decipher works now.

ChangeLog

@@ -1,4 +1,46 @@
+2010-09-08  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/ac.c (calc_md): Make SHA1 variable auto.
+
+	* src/debug.c (put_int): New.
+
+	* src/gnuk.ld (__process_stack_size__): Removed.
+
+	* src/main.c (STDOUTthread): Use Event.
+	(main): Make LED ON during command execution, blink usually.
+
+	* src/openpgp-do.c (encrypt, decrypt): Make AES variables auto.
+	(gpg_do_table): GPG_DO_ALG_AUT is NULL.
+
+	* src/openpgp.c (cmd_pso): Bug fix for extended Lc.
+
+	* src/usb-icc.c (icc_power_off): Make LED ON during command
+	execution.
+	(USB_ICC_TIMEOUT): Longer value (was: 1000).
+
+	* src/usb_desc.c (gnukConfigDescriptor): Fix bcdCCID value.
+
+	* src/vcomport.mk (VCOMSRC): Use our own usb_endp.c.
+
+	* src/usb_desc.c (gnukConfigDescriptor): ICC Descriptor is
+	Revision 1.0.
+
+	* polarssl-0.14.0/include/polarssl/config.h: Commend out
+	POLARSSL_SELF_TEST.
+
+	* polarssl-0.14.0/library/rsa.c (rsa_private): Don't check input,
+	so that we don't access ctx->N.
+	(rsa_pkcs1_decrypt): size of BUF is enough as 256.
+
+	* polarssl-0.14.0/library/sha1.c (sha1_file): #if-out to avoid
+	stdio of libc.
+
+	* polarssl-0.14.0/library/bignum.c (mpi_write_hlp)
+	(mpi_write_string, mpi_read_file, mpi_read_file): #if-out to avoid
+	stdio of libc.
+
+	* gnuk.svg: New file.
+
 2010-09-06  NIIBE Yutaka  <gniibe@fsij.org>
 
 	* Initial version 0.0.
-

gnuk.svg

@@ -0,0 +1,155 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="1052.3622"
+   height="744.09448"
+   id="svg2"
+   version="1.1"
+   inkscape:version="0.47 r22583"
+   sodipodi:docname="gnuk.svg"
+   inkscape:export-filename="/home/gniibe/gnuk.png"
+   inkscape:export-xdpi="30"
+   inkscape:export-ydpi="30">
+  <defs
+     id="defs4">
+    <inkscape:perspective
+       sodipodi:type="inkscape:persp3d"
+       inkscape:vp_x="0 : 526.18109 : 1"
+       inkscape:vp_y="0 : 1000 : 0"
+       inkscape:vp_z="744.09448 : 526.18109 : 1"
+       inkscape:persp3d-origin="372.04724 : 350.78739 : 1"
+       id="perspective10" />
+    <inkscape:perspective
+       id="perspective2830"
+       inkscape:persp3d-origin="0.5 : 0.33333333 : 1"
+       inkscape:vp_z="1 : 0.5 : 1"
+       inkscape:vp_y="0 : 1000 : 0"
+       inkscape:vp_x="0 : 0.5 : 1"
+       sodipodi:type="inkscape:persp3d" />
+    <inkscape:perspective
+       id="perspective3627"
+       inkscape:persp3d-origin="0.5 : 0.33333333 : 1"
+       inkscape:vp_z="1 : 0.5 : 1"
+       inkscape:vp_y="0 : 1000 : 0"
+       inkscape:vp_x="0 : 0.5 : 1"
+       sodipodi:type="inkscape:persp3d" />
+    <inkscape:perspective
+       id="perspective3682"
+       inkscape:persp3d-origin="0.5 : 0.33333333 : 1"
+       inkscape:vp_z="1 : 0.5 : 1"
+       inkscape:vp_y="0 : 1000 : 0"
+       inkscape:vp_x="0 : 0.5 : 1"
+       sodipodi:type="inkscape:persp3d" />
+  </defs>
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="0.70032923"
+     inkscape:cx="487.47769"
+     inkscape:cy="434.02158"
+     inkscape:document-units="px"
+     inkscape:current-layer="layer1"
+     showgrid="false"
+     borderlayer="true"
+     inkscape:showpageshadow="false"
+     inkscape:object-paths="true"
+     inkscape:snap-smooth-nodes="true"
+     inkscape:object-nodes="true"
+     inkscape:snap-intersection-paths="true"
+     inkscape:window-width="876"
+     inkscape:window-height="747"
+     inkscape:window-x="29"
+     inkscape:window-y="26"
+     inkscape:window-maximized="0">
+    <inkscape:grid
+       type="xygrid"
+       id="grid2816"
+       empspacing="3"
+       visible="true"
+       enabled="true"
+       snapvisiblegridlinesonly="true" />
+  </sodipodi:namedview>
+  <metadata
+     id="metadata7">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="レイヤー 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(0,-308.2677)">
+    <path
+       style="fill:#0000ff;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       d="m 726.1305,600.36218 c 22.86832,-8.30901 48,-83.66895 48,-108 0,-24.33105 -10.30662,-51.88803 -24,-72 -13.12651,-19.27938 -60,-36 -60,-36 0,0 7.82067,22.19662 12,36 0,36 -37.18539,69.08582 -36,84 -4.37468,3.58638 -12,12 -12,12 -26.07681,26.07681 37.33885,96.59384 72,84 z"
+       id="path3672-0"
+       sodipodi:nodetypes="cssccccc" />
+    <path
+       style="fill:#0000ff;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       d="m 204,600.36218 c -22.86832,-8.30901 -48,-83.66895 -48,-108 0,-24.33105 10.30662,-51.88803 24,-72 13.12651,-19.27938 60,-36 60,-36 0,0 -7.82067,22.19662 -12,36 0,36 37.18539,69.08582 36,84 4.37468,3.58638 12,12 12,12 26.07681,26.07681 -37.33885,96.59384 -72,84 z"
+       id="path3672"
+       sodipodi:nodetypes="cssccccc" />
+    <path
+       style="fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       d="m 387.06525,552.36218 c -10.14964,-12.99942 9.9849,-31.63115 12,-48 1.4662,-11.91009 2.75704,-24.32101 0,-36 -2.05497,-8.705 -9.94503,-15.295 -12,-24 -1.83802,-7.78599 -3.06147,-16.60896 0,-24 4.32957,-10.4525 13.5475,-19.67043 24,-24 33.25966,-13.7766 74.74034,-13.7766 108,0 10.4525,4.32957 19.67043,13.5475 24,24 3.06147,7.39104 1.83802,16.21401 0,24 -2.05497,8.705 -9.94503,15.295 -12,24 -2.75704,11.67899 -1.4662,24.08991 0,36 2.0151,16.36885 22.14964,35.00058 12,48 -32.00143,40.98668 -123.99857,40.98668 -156,0 z"
+       id="path3670"
+       sodipodi:nodetypes="caaaaaaaaaaaa" />
+    <path
+       style="fill:#ffffaf;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       d="m 245.06525,436.36218 c -56.01988,12.27447 -95.51412,82.82688 -100,140 -4.6642,59.44578 23.48729,132.68883 70,170 64.3239,51.59881 167.53789,100 250,100 82.46211,0 185.6761,-48.40119 250,-100 46.51271,-37.31117 74.6642,-110.55422 70,-170 -4.48588,-57.17312 -43.98012,-127.72553 -100,-140 -52.50286,-11.50385 -90.127,59.96073 -140,80 -25.50547,10.24825 -52.51263,20 -80,20 -27.48737,0 -54.49453,-9.75175 -80,-20 -49.873,-20.03927 -87.49714,-91.50385 -140,-80 z"
+       id="path2818"
+       sodipodi:nodetypes="cssssssssss" />
+    <path
+       sodipodi:type="arc"
+       style="fill:#ff0000;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       id="path2820"
+       sodipodi:cx="480"
+       sodipodi:cy="439.09448"
+       sodipodi:rx="100"
+       sodipodi:ry="75"
+       d="m 580,439.09448 a 100,75 0 1 1 -200,0 100,75 0 1 1 200,0 z"
+       transform="matrix(1.2,0,0,1,-108.71875,242.2677)" />
+    <path
+       sodipodi:type="arc"
+       style="fill:#ff0000;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       id="path2820-4"
+       sodipodi:cx="480"
+       sodipodi:cy="439.09448"
+       sodipodi:rx="100"
+       sodipodi:ry="75"
+       d="m 580,439.09448 a 100,75 0 1 1 -200,0 100,75 0 1 1 200,0 z"
+       transform="matrix(1.2,0,0,1,-108.71875,256.2677)" />
+    <path
+       style="fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:1.2997185px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       d="m 468,683.55419 c -53.26272,0 -106.28935,23.67472 -145.72074,52.16211 -28.99055,20.94434 -50.12608,50.68828 -58.27926,81.16082 -10.16321,37.98504 -13.76535,84.29391 14.55851,115.9237 40.35231,45.0621 119.89779,69.56138 189.44149,69.56138 69.5437,0 149.08918,-24.49928 189.44149,-69.56138 C 685.76535,901.17103 682.16321,854.86216 672,816.87712 663.84682,786.40458 642.71129,756.66064 613.72074,735.7163 574.28935,707.22891 521.26272,683.55419 468,683.55419 z m -1.4468,22.772 c 45.32995,0 90.45998,19.43946 124.01861,42.83981 24.67281,17.20427 42.65953,41.61266 49.59841,66.64368 8.64953,31.20197 11.71709,69.26937 -12.38832,95.251 -34.34241,37.01536 -102.04258,57.14346 -161.2287,57.14346 -59.18615,0 -126.88629,-20.1281 -161.22873,-57.14346 -24.1054,-25.98163 -21.03783,-64.04903 -12.3883,-95.251 6.93887,-25.03102 24.92559,-49.43941 49.5984,-66.64368 33.55865,-23.40035 78.68865,-42.83981 124.01863,-42.83981 z"
+       id="path2844"
+       inkscape:export-xdpi="30"
+       inkscape:export-ydpi="30" />
+    <rect
+       style="fill:#ffff00;fill-opacity:1;stroke:#000000;stroke-linecap:round;stroke-linejoin:bevel;stroke-opacity:1"
+       id="rect3668"
+       width="60"
+       height="48"
+       x="437.28125"
+       y="672.36218" />
+  </g>
+</svg>

