deon/gnuk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Support VERIFY reset feature

Browse Source
This commit is contained in:
NIIBE Yutaka
2016-02-09 14:15:41 +09:00
parent 522ec3299e
commit 3f1ee534fe
3 changed files with 42 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@@ -1,7 +1,10 @@
2016-02-09 gniibe <gniibe@fsij.org> 2016-02-09 Niibe Yutaka <gniibe@fsij.org>
* src/openpgp.c (cmd_verify): Support VERIFY reset, which is
described in the specification V2.2 and V3.1.
* polarssl/library/bignum.c (mpi_exp_mod): Fix to our local * polarssl/library/bignum.c (mpi_exp_mod): Fix to our local
change. Thanks to Aidan Thornton for failure test case. change. Thanks to Aidan Thornton for the failure test case.
Fix of mpi_div_mpi from upstream. Fix of mpi_div_mpi from upstream.
* polarssl/library/bignum.c (int_clz, int_div_int): New. * polarssl/library/bignum.c (int_clz, int_div_int): New.

8
NEWS
View File

@@ -4,6 +4,10 @@ Gnuk NEWS - User visible changes
Released 2016-02-xx, by NIIBE Yutaka Released 2016-02-xx, by NIIBE Yutaka
** Support authentication status reset by VERIFY command.
This feature is described in the OpenPGPcard specification V2.2 and
V3.1, which allow user to reset authentication status.
** S2K algorithm change to defeat "copycat" service of MCU. ** S2K algorithm change to defeat "copycat" service of MCU.
Even if the existence of some services copying MCU, your private key Even if the existence of some services copying MCU, your private key
will not be controled by others. will not be controled by others.
@@ -11,6 +15,10 @@ will not be controled by others.
** Bug fix for secp256k1 and NIST P-256. ** Bug fix for secp256k1 and NIST P-256.
Bugs in basic computation were fixed. Bugs in basic computation were fixed.
** Bug fix for bignum routines.
Bignum routine update from upstream (failure doesn't occur for our RSA
computation, though). Another fix for mpi_exp_mod.
* Major changes in Gnuk 1.1.9 * Major changes in Gnuk 1.1.9

43
src/openpgp.c
View File

@@ -138,6 +138,7 @@ static void
cmd_verify (void) cmd_verify (void)
{ {
int len; int len;
uint8_t p1 = P1 (apdu);
uint8_t p2 = P2 (apdu); uint8_t p2 = P2 (apdu);
int r; int r;
const uint8_t *pw; const uint8_t *pw;
@@ -149,22 +150,36 @@ cmd_verify (void)
pw = apdu.cmd_apdu_data; pw = apdu.cmd_apdu_data;
if (len == 0) if (len == 0)
{ /* This is to examine status. */ {
if (p2 == 0x81) if (p1 == 0)
r = ac_check_status (AC_PSO_CDS_AUTHORIZED); { /* This is to examine status. */
else if (p2 == 0x82) if (p2 == 0x81)
r = ac_check_status (AC_OTHER_AUTHORIZED); r = ac_check_status (AC_PSO_CDS_AUTHORIZED);
else else if (p2 == 0x82)
r = ac_check_status (AC_ADMIN_AUTHORIZED); r = ac_check_status (AC_OTHER_AUTHORIZED);
else
r = ac_check_status (AC_ADMIN_AUTHORIZED);
if (r) if (r)
GPG_SUCCESS (); /* If authentication done already, return success. */ GPG_SUCCESS (); /* If authentication done already, return success. */
else else
{ /* If not, return retry counter, encoded. */ { /* If not, return retry counter, encoded. */
r = gpg_pw_get_retry_counter (p2); r = gpg_pw_get_retry_counter (p2);
set_res_sw (0x63, 0xc0 | (r&0x0f)); set_res_sw (0x63, 0xc0 | (r&0x0f));
}
} }
else if (p1 == 0xff)
{ /* Reset the status. */
if (p2 == 0x81)
ac_reset_pso_cds ();
else if (p2 == 0x82)
ac_reset_other ();
else
ac_reset_admin ();
GPG_SUCCESS ();
}
else
GPG_BAD_P1_P2 ();
return; return;
} }