class TestConfig(unittest.TestCase): def test_getters_setters(self): self.ic = ICrypto() self.ic.add_blob("test", "Hello world") assert self.ic["test"] == "Hello world" def test_key_creation(self): self.ic = ICrypto() self.ic.add_blob("boo", "Hello world")\ .create_rsa_keypair("keys") print(self.ic["keys"]) def test_file_hash(self): self.ic = ICrypto() path = "D:\\downloads\\10126usb.iso" self.ic.hash_file("h", path) print(self.ic["h"]) def test_key_creation(self): self.ic = ICrypto() self.ic.add_blob("boo", "Hello world")\ .create_rsa_keypair("keys")\ .encrypt_private_key("pem", "keys", bytes("blablabla", "utf8")) print(self.ic["pem"]) print(self.ic["keys"]) with open("key.pem", "wb") as f: f.write(self.ic["pem"]) def test_priv_key_dump(self): self.ic = ICrypto() self.ic.add_blob("boo", "Hello world") \ .create_rsa_keypair("keys") \ .encrypt_private_key("pem", "keys", bytes("blablabla", "utf8")) print(self.ic["pem"]) print(self.ic["keys"]) with open("key.pem", "wb") as f: f.write(self.ic["pem"]) self.read_key() def read_key(self): with open("key.pem", "rb") as f: data = f.read() ic = ICrypto() ic.load_pem_private_key("priv", data, "blablabla") print(ic["priv"]) def test_pkfp(self): with open("key.pem", "rb") as f: data = f.read() ic = ICrypto() ic.load_pem_private_key("priv", data, "blablabla") \ .public_from_private("pub", "priv") \ .get_public_key_fingerprint("pkfp", "pub") print(str(ic["priv"], "utf8")) print(str(ic["pub"], "utf8")) with open("pub.pem", "wb") as pubf: pubf.write(ic["pub"]) print("PKFP: " + str(ic["pkfp"], "utf8"))
def verify_image(self, temp_dir): """ Given the path to temporary directory where image data has been unpacked scans the structure of the image data and verifies hashes and signatures Also checks if public key is trusted :param temp_dir: temporary directory where content of zip archive was unpacked it should be a folder with 3 files in it :return: list of found errors. List will be empty if no errors found Errors come from ImageVerificationError enum """ errors = [] image_dir = os.path.join(temp_dir, self.config["image_dirname"]) try: path_to_image, path_to_info, path_to_signature = self._get_paths(image_dir) except InvalidImageContent as e: log.info("Invalid image content.") errors.append(ImageVerificationError.IMAGE_DATA_INVALID) return errors except Exception as e: log.exception(e) raise e info, info_sign = None, None ic = ICrypto() # load info with open(path_to_info, "r") as info_fp, \ open(path_to_signature, "rb") as sign_fp: info = json.load(info_fp) info_sign = sign_fp.read() # checking protocol if "authoring_protocol" not in info or info["authoring_protocol"] != self.authoring_protocol: log.exception("Authoring protocol don't match! \n%s" % get_stack()) errors.append(ImageVerificationError.AUTHORING_PROTOCOL_MISMATCH) ic.hash_file("image_hash", path_to_image) image_hash = ic["image_hash"] if bytes(info["hash"], "utf8") != image_hash: log.error("Image hash does not match with hash specified in the info: \n%s\n%s" % (str(image_hash), str(info["hash"]))) errors.append(ImageVerificationError.HASH_MISMATCH) try: ic.hash_file("infohash", path_to_info) \ .add_blob("sign", info_sign) \ .load_pem_public_key("pub", bytes(info["public_key"], "utf8")) \ .public_key_verify("res_infohash", "infohash", "pub", "sign") \ .get_public_key_fingerprint("pkfp", "pub") \ .add_blob("image_hash", image_hash) \ .add_blob("image_sign", bytes(info["sign"], "utf8")) \ .public_key_verify("res_image", "image_hash", "pub", "image_sign") except Exception as e: errors.append(ImageVerificationError.CRYPTO_ERROR) return errors if ic["res_infohash"] is False: log.error("Info signature is invalid") errors.append(ImageVerificationError.INFO_SIGNATURE_INVAILD) if ic["res_image"] is False: log.error("Image signature is invalid") errors.append(ImageVerificationError.IMAGE_SIGNATURE_INVALID) if ic["pkfp"] != bytes(info["pkfp"], "utf8"): msg = "Pkfp does not match" log.error("Pkfp does not match") errors.append(msg) log.info("Checking if pkfp is in trusted keys...") if not self.key_manager.is_key_trusted(str(ic["pkfp"], "utf8")): log.error("Key is not trusted") errors.append(ImageVerificationError.KEY_NOT_TRUSTED) return errors