-
Notifications
You must be signed in to change notification settings - Fork 481
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OutOfMemory with Nitrokey Pro #1936
Comments
Calling possibly interested: @jans23 @nmikhailov |
I take it this report is yours? Did you click on report?
|
Yes, I uploaded it with a comment. |
That's probably it then. Haha, it tries to allocate 1.6GB of memory. Interesting |
Thanks, I will work on it. On Oct 12, 2016 18:08, "Vincent Breitmoser" notifications@github.com
|
If I can retest or take additional logs then please let me know. |
Info should be good. Thanks for the thorough report! |
@nmikhailov Is there anything we can do to help you solving this issue? |
I was able to import a private key stub of the key on my Nitrokey (#1833 (comment)) and it seemed to work at first, but it crashes once enter my PIN trying to decrypt something. (Nexus 5X, Android 7.1.1, Open Keychain 4.2.4) |
Hi @nmikhailov Any updates? |
Hi! |
I am using Pro 0.8 and Android 7.1 with OpenKeychain 4.5. |
I'd work on this but I don't have the first idea of what's happening :) @nmikhailov any insight? |
Looks like I am affected too, dumping a stacktrace here just in case it might contain a hint:
|
Hey there. I worked on this a while. I don't have a stick that exhibits this particular problem, but I might have found the cause. So what happens is that before even the IccPowerOn message is sent to initialize the usb connection, the Nitrokey Pro sends 64 bytes of data thorugh the BulkIn endpoint. It's always exactly 64 bytes, and doesn't start with a parseable header or anything I could make any sense of from the CCID or 7816-3/4 specs. A Yubikey I plug in via USB doesn't send these bytes, either. I suspect the reason for the OOM is that these bytes were under certain circumstances taken as a valid reply to the IccPowerOn message, and subsequently the ATR received from the actual IccPowerOn call was interpreted as the response to the next called XferBlock. I did some work on this, cleaning up the code and adding more checks for consistency (sequence numbers, header names, error bits, etc), and this might fix the problem. The previous code had a "after sending IccPowerOn, just catch all exceptions for some time until we get a reply that looks vaguely like what we expected". I simply skip all incoming data before sending the IccPowerOn command now, which is slightly less hacky and seems to work fine for me: https://github.com/open-keychain/open-keychain/commits/usb-refactor The bytes are slightly changing every time, but some are also constant:
Someone else reported getting these bytes:
@szszszsz You work on the Nitrokey firmware, right? Any ideas what these 64 bytes could be? :) (also ping @af-anssi and @nmikhailov) |
Hi @Valodim ! Thank you for investigating this! Your explanation of the OOM's cause is quite reasonable. Indeed I work with the firmware but on the HID side mostly hence I do not have any ideas yet, but I will forward this to proper person. |
I just realized that my backup Nitrokey Pro (now promoted to main key) works just fine, while the other one causes this crash. I bought both Nitrokeys at the same time around a year ago. I can test things with both keys if needed. |
@tulir @techge @Artox @szszszsz Can you all please try our newest beta version and report if it now works? You can be part of the beta channel by visiting this special link: https://play.google.com/apps/testing/org.sufficientlysecure.keychain |
Both of my Nitrokeys work now. Thanks! |
It is not crashing now on my setup:
Thank you! |
Application crashes when I insert Nitrokey Pro and try to use it as a security token to generate key. Same was after clearing the stick with
factory reset
command (done using Nitrokey App).Please let me know how can I create / extract the logs.
App version: 4.2 beta 1 (42000)
Android 6.0.1, Galaxy S6
Nitrokey Pro v0.7 (OTG USB)
Frequency: High (9/10)
Scenario:
Manage my keys
USE SECURITY TOKEN
4a. Red led on device flashes 2 times
The text was updated successfully, but these errors were encountered: