Authentication with NDEF message on Desfire containing signed UID via Ed25519

This commit is contained in:
Ondrej Mikle 2017-10-22 22:39:55 +02:00
parent 892b69f939
commit d0121aaed9
12 changed files with 286 additions and 41 deletions

View file

@ -27,7 +27,6 @@ def addUidAuth(cursor, uid_hex, nick):
print >> sys.stderr, "UID must be in proper hex encoding"
sys.exit(1)
def addHmacAuth(cursor, uid_hex, nick, key_hex):
"""
Add user authenticated by Yubikey HMAC-SHA1. UID should be in hex, 4, 7
@ -48,12 +47,28 @@ def addHmacAuth(cursor, uid_hex, nick, key_hex):
print >> sys.stderr, "UID and key must be in proper hex encoding"
sys.exit(1)
def addNdefAuth(cursor, uid_hex, nick):
"""
Add user authenticated by NDEF message on Desfire. UID should be in hex, 4, 7 or 10 bytes long.
"""
try:
uid_hex.decode("hex")
sql = """INSERT INTO authorized_desfires
(uid_hex, nick)
values (?, ?)
"""
sql_data = (uid_hex, nick)
cursor.execute(sql, sql_data)
except TypeError:
print >> sys.stderr, "UID must be in proper hex encoding"
sys.exit(1)
if __name__ == "__main__":
parser = OptionParser()
parser.add_option("-c", "--config", action="store", type="string", dest="config",
help="Configuration file")
parser.add_option("-a", "--authtype", action="store", type="string", dest="authtype",
help="Authenthication type - uid or hmac")
help="Authenthication type - uid, hmac or ndef")
(opts, args) = parser.parse_args()
if opts.config is None:
@ -61,9 +76,9 @@ if __name__ == "__main__":
parser.print_help()
sys.exit(1)
if opts.authtype not in ["uid", "hmac"]:
if opts.authtype not in ["uid", "hmac", "ndef"]:
print >> sys.stderr, "You must specify authentication type via -a option!"
print >> sys.stderr, "Acceptable choices: uid, hmac"
print >> sys.stderr, "Acceptable choices: uid, hmac, ndef"
sys.exit(1)
config = BrmdoorConfig(opts.config)
@ -83,6 +98,13 @@ if __name__ == "__main__":
print >> sys.stderr, "brmdoor_adduser.py -c brmdoor.config -a hmac 40795FCCAB0701 SomeUserName 000102030405060708090a0b0c0d0e0f31323334"
sys.exit(1)
addHmacAuth(cursor, args[0], args[1], args[2])
elif opts.authtype == "ndef":
if len(args) < 2:
print >> sys.stderr, "You must two additional arguments, hex UID and nick"
print >> sys.stderr, "Example:"
print >> sys.stderr, "brmdoor_adduser.py -c brmdoor.config -a ndef 34795FCC SomeUserName"
sys.exit(1)
addNdefAuth(cursor, args[0], args[1])
conn.commit()
conn.close()