deon/gnuk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

API rename for password counters

Browse Source
This commit is contained in:
NIIBE Yutaka
2011-05-10 09:29:08 +09:00
parent f58d639440
commit 6c5ee62d61
5 changed files with 42 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ChangeLog
View File

@@ -1,5 +1,13 @@
2011-05-10 NIIBE Yutaka <gniibe@fsij.org> 2011-05-10 NIIBE Yutaka <gniibe@fsij.org>
* src/openpgp-do.c (gpg_pw_locked): Rename from gpg_passwd_locked.
(gpg_pw_get_err_counter): Rename from gpg_get_pw_err_counter.
(gpg_pw_reset_err_counter): Rename from gpg_reset_pw_err_counter.
(gpg_pw_increment_err_counter): Rename from gpg_increment_err_counter.
* src/ac.c, src/openpgp.c, src/gnuk.h: Follow the change.
2011-05-09 NIIBE Yutaka <gniibe@fsij.org>
Bug fixes. Bug fixes.
* src/openpgp.c (cmd_reset_user_password, cmd_change_password) * src/openpgp.c (cmd_reset_user_password, cmd_change_password)
* src/openpgp-do.c (proc_resetting_code): Fix check of return value. * src/openpgp-do.c (proc_resetting_code): Fix check of return value.
@@ -9,7 +17,6 @@
Support verify_admin by PW1 when PW3 is empty. Support verify_admin by PW1 when PW3 is empty.
* src/ac.c (admin_authorized): New. * src/ac.c (admin_authorized): New.
(verify_admin_0): Set admin_authorized. (verify_admin_0): Set admin_authorized.
* src/openpgp-do.c (proc_resetting_code): Use admin_authorized. * src/openpgp-do.c (proc_resetting_code): Use admin_authorized.
(gpg_do_write_prvkey): Clear dek_encrypted_3 when keystring_admin (gpg_do_write_prvkey): Clear dek_encrypted_3 when keystring_admin
is NULL. is NULL.

12
src/ac.c
View File

@@ -75,11 +75,11 @@ verify_pso_cds (const uint8_t *pw, int pw_len)
sha1 (pw, pw_len, keystring+1); sha1 (pw, pw_len, keystring+1);
if ((r = gpg_do_load_prvkey (GPG_KEY_FOR_SIGNING, BY_USER, keystring+1)) < 0) if ((r = gpg_do_load_prvkey (GPG_KEY_FOR_SIGNING, BY_USER, keystring+1)) < 0)
{ {
gpg_increment_pw_err_counter (PW_ERR_PW1); gpg_pw_increment_err_counter (PW_ERR_PW1);
return r; return r;
} }
else else
gpg_reset_pw_err_counter (PW_ERR_PW1); gpg_pw_reset_err_counter (PW_ERR_PW1);
auth_status |= AC_PSO_CDS_AUTHORIZED; auth_status |= AC_PSO_CDS_AUTHORIZED;
return 1; return 1;
@@ -111,14 +111,14 @@ verify_other (const uint8_t *pw, int pw_len)
goto error; goto error;
/* Reset counter as it's success now */ /* Reset counter as it's success now */
gpg_reset_pw_err_counter (PW_ERR_PW1); gpg_pw_reset_err_counter (PW_ERR_PW1);
auth_status |= AC_OTHER_AUTHORIZED; auth_status |= AC_OTHER_AUTHORIZED;
return 1; return 1;
} }
else else
{ {
error: error:
gpg_increment_pw_err_counter (PW_ERR_PW1); gpg_pw_increment_err_counter (PW_ERR_PW1);
return 0; return 0;
} }
} }
@@ -191,14 +191,14 @@ verify_admin_0 (const uint8_t *pw, int buf_len, int pw_len_known)
if (memcmp (md, &pw3_keystring[1+8+1], KEYSTRING_MD_SIZE) != 0) if (memcmp (md, &pw3_keystring[1+8+1], KEYSTRING_MD_SIZE) != 0)
{ {
failure: failure:
gpg_increment_pw_err_counter (PW_ERR_PW3); gpg_pw_increment_err_counter (PW_ERR_PW3);
return -1; return -1;
} }
admin_authorized = BY_ADMIN; admin_authorized = BY_ADMIN;
success: success:
/* OK, the user is now authenticated */ /* OK, the user is now authenticated */
gpg_reset_pw_err_counter (PW_ERR_PW3); gpg_pw_reset_err_counter (PW_ERR_PW3);
return pw_len; return pw_len;
} }
else else

6
src/gnuk.h
View File

@@ -72,9 +72,9 @@ extern volatile uint8_t auth_status;
#define PW_ERR_PW1 0 #define PW_ERR_PW1 0
#define PW_ERR_RC 1 #define PW_ERR_RC 1
#define PW_ERR_PW3 2 #define PW_ERR_PW3 2
extern int gpg_passwd_locked (uint8_t which); extern int gpg_pw_locked (uint8_t which);
extern void gpg_reset_pw_err_counter (uint8_t which); extern void gpg_pw_reset_err_counter (uint8_t which);
extern void gpg_increment_pw_err_counter (uint8_t which); extern void gpg_pw_increment_err_counter (uint8_t which);
extern int ac_check_status (uint8_t ac_flag); extern int ac_check_status (uint8_t ac_flag);
extern int verify_pso_cds (const uint8_t *pw, int pw_len); extern int verify_pso_cds (const uint8_t *pw, int pw_len);

20
src/openpgp-do.c
View File

@@ -81,22 +81,22 @@ gpg_increment_digital_signature_counter (void)
static const uint8_t *pw_err_counter_p[3]; static const uint8_t *pw_err_counter_p[3];
static int static int
gpg_get_pw_err_counter (uint8_t which) gpg_pw_get_err_counter (uint8_t which)
{ {
return flash_cnt123_get_value (pw_err_counter_p[which]); return flash_cnt123_get_value (pw_err_counter_p[which]);
} }
int int
gpg_passwd_locked (uint8_t which) gpg_pw_locked (uint8_t which)
{ {
if (gpg_get_pw_err_counter (which) >= PASSWORD_ERRORS_MAX) if (gpg_pw_get_err_counter (which) >= PASSWORD_ERRORS_MAX)
return 1; return 1;
else else
return 0; return 0;
} }
void void
gpg_reset_pw_err_counter (uint8_t which) gpg_pw_reset_err_counter (uint8_t which)
{ {
flash_cnt123_clear (&pw_err_counter_p[which]); flash_cnt123_clear (&pw_err_counter_p[which]);
if (pw_err_counter_p[which] != NULL) if (pw_err_counter_p[which] != NULL)
@@ -104,7 +104,7 @@ gpg_reset_pw_err_counter (uint8_t which)
} }
void void
gpg_increment_pw_err_counter (uint8_t which) gpg_pw_increment_err_counter (uint8_t which)
{ {
flash_cnt123_increment (which, &pw_err_counter_p[which]); flash_cnt123_increment (which, &pw_err_counter_p[which]);
} }
@@ -502,9 +502,9 @@ rw_pw_status (uint16_t tag, int with_tag,
*res_p++ = PW_LEN_MAX; *res_p++ = PW_LEN_MAX;
*res_p++ = PW_LEN_MAX; *res_p++ = PW_LEN_MAX;
*res_p++ = PW_LEN_MAX; *res_p++ = PW_LEN_MAX;
*res_p++ = PASSWORD_ERRORS_MAX - gpg_get_pw_err_counter (PW_ERR_PW1); *res_p++ = PASSWORD_ERRORS_MAX - gpg_pw_get_err_counter (PW_ERR_PW1);
*res_p++ = PASSWORD_ERRORS_MAX - gpg_get_pw_err_counter (PW_ERR_RC); *res_p++ = PASSWORD_ERRORS_MAX - gpg_pw_get_err_counter (PW_ERR_RC);
*res_p++ = PASSWORD_ERRORS_MAX - gpg_get_pw_err_counter (PW_ERR_PW3); *res_p++ = PASSWORD_ERRORS_MAX - gpg_pw_get_err_counter (PW_ERR_PW3);
return 1; return 1;
} }
} }
@@ -526,7 +526,7 @@ proc_resetting_code (const uint8_t *data, int len)
sha1 (newpw, newpw_len, new_ks); sha1 (newpw, newpw_len, new_ks);
new_ks0[0] = newpw_len; new_ks0[0] = newpw_len;
r = gpg_change_keystring (admin_authorized, old_ks, BY_RESETCODE, new_ks); r = gpg_change_keystring (admin_authorized, old_ks, BY_RESETCODE, new_ks);
if (r < -2) if (r <= -2)
{ {
DEBUG_INFO ("memory error.\r\n"); DEBUG_INFO ("memory error.\r\n");
return 0; return 0;
@@ -547,7 +547,7 @@ proc_resetting_code (const uint8_t *data, int len)
gpg_do_write_simple (NR_DO_KEYSTRING_RC, new_ks0, 1); gpg_do_write_simple (NR_DO_KEYSTRING_RC, new_ks0, 1);
} }
gpg_reset_pw_err_counter (PW_ERR_RC); gpg_pw_reset_err_counter (PW_ERR_RC);
return 1; return 1;
} }

