demo/secure_element/resources/generation_scripts/secure_element

 
 
 from __future__ import print_function
 
 import sys 
 import os 
 import binascii
 
 try:
     import cryptography
     from cryptography import x509
 except:
     sys.stdout.write("\n\n\n*** You must install the python package 'cryptography' first. Run the command:\n\n" + \
                      "  pip install cryptography\n\n" + \
                      "More details here: https://pypi.org/project/cryptography\n\n\n")
 import pytz
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives import hashes
 from cryptography.hazmat.primitives.asymmetric import ec
 from cryptography.hazmat import backends
 
 crypto_be = backends.default_backend()
 
 
 CREDENTIAL_BASE_PATH = os.path.normpath(os.path.join(os.path.dirname(__file__), '..', 'credentials'))
 CREDENTIAL_PATH      = lambda filename : os.path.join(CREDENTIAL_BASE_PATH, filename).replace('\\', '/')
 
 SOURCE_BASE_PATH = os.path.normpath(os.path.join(os.path.dirname(__file__), '..', '..', 'cert_templates'))
 SOURCE_PATH      = lambda filename : os.path.join(SOURCE_BASE_PATH, filename).replace('\\', '/')
 
 
 ROOT_CA_FILENAME_BASE = 'root-ca'
 ROOT_CA_KEY_FILENAME  = ROOT_CA_FILENAME_BASE + '.key'
 ROOT_CA_CERT_FILENAME = ROOT_CA_FILENAME_BASE + '.crt'
 
 SIGNER_CA_FILENAME_BASE = 'signer-ca'
 SIGNER_CA_KEY_FILENAME  = SIGNER_CA_FILENAME_BASE + '.key'
 SIGNER_CA_CSR_FILENAME  = SIGNER_CA_FILENAME_BASE + '.csr'
 SIGNER_CA_CERT_FILENAME = SIGNER_CA_FILENAME_BASE + '.crt'
 SIGNER_CA_VER_CERT_FILENAME = SIGNER_CA_FILENAME_BASE + '-verification.crt'
 SIGNER_CA_C_FILENAME    = 'cert_def_1_signer.c'
 
 KIT_INFO_FILENAME = 'kit-info.json'
 
 DEVICE_FILENAME_BASE  = 'device'
 DEVICE_CSR_FILENAME   = DEVICE_FILENAME_BASE + '.csr'
 DEVICE_CSR_C_FILENAME = 'cert_def_3_device_csr.c'
 
 DEVICE_CERT_FILENAME  = DEVICE_FILENAME_BASE + '.crt'
 DEVICE_CERT_C_FILENAME = 'cert_def_2_device.c'
 
 SERVER_FILENAME_BASE = 'test-server'
 SERVER_KEY_FILENAME  = SERVER_FILENAME_BASE + '.key'
 SERVER_CSR_FILENAME  = SERVER_FILENAME_BASE + '.csr'
 SERVER_CERT_FILENAME = SERVER_FILENAME_BASE + '.crt'
 SERVER_CERT_CHAIN_FILENAME = SERVER_FILENAME_BASE + '-chain.crt'
 
 
 
 
 def load_or_create_key(filename, verbose=True):
     file_path = CREDENTIAL_PATH(filename)
     
     try:
         os.makedirs(os.path.dirname(file_path))
     except:
         pass
     
     # Create or load a root CA key pair
     priv_key = None
     if os.path.isfile(file_path):
         # Load existing key
         with open(file_path, 'rb') as f:
             if verbose:
                 print('    Loading from ' + f.name)
             priv_key = serialization.load_pem_private_key(
                 data=f.read(),
                 password=None,
                 backend=crypto_be)
     if priv_key == None:
         # No private key loaded, generate new one
         if verbose:
             print('    No key file found, generating new key')
         priv_key = ec.generate_private_key(ec.SECP256R1(), crypto_be)
         # Save private key to file
         with open(file_path, 'wb') as f:
             if verbose:
                 print('    Saving to ' + f.name)
             pem_key = priv_key.private_bytes(
                 encoding=serialization.Encoding.PEM,
                 format=serialization.PrivateFormat.PKCS8,
                 encryption_algorithm=serialization.NoEncryption())
             f.write(pem_key)
     return priv_key
 
 
 def random_cert_sn(size):
     """Create a positive, non-trimmable serial number for X.509 certificates"""
     raw_sn = bytearray(os.urandom(size))
     raw_sn[0] = raw_sn[0] & 0x7F # Force MSB bit to 0 to ensure positive integer
     raw_sn[0] = raw_sn[0] | 0x40 # Force next bit to 1 to ensure the integer won't be trimmed in ASN.1 DER encoding
     
     result = 0
     for i in range(len(raw_sn)):
         result = result * 256 + int(raw_sn[len(raw_sn) - i - 1])
 
     return result
     
 
 def read_pem_cert(cert_path):
     with open(cert_path, 'rb') as f:
         print('    Loading from ' + f.name)
         return x509.load_pem_x509_certificate(f.read(), crypto_be)
 
 def pub_key_to_bytes(pub_key):
     # Get the public key as X and Y integers concatenated
     pub_nums = pub_key.public_numbers()
     pubkey = bytearray(binascii.unhexlify('{:064x}'.format(pub_nums.x)))
     pubkey.extend(binascii.unhexlify('{:064x}'.format(pub_nums.y)))
     return pubkey
 
demo/secure_element/resources/generation_scripts/secure_element_common.py
