mirror of
https://salsa.debian.org/gnuk-team/gnuk/gnuk.git
synced 2024-09-19 18:30:15 +00:00
88 lines
2.9 KiB
Python
Executable File
88 lines
2.9 KiB
Python
Executable File
#! /usr/bin/python3
|
|
|
|
"""
|
|
gnuk_remove_keys_libusb.py - a tool to remove keys in Gnuk Token
|
|
|
|
Copyright (C) 2012, 2018, 2021 Free Software Initiative of Japan
|
|
Author: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
This file is a part of Gnuk, a GnuPG USB Token implementation.
|
|
|
|
Gnuk is free software: you can redistribute it and/or modify it
|
|
under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
Gnuk is distributed in the hope that it will be useful, but WITHOUT
|
|
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
|
|
License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
"""
|
|
|
|
import sys, os
|
|
|
|
from gnuk_token import gnuk_devices, gnuk_token, parse_kdf_data
|
|
from kdf_calc import kdf_calc
|
|
|
|
# Assume only single CCID device is attached to computer and it's Gnuk Token
|
|
|
|
DEFAULT_PW3 = "12345678"
|
|
BY_ADMIN = 3
|
|
|
|
def main(passwd):
|
|
gnuk = None
|
|
for (dev, config, intf) in gnuk_devices():
|
|
try:
|
|
gnuk = gnuk_token(dev, config, intf)
|
|
print("Device: %s" % dev.filename)
|
|
print("Configuration: %d" % config.value)
|
|
print("Interface: %d" % intf.interfaceNumber)
|
|
break
|
|
except:
|
|
pass
|
|
if not gnuk:
|
|
raise ValueError("No ICC present")
|
|
if gnuk.icc_get_status() == 2:
|
|
raise ValueError("No ICC present")
|
|
elif gnuk.icc_get_status() == 1:
|
|
gnuk.icc_power_on()
|
|
gnuk.cmd_select_openpgp()
|
|
# Compute passwd data
|
|
kdf_data = gnuk.cmd_get_data(0x00, 0xf9).tobytes()
|
|
if kdf_data == b"":
|
|
passwd_data = passwd.encode('UTF-8')
|
|
else:
|
|
algo, subalgo, iters, salt_user, salt_reset, salt_admin, \
|
|
hash_user, hash_admin = parse_kdf_data(kdf_data)
|
|
if salt_admin:
|
|
salt = salt_admin
|
|
else:
|
|
salt = salt_user
|
|
passwd_data = kdf_calc(passwd, salt, iters)
|
|
# And authenticate with the passwd data
|
|
gnuk.cmd_verify(BY_ADMIN, passwd_data)
|
|
# Do remove keys and related data objects
|
|
gnuk.cmd_put_data_remove(0x00, 0xc7) # FP_SIG
|
|
gnuk.cmd_put_data_remove(0x00, 0xce) # KGTIME_SIG
|
|
gnuk.cmd_put_data_key_import_remove(1)
|
|
gnuk.cmd_put_data_remove(0x00, 0xc8) # FP_DEC
|
|
gnuk.cmd_put_data_remove(0x00, 0xcf) # KGTIME_DEC
|
|
gnuk.cmd_put_data_key_import_remove(2)
|
|
gnuk.cmd_put_data_remove(0x00, 0xc9) # FP_AUT
|
|
gnuk.cmd_put_data_remove(0x00, 0xd0) # KGTIME_AUT
|
|
gnuk.cmd_put_data_key_import_remove(3)
|
|
gnuk.icc_power_off()
|
|
return 0
|
|
|
|
|
|
if __name__ == '__main__':
|
|
passwd = DEFAULT_PW3
|
|
if len(sys.argv) > 1 and sys.argv[1] == '-p':
|
|
from getpass import getpass
|
|
passwd = getpass("Admin password: ")
|
|
sys.argv.pop(1)
|
|
main(passwd)
|