nitrokey / nitrokey-start-firmware Goto Github PK

View Code? Open in Web Editor NEW

56.0 15.0 15.0 18.7 MB

A mirror of Gnuk's 1.0.x and 1.2.x branches.

C 67.27% Makefile 0.69% Assembly 0.17% Tcl 0.02% Shell 0.31% Python 25.99% GDB 0.01% Gherkin 5.55%

nitrokey-start-firmware's Introduction

Nitrokey Start firmware repository

Useful links:

Original GNUK README file.
Prebuilt binaries for upgrade.
Firmware upgrade instructions

nitrokey-start-firmware's People

Contributors

Stargazers

Watchers

Forkers

techge seifertm techlord-rce alex-nitrokey kliment daringer periloso osresearch apython123 gladiopeace igaw nitrosimon mschm05 okrutax zerovectorti

nitrokey-start-firmware's Issues

Error: Bad PIN!

I'm using it with nitrokey start, I've updated it yesterday to RTM.8 (it was RTM.5)
When I'm trying to encrypt data or use PasswordStore, it asks me for PIN. And it worked yesterday.

Expected Behavior

PIN is OK, data processed successfully

Current Behavior

It says "Error: Bad PIN! Take away Security Token now and touch TRY AGAIN", but on PC it works perfectly

Context

I can't decrypt my password store on my phone

Your Environment

Android Version: 8.1
Device Model: Blackberry BB100 (KeyOne)
OpenKeychain Version: 5.5
From Google Play or F-Droid?: Google Play (but I tried F-Droid too)

Improve update tool

Improve update tool so that it would :

detect if device is in bootloader stage and continue if possible;
suggest best solution for the given error (specifically lack of connection on regnual start);
inform user about required packages to be installed (pyusb, cffi);
do not allow to use CTRL+C without confirmation;
remove usage of infinite loops while waiting;
print the current version of the tool;
release it to pip repository for easy access, without Git usage;
add proper documentation.

Additional:

Details: https://support.nitrokey.com/t/nitrokey-start-benotigte-linux-pakete-fur-fimwareupdate/2228/9
Connected: #24

HOTP support?

Is it planned?

Sent from my Galaxy S3 using FastHub-Libre

Changing serialnumber 2nd time throws "ValueError: ('cmd_write_binary 0', '6581')"

I have three Nitrokey Start which I use on several machines with identical subkeys. Because gpg store the serial card number in the sub-key stub of public key I want to have all tokens the same serial number. For that I used:

export EMAIL=[email protected]
pkill -9 scdaemon
edit the wanted new in GNUK_SERIAL_NUMBER
python2 tool/gnuk_put_binary_libusb.py -s ./GNUK_SERIAL_NUMBER

Principaly that works but only one time. Updating the serial number a second time results in "ValueError: ('cmd_write_binary 0', '6581')":

session.txt

Doing a factory reset doesn't help. The altered serial number remain and is further not changeable.

PS. One token is now unusable for me because I was not prepared to set the right serial number on the first shot.

How to use the backup of the secret key?

When using the gpg2 --card-edit generate command, one of the options is to create an off-device backup of the secret. How do you use this file? It seems that gpg2 hasn't changed since this mailing list post in 2017 with regards to importing a secret key to match it to the device.

Some things I've tried:

% gpg2 gnupg/sk_4FC1E4C20F8AC356.gpg  
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
gpg: DBG: FIXME: merging secret key blocks is not anymore available
gpg: DBG: FIXME: No way to print secret key packets here

% gpg2 --allow-secret-key-import --import gnupg/sk_4FC1E4C20F8AC356.gpg  
gpg: key 4FC1E4C20F8AC356: no user ID
gpg: Total number processed: 1
gpg:       secret keys read: 1

% gpg2 --edit-key 4FC1E4C20F8AC356
gpg (GnuPG) 2.2.19; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

pub  rsa2048/E7277F2F7193A538
     created: 2020-09-08  expires: 2021-09-08  usage: SC  
     trust: unknown       validity: unknown
sub  rsa2048/D03ED8B060CD46F0
     created: 2020-09-08  expires: 2021-09-08  usage: A   
sub  rsa2048/4FC1E4C20F8AC356
     created: 2020-09-08  expires: 2021-09-08  usage: E   
[ unknown] (1). TESTING

gpg> toggle
Need the secret key to do this.

gpg> bkuptocard
Need the secret key to do this.

tool/upgrade_by_passwd.py does not work with python3

…/nitrokey-start-firmware/tool $ python3.6 ./upgrade_by_passwd.py ../prebuilt/$RTM/regnual.bin ../prebuilt/$RTM/gnuk.bin
  File "./upgrade_by_passwd.py", line 40
    print "CRC32: %04x\n" % crc32code
                        ^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print("CRC32: %04x\n" % crc32code)?

Python 2 will be EOL in 2020-01-01 please move to Python 3.