polarssl-0.14.0/include/polarssl/config.h

@@ -77,8 +77,9 @@
 
 /*
  * Enable the checkup functions (*_self_test).
- */
+ *
 #define POLARSSL_SELF_TEST
+ */
 
 /*
  * Enable run-time version information functions

polarssl-0.14.0/library/bignum.c

@@ -310,6 +310,7 @@ cleanup:
     return( ret );
 }
 
+#if 0
 /*
  * Helper to write the digits high-order first
  */
@@ -466,6 +467,7 @@ cleanup:
 
     return( ret );
 }
+#endif
 
 /*
  * Import X from unsigned binary data, big endian

polarssl-0.14.0/library/rsa.c

@@ -245,13 +245,13 @@ int rsa_private( rsa_context *ctx,
     mpi_init( &T, &T1, &T2, NULL );
 
     MPI_CHK( mpi_read_binary( &T, input, ctx->len ) );
-
+#if 0
     if( mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
     {
         mpi_free( &T, NULL );
         return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
     }
-
+#endif
 #if 0
     MPI_CHK( mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) );
 #else
@@ -358,7 +358,7 @@ int rsa_pkcs1_decrypt( rsa_context *ctx,
 {
     int ret, ilen;
     unsigned char *p;
-    unsigned char buf[1024];
+    unsigned char buf[256];
 
     ilen = ctx->len;
 

polarssl-0.14.0/library/sha1.c

@@ -326,6 +326,7 @@ void sha1( const unsigned char *input, int ilen, unsigned char output[20] )
     memset( &ctx, 0, sizeof( sha1_context ) );
 }
 
+#if 0
 /*
  * output = SHA-1( file contents )
  */
@@ -357,6 +358,7 @@ int sha1_file( const char *path, unsigned char output[20] )
     fclose( f );
     return( 0 );
 }
+#endif
 
 /*
  * SHA-1 HMAC context setup

src/ac.c

@@ -74,6 +74,8 @@ verify_pso_other (const uint8_t *pw, int pw_len)
       || pw_status_bytes[PW_STATUS_PW1] == 0) /* locked */
     return 0;
 
+  DEBUG_INFO ("verify_pso_other\r\n");
+
   keystring[0] = pw_len;
   sha1 (pw, pw_len, keystring+1);
   memcpy (pwsb, pw_status_bytes, SIZE_PW_STATUS_BYTES);
@@ -96,7 +98,6 @@ verify_pso_other (const uint8_t *pw, int pw_len)
 /*
  * For keystring of PW3, we use SALT+ITER+MD format
  */
-static sha1_context sha1_ctx;
 
 static uint32_t
 decode_iterate_count (uint8_t x)
@@ -108,6 +109,8 @@ static void
 calc_md (int count, const uint8_t *salt, const uint8_t *pw, int pw_len,
 	 uint8_t md[KEYSTRING_MD_SIZE])
 {
+  sha1_context sha1_ctx;
+
   sha1_starts (&sha1_ctx);
 
   while (count > pw_len + 8)

src/call-rsa.c

@@ -21,6 +21,7 @@
  *
  */
 
+#include <stdlib.h>
 #include "config.h"
 #include "ch.h"
 #include "gnuk.h"
@@ -52,7 +53,7 @@ rsa_sign (const uint8_t *raw_message, uint8_t *output, int msg_len)
   mpi_inv_mod (&rsa_ctx.QP, &rsa_ctx.Q, &rsa_ctx.P);
   mpi_free (&P1, &Q1, &H, NULL);
 
-  DEBUG_INFO ("RSA...");
+  DEBUG_INFO ("RSA sign...");
 
   if ((r = rsa_check_privkey (&rsa_ctx)) == 0)
     DEBUG_INFO ("ok...");
@@ -114,10 +115,15 @@ rsa_decrypt (const uint8_t *input, uint8_t *output, int msg_len)
   int r;
   int output_len;
 
+  put_string ("RSA decrypt:");
+  put_word ((uint32_t)&output_len);
+
   mpi_init (&P1, &Q1, &H, NULL);
   rsa_init (&rsa_ctx, RSA_PKCS_V15, 0);
 
   rsa_ctx.len = msg_len;
+  DEBUG_WORD (msg_len);
+
   mpi_read_string (&rsa_ctx.E, 16, "10001");
   mpi_read_binary (&rsa_ctx.P, &kd.data[0], 2048 / 8 / 2);
   mpi_read_binary (&rsa_ctx.Q, &kd.data[128], 2048 / 8 / 2);
@@ -131,8 +137,9 @@ rsa_decrypt (const uint8_t *input, uint8_t *output, int msg_len)
   mpi_inv_mod (&rsa_ctx.QP, &rsa_ctx.Q, &rsa_ctx.P);
   mpi_free (&P1, &Q1, &H, NULL);
 
-  DEBUG_INFO ("RSA...");
-
+  DEBUG_INFO ("RSA decrypt ...");
+#if 0
+  /* This consume some memory */
   if ((r = rsa_check_privkey (&rsa_ctx)) == 0)
     DEBUG_INFO ("ok...");
   else
@@ -142,6 +149,7 @@ rsa_decrypt (const uint8_t *input, uint8_t *output, int msg_len)
       rsa_free (&rsa_ctx);
       return r;
     }
+#endif
 
   r = rsa_pkcs1_decrypt (&rsa_ctx, RSA_PRIVATE, &output_len,
 			 input, output, MAX_RES_APDU_SIZE - 2);

src/chconf.h

@@ -32,9 +32,9 @@
 #define CH_DBG_ENABLE_CHECKS            FALSE
 #define CH_DBG_ENABLE_ASSERTS           FALSE
 #define CH_DBG_ENABLE_TRACE             FALSE
-#define CH_DBG_ENABLE_STACK_CHECK       FALSE
+#define CH_DBG_ENABLE_STACK_CHECK       TRUE
 #define CH_DBG_FILL_THREADS             FALSE
-#define CH_DBG_THREADS_PROFILING        TRUE
+#define CH_DBG_THREADS_PROFILING        FALSE
 
