Nitrokey / nitrokey-pro-firmware

Firmware for the Nitrokey Pro device
GNU General Public License v3.0
119 stars 22 forks source link

Add temporary passwords to commands instead of AUTHORIZE #25

Closed szszszsz closed 7 years ago

szszszsz commented 7 years ago

Add temporary passwords to commands instead of using AUTHORIZE command and CRC to increase security.

Fixes #8, fixes #7

Commands affected: WRITE_TO_SLOT, GET_CODE, ERASE_SLOT, WRITE_CONFIG Removed: AUTHORIZE, USER_AUTHORIZE

Tested on Ubuntu 16.04/16.10 with libnitrokey C++ tests. Will be checked also against general Python unittests and then merged. Tested also on Nitrokey App for read-only backwards compatibility (affected commands besides GET_CODE will not work).

Compiled with:

arm-none-eabi-gcc (15:4.9.3+svn231177-1) 4.9.3 20150529