Change for firmware upgrade and ack-button.
authorNIIBE Yutaka <gniibe@fsij.org>
Fri, 22 Feb 2019 10:53:52 +0000 (19:53 +0900)
committerNIIBE Yutaka <gniibe@fsij.org>
Fri, 22 Feb 2019 10:53:52 +0000 (19:53 +0900)
ChangeLog
src/openpgp.c
tool/gnuk_get_random.py [new file with mode: 0755]

index 8dba700..5a62b43 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 2019-02-22  NIIBE Yutaka  <gniibe@fsij.org>
 
+       * tool/gnuk_get_random.py: New.
+
+       * src/openpgp.c (cmd_external_authenticate): move
+       ACKBTN_SUPPORT to...
+       (cmd_get_challenge): ... here.
+
        * src/gnuk.h (EV_*): Change the values.
 
        * src/usb-ccid.c (GPG_ACK_TIMEOUT): New.
index 38cd76b..f4bb37c 100644 (file)
@@ -2,6 +2,7 @@
  * openpgp.c -- OpenPGP card protocol support
  *
  * Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018
+ *               2019
  *               Free Software Initiative of Japan
  * Author: NIIBE Yutaka <gniibe@fsij.org>
  *
@@ -1388,13 +1389,6 @@ cmd_external_authenticate (struct eventflag *ccid_comm)
       return;
     }
 
-#ifdef ACKBTN_SUPPORT
-  if (gpg_do_get_uif (GPG_KEY_FOR_SIGNING)
-      || gpg_do_get_uif (GPG_KEY_FOR_DECRYPTION)
-      || gpg_do_get_uif (GPG_KEY_FOR_AUTHENTICATION))
-    eventflag_signal (ccid_comm, EV_EXEC_ACK_REQUIRED);
-#endif
-
   r = rsa_verify (pubkey, FIRMWARE_UPDATE_KEY_CONTENT_LEN,
                  challenge, signature);
   random_bytes_free (challenge);
@@ -1432,6 +1426,13 @@ cmd_get_challenge (struct eventflag *ccid_comm)
   if (challenge)
     random_bytes_free (challenge);
 
+#ifdef ACKBTN_SUPPORT
+  if (gpg_do_get_uif (GPG_KEY_FOR_SIGNING)
+      || gpg_do_get_uif (GPG_KEY_FOR_DECRYPTION)
+      || gpg_do_get_uif (GPG_KEY_FOR_AUTHENTICATION))
+    eventflag_signal (ccid_comm, EV_EXEC_ACK_REQUIRED);
+#endif
+
   challenge = random_bytes_get ();
   memcpy (res_APDU, challenge, len);
   res_APDU_size = len;
diff --git a/tool/gnuk_get_random.py b/tool/gnuk_get_random.py
new file mode 100755 (executable)
index 0000000..ac50818
--- /dev/null
@@ -0,0 +1,15 @@
+#! /usr/bin/python3
+
+from gnuk_token import get_gnuk_device, gnuk_token
+from binascii import hexlify
+import sys
+
+if __name__ == '__main__':
+    gnuk = get_gnuk_device()
+    gnuk.cmd_select_openpgp()
+    looping = (len(sys.argv) > 1)
+    while True:
+        challenge = gnuk.cmd_get_challenge().tostring()
+        print(hexlify(challenge))
+        if not looping:
+            break