First set Admin PIN, then PIN to prevent Gnuk from going into 'admin less mode'

2017-11-03 14:06:26 +01:00
parent 3a818e8cde
commit 2cf3e27e51
2 changed files with 9 additions and 3 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenConnection.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenConnection.java
@@ -209,6 +209,10 @@ public class SecurityTokenConnection {
        }
    }

+    public void resetPw3Validation() {
+        mPw3Validated = false;
+    }
+
    @VisibleForTesting
    void determineTokenType() throws IOException {
        tokenType = mTransport.getTokenTypeIfAvailable();
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java
@@ -25,7 +25,6 @@ package org.sufficientlysecure.keychain.ui;
 import java.io.IOException;
 import java.nio.ByteBuffer;
 import java.util.Arrays;
-import java.util.Map;

 import android.content.Intent;
 import android.os.AsyncTask;
@@ -293,9 +292,12 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenActivity {
                    mInputParcel = mInputParcel.withCryptoData(subkeyBytes, tokenSerialNumber);
                }

-                // change PINs afterwards
-                stConnection.resetPin(newPin, adminPin);
+                // First set Admin PIN, then PIN.
+                // Order is important for Gnuk, otherwise it will be set up in "admin less mode".
+                // http://www.fsij.org/doc-gnuk/gnuk-passphrase-setting.html#set-up-pw1-pw3-and-reset-code
                stConnection.modifyPw3Pin(newAdminPin, adminPin);
+                stConnection.resetPw3Validation();
+                stConnection.resetPin(newPin, new Passphrase(new String(newAdminPin)));

                break;
            }