def test_signed_xip_certificates_chain_no_tz(data_dir, der_certificates,
chain_certificates, priv_key,
expected_mbi):
"""Test signed image with multiple certificates, different key length
:param data_dir: absolute path, where test data are located
:param der_certificates: list of filenames of der root certificates
:param chain_certificates: list of filenames of der certificates
:param priv_key: private key filename
:param expected_mbi: filename of expected bootable image
"""
with open(os.path.join(data_dir, "testfffffff.bin"), "rb") as f:
org_data = f.read()
# create certification block
cert_block = certificate_block(data_dir, der_certificates, 0,
chain_certificates)
priv_key_pem_data = _load_private_key(data_dir, priv_key)
mbi = Mbi_SignedXip(
app=org_data,
trust_zone=TrustZone.disabled(),
cert_block=cert_block,
priv_key_data=priv_key_pem_data,
)
assert _compare_image(mbi, data_dir, expected_mbi)
def test_signed_xip_single_certificate_no_tz(data_dir, priv_key, der_certificate, expected_mbi):
"""Test signed XIP image with single certificate, different key length
:param data_dir: absolute path, where test data are located
:param priv_key: filename of private key used for signing
:param der_certificate: filename of corresponding certificate in DER format
:param expected_mbi: filename of expected bootable image
"""
with open(os.path.join(data_dir, "testfffffff.bin"), "rb") as f:
org_data = f.read()
# create certification block
cert_block = certificate_block(data_dir, [der_certificate])
priv_key_pem_data = _load_private_key(data_dir, priv_key)
mbi = Mbi_SignedXip(
app=org_data,
trust_zone=TrustZone.disabled(),
cert_block=cert_block,
priv_key_data=priv_key_pem_data,
)
assert _compare_image(mbi, data_dir, expected_mbi)
def test_signed_xip_multiple_certificates_invalid_input(data_dir):
"""Test invalid input for multiple certificates"""
# indexed certificate is not specified
der_file_names = [
"selfsign_4096_v3.der.crt",
"selfsign_3072_v3.der.crt",
"selfsign_2048_v3.der.crt",
]
with pytest.raises(IndexError):
certificate_block(data_dir, der_file_names, 3)
# indexed certificate is not specified
der_file_names = [
"selfsign_4096_v3.der.crt",
None,
"selfsign_3072_v3.der.crt",
"selfsign_2048_v3.der.crt",
]
with pytest.raises(SPSDKError):
certificate_block(data_dir, der_file_names, 1)
# public key in certificate and private key does not match
der_file_names = ["selfsign_4096_v3.der.crt"]
cert_block = certificate_block(data_dir, der_file_names, 0)
priv_key_pem_data = _load_private_key(data_dir,
"selfsign_privatekey_rsa2048.pem")
with pytest.raises(SPSDKError):
Mbi_SignedXip(
app=bytes(range(128)),
trust_zone=TrustZone.disabled(),
cert_block=cert_block,
priv_key_data=priv_key_pem_data,
).export()
# chain of certificates does not match
der_file_names = ["selfsign_4096_v3.der.crt"]
chain_certificates = ["ch3_crt2_v3.der.crt"]
with pytest.raises(SPSDKError):
certificate_block(data_dir, der_file_names, 0, chain_certificates)