Page MenuHome GnuPG
Create Task
Maniphest T3152

KDF DO support in OpenPGP card
Closed, ResolvedPublic
Actions

Description

By adding new DO (Data Object) for KDF, the OpenPGP card protocol will be improved, so that host computer can compute hash for passphrase with KDF.

This enhancement to the protocol can lower the risk when the data in a card will be accidentally exposed.

Revisions and Commits

rG GnuPG
rG91303b7df9c3 scd: Support KDF Data Object of OpenPGPcard V3.3.

Related Objects
Search...

Event Timeline

gniibe created this task.May 9 2017, 11:06 PM
gniibe added a comment.EditedMay 11 2017, 4:38 AM

Here is the spec.

KDF algorithm byte: 0 - NONE, 3 - KDF_ITERSALTED_S2K
Hash algorithm byte: 8 - SHA256, 10 - SHA512
Iteration count (4-byte)
Salt bytes for User PIN
Salt bytes for Reset Code
Salt bytes for Admin PIN
Initial PIN hash for User
Initial PIN hash for Admin

When KDF-DO is none, it is equivalent to have KDF-DO of:

KDF algorithm byte:         0 - NONE
Hash algorithm byte:        0 - N/A
Iteration count (4-byte):   None
Salt bytes for User PIN:    None
Salt bytes for Reset Code:  None
Salt bytes for Admin PIN:   None
Initial PIN hash for User:  "123456"
Initial PIN hash for Admin: "12345678"

and here is a concrete example.

KDF algorithm byte:         3 - KDF_ITERSALTED_S2K
Hash algorithm byte:        8 - SHA256
Iteration count (4-byte):   100000
Salt bytes for User PIN:    30 31 32 33 34 35 36 37
Salt bytes for Reset Code:  10 11 12 13 14 15 16 17
Salt bytes for Admin PIN:   41 42 43 44 45 46 47 48
Initial PIN hash for User:
  773784A602B6C81E3F092F4D7D00E17CC822D88F7360FCF2D2EF2D9D901F44B6
  - "123456" hashed by the KDF (with User's salt, SHA256, 100000 iter)
Initial PIN hash for Admin:
  2675D6164A0D4827D1D00C7EEA620D015C00030A1CAB38B4D0DD600B27DC9630
  - "12345678" hashed by the KDF (with Admin's salt, SHA256, 100000 iter)
gniibe triaged this task as Normal priority.May 15 2017, 4:15 AM
gniibe added a project: g10code Sprint (KW 19).
marcus moved this task from KW 19 to KW 20 on the g10code Sprint board.May 15 2017, 10:35 AM
marcus edited projects, added g10code Sprint (KW 20); removed g10code Sprint (KW 19).
marcus moved this task from KW 20 to KW 21 on the g10code Sprint board.May 22 2017, 10:43 AM
marcus edited projects, added g10code Sprint (KW 21); removed g10code Sprint (KW 20).
marcus moved this task from KW 21 to KW 22 on the g10code Sprint board.May 29 2017, 10:16 AM
marcus edited projects, added g10code Sprint (KW 22); removed g10code Sprint (KW 21).
marcus moved this task from KW 22 to KW 23 on the g10code Sprint board.Jun 6 2017, 10:16 AM
marcus edited projects, added g10code Sprint (KW 23); removed g10code Sprint (KW 22).
gniibe added a comment.Jun 9 2017, 4:32 AM

Tag for KDF-DO is assigned as:

F9
gniibe added a comment.Jun 9 2017, 4:57 AM

bit 0 (in smartcard context, we say b1 as it starts from 1) of Extended Capabilities specifies if KDF-DO is supported.

gniibe removed a project: g10code Sprint (KW 23).Jun 9 2017, 6:24 AM

Specification is finished.

gniibe mentioned this in T3201: KDF DO support enhancement.Jun 9 2017, 6:26 AM
gniibe created subtask T3201: KDF DO support enhancement.
jans added a subscriber: jans.Aug 3 2017, 9:21 AM
gniibe added a comment.EditedNov 2 2017, 8:49 AM

Changes for Gnuk is done. It's now testing. It will be in Gnuk 1.2.7.

aa added a subscriber: aa.Nov 2 2017, 5:13 PM
This comment was removed by gniibe.
gniibe added a comment.Nov 7 2017, 3:30 AM

Implemented in a branch: gniibe/scd-kdf-support

gniibe changed the task status from Open to Testing.Dec 4 2017, 2:24 AM
gniibe added a commit: rG91303b7df9c3: scd: Support KDF Data Object of OpenPGPcard V3.3..Jan 22 2018, 11:47 AM
gniibe closed subtask T3201: KDF DO support enhancement as Resolved.Feb 26 2018, 8:00 AM
gniibe created subtask T3823: gpg frontend support to setup KDF DO.Mar 5 2018, 8:49 AM
gniibe changed the status of subtask T3823: gpg frontend support to setup KDF DO from Open to Testing.Mar 22 2018, 7:59 AM
gniibe added a comment.EditedMar 30 2018, 4:59 AM

I realized that KDF support may be incompatible to Gnuk's feature of "admin-less" mode.
I'm going to implement compatible KDF support to Gnuk; That is, KDF data which only has a single salt.
In this case, all KDF calculation (user, reset-code, and admin) is done with the single salt.
With single salt, admin-less mode can work with no problem.

Arnaud added a subtask: T3891: kdf-setup does not set admin and user PIN codes.Apr 10 2018, 2:41 PM
gniibe closed subtask T3823: gpg frontend support to setup KDF DO as Resolved.Jun 6 2018, 3:41 AM
gniibe changed the status of subtask T3891: kdf-setup does not set admin and user PIN codes from Open to Testing.Feb 28 2020, 8:34 AM
gniibe closed this task as Resolved.Apr 15 2021, 7:10 AM
gniibe closed subtask T3891: kdf-setup does not set admin and user PIN codes as Resolved.Apr 21 2021, 2:45 AM