Archives/openpgp-card-app
2
0
Fork 0
mirror of https://github.com/LedgerHQ/openpgp-card-app synced 2024-11-09 07:10:30 +00:00
Code Issues Projects Releases Wiki Activity

Fix SSH authentication with Ed25519.

Browse Source 
When message to sign was too long, it overlayd the signature destination.
This commit is contained in:
Cédric 2018-06-04 17:54:46 +02:00
parent dfbfb893ef
commit c07cb00cb6
3 changed files with 11 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -28,7 +28,7 @@ SPECVERSION="3.3.1"
APPVERSION_M=1 APPVERSION_M=1
APPVERSION_N=2 APPVERSION_N=2
APPVERSION_P=0 APPVERSION_P=1
APPVERSION=$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P) APPVERSION=$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)
ifeq ($(TARGET_NAME),TARGET_BLUE) ifeq ($(TARGET_NAME),TARGET_BLUE)

10
doc/user/blue-app-openpgp-card.rst
View File

@ -96,15 +96,7 @@ The application is ready to use!
From source From source
~~~~~~~~~~~~~ ~~~~~~~~~~~~~
Building from sources requires the the Nano S SDK 1.3.1.4 on firmware 1.3.1. See https://github.com/LedgerHQ/nanos-secure-sdk Building from sources requires the the Nano S SDK 1.4.2.1 on firmware 1.4.2. See https://github.com/LedgerHQ/nanos-secure-sdk
The SDK must be slightly modified:
- replace lib_stusb/STM32_USB_Device_Library/Class/CCID/src/usbd_ccid_if.c
and lib_stusb/STM32_USB_Device_Library/Class/CCID/inc/usbd_ccid_if.h by the
one provided in sdk/ directory
- edit script.ld and modify the stack size : STACK_SIZE = 832;
Refer to the SDK documentation for the compiling/loading... Refer to the SDK documentation for the compiling/loading...

13
src/gpg_pso.c
View File

@ -88,7 +88,9 @@ static int gpg_sign(gpg_key_t *sigkey) {
unsigned char *rs; unsigned char *rs;
key = &sigkey->priv_key.ecfp; key = &sigkey->priv_key.ecfp;
//sign //sign
#define RS (G_gpg_vstate.work.io_buffer+(GPG_IO_BUFFER_LENGTH-256))
if (sigkey->attributes.value[0] == 19) { if (sigkey->attributes.value[0] == 19) {
sz = gpg_curve2domainlen(key->curve); sz = gpg_curve2domainlen(key->curve);
if ((sz == 0) || (key->d_len != sz)) { if ((sz == 0) || (key->d_len != sz)) {
@ -99,13 +101,13 @@ static int gpg_sign(gpg_key_t *sigkey) {
CX_RND_TRNG, CX_RND_TRNG,
CX_NONE, CX_NONE,
G_gpg_vstate.work.io_buffer, sz, G_gpg_vstate.work.io_buffer, sz,
G_gpg_vstate.work.io_buffer, GPG_IO_BUFFER_LENGTH, RS, 256,
NULL); NULL);
//reencode r,s in MPI format //reencode r,s in MPI format
gpg_io_discard(0); gpg_io_discard(0);
rs_len = G_gpg_vstate.work.io_buffer[3]; rs_len = RS[3];
rs = &G_gpg_vstate.work.io_buffer[4]; rs = &RS[4];
for (i = 0; i<2; i++) { for (i = 0; i<2; i++) {
if (*rs == 0) { if (*rs == 0) {
@ -124,11 +126,12 @@ static int gpg_sign(gpg_key_t *sigkey) {
CX_SHA512, CX_SHA512,
G_gpg_vstate.work.io_buffer, G_gpg_vstate.io_length, G_gpg_vstate.work.io_buffer, G_gpg_vstate.io_length,
NULL, 0, NULL, 0,
G_gpg_vstate.work.io_buffer+128, GPG_IO_BUFFER_LENGTH-128, RS, 256,
NULL); NULL);
gpg_io_discard(0); gpg_io_discard(0);
gpg_io_insert(G_gpg_vstate.work.io_buffer+128, sz); gpg_io_insert(RS, sz);
} }
#undef RS
//send //send
gpg_pso_reset_PW1(); gpg_pso_reset_PW1();