def test_generate_key(self):
for dataSet in self.keyTestData:
key = TpmPrivateKey.generatePrivateKey(dataSet.keyParams)
publicKeyBits = key.derivePublicKey()
publicKey = PublicKey(publicKeyBits)
data = Blob([0x01, 0x02, 0x03, 0x04])
# Sign and verify.
signature = key.sign(data.toBytes(), DigestAlgorithm.SHA256)
# TODO: Move verify into PublicKey?
if dataSet.keyParams.getKeyType() == KeyType.ECDSA:
cryptoPublicKey = load_der_public_key(
publicKeyBits.toBytes(), backend = default_backend())
verifier = cryptoPublicKey.verifier(
signature.toBytes(), ec.ECDSA(hashes.SHA256()))
verifier.update(data.toBytes())
try:
verifier.verify()
result = True
except InvalidSignature:
result = False
elif dataSet.keyParams.getKeyType() == KeyType.RSA:
cryptoPublicKey = load_der_public_key(
publicKeyBits.toBytes(), backend = default_backend())
verifier = cryptoPublicKey.verifier(
signature.toBytes(), padding.PKCS1v15(), hashes.SHA256())
verifier.update(data.toBytes())
try:
verifier.verify()
result = True
except InvalidSignature:
result = False
else:
# We don't expect this.
self.fail("Unrecognized key type")
self.assertTrue(result)
# Check that another generated private key is different.
key2 = TpmPrivateKey.generatePrivateKey(dataSet.keyParams)
self.assertTrue(not key.toPkcs8().equals(key2.toPkcs8()))
def test_generate_key(self):
for dataSet in self.keyTestData:
key = TpmPrivateKey.generatePrivateKey(dataSet.keyParams)
publicKeyBits = key.derivePublicKey()
publicKey = PublicKey(publicKeyBits)
data = Blob([0x01, 0x02, 0x03, 0x04])
# Sign and verify.
signature = key.sign(data.toBytes(), DigestAlgorithm.SHA256)
result = VerificationHelpers.verifySignature(
data, signature, publicKey)
self.assertTrue(result)
# Check that another generated private key is different.
key2 = TpmPrivateKey.generatePrivateKey(dataSet.keyParams)
self.assertTrue(not key.toPkcs8().equals(key2.toPkcs8()))
def test_generate_key(self):
for dataSet in self.keyTestData:
key = TpmPrivateKey.generatePrivateKey(dataSet.keyParams)
publicKeyBits = key.derivePublicKey()
publicKey = PublicKey(publicKeyBits)
data = Blob([0x01, 0x02, 0x03, 0x04])
# Sign and verify.
signature = key.sign(data.toBytes(), DigestAlgorithm.SHA256)
result = VerificationHelpers.verifySignature(
data, signature, publicKey)
self.assertTrue(result)
# Check that another generated private key is different.
key2 = TpmPrivateKey.generatePrivateKey(dataSet.keyParams)
self.assertTrue(not key.toPkcs8().equals(key2.toPkcs8()))
def test_rsa_signing(self):
for tpm in self.backEndList:
# Create an RSA key.
identityName = Name("/Test/KeyName")
key = tpm.createKey(identityName, RsaKeyParams())
keyName = key.getKeyName()
content = Blob([0x01, 0x02, 0x03, 0x04])
signature = key.sign(DigestAlgorithm.SHA256, content.toBytes())
publicKey = key.derivePublicKey()
result = VerificationHelpers.verifySignature(
content, signature, publicKey)
self.assertEquals(True, result)
tpm.deleteKey(keyName)
self.assertEquals(False, tpm.hasKey(keyName))
def test_rsa_signing(self):
for tpm in self.backEndList:
# Create an RSA key.
identityName = Name("/Test/KeyName")
key = tpm.createKey(identityName, RsaKeyParams())
keyName = key.getKeyName()
content = Blob([0x01, 0x02, 0x03, 0x04])
signature = key.sign(DigestAlgorithm.SHA256, content.toBytes())
publicKey = key.derivePublicKey()
result = VerificationHelpers.verifySignature(
content, signature, publicKey)
self.assertEqual(True, result)
tpm.deleteKey(keyName)
self.assertEqual(False, tpm.hasKey(keyName))
def test_rsa_signing(self):
for tpm in self.backEndList:
