Remove keystring with BY_ADMIN when it's becomming admin-less mode.

2024-09-20 02:40:08 +00:00 · 2018-01-22 11:02:02 +09:00 · 2018-01-22 11:02:02 +09:00 · 55781cb7bb
commit 55781cb7bb
parent de24655920
3 changed files with 27 additions and 5 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+2018-01-22  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/openpgp.c (cmd_change_password): Remove access to private
+	key with BY_ADMIN when it's becoming admin-less mode.
+
 2018-01-19  NIIBE Yutaka  <gniibe@fsij.org>

 	* src/binary-edit.sh: Copied from NeuG 1.0.8.  Exclude FILE.
--- a/6
+++ b/6
@ -11,6 +11,12 @@ agreement to USB Forum.  Now, we have new file named gnuk-vidpid.elf
 for flashing.  The file gnuk.elf can be used to generate
 gnuk-vidpid.elf and we can check if it is reproducible or not.

+** Remove access with BY_ADMIN
+
+For admin-less mode, access by OPENPGP_CARD_INITIAL_PW3 remained on
+flash ROM.  This could be considered a backdoor, if some other person
+had or kept access to the flash ROM.  Now, the entry is cleared by
+zero when the token is set to admin-less mode.

 ** Upgrade of Chopstx
 We use Chopstx 1.8.
--- a/src/openpgp.c
+++ b/src/openpgp.c
@ -1,7 +1,7 @@
 /*
 * openpgp.c -- OpenPGP card protocol support
 *
- * Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017
+ * Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018
 *               Free Software Initiative of Japan
 * Author: NIIBE Yutaka <gniibe@fsij.org>
 *
@ -426,15 +426,26 @@ cmd_change_password (void)
    }
  else if (r > 0 && who == BY_USER)
    {
-      gpg_do_write_simple (NR_DO_KEYSTRING_PW1, new_ks0, KS_META_SIZE);
-      ac_reset_pso_cds ();
-      ac_reset_other ();
      /* When it was already admin-less mode, admin_authorized is
       * BY_USER.  If no PW3 keystring, it's becoming admin-less mode,
       * now.  For these two cases, we need to reset admin
       * authorization status.  */
-      if (admin_authorized == BY_USER || ks_pw3 == NULL)
+      if (admin_authorized == BY_USER)
 	ac_reset_admin ();
+      else if (ks_pw3 == NULL)
+	{
+	  enum kind_of_key kk0;
+
+	  /* Remove keystrings for BY_ADMIN.  */
+	  for (kk0 = 0; kk0 <= GPG_KEY_FOR_AUTHENTICATION; kk0++)
+	    gpg_do_chks_prvkey (kk0, BY_ADMIN, NULL, 0, NULL);
+
+	  ac_reset_admin ();
+	}
+
+      gpg_do_write_simple (NR_DO_KEYSTRING_PW1, new_ks0, KS_META_SIZE);
+      ac_reset_pso_cds ();
+      ac_reset_other ();
      DEBUG_INFO ("Changed length of DO_KEYSTRING_PW1.\r\n");
      GPG_SUCCESS ();
    }