diff --git a/ChangeLog b/ChangeLog index 0fa8c8e..2621835 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2011-01-27 NIIBE Yutaka + + * src/openpgp.c (cmd_reset_user_password): Added PINPAD_SUPPORT. + + * src/gnuk.ld.in: Fix alignment and filling. + 2011-01-26 NIIBE Yutaka * boards/STBEE/mcuconf.h: New. diff --git a/NEWS b/NEWS index 1e1c829..fd8f522 100644 --- a/NEWS +++ b/NEWS @@ -5,16 +5,19 @@ Gnuk NEWS - User visible changes Released 2011-01-XX, by NIIBE Yutaka ** Better interoperability to OpenSC. -Gnuk is not yet supported by OpenSC, but it should be. With this +Gnuk is not yet supported by OpenSC, but it should be. With the changes in Gnuk, it could be relatively easily possible to support Gnuk Token by OpenSC with a few changes to libopensc/card-openpgp.c, -libopensc/pkcs15-openpgp.c and pkcs11/framework-pkcs15.c. +and libopensc/pkcs15-openpgp.c. ** New board support "STBEE" STBEE is a board by Strawberry Linux Co., Ltd., and it has STM32F103VET6 on the board. The chip is High Density CPU with 512KB flash memory and many I/O. If you want to connect sensor, display, -etc., this board would be good candidate. +etc., this board would be a good candidate. + +** Experimental PIN-pad modification(unblock) support is added. +PIN-pad modification(unblock) is supported. * Major changes in Gnuk 0.8 diff --git a/src/gnuk.ld.in b/src/gnuk.ld.in index 7c8b154..c968c4e 100644 --- a/src/gnuk.ld.in +++ b/src/gnuk.ld.in @@ -118,20 +118,19 @@ SECTIONS { . = ALIGN (@FLASH_PAGE_SIZE@); *(.gnuk_random) + . = ALIGN (@FLASH_PAGE_SIZE@); } > flash =0xffffffff - .gnuk_flash : ALIGN (@FLASH_PAGE_SIZE@) + .gnuk_flash : { _data_pool = .; KEEP(*(.gnuk_data)) - FILL(0xffffffff); . = ALIGN(@FLASH_PAGE_SIZE@); . += @FLASH_PAGE_SIZE@; _keystore_pool = .; - FILL(0xffffffff); . += 512*3; . = ALIGN(@FLASH_PAGE_SIZE@); - } > flash + } > flash =0xffffffff } __heap_base__ = _end; diff --git a/src/openpgp.c b/src/openpgp.c index 921b110..f90e176 100644 --- a/src/openpgp.c +++ b/src/openpgp.c @@ -391,8 +391,8 @@ static void cmd_reset_user_password (void) { uint8_t p1 = cmd_APDU[2]; - int len = cmd_APDU[4]; - const uint8_t *pw = &cmd_APDU[5]; + int len; + const uint8_t *pw; const uint8_t *newpw; int pw_len, newpw_len; int r; @@ -402,10 +402,55 @@ cmd_reset_user_password (void) DEBUG_INFO ("Reset PW1\r\n"); DEBUG_BYTE (p1); - if (len == 0) /* extended length */ +#if defined(PINPAD_SUPPORT) + if (cmd_APDU_size == 4) + /* Modification with pinpad */ { - len = (cmd_APDU[5]<<8) | cmd_APDU[6]; - pw += 2; + pw_len = get_pinpad_input (PIN_INPUT_CURRENT); + if (pw_len < 0) + { + GPG_ERROR (); + return; + } + + pw = &cmd_APDU[5]; + memcpy (&cmd_APDU[5], pin_input_buffer, pw_len); + newpw = pw + pw_len; + + newpw_len = get_pinpad_input (PIN_INPUT_NEW); + if (newpw_len < 0) + { + GPG_ERROR (); + return; + } + + memcpy (&cmd_APDU[5]+pw_len, pin_input_buffer, newpw_len); + + len = get_pinpad_input (PIN_INPUT_CONFIRM); + if (len < 0) + { + GPG_ERROR (); + return; + } + + if (len != newpw_len || memcmp (newpw, pin_input_buffer, len) != 0) + { + GPG_SECURITY_FAILURE (); + return; + } + + len = cmd_APDU[4] = pw_len + newpw_len; + } + else +#endif + { + len = cmd_APDU[4]; + pw = &cmd_APDU[5]; + if (len == 0) /* extended length */ + { + len = (cmd_APDU[5]<<8) | cmd_APDU[6]; + pw += 2; + } } if (p1 == 0x00) /* by User with Reseting Code */