def test_read(x_pin=PIN, idx=0):
assert len(x_pin) == len(SEC) == 32
# optional: check it's the right PIN
ae.reset_watchdog()
ae.do_checkmac(KN_pairing, pairing_key)
ae.do_checkmac(KN_pins[idx], x_pin) # fails on wrong pin
info = ae.get_info()
# gets: InfoStat(TK_KeyId=0, TK_SourceFlag=0, TK_GenDigData=0,
# TK_GenKeyData=0, TK_NoMacFlag=0, EEPROM_RNG=1, SRAM_RNG=0,
# AuthValid=1, AuthKey=3, TK_Valid=0)
assert info.AuthKey == KN_pins[idx], info
assert info.TK_GenDigData == 0, info
# - so can't use that for encrypted read, but does verify the slot contents
# NOW: read the secret out, encrypted
ae.reset_watchdog()
ae.do_checkmac(KN_pairing, pairing_key)
rb = ae.read_encrypted(KN_secrets[idx], KN_pins[idx], x_pin)
print(" secret[%d] = %r" % (idx, rb))
if idx < len(KN_lastgood):
ae.reset_watchdog()
ae.do_checkmac(KN_pairing, pairing_key)
rb = ae.read_data_slot(KN_lastgood[idx], blkcount=1)
print("lastgood[%d] = %r" % (idx, rb))
def change_secret(the_pin, new_secret, idx=0):
ae.do_checkmac(KN_pairing, pairing_key)
ae.write_encrypted(KN_secrets[idx], KN_pins[idx], the_pin, new_secret)
ae.reset_chip()
ae.do_checkmac(KN_pairing, pairing_key)
rb = ae.read_encrypted(KN_secrets[idx], KN_pins[idx], the_pin)
assert rb == new_secret
return rb
def change_pin(old_pin, new_pin, idx=0):
ae.reset_watchdog()
ae.do_checkmac(KN_pairing, pairing_key)
try:
ae.do_checkmac(KN_pins[idx], old_pin)
except WrongMacVerify:
print("that's the wrong PIN")
return 0
ae.reset_watchdog()
ae.do_checkmac(KN_pairing, pairing_key)
ae.write_encrypted(KN_pins[idx], KN_pins[idx], old_pin, new_pin)
# verify change
ae.do_checkmac(KN_pairing, pairing_key)
ae.do_checkmac(KN_pins[idx], new_pin)
print("[%d] new pin in effect" % idx)
ae.reset_chip()
ae.do_checkmac(KN_pairing, pairing_key)
if idx < len(KN_secrets):
return ae.read_encrypted(KN_secrets[idx], KN_pins[idx], new_pin)