dearsky/pico-fido
1
0
Fork 0
Code Issues 46 Pull Requests 1 Actions Packages Projects Releases 22 Wiki Activity

Added a flag (--filename) to upload an enterprise attestation certificate.

Browse Source 
If this flag is not provided, an enteprise attestation certificate is automatically requested and uploaded.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2022-12-01 19:30:00 +01:00
parent 8bf53a6497
commit 58fbea8929
1 changed files with 28 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
tools/pico-fido-tool.py
View File

@@ -197,7 +197,7 @@ class Vendor:
VENDOR_BACKUP = 0x01 VENDOR_BACKUP = 0x01
VENDOR_MSE = 0x02 VENDOR_MSE = 0x02
VENDOR_UNLOCK = 0x03 VENDOR_UNLOCK = 0x03
VENDOR_CSR = 0x04 VENDOR_EA = 0x04
@unique @unique
class PARAM(IntEnum): class PARAM(IntEnum):
@@ -208,7 +208,8 @@ class Vendor:
ENABLE = 0x01 ENABLE = 0x01
DISABLE = 0x02 DISABLE = 0x02
KEY_AGREEMENT = 0x01 KEY_AGREEMENT = 0x01
CSR = 0x01 EA_CSR = 0x01
EA_UPLOAD = 0x02
class RESP(IntEnum): class RESP(IntEnum):
PARAM = 0x01 PARAM = 0x01
@@ -364,8 +365,17 @@ class Vendor:
def csr(self): def csr(self):
return self._call( return self._call(
Vendor.CMD.VENDOR_CSR, Vendor.CMD.VENDOR_EA,
Vendor.SUBCMD.CSR, Vendor.SUBCMD.EA_CSR,
)[Vendor.RESP.PARAM]
def upload_ea(self, der):
self._call(
Vendor.CMD.VENDOR_EA,
Vendor.SUBCMD.EA_UPLOAD,
{
Vendor.PARAM.PARAM: der
}
) )
def parse_args(): def parse_args():
@@ -379,7 +389,7 @@ def parse_args():
parser_backup.add_argument('filename', help='File to save or load the backup.') parser_backup.add_argument('filename', help='File to save or load the backup.')
parser_attestation = subparser.add_parser('attestation', help='Manages Enterprise Attestation') parser_attestation = subparser.add_parser('attestation', help='Manages Enterprise Attestation')
parser_attestation.add_argument('subcommand', choices=['csr', 'upload']) parser_attestation.add_argument('subcommand', choices=['csr'])
parser_attestation.add_argument('--filename', help='Uploads the certificate filename to the device as enterprise attestation certificate. If not provided, it will generate an enterprise attestation certificate automatically.') parser_attestation.add_argument('--filename', help='Uploads the certificate filename to the device as enterprise attestation certificate. If not provided, it will generate an enterprise attestation certificate automatically.')
args = parser.parse_args() args = parser.parse_args()
@@ -401,11 +411,19 @@ def backup(vdr, args):
def attestation(vdr, args): def attestation(vdr, args):
if (args.subcommand == 'csr'): if (args.subcommand == 'csr'):
csr = x509.load_der_x509_csr(vdr.csr()[1]) if (args.filename is None):
csr = x509.load_der_x509_csr(vdr.csr())
data = urllib.parse.urlencode({'csr': csr.public_bytes(Encoding.PEM)}).encode() data = urllib.parse.urlencode({'csr': csr.public_bytes(Encoding.PEM)}).encode()
j = get_pki_data('csr', data=data) j = get_pki_data('csr', data=data)
cert = x509.load_pem_x509_certificate(j['x509'].encode()) cert = x509.load_pem_x509_certificate(j['x509'].encode())
print(cert) else:
with open(args.filename, 'rb') as f:
dataf = f.read()
try:
cert = x509.load_der_x509_certificate(dataf)
except ValueError:
cert = x509.load_pem_x509_certificate(dataf)
vdr.upload_ea(cert.public_bytes(Encoding.DER))
def main(args): def main(args):
print('Pico Fido Tool v1.4') print('Pico Fido Tool v1.4')