From 40059dedde35578070e38245913427dae8f21b21 Mon Sep 17 00:00:00 2001 From: "nilesh.kale" Date: Thu, 20 Jun 2024 18:08:09 +0530 Subject: [PATCH] feat: updated procedure for generating token in jtag_example_helper.py This commit updated API for generating token providing ability to pass more arguments and updated readme file as well. --- examples/security/hmac_soft_jtag/README.md | 3 +- .../hmac_soft_jtag/jtag_example_helper.py | 19 +++++++-- .../test/test_hmac_key.bin | Bin 0 -> 32 bytes .../test/test_nvs_encr_keys.bin | 2 + .../test/test_secure_boot_signing_key.pem | 39 ++++++++++++++++++ .../test/test_secure_jtag_token.bin | 1 + 6 files changed, 60 insertions(+), 4 deletions(-) create mode 100644 examples/security/security_features_app/test/test_hmac_key.bin create mode 100644 examples/security/security_features_app/test/test_nvs_encr_keys.bin create mode 100644 examples/security/security_features_app/test/test_secure_boot_signing_key.pem create mode 100644 examples/security/security_features_app/test/test_secure_jtag_token.bin diff --git a/examples/security/hmac_soft_jtag/README.md b/examples/security/hmac_soft_jtag/README.md index ccc2f52308..9ead91db1f 100644 --- a/examples/security/hmac_soft_jtag/README.md +++ b/examples/security/hmac_soft_jtag/README.md @@ -46,8 +46,9 @@ espefuse.py -p $ESPPORT burn_key .bin HMAC_DOWN_ALL **Step 4:** Generate token data from the HMAC key. Keep this token data handy before re-enabling JTAG access. ```bash -python jtag_example_helper.py generate_token .bin +python jtag_example_helper.py generate_token .bin ``` +**Note**: The OUTPUT_FILE argument is optional. If provided, the token data will be stored in the specified file in either binary format (.bin) or hexadecimal format (.hex) based on the file extension. If no OUTPUT_FILE is specified, the token data will be printed to the console. ### Configure the project diff --git a/examples/security/hmac_soft_jtag/jtag_example_helper.py b/examples/security/hmac_soft_jtag/jtag_example_helper.py index d355a9d2db..1674245f89 100644 --- a/examples/security/hmac_soft_jtag/jtag_example_helper.py +++ b/examples/security/hmac_soft_jtag/jtag_example_helper.py @@ -6,15 +6,27 @@ import hashlib import hmac import os import subprocess +from typing import Optional -def generate_token_data(hmac_key_file: str) -> None: +def generate_token_data(hmac_key_file: str, output_file: Optional[str] = None) -> None: with open(hmac_key_file, 'rb') as file: key_data = file.read() data = bytes([0] * 32) token_data = hmac.HMAC(key_data, data, hashlib.sha256).digest() token_hex = binascii.hexlify(token_data).decode('utf-8') - print(token_hex) + + if output_file: + if output_file.endswith('.bin'): + with open(output_file, 'wb') as out_file: + out_file.write(token_data) + elif output_file.endswith('.hex'): + with open(output_file, 'w') as out_file: + out_file.write(token_hex) + else: + print(f'Unsupported file format for output file: {output_file}') + else: + print(token_hex) def generate_hmac_key(hmac_key_file: str) -> None: @@ -69,6 +81,7 @@ def main() -> None: token_generator_parser = subparsers.add_parser('generate_token') token_generator_parser.add_argument('hmac_key_file', help='File containing the HMAC key') + token_generator_parser.add_argument('output_file', nargs='?', help='File to store the generated token (optional)') args = parser.parse_args() @@ -77,7 +90,7 @@ def main() -> None: elif args.command == 'generate_hmac_key': generate_hmac_key(args.hmac_key_file) elif args.command == 'generate_token': - generate_token_data(args.hmac_key_file) + generate_token_data(args.hmac_key_file, args.output_file) else: parser.print_help() diff --git a/examples/security/security_features_app/test/test_hmac_key.bin b/examples/security/security_features_app/test/test_hmac_key.bin