Fix .gitignore.

.gitignore

@@ -1,6 +1,7 @@
 *.lst
 *.o
 *.pyc
+regnual/regnual-no-vidpid.elf
 src/.dep
 src/config.mk
 src/config.h
@@ -8,6 +9,7 @@ src/gnuk.ld
 src/board.h
 src/build/*
 src/*.inc
+src/put-vid-pid-ver.sh
 regnual/regnual.bin
 regnual/regnual.hex
 regnual/regnual.elf

ChangeLog

@@ -1,3 +1,52 @@
+2018-01-23  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* VERSION: 1.2.8.
+
+	* src/Makefile (build/gnuk-vidpid.elf): Supply FILE here.
+	* src/configure (output_vendor_product_serial_strings): For
+	generating put-vid-pid-ver.sh, don't set FILE.
+
+	* regnual/regnual.c (regnual_device_desc): Make this array as a
+	template.
+	* regnual/Makefile (regnual.elf): Substitute VID:PID.
+
+2018-01-22  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/openpgp.c (USER_PASSWD_MINLEN): New.
+	(cmd_change_password): Check passphrase length.
+
+2018-01-22  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/openpgp.c (cmd_change_password): Remove access to private
+	key with BY_ADMIN when it's becoming admin-less mode.
+
+2018-01-19  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/binary-edit.sh: Copied from NeuG 1.0.8.  Exclude FILE.
+	* src/configure (output_vid_pid_version): Generate a shell script.
+	* src/Makefile (build/gnuk-vidpid.elf): New target.
+	* src/usb_desc.c (device_desc): Make this array as a template.
+
+	* chopstx: Update to 1.8.
+
+2018-01-18  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/neug.c: Update from NeuG.
+
+2018-01-09  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* tests/card_reader.py (CardReader.ccid_power_on): Fix for
+	other card readers for Gemalto's.
+
+2017-12-19  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* chopstx: Update to 1.7.
+
+2017-11-26  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/openpgp.c (cmd_change_password): Bug fix for admin-less
+	mode.
+
 2017-11-26  NIIBE Yutaka  <gniibe@fsij.org>
 
 	* VERSION: 1.2.7.

NEWS

@@ -1,5 +1,32 @@
 Gnuk NEWS - User visible changes
 
+* Major changes in Gnuk 1.2.8
+
+  Released 2018-01-23, by NIIBE Yutaka
+
+** No inclusion of VID:PID in gnuk.elf
+
+Distribution of binary image with VID:PID would violate vendor ID
+agreement to USB Forum.  Now, we have new file named gnuk-vidpid.elf
+for flashing.  The file gnuk.elf can be used to generate
+gnuk-vidpid.elf and we can check if it is reproducible or not.
+
+** Passphrase length check
+
+Now, Gnuk checks length of passphrase if it's too short when
+changing passphrase.
+
+** Remove unused DEK with BY_ADMIN
+
+For admin-less mode, DEK by OPENPGP_CARD_INITIAL_PW3 remained on flash
+ROM.  This could be considered a backdoor, if some other person had or
+kept access to the flash ROM, cheating a user.  Now, the DEK is
+cleared by zero when the token is set to admin-less mode.
+
+** Upgrade of Chopstx
+We use Chopstx 1.8.
+
+
 * Major changes in Gnuk 1.2.7
 
   Released 2017-11-26, by NIIBE Yutaka

README

@@ -1,14 +1,14 @@
 Gnuk - An Implementation of USB Cryptographic Token for GnuPG
 
-							  Version 1.2.7
-							     2017-11-26
+							  Version 1.2.8
+							     2018-01-23
 							   Niibe Yutaka
 				      Free Software Initiative of Japan
 
 Release Notes
 =============
 
-This is the release of Gnuk, version 1.2.7, which has major
+This is the release of Gnuk, version 1.2.8, which has major
 incompatible changes to Gnuk 1.0.x.  Specifically, it now supports
 overriding key import, but importing keys (or generating keys) results
 password reset.  Also, you need to import private keys before changing
@@ -24,13 +24,10 @@ It also supports RSA-4096, but users should know that it takes more
 than 8 seconds to sign/decrypt.  Key generation of RSA-4096 just fails,
 because the device doesn't have enough memory.
 
