def test_sign_v2_append_signatures_multiple_steps(self):
# similar to previous test, but sign in two invocations
with tempfile.NamedTemporaryFile() as output_file1, tempfile.NamedTemporaryFile() as output_file2:
args = self.SignArgs('2', [self._open('rsa_secure_boot_signing_key2.pem')],
output_file1.name, True,
self._open('bootloader_signed_v2.bin'))
espsecure.sign_data(args)
args = self.SignArgs('2', [self._open('rsa_secure_boot_signing_key3.pem')],
output_file2.name, True,
output_file1)
espsecure.sign_data(args)
args = self.VerifyArgs('2', self._open('rsa_secure_boot_signing_key.pem'),
output_file2)
espsecure.verify_signature(args)
output_file2.seek(0)
args = self.VerifyArgs('2', self._open('rsa_secure_boot_signing_key2.pem'),
output_file2)
espsecure.verify_signature(args)
output_file2.seek(0)
args = self.VerifyArgs('2', self._open('rsa_secure_boot_signing_key3.pem'),
output_file2)
espsecure.verify_signature(args)
def test_sign_v2_multiple_keys(self):
# 3 keys + Verify with 3rd key
with tempfile.NamedTemporaryFile() as output_file:
args = self.SignArgs('2', [
self._open('rsa_secure_boot_signing_key.pem'),
self._open('rsa_secure_boot_signing_key2.pem'),
self._open('rsa_secure_boot_signing_key3.pem')
], output_file.name, False,
self._open('bootloader_unsigned_v2.bin'))
espsecure.sign_data(args)
args = self.VerifyArgs(
'2', self._open('rsa_secure_boot_signing_key3.pem'),
output_file)
espsecure.verify_signature(args)
output_file.seek(0)
args = self.VerifyArgs(
'2', self._open('rsa_secure_boot_signing_key2.pem'),
output_file)
espsecure.verify_signature(args)
output_file.seek(0)
args = self.VerifyArgs(
'2', self._open('rsa_secure_boot_signing_key.pem'),
output_file)
espsecure.verify_signature(args)
def test_sign_v2_append_signatures(self):
# Append signatures + Verify with an appended key (bootloader_signed_v2.bin already signed with rsa_secure_boot_signing_key.pem)
with tempfile.NamedTemporaryFile() as output_file:
args = self.SignArgs('2', [
self._open('rsa_secure_boot_signing_key2.pem'),
self._open('rsa_secure_boot_signing_key3.pem')
], output_file.name, True, self._open('bootloader_signed_v2.bin'))
espsecure.sign_data(args)
args = self.VerifyArgs(
'2', self._open('rsa_secure_boot_signing_key.pem'),
output_file)
espsecure.verify_signature(args)
output_file.seek(0)
args = self.VerifyArgs(
'2', self._open('rsa_secure_boot_signing_key2.pem'),
output_file)
espsecure.verify_signature(args)
output_file.seek(0)
args = self.VerifyArgs(
'2', self._open('rsa_secure_boot_signing_key3.pem'),
output_file)
espsecure.verify_signature(args)
def sign_data(self, data_file, key_files, version, append_signature=0):
SignDataArgs = collections.namedtuple(
'sign_data_args',
['datafile', 'keyfile', 'output', 'version', 'append_signatures'])
outfile = tempfile.NamedTemporaryFile()
args = SignDataArgs(data_file, key_files, outfile.name, str(version),
append_signature)
espsecure.sign_data(args)
outfile.seek(0)
return outfile.read()
def test_sign_v2_data(self):
signing_keys = ['rsa_secure_boot_signing_key.pem',
'ecdsa192_secure_boot_signing_key.pem',
'ecdsa_secure_boot_signing_key.pem']
for key in signing_keys:
with tempfile.NamedTemporaryFile() as output_file:
args = self.SignArgs('2', [self._open(key)],
output_file.name, False,
self._open('bootloader_unsigned_v2.bin'))
espsecure.sign_data(args)
args = self.VerifyArgs('2', self._open(key),
output_file)
espsecure.verify_signature(args)
def _test_sign_v1_data(self, key_name):
try:
output_file = tempfile.NamedTemporaryFile(delete=False)
output_file.close()
# Note: signing bootloader is not actually needed
# for ESP32, it's just a handy file to sign
args = self.SignArgs('1', [self._open(key_name)], output_file.name,
None, self._open('bootloader.bin'))
espsecure.sign_data(args)
with open(output_file.name, 'rb') as of:
with self._open('bootloader_signed.bin') as ef:
self.assertEqual(ef.read(), of.read())
finally:
os.unlink(output_file.name)
def test_sign_data(self):
SignArgs = namedtuple('sign_data_args',
['keyfile', 'output', 'datafile'])
try:
output_file = tempfile.NamedTemporaryFile(delete=False)
output_file.close()
# Note: signing bootloader is not actually needed
# for ESP32, it's just a handy file to sign
args = SignArgs(self._open('ecdsa_secure_boot_signing_key.pem'),
output_file.name, self._open('bootloader.bin'))
espsecure.sign_data(args)
with open(output_file.name, 'rb') as of:
with self._open('bootloader_signed.bin') as ef:
self.assertEqual(ef.read(), of.read())
finally:
os.unlink(output_file.name)
def test_sign_v2_data(self):
SignArgs = namedtuple('sign_data_args',
['version', 'keyfile', 'output', 'datafile'])
try:
output_file = tempfile.NamedTemporaryFile(delete=False)
# Note: signing bootloader is not actually needed
# for ESP32, it's just a handy file to sign
args = SignArgs('2',
[self._open('rsa_secure_boot_signing_key.pem')],
output_file.name,
self._open('bootloader_unsigned_v2.bin'))
espsecure.sign_data(args)
args = self.VerifyArgs(
'2', self._open('rsa_secure_boot_signing_key.pem'),
output_file)
espsecure.verify_signature(args)
finally:
output_file.close()
os.unlink(output_file.name)
def test_sign_data(self):
SignArgs = namedtuple('sign_data_args', [
'keyfile',
'output',
'datafile' ])
try:
output_file = tempfile.NamedTemporaryFile(delete=False)
output_file.close()
# Note: signing bootloader is not actually needed
# for ESP32, it's just a handy file to sign
args = SignArgs(self._open('ecdsa_secure_boot_signing_key.pem'),
output_file.name,
self._open('bootloader.bin'))
espsecure.sign_data(args)
with open(output_file.name, 'rb') as of:
with self._open('bootloader_signed.bin') as ef:
self.assertEqual(ef.read(), of.read())
finally:
os.unlink(output_file.name)
def test_sign_v2_data(self):
SignArgs = namedtuple(
'sign_data_args',
['version', 'keyfile', 'output', 'append_signatures', 'datafile'])
try:
output_file = tempfile.NamedTemporaryFile(delete=False)
args = SignArgs('2',
[self._open('rsa_secure_boot_signing_key.pem')],
output_file.name, False,
self._open('bootloader_unsigned_v2.bin'))
espsecure.sign_data(args)
args = self.VerifyArgs(
'2', self._open('rsa_secure_boot_signing_key.pem'),
output_file)
espsecure.verify_signature(args)
finally:
output_file.close()
os.unlink(output_file.name)
# 3 keys + Verify with 3rd key
try:
output_file = tempfile.NamedTemporaryFile(delete=False)
args = SignArgs('2', [
self._open('rsa_secure_boot_signing_key.pem'),
self._open('rsa_secure_boot_signing_key2.pem'),
self._open('rsa_secure_boot_signing_key3.pem')
], output_file.name, False,
self._open('bootloader_unsigned_v2.bin'))
espsecure.sign_data(args)
args = self.VerifyArgs(
'2', self._open('rsa_secure_boot_signing_key3.pem'),
output_file)
espsecure.verify_signature(args)
output_file.seek(0)
args = self.VerifyArgs(
'2', self._open('rsa_secure_boot_signing_key2.pem'),
output_file)
espsecure.verify_signature(args)
output_file.seek(0)
args = self.VerifyArgs(
'2', self._open('rsa_secure_boot_signing_key.pem'),
output_file)
espsecure.verify_signature(args)
finally:
output_file.close()
os.unlink(output_file.name)
# Append signatures + Verify with an appended key (bootloader_signed_v2.bin already signed with rsa_secure_boot_signing_key.pem)
try:
output_file = tempfile.NamedTemporaryFile(delete=False)
args = SignArgs('2', [
self._open('rsa_secure_boot_signing_key2.pem'),
self._open('rsa_secure_boot_signing_key3.pem')
], output_file.name, True, self._open('bootloader_signed_v2.bin'))
espsecure.sign_data(args)
args = self.VerifyArgs(
'2', self._open('rsa_secure_boot_signing_key.pem'),
output_file)
espsecure.verify_signature(args)
output_file.seek(0)
args = self.VerifyArgs(
'2', self._open('rsa_secure_boot_signing_key2.pem'),
output_file)
espsecure.verify_signature(args)
output_file.seek(0)
args = self.VerifyArgs(
'2', self._open('rsa_secure_boot_signing_key3.pem'),
output_file)
espsecure.verify_signature(args)
finally:
output_file.close()
os.unlink(output_file.name)