blue-loader-python/ledgerblue/endorsementSetup.py

"""
*******************************************************************************
*   Ledger Blue
*   (c) 2016 Ledger
*
*  Licensed under the Apache License, Version 2.0 (the "License");
*  you may not use this file except in compliance with the License.
*  You may obtain a copy of the License at
*
*      http://www.apache.org/licenses/LICENSE-2.0
*
*  Unless required by applicable law or agreed to in writing, software
*  distributed under the License is distributed on an "AS IS" BASIS,
*  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
*  See the License for the specific language governing permissions and
*  limitations under the License.
********************************************************************************
"""

from .comm import getDongle
from .ecWrapper import PrivateKey, PublicKey
import hashlib
import argparse
import struct
import os
import binascii

def auto_int(x):
        return int(x, 0)

def getDeployedSecretV2(dongle, masterPrivate, targetid, issuerKey):
        testMaster = PrivateKey(bytes(masterPrivate))
        testMasterPublic = bytearray(testMaster.pubkey.serialize(compressed=False))
        targetid = bytearray(struct.pack('>I', targetid))

        # identify
        apdu = bytearray([0xe0, 0x04, 0x00, 0x00]) + bytearray([len(targetid)]) + targetid
        dongle.exchange(apdu)

        # walk the chain 
        nonce = os.urandom(8)
        apdu = bytearray([0xe0, 0x50, 0x00, 0x00]) + bytearray([len(nonce)]) + nonce
        auth_info = dongle.exchange(apdu)
        batch_signer_serial = auth_info[0:4]
        deviceNonce = auth_info[4:12]

        # if not found, get another pair
        #if cardKey != testMasterPublic:
        #       raise Exception("Invalid batch public key")

        dataToSign = bytes(bytearray([0x01]) + testMasterPublic)        
        signature = testMaster.ecdsa_sign(bytes(dataToSign))
        signature = testMaster.ecdsa_serialize(signature)
        certificate = bytearray([len(testMasterPublic)]) + testMasterPublic + bytearray([len(signature)]) + signature
        apdu = bytearray([0xE0, 0x51, 0x00, 0x00]) + bytearray([len(certificate)]) + certificate
        dongle.exchange(apdu)
        
        # provide the ephemeral certificate
        ephemeralPrivate = PrivateKey()
        ephemeralPublic = bytearray(ephemeralPrivate.pubkey.serialize(compressed=False))
        dataToSign = bytes(bytearray([0x11]) + nonce + deviceNonce + ephemeralPublic)
        signature = testMaster.ecdsa_sign(bytes(dataToSign))
        signature = testMaster.ecdsa_serialize(signature)
        certificate = bytearray([len(ephemeralPublic)]) + ephemeralPublic + bytearray([len(signature)]) + signature
        apdu = bytearray([0xE0, 0x51, 0x80, 0x00]) + bytearray([len(certificate)]) + certificate
        dongle.exchange(apdu)

        # walk the device certificates to retrieve the public key to use for authentication
        index = 0
        last_pub_key = PublicKey(binascii.unhexlify(issuerKey), raw=True)
        device_pub_key = None
        while True:
                if index == 0:                  
                        certificate = bytearray(dongle.exchange(bytearray.fromhex('E052000000')))
                elif index == 1:
                        certificate = bytearray(dongle.exchange(bytearray.fromhex('E052800000')))
                else:
                        break
                if len(certificate) == 0:
                        break
                offset = 1
                certificateHeader = certificate[offset : offset + certificate[offset-1]]
                offset += certificate[offset-1] + 1
                certificatePublicKey = certificate[offset : offset + certificate[offset-1]]
                offset += certificate[offset-1] + 1
                certificateSignatureArray = certificate[offset : offset + certificate[offset-1]]
                certificateSignature = last_pub_key.ecdsa_deserialize(bytes(certificateSignatureArray))
                # first cert contains a header field which holds the certificate's public key role
                if index == 0:
                        certificateSignedData = bytearray([0x02]) + certificateHeader + certificatePublicKey
                        # Could check if the device certificate is signed by the issuer public key
                # ephemeral key certificate
                else:
                        certificateSignedData = bytearray([0x12]) + deviceNonce + nonce + certificatePublicKey          
                if not last_pub_key.ecdsa_verify(bytes(certificateSignedData), certificateSignature):
                        return None
                last_pub_key = PublicKey(bytes(certificatePublicKey), raw=True)
                if index == 0:
                    device_pub_key = last_pub_key
                index = index + 1

        return device_pub_key

parser = argparse.ArgumentParser()
parser.add_argument(
    "--key", help="Reference of the endorsement key to setup (1 or 2)", type=auto_int)
parser.add_argument(
    "--certificate", help="Optional certificate to store if finalizing the endorsement (hex encoded), if no private key is specified")
parser.add_argument(
    "--privateKey", help="Optional private key to use to create a test certificate (hex encoded), if no certificate is specified")
parser.add_argument("--targetId", help="Set the chip target ID", type=auto_int)
parser.add_argument("--issuerKey", help="Issuer key (hex encoded, default : batch 1)")
parser.add_argument("--apdu", help="Display APDU log", action='store_true')

args = parser.parse_args()

if args.key == None:
        raise Exception("Missing endorsement key reference")
if args.key != 1 and args.key != 2:
        raise Exception("Invalid endorsement key reference")
if args.targetId == None:
        args.targetId = 0x31000002
if args.issuerKey == None:
        args.issuerKey = "0490f5c9d15a0134bb019d2afd0bf297149738459706e7ac5be4abc350a1f818057224fce12ec9a65de18ec34d6e8c24db927835ea1692b14c32e9836a75dad609"
if (args.privateKey != None) and (args.certificate != None):
    raise Exception("Cannot specify both certificate and privateKey")

privateKey = PrivateKey()
publicKey = str(privateKey.pubkey.serialize(compressed=False))
args.rootPrivateKey = privateKey.serialize()

dongle = getDongle(args.apdu)
publicKey = getDeployedSecretV2(dongle, bytearray.fromhex(args.rootPrivateKey), args.targetId, args.issuerKey)

if args.certificate == None:
        apdu = bytearray([0xe0, 0xC0, args.key, 0x00, 0x00])
        response = dongle.exchange(apdu)
        print("Public key " + str(response[0:65]).encode('hex'))
        m = hashlib.sha256()
        m.update(bytes("\xff")) # Endorsement role
        m.update(bytes(response[0:65]))
        digest = m.digest()
        signature = publicKey.ecdsa_deserialize(bytes(response[65:]))
        if not publicKey.ecdsa_verify(bytes(digest), signature, raw=True):
            raise Exception("Issuer certificate not verified")
        if args.privateKey != None:
            privateKey = PrivateKey(bytes(args.privateKey.decode('hex')))
            dataToSign = bytes(bytearray([0xfe]) + response[0:65])        
            signature = privateKey.ecdsa_sign(bytes(dataToSign))
            args.certificate = str(privateKey.ecdsa_serialize(signature)).encode('hex')

if args.certificate != None:
        certificate = bytearray.fromhex(args.certificate)
        apdu = bytearray([0xe0, 0xC2, 0x00, 0x00, len(certificate)]) + certificate
        dongle.exchange(apdu)
        print("Endorsement setup finalized")