1
1
/* command.c - SCdaemon command handler
2
2
* Copyright (C) 2001, 2002, 2003, 2004, 2005,
3
* 2007, 2008 Free Software Foundation, Inc.
3
* 2007, 2008, 2009 Free Software Foundation, Inc.
5
5
* This file is part of GnuPG.
198
202
/* Same as has_option but does only test for the name of the option
199
203
and ignores an argument, i.e. with NAME being "--hash" it would
200
204
return a pointer for "--hash" as well as for "--hash=foo". If
201
thhere is no such option NULL is returned. The pointer returned
205
there is no such option NULL is returned. The pointer returned
202
206
points right behind the option name, this may be an equal sign, Nul
204
208
static const char *
274
278
if (!(slot == -1 || (slot >= 0 && slot < DIM(slot_table))))
277
/* If there is an active application, release it. */
281
/* If there is an active application, release it. Tell all other
282
sessions using the same application to release the
278
284
if (ctrl->app_ctx)
280
286
release_application (ctrl->app_ctx);
281
287
ctrl->app_ctx = NULL;
290
struct server_local_s *sl;
292
for (sl=session_list; sl; sl = sl->next_session)
293
if (sl->ctrl_backlink
294
&& sl->ctrl_backlink->reader_slot == slot)
296
sl->app_ctx_marked_for_release = 1;
284
301
/* If we want a real reset for the card, send the reset APDU and
397
414
if ( IS_LOCKED (ctrl) )
398
415
return gpg_error (GPG_ERR_LOCKED);
417
/* If the application has been marked for release do it now. We
418
can't do it immediately in do_reset because the application may
420
if (ctrl->server_local->app_ctx_marked_for_release)
402
/* Already initialized for one specific application. Need to
403
check that the client didn't requested a specific application
404
different from the one in use. */
405
return check_application_conflict (ctrl, apptype);
422
ctrl->server_local->app_ctx_marked_for_release = 0;
423
release_application (ctrl->app_ctx);
424
ctrl->app_ctx = NULL;
427
/* If we are already initialized for one specific application we
428
need to check that the client didn't requested a specific
429
application different from the one in use before we continue. */
431
return check_application_conflict (ctrl, apptype);
433
/* Setup the slot and select the application. */
408
434
if (ctrl->reader_slot != -1)
409
435
slot = ctrl->reader_slot;
439
/* Do the percent and plus/space unescaping in place and return the
440
length of the valid buffer. */
442
percent_plus_unescape (unsigned char *string)
444
unsigned char *p = string;
449
if (*string == '%' && string[1] && string[2])
452
*p++ = xtoi_2 (string);
456
else if (*string == '+')
474
465
/* SERIALNO [APPTYPE]
476
467
Return the serial number of the card using a status reponse. This
565
561
100 := Regular X.509 cert
566
562
101 := Trusted X.509 cert
567
563
102 := Useful X.509 cert
568
110 := Root CA cert (e.g. DINSIG)
564
110 := Root CA cert in a special format (e.g. DINSIG)
565
111 := Root CA cert as standard X509 cert.
570
567
For certain cards, more information will be returned:
590
587
The URL to be used for locating the entire public key.
592
Note, that this function may be even be used on a locked card.
589
Note, that this function may even be used on a locked card.
595
592
cmd_learn (assuan_context_t ctx, char *line)
597
594
ctrl_t ctrl = assuan_get_pointer (ctx);
596
int only_keypairinfo = has_option (line, "--keypairinfo");
600
598
if ((rc = open_card (ctrl, NULL)))
604
602
the card using a serial number and inquiring the client with
605
603
that. The client may choose to cancel the operation if he already
606
604
knows about this card */
608
char *serial_and_stamp;
612
rc = app_get_serial_and_stamp (ctrl->app_ctx, &serial, &stamp);
615
rc = estream_asprintf (&serial_and_stamp, "%s %lu", serial, (unsigned long)stamp);
618
return out_of_core ();
620
assuan_write_status (ctx, "SERIALNO", serial_and_stamp);
622
if (!has_option (line, "--force"))
626
rc = estream_asprintf (&command, "KNOWNCARDP %s", serial_and_stamp);
629
xfree (serial_and_stamp);
630
return out_of_core ();
633
rc = assuan_inquire (ctx, command, NULL, NULL, 0);
637
if (gpg_err_code (rc) != GPG_ERR_ASS_CANCELED)
638
log_error ("inquire KNOWNCARDP failed: %s\n",
640
xfree (serial_and_stamp);
643
/* not canceled, so we have to proceeed */
645
xfree (serial_and_stamp);
605
if (!only_keypairinfo)
607
char *serial_and_stamp;
611
rc = app_get_serial_and_stamp (ctrl->app_ctx, &serial, &stamp);
614
rc = estream_asprintf (&serial_and_stamp, "%s %lu",
615
serial, (unsigned long)stamp);
618
return out_of_core ();
620
assuan_write_status (ctx, "SERIALNO", serial_and_stamp);
622
if (!has_option (line, "--force"))
626
rc = estream_asprintf (&command, "KNOWNCARDP %s", serial_and_stamp);
629
xfree (serial_and_stamp);
630
return out_of_core ();
633
rc = assuan_inquire (ctx, command, NULL, NULL, 0);
637
if (gpg_err_code (rc) != GPG_ERR_ASS_CANCELED)
638
log_error ("inquire KNOWNCARDP failed: %s\n",
640
xfree (serial_and_stamp);
643
/* Not canceled, so we have to proceeed. */
645
xfree (serial_and_stamp);
648
648
/* Let the application print out its collection of useful status
651
rc = app_write_learn_status (ctrl->app_ctx, ctrl);
651
rc = app_write_learn_status (ctrl->app_ctx, ctrl, only_keypairinfo);
653
653
TEST_CARD_REMOVAL (ctrl, rc);
890
890
hash_algo = GCRY_MD_RMD160;
891
891
else if (has_option (line, "--hash=sha1"))
892
892
hash_algo = GCRY_MD_SHA1;
893
else if (has_option (line, "--hash=sha224"))
894
hash_algo = GCRY_MD_SHA224;
895
else if (has_option (line, "--hash=sha256"))
896
hash_algo = GCRY_MD_SHA256;
897
else if (has_option (line, "--hash=sha384"))
898
hash_algo = GCRY_MD_SHA384;
899
else if (has_option (line, "--hash=sha512"))
900
hash_algo = GCRY_MD_SHA512;
893
901
else if (has_option (line, "--hash=md5"))
894
902
hash_algo = GCRY_MD_MD5;
895
903
else if (!strstr (line, "--"))
1111
1119
while (spacep (line))
1113
nbytes = percent_plus_unescape ((unsigned char*)line);
1121
nbytes = percent_plus_unescape_inplace (line, 0);
1115
1123
rc = app_setattr (ctrl->app_ctx, keyword, pin_cb, ctx,
1116
1124
(const unsigned char*)line, nbytes);
1371
1379
/* PASSWD [--reset] [--nullpin] <chvno>
1373
Change the PIN or reset the retry counter of the card holder
1374
verfication vector CHVNO. The option --nullpin is used for TCOS
1375
cards to set the initial PIN. */
1381
Change the PIN or, if --reset is given, reset the retry counter of
1382
the card holder verfication vector CHVNO. The option --nullpin is
1383
used for TCOS cards to set the initial PIN. The format of CHVNO
1384
depends on the card application. */
1377
1386
cmd_passwd (assuan_context_t ctx, char *line)
1435
1444
literal string "[CHV3]": In this case the Admin PIN is checked
1436
1445
if and only if the retry counter is still at 3.
1449
Any of the valid PIN Ids may be used. These are the strings:
1451
PW1.CH - Global password 1
1452
PW2.CH - Global password 2
1453
PW1.CH.SIG - SigG password 1
1454
PW2.CH.SIG - SigG password 2
1456
For a definitive list, see the implementation in app-nks.c.
1457
Note that we call a PW2.* PIN a "PUK" despite that since TCOS
1458
3.0 they are technically alternative PINs used to mutally
1440
1463
cmd_checkpin (assuan_context_t ctx, char *line)
1442
1465
ctrl_t ctrl = assuan_get_pointer (ctx);
1446
1469
if ( IS_LOCKED (ctrl) )
1447
1470
return gpg_error (GPG_ERR_LOCKED);
1455
1478
/* We have to use a copy of the key ID because the function may use
1456
1479
the pin_cb which in turn uses the assuan line buffer and thus
1457
1480
overwriting the original line with the keyid. */
1458
keyidstr = xtrystrdup (line);
1481
idstr = xtrystrdup (line);
1460
1483
return out_of_core ();
1462
rc = app_check_pin (ctrl->app_ctx,
1485
rc = app_check_pin (ctrl->app_ctx, idstr, pin_cb, ctx);
1467
1488
log_error ("app_check_pin failed: %s\n", gpg_strerror (rc));
1566
1587
deny_admin - Returns OK if admin commands are not allowed or
1567
1588
GPG_ERR_GENERAL if admin commands are allowed.
1569
app_list - Return a list of supported applciations. One
1590
app_list - Return a list of supported applications. One
1570
1591
application per line, fields delimited by colons,
1571
1592
first field is the name.
1714
1735
S CARD-ATR 3BFA1300FF813180450031C173C00100009000B1
1716
1737
Using the option --more handles the card status word MORE_DATA
1717
(61xx) and concatenate all reponses to one block.
1738
(61xx) and concatenates all reponses to one block.
1740
Using the option "--exlen" the returned APDU may use extended
1741
length up to N bytes. If N is not given a default value is used
1721
1745
cmd_apdu (assuan_context_t ctx, char *line)
1726
1750
size_t apdulen;
1728
1752
int handle_more;
1730
1756
with_atr = has_option (line, "--atr");
1731
1757
handle_more = has_option (line, "--more");
1759
if ((s=has_option_name (line, "--exlen")))
1762
exlen = strtoul (s+1, NULL, 0);
1733
1769
line = skip_options (line);
1735
1771
if ( IS_LOCKED (ctrl) )
1766
1802
unsigned char *result = NULL;
1767
1803
size_t resultlen;
1769
rc = apdu_send_direct (ctrl->reader_slot, apdu, apdulen, handle_more,
1805
rc = apdu_send_direct (ctrl->reader_slot, exlen,
1806
apdu, apdulen, handle_more,
1770
1807
&result, &resultlen);
1772
1809
log_error ("apdu_send_direct failed: %s\n", gpg_strerror (rc));
2045
/* Send a ready formatted status line via assuan. */
2047
send_status_direct (ctrl_t ctrl, const char *keyword, const char *args)
2049
assuan_context_t ctx = ctrl->server_local->assuan_ctx;
2051
if (strchr (args, '\n'))
2052
log_error ("error: LF detected in status line - not sending\n");
2054
assuan_write_status (ctx, keyword, args);
2009
2058
/* Helper to send the clients a status change notification. */