist_mode @32 - gpgme_get_passphrase_cb @33 - gpgme_get_progress_cb @34 - gpgme_get_protocol @35 - gpgme_get_textmode @36 - gpgme_release @37 - gpgme_set_armor @38 - gpgme_set_include_certs @39 - gpgme_set_io_cbs @40 - gpgme_set_keylist_mode @41 - gpgme_set_locale @42 - gpgme_set_passphrase_cb @43 - gpgme_set_progress_cb @44 - gpgme_set_protocol @45 - gpgme_set_textmode @46 - gpgme_signers_add @47 - gpgme_signers_clear @48 - gpgme_signers_enum @49 - - gpgme_key_ref @50 - gpgme_key_unref @51 - gpgme_key_release @52 - - gpgme_trust_item_ref @53 - gpgme_trust_item_unref @54 - - gpgme_cancel @55 - gpgme_op_card_edit @56 - gpgme_op_card_edit_start @57 - gpgme_op_decrypt @58 - gpgme_op_decrypt_result @59 - gpgme_op_decrypt_start @60 - gpgme_op_decrypt_verify @61 - gpgme_op_decrypt_verify_start @62 - gpgme_op_delete @63 - gpgme_op_delete_start @64 - gpgme_op_edit @65 - gpgme_op_edit_start @66 - gpgme_op_encrypt @67 - gpgme_op_encrypt_result @68 - gpgme_op_encrypt_sign @69 - gpgme_op_encrypt_sign_start @70 - gpgme_op_encrypt_start @71 - gpgme_op_export @72 - gpgme_op_export_ext @73 - gpgme_op_export_ext_start @74 - gpgme_op_export_start @75 - gpgme_op_genkey @76 - gpgme_op_genkey_result @77 - gpgme_op_genkey_start @78 - gpgme_get_key @79 - gpgme_op_import @80 - gpgme_op_import_result @81 - gpgme_op_import_start @82 - gpgme_op_keylist_end @83 - gpgme_op_keylist_ext_start @84 - gpgme_op_keylist_next @85 - gpgme_op_keylist_result @86 - gpgme_op_keylist_start @87 - gpgme_op_sign @88 - gpgme_op_sign_result @89 - gpgme_op_sign_start @90 - gpgme_op_trustlist_end @91 - gpgme_op_trustlist_next @92 - gpgme_op_trustlist_start @93 - gpgme_op_verify @94 - gpgme_op_verify_result @95 - gpgme_op_verify_start @96 - gpgme_wait @97 - - gpgme_data_new_with_read_cb @98 - gpgme_data_rewind @99 - gpgme_get_sig_status @100 - gpgme_get_sig_string_attr @101 - gpgme_get_sig_ulong_attr @102 - gpgme_get_sig_key @103 - gpgme_key_get_string_attr @104 - gpgme_key_get_ulong_attr @105 - gpgme_key_sig_get_string_attr @106 - gpgme_key_sig_get_ulong_attr @107 - gpgme_op_import_ext @108 - gpgme_trust_item_get_int_attr @109 - gpgme_trust_item_get_string_attr @110 - gpgme_trust_item_release @111 - - gpgme_set_engine_info @112 - - gpgme_ctx_get_engine_info @113 + gpgme_get_engine_info @2 + gpgme_engine_check_version @3 + + gpgme_err_code_from_errno @4 + gpgme_err_code_to_errno @5 + gpgme_err_make_from_errno @6 + gpgme_error_from_errno @7 + gpgme_strerror @8 + gpgme_strerror_r @9 + gpgme_strsource @10 + + gpgme_data_get_encoding @11 + gpgme_data_new @12 + gpgme_data_new_from_cbs @13 + gpgme_data_new_from_fd @14 + gpgme_data_new_from_file @15 + gpgme_data_new_from_filepart @16 + gpgme_data_new_from_mem @17 + gpgme_data_new_from_stream @18 + gpgme_data_read @19 + gpgme_data_release @20 + gpgme_data_release_and_get_mem @21 + gpgme_data_seek @22 + gpgme_data_set_encoding @23 + gpgme_data_write @24 + + gpgme_get_protocol_name @25 + gpgme_hash_algo_name @26 + gpgme_pubkey_algo_name @27 + + gpgme_new @28 + gpgme_get_armor @29 + gpgme_get_include_certs @30 + gpgme_get_io_cbs @31 + gpgme_get_keylist_mode @32 + gpgme_get_passphrase_cb @33 + gpgme_get_progress_cb @34 + gpgme_get_protocol @35 + gpgme_get_textmode @36 + gpgme_release @37 + gpgme_set_armor @38 + gpgme_set_include_certs @39 + gpgme_set_io_cbs @40 + gpgme_set_keylist_mode @41 + gpgme_set_locale @42 + gpgme_set_passphrase_cb @43 + gpgme_set_progress_cb @44 + gpgme_set_protocol @45 + gpgme_set_textmode @46 + gpgme_signers_add @47 + gpgme_signers_clear @48 + gpgme_signers_enum @49 + + gpgme_key_ref @50 + gpgme_key_unref @51 + gpgme_key_release @52 + + gpgme_trust_item_ref @53 + gpgme_trust_item_unref @54 + + gpgme_cancel @55 + gpgme_op_card_edit @56 + gpgme_op_card_edit_start @57 + gpgme_op_decrypt @58 + gpgme_op_decrypt_result @59 + gpgme_op_decrypt_start @60 + gpgme_op_decrypt_verify @61 + gpgme_op_decrypt_verify_start @62 + gpgme_op_delete @63 + gpgme_op_delete_start @64 + gpgme_op_edit @65 + gpgme_op_edit_start @66 + gpgme_op_encrypt @67 + gpgme_op_encrypt_result @68 + gpgme_op_encrypt_sign @69 + gpgme_op_encrypt_sign_start @70 + gpgme_op_encrypt_start @71 + gpgme_op_export @72 + gpgme_op_export_ext @73 + gpgme_op_export_ext_start @74 + gpgme_op_export_start @75 + gpgme_op_genkey @76 + gpgme_op_genkey_result @77 + gpgme_op_genkey_start @78 + gpgme_get_key @79 + gpgme_op_import @80 + gpgme_op_import_result @81 + gpgme_op_import_start @82 + gpgme_op_keylist_end @83 + gpgme_op_keylist_ext_start @84 + gpgme_op_keylist_next @85 + gpgme_op_keylist_result @86 + gpgme_op_keylist_start @87 + gpgme_op_sign @88 + gpgme_op_sign_result @89 + gpgme_op_sign_start @90 + gpgme_op_trustlist_end @91 + gpgme_op_trustlist_next @92 + gpgme_op_trustlist_start @93 + gpgme_op_verify @94 + gpgme_op_verify_result @95 + gpgme_op_verify_start @96 + gpgme_wait @97 + + gpgme_data_new_with_read_cb @98 + gpgme_data_rewind @99 + gpgme_get_sig_status @100 + gpgme_get_sig_string_attr @101 + gpgme_get_sig_ulong_attr @102 + gpgme_get_sig_key @103 + gpgme_key_get_string_attr @104 + gpgme_key_get_ulong_attr @105 + gpgme_key_sig_get_string_attr @106 + gpgme_key_sig_get_ulong_attr @107 + gpgme_op_import_ext @108 + gpgme_trust_item_get_int_attr @109 + gpgme_trust_item_get_string_attr @110 + gpgme_trust_item_release @111 + + gpgme_set_engine_info @112 + + gpgme_ctx_get_engine_info @113 gpgme_ctx_set_engine_info @114 gpgme_data_set_file_name @115 @@ -173,7 +173,7 @@ EXPORTS gpgme_op_assuan_transact @134 gpgme_check_version_internal @135 - + gpgme_io_read @136 gpgme_io_write @137 @@ -204,5 +204,6 @@ EXPORTS gpgme_set_global_flag @156 + gpgme_io_writen @157 ; END diff --git a/src/gpgme.h.in b/src/gpgme.h.in index ce469de..27ef195 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -1022,6 +1022,7 @@ void gpgme_get_io_cbs (gpgme_ctx_t ctx, gpgme_io_cbs_t io_cbs); gpgme_passphrase_cb_t and gpgme_edit_cb_t. */ ssize_t gpgme_io_read (int fd, void *buffer, size_t count); ssize_t gpgme_io_write (int fd, const void *buffer, size_t count); +int gpgme_io_writen (int fd, const void *buffer, size_t count); /* Process the pending operation and, if HANG is non-zero, wait for the pending operation to finish. */ diff --git a/src/libgpgme.vers b/src/libgpgme.vers index d59571e..565ec2c 100644 --- a/src/libgpgme.vers +++ b/src/libgpgme.vers @@ -48,9 +48,9 @@ GPGME_1.1 { gpgme_cancel_async; - gpgme_op_assuan_result; - gpgme_op_assuan_transact; - gpgme_op_assuan_transact_start; + gpgme_op_assuan_result; + gpgme_op_assuan_transact; + gpgme_op_assuan_transact_start; gpgme_check_version_internal; @@ -81,6 +81,8 @@ GPGME_1.1 { gpgme_op_passwd; gpgme_set_global_flag; + + gpgme_io_writen; }; ----------------------------------------------------------------------- Summary of changes: NEWS | 8 ++ doc/gpgme.texi | 7 +- src/context.h | 3 + src/engine-assuan.c | 4 +- src/engine-backend.h | 3 + src/engine-g13.c | 2 + src/engine-gpg.c | 43 ++++++++- src/engine-gpgconf.c | 5 +- src/engine-gpgsm.c | 3 +- src/engine-uiserver.c | 2 + src/engine.c | 13 +++ src/engine.h | 3 + src/gpgme-tool.c | 118 ++++++++++++++++++++++- src/gpgme.c | 55 +++++++++++- src/gpgme.def | 250 +++++++++++++++++++++++++------------------------ src/gpgme.h.in | 19 ++++- src/libgpgme.vers | 10 ++- src/op-support.c | 9 ++ 18 files changed, 416 insertions(+), 141 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Feb 8 01:16:00 2013 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 08 Feb 2013 01:16:00 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-150-g7253093 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 7253093addfd82a8dd25cd80e3ba820a85e3c9a7 (commit) from 21feecd48f990b2569cb4b385dea3e57b9501525 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7253093addfd82a8dd25cd80e3ba820a85e3c9a7 Author: NIIBE Yutaka Date: Thu Feb 7 10:07:51 2013 +0900 scd: Rename 'keypad' to 'pinpad'. * NEWS: Mention scd changes. * agent/divert-scd.c (getpin_cb): Change message. * agent/call-scd.c (inq_needpin): Change the protocol to POPUPPINPADPROMPT and DISMISSPINPADPROMPT. * scd/command.c (pin_cb): Likewise. * scd/apdu.c (struct reader_table_s): Rename member functions. (check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify, check_ccid_pinpad, ccid_pinpad_operation, apdu_check_pinpad apdu_pinpad_verify, apdu_pinpad_modify): Rename. * scd/apdu.h (SW_HOST_NO_PINPAD, apdu_check_pinpad) (apdu_pinpad_verify, apdu_pinpad_modify): Rename. * scd/iso7816.h (iso7816_check_pinpad): Rename. * scd/iso7816.c (map_sw): Use SW_HOST_NO_PINPAD. (iso7816_check_pinpad): Rename. (iso7816_verify_kp, iso7816_change_reference_data_kp): Follow the change. * scd/ccid-driver.h (CCID_DRIVER_ERR_NO_PINPAD): Rename. * scd/ccid-driver.c (ccid_transceive_secure): Use it. * scd/app-dinsig.c (verify_pin): Follow the change. * scd/app-nks.c (verify_pin): Follow the change. * scd/app-openpgp.c (check_pinpad_request): Rename. (parse_login_data, verify_a_chv, verify_chv3, do_change_pin): Follow the change. * scd/scdaemon.c (oDisablePinpad, oEnablePinpadVarlen): Rename. * scd/scdaemon.h (opt): Rename to disable_pinpad, enable_pinpad_varlen. * tools/gpgconf-comp.c (gc_options_scdaemon): Rename to disable-pinpad. diff --git a/NEWS b/NEWS index b81759c..370d9c4 100644 --- a/NEWS +++ b/NEWS @@ -13,6 +13,13 @@ Noteworthy changes in version 2.1.0beta4 (unreleased) * New option --pinentry-mode for GPG. + * New option --enable-pinpad-varlen for scdaemon. + + * Rename option --disable-pinpad for scdaemon (was: --disable-keypad). + + * Better support fo CCID readers. Now, internal CCID driver supports + readers with no auto configuration feature. + Noteworthy changes in version 2.1.0beta3 (2011-12-20) ----------------------------------------------------- diff --git a/agent/call-scd.c b/agent/call-scd.c index 2bda377..00b34ed 100644 --- a/agent/call-scd.c +++ b/agent/call-scd.c @@ -722,7 +722,7 @@ inq_needpin (void *opaque, const char *line) rc = assuan_send_data (parm->ctx, pin, pinlen); xfree (pin); } - else if (!strncmp (line, "POPUPKEYPADPROMPT", 17) + else if (!strncmp (line, "POPUPPINPADPROMPT", 17) && (line[17] == ' ' || !line[17])) { line += 17; @@ -731,7 +731,7 @@ inq_needpin (void *opaque, const char *line) rc = parm->getpin_cb (parm->getpin_cb_arg, line, NULL, 1); } - else if (!strncmp (line, "DISMISSKEYPADPROMPT", 19) + else if (!strncmp (line, "DISMISSPINPADPROMPT", 19) && (line[19] == ' ' || !line[19])) { rc = parm->getpin_cb (parm->getpin_cb_arg, "", NULL, 0); diff --git a/agent/divert-scd.c b/agent/divert-scd.c index 656d5cd..5d53891 100644 --- a/agent/divert-scd.c +++ b/agent/divert-scd.c @@ -223,7 +223,7 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf) else if (info && *info == '|') log_debug ("pin_cb called without proper PIN info hack\n"); - /* If BUF has been passed as NULL, we are in keypad mode: The + /* If BUF has been passed as NULL, we are in pinpad mode: The callback opens the popup and immediatley returns. */ if (!buf) { @@ -239,7 +239,7 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf) char *desc; if ( asprintf (&desc, - _("%s%%0A%%0AUse the reader's keypad for input."), + _("%s%%0A%%0AUse the reader's pinpad for input."), info) < 0 ) rc = gpg_error_from_syserror (); else diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi index 200fed8..ed2cc51 100644 --- a/doc/scdaemon.texi +++ b/doc/scdaemon.texi @@ -287,10 +287,18 @@ Note that with the current version of Scdaemon the card is powered down immediately at the next timer tick for any value of @var{n} other than 0. - - at item --disable-keypad - at opindex disable-keypad -Even if a card reader features a keypad, do not try to use it. + at item --enable-pinpad-varlen + at opindex enable-pinpad-varlen +Please specify this option when the card reader supports variable +length input for pinpad (default is no). For known readers listed in +ccid-driver, this option is not needed. Note that if your card reader +doesn't supports variable length input but you want to use it, you +need to specify your pinpad request on your card. + + + at item --disable-pinpad + at opindex disable-pinpad +Even if a card reader features a pinpad, do not try to use it. @item --deny-admin diff --git a/scd/apdu.c b/scd/apdu.c index ef7c54f..6824ded 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -97,11 +97,11 @@ struct reader_table_s { int (*get_status_reader)(int, unsigned int *); int (*send_apdu_reader)(int,unsigned char *,size_t, unsigned char *, size_t *, pininfo_t *); - int (*check_keypad)(int, int, pininfo_t *); + int (*check_pinpad)(int, int, pininfo_t *); void (*dump_status_reader)(int); int (*set_progress_cb)(int, gcry_handler_progress_t, void*); - int (*keypad_verify)(int, int, int, int, int, pininfo_t *); - int (*keypad_modify)(int, int, int, int, int, pininfo_t *); + int (*pinpad_verify)(int, int, int, int, int, pininfo_t *); + int (*pinpad_modify)(int, int, int, int, int, pininfo_t *); struct { ccid_driver_t handle; @@ -319,10 +319,10 @@ static int reset_pcsc_reader (int slot); static int apdu_get_status_internal (int slot, int hang, int no_atr_reset, unsigned int *status, unsigned int *changed); -static int check_pcsc_keypad (int slot, int command, pininfo_t *pininfo); -static int pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, +static int check_pcsc_pinpad (int slot, int command, pininfo_t *pininfo); +static int pcsc_pinpad_verify (int slot, int class, int ins, int p0, int p1, pininfo_t *pininfo); -static int pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, +static int pcsc_pinpad_modify (int slot, int class, int ins, int p0, int p1, pininfo_t *pininfo); @@ -369,11 +369,11 @@ new_reader_slot (void) reader_table[reader].reset_reader = NULL; reader_table[reader].get_status_reader = NULL; reader_table[reader].send_apdu_reader = NULL; - reader_table[reader].check_keypad = check_pcsc_keypad; + reader_table[reader].check_pinpad = check_pcsc_pinpad; reader_table[reader].dump_status_reader = NULL; reader_table[reader].set_progress_cb = NULL; - reader_table[reader].keypad_verify = pcsc_keypad_verify; - reader_table[reader].keypad_modify = pcsc_keypad_modify; + reader_table[reader].pinpad_verify = pcsc_pinpad_verify; + reader_table[reader].pinpad_modify = pcsc_pinpad_modify; reader_table[reader].used = 1; reader_table[reader].any_status = 0; @@ -428,7 +428,7 @@ host_sw_string (long err) case SW_HOST_GENERAL_ERROR: return "general error"; case SW_HOST_NO_READER: return "no reader"; case SW_HOST_ABORTED: return "aborted"; - case SW_HOST_NO_KEYPAD: return "no keypad"; + case SW_HOST_NO_PINPAD: return "no pinpad"; case SW_HOST_ALREADY_CONNECTED: return "already connected"; default: return "unknown host status error"; } @@ -661,10 +661,10 @@ open_ct_reader (int port) reader_table[reader].reset_reader = reset_ct_reader; reader_table[reader].get_status_reader = ct_get_status; reader_table[reader].send_apdu_reader = ct_send_apdu; - reader_table[reader].check_keypad = NULL; + reader_table[reader].check_pinpad = NULL; reader_table[reader].dump_status_reader = ct_dump_reader_status; - reader_table[reader].keypad_verify = NULL; - reader_table[reader].keypad_modify = NULL; + reader_table[reader].pinpad_verify = NULL; + reader_table[reader].pinpad_modify = NULL; dump_reader_status (reader); return reader; @@ -1978,9 +1978,9 @@ open_pcsc_reader (const char *portstr) /* Check whether the reader supports the ISO command code COMMAND - on the keypad. Return 0 on success. */ + on the pinpad. Return 0 on success. */ static int -check_pcsc_keypad (int slot, int command, pininfo_t *pininfo) +check_pcsc_pinpad (int slot, int command, pininfo_t *pininfo) { unsigned char buf[256]; size_t len = 256; @@ -2037,7 +2037,7 @@ check_pcsc_keypad (int slot, int command, pininfo_t *pininfo) #define PIN_VERIFY_STRUCTURE_SIZE 24 static int -pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, +pcsc_pinpad_verify (int slot, int class, int ins, int p0, int p1, pininfo_t *pininfo) { int sw; @@ -2120,7 +2120,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, #define PIN_MODIFY_STRUCTURE_SIZE 29 static int -pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, +pcsc_pinpad_modify (int slot, int class, int ins, int p0, int p1, pininfo_t *pininfo) { int sw; @@ -2325,10 +2325,10 @@ send_apdu_ccid (int slot, unsigned char *apdu, size_t apdulen, /* Check whether the CCID reader supports the ISO command code COMMAND - on the keypad. Return 0 on success. For a description of the pin + on the pinpad. Return 0 on success. For a description of the pin parameters, see ccid-driver.c */ static int -check_ccid_keypad (int slot, int command, pininfo_t *pininfo) +check_ccid_pinpad (int slot, int command, pininfo_t *pininfo) { unsigned char apdu[] = { 0, 0, 0, 0x81 }; @@ -2339,7 +2339,7 @@ check_ccid_keypad (int slot, int command, pininfo_t *pininfo) static int -ccid_keypad_operation (int slot, int class, int ins, int p0, int p1, +ccid_pinpad_operation (int slot, int class, int ins, int p0, int p1, pininfo_t *pininfo) { unsigned char apdu[4]; @@ -2406,11 +2406,11 @@ open_ccid_reader (const char *portstr) reader_table[slot].reset_reader = reset_ccid_reader; reader_table[slot].get_status_reader = get_status_ccid; reader_table[slot].send_apdu_reader = send_apdu_ccid; - reader_table[slot].check_keypad = check_ccid_keypad; + reader_table[slot].check_pinpad = check_ccid_pinpad; reader_table[slot].dump_status_reader = dump_ccid_reader_status; reader_table[slot].set_progress_cb = set_progress_cb_ccid_reader; - reader_table[slot].keypad_verify = ccid_keypad_operation; - reader_table[slot].keypad_modify = ccid_keypad_operation; + reader_table[slot].pinpad_verify = ccid_pinpad_operation; + reader_table[slot].pinpad_modify = ccid_pinpad_operation; /* Our CCID reader code does not support T=0 at all, thus reset the flag. */ reader_table[slot].is_t0 = 0; @@ -2701,10 +2701,10 @@ open_rapdu_reader (int portno, reader_table[slot].reset_reader = reset_rapdu_reader; reader_table[slot].get_status_reader = my_rapdu_get_status; reader_table[slot].send_apdu_reader = my_rapdu_send_apdu; - reader_table[slot].check_keypad = NULL; + reader_table[slot].check_pinpad = NULL; reader_table[slot].dump_status_reader = NULL; - reader_table[slot].keypad_verify = NULL; - reader_table[slot].keypad_modify = NULL; + reader_table[slot].pinpad_verify = NULL; + reader_table[slot].pinpad_modify = NULL; dump_reader_status (slot); rapdu_msg_release (msg); @@ -3392,25 +3392,25 @@ apdu_get_status (int slot, int hang, /* Check whether the reader supports the ISO command code COMMAND on - the keypad. Return 0 on success. For a description of the pin + the pinpad. Return 0 on success. For a description of the pin parameters, see ccid-driver.c */ int -apdu_check_keypad (int slot, int command, pininfo_t *pininfo) +apdu_check_pinpad (int slot, int command, pininfo_t *pininfo) { if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; - if (opt.enable_keypad_varlen) + if (opt.enable_pinpad_varlen) pininfo->fixedlen = 0; - if (reader_table[slot].check_keypad) + if (reader_table[slot].check_pinpad) { int sw; if ((sw = lock_slot (slot))) return sw; - sw = reader_table[slot].check_keypad (slot, command, pininfo); + sw = reader_table[slot].check_pinpad (slot, command, pininfo); unlock_slot (slot); return sw; } @@ -3420,20 +3420,20 @@ apdu_check_keypad (int slot, int command, pininfo_t *pininfo) int -apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, +apdu_pinpad_verify (int slot, int class, int ins, int p0, int p1, pininfo_t *pininfo) { if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; - if (reader_table[slot].keypad_verify) + if (reader_table[slot].pinpad_verify) { int sw; if ((sw = lock_slot (slot))) return sw; - sw = reader_table[slot].keypad_verify (slot, class, ins, p0, p1, + sw = reader_table[slot].pinpad_verify (slot, class, ins, p0, p1, pininfo); unlock_slot (slot); return sw; @@ -3444,20 +3444,20 @@ apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, int -apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, +apdu_pinpad_modify (int slot, int class, int ins, int p0, int p1, pininfo_t *pininfo) { if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; - if (reader_table[slot].keypad_modify) + if (reader_table[slot].pinpad_modify) { int sw; if ((sw = lock_slot (slot))) return sw; - sw = reader_table[slot].keypad_modify (slot, class, ins, p0, p1, + sw = reader_table[slot].pinpad_modify (slot, class, ins, p0, p1, pininfo); unlock_slot (slot); return sw; @@ -3487,7 +3487,7 @@ send_apdu (int slot, unsigned char *apdu, size_t apdulen, /* Core APDU tranceiver function. Parameters are described at - apdu_send_le with the exception of PININFO which indicates keypad + apdu_send_le with the exception of PININFO which indicates pinpad related operations if not NULL. If EXTENDED_MODE is not 0 command chaining or extended length will be used according to these values: diff --git a/scd/apdu.h b/scd/apdu.h index c69fe36..37f9f43 100644 --- a/scd/apdu.h +++ b/scd/apdu.h @@ -69,7 +69,7 @@ enum { SW_HOST_GENERAL_ERROR = 0x1000b, SW_HOST_NO_READER = 0x1000c, SW_HOST_ABORTED = 0x1000d, - SW_HOST_NO_KEYPAD = 0x1000e, + SW_HOST_NO_PINPAD = 0x1000e, SW_HOST_ALREADY_CONNECTED = 0x1000f }; @@ -114,10 +114,10 @@ int apdu_set_progress_cb (int slot, gcry_handler_progress_t cb, void *cb_arg); int apdu_reset (int slot); int apdu_get_status (int slot, int hang, unsigned int *status, unsigned int *changed); -int apdu_check_keypad (int slot, int command, pininfo_t *pininfo); -int apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, +int apdu_check_pinpad (int slot, int command, pininfo_t *pininfo); +int apdu_pinpad_verify (int slot, int class, int ins, int p0, int p1, pininfo_t *pininfo); -int apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, +int apdu_pinpad_modify (int slot, int class, int ins, int p0, int p1, pininfo_t *pininfo); int apdu_send_simple (int slot, int extended_mode, int class, int ins, int p0, int p1, diff --git a/scd/app-dinsig.c b/scd/app-dinsig.c index 9d4ebe2..7dad6b1 100644 --- a/scd/app-dinsig.c +++ b/scd/app-dinsig.c @@ -292,11 +292,11 @@ verify_pin (app_t app, pininfo.minlen = 6; pininfo.maxlen = 8; - if (!opt.disable_keypad - && !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) ) + if (!opt.disable_pinpad + && !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo) ) { rc = pincb (pincb_arg, - _("||Please enter your PIN at the reader's keypad"), + _("||Please enter your PIN at the reader's pinpad"), NULL); if (rc) { @@ -308,7 +308,7 @@ verify_pin (app_t app, /* Dismiss the prompt. */ pincb (pincb_arg, NULL, NULL); } - else /* No Keypad. */ + else /* No Pinpad. */ { char *pinvalue; diff --git a/scd/app-nks.c b/scd/app-nks.c index 8a48871..72e726d 100644 --- a/scd/app-nks.c +++ b/scd/app-nks.c @@ -792,8 +792,8 @@ verify_pin (app_t app, int pwid, const char *desc, pininfo.minlen = 6; pininfo.maxlen = 16; - if (!opt.disable_keypad - && !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) ) + if (!opt.disable_pinpad + && !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo) ) { rc = pincb (pincb_arg, desc, NULL); if (rc) diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 3693833..23b28c3 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -191,13 +191,13 @@ struct app_local_s { unsigned int def_chv2:1; /* Use 123456 for CHV2. */ } flags; - /* Keypad request specified on card. */ + /* Pinpad request specified on card. */ struct { unsigned int specified:1; int fixedlen_user; int fixedlen_admin; - } keypad; + } pinpad; struct { @@ -600,11 +600,11 @@ count_bits (const unsigned char *a, size_t len) Bit 1 = CHV2 has been been set to the default PIN of "123456" (this implies that bit 0 is also set). - P= + P= - Where KEYPAD_REQUEST is in the format of: or ,. + Where PINPAD_REQUEST is in the format of: or ,. N for user PIN, M for admin PIN. If M is missing it means M=N. - 0 means to force not to use keypad. + 0 means to force not to use pinpad. */ static void @@ -617,9 +617,9 @@ parse_login_data (app_t app) /* Set defaults. */ app->app_local->flags.no_sync = 0; app->app_local->flags.def_chv2 = 0; - app->app_local->keypad.specified = 0; - app->app_local->keypad.fixedlen_user = -1; - app->app_local->keypad.fixedlen_admin = -1; + app->app_local->pinpad.specified = 0; + app->app_local->pinpad.fixedlen_user = -1; + app->app_local->pinpad.fixedlen_admin = -1; /* Read the DO. */ relptr = get_one_do (app, 0x005E, &buffer, &buflen, NULL); @@ -654,7 +654,7 @@ parse_login_data (app_t app) } else if (buflen > 1 && *buffer == 'P' && buffer[1] == '=') { - /* Keypad request control sequence found. */ + /* Pinpad request control sequence found. */ buffer += 2; buflen -= 2; @@ -687,9 +687,9 @@ parse_login_data (app_t app) if (buflen && !(*buffer == '\n' || *buffer == '\x18')) goto next; - app->app_local->keypad.specified = 1; - app->app_local->keypad.fixedlen_user = n; - app->app_local->keypad.fixedlen_admin = m; + app->app_local->pinpad.specified = 1; + app->app_local->pinpad.fixedlen_user = n; + app->app_local->pinpad.fixedlen_admin = m; } } } @@ -1530,14 +1530,14 @@ do_readcert (app_t app, const char *certid, } -/* Decide if we use the keypad of the reader for PIN input according +/* Decide if we use the pinpad of the reader for PIN input according to the user preference on the card, and the capability of the - reader. This routine is only called when the reader has keypad. - Returns 0 if we use keypad, 1 otherwise. */ + reader. This routine is only called when the reader has pinpad. + Returns 0 if we use pinpad, 1 otherwise. */ static int -check_keypad_request (app_t app, pininfo_t *pininfo, int admin_pin) +check_pinpad_request (app_t app, pininfo_t *pininfo, int admin_pin) { - if (app->app_local->keypad.specified == 0) /* No preference on card. */ + if (app->app_local->pinpad.specified == 0) /* No preference on card. */ { if (pininfo->fixedlen == 0) /* Reader has varlen capability. */ return 0; /* Then, use pinpad. */ @@ -1550,9 +1550,9 @@ check_keypad_request (app_t app, pininfo_t *pininfo, int admin_pin) } if (admin_pin) - pininfo->fixedlen = app->app_local->keypad.fixedlen_admin; + pininfo->fixedlen = app->app_local->pinpad.fixedlen_admin; else - pininfo->fixedlen = app->app_local->keypad.fixedlen_user; + pininfo->fixedlen = app->app_local->pinpad.fixedlen_user; if (pininfo->fixedlen == 0 /* User requests disable pinpad. */ || pininfo->fixedlen < pininfo->minlen @@ -1566,14 +1566,14 @@ check_keypad_request (app_t app, pininfo_t *pininfo, int admin_pin) /* Verify a CHV either using using the pinentry or if possibile by - using a keypad. PINCB and PINCB_ARG describe the usual callback + using a pinpad. PINCB and PINCB_ARG describe the usual callback for the pinentry. CHVNO must be either 1 or 2. SIGCOUNT is only used with CHV1. PINVALUE is the address of a pointer which will receive a newly allocated block with the actual PIN (this is useful in case that PIN shall be used for another verify operation). The caller needs to free this value. If the function returns with success and NULL is stored at PINVALUE, the caller should take this - as an indication that the keypad has been used. + as an indication that the pinpad has been used. */ static gpg_error_t verify_a_chv (app_t app, @@ -1631,13 +1631,13 @@ verify_a_chv (app_t app, prompt = _("||Please enter the PIN"); - if (!opt.disable_keypad - && !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) - && !check_keypad_request (app, &pininfo, 0)) + if (!opt.disable_pinpad + && !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo) + && !check_pinpad_request (app, &pininfo, 0)) { - /* The reader supports the verify command through the keypad. + /* The reader supports the verify command through the pinpad. Note that the pincb appends a text to the prompt telling the - user to use the keypad. */ + user to use the pinpad. */ rc = pincb (pincb_arg, prompt, NULL); prompt = NULL; xfree (prompt_buffer); @@ -1656,7 +1656,7 @@ verify_a_chv (app_t app, } else { - /* The reader has no keypad or we don't want to use it. */ + /* The reader has no pinpad or we don't want to use it. */ rc = pincb (pincb_arg, prompt, pinvalue); prompt = NULL; xfree (prompt_buffer); @@ -1716,7 +1716,7 @@ verify_chv2 (app_t app, /* For convenience we verify CHV1 here too. We do this only if the card is not configured to require a verification before each CHV1 controlled operation (force_chv1) and if we are not - using the keypad (PINVALUE == NULL). */ + using the pinpad (PINVALUE == NULL). */ rc = iso7816_verify (app->slot, 0x81, pinvalue, strlen (pinvalue)); if (gpg_err_code (rc) == GPG_ERR_BAD_PIN) rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED); @@ -1815,11 +1815,11 @@ verify_chv3 (app_t app, if (rc) return rc; - if (!opt.disable_keypad - && !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) - && !check_keypad_request (app, &pininfo, 1)) + if (!opt.disable_pinpad + && !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo) + && !check_pinpad_request (app, &pininfo, 1)) { - /* The reader supports the verify command through the keypad. */ + /* The reader supports the verify command through the pinpad. */ rc = pincb (pincb_arg, prompt, NULL); xfree (prompt); prompt = NULL; @@ -2015,7 +2015,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, int reset_mode = !!(flags & APP_CHANGE_FLAG_RESET); int set_resetcode = 0; pininfo_t pininfo; - int use_keypad = 0; + int use_pinpad = 0; int minlen = 6; (void)ctrl; @@ -2065,16 +2065,16 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, { /* Version 2 cards. */ - if (!opt.disable_keypad - && !iso7816_check_keypad (app->slot, + if (!opt.disable_pinpad + && !iso7816_check_pinpad (app->slot, ISO7816_CHANGE_REFERENCE_DATA, &pininfo) - && !check_keypad_request (app, &pininfo, chvno == 3)) - use_keypad = 1; + && !check_pinpad_request (app, &pininfo, chvno == 3)) + use_pinpad = 1; if (reset_mode) { /* To reset a PIN the Admin PIN is required. */ - use_keypad = 0; + use_pinpad = 0; app->did_chv3 = 0; rc = verify_chv3 (app, pincb, pincb_arg); if (rc) @@ -2085,7 +2085,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, } else if (chvno == 1 || chvno == 3) { - if (!use_keypad) + if (!use_pinpad) { char *promptbuf = NULL; const char *prompt; @@ -2128,7 +2128,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, size_t valuelen; int remaining; - use_keypad = 0; + use_pinpad = 0; minlen = 8; relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL); if (!relptr || valuelen < 7) @@ -2176,7 +2176,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, else app->did_chv1 = app->did_chv2 = 0; - if (!use_keypad) + if (!use_pinpad) { /* TRANSLATORS: Do not translate the "|*|" prefixes but keep it at the start of the string. We need this elsewhere @@ -2249,7 +2249,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, /* Version 2 cards. */ assert (chvno == 1 || chvno == 3); - if (use_keypad) + if (use_pinpad) { rc = pincb (pincb_arg, chvno == 3 ? @@ -3324,7 +3324,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, sync, thus we verify CHV2 here using the given PIN. Cards with version2 to not have the need for a separate CHV2 and internally use just one. Obviously we can't do that if the - keypad has been used. */ + pinpad has been used. */ if (!app->did_chv2 && pinvalue && !app->app_local->extcap.is_v2) { rc = iso7816_verify (app->slot, 0x82, pinvalue, strlen (pinvalue)); diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index 6d6c3db..2d1ef8d 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -3352,7 +3352,7 @@ ccid_transceive_secure (ccid_driver_t handle, else if (apdu_buflen >= 4 && apdu_buf[1] == 0x24 && (handle->has_pinpad & 2)) ; else - return CCID_DRIVER_ERR_NO_KEYPAD; + return CCID_DRIVER_ERR_NO_PINPAD; if (!pininfo->minlen) pininfo->minlen = 1; diff --git a/scd/ccid-driver.h b/scd/ccid-driver.h index 217bb72..1fd7ffa 100644 --- a/scd/ccid-driver.h +++ b/scd/ccid-driver.h @@ -72,7 +72,7 @@ #define CCID_DRIVER_ERR_GENERAL_ERROR 0x1000b #define CCID_DRIVER_ERR_NO_READER 0x1000c #define CCID_DRIVER_ERR_ABORTED 0x1000d -#define CCID_DRIVER_ERR_NO_KEYPAD 0x1000e +#define CCID_DRIVER_ERR_NO_PINPAD 0x1000e struct ccid_driver_s; typedef struct ccid_driver_s *ccid_driver_t; diff --git a/scd/command.c b/scd/command.c index 343830a..6267bb0 100644 --- a/scd/command.c +++ b/scd/command.c @@ -909,13 +909,13 @@ pin_cb (void *opaque, const char *info, char **retstr) if (!retstr) { - /* We prompt for keypad entry. To make sure that the popup has + /* We prompt for pinpad entry. To make sure that the popup has been show we use an inquire and not just a status message. We ignore any value returned. */ if (info) { - log_debug ("prompting for keypad entry '%s'\n", info); - rc = estream_asprintf (&command, "POPUPKEYPADPROMPT %s", info); + log_debug ("prompting for pinpad entry '%s'\n", info); + rc = estream_asprintf (&command, "POPUPPINPADPROMPT %s", info); if (rc < 0) return gpg_error (gpg_err_code_from_errno (errno)); rc = assuan_inquire (ctx, command, &value, &valuelen, MAXLEN_PIN); @@ -923,8 +923,8 @@ pin_cb (void *opaque, const char *info, char **retstr) } else { - log_debug ("dismiss keypad entry prompt\n"); - rc = assuan_inquire (ctx, "DISMISSKEYPADPROMPT", + log_debug ("dismiss pinpad entry prompt\n"); + rc = assuan_inquire (ctx, "DISMISSPINPADPROMPT", &value, &valuelen, MAXLEN_PIN); } if (!rc) diff --git a/scd/iso7816.c b/scd/iso7816.c index b2324b4..f1dbcff 100644 --- a/scd/iso7816.c +++ b/scd/iso7816.c @@ -94,7 +94,7 @@ map_sw (int sw) case SW_HOST_GENERAL_ERROR: ec = GPG_ERR_GENERAL; break; case SW_HOST_NO_READER: ec = GPG_ERR_ENODEV; break; case SW_HOST_ABORTED: ec = GPG_ERR_CANCELED; break; - case SW_HOST_NO_KEYPAD: ec = GPG_ERR_NOT_SUPPORTED; break; + case SW_HOST_NO_PINPAD: ec = GPG_ERR_NOT_SUPPORTED; break; default: if ((sw & 0x010000)) @@ -267,26 +267,26 @@ iso7816_apdu_direct (int slot, const void *apdudata, size_t apdudatalen, /* Check whether the reader supports the ISO command code COMMAND on - the keypad. Returns 0 on success. */ + the pinpad. Returns 0 on success. */ gpg_error_t -iso7816_check_keypad (int slot, int command, pininfo_t *pininfo) +iso7816_check_pinpad (int slot, int command, pininfo_t *pininfo) { int sw; - sw = apdu_check_keypad (slot, command, pininfo); + sw = apdu_check_pinpad (slot, command, pininfo); return iso7816_map_sw (sw); } /* Perform a VERIFY command on SLOT using the card holder verification - vector CHVNO. With PININFO non-NULL the keypad of the reader will + vector CHVNO. With PININFO non-NULL the pinpad of the reader will be used. Returns 0 on success. */ gpg_error_t iso7816_verify_kp (int slot, int chvno, pininfo_t *pininfo) { int sw; - sw = apdu_keypad_verify (slot, 0x00, CMD_VERIFY, 0, chvno, pininfo); + sw = apdu_pinpad_verify (slot, 0x00, CMD_VERIFY, 0, chvno, pininfo); return map_sw (sw); } @@ -302,7 +302,7 @@ iso7816_verify (int slot, int chvno, const char *chv, size_t chvlen) } /* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder - verification vector CHVNO. With PININFO non-NULL the keypad of the + verification vector CHVNO. With PININFO non-NULL the pinpad of the reader will be used. If IS_EXCHANGE is 0, a "change reference data" is done, otherwise an "exchange reference data". */ gpg_error_t @@ -311,7 +311,7 @@ iso7816_change_reference_data_kp (int slot, int chvno, int is_exchange, { int sw; - sw = apdu_keypad_modify (slot, 0x00, CMD_CHANGE_REFERENCE_DATA, + sw = apdu_pinpad_modify (slot, 0x00, CMD_CHANGE_REFERENCE_DATA, is_exchange ? 1 : 0, chvno, pininfo); return map_sw (sw); } diff --git a/scd/iso7816.h b/scd/iso7816.h index bf195ea..6dd1052 100644 --- a/scd/iso7816.h +++ b/scd/iso7816.h @@ -24,13 +24,13 @@ #include "cardglue.h" #endif -/* Command codes used by iso7816_check_keypad. */ +/* Command codes used by iso7816_check_pinpad. */ #define ISO7816_VERIFY 0x20 #define ISO7816_CHANGE_REFERENCE_DATA 0x24 #define ISO7816_RESET_RETRY_COUNTER 0x2C -/* Information to be passed to keypad equipped readers. See +/* Information to be passed to pinpad equipped readers. See ccid-driver.c for details. */ struct pininfo_s { @@ -62,7 +62,7 @@ gpg_error_t iso7816_apdu_direct (int slot, const void *apdudata, size_t apdudatalen, int handle_more, unsigned char **result, size_t *resultlen); -gpg_error_t iso7816_check_keypad (int slot, int command, +gpg_error_t iso7816_check_pinpad (int slot, int command, pininfo_t *pininfo); gpg_error_t iso7816_verify (int slot, int chvno, const char *chv, size_t chvlen); diff --git a/scd/scdaemon.c b/scd/scdaemon.c index f8a86c8..4f9b369 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -92,11 +92,11 @@ enum cmd_and_opt_values opcscDriver, oDisableCCID, oDisableOpenSC, - oDisableKeypad, + oDisablePinpad, oAllowAdmin, oDenyAdmin, oDisableApplication, - oEnableKeypadVarlen, + oEnablePinpadVarlen, oDebugDisableTicker }; @@ -144,14 +144,14 @@ static ARGPARSE_OPTS opts[] = { /* end --disable-ccid */), ARGPARSE_s_u (oCardTimeout, "card-timeout", N_("|N|disconnect the card after N seconds of inactivity")), - ARGPARSE_s_n (oDisableKeypad, "disable-keypad", - N_("do not use a reader's keypad")), + ARGPARSE_s_n (oDisablePinpad, "disable-pinpad", + N_("do not use a reader's pinpad")), ARGPARSE_s_n (oAllowAdmin, "allow-admin", "@"), ARGPARSE_s_n (oDenyAdmin, "deny-admin", N_("deny the use of admin card commands")), ARGPARSE_s_s (oDisableApplication, "disable-application", "@"), - ARGPARSE_s_n (oEnableKeypadVarlen, "enable-keypad-varlen", - N_("use variable length input for keypad")), + ARGPARSE_s_n (oEnablePinpadVarlen, "enable-pinpad-varlen", + N_("use variable length input for pinpad")), ARGPARSE_end () }; @@ -579,7 +579,7 @@ main (int argc, char **argv ) case oDisableCCID: opt.disable_ccid = 1; break; case oDisableOpenSC: break; - case oDisableKeypad: opt.disable_keypad = 1; break; + case oDisablePinpad: opt.disable_pinpad = 1; break; case oAllowAdmin: /* Dummy because allow is now the default. */ break; @@ -591,7 +591,7 @@ main (int argc, char **argv ) add_to_strlist (&opt.disabled_applications, pargs.r.ret_str); break; - case oEnableKeypadVarlen: opt.enable_keypad_varlen = 1; break; + case oEnablePinpadVarlen: opt.enable_pinpad_varlen = 1; break; default: pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR; @@ -681,8 +681,9 @@ main (int argc, char **argv ) es_printf ("disable-ccid:%lu:\n", GC_OPT_FLAG_NONE ); #endif es_printf ("deny-admin:%lu:\n", GC_OPT_FLAG_NONE ); - es_printf ("disable-keypad:%lu:\n", GC_OPT_FLAG_NONE ); + es_printf ("disable-pinpad:%lu:\n", GC_OPT_FLAG_NONE ); es_printf ("card-timeout:%lu:%d:\n", GC_OPT_FLAG_DEFAULT, 0); + es_printf ("enable-pinpad-varlen:%lu:\n", GC_OPT_FLAG_NONE ); scd_exit (0); } diff --git a/scd/scdaemon.h b/scd/scdaemon.h index 8f048d5..ab63425 100644 --- a/scd/scdaemon.h +++ b/scd/scdaemon.h @@ -56,8 +56,8 @@ struct const char *pcsc_driver; /* Library to access the PC/SC system. */ const char *reader_port; /* NULL or reder port to use. */ int disable_ccid; /* Disable the use of the internal CCID driver. */ - int disable_keypad; /* Do not use a keypad. */ - int enable_keypad_varlen; /* Use variable length input for keypad. */ + int disable_pinpad; /* Do not use a pinpad. */ + int enable_pinpad_varlen; /* Use variable length input for pinpad. */ int allow_admin; /* Allow the use of admin commands for certain cards. */ strlist_t disabled_applications; /* Card applications we do not diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c index d07ab59..9dbddee 100644 --- a/tools/gpgconf-comp.c +++ b/tools/gpgconf-comp.c @@ -617,8 +617,8 @@ static gc_option_t gc_options_scdaemon[] = { "disable-ccid", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT, "gnupg", "do not use the internal CCID driver", GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON }, - { "disable-keypad", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC, - "gnupg", "do not use a reader's keypad", + { "disable-pinpad", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC, + "gnupg", "do not use a reader's pinpad", GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON }, { "card-timeout", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC, "gnupg", "|N|disconnect the card after N seconds of inactivity", ----------------------------------------------------------------------- Summary of changes: NEWS | 7 ++++ agent/call-scd.c | 4 +- agent/divert-scd.c | 4 +- doc/scdaemon.texi | 16 +++++++-- scd/apdu.c | 76 ++++++++++++++++++++++---------------------- scd/apdu.h | 8 ++-- scd/app-dinsig.c | 8 ++-- scd/app-nks.c | 4 +- scd/app-openpgp.c | 86 +++++++++++++++++++++++++------------------------- scd/ccid-driver.c | 2 +- scd/ccid-driver.h | 2 +- scd/command.c | 10 +++--- scd/iso7816.c | 16 +++++----- scd/iso7816.h | 6 ++-- scd/scdaemon.c | 19 ++++++----- scd/scdaemon.h | 4 +- tools/gpgconf-comp.c | 4 +- 17 files changed, 146 insertions(+), 130 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Feb 8 01:31:39 2013 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 08 Feb 2013 01:31:39 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.19-85-gc2744e9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via c2744e97c85d04452f3d7bfe30e1da294c636a4f (commit) from 9fec82a30bec953b09548840dac4e8999310498e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c2744e97c85d04452f3d7bfe30e1da294c636a4f Author: NIIBE Yutaka Date: Thu Feb 7 10:07:51 2013 +0900 scd: Rename 'keypad' to 'pinpad'. * NEWS: Mention scd changes. * agent/divert-scd.c (getpin_cb): Change message. * agent/call-scd.c (inq_needpin): Change the protocol to POPUPPINPADPROMPT and DISMISSPINPADPROMPT. * scd/command.c (pin_cb): Likewise. * scd/apdu.c (struct reader_table_s): Rename member functions. (check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify, check_ccid_pinpad, ccid_pinpad_operation, apdu_check_pinpad apdu_pinpad_verify, apdu_pinpad_modify): Rename. * scd/apdu.h (SW_HOST_NO_PINPAD, apdu_check_pinpad) (apdu_pinpad_verify, apdu_pinpad_modify): Rename. * scd/iso7816.h (iso7816_check_pinpad): Rename. * scd/iso7816.c (map_sw): Use SW_HOST_NO_PINPAD. (iso7816_check_pinpad): Rename. (iso7816_verify_kp, iso7816_change_reference_data_kp): Follow the change. * scd/ccid-driver.h (CCID_DRIVER_ERR_NO_PINPAD): Rename. * scd/ccid-driver.c (ccid_transceive_secure): Use it. * scd/app-dinsig.c (verify_pin): Follow the change. * scd/app-nks.c (verify_pin): Follow the change. * scd/app-openpgp.c (check_pinpad_request): Rename. (parse_login_data, verify_a_chv, verify_chv3, do_change_pin): Follow the change. * scd/scdaemon.c (oDisablePinpad, oEnablePinpadVarlen): Rename. * scd/scdaemon.h (opt): Rename to disable_pinpad, enable_pinpad_varlen. * tools/gpgconf-comp.c (gc_options_scdaemon): Rename to disable-pinpad. diff --git a/NEWS b/NEWS index 8fd346f..d10dad4 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,17 @@ Noteworthy changes in version 2.0.20 (unreleased) * The hash algorithm is now printed for sig records in key listings. + * [scdaemon] Add pinpad input for PC/SC, if your reader has pinpad + and it supports variable length PIN input, and you specify + --enable-pinpad-varlen option. + + * [scdaemon] New option --enable-pinpad-varlen. + + * [scdaemon] Rename option --disable-pinpad (was: --disable-keypad). + + * [scdaemon] Better support fo CCID readers. Now, internal CCID + driver supports readers with no auto configuration feature. + Noteworthy changes in version 2.0.19 (2012-03-27) ------------------------------------------------- diff --git a/agent/call-scd.c b/agent/call-scd.c index 5a43377..9a2e65e 100644 --- a/agent/call-scd.c +++ b/agent/call-scd.c @@ -750,7 +750,7 @@ inq_needpin (void *opaque, const char *line) rc = assuan_send_data (parm->ctx, pin, pinlen); xfree (pin); } - else if (!strncmp (line, "POPUPKEYPADPROMPT", 17) + else if (!strncmp (line, "POPUPPINPADPROMPT", 17) && (line[17] == ' ' || !line[17])) { line += 17; @@ -759,7 +759,7 @@ inq_needpin (void *opaque, const char *line) rc = parm->getpin_cb (parm->getpin_cb_arg, line, NULL, 1); } - else if (!strncmp (line, "DISMISSKEYPADPROMPT", 19) + else if (!strncmp (line, "DISMISSPINPADPROMPT", 19) && (line[19] == ' ' || !line[19])) { rc = parm->getpin_cb (parm->getpin_cb_arg, "", NULL, 0); diff --git a/agent/divert-scd.c b/agent/divert-scd.c index bf07d07..1f36f6e 100644 --- a/agent/divert-scd.c +++ b/agent/divert-scd.c @@ -219,7 +219,7 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf) else if (info && *info == '|') log_debug ("pin_cb called without proper PIN info hack\n"); - /* If BUF has been passed as NULL, we are in keypad mode: The + /* If BUF has been passed as NULL, we are in pinpad mode: The callback opens the popup and immediatley returns. */ if (!buf) { @@ -235,7 +235,7 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf) char *desc; if ( asprintf (&desc, - _("%s%%0A%%0AUse the reader's keypad for input."), + _("%s%%0A%%0AUse the reader's pinpad for input."), info) < 0 ) rc = gpg_error_from_syserror (); else diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi index 200fed8..ed2cc51 100644 --- a/doc/scdaemon.texi +++ b/doc/scdaemon.texi @@ -287,10 +287,18 @@ Note that with the current version of Scdaemon the card is powered down immediately at the next timer tick for any value of @var{n} other than 0. - - at item --disable-keypad - at opindex disable-keypad -Even if a card reader features a keypad, do not try to use it. + at item --enable-pinpad-varlen + at opindex enable-pinpad-varlen +Please specify this option when the card reader supports variable +length input for pinpad (default is no). For known readers listed in +ccid-driver, this option is not needed. Note that if your card reader +doesn't supports variable length input but you want to use it, you +need to specify your pinpad request on your card. + + + at item --disable-pinpad + at opindex disable-pinpad +Even if a card reader features a pinpad, do not try to use it. @item --deny-admin diff --git a/scd/apdu.c b/scd/apdu.c index f1e53ea..196d58b 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -96,11 +96,11 @@ struct reader_table_s { int (*get_status_reader)(int, unsigned int *); int (*send_apdu_reader)(int,unsigned char *,size_t, unsigned char *, size_t *, pininfo_t *); - int (*check_keypad)(int, int, pininfo_t *); + int (*check_pinpad)(int, int, pininfo_t *); void (*dump_status_reader)(int); int (*set_progress_cb)(int, gcry_handler_progress_t, void*); - int (*keypad_verify)(int, int, int, int, int, pininfo_t *); - int (*keypad_modify)(int, int, int, int, int, pininfo_t *); + int (*pinpad_verify)(int, int, int, int, int, pininfo_t *); + int (*pinpad_modify)(int, int, int, int, int, pininfo_t *); struct { ccid_driver_t handle; @@ -301,10 +301,10 @@ static int reset_pcsc_reader (int slot); static int apdu_get_status_internal (int slot, int hang, int no_atr_reset, unsigned int *status, unsigned int *changed); -static int check_pcsc_keypad (int slot, int command, pininfo_t *pininfo); -static int pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, +static int check_pcsc_pinpad (int slot, int command, pininfo_t *pininfo); +static int pcsc_pinpad_verify (int slot, int class, int ins, int p0, int p1, pininfo_t *pininfo); -static int pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, +static int pcsc_pinpad_modify (int slot, int class, int ins, int p0, int p1, pininfo_t *pininfo); @@ -393,11 +393,11 @@ new_reader_slot (void) reader_table[reader].reset_reader = NULL; reader_table[reader].get_status_reader = NULL; reader_table[reader].send_apdu_reader = NULL; - reader_table[reader].check_keypad = check_pcsc_keypad; + reader_table[reader].check_pinpad = check_pcsc_pinpad; reader_table[reader].dump_status_reader = NULL; reader_table[reader].set_progress_cb = NULL; - reader_table[reader].keypad_verify = pcsc_keypad_verify; - reader_table[reader].keypad_modify = pcsc_keypad_modify; + reader_table[reader].pinpad_verify = pcsc_pinpad_verify; + reader_table[reader].pinpad_modify = pcsc_pinpad_modify; reader_table[reader].used = 1; reader_table[reader].any_status = 0; @@ -452,7 +452,7 @@ host_sw_string (long err) case SW_HOST_GENERAL_ERROR: return "general error"; case SW_HOST_NO_READER: return "no reader"; case SW_HOST_ABORTED: return "aborted"; - case SW_HOST_NO_KEYPAD: return "no keypad"; + case SW_HOST_NO_PINPAD: return "no pinpad"; case SW_HOST_ALREADY_CONNECTED: return "already connected"; default: return "unknown host status error"; } @@ -683,10 +683,10 @@ open_ct_reader (int port) reader_table[reader].reset_reader = reset_ct_reader; reader_table[reader].get_status_reader = ct_get_status; reader_table[reader].send_apdu_reader = ct_send_apdu; - reader_table[reader].check_keypad = NULL; + reader_table[reader].check_pinpad = NULL; reader_table[reader].dump_status_reader = ct_dump_reader_status; - reader_table[reader].keypad_verify = NULL; - reader_table[reader].keypad_modify = NULL; + reader_table[reader].pinpad_verify = NULL; + reader_table[reader].pinpad_modify = NULL; dump_reader_status (reader); unlock_slot (reader); @@ -2008,9 +2008,9 @@ open_pcsc_reader (const char *portstr) /* Check whether the reader supports the ISO command code COMMAND - on the keypad. Return 0 on success. */ + on the pinpad. Return 0 on success. */ static int -check_pcsc_keypad (int slot, int command, pininfo_t *pininfo) +check_pcsc_pinpad (int slot, int command, pininfo_t *pininfo) { unsigned char buf[256]; size_t len = 256; @@ -2067,7 +2067,7 @@ check_pcsc_keypad (int slot, int command, pininfo_t *pininfo) #define PIN_VERIFY_STRUCTURE_SIZE 24 static int -pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, +pcsc_pinpad_verify (int slot, int class, int ins, int p0, int p1, pininfo_t *pininfo) { int sw; @@ -2148,7 +2148,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, #define PIN_MODIFY_STRUCTURE_SIZE 29 static int -pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, +pcsc_pinpad_modify (int slot, int class, int ins, int p0, int p1, pininfo_t *pininfo) { int sw; @@ -2353,10 +2353,10 @@ send_apdu_ccid (int slot, unsigned char *apdu, size_t apdulen, /* Check whether the CCID reader supports the ISO command code COMMAND - on the keypad. Return 0 on success. For a description of the pin + on the pinpad. Return 0 on success. For a description of the pin parameters, see ccid-driver.c */ static int -check_ccid_keypad (int slot, int command, pininfo_t *pininfo) +check_ccid_pinpad (int slot, int command, pininfo_t *pininfo) { unsigned char apdu[] = { 0, 0, 0, 0x81 }; @@ -2367,7 +2367,7 @@ check_ccid_keypad (int slot, int command, pininfo_t *pininfo) static int -ccid_keypad_operation (int slot, int class, int ins, int p0, int p1, +ccid_pinpad_operation (int slot, int class, int ins, int p0, int p1, pininfo_t *pininfo) { unsigned char apdu[4]; @@ -2435,11 +2435,11 @@ open_ccid_reader (const char *portstr) reader_table[slot].reset_reader = reset_ccid_reader; reader_table[slot].get_status_reader = get_status_ccid; reader_table[slot].send_apdu_reader = send_apdu_ccid; - reader_table[slot].check_keypad = check_ccid_keypad; + reader_table[slot].check_pinpad = check_ccid_pinpad; reader_table[slot].dump_status_reader = dump_ccid_reader_status; reader_table[slot].set_progress_cb = set_progress_cb_ccid_reader; - reader_table[slot].keypad_verify = ccid_keypad_operation; - reader_table[slot].keypad_modify = ccid_keypad_operation; + reader_table[slot].pinpad_verify = ccid_pinpad_operation; + reader_table[slot].pinpad_modify = ccid_pinpad_operation; /* Our CCID reader code does not support T=0 at all, thus reset the flag. */ reader_table[slot].is_t0 = 0; @@ -2732,10 +2732,10 @@ open_rapdu_reader (int portno, reader_table[slot].reset_reader = reset_rapdu_reader; reader_table[slot].get_status_reader = my_rapdu_get_status; reader_table[slot].send_apdu_reader = my_rapdu_send_apdu; - reader_table[slot].check_keypad = NULL; + reader_table[slot].check_pinpad = NULL; reader_table[slot].dump_status_reader = NULL; - reader_table[slot].keypad_verify = NULL; - reader_table[slot].keypad_modify = NULL; + reader_table[slot].pinpad_verify = NULL; + reader_table[slot].pinpad_modify = NULL; dump_reader_status (slot); rapdu_msg_release (msg); @@ -3287,25 +3287,25 @@ apdu_get_status (int slot, int hang, /* Check whether the reader supports the ISO command code COMMAND on - the keypad. Return 0 on success. For a description of the pin + the pinpad. Return 0 on success. For a description of the pin parameters, see ccid-driver.c */ int -apdu_check_keypad (int slot, int command, pininfo_t *pininfo) +apdu_check_pinpad (int slot, int command, pininfo_t *pininfo) { if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; - if (opt.enable_keypad_varlen) + if (opt.enable_pinpad_varlen) pininfo->fixedlen = 0; - if (reader_table[slot].check_keypad) + if (reader_table[slot].check_pinpad) { int sw; if ((sw = lock_slot (slot))) return sw; - sw = reader_table[slot].check_keypad (slot, command, pininfo); + sw = reader_table[slot].check_pinpad (slot, command, pininfo); unlock_slot (slot); return sw; } @@ -3315,20 +3315,20 @@ apdu_check_keypad (int slot, int command, pininfo_t *pininfo) int -apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, +apdu_pinpad_verify (int slot, int class, int ins, int p0, int p1, pininfo_t *pininfo) { if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; - if (reader_table[slot].keypad_verify) + if (reader_table[slot].pinpad_verify) { int sw; if ((sw = lock_slot (slot))) return sw; - sw = reader_table[slot].keypad_verify (slot, class, ins, p0, p1, + sw = reader_table[slot].pinpad_verify (slot, class, ins, p0, p1, pininfo); unlock_slot (slot); return sw; @@ -3339,20 +3339,20 @@ apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, int -apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, +apdu_pinpad_modify (int slot, int class, int ins, int p0, int p1, pininfo_t *pininfo) { if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; - if (reader_table[slot].keypad_modify) + if (reader_table[slot].pinpad_modify) { int sw; if ((sw = lock_slot (slot))) return sw; - sw = reader_table[slot].keypad_modify (slot, class, ins, p0, p1, + sw = reader_table[slot].pinpad_modify (slot, class, ins, p0, p1, pininfo); unlock_slot (slot); return sw; @@ -3382,7 +3382,7 @@ send_apdu (int slot, unsigned char *apdu, size_t apdulen, /* Core APDU tranceiver function. Parameters are described at - apdu_send_le with the exception of PININFO which indicates keypad + apdu_send_le with the exception of PININFO which indicates pinpad related operations if not NULL. If EXTENDED_MODE is not 0 command chaining or extended length will be used according to these values: diff --git a/scd/apdu.h b/scd/apdu.h index 021508a..1524f99 100644 --- a/scd/apdu.h +++ b/scd/apdu.h @@ -66,7 +66,7 @@ enum { SW_HOST_GENERAL_ERROR = 0x1000b, SW_HOST_NO_READER = 0x1000c, SW_HOST_ABORTED = 0x1000d, - SW_HOST_NO_KEYPAD = 0x1000e, + SW_HOST_NO_PINPAD = 0x1000e, SW_HOST_ALREADY_CONNECTED = 0x1000f }; @@ -112,10 +112,10 @@ int apdu_activate (int slot); int apdu_reset (int slot); int apdu_get_status (int slot, int hang, unsigned int *status, unsigned int *changed); -int apdu_check_keypad (int slot, int command, pininfo_t *pininfo); -int apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, +int apdu_check_pinpad (int slot, int command, pininfo_t *pininfo); +int apdu_pinpad_verify (int slot, int class, int ins, int p0, int p1, pininfo_t *pininfo); -int apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, +int apdu_pinpad_modify (int slot, int class, int ins, int p0, int p1, pininfo_t *pininfo); int apdu_send_simple (int slot, int extended_mode, int class, int ins, int p0, int p1, diff --git a/scd/app-dinsig.c b/scd/app-dinsig.c index 07a152a..1a0cb60 100644 --- a/scd/app-dinsig.c +++ b/scd/app-dinsig.c @@ -292,11 +292,11 @@ verify_pin (app_t app, pininfo.minlen = 6; pininfo.maxlen = 8; - if (!opt.disable_keypad - && !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) ) + if (!opt.disable_pinpad + && !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo) ) { rc = pincb (pincb_arg, - _("||Please enter your PIN at the reader's keypad"), + _("||Please enter your PIN at the reader's pinpad"), NULL); if (rc) { @@ -308,7 +308,7 @@ verify_pin (app_t app, /* Dismiss the prompt. */ pincb (pincb_arg, NULL, NULL); } - else /* No Keypad. */ + else /* No Pinpad. */ { char *pinvalue; diff --git a/scd/app-nks.c b/scd/app-nks.c index b8350b6..f117445 100644 --- a/scd/app-nks.c +++ b/scd/app-nks.c @@ -792,8 +792,8 @@ verify_pin (app_t app, int pwid, const char *desc, pininfo.minlen = 6; pininfo.maxlen = 16; - if (!opt.disable_keypad - && !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) ) + if (!opt.disable_pinpad + && !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo) ) { rc = pincb (pincb_arg, desc, NULL); if (rc) diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 78cdda3..4af4e93 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -191,13 +191,13 @@ struct app_local_s { unsigned int def_chv2:1; /* Use 123456 for CHV2. */ } flags; - /* Keypad request specified on card. */ + /* Pinpad request specified on card. */ struct { unsigned int specified:1; int fixedlen_user; int fixedlen_admin; - } keypad; + } pinpad; struct { @@ -600,11 +600,11 @@ count_bits (const unsigned char *a, size_t len) Bit 1 = CHV2 has been been set to the default PIN of "123456" (this implies that bit 0 is also set). - P= + P= - Where KEYPAD_REQUEST is in the format of: or ,. + Where PINPAD_REQUEST is in the format of: or ,. N for user PIN, M for admin PIN. If M is missing it means M=N. - 0 means to force not to use keypad. + 0 means to force not to use pinpad. */ static void @@ -617,9 +617,9 @@ parse_login_data (app_t app) /* Set defaults. */ app->app_local->flags.no_sync = 0; app->app_local->flags.def_chv2 = 0; - app->app_local->keypad.specified = 0; - app->app_local->keypad.fixedlen_user = -1; - app->app_local->keypad.fixedlen_admin = -1; + app->app_local->pinpad.specified = 0; + app->app_local->pinpad.fixedlen_user = -1; + app->app_local->pinpad.fixedlen_admin = -1; /* Read the DO. */ relptr = get_one_do (app, 0x005E, &buffer, &buflen, NULL); @@ -654,7 +654,7 @@ parse_login_data (app_t app) } else if (buflen > 1 && *buffer == 'P' && buffer[1] == '=') { - /* Keypad request control sequence found. */ + /* Pinpad request control sequence found. */ buffer += 2; buflen -= 2; @@ -687,9 +687,9 @@ parse_login_data (app_t app) if (buflen && !(*buffer == '\n' || *buffer == '\x18')) goto next; - app->app_local->keypad.specified = 1; - app->app_local->keypad.fixedlen_user = n; - app->app_local->keypad.fixedlen_admin = m; + app->app_local->pinpad.specified = 1; + app->app_local->pinpad.fixedlen_user = n; + app->app_local->pinpad.fixedlen_admin = m; } } } @@ -1530,14 +1530,14 @@ do_readcert (app_t app, const char *certid, } -/* Decide if we use the keypad of the reader for PIN input according +/* Decide if we use the pinpad of the reader for PIN input according to the user preference on the card, and the capability of the - reader. This routine is only called when the reader has keypad. - Returns 0 if we use keypad, 1 otherwise. */ + reader. This routine is only called when the reader has pinpad. + Returns 0 if we use pinpad, 1 otherwise. */ static int -check_keypad_request (app_t app, pininfo_t *pininfo, int admin_pin) +check_pinpad_request (app_t app, pininfo_t *pininfo, int admin_pin) { - if (app->app_local->keypad.specified == 0) /* No preference on card. */ + if (app->app_local->pinpad.specified == 0) /* No preference on card. */ { if (pininfo->fixedlen == 0) /* Reader has varlen capability. */ return 0; /* Then, use pinpad. */ @@ -1550,9 +1550,9 @@ check_keypad_request (app_t app, pininfo_t *pininfo, int admin_pin) } if (admin_pin) - pininfo->fixedlen = app->app_local->keypad.fixedlen_admin; + pininfo->fixedlen = app->app_local->pinpad.fixedlen_admin; else - pininfo->fixedlen = app->app_local->keypad.fixedlen_user; + pininfo->fixedlen = app->app_local->pinpad.fixedlen_user; if (pininfo->fixedlen == 0 /* User requests disable pinpad. */ || pininfo->fixedlen < pininfo->minlen @@ -1566,14 +1566,14 @@ check_keypad_request (app_t app, pininfo_t *pininfo, int admin_pin) /* Verify a CHV either using using the pinentry or if possibile by - using a keypad. PINCB and PINCB_ARG describe the usual callback + using a pinpad. PINCB and PINCB_ARG describe the usual callback for the pinentry. CHVNO must be either 1 or 2. SIGCOUNT is only used with CHV1. PINVALUE is the address of a pointer which will receive a newly allocated block with the actual PIN (this is useful in case that PIN shall be used for another verify operation). The caller needs to free this value. If the function returns with success and NULL is stored at PINVALUE, the caller should take this - as an indication that the keypad has been used. + as an indication that the pinpad has been used. */ static gpg_error_t verify_a_chv (app_t app, @@ -1631,13 +1631,13 @@ verify_a_chv (app_t app, prompt = _("||Please enter the PIN"); - if (!opt.disable_keypad - && !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) - && !check_keypad_request (app, &pininfo, 0)) + if (!opt.disable_pinpad + && !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo) + && !check_pinpad_request (app, &pininfo, 0)) { - /* The reader supports the verify command through the keypad. + /* The reader supports the verify command through the pinpad. Note that the pincb appends a text to the prompt telling the - user to use the keypad. */ + user to use the pinpad. */ rc = pincb (pincb_arg, prompt, NULL); prompt = NULL; xfree (prompt_buffer); @@ -1656,7 +1656,7 @@ verify_a_chv (app_t app, } else { - /* The reader has no keypad or we don't want to use it. */ + /* The reader has no pinpad or we don't want to use it. */ rc = pincb (pincb_arg, prompt, pinvalue); prompt = NULL; xfree (prompt_buffer); @@ -1716,7 +1716,7 @@ verify_chv2 (app_t app, /* For convenience we verify CHV1 here too. We do this only if the card is not configured to require a verification before each CHV1 controlled operation (force_chv1) and if we are not - using the keypad (PINVALUE == NULL). */ + using the pinpad (PINVALUE == NULL). */ rc = iso7816_verify (app->slot, 0x81, pinvalue, strlen (pinvalue)); if (gpg_err_code (rc) == GPG_ERR_BAD_PIN) rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED); @@ -1815,11 +1815,11 @@ verify_chv3 (app_t app, if (rc) return rc; - if (!opt.disable_keypad - && !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) - && !check_keypad_request (app, &pininfo, 1)) + if (!opt.disable_pinpad + && !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo) + && !check_pinpad_request (app, &pininfo, 1)) { - /* The reader supports the verify command through the keypad. */ + /* The reader supports the verify command through the pinpad. */ rc = pincb (pincb_arg, prompt, NULL); xfree (prompt); prompt = NULL; @@ -2015,7 +2015,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, int reset_mode = !!(flags & APP_CHANGE_FLAG_RESET); int set_resetcode = 0; pininfo_t pininfo; - int use_keypad = 0; + int use_pinpad = 0; int minlen = 6; (void)ctrl; @@ -2065,16 +2065,16 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, { /* Version 2 cards. */ - if (!opt.disable_keypad - && !iso7816_check_keypad (app->slot, + if (!opt.disable_pinpad + && !iso7816_check_pinpad (app->slot, ISO7816_CHANGE_REFERENCE_DATA, &pininfo) - && !check_keypad_request (app, &pininfo, chvno == 3)) - use_keypad = 1; + && !check_pinpad_request (app, &pininfo, chvno == 3)) + use_pinpad = 1; if (reset_mode) { /* To reset a PIN the Admin PIN is required. */ - use_keypad = 0; + use_pinpad = 0; app->did_chv3 = 0; rc = verify_chv3 (app, pincb, pincb_arg); if (rc) @@ -2085,7 +2085,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, } else if (chvno == 1 || chvno == 3) { - if (!use_keypad) + if (!use_pinpad) { char *promptbuf = NULL; const char *prompt; @@ -2128,7 +2128,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, size_t valuelen; int remaining; - use_keypad = 0; + use_pinpad = 0; minlen = 8; relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL); if (!relptr || valuelen < 7) @@ -2176,7 +2176,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, else app->did_chv1 = app->did_chv2 = 0; - if (!use_keypad) + if (!use_pinpad) { /* TRANSLATORS: Do not translate the "|*|" prefixes but keep it at the start of the string. We need this elsewhere @@ -2249,7 +2249,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, /* Version 2 cards. */ assert (chvno == 1 || chvno == 3); - if (use_keypad) + if (use_pinpad) { rc = pincb (pincb_arg, chvno == 3 ? @@ -3325,7 +3325,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, sync, thus we verify CHV2 here using the given PIN. Cards with version2 to not have the need for a separate CHV2 and internally use just one. Obviously we can't do that if the - keypad has been used. */ + pinpad has been used. */ if (!app->did_chv2 && pinvalue && !app->app_local->extcap.is_v2) { rc = iso7816_verify (app->slot, 0x82, pinvalue, strlen (pinvalue)); diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index e01b20c..ccf579c 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -3353,7 +3353,7 @@ ccid_transceive_secure (ccid_driver_t handle, else if (apdu_buflen >= 4 && apdu_buf[1] == 0x24 && (handle->has_pinpad & 2)) ; else - return CCID_DRIVER_ERR_NO_KEYPAD; + return CCID_DRIVER_ERR_NO_PINPAD; if (!pininfo->minlen) pininfo->minlen = 1; diff --git a/scd/ccid-driver.h b/scd/ccid-driver.h index 549e858..2af1a18 100644 --- a/scd/ccid-driver.h +++ b/scd/ccid-driver.h @@ -72,7 +72,7 @@ #define CCID_DRIVER_ERR_GENERAL_ERROR 0x1000b #define CCID_DRIVER_ERR_NO_READER 0x1000c #define CCID_DRIVER_ERR_ABORTED 0x1000d -#define CCID_DRIVER_ERR_NO_KEYPAD 0x1000e +#define CCID_DRIVER_ERR_NO_PINPAD 0x1000e struct ccid_driver_s; typedef struct ccid_driver_s *ccid_driver_t; diff --git a/scd/command.c b/scd/command.c index cea71bf..e45153f 100644 --- a/scd/command.c +++ b/scd/command.c @@ -881,13 +881,13 @@ pin_cb (void *opaque, const char *info, char **retstr) if (!retstr) { - /* We prompt for keypad entry. To make sure that the popup has + /* We prompt for pinpad entry. To make sure that the popup has been show we use an inquire and not just a status message. We ignore any value returned. */ if (info) { - log_debug ("prompting for keypad entry '%s'\n", info); - rc = estream_asprintf (&command, "POPUPKEYPADPROMPT %s", info); + log_debug ("prompting for pinpad entry '%s'\n", info); + rc = estream_asprintf (&command, "POPUPPINPADPROMPT %s", info); if (rc < 0) return gpg_error (gpg_err_code_from_errno (errno)); rc = assuan_inquire (ctx, command, &value, &valuelen, MAXLEN_PIN); @@ -895,8 +895,8 @@ pin_cb (void *opaque, const char *info, char **retstr) } else { - log_debug ("dismiss keypad entry prompt\n"); - rc = assuan_inquire (ctx, "DISMISSKEYPADPROMPT", + log_debug ("dismiss pinpad entry prompt\n"); + rc = assuan_inquire (ctx, "DISMISSPINPADPROMPT", &value, &valuelen, MAXLEN_PIN); } if (!rc) diff --git a/scd/iso7816.c b/scd/iso7816.c index 78e3c81..2a9aa53 100644 --- a/scd/iso7816.c +++ b/scd/iso7816.c @@ -94,7 +94,7 @@ map_sw (int sw) case SW_HOST_GENERAL_ERROR: ec = GPG_ERR_GENERAL; break; case SW_HOST_NO_READER: ec = GPG_ERR_ENODEV; break; case SW_HOST_ABORTED: ec = GPG_ERR_CANCELED; break; - case SW_HOST_NO_KEYPAD: ec = GPG_ERR_NOT_SUPPORTED; break; + case SW_HOST_NO_PINPAD: ec = GPG_ERR_NOT_SUPPORTED; break; default: if ((sw & 0x010000)) @@ -267,26 +267,26 @@ iso7816_apdu_direct (int slot, const void *apdudata, size_t apdudatalen, /* Check whether the reader supports the ISO command code COMMAND on - the keypad. Returns 0 on success. */ + the pinpad. Returns 0 on success. */ gpg_error_t -iso7816_check_keypad (int slot, int command, pininfo_t *pininfo) +iso7816_check_pinpad (int slot, int command, pininfo_t *pininfo) { int sw; - sw = apdu_check_keypad (slot, command, pininfo); + sw = apdu_check_pinpad (slot, command, pininfo); return iso7816_map_sw (sw); } /* Perform a VERIFY command on SLOT using the card holder verification - vector CHVNO. With PININFO non-NULL the keypad of the reader will + vector CHVNO. With PININFO non-NULL the pinpad of the reader will be used. Returns 0 on success. */ gpg_error_t iso7816_verify_kp (int slot, int chvno, pininfo_t *pininfo) { int sw; - sw = apdu_keypad_verify (slot, 0x00, CMD_VERIFY, 0, chvno, pininfo); + sw = apdu_pinpad_verify (slot, 0x00, CMD_VERIFY, 0, chvno, pininfo); return map_sw (sw); } @@ -302,7 +302,7 @@ iso7816_verify (int slot, int chvno, const char *chv, size_t chvlen) } /* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder - verification vector CHVNO. With PININFO non-NULL the keypad of the + verification vector CHVNO. With PININFO non-NULL the pinpad of the reader will be used. If IS_EXCHANGE is 0, a "change reference data" is done, otherwise an "exchange reference data". */ gpg_error_t @@ -311,7 +311,7 @@ iso7816_change_reference_data_kp (int slot, int chvno, int is_exchange, { int sw; - sw = apdu_keypad_modify (slot, 0x00, CMD_CHANGE_REFERENCE_DATA, + sw = apdu_pinpad_modify (slot, 0x00, CMD_CHANGE_REFERENCE_DATA, is_exchange ? 1 : 0, chvno, pininfo); return map_sw (sw); } diff --git a/scd/iso7816.h b/scd/iso7816.h index 0815781..4354c72 100644 --- a/scd/iso7816.h +++ b/scd/iso7816.h @@ -24,13 +24,13 @@ #include "cardglue.h" #endif -/* Command codes used by iso7816_check_keypad. */ +/* Command codes used by iso7816_check_pinpad. */ #define ISO7816_VERIFY 0x20 #define ISO7816_CHANGE_REFERENCE_DATA 0x24 #define ISO7816_RESET_RETRY_COUNTER 0x2C -/* Information to be passed to keypad equipped readers. See +/* Information to be passed to pinpad equipped readers. See ccid-driver.c for details. */ struct pininfo_s { @@ -62,7 +62,7 @@ gpg_error_t iso7816_apdu_direct (int slot, const void *apdudata, size_t apdudatalen, int handle_more, unsigned char **result, size_t *resultlen); -gpg_error_t iso7816_check_keypad (int slot, int command, +gpg_error_t iso7816_check_pinpad (int slot, int command, pininfo_t *pininfo); gpg_error_t iso7816_verify (int slot, int chvno, const char *chv, size_t chvlen); diff --git a/scd/scdaemon.c b/scd/scdaemon.c index ce72d25..c0dd975 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -88,11 +88,11 @@ enum cmd_and_opt_values opcscDriver, oDisableCCID, oDisableOpenSC, - oDisableKeypad, + oDisablePinpad, oAllowAdmin, oDenyAdmin, oDisableApplication, - oEnableKeypadVarlen, + oEnablePinpadVarlen, oDebugDisableTicker }; @@ -139,14 +139,14 @@ static ARGPARSE_OPTS opts[] = { /* end --disable-ccid */), ARGPARSE_s_u (oCardTimeout, "card-timeout", N_("|N|disconnect the card after N seconds of inactivity")), - ARGPARSE_s_n (oDisableKeypad, "disable-keypad", - N_("do not use a reader's keypad")), + ARGPARSE_s_n (oDisablePinpad, "disable-pinpad", + N_("do not use a reader's pinpad")), ARGPARSE_s_n (oAllowAdmin, "allow-admin", "@"), ARGPARSE_s_n (oDenyAdmin, "deny-admin", N_("deny the use of admin card commands")), ARGPARSE_s_s (oDisableApplication, "disable-application", "@"), - ARGPARSE_s_n (oEnableKeypadVarlen, "enable-keypad-varlen", - N_("use variable length input for keypad")), + ARGPARSE_s_n (oEnablePinpadVarlen, "enable-pinpad-varlen", + N_("use variable length input for pinpad")), ARGPARSE_end () }; @@ -586,7 +586,7 @@ main (int argc, char **argv ) case oDisableCCID: opt.disable_ccid = 1; break; case oDisableOpenSC: break; - case oDisableKeypad: opt.disable_keypad = 1; break; + case oDisablePinpad: opt.disable_pinpad = 1; break; case oAllowAdmin: /* Dummy because allow is now the default. */ break; @@ -598,7 +598,7 @@ main (int argc, char **argv ) add_to_strlist (&opt.disabled_applications, pargs.r.ret_str); break; - case oEnableKeypadVarlen: opt.enable_keypad_varlen = 1; break; + case oEnablePinpadVarlen: opt.enable_pinpad_varlen = 1; break; default: pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR; @@ -679,8 +679,9 @@ main (int argc, char **argv ) printf ("disable-ccid:%lu:\n", GC_OPT_FLAG_NONE ); #endif printf ("deny-admin:%lu:\n", GC_OPT_FLAG_NONE ); - printf ("disable-keypad:%lu:\n", GC_OPT_FLAG_NONE ); + printf ("disable-pinpad:%lu:\n", GC_OPT_FLAG_NONE ); printf ("card-timeout:%lu:%d:\n", GC_OPT_FLAG_DEFAULT, 0); + printf ("enable-pinpad-varlen:%lu:\n", GC_OPT_FLAG_NONE ); scd_exit (0); } diff --git a/scd/scdaemon.h b/scd/scdaemon.h index 3eb0fe8..5ead4aa 100644 --- a/scd/scdaemon.h +++ b/scd/scdaemon.h @@ -56,8 +56,8 @@ struct const char *pcsc_driver; /* Library to access the PC/SC system. */ const char *reader_port; /* NULL or reder port to use. */ int disable_ccid; /* Disable the use of the internal CCID driver. */ - int disable_keypad; /* Do not use a keypad. */ - int enable_keypad_varlen; /* Use variable length input for keypad. */ + int disable_pinpad; /* Do not use a pinpad. */ + int enable_pinpad_varlen; /* Use variable length input for pinpad. */ int allow_admin; /* Allow the use of admin commands for certain cards. */ strlist_t disabled_applications; /* Card applications we do not diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c index 32b020f..49c082b 100644 --- a/tools/gpgconf-comp.c +++ b/tools/gpgconf-comp.c @@ -603,8 +603,8 @@ static gc_option_t gc_options_scdaemon[] = { "disable-ccid", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT, "gnupg", "do not use the internal CCID driver", GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON }, - { "disable-keypad", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC, - "gnupg", "do not use a reader's keypad", + { "disable-pinpad", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC, + "gnupg", "do not use a reader's pinpad", GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON }, { "card-timeout", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC, "gnupg", "|N|disconnect the card after N seconds of inactivity", ----------------------------------------------------------------------- Summary of changes: NEWS | 11 ++++++ agent/call-scd.c | 4 +- agent/divert-scd.c | 4 +- doc/scdaemon.texi | 16 +++++++-- scd/apdu.c | 76 ++++++++++++++++++++++---------------------- scd/apdu.h | 8 ++-- scd/app-dinsig.c | 8 ++-- scd/app-nks.c | 4 +- scd/app-openpgp.c | 86 +++++++++++++++++++++++++------------------------- scd/ccid-driver.c | 2 +- scd/ccid-driver.h | 2 +- scd/command.c | 10 +++--- scd/iso7816.c | 16 +++++----- scd/iso7816.h | 6 ++-- scd/scdaemon.c | 19 ++++++----- scd/scdaemon.h | 4 +- tools/gpgconf-comp.c | 4 +- 17 files changed, 150 insertions(+), 130 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 12 05:05:34 2013 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 12 Feb 2013 05:05:34 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.19-86-g1f18700 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 1f187000c4676129fdcaaacdcf4f959131ddd448 (commit) from c2744e97c85d04452f3d7bfe30e1da294c636a4f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1f187000c4676129fdcaaacdcf4f959131ddd448 Author: NIIBE Yutaka Date: Tue Feb 12 12:56:12 2013 +0900 Japanese: updated po and doc. * doc/help.ja.txt, po/ja.po: Updated. diff --git a/doc/help.ja.txt b/doc/help.ja.txt index 36c9ffb..03f3d89 100644 --- a/doc/help.ja.txt +++ b/doc/help.ja.txt @@ -1,4 +1,4 @@ -# help..txt - GnuPG online help +# help..txt - Japanese GnuPG online help # Copyright (C) 2007 Free Software Foundation, Inc. # # This file is part of GnuPG. @@ -16,269 +16,318 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, see . +.#pinentry.qualitybar.tooltip +# [ ????????????????????? # ??????????] +# ??????? +???????????????????????????? -.#gpg.edit_ownertrust.value -# fixme: Please translate and remove the hash mark from the key line. -It's up to you to assign a value here; this value will never be exported -to any 3rd party. We need it to implement the web-of-trust; it has nothing -to do with the (implicitly created) web-of-certificates. +???????????????GnuPG?????????????????? +??????????????????????????????????? +?????? . -.#gpg.edit_ownertrust.set_ultimate.okay -# fixme: Please translate and remove the hash mark from the key line. -To build the Web-of-Trust, GnuPG needs to know which keys are -ultimately trusted - those are usually the keys for which you have -access to the secret key. Answer "yes" to set this key to -ultimately trusted +.gnupg.agent-problem +# There was a problem accessing or starting the agent. +????Gpg-Agent?????????????????????????? +??????Gpg-Agent????????????????????????? +??????????????????????????????????? +???????????????????????????????????? +??????????????????????????????????? +??????????????????????????????????? +???? + +??????????????????????????????????? +??????????????????????????????????? +??????????????????????????????????? +??????????????????????????????????? +?????????????????????????? . -.#gpg.untrusted_key.override -# fixme: Please translate and remove the hash mark from the key line. -If you want to use this untrusted key anyway, answer "yes". + +.gnupg.dirmngr-problem +# There was a problen accessing the dirmngr. +????Dirmngr?????????????????????????? + +????????(CRL)?????OCSP????LDAP???????????? +??????????Dirmngr?????????????????????? +??Dirmngr????????????(daemon)?????????????? +???????????????????????????????????? +Dirmngr???????????????????????????????? +??? + +??????????????????????????????????? +????????????????????????gpgsm????CRL??? +???????????????? . -.#gpg.pklist.user_id.enter -# fixme: Please translate and remove the hash mark from the key line. -Enter the user ID of the addressee to whom you want to send the message. + +.gpg.edit_ownertrust.value +??????????????????????????????????? +??????????????????????????????????? +??????????(????????)???????????????? . -.#gpg.keygen.algo -# fixme: Please translate and remove the hash mark from the key line. -Select the algorithm to use. +.gpg.edit_ownertrust.set_ultimate.okay +???????????????????GnuPG?????????????? +??????????????????????????????????? +??????????????????????"yes" ????????? +. -DSA (aka DSS) is the Digital Signature Algorithm and can only be used -for signatures. -Elgamal is an encrypt-only algorithm. +.gpg.untrusted_key.override +????????????????????????"yes" ????????? +. -RSA may be used for signatures or encryption. +.gpg.pklist.user_id.enter +??????????????????ID?????????? +. -The first (primary) key must always be a key which is capable of signing. +.gpg.keygen.algo +???????????????????? + +DSA (?? DSS)????????????????????????? + +Elgamal ???????????????? + +RSA ?????????????????? + +???????????????????????? . -.#gpg.keygen.algo.rsa_se -# fixme: Please translate and remove the hash mark from the key line. -In general it is not a good idea to use the same key for signing and -encryption. This algorithm should only be used in certain domains. -Please consult your security expert first. + +.gpg.keygen.algo.rsa_se +??????????????????????????????????? +??????????????????????????????????? +?????????????? . -.#gpg.keygen.size -# fixme: Please translate and remove the hash mark from the key line. -Enter the size of the key + +.gpg.keygen.size +?????????????? + +???????????????????? + +?????????????????4096???????????????? +???????????????????????????????: +http://www.xkcd.com/538/ . -.#gpg.keygen.size.huge.okay -# fixme: Please translate and remove the hash mark from the key line. -Answer "yes" or "no" +.gpg.keygen.size.huge.okay +"yes" ? "no" ????????? . -.#gpg.keygen.size.large.okay -# fixme: Please translate and remove the hash mark from the key line. -Answer "yes" or "no" + +.gpg.keygen.size.large.okay +"yes" ? "no" ????????? . -.#gpg.keygen.valid -# fixme: Please translate and remove the hash mark from the key line. -Enter the required value as shown in the prompt. -It is possible to enter a ISO date (YYYY-MM-DD) but you won't -get a good error response - instead the system tries to interpret -the given value as an interval. + +.gpg.keygen.valid +????????????????????????ISO????? +(YYYY-MM-DD)????????????????????????????? +?????????????????????????????. . -.#gpg.keygen.valid.okay -# fixme: Please translate and remove the hash mark from the key line. -Answer "yes" or "no" +.gpg.keygen.valid.okay +"yes" ? "no" ????????? . -.#gpg.keygen.name -# fixme: Please translate and remove the hash mark from the key line. -Enter the name of the key holder + +.gpg.keygen.name +?????????????????? +?? "<" ? ">" ?????????? +?: Heinrich Heine . -.#gpg.keygen.email -# fixme: Please translate and remove the hash mark from the key line. -please enter an optional but highly suggested email address + +.gpg.keygen.email +???????????????????????????????? +?: heinrichh at duesseldorf.de . -.#gpg.keygen.comment -# fixme: Please translate and remove the hash mark from the key line. -Please enter an optional comment +.gpg.keygen.comment +???????????????????? +?? "(" ? ")" ?????????? +??????????????????? . -.#gpg.keygen.userid.cmd -# fixme: Please translate and remove the hash mark from the key line. -N to change the name. -C to change the comment. -E to change the email address. -O to continue with key generation. -Q to to quit the key generation. + +.gpg.keygen.userid.cmd +# (Keep a leading empty line) + +N ?????? +C ???????? +E ????????????? +O ??????? +Q ???????? . -.#gpg.keygen.sub.okay -# fixme: Please translate and remove the hash mark from the key line. -Answer "yes" (or just "y") if it is okay to generate the sub key. +.gpg.keygen.sub.okay +????????????"yes" (?????? "y") ????????? . -.#gpg.sign_uid.okay -# fixme: Please translate and remove the hash mark from the key line. -Answer "yes" or "no" +.gpg.sign_uid.okay +"yes" ? "no" ????????? . -.#gpg.sign_uid.class -# fixme: Please translate and remove the hash mark from the key line. -When you sign a user ID on a key, you should first verify that the key -belongs to the person named in the user ID. It is useful for others to -know how carefully you verified this. +.gpg.sign_uid.class +???????ID?????????????????????????ID? +??????????????????????????????????? +???????????????????????????? -"0" means you make no particular claim as to how carefully you verified the - key. +"0" ?????????????????????????????????????? -"1" means you believe the key is owned by the person who claims to own it - but you could not, or did not verify the key at all. This is useful for - a "persona" verification, where you sign the key of a pseudonymous user. +"1" ????????????????????????????????????? + ????????????????????????????????????? + ????????????? "persona" ???????? -"2" means you did casual verification of the key. For example, this could - mean that you verified the key fingerprint and checked the user ID on the - key against a photo ID. +"2" ????????????????????????????????? + ???????????????????ID????ID???????? + ?????? -"3" means you did extensive verification of the key. For example, this could - mean that you verified the key fingerprint with the owner of the key in - person, and that you checked, by means of a hard to forge document with a - photo ID (such as a passport) that the name of the key owner matches the - name in the user ID on the key, and finally that you verified (by exchange - of email) that the email address on the key belongs to the key owner. +"3" ????????????????????????????????? + ????????????????????????????????? + ??????ID????ID?????????????????ID??? + ????????????????????????????????? + ???????? -Note that the examples given above for levels 2 and 3 are *only* examples. -In the end, it is up to you to decide just what "casual" and "extensive" -mean to you when you sign other keys. +??????2????3????????????????????????? +??????????????????????????????????? +??????????????????????????? -If you don't know what the right answer is, answer "0". +????????????????? "0" ????????? . -.#gpg.change_passwd.empty.okay -# fixme: Please translate and remove the hash mark from the key line. -Answer "yes" or "no" +.gpg.change_passwd.empty.okay +"yes" ? "no" ????????? . -.#gpg.keyedit.save.okay -# fixme: Please translate and remove the hash mark from the key line. -Answer "yes" or "no" + +.gpg.keyedit.save.okay +"yes" ? "no" ????????? . -.#gpg.keyedit.cancel.okay -# fixme: Please translate and remove the hash mark from the key line. -Answer "yes" or "no" + +.gpg.keyedit.cancel.okay +"yes" ? "no" ????????? . -.#gpg.keyedit.sign_all.okay -# fixme: Please translate and remove the hash mark from the key line. -Answer "yes" if you want to sign ALL the user IDs +.gpg.keyedit.sign_all.okay +???????ID????????????"yes"????????? . -.#gpg.keyedit.remove.uid.okay -# fixme: Please translate and remove the hash mark from the key line. -Answer "yes" if you really want to delete this user ID. -All certificates are then also lost! +.gpg.keyedit.remove.uid.okay +?????ID????????????"yes"????????? +?????????????????! . -.#gpg.keyedit.remove.subkey.okay -# fixme: Please translate and remove the hash mark from the key line. -Answer "yes" if it is okay to delete the subkey +.gpg.keyedit.remove.subkey.okay +????????????"yes"????????? . -.#gpg.keyedit.delsig.valid -# fixme: Please translate and remove the hash mark from the key line. -This is a valid signature on the key; you normally don't want -to delete this signature because it may be important to establish a -trust connection to the key or another key certified by this key. + +.gpg.keyedit.delsig.valid +??????????????????????????????????? +????????(????????????????)?????????? +???????????????????????? . -.#gpg.keyedit.delsig.unknown -# fixme: Please translate and remove the hash mark from the key line. -This signature can't be checked because you don't have the -corresponding key. You should postpone its deletion until you -know which key was used because this signing key might establish -a trust connection through another already certified key. +.gpg.keyedit.delsig.unknown +??????????????????????????????????? +??????????????????????????????????? +??????????????????????????????????? +?? . -.#gpg.keyedit.delsig.invalid -# fixme: Please translate and remove the hash mark from the key line. -The signature is not valid. It does make sense to remove it from -your keyring. +.gpg.keyedit.delsig.invalid +???????????????????????????????????? . -.#gpg.keyedit.delsig.selfsig -# fixme: Please translate and remove the hash mark from the key line. -This is a signature which binds the user ID to the key. It is -usually not a good idea to remove such a signature. Actually -GnuPG might not be able to use this key anymore. So do this -only if this self-signature is for some reason not valid and -a second one is available. +.gpg.keyedit.delsig.selfsig +????????ID?????????????????????????? +????????????????????GnuPG????????????? +??????????????????????????????????? +??????????????????????????????????? +?? . -.#gpg.keyedit.updpref.okay -# fixme: Please translate and remove the hash mark from the key line. -Change the preferences of all user IDs (or just of the selected ones) -to the current list of preferences. The timestamp of all affected -self-signatures will be advanced by one second. +.gpg.keyedit.updpref.okay +???????ID(?????????????)????????????? +??????????????????????????????????? +??????? +. +.gpg.passphrase.enter +# (keep a leading empty line) + +??????????????????????? . -.#gpg.passphrase.enter -# fixme: Please translate and remove the hash mark from the key line. -Please enter the passhrase; this is a secret sentence +.gpg.passphrase.repeat +????????????????????????????????????? . -.#gpg.passphrase.repeat -# fixme: Please translate and remove the hash mark from the key line. -Please repeat the last passphrase, so you are sure what you typed in. +.gpg.detached_signature.filename +???????????????????????? . -.#gpg.detached_signature.filename -# fixme: Please translate and remove the hash mark from the key line. -Give the name of the file to which the signature applies +.gpg.openfile.overwrite.okay +# openfile.c (overwrite_filep) +???????????????"yes"????????? . -.#gpg.openfile.overwrite.okay -# fixme: Please translate and remove the hash mark from the key line. -Answer "yes" if it is okay to overwrite the file +.gpg.openfile.askoutname +# openfile.c (ask_outfile_name) +????????????????????Enter????????????? +????????????????? . -.#gpg.openfile.askoutname -# fixme: Please translate and remove the hash mark from the key line. -Please enter a new filename. If you just hit RETURN the default -file (which is shown in brackets) will be used. +.gpg.ask_revocation_reason.code +# revoke.c (ask_revocation_reason) +?????????????????????????????: + "????????" + ???????????????????????????????? + ??????????????? + "???????" + ??????????????????????????? + "?????????" + ???????????????????????? + "???ID???????" + ???ID???????????????????????????? + ???????????????????????? . -.#gpg.ask_revocation_reason.code -# fixme: Please translate and remove the hash mark from the key line. -You should specify a reason for the certification. Depending on the -context you have the ability to choose from this list: - "Key has been compromised" - Use this if you have a reason to believe that unauthorized persons - got access to your secret key. - "Key is superseded" - Use this if you have replaced this key with a newer one. - "Key is no longer used" - Use this if you have retired this key. - "User ID is no longer valid" - Use this to state that the user ID should not longer be used; - this is normally used to mark an email address invalid. +.gpg.ask_revocation_reason.text +# revoke.c (ask_revocation_reason) +????????????????????????????????? +????????????????????????????????? +?????? . -.#gpg.ask_revocation_reason.text -# fixme: Please translate and remove the hash mark from the key line. -If you like, you can enter a text describing why you issue this -revocation certificate. Please keep this text concise. -An empty line ends the text. +.gpgsm.root-cert-not-trusted +# This text gets displayed by the audit log if +# a root certificates was not trusted. +??????(??????)?????????????????????? +??????????????????????????????????? +??????????GnuPG??????????????????????? +?????????????????GnuPG??????????????? +trustlist.txt ???????????????????????????? +???????????????????????? . +.gpgsm.crl-problem +# This tex is displayed by the audit log for problems with +# the CRL or OCSP checking. +?????????CRL?????OCSP?????????????????? +??????????????????????????????????? +??? +. + # Local variables: # mode: fundamental diff --git a/po/ja.po b/po/ja.po index d84195d..d3ab450 100644 --- a/po/ja.po +++ b/po/ja.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: GNU gnupg 2.0.20\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2013-01-07 10:40+0900\n" +"PO-Revision-Date: 2013-02-08 15:21+0900\n" "Last-Translator: NIIBE Yutaka \n" "Language-Team: Japanese \n" "Language: ja\n" @@ -182,8 +182,8 @@ msgid "Reset Code" msgstr "Reset Code" #, c-format -msgid "%s%%0A%%0AUse the reader's keypad for input." -msgstr "%s%%0A%%0A??????????????????????" +msgid "%s%%0A%%0AUse the reader's pinpad for input." +msgstr "%s%%0A%%0A??????????????????????" msgid "Repeat this Reset Code" msgstr "??Reset Code?????????????" @@ -5410,8 +5410,8 @@ msgstr "???PIN???????????????????? msgid "can't access %s - invalid OpenPGP card?\n" msgstr "%s?????????? - ???OpenPGP????\n" -msgid "||Please enter your PIN at the reader's keypad" -msgstr "||PIN???????????????????" +msgid "||Please enter your PIN at the reader's pinpad" +msgstr "||PIN???????????????????" #. TRANSLATORS: Do not translate the "|*|" prefixes but #. keep it at the start of the string. We need this elsewhere @@ -5443,12 +5443,15 @@ msgstr "??CCID??????????" msgid "|N|disconnect the card after N seconds of inactivity" msgstr "|N|N????????????????????????" -msgid "do not use a reader's keypad" -msgstr "??????????????" +msgid "do not use a reader's pinpad" +msgstr "??????????????" msgid "deny the use of admin card commands" msgstr "????????????????" +msgid "use variable length input for pinpad" +msgstr "PINPAD?????????" + msgid "Usage: scdaemon [options] (-h for help)" msgstr "???: scdaemon [?????] (???? -h)" ----------------------------------------------------------------------- Summary of changes: doc/help.ja.txt | 399 +++++++++++++++++++++++++++++++------------------------ po/ja.po | 17 ++- 2 files changed, 234 insertions(+), 182 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 12 06:24:18 2013 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 12 Feb 2013 06:24:18 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-151-g595ab0d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 595ab0da666c43a1315a72a1346ee149998d8771 (commit) from 7253093addfd82a8dd25cd80e3ba820a85e3c9a7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 595ab0da666c43a1315a72a1346ee149998d8771 Author: NIIBE Yutaka Date: Tue Feb 12 14:14:12 2013 +0900 Japanese: update po and doc. * doc/help.ja.txt, po/ja.po: Updated. diff --git a/doc/help.ja.txt b/doc/help.ja.txt index 36c9ffb..0a538b8 100644 --- a/doc/help.ja.txt +++ b/doc/help.ja.txt @@ -1,4 +1,4 @@ -# help..txt - GnuPG online help +# help.ja.txt - Japanese GnuPG online help # Copyright (C) 2007 Free Software Foundation, Inc. # # This file is part of GnuPG. @@ -16,269 +16,318 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, see . +.