From f505dea31494b8f61033a302128bc001771846a4 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Wed, 9 Sep 2015 18:49:01 +0900 Subject: [PATCH] USB Reset handling --- ChangeLog | 10 ++- src/ac.c | 2 +- src/ecc-edwards.c | 186 +++++++++++++++++++++++----------------------- src/ecc-mont.c | 4 +- src/ecc.c | 2 +- src/flash.c | 2 +- src/gnuk.h | 5 +- src/main.c | 11 ++- src/mod.c | 4 +- src/modp256k1.c | 12 +-- src/openpgp-do.c | 10 +-- src/openpgp.c | 2 +- src/pin-cir.c | 2 +- src/sha512.c | 2 +- src/usb-icc.c | 50 +++++++------ src/usb-msc.c | 2 +- src/usb_ctrl.c | 2 +- 17 files changed, 166 insertions(+), 142 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0960004..dc08598 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,14 @@ +2015-09-09 Niibe Yutaka + + * src/main.c (main): Handle LED_USB_RESET. + + * src/usb-icc.c (ccid_usb_reset): New. + (ccid_thread): Upon receival of EV_USB_RESET, finish + the thread, canceling the card thread. + 2015-09-08 Niibe Yutaka - * src/gnuk.h (EV_RESET, LED_RESET): New. + * src/gnuk.h (EV_USB_RESET, LED_USB_RESET): New. * src/usb_ctrl.c (CDC_CTRL_DTR): New. (vcom_port_data_setup): Distinguish detail->value for DTR. diff --git a/src/ac.c b/src/ac.c index 19bbfdf..f5c2fb3 100644 --- a/src/ac.c +++ b/src/ac.c @@ -169,7 +169,7 @@ verify_admin_00 (const uint8_t *pw, int buf_len, int pw_len_known, pw_len = ks[0] & PW_LEN_MASK; salt = KS_GET_SALT (ks); salt_len = SALT_SIZE; - + if ((pw_len_known >= 0 && pw_len_known != pw_len) || buf_len < pw_len) return -1; diff --git a/src/ecc-edwards.c b/src/ecc-edwards.c index 2dcb95d..16b8ed9 100644 --- a/src/ecc-edwards.c +++ b/src/ecc-edwards.c @@ -50,7 +50,7 @@ * IMPLEMENTATION NOTE * * (0) We assume that the processor has no cache, nor branch target - * prediction. Thus, we don't avoid indexing by secret value. + * prediction. Thus, we don't avoid indexing by secret value. * We don't avoid conditional jump if both cases have same timing, * either. * @@ -235,7 +235,7 @@ point_add (ptc *X, const ptc *A, const ac *B) * @param X Destination AC * @param A PTC * - * (X1:Y1:Z1) represents the affine point (x=X1/Z1, y=Y1/Z1) + * (X1:Y1:Z1) represents the affine point (x=X1/Z1, y=Y1/Z1) */ static void point_ptc_to_ac (ac *X, const ptc *A) @@ -258,195 +258,195 @@ point_ptc_to_ac (ac *X, const ptc *A) static const ac precomputed_KG[16] = { { {{{ 0, 0, 0, 0, 0, 0, 0, 0 }}}, {{{ 1, 0, 0, 0, 0, 0, 0, 0 }}} }, - { {{{ 0x8f25d51a, 0xc9562d60, 0x9525a7b2, 0x692cc760, + { {{{ 0x8f25d51a, 0xc9562d60, 0x9525a7b2, 0x692cc760, 0xfdd6dc5c, 0xc0a4e231, 0xcd6e53fe, 0x216936d3 }}}, - {{{ 0x66666658, 0x66666666, 0x66666666, 0x66666666, + {{{ 0x66666658, 0x66666666, 0x66666666, 0x66666666, 0x66666666, 0x66666666, 0x66666666, 0x66666666 }}} }, - { {{{ 0x3713af22, 0xac7137bd, 0xac634604, 0x25ed77a4, + { {{{ 0x3713af22, 0xac7137bd, 0xac634604, 0x25ed77a4, 0xa815e038, 0xce0d0064, 0xbca90151, 0x041c030f }}}, - {{{ 0x0780f989, 0xe9b33fcf, 0x3d4445e7, 0xe4e97c2a, + {{{ 0x0780f989, 0xe9b33fcf, 0x3d4445e7, 0xe4e97c2a, 0x655e5c16, 0xc67dc71c, 0xee43fb7a, 0x72467625 }}} }, - { {{{ 0x3ee99893, 0x76a19171, 0x7ba9b065, 0xe647edd9, + { {{{ 0x3ee99893, 0x76a19171, 0x7ba9b065, 0xe647edd9, 0x6aeae260, 0x31f39299, 0x5f4a9bb2, 0x6d9e4545 }}}, - {{{ 0x94cae280, 0xc41433da, 0x79061211, 0x8e842de8, + {{{ 0x94cae280, 0xc41433da, 0x79061211, 0x8e842de8, 0xa259dc8a, 0xaab95e0b, 0x99013cd0, 0x28bd5fc3 }}} }, - { {{{ 0x7d23ea24, 0x59e22c56, 0x0460850e, 0x1e745a88, + { {{{ 0x7d23ea24, 0x59e22c56, 0x0460850e, 0x1e745a88, 0xda13ef4b, 0x4583ff4c, 0x95083f85, 0x1f13202c }}}, - {{{ 0x90275f48, 0xad42025c, 