version 0.17

2024-09-20 02:40:08 +00:00 · 2012-02-02 14:09:38 +09:00 · 2012-02-02 14:09:38 +09:00 · 14673b825b
commit 14673b825b
parent 6550dd5353
5 changed files with 41 additions and 19 deletions
--- a/9
+++ b/9
@ -1,3 +1,12 @@
+2012-02-02  Niibe Yutaka  <gniibe@fsij.org>
+
+	* Version 0.17.
+
+	* src/usb_desc.c (gnukStringSerial): Updated.
+
+	* tool/gnuk_put_binary.py (cmd_get_response): New.
+	(cmd_select_openpgp, cmd_get_data): Call cmd_get_response.
+
 2012-01-30  Niibe Yutaka  <gniibe@fsij.org>

 	* src/usb-icc.c (struct ccid): Add chained_cls_ins_p1_p2.
--- a/11
+++ b/11
@ -2,14 +2,19 @@ Gnuk NEWS - User visible changes

 * Major changes in Gnuk 0.17

-  Released 2012-01-XX, by NIIBE Yutaka
+  Released 2012-02-02, by NIIBE Yutaka

-** ISO 7816 SELECT command behavior is strict now
+** USB CCID/ICCD protocol implementation change
+Gnuk now only supports short APDU level exchange, not support.
+extended APDU level exchange.  Thus, Gnuk could be compatible to older
+host side software implementation.
+
+** ISO 7816 SELECT command behavior is somewhat strict now
 Old implementations do not check DF name for SELECT command.
 This causes some trouble when Gnuk Token is identified as if it were
 different card/token.  Now, DF name of OpenPGP card is checked.

-** USB CCID/ICCD low level bug is fixed
+** USB CCID/ICCD low-level bug is fixed
 When the size of command APDU data is just 49, the lower level packet
 size is 64.  This is maximum size of BULK-OUT transfer packet, and
 caused trouble in the past implementations.  Example is setting url
--- a/23
+++ b/23
@ -1,7 +1,7 @@
 Gnuk - software for GnuPG USB Token

-							   Version 0.16
-							     2011-12-14
+							   Version 0.17
+							     2012-02-02
 						           Niibe Yutaka
 				      Free Software Initiative of Japan

@ -104,12 +104,15 @@ Ab: That's because gnome-keyring-daemon interferes GnuPG.  Type:
    and at the tab of "Startup Programs", disable check buttons for
    "GPG Password Agent" and "SSH Key Agent".

+Qc: Do you know a good SWD debugger to connect FST-01 or something?
+Ac: Perhaps, you can use a part of STM32F4 Discovery Kit as SWD
+    debugger.  It seems that there is a free software tool for that.


 Release notes
 =============

-This is seventeenth release of Gnuk.  While it works well for specific
+This is eighteenth release of Gnuk.  While it works well for specific
 usages and it is considered stable, it is still somewhat experimental.

 Tested features are:
@ -127,18 +130,13 @@ Tested features are:
 	* Changing value of password status bytes (0x00C4): forcesig
 	* Verify with pin pad
 	* Modify with pin pad
+	* Card holder certificate

 It is known not-working well:

 	* For some version of kernel and libccid, --enable-debug can't
-          work well.  Please disable DEBUG option if it doesn't work well.
-
-	* Card holder certificate
-	  It is implemented in Gnuk side.  But its large size matters
-	  (> 1KB).  Some versions of GnuPG cannot handle a data object
-	  of large size with PC/SC backend.  Specifically,
-	  handle_transmit function in pcsc-wrapper.c uses the buffer
-	  of size 1024-byte.
+          work well.  Please make sure to disable DEBUG option if it
+          doesn't work well.

 Not supported feature(s):

@ -241,8 +239,7 @@ Gnuk is distributed with external source code.
 Host Requirements
 =================

-For GNU/Linux, libccid version >= 1.3.11 is required.
-libccid version == 1.3.9 is known not working well by the issue [r4235].
+For GNU/Linux, libccid version >= 1.3.11 is recommended.

 I think that it should not be requirment but the kernel version of my use is:
 Linux version 2.6.32-5-686 (Debian 2.6.32-18) (ben@decadent.org.uk) (gcc version 4.3.5 (Debian 4.3.5-2) ) #1 SMP Sat Jul 24 02:27:10 UTC 2010
--- a/src/usb_desc.c
+++ b/src/usb_desc.c
@ -275,7 +275,7 @@ static const uint8_t gnukStringProduct[] = {
 const uint8_t gnukStringSerial[] = {
  13*2+2,			/* bLength */
  USB_STRING_DESCRIPTOR_TYPE,	/* bDescriptorType */
-  '0', 0, '.', 0, '1', 0, '6', 0, /* Version number of Gnuk */
+  '0', 0, '.', 0, '1', 0, '7', 0, /* Version number of Gnuk */
  '-', 0,
  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
--- a/tool/gnuk_put_binary.py
+++ b/tool/gnuk_put_binary.py
@ -43,6 +43,13 @@ class GnukToken(object):
        cardservice = cardrequest.waitforcard()
        self.connection = cardservice.connection

+    def cmd_get_response(self, expected_len):
+        apdu = [0x00, 0xc0, 0x00, 0x00, expected_len ]
+        response, sw1, sw2 = self.connection.transmit(apdu)
+        if not (sw1 == 0x90 and sw2 == 0x00):
+            raise ValueError, ("%02x%02x" % (sw1, sw2))
+        return response
+
    def cmd_verify(self, who, passwd):
        apdu = [0x00, 0x20, 0x00, 0x80+who, len(passwd)] + s2l(passwd)
        response, sw1, sw2 = self.connection.transmit(apdu)
@ -84,13 +91,17 @@ class GnukToken(object):
    def cmd_select_openpgp(self):
        apdu = [0x00, 0xa4, 0x04, 0x0c, 6, 0xd2, 0x76, 0x00, 0x01, 0x24, 0x01 ]
        response, sw1, sw2 = self.connection.transmit(apdu)
-        if not (sw1 == 0x90 and sw2 == 0x00):
+        if sw1 == 0x61:
+            response = self.cmd_get_response(sw2)
+        elif not (sw1 == 0x90 and sw2 == 0x00):
            raise ValueError, ("%02x%02x" % (sw1, sw2))

    def cmd_get_data(self, tagh, tagl):
        apdu = [0x00, 0xca, tagh, tagl]
        response, sw1, sw2 = self.connection.transmit(apdu)
-        if not (sw1 == 0x90 and sw2 == 0x00):
+        if sw1 == 0x61:
+            response = self.cmd_get_response(sw2)
+        elif not (sw1 == 0x90 and sw2 == 0x00):
            raise ValueError, ("%02x%02x" % (sw1, sw2))
        return response