deon/gnuk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Version 1.2.1

Browse Source
This commit is contained in:
NIIBE Yutaka
2016-07-11 13:16:25 +09:00
parent dc568422b1
commit 789446e640
10 changed files with 68 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
ChangeLog
View File

@@ -1,3 +1,26 @@
2016-07-11 NIIBE Yutaka <gniibe@fsij.org>
* VERSION: 1.2.1.
* src/usb-ccid.c (ccid_power_on): Fix call of chopstx_create.
* src/usb-msc.c (msc_init): Ditto.
* src/pin-cir.c (cir_init): Ditto.
* src/neug.c (neug_init): Ditto.
* src/main.c (main): Ditto.
* src/usb-ccid.c (struct ccid): Arrange for smaller footprint.
* src/gnuk.h (struct apdu): Likewise.
* src/usb-ccid.c (ccid_card_change_signal): Don't touch ccid_state_p.
(ccid_state_p): This is constant.
* src/configure (output_vendor_product_serial_strings): Add const
qualifier.
* src/usb-ccid.c (epo_init, epi_init): Simplify without notify method.
(EP1_IN_Callback, EP1_OUT_Callback): Call notify_tx and notify_icc
directly.
2016-07-09 NIIBE Yutaka <gniibe@fsij.org> 2016-07-09 NIIBE Yutaka <gniibe@fsij.org>
* src/openpgp.c (openpgp_card_thread): Don't need to get SELF. * src/openpgp.c (openpgp_card_thread): Don't need to get SELF.

20
README
View File

@@ -1,23 +1,23 @@
Gnuk - An Implementation of USB Cryptographic Token for GnuPG Gnuk - An Implementation of USB Cryptographic Token for GnuPG
Version 1.2.0 Version 1.2.1
2016-05-20 2016-07-11
Niibe Yutaka Niibe Yutaka
Free Software Initiative of Japan Free Software Initiative of Japan
Release Notes Release Notes
============= =============
This is new release of Gnuk, version 1.2.0, which has major This is the release of Gnuk, version 1.2.1, which has major
incompatible changes to Gnuk 1.0.x. Specifically, it now supports incompatible changes to Gnuk 1.0.x. Specifically, it now supports
overriding key import, but importing keys (or generating keys) results overriding key import, but importing keys (or generating keys) results
password reset. Please update your documentation for Gnuk Token, so password reset. Please update your documentation for Gnuk Token, so
that the instruction of importing keys won't cause any confusion. that the instruction of importing keys won't cause any confusion.
It has supports of EdDSA, ECDSA (with NIST P256 and secp256k1), and It has supports of EdDSA, ECDSA (with NIST P256 and secp256k1), and
ECDH (with NIST P256, secp256k1, and X25519), but this ECC feature is ECDH (with X25519, NIST P256 and secp256k1), but this ECC feature is
somehow experimental, and it requires modern GnuPG 2.1.x with somehow experimental, and it requires modern GnuPG 2.1 with libgcrypt
libgcrypt 1.7.0 or later. 1.7.0 or later.
It also supports RSA-4096, but users should know that it takes more It also supports RSA-4096, but users should know that it takes more
than 8 seconds to sign/decrypt. Key generation of RSA-4096 just fails, than 8 seconds to sign/decrypt. Key generation of RSA-4096 just fails,
@@ -62,8 +62,8 @@ A0: Good points of Gnuk are:
Q1: What kind of key algorithm is supported? Q1: What kind of key algorithm is supported?
A1: Gnuk version 1.0 only supports RSA-2048. A1: Gnuk version 1.0 only supports RSA-2048.
Gnuk version 1.2.x supports 256-bit EdDSA and ECDSA, as well as Gnuk version 1.2.x supports 255-bit EdDSA, as well as RSA-4096.
RSA-4096. But it takes long time to sign with RSA-4096. (Note that it takes long time to sign with RSA-4096.)
Q2: How long does it take for digital signing? Q2: How long does it take for digital signing?
A2: It takes a second and a half or so for RSA-2048. A2: It takes a second and a half or so for RSA-2048.
@@ -77,7 +77,7 @@ A3: Orthodox choice is Olimex STM32-H103.
choice for experiment. choice for experiment.
Q4: What's version of GnuPG are you using? Q4: What's version of GnuPG are you using?
A4: In Debian GNU/Linux system, I use GnuPG modern 2.1.12 in A4: In Debian GNU/Linux system, I use GnuPG modern 2.1.13 in
experimental. experimental.
Q5: What's version of pcscd and libccid are you using? Q5: What's version of pcscd and libccid are you using?
@@ -248,7 +248,7 @@ External source code
Gnuk is distributed with external source code. Gnuk is distributed with external source code.
* chopstx/ -- Chopstx 0.11 * chopstx/ -- Chopstx 1.1
We use Chopstx as the kernel for Gnuk. We use Chopstx as the kernel for Gnuk.

2
VERSION
View File

@@ -1 +1 @@
release/1.2.0 release/1.2.1

2
src/configure vendored
View File

@@ -290,7 +290,7 @@ output_vendor_product_serial_strings () {
if test -n "$prefix"; then if test -n "$prefix"; then
echo echo
echo "uint8_t ${prefix}string_serial[] = {" echo "const uint8_t ${prefix}string_serial[] = {"
echo " ${#SERIALNO}*2+2+16, /* bLength */" echo " ${#SERIALNO}*2+2+16, /* bLength */"
echo " STRING_DESCRIPTOR, /* bDescriptorType */" echo " STRING_DESCRIPTOR, /* bDescriptorType */"
echo " /* Serial number: \"$SERIALNO\" */" echo " /* Serial number: \"$SERIALNO\" */"

4
src/gnuk.h
View File

@@ -12,8 +12,8 @@ struct apdu {
/* response APDU */ /* response APDU */
uint16_t sw; uint16_t sw;
uint8_t *res_apdu_data;
uint16_t res_apdu_data_len; uint16_t res_apdu_data_len;
uint8_t *res_apdu_data;
}; };
extern struct apdu apdu; extern struct apdu apdu;
@@ -66,7 +66,7 @@ enum ccid_state {
}; };
extern enum ccid_state *ccid_state_p; extern enum ccid_state *const ccid_state_p;
extern volatile uint8_t auth_status; extern volatile uint8_t auth_status;
#define AC_NONE_AUTHORIZED 0x00 #define AC_NONE_AUTHORIZED 0x00

8
src/main.c
View File

@@ -184,9 +184,9 @@ calculate_regnual_entry_address (const uint8_t *addr)
return v; return v;
} }
extern uint8_t __process1_stack_base__, __process1_stack_size__; extern uint8_t __process1_stack_base__[], __process1_stack_size__[];
const uint32_t __stackaddr_ccid = (uint32_t)&__process1_stack_base__; #define STACK_ADDR_CCID ((uint32_t)__process1_stack_base__)
const size_t __stacksize_ccid = (size_t)&__process1_stack_size__; #define STACK_SIZE_CCID ((uint32_t)__process1_stack_size__)
#define PRIO_CCID 3 #define PRIO_CCID 3
#define PRIO_MAIN 5 #define PRIO_MAIN 5
@@ -225,7 +225,7 @@ main (int argc, char *argv[])
stdout_init (); stdout_init ();
#endif #endif
ccid_thd = chopstx_create (PRIO_CCID, __stackaddr_ccid, __stacksize_ccid, ccid_thd = chopstx_create (PRIO_CCID, STACK_ADDR_CCID, STACK_SIZE_CCID,
ccid_thread, NULL); ccid_thread, NULL);
#ifdef PINPAD_CIR_SUPPORT #ifdef PINPAD_CIR_SUPPORT

8
src/neug.c
View File

@@ -640,9 +640,9 @@ rng (void *arg)
static struct rng_rb the_ring_buffer; static struct rng_rb the_ring_buffer;
extern uint8_t __process2_stack_base__, __process2_stack_size__; extern uint8_t __process2_stack_base__[], __process2_stack_size__[];
const uint32_t __stackaddr_rng = (uint32_t)&__process2_stack_base__; #define STACK_ADDR_RNG ((uint32_t)__process2_stack_base__)
const size_t __stacksize_rng = (size_t)&__process2_stack_size__; #define STACK_SIZE_RNG ((uint32_t)__process2_stack_size__)
#define PRIO_RNG 2 #define PRIO_RNG 2
/** /**
@@ -668,7 +668,7 @@ neug_init (uint32_t *buf, uint8_t size)
neug_mode = NEUG_MODE_CONDITIONED; neug_mode = NEUG_MODE_CONDITIONED;
rb_init (rb, buf, size); rb_init (rb, buf, size);
rng_thread = chopstx_create (PRIO_RNG, __stackaddr_rng, __stacksize_rng, rng_thread = chopstx_create (PRIO_RNG, STACK_ADDR_RNG, STACK_SIZE_RNG,
rng, rb); rng, rb);
} }

10
src/pin-cir.c
View File

@@ -964,9 +964,9 @@ cir_timer_interrupt (void)
} }
extern uint8_t __process6_stack_base__, __process6_stack_size__; extern uint8_t __process6_stack_base__[], __process6_stack_size__[];
const uint32_t __stackaddr_tim = (uint32_t)&__process6_stack_base__; #define STACK_ADDR_TIM ((uint32_t)__process6_stack_base__)
const size_t __stacksize_tim = (size_t)&__process6_stack_size__; #define STACK_SIZE_TIM ((uint32_t)__process6_stack_size__)
#define PRIO_TIM 4 #define PRIO_TIM 4
static void * static void *
@@ -1057,6 +1057,6 @@ cir_init (void)
/* Generate UEV to upload PSC and ARR */ /* Generate UEV to upload PSC and ARR */
TIMx->EGR = TIM_EGR_UG; TIMx->EGR = TIM_EGR_UG;
chopstx_create (PRIO_TIM, __stackaddr_tim, __stacksize_tim, tim_main, NULL); chopstx_create (PRIO_TIM, STACK_ADDR_TIM, STACK_SIZE_TIM, tim_main, NULL);
chopstx_create (PRIO_EXT, __stackaddr_ext, __stacksize_ext, ext_main, NULL); chopstx_create (PRIO_EXT, STACK_ADDR_EXT, STACK_SIZE_EXT, ext_main, NULL);
} }

36
src/usb-ccid.c
View File

@@ -77,7 +77,6 @@ struct apdu apdu;
struct ep_in { struct ep_in {
uint8_t ep_num; uint8_t ep_num;
uint8_t tx_done; uint8_t tx_done;
void (*notify) (struct ep_in *epi);
const uint8_t *buf; const uint8_t *buf;
size_t cnt; size_t cnt;
size_t buf_len; size_t buf_len;
@@ -85,12 +84,10 @@ struct ep_in {
void (*next_buf) (struct ep_in *epi, size_t len); void (*next_buf) (struct ep_in *epi, size_t len);
}; };
static void epi_init (struct ep_in *epi, int ep_num, static void epi_init (struct ep_in *epi, int ep_num, void *priv)
void (*notify) (struct ep_in *epi), void *priv)
{ {
epi->ep_num = ep_num; epi->ep_num = ep_num;
epi->tx_done = 0; epi->tx_done = 0;
epi->notify = notify;
epi->buf = NULL; epi->buf = NULL;
epi->cnt = 0; epi->cnt = 0;
epi->buf_len = 0; epi->buf_len = 0;
@@ -101,7 +98,6 @@ static void epi_init (struct ep_in *epi, int ep_num,
struct ep_out { struct ep_out {
uint8_t ep_num; uint8_t ep_num;
uint8_t err; uint8_t err;
void (*notify) (struct ep_out *epo);
uint8_t *buf; uint8_t *buf;
size_t cnt; size_t cnt;
size_t buf_len; size_t buf_len;
@@ -113,12 +109,10 @@ struct ep_out {
static struct ep_out endpoint_out; static struct ep_out endpoint_out;
static struct ep_in endpoint_in; static struct ep_in endpoint_in;
static void epo_init (struct ep_out *epo, int ep_num, static void epo_init (struct ep_out *epo, int ep_num, void *priv)
void (*notify) (struct ep_out *epo), void *priv)
{ {
epo->ep_num = ep_num; epo->ep_num = ep_num;
epo->err = 0; epo->err = 0;
epo->notify = notify;
epo->buf = NULL; epo->buf = NULL;
epo->cnt = 0; epo->cnt = 0;
epo->buf_len = 0; epo->buf_len = 0;
@@ -189,11 +183,11 @@ struct ccid_header {
struct ccid { struct ccid {
enum ccid_state ccid_state; enum ccid_state ccid_state;
uint8_t state; uint8_t state;
uint8_t err;
uint8_t *p; uint8_t *p;
size_t len; size_t len;
uint8_t err;
struct ccid_header ccid_header; struct ccid_header ccid_header;
uint8_t sw1sw2[2]; uint8_t sw1sw2[2];
@@ -256,8 +250,6 @@ static void ccid_reset (struct ccid *c)
static void ccid_init (struct ccid *c, struct ep_in *epi, struct ep_out *epo, static void ccid_init (struct ccid *c, struct ep_in *epi, struct ep_out *epo,
struct apdu *a) struct apdu *a)
{ {
ccid_state_p = &c->ccid_state;
c->ccid_state = CCID_STATE_START; c->ccid_state = CCID_STATE_START;
c->state = APDU_STATE_WAIT_COMMAND; c->state = APDU_STATE_WAIT_COMMAND;
c->p = a->cmd_apdu_data; c->p = a->cmd_apdu_data;
@@ -365,7 +357,7 @@ EP1_IN_Callback (uint16_t len)
(void)len; (void)len;
if (epi->buf == NULL) if (epi->buf == NULL)
if (epi->tx_done) if (epi->tx_done)
epi->notify (epi); notify_tx (epi);
else else
{ {
epi->tx_done = 1; epi->tx_done = 1;
@@ -671,7 +663,7 @@ EP1_OUT_Callback (uint16_t len)
if (cont) if (cont)
usb_lld_rx_enable (epo->ep_num); usb_lld_rx_enable (epo->ep_num);
else else
epo->notify (epo); notify_icc (epo);
} }
@@ -781,9 +773,9 @@ static void ccid_error (struct ccid *c, int offset)
extern void *openpgp_card_thread (void *arg); extern void *openpgp_card_thread (void *arg);
extern uint8_t __process3_stack_base__, __process3_stack_size__; extern uint8_t __process3_stack_base__[], __process3_stack_size__[];
const uint32_t __stackaddr_gpg = (uint32_t)&__process3_stack_base__; #define STACK_ADDR_GPG ((uint32_t)__process3_stack_base__)
const size_t __stacksize_gpg = (size_t)&__process3_stack_size__; #define STACK_SIZE_GPG ((uint32_t)__process3_stack_size__)
#define PRIO_GPG 1 #define PRIO_GPG 1
@@ -795,8 +787,8 @@ ccid_power_on (struct ccid *c)
uint8_t p[CCID_MSG_HEADER_SIZE]; uint8_t p[CCID_MSG_HEADER_SIZE];
if (c->application == 0) if (c->application == 0)
c->application = chopstx_create (PRIO_GPG, __stackaddr_gpg, c->application = chopstx_create (PRIO_GPG, STACK_ADDR_GPG,
__stacksize_gpg, openpgp_card_thread, STACK_SIZE_GPG, openpgp_card_thread,
(void *)&c->ccid_comm); (void *)&c->ccid_comm);
p[0] = CCID_DATA_BLOCK_RET; p[0] = CCID_DATA_BLOCK_RET;
@@ -1341,7 +1333,7 @@ ccid_handle_timeout (struct ccid *c)
} }
static struct ccid ccid; static struct ccid ccid;
enum ccid_state *ccid_state_p = &ccid.ccid_state; enum ccid_state *const ccid_state_p = &ccid.ccid_state;
void void
ccid_card_change_signal (int how) ccid_card_change_signal (int how)
@@ -1514,8 +1506,8 @@ ccid_thread (void *arg)
struct ep_out *epo = &endpoint_out; struct ep_out *epo = &endpoint_out;
struct apdu *a = &apdu; struct apdu *a = &apdu;
epi_init (epi, ENDP1, notify_tx, c); epi_init (epi, ENDP1, c);
epo_init (epo, ENDP1, notify_icc, c); epo_init (epo, ENDP1, c);
apdu_init (a); apdu_init (a);
ccid_init (c, epi, epo, a); ccid_init (c, epi, epo, a);
} }

8
src/usb-msc.c
View File

@@ -31,9 +31,9 @@
#include "usb_lld.h" #include "usb_lld.h"
#include "usb-msc.h" #include "usb-msc.h"
extern uint8_t __process5_stack_base__, __process5_stack_size__; extern uint8_t __process5_stack_base__[], __process5_stack_size__[];
const uint32_t __stackaddr_msc = (uint32_t)&__process5_stack_base__; #define STACK_ADDR_MSC ((uint32_t)__process5_stack_base__)
const size_t __stacksize_msc = (size_t)&__process5_stack_size__; #define STACK_SIZE_MSC ((uint32_t)__process5_stack_size__)
#define PRIO_MSC 3 #define PRIO_MSC 3
static chopstx_mutex_t a_pinpad_mutex; static chopstx_mutex_t a_pinpad_mutex;
@@ -568,5 +568,5 @@ msc_main (void *arg)
void void
msc_init (void) msc_init (void)
{ {
chopstx_create (PRIO_MSC, __stackaddr_msc, __stacksize_msc, msc_main, NULL); chopstx_create (PRIO_MSC, STACK_ADDR_MSC, STACK_SIZE_MSC, msc_main, NULL);
} }