mirror of
https://salsa.debian.org/gnuk-team/gnuk/gnuk.git
synced 2024-09-20 02:40:08 +00:00
random bit not in executable
This commit is contained in:
parent
103484c44a
commit
21bcf76d36
12
ChangeLog
12
ChangeLog
@ -1,5 +1,17 @@
|
||||
2011-02-04 NIIBE Yutaka <gniibe@fsij.org>
|
||||
|
||||
* tool/gnuk_update_binary.py: Support updating random bits.
|
||||
|
||||
* src/random.c (random_bits_start): Renamed.
|
||||
(random_bytes_get): Check initial erased state.
|
||||
|
||||
* src/Makefile.in (random-data.o): Removed.
|
||||
|
||||
* src/gnuk.ld.in (.gnuk_random): Don't have .gnuk_random any more.
|
||||
|
||||
* src/flash.c (flash_erase_binary): Support FILEID_RANDOM.
|
||||
(flash_write_binary): Ditto.
|
||||
|
||||
* src/openpgp.c (cmd_reset_user_password): Fix PINPAD_SUPPORT case
|
||||
with reset code.
|
||||
|
||||
|
@ -204,19 +204,10 @@ endif
|
||||
|
||||
include $(CHIBIOS)/os/ports/GCC/ARM/rules.mk
|
||||
|
||||
OBJS += random-data.o
|
||||
OUTFILES += random_bits
|
||||
|
||||
random_bits:
|
||||
dd if=/dev/random bs=1 of=random_bits count=1024
|
||||
|
||||
random-data.o: random_bits
|
||||
$(CP) -I binary $< -O elf32-littlearm -B arm \
|
||||
--rename-section \
|
||||
.data=.gnuk_random,alloc,load,readonly,data,contents \
|
||||
$@
|
||||
|
||||
$(PROJECT).elf: random-data.o
|
||||
|
||||
distclean: clean
|
||||
-rm -f Makefile gnuk.ld config.h
|
||||
|
62
src/flash.c
62
src/flash.c
@ -600,10 +600,11 @@ flash_check_blank (const uint8_t *page, int size)
|
||||
int
|
||||
flash_erase_binary (uint8_t file_id)
|
||||
{
|
||||
const uint8_t *p = &ch_certificate_start;
|
||||
const uint8_t *p;
|
||||
|
||||
if (file_id == FILEID_CH_CERTIFICATE)
|
||||
{
|
||||
p = &ch_certificate_start;
|
||||
if (flash_check_blank (p, FLASH_CH_CERTIFICATE_SIZE) == 0)
|
||||
{
|
||||
flash_erase_page ((uint32_t)p);
|
||||
@ -612,6 +613,15 @@ flash_erase_binary (uint8_t file_id)
|
||||
#endif
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
else if (file_id == FILEID_RANDOM)
|
||||
{
|
||||
p = &random_bits_start;
|
||||
|
||||
if (flash_check_blank (p, FLASH_PAGE_SIZE) == 0)
|
||||
flash_erase_page ((uint32_t)p);
|
||||
|
||||
return 0;
|
||||
}
|
||||
else
|
||||
@ -623,29 +633,39 @@ int
|
||||
flash_write_binary (uint8_t file_id, const uint8_t *data,
|
||||
uint16_t len, uint16_t offset)
|
||||
{
|
||||
uint16_t maxsize;
|
||||
const uint8_t *p;
|
||||
|
||||
if (file_id == FILEID_CH_CERTIFICATE)
|
||||
{
|
||||
if (offset + len > FLASH_CH_CERTIFICATE_SIZE || (offset&1) || (len&1))
|
||||
return -1;
|
||||
else
|
||||
{
|
||||
const uint8_t *p = &ch_certificate_start;
|
||||
uint16_t hw;
|
||||
uint32_t addr;
|
||||
int i;
|
||||
|
||||
addr = (uint32_t)p + offset;
|
||||
for (i = 0; i < len/2; i++)
|
||||
{
|
||||
hw = data[i*2] | (data[i*2+1]<<8);
|
||||
if (flash_program_halfword (addr, hw) != FLASH_COMPLETE)
|
||||
flash_warning ("DO WRITE ERROR");
|
||||
addr += 2;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
maxsize = FLASH_CH_CERTIFICATE_SIZE;
|
||||
p = &ch_certificate_start;
|
||||
}
|
||||
else if (file_id == FILEID_RANDOM)
|
||||
{
|
||||
maxsize = FLASH_PAGE_SIZE;
|
||||
p = &random_bits_start;
|
||||
}
|
||||
else
|
||||
return -1;
|
||||
|
||||
if (offset + len > maxsize || (offset&1) || (len&1))
|
||||
return -1;
|
||||
else
|
||||
{
|
||||
uint16_t hw;
|
||||
uint32_t addr;
|
||||
int i;
|
||||
|
||||
addr = (uint32_t)p + offset;
|
||||
for (i = 0; i < len/2; i++)
|
||||
{
|
||||
hw = data[i*2] | (data[i*2+1]<<8);
|
||||
if (flash_program_halfword (addr, hw) != FLASH_COMPLETE)
|
||||
flash_warning ("DO WRITE ERROR");
|
||||
addr += 2;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
@ -36,7 +36,7 @@ extern void *memmove(void *dest, const void *src, size_t n);
|
||||
extern int icc_data_size;
|
||||
#define cmd_APDU_size icc_data_size
|
||||
extern int res_APDU_size;
|
||||
extern uint8_t *res_APDU_pointer;
|
||||
extern const uint8_t *res_APDU_pointer;
|
||||
|
||||
/* USB buffer size of LL (Low-level): size of single Bulk transaction */
|
||||
#define USB_LL_BUF_SIZE 64
|
||||
@ -123,6 +123,7 @@ extern int flash_write_binary (uint8_t file_id, const uint8_t *data, uint16_t le
|
||||
|
||||
/* Linker set this symbol */
|
||||
extern uint8_t ch_certificate_start;
|
||||
extern uint8_t random_bits_start;
|
||||
|
||||
#define KEY_MAGIC_LEN 8
|
||||
#define KEY_CONTENT_LEN 256 /* p and q */
|
||||
|
@ -117,7 +117,8 @@ SECTIONS
|
||||
.gnuk_random :
|
||||
{
|
||||
. = ALIGN (@FLASH_PAGE_SIZE@);
|
||||
*(.gnuk_random)
|
||||
random_bits_start = .;
|
||||
. += 1;
|
||||
. = ALIGN (@FLASH_PAGE_SIZE@);
|
||||
} > flash =0xffffffff
|
||||
|
||||
|
10
src/random.c
10
src/random.c
@ -25,24 +25,22 @@
|
||||
#include "ch.h"
|
||||
#include "gnuk.h"
|
||||
|
||||
extern void *_binary_random_bits_start;
|
||||
|
||||
const uint8_t *
|
||||
random_bytes_get (void)
|
||||
{
|
||||
uint32_t addr, addr0;
|
||||
|
||||
addr = (uint32_t)&_binary_random_bits_start + ((hardclock () << 5) & 0x3e0);
|
||||
addr = (uint32_t)&random_bits_start + ((hardclock () << 5) & 0x3e0);
|
||||
addr0 = addr;
|
||||
|
||||
while (1)
|
||||
{
|
||||
if (*(uint32_t *)addr != 0)
|
||||
if (*(uint32_t *)addr != 0 && *(uint32_t *)addr != 0xffffffff)
|
||||
break;
|
||||
|
||||
addr += 32;
|
||||
if (addr >= ((uint32_t)&_binary_random_bits_start) + 1024)
|
||||
addr = ((uint32_t)&_binary_random_bits_start);
|
||||
if (addr >= ((uint32_t)&random_bits_start) + 1024)
|
||||
addr = ((uint32_t)&random_bits_start);
|
||||
|
||||
if (addr == addr0)
|
||||
fatal (FATAL_RANDOM);
|
||||
|
@ -386,7 +386,7 @@ icc_power_off (void)
|
||||
}
|
||||
|
||||
int res_APDU_size;
|
||||
uint8_t *res_APDU_pointer;
|
||||
const uint8_t *res_APDU_pointer;
|
||||
|
||||
static void
|
||||
icc_send_data_block (int len, uint8_t status, uint8_t chain)
|
||||
|
@ -25,7 +25,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
from intel_hex import *
|
||||
from struct import *
|
||||
import sys, time, struct
|
||||
import sys, time, os
|
||||
|
||||
# INPUT: binary file
|
||||
|
||||
@ -218,7 +218,7 @@ def get_device():
|
||||
return dev, config, alt
|
||||
raise ValueError, "Device not found"
|
||||
|
||||
def main(filename):
|
||||
def main(fileid, filename):
|
||||
f = open(filename)
|
||||
data = f.read()
|
||||
f.close()
|
||||
@ -234,7 +234,7 @@ def main(filename):
|
||||
elif icc.icc_get_status() == 1:
|
||||
icc.icc_power_on()
|
||||
icc.cmd_verify(3, "12345678")
|
||||
icc.cmd_update_binary(0, data)
|
||||
icc.cmd_update_binary(fileid, data)
|
||||
icc.cmd_select_openpgp()
|
||||
data = data[:-2]
|
||||
data_in_device = icc.cmd_get_data(0x7f, 0x21)
|
||||
@ -243,4 +243,10 @@ def main(filename):
|
||||
return 0
|
||||
|
||||
if __name__ == '__main__':
|
||||
main(sys.argv[1])
|
||||
if os.path.basename(sys.argv[1] == "random_bits"):
|
||||
fileid = 1
|
||||
print "Updating random bits"
|
||||
else:
|
||||
fileid = 0 # Card holder certificate
|
||||
print "Updating card holder certificate"
|
||||
main(fileid, sys.argv[1])
|
||||
|
Loading…
Reference in New Issue
Block a user