mirror of
https://salsa.debian.org/gnuk-team/gnuk/gnuk.git
synced 2024-09-19 18:30:15 +00:00
1093 lines
33 KiB
Plaintext
1093 lines
33 KiB
Plaintext
Gnuk NEWS - User visible changes
|
|
|
|
|
|
* Major changes in Gnuk 2.2
|
|
|
|
Released 2024-04-20, by NIIBE Yutaka
|
|
|
|
** Modular inverse by safegcd256 for Ed25519 and X25519 computation
|
|
|
|
Ed25519 and X25519 computation are now a bit faster with safegcd256.
|
|
|
|
** X25519 with 2^25.5 limb
|
|
|
|
X25519 computation is done with 2^25.5 limb. It may be better on
|
|
other MCUs.
|
|
|
|
|
|
* Major changes in Gnuk 2.1
|
|
|
|
Released 2023-09-05, by NIIBE Yutaka
|
|
|
|
** Ed448 and X448 support.
|
|
Ed448 and X448 support are added. This support is experimental.
|
|
|
|
** Removal of RSA support.
|
|
RSA support has been removed.
|
|
|
|
** Removal of NIST P-256 support.
|
|
NIST P-256 curve support has been removed.
|
|
|
|
** Removal of debug option at configure (--enable-debug).
|
|
Debug option with CDC-ACM has been removed. Please have a JTAG/SWD
|
|
debugger and use GDB.
|
|
|
|
** Removal of highly experimental pinpad support.
|
|
Pinpad support has been removed.
|
|
|
|
** Removal of old test.
|
|
We had old tests under "test/" directory which used python-nose. We
|
|
switched to pytest and it's now under "tests/" directory.
|
|
|
|
** Replace AES implementation for encrypting secret keys on flash.
|
|
Secret keys on flash is encrypted with AES-GCM-SIV. We now use
|
|
AES-256 implementation of our own.
|
|
|
|
** Change of authentication for firmware upgrade.
|
|
In Gnuk 1.2, we registered an RSA public key for firmware upgrade.
|
|
The RSA key is used by Gnuk Token to do challenge-response
|
|
authentication, so that only the secret key holder of RSA can do the
|
|
firmware upgrade. In Gnuk 2, PIN authentication for Admin is used
|
|
for firmware upgrade.
|
|
|
|
** Upgrade of Chopstx
|
|
We use Chopstx 2.5. It uses picolibc (instead of newlib).
|
|
|
|
|
|
* Major changes in Gnuk 1.2.20
|
|
|
|
Released 2022-04-22, by NIIBE Yutaka
|
|
|
|
** Minor fixes for newer compiler
|
|
|
|
For build with newer compiler, Gnuk and regnual are fixed for address
|
|
calculation and access to object on memory, as well as declarations of
|
|
function and type in standard C library.
|
|
|
|
** Upgrade of Chopstx
|
|
|
|
We use Chopstx 1.21. This includes fix to silence compiler warnings.
|
|
|
|
|
|
* Major changes in Gnuk 1.2.19
|
|
|
|
Released 2021-10-12, by NIIBE Yutaka
|
|
|
|
** KDF Data Object configuration
|
|
KDF Data Object should be highly recommended for all configurations.
|
|
Nevertheless, for backward compatibillity, in Gnuk 1.2, it is optional
|
|
by default; It is up to user to configure KDF Data Object before
|
|
importing private keys. In this situation, it is not good to
|
|
introduce new build-time option like --enable-always-require-kdf-do,
|
|
because it might wrongly encourage use of Gnuk with no KDF Data Object
|
|
setting, by confusion. If needed, please run configure:
|
|
|
|
kdf_do=required ./configure --enable-factory-reset --target...
|
|
|
|
or
|
|
|
|
kdf_do=optional ./configure --enable-factory-reset --target...
|
|
|
|
Please note that such a use of variable by shell command line is not
|
|
well supported by the configure script (for other variables), but
|
|
override of kdf_do is needed in some situations.
|
|
|
|
** Upgrade of Chopstx
|
|
We use Chopstx 1.20. This enables use with PC/SC for GNU/Linux
|
|
emulation.
|
|
|
|
|
|
* Major changes in Gnuk 1.2.18
|
|
|
|
Released 2021-04-02, by NIIBE Yutaka
|
|
|
|
** GNU/Linux emulation bug fix
|
|
This time, for GNU/Linux emulation, KDF Data Object is required before
|
|
keygen and key import, really.
|
|
|
|
** tool/upgrade_by_passwd.py
|
|
Now, it checks if the target of binary being written and the
|
|
configured target of running device are same. This check can be
|
|
skipped by -s option. Please note that FST-01 and FST-01SZ are
|
|
different target, as it's MHz is different.
|
|
|
|
|
|
* Major changes in Gnuk 1.2.17
|
|
|
|
Released 2021-02-25, by NIIBE Yutaka
|
|
|
|
** GNU/Linux: KDF Data Object is required before keygen and key import
|
|
For GNU/Linux emulation, KDF Data Object is required before keygen and
|
|
key import.
|
|
|
|
** GNU/Linux emulation
|
|
Since 1.2.10, it was not build-able because of MHZ definition. It is
|
|
build-able again, and its USB product string is now "Gnuk Token". It
|
|
has ACK button support using terminal. It now has start-up message,
|
|
and its driver show useful information to setup USBIP. When no file
|
|
for the .gnuk-flash-image file, it is automatically created.
|
|
|
|
** Removal of tool/gnuk-emulation-setup
|
|
Because it is automatically created, the tool is not needed any more.
|
|
|
|
** Upgrade of Chopstx
|
|
We use Chopstx 1.19.
|
|
|
|
|
|
* Major changes in Gnuk 1.2.16
|
|
|
|
Released 2020-09-10, by NIIBE Yutaka
|
|
|
|
** New Data Object (Algorithm Information) of OpenPGP card v3.4
|
|
The tag is 0x00FA. This is useful for user interaction to show which
|
|
algorithms are supported by the device.
|
|
|
|
** Ed25519 signing allowing longer message
|
|
For OpenPGP, it does hashing on host side before requesting signing to
|
|
the device. Thus, the length of message to be signed is limited and
|
|
determined by the hash algorithm. That's good feature of OpenPGP. On
|
|
the other hand, there is a use case, like OpenSSH certificate signing,
|
|
where the length of message is a kind of arbitrary. Even though Gnuk
|
|
(or OpenPGP card protocol itself) has limitation, we removed the
|
|
length check against EDDSA_HASH_LEN_MAX at cmd_pso.
|
|
|
|
|
|
* Major changes in Gnuk 1.2.15
|
|
|
|
Released 2020-01-24, by NIIBE Yutaka
|
|
|
|
** Switch to Python3
|
|
Scripts under tool/ are switched to Python3.
|
|
Thanks to Bertrand Jacquin.
|
|
|
|
** Upgrade of Chopstx
|
|
We use Chopstx 1.18.
|
|
|
|
** Tests also support OpenPGPcard
|
|
Now, a test suite under "tests" may be used to OpenPGPcard.
|
|
|
|
|
|
* Major changes in Gnuk 1.2.14
|
|
|
|
Released 2019-03-05, by NIIBE Yutaka
|
|
|
|
** Timeout for ACK button support
|
|
When a user doesn't acknowledge (> 15 seconds), the operation
|
|
timeouts, and authentication state is cleared.
|
|
|
|
** Upgrade of Chopstx
|
|
We use Chopstx 1.14.
|
|
|
|
|
|
* Major changes in Gnuk 1.2.13
|
|
|
|
Released 2018-12-26, by NIIBE Yutaka
|
|
|
|
** DFU support and its firmware upgrade fix
|
|
DFU support was not well maintained, and firmware upgrade was not
|
|
possible for boards with DFU. Now, at least for Maple Mini, it is
|
|
tested. Note that using Gnuk with DFU on a board is only for an
|
|
experiment, because DFU can access the content of flash ROM. DFU
|
|
should be killed by upgrading to normal Gnuk, so that you can have
|
|
your private keys.
|
|
|
|
** Fix for UIF Data Object
|
|
When flash ROM is full and coping to new page, UIF DO was not properly
|
|
copied. This bug resulted losing the flag for user interaction. Now,
|
|
it's properly copied, keeping the setting of the feature.
|
|
|
|
** Upgrade of Chopstx
|
|
We use Chopstx 1.13.
|
|
|
|
|
|
* Major changes in Gnuk 1.2.12
|
|
|
|
Released 2018-11-25, by NIIBE Yutaka
|
|
|
|
** FST-01SZ fixes
|
|
Fixes for Ack button support and serial number.
|
|
|
|
|
|
* Major changes in Gnuk 1.2.11
|
|
|
|
Released 2018-11-12, by NIIBE Yutaka
|
|
|
|
** Experimental ACK button support with FST-01SZ
|
|
While OpenPGP card specification verison 3 has description for the
|
|
"user interaction" button and data objects, there were no
|
|
implementation. To evaluate the feature, experimental support is
|
|
added.
|
|
|
|
** Upgrade of Chopstx
|
|
We use Chopstx 1.12, which comes with ACK button driver and supports
|
|
FST-01SZ.
|
|
|
|
|
|
* Major changes in Gnuk 1.2.10
|
|
|
|
Released 2018-05-10, by NIIBE Yutaka
|
|
|
|
** No inclusion of VID:PID in gnuk-no-vidpid.elf
|
|
Now, we have new file named gnuk-no-vidpid.elf with no VID:PID. The
|
|
file gnuk.elf has the VID:PID, like version 1.2.7 or older.
|
|
|
|
** Upgrade of Chopstx
|
|
We use Chopstx 1.9, which supports GD32F103.
|
|
|
|
|
|
* Major changes in Gnuk 1.2.9
|
|
|
|
Released 2018-04-05, by NIIBE Yutaka
|
|
|
|
** A test suite fix: Clear PW3
|
|
Until 1.2.8, after running the test suite under "tests", PW3 keystring
|
|
remained, which affects use of admin-less mode. New test case is
|
|
added to clear PW3.
|
|
|
|
** tool/upgrade_by_passwd.py supports KDF-DO auth
|
|
With KDF-DO, firmware upgrade didn't work. Now, it's supported.
|
|
|
|
** Add "single-salt" support for KDF-DO
|
|
With KDF-DO, "admin-less" mode didn't work well. With new feature of
|
|
"single-salt" support, we can use "admin-less" mode with KDF-DO.
|
|
|
|
** factory-reset deletes all upgrade public keys
|
|
By card-edit/factory-reset by GnuPG, it deletes all upgrade public
|
|
keys, now.
|
|
|
|
|
|
* Major changes in Gnuk 1.2.8
|
|
|
|
Released 2018-01-23, by NIIBE Yutaka
|
|
|
|
** No inclusion of VID:PID in gnuk.elf
|
|
|
|
Distribution of binary image with VID:PID would violate vendor ID
|
|
agreement to USB Forum. Now, we have new file named gnuk-vidpid.elf
|
|
for flashing. The file gnuk.elf can be used to generate
|
|
gnuk-vidpid.elf and we can check if it is reproducible or not.
|
|
|
|
** Passphrase length check
|
|
|
|
Now, Gnuk checks length of passphrase if it's too short when
|
|
changing passphrase.
|
|
|
|
** Remove unused DEK with BY_ADMIN
|
|
|
|
For admin-less mode, DEK by OPENPGP_CARD_INITIAL_PW3 remained on flash
|
|
ROM. This could be considered a backdoor, if some other person had or
|
|
kept access to the flash ROM, cheating a user. Now, the DEK is
|
|
cleared by zero when the token is set to admin-less mode.
|
|
|
|
** Upgrade of Chopstx
|
|
We use Chopstx 1.8.
|
|
|
|
|
|
* Major changes in Gnuk 1.2.7
|
|
|
|
Released 2017-11-26, by NIIBE Yutaka
|
|
|
|
** reGNUal
|
|
reGNUal enables CRC module by itself.
|
|
|
|
** Flash update change
|
|
CRC module is disabled when Gnuk stops. It's reGNUal which needs to
|
|
enable CRC module.
|
|
|
|
** Support of USB suspend
|
|
USB suspend and wakeup event are now handled.
|
|
|
|
** KDF-DO support and KDF by host
|
|
KDF-DO is now available. Host can use this feature.
|
|
|
|
** Upgrade of Chopstx
|
|
We use Chopstx 1.6.
|
|
|
|
|
|
* Major changes in Gnuk 1.2.6
|
|
|
|
Released 2017-10-11, by NIIBE Yutaka
|
|
|
|
** Port to GNU/Linux emulation
|
|
We can "run" Gnuk Token on GNU/Linux by emulation through USBIP.
|
|
|
|
** Upgrade of Chopstx
|
|
We use Chopstx 1.5.
|
|
|
|
|
|
* Major changes in Gnuk 1.2.5
|
|
|
|
Released 2017-08-11, by NIIBE Yutaka
|
|
|
|
** "factory-reset" fix
|
|
Gnuk's behavior was implemented by referring the gpg implementation.
|
|
It found that gpg implementation was not good from the viewpoint of
|
|
the OpenPGP card specification. GnuPG was fixed to match the OpenPGP
|
|
card specification already. Thus, Gnuk is now fixed.
|
|
|
|
** Upgrade of Chopstx
|
|
We use Chopstx 1.4.
|
|
|
|
|
|
* Major changes in Gnuk 1.2.4
|
|
|
|
Released 2017-05-12, by NIIBE Yutaka
|
|
|
|
** Flash ROM security fix
|
|
The partial content of flash ROM might be exposed when scanning of
|
|
data object had a problem. Added boundary check and changed layout of
|
|
flash ROM.
|
|
|
|
|
|
* Major changes in Gnuk 1.2.3
|
|
|
|
Released 2017-02-02, by NIIBE Yutaka
|
|
|
|
** ECC key generation on the device
|
|
Bug fixed.
|
|
|
|
** Upgrade of Chopstx
|
|
We use Chopstx 1.3.
|
|
|
|
|
|
* Major changes in Gnuk 1.2.2
|
|
|
|
Released 2016-10-15, by NIIBE Yutaka
|
|
|
|
** Change of SELECT FILE behavior
|
|
Gnuk used to reply AID upon SELECT FILE command. Now, to be compatible
|
|
to original OpenPGP card, it returns nothing but status code of 9000.
|
|
|
|
** Added feature of Factory Reset as compile time option
|
|
Original OpenPGP card has the feature, and Gnuk is now configurable to
|
|
support the feature.
|
|
|
|
** Upgrade of Chopstx
|
|
We use Chopstx 1.2.
|
|
|
|
|
|
* Major changes in Gnuk 1.2.1
|
|
|
|
Released 2016-07-11, by NIIBE Yutaka
|
|
|
|
** Upgrade of Chopstx
|
|
We use Chopstx 1.1.
|
|
|
|
|
|
* Major changes in Gnuk 1.2.0
|
|
|
|
Released 2016-05-20, by NIIBE Yutaka
|
|
|
|
** Upgrade of Chopstx
|
|
We use Chopstx 0.11.
|
|
|
|
** Support authentication status reset by VERIFY command.
|
|
This feature is described in the OpenPGPcard specification V2.2 and
|
|
V3.1, which allow user to reset authentication status.
|
|
|
|
** S2K algorithm tweak to defeat "copycat" service of MCU.
|
|
Even if the existence of some services copying MCU, your private key
|
|
will not be controled by others, in some cases.
|
|
|
|
** Bug fix for secp256k1 and NIST P-256.
|
|
Bugs in basic computation were fixed.
|
|
|
|
** Bug fix for bignum routines.
|
|
Bignum routine update from upstream (failure doesn't occur for our RSA
|
|
computation, though). Another fix for mpi_exp_mod.
|
|
|
|
|
|
* Major changes in Gnuk 1.1.9
|
|
|
|
Released 2015-09-18, by NIIBE Yutaka
|
|
|
|
** Bug fix for Ed25519 and Curve25519
|
|
When registering key, wrong operations were not detected correctly.
|
|
This is fixed.
|
|
|
|
|
|
* Major changes in Gnuk 1.1.8
|
|
|
|
Released 2015-09-17, by NIIBE Yutaka
|
|
|
|
** Upgrade of Chopstx
|
|
We use Chopstx 0.10, which supports Nitrokey-Start.
|
|
|
|
** Card serial number
|
|
The way to determine a serial number of Gnuk Token for card has been
|
|
changed. It uses the 96-bit unique bits of MCU, but the portion for
|
|
use is changed.
|
|
|
|
** USB Reset handling
|
|
USB reset lets Gnuk Token restart. It would not be perfect, when it's
|
|
during computation of some function, but most parts are protected by
|
|
Chopstx's feature of cancellation.
