ecdsa implementation
authorNIIBE Yutaka <gniibe@fsij.org>
Wed, 20 Feb 2013 07:49:56 +0000 (16:49 +0900)
committerNIIBE Yutaka <gniibe@fsij.org>
Wed, 20 Feb 2013 07:49:56 +0000 (16:49 +0900)
ChangeLog
ChangeLog-1_0 [new file with mode: 0644]
src/Makefile.in
src/call-ec_p256.c [new file with mode: 0644]
src/call-rsa.c
src/gnuk.h
src/openpgp-do.c
src/openpgp.c

index 7ee98cd..83c67d4 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,19 @@
+2013-02-20  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/openpgp.c (cmd_internal_authenticate): Support ECDSA for
+       authentication.
+
+       * src/openpgp-do.c (algorithm_attr_ecdsa): New.
+       (algorithm_attr_rsa): Rename (was: algorithm_attr).
+       (gpg_do_table): Change for GPG_DO_ALG_AUT.
+       (gpg_do_write_prvkey): Support ECDSA key for authentication.
+       (proc_key_import): Likewise.
+       (gpg_do_public_key): Likewise.
+
+       * src/call-ec_p256.c: New.
+       * src/Makefile.in: Add call-ec_p256.c.
+       * src/call-rsa.c (modulus_free): Remove.
+
 2013-02-19  Niibe Yutaka  <gniibe@fsij.org>
 
        * regnual/regnual.ld (MEMORY): Fix address of regnual.
        * src/adc_stm32f103.c, src/adc.h: New from NeuG 0.05.
 
