deon/gnuk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into ecc_p256

Browse Source
This commit is contained in:
NIIBE Yutaka
2013-02-17 21:28:58 +09:00
parent 03e495e84f ed61ed980d
commit cb1a4c09b5
18 changed files with 138 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
ChangeLog
View File

@@ -1,3 +1,21 @@
2013-02-15 Niibe Yutaka <gniibe@fsij.org>
* Version 1.0.2.
* src/usb_desc.c (gnukStringSerial): Updated.
2013-02-14 Niibe Yutaka <gniibe@fsij.org>
* test/features/002_get_data_static.feature: Value of extended
capabilities changed.
* test/features/402_get_data_static.feature: Ditto.
* test/features/802_get_data_static.feature: Ditto.
* src/openpgp.c (cmd_write_binary): Move erasing page of update
keys to...
(modify_binary): ...here.
* src/flash.c (flash_write_binary): Handle removal of update keys.
2013-02-13 Niibe Yutaka <gniibe@fsij.org> 2013-02-13 Niibe Yutaka <gniibe@fsij.org>
* src/openpgp.c (cmd_get_challenge): Handle Le field. * src/openpgp.c (cmd_get_challenge): Handle Le field.
@@ -7,7 +25,6 @@
* src/gnuk.h (CHALLENGE_LEN): Moved here (was: openpgp.c). * src/gnuk.h (CHALLENGE_LEN): Moved here (was: openpgp.c).
* tool/gnuk_token.py (iso7816_compose): Add Le field. * tool/gnuk_token.py (iso7816_compose): Add Le field.
(gnuk_token.cmd_get_challenge): Supply Le.
2013-01-30 Niibe Yutaka <gniibe@fsij.org> 2013-01-30 Niibe Yutaka <gniibe@fsij.org>

7
NEWS
View File

@@ -2,7 +2,7 @@ Gnuk NEWS - User visible changes
* Major changes in Gnuk 1.0.2 * Major changes in Gnuk 1.0.2
Released 2012-12-??, by NIIBE Yutaka Released 2013-02-15, by NIIBE Yutaka
** Product string is now "Gnuk Token" (was: "FSIJ USB Token") ** Product string is now "Gnuk Token" (was: "FSIJ USB Token")
Since the USB ID Repository suggests not including vendor name Since the USB ID Repository suggests not including vendor name
@@ -31,6 +31,11 @@ field was 0, which was wrong (but it works for most PC/SC
implementations and GnuPG internal driver). Now it's 1, which means implementations and GnuPG internal driver). Now it's 1, which means
1*BWT. 1*BWT.
** OpenPGP card protocol enhancement
Now, VERIFY command accepts empty data and returns remaining trial
counts, or 0x9000 (OK) when it's already authenticated. This is
useful for application to synchronize card's authentication status.
* Major changes in Gnuk 1.0.1 * Major changes in Gnuk 1.0.1

10
README
View File

@@ -1,7 +1,7 @@
Gnuk - An Implementation of USB Cryptographic Token for GnuPG Gnuk - An Implementation of USB Cryptographic Token for GnuPG
Version 1.0.1 Version 1.0.2
2012-08-03 2013-02-15
Niibe Yutaka Niibe Yutaka
Free Software Initiative of Japan Free Software Initiative of Japan
@@ -42,7 +42,7 @@ A0: Good points of Gnuk are:
"for Free Software"; Gnuk supports GnuPG. "for Free Software"; Gnuk supports GnuPG.
Q1: What kind of key algorithm is supported? Q1: What kind of key algorithm is supported?
A1: Gnuk only supports 2048-bit RSA. A1: Gnuk version 1 only supports 2048-bit RSA.
Q2: How long does it take for digital signing? Q2: How long does it take for digital signing?
A2: It takes a second and a half or so. A2: It takes a second and a half or so.
@@ -115,9 +115,9 @@ Ac: ST-Link/V2 is cheap one. We have a tool/stlinkv2.py as flash ROM
Release notes Release notes
============= =============
This is a minor release in version 1.0 series of Gnuk. This is a second minor release in version 1.0 series of Gnuk.
While it is daily use for more than a year, some newly introduced While it is daily use for a year and a half, some newly introduced
features (including key generation and firmware upgrade) should be features (including key generation and firmware upgrade) should be
considered experimental. considered experimental.

1
THANKS
View File

@@ -11,6 +11,7 @@ Hironobu SUZUKI hironobu@h2np.net
Jan Suhr jan@suhr.info Jan Suhr jan@suhr.info
Kaz Kojima kkojima@rr.iij4u.or.jp Kaz Kojima kkojima@rr.iij4u.or.jp
Ludovic Rousseau ludovic.rousseau@free.fr Ludovic Rousseau ludovic.rousseau@free.fr
Luis Felipe R. Murillo luisfelipe@ucla.edu
MATSUU Takuto matsuu@gentoo.org MATSUU Takuto matsuu@gentoo.org
NAGAMI Takeshi nagami-takeshi@aist.go.jp NAGAMI Takeshi nagami-takeshi@aist.go.jp
Shane Coughlan scoughlan@openinventionnetwork.com Shane Coughlan scoughlan@openinventionnetwork.com

9
src/flash.c
View File

@@ -1,7 +1,8 @@
/* /*
* flash.c -- Data Objects (DO) and GPG Key handling on Flash ROM * flash.c -- Data Objects (DO) and GPG Key handling on Flash ROM
* *
* Copyright (C) 2010, 2011, 2012 Free Software Initiative of Japan * Copyright (C) 2010, 2011, 2012, 2013
* Free Software Initiative of Japan
* Author: NIIBE Yutaka <gniibe@fsij.org> * Author: NIIBE Yutaka <gniibe@fsij.org>
* *
* This file is a part of Gnuk, a GnuPG USB Token implementation. * This file is a part of Gnuk, a GnuPG USB Token implementation.
@@ -516,6 +517,12 @@ flash_write_binary (uint8_t file_id, const uint8_t *data,
{ {
maxsize = KEY_CONTENT_LEN; maxsize = KEY_CONTENT_LEN;
p = gpg_get_firmware_update_key (file_id - FILEID_UPDATE_KEY_0); p = gpg_get_firmware_update_key (file_id - FILEID_UPDATE_KEY_0);
if (len == 0 && offset == 0)
{ /* This means removal of update key. */
if (flash_program_halfword ((uint32_t)p, 0) != 0)
flash_warning ("DO WRITE ERROR");
return 0;
}
} }
#if defined(CERTDO_SUPPORT) #if defined(CERTDO_SUPPORT)
else if (file_id == FILEID_CH_CERTIFICATE) else if (file_id == FILEID_CH_CERTIFICATE)

1
src/main.c
View File

@@ -178,6 +178,7 @@ extern msg_t USBthread (void *arg);
#define LED_TIMEOUT_STOP MS2ST(200) #define LED_TIMEOUT_STOP MS2ST(200)
/* It has two-byte prefix and content is "FSIJ-1.0.1-" (2 + 11*2). */
#define ID_OFFSET 24 #define ID_OFFSET 24
static void static void
device_initialize_once (void) device_initialize_once (void)

3
src/openpgp-do.c
View File

@@ -1,7 +1,8 @@
/* /*
* openpgp-do.c -- OpenPGP card Data Objects (DO) handling * openpgp-do.c -- OpenPGP card Data Objects (DO) handling
* *
* Copyright (C) 2010, 2011, 2012 Free Software Initiative of Japan * Copyright (C) 2010, 2011, 2012, 2013
* Free Software Initiative of Japan
* Author: NIIBE Yutaka <gniibe@fsij.org> * Author: NIIBE Yutaka <gniibe@fsij.org>
* *
* This file is a part of Gnuk, a GnuPG USB Token implementation. * This file is a part of Gnuk, a GnuPG USB Token implementation.

41
src/openpgp.c
View File

@@ -1,7 +1,8 @@
/* /*
* openpgp.c -- OpenPGP card protocol support * openpgp.c -- OpenPGP card protocol support
* *
* Copyright (C) 2010, 2011, 2012 Free Software Initiative of Japan * Copyright (C) 2010, 2011, 2012, 2013
* Free Software Initiative of Japan
* Author: NIIBE Yutaka <gniibe@fsij.org> * Author: NIIBE Yutaka <gniibe@fsij.org>
* *
* This file is a part of Gnuk, a GnuPG USB Token implementation. * This file is a part of Gnuk, a GnuPG USB Token implementation.
@@ -946,6 +947,26 @@ modify_binary (uint8_t op, uint8_t p1, uint8_t p2, int len)
return; return;
} }
if (file_id >= FILEID_UPDATE_KEY_0 && file_id <= FILEID_UPDATE_KEY_3
&& len == 0 && offset == 0)
{
int i;
const uint8_t *p;
for (i = 0; i < 4; i++)
{
p = gpg_get_firmware_update_key (i);
if (p[0] != 0x00 || p[1] != 0x00) /* still valid */
break;
}
if (i == 4) /* all update keys are removed */
{
p = gpg_get_firmware_update_key (0);
flash_erase_page ((uint32_t)p);
}
}
GPG_SUCCESS (); GPG_SUCCESS ();
} }
@@ -967,25 +988,9 @@ static void
cmd_write_binary (void) cmd_write_binary (void)
{ {
int len = apdu.cmd_apdu_data_len; int len = apdu.cmd_apdu_data_len;
int i;
const uint8_t *p;
DEBUG_INFO (" - WRITE BINARY\r\n"); DEBUG_INFO (" - WRITE BINARY\r\n");
modify_binary (MBD_OPRATION_WRITE, P1 (apdu), P2 (apdu), len); modify_binary (MBD_OPRATION_WRITE, P1 (apdu), P2 (apdu), len);
for (i = 0; i < 4; i++)
{
p = gpg_get_firmware_update_key (i);
if (p[0] != 0x00 || p[1] != 0x00) /* still valid */
break;
}
if (i == 4) /* all update keys are removed */
{
p = gpg_get_firmware_update_key (0);
flash_erase_page ((uint32_t)p);
}
DEBUG_INFO ("WRITE BINARY done.\r\n"); DEBUG_INFO ("WRITE BINARY done.\r\n");
} }
@@ -1044,7 +1049,7 @@ cmd_get_challenge (void)
return; return;
} }
else if (len == 0) else if (len == 0)
/* backward compatibility */ /* Le is not specified. Return full-sized challenge by GET_RESPONSE. */
len = CHALLENGE_LEN; len = CHALLENGE_LEN;
if (challenge) if (challenge)

4
src/usb_desc.c
View File

@@ -260,9 +260,9 @@ static const uint8_t gnukStringLangID[] = {
const uint8_t gnukStringSerial[] = { const uint8_t gnukStringSerial[] = {
19*2+2, /* bLength */ 19*2+2, /* bLength */
USB_STRING_DESCRIPTOR_TYPE, /* bDescriptorType */ USB_STRING_DESCRIPTOR_TYPE, /* bDescriptorType */
/* FSIJ-1.0 */ /* FSIJ-1.0.1- */
'F', 0, 'S', 0, 'I', 0, 'J', 0, '-', 0, 'F', 0, 'S', 0, 'I', 0, 'J', 0, '-', 0,
'1', 0, '.', 0, '0', 0, '.', 0, '1', 0, /* Version number of Gnuk */ '1', 0, '.', 0, '0', 0, '.', 0, '2', 0, /* Version number of Gnuk */
'-', 0, '-', 0,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,

2
test/features/002_get_data_static.feature
View File

@@ -8,7 +8,7 @@ Feature: command GET DATA
Scenario: data object extended capabilities Scenario: data object extended capabilities
When requesting extended capabilities: c0 When requesting extended capabilities: c0
Then data should match: \x30\x00\x00\x00[\x00\x08]\x00\x00\xff\x01\x00 Then data should match: \x70\x00\x00\x20[\x00\x08]\x00\x00\xff\x01\x00
Scenario: data object algorithm attributes 1 Scenario: data object algorithm attributes 1
When requesting algorithm attributes 1: c1 When requesting algorithm attributes 1: c1

2
test/features/402_get_data_static.feature
View File

@@ -8,7 +8,7 @@ Feature: command GET DATA
Scenario: data object extended capabilities Scenario: data object extended capabilities
When requesting extended capabilities: c0 When requesting extended capabilities: c0
Then data should match: \x30\x00\x00\x00[\x00\x08]\x00\x00\xff\x01\x00 Then data should match: \x70\x00\x00\x20[\x00\x08]\x00\x00\xff\x01\x00
Scenario: data object algorithm attributes 1 Scenario: data object algorithm attributes 1
When requesting algorithm attributes 1: c1 When requesting algorithm attributes 1: c1

2
test/features/802_get_data_static.feature
View File

@@ -8,7 +8,7 @@ Feature: command GET DATA
Scenario: data object extended capabilities Scenario: data object extended capabilities
When requesting extended capabilities: c0 When requesting extended capabilities: c0
Then data should match: \x30\x00\x00\x00[\x00\x08]\x00\x00\xff\x01\x00 Then data should match: \x70\x00\x00\x20[\x00\x08]\x00\x00\xff\x01\x00
Scenario: data object algorithm attributes 1 Scenario: data object algorithm attributes 1
When requesting algorithm attributes 1: c1 When requesting algorithm attributes 1: c1

4
tool/gnuk_token.py
View File

@@ -1,7 +1,7 @@
""" """
gnuk_token.py - a library for Gnuk Token gnuk_token.py - a library for Gnuk Token
Copyright (C) 2011, 2012 Free Software Initiative of Japan Copyright (C) 2011, 2012, 2013 Free Software Initiative of Japan
Author: NIIBE Yutaka <gniibe@fsij.org> Author: NIIBE Yutaka <gniibe@fsij.org>
This file is a part of Gnuk, a GnuPG USB Token implementation. This file is a part of Gnuk, a GnuPG USB Token implementation.
@@ -431,7 +431,7 @@ class gnuk_token(object):
raise ValueError, ("%02x%02x" % (sw[0], sw[1])) raise ValueError, ("%02x%02x" % (sw[0], sw[1]))
def cmd_get_challenge(self): def cmd_get_challenge(self):
cmd_data = iso7816_compose(0x84, 0x00, 0x00, '', le=32) cmd_data = iso7816_compose(0x84, 0x00, 0x00, '')
sw = self.icc_send_cmd(cmd_data) sw = self.icc_send_cmd(cmd_data)
if len(sw) != 2: if len(sw) != 2:
raise ValueError(sw) raise ValueError(sw)

22
tool/gpg_agent.py
View File

@@ -1,3 +1,25 @@
"""
gpg_agent.py - a library to connect gpg-agent
Copyright (C) 2013 Free Software Initiative of Japan
Author: NIIBE Yutaka <gniibe@fsij.org>
This file is a part of Gnuk, a GnuPG USB Token implementation.
Gnuk is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
Gnuk is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
import platform, os, socket import platform, os, socket
IS_WINDOWS=(platform.system() == 'Windows') IS_WINDOWS=(platform.system() == 'Windows')

22
tool/pageant_proxy_to_gpg.py
View File

@@ -1,3 +1,25 @@
"""
pagent_proxy_to_gpg.py - Connect gpg-agent as Pagent
Copyright (C) 2013 Free Software Initiative of Japan
Author: NIIBE Yutaka <gniibe@fsij.org>
This file is a part of Gnuk, a GnuPG USB Token implementation.
Gnuk is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
Gnuk is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
import os, sys, re, hashlib, binascii import os, sys, re, hashlib, binascii
from struct import * from struct import *
from gpg_agent import gpg_agent from gpg_agent import gpg_agent

2
tool/pinpadtest.py
View File

@@ -3,7 +3,7 @@
""" """
pinpadtest.py - a tool to test variable length pin entry with pinpad pinpadtest.py - a tool to test variable length pin entry with pinpad
Copyright (C) 2011, 2012 Free Software Initiative of Japan Copyright (C) 2011, 2012, 2013 Free Software Initiative of Japan
Author: NIIBE Yutaka <gniibe@fsij.org> Author: NIIBE Yutaka <gniibe@fsij.org>
This file is a part of Gnuk, a GnuPG USB Token implementation. This file is a part of Gnuk, a GnuPG USB Token implementation.

21
tool/sexp.py
View File

@@ -2,6 +2,27 @@
# #
# See: http://people.csail.mit.edu/rivest/sexp.html # See: http://people.csail.mit.edu/rivest/sexp.html
# #
"""
sexp.py - a library for SEXP
Copyright (C) 2013 Free Software Initiative of Japan
Author: NIIBE Yutaka <gniibe@fsij.org>
This file is a part of Gnuk, a GnuPG USB Token implementation.
Gnuk is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
Gnuk is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
import re import re

2
tool/upgrade_by_passwd.py
View File

@@ -4,7 +4,7 @@
upgrade_by_passwd.py - a tool to install another firmware for Gnuk Token upgrade_by_passwd.py - a tool to install another firmware for Gnuk Token
which is just shipped from factory which is just shipped from factory
Copyright (C) 2012 Free Software Initiative of Japan Copyright (C) 2012, 2013 Free Software Initiative of Japan
Author: NIIBE Yutaka <gniibe@fsij.org> Author: NIIBE Yutaka <gniibe@fsij.org>
This file is a part of Gnuk, a GnuPG USB Token implementation. This file is a part of Gnuk, a GnuPG USB Token implementation.