| # Copyright 2020 NXP |
| # |
| # SPDX-License-Identifier: Apache-2.0 |
| # |
| |
| |
| """ |
| |
| Optionally create a set of RSA key files (*.pem) (existing ones overwritten). |
| Optionally perform a debug reset of the attached secure element. |
| Provision attached secure element with RSA key. |
| Create reference key for the injected RSA key. |
| |
| PYTHONPATH=../scripts/ python3 openssl_asym_provisionRSA.py --no_reset --create --key_type rsa2048 --connection_data 192.168.1.190:8040 |
| |
| """ |
| |
| import argparse |
| |
| import sss.sss_api as apis |
| from func_timeout import * |
| |
| from openssl_util import * |
| |
| example_text = ''' |
| |
| Example invocation:: |
| |
| python %s --key_type rsa1024 |
| python %s --key_type rsa2048 --no_reset --connection_data 127.0.0.1:8050 |
| python %s --key_type rsa2048 --create --connection_data 127.0.0.1:8040 |
| |
| ''' % (__file__, __file__, __file__,) |
| |
| |
| def parse_in_args(): |
| parser = argparse.ArgumentParser( |
| description=__doc__, epilog=example_text, |
| formatter_class=argparse.RawTextHelpFormatter) |
| required = parser.add_argument_group('required arguments') |
| optional = parser.add_argument_group('optional arguments') |
| required.add_argument( |
| '--key_type', |
| default="", |
| help='Supported key types => ``%s``' % ("``, ``".join(SUPPORTED_RSA_KEY_TYPES)), required=True) |
| optional.add_argument( |
| '--connection_type', |
| default="t1oi2c", |
| help='Supported connection types => ``%s``. Default: ``t1oi2c``' % ("``, ``".join(SUPPORTED_CONNECTION_TYPES))) |
| optional.add_argument( |
| '--connection_data', |
| default="none", |
| help='Parameter to connect to SE => eg. ``COM3``, ``127.0.0.1:8050``, ``none``. Default: ``none``') |
| optional.add_argument( |
| '--subsystem', |
| default="se05x", |
| help='Supported subsystem => ``se05x``, ``mbedtls``. Default: ``se05x``') |
| optional.add_argument( |
| '--auth_type', |
| default="None", |
| help='Supported subsystem => ``None``, ``PlatformSCP``, ``UserID``, ``ECKey``, ``AESKey``, ' |
| '``UserID_PlatformSCP``, ``ECKey_PlatformSCP``, ``AESKey_PlatformSCP``. Default: ``None``') |
| optional.add_argument( |
| '--scpkey', |
| default="None", |
| help='') |
| optional.add_argument( |
| '--create', |
| action="store_true", |
| help="create (and overwrite) credentials") |
| optional.add_argument( |
| '--no_reset', |
| action="store_true", |
| help="do not reset contents of attached secure element") |
| |
| if len(sys.argv) == 1: |
| parser.print_help(sys.stderr) |
| return None |
| |
| args = parser.parse_args() |
| if args.key_type not in SUPPORTED_RSA_KEY_TYPES: |
| parser.print_help(sys.stderr) |
| return None |
| |
| if args.auth_type not in ["None", "PlatformSCP", "UserID", "ECKey", "AESKey", "UserID_PlatformSCP", "ECKey_PlatformSCP", "AESKey_PlatformSCP"]: |
| parser.print_help(sys.stderr) |
| return None |
| |
| if args.connection_data.find(':') >= 0: |
| port_data = args.connection_data.split(':') |
| jrcp_host_name = port_data[0] |
| jrcp_port = port_data[1] |
| os.environ['JRCP_HOSTNAME'] = jrcp_host_name |
| os.environ['JRCP_PORT'] = jrcp_port |
| log.info("JRCP_HOSTNAME: %s" % jrcp_host_name) |
| log.info("JRCP_PORT: %s" % jrcp_port) |
| if args.connection_type == "t1oi2c": |
| args.connection_type = "jrcpv1" |
| elif args.connection_data.find('COM') >= 0: |
| if args.connection_type == "t1oi2c": |
| args.connection_type = "vcom" |
| elif args.connection_data.find('none') >= 0: |
| pass |
| else: |
| parser.print_help(sys.stderr) |
| return None |
| |
| if args.connection_type not in SUPPORTED_CONNECTION_TYPES: |
| parser.print_help(sys.stderr) |
| return None |
| |
| if args.subsystem not in ["se05x", "mbedtls"]: |
| parser.print_help(sys.stderr) |
| return None |
| |
| return args |
| |
| |
| def main(): |
| args = parse_in_args() |
| if args is None: |
| return |
| |
| keys_dir = os.path.join(cur_dir, '..', 'tst_keys') |
| |
| key_size = args.key_type.replace("rsa", "") |
| # if not os.path.exists(keys_dir): |
| # os.mkdir(keys_dir) |
| |
| |
| |
| rsa_key_pair_a = keys_dir + os.sep + "rsa_A_" + key_size + "_kp.pem" |
| rsa_key_pub_a = keys_dir + os.sep + "rsa_A_" + key_size + "_pub.pem" |
| rsa_ref_key_pair_a = keys_dir + os.sep + "rsa_A_" + key_size + "_kp_ref.pem" |
| |
| rsa_key_pair_b = keys_dir + os.sep + "rsa_B_" + key_size + "_kp.pem" |
| rsa_key_pub_b = keys_dir + os.sep + "rsa_B_" + key_size + "_pub.pem" |
| rsa_ref_key_pair_b = keys_dir + os.sep + "rsa_B_" + key_size + "_kp_ref.pem" |
| |
| if args.create: |
| run("%s genrsa -out %s %d" % (openssl, rsa_key_pair_a, int(key_size))) |
| run("%s genrsa -out %s %d" % (openssl, rsa_key_pair_b, int(key_size))) |
| run("%s rsa -in %s -RSAPublicKey_out -out %s" % (openssl, rsa_key_pair_a, rsa_key_pub_a)) |
| run("%s rsa -in %s -RSAPublicKey_out -out %s" % (openssl, rsa_key_pair_b, rsa_key_pub_b)) |
| |
| |
| session_close(None) |
| |
| session = session_open(args.subsystem, args.connection_data, args.connection_type, args.auth_type, args.scpkey) |
| if session is None: |
| return |
| |
| if not args.no_reset: |
| reset(session) |
| |
| key_id = [0x7D010000, 0x7D010001] |
| key_kp = [rsa_key_pair_a, rsa_key_pair_b] |
| key_ref = [rsa_ref_key_pair_a, rsa_ref_key_pair_b] |
| i = 0 |
| while i < len(key_id): |
| status = set_rsa_pair(session, key_id[i], key_kp[i]) |
| if status != apis.kStatus_SSS_Success: |
| return |
| status = refpem_rsa(session, key_id[i], key_ref[i]) |
| if status != apis.kStatus_SSS_Success: |
| return |
| i += 1 |
| |
| session_close(session) |
| |
| log.info("##############################################################") |
| log.info("# #") |
| log.info("# Program completed successfully #") |
| log.info("# #") |
| log.info("##############################################################") |
| |
| |
| if __name__ == '__main__': |
| logging.basicConfig(level=logging.DEBUG) |
| func_timeout(180, main, None) # Time out set to 3 minutes. |