Card Number changes Keys with different gpg versions

When loading the card via gpg --card-status i get different Card numbers on different machines with different gpg versions:
Ubuntu 18.4
gpg (GnuPG) 2.2.4
libgcrypt 1.8.1

Reader ...........: 20A0:4211:FSIJ-1.2.15-431xxxxx:0
Application ID ...: D276000124010200FFFE431022520000
Version ..........: 2.0
Manufacturer .....: unmanaged S/N range
Serial number ....: 431xxxxx
...
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
...
sec>  rsa4096/0xXXXXXXXXXXXXXX  erzeugt: xxxx-xx-xx  verfällt: xxxx-xx-xx
                                  Kartennummer: FFFE 431xxxxx
ssb>  rsa4096/0xXXXXXXXXXXXXXX  erzeugt: xxxx-xx-xx  verfällt: xxxx-xx-xx
                                  Kartennummer: FFFE 431xxxxx
ssb>  rsa4096/0XXXXXXXXXXXXXX  erzeugt: xxxx-xx-xx  verfällt: xxxx-xx-xx
                                  Kartennummer: FFFE 431xxxxx

and with gpg (GnuPG) 2.2.19
libgcrypt 1.8.5 on Ubuntu 20.4 i get:

Reader ...........: 20A0:4211:FSIJ-1.2.15-431xxxxx:0
Application ID ...: D276000124010200FFFE431022520000
Application type .: OpenPGP
Version ..........: 2.0
Manufacturer .....: unmanaged S/N range
Serial number ....: 431xxxxx
...
Login data .......: [nicht gesetzt]
Signature PIN ....: nicht zwingend
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
KDF setting ......: off
...
sec>  rsa4096/0xXXXXXXXXXXXXXX  erzeugt: xxxx-xx-xx  verfällt: xxxx-xx-xx
                                  Kartennummer: FFFE 001xxxxx
ssb>  rsa4096/0xXXXXXXXXXXXXXX  erzeugt: xxxx-xx-xx  verfällt: xxxx-xx-xx
                                  Kartennummer: FFFE 001xxxxx
ssb>  rsa4096/0xXXXXXXXXXXXXXX  erzeugt: xxxx-xx-xx  verfällt: xxxx-xx-xx
                                  Kartennummer: FFFE 001xxxxx

Tests: move from freshen to aloe

And very cosmetic point, I was not aware of Freshen, but since it is no more maintained I understand why. Have you already considered Aloe ? I moved from Lettuce to Aloe without noticeable troubles and you can export your results to xunit format.
Aren’t you stuck with python 2.x with freshen ?

Source: https://support.nitrokey.com/t/decipher-with-ecdh-key/2375/3?u=szszszsz

Unable to sign ssh certificate

I just found out that I couldn't login with an ssh certificate with my nitrokey start yesterday.

Luckily it seems that this problem as been reported already and fixed on the gnuk side. I actually can't believe my luck, it's been fixed only a couple days ago! What a coincidence.

It seem to be related to this commit: http://git.gniibe.org/cgit/gnuk/gnuk.git/commit/?id=bf30144144498e5ea303942ed5479c9759aa7fb7

You think this could be integrated in the start firmware? I cannot log into my work embedded devices without this.

The more I think about it, it might even have been reported here already as the person in the official bug report states he has a nitrokey start too (https://dev.gnupg.org/T5041). I can't see it in the issue list though.

Show firmware version in the reader string

Following reader string should reflect currently flashed version of our release:

Reader ...........: 20A0:4211:FSIJ-1.2.15-431xxxxx:0

E.g.:

Reader ...........: 20A0:4211:NK10-1.2.15-431xxxxx:0

Nitrokey Start listed as none

Nitrokey Start is listed as

none: none none (none)

Command: $ nitropy list

OS: Windows, Linux
To investigate and correct.

Connected:

Slow boot time

With HID interface enabled (see #40) the boot time has increased significantly to 5+ seconds.

System log excerpt:

[  +1.664057] usb 3-6: new full-speed USB device number 19 using xhci_hcd
[  +0.127473] usb 3-6: New USB device found, idVendor=20a0, idProduct=4211, bcdDevice= 2.00
[  +0.000004] usb 3-6: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  +0.000003] usb 3-6: Product: Nitrokey Start
[  +0.000002] usb 3-6: Manufacturer: Nitrokey
[  +0.000003] usb 3-6: SerialNumber: FSIJ-1.2.15-87042524
[  +5.340379] input: Nitrokey Nitrokey Start as /devices/pci0000:00/0000:00:14.0/usb3/3-6/3-6:1.1/0003:20A0:4211.000F/input/input27
[  +0.053454] hid-generic 0003:20A0:4211.000F: input,hidraw5: USB HID v1.10 Keypad [Nitrokey Nitrokey Start] on usb-0000:00:14.0-6/input1

USB debug console prevents gpg mode from working

I've built the firmware from source and verified that gpg mode works in the stock build (flashing over SWD):

./configure --vidpid=20a0:4211 --target=NITROKEY_START

[790047.231169] usb 1-3: new full-speed USB device number 27 using xhci_hcd
[790047.380856] usb 1-3: New USB device found, idVendor=20a0, idProduct=4211, bcdDevice= 2.00
[790047.380863] usb 1-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[790047.380867] usb 1-3: Product: Nitrokey Start
[790047.380870] usb 1-3: Manufacturer: Nitrokey
[790047.380873] usb 1-3: SerialNumber: FSIJ-1.2.15-43115544

% gpg2 --card-status
Reader ...........: 20A0:4211:FSIJ-1.2.15-43115544:0
Application ID ...: D276000124010200FFFE431155440000
Version ..........: 2.0
Manufacturer .....: unmanaged S/N range
Serial number ....: 43115544
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

However when I enable the debug console there is both nothing printed on the uart and the device doesn't respond to gpg --card-status commands. The USB enumeration looks right -- there are both the CCID and CDC endpoints.

