From 0f5d11c71e53fc12ee5508c07df0f4036f6a9d75 Mon Sep 17 00:00:00 2001
From: Ales Teska <ales.teska@teskalabs.com>
Date: Thu, 18 Apr 2019 15:12:42 +0100
Subject: [PATCH] Work on cicada

---
 itss.py            |  3 +++
 itss/hsm_pkcs11.py | 11 +++++++----
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/itss.py b/itss.py
index 9381853..7c72916 100755
--- a/itss.py
+++ b/itss.py
@@ -165,6 +165,9 @@ def enroll(self, enrollment_id):
 		r = requests.put(self.EA_url + '/cits/ts_102941_v111/ea/enroll', data=encoded_er)
 		
 		print(">>>", self.EA_url + '/cits/ts_102941_v111/ea/enroll')
+		if r.status_code != 200:
+			print(r.text)
+			sys.exit(1)
 		EnrolmentResponse = self.asn1.decode('EnrolmentResponse', r.content)
 		if EnrolmentResponse[0] != 'successfulEnrolment':
 			print("Enrollment failed!")
diff --git a/itss/hsm_pkcs11.py b/itss/hsm_pkcs11.py
index 8c114a5..32f91ca 100644
--- a/itss/hsm_pkcs11.py
+++ b/itss/hsm_pkcs11.py
@@ -1,5 +1,6 @@
-import PyKCS11
+import hashlib
 
+import PyKCS11
 import cryptography.hazmat.primitives.serialization
 
 from .hsm_abc import HSM
@@ -9,7 +10,7 @@ class PKCS11HSM(HSM):
 	def __init__(self):
 		self._privateKey = None
 		self._pkcs11 = PyKCS11.PyKCS11Lib()
-		self._pkcs11.load(pkcs11dll_filename="/Applications/YubiKey PIV Manager.app/Contents/MacOS/libykcs11.1.dylib")
+		self._pkcs11.load(pkcs11dll_filename="/usr/lib/cicada-pkcs11.so")
 		self._session = None
 
 
@@ -26,7 +27,7 @@ def generate_private_key(self):
 	def load(self):
 		self._slot = self._pkcs11.getSlotList(tokenPresent=True)[0]
 		self._session = self._pkcs11.openSession(self._slot, PyKCS11.CKF_SERIAL_SESSION)
-		self._session.login("11223344")
+		self._session.login("1234")
 
 		self._publicKey = self._session.findObjects([(PyKCS11.CKA_CLASS, PyKCS11.CKO_PUBLIC_KEY)])[0]
 		self._privateKey = self._session.findObjects([(PyKCS11.CKA_CLASS, PyKCS11.CKO_PRIVATE_KEY)])[0]
@@ -52,6 +53,8 @@ def get_public_key(self):
 
 
 	def sign(self, payload):
-		rs = self._session.sign(self._privateKey, payload, mecha=PyKCS11.Mechanism(PyKCS11.CKM_ECDSA_SHA256, None))
+		m = hashlib.sha256()
+		m.update(payload)
+		rs = self._session.sign(self._privateKey, m.digest(), mecha=PyKCS11.Mechanism(PyKCS11.CKM_ECDSA, None))
 		r, s = int.from_bytes(rs[:32], "big"), int.from_bytes(rs[32:], "big")
 		return r, s