|
| 1 | +// Copyright lowRISC contributors (OpenTitan project). |
| 2 | +// Licensed under the Apache License, Version 2.0, see LICENSE for details. |
| 3 | +// SPDX-License-Identifier: Apache-2.0 |
| 4 | + |
| 5 | +package main |
| 6 | + |
| 7 | +import ( |
| 8 | + "encoding/json" |
| 9 | + "fmt" |
| 10 | + "io" |
| 11 | + "os" |
| 12 | + "strings" |
| 13 | + |
| 14 | + "github.com/golang/protobuf/proto" |
| 15 | + "github.com/lowRISC/opentitan-provisioning/src/ate" |
| 16 | + |
| 17 | + dipb "github.com/lowRISC/opentitan-provisioning/src/proto/device_id_go_pb" |
| 18 | + rrpb "github.com/lowRISC/opentitan-provisioning/src/proto/registry_record_go_pb" |
| 19 | + proxybufferpb "github.com/lowRISC/opentitan-provisioning/src/proxy_buffer/proto/proxy_buffer_go_pb" |
| 20 | +) |
| 21 | + |
| 22 | +const LineLimit = 100 |
| 23 | + |
| 24 | +func printPersoBlob(persoBlobBytes []byte) { |
| 25 | + _, err := ate.UnpackPersoBlob(persoBlobBytes) |
| 26 | + if err != nil { |
| 27 | + fmt.Println("Error parsing perso blob:", err) |
| 28 | + return |
| 29 | + } |
| 30 | + |
| 31 | + // TODO(moidx): print X509 + CWT certs to console here. |
| 32 | + // TODO(moidx): print X509 certs to a file. |
| 33 | +} |
| 34 | + |
| 35 | +func printRegistryRecord(rr *rrpb.RegistryRecord) { |
| 36 | + // Parse device data from from the registry record. |
| 37 | + deviceData := &dipb.DeviceData{} |
| 38 | + proto.Unmarshal(rr.Data, deviceData) |
| 39 | + |
| 40 | + // Print each field of the registry record. |
| 41 | + fmt.Println(strings.Repeat("-", LineLimit)) |
| 42 | + fmt.Println("Registry Record: ") |
| 43 | + fmt.Println(strings.Repeat("-", LineLimit)) |
| 44 | + fmt.Printf("SKU: %s\n", rr.Sku) |
| 45 | + fmt.Printf("Version: %d\n", rr.Version) |
| 46 | + fmt.Printf("Device ID: %s\n", rr.DeviceId) |
| 47 | + fmt.Println(strings.Repeat("-", LineLimit)) |
| 48 | + fmt.Printf("Perso Firmware Hash: %032x\n", deviceData.PersoFwSha256Hash) |
| 49 | + fmt.Printf("LC State: %s\n", deviceData.DeviceLifeCycle) |
| 50 | + fmt.Printf("Wrapped RMA Token: %x\n", deviceData.WrappedRmaUnlockToken) |
| 51 | + fmt.Println(strings.Repeat("-", LineLimit)) |
| 52 | + fmt.Printf("Num Perso TLV Objects: %d\n", deviceData.NumPersoTlvObjects) |
| 53 | + printPersoBlob(deviceData.PersoTlvData) |
| 54 | + fmt.Println(strings.Repeat("-", LineLimit)) |
| 55 | + fmt.Println("Record endorsement (decode at: https://lapo.it/asn1js/): ") |
| 56 | + fmt.Printf("AuthPubkey (ASN.1 DER): %x\n", rr.AuthPubkey) |
| 57 | + fmt.Printf("AuthSignature (ASN.1 DER): %x\n", rr.AuthSignature) |
| 58 | + fmt.Println(strings.Repeat("-", LineLimit)) |
| 59 | +} |
| 60 | + |
| 61 | +func main() { |
| 62 | + // Check if a file path was provided |
| 63 | + if len(os.Args) < 2 { |
| 64 | + fmt.Println("Usage: go run rr_parser.go <JSON registry record>") |
| 65 | + return |
| 66 | + } |
| 67 | + rrJSONPath := os.Args[1] |
| 68 | + |
| 69 | + // Open the registry record JSON file. |
| 70 | + rrFile, err := os.Open(rrJSONPath) |
| 71 | + if err != nil { |
| 72 | + fmt.Printf("Error opening file %s: %v\n", rrJSONPath, err) |
| 73 | + return |
| 74 | + } |
| 75 | + defer rrFile.Close() |
| 76 | + |
| 77 | + // Read the file contents of the registry record. |
| 78 | + rrBytes, err := io.ReadAll(rrFile) |
| 79 | + if err != nil { |
| 80 | + fmt.Println("Error reading registry record file:", err) |
| 81 | + return |
| 82 | + } |
| 83 | + |
| 84 | + // Parse the registry record into a struct. |
| 85 | + var pbRegistrationRequest proxybufferpb.DeviceRegistrationRequest |
| 86 | + decode_err := json.Unmarshal(rrBytes, &pbRegistrationRequest) |
| 87 | + if decode_err != nil { |
| 88 | + fmt.Println("Error unmarshaling registry record JSON:", decode_err) |
| 89 | + return |
| 90 | + } |
| 91 | + rr := pbRegistrationRequest.Record |
| 92 | + |
| 93 | + // Print registry record contents to console and save cert chains to a file. |
| 94 | + printRegistryRecord(rr) |
| 95 | + // TODO(moidx): verify cert chains files. |
| 96 | +} |
0 commit comments