30
src/openpgp.c
View File

@@ -368,7 +368,7 @@ cmd_change_password (void)
gpg_do_write_simple (NR_DO_KEYSTRING_PW1, new_ks0, KEYSTRING_SIZE_PW1); gpg_do_write_simple (NR_DO_KEYSTRING_PW1, new_ks0, KEYSTRING_SIZE_PW1);
ac_reset_pso_cds (); ac_reset_pso_cds ();
ac_reset_other (); ac_reset_other ();
gpg_reset_pw_err_counter (PW_ERR_PW1); gpg_pw_reset_err_counter (PW_ERR_PW1);
DEBUG_INFO ("Changed DO_KEYSTRING_PW1.\r\n"); DEBUG_INFO ("Changed DO_KEYSTRING_PW1.\r\n");
GPG_SUCCESS (); GPG_SUCCESS ();
} }
@@ -377,7 +377,7 @@ cmd_change_password (void)
gpg_do_write_simple (NR_DO_KEYSTRING_PW1, new_ks0, 1); gpg_do_write_simple (NR_DO_KEYSTRING_PW1, new_ks0, 1);
ac_reset_pso_cds (); ac_reset_pso_cds ();
ac_reset_other (); ac_reset_other ();
gpg_reset_pw_err_counter (PW_ERR_PW1); gpg_pw_reset_err_counter (PW_ERR_PW1);
DEBUG_INFO ("Changed length of DO_KEYSTRING_PW1.\r\n"); DEBUG_INFO ("Changed length of DO_KEYSTRING_PW1.\r\n");
GPG_SUCCESS (); GPG_SUCCESS ();
} }
@@ -385,7 +385,7 @@ cmd_change_password (void)
{ {
DEBUG_INFO ("done.\r\n"); DEBUG_INFO ("done.\r\n");
ac_reset_admin (); ac_reset_admin ();
gpg_reset_pw_err_counter (PW_ERR_PW3); gpg_pw_reset_err_counter (PW_ERR_PW3);
GPG_SUCCESS (); GPG_SUCCESS ();
} }
} }
@@ -466,7 +466,7 @@ cmd_reset_user_password (void)
const uint8_t *ks_rc = gpg_do_read_simple (NR_DO_KEYSTRING_RC); const uint8_t *ks_rc = gpg_do_read_simple (NR_DO_KEYSTRING_RC);
uint8_t old_ks[KEYSTRING_MD_SIZE]; uint8_t old_ks[KEYSTRING_MD_SIZE];
if (gpg_passwd_locked (PW_ERR_RC)) if (gpg_pw_locked (PW_ERR_RC))
{ {
DEBUG_INFO ("blocked.\r\n"); DEBUG_INFO ("blocked.\r\n");
GPG_SECURITY_AUTH_BLOCKED (); GPG_SECURITY_AUTH_BLOCKED ();
@@ -496,7 +496,7 @@ cmd_reset_user_password (void)
{ {
sec_fail: sec_fail:
DEBUG_INFO ("failed.\r\n"); DEBUG_INFO ("failed.\r\n");
gpg_increment_pw_err_counter (PW_ERR_RC); gpg_pw_increment_err_counter (PW_ERR_RC);
GPG_SECURITY_FAILURE (); GPG_SECURITY_FAILURE ();
} }
else if (r == 0) else if (r == 0)
@@ -508,8 +508,8 @@ cmd_reset_user_password (void)
KEYSTRING_SIZE_PW1); KEYSTRING_SIZE_PW1);
ac_reset_pso_cds (); ac_reset_pso_cds ();
ac_reset_other (); ac_reset_other ();
gpg_reset_pw_err_counter (PW_ERR_RC); gpg_pw_reset_err_counter (PW_ERR_RC);
gpg_reset_pw_err_counter (PW_ERR_PW1); gpg_pw_reset_err_counter (PW_ERR_PW1);
GPG_SUCCESS (); GPG_SUCCESS ();
} }
else else
