;)diM rddlZddlmZddlZddlZddlZddlZddlZddl Z ddl Z ddl Z ddl m Z ddlmZddlmZddlmZddlmZddlmZmZmZmZdd lmZmZmZdd lmZdd l m!Z!dd l"m#Z#ddl$Z$dd l%m&Z&dZ'dZ(dZ)dZ*dZ+dZ,dZ-dZ.dZ/dZ0de1de2fdZ3de1de1fdZ4de1de1fdZ5 dde de6de6fdZ7de de8dzd e dzd!e fd"Z9d#ej:de8fd$Z;d%e2d&e8dzde8fd'Zde dej=fd)Z?de dej@fd*ZAd+e1dejBej=zfd,ZCd+e1dejDej@zfd-ZEde dejDej@zfd.ZFeGd/d0ZGd1ejDdeGfd2ZHd3e2d4e2d5e2de1fd6ZId%e2deJe de8dzd7e6d8e6d9e dzd:eJe d;eJe deJe dzget_chunks..5s1 P P!F1q9}$ % P P P P P Pr)rangelen)rrs``r! get_chunksr&3s3 P P P P PuQF Y/O/O P P PPr#returnct|dzdksJdt|dzz}tjd|zgtjd|z|RS)z+Endian-swap each word in 'source' bitstringrI<>)r%structpackunpackrwordss r!endian_swap_wordsr28s^ v;;?a     3v;;!# $E ;sU{ HV]3;%G%G H H HHr#c t|dzdksJdt|dzz}tj|gttj||RS)z1Swap the order of the words in 'source' bitstringr)rr*)r%r-r.reversedr/r0s r!swap_word_orderr5?s^ v;;?a     3v;;!# $E ;u Fx eV(D(DEE F F FFr#Fkeyfileis_flash_encryption_keyaes_xtsc|}t|dvr%tjdt|d|ru|r:t|dvr(tjdt|dzdn9t|dvr(tjd t|dzd t|d kr$t |}t jd nt|d kr7||dd z}t|dksJt jdnO>Om&/3$2E%2%?%A%A gt$$ % $$$ % % % % % % % % % % % % % % % ISSSS T T T T T z ! ! Q ' g > > > ISSSS     z ! ! Q ' g > > > ISSSS     z ! ! Q ' g > > > ISSSS     $%S&%S%S%STT TA sD;;D?D?cR tj|dt}n"#t$rt jdwxYwt|jtj tj ztj zst jd|S)zLoad ECDSA signing keyNpasswordrMzLIncorrect ECDSA private key specified. Please check algorithm and/or format.z3Supports NIST192p, NIST256p and NIST384p keys only.) rload_pem_private_keyr?rrzr@rA isinstancecurver rwrxryr6sks r!load_ecdsa_signing_keyrs  / LLNNT?3D3D         4    bh r| ;bl J K KX !VWWW Is 58Act|}t|jtjst jd|S)z.Load ECDSA signing key for Secure Boot V1 onlysSigning key uses incorrect curve. ESP32 Secure Boot only supports NIST256p (openssl calls this curve 'prime256v1').)rrrr rxr@rArs r!_load_ecdsa_signing_keyrsG  ( (B bh - -   @    Ir#c tj|t}n"#t$rt jdwxYwt|jtj st jd|S)z0Load ECDSA verifying key for Secure Boot V1 onlyrLzKIncorrect ECDSA public key specified. Please check algorithm and/or format.r) rload_pem_public_keyr?rrzr@rArrr rx)r6vks r!_load_ecdsa_verifying_keyrs  . LLNNO$5$5         4    bh - -   @    Is 47Akeydatactj|dt}t|tjr*|jdkrtjd|jd|St|tj rOt|j tj tj ztjzstjd|Stjd)ze Load Secure Boot V2 signing key can be rsa.RSAPrivateKey or ec.EllipticCurvePrivateKey NrrKey file has length - bits. Secure boot v2 only supports RSA-3072.Key file uses incorrect curve. Secure Boot V2 + ECDSA only supports NIST192p, NIST256p, NIST384p (aka prime192v1 / secp192r1, prime256v1 / secp256r1, secp384r1).z+Unsupported signing key for Secure Boot V2.)rrrrr RSAPrivateKeyrr@rAr EllipticCurvePrivateKeyrrwrxry)rrs r!_load_sbv2_signing_keyr!s  +$(9(9   B"c'(( ;$  $%r{%%%  "b011"(BL2<$?",$NOO $6    J K KKr#ctj|t}t|tjr*|jdkrtjd|jd|St|tj rOt|j tj tj ztjzstjd|Stjd)z^ Load Secure Boot V2 public key, can be rsa.RSAPublicKey or ec.EllipticCurvePublicKey rLrrrrz*Unsupported public key for Secure Boot V2.)rrrrr RSAPublicKeyrr@rAr EllipticCurvePublicKeyrrwrxry)rrs r!_load_sbv2_pub_keyr?s  *7ONrN)0r=`)rrr%)rrrbyte_lenabs r!_microecc_formatrse 9q=!!HQ))$$B$/,q(2K2KDDbD2QQB r77l " " " " Ir#append_signatureshsm hsm_configpub_key signaturedatafilec |r|D]} t| |t|||dkrt||||||S|dkrt||||||||SdSNrr)rQsign_secure_boot_v1sign_secure_boot_v2) rr6rFrrrrrrfiles r! sign_datars5 5 5D &tV 4 4 4 4x000#~~"7FC)XVVV C"            r# signaturesc0|}|rtjd|rtjdt |dkrtjd|d}t |ddd}t |ddd} tj || } t|d} nt |dkrtjdt|d} | |tjtjd } | } | | |tjtjtj| \}} |dd } | dd }| |z} |Et*j|t*j|jkr*|t5|jd }n%t5|d }|||t9jdd|| |tjdt |d|jddS)z] Sign a data file with a ECDSA private key, append binary signature to file contents zXSecure Boot V1 does not support signing using an external Hardware Security Module (HSM)"Pre-calculated signatures found...rz-Secure Boot V1 only supports one signing key.rNr<bigT)deterministic_signing byteorderrrOr*Signed  bytes of data from "r)r?r@rArrCr%r from_bytesr encode_dss_signaturerrsignr ECDSArSHA256rverifydecode_dss_signatureto_bytesrSr_abspathracloserbrcr-r.)r6rFrrrrbinary_content raw_signaturersrrrr_bytess_bytesoutfiles r!rrs]]__N    6    6777 w<28FMOO#<#<  %i 0 0DAqjjuj--Gjjuj--G'!I ~00BGOO 55 x}d++vt$$ n%%% MM C MM) MMOOOISN++SS(-SSSTTTTTr#c bd}|} d} d} t| tzdkrV|rtjdtt| tzz } t jd| d| d| zz } n|r| |kr#t| | } | n| | z } | d z } | |k#t| tzdkrtjd | dkrt jd nTt j| d | |krtjd |d| dt| tz } |r|tjdddl m } | |}n*#t$r}tjd|dd}~wwxYwt|dkrt|}t|| }|r_t jdt|}t||kr(tjd|dt|dnt|}|| z }||krtjd|d|dt j|d|rt||| }nt!|| }|t|dkrtjd| |z } t| dkrJt| tdzkr/t| tzdkrtjdt| tz}| dtt| z zz} t| tkrtjd |||j}t'|d5}|| | zdddn #1swxYwYt jdt| d|jd|ddS)z Sign a firmware app image with an RSA private key using RSA-PSS, or ECDSA private key using P192 or P256 or P384. Write output file with a Secure Boot V2 header appended. rrr#zSecure Boot V2 requires the signature block to start from a 4KB aligned sector but the datafile supplied is not sector aligned.zPadding data contents by z5 bytes so signature sector aligns at sector boundary.rKNrz Incorrect signature sector size.zgNo valid signature blocks found. Discarding --append-signature and proceeding to sign the image afresh.zB valid signature block(s) already present in the signature sector.zUp to zU signature blocks are supported (For ESP32-ECO3 only 1 signature block is supported).zDConfig file is required to generate signature using an external HSM."Incorrect HSM config file format ().rzNumber of public keys (z)) not equal to the number of signatures (zNumber of keys (z() more than the empty signature blocks (z signing key(s) found.z"Signature Block generation failed.z&Incorrect signature sector generation.rOrrz". Signature sector now has z signature blocks.)r?r% SECTOR_SIZEr@rArrCvalidate_signature_blockSIG_BLOCK_SIZEespsecure.esp_hsm_sign esp_hsm_signread_hsm_config Exceptionextract_pubkey_from_hsmgenerate_signature_using_hsm7generate_signature_block_using_pre_calculated_signature*generate_signature_block_using_private_keyrrarbrc)r6rFrrrrrrSIG_BLOCK_MAX_COUNTcontents sig_block_numsignature_sectorpad_by sig_blockhsm_signconfigr key_countempty_signature_blockssignature_blocktotal_sig_blocksrns r!rrs }}HM 8}}{"a''  )$C  !CMMK$?@F IAFAAA    &( (HH ?1110=III     Q M111  > 1Q 6 6$%GHH H A   IY     I +++    333(L0LLL =#h--+"= =>H C  $V  211111 Q--j99FF Q Q Q$%O!%O%O%OPP P Q w<<1  -f55G0BB  ! 6777LL y>>Y & &$@)@@-0^^@@@  ' LL 0=@)))  +y + +& + + +   I222333XQ w   EWhWW#o"6"6!";"; !EFFF' !!  ! !NQ$6 6 6  ! !N 2a 7 7 !IJJJ+,,>(;%5!6!667  ++ !CDDD~ fd  -q ++,,,---------------I I#h-- I Ihm I I$4 I I Is*4F F1F,,F1O44O8;O8r rc:ddlm}||}|||}|||}||t j}||| d|gS)Nr) rrestablish_sessionget_privkey_info sign_payloadclose_connectiontempfile TemporaryFilercrU)r rrsessionrrtemp_signature_files r!rrs)(((((##F++G&&w77K  h77I!!!"022i(((Q   r#c Dd}t||D] \}} t|}|}t|tjrt |}t|} |||tj tj tj dtjtj t!|| |} n|} t| jt&jr,d} t*} tj }t |}nt| jt&jr,d} t.} tj }t |}n_t| jt&jr,d} t2} tj}t7|}nt9jd|||t'jtj|t?| j | j!| }tj"|\}}t?||| }tG|| ||} n'#tHj%$rt9jdwxYw| tMj'd tQj)| d zz } | d z } tU| tVkrt9jd || z } |S) Nr#r<mgf salt_lengthInvalid ECDSA curve instance.z}Signature verification failed: Invalid Signature The pre-calculated signature has not been signed using the given public key. 1 1$%FGG GO+ s I9J$J8keyfilesc d}|D]}t|}t|tjrt |}||tjtj tj dtj tj }t|}t!|||}n|} t|jt&jr,d} t*} tj } t |}nt| jt&jr,d} t.} tj } t |}n_t| jt&jr,d} t2} tj} t7|}nt9jd||t'jtj | }t?| j | j!| } tj"|\}}t?||| }tG|| | |}|tIj%dtMj'|d zz }|d z }tQ|tRkrt9jd ||z }|S) Nr#r<rrr r!r"r#r$r%r&)*rr?rr rrBrr r(r)rrr r*rrr+rrr rwr,rxr-ryr.r/r0r@rArrr1r2rr3r-r.r5r6r%r)r?rr7r6rrdrr;rrrrqr<r=rrr>s r!rrs8,8,,W\\^^<<  k3#4 5 5, #H--F#((  V]__55 " 00 I6k6L6L6N6NOON: OO",,..==??G++R\:: J ("MOO '11GM2<88 J ("MOO '11GM2<88 J ("MOO '11()HIII$((%/):T:T1U1UVVI+GIwy)LLL-i88DAq+Aq)< 1 1$%FGG GO+ r#rdr;ctjdtt|t |jddd|jt |jddd|jdz|ddd }|S)a Encode in rsa signature block format Note: the [::-1] is to byte swap all of the bignum values (signatures, coefficients) to little endian for use with the RSA peripheral, rather than big endian which is conventionally used for RSA. zc |ttfvr+tjdtt t ||||}nJ|tkr+tjdtt t||||}ntj d|S)z Encode in rsa signature block format # block is padded out to the much larger size # of the RSA version of this structure zrs r!r3r33sM=111 + "  #         ] " " + !  #         U    r#cb|dkrt||S|dkrt||||SdSr)verify_signature_v1verify_signature_v2rrrr6rs r!verify_signaturerL[sA#~~"7H555 C"3 GXFFF r#ct|}d|vr8tj|dt}|}nd|vr#tj|t}nt |dkrt|ddd }t|ddd }tj ||tj }|t}ntj d t|jtj stj d |}|d d } t!jd|d d\} } | d krtj d| dt%jdt | d t| ddd } t| ddd } t)j| | }||| tjt1jt%jddS#t4j$rtj dwxYw)zCVerify a previously signed binary image, using the ECDSA public keyrNrrrLr=r<rrziVerification key does not appear to be an EC key in PEM format or binary EC public key data. Unsupported.zrPublic key uses incorrect curve. ESP32 Secure Boot only supports NIST256p (openssl calls this curve 'prime256v1').riI64szSignature block has version z4. This version of espsecure only supports version 0.z Verifying z bytes of data...zSignature is valid.zSignature is not valid.)r?rrrrrr%rrr EllipticCurvePublicNumbersrxr@rArrr-r/rrCr rrrrrrr4)r6rrrrr1r2rrdata sig_versionrrr der_signatures r!rIrIhs||~~H8++  / t_->->   ]]__  ) )  .xARAR S S S X"   NN8CRC=EN : : NN8BCC=EN : :/1blnnEE   (9(9  : :  9   bh - -   @   ]]__N !C% D#]6>#$$3GHHKa  '; ' ' '   I73t99777888 < NN9SbS>UN ; ; NN9RSS>UN ; ;21a88  -rx '@'@AAA '(((((  &<<< !:;;; ) ) ) )17 $g11-E7Aq!Q1g z'%4%.))H/(=?V'WWW7h&;;;t#888uugHIEEEEEEFFF Nr#c  |rr|tjdddlm} ||}n*#t $r}tjd|dd}~wwxYwt |d}t|}t|tj rd}nt|tj rd}| } t| tkst| tzdkrtjdd } t!|D]} t#| | } | t%jd | d .t)jd | dd \} }}|t,krL|t.krAt)jd| d dd}t1| dt }n@t)jd| d dd}t3| dt }||krtjd|d|d t|tj rt)jd| dd\} } } } }} ||ddd|t7jt7jt=jdtAj!t=jnl|tDkr"t)jd| dd\}}}n,|t.kr!t)jd| dd\}}}|tFtHtJfvsJ|tFkrd}t=j}nA|tHkrd}t=j}n |tJkrd}t=j&}tN(|d|d}tN(|||dzd}tAj)||}|||tj*tAj!|t|tj rdnd }t%jd | d!|dd"} l#tVj,$rt%jd | d#YwxYw| stjd$dS)%zJVerify a previously signed binary image, using the RSA or ECDSA public keyNzCConfig file is required to extract public key from an external HSM.rrrrrDInvalid datafile. Data size should be non-zero & a multiple of 4096.FrWz invalid. Skipping. is not signed by the supplied key. Checking the next block...zJChecked all blocks. Signature could not be verified with the provided key.)-r@rArrrrrrrr rr rr?r%rr$rrrCr-r/rErGr0rBrr r(r)rrr r*rFr,r-r.r/rrrrrr4)rrr6rr r rrrrSvalidrTrYr[recdsa_sha_version blk_digestrdrrq_pubkey encoded_rskeylenr<rrr_s r!rJrJsT 5  $U  211111 Q--j99FF Q Q Q$%O!%O%O%OPP P Q*&11!4 7 # #B"c&''  B1 2 2 MMOOM =K''3}+=+= +Kq+P+P R    E011JJ *=+FF ? IIIII J J J (. gwrr{(K(K%7% - - -2C}2T2Tvwqt}==a@J#M-K<-$@AAFFvwqt}==a@J#M-K<-$@AAF   $L+1LL>HLLL  6 "c.//& S+1=)7233<,,(1aIq dddOKGL$A$ArRRROFMOO44 % 554:M+WRSS\551Hgzz'-774:M*GBCCL551Hgz M=-#PPPPP},,F & II..F & II..F & INN:gvg#6AANN:fvz.A#BHMM!6q!<<  )VRXeoi6P6P-Q-QRRR *2s/? @ @MuugH I2;22%-222   EE*    I-;---    H     X     s(6 AAA1I"R'S?Spublic_keyfilecht|||dkrr t|}|}|jdd}|jdd}||z}no|dkri t|}| tj j tj j}||t!jd|jd|jddS) Nrr<rrrtrurPz" public key extracted to "r)rQrrrr1rr2rr? public_bytesrr}r~ PublicFormatSubjectPublicKeyInforcrrCra)rr6rnrrx_bytesy_bytesrs r!extract_public_keyrv#s"w777#~~ %W - -7799 "++B66 "++B66 w  C $GLLNN 3 3 ]]__ ) )"+/ -B*  IR',RR>;NRRRSSSSSr#cxddlm}||}|||}|||t jjt j j }tj }| ||d|gS)Nrrp)rrr get_pubkeyrrqrr}r~rrrsrrrcrU)r rrrrtemp_pub_key_files r!rr>s((((((##F++G00J!!!  ! !'+)> "  C!.00C   1  r#cztj}|||Sr)r\sha256r^rd)rPrds r!rBrBPs/ ^  F MM$ ==??r#cztj}|||Sr)r\sha384r^rd)rrds r!r0r0Vs/ ^  F MM( ==??r#c d}|}t|tkst|tzdkrtjdt |D]}t ||}|tjd|ddStj d|dd\}}}|tkr>|tkr3tj d |}t|dt } n2tj d |}t|dt } |d | krtjd |d t |tzz} || | tz} |dt krt| dd} nd|dtkr;|tkrt| dd} n0t| dd} ntjd|dtjd|dddt%| DdS)zg Validates the signature block and prints the RSA/ECDSA public key digest for valid blocks rrraNrWz1 absent/invalid. Skipping checking next blocks...rbr)z .s&BBq1 BBBBBBr#)r?r%rr@rAr$rrrCr-r/rErGr0rBrrCjoin bytearray) rrrSrTrYr[rrisig_datardrXr  key_digests r!signature_info_v2r]s MMOOM =K''3}+=+= +Kq+P+P R   011) ) *=+FF ? I!;!!!    FF(. gwrr{(K(K%7% - - -2C}2T2T}_g>>H#M-K<-$@AAFF}_g>>H#M-K<-$@AAF A;& $$[$$$   n <<!