def load_timeserver_key(use_new_keys=False): if use_new_keys: demo.generate_key('timeserver') # Load in from the generated files (whether new or old). timeserver_key = demo.import_private_key('timeserver') tuf.formats.ANYKEY_SCHEMA.check_match(timeserver_key) # Is this redundant? return timeserver_key
def load_or_generate_key(use_new_keys=False): """Load or generate an ECU's private key.""" global ecu_key if use_new_keys: demo.generate_key('secondary') # Load in from the generated files. key_pub = demo.import_public_key('secondary') key_pri = demo.import_private_key('secondary') ecu_key = uptane.common.canonical_key_from_pub_and_pri(key_pub, key_pri)
def load_timeserver_key(use_new_keys=False): I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[load_timeserver_key(use_new_keys)]: ' + uptane.ENDCOLORS #TODO: Print to be deleted print( str('%s %s %s' % (I_TO_PRINT, 'Loading timeserver key with use_new_keys:', use_new_keys))) #TODO: Until here if use_new_keys: demo.generate_key('timeserver') # Load in from the generated files (whether new or old). timeserver_key = demo.import_private_key('timeserver') tuf.formats.ANYKEY_SCHEMA.check_match(timeserver_key) # Is this redundant? return timeserver_key
def load_or_generate_key(vin, use_new_keys=False): """Load or generate an ECU's private key.""" I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[load_or_generate_key(use_new_keys)]: ' + uptane.ENDCOLORS #TODO: Print to be deleted print(str('%s %s %s' % (I_TO_PRINT, 'Loading or generating keys with use_new_keys:', use_new_keys))) #TODO: Until here global ecu_key if use_new_keys: demo.generate_key(str('%s%s' % (vin, '_keyPair_secondary'))) # Load in from the generated files. key_pub = demo.import_public_key(str('%s%s' % (vin, '_keyPair_secondary'))) key_pri = demo.import_private_key(str('%s%s' % (vin, '_keyPair_secondary'))) ecu_key = uptane.common.canonical_key_from_pub_and_pri(key_pub, key_pri)
def load_or_generate_key(use_new_keys=False): """Load or generate an ECU's private key.""" I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[load_or_generate_key()]: ' + uptane.ENDCOLORS #TODO: Print to be deleted print( str('%s %s %s' % (I_TO_PRINT, 'Loading or generating keys with use_new_keys:', use_new_keys))) #TODO: Until here global ecu_key if use_new_keys: demo.generate_key('primary2') # Load in from the generated files. key_pub = demo.import_public_key('primary2') #TODO: Print to be deleted print(str('%s %s %s' % (I_TO_PRINT, 'primary_key_pub:', key_pub))) #TODO: Until here key_pri = demo.import_private_key('primary2') #TODO: Print to be deleted print(str('%s %s %s' % (I_TO_PRINT, 'primary_key_pri:', key_pri))) #TODO: Until here ecu_key = uptane.common.canonical_key_from_pub_and_pri(key_pub, key_pri) #TODO: Print to be deleted print(str('%s %s %s' % (I_TO_PRINT, 'ecu_key:', ecu_key))) #TODO: Until here #TODO: Print to be deleted print(str('%s %s' % (I_TO_PRINT, 'Returning...')))
def clean_slate(use_new_keys=False): global repo print(LOG_PREFIX + 'Initializing repository') # Create target files: file1.txt and infotainment_firmware.txt if os.path.exists(demo.IMAGE_REPO_TARGETS_DIR): shutil.rmtree(demo.IMAGE_REPO_TARGETS_DIR) os.makedirs(demo.IMAGE_REPO_TARGETS_DIR) fobj = open(os.path.join(demo.IMAGE_REPO_TARGETS_DIR, 'file1.txt'), 'w') fobj.write('Contents of file1.txt') fobj.close() fobj = open(os.path.join(demo.IMAGE_REPO_TARGETS_DIR, 'infotainment_firmware.txt'), 'w') fobj.write('Contents of infotainment_firmware.txt') fobj.close() # Create repo at './repomain' repo = rt.create_new_repository(demo.IMAGE_REPO_NAME) print(LOG_PREFIX + 'Loading all keys') # Create keys and/or load keys into memory. if use_new_keys: demo.generate_key('mainroot') demo.generate_key('maintimestamp') demo.generate_key('mainsnapshot') demo.generate_key('maintargets') demo.generate_key('mainrole1') key_root_pub = demo.import_public_key('mainroot') key_root_pri = demo.import_private_key('mainroot') key_timestamp_pub = demo.import_public_key('maintimestamp') key_timestamp_pri = demo.import_private_key('maintimestamp') key_snapshot_pub = demo.import_public_key('mainsnapshot') key_snapshot_pri = demo.import_private_key('mainsnapshot') key_targets_pub = demo.import_public_key('maintargets') key_targets_pri = demo.import_private_key('maintargets') key_role1_pub = demo.import_public_key('mainrole1') key_role1_pri = demo.import_private_key('mainrole1') # Add top level keys to the main repository. repo.root.add_verification_key(key_root_pub) repo.timestamp.add_verification_key(key_timestamp_pub) repo.snapshot.add_verification_key(key_snapshot_pub) repo.targets.add_verification_key(key_targets_pub) repo.root.load_signing_key(key_root_pri) repo.timestamp.load_signing_key(key_timestamp_pri) repo.snapshot.load_signing_key(key_snapshot_pri) repo.targets.load_signing_key(key_targets_pri) # Perform delegation from Image Repo's targets role to Image Repo's role1 # role. # TODO: <~> Re-enable delegations below. Currently, ASN1 conversion fails # when there are delegations. This is, of course, untenable, but for now, it # is more important to experiment with ASN1 than to have a sample delegation. # Delegate to a new Supplier. # repo.targets.delegate('role1', [key_role1_pub], # [os.path.join(demo.IMAGE_REPO_NAME, 'targets/file1.txt'), # os.path.join(demo.IMAGE_REPO_NAME, 'targets/infotainment_firmware.txt')], # threshold=1, backtrack=True, # restricted_paths=[os.path.join(demo.IMAGE_REPO_TARGETS_DIR, '*')]) # Add delegated role keys to repo # repo.targets('role1').load_signing_key(key_role1_pri) # Add some starting image files, primarily for use with the web frontend. add_target_to_imagerepo('demo/images/INFO1.0.txt', 'INFO1.0.txt') add_target_to_imagerepo('demo/images/TCU1.0.txt', 'TCU1.0.txt') add_target_to_imagerepo('demo/images/TCU1.1.txt', 'TCU1.1.txt') add_target_to_imagerepo('demo/images/TCU1.2.txt', 'TCU1.2.txt') add_target_to_imagerepo('demo/images/BCU1.0.txt', 'BCU1.0.txt') add_target_to_imagerepo('demo/images/BCU1.1.txt', 'BCU1.1.txt') add_target_to_imagerepo('demo/images/BCU1.2.txt', 'BCU1.2.txt') print(LOG_PREFIX + 'Signing and hosting initial repository metadata') write_to_live() host() listen()
def revoke_compromised_keys(): """ <Purpose> Revoke the current Timestamp, Snapshot, and Targets keys, and add a new keys for each role. This is a high-level version of the common function to update a role key. <Arguments> None. <Exceptions> None. <Side Effecs> None. <Returns> None. """ global repo # Pick names for the new Targets, Snapshot, and Timestamp keys. These will be # the files created. We do this instead of overwriting the existing files # because we want to be able to start over later with the same original state. new_targets_keyname = 'new_maintargets' new_timestamp_keyname = 'new_maintimestamp' new_snapshot_keyname = 'new_mainsnapshot' # Grab the old public keys. old_targets_public_key = demo.import_public_key('maintargets') old_timestamp_public_key = demo.import_public_key('maintimestamp') old_snapshot_public_key = demo.import_public_key('mainsnapshot') # Disassociate the old public keys from the roles. repo.targets.remove_verification_key(old_targets_public_key) repo.timestamp.remove_verification_key(old_timestamp_public_key) repo.snapshot.remove_verification_key(old_snapshot_public_key) # Generate new public and private keys and import them. demo.generate_key(new_targets_keyname) new_targets_public_key = demo.import_public_key(new_targets_keyname) new_targets_private_key = demo.import_private_key(new_targets_keyname) demo.generate_key(new_timestamp_keyname) new_timestamp_public_key = demo.import_public_key(new_timestamp_keyname) new_timestamp_private_key = demo.import_private_key(new_timestamp_keyname) demo.generate_key(new_snapshot_keyname) new_snapshot_public_key = demo.import_public_key(new_snapshot_keyname) new_snapshot_private_key = demo.import_private_key(new_snapshot_keyname) # Associate the new public keys with the roles. repo.targets.add_verification_key(new_targets_public_key) repo.timestamp.add_verification_key(new_timestamp_public_key) repo.snapshot.add_verification_key(new_snapshot_public_key) # Load the new signing keys to write metadata. The root key is unchanged, # and in the demo it is already loaded. Since we only need the keyid, # public keys can be used here. repo.targets.unload_signing_key(old_targets_public_key) repo.snapshot.unload_signing_key(old_snapshot_public_key) repo.timestamp.unload_signing_key(old_timestamp_public_key) # Make sure that the root metadata is written on the next repository write, # in addition to the other metadata. This should probably happen # automatically. # TODO: After the TUF fork merges, see if root is automatically marked dirty # when the signing keys for top-level roles are reassigned. repo.mark_dirty(['root']) repo.targets.load_signing_key(new_targets_private_key) repo.snapshot.load_signing_key(new_snapshot_private_key) repo.timestamp.load_signing_key(new_timestamp_private_key) # Write all the metadata changes to disk (metadata.staged) and copy them to # the hosted metadata directory. write_to_live()
def clean_slate(use_new_keys=False): global repo # Create target files: file1.txt and infotainment_firmware.txt if os.path.exists(demo.MAIN_REPO_TARGETS_DIR): shutil.rmtree(demo.MAIN_REPO_TARGETS_DIR) os.makedirs(demo.MAIN_REPO_TARGETS_DIR) fobj = open(os.path.join(demo.MAIN_REPO_TARGETS_DIR, 'file1.txt'), 'w') fobj.write('Contents of file1.txt') fobj.close() fobj = open( os.path.join(demo.MAIN_REPO_TARGETS_DIR, 'infotainment_firmware.txt'), 'w') fobj.write('Contents of infotainment_firmware.txt') fobj.close() # Create repo at './repomain' repo = rt.create_new_repository(demo.MAIN_REPO_NAME) # Create keys and/or load keys into memory. if use_new_keys: demo.generate_key('mainroot') demo.generate_key('maintimestamp') demo.generate_key('mainsnapshot') demo.generate_key('maintargets') demo.generate_key('mainrole1') key_root_pub = demo.import_public_key('mainroot') key_root_pri = demo.import_private_key('mainroot') key_timestamp_pub = demo.import_public_key('maintimestamp') key_timestamp_pri = demo.import_private_key('maintimestamp') key_snapshot_pub = demo.import_public_key('mainsnapshot') key_snapshot_pri = demo.import_private_key('mainsnapshot') key_targets_pub = demo.import_public_key('maintargets') key_targets_pri = demo.import_private_key('maintargets') key_role1_pub = demo.import_public_key('mainrole1') key_role1_pri = demo.import_private_key('mainrole1') # Add top level keys to the main repository. repo.root.add_verification_key(key_root_pub) repo.timestamp.add_verification_key(key_timestamp_pub) repo.snapshot.add_verification_key(key_snapshot_pub) repo.targets.add_verification_key(key_targets_pub) repo.root.load_signing_key(key_root_pri) repo.timestamp.load_signing_key(key_timestamp_pri) repo.snapshot.load_signing_key(key_snapshot_pri) repo.targets.load_signing_key(key_targets_pri) # Perform delegation from mainrepo's targets role to mainrepo's role1 role. # Delegate to a new Supplier. repo.targets.delegate('role1', [key_role1_pub], [ os.path.join(demo.MAIN_REPO_NAME, 'targets/file1.txt'), os.path.join(demo.MAIN_REPO_NAME, 'targets/infotainment_firmware.txt') ], threshold=1, backtrack=True, restricted_paths=[ os.path.join(demo.MAIN_REPO_TARGETS_DIR, '*') ]) # Add delegated role keys to repo repo.targets('role1').load_signing_key(key_role1_pri)
