API rename for password counters
This commit is contained in:
NIIBE Yutaka
@@ -1,5 +1,13 @@
|
||||
2011-05-10 NIIBE Yutaka <gniibe@fsij.org>
|
||||
|
||||
* src/openpgp-do.c (gpg_pw_locked): Rename from gpg_passwd_locked.
|
||||
(gpg_pw_get_err_counter): Rename from gpg_get_pw_err_counter.
|
||||
(gpg_pw_reset_err_counter): Rename from gpg_reset_pw_err_counter.
|
||||
(gpg_pw_increment_err_counter): Rename from gpg_increment_err_counter.
|
||||
* src/ac.c, src/openpgp.c, src/gnuk.h: Follow the change.
|
||||
|
||||
2011-05-09 NIIBE Yutaka <gniibe@fsij.org>
|
||||
|
||||
Bug fixes.
|
||||
* src/openpgp.c (cmd_reset_user_password, cmd_change_password)
|
||||
* src/openpgp-do.c (proc_resetting_code): Fix check of return value.
|
||||
@@ -9,7 +17,6 @@
|
||||
Support verify_admin by PW1 when PW3 is empty.
|
||||
* src/ac.c (admin_authorized): New.
|
||||
(verify_admin_0): Set admin_authorized.
|
||||
|
||||
* src/openpgp-do.c (proc_resetting_code): Use admin_authorized.
|
||||
(gpg_do_write_prvkey): Clear dek_encrypted_3 when keystring_admin
|
||||
is NULL.
|
||||
|
||||
12
src/ac.c
12
src/ac.c
@@ -75,11 +75,11 @@ verify_pso_cds (const uint8_t *pw, int pw_len)
|
||||
sha1 (pw, pw_len, keystring+1);
|
||||
if ((r = gpg_do_load_prvkey (GPG_KEY_FOR_SIGNING, BY_USER, keystring+1)) < 0)
|
||||
{
|
||||
gpg_increment_pw_err_counter (PW_ERR_PW1);
|
||||
gpg_pw_increment_err_counter (PW_ERR_PW1);
|
||||
return r;
|
||||
}
|
||||
else
|
||||
gpg_reset_pw_err_counter (PW_ERR_PW1);
|
||||
gpg_pw_reset_err_counter (PW_ERR_PW1);
|
||||
|
||||
auth_status |= AC_PSO_CDS_AUTHORIZED;
|
||||
return 1;
|
||||
@@ -111,14 +111,14 @@ verify_other (const uint8_t *pw, int pw_len)
|
||||
goto error;
|
||||
|
||||
/* Reset counter as it's success now */
|
||||
gpg_reset_pw_err_counter (PW_ERR_PW1);
|
||||
gpg_pw_reset_err_counter (PW_ERR_PW1);
|
||||
auth_status |= AC_OTHER_AUTHORIZED;
|
||||
return 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
error:
|
||||
gpg_increment_pw_err_counter (PW_ERR_PW1);
|
||||
gpg_pw_increment_err_counter (PW_ERR_PW1);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
@@ -191,14 +191,14 @@ verify_admin_0 (const uint8_t *pw, int buf_len, int pw_len_known)
|
||||
if (memcmp (md, &pw3_keystring[1+8+1], KEYSTRING_MD_SIZE) != 0)
|
||||
{
|
||||
failure:
|
||||
gpg_increment_pw_err_counter (PW_ERR_PW3);
|
||||
gpg_pw_increment_err_counter (PW_ERR_PW3);
|
||||
return -1;
|
||||
}
|
||||
|
||||
admin_authorized = BY_ADMIN;
|
||||
success:
|
||||
/* OK, the user is now authenticated */
|
||||
gpg_reset_pw_err_counter (PW_ERR_PW3);
|
||||
gpg_pw_reset_err_counter (PW_ERR_PW3);
|
||||
return pw_len;
|
||||
}
|
||||
else
|
||||
|
||||
@@ -72,9 +72,9 @@ extern volatile uint8_t auth_status;
|
||||
#define PW_ERR_PW1 0
|
||||
#define PW_ERR_RC 1
|
||||
#define PW_ERR_PW3 2
|
||||
extern int gpg_passwd_locked (uint8_t which);
|
||||
extern void gpg_reset_pw_err_counter (uint8_t which);
|
||||
extern void gpg_increment_pw_err_counter (uint8_t which);
|
||||
extern int gpg_pw_locked (uint8_t which);
|
||||
extern void gpg_pw_reset_err_counter (uint8_t which);
|
||||
extern void gpg_pw_increment_err_counter (uint8_t which);
|
||||
|
||||
extern int ac_check_status (uint8_t ac_flag);
|
||||
extern int verify_pso_cds (const uint8_t *pw, int pw_len);
|
||||
|
||||
@@ -81,22 +81,22 @@ gpg_increment_digital_signature_counter (void)
|
||||
static const uint8_t *pw_err_counter_p[3];
|
||||
|
||||
static int
|
||||
gpg_get_pw_err_counter (uint8_t which)
|
||||
gpg_pw_get_err_counter (uint8_t which)
|
||||
{
|
||||
return flash_cnt123_get_value (pw_err_counter_p[which]);
|
||||
}
|
||||
|
||||
int
|
||||
gpg_passwd_locked (uint8_t which)
|
||||
gpg_pw_locked (uint8_t which)
|
||||
{
|
||||
if (gpg_get_pw_err_counter (which) >= PASSWORD_ERRORS_MAX)
|
||||
if (gpg_pw_get_err_counter (which) >= PASSWORD_ERRORS_MAX)
|
||||
return 1;
|
||||
else
|
||||
return 0;
|
||||
}
|
||||
|
||||
void
|
||||
gpg_reset_pw_err_counter (uint8_t which)
|
||||
gpg_pw_reset_err_counter (uint8_t which)
|
||||
{
|
||||
flash_cnt123_clear (&pw_err_counter_p[which]);
|
||||
if (pw_err_counter_p[which] != NULL)
|
||||
@@ -104,7 +104,7 @@ gpg_reset_pw_err_counter (uint8_t which)
|
||||
}
|
||||
|
||||
void
|
||||
gpg_increment_pw_err_counter (uint8_t which)
|
||||
gpg_pw_increment_err_counter (uint8_t which)
|
||||
{
|
||||
flash_cnt123_increment (which, &pw_err_counter_p[which]);
|
||||
}
|
||||
@@ -502,9 +502,9 @@ rw_pw_status (uint16_t tag, int with_tag,
|
||||
*res_p++ = PW_LEN_MAX;
|
||||
*res_p++ = PW_LEN_MAX;
|
||||
*res_p++ = PW_LEN_MAX;
|
||||
*res_p++ = PASSWORD_ERRORS_MAX - gpg_get_pw_err_counter (PW_ERR_PW1);
|
||||
*res_p++ = PASSWORD_ERRORS_MAX - gpg_get_pw_err_counter (PW_ERR_RC);
|
||||
*res_p++ = PASSWORD_ERRORS_MAX - gpg_get_pw_err_counter (PW_ERR_PW3);
|
||||
*res_p++ = PASSWORD_ERRORS_MAX - gpg_pw_get_err_counter (PW_ERR_PW1);
|
||||
*res_p++ = PASSWORD_ERRORS_MAX - gpg_pw_get_err_counter (PW_ERR_RC);
|
||||
*res_p++ = PASSWORD_ERRORS_MAX - gpg_pw_get_err_counter (PW_ERR_PW3);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
@@ -526,7 +526,7 @@ proc_resetting_code (const uint8_t *data, int len)
|
||||
sha1 (newpw, newpw_len, new_ks);
|
||||
new_ks0[0] = newpw_len;
|
||||
r = gpg_change_keystring (admin_authorized, old_ks, BY_RESETCODE, new_ks);
|
||||
if (r < -2)
|
||||
if (r <= -2)
|
||||
{
|
||||
DEBUG_INFO ("memory error.\r\n");
|
||||
return 0;
|
||||
@@ -547,7 +547,7 @@ proc_resetting_code (const uint8_t *data, int len)
|
||||
gpg_do_write_simple (NR_DO_KEYSTRING_RC, new_ks0, 1);
|
||||
}
|
||||
|
||||
gpg_reset_pw_err_counter (PW_ERR_RC);
|
||||
gpg_pw_reset_err_counter (PW_ERR_RC);
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
@@ -368,7 +368,7 @@ cmd_change_password (void)
|
||||
gpg_do_write_simple (NR_DO_KEYSTRING_PW1, new_ks0, KEYSTRING_SIZE_PW1);
|
||||
ac_reset_pso_cds ();
|
||||
ac_reset_other ();
|
||||
gpg_reset_pw_err_counter (PW_ERR_PW1);
|
||||
gpg_pw_reset_err_counter (PW_ERR_PW1);
|
||||
DEBUG_INFO ("Changed DO_KEYSTRING_PW1.\r\n");
|
||||
GPG_SUCCESS ();
|
||||
}
|
||||
@@ -377,7 +377,7 @@ cmd_change_password (void)
|
||||
gpg_do_write_simple (NR_DO_KEYSTRING_PW1, new_ks0, 1);
|
||||
ac_reset_pso_cds ();
|
||||
ac_reset_other ();
|
||||
gpg_reset_pw_err_counter (PW_ERR_PW1);
|
||||
gpg_pw_reset_err_counter (PW_ERR_PW1);
|
||||
DEBUG_INFO ("Changed length of DO_KEYSTRING_PW1.\r\n");
|
||||
GPG_SUCCESS ();
|
||||
}
|
||||
@@ -385,7 +385,7 @@ cmd_change_password (void)
|
||||
{
|
||||
DEBUG_INFO ("done.\r\n");
|
||||
ac_reset_admin ();
|
||||
gpg_reset_pw_err_counter (PW_ERR_PW3);
|
||||
gpg_pw_reset_err_counter (PW_ERR_PW3);
|
||||
GPG_SUCCESS ();
|
||||
}
|
||||
}
|
||||
@@ -466,7 +466,7 @@ cmd_reset_user_password (void)
|
||||
const uint8_t *ks_rc = gpg_do_read_simple (NR_DO_KEYSTRING_RC);
|
||||
uint8_t old_ks[KEYSTRING_MD_SIZE];
|
||||
|
||||
if (gpg_passwd_locked (PW_ERR_RC))
|
||||
if (gpg_pw_locked (PW_ERR_RC))
|
||||
{
|
||||
DEBUG_INFO ("blocked.\r\n");
|
||||
GPG_SECURITY_AUTH_BLOCKED ();
|
||||
@@ -496,7 +496,7 @@ cmd_reset_user_password (void)
|
||||
{
|
||||
sec_fail:
|
||||
DEBUG_INFO ("failed.\r\n");
|
||||
gpg_increment_pw_err_counter (PW_ERR_RC);
|
||||
gpg_pw_increment_err_counter (PW_ERR_RC);
|
||||
GPG_SECURITY_FAILURE ();
|
||||
}
|
||||
else if (r == 0)
|
||||
@@ -508,8 +508,8 @@ cmd_reset_user_password (void)
|
||||
KEYSTRING_SIZE_PW1);
|
||||
ac_reset_pso_cds ();
|
||||
ac_reset_other ();
|
||||
gpg_reset_pw_err_counter (PW_ERR_RC);
|
||||
gpg_reset_pw_err_counter (PW_ERR_PW1);
|
||||
gpg_pw_reset_err_counter (PW_ERR_RC);
|
||||
gpg_pw_reset_err_counter (PW_ERR_PW1);
|
||||
GPG_SUCCESS ();
|
||||
}
|
||||
else
|
||||
@@ -517,8 +517,8 @@ cmd_reset_user_password (void)
|
||||
DEBUG_INFO ("done.\r\n");
|
||||
ac_reset_pso_cds ();
|
||||
ac_reset_other ();
|
||||
gpg_reset_pw_err_counter (PW_ERR_RC);
|
||||
gpg_reset_pw_err_counter (PW_ERR_PW1);
|
||||
gpg_pw_reset_err_counter (PW_ERR_RC);
|
||||
gpg_pw_reset_err_counter (PW_ERR_PW1);
|
||||
GPG_SUCCESS ();
|
||||
}
|
||||
}
|
||||
@@ -555,7 +555,7 @@ cmd_reset_user_password (void)
|
||||
KEYSTRING_SIZE_PW1);
|
||||
ac_reset_pso_cds ();
|
||||
ac_reset_other ();
|
||||
gpg_reset_pw_err_counter (PW_ERR_PW1);
|
||||
gpg_pw_reset_err_counter (PW_ERR_PW1);
|
||||
GPG_SUCCESS ();
|
||||
}
|
||||
else
|
||||
@@ -563,7 +563,7 @@ cmd_reset_user_password (void)
|
||||
DEBUG_INFO ("done.\r\n");
|
||||
ac_reset_pso_cds ();
|
||||
ac_reset_other ();
|
||||
gpg_reset_pw_err_counter (PW_ERR_PW1);
|
||||
gpg_pw_reset_err_counter (PW_ERR_PW1);
|
||||
GPG_SUCCESS ();
|
||||
}
|
||||
}
|
||||
@@ -773,7 +773,7 @@ cmd_pso (void)
|
||||
{
|
||||
DEBUG_SHORT (len);
|
||||
|
||||
if (gpg_passwd_locked (PW_ERR_PW1)
|
||||
if (gpg_pw_locked (PW_ERR_PW1)
|
||||
|| !ac_check_status (AC_OTHER_AUTHORIZED))
|
||||
{
|
||||
DEBUG_INFO ("security error.");
|
||||
@@ -820,7 +820,7 @@ cmd_internal_authenticate (void)
|
||||
{
|
||||
DEBUG_SHORT (len);
|
||||
|
||||
if (gpg_passwd_locked (PW_ERR_PW1)
|
||||
if (gpg_pw_locked (PW_ERR_PW1)
|
||||
|| !ac_check_status (AC_OTHER_AUTHORIZED))
|
||||
{
|
||||
DEBUG_INFO ("security error.");
|
||||
@@ -862,7 +862,7 @@ cmd_update_binary (void)
|
||||
|
||||
DEBUG_INFO (" - UPDATE BINARY\r\n");
|
||||
|
||||
if (gpg_passwd_locked (PW_ERR_PW3) || !ac_check_status (AC_ADMIN_AUTHORIZED))
|
||||
if (gpg_pw_locked (PW_ERR_PW3) || !ac_check_status (AC_ADMIN_AUTHORIZED))
|
||||
{
|
||||
DEBUG_INFO ("security error.");
|
||||
GPG_SECURITY_FAILURE ();
|
||||
@@ -933,7 +933,7 @@ cmd_write_binary (void)
|
||||
|
||||
DEBUG_INFO (" - WRITE BINARY\r\n");
|
||||
|
||||
if (gpg_passwd_locked (PW_ERR_PW3) || !ac_check_status (AC_ADMIN_AUTHORIZED))
|
||||
if (gpg_pw_locked (PW_ERR_PW3) || !ac_check_status (AC_ADMIN_AUTHORIZED))
|
||||
{
|
||||
DEBUG_INFO ("security error.");
|
||||
GPG_SECURITY_FAILURE ();
|
||||
|
||||
Reference in New Issue
Block a user