smartpgp-cli: add put AUTH and SIGN certificates

2018-11-30 13:38:25 +01:00 · 2018-11-30 13:38:25 +01:00 · 44516dd79e
commit 44516dd79e
parent 770c7a3f50
3 changed files with 68 additions and 0 deletions
--- a/bin/smartpgp-cli
+++ b/bin/smartpgp-cli
@ -41,6 +41,8 @@ VALID_COMMANDS={
        'set-resetting-code': CardConnectionContext.cmd_set_resetting_code,
        'unblock-pin': CardConnectionContext.cmd_unblock_pin,
        'put-sm-key': CardConnectionContext.cmd_put_sm_key,
+        'put-sign-certificate': CardConnectionContext.cmd_put_sign_certificate,
+        'put-auth-certificate': CardConnectionContext.cmd_put_auth_certificate,
        'put-sm-certificate': CardConnectionContext.cmd_put_sm_certificate,
        'get-sm-certificate': CardConnectionContext.cmd_get_sm_certificate,
        'put-aes-key': CardConnectionContext.cmd_put_aes_key,
--- a/bin/smartpgp/commands.py
+++ b/bin/smartpgp/commands.py
@ -237,6 +237,48 @@ def put_sm_key(connection, pubkey, privkey):
        apdu = assemble_with_len([cla] + ins_p1_p2, data)
        _raw_send_apdu(connection,"Sending SM key chunk",apdu)

+def put_sign_certificate(connection, cert):
+    prefix = [0x00, 0xA5, 0x02, 0x04]
+    data = [0x60, 0x04, 0x5C, 0x02, 0x7F, 0x21]
+    apdu = assemble_with_len(prefix, data)
+    _raw_send_apdu(connection,"Selecting SIGN certificate",apdu)
+    ins_p1_p2 = [0xDA, 0x7F, 0x21]
+    i = 0
+    cl = 255
+    l = len(cert)
+    while i < l:
+        if (l - i) <= cl:
+            cla = 0x00
+            data = cert[i:]
+            i = l
+        else:
+            cla = 0x10
+            data = cert[i:i+cl]
+            i = i + cl
+        apdu = assemble_with_len([cla] + ins_p1_p2, data)
+        _raw_send_apdu(connection,"Sending SIGN certificate chunk",apdu)
+
+def put_auth_certificate(connection, cert):
+    prefix = [0x00, 0xA5, 0x00, 0x04]
+    data = [0x60, 0x04, 0x5C, 0x02, 0x7F, 0x21]
+    apdu = assemble_with_len(prefix, data)
+    _raw_send_apdu(connection,"Selecting AUTH certificate",apdu)
+    ins_p1_p2 = [0xDA, 0x7F, 0x21]
+    i = 0
+    cl = 255
+    l = len(cert)
+    while i < l:
+        if (l - i) <= cl:
+            cla = 0x00
+            data = cert[i:]
+            i = l
+        else:
+            cla = 0x10
+            data = cert[i:i+cl]
+            i = i + cl
+        apdu = assemble_with_len([cla] + ins_p1_p2, data)
+        _raw_send_apdu(connection,"Sending AUTH certificate chunk",apdu)
+
 def put_sm_certificate(connection, cert):
    prefix = [0x00, 0xA5, 0x03, 0x04]
    data = [0x60, 0x04, 0x5C, 0x02, 0x7F, 0x21]
--- a/bin/smartpgp/highlevel.py
+++ b/bin/smartpgp/highlevel.py
@ -224,6 +224,30 @@ class CardConnectionContext:
        new_user_pin = self.read_pin("new user")
        unblock_pin(self.connection, resetting_code, new_user_pin)

+    def cmd_put_sign_certificate(self):
+        if self.input is None:
+            print "No input certificate file"
+            return
+        f = open(self.input, 'r')
+        cert = f.read()
+        cert = [ord(c) for c in cert]
+        f.close()
+        self.connect()
+        self.verify_admin_pin()
+        put_sign_certificate(self.connection, cert)
+
+    def cmd_put_auth_certificate(self):
+        if self.input is None:
+            print "No input certificate file"
+            return
+        f = open(self.input, 'r')
+        cert = f.read()
+        cert = [ord(c) for c in cert]
+        f.close()
+        self.connect()
+        self.verify_admin_pin()
+        put_auth_certificate(self.connection, cert)
+
    def cmd_put_sm_certificate(self):
        if self.input is None:
            print "No input certificate file"