mirrors/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2026-01-17 01:18:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Moved to pypicohsm.

Browse source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos 2025-11-18 01:05:49 +01:00
parent c4a1cf32e5
commit 634eac50b1
No known key found for this signature in database
GPG key ID: C0095B7870A4CCD3
1 changed files with 4 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

59
tools/pico-hsm-tool.py
View file

@ -39,13 +39,13 @@ except ModuleNotFoundError:
sys.exit(-1) sys.exit(-1)
try: try:
from picohsm import PicoHSM, PinType, DOPrefixes, KeyType, EncryptionMode, utils, APDUResponse, SWCodes, AES, Platform from picohsm import PicoHSM, PinType, DOPrefixes, KeyType, EncryptionMode, AES
from picohsm.utils import get_pki_data
from picokey import APDUResponse, Platform
except ModuleNotFoundError: except ModuleNotFoundError:
print('ERROR: picohsm module not found! Install picohsm package.\nTry with `pip install pypicohsm`') print('ERROR: picohsm module not found! Install picohsm package.\nTry with `pip install pypicohsm`')
sys.exit(-1) sys.exit(-1)
import json
import urllib.request
import base64 import base64
from binascii import hexlify, unhexlify from binascii import hexlify, unhexlify
import sys import sys
@ -175,21 +175,6 @@ def parse_args():
args = parser.parse_args() args = parser.parse_args()
return args return args
def get_pki_data(url, data=None, method='GET'):
user_agent = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; '
'rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7'
method = 'GET'
if (data is not None):
method = 'POST'
req = urllib.request.Request(f"https://www.picokeys.com/pico/pico-hsm/{url}/",
method=method,
data=data,
headers={'User-Agent': user_agent, })
response = urllib.request.urlopen(req)
resp = response.read().decode('utf-8')
j = json.loads(resp)
return j
def get_pki_certs(certs_dir='certs', force=False): def get_pki_certs(certs_dir='certs', force=False):
certs = get_pki_data('certs') certs = get_pki_data('certs')
if (os.path.exists(certs_dir) is False): if (os.path.exists(certs_dir) is False):
@ -222,45 +207,9 @@ def initialize(picohsm, args):
print('Are you sure?') print('Are you sure?')
_ = input('[Press enter to confirm]') _ = input('[Press enter to confirm]')
if (args.pin): picohsm.initialize(pin=args.pin, sopin=args.so_pin, no_dev_cert=args.no_dev_cert)
try:
picohsm.login(args.pin)
except APDUResponse:
pass
pin = args.pin
else:
pin = '648219'
if (args.so_pin):
try:
picohsm.login(args.so_pin, who=PinType.SO_PIN)
except APDUResponse:
pass
so_pin = args.so_pin
else:
so_pin = '57621880'
picohsm.initialize(pin=pin, sopin=so_pin)
if (not args.no_dev_cert): if (not args.no_dev_cert):
response = picohsm.get_contents(DOPrefixes.EE_CERTIFICATE_PREFIX, 0x00)
cert = bytearray(response)
Y = CVC().decode(cert).pubkey().find(0x86).data()
print(f'Public Point: {hexlify(Y).decode()}')
pbk = base64.urlsafe_b64encode(Y)
params = {'pubkey': pbk}
if (picohsm.platform in (Platform.RP2350, Platform.ESP32, Platform.EMULATION)):
params['curve'] = 'secp256k1'
data = urllib.parse.urlencode(params).encode()
j = get_pki_data('cvc', data=data)
print('Device name: '+j['devname'])
dataef = base64.urlsafe_b64decode(
j['cvcert']) + base64.urlsafe_b64decode(j['dvcert']) + base64.urlsafe_b64decode(j['cacert'])
picohsm.select_file(0x2f02)
response = picohsm.put_contents(0x0000, data=dataef)
print('Certificate uploaded successfully!') print('Certificate uploaded successfully!')
print('') print('')
print('Note that the device is initialized with a default PIN and ' print('Note that the device is initialized with a default PIN and '