diff options
| author | NIIBE Yutaka <gniibe@fsij.org> | 2022-03-03 09:45:49 +0100 |
|---|---|---|
| committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-03-03 09:45:49 +0100 |
| commit | 44621120a269ba67408fe1ea067af8cbd1cbb35e (patch) | |
| tree | e3933c6c5f69a9cceda3f924911f0a0627d8faad /scd/command.c | |
| parent | g10/encrypt: use iobuf_copy instead of manual iobuf_read/iobuf_write (diff) | |
| download | gnupg2-44621120a269ba67408fe1ea067af8cbd1cbb35e.tar.xz gnupg2-44621120a269ba67408fe1ea067af8cbd1cbb35e.zip | |
scd: Add --challenge-response option to PK_AUTH for OpenPGP card.
* scd/app-openpgp.c (rmd160_prefix, sha1_prefix, sha224_prefix)
(sha256_prefix, sha384_prefix, sha512_prefix): Move the scope up.
(gen_challenge): New.
(do_auth): Support challenge-response check if it signs correctly.
* scd/app.c (app_auth): Remove the check INDATA and INDATALEN.
* scd/command.c (cmd_pkauth): Support --challenge-response option.
--
GnuPG-bug-id: 5862
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Diffstat (limited to 'scd/command.c')
| -rw-r--r-- | scd/command.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/scd/command.c b/scd/command.c index dfd1ee538..392b678c4 100644 --- a/scd/command.c +++ b/scd/command.c @@ -41,6 +41,7 @@ #endif #include "../common/asshelp.h" #include "../common/server-help.h" +#include "../common/ssh-utils.h" /* Maximum length allowed as a PIN; used for INQUIRE NEEDPIN. That * length needs to small compared to the maximum Assuan line length. */ @@ -1074,7 +1075,7 @@ cmd_pksign (assuan_context_t ctx, char *line) static const char hlp_pkauth[] = - "PKAUTH <hexified_id>"; + "PKAUTH [--challenge-response] <hexified_id>"; static gpg_error_t cmd_pkauth (assuan_context_t ctx, char *line) { @@ -1085,11 +1086,17 @@ cmd_pkauth (assuan_context_t ctx, char *line) char *keyidstr; card_t card; const char *keygrip = NULL; + int challenge_response = 0; if ((rc = open_card (ctrl))) return rc; - /* We have to use a copy of the key ID because the function may use + if (has_option (line, "--challenge-response")) + challenge_response = 1; + + line = skip_options (line); + + /* We have to use a copy of the key ID because the function may use the pin_cb which in turn uses the assuan line buffer and thus overwriting the original line with the keyid */ keyidstr = xtrystrdup (line); @@ -1101,6 +1108,13 @@ cmd_pkauth (assuan_context_t ctx, char *line) if (strlen (keyidstr) == 40) keygrip = keyidstr; + if (challenge_response) + { + xfree (ctrl->in_data.value); + ctrl->in_data.value = NULL; + ctrl->in_data.valuelen = 0; + } + card = card_get (ctrl, keygrip); if (card) { |