tls: Add function to make possible to set the HW key
Defaults it to VirtualBox as it used to be
This commit is contained in:
parent
64544fab70
commit
e011551526
2 changed files with 16 additions and 15 deletions
|
|
@ -1,5 +1,5 @@
|
||||||
|
|
||||||
from .tls import tls, psk_encryption_key, psk_validation_key, hs_key, crt_hardcoded
|
from .tls import tls, hs_key, crt_hardcoded
|
||||||
from hashlib import sha256
|
from hashlib import sha256
|
||||||
import hmac
|
import hmac
|
||||||
from struct import pack, unpack
|
from struct import pack, unpack
|
||||||
|
|
@ -40,9 +40,9 @@ def encrypt_key(client_private, client_public):
|
||||||
m = m + bytes([l])*l
|
m = m + bytes([l])*l
|
||||||
|
|
||||||
iv = get_random_bytes(AES.block_size)
|
iv = get_random_bytes(AES.block_size)
|
||||||
aes = AES.new(psk_encryption_key, AES.MODE_CBC, iv)
|
aes = AES.new(tls.psk_encryption_key, AES.MODE_CBC, iv)
|
||||||
c = iv + aes.encrypt(m)
|
c = iv + aes.encrypt(m)
|
||||||
sig = hmac.new(psk_validation_key, c, sha256).digest()
|
sig = hmac.new(tls.psk_validation_key, c, sha256).digest()
|
||||||
return b'\x02' + c + sig
|
return b'\x02' + c + sig
|
||||||
|
|
||||||
def make_cert(client_public):
|
def make_cert(client_public):
|
||||||
|
|
|
||||||
|
|
@ -16,12 +16,6 @@ from .util import assert_status
|
||||||
import pickle
|
import pickle
|
||||||
|
|
||||||
|
|
||||||
# Info about the host computer
|
|
||||||
product_name, serial_number='VirtualBox', '0'
|
|
||||||
|
|
||||||
hw_key= bytes(product_name, 'ascii') + b'\0' + \
|
|
||||||
bytes(serial_number, 'ascii') + b'\0'
|
|
||||||
|
|
||||||
password_hardcoded=unhexlify('717cd72d0962bc4a2846138dbb2c24192512a76407065f383846139d4bec2033')
|
password_hardcoded=unhexlify('717cd72d0962bc4a2846138dbb2c24192512a76407065f383846139d4bec2033')
|
||||||
gwk_sign_hardcoded=unhexlify('3a4c76b76a97981d1274247e166610e77f4d9c9d07d3c728e532916bdd28b454')
|
gwk_sign_hardcoded=unhexlify('3a4c76b76a97981d1274247e166610e77f4d9c9d07d3c728e532916bdd28b454')
|
||||||
|
|
||||||
|
|
@ -51,10 +45,6 @@ def prf(secret, seed, length):
|
||||||
|
|
||||||
return res[:length]
|
return res[:length]
|
||||||
|
|
||||||
# pre-TLS keys
|
|
||||||
psk_encryption_key=prf(password_hardcoded, b'GWK' + hw_key, 0x20)
|
|
||||||
psk_validation_key=prf(psk_encryption_key, b'GWK_SIGN' + gwk_sign_hardcoded, 0x20)
|
|
||||||
|
|
||||||
def hs_key():
|
def hs_key():
|
||||||
key=password_hardcoded[:0x10]
|
key=password_hardcoded[:0x10]
|
||||||
seed=password_hardcoded[0x10:] + b'\xaa'*2
|
seed=password_hardcoded[0x10:] + b'\xaa'*2
|
||||||
|
|
@ -92,12 +82,23 @@ class Tls():
|
||||||
def __init__(self, usb):
|
def __init__(self, usb):
|
||||||
self.usb = usb
|
self.usb = usb
|
||||||
self.reset()
|
self.reset()
|
||||||
|
self.set_hwkey(product_name='VirtualBox', serial_number='0')
|
||||||
|
|
||||||
def reset(self):
|
def reset(self):
|
||||||
self.trace_enabled = False
|
self.trace_enabled = False
|
||||||
self.secure_rx = False
|
self.secure_rx = False
|
||||||
self.secure_tx = False
|
self.secure_tx = False
|
||||||
|
|
||||||
|
# Info about the host computer
|
||||||
|
def set_hwkey(self, product_name, serial_number):
|
||||||
|
hw_key = bytes(product_name, 'ascii') + b'\0' + \
|
||||||
|
bytes(serial_number, 'ascii') + b'\0'
|
||||||
|
|
||||||
|
# pre-TLS keys
|
||||||
|
self.psk_encryption_key = prf(password_hardcoded, b'GWK' + hw_key, 0x20)
|
||||||
|
self.psk_validation_key = prf(self.psk_encryption_key,
|
||||||
|
b'GWK_SIGN' + gwk_sign_hardcoded, 0x20)
|
||||||
|
|
||||||
def cmd(self, cmd):
|
def cmd(self, cmd):
|
||||||
if self.secure_rx and self.secure_tx:
|
if self.secure_rx and self.secure_tx:
|
||||||
rsp=self.app(cmd)
|
rsp=self.app(cmd)
|
||||||
|
|
@ -492,12 +493,12 @@ class Tls():
|
||||||
raise Exception('Unknown private key prefix %02x' % prefix)
|
raise Exception('Unknown private key prefix %02x' % prefix)
|
||||||
|
|
||||||
c, hs = body[:-0x20], body[-0x20:]
|
c, hs = body[:-0x20], body[-0x20:]
|
||||||
sig=hmac.new(psk_validation_key, c, sha256).digest()
|
sig=hmac.new(self.psk_validation_key, c, sha256).digest()
|
||||||
if hs != sig:
|
if hs != sig:
|
||||||
raise Exception('Signature verification failed. This device was probably paired with another computer.')
|
raise Exception('Signature verification failed. This device was probably paired with another computer.')
|
||||||
|
|
||||||
iv, c = c[:AES.block_size], c[AES.block_size:]
|
iv, c = c[:AES.block_size], c[AES.block_size:]
|
||||||
aes=AES.new(psk_encryption_key, AES.MODE_CBC, iv)
|
aes=AES.new(self.psk_encryption_key, AES.MODE_CBC, iv)
|
||||||
m=aes.decrypt(c)
|
m=aes.decrypt(c)
|
||||||
m=m[:-m[-1]] # unpad (standard this time)
|
m=m[:-m[-1]] # unpad (standard this time)
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue