def test_add_signature_sha384(tmpdir, test_keys):
tmpmar = tmpdir.join('test.mar')
with open(TEST_MAR_XZ, 'rb') as f:
with tmpmar.open('wb') as dst:
add_signature_block(f, dst, 'sha384')
with MarReader(tmpmar.open('rb')) as m:
hashes = m.calculate_hashes()
assert hashes == [(2, b'\x08>\x82\x8d$\xbb\xa6Cg\xca\x15L\x9c\xf1\xde\x170\xbe\xeb8]\x17\xb9\xfdB\xa9\xd6\xf1(y\'\xf44\x1f\x01c%\xd4\x92\x1avm!\t\xd9\xc4\xfbv')]
h = hashes[0][1]
priv, pub = test_keys[4096]
sig = sign_hash(priv, h, 'sha384')
sigfile = tmpdir.join('signature')
with sigfile.open('wb') as f:
f.write(sig)
tmpmar = tmpdir.join('output.mar')
cli.do_add_signature(TEST_MAR_XZ, str(tmpmar), str(sigfile))
pubkey = tmpdir.join('pubkey')
with pubkey.open('wb') as f:
f.write(pub)
assert cli.do_verify(str(tmpmar), [str(pubkey)])
def test_sign_hash(test_keys):
priv, pub = test_keys[2048]
hsh = b"1" * 20
sig = sign_hash(priv, hsh, 'sha1')
assert len(sig) == 256
assert verify_signature(pub, sig, hsh, 'sha1')
assert not verify_signature(pub, sig, b"2" * 20, 'sha1')
def test_sign_hash(test_keys):
priv, pub = test_keys[2048]
hsh = b"1" * 20
sig = sign_hash(priv, hsh, 'sha1')
assert len(sig) == 256
assert verify_signature(pub, sig, hsh, 'sha1')
assert not verify_signature(pub, sig, b"2" * 20, 'sha1')
def test_add_signature(tmpdir, mar_cue, test_keys):
dest_mar = tmpdir.join('test.mar')
# Add a dummy signature
with mar_cue.open('rb') as s, dest_mar.open('w+b') as f:
add_signature_block(s, f, 'sha384')
with mar_cue.open('rb') as s, MarReader(s) as m, dest_mar.open(
'rb') as f, MarReader(f) as m1:
assert m.productinfo == m1.productinfo
assert m.mardata.additional.sections == m1.mardata.additional.sections
assert len(m.mardata.index.entries) == len(m1.mardata.index.entries)
assert m1.mardata.signatures.count == 1
hashes = m1.calculate_hashes()
assert len(hashes) == 1
assert hashes[0][
1][:20] == b"\r\xa9x\x7f#\xf2m\x93a\xcc\xafJ=\x85\xa3Ss\xb43;"
# Now sign the hash using the test keys, and add the signature back into the file
private_key, public_key = test_keys[4096]
sig = sign_hash(private_key, hashes[0][1], 'sha384')
# Add the signature back into the file
with mar_cue.open('rb') as s, dest_mar.open('w+b') as f:
add_signature_block(s, f, 'sha384', sig)
with dest_mar.open('rb') as f, MarReader(f) as m1:
assert m1.verify(public_key)
# Assert file contents are the same
with dest_mar.open('rb') as f, MarReader(f) as m1:
with MarReader(mar_cue.open('rb')) as m:
offset_delta = m1.mardata.data_offset - m.mardata.data_offset
for (e, e1) in zip(m.mardata.index.entries,
m1.mardata.index.entries):
assert e.name == e1.name
assert e.flags == e1.flags
assert e.size == e1.size
assert e.offset == e1.offset - offset_delta
s = b''.join(m.extract_entry(e, decompress=None))
s1 = b''.join(m1.extract_entry(e1, decompress=None))
assert len(s) == e.size
assert len(s1) == e1.size
assert s == s1
def calculate_signatures(self):
"""Calculate the signatures for this MAR file.
Returns:
A list of signature tuples: [(algorithm_id, signature_data), ...]
"""
if not self.signing_algorithm:
return []
algo_id = {'sha1': 1, 'sha384': 2}[self.signing_algorithm]
hashers = [(algo_id, make_hasher(algo_id))]
for block in get_signature_data(self.fileobj, self.filesize):
[h.update(block) for (_, h) in hashers]
signatures = [(algo_id, sign_hash(self.signing_key, h.finalize(), h.algorithm.name)) for (algo_id, h) in hashers]
return signatures
def test_add_signature(tmpdir, mar_cue, test_keys):
dest_mar = tmpdir.join('test.mar')
# Add a dummy signature
with mar_cue.open('rb') as s, dest_mar.open('w+b') as f:
add_signature_block(s, f, 'sha384')
with mar_cue.open('rb') as s, MarReader(s) as m, dest_mar.open('rb') as f, MarReader(f) as m1:
assert m.productinfo == m1.productinfo
assert m.mardata.additional.sections == m1.mardata.additional.sections
assert len(m.mardata.index.entries) == len(m1.mardata.index.entries)
assert m1.mardata.signatures.count == 1
hashes = m1.calculate_hashes()
assert len(hashes) == 1
assert hashes[0][1][:20] == b"\r\xa9x\x7f#\xf2m\x93a\xcc\xafJ=\x85\xa3Ss\xb43;"
# Now sign the hash using the test keys, and add the signature back into the file
private_key, public_key = test_keys[4096]
sig = sign_hash(private_key, hashes[0][1], 'sha384')
# Add the signature back into the file
with mar_cue.open('rb') as s, dest_mar.open('w+b') as f:
add_signature_block(s, f, 'sha384', sig)
with dest_mar.open('rb') as f, MarReader(f) as m1:
assert m1.verify(public_key)
# Assert file contents are the same
with dest_mar.open('rb') as f, MarReader(f) as m1:
with MarReader(mar_cue.open('rb')) as m:
offset_delta = m1.mardata.data_offset - m.mardata.data_offset
for (e, e1) in zip(m.mardata.index.entries, m1.mardata.index.entries):
assert e.name == e1.name
assert e.flags == e1.flags
assert e.size == e1.size
assert e.offset == e1.offset - offset_delta
s = b''.join(m.extract_entry(e, decompress=None))
s1 = b''.join(m1.extract_entry(e1, decompress=None))
assert len(s) == e.size
assert len(s1) == e1.size
assert s == s1
def calculate_signatures(self):
"""Calculate the signatures for this MAR file.
Returns:
A list of signature tuples: [(algorithm_id, signature_data), ...]
"""
if not self.signing_algorithm:
return []
algo_id = {'sha1': 1, 'sha384': 2}[self.signing_algorithm]
hashers = [(algo_id, make_hasher(algo_id))]
for block in get_signature_data(self.fileobj, self.filesize):
[h.update(block) for (_, h) in hashers]
signatures = [(algo_id,
sign_hash(self.signing_key, h.finalize(),
h.algorithm.name))
for (algo_id, h) in hashers]
return signatures
def test_add_signature_sha1(tmpdir, test_keys):
with MarReader(open(TEST_MAR_BZ2, 'rb')) as m:
hashes = m.calculate_hashes()
assert hashes == [(1, b'\xcd%\x0e\x82z%7\xdb\x96\xb4^\x063ZFV8\xfa\xe8k')]
h = hashes[0][1]
priv, pub = test_keys[2048]
sig = sign_hash(priv, h, 'sha1')
sigfile = tmpdir.join('signature')
with sigfile.open('wb') as f:
f.write(sig)
tmpmar = tmpdir.join('output.mar')
cli.do_add_signature(TEST_MAR_BZ2, str(tmpmar), str(sigfile))
pubkey = tmpdir.join('pubkey')
with pubkey.open('wb') as f:
f.write(pub)
assert cli.do_verify(str(tmpmar), [str(pubkey)])