mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
nvs_util: Add support for creation of unique encryption keys
This commit is contained in:
parent
1db51e18b9
commit
cd8c42600c
@ -12,7 +12,7 @@ Prerequisites
|
|||||||
To use this utility in encryption mode, the following packages need to be installed:
|
To use this utility in encryption mode, the following packages need to be installed:
|
||||||
- cryptography package
|
- cryptography package
|
||||||
|
|
||||||
This dependency is already captured by including these packages in `requirement.txt` in top level IDF directory.
|
These dependencies is already captured by including these packages in `requirement.txt` in top level IDF directory.
|
||||||
|
|
||||||
CSV file format
|
CSV file format
|
||||||
---------------
|
---------------
|
||||||
@ -44,7 +44,7 @@ Below is an example dump of such CSV file::
|
|||||||
key1,data,u8,1
|
key1,data,u8,1
|
||||||
key2,file,string,/path/to/file
|
key2,file,string,/path/to/file
|
||||||
|
|
||||||
.. note:: Make sure there are no spaces before and after ',' in CSV file.
|
.. note:: Make sure there are no spaces before and after ',' or at the end of each line in CSV file.
|
||||||
|
|
||||||
NVS Entry and Namespace association
|
NVS Entry and Namespace association
|
||||||
-----------------------------------
|
-----------------------------------
|
||||||
@ -71,7 +71,7 @@ Running the utility
|
|||||||
python nvs_partition_gen.py [-h] [--input INPUT] [--output OUTPUT]
|
python nvs_partition_gen.py [-h] [--input INPUT] [--output OUTPUT]
|
||||||
[--size SIZE] [--version {v1,v2}]
|
[--size SIZE] [--version {v1,v2}]
|
||||||
[--keygen {true,false}] [--encrypt {true,false}]
|
[--keygen {true,false}] [--encrypt {true,false}]
|
||||||
[--keyfile KEYFILE]
|
[--keyfile KEYFILE] [--outdir OUTDIR]
|
||||||
|
|
||||||
|
|
||||||
+------------------------+----------------------------------------------------------------------------------------------+
|
+------------------------+----------------------------------------------------------------------------------------------+
|
||||||
@ -85,15 +85,14 @@ Running the utility
|
|||||||
+------------------------+----------------------------------------------------------------------------------------------+
|
+------------------------+----------------------------------------------------------------------------------------------+
|
||||||
| --version {v1,v2} | Set version. Default: v2 |
|
| --version {v1,v2} | Set version. Default: v2 |
|
||||||
+------------------------+----------------------------------------------------------------------------------------------+
|
+------------------------+----------------------------------------------------------------------------------------------+
|
||||||
| --keygen {true,false} | Generate keys for encryption. Creates an `encryption_keys.bin` file (in current directory). |
|
| --keygen {true,false} | Generate keys for encryption. |
|
||||||
| | Default: false |
|
|
||||||
+------------------------+----------------------------------------------------------------------------------------------+
|
+------------------------+----------------------------------------------------------------------------------------------+
|
||||||
| --encrypt {true,false} | Set encryption mode. Default: false |
|
| --encrypt {true,false} | Set encryption mode. Default: false |
|
||||||
+------------------------+----------------------------------------------------------------------------------------------+
|
+------------------------+----------------------------------------------------------------------------------------------+
|
||||||
| --keyfile KEYFILE | File having key for encryption (Applicable only if encryption mode is true) |
|
| --keyfile KEYFILE | File having key for encryption (Applicable only if encryption mode is true) |
|
||||||
+------------------------+----------------------------------------------------------------------------------------------+
|
+------------------------+----------------------------------------------------------------------------------------------+
|
||||||
|
| --outdir OUTDIR | The output directory to store the files created (Default: current directory) |
|
||||||
|
+------------------------+----------------------------------------------------------------------------------------------+
|
||||||
|
|
||||||
You can run this utility in two modes:
|
You can run this utility in two modes:
|
||||||
- Default mode - Binary generated in this mode is an unencrypted binary file.
|
- Default mode - Binary generated in this mode is an unencrypted binary file.
|
||||||
@ -108,7 +107,7 @@ You can run this utility in two modes:
|
|||||||
python nvs_partition_gen.py [-h] --input INPUT --output OUTPUT
|
python nvs_partition_gen.py [-h] --input INPUT --output OUTPUT
|
||||||
--size SIZE [--version {v1,v2}]
|
--size SIZE [--version {v1,v2}]
|
||||||
[--keygen {true,false}] [--encrypt {true,false}]
|
[--keygen {true,false}] [--encrypt {true,false}]
|
||||||
[--keyfile KEYFILE]
|
[--keyfile KEYFILE] [--outdir OUTDIR]
|
||||||
|
|
||||||
You can run the utility using below command::
|
You can run the utility using below command::
|
||||||
|
|
||||||
@ -123,28 +122,34 @@ You can run the utility using below command::
|
|||||||
|
|
||||||
python nvs_partition_gen.py [-h] --input INPUT --output OUTPUT
|
python nvs_partition_gen.py [-h] --input INPUT --output OUTPUT
|
||||||
--size SIZE --encrypt {true,false}
|
--size SIZE --encrypt {true,false}
|
||||||
--keygen {true,false} | --keyfile KEYFILE
|
--keygen {true,false} --keyfile KEYFILE
|
||||||
[--version {v1,v2}]
|
[--version {v1,v2}] [--outdir OUTDIR]
|
||||||
|
|
||||||
|
|
||||||
You can run the utility using below commands:
|
You can run the utility using below commands:
|
||||||
|
|
||||||
- By taking encryption keys as an input file. A sample encryption keys binary file is provided with the utility::
|
|
||||||
|
|
||||||
python nvs_partition_gen.py --input sample.csv --output sample_encrypted.bin --size 0x3000 --encrypt true --keyfile testdata/sample_encryption_keys.bin
|
|
||||||
|
|
||||||
- By enabling generation of encryption keys::
|
- By enabling generation of encryption keys::
|
||||||
|
|
||||||
python nvs_partition_gen.py --input sample.csv --output sample_encrypted.bin --size 0x3000 --encrypt true --keygen true
|
python nvs_partition_gen.py --input sample.csv --output sample_encrypted.bin --size 0x3000 --encrypt true --keygen true
|
||||||
|
|
||||||
|
- By taking encryption keys as an input file. A sample encryption keys binary file is provided with the utility::
|
||||||
|
|
||||||
|
python nvs_partition_gen.py --input sample.csv --output sample_encrypted.bin --size 0x3000 --encrypt true --keyfile testdata/sample_encryption_keys.bin
|
||||||
|
|
||||||
|
- By enabling generation of encryption keys and storing the keys in custom filename::
|
||||||
|
|
||||||
|
python nvs_partition_gen.py --input sample.csv --output sample_encrypted.bin --size 0x3000 --encrypt true --keygen true --keyfile encryption_keys_generated.bin
|
||||||
|
|
||||||
|
.. note:: If `--keygen` is given with `--keyfile` argument, generated keys will be stored in `--keyfile` file. If `--keygen` argument is absent, `--keyfile` is taken as input file having key for encryption.
|
||||||
|
|
||||||
|
|
||||||
*To generate* **only** *encryption keys with this utility* ( Creates an `encryption_keys.bin` file in current directory ): ::
|
*To generate* **only** *encryption keys with this utility*::
|
||||||
|
|
||||||
python nvs_partition_gen.py --keygen true
|
python nvs_partition_gen.py --keygen true
|
||||||
|
|
||||||
.. note:: This `encryption_keys.bin` file is compatible with NVS key-partition structure. Refer to :ref:`nvs_key_partition` for more details.
|
This creates an `encryption_keys_<timestamp>.bin` file.
|
||||||
|
|
||||||
|
.. note:: This newly created file having encryption keys in `keys/` directory is compatible with NVS key-partition structure. Refer to :ref:`nvs_key_partition` for more details.
|
||||||
|
|
||||||
|
|
||||||
You can also provide the format version number (in any of the two modes):
|
You can also provide the format version number (in any of the two modes):
|
||||||
@ -179,3 +184,4 @@ Caveats
|
|||||||
- Utility doesn't check for duplicate keys and will write data pertaining to both keys. User needs to make sure keys are distinct.
|
- Utility doesn't check for duplicate keys and will write data pertaining to both keys. User needs to make sure keys are distinct.
|
||||||
- Once a new page is created, no data will be written in the space left in previous page. Fields in the CSV file need to be ordered in such a way so as to optimize memory.
|
- Once a new page is created, no data will be written in the space left in previous page. Fields in the CSV file need to be ordered in such a way so as to optimize memory.
|
||||||
- 64-bit datatype is not yet supported.
|
- 64-bit datatype is not yet supported.
|
||||||
|
|
||||||
|
@ -31,8 +31,16 @@ import array
|
|||||||
import csv
|
import csv
|
||||||
import zlib
|
import zlib
|
||||||
import codecs
|
import codecs
|
||||||
|
import datetime
|
||||||
|
import distutils.dir_util
|
||||||
|
try:
|
||||||
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
|
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
|
||||||
from cryptography.hazmat.backends import default_backend
|
from cryptography.hazmat.backends import default_backend
|
||||||
|
except ImportError:
|
||||||
|
print('The cryptography package is not installed.'
|
||||||
|
'Please refer to the Get Started section of the ESP-IDF Programming Guide for '
|
||||||
|
'setting up the required packages.')
|
||||||
|
raise
|
||||||
|
|
||||||
VERSION1_PRINT = "v1 - Multipage Blob Support Disabled"
|
VERSION1_PRINT = "v1 - Multipage Blob Support Disabled"
|
||||||
VERSION2_PRINT = "v2 - Multipage Blob Support Enabled"
|
VERSION2_PRINT = "v2 - Multipage Blob Support Enabled"
|
||||||
@ -615,7 +623,7 @@ def write_entry(nvs_instance, key, datatype, encoding, value):
|
|||||||
if datatype == "file":
|
if datatype == "file":
|
||||||
abs_file_path = value
|
abs_file_path = value
|
||||||
if os.path.isabs(value) is False:
|
if os.path.isabs(value) is False:
|
||||||
script_dir = os.path.dirname(__file__)
|
script_dir = os.getcwd()
|
||||||
abs_file_path = os.path.join(script_dir, value)
|
abs_file_path = os.path.join(script_dir, value)
|
||||||
|
|
||||||
with open(abs_file_path, 'rb') as f:
|
with open(abs_file_path, 'rb') as f:
|
||||||
@ -637,7 +645,8 @@ def nvs_close(nvs_instance):
|
|||||||
|
|
||||||
|
|
||||||
def check_input_args(input_filename=None, output_filename=None, input_part_size=None, is_key_gen=None,
|
def check_input_args(input_filename=None, output_filename=None, input_part_size=None, is_key_gen=None,
|
||||||
encrypt_mode=None, key_file=None, version_no=None, print_arg_str=None, print_encrypt_arg_str=None):
|
encrypt_mode=None, key_file=None, version_no=None, print_arg_str=None, print_encrypt_arg_str=None,
|
||||||
|
output_dir=None):
|
||||||
|
|
||||||
global version, is_encrypt_data, input_size, key_gen
|
global version, is_encrypt_data, input_size, key_gen
|
||||||
|
|
||||||
@ -646,6 +655,12 @@ def check_input_args(input_filename=None, output_filename=None, input_part_size=
|
|||||||
key_gen = is_key_gen
|
key_gen = is_key_gen
|
||||||
input_size = input_part_size
|
input_size = input_part_size
|
||||||
|
|
||||||
|
if not output_dir == os.getcwd() and (key_file and os.path.isabs(key_file)):
|
||||||
|
sys.exit("Error. Cannot provide --outdir argument as --keyfile is absolute path.")
