deon/gnuk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

PW3 handling and signature counter

Browse Source
This commit is contained in:
NIIBE Yutaka
2012-06-27 13:10:12 +09:00
parent e11d81376c
commit 1944a78443
3 changed files with 50 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ChangeLog
View File

@@ -1,3 +1,13 @@
2012-06-27 Niibe Yutaka <gniibe@fsij.org>
* src/openpgp.c (cmd_change_password): Support resetting to
factory setting of PW3.
* src/openpgp-do.c (gpg_do_write_prvkey): Don't reset signagure
counter here.
(proc_key_import): But reset here.
Call ac_reset_* when key is imported.
2012-06-26 Niibe Yutaka <gniibe@fsij.org> 2012-06-26 Niibe Yutaka <gniibe@fsij.org>
* test: New. * test: New.

18
src/openpgp-do.c
View File

@@ -793,10 +793,7 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len,
memcpy (pd->checksum_encrypted, kdi.checksum, DATA_ENCRYPTION_KEY_SIZE); memcpy (pd->checksum_encrypted, kdi.checksum, DATA_ENCRYPTION_KEY_SIZE);
if (kk == GPG_KEY_FOR_SIGNING) if (kk == GPG_KEY_FOR_SIGNING)
{
ac_reset_pso_cds (); ac_reset_pso_cds ();
gpg_reset_digital_signature_counter ();
}
else else
ac_reset_other (); ac_reset_other ();
@@ -924,11 +921,19 @@ proc_key_import (const uint8_t *data, int len)
p += 1; p += 1;
if (*p == 0xb6) if (*p == 0xb6)
{
kk = GPG_KEY_FOR_SIGNING; kk = GPG_KEY_FOR_SIGNING;
else if (*p == 0xb8) ac_reset_pso_cds ();
gpg_reset_digital_signature_counter ();
}
else
{
if (*p == 0xb8)
kk = GPG_KEY_FOR_DECRYPTION; kk = GPG_KEY_FOR_DECRYPTION;
else /* 0xa4 */ else /* 0xa4 */
kk = GPG_KEY_FOR_AUTHENTICATION; kk = GPG_KEY_FOR_AUTHENTICATION;
ac_reset_other ();
}
if (len <= 22) if (len <= 22)
{ /* Deletion of the key */ { /* Deletion of the key */
@@ -948,6 +953,11 @@ proc_key_import (const uint8_t *data, int len)
/* Delete PW1 and RC if any */ /* Delete PW1 and RC if any */
gpg_do_write_simple (NR_DO_KEYSTRING_PW1, NULL, 0); gpg_do_write_simple (NR_DO_KEYSTRING_PW1, NULL, 0);
gpg_do_write_simple (NR_DO_KEYSTRING_RC, NULL, 0); gpg_do_write_simple (NR_DO_KEYSTRING_RC, NULL, 0);
ac_reset_pso_cds ();
ac_reset_other ();
if (keystring_admin == NULL)
ac_reset_admin ();
} }
return 1; return 1;

10
src/openpgp.c
View File

@@ -220,8 +220,7 @@ cmd_change_password (void)
uint8_t p1 = P1 (apdu); /* 0: change (old+new), 1: exchange (new) */ uint8_t p1 = P1 (apdu); /* 0: change (old+new), 1: exchange (new) */
uint8_t p2 = P2 (apdu); uint8_t p2 = P2 (apdu);
int len; int len;
const uint8_t *pw; uint8_t *pw, *newpw;
const uint8_t *newpw;
int pw_len, newpw_len; int pw_len, newpw_len;
int who = p2 - 0x80; int who = p2 - 0x80;
int who_old; int who_old;
@@ -284,6 +283,13 @@ cmd_change_password (void)
{ {
newpw = pw + pw_len; newpw = pw + pw_len;
newpw_len = len - pw_len; newpw_len = len - pw_len;
if (newpw_len == 0 && admin_authorized == BY_ADMIN)
{
newpw_len = strlen (OPENPGP_CARD_INITIAL_PW3);
memcpy (newpw, OPENPGP_CARD_INITIAL_PW3, newpw_len);
gpg_do_write_simple (NR_DO_KEYSTRING_PW3, NULL, 0);
}
else
gpg_set_pw3 (newpw, newpw_len); gpg_set_pw3 (newpw, newpw_len);
who_old = admin_authorized; who_old = admin_authorized;
} }