&6N+B"BC A;/ / /' "S&(9::JJ a[3 3 3 M11+Ibf,=>> +Ibf,=>> $GGGG   E; E ExxBBIj,A,ABBBBB E E    M) ) r#c 8t|}t|tjrkt |}t jdt|jddd|j t|j ddd|j dz}n| }t|j tjr d}t }nQt|j tjr d}t$}n(t|j tjr d}t(}t+|j|j|}|t(krt jd||}nt jd||}t1j|S) Nz <384sI384sIrNr$rr r!z- ( ( / / 1 11r#ct||t|}t|d5}tjd|jd|d||ddddS#1swxYwYdS)NrOz"Writing the public key digest of "z" to "r)rQrrbrrCrarc)r6rFpublic_key_digestrns r!digest_sbv2_public_keyrsw////88 fd  #q Uw|UU6UUUVVV !"""##################s6A33A7:A7ct|j|jdzdzdS)Nr>r)lengthr)private_numbers private_valuerr)rs r!get_ecdsa_signing_key_raw_bytesrs>     - 6 6 aA% 7  r#rm digest_filec \t||t|}t|}tj|}|dkr |dd}|||dkrdnd}tjd|j d|d |j d dS) Nrrr;r z (truncated to 192 bits)zSHA-256 digest of private key "rPz written to "r) rQrrr\r{rdrcrrCra)r6rmrrr|resultlen_msgs r!digest_private_keyrsw 444  ) )B3B77M ^M * * 1 1 3 3F }}"fcMMbb'AGI ,', , , , ,"' , , ,r#(r: r>rrrrrrrrr:rrrrrrrr>rrrrrrrrrrr:rrrrrrrr>rrrrrrrrrr>rrrrrrrrrrr:rrrrrrrr>rrrrrrrrrrr:rrrrrrrr>rrrrrrrrrrr:rrrrrrrr>rrrrrrrr>rrrrrrrrrrr:rrrrrrrr>rrrrrrrrrrr:rrrrrrrr>rrrrrrrrrrr:rrrrrrrr>rrrrrr>rrrrrrrrrrr:rrrrrrrr>rrrrrrrrrrr:rrrrrrrr>rrrrrrrrrrr:rrrrrrrr>rrrr>rrrr rflash_crypt_configczd}|dzdkr|dz}|dzdkr|dz}|dzdkr|dz}|dzdkr|d z}|S) zReturn bits (in reverse order) that the "key tweak" applies to, as determined by the FLASH_CRYPT_CONFIG 4 bit efuse value. rrl~rl r)l r>lr)r tweak_ranges r!"_flash_encryption_tweak_range_bitsrsKQ1$$ N  Q1$$ N  Q1$$ N  Q1$$ N  r#l l lpl~~rDrXrc|dz }|t|zt|ztzz|zz}t|dddS)a=Apply XOR "tweak" values to the key, derived from flash offset 'offset'. This matches the ESP32 hardware flash encryption. tweak_range is a list of bit indexes to apply the tweak to, as generated by _flash_encryption_tweak_range() from the FLASH_CRYPT_CONFIG efuse value. Return tweaked key rr<rF)rrsigned)mul1mul2 mul2_maskrr)rDrXraddrs r!_flash_encryption_tweak_keyrsH Q;DTD[dTkY6 7; FFC <<B%< F FFr# output_file input_file flash_addressflash_crypt_conf do_decryptcxt|dd}|dzdkrtjd|dd|dkrtjd t |}t |d d }t}d } |} | d} t| dkrd St| dkrW|rtjd dt| z } | tj | z} tj d| d| dzdks| It|| |} | `tt!j| t%j|} |r| n| }n |jj}|j|jj|jj|jj|j| |jj|jj}||dknF#t>$r9| | j _!|r| n| }YnwxYw| d d d} |"| } |#| d d d| dz } .)a@ Perform flash encryption or decryption operation for ESP32. This function handles the encryption or decryption of flash data for ESP32 chip. It reads data from the input file, processes it in 16-byte blocks, and writes the processed data to the output file. The function ensures that the key length is either 192 or 256 bits, as required by the ESP32 chip. It also checks that the flash address is a multiple of 16. Note: This function is specific to the ESP32 chip. For other chips, use the --aes_xts flag to call the correct function. TFr8r:rStarting flash address #x must be a multiple of 16.z4Setting FLASH_CRYPT_CONF to zero is not recommended.r)rrNz*Data length is not a multiple of 16 bytes.zNote: Padding with zI bytes of random data (encrypted data must be multiple of 16 bytes long).r<rLrN)$rEr@rArrRrrrrr?r%rSrTrCrr rrYrrZr[ decryptor_ctx_backend_libEVP_CipherInit_ex_ffiNULL from_buffer _operationopenssl_assertAttributeError algorithmrDr^rc)rrrr6rrrDrrMrk block_offsrlpad block_keyactorress r!!