def test_debugcredential_ecc_compare_with_reference(data_dir):
"""Loads the yaml file, creates the debug credential, saves to a file and compares with reference."""
with use_working_directory(data_dir):
with open("new_dck_secp256.yml", 'r') as f:
yaml_config = yaml.safe_load(f)
dc = DebugCredential.create_from_yaml_config(
version='2.0', yaml_config=yaml_config)
dc.sign()
data = dc.export()
pub_key = load_private_key(yaml_config['rotk']).public_key()
data_without_singature = data[:-132]
signature_bytes = data[-132:]
with open('new_dck_secp256r1.cert', 'rb') as f:
data_loaded = f.read()
ref_data_without_signature = data_loaded[:-132]
ref_signature_bytes = data_loaded[-132:]
assert data_without_singature == ref_data_without_signature, \
"The generated dc binary and the referenced one are not the same."
signature = utils.reconstruct_signature(signature_bytes)
ref_signature = utils.reconstruct_signature(ref_signature_bytes)
try:
pub_key.verify(signature, data_without_singature,
ec.ECDSA(hashes.SHA256()))
pub_key.verify(ref_signature, data_without_singature,
ec.ECDSA(hashes.SHA256()))
assert True
except InvalidSignature:
assert False
def test_verify_ecc_signature(data_dir):
"""Verifies the signature for ECC protocol."""
with use_working_directory(data_dir):
with open("new_dck_secp256.yml", 'r') as f:
yaml_config = yaml.safe_load(f)
dc = DebugCredentialECC.from_yaml_config(version='2.0', yaml_config=yaml_config)
data = dc.export()
priv_key = load_private_key(yaml_config['rotk'])
data_without_signature = data[:-132]
signature_bytes = data[-132:]
signature = utils.reconstruct_signature(signature_bytes)
pub_key = priv_key.public_key()
try:
pub_key.verify(signature, data_without_signature, ec.ECDSA(hashes.SHA256()))
assert True
except InvalidSignature:
assert False
def test_verify_ecc_signature_lpc55s3x_384(data_dir):
"""Verifies the signature for ECC384 protocol for LPC55S3x."""
with use_working_directory(data_dir):
with open("new_dck_secp384_lpc55s3x.yml", "r") as f:
yaml_config = yaml.safe_load(f)
dc = DebugCredential.create_from_yaml_config(version="2.1", yaml_config=yaml_config)
dc.sign()
data = dc.export()
priv_key = load_private_key(yaml_config["rotk"])
data_without_signature = data[:-96]
signature_bytes = data[-96:]
signature = utils.reconstruct_signature(signature_bytes=signature_bytes, size=48)
pub_key = priv_key.public_key()
try:
pub_key.verify(signature, data_without_signature, ec.ECDSA(hashes.SHA384()))
assert True
except InvalidSignature:
assert False
def test_verify_ecc_signature_N4A_256(data_dir):
"""Verifies the signature for ECC protocol for Niobe4Analog 256."""
with use_working_directory(data_dir):
with open("new_dck_secp256_N4A.yml", 'r') as f:
yaml_config = yaml.safe_load(f)
dc = DebugCredential.create_from_yaml_config(version='2.0',
yaml_config=yaml_config)
dc.sign()
data = dc.export()
priv_key = load_private_key(yaml_config['rotk'])
data_without_signature = data[:-64]
signature_bytes = data[-64:]
assert len(signature_bytes) == 64
signature = utils.reconstruct_signature(signature_bytes=signature_bytes,
size=32)
pub_key = priv_key.public_key()
try:
pub_key.verify(signature, data_without_signature,
ec.ECDSA(hashes.SHA256()))
assert True
except InvalidSignature:
assert False
def test_reconstruct_signature(data_dir):
"""Reconstructs the signature."""
signature_bytes = load_binary(data_dir, 'signature_bytes.bin')
signature = load_binary(data_dir, 'signature.bin')
reconstructed_signature = utils.reconstruct_signature(signature_bytes)
assert signature == reconstructed_signature
