Check passphrase length when changing.

2024-09-20 02:40:08 +00:00 · 2018-01-22 11:55:10 +09:00 · 2018-01-22 11:55:10 +09:00 · 704d8a5cf1
commit 704d8a5cf1
parent 55781cb7bb
3 changed files with 22 additions and 3 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+2018-01-22  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/openpgp.c (USER_PASSWD_MINLEN): New.
+	(cmd_change_password): Check passphrase length.
+
 2018-01-22  NIIBE Yutaka  <gniibe@fsij.org>

 	* src/openpgp.c (cmd_change_password): Remove access to private
--- a/7
+++ b/7
@ -11,7 +11,12 @@ agreement to USB Forum.  Now, we have new file named gnuk-vidpid.elf
 for flashing.  The file gnuk.elf can be used to generate
 gnuk-vidpid.elf and we can check if it is reproducible or not.

-** Remove access with BY_ADMIN
+** Passphrase length check
+
+Now, Gnuk checks length of passphrase if it's too short when
+changing passphrase.
+
+** Remove possible access with BY_ADMIN (to flash ROM data)

 For admin-less mode, access by OPENPGP_CARD_INITIAL_PW3 remained on
 flash ROM.  This could be considered a backdoor, if some other person
--- a/src/openpgp.c
+++ b/src/openpgp.c
@ -37,6 +37,7 @@

 static struct eventflag *openpgp_comm;

+#define USER_PASSWD_MINLEN 6
 #define ADMIN_PASSWD_MINLEN 8

 #define CLS(a) a.cmd_apdu_head[0]
@ -347,8 +348,9 @@ cmd_change_password (void)
 	  newpw_len = len - pw_len;
 	  ks_pw3 = gpg_do_read_simple (NR_DO_KEYSTRING_PW3);

-	  /* Check length of password for admin-less mode.  */
-	  if (ks_pw3 == NULL && newpw_len < ADMIN_PASSWD_MINLEN)
+	  /* Check length of password */
+	  if ((ks_pw3 == NULL && newpw_len < ADMIN_PASSWD_MINLEN)
+	      || newpw_len < USER_PASSWD_MINLEN)
 	    {
 	      DEBUG_INFO ("new password length is too short.");
 	      GPG_CONDITION_NOT_SATISFIED ();
@ -388,6 +390,7 @@ cmd_change_password (void)
 	{
 	  newpw = pw + pw_len;
 	  newpw_len = len - pw_len;
+
 	  if (newpw_len == 0 && admin_authorized == BY_ADMIN)
 	    {
 	      const uint8_t *initial_pw;
@ -397,6 +400,12 @@ cmd_change_password (void)
 	      newsalt_len = 0;
 	      pw3_null = 1;
 	    }
+	  else if (newpw_len < ADMIN_PASSWD_MINLEN)
+	    {
+	      DEBUG_INFO ("new password length is too short.");
+	      GPG_CONDITION_NOT_SATISFIED ();
+	      return;
+	    }

 	  who_old = admin_authorized;
 	}