        * src/random.c: Follow the change of NeuG 0.05.
-
-2013-02-15  Niibe Yutaka  <gniibe@fsij.org>
-
-       * Version 1.0.2.
-       * src/usb_desc.c (gnukStringSerial): Updated.
-
-2013-02-14  Niibe Yutaka  <gniibe@fsij.org>
-
-       * test/features/002_get_data_static.feature: Value of extended
-       capabilities changed.
-       * test/features/402_get_data_static.feature: Ditto.
-       * test/features/802_get_data_static.feature: Ditto.
-
-       * src/openpgp.c (cmd_write_binary): Move erasing page of update
-       keys to...
-       (modify_binary): ...here.
-
-       * src/flash.c (flash_write_binary): Handle removal of update keys.
-
-2013-02-13  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/openpgp.c (cmd_get_challenge): Handle Le field.
-
-       * src/openpgp-do.c (extended_capabilities): Fix for GET CHALLENGE.
-
-       * src/gnuk.h (CHALLENGE_LEN): Moved here (was: openpgp.c).
-
-       * tool/gnuk_token.py (iso7816_compose): Add Le field.
-
-2013-01-30  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/openpgp.c (cmd_external_authenticate): Fix off-by-one error.
-
-       * tool/gnuk_token.py (gnuk_token.cmd_external_authenticate): Add
-       KEYNO to the arguments.
-
-       * tool/upgrade_by_passwd.py (main): Explicitly say it's KEYNO.
-
-2013-01-28  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/openpgp-do.c (gpg_pw_get_retry_counter): New.
-       * src/openpgp.c (cmd_verify): Implement VERIFY with empty data.
-
-2013-01-22  Niibe Yutaka  <gniibe@fsij.org>
-
-       * tool/pinpadtest.py (Card.cmd_vega_alpha_disable_empty_verify):
-       New.
-       (main): call cmd_vega_alpha_disable_empty_verify if it's
-       COVADIS_VEGA_ALPHA.
-
-2013-01-21  Niibe Yutaka  <gniibe@fsij.org>
-
-       * tool/pageant_proxy_to_gpg.py: New.
-       * tool/sexp.py: New.
-
-2013-01-20  Niibe Yutaka  <gniibe@fsij.org>
-
-       * tool/gpg_agent.py: New.
-
-2013-01-11  Niibe Yutaka  <gniibe@fsij.org>
-
-       * tool/pinpadtest.py: Add fixed length input.
-
-2012-12-25  Niibe Yutaka  <gniibe@fsij.org>
-
-       * tool/rsa.py: New.
-
-       * tool/rsa_example.key: New.  Example RSA key information.
-
-       * tool/upgrade_by_passwd.py: New.
-
-2012-12-19  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/Makefile.in (USE_OPT): -O3 and -Os (was: -O2).
-
-       * tool/gnuk_token.py (gnuk_token.stop_gnuk, gnuk_token.mem_info)
-       (gnuk_token.download, gnuk_token.execute)
-       (gnuk_token.cmd_get_challenge)
-       (gnuk_token.cmd_external_authenticate): New.
-       (gnuk_devices_by_vidpid): New.
-       (regnual): New.
-
-2012-12-18  Niibe Yutaka  <gniibe@fsij.org>
-
-       * test/gnuk.py: Remove.
-
-       * test/features/steps.py: Use tool/gnuk_token.py.
-
-       * tool/gnuk_put_binary_libusb.py: Use gnuk_token.py.
-       (main): Follow the API change.
-
-       * tool/gnuk_token.py (list_to_string): New.
-       (gnuk_token.get_string, gnuk_token.increment_seq)
-       (gnuk_token.reset_device, gnuk_token.release_gnuk): New.
-       (gnuk_token.icc_power_on): Set self.atr and it's now string.
-       (gnuk_token.icc_send_cmd): Handle time extension.
-       (gnuk_token.cmd_get_response): Return string (was: list).
-       (gnuk_token.cmd_get_data): Return "" when success.
-       (gnuk_token.cmd_change_reference_data, gnuk_token.cmd_put_data)
-       (gnuk_token.cmd_put_data_odd)
-       (gnuk_token.cmd_reset_retry_counter, gnuk_token.cmd_pso)
-       (gnuk_token.cmd_pso_longdata)
-       (gnuk_token.cmd_internal_authenticate, gnuk_token.cmd_genkey)
-       (gnuk_token.cmd_get_public_key): New.
-       (compare): New.
-       (get_gnuk_device): New.
-
-2012-12-14  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/openpgp.c (cmd_change_password): Check password length
-       for admin less mode.
-
-2012-12-13  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/openpgp-do.c (gpg_do_put_data): Add GPG_SUCCESS for
-       completeness (it worked because of lower layer goodness).
-
-2012-12-12  Niibe Yutaka  <gniibe@fsij.org>
-
-       * tool/gnuk_token.py: Add module imports.
-
-       * tool/gnuk_remove_keys.py (main): Fix data object number
-       for KGTIME_SIG, KGTIME_DEC and KGTIME_AUT.
-
-       * tool/gnuk_remove_keys_libusb.py (main): Likewise.
-
-2012-12-05  Niibe Yutaka  <gniibe@fsij.org>
-
-       * tool/gnuk_remove_keys_libusb.py: New.
-       * tool/gnuk_token.py: New.
-
-2012-11-07  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/usb-icc.c (icc_send_data_block_internal): New.
-       (icc_send_data_block_time_extension): New.
-       (icc_handle_timeout): Use icc_send_data_block_time_extension.
-       (icc_send_data_block): Only one argument.
-       (USBthread): Follow the change.
-
-2012-11-01  Niibe Yutaka  <gniibe@fsij.org>
-
-       * tool/gnuk_upgrade.py (main): New option '-k' to specify keygrip
-       for non-smartcard key.
-       (gpg_sign): Support non-smartcard key.
-
-2012-10-31  Niibe Yutaka  <gniibe@fsij.org>
-
-       * tool/get_raw_public_key.py: New.
-
-2012-10-26  Niibe Yutaka  <gniibe@fsij.org>
-
-       * GNUK_USB_DEVICE_ID (Product_STRING): It's considered better not
-       to include vendor name.  Change the name to "Gnuk Token" (was:
-       FSIJ USB Token).
-
-2012-10-13  Niibe Yutaka  <gniibe@fsij.org>
-
-       * boards/STBEE_MINI/board.c [!DFU_SUPPORT] (hwinit1): Don't run
-       when "user switch" is pushed.  This is for JTAG/SWD debugger.
-
-2012-09-25  Niibe Yutaka  <gniibe@fsij.org>
-
-       * tool/stlinkv2.py (main): Print out option bytes value.
-       Call reset_sys before blank_check.
-
-2012-09-18  Niibe Yutaka  <gniibe@fsij.org>
-
-       * tool/stlinkv2.py (stlinkv2.option_bytes_erase)
-       (stlinkv2.flash_erase_all, stlinkv2.flash_erase_page): : Fix
-       OperationFailure (was OperationError).
-       (main): Call option_bytes_erase if it's not 0xff.
-
-2012-09-12  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/sha256.c: Include <stdint.h>.
-
-       * src/sha256.h (SHA256_DIGEST_SIZE, SHA256_BLOCK_SIZE): Move
-       from sha256.c.
-
-2012-08-29  Niibe Yutaka  <gniibe@fsij.org>
-
-       * tool/hub_ctrl.py (__main__): Fix to busnum (was: bunum).
-       Thanks to Henry Hu.
-
-2012-08-03  Niibe Yutaka  <gniibe@fsij.org>
-
-       * Version 1.0.1.
-       * src/usb_desc.c (gnukStringSerial): Updated.
-       * src/main.c (ID_OFFSET): Fix.
-
-2012-08-02  Niibe Yutaka  <gniibe@fsij.org>
-
-       * test/gnuk.py (gnuk_token.get_string): New.
-       * test/features/991_version_string.feature: New.
-
-2012-07-21  Niibe Yutaka  <gniibe@fsij.org>
-
-       * Version 1.0.
-       * src/usb_desc.c (gnukStringSerial): Updated.
-
-       Documentation by Sphinx.
-       * doc/Makefile: New.
-       * doc/note: Old notes are moved here.
-
-2012-07-20  Niibe Yutaka  <gniibe@fsij.org>
-
-       * test/features/002_get_data_static.feature: Support CERTDO enabled
-       Gnuk for the test of extended capabilities.
-       * test/features/802_get_data_static.feature: Ditto.
-       * test/features/402_get_data_static.feature: Ditto.
-
-2012-07-10  Niibe Yutaka  <gniibe@fsij.org>
-
-       * test/features/*: Add test cases for PW1/PW3 of factory settings.
-
-       * test/features/202_keygen.feature: Add PSO signature test after
-       keygen.
-       * test/features/602_keygen.feature: Ditto.
-
-       Bug fix.
-       * src/openpgp-do.c (gpg_do_write_prvkey): Don't call ac_reset_*
-       here.
-       (proc_key_import): But call ac_reset_* here.
-       (gpg_do_keygen): Load private key for signing.
-
-       * tool/stlinkv2.py (stlinkv2.usb_disconnect): New.
-
-2012-07-09  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/openpgp.c (cmd_pso): For decryption, return error sooner for
-       invalid data.
-
-       * tool/stlinkv2.py (stlinkv2.setup_gpio): Fix GPIOB_CRL.
-
-       * test/rsa_keys.py (integer_to_bytes_256): Rename from
-       integer_to_bytes and it should be exactly 256-byte long.
-
-2012-07-06  Niibe Yutaka  <gniibe@fsij.org>
-
-       * Version 0.21.
-       * src/usb_desc.c (gnukStringSerial): Updated.
-
-       * boards/FST_01/board.h (VAL_GPIOACRL): Change for SPI flash.
-       * tool/stlinkv2.py (stlinkv2.setup_gpio): Likewise.
-       (stlinkv2.spi_flash_init, stlinkv2.spi_flash_select)
-       (stlinkv2.spi_flash_sendbyte, stlinkv2.spi_flash_read_id): New.
-       (main): Add SPI flash ROM id check.
-
-2012-07-05  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/call-rsa.c (rsa_sign, rsa_decrypt): Don't need to setup N.
-
-       * polarssl-0.14.0/library/rsa.c (rsa_check_pubkey)
-       (rsa_check_privkey): Ifdef-out.
-
-       More tests.
-       * test/*: Add tests for admin-less mode.
-       * test/features/990_reset_passphrase.feature: This is now for
-       admin-less mode.
-       * test/features/970_key_removal.feature: Ditto.
-
-       * src/openpgp.c (cmd_change_password): Call ac_reset_admin when
-       admin-less mode.
-       (cmd_reset_user_password): Likewise.
-
-       * src/ac.c (ac_reset_admin, ac_fini): Clear ADMIN_AUTHORIZED.
-
-       Bug fix.
-       * src/ac.c (verify_admin): Call s2k with ADMIN_AUTHORIZED.
-
-2012-07-04  Niibe Yutaka  <gniibe@fsij.org>
-
-       Bug fixes.
-       * src/ac.c (verify_admin_0): Compare PW_LEN and BUF_LEN.
-
-       * src/openpgp-do.c (gpg_do_chks_prvkey): Set do_ptr to NULL before
-       calling flash_do_write (which might cause GC).
-       (gpg_do_put_data, gpg_do_write_simple): Likewise.
-
-       * src/openpgp.c (cmd_reset_user_password): Write to
-       DO_KEYSTRING_PW1.
-
-2012-07-03  Niibe Yutaka  <gniibe@fsij.org>
-
-       * test/features/040_passphrase_change.feature: New.
-       * test/features/203_passphrase_change.feature: New.
-       * test/features/210_compute_signature.feature: Rename (was:
-       203_compute_signature.feature)
-       * test/features/211_decryption.feature: Rename (was:
-       204_decryption.feature)
-
-2012-07-02  Niibe Yutaka  <gniibe@fsij.org>
-
-       * tool/stlinkv2.py (stlinkv2.__init__): Don't call setAltInterface.
-
-2012-06-30  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/openpgp.c (s2k): New.
-       (resetcode_s2k): Remove.
-       (cmd_reset_user_password, cmd_change_password): Use s2k (was:
-       sha256 directly or resetcode_s2k).
-       * src/openpgp-do.c (proc_resetting_code, gpg_do_write_prvkey):
-       Likewise.
-       * src/ac.c (verify_user_0, verify_admin): Likewise.
-
-2012-06-29  Niibe Yutaka  <gniibe@fsij.org>
-
-       * regnual/Makefile: Don't copy usb_lld.c.
-
-2012-06-28  Niibe Yutaka  <gniibe@fsij.org>
-
-       * test/features/204_decryption.feature: New.
-       * test/features/203_compute_signature.feature: New.
-       * test/features/202_keygen.feature: New.
-       * test/features/201_setup_passphrase.feature: New.
-       * test/features/200_key_removal.feature: New.
-
-       * test/rsa_keys.py (verify_signature): New.
-       (encrypt_with_pubkey): New.
-
-       * test/gnuk.py (gnuk_token): New method: increment_seq.
-       (gnuk_token.icc_send_cmd): Handle timeout.
-       (gnuk_token.cmd_genkey): New.
-       (gnuk_token.cmd_get_public_key): New.
-
-2012-06-27  Niibe Yutaka  <gniibe@fsij.org>
-
-       * test/features/101_decryption.feature: New.
-       * test/features/100_compute_signature.feature: New.
-
-       * src/openpgp-do.c (gpg_do_chks_prvkey): Call flash_do_release before
-       flash_do_write.
-       (gpg_do_write_prvkey): Bug fix when GC occurs.
-
-       * src/openpgp.c (cmd_change_password): Support resetting to
-       factory setting of PW3.
-
-       * src/openpgp-do.c (gpg_do_write_prvkey): Don't reset signagure
-       counter here.
-       (proc_key_import): But reset here.
-       Call ac_reset_* when key is imported.
-
-2012-06-26  Niibe Yutaka  <gniibe@fsij.org>
-
-       * test: New.
-
-2012-06-25  Niibe Yutaka  <gniibe@fsij.org>
-
-       * tool/usb_strings.py: New.
-
-2012-06-22  Niibe Yutaka  <gniibe@fsij.org>
-
-       * tool/stlinkv2.py (stlinkv2.blank_check): Add blank check of
-       Flash ROM.
-
-2012-06-21  Niibe Yutaka  <gniibe@fsij.org>
-
-       * tool/asm-thumb/blank_check.S: New.
-
-2012-06-20  Niibe Yutaka  <gniibe@fsij.org>
-
-       ST-Link/V2 flash ROM writer.
-       * tool/stlinkv2.py: New.
-       * tool/asm-thumb/opt_bytes_write.S: New.
-       * tool/asm-thumb/flash_write.S: New.
-
-2012-06-19  Niibe Yutaka  <gniibe@fsij.org>
-
-       * Version 0.20.
-
-       * src/usb_desc.c (gnukStringSerial): Updated.
-
-2012-06-18  Niibe Yutaka  <gniibe@fsij.org>
-
-       LED display output change.
-       * src/main.c (MAIN_TIMEOUT_INTERVAL): New.
-       (LED_TIMEOUT_INTERVAL, etc.): New values.
-       (main_mode, display_interaction): Remove.
-       (led_inverted, emit_led): New.
-       (display_status_code): Use emit_led.
-       (led_blink): Use LED_* for SPEC.
-       (main, fatal): New LED display output.
-       * src/gnuk.h (LED_ONESHOT, LED_TWOSHOTS, LED_SHOW_STATUS)
-       (LED_START_COMMAND, LED_FINISH_COMMAND, LED_FATAL): New semantics.
-       (main_thread): Remove.
-       * src/openpgp-do.c (gpg_do_keygen): Don't touch LED here.
-       * src/openpgp.c (get_pinpad_input): Call led_blink.
-       (cmd_pso, cmd_internal_authenticate): Don't touch LED here.
-       (GPGthread): Call led_blink.
-       * src/pin-cir.c (pinpad_getline): Change arg of led_blink.
-       * src/pin-dnd.c (pinpad_getline): Ditto.
-       * src/usb-icc.c (icc_handle_timeout): Ditto.
-       (icc_send_status): Call led_blink.
-       * src/usb_ctrl.c (gnuk_usb_event): Don't touch LED here.
-
-2012-06-16  Niibe Yutaka  <gniibe@fsij.org>
-
-       Use SHA256 format for "external authenticate".
-       * tool/gnuk_upgrade.py (gpg_sign): SHA256 sign by "SCD PKAUTH".
-       (main): Not specify keygrip, but always use key for authentication.
-       * src/call-rsa.c (rsa_verify): It is SHA256 format (was: SHA1).
-       * src/openpgp.c (cmd_get_challenge): Don't add chip-id prefix.
-       (cmd_external_authenticate): Likewise.
-
-2012-06-15  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/random.c (random_bytes_free): Clear out random bytes.
-
-       More protection improvements.
-       * src/random.c (RANDOM_BYTES_LENGTH): It's 32 now (was: 16).
-       * src/gnuk.h (struct key_data_internal): Remove check, random,
-       magic.  Add checksum.
-       (struct prvkey_data): Remove crm_encrypted.  Add iv and
-       checksum_encrypted.
-       * src/openpgp-do.c (encrypt, decrypt): Add IV argument.
-       (encrypt_dek, decrypt_dek): New.  It's in ECB mode.
-       (compute_key_data_checksum): New.
-       (gpg_do_load_prvkey): Handle initial vector and checksum.
-       Use decrypt_dek to decrypt DEK.  Clear DEK after use.
-       (calc_check32):Remove.
-       (gpg_do_write_prvkey): Use encrypt_dek to encrypt DEK.
-       (gpg_do_chks_prvkey): Likewise.
-
-       * polarssl-0.14.0/include/polarssl/aes.h (aes_crypt_cbc)
-       * polarssl-0.14.0/library/aes.c (aes_crypt_cbc): ifdef-out.
-
-       * src/configure (--enable-pinpad): Deprecate DND.
-
-2012-06-14  Niibe Yutaka  <gniibe@fsij.org>
-
-       Protection improvement.
-       * src/openpgp.c (resetcode_s2k): New.
-       (cmd_reset_user_password): Use resetcode_s2k.
-       * src/openpgp-do.c (proc_resetting_code): Likewise.
-
-       * src/sha256.c (sha256_finish): Clear out CTX at the end.
-
-       * src/call-rsa.c (rsa_sign, rsa_decrypt, rsa_verify): Use
-       mpi_lset (was: mpi_read_string).
-       * polarssl-0.14.0/library/bignum.c (mpi_get_digit)
-       (mpi_read_string): ifdef-out.
-
-       KDF is now SHA-256 (was: SHA1).
-       * src/sha256.c: New file.  Based on the implementation by Dr Brian
-       Gladman.
-       * src/openpgp.c (cmd_change_password, cmd_reset_user_password):
-       Use sha256.
-       * src/openpgp-do.c (proc_resetting_code, gpg_do_write_prvkey): Likewise.
-       * src/ac.c (verify_user_0, calc_md, verify_admin): Likewise.
-       * src/crypt.mk (CRYPTSRC): Add sha256.c, removing sha1.c.
-       * src/gnuk.h (KEYSTRING_MD_SIZE): It's 32 for SHA-256.
-
-2012-06-13  Niibe Yutaka  <gniibe@fsij.org>
-
-       Bug fixes.
-       * src/main.c (display_interaction): Assign to main_mode.
-       * src/openpgp.c (cmd_change_password): Bug fix for admin less mode
-       to admin full mode.  Variable who_old should be admin_authorized.
-
-       Key generation is configure option.
-       * src/configure (keygen): Add --enable-keygen option.
-       * src/Makefile.in (UDEFS): Add definition of KEYGEN_SUPPORT.
-       * src/call-rsa.c [KEYGEN_SUPPORT] (rsa_genkey): Conditionalize.
-       * src/random.c [KEYGEN_SUPPORT] (random_byte): Ditto.
-       * src/openpgp.c [KEYGEN_SUPPORT] (cmd_pgp_gakp): Ditto.
-       * src/openpgp-do.c [KEYGEN_SUPPORT] (gpg_do_keygen): Ditto.
-       * polarssl-0.14.0/include/polarssl/config.h: Ditto.
-       * polarssl-0.14.0/library/bignum.c [POLARSSL_GENPRIME]
-       (mpi_inv_mod): Unconditionalize.
-
-2012-06-08  Niibe Yutaka  <gniibe@fsij.org>
-
-       * polarssl-0.14.0/library/bignum.c (mpi_cmp_mpi): Bug fix.
-       Though it doesn't matter for Gnuk usage.
-
-       Emit LED light while computation (or asking user input).
-       * src/usb-icc.c (icc_handle_timeout): Call led_blink.
-       * src/openpgp.c (cmd_pso, cmd_internal_authenticate): Call
-       LED_WAIT_MODE, LED_STATUS_MODE to show "it's under computation".
-       * src/openpgp-do.c (gpg_do_keygen): Ditto.
-       * src/gnuk.h (LED_WAIT_MODE): Rename (was: LED_INPUT_MODE).
-       * src/main.c (display_interaction): Change the behavior of LED,
-       now, it's mostly ON (was: mostly OFF).
-
-2012-06-07  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/openpgp.c (cmd_internal_authenticate): Add check for input
-       length.
-
-       Implement key generation.
-       * src/openpgp.c (cmd_pgp_gakp): Call gpg_do_keygen.
-       * src/openpgp-do.c (proc_key_import): Call with modulus = NULL.
-       (gpg_do_keygen): New function.
-       (gpg_reset_digital_signature_counter): New function.
-       (gpg_do_write_prvkey): New argument MODULUS.  Call
-       gpg_reset_digital_signature_counter.
-       * src/call-rsa.c (rsa_genkey): New function.
-       * src/random.c (random_byte): New function.
-
-       PolarSSL modification.
-       * polarssl-0.14.0/library/rsa.c (rsa_gen_key): Don't set D, DP,
-       DQ, and QP.  It's only for key generation.
-       * polarssl-0.14.0/library/rsa.c (rsa_gen_key, rsa_pkcs1_encrypt):
-       Change f_rng function return type.
-       * polarssl-0.14.0/include/polarssl/rsa.h: Likewise.
-       * polarssl-0.14.0/library/bignum.c (mpi_is_prime, mpi_gen_prime):
-       Change f_rng function return type.
-       * polarssl-0.14.0/include/polarssl/bignum.h: Likewise.
-
-2012-06-06  Niibe Yutaka  <gniibe@fsij.org>
-
-       * Version 0.19.
-
-       * src/usb_desc.c (gnukStringSerial): Updated.
-
-       * regnual/regnual.c (fetch): Better implementation.
-
-2012-06-05  Niibe Yutaka  <gniibe@fsij.org>
-
-       Firmware update key handling.
-       * tool/gnuk_put_binary.py (GnukToken.cmd_get_response): Handle
-       larger data such as card holder certificate.
-       (GnukToken.cmd_write_binary): Bug fix for cert do write.
-       (GnukToken.cmd_read_binary): New.
-       (main): Support firmware update key.
-
-       Take advantage of the Thumb-2 "rbit" instruction.
-       * regnual/regnual.c (fetch): Reverse bits.
-       * src/usb_ctrl.c (rbit): New.  Deleted reverse32.
-       (download_check_crc32): Use rbit.
-       * tool/gnuk_upgrade.py (crc32): Just use binascii.crc32.
-       (crctab): Remove.
-
-2012-06-04  Niibe Yutaka  <gniibe@fsij.org>
-
-       Card holder certificate data object bug fixes.
-       * tool/gnuk_put_binary_libusb.py (gnuk_token.cmd_get_response):
-       Handle larger data such as card holder certificate.
-       * src/flash.c (flash_write_binary): Bug fix.  Call
-       flash_check_blank with p + offset.
-       * src/gnuk.h (FLASH_CH_CERTIFICATE_SIZE): Define here (was: flash.c).
-
-       Implement CRC32 check for firmware update.
-       * src/usb_ctrl.c (download_check_crc32): New.
-       * regnual/regnual.c (calc_crc32): New.
-       (regnual_ctrl_write_finish): Call calc_crc32.
-       * tool/gnuk_upgrade.py (crc32): New.
-       (regnual.download): Check crc32code.
-
-       * regnual/regnual.c (regnual_ctrl_write_finish): Bug fix.
-
-2012-06-01  Niibe Yutaka  <gniibe@fsij.org>
-
-       Support firmware update with public key authentication.
-       * tool/gnuk_upgrade.py (gpg_sign): New.
-       * tool/gnuk_put_binary_libusb.py (main): Support firmware update
-       key registration.
-
-       Update of reGNUal.
-       * regnual/regnual.c (main): Follow the change of usb_lld_init.
-       (regnual_config_desc): Include interface descriptor.
-       (usb-strings.c.inc): Change the file name.
-       * regnual/Makefile (regnual.o): Depend on sys.h.
-       * src/configure (usb-strings.c.inc): ifdef-out
-       gnuk_revision_detail and gnuk_config_options (for reGNUal).
-       * src/usb_desc.c (USB_STRINGS_FOR_GNUK): Define.
-
-       USB bug fixes.
-       * src/usb_ctrl.c (gnuk_usb_event): Bug fix for handling
-       USB_EVENT_CONFIG.  Do nothing when current_conf == value.
-       * src/usb_lld.c (std_clear_feature): Bug fix.  Always clear DTOG.
-       (usb_lld_init): New argument for FEATURE.
-
-2012-05-31  Niibe Yutaka  <gniibe@fsij.org>
-
-       * polarssl-0.14.0/library/rsa.c (rsa_pkcs1_verify): BUF size is
-       256 (was: 1024).
-       * src/call-rsa.c (rsa_verify): It's SIG_RSA_SHA1.
-       * src/openpgp.c (cmd_external_authenticate): Follow the change of
-       rsa_verify.
-
-       Support "firmware update" keys.
-       * src/flash.c (flash_write_binary): Support update keys.
-       * src/gnuk.h (FILEID_UPDATE_KEY_0, FILEID_UPDATE_KEY_1)
-       (FILEID_UPDATE_KEY_2,FILEID_UPDATE_KEY_3): New.
-       * src/gnuk.ld.in (_updatekey_store): New.
-       * src/openpgp.c (FILE_EF_UPDATE_KEY_0, FILE_EF_UPDATE_KEY_1)
-       (FILE_EF_UPDATE_KEY_2, FILE_EF_UPDATE_KEY_3): New.
-       (gpg_get_firmware_update_key): New.
-       (cmd_read_binary): Support update keys and certificate.
-       (modify_binary): New.
-       (cmd_update_binary, cmd_write_binary): Use modify_binary.
-       (cmd_external_authenticate): Support up to four keys.
-
-       Version string of system service is now USB string.
-       * src/sys.h (unique_device_id): Define here, not as system
-       service.
-       * src/sys.c (sys_version): Version string for system service.
-       * src/usb_desc.c (String_Descriptors): Add sys_version.
-       * src/usb_conf.h (NUM_STRING_DESC): 7 (was: 6).
-       * src/gnuk.ld.in (.sys.version): New section.
-
-2012-05-30  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/openpgp.c (CHALLENGE_LEN): New.
-       (cmd_external_authenticate): Authentication by response with
-       public key.
-       (cmd_get_challenge): 16-byte is enough for challenge.
-
-2012-05-29  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/call-rsa.c (rsa_verify): New function.
-
-       * polarssl-0.14.0/include/polarssl/rsa.h (rsa_pkcs1_verify)
-       * polarssl-0.14.0/library/rsa.c (rsa_pkcs1_verify): Fix API.
-
-       * src/usb_conf.h (NUM_STRING_DESC): Incremented to 6 (was: 4).
-       * src/configure: Generate strings for revision detail and config
-       options.
-       * src/usb_desc.c (gnuk_revision_detail, gnuk_config_options): New.
-
-       * src/main.c (main) [DFU_SUPPORT]: Kill DFU and install .sys.
-
-       * src/config.h.in (FLASH_PAGE_SIZE): New.
-       * src/configure: Support FLASH_PAGE_SIZE for config.h
-       * boards/*/board.h (FLASH_PAGE_SIZE): Remove.
-       * src/flash.c (FLASH_PAGE_SIZE): Remove.
-
-       * src/sys.c (reset): Don't depend if DFU_SUPPORT or not.
-       (flash_erase_all_and_exec): Rename and change the argument.
-       * src/gnuk.ld.in (__flash_start__): Real flash ROM address,
-       regardless of DFU_SUPPORT.
-       * src/main.c (main): Call flash_erase_all_and_exec with SRAM
-       address.
-
-       * polarssl-0.14.0/library/aes.c (FT0, FT1, FT2): Specify sections
-       in detail, so that addresses won't be affected by compiler.
-       * src/gnuk.ld.in (.sys): Define sections in detail.
-
-       * boards/STBEE_MINI/board.h (SET_USB_CONDITION, GPIO_USB)
-       (IOPORT_USB, SET_LED_CONDITION, GPIO_LED, IOPORT_LED)
-       (FLASH_PAGE_SIZE): New.
-       * boards/STBEE_MINI/board.c (USB_Cable_Config, set_led): Remove.
-
-       * boards/STBEE/board.h (SET_USB_CONDITION, GPIO_USB, IOPORT_USB)
-       (SET_LED_CONDITION, GPIO_LED, IOPORT_LED, FLASH_PAGE_SIZE): New.
-       * boards/STBEE/board.c (USB_Cable_Config, set_led): Remove.
-
-       * boards/CQ_STARM/board.h (SET_USB_CONDITION)
-       (SET_LED_CONDITION, GPIO_LED, IOPORT_LED, FLASH_PAGE_SIZE): New.
-       * boards/CQ_STARM/board.c (USB_Cable_Config, set_led): Remove.
-
-2012-05-28  Niibe Yutaka  <gniibe@fsij.org>
-
-       * boards/*/board.c (hwinit0): Removed...
-       * boards/common/hwinit.c (hwinit0): ... and define here.
-       (hwinit0) [DFU_SUPPORT]:  Don't set SCB->VTOR here.
-       * src/sys.c (reset) [DFU_SUPPORT]: Set SCB->VTOR here.
-       (flash_write): Range check.
-
-       * polarssl-0.14.0/library/aes.c (FT0, FT1, FT2): Specify the
-       section ".sys", so that we will have more room for flash ROM.
-       * src/gnuk.ld.in (.sys): Add alignment settings.
-
-       * tool/gnuk_upgrade.py (main): First 4096-byte of Gnuk is system
-       block.  Don't send it to reGNUal.
-
-       * regnual/sys.c (entry): Fix clearing BSS.  It is called with all
-       interrupts disabled.
-
-       * regnual/regnual.ld (_flash_start): It's 0x08001000 now, because
-       there is system block now (was: 0x08000000).
-
-2012-05-26  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/sys.c (reset): Set SCR->VCR here.
-
-2012-05-25  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/gnuk.ld.in (.sys): New section.
-
-       * boards/OLIMEX_STM32_H103/board.h (SET_USB_CONDITION, GPIO_USB)
-       (IOPORT_USB, SET_LED_CONDITION, GPIO_LED, IOPORT_LED)
-       (FLASH_PAGE_SIZE): New.
-       * boards/OLIMEX_STM32_H103/board.c (USB_Cable_Config, set_led):
-       Remove.
-
-       * boards/STM32_PRIMER2/board.h (SET_USB_CONDITION, GPIO_USB)
-       (IOPORT_USB, SET_LED_CONDITION, GPIO_LED, IOPORT_LED)
-       (FLASH_PAGE_SIZE): New.
-       * boards/STM32_PRIMER2/board.c (USB_Cable_Config, set_led):
-       Remove.
-
-       * boards/FST_01_00/board.h (SET_USB_CONDITION, GPIO_USB)
-       (IOPORT_USB, SET_LED_CONDITION, GPIO_LED, IOPORT_LED)
-       (FLASH_PAGE_SIZE): New.
-       * boards/FST_01_00/board.c (USB_Cable_Config, set_led): Remove.
-
-       * boards/FST_01/board.h (SET_USB_CONDITION, GPIO_USB, IOPORT_USB)
-       (SET_LED_CONDITION, GPIO_LED, IOPORT_LED, FLASH_PAGE_SIZE): New.
-       * boards/FST_01/board.c (USB_Cable_Config, set_led): Remove.
-
-       * regnual/sys-stm8s-discovery.h, sys-stbee.h: Remove.
-
-       * boards/STM8S_DISCOVERY/board.h (SET_USB_CONDITION)
-       (SET_LED_CONDITION, GPIO_LED, IOPORT_LED, FLASH_PAGE_SIZE): New.
-       * boards/STM8S_DISCOVERY/board.c (USB_Cable_Config, set_led):
-       Remove.
-
-       * regnual/Makefile: Add -I ../src to CFLAGS.
-
-       * regnual/regnual.ld (vector): New.
-
-       * regnual/sys.c: Remove implementation, but jump to vector by sys.h.
-
-       * src/Makefile.in: Follow change of files.
-
-       * src/configure: Undo changes of 2012-05-22.
-
-       * boards/common/hw_config.c: Remove.  Mov function to sys.c.
-       * src/flash.c: Move functions to sys.c.
-       * src/sys.c: New.
-
-       * src/main.c (main): Call flash_mass_erase_and_exec.
-
-       * src/usb_lld.c: Include sys.h.
-
-       * src/usb_lld_sys.c: Remove.  Move interrupt handler to...
-       * src/usb_ctrl.c: ... this file.
-
-       * regnual/sys.c (clock_init, gpio_init, flash_unlock): Removed.
-       (entry): Rename (was: reset).
-
-2012-05-24  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/main.c (good_bye): Care LSB of function pointer.
-       (flash_mass_erase_and_exec): Implemented in C.
-
-2012-05-23  Niibe Yutaka  <gniibe@fsij.org>
-
-       * regnual/sys-stm8s-discovery.h: New.
-
-       * src/main.c (flash_mass_erase_and_exec, good_bye): New.
-       (main): Call good_bye.
-
-       * tool/gnuk_upgrade.py (regnual.protect): New.
-       (main): Call regnual.protect().
-
-       * regnual/regnual.c (regnual_setup): Don't call flash_write here.
-       (regnual_ctrl_write_finish): But call here.
-       (USB_REGNUAL_RESULT): New.
-
-       * regnual/sys.c (flash_protect): New.
-
-2012-05-22  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/configure (../regnual/sys.h): Create symblic link.
-
-       * src/usb_ctrl.c: Rename (was: usb_prop.c).
-
-       * regnual/types.h, regnual/sys.c, regnual/regnual.ld: New.
-       * regnual/regnual.c, regnual/Makefile: New.
-       * regnual/sys-stbee.h: New.
-
-       * src/usb_lld.c: Support FREE_STANDING environment as well as
-       under ChibiOS/RT.
-       (usb_lld_init): Call usb_lld_sys_init.  Don't call user defined
-       method.  Call usb_lld_set_configuration.
-       (usb_lld_shutdown): Call usb_lld_sys_shutdown.
-       (Vector90): Move to usb_lld_sys.c.
-       (usb_interrupt_handler): Export to global.
-
-       * src/usb_lld_sys.c: New.
-
-       * src/usb_prop.c (Device_Method): Remove gnuk_device_init.
-       (gnuk_device_init): Remove.
-
-2012-05-19  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/usb_lld.c (handle_datastage_in): Bug fix, erable RX when
-       sending ZLP.  It will be possible to get OUT transaction soon
-       after IN transaction.
-
-2012-05-18  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/usb_lld.c (handle_datastage_out): Fix rx copying.
-       (handle_setup0): Bug fix not stalling TX, it will be possible
-       to go IN transaction, soon after OUT transaction.
-
-       * src/usb_lld.h (USB_SETUP_SET, USB_SETUP_GET): New.
-       (usb_device_method.ctrl_write_finish): New.
-       (usb_device_method.setup): Merge setup_with_data, and
-       setup_with_nodata.
-
-       * src/usb_lld.c (usb_lld_shutdown, usb_lld_prepare_shutdown): New.
-       (handle_setup0): Call ->setup.
-       (handle_in0): Call ->ctrl_write_finish.
-
-       * src/usb_prop.c (vcom_port_data_setup): Merge
-       vcom_port_setup_with_nodata.
-       (download_check_crc32): New.
-       (gnuk_setup): Merge gnuk_setup_with_data and
-       gnuk_setup_with_nodata.
-       (gnuk_ctrl_write_finish): New.
-
-2012-05-17  Niibe Yutaka  <gniibe@fsij.org>
-
-       * tool/gnuk_upgrade.py: New tool.
-
-       * src/gnuk.h (ICC_STATE_EXITED, ICC_STATE_EXEC_REQUESTED): New.
-
-       * src/openpgp.c (INS_EXTERNAL_AUTHENTICATE)
-       (cmd_external_authenticate): New.
-       (INS_GET_CHALLENGE, cmd_get_challenge): New.
-
-       * src/usb-icc.c (USBthread): Finish the thread with
-       ICC_STATE_EXITED, after EXTERNAL_AUTHENTICATE.
-
-       * src/usb_prop.c (gnuk_setup_endpoints_for_interface): Add STOP
-       argument.
-       (gnuk_usb_event): Disable all endpoints when configure(0).
-       (vcom_port_data_setup): Check direction and support
-       USB_CDC_REQ_SET_LINE_CODING.
-       (vcom_port_setup_with_nodata): Check direction.
-       (gnuk_setup_with_data): Check direction and add FSIJ_GNUK device
-       requests.
-       (gnuk_setup_with_nodata): Likewise.
-
-       * src/usb_lld.c (LAST_OUT_DATA): Remove.
-       (handle_datastage_out): Cleanup and call st103_ep_set_rxtx_status.
-       (handle_datastage_in): Call st103_ep_set_rxtx_status and
-       st103_ep_set_tx_status.
-       (handle_setup0): Likewise.
-       (handle_out0): Remove LAST_OUT_DATA.
-       (std_none, std_get_status, std_clear_feature, std_set_feature)
-       (std_set_address, std_get_descriptor, std_get_configuration)
-       (std_set_configuration, std_get_interface, std_set_interface):
-       Check direction.
-       (handle_setup0): Add length for setup_with_data.
-
-2012-05-16  Niibe Yutaka  <gniibe@fsij.org>
-
-       * tool/gnuk_put_binary.py (main): Fix fileid.
-       * tool/gnuk_put_binary_libusb.py: Ditto.
-
-       * src/openpgp.c (FILE_EF_RANDOM): Remove.
-       (cmd_update_binary, cmds): ifdef CERTDO_SUPPORT.
-       (cmd_write_binary): Fix fileid.
-
-       * src/flash.c (flash_check_blank): Always enable.
-       (flash_erase_binary): ifdef CERTDO_SUPPORT.
-       (flash_write_binary): Call flash_check_blank.
-
-2012-05-15  Niibe Yutaka  <gniibe@fsij.org>
-
-       * Version 0.18.
-
-       * src/usb_desc.c (gnukStringSerial): Updated.
-
-       * src/main.c (EP3_IN_Callback, EP5_OUT_Callback): Move from
-       usb_endp.c.
-
-       * src/usb_endp.c: Remove.
-
-2012-05-14  Niibe Yutaka  <gniibe@fsij.org>
-
-       * tool/gnuk_remove_keys.py: New.
-
-       * src/openpgp-do.c (proc_key_import): Fix checking extended header.
-
-       * src/hardclock.c: Remove.
-
-       * src/usb_prop.c (MSC_INTERFACE_NO): New.
-       (gnuk_setup_endpoints_for_interface): Cleanup with MSC_INTERFACE_NO.
-       (gnuk_setup_with_data, gnuk_setup_with_nodata): Likewise.
-
-       * src/usb-msc.c: Rename from usb_msc.c.
-
-       * src/usb-msc.h: Rename from usb_msc.h.
-
-       * src/Makefile.in: Follow the rename of usb-msc.c and remove of
-       hardclock.c.
-
-       * src/pin-dnd.c, src/usb_prop.c: Follow the rename of usb-msc.h.
-
-2012-05-12  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/usb_msc.c (ep6_out): Rename (was: ep7_out).
-       (usb_start_receive): Use ep6_out and ENDP6.
-       (EP6_OUT_Callback): Rename (was: EP7_OUT_Callback).
-       Use ep6_out and ENDP6.
-       (msc_handle_command): Use ep6_out and ENDP6.
-
-       * src/main.c (main): Wait USB reset.
-
-       * src/usb-icc.c (EP1_OUT_Callback): Rename from EP2_OUT_Callback.
-       (USBthread): Use ENDP1 for both of epi_init and epo_init.
-
-       * src/usb_conf.h (ENDP1_RXADDR, ENDP2_TXADDR, ENDP6_RXADDR): New.
-       (ENDP3_TXADDR, ENDP4_TXADDR, ENDP5_RXADDR): New value.
-       (ENDP7_RXADDR): Remove.
-
-       * src/usb_desc.c (gnukConfigDescriptor): Use endpoint OUT1 (was
-       IN2), endpoint OUT6 (IN7).
-
-       * src/usb_prop.c (gnuk_setup_endpoints_for_interface): Use ENDP1
-       and ENDP6 for both directions.
-
-2012-05-11  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/configure (--vidpid): New mandatory option.
-
-       * GNUK_USB_DEVICE_ID: New file.
-
-       * src/usb_desc.c (gnukDeviceDescriptor): Include
-       usb-vid-pid-ver.c.inc.
-       (gnukStringVendor, gnukStringProduct): Remove.  It's in the
-       file, usb-string-vender-product.c.inc.
-
-       * src/Makefile.in (distclean): Delete *.inc.
-
-       * src/usb_prop.c (vcom_port_setup_with_nodata) Rename.
-       (vcom_port_data_setup): Rename and fix return value.
-
-       * src/usb-cdc.h (VIRTUAL_COM_PORT_DATA_SIZE)
-       (VIRTUAL_COM_PORT_INT_SIZE): New.
-
-       * src/main.c (#include): Add usb-cdc.h.
-       * src/usb_desc.c (#include): Add usb-cdc.h.
-       * src/usb_endp.c (#include): Add usb_lld.h.
-
-       * src/configure ($help): Add FST_01.
-
-2012-05-10  Niibe Yutaka  <gniibe@fsij.org>
-
-       * STM32_USB-FS-Device_Driver, Virtual_COM_Port: Remove.
-
-       * src/usb_lld.c (#include): Don't include usb_lib.h.
-       (RECIPIENT, REG_BASE PMA_ADDR, CNTR, ISTR, FNR, DADDR, BTABLE)
-       (ISTR_CTR, ISTR_DOVR, ISTR_ERR, ISTR_WKUP, ISTR_SUSP, ISTR_RESET)
-       (ISTR_SOF, ISTR_ESOF, ISTR_DIR, ISTR_EP_ID, CLR_CTR, CLR_DOVR)
-       (CLR_ERR, CLR_WKUP, CLR_SUSP, CLR_RESET, CLR_SOF, CLR_ESOF)
-       (CNTR_CTRM, CNTR_DOVRM, CNTR_ERRM, CNTR_WKUPM, CNTR_SUSPM)
-       (CNTR_RESETM, CNTR_SOFM, CNTR_ESOFM, CNTR_RESUME, CNTR_FSUSP)
-       (CNTR_LPMODE, CNTR_PDWN, CNTR_FRES, DADDR_EF, DADDR_ADD)
-       (EP_CTR_RX, EP_DTOG_RX, EPRX_STAT, EP_SETUP, EP_T_FIELD, EP_KIND)
-       (EP_CTR_TX, EP_DTOG_TX, EPTX_STAT, EPADDR_FIELD, EPREG_MASK)
-       (EP_TX_DIS, EP_TX_STALL, EP_TX_NAK, EP_TX_VALID, EPTX_DTOG1)
-       (EPTX_DTOG2, EP_RX_DIS, EP_RX_STALL, EP_RX_NAK, EP_RX_VALID)
-       (EPRX_DTOG1, EPRX_DTOG2): New. Compatible to ST's USB-FS-Device_Lib.
-       (CH_IRQ_HANDLER): Call usb_interrupt_handler (was: USB_Istr).
-       (EP1_IN_Callback, EP2_IN_Callback, EP3_IN_Callback)
-       (EP4_IN_Callback, EP5_IN_Callback, EP6_IN_Callback)
-       (EP7_IN_Callback, EP1_OUT_Callback, EP2_OUT_Callback)
-       (EP3_OUT_Callback, EP4_OUT_Callback, EP5_OUT_Callback)
-       (EP6_OUT_Callback, EP7_OUT_Callback): New.  Implement here.
-       Compatible to ST's USB-FS-Device_Lib.
-       (USB_MAX_PACKET_SIZE): New.
-       (GET_STATUS, CLEAR_FEATURE, RESERVED1, SET_FEATURE, RESERVED2)
-       (SET_ADDRESS, GET_DESCRIPTOR, SET_DESCRIPTOR, GET_CONFIGURATION)
-       (SET_CONFIGURATION, GET_INTERFACE, SET_INTERFACE)
-       (SYNCH_FRAME,TOTAL_REQUEST): New for USB control transfer.
-       (enum CONTROL_STATE): New for state machine of control pipe.
-       (enum FEATURE_SELECTOR): New.
-       (struct DATA_INFO, struct CONTROL_INFO, struct DEVICE_INFO): New.
-       (ctrl_p, dev_p, data_p, Control_Info, Device_Info, Data_Info):
-       New.
-       (usb_lld_stall_tx, usb_lld_stall_rx)
-       (usb_lld_tx_data_len, usb_lld_txcpy, usb_lld_tx_enable)
-       (usb_lld_write, usb_lld_rx_enable, usb_lld_rx_data_len)
-       (usb_lld_rxcpy): Move from usb_lld.h and not inline.
-       (usb_lld_reset, usb_lld_setup_endpoint)
-       (usb_lld_set_configuration, usb_lld_current_configuration)
-       (usb_lld_set_feature, usb_lld_set_data_to_send): New.
-       (usb_lld_to_pmabuf, usb_lld_from_pmabuf): Clean up.
-       (usb_lld_init): New implementation.
-       (st103_set_btable, st103_get_istr, st103_set_istr, st103_set_cntr)
-       (st103_set_daddr, st103_set_epreg, st103_get_epreg)
-       (st103_set_tx_addr, st103_get_tx_addr, st103_set_tx_count)
-       (st103_get_tx_count, st103_set_rx_addr, st103_get_rx_addr)
-       (st103_set_rx_buf_size, st103_get_rx_count, st103_ep_clear_ctr_rx)
-       (st103_ep_clear_ctr_tx, st103_ep_set_rxtx_status)
-       (st103_ep_set_rx_status, st103_ep_get_rx_status)
-       (st103_ep_set_tx_status, st103_ep_get_tx_status)
-       (st103_ep_clear_dtog_rx, st103_ep_clear_dtog_tx): New lower-level
-       functions for USB related registers access.
-       (usb_interrupt_handler, usb_handle_transfer)
-       (handle_datastage_out, handle_datastage_in, handle_setup0)
-       (handle_in0, handle_out0)
-       (std_none, std_get_status, std_clear_feature, std_set_feature,
-       std_set_address, std_get_descriptor, std_get_configuration,
-       std_set_configuration, std_get_interface, std_set_interface)
-       (std_request_handler): New USB stack implementation.
-
-       * src/usb_lld.h (usb_lld_stall_tx, usb_lld_stall_rx)
-       (usb_lld_tx_data_len, usb_lld_txcpy, usb_lld_tx_enable)
-       (usb_lld_write, usb_lld_rx_enable, usb_lld_rx_data_len)
-       (usb_lld_rxcpy): Those are not inline functions anymore.
-       (USB_DEVICE_DESCRIPTOR_TYPE, USB_CONFIGURATION_DESCRIPTOR_TYPE)
