tls: Add function to make possible to set the HW key
Defaults it to VirtualBox as it used to be
This commit is contained in:
parent
64544fab70
commit
e011551526
2 changed files with 16 additions and 15 deletions
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
from .tls import tls, psk_encryption_key, psk_validation_key, hs_key, crt_hardcoded
|
||||
from .tls import tls, hs_key, crt_hardcoded
|
||||
from hashlib import sha256
|
||||
import hmac
|
||||
from struct import pack, unpack
|
||||
|
|
@ -40,9 +40,9 @@ def encrypt_key(client_private, client_public):
|
|||
m = m + bytes([l])*l
|
||||
|
||||
iv = get_random_bytes(AES.block_size)
|
||||
aes = AES.new(psk_encryption_key, AES.MODE_CBC, iv)
|
||||
aes = AES.new(tls.psk_encryption_key, AES.MODE_CBC, iv)
|
||||
c = iv + aes.encrypt(m)
|
||||
sig = hmac.new(psk_validation_key, c, sha256).digest()
|
||||
sig = hmac.new(tls.psk_validation_key, c, sha256).digest()
|
||||
return b'\x02' + c + sig
|
||||
|
||||
def make_cert(client_public):
|
||||
|
|
|
|||
|
|
@ -16,12 +16,6 @@ from .util import assert_status
|
|||
import pickle
|
||||
|
||||
|
||||
# Info about the host computer
|
||||
product_name, serial_number='VirtualBox', '0'
|
||||
|
||||
hw_key= bytes(product_name, 'ascii') + b'\0' + \
|
||||
bytes(serial_number, 'ascii') + b'\0'
|
||||
|
||||
password_hardcoded=unhexlify('717cd72d0962bc4a2846138dbb2c24192512a76407065f383846139d4bec2033')
|
||||
gwk_sign_hardcoded=unhexlify('3a4c76b76a97981d1274247e166610e77f4d9c9d07d3c728e532916bdd28b454')
|
||||
|
||||
|
|
@ -51,10 +45,6 @@ def prf(secret, seed, length):
|
|||
|
||||
return res[:length]
|
||||
|
||||
# pre-TLS keys
|
||||
psk_encryption_key=prf(password_hardcoded, b'GWK' + hw_key, 0x20)
|
||||
psk_validation_key=prf(psk_encryption_key, b'GWK_SIGN' + gwk_sign_hardcoded, 0x20)
|
||||
|
||||
def hs_key():
|
||||
key=password_hardcoded[:0x10]
|
||||
seed=password_hardcoded[0x10:] + b'\xaa'*2
|
||||
|
|
@ -92,12 +82,23 @@ class Tls():
|
|||
def __init__(self, usb):
|
||||
self.usb = usb
|
||||
self.reset()
|
||||
self.set_hwkey(product_name='VirtualBox', serial_number='0')
|
||||
|
||||
def reset(self):
|
||||
self.trace_enabled = False
|
||||
self.secure_rx = False
|
||||
self.secure_tx = False
|
||||
|
||||
# Info about the host computer
|
||||
def set_hwkey(self, product_name, serial_number):
|
||||
hw_key = bytes(product_name, 'ascii') + b'\0' + \
|
||||
bytes(serial_number, 'ascii') + b'\0'
|
||||
|
||||
# pre-TLS keys
|
||||
self.psk_encryption_key = prf(password_hardcoded, b'GWK' + hw_key, 0x20)
|
||||
self.psk_validation_key = prf(self.psk_encryption_key,
|
||||
b'GWK_SIGN' + gwk_sign_hardcoded, 0x20)
|
||||
|
||||
def cmd(self, cmd):
|
||||
if self.secure_rx and self.secure_tx:
|
||||
rsp=self.app(cmd)
|
||||
|
|
@ -492,12 +493,12 @@ class Tls():
|
|||
raise Exception('Unknown private key prefix %02x' % prefix)
|
||||
|
||||
c, hs = body[:-0x20], body[-0x20:]
|
||||
sig=hmac.new(psk_validation_key, c, sha256).digest()
|
||||
sig=hmac.new(self.psk_validation_key, c, sha256).digest()
|
||||
if hs != sig:
|
||||
raise Exception('Signature verification failed. This device was probably paired with another computer.')
|
||||
|
||||
iv, c = c[:AES.block_size], c[AES.block_size:]
|
||||
aes=AES.new(psk_encryption_key, AES.MODE_CBC, iv)
|
||||
aes=AES.new(self.psk_encryption_key, AES.MODE_CBC, iv)
|
||||
m=aes.decrypt(c)
|
||||
m=m[:-m[-1]] # unpad (standard this time)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue