dearsky/pico-fido
1
0
Fork 0
Code Issues 46 Pull Requests 1 Actions Packages Projects Releases 22 Wiki Activity

Preliminar test tool for device lock/unlock

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2022-10-19 18:33:11 +02:00
parent f213854f8b
commit 53cc16ab6d
1 changed files with 21 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
tools/pico-fido-tool.py
View File

@@ -22,6 +22,7 @@ class VendorConfig(Config):
class CMD(IntEnum): class CMD(IntEnum):
CONFIG_AUT = 0x03e43f56b34285e2 CONFIG_AUT = 0x03e43f56b34285e2
CONFIG_KEY_AGREEMENT = 0x1831a40f04a25ed9 CONFIG_KEY_AGREEMENT = 0x1831a40f04a25ed9
CONFIG_UNLOCK = 0x54365966c9a74770
class RESP(IntEnum): class RESP(IntEnum):
KEY_AGREEMENT = 0x01 KEY_AGREEMENT = 0x01
@@ -29,7 +30,10 @@ class VendorConfig(Config):
def __init__(self, ctap, pin_uv_protocol=None, pin_uv_token=None): def __init__(self, ctap, pin_uv_protocol=None, pin_uv_token=None):
super().__init__(ctap, pin_uv_protocol, pin_uv_token) super().__init__(ctap, pin_uv_protocol, pin_uv_token)
def enable_device_aut(self): def _get_key_device(self):
return b"\x69"*32
def _get_shared_key(self):
ret = self._call( ret = self._call(
Config.CMD.VENDOR_PROTOTYPE, Config.CMD.VENDOR_PROTOTYPE,
{ {
@@ -60,25 +64,35 @@ class VendorConfig(Config):
salt=None, salt=None,
info=pb info=pb
) )
print(hexlify(shared_key))
kdf_out = xkdf.derive(shared_key) kdf_out = xkdf.derive(shared_key)
key_enc = kdf_out[12:] key_enc = kdf_out[12:]
iv = kdf_out[:12] iv = kdf_out[:12]
print(hexlify(kdf_out)) return iv, key_enc, key_agreement, pb
print(hexlify(pb))
def _send_command_key(self, cmd):
iv, key_enc, key_agreement, pb = self._get_shared_key()
chacha = ChaCha20Poly1305(key_enc) chacha = ChaCha20Poly1305(key_enc)
ct = chacha.encrypt(iv, b"\x69"*32, pb) ct = chacha.encrypt(iv, self._get_key_device(), pb)
self._call( self._call(
Config.CMD.VENDOR_PROTOTYPE, Config.CMD.VENDOR_PROTOTYPE,
{ {
VendorConfig.PARAM.VENDOR_COMMAND_ID: VendorConfig.CMD.CONFIG_AUT, VendorConfig.PARAM.VENDOR_COMMAND_ID: cmd,
VendorConfig.PARAM.VENDOR_AUT_KEY_AGREEMENT: key_agreement, VendorConfig.PARAM.VENDOR_AUT_KEY_AGREEMENT: key_agreement,
VendorConfig.PARAM.VENDOR_AUT_CT: ct VendorConfig.PARAM.VENDOR_AUT_CT: ct
}, },
) )
def enable_device_aut(self):
self._send_command_key(VendorConfig.CMD.CONFIG_AUT)
def unlock_device(self):
self._send_command_key(VendorConfig.CMD.CONFIG_UNLOCK)
dev = next(CtapHidDevice.list_devices(), None) dev = next(CtapHidDevice.list_devices(), None)
vcfg = VendorConfig(Ctap2(dev)) vcfg = VendorConfig(Ctap2(dev))
vcfg.enable_device_aut() #vcfg.enable_disable_device_aut(True)
vcfg.unlock_device()