|
||||||
|
|
||||||
|
if not os.path.isdir(output_dir):
|
||||||
|
distutils.dir_util.mkpath(output_dir)
|
||||||
|
|
||||||
if is_encrypt_data.lower() == 'true':
|
if is_encrypt_data.lower() == 'true':
|
||||||
is_encrypt_data = True
|
is_encrypt_data = True
|
||||||
elif is_encrypt_data.lower() == 'false':
|
elif is_encrypt_data.lower() == 'false':
|
||||||
@ -668,19 +683,26 @@ def check_input_args(input_filename=None, output_filename=None, input_part_size=
|
|||||||
elif any(arg is not None for arg in [input_filename, output_filename, input_size]):
|
elif any(arg is not None for arg in [input_filename, output_filename, input_size]):
|
||||||
sys.exit(print_arg_str)
|
sys.exit(print_arg_str)
|
||||||
else:
|
else:
|
||||||
if not input_size:
|
if not (input_filename and output_filename and input_size):
|
||||||
if not all(arg is not None for arg in [input_filename, output_filename]):
|
|
||||||
sys.exit(print_arg_str)
|
sys.exit(print_arg_str)
|
||||||
|
|
||||||
if is_encrypt_data and not key_gen and not key_file:
|
if is_encrypt_data and not key_gen and not key_file:
|
||||||
sys.exit(print_encrypt_arg_str)
|
sys.exit(print_encrypt_arg_str)
|
||||||
|
|
||||||
if is_encrypt_data and key_gen and key_file:
|
|
||||||
sys.exit(print_encrypt_arg_str)
|
|
||||||
|
|
||||||
if not is_encrypt_data and key_file:
|
if not is_encrypt_data and key_file:
|
||||||
sys.exit("Invalid. Cannot give --keyfile as --encrypt is set to false.")
|
sys.exit("Invalid. Cannot give --keyfile as --encrypt is set to false.")
|
||||||
|
|
||||||
|
if key_file:
|
||||||
|
key_file_name, key_file_ext = os.path.splitext(key_file)
|
||||||
|
if key_file_ext:
|
||||||
|
if not key_file_ext == '.bin':
|
||||||
|
sys.exit("--keyfile argument can be a filename with no extension or .bin extension only")
|
||||||
|
|
||||||
|
# If only one of the arguments - input_filename, output_filename, input_size is given
|
||||||
|
if ((any(arg is None for arg in [input_filename, output_filename, input_size])) is True) and \
|
||||||
|
((all(arg is None for arg in [input_filename, output_filename, input_size])) is False):
|
||||||
|
sys.exit(print_arg_str)
|
||||||
|
|
||||||
if input_size:
|
if input_size:
|
||||||
# Set size
|
# Set size
|
||||||
input_size = int(input_size, 0)
|
input_size = int(input_size, 0)
|
||||||
@ -695,7 +717,8 @@ def check_input_args(input_filename=None, output_filename=None, input_part_size=
|
|||||||
sys.exit("Minimum NVS partition size needed is 0x3000 bytes.")
|
sys.exit("Minimum NVS partition size needed is 0x3000 bytes.")
|
||||||
|
|
||||||
|
|
||||||
def nvs_part_gen(input_filename=None, output_filename=None, input_part_size=None, is_key_gen=None, encrypt_mode=None, key_file=None, version_no=None):
|
def nvs_part_gen(input_filename=None, output_filename=None, input_part_size=None, is_key_gen=None, encrypt_mode=None,
|
||||||
|
key_file=None, encr_key_prefix=None, version_no=None, output_dir=None):
|
||||||
""" Wrapper to generate nvs partition binary
|
""" Wrapper to generate nvs partition binary
|
||||||
|
|
||||||
:param input_filename: Name of input file containing data
|
:param input_filename: Name of input file containing data
|
||||||
@ -709,6 +732,9 @@ def nvs_part_gen(input_filename=None, output_filename=None, input_part_size=None
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
global key_input, key_len_needed
|
global key_input, key_len_needed
|
||||||
|
encr_key_bin_file = None
|
||||||
|
encr_keys_dir = None
|
||||||
|
backslash = ['/','\\']
|
||||||
|
|
||||||
key_len_needed = 64
|
key_len_needed = 64
|
||||||
key_input = bytearray()
|
key_input = bytearray()
|
||||||
@ -720,6 +746,8 @@ def nvs_part_gen(input_filename=None, output_filename=None, input_part_size=None
|
|||||||
key_input = key_f.read(64)
|
key_input = key_f.read(64)
|
||||||
|
|
||||||
if all(arg is not None for arg in [input_filename, output_filename, input_size]):
|
if all(arg is not None for arg in [input_filename, output_filename, input_size]):
|
||||||
|
if not os.path.isabs(output_filename) and not any(ch in output_filename for ch in backslash):
|
||||||
|
output_filename = os.path.join(output_dir, '') + output_filename
|
||||||
input_file = open(input_filename, 'rt', encoding='utf8')
|
input_file = open(input_filename, 'rt', encoding='utf8')
|
||||||
output_file = open(output_filename, 'wb')
|
output_file = open(output_filename, 'wb')
|
||||||
|
|
||||||
@ -737,6 +765,8 @@ def nvs_part_gen(input_filename=None, output_filename=None, input_part_size=None
|
|||||||
input_file.close()
|
input_file.close()
|
||||||
output_file.close()
|
output_file.close()
|
||||||
|
|
||||||
|
print("NVS binary created: " + output_filename)
|
||||||
|
|
||||||
if key_gen:
|
if key_gen:
|
||||||
keys_page_buf = bytearray(b'\xff') * Page.PAGE_PARAMS["max_size"]
|
keys_page_buf = bytearray(b'\xff') * Page.PAGE_PARAMS["max_size"]
|
||||||
key_bytes = bytearray()
|
key_bytes = bytearray()
|
||||||
@ -750,57 +780,87 @@ def nvs_part_gen(input_filename=None, output_filename=None, input_part_size=None
|
|||||||
crc_data = bytes(crc_data)
|
crc_data = bytes(crc_data)
|
||||||
crc = zlib.crc32(crc_data, 0xFFFFFFFF)
|
crc = zlib.crc32(crc_data, 0xFFFFFFFF)
|
||||||
struct.pack_into('<I', keys_page_buf, key_len, crc & 0xFFFFFFFF)
|
struct.pack_into('<I', keys_page_buf, key_len, crc & 0xFFFFFFFF)
|
||||||
with open("encryption_keys.bin",'wb') as output_keys_file:
|
|
||||||
|
if not key_file or (key_file and not os.path.isabs(key_file)):
|
||||||
|
# Create encryption keys bin file with timestamp
|
||||||
|
if not encr_key_prefix:
|
||||||
|
timestamp = datetime.datetime.now().strftime('%m-%d_%H-%M')
|
||||||
|
output_dir = os.path.join(output_dir, '')
|
||||||
|
encr_keys_dir = output_dir + "keys"
|
||||||
|
if not os.path.isdir(encr_keys_dir):
|
||||||
|
distutils.dir_util.mkpath(encr_keys_dir)
|
||||||
|
|
||||||
|
# Add backslash to `keys` dir if it is not present
|
||||||
|
encr_keys_dir = os.path.join(encr_keys_dir, '')
|
||||||
|
|
||||||
|
if key_file:
|
||||||
|
key_file_name, ext = os.path.splitext(key_file)
|
||||||
|
if ext:
|
||||||
|
if ".bin" not in ext:
|
||||||
|
sys.exit("Error: --keyfile must have .bin extension")
|
||||||
|
encr_key_bin_file = os.path.basename(key_file)
|
||||||
|
else:
|
||||||
|
encr_key_bin_file = key_file_name + ".bin"
|
||||||
|
if encr_keys_dir:
|
||||||
|
encr_key_bin_file = encr_keys_dir + encr_key_bin_file
|
||||||
|
else:
|
||||||
|
if encr_key_prefix:
|
||||||
|
encr_key_bin_file = encr_keys_dir + encr_key_prefix + "-keys" + ".bin"
|
||||||
|
else:
|
||||||
|
encr_key_bin_file = encr_keys_dir + "encryption_keys_" + timestamp + ".bin"
|
||||||
|
|
||||||
|
with open(encr_key_bin_file,'wb') as output_keys_file:
|
||||||
output_keys_file.write(keys_page_buf)
|
output_keys_file.write(keys_page_buf)
|
||||||
|
|
||||||
print("Binary created.")
|
print("Encryption keys binary created: " + encr_key_bin_file)
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
parser = argparse.ArgumentParser(description="ESP32 NVS partition generation utility")
|
parser = argparse.ArgumentParser(description="ESP32 NVS partition generation utility")
|
||||||
nvs_part_gen_group = parser.add_argument_group('To generate NVS partition')
|
nvs_part_gen_group = parser.add_argument_group('To generate NVS partition')
|
||||||
nvs_part_gen_group.add_argument(
|
nvs_part_gen_group.add_argument("--input",
|
||||||
"--input",
|
|
||||||
help="Path to CSV file to parse.",
|
help="Path to CSV file to parse.",
|
||||||
default=None)
|
default=None)
|
||||||
|
|
||||||
nvs_part_gen_group.add_argument(
|
nvs_part_gen_group.add_argument("--output",
|
||||||
"--output",
|
|
||||||
help='Path to output converted binary file.',
|
help='Path to output converted binary file.',
|
||||||
default=None)
|
default=None)
|
||||||
|
|
||||||
nvs_part_gen_group.add_argument(
|
nvs_part_gen_group.add_argument("--size",
|
||||||
"--size",
|
|
||||||
help='Size of NVS Partition in bytes (must be multiple of 4096)')
|
help='Size of NVS Partition in bytes (must be multiple of 4096)')
|
||||||
|
|
||||||
nvs_part_gen_group.add_argument(
|
nvs_part_gen_group.add_argument("--version",
|
||||||
"--version",
|
|
||||||
help='Set version. Default: v2',
|
help='Set version. Default: v2',
|
||||||
choices=['v1','v2'],
|
choices=['v1','v2'],
|
||||||
default='v2',
|
default='v2',
|
||||||
type=str.lower)
|
type=str.lower)
|
||||||
|
|
||||||
keygen_action = nvs_part_gen_group.add_argument(
|
keygen_action_key = nvs_part_gen_group.add_argument("--keygen",
|
||||||
"--keygen",
|
help='Generate keys for encryption.',
|
||||||
help='Generate keys for encryption. Creates an `encryption_keys.bin` file. Default: false',
