tls: Add function to make possible to set the HW key

Defaults it to VirtualBox as it used to be
This commit is contained in:
Marco Trevisan (Treviño) 2020-06-10 12:55:35 +02:00
parent 64544fab70
commit e011551526
2 changed files with 16 additions and 15 deletions

View file

@ -1,5 +1,5 @@
from .tls import tls, psk_encryption_key, psk_validation_key, hs_key, crt_hardcoded from .tls import tls, hs_key, crt_hardcoded
from hashlib import sha256 from hashlib import sha256
import hmac import hmac
from struct import pack, unpack from struct import pack, unpack
@ -40,9 +40,9 @@ def encrypt_key(client_private, client_public):
m = m + bytes([l])*l m = m + bytes([l])*l
iv = get_random_bytes(AES.block_size) iv = get_random_bytes(AES.block_size)
aes = AES.new(psk_encryption_key, AES.MODE_CBC, iv) aes = AES.new(tls.psk_encryption_key, AES.MODE_CBC, iv)
c = iv + aes.encrypt(m) c = iv + aes.encrypt(m)
sig = hmac.new(psk_validation_key, c, sha256).digest() sig = hmac.new(tls.psk_validation_key, c, sha256).digest()
return b'\x02' + c + sig return b'\x02' + c + sig
def make_cert(client_public): def make_cert(client_public):

View file

@ -16,12 +16,6 @@ from .util import assert_status
import pickle import pickle
# Info about the host computer
product_name, serial_number='VirtualBox', '0'
hw_key= bytes(product_name, 'ascii') + b'\0' + \
bytes(serial_number, 'ascii') + b'\0'
password_hardcoded=unhexlify('717cd72d0962bc4a2846138dbb2c24192512a76407065f383846139d4bec2033') password_hardcoded=unhexlify('717cd72d0962bc4a2846138dbb2c24192512a76407065f383846139d4bec2033')
gwk_sign_hardcoded=unhexlify('3a4c76b76a97981d1274247e166610e77f4d9c9d07d3c728e532916bdd28b454') gwk_sign_hardcoded=unhexlify('3a4c76b76a97981d1274247e166610e77f4d9c9d07d3c728e532916bdd28b454')
@ -51,10 +45,6 @@ def prf(secret, seed, length):
return res[:length] return res[:length]
# pre-TLS keys
psk_encryption_key=prf(password_hardcoded, b'GWK' + hw_key, 0x20)
psk_validation_key=prf(psk_encryption_key, b'GWK_SIGN' + gwk_sign_hardcoded, 0x20)
def hs_key(): def hs_key():
key=password_hardcoded[:0x10] key=password_hardcoded[:0x10]
seed=password_hardcoded[0x10:] + b'\xaa'*2 seed=password_hardcoded[0x10:] + b'\xaa'*2
@ -92,12 +82,23 @@ class Tls():
def __init__(self, usb): def __init__(self, usb):
self.usb = usb self.usb = usb
self.reset() self.reset()
self.set_hwkey(product_name='VirtualBox', serial_number='0')
def reset(self): def reset(self):
self.trace_enabled = False self.trace_enabled = False
self.secure_rx = False self.secure_rx = False
self.secure_tx = False self.secure_tx = False
# Info about the host computer
def set_hwkey(self, product_name, serial_number):
hw_key = bytes(product_name, 'ascii') + b'\0' + \
bytes(serial_number, 'ascii') + b'\0'
# pre-TLS keys
self.psk_encryption_key = prf(password_hardcoded, b'GWK' + hw_key, 0x20)
self.psk_validation_key = prf(self.psk_encryption_key,
b'GWK_SIGN' + gwk_sign_hardcoded, 0x20)
def cmd(self, cmd): def cmd(self, cmd):
if self.secure_rx and self.secure_tx: if self.secure_rx and self.secure_tx:
rsp=self.app(cmd) rsp=self.app(cmd)
@ -492,12 +493,12 @@ class Tls():
raise Exception('Unknown private key prefix %02x' % prefix) raise Exception('Unknown private key prefix %02x' % prefix)
c, hs = body[:-0x20], body[-0x20:] c, hs = body[:-0x20], body[-0x20:]
sig=hmac.new(psk_validation_key, c, sha256).digest() sig=hmac.new(self.psk_validation_key, c, sha256).digest()
if hs != sig: if hs != sig:
raise Exception('Signature verification failed. This device was probably paired with another computer.') raise Exception('Signature verification failed. This device was probably paired with another computer.')
iv, c = c[:AES.block_size], c[AES.block_size:] iv, c = c[:AES.block_size], c[AES.block_size:]
aes=AES.new(psk_encryption_key, AES.MODE_CBC, iv) aes=AES.new(self.psk_encryption_key, AES.MODE_CBC, iv)
m=aes.decrypt(c) m=aes.decrypt(c)
m=m[:-m[-1]] # unpad (standard this time) m=m[:-m[-1]] # unpad (standard this time)