def test_extract_binary_public_key(self):
ExtractKeyArgs = namedtuple('extract_public_key_args',
['version', 'keyfile', 'public_keyfile'])
with tempfile.NamedTemporaryFile(
) as pub_keyfile, tempfile.NamedTemporaryFile() as pub_keyfile2:
args = ExtractKeyArgs(
'1', self._open('ecdsa_secure_boot_signing_key.pem'),
pub_keyfile)
espsecure.extract_public_key(args)
args = ExtractKeyArgs(
'1', self._open('ecdsa_secure_boot_signing_key2.pem'),
pub_keyfile2)
espsecure.extract_public_key(args)
pub_keyfile.seek(0)
pub_keyfile2.seek(0)
# use correct extracted public key to verify
args = self.VerifyArgs('1', pub_keyfile,
self._open('bootloader_signed.bin'))
espsecure.verify_signature(args)
# use wrong extracted public key to try and verify
args = self.VerifyArgs('1', pub_keyfile2,
self._open('bootloader_signed.bin'))
with self.assertRaises(esptool.FatalError) as cm:
espsecure.verify_signature(args)
self.assertIn("Signature is not valid", str(cm.exception))
def test_extract_binary_public_key(self):
ExtractKeyArgs = namedtuple('extract_public_key_args',
[ 'keyfile', 'public_keyfile' ])
pub_keyfile = tempfile.NamedTemporaryFile(delete=False)
pub_keyfile2 = tempfile.NamedTemporaryFile(delete=False)
try:
args = ExtractKeyArgs(self._open('ecdsa_secure_boot_signing_key.pem'),
pub_keyfile)
espsecure.extract_public_key(args)
args = ExtractKeyArgs(self._open('ecdsa_secure_boot_signing_key2.pem'),
pub_keyfile2)
espsecure.extract_public_key(args)
pub_keyfile.seek(0)
pub_keyfile2.seek(0)
# use correct extracted public key to verify
args = self.VerifyArgs(pub_keyfile, self._open('bootloader_signed.bin'))
espsecure.verify_signature(args)
# use wrong extracted public key to try and verify
args = self.VerifyArgs(pub_keyfile2, self._open('bootloader_signed.bin'))
with self.assertRaises(esptool.FatalError) as cm:
espsecure.verify_signature(args)
self.assertIn("Signature is not valid", str(cm.exception))
finally:
os.unlink(pub_keyfile.name)
os.unlink(pub_keyfile2.name)
def test_generate_and_extract_key_v2(self):
keydir = tempfile.mkdtemp(
) # tempfile.TemporaryDirectory() would be better but we need compatibility with old Pythons
self.addCleanup(os.rmdir, keydir)
# keyfile cannot exist before generation -> tempfile.NamedTemporaryFile() cannot be used for keyfile
keyfile_name = os.path.join(keydir, 'key.pem')
self.addCleanup(os.remove, keyfile_name)
args = self.GenerateKeyArgs('2', keyfile_name)
espsecure.generate_signing_key(args)
with tempfile.NamedTemporaryFile() as pub_keyfile, open(
keyfile_name, 'rb') as keyfile:
args = self.ExtractKeyArgs('2', keyfile, pub_keyfile)
espsecure.extract_public_key(args)
def test_generate_and_extract_key_v2(self):
keydir = tempfile.mkdtemp() # tempfile.TemporaryDirectory() would be better but we need compatibility with old Pythons
self.addCleanup(os.rmdir, keydir)
# keyfile cannot exist before generation -> tempfile.NamedTemporaryFile() cannot be used for keyfile
keyfile_name = os.path.join(keydir, 'key.pem')
# We need to manually delete the keyfile as we are iterating over different schemes with the same keyfile
# so instead of using addCleanup, we remove it using os.remove at the end of each pass
for scheme in ["rsa3072", "ecdsa192", "ecdsa256"]:
args = self.GenerateKeyArgs('2', scheme, keyfile_name)
espsecure.generate_signing_key(args)
with tempfile.NamedTemporaryFile() as pub_keyfile, open(keyfile_name, 'rb') as keyfile:
args = self.ExtractKeyArgs('2', keyfile, pub_keyfile)
espsecure.extract_public_key(args)
os.remove(keyfile_name)
