security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00
Code Activity

gpg,scd: Fix handling of KDF feature.

Browse Source 
* g10/card-util.c (kdf_setup): Fix the default value.
* scd/app-openpgp.c (do_setattr): Support kdf-setup "off" by
Zeitcontrol.  Make sure Gnuk and Yubikey work well.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2020-09-16 12:49:20 +09:00
parent 6e51f2044a
commit 8dfd0ebfd8
2 changed files with 25 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
g10/card-util.c
View File

@ -2107,8 +2107,8 @@ kdf_setup (const char *args)
if (!strcmp (args, "off")) if (!strcmp (args, "off"))
{ {
len = 5; len = 3;
memcpy (kdf_data, "\xF9\x03\x81\x01\x00", len); memcpy (kdf_data, "\x81\x01\x00", len);
} }
else else
{ {

34
scd/app-openpgp.c
View File

@ -2918,22 +2918,36 @@ do_setattr (app_t app, ctrl_t ctrl, const char *name,
if (table[idx].special == 4) if (table[idx].special == 4)
{ {
if (valuelen == KDF_DATA_LENGTH_MIN) if (app->card->cardtype == CARDTYPE_YUBIKEY
|| app->card->cardtype == CARDTYPE_GNUK)
{ {
/* Single user KDF of Gnuk */
rc = verify_chv3 (app, ctrl, pincb, pincb_arg); rc = verify_chv3 (app, ctrl, pincb, pincb_arg);
if (rc) if (rc)
return rc; return rc;
} }
else if (valuelen == KDF_DATA_LENGTH_MAX) else
{ {
char *oldpinvalue = NULL; char *oldpinvalue = NULL;
char *buffer1 = NULL; char *buffer1 = NULL;
size_t bufferlen1; size_t bufferlen1;
const char *u, *a; const char *u, *a;
size_t ulen, alen;
u = (const char *)value + 44; if (valuelen == 3)
a = u + 34; {
u = "123456";
a = "12345678";
ulen = 6;
alen = 8;
}
else if (valuelen == KDF_DATA_LENGTH_MAX)
{
u = (const char *)value + 44;
a = u + 34;
ulen = alen = 32;
}
else
return gpg_error (GPG_ERR_INV_OBJ);
if (!pin_from_cache (app, ctrl, 3, &oldpinvalue)) if (!pin_from_cache (app, ctrl, 3, &oldpinvalue))
{ {
@ -2957,14 +2971,14 @@ do_setattr (app_t app, ctrl_t ctrl, const char *name,
rc = iso7816_change_reference_data (app_get_slot (app), rc = iso7816_change_reference_data (app_get_slot (app),
0x83, 0x83,
buffer1, bufferlen1, buffer1, bufferlen1,
a, 32); a, alen);
if (!rc) if (!rc)
rc = iso7816_verify (app_get_slot (app), 0x83, a, 32); rc = iso7816_verify (app_get_slot (app), 0x83, a, alen);
if (!rc) if (!rc)
cache_pin (app, ctrl, 3, "12345678"); cache_pin (app, ctrl, 3, "12345678");
if (!rc) if (!rc)
rc = iso7816_reset_retry_counter (app_get_slot (app), 0x81, u, 32); rc = iso7816_reset_retry_counter (app_get_slot (app), 0x81, u, ulen);
if (!rc) if (!rc)
cache_pin (app, ctrl, 1, "123456"); cache_pin (app, ctrl, 1, "123456");
@ -2974,11 +2988,9 @@ do_setattr (app_t app, ctrl_t ctrl, const char *name,
wipe_and_free (buffer1, bufferlen1); wipe_and_free (buffer1, bufferlen1);
wipe_and_free_string (oldpinvalue); wipe_and_free_string (oldpinvalue);
} }
else
return gpg_error (GPG_ERR_INV_OBJ);
/* Flush the cache again, because pin2hash_if_kdf uses the DO. */ /* Flush the cache again, because pin2hash_if_kdf uses the DO. */
flush_cache_item (app, 0xF9); flush_cache_item (app, 0x00F9);
} }
rc = iso7816_put_data (app_get_slot (app), rc = iso7816_put_data (app_get_slot (app),