unblock with pinpad

2011-01-27 10:02:46 +09:00
parent d2cfd092d1
commit 1d2439abca
4 changed files with 65 additions and 12 deletions
--- a/6
+++ b/6
@@ -1,3 +1,9 @@
+2011-01-27  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/openpgp.c (cmd_reset_user_password): Added PINPAD_SUPPORT.
+
+	* src/gnuk.ld.in: Fix alignment and filling.
+
 2011-01-26  NIIBE Yutaka  <gniibe@fsij.org>

 	* boards/STBEE/mcuconf.h: New.
--- a/9
+++ b/9
@@ -5,16 +5,19 @@ Gnuk NEWS - User visible changes
  Released 2011-01-XX, by NIIBE Yutaka

 ** Better interoperability to OpenSC.
-Gnuk is not yet supported by OpenSC, but it should be.  With this
+Gnuk is not yet supported by OpenSC, but it should be.  With the
 changes in Gnuk, it could be relatively easily possible to support
 Gnuk Token by OpenSC with a few changes to libopensc/card-openpgp.c,
-libopensc/pkcs15-openpgp.c and pkcs11/framework-pkcs15.c.
+and libopensc/pkcs15-openpgp.c.

 ** New board support "STBEE"
 STBEE is a board by Strawberry Linux Co., Ltd., and it has
 STM32F103VET6 on the board.  The chip is High Density CPU with 512KB
 flash memory and many I/O.  If you want to connect sensor, display,
-etc., this board would be good candidate.
+etc., this board would be a good candidate.
+
+** Experimental PIN-pad modification(unblock) support is added.
+PIN-pad modification(unblock) is supported.


 * Major changes in Gnuk 0.8
--- a/src/gnuk.ld.in
+++ b/src/gnuk.ld.in
@@ -118,20 +118,19 @@ SECTIONS
    {
        . = ALIGN (@FLASH_PAGE_SIZE@);
 	*(.gnuk_random)
+        . = ALIGN (@FLASH_PAGE_SIZE@);
    } > flash =0xffffffff

-    .gnuk_flash : ALIGN (@FLASH_PAGE_SIZE@)
+    .gnuk_flash :
    {
 	_data_pool = .;
 	KEEP(*(.gnuk_data))
-	FILL(0xffffffff);
 	. = ALIGN(@FLASH_PAGE_SIZE@);
 	. += @FLASH_PAGE_SIZE@;
 	_keystore_pool = .;
-	FILL(0xffffffff);
 	. += 512*3;
 	. = ALIGN(@FLASH_PAGE_SIZE@);
-    } > flash
+    } > flash =0xffffffff
 }

 __heap_base__   = _end;
--- a/src/openpgp.c
+++ b/src/openpgp.c
@@ -391,8 +391,8 @@ static void
 cmd_reset_user_password (void)
 {
  uint8_t p1 = cmd_APDU[2];
-  int len = cmd_APDU[4];
-  const uint8_t *pw = &cmd_APDU[5];
+  int len;
+  const uint8_t *pw;
  const uint8_t *newpw;
  int pw_len, newpw_len;
  int r;
@@ -402,11 +402,56 @@ cmd_reset_user_password (void)
  DEBUG_INFO ("Reset PW1\r\n");
  DEBUG_BYTE (p1);

+#if defined(PINPAD_SUPPORT)
+  if (cmd_APDU_size == 4)
+    /* Modification with pinpad */
+    {
+      pw_len = get_pinpad_input (PIN_INPUT_CURRENT);
+      if (pw_len < 0)
+	{
+	  GPG_ERROR ();
+	  return;
+	}
+
+      pw = &cmd_APDU[5];
+      memcpy (&cmd_APDU[5], pin_input_buffer, pw_len);
+      newpw = pw + pw_len;
+
+      newpw_len = get_pinpad_input (PIN_INPUT_NEW);
+      if (newpw_len < 0)
+	{
+	  GPG_ERROR ();
+	  return;
+	}
+
+      memcpy (&cmd_APDU[5]+pw_len, pin_input_buffer, newpw_len);
+
+      len = get_pinpad_input (PIN_INPUT_CONFIRM);
+      if (len < 0)
+	{
+	  GPG_ERROR ();
+	  return;
+	}
+
+      if (len != newpw_len || memcmp (newpw, pin_input_buffer, len) != 0)
+	{
+	  GPG_SECURITY_FAILURE ();
+	  return;
+	}
+
+      len = cmd_APDU[4] = pw_len + newpw_len;
+    }
+  else
+#endif
+    {
+      len = cmd_APDU[4];
+      pw = &cmd_APDU[5];
      if (len == 0)			/* extended length */
 	{
 	  len = (cmd_APDU[5]<<8) | cmd_APDU[6];
 	  pw += 2;
 	}
+    }

  if (p1 == 0x00)		/* by User with Reseting Code */
    {