Added a PW4 duress PIN for self-destruct functionality #43
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Created a new type of PIN called the PW4. It's main functionality is for duress and coercion resistance function when at as a last resort the user reveals PW4 instead of PW1 or other PWs.
PW4 is entered like a normal PW1 with the difference being once PW4 is triggered, it will immediately wipe all the PGP keys as a user triggered tamper response.
A new function called checkPIN would take in a targetPIN (PW1) and a PW4 and do comparison. During checkPIN function, it will randomly select to check PW4 first or check target PIN first in an effort to prevent power glitching attacks on the chip.
A PW4 has the default trigger PIN code of 'KABOOM!!!' and the user calling CHANGE REFERENCE DATA with P2 = 0x84 would supply the first half of the data as PW1 and second half as the intended PW4 actual PIN code that the user desires. By sending PW1 concatenate with PW4 behind, the PW1 is to allow an actual user to authenticate into the card to proof that it is the actual user (PW1) who is going to issue a command to change PW4 PIN code.
The PW4 tamper trigger is actively listening under these conditions:
PW3 and RC activities are left unaffected by PW4 tamper triggering activities to prevent accdientally tripping the PW4 by accident by PW3 or by RC activity.
Under duress situation when a user maybe coerced by captives, users are recommended to do the following OPSEC measures:
Email me at : twzgerald@gmail.com for further communication.