protection improvement (1): different S2K for PW1 and Reset-code

2012-06-14 09:13:59 +09:00
parent a2855c9442
commit a5d77ec5af
6 changed files with 33 additions and 4 deletions
--- a/src/gnuk.h
+++ b/src/gnuk.h
@@ -193,6 +193,9 @@ struct prvkey_data {
 #define BY_RESETCODE	2
 #define BY_ADMIN	3

+extern void resetcode_s2k (const unsigned char *input, unsigned int ilen,
+			   unsigned char output[32]);
+
 extern int flash_key_write (uint8_t *key_addr, const uint8_t *key_data, const uint8_t *modulus);

 #define KEYSTRING_PASSLEN_SIZE  1
--- a/src/openpgp-do.c
+++ b/src/openpgp-do.c
@@ -543,7 +543,7 @@ proc_resetting_code (const uint8_t *data, int len)

  newpw_len = len;
  newpw = data;
-  sha256 (newpw, newpw_len, new_ks);
+  resetcode_s2k (newpw, newpw_len, new_ks);
  new_ks0[0] = newpw_len;
  r = gpg_change_keystring (admin_authorized, old_ks, BY_RESETCODE, new_ks);
  if (r <= -2)
--- a/src/openpgp.c
+++ b/src/openpgp.c
@@ -328,6 +328,23 @@ cmd_change_password (void)
    }
 }

+
+#define RESETCODE_S2K_MAGIC "\xffRESET\r\n"
+
+void
+resetcode_s2k (const unsigned char *input, unsigned int ilen,
+	       unsigned char output[32])
+{
+  sha256_context ctx;
+
+  sha256_start (&ctx);
+  sha256_update (&ctx, input, ilen);
+  sha256_update (&ctx, (unsigned char *)RESETCODE_S2K_MAGIC,
+		 sizeof (RESETCODE_S2K_MAGIC));
+  sha256_finish (&ctx, output);
+}
+
+
 static void
 cmd_reset_user_password (void)
 {
@@ -368,7 +385,7 @@ cmd_reset_user_password (void)
      pw_len = ks_rc[0];
      newpw = pw + pw_len;
      newpw_len = len - pw_len;
-      sha256 (pw, pw_len, old_ks);
+      resetcode_s2k (pw, pw_len, old_ks);
      sha256 (newpw, newpw_len, new_ks);
      new_ks0[0] = newpw_len;
      r = gpg_change_keystring (BY_RESETCODE, old_ks, BY_USER, new_ks);
--- a/src/sha256.c
+++ b/src/sha256.c
@@ -194,6 +194,7 @@ sha256_finish (sha256_context *ctx, unsigned char output[32])

  bswap32_buf (ctx->state, SHA256_DIGEST_SIZE >> 2);
  memcpy (output, ctx->state, SHA256_DIGEST_SIZE);
+  memset (&ctx, 0, sizeof (sha256_context));
 }

 const uint32_t initial_state[8] =
@@ -218,6 +219,4 @@ sha256 (const unsigned char *input, unsigned int ilen,
  sha256_start (&ctx);
  sha256_update (&ctx, input, ilen);
  sha256_finish (&ctx, output);
-
-  memset (&ctx, 0, sizeof (sha256_context));
 }