Halo: Implement get_key_info command, adjust key generation for C6 (#242)

cli/args_cli.js

@@ -225,6 +225,13 @@ unsetPasswordParser.add_argument("--password", {
 
 subparsers.add_parser("get_pkeys", {help: "Get tag's public keys #1, #2 and #3."});
 
+let getKeyInfoParser = subparsers.add_parser("get_key_info", {help: "Get key information."});
+getKeyInfoParser.add_argument("-k", "--key-no", {
+    dest: 'keyNo',
+    type: 'int',
+    help: "Target key slot number."
+});
+
 subparsers.add_parser("pcsc_detect", {help: "Detect PC/SC readers and HaLo tags (for debugging)."});
 
 function parseArgs() {

docs/firmware-versions.md

@@ -67,6 +67,7 @@ Addons ver. - first HaLo Addons version to support the indicated driver.
 | `write_latch`      | 01.C3     |                                               |
 | `sign`             | 01.C4     | All combinations of options.                  |
 | `sign_random`      | 01.C4     |                                               |
+| `get_key_info`     | 01.C6     |                                               |
 | `gen_key`          | 01.C6     |                                               |
 | `gen_key_confirm`  | 01.C6     |                                               |
 | `gen_key_finalize` | 01.C6     |                                               |

drivers/common.js

@@ -10,7 +10,7 @@ const {
 } = require("../halo/exceptions");
 const {
     cmdGetPkeys, cmdSign, cmdCfgNDEF, cmdWriteLatch, cmdSignRandom, cmdGenKey, cmdGenKeyConfirm, cmdGenKeyFinalize,
-    cmdSignChallenge, cmdSetURLSubdomain, cmdSetPassword, cmdUnsetPassword, cmdReplacePassword
+    cmdSignChallenge, cmdSetURLSubdomain, cmdSetPassword, cmdUnsetPassword, cmdReplacePassword, cmdGetKeyInfo
 } = require("../halo/commands");
 const {ERROR_CODES} = require("../halo/errors");
 
@@ -47,6 +47,8 @@ async function execHaloCmd(command, options) {
             return await cmdReplacePassword(options, command);
         case 'unset_password':
             return await cmdUnsetPassword(options, command);
+        case 'get_key_info':
+            return await cmdGetKeyInfo(options, command);
         default:
             throw new HaloLogicError("Unsupported command.name parameter specified.");
     }

drivers/pcsc.js

@@ -100,6 +100,7 @@ function makeOptions(reader) {
 }
 
 async function execHaloCmdPCSC(command, reader) {
+    await selectCore(reader);
     let version = await getVersion(reader);
 
     let [verMajor, verMinor, verSeq, verShortId] = version.split('.');
@@ -156,17 +157,21 @@ async function execHaloCmdPCSC(command, reader) {
             "entropy": command.entropy
         }, options);
 
-        await execHaloCmd({
+        let rootPkRes = await execHaloCmd({
             "name": "gen_key_confirm",
             "keyNo": command.keyNo,
             "publicKey": res.publicKey
         }, options);
 
-        return await execHaloCmd({
+        let subPkRes = await execHaloCmd({
             "name": "gen_key_finalize",
             "keyNo": command.keyNo,
             "password": command.password
         }, options);
+
+        return {
+            generatedPublicKey: {...subPkRes, attestedWith: rootPkRes}
+        };
     } else {
         // divert to the common command execution flow
         await selectCore(reader);

halo/cmdcodes.js

@@ -20,6 +20,7 @@ const CMD_CODES = {
     "SHARED_CMD_SIGN_RANDOM": 0x08,
     "SHARED_CMD_GET_ADDON_FW_VERSION": 0x09,
     "SHARED_CMD_SIGN_CHALLENGE": 0x11,
+    "SHARED_CMD_GET_KEY_INFO": 0x13,
 
     "SHARED_CMD_SIGN_PWD": 0xA1,
     "SHARED_CMD_FETCH_SIGN_PWD": 0xA2,

halo/commands.js

@@ -368,9 +368,16 @@ async function cmdGenKeyConfirm(options, args) {
         Buffer.from(args.publicKey, "hex")
     ]);
 
-    await options.exec(payload);
+    let resp = await options.exec(payload);
+    let res = Buffer.from(resp.result, "hex");
 
-    return {"status": "ok"};
+    let rootPublicKey = res.slice(0, 65);
+    let rootAttestSig = res.slice(65);
+
+    return {
+        rootPublicKey: rootPublicKey.toString('hex'),
+        rootAttestSig: rootAttestSig.toString('hex')
+    };
 }
 
 async function cmdGenKeyFinalize(options, args) {
@@ -391,9 +398,17 @@ async function cmdGenKeyFinalize(options, args) {
         ]);
     }
 
-    await options.exec(payload);
+    let resp = await options.exec(payload);
+    let res = Buffer.from(resp.result, "hex");
 
-    return {"status": "ok"};
+    let newKeyNo = res.slice(0, 1);
+    let publicKey = res.slice(1, 1 + 65);
+    let attestSig = res.slice(1 + 65);
+
+    return {
+        publicKey: publicKey.toString('hex'),
+        attestSig: attestSig.toString('hex')
+    };
 }
 
 async function cmdSetURLSubdomain(options, args) {
@@ -409,6 +424,28 @@ async function cmdSetURLSubdomain(options, args) {
     return {"status": "ok"};
 }
 
+async function cmdGetKeyInfo(options, args) {
+    let payload = Buffer.concat([
+        Buffer.from([CMD.SHARED_CMD_GET_KEY_INFO]),
+        Buffer.from([args.keyNo]),
+    ]);
+
+    let resp = await options.exec(payload);
+    let res = Buffer.from(resp.result, "hex");
+
+    let keyFlags = res.slice(0, 1);
+    let publicKey = res.slice(1, 1 + 65);
+    let attestSig = res.slice(1 + 65);
+
+    return {
+        keyState: {
+            isPasswordProtected: keyFlags[0] === 0x01
+        },
+        publicKey: publicKey.toString('hex'),
+        attestSig: attestSig.toString('hex')
+    };
+}
+
 async function cmdSetPassword(options, args) {
     let derivedKey = pbkdf2.pbkdf2Sync(args.password, 'HaLoChipSalt', 5000, 16, 'sha512');
 
@@ -489,5 +526,6 @@ module.exports = {
     cmdSetURLSubdomain,
     cmdSetPassword,
     cmdUnsetPassword,
-    cmdReplacePassword
+    cmdReplacePassword,
+    cmdGetKeyInfo
 };