# # Copyright 2019 NXP # SPDX-License-Identifier: Apache-2.0 # """ Provision attached secure element with EC montogomery keys This example generates EC montogomery key files (*.pem) (existing ones overwritten). Performs debug reset the attached secure element. Attached secure element provisioned with EC montogomery key. Creates reference key from the injected EC montogomery key. """ import argparse from func_timeout import * from openssl_util import * example_text = ''' Example invocation:: python %s --key_type x25519 python %s --key_type x25519 --connection_data 169.254.0.1:8050 python %s --key_type x448 --connection_type jrcpv2 --connection_data 127.0.0.1:8050 python %s --key_type x448 --connection_data COM3 ''' % (__file__, __file__, __file__, __file__,) def execute_openssl_cmd(algorithm, ecx_key_kp, ecx_key_kp_pubonly): cmd_str = "\"%s\" genpkey -algorithm \"%s\" -out \"%s\" " % (openssl, algorithm, ecx_key_kp) run(cmd_str) cmd_str = "\"%s\" pkey -in \"%s\" -pubout -out \"%s\"" % (openssl, ecx_key_kp, ecx_key_kp_pubonly) run(cmd_str) def parse_in_args(): parser = argparse.ArgumentParser( description=__doc__, epilog=example_text, formatter_class=argparse.RawTextHelpFormatter) required = parser.add_argument_group('required arguments') optional = parser.add_argument_group('optional arguments') required.add_argument( '--key_type', default="", help='Supported key types => ``%s``' % ("``, ``".join(SUPPORTED_ECX_KEY_TYPES)), required=True) optional.add_argument( '--connection_type', default="t1oi2c", help='Supported connection types => ``%s``. Default: ``t1oi2c``' % ("``, ``".join(SUPPORTED_CONNECTION_TYPES))) optional.add_argument( '--connection_data', default="none", help='Parameter to connect to SE => eg. ``COM3``, ``127.0.0.1:8050``, ``none``. Default: ``none``') optional.add_argument( '--subsystem', default="se05x", help='Supported subsystem => ``se05x``, ``a71ch``, ``mbedtls``. Default: ``se05x``') optional.add_argument( '--auth_type', default="None", help='Supported subsystem => ``None``, ``PlatformSCP``, ``UserID``, ``ECKey``, ``AESKey``, ' '``UserID_PlatformSCP``, ``ECKey_PlatformSCP``, ``AESKey_PlatformSCP``. Default: ``None``') optional.add_argument( '--scpkey', default="None", help='') if len(sys.argv) == 1: parser.print_help(sys.stderr) return None args = parser.parse_args() if args.key_type not in SUPPORTED_ECX_KEY_TYPES: parser.print_help(sys.stderr) return None if args.subsystem not in ["se05x", "mbedtls"]: parser.print_help(sys.stderr) return None if args.auth_type not in ["None", "PlatformSCP", "UserID", "ECKey", "AESKey", "UserID_PlatformSCP", "ECKey_PlatformSCP", "AESKey_PlatformSCP"]: parser.print_help(sys.stderr) return None if args.connection_data.find(':') >= 0: port_data = args.connection_data.split(':') jrcp_host_name = port_data[0] jrcp_port = port_data[1] os.environ['JRCP_HOSTNAME'] = jrcp_host_name os.environ['JRCP_PORT'] = jrcp_port log.info("JRCP_HOSTNAME: %s" % jrcp_host_name) log.info("JRCP_PORT: %s" % jrcp_port) if args.connection_type == "t1oi2c": args.connection_type = "jrcpv1" elif args.connection_data.find('COM') >= 0: if args.connection_type == "t1oi2c": args.connection_type = "vcom" elif args.connection_data.find('none') >= 0: if args.subsystem == "a71ch": args.connection_type = "sci2c" else: parser.print_help(sys.stderr) return None if args.connection_type not in SUPPORTED_CONNECTION_TYPES: parser.print_help(sys.stderr) return None return args def main(): args = parse_in_args() if args is None: return keys_dir = os.path.join(cur_dir, '..', 'keys', args.key_type) import sss.sss_api as apis if not os.path.exists(keys_dir): os.mkdir(keys_dir) # ECX keys to be stored in SE051 # ------------------------------ ecx_key_kp_0 = keys_dir + os.sep + "ecx_key_kp_0.pem" ecx_key_kp_pubonly_0 = keys_dir + os.sep + "ecx_key_kp_pubonly_0.pem" ecx_key_kp_0_ref = keys_dir + os.sep + "ecx_key_kp_0_ref.pem" ecx_key_kp_1 = keys_dir + os.sep + "ecx_key_kp_1.pem" ecx_key_kp_pubonly_1 = keys_dir + os.sep + "ecx_key_kp_pubonly_1.pem" ecx_key_kp_1_ref = keys_dir + os.sep + "ecx_key_kp_1_ref.pem" ecx_key_kp_2 = keys_dir + os.sep + "ecx_key_kp_2.pem" ecx_key_kp_pubonly_2 = keys_dir + os.sep + "ecx_key_kp_pubonly_2.pem" ecx_key_kp_2_ref = keys_dir + os.sep + "ecx_key_kp_2_ref.pem" ecx_key_kp_3 = keys_dir + os.sep + "ecx_key_kp_3.pem" ecx_key_kp_pubonly_3 = keys_dir + os.sep + "ecx_key_kp_pubonly_3.pem" ecx_key_kp_3_ref = keys_dir + os.sep + "ecx_key_kp_3_ref.pem" execute_openssl_cmd(args.key_type, ecx_key_kp_0, ecx_key_kp_pubonly_0) execute_openssl_cmd(args.key_type, ecx_key_kp_1, ecx_key_kp_pubonly_1) execute_openssl_cmd(args.key_type, ecx_key_kp_2, ecx_key_kp_pubonly_2) execute_openssl_cmd(args.key_type, ecx_key_kp_3, ecx_key_kp_pubonly_3) session_close(None) session = session_open(args.subsystem, args.connection_data, args.connection_type, args.auth_type, args.scpkey) if session is None: return reset(session) key_id = [0x7DCCBB10, 0x7DCCBB11, 0x7DCCBB12, 0x7DCCBB13] key_kp = [ecx_key_kp_0, ecx_key_kp_1, ecx_key_kp_2, ecx_key_kp_3] key_ref = [ecx_key_kp_0_ref, ecx_key_kp_1_ref, ecx_key_kp_2_ref, ecx_key_kp_3_ref] i = 0 while i < len(key_id): status = set_ecc_pair(session, key_id[i], key_kp[i]) if status != apis.kStatus_SSS_Success: return status = refpem_ecc_pair(session, key_id[i], key_ref[i]) if status != apis.kStatus_SSS_Success: return i += 1 session_close(session) log.info("##############################################################") log.info("# #") log.info("# Program completed successfully #") log.info("# #") log.info("##############################################################") if __name__ == '__main__': func_timeout(120, main, None) # Timeout set to 2 minutes