From 44516dd79e98af5c723526dd4a20c5f8e3328db0 Mon Sep 17 00:00:00 2001 From: Arnaud Fontaine Date: Fri, 30 Nov 2018 13:38:25 +0100 Subject: [PATCH] smartpgp-cli: add put AUTH and SIGN certificates --- bin/smartpgp-cli | 2 ++ bin/smartpgp/commands.py | 42 +++++++++++++++++++++++++++++++++++++++ bin/smartpgp/highlevel.py | 24 ++++++++++++++++++++++ 3 files changed, 68 insertions(+) diff --git a/bin/smartpgp-cli b/bin/smartpgp-cli index b88e02a..e06fe2c 100755 --- a/bin/smartpgp-cli +++ b/bin/smartpgp-cli @@ -41,6 +41,8 @@ VALID_COMMANDS={ 'set-resetting-code': CardConnectionContext.cmd_set_resetting_code, 'unblock-pin': CardConnectionContext.cmd_unblock_pin, 'put-sm-key': CardConnectionContext.cmd_put_sm_key, + 'put-sign-certificate': CardConnectionContext.cmd_put_sign_certificate, + 'put-auth-certificate': CardConnectionContext.cmd_put_auth_certificate, 'put-sm-certificate': CardConnectionContext.cmd_put_sm_certificate, 'get-sm-certificate': CardConnectionContext.cmd_get_sm_certificate, 'put-aes-key': CardConnectionContext.cmd_put_aes_key, diff --git a/bin/smartpgp/commands.py b/bin/smartpgp/commands.py index b143b2e..b98c687 100644 --- a/bin/smartpgp/commands.py +++ b/bin/smartpgp/commands.py @@ -237,6 +237,48 @@ def put_sm_key(connection, pubkey, privkey): apdu = assemble_with_len([cla] + ins_p1_p2, data) _raw_send_apdu(connection,"Sending SM key chunk",apdu) +def put_sign_certificate(connection, cert): + prefix = [0x00, 0xA5, 0x02, 0x04] + data = [0x60, 0x04, 0x5C, 0x02, 0x7F, 0x21] + apdu = assemble_with_len(prefix, data) + _raw_send_apdu(connection,"Selecting SIGN certificate",apdu) + ins_p1_p2 = [0xDA, 0x7F, 0x21] + i = 0 + cl = 255 + l = len(cert) + while i < l: + if (l - i) <= cl: + cla = 0x00 + data = cert[i:] + i = l + else: + cla = 0x10 + data = cert[i:i+cl] + i = i + cl + apdu = assemble_with_len([cla] + ins_p1_p2, data) + _raw_send_apdu(connection,"Sending SIGN certificate chunk",apdu) + +def put_auth_certificate(connection, cert): + prefix = [0x00, 0xA5, 0x00, 0x04] + data = [0x60, 0x04, 0x5C, 0x02, 0x7F, 0x21] + apdu = assemble_with_len(prefix, data) + _raw_send_apdu(connection,"Selecting AUTH certificate",apdu) + ins_p1_p2 = [0xDA, 0x7F, 0x21] + i = 0 + cl = 255 + l = len(cert) + while i < l: + if (l - i) <= cl: + cla = 0x00 + data = cert[i:] + i = l + else: + cla = 0x10 + data = cert[i:i+cl] + i = i + cl + apdu = assemble_with_len([cla] + ins_p1_p2, data) + _raw_send_apdu(connection,"Sending AUTH certificate chunk",apdu) + def put_sm_certificate(connection, cert): prefix = [0x00, 0xA5, 0x03, 0x04] data = [0x60, 0x04, 0x5C, 0x02, 0x7F, 0x21] diff --git a/bin/smartpgp/highlevel.py b/bin/smartpgp/highlevel.py index 623efd2..6488834 100644 --- a/bin/smartpgp/highlevel.py +++ b/bin/smartpgp/highlevel.py @@ -224,6 +224,30 @@ class CardConnectionContext: new_user_pin = self.read_pin("new user") unblock_pin(self.connection, resetting_code, new_user_pin) + def cmd_put_sign_certificate(self): + if self.input is None: + print "No input certificate file" + return + f = open(self.input, 'r') + cert = f.read() + cert = [ord(c) for c in cert] + f.close() + self.connect() + self.verify_admin_pin() + put_sign_certificate(self.connection, cert) + + def cmd_put_auth_certificate(self): + if self.input is None: + print "No input certificate file" + return + f = open(self.input, 'r') + cert = f.read() + cert = [ord(c) for c in cert] + f.close() + self.connect() + self.verify_admin_pin() + put_auth_certificate(self.connection, cert) + def cmd_put_sm_certificate(self): if self.input is None: print "No input certificate file"