1
1
/* app-openpgp.c - The OpenPGP card application.
2
* Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
2
* Copyright (C) 2003, 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
4
4
* This file is part of GnuPG.
6
6
* GnuPG is free software; you can redistribute it and/or modify
7
7
* it under the terms of the GNU General Public License as published by
8
* the Free Software Foundation; either version 2 of the License, or
8
* the Free Software Foundation; either version 3 of the License, or
9
9
* (at your option) any later version.
11
11
* GnuPG is distributed in the hope that it will be useful,
14
14
* GNU General Public License for more details.
16
16
* You should have received a copy of the GNU General Public License
17
* along with this program; if not, write to the Free Software
18
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
17
* along with this program; if not, see <http://www.gnu.org/licenses/>.
20
* $Id: app-openpgp.c,v 1.9.2.38 2005/06/16 08:11:59 wk Exp $
19
* $Id: app-openpgp.c 4719 2008-03-26 09:20:40Z wk $
23
22
#include <config.h>
141
140
static unsigned long convert_sig_counter_value (const unsigned char *value,
142
141
size_t valuelen);
143
142
static unsigned long get_sig_counter (app_t app);
143
static gpg_error_t do_auth (app_t app, const char *keyidstr,
144
gpg_error_t (*pincb)(void*, const char *, char **),
146
const void *indata, size_t indatalen,
147
unsigned char **outdata, size_t *outdatalen);
1278
/* Verify a CHV either using using the pinentry or if possibile by
1279
using a keypad. PINCB and PINCB_ARG describe the usual callback
1280
for the pinentry. CHVNO must be either 1 or 2. SIGCOUNT is only
1281
used with CHV1. PINVALUE is the address of a pointer which will
1282
receive a newly allocated block with the actual PIN (this is useful
1283
in case that PIN shall be used for another verifiy operation). The
1284
caller needs to free this value. If the function returns with
1285
success and NULL is stored at PINVALUE, the caller should take this
1286
as an indication that the keypad has been used.
1289
verify_a_chv (app_t app,
1290
gpg_error_t (*pincb)(void*, const char *, char **),
1292
int chvno, unsigned long sigcount, char **pinvalue)
1296
iso7816_pininfo_t pininfo;
1299
assert (chvno == 1 || chvno == 2);
1303
memset (&pininfo, 0, sizeof pininfo);
1305
pininfo.minlen = minlen;
1307
if (!opt.disable_keypad
1308
&& !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) )
1310
/* The reader supports the verify command through the keypad. */
1314
#define PROMPTSTRING _("||Please enter your PIN at the reader's keypad%%0A" \
1316
size_t promptsize = strlen (PROMPTSTRING) + 50;
1318
prompt = xmalloc (promptsize);
1320
return gpg_error_from_syserror ();
1321
snprintf (prompt, promptsize-1, PROMPTSTRING, sigcount);
1322
rc = pincb (pincb_arg, prompt, NULL);
1327
rc = pincb (pincb_arg,
1328
_("||Please enter your PIN at the reader's keypad"),
1332
log_info (_("PIN callback returned error: %s\n"),
1336
rc = iso7816_verify_kp (app->slot, 0x80+chvno, "", 0, &pininfo);
1337
/* Dismiss the prompt. */
1338
pincb (pincb_arg, NULL, NULL);
1340
assert (!*pinvalue);
1344
/* The reader has no keypad or we don't want to use it. */
1348
#define PROMPTSTRING _("||Please enter the PIN%%0A[sigs done: %lu]")
1349
size_t promptsize = strlen (PROMPTSTRING) + 50;
1351
prompt = xmalloc (promptsize);
1353
return gpg_error_from_syserror ();
1354
snprintf (prompt, promptsize-1, PROMPTSTRING, sigcount);
1355
rc = pincb (pincb_arg, prompt, pinvalue);
1360
rc = pincb (pincb_arg, "PIN", pinvalue);
1364
log_info (_("PIN callback returned error: %s\n"),
1369
if (strlen (*pinvalue) < minlen)
1371
log_error (_("PIN for CHV%d is too short;"
1372
" minimum length is %d\n"), chvno, minlen);
1375
return gpg_error (GPG_ERR_BAD_PIN);
1378
rc = iso7816_verify (app->slot, 0x80+chvno,
1379
*pinvalue, strlen (*pinvalue));
1384
log_error (_("verify CHV%d failed: %s\n"), chvno, gpg_strerror (rc));
1387
flush_cache_after_error (app);
1275
1394
/* Verify CHV2 if required. Depending on the configuration of the
1276
1395
card CHV1 will also be verified. */
1279
1398
gpg_error_t (*pincb)(void*, const char *, char **),
1280
1399
void *pincb_arg)
1405
return 0; /* We already verified CHV2. */
1407
rc = verify_a_chv (app, pincb, pincb_arg, 2, 0, &pinvalue);
1413
if (!app->did_chv1 && !app->force_chv1 && pinvalue)
1287
iso7816_pininfo_t pininfo;
1289
memset (&pininfo, 0, sizeof pininfo);
1293
rc = pincb (pincb_arg, "PIN", &pinvalue);
1296
log_info (_("PIN callback returned error: %s\n"), gpg_strerror (rc));
1300
if (strlen (pinvalue) < 6)
1302
log_error (_("PIN for CHV%d is too short;"
1303
" minimum length is %d\n"), 2, 6);
1305
return gpg_error (GPG_ERR_BAD_PIN);
1308
rc = iso7816_verify (app->slot, 0x82, pinvalue, strlen (pinvalue));
1311
log_error (_("verify CHV%d failed: %s\n"), 2, gpg_strerror (rc));
1415
/* For convenience we verify CHV1 here too. We do this only if
1416
the card is not configured to require a verification before
1417
each CHV1 controlled operation (force_chv1) and if we are not
1418
using the keypad (PINVALUE == NULL). */
1419
rc = iso7816_verify (app->slot, 0x81, pinvalue, strlen (pinvalue));
1420
if (gpg_err_code (rc) == GPG_ERR_BAD_PIN)
1421
rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED);
1424
log_error (_("verify CHV%d failed: %s\n"), 1, gpg_strerror (rc));
1313
1425
flush_cache_after_error (app);
1318
if (!app->did_chv1 && !app->force_chv1)
1320
rc = iso7816_verify (app->slot, 0x81, pinvalue, strlen (pinvalue));
1321
if (gpg_err_code (rc) == GPG_ERR_BAD_PIN)
1322
rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED);
1325
log_error (_("verify CHV%d failed: %s\n"), 1, gpg_strerror (rc));
1327
flush_cache_after_error (app);
1337
1436
/* Verify CHV3 if required. */
1338
1437
static gpg_error_t
1339
1438
verify_chv3 (app_t app,
1370
1475
xfree (relptr);
1371
1476
return gpg_error (GPG_ERR_BAD_PIN);
1478
remaining = value[6];
1374
1481
log_info(_("%d Admin PIN attempts remaining before card"
1375
" is permanently locked\n"), value[6]);
1482
" is permanently locked\n"), remaining);
1378
/* TRANSLATORS: Do not translate the "|A|" prefix but
1379
keep it at the start of the string. We need this elsewhere
1380
to get some infos on the string. */
1381
rc = pincb (pincb_arg, _("|A|Admin PIN"), &pinvalue);
1484
if (!opt.disable_keypad
1485
&& !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) )
1384
log_info (_("PIN callback returned error: %s\n"), gpg_strerror (rc));
1487
/* The reader supports the verify command through the keypad. */
1491
#define PROMPTSTRING _("|A|Please enter the Admin PIN" \
1492
" at the reader's keypad%%0A" \
1493
"[remaining attempts: %d]")
1494
size_t promptsize = strlen (PROMPTSTRING) + 50;
1497
prompt = xmalloc (promptsize);
1499
return gpg_error_from_syserror ();
1500
snprintf (prompt, promptsize-1, PROMPTSTRING, remaining);
1501
rc = pincb (pincb_arg, prompt, NULL);
1506
rc = pincb (pincb_arg, _("|A|Please enter the Admin PIN"
1507
" at the reader's keypad"), NULL);
1511
log_info (_("PIN callback returned error: %s\n"),
1515
rc = iso7816_verify_kp (app->slot, 0x83, "", 0, &pininfo);
1516
/* Dismiss the prompt. */
1517
pincb (pincb_arg, NULL, NULL);
1388
if (strlen (pinvalue) < 8)
1390
log_error (_("PIN for CHV%d is too short;"
1391
" minimum length is %d\n"), 3, 8);
1523
/* TRANSLATORS: Do not translate the "|A|" prefix but keep
1524
it at the start of the string. We need this elsewhere to
1525
get some infos on the string. */
1526
rc = pincb (pincb_arg, _("|A|Admin PIN"), &pinvalue);
1529
log_info (_("PIN callback returned error: %s\n"),
1534
if (strlen (pinvalue) < minlen)
1536
log_error (_("PIN for CHV%d is too short;"
1537
" minimum length is %d\n"), 3, minlen);
1539
return gpg_error (GPG_ERR_BAD_PIN);
1542
rc = iso7816_verify (app->slot, 0x83, pinvalue, strlen (pinvalue));
1392
1543
xfree (pinvalue);
1393
return gpg_error (GPG_ERR_BAD_PIN);
1396
rc = iso7816_verify (app->slot, 0x83, pinvalue, strlen (pinvalue));
1400
1548
log_error (_("verify CHV%d failed: %s\n"), 3, gpg_strerror (rc));
1401
1549
flush_cache_after_error (app);
1968
2116
/* log_printhex ("RSA e:", e, elen); */
1969
2117
send_key_data (ctrl, "e", e, elen);
1971
created_at = gnupg_get_time ();
2119
created_at = createtime? createtime : gnupg_get_time ();
1972
2120
sprintf (numbuf, "%lu", (unsigned long)created_at);
1973
2121
send_status_info (ctrl, "KEY-CREATED-AT",
1974
2122
numbuf, (size_t)strlen(numbuf), NULL, 0);
2084
2233
raw message digest. For this application the KEYIDSTR consists of
2085
2234
the serialnumber and the fingerprint delimited by a slash.
