mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
29d5a4dcc3
Commit 5e8795eebe
has changed the partition table offset, which
has resulted in the ciphertext not matching the one expected in the
example test.
Fix by calculating the ciphertext using espsecure.py.
63 lines
2.3 KiB
Python
63 lines
2.3 KiB
Python
from __future__ import print_function
|
|
import binascii
|
|
from io import BytesIO
|
|
from collections import namedtuple
|
|
import os
|
|
import sys
|
|
|
|
import ttfw_idf
|
|
try:
|
|
import espsecure
|
|
except ImportError:
|
|
idf_path = os.getenv("IDF_PATH")
|
|
if not idf_path or not os.path.exists(idf_path):
|
|
raise
|
|
sys.path.insert(0, os.path.join(idf_path, "components", "esptool_py", "esptool"))
|
|
import espsecure
|
|
|
|
|
|
# To prepare a test runner for this example:
|
|
# 1. Generate zero flash encryption key:
|
|
# dd if=/dev/zero of=key.bin bs=1 count=32
|
|
# 2.Burn Efuses:
|
|
# espefuse.py --do-not-confirm -p $ESPPORT burn_efuse FLASH_CRYPT_CONFIG 0xf
|
|
# espefuse.py --do-not-confirm -p $ESPPORT burn_efuse FLASH_CRYPT_CNT 0x1
|
|
# espefuse.py --do-not-confirm -p $ESPPORT burn_key flash_encryption key.bin
|
|
@ttfw_idf.idf_example_test(env_tag='Example_Flash_Encryption')
|
|
def test_examples_security_flash_encryption(env, extra_data):
|
|
dut = env.get_dut('flash_encryption', 'examples/security/flash_encryption', dut_class=ttfw_idf.ESP32DUT)
|
|
# start test
|
|
dut.start_app()
|
|
|
|
# calculate the expected ciphertext
|
|
flash_addr = int(dut.app.partition_table["storage"]["offset"], 0)
|
|
plain_hex_str = '00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f'
|
|
plain_data = binascii.unhexlify(plain_hex_str.replace(' ', ''))
|
|
|
|
# Emulate espsecure encrypt_flash_data command
|
|
EncryptFlashDataArgs = namedtuple('EncryptFlashDataArgs', ['output', 'plaintext_file', 'address', 'keyfile', 'flash_crypt_conf'])
|
|
args = EncryptFlashDataArgs(BytesIO(), BytesIO(plain_data), flash_addr, BytesIO(b'\x00' * 32), 0xF)
|
|
espsecure.encrypt_flash_data(args)
|
|
|
|
expected_ciphertext = args.output.getvalue()
|
|
hex_ciphertext = binascii.hexlify(expected_ciphertext).decode('ascii')
|
|
expected_str = (' '.join(hex_ciphertext[i:i + 2] for i in range(0, 16, 2)) + ' ' +
|
|
' '.join(hex_ciphertext[i:i + 2] for i in range(16, 32, 2)))
|
|
|
|
lines = [
|
|
'FLASH_CRYPT_CNT eFuse value is 1',
|
|
'Flash encryption feature is enabled in DEVELOPMENT mode',
|
|
'with esp_partition_write',
|
|
plain_hex_str,
|
|
'with esp_partition_read',
|
|
plain_hex_str,
|
|
'with spi_flash_read',
|
|
expected_str
|
|
]
|
|
for line in lines:
|
|
dut.expect(line, timeout=2)
|
|
|
|
|
|
if __name__ == '__main__':
|
|
test_examples_security_flash_encryption()
|