added LATEST.md including tests

This commit is contained in:
Oscar Krause 2025-03-20 21:42:04 +01:00
parent 27cd0597be
commit d3b049907b
4 changed files with 159 additions and 0 deletions

View File

@ -1,5 +1,7 @@
# NLS - NVIDIA License System
> Current status / questions / is in [doc/LATEST.md](doc/LATEST.md)
[TOC]
# About this project

32
doc/LATEST.md Normal file
View File

@ -0,0 +1,32 @@
# Latest
> For information how to get at a point to reproduce this, please read
> - [README](README.md) or
> - [Installation / Docker Setup](DockerSetup.md)
# `master_pwd.bin` and `master_pwd_v100.bin`
There are two files in `/var/lib/docker/overlay2/<nls-container-id>/merged/etc/dls/config`.
Both files are *base64* decoded, maybe this could be essential for AES-Encryption/Decryption.
When *base64-decoded* both files have a length of **256 bytes**.
If these files are renamed (adding `.bak`) NLS stack will not come up.
- `master_pwd.bin`
```
RdX1Fng5fYUEq+hSvQcDPdZmKkLfEfVd9k6OU6BG0UpFz1s9fbT5H2fqPBcxFogg
yFNvJnLizyGi0nSLEQQL/+wmYcTnFj0TI5svrKMXLLM2gED8ZozvTyKQNpVZssad
QkLz7Y3qaSFG90OEXD0MU48SgUkfUF4jnyU2jxph72AuI5djjWV+fjfNM60q/nOb
RUrn5hWm4qczga8N6eK6J8hOXNRm+9k2tT4PG+MuqhwdHxfdY9eCnNWVZWfqg3e9
OnRDt/ZZvBg8po4aP21Nobqr0UDkIrwbBa+b/gC6BTF/1/MwoLPmFFNlnnB8yJXs
Gn0aj+WXNuH+Syt+BiNUcQ==
```
- `master_pwd_v100.bin`
```
mht1iKDDsWrp/AVs2h5wpO14FKbIwAQW4yVKEYaDaPIgWQmapRqsm2gqIYgZ8nqb
emRg51JtCdPRzKXFFKswae2wzLj1ldc4ksrVGRFyyh6Kn4bmtZs30tgwIRnuh2PT
XbhVZTQVD2SbiWTBl7SjgVpuUnUdhJWVGnF/0ksMaB3GVlgnVULJnomaUlvgdeL0
NE4PacjTQsfXoRdbjAeE390PcK+Ax8OQATXA9AezXV3EnjRAapOBCRqCb3S+lOVJ
oL0050bYWC85Ijb+SDR3fl1UxQf2XgaKKx2E0/gUy0EtCLtpwT4L0iS2hzKENxgd
B0kFriXRTxdejBmBPl36jQ==
```

View File

@ -1,5 +1,7 @@
# Doc
> Current status / questions / is in [doc/LATEST.md](LATEST.md)
- [Installation / Docker Setup](DockerSetup.md)
- [Reverse Engineering Notes](ReverseEngineeringNotes.md)
- [Licensing Flow / Process](LicensingFlow.md)

123
src/test/test_decrypt.py Normal file
View File

@ -0,0 +1,123 @@
import base64
from cryptography import x509
from cryptography.hazmat.primitives.ciphers.aead import AESGCM
from cryptography.hazmat.primitives.serialization import load_pem_private_key, load_pem_public_key, Encoding
### DEFAULTS
# SELECT xid FROM request_routing.service_instance
NV_SI_SITE_ID = '4e53a171-103b-4946-9ed8-5f4c0ee750d9'
# SELECT value FROM si_<xid>.service_instance_artifact WHERE namespace = 'service_instance.client.all' and name = 'private_key'
NV_SI_KEY_RSA = """-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAyIz6i48cFn4XOK0S2GTYpLMU85xzJ1fmQmA2nC6Zod2V4BxN
Xqk+9y8nvdzZVELxmC+N47ZQGV/J5cquIadx0V42F3JTryJFDuZ+7fQsNlXUX3og
UQhhgvHuluhDJQSvdZAzpguS7N+gJGCGbGk1pZBYL2JtTDTWSIcWsQtD/w9DAPEk
K5cHGoZkovngH1LOTkVAcyEqKxLblerMnLu3rOaDVkEcf+1l2BwvHUWTU4LI6uud
CWP2em69T2EXp1qczi5IKJzc53puNfp5nXlHayrneYAdIbEAQSQg+Z40npUwNKW7
1Ue2NsG3SoGWuj3lTyEVXlLsAw0bsCDVLipMWwIDAQABAoIBAA24FyuU221ueSHK
m49ro3Mg2dep/10ICYH6f8HcLjmBPwKlucucwehTtK3esPJ8SEQ9r8DA2zN6w56R
aHgRsrRWQL0Gq4YMTuascRWce0NirueyvKM02SoFnGl8wGfrE7wNfhSalhWkkDMg
DaujRtg2MTiMmY15z9U5gh16XjYEZipOmfmNWHLCMRnEsXV/ToZ+g7ekruKPweGD
A52tG0pN/KYVaQFX+sZ7eXpd1jEl4gCSHup1SopAM3+is0DzeHiLSg9ZUN9dd8af
L+SYAOCjRHXkUKcQN8a3FffoPInjy4D57dndkqRusiCtRJV3TEjO4Ld9cj/fqQZ2
kDMT0YECgYEA0iPJu73Kz3wruxGfzq2zTE8RMM/EF8OAXi/qzKer40w7KLZ4aY0c
5FUJwehipYM390/OUf0x3jiwMVk3wR6M9/L9h70zN1OCIKnCbLc+e0sgK9nYY98y
XxXIu/HfRi42usAg6IQsr41z+Y7qY/zlyIDdoGJPTgra2aFUbYG/pD8CgYEA9FF2
GfBlC5NUxwjjwEeNXvKU3wvzoZ0wS3EMrj0ylXY/4Q+thlfOWiGBKUOik8mSohgL
9qP756185Map/szCUzjlr13hgLg+nECJuP6hLWP2V4O+vS2dNg+lxWJ7EZVxhRR1
ueJE4xkOU2v00b0H+nJyDnoEhdHlvFFVnh+roOUCgYEAnyxwoH8Q4r1hup+M91bn
m4PAt8KI/J8f2zhcmIzhTJjvrtUYvIshOWuYqoLGRizw9apD1CL/5R33iEnWS7hC
e4ZZuLn904iz5t3v4b2j3Gx5f/3RRUVJuHCdzo9V2qki1660vqtv1cJF+ODidr6X
p5rFRblx7OGYCIWFmDVR3q0CgYBZZ03eZBe1yq4lP12ISSa0bfSIQmle5JR9ptrL
D93oz6LEiuYm2Q7L8KLBJNzjU8nywvXtxUgzGUswtHoUoX0i0xlJuQMCBWnz57H+
