I’m trying to modify the firmware and I need some help with where to start. Below is what I’m trying to do.
In very simple terms, the sign function should do signature = Nitrokey.sign(message).
I want to customize the firmware so that the function checks certain conditions of the message and it only signs if those conditions are met and deny otherwise. This is to add another layer of security in case my server gets compromised.
I did a search in the github repo and I see that there are 5 places with eddsa_sign_25519, but I still couldn’t get a good gist of how to proceed. I would really appreciate any guidance on where to modify/start.
cmd_pso looks like a function that gets called after a smartcard PERFORM SECURITY OPERATION command will be received.
However, some bad news for you - looks like only hashes will be accepted for signing; it will accept at most 256 bytes of input if I see correctly. So probably your firmware needs to be checked prior to this hashing operation, and this is probably done in software on your CPU.
– Input must be hash: My messages are just bytes array so I believe that’d be okay.
– At most 256 bytes: I believe I understand what you are saying as I see that there is a length check in the cmd_pso function here. But if I’m not mistaken, I actually don’t see the length check in the official GNUK repo. So my follow-up questions:
Is this difference due to the hardware capacity of Nitrokey Start?
If I’m not mistaken, I can’t seem to find any length restriction on the input message in the official GNUK repo. If the answer to the above question is yes for any reason, does that mean if I flash the official GNUK on a stronger hardware board, would I be able to sign input longer than that?
