def genkey(ctx: click.Context, path: str, password: str, force: bool) -> None:
"""Generate key pair for RoT or DCK.
\b
PATH - path where the key pairs will be stored
"""
is_rsa = ctx.obj['is_rsa']
key_param = ctx.obj['key_param']
check_destination_dir(path, force)
check_file_exists(path, force)
if is_rsa:
logger.info("Generating RSA private key...")
priv_key_rsa = generate_rsa_private_key(key_size=key_param)
logger.info("Generating RSA corresponding public key...")
pub_key_rsa = generate_rsa_public_key(priv_key_rsa)
logger.info("Saving RSA key pair...")
save_rsa_private_key(priv_key_rsa, path, password if password else None)
save_rsa_public_key(pub_key_rsa, os.path.splitext(path)[0] + '.pub')
else:
logger.info("Generating ECC private key...")
priv_key_ec = generate_ecc_private_key(curve_name=key_param)
logger.info("Generating ECC public key...")
pub_key_ec = generate_ecc_public_key(priv_key_ec)
logger.info("Saving ECC key pair...")
save_ecc_private_key(priv_key_ec, path, password if password else None)
save_ecc_public_key(pub_key_ec, os.path.splitext(path)[0] + '.pub')
def test_certificate_generation(tmpdir):
ca_priv_key = generate_rsa_private_key()
save_rsa_private_key(ca_priv_key, path.join(tmpdir, "ca_private_key.pem"))
ca_pub_key = generate_rsa_public_key(ca_priv_key)
save_rsa_public_key(ca_pub_key, path.join(tmpdir, "ca_pub_key.pem"))
assert path.isfile(path.join(tmpdir, "ca_private_key.pem"))
assert path.isfile(path.join(tmpdir, "ca_pub_key.pem"))
subject = issuer = generate_name_struct("highest", "CZ")
ca_cert = generate_certificate(subject,
issuer,
ca_pub_key,
ca_priv_key,
if_ca=True)
save_crypto_item(ca_cert, path.join(tmpdir, "ca_cert.pem"))
assert path.isfile(path.join(tmpdir, "ca_cert.pem"))
srk_priv_key = generate_rsa_private_key()
save_rsa_private_key(srk_priv_key, path.join(tmpdir, "srk_priv_key.pem"))
assert path.isfile(path.join(tmpdir, "srk_priv_key.pem"))
srk_pub_key = generate_rsa_public_key(srk_priv_key)
save_rsa_public_key(srk_pub_key, path.join(tmpdir, "srk_pub_key.pem"))
assert path.isfile(path.join(tmpdir, "srk_pub_key.pem"))
srk_subject = generate_name_struct("srk", "UK")
srk_cert = generate_certificate(srk_subject,
issuer,
srk_pub_key,
ca_priv_key,
if_ca=False)
save_crypto_item(srk_cert, path.join(tmpdir, "srk1.pem"))
assert path.isfile(path.join(tmpdir, "srk1.pem"))
def test_certificate_generation(tmpdir):
ca_priv_key = generate_rsa_private_key()
save_rsa_private_key(ca_priv_key, path.join(tmpdir, "ca_private_key.pem"))
ca_pub_key = generate_rsa_public_key(ca_priv_key)
save_rsa_public_key(ca_pub_key, path.join(tmpdir, "ca_pub_key.pem"))
assert path.isfile(path.join(tmpdir, "ca_private_key.pem"))
assert path.isfile(path.join(tmpdir, "ca_pub_key.pem"))
data = yaml.safe_load(
"""
COMMON_NAME: xyz
DOMAIN_COMPONENT: [com, nxp, wbi]
ORGANIZATIONAL_UNIT_NAME: [NXP, CZ, Managed Users, Developers]
"""
)
subject = issuer = generate_name(data)
ca_cert = generate_certificate(subject, issuer, ca_pub_key, ca_priv_key, if_ca=True)
save_crypto_item(ca_cert, path.join(tmpdir, "ca_cert.pem"))
assert path.isfile(path.join(tmpdir, "ca_cert.pem"))
data = yaml.safe_load(
"""
- COMMON_NAME: ccccc
- DOMAIN_COMPONENT: [com, nxp, wbi]
- ORGANIZATIONAL_UNIT_NAME: NXP
- ORGANIZATIONAL_UNIT_NAME: CZ
- ORGANIZATIONAL_UNIT_NAME: Managed Users
- ORGANIZATIONAL_UNIT_NAME: Developers
"""
)
subject = issuer = generate_name(data)
ca_cert = generate_certificate(subject, issuer, ca_pub_key, ca_priv_key, if_ca=True)
save_crypto_item(ca_cert, path.join(tmpdir, "ca_cert_1.pem"))
assert path.isfile(path.join(tmpdir, "ca_cert_1.pem"))
def main(log_level: str, key_type: str, path: str, password: str,
force: bool) -> int:
"""NXP Key Generator Tool.
\b
PATH - output file path, where the key pairs (private and public key) will be stored.
Each key will be stored in separate file (.pub and .pem).
"""
logging.basicConfig(level=log_level.upper())
key_param = key_type.lower().strip()
is_rsa = "rsa" in key_param
check_destination_dir(path, force)
check_file_exists(path, force)
pub_key_path = os.path.splitext(path)[0] + ".pub"
check_file_exists(pub_key_path, force)
if is_rsa:
logger.info("Generating RSA private key...")
priv_key_rsa = generate_rsa_private_key(
key_size=int(key_param.replace("rsa", "")))
logger.info("Generating RSA corresponding public key...")
pub_key_rsa = generate_rsa_public_key(priv_key_rsa)
logger.info("Saving RSA key pair...")
save_rsa_private_key(priv_key_rsa, path,
password if password else None)
save_rsa_public_key(pub_key_rsa, pub_key_path)
else:
logger.info("Generating ECC private key...")
priv_key_ec = generate_ecc_private_key(curve_name=key_param)
logger.info("Generating ECC public key...")
pub_key_ec = generate_ecc_public_key(priv_key_ec)
logger.info("Saving ECC key pair...")
save_ecc_private_key(priv_key_ec, path, password if password else None)
save_ecc_public_key(pub_key_ec, pub_key_path)
return 0
def keys_generation(data_dir):
priv_key = generate_rsa_private_key()
pub_key = generate_rsa_public_key(priv_key)
save_rsa_private_key(priv_key, path.join(data_dir, "priv.pem"))
save_rsa_public_key(pub_key, path.join(data_dir, "pub.pem"))
#!/usr/bin/env python
# -*- coding: UTF-8 -*-
#
# Copyright 2021 NXP
#
# SPDX-License-Identifier: BSD-3-Clause
from spsdk.crypto import load_certificate, save_rsa_public_key
cert = load_certificate("keys_and_certs/root_k0_signed_cert0_noca.der.cert")
pub_key = cert.public_key()
save_rsa_public_key(pub_key, "keys_and_cers/root_k0_public_key.pub")