def clean_slate(use_new_keys=False, additional_root_key=False, additional_targets_key=False): global repo global director_service_instance # ---------------- # REPOSITORY SETUP: # ---------------- # Create repo at './repodirector' repo = rt.create_new_repository(demo.DIRECTOR_REPO_NAME) # Create keys and/or load keys into memory. if use_new_keys: demo.generate_key('directorroot') demo.generate_key('directortimestamp') demo.generate_key('directorsnapshot') demo.generate_key('director') # targets if additional_root_key: demo.generate_key('directorroot2') if additional_targets_key: demo.generate_key('director2') key_dirroot_pub = demo.import_public_key('directorroot') key_dirroot_pri = demo.import_private_key('directorroot') key_dirtime_pub = demo.import_public_key('directortimestamp') key_dirtime_pri = demo.import_private_key('directortimestamp') key_dirsnap_pub = demo.import_public_key('directorsnapshot') key_dirsnap_pri = demo.import_private_key('directorsnapshot') key_dirtarg_pub = demo.import_public_key('director') key_dirtarg_pri = demo.import_private_key('director') key_dirroot2_pub = None key_dirroot2_pri = None if additional_root_key: key_dirroot2_pub = demo.import_public_key('directorroot2') key_dirroot2_pri = demo.import_private_key('directorroot2') if additional_targets_key: key_dirtarg2_pub = demo.import_public_key('director2') key_dirtarg2_pri = demo.import_private_key('director2') # Add top level keys to the main repository. repo.root.add_verification_key(key_dirroot_pub) repo.timestamp.add_verification_key(key_dirtime_pub) repo.snapshot.add_verification_key(key_dirsnap_pub) repo.targets.add_verification_key(key_dirtarg_pub) repo.root.load_signing_key(key_dirroot_pri) repo.timestamp.load_signing_key(key_dirtime_pri) repo.snapshot.load_signing_key(key_dirsnap_pri) repo.targets.load_signing_key(key_dirtarg_pri) if additional_targets_key: repo.targets.add_verification_key(key_dirtarg2_pub) repo.targets.load_signing_key(key_dirtarg2_pri) if additional_root_key: repo.root.add_verification_key(key_dirroot2_pub) repo.root.load_signing_key(key_dirroot2_pri) # Add target to director. # FOR NOW, we symlink the targets files on the director. # In the future, we probably have to have the repository tools add a function # like targets.add_target_from_metadata that doesn't require an actual target # file to exist, but instead provides metadata on some hypothetical file that # the director may not physically hold. if os.path.exists( os.path.join(demo.DIRECTOR_REPO_TARGETS_DIR, 'infotainment_firmware.txt')): os.remove( os.path.join(demo.DIRECTOR_REPO_TARGETS_DIR, 'infotainment_firmware.txt')) os.symlink( os.path.join(demo.MAIN_REPO_TARGETS_DIR, 'infotainment_firmware.txt'), os.path.join(demo.DIRECTOR_REPO_TARGETS_DIR, 'infotainment_firmware.txt')) fobj = open( os.path.join(demo.DIRECTOR_REPO_TARGETS_DIR, 'additional_file.txt'), 'w') fobj.write('Contents of additional_file.txt') fobj.close() repo.targets.add_target(os.path.join(demo.DIRECTOR_REPO_TARGETS_DIR, 'infotainment_firmware.txt'), custom={"ecu-serial-number": "ecu11111"}) #repo.targets.add_target( # os.path.join(demo.DIRECTOR_REPO_TARGETS_DIR, 'additional_file.txt'), # custom={"ecu-serial-number": "ecu11111"}) # -------------- # SERVICES SETUP: # -------------- # Create the demo Director instance. director_service_instance = director.Director( key_root=key_dirroot_pri, key_timestamp=key_dirtime_pri, key_snapshot=key_dirsnap_pri, key_targets=key_dirtarg_pri, ecu_public_keys=dict()) # Start with a hard-coded key for a single ECU for now. test_ecu_public_key = demo.import_public_key('secondary') test_ecu_serial = 'ecu11111' director_service_instance.register_ecu_serial(test_ecu_serial, test_ecu_public_key)
def clean_slate(use_new_keys=False): global director_service_instance I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[clean_slate(use_new_keys)]: ' + ENDCOLORS #TODO: Print to be deleted print(str('%s %s %s' % (I_TO_PRINT, 'cleaning slate with use_new_keys:', use_new_keys))) #TODO: Until here director_dir = os.path.join(uptane.WORKING_DIR, 'director') #TODO: Print to be deleted print(str('%s %s %s %s' % (I_TO_PRINT, 'Adding: ', director_dir, 'to os.path'))) #TODO: Until here # Create a directory for the Director's files. if os.path.exists(director_dir): shutil.rmtree(director_dir) os.makedirs(director_dir) # Create keys and/or load keys into memory. print(LOG_PREFIX + 'Loading all keys') #TODO: Print to be deleted print(str('%s %s %s' % (I_TO_PRINT, 'Create keys and/or load keys into memory.\n\t\t[use_new_keys]:', use_new_keys))) #TODO: Until here #TODO: Print to be deleted #TODO: Force the creation of new keys #use_new_keys = True #print(str('%s %s %s %s' % ('\n\n\n', I_TO_PRINT, 'Forcing the creation of new keys by setting use_new_keys:', use_new_keys))) #TODO: Until here if use_new_keys: demo.generate_key('directorroot') demo.generate_key('directortimestamp') demo.generate_key('directorsnapshot') demo.generate_key('director') # targets key_dirroot_pub = demo.import_public_key('directorroot') #TODO: Print to be deleted print(str('%s %s %s' % (I_TO_PRINT, 'imported [key_dirroot_pub]:', key_dirroot_pub))) #TODO: Until here key_dirroot_pri = demo.import_private_key('directorroot') #TODO: Print to be deleted print(str('%s %s %s' % (I_TO_PRINT, 'imported [key_dirroot_pri]:', key_dirroot_pri))) #TODO: Until here key_dirtime_pub = demo.import_public_key('directortimestamp') #TODO: Print to be deleted print(str('%s %s %s' % (I_TO_PRINT, 'imported [key_dirtime_pub]:', key_dirtime_pub))) #TODO: Until here key_dirtime_pri = demo.import_private_key('directortimestamp') #TODO: Print to be deleted print(str('%s %s %s' % (I_TO_PRINT, 'imported [key_dirtime_pri]:', key_dirtime_pri))) #TODO: Until here key_dirsnap_pub = demo.import_public_key('directorsnapshot') #TODO: Print to be deleted print(str('%s %s %s' % (I_TO_PRINT, 'imported [key_dirsnap_pub]:', key_dirsnap_pub))) #TODO: Until here key_dirsnap_pri = demo.import_private_key('directorsnapshot') #TODO: Print to be deleted print(str('%s %s %s' % (I_TO_PRINT, 'imported [key_dirsnap_pri]:', key_dirsnap_pri))) #TODO: Until here key_dirtarg_pub = demo.import_public_key('director') #TODO: Print to be deleted print(str('%s %s %s' % (I_TO_PRINT, 'imported [key_dirtarg_pub]:', key_dirtarg_pub))) #TODO: Until here key_dirtarg_pri = demo.import_private_key('director') #TODO: Print to be deleted print(str('%s %s %s' % (I_TO_PRINT, 'imported [key_dirtarg_pri]:', key_dirtarg_pri))) #TODO: Until here print(LOG_PREFIX + 'Initializing vehicle repositories') #TODO: Print to be deleted print(str('%s %s' % (I_TO_PRINT, 'Creating demo Director instance'))) #TODO: Until here # Create the demo Director instance. director_service_instance = director.Director( director_repos_dir=director_dir, key_root_pri=key_dirroot_pri, key_root_pub=key_dirroot_pub, key_timestamp_pri=key_dirtime_pri, key_timestamp_pub=key_dirtime_pub, key_snapshot_pri=key_dirsnap_pri, key_snapshot_pub=key_dirsnap_pub, key_targets_pri=key_dirtarg_pri, key_targets_pub=key_dirtarg_pub) for vin in KNOWN_VINS.keys(): #TODO: Print to be deleted print(str('%s %s %s' % (I_TO_PRINT, 'Adding new vehicle to director instance with vin: ', vin))) #TODO: Until here # Create VIN instance in Director's server director_service_instance.add_new_vehicle(vin) # Generate key pair for this new VIN #demo.generate_key(str(vin + '_keyPair')) # Import its public key test_ecu_public_key = demo.import_public_key(str(vin + '_keyPair')) # Get ECU's serial test_ecu_serial = KNOWN_VINS[vin] # Register ECU Serial director_service_instance.register_ecu_serial(test_ecu_serial, test_ecu_public_key, vin=vin) # Vincular fitxer infotainment_firmware.txt for vin in inventory.ecus_by_vin: for ecu in inventory.ecus_by_vin[vin]: add_target_to_director(os.path.join(demo.IMAGE_REPO_TARGETS_DIR, 'infotainment_firmware.txt'), 'infotainment_firmware.txt', vin, ecu) # You can tell the Director about ECUs this way: # test_ecu_public_key = demo.import_public_key('secondary') # test_ecu_serial = 'ecu11111' # director_service_instance.register_ecu_serial( # test_ecu_serial, test_ecu_public_key, vin='111') #TODO: Print to be deleted #print(I_TO_PRINT + 'Adding first files') #TODO: Until here # Add a first target file, for use by every ECU in every vehicle in that the # Director starts off with. (Currently 3) # This copies the file to each vehicle repository's targets directory from # the Image Repository. # for vin in inventory.ecus_by_vin: # for ecu in inventory.ecus_by_vin[vin]: # add_target_to_director( # os.path.join(demo.IMAGE_REPO_TARGETS_DIR, 'infotainment_firmware.txt'), # 'infotainment_firmware.txt', # vin, # ecu) print(LOG_PREFIX + 'Signing and hosting initial repository metadata') write_to_live() host() listen()
def revoke_compromised_keys(): """ <Purpose> Revoke the current Timestamp, Snapshot, and Targets keys for all vehicles, and generate a new key for each role. This is a high-level version of the common function to update a role key. The director service instance is also updated with the key changes. <Arguments> None. <Exceptions> None. <Side Effecs> None. <Returns> None. """ I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[revoke_compromised_keys()]: ' + ENDCOLORS #TODO: Print to be deleted print(str('%s %s' % (I_TO_PRINT, 'Revoke the current Timestamp, Snapshots, and Targets keys for all vehicles, and generate a new key for each role. This is a high-level version of the common function to update a role key. The director service instance is also updated with the key changes.'))) #TODO: Until here global director_service_instance # Generate news keys for the Targets, Snapshot, and Timestamp roles. Make # sure that the director service instance is updated to use the new keys. # The 'director' name actually references the targets role. # TODO: Change Director's targets key to 'directortargets' from 'director'. new_targets_keyname = 'new_director' new_timestamp_keyname = 'new_directortimestamp' new_snapshot_keyname = 'new_directorsnapshot' # References are needed for the old and new keys later below when we modify # the repository. Generate new keys for the Targets role... demo.generate_key(new_targets_keyname) new_targets_public_key = demo.import_public_key(new_targets_keyname) new_targets_private_key = demo.import_private_key(new_targets_keyname) old_targets_public_key = director_service_instance.key_dirtarg_pub # Timestamp... demo.generate_key(new_timestamp_keyname) new_timestamp_public_key = demo.import_public_key(new_timestamp_keyname) new_timestamp_private_key = demo.import_private_key(new_timestamp_keyname) old_timestamp_public_key = director_service_instance.key_dirtime_pub # And Snapshot. demo.generate_key(new_snapshot_keyname) new_snapshot_public_key = demo.import_public_key(new_snapshot_keyname) new_snapshot_private_key = demo.import_private_key(new_snapshot_keyname) old_snapshot_public_key = director_service_instance.key_dirsnap_pub # Set the new public and private Targets keys in the director service. # These keys are shared between all vehicle repositories. director_service_instance.key_dirtarg_pub = new_targets_public_key director_service_instance.key_dirtarg_pri = new_targets_private_key director_service_instance.key_dirtime_pub = new_timestamp_public_key director_service_instance.key_dirtime_pri = new_timestamp_private_key director_service_instance.key_dirsnap_pub = new_snapshot_public_key director_service_instance.key_dirsnap_pri = new_snapshot_private_key for vin in director_service_instance.vehicle_repositories: repository = director_service_instance.vehicle_repositories[vin] repo_dir = repository._repository_directory # Swap verification keys for the three roles. repository.targets.remove_verification_key(old_targets_public_key) repository.targets.add_verification_key(new_targets_public_key) repository.timestamp.remove_verification_key(old_timestamp_public_key) repository.timestamp.add_verification_key(new_timestamp_public_key) repository.snapshot.remove_verification_key(old_snapshot_public_key) repository.snapshot.add_verification_key(new_snapshot_public_key) # Unload the old signing keys so that the new metadata only contains # signatures produced by the new signing keys. Since this is based on # keyid, the public key can be used. repository.targets.unload_signing_key(old_targets_public_key) repository.snapshot.unload_signing_key(old_snapshot_public_key) repository.timestamp.unload_signing_key(old_timestamp_public_key) # Load the new signing keys to write metadata. The root key is unchanged, # and in the demo it is already loaded. repository.targets.load_signing_key(new_targets_private_key) repository.snapshot.load_signing_key(new_snapshot_private_key) repository.timestamp.load_signing_key(new_timestamp_private_key) # The root role is not automatically marked as dirty when the verification # keys are updated via repository.<non-root-role>.add_verification_key(). # TODO: Verify this behavior with the latest version of the TUF codebase. repository.mark_dirty(['root']) # Push the changes to "live". write_to_live()
def clean_slate(use_new_keys=False): global repo I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[clean_slate()]: ' + ENDCOLORS _print = True #TODO: Print to be deleted if _print: print( str('%s %s %s' % (I_TO_PRINT, 'Cleaning slate with use_new_keys:', use_new_keys))) #TODO: Until here print(LOG_PREFIX + 'Initializing repository') # Create target files: file1.txt and infotainment_firmware.txt #TODO: Print to be deleted if _print: print(I_TO_PRINT + 'Target files: %s' % target_files.keys()) #TODO: Until here if os.path.exists(demo.IMAGE_REPO_TARGETS_DIR): #TODO: Print to be deleted if _print: print(I_TO_PRINT + 'Removing files: ' + demo.IMAGE_REPO_TARGETS_DIR) #TODO: Until here shutil.rmtree(demo.IMAGE_REPO_TARGETS_DIR) #TODO: Print to be deleted if _print: print(I_TO_PRINT + 'Creating directories: ' + demo.IMAGE_REPO_TARGETS_DIR) #TODO: Until here os.makedirs(demo.IMAGE_REPO_TARGETS_DIR) #TODO: Print to be deleted if _print: print(I_TO_PRINT + 'Writing content for: %s' % target_files.keys()) #TODO: Until here for target in target_files.keys(): #TODO: Print to be deleted if _print: print(I_TO_PRINT + 'Target --> %s' % target) #TODO: Until here fobj = open(os.path.join(demo.IMAGE_REPO_TARGETS_DIR, target), 'w') fobj.write(target_files[target]) fobj.close() # Create repo at './repomain' #TODO: Print to be deleted if _print: print(I_TO_PRINT + 'Creating new repository at: ' + demo.IMAGE_REPO_NAME) #TODO: Until here repo = rt.create_new_repository(demo.IMAGE_REPO_NAME) print(LOG_PREFIX + 'Loading all keys') # Create keys and/or load keys into memory. if use_new_keys: demo.generate_key('mainroot') demo.generate_key('maintimestamp') demo.generate_key('mainsnapshot') demo.generate_key('maintargets') demo.generate_key('mainrole1') #TODO: Print to be deleted if _print: print( I_TO_PRINT + 'Loading keys for TOP-LEVEL roles: root, timestamp, snapshots, targets, role1' ) #TODO: Until here key_root_pub = demo.import_public_key('mainroot') #TODO: Print to be deleted if _print: print(str('%s %s %s' % (I_TO_PRINT, 'key_root_pub:', key_root_pub))) #TODO: Until here key_root_pri = demo.import_private_key('mainroot') #TODO: Print to be deleted if _print: print(str('%s %s %s' % (I_TO_PRINT, 'key_root_pri:', key_root_pri))) #TODO: Until here key_timestamp_pub = demo.import_public_key('maintimestamp') #TODO: Print to be deleted if _print: print( str('%s %s %s' % (I_TO_PRINT, 'key_timestamp_pub:', key_timestamp_pub))) #TODO: Until here key_timestamp_pri = demo.import_private_key('maintimestamp') #TODO: Print to be deleted if _print: print( str('%s %s %s' % (I_TO_PRINT, 'key_timestamp_pri:', key_timestamp_pri))) #TODO: Until here key_snapshot_pub = demo.import_public_key('mainsnapshot') #TODO: Print to be deleted if _print: print( str('%s %s %s' % (I_TO_PRINT, 'key_snapshot_pub:', key_snapshot_pub))) #TODO: Until here key_snapshot_pri = demo.import_private_key('mainsnapshot') #TODO: Print to be deleted if _print: print( str('%s %s %s' % (I_TO_PRINT, 'key_snapshot_pri:', key_snapshot_pri))) #TODO: Until here key_targets_pub = demo.import_public_key('maintargets') #TODO: Print to be deleted if _print: print( str('%s %s %s' % (I_TO_PRINT, 'key_targets_pub:', key_targets_pub))) #TODO: Until here key_targets_pri = demo.import_private_key('maintargets') #TODO: Print to be deleted if _print: print( str('%s %s %s' % (I_TO_PRINT, 'key_targets_pri:', key_targets_pri))) #TODO: Until here key_role1_pub = demo.import_public_key('mainrole1') #TODO: Print to be deleted if _print: print(str('%s %s %s' % (I_TO_PRINT, 'key_role1_pub:', key_role1_pub))) #TODO: Until here key_role1_pri = demo.import_private_key('mainrole1') #TODO: Print to be deleted if _print: print(str('%s %s %s' % (I_TO_PRINT, 'key_role1_pri:', key_role1_pri))) #TODO: Until here #TODO: Print to be deleted if _print: print( str('\n%s %s' % (I_TO_PRINT, 'Adding TOP-LEVEL keys to the main repository'))) #TODO: Until here # Add top level keys to the main repository. #TODO: Print to be deleted if _print: print(str('%s %s' % (I_TO_PRINT, 'Adding verification key_root_pub'))) #TODO: Until here repo.root.add_verification_key(key_root_pub) #TODO: Print to be deleted if _print: print( str('%s %s' % (I_TO_PRINT, 'Adding verification key_timestamp_pub'))) #TODO: Until here repo.timestamp.add_verification_key(key_timestamp_pub) #TODO: Print to be deleted if _print: print( str('%s %s' % (I_TO_PRINT, 'Adding verification key_snapshot_pub'))) #TODO: Until here repo.snapshot.add_verification_key(key_snapshot_pub) #TODO: Print to be deleted if _print: print( str('%s %s' % (I_TO_PRINT, 'Adding verification key_targets_pub'))) #TODO: Until here repo.targets.add_verification_key(key_targets_pub) #TODO: Print to be deleted if _print: print(str('%s %s' % (I_TO_PRINT, 'Adding signing key_root_pri'))) #TODO: Until here repo.root.load_signing_key(key_root_pri) #TODO: Print to be deleted if _print: print(str('%s %s' % (I_TO_PRINT, 'Adding signing key_timestamp_pri'))) #TODO: Until here repo.timestamp.load_signing_key(key_timestamp_pri) #TODO: Print to be deleted if _print: print(str('%s %s' % (I_TO_PRINT, 'Adding signing key_snapshot_pri'))) #TODO: Until here repo.snapshot.load_signing_key(key_snapshot_pri) #TODO: Print to be deleted if _print: print(str('%s %s' % (I_TO_PRINT, 'Adding signing key_targets_pri'))) #TODO: Until here repo.targets.load_signing_key(key_targets_pri) # Perform delegation from Image Repo's targets role to Image Repo's role1 # role. # TODO: <~> Re-enable delegations below. Currently, ASN1 conversion fails # when there are delegations. This is, of course, untenable, but for now, it # is more important to experiment with ASN1 than to have a sample delegation. # Delegate to a new Supplier. # repo.targets.delegate('role1', [key_role1_pub], # [os.path.join(demo.IMAGE_REPO_NAME, 'targets/file1.txt'), # os.path.join(demo.IMAGE_REPO_NAME, 'targets/infotainment_firmware.txt')], # threshold=1, backtrack=True, # restricted_paths=[os.path.join(demo.IMAGE_REPO_TARGETS_DIR, '*')]) # Add delegated role keys to repo # repo.targets('role1').load_signing_key(key_role1_pri) #TODO: Print to be deleted if _print: print(I_TO_PRINT + 'Adding some already created targets to imagerepo') #TODO: Until here # Add some starting image files, primarily for use with the web frontend. # add_target_to_imagerepo('demo/images/CommonINFO1.0.txt', 'CommonINFO1.0.txt') add_target_to_imagerepo('demo/images/infotainment_firmware.txt', 'infotainment_firmware.txt') add_target_to_imagerepo('demo/images/URV1.0.txt', 'URV1.0.txt') add_target_to_imagerepo('demo/images/URV1.1.txt', 'URV1.1.txt') add_target_to_imagerepo('demo/images/URV1.2.txt', 'URV1.2.txt') add_target_to_imagerepo('demo/images/UOC1.0.txt', 'UOC1.0.txt') add_target_to_imagerepo('demo/images/UOC1.1.txt', 'UOC1.1.txt') add_target_to_imagerepo('demo/images/UOC1.2.txt', 'UOC1.2.txt') add_target_to_imagerepo('demo/images/UOCMod1_new_firmware.img', 'UOCMod1_new_firmware.img') print(LOG_PREFIX + 'Signing and hosting initial repository metadata') write_to_live() host() listen()