2013-10-23 Niibe Yutaka * test/features/010_setup_passphrase.feature * test/features/030_key_registration.feature * test/features/040_passphrase_change.feature * test/features/410_setup_passphrase.feature * test/features/430_key_registration.feature * test/features/201_keygen.feature * test/features/601_keygen.feature: Modified to support new way of pass phrase reset by key import / key generation. * test/features/201_keygen.feature * test/features/601_keygen.feature * test/features/202_setup_passphrase.feature * test/features/602_setup_passphrase.feature: Rename to change order of execution. 2013-10-23 Niibe Yutaka * src/openpgp-do.c (gpg_do_write_prvkey): Bug fix of adding num_prv_keys. 2013-10-22 Niibe Yutaka * src/openpgp-do.c (gpg_do_write_prvkey): Bug fix. 2013-10-15 Niibe Yutaka * src/openpgp.c (cmd_change_password, cmd_reset_user_password): It is now error to change User's pass phrase with no keys. * src/openpgp-do.c (proc_resetting_code): Likewise for resetting code. (gpg_do_delete_prvkey): New. (gpg_do_write_prvkey): Make sure to delete the key before writing. User's pass phrase is always the one of factory setting. (gpg_do_chks_prvkey): Support removing the key. (proc_key_import): Use gpg_do_delete_prvkey. (gpg_do_keygen): Use factory setting pass phrase. 2013-10-11 Niibe Yutaka * src/ac.c (verify_user_0, verify_admin_00): Fix conditions. * src/openpgp-do.c (gpg_do_write_prvkey): Delete keystring information from data object of NR_DO_KEYSTRING_PW3. Fix conditions. (gpg_do_keygen): Likewise. * src/openpgp.c (cmd_reset_user_password): Likewise. 2013-10-10 Niibe Yutaka * src/gnuk.h (S2K_ITER): Remove. It's determined at compile time. * src/openpgp-do.c (proc_resetting_code, gpg_do_write_prvkey) (proc_key_import): Remove "iteration" field. * src/openpgp.c (cmd_change_password): Likewise. 2013-10-10 Niibe Yutaka * src/openpgp-do.c (gpg_do_write_prvkey): Access of data object considering garbage collection. * src/openpgp.c (cmd_change_password): Call gpg_do_write_simple after accessing the data object (it may cause garbage collection). 2013-10-10 Niibe Yutaka * polarssl/library/bignum.c (mpi_montred): Constant time for carry propagation. Bug fix for carry propagation. (mpi_exp_mod): Bug fix. Shrink the size of RR as same as X. 2013-10-09 Niibe Yutaka * src/ac.c (verify_user_0, verify_admin_00, verify_admin_0): Add a flag to save into keystring_md_pw3. Add SALT handling. (decode_iterate_count, calc_md, gpg_set_pw3): Remove. * src/openpgp-do.c (proc_resetting_code, gpg_do_write_prvkey) (gpg_do_keygen): Add SALT handling. * src/openpgp.c (cmd_change_password, cmd_reset_user_password) (s2k): Ditto. * src/random.c (random_get_salt): Rename from get_salt. 2013-10-09 Niibe Yutaka * src/openpgp-do.c (gpg_do_write_prvkey): Remove information (but pass phrase length) for admin from keystring data object. (proc_key_import): Recover admin keystring to DO when key deletion. 