From af148332b5e6d9d95c9de78f41a6ad517d9f7eee Mon Sep 17 00:00:00 2001 From: Arnaud Fontaine Date: Thu, 15 Jul 2021 10:37:17 +0200 Subject: [PATCH] smartpgp-cli: add switch commands for RSA --- bin/smartpgp-cli | 4 +++- bin/smartpgp/commands.py | 48 +++++++++++++++++++++++++++++++++++++-- bin/smartpgp/highlevel.py | 6 +++++ 3 files changed, 55 insertions(+), 3 deletions(-) diff --git a/bin/smartpgp-cli b/bin/smartpgp-cli index 5a2b7de..73a9494 100755 --- a/bin/smartpgp-cli +++ b/bin/smartpgp-cli @@ -30,7 +30,9 @@ VALID_COMMANDS={ 'list-readers':CardConnectionContext.cmd_list_readers, 'full-reset': CardConnectionContext.cmd_full_reset, 'reset': CardConnectionContext.cmd_reset, - 'switch-rsa': CardConnectionContext.cmd_switch_rsa2048, + 'switch-rsa2048': CardConnectionContext.cmd_switch_rsa2048, + 'switch-rsa3072': CardConnectionContext.cmd_switch_rsa3072, + 'switch-rsa4096': CardConnectionContext.cmd_switch_rsa4096, 'switch-bp256':CardConnectionContext.cmd_switch_bp256, 'switch-bp384':CardConnectionContext.cmd_switch_bp384, 'switch-bp512':CardConnectionContext.cmd_switch_bp512, diff --git a/bin/smartpgp/commands.py b/bin/smartpgp/commands.py index 7b78e02..fc776a5 100644 --- a/bin/smartpgp/commands.py +++ b/bin/smartpgp/commands.py @@ -180,7 +180,7 @@ def reset_card(connection): _raw_send_apdu(connection,"Terminate",TERMINATE) _raw_send_apdu(connection,"Activate",ACTIVATE) -def switch_crypto_rsa(connection,key_role): +def switch_crypto_rsa_2048(connection,key_role): data = [ 0x01, # RSA 0x08, 0x00, # 2048 bits modulus @@ -200,12 +200,56 @@ def switch_crypto_rsa(connection,key_role): apdu = assemble_with_len(prefix, data) _raw_send_apdu(connection,"Switch to RSA2048 (%s)" % (key_role,),apdu) +def switch_crypto_rsa_3072(connection,key_role): + data = [ + 0x01, # RSA + 0x0C, 0x00, # 3072 bits modulus + 0x00, 0x11, # 65537 - 17 bits public exponent + 0x03] # crt form with modulus + if key_role == 'sig': + role = 0xc1 + elif key_role == 'dec': + role = 0xc2 + elif key_role == 'auth': + role = 0xc3 + elif key_role == 'sm': + role = 0xd4 + else: + raise WrongKeyRole + prefix = [0x00, 0xDA, 0x00] + [role] + apdu = assemble_with_len(prefix, data) + _raw_send_apdu(connection,"Switch to RSA3072 (%s)" % (key_role,),apdu) + +def switch_crypto_rsa_4096(connection,key_role): + data = [ + 0x01, # RSA + 0x10, 0x00, # 4096 bits modulus + 0x00, 0x11, # 65537 - 17 bits public exponent + 0x03] # crt form with modulus + if key_role == 'sig': + role = 0xc1 + elif key_role == 'dec': + role = 0xc2 + elif key_role == 'auth': + role = 0xc3 + elif key_role == 'sm': + role = 0xd4 + else: + raise WrongKeyRole + prefix = [0x00, 0xDA, 0x00] + [role] + apdu = assemble_with_len(prefix, data) + _raw_send_apdu(connection,"Switch to RSA4096 (%s)" % (key_role,),apdu) + def switch_crypto(connection,crypto,key_role): alg_name = None role = None # treat RSA differently if crypto=='rsa2048' or crypto=='RSA2048' or crypto=='rsa' or crypto=='RSA': - return switch_crypto_rsa(connection,key_role) + return switch_crypto_rsa_2048(connection,key_role) + if crypto=='rsa3072' or crypto=='RSA3072' or crypto=='rsa' or crypto=='RSA': + return switch_crypto_rsa_3072(connection,key_role) + if crypto=='rsa4096' or crypto=='RSA4096' or crypto=='rsa' or crypto=='RSA': + return switch_crypto_rsa_4096(connection,key_role) # this code is only for elliptic curves try: alg_name = ALGS_ALIASES[crypto] diff --git a/bin/smartpgp/highlevel.py b/bin/smartpgp/highlevel.py index a06fda4..0d93bb4 100644 --- a/bin/smartpgp/highlevel.py +++ b/bin/smartpgp/highlevel.py @@ -146,6 +146,12 @@ class CardConnectionContext: def cmd_switch_rsa2048(self): self.cmd_switch_all_crypto('rsa2048') + def cmd_switch_rsa3072(self): + self.cmd_switch_all_crypto('rsa3072') + + def cmd_switch_rsa4096(self): + self.cmd_switch_all_crypto('rsa4096') + def cmd_generate_sm_key(self): if not self.output: print "Missing output file name"