@@ -517,8 +517,8 @@ cmd_reset_user_password (void)
DEBUG_INFO ("done.\r\n"); DEBUG_INFO ("done.\r\n");
ac_reset_pso_cds (); ac_reset_pso_cds ();
ac_reset_other (); ac_reset_other ();
gpg_reset_pw_err_counter (PW_ERR_RC); gpg_pw_reset_err_counter (PW_ERR_RC);
gpg_reset_pw_err_counter (PW_ERR_PW1); gpg_pw_reset_err_counter (PW_ERR_PW1);
GPG_SUCCESS (); GPG_SUCCESS ();
} }
} }
@@ -555,7 +555,7 @@ cmd_reset_user_password (void)
KEYSTRING_SIZE_PW1); KEYSTRING_SIZE_PW1);
ac_reset_pso_cds (); ac_reset_pso_cds ();
ac_reset_other (); ac_reset_other ();
gpg_reset_pw_err_counter (PW_ERR_PW1); gpg_pw_reset_err_counter (PW_ERR_PW1);
GPG_SUCCESS (); GPG_SUCCESS ();
} }
else else
@@ -563,7 +563,7 @@ cmd_reset_user_password (void)
DEBUG_INFO ("done.\r\n"); DEBUG_INFO ("done.\r\n");
ac_reset_pso_cds (); ac_reset_pso_cds ();
ac_reset_other (); ac_reset_other ();
gpg_reset_pw_err_counter (PW_ERR_PW1); gpg_pw_reset_err_counter (PW_ERR_PW1);
GPG_SUCCESS (); GPG_SUCCESS ();
} }
} }
@@ -773,7 +773,7 @@ cmd_pso (void)
{ {
DEBUG_SHORT (len); DEBUG_SHORT (len);
if (gpg_passwd_locked (PW_ERR_PW1) if (gpg_pw_locked (PW_ERR_PW1)
|| !ac_check_status (AC_OTHER_AUTHORIZED)) || !ac_check_status (AC_OTHER_AUTHORIZED))
{ {
DEBUG_INFO ("security error."); DEBUG_INFO ("security error.");
@@ -820,7 +820,7 @@ cmd_internal_authenticate (void)
{ {
DEBUG_SHORT (len); DEBUG_SHORT (len);
if (gpg_passwd_locked (PW_ERR_PW1) if (gpg_pw_locked (PW_ERR_PW1)
|| !ac_check_status (AC_OTHER_AUTHORIZED)) || !ac_check_status (AC_OTHER_AUTHORIZED))
{ {
DEBUG_INFO ("security error."); DEBUG_INFO ("security error.");
@@ -862,7 +862,7 @@ cmd_update_binary (void)
DEBUG_INFO (" - UPDATE BINARY\r\n"); DEBUG_INFO (" - UPDATE BINARY\r\n");
if (gpg_passwd_locked (PW_ERR_PW3) || !ac_check_status (AC_ADMIN_AUTHORIZED)) if (gpg_pw_locked (PW_ERR_PW3) || !ac_check_status (AC_ADMIN_AUTHORIZED))
{ {
DEBUG_INFO ("security error."); DEBUG_INFO ("security error.");
GPG_SECURITY_FAILURE (); GPG_SECURITY_FAILURE ();
@@ -933,7 +933,7 @@ cmd_write_binary (void)
DEBUG_INFO (" - WRITE BINARY\r\n"); DEBUG_INFO (" - WRITE BINARY\r\n");
if (gpg_passwd_locked (PW_ERR_PW3) || !ac_check_status (AC_ADMIN_AUTHORIZED)) if (gpg_pw_locked (PW_ERR_PW3) || !ac_check_status (AC_ADMIN_AUTHORIZED))
{ {
DEBUG_INFO ("security error."); DEBUG_INFO ("security error.");
GPG_SECURITY_FAILURE (); GPG_SECURITY_FAILURE ();