0xb55c4778, 0x0085087e, + {{{ 0x90275f48, 0xad42025c, 0xb55c4778, 0x0085087e, 0xfdfd7ffa, 0xf21109e7, 0x6c381b7e, 0x66336d35 }}} }, - { {{{ 0xd00851f2, 0xaa9476ab, 0x4a61600b, 0xe7838534, + { {{{ 0xd00851f2, 0xaa9476ab, 0x4a61600b, 0xe7838534, 0x1a52df87, 0x0de65625, 0xbd675870, 0x5f0dd494 }}}, - {{{ 0xe23493ba, 0xf20aec1b, 0x3414b0a8, 0x8f7f2741, + {{{ 0xe23493ba, 0xf20aec1b, 0x3414b0a8, 0x8f7f2741, 0xa80e1eb6, 0x497e74bd, 0xe9365b15, 0x1648eaac }}} }, - { {{{ 0x04ac2b69, 0x5b78dcec, 0x32001a73, 0xecdb66ce, + { {{{ 0x04ac2b69, 0x5b78dcec, 0x32001a73, 0xecdb66ce, 0xb34cf697, 0xb75832f4, 0x3a2bce94, 0x7aaf57c5 }}}, - {{{ 0x60fdfc6f, 0xb32ed2ce, 0x757924c6, 0x77bf20be, + {{{ 0x60fdfc6f, 0xb32ed2ce, 0x757924c6, 0x77bf20be, 0x48742dd1, 0xaebd15dd, 0x55d38439, 0x6311bb16 }}} }, - { {{{ 0x42ff5c97, 0x139cdd73, 0xdbd82964, 0xee4c359e, + { {{{ 0x42ff5c97, 0x139cdd73, 0xdbd82964, 0xee4c359e, 0x70611a3f, 0x91c1cd94, 0x8075dbcb, 0x1d0c34f6 }}}, - {{{ 0x5f931219, 0x43eaa549, 0xa23d35a6, 0x3737aba7, + {{{ 0x5f931219, 0x43eaa549, 0xa23d35a6, 0x3737aba7, 0x46f167bb, 0x54b1992f, 0xb74a9944, 0x01a11f3c }}} }, - { {{{ 0xba46b161, 0x67a5310e, 0xd9d67f6c, 0x790f8527, + { {{{ 0xba46b161, 0x67a5310e, 0xd9d67f6c, 0x790f8527, 0x2f6cc814, 0x359c5b5f, 0x7786383d, 0x7b6a5565 }}}, - {{{ 0x663ab0d3, 0xf1431b60, 0x09995826, 0x14a32d8f, + {{{ 0x663ab0d3, 0xf1431b60, 0x09995826, 0x14a32d8f, 0xeddb8571, 0x61d526f6, 0x0eac739a, 0x0cb7acea }}} }, - { {{{ 0x4a2d009f, 0x5eb1a697, 0xd8df987a, 0xdacb43b4, + { {{{ 0x4a2d009f, 0x5eb1a697, 0xd8df987a, 0xdacb43b4, 0x8397f958, 0x4870f214, 0x8a175fbb, 0x5aa0c67c }}}, - {{{ 0x78887db3, 0x27dbbd4c, 0x64e322ab, 0xe327b707, + {{{ 0x78887db3, 0x27dbbd4c, 0x64e322ab, 0xe327b707, 0x7cbe4e3b, 0x87e293fa, 0xbda72395, 0x17040799 }}} }, - { {{{ 0x99d1e696, 0xc833a5a2, 0x2d9d5877, 0x969bff8e, + { {{{ 0x99d1e696, 0xc833a5a2, 0x2d9d5877, 0x969bff8e, 0x2216fa67, 0x383a533a, 0x684d3925, 0x338bbe0a }}}, - {{{ 0xd6cfb491, 0x35b5aae8, 0xaa12f3f8, 0x4a588279, + {{{ 0xd6cfb491, 0x35b5aae8, 0xaa12f3f8, 0x4a588279, 0x2e30380e, 0xa7c2e708, 0x9e4b3d62, 0x69f13e09 }}} }, - { {{{ 0x27f1cd56, 0xec0dc2ef, 0xdb11cc97, 0x1af11548, + { {{{ 0x27f1cd56, 0xec0dc2ef, 0xdb11cc97, 0x1af11548, 0x9ebc7613, 0xb642f86a, 0xcb77c3b9, 0x5ce45e73 }}}, - {{{ 0x3eddd6de, 0x5d128786, 0x4859eab7, 0x16f9a6b4, + {{{ 0x3eddd6de, 0x5d128786, 0x4859eab7, 0x16f9a6b4, 0xd8782345, 0x55c53916, 0xdb7b202a, 0x6b1dfa87 }}} }, - { {{{ 0x19e30528, 0x2461a8ed, 0x665cfb1c, 0xaf756bf9, + { {{{ 0x19e30528, 0x2461a8ed, 0x665cfb1c, 0xaf756bf9, 0x3a6e8673, 0x0fcafd1d, 0x45d10f48, 0x0d264435 }}}, - {{{ 0x5431db67, 0x543fd4c6, 0x60932432, 0xc153a5b3, + {{{ 0x5431db67, 0x543fd4c6, 0x60932432, 0xc153a5b3, 0xd2119aa4, 0x41d5b8eb, 0x8b09b6a5, 0x36bd9ab4 }}} }, - { {{{ 0x21e06738, 0x6d39f935, 0x3765dd86, 0x4e6a7c59, + { {{{ 0x21e06738, 0x6d39f935, 0x3765dd86, 0x4e6a7c59, 0xa4730880, 0xefc0dd80, 0x4079fe2f, 0x40617e56 }}}, - {{{ 0x921439b9, 0xbc83cdff, 0x98833c09, 0xd5cccc06, + {{{ 0x921439b9, 0xbc83cdff, 0x98833c09, 0xd5cccc06, 0xda13cdcb, 0xe315c425, 0x67ff5370, 0x37bc6e84 }}} }, - { {{{ 0xf643b5f5, 0x65e7f028, 0x0ffbf5a8, 0x5b0d4831, + { {{{ 0xf643b5f5, 0x65e7f028, 0x0ffbf5a8, 0x5b0d4831, 0xf4085f62, 0x0f540498, 0x0db7bd1b, 0x6f0bb035 }}}, - {{{ 0x9733742c, 0x51f65571, 0xf513409f, 0x2fc047a0, + {{{ 0x9733742c, 0x51f65571, 0xf513409f, 0x2fc047a0, 0x355facf6, 0x07f45010, 0x3a989a9c, 0x5cd416a9 }}} }, - { {{{ 0x748f2a67, 0x0bdd7208, 0x415b7f7f, 0x0cf0b80b, + { {{{ 0x748f2a67, 0x0bdd7208, 0x415b7f7f, 0x0cf0b80b, 0x57aa0119, 0x44afdd5f, 0x430dc946, 0x05d68802 }}}, - {{{ 0x1a60eeb2, 