diff --git a/Makefile b/Makefile index 9378403..219c2c3 100644 --- a/Makefile +++ b/Makefile @@ -28,7 +28,7 @@ SPECVERSION="3.3.1" APPVERSION_M=1 APPVERSION_N=2 -APPVERSION_P=1 +APPVERSION_P=0 APPVERSION=$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P) ifeq ($(TARGET_NAME),TARGET_BLUE) diff --git a/doc/user/blue-app-openpgp-card.rst b/doc/user/blue-app-openpgp-card.rst index 97a778d..6ff16dd 100644 --- a/doc/user/blue-app-openpgp-card.rst +++ b/doc/user/blue-app-openpgp-card.rst @@ -96,7 +96,15 @@ The application is ready to use! From source ~~~~~~~~~~~~~ -Building from sources requires the the Nano S SDK 1.4.2.1 on firmware 1.4.2. See https://github.com/LedgerHQ/nanos-secure-sdk +Building from sources requires the the Nano S SDK 1.3.1.4 on firmware 1.3.1. See https://github.com/LedgerHQ/nanos-secure-sdk + +The SDK must be slightly modified: + + - replace lib_stusb/STM32_USB_Device_Library/Class/CCID/src/usbd_ccid_if.c + and lib_stusb/STM32_USB_Device_Library/Class/CCID/inc/usbd_ccid_if.h by the + one provided in sdk/ directory + - edit script.ld and modify the stack size : STACK_SIZE = 832; + Refer to the SDK documentation for the compiling/loading... diff --git a/pytools/gpgcard/restore_perso.py b/pytools/gpgcard/restore_perso.py deleted file mode 100644 index 9c20560..0000000 --- a/pytools/gpgcard/restore_perso.py +++ /dev/null @@ -1,35 +0,0 @@ -import binascii - -from gpgcard import GPGCard - -print("Connecting to device ...") -gpgcard = GPGCard() -gpgcard.connect("pcsc:Ledger") -gpgcard.get_all() - -gpgcard.verify_pin(0x81, "123456") -gpgcard.verify_pin(0x83, "12345678") - -print("Generating key 1/3 ...") -gpgcard.generate_asym_key_pair(0x80, 0xb600) -print("Generating key 2/3 ...") -gpgcard.generate_asym_key_pair(0x80, 0xb800) -print("Generating key 3/3 ...") -gpgcard.generate_asym_key_pair(0x80, 0xa400) - -# Use 'gpg -k --with-subkey-fingerprint' to find fingerprints - -print("Setting fingerprints ...") -sig_fingerprint = b'A3F35A5124D47C3195FF07B7F85D93686A3A9063' -aut_fingerprint = b'9C686F97A39B4A34E0C9D37CDBF45893AB524BBC' -dec_fingerprint = b'E4FE54969060DBF2756FC0EFD8203245E390CAEA' - -sig_fingerprint_bin = binascii.unhexlify(sig_fingerprint) -aut_fingerprint_bin = binascii.unhexlify(aut_fingerprint) -dec_fingerprint_bin = binascii.unhexlify(dec_fingerprint) - -gpgcard.sig_fingerprints = sig_fingerprint_bin -gpgcard.aut_fingerprints = aut_fingerprint_bin -gpgcard.dec_fingerprints = dec_fingerprint_bin - -gpgcard.set_all() diff --git a/src/gpg_pso.c b/src/gpg_pso.c index 1d389b0..8d1895c 100644 --- a/src/gpg_pso.c +++ b/src/gpg_pso.c @@ -88,9 +88,7 @@ static int gpg_sign(gpg_key_t *sigkey) { unsigned char *rs; key = &sigkey->priv_key.ecfp; - //sign - #define RS (G_gpg_vstate.work.io_buffer+(GPG_IO_BUFFER_LENGTH-256)) if (sigkey->attributes.value[0] == 19) { sz = gpg_curve2domainlen(key->curve); if ((sz == 0) || (key->d_len != sz)) { @@ -101,13 +99,13 @@ static int gpg_sign(gpg_key_t *sigkey) { CX_RND_TRNG, CX_NONE, G_gpg_vstate.work.io_buffer, sz, - RS, 256, + G_gpg_vstate.work.io_buffer, GPG_IO_BUFFER_LENGTH, NULL); //reencode r,s in MPI format gpg_io_discard(0); - rs_len = RS[3]; - rs = &RS[4]; + rs_len = G_gpg_vstate.work.io_buffer[3]; + rs = &G_gpg_vstate.work.io_buffer[4]; for (i = 0; i<2; i++) { if (*rs == 0) { @@ -126,13 +124,12 @@ static int gpg_sign(gpg_key_t *sigkey) { CX_SHA512, G_gpg_vstate.work.io_buffer, G_gpg_vstate.io_length, NULL, 0, - RS, 256, + G_gpg_vstate.work.io_buffer+128, GPG_IO_BUFFER_LENGTH-128, NULL); gpg_io_discard(0); - gpg_io_insert(RS, sz); + gpg_io_insert(G_gpg_vstate.work.io_buffer+128, sz); } - #undef RS - + //send gpg_pso_reset_PW1(); return SW_OK;