mirrors/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2026-01-17 01:18:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Removing trailing spaces.

Browse source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos 2022-08-19 01:44:27 +02:00
parent 1f2ccd8c1c
commit aebb68724a
No known key found for this signature in database
GPG key ID: C0095B7870A4CCD3
52 changed files with 583 additions and 568 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
burn-cvcerts.py
View file

@ -7,15 +7,16 @@ from cvc.asn1 import ASN1
import json
import urllib.request
import base64
from getpass import getpass
from binascii import hexlify
class APDUResponse(Exception):
def __init__(self, sw1, sw2):
self.sw1 = sw1
self.sw2 = sw2
super().__init__(f'SW:{sw1:02X}{sw2:02X}')
def send_apdu(card, command, p1, p2, data):
lc = [0x00] + list(len(data).to_bytes(2, 'big'))
le = [0x00, 0x00]
@ -30,6 +31,7 @@ def send_apdu(card, command, p1, p2, data):
raise APDUResponse(sw1, sw2)
return response
def main():
print('Pico HSM burning certificates tool v1.0')
print('Author: Pol Henarejos')
@ -40,7 +42,8 @@ def main():
print('* PLEASE READ IT CAREFULLY *')
print('********************************')
print('')
print('This tool will erase and reset your device. It will delete all private and secret keys.')
print('This tool will erase and reset your device. It will delete all '
'private and secret keys.')
print('Are you sure?')
_ = input('[Press enter to confirm]')
cardtype = AnyCardType()
@ -52,7 +55,10 @@ def main():
# connect to the card and perform a few transmits
card.connection.connect()
reset_data = [0x80, 0x02, 0x00, 0x01, 0x81, 0x06, 0x36, 0x34, 0x38, 0x32, 0x31, 0x39, 0x82, 0x08, 0x35, 0x37, 0x36, 0x32, 0x31, 0x38, 0x38, 0x30, 0x91, 0x01, 0x03]
reset_data = [0x80, 0x02, 0x00, 0x01, 0x81, 0x06, 0x36, 0x34, 0x38,
0x32, 0x31,
0x39, 0x82, 0x08, 0x35, 0x37, 0x36, 0x32, 0x31, 0x38,
0x38, 0x30, 0x91, 0x01, 0x03]
response = send_apdu(card, [0x80, 0x50], 0x00, 0x00, reset_data)
response = send_apdu(card, 0xB1, 0xCE, 0x00, [0x54, 0x02, 0x00, 0x00])
@ -61,34 +67,43 @@ def main():
Y = CVC().decode(cert).pubkey().find(0x86).data()
print(f'Public Point: {hexlify(Y).decode()}')
user_agent = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7'
user_agent = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; '
'rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7'
pbk = base64.urlsafe_b64encode(Y)
data = urllib.parse.urlencode({'pubkey': pbk}).encode()
req = urllib.request.Request("https://www.henarejos.me/pico-hsm/cvc/", method='POST', data=data, headers={'User-Agent':user_agent,} ) #The assembled request
req = urllib.request.Request("https://www.henarejos.me/pico-hsm/cvc/",
method='POST',
data=data,
headers={'User-Agent': user_agent, })
response = urllib.request.urlopen(req)
resp = response.read().decode('utf-8')
j = json.loads(resp)
print('Device name: '+j['devname'])
dataef = base64.urlsafe_b64decode(j['cvcert']) + base64.urlsafe_b64decode(j['dvcert'])
dataef = base64.urlsafe_b64decode(
j['cvcert']) + base64.urlsafe_b64decode(j['dvcert'])
response = send_apdu(card, 0xa4, 0x00, 0x00, [0x2f, 0x02])
pin = b'648219'
response = send_apdu(card, 0x20, 0x00, 0x81, list(pin))
apdu_data = [0x54, 0x02, 0x00, 0x00] + list(ASN1.make_tag(0x53, dataef))
apdu_data = [0x54, 0x02, 0x00, 0x00] + \
list(ASN1.make_tag(0x53, dataef))
response = send_apdu(card, 0xd7, 0x00, 0x00, apdu_data)
print('Certificate uploaded successfully!')
print('')
print('Note that the device is initialized with a default PIN and configuration.')
print('Now you can initialize the device as usual with you chosen PIN and configuration options.')
print('Note that the device is initialized with a default PIN and '
'configuration.')
print('Now you can initialize the device as usual with you chosen PIN '
'and configuration options.')
except CardRequestTimeoutException:
print('time-out: no card inserted during last 10s')
def run():
main()
if __name__ == "__main__":
run()

2
doc/public_key_authentication.md
View file

@ -86,7 +86,7 @@ sc-hsm-tool -X --so-pin 1234567890123456 --pin 648219 -K 1 -n 1 -s 1
and PKA and PIN are enabled, jointly with DKEK protection.
### With SCS3
###<EFBFBD>With SCS3
Unfortunately, SCS3 does not allow to initialize the device with PKA and PIN at the same time, though it can be achieved in separated steps: