From c57bc62a05f3b7b7773d66e09686bf7584ae679e Mon Sep 17 00:00:00 2001
From: Andrew Kozlik <andrew.kozlik@gmail.com>
Date: Mon, 6 Apr 2020 12:10:28 +0200
Subject: [PATCH] core/tools: Add attestation certificate generator for FIDO2.

---
 core/tools/codegen/fido/att_cert.der     | Bin 0 -> 465 bytes
 core/tools/codegen/fido/att_priv_key.pem |   5 +++++
 core/tools/codegen/fido/ca_cert.pem      |  11 +++++++++++
 core/tools/codegen/fido/ca_priv_key.pem  |   5 +++++
 core/tools/codegen/fido/gen_att_cert.sh  |   3 +++
 core/tools/codegen/fido/openssl.cnf      |  13 +++++++++++++
 6 files changed, 37 insertions(+)
 create mode 100644 core/tools/codegen/fido/att_cert.der
 create mode 100644 core/tools/codegen/fido/att_priv_key.pem
 create mode 100644 core/tools/codegen/fido/ca_cert.pem
 create mode 100644 core/tools/codegen/fido/ca_priv_key.pem
 create mode 100755 core/tools/codegen/fido/gen_att_cert.sh
 create mode 100644 core/tools/codegen/fido/openssl.cnf

diff --git a/core/tools/codegen/fido/att_cert.der b/core/tools/codegen/fido/att_cert.der
new file mode 100644
index 0000000000000000000000000000000000000000..e5e62692863982a21474698cc07f30e31724ce38
GIT binary patch
literal 465
zcmXqLVmxcm#8|w5nTe5!iG|rU;fMhj8;4e#$2nUTW+nqYLmdMxHs(+kW*+5`qSUJV
zA_X^37k`DI{QMFHXGewL)S}G990dy#LsLUzQ!@hvab6<>0}}%?Lm+8r9wotVWMGOc
zU{GPmZNLdKkxiJ%Im%GRKnld+;t>u`EXgm<$n;4}D%Mdb)+^G>*E3WyPyoqt^GG_D
zmSm*nm1HIZRTU{XmXxFxmn4>C=I0rz8>m7YD2MDoS67(ZOie7zElhxJiZl>rV+Z?;
zi4p2WW=3{qCkB?A5_^Ajg{+zMl6R&2sj5XOAqOrNn;H7vYhLQzw)MW>hoID1viX0u
zyVXmbz1?NZ!5#N@VyEyI=cQ`W$E!0E@((UHHZU|$WaHLmV`O1$dMd-n$igDTB5>`(
z-or`nj@-W2Ta}vU<<f4z19YgYFeBrC7A6A*<Zx#8U@&lHQs6#!B<L`gp!(CRU;li)
z7G5c+{nTLXT-}feuYIm<w<aHBQe;?v%J%#X#|>+%=Bd>3r+x9!Y5p0qda8e?*+El|
I`iPHH0Zj9ervLx|

literal 0
HcmV?d00001

diff --git a/core/tools/codegen/fido/att_priv_key.pem b/core/tools/codegen/fido/att_priv_key.pem
new file mode 100644
index 000000000..85a723b56
--- /dev/null
+++ b/core/tools/codegen/fido/att_priv_key.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgcSasK/ZE3GGGrYPvH83xKle1z6IA
+C4rQJ+lW6FTFCouhRANCAATZGL36ilSskukNqR/KeqJkVMDRczYxTd6DpUuGtd9O8FJlmh1v/LdG
+fxrN24ozCAte7ZGJE/RDpSYbx3toYG/B
+-----END PRIVATE KEY-----
diff --git a/core/tools/codegen/fido/ca_cert.pem b/core/tools/codegen/fido/ca_cert.pem
new file mode 100644
index 000000000..db0dd61f5
--- /dev/null
+++ b/core/tools/codegen/fido/ca_cert.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBojCCAUmgAwIBAgIEBQQMPDAKBggqhkjOPQQDAjAuMSwwKgYDVQQDDCNUcmV6
+b3IgRklETyBSb290IENBIFNlcmlhbCA4NDE1MTM1NjAgFw0yMDA0MDYwOTU1MTZa
+GA8yMDcwMDQwNjA5NTUxNlowLjEsMCoGA1UEAwwjVHJlem9yIEZJRE8gUm9vdCBD
+QSBTZXJpYWwgODQxNTEzNTYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQqgKwF
+9GKBxKtiKSf+nb8cnsRE24RnfqwnFReGORKlJ7Ms44eqs4MjCwwnnNonRQMVQvl5
+0ml/JKATBdBZf7fxo1MwUTAdBgNVHQ4EFgQUeuRSY/knj14w6orFYFeXEeKPVSEw
+HwYDVR0jBBgwFoAUeuRSY/knj14w6orFYFeXEeKPVSEwDwYDVR0TAQH/BAUwAwEB
+/zAKBggqhkjOPQQDAgNHADBEAiBO6zcgpZxA4uK5son5zWzQSOdlwPoZNZYynHbd
+q2qZ4gIgSdYR7RCOKEQY7vCVB9HeN/Pa/4pHodSBzo+3+WsM1Vk=
+-----END CERTIFICATE-----
diff --git a/core/tools/codegen/fido/ca_priv_key.pem b/core/tools/codegen/fido/ca_priv_key.pem
new file mode 100644
index 000000000..d4c7a2505
--- /dev/null
+++ b/core/tools/codegen/fido/ca_priv_key.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgd755DC6Q0TT+DqUTD/ks7M0Rcl5s
+IcLTp+DKtvLKvvChRANCAAQqgKwF9GKBxKtiKSf+nb8cnsRE24RnfqwnFReGORKlJ7Ms44eqs4Mj
+CwwnnNonRQMVQvl50ml/JKATBdBZf7fx
+-----END PRIVATE KEY-----
diff --git a/core/tools/codegen/fido/gen_att_cert.sh b/core/tools/codegen/fido/gen_att_cert.sh
new file mode 100755
index 000000000..401d5a25a
--- /dev/null
+++ b/core/tools/codegen/fido/gen_att_cert.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+openssl req -new -key att_priv_key.pem -config openssl.cnf |
+openssl x509 -req -CA ca_cert.pem -CAkey ca_priv_key.pem -out att_cert.der --outform DER -set_serial 54878404 -days 10957 -extfile openssl.cnf -extensions v3_req
diff --git a/core/tools/codegen/fido/openssl.cnf b/core/tools/codegen/fido/openssl.cnf
new file mode 100644
index 000000000..0dcb188af
--- /dev/null
+++ b/core/tools/codegen/fido/openssl.cnf
@@ -0,0 +1,13 @@
+[req]
+distinguished_name = req_distinguished_name
+prompt = no
+
+[req_distinguished_name]
+C = CZ
+O = SatoshiLabs, s.r.o.
+OU = Authenticator Attestation
+CN = Trezor FIDO EE Serial 54878404
+
+[v3_req]
+1.3.6.1.4.1.45724.1.1.4=ASN1:FORMAT:HEX,OCTETSTRING:d6d0bdc362eec4dbde8d7a656e4a4487
+basicConstraints=critical,CA:FALSE