-In this release, experimental KDF-DO support is added.  To use the
-feature, you need to build/install experimental branch of GnuPG by
-yourself:
-
-    https://dev.gnupg.org/source/gnupg/history/gniibe%252Fscd-kdf-support/
-
-And manually prepare the KDF-DO on your token.
+It supports new KDF-DO feature.  To use the feature, you need to use
+newer GnuPG (forthcoming 2.2.5 or later).  And you need to manually
+prepare the KDF-DO on your token.  Please note that this is
+experimental.  Better way to prepare KDF-DO will be expected.
 
 
 What's Gnuk?
@@ -259,7 +256,7 @@ External source code
 
 Gnuk is distributed with external source code.
 
-* chopstx/  -- Chopstx 1.5
+* chopstx/  -- Chopstx 1.8
 
   We use Chopstx as the kernel for Gnuk.
 
@@ -408,6 +405,10 @@ Then, type:
 
 Then, we will have "gnuk.elf" under src/build directory.
 
+Next, we can get the final image by running following command.
+
+  $ make build/gnuk-vidpid.elf
+
 
 How to install
 ==============
@@ -416,11 +417,11 @@ Olimex STM32-H103 board
 -----------------------
 
 If you are using Olimex JTAG-Tiny, type following to invoke OpenOCD
-and write "gnuk.elf" to Flash ROM:
+and write "gnuk-vidpid.elf" to Flash ROM:
 
   $ openocd -f interface/ftdi/olimex-jtag-tiny.cfg \
             -f board/olimex_stm32_h103.cfg \
-            -c "program build/gnuk.elf verify reset exit"
+            -c "program build/gnuk-vidpid.elf verify reset exit"
 
 Command invocation is assumed in src/ directory.
 
@@ -433,7 +434,7 @@ If you are using Flying Stone Tiny 01, you need a SWD writer.
 OpenOCD 0.9.0 now supports ST-Link/V2.  We can use it like:
 
   $ openocd -f interface/stlink-v2.cfg -f target/stm32f1x.cfg \
-            -c "program build/gnuk.elf verify reset exit"
+            -c "program build/gnuk-vidpid.elf verify reset exit"
 
 
 
@@ -444,7 +445,7 @@ Reset the board with "USER" switch pushed.  Type following to write
 to flash:
 
   # cd ../tool
-  # ./dfuse.py ../src/build/gnuk.hex
+  # ./dfuse.py ../src/build/gnuk-vidpid.hex
 
 Then, reset the board.
 
@@ -596,11 +597,11 @@ See doc/note/firmware-update.
 Git Repositories
 ================
 
-Please use: https://anonscm.debian.org/cgit/gnuk/gnuk/
+Please use: https://salsa.debian.org/gnuk-team/gnuk/
 
 You can get it by:
  
-    $ git clone git://anonscm.debian.org/gnuk/gnuk/gnuk.git
+    $ git clone https://salsa.debian.org/gnuk-team/gnuk/gnuk.git
 
 It's also available at: www.gniibe.org
 You can browse at: https://git.gniibe.org/gitweb?p=gnuk/gnuk.git;a=summary
@@ -621,9 +622,8 @@ Please see the FST-01 support pages:
 
 Please consider to join Gnuk-users mailing list:
 
-    https://lists.alioth.debian.org/mailman/listinfo/gnuk-users
+    https://lists.gnupg.org/mailman/listinfo/gnuk-users
 
-The mailing list will be moved to lists.debian.org.
 
 
 Your Contributions

VERSION

@@ -1 +1 @@
-release/1.2.7
+release/1.2.8

doc/development.rst

@@ -40,11 +40,11 @@ We are using "-O3 -Os" for compiler option.
 Building Gnuk
 -------------
 
-Change directory to ``src``:
+Change directory to ``src``: ::
 
   $ cd gnuk-VERSION/src
 
-Then, run ``configure``:
+Then, run ``configure``: ::
 
   $ ./configure --vidpid=<VID:PID>
 
@@ -52,8 +52,12 @@ Here, you need to specify USB vendor ID and product ID.  For FSIJ's,
 it's: --vidpid=234b:0000 .  Please read the section 'USB vendor ID and
 product ID' in README.
 
-Type:
+Type: ::
 
   $ make
 
 Then, we will have "gnuk.elf" under src/build directory.
+
+Next, we can get the final image by running following command. ::
+
+  $ make build/gnuk-vidpid.elf

doc/note/firmware-update

@@ -65,7 +65,7 @@ Invoking firmware update
 
 We specify reGNUal binary and Gnuk binary.
 
