tls: Add function to make possible to set the HW key

Defaults it to VirtualBox as it used to be
This commit is contained in:
Marco Trevisan (Treviño) 2020-06-10 12:55:35 +02:00
parent 64544fab70
commit e011551526
2 changed files with 16 additions and 15 deletions

View file

@ -1,5 +1,5 @@
from .tls import tls, psk_encryption_key, psk_validation_key, hs_key, crt_hardcoded
from .tls import tls, hs_key, crt_hardcoded
from hashlib import sha256
import hmac
from struct import pack, unpack
@ -40,9 +40,9 @@ def encrypt_key(client_private, client_public):
m = m + bytes([l])*l
iv = get_random_bytes(AES.block_size)
aes = AES.new(psk_encryption_key, AES.MODE_CBC, iv)
aes = AES.new(tls.psk_encryption_key, AES.MODE_CBC, iv)
c = iv + aes.encrypt(m)
sig = hmac.new(psk_validation_key, c, sha256).digest()
sig = hmac.new(tls.psk_validation_key, c, sha256).digest()
return b'\x02' + c + sig
def make_cert(client_public):

View file

@ -16,12 +16,6 @@ from .util import assert_status
import pickle
# Info about the host computer
product_name, serial_number='VirtualBox', '0'
hw_key= bytes(product_name, 'ascii') + b'\0' + \
bytes(serial_number, 'ascii') + b'\0'
password_hardcoded=unhexlify('717cd72d0962bc4a2846138dbb2c24192512a76407065f383846139d4bec2033')
gwk_sign_hardcoded=unhexlify('3a4c76b76a97981d1274247e166610e77f4d9c9d07d3c728e532916bdd28b454')
@ -51,10 +45,6 @@ def prf(secret, seed, length):
return res[:length]
# pre-TLS keys
psk_encryption_key=prf(password_hardcoded, b'GWK' + hw_key, 0x20)
psk_validation_key=prf(psk_encryption_key, b'GWK_SIGN' + gwk_sign_hardcoded, 0x20)
def hs_key():
key=password_hardcoded[:0x10]
seed=password_hardcoded[0x10:] + b'\xaa'*2
@ -92,12 +82,23 @@ class Tls():
def __init__(self, usb):
self.usb = usb
self.reset()
self.set_hwkey(product_name='VirtualBox', serial_number='0')
def reset(self):
self.trace_enabled = False
self.secure_rx = False
self.secure_tx = False
# Info about the host computer
def set_hwkey(self, product_name, serial_number):
hw_key = bytes(product_name, 'ascii') + b'\0' + \
bytes(serial_number, 'ascii') + b'\0'
# pre-TLS keys
self.psk_encryption_key = prf(password_hardcoded, b'GWK' + hw_key, 0x20)
self.psk_validation_key = prf(self.psk_encryption_key,
b'GWK_SIGN' + gwk_sign_hardcoded, 0x20)
def cmd(self, cmd):
if self.secure_rx and self.secure_tx:
rsp=self.app(cmd)
@ -492,12 +493,12 @@ class Tls():
raise Exception('Unknown private key prefix %02x' % prefix)
c, hs = body[:-0x20], body[-0x20:]
sig=hmac.new(psk_validation_key, c, sha256).digest()
sig=hmac.new(self.psk_validation_key, c, sha256).digest()
if hs != sig:
raise Exception('Signature verification failed. This device was probably paired with another computer.')
iv, c = c[:AES.block_size], c[AES.block_size:]
aes=AES.new(psk_encryption_key, AES.MODE_CBC, iv)
aes=AES.new(self.psk_encryption_key, AES.MODE_CBC, iv)
m=aes.decrypt(c)
m=m[:-m[-1]] # unpad (standard this time)