#
# Copyright 2019 NXP
# SPDX-License-Identifier: Apache-2.0
#
"""
Provision attached secure element with RSA keys
This example generates a complete set of RSA key files (*.pem) (existing ones overwritten).
Performs debug reset the attached secure element.
Attached secure element provisioned with RSA key.
Creates reference key from the injected RSA key.
"""
import argparse
import sss.sss_api as apis
from func_timeout import *
from openssl_util import *
example_text = '''
Example invocation::
python %s --key_type rsa1024
python %s --key_type rsa2048 --connection_data 169.254.0.1:8050
python %s --key_type rsa2048 --connection_data 127.0.0.1:8050 --connection_type jrcpv2
python %s --key_type rsa2048 --connection_data COM3
''' % (__file__, __file__, __file__, __file__,)
def parse_in_args():
parser = argparse.ArgumentParser(
description=__doc__, epilog=example_text,
formatter_class=argparse.RawTextHelpFormatter)
required = parser.add_argument_group('required arguments')
optional = parser.add_argument_group('optional arguments')
required.add_argument(
'--key_type',
default="",
help='Supported key types => ``%s``' % ("``, ``".join(SUPPORTED_RSA_KEY_TYPES)), required=True)
optional.add_argument(
'--connection_type',
default="t1oi2c",
help='Supported connection types => ``%s``. Default: ``t1oi2c``' % ("``, ``".join(SUPPORTED_CONNECTION_TYPES)))
optional.add_argument(
'--connection_data',
default="none",
help='Parameter to connect to SE => eg. ``COM3``, ``127.0.0.1:8050``, ``none``. Default: ``none``')
optional.add_argument(
'--subsystem',
default="se05x",
help='Supported subsystem => ``se05x``, ``mbedtls``. Default: ``se05x``')
optional.add_argument(
'--auth_type',
default="None",
help='Supported subsystem => ``None``, ``PlatformSCP``, ``UserID``, ``ECKey``, ``AESKey``, '
'``UserID_PlatformSCP``, ``ECKey_PlatformSCP``, ``AESKey_PlatformSCP``. Default: ``None``')
optional.add_argument(
'--scpkey',
default="None",
help='')
optional.add_argument(
'--no_reset',
action="store_true",
help="do not reset contents of attached secure element")
if len(sys.argv) == 1:
parser.print_help(sys.stderr)
return None
args = parser.parse_args()
if args.key_type not in SUPPORTED_RSA_KEY_TYPES:
parser.print_help(sys.stderr)
return None
if args.auth_type not in ["None", "PlatformSCP", "UserID", "ECKey", "AESKey", "UserID_PlatformSCP", "ECKey_PlatformSCP", "AESKey_PlatformSCP"]:
parser.print_help(sys.stderr)
return None
if args.connection_data.find(':') >= 0:
port_data = args.connection_data.split(':')
jrcp_host_name = port_data[0]
jrcp_port = port_data[1]
os.environ['JRCP_HOSTNAME'] = jrcp_host_name
os.environ['JRCP_PORT'] = jrcp_port
log.info("JRCP_HOSTNAME: %s" % jrcp_host_name)
log.info("JRCP_PORT: %s" % jrcp_port)
if args.connection_type == "t1oi2c":
args.connection_type = "jrcpv1"
elif args.connection_data.find('COM') >= 0:
if args.connection_type == "t1oi2c":
args.connection_type = "vcom"
elif args.connection_data.find('none') >= 0:
pass
else:
parser.print_help(sys.stderr)
return None
if args.connection_type not in SUPPORTED_CONNECTION_TYPES:
parser.print_help(sys.stderr)
return None
if args.subsystem not in ["se05x", "mbedtls"]:
parser.print_help(sys.stderr)
return None
return args
def main():
key_id = 0x6DCCBB11
args = parse_in_args()
if args is None:
return
keys_dir = os.path.join(cur_dir, '..', 'keys', args.key_type)
key_size = args.key_type.replace("rsa", "")
if not os.path.exists(keys_dir):
os.mkdir(keys_dir)
rsa_key_pair = keys_dir + os.sep + "rsa_" + key_size + "_1_prv.pem"
rsa_ref_key_pair = keys_dir + os.sep + "rsa_" + key_size + "_ref_prv.pem"
run("%s genrsa -out %s %d" % (openssl, rsa_key_pair, int(key_size)))
session_close(None)
session = session_open(args.subsystem, args.connection_data, args.connection_type, args.auth_type, args.scpkey)
if session is None:
return
if not args.no_reset:
reset(session)
# Inject rsa key pair into the Secure Element
status = set_rsa_pair(session, key_id, rsa_key_pair)
if status != apis.kStatus_SSS_Success:
return
# Generate Reference key from the key injected. Store it in file referred by "rsa_ref_key_pair" variable.
status = refpem_rsa(session, key_id, rsa_ref_key_pair)
if status != apis.kStatus_SSS_Success:
return
session_close(session)
log.info("##############################################################")
log.info("# #")
log.info("# Program completed successfully #")
log.info("# #")
log.info("##############################################################")
if __name__ == '__main__':
logging.basicConfig(level=logging.DEBUG)
func_timeout(180, main, None) # Time out set to 3 minutes.