def test_certificate_generation(tmpdir):
ca_priv_key = generate_rsa_private_key()
save_rsa_private_key(ca_priv_key, path.join(tmpdir, "ca_private_key.pem"))
ca_pub_key = generate_rsa_public_key(ca_priv_key)
save_rsa_public_key(ca_pub_key, path.join(tmpdir, "ca_pub_key.pem"))
assert path.isfile(path.join(tmpdir, "ca_private_key.pem"))
assert path.isfile(path.join(tmpdir, "ca_pub_key.pem"))
subject = issuer = generate_name_struct("highest", "CZ")
ca_cert = generate_certificate(subject,
issuer,
ca_pub_key,
ca_priv_key,
if_ca=True)
save_crypto_item(ca_cert, path.join(tmpdir, "ca_cert.pem"))
assert path.isfile(path.join(tmpdir, "ca_cert.pem"))
srk_priv_key = generate_rsa_private_key()
save_rsa_private_key(srk_priv_key, path.join(tmpdir, "srk_priv_key.pem"))
assert path.isfile(path.join(tmpdir, "srk_priv_key.pem"))
srk_pub_key = generate_rsa_public_key(srk_priv_key)
save_rsa_public_key(srk_pub_key, path.join(tmpdir, "srk_pub_key.pem"))
assert path.isfile(path.join(tmpdir, "srk_pub_key.pem"))
srk_subject = generate_name_struct("srk", "UK")
srk_cert = generate_certificate(srk_subject,
issuer,
srk_pub_key,
ca_priv_key,
if_ca=False)
save_crypto_item(srk_cert, path.join(tmpdir, "srk1.pem"))
assert path.isfile(path.join(tmpdir, "srk1.pem"))
def genkey(ctx: click.Context, path: str, password: str, force: bool) -> None:
"""Generate key pair for RoT or DCK.
\b
PATH - path where the key pairs will be stored
"""
is_rsa = ctx.obj['is_rsa']
key_param = ctx.obj['key_param']
check_destination_dir(path, force)
check_file_exists(path, force)
if is_rsa:
logger.info("Generating RSA private key...")
priv_key_rsa = generate_rsa_private_key(key_size=key_param)
logger.info("Generating RSA corresponding public key...")
pub_key_rsa = generate_rsa_public_key(priv_key_rsa)
logger.info("Saving RSA key pair...")
save_rsa_private_key(priv_key_rsa, path, password if password else None)
save_rsa_public_key(pub_key_rsa, os.path.splitext(path)[0] + '.pub')
else:
logger.info("Generating ECC private key...")
priv_key_ec = generate_ecc_private_key(curve_name=key_param)
logger.info("Generating ECC public key...")
pub_key_ec = generate_ecc_public_key(priv_key_ec)
logger.info("Saving ECC key pair...")
save_ecc_private_key(priv_key_ec, path, password if password else None)
save_ecc_public_key(pub_key_ec, os.path.splitext(path)[0] + '.pub')
def test_generate_csf_img(cpu_params: CpuParams, srk_key_index: int, cert_name_prefix: str, cert_index: int,
key_size: int = 2048) -> None:
"""Generate additional CSF or IMG certificate for selected SRK key
:param cpu_params: processor specific parameters of the test
:param srk_key_index: index of SRK, for which new certificate is going to be generated
:param cert_name_prefix: prefix/type of the generated certificate: either 'CSF' or 'IMG'
:param cert_index: index of the generated certificate
:param key_size: size of the generated key in bits, 2048 by default
"""
# validate arguments
assert 1 <= srk_key_index <= 4
assert cert_name_prefix == 'CSF' or cert_name_prefix == 'IMG'
assert 1 <= cert_index
# build names
base_key_name = f'_sha256_{str(key_size)}_65537_v3_' # middle path of the output filename
srk_name = f'SRK{srk_key_index}' + base_key_name + 'ca'
out_name = cert_name_prefix + str(srk_key_index) + '_' + str(cert_index) + base_key_name + 'usr'
out_key_path = os.path.join(cpu_params.keys_data_dir, out_name + '_key')
# generate private key
gen_priv_key = generate_rsa_private_key(key_size=key_size)
save_private_key(gen_priv_key, out_key_path + '.pem', password=PRIV_KEY_PASSWORD, encoding=Encoding.PEM)
save_private_key(gen_priv_key, out_key_path + '.der', password=PRIV_KEY_PASSWORD, encoding=Encoding.DER)
# generate public key
gen_pub_key = generate_rsa_public_key(gen_priv_key)
# load private key of the issuer (SRK)
srk_priv_key = load_pem_private_key(load_binary(cpu_params.keys_data_dir, srk_name + '_key.pem'),
password=PRIV_KEY_PASSWORD, backend=default_backend())
# generate certificate
gen_cert = generate_certificate(x509_common_name(out_name), x509_common_name(srk_name), gen_pub_key,
srk_priv_key, serial_number=0x199999A7, if_ca=False, duration=3560)
save_crypto_item(gen_cert, os.path.join(cpu_params.cert_data_dir, out_name + '_crt.pem'), Encoding.PEM)
save_crypto_item(gen_cert, os.path.join(cpu_params.cert_data_dir, out_name + '_crt.der'), Encoding.DER)
def test_certificate_generation(tmpdir):
ca_priv_key = generate_rsa_private_key()
save_rsa_private_key(ca_priv_key, path.join(tmpdir, "ca_private_key.pem"))
ca_pub_key = generate_rsa_public_key(ca_priv_key)
save_rsa_public_key(ca_pub_key, path.join(tmpdir, "ca_pub_key.pem"))
assert path.isfile(path.join(tmpdir, "ca_private_key.pem"))
assert path.isfile(path.join(tmpdir, "ca_pub_key.pem"))
data = yaml.safe_load(
"""
COMMON_NAME: xyz
DOMAIN_COMPONENT: [com, nxp, wbi]
ORGANIZATIONAL_UNIT_NAME: [NXP, CZ, Managed Users, Developers]
"""
)
subject = issuer = generate_name(data)
ca_cert = generate_certificate(subject, issuer, ca_pub_key, ca_priv_key, if_ca=True)
save_crypto_item(ca_cert, path.join(tmpdir, "ca_cert.pem"))
assert path.isfile(path.join(tmpdir, "ca_cert.pem"))
data = yaml.safe_load(
"""
- COMMON_NAME: ccccc
- DOMAIN_COMPONENT: [com, nxp, wbi]
- ORGANIZATIONAL_UNIT_NAME: NXP
- ORGANIZATIONAL_UNIT_NAME: CZ
- ORGANIZATIONAL_UNIT_NAME: Managed Users
- ORGANIZATIONAL_UNIT_NAME: Developers
"""
)
subject = issuer = generate_name(data)
ca_cert = generate_certificate(subject, issuer, ca_pub_key, ca_priv_key, if_ca=True)
save_crypto_item(ca_cert, path.join(tmpdir, "ca_cert_1.pem"))
assert path.isfile(path.join(tmpdir, "ca_cert_1.pem"))
def main(log_level: str, key_type: str, path: str, password: str,
force: bool) -> int:
"""NXP Key Generator Tool.
\b
PATH - output file path, where the key pairs (private and public key) will be stored.
Each key will be stored in separate file (.pub and .pem).
"""
logging.basicConfig(level=log_level.upper())
key_param = key_type.lower().strip()
is_rsa = "rsa" in key_param
check_destination_dir(path, force)
check_file_exists(path, force)
pub_key_path = os.path.splitext(path)[0] + ".pub"
check_file_exists(pub_key_path, force)
if is_rsa:
logger.info("Generating RSA private key...")
priv_key_rsa = generate_rsa_private_key(
key_size=int(key_param.replace("rsa", "")))
logger.info("Generating RSA corresponding public key...")
pub_key_rsa = generate_rsa_public_key(priv_key_rsa)
logger.info("Saving RSA key pair...")
save_rsa_private_key(priv_key_rsa, path,
password if password else None)
save_rsa_public_key(pub_key_rsa, pub_key_path)
else:
logger.info("Generating ECC private key...")
priv_key_ec = generate_ecc_private_key(curve_name=key_param)
logger.info("Generating ECC public key...")
pub_key_ec = generate_ecc_public_key(priv_key_ec)
logger.info("Saving ECC key pair...")
save_ecc_private_key(priv_key_ec, path, password if password else None)
save_ecc_public_key(pub_key_ec, pub_key_path)
return 0
def keys_generation(data_dir):
priv_key = generate_rsa_private_key()
pub_key = generate_rsa_public_key(priv_key)
save_rsa_private_key(priv_key, path.join(data_dir, "priv.pem"))
save_rsa_public_key(pub_key, path.join(data_dir, "pub.pem"))
