Closed rrottmann closed 1 year ago
Also tried after nuke and reflashing:
$ apt-get install -y pyscard pycvc
$ ./pico-hsm-tool.py initialize --pin 648219 --so-pin 3537363231383830
Pico HSM Tool v1.2
Author: Pol Henarejos
Report bugs to https://github.com/polhenarejos/pico-hsm/issues
********************************
* PLEASE READ IT CAREFULLY *
********************************
This tool will erase and reset your device. It will delete all private and secret keys.
Are you sure?
[Press enter to confirm]
Public Point: 04be520925425af40c83275c8365205c74111df1ea24776809e2b61bd8174310ba9797bd380a89465f22c711b07884da3d2da8028e8afd1ba42f1186047e250e3e
Traceback (most recent call last):
File "/home/me/git/pico-hsm/tools/./pico-hsm-tool.py", line 301, in <module>
run()
File "/home/me/git/pico-hsm/tools/./pico-hsm-tool.py", line 298, in run
main(args)
File "/home/me/git/pico-hsm/tools/./pico-hsm-tool.py", line 286, in main
initialize(card, args)
File "/home/me/git/pico-hsm/tools/./pico-hsm-tool.py", line 169, in initialize
j = get_pki_data('cvc', data=data)
File "/home/me/git/pico-hsm/tools/./pico-hsm-tool.py", line 105, in get_pki_data
response = urllib.request.urlopen(req)
File "/usr/lib/python3.9/urllib/request.py", line 214, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib/python3.9/urllib/request.py", line 523, in open
response = meth(req, response)
File "/usr/lib/python3.9/urllib/request.py", line 632, in http_response
response = self.parent.error(
File "/usr/lib/python3.9/urllib/request.py", line 561, in error
return self._call_chain(*args)
File "/usr/lib/python3.9/urllib/request.py", line 494, in _call_chain
result = func(*args)
File "/usr/lib/python3.9/urllib/request.py", line 641, in http_error_default
raise HTTPError(req.full_url, code, msg, hdrs, fp)
urllib.error.HTTPError: HTTP Error 404: Not Found
With help of pdb
the following url was not found:
(Pdb) p req.full_url
'https://www.henarejos.me/pico-hsm/cvc/'
wget https://www.henarejos.me/pico-hsm/cvc/
--2022-10-08 23:39:41-- https://www.henarejos.me/pico-hsm/cvc/
Resolving www.henarejos.me... 172.67.197.212, 104.21.68.187, 2606:4700:3031::ac43:c5d4, ...
Connecting to www.henarejos.me|172.67.197.212|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2022-10-08 23:39:42 ERROR 404: Not Found.
These days I made some changes in the backend, which should be finished now, as they work in the v3.0.
However, I can confirm the PIN bug, which returns a CKR_DATA_INVALID (0x20)
error.
Other errors, such generating keypair can be caused by bad initialization due to a missing device certificate, since it was not upload (the URL was down). Could you try with the v3.0?
Retried with your build of v3.0. No need for personal build anymore as it works out of the box on Waveshare RP2040 Zero. Just patched the VID:PID and initialized with the python based pico-hsm-tool. Init and RSA key generation worked. Awesome!
Issue is solved!
I would suggest to give some hints of how to properly setup dependencies for Python. Had to mix debian packages swig, python3-pyscard, install python3-pip and pip install pycvc to get it working.
(typed on mobile)
Also PIN change worked. However at least my device needs to be frequently plugged in again. Maybe due to USB power saving on battery.
Thanks for the latest code changes. With them, I could build a recent version for RP2040 Waveshare Zero. After nuking the flash I have installed the uf2 file. I build the uf2 using the latest code in repo using the following commands on Debian 11:
I also compiled latest git versions of opensc and sc-hsm-embedded.
After flashing, unplugging and inserting the RP2040 it gets recognized:
Initialization seems to somewhat work but shows error message
Incorrect parameters in APDU
:Similar experience also with tools from
opensc
Debian package but I wanted to test potential fixes from upstream git version / CardContact tools.Am I doing something wrong (e.g. wrong VID/PID) or are there some differences in the Waveshare board? I also notice that the LED is not working. Or is this only happening when running user APDUs to enable user confirmation?
It would be good to know some details about OS/tools versions that you use in order to build/test on your devel machine. I will also source some Pimoroni Tiny2040 to compare with the expected behaviour.
CardContact/Nitrokey HSM works fine: