Add temporary passwords to commands instead of AUTHORIZE #25
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
szszszsz
force-pushed
the
8-authorization
branch
from
ad4a30f to
403d886
Compare
Extract methods for validating temporary password Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Extraction of OTP slot range checking functions Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Divide CMD_WRITE_SLOT to two packets due to limited space Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Unused later in code since it is copied directly to the device Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
… commands Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Replace magic numbers for boolean variable with constants Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
To allow for read-only backward compatibility Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
szszszsz
force-pushed
the
8-authorization
branch
from
a69e9fa to
48f8960
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add temporary passwords to commands instead of using AUTHORIZE command and CRC to increase security.
Fixes #8, fixes #7
Commands affected: WRITE_TO_SLOT, GET_CODE, ERASE_SLOT, WRITE_CONFIG
Removed: AUTHORIZE, USER_AUTHORIZE
Tested on Ubuntu 16.04/16.10 with libnitrokey C++ tests. Will be checked also against general Python unittests and then merged.
Tested also on Nitrokey App for read-only backwards compatibility (affected commands besides GET_CODE will not work).
Compiled with: