Add new records in flash for writable key attributes

2014-12-12 12:10:40 +09:00
parent 8e6fa1a627
commit 75e8de2df1
4 changed files with 115 additions and 49 deletions
--- a/17
+++ b/17
@@ -1,3 +1,20 @@
 2014-11-20  Niibe Yutaka  <gniibe@fsij.org>
 	* src/gnuk.h (NR_NONE, NR_DO__FIRST__): Remove.
 	(NR_DO_*): Redefine.
 	(NR_KEY_ALGO_ATTR_SIG, NR_KEY_ALGO_ATTR_DEC)
 	(NR_KEY_ALGO_ATTR_AUT): New.
 	* src/openpgp-do.c (gpg_do_load_prvkey, gpg_do_delete_prvkey)
 	(gpg_do_write_prvkey, gpg_do_chks_prvkey, gpg_data_scan)
 	(gpg_data_copy, gpg_do_read_simple)
 	(gpg_do_write_simple): Don't use NR_DO__FIRST__.
 	(gpg_do_put_data): Don't use NR_NONE any more.
 	(do_tag_to_nr): Use -1 to specify NONE.
 	* src/flash.c (flash_enum_clear, flash_enum_write_internal)
 	(flash_enum_write): New.
 2014-11-19  Niibe Yutaka  <gniibe@fsij.org>
 	* src/gnuk.h (FIRMWARE_UPDATE_KEY_CONTENT_LEN): New.
--- a/src/flash.c
+++ b/src/flash.c
@@ -477,6 +477,38 @@ flash_bool_write (uint8_t nr)
 }
 void
 flash_enum_clear (const uint8_t **addr_p)
 {
  flash_bool_clear (addr_p);
 }
 void
 flash_enum_write_internal (const uint8_t *p, int nr, uint8_t v)
 {
  uint16_t hw = nr | (v << 8);
  flash_program_halfword ((uint32_t)p, hw);
 }
 const uint8_t *
 flash_enum_write (uint8_t nr, uint8_t v)
 {
  uint8_t *p;
  uint16_t hw = nr | (v << 8);
  p = flash_data_pool_allocate (2);
  if (p == NULL)
    {
      DEBUG_INFO ("enum allocation failure.\r\n");
      return NULL;
    }
  flash_program_halfword ((uint32_t)p, hw);
  return p;
 }
 int
 flash_cnt123_get_value (const uint8_t *p)
 {
--- a/src/gnuk.h
+++ b/src/gnuk.h
@@ -284,7 +284,6 @@ extern uint8_t keystring_md_pw3[KEYSTRING_MD_SIZE];
 extern uint8_t admin_authorized;
 /*** Flash memory tag values ***/
 #define NR_NONE			0x00
 /* Data objects */
 /*
 * Representation of data object:
@@ -292,28 +291,27 @@ extern uint8_t admin_authorized;
 *   <-1 halfword-> <--len/2 halfwords->
 *   <-tag-><-len-> <---data content--->
 */
-#define NR_DO__FIRST__		0x01
+#define NR_DO_SEX		0x00
-#define NR_DO_SEX		0x01
+#define NR_DO_FP_SIG		0x01
-#define NR_DO_FP_SIG		0x02
+#define NR_DO_FP_DEC		0x02
-#define NR_DO_FP_DEC		0x03
+#define NR_DO_FP_AUT		0x03
-#define NR_DO_FP_AUT		0x04
+#define NR_DO_CAFP_1		0x04
-#define NR_DO_CAFP_1		0x05
+#define NR_DO_CAFP_2		0x05
-#define NR_DO_CAFP_2		0x06
+#define NR_DO_CAFP_3		0x06
-#define NR_DO_CAFP_3		0x07
+#define NR_DO_KGTIME_SIG	0x07
-#define NR_DO_KGTIME_SIG	0x08
+#define NR_DO_KGTIME_DEC	0x08
-#define NR_DO_KGTIME_DEC	0x09
+#define NR_DO_KGTIME_AUT	0x09
-#define NR_DO_KGTIME_AUT	0x0a
+#define NR_DO_LOGIN_DATA	0x0a
-#define NR_DO_LOGIN_DATA	0x0b
+#define NR_DO_URL		0x0b
-#define NR_DO_URL		0x0c
+#define NR_DO_NAME		0x0c
-#define NR_DO_NAME		0x0d
+#define NR_DO_LANGUAGE		0x0d
-#define NR_DO_LANGUAGE		0x0e
+#define NR_DO_PRVKEY_SIG	0x0e
-#define NR_DO_PRVKEY_SIG	0x0f
+#define NR_DO_PRVKEY_DEC	0x0f
-#define NR_DO_PRVKEY_DEC	0x10
+#define NR_DO_PRVKEY_AUT	0x10
-#define NR_DO_PRVKEY_AUT	0x11
+#define NR_DO_KEYSTRING_PW1	0x11
-#define NR_DO_KEYSTRING_PW1	0x12
+#define NR_DO_KEYSTRING_RC	0x12
-#define NR_DO_KEYSTRING_RC	0x13
+#define NR_DO_KEYSTRING_PW3	0x13
-#define NR_DO_KEYSTRING_PW3	0x14
+#define NR_DO__LAST__		20   /* == 0x14 */
 #define NR_DO__LAST__		21   /* == 0x15 */
 /* 14-bit counter for DS: Recorded in flash memory by 1-halfword (2-byte).  */
 /*
 * Representation of 14-bit counter:
@@ -332,7 +330,10 @@ extern uint8_t admin_authorized;
 *   1023: 0xc3ff
 */
 #define NR_COUNTER_DS_LSB	0xc0 /* ..0xc3 */
-/* 8-bit int or Boolean objects: Recorded in flash memory by 1-halfword (2-byte) */
+/*
 * Boolean object, small enum, or 8-bit integer:
 * Recorded in flash memory by 1-halfword (2-byte)
 */
 /*
 * Representation of Boolean object:
 *   0: No record in flash memory
@@ -340,7 +341,20 @@ extern uint8_t admin_authorized;
 */
 #define NR_BOOL_PW1_LIFETIME	0xf0
 /*
- * NR_BOOL_SOMETHING, NR_UINT_SOMETHING could be here...  Use 0xf?
+ * Representation of algorithm attribute object:
 *   RSA-2048:       No record in flash memory
 *   RSA-4096:       0xf?00
 *   ECC p256r1:     0xf?01
 *   ECC p256k1:     0xf?02
 *   ECC Ed25519:    0xf?03
 *   ECC Curve25519: 0xf?04
 * where <?> == 1 (signature), 2 (decryption) or 3 (authentication)
 */
 #define NR_KEY_ALGO_ATTR_SIG	0xf1
 #define NR_KEY_ALGO_ATTR_DEC	0xf2
 #define NR_KEY_ALGO_ATTR_AUT	0xf3
 /*
 * NR_UINT_SOMETHING could be here...  Use 0xf[456789abcd]
 */
 /* 123-counters: Recorded in flash memory by 2-halfword (4-byte).  */
 /*
@@ -371,6 +385,8 @@ extern const uint8_t openpgpcard_aid[14];
 void flash_bool_clear (const uint8_t **addr_p);
 const uint8_t *flash_bool_write (uint8_t nr);
 void flash_enum_clear (const uint8_t **addr_p);
 const uint8_t *flash_enum_write (uint8_t nr, uint8_t v);
 int flash_cnt123_get_value (const uint8_t *p);
 void flash_cnt123_increment (uint8_t which, const uint8_t **addr_p);
 void flash_cnt123_clear (const uint8_t **addr_p);
@@ -379,6 +395,7 @@ void flash_warning (const char *msg);
 void flash_put_data_internal (const uint8_t *p, uint16_t hw);
 void flash_bool_write_internal (const uint8_t *p, int nr);
 void flash_enum_write_internal (const uint8_t *p, int nr, uint8_t v);
 void flash_cnt123_write_internal (const uint8_t *p, int which, int v);
 void flash_do_write_internal (const uint8_t *p, int nr,
 			      const uint8_t *data, int len);
--- a/src/openpgp-do.c
+++ b/src/openpgp-do.c
@@ -294,7 +294,7 @@ static const struct do_table_entry *get_do_entry (uint16_t tag);
 static const uint8_t *do_ptr[NR_DO__LAST__];
-static uint8_t
+static int
 do_tag_to_nr (uint16_t tag)
 {
  switch (tag)
@@ -328,7 +328,7 @@ do_tag_to_nr (uint16_t tag)
    case GPG_DO_LANGUAGE:
      return NR_DO_LANGUAGE;
    default:
-      return NR_NONE;
+      return -1;
    }
 }
@@ -710,7 +710,7 @@ int
 gpg_do_load_prvkey (enum kind_of_key kk, int who, const uint8_t *keystring)
 {
  uint8_t nr = get_do_ptr_nr_for_kk (kk);
-  const uint8_t *do_data = do_ptr[nr - NR_DO__FIRST__];
+  const uint8_t *do_data = do_ptr[nr];
  const uint8_t *key_addr;
  uint8_t dek[DATA_ENCRYPTION_KEY_SIZE];
  const uint8_t *iv;
@@ -750,13 +750,13 @@ static void
 gpg_do_delete_prvkey (enum kind_of_key kk)
 {
  uint8_t nr = get_do_ptr_nr_for_kk (kk);
-  const uint8_t *do_data = do_ptr[nr - NR_DO__FIRST__];
+  const uint8_t *do_data = do_ptr[nr];
  uint8_t *key_addr;
  if (do_data == NULL)
    return;
-  do_ptr[nr - NR_DO__FIRST__] = NULL;
+  do_ptr[nr] = NULL;
  flash_do_release (do_data);
  key_addr = kd[kk].key_addr;
  kd[kk].key_addr = NULL;
@@ -986,7 +986,7 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len,
    memset (pd->dek_encrypted_3, 0, DATA_ENCRYPTION_KEY_SIZE);
  p = flash_do_write (nr, (const uint8_t *)pd, sizeof (struct prvkey_data));
-  do_ptr[nr - NR_DO__FIRST__] = p;
+  do_ptr[nr] = p;
  random_bytes_free (dek);
  memset (pd, 0, sizeof (struct prvkey_data));
@@ -1020,7 +1020,7 @@ gpg_do_chks_prvkey (enum kind_of_key kk,
 		    int who_new, const uint8_t *new_ks)
 {
  uint8_t nr = get_do_ptr_nr_for_kk (kk);
-  const uint8_t *do_data = do_ptr[nr - NR_DO__FIRST__];
+  const uint8_t *do_data = do_ptr[nr];
  uint8_t dek[DATA_ENCRYPTION_KEY_SIZE];
  struct prvkey_data *pd;
  const uint8_t *p;
@@ -1065,9 +1065,9 @@ gpg_do_chks_prvkey (enum kind_of_key kk,
  if (update_needed)
    {
      flash_do_release (do_data);
-      do_ptr[nr - NR_DO__FIRST__] = NULL;
+      do_ptr[nr] = NULL;
      p = flash_do_write (nr, (const uint8_t *)pd, sizeof (struct prvkey_data));
-      do_ptr[nr - NR_DO__FIRST__] = p;
+      do_ptr[nr] = p;
    }
  memset (pd, 0, sizeof (struct prvkey_data));
@@ -1341,7 +1341,7 @@ gpg_data_scan (const uint8_t *p_start)
 	  if (nr < 0x80)
 	    {
 	      /* It's Data Object */
-	      do_ptr[nr - NR_DO__FIRST__] = p;
+	      do_ptr[nr] = p;
 	      p += second_byte + 1; /* second_byte has length */
 	      if (((uint32_t)p & 1))
@@ -1379,17 +1379,17 @@ gpg_data_scan (const uint8_t *p_start)
  flash_set_data_pool_last (p);
  num_prv_keys = 0;
-  if (do_ptr[NR_DO_PRVKEY_SIG - NR_DO__FIRST__] != NULL)
+  if (do_ptr[NR_DO_PRVKEY_SIG] != NULL)
    num_prv_keys++;
-  if (do_ptr[NR_DO_PRVKEY_DEC - NR_DO__FIRST__] != NULL)
+  if (do_ptr[NR_DO_PRVKEY_DEC] != NULL)
    num_prv_keys++;
-  if (do_ptr[NR_DO_PRVKEY_AUT - NR_DO__FIRST__] != NULL)
+  if (do_ptr[NR_DO_PRVKEY_AUT] != NULL)
    num_prv_keys++;
  data_objects_number_of_bytes = 0;
-  for (i = NR_DO__FIRST__; i < NR_DO__LAST__; i++)
+  for (i = 0; i < NR_DO__LAST__; i++)
-    if (do_ptr[i - NR_DO__FIRST__] != NULL)
+    if (do_ptr[i] != NULL)
-      data_objects_number_of_bytes += *do_ptr[i - NR_DO__FIRST__];
+      data_objects_number_of_bytes += *do_ptr[i];
  if (dsc_l10_p == NULL)
    dsc_l10 = 0;
@@ -1441,14 +1441,14 @@ gpg_data_copy (const uint8_t *p_start)
      }
  data_objects_number_of_bytes = 0;
-  for (i = NR_DO__FIRST__; i < NR_DO__LAST__; i++)
+  for (i = 0; i < NR_DO__LAST__; i++)
-    if (do_ptr[i - NR_DO__FIRST__] != NULL)
+    if (do_ptr[i] != NULL)
      {
-	const uint8_t *do_data = do_ptr[i - NR_DO__FIRST__];
+	const uint8_t *do_data = do_ptr[i];
 	int len = do_data[0];
 	flash_do_write_internal (p, i, &do_data[1], len);
-	do_ptr[i - NR_DO__FIRST__] = p + 1;
+	do_ptr[i] = p + 1;
 	p += 2 + ((len + 1) & ~1);
 	data_objects_number_of_bytes += len;
      }
@@ -1658,9 +1658,9 @@ gpg_do_put_data (uint16_t tag, const uint8_t *data, int len)
 	      GPG_MEMORY_FAILURE ();
 	    else
 	      {
-		uint8_t nr = do_tag_to_nr (tag);
+		int nr = do_tag_to_nr (tag);
-		if (nr == NR_NONE)
+		if (nr < 0)
 		  GPG_MEMORY_FAILURE ();
 		else
 		  {
@@ -1796,7 +1796,7 @@ gpg_do_read_simple (uint8_t nr)
 {
  const uint8_t *do_data;
-  do_data = do_ptr[nr - NR_DO__FIRST__];
+  do_data = do_ptr[nr];
  if (do_data == NULL)
    return NULL;
@@ -1808,7 +1808,7 @@ gpg_do_write_simple (uint8_t nr, const uint8_t *data, int size)
 {
  const uint8_t **do_data_p;
-  do_data_p = (const uint8_t **)&do_ptr[nr - NR_DO__FIRST__];
+  do_data_p = (const uint8_t **)&do_ptr[nr];
  if (*do_data_p)
    flash_do_release (*do_data_p);