smartpgp-cli: add switch commands for RSA

2021-07-15 10:37:17 +02:00 · 2021-07-15 10:37:17 +02:00 · af148332b5
commit af148332b5
parent f66c46b61d
3 changed files with 55 additions and 3 deletions
--- a/bin/smartpgp-cli
+++ b/bin/smartpgp-cli
@ -30,7 +30,9 @@ VALID_COMMANDS={
        'list-readers':CardConnectionContext.cmd_list_readers,
        'full-reset':  CardConnectionContext.cmd_full_reset,
        'reset':       CardConnectionContext.cmd_reset,
-        'switch-rsa':  CardConnectionContext.cmd_switch_rsa2048,
+        'switch-rsa2048':  CardConnectionContext.cmd_switch_rsa2048,
+        'switch-rsa3072':  CardConnectionContext.cmd_switch_rsa3072,
+        'switch-rsa4096':  CardConnectionContext.cmd_switch_rsa4096,
        'switch-bp256':CardConnectionContext.cmd_switch_bp256,
        'switch-bp384':CardConnectionContext.cmd_switch_bp384,
        'switch-bp512':CardConnectionContext.cmd_switch_bp512,
--- a/bin/smartpgp/commands.py
+++ b/bin/smartpgp/commands.py
@ -180,7 +180,7 @@ def reset_card(connection):
    _raw_send_apdu(connection,"Terminate",TERMINATE)
    _raw_send_apdu(connection,"Activate",ACTIVATE)

-def switch_crypto_rsa(connection,key_role):
+def switch_crypto_rsa_2048(connection,key_role):
    data = [
        0x01,       # RSA
        0x08, 0x00, # 2048 bits modulus
@ -200,12 +200,56 @@ def switch_crypto_rsa(connection,key_role):
    apdu = assemble_with_len(prefix, data)
    _raw_send_apdu(connection,"Switch to RSA2048 (%s)" % (key_role,),apdu)

+def switch_crypto_rsa_3072(connection,key_role):
+    data = [
+        0x01,       # RSA
+        0x0C, 0x00, # 3072 bits modulus
+        0x00, 0x11, # 65537 - 17 bits public exponent
+        0x03]       # crt form with modulus
+    if key_role == 'sig':
+        role = 0xc1
+    elif key_role == 'dec':
+        role = 0xc2
+    elif key_role == 'auth':
+        role = 0xc3
+    elif key_role == 'sm':
+        role = 0xd4
+    else:
+        raise WrongKeyRole
+    prefix = [0x00, 0xDA, 0x00] + [role]
+    apdu = assemble_with_len(prefix, data)
+    _raw_send_apdu(connection,"Switch to RSA3072 (%s)" % (key_role,),apdu)
+
+def switch_crypto_rsa_4096(connection,key_role):
+    data = [
+        0x01,       # RSA
+        0x10, 0x00, # 4096 bits modulus
+        0x00, 0x11, # 65537 - 17 bits public exponent
+        0x03]       # crt form with modulus
+    if key_role == 'sig':
+        role = 0xc1
+    elif key_role == 'dec':
+        role = 0xc2
+    elif key_role == 'auth':
+        role = 0xc3
+    elif key_role == 'sm':
+        role = 0xd4
+    else:
+        raise WrongKeyRole
+    prefix = [0x00, 0xDA, 0x00] + [role]
+    apdu = assemble_with_len(prefix, data)
+    _raw_send_apdu(connection,"Switch to RSA4096 (%s)" % (key_role,),apdu)
+
 def switch_crypto(connection,crypto,key_role):
    alg_name = None
    role = None
    # treat RSA differently
    if crypto=='rsa2048' or crypto=='RSA2048' or crypto=='rsa' or crypto=='RSA':
-        return switch_crypto_rsa(connection,key_role)
+        return switch_crypto_rsa_2048(connection,key_role)
+    if crypto=='rsa3072' or crypto=='RSA3072' or crypto=='rsa' or crypto=='RSA':
+        return switch_crypto_rsa_3072(connection,key_role)
+    if crypto=='rsa4096' or crypto=='RSA4096' or crypto=='rsa' or crypto=='RSA':
+        return switch_crypto_rsa_4096(connection,key_role)
    # this code is only for elliptic curves
    try:
        alg_name = ALGS_ALIASES[crypto]
--- a/bin/smartpgp/highlevel.py
+++ b/bin/smartpgp/highlevel.py
@ -146,6 +146,12 @@ class CardConnectionContext:
    def cmd_switch_rsa2048(self):
        self.cmd_switch_all_crypto('rsa2048')

+    def cmd_switch_rsa3072(self):
+        self.cmd_switch_all_crypto('rsa3072')
+
+    def cmd_switch_rsa4096(self):
+        self.cmd_switch_all_crypto('rsa4096')
+
    def cmd_generate_sm_key(self):
        if not self.output:
            print "Missing output file name"