Authentication with NDEF message on Desfire containing signed UID via Ed25519

2025-06-10 09:24:43 +02:00 · 2017-10-22 22:39:55 +02:00 · 2017-10-22 22:39:55 +02:00 · d0121aaed9
commit d0121aaed9
parent 892b69f939
12 changed files with 286 additions and 41 deletions
--- a/brmdoor_adduser.py
+++ b/brmdoor_adduser.py
@ -27,7 +27,6 @@ def addUidAuth(cursor, uid_hex, nick):
        print >> sys.stderr, "UID must be in proper hex encoding"
        sys.exit(1)
        
-
 def addHmacAuth(cursor, uid_hex, nick, key_hex):
    """
    Add user authenticated by Yubikey HMAC-SHA1. UID should be in hex, 4, 7
@ -48,12 +47,28 @@ def addHmacAuth(cursor, uid_hex, nick, key_hex):
        print >> sys.stderr, "UID and key must be in proper hex encoding"
        sys.exit(1)

+def addNdefAuth(cursor, uid_hex, nick):
+    """
+    Add user authenticated by NDEF message on Desfire. UID should be in hex, 4, 7 or 10 bytes long.
+    """
+    try:
+        uid_hex.decode("hex")
+        sql = """INSERT INTO authorized_desfires
+            (uid_hex, nick)
+            values (?, ?)
+        """
+        sql_data = (uid_hex, nick)
+        cursor.execute(sql, sql_data)
+    except TypeError:
+        print >> sys.stderr, "UID must be in proper hex encoding"
+        sys.exit(1)
+
 if __name__ == "__main__":
    parser = OptionParser()
    parser.add_option("-c", "--config", action="store", type="string", dest="config",
        help="Configuration file")
    parser.add_option("-a", "--authtype", action="store", type="string", dest="authtype",
-        help="Authenthication type - uid or hmac")
+        help="Authenthication type - uid, hmac or ndef")
    (opts, args) = parser.parse_args()

    if opts.config is None:
@ -61,9 +76,9 @@ if __name__ == "__main__":
        parser.print_help()
        sys.exit(1)
        
-    if opts.authtype not in ["uid", "hmac"]:
+    if opts.authtype not in ["uid", "hmac", "ndef"]:
        print >> sys.stderr, "You must specify authentication type via -a option!"
-        print >> sys.stderr, "Acceptable choices: uid, hmac"
+        print >> sys.stderr, "Acceptable choices: uid, hmac, ndef"
        sys.exit(1)
        
    config = BrmdoorConfig(opts.config)
@ -83,6 +98,13 @@ if __name__ == "__main__":
            print >> sys.stderr, "brmdoor_adduser.py -c brmdoor.config -a hmac 40795FCCAB0701 SomeUserName 000102030405060708090a0b0c0d0e0f31323334"
            sys.exit(1)
        addHmacAuth(cursor, args[0], args[1], args[2])
-    
+    elif opts.authtype == "ndef":
+        if len(args) < 2:
+            print >> sys.stderr, "You must two additional arguments, hex UID and nick"
+            print >> sys.stderr, "Example:"
+            print >> sys.stderr, "brmdoor_adduser.py -c brmdoor.config -a ndef 34795FCC SomeUserName"
+            sys.exit(1)
+    addNdefAuth(cursor, args[0], args[1])
+
    conn.commit()
    conn.close()