Skip to content

Commit 8b1463c

Browse files
committed
Improve PIN/PUK length testing when KDF is enabled
1 parent faaa48c commit 8b1463c

2 files changed

Lines changed: 24 additions & 10 deletions

File tree

src/fr/anssi/smartpgp/Persistent.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -236,8 +236,8 @@ protected void reset(final boolean isRegistering) {
236236
Common.beginTransaction(isRegistering);
237237
user_pin_length = (byte)Constants.USER_PIN_DEFAULT.length;
238238
user_pin.update(Constants.USER_PIN_DEFAULT, (short)0, user_pin_length);
239-
user_pin.resetAndUnblock();
240239
Common.commitTransaction(isRegistering);
240+
user_pin.resetAndUnblock();
241241

242242
Common.beginTransaction(isRegistering);
243243
user_puk_length = (short)0;
@@ -253,8 +253,8 @@ protected void reset(final boolean isRegistering) {
253253
Common.beginTransaction(isRegistering);
254254
admin_pin_length = (byte)Constants.ADMIN_PIN_DEFAULT.length;
255255
admin_pin.update(Constants.ADMIN_PIN_DEFAULT, (short)0, admin_pin_length);
256-
admin_pin.resetAndUnblock();
257256
Common.commitTransaction(isRegistering);
257+
admin_pin.resetAndUnblock();
258258

259259
isTerminated = false;
260260
}

src/fr/anssi/smartpgp/SmartPGPApplet.java

Lines changed: 22 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -767,10 +767,17 @@ private final void processResetRetryCounter(final short lc,
767767

768768
case (byte)0x02:
769769
assertAdmin();
770-
if((lc < Constants.USER_PIN_MIN_SIZE) ||
771-
(lc > Constants.USER_PIN_MAX_SIZE)) {
772-
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
773-
return;
770+
if(data.keyDerivationIsActive()) {
771+
if(lc != data.keyDerivationSize()) {
772+
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
773+
return;
774+
}
775+
} else {
776+
if((lc < Constants.USER_PIN_MIN_SIZE) ||
777+
(lc > Constants.USER_PIN_MAX_SIZE)) {
778+
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
779+
return;
780+
}
774781
}
775782
transients.setUserPinMode81(false);
776783
transients.setUserPinMode82(false);
@@ -1142,10 +1149,17 @@ private final void processPutData(final short lc,
11421149

11431150
case Constants.TAG_RESETTING_CODE:
11441151
assertAdmin();
1145-
if((lc < Constants.USER_PUK_MIN_SIZE) ||
1146-
(lc > Constants.USER_PUK_MAX_SIZE)) {
1147-
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
1148-
return;
1152+
if(data.keyDerivationIsActive()) {
1153+
if(lc != data.keyDerivationSize()) {
1154+
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
1155+
return;
1156+
}
1157+
} else {
1158+
if((lc < Constants.USER_PUK_MIN_SIZE) ||
1159+
(lc > Constants.USER_PUK_MAX_SIZE)) {
1160+
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
1161+
return;
1162+
}
11491163
}
11501164
JCSystem.beginTransaction();
11511165
data.user_puk_length = (byte)lc;

0 commit comments

Comments
 (0)