~ubuntu-branches/ubuntu/raring/gnupg2/raring-proposed

« back to all changes in this revision

Viewing changes to scd/command.c

Committer: Bazaar Package Importer
Author(s): Eric Dorland
Date: 2009-08-23 20:48:11 UTC
mfrom: (1.1.12 upstream)
Revision ID: james.westby@ubuntu.com-20090823204811-cajik24rci4xszia

Tags: 2.0.12-1

http://bugs.debian.org/499569

http://bugs.debian.org/463270

http://bugs.debian.org/446494

http://bugs.debian.org/314068

http://bugs.debian.org/528734

* New upstream release. (Closes: #499569, #463270, #446494, #314068,
  #519375, #514587)
* debian/control: Change build dependency on gs to ghoscript, since
  ghoscript has been replaced.
* debian/compat: Use debhelper v7.
* debian/control: Update Standards-Version to 3.8.2.
* debian/control: Use ${misc:Depends}.
* configure.ac: Override pkgdatadir so that it points to
  /usr/share/gnupg2. (Closes: #528734)
* debian/rules: No longer need to specify pkgdatadir at make install
  time.

files added:
common/get-passphrase.c

common/get-passphrase.h

common/t-exechelp.c

tools/ccidmon.c

files modified:
AUTHORS

ChangeLog

Makefile.in

NEWS

THANKS

TODO

VERSION

aclocal.m4

agent/ChangeLog

agent/Makefile.am

agent/Makefile.in

agent/agent.h

agent/cache.c

agent/call-pinentry.c

agent/call-scd.c

agent/command-ssh.c

agent/command.c

agent/divert-scd.c

agent/findkey.c

agent/genkey.c

agent/gpg-agent.c

agent/learncard.c

agent/pkdecrypt.c

agent/pksign.c

agent/protect-tool.c

agent/protect.c

agent/trustlist.c

common/ChangeLog

common/Makefile.am

common/Makefile.in

common/estream.c

common/exechelp.c

common/exechelp.h

common/gettime.c

common/http.c

common/http.h

common/iobuf.c

common/membuf.c

common/percent.c

common/sexputil.c

common/simple-pwquery.c

common/srv.c

common/sysutils.c

common/sysutils.h

common/t-percent.c

common/t-sexputil.c

common/ttyio.c

common/ttyio.h

common/util.h

config.guess

config.h.in

config.sub

configure

configure.ac

debian/changelog

debian/compat

debian/control

debian/rules

doc/ChangeLog

doc/DETAILS

doc/Makefile.in

doc/gnupg.info

doc/gnupg.info-1

doc/gnupg.info-2

doc/gpg-agent.texi

doc/gpg.texi

doc/gpgsm.texi

doc/gpgv.texi

doc/help.txt

doc/scdaemon.texi

doc/stamp-vti

doc/tools.texi

doc/version.texi

g10/ChangeLog

g10/Makefile.in

g10/call-agent.c

g10/call-agent.h

g10/card-util.c

g10/cipher.c

g10/encode.c

g10/encr-data.c

g10/getkey.c

g10/gpg.c

g10/gpg.h

g10/gpgv.c

g10/keydb.c

g10/keydb.h

g10/keygen.c

g10/keyring.c

g10/keyring.h

g10/keyserver.c

g10/main.h

g10/mainproc.c

g10/misc.c

g10/parse-packet.c

g10/passphrase.c

g10/pubkey-enc.c

g10/seckey-cert.c

g10/seskey.c

g10/sign.c

g10/skclist.c

gl/Makefile.in

include/Makefile.in

jnlib/ChangeLog

jnlib/Makefile.in

jnlib/dotlock.c

jnlib/logging.c

jnlib/mischelp.h

jnlib/t-support.c

kbx/Makefile.in

kbx/keybox-search.c

keyserver/ChangeLog

keyserver/Makefile.in

keyserver/curl-shim.c

keyserver/curl-shim.h

keyserver/gpg2keys_mailto.in

keyserver/gpgkeys_curl.c

keyserver/gpgkeys_finger.c

keyserver/gpgkeys_hkp.c

keyserver/gpgkeys_ldap.c

m4/Makefile.in

po/ChangeLog

po/POTFILES.in

po/be.gmo

po/be.po

po/ca.gmo

po/ca.po

po/cs.gmo

po/cs.po

po/da.gmo

po/da.po

po/de.gmo

po/de.po

po/el.gmo

po/el.po

po/en@boldquot.gmo

po/en@boldquot.po

po/en@quot.gmo

po/en@quot.po

po/eo.gmo

po/eo.po

po/es.gmo

po/es.po

po/et.gmo

po/et.po

po/fi.gmo

po/fi.po

po/fr.gmo

po/fr.po

po/gl.gmo

po/gl.po

po/gnupg2.pot

po/hu.gmo

po/hu.po

po/id.gmo

po/id.po

po/it.gmo

po/it.po

po/ja.gmo

po/ja.po

po/nb.gmo

po/nb.po

po/pl.gmo

po/pl.po

po/pt.gmo

po/pt.po

po/pt_BR.gmo

po/pt_BR.po

po/ro.gmo

po/ro.po

po/ru.gmo

po/ru.po

po/sk.gmo

po/sk.po

po/sv.gmo

po/sv.po

po/tr.gmo

po/tr.po

po/zh_CN.gmo

po/zh_CN.po

po/zh_TW.gmo

po/zh_TW.po

scd/ChangeLog

scd/Makefile.in

scd/apdu.c

scd/apdu.h

scd/app-common.h

scd/app-dinsig.c

scd/app-geldkarte.c

scd/app-help.c

scd/app-nks.c

scd/app-openpgp.c

scd/app-p15.c

scd/app.c

scd/ccid-driver.c

scd/command.c

scd/iso7816.c

scd/iso7816.h

scd/scdaemon.c

scd/scdaemon.h

sm/ChangeLog

sm/Makefile.in

sm/call-agent.c

sm/certchain.c

sm/certdump.c

sm/decrypt.c

sm/delete.c

sm/encrypt.c

sm/export.c

sm/fingerprint.c

sm/gpgsm.c

sm/gpgsm.h

sm/import.c

sm/keylist.c

sm/server.c

sm/sign.c

sm/verify.c

tests/Makefile.in

tests/openpgp/ChangeLog

tests/openpgp/Makefile.in

tests/openpgp/defs.inc

tests/openpgp/mkdemodirs

tests/pkits/Makefile.in

tools/ChangeLog

tools/Makefile.am

tools/Makefile.in

tools/gpg-connect-agent.c

tools/gpgconf-comp.c

tools/gpgconf.c

tools/sockprox.c

tools/watchgnupg.c

version

Show diffs side-by-side

added added

removed removed

scd/command.c

/* command.c - SCdaemon command handler

* 2007, 2008 Free Software Foundation, Inc.

* 2007, 2008, 2009 Free Software Foundation, Inc.

* This file is part of GnuPG.

112

continue operation. */

113

int card_removed;

114

115

/* Flag indicating that the application context needs to be released

116

at the next opportunity. */

117

int app_ctx_marked_for_release;

118

115

119

/* A disconnect command has been sent. */

116

120

int disconnect_allowed;

117

121

165

169

166

170

167

171

/* Update the CARD_REMOVED element of all sessions using the reader

168

given by SLOT to VALUE */

172

given by SLOT to VALUE. */

169

173

static void

170

174

update_card_removed (int slot, int value)

171

175

{

184

188

185

189

186

190

187

/* Check whether the option NAME appears in LINE */

191

/* Check whether the option NAME appears in LINE. Returns 1 or 0. */

188

192

static int

189

193

has_option (const char *line, const char *name)

190

194

{

198

202

/* Same as has_option but does only test for the name of the option

199

203

and ignores an argument, i.e. with NAME being "--hash" it would

200

204

return a pointer for "--hash" as well as for "--hash=foo". If

201

thhere is no such option NULL is returned. The pointer returned

205

there is no such option NULL is returned. The pointer returned

202

206

points right behind the option name, this may be an equal sign, Nul

203

207

or a space. */

204

208

static const char *

274

278

if (!(slot == -1 || (slot >= 0 && slot < DIM(slot_table))))

275

279

BUG ();

276

280

277

/* If there is an active application, release it. */

281

/* If there is an active application, release it. Tell all other

282

sessions using the same application to release the

283

application. */

278

284

if (ctrl->app_ctx)

279

285

{

280

286

release_application (ctrl->app_ctx);

281

287

ctrl->app_ctx = NULL;

288

if (send_reset)

289

{

290

struct server_local_s *sl;

291

292

for (sl=session_list; sl; sl = sl->next_session)

293

if (sl->ctrl_backlink

294

&& sl->ctrl_backlink->reader_slot == slot)

295

{

296

sl->app_ctx_marked_for_release = 1;

297

}

298

}

282

299

}

283

300

284

301

/* If we want a real reset for the card, send the reset APDU and

397

414

if ( IS_LOCKED (ctrl) )

398

415

return gpg_error (GPG_ERR_LOCKED);

399

416

400

if (ctrl->app_ctx)

417

/* If the application has been marked for release do it now. We

418

can't do it immediately in do_reset because the application may

419

still be in use. */

420

if (ctrl->server_local->app_ctx_marked_for_release)

401

421

{

402

/* Already initialized for one specific application. Need to

403

check that the client didn't requested a specific application

404

different from the one in use. */

405

return check_application_conflict (ctrl, apptype);

422

ctrl->server_local->app_ctx_marked_for_release = 0;

423

release_application (ctrl->app_ctx);

424

ctrl->app_ctx = NULL;

406

425

}

407

426

427

/* If we are already initialized for one specific application we

428

need to check that the client didn't requested a specific

429

application different from the one in use before we continue. */

430

if (ctrl->app_ctx)

431

return check_application_conflict (ctrl, apptype);

432

433

/* Setup the slot and select the application. */

408

434

if (ctrl->reader_slot != -1)

409

435

slot = ctrl->reader_slot;

410

436

else

436

462

}

437

463

438

464

439

/* Do the percent and plus/space unescaping in place and return the

440

length of the valid buffer. */

441

static size_t

442

percent_plus_unescape (unsigned char *string)

443

{

444

unsigned char *p = string;

445

size_t n = 0;

446

447

while (*string)

448

{

449

if (*string == '%' && string[1] && string[2])

450

{

451

string++;

452

*p++ = xtoi_2 (string);

453

n++;

454

string+= 2;

455

}

456

else if (*string == '+')

457

{

458

*p++ = ' ';

459

n++;

460

string++;

461

}

462

else

463

{

464

*p++ = *string++;

465

n++;

466

}

467

}

468

469

return n;

470

}

471

472

473

474

465

/* SERIALNO [APPTYPE]

475

466

476

467

Return the serial number of the card using a status reponse. This

528

519

529

520

530

521

531

/* LEARN [--force]

522

/* LEARN [--force] [--keypairinfo]

532

523

533

524

Learn all useful information of the currently inserted card. When

534

525

used without the force options, the command might do an INQUIRE

538

529

539

530

The client should just send an "END" if the processing should go on

540

531

or a "CANCEL" to force the function to terminate with a Cancel

541

error message. The response of this command is a list of status

542

lines formatted as this:

532

error message.

533

534

With the option --keypairinfo only KEYPARIINFO lstatus lines are

535

returned.

536

537

The response of this command is a list of status lines formatted as

538

this:

543

539

544

540

S APPTYPE <apptype>

545

541

565

561

100 := Regular X.509 cert

566

562

101 := Trusted X.509 cert

567

563

102 := Useful X.509 cert

568

110 := Root CA cert (e.g. DINSIG)

564

110 := Root CA cert in a special format (e.g. DINSIG)

565

111 := Root CA cert as standard X509 cert.

