From 6d8580f67ace00416d735085a0d9e8a7d0094fa2 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Sat, 30 Jun 2012 07:49:40 +0900 Subject: [PATCH] s2k --- ChangeLog | 10 ++++++++++ NEWS | 4 ++++ src/ac.c | 6 +++--- src/gnuk.h | 4 ++-- src/openpgp-do.c | 11 +++++------ src/openpgp.c | 24 +++++++++++++++--------- 6 files changed, 39 insertions(+), 20 deletions(-) diff --git a/ChangeLog b/ChangeLog index 44b4d81..7764e85 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2012-06-30 Niibe Yutaka + + * src/openpgp.c (s2k): New. + (resetcode_s2k): Remove. + (cmd_reset_user_password, cmd_change_password): Use s2k (was: + sha256 directly or resetcode_s2k). + * src/openpgp-do.c (proc_resetting_code, gpg_do_write_prvkey): + Likewise. + * src/ac.c (verify_user_0, verify_admin): Likewise. + 2012-06-29 Niibe Yutaka * regnual/Makefile: Don't copy usb_lld.c. diff --git a/NEWS b/NEWS index 634a054..f175335 100644 --- a/NEWS +++ b/NEWS @@ -13,6 +13,10 @@ This tool is SWD flash ROM writer with ST-Link/V2. This tool is to dump USB strings, which include revision detail and config options. +** Protection improvement (even when internal data is disclosed) +Even if PW1 and PW3 is same, content of encrypted DEK is different +now. + * Major changes in Gnuk 0.20 diff --git a/src/ac.c b/src/ac.c index 2e530a0..715f027 100644 --- a/src/ac.c +++ b/src/ac.c @@ -1,7 +1,7 @@ /* * ac.c -- Check access condition * - * Copyright (C) 2010 Free Software Initiative of Japan + * Copyright (C) 2010, 2012 Free Software Initiative of Japan * Author: NIIBE Yutaka * * This file is a part of Gnuk, a GnuPG USB Token implementation. @@ -87,7 +87,7 @@ verify_user_0 (uint8_t access, const uint8_t *pw, int buf_len, int pw_len_known, } success_one_step: - sha256 (pw, pw_len, keystring); + s2k (BY_USER, pw, pw_len, keystring); if (access == AC_PSO_CDS_AUTHORIZED) { r1 = gpg_do_load_prvkey (GPG_KEY_FOR_SIGNING, BY_USER, keystring); @@ -280,7 +280,7 @@ verify_admin (const uint8_t *pw, int pw_len) if (r <= 0) return r; - sha256 (pw, pw_len, keystring_md_pw3); + s2k (BY_ADMIN, pw, pw_len, keystring_md_pw3); auth_status |= AC_ADMIN_AUTHORIZED; return 1; } diff --git a/src/gnuk.h b/src/gnuk.h index 8b33400..4c2fb3b 100644 --- a/src/gnuk.h +++ b/src/gnuk.h @@ -194,8 +194,8 @@ struct prvkey_data { #define BY_RESETCODE 2 #define BY_ADMIN 3 -extern void resetcode_s2k (const unsigned char *input, unsigned int ilen, - unsigned char output[32]); +extern void s2k (int who, const unsigned char *input, unsigned int ilen, + unsigned char output[32]); #define KEYSTRING_PASSLEN_SIZE 1 diff --git a/src/openpgp-do.c b/src/openpgp-do.c index ed5dd6a..4299048 100644 --- a/src/openpgp-do.c +++ b/src/openpgp-do.c @@ -28,7 +28,6 @@ #include "sys.h" #include "gnuk.h" #include "openpgp.h" -#include "sha256.h" #include "polarssl/config.h" #include "polarssl/aes.h" @@ -543,7 +542,7 @@ proc_resetting_code (const uint8_t *data, int len) newpw_len = len; newpw = data; - resetcode_s2k (newpw, newpw_len, new_ks); + s2k (BY_RESETCODE, newpw, newpw_len, new_ks); new_ks0[0] = newpw_len; r = gpg_change_keystring (admin_authorized, old_ks, BY_RESETCODE, new_ks); if (r <= -2) @@ -809,8 +808,8 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len, uint8_t ks123_pw1[KEYSTRING_SIZE_PW1]; ks123_pw1[0] = strlen (OPENPGP_CARD_INITIAL_PW1); - sha256 ((uint8_t *)OPENPGP_CARD_INITIAL_PW1, - strlen (OPENPGP_CARD_INITIAL_PW1), ks123_pw1+1); + s2k (BY_USER, (uint8_t *)OPENPGP_CARD_INITIAL_PW1, + strlen (OPENPGP_CARD_INITIAL_PW1), ks123_pw1+1); encrypt_dek (ks123_pw1+1, pd->dek_encrypted_1); } @@ -1297,8 +1296,8 @@ copy_do (const struct do_table_entry *do_p, int with_tag) } case DO_PROC_READWRITE: { - int (*rw_func)(uint16_t, int, uint8_t *, int, int) - = (int (*)(uint16_t, int, uint8_t *, int, int))do_p->obj; + int (*rw_func)(uint16_t, int, const uint8_t *, int, int) + = (int (*)(uint16_t, int, const uint8_t *, int, int))do_p->obj; return rw_func (do_p->tag, with_tag, NULL, 0, 0); } diff --git a/src/openpgp.c b/src/openpgp.c index 7636518..d080deb 100644 --- a/src/openpgp.c +++ b/src/openpgp.c @@ -295,8 +295,8 @@ cmd_change_password (void) } } - sha256 (pw, pw_len, old_ks); - sha256 (newpw, newpw_len, new_ks); + s2k (who_old, pw, pw_len, old_ks); + s2k (who, newpw, newpw_len, new_ks); new_ks0[0] = newpw_len; r = gpg_change_keystring (who_old, old_ks, who, new_ks); @@ -335,18 +335,24 @@ cmd_change_password (void) } +#define USER_S2K_MAGIC "\xffUSER\r\n" #define RESETCODE_S2K_MAGIC "\xffRESET\r\n" void -resetcode_s2k (const unsigned char *input, unsigned int ilen, - unsigned char output[32]) +s2k (int who, const unsigned char *input, unsigned int ilen, + unsigned char output[32]) { sha256_context ctx; sha256_start (&ctx); sha256_update (&ctx, input, ilen); - sha256_update (&ctx, (unsigned char *)RESETCODE_S2K_MAGIC, - sizeof (RESETCODE_S2K_MAGIC)); + if (who == BY_USER) + sha256_update (&ctx, (unsigned char *)USER_S2K_MAGIC, + sizeof (USER_S2K_MAGIC)); + else if (who == BY_RESETCODE) + sha256_update (&ctx, (unsigned char *)RESETCODE_S2K_MAGIC, + sizeof (RESETCODE_S2K_MAGIC)); + /* Not add any for BY_ADMIN */ sha256_finish (&ctx, output); } @@ -391,8 +397,8 @@ cmd_reset_user_password (void) pw_len = ks_rc[0]; newpw = pw + pw_len; newpw_len = len - pw_len; - resetcode_s2k (pw, pw_len, old_ks); - sha256 (newpw, newpw_len, new_ks); + s2k (BY_RESETCODE, pw, pw_len, old_ks); + s2k (BY_USER, newpw, newpw_len, new_ks); new_ks0[0] = newpw_len; r = gpg_change_keystring (BY_RESETCODE, old_ks, BY_USER, new_ks); if (r <= -2) @@ -443,7 +449,7 @@ cmd_reset_user_password (void) newpw_len = len; newpw = pw; - sha256 (newpw, newpw_len, new_ks); + s2k (BY_USER, newpw, newpw_len, new_ks); new_ks0[0] = newpw_len; r = gpg_change_keystring (admin_authorized, old_ks, BY_USER, new_ks); if (r <= -2)