-  $ ../tool/gnuk_upgrade.py ../regnual/regnual.bin gnuk.bin 
+  $ ../tool/gnuk_upgrade.py ../regnual/regnual.bin gnuk-vidpid.bin 
 
 
 Two or more tokens

doc/note/firmware-update-2

@@ -73,16 +73,20 @@ and make:  ::
   $ make
 
 Please take care of configure options.  The default target in 1.0.x
-series is Olimex STM32 H103 (not FST-01).  The default target in 1.1.8
+series is Olimex STM32 H103 (not FST-01).  The default target in 1.2.x
 is FST-01.
 
+Then you get build/gnuk.elf.
 
-Then you get build/gnuk.elf and build/gnuk.bin.
+Next, we can get the final image by running following command.
 
-Invoking configure with FSIJ's USB ID (234b:0000) means that you are
-using FSIJ's USB ID (for reGNUal in this case).  Please note that FSIJ
-only allows use of its USB ID for specific situations.  Please read
-README of Gnuk about that.
+  $ make build/gnuk-vidpid.elf
+
+
+Invoking configure with FSIJ's USB ID (234b:0000) and generating
+gnuk-vidpid.elf means that you are using FSIJ's USB ID (for reGNUal in
+this case).  Please note that FSIJ only allows use of its USB ID for
+specific situations.  Please read README of Gnuk about that.
 
 
 Bulding reGNUal
@@ -117,13 +121,13 @@ your environment for Gnuk Token.
 How to run the script: ::
 
   $ cd tool
-  $ ./upgrade_by_passwd.py ../regnual/regnual.bin ../src/build/gnuk.bin
+  $ ./upgrade_by_passwd.py ../regnual/regnual.bin ../src/build/gnuk-vidpid.bin
 
 Then, the script on your host PC invoke the steps described above, and
 you will get new version of Gnuk installed.
 
-You can also specify -p option to enter your password (other than
-factory setting).
+You can also specify -f option to skip entering your password (it
+assumes the factory setting).
 
 If you already have configured another upgrade key installed, you can
 specify different slot by -k ``<slot_no>`` option.  SLOT_NO can be 0

regnual/Makefile

@@ -1,6 +1,6 @@
 # Makefile for reGNUal
 
-PROJECT = regnual
+PROJECT = regnual-no-vidpid
 
 OBJS = regnual.o usb-stm32f103.o reset.o
 
@@ -41,11 +41,15 @@ regnual.hex: regnual.elf
 	$(OBJCOPY) -Obinary regnual.elf regnual.bin
 	$(OBJCOPY) -Oihex regnual.elf regnual.hex
 
+regnual.elf: regnual-no-vidpid.elf
+	cp -p regnual-no-vidpid.elf regnual.elf
+	env FILE="regnual.elf" PATH="../src:$$PATH" bash put-vid-pid-ver.sh
+
 usb-stm32f103.o: ../chopstx/mcu/usb-stm32f103.c
 	$(CC) $(CFLAGS) -c -o usb-stm32f103.o ../chopstx/mcu/usb-stm32f103.c
 
-regnual.elf: $(OBJS) $(LDSCRIPT)
-	$(CC) $(LDFLAGS) -o regnual.elf $(OBJS)
+regnual-no-vidpid.elf: $(OBJS) $(LDSCRIPT)
+	$(CC) $(LDFLAGS) -o regnual-no-vidpid.elf $(OBJS)
 
 clean:
 	-rm -f $(OBJS) regnual.elf regnual.hex regnual.bin *.lst

regnual/regnual.c

@@ -1,7 +1,7 @@
 /*
  * regnual.c -- Firmware installation for STM32F103 Flash ROM
  *
- * Copyright (C) 2012, 2013, 2015, 2016, 2017
+ * Copyright (C) 2012, 2013, 2015, 2016, 2017, 2018
  *               Free Software Initiative of Japan
  * Author: NIIBE Yutaka <gniibe@fsij.org>
  *
@@ -57,7 +57,9 @@ static const uint8_t regnual_device_desc[] = {
   0x00,   /* bDeviceSubClass */
   0x00,   /* bDeviceProtocol */
   0x40,   /* bMaxPacketSize0 */
-#include "../src/usb-vid-pid-ver.c.inc"
+  0x00, 0x00,		/* idVendor  (will be replaced)     */
+  0x00, 0x00,		/* idProduct (will be replaced)     */
+  0x00, 0x00,		/* bcdDevice (will be replaced)     */
   1, /* Index of string descriptor describing manufacturer */
   2, /* Index of string descriptor describing product */
   3, /* Index of string descriptor describing the device's serial number */

src/Makefile

@@ -76,7 +76,13 @@ distclean: clean
 	-rm -f gnuk.ld config.h board.h config.mk \
 	       usb-strings.c.inc usb-vid-pid-ver.c.inc
 
-ifneq ($(EMULATION),)
+ifeq ($(EMULATION),)
+build/gnuk-vidpid.elf: build/gnuk.elf binary-edit.sh put-vid-pid-ver.sh
+	cp -p build/gnuk.elf build/gnuk-vidpid.elf
+	env FILE="build/gnuk-vidpid.elf" bash put-vid-pid-ver.sh
+	$(OBJCOPY) -O ihex build/gnuk-vidpid.elf build/gnuk-vidpid.hex
+	$(OBJCOPY) -O binary build/gnuk-vidpid.elf build/gnuk-vidpid.bin
+else
 # By specifying DESTDIR on invocation of "make", you can install
 # program to different ROOT.
 

src/binary-edit.sh

@@ -0,0 +1,76 @@
+# This is a Bash script to be included.
+
+# Idx Name          Size      VMA       LMA       File off  Algn
+# =================
+#   2 .text         00004a40  080010f0  080010f0  000110f0  2**4
+# 08006550 l     O .text	00000012 device_desc
+# =================
+# VMA =0x080010f0
+# FOFF=0x000110f0
+# ADDR=0x08005ad0
+# file_off_ADDR = ADDR - VMA + FOFF
+#               = 0x08005ad0 - 0x080010f0 + 0x000110f0 = 0x00015ad0
+
+function calc_addr () {
+    local line_sym="" VMA FOFF ADDR
+
+    arm-none-eabi-objdump -h -t -j .text $FILE       | \
+    egrep -e '(^ +[0-9] +\.text +|device_desc)' | \
+    while read -r F0 F1 F2 F3 F4 F5 F6; do
+	if [ -z "$line_sym" ]; then
+	    VMA=$F3
+	    FOFF=$F5
+	    line_sym="next is a line for the symbol"
+	else
+	    ADDR=$F0
+	    echo "$((0x$ADDR - 0x$VMA + 0x$FOFF))"
+	fi
+    done
+}
+
+declare -a OFFSETS
+OFFSETS=($(calc_addr))
+file_off_ADDR=${OFFSETS[0]}
+file_off_fraucheky_ADDR=${OFFSETS[1]}
+
+echo "Offset is $file_off_ADDR"
+if [ -n "$file_off_fraucheky_ADDR" ]; then
+    echo "Offset is $file_off_fraucheky_ADDR"
+fi
+
+function replace_file_byte_at () {
+    printf "\x$1" | dd of=$FILE bs=1 seek=$2 conv=notrunc >& /dev/null
+}
+
+#
+# vid_lsb:         8
+# vid_msb:         9
+# pid_lsb:        10
+# pid_msb:        11
+# bcd_device_lsb: 12
+# bcd_device_msb: 13
+#
+
+function replace_vid_lsb () {
+    replace_file_byte_at $1 $((addr + 8))
+}
+
+function replace_vid_msb () {
+    replace_file_byte_at $1 $((addr + 9))
+}
+
+function replace_pid_lsb () {
+    replace_file_byte_at $1 $((addr + 10))
+}
+
+function replace_pid_msb () {
+    replace_file_byte_at $1 $((addr + 11))
+}
+
+function replace_bcd_device_lsb () {
+    replace_file_byte_at $1 $((addr + 12))
+}
+
+function replace_bcd_device_msb () {
+    replace_file_byte_at $1 $((addr + 13))
+}

src/configure

@@ -6,7 +6,7 @@ nl=$'\n'
 #
 # This file is *NOT* generated by GNU Autoconf, but written by NIIBE Yutaka
 #
-# Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017
+# Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018
 #               Free Software Initiative of Japan
 #
 # This file is a part of Gnuk, a GnuPG USB Token implementation.
@@ -327,8 +327,32 @@ else
 fi
 
 output_vid_pid_version () {
-  echo "$VIDPID" | sed -n -e "s%^\([0-9a-f][0-9a-f]\)\([0-9a-f][0-9a-f]\):\([0-9a-f][0-9a-f]\)\([0-9a-f][0-9a-f]\)$%  0x\2, 0x\1, /* idVendor  */\\${nl}  0x\4, 0x\3, /* idProduct */%p"
-  echo "$VERSION" | sed -n -e "s%^\([0-9a-f][0-9a-f]\)\([0-9a-f][0-9a-f]\)$%  0x\2, 0x\1, /* bcdDevice */%p"
+  echo "$VIDPID" | \
+  sed -n -e "s%^\([0-9a-f][0-9a-f]\)\([0-9a-f][0-9a-f]\):\([0-9a-f][0-9a-f]\)\([0-9a-f][0-9a-f]\)$%\1\t\2\t\3\t\4%p" | \
+  while read -r FIRST SECOND THIRD FOURTH; do
+    if test $FIRST != 00; then
+      echo replace_vid_msb $FIRST
+    fi
+    if test $SECOND != 00; then
+      echo replace_vid_lsb $SECOND
+    fi
+    if test $THIRD != 00; then
+      echo replace_pid_msb $THIRD
+    fi
+    if test $FOURTH != 00; then
+      echo replace_pid_lsb $FOURTH
+    fi
+  done
+  echo "$VERSION" | \
+  sed -n -e "s%^\([0-9a-f][0-9a-f]\)\([0-9a-f][0-9a-f]\)$%\1\t\2%p" | \
+  while read -r FIRST SECOND; do
+    if test $FIRST != 00; then
+      echo replace_bcd_device_msb $FIRST
+    fi
+    if test $SECOND != 00; then
+      echo replace_bcd_device_lsb $SECOND
+    fi
+  done
 }
 
 output_vendor_product_serial_strings () {
@@ -382,10 +406,16 @@ output_vendor_product_serial_strings () {
   fi
 }
 
+(echo "#! /bin/bash"
+ echo
+ echo 'source "binary-edit.sh"') > put-vid-pid-ver.sh
+
 if !(IFS="	"
   while read -r VIDPID VERSION PRODUCT VENDOR; do
     if test "$vidpid" = "$VIDPID"; then
-      output_vid_pid_version > usb-vid-pid-ver.c.inc
+      echo                       >> put-vid-pid-ver.sh
+      echo 'addr=$file_off_ADDR' >> put-vid-pid-ver.sh
+      output_vid_pid_version     >> put-vid-pid-ver.sh
       output_vendor_product_serial_strings gnuk_ >usb-strings.c.inc
       exit 0
     fi

src/main.c

@@ -40,8 +40,6 @@
 #include <stdlib.h>
 #define main emulated_main
 #else
-#include "mcu/cortex-m.h"
-#include "mcu/stm32.h"
 #include "mcu/stm32f103.h"
 #endif
 

src/mcu-stm32f103.c

@@ -23,7 +23,6 @@
  */
 
 #include <stdint.h>
-#include "mcu/stm32.h"
 #include "mcu/stm32f103.h"
 
 uint8_t *

src/neug.c

@@ -1,7 +1,7 @@
 /*
  * neug.c - true random number generation
  *
- * Copyright (C) 2011, 2012, 2013, 2016, 2017
+ * Copyright (C) 2011, 2012, 2013, 2016, 2017, 2018
  *               Free Software Initiative of Japan
  * Author: NIIBE Yutaka <gniibe@fsij.org>
  *
@@ -30,7 +30,6 @@
 #include "sys.h"
 #include "neug.h"
 #ifndef GNU_LINUX_EMULATION
-#include "mcu/stm32.h"
 #include "mcu/stm32f103.h"
 #endif
 #include "adc.h"
@@ -116,6 +115,11 @@ rbit (uint32_t v)
   v = ( v >> 16             ) | ( v               << 16);
   return v;
 }
+
+void
+crc32_rv_stop (void)
+{
+}
 #else
 void
 crc32_rv_reset (void)

src/openpgp.c

@@ -1,7 +1,7 @@
 /*
  * openpgp.c -- OpenPGP card protocol support
  *
- * Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017
+ * Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018
  *               Free Software Initiative of Japan
  * Author: NIIBE Yutaka <gniibe@fsij.org>
  *
@@ -37,6 +37,7 @@
 
 static struct eventflag *openpgp_comm;
 