 #define THREAD_EXT_FIELDS                                               \
 struct {                                                                \

src/config.h

@@ -2,4 +2,15 @@
 #define ENABLE_VIRTUAL_COM_PORT 1
 #endif
 
-#define GNUK_MAX_PACKET_SIZE 64	/* USB */
+/* Packet size of USB Bulk transfer for full speed */
+#define GNUK_MAX_PACKET_SIZE 64
+
+#if 0
+/* FSIJ */
+#define MANUFACTURER_IN_AID		0xf5, 0x17
+#else
+/* for random serial number*/
+#define MANUFACTURER_IN_AID		0xff, 0xfe
+#endif
+
+#define SERIAL_NUMBER_IN_AID  0x00, 0x00, 0x00, 0x01

src/debug.c

@@ -78,6 +78,30 @@ put_word (uint32_t x)
   _write ("\r\n", 2);
 }
 
+void
+put_int (uint32_t x)
+{
+  char s[10];
+  int i;
+
+  for (i = 0; i < 10; i++)
+    {
+      s[i] = '0' + (x % 10);
+      x /= 10;
+      if (x == 0)
+	break;
+    }
+
+  while (i)
+    {
+      _write (s+i, 1);
+      i--;
+    }
+
+  _write (s, 1);
+  _write ("\r\n", 2);
+}
+
 void
 put_binary (const char *s, int len)
 {

src/gnuk.h

@@ -1,9 +1,15 @@
 extern Thread *blinker_thread;
+#define EV_LED_ON  ((eventmask_t)1)
+#define EV_LED_OFF ((eventmask_t)2)
+
+extern Thread *stdout_thread;
+#define EV_TX_READY ((eventmask_t)1)
 
 extern void put_byte (uint8_t b);
 extern void put_byte_with_no_nl (uint8_t b);
 extern void put_short (uint16_t x);
 extern void put_word (uint32_t x);
+extern void put_int (uint32_t x);
 extern void put_string (const char *s);
 extern void put_binary (const char *s, int len);
 
@@ -17,9 +23,7 @@ extern size_t strlen (const char *s);
 extern int strncmp(const char *s1, const char *s2, size_t n);
 extern void *memcpy (void *dest, const void *src, size_t n);
 extern void *memset (void *s, int c, size_t n);
-extern void *malloc (size_t size);
 extern int memcmp (const void *s1, const void *s2, size_t n);
-extern void free (void *ptr);
 
 /*
  * Interface between ICC<-->GPG
@@ -29,7 +33,7 @@ extern Thread *gpg_thread;
 
 #define USB_BUF_SIZE 64
 
-#define EV_EXEC_FINISHED (eventmask_t)2	 /* GPG Execution finished */
+#define EV_EXEC_FINISHED ((eventmask_t)2)	 /* GPG Execution finished */
 
 /* maximum cmd apdu data is key import 22+4+128+128 (proc_key_import) */
 #define MAX_CMD_APDU_SIZE (7+282) /* header + data */

src/gnuk.ld

@@ -28,8 +28,7 @@
  * ST32F103 memory setup.
  */
 __main_stack_size__     = 0x0400;
-__process_stack_size__  = 0x0400;
-__stacks_total_size__   = __main_stack_size__ + __process_stack_size__;
+__stacks_total_size__   = __main_stack_size__;
 
 MEMORY
 {

src/main.c

@@ -72,16 +72,17 @@ _write (const char *s, int size)
   chMtxUnlock ();
 }
 
-extern uint32_t count_in;
-extern __IO uint32_t count_out;
-extern uint8_t buffer_in[VIRTUAL_COM_PORT_DATA_SIZE];
-extern uint8_t buffer_out[VIRTUAL_COM_PORT_DATA_SIZE];
+Thread *stdout_thread;
+uint32_t count_in;
+uint8_t buffer_in[VIRTUAL_COM_PORT_DATA_SIZE];
 
 static WORKING_AREA(waSTDOUTthread, 128);
+
 static msg_t
 STDOUTthread (void *arg)
 {
   (void)arg;
+  stdout_thread = chThdSelf ();
 
  again:
 
@@ -127,11 +128,12 @@ STDOUTthread (void *arg)
 	      p += count_in;
 	    }
 
+	  chEvtClear (EV_TX_READY);
+
 	  USB_SIL_Write (EP3_IN, buffer_in, count_in);
 	  SetEPTxValid (ENDP3);
 
-	  while (count_in > 0)
-	    chThdSleepMilliseconds (1);
+	  chEvtWaitOne (EV_TX_READY);
 	}
 
       stdout.str = NULL;
@@ -160,9 +162,11 @@ extern msg_t GPGthread (void *arg);
 
 Thread *blinker_thread;
 /*
- * Red LEDs blinker
+ * LEDs blinks.
+ * When GPGthread execute some command, LED stop blinking, but always ON.
  */
-#define EV_LED (eventmask_t)1
+#define LED_BLINKER_TIMEOUT MS2ST(200)
+
 
 /*
  * Entry point, note, the main() function is already a thread in the system
@@ -172,6 +176,7 @@ int
 main (int argc, char **argv)
 {
   eventmask_t m;
+  uint8_t led_state = 0;
   int count = 0;
 
   (void)argc;
@@ -199,30 +204,33 @@ main (int argc, char **argv)
 
   while (1)
     {
-#if 0
-      if (palReadPad(IOPORT1, GPIOA_BUTTON))
-	palSetPad (IOPORT3, GPIOC_LED);
-#endif
+      count++;
 
-      m = chEvtWaitOneTimeout (ALL_EVENTS, 100);
-      if (m == EV_LED)
+      m = chEvtWaitOneTimeout (ALL_EVENTS, LED_BLINKER_TIMEOUT);
+      if (m == EV_LED_ON)
+	led_state = 1;
+      else if (m == EV_LED_OFF)
+	led_state = 0;
+
+      if (led_state)
 	palClearPad (IOPORT3, GPIOC_LED);
+      else
+	{
+	  if ((count & 1))
+	    palClearPad (IOPORT3, GPIOC_LED);
+	  else
+	    palSetPad (IOPORT3, GPIOC_LED);
+	}
 
 #ifdef DEBUG_MORE
       if (bDeviceState == CONFIGURED && (count % 100) == 0)
 	{
-	  DEBUG_WORD (count / 100);
+	  DEBUG_SHORT (count / 100);
 	  _write ("\r\nThis is ChibiOS 2.0.2 on Olimex STM32-H103.\r\n"
 		  "Testing USB driver.\n\n"
 		  "Hello world\r\n\r\n", 47+21+15);
 	}
 #endif
-
-      m = chEvtWaitOneTimeout (ALL_EVENTS, 100);
-      if (m == EV_LED)
-	palSetPad (IOPORT3, GPIOC_LED);
-
-      count++;
     }
 
   return 0;

src/openpgp-do.c

@@ -21,8 +21,9 @@
  *
  */
 
-#include "config.h"
+#include <stdlib.h>
 
+#include "config.h"
 #include "ch.h"
 #include "gnuk.h"
 #include "openpgp.h"
@@ -42,8 +43,8 @@ static const uint8_t aid[] __attribute__ ((aligned (1))) = {
   16,
   0xd2, 0x76, 0x00, 0x01, 0x24, 0x01,
   0x02, 0x00,			/* Version 2.0 */
-  0xf5, 0x17,			/* Manufacturer (FSIJ) */
-  0x00, 0x00, 0x00, 0x01,	/* Serial */
+  MANUFACTURER_IN_AID,
+  SERIAL_NUMBER_IN_AID,
   0x00, 0x00
 };
 
@@ -398,10 +399,6 @@ rw_pw_status (uint16_t tag, const uint8_t *data, int len, int is_write)
     }
 }
 
-static aes_context aes;
-static uint8_t iv[16];
-static int iv_offset;
-
 static void
 proc_resetting_code (const uint8_t *data, int len)
 {
@@ -450,6 +447,10 @@ proc_resetting_code (const uint8_t *data, int len)
 static void
 encrypt (const uint8_t *key_str, uint8_t *data, int len)
 {
+  aes_context aes;
+  uint8_t iv[16];
+  int iv_offset;
+
   DEBUG_INFO ("ENC\r\n");
   DEBUG_BINARY (data, len);
 
@@ -464,6 +465,10 @@ struct key_data kd;
 static void
 decrypt (const uint8_t *key_str, uint8_t *data, int len)
 {
+  aes_context aes;
+  uint8_t iv[16];
+  int iv_offset;
+
   aes_setkey_enc (&aes, key_str, 128);
   memset (iv, 0, 16);
   iv_offset = 0;
@@ -800,7 +805,7 @@ gpg_do_table[] = {
   { GPG_DO_EXTCAP, DO_FIXED, AC_ALWAYS, AC_NEVER, extended_capabilities },
   { GPG_DO_ALG_SIG, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr },
   { GPG_DO_ALG_DEC, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr },
-  { GPG_DO_ALG_AUT, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr },
+  { GPG_DO_ALG_AUT, DO_FIXED, AC_ALWAYS, AC_NEVER, NULL },
   /* Compound data: Read access only */
   { GPG_DO_CH_DATA, DO_CN_READ, AC_ALWAYS, AC_NEVER, cn_ch_data },
   { GPG_DO_APP_DATA, DO_CN_READ, AC_ALWAYS, AC_NEVER, cn_app_data },

src/openpgp.c

@@ -510,10 +510,18 @@ cmd_get_data (void)
 static void
 cmd_pso (void)
 {
-  int len;
+  int len = cmd_APDU[4];
+  int data_start = 5;
   int r;
 
-  DEBUG_INFO (" - PSO\r\n");
+  if (len == 0)
+    {
+      len = (cmd_APDU[5]<<8) | cmd_APDU[6];
+      data_start = 7;
+    }
+
+  DEBUG_INFO (" - PSO: ");
+  DEBUG_WORD ((uint32_t)&r);
 
   if (cmd_APDU[2] == 0x9e && cmd_APDU[3] == 0x9a)
     {
@@ -529,14 +537,13 @@ cmd_pso (void)
 	{
 	  DEBUG_INFO (" wrong length: ");
 	  DEBUG_SHORT (cmd_APDU_size);
+	  GPG_ERROR ();
 	}
       else
 	{
-	  len = (cmd_APDU[5]<<8) | cmd_APDU[6];
+	  DEBUG_SHORT (len);  /* Should be cmd_APDU_size - 6 */
 
-	  DEBUG_BYTE (len);  /* Should be cmd_APDU_size - 6 */
-
-	  r = rsa_sign (&cmd_APDU[7], res_APDU, len);
+	  r = rsa_sign (&cmd_APDU[data_start], res_APDU, len);
 	  if (r < 0)
 	    GPG_ERROR ();
 	  else
@@ -556,8 +563,6 @@ cmd_pso (void)
     }
   else if (cmd_APDU[2] == 0x80 && cmd_APDU[3] == 0x86)
     {
-      len = (cmd_APDU[5]<<8) | cmd_APDU[6];
-
       if (!ac_check_status (AC_PSO_OTHER_AUTHORIZED))
 	{
 	  DEBUG_INFO ("security error.");
@@ -565,9 +570,12 @@ cmd_pso (void)
 	  return;
 	}
 
-      DEBUG_BYTE (len);
+      DEBUG_SHORT (len);
 
-      r = rsa_decrypt (&cmd_APDU[7], res_APDU, len);
+      /* Skip padding 0x00 */
+      data_start++;
+      len--;
+      r = rsa_decrypt (&cmd_APDU[data_start], res_APDU, len);
       if (r < 0)
 	GPG_ERROR ();
     }
@@ -577,7 +585,7 @@ cmd_pso (void)
       DEBUG_BYTE (cmd_APDU[2]);
       DEBUG_INFO (" - ??");
       DEBUG_BYTE (cmd_APDU[3]);
-      GPG_SUCCESS ();
+      GPG_ERROR ();
     }
 
   DEBUG_INFO ("PSO done.\r\n");
@@ -639,7 +647,8 @@ GPGthread (void *arg)
 
       m = chEvtWaitOne (ALL_EVENTS);
 
