kopia lustrzana https://github.com/conorpp/u2f-zero
add transport keys to setup scripts
rodzic
01e8528e30
commit
6795711a54
|
@ -2,7 +2,7 @@
|
|||
#include <stdint.h>
|
||||
|
||||
code uint8_t __attest[] =
|
||||
"\x30\x82\x01\x9c\x30\x82\x01\x41\x02\x01\x01\x30\x0a\x06\x08\x2a\x86\x48\xce\x3d"
|
||||
"\x30\x82\x01\x9a\x30\x82\x01\x41\x02\x01\x01\x30\x0a\x06\x08\x2a\x86\x48\xce\x3d"
|
||||
"\x04\x03\x02\x30\x7d\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x13"
|
||||
"\x30\x11\x06\x03\x55\x04\x08\x13\x0a\x53\x6f\x6d\x65\x20\x73\x74\x61\x74\x65\x31"
|
||||
"\x12\x30\x10\x06\x03\x55\x04\x07\x13\x09\x53\x6f\x6d\x65\x20\x63\x69\x74\x79\x31"
|
||||
|
@ -10,20 +10,23 @@ code uint8_t __attest[] =
|
|||
"\x6e\x79\x31\x18\x30\x16\x06\x03\x55\x04\x0b\x13\x0f\x53\x6f\x6d\x65\x20\x64\x65"
|
||||
"\x70\x61\x72\x74\x6d\x65\x6e\x74\x31\x14\x30\x12\x06\x03\x55\x04\x03\x13\x0b\x63"
|
||||
"\x6f\x6e\x6f\x72\x70\x70\x2e\x63\x6f\x6d\x30\x1e\x17\x0d\x31\x37\x30\x31\x32\x38"
|
||||
"\x30\x32\x34\x38\x34\x39\x5a\x17\x0d\x32\x33\x30\x31\x32\x37\x30\x32\x34\x38\x34"
|
||||
"\x39\x5a\x30\x36\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x11\x30"
|
||||
"\x30\x34\x35\x34\x30\x37\x5a\x17\x0d\x32\x33\x30\x31\x32\x37\x30\x34\x35\x34\x30"
|
||||
"\x37\x5a\x30\x36\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x11\x30"
|
||||
"\x0f\x06\x03\x55\x04\x0a\x13\x08\x55\x32\x46\x20\x5a\x65\x72\x6f\x31\x14\x30\x12"
|
||||
"\x06\x03\x55\x04\x03\x13\x0b\x75\x32\x66\x7a\x65\x72\x6f\x2e\x63\x6f\x6d\x30\x59"
|
||||
"\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01"
|
||||
"\x07\x03\x42\x00\x04\x02\x12\xb2\x98\x38\x90\x14\xfc\x94\x9c\x7d\x83\x42\x2a\x8a"
|
||||
"\xf4\x81\x45\x37\xb6\x65\xf3\xb0\xe1\x72\x79\xa3\x95\x5c\x8e\x4f\xfe\x7e\x97\xee"
|
||||
"\x4d\x77\x20\x7f\xd7\xf4\x58\x81\xab\x60\x48\x4d\xba\x30\x35\x87\xcc\xe8\x45\x11"
|
||||
"\x4d\x3a\x5c\x06\xba\xf9\x95\x35\x64\x30\x0a\x06\x08\x2a\x86\x48\xce\x3d\x04\x03"
|
||||
"\x02\x03\x49\x00\x30\x46\x02\x21\x00\x96\xce\xbc\xcf\xd4\x8f\x62\x2d\xe5\x3c\x8c"
|
||||
"\x16\x94\x90\x1d\x59\xa8\xec\x80\xf5\x50\xfa\x1e\x60\x87\x48\xb8\x2c\xb2\x26\x2f"
|
||||
"\x8a\x02\x21\x00\x94\xac\x4e\xa7\xe6\xa7\xe2\xd8\x92\x16\x90\xc1\x91\x3b\x7b\x9c"
|
||||
"\xbd\x59\x14\x2b\xdd\x86\xd8\x43\x39\xbd\x0a\x74\x76\x6b\x8d\x72"
|
||||
"\x07\x03\x42\x00\x04\x9d\x83\xdc\x35\x8f\x69\x15\xc3\x58\x49\xca\x9d\x8c\xe4\xc5"
|
||||
"\x40\x3c\xba\x9e\xb2\x34\xb6\x10\x94\x52\xd3\x5c\xf9\x4e\x52\x59\x2b\x1b\xbe\x4c"
|
||||
"\x32\x2b\x1c\x57\x11\x20\xe1\xe6\xd3\x7f\xc4\x42\xef\x66\xf0\x64\x24\x9a\xcd\xe0"
|
||||
"\x13\x87\x59\xe3\x0b\xd3\xd2\x2b\x8a\x30\x0a\x06\x08\x2a\x86\x48\xce\x3d\x04\x03"
|
||||
"\x02\x03\x47\x00\x30\x44\x02\x20\x3d\xf1\xf4\x3f\x20\x82\x96\x13\xd6\x58\xb7\x71"
|
||||
"\x29\xb7\x2c\xef\x3f\x86\x6c\xff\x54\xa9\xe0\x86\x7d\x33\x4a\x69\x12\x67\x89\xee"
|
||||
"\x02\x20\x09\xa0\x51\x59\x0a\x44\x7c\x6b\xae\x56\x57\x62\x7d\x3c\x99\x37\xda\xb5"
|
||||
"\x85\x98\x09\xac\x10\x96\x8f\xce\xed\x06\x94\x9b\x96\xb0"
|
||||
;
|
||||
const uint16_t __attest_size = sizeof(__attest)-1;
|
||||
|
||||
|
||||
code uint8_t WMASK[] = "\x3a\xf2\x0d\x94\xcb\xa5\x5c\x30\x20\x36\x36\xfc\x11\x59\x12\x02\x6a\xca\xcb\x3d"
|
||||
"\x06\x38\x1e\xd4\xc8\xc7\xc4\xab\xe5\x43\xb9\x90\x5e\xc5\x9d\xe4";
|
||||
code uint8_t RMASK[] = "\x54\x6d\xd4\xed\xe8\x20\x10\x13\xe2\x9f\xa8\x94\xde\x82\xd0\xe3\xa8\xc2\x49\x9c"
|
||||
"\x41\x4b\x3b\x94\x18\xca\x10\x0c\x20\x5d\x20\x3e";
|
||||
|
|
|
@ -41,8 +41,6 @@
|
|||
#include "bsp.h"
|
||||
#include "u2f.h"
|
||||
|
||||
code uint8_t WMASK[] = "\xd7\x53\x3f\x4a\xb4\x0c\xee\x39\xc2\x52\xf8\x83\x86\x59\xde\xe0\x82\xfb\xae\x50\x55\x01\x27\x6b\x74\x1f\xb6\xa1\x93\xb6\xf5\x92\xe4\x11\x17\x3f";
|
||||
code uint8_t RMASK[] = "ueragfeaiswuftwiauekygfikslezgdhf";
|
||||
|
||||
// void u2f_response_writeback(uint8_t * buf, uint8_t len);
|
||||
static int16_t u2f_register(struct u2f_register_request * req);
|
||||
|
|
|
@ -6,13 +6,18 @@ from __future__ import print_function
|
|||
Output a c file with the DER certificate.
|
||||
Read der file as input
|
||||
"""
|
||||
import sys,fileinput
|
||||
import sys,fileinput,binascii
|
||||
|
||||
if len(sys.argv) != 2:
|
||||
print('usage: %s <certificate.der>' % sys.argv[0])
|
||||
if len(sys.argv) not in [2,3]:
|
||||
print('usage: %s <certificate.der|hex-input> [-s]' % sys.argv[0])
|
||||
print(' -s: just output c string (for general use)')
|
||||
sys.exit(1)
|
||||
|
||||
buf = bytearray(open(sys.argv[1], 'rb').read())
|
||||
buf = None
|
||||
try:
|
||||
buf = bytearray(open(sys.argv[1], 'rb').read())
|
||||
except:
|
||||
buf = bytearray(binascii.unhexlify(sys.argv[1]))
|
||||
|
||||
c_str = ''
|
||||
size = len(buf)
|
||||
|
@ -22,8 +27,14 @@ a = ''.join(map(lambda c:'\\x%02x'%c, buf))
|
|||
for i in range(0,len(a), 80):
|
||||
c_str += ("\""+a[i:i+80]+"\"\n")
|
||||
|
||||
if '-s' in sys.argv:
|
||||
print(c_str)
|
||||
sys.exit(0)
|
||||
|
||||
print('// generated')
|
||||
print('#include <stdint.h>')
|
||||
print()
|
||||
print('code uint8_t __attest[] = \n%s;' % c_str)
|
||||
print('const uint16_t __attest_size = sizeof(__attest)-1;')
|
||||
|
||||
|
||||
|
|
|
@ -67,10 +67,21 @@ done
|
|||
|
||||
|
||||
echo "generate attestation certificate..."
|
||||
gencert.sh "$1" "$(cat pubkey.hex)" attest.der > ../firmware/src/cert.c
|
||||
|
||||
gencert.sh "$1" "$(cat pubkey.hex|head -n 1)" attest.der > ../firmware/src/cert.c
|
||||
[[ "$?" -ne "0" ]] && exit 1
|
||||
|
||||
wkey=$(cbytes.py "$(cat pubkey.hex|head -n 2|tail -n1)" -s)
|
||||
[[ "$?" -ne "0" ]] && exit 1
|
||||
|
||||
rkey=$(cbytes.py "$(cat pubkey.hex|tail -n 1)" -s)
|
||||
[[ "$?" -ne "0" ]] && exit 1
|
||||
|
||||
|
||||
echo "" >> ../firmware/src/cert.c
|
||||
echo "code uint8_t WMASK[] = $wkey;" >> ../firmware/src/cert.c
|
||||
echo "code uint8_t RMASK[] = $rkey;" >> ../firmware/src/cert.c
|
||||
|
||||
|
||||
if [[ -n $SN_build ]] ; then
|
||||
echo "setting SN to $SN_build"
|
||||
sed -i "/#define SER_STRING.*/c\#define SER_STRING \"$SN_build\"" ../firmware/src/descriptors.c
|
||||
|
|
|
@ -155,56 +155,56 @@ def do_configure(h,output):
|
|||
config = "\x01\x23\x6d\x10\x00\x00\x50\x00\xd7\x2c\xa5\x71\xee\xc0\x85\x00\xc0\x00\x55\x00\x83\x71\x81\x01\x83\x71\xC1\x01\x83\x71\x83\x71\x83\x71\xC1\x71\x01\x01\x83\x71\x83\x71\xC1\x71\x83\x71\x83\x71\x83\x71\x83\xa0\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x55\x55\xff\xff\x00\x00\x00\x00\x00\x00\x13\x00\x3C\x00\x13\x00\x3C\x00\x13\x00\x3C\x00\x13\x00\x3C\x00\x3c\x00\x3C\x00\x13\x00\x3C\x00\x13\x00\x3C\x00\x13\x00\x33\x00"
|
||||
|
||||
|
||||
if 1:
|
||||
h.write([0,commands.U2F_CONFIG_IS_BUILD])
|
||||
data = h.read(64,1000)
|
||||
if data[1] == 1:
|
||||
print( 'Device is configured.')
|
||||
else:
|
||||
die('Device not configured')
|
||||
h.write([0,commands.U2F_CONFIG_IS_BUILD])
|
||||
data = h.read(64,1000)
|
||||
if data[1] == 1:
|
||||
print( 'Device is configured.')
|
||||
else:
|
||||
die('Device not configured')
|
||||
|
||||
time.sleep(0.250)
|
||||
time.sleep(0.250)
|
||||
|
||||
h.write([0,commands.U2F_CONFIG_GET_SERIAL_NUM])
|
||||
while True:
|
||||
data = read_n_tries(h,5,64,1000)
|
||||
l = data[1]
|
||||
print( 'read %i bytes' % l)
|
||||
if data[0] == commands.U2F_CONFIG_GET_SERIAL_NUM:
|
||||
break
|
||||
print( data)
|
||||
config = array.array('B',data[2:2+l]).tostring() + config[l:]
|
||||
print( 'conf: ', binascii.hexlify(config))
|
||||
time.sleep(0.250)
|
||||
|
||||
|
||||
crc = get_crc(config)
|
||||
print( 'crc is ', [hex(x) for x in crc])
|
||||
h.write([0,commands.U2F_CONFIG_LOCK] + crc)
|
||||
h.write([0,commands.U2F_CONFIG_GET_SERIAL_NUM])
|
||||
while True:
|
||||
data = read_n_tries(h,5,64,1000)
|
||||
|
||||
if data[1] == 1:
|
||||
print( 'locked eeprom with crc ',crc)
|
||||
else:
|
||||
die('not locked')
|
||||
|
||||
time.sleep(0.250)
|
||||
|
||||
h.write([0,commands.U2F_CONFIG_GENKEY])
|
||||
data = read_n_tries(h,5,64,1000)
|
||||
data = array.array('B',data).tostring()
|
||||
data = binascii.hexlify(data)
|
||||
print( 'generated key:')
|
||||
print( data)
|
||||
open(output,'w+').write(data)
|
||||
l = data[1]
|
||||
print( 'read %i bytes' % l)
|
||||
if data[0] == commands.U2F_CONFIG_GET_SERIAL_NUM:
|
||||
break
|
||||
print( data)
|
||||
config = array.array('B',data[2:2+l]).tostring() + config[l:]
|
||||
print( 'conf: ', binascii.hexlify(config))
|
||||
time.sleep(0.250)
|
||||
|
||||
|
||||
trans_key = [random.randint(0,255)&0xff for x in range(0,32)]
|
||||
h.write([0,commands.U2F_CONFIG_LOAD_TRANS_KEY]+trans_key)
|
||||
crc = get_crc(config)
|
||||
print( 'crc is ', [hex(x) for x in crc])
|
||||
h.write([0,commands.U2F_CONFIG_LOCK] + crc)
|
||||
data = read_n_tries(h,5,64,1000)
|
||||
|
||||
if data[1] == 1:
|
||||
print( 'locked eeprom with crc ',crc)
|
||||
else:
|
||||
die('not locked')
|
||||
|
||||
time.sleep(0.250)
|
||||
|
||||
h.write([0,commands.U2F_CONFIG_GENKEY])
|
||||
data = read_n_tries(h,5,64,1000)
|
||||
data = array.array('B',data).tostring()
|
||||
data = binascii.hexlify(data)
|
||||
|
||||
wkey = [random.randint(0,255)&0xff for x in range(0,32)]
|
||||
rkey = [random.randint(0,255)&0xff for x in range(0,32)]
|
||||
h.write([0,commands.U2F_CONFIG_LOAD_TRANS_KEY]+wkey)
|
||||
|
||||
wkey = get_write_mask(''.join([chr(x) for x in wkey]))
|
||||
rkey = get_write_mask(''.join([chr(x) for x in rkey]))[:64]
|
||||
|
||||
print('writing keys to ', output)
|
||||
print(data)
|
||||
open(output,'w+').write(data +'\n' + wkey + '\n' + rkey)
|
||||
|
||||
mask = get_write_mask(''.join([chr(x) for x in trans_key]))
|
||||
print('write mask: ', mask)
|
||||
open(output+'_mask','w+').write(mask)
|
||||
print( 'Done')
|
||||
|
||||
|
||||
|
|
Ładowanie…
Reference in New Issue