unblock with pinpad

ChangeLog

@@ -1,3 +1,9 @@
+2011-01-27  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/openpgp.c (cmd_reset_user_password): Added PINPAD_SUPPORT.
+
+	* src/gnuk.ld.in: Fix alignment and filling.
+
 2011-01-26  NIIBE Yutaka  <gniibe@fsij.org>
 
 	* boards/STBEE/mcuconf.h: New.

NEWS

@@ -5,16 +5,19 @@ Gnuk NEWS - User visible changes
   Released 2011-01-XX, by NIIBE Yutaka
 
 ** Better interoperability to OpenSC.
-Gnuk is not yet supported by OpenSC, but it should be.  With this
+Gnuk is not yet supported by OpenSC, but it should be.  With the
 changes in Gnuk, it could be relatively easily possible to support
 Gnuk Token by OpenSC with a few changes to libopensc/card-openpgp.c,
-libopensc/pkcs15-openpgp.c and pkcs11/framework-pkcs15.c.
+and libopensc/pkcs15-openpgp.c.
 
 ** New board support "STBEE"
 STBEE is a board by Strawberry Linux Co., Ltd., and it has
 STM32F103VET6 on the board.  The chip is High Density CPU with 512KB
 flash memory and many I/O.  If you want to connect sensor, display,
-etc., this board would be good candidate.
+etc., this board would be a good candidate.
+
+** Experimental PIN-pad modification(unblock) support is added.
+PIN-pad modification(unblock) is supported.
 
 
 * Major changes in Gnuk 0.8

src/gnuk.ld.in

@@ -118,20 +118,19 @@ SECTIONS
     {
         . = ALIGN (@FLASH_PAGE_SIZE@);
 	*(.gnuk_random)
+        . = ALIGN (@FLASH_PAGE_SIZE@);
     } > flash =0xffffffff
 
-    .gnuk_flash : ALIGN (@FLASH_PAGE_SIZE@)
+    .gnuk_flash :
     {
 	_data_pool = .;
 	KEEP(*(.gnuk_data))
-	FILL(0xffffffff);
 	. = ALIGN(@FLASH_PAGE_SIZE@);
 	. += @FLASH_PAGE_SIZE@;
 	_keystore_pool = .;
-	FILL(0xffffffff);
 	. += 512*3;
 	. = ALIGN(@FLASH_PAGE_SIZE@);
-    } > flash
+    } > flash =0xffffffff
 }
 
 __heap_base__   = _end;

src/openpgp.c

@@ -391,8 +391,8 @@ static void
 cmd_reset_user_password (void)
 {
   uint8_t p1 = cmd_APDU[2];
-  int len = cmd_APDU[4];
+  int len;
-  const uint8_t *pw = &cmd_APDU[5];
+  const uint8_t *pw;
   const uint8_t *newpw;
   int pw_len, newpw_len;
   int r;
@@ -402,10 +402,55 @@ cmd_reset_user_password (void)
   DEBUG_INFO ("Reset PW1\r\n");
   DEBUG_BYTE (p1);
 
-  if (len == 0)			/* extended length */
+#if defined(PINPAD_SUPPORT)
+  if (cmd_APDU_size == 4)
+    /* Modification with pinpad */
     {
-      len = (cmd_APDU[5]<<8) | cmd_APDU[6];
+      pw_len = get_pinpad_input (PIN_INPUT_CURRENT);
-      pw += 2;
+      if (pw_len < 0)
+	{
+	  GPG_ERROR ();
+	  return;
+	}
+
+      pw = &cmd_APDU[5];
+      memcpy (&cmd_APDU[5], pin_input_buffer, pw_len);
+      newpw = pw + pw_len;
+
+      newpw_len = get_pinpad_input (PIN_INPUT_NEW);
+      if (newpw_len < 0)
+	{
+	  GPG_ERROR ();
+	  return;
+	}
+
+      memcpy (&cmd_APDU[5]+pw_len, pin_input_buffer, newpw_len);
+
+      len = get_pinpad_input (PIN_INPUT_CONFIRM);
+      if (len < 0)
+	{
+	  GPG_ERROR ();
+	  return;
+	}
+
+      if (len != newpw_len || memcmp (newpw, pin_input_buffer, len) != 0)
+	{
+	  GPG_SECURITY_FAILURE ();
+	  return;
+	}
+
+      len = cmd_APDU[4] = pw_len + newpw_len;
+    }
+  else
+#endif
+    {
+      len = cmd_APDU[4];
+      pw = &cmd_APDU[5];
+      if (len == 0)			/* extended length */
+	{
+	  len = (cmd_APDU[5]<<8) | cmd_APDU[6];
+	  pw += 2;
+	}
     }
 
   if (p1 == 0x00)		/* by User with Reseting Code */