Exemple #1
0
def test_debugcredential_ecc_compare_with_reference(data_dir):
    """Loads the yaml file, creates the debug credential, saves to a file and compares with reference."""
    with use_working_directory(data_dir):
        with open("new_dck_secp256.yml", 'r') as f:
            yaml_config = yaml.safe_load(f)
            dc = DebugCredential.create_from_yaml_config(
                version='2.0', yaml_config=yaml_config)
            dc.sign()
            data = dc.export()
            pub_key = load_private_key(yaml_config['rotk']).public_key()
        data_without_singature = data[:-132]
        signature_bytes = data[-132:]
        with open('new_dck_secp256r1.cert', 'rb') as f:
            data_loaded = f.read()
        ref_data_without_signature = data_loaded[:-132]
        ref_signature_bytes = data_loaded[-132:]
        assert data_without_singature == ref_data_without_signature, \
            "The generated dc binary and the referenced one are not the same."
        signature = utils.reconstruct_signature(signature_bytes)
        ref_signature = utils.reconstruct_signature(ref_signature_bytes)
        try:
            pub_key.verify(signature, data_without_singature,
                           ec.ECDSA(hashes.SHA256()))
            pub_key.verify(ref_signature, data_without_singature,
                           ec.ECDSA(hashes.SHA256()))
            assert True
        except InvalidSignature:
            assert False
Exemple #2
0
def test_lpc55s3x_export_parse_invalid(data_dir):
    with use_working_directory(data_dir):
        with open("new_dck_secp256_lpc55s3x.yml", "r") as f:
            yaml_config = yaml.safe_load(f)
        dc = DebugCredential.create_from_yaml_config(version="2.0", yaml_config=yaml_config)
        dc.sign()
        with pytest.raises(SPSDKError, match="Invalid flag"):
            dc.parse(bytes(232))
Exemple #3
0
def test_lpc55s3x_export_parse(data_dir, yml_file_name, version):
    """Verifies the signature for lpc55s3x for different versions."""
    with use_working_directory(data_dir):
        with open(yml_file_name, "r") as f:
            yaml_config = yaml.safe_load(f)
        dc = DebugCredential.create_from_yaml_config(version=version, yaml_config=yaml_config)
        dc.sign()
        data = dc.export()
        dc_parsed = dc.parse(data)
        assert dc == dc_parsed
Exemple #4
0
def test_debugcredential_invalid(data_dir):
    """Evoke exceptions."""
    with use_working_directory(data_dir):
        with open("new_dck_rsa2048.yml", "r") as f:
            yaml_config = yaml.safe_load(f)
            dc = DebugCredential.create_from_yaml_config(version="1.0", yaml_config=yaml_config)
            with pytest.raises(SPSDKError, match="Debug Credential Signature is not set"):
                dc.export()
            with pytest.raises(SPSDKError, match="Debug Credential Signature provider is not set"):
                dc.signature_provider = None
                dc.sign()
Exemple #5
0
def gendc(
    protocol: str,
    plugin: click.Path,
    dc_file_path: str,
    config: click.File,
    elf2sb_config: click.File,
    force: bool,
) -> None:
    """Generate debug certificate (DC).

    \b
    PATH    - path to dc file
    """
    if plugin:
        # if a plugin is present simply load it
        # The SignatureProvider will automatically pick up any implementation(s)
        from importlib.util import (  # pylint: disable=import-outside-toplevel
            module_from_spec, spec_from_file_location,
        )

        spec = spec_from_file_location(name="plugin",
                                       location=plugin)  # type: ignore
        assert spec
        mod = module_from_spec(spec)
        spec.loader.exec_module(mod)  # type: ignore

    is_rsa = determine_protocol_version(protocol)
    check_destination_dir(dc_file_path, force)
    check_file_exists(dc_file_path, force)

    logger.info("Loading configuration from yml file...")
    yaml_content = load_configuration(config.name)
    if elf2sb_config:
        logger.info("Loading configuration from elf2sb config file...")
        rot_info = RootOfTrustInfo(load_configuration(
            elf2sb_config.name))  # type: ignore
        yaml_content["rot_meta"] = rot_info.public_keys
        yaml_content["rotk"] = rot_info.private_key
        yaml_content["rot_id"] = rot_info.public_key_index

    # enforcing rot_id presence in yaml config...
    assert "rot_id" in yaml_content, "Config file doesn't contain the 'rot_id' field"

    logger.info(
        f"Creating {'RSA' if is_rsa else 'ECC'} debug credential object...")
    dc = DebugCredential.create_from_yaml_config(version=protocol,
                                                 yaml_config=yaml_content)
    dc.sign()
    data = dc.export()
    logger.info("Saving the debug credential to a file...")
    with open(dc_file_path, "wb") as f:
        f.write(data)
    print_output(True, "Creating Debug credential file")
Exemple #6
0
def test_debugcredential_rot_meta_as_cert(data_dir):
    """Verifies the info message for debug authentication."""
    with use_working_directory(data_dir):
        with open("dck_rsa2048_rot_meta_cert.yml", "r") as f:
            yaml_config = yaml.safe_load(f)
        dc = DebugCredential.create_from_yaml_config(version="1.0", yaml_config=yaml_config)
        dc.sign()
        assert dc.VERSION == "1.0"
        assert dc.cc_beacon == 0
        assert dc.cc_socu == 1023
        assert dc.cc_vu == 22136
        assert dc.socc == 1
        assert dc.uuid == b"\xe0\x04\t\x0ek\xdd!U\xbb\xce\x9e\x06e\x80[\xe3"
Exemple #7
0
def test_debugcredential_rsa_compare_with_reference(data_dir):
    """Loads the yaml file, creates the debug credential, saves to a file and compares with reference."""
    with use_working_directory(data_dir):
        with open("new_dck_rsa2048.yml", 'r') as f:
            yaml_config = yaml.safe_load(f)
            dc = DebugCredential.create_from_yaml_config(
                version='1.0', yaml_config=yaml_config)
            dc.sign()
            data = dc.export()
            with open('sample.cert', 'wb') as f:
                f.write(data)
            with open('new_dck_rsa2048.cert', 'rb') as f:
                data_loaded = f.read()
            assert data == data_loaded, "The generated dc binary and the referenced one are not the same."
Exemple #8
0
def test_debugcredential_info_lpc55s3x(data_dir, yml_file_name, version, required_values):
    """Verifies the info message for debug authentication."""
    with use_working_directory(data_dir):
        with open(yml_file_name, "r") as f:
            yaml_config = yaml.safe_load(f)
        dc = DebugCredential.create_from_yaml_config(version=version, yaml_config=yaml_config)
        dc.sign()
    output = dc.info()
    req_strings = ["Version", "SOCC", "UUID", "UUID", "CC_SOCC", "CC_VU", "BEACON"]
    req_values = required_values
    for req_string in req_strings:
        assert req_string in output, f"string {req_string} is not in the output: {output}"
    for req_value in req_values:
        assert req_value in output, f"string {req_value} is not in the output: {output}"
Exemple #9
0
def test_verify_ecc_signature(data_dir):
    """Verifies the signature for ECC protocol."""
    with use_working_directory(data_dir):
        with open("new_dck_secp256.yml", "r") as f:
            yaml_config = yaml.safe_load(f)
        dc = DebugCredential.create_from_yaml_config(version="2.0", yaml_config=yaml_config)
        dc.sign()
        data = dc.export()
        priv_key = load_private_key(yaml_config["rotk"])
    data_without_signature = data[:-132]
    signature_bytes = data[-132:]
    signature = utils.reconstruct_signature(signature_bytes)
    pub_key = priv_key.public_key()
    try:
        pub_key.verify(signature, data_without_signature, ec.ECDSA(hashes.SHA256()))
        assert True
    except InvalidSignature:
        assert False
Exemple #10
0
def test_dar_packet_no_signature_provider(data_dir):
    with use_working_directory(data_dir):
        version = "1.0"
        dac_bin_file = "sample_dac.bin"
        yml_file_name = "new_dck_rsa2048.yml"
        dac_bytes = load_binary(os.path.join(data_dir, dac_bin_file))
        with open(os.path.join(data_dir, yml_file_name), "r") as f:
            yaml_config = yaml.safe_load(f)
        dc = DC.create_from_yaml_config(version=version,
                                        yaml_config=yaml_config)
        dc.sign()
        dar = DebugAuthenticateResponse(
            debug_credential=dc,
            auth_beacon=0,
            dac=DAC.parse(dac_bytes),
            path_dck_private=os.path.join(data_dir, "new_dck_2048.pem"),
        )
        dar.sig_provider = None
        with pytest.raises(SPSDKError, match="Signature provider is not set"):
            dar.export()
Exemple #11
0
def test_verify_ecc_signature_N4A_384(data_dir):
    """Verifies the signature for ECC protocol for Niobe4Analog 384."""
    with use_working_directory(data_dir):
        with open("new_dck_secp384_N4A.yml", 'r') as f:
            yaml_config = yaml.safe_load(f)
        dc = DebugCredential.create_from_yaml_config(version='2.1',
                                                     yaml_config=yaml_config)
        dc.sign()
        data = dc.export()
        priv_key = load_private_key(yaml_config['rotk'])
    data_without_signature = data[:-96]
    signature_bytes = data[-96:]
    signature = utils.reconstruct_signature(signature_bytes=signature_bytes,
                                            size=48)
    pub_key = priv_key.public_key()
    try:
        pub_key.verify(signature, data_without_signature,
                       ec.ECDSA(hashes.SHA384()))
        assert True
    except InvalidSignature:
        assert False
Exemple #12
0
def test_dar_packet_4_analog_256(tmpdir, data_dir, yml_file_name, version,
                                 file_key, expected_length):
    with use_working_directory(data_dir):
        dac_bytes = load_binary(os.path.join(data_dir,
                                             'sample_dac_analog.bin'))
        with open(os.path.join(data_dir, yml_file_name), 'r') as f:
            yaml_config = yaml.safe_load(f)
        dc = DC.create_from_yaml_config(version=version,
                                        yaml_config=yaml_config)
        dc.sign()
        dar = DebugAuthenticateResponse.create(version=version,
                                               socc=dc.socc,
                                               dc=dc,
                                               auth_beacon=0,
                                               dac=DAC.parse(dac_bytes),
                                               dck=os.path.join(
                                                   data_dir, file_key))
        dar_bytes = dar.export()
        assert len(dar_bytes) == expected_length
        assert isinstance(dar_bytes, bytes)
        assert 'Authentication Beacon' in dar.info()
Exemple #13
0
def test_dar_packet_rsa(tmpdir, data_dir, yml_file_name, version, dck_key_file,
                        expected_length, dac_bin_file):
    with use_working_directory(data_dir):
        dac_bytes = load_binary(os.path.join(data_dir, dac_bin_file))
        with open(os.path.join(data_dir, yml_file_name), 'r') as f:
            yaml_config = yaml.safe_load(f)
        dc = DC.create_from_yaml_config(version=version,
                                        yaml_config=yaml_config)
        dc.sign()
        assert dc.VERSION == DAC.parse(
            dac_bytes).version, "Version of DC and DAC are different."
        dar = DebugAuthenticateResponse.create(version=version,
                                               socc=dc.socc,
                                               dc=dc,
                                               auth_beacon=0,
                                               dac=DAC.parse(dac_bytes),
                                               dck=os.path.join(
                                                   data_dir, dck_key_file))
        dar_bytes = dar.export()
        assert len(dar_bytes) == expected_length
        assert isinstance(dar_bytes, bytes)
        assert 'Authentication Beacon' in dar.info()