2087
Note that this fucntion may return the error code
2236
Note that this function may return the error code
2088
2237
GPG_ERR_WRONG_CARD to indicate that the card currently present does
2089
2238
not match the one required for the requested action (e.g. the
2090
serial number does not match). */
2239
serial number does not match).
2241
As a special feature a KEYIDSTR of "OPENPGP.3" redirects the
2242
operation to the auth command.
2091
2244
static gpg_error_t
2092
2245
do_sign (app_t app, const char *keyidstr, int hashalgo,
2093
2246
gpg_error_t (*pincb)(void*, const char *, char **),
2116
2270
else if (indatalen == (15 + 20) && hashalgo == GCRY_MD_SHA1
2117
2271
&& !memcmp (indata, sha1_prefix, 15))
2273
indata = (const char*)indata + 15;
2119
2276
else if (indatalen == (15 + 20) && hashalgo == GCRY_MD_RMD160
2120
2277
&& !memcmp (indata, rmd160_prefix, 15))
2279
indata = (const char*)indata + 15;
2123
return gpg_error (GPG_ERR_INV_VALUE);
2284
log_error (_("card does not support digest algorithm %s\n"),
2285
gcry_md_algo_name (hashalgo));
2286
return gpg_error (GPG_ERR_INV_VALUE);
2125
2289
/* Check whether an OpenPGP card of any version has been requested. */
2126
if (strlen (keyidstr) < 32 || strncmp (keyidstr, "D27600012401", 12))
2127
return gpg_error (GPG_ERR_INV_ID);
2129
for (s=keyidstr, n=0; hexdigitp (s); s++, n++)
2290
if (!strcmp (keyidstr, "OPENPGP.1"))
2292
else if (!strcmp (keyidstr, "OPENPGP.3"))
2294
else if (strlen (keyidstr) < 32 || strncmp (keyidstr, "D27600012401", 12))
2132
2295
return gpg_error (GPG_ERR_INV_ID);
2134
; /* no fingerprint given: we allow this for now. */
2138
return gpg_error (GPG_ERR_INV_ID);
2140
for (s=keyidstr, n=0; n < 16; s += 2, n++)
2141
tmp_sn[n] = xtoi_2 (s);
2143
if (app->serialnolen != 16)
2144
return gpg_error (GPG_ERR_INV_CARD);
2145
if (memcmp (app->serialno, tmp_sn, 16))
2146
return gpg_error (GPG_ERR_WRONG_CARD);
2298
for (s=keyidstr, n=0; hexdigitp (s); s++, n++)
2301
return gpg_error (GPG_ERR_INV_ID);
2303
; /* no fingerprint given: we allow this for now. */
2307
return gpg_error (GPG_ERR_INV_ID);
2309
for (s=keyidstr, n=0; n < 16; s += 2, n++)
2310
tmp_sn[n] = xtoi_2 (s);
2312
if (app->serialnolen != 16)
2313
return gpg_error (GPG_ERR_INV_CARD);
2314
if (memcmp (app->serialno, tmp_sn, 16))
2315
return gpg_error (GPG_ERR_WRONG_CARD);
2148
2318
/* If a fingerprint has been specified check it against the one on
2149
2319
the card. This is allows for a meaningful error message in case
2171
2349
char *pinvalue;
2175
#define PROMPTSTRING _("||Please enter the PIN%%0A[sigs done: %lu]")
2177
prompt = malloc (strlen (PROMPTSTRING) + 50);
2179
return gpg_error_from_errno (errno);
2180
sprintf (prompt, PROMPTSTRING, sigcount);
2181
rc = pincb (pincb_arg, prompt, &pinvalue);
2187
log_info (_("PIN callback returned error: %s\n"), gpg_strerror (rc));
2191
if (strlen (pinvalue) < 6)
2193
log_error (_("PIN for CHV%d is too short;"
2194
" minimum length is %d\n"), 1, 6);
2196
return gpg_error (GPG_ERR_BAD_PIN);
2199
rc = iso7816_verify (app->slot, 0x81, pinvalue, strlen (pinvalue));
2202
log_error (_("verify CHV%d failed: %s\n"), 1, gpg_strerror (rc));
2204
flush_cache_after_error (app);
2351
rc = verify_a_chv (app, pincb, pincb_arg, 1, sigcount, &pinvalue);
