More output

When message to sign was too long, it overlayd the signature destination.

Makefile

@@ -28,7 +28,7 @@ SPECVERSION="3.3.1"
 
 APPVERSION_M=1
 APPVERSION_N=2
-APPVERSION_P=0
+APPVERSION_P=1
 APPVERSION=$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)
 
 ifeq ($(TARGET_NAME),TARGET_BLUE)

doc/user/blue-app-openpgp-card.rst

@@ -96,15 +96,7 @@ The application is ready to use!
 From source
 ~~~~~~~~~~~~~
 
-Building from sources requires the the Nano S SDK 1.3.1.4 on firmware 1.3.1. See https://github.com/LedgerHQ/nanos-secure-sdk
+Building from sources requires the the Nano S SDK 1.4.2.1 on firmware 1.4.2. See https://github.com/LedgerHQ/nanos-secure-sdk
-
-The SDK must be slightly modified:
-
-   - replace lib_stusb/STM32_USB_Device_Library/Class/CCID/src/usbd_ccid_if.c
-     and lib_stusb/STM32_USB_Device_Library/Class/CCID/inc/usbd_ccid_if.h by the 
-     one provided in sdk/ directory
-   - edit script.ld and modify the stack size : STACK_SIZE = 832;
-
 
 Refer to the SDK documentation for the compiling/loading...
 

pytools/gpgcard/restore_perso.py

@@ -0,0 +1,35 @@
+import binascii
+
+from gpgcard import GPGCard
+
+print("Connecting to device ...")
+gpgcard = GPGCard()
+gpgcard.connect("pcsc:Ledger")
+gpgcard.get_all()
+
+gpgcard.verify_pin(0x81, "123456")
+gpgcard.verify_pin(0x83, "12345678")
+
+print("Generating key 1/3 ...")
+gpgcard.generate_asym_key_pair(0x80, 0xb600)
+print("Generating key 2/3 ...")
+gpgcard.generate_asym_key_pair(0x80, 0xb800)
+print("Generating key 3/3 ...")
+gpgcard.generate_asym_key_pair(0x80, 0xa400)
+
+# Use 'gpg -k --with-subkey-fingerprint' to find fingerprints
+
+print("Setting fingerprints ...")
+sig_fingerprint = b'A3F35A5124D47C3195FF07B7F85D93686A3A9063'
+aut_fingerprint = b'9C686F97A39B4A34E0C9D37CDBF45893AB524BBC'
+dec_fingerprint = b'E4FE54969060DBF2756FC0EFD8203245E390CAEA'
+
+sig_fingerprint_bin = binascii.unhexlify(sig_fingerprint)
+aut_fingerprint_bin = binascii.unhexlify(aut_fingerprint)
+dec_fingerprint_bin = binascii.unhexlify(dec_fingerprint)
+
+gpgcard.sig_fingerprints = sig_fingerprint_bin
+gpgcard.aut_fingerprints = aut_fingerprint_bin
+gpgcard.dec_fingerprints = dec_fingerprint_bin
+
+gpgcard.set_all() 

src/gpg_pso.c

@@ -88,7 +88,9 @@ static int gpg_sign(gpg_key_t *sigkey) {
       unsigned char *rs;
 
       key = &sigkey->priv_key.ecfp;
+
       //sign
+      #define RS (G_gpg_vstate.work.io_buffer+(GPG_IO_BUFFER_LENGTH-256))
       if (sigkey->attributes.value[0] == 19) {
         sz = gpg_curve2domainlen(key->curve);
         if ((sz == 0) || (key->d_len != sz)) {
@@ -99,13 +101,13 @@ static int gpg_sign(gpg_key_t *sigkey) {
                            CX_RND_TRNG,
                            CX_NONE,
                            G_gpg_vstate.work.io_buffer, sz,
-                           G_gpg_vstate.work.io_buffer, GPG_IO_BUFFER_LENGTH,
+                           RS, 256,
                            NULL);
         //reencode r,s in MPI format
         gpg_io_discard(0);
       
-        rs_len =  G_gpg_vstate.work.io_buffer[3];
+        rs_len =  RS[3];
-        rs     =  &G_gpg_vstate.work.io_buffer[4];
+        rs     =  &RS[4];
       
         for (i = 0; i<2; i++) {
           if (*rs == 0) {
@@ -124,11 +126,12 @@ static int gpg_sign(gpg_key_t *sigkey) {
                            CX_SHA512, 
                            G_gpg_vstate.work.io_buffer, G_gpg_vstate.io_length,
                            NULL, 0,
-                           G_gpg_vstate.work.io_buffer+128, GPG_IO_BUFFER_LENGTH-128,
+                           RS, 256,
                            NULL);
         gpg_io_discard(0);
-        gpg_io_insert(G_gpg_vstate.work.io_buffer+128, sz);
+        gpg_io_insert(RS, sz);
       }
+      #undef RS
 
       //send
       gpg_pso_reset_PW1();