-       (USB_STRING_DESCRIPTOR_TYPE, USB_INTERFACE_DESCRIPTOR_TYPE)
-       (USB_ENDPOINT_DESCRIPTOR_TYPE, STANDARD_ENDPOINT_DESC_SIZE)
-       (ENDP0, ENDP1, ENDP2, ENDP3, ENDP4, ENDP5, ENDP6, ENDP7)
-       (EP_BULK, EP_CONTROL, EP_ISOCHRONOUS, EP_INTERRUPT)
-       (DEVICE_RECIPIENT, INTERFACE_RECIPIENT, ENDPOINT_RECIPIENT)
-       (ENDPOINT_RECIPIENT, OTHER_RECIPIENT)
-       (DEVICE_DESCRIPTOR, CONFIG_DESCRIPTOR, STRING_DESCRIPTOR)
-       (INTERFACE_DESCRIPTOR, ENDPOINT_DESCRIPTOR)
-       (REQUEST_TYPE, STANDARD_REQUEST, CLASS_REQUEST, VENDOR_REQUEST)
-       (USB_UNSUPPORT, USB_SUCCESS)
-       (USB_EVENT_RESET, USB_EVENT_ADDRESS, USB_EVENT_CONFIG)
-       (USB_EVENT_SUSPEND, USB_EVENT_WAKEUP, USB_EVENT_STALL)
-       (USB_SET_INTERFACE, USB_GET_INTERFACE, USB_QUERY_INTERFACE)
-       (UNCONNECTED, ATTACHED, POWERED, SUSPENDED, ADDRESSED)
-       (CONFIGURED, USB_Cable_Config): New.  Compatible to ST's
-       USB-FS-Device_Lib.
-       (struct Descriptor, struct usb_device_method)
-       (Device_Descriptor, Config_Descriptor, String_Descriptors)
-       (STM32_USB_IRQ_PRIORITY, bDeviceState, Device_Method)
-       (usb_lld_init, usb_lld_reset, usb_lld_setup_endpoint)
-       (usb_lld_set_configuration, usb_lld_current_configuration)
-       (usb_lld_set_feature, usb_lld_set_data_to_send): New API.
-
-       * src/usb_prop.c(#include): Only include usb_lld.h for USB.
-       (SetEPRxCount_allocated_size): Remove.
-       (struct line_coding, line_coding, Virtual_Com_Port_Data_Setup)
-       (Virtual_Com_Port_NoData_Setup): Add from usb-cdc-vport.c.
-       (gnuk_device_init, gnuk_device_reset, gnuk_setup_with_data)
-       (gnuk_setup_with_nodata): Follow the API change of USB stack.
-       (gnuk_setup_endpoints_for_interface, gnuk_get_descriptor)
-       (gnuk_usb_event, gnuk_interface): New.
-       (gnuk_device_SetConfiguration, gnuk_device_SetInterface)
-       (gnuk_device_SetDeviceAddress, gnuk_device_Status_In)
-       (gnuk_device_Status_Out, gnuk_device_GetDeviceDescriptor)
-       (gnuk_device_GetConfigDescriptor, gnuk_device_GetStringDescriptor)
-       (gnuk_device_Get_Interface_Setting, gnuk_clock_frequencies)
-       (gnuk_data_rates, msc_lun_info, Device_Table)
-       (User_Standard_Requests): Remove.
-       (Device_Method): Replace Device_Property.
-
-       * src/usb_msc.c (#include): Only include usb_lld.h for USB.
-
-       * src/usb_endp.c (#include): Only include usb_lld.h for USB.
-       (EP5_OUT_Callback): Follow the API change of USB stack.
-
-       * src/usb_desc.c (#include): Only include usb_lld.h for USB.
-       Add usb_conf.h.
-       (Device_Descriptor, Config_Descriptor): Follow the API change
-       of USB stack.
-       (String_Descriptors): New, rename from String_Descriptor.
-
-       * src/usb_conf.h (EP_NUM, BTABLE_ADDRESS, IMR_MSK): Remove.
-       (NUM_STRING_DESC): Add.
-
-       * src/usb-icc.c (#include): Only include usb_lld.h for USB.
-
-       * src/usb-cdc-vport.c, src/usb_prop.h: Remove.
-
-       * src/stmusb.mk, src/vcomport.mk: Remove.
-
-       * src/main.c (#include): Only include usb_lld.h for USB.
-       (main): Remove call to USB_Init.
-
-       * src/Makefile.in (include): Remove stmusb.mk, vcomport.mk.
-       (VCOMSRC) [ENABLE_VCOMPORT]: Add.
-       (INCDIR): Remove STMUSBINCDIR and VCOMDIR.
-
-       * boards/common/hw_config.c (Enter_LowPowerMode)
-       (Leave_LowPowerMode): Remove.
-
-2012-02-02  Niibe Yutaka  <gniibe@fsij.org>
-
-       * Version 0.17.
-
-       * src/usb_desc.c (gnukStringSerial): Updated.
-       (gnukConfigDescriptor): Short APDU only.
-
-       * tool/gnuk_put_binary.py (cmd_get_response): New.
-       (cmd_select_openpgp, cmd_get_data): Call cmd_get_response.
-
-2012-01-30  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/usb-icc.c (struct ccid): Add chained_cls_ins_p1_p2.
-       (end_cmd_apdu_head, icc_cmd_apdu_data, icc_handle_data): Add checking
-       CMD APDU head for command chaining.
-
-2012-01-20  Niibe Yutaka  <gniibe@fsij.org>
-
-       Short APDU only CCID driver.
-       * STM32_USB-FS-Device_Driver/src/usb_core.c (DataStageOut)
-       (DataStageIn): Use usb_lld_to_pmabuf and usb_lld_from_pmabuf.
-
-       * src/configure (CERTDO_SUPPORT): Comment fix.
-
-       * src/gnuk.h (struct adpu): expected_res_size has type uint16_t.
-       (MAX_CMD_APDU_DATA_SIZE, MAX_RES_APDU_DATA_SIZE): New.
-       (MAX_CMD_APDU_SIZE, MAX_RES_APDU_SIZE, USB_BUF_SIZE): Remove.
-       (icc_state_p): New.
-       (set_res_sw): Rename from set_res_apdu.
-
-       * src/call-rsa.c (rsa_decrypt): Use MAX_RES_APDU_DATA_SIZE.
-
-       * src/openpgp.c (set_res_sw): Rename from set_res_apdu.
-       * src/openpgp.h: Use set_res_sw.
-
-       * src/main.c: Handle icc_state_p.
-
-       * src/openpgp-do.c (historical_bytes): command chaining but short
-       APDU only.
-       (extended_capabilities): Change for short APDU only.
-
-       * src/usb-icc.c (USB_BUF_SIZE): Define here (was in gnuk.h).
-       (struct ep_in, epi_init, struct ep_out, epo_init, endpoint_out)
-       (endpoint_in, icc_state_p, struct ccid, APDU_STATE_WAIT_COMMAND)
-       (APDU_STATE_COMMAND_CHAINING, APDU_STATE_COMMAND_RECEIVED)
-       (APDU_STATE_RESULT, APDU_STATE_RESULT_GET_RESPONSE, ccid_reset)
-       (ccid_init, CMD_APDU_HEAD_SIZE, apdu_init, notify_tx, no_buf)
-       (set_sw1sw2, get_sw1sw2, notify_icc, end_icc_rx, end_abdata)
-       (end_cmd_apdu_head, end_nomore_data, end_cmd_apdu_data)
-       (nomore_data, INS_GET_RESPONSE, icc_cmd_apdu_data, icc_abdata)
-       (icc_send_data_block_0x9000, icc_send_data_block_gr, ccid): New.
-       (icc_data_size, icc_seq, icc_next_p, icc_chain_p, icc_tx_size)
-       (icc_thread, icc_state, gpg_thread, ICC_RESPONSE_MSG_DATA_SIZE):
-       Remove.
-       (EP1_IN_Callback): Rewrite using epi.
-       (EP2_OUT_Callback): Rewrite using epo.
-       (icc_prepare_receive): Rewrite using epo and struct ccid.
-       (ATR): Change ofr short APDU only.
-       (icc_error, icc_power_on, icc_send_status, icc_power_off)
-       (icc_send_data_block, icc_send_params, icc_handle_data)
-       (icc_handle_timeout, USBthread): Rewrite using struct ccid.
-
-       * src/usb_desc.c (gnukConfigDescriptor): dwFeatures: Short APDU
-       level, dwMaxCCIDMessageLength: 271.
-
-       * src/usb_lld.c (usb_lld_to_pmabuf, usb_lld_from_pmabuf): New.
-       * src/usb_lld.h (usb_lld_txcpy, void usb_lld_write) Use
-       usb_lld_to_pmabuf.
-       (usb_lld_rxcpy): Use usb_lld_from_pmabuf.
-
-       * src/stmusb.mk (usb_mem.c): Remove.
-
-       * gnuk_put_binary.py (cmd_select_openpgp): No response APDU data.
-       (cmd_verify, cmd_write_binary): Send short APDU.
-       (__main__): Remove RANDOM_NUMBER_BITS support.
-
-       Bug fix for CERTDO_SUPPORT.
-       * src/gnuk.ld.in: Add missing alignment for _data_pool (when no
-       CERTDO_SUPPORT).
-
-2012-01-19  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/usb-icc.c (icc_handle_data): Handle the case when it only
-       sends 0x90 and 0x00 correctly.
-
-       * src/openpgp-do.c (gpg_do_get_data): Fix res_apdu_data_len.
-
-2012-01-18  Niibe Yutaka  <gniibe@fsij.org>
-
-       Clean up API between application layer and CCID layer.
-       * tool/gnuk_put_binary.py, gnuk_put_binary_libusb.py: Don't append
-       0x9000 at the data, any more.
-       * src/usb-icc.c (icc_data_size, icc_buffer, icc_seq): Make them
-       internal.
-       (res_APDU_size, res_APDU_pointer): Removed.
-       (icc_handle_data, USBthread): Follow new API of struct apdu.
-       * src/call-rsa.c (rsa_sign, rsa_decrypt): Likewise.
-       * src/openpgp.c (CLS, INS, P1, P2): New.
-       (set_res_apdu, cmd_verify, cmd_change_password)
-       (cmd_reset_user_password, cmd_put_data, cmd_pgp_gakp)
-       (cmd_read_binary, cmd_select_file, cmd_pso)
-       (cmd_internal_authenticate, cmd_update_binary, cmd_write_binary)
-       (process_command_apdu, GPGthread): Follow new API of struct apdu.
-       * src/openpgp-do.c (gpg_do_get_data, gpg_do_public_key): Follow
-       new API of struct apdu.
-       * src/gnuk.h (struct apdu, apdu): New.
-       (cmd_APDU, icc_data_size, cmd_APDU_size, icc_buffer): Removed.
-       (res_APDU, res_APDU_size): Use members of struct apdu.
-
-2012-01-16  Niibe Yutaka  <gniibe@fsij.org>
-
-       Adopt new USB API.
-       * src/usb_msc.c (usb_start_transmit): Use usb_lld_write.
-       (EP6_IN_Callback): Use usb_lld_tx_data_len and usb_lld_write.
-       (usb_start_receive): Use usb_lld_rx_enable.
-       (EP7_OUT_Callback): Use usb_lld_rx_data_len, usb_lld_rxcpy
-       and usb_lld_rx_enable
-       (msc_handle_command): Use usb_lld_stall_rx and usb_lld_stall_tx.
-
-       * src/usb_lld.h (usb_lld_stall_tx, usb_lld_stall_rx)
-       (usb_lld_tx_data_len): New.
-
-       * src/main.c (STDOUTthread): Use usb_lld_write.
-
-       * src/usb-icc.c (EP1_IN_Callback, icc_error, icc_power_on)
-       (icc_send_status, icc_send_data_block, icc_send_params): Use
-       usb_lld_write (was: USB_SIL_Write).
-       (EP2_OUT_Callback): Use usb_lld_rx_data_len, usb_lld_rxcpy,
-       and usb_lld_rx_enable (was: USB_SIL_Read and SetEPRxValid).
-       (icc_prepare_receive): Use usb_lld_rx_enable.
-
-       * src/stmusb.mk (STMUSBSRC): Dont' include usb_sil.c.
-
-       * src/usb_lld.h (usb_lld_txcpy, usb_lld_tx_enable)
-       (usb_lld_write, usb_lld_rx_enable, usb_lld_rx_data_len)
-       (usb_lld_rxcpy): New.
-
-       * src/usb_prop.c (SetEPRxCount_allocated_size): Fix the
-       implementation.  (ST's SetEPRxCount is actually meant to
-       setup allocated size, which is confusing).
-       (gnuk_device_init): Don't call USB_SIL_Init.
-
-2012-01-10  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/openpgp.c (GPGthread): Allow INS_RESET_RETRY_COUNTER and
-       INS_PUT_DATA for pinentry targets.
-
-2012-01-05  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/openpgp.c (cmd_select_file): Check DF name.
-
-       * tool/pinpadtest.py: Rename from pinpad-test.py.
-
-2011-12-28  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/usb_prop.c (SetEPRxCount_allocated_size): New.
-       (gnuk_device_reset): Use SetEPRxCount_allocated_size.
-       * src/usb_msc.c (usb_start_receive): Don't set RxCount register
-       here.
-       * STM32_USB-FS-Device_Driver/src/usb_core.c (Standard_ClearFeature)
-       (Post0_Process): Don't need to set RxCount register.
-
-       * src/usb_prop.c (msc_lun_info) [PINPAD_DND_SUPPORT]: ifdef-out.
-
-       * src/usb-icc.c (EP2_OUT_Callback): Fix apdu size == 49 bug,
-       we don't assume host sends ZLP (But accepts ZLP, just in case).
-
-2011-12-22  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/openpgp-do.c (extended_capabilities) [CERTDO_SUPPORT]:
-       conditionalize.
-
-2011-12-21  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/openpgp-do.c (gpg_do_get_data) [CERTDO_SUPPORT]: ifdef out.
-
-       * src/gnuk.ld.in (.gnuk_ch_certificate): Only valid
-       when --enable-certdo.
-
-       * src/flash.c (flash_check_blank) [CERTDO_SUPPORT]: ifdef out.
-       (flash_erase_binary) [CERTDO_SUPPORT]: Likewise.
-       (flash_write_binary) [CERTDO_SUPPORT]: Likewise.
-
-       * src/configure (certdo): New.
-       (--enable-certdo, --disable-certdo): New options.
-       Remove cheking for /dev/random.
-
-       * src/config.h.in (@CERTDO_DEFINE@): New.
-
-2011-12-20  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/usb_msc.c (msc_handle_command): SCSI_START_STOP_UNIT command
-       with stop/eject/close means cancelling pinentry.
-
-       * src/pin-dnd.c (pinpad_finish_entry, parse_directory_sector):
-       Implement "cancel".
-       (pinpad_getline): Likewise.
-       (msc_scsi_stop): New.
-
-2011-12-16  Niibe Yutaka  <gniibe@fsij.org>
-
-       * tool/gnuk_put_binary_libusb.py (gnuk_token.cmd_select_openpgp):
-       Fix apdu parameter.
-
-       * tool/gnuk_put_binary.py (GnukToken.cmd_select_openpgp): Ditto.
-
-       * tool/pinpad-test.py: New.
-
-2011-12-14  Niibe Yutaka  <gniibe@fsij.org>
-
-       * Version 0.16.
-
-       * src/usb_desc.c (gnukStringSerial): Updated.
-
-       * boards/STM8S_DISCOVERY/board.h, board.c: Fix for PINPAD_SUPPORT.
-       * boards/STBEE_MINI/board.h, board.c: Likewise.
-       * boards/STBEE/board.h, board.c: Likewise.
-       * boards/FST_01/board.c: Likewise.
-
-2011-12-13  Niibe Yutaka  <gniibe@fsij.org>
-
-       Add pinpad DND support.
-       * src/Makefile.in (CSRC) [ENABLE_PINPAD]: Add usb_msc.c.
-       * src/configure (pinpad): Add dnd support.
-       * src/gnuk.h [PINPAD_DND_SUPPORT]: Add declarations.
-       * src/main.c (STDOUTthread): Add PUSH packet.
-       (main) [PINPAD_DND_SUPPORT]: Call msc_init.
-       * src/usb_conf.h (EP_NUM): Add the case of PINPAD_DND_SUPPORT.
-       (ENDP6_TXADDR, ENDP7_RXADDR): New.
-       (ENDP4_TXADDR, ENDP5_RXADDR): Changed for smaller buffer.
-       * src/usb_desc.c (gnukConfigDescriptor): Add Mass storage device.
-       * src/usb_msc.c, src/usb_msc.h, src/pin-dnd.c: New.
-       * src/usb_prop.c: Include "usb_msc.h".
-       (gnuk_device_reset): Add initialization of ENDP6 and ENDP7.
-       (gnuk_device_SetInterface): Add initialization of ENDP6 and ENDP7.
-       (NUM_INTERFACES): Handle cases for PINPAD_DND_SUPPORT.
-       (msc_lun_info): New.
-       (gnuk_setup_with_data, gnuk_setup_with_nodata): Handle standard
-       request for Mass storage device.
-       * Virtual_COM_Port/usb_desc.h (VIRTUAL_COM_PORT_DATA_SIZE): Since
-       there isn't enough hardware buffer, smaller value (was: 64).
-
-       * src/ac.c (verify_user_0): Add access argument.
-       (verify_pso_cds, verify_other, verify_admin_0): Follow the change.
-       * src/openpgp.c (cmd_change_password): Likewise.
-
-2011-12-08  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/usb-icc.c: Not include "usb_desc.h".
-
-       * src/usb_endp.c (EP5_OUT_Callback): Fix minor bug.
-
-2011-12-07  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/usb_desc.c (gnukDeviceDescriptor): Changed bcdUSB = 1.1.
-       Gnuk device conforms to USB 2.0 full speed device, but when it was
-       2.0, some OS informs users, "you can connect the device to 2.0
-       compliant hub so that it can have better bandwidth", which is not
-       the case for full speed device.
-
-       * src/openpgp.c (GPGthread): Handle bConfirmPIN parameter.
-
-       * src/usb-icc.c (icc_handle_data): Pass PC_to_RDR_Secure
-       information to gpg_thread using memory of cmd_APDU.
-
-2011-12-01  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/gnuk.h (EV_PINPAD_INPUT_DONE, EV_NOP, EV_CMD_AVAILABLE)
-       (EV_VERIFY_CMD_AVAILABLE, EV_MODIFY_CMD_AVAILABLE): New.
-       * src/usb-icc.c (icc_power_off, icc_handle_data): Use EV_NOP,
-       EV_CMD_AVAILABLE, EV_VERIFY_CMD_AVAILABLE, and EV_MODIFY_CMD_AVAILABLE.
-       * src/pin-cir.c (cir_timer_interrupt): Use EV_PINPAD_INPUT_DONE.
-       * src/pin-dial.c (dial_sw_interrupt, pinpad_getline): Ditto.
-       (EV_SW_PUSH): Remove.
-
-       * src/openpgp.h (GPG_FUNCTION_NOT_SUPPORTED): New.
-       (GPG_CONDITION_NOT_SATISFIED): New.
-       * src/openpgp.c (cmd_change_password): Use GPG_FUNCTION_NOT_SUPPORTED.
-
-       * src/openpgp.c (cmd_verify, cmd_change_password)
-       (cmd_reset_user_password, cmd_put_data): Remove pinpad handling...
-       (GPGthread): ... and implement pinpad handling here.
-
-2011-11-29  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/openpgp.c (cmd_put_data) [PINPAD_SUPPORT]: Support pinpad
-       input (for reset code).
-
-2011-11-24  Niibe Yutaka  <gniibe@fsij.org>
-
-       * Version 0.15.
-       * src/usb_desc.c (gnukStringSerial): Updated.
-
-2011-11-22  Niibe Yutaka  <gniibe@fsij.org>
-
-       * tool/dfuse.py (DFU_STM32.download, DFU_STM32.verify): Support
-       unaligned write and hole.
-
-2011-11-14  Niibe Yutaka  <gniibe@fsij.org>
-
-       * boards/FST_01/{mcuconf.h,board.h,board.c}: New.
-
-2011-11-01  Niibe Yutaka  <gniibe@fsij.org>
-
-       * src/pin-dial.c (pinpad_getline): New.
-       (pin_main): Remove.
-
-       * boards/STBEE_MINI/board.h (TIMx): Define.
-       boards/STBEE/board.h (TIMx): Ditto.
-       boards/STM8S_DISCOVERY/board.h: Ditto.
-
-       * src/pin-cir.c (pinpad_getline): New.
-       (cir_timer_interrupt, cir_ext_interrupt): Use TIMx.
-       (cir_key_is_backspace, cir_key_is_enter, pin_main, pindisp):
-       Remove.
-       (cir_codetable_dell_mr425, cir_codetable_aquos)
-       (cir_codetable_regza, cir_codetable_bravia, ch_is_backspace)
-       (ch_is_enter, find_char_codetable, hex, cir_getchar): New.
-       (cir_timer_interrupt): Don't filter out ADDRESS.
-
-       * src/openpgp.c (get_pinpad_input): Don't invoke thread,
-       but just call pinpad_getline.
-
-       * src/main.c (display_interaction, display_fatal_code)
-       (display_status_code, led_blink): New.
-       (main): Call display_* routine.
-       (fatal): Notify main thread.
-       * src/usb_prop.c (gnuk_device_SetConfiguration): Notify main
-       thread.
-
-       * src/pin-cir.c (pindisp): Remove.
-
-       * boards/FST_01_00: New (for 8MHz FST-01).
-
-       * src/ac.c (calc_md): Fix comparison.
-
-       * src/call-rsa.c (RSA_SIGNATURE_LENGTH): Use KEY_CONTENT_LEN.
-       (rsa_sign, rsa_decrypt): Likewise.
-       (modulus_calc): Don't assume it's 2048-bit.
-
-       * src/ac.c (verify_user_0): Fix for non-initialized PW1.
-
-       * src/Makefile.in (MCFLAGS): Override MCFLAGS option for newer
-       GCC of summon-arm-toolchain to add -mfix-cortex-m3-ldrd.
-       NOTE: This should not be needed (as -mcpu=cortex-m3 defaults
-       to -mfix-cortex-m3-ldrd for GCC-proper), but it is needed
-       to select arm-none-eabi/lib/thumb2/libc.a correctly.
-
-2011-10-14  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/gnuk.ld.in (__main_stack_size__): It's 1KB (was 512 byte).
-
-2011-10-07  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * Version 0.14.
-       * src/usb_desc.c (gnukStringSerial): Updated.
-
-       * src/random.c (random_init): Call neug_prng_reseed.
-
-2011-10-06  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/Makefile.in (random_bits): Remove.
-
-       * src/openpgp.c (GPGthread): Remove unused event message.
-
-       * src/main.c (main): Call random_init.
-
-       * src/gnuk.ld.in (__process_stack_size__): Fix.
-       (.gnuk_random): Removed.
-
-       * src/flash.c (flash_erase_binary, flash_write_binary): Remove
-       support of random_byte in flash ROM.
-
-       * src/neug.c (adccb): Use old API (was: chEvtSignalFlagsI).
-       (adccb_err): Remove.
-       (rng_gen, rng): Add the last argument adccb for adcStartConversion:
-       This is old API of ADC driver.
-       (adcgrpcfg): Remove callbacks, add CONT and SWSTART: This is old
-       API of ADC driver.
-       (adccb): Remove the first argument: This is old API of ADC driver.
-       (neug_wait_full): New.
-
-       * ChibiOS_2.0.8/os/hal/platforms/STM32/adc_lld.h (ADC_SAMPLE_1P5):
-       Add (from new API).
-
-       * src/random.c (random_init): New.
-       (random_bytes_get, random_bytes_free, get_salt): Use NeuG.
-
-       * src/Makefile.in (CSRC): Add neug.c.
-
-       * src/neug.c: New.  Verbatim copy of NeuG/src/random.c.
-
-       * boards/common/mcuconf-common.h (USE_STM32_ADC1): TRUE for NewG RNG.
-       * src/chconf.h (CH_USE_SEMAPHORES): TRUE as ADC driver requires it.
-       * src/halconf.h (CH_HAL_USE_ADC); TRUE for NewG RNG.
-
-2011-07-22  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * boards/OLIMEX_STM32_H103/board.h (BOARD_NAME): Fixed.
-
-       * boards/STBEE_MINI/mcuconf.h: Added missing include of
-       mcuconf-common.h.
-
-2011-07-04  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * ChibiOS_2.0.8/os/ports/GCC/ARMCMx/chcore_v7m.c
-       (_port_irq_epilogue, _port_switch_from_isr): Apply a patch of 2.2.6.
-
-       * ChibiOS_2.0.8/os/hal/platforms/STM32/adc_lld.h: Apply a patch of
-       ADC from the branch of ChibiOS_2.0.X.
-
-2011-06-15  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * Version 0.13.
-       * src/usb_desc.c (gnukStringSerial): Updated.
-
-2011-06-08  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * polarssl-0.14.0/include/polarssl/bn_mul.h [__arm__]
-       (MULADDC_1024_CORE, MULADDC_1024_LOOP): New.
-       * polarssl-0.14.0/library/bignum.c (mpi_mul_hlp): Use
-       MULADDC_1024_LOOP.
-
-2011-05-31  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * polarssl-0.14.0/include/polarssl/bn_mul.h [__arm__]
-       (MULADDC_HUIT, MULADDC_INIT, MULADDC_CORE, MULADDC_STOP): Tweak.
-
-2011-05-27  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * tool/gnuk_put_binary.py (main): Confirm Serial ID is written
-       correctly.
-
-       * src/openpgp.c (cmd_write_binary): Fix FILE_EF_SERIAL comparison.
-
-       * src/gnuk.ld.in (.gnuk_random, .gnuk_ch_certificate): Put LONG to
-       have CONTENTS.
-
-       * polarssl-0.14.0/include/polarssl/bn_mul.h [__arm__]
-       (MULADDC_HUIT): New.
-
-2011-05-26  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * polarssl-0.14.0/include/polarssl/bn_mul.h [__arm__]
-       (MULADDC_INIT): Add ADDS instruction to clear of carry flag.
-       (MULADDC_CORE): Tune to 6 instructions and less registers.
-       (MULADDC_STOP): Add ADC instruction to save carry flag.
-
-2011-05-25  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * tool/hub_ctrl.py: New.  Port of original C implementation.
-
-2011-05-16  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/main.c (main): Call flash_unlock at the beginning.
-       (device_initialize_once): Don't call flash_unlock here.
-       * src/flash.c (flash_init): Likewise.
-
-       * src/openpgp.c (cmd_select_file): Don't use write_res_apdu.
-       (set_res_apdu): Rename from write_res_apdu.  Just SW1 and SW2.
-
-2011-05-13  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * Version 0.12.
-
-2011-05-12  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/openpgp.c (cmd_pso, cmd_internal_authenticate)
-       (cmd_update_binary, cmd_write_binary): Don't check pw locked.
-
-       * tool/dfuse.py (DFU_STM32.verify): Add missing colon.
-       * tool/dfuse.py (get_device): Restrict to STMicro DfuSe.
-
-       * tool/gnuk_put_binary.py (main): Add -p option to enter password.
-
-       * src/ac.c (verify_user_0): New.
-       (verify_pso_cds, verify_admin_0): Use verify_user_0.
-       * src/openpgp.c (cmd_change_password): Use verify_user_0.
-
-       * src/random.c (get_salt): Rename from get_random.
-       (random_bytes_get, random_bytes_free): It's 16-byte.
-
-       * src/ac.c (verify_admin_0): Use PW_ERR_PW1 counter when
-       authenticated by PW1.
-
-2011-05-11  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/ac.c (verify_pso_cds, verify_other): Fail (with no counter
-       update) if key is not registered yet.
-       (verify_admin_0): Compare to OPENPGP_CARD_INITIAL_PW3 when empty
-       PW3 and non-empty PW1 but signing key is not registered yet.
-
-       * tool/gnuk_put_binary.py: New implementation by pyscard.
-
-       * src/main.c (device_initialize_once): New.
-       * src/usb_prop.c (gnukStringSerial): Move to...
-       * src/usb_desc.c (gnukStringSerial): here.  Bump version to 0.12.
-       Fill by 0xff.
-       * src/usb_prop.c (gnuk_device_init)
-       (gnuk_device_GetStringDescriptor): Don't use RAM for
-       gnukStringSerial, use ROM like other string descriptor.
-       * src/usb_desc.c (String_Descriptor): Add gnukStringSerial.
-
-       * src/openpgp-do.c (gpg_get_pw1_lifetime): Make static.
-       (gpg_do_load_prvkey, gpg_do_write_prvkey): Use kdi.
-       (gpg_increment_digital_signature_counter): Call gpg_get_pw1_lifetime.
-       * src/openpgp.c (cmd_pso): Follow the change.
-       * src/flash.c (keystore_pool): Remove.  Use &_keystore_pool.
-       * src/ac.c (auth_status): Don't assign 0 as it's automatically
-       cleared.
-
-2011-05-10  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/openpgp-do.c (gpg_pw_locked): Rename from gpg_passwd_locked.
-       (gpg_pw_get_err_counter): Rename from gpg_get_pw_err_counter.
-       (gpg_pw_reset_err_counter): Rename from gpg_reset_pw_err_counter.
-       (gpg_pw_increment_err_counter): Rename from gpg_increment_err_counter.
-       * src/ac.c, src/openpgp.c, src/gnuk.h: Follow the change.
-
-       Bug fixes.
-       * src/openpgp.c (cmd_reset_user_password, cmd_change_password)
-       * src/openpgp-do.c (proc_resetting_code): Fix check of return value.
-       * src/ac.c (ac_fini): Clear keystring_md_pw3.
-
-       Prevent observation of PW3 is emptiness by PW3's error counter.
-       Support verify_admin by PW1 when PW3 is empty.
-       * src/ac.c (admin_authorized): New.
-       (verify_admin_0): Set admin_authorized.
-       * src/openpgp-do.c (proc_resetting_code): Use admin_authorized.
-       (gpg_do_write_prvkey): Clear dek_encrypted_3 when keystring_admin
-       is NULL.
-       (proc_key_import): Checking admin_authorized, set keystring_admin.
-       * src/openpgp.c (cmd_reset_user_password): Use admin_authorized.
-
-2011-04-18  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * gnuk.svg: Updated.
-
-2011-04-15  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * Version 0.11.
-
-       * src/usb_prop.c (gnukStringSerial): Updated.
-
-2011-04-11  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * tool/dfuse.py (DFU_STM32.verify): support data size of non-1-KiB.
-
-2011-02-24  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/usb_prop.c (gnuk_device_SetInterface): Fix argument to
-       ClearDTOG_TX.
-
-2011-02-10  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * Version 0.10.
-
-       * src/configure, src/Makefile.in (BOARD_DIR): New.
-
-       * boards/CQ_STARM/board.mk, boards/OLIMEX_STM32_H103/board.mk:
-       Removed.
-       * boards/STBEE/board.mk, boards/STBEE_MINI/board.mk: Removed.
-       * boards/STM32_PRIMER2/board.mk, boards/STM8S_DISCOVERY/board.mk:
-       Removed.
-
-       * src/Makefile.in (OUTFILES): Don't include random_bits.
-
-2011-02-09  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/usb_prop.c (gnukStringSerial): Updated.
-
-       * tool/gnuk_put_binary.py (gnuk_token.__del__): Removed.
-       Releasing the interface is done in PyUSB.
-
-       * tool/dfuse.py (DFU_STM32.__del__): Removed.
-
-       * src/openpgp.c (cmd_write_binary): Support random bits and card
-       holder certificate as well.
-
-       * src/openpgp-do.c (do_openpgpcard_aid): Add volatile to prevent
-       compiler optimization to access AID.
-
-2011-02-08  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * tool/gnuk_put_binary.py: Renamed (was: gnuk_update_binary.py).
-       (gnuk_token.cmd_write_binary): New.
-       (main): Support writing serial number.
-
-       * GNUK_SERIAL_NUMBER: Renamed (was: FSIJ_SERIAL_NUMBER).
-
-       * src/config.h.in (@SERIAL_DEFINE@): Removed.
-
-       * src/gnuk.h (FILEID_SERIAL_NO): New.
-
-       * src/openpgp.c (INS_WRITE_BINARY, cmd_write_binary): New.
-
-       * src/configure: Remove --with-fixed-serial support.
-
-       * src/openpgp-do.c (do_openpgpcard_aid): Remove support of
-       SERIAL_NUMBER_IN_AID.
-
-       * src/flash.c (flash_write_binary): Support FILEID_SERIAL_NO.
-
-2011-02-04  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * tool/gnuk_update_binary.py: Support updating random bits.
-
-       * src/random.c (random_bits_start): Renamed.
-       (random_bytes_get): Check initial erased state.
-
-       * src/Makefile.in (random-data.o): Removed.
-
-       * src/gnuk.ld.in (.gnuk_random): Don't have .gnuk_random any more.
-
-       * src/flash.c (flash_erase_binary): Support FILEID_RANDOM.
-       (flash_write_binary): Ditto.
-
-       * src/openpgp.c (cmd_reset_user_password): Fix PINPAD_SUPPORT case
-       with reset code.
-
-2011-02-01  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * Version 0.9.
-
-       * src/openpgp-do.c (extended_capabilities): Change value for card
-       holder certificate.
-
-       * src/usb_prop.c (gnuk_device_SetInterface): New.
-
-2011-01-29  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/usb_prop.c (gnuk_device_Get_Interface_Setting): Handle the
-       case where we have multiple interfaces.
-
-2011-01-28  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * tool/gnuk_update_binary.py: New.
-
-       * src/openpgp-do.c (gpg_do_get_data): Fix length adding two for
-       status word at the end and adding four for the tag and the length.
-
-       * src/usb-icc.c (icc_handle_data): Fix decrementing res_APDU_size.
-       (icc_power_off): Status should be the one *after* power off.
-
-       * src/openpgp.c (cmd_update_binary): Fix return code.
-
-2011-01-27  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/usb-icc.c (res_APDU_pointer): New.
-       (icc_handle_data, USBthread): Handle res_APDU_pointer.
-
-       * src/openpgp.h (GPG_COMMAND_NOT_ALLOWED): New.
-
-       * src/openpgp.c (INS_UPDATE_BINARY, FILE_EF_CH_CERTIFICATE)
-       (FILE_EF_RANDOM, cmd_update_binary): New.
-       (process_command_apdu): Initialize res_APDU_pointer.
-
-       * src/openpgp-do.c (gpg_do_get_data): Handle GPG_DO_CH_CERTIFICATE.
-
-       * src/gnuk.ld.in (.gnuk_ch_certificate): New.
-
-       * src/flash.c (flash_check_blank, flash_erase_binary)
-       (flash_write_binary): New.
-
-       * src/openpgp-do.c (gpg_do_table): Exclude GPG_DO_CH_CERTIFICATE.
-
-       * src/openpgp.c (cmd_reset_user_password): Add PINPAD_SUPPORT.
-
-       * src/gnuk.ld.in: Fix alignment and filling.
-
-2011-01-26  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * boards/STBEE/mcuconf.h: New.
-       * boards/STBEE/board.mk: New.
-       * boards/STBEE/board.h: New.
-       * boards/STBEE/board.c: New.
-
-       * tool/dfuse.py (DFU_STM32.verify): Add double ll_clear_status.
-
-       * src/configure (target): Add STBEE.
-
-2011-01-25  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/openpgp.c (cmd_pso): Support DigestInfo by MD5 (for opensc).
-
-2011-01-22  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/openpgp.c (cmd_pgp_gakp): Handle case of non-extended Lc.
-       (cmd_select_file): Return DF name when FCI is requested.
-
-       * src/openpgp-do.c (copy_do): Don't add tag if not requested.
-
-       * src/gnuk.h (memmove): Add declaration.
-
-2011-01-21  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/openpgp-do.c (copy_do): Fix off-by-one error.
-
-       * src/openpgp.c (get_pinpad_input): Ifdef-out PINPAD_SUPPORT.
-
-2011-01-19  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * Version 0.8.
-
-       * src/pin-cir.c (pin_main): Fix typo, call cir_ext_disable.
-
-       * src/usb_prop.c (gnukStringSerial): Updated.
-
-       * src/pin-dial.c: New.
-
-       * boards/STBEE_MINI/board.c (hwinit1): Add PINPAD_DIAL_SUPPORT.
-       (dial_sw_disable, dial_sw_enable, EXTI2_IRQHandler): New.
-
-       * src/gnuk.h: Add PINPAD_DIAL_SUPPORT.
-
-       * src/usb-icc.c (icc_handle_data): Handle PIN modification.
-
-       * src/usb_desc.c (gnukConfigDescriptor): bPinSupport = 3 when
-       PINPAD_DIAL_SUPPORT is enabled.
-
-2011-01-18  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/pin-cir.c (pin_main): Call cir_ext_disable at the end.
-
-2011-01-17  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/gnuk.h (PIN_INPUT_CURRENT, PIN_INPUT_NEW)
-       (PIN_INPUT_CONFIRM): New.
-
-       * src/pin-cir.c (pin_main): New argument MSG_CODE.
-
-       * src/openpgp.c (get_pinpad_input): New.
-       (cmd_verify): Use get_pinpad_input.
-       (cmd_change_password): Added PINPAD_SUPPORT.
-
-       * src/openpgp.c (cmd_nop): Removed.
-
-       * src/config.h.in: ifdef-out (not for ASSEMBLER).
-
-2011-01-15  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * Version 0.7.
-
-       * src/usb-icc.c (icc_handle_data): Bug fix: add break for case
-       ICC_STATE_SEND.
-
-2011-01-14  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * Version 0.6.
-
-       * src/usb_prop.c (gnukStringSerial): Include version number (again).
-
-       * boards/STM8S_DISCOVERY/board.c (hwinit1): Initialize TIM3 and
-       remap TIM3.
-       (cir_ext_disable, cir_ext_enable, EXTI9_5_IRQHandler)
-       (TIM3_IRQHandler): New.
-
-       * boards/STBEE_MINI/board.h (HAVE_7SEGLED): New.
-
-       * boards/STM8S_DISCOVERY/board.h: Include "config.h".
-       (VAL_GPIOBODR): PB0 (TIM3_CH3) is pull-down for PINPAD_SUPPORT.
-
-       * src/pin-cir.c (pindisp): Handle the board with no 7 segment
-       display.
-
-2011-01-11  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/openpgp-do.c (do_openpgpcard_aid): Fix length of res_p;
-
-2011-01-08  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/usb-icc.c (icc_handle_data): Handle the case of
-       ICC_STATE_SEND (back again to the implementation of v0.4).
-       (USBthread): Don't send back larger block (for libccid 1.3.11).
-
-2011-01-07  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/openpgp.c (cmd_read_binary): Call gpg_do_get_data for AID.
-
-       * src/openpgp-do.c (gpg_do_get_data): Added new argument WITH_TAG.
-
-       * src/usb_prop.c (gnuk_device_init)
-       (gnuk_device_GetStringDescriptor): gnukStringSerial with unique
-       chip ID.
-
-       * src/openpgp-do.c (do_openpgpcard_aid): New.
-       (openpgpcard_aid): Removed.
-
-       * boards/common/hw_config.c (unique_device_id): New.
-
-2011-01-06  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/config.h.in (PINPAD_MORE_DEFINE): Added.
-
-       * src/configure: Requiring bash (for variable substitution), added
-       PINPAD.
-
-       * src/Makefile.in: Support PINPAD.
-
-       * src/pin-cir.c (cir_timer_interrupt): Support Sharp protocol.
-
-2011-01-04  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/chconf.h (CH_USE_DYNAMIC): It's TRUE now.
-
-       * src/usb_desc.c (gnukConfigDescriptor): Added PINPAD_SUPPORT.
-
-       * src/pin-cir.c (cir_timer_interrupt): Added CIR_PERIOD_INHIBIT_CHATTER.
-
-2010-12-29  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/pin-cir.c (cir_timer_interrupt): Support Philips RC-5 protocol.
-
-2010-12-28  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/pin-cir.c (cir_timer_interrupt): Support Philips RC-6 protocol.
-
-2010-12-27  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/pin-cir.c (cir_timer_interrupt): Support Sony protocol.
-
-2010-12-24  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/pin-cir.c: New file.
-
-2010-12-20  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/openpgp.c (GPGthread): Added PINPAD_SUPPORT.
-       * boards/STBEE_MINI/mcuconf.h: Simplified.
-       * boards/STBEE_MINI/board.h: Include config.h.
-       (PINPAD_SUPPORT): Added.
-       * boards/STBEE_MINI/board.c (hwinit1): Added PINPAD_SUPPORT.
-
-2010-12-15  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/configure (FLASH_SIZE): Without 'k'.
-       * src/gnuk.ld.in (MEMORY): Append "k" here.
-       (.gnuk_flash): End point should be aligned too.
-
-       * src/config.h.in (@PINPAD_DEFINE@): New.
-       * src/Makefile.in (@PINPAD_MAKE_OPTION@): New.
-       * src/configure (PINPAD_MAKE_OPTION, PINPAD_DEFINE): New.
-
-2010-12-14  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/configure (FLASH_PAGE_SIZE): Always set.
-
-2010-12-13  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * Version 0.5.
-
-       * src/usb_desc.c (gnukStringSerial): Updated.
-
-2010-12-10  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/usb-cdc-vport.c (Virtual_Com_Port_Data_Setup)
-       (Virtual_Com_Port_NoData_Setup): No check for class&interface
-       request.
-
-       * src/usb-icc.c (ATR): Fixed.
-
-       * src/usb_desc.c (/* ICC Descriptor*/): bcdCCID = 1.1.
-       dwDefaultClock = dwMaximumClock = 3571.
-       dwFeatures 0x00040842.
-
-       * src/usb_prop.c (gnuk_clock_frequencies, gnuk_data_rates): New.
-       (gnuk_nothing_todo): Removed.
-       (gnuk_setup_with_data, gnuk_setup_with_nodata): New.
-       (Device_Property): Changed to call gnuk_setup_with_data and
-       gnuk_setup_with_nodata.
-
-2010-12-09  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/usb-icc.c (icc_power_off): Set icc_data_size = 0 to specify
-       no command APDU.  Signal GPGThread.
-       (icc_handle_data, USBthread): Don't signal main thread any more.
-
-       * src/openpgp.c (GPGthread): Only process the command APDU, if any.
-
-       * src/openpgp-do.c (do_tag_to_nr): Don't call fatal.
-       * src/main.c (fatal_code): New.
-       (main): Implemented 1-bit LED status display.
-       (fatal): Added argument CODE.
-       * src/flash.c (flash_data_pool_allocate): Supply argument FATAL_FLASH.
-       * src/random.c (random_bytes_get): Supply argument FATAL_RANDOM.
-       * src/ac.c (auth_status): Added volatile, and remove static.
-
-2010-12-08  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/gnuk.h (AC_OTHER_AUTHORIZED): Renamed (was:
-       AC_PSO_OTHER_AUTHORIZED).
-       * src/ac.c (ac_reset_other): Renamed (was: ac_reset_pso_other).
-       (verify_other): Renamed (was: verify_pso_other).
-       (ac_reset_admin): New.
-       * src/openpgp.c (cmd_change_password): Call ac_reset_admin.
-
-       * src/main.c (main): Don't create GPGThread here.
-       * src/usb-icc.c (icc_power_on): But create here, when requested.
-       (icc_power_off): Terminate GPGThread.
-       * src/openpgp.c (gpg_init, gpg_fini): New.
-       (GPGthread): Check chThdShouldTerminate.  Call gpg_init and gpg_fini.
-
-2010-12-07  NIIBE Yutaka  <gniibe@fsij.org>
-
-       USB CCID/ICC implementation changes.
-       * src/usb_desc.c (dwMaxCCIDMessageLength): Updated.
-       * src/usb-icc.c (EV_TX_FINISHED): New.
-       (icc_rcv_data, icc_tx_data): Removed.
-       (icc_buffer, icc_seq): New.
-       (icc_next_p, icc_chain_p): New.
-       (icc_tx_ready): Removed.
-       (EP1_IN_Callback): Handle multiple transactions.
-       (icc_prepare_receive): New.
-       (EP2_OUT_Callback): Handle multiple transactions.
-       (icc_error, icc_send_status): Handle the case of receive in chain.
-       (icc_power_on, icc_send_params): Specify it's a single transaction.
-       (icc_send_data_block_filling_header): New.
-       (icc_send_data_block): Simplify.
-       (icc_handle_data): Removed the case of ICC_STATE_SEND.
-       Handle buffer of multiple transactions.
-       (USBthread): Don't use sending in chain.
-       * src/gnuk.h (USB_LL_BUF_SIZE): New.
-       (USB_BUF_SIZE): Now, it's larger value.
-       * src/configure: Echo for --enable-debug.
-       * src/call-rsa.c (rsa_sign): Use temp[] buffer as rsa_pkcs1_sign
-       writes OUTPUT in early stage.
-
-2010-12-04  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/flash.c (flash_keystore_release): Reset keystore storage.
-
-2010-12-03  NIIBE Yutaka  <gniibe@fsij.org>
-
-       Keystore management changes.
-       * src/flash.c (flash_key_alloc): Check FLASH_KEYSTORE_SIZE.
-       (flash_key_release): Removed.
-       (flash_keystore_release): New function.
-       * src/openpgp-do.c (gpg_do_write_prvkey): Make it static.
-       When there is a key already, return as error.
-       (proc_key_import): Call flash_keystore_release when all keys removed.
-       * src/gnuk.ld.in (_keystore_pool): Size of keystore is now 1.5KB.
-
-2010-11-30  NIIBE Yutaka  <gniibe@fsij.org>
-
-       Flash ROM fixes for STM32F10X_HD.
-       * src/gnuk.ld.in (.gnuk_flash): Use FLASH_PAGE_SIZE.
-       * src/configure (FLASH_PAGE_SIZE): Defined for gnuk.ld.
-       * src/flash.c (FLASH_PAGE_SIZE): New define.
-       (FLASH_DATA_POOL_SIZE): Use FLASH_PAGE_SIZE.
-
-       Import changes of ChibiOS_2.0.8.
-       * ChibiOS_2.0.8/os/hal/include/pwm.h
-       * ChibiOS_2.0.8/os/hal/platforms/STM32/pwm_lld.c
-       * ChibiOS_2.0.8/os/hal/platforms/STM32/pwm_lld.h
-       * ChibiOS_2.0.8/os/hal/src/pwm.c
-       * ChibiOS_2.0.8/os/hal/templates/pwm_lld.c
-       * ChibiOS_2.0.8/os/hal/templates/pwm_lld.h
-       * ChibiOS_2.0.8/os/kernel/include/ch.h
-       * ChibiOS_2.0.8/os/kernel/src/chevents.c
-       * ChibiOS_2.0.8/os/kernel/src/chthreads.c
-       * ChibiOS_2.0.8/boards/OLIMEX_LPC_P2148/board.h
-       * ChibiOS_2.0.8/readme.txt
-       * ChibiOS_2.0.8/test/testdyn.c
-       * ChibiOS_2.0.8/docs/*/*: Updated.
-
-       New private key management.
-       * src/ac.c (ac_reset_pso_cds, ac_reset_pso_other): Call
-       gpg_do_clear_prvkey.
-       (verify_pso_other): load private keys here.
-       * src/openpgp-do.c (kd): Keydata for Signing, Decryption, and
-       Authentication.
-       (gpg_do_load_prvkey, gpg_do_write_prvkey): Use kd[].
-       (gpg_do_clear_prvkey): New function.
-       * src/openpgp.c (cmd_pso, cmd_internal_authenticate): Use new API
-       of rsa_sign and rsa_decrypt.
-       (cmd_pso): Fixed bug of checking return value of gpg_get_pw1_lifetime.
-       * src/call-rsa.c (rsa_sign): New argument KD.
-       (rsa_decrypt): Likewise.
-
-       Don't use malloc/free in C library.
-       * src/stdlib.h (malloc, free): Use chHeapAlloc and chHeapFree.
-
-2010-11-26  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * boards/STM8S_DISCOVERY/*: New.
-       * src/configure: STM8S_DISCOVERY only has 64KB flash memory.
-
-       * boards/STBEE_MINI/board.h (CPU_WITH_NO_GPIOE): New define.
-       * ChibiOS_2.0.6/os/hal/platforms/STM32/hal_lld.c: Use it.
-       * ChibiOS_2.0.6/os/hal/platforms/STM32/pal_lld.c: Likewise.
-       * ChibiOS_2.0.6/os/hal/platforms/STM32/pal_lld.h: Likewise.
-
-       * src/openpgp.c (cmd_pso): DigestInfo by SHA224/SHA384/SHA512 is
-       supported.
-
-2010-11-22  NIIBE Yutaka  <gniibe@fsij.org>
-
-       Import changes of ChibiOS_2.0.6.
-       * ChibiOS_2.0.6/demos/ARM7-AT91SAM7X-LWIP-GCC/chconf.h
-       * ChibiOS_2.0.6/os/hal/include/can.h
-       * ChibiOS_2.0.6/os/hal/platforms/AT91SAM7/hal_lld.c
-       * ChibiOS_2.0.6/os/hal/platforms/AT91SAM7/serial_lld.c
-       * ChibiOS_2.0.6/os/hal/platforms/LPC214x/serial_lld.c
-       * ChibiOS_2.0.6/os/hal/platforms/STM32/hal_lld_f103.h
-       * ChibiOS_2.0.6/os/hal/platforms/STM32/hal_lld_f105_f107.h
-       * ChibiOS_2.0.6/os/hal/platforms/STM32/pwm_lld.c
-       * ChibiOS_2.0.6/os/hal/platforms/STM32/serial_lld.h
-       * ChibiOS_2.0.6/os/hal/platforms/STM32/spi_lld.h
-       * ChibiOS_2.0.6/os/hal/src/adc.c
-       * ChibiOS_2.0.6/os/hal/src/spi.c
-       * ChibiOS_2.0.6/os/kernel/include/ch.h
-       * ChibiOS_2.0.6/os/kernel/include/chinline.h
-       * ChibiOS_2.0.6/os/kernel/include/chioch.h
-       * ChibiOS_2.0.6/os/kernel/include/chstreams.h
-       * ChibiOS_2.0.6/os/kernel/include/chthreads.h
-       * ChibiOS_2.0.6/os/kernel/src/chlists.c
-       * ChibiOS_2.0.6/os/kernel/src/chschd.c
-       * ChibiOS_2.0.6/os/kernel/src/chthreads.c
-       * ChibiOS_2.0.6/os/ports/GCC/ARM/rules.mk
-       * ChibiOS_2.0.6/os/ports/GCC/ARM7/chcore.h
-       * ChibiOS_2.0.6/os/ports/GCC/ARM7/port.dox
-       * ChibiOS_2.0.6/os/ports/GCC/ARMCMx/chcore_v6m.c
-       * ChibiOS_2.0.6/os/ports/GCC/ARMCMx/chcore_v6m.h
-       * ChibiOS_2.0.6/os/ports/GCC/ARMCMx/chcore_v7m.c
-       * ChibiOS_2.0.6/os/ports/GCC/ARMCMx/chcore_v7m.h
-       * ChibiOS_2.0.6/os/ports/GCC/ARMCMx/old/chcore_v7m.h
-       * ChibiOS_2.0.6/os/ports/GCC/AVR/chcore.h
-       * ChibiOS_2.0.6/os/ports/GCC/AVR/port.dox
-       * ChibiOS_2.0.6/os/ports/GCC/MSP430/chcore.c
-       * ChibiOS_2.0.6/os/ports/GCC/MSP430/chcore.h
-       * ChibiOS_2.0.6/os/ports/GCC/MSP430/port.dox
-       * ChibiOS_2.0.6/os/ports/GCC/PPC/chcore.h
-       * ChibiOS_2.0.6/os/ports/GCC/PPC/port.dox
-       * ChibiOS_2.0.6/os/ports/RC/STM8/port.dox
-       * ChibiOS_2.0.6/os/various/memstreams.h
-       * ChibiOS_2.0.6/readme.txt
-       * ChibiOS_2.0.6/docs/*/*: Updated
-
-2010-11-14  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/openpgp.c (cmd_pso): DigestInfo by SHA256 is supported.
-
-2010-11-12  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/usb_desc.c (gnukConfigDescriptor): Change dwFeatures.
-
-       * src/usb-icc.c (icc_send_params): Always return fixed result.
-       (icc_handle_data): Support ICC_GET_PARAMS.
-
-2010-11-10  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/usb_desc.c (gnukConfigDescriptor): Fix bmAttributes.
-
-2010-11-09  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * Version 0.4.
-
-       * src/usb_desc.c (gnukStringSerial): Updated.
-
-       * ChibiOS_2.0.2/os/hal/platforms/STM32/pal_lld.h (PALConfig):
-       STBee Mini uses STM32F103CBT6 which expose no GPIO E port.
-       * ChibiOS_2.0.2/os/hal/platforms/STM32/pal_lld.c (_pal_lld_init):
-       Likewise.
-
-2010-11-08  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * tool/dump_mem.py: New tool.
-
-       Implement GC for data pool in flash memory.
-       * src/openpgp-do.c (gpg_write_digital_signature_counter): New.
-       (gpg_increment_digital_signature_counter): Fix for GC.
-       (gpg_data_scan): Rename from gpg_do_table_init.
-       (gpg_data_copy): New function for copying GC.
-       * src/main.c (main): Call gpg_data_scan with the address which
-       flash_init returns.
-       * src/flash.c (flash_erase_page): New function.
-       (FLASH_DATA_POOL_SIZE): data_pool is 2KiB now.
-       (flash_data): Put a header (GC generation).
-       (flash_init): Implement choosing a data pool page.
-       (flash_data_pool): Removed.
-       (flash_copying_gc): New function.
-       (flash_data_pool_allocate): Call flash_copying_gc when full.
-       (flash_do_write_internal, flash_put_data_internal)
-       (flash_bool_write_internal, flash_cnt123_write_internal): New
-       * src/gnuk.ld.in (gnuk_flash): data_pool is 2KiB now.
-
-       Bug fixes.
-       * src/openpgp.c (cmd_change_password, cmd_reset_user_password):
-       Write to APDU correctly.
-       * src/flash.c (flash_warning): Make it public.
-       * src/openpgp-do.c (do_hist_bytes, do_fp_all, do_cafp_all)
-       (do_kgtime_all, do_ds_count): Fix return value.
-       (rw_pw_status): Correctly return value.
-       (proc_resetting_code): Change func proto. to return success/failure.
-       (proc_key_import): Ditto.
-       (gpg_do_put_data): Handle return values.
-       (gpg_do_write_simple): Don't write to APDU.
-
-2010-11-05  NIIBE Yutaka  <gniibe@fsij.org>
-
-       Bug fixes.
-       * src/openpgp.c (gpg_change_keystring): Handle
-       GPG_KEY_FOR_AUTHENTICATION.
-       * src/openpgp-do.c (gpg_do_write_prvkey): Remove multiple call
-       of flash_do_release.
-
-       Bug fix.
-       * src/openpgp-do.c (gpg_do_write_prvkey): Don't hardcode 6, but
-       use strlen.
-
-       * src/flash.c, src/gnuk.ld.in: Rename "Flash DO Pool" to "Flash
-       Data Pool", because it's not only DO.
-       * src/gnuk.h, src/opengpg-do.c: Cleanup.
-
-       Digital Signature Counter implementation improvement.
-       * src/gnuk.h (NR_DO_DS_COUNT): Removed.
-       (NR_COUNTER_DS, NR_COUNTER_DS_LSB): New.
-       * src/openpgp-do.c (do_ds_count_initial_value): Removed.
-       (gpg_do_increment_digital_signature_counter): Removed.
-       (digital_signature_counter): New variable.
-       (do_ds_count, gpg_increment_digital_signature_counter): New functions.
-       (gpg_do_table): Change the entry for GPG_DO_DS_COUNT as DO_PROC_READ.
-       (gpg_do_table_init): Handle digital_signature_counter.
-       * src/flash.c (flash_data_pool_allocate, flash_put_data): New.
-
-       Password status implementation improvement.
-       * src/gnuk.h (PW_STATUS_PW1, PW_STATUS_RC, PW_STATUS_PW3): Removed.
-       (PW_ERR_PW1, PW_ERR_RC, PW_ERR_PW3): New define.
-       (NR_COUNTER_123, NR_BOOL_PW1_LIFETIME): New define.
-       (NR_NONE, NR_EMPTY): New define.
-       * src/flash.c (flash_bool_clear, flash_bool_write)
-       (flash_cnt123_get_value, flash_cnt123_increment)
-       (flash_cnt123_clear): New functions.
-       * src/openpgp-do.c (do_pw_status_bytes_template): Removed.
-       (PW_STATUS_BYTES_TEMPLATE, gpg_do_reset_pw_counter): Removed.
-       (PASSWORD_ERRORS_MAX, PW_LEN_MAX): New define.
-       (pw1_lifetime_p, pw_err_counter_p): New variables.
-       (gpg_get_pw1_lifetime): New function.
-       (gpg_get_pw_err_counter, gpg_passwd_locked, gpg_reset_pw_counter)
-       (gpg_increment_pw_counter): New functions.
-       (rw_pw_status): Use pw1_lifetime_p and pw_err_counter_p.
-       (gpg_do_table_init): Handle NR_COUNTER_123 and NR_BOOL_PW1_LIFETIME.
-       * src/ac.c (verify_pso_cds, verify_pso_other, verify_admin_0):
-       Follow the changes.
-       * src/openpgp.c (cmd_change_password, cmd_reset_user_password)
-       (cmd_pso, cmd_internal_authenticate): Likewise.
-
-2010-11-04  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/flash.c (flash_warning): New.
-       (flash_do_pool): Added header for DO pool.
-       (flash_do_release): Fill zero.
-       (flash_do_write): Change DO format in flash.
-       * src/openpgp-do.c (gpg_do_table_init, copy_do_1)
-       (gpg_do_read_simple): Follow the change of DO format in flash.
-
-       * src/openpgp-do.c (DO_CMP_READ): Renamed.
-       (cmp_ch_data, cmp_app_data, cmp_ss_temp): Likewise.
-       (with_tag): Removed static global variable.
-       (do_hist_bytes, do_fp_all, do_cafp_all, do_kgtime_all)
-       (rw_pw_status, copy_do_1, copy_do, gpg_do_get_data): Added
-       with_tag argument.
-       (gpg_do_put_data): length > 255 will be error.
-
-2010-11-03  NIIBE Yutaka  <gniibe@fsij.org>
-
-       Bug fixes.
-       * src/ac.c (verify_admin_0): Initialize pwsb earlier.
-       * src/openpgp-do.c (copy_do_1): Access do_data[0] (was: do_data[1]).
-
-2010-11-02  NIIBE Yutaka  <gniibe@fsij.org>
-
-       DfuSe support.
-       * tool/dfuse.py (DFU_STM32.download): Put '#' for each 4-KiB.
-       Added 0-length write to finish download.
-       Take intel_hex object as argument.
-       (DFU_STM32.ll_upload_block): New method.
-       (DFU_STM32.dfuse_read_memory): New method.
-       (DFU_STM32.verify): New method.
-       (get_device): Support DFU_STM32PROTOCOL_0 too (for CQ STARM).
-
-       * tool/dfuse.py: Renamed from dfu_stmicroelectronics_extention.py.
-
-2010-11-01  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * tool/intel_hex.py: New file.
-       * tool/dfu_stmicroelectronics_extention.py: New file.
-
-2010-10-28  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/gnuk.h (OPENPGP_CARD_INITIAL_PW3): New.
-       * src/ac.c (verify_admin_0): Use OPENPGP_CARD_INITIAL_PW3.
-
-2010-10-23  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * Version 0.3.
-
-       * src/usb_desc.c (gnukStringSerial): Updated.
-
-2010-10-22  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/gnuk.ld.in (.gnuk_random): Fix description so that
-       padding with 0xffffffff will be in gnuk.hex.
-
-       * src/openpgp.c (file_selection): Change type (was: int).
-       (FILE_NONE..FILE_EF_SERIAL): Change the values.
-
-       * src/configure: Added STBee Mini support.
-       * boards/STBEE_MINI/mcuconf.h: New.
-       * boards/STBEE_MINI/board.mk: New.
-       * boards/STBEE_MINI/board.h: New.
-       * boards/STBEE_MINI/board.c: New.
-
-       * ChibiOS_2.0.2/os/hal/platforms/STM32/hal_lld.c
-       (pal_default_config): STBee Mini uses STM32F103CBT6 which expose
-       no GPIO E port.
-
-2010-10-21  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * boards/common/hw_config.c (Get_SerialNum): Removed.
-       * src/usb_prop.c (gnuk_device_init): Remove calling Get_SerialNum.
-       * src/usb_desc.c (gnukStringSerial): Updated.
-       * boards/CQ_STARM/board.c (set_led): Fix polarity.
-
-2010-10-20  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * FSIJ_SERIAL_NUMBER: New.
-       * src/configure (with_fsij): Added FSIJ serial number support.
-       * src/config.h.in (@FSIJ_DEFINE@, @SERIAL_NUMBER_FOUR_BYTES@): New.
-
-       * src/configure: Added CQ STARM target.
-       * boards/CQ_STARM/mcuconf.h: New.
-       * boards/CQ_STARM/board.mk: New.
-       * boards/CQ_STARM/board.h: New.
-       * boards/CQ_STARM/board.c: New.
-
-2010-10-19  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * boards/STM32_PRIMER2/board.mk (BOARDSRC): Use common/hw_config.c.
-       * boards/OLIMEX_STM32_H103/board.mk (BOARDSRC): Likewise.
-
-       * boards/common/hw_config.c: Move board specific functions to ...
-       * boards/STM32_PRIMER2/board.c (USB_Cable_Config, set_led): ... here.
-       * boards/OLIMEX_STM32_H103/board.c (USB_Cable_Config, set_led): Ditto.
-
-       * boards/{OLIMEX_STM32_H103,STM32_PRIMER2}/hw_config.c: Removed.
-       * boards/common/hw_config.c: New file (was: boards/*/hw_config.c).
-
-       * .gitignore: New file.
-
-2010-10-16  NIIBE Yutaka  <gniibe@fsij.org>
-
-       Implement "INTERNAL AUTHENTICATE" command.
-
-       * src/gnuk.h (BY_USER, BY_RESETCODE, BY_ADMIN): New defines.
-       (NUM_ALL_PRV_KEYS): Now it's 3 (was: 2).
-
-       * src/openpgp.c (INS_INTERNAL_AUTHENTICATE): New define.
-       (cmd_internal_authenticate): New function.
-       (cmds): Added INS_INTERNAL_AUTHENTICATE.
-       (cmd_change_password): Use BY_USER.
-       (cmd_reset_user_password): Use BY_USER, BY_RESETCODE, BY_ADMIN.
-       (cmd_pso): Load GPG_KEY_FOR_DECRYPTION here.
-       (cmd_pso): Removed adding status word into res_APDU...
-       * src/call-rsa.c (rsa_sign): and moved adding status word into
-       res_APDU here.
-
-       * src/ac.c (pw1_keystring): New variable.
-       (ac_reset_pso_other): Clear pw1_keystring.
-       (verify_pso_cds): Use BY_USER.
-       (verify_pso_other): Just check the length of password here, and
-       defer real check to cmd_pso or cmd_internal_authenticate.
-
-2010-10-14  NIIBE Yutaka  <gniibe@fsij.org>
-
-       Adding 'configure' support.
-       * src/configure: New file.
-       * src/Makefile.in: Renamed from src/Makefile.
-       * src/config.h: Renamed from src/config.h.
-       * src/gnuk.ld: Renamed from src/gnuk.ld.
-
-       Adding DFU_SUPPORT.
-       * boards/common/hwinit0.c: New file adding DFU_SUPPORT.
-       * boards/common/hwinit1.c: New file.
-       * boards/OLIMEX_STM32_H103/board.c: Include config.h.
-       Use common/hwinit0.c and common/hwinit1.c.
-       * boards/STM32_PRIMER2/board.c: Likewise.
-
-2010-09-16  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/usb-icc.c (icc_error): New function.
-       (icc_handle_data): Call icc_error.
-       Don't go to STATE_START on errors.
-
-2010-09-13  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * Version 0.2.
-
-       * src/openpgp.c (cmd_select_file): Override data of number_of_bytes.
-
-       * src/openpgp-do.c (gpg_do_table_init): Calculate number of byte
-       which Data Objects consumes.
-
-2010-09-12  Kaz Kojima <kkojima@rr.iij4u.or.jp>
-
-       * src/call-rsa.c (rsa_decrypt): Debug output only when DEBUG.
-
-       * boards/STM32_PRIMER2/hw_config.c (USB_Cable_Config): Fix GPIO.
-       (set_led): Ditto.
-
-       * boards/STM32_PRIMER2/board.c (hwinit1): Added LED initialization.
-
-2010-09-11  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/usb-icc.c (ATR): Fixed.
-       (icc_send_params): New function.
-       (icc_handle_data): Handle ICC_SET_PARAMS request.
-
-       * src/random.c (random_bytes_get, random_bytes_free, get_random):
-       Clear used random bytes.
-
-       * src/flash.c (flash_clear_halfword): New function.
-
-2010-09-10  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * Version 0.1.
-
-       * src/usb_desc.c (gnukStringSerial): Change the value so that
-       libccid doesn't get confused.
-
-       * src/openpgp.c (gpg_change_keystring): Support key for decryption
-       as well.
-       (cmd_read_binary): Use openpgpcard_aid.
-       (cmd_pso): call ac_reset_pso_other.
-
-       * src/openpgp-do.c (openpgpcard_aid): Renamed from aid, and exported.
-       (do_ds_count_initial_value): New const variable.
-       (num_prv_keys): New variable.
-       (gpg_do_write_prvkey): Remove contents of keystring only if
-       ++num_prv_keys == NUM_ALL_PRV_KEYS.
-       (gpg_do_chks_prvkey): Call flash_do_release.
-       (gpg_do_table_init): Initialize with do_ds_count_initial_value.
-       Initialize num_prv_keys.
-       (gpg_do_write_simple): Support removing DO.
-       (gpg_do_increment_digital_signature_counter): Call flash_do_release.
-
-       * src/gnuk.h (NUM_ALL_PRV_KEYS): New definition.
-       (OPENPGP_CARD_INITIAL_PW1): New definition.
-       (enum kind_of_key): Rename.
-
-       * src/ac.c (ac_reset_pso_cds): New function.
-
-2010-09-09  Kaz Kojima  <kkojima@rr.iij4u.or.jp>
-
-       * boards/STM32_PRIMER2/{board.c,board.h,board.mk,hw_config.c,mcuconf.h}:
-       New files.
-
-       * boards/OLIMEX_STM32_H103/{mcuconf.h,hw_config.c}: Moved from src.
-
-       * src/main.c (main): Use set_led instead of palClearPad directly.
-
-2010-09-08  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * src/ac.c (calc_md): Make SHA1 variable auto.
-
-       * src/debug.c (put_int): New.
-
-       * src/gnuk.ld (__process_stack_size__): Removed.
-
-       * src/main.c (STDOUTthread): Use Event.
-       (main): Make LED ON during command execution, blink usually.
-
-       * src/openpgp-do.c (encrypt, decrypt): Make AES variables auto.
-       (gpg_do_table): GPG_DO_ALG_AUT is NULL.
-
-       * src/openpgp.c (cmd_pso): Bug fix for extended Lc.
-
-       * src/usb-icc.c (icc_power_off): Make LED ON during command
-       execution.
-       (USB_ICC_TIMEOUT): Longer value (was: 1000).
-
-       * src/usb_desc.c (gnukConfigDescriptor): Fix bcdCCID value.
-
-       * src/vcomport.mk (VCOMSRC): Use our own usb_endp.c.
-
-       * src/usb_desc.c (gnukConfigDescriptor): ICC Descriptor is
-       Revision 1.0.
-
-       * polarssl-0.14.0/include/polarssl/config.h: Commend out
-       POLARSSL_SELF_TEST.
-
-       * polarssl-0.14.0/library/rsa.c (rsa_private): Don't check input,
-       so that we don't access ctx->N.
-       (rsa_pkcs1_decrypt): size of BUF is enough as 256.
-
-       * polarssl-0.14.0/library/sha1.c (sha1_file): #if-out to avoid
-       stdio of libc.
-
-       * polarssl-0.14.0/library/bignum.c (mpi_write_hlp)
-       (mpi_write_string, mpi_read_file, mpi_read_file): #if-out to avoid
-       stdio of libc.
-
-2010-09-07  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * gnuk.svg: New file.
-
-2010-09-06  NIIBE Yutaka  <gniibe@fsij.org>
-
-       * Initial version 0.0.
diff --git a/ChangeLog-1_0 b/ChangeLog-1_0
new file mode 100644 (file)
index 0000000..84b5bc6
--- /dev/null
@@ -0,0 +1,2477 @@
+2013-02-15  Niibe Yutaka  <gniibe@fsij.org>
+
+       * Version 1.0.2.
+       * src/usb_desc.c (gnukStringSerial): Updated.
+
+2013-02-14  Niibe Yutaka  <gniibe@fsij.org>
+
+       * test/features/002_get_data_static.feature: Value of extended
+       capabilities changed.
+       * test/features/402_get_data_static.feature: Ditto.
+       * test/features/802_get_data_static.feature: Ditto.
+
+       * src/openpgp.c (cmd_write_binary): Move erasing page of update
+       keys to...
+       (modify_binary): ...here.
+
+       * src/flash.c (flash_write_binary): Handle removal of update keys.
+
+2013-02-13  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/openpgp.c (cmd_get_challenge): Handle Le field.
+
+       * src/openpgp-do.c (extended_capabilities): Fix for GET CHALLENGE.
+
+       * src/gnuk.h (CHALLENGE_LEN): Moved here (was: openpgp.c).
+
+       * tool/gnuk_token.py (iso7816_compose): Add Le field.
+
+2013-01-30  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/openpgp.c (cmd_external_authenticate): Fix off-by-one error.
+
+       * tool/gnuk_token.py (gnuk_token.cmd_external_authenticate): Add
+       KEYNO to the arguments.
+
+       * tool/upgrade_by_passwd.py (main): Explicitly say it's KEYNO.
+
+2013-01-28  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/openpgp-do.c (gpg_pw_get_retry_counter): New.
+       * src/openpgp.c (cmd_verify): Implement VERIFY with empty data.
+
+2013-01-22  Niibe Yutaka  <gniibe@fsij.org>
+
+       * tool/pinpadtest.py (Card.cmd_vega_alpha_disable_empty_verify):
+       New.
+       (main): call cmd_vega_alpha_disable_empty_verify if it's
+       COVADIS_VEGA_ALPHA.
+
+2013-01-21  Niibe Yutaka  <gniibe@fsij.org>
+
+       * tool/pageant_proxy_to_gpg.py: New.
+       * tool/sexp.py: New.
+
+2013-01-20  Niibe Yutaka  <gniibe@fsij.org>
+
+       * tool/gpg_agent.py: New.
+
+2013-01-11  Niibe Yutaka  <gniibe@fsij.org>
+
+       * tool/pinpadtest.py: Add fixed length input.
+
+2012-12-25  Niibe Yutaka  <gniibe@fsij.org>
+
+       * tool/rsa.py: New.
+
+       * tool/rsa_example.key: New.  Example RSA key information.
+
+       * tool/upgrade_by_passwd.py: New.
+
+2012-12-19  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/Makefile.in (USE_OPT): -O3 and -Os (was: -O2).
+
+       * tool/gnuk_token.py (gnuk_token.stop_gnuk, gnuk_token.mem_info)
+       (gnuk_token.download, gnuk_token.execute)
+       (gnuk_token.cmd_get_challenge)
+       (gnuk_token.cmd_external_authenticate): New.
+       (gnuk_devices_by_vidpid): New.
+       (regnual): New.
+
+2012-12-18  Niibe Yutaka  <gniibe@fsij.org>
+
+       * test/gnuk.py: Remove.
+
+       * test/features/steps.py: Use tool/gnuk_token.py.
+
+       * tool/gnuk_put_binary_libusb.py: Use gnuk_token.py.
+       (main): Follow the API change.
+
+       * tool/gnuk_token.py (list_to_string): New.
+       (gnuk_token.get_string, gnuk_token.increment_seq)
+       (gnuk_token.reset_device, gnuk_token.release_gnuk): New.
+       (gnuk_token.icc_power_on): Set self.atr and it's now string.
+       (gnuk_token.icc_send_cmd): Handle time extension.
+       (gnuk_token.cmd_get_response): Return string (was: list).
+       (gnuk_token.cmd_get_data): Return "" when success.
+       (gnuk_token.cmd_change_reference_data, gnuk_token.cmd_put_data)
+       (gnuk_token.cmd_put_data_odd)
+       (gnuk_token.cmd_reset_retry_counter, gnuk_token.cmd_pso)
+       (gnuk_token.cmd_pso_longdata)
+       (gnuk_token.cmd_internal_authenticate, gnuk_token.cmd_genkey)
+       (gnuk_token.cmd_get_public_key): New.
+       (compare): New.
+       (get_gnuk_device): New.
+
+2012-12-14  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/openpgp.c (cmd_change_password): Check password length
+       for admin less mode.
+
+2012-12-13  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/openpgp-do.c (gpg_do_put_data): Add GPG_SUCCESS for
+       completeness (it worked because of lower layer goodness).
+
+2012-12-12  Niibe Yutaka  <gniibe@fsij.org>
+
+       * tool/gnuk_token.py: Add module imports.
+
+       * tool/gnuk_remove_keys.py (main): Fix data object number
+       for KGTIME_SIG, KGTIME_DEC and KGTIME_AUT.
+
+       * tool/gnuk_remove_keys_libusb.py (main): Likewise.
+
+2012-12-05  Niibe Yutaka  <gniibe@fsij.org>
+
+       * tool/gnuk_remove_keys_libusb.py: New.
+       * tool/gnuk_token.py: New.
+
+2012-11-07  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/usb-icc.c (icc_send_data_block_internal): New.
+       (icc_send_data_block_time_extension): New.
+       (icc_handle_timeout): Use icc_send_data_block_time_extension.
+       (icc_send_data_block): Only one argument.
+       (USBthread): Follow the change.
+
+2012-11-01  Niibe Yutaka  <gniibe@fsij.org>
+
+       * tool/gnuk_upgrade.py (main): New option '-k' to specify keygrip
+       for non-smartcard key.
+       (gpg_sign): Support non-smartcard key.
+
+2012-10-31  Niibe Yutaka  <gniibe@fsij.org>
+
+       * tool/get_raw_public_key.py: New.
+
+2012-10-26  Niibe Yutaka  <gniibe@fsij.org>
+
+       * GNUK_USB_DEVICE_ID (Product_STRING): It's considered better not
+       to include vendor name.  Change the name to "Gnuk Token" (was:
+       FSIJ USB Token).
+
+2012-10-13  Niibe Yutaka  <gniibe@fsij.org>
+
+       * boards/STBEE_MINI/board.c [!DFU_SUPPORT] (hwinit1): Don't run
+       when "user switch" is pushed.  This is for JTAG/SWD debugger.
+
+2012-09-25  Niibe Yutaka  <gniibe@fsij.org>
+
+       * tool/stlinkv2.py (main): Print out option bytes value.
+       Call reset_sys before blank_check.
+
+2012-09-18  Niibe Yutaka  <gniibe@fsij.org>
+
+       * tool/stlinkv2.py (stlinkv2.option_bytes_erase)
+       (stlinkv2.flash_erase_all, stlinkv2.flash_erase_page): : Fix
+       OperationFailure (was OperationError).
+       (main): Call option_bytes_erase if it's not 0xff.
+
+2012-09-12  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/sha256.c: Include <stdint.h>.
+
+       * src/sha256.h (SHA256_DIGEST_SIZE, SHA256_BLOCK_SIZE): Move
+       from sha256.c.
+
+2012-08-29  Niibe Yutaka  <gniibe@fsij.org>
+
+       * tool/hub_ctrl.py (__main__): Fix to busnum (was: bunum).
+       Thanks to Henry Hu.
+
+2012-08-03  Niibe Yutaka  <gniibe@fsij.org>
+
+       * Version 1.0.1.
+       * src/usb_desc.c (gnukStringSerial): Updated.
+       * src/main.c (ID_OFFSET): Fix.
+
+2012-08-02  Niibe Yutaka  <gniibe@fsij.org>
+
+       * test/gnuk.py (gnuk_token.get_string): New.
+       * test/features/991_version_string.feature: New.
+
+2012-07-21  Niibe Yutaka  <gniibe@fsij.org>
+
+       * Version 1.0.
+       * src/usb_desc.c (gnukStringSerial): Updated.
+
+       Documentation by Sphinx.
+       * doc/Makefile: New.
+       * doc/note: Old notes are moved here.
+
+2012-07-20  Niibe Yutaka  <gniibe@fsij.org>
+
+       * test/features/002_get_data_static.feature: Support CERTDO enabled
+       Gnuk for the test of extended capabilities.
+       * test/features/802_get_data_static.feature: Ditto.
+       * test/features/402_get_data_static.feature: Ditto.
+
+2012-07-10  Niibe Yutaka  <gniibe@fsij.org>
+
+       * test/features/*: Add test cases for PW1/PW3 of factory settings.
+
+       * test/features/202_keygen.feature: Add PSO signature test after
+       keygen.
+       * test/features/602_keygen.feature: Ditto.
+
+       Bug fix.
+       * src/openpgp-do.c (gpg_do_write_prvkey): Don't call ac_reset_*
+       here.
+       (proc_key_import): But call ac_reset_* here.
+       (gpg_do_keygen): Load private key for signing.
+
+       * tool/stlinkv2.py (stlinkv2.usb_disconnect): New.
+
+2012-07-09  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/openpgp.c (cmd_pso): For decryption, return error sooner for
+       invalid data.
+
+       * tool/stlinkv2.py (stlinkv2.setup_gpio): Fix GPIOB_CRL.
+
+       * test/rsa_keys.py (integer_to_bytes_256): Rename from
+       integer_to_bytes and it should be exactly 256-byte long.
+
+2012-07-06  Niibe Yutaka  <gniibe@fsij.org>
+
+       * Version 0.21.
+       * src/usb_desc.c (gnukStringSerial): Updated.
+
+       * boards/FST_01/board.h (VAL_GPIOACRL): Change for SPI flash.
+       * tool/stlinkv2.py (stlinkv2.setup_gpio): Likewise.
+       (stlinkv2.spi_flash_init, stlinkv2.spi_flash_select)
+       (stlinkv2.spi_flash_sendbyte, stlinkv2.spi_flash_read_id): New.
+       (main): Add SPI flash ROM id check.
+
+2012-07-05  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/call-rsa.c (rsa_sign, rsa_decrypt): Don't need to setup N.
+
+       * polarssl-0.14.0/library/rsa.c (rsa_check_pubkey)
+       (rsa_check_privkey): Ifdef-out.
+
+       More tests.
+       * test/*: Add tests for admin-less mode.
+       * test/features/990_reset_passphrase.feature: This is now for
+       admin-less mode.
+       * test/features/970_key_removal.feature: Ditto.
+
+       * src/openpgp.c (cmd_change_password): Call ac_reset_admin when
+       admin-less mode.
+       (cmd_reset_user_password): Likewise.
+
+       * src/ac.c (ac_reset_admin, ac_fini): Clear ADMIN_AUTHORIZED.
+
+       Bug fix.
+       * src/ac.c (verify_admin): Call s2k with ADMIN_AUTHORIZED.
+
+2012-07-04  Niibe Yutaka  <gniibe@fsij.org>
+
+       Bug fixes.
+       * src/ac.c (verify_admin_0): Compare PW_LEN and BUF_LEN.
+
+       * src/openpgp-do.c (gpg_do_chks_prvkey): Set do_ptr to NULL before
+       calling flash_do_write (which might cause GC).
+       (gpg_do_put_data, gpg_do_write_simple): Likewise.
+
+       * src/openpgp.c (cmd_reset_user_password): Write to
+       DO_KEYSTRING_PW1.
+
+2012-07-03  Niibe Yutaka  <gniibe@fsij.org>
+
+       * test/features/040_passphrase_change.feature: New.
+       * test/features/203_passphrase_change.feature: New.
+       * test/features/210_compute_signature.feature: Rename (was:
+       203_compute_signature.feature)
+       * test/features/211_decryption.feature: Rename (was:
+       204_decryption.feature)
+
+2012-07-02  Niibe Yutaka  <gniibe@fsij.org>
+
+       * tool/stlinkv2.py (stlinkv2.__init__): Don't call setAltInterface.
+
+2012-06-30  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/openpgp.c (s2k): New.
+       (resetcode_s2k): Remove.
+       (cmd_reset_user_password, cmd_change_password): Use s2k (was:
+       sha256 directly or resetcode_s2k).
+       * src/openpgp-do.c (proc_resetting_code, gpg_do_write_prvkey):
+       Likewise.
+       * src/ac.c (verify_user_0, verify_admin): Likewise.
+
+2012-06-29  Niibe Yutaka  <gniibe@fsij.org>
+
+       * regnual/Makefile: Don't copy usb_lld.c.
+
+2012-06-28  Niibe Yutaka  <gniibe@fsij.org>
+
+       * test/features/204_decryption.feature: New.
+       * test/features/203_compute_signature.feature: New.
+       * test/features/202_keygen.feature: New.
+       * test/features/201_setup_passphrase.feature: New.
+       * test/features/200_key_removal.feature: New.
+
+       * test/rsa_keys.py (verify_signature): New.
+       (encrypt_with_pubkey): New.
+
+       * test/gnuk.py (gnuk_token): New method: increment_seq.
+       (gnuk_token.icc_send_cmd): Handle timeout.
+       (gnuk_token.cmd_genkey): New.
+       (gnuk_token.cmd_get_public_key): New.
+
+2012-06-27  Niibe Yutaka  <gniibe@fsij.org>
+
+       * test/features/101_decryption.feature: New.
+       * test/features/100_compute_signature.feature: New.
+
+       * src/openpgp-do.c (gpg_do_chks_prvkey): Call flash_do_release before
+       flash_do_write.
+       (gpg_do_write_prvkey): Bug fix when GC occurs.
+
+       * src/openpgp.c (cmd_change_password): Support resetting to
+       factory setting of PW3.
+
+       * src/openpgp-do.c (gpg_do_write_prvkey): Don't reset signagure
+       counter here.
+       (proc_key_import): But reset here.
+       Call ac_reset_* when key is imported.
+
+2012-06-26  Niibe Yutaka  <gniibe@fsij.org>
+
+       * test: New.
+
+2012-06-25  Niibe Yutaka  <gniibe@fsij.org>
+
+       * tool/usb_strings.py: New.
+
+2012-06-22  Niibe Yutaka  <gniibe@fsij.org>
+
+       * tool/stlinkv2.py (stlinkv2.blank_check): Add blank check of
+       Flash ROM.
+
+2012-06-21  Niibe Yutaka  <gniibe@fsij.org>
+
+       * tool/asm-thumb/blank_check.S: New.
+
+2012-06-20  Niibe Yutaka  <gniibe@fsij.org>
+
+       ST-Link/V2 flash ROM writer.
+       * tool/stlinkv2.py: New.
+       * tool/asm-thumb/opt_bytes_write.S: New.
+       * tool/asm-thumb/flash_write.S: New.
+
+2012-06-19  Niibe Yutaka  <gniibe@fsij.org>
+
+       * Version 0.20.
+
+       * src/usb_desc.c (gnukStringSerial): Updated.
+
+2012-06-18  Niibe Yutaka  <gniibe@fsij.org>
+
+       LED display output change.
+       * src/main.c (MAIN_TIMEOUT_INTERVAL): New.
+       (LED_TIMEOUT_INTERVAL, etc.): New values.
+       (main_mode, display_interaction): Remove.
+       (led_inverted, emit_led): New.
+       (display_status_code): Use emit_led.
+       (led_blink): Use LED_* for SPEC.
+       (main, fatal): New LED display output.
+       * src/gnuk.h (LED_ONESHOT, LED_TWOSHOTS, LED_SHOW_STATUS)
+       (LED_START_COMMAND, LED_FINISH_COMMAND, LED_FATAL): New semantics.
+       (main_thread): Remove.
+       * src/openpgp-do.c (gpg_do_keygen): Don't touch LED here.
+       * src/openpgp.c (get_pinpad_input): Call led_blink.
+       (cmd_pso, cmd_internal_authenticate): Don't touch LED here.
+       (GPGthread): Call led_blink.
+       * src/pin-cir.c (pinpad_getline): Change arg of led_blink.
+       * src/pin-dnd.c (pinpad_getline): Ditto.
+       * src/usb-icc.c (icc_handle_timeout): Ditto.
+       (icc_send_status): Call led_blink.
+       * src/usb_ctrl.c (gnuk_usb_event): Don't touch LED here.
+
+2012-06-16  Niibe Yutaka  <gniibe@fsij.org>
+
+       Use SHA256 format for "external authenticate".
+       * tool/gnuk_upgrade.py (gpg_sign): SHA256 sign by "SCD PKAUTH".
+       (main): Not specify keygrip, but always use key for authentication.
+       * src/call-rsa.c (rsa_verify): It is SHA256 format (was: SHA1).
+       * src/openpgp.c (cmd_get_challenge): Don't add chip-id prefix.
+       (cmd_external_authenticate): Likewise.
+
+2012-06-15  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/random.c (random_bytes_free): Clear out random bytes.
+
+       More protection improvements.
+       * src/random.c (RANDOM_BYTES_LENGTH): It's 32 now (was: 16).
+       * src/gnuk.h (struct key_data_internal): Remove check, random,
+       magic.  Add checksum.
+       (struct prvkey_data): Remove crm_encrypted.  Add iv and
+       checksum_encrypted.
+       * src/openpgp-do.c (encrypt, decrypt): Add IV argument.
+       (encrypt_dek, decrypt_dek): New.  It's in ECB mode.
+       (compute_key_data_checksum): New.
+       (gpg_do_load_prvkey): Handle initial vector and checksum.
+       Use decrypt_dek to decrypt DEK.  Clear DEK after use.
+       (calc_check32):Remove.
+       (gpg_do_write_prvkey): Use encrypt_dek to encrypt DEK.
+       (gpg_do_chks_prvkey): Likewise.
+
+       * polarssl-0.14.0/include/polarssl/aes.h (aes_crypt_cbc)
+       * polarssl-0.14.0/library/aes.c (aes_crypt_cbc): ifdef-out.
+
+       * src/configure (--enable-pinpad): Deprecate DND.
+
+2012-06-14  Niibe Yutaka  <gniibe@fsij.org>
+
+       Protection improvement.
+       * src/openpgp.c (resetcode_s2k): New.
+       (cmd_reset_user_password): Use resetcode_s2k.
+       * src/openpgp-do.c (proc_resetting_code): Likewise.
+
+       * src/sha256.c (sha256_finish): Clear out CTX at the end.
+
+       * src/call-rsa.c (rsa_sign, rsa_decrypt, rsa_verify): Use
+       mpi_lset (was: mpi_read_string).
+       * polarssl-0.14.0/library/bignum.c (mpi_get_digit)
+       (mpi_read_string): ifdef-out.
+
+       KDF is now SHA-256 (was: SHA1).
+       * src/sha256.c: New file.  Based on the implementation by Dr Brian
+       Gladman.
+       * src/openpgp.c (cmd_change_password, cmd_reset_user_password):
+       Use sha256.
+       * src/openpgp-do.c (proc_resetting_code, gpg_do_write_prvkey): Likewise.
+       * src/ac.c (verify_user_0, calc_md, verify_admin): Likewise.
+       * src/crypt.mk (CRYPTSRC): Add sha256.c, removing sha1.c.
+       * src/gnuk.h (KEYSTRING_MD_SIZE): It's 32 for SHA-256.
+
+2012-06-13  Niibe Yutaka  <gniibe@fsij.org>
+
+       Bug fixes.
+       * src/main.c (display_interaction): Assign to main_mode.
+       * src/openpgp.c (cmd_change_password): Bug fix for admin less mode
+       to admin full mode.  Variable who_old should be admin_authorized.
+
+       Key generation is configure option.
+       * src/configure (keygen): Add --enable-keygen option.
+       * src/Makefile.in (UDEFS): Add definition of KEYGEN_SUPPORT.
+       * src/call-rsa.c [KEYGEN_SUPPORT] (rsa_genkey): Conditionalize.
+       * src/random.c [KEYGEN_SUPPORT] (random_byte): Ditto.
+       * src/openpgp.c [KEYGEN_SUPPORT] (cmd_pgp_gakp): Ditto.
+       * src/openpgp-do.c [KEYGEN_SUPPORT] (gpg_do_keygen): Ditto.
+       * polarssl-0.14.0/include/polarssl/config.h: Ditto.
+       * polarssl-0.14.0/library/bignum.c [POLARSSL_GENPRIME]
+       (mpi_inv_mod): Unconditionalize.
+
+2012-06-08  Niibe Yutaka  <gniibe@fsij.org>
+
+       * polarssl-0.14.0/library/bignum.c (mpi_cmp_mpi): Bug fix.
+       Though it doesn't matter for Gnuk usage.
+
+       Emit LED light while computation (or asking user input).
+       * src/usb-icc.c (icc_handle_timeout): Call led_blink.
+       * src/openpgp.c (cmd_pso, cmd_internal_authenticate): Call
+       LED_WAIT_MODE, LED_STATUS_MODE to show "it's under computation".
+       * src/openpgp-do.c (gpg_do_keygen): Ditto.
+       * src/gnuk.h (LED_WAIT_MODE): Rename (was: LED_INPUT_MODE).
+       * src/main.c (display_interaction): Change the behavior of LED,
+       now, it's mostly ON (was: mostly OFF).
+
+2012-06-07  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/openpgp.c (cmd_internal_authenticate): Add check for input
+       length.
+
+       Implement key generation.
+       * src/openpgp.c (cmd_pgp_gakp): Call gpg_do_keygen.
+       * src/openpgp-do.c (proc_key_import): Call with modulus = NULL.
+       (gpg_do_keygen): New function.
+       (gpg_reset_digital_signature_counter): New function.
+       (gpg_do_write_prvkey): New argument MODULUS.  Call
+       gpg_reset_digital_signature_counter.
+       * src/call-rsa.c (rsa_genkey): New function.
+       * src/random.c (random_byte): New function.
+
+       PolarSSL modification.
+       * polarssl-0.14.0/library/rsa.c (rsa_gen_key): Don't set D, DP,
+       DQ, and QP.  It's only for key generation.
+       * polarssl-0.14.0/library/rsa.c (rsa_gen_key, rsa_pkcs1_encrypt):
+       Change f_rng function return type.
+       * polarssl-0.14.0/include/polarssl/rsa.h: Likewise.
+       * polarssl-0.14.0/library/bignum.c (mpi_is_prime, mpi_gen_prime):
+       Change f_rng function return type.
+       * polarssl-0.14.0/include/polarssl/bignum.h: Likewise.
+
+2012-06-06  Niibe Yutaka  <gniibe@fsij.org>
+
+       * Version 0.19.
+
+       * src/usb_desc.c (gnukStringSerial): Updated.
+
+       * regnual/regnual.c (fetch): Better implementation.
+
+2012-06-05  Niibe Yutaka  <gniibe@fsij.org>
+
+       Firmware update key handling.
+       * tool/gnuk_put_binary.py (GnukToken.cmd_get_response): Handle
+       larger data such as card holder certificate.
+       (GnukToken.cmd_write_binary): Bug fix for cert do write.
+       (GnukToken.cmd_read_binary): New.
+       (main): Support firmware update key.
+
+       Take advantage of the Thumb-2 "rbit" instruction.
+       * regnual/regnual.c (fetch): Reverse bits.
+       * src/usb_ctrl.c (rbit): New.  Deleted reverse32.
+       (download_check_crc32): Use rbit.
+       * tool/gnuk_upgrade.py (crc32): Just use binascii.crc32.
+       (crctab): Remove.
+
+2012-06-04  Niibe Yutaka  <gniibe@fsij.org>
+
+       Card holder certificate data object bug fixes.
+       * tool/gnuk_put_binary_libusb.py (gnuk_token.cmd_get_response):
+       Handle larger data such as card holder certificate.
+       * src/flash.c (flash_write_binary): Bug fix.  Call
+       flash_check_blank with p + offset.
+       * src/gnuk.h (FLASH_CH_CERTIFICATE_SIZE): Define here (was: flash.c).
+
+       Implement CRC32 check for firmware update.
+       * src/usb_ctrl.c (download_check_crc32): New.
+       * regnual/regnual.c (calc_crc32): New.
+       (regnual_ctrl_write_finish): Call calc_crc32.
+       * tool/gnuk_upgrade.py (crc32): New.
+       (regnual.download): Check crc32code.
+
+       * regnual/regnual.c (regnual_ctrl_write_finish): Bug fix.
+
+2012-06-01  Niibe Yutaka  <gniibe@fsij.org>
+
+       Support firmware update with public key authentication.
+       * tool/gnuk_upgrade.py (gpg_sign): New.
+       * tool/gnuk_put_binary_libusb.py (main): Support firmware update
+       key registration.
+
+       Update of reGNUal.
+       * regnual/regnual.c (main): Follow the change of usb_lld_init.
+       (regnual_config_desc): Include interface descriptor.
+       (usb-strings.c.inc): Change the file name.
+       * regnual/Makefile (regnual.o): Depend on sys.h.
+       * src/configure (usb-strings.c.inc): ifdef-out
+       gnuk_revision_detail and gnuk_config_options (for reGNUal).
+       * src/usb_desc.c (USB_STRINGS_FOR_GNUK): Define.
+
+       USB bug fixes.
+       * src/usb_ctrl.c (gnuk_usb_event): Bug fix for handling
+       USB_EVENT_CONFIG.  Do nothing when current_conf == value.
+       * src/usb_lld.c (std_clear_feature): Bug fix.  Always clear DTOG.
+       (usb_lld_init): New argument for FEATURE.
+
+2012-05-31  Niibe Yutaka  <gniibe@fsij.org>
+
+       * polarssl-0.14.0/library/rsa.c (rsa_pkcs1_verify): BUF size is
+       256 (was: 1024).
+       * src/call-rsa.c (rsa_verify): It's SIG_RSA_SHA1.
+       * src/openpgp.c (cmd_external_authenticate): Follow the change of
+       rsa_verify.
+
+       Support "firmware update" keys.
+       * src/flash.c (flash_write_binary): Support update keys.
+       * src/gnuk.h (FILEID_UPDATE_KEY_0, FILEID_UPDATE_KEY_1)
+       (FILEID_UPDATE_KEY_2,FILEID_UPDATE_KEY_3): New.
+       * src/gnuk.ld.in (_updatekey_store): New.
+       * src/openpgp.c (FILE_EF_UPDATE_KEY_0, FILE_EF_UPDATE_KEY_1)
+       (FILE_EF_UPDATE_KEY_2, FILE_EF_UPDATE_KEY_3): New.
+       (gpg_get_firmware_update_key): New.
+       (cmd_read_binary): Support update keys and certificate.
+       (modify_binary): New.
+       (cmd_update_binary, cmd_write_binary): Use modify_binary.
+       (cmd_external_authenticate): Support up to four keys.
+
+       Version string of system service is now USB string.
+       * src/sys.h (unique_device_id): Define here, not as system
+       service.
+       * src/sys.c (sys_version): Version string for system service.
+       * src/usb_desc.c (String_Descriptors): Add sys_version.
+       * src/usb_conf.h (NUM_STRING_DESC): 7 (was: 6).
+       * src/gnuk.ld.in (.sys.version): New section.
+
+2012-05-30  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/openpgp.c (CHALLENGE_LEN): New.
+       (cmd_external_authenticate): Authentication by response with
+       public key.
+       (cmd_get_challenge): 16-byte is enough for challenge.
+
+2012-05-29  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/call-rsa.c (rsa_verify): New function.
+
+       * polarssl-0.14.0/include/polarssl/rsa.h (rsa_pkcs1_verify)
+       * polarssl-0.14.0/library/rsa.c (rsa_pkcs1_verify): Fix API.
+
+       * src/usb_conf.h (NUM_STRING_DESC): Incremented to 6 (was: 4).
+       * src/configure: Generate strings for revision detail and config
+       options.
+       * src/usb_desc.c (gnuk_revision_detail, gnuk_config_options): New.
+
+       * src/main.c (main) [DFU_SUPPORT]: Kill DFU and install .sys.
+
+       * src/config.h.in (FLASH_PAGE_SIZE): New.
+       * src/configure: Support FLASH_PAGE_SIZE for config.h
+       * boards/*/board.h (FLASH_PAGE_SIZE): Remove.
+       * src/flash.c (FLASH_PAGE_SIZE): Remove.
+
+       * src/sys.c (reset): Don't depend if DFU_SUPPORT or not.
+       (flash_erase_all_and_exec): Rename and change the argument.
+       * src/gnuk.ld.in (__flash_start__): Real flash ROM address,
+       regardless of DFU_SUPPORT.
+       * src/main.c (main): Call flash_erase_all_and_exec with SRAM
+       address.
+
+       * polarssl-0.14.0/library/aes.c (FT0, FT1, FT2): Specify sections
+       in detail, so that addresses won't be affected by compiler.
+       * src/gnuk.ld.in (.sys): Define sections in detail.
+
+       * boards/STBEE_MINI/board.h (SET_USB_CONDITION, GPIO_USB)
+       (IOPORT_USB, SET_LED_CONDITION, GPIO_LED, IOPORT_LED)
+       (FLASH_PAGE_SIZE): New.
+       * boards/STBEE_MINI/board.c (USB_Cable_Config, set_led): Remove.
+
+       * boards/STBEE/board.h (SET_USB_CONDITION, GPIO_USB, IOPORT_USB)
+       (SET_LED_CONDITION, GPIO_LED, IOPORT_LED, FLASH_PAGE_SIZE): New.
+       * boards/STBEE/board.c (USB_Cable_Config, set_led): Remove.
+
+       * boards/CQ_STARM/board.h (SET_USB_CONDITION)
+       (SET_LED_CONDITION, GPIO_LED, IOPORT_LED, FLASH_PAGE_SIZE): New.
+       * boards/CQ_STARM/board.c (USB_Cable_Config, set_led): Remove.
+
+2012-05-28  Niibe Yutaka  <gniibe@fsij.org>
+
+       * boards/*/board.c (hwinit0): Removed...
+       * boards/common/hwinit.c (hwinit0): ... and define here.
+       (hwinit0) [DFU_SUPPORT]:  Don't set SCB->VTOR here.
+       * src/sys.c (reset) [DFU_SUPPORT]: Set SCB->VTOR here.
+       (flash_write): Range check.
+
+       * polarssl-0.14.0/library/aes.c (FT0, FT1, FT2): Specify the
+       section ".sys", so that we will have more room for flash ROM.
+       * src/gnuk.ld.in (.sys): Add alignment settings.
+
+       * tool/gnuk_upgrade.py (main): First 4096-byte of Gnuk is system
+       block.  Don't send it to reGNUal.
+
+       * regnual/sys.c (entry): Fix clearing BSS.  It is called with all
+       interrupts disabled.
+
+       * regnual/regnual.ld (_flash_start): It's 0x08001000 now, because
+       there is system block now (was: 0x08000000).
+
+2012-05-26  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/sys.c (reset): Set SCR->VCR here.
+
+2012-05-25  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/gnuk.ld.in (.sys): New section.
+
+       * boards/OLIMEX_STM32_H103/board.h (SET_USB_CONDITION, GPIO_USB)
+       (IOPORT_USB, SET_LED_CONDITION, GPIO_LED, IOPORT_LED)
+       (FLASH_PAGE_SIZE): New.
+       * boards/OLIMEX_STM32_H103/board.c (USB_Cable_Config, set_led):
+       Remove.
+
+       * boards/STM32_PRIMER2/board.h (SET_USB_CONDITION, GPIO_USB)
+       (IOPORT_USB, SET_LED_CONDITION, GPIO_LED, IOPORT_LED)
+       (FLASH_PAGE_SIZE): New.
+       * boards/STM32_PRIMER2/board.c (USB_Cable_Config, set_led):
+       Remove.
+
+       * boards/FST_01_00/board.h (SET_USB_CONDITION, GPIO_USB)
+       (IOPORT_USB, SET_LED_CONDITION, GPIO_LED, IOPORT_LED)
+       (FLASH_PAGE_SIZE): New.
+       * boards/FST_01_00/board.c (USB_Cable_Config, set_led): Remove.
+
+       * boards/FST_01/board.h (SET_USB_CONDITION, GPIO_USB, IOPORT_USB)
+       (SET_LED_CONDITION, GPIO_LED, IOPORT_LED, FLASH_PAGE_SIZE): New.
+       * boards/FST_01/board.c (USB_Cable_Config, set_led): Remove.
+
+       * regnual/sys-stm8s-discovery.h, sys-stbee.h: Remove.
+
+       * boards/STM8S_DISCOVERY/board.h (SET_USB_CONDITION)
+       (SET_LED_CONDITION, GPIO_LED, IOPORT_LED, FLASH_PAGE_SIZE): New.
+       * boards/STM8S_DISCOVERY/board.c (USB_Cable_Config, set_led):
+       Remove.
+
+       * regnual/Makefile: Add -I ../src to CFLAGS.
+
+       * regnual/regnual.ld (vector): New.
+
+       * regnual/sys.c: Remove implementation, but jump to vector by sys.h.
+
+       * src/Makefile.in: Follow change of files.
+
+       * src/configure: Undo changes of 2012-05-22.
+
+       * boards/common/hw_config.c: Remove.  Mov function to sys.c.
+       * src/flash.c: Move functions to sys.c.
+       * src/sys.c: New.
+
+       * src/main.c (main): Call flash_mass_erase_and_exec.
+
+       * src/usb_lld.c: Include sys.h.
+
+       * src/usb_lld_sys.c: Remove.  Move interrupt handler to...
+       * src/usb_ctrl.c: ... this file.
+
+       * regnual/sys.c (clock_init, gpio_init, flash_unlock): Removed.
+       (entry): Rename (was: reset).
+
+2012-05-24  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/main.c (good_bye): Care LSB of function pointer.
+       (flash_mass_erase_and_exec): Implemented in C.
+
+2012-05-23  Niibe Yutaka  <gniibe@fsij.org>
+
+       * regnual/sys-stm8s-discovery.h: New.
+
+       * src/main.c (flash_mass_erase_and_exec, good_bye): New.
+       (main): Call good_bye.
+
+       * tool/gnuk_upgrade.py (regnual.protect): New.
+       (main): Call regnual.protect().
+
+       * regnual/regnual.c (regnual_setup): Don't call flash_write here.
+       (regnual_ctrl_write_finish): But call here.
+       (USB_REGNUAL_RESULT): New.
+
+       * regnual/sys.c (flash_protect): New.
+
+2012-05-22  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/configure (../regnual/sys.h): Create symblic link.
+
+       * src/usb_ctrl.c: Rename (was: usb_prop.c).
+
+       * regnual/types.h, regnual/sys.c, regnual/regnual.ld: New.
+       * regnual/regnual.c, regnual/Makefile: New.
+       * regnual/sys-stbee.h: New.
+
+       * src/usb_lld.c: Support FREE_STANDING environment as well as
+       under ChibiOS/RT.
+       (usb_lld_init): Call usb_lld_sys_init.  Don't call user defined
+       method.  Call usb_lld_set_configuration.
+       (usb_lld_shutdown): Call usb_lld_sys_shutdown.
+       (Vector90): Move to usb_lld_sys.c.
+       (usb_interrupt_handler): Export to global.
+
+       * src/usb_lld_sys.c: New.
+
+       * src/usb_prop.c (Device_Method): Remove gnuk_device_init.
+       (gnuk_device_init): Remove.
+
+2012-05-19  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/usb_lld.c (handle_datastage_in): Bug fix, erable RX when
+       sending ZLP.  It will be possible to get OUT transaction soon
+       after IN transaction.
+
+2012-05-18  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/usb_lld.c (handle_datastage_out): Fix rx copying.
+       (handle_setup0): Bug fix not stalling TX, it will be possible
+       to go IN transaction, soon after OUT transaction.
+
+       * src/usb_lld.h (USB_SETUP_SET, USB_SETUP_GET): New.
+       (usb_device_method.ctrl_write_finish): New.
+       (usb_device_method.setup): Merge setup_with_data, and
+       setup_with_nodata.
+
+       * src/usb_lld.c (usb_lld_shutdown, usb_lld_prepare_shutdown): New.
+       (handle_setup0): Call ->setup.
+       (handle_in0): Call ->ctrl_write_finish.
+
+       * src/usb_prop.c (vcom_port_data_setup): Merge
+       vcom_port_setup_with_nodata.
+       (download_check_crc32): New.
+       (gnuk_setup): Merge gnuk_setup_with_data and
+       gnuk_setup_with_nodata.
+       (gnuk_ctrl_write_finish): New.
+
+2012-05-17  Niibe Yutaka  <gniibe@fsij.org>
+
+       * tool/gnuk_upgrade.py: New tool.
+
+       * src/gnuk.h (ICC_STATE_EXITED, ICC_STATE_EXEC_REQUESTED): New.
+
+       * src/openpgp.c (INS_EXTERNAL_AUTHENTICATE)
+       (cmd_external_authenticate): New.
+       (INS_GET_CHALLENGE, cmd_get_challenge): New.
+
+       * src/usb-icc.c (USBthread): Finish the thread with
+       ICC_STATE_EXITED, after EXTERNAL_AUTHENTICATE.
+
+       * src/usb_prop.c (gnuk_setup_endpoints_for_interface): Add STOP
+       argument.
+       (gnuk_usb_event): Disable all endpoints when configure(0).
+       (vcom_port_data_setup): Check direction and support
+       USB_CDC_REQ_SET_LINE_CODING.
+       (vcom_port_setup_with_nodata): Check direction.
+       (gnuk_setup_with_data): Check direction and add FSIJ_GNUK device
+       requests.
+       (gnuk_setup_with_nodata): Likewise.
+
+       * src/usb_lld.c (LAST_OUT_DATA): Remove.
+       (handle_datastage_out): Cleanup and call st103_ep_set_rxtx_status.
+       (handle_datastage_in): Call st103_ep_set_rxtx_status and
+       st103_ep_set_tx_status.
+       (handle_setup0): Likewise.
+       (handle_out0): Remove LAST_OUT_DATA.
+       (std_none, std_get_status, std_clear_feature, std_set_feature)
+       (std_set_address, std_get_descriptor, std_get_configuration)
+       (std_set_configuration, std_get_interface, std_set_interface):
+       Check direction.
+       (handle_setup0): Add length for setup_with_data.
+
+2012-05-16  Niibe Yutaka  <gniibe@fsij.org>
+
+       * tool/gnuk_put_binary.py (main): Fix fileid.
+       * tool/gnuk_put_binary_libusb.py: Ditto.
+
+       * src/openpgp.c (FILE_EF_RANDOM): Remove.
+       (cmd_update_binary, cmds): ifdef CERTDO_SUPPORT.
+       (cmd_write_binary): Fix fileid.
+
+       * src/flash.c (flash_check_blank): Always enable.
+       (flash_erase_binary): ifdef CERTDO_SUPPORT.
+       (flash_write_binary): Call flash_check_blank.
+
+2012-05-15  Niibe Yutaka  <gniibe@fsij.org>
+
+       * Version 0.18.
+
+       * src/usb_desc.c (gnukStringSerial): Updated.
+
+       * src/main.c (EP3_IN_Callback, EP5_OUT_Callback): Move from
+       usb_endp.c.
+
+       * src/usb_endp.c: Remove.
+
+2012-05-14  Niibe Yutaka  <gniibe@fsij.org>
+
+       * tool/gnuk_remove_keys.py: New.
+
+       * src/openpgp-do.c (proc_key_import): Fix checking extended header.
+
+       * src/hardclock.c: Remove.
+
+       * src/usb_prop.c (MSC_INTERFACE_NO): New.
+       (gnuk_setup_endpoints_for_interface): Cleanup with MSC_INTERFACE_NO.
+       (gnuk_setup_with_data, gnuk_setup_with_nodata): Likewise.
+
+       * src/usb-msc.c: Rename from usb_msc.c.
+
+       * src/usb-msc.h: Rename from usb_msc.h.
+
+       * src/Makefile.in: Follow the rename of usb-msc.c and remove of
+       hardclock.c.
+
+       * src/pin-dnd.c, src/usb_prop.c: Follow the rename of usb-msc.h.
+
+2012-05-12  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/usb_msc.c (ep6_out): Rename (was: ep7_out).
+       (usb_start_receive): Use ep6_out and ENDP6.
+       (EP6_OUT_Callback): Rename (was: EP7_OUT_Callback).
+       Use ep6_out and ENDP6.
+       (msc_handle_command): Use ep6_out and ENDP6.
+
+       * src/main.c (main): Wait USB reset.
+
+       * src/usb-icc.c (EP1_OUT_Callback): Rename from EP2_OUT_Callback.
+       (USBthread): Use ENDP1 for both of epi_init and epo_init.
+
+       * src/usb_conf.h (ENDP1_RXADDR, ENDP2_TXADDR, ENDP6_RXADDR): New.
+       (ENDP3_TXADDR, ENDP4_TXADDR, ENDP5_RXADDR): New value.
+       (ENDP7_RXADDR): Remove.
+
+       * src/usb_desc.c (gnukConfigDescriptor): Use endpoint OUT1 (was
+       IN2), endpoint OUT6 (IN7).
+
+       * src/usb_prop.c (gnuk_setup_endpoints_for_interface): Use ENDP1
+       and ENDP6 for both directions.
+
+2012-05-11  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/configure (--vidpid): New mandatory option.
+
+       * GNUK_USB_DEVICE_ID: New file.
+
+       * src/usb_desc.c (gnukDeviceDescriptor): Include
+       usb-vid-pid-ver.c.inc.
+       (gnukStringVendor, gnukStringProduct): Remove.  It's in the
+       file, usb-string-vender-product.c.inc.
+
+       * src/Makefile.in (distclean): Delete *.inc.
+
+       * src/usb_prop.c (vcom_port_setup_with_nodata) Rename.
+       (vcom_port_data_setup): Rename and fix return value.
+
+       * src/usb-cdc.h (VIRTUAL_COM_PORT_DATA_SIZE)
+       (VIRTUAL_COM_PORT_INT_SIZE): New.
+
+       * src/main.c (#include): Add usb-cdc.h.
+       * src/usb_desc.c (#include): Add usb-cdc.h.
+       * src/usb_endp.c (#include): Add usb_lld.h.
+
+       * src/configure ($help): Add FST_01.
+
+2012-05-10  Niibe Yutaka  <gniibe@fsij.org>
+
+       * STM32_USB-FS-Device_Driver, Virtual_COM_Port: Remove.
+
+       * src/usb_lld.c (#include): Don't include usb_lib.h.
+       (RECIPIENT, REG_BASE PMA_ADDR, CNTR, ISTR, FNR, DADDR, BTABLE)
+       (ISTR_CTR, ISTR_DOVR, ISTR_ERR, ISTR_WKUP, ISTR_SUSP, ISTR_RESET)
+       (ISTR_SOF, ISTR_ESOF, ISTR_DIR, ISTR_EP_ID, CLR_CTR, CLR_DOVR)
+       (CLR_ERR, CLR_WKUP, CLR_SUSP, CLR_RESET, CLR_SOF, CLR_ESOF)
+       (CNTR_CTRM, CNTR_DOVRM, CNTR_ERRM, CNTR_WKUPM, CNTR_SUSPM)
+       (CNTR_RESETM, CNTR_SOFM, CNTR_ESOFM, CNTR_RESUME, CNTR_FSUSP)
+       (CNTR_LPMODE, CNTR_PDWN, CNTR_FRES, DADDR_EF, DADDR_ADD)
+       (EP_CTR_RX, EP_DTOG_RX, EPRX_STAT, EP_SETUP, EP_T_FIELD, EP_KIND)
+       (EP_CTR_TX, EP_DTOG_TX, EPTX_STAT, EPADDR_FIELD, EPREG_MASK)
+       (EP_TX_DIS, EP_TX_STALL, EP_TX_NAK, EP_TX_VALID, EPTX_DTOG1)
+       (EPTX_DTOG2, EP_RX_DIS, EP_RX_STALL, EP_RX_NAK, EP_RX_VALID)
+       (EPRX_DTOG1, EPRX_DTOG2): New. Compatible to ST's USB-FS-Device_Lib.
+       (CH_IRQ_HANDLER): Call usb_interrupt_handler (was: USB_Istr).
+       (EP1_IN_Callback, EP2_IN_Callback, EP3_IN_Callback)
+       (EP4_IN_Callback, EP5_IN_Callback, EP6_IN_Callback)
+       (EP7_IN_Callback, EP1_OUT_Callback, EP2_OUT_Callback)
+       (EP3_OUT_Callback, EP4_OUT_Callback, EP5_OUT_Callback)
+       (EP6_OUT_Callback, EP7_OUT_Callback): New.  Implement here.
+       Compatible to ST's USB-FS-Device_Lib.
+       (USB_MAX_PACKET_SIZE): New.
+       (GET_STATUS, CLEAR_FEATURE, RESERVED1, SET_FEATURE, RESERVED2)
+       (SET_ADDRESS, GET_DESCRIPTOR, SET_DESCRIPTOR, GET_CONFIGURATION)
+       (SET_CONFIGURATION, GET_INTERFACE, SET_INTERFACE)
+       (SYNCH_FRAME,TOTAL_REQUEST): New for USB control transfer.
+       (enum CONTROL_STATE): New for state machine of control pipe.
+       (enum FEATURE_SELECTOR): New.
+       (struct DATA_INFO, struct CONTROL_INFO, struct DEVICE_INFO): New.
+       (ctrl_p, dev_p, data_p, Control_Info, Device_Info, Data_Info):
+       New.
+       (usb_lld_stall_tx, usb_lld_stall_rx)
+       (usb_lld_tx_data_len, usb_lld_txcpy, usb_lld_tx_enable)
+       (usb_lld_write, usb_lld_rx_enable, usb_lld_rx_data_len)
+       (usb_lld_rxcpy): Move from usb_lld.h and not inline.
+       (usb_lld_reset, usb_lld_setup_endpoint)
+       (usb_lld_set_configuration, usb_lld_current_configuration)
+       (usb_lld_set_feature, usb_lld_set_data_to_send): New.
+       (usb_lld_to_pmabuf, usb_lld_from_pmabuf): Clean up.
+       (usb_lld_init): New implementation.
+       (st103_set_btable, st103_get_istr, st103_set_istr, st103_set_cntr)
+       (st103_set_daddr, st103_set_epreg, st103_get_epreg)
+       (st103_set_tx_addr, st103_get_tx_addr, st103_set_tx_count)
+       (st103_get_tx_count, st103_set_rx_addr, st103_get_rx_addr)
+       (st103_set_rx_buf_size, st103_get_rx_count, st103_ep_clear_ctr_rx)
+       (st103_ep_clear_ctr_tx, st103_ep_set_rxtx_status)
+       (st103_ep_set_rx_status, st103_ep_get_rx_status)
+       (st103_ep_set_tx_status, st103_ep_get_tx_status)
+       (st103_ep_clear_dtog_rx, st103_ep_clear_dtog_tx): New lower-level
+       functions for USB related registers access.
+       (usb_interrupt_handler, usb_handle_transfer)
+       (handle_datastage_out, handle_datastage_in, handle_setup0)
+       (handle_in0, handle_out0)
+       (std_none, std_get_status, std_clear_feature, std_set_feature,
+       std_set_address, std_get_descriptor, std_get_configuration,
+       std_set_configuration, std_get_interface, std_set_interface)
+       (std_request_handler): New USB stack implementation.
+
+       * src/usb_lld.h (usb_lld_stall_tx, usb_lld_stall_rx)
+       (usb_lld_tx_data_len, usb_lld_txcpy, usb_lld_tx_enable)
+       (usb_lld_write, usb_lld_rx_enable, usb_lld_rx_data_len)
+       (usb_lld_rxcpy): Those are not inline functions anymore.
+       (USB_DEVICE_DESCRIPTOR_TYPE, USB_CONFIGURATION_DESCRIPTOR_TYPE)
+       (USB_STRING_DESCRIPTOR_TYPE, USB_INTERFACE_DESCRIPTOR_TYPE)
+       (USB_ENDPOINT_DESCRIPTOR_TYPE, STANDARD_ENDPOINT_DESC_SIZE)
+       (ENDP0, ENDP1, ENDP2, ENDP3, ENDP4, ENDP5, ENDP6, ENDP7)
+       (EP_BULK, EP_CONTROL, EP_ISOCHRONOUS, EP_INTERRUPT)
+       (DEVICE_RECIPIENT, INTERFACE_RECIPIENT, ENDPOINT_RECIPIENT)
+       (ENDPOINT_RECIPIENT, OTHER_RECIPIENT)
+       (DEVICE_DESCRIPTOR, CONFIG_DESCRIPTOR, STRING_DESCRIPTOR)
+       (INTERFACE_DESCRIPTOR, ENDPOINT_DESCRIPTOR)
+       (REQUEST_TYPE, STANDARD_REQUEST, CLASS_REQUEST, VENDOR_REQUEST)
+       (USB_UNSUPPORT, USB_SUCCESS)
+       (USB_EVENT_RESET, USB_EVENT_ADDRESS, USB_EVENT_CONFIG)
+       (USB_EVENT_SUSPEND, USB_EVENT_WAKEUP, USB_EVENT_STALL)
+       (USB_SET_INTERFACE, USB_GET_INTERFACE, USB_QUERY_INTERFACE)
+       (UNCONNECTED, ATTACHED, POWERED, SUSPENDED, ADDRESSED)
+       (CONFIGURED, USB_Cable_Config): New.  Compatible to ST's
+       USB-FS-Device_Lib.
+       (struct Descriptor, struct usb_device_method)
+       (Device_Descriptor, Config_Descriptor, String_Descriptors)
+       (STM32_USB_IRQ_PRIORITY, bDeviceState, Device_Method)
+       (usb_lld_init, usb_lld_reset, usb_lld_setup_endpoint)
+       (usb_lld_set_configuration, usb_lld_current_configuration)
+       (usb_lld_set_feature, usb_lld_set_data_to_send): New API.
+
+       * src/usb_prop.c(#include): Only include usb_lld.h for USB.
+       (SetEPRxCount_allocated_size): Remove.
+       (struct line_coding, line_coding, Virtual_Com_Port_Data_Setup)
+       (Virtual_Com_Port_NoData_Setup): Add from usb-cdc-vport.c.
+       (gnuk_device_init, gnuk_device_reset, gnuk_setup_with_data)
+       (gnuk_setup_with_nodata): Follow the API change of USB stack.
+       (gnuk_setup_endpoints_for_interface, gnuk_get_descriptor)
+       (gnuk_usb_event, gnuk_interface): New.
+       (gnuk_device_SetConfiguration, gnuk_device_SetInterface)
+       (gnuk_device_SetDeviceAddress, gnuk_device_Status_In)
+       (gnuk_device_Status_Out, gnuk_device_GetDeviceDescriptor)
+       (gnuk_device_GetConfigDescriptor, gnuk_device_GetStringDescriptor)
+       (gnuk_device_Get_Interface_Setting, gnuk_clock_frequencies)
+       (gnuk_data_rates, msc_lun_info, Device_Table)
+       (User_Standard_Requests): Remove.
+       (Device_Method): Replace Device_Property.
+
+       * src/usb_msc.c (#include): Only include usb_lld.h for USB.
+
+       * src/usb_endp.c (#include): Only include usb_lld.h for USB.
+       (EP5_OUT_Callback): Follow the API change of USB stack.
+
+       * src/usb_desc.c (#include): Only include usb_lld.h for USB.
+       Add usb_conf.h.
+       (Device_Descriptor, Config_Descriptor): Follow the API change
+       of USB stack.
+       (String_Descriptors): New, rename from String_Descriptor.
+
+       * src/usb_conf.h (EP_NUM, BTABLE_ADDRESS, IMR_MSK): Remove.
+       (NUM_STRING_DESC): Add.
+
+       * src/usb-icc.c (#include): Only include usb_lld.h for USB.
+
+       * src/usb-cdc-vport.c, src/usb_prop.h: Remove.
+
+       * src/stmusb.mk, src/vcomport.mk: Remove.
+
+       * src/main.c (#include): Only include usb_lld.h for USB.
+       (main): Remove call to USB_Init.
+
+       * src/Makefile.in (include): Remove stmusb.mk, vcomport.mk.
+       (VCOMSRC) [ENABLE_VCOMPORT]: Add.
+       (INCDIR): Remove STMUSBINCDIR and VCOMDIR.
+
+       * boards/common/hw_config.c (Enter_LowPowerMode)
+       (Leave_LowPowerMode): Remove.
+
+2012-02-02  Niibe Yutaka  <gniibe@fsij.org>
+
+       * Version 0.17.
+
+       * src/usb_desc.c (gnukStringSerial): Updated.
+       (gnukConfigDescriptor): Short APDU only.
+
+       * tool/gnuk_put_binary.py (cmd_get_response): New.
+       (cmd_select_openpgp, cmd_get_data): Call cmd_get_response.
+
+2012-01-30  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/usb-icc.c (struct ccid): Add chained_cls_ins_p1_p2.
+       (end_cmd_apdu_head, icc_cmd_apdu_data, icc_handle_data): Add checking
+       CMD APDU head for command chaining.
+
+2012-01-20  Niibe Yutaka  <gniibe@fsij.org>
+
+       Short APDU only CCID driver.
+       * STM32_USB-FS-Device_Driver/src/usb_core.c (DataStageOut)
+       (DataStageIn): Use usb_lld_to_pmabuf and usb_lld_from_pmabuf.
+
+       * src/configure (CERTDO_SUPPORT): Comment fix.
+
+       * src/gnuk.h (struct adpu): expected_res_size has type uint16_t.
+       (MAX_CMD_APDU_DATA_SIZE, MAX_RES_APDU_DATA_SIZE): New.
+       (MAX_CMD_APDU_SIZE, MAX_RES_APDU_SIZE, USB_BUF_SIZE): Remove.
+       (icc_state_p): New.
+       (set_res_sw): Rename from set_res_apdu.
+
+       * src/call-rsa.c (rsa_decrypt): Use MAX_RES_APDU_DATA_SIZE.
+
+       * src/openpgp.c (set_res_sw): Rename from set_res_apdu.
+       * src/openpgp.h: Use set_res_sw.
+
+       * src/main.c: Handle icc_state_p.
+
+       * src/openpgp-do.c (historical_bytes): command chaining but short
+       APDU only.
+       (extended_capabilities): Change for short APDU only.
+
+       * src/usb-icc.c (USB_BUF_SIZE): Define here (was in gnuk.h).
+       (struct ep_in, epi_init, struct ep_out, epo_init, endpoint_out)
+       (endpoint_in, icc_state_p, struct ccid, APDU_STATE_WAIT_COMMAND)
+       (APDU_STATE_COMMAND_CHAINING, APDU_STATE_COMMAND_RECEIVED)
+       (APDU_STATE_RESULT, APDU_STATE_RESULT_GET_RESPONSE, ccid_reset)
+       (ccid_init, CMD_APDU_HEAD_SIZE, apdu_init, notify_tx, no_buf)
+       (set_sw1sw2, get_sw1sw2, notify_icc, end_icc_rx, end_abdata)
+       (end_cmd_apdu_head, end_nomore_data, end_cmd_apdu_data)
+       (nomore_data, INS_GET_RESPONSE, icc_cmd_apdu_data, icc_abdata)
+       (icc_send_data_block_0x9000, icc_send_data_block_gr, ccid): New.
+       (icc_data_size, icc_seq, icc_next_p, icc_chain_p, icc_tx_size)
+       (icc_thread, icc_state, gpg_thread, ICC_RESPONSE_MSG_DATA_SIZE):
+       Remove.
+       (EP1_IN_Callback): Rewrite using epi.
+       (EP2_OUT_Callback): Rewrite using epo.
+       (icc_prepare_receive): Rewrite using epo and struct ccid.
+       (ATR): Change ofr short APDU only.
+       (icc_error, icc_power_on, icc_send_status, icc_power_off)
+       (icc_send_data_block, icc_send_params, icc_handle_data)
+       (icc_handle_timeout, USBthread): Rewrite using struct ccid.
+
+       * src/usb_desc.c (gnukConfigDescriptor): dwFeatures: Short APDU
+       level, dwMaxCCIDMessageLength: 271.
+
+       * src/usb_lld.c (usb_lld_to_pmabuf, usb_lld_from_pmabuf): New.
+       * src/usb_lld.h (usb_lld_txcpy, void usb_lld_write) Use
+       usb_lld_to_pmabuf.
+       (usb_lld_rxcpy): Use usb_lld_from_pmabuf.
+
+       * src/stmusb.mk (usb_mem.c): Remove.
+
+       * gnuk_put_binary.py (cmd_select_openpgp): No response APDU data.
+       (cmd_verify, cmd_write_binary): Send short APDU.
+       (__main__): Remove RANDOM_NUMBER_BITS support.
+
+       Bug fix for CERTDO_SUPPORT.
+       * src/gnuk.ld.in: Add missing alignment for _data_pool (when no
+       CERTDO_SUPPORT).
+
+2012-01-19  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/usb-icc.c (icc_handle_data): Handle the case when it only
+       sends 0x90 and 0x00 correctly.
+
+       * src/openpgp-do.c (gpg_do_get_data): Fix res_apdu_data_len.
+
+2012-01-18  Niibe Yutaka  <gniibe@fsij.org>
+
+       Clean up API between application layer and CCID layer.
+       * tool/gnuk_put_binary.py, gnuk_put_binary_libusb.py: Don't append
+       0x9000 at the data, any more.
+       * src/usb-icc.c (icc_data_size, icc_buffer, icc_seq): Make them
+       internal.
+       (res_APDU_size, res_APDU_pointer): Removed.
+       (icc_handle_data, USBthread): Follow new API of struct apdu.
+       * src/call-rsa.c (rsa_sign, rsa_decrypt): Likewise.
+       * src/openpgp.c (CLS, INS, P1, P2): New.
+       (set_res_apdu, cmd_verify, cmd_change_password)
+       (cmd_reset_user_password, cmd_put_data, cmd_pgp_gakp)
+       (cmd_read_binary, cmd_select_file, cmd_pso)
+       (cmd_internal_authenticate, cmd_update_binary, cmd_write_binary)
+       (process_command_apdu, GPGthread): Follow new API of struct apdu.
+       * src/openpgp-do.c (gpg_do_get_data, gpg_do_public_key): Follow
+       new API of struct apdu.
+       * src/gnuk.h (struct apdu, apdu): New.
+       (cmd_APDU, icc_data_size, cmd_APDU_size, icc_buffer): Removed.
+       (res_APDU, res_APDU_size): Use members of struct apdu.
+
+2012-01-16  Niibe Yutaka  <gniibe@fsij.org>
+
+       Adopt new USB API.
+       * src/usb_msc.c (usb_start_transmit): Use usb_lld_write.
+       (EP6_IN_Callback): Use usb_lld_tx_data_len and usb_lld_write.
+       (usb_start_receive): Use usb_lld_rx_enable.
+       (EP7_OUT_Callback): Use usb_lld_rx_data_len, usb_lld_rxcpy
+       and usb_lld_rx_enable
+       (msc_handle_command): Use usb_lld_stall_rx and usb_lld_stall_tx.
+
+       * src/usb_lld.h (usb_lld_stall_tx, usb_lld_stall_rx)
+       (usb_lld_tx_data_len): New.
+
+       * src/main.c (STDOUTthread): Use usb_lld_write.
+
+       * src/usb-icc.c (EP1_IN_Callback, icc_error, icc_power_on)
+       (icc_send_status, icc_send_data_block, icc_send_params): Use
+       usb_lld_write (was: USB_SIL_Write).
+       (EP2_OUT_Callback): Use usb_lld_rx_data_len, usb_lld_rxcpy,
+       and usb_lld_rx_enable (was: USB_SIL_Read and SetEPRxValid).
+       (icc_prepare_receive): Use usb_lld_rx_enable.
+
+       * src/stmusb.mk (STMUSBSRC): Dont' include usb_sil.c.
+
+       * src/usb_lld.h (usb_lld_txcpy, usb_lld_tx_enable)
+       (usb_lld_write, usb_lld_rx_enable, usb_lld_rx_data_len)
+       (usb_lld_rxcpy): New.
+
+       * src/usb_prop.c (SetEPRxCount_allocated_size): Fix the
+       implementation.  (ST's SetEPRxCount is actually meant to
+       setup allocated size, which is confusing).
+       (gnuk_device_init): Don't call USB_SIL_Init.
+
+2012-01-10  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/openpgp.c (GPGthread): Allow INS_RESET_RETRY_COUNTER and
+       INS_PUT_DATA for pinentry targets.
+
+2012-01-05  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/openpgp.c (cmd_select_file): Check DF name.
+
+       * tool/pinpadtest.py: Rename from pinpad-test.py.
+
+2011-12-28  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/usb_prop.c (SetEPRxCount_allocated_size): New.
+       (gnuk_device_reset): Use SetEPRxCount_allocated_size.
+       * src/usb_msc.c (usb_start_receive): Don't set RxCount register
+       here.
+       * STM32_USB-FS-Device_Driver/src/usb_core.c (Standard_ClearFeature)
+       (Post0_Process): Don't need to set RxCount register.
+
+       * src/usb_prop.c (msc_lun_info) [PINPAD_DND_SUPPORT]: ifdef-out.
+
+       * src/usb-icc.c (EP2_OUT_Callback): Fix apdu size == 49 bug,
+       we don't assume host sends ZLP (But accepts ZLP, just in case).
+
+2011-12-22  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/openpgp-do.c (extended_capabilities) [CERTDO_SUPPORT]:
+       conditionalize.
+
+2011-12-21  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/openpgp-do.c (gpg_do_get_data) [CERTDO_SUPPORT]: ifdef out.
+
+       * src/gnuk.ld.in (.gnuk_ch_certificate): Only valid
+       when --enable-certdo.
+
+       * src/flash.c (flash_check_blank) [CERTDO_SUPPORT]: ifdef out.
+       (flash_erase_binary) [CERTDO_SUPPORT]: Likewise.
+       (flash_write_binary) [CERTDO_SUPPORT]: Likewise.
+
+       * src/configure (certdo): New.
+       (--enable-certdo, --disable-certdo): New options.
+       Remove cheking for /dev/random.
+
+       * src/config.h.in (@CERTDO_DEFINE@): New.
+
+2011-12-20  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/usb_msc.c (msc_handle_command): SCSI_START_STOP_UNIT command
+       with stop/eject/close means cancelling pinentry.
+
+       * src/pin-dnd.c (pinpad_finish_entry, parse_directory_sector):
+       Implement "cancel".
+       (pinpad_getline): Likewise.
+       (msc_scsi_stop): New.
+
+2011-12-16  Niibe Yutaka  <gniibe@fsij.org>
+
+       * tool/gnuk_put_binary_libusb.py (gnuk_token.cmd_select_openpgp):
+       Fix apdu parameter.
+
+       * tool/gnuk_put_binary.py (GnukToken.cmd_select_openpgp): Ditto.
+
+       * tool/pinpad-test.py: New.
+
+2011-12-14  Niibe Yutaka  <gniibe@fsij.org>
+
+       * Version 0.16.
+
+       * src/usb_desc.c (gnukStringSerial): Updated.
+
+       * boards/STM8S_DISCOVERY/board.h, board.c: Fix for PINPAD_SUPPORT.
+       * boards/STBEE_MINI/board.h, board.c: Likewise.
+       * boards/STBEE/board.h, board.c: Likewise.
+       * boards/FST_01/board.c: Likewise.
+
+2011-12-13  Niibe Yutaka  <gniibe@fsij.org>
+
+       Add pinpad DND support.
+       * src/Makefile.in (CSRC) [ENABLE_PINPAD]: Add usb_msc.c.
+       * src/configure (pinpad): Add dnd support.
+       * src/gnuk.h [PINPAD_DND_SUPPORT]: Add declarations.
+       * src/main.c (STDOUTthread): Add PUSH packet.
+       (main) [PINPAD_DND_SUPPORT]: Call msc_init.
+       * src/usb_conf.h (EP_NUM): Add the case of PINPAD_DND_SUPPORT.
+       (ENDP6_TXADDR, ENDP7_RXADDR): New.
+       (ENDP4_TXADDR, ENDP5_RXADDR): Changed for smaller buffer.
+       * src/usb_desc.c (gnukConfigDescriptor): Add Mass storage device.
+       * src/usb_msc.c, src/usb_msc.h, src/pin-dnd.c: New.
+       * src/usb_prop.c: Include "usb_msc.h".
+       (gnuk_device_reset): Add initialization of ENDP6 and ENDP7.
+       (gnuk_device_SetInterface): Add initialization of ENDP6 and ENDP7.
+       (NUM_INTERFACES): Handle cases for PINPAD_DND_SUPPORT.
+       (msc_lun_info): New.
+       (gnuk_setup_with_data, gnuk_setup_with_nodata): Handle standard
+       request for Mass storage device.
+       * Virtual_COM_Port/usb_desc.h (VIRTUAL_COM_PORT_DATA_SIZE): Since
+       there isn't enough hardware buffer, smaller value (was: 64).
+
+       * src/ac.c (verify_user_0): Add access argument.
+       (verify_pso_cds, verify_other, verify_admin_0): Follow the change.
+       * src/openpgp.c (cmd_change_password): Likewise.
+
+2011-12-08  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/usb-icc.c: Not include "usb_desc.h".
+
+       * src/usb_endp.c (EP5_OUT_Callback): Fix minor bug.
+
+2011-12-07  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/usb_desc.c (gnukDeviceDescriptor): Changed bcdUSB = 1.1.
+       Gnuk device conforms to USB 2.0 full speed device, but when it was
+       2.0, some OS informs users, "you can connect the device to 2.0
+       compliant hub so that it can have better bandwidth", which is not
+       the case for full speed device.
+
+       * src/openpgp.c (GPGthread): Handle bConfirmPIN parameter.
+
+       * src/usb-icc.c (icc_handle_data): Pass PC_to_RDR_Secure
+       information to gpg_thread using memory of cmd_APDU.
+
+2011-12-01  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/gnuk.h (EV_PINPAD_INPUT_DONE, EV_NOP, EV_CMD_AVAILABLE)
+       (EV_VERIFY_CMD_AVAILABLE, EV_MODIFY_CMD_AVAILABLE): New.
+       * src/usb-icc.c (icc_power_off, icc_handle_data): Use EV_NOP,
+       EV_CMD_AVAILABLE, EV_VERIFY_CMD_AVAILABLE, and EV_MODIFY_CMD_AVAILABLE.
+       * src/pin-cir.c (cir_timer_interrupt): Use EV_PINPAD_INPUT_DONE.
+       * src/pin-dial.c (dial_sw_interrupt, pinpad_getline): Ditto.
+       (EV_SW_PUSH): Remove.
+
+       * src/openpgp.h (GPG_FUNCTION_NOT_SUPPORTED): New.
+       (GPG_CONDITION_NOT_SATISFIED): New.
+       * src/openpgp.c (cmd_change_password): Use GPG_FUNCTION_NOT_SUPPORTED.
+
+       * src/openpgp.c (cmd_verify, cmd_change_password)
+       (cmd_reset_user_password, cmd_put_data): Remove pinpad handling...
+       (GPGthread): ... and implement pinpad handling here.
+
+2011-11-29  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/openpgp.c (cmd_put_data) [PINPAD_SUPPORT]: Support pinpad
+       input (for reset code).
+
+2011-11-24  Niibe Yutaka  <gniibe@fsij.org>
+
+       * Version 0.15.
+       * src/usb_desc.c (gnukStringSerial): Updated.
+
+2011-11-22  Niibe Yutaka  <gniibe@fsij.org>
+
+       * tool/dfuse.py (DFU_STM32.download, DFU_STM32.verify): Support
+       unaligned write and hole.
+
+2011-11-14  Niibe Yutaka  <gniibe@fsij.org>
+
+       * boards/FST_01/{mcuconf.h,board.h,board.c}: New.
+
+2011-11-01  Niibe Yutaka  <gniibe@fsij.org>
+
+       * src/pin-dial.c (pinpad_getline): New.
+       (pin_main): Remove.
+
+       * boards/STBEE_MINI/board.h (TIMx): Define.
+       boards/STBEE/board.h (TIMx): Ditto.
+       boards/STM8S_DISCOVERY/board.h: Ditto.
+
+       * src/pin-cir.c (pinpad_getline): New.
+       (cir_timer_interrupt, cir_ext_interrupt): Use TIMx.
+       (cir_key_is_backspace, cir_key_is_enter, pin_main, pindisp):
+       Remove.
+       (cir_codetable_dell_mr425, cir_codetable_aquos)
+       (cir_codetable_regza, cir_codetable_bravia, ch_is_backspace)
+       (ch_is_enter, find_char_codetable, hex, cir_getchar): New.
+       (cir_timer_interrupt): Don't filter out ADDRESS.
+
+       * src/openpgp.c (get_pinpad_input): Don't invoke thread,
+       but just call pinpad_getline.
+
+       * src/main.c (display_interaction, display_fatal_code)
+       (display_status_code, led_blink): New.
+       (main): Call display_* routine.
+       (fatal): Notify main thread.
+       * src/usb_prop.c (gnuk_device_SetConfiguration): Notify main
+       thread.
+
+       * src/pin-cir.c (pindisp): Remove.
+
+       * boards/FST_01_00: New (for 8MHz FST-01).
+
+       * src/ac.c (calc_md): Fix comparison.
+
+       * src/call-rsa.c (RSA_SIGNATURE_LENGTH): Use KEY_CONTENT_LEN.
+       (rsa_sign, rsa_decrypt): Likewise.
+       (modulus_calc): Don't assume it's 2048-bit.
+
+       * src/ac.c (verify_user_0): Fix for non-initialized PW1.
+
+       * src/Makefile.in (MCFLAGS): Override MCFLAGS option for newer
+       GCC of summon-arm-toolchain to add -mfix-cortex-m3-ldrd.
+       NOTE: This should not be needed (as -mcpu=cortex-m3 defaults
+       to -mfix-cortex-m3-ldrd for GCC-proper), but it is needed
+       to select arm-none-eabi/lib/thumb2/libc.a correctly.
+
+2011-10-14  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/gnuk.ld.in (__main_stack_size__): It's 1KB (was 512 byte).
+
+2011-10-07  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * Version 0.14.
+       * src/usb_desc.c (gnukStringSerial): Updated.
+
+       * src/random.c (random_init): Call neug_prng_reseed.
+
+2011-10-06  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/Makefile.in (random_bits): Remove.
+
+       * src/openpgp.c (GPGthread): Remove unused event message.
+
+       * src/main.c (main): Call random_init.
+
+       * src/gnuk.ld.in (__process_stack_size__): Fix.
+       (.gnuk_random): Removed.
+
+       * src/flash.c (flash_erase_binary, flash_write_binary): Remove
+       support of random_byte in flash ROM.
+
+       * src/neug.c (adccb): Use old API (was: chEvtSignalFlagsI).
+       (adccb_err): Remove.
+       (rng_gen, rng): Add the last argument adccb for adcStartConversion:
+       This is old API of ADC driver.
+       (adcgrpcfg): Remove callbacks, add CONT and SWSTART: This is old
+       API of ADC driver.
+       (adccb): Remove the first argument: This is old API of ADC driver.
+       (neug_wait_full): New.
+
+       * ChibiOS_2.0.8/os/hal/platforms/STM32/adc_lld.h (ADC_SAMPLE_1P5):
+       Add (from new API).
+
+       * src/random.c (random_init): New.
+       (random_bytes_get, random_bytes_free, get_salt): Use NeuG.
+
+       * src/Makefile.in (CSRC): Add neug.c.
+
+       * src/neug.c: New.  Verbatim copy of NeuG/src/random.c.
+
+       * boards/common/mcuconf-common.h (USE_STM32_ADC1): TRUE for NewG RNG.
+       * src/chconf.h (CH_USE_SEMAPHORES): TRUE as ADC driver requires it.
+       * src/halconf.h (CH_HAL_USE_ADC); TRUE for NewG RNG.
+
+2011-07-22  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * boards/OLIMEX_STM32_H103/board.h (BOARD_NAME): Fixed.
+
+       * boards/STBEE_MINI/mcuconf.h: Added missing include of
+       mcuconf-common.h.
+
+2011-07-04  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * ChibiOS_2.0.8/os/ports/GCC/ARMCMx/chcore_v7m.c
+       (_port_irq_epilogue, _port_switch_from_isr): Apply a patch of 2.2.6.
+
+       * ChibiOS_2.0.8/os/hal/platforms/STM32/adc_lld.h: Apply a patch of
+       ADC from the branch of ChibiOS_2.0.X.
+
+2011-06-15  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * Version 0.13.
+       * src/usb_desc.c (gnukStringSerial): Updated.
+
+2011-06-08  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * polarssl-0.14.0/include/polarssl/bn_mul.h [__arm__]
+       (MULADDC_1024_CORE, MULADDC_1024_LOOP): New.
+       * polarssl-0.14.0/library/bignum.c (mpi_mul_hlp): Use
+       MULADDC_1024_LOOP.
+
+2011-05-31  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * polarssl-0.14.0/include/polarssl/bn_mul.h [__arm__]
+       (MULADDC_HUIT, MULADDC_INIT, MULADDC_CORE, MULADDC_STOP): Tweak.
+
+2011-05-27  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * tool/gnuk_put_binary.py (main): Confirm Serial ID is written
+       correctly.
+
+       * src/openpgp.c (cmd_write_binary): Fix FILE_EF_SERIAL comparison.
+
+       * src/gnuk.ld.in (.gnuk_random, .gnuk_ch_certificate): Put LONG to
+       have CONTENTS.
+
+       * polarssl-0.14.0/include/polarssl/bn_mul.h [__arm__]
+       (MULADDC_HUIT): New.
+
+2011-05-26  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * polarssl-0.14.0/include/polarssl/bn_mul.h [__arm__]
+       (MULADDC_INIT): Add ADDS instruction to clear of carry flag.
+       (MULADDC_CORE): Tune to 6 instructions and less registers.
+       (MULADDC_STOP): Add ADC instruction to save carry flag.
+
+2011-05-25  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * tool/hub_ctrl.py: New.  Port of original C implementation.
+
+2011-05-16  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/main.c (main): Call flash_unlock at the beginning.
+       (device_initialize_once): Don't call flash_unlock here.
+       * src/flash.c (flash_init): Likewise.
+
+       * src/openpgp.c (cmd_select_file): Don't use write_res_apdu.
+       (set_res_apdu): Rename from write_res_apdu.  Just SW1 and SW2.
+
+2011-05-13  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * Version 0.12.
+
+2011-05-12  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/openpgp.c (cmd_pso, cmd_internal_authenticate)
+       (cmd_update_binary, cmd_write_binary): Don't check pw locked.
+
+       * tool/dfuse.py (DFU_STM32.verify): Add missing colon.
+       * tool/dfuse.py (get_device): Restrict to STMicro DfuSe.
+
+       * tool/gnuk_put_binary.py (main): Add -p option to enter password.
+
+       * src/ac.c (verify_user_0): New.
+       (verify_pso_cds, verify_admin_0): Use verify_user_0.
+       * src/openpgp.c (cmd_change_password): Use verify_user_0.
+
+       * src/random.c (get_salt): Rename from get_random.
+       (random_bytes_get, random_bytes_free): It's 16-byte.
+
+       * src/ac.c (verify_admin_0): Use PW_ERR_PW1 counter when
+       authenticated by PW1.
+
+2011-05-11  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/ac.c (verify_pso_cds, verify_other): Fail (with no counter
+       update) if key is not registered yet.
+       (verify_admin_0): Compare to OPENPGP_CARD_INITIAL_PW3 when empty
+       PW3 and non-empty PW1 but signing key is not registered yet.
+
+       * tool/gnuk_put_binary.py: New implementation by pyscard.
+
+       * src/main.c (device_initialize_once): New.
+       * src/usb_prop.c (gnukStringSerial): Move to...
+       * src/usb_desc.c (gnukStringSerial): here.  Bump version to 0.12.
+       Fill by 0xff.
+       * src/usb_prop.c (gnuk_device_init)
+       (gnuk_device_GetStringDescriptor): Don't use RAM for
+       gnukStringSerial, use ROM like other string descriptor.
+       * src/usb_desc.c (String_Descriptor): Add gnukStringSerial.
+
+       * src/openpgp-do.c (gpg_get_pw1_lifetime): Make static.
+       (gpg_do_load_prvkey, gpg_do_write_prvkey): Use kdi.
+       (gpg_increment_digital_signature_counter): Call gpg_get_pw1_lifetime.
+       * src/openpgp.c (cmd_pso): Follow the change.
+       * src/flash.c (keystore_pool): Remove.  Use &_keystore_pool.
+       * src/ac.c (auth_status): Don't assign 0 as it's automatically
+       cleared.
+
+2011-05-10  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/openpgp-do.c (gpg_pw_locked): Rename from gpg_passwd_locked.
+       (gpg_pw_get_err_counter): Rename from gpg_get_pw_err_counter.
+       (gpg_pw_reset_err_counter): Rename from gpg_reset_pw_err_counter.
+       (gpg_pw_increment_err_counter): Rename from gpg_increment_err_counter.
+       * src/ac.c, src/openpgp.c, src/gnuk.h: Follow the change.
+
+       Bug fixes.
+       * src/openpgp.c (cmd_reset_user_password, cmd_change_password)
+       * src/openpgp-do.c (proc_resetting_code): Fix check of return value.
+       * src/ac.c (ac_fini): Clear keystring_md_pw3.
+
+       Prevent observation of PW3 is emptiness by PW3's error counter.
+       Support verify_admin by PW1 when PW3 is empty.
+       * src/ac.c (admin_authorized): New.
+       (verify_admin_0): Set admin_authorized.
+       * src/openpgp-do.c (proc_resetting_code): Use admin_authorized.
+       (gpg_do_write_prvkey): Clear dek_encrypted_3 when keystring_admin
+       is NULL.
+       (proc_key_import): Checking admin_authorized, set keystring_admin.
+       * src/openpgp.c (cmd_reset_user_password): Use admin_authorized.
+
+2011-04-18  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * gnuk.svg: Updated.
+
+2011-04-15  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * Version 0.11.
+
+       * src/usb_prop.c (gnukStringSerial): Updated.
+
+2011-04-11  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * tool/dfuse.py (DFU_STM32.verify): support data size of non-1-KiB.
+
+2011-02-24  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/usb_prop.c (gnuk_device_SetInterface): Fix argument to
+       ClearDTOG_TX.
+
+2011-02-10  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * Version 0.10.
+
+       * src/configure, src/Makefile.in (BOARD_DIR): New.
+
+       * boards/CQ_STARM/board.mk, boards/OLIMEX_STM32_H103/board.mk:
+       Removed.
+       * boards/STBEE/board.mk, boards/STBEE_MINI/board.mk: Removed.
+       * boards/STM32_PRIMER2/board.mk, boards/STM8S_DISCOVERY/board.mk:
+       Removed.
+
+       * src/Makefile.in (OUTFILES): Don't include random_bits.
+
+2011-02-09  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/usb_prop.c (gnukStringSerial): Updated.
+
+       * tool/gnuk_put_binary.py (gnuk_token.__del__): Removed.
+       Releasing the interface is done in PyUSB.
+
+       * tool/dfuse.py (DFU_STM32.__del__): Removed.
+
+       * src/openpgp.c (cmd_write_binary): Support random bits and card
+       holder certificate as well.
+
+       * src/openpgp-do.c (do_openpgpcard_aid): Add volatile to prevent
+       compiler optimization to access AID.
+
+2011-02-08  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * tool/gnuk_put_binary.py: Renamed (was: gnuk_update_binary.py).
+       (gnuk_token.cmd_write_binary): New.
+       (main): Support writing serial number.
+
+       * GNUK_SERIAL_NUMBER: Renamed (was: FSIJ_SERIAL_NUMBER).
+
+       * src/config.h.in (@SERIAL_DEFINE@): Removed.
+
+       * src/gnuk.h (FILEID_SERIAL_NO): New.
+
+       * src/openpgp.c (INS_WRITE_BINARY, cmd_write_binary): New.
+
+       * src/configure: Remove --with-fixed-serial support.
+
+       * src/openpgp-do.c (do_openpgpcard_aid): Remove support of
+       SERIAL_NUMBER_IN_AID.
+
+       * src/flash.c (flash_write_binary): Support FILEID_SERIAL_NO.
+
+2011-02-04  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * tool/gnuk_update_binary.py: Support updating random bits.
+
+       * src/random.c (random_bits_start): Renamed.
+       (random_bytes_get): Check initial erased state.
+
+       * src/Makefile.in (random-data.o): Removed.
+
+       * src/gnuk.ld.in (.gnuk_random): Don't have .gnuk_random any more.
+
+       * src/flash.c (flash_erase_binary): Support FILEID_RANDOM.
+       (flash_write_binary): Ditto.
+
+       * src/openpgp.c (cmd_reset_user_password): Fix PINPAD_SUPPORT case
+       with reset code.
+
+2011-02-01  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * Version 0.9.
+
+       * src/openpgp-do.c (extended_capabilities): Change value for card
+       holder certificate.
+
+       * src/usb_prop.c (gnuk_device_SetInterface): New.
+
+2011-01-29  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/usb_prop.c (gnuk_device_Get_Interface_Setting): Handle the
+       case where we have multiple interfaces.
+
+2011-01-28  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * tool/gnuk_update_binary.py: New.
+
+       * src/openpgp-do.c (gpg_do_get_data): Fix length adding two for
+       status word at the end and adding four for the tag and the length.
+
+       * src/usb-icc.c (icc_handle_data): Fix decrementing res_APDU_size.
+       (icc_power_off): Status should be the one *after* power off.
+
+       * src/openpgp.c (cmd_update_binary): Fix return code.
+
+2011-01-27  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/usb-icc.c (res_APDU_pointer): New.
+       (icc_handle_data, USBthread): Handle res_APDU_pointer.
+
+       * src/openpgp.h (GPG_COMMAND_NOT_ALLOWED): New.
+
+       * src/openpgp.c (INS_UPDATE_BINARY, FILE_EF_CH_CERTIFICATE)
+       (FILE_EF_RANDOM, cmd_update_binary): New.
+       (process_command_apdu): Initialize res_APDU_pointer.
+
+       * src/openpgp-do.c (gpg_do_get_data): Handle GPG_DO_CH_CERTIFICATE.
+
+       * src/gnuk.ld.in (.gnuk_ch_certificate): New.
+
+       * src/flash.c (flash_check_blank, flash_erase_binary)
+       (flash_write_binary): New.
+
+       * src/openpgp-do.c (gpg_do_table): Exclude GPG_DO_CH_CERTIFICATE.
+
+       * src/openpgp.c (cmd_reset_user_password): Add PINPAD_SUPPORT.
+
+       * src/gnuk.ld.in: Fix alignment and filling.
+
+2011-01-26  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * boards/STBEE/mcuconf.h: New.
+       * boards/STBEE/board.mk: New.
+       * boards/STBEE/board.h: New.
+       * boards/STBEE/board.c: New.
+
+       * tool/dfuse.py (DFU_STM32.verify): Add double ll_clear_status.
+
+       * src/configure (target): Add STBEE.
+
+2011-01-25  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/openpgp.c (cmd_pso): Support DigestInfo by MD5 (for opensc).
+
+2011-01-22  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/openpgp.c (cmd_pgp_gakp): Handle case of non-extended Lc.
+       (cmd_select_file): Return DF name when FCI is requested.
+
+       * src/openpgp-do.c (copy_do): Don't add tag if not requested.
+
+       * src/gnuk.h (memmove): Add declaration.
+
+2011-01-21  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/openpgp-do.c (copy_do): Fix off-by-one error.
+
+       * src/openpgp.c (get_pinpad_input): Ifdef-out PINPAD_SUPPORT.
+
+2011-01-19  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * Version 0.8.
+
+       * src/pin-cir.c (pin_main): Fix typo, call cir_ext_disable.
+
+       * src/usb_prop.c (gnukStringSerial): Updated.
+
+       * src/pin-dial.c: New.
+
+       * boards/STBEE_MINI/board.c (hwinit1): Add PINPAD_DIAL_SUPPORT.
+       (dial_sw_disable, dial_sw_enable, EXTI2_IRQHandler): New.
+
+       * src/gnuk.h: Add PINPAD_DIAL_SUPPORT.
+
+       * src/usb-icc.c (icc_handle_data): Handle PIN modification.
+
+       * src/usb_desc.c (gnukConfigDescriptor): bPinSupport = 3 when
+       PINPAD_DIAL_SUPPORT is enabled.
+
+2011-01-18  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/pin-cir.c (pin_main): Call cir_ext_disable at the end.
+
+2011-01-17  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/gnuk.h (PIN_INPUT_CURRENT, PIN_INPUT_NEW)
+       (PIN_INPUT_CONFIRM): New.
+
+       * src/pin-cir.c (pin_main): New argument MSG_CODE.
+
+       * src/openpgp.c (get_pinpad_input): New.
+       (cmd_verify): Use get_pinpad_input.
+       (cmd_change_password): Added PINPAD_SUPPORT.
+
+       * src/openpgp.c (cmd_nop): Removed.
+
+       * src/config.h.in: ifdef-out (not for ASSEMBLER).
+
+2011-01-15  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * Version 0.7.
+
+       * src/usb-icc.c (icc_handle_data): Bug fix: add break for case
+       ICC_STATE_SEND.
+
+2011-01-14  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * Version 0.6.
+
+       * src/usb_prop.c (gnukStringSerial): Include version number (again).
+
+       * boards/STM8S_DISCOVERY/board.c (hwinit1): Initialize TIM3 and
+       remap TIM3.
+       (cir_ext_disable, cir_ext_enable, EXTI9_5_IRQHandler)
+       (TIM3_IRQHandler): New.
+
+       * boards/STBEE_MINI/board.h (HAVE_7SEGLED): New.
+
+       * boards/STM8S_DISCOVERY/board.h: Include "config.h".
+       (VAL_GPIOBODR): PB0 (TIM3_CH3) is pull-down for PINPAD_SUPPORT.
+
+       * src/pin-cir.c (pindisp): Handle the board with no 7 segment
+       display.
+
+2011-01-11  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/openpgp-do.c (do_openpgpcard_aid): Fix length of res_p;
+
+2011-01-08  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/usb-icc.c (icc_handle_data): Handle the case of
+       ICC_STATE_SEND (back again to the implementation of v0.4).
+       (USBthread): Don't send back larger block (for libccid 1.3.11).
+
+2011-01-07  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/openpgp.c (cmd_read_binary): Call gpg_do_get_data for AID.
+
+       * src/openpgp-do.c (gpg_do_get_data): Added new argument WITH_TAG.
+
+       * src/usb_prop.c (gnuk_device_init)
+       (gnuk_device_GetStringDescriptor): gnukStringSerial with unique
+       chip ID.
+
+       * src/openpgp-do.c (do_openpgpcard_aid): New.
+       (openpgpcard_aid): Removed.
+
+       * boards/common/hw_config.c (unique_device_id): New.
+
+2011-01-06  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/config.h.in (PINPAD_MORE_DEFINE): Added.
+
+       * src/configure: Requiring bash (for variable substitution), added
+       PINPAD.
+
+       * src/Makefile.in: Support PINPAD.
+
+       * src/pin-cir.c (cir_timer_interrupt): Support Sharp protocol.
+
+2011-01-04  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/chconf.h (CH_USE_DYNAMIC): It's TRUE now.
+
+       * src/usb_desc.c (gnukConfigDescriptor): Added PINPAD_SUPPORT.
+
+       * src/pin-cir.c (cir_timer_interrupt): Added CIR_PERIOD_INHIBIT_CHATTER.
+
+2010-12-29  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/pin-cir.c (cir_timer_interrupt): Support Philips RC-5 protocol.
+
+2010-12-28  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/pin-cir.c (cir_timer_interrupt): Support Philips RC-6 protocol.
+
+2010-12-27  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/pin-cir.c (cir_timer_interrupt): Support Sony protocol.
+
+2010-12-24  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/pin-cir.c: New file.
+
+2010-12-20  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/openpgp.c (GPGthread): Added PINPAD_SUPPORT.
+       * boards/STBEE_MINI/mcuconf.h: Simplified.
+       * boards/STBEE_MINI/board.h: Include config.h.
+       (PINPAD_SUPPORT): Added.
+       * boards/STBEE_MINI/board.c (hwinit1): Added PINPAD_SUPPORT.
+
+2010-12-15  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/configure (FLASH_SIZE): Without 'k'.
+       * src/gnuk.ld.in (MEMORY): Append "k" here.
+       (.gnuk_flash): End point should be aligned too.
+
+       * src/config.h.in (@PINPAD_DEFINE@): New.
+       * src/Makefile.in (@PINPAD_MAKE_OPTION@): New.
+       * src/configure (PINPAD_MAKE_OPTION, PINPAD_DEFINE): New.
+
+2010-12-14  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/configure (FLASH_PAGE_SIZE): Always set.
+
+2010-12-13  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * Version 0.5.
+
+       * src/usb_desc.c (gnukStringSerial): Updated.
+
+2010-12-10  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/usb-cdc-vport.c (Virtual_Com_Port_Data_Setup)
+       (Virtual_Com_Port_NoData_Setup): No check for class&interface
+       request.
+
+       * src/usb-icc.c (ATR): Fixed.
+
+       * src/usb_desc.c (/* ICC Descriptor*/): bcdCCID = 1.1.
+       dwDefaultClock = dwMaximumClock = 3571.
+       dwFeatures 0x00040842.
+
+       * src/usb_prop.c (gnuk_clock_frequencies, gnuk_data_rates): New.
+       (gnuk_nothing_todo): Removed.
+       (gnuk_setup_with_data, gnuk_setup_with_nodata): New.
+       (Device_Property): Changed to call gnuk_setup_with_data and
+       gnuk_setup_with_nodata.
+
+2010-12-09  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/usb-icc.c (icc_power_off): Set icc_data_size = 0 to specify
+       no command APDU.  Signal GPGThread.
+       (icc_handle_data, USBthread): Don't signal main thread any more.
+
+       * src/openpgp.c (GPGthread): Only process the command APDU, if any.
+
+       * src/openpgp-do.c (do_tag_to_nr): Don't call fatal.
+       * src/main.c (fatal_code): New.
+       (main): Implemented 1-bit LED status display.
+       (fatal): Added argument CODE.
+       * src/flash.c (flash_data_pool_allocate): Supply argument FATAL_FLASH.
+       * src/random.c (random_bytes_get): Supply argument FATAL_RANDOM.
+       * src/ac.c (auth_status): Added volatile, and remove static.
+
+2010-12-08  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/gnuk.h (AC_OTHER_AUTHORIZED): Renamed (was:
+       AC_PSO_OTHER_AUTHORIZED).
+       * src/ac.c (ac_reset_other): Renamed (was: ac_reset_pso_other).
+       (verify_other): Renamed (was: verify_pso_other).
+       (ac_reset_admin): New.
+       * src/openpgp.c (cmd_change_password): Call ac_reset_admin.
+
+       * src/main.c (main): Don't create GPGThread here.
+       * src/usb-icc.c (icc_power_on): But create here, when requested.
+       (icc_power_off): Terminate GPGThread.
+       * src/openpgp.c (gpg_init, gpg_fini): New.
+       (GPGthread): Check chThdShouldTerminate.  Call gpg_init and gpg_fini.
+
+2010-12-07  NIIBE Yutaka  <gniibe@fsij.org>
+
+       USB CCID/ICC implementation changes.
+       * src/usb_desc.c (dwMaxCCIDMessageLength): Updated.
+       * src/usb-icc.c (EV_TX_FINISHED): New.
+       (icc_rcv_data, icc_tx_data): Removed.
+       (icc_buffer, icc_seq): New.
+       (icc_next_p, icc_chain_p): New.
+       (icc_tx_ready): Removed.
+       (EP1_IN_Callback): Handle multiple transactions.
+       (icc_prepare_receive): New.
+       (EP2_OUT_Callback): Handle multiple transactions.
+       (icc_error, icc_send_status): Handle the case of receive in chain.
+       (icc_power_on, icc_send_params): Specify it's a single transaction.
+       (icc_send_data_block_filling_header): New.
+       (icc_send_data_block): Simplify.
+       (icc_handle_data): Removed the case of ICC_STATE_SEND.
+       Handle buffer of multiple transactions.
+       (USBthread): Don't use sending in chain.
+       * src/gnuk.h (USB_LL_BUF_SIZE): New.
+       (USB_BUF_SIZE): Now, it's larger value.
+       * src/configure: Echo for --enable-debug.
+       * src/call-rsa.c (rsa_sign): Use temp[] buffer as rsa_pkcs1_sign
+       writes OUTPUT in early stage.
+
+2010-12-04  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/flash.c (flash_keystore_release): Reset keystore storage.
+
+2010-12-03  NIIBE Yutaka  <gniibe@fsij.org>
+
+       Keystore management changes.
+       * src/flash.c (flash_key_alloc): Check FLASH_KEYSTORE_SIZE.
+       (flash_key_release): Removed.
+       (flash_keystore_release): New function.
+       * src/openpgp-do.c (gpg_do_write_prvkey): Make it static.
+       When there is a key already, return as error.
+       (proc_key_import): Call flash_keystore_release when all keys removed.
+       * src/gnuk.ld.in (_keystore_pool): Size of keystore is now 1.5KB.
+
+2010-11-30  NIIBE Yutaka  <gniibe@fsij.org>
+
+       Flash ROM fixes for STM32F10X_HD.
+       * src/gnuk.ld.in (.gnuk_flash): Use FLASH_PAGE_SIZE.
+       * src/configure (FLASH_PAGE_SIZE): Defined for gnuk.ld.
+       * src/flash.c (FLASH_PAGE_SIZE): New define.
+       (FLASH_DATA_POOL_SIZE): Use FLASH_PAGE_SIZE.
+
+       Import changes of ChibiOS_2.0.8.
+       * ChibiOS_2.0.8/os/hal/include/pwm.h
+       * ChibiOS_2.0.8/os/hal/platforms/STM32/pwm_lld.c
+       * ChibiOS_2.0.8/os/hal/platforms/STM32/pwm_lld.h
+       * ChibiOS_2.0.8/os/hal/src/pwm.c
+       * ChibiOS_2.0.8/os/hal/templates/pwm_lld.c
+       * ChibiOS_2.0.8/os/hal/templates/pwm_lld.h
+       * ChibiOS_2.0.8/os/kernel/include/ch.h
+       * ChibiOS_2.0.8/os/kernel/src/chevents.c
+       * ChibiOS_2.0.8/os/kernel/src/chthreads.c
+       * ChibiOS_2.0.8/boards/OLIMEX_LPC_P2148/board.h
+       * ChibiOS_2.0.8/readme.txt
+       * ChibiOS_2.0.8/test/testdyn.c
+       * ChibiOS_2.0.8/docs/*/*: Updated.
+
+       New private key management.
+       * src/ac.c (ac_reset_pso_cds, ac_reset_pso_other): Call
+       gpg_do_clear_prvkey.
+       (verify_pso_other): load private keys here.
+       * src/openpgp-do.c (kd): Keydata for Signing, Decryption, and
+       Authentication.
+       (gpg_do_load_prvkey, gpg_do_write_prvkey): Use kd[].
+       (gpg_do_clear_prvkey): New function.
+       * src/openpgp.c (cmd_pso, cmd_internal_authenticate): Use new API
+       of rsa_sign and rsa_decrypt.
+       (cmd_pso): Fixed bug of checking return value of gpg_get_pw1_lifetime.
+       * src/call-rsa.c (rsa_sign): New argument KD.
+       (rsa_decrypt): Likewise.
+
+       Don't use malloc/free in C library.
+       * src/stdlib.h (malloc, free): Use chHeapAlloc and chHeapFree.
+
+2010-11-26  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * boards/STM8S_DISCOVERY/*: New.
+       * src/configure: STM8S_DISCOVERY only has 64KB flash memory.
+
+       * boards/STBEE_MINI/board.h (CPU_WITH_NO_GPIOE): New define.
+       * ChibiOS_2.0.6/os/hal/platforms/STM32/hal_lld.c: Use it.
+       * ChibiOS_2.0.6/os/hal/platforms/STM32/pal_lld.c: Likewise.
+       * ChibiOS_2.0.6/os/hal/platforms/STM32/pal_lld.h: Likewise.
+
+       * src/openpgp.c (cmd_pso): DigestInfo by SHA224/SHA384/SHA512 is
+       supported.
+
+2010-11-22  NIIBE Yutaka  <gniibe@fsij.org>
+
+       Import changes of ChibiOS_2.0.6.
+       * ChibiOS_2.0.6/demos/ARM7-AT91SAM7X-LWIP-GCC/chconf.h
+       * ChibiOS_2.0.6/os/hal/include/can.h
+       * ChibiOS_2.0.6/os/hal/platforms/AT91SAM7/hal_lld.c
+       * ChibiOS_2.0.6/os/hal/platforms/AT91SAM7/serial_lld.c
+       * ChibiOS_2.0.6/os/hal/platforms/LPC214x/serial_lld.c
+       * ChibiOS_2.0.6/os/hal/platforms/STM32/hal_lld_f103.h
+       * ChibiOS_2.0.6/os/hal/platforms/STM32/hal_lld_f105_f107.h
+       * ChibiOS_2.0.6/os/hal/platforms/STM32/pwm_lld.c
+       * ChibiOS_2.0.6/os/hal/platforms/STM32/serial_lld.h
+       * ChibiOS_2.0.6/os/hal/platforms/STM32/spi_lld.h
+       * ChibiOS_2.0.6/os/hal/src/adc.c
+       * ChibiOS_2.0.6/os/hal/src/spi.c
+       * ChibiOS_2.0.6/os/kernel/include/ch.h
+       * ChibiOS_2.0.6/os/kernel/include/chinline.h
+       * ChibiOS_2.0.6/os/kernel/include/chioch.h
+       * ChibiOS_2.0.6/os/kernel/include/chstreams.h
+       * ChibiOS_2.0.6/os/kernel/include/chthreads.h
+       * ChibiOS_2.0.6/os/kernel/src/chlists.c
+       * ChibiOS_2.0.6/os/kernel/src/chschd.c
+       * ChibiOS_2.0.6/os/kernel/src/chthreads.c
+       * ChibiOS_2.0.6/os/ports/GCC/ARM/rules.mk
+       * ChibiOS_2.0.6/os/ports/GCC/ARM7/chcore.h
+       * ChibiOS_2.0.6/os/ports/GCC/ARM7/port.dox
+       * ChibiOS_2.0.6/os/ports/GCC/ARMCMx/chcore_v6m.c
+       * ChibiOS_2.0.6/os/ports/GCC/ARMCMx/chcore_v6m.h
+       * ChibiOS_2.0.6/os/ports/GCC/ARMCMx/chcore_v7m.c
+       * ChibiOS_2.0.6/os/ports/GCC/ARMCMx/chcore_v7m.h
+       * ChibiOS_2.0.6/os/ports/GCC/ARMCMx/old/chcore_v7m.h
+       * ChibiOS_2.0.6/os/ports/GCC/AVR/chcore.h
+       * ChibiOS_2.0.6/os/ports/GCC/AVR/port.dox
+       * ChibiOS_2.0.6/os/ports/GCC/MSP430/chcore.c
+       * ChibiOS_2.0.6/os/ports/GCC/MSP430/chcore.h
+       * ChibiOS_2.0.6/os/ports/GCC/MSP430/port.dox
+       * ChibiOS_2.0.6/os/ports/GCC/PPC/chcore.h
+       * ChibiOS_2.0.6/os/ports/GCC/PPC/port.dox
+       * ChibiOS_2.0.6/os/ports/RC/STM8/port.dox
+       * ChibiOS_2.0.6/os/various/memstreams.h
+       * ChibiOS_2.0.6/readme.txt
+       * ChibiOS_2.0.6/docs/*/*: Updated
+
+2010-11-14  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/openpgp.c (cmd_pso): DigestInfo by SHA256 is supported.
+
+2010-11-12  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/usb_desc.c (gnukConfigDescriptor): Change dwFeatures.
+
+       * src/usb-icc.c (icc_send_params): Always return fixed result.
+       (icc_handle_data): Support ICC_GET_PARAMS.
+
+2010-11-10  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/usb_desc.c (gnukConfigDescriptor): Fix bmAttributes.
+
+2010-11-09  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * Version 0.4.
+
+       * src/usb_desc.c (gnukStringSerial): Updated.
+
+       * ChibiOS_2.0.2/os/hal/platforms/STM32/pal_lld.h (PALConfig):
+       STBee Mini uses STM32F103CBT6 which expose no GPIO E port.
+       * ChibiOS_2.0.2/os/hal/platforms/STM32/pal_lld.c (_pal_lld_init):
+       Likewise.
+
+2010-11-08  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * tool/dump_mem.py: New tool.
+
+       Implement GC for data pool in flash memory.
+       * src/openpgp-do.c (gpg_write_digital_signature_counter): New.
+       (gpg_increment_digital_signature_counter): Fix for GC.
+       (gpg_data_scan): Rename from gpg_do_table_init.
+       (gpg_data_copy): New function for copying GC.
+       * src/main.c (main): Call gpg_data_scan with the address which
+       flash_init returns.
+       * src/flash.c (flash_erase_page): New function.
+       (FLASH_DATA_POOL_SIZE): data_pool is 2KiB now.
+       (flash_data): Put a header (GC generation).
+       (flash_init): Implement choosing a data pool page.
+       (flash_data_pool): Removed.
+       (flash_copying_gc): New function.
+       (flash_data_pool_allocate): Call flash_copying_gc when full.
+       (flash_do_write_internal, flash_put_data_internal)
+       (flash_bool_write_internal, flash_cnt123_write_internal): New
+       * src/gnuk.ld.in (gnuk_flash): data_pool is 2KiB now.
+
+       Bug fixes.
+       * src/openpgp.c (cmd_change_password, cmd_reset_user_password):
+       Write to APDU correctly.
+       * src/flash.c (flash_warning): Make it public.
+       * src/openpgp-do.c (do_hist_bytes, do_fp_all, do_cafp_all)
+       (do_kgtime_all, do_ds_count): Fix return value.
+       (rw_pw_status): Correctly return value.
+       (proc_resetting_code): Change func proto. to return success/failure.
+       (proc_key_import): Ditto.
+       (gpg_do_put_data): Handle return values.
+       (gpg_do_write_simple): Don't write to APDU.
+
+2010-11-05  NIIBE Yutaka  <gniibe@fsij.org>
+
+       Bug fixes.
+       * src/openpgp.c (gpg_change_keystring): Handle
+       GPG_KEY_FOR_AUTHENTICATION.
+       * src/openpgp-do.c (gpg_do_write_prvkey): Remove multiple call
+       of flash_do_release.
+
+       Bug fix.
+       * src/openpgp-do.c (gpg_do_write_prvkey): Don't hardcode 6, but
+       use strlen.
+
+       * src/flash.c, src/gnuk.ld.in: Rename "Flash DO Pool" to "Flash
+       Data Pool", because it's not only DO.
+       * src/gnuk.h, src/opengpg-do.c: Cleanup.
+
+       Digital Signature Counter implementation improvement.
+       * src/gnuk.h (NR_DO_DS_COUNT): Removed.
+       (NR_COUNTER_DS, NR_COUNTER_DS_LSB): New.
+       * src/openpgp-do.c (do_ds_count_initial_value): Removed.
+       (gpg_do_increment_digital_signature_counter): Removed.
+       (digital_signature_counter): New variable.
+       (do_ds_count, gpg_increment_digital_signature_counter): New functions.
+       (gpg_do_table): Change the entry for GPG_DO_DS_COUNT as DO_PROC_READ.
+       (gpg_do_table_init): Handle digital_signature_counter.
+       * src/flash.c (flash_data_pool_allocate, flash_put_data): New.
+
+       Password status implementation improvement.
+       * src/gnuk.h (PW_STATUS_PW1, PW_STATUS_RC, PW_STATUS_PW3): Removed.
+       (PW_ERR_PW1, PW_ERR_RC, PW_ERR_PW3): New define.
+       (NR_COUNTER_123, NR_BOOL_PW1_LIFETIME): New define.
+       (NR_NONE, NR_EMPTY): New define.
+       * src/flash.c (flash_bool_clear, flash_bool_write)
+       (flash_cnt123_get_value, flash_cnt123_increment)
+       (flash_cnt123_clear): New functions.
+       * src/openpgp-do.c (do_pw_status_bytes_template): Removed.
+       (PW_STATUS_BYTES_TEMPLATE, gpg_do_reset_pw_counter): Removed.
+       (PASSWORD_ERRORS_MAX, PW_LEN_MAX): New define.
+       (pw1_lifetime_p, pw_err_counter_p): New variables.
+       (gpg_get_pw1_lifetime): New function.
+       (gpg_get_pw_err_counter, gpg_passwd_locked, gpg_reset_pw_counter)
+       (gpg_increment_pw_counter): New functions.
+       (rw_pw_status): Use pw1_lifetime_p and pw_err_counter_p.
+       (gpg_do_table_init): Handle NR_COUNTER_123 and NR_BOOL_PW1_LIFETIME.
+       * src/ac.c (verify_pso_cds, verify_pso_other, verify_admin_0):
+       Follow the changes.
+       * src/openpgp.c (cmd_change_password, cmd_reset_user_password)
+       (cmd_pso, cmd_internal_authenticate): Likewise.
+
+2010-11-04  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/flash.c (flash_warning): New.
+       (flash_do_pool): Added header for DO pool.
+       (flash_do_release): Fill zero.
+       (flash_do_write): Change DO format in flash.
+       * src/openpgp-do.c (gpg_do_table_init, copy_do_1)
+       (gpg_do_read_simple): Follow the change of DO format in flash.
+
+       * src/openpgp-do.c (DO_CMP_READ): Renamed.
+       (cmp_ch_data, cmp_app_data, cmp_ss_temp): Likewise.
+       (with_tag): Removed static global variable.
+       (do_hist_bytes, do_fp_all, do_cafp_all, do_kgtime_all)
+       (rw_pw_status, copy_do_1, copy_do, gpg_do_get_data): Added
+       with_tag argument.
+       (gpg_do_put_data): length > 255 will be error.
+
+2010-11-03  NIIBE Yutaka  <gniibe@fsij.org>
+
+       Bug fixes.
+       * src/ac.c (verify_admin_0): Initialize pwsb earlier.
+       * src/openpgp-do.c (copy_do_1): Access do_data[0] (was: do_data[1]).
+
+2010-11-02  NIIBE Yutaka  <gniibe@fsij.org>
+
+       DfuSe support.
+       * tool/dfuse.py (DFU_STM32.download): Put '#' for each 4-KiB.
+       Added 0-length write to finish download.
+       Take intel_hex object as argument.
+       (DFU_STM32.ll_upload_block): New method.
+       (DFU_STM32.dfuse_read_memory): New method.
+       (DFU_STM32.verify): New method.
+       (get_device): Support DFU_STM32PROTOCOL_0 too (for CQ STARM).
+
+       * tool/dfuse.py: Renamed from dfu_stmicroelectronics_extention.py.
+
+2010-11-01  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * tool/intel_hex.py: New file.
+       * tool/dfu_stmicroelectronics_extention.py: New file.
+
+2010-10-28  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/gnuk.h (OPENPGP_CARD_INITIAL_PW3): New.
+       * src/ac.c (verify_admin_0): Use OPENPGP_CARD_INITIAL_PW3.
+
+2010-10-23  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * Version 0.3.
+
+       * src/usb_desc.c (gnukStringSerial): Updated.
+
+2010-10-22  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/gnuk.ld.in (.gnuk_random): Fix description so that
+       padding with 0xffffffff will be in gnuk.hex.
+
+       * src/openpgp.c (file_selection): Change type (was: int).
+       (FILE_NONE..FILE_EF_SERIAL): Change the values.
+
+       * src/configure: Added STBee Mini support.
+       * boards/STBEE_MINI/mcuconf.h: New.
+       * boards/STBEE_MINI/board.mk: New.
+       * boards/STBEE_MINI/board.h: New.
+       * boards/STBEE_MINI/board.c: New.
+
+       * ChibiOS_2.0.2/os/hal/platforms/STM32/hal_lld.c
+       (pal_default_config): STBee Mini uses STM32F103CBT6 which expose
+       no GPIO E port.
+
+2010-10-21  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * boards/common/hw_config.c (Get_SerialNum): Removed.
+       * src/usb_prop.c (gnuk_device_init): Remove calling Get_SerialNum.
+       * src/usb_desc.c (gnukStringSerial): Updated.
+       * boards/CQ_STARM/board.c (set_led): Fix polarity.
+
+2010-10-20  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * FSIJ_SERIAL_NUMBER: New.
+       * src/configure (with_fsij): Added FSIJ serial number support.
+       * src/config.h.in (@FSIJ_DEFINE@, @SERIAL_NUMBER_FOUR_BYTES@): New.
+
+       * src/configure: Added CQ STARM target.
+       * boards/CQ_STARM/mcuconf.h: New.
+       * boards/CQ_STARM/board.mk: New.
+       * boards/CQ_STARM/board.h: New.
+       * boards/CQ_STARM/board.c: New.
+
+2010-10-19  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * boards/STM32_PRIMER2/board.mk (BOARDSRC): Use common/hw_config.c.
+       * boards/OLIMEX_STM32_H103/board.mk (BOARDSRC): Likewise.
+
+       * boards/common/hw_config.c: Move board specific functions to ...
+       * boards/STM32_PRIMER2/board.c (USB_Cable_Config, set_led): ... here.
+       * boards/OLIMEX_STM32_H103/board.c (USB_Cable_Config, set_led): Ditto.
+
+       * boards/{OLIMEX_STM32_H103,STM32_PRIMER2}/hw_config.c: Removed.
+       * boards/common/hw_config.c: New file (was: boards/*/hw_config.c).
+
+       * .gitignore: New file.
+
+2010-10-16  NIIBE Yutaka  <gniibe@fsij.org>
+
+       Implement "INTERNAL AUTHENTICATE" command.
+
+       * src/gnuk.h (BY_USER, BY_RESETCODE, BY_ADMIN): New defines.
+       (NUM_ALL_PRV_KEYS): Now it's 3 (was: 2).
+
+       * src/openpgp.c (INS_INTERNAL_AUTHENTICATE): New define.
+       (cmd_internal_authenticate): New function.
+       (cmds): Added INS_INTERNAL_AUTHENTICATE.
+       (cmd_change_password): Use BY_USER.
+       (cmd_reset_user_password): Use BY_USER, BY_RESETCODE, BY_ADMIN.
+       (cmd_pso): Load GPG_KEY_FOR_DECRYPTION here.
+       (cmd_pso): Removed adding status word into res_APDU...
+       * src/call-rsa.c (rsa_sign): and moved adding status word into
+       res_APDU here.
+
+       * src/ac.c (pw1_keystring): New variable.
+       (ac_reset_pso_other): Clear pw1_keystring.
+       (verify_pso_cds): Use BY_USER.
+       (verify_pso_other): Just check the length of password here, and
+       defer real check to cmd_pso or cmd_internal_authenticate.
+
+2010-10-14  NIIBE Yutaka  <gniibe@fsij.org>
+
+       Adding 'configure' support.
+       * src/configure: New file.
+       * src/Makefile.in: Renamed from src/Makefile.
+       * src/config.h: Renamed from src/config.h.
+       * src/gnuk.ld: Renamed from src/gnuk.ld.
+
+       Adding DFU_SUPPORT.
+       * boards/common/hwinit0.c: New file adding DFU_SUPPORT.
+       * boards/common/hwinit1.c: New file.
+       * boards/OLIMEX_STM32_H103/board.c: Include config.h.
+       Use common/hwinit0.c and common/hwinit1.c.
+       * boards/STM32_PRIMER2/board.c: Likewise.
+
+2010-09-16  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/usb-icc.c (icc_error): New function.
+       (icc_handle_data): Call icc_error.
+       Don't go to STATE_START on errors.
+
+2010-09-13  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * Version 0.2.
+
+       * src/openpgp.c (cmd_select_file): Override data of number_of_bytes.
+
+       * src/openpgp-do.c (gpg_do_table_init): Calculate number of byte
+       which Data Objects consumes.
+
+2010-09-12  Kaz Kojima <kkojima@rr.iij4u.or.jp>
+
+       * src/call-rsa.c (rsa_decrypt): Debug output only when DEBUG.
+
+       * boards/STM32_PRIMER2/hw_config.c (USB_Cable_Config): Fix GPIO.
+       (set_led): Ditto.
+
+       * boards/STM32_PRIMER2/board.c (hwinit1): Added LED initialization.
+
+2010-09-11  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/usb-icc.c (ATR): Fixed.
+       (icc_send_params): New function.
+       (icc_handle_data): Handle ICC_SET_PARAMS request.
+
+       * src/random.c (random_bytes_get, random_bytes_free, get_random):
+       Clear used random bytes.
+
+       * src/flash.c (flash_clear_halfword): New function.
+
+2010-09-10  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * Version 0.1.
+
+       * src/usb_desc.c (gnukStringSerial): Change the value so that
+       libccid doesn't get confused.
+
+       * src/openpgp.c (gpg_change_keystring): Support key for decryption
+       as well.
+       (cmd_read_binary): Use openpgpcard_aid.
+       (cmd_pso): call ac_reset_pso_other.
+
+       * src/openpgp-do.c (openpgpcard_aid): Renamed from aid, and exported.
+       (do_ds_count_initial_value): New const variable.
+       (num_prv_keys): New variable.
+       (gpg_do_write_prvkey): Remove contents of keystring only if
+       ++num_prv_keys == NUM_ALL_PRV_KEYS.
+       (gpg_do_chks_prvkey): Call flash_do_release.
+       (gpg_do_table_init): Initialize with do_ds_count_initial_value.
+       Initialize num_prv_keys.
+       (gpg_do_write_simple): Support removing DO.
+       (gpg_do_increment_digital_signature_counter): Call flash_do_release.
+
+       * src/gnuk.h (NUM_ALL_PRV_KEYS): New definition.
+       (OPENPGP_CARD_INITIAL_PW1): New definition.
+       (enum kind_of_key): Rename.
+
+       * src/ac.c (ac_reset_pso_cds): New function.
+
+2010-09-09  Kaz Kojima  <kkojima@rr.iij4u.or.jp>
+
+       * boards/STM32_PRIMER2/{board.c,board.h,board.mk,hw_config.c,mcuconf.h}:
+       New files.
+
+       * boards/OLIMEX_STM32_H103/{mcuconf.h,hw_config.c}: Moved from src.
+
+       * src/main.c (main): Use set_led instead of palClearPad directly.
+
+2010-09-08  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * src/ac.c (calc_md): Make SHA1 variable auto.
+
+       * src/debug.c (put_int): New.
+
+       * src/gnuk.ld (__process_stack_size__): Removed.
+
+       * src/main.c (STDOUTthread): Use Event.
+       (main): Make LED ON during command execution, blink usually.
+
+       * src/openpgp-do.c (encrypt, decrypt): Make AES variables auto.
+       (gpg_do_table): GPG_DO_ALG_AUT is NULL.
+
+       * src/openpgp.c (cmd_pso): Bug fix for extended Lc.
+
+       * src/usb-icc.c (icc_power_off): Make LED ON during command
+       execution.
+       (USB_ICC_TIMEOUT): Longer value (was: 1000).
+
+       * src/usb_desc.c (gnukConfigDescriptor): Fix bcdCCID value.
+
+       * src/vcomport.mk (VCOMSRC): Use our own usb_endp.c.
+
+       * src/usb_desc.c (gnukConfigDescriptor): ICC Descriptor is
+       Revision 1.0.
+
+       * polarssl-0.14.0/include/polarssl/config.h: Commend out
+       POLARSSL_SELF_TEST.
+
+       * polarssl-0.14.0/library/rsa.c (rsa_private): Don't check input,
+       so that we don't access ctx->N.
+       (rsa_pkcs1_decrypt): size of BUF is enough as 256.
+
+       * polarssl-0.14.0/library/sha1.c (sha1_file): #if-out to avoid
+       stdio of libc.
+
+       * polarssl-0.14.0/library/bignum.c (mpi_write_hlp)
+       (mpi_write_string, mpi_read_file, mpi_read_file): #if-out to avoid
+       stdio of libc.
+
+2010-09-07  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * gnuk.svg: New file.
+
+2010-09-06  NIIBE Yutaka  <gniibe@fsij.org>
+
+       * Initial version 0.0.
index ff2cb45..a9f3ee3 100644 (file)
@@ -84,7 +84,7 @@ CSRC = $(PORTSRC) \
        main.c usb_stm32f103.c adc_stm32f103.c \
        usb_desc.c usb_ctrl.c \
        usb-icc.c openpgp.c ac.c openpgp-do.c flash.c \
-       bn.c modp256.c jpc.c mod.c ec_p256.c \
+       bn.c modp256.c jpc.c mod.c ec_p256.c call-ec_p256.c \
        random.c neug.c sys.c
 
 ifneq ($(ENABLE_DEBUG),)
diff --git a/src/call-ec_p256.c b/src/call-ec_p256.c
new file mode 100644 (file)
index 0000000..722614b
--- /dev/null
@@ -0,0 +1,85 @@
+/*
+ * call-ec_p256.c - interface between Gnuk and Elliptic curve over GF(p256)
+ *
+ * Copyright (C) 2013 Free Software Initiative of Japan
+ * Author: NIIBE Yutaka <gniibe@fsij.org>
+ *
+ * This file is a part of Gnuk, a GnuPG USB Token implementation.
+ *
+ * Gnuk is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include "bn.h"
+#include "jpc-ac.h"
+#include "ec_p256.h"
+
+#include "ch.h"
+#include "gnuk.h"
+
+/* We are little endian.  */
+
+#define ECDSA_BYTE_SIZE 32
+
+int
+ecdsa_sign (const uint8_t *hash, uint8_t *output,
+           const struct key_data *kd)
+{
+  int i;
+  bn256 r[1], s[1], z[1];
+  uint8_t *p;
+
+  p = (uint8_t *)z;
+  for (i = 0; i < ECDSA_BYTE_SIZE; i++)
+    p[ECDSA_BYTE_SIZE - i - 1] = hash[i];
+
+  ecdsa (r, s, z, (const bn256 *)kd);
+  p = (uint8_t *)r;
+  for (i = 0; i < ECDSA_BYTE_SIZE; i++)
+    *output++ = p[ECDSA_BYTE_SIZE - i - 1];
+  p = (uint8_t *)s;
+  for (i = 0; i < ECDSA_BYTE_SIZE; i++)
+    *output++ = p[ECDSA_BYTE_SIZE - i - 1];
+  return 0;
+}
+
+const uint8_t *
+ecdsa_compute_public (const uint8_t *key_data)
+{
+  uint8_t *p0, *p, *p1;
+  ac q[1];
+  bn256 k[1];
+  int i;
+
+  p0 = (uint8_t *)malloc (ECDSA_BYTE_SIZE * 2);
+  if (p0 == NULL)
+    return NULL;
+
+  p = (uint8_t *)k;
+  for (i = 0; i < ECDSA_BYTE_SIZE; i++)
+    p[ECDSA_BYTE_SIZE - i - 1] = key_data[i];
+  compute_kG (q, k);
+  p = p0;
+  p1 = (uint8_t *)q->x;
+  for (i = 0; i < ECDSA_BYTE_SIZE; i++)
+    *p++ = p1[ECDSA_BYTE_SIZE - i - 1];
+  p1 = (uint8_t *)q->y;
+  for (i = 0; i < ECDSA_BYTE_SIZE; i++)
+    *p++ = p1[ECDSA_BYTE_SIZE - i - 1];
+
+  return p0;
+}
index a4638ea..3fdbb54 100644 (file)
@@ -107,11 +107,6 @@ modulus_calc (const uint8_t *p, int len)
   return modulus;
 }
 
-void
-modulus_free (const uint8_t *p)
-{
-  free ((void *)p);
-}
 
 int
 rsa_decrypt (const uint8_t *input, uint8_t *output, int msg_len,
index 6b6fe1b..606224a 100644 (file)
@@ -237,12 +237,15 @@ extern struct key_data kd[3];
 
 extern int rsa_sign (const uint8_t *, uint8_t *, int, struct key_data *);
 extern const uint8_t *modulus_calc (const uint8_t *, int);
-extern void modulus_free (const uint8_t *);
 extern int rsa_decrypt (const uint8_t *, uint8_t *, int, struct key_data *);
 extern int rsa_verify (const uint8_t *pubkey, const uint8_t *hash,
                       const uint8_t *signature);
 extern const uint8_t *rsa_genkey (void);
 
+extern int ecdsa_sign  (const uint8_t *hash, uint8_t *output,
+                       const struct key_data *kd);
+extern const uint8_t *ecdsa_compute_public (const uint8_t *key_data);
+
 extern const uint8_t *gpg_do_read_simple (uint8_t);
 extern void gpg_do_write_simple (uint8_t, const uint8_t *, int);
 extern void gpg_increment_digital_signature_counter (void);
index 88eae05..08d1509 100644 (file)
@@ -122,7 +122,7 @@ static const uint8_t extended_capabilities[] __attribute__ ((aligned (1))) = {
 };
 
 /* Algorithm Attributes */
-static const uint8_t algorithm_attr[] __attribute__ ((aligned (1))) = {
+static const uint8_t algorithm_attr_rsa[] __attribute__ ((aligned (1))) = {
   6,
   0x01, /* RSA */
   0x08, 0x00,        /* Length modulus (in bit): 2048 */
@@ -130,6 +130,12 @@ static const uint8_t algorithm_attr[] __attribute__ ((aligned (1))) = {
   0x00               /* 0: p&q , 3: CRT with N (not yet supported) */
 };
 
+static const uint8_t algorithm_attr_ecdsa[] __attribute__ ((aligned (1))) = {
+  9,
+  0x13, /* ECDSA */
+  0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 /* OID of NIST curve P-256 */
+};
+
 #define PW_LEN_MAX 127
 /*
  * Representation of PW1_LIFETIME:
@@ -722,7 +728,7 @@ static int8_t num_prv_keys;
 
 static int
 gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len,
-                    const uint8_t *keystring_admin, const uint8_t *modulus)
+                    const uint8_t *keystring_admin, const uint8_t *pubkey)
 {
   uint8_t nr = get_do_ptr_nr_for_kk (kk);
   const uint8_t *p;
@@ -734,7 +740,7 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len,
   const uint8_t *ks_pw1;
   const uint8_t *ks_rc;
   struct key_data_internal kdi;
-  int modulus_allocated_here = 0;
+  int pubkey_allocated_here = 0;
   uint8_t ks_pw1_len = 0;
   uint8_t ks_rc_len = 0;
 
@@ -745,23 +751,28 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len,
     /* No replace support, you need to remove it first.  */
     return -1;
 
-  if (key_len != KEY_CONTENT_LEN)
+  if (kk != GPG_KEY_FOR_AUTHENTICATION && key_len != KEY_CONTENT_LEN)
+    return -1;
+  if (kk == GPG_KEY_FOR_AUTHENTICATION && key_len != 32)
     return -1;
 
   pd = (struct prvkey_data *)malloc (sizeof (struct prvkey_data));
   if (pd == NULL)
     return -1;
 
-  if (modulus == NULL)
+  if (pubkey == NULL)
     {
-      modulus = modulus_calc (key_data, key_len);
-      if (modulus == NULL)
+      if (kk == GPG_KEY_FOR_AUTHENTICATION)
+       pubkey = ecdsa_compute_public (key_data);
+      else
+       pubkey = modulus_calc (key_data, key_len);
+      if (pubkey == NULL)
        {
          free (pd);
          return -1;
        }
 
-      modulus_allocated_here = 1;
+      pubkey_allocated_here = 1;
     }
 
   DEBUG_INFO ("Getting keystore address...\r\n");
@@ -769,15 +780,21 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len,
   if (key_addr == NULL)
     {
       free (pd);
-      if (modulus_allocated_here)
-       modulus_free (modulus);
+      if (pubkey_allocated_here)
+       free ((void *)pubkey);
       return -1;
     }
 
   DEBUG_INFO ("key_addr: ");
   DEBUG_WORD ((uint32_t)key_addr);
 
-  memcpy (kdi.data, key_data, KEY_CONTENT_LEN);
+  if (kk == GPG_KEY_FOR_AUTHENTICATION)
+    {
+      memcpy (kdi.data, key_data, key_len);
+      memset (kdi.data + key_len, 0, KEY_CONTENT_LEN - key_len);
+    }
+  else
+    memcpy (kdi.data, key_data, KEY_CONTENT_LEN);
   compute_key_data_checksum (&kdi, 0);
 
   dek = random_bytes_get (); /* 32-byte random bytes */
@@ -790,9 +807,9 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len,
 
   encrypt (dek, iv, (uint8_t *)&kdi, sizeof (struct key_data_internal));
 
-  r = flash_key_write (key_addr, kdi.data, modulus);
-  if (modulus_allocated_here)
-    modulus_free (modulus);
+  r = flash_key_write (key_addr, kdi.data, pubkey);
+  if (pubkey_allocated_here)
+    free ((void *)pubkey);
 
   if (r < 0)
     {
@@ -895,13 +912,23 @@ gpg_do_chks_prvkey (enum kind_of_key kk,
 }
 
 /*
+ * RSA:
  * 4d, xx, xx, xx:    Extended Header List
  *   b6 00 (SIG) / b8 00 (DEC) / a4 00 (AUT)
  *   7f48, xx: cardholder private key template
- *       91 xx
- *       92 xx xx
- *       93 xx xx
+ *       91 xx: length of E
+ *       92 xx xx: length of P
+ *       93 xx xx: length of Q
  *   5f48, xx xx xx: cardholder private key
+ * <E: 4-byte>, <P: 128-byte>, <Q: 128-byte>
+ *
+ * ECDSA:
+ * 4d, xx:    Extended Header List
+ *   a4 00 (AUT)
+ *   7f48, xx: cardholder private key template
+ *       91 xx: length of d
+ *   5f48, xx : cardholder private key
+ * <d>
  */
 static int
 proc_key_import (const uint8_t *data, int len)
@@ -944,7 +971,8 @@ proc_key_import (const uint8_t *data, int len)
       ac_reset_other ();
     }
 
-  if (len <= 22)
+  if ((kk != GPG_KEY_FOR_AUTHENTICATION && len <= 22)
+      || (kk == GPG_KEY_FOR_AUTHENTICATION && len <= 12))
     {                                      /* Deletion of the key */
       uint8_t nr = get_do_ptr_nr_for_kk (kk);
       const uint8_t *do_data = do_ptr[nr - NR_DO__FIRST__];
@@ -972,9 +1000,15 @@ proc_key_import (const uint8_t *data, int len)
       return 1;
     }
 
-  /* It should starts with 00 01 00 01 (E) */
-  /* Skip E, 4-byte */
-  r = gpg_do_write_prvkey (kk, &data[26], len - 26, keystring_admin, NULL);
+  if (kk != GPG_KEY_FOR_AUTHENTICATION)
+    {                     /* RSA */
+      /* It should starts with 00 01 00 01 (E) */
+      /* Skip E, 4-byte */
+      r = gpg_do_write_prvkey (kk, &data[26], len - 26, keystring_admin, NULL);
+    }
+  else
+    r = gpg_do_write_prvkey (kk, &data[12], len - 12, keystring_admin, NULL);
+
   if (r < 0)
     return 0;
   else
@@ -1032,9 +1066,9 @@ gpg_do_table[] = {
     rw_pw_status },
   /* Fixed data */
   { GPG_DO_EXTCAP, DO_FIXED, AC_ALWAYS, AC_NEVER, extended_capabilities },
-  { GPG_DO_ALG_SIG, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr },
-  { GPG_DO_ALG_DEC, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr },
-  { GPG_DO_ALG_AUT, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr },
+  { GPG_DO_ALG_SIG, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr_rsa },
+  { GPG_DO_ALG_DEC, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr_rsa },
+  { GPG_DO_ALG_AUT, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr_ecdsa },
   /* Compound data: Read access only */
   { GPG_DO_CH_DATA, DO_CMP_READ, AC_ALWAYS, AC_NEVER, cmp_ch_data },
   { GPG_DO_APP_DATA, DO_CMP_READ, AC_ALWAYS, AC_NEVER, cmp_app_data },
@@ -1475,26 +1509,42 @@ gpg_do_public_key (uint8_t kk_byte)
 
   /* TAG */
   *res_p++ = 0x7f; *res_p++ = 0x49;
-  /* LEN = 9+256 */
-  *res_p++ = 0x82; *res_p++ = 0x01; *res_p++ = 0x09;
-
-  {
-    /*TAG*/          /*LEN = 256 */
-    *res_p++ = 0x81; *res_p++ = 0x82; *res_p++ = 0x01; *res_p++ = 0x00;
-    /* 256-byte binary (big endian) */
-    memcpy (res_p, key_addr + KEY_CONTENT_LEN, KEY_CONTENT_LEN);
-    res_p += 256;
-  }
-  {
-    /*TAG*/          /*LEN= 3 */
-    *res_p++ = 0x82; *res_p++ = 3;
-    /* 3-byte E=0x10001 (big endian) */
-    *res_p++ = 0x01; *res_p++ = 0x00; *res_p++ = 0x01;
-
-    /* Success */
-    res_APDU_size = res_p - res_APDU;
-    GPG_SUCCESS ();
-  }
+
+  if (kk_byte != 0xa4)
+    {                          /* RSA */
+      /* LEN = 9+256 */
+      *res_p++ = 0x82; *res_p++ = 0x01; *res_p++ = 0x09;
+
+      {
+       /*TAG*/          /* LEN = 256 */
+       *res_p++ = 0x81; *res_p++ = 0x82; *res_p++ = 0x01; *res_p++ = 0x00;
+       /* 256-byte binary (big endian) */
+       memcpy (res_p, key_addr + KEY_CONTENT_LEN, KEY_CONTENT_LEN);
+       res_p += 256;
+      }
+      {
+       /*TAG*/          /* LEN= 3 */
+       *res_p++ = 0x82; *res_p++ = 3;
+       /* 3-byte E=0x10001 (big endian) */
+       *res_p++ = 0x01; *res_p++ = 0x00; *res_p++ = 0x01;
+      }
+    }
+  else
+    {                          /* ECDSA */
+      /* LEN = 2+64 */
+      *res_p++ = 0x42;
+      {
+       /*TAG*/          /* LEN = 64 */
+       *res_p++ = 0x81; *res_p++ = 0x40;
+       /* 64-byte binary (big endian) */
+       memcpy (res_p, key_addr + KEY_CONTENT_LEN, 64);
+       res_p += 64;
+      }
+    }
+
+  /* Success */
+  res_APDU_size = res_p - res_APDU;
+  GPG_SUCCESS ();
 
   DEBUG_INFO ("done.\r\n");
   return;
index 6332f5d..5275d15 100644 (file)
@@ -833,6 +833,7 @@ cmd_pso (void)
 }
 
 
+#if RSA_AUTH
 #define MAX_DIGEST_INFO_LEN 102 /* 40% */
 static void
 cmd_internal_authenticate (void)
@@ -876,6 +877,54 @@ cmd_internal_authenticate (void)
 
   DEBUG_INFO ("INTERNAL AUTHENTICATE done.\r\n");
 }
+#else
+#define ECDSA_P256_HASH_LEN 32
+#define ECDSA_SIGNATURE_LENGTH 64
+
+static void
+cmd_internal_authenticate (void)
+{
+  int len = apdu.cmd_apdu_data_len;
+  int r;
+
+  DEBUG_INFO (" - INTERNAL AUTHENTICATE\r\n");
+
+  if (P1 (apdu) == 0x00 && P2 (apdu) == 0x00)
+    {
+      DEBUG_SHORT (len);
+
+      if (!ac_check_status (AC_OTHER_AUTHORIZED))
+       {
+         DEBUG_INFO ("security error.");
+         GPG_SECURITY_FAILURE ();
+         return;
+       }
+
+      if (len != ECDSA_P256_HASH_LEN)
+       {
+         DEBUG_INFO ("wrong hash length.");
+         GPG_CONDITION_NOT_SATISFIED ();
+         return;
+       }
+
+      res_APDU_size = ECDSA_SIGNATURE_LENGTH;
+      r = ecdsa_sign (apdu.cmd_apdu_data, res_APDU,
+                     &kd[GPG_KEY_FOR_AUTHENTICATION]);
+      if (r < 0)
+       GPG_ERROR ();
+    }
+  else
+    {
+      DEBUG_INFO (" - ??");
+      DEBUG_BYTE (P1 (apdu));
+      DEBUG_INFO (" - ??");
+      DEBUG_BYTE (P2 (apdu));
+      GPG_ERROR ();
+    }
+
+  DEBUG_INFO ("INTERNAL AUTHENTICATE done.\r\n");
+}
+#endif
 
 #define MBD_OPRATION_WRITE  0
 #define MBD_OPRATION_UPDATE 1