2013-10-09 Niibe Yutaka * src/ac.c (verify_user_0, verify_admin_00): Handle PW_LEN_MASK. * src/openpgp-do.c (proc_resetting_code, gpg_do_write_prvkey): Likewise. * src/openpgp.c (cmd_change_password, cmd_reset_user_password): Handle PW_LEN_KEYSTRING_BIT. 2013-10-09 Niibe Yutaka * src/ac.c (verify_admin_00): New. Add authentication by loading signature key. (verify_admin_0): Use verify_admin_00. * src/openpgp.c (cmd_change_password): Admin keystring handling as same as user's. 2013-10-08 Niibe Yutaka * src/openpgp.c (modify_binary): Allow odd size of certificate. * polarssl/library/rsa.c: Update from PolarSSL 1.2.10. * polarssl/include/polarssl/rsa.h: Ditto. 2013-10-07 Niibe Yutaka * polarssl/library/bignum.c (mpi_sub_hlp): Return CARRY. (mpi_sub_abs): Carry propagatoin is done here. (mpi_mul_hlp_mm): Remove. (mpi_mul_hlp): Return CARRY, computation in constant time. (mpi_mul_mpi): Change the order of computation not to propagate carry. (mpi_montmul): Minimum zero-ing of D and reduce usage of temporary memory, by one word. Use carry of mpi_mul_hlp. Use NEED_SUBTRACTION against timing attack. (mpi_exp_mod): Minimum usage of temporary memory. 2013-10-06 Niibe Yutaka * polarssl/library/bignum.c (mpi_mul_hlp_mm): New. Handle extra-carry in constant time to mitigate timing attack. (mpi_montmul): Use mpi_mul_hlp_mm. * src/call-rsa.c (rsa_sign, rsa_decrypt, rsa_verify): Don't use RSA blinding. 2013-10-05 Niibe Yutaka * polarssl/include/polarssl/aes.h: Update from PolarSSL 1.2.9. * polarssl/include/polarssl/bignum.h: Ditto. * polarssl/include/polarssl/config.h: Ditto. * polarssl/include/polarssl/rsa.h: Ditto. * polarssl/library/aes.c, polarssl/library/bignum.c: Ditto. * polarssl/library/rsa.c: Ditto. Fix rsa_free. * src/call-rsa.c (rsa_sign, modulus_calc, rsa_decrypt) (rsa_verify): Follow changes of PolarSSL 1.2.9 with RSA blinding. Better error checking. 2013-10-04 Niibe Yutaka * src/main.c (gnuk_malloc): Update ->neighbor field of a chunk on the free list. (gnuk_free): Access free list after getting the lock. 2013-10-01 Niibe Yutaka * src/random.c (random_gen): Bug fix for INDEXed copy. * src/call-rsa.c (rsa_genkey): Call neug_flush and prng_seed. * polarssl/library/bignum.c (small_prime): More constants. (prng_seed, jkiss, mpi_fill_pseudo_random): New. (mpi_is_prime): Use mpi_fill_pseudo_random. 2013-09-30 Niibe Yutaka * polarssl/library/bignum.c (mpi_is_prime): Enable trial divisions by small integers. Add Fermat primality test. (mpi_gen_prime): Limit random value so that two MSBs of result will be 0x11. 2013-09-27 Niibe Yutaka * polarssl/include/polarssl/bignum.h (mpi_is_prime): ifdef-out. * polarssl/library/bignum.c (mpi_is_prime): It's now internal function, assuming we already know its coprime to small primes. (M): New constant MPI. Multiply primes 2*...*691. (MAX_A): New constant MPI. 2^1024 / M - 1. (mpi_gen_prime): Specialize for 1024-bit, using Fouque-Tibouchi method. 2013-09-25 Niibe Yutaka * src/sha256.h, src/adc.h * src/neug.c, src/adc_stm32f103.c: Update from NeuG 0.11. * chopstx: Upgrade to new Chopstx 0.00. * VERSION: New file. * src/configure (SERIALNO, SERIALNO_STR_LEN_DEFINE): New. (REVISION): Use the file VERSION if it doesn't have .git. Thanks to Sumedha Widyadharma for the bug report. * src/config.h.in (SERIALNO_STR_LEN_DEFINE): New. * src/main.c (ID_OFFSET): Use SERIALNO_STR_LEN. * src/usb_desc.c (gnukStringSerial): Remove. It's now generated in usb-strings.c.inc. * src/ec_p256.c (compute_kP): Fix for impossible cases. (point_is_on_the_curve): New. (coefficient_a, coefficient_b): New. 2013-09-20 Niibe Yutaka * src/call-ec_p256.c (ecdsa_compute_public): Handle possible error (where key_data is the order). * src/ec_p256.c (compute_kG, compute_kP): Handle errors. * src/jpc.c (jpc_to_ac): Return -1 on error. (jpc_add_ac_signed): Handle the case where A=inf. * src/modp256.c (modp256_inv): Handle error case. * src/bn.c (bn256_cmp): New. 2013-07-19 Niibe Yutaka * src/gnuk.ld.in: Layout change following NeuG. (_end): Add alignment of 16. * src/neug.c, src/adc.h, src/adc_stm32f103.c: Update from NeuG. * src/main.c [DFU_SUPPORT] (main): Fix calling flash_erase_all_and_exec. * src/openpgp-do.c (gpg_do_write_prvkey, gpg_do_keygen): Fix allocated memory handling. Clean up before free. * src/call-rsa.c (modulus_calc, rsa_genkey): Fix removing const. * src/call-ec_p256.c (ecdsa_compute_public): Likewise. 2013-07-18 Niibe Yutaka Port to Chopstx. * src/Makefile.in: Change for Chopstx. * src/configure: Likewise. * src/gnuk.h, src/gnuk.ld.in: Likewise. * src/ac.c: Include stdint.h and string.h, not ch.h. * src/call-rsa.c, src/debug.c, src/flash.c: Likewise. * src/call-ec_p256.c, src/usb_desc.c * src/openpgp-do.c, src/random.c: Likewise. * src/openpgp.c: Likewise. Use eventflag of Chopstx. * src/usb-icc.c: Likewise. * src/usb_ctrl.c: Update for Chopstx. * src/debug.h: New. * src/stdlib.h: Use gnuk_malloc and gnuk_free for malloc/free. * src/config.h.in: Move FLASH_PAGE_SIZE in board.h. * polarssl/library/aes.c (FT0, FT1, FT2): Export (for sys 2.0). * src/main.c (struct stdout, _write, EP3_IN_Callback) (EP5_OUT_Callback): Rewrite for Chopstx. No independent thread any more. (display_fatal_code, emit_led, display_status_code, led_blink): Use primitives of Chopstx. (main): Changes for Chopstx. (gnuk_malloc_init, sbrk, gnuk_malloc, gnuk_free): New. 2013-06-20 Niibe Yutaka * src/sys.c, src/sys.h, src/neug.c, src/adc.h * src/adc_stm32f103.c, src/usb_stm32f103.c: Update from NeuG 0.10. * src/stm32f103.h: New. From NeuG 0.10. 2013-06-18 Niibe Yutaka * src/openpgp-do.c (gpg_do_write_prvkey, proc_key_import, gpg_do_table) (gpg_do_public_key) [RSA_AUTH]: Conditional compilation for RSA/ECDSA. * src/openpgp.c (cmd_internal_authenticate) [RSA_AUTH]: Likewise. * src/modp256.c (p256): Add const qualifier. 2013-03-19 Niibe Yutaka * src/random.c (random_gen): New (was: random_byte). * src/call-rsa.c (rsa_sign): Follow change of API. (rsa_genkey): Use random_gen. (modulus_calc, rsa_decrypt, rsa_verify): Follow change of API. * src/openpgp-do.c (encrypt, decrypt): Likewise. * polarssl/include/polarssl/aes.h: Updated from PolarSSL 1.2.6. * polarssl/library/aes.c: Ditto. * polarssl/include/polarssl/rsa.h: Ditto. * polarssl/library/rsa.c: Ditto. * polarssl/include/polarssl/bignum.h: Ditto. * polarssl/library/bignum.c: Ditto. * polarssl: Move from polarssl-0.14.0, and needed files only. 2013-03-15 Niibe Yutaka * regnual/regnual.ld (.bss): Put at RAM1. This makes reGNUal can be loaded on the lower address. * regnual/sys.c (entry): Don't change SP. Put alignment. * regnual/regnual.c (usb_cb_get_descriptor): Fix adding break. 2013-03-14 Niibe Yutaka * tool/stlinkv2.py (stlinkv2.start): Call write_debug_reg to run the core again. 2013-03-12 Niibe Yutaka * src/gnuk.ld.in (__process_stack_size__): Increase (was: 0x200). * tool/stlinkv2.py (stlinkv2.exit_from_debug_swd) (stlinkv2.exit_from_debug_swim): New. (stlinkv2.start): Call exit_from_debug_swd or exit_from_debug_swim. 2013-03-09 Niibe Yutaka * src/openpgp-do.c (gpg_do_public_key): Add OID for ECDSA. (gpg_do_write_prvkey): Add PUBKEY_LEN for ECDSA. * src/flash.c (flash_key_write): Argument change for ECDSA key. * src/main.c (calculate_regnual_entry_address): New. (main): Use calculate_regnual_entry_address for entry point. * src/openpgp-do.c (gpg_do_write_prvkey): Coerce KDI.DATA to uint8_t *. * src/usb_stm32f103.c (handle_setup0): Fix selecting handler. 2013-03-08 Niibe Yutaka Relocatable reGNUal. * regnual/regnual.ld (MEMORY): 0x1400 was the value of Gnuk 1.0.1. Keep this value. (.text): Include .text.entry next to the .vectors. (.got): New. * regnual/sys.c (entry): Now, it's at .text.entry section. Do relocations. Don't use absolute values which causes relocations, but access at GOT. * regnual/Makefile (CFLAGS): Add -fpie. 2013-03-07 Niibe Yutaka Follow the USB stack change. * regnual/regnual.c (usb_cb_device_reset): Rename from regnual_device_reset. (mem): Change type to uint32_t. (mem_info): Removed. (fetch): Avoid pointer punning. (usb_cb_ctrl_write_finish): Rename from regnual_ctrl_write_finish. (usb_cb_setup): Rename from regnual_setup. (usb_cb_get_descriptor): Rename from regnual_get_descriptor. (usb_cb_handle_event): Rename regnual_usb_event. (usb_cb_interface): Rename regnual_interface. (Device_Method): Remove. (usb_cb_get_descriptor): Not use struct Descriptor. 2013-03-06 Niibe Yutaka USB stack implementation improvement. * src/usb_stm32f103.c (Device_Method, method_p): Remove. (usb_interrupt_handler): Call usb_cb_device_reset. (std_get_descriptor): Call usb_cb_get_descriptor. (std_set_configuration): Call usb_cb_handle_event. (std_get_status, std_get_interface, std_set_interface): Call usb_cb_interface. (handle_setup0): Call usb_cb_setup. (handle_in0): Call usb_cb_handle_event and usb_cb_ctrl_write_finish. (request_handler): Remove. (handle_setup0): Call std_* directly, not indirectly by request_handler. (ep_intr_handler_IN, ep_intr_handler_OUT): Remove. (usb_handle_transfer): Call EP*_Callback directly, not indirectly by ep_intr_handler_IN, ep_intr_handler_OUT. * src/usb_lld.h (struct usb_device_method, Device_Method): Remove. (usb_cb_device_reset, usb_cb_ctrl_write_finish) (usb_cb_setup, usb_cb_get_descriptor, usb_cb_handle_event) (usb_cb_interface): Define callbacks. (usb_initial_feature): New. (struct Descriptor): Move to ... * src/usb_desc.c: ... here. (usb_initial_feature): New. (usb_cb_get_descriptor): Rename from gnuk_get_descriptor and move from usb_ctrl.c. * src/usb_ctrl.c (usb_cb_device_reset): Rename from gnuk_device_reset. (usb_cb_setup): Rename from gnuk_setup. (usb_cb_ctrl_write_finish): Rename from gnuk_ctrl_write_finish. (usb_cb_event): Rename from gnuk_usb_event. (usb_cb_interface): Rename from gnuk_interface. (Device_Method): Remove. * src/main.c (main): Use usb_initial_feature. 2013-02-27 Niibe Yutaka * src/usb-icc.c (set_sw1sw2): Arguments are C and CHUNK_LEN. Fix reporting remaining bytes. (icc_send_data_block_gr): Follow the arguments change of set_sw1sw2. 2013-02-26 Niibe Yutaka * regnual/regnual.ld (MEMORY): Fix start address. * src/random.c (random_fini): New. * src/main.c (main): Call random_fini. 2013-02-25 Niibe Yutaka * src/configure: Correct typo in help text. * src/gnuk.h (struct key_data_internal): Use uint32_t. * src/openpgp-do.c (do_openpgpcard_aid): Fix calculation of VID. (compute_key_data_checksum): Don't use type-punning pointer. (gpg_do_write_prvkey): Use coercing to char *. 2013-02-22 Niibe Yutaka * src/openpgp-do.c (gpg_do_public_key): Add header of EC point. * src/openpgp-do.c (GPG_DO_DISCRETIONARY, cmp_discretionary): New. (cmp_app_data): Change to factor out GPG_DO_DISCRETIONARY. (gpg_do_table): Add GPG_DO_DISCRETIONARY. 2013-02-21 Niibe Yutaka * src/gnuk.ld.in (MEMORY): Fix adding FLASH_SIZE unit. * src/call-ec_p256.c (ecdsa_sign): Fix secret key access. 2013-02-20 Niibe Yutaka * src/openpgp.c (cmd_internal_authenticate): Support ECDSA for authentication. * src/openpgp-do.c (algorithm_attr_ecdsa): New. (algorithm_attr_rsa): Rename (was: algorithm_attr). (gpg_do_table): Change for GPG_DO_ALG_AUT. (gpg_do_write_prvkey): Support ECDSA key for authentication. (proc_key_import): Likewise. (gpg_do_public_key): Likewise. * src/call-ec_p256.c: New. * src/Makefile.in: Add call-ec_p256.c. * src/call-rsa.c (modulus_free): Remove. 2013-02-19 Niibe Yutaka * regnual/regnual.ld (MEMORY): Fix address of regnual. * regnual/Makefile (MCFLAGS): Remove -mfix-cortex-m3-ldrd. (CFLAGS): Add output to .lst. * src/Makefile.in (MCFLAGS): Remove. * src/sha256.c: Update from NeuG 0.05. * ChibiOS_2.0.8: Remove. 2013-02-18 Niibe Yutaka Changes for new ChibiOS/RT. * src/main.c: Include adc.h. (main): Call halInit, adc_init, and chSysInit (change for ChibiOS/RT 2.4.x). * src/random.h: New. * src/ac.c, src/bn.c, src/call-rsa.c, src/main.c: Include random.h. * src/openpgp.c, src/openpgp-do.c: Likewise. * src/configure, src/gnuk.ld.in: Add MEMORY_SIZE. * src/ec_p256.c: Fix call of bn256_add_uint. * boards/STM8S_DISCOVERY/*: Update for ChibiOS/RT 2.4.x. * boards/CQ_STARM/*: Likewise. * boards/FST_01_00/*: Likewise. * boards/OLIMEX_STM32_H103/*: Likewise. * boards/STBEE/*: Likewise. * boards/STBEE_MINI/*: Likewise. * boards/STM32_PRIMER2/*: Likewise. Merge ec_p256 branch. * src/Makefile.in: Add ECC files. * src/bn.h, src/bn.c: New. * src/jpc-ac.h, src/jpc.c: New. * src/ec_p256.h, src/ec_p256.c, src/ecc-cdh.c: New. * src/mod.h, src/mod.c, src/modp256.h, src/modp256.c: New. 2013-02-17 Niibe Yutaka * chibios: New submodule for ChibioS/RT 2.4.x. * boards/FST_01/*: Update for ChibiOS/RT 2.4.x. * boards/common/mcuconf-common.h: Ditto. * src/chconf.h, src/halconf.h, src/Makefile.in, src/gnuk.ld.in: Update for ChibiOS/RT 2.4.x. * src/main.c, src/openpgp.c, src/usb-icc.c: Follow the change of ChibiOS/RT 2.4.x. * boards/common/board-common.c: Rename from hwinit.c. * src/usb_stm32f103.c: Rename from usb_lld.c. * src/neug.h, src/neug.c: Update NeuG 0.05. * src/adc_stm32f103.c, src/adc.h: New from NeuG 0.05. * src/random.c: Follow the change of NeuG 0.05.