Implement "INTERNAL AUTHENTICATE" command.

2010-10-16 09:22:18 +09:00
parent 7ea6e2089a
commit 8a88c279bf
6 changed files with 166 additions and 36 deletions
--- a/1
+++ b/1
@@ -10,6 +10,7 @@ NIIBE Yutaka:
    Founder of the project.
    Wrote:
 	gnuk.svg
+	src/configure
 	src/ac.c
 	src/main.c
 	src/usb_lld.h
--- a/23
+++ b/23
@@ -1,3 +1,26 @@
+2010-10-16  NIIBE Yutaka  <gniibe@fsij.org>
+
+	Implement "INTERNAL AUTHENTICATE" command.
+
+	* src/gnuk.h (BY_USER, BY_RESETCODE, BY_ADMIN): New defines.
+	(NUM_ALL_PRV_KEYS): Now it's 3 (was: 2).
+
+	* src/openpgp.c (INS_INTERNAL_AUTHENTICATE): New define.
+	(cmd_internal_authenticate): New function.
+	(cmds): Added INS_INTERNAL_AUTHENTICATE.
+	(cmd_change_password): Use BY_USER.
+	(cmd_reset_user_password): Use BY_USER, BY_RESETCODE, BY_ADMIN.
+	(cmd_pso): Load GPG_KEY_FOR_DECRYPTION here.
+	(cmd_pso): Removed adding status word into res_APDU...
+	* src/call-rsa.c (rsa_sign): and moved adding status word into
+	res_APDU here.
+
+	* src/ac.c (pw1_keystring): New variable.
+	(ac_reset_pso_other): Clear pw1_keystring.
+	(verify_pso_cds): Use BY_USER.
+	(verify_pso_other): Just check the length of password here, and
+	defer real check to cmd_pso or cmd_internal_authenticate.
+
 2010-10-14  NIIBE Yutaka  <gniibe@fsij.org>

 	Adding 'configure' support.
--- a/src/ac.c
+++ b/src/ac.c
@@ -28,9 +28,12 @@ ac_reset_pso_cds (void)
  auth_status &= ~AC_PSO_CDS_AUTHORIZED;
 }

+uint8_t pw1_keystring[KEYSTRING_SIZE_PW1];
+
 void
 ac_reset_pso_other (void)
 {
+  memset (pw1_keystring, 0, KEYSTRING_SIZE_PW1);
  auth_status &= ~AC_PSO_OTHER_AUTHORIZED;
 }

@@ -52,7 +55,7 @@ verify_pso_cds (const uint8_t *pw, int pw_len)
  keystring[0] = pw_len;
  sha1 (pw, pw_len, keystring+1);
  memcpy (pwsb, pw_status_bytes, SIZE_PW_STATUS_BYTES);
-  if ((r = gpg_do_load_prvkey (GPG_KEY_FOR_SIGNING, 1, keystring+1)) < 0)
+  if ((r = gpg_do_load_prvkey (GPG_KEY_FOR_SIGNING, BY_USER, keystring+1)) < 0)
    {
      pwsb[PW_STATUS_PW1]--;
      gpg_do_write_simple (NR_DO_PW_STATUS, pwsb, SIZE_PW_STATUS_BYTES);
@@ -71,34 +74,41 @@ verify_pso_cds (const uint8_t *pw, int pw_len)
 int
 verify_pso_other (const uint8_t *pw, int pw_len)
 {
-  int r;
  const uint8_t *pw_status_bytes = gpg_do_read_simple (NR_DO_PW_STATUS);
-  uint8_t keystring[KEYSTRING_SIZE_PW1];
  uint8_t pwsb[SIZE_PW_STATUS_BYTES];
+  const uint8_t *ks_pw1;
+
+  DEBUG_INFO ("verify_pso_other\r\n");

  if (pw_status_bytes == NULL
      || pw_status_bytes[PW_STATUS_PW1] == 0) /* locked */
    return 0;

-  DEBUG_INFO ("verify_pso_other\r\n");
-
-  keystring[0] = pw_len;
-  sha1 (pw, pw_len, keystring+1);
  memcpy (pwsb, pw_status_bytes, SIZE_PW_STATUS_BYTES);
-  if ((r = gpg_do_load_prvkey (GPG_KEY_FOR_DECRYPTION, 1, keystring+1)) < 0)
+
+  /*
+   * We check only the length of password string now.
+   * Real check is defered to decrypt/authenticate routines.
+   */
+  ks_pw1 = gpg_do_read_simple (NR_DO_KEYSTRING_PW1);
+  if ((ks_pw1 == NULL && pw_len == strlen (OPENPGP_CARD_INITIAL_PW1))
+      || (ks_pw1 != NULL && pw_len == ks_pw1[0]))
+    {				/* No problem */
+      /*
+       * We don't reset pwsb[PW_STATUS_PW1] here.
+       * Because password may be wrong.
+       */
+      pw1_keystring[0] = pw_len;
+      sha1 (pw, pw_len, pw1_keystring+1);
+      auth_status |= AC_PSO_OTHER_AUTHORIZED;
+      return 1;
+    }
+  else
    {
      pwsb[PW_STATUS_PW1]--;
      gpg_do_write_simple (NR_DO_PW_STATUS, pwsb, SIZE_PW_STATUS_BYTES);
-      return r;
+      return 0;
    }
-  else if (pwsb[PW_STATUS_PW1] != 3)
-    {
-      pwsb[PW_STATUS_PW1] = 3;
-      gpg_do_write_simple (NR_DO_PW_STATUS, pwsb, SIZE_PW_STATUS_BYTES);
-    }
-
-  auth_status |= AC_PSO_OTHER_AUTHORIZED;
-  return 1;
 }

 /*
--- a/src/call-rsa.c
+++ b/src/call-rsa.c
@@ -28,6 +28,8 @@
 #include "polarssl/config.h"
 #include "polarssl/rsa.h"

+#define RSA_SIGNATURE_LENGTH 256 /* 256 byte == 2048-bit */
+
 static rsa_context rsa_ctx;

 int
@@ -76,6 +78,9 @@ rsa_sign (const uint8_t *raw_message, uint8_t *output, int msg_len)
    }
  else
    {
+      res_APDU[RSA_SIGNATURE_LENGTH] =  0x90;
+      res_APDU[RSA_SIGNATURE_LENGTH+1] =  0x00;
+      res_APDU_size = RSA_SIGNATURE_LENGTH + 2;
      DEBUG_INFO ("done.\r\n");
      return 0;
    }
@@ -165,7 +170,6 @@ rsa_decrypt (const uint8_t *input, uint8_t *output, int msg_len)
      res_APDU[output_len] = 0x90;
      res_APDU[output_len+1] = 0x00;
      res_APDU_size = output_len + 2;
-
      DEBUG_INFO ("done.\r\n");
      return 0;
    }
--- a/src/gnuk.h
+++ b/src/gnuk.h
@@ -104,12 +104,23 @@ struct key_data {
 #define DATA_ENCRYPTION_KEY_SIZE 16
 struct prvkey_data {
  const uint8_t *key_addr;
+  /*
+   * CRM: [C]heck, [R]andom, and [M]agic in struct key_data
+   *
+   */
  uint8_t crm_encrypted[ADDITIONAL_DATA_SIZE];
-  uint8_t dek_encrypted_1[DATA_ENCRYPTION_KEY_SIZE];
-  uint8_t dek_encrypted_2[DATA_ENCRYPTION_KEY_SIZE];
-  uint8_t dek_encrypted_3[DATA_ENCRYPTION_KEY_SIZE];
+  /*
+   * DEK: Data Encryption Key
+   */
+  uint8_t dek_encrypted_1[DATA_ENCRYPTION_KEY_SIZE]; /* For user */
+  uint8_t dek_encrypted_2[DATA_ENCRYPTION_KEY_SIZE]; /* For resetcode */
+  uint8_t dek_encrypted_3[DATA_ENCRYPTION_KEY_SIZE]; /* For admin */
 };

+#define BY_USER		1
+#define BY_RESETCODE	2
+#define BY_ADMIN	3
+
 extern int flash_key_write (uint8_t *key_addr, const uint8_t *key_data, const uint8_t *modulus);

 #define KEYSTRING_PASSLEN_SIZE  1
@@ -204,7 +215,9 @@ extern void gpg_do_reset_pw_counter (uint8_t which);

 extern void set_led (int);

-#define NUM_ALL_PRV_KEYS 2	/* SIG and DEC *//* we don't support AUT yet */
+#define NUM_ALL_PRV_KEYS 3	/* SIG, DEC and AUT */
+
+extern uint8_t pw1_keystring[KEYSTRING_SIZE_PW1];

 #define OPENPGP_CARD_INITIAL_PW1 "123456"

--- a/src/openpgp.c
+++ b/src/openpgp.c
@@ -29,13 +29,12 @@
 #include "polarssl/config.h"
 #include "polarssl/sha1.h"

-#define RSA_SIGNATURE_LENGTH 256 /* 256 byte == 2048-bit */
-
 #define INS_VERIFY        			0x20
 #define INS_CHANGE_REFERENCE_DATA		0x24
 #define INS_PSO		  			0x2a
 #define INS_RESET_RETRY_COUNTER			0x2c
 #define INS_PGP_GENERATE_ASYMMETRIC_KEY_PAIR	0x47
+#define INS_INTERNAL_AUTHENTICATE		0x88
 #define INS_SELECT_FILE				0xa4
 #define INS_READ_BINARY				0xb0
 #define INS_GET_DATA				0xca
@@ -180,7 +179,7 @@ cmd_change_password (void)
      pw += 2;
    }

-  if (who == 1)			/* PW1 */
+  if (who == BY_USER)			/* PW1 */
    {
      const uint8_t *pk = gpg_do_read_simple (NR_DO_KEYSTRING_PW1);

@@ -243,21 +242,21 @@ cmd_change_password (void)
      DEBUG_INFO ("security error.\r\n");
      GPG_SECURITY_FAILURE ();
    }
-  else if (r == 0 && who == 1)	/* no prvkey */
+  else if (r == 0 && who == BY_USER)	/* no prvkey */
    {
      gpg_do_write_simple (NR_DO_KEYSTRING_PW1, new_ks0, KEYSTRING_SIZE_PW1);
      ac_reset_pso_cds ();
      gpg_do_reset_pw_counter (PW_STATUS_PW1);
      DEBUG_INFO ("Changed DO_KEYSTRING_PW1.\r\n");
    }
-  else if (r > 0 && who == 1)
+  else if (r > 0 && who == BY_USER)
    {
      gpg_do_write_simple (NR_DO_KEYSTRING_PW1, new_ks0, 1);
      ac_reset_pso_cds ();
      gpg_do_reset_pw_counter (PW_STATUS_PW1);
      DEBUG_INFO ("Changed length of DO_KEYSTRING_PW1.\r\n");
    }
-  else				/* r >= 0 && who == 3 */
+  else				/* r >= 0 && who == BY_ADMIN */
    {
      DEBUG_INFO ("done.\r\n");
      gpg_do_reset_pw_counter (PW_STATUS_PW3);
@@ -313,7 +312,7 @@ cmd_reset_user_password (void)
      sha1 (pw, pw_len, old_ks);
      sha1 (newpw, newpw_len, new_ks);
      new_ks0[0] = newpw_len;
-      r = gpg_change_keystring (2, old_ks, 1, new_ks);
+      r = gpg_change_keystring (BY_RESETCODE, old_ks, BY_USER, new_ks);
      if (r < -2)
 	{
 	  DEBUG_INFO ("memory error.\r\n");
@@ -362,7 +361,7 @@ cmd_reset_user_password (void)
      newpw = pw;
      sha1 (newpw, newpw_len, new_ks);
      new_ks0[0] = newpw_len;
-      r = gpg_change_keystring (3, old_ks, 1, new_ks);
+      r = gpg_change_keystring (BY_ADMIN, old_ks, BY_USER, new_ks);
      if (r < -2)
 	{
 	  DEBUG_INFO ("memory error.\r\n");
@@ -570,10 +569,6 @@ cmd_pso (void)
 	    {			/* Success */
 	      const uint8_t *pw_status_bytes = gpg_do_read_simple (NR_DO_PW_STATUS);

-	      res_APDU[RSA_SIGNATURE_LENGTH] =  0x90;
-	      res_APDU[RSA_SIGNATURE_LENGTH+1] =  0x00;
-	      res_APDU_size = RSA_SIGNATURE_LENGTH + 2;
-
 	      if (pw_status_bytes[0] == 0)
 		ac_reset_pso_cds ();

@@ -583,14 +578,34 @@ cmd_pso (void)
    }
  else if (cmd_APDU[2] == 0x80 && cmd_APDU[3] == 0x86)
    {
-      if (!ac_check_status (AC_PSO_OTHER_AUTHORIZED))
+      const uint8_t *pw_status_bytes = gpg_do_read_simple (NR_DO_PW_STATUS);
+      uint8_t pwsb[SIZE_PW_STATUS_BYTES];
+
+      DEBUG_SHORT (len);
+
+      if (pw_status_bytes == NULL
+	  || pw_status_bytes[PW_STATUS_PW1] == 0 /* locked */
+	  || !ac_check_status (AC_PSO_OTHER_AUTHORIZED))
 	{
 	  DEBUG_INFO ("security error.");
 	  GPG_SECURITY_FAILURE ();
 	  return;
 	}

-      DEBUG_SHORT (len);
+      memcpy (pwsb, pw_status_bytes, SIZE_PW_STATUS_BYTES);
+      if ((r = gpg_do_load_prvkey (GPG_KEY_FOR_DECRYPTION, BY_USER,
+				   pw1_keystring + 1)) < 0)
+	{
+	  pwsb[PW_STATUS_PW1]--;
+	  gpg_do_write_simple (NR_DO_PW_STATUS, pwsb, SIZE_PW_STATUS_BYTES);
+	  GPG_SECURITY_FAILURE ();
+	  return;
+	}
+      else if (pwsb[PW_STATUS_PW1] != 3) /* Failure in the past? */
+	{		       /* Reset counter as it's success now */
+	  pwsb[PW_STATUS_PW1] = 3;
+	  gpg_do_write_simple (NR_DO_PW_STATUS, pwsb, SIZE_PW_STATUS_BYTES);
+	}

      ac_reset_pso_other ();

@@ -613,6 +628,69 @@ cmd_pso (void)
  DEBUG_INFO ("PSO done.\r\n");
 }

+static void
+cmd_internal_authenticate (void)
+{
+  int len = cmd_APDU[4];
+  int data_start = 5;
+  int r;
+  const uint8_t *pw_status_bytes = gpg_do_read_simple (NR_DO_PW_STATUS);
+  uint8_t pwsb[SIZE_PW_STATUS_BYTES];
+
+  if (len == 0)
+    {
+      len = (cmd_APDU[5]<<8) | cmd_APDU[6];
+      data_start = 7;
+    }
+
+  DEBUG_INFO (" - INTERNAL AUTHENTICATE\r\n");
+
+  if (cmd_APDU[2] == 0x00 && cmd_APDU[3] == 0x00)
+    {
+      DEBUG_SHORT (len);
+
+        if (pw_status_bytes == NULL
+	  || pw_status_bytes[PW_STATUS_PW1] == 0 /* locked */
+	  || !ac_check_status (AC_PSO_OTHER_AUTHORIZED))
+	{
+	  DEBUG_INFO ("security error.");
+	  GPG_SECURITY_FAILURE ();
+	  return;
+	}
+
+      memcpy (pwsb, pw_status_bytes, SIZE_PW_STATUS_BYTES);
+      if ((r = gpg_do_load_prvkey (GPG_KEY_FOR_AUTHENTICATION, BY_USER,
+				   pw1_keystring + 1)) < 0)
+	{
+	  pwsb[PW_STATUS_PW1]--;
+	  gpg_do_write_simple (NR_DO_PW_STATUS, pwsb, SIZE_PW_STATUS_BYTES);
+	  GPG_SECURITY_FAILURE ();
+	  return;
+	}
+      else if (pwsb[PW_STATUS_PW1] != 3) /* Failure in the past? */
+	{		       /* Reset counter as it's success now */
+	  pwsb[PW_STATUS_PW1] = 3;
+	  gpg_do_write_simple (NR_DO_PW_STATUS, pwsb, SIZE_PW_STATUS_BYTES);
+	}
+
+      ac_reset_pso_other ();
+
+      r = rsa_sign (&cmd_APDU[data_start], res_APDU, len);
+      if (r < 0)
+	GPG_ERROR ();
+    }
+  else
+    {
+      DEBUG_INFO (" - ??");
+      DEBUG_BYTE (cmd_APDU[2]);
+      DEBUG_INFO (" - ??");
+      DEBUG_BYTE (cmd_APDU[3]);
+      GPG_ERROR ();
+    }
+
+  DEBUG_INFO ("INTERNAL AUTHENTICATE done.\r\n");
+}
+
 struct command
 {
  uint8_t command;
@@ -625,6 +703,7 @@ const struct command cmds[] = {
  { INS_PSO, cmd_pso },
  { INS_RESET_RETRY_COUNTER, cmd_reset_user_password },
  { INS_PGP_GENERATE_ASYMMETRIC_KEY_PAIR, cmd_pgp_gakp },
+  { INS_INTERNAL_AUTHENTICATE, cmd_internal_authenticate },
  { INS_SELECT_FILE, cmd_select_file },
  { INS_READ_BINARY, cmd_read_binary },
  { INS_GET_DATA, cmd_get_data },