-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Responses for certain commands contain wrong CRC #32
Comments
Just to keep things straight - you have linked an outdated fork, here is the latest version: link. It is the same regarding CRC though.
|
Thanks for the correction, Szczepan. What about |
The nitrokey embeds a wrong CRC code into the response for certain commands. When closing the encrypted volume, for example, the CRC code never matches the actual report data. This problem is tracked by issue 32: Nitrokey/nitrokey-storage-firmware#32 To work around this problem for now we unfortunately have to ignore the result of the CRC check. This change adjusts the code to do that.
The nitrokey embeds a wrong CRC code into the response for certain commands. When closing the encrypted volume, for example, the CRC code never matches the actual report data. This problem is tracked by issue 32: Nitrokey/nitrokey-storage-firmware#32 To work around this problem for now we unfortunately have to ignore the result of the CRC check. This change adjusts the code to do that.
For
|
The CRC may seem correct but it is not.
Take the following program: static uint32_t _crc32(uint32_t crc, uint32_t data) {
int i;
crc = crc ^ data;
for (i = 0; i < 32; i++) {
if (crc & 0x80000000)
crc = (crc << 1) ^ 0x04C11DB7; // polynomial used in STM32
else
crc = (crc << 1);
}
return crc;
}
uint32_t stm_crc32(const uint8_t *data, size_t size) {
uint32_t crc = 0xffffffff;
const uint32_t *pend = (const uint32_t *)(data + size);
for (const uint32_t *p = (const uint32_t *)(data); p < pend; p++)
crc = _crc32(crc, *p);
return crc;
}
int main()
{
// Disable encrypted part.
unsigned char const data[] = {0x00, 0x21, 0x2b, 0x88, 0x3a, 0x8b,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x07, 0x21, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
std::cout << "size: " << sizeof(data) << std::endl;
std::cout << std::hex << "0x" << stm_crc32((const uint8_t*)data, sizeof(data)) << std::endl;
} $ ./test
size: 60
0xfd3563e6 // that's the correct CRC and it does not match the reported one. Now let's double check that with a command producing the correct CRC:
int main()
{
// Get user pin.
unsigned char const data[] = {0x00, 0x0f, 0x6e, 0x5f, 0x59, 0x5e,
0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
std::cout << "size: " << sizeof(data) << std::endl;
std::cout << std::hex << "0x" << stm_crc32((const uint8_t*)data, sizeof(data)) << std::endl;
} ./test
size: 60
0xdb86a895 // That's exactly the CRC that is reported above. Now please tell me my logic is wrong. |
My claim also holds for the data you pasted. int main()
{
unsigned char const data[] = {0x00, 0x21, 0x2b, 0x88, 0x3a, 0x8b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x21, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
std::cout << "size: " << sizeof(data) << std::endl;
std::cout << std::hex << "0x" << stm_crc32((const uint8_t*)data, sizeof(data)) << std::endl;
} results in: ./test
size: 60
0xbbb65e8f // that is the correct CRC and not 0x2ef5269e as claimed, I believe |
Can you confirm the problem? Or do you see a flaw in the logic? |
Is there any update on the reported issue? |
Sorry for delay! I think you are correct. I might have checked wrong value/condition back then and falsely reported here. Recently a |
This is the list of commands with responses containing invalid CRC. I have compiled it after running py.test tests (both
Edit: Storage v0.45 |
Great! Thanks for compiling this list. I am afraid I won't be able to help much more from here. I only have one nitrokey and have actual data on it, so I won't use it for trying out custom firmware blobs. I looked into the firmware code but it seems rather intricate and I was unable to figure out why DISABLE_CRYPTED_PARI in particular does not set the correct CRC. |
Sure! I will test all modifications by myself first (I have one already). If you would have any idea later please let me know. |
Signed-off-by: Szczepan Zalega <[email protected]>
Confirmed this issue is not occurring on NK Pro 0.7 and 0.8. |
Thanks for working on this issue, Szczepan. I have updated my nitrokey storage firmware to version 0.46. I still see wrong CRCs being reported. Is this to be expected? Did the final fix go into any of 0.45 or 0.46? Or is it not final yet? |
Oh, I see it hasn't been merged to master yet. Is there an ETA? Or did you hit a problem during testing? |
It looks like it is still waiting for review. I will check the details and let you know. |
It is merged! |
Awesome! Many thanks! |
The nitrokey embeds a wrong CRC code into the response for certain commands. When closing the encrypted volume, for example, the CRC code never matches the actual report data. This problem is tracked by issue 32: Nitrokey/nitrokey-storage-firmware#32 To work around this problem for now we unfortunately have to ignore the result of the CRC check. This change adjusts the code to do that.
In the past the Nitrokey Storage device reported wrong CRC values for certain commands, e.g., the closing of an encrypted volume. This problem was tracked by issue 32: Nitrokey/nitrokey-storage-firmware#32 Firmware version 0.includes a fix for the problem. With this change we remove the workaround for the incorrect CRC from nitrocli. By doing so, we require the Nitrokey Storage to be running firmware 0.47 or higher to be properly usable.
The nitrokey embeds a wrong CRC code into the response for certain commands. When closing the encrypted volume, for example, the CRC code never matches the actual report data. This problem is tracked by issue 32: Nitrokey/nitrokey-storage-firmware#32 To work around this problem for now we unfortunately have to ignore the result of the CRC check. This change adjusts the code to do that.
In the past the Nitrokey Storage device reported wrong CRC values for certain commands, e.g., the closing of an encrypted volume. This problem was tracked by issue 32: Nitrokey/nitrokey-storage-firmware#32 Firmware version 0.includes a fix for the problem. With this change we remove the workaround for the incorrect CRC from nitrocli. By doing so, we require the Nitrokey Storage to be running firmware 0.47 or higher to be properly usable.
The nitrokey embeds a wrong CRC code into the response for certain commands. When closing the encrypted volume, for example, the CRC code never matches the actual report data. This problem is tracked by issue 32: Nitrokey/nitrokey-storage-firmware#32 To work around this problem for now we unfortunately have to ignore the result of the CRC check. This change adjusts the code to do that.
In the past the Nitrokey Storage device reported wrong CRC values for certain commands, e.g., the closing of an encrypted volume. This problem was tracked by issue 32: Nitrokey/nitrokey-storage-firmware#32 Firmware version 0.includes a fix for the problem. With this change we remove the workaround for the incorrect CRC from nitrocli. By doing so, we require the Nitrokey Storage to be running firmware 0.47 or higher to be properly usable.
The nitrokey embeds a wrong CRC code into the response for certain commands. When closing the encrypted volume, for example, the CRC code never matches the actual report data. This problem is tracked by issue 32: Nitrokey/nitrokey-storage-firmware#32 To work around this problem for now we unfortunately have to ignore the result of the CRC check. This change adjusts the code to do that.
In the past the Nitrokey Storage device reported wrong CRC values for certain commands, e.g., the closing of an encrypted volume. This problem was tracked by issue 32: Nitrokey/nitrokey-storage-firmware#32 Firmware version 0.includes a fix for the problem. With this change we remove the workaround for the incorrect CRC from nitrocli. By doing so, we require the Nitrokey Storage to be running firmware 0.47 or higher to be properly usable.
The nitrokey embeds a wrong CRC code into the response for certain commands. When closing the encrypted volume, for example, the CRC code never matches the actual report data. This problem is tracked by issue 32: Nitrokey/nitrokey-storage-firmware#32 To work around this problem for now we unfortunately have to ignore the result of the CRC check. This change adjusts the code to do that.
In the past the Nitrokey Storage device reported wrong CRC values for certain commands, e.g., the closing of an encrypted volume. This problem was tracked by issue 32: Nitrokey/nitrokey-storage-firmware#32 Firmware version 0.includes a fix for the problem. With this change we remove the workaround for the incorrect CRC from nitrocli. By doing so, we require the Nitrokey Storage to be running firmware 0.47 or higher to be properly usable.
Reopening for
|
The nitrokey embeds a wrong CRC code into the response for certain commands. When closing the encrypted volume, for example, the CRC code never matches the actual report data. This problem is tracked by issue 32: Nitrokey/nitrokey-storage-firmware#32 To work around this problem for now we unfortunately have to ignore the result of the CRC check. This change adjusts the code to do that.
In the past the Nitrokey Storage device reported wrong CRC values for certain commands, e.g., the closing of an encrypted volume. This problem was tracked by issue 32: Nitrokey/nitrokey-storage-firmware#32 Firmware version 0.includes a fix for the problem. With this change we remove the workaround for the incorrect CRC from nitrocli. By doing so, we require the Nitrokey Storage to be running firmware 0.47 or higher to be properly usable.
The nitrokey embeds a wrong CRC code into the response for certain commands. When closing the encrypted volume, for example, the CRC code never matches the actual report data. This problem is tracked by issue 32: Nitrokey/nitrokey-storage-firmware#32 To work around this problem for now we unfortunately have to ignore the result of the CRC check. This change adjusts the code to do that.
In the past the Nitrokey Storage device reported wrong CRC values for certain commands, e.g., the closing of an encrypted volume. This problem was tracked by issue 32: Nitrokey/nitrokey-storage-firmware#32 Firmware version 0.includes a fix for the problem. With this change we remove the workaround for the incorrect CRC from nitrocli. By doing so, we require the Nitrokey Storage to be running firmware 0.47 or higher to be properly usable.
In the past the Nitrokey Storage device reported wrong CRC values for certain commands, e.g., the closing of an encrypted volume. This problem was tracked by issue 32: Nitrokey/nitrokey-storage-firmware#32 Firmware version 0.47 includes a fix for the problem. With this change we remove the workaround for the incorrect CRC from nitrocli. By doing so, we require the Nitrokey Storage to be running firmware 0.47 or higher to be properly usable.
Certain command responses have a CRC value in them that does not match the actual content. See for instance here where this has been mentioned for the send password case. I have my own library and see the same issue happening for the response of the unlock encrypted volume command.
Can this please be looked into? That is no state to work with. For that reason libnitrokey essentially cuts down on CRC checks completely which circumvents the entire concept of providing such check codes in the first place.
The text was updated successfully, but these errors were encountered: