Пример #1
0
def srk_table4(cpu_params: CpuParams) -> SrkTable:
    """Create SRK table with four root SRK keys

    :param cpu_params: processor specific parameters of the test
    :return: SrkTable instance
    """
    result = SrkTable()
    for cert_prefix in ['SRK1', 'SRK2', 'SRK3', 'SRK4']:
        cert_data = load_binary(cpu_params.cert_data_dir, cert_prefix + '_sha256_2048_65537_v3_ca_crt.pem')
        certificate = x509.load_pem_x509_certificate(cert_data, default_backend())
        result.append(SrkItem.from_certificate(certificate))
    return result
Пример #2
0
def test_srk_table_single_cert(srk_pem):
    """Smoke test that SrkTable with single certificate works"""
    srk_table = SrkTable(version=0x40)
    cert = x509.load_pem_x509_certificate(srk_pem[0], default_backend())
    srk_table.append(SrkItem.from_certificate(cert))

    # test export() returns any result
    assert srk_table.export()
    # test export_fuses() returns valid length
    assert len(srk_table.export_fuses()) == 32
    # test get_fuse() returns valid value
    for fuse_index in range(8):
        assert srk_table.get_fuse(fuse_index) >= 0
    with pytest.raises(AssertionError):
        srk_table.get_fuse(8)
    # test info() returns non-empty text
    assert srk_table.info()  # test export returns any result
Пример #3
0
def test_rsa_srk_table_parser(data_dir):
    with open(os.path.join(data_dir, "SRK_1_2_3_4_table.bin"), "rb") as f:
        srk_table = SrkTable.parse(f.read())

    assert len(srk_table) == 4
    assert srk_table.size == 2112

    with open(os.path.join(data_dir, "SRK_1_2_3_4_fuse.bin"), "rb") as f:
        srk_fuses = f.read()

    assert srk_table.export_fuses() == srk_fuses
Пример #4
0
def test_hashed_srk_table_parser(data_dir):
    with open(os.path.join(data_dir, 'SRK_1_2_H3_H4_table.bin'), 'rb') as f:
        srk_table = SrkTable.parse(f.read())

    assert len(srk_table) == 4
    assert srk_table.size == 1130

    with open(os.path.join(data_dir, 'SRK_1_2_3_4_fuse.bin'), 'rb') as f:
        srk_fuses = f.read()

    assert srk_table.export_fuses() == srk_fuses
Пример #5
0
def test_prime256v1_srk_table_parser(data_dir):
    "EC keys are not yet supported"
    with open(os.path.join(data_dir, 'SRK_prime256v1_table.bin'), 'rb') as f:
        srk_table = SrkTable.parse(f.read())

    assert len(srk_table) == 4
    assert srk_table.size == 308

    with open(os.path.join(data_dir, 'SRK_prime256v1_fuse.bin'), 'rb') as f:
        srk_fuses = f.read()

    assert srk_table.export_fuses() == srk_fuses
Пример #6
0
def verify_srk_fuses(mboot: McuBoot, srk_table: SrkTable) -> bool:
    """Verify fuses in the processor

    :param mboot: result of `init_flashloader()`
    :param srk_table: Table of SRK root keys used to provide fuses value
    :return: True if matches, False if does not match
    """
    assert mboot.get_property(PropertyTag.CURRENT_VERSION)
    for index, srk_index in enumerate(SRK_FUSES_INDEX):
        val = mboot.efuse_read_once(srk_index)
        exp_val = srk_table.get_fuse(index)
        if val != exp_val:
            return False
    return True
Пример #7
0
def burn_srk_fuses(mboot: McuBoot, srk_table: SrkTable, enable_and_close_hab: bool) -> None:
    """Program SRK fuses into the processor; Not tested on hardware

    :param mboot: result of `init_flashloader()`
    :param srk_table: Table of SRK root keys used to provide fuses value
    :param enable_and_close_hab: optional parameter to enable and close HAB
    """
    assert mboot.get_property(PropertyTag.CURRENT_VERSION)
    for index, srk_index in enumerate(SRK_FUSES_INDEX):
        mboot.efuse_program_once(srk_index, srk_table.get_fuse(index))

    if enable_and_close_hab:
        # enable and close HAB
        mboot.efuse_program_once(ENABLE_HAB_FUSE_INDEX, ENABLE_HAB_FUSE_MASK)
Пример #8
0
def test_srk_table_export(data_dir, srk_pem):
    srk_table = SrkTable(version=0x40)

    for pem_data in srk_pem:
        cert = x509.load_pem_x509_certificate(pem_data, default_backend())
        srk_table.append(SrkItem.from_certificate(cert))

    with open(os.path.join(data_dir, 'SRK_1_2_3_4_table.bin'), 'rb') as f:
        srk_table_data = f.read()

    assert srk_table.export() == srk_table_data
    assert srk_table == SrkTable.parse(srk_table_data)
Пример #9
0
def main() -> None:
    """Main function."""
    cert_files = [f for f in os.listdir(DATA_DIR) if f.endswith(".pem")]
    if not cert_files:
        print(f'Add generated *.pem files into "{DATA_DIR}" directory')
        sys.exit()

    # Create SRK Table instance
    srk_table = SrkTable(version=0x40)

    for cert_file in cert_files:
        with open(f"{DATA_DIR}/{cert_file}", "rb") as f:
            certificate = x509.load_pem_x509_certificate(
                f.read(), default_backend())
            srk_item = SrkItem.from_certificate(certificate)
            srk_table.append(srk_item)

    with open(f"{DATA_DIR}/srk_fuses.bin", "wb") as f:
        f.write(srk_table.export_fuses())

    with open(f"{DATA_DIR}/srk_table.bin", "wb") as f:
        f.write(srk_table.export())
Пример #10
0
def test_srk_table_cert_hashing(data_dir, srk_pem):
    """Recreate SRK_1_2_H3_H4 table from certificates"""
    srk_table = SrkTable(version=0x40)
    srk_table.append(
        SrkItem.from_certificate(
            x509.load_pem_x509_certificate(srk_pem[0], default_backend())))
    srk_table.append(
        SrkItem.from_certificate(
            x509.load_pem_x509_certificate(srk_pem[1], default_backend())))
    srk_table.append(
        SrkItem.from_certificate(
            x509.load_pem_x509_certificate(srk_pem[2],
                                           default_backend())).hashed_entry())
    srk_table.append(
        SrkItem.from_certificate(
            x509.load_pem_x509_certificate(srk_pem[3],
                                           default_backend())).hashed_entry())
    assert srk_table.export()
    assert len(srk_table.export_fuses()) == 32
    assert srk_table.info()  # test export returns any result

    with open(os.path.join(data_dir, 'SRK_1_2_H3_H4_table.bin'), 'rb') as f:
        preimaged_srk_table_data = f.read()
    assert srk_table.export() == preimaged_srk_table_data
    assert srk_table == SrkTable.parse(preimaged_srk_table_data)

    with open(os.path.join(data_dir, 'SRK_1_2_3_4_fuse.bin'), 'rb') as f:
        srk_fuses = f.read()
    assert srk_table.export_fuses() == srk_fuses
Пример #11
0
def test_srk_table_item_not_eq():
    srk_table = SrkTable(version=0x40)
    srk = SrkItemRSA(modulus=bytes(2048), exponent=bytes(4))
    assert srk != srk_table
Пример #12
0
def test_srk_table_invalid_fuse():
    srk_table = SrkTable(version=0x40)
    with pytest.raises(SPSDKError, match="Incorrect index of the fuse"):
        srk_table.get_fuse(index=9)