1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-18 04:18:10 +00:00

feat(trezorctl): Implement device authenticate command.

This commit is contained in:
Andrew Kozlik 2023-08-24 09:30:40 +02:00 committed by Andrew Kozlik
parent 6f139c9108
commit 1f45e9338a
3 changed files with 23 additions and 0 deletions

View File

@ -0,0 +1 @@
Implement device authenticate command.

View File

@ -14,6 +14,7 @@
# You should have received a copy of the License along with this library.
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.
import secrets
import sys
from typing import TYPE_CHECKING, Optional, Sequence
@ -331,3 +332,19 @@ def set_busy(
)
return device.set_busy(client, expiry * 1000)
@cli.command()
@click.argument("hex_challenge", required=False)
@with_client
def authenticate(client: "TrezorClient", hex_challenge: Optional[str]) -> None:
"""Get information to verify the authenticity of the device."""
if hex_challenge is None:
hex_challenge = secrets.token_hex(32)
click.echo(f"Challenge: {hex_challenge}")
challenge = bytes.fromhex(hex_challenge)
msg = device.authenticate(client, challenge)
click.echo(f"Signature of challenge: {msg.signature.hex()}")
click.echo(f"Device certificate: {msg.certificates[0].hex()}")
for cert in msg.certificates[1:]:
click.echo(f"CA certificate: {cert.hex()}")

View File

@ -265,3 +265,8 @@ def set_busy(client: "TrezorClient", expiry_ms: Optional[int]) -> "MessageType":
ret = client.call(messages.SetBusy(expiry_ms=expiry_ms))
client.refresh_features()
return ret
@expect(messages.AuthenticityProof)
def authenticate(client: "TrezorClient", challenge: bytes):
return client.call(messages.AuthenticateDevice(challenge=challenge))