Google Git
Sign in
coral / a71ch-crypto-support / 8dc1f1434da50a4b7361d651239c1f3f4f8cc25b / . / sss / plugin / openssl / scripts / openssl_provisionEC_mont.py
blob: dfeaa8fa04ed76d3d81e321dc5f67bd5b7ba192d [file] [log] [blame]
#
# Copyright 2019 NXP
# SPDX-License-Identifier: Apache-2.0
#
"""
Provision attached secure element with EC montogomery keys
This example generates EC montogomery key files (*.pem) (existing ones overwritten).
Performs debug reset the attached secure element.
Attached secure element provisioned with EC montogomery key.
Creates reference key from the injected EC montogomery key.
"""
import argparse
from func_timeout import *
from openssl_util import *
example_text = '''
Example invocation::
python %s --key_type x25519
python %s --key_type x25519 --connection_data 169.254.0.1:8050
python %s --key_type x448 --connection_type jrcpv2 --connection_data 127.0.0.1:8050
python %s --key_type x448 --connection_data COM3
''' % (__file__, __file__, __file__, __file__,)
def execute_openssl_cmd(algorithm, ecx_key_kp, ecx_key_kp_pubonly):
cmd_str = "\"%s\" genpkey -algorithm \"%s\" -out \"%s\" " % (openssl, algorithm, ecx_key_kp)
run(cmd_str)
cmd_str = "\"%s\" pkey -in \"%s\" -pubout -out \"%s\"" % (openssl, ecx_key_kp, ecx_key_kp_pubonly)
run(cmd_str)
def parse_in_args():
parser = argparse.ArgumentParser(
description=__doc__, epilog=example_text,
formatter_class=argparse.RawTextHelpFormatter)
required = parser.add_argument_group('required arguments')
optional = parser.add_argument_group('optional arguments')
required.add_argument(
'--key_type',
default="",
help='Supported key types => ``%s``' % ("``, ``".join(SUPPORTED_ECX_KEY_TYPES)),
required=True)
optional.add_argument(
'--connection_type',
default="t1oi2c",
help='Supported connection types => ``%s``. Default: ``t1oi2c``' % ("``, ``".join(SUPPORTED_CONNECTION_TYPES)))
optional.add_argument(
'--connection_data',
default="none",
help='Parameter to connect to SE => eg. ``COM3``, ``127.0.0.1:8050``, ``none``. Default: ``none``')
optional.add_argument(
'--subsystem',
default="se05x",
help='Supported subsystem => ``se05x``, ``a71ch``, ``mbedtls``. Default: ``se05x``')
optional.add_argument(
'--auth_type',
default="None",
help='Supported subsystem => ``None``, ``PlatformSCP``, ``UserID``, ``ECKey``, ``AESKey``, '
'``UserID_PlatformSCP``, ``ECKey_PlatformSCP``, ``AESKey_PlatformSCP``. Default: ``None``')
optional.add_argument(
'--scpkey',
default="None",
help='')
if len(sys.argv) == 1:
parser.print_help(sys.stderr)
return None
args = parser.parse_args()
if args.key_type not in SUPPORTED_ECX_KEY_TYPES:
parser.print_help(sys.stderr)
return None
if args.subsystem not in ["se05x", "mbedtls"]:
parser.print_help(sys.stderr)
return None
if args.auth_type not in ["None", "PlatformSCP", "UserID", "ECKey", "AESKey", "UserID_PlatformSCP", "ECKey_PlatformSCP", "AESKey_PlatformSCP"]:
parser.print_help(sys.stderr)
return None
if args.connection_data.find(':') >= 0:
port_data = args.connection_data.split(':')
jrcp_host_name = port_data[0]
jrcp_port = port_data[1]
os.environ['JRCP_HOSTNAME'] = jrcp_host_name
os.environ['JRCP_PORT'] = jrcp_port
log.info("JRCP_HOSTNAME: %s" % jrcp_host_name)
log.info("JRCP_PORT: %s" % jrcp_port)
if args.connection_type == "t1oi2c":
args.connection_type = "jrcpv1"
elif args.connection_data.find('COM') >= 0:
if args.connection_type == "t1oi2c":
args.connection_type = "vcom"
elif args.connection_data.find('none') >= 0:
if args.subsystem == "a71ch":
args.connection_type = "sci2c"
else:
parser.print_help(sys.stderr)
return None
if args.connection_type not in SUPPORTED_CONNECTION_TYPES:
parser.print_help(sys.stderr)
return None
return args
def main():
args = parse_in_args()
if args is None:
return
keys_dir = os.path.join(cur_dir, '..', 'keys', args.key_type)
import sss.sss_api as apis
if not os.path.exists(keys_dir):
os.mkdir(keys_dir)
# ECX keys to be stored in SE051
# ------------------------------
ecx_key_kp_0 = keys_dir + os.sep + "ecx_key_kp_0.pem"
ecx_key_kp_pubonly_0 = keys_dir + os.sep + "ecx_key_kp_pubonly_0.pem"
ecx_key_kp_0_ref = keys_dir + os.sep + "ecx_key_kp_0_ref.pem"
ecx_key_kp_1 = keys_dir + os.sep + "ecx_key_kp_1.pem"
ecx_key_kp_pubonly_1 = keys_dir + os.sep + "ecx_key_kp_pubonly_1.pem"
ecx_key_kp_1_ref = keys_dir + os.sep + "ecx_key_kp_1_ref.pem"
ecx_key_kp_2 = keys_dir + os.sep + "ecx_key_kp_2.pem"
ecx_key_kp_pubonly_2 = keys_dir + os.sep + "ecx_key_kp_pubonly_2.pem"
ecx_key_kp_2_ref = keys_dir + os.sep + "ecx_key_kp_2_ref.pem"
ecx_key_kp_3 = keys_dir + os.sep + "ecx_key_kp_3.pem"
ecx_key_kp_pubonly_3 = keys_dir + os.sep + "ecx_key_kp_pubonly_3.pem"
ecx_key_kp_3_ref = keys_dir + os.sep + "ecx_key_kp_3_ref.pem"
execute_openssl_cmd(args.key_type, ecx_key_kp_0, ecx_key_kp_pubonly_0)
execute_openssl_cmd(args.key_type, ecx_key_kp_1, ecx_key_kp_pubonly_1)
execute_openssl_cmd(args.key_type, ecx_key_kp_2, ecx_key_kp_pubonly_2)
execute_openssl_cmd(args.key_type, ecx_key_kp_3, ecx_key_kp_pubonly_3)
session_close(None)
session = session_open(args.subsystem, args.connection_data, args.connection_type, args.auth_type, args.scpkey)
if session is None:
return
reset(session)
key_id = [0x7DCCBB10, 0x7DCCBB11, 0x7DCCBB12, 0x7DCCBB13]
key_kp = [ecx_key_kp_0, ecx_key_kp_1, ecx_key_kp_2, ecx_key_kp_3]
key_ref = [ecx_key_kp_0_ref, ecx_key_kp_1_ref, ecx_key_kp_2_ref, ecx_key_kp_3_ref]
i = 0
while i < len(key_id):
status = set_ecc_pair(session, key_id[i], key_kp[i])
if status != apis.kStatus_SSS_Success:
return
status = refpem_ecc_pair(session, key_id[i], key_ref[i])
if status != apis.kStatus_SSS_Success:
return
i += 1
session_close(session)
log.info("##############################################################")
log.info("# #")
log.info("# Program completed successfully #")
log.info("# #")
log.info("##############################################################")
if __name__ == '__main__':
func_timeout(120, main, None) # Timeout set to 2 minutes