diff options
| author | Werner Koch <wk@gnupg.org> | 2023-04-18 12:04:15 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2023-04-18 12:04:15 +0200 |
| commit | f7e00dc73dd0a71e21a30e2b4393a6865ef05718 (patch) | |
| tree | 56bca04727422e102ee0ba35a0c1561b85650a21 | |
| parent | ssh: Allow to prefer on-disk keys over active card keys. (diff) | |
| download | gnupg2-f7e00dc73dd0a71e21a30e2b4393a6865ef05718.tar.xz gnupg2-f7e00dc73dd0a71e21a30e2b4393a6865ef05718.zip | |
scd: On a Yubikey re-select the last app after the use of APDU.
* scd/app-common.h (struct card_ctx_s): Add maybe_check_aid flag.
* scd/command.c (cmd_apdu): Set it.
* scd/app.c (check_external_interference): Consult this flag.
(maybe_switch_app): Do a re-select if this flag is set.
--
After the gpg-card tool has issued a Yubikey specific command the
current application is not anymore correctly selected. This then
results in all kind of errors. We detect this now and try to
re-select the last app.
| -rw-r--r-- | scd/app-common.h | 1 | ||||
| -rw-r--r-- | scd/app.c | 22 | ||||
| -rw-r--r-- | scd/command.c | 1 |
3 files changed, 22 insertions, 2 deletions
diff --git a/scd/app-common.h b/scd/app-common.h index 2eeffbe95..988cddf3f 100644 --- a/scd/app-common.h +++ b/scd/app-common.h @@ -119,6 +119,7 @@ struct card_ctx_s { /* Various flags. */ unsigned int reset_requested:1; unsigned int periodical_check_needed:1; + unsigned int maybe_check_aid:1; }; @@ -1606,9 +1606,13 @@ check_external_interference (app_t app, ctrl_t ctrl) /* * Only when a user is using Yubikey with pcsc-shared configuration, * we need this detection. Otherwise, the card/token is under full - * control of scdaemon, there's no problem at all. + * control of scdaemon, there's no problem at all. However, if the + * APDU command has been used we better also check whether the AID + * is still valid. */ - if (!opt.pcsc_shared || app->card->cardtype != CARDTYPE_YUBIKEY) + if (app && app->card && app->card->maybe_check_aid) + app->card->maybe_check_aid = 0; + else if (!opt.pcsc_shared || app->card->cardtype != CARDTYPE_YUBIKEY) return 0; if (app->fnc.check_aid) @@ -1646,6 +1650,20 @@ maybe_switch_app (ctrl_t ctrl, card_t card, const char *keyref) if (!card->app) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); + + if (card->maybe_check_aid && card->app->fnc.reselect + && check_external_interference (card->app, ctrl)) + { + if (DBG_APP) + log_debug ("slot %d, app %s: forced re-select due to direct APDU use\n", + card->slot, xstrapptype (card->app)); + err = card->app->fnc.reselect (card->app, ctrl); + if (err) + log_error ("slot %d, app %s: forced re-select failed: %s - ignored\n", + card->slot, xstrapptype (card->app), gpg_strerror (err)); + err = 0; + } + if (!ctrl->current_apptype) { /* For whatever reasons the current apptype has not been set - diff --git a/scd/command.c b/scd/command.c index 0f0c6c9df..635bb350e 100644 --- a/scd/command.c +++ b/scd/command.c @@ -2195,6 +2195,7 @@ cmd_apdu (assuan_context_t ctx, char *line) unsigned char *result = NULL; size_t resultlen; + card->maybe_check_aid = 1; rc = apdu_send_direct (card->slot, exlen, apdu, apdulen, handle_more, NULL, &result, &resultlen); |