2207
2355
app->did_chv1 = 1;
2357
if (!app->did_chv2 && pinvalue)
2210
/* We should also verify CHV2. */
2359
/* We should also verify CHV2. Note, that we can't do that
2360
if the keypad has been used. */
2211
2361
rc = iso7816_verify (app->slot, 0x82, pinvalue, strlen (pinvalue));
2212
2362
if (gpg_err_code (rc) == GPG_ERR_BAD_PIN)
2213
2363
rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED);
2317
2467
return gpg_error (GPG_ERR_INV_VALUE);
2319
2469
/* Check whether an OpenPGP card of any version has been requested. */
2320
if (strlen (keyidstr) < 32 || strncmp (keyidstr, "D27600012401", 12))
2321
return gpg_error (GPG_ERR_INV_ID);
2323
for (s=keyidstr, n=0; hexdigitp (s); s++, n++)
2470
if (!strcmp (keyidstr, "OPENPGP.2"))
2472
else if (strlen (keyidstr) < 32 || strncmp (keyidstr, "D27600012401", 12))
2326
2473
return gpg_error (GPG_ERR_INV_ID);
2328
; /* no fingerprint given: we allow this for now. */
2332
return gpg_error (GPG_ERR_INV_ID);
2334
for (s=keyidstr, n=0; n < 16; s += 2, n++)
2335
tmp_sn[n] = xtoi_2 (s);
2337
if (app->serialnolen != 16)
2338
return gpg_error (GPG_ERR_INV_CARD);
2339
if (memcmp (app->serialno, tmp_sn, 16))
2340
return gpg_error (GPG_ERR_WRONG_CARD);
2476
for (s=keyidstr, n=0; hexdigitp (s); s++, n++)
2479
return gpg_error (GPG_ERR_INV_ID);
2481
; /* no fingerprint given: we allow this for now. */
2485
return gpg_error (GPG_ERR_INV_ID);
2487
for (s=keyidstr, n=0; n < 16; s += 2, n++)
2488
tmp_sn[n] = xtoi_2 (s);
2490
if (app->serialnolen != 16)
2491
return gpg_error (GPG_ERR_INV_CARD);
2492
if (memcmp (app->serialno, tmp_sn, 16))
2493
return gpg_error (GPG_ERR_WRONG_CARD);
2342
2496
/* If a fingerprint has been specified check it against the one on
2343
2497
the card. This is allows for a meaningful error message in case
2351
2505
rc = verify_chv2 (app, pincb, pincb_arg);
2353
rc = iso7816_decipher (app->slot, indata, indatalen, 0,
2354
outdata, outdatalen);
2510
/* We might encounter a couple of leading zeroes in the
2511
cryptogram. Due to internal use of MPIs thease leading
2512
zeroes are stripped. However the OpenPGP card expects
2513
exactly 128 bytes for the cryptogram (for a 1k key). Thus we
2514
need to fix it up. We do this for up to 16 leading zero
2515
bytes; a cryptogram with more than this is with a very high
2516
probability anyway broken. */
2517
if (indatalen >= (128-16) && indatalen < 128) /* 1024 bit key. */
2518
fixuplen = 128 - indatalen;
2519
else if (indatalen >= (256-16) && indatalen < 256) /* 2048 bit key. */
2520
fixuplen = 256 - indatalen;
2521
else if (indatalen >= (192-16) && indatalen < 192) /* 1536 bit key. */
2522
fixuplen = 192 - indatalen;
2527
unsigned char *fixbuf;
2529
/* While we have to prepend stuff anyway, we can also
2530
include the padding byte here so that iso1816_decipher
2531
does not need to do yet another data mangling. */
2533
fixbuf = xtrymalloc (fixuplen + indatalen);
2535
rc = gpg_error_from_syserror ();
2538
memset (fixbuf, 0, fixuplen);
2539
memcpy (fixbuf+fixuplen, indata, indatalen);
2540
rc = iso7816_decipher (app->slot, fixbuf, fixuplen+indatalen, -1,
2541
outdata, outdatalen);
2547
rc = iso7816_decipher (app->slot, indata, indatalen, 0,
2548
outdata, outdatalen);