|
|
||||||
choices=['true','false'],
|
choices=['true','false'],
|
||||||
default='false',
|
default='false',
|
||||||
type=str.lower)
|
type=str.lower)
|
||||||
|
|
||||||
nvs_part_gen_group.add_argument(
|
nvs_part_gen_group.add_argument("--encrypt",
|
||||||
"--encrypt",
|
|
||||||
help='Set encryption mode. Default: false',
|
help='Set encryption mode. Default: false',
|
||||||
choices=['true','false'],
|
choices=['true','false'],
|
||||||
default='false',
|
default='false',
|
||||||
type=str.lower)
|
type=str.lower)
|
||||||
|
|
||||||
nvs_part_gen_group.add_argument(
|
keygen_action_file = nvs_part_gen_group.add_argument("--keyfile",
|
||||||
"--keyfile",
|
help='File having key for encryption (Applicable only if encryption mode is true).',
|
||||||
help='File having key for encryption (Applicable only if encryption mode is true)',
|
|
||||||
default=None)
|
default=None)
|
||||||
|
|
||||||
|
keygen_action_dir = nvs_part_gen_group.add_argument('--outdir',
|
||||||
|
dest='outdir',
|
||||||
|
default=os.getcwd(),
|
||||||
|
help='the output directory to store the files created\
|
||||||
|
(Default: current directory)')
|
||||||
|
|
||||||
key_gen_group = parser.add_argument_group('To generate encryption keys')
|
key_gen_group = parser.add_argument_group('To generate encryption keys')
|
||||||
key_gen_group._group_actions.append(keygen_action)
|
key_gen_group._group_actions.append(keygen_action_key)
|
||||||
|
key_gen_group._group_actions.append(keygen_action_file)
|
||||||
|
key_gen_group._group_actions.append(keygen_action_dir)
|
||||||
|
|
||||||
args = parser.parse_args()
|
args = parser.parse_args()
|
||||||
input_filename = args.input
|
input_filename = args.input
|
||||||
@ -810,13 +870,17 @@ def main():
|
|||||||
is_key_gen = args.keygen
|
is_key_gen = args.keygen
|
||||||
is_encrypt_data = args.encrypt
|
is_encrypt_data = args.encrypt
|
||||||
key_file = args.keyfile
|
key_file = args.keyfile
|
||||||
|
output_dir_path = args.outdir
|
||||||
|
encr_keys_prefix = None
|
||||||
|
|
||||||
print_arg_str = "Invalid.\nTo generate nvs partition binary --input, --output and --size arguments are mandatory.\n \
|
print_arg_str = "Invalid.\nTo generate nvs partition binary --input, --output and --size arguments are mandatory.\
|
||||||
To generate encryption keys --keygen argument is mandatory."
|
\nTo generate encryption keys --keygen argument is mandatory."
|
||||||
print_encrypt_arg_str = "Missing parameter. Enter --keyfile or --keygen."
|
print_encrypt_arg_str = "Missing parameter. Enter --keyfile or --keygen."
|
||||||
|
|
||||||
check_input_args(input_filename,output_filename, part_size, is_key_gen, is_encrypt_data, key_file, version_no, print_arg_str, print_encrypt_arg_str)
|
check_input_args(input_filename,output_filename, part_size, is_key_gen, is_encrypt_data, key_file, version_no,
|
||||||
nvs_part_gen(input_filename, output_filename, part_size, is_key_gen, is_encrypt_data, key_file, version_no)
|
print_arg_str, print_encrypt_arg_str, output_dir_path)
|
||||||
|
nvs_part_gen(input_filename, output_filename, part_size, is_key_gen, is_encrypt_data, key_file,
|
||||||
|
encr_keys_prefix, version_no, output_dir_path)
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
|
@ -61,5 +61,10 @@ clean:
|
|||||||
rm -f $(COVERAGE_FILES) *.gcov
|
rm -f $(COVERAGE_FILES) *.gcov
|
||||||
rm -rf coverage_report/
|
rm -rf coverage_report/
|
||||||
rm -f coverage.info
|
rm -f coverage.info
|
||||||
|
rm ../nvs_partition_generator/partition_single_page.bin
|
||||||
|
rm ../nvs_partition_generator/partition_multipage_blob.bin
|
||||||
|
rm ../nvs_partition_generator/partition_encrypted.bin
|
||||||
|
rm ../nvs_partition_generator/partition_encrypted_using_keygen.bin
|
||||||
|
rm ../nvs_partition_generator/partition_encrypted_using_keyfile.bin
|
||||||
|
|
||||||
.PHONY: clean all test long-test
|
.PHONY: clean all test long-test
|
||||||
|
@ -21,8 +21,10 @@
|
|||||||
#include <sstream>
|
#include <sstream>
|
||||||
#include <iostream>
|
#include <iostream>
|
||||||
#include <fstream>
|
#include <fstream>
|
||||||
|
#include <dirent.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
#include <sys/wait.h>
|
#include <sys/wait.h>
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
#define TEST_ESP_ERR(rc, res) CHECK((rc) == (res))
|
#define TEST_ESP_ERR(rc, res) CHECK((rc) == (res))
|
||||||
#define TEST_ESP_OK(rc) CHECK((rc) == ESP_OK)
|
#define TEST_ESP_OK(rc) CHECK((rc) == ESP_OK)
|
||||||
@ -2125,7 +2127,20 @@ static void check_nvs_part_gen_args(char const *part_name, int size, char const
|
|||||||
|
|
||||||
TEST_CASE("check and read data from partition generated via partition generation utility with multipage blob support disabled", "[nvs_part_gen]")
|
TEST_CASE("check and read data from partition generated via partition generation utility with multipage blob support disabled", "[nvs_part_gen]")
|
||||||
{
|
{
|
||||||
|
int status;
|
||||||
int childpid = fork();
|
int childpid = fork();
|
||||||
|
if (childpid == 0) {
|
||||||
|
exit(execlp("cp", " cp",
|
||||||
|
"-rf",
|
||||||
|
"../nvs_partition_generator/testdata",
|
||||||
|
".",NULL));
|
||||||
|
} else {
|
||||||
|
CHECK(childpid > 0);
|
||||||
|
waitpid(childpid, &status, 0);
|
||||||
|
CHECK(WEXITSTATUS(status) != -1);
|
||||||
|
|
||||||
|
childpid = fork();
|
||||||
|
|
||||||
if (childpid == 0) {
|
if (childpid == 0) {
|
||||||
exit(execlp("python", "python",
|
exit(execlp("python", "python",
|
||||||
"../nvs_partition_generator/nvs_partition_gen.py",
|
"../nvs_partition_generator/nvs_partition_gen.py",
|
||||||
@ -2143,18 +2158,42 @@ TEST_CASE("check and read data from partition generated via partition generation
|
|||||||
waitpid(childpid, &status, 0);
|
waitpid(childpid, &status, 0);
|
||||||
CHECK(WEXITSTATUS(status) != -1);
|
CHECK(WEXITSTATUS(status) != -1);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
SpiFlashEmulator emu("../nvs_partition_generator/partition_single_page.bin");
|
SpiFlashEmulator emu("../nvs_partition_generator/partition_single_page.bin");
|
||||||
|
|
||||||
TEST_ESP_OK(nvs_flash_deinit());
|
TEST_ESP_OK(nvs_flash_deinit());
|
||||||
|
|
||||||
check_nvs_part_gen_args("test", 3, "../nvs_partition_generator/testdata/sample_singlepage_blob.bin", false, NULL);
|
check_nvs_part_gen_args("test", 3, "../nvs_partition_generator/testdata/sample_singlepage_blob.bin", false, NULL);
|
||||||
}
|
|
||||||
|
|
||||||
|
if (childpid == 0) {
|
||||||
|
exit(execlp("rm", " rm",
|
||||||
|
"-rf",
|
||||||
|
"testdata",NULL));
|
||||||
|
} else {
|
||||||
|
CHECK(childpid > 0);
|
||||||
|
waitpid(childpid, &status, 0);
|
||||||
|
CHECK(WEXITSTATUS(status) != -1);
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
TEST_CASE("check and read data from partition generated via partition generation utility with multipage blob support enabled", "[nvs_part_gen]")
|
TEST_CASE("check and read data from partition generated via partition generation utility with multipage blob support enabled", "[nvs_part_gen]")
|
||||||
{
|
{
|
||||||
|
int status;
|
||||||
int childpid = fork();
|
int childpid = fork();
|
||||||
|
if (childpid == 0) {
|
||||||
|
exit(execlp("cp", " cp",
|
||||||
|
"-rf",
|
||||||
|
"../nvs_partition_generator/testdata",
|
||||||
|
".",NULL));
|
||||||
|
} else {
|
||||||
|
CHECK(childpid > 0);
|
||||||
|
waitpid(childpid, &status, 0);
|
||||||
|
CHECK(WEXITSTATUS(status) != -1);
|
||||||
|
|
||||||
|
childpid = fork();
|
||||||
|
|
||||||
if (childpid == 0) {
|
if (childpid == 0) {
|
||||||
exit(execlp("python", "python",
|
exit(execlp("python", "python",
|
||||||
"../nvs_partition_generator/nvs_partition_gen.py",
|
"../nvs_partition_generator/nvs_partition_gen.py",
|
||||||
@ -2168,15 +2207,25 @@ TEST_CASE("check and read data from partition generated via partition generation
|
|||||||
"v2",NULL));
|
"v2",NULL));
|
||||||
} else {
|
} else {
|
||||||
CHECK(childpid > 0);
|
CHECK(childpid > 0);
|
||||||
int status;
|
|
||||||
waitpid(childpid, &status, 0);
|
waitpid(childpid, &status, 0);
|
||||||
CHECK(WEXITSTATUS(status) != -1);
|
CHECK(WEXITSTATUS(status) != -1);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
SpiFlashEmulator emu("../nvs_partition_generator/partition_multipage_blob.bin");
|
SpiFlashEmulator emu("../nvs_partition_generator/partition_multipage_blob.bin");
|
||||||
|
|
||||||
check_nvs_part_gen_args("test", 4, "../nvs_partition_generator/testdata/sample_multipage_blob.bin",false,NULL);
|
check_nvs_part_gen_args("test", 4, "../nvs_partition_generator/testdata/sample_multipage_blob.bin",false,NULL);
|
||||||
|
|
||||||
|
if (childpid == 0) {
|
||||||
|
exit(execlp("rm", " rm",
|
||||||
|
"-rf",
|
||||||
|
"testdata",NULL));
|
||||||
|
} else {
|
||||||
|
CHECK(childpid > 0);
|
||||||
|
waitpid(childpid, &status, 0);
|
||||||
|
CHECK(WEXITSTATUS(status) != -1);
|
||||||
|
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#if CONFIG_NVS_ENCRYPTION
|
#if CONFIG_NVS_ENCRYPTION
|
||||||
@ -2320,7 +2369,20 @@ TEST_CASE("test nvs apis with encryption enabled", "[nvs]")
|
|||||||
|
|
||||||
TEST_CASE("test nvs apis for nvs partition generator utility with encryption enabled", "[nvs_part_gen]")
|
TEST_CASE("test nvs apis for nvs partition generator utility with encryption enabled", "[nvs_part_gen]")
|
||||||
{
|
{
|
||||||
|
int status;
|
||||||
int childpid = fork();
|
int childpid = fork();
|
||||||
|
if (childpid == 0) {
|
||||||
|
exit(execlp("cp", " cp",
|
||||||
|
"-rf",
|
||||||
|
"../nvs_partition_generator/testdata",
|
||||||
|
".",NULL));
|
||||||
|
} else {
|
||||||
|
CHECK(childpid > 0);
|
||||||
|
waitpid(childpid, &status, 0);
|
||||||
|
CHECK(WEXITSTATUS(status) != -1);
|
||||||
|
|
||||||
|
childpid = fork();
|
||||||
|
|
||||||
if (childpid == 0) {
|
if (childpid == 0) {
|
||||||
exit(execlp("python", "python",
|
exit(execlp("python", "python",
|
||||||
"../nvs_partition_generator/nvs_partition_gen.py",
|
"../nvs_partition_generator/nvs_partition_gen.py",
|
||||||
@ -2336,10 +2398,10 @@ TEST_CASE("test nvs apis for nvs partition generator utility with encryption ena
|
|||||||
"../nvs_partition_generator/testdata/sample_encryption_keys.bin",NULL));
|
"../nvs_partition_generator/testdata/sample_encryption_keys.bin",NULL));
|
||||||
} else {
|
} else {
|
||||||
CHECK(childpid > 0);
|
CHECK(childpid > 0);
|
||||||
int status;
|
|
||||||
waitpid(childpid, &status, 0);
|
waitpid(childpid, &status, 0);
|
||||||
CHECK(WEXITSTATUS(status) != -1);
|
CHECK(WEXITSTATUS(status) != -1);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
SpiFlashEmulator emu("../nvs_partition_generator/partition_encrypted.bin");
|
SpiFlashEmulator emu("../nvs_partition_generator/partition_encrypted.bin");
|
||||||
|
|
||||||
@ -2351,6 +2413,18 @@ TEST_CASE("test nvs apis for nvs partition generator utility with encryption ena
|
|||||||
|
|
||||||
check_nvs_part_gen_args(NVS_DEFAULT_PART_NAME, 4, "../nvs_partition_generator/testdata/sample_multipage_blob.bin", true, &cfg);
|
check_nvs_part_gen_args(NVS_DEFAULT_PART_NAME, 4, "../nvs_partition_generator/testdata/sample_multipage_blob.bin", true, &cfg);
|
||||||
|
|
||||||
|
childpid = fork();
|
||||||
|
if (childpid == 0) {
|
||||||
|
exit(execlp("rm", " rm",
|
||||||
|
"-rf",
|
||||||
|
"testdata",NULL));
|
||||||
|
} else {
|
||||||
|
CHECK(childpid > 0);
|
||||||
|
waitpid(childpid, &status, 0);
|
||||||
|
CHECK(WEXITSTATUS(status) != -1);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -2358,6 +2432,29 @@ TEST_CASE("test nvs apis for nvs partition generator utility with encryption ena
|
|||||||
{
|
{
|
||||||
int childpid = fork();
|
int childpid = fork();
|
||||||
int status;
|
int status;
|
||||||
|
|
||||||
|
if (childpid == 0) {
|
||||||
|
exit(execlp("cp", " cp",
|
||||||
|
"-rf",
|
||||||
|
"../nvs_partition_generator/testdata",
|
||||||
|
".",NULL));
|
||||||
|
} else {
|
||||||
|
CHECK(childpid > 0);
|
||||||
|
waitpid(childpid, &status, 0);
|
||||||
|
CHECK(WEXITSTATUS(status) != -1);
|
||||||
|
|
||||||
|
childpid = fork();
|
||||||
|
|
||||||
|
if (childpid == 0) {
|
||||||
|
exit(execlp("rm", " rm",
|
||||||
|
"-rf",
|
||||||
|
"keys",NULL));
|
||||||
|
} else {
|
||||||
|
CHECK(childpid > 0);
|
||||||
|
waitpid(childpid, &status, 0);
|
||||||
|
CHECK(WEXITSTATUS(status) != -1);
|
||||||
|
|
||||||
|
childpid = fork();
|
||||||
if (childpid == 0) {
|
if (childpid == 0) {
|
||||||
exit(execlp("python", "python",
|
exit(execlp("python", "python",
|
||||||
"../nvs_partition_generator/nvs_partition_gen.py",
|
"../nvs_partition_generator/nvs_partition_gen.py",
|
||||||
@ -2376,14 +2473,40 @@ TEST_CASE("test nvs apis for nvs partition generator utility with encryption ena
|
|||||||
CHECK(childpid > 0);
|
CHECK(childpid > 0);
|
||||||
waitpid(childpid, &status, 0);
|
waitpid(childpid, &status, 0);
|
||||||
CHECK(WEXITSTATUS(status) != -1);
|
CHECK(WEXITSTATUS(status) != -1);
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
DIR *dir;
|
||||||
|
struct dirent *file;
|
||||||
|
char *filename;
|
||||||
|
char *files;
|
||||||
|
char *file_ext;
|
||||||
|
|
||||||
|
dir = opendir("keys");
|
||||||
|
while ((file = readdir(dir)) != NULL)
|
||||||
|
{
|
||||||
|
filename = file->d_name;
|
||||||
|
files = strrchr(filename, '.');
|
||||||
|
if (files != NULL)
|
||||||
|
{
|
||||||
|
file_ext = files+1;
|
||||||
|
if (strncmp(file_ext,"bin",3) == 0)
|
||||||
|
{
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
std::string encr_file = std::string("keys/") + std::string(filename);
|
||||||
SpiFlashEmulator emu("../nvs_partition_generator/partition_encrypted_using_keygen.bin");
|
SpiFlashEmulator emu("../nvs_partition_generator/partition_encrypted_using_keygen.bin");
|
||||||
|
|
||||||
char buffer[64];
|
char buffer[64];
|
||||||
FILE *fp;
|
FILE *fp;
|
||||||
|
|
||||||
fp = fopen("encryption_keys.bin","rb");
|
fp = fopen(encr_file.c_str(),"rb");
|
||||||
fread(buffer,sizeof(buffer),1,fp);
|
fread(buffer,sizeof(buffer),1,fp);
|
||||||
|
|
||||||
fclose(fp);
|
fclose(fp);
|
||||||
@ -2398,13 +2521,36 @@ TEST_CASE("test nvs apis for nvs partition generator utility with encryption ena
|
|||||||
|
|
||||||
check_nvs_part_gen_args(NVS_DEFAULT_PART_NAME, 4, "../nvs_partition_generator/testdata/sample_multipage_blob.bin", true, &cfg);
|
check_nvs_part_gen_args(NVS_DEFAULT_PART_NAME, 4, "../nvs_partition_generator/testdata/sample_multipage_blob.bin", true, &cfg);
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
TEST_CASE("test nvs apis for nvs partition generator utility with encryption enabled using keyfile", "[nvs_part_gen]")
|
TEST_CASE("test nvs apis for nvs partition generator utility with encryption enabled using keyfile", "[nvs_part_gen]")
|
||||||
{
|
{
|
||||||
int childpid = fork();
|
int childpid = fork();
|
||||||
int status;
|
int status;
|
||||||
|
|
||||||
|
DIR *dir;
|
||||||
|
struct dirent *file;
|
||||||
|
char *filename;
|
||||||
|
char *files;
|
||||||
|
char *file_ext;
|
||||||
|
|
||||||
|
dir = opendir("keys");
|
||||||
|
while ((file = readdir(dir)) != NULL)
|
||||||
|
{
|
||||||
|
filename = file->d_name;
|
||||||
|
files = strrchr(filename, '.');
|
||||||
|
if (files != NULL)
|
||||||
|
{
|
||||||
|
file_ext = files+1;
|
||||||
|
if (strncmp(file_ext,"bin",3) == 0)
|
||||||
|
{
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
std::string encr_file = std::string("keys/") + std::string(filename);
|
||||||
|
|
||||||
if (childpid == 0) {
|
if (childpid == 0) {
|
||||||
exit(execlp("python", "python",
|
exit(execlp("python", "python",
|
||||||
"../nvs_partition_generator/nvs_partition_gen.py",
|
"../nvs_partition_generator/nvs_partition_gen.py",
|
||||||
@ -2417,7 +2563,7 @@ TEST_CASE("test nvs apis for nvs partition generator utility with encryption ena
|
|||||||
"--encrypt",
|
"--encrypt",
|
||||||
"True",
|
"True",
|
||||||
"--keyfile",
|
"--keyfile",
|
||||||
"encryption_keys.bin",NULL));
|
encr_file.c_str(),NULL));
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
CHECK(childpid > 0);
|
CHECK(childpid > 0);
|
||||||
@ -2430,7 +2576,7 @@ TEST_CASE("test nvs apis for nvs partition generator utility with encryption ena
|
|||||||
char buffer[64];
|
char buffer[64];
|
||||||
FILE *fp;
|
FILE *fp;
|
||||||
|
|
||||||
fp = fopen("encryption_keys.bin","rb");
|
fp = fopen(encr_file.c_str(),"rb");
|
||||||
fread(buffer,sizeof(buffer),1,fp);
|
fread(buffer,sizeof(buffer),1,fp);
|
||||||
|
|
||||||
fclose(fp);
|
fclose(fp);
|
||||||
@ -2448,12 +2594,24 @@ TEST_CASE("test nvs apis for nvs partition generator utility with encryption ena
|
|||||||
childpid = fork();
|
childpid = fork();
|
||||||
if (childpid == 0) {
|
if (childpid == 0) {
|
||||||
exit(execlp("rm", " rm",
|
exit(execlp("rm", " rm",
|
||||||
"encryption_keys.bin",NULL));
|
"-rf",
|
||||||
|
"keys",NULL));
|
||||||
} else {
|
} else {
|
||||||
CHECK(childpid > 0);
|
CHECK(childpid > 0);
|
||||||
waitpid(childpid, &status, 0);
|
waitpid(childpid, &status, 0);
|
||||||
CHECK(WEXITSTATUS(status) != -1);
|
CHECK(WEXITSTATUS(status) != -1);
|
||||||
|
|
||||||
|
childpid = fork();
|
||||||
|
|
||||||
|
if (childpid == 0) {
|
||||||
|
exit(execlp("rm", " rm",
|
||||||
|
"-rf",
|
||||||
|
"testdata",NULL));
|
||||||
|
} else {
|
||||||
|
CHECK(childpid > 0);
|
||||||
|
waitpid(childpid, &status, 0);
|
||||||
|
CHECK(WEXITSTATUS(status) != -1);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user