PIN verification using Optiga #3296
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
andrewkozlik
commented
Sep 21, 2023
andrewkozlik
commented
Sep 21, 2023
andrewkozlik
commented
Sep 21, 2023
matejcik
reviewed
Sep 21, 2023
andrewkozlik
commented
Sep 22, 2023
onvej-sl
reviewed
Sep 22, 2023
andrewkozlik
force-pushed
the
andrewkozlik/optiga-pin
branch
from
0478258 to
a19732d
Compare
andrewkozlik
force-pushed
the
andrewkozlik/optiga-pin
branch
2 times, most recently
from
05ef0d0 to
b830e3b
Compare
|
@onvej-sl has reviewed the cryptographic solution and will do a final check tomorrow. I would like another set of eyes to go over the code, @matejcik please. I am hoping to get this merged tomorrow. The reason why it is in draft form is because it's branched off of the hashing-to-curve PR, which is not merged yet. |
andrewkozlik
force-pushed
the
andrewkozlik/optiga-pin
branch
from
2aa7bfb to
d60e9a5
Compare
andrewkozlik
commented
Sep 27, 2023
onvej-sl
force-pushed
the
onvej-sl/hash_to_curve
branch
from
f89b889 to
4c144cd
Compare
onvej-sl
approved these changes
Sep 27, 2023
andrewkozlik
force-pushed
the
andrewkozlik/optiga-pin
branch
from
5d79134 to
121a16d
Compare
matejcik
approved these changes
Sep 27, 2023
Should be fixed by 38b331d |
andrewkozlik
force-pushed
the
andrewkozlik/optiga-pin
branch
from
96e9912 to
64a8fc3
Compare
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Creating this draft PR, so we can start discussion about the cryptographic aspects of the PIN verification process using Optiga. @onvej-sl
I did some refactoring around the
ui_progress, which as it turns out is not really necessary, since we decided to setPIN_STRETCH_ITERATIONSto 1, so it takes no noticeable time (unless the security monitor kicks in). But I think the refactor still has some value, so I decided to keep it. It might be used in optiga.c in the future if we have our own configuration of the security monitor which will allow us to increasePIN_STRETCH_ITERATIONS. For now I removed some of the unused code in a separate commit, so that it can be reverted when the time comes.