def _test_encrypt_decrypt(self, input_plaintext, expected_ciphertext, key_path, offset, flash_crypt_conf=0xf, aes_xts=None):
original_plaintext = self._open(input_plaintext)
keyfile = self._open(key_path)
ciphertext = io.BytesIO()
args = self.EncryptArgs(keyfile,
ciphertext,
offset,
flash_crypt_conf,
aes_xts,
original_plaintext)
espsecure.encrypt_flash_data(args)
original_plaintext.seek(0)
self.assertNotEqual(original_plaintext.read(), ciphertext.getvalue())
with self._open(expected_ciphertext) as f:
self.assertEqual(f.read(), ciphertext.getvalue())
ciphertext.seek(0)
keyfile.seek(0)
plaintext = io.BytesIO()
args = self.DecryptArgs(keyfile,
plaintext,
offset,
flash_crypt_conf,
aes_xts,
ciphertext)
espsecure.decrypt_flash_data(args)
original_plaintext.seek(0)
self.assertEqual(original_plaintext.read(), plaintext.getvalue())
def test_encrypt_decrypt(self):
EncryptArgs = namedtuple('encrypt_flash_data_args', [
'keyfile', 'output', 'address', 'flash_crypt_conf',
'plaintext_file'
])
DecryptArgs = namedtuple('decrypt_flash_data_args', [
'keyfile', 'output', 'address', 'flash_crypt_conf',
'encrypted_file'
])
original_plaintext = self._open('bootloader.bin')
keyfile = self._open('256bit_key.bin')
ciphertext = io.BytesIO()
args = EncryptArgs(keyfile, ciphertext, 0x1000, 0xFF,
original_plaintext)
espsecure.encrypt_flash_data(args)
self.assertNotEqual(original_plaintext, ciphertext.getvalue())
# use compressed size as entropy estimate for effectiveness
compressed_cipher = zlib.compress(ciphertext.getvalue())
self.assertGreaterEqual(len(compressed_cipher),
len(ciphertext.getvalue()))
ciphertext.seek(0)
keyfile.seek(0)
plaintext = io.BytesIO()
args = DecryptArgs(keyfile, plaintext, 0x1000, 0xFF, ciphertext)
espsecure.decrypt_flash_data(args)
original_plaintext.seek(0)
self.assertEqual(original_plaintext.read(), plaintext.getvalue())
def _test_encrypt_decrypt(self, input_plaintext, expected_ciphertext, key_path, offset, flash_crypt_conf=0xf):
EncryptArgs = namedtuple('encrypt_flash_data_args',
[ 'keyfile',
'output',
'address',
'flash_crypt_conf',
'plaintext_file'
])
DecryptArgs = namedtuple('decrypt_flash_data_args',
[ 'keyfile',
'output',
'address',
'flash_crypt_conf',
'encrypted_file'
])
original_plaintext = self._open(input_plaintext)
keyfile = self._open(key_path)
ciphertext = io.BytesIO()
args = EncryptArgs(keyfile,
ciphertext,
offset,
flash_crypt_conf,
original_plaintext)
espsecure.encrypt_flash_data(args)
original_plaintext.seek(0)
self.assertNotEqual(original_plaintext.read(), ciphertext.getvalue())
with self._open(expected_ciphertext) as f:
self.assertEqual(f.read(), ciphertext.getvalue())
ciphertext.seek(0)
keyfile.seek(0)
plaintext = io.BytesIO()
args = DecryptArgs(keyfile,
plaintext,
offset,
flash_crypt_conf,
ciphertext)
espsecure.decrypt_flash_data(args)
original_plaintext.seek(0)
self.assertEqual(original_plaintext.read(), plaintext.getvalue())
def test_encrypt_decrypt(self):
EncryptArgs = namedtuple('encrypt_flash_data_args',
[ 'keyfile',
'output',
'address',
'flash_crypt_conf',
'plaintext_file'
])
DecryptArgs = namedtuple('decrypt_flash_data_args',
[ 'keyfile',
'output',
'address',
'flash_crypt_conf',
'encrypted_file'
])
original_plaintext = self._open('bootloader.bin')
keyfile = self._open('256bit_key.bin')
ciphertext = io.BytesIO()
args = EncryptArgs(keyfile,
ciphertext,
0x1000,
0xFF,
original_plaintext)
espsecure.encrypt_flash_data(args)
self.assertNotEqual(original_plaintext, ciphertext.getvalue())
# use compressed size as entropy estimate for effectiveness
compressed_cipher = zlib.compress(ciphertext.getvalue())
self.assertGreaterEqual(len(compressed_cipher), len(ciphertext.getvalue()))
ciphertext.seek(0)
keyfile.seek(0)
plaintext = io.BytesIO()
args = DecryptArgs(keyfile,
plaintext,
0x1000,
0xFF,
ciphertext)
espsecure.decrypt_flash_data(args)
original_plaintext.seek(0)
self.assertEqual(original_plaintext.read(), plaintext.getvalue())