fix GET CHALLENGE

ChangeLog

@@ -1,3 +1,14 @@
+2013-02-13  Niibe Yutaka  <gniibe@fsij.org>
+
+	* src/openpgp.c (cmd_get_challenge): Handle Le field.
+
+	* src/openpgp-do.c (extended_capabilities): Fix for GET CHALLENGE.
+
+	* src/gnuk.h (CHALLENGE_LEN): Moved here (was: openpgp.c).
+
+	* tool/gnuk_token.py (iso7816_compose): Add Le field.
+	(gnuk_token.cmd_get_challenge): Supply Le.
+
 2013-01-30  Niibe Yutaka  <gniibe@fsij.org>
 
 	* src/openpgp.c (cmd_external_authenticate): Fix off-by-one error.

src/gnuk.h

@@ -116,6 +116,8 @@ extern void ac_fini (void);
 extern void set_res_sw (uint8_t sw1, uint8_t sw2);
 extern uint16_t data_objects_number_of_bytes;
 
+#define CHALLENGE_LEN	32
+
 extern void gpg_data_scan (const uint8_t *p);
 extern void gpg_data_copy (const uint8_t *p);
 extern void gpg_do_get_data (uint16_t tag, int with_tag);

src/openpgp-do.c

@@ -99,16 +99,16 @@ static const uint8_t historical_bytes[] __attribute__ ((aligned (1))) = {
 /* Extended Capabilities */
 static const uint8_t extended_capabilities[] __attribute__ ((aligned (1))) = {
   10,
-  0x30,				/*
+  0x70,				/*
 				 * No SM,
-				 * No get challenge,
+				 * GET CHALLENGE supported,
 				 * Key import supported,
 				 * PW status byte can be put,
 				 * No private_use_DO,
 				 * No algo change allowed
 				 */
   0,		  /* Secure Messaging Algorithm: N/A (TDES=0, AES=1) */
-  0x00, 0x00,	  /* Max get challenge (0: Get challenge not supported) */
+  0x00, CHALLENGE_LEN, 		/* Max size of GET CHALLENGE */
 #ifdef CERTDO_SUPPORT
   0x08, 0x00,	  /* max. length of cardholder certificate (2KiB) */
 #else

src/openpgp.c

@@ -52,7 +52,6 @@
 #define INS_PUT_DATA				0xda
 #define INS_PUT_DATA_ODD			0xdb	/* For key import */
 
-#define CHALLENGE_LEN	32
 static const uint8_t *challenge; /* Random bytes */
 
 static const uint8_t
@@ -1035,14 +1034,25 @@ cmd_external_authenticate (void)
 static void
 cmd_get_challenge (void)
 {
+  int len = apdu.expected_res_size;
+
   DEBUG_INFO (" - GET CHALLENGE\r\n");
 
+  if (len > CHALLENGE_LEN)
+    {
+      GPG_CONDITION_NOT_SATISFIED ();
+      return;
+    }
+  else if (len == 0)
+    /* backward compatibility */
+    len = CHALLENGE_LEN;
+
   if (challenge)
     random_bytes_free (challenge);
 
   challenge = random_bytes_get ();
-  memcpy (res_APDU, challenge, CHALLENGE_LEN);
-  res_APDU_size = CHALLENGE_LEN;
+  memcpy (res_APDU, challenge, len);
+  res_APDU_size = len;
   GPG_SUCCESS ();
   DEBUG_INFO ("GET CHALLENGE done.\r\n");
 }

tool/gnuk_token.py

@@ -32,12 +32,19 @@ CCID_PROTOCOL_0 = 0x00
 def icc_compose(msg_type, data_len, slot, seq, param, data):
     return pack('<BiBBBH', msg_type, data_len, slot, seq, 0, param) + data
 
-def iso7816_compose(ins, p1, p2, data, cls=0x00):
+def iso7816_compose(ins, p1, p2, data, cls=0x00, le=None):
     data_len = len(data)
     if data_len == 0:
-        return pack('>BBBB', cls, ins, p1, p2)
+        if not le:
+            return pack('>BBBB', cls, ins, p1, p2)
+        else:
+            return pack('>BBBBB', cls, ins, p1, p2, le)
     else:
-        return pack('>BBBBB', cls, ins, p1, p2, data_len) + data
+        if not le:
+            return pack('>BBBBB', cls, ins, p1, p2, data_len) + data
+        else:
+            return pack('>BBBBB', cls, ins, p1, p2, data_len) \
+                + data + pack('>B', le)
 
 def list_to_string(l):
     return string.join([chr(c) for c in l], '')
@@ -424,7 +431,7 @@ class gnuk_token(object):
             raise ValueError, ("%02x%02x" % (sw[0], sw[1]))
 
     def cmd_get_challenge(self):
-        cmd_data = iso7816_compose(0x84, 0x00, 0x00, '')
+        cmd_data = iso7816_compose(0x84, 0x00, 0x00, '', le=32)
         sw = self.icc_send_cmd(cmd_data)
         if len(sw) != 2:
             raise ValueError(sw)