+#define USER_PASSWD_MINLEN 6
 #define ADMIN_PASSWD_MINLEN 8
 
 #define CLS(a) a.cmd_apdu_head[0]
@@ -347,8 +348,9 @@ cmd_change_password (void)
 	  newpw_len = len - pw_len;
 	  ks_pw3 = gpg_do_read_simple (NR_DO_KEYSTRING_PW3);
 
-	  /* Check length of password for admin-less mode.  */
-	  if (ks_pw3 == NULL && newpw_len < ADMIN_PASSWD_MINLEN)
+	  /* Check length of password */
+	  if ((ks_pw3 == NULL && newpw_len < ADMIN_PASSWD_MINLEN)
+	      || newpw_len < USER_PASSWD_MINLEN)
 	    {
 	      DEBUG_INFO ("new password length is too short.");
 	      GPG_CONDITION_NOT_SATISFIED ();
@@ -388,6 +390,7 @@ cmd_change_password (void)
 	{
 	  newpw = pw + pw_len;
 	  newpw_len = len - pw_len;
+
 	  if (newpw_len == 0 && admin_authorized == BY_ADMIN)
 	    {
 	      const uint8_t *initial_pw;
@@ -397,6 +400,12 @@ cmd_change_password (void)
 	      newsalt_len = 0;
 	      pw3_null = 1;
 	    }
+	  else if (newpw_len < ADMIN_PASSWD_MINLEN)
+	    {
+	      DEBUG_INFO ("new password length is too short.");
+	      GPG_CONDITION_NOT_SATISFIED ();
+	      return;
+	    }
 
 	  who_old = admin_authorized;
 	}
@@ -426,11 +435,26 @@ cmd_change_password (void)
     }
   else if (r > 0 && who == BY_USER)
     {
+      /* When it was already admin-less mode, admin_authorized is
+       * BY_USER.  If no PW3 keystring, it's becoming admin-less mode,
+       * now.  For these two cases, we need to reset admin
+       * authorization status.  */
+      if (admin_authorized == BY_USER)
+	ac_reset_admin ();
+      else if (ks_pw3 == NULL)
+	{
+	  enum kind_of_key kk0;
+
+	  /* Remove keystrings for BY_ADMIN.  */
+	  for (kk0 = 0; kk0 <= GPG_KEY_FOR_AUTHENTICATION; kk0++)
+	    gpg_do_chks_prvkey (kk0, BY_ADMIN, NULL, 0, NULL);
+
+	  ac_reset_admin ();
+	}
+
       gpg_do_write_simple (NR_DO_KEYSTRING_PW1, new_ks0, KS_META_SIZE);
       ac_reset_pso_cds ();
       ac_reset_other ();
-      if (admin_authorized == BY_USER)
-	ac_reset_admin ();
       DEBUG_INFO ("Changed length of DO_KEYSTRING_PW1.\r\n");
       GPG_SUCCESS ();
     }

src/usb_desc.c

@@ -70,7 +70,9 @@ uint8_t device_desc[] = {
   0x00,   /* bDeviceSubClass */
   0x00,   /* bDeviceProtocol */
   0x40,   /* bMaxPacketSize0 */
-#include "usb-vid-pid-ver.c.inc"
+  0x00, 0x00,			/* idVendor  (will be replaced)     */
+  0x00, 0x00,			/* idProduct (will be replaced)     */
+  0x00, 0x00,			/* bcdDevice (will be replaced)     */
   1, /* Index of string descriptor describing manufacturer */
   2, /* Index of string descriptor describing product */
   3, /* Index of string descriptor describing the device's serial number */

tests/card_reader.py

@@ -179,8 +179,8 @@ class CardReader(object):
             # TPDU reader configuration
             self.ns = 0
             self.nr = 0
-            # For Gemalto USB GemPC Pinpad SmartCard Reader
-            if self.__dev.idVendor == 0x08E6 and self.__dev.idProduct == 0x3478:
+            # For Gemalto's SmartCard Reader(s)
+            if self.__dev.idVendor == 0x08E6:
                 # Set PPS
                 pps = b"\xFF\x11\x18\xF6"
                 status, chain, ret_pps = self.ccid_send_data_block(pps)