Data Object 0x7f21 is now optional

ChangeLog

@@ -1,3 +1,20 @@
+2011-12-21  Niibe Yutaka  <gniibe@fsij.org>
+
+	* src/openpgp-do.c (gpg_do_get_data) [CERTDO_SUPPORT]: ifdef out.
+
+	* src/gnuk.ld.in (.gnuk_ch_certificate): Only valid
+	when --enable-certdo.
+
+	* src/flash.c (flash_check_blank) [CERTDO_SUPPORT]: ifdef out.
+	(flash_erase_binary) [CERTDO_SUPPORT]: Likewise.
+	(flash_write_binary) [CERTDO_SUPPORT]: Likewise.
+
+	* src/configure (certdo): New.
+	(--enable-certdo, --disable-certdo): New options.
+	Remove cheking for /dev/random.
+
+	* src/config.h.in (@CERTDO_DEFINE@): New.
+
 2011-12-20  Niibe Yutaka  <gniibe@fsij.org>
 
 	* src/usb_msc.c (msc_handle_command): SCSI_START_STOP_UNIT command

NEWS

@@ -4,6 +4,12 @@ Gnuk NEWS - User visible changes
 
   Released 2012-01-XX, by NIIBE Yutaka
 
+** CERT.3 Data Object (0x7f21) is now optional
+As there's no valid use case for this data object and it does not
+work as current version of GnuPG, this is now optional feature.
+You can enable this data object by specifying --enable-certdo at
+configure time.
+
 ** With DnD pinentry, user can cancel pin input
 Now, user can cancel pin input by unmounting device before finishing
 DnD.

src/config.h.in

@@ -5,3 +5,4 @@
 @DFU_DEFINE@
 @PINPAD_DEFINE@
 @PINPAD_MORE_DEFINE@
+@CERTDO_DEFINE@

src/configure

@@ -26,12 +26,7 @@ verbose=no
 with_dfu=default
 debug=no
 pinpad=no
-
-# check /dev/random
-if test ! -e /dev/random; then
-  echo "/dev/random is required." >&2
-  exit 1
-fi
+certdo=no
 
 # Process each option
 for option; do
@@ -57,6 +52,10 @@ for option; do
     pinpad=$optarg ;;
   --disable-pinpad)
     pinpad=no ;;
+  --enable-certdo)
+    certdo=yes ;;
+  --disable-certdo)
+    certdo=no ;;
   --with-dfu)
     with_dfu=yes ;;
   --without-dfu)
@@ -88,6 +87,7 @@ Configuration:
   --enable-debug	debug with virtual COM port	[no]
   --enable-pinpad={dnd,cir,dial}
 			PIN entry support		[no]
+  --enable-certdo	support CERT.3 data object	[no]
   --with-dfu		build image for DFU 		[<target specific>]
 EOF
   exit 0
@@ -170,16 +170,34 @@ else
   echo "PIN pad option enabled ($pinpad)"
 fi
 
+# --enable-certdo option
+if test "$certdo" = "yes"; then
+  CERTDO_DEFINE="#define CERTDO_SUPPORT 1"
+  echo "CERT.3 Data Object is supported (Note: it is not supported by GnuPG)"
+else
+  CERTDO_DEFINE="#undef CERTDO_SUPPORT"
+  echo "CERT.3 Data Object is not supported"
+fi
+
 sed -e "s%@BOARD_DIR@%$BOARD_DIR%" \
     -e "s%@DEBUG_MAKE_OPTION@%$DEBUG_MAKE_OPTION%" \
     -e "s%@PINPAD_MAKE_OPTION@%$PINPAD_MAKE_OPTION%" \
 	< Makefile.in > Makefile
-sed -e "s/@ORIGIN@/$ORIGIN/" -e "s/@FLASH_SIZE@/$FLASH_SIZE/" \
-    -e "s/@FLASH_PAGE_SIZE@/$FLASH_PAGE_SIZE/" \
+if test "$certdo" = "yes"; then
+  sed -e "/^@CERTDO_SUPPORT_START@$/ d" -e "/^@CERTDO_SUPPORT_END@$/ d" \
+      -e "s/@ORIGIN@/$ORIGIN/" -e "s/@FLASH_SIZE@/$FLASH_SIZE/" \
+      -e "s/@FLASH_PAGE_SIZE@/$FLASH_PAGE_SIZE/" \
 	< gnuk.ld.in > gnuk.ld
+else
+  sed -e "/^@CERTDO_SUPPORT_START@$/,/^@CERTDO_SUPPORT_END@$/ d" \
+      -e "s/@ORIGIN@/$ORIGIN/" -e "s/@FLASH_SIZE@/$FLASH_SIZE/" \
+      -e "s/@FLASH_PAGE_SIZE@/$FLASH_PAGE_SIZE/" \
+	< gnuk.ld.in > gnuk.ld
+fi
 sed -e "s/@DEBUG_DEFINE@/$DEBUG_DEFINE/" \
+    -e "s/@DFU_DEFINE@/$DFU_DEFINE/" \
     -e "s/@PINPAD_DEFINE@/$PINPAD_DEFINE/" \
     -e "s/@PINPAD_MORE_DEFINE@/$PINPAD_MORE_DEFINE/" \
-    -e "s/@DFU_DEFINE@/$DFU_DEFINE/" \
+    -e "s/@CERTDO_DEFINE@/$CERTDO_DEFINE/" \
 	< config.h.in > config.h
 exit 0

src/flash.c

@@ -581,6 +581,7 @@ flash_cnt123_clear (const uint8_t **addr_p)
 }
 
 
+#if defined(CERTDO_SUPPORT)
 static int
 flash_check_blank (const uint8_t *page, int size)
 {
@@ -592,17 +593,16 @@ flash_check_blank (const uint8_t *page, int size)
 
   return 1;
 }
-
+#endif
 
 #define FLASH_CH_CERTIFICATE_SIZE 2048
 int
 flash_erase_binary (uint8_t file_id)
 {
-  const uint8_t *p;
-
+#if defined(CERTDO_SUPPORT)
   if (file_id == FILEID_CH_CERTIFICATE)
     {
-      p = &ch_certificate_start;
+      const uint8_t *p = &ch_certificate_start;
       if (flash_check_blank (p, FLASH_CH_CERTIFICATE_SIZE) == 0)
 	{
 	  flash_erase_page ((uint32_t)p);
@@ -614,6 +614,9 @@ flash_erase_binary (uint8_t file_id)
       return 0;
     }
   else
+#else
+    (void)file_id;
+#endif
     return -1;
 }
 
@@ -625,12 +628,15 @@ flash_write_binary (uint8_t file_id, const uint8_t *data,
   uint16_t maxsize;
   const uint8_t *p;
 
+#if defined(CERTDO_SUPPORT)
   if (file_id == FILEID_CH_CERTIFICATE)
     {
       maxsize = FLASH_CH_CERTIFICATE_SIZE;
       p = &ch_certificate_start;
     }
-  else if (file_id == FILEID_SERIAL_NO)
+  else
+#endif
+  if (file_id == FILEID_SERIAL_NO)
     {
       maxsize = 6;
       p = &openpgpcard_aid[8];

src/gnuk.ld.in

@@ -115,6 +115,7 @@ SECTIONS
     PROVIDE(end = .);
     _end            = .;
 
+@CERTDO_SUPPORT_START@
     .gnuk_ch_certificate :
     {
         . = ALIGN (@FLASH_PAGE_SIZE@);
@@ -123,6 +124,7 @@ SECTIONS
 	. += 1920;
         . = ALIGN (@FLASH_PAGE_SIZE@);
     } > flash =0xffffffff
+@CERTDO_SUPPORT_END@
 
     .gnuk_flash :
     {

src/openpgp-do.c

@@ -1241,6 +1241,7 @@ copy_do (const struct do_table_entry *do_p, int with_tag)
 void
 gpg_do_get_data (uint16_t tag, int with_tag)
 {
+#if defined(CERTDO_SUPPORT)
   if (tag == GPG_DO_CH_CERTIFICATE)
     {
       res_APDU_pointer = &ch_certificate_start;
@@ -1255,6 +1256,7 @@ gpg_do_get_data (uint16_t tag, int with_tag)
 	res_APDU_size += 4 + 2;
     }
   else
+#endif
     {
       const struct do_table_entry *do_p = get_do_entry (tag);