|
|
|
|
|
|
* Major changes in Gnuk 1.1.7
|
|
|
|
Released 2015-08-05, by NIIBE Yutaka
|
|
|
|
** Upgrade of Chopstx
|
|
We use Chopstx 0.08, which supports STM32 Nucleo and ST Dongle.
|
|
|
|
|
|
* Major changes in Gnuk 1.1.6
|
|
|
|
Released 2015-07-21, by NIIBE Yutaka
|
|
|
|
** USB SerialNumber String
|
|
The way to determine a serial number of Gnuk Token has been changed.
|
|
It uses the 96-bit unique bits of MCU, but the portion for use is
|
|
changed.
|
|
|
|
** Upgrade of Chopstx
|
|
We use Chopstx 0.07, which supports STM32 Primer2 and CQ STARM, too.
|
|
|
|
** Experimental Curve25519 support.
|
|
|
|
Gnuk can support Curve25519 (for decryption). Note that this is
|
|
pretty much experimental, and subjects to change. The low level code
|
|
is somehow stable, but there are no consensus in higer level.
|
|
Especially, OID in the key attribute would be changed in future.
|
|
|
|
** No --enable-keygen option
|
|
It is now standard feature included always. Note that it doesn't mean
|
|
this feature is stable now. It is becoming stable, hopefully.
|
|
|
|
|
|
* Major changes in Gnuk 1.1.5
|
|
|
|
Released 2015-06-03, by NIIBE Yutaka
|
|
|
|
** upgrade_by_passwd.py is not so noisy any more.
|
|
Since it's getting stable, no debug output any more.
|
|
|
|
** Maple mini support.
|
|
Although its random number generation is not tested, Maple mini
|
|
support is added.
|
|
|
|
** Windows interoperability fix.
|
|
1.1.x (0 to 4) didn't work with Windows because of INTERRUPT transfer.
|
|
It's fixed and it works now.
|
|
|
|
** OpenPGPcard specification v3.0 compatibility.
|
|
OpenPGPcard specification v3.0 now include NIST curves (and other
|
|
curves) and ECDSA and ECDH operations are defined. Gnuk follows
|
|
this specification.
|
|
|
|
|
|
* Major changes in Gnuk 1.1.4
|
|
|
|
Released 2014-12-15, by NIIBE Yutaka
|
|
|
|
** Experimental RSA-4096 support.
|
|
Although it takes too long (more than 8.7 second), RSA-4096
|
|
is now implemented.
|
|
|
|
** ECDH support.
|
|
ECDH is now supported. You need development branch (master)
|
|
of GnuPG to use this feature.
|
|
|
|
** ECDSA and EdDSA is not that experimental.
|
|
You don't need to edit DEFS variable in src/Makefile.
|
|
|
|
** STM8S_DISCOVERY is not supported any more.
|
|
It's flash ROM size (64KiB) is a bit small to have all features of
|
|
Gnuk now. If you manually edit code to limit the size of executable,
|
|
it still could run Gnuk, though.
|
|
|
|
** configure's default target is now FST-01.
|
|
Receiving reports from those who complain default target, I
|
|
reconsidered. Those who has Olimex STM32 H103 usually has JTAG
|
|
debugger, while FST-01 users don't. So, to be safe, the default
|
|
target is now FST-01, instead of Olimex STM32 H103.
|
|
|
|
|
|
* Major changes in Gnuk 1.1.3
|
|
|
|
Released 2014-04-16, by NIIBE Yutaka
|
|
|
|
** Experimental EdDSA support.
|
|
After configure, you can edit the DEFS variable in src/Makefile, so
|
|
that Gnuk can support EdDSA with Ed25519 (for authentication). Note
|
|
that this is pretty much experimental, and subjects to change.
|
|
|
|
|
|
* Major changes in Gnuk 1.1.2
|
|
|
|
Released 2014-03-07, by NIIBE Yutaka
|
|
|
|
** Experimental ECC support for secp256k1.
|
|
After configure, you can edit the DEFS variable in src/Makefile, so
|
|
that Gnuk can support ECDSA with NIST P256 (for authentication), and
|
|
ECDSA with secp256k1 (for signature). Note that this is pretty much
|
|
experimental, and subjects to change.
|
|
|
|
|
|
* Major changes in Gnuk 1.1.1
|
|
|
|
Released 2013-12-25, by NIIBE Yutaka
|
|
|
|
** Tools and test suite now work with PyUSB 1.0, too.
|
|
It only worked with PyUSB 0.4.3, but it works with PyUSB 1.0 too.
|
|
|
|
** Improved RSA routine
|
|
Working memory for RSA computation is taken from stack instead of
|
|
malloc (mostly).
|
|
|
|
|
|
* Major changes in Gnuk 1.1.0
|
|
|
|
Released 2013-12-20, by NIIBE Yutaka
|
|
|
|
** Overriding key import / generation (Incompatible Change)
|
|
Gnuk supports overriding key import or key generation even if keys are
|
|
already installed. Note that it will result password reset of user.
|
|
|
|
** RSA key generation improvement
|
|
Prime number generation is done by Fouque-Tibouchi method.
|
|
|
|
** Security fix for RSA computation
|
|
PolarSSL had a vulnerability against timing attack. For detail,
|
|
please see:
|
|
|
|
http://www.gniibe.org/memo/development/gnuk/polarssl/polarssl-rsa-blinding
|
|
|
|
** Improved RSA routine
|
|
RSA computation has been improved using MPI square routine. Note that
|
|
you should not adopt this modification for general purpose computer,
|
|
as this change is weak against the Yarom/Falkner flush+reload cache
|
|
side-channel attack.
|
|
|
|
** Upgrade of NeuG
|
|
The true random number generator was upgraded to the one of NeuG 1.0.
|
|
|
|
** Replacement of kernel (thread library)
|
|
Instead of ChibiOS/RT, we now use Chopstx.
|
|
|
|
** Removal of obsolete features
|
|
The feature named pin-dial, which is pin input with hardware
|
|
enhancement (with rotary encoder) is removed.
|
|
|
|
|
|
* Major changes in Gnuk 1.0.4
|
|
|
|
Released 2013-03-15, by NIIBE Yutaka
|
|
|
|
** Relocatable reGNUal, really
|
|
In 1.0.3, reGNUal was not fully relocatable. It worked loaded on higher
|
|
address, but didn't work for lower address. This was fixed.
|
|
|
|
|
|
* Major changes in Gnuk 1.0.3
|
|
|
|
Released 2013-03-14, by NIIBE Yutaka
|
|
|
|
** Relocatable reGNUal
|
|
The upgrade helper, reGNUal, is now relocatable (other than the first
|
|
vector table). It runs well when loaded at different address. This
|
|
makes the upgrade procedure more stable.
|
|
|
|
** Compilation by newer GNU Toolchain
|
|
Now, Gnuk can be compiled with newer GNU Toolchain, specifically GCC
|
|
4.7.x and GNU Binutils 2.22. Old versions of Gnuk had problem for
|
|
ChibiOS_2.0.8/os/ports/GCC/ARMCMx/cmsis/core_cm3.c, which was fixed.
|
|
|
|
** Data object 0x0073
|
|
Data object 0x0073 is now available.
|
|
|
|
|
|
* Major changes in Gnuk 1.0.2
|
|
|
|
Released 2013-02-15, by NIIBE Yutaka
|
|
|
|
** Product string is now "Gnuk Token" (was: "FSIJ USB Token")
|
|
Since the USB ID Repository suggests not including vendor name
|
|
in product string, we changed the product string.
|
|
|
|
** New tool (experimental): test/upgrade_by_passwd.py
|
|
This is the tool to install new firmware to Gnuk Token, provided
|
|
that it's just shipped from factory (and nothing changed). It
|
|
authenticate as admin by factory setting, register a public key
|
|
for firmware upgrade, and then, does firmware upgrade.
|
|
|
|
** tool/gnuk_upgrade.py supports '-k' option
|
|
It now supports RSA key on the host PC (not the one on the Token).
|
|
|
|
** New tool: tool/get_raw_public_key.py
|
|
This is a script to dump raw data of RSA public key, which is useful
|
|
to register to Gnuk Token as a firmware upgrade key.
|
|
|
|
** New tool: tool/gnuk_remove_keys_libusb.py
|
|
This tool is libusb version of gnuk_remove_keys.py. Besides, a bug in
|
|
gnuk_remove_keys.py was fixed.
|
|
|
|
** CCID protocol fix
|
|
When time extension is requested by Gnuk Token to host PC, argument
|
|
field was 0, which was wrong (but it works for most PC/SC
|
|
implementations and GnuPG internal driver). Now it's 1, which means
|
|
1*BWT.
|
|
|
|
** OpenPGP card protocol enhancement
|
|
Now, VERIFY command accepts empty data and returns remaining trial
|
|
counts, or 0x9000 (OK) when it's already authenticated. This is
|
|
useful for application to synchronize card's authentication status.
|
|
|
|
|
|
* Major changes in Gnuk 1.0.1
|
|
|
|
Released 2012-08-03, by NIIBE Yutaka
|
|
|
|
** USB SerialNumber String
|
|
In 1.0, it has a bug for USB SerialNumber String. It has been fixed
|
|
in 1.0.1.
|
|
|
|
|
|
* Major changes in Gnuk 1.0
|
|
|
|
Released 2012-07-21, by NIIBE Yutaka
|
|
|
|
This is bug fixes only release.
|
|
|
|
|
|
* Major changes in Gnuk 0.21
|
|
|
|
Released 2012-07-06, by NIIBE Yutaka
|
|
|
|
** Test suite
|
|
A functinality test suite is added under test/ directory.
|
|
|
|
** New tool: stlinkv2.py
|
|
This tool is SWD flash ROM writer with ST-Link/V2.
|
|
|
|
** New tool: usb_strings.py
|
|
This tool is to dump USB strings, which include revision detail and config
|
|
options.
|
|
|
|
** Protection improvement (even when internal data is disclosed)
|
|
Even if PW1 and PW3 is same, content of encrypted DEK is different
|
|
now.
|
|
|
|
|
|
* Major changes in Gnuk 0.20
|
|
|
|
Released 2012-06-19, by NIIBE Yutaka
|
|
|
|
** Key generation feature added
|
|
Finally, key generation is supported. Note that it may be very slow.
|
|
It may take a few minutes (or more) to generate two or three keys,
|
|
when you are unlucky.
|
|
|
|
** DnD pinentry support is deprecated
|
|
Once, DnD pinentry was considered a great feature, but it found that
|
|
it is difficult to remember moves of folders.
|
|
|
|
** gnuk_upgrade.py assumes using another token for authentication
|
|
Use of another token for authentication is assumed now. This is
|
|
incompatible change. Note that when you upgrade a token of version
|
|
0.19 to 0.20 (or later), you need gnuk_upgrade.py of version 0.19.
|
|
|
|
** KDF (Key Derivation Function) is now SHA-256
|
|
Keystring is now computed by SHA-256 (it was SHA1 before).
|
|
|
|
** Protection improvements (even when internal data is disclosed)
|
|
Three improvements. (1) Even if PW1 and Reset-code is same, content
|
|
of encrypted DEK is different now. (2) DEK is now encrypted and
|
|
decrypted by keystring in ECB mode (it was just a kind of xor by
|
|
single block CFB mode). (3) Key data plus checksum are encrypted in
|
|
CFB mode with initial vector (it will be able to switch OCB mode
|
|
easily).
|
|
|
|
** LED display output change
|
|
LED display output by Gnuk is now more reactive. It shows status code
|
|
when it gets GET_STATUS message of CCID. When you communicate Gnuk by
|
|
internal CCID driver of GnuPG (instead of PC/SC), and enable
|
|
'debug-disable-ticker' option in .gnupg/scdaemon.conf, it is more
|
|
silent now.
|
|
|
|
|
|
* Major changes in Gnuk 0.19
|
|
|
|
Released 2012-06-06, by NIIBE Yutaka
|
|
|
|
** Firmware upgrade feature
|
|
Firmware upgrade is now possible after the public key authentication
|
|
using EXTERNAL AUTHENTICATE command of ISO 7816. Firmware upgrade is
|
|
done together with reGNUal, the firmware upgrade program.
|
|
|
|
** System service blocks at the beginning of flash ROM.
|
|
Once flash ROM is protected, first 4-KiB cannot be modified. Gnuk
|
|
use this area for "system service". Note that this area will not
|
|
be able to be modified by firmware upgrade (or by any method).
|
|
|
|
** New tool: gnuk_upgrade.py
|
|
The tool gnuk_upgrade.py is to do public key authentication using
|
|
gpg-agent and send reGNUal to Gnuk. Then, we put new Gnuk binary
|
|
into the device with reGNUal.
|
|
|
|
** USB strings for revision detail, configure options, and system service.
|
|
USB strings now have more information. There are revision detail
|
|
string, configure options string, system service version string, as
|
|
well as vendor string and product string. These strings could be
|
|
examined to check Gnuk Token.
|
|
|
|
|
|
* Major changes in Gnuk 0.18
|
|
|
|
Released 2012-05-15, by NIIBE Yutaka
|
|
|
|
** New mandatory option '--vidpid' for configure
|
|
You must specify USB vendor ID and product ID for Gnuk.
|
|
The file GNUK_USB_DEVICE_ID lists valid USB device IDs.
|
|
|
|
** New tool: gnuk_remove_keys.py
|
|
The tool gnuk_remove_keys.py is to remove all keys in Gnuk Token
|
|
and reset PW1 and RC (if any).
|
|
|
|
** New USB stack
|
|
Gnuk used to use USB stack of USB-FS-Device_Lib by ST. Now, it has
|
|
original implementation. Hopefully, size and quality are improved.
|
|
|
|
|
|
* Major changes in Gnuk 0.17
|
|
|
|
Released 2012-02-02, by NIIBE Yutaka
|
|
|
|
** USB CCID/ICCD protocol implementation change
|
|
Gnuk now only supports short APDU level exchange, not supporting
|
|
extended APDU level exchange. Thus, Gnuk could be compatible to older
|
|
host side software implementation.
|
|
|
|
** ISO 7816 SELECT command behavior is somewhat strict now
|
|
Old implementations do not check DF name for SELECT command.
|
|
This causes some trouble when Gnuk Token is identified as if it were
|
|
different card/token. Now, DF name of OpenPGP card is checked.
|
|
|
|
** USB CCID/ICCD low-level bug is fixed
|
|
When the size of command APDU data is just 49, the lower level packet
|
|
size is 64. This is maximum size of BULK-OUT transfer packet, and
|
|
caused trouble in the past implementations. Example is setting url
|
|
(0x5f50) as: http://www.gniibe.org/adpu-string-size-is-just-49
|
|
This is because the past implementations expect ZLP (zero length
|
|
packet). Now, it has been fixed. You can use any size of string.
|
|
|
|
** CERT.3 Data Object (0x7f21) is now optional
|
|
As there's no valid use case for this data object and it does not
|
|
work as current version of GnuPG, this is now optional feature.
|
|
You can enable this data object by specifying --enable-certdo at
|
|
configure time.
|
|
|
|
** With DnD pinentry, user can cancel pin input
|
|
Now, user can cancel pin input by unmounting device before finishing
|
|
DnD.
|
|
|
|
** New tool: pinpadtest.py
|
|
The tool pinpadtest.py is PC/SC test tool for pinentry of pinpad with
|
|
OpenPGP card v2.
|
|
|
|
|
|
* Major changes in Gnuk 0.16
|
|
|
|
Released 2011-12-14, by NIIBE Yutaka
|
|
|
|
** DnD pinentry support is added and it's default to pinentry support
|
|
DnD pinentry support doesn't require any hardware extension, but
|
|
emulates mass storage class device of USB. User inputs pass phrase
|
|
by "drag and drop"-ing folders using file manager or something.
|
|
|
|
** Bug fix for VERIFY for CHV2
|
|
With no keys, VERIFY command for CHV2 used to fail even if pass phrase
|
|
is correct. It was intentional, because CHV2 verification would be
|
|
useless with no keys. But there is a corner case for PRIVATE-DOs,
|
|
which may requires CHV2 verification. Even though Gnuk doesn't
|
|
support any PRIVATE-DOs, it is good to be fixed.
|
|
|
|
** Changed bcdUSB = 1.1
|
|
Gnuk device conforms to USB 2.0 full speed device, but when it was
|
|
2.0, some OS informs users, "you can connect the device to 2.0
|
|
compliant hub so that it can have better bandwidth", which is not
|
|
the case for full speed device.
|
|
|
|
|
|
* Major changes in Gnuk 0.15
|
|
|
|
Released 2011-11-24, by NIIBE Yutaka
|
|
|
|
** New targets: FST_01 and FST_01_00
|
|
Flying Stone Technology's open hardware, Flying Stone Tiny 01 is
|
|
supported.
|
|
|
|
** Flash writing tool for "DfuSe" is improved
|
|
Now, it supports holes and unaligned blocks in hex file.
|
|
|
|
** Experimental PIN-pad support (by TV controller) change
|
|
Now, Gnuk has codetables for conversion from CIR code to ASCII code.
|
|
Note that only four controllers (of Dell, Sharp, Sony, and Toshiba)
|
|
are supported and tested.
|
|
|
|
** It is possible for users to keep using OPENPGP_CARD_INITIAL_PW1
|
|
With a bug fix of verify_user_0, it's now possible. Although it's not
|
|
recommended.
|
|
|
|
** Important bug fix and a workaround
|
|
In version 0.14, __main_stack_size__ (for interrupt handler) was too
|
|
small for some cases. This is fixed in 0.15.
|
|
|
|
In src/Makefile.in, added -mfix-cortex-m3-ldrd for correctly linking C
|
|
library for thumb2. This is needed for newer summon-arm-toolchain.
|
|
|
|
|
|
* Major changes in Gnuk 0.14
|
|
|
|
Released 2011-10-07, by NIIBE Yutaka
|
|
|
|
** Random number generator change
|
|
NeuG, Gniibe's True RNG implementation for STM32F103, has been
|
|
integrated to Gnuk. It is not needed to put random number bytes
|
|
(generated by host) to Token any more.
|
|
|
|
|
|
* Major changes in Gnuk 0.13
|
|
|
|
Released 2011-06-15, by NIIBE Yutaka
|
|
|
|
** Improved RSA routine.
|
|
About 20% speed improvement.
|
|
|
|
** New tool: hub_ctrl.
|
|
It is a Python implementation ported from original C implementation.
|
|
It is useful for development of USB target if you have a good hub.
|
|
You can power off/on the port to reset Gnuk Token.
|
|
|
|
|
|
* Major changes in Gnuk 0.12
|
|
|
|
Released 2011-05-13, by NIIBE Yutaka
|
|
|
|
** Admin-less mode is supported.
|
|
The OpenPGP card specification assumes existence of a security officer
|
|
(admin), who has privilege to manage the card. On the other hand,
|
|
many use cases of Gnuk are admin == user.
|
|
|
|
Thus, Gnuk now supports "admin-less" mode. In this mode, user can get
|
|
privilege with the password of PW1.
|
|
|
|
At the initialization of the card, Gnuk becomes compatible mode by
|
|
setting PW3. Without setting PW3, it becomes "admin-less" mode
|
|
by setting PW1.
|
|
|
|
** Important two bug fixes.
|
|
Gnuk (<= 0.11) has a bug which makes possible for attacker to change
|
|
user password to unknown state without knowing original password (when
|
|
no keys are loaded yet). No, attacker could not steal your identity
|
|
(cannot sign or decrypt), but it would be possible to disturb you.
|
|
|
|
Gnuk (<= 0.11) has a bug which makes possible for attacker to guess
|
|
admin password easily. When admin password is not set (the default
|
|
value of factory setting), failure of VERIFY doesn't increment error
|
|
counter in older versions. Observing no increment of error counter,
|
|
attacker could know that admin password is the one of factory setting.
|
|
|
|
** tool/gnuk_put_binary.py now uses pyscard.
|
|
Instead of PyUSB, it uses Python binding of PC/SC. PyUSB version is
|
|
still available as tool/gnuk_put_binary_libusb.py.
|
|
|
|
** Logo for Gnuk is updated.
|
|
|
|
** Gnuk Sticker SVG is available.
|
|
|
|
|
|
* Major changes in Gnuk 0.11
|
|
|
|
Released 2011-04-15, by NIIBE Yutaka
|
|
|
|
This is bug fixes only release.
|
|
|
|
|
|
* Major changes in Gnuk 0.10
|
|
|
|
Released 2011-02-10, by NIIBE Yutaka
|
|
|
|
** The executable can be installed to multiple devices.
|
|
So far, users of Gnuk should have not shared single executable among
|
|
multiple devices because the executable includes random bits (or
|
|
fixed serial number). Now, random_bits and fixed serial number are
|
|
configured *after* compilation, we can install single executable image
|
|
to multiple devices. Note that we need to configure random_bits for
|
|
each device.
|
|
|
|
** Removed configure option: --with-fixed-serial
|
|
It is not compile time option any more. After installation, we can
|
|
modify serial number in AID by tool/gnuk_put_binary.py. Modification
|
|
is possible only once. If you don't modify, Gnuk uses unique chip ID
|
|
of STM32 processor for AID.
|
|
|
|
|
|
* Major changes in Gnuk 0.9
|
|
|
|
Released 2011-02-01, by NIIBE Yutaka
|
|
|
|
** Card Holder Certificate is supported (still this is experimental).
|
|
Gnuk can support card holder certificate now. Note that GnuPG is not
|
|
ready yet. The tool/gnuk_update_binary.py is for writing card holder
|
|
certificate to Gnuk Token.
|
|
|
|
** Better interoperability to OpenSC.
|
|
Gnuk is not yet supported by OpenSC, but it could be. With the
|
|
changes in Gnuk, it could be relatively easily possible to support
|
|
Gnuk Token by OpenSC with a few changes to libopensc/card-openpgp.c,
|
|
and libopensc/pkcs15-openpgp.c.
|
|
|
|
** New board support "STBee"
|
|
STBee is a board by Strawberry Linux Co., Ltd., and it has
|
|
STM32F103VET6 on the board. The chip is High Density CPU with 512KB
|
|
flash memory and many I/O. If you want to connect sensor, display,
|
|
etc., this board would be a good candidate.
|
|
|
|
** Experimental PIN-pad modification(unblock) support is added.
|
|
PIN-pad modification(unblock) is supported.
|
|
|
|
|
|
* Major changes in Gnuk 0.8
|
|
|
|
Released 2011-01-19, by NIIBE Yutaka
|
|
|
|
** Experimental PIN-pad modification support is added.
|
|
PIN input using rotally encoder and push switch is tested with STBee
|
|
Mini. By this hardware, PIN-pad modification is supported.
|
|
|
|
|
|
* Major changes in Gnuk 0.7
|
|
|
|
Released 2011-01-15, by NIIBE Yutaka
|
|
|
|
** Bug fix only.
|
|
In version 0.6, a severe bug was introduced in usb-icc.c when adding a
|
|
work around for libccid 1.3.11. The fix is one-liner, but it is worth
|
|
to release newer version.
|
|
|
|
|
|
* Major changes in Gnuk 0.6
|
|
|
|
Released 2011-01-14, by NIIBE Yutaka
|
|
|
|
** Experimental PIN-pad support is added.
|
|
Local PIN-pad input is suppored for boards which have input hardware.
|
|
PIN input using consumer IR receive module is tested with STBee Mini
|
|
and STM8S Discovery.
|
|
|
|
** USB device serial number is virtually unique now.
|
|
STM32F103 has 96-bit unique chip identifier. We take advantage of
|
|
this, Gnuk Token has virtually unique USB serial number.
|
|
|
|
** Card serial number is determined at run time by chip identifier.
|
|
Until version 0.5, card serial number was compile time option. If we
|
|
used same binary for different devices, card serial number was same.
|
|
Now, we use STM32F103's 96-bit unique chip identifier for card serial
|
|
number (when you don't use --with-fixed-serial option).
|
|
|
|
** More improved USB-CCID/ICCD implementation.
|
|
The changes in 0.5 was not that good for libccid 1.3.11, which has
|
|
small buffer (only 262-byte APDU). Workaround for libccid 1.3.11 is
|
|
implemented.
|
|
|
|
|
|
* Major changes in Gnuk 0.5
|
|
|
|
Released 2010-12-13, by NIIBE Yutaka
|
|
|
|
** LED blink
|
|
LED blink now shows status output of the card. It shows the status of
|
|
CHV3, CHV2, and CHV1 when GPG is accessing the card.
|
|
|
|
** New board support "STM8S Discovery"
|
|
ST-Link part (with STM32F103C8T6) of STM8S Discovery board is now supported.
|
|
|
|
** Digital signing for SHA224/SHA256/SHA384/SHA512 digestInfo is now possible.
|
|
|
|
** Fixes for password management
|
|
Now, you can allow the token to do digital signing multiple times with
|
|
single authentication. You can use "forcesig" subcommand in card-edit
|
|
of GnuPG to enable the feature.
|
|
|
|
** Key management changes
|
|
If you remove all keys, it is possible to import keys again.
|
|
|
|
** More improved USB-CCID/ICCD implementation.
|
|
Gnuk works better with GPG's in-stock protocol stack. You can do
|
|
digital signing (not decryption, key import, or get_public_key in
|
|
GPG2). For decryption, key import and get_public_key, changes are
|
|
needed for GPG (scd/ccid-driver.c) to support the case of extended
|
|
APDU. In short, you can sign with Gnuk by GPG.
|
|
|
|
** Windows support.
|
|
Gnuk Token could run with GPG4WIN on MS Windows. GPG4WIN runs with
|
|
"usbccid" driver and "winscard" driver.
|
|
|
|
|
|
* Major changes in Gnuk 0.4
|
|
|
|
Released 2010-11-09, by NIIBE Yutaka
|
|
|
|
** New board support "STBee Mini".
|
|
|
|
** Flash writing tool for "DfuSe" is included now.
|
|
|
|
** Since Flash GC is now implemented, it can be used longer.
|
|
|
|
|
|
* Major changes in Gnuk 0.3
|
|
|
|
Released 2010-10-23, by NIIBE Yutaka
|
|
|
|
** Now we have 'configure' script to select target.
|
|
|
|
** Support system with DFU (Device Firmware Upgrade) downloader.
|
|
|
|
** New board support "CQ STARM".
|
|
|
|
** Improved USB-ICCD implementation. Works fine with GPG's protocol stack.
|
|
|
|
|
|
* Major changes in Gnuk 0.2
|
|
|
|
Released 2010-09-13, by NIIBE Yutaka
|
|
|
|
** With DEBUG=1, timeout is more than 3 seconds.
|
|
|
|
** Flash ROM entries for random numbers are cleared after use.
|
|
|
|
** Board support "STM32 Primer 2" now works.
|
|
|
|
|
|
* Major changes in Gnuk 0.1
|
|
|
|
Released 2010-09-10, by NIIBE Yutaka
|
|
|
|
** Enabled force_chv1 (in the pw_status_bytes), so that the decipher works.
|
|
|
|
** Support both of key for digital signing and key for decryption.
|
|
|
|
** Decipher is supported.
|
|
|
|
** New board support "STM32 Primer 2" is added by Kaz Kojima.
|
|
|
|
** LED behavior is meaningful now. "ON" during execution.
|
|
|
|
** Fixed bcdCCID revision number.
|
|
|
|
** Logo.
|
|
|
|
|
|
* Major changes in Gnuk 0.0
|
|
|
|
Released 2010-09-06, by NIIBE Yutaka
|
|
|
|
** This is initial release. Only it supports digital signing.
|
|
|
|
|
|
# Local Variables:
|
|
# mode: outline
|
|
# End:
|