diff --git a/ChangeLog b/ChangeLog index aa29f5c..d26d099 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,13 @@ 2011-05-10 NIIBE Yutaka + * src/openpgp-do.c (gpg_pw_locked): Rename from gpg_passwd_locked. + (gpg_pw_get_err_counter): Rename from gpg_get_pw_err_counter. + (gpg_pw_reset_err_counter): Rename from gpg_reset_pw_err_counter. + (gpg_pw_increment_err_counter): Rename from gpg_increment_err_counter. + * src/ac.c, src/openpgp.c, src/gnuk.h: Follow the change. + +2011-05-09 NIIBE Yutaka + Bug fixes. * src/openpgp.c (cmd_reset_user_password, cmd_change_password) * src/openpgp-do.c (proc_resetting_code): Fix check of return value. @@ -9,7 +17,6 @@ Support verify_admin by PW1 when PW3 is empty. * src/ac.c (admin_authorized): New. (verify_admin_0): Set admin_authorized. - * src/openpgp-do.c (proc_resetting_code): Use admin_authorized. (gpg_do_write_prvkey): Clear dek_encrypted_3 when keystring_admin is NULL. diff --git a/src/ac.c b/src/ac.c index bb2cae2..6423c68 100644 --- a/src/ac.c +++ b/src/ac.c @@ -75,11 +75,11 @@ verify_pso_cds (const uint8_t *pw, int pw_len) sha1 (pw, pw_len, keystring+1); if ((r = gpg_do_load_prvkey (GPG_KEY_FOR_SIGNING, BY_USER, keystring+1)) < 0) { - gpg_increment_pw_err_counter (PW_ERR_PW1); + gpg_pw_increment_err_counter (PW_ERR_PW1); return r; } else - gpg_reset_pw_err_counter (PW_ERR_PW1); + gpg_pw_reset_err_counter (PW_ERR_PW1); auth_status |= AC_PSO_CDS_AUTHORIZED; return 1; @@ -111,14 +111,14 @@ verify_other (const uint8_t *pw, int pw_len) goto error; /* Reset counter as it's success now */ - gpg_reset_pw_err_counter (PW_ERR_PW1); + gpg_pw_reset_err_counter (PW_ERR_PW1); auth_status |= AC_OTHER_AUTHORIZED; return 1; } else { error: - gpg_increment_pw_err_counter (PW_ERR_PW1); + gpg_pw_increment_err_counter (PW_ERR_PW1); return 0; } } @@ -191,14 +191,14 @@ verify_admin_0 (const uint8_t *pw, int buf_len, int pw_len_known) if (memcmp (md, &pw3_keystring[1+8+1], KEYSTRING_MD_SIZE) != 0) { failure: - gpg_increment_pw_err_counter (PW_ERR_PW3); + gpg_pw_increment_err_counter (PW_ERR_PW3); return -1; } admin_authorized = BY_ADMIN; success: /* OK, the user is now authenticated */ - gpg_reset_pw_err_counter (PW_ERR_PW3); + gpg_pw_reset_err_counter (PW_ERR_PW3); return pw_len; } else diff --git a/src/gnuk.h b/src/gnuk.h index fdf2681..ee3766d 100644 --- a/src/gnuk.h +++ b/src/gnuk.h @@ -72,9 +72,9 @@ extern volatile uint8_t auth_status; #define PW_ERR_PW1 0 #define PW_ERR_RC 1 #define PW_ERR_PW3 2 -extern int gpg_passwd_locked (uint8_t which); -extern void gpg_reset_pw_err_counter (uint8_t which); -extern void gpg_increment_pw_err_counter (uint8_t which); +extern int gpg_pw_locked (uint8_t which); +extern void gpg_pw_reset_err_counter (uint8_t which); +extern void gpg_pw_increment_err_counter (uint8_t which); extern int ac_check_status (uint8_t ac_flag); extern int verify_pso_cds (const uint8_t *pw, int pw_len); diff --git a/src/openpgp-do.c b/src/openpgp-do.c index 161e92b..ae69662 100644 --- a/src/openpgp-do.c +++ b/src/openpgp-do.c @@ -81,22 +81,22 @@ gpg_increment_digital_signature_counter (void) static const uint8_t *pw_err_counter_p[3]; static int -gpg_get_pw_err_counter (uint8_t which) +gpg_pw_get_err_counter (uint8_t which) { return flash_cnt123_get_value (pw_err_counter_p[which]); } int -gpg_passwd_locked (uint8_t which) +gpg_pw_locked (uint8_t which) { - if (gpg_get_pw_err_counter (which) >= PASSWORD_ERRORS_MAX) + if (gpg_pw_get_err_counter (which) >= PASSWORD_ERRORS_MAX) return 1; else return 0; } void -gpg_reset_pw_err_counter (uint8_t which) +gpg_pw_reset_err_counter (uint8_t which) { flash_cnt123_clear (&pw_err_counter_p[which]); if (pw_err_counter_p[which] != NULL) @@ -104,7 +104,7 @@ gpg_reset_pw_err_counter (uint8_t which) } void -gpg_increment_pw_err_counter (uint8_t which) +gpg_pw_increment_err_counter (uint8_t which) { flash_cnt123_increment (which, &pw_err_counter_p[which]); } @@ -502,9 +502,9 @@ rw_pw_status (uint16_t tag, int with_tag, *res_p++ = PW_LEN_MAX; *res_p++ = PW_LEN_MAX; *res_p++ = PW_LEN_MAX; - *res_p++ = PASSWORD_ERRORS_MAX - gpg_get_pw_err_counter (PW_ERR_PW1); - *res_p++ = PASSWORD_ERRORS_MAX - gpg_get_pw_err_counter (PW_ERR_RC); - *res_p++ = PASSWORD_ERRORS_MAX - gpg_get_pw_err_counter (PW_ERR_PW3); + *res_p++ = PASSWORD_ERRORS_MAX - gpg_pw_get_err_counter (PW_ERR_PW1); + *res_p++ = PASSWORD_ERRORS_MAX - gpg_pw_get_err_counter (PW_ERR_RC); + *res_p++ = PASSWORD_ERRORS_MAX - gpg_pw_get_err_counter (PW_ERR_PW3); return 1; } } @@ -526,7 +526,7 @@ proc_resetting_code (const uint8_t *data, int len) sha1 (newpw, newpw_len, new_ks); new_ks0[0] = newpw_len; r = gpg_change_keystring (admin_authorized, old_ks, BY_RESETCODE, new_ks); - if (r < -2) + if (r <= -2) { DEBUG_INFO ("memory error.\r\n"); return 0; @@ -547,7 +547,7 @@ proc_resetting_code (const uint8_t *data, int len) gpg_do_write_simple (NR_DO_KEYSTRING_RC, new_ks0, 1); } - gpg_reset_pw_err_counter (PW_ERR_RC); + gpg_pw_reset_err_counter (PW_ERR_RC); return 1; } diff --git a/src/openpgp.c b/src/openpgp.c index 16302df..0d45d5d 100644 --- a/src/openpgp.c +++ b/src/openpgp.c @@ -368,7 +368,7 @@ cmd_change_password (void) gpg_do_write_simple (NR_DO_KEYSTRING_PW1, new_ks0, KEYSTRING_SIZE_PW1); ac_reset_pso_cds (); ac_reset_other (); - gpg_reset_pw_err_counter (PW_ERR_PW1); + gpg_pw_reset_err_counter (PW_ERR_PW1); DEBUG_INFO ("Changed DO_KEYSTRING_PW1.\r\n"); GPG_SUCCESS (); } @@ -377,7 +377,7 @@ cmd_change_password (void) gpg_do_write_simple (NR_DO_KEYSTRING_PW1, new_ks0, 1); ac_reset_pso_cds (); ac_reset_other (); - gpg_reset_pw_err_counter (PW_ERR_PW1); + gpg_pw_reset_err_counter (PW_ERR_PW1); DEBUG_INFO ("Changed length of DO_KEYSTRING_PW1.