Skip to content

Commit

Permalink
PIV: Use UUID4 for GUID generation
Browse files Browse the repository at this point in the history
dainnilsson committed Aug 19, 2024
1 parent 6af66b1 commit 8069725
Showing 2 changed files with 4 additions and 3 deletions.
4 changes: 2 additions & 2 deletions ykman/_cli/piv.py
Original file line number Diff line number Diff line change
@@ -79,8 +79,8 @@
)
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.backends import default_backend
from uuid import uuid4

import os
import click
import datetime
import logging
@@ -974,7 +974,7 @@ def _update_chuid(session):
# Signed CHUID, leave it alone
logger.debug("Leaving signed CHUID as-is.")
return
chuid.guid = os.urandom(16)
chuid.guid = uuid4().bytes
chuid_data = bytes(chuid)
logger.debug("Updating CHUID GUID.")
except ApduError as e:
3 changes: 2 additions & 1 deletion ykman/piv.py
Original file line number Diff line number Diff line change
@@ -51,6 +51,7 @@
from cryptography.hazmat.backends import default_backend
from cryptography.x509.oid import NameOID
from datetime import datetime, date
from uuid import uuid4
import logging
import struct
import os
@@ -474,7 +475,7 @@ def generate_chuid() -> bytes:
chuid = Chuid(
# Non-Federal Issuer FASC-N
fasc_n=FascN(9999, 9999, 999999, 0, 1, 0000000000, 3, 0000, 1),
guid=os.urandom(16),
guid=uuid4().bytes,
# Expires on: 2030-01-01
expiration_date=date(2030, 1, 1),
asymmetric_signature=b"",

0 comments on commit 8069725

Please sign in to comment.