165 lines
4.8 KiB
Python
165 lines
4.8 KiB
Python
"""
|
|
*******************************************************************************
|
|
* Ledger Blue
|
|
* (c) 2016 Ledger
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
********************************************************************************
|
|
"""
|
|
|
|
import sys
|
|
import argparse
|
|
import os
|
|
import struct
|
|
import urllib2, urlparse
|
|
from .BlueHSMServer_pb2 import Request, Response, Parameter
|
|
from .comm import getDongle
|
|
|
|
def auto_int(x):
|
|
return int(x, 0)
|
|
|
|
def serverQuery(request, url):
|
|
data = request.SerializeToString()
|
|
urll = urlparse.urlparse(args.url)
|
|
req = urllib2.Request(args.url, data, {"Content-type": "application/octet-stream" })
|
|
res = urllib2.urlopen(req)
|
|
data = res.read()
|
|
response = Response()
|
|
response.ParseFromString(data)
|
|
if len(response.exception) <> 0:
|
|
raise Exception(response.exception)
|
|
return response
|
|
|
|
|
|
parser = argparse.ArgumentParser()
|
|
parser.add_argument("--url", help="Server URL")
|
|
parser.add_argument("--apdu", help="Display APDU log", action='store_true')
|
|
parser.add_argument("--perso", help="Personalization key reference to use")
|
|
parser.add_argument("--firmware", help="Firmware reference to use")
|
|
parser.add_argument("--targetId", help="Set the chip target ID", type=auto_int)
|
|
parser.add_argument("--firmwareKey", help="Firmware reference key to use")
|
|
|
|
args = parser.parse_args()
|
|
if args.url == None:
|
|
raise Exception("No URL specified")
|
|
if args.perso == None:
|
|
raise Exception("No personalization specified")
|
|
if args.firmware == None:
|
|
raise Exception("No firmware specified")
|
|
if args.firmwareKey == None:
|
|
raise Exception("No firmware key specified")
|
|
if args.targetId == None:
|
|
args.targetId = 0x31000002 # Ledger Blue by default
|
|
|
|
dongle = getDongle(args.apdu)
|
|
|
|
# Identify
|
|
|
|
targetid = bytearray(struct.pack('>I', args.targetId))
|
|
apdu = bytearray([0xe0, 0x04, 0x00, 0x00]) + bytearray([len(targetid)]) + targetid
|
|
dongle.exchange(apdu)
|
|
|
|
# Get nonce and ephemeral key
|
|
|
|
request = Request()
|
|
request.reference = "distributeFirmware11"
|
|
parameter = request.remote_parameters.add()
|
|
parameter.local = False
|
|
parameter.alias = "persoKey"
|
|
parameter.name = args.perso
|
|
request.largeStack = True
|
|
|
|
response = serverQuery(request, args.url)
|
|
|
|
offset = 0
|
|
|
|
remotePublicKey = response.response[offset : offset + 65]
|
|
offset += 65
|
|
nonce = response.response[offset : offset + 8]
|
|
|
|
# Initialize chain
|
|
|
|
apdu = bytearray([0xe0, 0x50, 0x00, 0x00, 0x08]) + nonce
|
|
deviceInit = dongle.exchange(apdu)
|
|
deviceNonce = deviceInit[4 : 4 + 8]
|
|
|
|
# Get remote certificate
|
|
|
|
request = Request()
|
|
request.reference = "distributeFirmware11"
|
|
request.id = response.id
|
|
parameter = request.remote_parameters.add()
|
|
parameter.local = False
|
|
parameter.alias = "persoKey"
|
|
parameter.name = args.perso
|
|
request.parameters = str(deviceNonce)
|
|
request.largeStack = True
|
|
|
|
response = serverQuery(request, args.url)
|
|
|
|
offset = 0
|
|
|
|
remotePublicKeySignatureLength = ord(response.response[offset + 1]) + 2
|
|
remotePublicKeySignature = response.response[offset : offset + remotePublicKeySignatureLength]
|
|
|
|
certificate = bytearray([len(remotePublicKey)]) + remotePublicKey + bytearray([len(remotePublicKeySignature)]) + remotePublicKeySignature
|
|
apdu = bytearray([0xE0, 0x51, 0x80, 0x00]) + bytearray([len(certificate)]) + certificate
|
|
dongle.exchange(apdu)
|
|
|
|
# Walk the chain
|
|
|
|
index = 0
|
|
while True:
|
|
if index == 0:
|
|
certificate = bytearray(dongle.exchange(bytearray.fromhex('E052000000')))
|
|
elif index == 1:
|
|
certificate = bytearray(dongle.exchange(bytearray.fromhex('E052800000')))
|
|
else:
|
|
break
|
|
if len(certificate) == 0:
|
|
break
|
|
request = Request()
|
|
request.reference = "distributeFirmware11"
|
|
request.id = response.id
|
|
request.parameters = str(certificate)
|
|
request.largeStack = True
|
|
serverQuery(request, args.url)
|
|
index += 1
|
|
|
|
# Commit agreement and send firmware
|
|
|
|
request = Request()
|
|
request.reference = "distributeFirmware11"
|
|
parameter = request.remote_parameters.add()
|
|
parameter.local = False
|
|
parameter.alias = "firmware"
|
|
parameter.name = args.firmware
|
|
parameter = request.remote_parameters.add()
|
|
parameter.local = False
|
|
parameter.alias = "firmwareKey"
|
|
parameter.name = args.firmwareKey
|
|
request.id = response.id
|
|
request.largeStack = True
|
|
|
|
response = serverQuery(request, args.url)
|
|
responseData = bytearray(response.response)
|
|
|
|
dongle.exchange(bytearray.fromhex('E053000000'))
|
|
|
|
offset = 0
|
|
while offset < len(responseData):
|
|
apdu = responseData[offset : offset + 5 + responseData[offset + 4]]
|
|
dongle.exchange(apdu)
|
|
offset += 5 + responseData[offset + 4]
|
|
|