From 0aca10f3078f223ebf5c830e4da6406ca236eb32 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Thu, 14 Feb 2013 11:09:06 +0900 Subject: [PATCH] fixes for removing update keys --- ChangeLog | 8 ++++++++ NEWS | 7 ++++++- README | 10 ++++----- THANKS | 1 + src/flash.c | 9 ++++++++- src/openpgp-do.c | 3 ++- src/openpgp.c | 39 ++++++++++++++++++++---------------- tool/gnuk_token.py | 2 +- tool/gpg_agent.py | 22 ++++++++++++++++++++ tool/pageant_proxy_to_gpg.py | 22 ++++++++++++++++++++ tool/pinpadtest.py | 2 +- tool/sexp.py | 21 +++++++++++++++++++ tool/upgrade_by_passwd.py | 2 +- 13 files changed, 120 insertions(+), 28 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8e35784..e0934dd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2013-02-14 Niibe Yutaka + + * src/openpgp.c (cmd_write_binary): Move erasing page of update + keys to... + (modify_binary): ...here. + + * src/flash.c (flash_write_binary): Handle removal of update keys. + 2013-02-13 Niibe Yutaka * src/openpgp.c (cmd_get_challenge): Handle Le field. diff --git a/NEWS b/NEWS index 94dddc2..d0f2b4b 100644 --- a/NEWS +++ b/NEWS @@ -2,7 +2,7 @@ Gnuk NEWS - User visible changes * Major changes in Gnuk 1.0.2 - Released 2012-12-??, by NIIBE Yutaka + Released 2013-02-15, by NIIBE Yutaka ** Product string is now "Gnuk Token" (was: "FSIJ USB Token") Since the USB ID Repository suggests not including vendor name @@ -31,6 +31,11 @@ field was 0, which was wrong (but it works for most PC/SC implementations and GnuPG internal driver). Now it's 1, which means 1*BWT. +** OpenPGP card protocol enhancement +Now, VERIFY command accepts empty data and returns remaining trial +counts, or 0x9000 (OK) when it's already authenticated. This is +useful for application to synchronize card's authentication status. + * Major changes in Gnuk 1.0.1 diff --git a/README b/README index 018e2bf..ce7a511 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ Gnuk - An Implementation of USB Cryptographic Token for GnuPG - Version 1.0.1 - 2012-08-03 + Version 1.0.2 + 2013-02-15 Niibe Yutaka Free Software Initiative of Japan @@ -42,7 +42,7 @@ A0: Good points of Gnuk are: "for Free Software"; Gnuk supports GnuPG. Q1: What kind of key algorithm is supported? -A1: Gnuk only supports 2048-bit RSA. +A1: Gnuk version 1 only supports 2048-bit RSA. Q2: How long does it take for digital signing? A2: It takes a second and a half or so. @@ -115,9 +115,9 @@ Ac: ST-Link/V2 is cheap one. We have a tool/stlinkv2.py as flash ROM Release notes ============= -This is a minor release in version 1.0 series of Gnuk. +This is a second minor release in version 1.0 series of Gnuk. -While it is daily use for more than a year, some newly introduced +While it is daily use for a year and a half, some newly introduced features (including key generation and firmware upgrade) should be considered experimental. diff --git a/THANKS b/THANKS index bcb7c49..b1d3d6c 100644 --- a/THANKS +++ b/THANKS @@ -11,6 +11,7 @@ Hironobu SUZUKI hironobu@h2np.net Jan Suhr jan@suhr.info Kaz Kojima kkojima@rr.iij4u.or.jp Ludovic Rousseau ludovic.rousseau@free.fr +Luis Felipe R. Murillo luisfelipe@ucla.edu MATSUU Takuto matsuu@gentoo.org NAGAMI Takeshi nagami-takeshi@aist.go.jp Shane Coughlan scoughlan@openinventionnetwork.com diff --git a/src/flash.c b/src/flash.c index 0f13b62..abaaf98 100644 --- a/src/flash.c +++ b/src/flash.c @@ -1,7 +1,8 @@ /* * flash.c -- Data Objects (DO) and GPG Key handling on Flash ROM * - * Copyright (C) 2010, 2011, 2012 Free Software Initiative of Japan + * Copyright (C) 2010, 2011, 2012, 2013 + * Free Software Initiative of Japan * Author: NIIBE Yutaka * * This file is a part of Gnuk, a GnuPG USB Token implementation. @@ -516,6 +517,12 @@ flash_write_binary (uint8_t file_id, const uint8_t *data, { maxsize = KEY_CONTENT_LEN; p = gpg_get_firmware_update_key (file_id - FILEID_UPDATE_KEY_0); + if (len == 0 && offset == 0) + { /* This means removal of update key. */ + if (flash_program_halfword ((uint32_t)p, 0) != 0) + flash_warning ("DO WRITE ERROR"); + return 0; + } } #if defined(CERTDO_SUPPORT) else if (file_id == FILEID_CH_CERTIFICATE) diff --git a/src/openpgp-do.c b/src/openpgp-do.c index 653922a..e3f5b73 100644 --- a/src/openpgp-do.c +++ b/src/openpgp-do.c @@ -1,7 +1,8 @@ /* * openpgp-do.c -- OpenPGP card Data Objects (DO) handling * - * Copyright (C) 2010, 2011, 2012 Free Software Initiative of Japan + * Copyright (C) 2010, 2011, 2012, 2013 + * Free Software Initiative of Japan * Author: NIIBE Yutaka * * This file is a part of Gnuk, a GnuPG USB Token implementation. diff --git a/src/openpgp.c b/src/openpgp.c index 96f75ce..a7e301b 100644 --- a/src/openpgp.c +++ b/src/openpgp.c @@ -1,7 +1,8 @@ /* * openpgp.c -- OpenPGP card protocol support * - * Copyright (C) 2010, 2011, 2012 Free Software Initiative of Japan + * Copyright (C) 2010, 2011, 2012, 2013 + * Free Software Initiative of Japan * Author: NIIBE Yutaka * * This file is a part of Gnuk, a GnuPG USB Token implementation. @@ -946,6 +947,26 @@ modify_binary (uint8_t op, uint8_t p1, uint8_t p2, int len) return; } + if (file_id >= FILEID_UPDATE_KEY_0 && file_id <= FILEID_UPDATE_KEY_3 + && len == 0 && offset == 0) + { + int i; + const uint8_t *p; + + for (i = 0; i < 4; i++) + { + p = gpg_get_firmware_update_key (i); + if (p[0] != 0x00 || p[1] != 0x00) /* still valid */ + break; + } + + if (i == 4) /* all update keys are removed */ + { + p = gpg_get_firmware_update_key (0); + flash_erase_page ((uint32_t)p); + } + } + GPG_SUCCESS (); } @@ -967,25 +988,9 @@ static void cmd_write_binary (void) { int len = apdu.cmd_apdu_data_len; - int i; - const uint8_t *p; DEBUG_INFO (" - WRITE BINARY\r\n"); modify_binary (MBD_OPRATION_WRITE, P1 (apdu), P2 (apdu), len); - - for (i = 0; i < 4; i++) - { - p = gpg_get_firmware_update_key (i); - if (p[0] != 0x00 || p[1] != 0x00) /* still valid */ - break; - } - - if (i == 4) /* all update keys are removed */ - { - p = gpg_get_firmware_update_key (0); - flash_erase_page ((uint32_t)p); - } - DEBUG_INFO ("WRITE BINARY done.\r\n"); } diff --git a/tool/gnuk_token.py b/tool/gnuk_token.py index f20bb1e..0c0aee7 100644 --- a/tool/gnuk_token.py +++ b/tool/gnuk_token.py @@ -1,7 +1,7 @@ """ gnuk_token.py - a library for Gnuk Token -Copyright (C) 2011, 2012 Free Software Initiative of Japan +Copyright (C) 2011, 2012, 2013 Free Software Initiative of Japan Author: NIIBE Yutaka This file is a part of Gnuk, a GnuPG USB Token implementation. diff --git a/tool/gpg_agent.py b/tool/gpg_agent.py index 46036d1..6d58e5d 100644 --- a/tool/gpg_agent.py +++ b/tool/gpg_agent.py @@ -1,3 +1,25 @@ +""" +gpg_agent.py - a library to connect gpg-agent + +Copyright (C) 2013 Free Software Initiative of Japan +Author: NIIBE Yutaka + +This file is a part of Gnuk, a GnuPG USB Token implementation. + +Gnuk is free software: you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +Gnuk is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public +License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see . +""" + import platform, os, socket IS_WINDOWS=(platform.system() == 'Windows') diff --git a/tool/pageant_proxy_to_gpg.py b/tool/pageant_proxy_to_gpg.py index 23d2873..a755efc 100644 --- a/tool/pageant_proxy_to_gpg.py +++ b/tool/pageant_proxy_to_gpg.py @@ -1,3 +1,25 @@ +""" +pagent_proxy_to_gpg.py - Connect gpg-agent as Pagent + +Copyright (C) 2013 Free Software Initiative of Japan +Author: NIIBE Yutaka + +This file is a part of Gnuk, a GnuPG USB Token implementation. + +Gnuk is free software: you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +Gnuk is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public +License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see . +""" + import os, sys, re, hashlib, binascii from struct import * from gpg_agent import gpg_agent diff --git a/tool/pinpadtest.py b/tool/pinpadtest.py index 735c9f8..d95a7c4 100755 --- a/tool/pinpadtest.py +++ b/tool/pinpadtest.py @@ -3,7 +3,7 @@ """ pinpadtest.py - a tool to test variable length pin entry with pinpad -Copyright (C) 2011, 2012 Free Software Initiative of Japan +Copyright (C) 2011, 2012, 2013 Free Software Initiative of Japan Author: NIIBE Yutaka This file is a part of Gnuk, a GnuPG USB Token implementation. diff --git a/tool/sexp.py b/tool/sexp.py index a705054..a35e105 100644 --- a/tool/sexp.py +++ b/tool/sexp.py @@ -2,6 +2,27 @@ # # See: http://people.csail.mit.edu/rivest/sexp.html # +""" +sexp.py - a library for SEXP + +Copyright (C) 2013 Free Software Initiative of Japan +Author: NIIBE Yutaka + +This file is a part of Gnuk, a GnuPG USB Token implementation. + +Gnuk is free software: you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +Gnuk is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public +License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see . +""" import re diff --git a/tool/upgrade_by_passwd.py b/tool/upgrade_by_passwd.py index 4ef0f0f..32905f4 100755 --- a/tool/upgrade_by_passwd.py +++ b/tool/upgrade_by_passwd.py @@ -4,7 +4,7 @@ upgrade_by_passwd.py - a tool to install another firmware for Gnuk Token which is just shipped from factory -Copyright (C) 2012 Free Software Initiative of Japan +Copyright (C) 2012, 2013 Free Software Initiative of Japan Author: NIIBE Yutaka This file is a part of Gnuk, a GnuPG USB Token implementation.