def _test_encrypt_decrypt(self, input_plaintext, expected_ciphertext, key_path, offset, flash_crypt_conf=0xf, aes_xts=None): original_plaintext = self._open(input_plaintext) keyfile = self._open(key_path) ciphertext = io.BytesIO() args = self.EncryptArgs(keyfile, ciphertext, offset, flash_crypt_conf, aes_xts, original_plaintext) espsecure.encrypt_flash_data(args) original_plaintext.seek(0) self.assertNotEqual(original_plaintext.read(), ciphertext.getvalue()) with self._open(expected_ciphertext) as f: self.assertEqual(f.read(), ciphertext.getvalue()) ciphertext.seek(0) keyfile.seek(0) plaintext = io.BytesIO() args = self.DecryptArgs(keyfile, plaintext, offset, flash_crypt_conf, aes_xts, ciphertext) espsecure.decrypt_flash_data(args) original_plaintext.seek(0) self.assertEqual(original_plaintext.read(), plaintext.getvalue())
def test_examples_security_flash_encryption(env, extra_data): dut = env.get_dut('flash_encryption', 'examples/security/flash_encryption', dut_class=ttfw_idf.ESP32DUT) # start test dut.start_app() # calculate the expected ciphertext flash_addr = dut.app.partition_table["storage"]["offset"] plain_hex_str = '00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f' plain_data = binascii.unhexlify(plain_hex_str.replace(' ', '')) # Emulate espsecure encrypt_flash_data command EncryptFlashDataArgs = namedtuple( 'EncryptFlashDataArgs', ['output', 'plaintext_file', 'address', 'keyfile', 'flash_crypt_conf']) args = EncryptFlashDataArgs(BytesIO(), BytesIO(plain_data), flash_addr, BytesIO(b'\x00' * 32), 0xF) espsecure.encrypt_flash_data(args) expected_ciphertext = args.output.getvalue() hex_ciphertext = binascii.hexlify(expected_ciphertext).decode('ascii') expected_str = (' '.join(hex_ciphertext[i:i + 2] for i in range(0, 16, 2)) + ' ' + ' '.join(hex_ciphertext[i:i + 2] for i in range(16, 32, 2))) lines = [ 'FLASH_CRYPT_CNT eFuse value is 1', 'Flash encryption feature is enabled in DEVELOPMENT mode', 'with esp_partition_write', plain_hex_str, 'with esp_partition_read', plain_hex_str, 'with spi_flash_read', expected_str ] for line in lines: dut.expect(line, timeout=2)
def test_encrypt_decrypt(self): EncryptArgs = namedtuple('encrypt_flash_data_args', [ 'keyfile', 'output', 'address', 'flash_crypt_conf', 'plaintext_file' ]) DecryptArgs = namedtuple('decrypt_flash_data_args', [ 'keyfile', 'output', 'address', 'flash_crypt_conf', 'encrypted_file' ]) original_plaintext = self._open('bootloader.bin') keyfile = self._open('256bit_key.bin') ciphertext = io.BytesIO() args = EncryptArgs(keyfile, ciphertext, 0x1000, 0xFF, original_plaintext) espsecure.encrypt_flash_data(args) self.assertNotEqual(original_plaintext, ciphertext.getvalue()) # use compressed size as entropy estimate for effectiveness compressed_cipher = zlib.compress(ciphertext.getvalue()) self.assertGreaterEqual(len(compressed_cipher), len(ciphertext.getvalue())) ciphertext.seek(0) keyfile.seek(0) plaintext = io.BytesIO() args = DecryptArgs(keyfile, plaintext, 0x1000, 0xFF, ciphertext) espsecure.decrypt_flash_data(args) original_plaintext.seek(0) self.assertEqual(original_plaintext.read(), plaintext.getvalue())
def test_padding(self): # Random 2048 bits hex string plaintext = binascii.unhexlify("c33b7c49f12a969a9bb45af5f660b73f" "3b372685012da570df1cf99d1a82eabb" "fdf6aa16b9675bd8a2f95e871513e175" "3bc89f57986ecfb2707a3d3b59a46968" "5e6609d2e9c21d4b2310571175e6e3de" "2656ee22243f557b925ef39ff782ab56" "f821e6859ee852000daae7c03a7c77ce" "58744f15fbdf0ad4ae6e964aedd6316a" "cf0e36935eef895cd14a60fe682fb971" "eb239eae38b770bdf969017c9decfd91" "b7c60329fb0c896684f0e7415f99dec1" "da0572fac360a3e6d7219973a7de07e5" "33b5abfdf5917ed5bfe54d660a6f5047" "32fdb8d07259bfcdc67da87293857c11" "427b2bae5f00da4a4b2b00b588ff5109" "4c41f07f02f680f8826841b43da3f25b") plaintext_file = io.BytesIO(plaintext) ciphertext_full_block = io.BytesIO() keyfile = self._open('256bit_key.bin') address = 0x1000 encrypt_args_padded = self.EncryptArgs(keyfile, ciphertext_full_block, address, None, 'aes_xts', plaintext_file) espsecure.encrypt_flash_data(encrypt_args_padded) # Test with different number of bytes per encryption call # Final ciphertext should still be the same if padding is done correctly bytes_per_encrypt = [16, 32, 64, 128] for b in bytes_per_encrypt: ciphertext = io.BytesIO() num_enc_calls = len(plaintext) // b for i in range(0, num_enc_calls): keyfile.seek(0) offset = b * i # encrypt the whole plaintext a substring of b bytes at a time plaintext_sub = io.BytesIO(plaintext[offset:offset + b]) encrypt_args = self.EncryptArgs(keyfile, ciphertext, address + offset, None, 'aes_xts', plaintext_sub) espsecure.encrypt_flash_data(encrypt_args) self.assertEqual(ciphertext_full_block.getvalue(), ciphertext.getvalue())
def test_examples_security_flash_encryption(env, extra_data): dut = env.get_dut('flash_encryption', 'examples/security/flash_encryption') dut.erase_flash() # start test dut.start_app() # calculate the expected ciphertext flash_addr = dut.app.partition_table['storage']['offset'] plain_hex_str = '00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f' plain_data = binascii.unhexlify(plain_hex_str.replace(' ', '')) # espsecure uses the cryptography package for encrypting # with aes-xts, but does not allow for a symmetric key # so the key for later chips are not all zeros if dut.TARGET == 'esp32': key_bytes = b'\x00' * 32 aes_xts = False else: key_bytes = b'\xff' + b'\x00' * 31 aes_xts = True # Emulate espsecure encrypt_flash_data command EncryptFlashDataArgs = namedtuple('EncryptFlashDataArgs', [ 'output', 'plaintext_file', 'address', 'keyfile', 'flash_crypt_conf', 'aes_xts' ]) args = EncryptFlashDataArgs(BytesIO(), BytesIO(plain_data), flash_addr, BytesIO(key_bytes), 0xF, aes_xts) espsecure.encrypt_flash_data(args) expected_ciphertext = args.output.getvalue() hex_ciphertext = binascii.hexlify(expected_ciphertext).decode('ascii') expected_str = (' '.join(hex_ciphertext[i:i + 2] for i in range(0, 16, 2)) + ' ' + ' '.join(hex_ciphertext[i:i + 2] for i in range(16, 32, 2))) lines = [ 'FLASH_CRYPT_CNT eFuse value is 1', 'Flash encryption feature is enabled in DEVELOPMENT mode', 'with esp_partition_write', plain_hex_str, 'with esp_partition_read', plain_hex_str, 'with spi_flash_read', expected_str, # The status of NVS encryption for the "nvs" partition 'NVS partition "nvs" is encrypted.' ] for line in lines: dut.expect(line, timeout=2)
def _test_encrypt_decrypt(self, input_plaintext, expected_ciphertext, key_path, offset, flash_crypt_conf=0xf): EncryptArgs = namedtuple('encrypt_flash_data_args', [ 'keyfile', 'output', 'address', 'flash_crypt_conf', 'plaintext_file' ]) DecryptArgs = namedtuple('decrypt_flash_data_args', [ 'keyfile', 'output', 'address', 'flash_crypt_conf', 'encrypted_file' ]) original_plaintext = self._open(input_plaintext) keyfile = self._open(key_path) ciphertext = io.BytesIO() args = EncryptArgs(keyfile, ciphertext, offset, flash_crypt_conf, original_plaintext) espsecure.encrypt_flash_data(args) original_plaintext.seek(0) self.assertNotEqual(original_plaintext.read(), ciphertext.getvalue()) with self._open(expected_ciphertext) as f: self.assertEqual(f.read(), ciphertext.getvalue()) ciphertext.seek(0) keyfile.seek(0) plaintext = io.BytesIO() args = DecryptArgs(keyfile, plaintext, offset, flash_crypt_conf, ciphertext) espsecure.decrypt_flash_data(args) original_plaintext.seek(0) self.assertEqual(original_plaintext.read(), plaintext.getvalue())