Possibly support other hash in future, for KDF.

2017-11-08 10:28:55 +09:00
parent 9d5834d47b
commit bd58997dc9
4 changed files with 25 additions and 5 deletions
--- a/7
+++ b/7
@@ -1,3 +1,10 @@
+2017-11-08  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/openpgp-do.c (gpg_do_kdf_check): New.
+	(proc_resetting_code): Use gpg_do_kdf_check.
+	* src/openpgp.c (cmd_verify, cmd_change_password)
+	(cmd_reset_user_password): Likewise.
+
 2017-11-07  NIIBE Yutaka  <gniibe@fsij.org>

 	* src/openpgp-do.c (proc_resetting_code): Error when
--- a/src/gnuk.h
+++ b/src/gnuk.h
@@ -298,6 +298,8 @@ void gpg_do_write_simple (uint8_t, const uint8_t *, int);
 void gpg_increment_digital_signature_counter (void);
 void gpg_do_get_initial_pw_setting (int is_pw3, int *r_len,
 				    const uint8_t **r_p);
+int gpg_do_kdf_check (int len, int how_many);
+

 void fatal (uint8_t code) __attribute__ ((noreturn));
 #define FATAL_FLASH  1
--- a/src/openpgp-do.c
+++ b/src/openpgp-do.c
@@ -865,6 +865,17 @@ rw_kdf (uint16_t tag, int with_tag, const uint8_t *data, int len, int is_write)
    }
 }

+int
+gpg_do_kdf_check (int len, int how_many)
+{
+  const uint8_t *kdf_spec = gpg_do_read_simple (NR_DO_KDF);
+
+  if (kdf_spec && (kdf_spec[43] * how_many) != len)
+    return 0;
+
+  return 1;
+}
+
 void
 gpg_do_get_initial_pw_setting (int is_pw3, int *r_len, const uint8_t **r_p)
 {
@@ -906,7 +917,7 @@ proc_resetting_code (const uint8_t *data, int len)

  DEBUG_INFO ("Resetting Code!\r\n");

-  if (gpg_do_read_simple (NR_DO_KDF) && len != 32)
+  if (gpg_do_kdf_check (len, 1) == 0)
    return 0;

  newpw_len = len;
--- a/src/openpgp.c
+++ b/src/openpgp.c
@@ -192,7 +192,7 @@ cmd_verify (void)
      return;
    }

-  if (gpg_do_read_simple (NR_DO_KDF) && len != 32)
+  if (gpg_do_kdf_check (len, 1) == 0)
    {
      GPG_CONDITION_NOT_SATISFIED ();
      return;
@@ -305,7 +305,7 @@ cmd_change_password (void)
      return;
    }

-  if (gpg_do_read_simple (NR_DO_KDF) && len != 64)
+  if (gpg_do_kdf_check (len, 2) == 0)
    {
      GPG_CONDITION_NOT_SATISFIED ();
      return;
@@ -531,7 +531,7 @@ cmd_reset_user_password (void)
      const uint8_t *ks_rc = gpg_do_read_simple (NR_DO_KEYSTRING_RC);
      uint8_t old_ks[KEYSTRING_MD_SIZE];

-      if (gpg_do_read_simple (NR_DO_KDF) && len != 64)
+      if (gpg_do_kdf_check (len, 2) == 0)
 	{
 	  GPG_CONDITION_NOT_SATISFIED ();
 	  return;
@@ -601,7 +601,7 @@ cmd_reset_user_password (void)
 	  return;
 	}

-      if (gpg_do_read_simple (NR_DO_KDF) && len != 32)
+      if (gpg_do_kdf_check (len, 1) == 0)
 	{
 	  GPG_CONDITION_NOT_SATISFIED ();
 	  return;