569

566

570

567

For certain cards, more information will be returned:

571

568

589

586

590

587

The URL to be used for locating the entire public key.

591

588

592

Note, that this function may be even be used on a locked card.

589

Note, that this function may even be used on a locked card.

593

590

594

591

static int

595

592

cmd_learn (assuan_context_t ctx, char *line)

596

593

{

597

594

ctrl_t ctrl = assuan_get_pointer (ctx);

598

595

int rc = 0;

596

int only_keypairinfo = has_option (line, "--keypairinfo");

599

597

600

598

if ((rc = open_card (ctrl, NULL)))

601

599

return rc;

604

602

the card using a serial number and inquiring the client with

605

603

that. The client may choose to cancel the operation if he already

606

604

knows about this card */

607

{

608

char *serial_and_stamp;

609

char *serial;

610

time_t stamp;

611

612

rc = app_get_serial_and_stamp (ctrl->app_ctx, &serial, &stamp);

613

if (rc)

614

return rc;

615

rc = estream_asprintf (&serial_and_stamp, "%s %lu", serial, (unsigned long)stamp);

616

xfree (serial);

617

if (rc < 0)

618

return out_of_core ();

619

rc = 0;

620

assuan_write_status (ctx, "SERIALNO", serial_and_stamp);

621

622

if (!has_option (line, "--force"))

623

{

624

char *command;

625

626

rc = estream_asprintf (&command, "KNOWNCARDP %s", serial_and_stamp);

627

if (rc < 0)

628

{

629

xfree (serial_and_stamp);

630

return out_of_core ();

631

}

632

rc = 0;

633

rc = assuan_inquire (ctx, command, NULL, NULL, 0);

634

xfree (command);

635

if (rc)

636

{

637

if (gpg_err_code (rc) != GPG_ERR_ASS_CANCELED)

638

log_error ("inquire KNOWNCARDP failed: %s\n",

639

gpg_strerror (rc));

640

xfree (serial_and_stamp);

641

return rc;

642

}

643

/* not canceled, so we have to proceeed */

644

}

645

xfree (serial_and_stamp);

646

}

647

605

if (!only_keypairinfo)

606

{

607

char *serial_and_stamp;

608

char *serial;

609

time_t stamp;

610

611

rc = app_get_serial_and_stamp (ctrl->app_ctx, &serial, &stamp);

612

if (rc)

613

return rc;

614

rc = estream_asprintf (&serial_and_stamp, "%s %lu",

615

serial, (unsigned long)stamp);

616

xfree (serial);

617

if (rc < 0)

618

return out_of_core ();

619

rc = 0;

620

assuan_write_status (ctx, "SERIALNO", serial_and_stamp);

621

622

if (!has_option (line, "--force"))

623

{

624

char *command;

625

626

rc = estream_asprintf (&command, "KNOWNCARDP %s", serial_and_stamp);

627

if (rc < 0)

628

{

629

xfree (serial_and_stamp);

630

return out_of_core ();

631

}

632

rc = 0;

633

rc = assuan_inquire (ctx, command, NULL, NULL, 0);

634

xfree (command);

635

if (rc)

636

{

637

if (gpg_err_code (rc) != GPG_ERR_ASS_CANCELED)

638

log_error ("inquire KNOWNCARDP failed: %s\n",

639

gpg_strerror (rc));

640

xfree (serial_and_stamp);

641

return rc;

642

}

643

/* Not canceled, so we have to proceeed. */

644

}

645

xfree (serial_and_stamp);

646

}

647

648

/* Let the application print out its collection of useful status

649

information. */

650

if (!rc)

651

rc = app_write_learn_status (ctrl->app_ctx, ctrl);

651

rc = app_write_learn_status (ctrl->app_ctx, ctrl, only_keypairinfo);

652

653

TEST_CARD_REMOVAL (ctrl, rc);

654

return rc;

871

}

872

873

874

/* PKSIGN [--hash=[rmd160|sha1|md5]] <hexified_id>

874

/* PKSIGN [--hash=[rmd160|sha{1,224,256,384,512}|md5]] <hexified_id>

875

876

The --hash option is optional; the default is SHA1.

