mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-18 04:18:10 +00:00
feat(trezorctl): Implement device authenticate command.
This commit is contained in:
parent
6f139c9108
commit
1f45e9338a
1
python/.changelog.d/3255.added
Normal file
1
python/.changelog.d/3255.added
Normal file
@ -0,0 +1 @@
|
||||
Implement device authenticate command.
|
@ -14,6 +14,7 @@
|
||||
# You should have received a copy of the License along with this library.
|
||||
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.
|
||||
|
||||
import secrets
|
||||
import sys
|
||||
from typing import TYPE_CHECKING, Optional, Sequence
|
||||
|
||||
@ -331,3 +332,19 @@ def set_busy(
|
||||
)
|
||||
|
||||
return device.set_busy(client, expiry * 1000)
|
||||
|
||||
|
||||
@cli.command()
|
||||
@click.argument("hex_challenge", required=False)
|
||||
@with_client
|
||||
def authenticate(client: "TrezorClient", hex_challenge: Optional[str]) -> None:
|
||||
"""Get information to verify the authenticity of the device."""
|
||||
if hex_challenge is None:
|
||||
hex_challenge = secrets.token_hex(32)
|
||||
click.echo(f"Challenge: {hex_challenge}")
|
||||
challenge = bytes.fromhex(hex_challenge)
|
||||
msg = device.authenticate(client, challenge)
|
||||
click.echo(f"Signature of challenge: {msg.signature.hex()}")
|
||||
click.echo(f"Device certificate: {msg.certificates[0].hex()}")
|
||||
for cert in msg.certificates[1:]:
|
||||
click.echo(f"CA certificate: {cert.hex()}")
|
||||
|
@ -265,3 +265,8 @@ def set_busy(client: "TrezorClient", expiry_ms: Optional[int]) -> "MessageType":
|
||||
ret = client.call(messages.SetBusy(expiry_ms=expiry_ms))
|
||||
client.refresh_features()
|
||||
return ret
|
||||
|
||||
|
||||
@expect(messages.AuthenticityProof)
|
||||
def authenticate(client: "TrezorClient", challenge: bytes):
|
||||
return client.call(messages.AuthenticateDevice(challenge=challenge))
|
||||
|
Loading…
Reference in New Issue
Block a user