From 8e61a84a9ea2814d272e0651d5768d2930da9837 Mon Sep 17 00:00:00 2001 From: Elias Bonnici Date: Fri, 14 Jul 2023 13:40:03 +0200 Subject: [PATCH] HSMAUTH: Fix public key data format for calculate session keys cmd --- yubikit/hsmauth.py | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/yubikit/hsmauth.py b/yubikit/hsmauth.py index 66a5fb89..d8eb0142 100644 --- a/yubikit/hsmauth.py +++ b/yubikit/hsmauth.py @@ -48,6 +48,7 @@ from enum import IntEnum, unique from dataclasses import dataclass from typing import Optional, List, Union, Tuple +import struct import logging @@ -106,7 +107,7 @@ def key_len(self): @property def pubkey_len(self): if self.name.startswith("EC_P256"): - return 65 + return 64 def _parse_credential_password(credential_password: bytes) -> bytes: @@ -467,7 +468,7 @@ def calculate_session_keys_asymmetric( self, label: str, context: bytes, - public_key: ec.EllipticCurvePublicKeyWithSerialization, + public_key: ec.EllipticCurvePublicKey, credential_password: bytes, card_crypto: bytes, ) -> SessionKeys: @@ -477,16 +478,21 @@ def calculate_session_keys_asymmetric( if not isinstance(public_key.curve, ec.SECP256R1): raise ValueError("Unsupported curve") - ln = ALGORITHM.EC_P256_YUBICO_AUTHENTICATION numbers = public_key.public_numbers() + public_key_data = ( + struct.pack("!B", 4) + + int.to_bytes(numbers.x, public_key.key_size // 8, "big") + + int.to_bytes(numbers.y, public_key.key_size // 8, "big") + ) + return SessionKeys.parse( self._calculate_session_keys( - label, - context, - card_crypto, - int2bytes((numbers.x + numbers.y), ln), - credential_password, + label=label, + context=context, + credential_password=credential_password, + card_crypto=card_crypto, + public_key=public_key_data, ) )