1- # SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD
1+ # SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD
22# SPDX-License-Identifier: Unlicense OR CC0-1.0
33import os
44import struct
77from cryptography .hazmat .backends import default_backend
88from cryptography .hazmat .primitives import serialization
99from cryptography .hazmat .primitives .asymmetric import ec
10- from cryptography .hazmat .primitives .ciphers import algorithms
1110from cryptography .hazmat .primitives .ciphers import Cipher
11+ from cryptography .hazmat .primitives .ciphers import algorithms
1212from cryptography .hazmat .primitives .ciphers import modes
1313from ecdsa .curves import NIST256p
1414
1515# Constants
1616TEST_COUNT = 5
17+ STORAGE_PARTITION_OFFSET = 0x160000
1718
1819
1920# Helper functions
@@ -45,7 +46,9 @@ def calculate_aes_cipher(data: bytes, key: bytes) -> Any:
4546 return encryptor .update (data ) + encryptor .finalize ()
4647
4748
48- def _flash_encryption_operation_aes_xts (input_data : bytes , flash_address : int , key : bytes , do_decrypt : bool = False ) -> bytes :
49+ def _flash_encryption_operation_aes_xts (
50+ input_data : bytes , flash_address : int , key : bytes , do_decrypt : bool = False
51+ ) -> bytes :
4952 backend = default_backend ()
5053
5154 indata = input_data
@@ -54,9 +57,9 @@ def _flash_encryption_operation_aes_xts(input_data: bytes, flash_address: int, k
5457 indata = (b'\x00 ' * pad_left ) + indata
5558
5659 pad_right = (0x80 - (len (indata ) % 0x80 )) % 0x80
57- indata += ( b'\x00 ' * pad_right )
60+ indata += b'\x00 ' * pad_right
5861
59- inblocks = [indata [i : i + 0x80 ] for i in range (0 , len (indata ), 0x80 )]
62+ inblocks = [indata [i : i + 0x80 ] for i in range (0 , len (indata ), 0x80 )]
6063
6164 output = b''
6265 for inblock in inblocks :
@@ -68,17 +71,17 @@ def _flash_encryption_operation_aes_xts(input_data: bytes, flash_address: int, k
6871 outblock = encryptor .update (inblock [::- 1 ])
6972 output += outblock [::- 1 ]
7073
71- return output [pad_left : len (output ) - pad_right ]
74+ return output [pad_left : len (output ) - pad_right ]
7275
7376
74- def generate_xts_test_data (key : bytes , base_flash_address : int = 0x120000 ) -> list :
77+ def generate_xts_test_data (key : bytes , base_flash_address : int = STORAGE_PARTITION_OFFSET ) -> list :
7578 xts_test_data = []
7679 plaintext_data = bytes (range (1 , 129 ))
7780 data_size = 16
7881 flash_address = base_flash_address
7982 for i in range (TEST_COUNT ):
8083 data_size = (data_size * 2 ) % 256
81- if ( data_size < 16 ) :
84+ if data_size < 16 :
8285 data_size = 16
8386 input_data = plaintext_data [:data_size ]
8487 flash_address = base_flash_address + (i * 0x100 )
@@ -96,7 +99,7 @@ def generate_ecdsa_256_key_and_pub_key(filename: str) -> tuple:
9699 pem = private_key .private_bytes (
97100 encoding = serialization .Encoding .PEM ,
98101 format = serialization .PrivateFormat .TraditionalOpenSSL ,
99- encryption_algorithm = serialization .NoEncryption ()
102+ encryption_algorithm = serialization .NoEncryption (),
100103 )
101104
102105 with open ('ecdsa_256_key.pem' , 'wb' ) as pem_file :
@@ -134,10 +137,19 @@ def generate_k1_G(key_file_path: str) -> tuple:
134137 return k1_G , k1_G
135138
136139
137- def write_to_c_header (init_key : bytes , k1 : bytes , k2_info : bytes , k1_encrypted_32 : list ,
138- test_data_xts_aes_128 : list , k1_encrypted_64 : list ,
139- xts_test_data_xts_aes_256 : list , pubx : bytes ,
140- puby : bytes , k1_G_0 : bytes , k1_G_1 : bytes ) -> None :
140+ def write_to_c_header (
141+ init_key : bytes ,
142+ k1 : bytes ,
143+ k2_info : bytes ,
144+ k1_encrypted_32 : list ,
145+ test_data_xts_aes_128 : list ,
146+ k1_encrypted_64 : list ,
147+ xts_test_data_xts_aes_256 : list ,
148+ pubx : bytes ,
149+ puby : bytes ,
150+ k1_G_0 : bytes ,
151+ k1_G_1 : bytes ,
152+ ) -> None :
141153 with open ('key_manager_test_cases.h' , 'w' , encoding = 'utf-8' ) as file :
142154 header_content = """#include <stdint.h>
143155
@@ -176,25 +188,42 @@ def write_to_c_header(init_key: bytes, k1: bytes, k2_info: bytes, k1_encrypted_3
176188 .k1_encrypted = { { %s }, { } },
177189 .plaintext_data = { %s },
178190 .xts_test_data = {
179- """ % (key_to_c_format (init_key ), key_to_c_format (k2_info ), key_to_c_format (k1_encrypted_32 [0 ]), key_to_c_format (bytes (range (1 , 129 ))))
191+ """ % (
192+ key_to_c_format (init_key ),
193+ key_to_c_format (k2_info ),
194+ key_to_c_format (k1_encrypted_32 [0 ]),
195+ key_to_c_format (bytes (range (1 , 129 ))),
196+ )
180197
181198 for data_size , flash_address , ciphertext in test_data_xts_aes_128 :
182- header_content += f'\t \t {{.data_size = { data_size } { flash_address :x} { key_to_c_format (ciphertext )} \n '
199+ header_content += (
200+ f'\t \t {{.data_size = { data_size }
201+ f'.data_offset = 0x{ flash_address :x}
202+ f'.ciphertext = {{{ key_to_c_format (ciphertext )} \n '
203+ )
183204 header_content += '\t }\n };\n \n '
184205
185206 # For 64-byte k1 key
186207 header_content += '// For 64-byte k1 key\n '
187208 header_content += 'test_data_aes_mode_t test_data_xts_aes_256 = {\n '
188209 header_content += f'\t .init_key = {{{ key_to_c_format (init_key )} \n '
189210 header_content += f'\t .k2_info = {{{ key_to_c_format (k2_info )} \n '
190- header_content += f'\t .k1_encrypted = {{{{{ key_to_c_format (k1_encrypted_64 [0 ])} { key_to_c_format (k1_encrypted_64 [1 ])} \n '
211+ header_content += (
212+ f'\t .k1_encrypted = {{{{{ key_to_c_format (k1_encrypted_64 [0 ])}
213+ f'{{{ key_to_c_format (k1_encrypted_64 [1 ])} \n '
214+ )
191215 header_content += f'\t .plaintext_data = {{{ key_to_c_format (bytes (range (1 , 129 )))} \n '
192216 header_content += ' .xts_test_data = {\n '
193217
194218 for data_size , flash_address , ciphertext in xts_test_data_xts_aes_256 :
195- header_content += f' {{.data_size = { data_size } { flash_address :x} { key_to_c_format (ciphertext )} \n '
196- header_content += ' }\n };\n '
197- header_content += '''
219+ header_content += (
220+ f'\t \t {{.data_size = { data_size }
221+ f'.data_offset = 0x{ flash_address :x}
222+ f'.ciphertext = {{{ key_to_c_format (ciphertext )} \n '
223+ )
224+ header_content += '\t }\n };\n \n '
225+
226+ header_content += """
198227test_data_aes_mode_t test_data_ecdsa = {
199228 .init_key = { %s },
200229 .k2_info = { %s },
@@ -204,8 +233,14 @@ def write_to_c_header(init_key: bytes, k1: bytes, k2_info: bytes, k1_encrypted_3
204233 .puby = { %s }
205234 }
206235};\n
207- ''' % (key_to_c_format (init_key ), key_to_c_format (k2_info ), key_to_c_format (k1_encrypted_32 [0 ]), key_to_c_format (pubx ),key_to_c_format (puby ))
208- header_content += '''
236+ """ % (
237+ key_to_c_format (init_key ),
238+ key_to_c_format (k2_info ),
239+ key_to_c_format (k1_encrypted_32 [0 ]),
240+ key_to_c_format (pubx ),
241+ key_to_c_format (puby ),
242+ )
243+ header_content += """
209244test_data_ecdh0_mode_t test_data_ecdh0 = {
210245 .plaintext_data = { %s },
211246 .k1 = {
@@ -218,7 +253,13 @@ def write_to_c_header(init_key: bytes, k1: bytes, k2_info: bytes, k1_encrypted_3
218253 }
219254};\n
220255
221- ''' % (key_to_c_format (bytes (range (1 , 129 ))), key_to_c_format (k1 ), key_to_c_format (k1 ), key_to_c_format (k1_G_0 ), key_to_c_format (k1_G_1 ))
256+ """ % (
257+ key_to_c_format (bytes (range (1 , 129 ))),
258+ key_to_c_format (k1 ),
259+ key_to_c_format (k1 ),
260+ key_to_c_format (k1_G_0 ),
261+ key_to_c_format (k1_G_1 ),
262+ )
222263
223264 file .write (header_content )
224265
@@ -254,4 +295,16 @@ def write_to_c_header(init_key: bytes, k1: bytes, k2_info: bytes, k1_encrypted_3
254295
255296k1_G_0 , k1_G_1 = generate_k1_G ('k1.bin' )
256297
257- write_to_c_header (init_key , k1_32 , k2_info , k1_encrypted_32 , test_data_xts_aes_128 , k1_encrypted_64 , xts_test_data_xts_aes_256 , pubx , puby , k1_G_0 , k1_G_1 )
298+ write_to_c_header (
299+ init_key ,
300+ k1_32 ,
301+ k2_info ,
302+ k1_encrypted_32 ,
303+ test_data_xts_aes_128 ,
304+ k1_encrypted_64 ,
305+ xts_test_data_xts_aes_256 ,
306+ pubx ,
307+ puby ,
308+ k1_G_0 ,
309+ k1_G_1 ,
310+ )
0 commit comments