Hj+AyqmkkLNFquFynPs+ZbE/V/54gmoqIWCv8cVKRaEK9y9qOGMAZSouhgaZiPHZ
sSEu+QKBgQDRpPzQrn0xD0QPvQMi/gl8TJHjEfjQkGkxREa1XAKj4XcHXKwzSfdf
LdUhyKEt/if0EJd09UbH6+T7aqkuw4HthF8ab2FSlLcyQ6t0UYUlTwCLTHsquqeu
5+Le7DO89hskB8DKr4Oobmr12eulCf81UDYWSKhDYeqrBJyf3PopLg==
-----END RSA PRIVATE KEY-----
"""
# SELECT value FROM service_instance_artifact WHERE namespace = 'service_instance.client.all' and name = 'public_key'
NV_SI_KEY_PUB = """-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIz6i48cFn4XOK0S2GTY
pLMU85xzJ1fmQmA2nC6Zod2V4BxNXqk+9y8nvdzZVELxmC+N47ZQGV/J5cquIadx
0V42F3JTryJFDuZ+7fQsNlXUX3ogUQhhgvHuluhDJQSvdZAzpguS7N+gJGCGbGk1
pZBYL2JtTDTWSIcWsQtD/w9DAPEkK5cHGoZkovngH1LOTkVAcyEqKxLblerMnLu3
rOaDVkEcf+1l2BwvHUWTU4LI6uudCWP2em69T2EXp1qczi5IKJzc53puNfp5nXlH
ayrneYAdIbEAQSQg+Z40npUwNKW71Ue2NsG3SoGWuj3lTyEVXlLsAw0bsCDVLipM
WwIDAQAB
-----END PUBLIC KEY-----
"""
# /etc/dls/config/master_pwd.bin
NV_MASTER_PWD_BIN = """RdX1Fng5fYUEq+hSvQcDPdZmKkLfEfVd9k6OU6BG0UpFz1s9fbT5H2fqPBcxFogg
yFNvJnLizyGi0nSLEQQL/+wmYcTnFj0TI5svrKMXLLM2gED8ZozvTyKQNpVZssad
QkLz7Y3qaSFG90OEXD0MU48SgUkfUF4jnyU2jxph72AuI5djjWV+fjfNM60q/nOb
RUrn5hWm4qczga8N6eK6J8hOXNRm+9k2tT4PG+MuqhwdHxfdY9eCnNWVZWfqg3e9
OnRDt/ZZvBg8po4aP21Nobqr0UDkIrwbBa+b/gC6BTF/1/MwoLPmFFNlnnB8yJXs
Gn0aj+WXNuH+Syt+BiNUcQ==
"""
# /etc/dls/config/master_pwd_v100.bin
NV_MASTER_PWD_V100_BIN = """mht1iKDDsWrp/AVs2h5wpO14FKbIwAQW4yVKEYaDaPIgWQmapRqsm2gqIYgZ8nqb
emRg51JtCdPRzKXFFKswae2wzLj1ldc4ksrVGRFyyh6Kn4bmtZs30tgwIRnuh2PT
XbhVZTQVD2SbiWTBl7SjgVpuUnUdhJWVGnF/0ksMaB3GVlgnVULJnomaUlvgdeL0
NE4PacjTQsfXoRdbjAeE390PcK+Ax8OQATXA9AezXV3EnjRAapOBCRqCb3S+lOVJ
oL0050bYWC85Ijb+SDR3fl1UxQf2XgaKKx2E0/gUy0EtCLtpwT4L0iS2hzKENxgd
B0kFriXRTxdejBmBPl36jQ==
"""
def test_b64_decode():
nv_master_pwd = base64.b64decode(NV_MASTER_PWD_BIN)
nv_master_pwd_v100 = base64.b64decode(NV_MASTER_PWD_V100_BIN)
assert 256 == len(nv_master_pwd)
assert 265 == len(nv_master_pwd_v100)
def test_aes_encrypt():
pass
def test_aes_decrypt():
nv_private_key = load_pem_private_key(NV_SI_KEY_RSA.encode('utf-8'), password=None)
assert 2048 == nv_private_key.key_size
# SELECT property_value FROM si_<xid>.configuration WHERE property_name = 'DLS_SI_CERTIFICATE'
nv_dls_si_certificate = {
"not_after": "2028-03-11T12:27:21.000Z",
"ca_chain": "[\"-----BEGIN CERTIFICATE-----\\r\\nMIIF3TCCA8WgAwIBAgIUCpVszfecRrnPa3EGwPKuyWESBmMwDQYJKoZIhvcNAQELBQAwcjELMAkG\\r\\nA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDzANBgNVBAoTBk52aWRpYTEnMCUGA1UECxMe\\r\\nTnZpZGlhIExpY2Vuc2luZyBTZXJ2aWNlIChOTFMpMRQwEgYDVQQDEwtOTFMgUm9vdCBDQTAeFw0y\\r\\nNDA5MjYwNzM4MTlaFw0zNDA5MjQwNzM4NDlaMHoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp\\r\\nZm9ybmlhMQ8wDQYDVQQKEwZOdmlkaWExJzAlBgNVBAsTHk52aWRpYSBMaWNlbnNpbmcgU2Vydmlj\\r\\nZSAoTkxTKTEcMBoGA1UEAxMTTkxTIEludGVybWVkaWF0ZSBDQTCCAiIwDQYJKoZIhvcNAQEBBQAD\\r\\nggIPADCCAgoCggIBAOIb5ZcYWR78WkJipEW4cOB2d3WkXhjzA9Omj0SBnA6fJad+zObguInmkgyB\\r\\nUC/0xMnHeEH1WQpZ0yZE1rdH0ziwPy07hmCgjMSC8iXSfV4QXoHzsQy80HSbD3dr0A5Fk9UrWdJu\\r\\nIlLnwqTfUjxMSqiVYbGI2JLVLDIPjnrCKgZ//vVTFWiMDQaGInDz5Qo3azHIt1Sw3u47/b88TzmK\\r\\ni3TMbjtAR3djlhQfJBY6nUdP8wWy2Fntx9fO7U723sp6cnGtHnbXGpon/QqxlPjT4RXXm1QmFQ/d\\r\\nyUmvmjoiJsCQ3v2KFJNei2bkUS29ZKPr4TGokojOilESQAQTLo+5s0cN7ZtPWvwZ4uets84GCRP5\\r\\ndC+aKoNQ7cg06A1tA3SxEL9r6D2LaTiheuWKFNiIJZzfmmbTPExsKt4Nzmv72wfG2i2+sY6l4f5x\\r\\nEFiKybn2EY1Hjpt0J3vL/goOOt/ejRtS5qKco3pu6zZBBWqB1qesA813AGgqbscht4y4m414rPmQ\\r\\naHA2PTe0JRDcradK75chFUOvLeIYD1Hy0XTxNxlhRA/5mFd2GkWZmtsW3D1iAV73VHAEvWDS0hXB\\r\\ng60B0y4d3fyYxI+pOTaZzsh0PAC2jUqDOhQ7dKELeYUKWsEDDMq9mg2bxqSNoQnQbITIsbu7IELu\\r\\nvmxIWT1omRptd5LrAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0G\\r\\nA1UdDgQWBBRKNST8UPeZYQgLZLEKMBGklaADHjAfBgNVHSMEGDAWgBRiEXE0RonjkPN+XBjnSQbo\\r\\nA8X3ajANBgkqhkiG9w0BAQsFAAOCAgEAEq5FaQWhTWt1hNfoz/BeDQ68O9PEGGveCPouElE8s/uG\\r\\nPHYSJpmg7dq5Qoxb5dpdq1mJX2rTgixJu/iC3uRUsirdH6wsVjjqz4YsoAz5VqjlkriFJpXlfOpp\\r\\nw18ex5C5p4x3TrlPCowMgf9h6VBR1iCq3VikVVguqSPP/zf9G3Qhitvqs0+m7KJnbwFA/bDLMET8\\r\\nTJS/r4XKQYisXfu95XrG2TTCaOwytqx+uepqwB74tFMznfdjzKyztqGwniKLrcZ3kOuM4cyo5ZT4\\r\\nOORCV6FWmbRq2OtttI4o85zsVNkY1JF8hvyvjygRiX5dQROza5EStkXvGO6532atFU43KNJvLanZ\\r\\nZTaxIJvZGWeKvrH+HTCANp11cgq5qcRRltQHb7KWweYNM4nyCjyBQm5vTm7g1uVI7llVm2Txx5dT\\r\\n5OtenaohmJIr6POeq8Y2Z+DJ8s3UpZoZCc3Vj5PQyNZiAx2ErN6XgrsmljG3w6+k2ooLpT9Sr1Ql\\r\\nKc8okN5SJGUOLuFI+h8jX1hHqpQejjNKy3UkTzjosYNq6Kk0h2Tl1i8iO+wY4Wb3GbL6GtP1rcjI\\r\\np/d9mxPNJONlp4a0koaMEpHTODT/xyVjU7FkUyKE9Uj1O/1lBEANYsFrQGfmuHAZTGf9J+cvkrz3\\r\\n56OFWPHcA7gxkpU8wftrVMLFeDvLIGc\\u003d\\r\\n-----END CERTIFICATE-----\"]",
"not_before": "2025-03-12T12:26:51.000Z",
"certificate": "-----BEGIN CERTIFICATE-----\r\nMIIE2zCCAsOgAwIBAgIUU1iWuS2t3ufw2dvXTEC0VmhpY4IwDQYJKoZIhvcNAQELBQAwejELMAkG\r\nA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDzANBgNVBAoTBk52aWRpYTEnMCUGA1UECxMe\r\nTnZpZGlhIExpY2Vuc2luZyBTZXJ2aWNlIChOTFMpMRwwGgYDVQQDExNOTFMgSW50ZXJtZWRpYXRl\r\nIENBMB4XDTI1MDMxMjEyMjY1MVoXDTI4MDMxMTEyMjcyMVowLzEtMCsGA1UEAxMkNGU1M2ExNzEt\r\nMTAzYi00OTQ2LTllZDgtNWY0YzBlZTc1MGQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\r\nAQEAsFLwIgL4xu4BAGiQSUeb66F87tZBKn057uK92QPbPMxRFCD9gN0NUxv5apEDxWLaUecugvOb\r\np3d1hCrkUkXdu7Ogb2GZMQXqCvBFvZX7S2ZFEA9XhV2hLzHYMVLz3dsVnZP/R4+rF3qPYx4rlkJq\r\n+XWr/y6kO93ocoqFkIQF0QfZ+tD6ydyfZdSAShjnOVlzds2fmaFHJJGLo/SsvjcnuVpJ+qKaoyD+\r\ndOvTVaYCrCNcI2cJ6sgSPp1xWrt9Hu21lr0tH5nou4dwWPdlciF6IfrnmHHdbwOlbCz4TS/t4hpB\r\nFD/bDNNVUobu+KRHJRGXKlrBk+Udx0dpmkUZ80WOFQIDAQABo4GjMIGgMA4GA1UdDwEB/wQEAwID\r\nqDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJ/o520oGIqKTmima73E\r\n9NgNbIk2MB8GA1UdIwQYMBaAFEo1JPxQ95lhCAtksQowEaSVoAMeMC8GA1UdEQQoMCaCJDRlNTNh\r\nMTcxLTEwM2ItNDk0Ni05ZWQ4LTVmNGMwZWU3NTBkOTANBgkqhkiG9w0BAQsFAAOCAgEAv9NcfpBU\r\nxZP9PsdJ4twWu/EQqeJRsrTV3ngg6o9JV22285p5TbhTk9aKa6HlME9KoYDlXo1yn4pwVL6TFc/W\r\nR+2UJJphrlZGEUJvTrEwDxs29QXjkWAJ+2KZoLHdKK1luV1QAV2x8/hTWUvj4pnpRUHvdXAWu3uy\r\nVUYhE2Ypj6Lq6ipzHQCh+ZM6Zyml6Em/byRrIv6dv/DH7QsQCqXmuyxajTNYmexG33HOr5R/JAX/\r\n4xC1C9KB0Ru1NcJRIKJ+OPiXEJNXugvAMx02MJw5fETEEvGY8YakjaRFn9p7cfRCBFbJWWyQ2RM8\r\n8Z9pr2JrDzDIImBZ5LY4KpvYhsWr2R2mYqtNw0P3FPfm23x0WzSx10TtRnEX1I1349CDwNIOFpQr\r\ncW3mBtX0pb/iOwazvBfxCO7Y7FrHXVxv0tPtJg6PSdCyp7Lgu2zIsWuteHOnaoo+IXocAbSuTmIN\r\n0yduLkYU0XBJOouO0fBziorL6S7ifeaVP/ppRnF0L61DLbaHy8qkqBQTe9JQRHmV+owl0lsHrYRI\r\nRKOxVxFS2UmAJZiqnJ/HI2nHRqZerH5c465u8N3xuT71HxsoFxiu4tQM0NEGGUoooefX/ramo4P+\r\neEVOavIG7uVFzYnrfadEZiCF+hLQf/DNgueHglgaibGAbSTILhVaQ+9KvlhMh5Am2tU=\r\n-----END CERTIFICATE-----",
"private_key": "QdJJAeacpWgp7GDazwkRCwWCCRMXWKYBh8BdWYZFO7r0CU+B1WmGc8/KP5LSeWLVbg/PN4cJ/USwlgGhOlAQqZEzUKjDzwbWEamu140gbh3xIc0W80jDRu1nAWsuXYftT3JGzg+0TDL0CObOrbhm+KoyS2PFvkcWK0ogQfwPfZl66Pu1Yfr8v7QTLZwaBL3LbR8xux7Qz5ztsYq/FmTp2QRcu597Zcx6NdNF95uEF4SmKMZfJLzjt6vN6plk/TujEitELhoyFd5MlaB6ikCTU9f7+xi6yFWVdM+gFtUhh97lzBsEDVmHBbUles0bw1swc4bKa8SX1+/X1WtfHIW0GuPmcuOxHHftxSD9ezRTie5hkMteH85J9Doyfupzb3MluHipNfdIFlBuWEDyZfDRuWND+GWvDAtwxEs56G3efaU9bs6PWZ4gbrmsqlvsJFh3PUmYZSPVzkTT8GsCkG+mXG0iuR1uCD/1eflwnyGhQB2j7tzpozIJsVbt1ioIEHiKxwlfJdj6ELCLSIf7lPbKVubFf2wz3HoKunnByFug6faBvwN1XsVN6Oi4oBnQCyRGJdGvWiH2KAmYxuHqER1vMUc9X0yyIGGphmpG9h2EkbUu8g4Js07VxP7wI7ROTCa7jhrnUBN0quTVIackZa1DE4DUIZB/4zMMT8PLAE/47Wd1+GeyiSiH2gytxJALWZvq6OEM2YGHfVjiMEgSZzVjyZJIHGc6RjTMvm7bjvDn/MGZm8TwvG8PZeVj68xA49UQZzgc2APSOhgipnSUpIE7mnrjRNNRl0ymBUrtqiZcwZDYffqtDbZYUOrVc3KMGk0PWTFr5MOPaZPgT/JuygR9H6q/KTDf1MRzPKHovvxK+e4hbWN96RPIjsb0EKBYXniff4RGLHlpOvz8yg1XITNf9dGBLPcgKHhIZi2IuaVPLYnGXvQ/tsJPd9rz5zfTCIAMXteGypSZ/+pxFYvcq5exluh73/C58wn4NsI+84vU5EqIqD7vgNbTnUyx747u4ObFmo94qKVg3EuqqKy9AXAE19smMOaqmzL7NKacHOGkd+U2TmCa+rXVBtHDmGV7B9hCElt5Al6RuqogP3agZq9zI+bVn18lnQ9OdJfUGsf6bisKJNSQjNuZVUXuIfzexa+F11g/I5iTig1B5SimaUOS47Eqd4YvqtwwzCBXVlu/ejAIq2y0yKqkIViY0MsvKAWqYXjaXblu8YzCCFTJ/v/Y3AMrBfxI/SzFTFhEU1o7qZF72RbkdPObafEcbxIg8Q5RM645G2bih2/I0V7OBIBOBSaLURp5Uj7jp2OI2fdOkn16fXsUNEzyPk+4Zetw0TnsogoI3v643zyt7wlwX4i97r0N7P8jOhvEWNW2RMjiOJ9aa