# Create an RSA key.
identityName = Name("/Test/KeyName")
key = tpm.createKey(identityName, RsaKeyParams())
keyName = key.getKeyName()
content = Blob([0x01, 0x02, 0x03, 0x04])
signature = key.sign(DigestAlgorithm.SHA256, content.toBytes())
publicKey = key.derivePublicKey()
# TODO: Move verify to PublicKey?
result = PolicyManager._verifySha256WithRsaSignature(
signature, SignedBlob(content, 0, content.size()), publicKey)
self.assertEquals(True, result)
tpm.deleteKey(keyName)
self.assertEquals(False, tpm.hasKey(keyName))
def test_errors(self):
fixture = self.fixture
pibImpl = PibMemory()
try:
PibKeyImpl(fixture.id1Key1Name, pibImpl)
self.fail("Did not throw the expected exception")
except Pib.Error:
pass
else:
self.fail("Did not throw the expected exception")
key11 = PibKeyImpl(fixture.id1Key1Name, fixture.id1Key1.buf(), pibImpl)
try:
PibKeyImpl(Name("/wrong"), pibImpl)
self.fail("Did not throw the expected exception")
except ValueError:
pass
else:
self.fail("Did not throw the expected exception")
try:
PibKeyImpl(Name("/wrong"), fixture.id1Key1.buf(), pibImpl)
self.fail("Did not throw the expected exception")
except ValueError:
pass
else:
self.fail("Did not throw the expected exception")
wrongKey = Blob("")
try:
PibKeyImpl(fixture.id1Key2Name, wrongKey.toBytes(), pibImpl)
self.fail("Did not throw the expected exception")
except ValueError:
pass
else:
self.fail("Did not throw the expected exception")
key11.addCertificate(fixture.id1Key1Cert1)
try:
key11.addCertificate(fixture.id1Key2Cert1)
self.fail("Did not throw the expected exception")
except ValueError:
pass
else:
self.fail("Did not throw the expected exception")
try:
key11.removeCertificate(fixture.id1Key2Cert1.getName())
self.fail("Did not throw the expected exception")
except ValueError:
pass
else:
self.fail("Did not throw the expected exception")
try:
key11.getCertificate(fixture.id1Key2Cert1.getName())
self.fail("Did not throw the expected exception")
except ValueError:
pass
else:
self.fail("Did not throw the expected exception")
try:
key11.setDefaultCertificate(fixture.id1Key2Cert1)
self.fail("Did not throw the expected exception")
except ValueError:
pass
else:
self.fail("Did not throw the expected exception")
try:
key11.setDefaultCertificate(fixture.id1Key2Cert1.getName())
self.fail("Did not throw the expected exception")
except ValueError:
pass
else:
self.fail("Did not throw the expected exception")
def test_errors(self):
fixture = self.fixture
pibImpl = PibMemory()
try:
PibKeyImpl(fixture.id1Key1Name, pibImpl)
self.fail("Did not throw the expected exception")
except Pib.Error:
pass
else:
self.fail("Did not throw the expected exception")
key11 = PibKeyImpl(fixture.id1Key1Name, fixture.id1Key1.buf(), pibImpl)
try:
PibKeyImpl(Name("/wrong"), pibImpl)
self.fail("Did not throw the expected exception")
except ValueError:
pass
else:
self.fail("Did not throw the expected exception")
try:
PibKeyImpl(Name("/wrong"), fixture.id1Key1.buf(), pibImpl)
self.fail("Did not throw the expected exception")
except ValueError:
pass
else:
self.fail("Did not throw the expected exception")
wrongKey = Blob("")
try:
PibKeyImpl(fixture.id1Key2Name, wrongKey.toBytes(), pibImpl)
self.fail("Did not throw the expected exception")
except ValueError:
pass
else:
self.fail("Did not throw the expected exception")
key11.addCertificate(fixture.id1Key1Cert1)
try:
key11.addCertificate(fixture.id1Key2Cert1)
self.fail("Did not throw the expected exception")
except ValueError:
pass
else:
self.fail("Did not throw the expected exception")
try:
key11.removeCertificate(fixture.id1Key2Cert1.getName())
self.fail("Did not throw the expected exception")
except ValueError:
pass
else:
self.fail("Did not throw the expected exception")
try:
key11.getCertificate(fixture.id1Key2Cert1.getName())
self.fail("Did not throw the expected exception")
except ValueError:
pass
else:
self.fail("Did not throw the expected exception")
try:
key11.setDefaultCertificate(fixture.id1Key2Cert1)
self.fail("Did not throw the expected exception")
except ValueError:
pass
else:
self.fail("Did not throw the expected exception")
try:
key11.setDefaultCertificate(fixture.id1Key2Cert1.getName())
self.fail("Did not throw the expected exception")
except ValueError:
pass
else:
self.fail("Did not throw the expected exception")
class ContentMetaInfo(object):
"""
Create a new ContentMetaInfo object, possibly copying values from another
object.
:param ContentMetaInfo value: (optional) If value is a ContentMetaInfo, copy
its values. If value is omitted, set all the fields to their default
unspecified values.
"""
def __init__(self, value=None):
if value == None:
self.clear()
elif isinstance(value, ContentMetaInfo):
# Copy its values.
self._contentType = value._contentType
self._timestamp = value._timestamp
self._hasSegments = value._hasSegments
self._other = value._other
else:
raise RuntimeError(
"Unrecognized type for ContentMetaInfo constructor: " +
str(type(value)))
def getContentType(self):
"""
Get the content type.
:return: The content type. If not specified, return an empty string.
:rtype: str
"""
return self._contentType
def getTimestamp(self):
"""
Get the time stamp.
:return: The time stamp as milliseconds since Jan 1, 1970 UTC. If not
specified, return None.
:rtype: float
"""
return self._timestamp
def getHasSegments(self):
"""
Get the hasSegments flag.
:return: The hasSegments flag.
:rtype: bool
"""
return self._hasSegments
def getOther(self):
"""
Get the Blob containing the optional other info.
:return: The other info. If not specified, return an isNull Blob.
:rtype: Blob
"""
return self._other
def setContentType(self, contentType):
"""
Set the content type.
:param str contentType: The content type.
:return: This ContentMetaInfo so that you can chain calls to update
values.
:rtype: ContentMetaInfo
"""
self._contentType = contentType
return self
def setTimestamp(self, timestamp):
"""
Set the time stamp.
:param float timestamp: The time stamp.
:return: This ContentMetaInfo so that you can chain calls to update
values.
:rtype: ContentMetaInfo
"""
self._timestamp = Common.nonNegativeFloatOrNone(timestamp)
return self
def setHasSegments(self, hasSegments):
"""
Set the hasSegments flag.
:param bool hasSegments: The hasSegments flag.
:return: This ContentMetaInfo so that you can chain calls to update
values.
:rtype: ContentMetaInfo
"""
self._hasSegments = hasSegments
return self
def setOther(self, other):
"""
Set the Blob containing the optional other info.
:param Blob other: The other info, or a default null Blob() if not
specified.
:return: This ContentMetaInfo so that you can chain calls to update
values.
:rtype: ContentMetaInfo
"""
self._other = other if isinstance(other, Blob) else Blob(other)
return self
def clear(self):
"""
Set all the fields to their default unspecified values.
"""
self._contentType = ""
self._timestamp = None
self._hasSegments = False
self._other = Blob()
def wireEncode(self):
"""
Encode this ContentMetaInfo.
:return: The encoding Blob.
:rtype: Blob
"""
if self._timestamp == None:
raise RuntimeError(
"The ContentMetaInfo timestamp is not specified")
meta = ContentMetaInfoMessage()
meta.content_meta_info.content_type = self._contentType
meta.content_meta_info.timestamp = int(round(self._timestamp))
meta.content_meta_info.has_segments = self._hasSegments
if not self._other.isNull() and self._other.size() > 0:
meta.content_meta_info.other = self._other.toBytes()
return ProtobufTlv.encode(meta)
def wireDecode(self, input):
"""
Decode the input and update this ContentMetaInfo.
:param input: The array with the bytes to decode.
:type input: An array type with int elements
"""
meta = ContentMetaInfoMessage()
ProtobufTlv.decode(meta, input)
self.clear()
self._contentType = meta.content_meta_info.content_type
self._timestamp = float(meta.content_meta_info.timestamp)
self._hasSegments = meta.content_meta_info.has_segments
if len(meta.content_meta_info.other) > 0:
self._other = Blob(bytearray(meta.content_meta_info.other), False)
# Create managed properties for read/write properties of the class for more pythonic syntax.
contentType = property(getContentType, setContentType)
timestamp = property(getTimestamp, setTimestamp)
hasSegments = property(getHasSegments, setHasSegments)
other = property(getOther, setOther)
