Removing trailing spaces.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
@@ -7,17 +7,18 @@ from cvc.asn1 import ASN1
|
|||||||
import json
|
import json
|
||||||
import urllib.request
|
import urllib.request
|
||||||
import base64
|
import base64
|
||||||
from getpass import getpass
|
|
||||||
from binascii import hexlify
|
from binascii import hexlify
|
||||||
|
|
||||||
|
|
||||||
class APDUResponse(Exception):
|
class APDUResponse(Exception):
|
||||||
def __init__(self, sw1, sw2):
|
def __init__(self, sw1, sw2):
|
||||||
self.sw1 = sw1
|
self.sw1 = sw1
|
||||||
self.sw2 = sw2
|
self.sw2 = sw2
|
||||||
super().__init__(f'SW:{sw1:02X}{sw2:02X}')
|
super().__init__(f'SW:{sw1:02X}{sw2:02X}')
|
||||||
|
|
||||||
|
|
||||||
def send_apdu(card, command, p1, p2, data):
|
def send_apdu(card, command, p1, p2, data):
|
||||||
lc = [0x00] + list(len(data).to_bytes(2,'big'))
|
lc = [0x00] + list(len(data).to_bytes(2, 'big'))
|
||||||
le = [0x00, 0x00]
|
le = [0x00, 0x00]
|
||||||
if (isinstance(command, list) and len(command) > 1):
|
if (isinstance(command, list) and len(command) > 1):
|
||||||
apdu = command
|
apdu = command
|
||||||
@@ -27,9 +28,10 @@ def send_apdu(card, command, p1, p2, data):
|
|||||||
apdu = apdu + [p1, p2] + lc + data + le
|
apdu = apdu + [p1, p2] + lc + data + le
|
||||||
response, sw1, sw2 = card.connection.transmit(apdu)
|
response, sw1, sw2 = card.connection.transmit(apdu)
|
||||||
if (sw1 != 0x90):
|
if (sw1 != 0x90):
|
||||||
raise APDUResponse(sw1,sw2)
|
raise APDUResponse(sw1, sw2)
|
||||||
return response
|
return response
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
print('Pico HSM burning certificates tool v1.0')
|
print('Pico HSM burning certificates tool v1.0')
|
||||||
print('Author: Pol Henarejos')
|
print('Author: Pol Henarejos')
|
||||||
@@ -40,7 +42,8 @@ def main():
|
|||||||
print('* PLEASE READ IT CAREFULLY *')
|
print('* PLEASE READ IT CAREFULLY *')
|
||||||
print('********************************')
|
print('********************************')
|
||||||
print('')
|
print('')
|
||||||
print('This tool will erase and reset your device. It will delete all private and secret keys.')
|
print('This tool will erase and reset your device. It will delete all '
|
||||||
|
'private and secret keys.')
|
||||||
print('Are you sure?')
|
print('Are you sure?')
|
||||||
_ = input('[Press enter to confirm]')
|
_ = input('[Press enter to confirm]')
|
||||||
cardtype = AnyCardType()
|
cardtype = AnyCardType()
|
||||||
@@ -52,43 +55,55 @@ def main():
|
|||||||
# connect to the card and perform a few transmits
|
# connect to the card and perform a few transmits
|
||||||
card.connection.connect()
|
card.connection.connect()
|
||||||
|
|
||||||
reset_data = [0x80, 0x02, 0x00, 0x01, 0x81, 0x06, 0x36, 0x34, 0x38, 0x32, 0x31, 0x39, 0x82, 0x08, 0x35, 0x37, 0x36, 0x32, 0x31, 0x38, 0x38, 0x30, 0x91, 0x01, 0x03]
|
reset_data = [0x80, 0x02, 0x00, 0x01, 0x81, 0x06, 0x36, 0x34, 0x38,
|
||||||
|
0x32, 0x31,
|
||||||
|
0x39, 0x82, 0x08, 0x35, 0x37, 0x36, 0x32, 0x31, 0x38,
|
||||||
|
0x38, 0x30, 0x91, 0x01, 0x03]
|
||||||
response = send_apdu(card, [0x80, 0x50], 0x00, 0x00, reset_data)
|
response = send_apdu(card, [0x80, 0x50], 0x00, 0x00, reset_data)
|
||||||
|
|
||||||
response = send_apdu(card, 0xB1, 0xCE, 0x00, [0x54,0x02,0x00,0x00])
|
response = send_apdu(card, 0xB1, 0xCE, 0x00, [0x54, 0x02, 0x00, 0x00])
|
||||||
|
|
||||||
cert = bytearray(response)
|
cert = bytearray(response)
|
||||||
Y = CVC().decode(cert).pubkey().find(0x86).data()
|
Y = CVC().decode(cert).pubkey().find(0x86).data()
|
||||||
print(f'Public Point: {hexlify(Y).decode()}')
|
print(f'Public Point: {hexlify(Y).decode()}')
|
||||||
|
|
||||||
user_agent = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7'
|
user_agent = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; '
|
||||||
|
'rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7'
|
||||||
pbk = base64.urlsafe_b64encode(Y)
|
pbk = base64.urlsafe_b64encode(Y)
|
||||||
data = urllib.parse.urlencode({'pubkey':pbk}).encode()
|
data = urllib.parse.urlencode({'pubkey': pbk}).encode()
|
||||||
req = urllib.request.Request("https://www.henarejos.me/pico-hsm/cvc/", method='POST', data=data, headers={'User-Agent':user_agent,} ) #The assembled request
|
req = urllib.request.Request("https://www.henarejos.me/pico-hsm/cvc/",
|
||||||
|
method='POST',
|
||||||
|
data=data,
|
||||||
|
headers={'User-Agent': user_agent, })
|
||||||
response = urllib.request.urlopen(req)
|
response = urllib.request.urlopen(req)
|
||||||
resp = response.read().decode('utf-8')
|
resp = response.read().decode('utf-8')
|
||||||
j = json.loads(resp)
|
j = json.loads(resp)
|
||||||
print('Device name: '+j['devname'])
|
print('Device name: '+j['devname'])
|
||||||
dataef = base64.urlsafe_b64decode(j['cvcert']) + base64.urlsafe_b64decode(j['dvcert'])
|
dataef = base64.urlsafe_b64decode(
|
||||||
|
j['cvcert']) + base64.urlsafe_b64decode(j['dvcert'])
|
||||||
|
|
||||||
response = send_apdu(card, 0xa4, 0x00, 0x00, [0x2f,0x02])
|
response = send_apdu(card, 0xa4, 0x00, 0x00, [0x2f, 0x02])
|
||||||
pin = b'648219'
|
pin = b'648219'
|
||||||
response = send_apdu(card, 0x20, 0x00, 0x81, list(pin))
|
response = send_apdu(card, 0x20, 0x00, 0x81, list(pin))
|
||||||
|
|
||||||
apdu_data = [0x54, 0x02, 0x00, 0x00] + list(ASN1.make_tag(0x53, dataef))
|
apdu_data = [0x54, 0x02, 0x00, 0x00] + \
|
||||||
|
list(ASN1.make_tag(0x53, dataef))
|
||||||
response = send_apdu(card, 0xd7, 0x00, 0x00, apdu_data)
|
response = send_apdu(card, 0xd7, 0x00, 0x00, apdu_data)
|
||||||
|
|
||||||
print('Certificate uploaded successfully!')
|
print('Certificate uploaded successfully!')
|
||||||
print('')
|
print('')
|
||||||
print('Note that the device is initialized with a default PIN and configuration.')
|
print('Note that the device is initialized with a default PIN and '
|
||||||
print('Now you can initialize the device as usual with you chosen PIN and configuration options.')
|
'configuration.')
|
||||||
|
print('Now you can initialize the device as usual with you chosen PIN '
|
||||||
|
'and configuration options.')
|
||||||
|
|
||||||
except CardRequestTimeoutException:
|
except CardRequestTimeoutException:
|
||||||
print('time-out: no card inserted during last 10s')
|
print('time-out: no card inserted during last 10s')
|
||||||
|
|
||||||
|
|
||||||
def run():
|
def run():
|
||||||
main()
|
main()
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
run()
|
run()
|
||||||
|
|
||||||
@@ -86,7 +86,7 @@ sc-hsm-tool -X --so-pin 1234567890123456 --pin 648219 -K 1 -n 1 -s 1
|
|||||||
|
|
||||||
and PKA and PIN are enabled, jointly with DKEK protection.
|
and PKA and PIN are enabled, jointly with DKEK protection.
|
||||||
|
|
||||||
### With SCS3
|
###<EFBFBD>With SCS3
|
||||||
|
|
||||||
Unfortunately, SCS3 does not allow to initialize the device with PKA and PIN at the same time, though it can be achieved in separated steps:
|
Unfortunately, SCS3 does not allow to initialize the device with PKA and PIN at the same time, though it can be achieved in separated steps:
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user