commit 1a56789d5f343e490d909ad1f943460b62175ad8
author Shubham Patil <shubham.patil@espressif.com> Thu Nov 24 23:25:37 2022 +0530
committer GitHub <noreply@github.com> Thu Nov 24 12:55:37 2022 -0500
tree ac23c9d5191d8a49109ca6ba7a3a4dc4b50c2867
parent 6026c6039651e87c6ede80a92b09b060530c7f75

[ESP32] Use spake2p.py to generate the PAKE verifier (#23748)

* [ESP32] Use spake2p.py to generate the PAKE verifier

* lets import rather than executing the script

scripts/tools/generate_esp32_chip_factory_bin.py

diff --git a/scripts/tools/generate_esp32_chip_factory_bin.py b/scripts/tools/generate_esp32_chip_factory_bin.py
index 64b6c29..988178b 100755
--- a/scripts/tools/generate_esp32_chip_factory_bin.py
+++ b/scripts/tools/generate_esp32_chip_factory_bin.py
@@ -19,6 +19,7 @@
 import os
 import sys
 import shutil
+import base64
 import logging
 import argparse
 import subprocess
@@ -28,6 +29,10 @@
 from bitarray import bitarray
 from bitarray.util import ba2int
 
+CHIP_TOPDIR = os.path.dirname(os.path.realpath(__file__))[:-len(os.path.join('scripts', 'tools'))]
+sys.path.insert(0, os.path.join(CHIP_TOPDIR, 'scripts', 'tools', 'spake2p'))
+from spake2p import generate_verifier  # noqa: E402
+
 if os.getenv('IDF_PATH'):
     sys.path.insert(0, os.path.join(os.getenv('IDF_PATH'),
                                     'components',
@@ -48,7 +53,6 @@
 FACTORY_PARTITION_BIN = 'factory_partition.bin'
 NVS_KEY_PARTITION_BIN = 'nvs_key_partition.bin'
 
-
 FACTORY_DATA = {
     # CommissionableDataProvider
     'discriminator': {
@@ -224,13 +228,6 @@
     return fl_dict
 
 
-def check_tools_exists():
-    TOOLS['spake2p'] = shutil.which('spake2p')
-    if TOOLS['spake2p'] is None:
-        logging.error('spake2p not found, please add spake2p path to PATH environment variable')
-        sys.exit(1)
-
-
 def check_str_range(s, min_len, max_len, name):
     if s and ((len(s) < min_len) or (len(s) > max_len)):
         logging.error('%s must be between %d and %d characters', name, min_len, max_len)
@@ -268,18 +265,14 @@
 def gen_spake2p_params(passcode):
     iter_count_max = 10000
     salt_len_max = 32
+    salt = os.urandom(salt_len_max)
+    verifier = generate_verifier(passcode, salt, iter_count_max)
 
-    cmd = [
-        TOOLS['spake2p'], 'gen-verifier',
-        '--iteration-count', str(iter_count_max),
-        '--salt-len', str(salt_len_max),
-        '--pin-code', str(passcode),
-        '--out', '-',
-    ]
-
-    output = subprocess.check_output(cmd)
-    output = output.decode('utf-8').splitlines()
-    return dict(zip(output[0].split(','), output[1].split(',')))
+    return {
+        'Iteration Count': iter_count_max,
+        'Salt': base64.b64encode(salt).decode('utf-8'),
+        'Verifier': base64.b64encode(verifier).decode('utf-8'),
+    }
 
 
 def populate_factory_data(args, spake2p_params):
@@ -478,7 +471,6 @@
 
     args = parser.parse_args()
     validate_args(args)
-    check_tools_exists()
     spake2p_params = gen_spake2p_params(args.passcode)
     populate_factory_data(args, spake2p_params)
     gen_raw_ec_keypair_from_der(args.dac_key, FACTORY_DATA['dac-pub-key']['value'], FACTORY_DATA['dac-key']['value'])