_flash_encryption_operation_esp32r-s( WdE : : :CrQ Rm R R R R   1 JKKK45EFFK ..e. < 4C[QQI~ y 9 959;;PWXXX /9P((***f>N>N>P>PU#j1G!,88  ) ) 00;; ) - C**3!84444%UUU,5F$(2<TF,,...&BRBRBTBTEEE U ddd  U##%"+&&&b m6s"BH11AI43I4cLt}t|dd}|}|dzdkrtjd|ddt |dzdkr%tjdt |d t |dkrtjd |d z}d |z|z}t |d z} | dkrd | z } |d | zz}t |d } g} | D]} tjd |dzdz} |d z }t | dkr%tjdt | dttj |tj | |}|r|n|}| ddd} || }| |dddd| }| dkr |d| }|dkr ||d}t |t ||z | z kr;tjdt ||z | z dt |d||dS)a Apply the AES-XTS algorithm with the hardware addressing scheme used by Espressif key = AES-XTS key (32 or 64 bytes) flash_address = address in flash to encrypt at. Must be multiple of 16 bytes. indata = Data to encrypt/decrypt. Must be multiple of 16 bytes. encrypt = True to Encrypt indata, False to decrypt indata. Returns a bitstring of the ciphertext or plaintext result. Trr:rrrrzInput data length (z) must be a multiple of 16.z!Input data must be longer than 0.rJr#is z Length of tweak must be 16, was rrLNrNr#zLength of input data (z ) should match the output data (r)rrEr?r@rAr% _split_blocksr-r.r rrYrXTSrr[r^appendrrc)rrrr6rrMrDindatapad_left pad_rightinblocks output_listinblocktweakrkr[outblockrFs r!#_flash_encryption_operation_aes_xtsrsG WdD 9 9 9C __  FrQ Rm R R R R    6{{R1 J#f++ J J J    6{{a !DEEEt#H F *FF d"I1}}9$ w* +FVT**HK + + D=5#8::lK u::  $%UE %U%U%UVV V s++UYu-=-=wOOO*4LF$$&&&&:J:J:L:L $$B$-##G,,8DDbD>**** XXk " "FA~~ ) $1}} " 6{{c&kkH,y888  =S[[8%;i%G = =-0[[ = = =   fr#r:text block_lenc#Kt||zdksJd}|t|kr)||||zV||z}|t|k'dSdS)z4Take bytes, split it into chunks of "block_len" eachrN)r%)rrposs r!rrsr t99y A % % % % C D //3y())))Io D //////r#addressencrypted_filect||t|||rt||||dSt|||||dS)NTrQrrr6rFrrr8rs r!decrypt_flash_datarsow///~v666  2 NGWd   1          r#plaintext_filect||t|||rt||||dSt|||||dS)NFrr6rFrrr8rs r!encrypt_flash_datarsow///~v666  2 NGWe   1          r#ctjtj|tjtj|kSr)rSr_normcasenormpath)p1p2s r! _samefilersV 7  BG,,R00 1 1RW5E5E 66 r#ct|d|}t|d|}t|trt|trtn tj}|||rt jd|d|ddS)Nraz The input "z" and output "z" should not be the same!)getattrrstrroperatoreqr@rA)rrr ocheck_fs r!rQrQs  FJ//A V[11A &a--U*Q2D2DUii(+Gwq!}}  G! G G1 G G G     r#ceZdZddddZdS)Group --aes-xts--flash-crypt-conf--append-signatures)z --aes_xtsz--flash_crypt_confz--append_signaturesN)rrrDEPRECATED_OPTIONSrr#r!rr(s& 24r#rTz-hz--helpx)help_option_namesmax_content_width espsecure vz, - ESP32 Secure Boot & Flash Encryption tool)clsno_args_is_helpcontext_settingshelpcHtjdtjdS)Nr)rrCr@ __version__rr#r!clir 0s&I1G/1122222r#zdigest-secure-bootloaderz --keyfilez-krbz#256 bit key for secure boot digest.)typerequiredr z--outputz-oz$Output file for signed digest image.)rr z--ivzl128 byte IV file. Supply a file for testing purposes only, if not supplied an IV will be