[790104.186428] usb 1-3: new full-speed USB device number 28 using xhci_hcd
[790104.340240] usb 1-3: New USB device found, idVendor=20a0, idProduct=4211, bcdDevice= 2.00
[790104.340247] usb 1-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[790104.340250] usb 1-3: Product: Nitrokey Start
[790104.340253] usb 1-3: Manufacturer: Nitrokey
[790104.340256] usb 1-3: SerialNumber: FSIJ-1.2.15-43115544
[790104.344389] cdc_acm 1-3:1.1: ttyACM1: USB ACM device

lsusb.txt

Running gpg2 --card-status hangs. Attempting to open the serial port produces a warning on the dmesg (but no output ever appears on the console):

[790249.857875] cdc_acm 1-3:1.1: failed to set dtr/rts

It's not clear with gdb where the card is; everytime I single step it is in chx_idle().

upgrade_by_passwd.py can brick the key on single invocation

A single invocation of "upgrade_by_passwd.py" with the wrong admin key will brick the key in a single run if factory_reset=no

I would not expect the tool to try a single pin 3 times in a row without prompting, it would probably be best to make this less aggressive.

Flashing NK Start to 1.2.12 failed

Hallo,
this is my first update to a newly NK Start, nothing was stored before. I did follow Firmware upgrade instructions.
Before is:

    $ cat before.status 
    Reader ...........: Nitrokey Nitrokey Start (FSIJ-1.2.10-XXXXXXX) 00 00
    Application ID ...: D276000124010200FFFEXXXXXXX0000
    Application type .: OpenPGP
    Version ..........: 2.0
    Manufacturer .....: unmanaged S/N range
    Serial number ....: XXXXXXX
    Name of cardholder: [nicht gesetzt]
    Language prefs ...: [nicht gesetzt]
    Salutation .......: 
    URL of public key : [nicht gesetzt]
    Login data .......: [nicht gesetzt]
    Signature PIN ....: zwingend
    Key attributes ...: rsa2048 rsa2048 rsa2048
    Max. PIN lengths .: 127 127 127
    PIN retry counter : 3 3 3
    Signature counter : 0
    KDF setting ......: off
    Signature key ....: [none]
    Encryption key....: [none]
    Authentication key: [none]
    General key info..: [none]

and the diff gives:

    $ diff before.status after.status
    1c1
    < Reader ...........: Nitrokey Nitrokey Start (FSIJ-1.2.10-XXXXXXX) 00 00
    ---
    > Reader ...........: 20A0:4211:FSIJ-1.2.6-XXXXXXX:0
    17d16
    < KDF setting ......: off

The Reader ID is completely smashed.

I've got during flashing:

    $ ./upgrade_by_passwd.py ../prebuilt/$RTM/regnual.bin ../prebuilt/$RTM/gnuk.bin
    Admin password: 
    ../prebuilt/RTM.5/regnual.bin: 4372
    ../prebuilt/RTM.5/gnuk.bin: 113664
    Currently connected device strings:
    Device: 
        Vendor: Nitrokey
       Product: Nitrokey Start
        Serial: FSIJ-1.2.10-XXXXXXX
      Revision: RTM.6
        Config: NITROKEY_START:dfu=no:debug=no:pinpad=no:certdo=yes:factory_reset=yes
           Sys: 3.0
    CRC32: b7020271

    Device: 
    Configuration: 1
    Interface: 0
    ./upgrade_by_passwd.py:205: DeprecationWarning: tostring() is deprecated. Use tobytes() instead.
      main(wait_e, keyno, passwd, data_regnual, data_upgrade[4096:], args.bootloader)
    20002a00:20005000
    *** Running update. Do NOT remove the device from the USB slot, until further notice.
    Downloading flash upgrade program...
    start 20002a00
    end   20003b00
    Run flash upgrade program...
    Waiting for device to appear:
      Wait 1 second...
    Device: 
    08001000:08020000
    Downloading the program
    start 08001000
    end   0801bc00
    failure
    failure
    failure
    failure
    failure
    ... over 300x ...
    failure
    failure
    Protecting device
    Finish flashing
    Resetting device
    Update procedure finished. Device could be removed from USB slot.
    Currently connected device strings (after upgrade):
    Device: 
        Vendor: Nitrokey
       Product: Nitrokey Start
        Serial: FSIJ-1.2.6-XXXXXXX
      Revision: RTM.5-modified
        Config: NITROKEY_START:dfu=no:debug=no:pinpad=no:certdo=yes:factory_reset=yes
           Sys: 3.0

The tests failed also:

    $ pytest -vx test_*
    ImportError while loading conftest '/home/olaf/nitrokey/nitrokey-start-firmware/tests/conftest.py'.
    conftest.py:3: in <module>
        from openpgp_card import OpenPGP_Card
    openpgp_card.py:25: in <module>
        from kdf_calc import kdf_calc
    kdf_calc.py:23: in <module>
        from cffi import FFI
    E   ModuleNotFoundError: No module named 'cffi'

A second try failed with:

    $ ./upgrade_by_passwd.py ../prebuilt/$RTM/regnual.bin ../prebuilt/$RTM/gnuk.bin
    Admin password: 
    ../prebuilt/RTM.5/regnual.bin: 4372
    ../prebuilt/RTM.5/gnuk.bin: 113664
    Currently connected device strings:
    Device: 
        Vendor: Nitrokey
       Product: Nitrokey Start
        Serial: FSIJ-1.2.6-XXXXXXX
      Revision: RTM.5-modified
        Config: NITROKEY_START:dfu=no:debug=no:pinpad=no:certdo=yes:factory_reset=yes
           Sys: 3.0
    CRC32: b7020271

    *** Could not connect to the device. Attempting to close scdaemon.
    *** Running: gpg-connect-agent "SCD KILLSCD" "SCD BYE" /bye
    *** Please try again...
    *** Could not proceed with the update. Please close other applications, that possibly use it (e.g. scdaemon, pcscd) and try again.

So, what happened and how to get the current firmware.
Thanks

Edit: Does it correct, that I've done a firmware downgrade unintentionally?

Use gnuk as submodule for easier upgrade

Hi! After #67 is stalling for a bit I have been looking at potentially helping to upgrade this repository to use gnuk > 1.2.15 (e.g. current 1.2.19).

I came to the conclusion that the use of the gnuk upstream is unfortunately very intransparent and an upgrade path is not documented.
Furthermore, modified files (and firmware blobs(?!)) from nitrokey's upstream are entangled with the gnuk upstream code in this repository.

For outside contributors this is very hard to grasp and to propose or implement changes (e.g. some changes should actually be applied to upstream gnuk, not to this repository!). In the current setup it is also very hard to understand what are the changes applied by nitrokey and which are relevant for the firmware.

To improve the current situation I propose using gnuk as a submodule of this repository. This way gnuk can be pinned down to a specific commit. Changes to gnuk internals are directly upstreamed and if that is not possible, scripts can be duplicated and modified in this repository as to not use the gnuk internals.
Additionally, I believe the resulting firmware files can be built in a reproducible way and these build artifacts should therefore not exist in the source code repository (git is really bad at tracking binary data) but be moved to a long-lived storage and/ or attached to releases of this repository.

So far my suggestions. I don't know if I am making some really naive assumptions about your workflows here (sorry in advance 😆 ), but those are the conclusions I came to when looking at the code base and trying to understand where even to start to help update gnuk.

Can't set user pin after update to RTM.8

Hello, I've updated my nitrokey start to RTM.8
I can change admin pin to 14-digit sequence, but can't do that for user pin.
Here is the result, but gpg --card-edit says that

Error changing the PIN: Conditions of use not satisfied

Device: 
    Vendor: Nitrokey
   Product: Nitrokey Start
    Serial: FSIJ-1.2.15-67094445
  Revision: RTM.8
    Config: NITROKEY_START:dfu=no:debug=no:pinpad=no:certdo=yes:factory_reset=yes
       Sys: 3.0

Multiple identities: do not reboot immediatelly

Do not reboot immediately after setting the identity, but first respond to the hosts query, and then do so.

Unable to run on NixOS

The tools are unable to be run out of the box on NixOS systemc, becaus of the wrong shebang. It should be /usr/bin/env python3 so every system can run it

Adapt iSerial

Currently the iSerial number (exposed via USB) is something like FSIJ-1.2.10-12345678. The version and tailing part should be removed and instead it should be changed to 12345678.

PGP and S/MIME simultanous use

Tracking for Nitrokey/nitrokey-pro-firmware#68

OpenSSH 9.0 support

We have received a report, that Nitrokey Start might have some problems with OpenSSH 9.0 support.
At the moment we do not know if the cause is located in the Nitrokey Start firmware (RTM.12 / 1.2.15) or the client applications (GnuPG or OpenSSH).

Connected tickets:

Pasting redacted content of the HT28294 ticket below.
Regarding the mentioned log, the last PC_to_RDR_XfrBlock packet sizes just before the failure are 259 and 33. The former looks too big at a first glance. Ideal would be to compare full log output with the one produced by a working setup.

I'm currently trying to setup my Nitrokey Start for SSH authentication.

I have setup ~/.gnupg/gpg-agent.conf to use `enable-ssh-support` and
point my `SSH_AUTH_SOCK` to the correct place while ensuring that
`GPG_TTY` is set correctly and that this is used properly in my ssh
config via `Match host * exec "gpg-connect-agent UPDATESTARTUPTTY
/bye"`.
My main key has the [SC] capability (ed25519) and I have two subkeys
(one with [E] (cv25519) and one with [A] (ed25519) capabilities).
You can get it via `sq wkd get dave@******.de`.

I have setup a test host with the exported key `gpg --export-ssh-key
<ID>` and when attempting the ssh connection I get queried for the
nitrokey's PIN.
After entering the pin though I get the infamous:


    sign_and_send_pubkey: signing failed for ED25519 "cardno:FFFE ********" from agent: agent refused operation


and scdaemon provides me with


    2022-05-01 19:25:25 scdaemon[3354468] operation auth result: Conditions of use not satisfied
    2022-05-01 19:25:25 scdaemon[3354468] app_auth failed: Conditions of use not satisfied
    2022-05-01 19:25:25 scdaemon[3354468] DBG: chan_7 -> ERR 100663427 Conditions of use not satisfied <SCD>


(Full log in attachment)

I have also tried adding the [S] capability to the [A] subkey, but this
leads to the same result.

This is gnupg 2.2.35, openssh 9.0p1 and the latest firmware for the
Nitrokey Start (on Arch Linux).

For testing purposes I also provided `-o
[email protected]` to ssh to disable the
newer openssh default as there have been issues with it since the
openssh 9 release (these are allegedly fixed with gnupg 2.2.35). This
unfortunately changed nothing.

Nitrokey Start - can't change admin PIN

Nitrokey Start (old one) updated to latest firmware: FSIJ-1.2.15 (RTM.10)

After updating the firmware I can't change the Admin PIN. The standard pin 1-8 works, but after entering the new pin I get: "Error changing the PIN: Conditions of use not satisfied".

Factory reset or uploading keys do not change the situation, tested on 0 and 1 identity.

Update RTM fails with "Could not connect to the device"

Hi everybody,

I followed the steps from prebuilt/README.md to update my Nitrokey Start (to RTM.7), but it fails every time, doesn't matter what I change or do. I have pyusb and pytest:

pip3 list | egrep "usb|test"
pytest             5.3.1
pyusb              1.0.2

I modified the gnuk_get_random.py, upgrade_by_passwd.py and usb_strings.py to point to the location where my Python 3 is installed.
The error I can see is:

*** Could not connect to the device. Attempting to close scdaemon.
*** Running: gpg-connect-agent "SCD KILLSCD" "SCD BYE" /bye
*** Please try again...
*** Could not proceed with the update. Please close other applications, that possibly use it (e.g. scdaemon, pcscd) and try again.

I checked and no scdaemon, nor pcscd is running:

ps -ef | grep -i scd
  504 44977 36923   0  4:00PM ttys002    0:00.01 grep --colour=always -i scd

I read that I should remove the device from the USB plug, reinsert it and run the same command, but it still fails with the same error message.
Oddly, the 'gpg --card-status' doesn't show any RTM version:

gpg --card-status
Reader ...........: Nitrokey Nitrokey Start

The 'usb_strings.py' shows the device is on RTM.6. My device is the red blinking one.

Do you have any idea what else can be checked or set to overcome this cumbersome situation?

Make update process non-volatile

Currently update process interrupted right after uploading regnual to the device, but before GNUK firmware, results in device not enumerating on USB, possibly with cleared flash.

The update process should not be volatile, and it should be possible to be resumed when broken on any stage.

Details: https://support.nitrokey.com/t/nitrokey-start-benotigte-linux-pakete-fur-fimwareupdate/2228/11

Python 3.8 syntax warning with update tool

From the Python 3.8 Release notes:
The compiler now produces a SyntaxWarning when identity checks ( is and is not ) are used with certain types of literals (e.g. strings, numbers). These can often work by accident in CPython, but are not guaranteed by the language spec. The warning advises users to use equality tests ( == and != ) instead. (Contributed by Serhiy Storchaka in bpo-34850.)

Details: https://support.nitrokey.com/t/probleme-mit-nitrokey-start-nach-firmwareupdate-auf-rtm-9-veranderte-kartenummer/2407/7

Self flash-read protection

Enable flash read-protection in the firmware, right on the very first device initialization.

Related: #14

Update: bootloader cannot be connected

During the update bootloader cannot be connected after uploading. From the log it seems that device is not starting at all (missing dmesg messages about connected device). There is no additional delay allowing for the bootloader to start, and no another attempt is made to connect, which should be corrected. Relevant excerpt:

To retest on:

Platform: Linux-4.19.0-10-amd64-x86_64-with-debian-10.5

14894     DEBUG       root print: Run flash upgrade program...
14896     DEBUG       root print: *** Found unexpected error: [Errno 19] No such device (it may have been disconnected)
14897     DEBUG       root print: *** Could not proceed with the update. Please execute one or all of the following and try again:
- reinsert device to the USB slot;
- run factory-reset on the device;
- close other applications, that possibly could use it (e.g. scdaemon, pcscd).
14897     DEBUG      dmesg Finishing

Details: https://support.nitrokey.com/t/nitrokey-start-update-funktioniert-nicht/2596

Nitrokey Start firmware is not read protected

I've recently bought a Nitrokey Start and noticed that the firmware is not read protected.

Your documentation for the old Nitrokey Pro and this tutorial about an earlier version of the Nitrokey Start state that the firmware is supposed to be read protected.

For reference, the Nitrokey Start I received is using the Nitrokey Pro v2 board (without the smartcard socket). Maybe you forgot to read protect the firmware when you switched to hardware version 2?

I think it would make sense to leave the firmware readable on the Nitrokey Pro for auditability, as the key material is stored on the smartcard (assuming the smartcard itself does the PIN verification, I didn't look if this is the case). But for the Nitrokey Start, not read protecting the firmware makes it trivial to extract the key material and bruteforce the PIN.

Tests: add ECC tests

Regarding point 2 : Could you check the fixture, because AFAIU it only covers RSA decryption.

Source: https://support.nitrokey.com/t/decipher-with-ecdh-key/2375/3?u=szszszsz

Test suite execution time varies greatly

Freshen-based test suite execution time varies greatly between 300 and 900 seconds. To investigate the cause.

time single test execution and compare reports for the full suite between runs

Add buildinfo file to the build results

Add buildinfo file to the resulting firmware build output, as it is done for Nitrokey Pro.

https://github.com/Nitrokey/nitrokey-pro-firmware/blob/183435cb8f77c6921540ca37cb5950a92dd32371/build/gcc/Makefile#L538-L554

multiple definition of `usb_lld_set_data_to_recv'

When trying to compile the firmware the make fails with the text below:

arm-none-eabi-gcc ../ChibiOS_2.0.8/os/ports/GCC/ARMCMx/crt0.o ../ChibiOS_2.0.8/os/ports/GCC/ARMCMx/STM32F10x/vectors.o  ../ChibiOS_2.0.8/os/ports/GCC/ARMCMx/chcore.o ../ChibiOS_2.0.8/os/ports/GCC/ARMCMx/chcore_v7m.o ../ChibiOS_2.0.8/os/ports/GCC/ARMCMx/nvic.o ../ChibiOS_2.0.8/os/ports/GCC/ARMCMx/cmsis/core_cm3.o ../ChibiOS_2.0.8/os/kernel/src/chsys.o ../ChibiOS_2.0.8/os/kernel/src/chdebug.o ../ChibiOS_2.0.8/os/kernel/src/chlists.o ../ChibiOS_2.0.8/os/kernel/src/chvt.o ../ChibiOS_2.0.8/os/kernel/src/chschd.o ../ChibiOS_2.0.8/os/kernel/src/chthreads.o ../ChibiOS_2.0.8/os/kernel/src/chregistry.o ../ChibiOS_2.0.8/os/kernel/src/chsem.o ../ChibiOS_2.0.8/os/kernel/src/chmtx.o ../ChibiOS_2.0.8/os/kernel/src/chcond.o ../ChibiOS_2.0.8/os/kernel/src/chevents.o ../ChibiOS_2.0.8/os/kernel/src/chmsg.o ../ChibiOS_2.0.8/os/kernel/src/chmboxes.o ../ChibiOS_2.0.8/os/kernel/src/chqueues.o ../ChibiOS_2.0.8/os/kernel/src/chmemcore.o ../ChibiOS_2.0.8/os/kernel/src/chheap.o ../ChibiOS_2.0.8/os/kernel/src/chmempools.o ../ChibiOS_2.0.8/os/hal/src/hal.o ../ChibiOS_2.0.8/os/hal/src/adc.o ../ChibiOS_2.0.8/os/hal/src/can.o ../ChibiOS_2.0.8/os/hal/src/mac.o ../ChibiOS_2.0.8/os/hal/src/pal.o ../ChibiOS_2.0.8/os/hal/src/pwm.o ../ChibiOS_2.0.8/os/hal/src/serial.o ../ChibiOS_2.0.8/os/hal/src/spi.o ../ChibiOS_2.0.8/os/hal/src/mmc_spi.o ../ChibiOS_2.0.8/os/hal/platforms/STM32/hal_lld.o ../ChibiOS_2.0.8/os/hal/platforms/STM32/adc_lld.o ../ChibiOS_2.0.8/os/hal/platforms/STM32/can_lld.o ../ChibiOS_2.0.8/os/hal/platforms/STM32/pal_lld.o ../ChibiOS_2.0.8/os/hal/platforms/STM32/pwm_lld.o ../ChibiOS_2.0.8/os/hal/platforms/STM32/serial_lld.o ../ChibiOS_2.0.8/os/hal/platforms/STM32/spi_lld.o ../ChibiOS_2.0.8/os/hal/platforms/STM32/stm32_dma.o ../boards/NITROKEY_START/board.o ../ChibiOS_2.0.8/os/various/evtimer.o ../ChibiOS_2.0.8/os/various/syscalls.o ../polarssl-0.14.0/library/bignum.o ../polarssl-0.14.0/library/rsa.o ../polarssl-0.14.0/library/aes.o sha256.o call-rsa.o main.o usb_lld.o usb_desc.o usb_ctrl.o usb-icc.o openpgp.o ac.o openpgp-do.o flash.o random.o neug.o sys.o   -mcpu=cortex-m3 -mfix-cortex-m3-ldrd -nostartfiles -Tgnuk.ld -Wl,-Map=./gnuk.map,--cref,--no-warn-mismatch,--gc-sections  -mno-thumb-interwork -mthumb   -o gnuk.elf
usb_lld.o: In function `usb_lld_set_data_to_recv':
usb_lld.c:(.text.usb_lld_set_data_to_recv+0x0): multiple definition of `usb_lld_set_data_to_recv'
main.o:/home/remy/repo/nitrokey-start-firmware/src/usb_lld.h:136: first defined here
usb_desc.o: In function `usb_lld_set_data_to_recv':
/home/remy/repo/nitrokey-start-firmware/src/usb_lld.h:136: multiple definition of `usb_lld_set_data_to_recv'
main.o:/home/remy/repo/nitrokey-start-firmware/src/sys.h:18: first defined here
usb_ctrl.o: In function `usb_lld_set_data_to_recv':
/home/remy/repo/nitrokey-start-firmware/src/usb_lld.h:136: multiple definition of `usb_lld_set_data_to_recv'
main.o:/home/remy/repo/nitrokey-start-firmware/src/sys.h:18: first defined here
usb-icc.o: In function `usb_lld_set_data_to_recv':
/home/remy/repo/nitrokey-start-firmware/src/usb_lld.h:136: multiple definition of `usb_lld_set_data_to_recv'
main.o:/home/remy/repo/nitrokey-start-firmware/src/sys.h:18: first defined here
sys.o: In function `usb_lld_set_data_to_recv':
/home/remy/repo/nitrokey-start-firmware/src/usb_lld.h:136: multiple definition of `usb_lld_set_data_to_recv'
main.o:/home/remy/repo/nitrokey-start-firmware/src/sys.h:18: first defined here
collect2: error: ld returned 1 exit status
make: *** [../ChibiOS_2.0.8/os/ports/GCC/ARM/rules.mk:124: gnuk.elf] Error 1

This is the configure line:

./configure --target=NITROKEY_START --vidpid="20a0:4211" --enable-keygen --enable-certdo

This is the gcc version:

gcc version 6.1.1 20160707 (GCC)

Support automatic updates via fwupd

Could you make that happen?
for reference please take a look at Nitrokey/nitrokey-storage-firmware#78

ACK button for signatures

It seems that ACKBTN support is enabled by default since RTM.7:

6c72147

I have RTM.10 on mine and it's not asking to touch, for signatures at least. Is there something I need to do to enable it?

Change minimal PIN length to 14

Due to a recent hardware attack the short PINs are not safe. To increase the minimal PIN length up to 14, without any additional constraints.

Details:

Test suite is not working

One of the test suites is reported to be not working and seems to be outdated (pytest one).

To confirm and write proper warning, or remove entirely if completely outdated.
Mention about necessity of disabling other services/applications which want to use CCID interface on the device.

Support user login for Windows

See [email protected], "Logging to Windows with Gnuk", from Alexandr Zarubkin [email protected]:

I've managed to log into Windows using a certificate stored on Gnuk. I had to add MSE command support and raise the reported OpenPGP version to 3.3. It's just a proof of concept, but it works. The changes are located at https://github.com/me21/gnuk and https://salsa.debian.org/me21/gnuk, platformio branch.
The tests were performed on the virtual machine running Windows 7.

Cannot import x509 certificate

Importing x509 certificate results in an error.
It is mentioned, that GNUK accepts certificate only in binary format, but it is not specified which one. DER format was not working. Perhaps the test file itself was invalid - to check.

Example conversion command using openssl x509:

openssl x509 -in input.der -inform DER -out output.pem -outform PEM

Firmware: RTM.6 / GNUK 1.2.10 (latest GNUK).
Source: https://support.nitrokey.com/t/failed-to-write-x509-cert-to-nitrokey-start/1127

Failed to get auth signature

Occasionally (2/3) getting signature using authentication slot fails for one of the users. To investigate

Steps:

Generate keys on host and import them to the device
Authenticate (either with scdaemon or OpenSSH)

Details: https://support.nitrokey.com/t/nk-start-bad-signature-using-ed25519-keys/2174/9

Make sure the serial number is unique on GD32

User reported, that some of his devices have the same serial number. This could come from GD32 MCU's not behaving according to the STM32 specification, having the same value in the serial number RO register.

To investigate, if the serial number does not change at all or changes in different location.
Hash the whole register, or randomize if it is constant across GD32 MCUs.
This should affect all GD32 devices in the field (non-conservative), regardless of their current SN.
This should not affect all STM32 devices in the field.
Inform users about need for stub keys removal and required keys import.

Firmware: latest
Hardware: GD32-based, probably latest
GnuPG: 2.2.27

$ gpg --card-status
Reader ...........: Nitrokey Nitrokey Start (FSIJ-1.2.15-34353135) 00 00
Application ID ...: D276000124010200FFFE343531350000
Application type .: OpenPGP
Version ..........: 2.0
Manufacturer .....: unmanaged S/N range
Serial number ....: 34353135
(...)

Limit firmware update to first identity only

Do not allow to run firmware updates on other identity than 0.

Freeze while reading certificate with get_data

Device freezes when the certificate DO is accessed with get_data.
It works with read_binary, though I could not read past 256 bytes with initial setup.
To investigate.

Tests and WIP in 46f1dea / multiple-identity branch.

Commands used:

cd tool
dd if=/dev/urandom of=random512 bs=1 count=512
python3 ./gnuk_put_binary_libusb.py -u random512

Idea: multiple identities

Provide a way to simulate multiple OpenPGP 2.x cards on the device.
Could be a workaround for #22.

cc @alex-nitrokey

Write test cases (test ID change multiple times to check the counter in action, check actual key changes, check certDO limit for the last identity).
Test by hand (PIN cache between changes).

Do not accept Reset Code shorter than User PIN

At the moment the Reset Code is allowed to have 8 characters only. It should be as long as User PIN (14) to maintain proper security.

Firmware update fails due to "cmd_write_binary 6581"

@szszszsz hi please can you help me?

user@nitrokey:~/nitrokey-start-firmware/tool$ pip3 list | egrep "usb|test"
pytest             5.3.5  
pyusb              1.0.2

 user@nitrokey:~/nitrokey-start-firmware/tool$ ps -ef | grep -i scd
root      3373     1  0 16:45 ?        00:00:00 /usr/sbin/pcscd --foreground --auto-exit
user      3428  2882  0 16:46 ?        00:00:00 scdaemon --multi-server
user      3553  1004  0 16:47 pts/0    00:00:00 grep -i scd

user@nitrokey:~/nitrokey-start-firmware/tool$ sudo kill -9 3373
user@nitrokey:~/nitrokey-start-firmware/tool$ sudo kill -9 3428

user@nitrokey:~/nitrokey-start-firmware/tool$ ps -ef | grep -i scd
user      3561  1004  0 16:48 pts/0    00:00:00 grep -i scd

user@nitrokey:~/nitrokey-start-firmware/tool$ sudo ./upgrade_by_passwd.py -f ../prebuilt/RTM.7/{regnual.bin,gnuk.bin} 
../prebuilt/RTM.7/regnual.bin: 4504
../prebuilt/RTM.7/gnuk.bin: 115712
Currently connected device strings:
Device: 
    Vendor: Nitrokey
   Product: Nitrokey Start
    Serial: FSIJ-1.2.6-67092242
  Revision: RTM.5-modified
    Config: NITROKEY_START:dfu=no:debug=no:pinpad=no:certdo=yes:factory_reset=yes
       Sys: 3.0
CRC32: ae1cae42

Device: 
Configuration: 1
Interface: 0
*** Could not proceed with the update. Please try again, and make sure the entered password is correct.
*** Found error: ('cmd_write_binary 1', '6581')
*** Could not proceed with the update. Please close other applications, that possibly use it (e.g. scdaemon, pcscd) and try again.

Nitrokey Start not detected by GNUK toolset (no attribute 'cmd_verify')

When trying to load a public key for firmware upgrades the following error occurs:

./tool/gnuk_put_binary_libusb.py -k 0 CB1522E7.bin
Traceback (most recent call last):
  File "./tool/gnuk_put_binary_libusb.py", line 112, in <module>
    main(fileid, is_update, data, passwd)
  File "./tool/gnuk_put_binary_libusb.py", line 52, in main
    gnuk.cmd_verify(BY_ADMIN, passwd)
AttributeError: 'NoneType' object has no attribute 'cmd_verify'

This is on Ubuntu 14.04. GnuPG recognizes the card.

memcpy() warnings and constant time

It looks like the modp256k1.c and modp256r1.c use memcpy(tmp, tmp, ...) to try to maintain a constant time implementation. This causes a warning with newer arm-none-eabi-gcc (I'm testing with 9.2.1 from the Ubuntu 20.04 repo):

modp256k1.c: In function 'modp256k1_add':
modp256k1.c:79:13: warning: passing argument 1 to restrict-qualified parameter aliases with argument 2 [-Wrestrict]
   79 |     memcpy (tmp, tmp, sizeof (bn256));
      |             ^~~  ~~~

The standard does not guarantee what will happen in this case:

DESCRIPTION
The memcpy() function copies n bytes from memory area src to memory area dest. The memory areas must not overlap. Use memmove(3) if the memory areas do overlap.

Many libraries will check for overlap and fall back to memove(), which can short-circuit in the case of the src == dst. This would prevent the functions from actually being constant time.

PKCS #11 ECDSA mechanism / Bitcoin transaction signing

Considering Nitrokey Start does support ECC (with scep256k1 curve specifically), I assume ECDSA could be added to the list of supported PKCS # 11 mechanism, isn't it?

Only RSA signature are available at the moment:

$ pkcs11-tool --slot 1 -M
Supported mechanisms:
  SHA-1, digest
  SHA256, digest
  SHA384, digest
  SHA512, digest
  MD5, digest
  RIPEMD160, digest
  GOSTR3411, digest
  RSA-PKCS, keySize={2048,2048}, hw, decrypt, sign, verify
  SHA1-RSA-PKCS, keySize={2048,2048}, sign, verify
  SHA256-RSA-PKCS, keySize={2048,2048}, sign, verify
  SHA384-RSA-PKCS, keySize={2048,2048}, sign, verify
  SHA512-RSA-PKCS, keySize={2048,2048}, sign, verify
  MD5-RSA-PKCS, keySize={2048,2048}, sign, verify
  RIPEMD160-RSA-PKCS, keySize={2048,2048}, sign, verify
  RSA-PKCS-KEY-PAIR-GEN, keySize={2048,2048}, generate_key_pair

tests fail

Hey,

i wanted to test my Nitrokey Start after a factory-reset but i get the following error:


test_005_personalize_admin_less.py::test_setup_pw3_1 FAILED   [ 36%]

============================= FAILURES ==============================
_________________________ test_setup_pw3_1 __________________________

card = <openpgp_card.OpenPGP_Card object at 0x7f677d22a940>

    def test_setup_pw3_1(card):
>       r = card.change_passwd(3, PW1_TEST2, PW3_TEST1)

test_005_personalize_admin_less.py:273: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
openpgp_card.py:103: in change_passwd
    return self.cmd_change_reference_data(who, passwd_old + passwd_new)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <openpgp_card.OpenPGP_Card object at 0x7f677d22a940>, who = 3
data = b'new user pass phraseanother admin pass phrase'

    def cmd_change_reference_data(self, who, data):
        cmd_data = iso7816_compose(0x24, 0x00, 0x80+who, data)
        sw = self.__reader.send_cmd(cmd_data)
        if len(sw) != 2:
            raise ValueError(sw)
        if not (sw[0] == 0x90 and sw[1] == 0x00):
>           raise ValueError("%02x%02x" % (sw[0], sw[1]))
E           ValueError: 6982

openpgp_card.py:237: ValueError
=============== 1 failed, 149 passed in 15.64 seconds ===============

Any help?