c0de/SmartPGP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove PIN2 format support

Browse Source
This commit is contained in:
Arnaud Fontaine 2018-05-23 17:09:23 +02:00
parent 79d9342827
commit 981899718f
3 changed files with 36 additions and 153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/fr/anssi/smartpgp/Constants.java
View File

@ -39,48 +39,24 @@ public final class Constants {
protected static final byte USER_PIN_RETRY_COUNT = 3;
protected static final byte USER_PIN_MIN_SIZE = 0x06;
protected static final byte USER_PIN_MAX_SIZE = 0x7f; /* max is 0x7f because PIN format 2 */
protected static final byte USER_PIN_MIN_SIZE_FORMAT_2 = 6;
protected static final byte USER_PIN_MAX_SIZE_FORMAT_2 = 12;
protected static final byte[] USER_PIN_DEFAULT = {
(byte)0x31, (byte)0x32, (byte)0x33, (byte)0x34,
(byte)0x35, (byte)0x36
};
protected static final boolean USER_PIN_DEFAULT_IS_FORMAT_2 = false;
/*
protected static final byte[] USER_PIN_DEFAULT = {
(byte)0x26,
(byte)0x12, (byte)0x34, (byte)0x56, (byte)0xff, (byte)0xff,
(byte)0xff, (byte)0xff
};
protected static final boolean USER_PIN_DEFAULT_IS_FORMAT_2 = true;
*/
protected static final boolean USER_PIN_DEFAULT_FORCE_VERIFY_SIGNATURE = true;
protected static final byte USER_PUK_RETRY_COUNT = 3;
protected static final byte USER_PUK_MIN_SIZE = 0x08;
protected static final byte USER_PUK_MAX_SIZE = 0x7f; /* max is 0x7f because PIN format 2 */
protected static final byte USER_PUK_MIN_SIZE_FORMAT_2 = 8;
protected static final byte USER_PUK_MAX_SIZE_FORMAT_2 = 12;
protected static final byte ADMIN_PIN_RETRY_COUNT = 3;
protected static final byte ADMIN_PIN_MIN_SIZE = 0x08;
protected static final byte ADMIN_PIN_MAX_SIZE = 0x7f; /* max is 0x7f because PIN format 2 */
protected static final byte ADMIN_PIN_MIN_SIZE_FORMAT_2 = 8;
protected static final byte ADMIN_PIN_MAX_SIZE_FORMAT_2 = 12;
protected static final byte[] ADMIN_PIN_DEFAULT = {
(byte)0x31, (byte)0x32, (byte)0x33, (byte)0x34,
(byte)0x35, (byte)0x36, (byte)0x37, (byte)0x38
};
protected static final boolean ADMIN_PIN_DEFAULT_IS_FORMAT_2 = false;
/*
protected static final byte[] ADMIN_PIN_DEFAULT = {
(byte)0x28,
(byte)0x12, (byte)0x34, (byte)0x56, (byte)0x78, (byte)0xff,
(byte)0xff, (byte)0xff
};
protected static final boolean ADMIN_PIN_DEFAULT_IS_FORMAT_2 = true;
*/
protected static final byte FINGERPRINT_SIZE = 20;
@ -191,7 +167,7 @@ public final class Constants {
(byte)0x00, (byte)0x20, /* max length get challenge */
(byte)0x04, (byte)0x80, /* max length of carholder certificate */
(byte)0x00, (byte)0xff, /* max length of special DOs (private, login, url, KDF-DO) */
(byte)0x01, /* PIN format 2 is supported */
(byte)0x00, /* PIN format 2 is not supported */
(byte)0x00 /* MSE not supported */
};

6
src/fr/anssi/smartpgp/Persistent.java
View File

@ -80,16 +80,13 @@ public final class Persistent {
protected final OwnerPIN user_pin; /* PW1 */
protected byte user_pin_length;
protected boolean user_pin_is_format_2;
protected boolean user_pin_force_verify_signature;
protected final OwnerPIN user_puk; /* resetting code */
protected byte user_puk_length;
protected boolean user_puk_is_format_2;
protected final OwnerPIN admin_pin; /* PW3 */
protected byte admin_pin_length;
protected boolean admin_pin_is_format_2;
@ -240,17 +237,14 @@ public final class Persistent {
Common.beginTransaction(isRegistering);
user_pin_length = (byte)Constants.USER_PIN_DEFAULT.length;
user_pin_is_format_2 = Constants.USER_PIN_DEFAULT_IS_FORMAT_2;
user_pin.update(Constants.USER_PIN_DEFAULT, (short)0, user_pin_length);
user_pin.resetAndUnblock();
Common.commitTransaction(isRegistering);
user_puk_length = 0;
user_puk_is_format_2 = Constants.USER_PIN_DEFAULT_IS_FORMAT_2;
Common.beginTransaction(isRegistering);
admin_pin_length = (byte)Constants.ADMIN_PIN_DEFAULT.length;
admin_pin_is_format_2 = Constants.ADMIN_PIN_DEFAULT_IS_FORMAT_2;
admin_pin.update(Constants.ADMIN_PIN_DEFAULT, (short)0, admin_pin_length);
admin_pin.resetAndUnblock();
Common.commitTransaction(isRegistering);

99
src/fr/anssi/smartpgp/SmartPGPApplet.java
View File

@ -149,21 +149,9 @@ public final class SmartPGPApplet extends Applet {
private final short writePwStatus(final byte[] buf, short off) {
buf[off++] = (byte)(data.user_pin_force_verify_signature ? 0x00 : 0x01);
if(data.user_pin_is_format_2) {
buf[off++] = (byte)0x80 | Constants.USER_PIN_MAX_SIZE_FORMAT_2;
} else {
buf[off++] = Constants.USER_PIN_MAX_SIZE;
}
if(data.user_puk_is_format_2) {
buf[off++] = (byte)0x80 | Constants.USER_PUK_MAX_SIZE_FORMAT_2;
} else {
buf[off++] = Constants.USER_PUK_MAX_SIZE;
}
if(data.admin_pin_is_format_2) {
buf[off++] = (byte)0x80 | Constants.ADMIN_PIN_MAX_SIZE_FORMAT_2;
} else {
buf[off++] = Constants.ADMIN_PIN_MAX_SIZE;
}
buf[off++] = data.user_pin.getTriesRemaining();
if(data.user_puk_length > 0) {
@ -524,18 +512,11 @@ public final class SmartPGPApplet extends Applet {
switch(p2) {
case (byte)0x81:
case (byte)0x82:
if(data.user_pin_is_format_2) {
Common.checkPinFormat2(transients.buffer,
(short)0, lc,
Constants.USER_PIN_MIN_SIZE_FORMAT_2,
Constants.USER_PIN_MAX_SIZE_FORMAT_2);
} else {
if((lc < Constants.USER_PIN_MIN_SIZE) ||
(lc > Constants.USER_PIN_MAX_SIZE)) {
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
return;
}
}
if(p2 == (byte)0x81) {
transients.setUserPinMode81(false);
@ -556,18 +537,11 @@ public final class SmartPGPApplet extends Applet {
return;
case (byte)0x83:
if(data.admin_pin_is_format_2) {
Common.checkPinFormat2(transients.buffer,
(short)0, lc,
Constants.ADMIN_PIN_MIN_SIZE_FORMAT_2,
Constants.ADMIN_PIN_MAX_SIZE_FORMAT_2);
} else {
if((lc < Constants.ADMIN_PIN_MIN_SIZE) ||
(lc > Constants.ADMIN_PIN_MAX_SIZE)) {
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
return;
}
}
if(!data.admin_pin.check(transients.buffer, (short)0, (byte)lc)) {
ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
@ -627,26 +601,11 @@ public final class SmartPGPApplet extends Applet {
switch(p2) {
case (byte)0x81:
if(data.user_pin_is_format_2) {
if(lc != (short)(2 * data.user_pin_length)) {
if((lc < (Constants.USER_PIN_MIN_SIZE + Constants.USER_PIN_MIN_SIZE)) ||
(lc > (Constants.USER_PIN_MAX_SIZE + Constants.USER_PIN_MAX_SIZE))) {
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
return;
}
Common.checkPinFormat2(transients.buffer,
(short)0, data.user_pin_length,
Constants.USER_PIN_MIN_SIZE_FORMAT_2,
Constants.USER_PIN_MAX_SIZE_FORMAT_2);
Common.checkPinFormat2(transients.buffer,
data.user_pin_length, data.user_pin_length,
Constants.USER_PIN_MIN_SIZE_FORMAT_2,
Constants.USER_PIN_MAX_SIZE_FORMAT_2);
} else {
if((lc < (data.user_pin_length + Constants.USER_PIN_MIN_SIZE)) ||
(lc > (data.user_pin_length + Constants.USER_PIN_MAX_SIZE))) {
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
return;
}
}
off = data.user_pin_length;
if(!data.user_pin.check(transients.buffer, (short)0, off)) {
ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
@ -662,26 +621,11 @@ public final class SmartPGPApplet extends Applet {
break;
case (byte)0x83:
if(data.admin_pin_is_format_2) {
if(lc != (short)(2 * data.admin_pin_length)) {
if((lc < (Constants.ADMIN_PIN_MIN_SIZE + Constants.ADMIN_PIN_MIN_SIZE)) ||
(lc > (Constants.ADMIN_PIN_MAX_SIZE + Constants.ADMIN_PIN_MAX_SIZE))) {
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
return;
}
Common.checkPinFormat2(transients.buffer,
(short)0, data.admin_pin_length,
Constants.ADMIN_PIN_MIN_SIZE_FORMAT_2,
Constants.ADMIN_PIN_MAX_SIZE_FORMAT_2);
Common.checkPinFormat2(transients.buffer,
data.admin_pin_length, data.admin_pin_length,
Constants.ADMIN_PIN_MIN_SIZE_FORMAT_2,
Constants.ADMIN_PIN_MAX_SIZE_FORMAT_2);
} else {
if((lc < (data.admin_pin_length + Constants.ADMIN_PIN_MIN_SIZE)) ||
(lc > (data.admin_pin_length + Constants.ADMIN_PIN_MAX_SIZE))) {
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
return;
}
}
off = data.admin_pin_length;
if(!data.admin_pin.check(transients.buffer, (short)0, off)) {
ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
@ -714,28 +658,11 @@ public final class SmartPGPApplet extends Applet {
switch(p1) {
case (byte)0x00:
if(data.user_pin_is_format_2) {
if(lc != (short)(data.user_puk_length + data.user_pin_length)) {
if((lc < (Constants.USER_PUK_MIN_SIZE + Constants.USER_PIN_MIN_SIZE)) ||
(lc > (Constants.USER_PUK_MAX_SIZE + Constants.USER_PIN_MAX_SIZE))) {
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
return;
}
Common.checkPinFormat2(transients.buffer,
data.user_puk_length, data.user_pin_length,
Constants.USER_PIN_MIN_SIZE_FORMAT_2,
Constants.USER_PIN_MAX_SIZE_FORMAT_2);
} else {
if((lc < (data.user_puk_length + Constants.USER_PIN_MIN_SIZE)) ||
(lc > (data.user_puk_length + Constants.USER_PIN_MAX_SIZE))) {
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
return;
}
}
if(data.user_puk_is_format_2) {
Common.checkPinFormat2(transients.buffer,
(short)0, data.user_puk_length,
Constants.USER_PUK_MIN_SIZE_FORMAT_2,
Constants.USER_PUK_MAX_SIZE_FORMAT_2);
}
off = data.user_puk_length;
if(!data.user_puk.check(transients.buffer, (short)0, off)) {
ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
@ -752,18 +679,11 @@ public final class SmartPGPApplet extends Applet {
case (byte)0x02:
assertAdmin();
if(data.user_pin_is_format_2) {
Common.checkPinFormat2(transients.buffer,
(short)0, lc,
Constants.USER_PIN_MIN_SIZE_FORMAT_2,
Constants.USER_PIN_MAX_SIZE_FORMAT_2);
} else {
if((lc < Constants.USER_PIN_MIN_SIZE) ||
(lc > Constants.USER_PIN_MAX_SIZE)) {
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
return;
}
}
transients.setUserPinMode81(false);
transients.setUserPinMode82(false);
JCSystem.beginTransaction();
@ -1105,18 +1025,11 @@ public final class SmartPGPApplet extends Applet {
case Constants.TAG_RESETTING_CODE:
assertAdmin();
if(data.user_puk_is_format_2) {
Common.checkPinFormat2(transients.buffer,
(short)0, lc,
Constants.USER_PUK_MIN_SIZE_FORMAT_2,
Constants.USER_PUK_MAX_SIZE_FORMAT_2);
} else {
if((lc < Constants.USER_PUK_MIN_SIZE) ||
(lc > Constants.USER_PUK_MAX_SIZE)) {
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
return;
}
}
JCSystem.beginTransaction();
data.user_puk_length = (byte)lc;
data.user_puk.update(buf, (short)0, data.user_puk_length);