def test_sign_v2_append_signatures_multiple_steps(self): # similar to previous test, but sign in two invocations with tempfile.NamedTemporaryFile() as output_file1, tempfile.NamedTemporaryFile() as output_file2: args = self.SignArgs('2', [self._open('rsa_secure_boot_signing_key2.pem')], output_file1.name, True, self._open('bootloader_signed_v2.bin')) espsecure.sign_data(args) args = self.SignArgs('2', [self._open('rsa_secure_boot_signing_key3.pem')], output_file2.name, True, output_file1) espsecure.sign_data(args) args = self.VerifyArgs('2', self._open('rsa_secure_boot_signing_key.pem'), output_file2) espsecure.verify_signature(args) output_file2.seek(0) args = self.VerifyArgs('2', self._open('rsa_secure_boot_signing_key2.pem'), output_file2) espsecure.verify_signature(args) output_file2.seek(0) args = self.VerifyArgs('2', self._open('rsa_secure_boot_signing_key3.pem'), output_file2) espsecure.verify_signature(args)
def test_sign_v2_multiple_keys(self): # 3 keys + Verify with 3rd key with tempfile.NamedTemporaryFile() as output_file: args = self.SignArgs('2', [ self._open('rsa_secure_boot_signing_key.pem'), self._open('rsa_secure_boot_signing_key2.pem'), self._open('rsa_secure_boot_signing_key3.pem') ], output_file.name, False, self._open('bootloader_unsigned_v2.bin')) espsecure.sign_data(args) args = self.VerifyArgs( '2', self._open('rsa_secure_boot_signing_key3.pem'), output_file) espsecure.verify_signature(args) output_file.seek(0) args = self.VerifyArgs( '2', self._open('rsa_secure_boot_signing_key2.pem'), output_file) espsecure.verify_signature(args) output_file.seek(0) args = self.VerifyArgs( '2', self._open('rsa_secure_boot_signing_key.pem'), output_file) espsecure.verify_signature(args)
def test_sign_v2_append_signatures(self): # Append signatures + Verify with an appended key (bootloader_signed_v2.bin already signed with rsa_secure_boot_signing_key.pem) with tempfile.NamedTemporaryFile() as output_file: args = self.SignArgs('2', [ self._open('rsa_secure_boot_signing_key2.pem'), self._open('rsa_secure_boot_signing_key3.pem') ], output_file.name, True, self._open('bootloader_signed_v2.bin')) espsecure.sign_data(args) args = self.VerifyArgs( '2', self._open('rsa_secure_boot_signing_key.pem'), output_file) espsecure.verify_signature(args) output_file.seek(0) args = self.VerifyArgs( '2', self._open('rsa_secure_boot_signing_key2.pem'), output_file) espsecure.verify_signature(args) output_file.seek(0) args = self.VerifyArgs( '2', self._open('rsa_secure_boot_signing_key3.pem'), output_file) espsecure.verify_signature(args)
def sign_data(self, data_file, key_files, version, append_signature=0): SignDataArgs = collections.namedtuple( 'sign_data_args', ['datafile', 'keyfile', 'output', 'version', 'append_signatures']) outfile = tempfile.NamedTemporaryFile() args = SignDataArgs(data_file, key_files, outfile.name, str(version), append_signature) espsecure.sign_data(args) outfile.seek(0) return outfile.read()
def test_sign_v2_data(self): signing_keys = ['rsa_secure_boot_signing_key.pem', 'ecdsa192_secure_boot_signing_key.pem', 'ecdsa_secure_boot_signing_key.pem'] for key in signing_keys: with tempfile.NamedTemporaryFile() as output_file: args = self.SignArgs('2', [self._open(key)], output_file.name, False, self._open('bootloader_unsigned_v2.bin')) espsecure.sign_data(args) args = self.VerifyArgs('2', self._open(key), output_file) espsecure.verify_signature(args)
def _test_sign_v1_data(self, key_name): try: output_file = tempfile.NamedTemporaryFile(delete=False) output_file.close() # Note: signing bootloader is not actually needed # for ESP32, it's just a handy file to sign args = self.SignArgs('1', [self._open(key_name)], output_file.name, None, self._open('bootloader.bin')) espsecure.sign_data(args) with open(output_file.name, 'rb') as of: with self._open('bootloader_signed.bin') as ef: self.assertEqual(ef.read(), of.read()) finally: os.unlink(output_file.name)
def test_sign_data(self): SignArgs = namedtuple('sign_data_args', ['keyfile', 'output', 'datafile']) try: output_file = tempfile.NamedTemporaryFile(delete=False) output_file.close() # Note: signing bootloader is not actually needed # for ESP32, it's just a handy file to sign args = SignArgs(self._open('ecdsa_secure_boot_signing_key.pem'), output_file.name, self._open('bootloader.bin')) espsecure.sign_data(args) with open(output_file.name, 'rb') as of: with self._open('bootloader_signed.bin') as ef: self.assertEqual(ef.read(), of.read()) finally: os.unlink(output_file.name)
def test_sign_v2_data(self): SignArgs = namedtuple('sign_data_args', ['version', 'keyfile', 'output', 'datafile']) try: output_file = tempfile.NamedTemporaryFile(delete=False) # Note: signing bootloader is not actually needed # for ESP32, it's just a handy file to sign args = SignArgs('2', [self._open('rsa_secure_boot_signing_key.pem')], output_file.name, self._open('bootloader_unsigned_v2.bin')) espsecure.sign_data(args) args = self.VerifyArgs( '2', self._open('rsa_secure_boot_signing_key.pem'), output_file) espsecure.verify_signature(args) finally: output_file.close() os.unlink(output_file.name)
def test_sign_data(self): SignArgs = namedtuple('sign_data_args', [ 'keyfile', 'output', 'datafile' ]) try: output_file = tempfile.NamedTemporaryFile(delete=False) output_file.close() # Note: signing bootloader is not actually needed # for ESP32, it's just a handy file to sign args = SignArgs(self._open('ecdsa_secure_boot_signing_key.pem'), output_file.name, self._open('bootloader.bin')) espsecure.sign_data(args) with open(output_file.name, 'rb') as of: with self._open('bootloader_signed.bin') as ef: self.assertEqual(ef.read(), of.read()) finally: os.unlink(output_file.name)
def test_sign_v2_data(self): SignArgs = namedtuple( 'sign_data_args', ['version', 'keyfile', 'output', 'append_signatures', 'datafile']) try: output_file = tempfile.NamedTemporaryFile(delete=False) args = SignArgs('2', [self._open('rsa_secure_boot_signing_key.pem')], output_file.name, False, self._open('bootloader_unsigned_v2.bin')) espsecure.sign_data(args) args = self.VerifyArgs( '2', self._open('rsa_secure_boot_signing_key.pem'), output_file) espsecure.verify_signature(args) finally: output_file.close() os.unlink(output_file.name) # 3 keys + Verify with 3rd key try: output_file = tempfile.NamedTemporaryFile(delete=False) args = SignArgs('2', [ self._open('rsa_secure_boot_signing_key.pem'), self._open('rsa_secure_boot_signing_key2.pem'), self._open('rsa_secure_boot_signing_key3.pem') ], output_file.name, False, self._open('bootloader_unsigned_v2.bin')) espsecure.sign_data(args) args = self.VerifyArgs( '2', self._open('rsa_secure_boot_signing_key3.pem'), output_file) espsecure.verify_signature(args) output_file.seek(0) args = self.VerifyArgs( '2', self._open('rsa_secure_boot_signing_key2.pem'), output_file) espsecure.verify_signature(args) output_file.seek(0) args = self.VerifyArgs( '2', self._open('rsa_secure_boot_signing_key.pem'), output_file) espsecure.verify_signature(args) finally: output_file.close() os.unlink(output_file.name) # Append signatures + Verify with an appended key (bootloader_signed_v2.bin already signed with rsa_secure_boot_signing_key.pem) try: output_file = tempfile.NamedTemporaryFile(delete=False) args = SignArgs('2', [ self._open('rsa_secure_boot_signing_key2.pem'), self._open('rsa_secure_boot_signing_key3.pem') ], output_file.name, True, self._open('bootloader_signed_v2.bin')) espsecure.sign_data(args) args = self.VerifyArgs( '2', self._open('rsa_secure_boot_signing_key.pem'), output_file) espsecure.verify_signature(args) output_file.seek(0) args = self.VerifyArgs( '2', self._open('rsa_secure_boot_signing_key2.pem'), output_file) espsecure.verify_signature(args) output_file.seek(0) args = self.VerifyArgs( '2', self._open('rsa_secure_boot_signing_key3.pem'), output_file) espsecure.verify_signature(args) finally: output_file.close() os.unlink(output_file.name)