def test_invalid_key_store():
# invalid key store length
with pytest.raises(SPSDKError):
KeyStore(KeySourceType.KEYSTORE, bytes(range(10)))
# key-store specified in OTP mode
with pytest.raises(SPSDKError):
KeyStore(KeySourceType.OTP, bytes(range(10)))
with pytest.raises(
SPSDKError,
match="KeyStore can be initialized only if key_source == KEYSTORE"
):
KeyStore(KeySourceType.OTP, bytes(1424))
key_store = KeyStore(KeySourceType.KEYSTORE,
bytes([0] * KeyStore.KEY_STORE_SIZE))
with pytest.raises(SPSDKError, match="Invalid length of hmac key"):
key_store.derive_hmac_key(hmac_key=bytes(31))
with pytest.raises(SPSDKError, match="Invalid length of master key"):
key_store.derive_enc_image_key(master_key=bytes(31))
with pytest.raises(SPSDKError, match="Invalid length of master key"):
key_store.derive_sb_kek_key(master_key=bytes(31))
with pytest.raises(SPSDKError, match="Invalid length of master key"):
key_store.derive_otfad_kek_key(master_key=bytes(31),
otfad_input=bytes(16))
with pytest.raises(SPSDKError, match="Invalid length of input"):
key_store.derive_otfad_kek_key(master_key=bytes(32),
otfad_input=bytes(15))
def compute_hmac(self, data: bytes) -> bytes:
"""Compute HMAC hash.
:param data: Data to be hashed.
:return: Result HMAC hash of input data.
"""
if not self.hmac_key:
return bytes()
key = KeyStore.derive_hmac_key(self.hmac_key)
result = crypto_backend().hmac(key, data)
assert len(result) == self.HMAC_SIZE
return result
def _hmac(self, data: bytes) -> bytes:
"""Calculate HMAC for provided data.
:param data: to calculate hmac
:return: calculated hmac; empty bytes if the block does not contain any HMAC
"""
if not MasterBootImageType.has_hmac(self.image_type):
return bytes()
assert self.hmac_key and len(self.hmac_key) == self._HMAC_KEY_LENGTH
key = KeyStore.derive_hmac_key(self.hmac_key)
assert len(key) == self._HMAC_DERIVED_KEY_LEN
result = crypto_backend().hmac(key, data)
assert len(result) == self.HMAC_SIZE
return result
