Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Add challenge-response support for Nitrokey 3 #9397

Closed
wants to merge 3 commits into from
Closed

Add challenge-response support for Nitrokey 3 #9397

wants to merge 3 commits into from

Conversation

szszszsz
Copy link
Contributor

@szszszsz szszszsz commented May 6, 2023

Add challenge-response support for Nitrokey 3.

In detail:

  • Add Get Response call when More Available / 0x61 SW1 is received
  • Increase buffer for answer to select call (required for Nitrokey 3)
  • Small refactorization for reading the SW

Example log for selecting app with More Available / Get Response used below:

00009450 APDU: 00 A4 04 00 07 A0 00 00 05 27 20 01
00001675 SW: 6A 82
00000071 APDU: 00 A4 04 00 07 A0 00 00 05 27 21 01
00057807 SW: 61 0F
00000037 APDU: 00 C0 00 00 FF
00000893 SW: 79 03 04 0B 00 71 08 3C 73 5F 60 F2 03 EB 0D 90 00

To test:

  • Yubikey behavior for that change. The Nitrokey 3's application responsible for challenge-response is QByteArrayLiteral("\xA0\x00\x00\x05\x27\x21\x01"), which is Yubikey's OATH AID. Check if that could make any conflict.
    • Yubikey behaves normally - tests are passing.

Screenshots

image

Testing strategy

  1. Test creating database (manual)
  2. Test opening database (manual)`

Automatic tests: testykchallengeresponsekey (built with ASAN)

~/w/3/k/c/tests (support-challenge-response-in-nitrokey3|✚2) $ ./testykchallengeresponsekey
********* Start testing of TestYubiKeyChallengeResponse *********
Config: Using QtTest library 5.15.9, Qt 5.15.9 (x86_64-little_endian-lp64 shared (dynamic) release build;
by GCC 13.0.1 20230401 (Red Hat 13.0.1-0)), fedora 38
PASS   : TestYubiKeyChallengeResponse::initTestCase()
PASS   : TestYubiKeyChallengeResponse::testDetectDevices()
PASS   : TestYubiKeyChallengeResponse::testKeyChallenge()
PASS   : TestYubiKeyChallengeResponse::cleanupTestCase()
Totals: 4 passed, 0 failed, 0 skipped, 0 blacklisted, 1336ms
********* Finished testing of TestYubiKeyChallengeResponse *********

This PR was tested against:

  • Nitrokey 3 (unreleased firmware, based on v1.4), and
  • YubiKey 4 (4.3.5) [OTP+FIDO+CCID] Serial: 5668784

Type of change

  • ✅ New feature (change that adds functionality)

@droidmonkey
Copy link
Member

Nice!

@droidmonkey droidmonkey added this to the v2.8.0 milestone May 6, 2023
This was referenced May 6, 2023
Closed
Merged
@szszszsz szszszsz mentioned this pull request May 17, 2023
Open
@scholzri scholzri mentioned this pull request Jun 5, 2023
Closed
@droidmonkey
Copy link
Member

Closing this and opening a new PR since I cannot push to the source repo.

@szszszsz
Copy link
Contributor Author

Note: merged in #9631

@szszszsz szszszsz deleted the support-challenge-response-in-nitrokey3 branch July 17, 2023 07:17
@phoerious phoerious added pr: new feature Pull request that adds a new feature and removed new feature labels Nov 22, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
feature: Hardware Keys pr: new feature Pull request that adds a new feature
Projects
None yet
Milestone
v2.8.0
Development

Successfully merging this pull request may close these issues.
3 participants
@szszszsz @droidmonkey @phoerious