deon/gnuk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

keygen is configure option

Browse Source
This commit is contained in:
NIIBE Yutaka
2012-06-13 09:07:26 +09:00
parent ec0297050a
commit 956e89d10a
10 changed files with 56 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
ChangeLog
View File

@@ -1,3 +1,16 @@
2012-06-13 Niibe Yutaka <gniibe@fsij.org>
Key generation is configure option.
* src/configure (keygen): Add --enable-keygen option.
* src/Makefile.in (UDEFS): Add definition of KEYGEN_SUPPORT.
* src/call-rsa.c [KEYGEN_SUPPORT] (rsa_genkey): Conditionalize.
* src/random.c [KEYGEN_SUPPORT] (random_byte): Ditto.
* src/openpgp.c [KEYGEN_SUPPORT] (cmd_pgp_gakp): Ditto.
* src/openpgp-do.c [KEYGEN_SUPPORT] (gpg_do_keygen): Ditto.
* polarssl-0.14.0/include/polarssl/config.h: Ditto.
* polarssl-0.14.0/library/bignum.c [POLARSSL_GENPRIME]
(mpi_inv_mod): Unconditionalize.
2012-06-08 Niibe Yutaka <gniibe@fsij.org> 2012-06-08 Niibe Yutaka <gniibe@fsij.org>
* polarssl-0.14.0/library/bignum.c (mpi_cmp_mpi): Bug fix. * polarssl-0.14.0/library/bignum.c (mpi_cmp_mpi): Bug fix.

9
NEWS
View File

@@ -1,5 +1,14 @@
Gnuk NEWS - User visible changes Gnuk NEWS - User visible changes
* Major changes in Gnuk XXXX
Released 2012-XX-XX, by NIIBE Yutaka
** Key generation feature added
Finally, key generation is supported. Note that it is very slow. It
will takes a few minutes to generate two keys.
* Major changes in Gnuk 0.19 * Major changes in Gnuk 0.19
Released 2012-06-06, by NIIBE Yutaka Released 2012-06-06, by NIIBE Yutaka

2
polarssl-0.14.0/include/polarssl/config.h
View File

@@ -86,10 +86,12 @@
*/ */
#define POLARSSL_VERSION_C #define POLARSSL_VERSION_C
#ifdef KEYGEN_SUPPORT
/* /*
* Enable the prime-number generation code. * Enable the prime-number generation code.
*/ */
#define POLARSSL_GENPRIME #define POLARSSL_GENPRIME
#endif
/* /*
* Uncomment this macro to store the AES tables in ROM. * Uncomment this macro to store the AES tables in ROM.

4
polarssl-0.14.0/library/bignum.c
View File

@@ -1570,8 +1570,6 @@ cleanup:
return( ret ); return( ret );
} }
#if defined(POLARSSL_GENPRIME)
/* /*
* Modular inverse: X = A^-1 mod N (HAC 14.61 / 14.64) * Modular inverse: X = A^-1 mod N (HAC 14.61 / 14.64)
*/ */
@@ -1665,6 +1663,8 @@ cleanup:
return( ret ); return( ret );
} }
#if defined(POLARSSL_GENPRIME)
static const int small_prime[] = static const int small_prime[] =
{ {
3, 5, 7, 11, 13, 17, 19, 23, 3, 5, 7, 11, 13, 17, 19, 23,

2
src/Makefile.in
View File

@@ -175,7 +175,7 @@ DLIBS =
# #
# List all user C define here, like -D_DEBUG=1 # List all user C define here, like -D_DEBUG=1
UDEFS = UDEFS = @KEYGEN_SUPPORT@
# Define ASM defines here # Define ASM defines here
UADEFS = UADEFS =

2
src/call-rsa.c
View File

@@ -214,6 +214,7 @@ rsa_verify (const uint8_t *pubkey, const uint8_t *hash, const uint8_t *sig)
#define RSA_EXPONENT 0x10001 #define RSA_EXPONENT 0x10001
#ifdef KEYGEN_SUPPORT
const uint8_t * const uint8_t *
rsa_genkey (void) rsa_genkey (void)
{ {
@@ -243,3 +244,4 @@ rsa_genkey (void)
rsa_free (&rsa_ctx); rsa_free (&rsa_ctx);
return p_q_modulus; return p_q_modulus;
} }
#endif

20
src/configure vendored
View File

@@ -28,6 +28,7 @@ with_dfu=default
debug=no debug=no
pinpad=no pinpad=no
certdo=no certdo=no
keygen=no
# Process each option # Process each option
for option; do for option; do
@@ -59,6 +60,10 @@ for option; do
certdo=yes ;; certdo=yes ;;
--disable-certdo) --disable-certdo)
certdo=no ;; certdo=no ;;
--enable-keygen)
keygen=yes ;;
--disable-keygen)
keygen=no ;;
--with-dfu) --with-dfu)
with_dfu=yes ;; with_dfu=yes ;;
--without-dfu) --without-dfu)
@@ -93,6 +98,7 @@ Configuration:
--enable-pinpad={dnd,cir,dial} --enable-pinpad={dnd,cir,dial}
PIN entry support [no] PIN entry support [no]
--enable-certdo support CERT.3 data object [no] --enable-certdo support CERT.3 data object [no]
--enable-keygen support key generation [no]
--with-dfu build image for DFU [<target specific>] --with-dfu build image for DFU [<target specific>]
EOF EOF
exit 0 exit 0
@@ -188,11 +194,20 @@ if test "$certdo" = "yes"; then
echo "CERT.3 Data Object is supported" echo "CERT.3 Data Object is supported"
else else
CERTDO_DEFINE="#undef CERTDO_SUPPORT" CERTDO_DEFINE="#undef CERTDO_SUPPORT"
echo "CERT.3 Data Object is not supported" echo "CERT.3 Data Object is NOT supported"
fi
# --enable-keygen option
if test "$keygen" = "yes"; then
KEYGEN_SUPPORT="-DKEYGEN_SUPPORT"
echo "Key generation on device is supported"
else
KEYGEN_SUPPORT=""
echo "Key generation on device is NOT supported"
fi fi
REVISION=`git describe --dirty="-modified"` REVISION=`git describe --dirty="-modified"`
CONFIG="$target:dfu=$with_dfu:debug=$debug:pinpad=$pinpad:certdo=$certdo" CONFIG="$target:dfu=$with_dfu:debug=$debug:pinpad=$pinpad:certdo=$certdo:keygen=$keygen"
if !(IFS=" " if !(IFS=" "
while read VIDPID VERSION PRODUCT VENDOR; do while read VIDPID VERSION PRODUCT VENDOR; do
@@ -242,6 +257,7 @@ fi
sed -e "s%@BOARD_DIR@%$BOARD_DIR%" \ sed -e "s%@BOARD_DIR@%$BOARD_DIR%" \
-e "s%@DEBUG_MAKE_OPTION@%$DEBUG_MAKE_OPTION%" \ -e "s%@DEBUG_MAKE_OPTION@%$DEBUG_MAKE_OPTION%" \
-e "s%@PINPAD_MAKE_OPTION@%$PINPAD_MAKE_OPTION%" \ -e "s%@PINPAD_MAKE_OPTION@%$PINPAD_MAKE_OPTION%" \
-e "s%@KEYGEN_SUPPORT@%$KEYGEN_SUPPORT%" \
< Makefile.in > Makefile < Makefile.in > Makefile
if test "$certdo" = "yes"; then if test "$certdo" = "yes"; then
sed -e "/^@CERTDO_SUPPORT_START@$/ d" -e "/^@CERTDO_SUPPORT_END@$/ d" \ sed -e "/^@CERTDO_SUPPORT_START@$/ d" -e "/^@CERTDO_SUPPORT_END@$/ d" \

2
src/openpgp-do.c
View File

@@ -1481,6 +1481,7 @@ gpg_do_write_simple (uint8_t nr, const uint8_t *data, int size)
*do_data_p = NULL; *do_data_p = NULL;
} }
#ifdef KEYGEN_SUPPORT
void void
gpg_do_keygen (uint8_t kk_byte) gpg_do_keygen (uint8_t kk_byte)
{ {
@@ -1554,3 +1555,4 @@ gpg_do_keygen (uint8_t kk_byte)
gpg_do_public_key (kk_byte); gpg_do_public_key (kk_byte);
} }
#endif

4
src/openpgp.c
View File

@@ -483,8 +483,12 @@ cmd_pgp_gakp (void)
{ {
if (!ac_check_status (AC_ADMIN_AUTHORIZED)) if (!ac_check_status (AC_ADMIN_AUTHORIZED))
GPG_SECURITY_FAILURE (); GPG_SECURITY_FAILURE ();
#ifdef KEYGEN_SUPPORT
/* Generate key pair */ /* Generate key pair */
gpg_do_keygen (apdu.cmd_apdu_data[0]); gpg_do_keygen (apdu.cmd_apdu_data[0]);
#else
GPG_FUNCTION_NOT_SUPPORTED ();
#endif
} }
} }

4
src/random.c
View File

@@ -72,8 +72,9 @@ get_salt (void)
} }
#ifdef KEYGEN_SUPPORT
/* /*
* Rundom byte iterator * Random byte iterator
*/ */
uint8_t uint8_t
random_byte (void *arg) random_byte (void *arg)
@@ -97,3 +98,4 @@ random_byte (void *arg)
return v; return v;
} }
#endif