From 9c0cd9d07546698ab66cedd06c503e6b698593f9 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Fri, 19 Jul 2019 11:33:36 +0900 Subject: [PATCH] card: Support disabling KDF functionality. * g10/card-util.c (kdf_setup): Can be "off". Signed-off-by: NIIBE Yutaka --- g10/card-util.c | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/g10/card-util.c b/g10/card-util.c index 1b9461e0a..a95cc121a 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -2103,7 +2103,7 @@ kdf_setup (const char *args) struct agent_card_info_s info; gpg_error_t err; unsigned char kdf_data[KDF_DATA_LENGTH_MAX]; - int single = (*args != 0); + size_t len; memset (&info, 0, sizeof info); @@ -2120,12 +2120,25 @@ kdf_setup (const char *args) goto leave; } - err = gen_kdf_data (kdf_data, single); - if (err) - goto leave_error; + if (!strcmp (args, "off")) + { + len = 5; + memcpy (kdf_data, "\xF9\x03\x81\x01\x00", len); + } + else + { + int single = 0; - err = agent_scd_setattr ("KDF", kdf_data, - single ? KDF_DATA_LENGTH_MIN : KDF_DATA_LENGTH_MAX); + if (*args != 0) + single = 1; + + len = single ? KDF_DATA_LENGTH_MIN: KDF_DATA_LENGTH_MAX; + err = gen_kdf_data (kdf_data, single); + if (err) + goto leave_error; + } + + err = agent_scd_setattr ("KDF", kdf_data, len); if (err) goto leave_error; @@ -2225,7 +2238,8 @@ static struct { "verify" , cmdVERIFY, 0, N_("verify the PIN and list all data")}, { "unblock" , cmdUNBLOCK,0, N_("unblock the PIN using a Reset Code")}, { "factory-reset", cmdFACTORYRESET, 1, N_("destroy all keys and data")}, - { "kdf-setup", cmdKDFSETUP, 1, N_("setup KDF for PIN authentication")}, + { "kdf-setup", cmdKDFSETUP, 1, + N_("setup KDF for PIN authentication (on/single/off)")}, { "key-attr", cmdKEYATTR, 1, N_("change the key attribute")}, { "uif", cmdUIF, 1, N_("change the User Interaction Flag")}, /* Note, that we do not announce these command yet. */