~ubuntu-branches/ubuntu/precise/gnupg2/precise-updates

« back to all changes in this revision

Viewing changes to scd/app-openpgp.c

Committer: Bazaar Package Importer
Author(s): Michael Bienia
Date: 2007-02-02 14:29:54 UTC
mto: (5.1.9 feisty) (7.1.1 squeeze) (1.1.13 upstream)
mto: This revision was merged to the branch mainline in revision 6.
Revision ID: james.westby@ubuntu.com-20070202142954-8dmrb4d9l2imbtdm

Tags: upstream-2.0.2

Import upstream version 2.0.2

files added:
doc/gpgv.texi

g10/server.c

files modified:
AUTHORS

ChangeLog

NEWS

README.SVN

THANKS

TODO

VERSION

agent/ChangeLog

agent/Makefile.am

agent/Makefile.in

agent/agent.h

agent/call-pinentry.c

agent/command-ssh.c

agent/command.c

agent/divert-scd.c

agent/genkey.c

agent/gpg-agent.c

agent/protect-tool.c

common/ChangeLog

common/Makefile.am

common/Makefile.in

common/simple-pwquery.c

common/simple-pwquery.h

configure

configure.ac

doc/ChangeLog

doc/DETAILS

doc/Makefile.am

doc/Makefile.in

doc/com-certs.pem

doc/gnupg.info

doc/gnupg.info-1

doc/gnupg.texi

doc/gpg-agent.texi

doc/gpg.texi

doc/gpgsm.texi

doc/qualified.txt

doc/specify-user-id.texi

doc/stamp-vti

doc/tools.texi

doc/version.texi

g10/ChangeLog

g10/Makefile.am

g10/Makefile.in

g10/armor.c

g10/call-agent.c

g10/cipher.c

g10/dearmor.c

g10/decrypt.c

g10/encode.c

g10/encr-data.c

g10/export.c

g10/filter.h

g10/gpg.c

g10/gpg.h

g10/import.c

g10/keyedit.c

g10/keygen.c

g10/keyserver.c

g10/main.h

g10/mainproc.c

g10/misc.c

g10/openfile.c

g10/options.h

g10/packet.h

g10/parse-packet.c

g10/passphrase.c

g10/pkclist.c

g10/plaintext.c

g10/progress.c

g10/revoke.c

g10/sign.c

g10/status.c

g10/status.h

g10/textfilter.c

g10/verify.c

jnlib/ChangeLog

jnlib/stringhelp.c

jnlib/stringhelp.h

jnlib/utf8conv.c

kbx/ChangeLog

kbx/Makefile.am

kbx/Makefile.in

keyserver/ChangeLog

keyserver/gpgkeys_hkp.c

po/ChangeLog

po/be.gmo

po/be.po

po/ca.gmo

po/ca.po

po/cs.gmo

po/cs.po

po/da.gmo

po/da.po

po/de.gmo

po/de.po

po/el.gmo

po/el.po

po/en@boldquot.gmo

po/en@boldquot.po

po/en@quot.gmo

po/en@quot.po

po/eo.gmo

po/eo.po

po/es.gmo

po/es.po

po/et.gmo

po/et.po

po/fi.gmo

po/fi.po

po/fr.gmo

po/fr.po

po/gl.gmo

po/gl.po

po/gnupg2.pot

po/hu.gmo

po/hu.po

po/id.gmo

po/id.po

po/it.gmo

po/it.po

po/ja.gmo

po/ja.po

po/nb.gmo

po/nb.po

po/pl.gmo

po/pl.po

po/pt.gmo

po/pt.po

po/pt_BR.gmo

po/pt_BR.po

po/ro.gmo

po/ro.po

po/ru.gmo

po/ru.po

po/sk.gmo

po/sk.po

po/sv.gmo

po/sv.po

po/tr.gmo

po/tr.po

po/zh_CN.gmo

po/zh_CN.po

po/zh_TW.gmo

po/zh_TW.po

scd/ChangeLog

scd/Makefile.am

scd/Makefile.in

scd/app-openpgp.c

scd/ccid-driver.c

sm/ChangeLog

sm/Makefile.am

sm/Makefile.in

sm/base64.c

sm/certchain.c

sm/encrypt.c

sm/fingerprint.c

sm/gpgsm.c

sm/server.c

tools/ChangeLog

tools/Makefile.am

tools/Makefile.in

tools/gpg-connect-agent.c

tools/symcryptrun.c

Show diffs side-by-side

added added

removed removed

scd/app-openpgp.c

* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,

* USA.

* $Id: app-openpgp.c 4342 2006-11-20 16:49:41Z wk $

* $Id: app-openpgp.c 4391 2006-12-21 12:13:44Z wk $

#include <config.h>

1277

}

1278

1279

1280

/* Verify a CHV either using using the pinentry or if possibile by

1281

using a keypad. PINCB and PINCB_ARG describe the usual callback

1282

for the pinentry. CHVNO must be either 1 or 2. SIGCOUNT is only

1283

ised with CHV1. PINVALUE is the address of a pointer which will

1284

receive a newly allocated block with the actual PIN (this is useful

1285

in case that PIN shall be used for another verifiy operation). The

1286

caller needs to free this value. If the function returns with

1287

success and NULL is stored at PINVALUE, the caller should take this

1288

as an indication that the keypad has been used.

1289

1290

static gpg_error_t

1291

verify_a_chv (app_t app,

1292

gpg_error_t (*pincb)(void*, const char *, char **),

1293

void *pincb_arg,

1294

int chvno, unsigned long sigcount, char **pinvalue)

1295

{

1296

int rc = 0;

1297

char *prompt;

1298

iso7816_pininfo_t pininfo;

1299

int minlen = 6;

1300

1301

assert (chvno == 1 || chvno == 2);

1302

1303

*pinvalue = NULL;

1304

1305

memset (&pininfo, 0, sizeof pininfo);

1306

pininfo.mode = 1;

1307

pininfo.minlen = minlen;

1308

1309

if (!opt.disable_keypad

1310

&& !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) )

1311

{

1312

/* The reader supports the verify command through the keypad. */

1313

1314

if (chvno == 1)

1315

{

1316

#define PROMPTSTRING _("||Please enter your PIN at the reader's keypad%%0A" \

1317

"[sigs done: %lu]")

1318

size_t promptsize = strlen (PROMPTSTRING) + 50;

1319

1320

prompt = xmalloc (promptsize);

1321

if (!prompt)

1322

return gpg_error_from_syserror ();

1323

snprintf (prompt, promptsize-1, PROMPTSTRING, sigcount);

1324

rc = pincb (pincb_arg, prompt, NULL);

1325

xfree (prompt);

1326

#undef PROMPTSTRING

1327

}

1328

else

1329

rc = pincb (pincb_arg,

1330

_("||Please enter your PIN at the reader's keypad"),

1331

NULL);

1332

if (rc)

1333

{

1334

log_info (_("PIN callback returned error: %s\n"),

1335

gpg_strerror (rc));

1336

return rc;

1337

}

1338

rc = iso7816_verify_kp (app->slot, 0x80+chvno, "", 0, &pininfo);

1339

/* Dismiss the prompt. */

1340

pincb (pincb_arg, NULL, NULL);

1341

1342

assert (!*pinvalue);

1343

}

1344

else

1345

{

1346

/* The reader has no keypad or we don't want to use it. */

1347

1348

if (chvno == 1)

1349

{

1350

#define PROMPTSTRING _("||Please enter the PIN%%0A[sigs done: %lu]")

1351

size_t promptsize = strlen (PROMPTSTRING) + 50;

1352

1353

prompt = xmalloc (promptsize);

1354

if (!prompt)

1355

return gpg_error_from_syserror ();

1356

snprintf (prompt, promptsize-1, PROMPTSTRING, sigcount);

1357

rc = pincb (pincb_arg, prompt, pinvalue);

1358

xfree (prompt);

1359

#undef PROMPTSTRING

1360

}

1361

else

1362

rc = pincb (pincb_arg, "PIN", pinvalue);

1363

1364

if (rc)

1365

{

1366

log_info (_("PIN callback returned error: %s\n"),

1367

gpg_strerror (rc));

1368

return rc;

1369

}

1370

1371

if (strlen (*pinvalue) < minlen)

1372

{

1373

log_error (_("PIN for CHV%d is too short;"

1374

" minimum length is %d\n"), chvno, minlen);

1375

xfree (*pinvalue);

1376

*pinvalue = NULL;

1377

return gpg_error (GPG_ERR_BAD_PIN);

1378

}

1379

1380

rc = iso7816_verify (app->slot, 0x80+chvno,

1381

*pinvalue, strlen (*pinvalue));

1382

}

1383

1384

if (rc)

1385

{

1386

log_error (_("verify CHV%d failed: %s\n"), chvno, gpg_strerror (rc));

1387

xfree (*pinvalue);

1388

*pinvalue = NULL;

1389

flush_cache_after_error (app);

1390

}

1391

1392

return rc;

1393

}

1394

1280

1395

1281

1396

/* Verify CHV2 if required. Depending on the configuration of the

1282

1397

card CHV1 will also be verified. */

1285

1400

gpg_error_t (*pincb)(void*, const char *, char **),

1286

1401

void *pincb_arg)

1287

1402

{

1288

int rc = 0;

1289

1290

if (!app->did_chv2)

1403

int rc;

1404

char *pinvalue;

1405

1406

if (app->did_chv2)

1407

return 0; /* We already verified CHV2. */

1408

1409

rc = verify_a_chv (app, pincb, pincb_arg, 2, 0, &pinvalue);

1410

if (rc)

1411

return rc;

1412

1413

app->did_chv2 = 1;

1414

1415

if (!app->did_chv1 && !app->force_chv1 && pinvalue)

1291

1416

{

1292

char *pinvalue;

1293

iso7816_pininfo_t pininfo;

1294

int did_keypad = 0;

1295

1296

memset (&pininfo, 0, sizeof pininfo);

1297

pininfo.mode = 1;

1298

pininfo.minlen = 6;

1299

1300

if (!opt.disable_keypad

1301

&& !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) )

1302

{

1303

/* The reader supports the verify command through the keypad. */

1304

did_keypad = 1;

1305

rc = pincb (pincb_arg,

1306

_("||Please enter your PIN at the reader's keypad"),

1307

NULL);

1308

if (rc)

1309

{

1310

log_info (_("PIN callback returned error: %s\n"),

1311

gpg_strerror (rc));

1312

return rc;

1313

}

1314

rc = iso7816_verify_kp (app->slot, 0x82, "", 0, &pininfo);

1315

/* Dismiss the prompt. */

1316

pincb (pincb_arg, NULL, NULL);

1317

}

1318

else

1319

{

1320

/* The reader has no keypad or we don't want to use it. */

1321

rc = pincb (pincb_arg, "PIN", &pinvalue);

1322

if (rc)

1323

{

1324

log_info (_("PIN callback returned error: %s\n"),

1325

gpg_strerror (rc));

1326

return rc;

1327

}

1328

1329

if (strlen (pinvalue) < 6)

1330

{

1331

log_error (_("PIN for CHV%d is too short;"

1332

" minimum length is %d\n"), 2, 6);

1333

xfree (pinvalue);

1334

return gpg_error (GPG_ERR_BAD_PIN);

1335

}

1336

1337

rc = iso7816_verify (app->slot, 0x82, pinvalue, strlen (pinvalue));

1338

}

1339

1417

/* For convenience we verify CHV1 here too. We do this only if

1418

the card is not configured to require a verification before

1419

each CHV1 controlled operation (force_chv1) and if we are not

1420

using the keypad (PINVALUE == NULL). */

1421

rc = iso7816_verify (app->slot, 0x81, pinvalue, strlen (pinvalue));

1422

if (gpg_err_code (rc) == GPG_ERR_BAD_PIN)

1423

rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED);

1340

1424

if (rc)

1341

1425

{

1342

log_error (_("verify CHV%d failed: %s\n"), 2, gpg_strerror (rc));

1343

xfree (pinvalue);

1426

log_error (_("verify CHV%d failed: %s\n"), 1, gpg_strerror (rc));

1344

1427

flush_cache_after_error (app);

1345

return rc;

1346

}

1347

app->did_chv2 = 1;

1348

1349

if (!app->did_chv1 && !app->force_chv1 && !did_keypad)

1350

{

1351

rc = iso7816_verify (app->slot, 0x81, pinvalue, strlen (pinvalue));

1352

if (gpg_err_code (rc) == GPG_ERR_BAD_PIN)

1353

rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED);

1354

if (rc)

1355

{

1356

log_error (_("verify CHV%d failed: %s\n"), 1, gpg_strerror (rc));

1357

xfree (pinvalue);

1358

flush_cache_after_error (app);

1359

return rc;

1360

}

1361

app->did_chv1 = 1;

1362

}

1363

xfree (pinvalue);

1428

}

1429

else

1430

app->did_chv1 = 1;

1364

1431

}

1432

xfree (pinvalue);

1433

1365

1434

return rc;

1366

1435

}

1367

1436

1437

1368

1438

/* Verify CHV3 if required. */

1369

1439

static gpg_error_t

1370

1440

verify_chv3 (app_t app,

2076

2146

if (sha1fpr[i] != fpr[i])

2077

2147

{

2078

2148

xfree (buffer);

2149

log_info (_("fingerprint on card does not match requested one\n"));

2079

2150

return gpg_error (GPG_ERR_WRONG_SECKEY);

2080

2151

}

2081

2152

xfree (buffer);

2230

2301

{

2231

2302

char *pinvalue;

2232

2303

2233

{

2234

char *prompt;

2235

#define PROMPTSTRING _("||Please enter the PIN%%0A[sigs done: %lu]")

2236

2237

prompt = malloc (strlen (PROMPTSTRING) + 50);

2238

if (!prompt)

2239

return gpg_error_from_syserror ();

2240

sprintf (prompt, PROMPTSTRING, sigcount);

2241

rc = pincb (pincb_arg, prompt, &pinvalue);

2242

free (prompt);

2243

#undef PROMPTSTRING

2244

}

2245

if (rc)

2246

{

2247

log_info (_("PIN callback returned error: %s\n"), gpg_strerror (rc));

2248

return rc;

2249

}

2250

2251

if (strlen (pinvalue) < 6)

2252

{

2253

log_error (_("PIN for CHV%d is too short;"

2254

" minimum length is %d\n"), 1, 6);

2255

xfree (pinvalue);

2256

return gpg_error (GPG_ERR_BAD_PIN);

2257

}

2258

2259

rc = iso7816_verify (app->slot, 0x81, pinvalue, strlen (pinvalue));

2260

if (rc)

2261

{

2262

log_error (_("verify CHV%d failed: %s\n"), 1, gpg_strerror (rc));

2263

xfree (pinvalue);

2264

flush_cache_after_error (app);

2265

return rc;

2266

}

2304

rc = verify_a_chv (app, pincb, pincb_arg, 1, sigcount, &pinvalue);

2305

if (rc)

2306

return rc;

2307

2267

2308

app->did_chv1 = 1;

2268

if (!app->did_chv2)

2309

2310

if (!app->did_chv2 && pinvalue)

2269

2311

{

2270

/* We should also verify CHV2. */

2312

/* We should also verify CHV2. Note, that we can't do that

2313

if the keypad has been used. */

2271

2314

rc = iso7816_verify (app->slot, 0x82, pinvalue, strlen (pinvalue));

2272

2315

if (gpg_err_code (rc) == GPG_ERR_BAD_PIN)

2273

2316

rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED);

Older »