fixes for removing update keys

2013-02-14 11:09:06 +09:00
parent 5f2a8b835c
commit 0aca10f307
13 changed files with 120 additions and 28 deletions
--- a/8
+++ b/8
@@ -1,3 +1,11 @@
+2013-02-14  Niibe Yutaka  <gniibe@fsij.org>
+
+	* src/openpgp.c (cmd_write_binary): Move erasing page of update
+	keys to...
+	(modify_binary): ...here.
+
+	* src/flash.c (flash_write_binary): Handle removal of update keys.
+
 2013-02-13  Niibe Yutaka  <gniibe@fsij.org>

 	* src/openpgp.c (cmd_get_challenge): Handle Le field.
--- a/7
+++ b/7
@@ -2,7 +2,7 @@ Gnuk NEWS - User visible changes

 * Major changes in Gnuk 1.0.2

-  Released 2012-12-??, by NIIBE Yutaka
+  Released 2013-02-15, by NIIBE Yutaka

 ** Product string is now "Gnuk Token" (was: "FSIJ USB Token")
 Since the USB ID Repository suggests not including vendor name
@@ -31,6 +31,11 @@ field was 0, which was wrong (but it works for most PC/SC
 implementations and GnuPG internal driver).  Now it's 1, which means
 1*BWT.

+** OpenPGP card protocol enhancement
+Now, VERIFY command accepts empty data and returns remaining trial
+counts, or 0x9000 (OK) when it's already authenticated.  This is
+useful for application to synchronize card's authentication status.
+

 * Major changes in Gnuk 1.0.1

--- a/10
+++ b/10
@@ -1,7 +1,7 @@
 Gnuk - An Implementation of USB Cryptographic Token for GnuPG

-							  Version 1.0.1
-							     2012-08-03
+							  Version 1.0.2
+							     2013-02-15
 							   Niibe Yutaka
 				      Free Software Initiative of Japan

@@ -42,7 +42,7 @@ A0: Good points of Gnuk are:
 	    "for Free Software"; Gnuk supports GnuPG.

 Q1: What kind of key algorithm is supported?
-A1: Gnuk only supports 2048-bit RSA.
+A1: Gnuk version 1 only supports 2048-bit RSA.

 Q2: How long does it take for digital signing?
 A2: It takes a second and a half or so. 
@@ -115,9 +115,9 @@ Ac: ST-Link/V2 is cheap one.  We have a tool/stlinkv2.py as flash ROM
 Release notes
 =============

-This is a minor release in version 1.0 series of Gnuk.
+This is a second minor release in version 1.0 series of Gnuk.

-While it is daily use for more than a year, some newly introduced
+While it is daily use for a year and a half, some newly introduced
 features (including key generation and firmware upgrade) should be
 considered experimental.

--- a/1
+++ b/1
@@ -11,6 +11,7 @@ Hironobu SUZUKI		hironobu@h2np.net
 Jan Suhr		jan@suhr.info
 Kaz Kojima		kkojima@rr.iij4u.or.jp
 Ludovic Rousseau	ludovic.rousseau@free.fr
+Luis Felipe R. Murillo	luisfelipe@ucla.edu
 MATSUU Takuto		matsuu@gentoo.org
 NAGAMI Takeshi		nagami-takeshi@aist.go.jp
 Shane Coughlan		scoughlan@openinventionnetwork.com
--- a/src/flash.c
+++ b/src/flash.c
@@ -1,7 +1,8 @@
 /*
 * flash.c -- Data Objects (DO) and GPG Key handling on Flash ROM
 *
- * Copyright (C) 2010, 2011, 2012 Free Software Initiative of Japan
+ * Copyright (C) 2010, 2011, 2012, 2013
+ *               Free Software Initiative of Japan
 * Author: NIIBE Yutaka <gniibe@fsij.org>
 *
 * This file is a part of Gnuk, a GnuPG USB Token implementation.
@@ -516,6 +517,12 @@ flash_write_binary (uint8_t file_id, const uint8_t *data,
    {
      maxsize = KEY_CONTENT_LEN;
      p = gpg_get_firmware_update_key (file_id - FILEID_UPDATE_KEY_0);
+      if (len == 0 && offset == 0)
+	{ /* This means removal of update key.  */
+	  if (flash_program_halfword ((uint32_t)p, 0) != 0)
+	    flash_warning ("DO WRITE ERROR");
+	  return 0;
+	}
    }
 #if defined(CERTDO_SUPPORT)
  else if (file_id == FILEID_CH_CERTIFICATE)
--- a/src/openpgp-do.c
+++ b/src/openpgp-do.c
@@ -1,7 +1,8 @@
 /*
 * openpgp-do.c -- OpenPGP card Data Objects (DO) handling
 *
- * Copyright (C) 2010, 2011, 2012 Free Software Initiative of Japan
+ * Copyright (C) 2010, 2011, 2012, 2013 
+ *               Free Software Initiative of Japan
 * Author: NIIBE Yutaka <gniibe@fsij.org>
 *
 * This file is a part of Gnuk, a GnuPG USB Token implementation.
--- a/src/openpgp.c
+++ b/src/openpgp.c
@@ -1,7 +1,8 @@
 /*
 * openpgp.c -- OpenPGP card protocol support
 *
- * Copyright (C) 2010, 2011, 2012 Free Software Initiative of Japan
+ * Copyright (C) 2010, 2011, 2012, 2013
+ *               Free Software Initiative of Japan
 * Author: NIIBE Yutaka <gniibe@fsij.org>
 *
 * This file is a part of Gnuk, a GnuPG USB Token implementation.
@@ -946,6 +947,26 @@ modify_binary (uint8_t op, uint8_t p1, uint8_t p2, int len)
      return;
    }

+  if (file_id >= FILEID_UPDATE_KEY_0 && file_id <= FILEID_UPDATE_KEY_3
+      && len == 0 && offset == 0)
+    {
+      int i;
+      const uint8_t *p;
+
+      for (i = 0; i < 4; i++)
+	{
+	  p = gpg_get_firmware_update_key (i);
+	  if (p[0] != 0x00 || p[1] != 0x00) /* still valid */
+	    break;
+	}
+
+      if (i == 4)			/* all update keys are removed */
+	{
+	  p = gpg_get_firmware_update_key (0);
+	  flash_erase_page ((uint32_t)p);
+	}
+    }
+
  GPG_SUCCESS ();
 }

@@ -967,25 +988,9 @@ static void
 cmd_write_binary (void)
 {
  int len = apdu.cmd_apdu_data_len;
-  int i;
-  const uint8_t *p;

  DEBUG_INFO (" - WRITE BINARY\r\n");
  modify_binary (MBD_OPRATION_WRITE, P1 (apdu), P2 (apdu), len);
-
-  for (i = 0; i < 4; i++)
-    {
-      p = gpg_get_firmware_update_key (i);
-      if (p[0] != 0x00 || p[1] != 0x00) /* still valid */
-	break;
-    }
-
-  if (i == 4)			/* all update keys are removed */
-    {
-      p = gpg_get_firmware_update_key (0);
-      flash_erase_page ((uint32_t)p);
-    }
-
  DEBUG_INFO ("WRITE BINARY done.\r\n");
 }

--- a/tool/gnuk_token.py
+++ b/tool/gnuk_token.py
@@ -1,7 +1,7 @@
 """
 gnuk_token.py - a library for Gnuk Token

-Copyright (C) 2011, 2012 Free Software Initiative of Japan
+Copyright (C) 2011, 2012, 2013 Free Software Initiative of Japan
 Author: NIIBE Yutaka <gniibe@fsij.org>

 This file is a part of Gnuk, a GnuPG USB Token implementation.
--- a/tool/gpg_agent.py
+++ b/tool/gpg_agent.py
@@ -1,3 +1,25 @@
+"""
+gpg_agent.py - a library to connect gpg-agent
+
+Copyright (C) 2013 Free Software Initiative of Japan
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
 import platform, os, socket
 IS_WINDOWS=(platform.system() == 'Windows')

--- a/tool/pageant_proxy_to_gpg.py
+++ b/tool/pageant_proxy_to_gpg.py
@@ -1,3 +1,25 @@
+"""
+pagent_proxy_to_gpg.py - Connect gpg-agent as Pagent
+
+Copyright (C) 2013 Free Software Initiative of Japan
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
 import os, sys, re, hashlib, binascii
 from struct import *
 from gpg_agent import gpg_agent
--- a/tool/pinpadtest.py
+++ b/tool/pinpadtest.py
@@ -3,7 +3,7 @@
 """
 pinpadtest.py - a tool to test variable length pin entry with pinpad

-Copyright (C) 2011, 2012 Free Software Initiative of Japan
+Copyright (C) 2011, 2012, 2013 Free Software Initiative of Japan
 Author: NIIBE Yutaka <gniibe@fsij.org>

 This file is a part of Gnuk, a GnuPG USB Token implementation.
--- a/tool/sexp.py
+++ b/tool/sexp.py
@@ -2,6 +2,27 @@
 #
 # See: http://people.csail.mit.edu/rivest/sexp.html
 #
+"""
+sexp.py - a library for SEXP
+
+Copyright (C) 2013 Free Software Initiative of Japan
+Author: NIIBE Yutaka <gniibe@fsij.org>
+
+This file is a part of Gnuk, a GnuPG USB Token implementation.
+
+Gnuk is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""

 import re

--- a/tool/upgrade_by_passwd.py
+++ b/tool/upgrade_by_passwd.py
@@ -4,7 +4,7 @@
 upgrade_by_passwd.py - a tool to install another firmware for Gnuk Token
                       which is just shipped from factory

-Copyright (C) 2012 Free Software Initiative of Japan
+Copyright (C) 2012, 2013 Free Software Initiative of Japan
 Author: NIIBE Yutaka <gniibe@fsij.org>

 This file is a part of Gnuk, a GnuPG USB Token implementation.