From 5c74f11ed26bfefb986809ffe6b4f11b5d86660a Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Fri, 11 Oct 2013 13:37:43 +0900 Subject: [PATCH] fix auth conditions --- ChangeLog | 6 ++++++ src/ac.c | 8 +++++--- src/openpgp-do.c | 32 +++++++++++++++----------------- src/openpgp.c | 4 +++- 4 files changed, 29 insertions(+), 21 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6965fb2..8481149 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,13 @@ 2013-10-11 Niibe Yutaka + * src/ac.c (verify_user_0, verify_admin_00): Fix conditions. + * src/openpgp-do.c (gpg_do_write_prvkey): Delete keystring information from data object of NR_DO_KEYSTRING_PW3. + Fix conditions. + (gpg_do_keygen): Likewise. + + * src/openpgp.c (cmd_reset_user_password): Likewise. 2013-10-10 Niibe Yutaka diff --git a/src/ac.c b/src/ac.c index fdcb4e7..19bbfdf 100644 --- a/src/ac.c +++ b/src/ac.c @@ -109,8 +109,9 @@ verify_user_0 (uint8_t access, const uint8_t *pw, int buf_len, int pw_len_known, if (r1 < 0 || r2 < 0 || (r1 == 0 && r2 == 0 && ks_pw1 != NULL - && memcmp (KS_GET_KEYSTRING (ks_pw1), - keystring, KEYSTRING_MD_SIZE) != 0)) + && ((ks_pw1[0] & PW_LEN_KEYSTRING_BIT) == 0 + || memcmp (KS_GET_KEYSTRING (ks_pw1), + keystring, KEYSTRING_MD_SIZE) != 0))) { failure: gpg_pw_increment_err_counter (PW_ERR_PW1); @@ -182,7 +183,8 @@ verify_admin_00 (const uint8_t *pw, int buf_len, int pw_len_known, if (r1 < 0 || r2 < 0) return -1; else if (r1 == 0 && r2 == 0) - if (memcmp (KS_GET_KEYSTRING (ks), keystring, KEYSTRING_MD_SIZE) != 0) + if ((ks[0] & PW_LEN_KEYSTRING_BIT) == 0 + || memcmp (KS_GET_KEYSTRING (ks), keystring, KEYSTRING_MD_SIZE) != 0) return -1; return pw_len; diff --git a/src/openpgp-do.c b/src/openpgp-do.c index 3038799..167b09d 100644 --- a/src/openpgp-do.c +++ b/src/openpgp-do.c @@ -853,15 +853,11 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len, memcpy (pd->iv, iv, INITIAL_VECTOR_SIZE); memcpy (pd->checksum_encrypted, kdi.checksum, DATA_ENCRYPTION_KEY_SIZE); - if (ks_pw1) + if (ks_pw1 && ((ks_pw1_len = ks_pw1[0]) & PW_LEN_KEYSTRING_BIT)) { - ks_pw1_len = ks_pw1[0]; + ks_info0[0] = ks_pw1_len & PW_LEN_MASK; + memcpy (KS_GET_SALT (ks_info0), KS_GET_SALT (ks_pw1), SALT_SIZE); encrypt_dek (KS_GET_KEYSTRING (ks_pw1), pd->dek_encrypted_1); - if ((ks_pw1_len & PW_LEN_KEYSTRING_BIT)) - { - ks_info0[0] = ks_pw1_len & PW_LEN_MASK; - memcpy (KS_GET_SALT (ks_info0), KS_GET_SALT (ks_pw1), SALT_SIZE); - } } else { @@ -872,15 +868,11 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len, encrypt_dek (ks, pd->dek_encrypted_1); } - if (ks_rc) + if (ks_rc && ((ks_rc_len = ks_rc[0]) & PW_LEN_KEYSTRING_BIT)) { - ks_rc_len = ks_rc[0]; + ks_info1[0] = ks_rc_len & PW_LEN_MASK; + memcpy (KS_GET_SALT (ks_info1), KS_GET_SALT (ks_rc), SALT_SIZE); encrypt_dek (KS_GET_KEYSTRING (ks_rc), pd->dek_encrypted_2); - if ((ks_rc_len & PW_LEN_KEYSTRING_BIT)) - { - ks_info1[0] = ks_rc_len & PW_LEN_MASK; - memcpy (KS_GET_SALT (ks_info1), KS_GET_SALT (ks_rc), SALT_SIZE); - } } else memset (pd->dek_encrypted_2, 0, DATA_ENCRYPTION_KEY_SIZE); @@ -1742,15 +1734,21 @@ gpg_do_keygen (uint8_t kk_byte) /* GnuPG expects it's ready for signing. */ /* Don't call ac_reset_pso_cds here, but load the private key */ - if (ks_pw1) - ks = KS_GET_KEYSTRING (ks_pw1); - else + if (ks_pw1 == NULL) { const uint8_t * pw = (const uint8_t *)OPENPGP_CARD_INITIAL_PW1; s2k (NULL, 0, pw, strlen (OPENPGP_CARD_INITIAL_PW1), keystring); ks = keystring; } + else + if ((ks_pw1[0] & PW_LEN_KEYSTRING_BIT) != 0) + ks = KS_GET_KEYSTRING (ks_pw1); + else + { + GPG_ERROR (); + return; + } gpg_do_load_prvkey (GPG_KEY_FOR_SIGNING, BY_USER, ks); } diff --git a/src/openpgp.c b/src/openpgp.c index 06c603c..191f66c 100644 --- a/src/openpgp.c +++ b/src/openpgp.c @@ -526,7 +526,9 @@ cmd_reset_user_password (void) } else if (r == 0) { - if (memcmp (KS_GET_KEYSTRING (ks_rc), old_ks, KEYSTRING_MD_SIZE) != 0) + if ((ks_rc[0] & PW_LEN_KEYSTRING_BIT) == 0 + || memcmp (KS_GET_KEYSTRING (ks_rc), + old_ks, KEYSTRING_MD_SIZE) != 0) goto sec_fail; DEBUG_INFO ("done (no prvkey).\r\n"); new_ks0[0] |= PW_LEN_KEYSTRING_BIT;