qemu

FORK: QEMU emulator
git clone https://git.neptards.moe/neptards/qemu.git
Log | Files | Refs | Submodules | LICENSE

u2f-setup-gen.py (4483B)

      1 #!/usr/bin/env python3
      2 #
      3 # Libu2f-emu setup directory generator for USB U2F key emulation.
      4 #
      5 # Copyright (c) 2020 César Belley <cesar.belley@lse.epita.fr>
      6 # Written by César Belley <cesar.belley@lse.epita.fr>
      7 #
      8 # This work is licensed under the terms of the GNU GPL, version 2
      9 # or, at your option, any later version.  See the COPYING file in
     10 # the top-level directory.
     11 
     12 import sys
     13 import os
     14 from random import randint
     15 from typing import Tuple
     16 
     17 from cryptography.hazmat.backends import default_backend
     18 from cryptography.hazmat.primitives.asymmetric import ec
     19 from cryptography.hazmat.primitives.serialization import Encoding, \
     20     NoEncryption, PrivateFormat, PublicFormat
     21 from OpenSSL import crypto
     22 
     23 
     24 def write_setup_dir(dirpath: str, privkey_pem: bytes, cert_pem: bytes,
     25                     entropy: bytes, counter: int) -> None:
     26     """
     27     Write the setup directory.
     28 
     29     Args:
     30         dirpath: The directory path.
     31         key_pem: The private key PEM.
     32         cert_pem: The certificate PEM.
     33         entropy: The 48 bytes of entropy.
     34         counter: The counter value.
     35     """
     36     # Directory
     37     os.mkdir(dirpath)
     38 
     39     # Private key
     40     with open(f'{dirpath}/private-key.pem', 'bw') as f:
     41         f.write(privkey_pem)
     42 
     43     # Certificate
     44     with open(f'{dirpath}/certificate.pem', 'bw') as f:
     45         f.write(cert_pem)
     46 
     47     # Entropy
     48     with open(f'{dirpath}/entropy', 'wb') as f:
     49         f.write(entropy)
     50 
     51     # Counter
     52     with open(f'{dirpath}/counter', 'w') as f:
     53         f.write(f'{str(counter)}\n')
     54 
     55 
     56 def generate_ec_key_pair() -> Tuple[str, str]:
     57     """
     58     Generate an ec key pair.
     59 
     60     Returns:
     61         The private and public key PEM.
     62     """
     63     # Key generation
     64     privkey = ec.generate_private_key(ec.SECP256R1, default_backend())
     65     pubkey = privkey.public_key()
     66 
     67     # PEM serialization
     68     privkey_pem = privkey.private_bytes(encoding=Encoding.PEM,
     69                                         format=PrivateFormat.TraditionalOpenSSL,
     70                                         encryption_algorithm=NoEncryption())
     71     pubkey_pem = pubkey.public_bytes(encoding=Encoding.PEM,
     72                                      format=PublicFormat.SubjectPublicKeyInfo)
     73     return privkey_pem, pubkey_pem
     74 
     75 
     76 def generate_certificate(privkey_pem: str, pubkey_pem: str) -> str:
     77     """
     78     Generate a x509 certificate from a key pair.
     79 
     80     Args:
     81         privkey_pem: The private key PEM.
     82         pubkey_pem: The public key PEM.
     83 
     84     Returns:
     85         The certificate PEM.
     86     """
     87     # Convert key pair
     88     privkey = crypto.load_privatekey(crypto.FILETYPE_PEM, privkey_pem)
     89     pubkey = crypto.load_publickey(crypto.FILETYPE_PEM, pubkey_pem)
     90 
     91     # New x509v3 certificate
     92     cert = crypto.X509()
     93     cert.set_version(0x2)
     94 
     95     # Serial number
     96     cert.set_serial_number(randint(1, 2 ** 64))
     97 
     98     # Before / After
     99     cert.gmtime_adj_notBefore(0)
    100     cert.gmtime_adj_notAfter(4 * (365 * 24 * 60 * 60))
    101 
    102     # Public key
    103     cert.set_pubkey(pubkey)
    104 
    105     # Subject name and issueer
    106     cert.get_subject().CN = "U2F emulated"
    107     cert.set_issuer(cert.get_subject())
    108 
    109     # Extensions
    110     cert.add_extensions([
    111         crypto.X509Extension(b"subjectKeyIdentifier",
    112                              False, b"hash", subject=cert),
    113     ])
    114     cert.add_extensions([
    115         crypto.X509Extension(b"authorityKeyIdentifier",
    116                              False, b"keyid:always", issuer=cert),
    117     ])
    118     cert.add_extensions([
    119         crypto.X509Extension(b"basicConstraints", True, b"CA:TRUE")
    120     ])
    121 
    122     # Signature
    123     cert.sign(privkey, 'sha256')
    124 
    125     return crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
    126 
    127 
    128 def generate_setup_dir(dirpath: str) -> None:
    129     """
    130     Generates the setup directory.
    131 
    132     Args:
    133         dirpath: The directory path.
    134     """
    135     # Key pair
    136     privkey_pem, pubkey_pem = generate_ec_key_pair()
    137 
    138     # Certificate
    139     certificate_pem = generate_certificate(privkey_pem, pubkey_pem)
    140 
    141     # Entropy
    142     entropy = os.urandom(48)
    143 
    144     # Counter
    145     counter = 0
    146 
    147     # Write
    148     write_setup_dir(dirpath, privkey_pem, certificate_pem, entropy, counter)
    149 
    150 
    151 def main() -> None:
    152     """
    153     Main function
    154     """
    155     # Dir path
    156     if len(sys.argv) != 2:
    157         sys.stderr.write(f'Usage: {sys.argv[0]} <setup_dir>\n')
    158         exit(2)
    159     dirpath = sys.argv[1]
    160 
    161     # Dir non existence
    162     if os.path.exists(dirpath):
    163         sys.stderr.write(f'Directory: {dirpath} already exists.\n')
    164         exit(1)
    165 
    166     generate_setup_dir(dirpath)
    167 
    168 
    169 if __name__ == '__main__':
    170     main()