877

890

hash_algo = GCRY_MD_RMD160;

891

else if (has_option (line, "--hash=sha1"))

892

hash_algo = GCRY_MD_SHA1;

893

else if (has_option (line, "--hash=sha224"))

894

hash_algo = GCRY_MD_SHA224;

895

else if (has_option (line, "--hash=sha256"))

896

hash_algo = GCRY_MD_SHA256;

897

else if (has_option (line, "--hash=sha384"))

898

hash_algo = GCRY_MD_SHA384;

899

else if (has_option (line, "--hash=sha512"))

900

hash_algo = GCRY_MD_SHA512;

893

901

else if (has_option (line, "--hash=md5"))

894

902

hash_algo = GCRY_MD_MD5;

895

903

else if (!strstr (line, "--"))

921

929

xfree (keyidstr);

922

930

if (rc)

923

931

{

924

log_error ("card_sign failed: %s\n", gpg_strerror (rc));

932

log_error ("app_sign failed: %s\n", gpg_strerror (rc));

925

933

}

926

934

else

927

935

{

971

979

xfree (keyidstr);

972

980

if (rc)

973

981

{

974

log_error ("app_auth_sign failed: %s\n", gpg_strerror (rc));

982

log_error ("app_auth failed: %s\n", gpg_strerror (rc));

975

983

}

976

984

else

977

985

{

1015

1023

xfree (keyidstr);

1016

1024

if (rc)

1017

1025

{

1018

log_error ("card_create_signature failed: %s\n", gpg_strerror (rc));

1026

log_error ("app_decipher failed: %s\n", gpg_strerror (rc));

1019

1027

}

1020

1028

else

1021

1029

{

1110

1118

*line++ = 0;

1111

1119

while (spacep (line))

1112

1120

line++;

1113

nbytes = percent_plus_unescape ((unsigned char*)line);

1121

nbytes = percent_plus_unescape_inplace (line, 0);

1114

1122

1115

1123

rc = app_setattr (ctrl->app_ctx, keyword, pin_cb, ctx,

1116

1124

(const unsigned char*)line, nbytes);

1370

1378

1371

1379

/* PASSWD [--reset] [--nullpin] <chvno>

1372

1380

1373

Change the PIN or reset the retry counter of the card holder

1374

verfication vector CHVNO. The option --nullpin is used for TCOS

1375

cards to set the initial PIN. */

1381

Change the PIN or, if --reset is given, reset the retry counter of

1382

the card holder verfication vector CHVNO. The option --nullpin is

1383

used for TCOS cards to set the initial PIN. The format of CHVNO

1384

depends on the card application. */

1376

1385

static int

1377

1386

cmd_passwd (assuan_context_t ctx, char *line)

1378

1387

{

1435

1444

literal string "[CHV3]": In this case the Admin PIN is checked

1436

1445

if and only if the retry counter is still at 3.

1437

1446

1447

For Netkey:

1448

1449

Any of the valid PIN Ids may be used. These are the strings:

1450

1451

PW1.CH - Global password 1

1452

PW2.CH - Global password 2

1453

PW1.CH.SIG - SigG password 1

1454

PW2.CH.SIG - SigG password 2

1455

1456

For a definitive list, see the implementation in app-nks.c.

1457

Note that we call a PW2.* PIN a "PUK" despite that since TCOS

1458

3.0 they are technically alternative PINs used to mutally

1459

unblock each other.

1460

1438

1461

1439

1462

static int

1440

1463

cmd_checkpin (assuan_context_t ctx, char *line)

1441

1464

{

1442

1465

ctrl_t ctrl = assuan_get_pointer (ctx);

1443

1466

int rc;

1444

char *keyidstr;

1467

char *idstr;

1445

1468

1446

1469

if ( IS_LOCKED (ctrl) )

1447

1470

return gpg_error (GPG_ERR_LOCKED);

1455

1478

/* We have to use a copy of the key ID because the function may use

1456

1479

the pin_cb which in turn uses the assuan line buffer and thus

1457

1480

overwriting the original line with the keyid. */

1458

keyidstr = xtrystrdup (line);

1459

if (!keyidstr)

1481

idstr = xtrystrdup (line);

1482

if (!idstr)

1460

1483

return out_of_core ();

1461

1484

1462

rc = app_check_pin (ctrl->app_ctx,

1463

keyidstr,

1464

pin_cb, ctx);

1465

xfree (keyidstr);

1485

rc = app_check_pin (ctrl->app_ctx, idstr, pin_cb, ctx);

1486

xfree (idstr);

1466

1487

if (rc)

1467

1488

log_error ("app_check_pin failed: %s\n", gpg_strerror (rc));

1468

1489

1566

1587

deny_admin - Returns OK if admin commands are not allowed or

1567

1588

GPG_ERR_GENERAL if admin commands are allowed.

1568

1589

1569

app_list - Return a list of supported applciations. One

1590

app_list - Return a list of supported applications. One

1570

1591

application per line, fields delimited by colons,

1571

1592

first field is the name.

1572

1593

1701

1722

1702

1723

1703

1724

1704

/* APDU [--atr] [--more] [hexstring]

1725

/* APDU [--atr] [--more] [--exlen[=N]] [hexstring]

1705

1726

1706

1727

Send an APDU to the current reader. This command bypasses the high

1707

1728

level functions and sends the data directly to the card. HEXSTRING

1714

1735

S CARD-ATR 3BFA1300FF813180450031C173C00100009000B1

1715

1736

1716

1737

Using the option --more handles the card status word MORE_DATA

1717

(61xx) and concatenate all reponses to one block.

1738

(61xx) and concatenates all reponses to one block.

1718

1739

1740

Using the option "--exlen" the returned APDU may use extended

1741

length up to N bytes. If N is not given a default value is used

1742

(currently 4096).

1719

1743

1720

1744

static int

1721

1745

cmd_apdu (assuan_context_t ctx, char *line)

1726

1750

size_t apdulen;

1727

1751

int with_atr;

1728

1752

int handle_more;

1753

const char *s;

1754

size_t exlen;

1729

1755

1730

1756

with_atr = has_option (line, "--atr");

1731

1757

handle_more = has_option (line, "--more");

1732

1758

1759

if ((s=has_option_name (line, "--exlen")))

1760

{

1761

if (*s == '=')

1762

exlen = strtoul (s+1, NULL, 0);

1763

else

1764

exlen = 4096;

1765

}

1766

else

1767

exlen = 0;

1768

1733

1769

line = skip_options (line);

1734

1770

1735

1771

if ( IS_LOCKED (ctrl) )

1766

1802

unsigned char *result = NULL;

1767

1803

size_t resultlen;

1768

1804

1769

rc = apdu_send_direct (ctrl->reader_slot, apdu, apdulen, handle_more,

1805

rc = apdu_send_direct (ctrl->reader_slot, exlen,

1806

apdu, apdulen, handle_more,

1770

1807

&result, &resultlen);

1771

1808

if (rc)

1772

1809

log_error ("apdu_send_direct failed: %s\n", gpg_strerror (rc));

2005

2042

}

2006

2043

2007

2044

2045

/* Send a ready formatted status line via assuan. */

2046

void

2047

send_status_direct (ctrl_t ctrl, const char *keyword, const char *args)

2048

{

2049

assuan_context_t ctx = ctrl->server_local->assuan_ctx;

2050

2051

if (strchr (args, '\n'))

2052

log_error ("error: LF detected in status line - not sending\n");

2053

else

2054

assuan_write_status (ctx, keyword, args);

2055

}

2056

2008

2057

2009

2058

/* Helper to send the clients a status change notification. */

2010

2059

static void

Older »