Support for new authorization mechanism #22

szszszsz · 2016-11-19T15:12:10Z

Recently new authorization mechanism has been introduced to NK Pro. Briefly it consist of:

removing CMD_AUTHORIZE completely
adding temporary password directly to command packets which needs to be authorized

Links:

Add temporary passwords to commands instead of AUTHORIZE nitrokey-pro-firmware#25
Handle bigger OTP secrets up to 40 bytes, 320 bits nitrokey-pro-firmware#29 (updated WRITE_TO_SLOT command)

Following description from #85: Functional changes: OTP secret extended to 40 Bytes Authorization changed from pre-authenticated CRC to temporary password in HID report OTP counter transferred as 64bit unsigned Integer instead of C-String OTP counter is retained when editing slots Temporary passwords cleared through lock_device operation HOTP verification functionality added Further changes: OTP handlng now uses struct format for message parsing and passing data around Replace optimizable memset with non-optimizable memset_safe function for critical data Additional: Smart card counters update on Pro request Fixes #85 Fixes #70 Fixes #64 Fixes #26 Fixes #22 Fixes #23

szszszsz added the enhancement label Nov 19, 2016

NKelias mentioned this issue Jan 27, 2019

v0.54 updated OTP handling #85

Merged

szszszsz added this to the v0.54 milestone Jan 31, 2019

szszszsz closed this as completed in #85 Jun 13, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support for new authorization mechanism #22

Support for new authorization mechanism #22

szszszsz commented Nov 19, 2016 •

edited

Loading

Support for new authorization mechanism #22

Support for new authorization mechanism #22

Comments

szszszsz commented Nov 19, 2016 • edited Loading

szszszsz commented Nov 19, 2016 •

edited

Loading