0x420c46e5, 0x665024f5, 0xc60a9b33, + {{{ 0x1a60eeb2, 0x420c46e5, 0x665024f5, 0xc60a9b33, 0x48c51347, 0x37520265, 0x00a21bfb, 0x6f4be0af }}} } }; static const ac precomputed_2E_KG[16] = { { {{{ 0, 0, 0, 0, 0, 0, 0, 0 }}}, {{{ 1, 0, 0, 0, 0, 0, 0, 0 }}} }, - { {{{ 0x199c4f7d, 0xec314ac0, 0xb2ebaaf9, 0x66a39c16, + { {{{ 0x199c4f7d, 0xec314ac0, 0xb2ebaaf9, 0x66a39c16, 0xedd4d15f, 0xab1c92b8, 0x57d9eada, 0x482a4cdf }}}, - {{{ 0x6e4eb04b, 0xbd513b11, 0x25e4fd6a, 0x3f115fa5, + {{{ 0x6e4eb04b, 0xbd513b11, 0x25e4fd6a, 0x3f115fa5, 0x14519298, 0x0b3c5fc6, 0x81c2f7a8, 0x7391de43 }}} }, - { {{{ 0x1254fe02, 0xa57dca18, 0x6da34368, 0xa56a2a14, + { {{{ 0x1254fe02, 0xa57dca18, 0x6da34368, 0xa56a2a14, 0x63e7328e, 0x44c6e34f, 0xca63ab3e, 0x3f748617 }}}, - {{{ 0x7dc1641e, 0x5a13dc52, 0xee4e9ca1, 0x4cbb2899, + {{{ 0x7dc1641e, 0x5a13dc52, 0xee4e9ca1, 0x4cbb2899, 0x1ba9acee, 0x3938a289, 0x420fc47b, 0x0fed89e6 }}} }, - { {{{ 0x49cbad08, 0x3c193f32, 0x15e80ef5, 0xdda71ef1, + { {{{ 0x49cbad08, 0x3c193f32, 0x15e80ef5, 0xdda71ef1, 0x9d128c33, 0xda44186c, 0xbf98c24f, 0x54183ede }}}, - {{{ 0x93d165c1, 0x2cb483f7, 0x177f44aa, 0x51762ace, + {{{ 0x93d165c1, 0x2cb483f7, 0x177f44aa, 0x51762ace, 0xb4ab035d, 0xb3fe651b, 0xa0b0d4e5, 0x426c99c3 }}} }, - { {{{ 0xef3f3fb1, 0xb3fcf4d8, 0x065060a0, 0x7052292b, + { {{{ 0xef3f3fb1, 0xb3fcf4d8, 0x065060a0, 0x7052292b, 0x24240b15, 0x18795ff8, 0x9989ffcc, 0x13aea184 }}}, - {{{ 0xc2b81f44, 0x1930c101, 0x10600555, 0x672d6ca4, + {{{ 0xc2b81f44, 0x1930c101, 0x10600555, 0x672d6ca4, 0x1b25e570, 0xfbddbff2, 0x8ca12b70, 0x0884949c }}} }, - { {{{ 0x00564bbf, 0x9983a033, 0xde61b72d, 0x95587d25, + { {{{ 0x00564bbf, 0x9983a033, 0xde61b72d, 0x95587d25, 0xeb17ad71, 0xb6719dfb, 0xc0bc3517, 0x46871ad0 }}}, - {{{ 0xe95a6693, 0xb034fb61, 0x76eabad9, 0x5b0d8d18, + {{{ 0xe95a6693, 0xb034fb61, 0x76eabad9, 0x5b0d8d18, 0x884785dc, 0xad295dd0, 0x74a1276a, 0x359debad }}} }, - { {{{ 0xe89fb5ca, 0x2e5a2686, 0x5656c6c5, 0xd3d200ba, + { {{{ 0xe89fb5ca, 0x2e5a2686, 0x5656c6c5, 0xd3d200ba, 0x9c969001, 0xef4c051e, 0x02cb45f4, 0x0d4ea946 }}}, - {{{ 0x76d6e506, 0xa6f8a422, 0x63209e23, 0x454c768f, + {{{ 0x76d6e506, 0xa6f8a422, 0x63209e23, 0x454c768f, 0x2b372386, 0x5c12fd04, 0xdbfee11f, 0x1aedbd3e }}} }, - { {{{ 0x00dbf569, 0x700ab50f, 0xd335b313, 0x9553643c, + { {{{ 0x00dbf569, 0x700ab50f, 0xd335b313, 0x9553643c, 0xa17dc97e, 0xeea9bddf, 0x3350a2bd, 0x0d12fe3d }}}, - {{{ 0xa16a3dee, 0xe5ac35fe, 0xf81950c3, 0x4ae4664a, + {{{ 0xa16a3dee, 0xe5ac35fe, 0xf81950c3, 0x4ae4664a, 0x3dbbf921, 0x75c63df4, 0x2958a5a6, 0x545b109c }}} }, - { {{{ 0x0a61b29c, 0xd7a52a98, 0x65aca9ee, 0xe21e0acb, + { {{{ 0x0a61b29c, 0xd7a52a98, 0x65aca9ee, 0xe21e0acb, 0x5985dcbe, 0x57a69c0f, 0xeb87a534, 0x3c0c1e7b }}}, - {{{ 0x6384bd2f, 0xf0a0b50d, 0xc6939e4b, 0xff349a34, + {{{ 0x6384bd2f, 0xf0a0b50d, 0xc6939e4b, 0xff349a34, 0x6e2f1973, 0x922c4554, 0xf1347631, 0x74e826b2 }}} }, - { {{{ 0xa655803c, 0xd7eaa066, 0x38292c5c, 0x09504e76, + { {{{ 0xa655803c, 0xd7eaa066, 0x38292c5c, 0x09504e76, 0x2c874953, 0xe298a02e, 0x8932b73f, 0x225093ed }}}, - {{{ 0xe69c3efd, 0xf93e2b4d, 0x8a87c799, 0xa2cbd5fc, + {{{ 0xe69c3efd, 0xf93e2b4d, 0x8a87c799, 0xa2cbd5fc, 0x85dba986, 0xdf41da94, 0xccee8edc, 0x36fe85e7 }}} }, - { {{{ 0x7d742813, 0x78df7dc5, 0x4a193e64, 0x333bcc6d, + { {{{ 0x7d742813, 0x78df7dc5, 0x4a193e64, 0x333bcc6d, 0x6a966d2d, 0x8242aa25, 0x4cd36d32, 0x03500a94 }}}, - {{{ 0x580505d7, 0xd5d110fc, 0xfa11e1e9, 0xb2f47e16, + {{{ 0x580505d7, 0xd5d110fc, 0xfa11e1e9, 0xb2f47e16, 0x06eab6b4, 0xd0030f92, 0x62c91d46, 0x2dc80d5f }}} }, - { {{{ 0x2a75e492, 0x5788b01a, 0xbae31352, 0x992acf54, + { {{{ 0x2a75e492, 0x5788b01a, 0xbae31352, 0x992acf54, 0x8159db27, 0x4591b980, 0xd3d84740, 0x36c6533c }}}, - {{{ 0x103883b5, 0xc44c7c00, 0x515d0820, 0x10329423, + {{{ 0x103883b5, 0xc44c7c00, 0x515d0820, 0x10329423, 0x71b9dc16, 0xbd306903, 0xf88f8d32, 0x7edd5a95 }}} }, - { {{{ 0x005523d7, 0xfd63b1ac, 0xad70dd21, 0x74482e0d, + { {{{ 0x005523d7, 0xfd63b1ac, 0xad70dd21, 0x74482e0d, 0x02b56105, 0x67c9d9d0, 0x5971b456, 0x4d318012 }}}, - {{{ 0x841106df, 0xdc9a6f6d, 0xa326987f, 0x7c52ed9d, + {{{ 0x841106df, 0xdc9a6f6d, 0xa326987f, 0x7c52ed9d, 0x00607ea0, 0x4dbeaa6f, 0x6959e688, 0x115c221d }}} }, - { {{{ 0xc80f7c16, 0xf8718464, 0xe9930634, 0x05dc8f40, + { {{{ 0xc80f7c16, 0xf8718464, 0xe9930634, 0x05dc8f40, 0xc2e9d5f4, 0xefa699bb, 0x021da209, 0x2469e813 }}}, - {{{ 0xc602a3c4, 0x75c02845, 0x0a200f9d, 0x49d1b2ce, + {{{ 0xc602a3c4, 0x75c02845, 0x0a200f9d, 0x49d1b2ce, 0x2fb3ec8f, 0xd21b75e4, 0xd72a7545, 0x10dd726a }}} }, - { {{{ 0x63ef1a6c, 0xeda58527, 0x051705e0, 0xb3fc0e72, + { {{{ 0x63ef1a6c, 0xeda58527, 0x051705e0, 0xb3fc0e72, 0x44f1161f, 0xbda6f3ee, 0xf339efe5, 0x7680aebf }}}, - {{{ 0xb1b070a7, 0xe8d3fd01, 0xdbfbaaa0, 0xc3ff7dbf, + {{{ 0xb1b070a7, 0xe8d3fd01, 0xdbfbaaa0, 0xc3ff7dbf, 0xa320c916, 0xd81ef6f2, 0x62a3b54d, 0x3e22a1fb }}} }, - { {{{ 0xb1fa18c8, 0xcdbb9187, 0xcb483a17, 0x8ddb5f6b, + { {{{ 0xb1fa18c8, 0xcdbb9187, 0xcb483a17, 0x8ddb5f6b, 0xea49af98, 0xc0a880b9, 0xf2dfddd0, 0x53bf600b }}}, - {{{ 0x9e25b164, 0x4217404c, 0xafb74aa7, 0xfabf06ee, + {{{ 0x9e25b164, 0x4217404c, 0xafb74aa7, 0xfabf06ee, 0x2b9f233c, 0xb17712ae, 0xd0eb909e, 0x71f0b344 }}} } }; static const ac precomputed_4E_KG[16] = { { {{{ 0, 0, 0, 0, 0, 0, 0, 0 }}}, {{{ 1, 0, 0, 0, 0, 0, 0, 0 }}} }, - { {{{ 0xe388a820, 0xbb6ec091, 0x5182278a, 0xa928b283, + { {{{ 0xe388a820, 0xbb6ec091, 0x5182278a, 0xa928b283, 0xa9a6eb83, 0x2259174d, 0x45500054, 0x184b48cb }}}, - {{{ 0x26e77c33, 0xfe324dba, 0x83faf453, 0x6679a5e3, + {{{ 0x26e77c33, 0xfe324dba, 0x83faf453, 0x6679a5e3, 0x2380ef73, 0xdd60c268, 0x03dc33a9, 0x3ee0e07a }}} }, - { {{{ 0xce974493, 0x403aff28, 0x9bf6f5c4, 0x84076bf4, + { {{{ 0xce974493, 0x403aff28, 0x9bf6f5c4, 0x84076bf4, 0xecd898fb, 0xec57038c, 0xb663ed49, 0x2898ffaa }}}, - {{{ 0xf335163d, 0xf4b3bc46, 0xfa4fb6c6, 0xe613a0f4, + {{{ 0xf335163d, 0xf4b3bc46, 0xfa4fb6c6, 0xe613a0f4, 0xb9934557, 0xe759d6bc, 0xab6c9477, 0x094f3b96 }}} }, - { {{{ 0x6afffe9e, 0x168bb5a0, 0xee748c29, 0x950f7ad7, + { {{{ 0x6afffe9e, 0x168bb5a0, 0xee748c29, 0x950f7ad7, 0xda17203d, 0xa4850a2b, 0x77289e0f, 0x0062f7a7 }}}, - {{{ 0x4b3829fa, 0x6265d4e9, 0xbdfcd386, 0x4f155ada, + {{{ 0x4b3829fa, 0x6265d4e9, 0xbdfcd386, 0x4f155ada, 0x475795f6, 0x9f38bda4, 0xdece4a4c, 0x560ed4b3 }}} }, - { {{{ 0x141e648a, 0xdad4570a, 0x019b965c, 0x8bbf674c, + { {{{ 0x141e648a, 0xdad4570a, 0x019b965c, 0x8bbf674c, 0xdb08fe30, 0xd7a8d50d, 0xa2851109, 0x7efb45d3 }}}, - {{{ 0xd0c28cda, 0x52e818ac, 0xa321d436, 0x792257dd, + {{{ 0xd0c28cda, 0x52e818ac, 0xa321d436, 0x792257dd, 0x9d71f8b7, 0x867091c6, 0x11a1bf56, 0x0fe1198b }}} }, - { {{{ 0x06137ab1, 0x4e848339, 0x3e6674cc, 0x5673e864, + { {{{ 0x06137ab1, 0x4e848339, 0x3e6674cc, 0x5673e864, 0x0140502b, 0xad882043, 0x6ea1e46a, 0x34b5c0cb }}}, - {{{ 0x1d70aa7c, 0x29786814, 0x8cdbb8aa, 0x840ae3f9, + {{{ 0x1d70aa7c, 0x29786814, 0x8cdbb8aa, 0x840ae3f9, 0xbd4801fb, 0x78b4d622, 0xcf18ae9a, 0x6cf4e146 }}} }, - { {{{ 0x36297168, 0x95c270ad, 0x942e7812, 0x2303ce80, + { {{{ 0x36297168, 0x95c270ad, 0x942e7812, 0x2303ce80, 0x0205cf0e, 0x71908cc2, 0x32bcd754, 0x0cc15edd }}}, - {{{ 0x2c7ded86, 0x1db94364, 0xf141b22c, 0xc694e39b, + {{{ 0x2c7ded86, 0x1db94364, 0xf141b22c, 0xc694e39b, 0x5e5a9312, 0xf22f64ef, 0x3c5e6155, 0x649b8859 }}} }, - { {{{ 0xb6417945, 0x0d5611c6, 0xac306c97, 0x9643fdbf, + { {{{ 0xb6417945, 0x0d5611c6, 0xac306c97, 0x9643fdbf, 0x0df500ff, 0xe81faaa4, 0x6f50e615, 0x0792c79b }}}, - {{{ 0xd2af8c8d, 0xb45bbc49, 0x84f51bfe, 0x16c615ab, + {{{ 0xd2af8c8d, 0xb45bbc49, 0x84f51bfe, 0x16c615ab, 0xc1d02d32, 0xdc57c526, 0x3c8aaa55, 0x5fb9a9a6 }}} }, - { {{{ 0xdee40b98, 0x82faa8db, 0x6d520674, 0xff8a5208, + { {{{ 0xdee40b98, 0x82faa8db, 0x6d520674, 0xff8a5208, 0x446ac562, 0x1f8c510f, 0x2cc6b66e, 0x4676d381 }}}, - {{{ 0x2e7429f4, 0x8f1aa780, 0x8ed6bdf6, 0x2a95c1bf, + {{{ 0x2e7429f4, 0x8f1aa780, 0x8ed6bdf6, 0x2a95c1bf, 0x457fa0eb, 0x051450a0, 0x744c57b1, 0x7d89e2b7 }}} }, - { {{{ 0x3f95ea15, 0xb6bdacd2, 0x2f1a5d69, 0xc9a9d1b1, + { {{{ 0x3f95ea15, 0xb6bdacd2, 0x2f1a5d69, 0xc9a9d1b1, 0xf4d22d72, 0xd4c2f1a9, 0x4dc516b5, 0x73ecfdf1 }}}, - {{{ 0x05391e08, 0xa1ce93cd, 0x7b8aac17, 0x98f1e99e, + {{{ 0x05391e08, 0xa1ce93cd, 0x7b8aac17, 0x98f1e99e, 0xa098cbb3, 0x9ba84f2e, 0xf9bdd37a, 0x1425aa8b }}} }, - { {{{ 0x966abfc0, 0x8a385bf4, 0xf081a640, 0x55e5e8bc, + { {{{ 0x966abfc0, 0x8a385bf4, 0xf081a640, 0x55e5e8bc, 0xee26f5ff, 0x835dff85, 0xe509e1ea, 0x4927e622 }}}, - {{{ 0x352334b0, 0x164c8dbc, 0xa3fea31f, 0xcac1ad63, + {{{ 0x352334b0, 0x164c8dbc, 0xa3fea31f, 0xcac1ad63, 0x682fd457, 0x9b87a676, 0x1a53145f, 0x75f382ff }}} }, - { {{{ 0xc3efcb46, 0x16b944f5, 0x68cb184c, 0x1fb55714, + { {{{ 0xc3efcb46, 0x16b944f5, 0x68cb184c, 0x1fb55714, 0x9ccf2dc8, 0xf1c2b116, 0x808283d8, 0x7417e00f }}}, - {{{ 0x930199ba, 0x1ea67a22, 0x718990d8, 0x9fbaf765, + {{{ 0x930199ba, 0x1ea67a22, 0x718990d8, 0x9fbaf765, 0x8f3d5d57, 0x231fc664, 0xe5853194, 0x38141a19 }}} }, - { {{{ 0x2f81290d, 0xb9f00390, 0x04a9ca6c, 0x44877827, + { {{{ 0x2f81290d, 0xb9f00390, 0x04a9ca6c, 0x44877827, 0xe1dbdd65, 0x65d7f9b9, 0xf7c6698a, 0x7133424c }}}, - {{{ 0xa7cd250f, 0x604cfb3c, 0x5acc18f3, 0x460c3c4b, + {{{ 0xa7cd250f, 0x604cfb3c, 0x5acc18f3, 0x460c3c4b, 0xb518e3eb, 0xa53e50e0, 0x98a40196, 0x2b4b9267 }}} }, - { {{{ 0xc5dbd06c, 0x591b0672, 0xaa1eeb65, 0x10d43dca, + { {{{ 0xc5dbd06c, 0x591b0672, 0xaa1eeb65, 0x10d43dca, 0xcd2517af, 0x420cdef8, 0x0b695a8a, 0x513a307e }}}, - {{{ 0x66503215, 0xee9d6a7b, 0x088fd9a4, 0xdea58720, + {{{ 0x66503215, 0xee9d6a7b, 0x088fd9a4, 0xdea58720, 0x973afe12, 0x8f3cbbea, 0x872f2538, 0x005c2350 }}} }, - { {{{ 0x35af3291, 0xe5024b70, 0x4f5e669a, 0x1d3eec2d, + { {{{ 0x35af3291, 0xe5024b70, 0x4f5e669a, 0x1d3eec2d, 0x6e79d539, 0xc1f6d766, 0x795b5248, 0x34ec043f }}}, - {{{ 0x400960b6, 0xb2763511, 0x29e57df0, 0xff7a3d84, + {{{ 0x400960b6, 0xb2763511, 0x29e57df0, 0xff7a3d84, 0x1666c1f1, 0xaeac7792, 0x66084bc0, 0x72426e97 }}} }, - { {{{ 0x44f826ca, 0x5b1c3199, 0x790aa408, 0x68b00b73, + { {{{ 0x44f826ca, 0x5b1c3199, 0x790aa408, 0x68b00b73, 0x69e9b92b, 0xaf0984b4, 0x3ffe9093, 0x5fe6736f }}}, - {{{ 0xffd49312, 0xd67f2889, 0x5cb9ed21, 0x3520d747, + {{{ 0xffd49312, 0xd67f2889, 0x5cb9ed21, 0x3520d747, 0x3c65a606, 0x94f893b1, 0x2d65496f, 0x2fee5e8c }}} } }; @@ -586,7 +586,7 @@ bnX_mul_C (uint32_t *r, const uint32_t *q, int q_size) /** * @brief R = A mod M (using M=2^252+C) (Barret reduction) - * + * * See HAC 14.47. */ static void diff --git a/src/ecc-mont.c b/src/ecc-mont.c index 25f2fdd..062bfe8 100644 --- a/src/ecc-mont.c +++ b/src/ecc-mont.c @@ -33,7 +33,7 @@ * References: * * [1] D. J. Bernstein. Curve25519: new Diffie-Hellman speed records. - * Proceedings of PKC 2006, to appear. + * Proceedings of PKC 2006, to appear. * http://cr.yp.to/papers.html#curve25519. Date: 2006.02.09. * * [2] D. J. Bernstein. Can we avoid tests for zero in fast @@ -46,7 +46,7 @@ * IMPLEMENTATION NOTE * * (0) We assume that the processor has no cache, nor branch target - * prediction. Thus, we don't avoid indexing by secret value. + * prediction. Thus, we don't avoid indexing by secret value. * We don't avoid conditional jump if both cases have same timing, * either. * diff --git a/src/ecc.c b/src/ecc.c index 9541965..f32b819 100644 --- a/src/ecc.c +++ b/src/ecc.c @@ -34,7 +34,7 @@ * Pages 250-265, Springer-Verlag London, UK, 2001 * ISBN:3-540-41898-9 * - * [3] Mustapha Hedabou, Pierre Pinel, Lucien Bénéteau, + * [3] Mustapha Hedabou, Pierre Pinel, Lucien Bénéteau, * A comb method to render ECC resistant against Side Channel Attacks, * 2004 */ diff --git a/src/flash.c b/src/flash.c index 446d436..383d645 100644 --- a/src/flash.c +++ b/src/flash.c @@ -338,7 +338,7 @@ uint8_t * flash_key_alloc (enum kind_of_key kk) { uint8_t *k, *k0 = flash_key_getpage (kk); - int i; + int i; int key_size = gpg_get_algo_attr_key_size (kk, GPG_KEY_STORAGE); /* Seek free space in the page. */ diff --git a/src/gnuk.h b/src/gnuk.h index d6f12c9..80ac338 100644 --- a/src/gnuk.h +++ b/src/gnuk.h @@ -22,13 +22,14 @@ extern struct apdu apdu; #define CARD_CHANGE_REMOVE 1 #define CARD_CHANGE_TOGGLE 2 void ccid_card_change_signal (int how); +void ccid_usb_reset (void); /* CCID thread */ #define EV_RX_DATA_READY 1 /* USB Rx data available */ #define EV_EXEC_FINISHED 2 /* OpenPGP Execution finished */ #define EV_TX_FINISHED 4 /* CCID Tx finished */ #define EV_CARD_CHANGE 8 -#define EV_RESET 16 +#define EV_USB_RESET 16 /* OpenPGPcard thread */ #define EV_PINPAD_INPUT_DONE 1 @@ -423,7 +424,7 @@ extern const uint8_t gnuk_string_serial[]; #define LED_START_COMMAND 8 #define LED_FINISH_COMMAND 16 #define LED_FATAL 32 -#define LED_RESET 64 +#define LED_USB_RESET 64 void led_blink (int spec); #if defined(PINPAD_SUPPORT) diff --git a/src/main.c b/src/main.c index 7f1755e..e598f41 100644 --- a/src/main.c +++ b/src/main.c @@ -71,7 +71,7 @@ _write (const char *s, int len) packet_len = (len < VIRTUAL_COM_PORT_DATA_SIZE) ? len : VIRTUAL_COM_PORT_DATA_SIZE; - chopstx_mutex_lock (&stdout.m_dev); + chopstx_mutex_lock (&stdout.m_dev); usb_lld_write (ENDP3, s, packet_len); chopstx_cond_wait (&stdout.cond_dev, &stdout.m_dev); chopstx_mutex_unlock (&stdout.m_dev); @@ -290,7 +290,7 @@ const size_t __stacksize_usb = (size_t)&__process4_stack_size__; #define PRIO_CCID 3 #define PRIO_USB 4 -#define PRIO_MAIN 5 +#define PRIO_MAIN 5 extern void *usb_intr (void *arg); @@ -391,6 +391,13 @@ main (int argc, char *argv[]) case LED_FATAL: display_fatal_code (); break; + case LED_USB_RESET: + ccid_reset (); + chopstx_join (ccid_thd, NULL); + /* Invoke the CCID thread again. */ + ccid_thd = chopstx_create (PRIO_CCID, __stackaddr_ccid, + __stacksize_ccid, USBthread, NULL); + break; default: if ((m = emit_led (LED_TIMEOUT_ZERO, LED_TIMEOUT_STOP))) goto got_it; diff --git a/src/mod.c b/src/mod.c index 98b003e..a1cbc1f 100644 --- a/src/mod.c +++ b/src/mod.c @@ -27,7 +27,7 @@ /** * @brief X = A mod B (using MU=(1<<(256)+MU_lower)) (Barret reduction) - * + * */ void mod_reduce (bn256 *X, const bn512 *A, const bn256 *B, const bn256 *MU_lower) @@ -145,7 +145,7 @@ mod_reduce (bn256 *X, const bn512 *A, const bn256 *B, const bn256 *MU_lower) /** * @brief C = X^(-1) mod N - * + * * Assume X and N are co-prime (or N is prime). * NOTE: If X==0, it return 0. * diff --git a/src/modp256k1.c b/src/modp256k1.c index d0ca6cc..d5fad74 100644 --- a/src/modp256k1.c +++ b/src/modp256k1.c @@ -181,12 +181,12 @@ modp256k1_reduce (bn256 *X, const bn512 *A) */ S->word[7] = S->word[6] = S->word[5] = S->word[4] = S->word[3] = 0; - /* (S02, S01, S00) = (S1, S0) + (S1, S0)*2^32 */ + /* (S02, S01, S00) = (S1, S0) + (S1, S0)*2^32 */ s00 = s0; s01 = s0 + s1; s02 = s1 + ((s01 < s0)? 1 : 0); - /* (S02, S01, S00) += (S1, S0)*2^9 */ + /* (S02, S01, S00) += (S1, S0)*2^9 */ carry = (s0 >> 23) + s01; s02 += (s1 >> 23) + ((carry < s01)? 1 : 0); s01 = (s1 << 9) + carry; @@ -196,7 +196,7 @@ modp256k1_reduce (bn256 *X, const bn512 *A) s01 += carry; s02 += ((s01 < carry)? 1 : 0); - /* (S02, S01, S00) += (S1, S0)*2^8 */ + /* (S02, S01, S00) += (S1, S0)*2^8 */ carry = (s0 >> 24) + s01; s02 += (s1 >> 24) + ((carry < s01)? 1 : 0); s01 = (s1 << 8) + carry; @@ -206,7 +206,7 @@ modp256k1_reduce (bn256 *X, const bn512 *A) s01 += carry; s02 += ((s01 < carry)? 1 : 0); - /* (S02, S01, S00) += (S1, S0)*2^7 */ + /* (S02, S01, S00) += (S1, S0)*2^7 */ carry = (s0 >> 25) + s01; s02 += (s1 >> 25) + ((carry < s01)? 1 : 0); s01 = (s1 << 7) + carry; @@ -216,7 +216,7 @@ modp256k1_reduce (bn256 *X, const bn512 *A) s01 += carry; s02 += ((s01 < carry)? 1 : 0); - /* (S02, S01, S00) += (S1, S0)*2^6 */ + /* (S02, S01, S00) += (S1, S0)*2^6 */ carry = (s0 >> 26) + s01; s02 += (s1 >> 26) + ((carry < s01)? 1 : 0); s01 = (s1 << 6) + carry; @@ -226,7 +226,7 @@ modp256k1_reduce (bn256 *X, const bn512 *A) s01 += carry; s02 += ((s01 < carry)? 1 : 0); - /* (S02, S01, S00) += (S1, S0)*2^4 */ + /* (S02, S01, S00) += (S1, S0)*2^4 */ carry = (s0 >> 28) + s01; s02 += (s1 >> 28) + ((carry < s01)? 1 : 0); s01 = (s1 << 4) + carry; diff --git a/src/openpgp-do.c b/src/openpgp-do.c index 46192b9..e18f42d 100644 --- a/src/openpgp-do.c +++ b/src/openpgp-do.c @@ -201,7 +201,7 @@ gpg_get_pw1_lifetime (void) /* * Representation of algorithm attributes: * 0: ALGO_ATTR_<>_P == NULL : RSA-2048 - * N: ALGO_ATTR_<>_P != NULL : + * N: ALGO_ATTR_<>_P != NULL : * */ static const uint8_t *algo_attr_sig_p; @@ -2097,10 +2097,10 @@ gpg_do_keygen (uint8_t kk_byte) for (i = 0; i < 32; i++) d[32 - i - 1] = p[i]; - random_bytes_free (rnd); + random_bytes_free (rnd); prv = d; - pubkey = NULL; + pubkey = NULL; } else if (attr == ALGO_ED25519) { @@ -2111,7 +2111,7 @@ gpg_do_keygen (uint8_t kk_byte) d[31] &= 127; d[31] |= 64; prv = d; - pubkey = NULL; + pubkey = NULL; } else if (attr == ALGO_CURVE25519) { @@ -2122,7 +2122,7 @@ gpg_do_keygen (uint8_t kk_byte) d[31] &= 127; d[31] |= 64; prv = d; - pubkey = NULL; + pubkey = NULL; } else { diff --git a/src/openpgp.c b/src/openpgp.c index 52729ed..5964de7 100644 --- a/src/openpgp.c +++ b/src/openpgp.c @@ -1036,7 +1036,7 @@ cmd_internal_authenticate (void) result_len = pubkey_len; r = rsa_sign (apdu.cmd_apdu_data, res_APDU, len, &kd[GPG_KEY_FOR_AUTHENTICATION], pubkey_len); - } + } else if (attr == ALGO_NISTP256R1) { if (len != ECDSA_HASH_LEN) diff --git a/src/pin-cir.c b/src/pin-cir.c index 544d5a9..f46b95d 100644 --- a/src/pin-cir.c +++ b/src/pin-cir.c @@ -1044,7 +1044,7 @@ cir_init (void) TIMx->PSC = 72 - 1; /* 1 MHz */ TIMx->ARR = 18000; /* 18 ms */ /* Generate UEV to upload PSC and ARR */ - TIMx->EGR = TIM_EGR_UG; + TIMx->EGR = TIM_EGR_UG; chopstx_create (PRIO_TIM, __stackaddr_tim, __stacksize_tim, tim_main, NULL); chopstx_create (PRIO_EXT, __stackaddr_ext, __stacksize_ext, ext_main, NULL); diff --git a/src/sha512.c b/src/sha512.c index 5ba6cbc..fbb6bcf 100644 --- a/src/sha512.c +++ b/src/sha512.c @@ -1,7 +1,7 @@ /* * sha512.c -- Compute SHA-512 hash (for little endian architecture). * - * This module is written by gniibe, following the API of sha256.c. + * This module is written by gniibe, following the API of sha256.c. * * Copyright (C) 2014 Free Software Initiative of Japan * Author: NIIBE Yutaka diff --git a/src/usb-icc.c b/src/usb-icc.c index d479d5b..15e90a7 100644 --- a/src/usb-icc.c +++ b/src/usb-icc.c @@ -1,7 +1,7 @@ /* * usb-icc.c -- USB CCID protocol handling * - * Copyright (C) 2010, 2011, 2012, 2013, 2014 + * Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015 * Free Software Initiative of Japan * Author: NIIBE Yutaka * @@ -256,10 +256,7 @@ static void ccid_init (struct ccid *c, struct ep_in *epi, struct ep_out *epo, c->icc_state = ICC_STATE_NOCARD; c->state = APDU_STATE_WAIT_COMMAND; - /* - * Note: a is not yet initialized yet, we can't use c->a->cmd_apdu_data here. - */ - c->p = &icc_buffer[5]; + c->p = a->cmd_apdu_data; c->len = MAX_CMD_APDU_DATA_SIZE; c->err = 0; memset (&c->icc_header, 0, sizeof (struct icc_header)); @@ -748,7 +745,7 @@ const size_t __stacksize_gpg = (size_t)&__process3_stack_size__; /* Send back ATR (Answer To Reset) */ -enum icc_state +static enum icc_state icc_power_on (struct ccid *c) { size_t size_atr = sizeof (ATR); @@ -814,7 +811,7 @@ icc_send_status (struct ccid *c) #endif } -enum icc_state +static enum icc_state icc_power_off (struct ccid *c) { if (c->application) @@ -1310,6 +1307,25 @@ EP2_IN_Callback (void) } +void +ccid_card_change_signal (int how) +{ + struct ccid *c = &ccid; + + if (how == CARD_CHANGE_TOGGLE + || (c->icc_state == ICC_STATE_NOCARD && how == CARD_CHANGE_INSERT) + || (c->icc_state != ICC_STATE_NOCARD && how == CARD_CHANGE_REMOVE)) + eventflag_signal (&c->ccid_comm, EV_CARD_CHANGE); +} + +void +ccid_usb_reset (void) +{ + struct ccid *c = &ccid; + eventflag_signal (&c->ccid_comm, EV_USB_RESET); +} + + #define USB_ICC_TIMEOUT (1950*1000) #define GPG_THREAD_TERMINATED 0xffff @@ -1326,18 +1342,6 @@ USBthread (void *arg) return ccid_thread (thd); } -void -ccid_card_change_signal (int how) -{ - struct ccid *c = &ccid; - - if (how == CARD_CHANGE_TOGGLE - || (c->icc_state == ICC_STATE_NOCARD && how == CARD_CHANGE_INSERT) - || (c->icc_state != ICC_STATE_NOCARD && how == CARD_CHANGE_REMOVE)) - eventflag_signal (&c->ccid_comm, EV_CARD_CHANGE); -} - - #define NOTIFY_SLOT_CHANGE 0x50 static void * __attribute__ ((noinline)) @@ -1353,8 +1357,8 @@ ccid_thread (chopstx_t thd) epi_init (epi, ENDP1, notify_tx, c); epo_init (epo, ENDP1, notify_icc, c); - ccid_init (c, epi, epo, a, thd); apdu_init (a); + ccid_init (c, epi, epo, a, thd); icc_prepare_receive (c); while (1) @@ -1363,7 +1367,9 @@ ccid_thread (chopstx_t thd) m = eventflag_wait_timeout (&c->ccid_comm, USB_ICC_TIMEOUT); - if (m == EV_CARD_CHANGE) + if (m == EV_USB_RESET) + break; + else if (m == EV_CARD_CHANGE) { if (c->icc_state == ICC_STATE_NOCARD) { /* Inserted! */ @@ -1447,9 +1453,11 @@ ccid_thread (chopstx_t thd) if (c->application) { + chopstx_cancel (c->application); chopstx_join (c->application, NULL); c->application = 0; } + icc_state_p = NULL; return NULL; } diff --git a/src/usb-msc.c b/src/usb-msc.c index e9e9161..43c2643 100644 --- a/src/usb-msc.c +++ b/src/usb-msc.c @@ -319,7 +319,7 @@ msc_handle_command (void) /* Error occured, ignore the request and go into error state */ msc_state = MSC_ERROR; usb_lld_stall_rx (ENDP6); - goto done; + goto done; } n = ep6_out.rxcnt; diff --git a/src/usb_ctrl.c b/src/usb_ctrl.c index a9101bd..b8d5122 100644 --- a/src/usb_ctrl.c +++ b/src/usb_ctrl.c @@ -215,7 +215,7 @@ usb_cb_device_reset (void) gnuk_setup_endpoints_for_interface (i, 0); bDeviceState = ATTACHED; - led_blink (LED_RESET); /* Notify the main. */ + led_blink (LED_USB_RESET); /* Notify the main. */ } #define USB_CCID_REQ_ABORT 0x01