2019-08-23 12:37:55 +08:00
|
|
|
from __future__ import print_function
|
2021-01-26 10:49:01 +08:00
|
|
|
|
2020-09-17 00:06:54 +02:00
|
|
|
import binascii
|
|
|
|
import os
|
|
|
|
import sys
|
2021-01-26 10:49:01 +08:00
|
|
|
from collections import namedtuple
|
|
|
|
from io import BytesIO
|
2020-09-17 00:06:54 +02:00
|
|
|
|
2019-11-27 11:58:07 +08:00
|
|
|
import ttfw_idf
|
2021-01-26 10:49:01 +08:00
|
|
|
|
2020-09-17 00:06:54 +02:00
|
|
|
try:
|
|
|
|
import espsecure
|
|
|
|
except ImportError:
|
2021-01-26 10:49:01 +08:00
|
|
|
idf_path = os.getenv('IDF_PATH')
|
2020-09-17 00:06:54 +02:00
|
|
|
if not idf_path or not os.path.exists(idf_path):
|
|
|
|
raise
|
2021-01-26 10:49:01 +08:00
|
|
|
sys.path.insert(0, os.path.join(idf_path, 'components', 'esptool_py', 'esptool'))
|
2020-09-17 00:06:54 +02:00
|
|
|
import espsecure
|
2019-08-23 12:37:55 +08:00
|
|
|
|
|
|
|
|
|
|
|
# To prepare a test runner for this example:
|
|
|
|
# 1. Generate zero flash encryption key:
|
|
|
|
# dd if=/dev/zero of=key.bin bs=1 count=32
|
|
|
|
# 2.Burn Efuses:
|
|
|
|
# espefuse.py --do-not-confirm -p $ESPPORT burn_efuse FLASH_CRYPT_CONFIG 0xf
|
|
|
|
# espefuse.py --do-not-confirm -p $ESPPORT burn_efuse FLASH_CRYPT_CNT 0x1
|
|
|
|
# espefuse.py --do-not-confirm -p $ESPPORT burn_key flash_encryption key.bin
|
2019-11-27 11:58:07 +08:00
|
|
|
@ttfw_idf.idf_example_test(env_tag='Example_Flash_Encryption')
|
2019-08-23 12:37:55 +08:00
|
|
|
def test_examples_security_flash_encryption(env, extra_data):
|
2019-11-27 11:58:07 +08:00
|
|
|
dut = env.get_dut('flash_encryption', 'examples/security/flash_encryption', dut_class=ttfw_idf.ESP32DUT)
|
2019-08-23 12:37:55 +08:00
|
|
|
# start test
|
|
|
|
dut.start_app()
|
2020-09-17 00:06:54 +02:00
|
|
|
|
|
|
|
# calculate the expected ciphertext
|
2021-01-26 10:49:01 +08:00
|
|
|
flash_addr = dut.app.partition_table['storage']['offset']
|
2020-09-17 00:06:54 +02:00
|
|
|
plain_hex_str = '00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f'
|
|
|
|
plain_data = binascii.unhexlify(plain_hex_str.replace(' ', ''))
|
|
|
|
|
|
|
|
# Emulate espsecure encrypt_flash_data command
|
2021-01-15 09:04:59 +01:00
|
|
|
EncryptFlashDataArgs = namedtuple('EncryptFlashDataArgs', ['output', 'plaintext_file', 'address', 'keyfile', 'flash_crypt_conf', 'aes_xts'])
|
|
|
|
args = EncryptFlashDataArgs(BytesIO(), BytesIO(plain_data), flash_addr, BytesIO(b'\x00' * 32), 0xF, None)
|
2020-09-17 00:06:54 +02:00
|
|
|
espsecure.encrypt_flash_data(args)
|
|
|
|
|
|
|
|
expected_ciphertext = args.output.getvalue()
|
|
|
|
hex_ciphertext = binascii.hexlify(expected_ciphertext).decode('ascii')
|
|
|
|
expected_str = (' '.join(hex_ciphertext[i:i + 2] for i in range(0, 16, 2)) + ' ' +
|
|
|
|
' '.join(hex_ciphertext[i:i + 2] for i in range(16, 32, 2)))
|
|
|
|
|
2019-08-23 12:37:55 +08:00
|
|
|
lines = [
|
|
|
|
'FLASH_CRYPT_CNT eFuse value is 1',
|
|
|
|
'Flash encryption feature is enabled in DEVELOPMENT mode',
|
|
|
|
'with esp_partition_write',
|
2020-09-17 00:06:54 +02:00
|
|
|
plain_hex_str,
|
2019-08-23 12:37:55 +08:00
|
|
|
'with esp_partition_read',
|
2020-09-17 00:06:54 +02:00
|
|
|
plain_hex_str,
|
2019-08-23 12:37:55 +08:00
|
|
|
'with spi_flash_read',
|
2020-12-15 08:31:39 +05:30
|
|
|
expected_str,
|
|
|
|
# The status of NVS encryption for the "nvs" partition
|
|
|
|
'NVS partition "nvs" is encrypted.'
|
2019-08-23 12:37:55 +08:00
|
|
|
]
|
|
|
|
for line in lines:
|
|
|
|
dut.expect(line, timeout=2)
|
|
|
|
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
test_examples_security_flash_encryption()
|