randomly generated.)rc*t||||dS)zTake a bootloader binary image and a secure boot key, and output a combined digest+binary suitable for flashing along with the precalculated secure boot key.N)rp)r6rFrfrHs r!digest_secure_bootloader_clir;s*Wfb%88888r#zgenerate-signing-keyz --versionz-vrrz1Version of the secure boot signing scheme to use.)rdefaultr z--schemez-s)rrrrzScheme of secure boot signing.)rr rc(t|||dS)zYGenerate a private key for signing secure boot images as per the secure boot version.N)r)rrr6s r!generate_signing_key_clirSs&&'22222r#z sign-dataz3Private key file for signing. Key is in PEM format.)rrrmultipler zGOutput file for signed digest image. Default is to sign the input file.rz-azTAppend signature block(s) to already signed image. Not valid for ESP32 and ESP32-C2.)is_flagr z--hsmzWUse an external Hardware Security Module to generate signature using PKCS#11 interface.z --hsm-configrzWConfig file for the external Hardware Security Module to be used to generate signature.z --pub-keyzPublic key files corresponding to the private key used to generate the pre-calculated signatures. Keys should be in PEM format.)rrrr z --signaturezdPre-calculated signatures. Signatures generated using external private keys e.g. keys stored in HSM.)rrrrr c 4t||||||||| dS)z*Sign a data file for use with secure boot.N)r) rr6rFrrrrrrs r! sign_data_cliris<R      r#zverify-signaturez)Version of the secure boot scheme to use.zUUse an external Hardware Security Module to verify signature using PKCS#11 interface.zUConfig file for the external Hardware Security Module to be used to verify signature.)rrr zMPublic key file for verification. Can be private or public key in PEM format.c,t|||||dS)zIVerify a data file previously signed by "sign_data" using the public key.N)rLrKs r!verify_signature_clirs >Wc:wAAAAAr#zextract-public-keyzJPrivate key file (PEM format) to extract the public verification key from.zpublic-keyfilerO)lazyc(t|||dS)zUExtract the public verification key for signatures, save it as a raw binary file.N)rv)rr6rns r!extract_public_key_clirs&w88888r#zdigest-rsa-public-key) deprecatedzOutput file for the digest.c&t||dS)z1Generate an SHA-256 digest of the RSA public key.Nrr6rFs r!digest_rsa_public_keyr"$7F+++++r#zdigest-sbv2-public-keyc&t||dS)z-Generate an SHA-256 digest of the public key.Nr r!s r!digest_sbv2_public_key_clir% r#r#zsignature-info-v2c$t|dS)zGReads the signature block and provides the signature block information.N)r)rs r!signature_info_v2_clir'!shr#zdigest-private-keyz8Private key file (PEM format) to generate a digest from.z--keylenz-lz`Length of private key digest file to generate (in bits). 3/4 Coding Scheme requires 192 bit key.z digest-filec(t|||dS)z5Generate a SHA-256 digest of the private signing key.N)r)r6rmrs r!digest_private_key_clir)(s&w 44444r#zgenerate-flash-encryption-keyzkey-filekey_filectjd|d|jd|t j|dzdS)zAGenerate a development-use flash encryption key with random data.zWriting z random bits to key file "rr>N)rrCrarcrSrT)rmr*s r!generate_flash_encryption_keyr,>sPILLL8=LLLMMM NN2:fk**+++++r#zdecrypt-flash-datazFile with flash encryption key.zOutput file for plaintext data.z --addressz0Address offset in flash that file was read from.rzSOverride FLASH_CRYPT_CONF eFuse value (default is 0xF) (applicable only for ESP32).rz-xz6Decrypt data using AES-XTS (not applicable for ESP32).zencrypted-filec.t||||||dS)z>Decrypt some data read from encrypted flash (using known key).N)rrs r!decrypt_flash_data_clir.N/P"2G^r#zencrypt-flash-datazOutput file for encrypted data.z3Address offset in flash where file will be flashed.z6Encrypt data using AES-XTS (not applicable for ESP32).zplaintext-filec.t||||||dS)zAEncrypt some data suitable for encrypted flash (using known key).N)rrs r!encrypt_flash_data_clir1{r/r#argvcp t|dS#t$r}|jdkrYd}~dSd}~wwxYw)aA Main function for espsecure argv - Optional override for default arguments parsing (that uses sys.argv), can be a list of custom arguments as strings. Arguments and their values need to be added as individual items to the list e.g. "--port /dev/ttyUSB1" thus becomes ['--port', '/dev/ttyUSB1']. )argsrN)r  SystemExitcode)r2rs r!mainr7sT   6Q;;  ;;;;;s 5 05ctt tdS#tj$r6}t jd|tjdYd}~dSd}~wt$r1} d|j Drt jd#xYwd}~wt$r,t jdtjdYdSwxYw)Nz A fatal error occurred: rcg|]}d|v| S)zCould not deserialize key data.r)rargs r! z_main..s#RRR)Jc)Q)Q)Q)Q)Qr#zNote: This error originates from the cryptography module. It is likely not a problem with espsecure, please make sure you are using a compatible OpenSSL backend.z)KeyboardInterrupt: Run cancelled by user.) rrr7r@rArerrorsysexitrzr4KeyboardInterrupt)rs r!_mainr@sx(((    2q22333      RRqvRRR  S EEEE  =>>>  s8&C+A&& C4%BBBB5CC__main__)F)r)r:r) configparser dataclassesr rich_clickclickr\rrSr-r=rr5typingr cryptographyrcryptography.hazmat.backendsrcryptography.hazmat.primitivesrr)cryptography.hazmat.primitives.asymmetricr r r r &cryptography.hazmat.primitives.ciphersr rrcryptography.utilsresptool.cli_utilresptool.loggerrr@ esptool.utilrrBrCrErFrGr,r-r.rrbytesrr&r2r5boolrErrp EllipticCurverrrrrrrrrrrrrrrlistrrr SectionProxyrrrr+r3rLrIrrJrvrrBr0rrrrr_FLASH_ENCRYPTION_TWEAK_PATTERNr%rrr mul1_maskrrrrrrrrrQcli_utilrgroupdictr r commandoptionFilePathargumentrChoicerrrrr"r%r'r)r, AnyIntTyper.r1r7r@rrr#r!ras!!!!!!  ######888888111111888888MMMMMMMMMMMMLLLLLLLLLL++++++))))))333333       QuQQQQQ IeIIIIIGEGeGGGGAF'' '*.'9=''''T?7 ?7t?7.04i?7@B?7?7?7?7D"*:S$,U#,UsTz,UC,U,U,U,U^ B 2+E     RB,Frb.G&L L33LLLL<KK#*:R=V*VKKKK0rc&69R&R$   )9 j              "X  $J     T  "X Bx       R         C    D    ?  D       D!1!122232  z2     sCj ! !  4      C   D   2  D!1!1222BB32 ! :B  !""  sCj ! !  <  D    U  zuz$T'B'B'BCCC99DC#" 9  $66  D    2    & ,,76 ,  %&&  D    2    & ,,'& ,  !! D!1!1222  32"!  !""  D    C     JEJt$$?$?$?@@@55A@#""5  ,--     Dt!=.-,  !""  D    *  Dt $ $ $  *    $ $ & &  ;    $ $ & &     A   zuz$'7'788898 #"H !""  D    *  Dt $ $ $  *    $ $ & & >     $ $ & &     A   zuz$'7'788898 #"H  tCy4     , z EGGGGGr#