\r\n"); GPG_SUCCESS (); } @@ -385,7 +385,7 @@ cmd_change_password (void) { DEBUG_INFO ("done.\r\n"); ac_reset_admin (); - gpg_reset_pw_err_counter (PW_ERR_PW3); + gpg_pw_reset_err_counter (PW_ERR_PW3); GPG_SUCCESS (); } } @@ -466,7 +466,7 @@ cmd_reset_user_password (void) const uint8_t *ks_rc = gpg_do_read_simple (NR_DO_KEYSTRING_RC); uint8_t old_ks[KEYSTRING_MD_SIZE]; - if (gpg_passwd_locked (PW_ERR_RC)) + if (gpg_pw_locked (PW_ERR_RC)) { DEBUG_INFO ("blocked.\r\n"); GPG_SECURITY_AUTH_BLOCKED (); @@ -496,7 +496,7 @@ cmd_reset_user_password (void) { sec_fail: DEBUG_INFO ("failed.\r\n"); - gpg_increment_pw_err_counter (PW_ERR_RC); + gpg_pw_increment_err_counter (PW_ERR_RC); GPG_SECURITY_FAILURE (); } else if (r == 0) @@ -508,8 +508,8 @@ cmd_reset_user_password (void) KEYSTRING_SIZE_PW1); ac_reset_pso_cds (); ac_reset_other (); - gpg_reset_pw_err_counter (PW_ERR_RC); - gpg_reset_pw_err_counter (PW_ERR_PW1); + gpg_pw_reset_err_counter (PW_ERR_RC); + gpg_pw_reset_err_counter (PW_ERR_PW1); GPG_SUCCESS (); } else @@ -517,8 +517,8 @@ cmd_reset_user_password (void) DEBUG_INFO ("done.\r\n"); ac_reset_pso_cds (); ac_reset_other (); - gpg_reset_pw_err_counter (PW_ERR_RC); - gpg_reset_pw_err_counter (PW_ERR_PW1); + gpg_pw_reset_err_counter (PW_ERR_RC); + gpg_pw_reset_err_counter (PW_ERR_PW1); GPG_SUCCESS (); } } @@ -555,7 +555,7 @@ cmd_reset_user_password (void) KEYSTRING_SIZE_PW1); ac_reset_pso_cds (); ac_reset_other (); - gpg_reset_pw_err_counter (PW_ERR_PW1); + gpg_pw_reset_err_counter (PW_ERR_PW1); GPG_SUCCESS (); } else @@ -563,7 +563,7 @@ cmd_reset_user_password (void) DEBUG_INFO ("done.\r\n"); ac_reset_pso_cds (); ac_reset_other (); - gpg_reset_pw_err_counter (PW_ERR_PW1); + gpg_pw_reset_err_counter (PW_ERR_PW1); GPG_SUCCESS (); } } @@ -773,7 +773,7 @@ cmd_pso (void) { DEBUG_SHORT (len); - if (gpg_passwd_locked (PW_ERR_PW1) + if (gpg_pw_locked (PW_ERR_PW1) || !ac_check_status (AC_OTHER_AUTHORIZED)) { DEBUG_INFO ("security error."); @@ -820,7 +820,7 @@ cmd_internal_authenticate (void) { DEBUG_SHORT (len); - if (gpg_passwd_locked (PW_ERR_PW1) + if (gpg_pw_locked (PW_ERR_PW1) || !ac_check_status (AC_OTHER_AUTHORIZED)) { DEBUG_INFO ("security error."); @@ -862,7 +862,7 @@ cmd_update_binary (void) DEBUG_INFO (" - UPDATE BINARY\r\n"); - if (gpg_passwd_locked (PW_ERR_PW3) || !ac_check_status (AC_ADMIN_AUTHORIZED)) + if (gpg_pw_locked (PW_ERR_PW3) || !ac_check_status (AC_ADMIN_AUTHORIZED)) { DEBUG_INFO ("security error."); GPG_SECURITY_FAILURE (); @@ -933,7 +933,7 @@ cmd_write_binary (void) DEBUG_INFO (" - WRITE BINARY\r\n"); - if (gpg_passwd_locked (PW_ERR_PW3) || !ac_check_status (AC_ADMIN_AUTHORIZED)) + if (gpg_pw_locked (PW_ERR_PW3) || !ac_check_status (AC_ADMIN_AUTHORIZED)) { DEBUG_INFO ("security error."); GPG_SECURITY_FAILURE ();