def _get_dck(dck_key_path: str) -> bytes:
"""Loads the Debugger Public Key (DCK).
:return: binary representing the DCK key
"""
dck_key = crypto.load_public_key(file_path=dck_key_path)
assert isinstance(dck_key, crypto.RSAPublicKey)
return rsa_key_to_bytes(key=dck_key, exp_length=4)
def _get_rot_pub(rot_pub_id: int, rot_pub_keys: List[str]) -> bytes:
"""Loads the vendor RoT private key.
It corresponds to the (default) position zero RoT key in the rot_meta list of public keys.
Derive public key from RoT private keys and converts it to the bytes.
:return: binary representing the rotk public key
"""
pub_key_path = rot_pub_keys[rot_pub_id]
pub_key = crypto.load_public_key(pub_key_path)
assert isinstance(pub_key, crypto.RSAPublicKey)
return rsa_key_to_bytes(key=pub_key, exp_length=4)
def _get_rot_meta(used_root_cert: int, rot_pub_keys: List[str]) -> bytes:
"""Creates the RoT meta-data required by the device to corroborate.
The meta-data is created by getting the public numbers (modulus and exponent)
from each of the RoT public keys, hashing them and combing together.
:return: binary representing the rot-meta data
"""
rot_meta = bytearray(128)
for index, rot_key in enumerate(rot_pub_keys):
rot = crypto.load_public_key(file_path=rot_key)
assert isinstance(rot, crypto.RSAPublicKey)
data = rsa_key_to_bytes(key=rot, exp_length=3, modulus_length=None)
result = internal_backend.hash(data)
rot_meta[index * 32:(index + 1) * 32] = result
return bytes(rot_meta)