def test_ram_signed_otp(data_dir: str, image_file_name: str, ram_addr: int) -> None: """Create signed load-to-RAM image with keys stored in OTP :param data_dir: absolute path with data files :param image_file_name: name of the input image file (including extension) :param ram_addr: address in RAM, where the image should be located """ # read unsigned image (must be built without boot header) path = os.path.join(data_dir, INPUT_IMAGES_SUBDIR, image_file_name) unsigned_img = load_binary(path) keystore = KeyStore(KeySourceType.OTP) cert_block, priv_key_pem_data = create_cert_block(data_dir) mbi = MasterBootImage(app=unsigned_img, image_type=MasterBootImageType.SIGNED_RAM_IMAGE, load_addr=ram_addr, key_store=keystore, hmac_key=MASTER_KEY, trust_zone=TrustZone.disabled(), cert_block=cert_block, priv_key_pem_data=priv_key_pem_data) out_image_file_name = image_file_name.replace('_unsigned.bin', '_signed_otp.bin') write_image(data_dir, out_image_file_name, mbi.export())
def test_ram_encrypted_keystore(data_dir: str, image_file_name: str, ram_addr: int) -> None: """Test encrypted load-to-RAM image with key stored in key-store :param data_dir: absolute path with data files :param image_file_name: name of the input image file (including extension) :param ram_addr: address in RAM, where the image should be located """ path = os.path.join(data_dir, INPUT_IMAGES_SUBDIR, image_file_name) org_data = load_binary(path) # load keystore with HMAC user key key_store = get_keystore(data_dir) cert_block, priv_key_pem_data = create_cert_block(data_dir) with open(os.path.join(data_dir, KEYSTORE_SUBDIR, 'userkey.txt'), 'r') as f: hmac_user_key = f.readline() mbi = MasterBootImage(app=org_data, image_type=MasterBootImageType.ENCRYPTED_RAM_IMAGE, load_addr=ram_addr, trust_zone=TrustZone.disabled(), cert_block=cert_block, priv_key_pem_data=priv_key_pem_data, hmac_key=hmac_user_key, key_store=key_store, ctr_init_vector=ENCR_CTR_IV) out_image_file_name = image_file_name.replace('_unsigned.bin', '_encr_keystore.bin') write_image(data_dir, out_image_file_name, mbi.export())
def _compare_image(mbi: MasterBootImage, data_dir: str, expected_mbi_filename: str) -> bool: """Compare generated image with expected image :param mbi: master boot image instance configured to generate image data :param expected_mbi_filename: file name of expected image :return: True if data are same; False otherwise """ generated_image = mbi.export() with open(os.path.join(data_dir, expected_mbi_filename), "rb") as f: expected_data = f.read() if generated_image != expected_data: with open(os.path.join(data_dir, expected_mbi_filename + ".created"), "wb") as f: f.write(generated_image) return False assert mbi.export() == expected_data # check additional call still generates the same data return True
def test_encrypted_random_ctr_single_certificate_no_tz(data_dir): """Test encrypted image with random counter init vector""" with open(os.path.join(data_dir, 'testfffffff.bin'), "rb") as f: org_data = f.read() user_key = 'E39FD7AB61AE6DDDA37158A0FC3008C6D61100A03C7516EA1BE55A39F546BAD5' key_store = KeyStore(KeySourceType.KEYSTORE, None) cert_block = certificate_block(data_dir, ['selfsign_2048_v3.der.crt']) priv_key_pem_data = _load_private_key(data_dir, 'selfsign_privatekey_rsa2048.pem') mbi = MasterBootImage(app=org_data, image_type=MasterBootImageType.ENCRYPTED_RAM_IMAGE, load_addr=0x12345678, trust_zone=TrustZone.disabled(), cert_block=cert_block, priv_key_pem_data=priv_key_pem_data, hmac_key=user_key, key_store=key_store) assert mbi.export() assert mbi.info()
def test_xip_crc(data_dir: str, image_file_name: str) -> None: """ Create image with CRC :param data_dir: absolute path with data files :param image_file_name: name of the input image file (including extension) """ assert image_file_name.endswith('_unsigned.bin') path = os.path.join(data_dir, INPUT_IMAGES_SUBDIR, image_file_name) unsigned_image = load_binary(path) mbi = MasterBootImage(app=unsigned_image, load_addr=0x8001000, image_type=MasterBootImageType.CRC_XIP_IMAGE) out_image_file_name = image_file_name.replace('_unsigned.bin', '_crc.bin') write_image(data_dir, out_image_file_name, mbi.export())
def test_ram_crc(data_dir: str, image_file_name: str, ram_addr: int) -> None: """ Create image with CRC :param data_dir: absolute path with data files :param image_file_name: name of the input image file (including extension) :param ram_addr: address in RAM, where the image should be located """ assert image_file_name.endswith('_unsigned.bin') path = os.path.join(data_dir, INPUT_IMAGES_SUBDIR, image_file_name) unsigned_image = load_binary(path) mbi = MasterBootImage(app=unsigned_image, load_addr=ram_addr, image_type=MasterBootImageType.CRC_RAM_IMAGE) out_image_file_name = image_file_name.replace('_unsigned.bin', '_crc.bin') write_image(data_dir, out_image_file_name, mbi.export())
def test_xip_signed(data_dir: str, image_file_name: str) -> None: """Create signed XIP image :param data_dir: absolute path with data files :param image_file_name: name of the input image file (including extension) """ # read unsigned image (must be built without boot header) path = os.path.join(data_dir, INPUT_IMAGES_SUBDIR, image_file_name) unsigned_img = load_binary(path) cert_block, priv_key_pem_data = create_cert_block(data_dir) mbi = MasterBootImage(app=unsigned_img, image_type=MasterBootImageType.SIGNED_XIP_IMAGE, load_addr=0x8001000, cert_block=cert_block, priv_key_pem_data=priv_key_pem_data) out_image_file_name = image_file_name.replace('_unsigned.bin', '_signed.bin') write_image(data_dir, out_image_file_name, mbi.export())