Shell for ATECC608A Trust&GO

ATECC608A_shell.py

"""
Usage:
$ cd Core2-for-AWS-IoT-EduKit/Blinky-Hello-World/
$ curl -O ATECC608A_shell.py 
$ source ~/esp/esp-idf/export.sh
$ PYTHONSTARTUP=ATECC608A_shell.py python
"""

port = "/dev/ttyUSB0"

import sys
import os
sys.path.insert(0, os.path.join(os.getenv("IDF_PATH"), "components", "esptool_py", "esptool"))
import esptool
esp = esptool.ESP32ROM(port, baud=115200)

sys.path.append(os.path.abspath(os.path.join("components", "esp-cryptoauthlib", "esp_cryptoauth_utility")))
import helper_scripts as esp_hs
esp_hs.serial.load_app_stub('sample_bins/secure_cert_mfg_esp32.bin', esp)
init_mfg = esp_hs.serial.cmd_interpreter()
init_mfg.wait_for_init(esp._port)
init_mfg.exec_cmd(esp._port, "init")

from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat

def hexed_der(retval):
    return retval[1]['Return'].split(":")[2].strip()

def x509_cert(hexed_der):
    return x509.load_der_x509_certificate(bytearray.fromhex(hexed_der), default_backend())

def x509_pem(x509_cert):
    return x509_cert.public_bytes(encoding=Encoding.PEM).decode('utf-8')

if __name__ == "__main__":
    print("# --- Ready !!")
    print()
    print('Communicate to ATECC608A:')
    print('> init_mfg.exec_cmd(esp._port, "print-chip-info")')
    print('> init_mfg.exec_cmd(esp._port, "get-tngtls-root-cert")')
    print('> init_mfg.exec_cmd(esp._port, "get-tngtls-signer-cert")')
    print('> init_mfg.exec_cmd(esp._port, "get-tngtls-device-cert") # Must be run after get-tngtls-signer-cert')
    print()
    print('Utilities:')
    print('> hexed_der(retval)')
    print('> x509_cert(hexed_der)')
    print('> x509_pem(x509_cert)')
    print()
    print('Example for get device cert. from ATECC608A:')
    print('> _ = init_mfg.exec_cmd(esp._port, "get-tngtls-signer-cert")')
    print('> r = init_mfg.exec_cmd(esp._port, "get-tngtls-device-cert")')
    print('> print(x509_pem(x509_cert(hexed_der(r))))')
    print()