#pinentry.qualitybar.tooltip +# [ ????????????????????? # ??????????] +# ??????? +???????????????????????????? -.#gpg.edit_ownertrust.value -# fixme: Please translate and remove the hash mark from the key line. -It's up to you to assign a value here; this value will never be exported -to any 3rd party. We need it to implement the web-of-trust; it has nothing -to do with the (implicitly created) web-of-certificates. +???????????????GnuPG?????????????????? +??????????????????????????????????? +?????? . -.#gpg.edit_ownertrust.set_ultimate.okay -# fixme: Please translate and remove the hash mark from the key line. -To build the Web-of-Trust, GnuPG needs to know which keys are -ultimately trusted - those are usually the keys for which you have -access to the secret key. Answer "yes" to set this key to -ultimately trusted +.gnupg.agent-problem +# There was a problem accessing or starting the agent. +????Gpg-Agent?????????????????????????? +??????Gpg-Agent????????????????????????? +??????????????????????????????????? +???????????????????????????????????? +??????????????????????????????????? +??????????????????????????????????? +???? + +??????????????????????????????????? +??????????????????????????????????? +??????????????????????????????????? +??????????????????????????????????? +?????????????????????????? . -.#gpg.untrusted_key.override -# fixme: Please translate and remove the hash mark from the key line. -If you want to use this untrusted key anyway, answer "yes". + +.gnupg.dirmngr-problem +# There was a problen accessing the dirmngr. +????Dirmngr?????????????????????????? + +????????(CRL)?????OCSP????LDAP???????????? +??????????Dirmngr?????????????????????? +??Dirmngr????????????(daemon)?????????????? +???????????????????????????????????? +Dirmngr???????????????????????????????? +??? + +??????????????????????????????????? +????????????????????????gpgsm????CRL??? +???????????????? . -.#gpg.pklist.user_id.enter -# fixme: Please translate and remove the hash mark from the key line. -Enter the user ID of the addressee to whom you want to send the message. + +.gpg.edit_ownertrust.value +??????????????????????????????????? +??????????????????????????????????? +??????????(????????)???????????????? . -.#gpg.keygen.algo -# fixme: Please translate and remove the hash mark from the key line. -Select the algorithm to use. +.gpg.edit_ownertrust.set_ultimate.okay +???????????????????GnuPG?????????????? +??????????????????????????????????? +??????????????????????"yes" ????????? +. -DSA (aka DSS) is the Digital Signature Algorithm and can only be used -for signatures. -Elgamal is an encrypt-only algorithm. +.gpg.untrusted_key.override +????????????????????????"yes" ????????? +. -RSA may be used for signatures or encryption. +.gpg.pklist.user_id.enter +??????????????????ID?????????? +. -The first (primary) key must always be a key which is capable of signing. +.gpg.keygen.algo +???????????????????? + +DSA (?? DSS)????????????????????????? + +Elgamal ???????????????? + +RSA ?????????????????? + +???????????????????????? . -.#gpg.keygen.algo.rsa_se -# fixme: Please translate and remove the hash mark from the key line. -In general it is not a good idea to use the same key for signing and -encryption. This algorithm should only be used in certain domains. -Please consult your security expert first. + +.gpg.keygen.algo.rsa_se +??????????????????????????????????? +??????????????????????????????????? +?????????????? . -.#gpg.keygen.size -# fixme: Please translate and remove the hash mark from the key line. -Enter the size of the key + +.gpg.keygen.size +?????????????? + +???????????????????? + +?????????????????4096???????????????? +???????????????????????????????: +http://www.xkcd.com/538/ . -.#gpg.keygen.size.huge.okay -# fixme: Please translate and remove the hash mark from the key line. -Answer "yes" or "no" +.gpg.keygen.size.huge.okay +"yes" ? "no" ????????? . -.#gpg.keygen.size.large.okay -# fixme: Please translate and remove the hash mark from the key line. -Answer "yes" or "no" + +.gpg.keygen.size.large.okay +"yes" ? "no" ????????? . -.#gpg.keygen.valid -# fixme: Please translate and remove the hash mark from the key line. -Enter the required value as shown in the prompt. -It is possible to enter a ISO date (YYYY-MM-DD) but you won't -get a good error response - instead the system tries to interpret -the given value as an interval. + +.gpg.keygen.valid +????????????????????????ISO????? +(YYYY-MM-DD)????????????????????????????? +?????????????????????????????. . -.#gpg.keygen.valid.okay -# fixme: Please translate and remove the hash mark from the key line. -Answer "yes" or "no" +.gpg.keygen.valid.okay +"yes" ? "no" ????????? . -.#gpg.keygen.name -# fixme: Please translate and remove the hash mark from the key line. -Enter the name of the key holder + +.gpg.keygen.name +?????????????????? +?? "<" ? ">" ?????????? +?: Heinrich Heine . -.#gpg.keygen.email -# fixme: Please translate and remove the hash mark from the key line. -please enter an optional but highly suggested email address + +.gpg.keygen.email +???????????????????????????????? +?: heinrichh at duesseldorf.de . -.#gpg.keygen.comment -# fixme: Please translate and remove the hash mark from the key line. -Please enter an optional comment +.gpg.keygen.comment +???????????????????? +?? "(" ? ")" ?????????? +??????????????????? . -.#gpg.keygen.userid.cmd -# fixme: Please translate and remove the hash mark from the key line. -N to change the name. -C to change the comment. -E to change the email address. -O to continue with key generation. -Q to to quit the key generation. + +.gpg.keygen.userid.cmd +# (Keep a leading empty line) + +N ?????? +C ???????? +E ????????????? +O ??????? +Q ???????? . -.#gpg.keygen.sub.okay -# fixme: Please translate and remove the hash mark from the key line. -Answer "yes" (or just "y") if it is okay to generate the sub key. +.gpg.keygen.sub.okay +????????????"yes" (?????? "y") ????????? . -.#gpg.sign_uid.okay -# fixme: Please translate and remove the hash mark from the key line. -Answer "yes" or "no" +.gpg.sign_uid.okay +"yes" ? "no" ????????? . -.#gpg.sign_uid.class -# fixme: Please translate and remove the hash mark from the key line. -When you sign a user ID on a key, you should first verify that the key -belongs to the person named in the user ID. It is useful for others to -know how carefully you verified this. +.gpg.sign_uid.class +???????ID?????????????????????????ID? +??????????????????????????????????? +???????????????????????????? -"0" means you make no particular claim as to how carefully you verified the - key. +"0" ?????????????????????????????????????? -"1" means you believe the key is owned by the person who claims to own it - but you could not, or did not verify the key at all. This is useful for - a "persona" verification, where you sign the key of a pseudonymous user. +"1" ????????????????????????????????????? + ????????????????????????????????????? + ????????????? "persona" ???????? -"2" means you did casual verification of the key. For example, this could - mean that you verified the key fingerprint and checked the user ID on the - key against a photo ID. +"2" ????????????????????????????????? + ???????????????????ID????ID???????? + ?????? -"3" means you did extensive verification of the key. For example, this could - mean that you verified the key fingerprint with the owner of the key in - person, and that you checked, by means of a hard to forge document with a - photo ID (such as a passport) that the name of the key owner matches the - name in the user ID on the key, and finally that you verified (by exchange - of email) that the email address on the key belongs to the key owner. +"3" ????????????????????????????????? + ????????????????????????????????? + ??????ID????ID?????????????????ID??? + ????????????????????????????????? + ???????? -Note that the examples given above for levels 2 and 3 are *only* examples. -In the end, it is up to you to decide just what "casual" and "extensive" -mean to you when you sign other keys. +??????2????3????????????????????????? +??????????????????????????????????? +??????????????????????????? -If you don't know what the right answer is, answer "0". +????????????????? "0" ????????? . -.#gpg.change_passwd.empty.okay -# fixme: Please translate and remove the hash mark from the key line. -Answer "yes" or "no" +.gpg.change_passwd.empty.okay +"yes" ? "no" ????????? . -.#gpg.keyedit.save.okay -# fixme: Please translate and remove the hash mark from the key line. -Answer "yes" or "no" + +.gpg.keyedit.save.okay +"yes" ? "no" ????????? . -.#gpg.keyedit.cancel.okay -# fixme: Please translate and remove the hash mark from the key line. -Answer "yes" or "no" + +.gpg.keyedit.cancel.okay +"yes" ? "no" ????????? . -.#gpg.keyedit.sign_all.okay -# fixme: Please translate and remove the hash mark from the key line. -Answer "yes" if you want to sign ALL the user IDs +.gpg.keyedit.sign_all.okay +???????ID????????????"yes"????????? . -.#gpg.keyedit.remove.uid.okay -# fixme: Please translate and remove the hash mark from the key line. -Answer "yes" if you really want to delete this user ID. -All certificates are then also lost! +.gpg.keyedit.remove.uid.okay +?????ID????????????"yes"????????? +?????????????????! . -.#gpg.keyedit.remove.subkey.okay -# fixme: Please translate and remove the hash mark from the key line. -Answer "yes" if it is okay to delete the subkey +.gpg.keyedit.remove.subkey.okay +????????????"yes"????????? . -.#gpg.keyedit.delsig.valid -# fixme: Please translate and remove the hash mark from the key line. -This is a valid signature on the key; you normally don't want -to delete this signature because it may be important to establish a -trust connection to the key or another key certified by this key. + +.gpg.keyedit.delsig.valid +??????????????????????????????????? +????????(????????????????)?????????? +???????????????????????? . -.#gpg.keyedit.delsig.unknown -# fixme: Please translate and remove the hash mark from the key line. -This signature can't be checked because you don't have the -corresponding key. You should postpone its deletion until you -know which key was used because this signing key might establish -a trust connection through another already certified key. +.gpg.keyedit.delsig.unknown +??????????????????????????????????? +??????????????????????????????????? +??????????????????????????????????? +?? . -.#gpg.keyedit.delsig.invalid -# fixme: Please translate and remove the hash mark from the key line. -The signature is not valid. It does make sense to remove it from -your keyring. +.gpg.keyedit.delsig.invalid +???????????????????????????????????? . -.#gpg.keyedit.delsig.selfsig -# fixme: Please translate and remove the hash mark from the key line. -This is a signature which binds the user ID to the key. It is -usually not a good idea to remove such a signature. Actually -GnuPG might not be able to use this key anymore. So do this -only if this self-signature is for some reason not valid and -a second one is available. +.gpg.keyedit.delsig.selfsig +????????ID?????????????????????????? +????????????????????GnuPG????????????? +??????????????????????????????????? +??????????????????????????????????? +?? . -.#gpg.keyedit.updpref.okay -# fixme: Please translate and remove the hash mark from the key line. -Change the preferences of all user IDs (or just of the selected ones) -to the current list of preferences. The timestamp of all affected -self-signatures will be advanced by one second. +.gpg.keyedit.updpref.okay +???????ID(?????????????)????????????? +??????????????????????????????????? +??????? +. +.gpg.passphrase.enter +# (keep a leading empty line) + +??????????????????????? . -.#gpg.passphrase.enter -# fixme: Please translate and remove the hash mark from the key line. -Please enter the passhrase; this is a secret sentence +.gpg.passphrase.repeat +????????????????????????????????????? . -.#gpg.passphrase.repeat -# fixme: Please translate and remove the hash mark from the key line. -Please repeat the last passphrase, so you are sure what you typed in. +.gpg.detached_signature.filename +???????????????????????? . -.#gpg.detached_signature.filename -# fixme: Please translate and remove the hash mark from the key line. -Give the name of the file to which the signature applies +.gpg.openfile.overwrite.okay +# openfile.c (overwrite_filep) +???????????????"yes"????????? . -.#gpg.openfile.overwrite.okay -# fixme: Please translate and remove the hash mark from the key line. -Answer "yes" if it is okay to overwrite the file +.gpg.openfile.askoutname +# openfile.c (ask_outfile_name) +????????????????????Enter????????????? +????????????????? . -.#gpg.openfile.askoutname -# fixme: Please translate and remove the hash mark from the key line. -Please enter a new filename. If you just hit RETURN the default -file (which is shown in brackets) will be used. +.gpg.ask_revocation_reason.code +# revoke.c (ask_revocation_reason) +?????????????????????????????: + "????????" + ???????????????????????????????? + ??????????????? + "???????" + ??????????????????????????? + "?????????" + ???????????????????????? + "???ID???????" + ???ID???????????????????????????? + ???????????????????????? . -.#gpg.ask_revocation_reason.code -# fixme: Please translate and remove the hash mark from the key line. -You should specify a reason for the certification. Depending on the -context you have the ability to choose from this list: - "Key has been compromised" - Use this if you have a reason to believe that unauthorized persons - got access to your secret key. - "Key is superseded" - Use this if you have replaced this key with a newer one. - "Key is no longer used" - Use this if you have retired this key. - "User ID is no longer valid" - Use this to state that the user ID should not longer be used; - this is normally used to mark an email address invalid. +.gpg.ask_revocation_reason.text +# revoke.c (ask_revocation_reason) +????????????????????????????????? +????????????????????????????????? +?????? . -.#gpg.ask_revocation_reason.text -# fixme: Please translate and remove the hash mark from the key line. -If you like, you can enter a text describing why you issue this -revocation certificate. Please keep this text concise. -An empty line ends the text. +.gpgsm.root-cert-not-trusted +# This text gets displayed by the audit log if +# a root certificates was not trusted. +??????(??????)?????????????????????? +??????????????????????????????????? +??????????GnuPG??????????????????????? +?????????????????GnuPG??????????????? +trustlist.txt ???????????????????????????? +???????????????????????? . +.gpgsm.crl-problem +# This tex is displayed by the audit log for problems with +# the CRL or OCSP checking. +?????????CRL?????OCSP?????????????????? +??????????????????????????????????? +??? +. + # Local variables: # mode: fundamental diff --git a/po/ja.po b/po/ja.po index 7b3d446..007f33f 100644 --- a/po/ja.po +++ b/po/ja.po @@ -7,9 +7,9 @@ # msgid "" msgstr "" -"Project-Id-Version: GNU gnupg 2.0.20\n" +"Project-Id-Version: gnupg 2.1\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2013-01-07 10:40+0900\n" +"PO-Revision-Date: 2013-02-12 13:30+0900\n" "Last-Translator: NIIBE Yutaka \n" "Language-Team: Japanese \n" "Language: ja\n" @@ -182,8 +182,8 @@ msgid "Reset Code" msgstr "Reset Code" #, c-format -msgid "%s%%0A%%0AUse the reader's keypad for input." -msgstr "%s%%0A%%0A??????????????????????" +msgid "%s%%0A%%0AUse the reader's pinpad for input." +msgstr "%s%%0A%%0A??????????????????????" msgid "Repeat this Reset Code" msgstr "??Reset Code?????????????" @@ -784,7 +784,7 @@ msgid "waiting for the agent to come up ... (%ds)\n" msgstr "agent???????%d?????\n" msgid "connection to agent established\n" -msgstr "" +msgstr "??????????????????\n" msgid "can't connect to the agent - trying fall back\n" msgstr "agent???????? - ????????????\n" @@ -1136,6 +1136,13 @@ msgid "not human readable" msgstr "????????" #, c-format +msgid "failed to proxy %s inquiry to client\n" +msgstr "????%s?????????????????????\n" + +msgid "Enter passphrase: " +msgstr "?????????: " + +#, c-format msgid "OpenPGP card not available: %s\n" msgstr "OpenPGP???????????: %s\n" @@ -1852,8 +1859,7 @@ msgstr "*??*: homedir '%s'????????????????\n msgid "" "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n" msgstr "" -"*??*: ???????????????'%s'???????????????" -"?\n" +"*??*: ???????????????'%s'????????????????\n" #, c-format msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n" @@ -1898,8 +1904,7 @@ msgstr "??????????????????" #, c-format msgid "NOTE: old default options file '%s' ignored\n" -msgstr "" -"*??*: ????????????????????'%s'????????\n" +msgstr "*??*: ????????????????????'%s'????????\n" #, c-format msgid "libgcrypt is too old (need %s, have %s)\n" @@ -1914,6 +1919,10 @@ msgid "'%s' is not a valid signature expiration\n" msgstr "'%s'????????????????\n" #, c-format +msgid "invalid pinentry mode '%s'\n" +msgstr "??? pinentry mode '%s'??\n" + +#, c-format msgid "'%s' is not a valid character set\n" msgstr "'%s'????????????????\n" @@ -2951,8 +2960,7 @@ msgid "" msgstr "" "* 'sign' ????? 'l' ?????????????? (lsign)?\n" " 't' ????????? (tsign)?'nr' ???????????\n" -" (nrsign)?????????????? (ltsign, tnrsign, ??)????" -"??\n" +" (nrsign)?????????????? (ltsign, tnrsign, ??)??????\n" msgid "Key is revoked." msgstr "????????????" @@ -4262,8 +4270,7 @@ msgid "" "Please enter the passphrase to unlock the secret key for the OpenPGP " "certificate:" msgstr "" -"OpenPGP?????????????????????????????????" -"?:" +"OpenPGP??????????????????????????????????:" msgid "" "Please enter the passphrase to import the secret key for the OpenPGP " @@ -4681,7 +4688,8 @@ msgstr "%s ? %s ??????(%zu???)?????????? #, c-format msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n" -msgstr "%s?%s?%zu???????????????????????(???????%s)\n" +msgstr "" +"%s?%s?%zu???????????????????????(???????%s)\n" msgid "WARNING: signature digest conflict in message\n" msgstr "*??*: ??????????????????????\n" @@ -5315,8 +5323,8 @@ msgstr "???PIN???????????????????? msgid "can't access %s - invalid OpenPGP card?\n" msgstr "%s?????????? - ???OpenPGP????\n" -msgid "||Please enter your PIN at the reader's keypad" -msgstr "||PIN???????????????????" +msgid "||Please enter your PIN at the reader's pinpad" +msgstr "||PIN???????????????????" #. TRANSLATORS: Do not translate the "|*|" prefixes but #. keep it at the start of the string. We need this elsewhere @@ -5348,12 +5356,15 @@ msgstr "??CCID??????????" msgid "|N|disconnect the card after N seconds of inactivity" msgstr "|N|N????????????????????????" -msgid "do not use a reader's keypad" -msgstr "??????????????" +msgid "do not use a reader's pinpad" +msgstr "??????????????" msgid "deny the use of admin card commands" msgstr "????????????????" +msgid "use variable length input for pinpad" +msgstr "??????????????" + msgid "Usage: scdaemon [options] (-h for help)" msgstr "???: scdaemon [?????] (???? -h)" @@ -5365,7 +5376,9 @@ msgstr "" "GnuPG?Smartcard????\n" msgid "please use the option '--daemon' to run the program in the background\n" -msgstr "'--daemon'?????????????????????????????????\n" +msgstr "" +"'--daemon'????????????????????????????????" +"?\n" #, c-format msgid "handler for fd %d started\n" @@ -5380,10 +5393,6 @@ msgid "invalid radix64 character %02x skipped\n" msgstr "???64???%02X?????????\n" #, c-format -msgid "failed to proxy %s inquiry to client\n" -msgstr "????%s?????????????????????\n" - -#, c-format msgid "validation model requested by certificate: %s" msgstr "?????????????????????: %s" @@ -5781,7 +5790,7 @@ msgid "Create self-signed certificate? (y/N) " msgstr "??????????????? (y/N) " msgid "These parameters are used:\n" -msgstr "" +msgstr "??????????????:\n" msgid "Now creating self-signed certificate. " msgstr "?????????????????? " @@ -5790,10 +5799,10 @@ msgid "Now creating certificate request. " msgstr "???????????????? " msgid "This may take a while ...\n" -msgstr "" +msgstr "?????????...\n" msgid "Ready.\n" -msgstr "" +msgstr "?????\n" msgid "Ready. You should now send this request to your CA.\n" msgstr "????????????????????CA????????\n" @@ -6110,11 +6119,11 @@ msgstr "?????????????????????: %s\n" #, c-format msgid "can't acquire read lock on the certificate cache: %s\n" -msgstr "" +msgstr "????????????????????????: %s\n" #, c-format msgid "can't acquire write lock on the certificate cache: %s\n" -msgstr "" +msgstr "????????????????????????: %s\n" #, c-format msgid "can't release lock on the certificate cache: %s\n" @@ -6149,10 +6158,10 @@ msgid " SHA1 fingerprint = %s\n" msgstr " SHA1?????????? = %s\n" msgid " issuer =" -msgstr "" +msgstr " ??? =" msgid " subject =" -msgstr "" +msgstr "?????? =" #, c-format msgid "error loading certificate '%s': %s\n" @@ -6249,17 +6258,17 @@ msgstr "?????????????????'%s'????? #, c-format msgid "first record of '%s' is not the version\n" -msgstr "" +msgstr "???????'%s'????????????????\n" msgid "old version of cache directory - cleaning up\n" -msgstr "" +msgstr "???????????????????? - ???????\n" msgid "old version of cache directory - giving up\n" -msgstr "" +msgstr "???????????????????? - ??????\n" #, c-format msgid "extra field detected in crl record of '%s' line %u\n" -msgstr "" +msgstr "crl?????'%s'?? %u ?????????????????\n" #, c-format msgid "invalid line detected in '%s' line %u\n" @@ -6271,7 +6280,7 @@ msgstr "'%s' (? %u)?????????\n" #, c-format msgid "unsupported record type in '%s' line %u skipped\n" -msgstr "" +msgstr "?????????????? '%s' ?? %u ?????????\n" #, c-format msgid "invalid issuer hash in '%s' line %u\n" @@ -6290,10 +6299,10 @@ msgid "WARNING: invalid cache file hash in '%s' line %u\n" msgstr "*??*: '%s'???????????????????(? %u)\n" msgid "detected errors in cache dir file\n" -msgstr "" +msgstr "???????????????????????\n" msgid "please check the reason and manually delete that file\n" -msgstr "" +msgstr "?????????????????????????\n" #, c-format msgid "failed to create temporary cache dir file '%s': %s\n" @@ -6324,7 +6333,7 @@ msgid "invalid formatted checksum for '%s'\n" msgstr "'%s'????????????????\n" msgid "too many open cache files; can't open anymore\n" -msgstr "" +msgstr "????????????????????????????????????\n" #, c-format msgid "opening cache file '%s'\n" @@ -6336,13 +6345,13 @@ msgstr "??????????'%s'????????: %s\n" #, c-format msgid "error initializing cache file '%s' for reading: %s\n" -msgstr "" +msgstr "?????????? '%s' ????????????: %s\n" msgid "calling unlock_db_file on a closed file\n" -msgstr "" +msgstr "unlock_db_file ?????????????????\n" msgid "calling unlock_db_file on an unlocked file\n" -msgstr "" +msgstr "unlock_db_file??????????????????\n" #, c-format msgid "failed to create a new cache object: %s\n" @@ -6354,28 +6363,29 @@ msgstr "???ID%s????CRL??????\n" #, c-format msgid "cached CRL for issuer id %s too old; update required\n" -msgstr "" +msgstr "????????CRL????ID %s ??????????????\n" #, c-format msgid "" "force-crl-refresh active and %d minutes passed for issuer id %s; update " "required\n" msgstr "" +"force-crl-refresh????%d?????ID%s???????????????\n" #, c-format msgid "force-crl-refresh active for issuer id %s; update required\n" -msgstr "" +msgstr "force-crl-refresh????ID%s???????????????\n" #, c-format msgid "available CRL for issuer ID %s can't be used\n" -msgstr "" +msgstr "???ID%s?????????CRL????????\n" #, c-format msgid "cached CRL for issuer id %s tampered; we need to update\n" -msgstr "" +msgstr "???ID%s????????????CRL?????????????????\n" msgid "WARNING: invalid cache record length for S/N " -msgstr "" +msgstr "**??**: S/N??????????????????" #, c-format msgid "problem reading cache record for S/N %s: %s\n" @@ -6383,11 +6393,11 @@ msgstr "S/N %s?????????????????????? #, c-format msgid "S/N %s is not valid; reason=%02X date=%.15s\n" -msgstr "" +msgstr "S/N %s ????????=%02X ??=%.15s\n" #, c-format msgid "S/N %s is valid, it is not listed in the CRL\n" -msgstr "" +msgstr "S/N %s??????CRL????????\n" #, c-format msgid "error getting data from cache file: %s\n" @@ -6399,10 +6409,10 @@ msgstr "??????????????'%s'\n" #, c-format msgid "gcry_md_open for algorithm %d failed: %s\n" -msgstr "" +msgstr "??????%d?gcry_md_open???: %s\n" msgid "got an invalid S-expression from libksba\n" -msgstr "" +msgstr "libksba?????S-????????\n" #, c-format msgid "converting S-expression failed: %s\n" @@ -6422,10 +6432,10 @@ msgstr "CRL???????????: %s\n" #, c-format msgid "update times of this CRL: this=%s next=%s\n" -msgstr "" +msgstr "??CRL?????: ??=%s ?=%s\n" msgid "nextUpdate not given; assuming a validity period of one day\n" -msgstr "" +msgstr "nextUpdate????????????????????????\n" #, c-format msgid "error getting CRL item: %s\n" @@ -6440,7 +6450,7 @@ msgid "no CRL issuer found in CRL: %s\n" msgstr "CRL??????????: %s\n" msgid "locating CRL issuer certificate by authorityKeyIdentifier\n" -msgstr "" +msgstr "CRL??????authorityKeyIdentifier??????\n" #, c-format msgid "CRL signature verification failed: %s\n" @@ -6484,15 +6494,15 @@ msgstr "????????????'%s'?????????: %s\ #, c-format msgid "WARNING: new CRL still too old; it expired on %s - loading anyway\n" -msgstr "" +msgstr "**??**: ???CRL?????????%s????????? - ??????????\n" #, c-format msgid "new CRL still too old; it expired on %s\n" -msgstr "" +msgstr "???CRL?????????%s?????????\n" #, c-format msgid "unknown critical CRL extension %s\n" -msgstr "" +msgstr "?????????CRL??? %s\n" #, c-format msgid "error reading CRL extensions: %s\n" @@ -6510,25 +6520,28 @@ msgid "" "updating the DIR file failed - cache entry will get lost with the next " "program start\n" msgstr "" +"DIR?????????? - ???????????????????????????\n" #, c-format msgid "Begin CRL dump (retrieved via %s)\n" -msgstr "" +msgstr "CRL?????? (%s ????)\n" msgid "" " ERROR: The CRL will not be used because it was still too old after an " "update!\n" msgstr "" +"*???*: CRL???????????????????????!\n" msgid "" " ERROR: The CRL will not be used due to an unknown critical extension!\n" msgstr "" +"*???*: CRL??????????????????????!\n" msgid " ERROR: The CRL will not be used\n" -msgstr "" +msgstr "*???*: CRL????????\n" msgid " ERROR: This cached CRL may have been tampered with!\n" -msgstr "" +msgstr "*???*: ??????????CRL???????????????!\n" msgid " WARNING: invalid cache record length\n" msgstr "*??*: ??????????????\n" @@ -6546,7 +6559,7 @@ msgid "error reading cache entry from db: %s\n" msgstr "db????????????????????: %s\n" msgid "End CRL dump\n" -msgstr "" +msgstr "CRL??????\n" #, c-format msgid "crl_fetch via DP failed: %s\n" @@ -6561,14 +6574,14 @@ msgid "crl_cache_insert via issuer failed: %s\n" msgstr "?????crl_cache_insert???????: %s\n" msgid "reader to file mapping table full - waiting\n" -msgstr "" +msgstr "reader???????????????????????? - ????\n" msgid "using \"http\" instead of \"https\"\n" -msgstr "" +msgstr "\"http\" ? \"https\" ?????????\n" #, c-format msgid "CRL access not possible due to disabled %s\n" -msgstr "" +msgstr "CRL??????????%s????????\n" #, c-format msgid "error initializing reader object: %s\n" @@ -6576,7 +6589,7 @@ msgstr "?????????????????: %s\n" #, c-format msgid "URL '%s' redirected to '%s' (%u)\n" -msgstr "" +msgstr "URL'%s' ? '%s' (%u) ????????????\n" msgid "too many redirections\n" msgstr "????????????\n" @@ -6594,10 +6607,10 @@ msgid "certificate search not possible due to disabled %s\n" msgstr "??????????????????????: %s\n" msgid "use OCSP instead of CRLs" -msgstr "" +msgstr "OCSP?CRL?????????" msgid "check whether a dirmngr is running" -msgstr "" +msgstr "dirmngr???????????????" msgid "add a certificate to the cache" msgstr "???????????????" @@ -6612,13 +6625,13 @@ msgid "lookup only locally stored certificates" msgstr "?????????????????????" msgid "expect an URL for --lookup" -msgstr "" +msgstr "--lookup??URL????" msgid "load a CRL into the dirmngr" msgstr "dirmngr?CRL??????" msgid "special mode for use by Squid" -msgstr "" +msgstr "Squid??????????" msgid "expect certificates in PEM format" msgstr "????PEM????????" @@ -6627,7 +6640,8 @@ msgid "force the use of the default OCSP responder" msgstr "?????OCSP???????????" msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n" -msgstr "???: dirmngr-client [?????] [???????|????] (???? -h)\n" +msgstr "" +"???: dirmngr-client [?????] [???????|????] (???? -h)\n" msgid "" "Syntax: dirmngr-client [options] [certfile|pattern]\n" @@ -6635,6 +6649,10 @@ msgid "" "The process returns 0 if the certificate is valid, 1 if it is\n" "not valid and other error codes for general failures\n" msgstr "" +"??: dirmngr-client [?????] [???????|????]\n" +"X.509????CRL??????????????OCSP???????\n" +"???????????????0????????????1 ????\n" +"???????????????????????\n" #, c-format msgid "error reading certificate from stdin: %s\n" @@ -6645,7 +6663,7 @@ msgid "error reading certificate from '%s': %s\n" msgstr "'%s'?????????????: %s\n" msgid "certificate too large to make any sense\n" -msgstr "" +msgstr "?????????????????????\n" #, c-format msgid "lookup failed: %s\n" @@ -6656,7 +6674,7 @@ msgid "loading CRL '%s' failed: %s\n" msgstr "CRL'%s'????????????: %s\n" msgid "a dirmngr daemon is up and running\n" -msgstr "" +msgstr "dirmngr daemon???????????\n" #, c-format msgid "validation of certificate failed: %s\n" @@ -6674,7 +6692,7 @@ msgstr "?????????????: %s\n" #, c-format msgid "got status: '%s'\n" -msgstr "" +msgstr "?????'%s'???????\n" #, c-format msgid "error writing base64 encoding: %s\n" @@ -6685,7 +6703,7 @@ msgid "failed to allocate assuan context: %s\n" msgstr "assuan????????????????: %s\n" msgid "apparently no running dirmngr\n" -msgstr "" +msgstr "?????dirmngr????????\n" msgid "no running dirmngr - starting one\n" msgstr "dirmngr???????? - ?????\n" @@ -6709,29 +6727,29 @@ msgid "unsupported inquiry '%s'\n" msgstr "???????????????: '%s'\n" msgid "absolute file name expected\n" -msgstr "" +msgstr "???????????\n" #, c-format msgid "looking up '%s'\n" -msgstr "" +msgstr "'%s'??????\n" msgid "run as windows service (background)" msgstr "???????????????? (????????)" msgid "list the contents of the CRL cache" -msgstr "" +msgstr "CRL???????????????" msgid "|FILE|load CRL from FILE into cache" msgstr "|FILE|FILE??CRL????????????" msgid "|URL|fetch a CRL from URL" -msgstr "" +msgstr "|URL|URL??CRL??????" msgid "shutdown the dirmngr" msgstr "dirmngr??????????" msgid "flush the cache" -msgstr "" +msgstr "??????????????" msgid "|FILE|write server mode logs to FILE" msgstr "|FILE|FILE????????????????" @@ -6740,40 +6758,40 @@ msgid "run without asking a user" msgstr "??????????????" msgid "force loading of outdated CRLs" -msgstr "" +msgstr "??????CRL?????????" msgid "allow sending OCSP requests" msgstr "OCSP?????????" msgid "inhibit the use of HTTP" -msgstr "" +msgstr "HTTP????????" msgid "inhibit the use of LDAP" -msgstr "" +msgstr "LDAP????????" msgid "ignore HTTP CRL distribution points" -msgstr "" +msgstr "HTTP CRL???????????" msgid "ignore LDAP CRL distribution points" -msgstr "" +msgstr "LDAP CRL???????????" msgid "ignore certificate contained OCSP service URLs" -msgstr "" +msgstr "OCSP????URL??????????????" msgid "|URL|redirect all HTTP requests to URL" -msgstr "" +msgstr "|URL|????HTTP??????URL?????????" msgid "|HOST|use HOST for LDAP queries" -msgstr "" +msgstr "|HOST|LDAP???????HOST???" msgid "do not use fallback hosts with --ldap-proxy" -msgstr "" +msgstr "--ldap-proxy ?????????????????" msgid "|FILE|read LDAP server list from FILE" msgstr "|FILE|FILE??LDAP?????????????" msgid "add new servers discovered in CRL distribution points to serverlist" -msgstr "" +msgstr "CRL??????????????????? serverlist ?????" msgid "|N|set LDAP timeout to N seconds" msgstr "|N|LDAP????????N????" @@ -6782,10 +6800,10 @@ msgid "|URL|use OCSP responder at URL" msgstr "|URL|OCSP?????URL???" msgid "|FPR|OCSP response signed by FPR" -msgstr "" +msgstr "|FPR|FPR??????OCSP?????" msgid "|N|do not return more than N items in one query" -msgstr "" +msgstr "|N|???????N??????????????" msgid "" "@\n" @@ -6837,36 +6855,36 @@ msgstr "%s:%u: ???????: %s\n" #, c-format msgid "%s:%u: garbage at end of line ignored\n" -msgstr "" +msgstr "%s:%u: ????????\n" msgid "SIGHUP received - re-reading configuration and flushing caches\n" -msgstr "" +msgstr "SIGHUP????? - ???????????????????\n" msgid "SIGUSR2 received - no action defined\n" -msgstr "" +msgstr "SIGUSR2????? - ?????????\n" msgid "SIGTERM received - shutting down ...\n" -msgstr "" +msgstr "SIGTERM????? - ???????...\n" #, c-format msgid "SIGTERM received - still %d active connections\n" -msgstr "" +msgstr "SIGTERM????? - %d?????????????????\n" msgid "shutdown forced\n" msgstr "?????????????\n" msgid "SIGINT received - immediate shutdown\n" -msgstr "" +msgstr "SIGINT????? - ??????????\n" #, c-format msgid "signal %d received - no action defined\n" -msgstr "" +msgstr "????%d????? - ????????????\n" msgid "return all values in a record oriented format" -msgstr "" +msgstr "???????????????" msgid "|NAME|ignore host part and connect through NAME" -msgstr "" +msgstr "|NAME|host???????NAME?????????" msgid "|NAME|connect to host NAME" msgstr "|NAME|???NAME?????" @@ -6875,22 +6893,22 @@ msgid "|N|connect to port N" msgstr "|N|???N??????" msgid "|NAME|use user NAME for authentication" -msgstr "" +msgstr "|NAME|???NAME??????" msgid "|PASS|use password PASS for authentication" -msgstr "" +msgstr "|PASS|?????PASS??????" msgid "take password from $DIRMNGR_LDAP_PASS" -msgstr "" +msgstr "??????$DIRMNGR_LDAP_PASS???????" msgid "|STRING|query DN STRING" -msgstr "" +msgstr "|STRING|DN STRING??????" msgid "|STRING|use STRING as filter expression" -msgstr "" +msgstr "|STRING|STRING?????????" msgid "|STRING|return the attribute STRING" -msgstr "" +msgstr "|STRING|STRING??????" msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n" msgstr "???: dirmngr_ldap [?????] [URL] (???? -h)\n" @@ -6900,6 +6918,9 @@ msgid "" "Internal LDAP helper for Dirmngr\n" "Interface and options may change without notice\n" msgstr "" +"??: dirmngr_ldap [?????] [URL]\n" +"Dirmngr???LDAP????\n" +"?????????????????????????????????\n" #, c-format msgid "invalid port number %d\n" @@ -6907,7 +6928,7 @@ msgstr "???????? %d\n" #, c-format msgid "scanning result for attribute '%s'\n" -msgstr "" +msgstr "??'%s'???????\n" #, c-format msgid "error writing to stdout: %s\n" @@ -6915,7 +6936,7 @@ msgstr "stdout?????????: %s\n" #, c-format msgid " available attribute '%s'\n" -msgstr "" +msgstr " ???????'%s'\n" #, c-format msgid "attribute '%s' not found\n" @@ -6923,7 +6944,7 @@ msgstr "??'%s'????????\n" #, c-format msgid "found attribute '%s'\n" -msgstr "" +msgstr "??'%s'????????\n" #, c-format msgid "processing url '%s'\n" @@ -6951,7 +6972,7 @@ msgstr " DN '%s'\n" #, c-format msgid " filter '%s'\n" -msgstr "" +msgstr " ???? '%s'\n" #, c-format msgid " attr '%s'\n" @@ -6963,7 +6984,7 @@ msgstr "'%s'???????????\n" #, c-format msgid "no attribute given for query '%s'\n" -msgstr "" +msgstr "??? '%s' ?????????????\n" msgid "WARNING: using first attribute only\n" msgstr "*??*: ??????????????\n" @@ -6986,7 +7007,7 @@ msgstr "'%s'??LDAP URL???????\n" #, c-format msgid "'%s' is an invalid LDAP URL\n" -msgstr "" +msgstr "'%s' ????LDAP URL??\n" #, c-format msgid "error allocating memory: %s\n" @@ -7006,15 +7027,15 @@ msgstr "npth_select???????: %s - ??????\n" #, c-format msgid "ldap wrapper %d ready" -msgstr "" +msgstr "ldap wrapper %d ?????" #, c-format msgid "ldap wrapper %d ready: timeout\n" -msgstr "" +msgstr "ldap wrapper %d ?????: ??????\n" #, c-format msgid "ldap wrapper %d ready: exitcode=%d\n" -msgstr "" +msgstr "ldap wrapper %d ?????: exitcode=%d\n" #, c-format msgid "waiting for ldap wrapper %d failed: %s\n" @@ -7022,11 +7043,11 @@ msgstr "ldap wrapper %d??????: %s\n" #, c-format msgid "ldap wrapper %d stalled - killing\n" -msgstr "" +msgstr "ldap wrapper %d ??????? - kill?????\n" #, c-format msgid "error spawning ldap wrapper reaper thread: %s\n" -msgstr "" +msgstr "ldap wrapper????????????: %s\n" #, c-format msgid "reading from ldap wrapper %d failed: %s\n" @@ -7034,7 +7055,7 @@ msgstr "ldap wrapper %d ??????????????: %s\n" #, c-format msgid "invalid char 0x%02x in host name - not added\n" -msgstr "" +msgstr "?????????? 0x%02x - ?????\n" #, c-format msgid "adding '%s:%d' to the ldap server list\n" @@ -7046,10 +7067,10 @@ msgstr "malloc???????: %s\n" #, c-format msgid "start_cert_fetch: invalid pattern '%s'\n" -msgstr "" +msgstr "start_cert_fetch: ??????? '%s'\n" msgid "ldap_search hit the size limit of the server\n" -msgstr "" +msgstr "ldap_search ????????????????\n" msgid "invalid canonical S-expression found\n" msgstr "?????S?????????\n" @@ -7063,7 +7084,7 @@ msgid "oops: ksba_cert_hash failed: %s\n" msgstr "???: ksba_cert_hash???????: %s\n" msgid "bad URL encoding detected\n" -msgstr "" +msgstr "???URL????????????????\n" #, c-format msgid "error reading from responder: %s\n" @@ -7074,7 +7095,7 @@ msgid "response from server too large; limit is %d bytes\n" msgstr "??????????????? (??%d???)?\n" msgid "OCSP request not possible due to disabled HTTP\n" -msgstr "" +msgstr "HTTP??????????OCSP???????????\n" #, c-format msgid "error setting OCSP target: %s\n" @@ -7102,17 +7123,17 @@ msgstr "'%s'????OCSP???????: %s\n" #, c-format msgid "OCSP responder at '%s' status: %s\n" -msgstr "" +msgstr "OSCP??? '%s' ??????: %s\n" #, c-format msgid "hashing the OCSP response for '%s' failed: %s\n" msgstr "'%s'????OCSP???????????????: %s\n" msgid "not signed by a default OCSP signer's certificate" -msgstr "" +msgstr "?????OCSP????????????????" msgid "only SHA-1 is supported for OCSP responses\n" -msgstr "" +msgstr "SHA-1???OCSP??????????????????\n" #, c-format msgid "allocating list item failed: %s\n" @@ -7144,7 +7165,7 @@ msgid "can't get authorityInfoAccess: %s\n" msgstr "authorityInfoAccess????????: %s\n" msgid "no default OCSP responder defined\n" -msgstr "" +msgstr "?????OCSP???????????????\n" msgid "no default OCSP signer defined\n" msgstr "??????OCSP?????????????\n" @@ -7159,7 +7180,7 @@ msgstr "OCSP??'%s'?????\n" #, c-format msgid "failed to establish a hashing context for OCSP: %s\n" -msgstr "" +msgstr "OCSP?????????????????????????: %s\n" #, c-format msgid "error getting OCSP status for target certificate: %s\n" @@ -7167,33 +7188,33 @@ msgstr "???????OCSP???????????: %s\n" #, c-format msgid "certificate status is: %s (this=%s next=%s)\n" -msgstr "" +msgstr "?????????: %s (??=%s ?=%s)\n" msgid "good" -msgstr "" +msgstr "??" #, c-format msgid "certificate has been revoked at: %s due to: %s\n" msgstr "??????????: %s (??: %s)\n" msgid "OCSP responder returned a status in the future\n" -msgstr "" +msgstr "OSCP????????????????????\n" msgid "OCSP responder returned a non-current status\n" -msgstr "" +msgstr "OSCP??????????????????????\n" msgid "OCSP responder returned an too old status\n" -msgstr "" +msgstr "OSCP?????????????????????\n" #, c-format msgid "assuan_inquire(%s) failed: %s\n" msgstr "assuan_inquire(%s)???????: %s\n" msgid "ldapserver missing" -msgstr "" +msgstr "ldapserver??????" msgid "serialno missing in cert ID" -msgstr "" +msgstr "serialno?cert ID??????" #, c-format msgid "assuan_inquire failed: %s\n" @@ -7217,7 +7238,7 @@ msgstr "fetch_next_cert ???????: %s\n" #, c-format msgid "max_replies %d exceeded\n" -msgstr "" +msgstr "max_replies %d ??????\n" #, c-format msgid "can't allocate control structure: %s\n" @@ -7233,7 +7254,7 @@ msgstr "Assuan??????????????: %s\n" #, c-format msgid "Assuan accept problem: %s\n" -msgstr "" +msgstr "Assuan accept ???: %s\n" #, c-format msgid "Assuan processing failed: %s\n" @@ -7246,13 +7267,13 @@ msgid "CRL checking too deeply nested\n" msgstr "CRL????????????\n" msgid "not checking CRL for" -msgstr "" +msgstr "CRL ???????" msgid "checking CRL for" msgstr "CRL?????????" msgid "running in compatibility mode - certificate chain not checked!\n" -msgstr "" +msgstr "?????????????? - ??????????????!\n" msgid "selfsigned certificate has a BAD signature" msgstr "????????*???*???????" @@ -7265,7 +7286,7 @@ msgid "certificate chain is good\n" msgstr "?????????????\n" msgid "DSA requires the use of a 160 bit hash algorithm\n" -msgstr "" +msgstr "DSA?160?????????????????????????\n" msgid "certificate should not have been used for CRL signing\n" msgstr "????CRL??????????????????????\n" @@ -7432,19 +7453,19 @@ msgid "Configuration for OCSP" msgstr "OCSP???????????" msgid "GPG for OpenPGP" -msgstr "" +msgstr "OpenPGP????GPG" msgid "GPG Agent" -msgstr "" +msgstr "GPG Agent" msgid "Smartcard Daemon" -msgstr "" +msgstr "????????????" msgid "GPG for S/MIME" -msgstr "" +msgstr "S/MIME ????GPG" msgid "Directory Manager" -msgstr "" +msgstr "????????????" msgid "PIN and Passphrase Entry" msgstr "PIN??????????" @@ -7660,202 +7681,3 @@ msgid "" msgstr "" "??: gpg-check-pattern [?????] ????????\n" "????????????????????????????\n" - -#~ msgid "can't fdopen pipe for reading: %s\n" -#~ msgstr "????????????fdopen?????: %s\n" - -#~ msgid "Please select where to store the key:\n" -#~ msgstr "???????????????:\n" - -#~ msgid "unknown key protection algorithm\n" -#~ msgstr "??????????????\n" - -#~ msgid "secret parts of key are not available\n" -#~ msgstr "???????????\n" - -#~ msgid "secret key already stored on a card\n" -#~ msgstr "??????????????????\n" - -#~ msgid "error writing key to card: %s\n" -#~ msgstr "????????????: %s\n" - -#~ msgid "remove the passphrase from exported subkeys" -#~ msgstr "???????????????????????" - -#~ msgid "key %s: not protected - skipped\n" -#~ msgstr "?%s: ????????? - ???????\n" - -#~ msgid "about to export an unprotected subkey\n" -#~ msgstr "???????????????????????????\n" - -#~ msgid "failed to unprotect the subkey: %s\n" -#~ msgstr "???????????????????: %s\n" - -#~ msgid "WARNING: secret key %s does not have a simple SK checksum\n" -#~ msgstr "*??*: ???%s??????SK????????????\n" - -#~ msgid "key %s: secret key without public key - skipped\n" -#~ msgstr "?%s: ??????????? - ???????\n" - -#~ msgid "create a public key when importing a secret key" -#~ msgstr "???????????????????????" - -#~ msgid "key %s: already in secret keyring\n" -#~ msgstr "?%s: ?????????????\n" - -#~ msgid "key %s: secret key not found: %s\n" -#~ msgstr "?%s: ???????????: %s\n" - -#~ msgid "NOTE: a key's S/N does not match the card's one\n" -#~ msgstr "*??*: ??????????????????????\n" - -#~ msgid "NOTE: primary key is online and stored on card\n" -#~ msgstr "*??*: ?????????????????\n" - -#~ msgid "NOTE: secondary key is online and stored on card\n" -#~ msgstr "*??*: ??????????????????\n" - -#~ msgid "This key is not protected.\n" -#~ msgstr "??????????????\n" - -#~ msgid "Key is protected.\n" -#~ msgstr "???????????\n" - -#~ msgid "Can't edit this key: %s\n" -#~ msgstr "???????????: %s\n" - -#~ msgid "" -#~ "Enter the new passphrase for this secret key.\n" -#~ "\n" -#~ msgstr "" -#~ "?????????????????????????\n" -#~ "\n" - -#~ msgid "" -#~ "You don't want a passphrase - this is probably a *bad* idea!\n" -#~ "\n" -#~ msgstr "" -#~ "?????????????????\n" -#~ "???????????????!\n" -#~ "\n" - -#~ msgid "Do you really want to do this? (y/N) " -#~ msgstr "?????????? (y/N) " - -#~ msgid "error reading secret keyblock \"%s\": %s\n" -#~ msgstr "???????\"%s\"????????: %s\n" - -#~ msgid "Please remove selections from the secret keys.\n" -#~ msgstr "???????????????\n" - -#~ msgid "No corresponding signature in secret ring\n" -#~ msgstr "???????????????????\n" - -#~ msgid "writing secret key stub to `%s'\n" -#~ msgstr "'%s'??????????????\n" - -#~ msgid "writing secret key to `%s'\n" -#~ msgstr "'%s'???????????\n" - -#~ msgid "no writable secret keyring found: %s\n" -#~ msgstr "?????????????????????: %s\n" - -#~ msgid "WARNING: 2 files with confidential information exists.\n" -#~ msgstr "*??*: ?????????????2???????\n" - -#~ msgid "%s is the unchanged one\n" -#~ msgstr "%s?????????\n" - -#~ msgid "%s is the new one\n" -#~ msgstr "%s???????\n" - -#~ msgid "Please fix this possible security flaw\n" -#~ msgstr "????????????????????\n" - -#~ msgid "searching for names from %s server %s\n" -#~ msgstr "%s?????%s??????\n" - -#~ msgid "searching for names from %s\n" -#~ msgstr "\"%s\"???????\n" - -#~ msgid "searching for \"%s\" from %s server %s\n" -#~ msgstr "\"%s\"?%s???%s????\n" - -#~ msgid "searching for \"%s\" from %s\n" -#~ msgstr "\"%s\"????%s????\n" - -#~ msgid "no keyserver action!\n" -#~ msgstr "????????????????!\n" - -#~ msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n" -#~ msgstr "*??*: ????????GnuPG?????????? (%s)\n" - -#~ msgid "keyserver did not send VERSION\n" -#~ msgstr "?????VERSION??????????\n" - -#~ msgid "external keyserver calls are not supported in this build\n" -#~ msgstr "?????????????????????????????\n" - -#~ msgid "no handler for keyserver scheme `%s'\n" -#~ msgstr "?????????'%s'????????????\n" - -#~ msgid "action `%s' not supported with keyserver scheme `%s'\n" -#~ msgstr "??'%s'???????????'%s'????????????\n" - -#~ msgid "%s does not support handler version %d\n" -#~ msgstr "%s???????????%d?????????\n" - -#~ msgid "keyserver timed out\n" -#~ msgstr "???????????\n" - -#~ msgid "keyserver internal error\n" -#~ msgstr "??????????\n" - -#~ msgid "keyserver communications error: %s\n" -#~ msgstr "?????????: %s\n" - -#~ msgid "WARNING: unable to parse URI %s\n" -#~ msgstr "*??*: URI %s ????????\n" - -#~ msgid "the IDEA cipher plugin is not present\n" -#~ msgstr "IDEA????????????????\n" - -#~ msgid "no corresponding public key: %s\n" -#~ msgstr "?????????????: %s\n" - -#~ msgid "public key does not match secret key!\n" -#~ msgstr "??????????????!\n" - -#~ msgid "unknown protection algorithm\n" -#~ msgstr "?????????????\n" - -#~ msgid "NOTE: This key is not protected!\n" -#~ msgstr "*??*: ?????????????!\n" - -#~ msgid "protection digest %d is not supported\n" -#~ msgstr "????????%d???????????\n" - -#~ msgid "Invalid passphrase; please try again" -#~ msgstr "?????????????????????" - -#~ msgid "%s ...\n" -#~ msgstr "%s ...\n" - -#~ msgid "WARNING: Weak key detected - please change passphrase again.\n" -#~ msgstr "*??*: ???????????????????????????\n" - -#~ msgid "" -#~ "generating the deprecated 16-bit checksum for secret key protection\n" -#~ msgstr "?????16????????????????????\n" - -#~ msgid "DSA key %s uses an unsafe (%u bit) hash\n" -#~ msgstr "DSA? %s??????(%u???)?????????\n" - -#~ msgid " - probably dead - removing lock" -#~ msgstr " - ????????? - ??????" - -#~ msgid "Parameters to be used for the certificate request:\n" -#~ msgstr "???????????????:\n" - -#~ msgid "use system's dirmngr if available" -#~ msgstr "???????????dirmngr?????" ----------------------------------------------------------------------- Summary of changes: doc/help.ja.txt | 399 ++++++++++++++++++++++++------------------- po/ja.po | 506 ++++++++++++++++++------------------------------------- 2 files changed, 388 insertions(+), 517 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 12 06:26:34 2013 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 12 Feb 2013 06:26:34 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.19-87-g815d01f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 815d01fceb56bc03cb0df0826a9a8438970dbda4 (commit) from 1f187000c4676129fdcaaacdcf4f959131ddd448 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 815d01fceb56bc03cb0df0826a9a8438970dbda4 Author: NIIBE Yutaka Date: Tue Feb 12 14:17:38 2013 +0900 Japanese: minor doc update. * doc/help.ja.txt: Update. diff --git a/doc/help.ja.txt b/doc/help.ja.txt index 03f3d89..0a538b8 100644 --- a/doc/help.ja.txt +++ b/doc/help.ja.txt @@ -1,4 +1,4 @@ -# help..txt - Japanese GnuPG online help +# help.ja.txt - Japanese GnuPG online help # Copyright (C) 2007 Free Software Foundation, Inc. # # This file is part of GnuPG. ----------------------------------------------------------------------- Summary of changes: doc/help.ja.txt | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 12 06:32:09 2013 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 12 Feb 2013 06:32:09 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-153-gb90506e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b90506ea220860c89128f002bd593d0462a08d73 (commit) via 30f8a3c8736451d8c06ef72521a8da5eabf23016 (commit) from 595ab0da666c43a1315a72a1346ee149998d8771 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b90506ea220860c89128f002bd593d0462a08d73 Author: NIIBE Yutaka Date: Wed Feb 6 14:01:23 2013 +0900 gpg: Implement card_store_subkey again. * g10/call-agent.h (agent_keytocard): New. * g10/call-agent.c (agent_keytocard): New. * g10/card-util.c (replace_existing_key_p): Returns 1 when replace. (card_generate_subkey): Check return value of replace_existing_key_p. (card_store_subkey): Implement again using agent_keytocard. diff --git a/g10/call-agent.c b/g10/call-agent.c index ed141da..85a3f28 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -599,6 +599,30 @@ agent_learn (struct agent_card_info_s *info) return rc; } + +int +agent_keytocard (const char *hexgrip, int keyno, int force, + const char *serialno, const char *timestamp) +{ + int rc; + char line[ASSUAN_LINELENGTH]; + + snprintf (line, DIM(line)-1, "KEYTOCARD %s%s %s OPENPGP.%d %s", + force?"--force ": "", hexgrip, serialno, keyno, timestamp); + line[DIM(line)-1] = 0; + + rc = start_agent (NULL, 1); + if (rc) + return rc; + + rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, + NULL, NULL, NULL); + if (rc) + return rc; + + return rc; +} + /* Call the agent to retrieve a data object. This function returns the data in the same structure as used by the learn command. It is allowed to update such a structure using this commmand. */ diff --git a/g10/call-agent.h b/g10/call-agent.h index de05d7a..ab1d41a 100644 --- a/g10/call-agent.h +++ b/g10/call-agent.h @@ -81,6 +81,10 @@ int agent_learn (struct agent_card_info_s *info); /* Update INFO with the attribute NAME. */ int agent_scd_getattr (const char *name, struct agent_card_info_s *info); +/* Send the KEYTOCARD command. */ +int agent_keytocard (const char *hexgrip, int keyno, int force, + const char *serialno, const char *timestamp); + /* Send a SETATTR command to the SCdaemon. */ int agent_scd_setattr (const char *name, const unsigned char *value, size_t valuelen, diff --git a/g10/card-util.c b/g10/card-util.c index 8358685..75208cc 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -1264,6 +1264,7 @@ replace_existing_key_p (struct agent_card_info_s *info, int keyno) if ( !cpr_get_answer_is_yes( "cardedit.genkeys.replace_key", _("Replace existing key? (y/N) "))) return -1; + return 1; } return 0; } @@ -1484,7 +1485,7 @@ card_generate_subkey (KBNODE pub_keyblock) tty_printf(_("Invalid selection.\n")); } - if (replace_existing_key_p (&info, keyno)) + if (replace_existing_key_p (&info, keyno) < 0) { err = gpg_error (GPG_ERR_CANCELED); goto leave; @@ -1531,152 +1532,99 @@ card_generate_subkey (KBNODE pub_keyblock) int card_store_subkey (KBNODE node, int use) { - log_info ("FIXME: card_store_subkey has not yet been implemented\n"); -/* struct agent_card_info_s info; */ -/* int okay = 0; */ -/* int rc; */ -/* int keyno, i; */ -/* PKT_secret_key *copied_sk = NULL; */ -/* PKT_secret_key *sk; */ -/* size_t n; */ -/* const char *s; */ -/* int allow_keyno[3]; */ -/* unsigned int nbits; */ - - -/* assert (node->pkt->pkttype == PKT_SECRET_KEY */ -/* || node->pkt->pkttype == PKT_SECRET_SUBKEY); */ -/* sk = node->pkt->pkt.secret_key; */ - -/* if (get_info_for_key_operation (&info)) */ -/* return 0; */ - -/* if (!info.extcap.ki) */ -/* { */ -/* tty_printf ("The card does not support the import of keys\n"); */ -/* tty_printf ("\n"); */ -/* goto leave; */ -/* } */ - -/* show_card_key_info (&info); */ - -/* nbits = nbits_from_sk (sk); */ - -/* if (!is_RSA (sk->pubkey_algo) || (!info.is_v2 && nbits != 1024) ) */ -/* { */ -/* tty_printf ("You may only store a 1024 bit RSA key on the card\n"); */ -/* tty_printf ("\n"); */ -/* goto leave; */ -/* } */ - -/* allow_keyno[0] = (!use || (use & (PUBKEY_USAGE_SIG))); */ -/* allow_keyno[1] = (!use || (use & (PUBKEY_USAGE_ENC))); */ -/* allow_keyno[2] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH))); */ - -/* tty_printf (_("Please select where to store the key:\n")); */ - -/* if (allow_keyno[0]) */ -/* tty_printf (_(" (1) Signature key\n")); */ -/* if (allow_keyno[1]) */ -/* tty_printf (_(" (2) Encryption key\n")); */ -/* if (allow_keyno[2]) */ -/* tty_printf (_(" (3) Authentication key\n")); */ - -/* for (;;) */ -/* { */ -/* char *answer = cpr_get ("cardedit.genkeys.storekeytype", */ -/* _("Your selection? ")); */ -/* cpr_kill_prompt(); */ -/* if (*answer == CONTROL_D || !*answer) */ -/* { */ -/* xfree (answer); */ -/* goto leave; */ -/* } */ -/* keyno = *answer? atoi(answer): 0; */ -/* xfree(answer); */ -/* if (keyno >= 1 && keyno <= 3 && allow_keyno[keyno-1]) */ -/* { */ -/* if (info.is_v2 && !info.extcap.aac */ -/* && info.key_attr[keyno-1].nbits != nbits) */ -/* { */ -/* tty_printf ("Key does not match the card's capability.\n"); */ -/* } */ -/* else */ -/* break; /\* Okay. *\/ */ -/* } */ -/* else */ -/* tty_printf(_("Invalid selection.\n")); */ -/* } */ - -/* if (replace_existing_key_p (&info, keyno)) */ -/* goto leave; */ - -/* /\* Unprotect key. *\/ */ -/* switch (is_secret_key_protected (sk) ) */ -/* { */ -/* case 0: /\* Not protected. *\/ */ -/* break; */ -/* case -1: */ -/* log_error (_("unknown key protection algorithm\n")); */ -/* goto leave; */ -/* default: */ -/* if (sk->protect.s2k.mode == 1001) */ -/* { */ -/* log_error (_("secret parts of key are not available\n")); */ -/* goto leave; */ -/* } */ -/* if (sk->protect.s2k.mode == 1002) */ -/* { */ -/* log_error (_("secret key already stored on a card\n")); */ -/* goto leave; */ -/* } */ -/* /\* We better copy the key before we unprotect it. *\/ */ -/* copied_sk = sk = copy_secret_key (NULL, sk); */ -/* rc = 0/\*check_secret_key (sk, 0)*\/; */ -/* if (rc) */ -/* goto leave; */ -/* } */ - -/* #warning code save_unprotected_key_to_card */ -/* /\* rc = save_unprotected_key_to_card (sk, keyno); *\/ */ -/* /\* if (rc) *\/ */ -/* /\* { *\/ */ -/* /\* log_error (_("error writing key to card: %s\n"), gpg_strerror (rc)); *\/ */ -/* /\* goto leave; *\/ */ -/* /\* } *\/ */ - -/* /\* Get back to the maybe protected original secret key. *\/ */ -/* if (copied_sk) */ -/* { */ -/* free_secret_key (copied_sk); */ -/* copied_sk = NULL; */ -/* } */ -/* sk = node->pkt->pkt.secret_key; */ - -/* /\* Get rid of the secret key parameters and store the serial numer. *\/ */ -/* n = pubkey_get_nskey (sk->pubkey_algo); */ -/* for (i=pubkey_get_npkey (sk->pubkey_algo); i < n; i++) */ -/* { */ -/* gcry_mpi_release (sk->skey[i]); */ -/* sk->skey[i] = NULL; */ -/* } */ -/* i = pubkey_get_npkey (sk->pubkey_algo); */ -/* sk->skey[i] = gcry_mpi_set_opaque (NULL, xstrdup ("dummydata"), 10*8); */ -/* sk->is_protected = 1; */ -/* sk->protect.s2k.mode = 1002; */ -/* s = info.serialno; */ -/* for (sk->protect.ivlen=0; sk->protect.ivlen < 16 && *s && s[1]; */ -/* sk->protect.ivlen++, s += 2) */ -/* sk->protect.iv[sk->protect.ivlen] = xtoi_2 (s); */ - -/* okay = 1; */ - -/* leave: */ -/* if (copied_sk) */ -/* free_secret_key (copied_sk); */ -/* agent_release_card_info (&info); */ -/* return okay; */ - return -1; + struct agent_card_info_s info; + int okay = 0; + unsigned int nbits; + int allow_keyno[3]; + int keyno; + PKT_public_key *pk; + gpg_error_t err; + char *hexgrip; + int rc; + gnupg_isotime_t timebuf; + + assert (node->pkt->pkttype == PKT_PUBLIC_KEY + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY); + + pk = node->pkt->pkt.public_key; + + if (get_info_for_key_operation (&info)) + return 0; + + if (!info.extcap.ki) + { + tty_printf ("The card does not support the import of keys\n"); + tty_printf ("\n"); + goto leave; + } + + nbits = nbits_from_pk (pk); + + if (!is_RSA (pk->pubkey_algo) || (!info.is_v2 && nbits != 1024) ) + { + tty_printf ("You may only store a 1024 bit RSA key on the card\n"); + tty_printf ("\n"); + goto leave; + } + + allow_keyno[0] = (!use || (use & (PUBKEY_USAGE_SIG))); + allow_keyno[1] = (!use || (use & (PUBKEY_USAGE_ENC))); + allow_keyno[2] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH))); + + tty_printf (_("Please select where to store the key:\n")); + + if (allow_keyno[0]) + tty_printf (_(" (1) Signature key\n")); + if (allow_keyno[1]) + tty_printf (_(" (2) Encryption key\n")); + if (allow_keyno[2]) + tty_printf (_(" (3) Authentication key\n")); + + for (;;) + { + char *answer = cpr_get ("cardedit.genkeys.storekeytype", + _("Your selection? ")); + cpr_kill_prompt(); + if (*answer == CONTROL_D || !*answer) + { + xfree (answer); + goto leave; + } + keyno = *answer? atoi(answer): 0; + xfree(answer); + if (keyno >= 1 && keyno <= 3 && allow_keyno[keyno-1]) + { + if (info.is_v2 && !info.extcap.aac + && info.key_attr[keyno-1].nbits != nbits) + { + tty_printf ("Key does not match the card's capability.\n"); + } + else + break; /* Okay. */ + } + else + tty_printf(_("Invalid selection.\n")); + } + + if ((rc = replace_existing_key_p (&info, keyno)) < 0) + goto leave; + + err = hexkeygrip_from_pk (pk, &hexgrip); + if (err) + goto leave; + + epoch2isotime (timebuf, (time_t)pk->timestamp); + agent_keytocard (hexgrip, keyno, rc, info.serialno, timebuf); + + if (rc) + log_error (_("KEYTOCARD failed: %s\n"), gpg_strerror (rc)); + else + okay = 1; + xfree (hexgrip); + + leave: + agent_release_card_info (&info); + return okay; } commit 30f8a3c8736451d8c06ef72521a8da5eabf23016 Author: NIIBE Yutaka Date: Wed Feb 6 14:00:05 2013 +0900 agent: Add KEYTOCARD command. * agent/agent.h (divert_writekey, agent_card_writekey): New. * agent/call-scd.c (inq_writekey_parms, agent_card_writekey): New. * agent/command.c (cmd_keytocard, hlp_keytocard): New. (register_commands): Add cmd_keytocard. * agent/divert-scd.c (divert_writekey): New. diff --git a/agent/agent.h b/agent/agent.h index 8b1cae9..030b295 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -412,6 +412,8 @@ int divert_pkdecrypt (ctrl_t ctrl, char **r_buf, size_t *r_len); int divert_generic_cmd (ctrl_t ctrl, const char *cmdline, void *assuan_context); +int divert_writekey (ctrl_t ctrl, int force, const char *serialno, + const char *id, const char *keydata, size_t keydatalen); /*-- call-scd.c --*/ @@ -445,6 +447,11 @@ int agent_card_pkdecrypt (ctrl_t ctrl, int agent_card_readcert (ctrl_t ctrl, const char *id, char **r_buf, size_t *r_buflen); int agent_card_readkey (ctrl_t ctrl, const char *id, unsigned char **r_buf); +int agent_card_writekey (ctrl_t ctrl, int force, const char *serialno, + const char *id, const char *keydata, + size_t keydatalen, + int (*getpin_cb)(void *, const char *, char*, size_t), + void *getpin_cb_arg); gpg_error_t agent_card_getattr (ctrl_t ctrl, const char *name, char **result); int agent_card_scd (ctrl_t ctrl, const char *cmdline, int (*getpin_cb)(void *, const char *, char*, size_t), diff --git a/agent/call-scd.c b/agent/call-scd.c index 00b34ed..cbe4d1c 100644 --- a/agent/call-scd.c +++ b/agent/call-scd.c @@ -1050,6 +1050,64 @@ agent_card_readkey (ctrl_t ctrl, const char *id, unsigned char **r_buf) } +struct writekey_parm_s +{ + assuan_context_t ctx; + int (*getpin_cb)(void *, const char *, char*, size_t); + void *getpin_cb_arg; + assuan_context_t passthru; + int any_inq_seen; + /**/ + const unsigned char *keydata; + size_t keydatalen; +}; + +/* Handle a KEYDATA inquiry. Note, we only send the data, + assuan_transact takes care of flushing and writing the end */ +static gpg_error_t +inq_writekey_parms (void *opaque, const char *line) +{ + struct writekey_parm_s *parm = opaque; + + if (!strncmp (line, "KEYDATA", 7) && (line[7]==' '||!line[7])) + return assuan_send_data (parm->ctx, parm->keydata, parm->keydatalen); + else + return inq_needpin (opaque, line); +} + + +int +agent_card_writekey (ctrl_t ctrl, int force, const char *serialno, + const char *id, const char *keydata, size_t keydatalen, + int (*getpin_cb)(void *, const char *, char*, size_t), + void *getpin_cb_arg) +{ + int rc; + char line[ASSUAN_LINELENGTH]; + struct writekey_parm_s parms; + + (void)serialno; + rc = start_scd (ctrl); + if (rc) + return rc; + + snprintf (line, DIM(line)-1, "WRITEKEY %s%s", force ? "--force " : "", id); + line[DIM(line)-1] = 0; + parms.ctx = ctrl->scd_local->ctx; + parms.getpin_cb = getpin_cb; + parms.getpin_cb_arg = getpin_cb_arg; + parms.passthru = 0; + parms.any_inq_seen = 0; + parms.keydata = keydata; + parms.keydatalen = keydatalen; + + rc = assuan_transact (ctrl->scd_local->ctx, line, NULL, NULL, + inq_writekey_parms, &parms, NULL, NULL); + if (parms.any_inq_seen && (gpg_err_code(rc) == GPG_ERR_CANCELED || + gpg_err_code(rc) == GPG_ERR_ASS_CANCELED)) + rc = cancel_inquire (ctrl, rc); + return unlock_scd (ctrl, rc); +} /* Type used with the card_getattr_cb. */ struct card_getattr_parm_s { diff --git a/agent/command.c b/agent/command.c index 715e70a..2844398 100644 --- a/agent/command.c +++ b/agent/command.c @@ -2119,9 +2119,133 @@ cmd_export_key (assuan_context_t ctx, char *line) return leave_cmd (ctx, err); } + +static const char hlp_keytocard[] = + "KEYTOCARD [--force] \n" + "\n"; +static gpg_error_t +cmd_keytocard (assuan_context_t ctx, char *line) +{ + ctrl_t ctrl = assuan_get_pointer (ctx); + int force; + gpg_error_t err = 0; + unsigned char grip[20]; + gcry_sexp_t s_skey = NULL; + gcry_sexp_t s_pkey = NULL; + unsigned char *keydata; + size_t keydatalen, timestamplen; + const char *serialno, *timestamp_str, *id; + unsigned char *shadow_info; + unsigned char *shdkey; + time_t timestamp; + + force = has_option (line, "--force"); + line = skip_options (line); + + err = parse_keygrip (ctx, line, grip); + if (err) + return err; + + if (agent_key_available (grip)) + return gpg_error (GPG_ERR_NO_SECKEY); + + line += 40; + while (*line && (*line == ' ' || *line == '\t')) + line++; + serialno = line; + while (*line && (*line != ' ' && *line != '\t')) + line++; + if (!*line) + return gpg_error (GPG_ERR_MISSING_VALUE); + *line = '\0'; + line++; + while (*line && (*line == ' ' || *line == '\t')) + line++; + id = line; + while (*line && (*line != ' ' && *line != '\t')) + line++; + if (!*line) + return gpg_error (GPG_ERR_MISSING_VALUE); + *line = '\0'; + line++; + while (*line && (*line == ' ' || *line == '\t')) + line++; + timestamp_str = line; + while (*line && (*line != ' ' && *line != '\t')) + line++; + if (*line) + *line = '\0'; + timestamplen = line - timestamp_str; + if (timestamplen != 15) + return gpg_error (GPG_ERR_INV_VALUE); + + err = agent_key_from_file (ctrl, NULL, ctrl->server_local->keydesc, grip, + NULL, CACHE_MODE_IGNORE, NULL, &s_skey, NULL); + if (err) + return err; + if (!s_skey) + /* Key is on a smartcard already. */ + return gpg_error (GPG_ERR_UNUSABLE_SECKEY); + + keydatalen = gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, NULL, 0); + keydata = xtrymalloc_secure (keydatalen + 30); + if (keydata == NULL) + { + gcry_sexp_release (s_skey); + return gpg_error_from_syserror (); + } + gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, keydata, keydatalen); + gcry_sexp_release (s_skey); + /* Add timestamp "created-at" in the private key */ + timestamp = isotime2epoch (timestamp_str); + snprintf (keydata+keydatalen-1, 30, "(10:created-at10:%010lu))", timestamp); + keydatalen += 10 + 19 - 1; + err = divert_writekey (ctrl, force, serialno, id, keydata, keydatalen); + if (err) + { + xfree (keydata); + goto leave; + } + xfree (keydata); + err = agent_public_key_from_file (ctrl, grip, &s_pkey); + if (err) + goto leave; + shadow_info = make_shadow_info (serialno, id); + if (!shadow_info) + { + err = gpg_error (GPG_ERR_ENOMEM); + gcry_sexp_release (s_pkey); + goto leave; + } + keydatalen = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0); + keydata = xtrymalloc (keydatalen); + if (keydata == NULL) + { + err = gpg_error_from_syserror (); + gcry_sexp_release (s_pkey); + goto leave; + } + gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, keydata, keydatalen); + gcry_sexp_release (s_pkey); + err = agent_shadow_key (keydata, shadow_info, &shdkey); + xfree (keydata); + xfree (shadow_info); + if (err) + { + log_error ("shadowing the key failed: %s\n", gpg_strerror (err)); + goto leave; + } + + keydatalen = gcry_sexp_canon_len (shdkey, 0, NULL, NULL); + err = agent_write_private_key (grip, shdkey, keydatalen, 1); + xfree (shdkey); + + leave: + return leave_cmd (ctx, err); +} static const char hlp_getval[] = "GETVAL \n" @@ -2674,6 +2798,7 @@ register_commands (assuan_context_t ctx) { "KILLAGENT", cmd_killagent, hlp_killagent }, { "RELOADAGENT", cmd_reloadagent,hlp_reloadagent }, { "GETINFO", cmd_getinfo, hlp_getinfo }, + { "KEYTOCARD", cmd_keytocard, hlp_keytocard }, { NULL } }; int i, rc; diff --git a/agent/divert-scd.c b/agent/divert-scd.c index 5d53891..5fb037e 100644 --- a/agent/divert-scd.c +++ b/agent/divert-scd.c @@ -442,6 +442,13 @@ divert_pkdecrypt (ctrl_t ctrl, return rc; } +int +divert_writekey (ctrl_t ctrl, int force, const char *serialno, + const char *id, const char *keydata, size_t keydatalen) +{ + return agent_card_writekey (ctrl, force, serialno, id, keydata, keydatalen, + getpin_cb, ctrl); +} int divert_generic_cmd (ctrl_t ctrl, const char *cmdline, void *assuan_context) ----------------------------------------------------------------------- Summary of changes: agent/agent.h | 7 ++ agent/call-scd.c | 58 +++++++++++++ agent/command.c | 125 +++++++++++++++++++++++++++ agent/divert-scd.c | 7 ++ g10/call-agent.c | 24 +++++ g10/call-agent.h | 4 + g10/card-util.c | 242 ++++++++++++++++++++------------------------------- 7 files changed, 320 insertions(+), 147 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 12 10:54:34 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 12 Feb 2013 10:54:34 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.3.2-30-g4f38155 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 4f381554411ef019d79492f1751543f145604bcf (commit) from 02a2cf0ccb4d01700adf6d18316d7705d519a048 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4f381554411ef019d79492f1751543f145604bcf Author: Werner Koch Date: Tue Feb 12 10:42:54 2013 +0100 Add public function gpgme_get_pinentry_mode. * src/gpgme.c (gpgme_get_pinentry_mode): New. diff --git a/NEWS b/NEWS index 7499b14..1690272 100644 --- a/NEWS +++ b/NEWS @@ -6,6 +6,7 @@ Noteworthy changes in version 1.3.3 (unreleased) gpgme_io_writen NEW. gpgme_set_global_flag NEW. gpgme_set_pinentry_mode NEW. + gpgme_get_pinentry_mode NEW. gpgme_pinentry_mode_t NEW. GPGME_PINENTRY_MODE_DEFAULT NEW. GPGME_PINENTRY_MODE_ASK NEW. diff --git a/src/gpgme.c b/src/gpgme.c index 76c13b1..281ba9c 100644 --- a/src/gpgme.c +++ b/src/gpgme.c @@ -539,6 +539,16 @@ gpgme_set_pinentry_mode (gpgme_ctx_t ctx, gpgme_keylist_mode_t mode) } +/* Get the pinentry mode of CTX. */ +gpgme_pinentry_mode_t +gpgme_get_pinentry_mode (gpgme_ctx_t ctx) +{ + TRACE1 (DEBUG_CTX, "gpgme_get_pinentry_mode", ctx, + "ctx->pinentry_mode=%u", (unsigned int)ctx->pinentry_mode); + return ctx->pinentry_mode; +} + + /* This function sets a callback function to be used to pass a passphrase to gpg. */ void diff --git a/src/gpgme.def b/src/gpgme.def index ccee05a..3a6e0e3 100644 --- a/src/gpgme.def +++ b/src/gpgme.def @@ -207,6 +207,7 @@ EXPORTS gpgme_io_writen @157 gpgme_set_pinentry_mode @158 + gpgme_get_pinentry_mode @159 ; END diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 4ec2367..9d9a556 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -875,6 +875,9 @@ gpgme_keylist_mode_t gpgme_get_keylist_mode (gpgme_ctx_t ctx); gpgme_error_t gpgme_set_pinentry_mode (gpgme_ctx_t ctx, gpgme_pinentry_mode_t mode); +/* Get the pinentry mode of CTX. */ +gpgme_pinentry_mode_t gpgme_get_pinentry_mode (gpgme_ctx_t ctx); + /* Set the passphrase callback function in CTX to CB. HOOK_VALUE is passed as first argument to the passphrase callback function. */ void gpgme_set_passphrase_cb (gpgme_ctx_t ctx, diff --git a/src/libgpgme.vers b/src/libgpgme.vers index c178af9..358b63c 100644 --- a/src/libgpgme.vers +++ b/src/libgpgme.vers @@ -85,6 +85,7 @@ GPGME_1.1 { gpgme_io_writen; gpgme_set_pinentry_mode; + gpgme_get_pinentry_mode; }; ----------------------------------------------------------------------- Summary of changes: NEWS | 1 + src/gpgme.c | 10 ++++++++++ src/gpgme.def | 1 + src/gpgme.h.in | 3 +++ src/libgpgme.vers | 1 + 5 files changed, 16 insertions(+), 0 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 12 15:44:44 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 12 Feb 2013 15:44:44 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.3.2-32-g9c5733b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 9c5733b89f858e947f954c56c00a9fee227ef362 (commit) via f48f75b1e812d33b76e439412efffa8277ab9abe (commit) from 4f381554411ef019d79492f1751543f145604bcf (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9c5733b89f858e947f954c56c00a9fee227ef362 Author: Werner Koch Date: Tue Feb 12 14:06:07 2013 +0100 Declare next version to be 1.4.0 -- diff --git a/NEWS b/NEWS index 2678a21..2d6ccf1 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,4 @@ -Noteworthy changes in version 1.3.3 (unreleased) +Noteworthy changes in version 1.4.0 (unreleased) ------------------------------------------------ * Interface changes relative to the 1.3.1 release: diff --git a/README b/README index 8b0cc36..be07a0f 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ GPGME - GnuPG Made Easy --------------------------- - Copyright 2004, 2006, 2010, 2012 g10 Code GmbH + Copyright 2004, 2006, 2010, 2012, 2013 g10 Code GmbH This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/configure.ac b/configure.ac index af3788d..6ba74c3 100644 --- a/configure.ac +++ b/configure.ac @@ -34,8 +34,8 @@ min_automake_version="1.11" # the GIT version is the most recent one in a branch. To disable the # GIT version for the real release, set the my_isgit macro to no. m4_define(my_version_major, [1]) -m4_define(my_version_minor, [3]) -m4_define(my_version_micro, [3]) +m4_define(my_version_minor, [4]) +m4_define(my_version_micro, [0]) m4_define(my_isgit, [yes]) m4_define(my_version, [my_version_major.my_version_minor.my_version_micro]) commit f48f75b1e812d33b76e439412efffa8277ab9abe Author: Werner Koch Date: Tue Feb 12 14:02:08 2013 +0100 Add macro GPGME_VERSION_NUMBER. * src/gpgme.h.in (GPGME_VERSION_NUMBER): New. * configure.ac (my_version_major, my_version_minor) (my_version_micro): New m4 macros. (my_version): Build from new m4 macros. (VERSION_NUMBER): New ac_subst. diff --git a/NEWS b/NEWS index 1690272..2678a21 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,7 @@ Noteworthy changes in version 1.3.3 (unreleased) * Interface changes relative to the 1.3.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + GPGME_VERSION_NUMBER NEW. gpgme_io_writen NEW. gpgme_set_global_flag NEW. gpgme_set_pinentry_mode NEW. diff --git a/configure.ac b/configure.ac index 75b6fcb..af3788d 100644 --- a/configure.ac +++ b/configure.ac @@ -33,9 +33,12 @@ min_automake_version="1.11" # for a specific feature can already be done under the assumption that # the GIT version is the most recent one in a branch. To disable the # GIT version for the real release, set the my_isgit macro to no. -m4_define(my_version, [1.3.3]) +m4_define(my_version_major, [1]) +m4_define(my_version_minor, [3]) +m4_define(my_version_micro, [3]) m4_define(my_isgit, [yes]) +m4_define(my_version, [my_version_major.my_version_minor.my_version_micro]) m4_define([svn_revision], m4_esyscmd([printf "%d" $( (svn info 2>/dev/null \ || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')])) m4_define([git_revision], @@ -64,9 +67,10 @@ GPGME_CONFIG_API_VERSION=1 NEED_LIBASSUAN_API=2 NEED_LIBASSUAN_VERSION=2.0.2 - m4_define([git_brevis],m4_esyscmd(printf "%u" 0x[]m4_substr(git_revision,0,4))) BUILD_REVISION=m4_if(git_revision,[],[svn_revision],[git_brevis]) +VERSION_NUMBER=m4_esyscmd(printf "0x%02x%02x%02x" \ + my_version_major my_version_minor my_version_micro) PACKAGE=$PACKAGE_NAME VERSION=$PACKAGE_VERSION @@ -100,6 +104,7 @@ AC_SUBST(LIBGPGME_LT_REVISION) AC_SUBST(PACKAGE) AC_SUBST(VERSION) +AC_SUBST(VERSION_NUMBER) AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of this package]) AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version of this package]) diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 9d9a556..12bd4ac 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -80,6 +80,10 @@ extern "C" { library. */ #define GPGME_VERSION "@PACKAGE_VERSION@" +/* The version number of this header. It may be used to handle minor + API incompatibilities. */ +#define GPGME_VERSION_NUMBER @VERSION_NUMBER@ + /* Check for a matching _FILE_OFFSET_BITS definition. */ #if @NEED__FILE_OFFSET_BITS@ #ifndef _FILE_OFFSET_BITS @@ -95,7 +99,7 @@ extern "C" { /* Some opaque data types used by GPGME. */ -/* The context holds some global state and configration options, as +/* The context holds some global state and configuration options, as well as the results of a crypto operation. */ struct gpgme_context; typedef struct gpgme_context *gpgme_ctx_t; ----------------------------------------------------------------------- Summary of changes: NEWS | 3 ++- README | 2 +- configure.ac | 9 +++++++-- src/gpgme.h.in | 6 +++++- 4 files changed, 15 insertions(+), 5 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 12 19:38:42 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 12 Feb 2013 19:38:42 +0100 Subject: [git] GnuPG - branch, key-storage-work, updated. gnupg-2.1.0beta3-169-g7ab6142 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, key-storage-work has been updated via 7ab61423f0066c89130d1d1e6a5b429cff188b97 (commit) via caddeef4a7ffe5f2eb6453d364b6ae152e0f6625 (commit) via b90506ea220860c89128f002bd593d0462a08d73 (commit) via 30f8a3c8736451d8c06ef72521a8da5eabf23016 (commit) via 595ab0da666c43a1315a72a1346ee149998d8771 (commit) via 7253093addfd82a8dd25cd80e3ba820a85e3c9a7 (commit) via 21feecd48f990b2569cb4b385dea3e57b9501525 (commit) via 84de484bc3eaeeba755412918b01bc8444a532ee (commit) via 8b2b8dfe5c4cd346bbea2c228e75737bbeeca4c4 (commit) via 4483a4f0ea030046137ba04905eb5220c14a2161 (commit) via c27315fc6466cceb862c9e67755a8e044e9b7688 (commit) via e791ac6683bfb90d5e40c0103324784bd58535c9 (commit) via 0407e642f796fb2780a77b7a1a86731d0de27e5d (commit) via bd5eded73a1268afdf81482f8408e5f640abf9c4 (commit) via a9ff97a10f7ae5a703ed1bccba294473ecc88d5d (commit) via 334ba6efa5a05d8849fae213128a0505e7615e13 (commit) via d5bf83a24cf3871b7d8cfe61049f70e1e206d09a (commit) via 82e1e837c29225cd55642b193cc04ce6191d19bb (commit) via 3aae780f9debaeb3560ff866b7e09d0923481c57 (commit) via 40a914a2e3052847b49c4b5e8ac8538e97efd18a (commit) via b526f6e223604b7c1852ef2aab9fc1ea691b1181 (commit) via ca89277cb4cb9558da97a71a4cb070cb77c9b536 (commit) via d9f6cc7502793ed41928042cc2f968c8c7effc22 (commit) via 65eb98966a569a91c97d0c23ba5582a9a7558de0 (commit) via 50a7badbdacac8ba472b35090c1aab4568434d04 (commit) via 1cd6445eec4c3642ad92afb02f3563a01cc10c10 (commit) via 19994466449a93704d38d429ca1ea36f63da0bf0 (commit) via 60c58766aeb847b769372fa981f79abac6014500 (commit) via 7a638c094fa1aa7ed1d9caf085af9980a2664d64 (commit) via 4dddf32c83f52483d95d7770232e9e808558e702 (commit) via a776f660363d20b6cc023609c4547e0aa8825d97 (commit) via bb51edc31e6595e38fcbd91d470de57d3a1a7150 (commit) via 05a4458e5721a0afd600f0ec908e739fa83d58f2 (commit) via 709a8f8125b9ba5e1ad1e6268cca5ac96d478f63 (commit) via 0fae789c4125dd8492ed25bd6728b5ac98f19729 (commit) from b11f84b858bad867f1062977a7aba30299157e90 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7ab61423f0066c89130d1d1e6a5b429cff188b97 Author: Werner Koch Date: Tue Feb 12 19:28:54 2013 +0100 Update .gitignore for non-VPATH builds. -- diff --git a/.gitignore b/.gitignore index a6b1781..b75b404 100644 --- a/.gitignore +++ b/.gitignore @@ -27,6 +27,8 @@ po/en at boldquot.po po/en at quot.insert-header po/en at quot.po po/stamp-po +po/remove-potcdate.sed +po/gnupg.pot agent/gpg-agent agent/gpg-preset-passphrase agent/gpg-protect-tool @@ -47,6 +49,8 @@ common/t-sysutils common/t-stringhelp common/t-timestuff common/t-ssh-utils +common/t-dns-cert +common/t-openpgp-oid doc/addgnupghome.8 doc/applygnupgdefaults.8 doc/faq.html @@ -89,14 +93,20 @@ keyserver/gpg2keys_ldap scd/gnupg-pcsc-wrapper scd/scdaemon sm/gpgsm +g13/g13 dirmngr/dirmngr dirmngr/dirmngr-client dirmngr/dirmngr_ldap dirmngr/no-libgcrypt.c tests/asschk tests/gpg-agent.conf +tests/gpg.conf tests/gpgsm.conf tests/inittests.stamp +tests/private-keys-v1.d/ +tests/pubring.kbx +tests/testdir.stamp +tests/trustlist.txt tests/openpgp/data-32000 tests/openpgp/data-500 tests/openpgp/data-80000 @@ -112,6 +122,12 @@ tests/openpgp/pubring.gpg tests/openpgp/pubring.pkr tests/openpgp/secring.gpg tests/openpgp/secring.skr +tests/openpgp/private-keys-v1.d/ +tests/openpgp/*.log +tests/openpgp/trustdb.gpg +tests/openpgp/gpg.conf +tests/openpgp/random_seed +tests/openpgp/z tests/pkits/ReadMe.txt tests/pkits/certpairs/ tests/pkits/certs/ @@ -126,13 +142,6 @@ tests/pkits/policies.txt tests/pkits/smime/ tests/pkits/testdir.stamp tests/pkits/trustlist.txt -tests/private-keys-v1.d/ -tests/pubring.kbx -tests/testdir.stamp -tests/trustlist.txt -tests/openpgp/*.log -tests/openpgp/trustdb.gpg -tests/openpgp/z tools/clean-sat tools/gpg-check-pattern tools/gpg-connect-agent @@ -145,5 +154,6 @@ tools/mk-tdata tools/symcryptrun tools/watchgnupg tools/gpgtar -g13/g13 -/po/gnupg.pot + + +x.parm commit caddeef4a7ffe5f2eb6453d364b6ae152e0f6625 Merge: b11f84b b90506e Author: Werner Koch Date: Tue Feb 12 19:17:42 2013 +0100 Merge branch 'master' into key-storage-work ----------------------------------------------------------------------- Summary of changes: .gitignore | 28 +- NEWS | 9 + agent/agent.h | 18 +- agent/call-pinentry.c | 4 +- agent/call-scd.c | 62 +- agent/command.c | 145 +- agent/divert-scd.c | 11 +- agent/protect.c | 6 +- common/Makefile.am | 2 + common/agent-opt.c | 71 + common/{srv.h => shareddefs.h} | 45 +- common/status.h | 5 +- configure.ac | 2 +- doc/DETAILS | 1818 ++++++----- doc/gpg.texi | 20 + doc/help.ja.txt | 399 ++- doc/scdaemon.texi | 16 +- g10/call-agent.c | 294 ++- g10/call-agent.h | 6 + g10/card-util.c | 242 +- g10/gpg.c | 14 +- g10/keydb.h | 3 + g10/main.h | 2 + g10/options.h | 1 + g10/passphrase.c | 70 +- g10/pubkey-enc.c | 4 +- g10/server.c | 36 +- g10/sign.c | 3 + po/ja.po | 6980 ++++++++++++++++++++-------------------- scd/apdu.c | 230 +- scd/apdu.h | 15 +- scd/app-dinsig.c | 12 +- scd/app-nks.c | 10 +- scd/app-openpgp.c | 160 +- scd/app.c | 2 +- scd/ccid-driver.c | 406 ++- scd/ccid-driver.h | 5 +- scd/command.c | 11 +- scd/iso7816.c | 28 +- scd/iso7816.h | 25 +- scd/sc-copykeys.c | 1 + scd/scdaemon.c | 17 +- scd/scdaemon.h | 3 +- tools/gpgconf-comp.c | 4 +- 44 files changed, 6182 insertions(+), 5063 deletions(-) create mode 100644 common/agent-opt.c copy common/{srv.h => shareddefs.h} (57%) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 12 19:40:42 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 12 Feb 2013 19:40:42 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-154-gc36089d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via c36089daf76d53a1d1912f58f284b78bafe14508 (commit) from b90506ea220860c89128f002bd593d0462a08d73 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c36089daf76d53a1d1912f58f284b78bafe14508 Author: Werner Koch Date: Tue Feb 12 19:28:54 2013 +0100 Update .gitignore for non-VPATH builds. -- diff --git a/.gitignore b/.gitignore index a6b1781..b75b404 100644 --- a/.gitignore +++ b/.gitignore @@ -27,6 +27,8 @@ po/en at boldquot.po po/en at quot.insert-header po/en at quot.po po/stamp-po +po/remove-potcdate.sed +po/gnupg.pot agent/gpg-agent agent/gpg-preset-passphrase agent/gpg-protect-tool @@ -47,6 +49,8 @@ common/t-sysutils common/t-stringhelp common/t-timestuff common/t-ssh-utils +common/t-dns-cert +common/t-openpgp-oid doc/addgnupghome.8 doc/applygnupgdefaults.8 doc/faq.html @@ -89,14 +93,20 @@ keyserver/gpg2keys_ldap scd/gnupg-pcsc-wrapper scd/scdaemon sm/gpgsm +g13/g13 dirmngr/dirmngr dirmngr/dirmngr-client dirmngr/dirmngr_ldap dirmngr/no-libgcrypt.c tests/asschk tests/gpg-agent.conf +tests/gpg.conf tests/gpgsm.conf tests/inittests.stamp +tests/private-keys-v1.d/ +tests/pubring.kbx +tests/testdir.stamp +tests/trustlist.txt tests/openpgp/data-32000 tests/openpgp/data-500 tests/openpgp/data-80000 @@ -112,6 +122,12 @@ tests/openpgp/pubring.gpg tests/openpgp/pubring.pkr tests/openpgp/secring.gpg tests/openpgp/secring.skr +tests/openpgp/private-keys-v1.d/ +tests/openpgp/*.log +tests/openpgp/trustdb.gpg +tests/openpgp/gpg.conf +tests/openpgp/random_seed +tests/openpgp/z tests/pkits/ReadMe.txt tests/pkits/certpairs/ tests/pkits/certs/ @@ -126,13 +142,6 @@ tests/pkits/policies.txt tests/pkits/smime/ tests/pkits/testdir.stamp tests/pkits/trustlist.txt -tests/private-keys-v1.d/ -tests/pubring.kbx -tests/testdir.stamp -tests/trustlist.txt -tests/openpgp/*.log -tests/openpgp/trustdb.gpg -tests/openpgp/z tools/clean-sat tools/gpg-check-pattern tools/gpg-connect-agent @@ -145,5 +154,6 @@ tools/mk-tdata tools/symcryptrun tools/watchgnupg tools/gpgtar -g13/g13 -/po/gnupg.pot + + +x.parm ----------------------------------------------------------------------- Summary of changes: .gitignore | 28 +++++++++++++++++++--------- 1 files changed, 19 insertions(+), 9 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 14 03:44:17 2013 From: cvs at cvs.gnupg.org (by Ben Kibbey) Date: Thu, 14 Feb 2013 03:44:17 +0100 Subject: [git] Pinentry - branch, master, updated. pinentry-0.8.2-5-g31467f7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 31467f7c2cd748d6f822ccf627a2ce8870fb09c6 (commit) via 8ce6e0c9cecd91d7b1dfe8bcc9942803c13c7afb (commit) via e3bed4f087304ac126e247053fc82a593bec31b6 (commit) from d33537aef0358313cbcf1d010b227d93f3430900 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 31467f7c2cd748d6f822ccf627a2ce8870fb09c6 Author: Ben Kibbey Date: Wed Feb 13 21:31:24 2013 -0500 Document the --timeout and SETTIMEOUT feature. diff --git a/doc/pinentry.texi b/doc/pinentry.texi index 967b933..a65298d 100644 --- a/doc/pinentry.texi +++ b/doc/pinentry.texi @@ -182,6 +182,13 @@ means to connect to the machine to kill the @pinentry{}). Use window ID @var{n} as the parent window for positioning the window. Note, that this is not fully supported by all flavors of @pinentry{}. + at item --timeout @var{seconds} + at opindex timeout +Give up waiting for input from the user after the specified number of +seconds and return an error. The error returned is the same as if the +Cancel button was selected. To disable the timeout and wait indefinately +then set to 0, the default. + @item --display @var{string} @itemx --ttyname @var{string} @itemx --ttytype @var{string} @@ -230,6 +237,12 @@ Here is the list of supported commands: @table @gnupgtabopt + at item Set the timeout before returning an error + at example + C: SETTIMEOUT 30 + S: OK + at end example + @item Set the descriptive text to be displayed @example C: SETDESC Enter PIN for Richard Nixon commit 8ce6e0c9cecd91d7b1dfe8bcc9942803c13c7afb Author: Ben Kibbey Date: Wed Feb 13 21:14:23 2013 -0500 Add timeout support to the Gtk+2 pinentry. * gtk+-2/pinentry-gtk-2.c (create_window): Add timer. (timeout_cb): New. diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c index da4dc77..421bc02 100644 --- a/gtk+-2/pinentry-gtk-2.c +++ b/gtk+-2/pinentry-gtk-2.c @@ -64,6 +64,7 @@ static GtkWidget *insure; static GtkWidget *time_out; #endif static GtkTooltips *tooltips; +static gboolean got_input; /* Gnome hig small and large space in pixels. */ #define HIG_SMALL 6 @@ -249,6 +250,8 @@ changed_text_handler (GtkWidget *widget) int percent; GdkColor color = { 0, 0, 0, 0}; + got_input = TRUE; + if (!qualitybar || !pinentry->quality_bar) return; @@ -280,6 +283,15 @@ changed_text_handler (GtkWidget *widget) } +static gboolean +timeout_cb (gpointer data) +{ + (void)data; + if (!got_input) + gtk_main_quit (); + return FALSE; +} + static GtkWidget * create_window (int confirm_mode) @@ -541,6 +553,9 @@ create_window (int confirm_mode) gtk_widget_show_all (win); gtk_window_present (GTK_WINDOW (win)); /* Make sure it has the focus. */ + if (pinentry->timeout > 0) + g_timeout_add (pinentry->timeout*1000, timeout_cb, NULL); + return win; } @@ -551,6 +566,7 @@ gtk_cmd_handler (pinentry_t pe) GtkWidget *w; int want_pass = !!pe->pin; + got_input = FALSE; pinentry = pe; confirm_value = CONFIRM_CANCEL; passphrase_ok = 0; commit e3bed4f087304ac126e247053fc82a593bec31b6 Author: Ben Kibbey Date: Wed Feb 13 19:45:24 2013 -0500 Add timeout support to the curses pinentry. * pinentry/pinentry-curses.c (dialog_run): Set the window input to non-blocking. (catchsig): New. (main): Catch SIGALRM and set the timeout. diff --git a/pinentry/pinentry-curses.c b/pinentry/pinentry-curses.c index 585059f..2957aa2 100644 --- a/pinentry/pinentry-curses.c +++ b/pinentry/pinentry-curses.c @@ -60,6 +60,7 @@ static short pinentry_color[] = { -1, -1, COLOR_BLACK, COLOR_RED, COLOR_GREEN, COLOR_YELLOW, COLOR_BLUE, COLOR_MAGENTA, COLOR_CYAN, COLOR_WHITE }; static int init_screen; +static int timed_out; typedef enum { @@ -712,6 +713,7 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) FILE *ttyfo = NULL; SCREEN *screen = 0; int done = 0; + int no_input = 1; char *pin_utf8; #ifdef HAVE_NCURSESW char *old_ctype = NULL; @@ -786,14 +788,24 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) return -2; dialog_switch_pos (&diag, diag.pin ? DIALOG_POS_PIN : DIALOG_POS_OK); + wtimeout (stdscr, 70); + do { int c; - c = getch (); /* Refresh, accept single keystroke of input. */ + c = wgetch (stdscr); /* Refresh, accept single keystroke of input. */ + + if (timed_out && no_input) + { + done = -2; + break; + } switch (c) { + case ERR: + continue; case KEY_LEFT: case KEY_UP: switch (diag.pos) @@ -889,6 +901,8 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) if (diag.pos == DIALOG_POS_PIN) dialog_input (&diag, c); } + + no_input = 0; } while (!done); @@ -960,12 +974,30 @@ do_touch_file (pinentry_t pinentry) #endif /*HAVE_UTIME_H*/ } +static void +catchsig (int sig) +{ + if (sig == SIGALRM) + timed_out = 1; +} int curses_cmd_handler (pinentry_t pinentry) { int rc; + timed_out = 0; + + if (pinentry->timeout) + { + struct sigaction sa; + + memset (&sa, 0, sizeof(sa)); + sa.sa_handler = catchsig; + sigaction (SIGALRM, &sa, NULL); + alarm (pinentry->timeout); + } + rc = dialog_run (pinentry, pinentry->ttyname, pinentry->ttytype); do_touch_file (pinentry); return rc; ----------------------------------------------------------------------- Summary of changes: doc/pinentry.texi | 13 +++++++++++++ gtk+-2/pinentry-gtk-2.c | 16 ++++++++++++++++ pinentry/pinentry-curses.c | 34 +++++++++++++++++++++++++++++++++- 3 files changed, 62 insertions(+), 1 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Sat Feb 16 03:26:10 2013 From: cvs at cvs.gnupg.org (by Ben Kibbey) Date: Sat, 16 Feb 2013 03:26:10 +0100 Subject: [git] Pinentry - branch, master, updated. pinentry-0.8.2-6-g462f00d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 462f00dfc6636fbfe2e453c1b820d919ec1d0c99 (commit) from 31467f7c2cd748d6f822ccf627a2ce8870fb09c6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 462f00dfc6636fbfe2e453c1b820d919ec1d0c99 Author: Ben Kibbey Date: Fri Feb 15 06:40:01 2013 -0500 Curses build fix for DOS'ish systems. diff --git a/pinentry/pinentry-curses.c b/pinentry/pinentry-curses.c index 2957aa2..58da255 100644 --- a/pinentry/pinentry-curses.c +++ b/pinentry/pinentry-curses.c @@ -60,7 +60,9 @@ static short pinentry_color[] = { -1, -1, COLOR_BLACK, COLOR_RED, COLOR_GREEN, COLOR_YELLOW, COLOR_BLUE, COLOR_MAGENTA, COLOR_CYAN, COLOR_WHITE }; static int init_screen; +#ifndef HAVE_DOSISH_SYSTEM static int timed_out; +#endif typedef enum { @@ -713,8 +715,10 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) FILE *ttyfo = NULL; SCREEN *screen = 0; int done = 0; - int no_input = 1; char *pin_utf8; +#ifndef HAVE_DOSISH_SYSTEM + int no_input = 1; +#endif #ifdef HAVE_NCURSESW char *old_ctype = NULL; @@ -788,24 +792,29 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) return -2; dialog_switch_pos (&diag, diag.pin ? DIALOG_POS_PIN : DIALOG_POS_OK); +#ifndef HAVE_DOSISH_SYSTEM wtimeout (stdscr, 70); +#endif do { int c; c = wgetch (stdscr); /* Refresh, accept single keystroke of input. */ - +#ifndef HAVE_DOSISH_SYSTEM if (timed_out && no_input) { done = -2; break; } +#endif switch (c) { +#ifndef HAVE_DOSISH_SYSTEM case ERR: continue; +#endif case KEY_LEFT: case KEY_UP: switch (diag.pos) @@ -901,8 +910,9 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) if (diag.pos == DIALOG_POS_PIN) dialog_input (&diag, c); } - +#ifndef HAVE_DOSISH_SYSTEM no_input = 0; +#endif } while (!done); @@ -974,18 +984,21 @@ do_touch_file (pinentry_t pinentry) #endif /*HAVE_UTIME_H*/ } +#ifndef HAVE_DOSISH_SYSTEM static void catchsig (int sig) { if (sig == SIGALRM) timed_out = 1; } +#endif int curses_cmd_handler (pinentry_t pinentry) { int rc; +#ifndef HAVE_DOSISH_SYSTEM timed_out = 0; if (pinentry->timeout) @@ -997,6 +1010,7 @@ curses_cmd_handler (pinentry_t pinentry) sigaction (SIGALRM, &sa, NULL); alarm (pinentry->timeout); } +#endif rc = dialog_run (pinentry, pinentry->ttyname, pinentry->ttytype); do_touch_file (pinentry); ----------------------------------------------------------------------- Summary of changes: pinentry/pinentry-curses.c | 20 +++++++++++++++++--- 1 files changed, 17 insertions(+), 3 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 19 11:33:38 2013 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Tue, 19 Feb 2013 11:33:38 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-84-g63ac3ba Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 63ac3ba07dba82fde040d31b90b4eff627bd92b9 (commit) via 4de62d80644228fc5db2a9f9c94a7eb633d8de2e (commit) via 537f12ce072d568f9fa344c447d32b2e0efffbe8 (commit) from 09ac5d87d11aa0b1fa0e0a4184ab03b3671a73e2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 63ac3ba07dba82fde040d31b90b4eff627bd92b9 Author: Jussi Kivilinna Date: Wed Jan 23 11:55:13 2013 +0200 Add AES-NI/AVX accelerated Camellia implementation * configure.ac: Add option --disable-avx-support. (HAVE_GCC_INLINE_ASM_AVX): New. (ENABLE_AVX_SUPPORT): New. (camellia) [ENABLE_AVX_SUPPORT, ENABLE_AESNI_SUPPORT]: Add camellia_aesni_avx_x86-64.lo. * cipher/Makefile.am (AM_CCASFLAGS): Add. (EXTRA_libcipher_la_SOURCES): Add camellia_aesni_avx_x86-64.S * cipher/camellia-glue.c [ENABLE_AESNI_SUPPORT, ENABLE_AVX_SUPPORT] [__x86_64__] (USE_AESNI_AVX): Add macro. (struct Camellia_context) [USE_AESNI_AVX]: Add use_aesni_avx. [USE_AESNI_AVX] (_gcry_camellia_aesni_avx_ctr_enc) (_gcry_camellia_aesni_avx_cbc_dec): New prototypes to assembly functions. (camellia_setkey) [USE_AESNI_AVX]: Enable AES-NI/AVX if hardware support both. (_gcry_camellia_ctr_enc) [USE_AESNI_AVX]: Add AES-NI/AVX code. (_gcry_camellia_cbc_dec) [USE_AESNI_AVX]: Add AES-NI/AVX code. * cipher/camellia_aesni_avx_x86-64.S: New. * src/g10lib.h (HWF_INTEL_AVX): New. * src/global.c (hwflist): Add HWF_INTEL_AVX. * src/hwf-x86.c (detect_x86_gnuc) [ENABLE_AVX_SUPPORT]: Add detection for AVX. -- Before: Running each test 250 times. ECB/Stream CBC CFB OFB CTR --------------- --------------- --------------- --------------- --------------- CAMELLIA128 2210ms 2200ms 2300ms 2050ms 2240ms 2250ms 2290ms 2270ms 2070ms 2070ms CAMELLIA256 2810ms 2800ms 2920ms 2670ms 2840ms 2850ms 2910ms 2890ms 2660ms 2640ms After: Running each test 250 times. ECB/Stream CBC CFB OFB CTR --------------- --------------- --------------- --------------- --------------- CAMELLIA128 2200ms 2220ms 2290ms 470ms 2240ms 2270ms 2270ms 2290ms 480ms 480ms CAMELLIA256 2820ms 2820ms 2900ms 600ms 2860ms 2860ms 2900ms 2920ms 620ms 620ms AES-NI/AVX implementation works by processing 16 parallel blocks (256 bytes). It's bytesliced implementation that uses AES-NI (Subbyte) for Camellia sboxes, with help of prefiltering/postfiltering. For smaller data sets generic C implementation is used. Speed-up for CBC-decryption and CTR-mode (large data): 4.3x Tests were run on: Intel Core i5-2450M Signed-off-by: Jussi Kivilinna (license boiler plate update by wk) diff --git a/cipher/Makefile.am b/cipher/Makefile.am index e8050e3..fcb9be5 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -26,6 +26,8 @@ EXTRA_DIST = Manifest AM_CPPFLAGS = -I../src -I$(top_srcdir)/src AM_CFLAGS = $(GPG_ERROR_CFLAGS) +AM_CCASFLAGS = $(NOEXECSTACK_FLAGS) + noinst_LTLIBRARIES = libcipher.la @@ -69,7 +71,7 @@ tiger.c \ whirlpool.c \ twofish.c \ rfc2268.c \ -camellia.c camellia.h camellia-glue.c +camellia.c camellia.h camellia-glue.c camellia_aesni_avx_x86-64.S if ENABLE_O_FLAG_MUNGING o_flag_munging = sed -e 's/-O[2-9s]*/-O1/g' diff --git a/cipher/camellia-glue.c b/cipher/camellia-glue.c index ba8aa28..dd9206f 100644 --- a/cipher/camellia-glue.c +++ b/cipher/camellia-glue.c @@ -71,12 +71,38 @@ # define ATTR_ALIGNED_16 #endif +/* USE_AESNI inidicates whether to compile with Intel AES-NI/AVX code. */ +#undef USE_AESNI_AVX +#if defined(ENABLE_AESNI_SUPPORT) && defined(ENABLE_AVX_SUPPORT) +# if defined(__x86_64__) +# define USE_AESNI_AVX 1 +# endif +#endif + typedef struct { int keybitlength; KEY_TABLE_TYPE keytable; +#ifdef USE_AESNI_AVX + int use_aesni_avx; /* AES-NI/AVX implementation shall be used. */ +#endif /*USE_AESNI_AVX*/ } CAMELLIA_context; +#ifdef USE_AESNI_AVX +/* Assembler implementations of Camellia using AES-NI and AVX. Process data + in 16 block same time. + */ +extern void _gcry_camellia_aesni_avx_ctr_enc(CAMELLIA_context *ctx, + unsigned char *out, + const unsigned char *in, + unsigned char *ctr); + +extern void _gcry_camellia_aesni_avx_cbc_dec(CAMELLIA_context *ctx, + unsigned char *out, + const unsigned char *in, + unsigned char *iv); +#endif + static const char *selftest(void); static gcry_err_code_t @@ -109,6 +135,15 @@ camellia_setkey(void *c, const byte *key, unsigned keylen) +3*2*sizeof(void*) /* Function calls. */ ); +#ifdef USE_AESNI_AVX + ctx->use_aesni_avx = 0; + if ((_gcry_get_hw_features () & HWF_INTEL_AESNI) && + (_gcry_get_hw_features () & HWF_INTEL_AVX)) + { + ctx->use_aesni_avx = 1; + } +#endif + return 0; } @@ -158,8 +193,39 @@ _gcry_camellia_ctr_enc(void *context, unsigned char *ctr, unsigned char *outbuf = outbuf_arg; const unsigned char *inbuf = inbuf_arg; unsigned char tmpbuf[CAMELLIA_BLOCK_SIZE]; + int burn_stack_depth = CAMELLIA_encrypt_stack_burn_size; int i; +#ifdef USE_AESNI_AVX + if (ctx->use_aesni_avx) + { + int did_use_aesni_avx = 0; + + /* Process data in 16 block chunks. */ + while (nblocks >= 16) + { + _gcry_camellia_aesni_avx_ctr_enc(ctx, outbuf, inbuf, ctr); + + nblocks -= 16; + outbuf += 16 * CAMELLIA_BLOCK_SIZE; + inbuf += 16 * CAMELLIA_BLOCK_SIZE; + did_use_aesni_avx = 1; + } + + if (did_use_aesni_avx) + { + /* clear AVX registers */ + asm volatile ("vzeroall;\n":::); + + if (burn_stack_depth < 16 * CAMELLIA_BLOCK_SIZE + 2 * sizeof(void *)) + burn_stack_depth = 16 * CAMELLIA_BLOCK_SIZE + 2 * sizeof(void *); + } + + /* Use generic code to handle smaller chunks... */ + /* TODO: use caching instead? */ + } +#endif + for ( ;nblocks; nblocks-- ) { /* Encrypt the counter. */ @@ -178,7 +244,7 @@ _gcry_camellia_ctr_enc(void *context, unsigned char *ctr, } wipememory(tmpbuf, sizeof(tmpbuf)); - _gcry_burn_stack(CAMELLIA_encrypt_stack_burn_size); + _gcry_burn_stack(burn_stack_depth); } /* Bulk decryption of complete blocks in CBC mode. This function is only @@ -192,6 +258,36 @@ _gcry_camellia_cbc_dec(void *context, unsigned char *iv, unsigned char *outbuf = outbuf_arg; const unsigned char *inbuf = inbuf_arg; unsigned char savebuf[CAMELLIA_BLOCK_SIZE]; + int burn_stack_depth = CAMELLIA_decrypt_stack_burn_size; + +#ifdef USE_AESNI_AVX + if (ctx->use_aesni_avx) + { + int did_use_aesni_avx = 0; + + /* Process data in 16 block chunks. */ + while (nblocks >= 16) + { + _gcry_camellia_aesni_avx_cbc_dec(ctx, outbuf, inbuf, iv); + + nblocks -= 16; + outbuf += 16 * CAMELLIA_BLOCK_SIZE; + inbuf += 16 * CAMELLIA_BLOCK_SIZE; + did_use_aesni_avx = 1; + } + + if (did_use_aesni_avx) + { + /* clear AVX registers */ + asm volatile ("vzeroall;\n":::); + + if (burn_stack_depth < 16 * CAMELLIA_BLOCK_SIZE + 2 * sizeof(void *)) + burn_stack_depth = 16 * CAMELLIA_BLOCK_SIZE + 2 * sizeof(void *); + } + + /* Use generic code to handle smaller chunks... */ + } +#endif for ( ;nblocks; nblocks-- ) { @@ -208,7 +304,7 @@ _gcry_camellia_cbc_dec(void *context, unsigned char *iv, } wipememory(savebuf, sizeof(savebuf)); - _gcry_burn_stack(CAMELLIA_decrypt_stack_burn_size); + _gcry_burn_stack(burn_stack_depth); } /* Run the self-tests for CAMELLIA-CTR-128, tests IV increment of bulk CTR diff --git a/cipher/camellia.c b/cipher/camellia.c index 42a9b73..cd46885 100644 --- a/cipher/camellia.c +++ b/cipher/camellia.c @@ -14,8 +14,7 @@ * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + * License along with this program; if not, see . */ /* @@ -985,7 +984,7 @@ void camellia_decrypt128(const u32 *subkey, u32 *blocks) io[1] = blocks[1]; io[2] = blocks[2]; io[3] = blocks[3]; - + /* pre whitening but absorb kw2*/ io[0] ^= CamelliaSubkeyL(24); io[1] ^= CamelliaSubkeyR(24); diff --git a/cipher/camellia_aesni_avx_x86-64.S b/cipher/camellia_aesni_avx_x86-64.S new file mode 100644 index 0000000..e25ad8f --- /dev/null +++ b/cipher/camellia_aesni_avx_x86-64.S @@ -0,0 +1,1120 @@ +/* camellia_avx_aesni_x86-64.S - AES-NI/AVX implementation of Camellia cipher + * + * Copyright (C) 2013 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +#ifdef __x86_64 +#include +#if defined(ENABLE_AESNI_SUPPORT) && defined(ENABLE_AVX_SUPPORT) + +#ifdef __PIC__ +# define RIP (%rip) +#else +# define RIP +#endif + +#define CAMELLIA_TABLE_BYTE_LEN 272 + +/* struct CAMELLIA_context: */ +#define key_bitlength 0 +#define key_table 4 + +/* register macros */ +#define CTX %rdi +#define RIO %r8 + +/********************************************************************** + helper macros + **********************************************************************/ +#define filter_8bit(x, lo_t, hi_t, mask4bit, tmp0) \ + vpand x, mask4bit, tmp0; \ + vpandn x, mask4bit, x; \ + vpsrld $4, x, x; \ + \ + vpshufb tmp0, lo_t, tmp0; \ + vpshufb x, hi_t, x; \ + vpxor tmp0, x, x; + +/********************************************************************** + 16-way camellia + **********************************************************************/ + +/* + * IN: + * x0..x7: byte-sliced AB state + * mem_cd: register pointer storing CD state + * key: index for key material + * OUT: + * x0..x7: new byte-sliced CD state + */ +#define roundsm16(x0, x1, x2, x3, x4, x5, x6, x7, t0, t1, t2, t3, t4, t5, t6, \ + t7, mem_cd, key) \ + /* \ + * S-function with AES subbytes \ + */ \ + vmovdqa .Linv_shift_row RIP, t4; \ + vbroadcastss .L0f0f0f0f RIP, t7; \ + vmovdqa .Lpre_tf_lo_s1 RIP, t0; \ + vmovdqa .Lpre_tf_hi_s1 RIP, t1; \ + \ + /* AES inverse shift rows */ \ + vpshufb t4, x0, x0; \ + vpshufb t4, x7, x7; \ + vpshufb t4, x1, x1; \ + vpshufb t4, x4, x4; \ + vpshufb t4, x2, x2; \ + vpshufb t4, x5, x5; \ + vpshufb t4, x3, x3; \ + vpshufb t4, x6, x6; \ + \ + /* prefilter sboxes 1, 2 and 3 */ \ + vmovdqa .Lpre_tf_lo_s4 RIP, t2; \ + vmovdqa .Lpre_tf_hi_s4 RIP, t3; \ + filter_8bit(x0, t0, t1, t7, t6); \ + filter_8bit(x7, t0, t1, t7, t6); \ + filter_8bit(x1, t0, t1, t7, t6); \ + filter_8bit(x4, t0, t1, t7, t6); \ + filter_8bit(x2, t0, t1, t7, t6); \ + filter_8bit(x5, t0, t1, t7, t6); \ + \ + /* prefilter sbox 4 */ \ + vpxor t4, t4, t4; \ + filter_8bit(x3, t2, t3, t7, t6); \ + filter_8bit(x6, t2, t3, t7, t6); \ + \ + /* AES subbytes + AES shift rows */ \ + vmovdqa .Lpost_tf_lo_s1 RIP, t0; \ + vmovdqa .Lpost_tf_hi_s1 RIP, t1; \ + vaesenclast t4, x0, x0; \ + vaesenclast t4, x7, x7; \ + vaesenclast t4, x1, x1; \ + vaesenclast t4, x4, x4; \ + vaesenclast t4, x2, x2; \ + vaesenclast t4, x5, x5; \ + vaesenclast t4, x3, x3; \ + vaesenclast t4, x6, x6; \ + \ + /* postfilter sboxes 1 and 4 */ \ + vmovdqa .Lpost_tf_lo_s3 RIP, t2; \ + vmovdqa .Lpost_tf_hi_s3 RIP, t3; \ + filter_8bit(x0, t0, t1, t7, t6); \ + filter_8bit(x7, t0, t1, t7, t6); \ + filter_8bit(x3, t0, t1, t7, t6); \ + filter_8bit(x6, t0, t1, t7, t6); \ + \ + /* postfilter sbox 3 */ \ + vmovdqa .Lpost_tf_lo_s2 RIP, t4; \ + vmovdqa .Lpost_tf_hi_s2 RIP, t5; \ + filter_8bit(x2, t2, t3, t7, t6); \ + filter_8bit(x5, t2, t3, t7, t6); \ + \ + vpxor t6, t6, t6; \ + vmovq key, t0; \ + \ + /* postfilter sbox 2 */ \ + filter_8bit(x1, t4, t5, t7, t2); \ + filter_8bit(x4, t4, t5, t7, t2); \ + \ + vpsrldq $5, t0, t5; \ + vpsrldq $1, t0, t1; \ + vpsrldq $2, t0, t2; \ + vpsrldq $3, t0, t3; \ + vpsrldq $4, t0, t4; \ + vpshufb t6, t0, t0; \ + vpshufb t6, t1, t1; \ + vpshufb t6, t2, t2; \ + vpshufb t6, t3, t3; \ + vpshufb t6, t4, t4; \ + vpsrldq $2, t5, t7; \ + vpshufb t6, t7, t7; \ + \ + /* P-function */ \ + vpxor x5, x0, x0; \ + vpxor x6, x1, x1; \ + vpxor x7, x2, x2; \ + vpxor x4, x3, x3; \ + \ + vpxor x2, x4, x4; \ + vpxor x3, x5, x5; \ + vpxor x0, x6, x6; \ + vpxor x1, x7, x7; \ + \ + vpxor x7, x0, x0; \ + vpxor x4, x1, x1; \ + vpxor x5, x2, x2; \ + vpxor x6, x3, x3; \ + \ + vpxor x3, x4, x4; \ + vpxor x0, x5, x5; \ + vpxor x1, x6, x6; \ + vpxor x2, x7, x7; /* note: high and low parts swapped */ \ + \ + /* Add key material and result to CD (x becomes new CD) */ \ + \ + vpxor t3, x4, x4; \ + vpxor 0 * 16(mem_cd), x4, x4; \ + \ + vpxor t2, x5, x5; \ + vpxor 1 * 16(mem_cd), x5, x5; \ + \ + vpsrldq $1, t5, t3; \ + vpshufb t6, t5, t5; \ + vpshufb t6, t3, t6; \ + \ + vpxor t1, x6, x6; \ + vpxor 2 * 16(mem_cd), x6, x6; \ + \ + vpxor t0, x7, x7; \ + vpxor 3 * 16(mem_cd), x7, x7; \ + \ + vpxor t7, x0, x0; \ + vpxor 4 * 16(mem_cd), x0, x0; \ + \ + vpxor t6, x1, x1; \ + vpxor 5 * 16(mem_cd), x1, x1; \ + \ + vpxor t5, x2, x2; \ + vpxor 6 * 16(mem_cd), x2, x2; \ + \ + vpxor t4, x3, x3; \ + vpxor 7 * 16(mem_cd), x3, x3; + +/* + * IN/OUT: + * x0..x7: byte-sliced AB state preloaded + * mem_ab: byte-sliced AB state in memory + * mem_cb: byte-sliced CD state in memory + */ +#define two_roundsm16(x0, x1, x2, x3, x4, x5, x6, x7, y0, y1, y2, y3, y4, y5, \ + y6, y7, mem_ab, mem_cd, i, dir, store_ab) \ + roundsm16(x0, x1, x2, x3, x4, x5, x6, x7, y0, y1, y2, y3, y4, y5, \ + y6, y7, mem_cd, (key_table + (i) * 8)(CTX)); \ + \ + vmovdqu x4, 0 * 16(mem_cd); \ + vmovdqu x5, 1 * 16(mem_cd); \ + vmovdqu x6, 2 * 16(mem_cd); \ + vmovdqu x7, 3 * 16(mem_cd); \ + vmovdqu x0, 4 * 16(mem_cd); \ + vmovdqu x1, 5 * 16(mem_cd); \ + vmovdqu x2, 6 * 16(mem_cd); \ + vmovdqu x3, 7 * 16(mem_cd); \ + \ + roundsm16(x4, x5, x6, x7, x0, x1, x2, x3, y0, y1, y2, y3, y4, y5, \ + y6, y7, mem_ab, (key_table + ((i) + (dir)) * 8)(CTX)); \ + \ + store_ab(x0, x1, x2, x3, x4, x5, x6, x7, mem_ab); + +#define dummy_store(x0, x1, x2, x3, x4, x5, x6, x7, mem_ab) /* do nothing */ + +#define store_ab_state(x0, x1, x2, x3, x4, x5, x6, x7, mem_ab) \ + /* Store new AB state */ \ + vmovdqu x0, 0 * 16(mem_ab); \ + vmovdqu x1, 1 * 16(mem_ab); \ + vmovdqu x2, 2 * 16(mem_ab); \ + vmovdqu x3, 3 * 16(mem_ab); \ + vmovdqu x4, 4 * 16(mem_ab); \ + vmovdqu x5, 5 * 16(mem_ab); \ + vmovdqu x6, 6 * 16(mem_ab); \ + vmovdqu x7, 7 * 16(mem_ab); + +#define enc_rounds16(x0, x1, x2, x3, x4, x5, x6, x7, y0, y1, y2, y3, y4, y5, \ + y6, y7, mem_ab, mem_cd, i) \ + two_roundsm16(x0, x1, x2, x3, x4, x5, x6, x7, y0, y1, y2, y3, y4, y5, \ + y6, y7, mem_ab, mem_cd, (i) + 2, 1, store_ab_state); \ + two_roundsm16(x0, x1, x2, x3, x4, x5, x6, x7, y0, y1, y2, y3, y4, y5, \ + y6, y7, mem_ab, mem_cd, (i) + 4, 1, store_ab_state); \ + two_roundsm16(x0, x1, x2, x3, x4, x5, x6, x7, y0, y1, y2, y3, y4, y5, \ + y6, y7, mem_ab, mem_cd, (i) + 6, 1, dummy_store); + +#define dec_rounds16(x0, x1, x2, x3, x4, x5, x6, x7, y0, y1, y2, y3, y4, y5, \ + y6, y7, mem_ab, mem_cd, i) \ + two_roundsm16(x0, x1, x2, x3, x4, x5, x6, x7, y0, y1, y2, y3, y4, y5, \ + y6, y7, mem_ab, mem_cd, (i) + 7, -1, store_ab_state); \ + two_roundsm16(x0, x1, x2, x3, x4, x5, x6, x7, y0, y1, y2, y3, y4, y5, \ + y6, y7, mem_ab, mem_cd, (i) + 5, -1, store_ab_state); \ + two_roundsm16(x0, x1, x2, x3, x4, x5, x6, x7, y0, y1, y2, y3, y4, y5, \ + y6, y7, mem_ab, mem_cd, (i) + 3, -1, dummy_store); + +/* + * IN: + * v0..3: byte-sliced 32-bit integers + * OUT: + * v0..3: (IN <<< 1) + */ +#define rol32_1_16(v0, v1, v2, v3, t0, t1, t2, zero) \ + vpcmpgtb v0, zero, t0; \ + vpaddb v0, v0, v0; \ + vpabsb t0, t0; \ + \ + vpcmpgtb v1, zero, t1; \ + vpaddb v1, v1, v1; \ + vpabsb t1, t1; \ + \ + vpcmpgtb v2, zero, t2; \ + vpaddb v2, v2, v2; \ + vpabsb t2, t2; \ + \ + vpor t0, v1, v1; \ + \ + vpcmpgtb v3, zero, t0; \ + vpaddb v3, v3, v3; \ + vpabsb t0, t0; \ + \ + vpor t1, v2, v2; \ + vpor t2, v3, v3; \ + vpor t0, v0, v0; + +/* + * IN: + * r: byte-sliced AB state in memory + * l: byte-sliced CD state in memory + * OUT: + * x0..x7: new byte-sliced CD state + */ +#define fls16(l, l0, l1, l2, l3, l4, l5, l6, l7, r, t0, t1, t2, t3, tt0, \ + tt1, tt2, tt3, kll, klr, krl, krr) \ + /* \ + * t0 = kll; \ + * t0 &= ll; \ + * lr ^= rol32(t0, 1); \ + */ \ + vpxor tt0, tt0, tt0; \ + vmovd kll, t0; \ + vpshufb tt0, t0, t3; \ + vpsrldq $1, t0, t0; \ + vpshufb tt0, t0, t2; \ + vpsrldq $1, t0, t0; \ + vpshufb tt0, t0, t1; \ + vpsrldq $1, t0, t0; \ + vpshufb tt0, t0, t0; \ + \ + vpand l0, t0, t0; \ + vpand l1, t1, t1; \ + vpand l2, t2, t2; \ + vpand l3, t3, t3; \ + \ + rol32_1_16(t3, t2, t1, t0, tt1, tt2, tt3, tt0); \ + \ + vpxor l4, t0, l4; \ + vmovdqu l4, 4 * 16(l); \ + vpxor l5, t1, l5; \ + vmovdqu l5, 5 * 16(l); \ + vpxor l6, t2, l6; \ + vmovdqu l6, 6 * 16(l); \ + vpxor l7, t3, l7; \ + vmovdqu l7, 7 * 16(l); \ + \ + /* \ + * t2 = krr; \ + * t2 |= rr; \ + * rl ^= t2; \ + */ \ + \ + vmovd krr, t0; \ + vpshufb tt0, t0, t3; \ + vpsrldq $1, t0, t0; \ + vpshufb tt0, t0, t2; \ + vpsrldq $1, t0, t0; \ + vpshufb tt0, t0, t1; \ + vpsrldq $1, t0, t0; \ + vpshufb tt0, t0, t0; \ + \ + vpor 4 * 16(r), t0, t0; \ + vpor 5 * 16(r), t1, t1; \ + vpor 6 * 16(r), t2, t2; \ + vpor 7 * 16(r), t3, t3; \ + \ + vpxor 0 * 16(r), t0, t0; \ + vpxor 1 * 16(r), t1, t1; \ + vpxor 2 * 16(r), t2, t2; \ + vpxor 3 * 16(r), t3, t3; \ + vmovdqu t0, 0 * 16(r); \ + vmovdqu t1, 1 * 16(r); \ + vmovdqu t2, 2 * 16(r); \ + vmovdqu t3, 3 * 16(r); \ + \ + /* \ + * t2 = krl; \ + * t2 &= rl; \ + * rr ^= rol32(t2, 1); \ + */ \ + vmovd krl, t0; \ + vpshufb tt0, t0, t3; \ + vpsrldq $1, t0, t0; \ + vpshufb tt0, t0, t2; \ + vpsrldq $1, t0, t0; \ + vpshufb tt0, t0, t1; \ + vpsrldq $1, t0, t0; \ + vpshufb tt0, t0, t0; \ + \ + vpand 0 * 16(r), t0, t0; \ + vpand 1 * 16(r), t1, t1; \ + vpand 2 * 16(r), t2, t2; \ + vpand 3 * 16(r), t3, t3; \ + \ + rol32_1_16(t3, t2, t1, t0, tt1, tt2, tt3, tt0); \ + \ + vpxor 4 * 16(r), t0, t0; \ + vpxor 5 * 16(r), t1, t1; \ + vpxor 6 * 16(r), t2, t2; \ + vpxor 7 * 16(r), t3, t3; \ + vmovdqu t0, 4 * 16(r); \ + vmovdqu t1, 5 * 16(r); \ + vmovdqu t2, 6 * 16(r); \ + vmovdqu t3, 7 * 16(r); \ + \ + /* \ + * t0 = klr; \ + * t0 |= lr; \ + * ll ^= t0; \ + */ \ + \ + vmovd klr, t0; \ + vpshufb tt0, t0, t3; \ + vpsrldq $1, t0, t0; \ + vpshufb tt0, t0, t2; \ + vpsrldq $1, t0, t0; \ + vpshufb tt0, t0, t1; \ + vpsrldq $1, t0, t0; \ + vpshufb tt0, t0, t0; \ + \ + vpor l4, t0, t0; \ + vpor l5, t1, t1; \ + vpor l6, t2, t2; \ + vpor l7, t3, t3; \ + \ + vpxor l0, t0, l0; \ + vmovdqu l0, 0 * 16(l); \ + vpxor l1, t1, l1; \ + vmovdqu l1, 1 * 16(l); \ + vpxor l2, t2, l2; \ + vmovdqu l2, 2 * 16(l); \ + vpxor l3, t3, l3; \ + vmovdqu l3, 3 * 16(l); + +#define transpose_4x4(x0, x1, x2, x3, t1, t2) \ + vpunpckhdq x1, x0, t2; \ + vpunpckldq x1, x0, x0; \ + \ + vpunpckldq x3, x2, t1; \ + vpunpckhdq x3, x2, x2; \ + \ + vpunpckhqdq t1, x0, x1; \ + vpunpcklqdq t1, x0, x0; \ + \ + vpunpckhqdq x2, t2, x3; \ + vpunpcklqdq x2, t2, x2; + +#define byteslice_16x16b_fast(a0, b0, c0, d0, a1, b1, c1, d1, a2, b2, c2, d2, \ + a3, b3, c3, d3, st0, st1) \ + vmovdqu d2, st0; \ + vmovdqu d3, st1; \ + transpose_4x4(a0, a1, a2, a3, d2, d3); \ + transpose_4x4(b0, b1, b2, b3, d2, d3); \ + vmovdqu st0, d2; \ + vmovdqu st1, d3; \ + \ + vmovdqu a0, st0; \ + vmovdqu a1, st1; \ + transpose_4x4(c0, c1, c2, c3, a0, a1); \ + transpose_4x4(d0, d1, d2, d3, a0, a1); \ + \ + vmovdqu .Lshufb_16x16b RIP, a0; \ + vmovdqu st1, a1; \ + vpshufb a0, a2, a2; \ + vpshufb a0, a3, a3; \ + vpshufb a0, b0, b0; \ + vpshufb a0, b1, b1; \ + vpshufb a0, b2, b2; \ + vpshufb a0, b3, b3; \ + vpshufb a0, a1, a1; \ + vpshufb a0, c0, c0; \ + vpshufb a0, c1, c1; \ + vpshufb a0, c2, c2; \ + vpshufb a0, c3, c3; \ + vpshufb a0, d0, d0; \ + vpshufb a0, d1, d1; \ + vpshufb a0, d2, d2; \ + vpshufb a0, d3, d3; \ + vmovdqu d3, st1; \ + vmovdqu st0, d3; \ + vpshufb a0, d3, a0; \ + vmovdqu d2, st0; \ + \ + transpose_4x4(a0, b0, c0, d0, d2, d3); \ + transpose_4x4(a1, b1, c1, d1, d2, d3); \ + vmovdqu st0, d2; \ + vmovdqu st1, d3; \ + \ + vmovdqu b0, st0; \ + vmovdqu b1, st1; \ + transpose_4x4(a2, b2, c2, d2, b0, b1); \ + transpose_4x4(a3, b3, c3, d3, b0, b1); \ + vmovdqu st0, b0; \ + vmovdqu st1, b1; \ + /* does not adjust output bytes inside vectors */ + +#define transpose_8x8b(a, b, c, d, e, f, g, h, t0, t1, t2, t3, t4) \ + vpunpcklbw a, b, t0; \ + vpunpckhbw a, b, b; \ + \ + vpunpcklbw c, d, t1; \ + vpunpckhbw c, d, d; \ + \ + vpunpcklbw e, f, t2; \ + vpunpckhbw e, f, f; \ + \ + vpunpcklbw g, h, t3; \ + vpunpckhbw g, h, h; \ + \ + vpunpcklwd t0, t1, g; \ + vpunpckhwd t0, t1, t0; \ + \ + vpunpcklwd b, d, t1; \ + vpunpckhwd b, d, e; \ + \ + vpunpcklwd t2, t3, c; \ + vpunpckhwd t2, t3, t2; \ + \ + vpunpcklwd f, h, t3; \ + vpunpckhwd f, h, b; \ + \ + vpunpcklwd e, b, t4; \ + vpunpckhwd e, b, b; \ + \ + vpunpcklwd t1, t3, e; \ + vpunpckhwd t1, t3, f; \ + \ + vmovdqa .Ltranspose_8x8_shuf RIP, t3; \ + \ + vpunpcklwd g, c, d; \ + vpunpckhwd g, c, c; \ + \ + vpunpcklwd t0, t2, t1; \ + vpunpckhwd t0, t2, h; \ + \ + vpunpckhqdq b, h, a; \ + vpshufb t3, a, a; \ + vpunpcklqdq b, h, b; \ + vpshufb t3, b, b; \ + \ + vpunpckhqdq e, d, g; \ + vpshufb t3, g, g; \ + vpunpcklqdq e, d, h; \ + vpshufb t3, h, h; \ + \ + vpunpckhqdq f, c, e; \ + vpshufb t3, e, e; \ + vpunpcklqdq f, c, f; \ + vpshufb t3, f, f; \ + \ + vpunpckhqdq t4, t1, c; \ + vpshufb t3, c, c; \ + vpunpcklqdq t4, t1, d; \ + vpshufb t3, d, d; + +/* load blocks to registers and apply pre-whitening */ +#define inpack16_pre(x0, x1, x2, x3, x4, x5, x6, x7, y0, y1, y2, y3, y4, y5, \ + y6, y7, rio, key) \ + vmovq key, x0; \ + vpshufb .Lpack_bswap RIP, x0, x0; \ + \ + vpxor 0 * 16(rio), x0, y7; \ + vpxor 1 * 16(rio), x0, y6; \ + vpxor 2 * 16(rio), x0, y5; \ + vpxor 3 * 16(rio), x0, y4; \ + vpxor 4 * 16(rio), x0, y3; \ + vpxor 5 * 16(rio), x0, y2; \ + vpxor 6 * 16(rio), x0, y1; \ + vpxor 7 * 16(rio), x0, y0; \ + vpxor 8 * 16(rio), x0, x7; \ + vpxor 9 * 16(rio), x0, x6; \ + vpxor 10 * 16(rio), x0, x5; \ + vpxor 11 * 16(rio), x0, x4; \ + vpxor 12 * 16(rio), x0, x3; \ + vpxor 13 * 16(rio), x0, x2; \ + vpxor 14 * 16(rio), x0, x1; \ + vpxor 15 * 16(rio), x0, x0; + +/* byteslice pre-whitened blocks and store to temporary memory */ +#define inpack16_post(x0, x1, x2, x3, x4, x5, x6, x7, y0, y1, y2, y3, y4, y5, \ + y6, y7, mem_ab, mem_cd) \ + byteslice_16x16b_fast(x0, x1, x2, x3, x4, x5, x6, x7, y0, y1, y2, y3, \ + y4, y5, y6, y7, (mem_ab), (mem_cd)); \ + \ + vmovdqu x0, 0 * 16(mem_ab); \ + vmovdqu x1, 1 * 16(mem_ab); \ + vmovdqu x2, 2 * 16(mem_ab); \ + vmovdqu x3, 3 * 16(mem_ab); \ + vmovdqu x4, 4 * 16(mem_ab); \ + vmovdqu x5, 5 * 16(mem_ab); \ + vmovdqu x6, 6 * 16(mem_ab); \ + vmovdqu x7, 7 * 16(mem_ab); \ + vmovdqu y0, 0 * 16(mem_cd); \ + vmovdqu y1, 1 * 16(mem_cd); \ + vmovdqu y2, 2 * 16(mem_cd); \ + vmovdqu y3, 3 * 16(mem_cd); \ + vmovdqu y4, 4 * 16(mem_cd); \ + vmovdqu y5, 5 * 16(mem_cd); \ + vmovdqu y6, 6 * 16(mem_cd); \ + vmovdqu y7, 7 * 16(mem_cd); + +/* de-byteslice, apply post-whitening and store blocks */ +#define outunpack16(x0, x1, x2, x3, x4, x5, x6, x7, y0, y1, y2, y3, y4, \ + y5, y6, y7, key, stack_tmp0, stack_tmp1) \ + byteslice_16x16b_fast(y0, y4, x0, x4, y1, y5, x1, x5, y2, y6, x2, x6, \ + y3, y7, x3, x7, stack_tmp0, stack_tmp1); \ + \ + vmovdqu x0, stack_tmp0; \ + \ + vmovq key, x0; \ + vpshufb .Lpack_bswap RIP, x0, x0; \ + \ + vpxor x0, y7, y7; \ + vpxor x0, y6, y6; \ + vpxor x0, y5, y5; \ + vpxor x0, y4, y4; \ + vpxor x0, y3, y3; \ + vpxor x0, y2, y2; \ + vpxor x0, y1, y1; \ + vpxor x0, y0, y0; \ + vpxor x0, x7, x7; \ + vpxor x0, x6, x6; \ + vpxor x0, x5, x5; \ + vpxor x0, x4, x4; \ + vpxor x0, x3, x3; \ + vpxor x0, x2, x2; \ + vpxor x0, x1, x1; \ + vpxor stack_tmp0, x0, x0; + +#define write_output(x0, x1, x2, x3, x4, x5, x6, x7, y0, y1, y2, y3, y4, y5, \ + y6, y7, rio) \ + vmovdqu x0, 0 * 16(rio); \ + vmovdqu x1, 1 * 16(rio); \ + vmovdqu x2, 2 * 16(rio); \ + vmovdqu x3, 3 * 16(rio); \ + vmovdqu x4, 4 * 16(rio); \ + vmovdqu x5, 5 * 16(rio); \ + vmovdqu x6, 6 * 16(rio); \ + vmovdqu x7, 7 * 16(rio); \ + vmovdqu y0, 8 * 16(rio); \ + vmovdqu y1, 9 * 16(rio); \ + vmovdqu y2, 10 * 16(rio); \ + vmovdqu y3, 11 * 16(rio); \ + vmovdqu y4, 12 * 16(rio); \ + vmovdqu y5, 13 * 16(rio); \ + vmovdqu y6, 14 * 16(rio); \ + vmovdqu y7, 15 * 16(rio); + +.data +.align 16 + +#define SHUFB_BYTES(idx) \ + 0 + (idx), 4 + (idx), 8 + (idx), 12 + (idx) + +.Lshufb_16x16b: + .byte SHUFB_BYTES(0), SHUFB_BYTES(1), SHUFB_BYTES(2), SHUFB_BYTES(3); + +.Lpack_bswap: + .long 0x00010203 + .long 0x04050607 + .long 0x80808080 + .long 0x80808080 + +/* For CTR-mode IV byteswap */ +.Lbswap128_mask: + .byte 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 + +/* + * pre-SubByte transform + * + * pre-lookup for sbox1, sbox2, sbox3: + * swap_bitendianness( + * isom_map_camellia_to_aes( + * camellia_f( + * swap_bitendianess(in) + * ) + * ) + * ) + * + * (note: '? 0xc5' inside camellia_f()) + */ +.Lpre_tf_lo_s1: + .byte 0x45, 0xe8, 0x40, 0xed, 0x2e, 0x83, 0x2b, 0x86 + .byte 0x4b, 0xe6, 0x4e, 0xe3, 0x20, 0x8d, 0x25, 0x88 +.Lpre_tf_hi_s1: + .byte 0x00, 0x51, 0xf1, 0xa0, 0x8a, 0xdb, 0x7b, 0x2a + .byte 0x09, 0x58, 0xf8, 0xa9, 0x83, 0xd2, 0x72, 0x23 + +/* + * pre-SubByte transform + * + * pre-lookup for sbox4: + * swap_bitendianness( + * isom_map_camellia_to_aes( + * camellia_f( + * swap_bitendianess(in <<< 1) + * ) + * ) + * ) + * + * (note: '? 0xc5' inside camellia_f()) + */ +.Lpre_tf_lo_s4: + .byte 0x45, 0x40, 0x2e, 0x2b, 0x4b, 0x4e, 0x20, 0x25 + .byte 0x14, 0x11, 0x7f, 0x7a, 0x1a, 0x1f, 0x71, 0x74 +.Lpre_tf_hi_s4: + .byte 0x00, 0xf1, 0x8a, 0x7b, 0x09, 0xf8, 0x83, 0x72 + .byte 0xad, 0x5c, 0x27, 0xd6, 0xa4, 0x55, 0x2e, 0xdf + +/* + * post-SubByte transform + * + * post-lookup for sbox1, sbox4: + * swap_bitendianness( + * camellia_h( + * isom_map_aes_to_camellia( + * swap_bitendianness( + * aes_inverse_affine_transform(in) + * ) + * ) + * ) + * ) + * + * (note: '? 0x6e' inside camellia_h()) + */ +.Lpost_tf_lo_s1: + .byte 0x3c, 0xcc, 0xcf, 0x3f, 0x32, 0xc2, 0xc1, 0x31 + .byte 0xdc, 0x2c, 0x2f, 0xdf, 0xd2, 0x22, 0x21, 0xd1 +.Lpost_tf_hi_s1: + .byte 0x00, 0xf9, 0x86, 0x7f, 0xd7, 0x2e, 0x51, 0xa8 + .byte 0xa4, 0x5d, 0x22, 0xdb, 0x73, 0x8a, 0xf5, 0x0c + +/* + * post-SubByte transform + * + * post-lookup for sbox2: + * swap_bitendianness( + * camellia_h( + * isom_map_aes_to_camellia( + * swap_bitendianness( + * aes_inverse_affine_transform(in) + * ) + * ) + * ) + * ) <<< 1 + * + * (note: '? 0x6e' inside camellia_h()) + */ +.Lpost_tf_lo_s2: + .byte 0x78, 0x99, 0x9f, 0x7e, 0x64, 0x85, 0x83, 0x62 + .byte 0xb9, 0x58, 0x5e, 0xbf, 0xa5, 0x44, 0x42, 0xa3 +.Lpost_tf_hi_s2: + .byte 0x00, 0xf3, 0x0d, 0xfe, 0xaf, 0x5c, 0xa2, 0x51 + .byte 0x49, 0xba, 0x44, 0xb7, 0xe6, 0x15, 0xeb, 0x18 + +/* + * post-SubByte transform + * + * post-lookup for sbox3: + * swap_bitendianness( + * camellia_h( + * isom_map_aes_to_camellia( + * swap_bitendianness( + * aes_inverse_affine_transform(in) + * ) + * ) + * ) + * ) >>> 1 + * + * (note: '? 0x6e' inside camellia_h()) + */ +.Lpost_tf_lo_s3: + .byte 0x1e, 0x66, 0xe7, 0x9f, 0x19, 0x61, 0xe0, 0x98 + .byte 0x6e, 0x16, 0x97, 0xef, 0x69, 0x11, 0x90, 0xe8 +.Lpost_tf_hi_s3: + .byte 0x00, 0xfc, 0x43, 0xbf, 0xeb, 0x17, 0xa8, 0x54 + .byte 0x52, 0xae, 0x11, 0xed, 0xb9, 0x45, 0xfa, 0x06 + +/* For isolating SubBytes from AESENCLAST, inverse shift row */ +.Linv_shift_row: + .byte 0x00, 0x0d, 0x0a, 0x07, 0x04, 0x01, 0x0e, 0x0b + .byte 0x08, 0x05, 0x02, 0x0f, 0x0c, 0x09, 0x06, 0x03 + +/* shuffle mask for 8x8 byte transpose */ +.Ltranspose_8x8_shuf: + .byte 0, 1, 4, 5, 2, 3, 6, 7, 8+0, 8+1, 8+4, 8+5, 8+2, 8+3, 8+6, 8+7 + +.align 4 +/* 4-bit mask */ +.L0f0f0f0f: + .long 0x0f0f0f0f + +.text + +.align 8 +.type __camellia_enc_blk16, at function; + +__camellia_enc_blk16: + /* input: + * %rdi: ctx, CTX + * %rax: temporary storage, 256 bytes + * %xmm0..%xmm15: 16 plaintext blocks + * output: + * %xmm0..%xmm15: 16 encrypted blocks, order swapped: + * 7, 8, 6, 5, 4, 3, 2, 1, 0, 15, 14, 13, 12, 11, 10, 9, 8 + */ + + leaq 8 * 16(%rax), %rcx; + + inpack16_post(%xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, + %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, + %xmm15, %rax, %rcx); + + enc_rounds16(%xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, + %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, + %xmm15, %rax, %rcx, 0); + + fls16(%rax, %xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, + %rcx, %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, + %xmm15, + ((key_table + (8) * 8) + 0)(CTX), + ((key_table + (8) * 8) + 4)(CTX), + ((key_table + (8) * 8) + 8)(CTX), + ((key_table + (8) * 8) + 12)(CTX)); + + enc_rounds16(%xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, + %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, + %xmm15, %rax, %rcx, 8); + + fls16(%rax, %xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, + %rcx, %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, + %xmm15, + ((key_table + (16) * 8) + 0)(CTX), + ((key_table + (16) * 8) + 4)(CTX), + ((key_table + (16) * 8) + 8)(CTX), + ((key_table + (16) * 8) + 12)(CTX)); + + enc_rounds16(%xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, + %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, + %xmm15, %rax, %rcx, 16); + + movl $24, %r8d; + cmpl $128, key_bitlength(CTX); + jne .Lenc_max32; + +.Lenc_done: + /* load CD for output */ + vmovdqu 0 * 16(%rcx), %xmm8; + vmovdqu 1 * 16(%rcx), %xmm9; + vmovdqu 2 * 16(%rcx), %xmm10; + vmovdqu 3 * 16(%rcx), %xmm11; + vmovdqu 4 * 16(%rcx), %xmm12; + vmovdqu 5 * 16(%rcx), %xmm13; + vmovdqu 6 * 16(%rcx), %xmm14; + vmovdqu 7 * 16(%rcx), %xmm15; + + outunpack16(%xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, + %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, + %xmm15, (key_table)(CTX, %r8, 8), (%rax), 1 * 16(%rax)); + + ret; + +.align 8 +.Lenc_max32: + movl $32, %r8d; + + fls16(%rax, %xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, + %rcx, %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, + %xmm15, + ((key_table + (24) * 8) + 0)(CTX), + ((key_table + (24) * 8) + 4)(CTX), + ((key_table + (24) * 8) + 8)(CTX), + ((key_table + (24) * 8) + 12)(CTX)); + + enc_rounds16(%xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, + %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, + %xmm15, %rax, %rcx, 24); + + jmp .Lenc_done; +.size __camellia_enc_blk16,.-__camellia_enc_blk16; + +.align 8 +.type __camellia_dec_blk16, at function; + +__camellia_dec_blk16: + /* input: + * %rdi: ctx, CTX + * %rax: temporary storage, 256 bytes + * %r8d: 24 for 16 byte key, 32 for larger + * %xmm0..%xmm15: 16 encrypted blocks + * output: + * %xmm0..%xmm15: 16 plaintext blocks, order swapped: + * 7, 8, 6, 5, 4, 3, 2, 1, 0, 15, 14, 13, 12, 11, 10, 9, 8 + */ + + leaq 8 * 16(%rax), %rcx; + + inpack16_post(%xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, + %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, + %xmm15, %rax, %rcx); + + cmpl $32, %r8d; + je .Ldec_max32; + +.Ldec_max24: + dec_rounds16(%xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, + %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, + %xmm15, %rax, %rcx, 16); + + fls16(%rax, %xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, + %rcx, %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, + %xmm15, + ((key_table + (16) * 8) + 8)(CTX), + ((key_table + (16) * 8) + 12)(CTX), + ((key_table + (16) * 8) + 0)(CTX), + ((key_table + (16) * 8) + 4)(CTX)); + + dec_rounds16(%xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, + %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, + %xmm15, %rax, %rcx, 8); + + fls16(%rax, %xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, + %rcx, %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, + %xmm15, + ((key_table + (8) * 8) + 8)(CTX), + ((key_table + (8) * 8) + 12)(CTX), + ((key_table + (8) * 8) + 0)(CTX), + ((key_table + (8) * 8) + 4)(CTX)); + + dec_rounds16(%xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, + %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, + %xmm15, %rax, %rcx, 0); + + /* load CD for output */ + vmovdqu 0 * 16(%rcx), %xmm8; + vmovdqu 1 * 16(%rcx), %xmm9; + vmovdqu 2 * 16(%rcx), %xmm10; + vmovdqu 3 * 16(%rcx), %xmm11; + vmovdqu 4 * 16(%rcx), %xmm12; + vmovdqu 5 * 16(%rcx), %xmm13; + vmovdqu 6 * 16(%rcx), %xmm14; + vmovdqu 7 * 16(%rcx), %xmm15; + + outunpack16(%xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, + %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, + %xmm15, (key_table)(CTX), (%rax), 1 * 16(%rax)); + + ret; + +.align 8 +.Ldec_max32: + dec_rounds16(%xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, + %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, + %xmm15, %rax, %rcx, 24); + + fls16(%rax, %xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, + %rcx, %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, + %xmm15, + ((key_table + (24) * 8) + 8)(CTX), + ((key_table + (24) * 8) + 12)(CTX), + ((key_table + (24) * 8) + 0)(CTX), + ((key_table + (24) * 8) + 4)(CTX)); + + jmp .Ldec_max24; +.size __camellia_dec_blk16,.-__camellia_dec_blk16; + +#define inc_le128(x, minus_one, tmp) \ + vpcmpeqq minus_one, x, tmp; \ + vpsubq minus_one, x, x; \ + vpslldq $8, tmp, tmp; \ + vpsubq tmp, x, x; + +.align 8 +.global _gcry_camellia_aesni_avx_ctr_enc +.type _gcry_camellia_aesni_avx_ctr_enc, at function; + +_gcry_camellia_aesni_avx_ctr_enc: + /* input: + * %rdi: ctx, CTX + * %rsi: dst (16 blocks) + * %rdx: src (16 blocks) + * %rcx: iv (big endian, 128bit) + */ + + subq $(16 * 16), %rsp; + movq %rsp, %rax; + + vmovdqa .Lbswap128_mask RIP, %xmm14; + + /* load IV and byteswap */ + vmovdqu (%rcx), %xmm15; + vmovdqu %xmm15, 15 * 16(%rax); + vpshufb %xmm14, %xmm15, %xmm0; /* be => le */ + + vpcmpeqd %xmm15, %xmm15, %xmm15; + vpsrldq $8, %xmm15, %xmm15; /* low: -1, high: 0 */ + + /* construct IVs */ + inc_le128(%xmm0, %xmm15, %xmm13); + vpshufb %xmm14, %xmm0, %xmm13; + vmovdqu %xmm13, 14 * 16(%rax); + inc_le128(%xmm0, %xmm15, %xmm13); + vpshufb %xmm14, %xmm0, %xmm13; + vmovdqu %xmm13, 13 * 16(%rax); + inc_le128(%xmm0, %xmm15, %xmm13); + vpshufb %xmm14, %xmm0, %xmm12; + inc_le128(%xmm0, %xmm15, %xmm13); + vpshufb %xmm14, %xmm0, %xmm11; + inc_le128(%xmm0, %xmm15, %xmm13); + vpshufb %xmm14, %xmm0, %xmm10; + inc_le128(%xmm0, %xmm15, %xmm13); + vpshufb %xmm14, %xmm0, %xmm9; + inc_le128(%xmm0, %xmm15, %xmm13); + vpshufb %xmm14, %xmm0, %xmm8; + inc_le128(%xmm0, %xmm15, %xmm13); + vpshufb %xmm14, %xmm0, %xmm7; + inc_le128(%xmm0, %xmm15, %xmm13); + vpshufb %xmm14, %xmm0, %xmm6; + inc_le128(%xmm0, %xmm15, %xmm13); + vpshufb %xmm14, %xmm0, %xmm5; + inc_le128(%xmm0, %xmm15, %xmm13); + vpshufb %xmm14, %xmm0, %xmm4; + inc_le128(%xmm0, %xmm15, %xmm13); + vpshufb %xmm14, %xmm0, %xmm3; + inc_le128(%xmm0, %xmm15, %xmm13); + vpshufb %xmm14, %xmm0, %xmm2; + inc_le128(%xmm0, %xmm15, %xmm13); + vpshufb %xmm14, %xmm0, %xmm1; + inc_le128(%xmm0, %xmm15, %xmm13); + vmovdqa %xmm0, %xmm13; + vpshufb %xmm14, %xmm0, %xmm0; + inc_le128(%xmm13, %xmm15, %xmm14); + vpshufb .Lbswap128_mask RIP, %xmm13, %xmm13; /* le => be */ + vmovdqu %xmm13, (%rcx); + + /* inpack16_pre: */ + vmovq (key_table)(CTX), %xmm15; + vpshufb .Lpack_bswap RIP, %xmm15, %xmm15; + vpxor %xmm0, %xmm15, %xmm0; + vpxor %xmm1, %xmm15, %xmm1; + vpxor %xmm2, %xmm15, %xmm2; + vpxor %xmm3, %xmm15, %xmm3; + vpxor %xmm4, %xmm15, %xmm4; + vpxor %xmm5, %xmm15, %xmm5; + vpxor %xmm6, %xmm15, %xmm6; + vpxor %xmm7, %xmm15, %xmm7; + vpxor %xmm8, %xmm15, %xmm8; + vpxor %xmm9, %xmm15, %xmm9; + vpxor %xmm10, %xmm15, %xmm10; + vpxor %xmm11, %xmm15, %xmm11; + vpxor %xmm12, %xmm15, %xmm12; + vpxor 13 * 16(%rax), %xmm15, %xmm13; + vpxor 14 * 16(%rax), %xmm15, %xmm14; + vpxor 15 * 16(%rax), %xmm15, %xmm15; + + call __camellia_enc_blk16; + + addq $(16 * 16), %rsp; + + vpxor 0 * 16(%rdx), %xmm7, %xmm7; + vpxor 1 * 16(%rdx), %xmm6, %xmm6; + vpxor 2 * 16(%rdx), %xmm5, %xmm5; + vpxor 3 * 16(%rdx), %xmm4, %xmm4; + vpxor 4 * 16(%rdx), %xmm3, %xmm3; + vpxor 5 * 16(%rdx), %xmm2, %xmm2; + vpxor 6 * 16(%rdx), %xmm1, %xmm1; + vpxor 7 * 16(%rdx), %xmm0, %xmm0; + vpxor 8 * 16(%rdx), %xmm15, %xmm15; + vpxor 9 * 16(%rdx), %xmm14, %xmm14; + vpxor 10 * 16(%rdx), %xmm13, %xmm13; + vpxor 11 * 16(%rdx), %xmm12, %xmm12; + vpxor 12 * 16(%rdx), %xmm11, %xmm11; + vpxor 13 * 16(%rdx), %xmm10, %xmm10; + vpxor 14 * 16(%rdx), %xmm9, %xmm9; + vpxor 15 * 16(%rdx), %xmm8, %xmm8; + + write_output(%xmm7, %xmm6, %xmm5, %xmm4, %xmm3, %xmm2, %xmm1, %xmm0, + %xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9, + %xmm8, %rsi); + + ret; +.size _gcry_camellia_aesni_avx_ctr_enc,.-_gcry_camellia_aesni_avx_ctr_enc; + +.align 8 +.global _gcry_camellia_aesni_avx_cbc_dec +.type _gcry_camellia_aesni_avx_cbc_dec, at function; + +_gcry_camellia_aesni_avx_cbc_dec: + /* input: + * %rdi: ctx, CTX + * %rsi: dst (16 blocks) + * %rdx: src (16 blocks) + * %rcx: iv + */ + + movq %rcx, %r9; + + cmpl $128, key_bitlength(CTX); + movl $32, %r8d; + movl $24, %eax; + cmovel %eax, %r8d; /* max */ + + inpack16_pre(%xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, + %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, + %xmm15, %rdx, (key_table)(CTX, %r8, 8)); + + subq $(16 * 16), %rsp; + movq %rsp, %rax; + + call __camellia_dec_blk16; + + addq $(16 * 16), %rsp; + + /* XOR output with IV */ + vpxor (%r9), %xmm7, %xmm7; + vpxor (0 * 16)(%rdx), %xmm6, %xmm6; + vpxor (1 * 16)(%rdx), %xmm5, %xmm5; + vpxor (2 * 16)(%rdx), %xmm4, %xmm4; + vpxor (3 * 16)(%rdx), %xmm3, %xmm3; + vpxor (4 * 16)(%rdx), %xmm2, %xmm2; + vpxor (5 * 16)(%rdx), %xmm1, %xmm1; + vpxor (6 * 16)(%rdx), %xmm0, %xmm0; + vpxor (7 * 16)(%rdx), %xmm15, %xmm15; + vpxor (8 * 16)(%rdx), %xmm14, %xmm14; + vpxor (9 * 16)(%rdx), %xmm13, %xmm13; + vpxor (10 * 16)(%rdx), %xmm12, %xmm12; + vpxor (11 * 16)(%rdx), %xmm11, %xmm11; + vpxor (12 * 16)(%rdx), %xmm10, %xmm10; + vpxor (13 * 16)(%rdx), %xmm9, %xmm9; + vpxor (14 * 16)(%rdx), %xmm8, %xmm8; + movq (15 * 16 + 0)(%rdx), %r10; + movq (15 * 16 + 8)(%rdx), %r11; + write_output(%xmm7, %xmm6, %xmm5, %xmm4, %xmm3, %xmm2, %xmm1, %xmm0, + %xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9, + %xmm8, %rsi); + + /* store new IV */ + movq %r10, (0)(%r9); + movq %r11, (8)(%r9); + + ret; +.size _gcry_camellia_aesni_avx_cbc_dec,.-_gcry_camellia_aesni_avx_cbc_dec; + +#endif /*defined(ENABLE_AESNI_SUPPORT) && defined(ENABLE_AVX_SUPPORT)*/ +#endif /*__x86_64*/ diff --git a/configure.ac b/configure.ac index 5e57868..4a4a2aa 100644 --- a/configure.ac +++ b/configure.ac @@ -557,6 +557,14 @@ if test x"$drngsupport" = xyes ; then [Enable support for Intel DRNG (RDRAND instruction).]) fi +# Implementation of the --disable-avx-support switch. +AC_MSG_CHECKING([whether AVX support is requested]) +AC_ARG_ENABLE(avx-support, + AC_HELP_STRING([--disable-avx-support], + [Disable support for the Intel AVX instructions]), + avxsupport=$enableval,avxsupport=yes) +AC_MSG_RESULT($avxsupport) + # Implementation of the --disable-O-flag-munging switch. AC_MSG_CHECKING([whether a -O flag munging is requested]) AC_ARG_ENABLE([O-flag-munging], @@ -842,6 +850,32 @@ if test "$gcry_cv_have_asm" = "no" ; then fi +# +# Check whether GCC inline assembler supports AVX instructions +# +AC_CACHE_CHECK([whether GCC inline assembler supports AVX instructions], + [gcry_cv_gcc_inline_asm_avx], + [gcry_cv_gcc_inline_asm_avx=no + AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [[void a(void) { + __asm__("vaesdeclast (%[mem]),%%xmm0,%%xmm7\n\t"::[mem]"r"(0):); + }]])], + [gcry_cv_gcc_inline_asm_avx=yes])]) +if test "$gcry_cv_gcc_inline_asm_avx" = "yes" ; then + AC_DEFINE(HAVE_GCC_INLINE_ASM_AVX,1, + [Defined if inline assembler supports AVX instructions]) + + if test x"$avxsupport" = xyes ; then + AC_DEFINE(ENABLE_AVX_SUPPORT,1, + [Enable support for Intel AVX instructions.]) + fi +else + if test x"$avxsupport" = xyes ; then + avxsupport="no (unsupported by compiler)" + fi +fi + + ####################################### #### Checks for library functions. #### ####################################### @@ -1139,6 +1173,13 @@ LIST_MEMBER(camellia, $enabled_ciphers) if test "$found" = "1" ; then GCRYPT_CIPHERS="$GCRYPT_CIPHERS camellia.lo camellia-glue.lo" AC_DEFINE(USE_CAMELLIA, 1, [Defined if this module should be included]) + + if test x"$avxsupport" = xyes ; then + if test x"$aesnisupport" = xyes ; then + # Build with the AES-NI/AVX implementation + GCRYPT_CIPHERS="$GCRYPT_CIPHERS camellia_aesni_avx_x86-64.lo" + fi + fi fi LIST_MEMBER(idea, $enabled_ciphers) @@ -1358,6 +1399,7 @@ echo " Try using Padlock crypto: $padlocksupport Try using AES-NI crypto: $aesnisupport Try using DRNG (RDRAND): $drngsupport + Try using Intel AVX: $avxsupport " if test "$print_egd_notice" = "yes"; then diff --git a/src/g10lib.h b/src/g10lib.h index 5e99c46..da76c7b 100644 --- a/src/g10lib.h +++ b/src/g10lib.h @@ -152,6 +152,7 @@ int _gcry_log_verbosity( int level ); #define HWF_INTEL_AESNI 256 #define HWF_INTEL_RDRAND 512 +#define HWF_INTEL_AVX 1024 unsigned int _gcry_get_hw_features (void); diff --git a/src/global.c b/src/global.c index b701dfc..a1a83e9 100644 --- a/src/global.c +++ b/src/global.c @@ -67,6 +67,7 @@ static struct { HWF_PADLOCK_MMUL,"padlock-mmul"}, { HWF_INTEL_AESNI, "intel-aesni" }, { HWF_INTEL_RDRAND,"intel-rdrand" }, + { HWF_INTEL_AVX, "intel-avx" }, { 0, NULL} }; diff --git a/src/hwf-x86.c b/src/hwf-x86.c index b50b4b0..1e6ec94 100644 --- a/src/hwf-x86.c +++ b/src/hwf-x86.c @@ -204,6 +204,11 @@ detect_x86_gnuc (void) if (features & 0x02000000) result |= HWF_INTEL_AESNI; #endif /*ENABLE_AESNI_SUPPORT*/ +#ifdef ENABLE_AVX_SUPPORT + /* Test bit 28 for AVX. */ + if (features & 0x10000000) + result |= HWF_INTEL_AVX; +#endif /*ENABLE_AVX_SUPPORT*/ #ifdef ENABLE_DRNG_SUPPORT /* Test bit 30 for RDRAND. */ if (features & 0x40000000) commit 4de62d80644228fc5db2a9f9c94a7eb633d8de2e Author: Jussi Kivilinna Date: Wed Jan 23 11:55:08 2013 +0200 camellia.c: Prepare for AES-NI/AVX implementation * cipher/camellia-glue.c (CAMELLIA_encrypt_stack_burn_size) (CAMELLIA_decrypt_stack_burn_size): Increase stack burn size. * cipher/camellia.c (CAMELLIA_ROUNDSM): Move key-material mixing in the front. (camellia_setup128, camellia_setup256): Remove now unneeded key-material mangling. (camellia_encrypt128, camellia_decrypt128, amellia_encrypt256) (camellia_decrypt256): Copy block to stack, so that compiler can optimize it for register usage. -- Camellia implementation needs to be modified slightly for compatibility with AES-NI/AVX version. Before: Running each test 100 times. ECB/Stream CBC CFB OFB CTR --------------- --------------- --------------- --------------- --------------- CAMELLIA128 800ms 790ms 840ms 730ms 810ms 800ms 820ms 820ms 730ms 740ms CAMELLIA192 1040ms 1040ms 1030ms 930ms 1000ms 1000ms 1020ms 1020ms 940ms 930ms CAMELLIA256 1000ms 980ms 1040ms 930ms 1010ms 990ms 1040ms 1040ms 940ms 930ms After: Running each test 100 times. ECB/Stream CBC CFB OFB CTR --------------- --------------- --------------- --------------- --------------- CAMELLIA128 780ms 750ms 810ms 690ms 780ms 770ms 810ms 810ms 700ms 690ms CAMELLIA192 1020ms 990ms 1000ms 890ms 970ms 970ms 990ms 1000ms 890ms 900ms CAMELLIA256 960ms 960ms 1000ms 900ms 970ms 970ms 990ms 1010ms 900ms 890ms Signed-off-by: Jussi Kivilinna diff --git a/cipher/camellia-glue.c b/cipher/camellia-glue.c index 686262a..ba8aa28 100644 --- a/cipher/camellia-glue.c +++ b/cipher/camellia-glue.c @@ -121,7 +121,7 @@ camellia_encrypt(void *c, byte *outbuf, const byte *inbuf) #define CAMELLIA_encrypt_stack_burn_size \ (sizeof(int)+2*sizeof(unsigned char *)+sizeof(void*/*KEY_TABLE_TYPE*/) \ - +4*sizeof(u32) \ + +4*sizeof(u32)+4*sizeof(u32) \ +2*sizeof(u32*)+4*sizeof(u32) \ +2*2*sizeof(void*) /* Function calls. */ \ ) @@ -138,7 +138,7 @@ camellia_decrypt(void *c, byte *outbuf, const byte *inbuf) #define CAMELLIA_decrypt_stack_burn_size \ (sizeof(int)+2*sizeof(unsigned char *)+sizeof(void*/*KEY_TABLE_TYPE*/) \ - +4*sizeof(u32) \ + +4*sizeof(u32)+4*sizeof(u32) \ +2*sizeof(u32*)+4*sizeof(u32) \ +2*2*sizeof(void*) /* Function calls. */ \ ) diff --git a/cipher/camellia.c b/cipher/camellia.c index 2e28bce..42a9b73 100644 --- a/cipher/camellia.c +++ b/cipher/camellia.c @@ -151,6 +151,8 @@ typedef unsigned char u8; #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ do { \ + yl ^= kl; \ + yr ^= kr; \ ir = CAMELLIA_SP1110(xr & 0xff) \ ^ CAMELLIA_SP0222((xr >> 24) & 0xff) \ ^ CAMELLIA_SP3033((xr >> 16) & 0xff) \ @@ -159,8 +161,6 @@ typedef unsigned char u8; ^ CAMELLIA_SP0222((xl >> 16) & 0xff) \ ^ CAMELLIA_SP3033((xl >> 8) & 0xff) \ ^ CAMELLIA_SP4404(xl & 0xff); \ - il ^= kl; \ - ir ^= kr; \ ir ^= il; \ il = CAMELLIA_RR8(il); \ il ^= ir; \ @@ -614,44 +614,6 @@ void camellia_setup128(const unsigned char *key, u32 *subkey) CamelliaSubkeyL(24) = subl(24) ^ subl(23); CamelliaSubkeyR(24) = subr(24) ^ subr(23); - /* apply the inverse of the last half of P-function */ - dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw; - dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw; - dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw; - dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw; - dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw; - dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw; - dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw; - dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw; - dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw; - dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw; - dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw; - dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw; - dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw; - dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw; - dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw; - dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw; - dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw; - dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw; - return; } @@ -888,56 +850,6 @@ void camellia_setup256(const unsigned char *key, u32 *subkey) CamelliaSubkeyL(32) = subl(32) ^ subl(31); CamelliaSubkeyR(32) = subr(32) ^ subr(31); - /* apply the inverse of the last half of P-function */ - dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw; - dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw; - dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw; - dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw; - dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw; - dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw; - dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw; - dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw; - dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw; - dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw; - dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw; - dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw; - dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw; - dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw; - dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw; - dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw; - dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw; - dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw; - dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw; - dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw; - dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw; - dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw; - dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw; - dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw); - CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw; - return; } @@ -963,9 +875,15 @@ void camellia_setup192(const unsigned char *key, u32 *subkey) * * "io" must be 4byte aligned and big-endian data. */ -void camellia_encrypt128(const u32 *subkey, u32 *io) +void camellia_encrypt128(const u32 *subkey, u32 *blocks) { u32 il, ir, t0, t1; + u32 io[4]; + + io[0] = blocks[0]; + io[1] = blocks[1]; + io[2] = blocks[2]; + io[3] = blocks[3]; /* pre whitening but absorb kw2*/ io[0] ^= CamelliaSubkeyL(0); @@ -1050,13 +968,24 @@ void camellia_encrypt128(const u32 *subkey, u32 *io) io[2] = t0; io[3] = t1; + blocks[0] = io[0]; + blocks[1] = io[1]; + blocks[2] = io[2]; + blocks[3] = io[3]; + return; } -void camellia_decrypt128(const u32 *subkey, u32 *io) +void camellia_decrypt128(const u32 *subkey, u32 *blocks) { u32 il,ir,t0,t1; /* temporary valiables */ + u32 io[4]; + io[0] = blocks[0]; + io[1] = blocks[1]; + io[2] = blocks[2]; + io[3] = blocks[3]; + /* pre whitening but absorb kw2*/ io[0] ^= CamelliaSubkeyL(24); io[1] ^= CamelliaSubkeyR(24); @@ -1140,15 +1069,26 @@ void camellia_decrypt128(const u32 *subkey, u32 *io) io[2] = t0; io[3] = t1; + blocks[0] = io[0]; + blocks[1] = io[1]; + blocks[2] = io[2]; + blocks[3] = io[3]; + return; } /** * stuff for 192 and 256bit encryption/decryption */ -void camellia_encrypt256(const u32 *subkey, u32 *io) +void camellia_encrypt256(const u32 *subkey, u32 *blocks) { u32 il,ir,t0,t1; /* temporary valiables */ + u32 io[4]; + + io[0] = blocks[0]; + io[1] = blocks[1]; + io[2] = blocks[2]; + io[3] = blocks[3]; /* pre whitening but absorb kw2*/ io[0] ^= CamelliaSubkeyL(0); @@ -1257,12 +1197,23 @@ void camellia_encrypt256(const u32 *subkey, u32 *io) io[2] = t0; io[3] = t1; + blocks[0] = io[0]; + blocks[1] = io[1]; + blocks[2] = io[2]; + blocks[3] = io[3]; + return; } -void camellia_decrypt256(const u32 *subkey, u32 *io) +void camellia_decrypt256(const u32 *subkey, u32 *blocks) { u32 il,ir,t0,t1; /* temporary valiables */ + u32 io[4]; + + io[0] = blocks[0]; + io[1] = blocks[1]; + io[2] = blocks[2]; + io[3] = blocks[3]; /* pre whitening but absorb kw2*/ io[0] ^= CamelliaSubkeyL(32); @@ -1371,6 +1322,11 @@ void camellia_decrypt256(const u32 *subkey, u32 *io) io[2] = t0; io[3] = t1; + blocks[0] = io[0]; + blocks[1] = io[1]; + blocks[2] = io[2]; + blocks[3] = io[3]; + return; } commit 537f12ce072d568f9fa344c447d32b2e0efffbe8 Author: Jussi Kivilinna Date: Wed Jan 23 11:55:03 2013 +0200 Camellia, prepare glue code for AES-NI/AVX implementation * cipher/camellia-glue.c (ATTR_ALIGNED_16): Add macro. (CAMELLIA_encrypt_stack_burn_size): Add macro. (camellia_encrypt): Use macro above for stack burn size. (CAMELLIA_decrypt_stack_burn_size): Add macro. (camellia_decrypt): Use macro above for stack burn size. (_gcry_camellia_ctr_enc): New function. (_gcry_camellia_cbc_dec): New function. (selftest_ctr_128): New function. (selftest): Call function above. * cipher/cipher.c (gcry_cipher_open) [USE_CAMELLIA]: Register bulk functions for CBC-decryption and CTR-mode. * src/cipher.h (_gcry_camellia_ctr_enc): New prototype. (_gcry_camellia_cbc_dec): New prototype. -- AES-NI/AVX implementation needs multi-block input, so prepare glue code for that by adding bulk-functions for CBC-decryption and CTR-mode. Signed-off-by: Jussi Kivilinna diff --git a/cipher/camellia-glue.c b/cipher/camellia-glue.c index c5019d0..686262a 100644 --- a/cipher/camellia-glue.c +++ b/cipher/camellia-glue.c @@ -62,6 +62,14 @@ #include "g10lib.h" #include "cipher.h" #include "camellia.h" +#include "bufhelp.h" + +/* Helper macro to force alignment to 16 bytes. */ +#ifdef HAVE_GCC_ATTRIBUTE_ALIGNED +# define ATTR_ALIGNED_16 __attribute__ ((aligned (16))) +#else +# define ATTR_ALIGNED_16 +#endif typedef struct { @@ -110,12 +118,15 @@ camellia_encrypt(void *c, byte *outbuf, const byte *inbuf) CAMELLIA_context *ctx=c; Camellia_EncryptBlock(ctx->keybitlength,inbuf,ctx->keytable,outbuf); - _gcry_burn_stack - (sizeof(int)+2*sizeof(unsigned char *)+sizeof(void*/*KEY_TABLE_TYPE*/) - +4*sizeof(u32) - +2*sizeof(u32*)+4*sizeof(u32) - +2*2*sizeof(void*) /* Function calls. */ - ); + +#define CAMELLIA_encrypt_stack_burn_size \ + (sizeof(int)+2*sizeof(unsigned char *)+sizeof(void*/*KEY_TABLE_TYPE*/) \ + +4*sizeof(u32) \ + +2*sizeof(u32*)+4*sizeof(u32) \ + +2*2*sizeof(void*) /* Function calls. */ \ + ) + + _gcry_burn_stack(CAMELLIA_encrypt_stack_burn_size); } static void @@ -124,12 +135,175 @@ camellia_decrypt(void *c, byte *outbuf, const byte *inbuf) CAMELLIA_context *ctx=c; Camellia_DecryptBlock(ctx->keybitlength,inbuf,ctx->keytable,outbuf); - _gcry_burn_stack - (sizeof(int)+2*sizeof(unsigned char *)+sizeof(void*/*KEY_TABLE_TYPE*/) - +4*sizeof(u32) - +2*sizeof(u32*)+4*sizeof(u32) - +2*2*sizeof(void*) /* Function calls. */ - ); + +#define CAMELLIA_decrypt_stack_burn_size \ + (sizeof(int)+2*sizeof(unsigned char *)+sizeof(void*/*KEY_TABLE_TYPE*/) \ + +4*sizeof(u32) \ + +2*sizeof(u32*)+4*sizeof(u32) \ + +2*2*sizeof(void*) /* Function calls. */ \ + ) + + _gcry_burn_stack(CAMELLIA_decrypt_stack_burn_size); +} + +/* Bulk encryption of complete blocks in CTR mode. This function is only + intended for the bulk encryption feature of cipher.c. CTR is expected to be + of size CAMELLIA_BLOCK_SIZE. */ +void +_gcry_camellia_ctr_enc(void *context, unsigned char *ctr, + void *outbuf_arg, const void *inbuf_arg, + unsigned int nblocks) +{ + CAMELLIA_context *ctx = context; + unsigned char *outbuf = outbuf_arg; + const unsigned char *inbuf = inbuf_arg; + unsigned char tmpbuf[CAMELLIA_BLOCK_SIZE]; + int i; + + for ( ;nblocks; nblocks-- ) + { + /* Encrypt the counter. */ + Camellia_EncryptBlock(ctx->keybitlength, ctr, ctx->keytable, tmpbuf); + /* XOR the input with the encrypted counter and store in output. */ + buf_xor(outbuf, tmpbuf, inbuf, CAMELLIA_BLOCK_SIZE); + outbuf += CAMELLIA_BLOCK_SIZE; + inbuf += CAMELLIA_BLOCK_SIZE; + /* Increment the counter. */ + for (i = CAMELLIA_BLOCK_SIZE; i > 0; i--) + { + ctr[i-1]++; + if (ctr[i-1]) + break; + } + } + + wipememory(tmpbuf, sizeof(tmpbuf)); + _gcry_burn_stack(CAMELLIA_encrypt_stack_burn_size); +} + +/* Bulk decryption of complete blocks in CBC mode. This function is only + intended for the bulk encryption feature of cipher.c. */ +void +_gcry_camellia_cbc_dec(void *context, unsigned char *iv, + void *outbuf_arg, const void *inbuf_arg, + unsigned int nblocks) +{ + CAMELLIA_context *ctx = context; + unsigned char *outbuf = outbuf_arg; + const unsigned char *inbuf = inbuf_arg; + unsigned char savebuf[CAMELLIA_BLOCK_SIZE]; + + for ( ;nblocks; nblocks-- ) + { + /* We need to save INBUF away because it may be identical to + OUTBUF. */ + memcpy(savebuf, inbuf, CAMELLIA_BLOCK_SIZE); + + Camellia_DecryptBlock(ctx->keybitlength, inbuf, ctx->keytable, outbuf); + + buf_xor(outbuf, outbuf, iv, CAMELLIA_BLOCK_SIZE); + memcpy(iv, savebuf, CAMELLIA_BLOCK_SIZE); + inbuf += CAMELLIA_BLOCK_SIZE; + outbuf += CAMELLIA_BLOCK_SIZE; + } + + wipememory(savebuf, sizeof(savebuf)); + _gcry_burn_stack(CAMELLIA_decrypt_stack_burn_size); +} + +/* Run the self-tests for CAMELLIA-CTR-128, tests IV increment of bulk CTR + encryption. Returns NULL on success. */ +static const char* +selftest_ctr_128 (void) +{ + const int nblocks = 16+1; + CAMELLIA_context ctx ATTR_ALIGNED_16; + unsigned char plaintext[nblocks*16] ATTR_ALIGNED_16; + unsigned char ciphertext[nblocks*16] ATTR_ALIGNED_16; + unsigned char plaintext2[nblocks*16] ATTR_ALIGNED_16; + unsigned char iv[16] ATTR_ALIGNED_16; + unsigned char iv2[16] ATTR_ALIGNED_16; + int i, j, diff; + + static const unsigned char key[16] ATTR_ALIGNED_16 = { + 0x06,0x9A,0x00,0x7F,0xC7,0x6A,0x45,0x9F, + 0x98,0xBA,0xF9,0x17,0xFE,0xDF,0x95,0x21 + }; + static char error_str[128]; + + camellia_setkey (&ctx, key, sizeof (key)); + + /* Test single block code path */ + memset(iv, 0xff, sizeof(iv)); + for (i = 0; i < 16; i++) + plaintext[i] = i; + + /* CTR manually. */ + camellia_encrypt (&ctx, ciphertext, iv); + for (i = 0; i < 16; i++) + ciphertext[i] ^= plaintext[i]; + for (i = 16; i > 0; i--) + { + iv[i-1]++; + if (iv[i-1]) + break; + } + + memset(iv2, 0xff, sizeof(iv2)); + _gcry_camellia_ctr_enc (&ctx, iv2, plaintext2, ciphertext, 1); + + if (memcmp(plaintext2, plaintext, 16)) + return "CAMELLIA-128-CTR test failed (plaintext mismatch)"; + + if (memcmp(iv2, iv, 16)) + return "CAMELLIA-128-CTR test failed (IV mismatch)"; + + /* Test parallelized code paths */ + for (diff = 0; diff < nblocks; diff++) { + memset(iv, 0xff, sizeof(iv)); + iv[15] -= diff; + + for (i = 0; i < sizeof(plaintext); i++) + plaintext[i] = i; + + /* Create CTR ciphertext manually. */ + for (i = 0; i < sizeof(plaintext); i+=16) + { + camellia_encrypt (&ctx, &ciphertext[i], iv); + for (j = 0; j < 16; j++) + ciphertext[i+j] ^= plaintext[i+j]; + for (j = 16; j > 0; j--) + { + iv[j-1]++; + if (iv[j-1]) + break; + } + } + + /* Decrypt using bulk CTR and compare result. */ + memset(iv2, 0xff, sizeof(iv2)); + iv2[15] -= diff; + + _gcry_camellia_ctr_enc (&ctx, iv2, plaintext2, ciphertext, + sizeof(ciphertext) / CAMELLIA_BLOCK_SIZE); + + if (memcmp(plaintext2, plaintext, sizeof(plaintext))) + { + snprintf(error_str, sizeof(error_str), + "CAMELLIA-128-CTR test failed (plaintext mismatch, diff: %d)", + diff); + return error_str; + } + if (memcmp(iv2, iv, sizeof(iv))) + { + snprintf(error_str, sizeof(error_str), + "CAMELLIA-128-CTR test failed (IV mismatch, diff: %d)", + diff); + return error_str; + } + } + + return NULL; } static const char * @@ -137,6 +311,7 @@ selftest(void) { CAMELLIA_context ctx; byte scratch[16]; + const char *r; /* These test vectors are from RFC-3713 */ const byte plaintext[]= @@ -200,6 +375,9 @@ selftest(void) if(memcmp(scratch,plaintext,sizeof(plaintext))!=0) return "CAMELLIA-256 test decryption failed."; + if ( (r = selftest_ctr_128 ()) ) + return r; + return NULL; } diff --git a/cipher/cipher.c b/cipher/cipher.c index 389bf7a..f1224af 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -718,6 +718,14 @@ gcry_cipher_open (gcry_cipher_hd_t *handle, h->bulk.ctr_enc = _gcry_aes_ctr_enc; break; #endif /*USE_AES*/ +#ifdef USE_CAMELLIA + case GCRY_CIPHER_CAMELLIA128: + case GCRY_CIPHER_CAMELLIA192: + case GCRY_CIPHER_CAMELLIA256: + h->bulk.cbc_dec = _gcry_camellia_cbc_dec; + h->bulk.ctr_enc = _gcry_camellia_ctr_enc; + break; +#endif /*USE_CAMELLIA*/ default: break; diff --git a/src/cipher.h b/src/cipher.h index 48eeeda..17fec6c 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -95,6 +95,14 @@ void _gcry_aes_ctr_enc (void *context, unsigned char *ctr, void *outbuf_arg, const void *inbuf_arg, unsigned int nblocks); +/*-- camellia-glue.c --*/ +void _gcry_camellia_ctr_enc (void *context, unsigned char *ctr, + void *outbuf_arg, const void *inbuf_arg, + unsigned int nblocks); +void _gcry_camellia_cbc_dec (void *context, unsigned char *iv, + void *outbuf_arg, const void *inbuf_arg, + unsigned int nblocks); + /*-- dsa.c --*/ void _gcry_register_pk_dsa_progress (gcry_handler_progress_t cbc, void *cb_data); ----------------------------------------------------------------------- Summary of changes: cipher/Makefile.am | 4 +- cipher/camellia-glue.c | 298 +++++++++- cipher/camellia.c | 147 ++--- cipher/camellia_aesni_avx_x86-64.S | 1120 ++++++++++++++++++++++++++++++++++++ cipher/cipher.c | 8 + configure.ac | 42 ++ src/cipher.h | 8 + src/g10lib.h | 1 + src/global.c | 1 + src/hwf-x86.c | 5 + 10 files changed, 1525 insertions(+), 109 deletions(-) create mode 100644 cipher/camellia_aesni_avx_x86-64.S hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 19 11:39:19 2013 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Tue, 19 Feb 2013 11:39:19 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-85-g0da7795 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 0da77955a097bfd2469ad084b3e9fcac4fb1e3fa (commit) from 63ac3ba07dba82fde040d31b90b4eff627bd92b9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0da77955a097bfd2469ad084b3e9fcac4fb1e3fa Author: Jussi Kivilinna Date: Mon Jan 28 11:11:33 2013 +0200 Rinjdael: Fix use of SSE2 outside USE_AESNI/ctx->use_aesni * cipher/rijndael.c (_gcry_aes_cbc_enc): Check if AES-NI is enabled before calling aesni_prepare() and aesni_cleanup(). -- aesni_cleanup() contains SSE2 instructions that are interpreted as MMX on CPUs without SSE2 support (Pentium-III, etc). This causes x87 register state to be poisoned, causing crashes later on when program tries to use floating point registers. Add '#ifdef USE_AESNI' and 'if (ctx->use_aesni)' for aesni_cleanup() and, while at it, for aesni_prepare() too. Reported-by: Mitsutoshi NAKANO Signed-off-by: Jussi Kivilinna diff --git a/cipher/rijndael.c b/cipher/rijndael.c index 24372d9..a3080f5 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -1399,7 +1399,11 @@ _gcry_aes_cbc_enc (void *context, unsigned char *iv, unsigned char *outbuf = outbuf_arg; const unsigned char *inbuf = inbuf_arg; - aesni_prepare (); +#ifdef USE_AESNI + if (ctx->use_aesni) + aesni_prepare (); +#endif /*USE_AESNI*/ + for ( ;nblocks; nblocks-- ) { if (0) @@ -1449,7 +1453,11 @@ _gcry_aes_cbc_enc (void *context, unsigned char *iv, if (!cbc_mac) outbuf += BLOCKSIZE; } - aesni_cleanup (); + +#ifdef USE_AESNI + if (ctx->use_aesni) + aesni_cleanup (); +#endif /*USE_AESNI*/ _gcry_burn_stack (48 + 2*sizeof(int)); } ----------------------------------------------------------------------- Summary of changes: cipher/rijndael.c | 12 ++++++++++-- 1 files changed, 10 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 19 12:02:04 2013 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Tue, 19 Feb 2013 12:02:04 +0100 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-5-BRANCH, updated. libgcrypt-1.5.0-17-ge0139f7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-5-BRANCH has been updated via e0139f73600ed584f23d57a2baf768e32ea900ec (commit) from d30c86465fef9531766fd7c124a5d87d7645850e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e0139f73600ed584f23d57a2baf768e32ea900ec Author: Jussi Kivilinna Date: Tue Jan 29 10:05:15 2013 +0200 libgcrypt-1.5: rinjdael: Fix use of SSE2 outside USE_AESNI/ctx->use_aesni * cipher/rijndael.c (_gcry_aes_cbc_enc, _gcry_aes_cbc_dec): Check if AES-NI is enabled before calling aesni_prepare() and aesni_cleanup(). -- aesni_cleanup() contains SSE2 instructions that are interpreted as MMX on CPUs without SSE2 support (Pentium-III, etc). In above functions, aesni_cleanup() was called outside use_aesni checks. This causes x87 register state to be poisoned, causing crashes later on when program tries to use floating point registers. Add missing '#ifdef USE_AESNI' and 'if (ctx->use_aesni)' for aesni_cleanup() and, while at it, for aesni_prepare() too. Reported-by: Mitsutoshi NAKANO Signed-off-by: Jussi Kivilinna diff --git a/cipher/rijndael.c b/cipher/rijndael.c index 92fa31d..9816280 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -1239,7 +1239,11 @@ _gcry_aes_cbc_enc (void *context, unsigned char *iv, unsigned char *ivp; int i; - aesni_prepare (); +#ifdef USE_AESNI + if (ctx->use_aesni) + aesni_prepare (); +#endif /*USE_AESNI*/ + for ( ;nblocks; nblocks-- ) { for (ivp=iv, i=0; i < BLOCKSIZE; i++ ) @@ -1263,7 +1267,11 @@ _gcry_aes_cbc_enc (void *context, unsigned char *iv, if (!cbc_mac) outbuf += BLOCKSIZE; } - aesni_cleanup (); + +#ifdef USE_AESNI + if (ctx->use_aesni) + aesni_cleanup (); +#endif /*USE_AESNI*/ _gcry_burn_stack (48 + 2*sizeof(int)); } @@ -1575,7 +1583,11 @@ _gcry_aes_cbc_dec (void *context, unsigned char *iv, int i; unsigned char savebuf[BLOCKSIZE]; - aesni_prepare (); +#ifdef USE_AESNI + if (ctx->use_aesni) + aesni_prepare (); +#endif /*USE_AESNI*/ + for ( ;nblocks; nblocks-- ) { /* We need to save INBUF away because it may be identical to @@ -1601,7 +1613,11 @@ _gcry_aes_cbc_dec (void *context, unsigned char *iv, inbuf += BLOCKSIZE; outbuf += BLOCKSIZE; } - aesni_cleanup (); + +#ifdef USE_AESNI + if (ctx->use_aesni) + aesni_cleanup (); +#endif /*USE_AESNI*/ _gcry_burn_stack (48 + 2*sizeof(int) + BLOCKSIZE + 4*sizeof (char*)); } ----------------------------------------------------------------------- Summary of changes: cipher/rijndael.c | 24 ++++++++++++++++++++---- 1 files changed, 20 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 20 21:00:47 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 20 Feb 2013 21:00:47 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-87-g70dcac6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 70dcac663de06b012417015c175973d64e6980df (commit) via fb48ebf7081400a24ee48f8a9894a361e8834b6e (commit) from 0da77955a097bfd2469ad084b3e9fcac4fb1e3fa (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 70dcac663de06b012417015c175973d64e6980df Author: Werner Koch Date: Wed Feb 20 20:44:19 2013 +0100 Fix building of hwf-x86.c * src/Makefile.am (AM_CFLAGS): Set to GPG_ERROR_CFLAGS (AM_CCASFLAGS): Set NOEXECSTACK_FLAGS. -- Without that fix we might have used a different gcrypt.h version if we explicitly requested a newer one. Note that dynamically added modules use different rules than the static ones (.c.lo: vs. .c.la:). AM_CCASFLAGS might not be needed right now but may be useful in the future. diff --git a/src/Makefile.am b/src/Makefile.am index cdfe0c6..9e7dcd5 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -44,6 +44,8 @@ arch_gpg_error_cflags = arch_gpg_error_libs = endif +AM_CFLAGS = $(GPG_ERROR_CFLAGS) +AM_CCASFLAGS = $(NOEXECSTACK_FLAGS) if HAVE_LD_VERSION_SCRIPT libgcrypt_version_script_cmd = -Wl,--version-script=$(srcdir)/libgcrypt.vers commit fb48ebf7081400a24ee48f8a9894a361e8834b6e Author: Werner Koch Date: Wed Feb 20 20:36:39 2013 +0100 Remove build hacks for FreeBSD. * configure.ac [freebsd]: Do not add /usr/local to CPPFLAGS and LDFLAGS. -- Back in ~2000 we introduced a quick hack to make building of Libgcrypt on FreeBSD easier by always adding -I/usr/local/include and -L/usr/local/lib . It turned out that this is a bad idea if one wants to build with library version which is not installed in /usr/local. diff --git a/configure.ac b/configure.ac index 4a4a2aa..1f057f7 100644 --- a/configure.ac +++ b/configure.ac @@ -244,12 +244,6 @@ case "${host}" in AC_DEFINE(HAVE_DOSISH_SYSTEM) ;; - *-*-freebsd*) - # FreeBSD - CPPFLAGS="$CPPFLAGS -I/usr/local/include" - LDFLAGS="$LDFLAGS -L/usr/local/lib" - ;; - *-*-hpux*) if test -z "$GCC" ; then CFLAGS="$CFLAGS -Ae -D_HPUX_SOURCE" ----------------------------------------------------------------------- Summary of changes: configure.ac | 6 ------ src/Makefile.am | 2 ++ 2 files changed, 2 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 20 21:32:19 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 20 Feb 2013 21:32:19 +0100 Subject: [git] GnuPG - branch, key-storage-work, updated. gnupg-2.1.0beta3-170-g8e5766c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, key-storage-work has been updated via 8e5766c38f3ac376fb8e7c7f2b0f65de23d84cbe (commit) from 7ab61423f0066c89130d1d1e6a5b429cff188b97 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8e5766c38f3ac376fb8e7c7f2b0f65de23d84cbe Author: Werner Koch Date: Wed Feb 20 20:31:52 2013 +0100 Remove build hacks for FreeBSD. * configure.ac [freebsd]: Do not add /usr/local to CPPFLAGS and LDFLAGS. -- Back in ~2000 we introduced a quick hack to make building of Libgcrypt on FreeBSD easier by always adding -I/usr/local/include and -L/usr/local/lib . It turned out that this is a bad idea if one wants to build with library version which is not installed in /usr/local. The hack made was eventually (in 2003) copied from Libgcrypt to GnuPG-2. diff --git a/configure.ac b/configure.ac index 5881df1..cf5ab3f 100644 --- a/configure.ac +++ b/configure.ac @@ -627,12 +627,6 @@ case "${host}" in try_gettext="no" ;; - *-*-freebsd*) - # FreeBSD - CPPFLAGS="$CPPFLAGS -I/usr/local/include" - LDFLAGS="$LDFLAGS -L/usr/local/lib" - ;; - *-*-hpux*) if test -z "$GCC" ; then CFLAGS="$CFLAGS -Ae -D_HPUX_SOURCE" ----------------------------------------------------------------------- Summary of changes: configure.ac | 6 ------ 1 files changed, 0 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 21 20:45:16 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 21 Feb 2013 20:45:16 +0100 Subject: [git] GnuPG - branch, key-storage-work, updated. gnupg-2.1.0beta3-173-g273bb38 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, key-storage-work has been updated via 273bb38cd7b517460cb3de67662e96e910104675 (commit) via 18a261b65fd77a9e434b13483ceaaaf2176f1197 (commit) via 4af0c62b15c51056dc293c8e3b907e7c41fbf08c (commit) from 8e5766c38f3ac376fb8e7c7f2b0f65de23d84cbe (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 273bb38cd7b517460cb3de67662e96e910104675 Author: Werner Koch Date: Thu Feb 21 20:35:10 2013 +0100 gpg: Fix a memory leak in batch key generation * g10/keygen.c (append_to_parameter): New. (proc_parameter_file): Use new func to extend the parameter list. * g10/passphrase.c (passphrase_to_dek_ext): Print a diagnostic of gcry_kdf_derive failed. * g10/keygen.c (proc_parameter_file): Print a diagnostic if passphrase_to_dek failed. -- Due to an improper way of using the linked list head, all memory for items allocated in proc_parameter_file was never released. If batched key generation with a passphrase and more than ~200 keys was used this exhausted the secure memory. diff --git a/g10/keygen.c b/g10/keygen.c index b5ccf02..fc985ee 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -2591,6 +2591,17 @@ generate_user_id (KBNODE keyblock) } +/* Append R to the linked list PARA. */ +static void +append_to_parameter (struct para_data_s *para, struct para_data_s *r) +{ + assert (para); + while (para->next) + para = para->next; + para->next = r; +} + +/* Release the parameter list R. */ static void release_parameter_list (struct para_data_s *r) { @@ -2817,8 +2828,7 @@ proc_parameter_file( struct para_data_s *para, const char *fname, r->u.usage = (is_default ? (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG) : openpgp_pk_algo_usage(algo)); - r->next = para; - para = r; + append_to_parameter (para, r); } else if (err == -1) return -1; @@ -2854,8 +2864,7 @@ proc_parameter_file( struct para_data_s *para, const char *fname, r->u.usage = (is_default ? PUBKEY_USAGE_ENC : openpgp_pk_algo_usage (algo)); - r->next = para; - para = r; + append_to_parameter (para, r); } else if (err == -1) return -1; @@ -2892,8 +2901,7 @@ proc_parameter_file( struct para_data_s *para, const char *fname, p = stpcpy(stpcpy(stpcpy(p," ("), s2 ),")"); if( s3 ) p = stpcpy(stpcpy(stpcpy(p," <"), s3 ),">"); - r->next = para; - para = r; + append_to_parameter (para, r); have_user_id=1; } } @@ -2946,13 +2954,11 @@ proc_parameter_file( struct para_data_s *para, const char *fname, r = xmalloc_clear( sizeof *r ); r->key = pPASSPHRASE_DEK; r->u.dek = dek; - r->next = para; - para = r; + append_to_parameter (para, r); r = xmalloc_clear( sizeof *r ); r->key = pPASSPHRASE_S2K; r->u.s2k = s2k; - r->next = para; - para = r; + append_to_parameter (para, r); } if (canceled) @@ -2971,27 +2977,32 @@ proc_parameter_file( struct para_data_s *para, const char *fname, * but because we do this always, why not here. */ STRING2KEY *s2k; DEK *dek; + static int count; - s2k = xmalloc_secure ( sizeof *s2k ); + s2k = xmalloc ( sizeof *s2k ); s2k->mode = opt.s2k_mode; s2k->hash_algo = S2K_DIGEST_ALGO; set_next_passphrase ( r->u.value ); dek = passphrase_to_dek (NULL, 0, opt.s2k_cipher_algo, s2k, 2, NULL, NULL); - set_next_passphrase (NULL ); - assert (dek); + if (!dek) + { + log_error ("%s:%d: error post processing the passphrase\n", + fname, r->lnr ); + xfree (s2k); + return -1; + } + set_next_passphrase (NULL); memset (r->u.value, 0, strlen(r->u.value)); r = xmalloc_clear (sizeof *r); r->key = pPASSPHRASE_S2K; r->u.s2k = s2k; - r->next = para; - para = r; + append_to_parameter (para, r); r = xmalloc_clear (sizeof *r); r->key = pPASSPHRASE_DEK; r->u.dek = dek; - r->next = para; - para = r; + append_to_parameter (para, r); } } @@ -3029,8 +3040,7 @@ proc_parameter_file( struct para_data_s *para, const char *fname, r = xmalloc_clear( sizeof *r + 20 ); r->key = pSUBKEYEXPIRE; r->u.expire = seconds; - r->next = para; - para = r; + append_to_parameter (para, r); } do_generate_keypair( para, outctrl, card ); diff --git a/g10/passphrase.c b/g10/passphrase.c index d872e36..f83e668 100644 --- a/g10/passphrase.c +++ b/g10/passphrase.c @@ -569,17 +569,21 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo, dek->keylen = 0; else { + gpg_error_t err; + dek->keylen = openpgp_cipher_get_algo_keylen (dek->algo); if (!(dek->keylen > 0 && dek->keylen <= DIM(dek->key))) BUG (); - if (gcry_kdf_derive (pw, strlen (pw), - s2k->mode == 3? GCRY_KDF_ITERSALTED_S2K : - s2k->mode == 1? GCRY_KDF_SALTED_S2K : - /* */ GCRY_KDF_SIMPLE_S2K, - s2k->hash_algo, s2k->salt, 8, - S2K_DECODE_COUNT(s2k->count), - dek->keylen, dek->key)) + err = gcry_kdf_derive (pw, strlen (pw), + s2k->mode == 3? GCRY_KDF_ITERSALTED_S2K : + s2k->mode == 1? GCRY_KDF_SALTED_S2K : + /* */ GCRY_KDF_SIMPLE_S2K, + s2k->hash_algo, s2k->salt, 8, + S2K_DECODE_COUNT(s2k->count), + dek->keylen, dek->key); + if (err) { + log_error ("gcry_kdf_derive failed: %s", gpg_strerror (err)); xfree (pw); xfree (dek); write_status( STATUS_MISSING_PASSPHRASE ); commit 18a261b65fd77a9e434b13483ceaaaf2176f1197 Author: Werner Koch Date: Thu Feb 21 20:27:20 2013 +0100 gpg: Handle the agent's NEW_PASSPHRASE inquiry. * g10/call-agent.c (default_inq_cb): Take care of NEW_PASSPHRASE. diff --git a/g10/call-agent.c b/g10/call-agent.c index 85a3f28..4828f9a 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -336,7 +336,7 @@ default_inq_cb (void *opaque, const char *line) gpg_error_t err = 0; struct default_inq_parm_s *parm = opaque; - if (!strncmp (line, "PINENTRY_LAUNCHED", 17) && (line[17]==' '||!line[17])) + if (has_leading_keyword (line, "PINENTRY_LAUNCHED")) { err = gpg_proxy_pinentry_notify (parm->ctrl, line); if (err) @@ -344,7 +344,8 @@ default_inq_cb (void *opaque, const char *line) "PINENTRY_LAUNCHED"); /* We do not pass errors to avoid breaking other code. */ } - else if (!strncmp (line, "PASSPHRASE", 10) && (line[10]==' '||!line[10]) + else if ((has_leading_keyword (line, "PASSPHRASE") + || has_leading_keyword (line, "NEW_PASSPHRASE")) && opt.pinentry_mode == PINENTRY_MODE_LOOPBACK) { if (have_static_passphrase ()) commit 4af0c62b15c51056dc293c8e3b907e7c41fbf08c Author: Werner Koch Date: Thu Feb 21 20:25:12 2013 +0100 common: Add func has_leading_keyword. * common/stringhelp.c (has_leading_keyword): New. diff --git a/common/stringhelp.c b/common/stringhelp.c index 842f6a1..d51d3e0 100644 --- a/common/stringhelp.c +++ b/common/stringhelp.c @@ -74,6 +74,29 @@ change_slashes (char *name) /* + * Check whether STRINGS starts with KEYWORD. The keyword is + * delimited by end of string, a space or a tab. Returns NULL if not + * found or a pointer into STRING to the next non-space character + * after the KEYWORD (which may be end of string). + */ +char * +has_leading_keyword (const char *string, const char *keyword) +{ + size_t n = strlen (keyword); + + if (!strncmp (string, keyword, n) + && (!string[n] || string[n] == ' ' || string[n] == '\t')) + { + string += n; + while (*string == ' ' || *string == '\t') + string++; + return (char*)string; + } + return NULL; +} + + +/* * Look for the substring SUB in buffer and return a pointer to that * substring in BUFFER or NULL if not found. * Comparison is case-insensitive. diff --git a/common/stringhelp.h b/common/stringhelp.h index 60ba12b..c1f7ea1 100644 --- a/common/stringhelp.h +++ b/common/stringhelp.h @@ -34,6 +34,8 @@ #include "types.h" +char *has_leading_keyword (const char *string, const char *keyword); + const char *memistr (const void *buf, size_t buflen, const char *sub); char *mem2str( char *, const void *, size_t); char *trim_spaces( char *string ); ----------------------------------------------------------------------- Summary of changes: common/stringhelp.c | 23 +++++++++++++++++++++++ common/stringhelp.h | 2 ++ g10/call-agent.c | 5 +++-- g10/keygen.c | 48 +++++++++++++++++++++++++++++------------------- g10/passphrase.c | 18 +++++++++++------- 5 files changed, 68 insertions(+), 28 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Feb 22 06:23:04 2013 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 22 Feb 2013 06:23:04 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-156-g3c3648e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 3c3648e720b8014828573bd708c88ba4775014e3 (commit) via 7d376ffa321d4af6e62a2bc64ef2b8574b122b1a (commit) from c36089daf76d53a1d1912f58f284b78bafe14508 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3c3648e720b8014828573bd708c88ba4775014e3 Author: NIIBE Yutaka Date: Fri Feb 22 12:55:11 2013 +0900 agent: fix two bugs. * agent/command.c (cmd_keytocard): Decrement KEYDATALEN. * agent/findkey.c (agent_public_key_from_file): Increment for ELEMS. -- For ECDSA and ECDH, there are 6 elements. diff --git a/agent/command.c b/agent/command.c index 2844398..823b233 100644 --- a/agent/command.c +++ b/agent/command.c @@ -2197,6 +2197,7 @@ cmd_keytocard (assuan_context_t ctx, char *line) gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, keydata, keydatalen); gcry_sexp_release (s_skey); + keydatalen--; /* Decrement for last '\0'. */ /* Add timestamp "created-at" in the private key */ timestamp = isotime2epoch (timestamp_str); snprintf (keydata+keydatalen-1, 30, "(10:created-at10:%010lu))", timestamp); diff --git a/agent/findkey.c b/agent/findkey.c index b17870e..ebdcc03 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -828,7 +828,7 @@ agent_public_key_from_file (ctrl_t ctrl, int i, idx; gcry_sexp_t s_skey; char algoname[6]; - char elems[6]; + char elems[7]; gcry_sexp_t uri_sexp, comment_sexp; const char *uri, *comment; size_t uri_length, comment_length; commit 7d376ffa321d4af6e62a2bc64ef2b8574b122b1a Author: NIIBE Yutaka Date: Fri Feb 22 11:00:27 2013 +0900 gpg: fix keytocard and support ECC card for key attribute. * g10/call-agent.c (agent_keytocard): Supply PARM arg. * g10/card-util.c (card_status): Support ECC. (card_store_subkey): Don't assume RSA. diff --git a/g10/call-agent.c b/g10/call-agent.c index 85a3f28..e3250fe 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -606,6 +606,10 @@ agent_keytocard (const char *hexgrip, int keyno, int force, { int rc; char line[ASSUAN_LINELENGTH]; + struct default_inq_parm_s parm; + + memset (&parm, 0, sizeof parm); + parm.ctx = agent_ctx; snprintf (line, DIM(line)-1, "KEYTOCARD %s%s %s OPENPGP.%d %s", force?"--force ": "", hexgrip, serialno, keyno, timestamp); @@ -615,8 +619,8 @@ agent_keytocard (const char *hexgrip, int keyno, int force, if (rc) return rc; - rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, - NULL, NULL, NULL); + rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, &parm, + NULL, NULL); if (rc) return rc; diff --git a/g10/card-util.c b/g10/card-util.c index 75208cc..add8eed 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -550,7 +550,9 @@ card_status (estream_t fp, char *serialno, size_t serialnobuflen) tty_fprintf (fp, " %u%c", info.key_attr[i].nbits, info.key_attr[i].algo == 1? 'R': - info.key_attr[i].algo == 17? 'D': '?'); + info.key_attr[i].algo == 17? 'D': + info.key_attr[i].algo == 18? 'e': + info.key_attr[i].algo == 19? 'E': '?'); tty_fprintf (fp, "\n"); } tty_fprintf (fp, "Max. PIN lengths .: %d %d %d\n", @@ -1560,7 +1562,7 @@ card_store_subkey (KBNODE node, int use) nbits = nbits_from_pk (pk); - if (!is_RSA (pk->pubkey_algo) || (!info.is_v2 && nbits != 1024) ) + if (!info.is_v2 && nbits != 1024) { tty_printf ("You may only store a 1024 bit RSA key on the card\n"); tty_printf ("\n"); ----------------------------------------------------------------------- Summary of changes: agent/command.c | 1 + agent/findkey.c | 2 +- g10/call-agent.c | 8 ++++++-- g10/card-util.c | 6 ++++-- 4 files changed, 12 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Feb 22 09:54:49 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 22 Feb 2013 09:54:49 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-161-gc6b8f05 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via c6b8f05517228c6aeab28d2bf5da7724c059bb1a (commit) via 161674118d568025896026ede5e03d26bdfdfa68 (commit) via baee681d2406530c45fd6d4bde77193ba23ac263 (commit) via 2838385e76c8c7108bc949d5a1d1c947051bd5be (commit) via 21f5a9ec27c0794141a835a5bb3c69495ee554a6 (commit) from 3c3648e720b8014828573bd708c88ba4775014e3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c6b8f05517228c6aeab28d2bf5da7724c059bb1a Author: Werner Koch Date: Tue Feb 12 19:28:54 2013 +0100 Remove some unused variables. * tools/gpgconf-comp.c (gc_process_gpgconf_conf): Remove unused used_components. * agent/command-ssh.c (ssh_signature_encoder_ecdsa): Mark unused arg. * g13/g13.c (main): Comment variable of yet unimplemented options. diff --git a/agent/command-ssh.c b/agent/command-ssh.c index c0b608a..94538b3 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -1247,6 +1247,8 @@ ssh_signature_encoder_ecdsa (ssh_key_type_spec_t *spec, gpg_error_t err; int i; + (void)spec; + innerlen = 0; for (i = 0; i < DIM(data); i++) { diff --git a/g13/g13.c b/g13/g13.c index 82ed9d8..fca9e7a 100644 --- a/g13/g13.c +++ b/g13/g13.c @@ -323,7 +323,7 @@ main ( int argc, char **argv) int orig_argc; char **orig_argv; gpg_error_t err = 0; - const char *fname; + /* const char *fname; */ int may_coredump; FILE *configfp = NULL; char *configname = NULL; @@ -334,10 +334,10 @@ main ( int argc, char **argv) char *logfile = NULL; int greeting = 0; int nogreeting = 0; - int debug_wait = 0; + /* int debug_wait = 0; */ int use_random_seed = 1; - int nodetach = 0; - int nokeysetup = 0; + /* int nodetach = 0; */ + /* int nokeysetup = 0; */ enum cmd_and_opt_values cmd = 0; struct server_control_s ctrl; strlist_t recipients = NULL; @@ -473,13 +473,13 @@ main ( int argc, char **argv) case aGPGConfTest: set_cmd (&cmd, pargs.r_opt); nogreeting = 1; - nokeysetup = 1; + /* nokeysetup = 1; */ break; case aServer: case aMount: case aUmount: - nokeysetup = 1; + /* nokeysetup = 1; */ case aCreate: set_cmd (&cmd, pargs.r_opt); break; @@ -504,13 +504,13 @@ main ( int argc, char **argv) case oLogFile: logfile = pargs.r.ret_str; break; case oNoLogFile: logfile = NULL; break; - case oNoDetach: nodetach = 1; break; + case oNoDetach: /*nodetach = 1; */break; case oDebug: debug_value |= pargs.r.ret_ulong; break; case oDebugAll: debug_value = ~0; break; case oDebugNone: debug_value = 0; break; case oDebugLevel: debug_level = pargs.r.ret_str; break; - case oDebugWait: debug_wait = pargs.r.ret_int; break; + case oDebugWait: /*debug_wait = pargs.r.ret_int; */break; case oDebugAllowCoreDump: may_coredump = enable_core_dumps (); break; @@ -653,7 +653,7 @@ main ( int argc, char **argv) } /* Store given filename into FNAME. */ - fname = argc? *argv : NULL; + /* fname = argc? *argv : NULL; */ /* Parse all given encryption keys. This does a lookup of the keys and stops if any of the given keys was not found. */ diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c index 9dbddee..0b3c9c0 100644 --- a/tools/gpgconf-comp.c +++ b/tools/gpgconf-comp.c @@ -3382,7 +3382,6 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults, int in_rule = 0; int got_match = 0; int runtime[GC_BACKEND_NR]; - int used_components[GC_COMPONENT_NR]; int backend_id, component_id; char *fname; @@ -3393,8 +3392,6 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults, for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++) runtime[backend_id] = 0; - for (component_id = 0; component_id < GC_COMPONENT_NR; component_id++) - used_components[component_id] = 0; config = fopen (fname, "r"); if (!config) @@ -3621,9 +3618,6 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults, if (defaults) { - assert (component_id >= 0 && component_id < GC_COMPONENT_NR); - used_components[component_id] = 1; - /* Here we explicitly allow to update the value again. */ if (newflags) { commit 161674118d568025896026ede5e03d26bdfdfa68 Author: Werner Koch Date: Thu Feb 21 20:35:10 2013 +0100 gpg: Fix a memory leak in batch key generation * g10/keygen.c (append_to_parameter): New. (proc_parameter_file): Use new func to extend the parameter list. * g10/passphrase.c (passphrase_to_dek_ext): Print a diagnostic of gcry_kdf_derive failed. * g10/keygen.c (proc_parameter_file): Print a diagnostic if passphrase_to_dek failed. -- Due to an improper way of using the linked list head, all memory for items allocated in proc_parameter_file was never released. If batched key generation with a passphrase and more than ~200 keys was used this exhausted the secure memory. diff --git a/g10/keygen.c b/g10/keygen.c index b5ccf02..fc985ee 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -2591,6 +2591,17 @@ generate_user_id (KBNODE keyblock) } +/* Append R to the linked list PARA. */ +static void +append_to_parameter (struct para_data_s *para, struct para_data_s *r) +{ + assert (para); + while (para->next) + para = para->next; + para->next = r; +} + +/* Release the parameter list R. */ static void release_parameter_list (struct para_data_s *r) { @@ -2817,8 +2828,7 @@ proc_parameter_file( struct para_data_s *para, const char *fname, r->u.usage = (is_default ? (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG) : openpgp_pk_algo_usage(algo)); - r->next = para; - para = r; + append_to_parameter (para, r); } else if (err == -1) return -1; @@ -2854,8 +2864,7 @@ proc_parameter_file( struct para_data_s *para, const char *fname, r->u.usage = (is_default ? PUBKEY_USAGE_ENC : openpgp_pk_algo_usage (algo)); - r->next = para; - para = r; + append_to_parameter (para, r); } else if (err == -1) return -1; @@ -2892,8 +2901,7 @@ proc_parameter_file( struct para_data_s *para, const char *fname, p = stpcpy(stpcpy(stpcpy(p," ("), s2 ),")"); if( s3 ) p = stpcpy(stpcpy(stpcpy(p," <"), s3 ),">"); - r->next = para; - para = r; + append_to_parameter (para, r); have_user_id=1; } } @@ -2946,13 +2954,11 @@ proc_parameter_file( struct para_data_s *para, const char *fname, r = xmalloc_clear( sizeof *r ); r->key = pPASSPHRASE_DEK; r->u.dek = dek; - r->next = para; - para = r; + append_to_parameter (para, r); r = xmalloc_clear( sizeof *r ); r->key = pPASSPHRASE_S2K; r->u.s2k = s2k; - r->next = para; - para = r; + append_to_parameter (para, r); } if (canceled) @@ -2971,27 +2977,32 @@ proc_parameter_file( struct para_data_s *para, const char *fname, * but because we do this always, why not here. */ STRING2KEY *s2k; DEK *dek; + static int count; - s2k = xmalloc_secure ( sizeof *s2k ); + s2k = xmalloc ( sizeof *s2k ); s2k->mode = opt.s2k_mode; s2k->hash_algo = S2K_DIGEST_ALGO; set_next_passphrase ( r->u.value ); dek = passphrase_to_dek (NULL, 0, opt.s2k_cipher_algo, s2k, 2, NULL, NULL); - set_next_passphrase (NULL ); - assert (dek); + if (!dek) + { + log_error ("%s:%d: error post processing the passphrase\n", + fname, r->lnr ); + xfree (s2k); + return -1; + } + set_next_passphrase (NULL); memset (r->u.value, 0, strlen(r->u.value)); r = xmalloc_clear (sizeof *r); r->key = pPASSPHRASE_S2K; r->u.s2k = s2k; - r->next = para; - para = r; + append_to_parameter (para, r); r = xmalloc_clear (sizeof *r); r->key = pPASSPHRASE_DEK; r->u.dek = dek; - r->next = para; - para = r; + append_to_parameter (para, r); } } @@ -3029,8 +3040,7 @@ proc_parameter_file( struct para_data_s *para, const char *fname, r = xmalloc_clear( sizeof *r + 20 ); r->key = pSUBKEYEXPIRE; r->u.expire = seconds; - r->next = para; - para = r; + append_to_parameter (para, r); } do_generate_keypair( para, outctrl, card ); diff --git a/g10/passphrase.c b/g10/passphrase.c index d872e36..f83e668 100644 --- a/g10/passphrase.c +++ b/g10/passphrase.c @@ -569,17 +569,21 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo, dek->keylen = 0; else { + gpg_error_t err; + dek->keylen = openpgp_cipher_get_algo_keylen (dek->algo); if (!(dek->keylen > 0 && dek->keylen <= DIM(dek->key))) BUG (); - if (gcry_kdf_derive (pw, strlen (pw), - s2k->mode == 3? GCRY_KDF_ITERSALTED_S2K : - s2k->mode == 1? GCRY_KDF_SALTED_S2K : - /* */ GCRY_KDF_SIMPLE_S2K, - s2k->hash_algo, s2k->salt, 8, - S2K_DECODE_COUNT(s2k->count), - dek->keylen, dek->key)) + err = gcry_kdf_derive (pw, strlen (pw), + s2k->mode == 3? GCRY_KDF_ITERSALTED_S2K : + s2k->mode == 1? GCRY_KDF_SALTED_S2K : + /* */ GCRY_KDF_SIMPLE_S2K, + s2k->hash_algo, s2k->salt, 8, + S2K_DECODE_COUNT(s2k->count), + dek->keylen, dek->key); + if (err) { + log_error ("gcry_kdf_derive failed: %s", gpg_strerror (err)); xfree (pw); xfree (dek); write_status( STATUS_MISSING_PASSPHRASE ); commit baee681d2406530c45fd6d4bde77193ba23ac263 Author: Werner Koch Date: Thu Feb 21 20:27:20 2013 +0100 gpg: Handle the agent's NEW_PASSPHRASE inquiry. * g10/call-agent.c (default_inq_cb): Take care of NEW_PASSPHRASE. diff --git a/g10/call-agent.c b/g10/call-agent.c index e3250fe..908d276 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -336,7 +336,7 @@ default_inq_cb (void *opaque, const char *line) gpg_error_t err = 0; struct default_inq_parm_s *parm = opaque; - if (!strncmp (line, "PINENTRY_LAUNCHED", 17) && (line[17]==' '||!line[17])) + if (has_leading_keyword (line, "PINENTRY_LAUNCHED")) { err = gpg_proxy_pinentry_notify (parm->ctrl, line); if (err) @@ -344,7 +344,8 @@ default_inq_cb (void *opaque, const char *line) "PINENTRY_LAUNCHED"); /* We do not pass errors to avoid breaking other code. */ } - else if (!strncmp (line, "PASSPHRASE", 10) && (line[10]==' '||!line[10]) + else if ((has_leading_keyword (line, "PASSPHRASE") + || has_leading_keyword (line, "NEW_PASSPHRASE")) && opt.pinentry_mode == PINENTRY_MODE_LOOPBACK) { if (have_static_passphrase ()) commit 2838385e76c8c7108bc949d5a1d1c947051bd5be Author: Werner Koch Date: Thu Feb 21 20:25:12 2013 +0100 common: Add func has_leading_keyword. * common/stringhelp.c (has_leading_keyword): New. diff --git a/common/stringhelp.c b/common/stringhelp.c index 842f6a1..d51d3e0 100644 --- a/common/stringhelp.c +++ b/common/stringhelp.c @@ -74,6 +74,29 @@ change_slashes (char *name) /* + * Check whether STRINGS starts with KEYWORD. The keyword is + * delimited by end of string, a space or a tab. Returns NULL if not + * found or a pointer into STRING to the next non-space character + * after the KEYWORD (which may be end of string). + */ +char * +has_leading_keyword (const char *string, const char *keyword) +{ + size_t n = strlen (keyword); + + if (!strncmp (string, keyword, n) + && (!string[n] || string[n] == ' ' || string[n] == '\t')) + { + string += n; + while (*string == ' ' || *string == '\t') + string++; + return (char*)string; + } + return NULL; +} + + +/* * Look for the substring SUB in buffer and return a pointer to that * substring in BUFFER or NULL if not found. * Comparison is case-insensitive. diff --git a/common/stringhelp.h b/common/stringhelp.h index 60ba12b..c1f7ea1 100644 --- a/common/stringhelp.h +++ b/common/stringhelp.h @@ -34,6 +34,8 @@ #include "types.h" +char *has_leading_keyword (const char *string, const char *keyword); + const char *memistr (const void *buf, size_t buflen, const char *sub); char *mem2str( char *, const void *, size_t); char *trim_spaces( char *string ); commit 21f5a9ec27c0794141a835a5bb3c69495ee554a6 Author: Werner Koch Date: Wed Feb 20 20:31:52 2013 +0100 Remove build hacks for FreeBSD. * configure.ac [freebsd]: Do not add /usr/local to CPPFLAGS and LDFLAGS. -- Back in ~2000 we introduced a quick hack to make building of Libgcrypt on FreeBSD easier by always adding -I/usr/local/include and -L/usr/local/lib . It turned out that this is a bad idea if one wants to build with library version which is not installed in /usr/local. The hack made was eventually (in 2003) copied from Libgcrypt to GnuPG-2. diff --git a/configure.ac b/configure.ac index 5881df1..cf5ab3f 100644 --- a/configure.ac +++ b/configure.ac @@ -627,12 +627,6 @@ case "${host}" in try_gettext="no" ;; - *-*-freebsd*) - # FreeBSD - CPPFLAGS="$CPPFLAGS -I/usr/local/include" - LDFLAGS="$LDFLAGS -L/usr/local/lib" - ;; - *-*-hpux*) if test -z "$GCC" ; then CFLAGS="$CFLAGS -Ae -D_HPUX_SOURCE" ----------------------------------------------------------------------- Summary of changes: agent/command-ssh.c | 2 ++ common/stringhelp.c | 23 +++++++++++++++++++++++ common/stringhelp.h | 2 ++ configure.ac | 6 ------ g10/call-agent.c | 5 +++-- g10/keygen.c | 48 +++++++++++++++++++++++++++++------------------- g10/passphrase.c | 18 +++++++++++------- g13/g13.c | 18 +++++++++--------- tools/gpgconf-comp.c | 6 ------ 9 files changed, 79 insertions(+), 49 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Feb 22 11:08:16 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 22 Feb 2013 11:08:16 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-162-g585d5c6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 585d5c62eece23911a768d97d11f159be138b13d (commit) from c6b8f05517228c6aeab28d2bf5da7724c059bb1a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 585d5c62eece23911a768d97d11f159be138b13d Author: Werner Koch Date: Fri Feb 22 10:56:13 2013 +0100 Use has_leading_keyword in the assuan callbacks. * agent/call-pinentry.c (inq_quality): Use has_leading_keyword. * agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto. * g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto. (inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto. * g10/call-dirmngr.c (ks_put_inq_cb): Ditto. * sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto. (inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto. (keyinfo_status_cb, inq_import_key_parms): Ditto. * sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto. (lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto. diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index c6b6b52..78e1c11 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -596,18 +596,15 @@ static gpg_error_t inq_quality (void *opaque, const char *line) { assuan_context_t ctx = opaque; + const char *s; char *pin; int rc; int percent; char numbuf[20]; - if (!strncmp (line, "QUALITY", 7) && (line[7] == ' ' || !line[7])) + if ((s = has_leading_keyword (line, "QUALITY"))) { - line += 7; - while (*line == ' ') - line++; - - pin = unescape_passphrase_string (line); + pin = unescape_passphrase_string (s); if (!pin) rc = gpg_error_from_syserror (); else diff --git a/agent/call-scd.c b/agent/call-scd.c index cbe4d1c..f4ea20b 100644 --- a/agent/call-scd.c +++ b/agent/call-scd.c @@ -701,17 +701,15 @@ static gpg_error_t inq_needpin (void *opaque, const char *line) { struct inq_needpin_s *parm = opaque; + const char *s; char *pin; size_t pinlen; int rc; parm->any_inq_seen = 1; - if (!strncmp (line, "NEEDPIN", 7) && (line[7] == ' ' || !line[7])) + if ((s = has_leading_keyword (line, "NEEDPIN"))) { - line += 7; - while (*line == ' ') - line++; - + line = s; pinlen = 90; pin = gcry_malloc_secure (pinlen); if (!pin) @@ -722,17 +720,11 @@ inq_needpin (void *opaque, const char *line) rc = assuan_send_data (parm->ctx, pin, pinlen); xfree (pin); } - else if (!strncmp (line, "POPUPPINPADPROMPT", 17) - && (line[17] == ' ' || !line[17])) + else if ((s = has_leading_keyword (line, "POPUPPINPADPROMPT"))) { - line += 17; - while (*line == ' ') - line++; - - rc = parm->getpin_cb (parm->getpin_cb_arg, line, NULL, 1); + rc = parm->getpin_cb (parm->getpin_cb_arg, s, NULL, 1); } - else if (!strncmp (line, "DISMISSPINPADPROMPT", 19) - && (line[19] == ' ' || !line[19])) + else if ((s = has_leading_keyword (line, "DISMISSPINPADPROMPT"))) { rc = parm->getpin_cb (parm->getpin_cb_arg, "", NULL, 0); } @@ -1069,7 +1061,7 @@ inq_writekey_parms (void *opaque, const char *line) { struct writekey_parm_s *parm = opaque; - if (!strncmp (line, "KEYDATA", 7) && (line[7]==' '||!line[7])) + if (has_leading_keyword (line, "KEYDATA")) return assuan_send_data (parm->ctx, parm->keydata, parm->keydatalen); else return inq_needpin (opaque, line); diff --git a/g10/call-agent.c b/g10/call-agent.c index 908d276..cb965e9 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -725,7 +725,7 @@ inq_writecert_parms (void *opaque, const char *line) int rc; struct writecert_parm_s *parm = opaque; - if (!strncmp (line, "CERTDATA", 8) && (line[8]==' '||!line[8])) + if (has_leading_keyword (line, "CERTDATA")) { rc = assuan_send_data (parm->dflt->ctx, parm->certdata, parm->certdatalen); @@ -778,7 +778,7 @@ inq_writekey_parms (void *opaque, const char *line) int rc; struct writekey_parm_s *parm = opaque; - if (!strncmp (line, "KEYDATA", 7) && (line[7]==' '||!line[7])) + if (has_leading_keyword (line, "KEYDATA")) { rc = assuan_send_data (parm->dflt->ctx, parm->keydata, parm->keydatalen); } @@ -1471,9 +1471,9 @@ keyinfo_status_cb (void *opaque, const char *line) char **serialno = opaque; const char *s, *s2; - if (!strncmp (line, "KEYINFO ", 8) && !*serialno) + if ((s = has_leading_keyword (line, "KEYINFO ")) && !*serialno) { - s = strchr (line+8, ' '); + s = strchr (s, ' '); if (s && s[1] == 'T' && s[2] == ' ' && s[3]) { s += 3; @@ -1575,7 +1575,7 @@ inq_genkey_parms (void *opaque, const char *line) struct genkey_parm_s *parm = opaque; gpg_error_t err; - if (!strncmp (line, "KEYPARAM", 8) && (line[8]==' '||!line[8])) + if (has_leading_keyword (line, "KEYPARAM")) { err = assuan_send_data (parm->dflt->ctx, parm->keyparms, strlen (parm->keyparms)); @@ -1802,7 +1802,7 @@ inq_ciphertext_cb (void *opaque, const char *line) struct cipher_parm_s *parm = opaque; int rc; - if (!strncmp (line, "CIPHERTEXT", 10) && (line[10]==' '||!line[10])) + if (has_leading_keyword (line, "CIPHERTEXT")) { assuan_begin_confidential (parm->ctx); rc = assuan_send_data (parm->dflt->ctx, @@ -1984,7 +1984,7 @@ inq_import_key_parms (void *opaque, const char *line) struct import_key_parm_s *parm = opaque; gpg_error_t err; - if (!strncmp (line, "KEYDATA", 7) && (line[7]==' '||!line[7])) + if (has_leading_keyword (line, "KEYDATA")) { err = assuan_send_data (parm->dflt->ctx, parm->key, parm->keylen); } diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c index 09ade4e..75f25f8 100644 --- a/g10/call-dirmngr.c +++ b/g10/call-dirmngr.c @@ -515,12 +515,12 @@ ks_put_inq_cb (void *opaque, const char *line) struct ks_put_parm_s *parm = opaque; gpg_error_t err = 0; - if (!strncmp (line, "KEYBLOCK", 8) && (line[8] == ' ' || !line[8])) + if (has_leading_keyword (line, "KEYBLOCK")) { if (parm->data) err = assuan_send_data (parm->ctx, parm->data, parm->datalen); } - else if (!strncmp (line, "KEYBLOCK_INFO", 13) && (line[13]==' ' || !line[13])) + else if (has_leading_keyword (line, "KEYBLOCK_INFO")) { kbnode_t node; estream_t fp; diff --git a/sm/call-agent.c b/sm/call-agent.c index acf6c04..f99caad 100644 --- a/sm/call-agent.c +++ b/sm/call-agent.c @@ -138,7 +138,7 @@ default_inq_cb (void *opaque, const char *line) gpg_error_t err; ctrl_t ctrl = opaque; - if (!strncmp (line, "PINENTRY_LAUNCHED", 17) && (line[17]==' '||!line[17])) + if (has_leading_keyword (line, "PINENTRY_LAUNCHED")) { err = gpgsm_proxy_pinentry_notify (ctrl, line); if (err) @@ -315,7 +315,7 @@ inq_ciphertext_cb (void *opaque, const char *line) struct cipher_parm_s *parm = opaque; int rc; - if (!strncmp (line, "CIPHERTEXT", 10) && (line[10]==' '||!line[10])) + if (has_leading_keyword (line, "CIPHERTEXT")) { assuan_begin_confidential (parm->ctx); rc = assuan_send_data (parm->ctx, parm->ciphertext, parm->ciphertextlen); @@ -437,7 +437,7 @@ inq_genkey_parms (void *opaque, const char *line) struct genkey_parm_s *parm = opaque; int rc; - if (!strncmp (line, "KEYPARAM", 8) && (line[8]==' '||!line[8])) + if (has_leading_keyword (line, "KEYPARAM")) { rc = assuan_send_data (parm->ctx, parm->sexp, parm->sexplen); } @@ -693,14 +693,14 @@ static gpg_error_t istrusted_status_cb (void *opaque, const char *line) { struct rootca_flags_s *flags = opaque; + const char *s; - if (!strncmp (line, "TRUSTLISTFLAG", 13) && (line[13]==' ' || !line[13])) + if ((s = has_leading_keyword (line, "TRUSTLISTFLAG"))) { - for (line += 13; *line == ' '; line++) - ; - if (!strncmp (line, "relax", 5) && (line[5] == ' ' || !line[5])) + line = s; + if (has_leading_keyword (line, "relax")) flags->relax = 1; - else if (!strncmp (line, "cm", 2) && (line[2] == ' ' || !line[2])) + else if (has_leading_keyword (line, "cm")) flags->chain_model = 1; } return 0; @@ -824,14 +824,14 @@ static gpg_error_t learn_status_cb (void *opaque, const char *line) { struct learn_parm_s *parm = opaque; + const char *s; /* Pass progress data to the caller. */ - if (!strncmp (line, "PROGRESS", 8) && (line[8]==' ' || !line[8])) + if ((s = has_leading_keyword (line, "PROGRESS"))) { + line = s; if (parm->ctrl) { - for (line += 8; *line == ' '; line++) - ; if (gpgsm_status (parm->ctrl, STATUS_PROGRESS, line)) return gpg_error (GPG_ERR_ASS_CANCELED); } @@ -1017,9 +1017,9 @@ keyinfo_status_cb (void *opaque, const char *line) char **serialno = opaque; const char *s, *s2; - if (!strncmp (line, "KEYINFO ", 8) && !*serialno) + if ((s = has_leading_keyword (line, "KEYINFO")) && !*serialno) { - s = strchr (line+8, ' '); + s = strchr (s, ' '); if (s && s[1] == 'T' && s[2] == ' ' && s[3]) { s += 3; @@ -1172,7 +1172,7 @@ inq_import_key_parms (void *opaque, const char *line) struct import_key_parm_s *parm = opaque; gpg_error_t err; - if (!strncmp (line, "KEYDATA", 7) && (line[7]==' '||!line[7])) + if (has_leading_keyword (line, "KEYDATA")) { assuan_begin_confidential (parm->ctx); err = assuan_send_data (parm->ctx, parm->key, parm->keylen); diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index b7417a3..99a14c0 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -282,47 +282,40 @@ static gpg_error_t inq_certificate (void *opaque, const char *line) { struct inq_certificate_parm_s *parm = opaque; + const char *s; int rc; + size_t n; const unsigned char *der; size_t derlen; int issuer_mode = 0; ksba_sexp_t ski = NULL; - if (!strncmp (line, "SENDCERT", 8) && (line[8] == ' ' || !line[8])) + if ((s = has_leading_keyword (line, "SENDCERT"))) { - line += 8; + line = s; } - else if (!strncmp (line, "SENDCERT_SKI", 12) && (line[12]==' ' || !line[12])) + else if ((s = has_leading_keyword (line, "SENDCERT_SKI"))) { - size_t n; - /* Send a certificate where a sourceKeyIdentifier is included. */ - line += 12; - while (*line == ' ') - line++; + line = s; ski = make_simple_sexp_from_hexstr (line, &n); line += n; while (*line == ' ') line++; } - else if (!strncmp (line, "SENDISSUERCERT", 14) - && (line[14] == ' ' || !line[14])) + else if ((s = has_leading_keyword (line, "SENDISSUERCERT"))) { - line += 14; + line = s; issuer_mode = 1; } - else if (!strncmp (line, "ISTRUSTED", 9) && (line[9]==' ' || !line[9])) + else if ((s = has_leading_keyword (line, "ISTRUSTED"))) { /* The server is asking us whether the certificate is a trusted root certificate. */ - const char *s; - size_t n; char fpr[41]; struct rootca_flags_s rootca_flags; - line += 9; - while (*line == ' ') - line++; + line = s; for (s=line,n=0; hexdigitp (s); s++, n++) ; @@ -410,22 +403,21 @@ static gpg_error_t isvalid_status_cb (void *opaque, const char *line) { struct isvalid_status_parm_s *parm = opaque; + const char *s; - if (!strncmp (line, "PROGRESS", 8) && (line[8]==' ' || !line[8])) + if ((s = has_leading_keyword (line, "PROGRESS"))) { if (parm->ctrl) { - for (line += 8; *line == ' '; line++) - ; + line = s; if (gpgsm_status (parm->ctrl, STATUS_PROGRESS, line)) return gpg_error (GPG_ERR_ASS_CANCELED); } } - else if (!strncmp (line, "ONLY_VALID_IF_CERT_VALID", 24) - && (line[24]==' ' || !line[24])) + else if ((s = has_leading_keyword (line, "ONLY_VALID_IF_CERT_VALID"))) { parm->seen++; - if (!line[24] || !unhexify_fpr (line+25, parm->fpr)) + if (!*s || !unhexify_fpr (s, parm->fpr)) parm->seen++; /* Bumb it to indicate an error. */ } return 0; @@ -693,23 +685,22 @@ static gpg_error_t lookup_status_cb (void *opaque, const char *line) { struct lookup_parm_s *parm = opaque; + const char *s; - if (!strncmp (line, "PROGRESS", 8) && (line[8]==' ' || !line[8])) + if ((s = has_leading_keyword (line, "PROGRESS"))) { if (parm->ctrl) { - for (line += 8; *line == ' '; line++) - ; + line = s; if (gpgsm_status (parm->ctrl, STATUS_PROGRESS, line)) return gpg_error (GPG_ERR_ASS_CANCELED); } } - else if (!strncmp (line, "TRUNCATED", 9) && (line[9]==' ' || !line[9])) + else if ((s = has_leading_keyword (line, "TRUNCATED"))) { if (parm->ctrl) { - for (line +=9; *line == ' '; line++) - ; + line = s; gpgsm_status (parm->ctrl, STATUS_TRUNCATED, line); } } @@ -878,16 +869,17 @@ static gpg_error_t run_command_inq_cb (void *opaque, const char *line) { struct run_command_parm_s *parm = opaque; + const char *s; int rc = 0; - if ( !strncmp (line, "SENDCERT", 8) && (line[8] == ' ' || !line[8]) ) + if ((s = has_leading_keyword (line, "SENDCERT"))) { /* send the given certificate */ int err; ksba_cert_t cert; const unsigned char *der; size_t derlen; - line += 8; + line = s; if (!*line) return gpg_error (GPG_ERR_ASS_PARAMETER); @@ -907,9 +899,9 @@ run_command_inq_cb (void *opaque, const char *line) ksba_cert_release (cert); } } - else if ( !strncmp (line, "PRINTINFO", 9) && (line[9] == ' ' || !line[9]) ) + else if ((s = has_leading_keyword (line, "PRINTINFO"))) { /* Simply show the message given in the argument. */ - line += 9; + line = s; log_info ("dirmngr: %s\n", line); } else @@ -925,17 +917,17 @@ static gpg_error_t run_command_status_cb (void *opaque, const char *line) { ctrl_t ctrl = opaque; + const char *s; if (opt.verbose) { log_info ("dirmngr status: %s\n", line); } - if (!strncmp (line, "PROGRESS", 8) && (line[8]==' ' || !line[8])) + if ((s = has_leading_keyword (line, "PROGRESS"))) { if (ctrl) { - for (line += 8; *line == ' '; line++) - ; + line = s; if (gpgsm_status (ctrl, STATUS_PROGRESS, line)) return gpg_error (GPG_ERR_ASS_CANCELED); } ----------------------------------------------------------------------- Summary of changes: agent/call-pinentry.c | 9 ++---- agent/call-scd.c | 22 +++++----------- g10/call-agent.c | 14 +++++----- g10/call-dirmngr.c | 4 +- sm/call-agent.c | 28 ++++++++++---------- sm/call-dirmngr.c | 64 +++++++++++++++++++++--------------------------- 6 files changed, 61 insertions(+), 80 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Feb 22 15:19:41 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 22 Feb 2013 15:19:41 +0100 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.10-51-g056cc2d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 056cc2d0dfef023fda47ce377d3ee544612526a3 (commit) from 3977201d2a82fcbe0341660e07a3b0d5c790f927 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 056cc2d0dfef023fda47ce377d3ee544612526a3 Author: Werner Koch Date: Fri Feb 22 15:07:36 2013 +0100 Fix the alias mechanism for --with-libgpg-error-prefix. * src/gpg-error.m4: Do not use the no-action branch in AC_ARG_WITH. -- This fixes commit aaa3f534. The bug was that --with-gpg-error-prefix always reset the value from --with-libgpg-error-prefix. diff --git a/src/gpg-error.m4 b/src/gpg-error.m4 index f0b9f1f..feb963c 100644 --- a/src/gpg-error.m4 +++ b/src/gpg-error.m4 @@ -15,19 +15,20 @@ dnl Test for libgpg-error and define GPG_ERROR_CFLAGS and GPG_ERROR_LIBS dnl AC_DEFUN([AM_PATH_GPG_ERROR], [ AC_REQUIRE([AC_CANONICAL_HOST]) + gpg_error_config_prefix="" dnl --with-libgpg-error-prefix=PFX is the preferred name for this option, dnl since that is consistent with how our three siblings use the directory/ dnl package name in --with-$dir_name-prefix=PFX. AC_ARG_WITH(libgpg-error-prefix, - AC_HELP_STRING([--with-libgpg-error-prefix=PFX], - [prefix where GPG Error is installed (optional)]), - gpg_error_config_prefix="$withval", gpg_error_config_prefix="") + AC_HELP_STRING([--with-libgpg-error-prefix=PFX], + [prefix where GPG Error is installed (optional)]), + [gpg_error_config_prefix="$withval"]) dnl Accept --with-gpg-error-prefix and make it work the same as dnl --with-libgpg-error-prefix above, for backwards compatibility, dnl but do not document this old, inconsistently-named option. AC_ARG_WITH(gpg-error-prefix,, - gpg_error_config_prefix="$withval", gpg_error_config_prefix="") + [gpg_error_config_prefix="$withval"]) if test x$gpg_error_config_prefix != x ; then if test x${GPG_ERROR_CONFIG+set} != xset ; then ----------------------------------------------------------------------- Summary of changes: src/gpg-error.m4 | 9 +++++---- 1 files changed, 5 insertions(+), 4 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Fri Feb 22 20:34:43 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 22 Feb 2013 20:34:43 +0100 Subject: [git] Assuan - branch, master, updated. libassuan-2.0.3-24-gfb51987 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via fb51987dcdb2e6e2a4c25d45f891e15c013457aa (commit) from 7d227acff329a921f76cd4c391d7cbae40115672 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fb51987dcdb2e6e2a4c25d45f891e15c013457aa Author: Werner Koch Date: Fri Feb 22 20:22:27 2013 +0100 Post release version bump. -- diff --git a/NEWS b/NEWS index f62a32c..f349b9e 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 2.1.1 (unreleased) +------------------------------------------------ + + Noteworthy changes in version 2.1.0 (2013-02-22) ------------------------------------------------ diff --git a/configure.ac b/configure.ac index f1eea1f..67860a7 100644 --- a/configure.ac +++ b/configure.ac @@ -29,7 +29,7 @@ min_automake_version="1.10" # for the LT versions. m4_define(mym4_version_major, [2]) m4_define(mym4_version_minor, [1]) -m4_define(mym4_version_micro, [0]) +m4_define(mym4_version_micro, [1]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag ----------------------------------------------------------------------- Summary of changes: NEWS | 4 ++++ configure.ac | 2 +- 2 files changed, 5 insertions(+), 1 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Sat Feb 23 20:39:59 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 23 Feb 2013 20:39:59 +0100 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.10-56-g47ff6a2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 47ff6a21c6d84acebef3ff20d982a6c255a6d282 (commit) via 95c63baa0516592ec1a1c045565d6f992cc807eb (commit) via e6943de88627c6662fba3fe905c8761dbf0ccfa1 (commit) via b78200135ce1d20fb4680174eed2106d6012dc14 (commit) via 3070b6c07babb33c904ddbe2a0cb6cfd0bc970c9 (commit) from 056cc2d0dfef023fda47ce377d3ee544612526a3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 47ff6a21c6d84acebef3ff20d982a6c255a6d282 Author: Werner Koch Date: Sat Feb 23 20:26:24 2013 +0100 Add translation to Ukrainian. * po/uk.po: New. * po/LINGUAS: Add uk.po diff --git a/po/LINGUAS b/po/LINGUAS index e0738b9..9b1b405 100644 --- a/po/LINGUAS +++ b/po/LINGUAS @@ -10,5 +10,6 @@ nl pl ro sv +uk vi zh_CN diff --git a/po/uk.po b/po/uk.po new file mode 100644 index 0000000..83bd41b --- /dev/null +++ b/po/uk.po @@ -0,0 +1,871 @@ +# Translation of libgpg-error to Ukrainian +# Copyright (C) 2012 Free Software Foundation, Inc. +# This file is distributed under the same license as the libgpg-error package. +# +# Yuri Chornoivan , 2012. +msgid "" +msgstr "" +"Project-Id-Version: libgpg-error 1.7\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" +"PO-Revision-Date: 2013-02-23 20:25+0100\n" +"Last-Translator: Yuri Chornoivan \n" +"Language-Team: Ukrainian \n" +"Language: uk\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: Lokalize 1.5\n" + +msgid "Unspecified source" +msgstr "?????????????????? ??????????????" + +msgid "gcrypt" +msgstr "gcrypt" + +msgid "GnuPG" +msgstr "GnuPG" + +msgid "GpgSM" +msgstr "GpgSM" + +msgid "GPG Agent" +msgstr "?????????? GPG" + +msgid "Pinentry" +msgstr "Pinentry" + +msgid "SCD" +msgstr "SCD" + +msgid "GPGME" +msgstr "GPGME" + +msgid "Keybox" +msgstr "Keybox" + +msgid "KSBA" +msgstr "KSBA" + +msgid "Dirmngr" +msgstr "Dirmngr" + +msgid "GSTI" +msgstr "GSTI" + +msgid "GPA" +msgstr "GPA" + +msgid "Kleopatra" +msgstr "Kleopatra" + +msgid "G13" +msgstr "G13" + +msgid "Assuan" +msgstr "Assuan" + +msgid "Any source" +msgstr "????????-?????? ??????????????" + +msgid "User defined source 1" +msgstr "?????????????????? ???????????????????????? ?????????????? 1" + +msgid "User defined source 2" +msgstr "?????????????????? ???????????????????????? ?????????????? 2" + +msgid "User defined source 3" +msgstr "?????????????????? ???????????????????????? ?????????????? 3" + +msgid "User defined source 4" +msgstr "?????????????????? ???????????????????????? ?????????????? 4" + +msgid "Unknown source" +msgstr "???????????????? ??????????????" + +msgid "Success" +msgstr "????????????????" + +msgid "General error" +msgstr "???????????????? ??????????????" + +msgid "Unknown packet" +msgstr "?????????????????? ??????????" + +msgid "Unknown version in packet" +msgstr "???????????????? ???????????? ?? ????????????" + +msgid "Invalid public key algorithm" +msgstr "?????????????????????? ???????????????? ???????????????????? ??????????" + +msgid "Invalid digest algorithm" +msgstr "?????????????????????? ???????????????? ?????????????????????? ????????" + +msgid "Bad public key" +msgstr "???????????????????? ?????????????????? ????????" + +msgid "Bad secret key" +msgstr "???????????????????? ???????????????? ????????" + +msgid "Bad signature" +msgstr "?????????????????????? ????????????" + +msgid "No public key" +msgstr "?????????? ???????????????????? ??????????" + +msgid "Checksum error" +msgstr "?????????????? ?? ?????????????????????? ????????" + +msgid "Bad passphrase" +msgstr "???????????????????? ????????????" + +msgid "Invalid cipher algorithm" +msgstr "?????????????????????? ???????????????? ????????????????????" + +msgid "Keyring open" +msgstr "?????????????????? ?????????????? ????????????" + +msgid "Invalid packet" +msgstr "?????????????????????? ??????????" + +msgid "Invalid armor" +msgstr "?????????????????????? ?????? ASCII" + +msgid "No user ID" +msgstr "?????????? ???????????????????????????? ??????????????????????" + +msgid "No secret key" +msgstr "?????????? ?????????????????? ??????????" + +msgid "Wrong secret key used" +msgstr "?????????????????????? ???????????????????? ???????????????? ??????" + +msgid "Bad session key" +msgstr "???????????????????? ???????? ????????????" + +msgid "Unknown compression algorithm" +msgstr "?????????????????? ???????????????? ??????????????????" + +msgid "Number is not prime" +msgstr "?????????? ???? ?? ??????????????" + +msgid "Invalid encoding method" +msgstr "?????????????????????? ???????????????? ??????????????????" + +msgid "Invalid encryption scheme" +msgstr "???????????????????? ?????????? ????????????????????" + +msgid "Invalid signature scheme" +msgstr "???????????????????? ?????????? ????????????????????????" + +msgid "Invalid attribute" +msgstr "?????????????????????? ??????????????" + +msgid "No value" +msgstr "?????????? ????????????????" + +msgid "Not found" +msgstr "???? ????????????????" + +msgid "Value not found" +msgstr "???????????????? ???? ????????????????" + +msgid "Syntax error" +msgstr "?????????????????????? ??????????????" + +msgid "Bad MPI value" +msgstr "?????????????????? ???????????????? MPI" + +msgid "Invalid passphrase" +msgstr "?????????????????????? ????????????" + +msgid "Invalid signature class" +msgstr "?????????????????????? ???????? ??????????????" + +msgid "Resources exhausted" +msgstr "?????????????????? ??????????????" + +msgid "Invalid keyring" +msgstr "???????????????????? ?????????????? ????????????" + +msgid "Trust DB error" +msgstr "?????????????? ???????? ?????????? ???????? ????????????????????" + +msgid "Bad certificate" +msgstr "???????????????????? ????????????????????" + +msgid "Invalid user ID" +msgstr "?????????????????????? ?????????????????????????? ??????????????????????" + +msgid "Unexpected error" +msgstr "?????????????????????? ??????????????" + +msgid "Time conflict" +msgstr "?????????????????????? ???????? ???????? ????????" + +msgid "Keyserver error" +msgstr "?????????????? ?????????????? ????????????" + +msgid "Wrong public key algorithm" +msgstr "???????????????????? ???????????????? ???????????????????? ??????????" + +msgid "Tribute to D. A." +msgstr "?????????????????????????? D. A." + +msgid "Weak encryption key" +msgstr "?????????????? ???????? ????????????????????" + +msgid "Invalid key length" +msgstr "???????????????????? ?????????????? ??????????" + +msgid "Invalid argument" +msgstr "?????????????????????? ????????????????" + +msgid "Syntax error in URI" +msgstr "?????????????????????? ?????????????? ?? ????????????" + +msgid "Invalid URI" +msgstr "???????????????????? ????????????" + +msgid "Network error" +msgstr "?????????????? ????????????" + +msgid "Unknown host" +msgstr "?????????????????? ??????????" + +msgid "Selftest failed" +msgstr "?????????????? ?????? ?????? ??????????????????????????" + +msgid "Data not encrypted" +msgstr "???????? ???? ??????????????????????" + +msgid "Data not processed" +msgstr "???????? ???? ??????????????????" + +msgid "Unusable public key" +msgstr "?????????????????????? ???? ???????????????????????? ?????????????????? ????????" + +msgid "Unusable secret key" +msgstr "?????????????????????? ???? ???????????????????????? ???????????????? ????????" + +msgid "Invalid value" +msgstr "???????????????????? ????????????????" + +msgid "Bad certificate chain" +msgstr "???????????????????? ???????????????? ????????????????????????" + +msgid "Missing certificate" +msgstr "???? ???????????????? ??????????????????????" + +msgid "No data" +msgstr "?????????? ??????????" + +msgid "Bug" +msgstr "????????" + +msgid "Not supported" +msgstr "???? ??????????????????????????" + +msgid "Invalid operation code" +msgstr "?????????????????????? ?????? ??????" + +msgid "Timeout" +msgstr "?????? ????????????????????" + +msgid "Internal error" +msgstr "?????????????????? ??????????????" + +msgid "EOF (gcrypt)" +msgstr "EOF (gcrypt)" + +msgid "Invalid object" +msgstr "?????????????????????? ?????????????" + +msgid "Provided object is too short" +msgstr "?????????????? ????????????? ?? ?????????? ????????????????" + +msgid "Provided object is too large" +msgstr "?????????????? ????????????? ?? ?????????? ????????????" + +msgid "Missing item in object" +msgstr "?? ??????????????? ???? ???????????????? ????????????????" + +msgid "Not implemented" +msgstr "???? ??????????????????????" + +msgid "Conflicting use" +msgstr "?????????????????????? ????????????????????????" + +msgid "Invalid cipher mode" +msgstr "?????????????????????? ?????????? ????????????????????" + +msgid "Invalid flag" +msgstr "?????????????????????? ??????????????????" + +msgid "Invalid handle" +msgstr "?????????????????????? ????????????????" + +msgid "Result truncated" +msgstr "???????????? ?????????????????????? ????????????????" + +msgid "Incomplete line" +msgstr "???????????????????????? ??????????" + +msgid "Invalid response" +msgstr "???????????????????? ??????????????????" + +msgid "No agent running" +msgstr "?????????? ???? ????????????????" + +#, fuzzy +#| msgid "agent error" +msgid "Agent error" +msgstr "?????????????? ????????????" + +msgid "Invalid data" +msgstr "???????????????????? ????????" + +msgid "Unspecific Assuan server fault" +msgstr "?????????????????????? ?????????????? ?????????????? Assuan" + +msgid "General Assuan error" +msgstr "???????????????? ?????????????? ???????????????????? Assuan" + +msgid "Invalid session key" +msgstr "?????????????????????? ???????? ????????????" + +msgid "Invalid S-expression" +msgstr "?????????????????????? S-??????????" + +msgid "Unsupported algorithm" +msgstr "?????????????????????????????? ????????????????" + +msgid "No pinentry" +msgstr "?????????? pinentry" + +msgid "pinentry error" +msgstr "?????????????? pinentry" + +msgid "Bad PIN" +msgstr "???????????????????? ????????????" + +msgid "Invalid name" +msgstr "???????????????????? ??????????" + +msgid "Bad data" +msgstr "?????????????????? ????????" + +msgid "Invalid parameter" +msgstr "?????????????????????? ????????????????" + +msgid "Wrong card" +msgstr "?????????????????? ????????????" + +msgid "No dirmngr" +msgstr "?????????? dirmngr" + +msgid "dirmngr error" +msgstr "?????????????? dirmngr" + +msgid "Certificate revoked" +msgstr "???????????????????? ????????????????????" + +msgid "No CRL known" +msgstr "?????????? ???????????? ?????????????? CRL" + +msgid "CRL too old" +msgstr "CRL ????????????????" + +msgid "Line too long" +msgstr "?????????? ?????????? ????????????" + +msgid "Not trusted" +msgstr "????????????????????" + +msgid "Operation cancelled" +msgstr "?????? ??????????????????" + +msgid "Bad CA certificate" +msgstr "???????????????????? ???????????????????? CA" + +msgid "Certificate expired" +msgstr "???????????? ?????? ?????????????????????? ??????????" + +msgid "Certificate too young" +msgstr "???????????????????? ?? ?????????? ??????????" + +msgid "Unsupported certificate" +msgstr "?????????????????????????????? ????????????????????" + +msgid "Unknown S-expression" +msgstr "?????????????????? S-??????????" + +msgid "Unsupported protection" +msgstr "?????????????????????????????? ????????????" + +msgid "Corrupted protection" +msgstr "???????????? ????????????????????" + +msgid "Ambiguous name" +msgstr "???????????????????????? ??????????" + +msgid "Card error" +msgstr "?????????????? ?????? ?????? ???????????? ?? ??????????????" + +msgid "Card reset required" +msgstr "?????????????????? ?????????? ???? ???????????????? ????????????" + +msgid "Card removed" +msgstr "???????????? ????????????????" + +msgid "Invalid card" +msgstr "???????????????????? ????????????" + +msgid "Card not present" +msgstr "?????????? ????????????" + +msgid "No PKCS15 application" +msgstr "?????????? ???????????????? ?????????????? PKCS15" + +msgid "Not confirmed" +msgstr "???? ????????????????????????" + +msgid "Configuration error" +msgstr "?????????????? ????????????????????????" + +msgid "No policy match" +msgstr "?????????? ???????????????????????? ??????????????" + +msgid "Invalid index" +msgstr "?????????????????????? ????????????" + +msgid "Invalid ID" +msgstr "?????????????????????? ??????????????????????????" + +msgid "No SmartCard daemon" +msgstr "?????????? ?????????????? ???????????? SmartCard" + +msgid "SmartCard daemon error" +msgstr "?????????????? ?????????????? ???????????? SmartCard" + +msgid "Unsupported protocol" +msgstr "?????????????????????????????? ????????????????" + +msgid "Bad PIN method" +msgstr "???????????????????? ?????????? ?????????????? ??????????????" + +msgid "Card not initialized" +msgstr "???????????? ???? ????????????????????????????" + +msgid "Unsupported operation" +msgstr "???????????????????????????? ??????" + +msgid "Wrong key usage" +msgstr "?????????????????? ???????????????????????? ??????????" + +msgid "Nothing found" +msgstr "???????????? ???? ????????????????" + +msgid "Wrong blob type" +msgstr "???????????????????? ?????? ?????????????????? ????????" + +msgid "Missing value" +msgstr "???? ???????????????? ????????????????" + +msgid "Hardware problem" +msgstr "???????????????? ????????????????" + +msgid "PIN blocked" +msgstr "???????????? ??????????????????????" + +msgid "Conditions of use not satisfied" +msgstr "???? ???????????????????? ?????????? ????????????????????????" + +msgid "PINs are not synced" +msgstr "?????????????? ???? ????????????????????????????" + +msgid "Invalid CRL" +msgstr "???????????????????? ???????????????? CRL" + +msgid "BER error" +msgstr "?????????????? BER" + +msgid "Invalid BER" +msgstr "???????????????????? ???????????????? BER" + +msgid "Element not found" +msgstr "???????????????? ???? ????????????????" + +msgid "Identifier not found" +msgstr "???? ???????????????? ????????????????????????????" + +msgid "Invalid tag" +msgstr "?????????????????????? ??????" + +msgid "Invalid length" +msgstr "???????????????????? ??????????????" + +msgid "Invalid key info" +msgstr "???????????????????? ???????? ???????? ??????????" + +msgid "Unexpected tag" +msgstr "???????????????????????? ??????" + +msgid "Not DER encoded" +msgstr "???? ???????????????????? DER" + +msgid "No CMS object" +msgstr "?????????? ??????????????? CMS" + +msgid "Invalid CMS object" +msgstr "?????????????????????? ????????????? CMS" + +msgid "Unknown CMS object" +msgstr "?????????????????? ????????????? CMS" + +msgid "Unsupported CMS object" +msgstr "?????????????????????????????? ????????????? CMS" + +msgid "Unsupported encoding" +msgstr "???????????????????????????? ??????????????????" + +msgid "Unsupported CMS version" +msgstr "???????????????????????????? ???????????? CMS" + +msgid "Unknown algorithm" +msgstr "?????????????????? ????????????????" + +msgid "Invalid crypto engine" +msgstr "?????????????????????? ?????????? ????????????????????" + +msgid "Public key not trusted" +msgstr "?????????????????? ???????? ???? ?? ????????????????" + +msgid "Decryption failed" +msgstr "???????????? ?????????????????????????? ?????????????? ??????????????" + +msgid "Key expired" +msgstr "?????????? ?????? ?????????? ??????????????????" + +msgid "Signature expired" +msgstr "?????????? ?????? ?????????????? ??????????????????" + +msgid "Encoding problem" +msgstr "???????????????? ?? ????????????????????" + +msgid "Invalid state" +msgstr "?????????????????????? ????????" + +msgid "Duplicated value" +msgstr "???????????????????? ????????????????" + +msgid "Missing action" +msgstr "???? ???????????????? ??????" + +msgid "ASN.1 module not found" +msgstr "???? ???????????????? ???????????? ASN.1" + +msgid "Invalid OID string" +msgstr "?????????????????????? ?????????? OID" + +msgid "Invalid time" +msgstr "?????????????????????? ??????" + +msgid "Invalid CRL object" +msgstr "?????????????????????? ????????????? CRL" + +msgid "Unsupported CRL version" +msgstr "???????????????????????????? ???????????? CRL" + +msgid "Invalid certificate object" +msgstr "?????????????????????? ????????????? ????????????????????????" + +msgid "Unknown name" +msgstr "???????????????? ??????????" + +msgid "A locale function failed" +msgstr "?????????????? ?????????????? ??????????????????????" + +msgid "Not locked" +msgstr "???? ??????????????????????" + +msgid "Protocol violation" +msgstr "?????????????????? ??????????????????" + +msgid "Invalid MAC" +msgstr "???????????????????? MAC-????????????" + +msgid "Invalid request" +msgstr "?????????????????????? ??????????" + +msgid "Unknown extension" +msgstr "???????????????? ????????????????????" + +msgid "Unknown critical extension" +msgstr "???????????????? ???????????????? ????????????????????" + +msgid "Locked" +msgstr "??????????????????????" + +msgid "Unknown option" +msgstr "?????????????????? ????????????????" + +msgid "Unknown command" +msgstr "???????????????? ??????????????" + +msgid "Not operational" +msgstr "???????????????????????? ??????????????????" + +msgid "No passphrase given" +msgstr "???? ?????????????? ????????????" + +msgid "No PIN given" +msgstr "???? ?????????????? ??????????????" + +#, fuzzy +#| msgid "Not locked" +msgid "Not enabled" +msgstr "???? ??????????????????????" + +#, fuzzy +#| msgid "Invalid crypto engine" +msgid "No crypto engine" +msgstr "?????????????????????? ?????????? ????????????????????" + +#, fuzzy +#| msgid "Missing value" +msgid "Missing key" +msgstr "???? ???????????????? ????????????????" + +#, fuzzy +#| msgid "No CMS object" +msgid "Too many objects" +msgstr "?????????? ??????????????? CMS" + +msgid "Limit reached" +msgstr "" + +#, fuzzy +#| msgid "Card not initialized" +msgid "Not initialized" +msgstr "???????????? ???? ????????????????????????????" + +#, fuzzy +#| msgid "Missing certificate" +msgid "Missing issuer certificate" +msgstr "???? ???????????????? ??????????????????????" + +msgid "No keyserver available" +msgstr "" + +#, fuzzy +#| msgid "Invalid time" +msgid "Invalid elliptic curve" +msgstr "?????????????????????? ??????" + +#, fuzzy +#| msgid "Unknown source" +msgid "Unknown elliptic curve" +msgstr "???????????????? ??????????????" + +#, fuzzy +#| msgid "Duplicated value" +msgid "Duplicated key" +msgstr "???????????????????? ????????????????" + +#, fuzzy +#| msgid "Ambiguous name" +msgid "Ambiguous result" +msgstr "???????????????????????? ??????????" + +#, fuzzy +#| msgid "Operation cancelled" +msgid "Operation fully cancelled" +msgstr "?????? ??????????????????" + +msgid "Operation not yet finished" +msgstr "?????????????????? ?????? ???? ???? ??????????????????" + +msgid "Buffer too short" +msgstr "?????????????? ???????????????? ??????????" + +msgid "Invalid length specifier in S-expression" +msgstr "?????????????????????? ???????????????????????? ?????????????? ?? S-????????????" + +msgid "String too long in S-expression" +msgstr "?????????????? ???????????? ?????????? ?? S-????????????" + +msgid "Unmatched parentheses in S-expression" +msgstr "?????????????????? ?????????? ?? S-????????????" + +msgid "S-expression not canonical" +msgstr "S-?????????? ???? ?? ????????????????????" + +msgid "Bad character in S-expression" +msgstr "???????????????????? ???????????? ?? S-????????????" + +msgid "Bad quotation in S-expression" +msgstr "?????????????????? ?????????? ?? S-????????????" + +msgid "Zero prefix in S-expression" +msgstr "???????????????? ?????????????? ?? S-????????????" + +msgid "Nested display hints in S-expression" +msgstr "???????????????? ?????????????????? ???????? ???????????? ?? S-????????????" + +msgid "Unmatched display hints" +msgstr "???????????????????????? ?????????????????? ???????? ????????????" + +msgid "Unexpected reserved punctuation in S-expression" +msgstr "?????????????????????? ?????????????????????????? ???????????????????? ?? S-????????????" + +msgid "Bad hexadecimal character in S-expression" +msgstr "???????????????????? ?????????????????????????????? ???????????? ?? S-????????????" + +msgid "Odd hexadecimal numbers in S-expression" +msgstr "?????????? ???????????????????????????? ?????????? ?? S-????????????" + +#, fuzzy +#| msgid "Bad octadecimal character in S-expression" +msgid "Bad octal character in S-expression" +msgstr "???????????????????? ???????????????????? ???????????? ?? S-????????????" + +msgid "General IPC error" +msgstr "???????????????? ?????????????? IPC" + +msgid "IPC accept call failed" +msgstr "?????????????? ?????????????? ?????????????????? IPC" + +msgid "IPC connect call failed" +msgstr "?????????????? ????????????????????????????? ?????????????? IPC" + +msgid "Invalid IPC response" +msgstr "???????????????????? ?????????????????? IPC" + +msgid "Invalid value passed to IPC" +msgstr "IPC ???????????????? ???????????????????? ????????????????" + +msgid "Incomplete line passed to IPC" +msgstr "IPC ???????????????? ???????????????????????? ??????????" + +msgid "Line passed to IPC too long" +msgstr "??????????, ?????????????????? IPC, ?? ?????????? ????????????" + +msgid "Nested IPC commands" +msgstr "???????????????? ?????????????? IPC" + +msgid "No data callback in IPC" +msgstr "?????????? ???????????????????? ?????????????? ???????? ?????????? ?? IPC" + +msgid "No inquire callback in IPC" +msgstr "?????????? ???????????????????????????? ???????????????????? ?????????????? ?? IPC" + +msgid "Not an IPC server" +msgstr "???? ?? ???????????????? IPC" + +msgid "Not an IPC client" +msgstr "???? ?? ???????????????? IPC" + +msgid "Problem starting IPC server" +msgstr "???????????????? ???? ???????????????? ?????????????? IPC" + +msgid "IPC read error" +msgstr "?????????????? ?????????????? IPC" + +msgid "IPC write error" +msgstr "?????????????? ???????????? IPC" + +msgid "Too much data for IPC layer" +msgstr "???????????????? ?????????? ?????? ???????? IPC" + +msgid "Unexpected IPC command" +msgstr "?????????????????????? ?????????????? IPC" + +msgid "Unknown IPC command" +msgstr "???????????????? ?????????????? IPC" + +msgid "IPC syntax error" +msgstr "?????????????????????? ?????????????? IPC" + +msgid "IPC call has been cancelled" +msgstr "???????????? IPC ???????? ??????????????????" + +msgid "No input source for IPC" +msgstr "?????????? ?????????????? ?????????????? ?????????? ?????? IPC" + +msgid "No output source for IPC" +msgstr "?????????? ?????????? ?????????????????? ?????????? ?????? IPC" + +msgid "IPC parameter error" +msgstr "?????????????? ?? ?????????????????? IPC" + +msgid "Unknown IPC inquire" +msgstr "?????????????????? ?????????? IPC" + +msgid "User defined error code 1" +msgstr "???????????????????? ???????????????????????? ?????? ?????????????? 1" + +msgid "User defined error code 2" +msgstr "???????????????????? ???????????????????????? ?????? ?????????????? 2" + +msgid "User defined error code 3" +msgstr "???????????????????? ???????????????????????? ?????? ?????????????? 3" + +msgid "User defined error code 4" +msgstr "???????????????????? ???????????????????????? ?????? ?????????????? 4" + +msgid "User defined error code 5" +msgstr "???????????????????? ???????????????????????? ?????? ?????????????? 5" + +msgid "User defined error code 6" +msgstr "???????????????????? ???????????????????????? ?????? ?????????????? 6" + +msgid "User defined error code 7" +msgstr "???????????????????? ???????????????????????? ?????? ?????????????? 7" + +msgid "User defined error code 8" +msgstr "???????????????????? ???????????????????????? ?????? ?????????????? 8" + +msgid "User defined error code 9" +msgstr "???????????????????? ???????????????????????? ?????? ?????????????? 9" + +msgid "User defined error code 10" +msgstr "???????????????????? ???????????????????????? ?????? ?????????????? 10" + +msgid "User defined error code 11" +msgstr "???????????????????? ???????????????????????? ?????? ?????????????? 11" + +msgid "User defined error code 12" +msgstr "???????????????????? ???????????????????????? ?????? ?????????????? 12" + +msgid "User defined error code 13" +msgstr "???????????????????? ???????????????????????? ?????? ?????????????? 13" + +msgid "User defined error code 14" +msgstr "???????????????????? ???????????????????????? ?????? ?????????????? 14" + +msgid "User defined error code 15" +msgstr "???????????????????? ???????????????????????? ?????? ?????????????? 15" + +msgid "User defined error code 16" +msgstr "???????????????????? ???????????????????????? ?????? ?????????????? 16" + +msgid "System error w/o errno" +msgstr "???????????????? ?????????????? ?????? ????????????" + +msgid "Unknown system error" +msgstr "???????????????? ???????????????? ??????????????" + +msgid "End of file" +msgstr "???????????? ??????????" + +msgid "Unknown error code" +msgstr "?????????????? ?? ?????????????????? ??????????" + +#, c-format +msgid "Usage: %s GPG-ERROR [...]\n" +msgstr "????????????????????????: %s ??????????????-GPG [...]\n" + +#, c-format +msgid "%s: warning: could not recognize %s\n" +msgstr "%s: ????????????????????????: ???? ?????????????? ???????????????????? %s\n" commit 95c63baa0516592ec1a1c045565d6f992cc807eb Author: Werner Koch Date: Sat Feb 23 20:23:16 2013 +0100 Add translation to Esperanto. * po/eo.po: New. * po/LINGUAS: Add eo.po. diff --git a/po/LINGUAS b/po/LINGUAS index a02f6c5..e0738b9 100644 --- a/po/LINGUAS +++ b/po/LINGUAS @@ -2,6 +2,7 @@ cs da de +eo fr it ja diff --git a/po/eo.po b/po/eo.po new file mode 100644 index 0000000..6e91d4d --- /dev/null +++ b/po/eo.po @@ -0,0 +1,869 @@ +# Esperanto translation of Libgpg-error +# Copyright (C) 2013 Free Software Foundation, Inc. +# This file is distributed under the same license as the libgpg-error package. +# Felipe Castro , 2013. +# +msgid "" +msgstr "" +"Project-Id-Version: libgpg-error 1.7\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" +"PO-Revision-Date: 2013-02-23 20:22+0100\n" +"Last-Translator: Felipe Castro \n" +"Language-Team: Esperanto \n" +"Language: eo\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" + +msgid "Unspecified source" +msgstr "Neindikita fonto" + +msgid "gcrypt" +msgstr "gcrypt" + +msgid "GnuPG" +msgstr "GnuPG" + +msgid "GpgSM" +msgstr "GpgSM" + +msgid "GPG Agent" +msgstr "GPG Agento" + +msgid "Pinentry" +msgstr "Pinentry" + +msgid "SCD" +msgstr "SCD" + +msgid "GPGME" +msgstr "GPGME" + +msgid "Keybox" +msgstr "Keybox" + +msgid "KSBA" +msgstr "KSBA" + +msgid "Dirmngr" +msgstr "Dirmngr" + +msgid "GSTI" +msgstr "GSTI" + +msgid "GPA" +msgstr "GPA" + +msgid "Kleopatra" +msgstr "Kleopatra" + +msgid "G13" +msgstr "G13" + +msgid "Assuan" +msgstr "Assuan" + +msgid "Any source" +msgstr "Iu ajn fonto" + +msgid "User defined source 1" +msgstr "Uzant-difinita fonto 1" + +msgid "User defined source 2" +msgstr "Uzant-difinita fonto 2" + +msgid "User defined source 3" +msgstr "Uzant-difinita fonto 3" + +msgid "User defined source 4" +msgstr "Uzant-difinita fonto 4" + +msgid "Unknown source" +msgstr "Nekonata fonto" + +msgid "Success" +msgstr "Sukceso" + +msgid "General error" +msgstr "??enerala eraro" + +msgid "Unknown packet" +msgstr "Nekonata paketo" + +msgid "Unknown version in packet" +msgstr "Nekonata versio en paketo" + +msgid "Invalid public key algorithm" +msgstr "Malvalida publika ??losila algoritmo" + +msgid "Invalid digest algorithm" +msgstr "Malvalida resuma algoritmo" + +msgid "Bad public key" +msgstr "Mal??usta publika ??losilo" + +msgid "Bad secret key" +msgstr "Mal??usta sekreta ??losilo" + +msgid "Bad signature" +msgstr "mal??usta subskribo" + +msgid "No public key" +msgstr "Neniu publika ??losilo" + +msgid "Checksum error" +msgstr "Eraro en kontrolsumo" + +msgid "Bad passphrase" +msgstr "Mal??usta pasfrazo" + +msgid "Invalid cipher algorithm" +msgstr "Malvalida ??ifra algoritmo" + +msgid "Keyring open" +msgstr "Malfermo de ??losilringo" + +msgid "Invalid packet" +msgstr "Malvalida paketo" + +msgid "Invalid armor" +msgstr "Malvalida kiraso" + +msgid "No user ID" +msgstr "Neniu ID de uzanto" + +msgid "No secret key" +msgstr "Neniu sekreta ??losilo" + +msgid "Wrong secret key used" +msgstr "Mal??usta sekreta ??losilo uzata" + +msgid "Bad session key" +msgstr "Mal??usta seanca ??losilo" + +msgid "Unknown compression algorithm" +msgstr "Nekonata densiga algoritmo" + +msgid "Number is not prime" +msgstr "Numero ne estas primo" + +msgid "Invalid encoding method" +msgstr "Malvalida enkodiga metodo" + +msgid "Invalid encryption scheme" +msgstr "Malvalida ??ifriga skemo" + +msgid "Invalid signature scheme" +msgstr "Malvalida subskriba skemo" + +msgid "Invalid attribute" +msgstr "Malvalida atributo" + +msgid "No value" +msgstr "Neniu valoro" + +msgid "Not found" +msgstr "Ne trovita" + +msgid "Value not found" +msgstr "Valoro ne estas trovita" + +msgid "Syntax error" +msgstr "Sintaks-eraro" + +msgid "Bad MPI value" +msgstr "Mal??usta valoro MPI" + +msgid "Invalid passphrase" +msgstr "Malvalida pasfrazo" + +msgid "Invalid signature class" +msgstr "Malvalida subskriba klaso" + +msgid "Resources exhausted" +msgstr "Rimedoj estas plenuzitaj" + +msgid "Invalid keyring" +msgstr "Malvalida ??losilringo" + +msgid "Trust DB error" +msgstr "Eraro de fidinda DB" + +msgid "Bad certificate" +msgstr "Mal??usta atestilo" + +msgid "Invalid user ID" +msgstr "Malvalida ID de uzanto" + +msgid "Unexpected error" +msgstr "Neatendita eraro" + +msgid "Time conflict" +msgstr "Konflikto de tempo" + +msgid "Keyserver error" +msgstr "??losilservila eraro" + +msgid "Wrong public key algorithm" +msgstr "Malkorekta publika ??losila algoritmo" + +msgid "Tribute to D. A." +msgstr "Oma??o al D. A." + +msgid "Weak encryption key" +msgstr "Malforta ??ifra ??losilo" + +msgid "Invalid key length" +msgstr "Malvalida ??losila longo" + +msgid "Invalid argument" +msgstr "Malvalida argumento" + +msgid "Syntax error in URI" +msgstr "Sintaks-eraro en URI" + +msgid "Invalid URI" +msgstr "Malvalida URI" + +msgid "Network error" +msgstr "Ret-eraro" + +msgid "Unknown host" +msgstr "Nekonata retnodo" + +msgid "Selftest failed" +msgstr "Memtesto fiaskis" + +msgid "Data not encrypted" +msgstr "Datumaro ne ??ifrita" + +msgid "Data not processed" +msgstr "Datumaro ne procezita" + +msgid "Unusable public key" +msgstr "Neuzebla publika ??losilo" + +msgid "Unusable secret key" +msgstr "Neuzebla sekreta ??losilo" + +msgid "Invalid value" +msgstr "Malvalida valoro" + +msgid "Bad certificate chain" +msgstr "Mal??usta atestila ??eno" + +msgid "Missing certificate" +msgstr "Mankas atestilo" + +msgid "No data" +msgstr "Neniu datumaro" + +msgid "Bug" +msgstr "Program-miso" + +msgid "Not supported" +msgstr "Ne subtenata" + +msgid "Invalid operation code" +msgstr "Malvalida operacia kodo" + +msgid "Timeout" +msgstr "Tempofino" + +msgid "Internal error" +msgstr "Interna eraro" + +msgid "EOF (gcrypt)" +msgstr "EOF (gcrypt)" + +msgid "Invalid object" +msgstr "Malvalida objekto" + +msgid "Provided object is too short" +msgstr "Provizita objekto tro mallongas" + +msgid "Provided object is too large" +msgstr "Provizita objekto tro lar??as" + +msgid "Missing item in object" +msgstr "Mankas ero en objekto" + +msgid "Not implemented" +msgstr "Ne realigita" + +msgid "Conflicting use" +msgstr "Konflikta uzo" + +msgid "Invalid cipher mode" +msgstr "Malvalida ??ifra re??imo" + +msgid "Invalid flag" +msgstr "Malvalida flago" + +msgid "Invalid handle" +msgstr "Malvalida traktilo" + +msgid "Result truncated" +msgstr "Rezulto estas tran??ita" + +msgid "Incomplete line" +msgstr "Malkompleta linio" + +msgid "Invalid response" +msgstr "Malvalida respondo" + +msgid "No agent running" +msgstr "Neniu agento rulas" + +#, fuzzy +#| msgid "agent error" +msgid "Agent error" +msgstr "agent-eraro" + +msgid "Invalid data" +msgstr "Malvalida datumaro" + +msgid "Unspecific Assuan server fault" +msgstr "Nespecifa paneo de servilo Assuan" + +msgid "General Assuan error" +msgstr "??enerala eraro de Assuan" + +msgid "Invalid session key" +msgstr "Malvalida seanca ??losilo" + +msgid "Invalid S-expression" +msgstr "Malvalida S-esprimo" + +msgid "Unsupported algorithm" +msgstr "Nesubtenata algoritmo" + +msgid "No pinentry" +msgstr "Neniu pinentry" + +msgid "pinentry error" +msgstr "Eraro de pinentry" + +msgid "Bad PIN" +msgstr "Mal??usta PIN" + +msgid "Invalid name" +msgstr "Malvalida nomo" + +msgid "Bad data" +msgstr "Mal??usta datumaro" + +msgid "Invalid parameter" +msgstr "Malvalida parametro" + +msgid "Wrong card" +msgstr "Malkorekta karto" + +msgid "No dirmngr" +msgstr "Neniu dirmngr" + +msgid "dirmngr error" +msgstr "eraro de dirmngr" + +msgid "Certificate revoked" +msgstr "Atestilo estas senvalidita" + +msgid "No CRL known" +msgstr "Neniu konata CRL" + +msgid "CRL too old" +msgstr "CRL tro malnovas" + +msgid "Line too long" +msgstr "Linio tro longas" + +msgid "Not trusted" +msgstr "Ne fidinda" + +msgid "Operation cancelled" +msgstr "Operacio estas nuligita" + +msgid "Bad CA certificate" +msgstr "Mal??usta atestilo CA" + +msgid "Certificate expired" +msgstr "Atestilo malvalidi??is" + +msgid "Certificate too young" +msgstr "Atestilo tro novas" + +msgid "Unsupported certificate" +msgstr "Nesubtenata atestilo" + +msgid "Unknown S-expression" +msgstr "Nekonata S-esprimo" + +msgid "Unsupported protection" +msgstr "Nesubtenata protekto" + +msgid "Corrupted protection" +msgstr "Rompita protekto" + +msgid "Ambiguous name" +msgstr "Plursenca nomo" + +msgid "Card error" +msgstr "Kart-eraro" + +msgid "Card reset required" +msgstr "Kart-reekigo estas postulata" + +msgid "Card removed" +msgstr "Karto estas demetita" + +msgid "Invalid card" +msgstr "Malvalida karto" + +msgid "Card not present" +msgstr "Karto ne ??eestas" + +msgid "No PKCS15 application" +msgstr "Neniu aplika??o PKCS15" + +msgid "Not confirmed" +msgstr "Ne konfirmita" + +msgid "Configuration error" +msgstr "Agord-eraro" + +msgid "No policy match" +msgstr "Neniu kongruo de politiko" + +msgid "Invalid index" +msgstr "Malvalida indekso" + +msgid "Invalid ID" +msgstr "Malvalida ID" + +msgid "No SmartCard daemon" +msgstr "Neniu demono SmartCard" + +msgid "SmartCard daemon error" +msgstr "Eraro de la demono SmartCard" + +msgid "Unsupported protocol" +msgstr "Nesubtenata protokolo" + +msgid "Bad PIN method" +msgstr "Mal??usta PIN-metodo" + +msgid "Card not initialized" +msgstr "Karto ne estas ekigita" + +msgid "Unsupported operation" +msgstr "Nesubtenata operacio" + +msgid "Wrong key usage" +msgstr "Malkorekta uzmaniero de ??losilo" + +msgid "Nothing found" +msgstr "Nenio trovita" + +msgid "Wrong blob type" +msgstr "Malkorekta tipo de blob" + +msgid "Missing value" +msgstr "Mankas valoro" + +msgid "Hardware problem" +msgstr "Problemo de aparataro" + +msgid "PIN blocked" +msgstr "PIN estas blokita" + +msgid "Conditions of use not satisfied" +msgstr "Uzkondi??oj ne estas kontentigitaj" + +msgid "PINs are not synced" +msgstr "PIN-oj ne estas sinkronigitaj" + +msgid "Invalid CRL" +msgstr "Malvalida CRL" + +msgid "BER error" +msgstr "Eraro de BER" + +msgid "Invalid BER" +msgstr "Malvalida BER" + +msgid "Element not found" +msgstr "Elemento ne estas trovita" + +msgid "Identifier not found" +msgstr "Identiganto ne estas trovita" + +msgid "Invalid tag" +msgstr "Malvalida marko" + +msgid "Invalid length" +msgstr "Malvalida longo" + +msgid "Invalid key info" +msgstr "Malvalida ??losil-informo" + +msgid "Unexpected tag" +msgstr "Neatentida marko" + +msgid "Not DER encoded" +msgstr "Neniu enkodita DER" + +msgid "No CMS object" +msgstr "Neniu objekto CMS" + +msgid "Invalid CMS object" +msgstr "Malvalida objekto CMS" + +msgid "Unknown CMS object" +msgstr "Nekonata objekto CMS" + +msgid "Unsupported CMS object" +msgstr "Nesubtenata objekto CMS" + +msgid "Unsupported encoding" +msgstr "Nesubtenata enkodigo" + +msgid "Unsupported CMS version" +msgstr "Nesubtenata versio CMS" + +msgid "Unknown algorithm" +msgstr "Nekonata algoritmo" + +msgid "Invalid crypto engine" +msgstr "Malvalida ??ifra ma??ino" + +msgid "Public key not trusted" +msgstr "Publika ??losilo ne estas fidinda" + +msgid "Decryption failed" +msgstr "Mal??ifro fiaskis" + +msgid "Key expired" +msgstr "??losilo malvalidi??is" + +msgid "Signature expired" +msgstr "Subskribo malvalidi??is" + +msgid "Encoding problem" +msgstr "Ekodiga problemo" + +msgid "Invalid state" +msgstr "Malvalida stato" + +msgid "Duplicated value" +msgstr "Duobligita valoro" + +msgid "Missing action" +msgstr "Mankas ago" + +msgid "ASN.1 module not found" +msgstr "Modulo ASN.1 ne estas trovita" + +msgid "Invalid OID string" +msgstr "Malvalida ??eno OID" + +msgid "Invalid time" +msgstr "Malvalida tempo" + +msgid "Invalid CRL object" +msgstr "Malvalida objekto CRL" + +msgid "Unsupported CRL version" +msgstr "Nesubtenata versio CRL" + +msgid "Invalid certificate object" +msgstr "Malvalida atestila objekto" + +msgid "Unknown name" +msgstr "Nekonata nomo" + +msgid "A locale function failed" +msgstr "Loka??ara funkcio fiaskis" + +msgid "Not locked" +msgstr "Ne ??losita" + +msgid "Protocol violation" +msgstr "Perforto de protokolo" + +msgid "Invalid MAC" +msgstr "Malvalida MAC" + +msgid "Invalid request" +msgstr "Malvalida peto" + +msgid "Unknown extension" +msgstr "Nekonata aldono" + +msgid "Unknown critical extension" +msgstr "Nekonata grava aldono" + +msgid "Locked" +msgstr "??losita" + +msgid "Unknown option" +msgstr "Nekonata modifilo" + +msgid "Unknown command" +msgstr "Nekonata komando" + +msgid "Not operational" +msgstr "Ne operaciebla" + +msgid "No passphrase given" +msgstr "Neniu pasfrazo estis donata" + +msgid "No PIN given" +msgstr "Neniu PIN estis donata" + +#, fuzzy +#| msgid "Not locked" +msgid "Not enabled" +msgstr "Ne ??losita" + +#, fuzzy +#| msgid "Invalid crypto engine" +msgid "No crypto engine" +msgstr "Malvalida ??ifra ma??ino" + +#, fuzzy +#| msgid "Missing value" +msgid "Missing key" +msgstr "Mankas valoro" + +#, fuzzy +#| msgid "No CMS object" +msgid "Too many objects" +msgstr "Neniu objekto CMS" + +msgid "Limit reached" +msgstr "" + +#, fuzzy +#| msgid "Card not initialized" +msgid "Not initialized" +msgstr "Karto ne estas ekigita" + +#, fuzzy +#| msgid "Missing certificate" +msgid "Missing issuer certificate" +msgstr "Mankas atestilo" + +msgid "No keyserver available" +msgstr "" + +#, fuzzy +#| msgid "Invalid time" +msgid "Invalid elliptic curve" +msgstr "Malvalida tempo" + +#, fuzzy +#| msgid "Unknown source" +msgid "Unknown elliptic curve" +msgstr "Nekonata fonto" + +#, fuzzy +#| msgid "Duplicated value" +msgid "Duplicated key" +msgstr "Duobligita valoro" + +#, fuzzy +#| msgid "Ambiguous name" +msgid "Ambiguous result" +msgstr "Plursenca nomo" + +#, fuzzy +#| msgid "Operation cancelled" +msgid "Operation fully cancelled" +msgstr "Operacio estas nuligita" + +msgid "Operation not yet finished" +msgstr "La operacio ankora?? ne fini??is" + +msgid "Buffer too short" +msgstr "Bufro tro mallongas" + +msgid "Invalid length specifier in S-expression" +msgstr "Malvalida long-indikilo en S-esprimo" + +msgid "String too long in S-expression" +msgstr "??eno tro longa en S-esprimo" + +msgid "Unmatched parentheses in S-expression" +msgstr "Senpara kurbkrampo en S-esprimo" + +msgid "S-expression not canonical" +msgstr "S-esprimo ne estas kanona" + +msgid "Bad character in S-expression" +msgstr "Mal??usta signo en S-esprimo" + +msgid "Bad quotation in S-expression" +msgstr "Mal??usta citigo en S-esprimo" + +msgid "Zero prefix in S-expression" +msgstr "Nul-prefikso en S-esprimo" + +msgid "Nested display hints in S-expression" +msgstr "Nestitaj montraj konsiletoj en S-esprimo" + +msgid "Unmatched display hints" +msgstr "Nekongruaj montraj konsiletoj" + +msgid "Unexpected reserved punctuation in S-expression" +msgstr "Neatendita rezervita interpunkcio en S-esprimo" + +msgid "Bad hexadecimal character in S-expression" +msgstr "Mal??usta deksesuma signo en S-esprimo" + +msgid "Odd hexadecimal numbers in S-expression" +msgstr "Malparaj deksesumaj numeroj en S-esprimo" + +#, fuzzy +#| msgid "Bad octadecimal character in S-expression" +msgid "Bad octal character in S-expression" +msgstr "Mal??usta okuma signo en S-esprimo" + +msgid "General IPC error" +msgstr "??enerala eraro de IPC" + +msgid "IPC accept call failed" +msgstr "Akcepta voko de IPC fiaskis" + +msgid "IPC connect call failed" +msgstr "Konekta voko de IPC fiaskis" + +msgid "Invalid IPC response" +msgstr "Malvalida respondo de IPC" + +msgid "Invalid value passed to IPC" +msgstr "Malvalida valoro estis pasata al IPC" + +msgid "Incomplete line passed to IPC" +msgstr "Nekompleta linio estis pasata al IPC" + +msgid "Line passed to IPC too long" +msgstr "Pasita linio al IPC tro longas" + +msgid "Nested IPC commands" +msgstr "Nestitaj komandoj IPC" + +msgid "No data callback in IPC" +msgstr "Neniu datumar funkcivoko en IPC" + +msgid "No inquire callback in IPC" +msgstr "Neniu enketa funkcivoko en IPC" + +msgid "Not an IPC server" +msgstr "Ne estas servilo IPC" + +msgid "Not an IPC client" +msgstr "Ne estas kliento IPC" + +msgid "Problem starting IPC server" +msgstr "Problemo dum ekigo de servilo IPC" + +msgid "IPC read error" +msgstr "Leg-eraro de IPC" + +msgid "IPC write error" +msgstr "Skrib-eraro de IPC" + +msgid "Too much data for IPC layer" +msgstr "Tro multa datumaro por tavolo IPC" + +msgid "Unexpected IPC command" +msgstr "Neatendita komando IPC" + +msgid "Unknown IPC command" +msgstr "Nekonata komando IPC" + +msgid "IPC syntax error" +msgstr "Sintaks-eraro de IPC" + +msgid "IPC call has been cancelled" +msgstr "IPC-voko estas nuligita" + +msgid "No input source for IPC" +msgstr "Neniu enig-fonto por IPC" + +msgid "No output source for IPC" +msgstr "Neniu elig-fonto por IPC" + +msgid "IPC parameter error" +msgstr "Parametra eraro de IPC" + +msgid "Unknown IPC inquire" +msgstr "Nekonata enketo de IPC" + +msgid "User defined error code 1" +msgstr "Uzant-difinita erarkodo 1" + +msgid "User defined error code 2" +msgstr "Uzant-difinita erarkodo 2" + +msgid "User defined error code 3" +msgstr "Uzant-difinita erarkodo 3" + +msgid "User defined error code 4" +msgstr "Uzant-difinita erarkodo 4" + +msgid "User defined error code 5" +msgstr "Uzant-difinita erarkodo 5" + +msgid "User defined error code 6" +msgstr "Uzant-difinita erarkodo 6" + +msgid "User defined error code 7" +msgstr "Uzant-difinita erarkodo 7" + +msgid "User defined error code 8" +msgstr "Uzant-difinita erarkodo 8" + +msgid "User defined error code 9" +msgstr "Uzant-difinita erarkodo 9" + +msgid "User defined error code 10" +msgstr "Uzant-difinita erarkodo 10" + +msgid "User defined error code 11" +msgstr "Uzant-difinita erarkodo 11" + +msgid "User defined error code 12" +msgstr "Uzant-difinita erarkodo 12" + +msgid "User defined error code 13" +msgstr "Uzant-difinita erarkodo 13" + +msgid "User defined error code 14" +msgstr "Uzant-difinita erarkodo 14" + +msgid "User defined error code 15" +msgstr "Uzant-difinita erarkodo 15" + +msgid "User defined error code 16" +msgstr "Uzant-difinita erarkodo 16" + +msgid "System error w/o errno" +msgstr "Sistem-eraro sen errno" + +msgid "Unknown system error" +msgstr "Nekonata sistem-eraro" + +msgid "End of file" +msgstr "Fino de dosiero" + +msgid "Unknown error code" +msgstr "Nekonata erar-kodo" + +#, c-format +msgid "Usage: %s GPG-ERROR [...]\n" +msgstr "Uzmaniero: %s GPG-ERARO [...]\n" + +#, c-format +msgid "%s: warning: could not recognize %s\n" +msgstr "%s: averto: ne eblis rekoni %s\n" commit e6943de88627c6662fba3fe905c8761dbf0ccfa1 Author: Werner Koch Date: Sat Feb 23 20:18:49 2013 +0100 Add version macros and check function. * configure.ac (VERSION_NUMBER): New ac_subst. (BUILD_FILEVERSION): Build on all platforms (BUILD_TIMESTAMP): Try to use an ISO string. * src/Makefile.am (extra-h.in): Add new version numbers. * src/versioninfo.rc.in: Update copyright year. * src/version.c: New. (gpg_error_check_version): New API. * src/gpg-error.h.in: Add gpg_error_check_version prototype. * src/gpg-error.def.in: Add gpg_error_check_version * tests/t-version.c: New. * tests/Makefile.am (TESTS): Add t-version.c * src/gpg-error-config.in: s/VERSION/PACKAGE_VERSION/. -- All other GnuPG libraries do this, thus we do it here as well. diff --git a/NEWS b/NEWS index fc184ec..a804484 100644 --- a/NEWS +++ b/NEWS @@ -1,7 +1,11 @@ Noteworthy changes in version 1.11 (unreleased) ---------------------------------------------- - * New error source GPG_ERR_SOURCE_ASSUAN for Libassuan related errors. + * New error source GPG_ERR_SOURCE_ASSUAN for Libassuan related + errors. + + * New macros GPG_ERROR_VERSION and GPG_ERROR_VERSION_NUMBER. New + function gpg_error_check_version. * Interface changes relative to the 1.10 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -11,6 +15,9 @@ Noteworthy changes in version 1.11 (unreleased) GPG_ERR_DUP_KEY NEW. GPG_ERR_AMBIGUOUS NEW. GPG_ERR_SOURCE_ASSUAN NEW. + gpg_error_check_version NEW. + GPG_ERROR_VERSION NEW. + GPG_ERROR_VERSION_NUMBER NEW. Noteworthy changes in version 1.10 (2010-10-26) diff --git a/configure.ac b/configure.ac index b25630e..dc897a2 100644 --- a/configure.ac +++ b/configure.ac @@ -26,12 +26,14 @@ min_automake_version="1.11" # Please bump the version number immediately after the release, do # another commit, and a push so that the git magic is able to work. # See below for the LT versions. -m4_define([mym4_version], [1.11]) +m4_define([mym4_version_major], [1]) +m4_define([mym4_version_minor], [11]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag # indicating a development version (mym4_isgit). Note that the m4 # processing is done by autoconf and not during the configure run. +m4_define([mym4_version], [mym4_version_major.mym4_version_minor]) m4_define([mym4_revision], m4_esyscmd([git rev-parse --short HEAD | tr -d '\n\r'])) m4_define([mym4_revision_dec], @@ -52,10 +54,16 @@ AC_INIT([libgpg-error],[mym4_full_version],[http://bugs.gnupg.org]) LIBGPG_ERROR_LT_CURRENT=8 LIBGPG_ERROR_LT_AGE=8 LIBGPG_ERROR_LT_REVISION=0 +################################################ + AC_SUBST(LIBGPG_ERROR_LT_CURRENT) AC_SUBST(LIBGPG_ERROR_LT_AGE) AC_SUBST(LIBGPG_ERROR_LT_REVISION) +VERSION_NUMBER=m4_esyscmd(printf "0x%02x%02x00" mym4_version_major \ + mym4_version_minor) +AC_SUBST(VERSION_NUMBER) + AM_INIT_AUTOMAKE AM_MAINTAINER_MODE AC_CONFIG_SRCDIR([src/err-sources.h.in]) @@ -170,23 +178,33 @@ if test "$have_w32_system" = yes; then AC_DEFINE(HAVE_W32CE_SYSTEM,1,[Defined if we run on WindowsCE]) GPG_ERROR_CONFIG_ISUBDIRAFTER="gpg-extra" fi - BUILD_TIMESTAMP=`date --iso-8601=minutes` - changequote(,)dnl - BUILD_FILEVERSION=`echo "$VERSION" | sed 's/$[0-9.]*$.*/\1./;s/\./,/g'` - changequote([,])dnl - BUILD_FILEVERSION="${BUILD_FILEVERSION}0,mym4_revision_dec" fi -BUILD_REVISION="mym4_revision" -AC_SUBST(BUILD_TIMESTAMP) -AC_SUBST(BUILD_FILEVERSION) -AC_SUBST(BUILD_REVISION) -AC_DEFINE_UNQUOTED(BUILD_REVISION, "$BUILD_REVISION", - [GIT commit id used to build this package]) AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes) AM_CONDITIONAL(HAVE_W64_SYSTEM, test "$have_w64_system" = yes) AM_CONDITIONAL(HAVE_W32CE_SYSTEM, test "$have_w32ce_system" = yes) +# +# Provide information about the build. +# +BUILD_REVISION="mym4_revision" +AC_SUBST(BUILD_REVISION) +AC_DEFINE_UNQUOTED(BUILD_REVISION, "$BUILD_REVISION", + [GIT commit id revision used to build this package]) + +changequote(,)dnl +BUILD_FILEVERSION=`echo "$PACKAGE_VERSION"|sed 's/$[0-9.]*$.*/\1./;s/\./,/g'` +changequote([,])dnl +BUILD_FILEVERSION="${BUILD_FILEVERSION}0,mym4_revision_dec" +AC_SUBST(BUILD_FILEVERSION) + +BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date` +AC_SUBST(BUILD_TIMESTAMP) +AC_DEFINE_UNQUOTED(BUILD_TIMESTAMP, "$BUILD_TIMESTAMP", + [The time this package was configured for a build]) + + + AC_ARG_ENABLE(languages, [ --disable-languages do not build support for other languages than C]) AM_CONDITIONAL([LANGUAGES_SOME], [test "x$enable_languages" != xno]) diff --git a/src/Makefile.am b/src/Makefile.am index a84e3f0..cf9a364 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,33 +1,33 @@ # Makefile.am for libgpg-error. # Copyright (C) 2003, 2004 g10 Code GmbH -# +# # This file is part of libgpg-error. -# +# # libgpg-error is free software; you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as # published by the Free Software Foundation; either version 2.1 of the # License, or (at your option) any later version. -# +# # libgpg-error is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. -# +# # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA # We distribute the generated sources err-sources.h and err-codes.h, # because they are needed to build the po directory, and they don't -# depend on the configuration anyway. +# depend on the configuration anyway. if HAVE_W32CE_SYSTEM gpg_extra_headers = gpg-extra/errno.h extra_cppflags = -idirafter gpg-extra else -gpg_extra_headers = -extra_cppflags = +gpg_extra_headers = +extra_cppflags = endif localedir = $(datadir)/locale @@ -47,9 +47,9 @@ EXTRA_DIST = mkstrtable.awk err-sources.h.in err-codes.h.in \ BUILT_SOURCES = err-sources.h err-codes.h code-to-errno.h code-from-errno.h \ err-sources-sym.h err-codes-sym.h errnos-sym.h gpg-error.h \ - gpg-error.def extra-h.in mkw32errmap.map.c + gpg-error.def extra-h.in mkw32errmap.map.c -tmp_files = _mkerrcodes.h _gpg-error.def.h mkw32errmap.tab.h mkw32errmap.map.c +tmp_files = _mkerrcodes.h _gpg-error.def.h mkw32errmap.tab.h mkw32errmap.map.c CLEANFILES = err-sources.h err-codes.h code-to-errno.h code-from-errno.h \ gpg-error.h mkerrcodes mkerrcodes.h gpg-error.def mkw32errmap.tab.h \ @@ -79,7 +79,7 @@ uninstall-def-file: -rm $(DESTDIR)$(libdir)/gpg-error.def libgpg_error_la_DEPENDENCIES = $(gpg_error_res) gpg-error.def -intllibs = +intllibs = else arch_sources = @@ -99,7 +99,8 @@ libgpg_error_la_LDFLAGS = -version-info \ $(no_undefined) $(export_symbols) libgpg_error_la_SOURCES = gpg-error.h gettext.h $(arch_sources) \ - init.c init.h strsource.c strerror.c code-to-errno.c code-from-errno.c + init.c init.h version.c \ + strsource.c strerror.c code-to-errno.c code-from-errno.c # Note that RCCOMPILE needs the same defines as ..._la_CPPFLAGS but # without the extra_cppflags because they may include am -idirafter @@ -107,7 +108,7 @@ libgpg_error_la_SOURCES = gpg-error.h gettext.h $(arch_sources) \ libgpg_error_la_CPPFLAGS = -DLOCALEDIR=\"$(localedir)\" $(extra_cppflags) libgpg_error_la_LIBADD = $(gpg_error_res) $(intllibs) -gpg_error_SOURCES = strsource-sym.c strerror-sym.c gpg-error.c +gpg_error_SOURCES = strsource-sym.c strerror-sym.c gpg-error.c gpg_error_CPPFLAGS = -DLOCALEDIR=\"$(localedir)\" $(extra_cppflags) gpg_error_LDADD = ./libgpg-error.la @LTLIBINTL@ @@ -185,14 +186,22 @@ errnos-sym.h: Makefile mkstrtable.awk errnos.in -v prefix=GPG_ERR_ -v namespace=errnos_ \ $(srcdir)/errnos.in >$@ -extra-h.in: Makefile w32-add.h w32ce-add.h +# We depend on versioninfo.rc because that is build by config.status +# and thus has up-to-date version numbers. +extra-h.in: Makefile w32-add.h w32ce-add.h versioninfo.rc -rm extra-h.in + echo "/* The version string of this header. */" >>extra-h.in + echo "#define GPG_ERROR_VERSION \"$(PACKAGE_VERSION)\"" >>extra-h.in + echo >>extra-h.in + echo "/* The version number of this header. */" >>extra-h.in + echo "#define GPG_ERROR_VERSION_NUMBER $(VERSION_NUMBER)" >>extra-h.in + echo >>extra-h.in if HAVE_W32_SYSTEM cat $(srcdir)/w32-add.h >>extra-h.in -endif +endif if HAVE_W32CE_SYSTEM cat $(srcdir)/w32ce-add.h >>extra-h.in -endif +endif echo EOF >>extra-h.in gpg-error.h: Makefile mkheader.awk err-sources.h.in err-codes.h.in \ diff --git a/src/gpg-error-config.in b/src/gpg-error-config.in index df27f0a..b132314 100644 --- a/src/gpg-error-config.in +++ b/src/gpg-error-config.in @@ -54,7 +54,7 @@ while test $# -gt 0; do output="$output $exec_prefix" ;; --version) - echo "@VERSION@" + echo "@PACKAGE_VERSION@" exit 0 ;; --cflags) diff --git a/src/gpg-error.def.in b/src/gpg-error.def.in index cbabd57..62e0681 100644 --- a/src/gpg-error.def.in +++ b/src/gpg-error.def.in @@ -6,8 +6,8 @@ EXPORTS gpg_strerror @1 - gpg_strerror_r @2 - gpg_strsource @3 + gpg_strerror_r @2 + gpg_strsource @3 gpg_err_code_from_errno @4 gpg_err_code_to_errno @5 gpg_err_init @6 @@ -27,3 +27,4 @@ EXPORTS _gpg_w32_gettext_use_utf8 @17 #endif gpg_err_deinit @18 + gpg_error_check_version @19 diff --git a/src/gpg-error.h.in b/src/gpg-error.h.in index f89945a..303fac0 100644 --- a/src/gpg-error.h.in +++ b/src/gpg-error.h.in @@ -1,18 +1,18 @@ /* gpg-error.h - Public interface to libgpg-error. - Copyright (C) 2003, 2004, 2010 g10 Code GmbH + Copyright (C) 2003, 2004, 2010, 2013 g10 Code GmbH This file is part of libgpg-error. - + libgpg-error is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + libgpg-error is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, see . */ @@ -32,7 +32,7 @@ #else #ifndef GPG_ERR_INLINE #define GPG_ERR_INLINE -#endif +#endif #endif @@ -245,6 +245,9 @@ gpg_err_code_t gpg_err_code_from_syserror (void); ERRNO due to peculiarities on WindowsCE. */ void gpg_err_set_errno (int err); +/* Return or check the version. */ +const char *gpg_error_check_version (const char *req_version); + @include extra-h.in /* Self-documenting convenience functions. */ diff --git a/src/version.c b/src/version.c new file mode 100644 index 0000000..36e2d58 --- /dev/null +++ b/src/version.c @@ -0,0 +1,121 @@ +/* version.c - Version checking + * Copyright (C) 2001, 2002, 2012, 2013 g10 Code GmbH + * + * This file is part of libgpg-error. + * + * libgpg-error is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * libgpg-error is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +#if HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#include + + +#define digitp(a) ((a) >= '0' && (a) <= '9') + + +/* This is actually a dummy function to make sure that is module is + not empty. Some compilers barf on empty modules. */ +static const char * +cright_blurb (void) +{ + static const char blurb[] = + "\n\n" + "This is Libgpg-error " PACKAGE_VERSION " - An error code library\n" + "Copyright 2003, 2004, 2010, 2013 g10 Code GmbH\n" + "\n" + "(" BUILD_REVISION " " BUILD_TIMESTAMP ")\n" + "\n\n"; + return blurb; +} + + +static const char* +parse_version_number (const char *s, int *number) +{ + int val = 0; + + if (*s == '0' && digitp (s[1])) + return NULL; /* Leading zeros are not allowed. */ + for (; digitp (*s); s++) + { + val *= 10; + val += *s - '0'; + } + *number = val; + return val < 0 ? NULL : s; +} + + +static const char * +parse_version_string (const char *s, int *major, int *minor) +{ + s = parse_version_number (s, major); + if (!s || *s != '.') + return NULL; + s++; + s = parse_version_number (s, minor); + if (!s) + return NULL; + return s; /* Patchlevel. */ +} + + +static const char * +compare_versions (const char *my_version, const char *req_version) +{ + int my_major, my_minor; + int rq_major, rq_minor; + const char *my_plvl, *rq_plvl; + + if (!req_version) + return my_version; + if (!my_version) + return NULL; + + my_plvl = parse_version_string (my_version, &my_major, &my_minor); + if (!my_plvl) + return NULL; /* Very strange: our own version is bogus. */ + rq_plvl = parse_version_string(req_version, &rq_major, &rq_minor); + if (!rq_plvl) + return NULL; /* Requested version string is invalid. */ + + if (my_major > rq_major + || (my_major == rq_major && my_minor >= rq_minor)) + { + return my_version; + } + return NULL; +} + + +/* + * Check that the the version of the library is at minimum REQ_VERSION + * and return the actual version string; return NULL if the condition + * is not met. If NULL is passed to this function, no check is done + * and the version string is simply returned. + */ +const char * +gpg_error_check_version (const char *req_version) +{ + if (req_version && req_version[0] == 1 && req_version[1] == 1) + return cright_blurb (); + return compare_versions (PACKAGE_VERSION, req_version); +} diff --git a/src/versioninfo.rc.in b/src/versioninfo.rc.in index 284195b..bcf5893 100644 --- a/src/versioninfo.rc.in +++ b/src/versioninfo.rc.in @@ -39,12 +39,12 @@ BEGIN VALUE "FileDescription", "libgpg-error - Common error codes\0" VALUE "FileVersion", "@LIBGPG_ERROR_LT_CURRENT at .@LIBGPG_ERROR_LT_AGE at .@LIBGPG_ERROR_LT_REVISION at .@BUILD_REVISION@\0" VALUE "InternalName", "libgpg-error\0" - VALUE "LegalCopyright", "Copyright ? 2012 g10 Code GmbH\0" + VALUE "LegalCopyright", "Copyright ? 2013 g10 Code GmbH\0" VALUE "LegalTrademarks", "\0" VALUE "OriginalFilename", "libgpg-error.dll\0" VALUE "PrivateBuild", "\0" VALUE "ProductName", "libgpg-error\0" - VALUE "ProductVersion", "@VERSION@\0" + VALUE "ProductVersion", "@PACKAGE_VERSION@\0" VALUE "SpecialBuild", "@BUILD_TIMESTAMP@\0" END END diff --git a/tests/Makefile.am b/tests/Makefile.am index be63260..1a27f81 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -1,18 +1,18 @@ # Makefile.am for libgpg-error/tests. # Copyright (C) 2003 g10 Code GmbH -# +# # This file is part of libgpg-error. -# +# # libgpg-error is free software; you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as # published by the Free Software Foundation; either version 2.1 of the # License, or (at your option) any later version. -# +# # libgpg-error is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. -# +# # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA @@ -22,11 +22,11 @@ if HAVE_W32CE_SYSTEM extra_includes = -idirafter $(top_builddir)/src/gpg-extra else -extra_includes = +extra_includes = endif -TESTS = t-strerror t-syserror +TESTS = t-version t-strerror t-syserror INCLUDES = -I$(top_builddir)/src $(extra_includes) diff --git a/tests/t-version.c b/tests/t-version.c new file mode 100644 index 0000000..d6c6399 --- /dev/null +++ b/tests/t-version.c @@ -0,0 +1,98 @@ +/* t-version.c - Check the version info function + * Copyright (C) 2013 g10 Code GmbH + * + * This file is part of libgpg-error. + * + * libgpg-error is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * libgpg-error is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +#include "../src/gpg-error.h" + +static const char *logpfx = ""; +static int verbose; +static int debug; +static int errorcount; + +int +main (int argc, char **argv) +{ + int last_argc = -1; + + if (argc) + { + logpfx = *argv; + argc--; argv++; + } + while (argc && last_argc != argc ) + { + last_argc = argc; + if (!strcmp (*argv, "--help")) + { + puts ( +"usage: ./version [options]\n" +"\n" +"Options:\n" +" --verbose Show what is going on\n" +); + exit (0); + } + if (!strcmp (*argv, "--verbose")) + { + verbose = 1; + argc--; argv++; + } + else if (!strcmp (*argv, "--debug")) + { + verbose = debug = 1; + argc--; argv++; + } + } + + if (!gpg_error_check_version (GPG_ERROR_VERSION)) + { + fprintf (stderr, "%s: gpg_error_check_version returned an error\n", + logpfx); + errorcount++; + } + if (!gpg_error_check_version ("1.10")) + { + fprintf (stderr, "%s: gpg_error_check_version returned an " + "error for an old version\n", logpfx); + errorcount++; + } + if (gpg_error_check_version ("15")) + { + fprintf (stderr, "gpg_error_check_version did not return an error" + " for a newer version\n", logpfx); + errorcount++; + } + if (verbose || errorcount) + { + printf ("Version from header: %s (0x%06x)\n", + GPG_ERROR_VERSION, GPG_ERROR_VERSION_NUMBER); + printf ("Version from binary: %s\n", gpg_error_check_version (NULL)); + printf ("Copyright blurb ...:%s\n", gpg_error_check_version ("\x01\x01")); + } + + return errorcount ? 1 : 0; +} commit b78200135ce1d20fb4680174eed2106d6012dc14 Author: Werner Koch Date: Sat Feb 23 20:11:32 2013 +0100 Add string "Assuan" to all po files. -- diff --git a/po/cs.po b/po/cs.po index a7b5965..1845b54 100644 --- a/po/cs.po +++ b/po/cs.po @@ -14,13 +14,13 @@ msgid "" msgstr "" "Project-Id-Version: libgpg-error 1.10\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2012-08-07 22:19+0200\n" +"PO-Revision-Date: 2013-02-23 20:08+0100\n" "Last-Translator: Petr Pisar \n" "Language-Team: Czech \n" +"Language: cs\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"Language: cs\n" msgid "Unspecified source" msgstr "Zdroj nezad??n" @@ -68,6 +68,9 @@ msgstr "Kleopatra" msgid "G13" msgstr "G13" +msgid "Assuan" +msgstr "Assuan" + msgid "Any source" msgstr "Nespecifikovan?? zdroj" diff --git a/po/da.po b/po/da.po index 40d3595..18bfb5e 100644 --- a/po/da.po +++ b/po/da.po @@ -10,13 +10,13 @@ msgid "" msgstr "" "Project-Id-Version: libgpg-error 1.10\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2012-08-07 21:27+0200\n" +"PO-Revision-Date: 2013-02-23 20:08+0100\n" "Last-Translator: Joe Hansen \n" "Language-Team: Danish \n" +"Language: da\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"Language: da\n" msgid "Unspecified source" msgstr "Uspecificeret kilde" @@ -64,6 +64,9 @@ msgstr "Kleopatra" msgid "G13" msgstr "G13" +msgid "Assuan" +msgstr "Assuan" + msgid "Any source" msgstr "Enhver kilde" diff --git a/po/de.po b/po/de.po index 4f82fb5..6aacb5c 100644 --- a/po/de.po +++ b/po/de.po @@ -7,9 +7,10 @@ msgid "" msgstr "" "Project-Id-Version: libgpg-error-1.9\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2012-08-07 09:02+0200\n" +"PO-Revision-Date: 2013-02-23 20:08+0100\n" "Last-Translator: Werner Koch \n" "Language-Team: none\n" +"Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" @@ -59,6 +60,9 @@ msgstr "Kleopatra" msgid "G13" msgstr "G13" +msgid "Assuan" +msgstr "Assuan" + msgid "Any source" msgstr "Unspezifische Quelle" @@ -842,6 +846,3 @@ msgstr "Aufruf: %s GPG-FEHLER [...]\n" #, c-format msgid "%s: warning: could not recognize %s\n" msgstr "%s: Warnung: %s konnte nicht erkannt werden\n" - -#~ msgid "Assuan error" -#~ msgstr "Fehler in Assuan" diff --git a/po/fr.po b/po/fr.po index 2a30fca..6c41555 100644 --- a/po/fr.po +++ b/po/fr.po @@ -8,13 +8,13 @@ msgid "" msgstr "" "Project-Id-Version: libgpg-error-1.10\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2012-08-07 13:18-0400\n" +"PO-Revision-Date: 2013-02-23 20:09+0100\n" "Last-Translator: David Pr??vot \n" "Language-Team: French \n" +"Language: fr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"Language: fr\n" "X-Generator: Lokalize 1.4\n" "Plural-Forms: nplurals=2; plural=(n > 1);\n" @@ -63,6 +63,9 @@ msgstr "Kleopatra" msgid "G13" msgstr "G13" +msgid "Assuan" +msgstr "Assuan" + msgid "Any source" msgstr "N'importe quelle source" @@ -847,6 +850,3 @@ msgstr "Utilisation??: %s GPG-ERROR [...]\n" #, c-format msgid "%s: warning: could not recognize %s\n" msgstr "%s??: attention??: impossible de reconna??tre %s\n" - -#~ msgid "Assuan error" -#~ msgstr "Erreur assuan" diff --git a/po/it.po b/po/it.po index fa29191..ce8aaae 100644 --- a/po/it.po +++ b/po/it.po @@ -7,9 +7,10 @@ msgid "" msgstr "" "Project-Id-Version: libgpg-error 1.7\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2010-12-02 20:23+0100\n" +"PO-Revision-Date: 2013-02-23 20:09+0100\n" "Last-Translator: Francesco Groccia \n" "Language-Team: Italian \n" +"Language: it\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" @@ -59,6 +60,9 @@ msgstr "Kleopatra" msgid "G13" msgstr "" +msgid "Assuan" +msgstr "Assuan" + msgid "Any source" msgstr "Qualsiasi fonte" diff --git a/po/ja.po b/po/ja.po index 0fbcbab..4404b80 100644 --- a/po/ja.po +++ b/po/ja.po @@ -7,13 +7,13 @@ msgid "" msgstr "" "Project-Id-Version: libgpg-error 1.7\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2012-03-24 22:54+0900\n" +"PO-Revision-Date: 2013-02-23 20:09+0100\n" "Last-Translator: Takeshi Hamasaki \n" "Language-Team: Japanese \n" +"Language: ja\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"Language: ja\n" "Plural-Forms: nplurals=1; plural=0;\n" msgid "Unspecified source" @@ -61,6 +61,9 @@ msgstr "Kleopatra" msgid "G13" msgstr "" +msgid "Assuan" +msgstr "Assuan" + msgid "Any source" msgstr "??????????????????" diff --git a/po/nl.po b/po/nl.po index 1119a42..c4939a6 100644 --- a/po/nl.po +++ b/po/nl.po @@ -7,13 +7,13 @@ msgid "" msgstr "" "Project-Id-Version: libgpg-error 1.10\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2012-08-08 15:03-0300\n" +"PO-Revision-Date: 2013-02-23 20:09+0100\n" "Last-Translator: Freek de Kruijf \n" "Language-Team: Dutch \n" +"Language: nl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"Language: nl\n" "X-Generator: Lokalize 1.4\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" @@ -62,6 +62,9 @@ msgstr "Kleopatra" msgid "G13" msgstr "G13" +msgid "Assuan" +msgstr "Assuan" + msgid "Any source" msgstr "Elke bron" diff --git a/po/pl.po b/po/pl.po index 4359896..a0b69d0 100644 --- a/po/pl.po +++ b/po/pl.po @@ -7,9 +7,10 @@ msgid "" msgstr "" "Project-Id-Version: libgpg-error 1.9\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2010-08-05 20:05+0200\n" +"PO-Revision-Date: 2013-02-23 20:09+0100\n" "Last-Translator: Jakub Bogusz \n" "Language-Team: Polish \n" +"Language: pl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=ISO-8859-2\n" "Content-Transfer-Encoding: 8bit\n" @@ -59,6 +60,9 @@ msgstr "Kleopatra" msgid "G13" msgstr "G13" +msgid "Assuan" +msgstr "Assuan" + msgid "Any source" msgstr "Dowolne ?r?d?o" diff --git a/po/ro.po b/po/ro.po index 3c61ba6..f87ba93 100644 --- a/po/ro.po +++ b/po/ro.po @@ -9,9 +9,10 @@ msgid "" msgstr "" "Project-Id-Version: libgpg-error 1.1\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2009-08-20 09:00+0200\n" +"PO-Revision-Date: 2013-02-23 20:10+0100\n" "Last-Translator: Laurentiu Buzdugan \n" "Language-Team: Romanian \n" +"Language: ro\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=ISO-8859-2\n" "Content-Transfer-Encoding: 8bit\n" @@ -54,13 +55,16 @@ msgid "GSTI" msgstr "GSTI" msgid "GPA" -msgstr "" +msgstr "GPA" msgid "Kleopatra" -msgstr "" +msgstr "Kleopatra" msgid "G13" -msgstr "" +msgstr "G13" + +msgid "Assuan" +msgstr "Assuan" #, fuzzy msgid "Any source" @@ -878,6 +882,3 @@ msgstr "Folosire: %s EROARE-GPG [...]\n" #, c-format msgid "%s: warning: could not recognize %s\n" msgstr "%s: avertisment: nu am putut recunoa?te %s\n" - -#~ msgid "Assuan error" -#~ msgstr "Eroare Assuan" diff --git a/po/sv.po b/po/sv.po index c5aef75..d186825 100644 --- a/po/sv.po +++ b/po/sv.po @@ -7,9 +7,10 @@ msgid "" msgstr "" "Project-Id-Version: libgpg-error 1.7\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2009-06-25 07:54+0100\n" +"PO-Revision-Date: 2013-02-23 20:10+0100\n" "Last-Translator: Daniel Nylander \n" "Language-Team: Swedish \n" +"Language: sv\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" @@ -57,7 +58,10 @@ msgid "Kleopatra" msgstr "Kleopatra" msgid "G13" -msgstr "" +msgstr "G13" + +msgid "Assuan" +msgstr "Assuan" msgid "Any source" msgstr "Alla k??llor" diff --git a/po/vi.po b/po/vi.po index 0494370..50941e8 100644 --- a/po/vi.po +++ b/po/vi.po @@ -7,9 +7,10 @@ msgid "" msgstr "" "Project-Id-Version: libgpg-error 1.7\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2009-09-19 18:34+0930\n" +"PO-Revision-Date: 2013-02-23 20:10+0100\n" "Last-Translator: Clytie Siddall \n" "Language-Team: Vietnamese \n" +"Language: vi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" @@ -59,7 +60,10 @@ msgid "Kleopatra" msgstr "Kleopatra" msgid "G13" -msgstr "" +msgstr "G13" + +msgid "Assuan" +msgstr "Assuan" msgid "Any source" msgstr "B???t c??? ngu???n n??o" diff --git a/po/zh_CN.po b/po/zh_CN.po index 533d6a7..152cfde 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -7,10 +7,11 @@ msgid "" msgstr "" "Project-Id-Version: libgpg-error 1.7\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2009-08-19 17:45+0800\n" +"PO-Revision-Date: 2013-02-23 20:11+0100\n" "Last-Translator: Aron Xu \n" "Language-Team: Chinese (simplified) \n" +"Language: zh_CN\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" @@ -61,6 +62,9 @@ msgstr "" msgid "G13" msgstr "" +msgid "Assuan" +msgstr "Assuan" + msgid "Any source" msgstr "????????????" commit 3070b6c07babb33c904ddbe2a0cb6cfd0bc970c9 Author: Werner Koch Date: Sat Feb 23 20:07:06 2013 +0100 Make i686-w64-mingw32 the primary W32 toolchain. -- diff --git a/autogen.sh b/autogen.sh index db26c7f..97a3ccc 100755 --- a/autogen.sh +++ b/autogen.sh @@ -99,11 +99,12 @@ if [ "$myhost" = "w32" ]; then 64) w32root="$w64root" [ -z "$w32root" ] && w32root="$HOME/w64root" - toolprefixes="amd64-mingw32msvc" + toolprefixes="$amd64_toolprefixes amd64-mingw32msvc" ;; *) [ -z "$w32root" ] && w32root="$HOME/w32root" - toolprefixes="i586-mingw32msvc i386-mingw32msvc i686-w64-mingw32" + toolprefixes="$w32_toolprefixes i686-w64-mingw32 i586-mingw32msvc" + toolprefixes="$toolprefixes i386-mingw32msvc mingw32" ;; esac echo "Using $w32root as standard install directory" >&2 ----------------------------------------------------------------------- Summary of changes: NEWS | 9 +- autogen.sh | 5 +- configure.ac | 42 ++- po/LINGUAS | 2 + po/cs.po | 7 +- po/da.po | 7 +- po/de.po | 9 +- po/eo.po | 869 ++++++++++++++++++++++++++++++++++++++++++++++ po/fr.po | 10 +- po/it.po | 6 +- po/ja.po | 7 +- po/nl.po | 7 +- po/pl.po | 6 +- po/ro.po | 15 +- po/sv.po | 8 +- po/uk.po | 871 +++++++++++++++++++++++++++++++++++++++++++++++ po/vi.po | 8 +- po/zh_CN.po | 6 +- src/Makefile.am | 39 ++- src/gpg-error-config.in | 2 +- src/gpg-error.def.in | 5 +- src/gpg-error.h.in | 13 +- src/version.c | 121 +++++++ src/versioninfo.rc.in | 4 +- tests/Makefile.am | 12 +- tests/t-version.c | 98 ++++++ 26 files changed, 2111 insertions(+), 77 deletions(-) create mode 100644 po/eo.po create mode 100644 po/uk.po create mode 100644 src/version.c create mode 100644 tests/t-version.c hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 26 18:44:49 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 26 Feb 2013 18:44:49 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.4.0-1-g6822157 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 68221577b74fbcf0b43586f6004384fba0959ac5 (commit) from ef5cd38123dfbef7843f374ee697b0b5e8730c46 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 68221577b74fbcf0b43586f6004384fba0959ac5 Author: Werner Koch Date: Tue Feb 26 18:32:08 2013 +0100 Post release version number bump. -- diff --git a/NEWS b/NEWS index c9e576f..b55c113 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.4.1 (unreleased) +------------------------------------------------ + + Noteworthy changes in version 1.4.0 (2013-02-26) ------------------------------------------------ diff --git a/configure.ac b/configure.ac index 5126797..f096aa9 100644 --- a/configure.ac +++ b/configure.ac @@ -29,7 +29,7 @@ min_automake_version="1.11" # for the LT versions. m4_define(mym4_version_major, [1]) m4_define(mym4_version_minor, [4]) -m4_define(mym4_version_micro, [0]) +m4_define(mym4_version_micro, [1]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag ----------------------------------------------------------------------- Summary of changes: NEWS | 4 ++++ configure.ac | 2 +- 2 files changed, 5 insertions(+), 1 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 28 03:35:09 2013 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 28 Feb 2013 03:35:09 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-163-gef1983d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via ef1983d58b913306e9bf02a7189e530123839c59 (commit) from 585d5c62eece23911a768d97d11f159be138b13d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ef1983d58b913306e9bf02a7189e530123839c59 Author: NIIBE Yutaka Date: Thu Feb 28 11:17:47 2013 +0900 agent: pksign result conversion to sexp to upper layer. * agent/agent.h (divert_pksign): Add R_SIGLEN argument. * agent/divert-scd.c (divert_pksign): Return length at R_SIGLEN. * agent/call-scd.c (agent_card_pksign): Move composition of S-expression to... * agent/pksign.c (agent_pksign_do): ... here. -- Composing S-expression would be better to be done by SCDaemon. diff --git a/agent/agent.h b/agent/agent.h index 030b295..2fd0b8b 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -405,7 +405,8 @@ void agent_reload_trustlist (void); /*-- divert-scd.c --*/ int divert_pksign (ctrl_t ctrl, const unsigned char *digest, size_t digestlen, int algo, - const unsigned char *shadow_info, unsigned char **r_sig); + const unsigned char *shadow_info, unsigned char **r_sig, + size_t *r_siglen); int divert_pkdecrypt (ctrl_t ctrl, const unsigned char *cipher, const unsigned char *shadow_info, diff --git a/agent/call-scd.c b/agent/call-scd.c index f4ea20b..a334b15 100644 --- a/agent/call-scd.c +++ b/agent/call-scd.c @@ -825,10 +825,6 @@ agent_card_pksign (ctrl_t ctrl, char *p, line[ASSUAN_LINELENGTH]; membuf_t data; struct inq_needpin_s inqparm; - size_t len; - unsigned char *sigbuf; - size_t sigbuflen; - int prepend_nul; *r_buf = NULL; rc = start_scd (ctrl); @@ -868,32 +864,13 @@ agent_card_pksign (ctrl_t ctrl, if (rc) { + size_t len; + xfree (get_membuf (&data, &len)); return unlock_scd (ctrl, rc); } - sigbuf = get_membuf (&data, &sigbuflen); - - /* Create an S-expression from it which is formatted like this: - "(7:sig-val(3:rsa(1:sSIGBUFLEN:SIGBUF)))". We better make sure - that this won't be interpreted as a negative number. */ - prepend_nul = (sigbuflen && (*sigbuf & 0x80)); - - *r_buflen = 21 + 11 + prepend_nul + sigbuflen + 4; - p = xtrymalloc (*r_buflen); - *r_buf = (unsigned char*)p; - if (!p) - return unlock_scd (ctrl, out_of_core ()); - p = stpcpy (p, "(7:sig-val(3:rsa(1:s" ); - sprintf (p, "%u:", (unsigned int)sigbuflen + prepend_nul); - p += strlen (p); - if (prepend_nul) - *p++ = 0; - memcpy (p, sigbuf, sigbuflen); - p += sigbuflen; - strcpy (p, ")))"); - xfree (sigbuf); - - assert (gcry_sexp_canon_len (*r_buf, *r_buflen, NULL, NULL)); + + *r_buf = get_membuf (&data, r_buflen); return unlock_scd (ctrl, 0); } diff --git a/agent/divert-scd.c b/agent/divert-scd.c index 5fb037e..f0d8473 100644 --- a/agent/divert-scd.c +++ b/agent/divert-scd.c @@ -335,7 +335,8 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf) int divert_pksign (ctrl_t ctrl, const unsigned char *digest, size_t digestlen, int algo, - const unsigned char *shadow_info, unsigned char **r_sig) + const unsigned char *shadow_info, unsigned char **r_sig, + size_t *r_siglen) { int rc; char *kid; @@ -369,7 +370,10 @@ divert_pksign (ctrl_t ctrl, } if (!rc) - *r_sig = sigval; + { + *r_sig = sigval; + *r_siglen = siglen; + } xfree (kid); diff --git a/agent/pksign.c b/agent/pksign.c index dc44b88..8518730 100644 --- a/agent/pksign.c +++ b/agent/pksign.c @@ -278,24 +278,104 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, if (!s_skey) { /* Divert operation to the smartcard */ - + gcry_sexp_t s_pkey, l; + const char *name; + size_t len; unsigned char *buf = NULL; - size_t len = 0; + int is_RSA = 0; + int is_ECDSA = 0; + + /* Check keytype by public key */ + rc = agent_public_key_from_file (ctrl, ctrl->keygrip, &s_pkey); + if (rc) + { + log_error ("failed to read the public key\n"); + goto leave; + } + l = gcry_sexp_cadr (s_pkey); + name = gcry_sexp_nth_data (l, 0, &len); + if (len == 3 && !memcmp (name, "rsa", 3)) + is_RSA = 1; + else if (len == 5 && !memcmp (name, "ecdsa", 5)) + is_ECDSA = 1; + gcry_sexp_release (l); + gcry_sexp_release (s_pkey); rc = divert_pksign (ctrl, ctrl->digest.value, ctrl->digest.valuelen, ctrl->digest.algo, - shadow_info, &buf); + shadow_info, &buf, &len); if (rc) { log_error ("smartcard signing failed: %s\n", gpg_strerror (rc)); goto leave; } - len = gcry_sexp_canon_len (buf, 0, NULL, NULL); - assert (len); - rc = gcry_sexp_sscan (&s_sig, NULL, (char*)buf, len); + if (is_RSA) + { + if (*buf & 0x80) + { + len++; + buf = xtryrealloc (buf, len); + if (!buf) + goto leave; + + memmove (buf + 1, buf, len - 1); + *buf = 0; + } + + rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(rsa(s%b)))", len, buf); + } + else if (is_ECDSA) + { + unsigned char *r_buf_allocated = NULL; + unsigned char *s_buf_allocated = NULL; + unsigned char *r_buf, *s_buf; + int r_buflen, s_buflen; + + r_buflen = s_buflen = len/2; + + if (*buf & 0x80) + { + r_buflen++; + r_buf_allocated = xtrymalloc (r_buflen); + if (!r_buf_allocated) + goto leave; + + r_buf = r_buf_allocated; + memcpy (r_buf + 1, buf, len/2); + *r_buf = 0; + } + else + r_buf = buf; + + if (*(buf + len/2) & 0x80) + { + s_buflen++; + s_buf_allocated = xtrymalloc (s_buflen); + if (!s_buf_allocated) + { + xfree (r_buf_allocated); + goto leave; + } + + s_buf = s_buf_allocated; + memcpy (s_buf + 1, buf + len/2, len/2); + *s_buf = 0; + } + else + s_buf = buf + len/2; + + rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(ecdsa(r%b)(s%b)))", + r_buflen, r_buf, + s_buflen, s_buf); + xfree (r_buf_allocated); + xfree (s_buf_allocated); + } + else + rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED); + xfree (buf); if (rc) { ----------------------------------------------------------------------- Summary of changes: agent/agent.h | 3 +- agent/call-scd.c | 31 ++--------------- agent/divert-scd.c | 8 +++- agent/pksign.c | 92 ++++++++++++++++++++++++++++++++++++++++++++++++--- 4 files changed, 98 insertions(+), 36 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 28 20:00:28 2013 From: cvs at cvs.gnupg.org (by David Shaw) Date: Thu, 28 Feb 2013 20:00:28 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.19-88-gfe85638 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via fe85638284880805b80778fe87ae551d3de0ca32 (commit) from 815d01fceb56bc03cb0df0826a9a8438970dbda4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fe85638284880805b80778fe87ae551d3de0ca32 Author: David Shaw Date: Thu Feb 28 13:48:58 2013 -0500 Bring the fix for bug 739 on 1.4 over to 2.0 (bug 1479) * http.h, http.c (http_wait_response, main): Remove HTTP_FLAG_NO_SHUTDOWN. diff --git a/common/http.c b/common/http.c index 755ab1b..49859fa 100644 --- a/common/http.c +++ b/common/http.c @@ -1,6 +1,6 @@ /* http.c - HTTP protocol handler * Copyright (C) 1999, 2001, 2002, 2003, 2004, 2006, - * 2009, 2012 Free Software Foundation, Inc. + * 2009, 2012, 2013 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -417,8 +417,6 @@ http_wait_response (http_t hd) hd->write_cookie = NULL; #endif - if (!(hd->flags & HTTP_FLAG_NO_SHUTDOWN)) - shutdown (hd->sock, 1); hd->in_data = 0; #ifdef HTTP_USE_ESTREAM @@ -2039,8 +2037,7 @@ main (int argc, char **argv) http_release_parsed_uri (uri); uri = NULL; - rc = http_open_document (&hd, *argv, NULL, - HTTP_FLAG_NO_SHUTDOWN | HTTP_FLAG_NEED_HEADER, + rc = http_open_document (&hd, *argv, NULL, HTTP_FLAG_NEED_HEADER, NULL, tls_session); if (rc) { diff --git a/common/http.h b/common/http.h index 2b17ab7..0b1dc4d 100644 --- a/common/http.h +++ b/common/http.h @@ -1,6 +1,6 @@ /* http.h - HTTP protocol handler * Copyright (C) 1999, 2000, 2001, 2003, - * 2006, 2012 Free Software Foundation, Inc. + * 2006, 2012, 2013 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -62,9 +62,8 @@ http_req_t; enum { HTTP_FLAG_TRY_PROXY = 1, - HTTP_FLAG_NO_SHUTDOWN = 2, - HTTP_FLAG_LOG_RESP = 4, - HTTP_FLAG_NEED_HEADER = 8 + HTTP_FLAG_LOG_RESP = 2, + HTTP_FLAG_NEED_HEADER = 4 }; struct http_context_s; ----------------------------------------------------------------------- Summary of changes: common/http.c | 7 ++----- common/http.h | 7 +++---- 2 files changed, 5 insertions(+), 9 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org