def test_invalid_key_store(): # invalid key store length with pytest.raises(SPSDKError): KeyStore(KeySourceType.KEYSTORE, bytes(range(10))) # key-store specified in OTP mode with pytest.raises(SPSDKError): KeyStore(KeySourceType.OTP, bytes(range(10))) with pytest.raises( SPSDKError, match="KeyStore can be initialized only if key_source == KEYSTORE" ): KeyStore(KeySourceType.OTP, bytes(1424)) key_store = KeyStore(KeySourceType.KEYSTORE, bytes([0] * KeyStore.KEY_STORE_SIZE)) with pytest.raises(SPSDKError, match="Invalid length of hmac key"): key_store.derive_hmac_key(hmac_key=bytes(31)) with pytest.raises(SPSDKError, match="Invalid length of master key"): key_store.derive_enc_image_key(master_key=bytes(31)) with pytest.raises(SPSDKError, match="Invalid length of master key"): key_store.derive_sb_kek_key(master_key=bytes(31)) with pytest.raises(SPSDKError, match="Invalid length of master key"): key_store.derive_otfad_kek_key(master_key=bytes(31), otfad_input=bytes(16)) with pytest.raises(SPSDKError, match="Invalid length of input"): key_store.derive_otfad_kek_key(master_key=bytes(32), otfad_input=bytes(15))
def compute_hmac(self, data: bytes) -> bytes: """Compute HMAC hash. :param data: Data to be hashed. :return: Result HMAC hash of input data. """ if not self.hmac_key: return bytes() key = KeyStore.derive_hmac_key(self.hmac_key) result = crypto_backend().hmac(key, data) assert len(result) == self.HMAC_SIZE return result
def _hmac(self, data: bytes) -> bytes: """Calculate HMAC for provided data. :param data: to calculate hmac :return: calculated hmac; empty bytes if the block does not contain any HMAC """ if not MasterBootImageType.has_hmac(self.image_type): return bytes() assert self.hmac_key and len(self.hmac_key) == self._HMAC_KEY_LENGTH key = KeyStore.derive_hmac_key(self.hmac_key) assert len(key) == self._HMAC_DERIVED_KEY_LEN result = crypto_backend().hmac(key, data) assert len(result) == self.HMAC_SIZE return result