search

LedgerHQ / app-openpgp

OpenPGP Card Application
Apache License 2.0
122 stars 21 forks source link

"User PIN" cannot be verified by gpg command #81

Closed keiji closed 7 months ago

keiji commented 2 years ago

Describe the issue

We cannot change PIN mode by "User PIN Not Verified" error.

And I think "User PIN" cannot be verify by gpg command. Because of gpg command verify with CHV1-PIN but Ledger OpenPGP app is checking CHV2-PIN state.

scdaemon logs 2022-08-11 23:26:42 scdaemon[845] DBG: send apdu: c=00 i=20 p1=00 p2=81 lc=6 le=-1 em=0 2022-08-11 23:26:42 scdaemon[845] DBG: PCSC_data: 00 20 00 81 06 31 31 31 31 31 31 2022-08-11 23:26:42 scdaemon[845] DBG: response: sw=6982 datalen=0 2022-08-11 23:26:42 scdaemon[845] verify CHV1 failed: Bad PIN

https://github.com/LedgerHQ/openpgp-card-app/blob/64662c181f4c906288564cbfadc2db53df4534b0/src/gpg_ux_nanos.c#L763-L766

Steps to reproduce

  1. Connect Ledger Nano S to your computer, unlock and launch OpenPGP(.XL).
  2. Select "Settings" on Ledger Nano.
  3. Select "PIN mode" on Ledger Nano.
  4. Select "Host" on Ledger Nano. -> You can see the error "User PIN Not Verified"
  5. Run gpg --edit-card on your computer.
  6. Put command admin and verify
  7. Put your PIN(User PIN).
  8. Select "Host" on Ledger Nano. -> The error "User PIN Not Verified" again.

Expected behavior

If verify is succeeded by gpg command, we are able to change PIN mode "Host".

Environments

$ gpg --version
gpg (GnuPG) 2.2.29-unknown
libgcrypt 1.9.3-unknown
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /c/Users/ARIYAMA Keiji/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
% gpg --version
gpg (GnuPG) 2.3.7
libgcrypt 1.10.1
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /Users/keiji_ariyama/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
AEAD: EAX, OCB
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Additional context

I checked the scdaemon logs while I ran verify with the gpg command.

$ gpg --edit-card --verbose $ gpg --edit-card --verbose Reader ...........: Ledger Nano S 0 Application ID ...: D2760001240103032C9731DE307A0000 Application type .: OpenPGP Version ..........: 3.3 Manufacturer .....: unknown Serial number ....: 31DE307A Name of cardholder: [not set] Language prefs ...: [not set] Salutation .......: URL of public key : [not set] Login data .......: [not set] Signature PIN ....: not forced Key attributes ...: rsa2048 rsa2048 rsa2048 Max. PIN lengths .: 12 12 12 PIN retry counter : 3 0 3 Signature counter : 0 Signature key ....: [none] Encryption key....: [none] Authentication key: [none] General key info..: [none] gpg/card> admin Admin commands are allowed gpg/card> verify gpg: pinentry launched (851 w32 1.2.0-unknown /dev/pty0 xterm needs-to-be-defined 20600/197609/197121 197609/197121 0) Reader ...........: Ledger Nano S 0 Application ID ...: D2760001240103032C9731DE307A0000 Application type .: OpenPGP Version ..........: 3.3 Manufacturer .....: unknown Serial number ....: 31DE307A Name of cardholder: [not set] Language prefs ...: [not set] Salutation .......: URL of public key : [not set] Login data .......: [not set] Signature PIN ....: not forced Key attributes ...: rsa2048 rsa2048 rsa2048 Max. PIN lengths .: 12 12 12 PIN retry counter : 2 0 3 Signature counter : 0 Signature key ....: [none] Encryption key....: [none] Authentication key: [none] General key info..: [none] gpg/card>

These logs are failed(wrong PIN) pattern. You can see verify CHV1 in the log.

2022-08-11 23:26:40 scdaemon[845] DBG: asking for PIN '||Please unlock the card%0A%0A Number : 2C97 31DE307A%0AHolder : %0ACounter : 0'
2022-08-11 23:26:40 scdaemon[845] DBG: chan_7 -> [ 49 4e 51 55 49 52 45 20 4e 45 45 44 50 49 4e 20 ...(79 byte(s) skipped) ]
2022-08-11 23:26:42 scdaemon[845] DBG: chan_7 <- [ 44 20 31 31 31 31 31 31 00 00 00 00 00 00 00 00 ...(76 byte(s) skipped) ]
2022-08-11 23:26:42 scdaemon[845] DBG: chan_7 <- END
2022-08-11 23:26:42 scdaemon[845] DBG: send apdu: c=00 i=20 p1=00 p2=81 lc=6 le=-1 em=0
2022-08-11 23:26:42 scdaemon[845] DBG:   PCSC_data: 00 20 00 81 06 31 31 31 31 31 31
2022-08-11 23:26:42 scdaemon[845] DBG:  response: sw=6982  datalen=0
2022-08-11 23:26:42 scdaemon[845] verify CHV1 failed: Bad PIN
2022-08-11 23:26:42 scdaemon[845] operation check_pin result: Bad PIN
2022-08-11 23:26:42 scdaemon[845] app_check_pin failed: Bad PIN
2022-08-11 23:26:42 scdaemon[845] DBG: chan_7 -> ERR 100663383 Bad PIN <SCD>
2022-08-11 23:26:42 scdaemon[845] DBG: enter: apdu_get_status: slot=0 hang=0

Workaround

I tried to verify CHV2-PIN by opensc-explorer command that is contained openSC.

$ opensc-explorer -r 1
OpenSC Explorer version 0.22.0
OpenSC [3F00]> verify CHV2 313233343536
Code correct.

Then, I have succeeded to change PIN mode after CHV2-PIN has been verified!

Consideration

I think that gpg command verify with CHV1-PIN but Ledger OpenPGP app is checking CHV2-PIN state.

https://github.com/LedgerHQ/openpgp-card-app/blob/64662c181f4c906288564cbfadc2db53df4534b0/src/gpg_ux_nanos.c#L763-L766

cedelavergne-ledger commented 7 months ago

Hello,

I am not able to reproduce your error. Working on the app refactoring, I can verify correctly the PIN. As far as I can see, the pin verification is done thanks to the value provided in P2, as written in the openpgpg spec. In the logs, I can see:

scdaemon[27887] DBG: check_pcsc_pinpad: command=20, r=0
scdaemon[27887] DBG: prompting for pinpad entry '||Please unlock the card%0A%0ANumber: 2C97 1706948A%0AHolder: '
scdaemon[27887] DBG: chan_7 -> [ 49 4e 51 55 49 52 45 20 50 4f 50 55 50 50 49 4e ...(75 byte(s) skipped) ]
scdaemon[27887] DBG: chan_7 <- END
scdaemon[27887] DBG: send secure: c=00 i=20 p1=00 p2=82 len=24 pinmax=15
scdaemon[27887] DBG:  response: sw=9000  datalen=2
scdaemon[27887] DBG: dismiss pinpad entry prompt
scdaemon[27887] DBG: chan_7 -> INQUIRE DISMISSPINPADPROMPT
scdaemon[27887] DBG: chan_7 <- END
scdaemon[27887] operation check_pin result: Success

Can you double check on your side? Please note the updated version 2.0.0 is available in the branch develop.

I propose to allow both PW1 and PW2 when reuesting to change the PIN mode.

One question I didn't find the answer: How to force the verification using either PW1 or PW2?

cedelavergne-ledger commented 7 months ago

Changed in v2.0.1

AlekEagle commented 7 months ago

still experiencing this issue, I can set the mode to trust after performing an action that requires admin pin verification, but I have been unable to set it to anything else.

AlekEagle commented 7 months ago

very unsure what I did, i think it had something to do with UIF mode on decrypt, but I was able to change my pin mode to host now.