Implement setup-kdf in smartpgp-cli

2020-01-23 19:37:41 +01:00 · 2020-01-23 19:37:41 +01:00 · 4be0fa442b
commit 4be0fa442b
parent 9b77f6c26b
3 changed files with 120 additions and 0 deletions
--- a/bin/smartpgp-cli
+++ b/bin/smartpgp-cli
@ -50,6 +50,7 @@ VALID_COMMANDS={
        'decrypt-aes': CardConnectionContext.cmd_decrypt_aes,
        'get-kdf': CardConnectionContext.cmd_get_kdf,
        'set-kdf': CardConnectionContext.cmd_set_kdf,
+        'setup-kdf': CardConnectionContext.cmd_setup_kdf,
        }

 def read_pin_interactive(name):
--- a/bin/smartpgp/commands.py
+++ b/bin/smartpgp/commands.py
@ -23,6 +23,10 @@ from smartcard.System import readers
 from smartcard.util import toHexString

 import struct
+import os
+import array
+import hashlib
+

 SELECT = [0x00, 0xA4, 0x04, 0x00,
          0x06,
@ -110,6 +114,27 @@ def encode_len(data):
        l = [l & 0xff]
    return l

+
+def kdf_itersalted_s2k(salt, value, algo, count):
+    if algo == 0x08: #SHA256
+        f = hashlib.new('sha256')
+    elif algo == 0x0A: #SHA512
+        f = hashlib.new('sha512')
+    else:
+        print "invalid KDF"
+    salt = [ord(c) for c in salt]
+    value = [ord(c) for c in value]
+    data = salt + value
+    data = array.array('B', data).tostring()
+    datalen = len(data)
+    while datalen <= count:
+        f.update(data)
+        count -= datalen
+    if 0 < count:
+        f.update(data[0:count])
+    return f.digest()
+
+
 def _raw_send_apdu(connection, text, apdu):
    print "%s" % text
    apdu = [int(c) for c in apdu]
@ -396,3 +421,22 @@ def get_kdf_do(connection):
    apdu = [0x00, 0xCA, 0x00, 0xF9, 0x00]
    (data,sw1,sw2) = _raw_send_apdu(connection,"Get KDF-DO",apdu)
    return (data,sw1,sw2)
+
+
+def change_reference_data_pw1(connection, old, new):
+    prefix = [0x00, 0x24, 0x00, 0x81]
+    old = ascii_encode_pin(old)
+    new = ascii_encode_pin(new)
+    data = old + new
+    apdu = assemble_with_len(prefix, data)
+    (_,sw1,sw2) = _raw_send_apdu(connection,"Change PW1", apdu)
+    return (sw1,sw2)
+
+def change_reference_data_pw3(connection, old, new):
+    prefix = [0x00, 0x24, 0x00, 0x83]
+    old = ascii_encode_pin(old)
+    new = ascii_encode_pin(new)
+    data = old + new
+    apdu = assemble_with_len(prefix, data)
+    (_,sw1,sw2) = _raw_send_apdu(connection,"Change PW3", apdu)
+    return (sw1,sw2)
--- a/bin/smartpgp/highlevel.py
+++ b/bin/smartpgp/highlevel.py
@ -24,6 +24,11 @@ import pyasn1
 from pyasn1.type import univ
 from pyasn1.codec.der import encoder as der_encoder,decoder as der_decoder

+
+
+class InvalidKDF(Exception):
+    pass
+
 class ConnectionFailed(Exception):
    pass

@ -343,3 +348,73 @@ class CardConnectionContext:
        with open(self.output, 'w') as f:
            f.write(kdf_do)
            f.close()
+
+
+    def cmd_setup_kdf(self):
+        self.connect()
+        (kdf_do,_,_) = get_kdf_do(self.connection)
+        if 5 < len(kdf_do):
+            print "KDF already setup"
+            return
+        ####### step 1
+        pw1 = self.read_pin("User")
+        resetting_code = self.read_pin("PUK")
+        if len(resetting_code) == 0:
+            resetting_code = None
+        pw3 = self.read_pin("Admin")
+        ####### step 1bis
+        pw1 = pw1
+        if resetting_code <> None:
+            resetting_code = resetting_code
+        pw3 = pw3
+        ####### step 2
+        salt_size = 8
+        algo = 0x08 #SHA256
+        nbiter = 200000
+        ndata81 = [0x81, 0x01, 0x03] #KDF_ITERSALTED_S2K
+        ndata82 = [0x82, 0x01, algo]
+        ndata83 = [0x83, 0x04, nbiter >> 24, (nbiter >> 16) & 0xff, (nbiter >> 8) & 0xff, nbiter & 0xff] #NB ITERATIONS
+        salt_pw1 = os.urandom(salt_size)
+        ndata84 = assemble_with_len([0x84], [ord(c) for c in salt_pw1]) #SALT PW1
+        salt_resetting_code = os.urandom(salt_size)
+        ndata85 = assemble_with_len([0x85], [ord(c) for c in salt_resetting_code]) #SALT RESETTING CODE
+        salt_pw3 = os.urandom(salt_size)
+        ndata86 = assemble_with_len([0x86], [ord(c) for c in salt_pw3]) #SALT PW3
+        h87 = kdf_itersalted_s2k(salt_pw1, "123456", algo, nbiter) #HASH OF "123456"
+        h87 = [ord(c) for c in h87]
+        ndata87 = assemble_with_len([0x87], h87)
+        h88 = kdf_itersalted_s2k(salt_pw3, "12345678", algo, nbiter) #HASH OF "12345678"
+        h88 = [ord(c) for c in h88]
+        ndata88 = assemble_with_len([0x88], h88)
+        nkdf_do = ndata81 + ndata82 + ndata83 + ndata84 + ndata85 + ndata86 + ndata87 + ndata88
+        ####### step 2bis
+        npw1 = kdf_itersalted_s2k(salt_pw1, pw1, algo, nbiter)
+        if resetting_code <> None:
+            nresetting_code = kdf_itersalted_s2k(salt_resetting_code, resetting_code, algo, nbiter)
+        else:
+            nresetting_code = None
+        npw3 = kdf_itersalted_s2k(salt_pw3, pw3, algo, nbiter)
+        ####### step 3
+        (_,sw1,sw2) = verif_admin_pin(self.connection, pw3)
+        if sw1==0x90 and sw2==0x00:
+            self.verified = True
+        else:
+            raise AdminPINFailed
+        ####### step 3bis
+        if nresetting_code <> None:
+            set_resetting_code(self.connection, nresetting_code)
+            if sw1!=0x90 or sw2!=0x00:
+                print "set_resetting_code failed"
+                return
+        ####### step 4
+        change_reference_data_pw1(self.connection, pw1, npw1)
+        if sw1!=0x90 or sw2!=0x00:
+            print "change_reference_data_pw1 failed"
+            return
+        ####### step 4bis
+        change_reference_data_pw3(self.connection, pw3, npw3)
+        if sw1!=0x90 or sw2!=0x00:
+            print "change_reference_data_pw3 failed"
+            return
+        ####### step 5
+        put_kdf_do(self.connection, nkdf_do)