new file mode 100644 index 0000000000000000000000000000000000000000..63a3db0d80f516ed0dd96849983316de7889ca4e GIT binary patch literal 32 ocmb0*te>34cSe_)V;Qgd>TP@1sk&`p2rh2A{h`}i{PxLX0LdB-82|tP literal 0 HcmV?d00001 diff --git a/examples/security/security_features_app/test/test_nvs_encr_keys.bin b/examples/security/security_features_app/test/test_nvs_encr_keys.bin new file mode 100644 index 0000000000..02faea963f --- /dev/null +++ b/examples/security/security_features_app/test/test_nvs_encr_keys.bin @@ -0,0 +1,2 @@ +/f ~=ʝͷiq:+e6 ᯪJ_(l@" +.fn \ No newline at end of file diff --git a/examples/security/security_features_app/test/test_secure_boot_signing_key.pem b/examples/security/security_features_app/test/test_secure_boot_signing_key.pem new file mode 100644 index 0000000000..bce9437fe5 --- /dev/null +++ b/examples/security/security_features_app/test/test_secure_boot_signing_key.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEA5Mc7fvPAz9MQl1IqVfRUBWliSZ3GhdW0hM43gOfL2IH/ArS3 +6N8nY6F5Q/3bnvKEfuQ1sAavJwxE+rMJbZGJvOsxf1aSnjJ4GM6yoFtjb6VEpiiP +VLWe4LqFfwluXHhf4w8e38YYJxyKAIc5AS3KPHLLqX+c9UBz3YPw3RUE0kVTHQky +GvOZftfDZoSW7/c9WyqDXg8VavHNyA38y1sKxgR0sqO1wL30TM/RneMC5IjxFQ+Z +P91DIUULiCYBvDBmhX0B7pfB9nevn4Bzjq732WbHYssYI/MIOJq3h9kN2GXQM1Qk +GyX1RGJdc5lN+n0Pi9Fv5K44E97ylwd6F9LxQYwqp1XEbWNCgeCTJpkQ+74Uk/9T +zJrsVzRbIfjbRo7XQHyM1X6tNM9zus3+kL/14ins6lzIVOG9rSUordVrTy+jF1OW +6A0gwnEnNhveruU/IMu7CrpvncSmiHUodctKCDwVFKuD8OQpoBcJOZVM+0JxTu0r +p/UfU7KiA2z2IXbZAgMBAAECggGAM3DY3+LPJ+u9f0jqXAlkGxNnFkZzrQQwYuw7 +brCwFS6luGYKNEJ5CN319mPOTh8Zy65ko//cwlrv5676H7jpz6DSsF82+HtApdNU +NtpVsXTnyrS0BcgQwVcvTTFBr2khplxwBMD2DVVNcnD1UF6LaqwlPyeCk2K6qsRQ +FGX1f5I27gBzU7wSd4LsXNDTX4GoOieFAlFB75oPOzxp6w+9jGjUFJba90u+8saH +y4iPzfM8wg+P1dxai9CKl0J0gWwgNGXMuw0z0OMrGjUYqy9ylAvQOc90xz8D7YHj +OKhwl3kb6O4sQaO7YL7nwptnrML+e5CZ3tosPCQeWVZ3UtCFBaclysO0Nhy5mKbM +xJrGsnquPyRFRglmkngKqbkQQO0ka0X0yrbFZuATE4uxcBF7gBlp+LiHz+1mrimy +Cys2SbRq71e2lNPWlCwnsGL6jADuFYZw2qm3K52Zaj670WtvfUj03fV6ju5kGvdF +6xWszAQJLK0DoVNZB1kNG1nr+VFBAoHBAPgzXUlQXQLmSrvXzJZAIdNVAjcmzAkj +zsSJfv/3Qq30jCMEU75gPxyRYHX6pwS2M1xJMa7jgsf+Eqz8Hr6EDfmg0sA21p2C +dQs2PKIifigPx70dafvtWnQPO+wtxvD/bFhvFt1OFaA1LDwZeCNqSZRqZUksiRv+ +DE4XL8wv6hOudtHV+XD+404YWwJDR+gryX9fDV/6X5guCTUEp6fG+XxCgk9Bu4im +ULoQj3ewfJ3qLyf0e1dcIY1i97vDDb2TTwKBwQDr96Au+U6/d+Q9b57nnUtC+GbY +Qnr2m+LKaVIyn8G3ehoOeAcfnyCJM4QNaIywqF4EdupGrVR1App3/2SjYwrr+0Qi +cGN++dLt5x3kyKcqYUsAQS0uGF1swjfq9SflT2TsUdZo1xZe3IndO4bHV7IdBR9b +p8KMvg27DWml7txRRv+7k7+2zhyEJJ0CdkeTYXMETJow0hkaEw18KGgQUq7muH5c +KkKh5ssdsoRHY/trOm05NY5uxh5jUl4K8lPnaVcCgcEAw+NmINK4Ve2D1jU/VuZO +zAgvs29/YUdNjXgnL8XqbnivkYN8xKgZp2ZlhzfIUcOrTY7HE4ykT0uLWdOyQBLh +JL91Fhcx0yZ/UdYAjMZEY0HxFqT8XMS7uxW66XBHrzUoQbOLjCZwkvzkaJqBYxIj ++GrwfYwUum8LLybFppW6XMY5KOuD71Z798rpKSQIwIiug0R1veZRRD4xLhL6b0Ru +609ioULzy6nX1MH1OTWlZMzLYvFl11Dzei897obHdXOpAoHAZs8rIYxJ/S41aXca +mvtzcShdVtgQTyY4N8yPnbLxaglvFOLC58ojGOQzIsxskAOrgvJ0vHqEk76goqvJ +o05h0dNWKlMhZo9ekXzjD21FODfPv7ql/rFq8xnj1yEdUtG2vSgi7ObZvlcEUjm/ +TVcuKWqz8PE02LFtthPv9fYOU/NFNOr42qMO1ZxGNG5oXRRWUoc1nxPLEAtBEtlg +DcyYm7nChFF9WqD92mCPNbOgNWXtdMGa3zS+xLN8efR/DhJdAoHBAI8j+abPyQDw +0iSi5sx76Abtlb/P8nFZ4Njqf8ojQaytMQGO8DG7e1YMPyq/xIKUVQyFmf8ITx7a +RxlU98sMTiDylVueG2Mx1xNsXlIaX4FDFsvJXUKD4xss4PVv8ZhOgb7uJpd18Op/ +mKfSByfQ/CFjnq+QBBs2KOFyHvwgtJhvn1KddyXFa/E4qEIpjjTZTKfaksweFVCv +GmQ/GFqqd6Ih00Q19bgilpvTDDKjrklkAd0DR13TkLLEGqEaLbjXzA== +-----END RSA PRIVATE KEY----- diff --git a/examples/security/security_features_app/test/test_secure_jtag_token.bin b/examples/security/security_features_app/test/test_secure_jtag_token.bin new file mode 100644 index 0000000000..e547179e74 --- /dev/null +++ b/examples/security/security_features_app/test/test_secure_jtag_token.bin @@ -0,0 +1 @@ + {qػa768Lpg {qػa768LpgŔ1㏉a>z(̍Q \ No newline at end of file