3zzn4bTzzRP702Hbw9qzRIvzRkudrPsq0t3U/eRYU6SZy/MhN33nIgTQqLS1RBy9Um91Wo9yvA6v4z+zIziOfaGfMowlsZfHOR4c8kp4kgk3NfittkleiV6A1EXpJcBHxTQSHjHR/jkBwCTY57t91NgO9a2d6yoYk6NPyp21bKieqKcgJ4SQpHDiz1n0O/OGK3INYigqwKcHKyyfND25KqZlwXwrimJR0aW0mRv0tlBybt4oP+bT3oAiaNjm2VCnx4u6/PoWzcKuX/XJtsmroIeP5yotwBwDUz0JpcaNYKc1e/8sG0/h7m5pKgmQVuAuet6qbg3LNp69TSjqVkkkWDJPCjrEgSl/HGGYWMTmZ9b6R8qmHi1kqMAcr/TVXoaK4+yTIaeatTquwcxan4d4+SBl09a29Aqqv4X49xVYJwgGRUG0B+UqXurxp8s3XQPnsqpRlWEoNWgj77sRaK7TKmL/LqumhSqU5SRdBlrtYWzRmysXShMeiqM2iqZV2zfcEZwlCjJsHbRtjKNnsGOdovgqj78P8gLxRwPWbGCUyNi1JfVbe9qv3zqp/b8MTwcbApb923rydiBRUFRpF5Bn+qLk0dnZ7sr+jy3xPTiOxTzq8fbyGmKzd8v+F1nMldlwB0KAlcNtlwvO/8wHhA03J/IjgIpEbgzIRq4vPOuzeVG0as5ITOIzjwxSRr/0zFx9iNTogEvXigzAvJ+OZzkH6sHjngRBV42dtJPxUDn3eGqW3st0J0FjH+JcZ2avu/YKivEWbpaj8nJn3IQVn4KnPA/NexdSTMGxiJ3Xrc9y6zA7pmrVOQmA4Q9rlLNY69jdkkW9AAEcvCN2tDHhRcqu5zcFikGxZiE4ZYd23b5IWnxngwiLxCGqXSRea4o2ODoNNFNWkAnNt4+yoZkqtlhAWrdtzh5g65qSbHzB8y7MQ==",
"serial_number": "53:58:96:b9:2d:ad:de:e7:f0:d9:db:d7:4c:40:b4:56:68:69:63:82"
}
nv_certificate = x509.load_pem_x509_certificate(nv_dls_si_certificate['certificate'].encode('utf-8'))
# Mengsk @ discord:
# I think it's AES-GCM encrypted,
# from the cert I saw key length is 2048b,
# which should be 1732 bytes in pem format.
# private_key is 1744 bytes looks like pem + 12 bytes gcm
private_key = nv_dls_si_certificate['private_key']
assert 2328 == len(private_key)
encrypted_b64 = base64.b64decode(private_key)
assert 1744 == len(encrypted_b64)
nonce = encrypted_b64[:12]
pem = encrypted_b64[12:]
assert 12 == len(nonce)
assert 1732 == len(pem)
aes_gcm = AESGCM(key=base64.b64decode(NV_MASTER_PWD_BIN))
# THIS STEP FAILS
# > aes_gcm = AESGCM(key=base64.b64decode(NV_MASTER_PWD_BIN))
# E ValueError: AESGCM key must be 128, 192, or 256 bits.
# ===> 256 bytes are not 256 bits :facepalm:
try:
decrypted_data = aes_gcm.decrypt(nonce, pem, None)
print(decrypted_data)
except ValueError:
print("Decryption failed")