From c07cb00cb61035fe13af668c3caf11f2ea0af044 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric?= Date: Mon, 4 Jun 2018 17:54:46 +0200 Subject: [PATCH] Fix SSH authentication with Ed25519. When message to sign was too long, it overlayd the signature destination. --- Makefile | 2 +- doc/user/blue-app-openpgp-card.rst | 10 +--------- src/gpg_pso.c | 15 +++++++++------ 3 files changed, 11 insertions(+), 16 deletions(-) diff --git a/Makefile b/Makefile index 219c2c3..9378403 100644 --- a/Makefile +++ b/Makefile @@ -28,7 +28,7 @@ SPECVERSION="3.3.1" APPVERSION_M=1 APPVERSION_N=2 -APPVERSION_P=0 +APPVERSION_P=1 APPVERSION=$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P) ifeq ($(TARGET_NAME),TARGET_BLUE) diff --git a/doc/user/blue-app-openpgp-card.rst b/doc/user/blue-app-openpgp-card.rst index 6ff16dd..97a778d 100644 --- a/doc/user/blue-app-openpgp-card.rst +++ b/doc/user/blue-app-openpgp-card.rst @@ -96,15 +96,7 @@ The application is ready to use! From source ~~~~~~~~~~~~~ -Building from sources requires the the Nano S SDK 1.3.1.4 on firmware 1.3.1. See https://github.com/LedgerHQ/nanos-secure-sdk - -The SDK must be slightly modified: - - - replace lib_stusb/STM32_USB_Device_Library/Class/CCID/src/usbd_ccid_if.c - and lib_stusb/STM32_USB_Device_Library/Class/CCID/inc/usbd_ccid_if.h by the - one provided in sdk/ directory - - edit script.ld and modify the stack size : STACK_SIZE = 832; - +Building from sources requires the the Nano S SDK 1.4.2.1 on firmware 1.4.2. See https://github.com/LedgerHQ/nanos-secure-sdk Refer to the SDK documentation for the compiling/loading... diff --git a/src/gpg_pso.c b/src/gpg_pso.c index 8d1895c..1d389b0 100644 --- a/src/gpg_pso.c +++ b/src/gpg_pso.c @@ -88,7 +88,9 @@ static int gpg_sign(gpg_key_t *sigkey) { unsigned char *rs; key = &sigkey->priv_key.ecfp; + //sign + #define RS (G_gpg_vstate.work.io_buffer+(GPG_IO_BUFFER_LENGTH-256)) if (sigkey->attributes.value[0] == 19) { sz = gpg_curve2domainlen(key->curve); if ((sz == 0) || (key->d_len != sz)) { @@ -99,13 +101,13 @@ static int gpg_sign(gpg_key_t *sigkey) { CX_RND_TRNG, CX_NONE, G_gpg_vstate.work.io_buffer, sz, - G_gpg_vstate.work.io_buffer, GPG_IO_BUFFER_LENGTH, + RS, 256, NULL); //reencode r,s in MPI format gpg_io_discard(0); - rs_len = G_gpg_vstate.work.io_buffer[3]; - rs = &G_gpg_vstate.work.io_buffer[4]; + rs_len = RS[3]; + rs = &RS[4]; for (i = 0; i<2; i++) { if (*rs == 0) { @@ -124,12 +126,13 @@ static int gpg_sign(gpg_key_t *sigkey) { CX_SHA512, G_gpg_vstate.work.io_buffer, G_gpg_vstate.io_length, NULL, 0, - G_gpg_vstate.work.io_buffer+128, GPG_IO_BUFFER_LENGTH-128, + RS, 256, NULL); gpg_io_discard(0); - gpg_io_insert(G_gpg_vstate.work.io_buffer+128, sz); + gpg_io_insert(RS, sz); } - + #undef RS + //send gpg_pso_reset_PW1(); return SW_OK;