class TestConfig(unittest.TestCase):
def test_getters_setters(self):
self.ic = ICrypto()
self.ic.add_blob("test", "Hello world")
assert self.ic["test"] == "Hello world"
def test_key_creation(self):
self.ic = ICrypto()
self.ic.add_blob("boo", "Hello world")\
.create_rsa_keypair("keys")
print(self.ic["keys"])
def test_file_hash(self):
self.ic = ICrypto()
path = "D:\\downloads\\10126usb.iso"
self.ic.hash_file("h", path)
print(self.ic["h"])
def test_key_creation(self):
self.ic = ICrypto()
self.ic.add_blob("boo", "Hello world")\
.create_rsa_keypair("keys")\
.encrypt_private_key("pem", "keys", bytes("blablabla", "utf8"))
print(self.ic["pem"])
print(self.ic["keys"])
with open("key.pem", "wb") as f:
f.write(self.ic["pem"])
def test_priv_key_dump(self):
self.ic = ICrypto()
self.ic.add_blob("boo", "Hello world") \
.create_rsa_keypair("keys") \
.encrypt_private_key("pem", "keys", bytes("blablabla", "utf8"))
print(self.ic["pem"])
print(self.ic["keys"])
with open("key.pem", "wb") as f:
f.write(self.ic["pem"])
self.read_key()
def read_key(self):
with open("key.pem", "rb") as f:
data = f.read()
ic = ICrypto()
ic.load_pem_private_key("priv", data, "blablabla")
print(ic["priv"])
def test_pkfp(self):
with open("key.pem", "rb") as f:
data = f.read()
ic = ICrypto()
ic.load_pem_private_key("priv", data, "blablabla") \
.public_from_private("pub", "priv") \
.get_public_key_fingerprint("pkfp", "pub")
print(str(ic["priv"], "utf8"))
print(str(ic["pub"], "utf8"))
with open("pub.pem", "wb") as pubf:
pubf.write(ic["pub"])
print("PKFP: " + str(ic["pkfp"], "utf8"))
def verify_image(self, temp_dir):
"""
Given the path to temporary directory where image data has been unpacked
scans the structure of the image data and verifies hashes and signatures
Also checks if public key is trusted
:param temp_dir: temporary directory where content of zip archive was unpacked
it should be a folder with 3 files in it
:return: list of found errors. List will be empty if no errors found
Errors come from ImageVerificationError enum
"""
errors = []
image_dir = os.path.join(temp_dir, self.config["image_dirname"])
try:
path_to_image, path_to_info, path_to_signature = self._get_paths(image_dir)
except InvalidImageContent as e:
log.info("Invalid image content.")
errors.append(ImageVerificationError.IMAGE_DATA_INVALID)
return errors
except Exception as e:
log.exception(e)
raise e
info, info_sign = None, None
ic = ICrypto()
# load info
with open(path_to_info, "r") as info_fp, \
open(path_to_signature, "rb") as sign_fp:
info = json.load(info_fp)
info_sign = sign_fp.read()
# checking protocol
if "authoring_protocol" not in info or info["authoring_protocol"] != self.authoring_protocol:
log.exception("Authoring protocol don't match! \n%s" % get_stack())
errors.append(ImageVerificationError.AUTHORING_PROTOCOL_MISMATCH)
ic.hash_file("image_hash", path_to_image)
image_hash = ic["image_hash"]
if bytes(info["hash"], "utf8") != image_hash:
log.error("Image hash does not match with hash specified in the info: \n%s\n%s" % (str(image_hash), str(info["hash"])))
errors.append(ImageVerificationError.HASH_MISMATCH)
try:
ic.hash_file("infohash", path_to_info) \
.add_blob("sign", info_sign) \
.load_pem_public_key("pub", bytes(info["public_key"], "utf8")) \
.public_key_verify("res_infohash", "infohash", "pub", "sign") \
.get_public_key_fingerprint("pkfp", "pub") \
.add_blob("image_hash", image_hash) \
.add_blob("image_sign", bytes(info["sign"], "utf8")) \
.public_key_verify("res_image", "image_hash", "pub", "image_sign")
except Exception as e:
errors.append(ImageVerificationError.CRYPTO_ERROR)
return errors
if ic["res_infohash"] is False:
log.error("Info signature is invalid")
errors.append(ImageVerificationError.INFO_SIGNATURE_INVAILD)
if ic["res_image"] is False:
log.error("Image signature is invalid")
errors.append(ImageVerificationError.IMAGE_SIGNATURE_INVALID)
if ic["pkfp"] != bytes(info["pkfp"], "utf8"):
msg = "Pkfp does not match"
log.error("Pkfp does not match")
errors.append(msg)
log.info("Checking if pkfp is in trusted keys...")
if not self.key_manager.is_key_trusted(str(ic["pkfp"], "utf8")):
log.error("Key is not trusted")
errors.append(ImageVerificationError.KEY_NOT_TRUSTED)
return errors