From 80697252746cf96b294d28c942c55aa327e9016f Mon Sep 17 00:00:00 2001 From: Dain Nilsson Date: Mon, 19 Aug 2024 10:14:46 +0200 Subject: [PATCH] PIV: Use UUID4 for GUID generation --- ykman/_cli/piv.py | 4 ++-- ykman/piv.py | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/ykman/_cli/piv.py b/ykman/_cli/piv.py index dd7a9033..b5195e3f 100644 --- a/ykman/_cli/piv.py +++ b/ykman/_cli/piv.py @@ -79,8 +79,8 @@ ) from cryptography.hazmat.primitives import serialization, hashes from cryptography.hazmat.backends import default_backend +from uuid import uuid4 -import os import click import datetime import logging @@ -974,7 +974,7 @@ def _update_chuid(session): # Signed CHUID, leave it alone logger.debug("Leaving signed CHUID as-is.") return - chuid.guid = os.urandom(16) + chuid.guid = uuid4().bytes chuid_data = bytes(chuid) logger.debug("Updating CHUID GUID.") except ApduError as e: diff --git a/ykman/piv.py b/ykman/piv.py index d86c85f5..b1421e49 100644 --- a/ykman/piv.py +++ b/ykman/piv.py @@ -51,6 +51,7 @@ from cryptography.hazmat.backends import default_backend from cryptography.x509.oid import NameOID from datetime import datetime, date +from uuid import uuid4 import logging import struct import os @@ -474,7 +475,7 @@ def generate_chuid() -> bytes: chuid = Chuid( # Non-Federal Issuer FASC-N fasc_n=FascN(9999, 9999, 999999, 0, 1, 0000000000, 3, 0000, 1), - guid=os.urandom(16), + guid=uuid4().bytes, # Expires on: 2030-01-01 expiration_date=date(2030, 1, 1), asymmetric_signature=b"",