-      DEBUG_INFO ("GPG!\r\n");
+      DEBUG_INFO ("GPG!: ");
+      DEBUG_WORD ((uint32_t)&m);
 
       process_command_apdu ();
 

src/stdlib.h

@@ -0,0 +1,15 @@
+/*
+ * stdlib.h replacement, so that we can replace malloc functions
+ */
+
+typedef unsigned int size_t;
+
+#ifdef REPLACE_MALLOC
+#define malloc my_malloc
+#define free my_free
+#define realloc my_realloc
+#endif
+
+extern void *malloc (size_t size);
+extern void free (void *ptr);
+extern void *realloc (void *ptr, size_t size);

src/usb-icc.c

@@ -229,7 +229,6 @@ icc_send_status (void)
 enum icc_state
 icc_power_off (void)
 {
-  
   icc_send_status ();
   DEBUG_INFO ("OFF\r\n");
   return ICC_STATE_START;
@@ -311,6 +310,7 @@ icc_handle_data (void)
 	      cmd_APDU_size = icc_data_size;
 	      chEvtSignal (gpg_thread, (eventmask_t)1);
 	      next_state = ICC_STATE_EXECUTE;
+	      chEvtSignal (blinker_thread, EV_LED_ON);
 	    }
 	  else if (icc_header->param == 1)
 	    {
@@ -364,6 +364,7 @@ icc_handle_data (void)
 	      if (icc_header->param == 2) /* Got final block */
 		{			/* Give this message to GPG thread */
 		  next_state = ICC_STATE_EXECUTE;
+		  chEvtSignal (blinker_thread, EV_LED_ON);
 		  cmd_APDU_size = p_cmd - cmd_APDU;
 		  chEvtSignal (gpg_thread, (eventmask_t)1);
 		}
@@ -439,9 +440,7 @@ icc_handle_timeout (void)
   switch (icc_state)
     {
     case ICC_STATE_EXECUTE:
-#if 0
       icc_send_data_block (ICC_CMD_STATUS_TIMEEXT, 0, 0, NULL, 0);
-#endif
       break;
     case ICC_STATE_RECEIVE:
     case ICC_STATE_SEND:
@@ -450,11 +449,10 @@ icc_handle_timeout (void)
       break;
     }
 
-  chEvtSignal (blinker_thread, (eventmask_t)1);
   return next_state;
 }
 
-#define USB_ICC_TIMEOUT MS2ST(1000)
+#define USB_ICC_TIMEOUT MS2ST(1950)
 
 msg_t
 USBthread (void *arg)
@@ -479,6 +477,8 @@ USBthread (void *arg)
 	{
 	  if (icc_state == ICC_STATE_EXECUTE)
 	    {
+	      chEvtSignal (blinker_thread, EV_LED_OFF);
+
 	      if (res_APDU_size <= ICC_MAX_MSG_DATA_SIZE)
 		{
 		  icc_send_data_block (0, 0, 0, res_APDU, res_APDU_size);

src/usb_desc.c

@@ -62,7 +62,7 @@ static const uint8_t gnukConfigDescriptor[] = {
   /* ICC Descriptor */
   54,			  /* bLength: */
   0x21,			  /* bDescriptorType: USBDESCR_ICC */
-  0x10, 0x01,		  /* bcdCCID: 1.1 XXX */
+  0x00, 0x01,		  /* bcdCCID: revision 1.0 */
   0,			  /* bMaxSlotIndex: */
   1,			  /* bVoltageSupport: FIXED VALUE */
   0x02, 0, 0, 0,	  /* dwProtocols: T=1 */

src/usb_endp.c

@@ -0,0 +1,22 @@
+/*
+ * Virtual COM port (for debug output only)
+ */
+
+#include "usb_lib.h"
+
+#include "config.h"
+#include "ch.h"
+#include "gnuk.h"
+
+void
+EP3_IN_Callback(void)
+{
+  if (stdout_thread)
+    chEvtSignalI (stdout_thread, EV_TX_READY);
+}
+
+void
+EP5_OUT_Callback(void)
+{
+  SetEPRxValid (ENDP3);
+}

src/vcomport.mk

@@ -1,6 +1,5 @@
 VCOMDIR = ../Virtual_COM_Port
-ifeq ($(ENABLE_VCOMPORT),)
 VCOMSRC= $(VCOMDIR)/usb_istr.c $(VCOMDIR)/usb_pwr.c
-else
-VCOMSRC= $(VCOMDIR)/usb_endp.c $(VCOMDIR)/usb_istr.c $(VCOMDIR)/usb_pwr.c
+ifneq ($(ENABLE_VCOMPORT),)
+VCOMSRC += usb_endp.c
 endif