Please, note that I did not test this change and did it pretty much blindly.
Additionally, I think it would be important to back-port it to 2.2.
Cheers,
Kirill
On Sun, Apr 25, 2021 at 10:55 PM Kirill Elagin <kirelagin@gmail.com> wrote:
>
> * scd/app-openpgp.c (do_change_pin): Fix unblock with KDF
> --
>
> When KDF is enabled, instead of sending PIN verbatim we send its salted
> hash. User PIN, Admin PIN, and Reset Code all use different salts.
> When executing the `unblock` command (that allows the user to reset
> their PIN using the Reset Code) we were incorrectly using salt number 0
> (the one used for the Reset Code) to hash the User PIN.
>
> Use the correct salt number 1 instead.
>
> This bug was present since the original implementation of KDF back in
> 91303b7df9c3e810cfcd4920f78bac6f8b7df2b2.
> ---
> scd/app-openpgp.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
> index 5508ec68e..506b58232 100644
> --- a/scd/app-openpgp.c
> +++ b/scd/app-openpgp.c
> @@ -3454,7 +3454,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
>
> rc = pin2hash_if_kdf (app, 0, resetcode, &result1, &resultlen1);
> if (!rc)
> - rc = pin2hash_if_kdf (app, 0, pinvalue, &result2, &resultlen2);
> + rc = pin2hash_if_kdf (app, 1, pinvalue, &result2, &resultlen2);
> if (!rc)
> {
> bufferlen = resultlen1 + resultlen2;
> --
> 2.29.3
>
_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Additionally, I think it would be important to back-port it to 2.2.
Cheers,
Kirill
On Sun, Apr 25, 2021 at 10:55 PM Kirill Elagin <kirelagin@gmail.com> wrote:
>
> * scd/app-openpgp.c (do_change_pin): Fix unblock with KDF
> --
>
> When KDF is enabled, instead of sending PIN verbatim we send its salted
> hash. User PIN, Admin PIN, and Reset Code all use different salts.
> When executing the `unblock` command (that allows the user to reset
> their PIN using the Reset Code) we were incorrectly using salt number 0
> (the one used for the Reset Code) to hash the User PIN.
>
> Use the correct salt number 1 instead.
>
> This bug was present since the original implementation of KDF back in
> 91303b7df9c3e810cfcd4920f78bac6f8b7df2b2.
> ---
> scd/app-openpgp.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
> index 5508ec68e..506b58232 100644
> --- a/scd/app-openpgp.c
> +++ b/scd/app-openpgp.c
> @@ -3454,7 +3454,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
>
> rc = pin2hash_if_kdf (app, 0, resetcode, &result1, &resultlen1);
> if (!rc)
> - rc = pin2hash_if_kdf (app, 0, pinvalue, &result2, &resultlen2);
> + rc = pin2hash_if_kdf (app, 1, pinvalue, &result2, &resultlen2);
> if (!rc)
> {
> bufferlen = resultlen1 + resultlen2;
> --
> 2.29.3
>
_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel