From a0c8cf2ff4c637bfa46c864bd27fa921577ba902 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Wed, 21 Dec 2011 14:14:28 +0900 Subject: [PATCH] Data Object 0x7f21 is now optional --- ChangeLog | 17 +++++++++++++++++ NEWS | 6 ++++++ src/config.h.in | 1 + src/configure | 36 +++++++++++++++++++++++++++--------- src/flash.c | 16 +++++++++++----- src/gnuk.ld.in | 2 ++ src/openpgp-do.c | 2 ++ 7 files changed, 66 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index 17dedf1..5d6704b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,20 @@ +2011-12-21 Niibe Yutaka + + * src/openpgp-do.c (gpg_do_get_data) [CERTDO_SUPPORT]: ifdef out. + + * src/gnuk.ld.in (.gnuk_ch_certificate): Only valid + when --enable-certdo. + + * src/flash.c (flash_check_blank) [CERTDO_SUPPORT]: ifdef out. + (flash_erase_binary) [CERTDO_SUPPORT]: Likewise. + (flash_write_binary) [CERTDO_SUPPORT]: Likewise. + + * src/configure (certdo): New. + (--enable-certdo, --disable-certdo): New options. + Remove cheking for /dev/random. + + * src/config.h.in (@CERTDO_DEFINE@): New. + 2011-12-20 Niibe Yutaka * src/usb_msc.c (msc_handle_command): SCSI_START_STOP_UNIT command diff --git a/NEWS b/NEWS index 3b60b77..8928329 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,12 @@ Gnuk NEWS - User visible changes Released 2012-01-XX, by NIIBE Yutaka +** CERT.3 Data Object (0x7f21) is now optional +As there's no valid use case for this data object and it does not +work as current version of GnuPG, this is now optional feature. +You can enable this data object by specifying --enable-certdo at +configure time. + ** With DnD pinentry, user can cancel pin input Now, user can cancel pin input by unmounting device before finishing DnD. diff --git a/src/config.h.in b/src/config.h.in index 23fe05d..37fbb30 100644 --- a/src/config.h.in +++ b/src/config.h.in @@ -5,3 +5,4 @@ @DFU_DEFINE@ @PINPAD_DEFINE@ @PINPAD_MORE_DEFINE@ +@CERTDO_DEFINE@ diff --git a/src/configure b/src/configure index 8b7cd8a..fb86998 100755 --- a/src/configure +++ b/src/configure @@ -26,12 +26,7 @@ verbose=no with_dfu=default debug=no pinpad=no - -# check /dev/random -if test ! -e /dev/random; then - echo "/dev/random is required." >&2 - exit 1 -fi +certdo=no # Process each option for option; do @@ -57,6 +52,10 @@ for option; do pinpad=$optarg ;; --disable-pinpad) pinpad=no ;; + --enable-certdo) + certdo=yes ;; + --disable-certdo) + certdo=no ;; --with-dfu) with_dfu=yes ;; --without-dfu) @@ -88,6 +87,7 @@ Configuration: --enable-debug debug with virtual COM port [no] --enable-pinpad={dnd,cir,dial} PIN entry support [no] + --enable-certdo support CERT.3 data object [no] --with-dfu build image for DFU [] EOF exit 0 @@ -170,16 +170,34 @@ else echo "PIN pad option enabled ($pinpad)" fi +# --enable-certdo option +if test "$certdo" = "yes"; then + CERTDO_DEFINE="#define CERTDO_SUPPORT 1" + echo "CERT.3 Data Object is supported (Note: it is not supported by GnuPG)" +else + CERTDO_DEFINE="#undef CERTDO_SUPPORT" + echo "CERT.3 Data Object is not supported" +fi + sed -e "s%@BOARD_DIR@%$BOARD_DIR%" \ -e "s%@DEBUG_MAKE_OPTION@%$DEBUG_MAKE_OPTION%" \ -e "s%@PINPAD_MAKE_OPTION@%$PINPAD_MAKE_OPTION%" \ < Makefile.in > Makefile -sed -e "s/@ORIGIN@/$ORIGIN/" -e "s/@FLASH_SIZE@/$FLASH_SIZE/" \ - -e "s/@FLASH_PAGE_SIZE@/$FLASH_PAGE_SIZE/" \ +if test "$certdo" = "yes"; then + sed -e "/^@CERTDO_SUPPORT_START@$/ d" -e "/^@CERTDO_SUPPORT_END@$/ d" \ + -e "s/@ORIGIN@/$ORIGIN/" -e "s/@FLASH_SIZE@/$FLASH_SIZE/" \ + -e "s/@FLASH_PAGE_SIZE@/$FLASH_PAGE_SIZE/" \ < gnuk.ld.in > gnuk.ld +else + sed -e "/^@CERTDO_SUPPORT_START@$/,/^@CERTDO_SUPPORT_END@$/ d" \ + -e "s/@ORIGIN@/$ORIGIN/" -e "s/@FLASH_SIZE@/$FLASH_SIZE/" \ + -e "s/@FLASH_PAGE_SIZE@/$FLASH_PAGE_SIZE/" \ + < gnuk.ld.in > gnuk.ld +fi sed -e "s/@DEBUG_DEFINE@/$DEBUG_DEFINE/" \ + -e "s/@DFU_DEFINE@/$DFU_DEFINE/" \ -e "s/@PINPAD_DEFINE@/$PINPAD_DEFINE/" \ -e "s/@PINPAD_MORE_DEFINE@/$PINPAD_MORE_DEFINE/" \ - -e "s/@DFU_DEFINE@/$DFU_DEFINE/" \ + -e "s/@CERTDO_DEFINE@/$CERTDO_DEFINE/" \ < config.h.in > config.h exit 0 diff --git a/src/flash.c b/src/flash.c index 2e1720a..31b2c1a 100644 --- a/src/flash.c +++ b/src/flash.c @@ -581,6 +581,7 @@ flash_cnt123_clear (const uint8_t **addr_p) } +#if defined(CERTDO_SUPPORT) static int flash_check_blank (const uint8_t *page, int size) { @@ -592,17 +593,16 @@ flash_check_blank (const uint8_t *page, int size) return 1; } - +#endif #define FLASH_CH_CERTIFICATE_SIZE 2048 int flash_erase_binary (uint8_t file_id) { - const uint8_t *p; - +#if defined(CERTDO_SUPPORT) if (file_id == FILEID_CH_CERTIFICATE) { - p = &ch_certificate_start; + const uint8_t *p = &ch_certificate_start; if (flash_check_blank (p, FLASH_CH_CERTIFICATE_SIZE) == 0) { flash_erase_page ((uint32_t)p); @@ -614,6 +614,9 @@ flash_erase_binary (uint8_t file_id) return 0; } else +#else + (void)file_id; +#endif return -1; } @@ -625,12 +628,15 @@ flash_write_binary (uint8_t file_id, const uint8_t *data, uint16_t maxsize; const uint8_t *p; +#if defined(CERTDO_SUPPORT) if (file_id == FILEID_CH_CERTIFICATE) { maxsize = FLASH_CH_CERTIFICATE_SIZE; p = &ch_certificate_start; } - else if (file_id == FILEID_SERIAL_NO) + else +#endif + if (file_id == FILEID_SERIAL_NO) { maxsize = 6; p = &openpgpcard_aid[8]; diff --git a/src/gnuk.ld.in b/src/gnuk.ld.in index 121f47c..7bc613a 100644 --- a/src/gnuk.ld.in +++ b/src/gnuk.ld.in @@ -115,6 +115,7 @@ SECTIONS PROVIDE(end = .); _end = .; +@CERTDO_SUPPORT_START@ .gnuk_ch_certificate : { . = ALIGN (@FLASH_PAGE_SIZE@); @@ -123,6 +124,7 @@ SECTIONS . += 1920; . = ALIGN (@FLASH_PAGE_SIZE@); } > flash =0xffffffff +@CERTDO_SUPPORT_END@ .gnuk_flash : { diff --git a/src/openpgp-do.c b/src/openpgp-do.c index 13cc88c..cd9ab77 100644 --- a/src/openpgp-do.c +++ b/src/openpgp-do.c @@ -1241,6 +1241,7 @@ copy_do (const struct do_table_entry *do_p, int with_tag) void gpg_do_get_data (uint16_t tag, int with_tag) { +#if defined(CERTDO_SUPPORT) if (tag == GPG_DO_CH_CERTIFICATE) { res_APDU_pointer = &ch_certificate_start; @@ -1255,6 +1256,7 @@ gpg_do_get_data (uint16_t tag, int with_tag) res_APDU_size += 4 + 2; } else +#endif { const struct do_table_entry *do_p = get_do_entry (tag);