def test_read(x_pin=PIN, idx=0): assert len(x_pin) == len(SEC) == 32 # optional: check it's the right PIN ae.reset_watchdog() ae.do_checkmac(KN_pairing, pairing_key) ae.do_checkmac(KN_pins[idx], x_pin) # fails on wrong pin info = ae.get_info() # gets: InfoStat(TK_KeyId=0, TK_SourceFlag=0, TK_GenDigData=0, # TK_GenKeyData=0, TK_NoMacFlag=0, EEPROM_RNG=1, SRAM_RNG=0, # AuthValid=1, AuthKey=3, TK_Valid=0) assert info.AuthKey == KN_pins[idx], info assert info.TK_GenDigData == 0, info # - so can't use that for encrypted read, but does verify the slot contents # NOW: read the secret out, encrypted ae.reset_watchdog() ae.do_checkmac(KN_pairing, pairing_key) rb = ae.read_encrypted(KN_secrets[idx], KN_pins[idx], x_pin) print(" secret[%d] = %r" % (idx, rb)) if idx < len(KN_lastgood): ae.reset_watchdog() ae.do_checkmac(KN_pairing, pairing_key) rb = ae.read_data_slot(KN_lastgood[idx], blkcount=1) print("lastgood[%d] = %r" % (idx, rb))
def change_secret(the_pin, new_secret, idx=0): ae.do_checkmac(KN_pairing, pairing_key) ae.write_encrypted(KN_secrets[idx], KN_pins[idx], the_pin, new_secret) ae.reset_chip() ae.do_checkmac(KN_pairing, pairing_key) rb = ae.read_encrypted(KN_secrets[idx], KN_pins[idx], the_pin) assert rb == new_secret return rb
def change_pin(old_pin, new_pin, idx=0): ae.reset_watchdog() ae.do_checkmac(KN_pairing, pairing_key) try: ae.do_checkmac(KN_pins[idx], old_pin) except WrongMacVerify: print("that's the wrong PIN") return 0 ae.reset_watchdog() ae.do_checkmac(KN_pairing, pairing_key) ae.write_encrypted(KN_pins[idx], KN_pins[idx], old_pin, new_pin) # verify change ae.do_checkmac(KN_pairing, pairing_key) ae.do_checkmac(KN_pins[idx], new_pin) print("[%d] new pin in effect" % idx) ae.reset_chip() ae.do_checkmac(KN_pairing, pairing_key) if idx < len(KN_secrets): return ae.read_encrypted(KN_secrets[idx], KN_pins[idx], new_pin)