def KeysetFromSigner(s, keydir, subdir='keyset'): """Returns a valid keyset containing required keys and keyblocks.""" ks = keys.Keyset() keydir = os.path.join(keydir, subdir) for key_name in s.required_keys: key = keys.KeyPair(key_name, keydir=keydir) ks.AddKey(key) keys_unittest.CreateDummyKeys(key) for key_name in s.required_keys_public: key = keys.KeyPair(key_name, keydir=keydir) ks.AddKey(key) keys_unittest.CreateDummyPublic(key) if key in s.required_keyblocks: keys_unittest.CreateDummyKeyblock(key) for key_name in s.required_keys_private: key = keys.KeyPair(key_name, keydir=keydir) ks.AddKey(key) keys_unittest.CreateDummyPrivateKey(key) for keyblock_name in s.required_keyblocks: if keyblock_name not in ks.keys: ks.AddKey(keys.KeyPair(keyblock_name, keydir=keydir)) key = ks.keys[keyblock_name] keys_unittest.CreateDummyKeyblock(key) return ks
def setUp(self): self.rc.SetDefaultCmdResult() self.rc.AddCmdResult(partial_mock.InOrder( ['dump_kernel_config', '/dev/loop9999p2']), output=SAMPLE_KERNEL_CONFIG) self.keytempdir = osutils.TempDir() self.keyset = keys.Keyset(self.keytempdir.tempdir) self.image = image_lib_unittest.LoopbackPartitionsMock( 'outfile', self.tempdir)
def testSignWithMock(self): foo_key = keys.KeyPair('foo', self.tempdir) keys_unittest.CreateDummyKeys(foo_key) keyset = keys.Keyset() keyset.AddKey(foo_key) fsm = MockFutilitySigner() fsm.Sign(keyset, 'foo', 'bar') self.assertCommandContains(['foo', 'bar'])
def setUp(self): self.keytempdir = osutils.TempDir() self.keyset = keys.Keyset(self.keytempdir.tempdir) self.info_mock = self.PatchObject(logging, 'info') self.warn_mock = self.PatchObject(logging, 'warning') self.rc.SetDefaultCmdResult() self.rc.AddCmdResult(partial_mock.In('sign_android_image.sh')) self.PatchObject(imagefile, '_PathForVbootSigningScripts', return_value={'PATH': 'path'})
def setUp(self): self.keytempdir = osutils.TempDir() self.keyset = keys.Keyset(self.keytempdir.tempdir) self.info_mock = self.PatchObject(logging, 'info') self.warn_mock = self.PatchObject(logging, 'warning') self.rc.SetDefaultCmdResult() self.image = image_lib_unittest.LoopbackPartitionsMock( 'meh', self.tempdir) self.PatchObject(imagefile, '_PathForVbootSigningScripts', return_value={'PATH': 'path'})
def setUp(self): self.rc.SetDefaultCmdResult() self.expected_sha1sum = '5' * 40 self.rc.AddCmdResult(partial_mock.In('sha1sum'), output=self.expected_sha1sum + ' meh') self.loginfo = self.PatchObject(logging, 'info') self.keytempdir = osutils.TempDir() self.keyset = keys.Keyset(self.keytempdir.tempdir) self.image = image_lib_unittest.LoopbackPartitionsMock( 'outfile', self.tempdir) self.ukc = self.PatchObject(imagefile, '_UpdateKernelConfig')
def setUp(self): self.rc.SetDefaultCmdResult() self.rc.AddCmdResult(partial_mock.InOrder( ['dump_kernel_config', '/dev/loop9999p2']), output=SAMPLE_KERNEL_CONFIG) self.keytempdir = osutils.TempDir() self.keyset = keys.Keyset(self.keytempdir.tempdir) self.image = image_lib_unittest.LoopbackPartitionsMock( 'outfile', self.tempdir) self.root_hash = CalculateRootfsHashMock('meh', SAMPLE_KERNEL_CONFIG) self.PatchObject(imagefile, 'CalculateRootfsHash', return_value=self.root_hash) self.rc.AddCmdResult(partial_mock.In('tune2fs'), output='Block count: 4480\n') self.ukc = self.PatchObject(imagefile, '_UpdateKernelConfig')
def testInitWithPopulatedDirectory(self): """Keyset() loads a populated keyset directory correctly.""" contents = 'name=testname\n' osutils.WriteFile(os.path.join(self.tempdir, 'key.versions'), contents) ks0 = KeysetMock(self.tempdir) self.assertEqual('testname', ks0.name) ks0.CreateDummyKeys() ks1 = keys.Keyset(self.tempdir) self.assertEqual('testname', ks1.name) self.assertDictEqual(ks0.keys, ks1.keys, msg='Incorrect keys') self.assertDictEqual(ks0._root_of_trust_keys, ks1._root_of_trust_keys, msg='Incorrect root_of_trust_keys') self.assertDictEqual(ks0.root_of_trust_map, ks1.root_of_trust_map, msg='Incorrect key aliases') self.assertEqual(ks0, ks1)
def DiscoverKeysets(keysets_dir): """Discover keysets. Args: keysets_dir: directory where the keysets live. Typically /cros/keys. Returns: A sorted list of (setname: directory) tuples. """ _, dirs, _ = next(os.walk(keysets_dir)) ret = {} for src in sorted(dirs): path = os.path.join(keysets_dir, src) keyset = keys.Keyset(path) if keyset.name != 'unknown': if keyset.name in ret: logging.warning('Ignoring %s because name is duplicate of %s', src, ret[keyset.name]) else: logging.info('Discovered %s in %s', keyset.name, src) ret[keyset.name] = src return sorted(ret.items())
def testInitWithEmptyDir(self): """Call Keyset() with an uncreated directory.""" ks = keys.Keyset(self.tempdir) self.assertIsInstance(ks, keys.Keyset) self.assertIsInstance(ks._root_of_trust_keys, dict) self.assertIsInstance(ks.root_of_trust_map, dict)
def testInit(self): ks = keys.Keyset() self.assertIsInstance(ks.keys, dict) self.assertIsInstance(ks._root_of_trust_keys, dict) self.assertIsInstance(ks.root_of_trust_map, dict) self.assertEqual(ks.name, 'unknown')
def SignImage(image_type, input_file, output_file, kernel_part_id, keydir, keyA_prefix='', vboot_path=None): """Sign the image file. A Chromium OS image file (INPUT) always contains 2 partitions (kernel A & B). This function will rebuild hash data by DM_PARTNO, resign kernel partitions by their KEYBLOCK and PRIVKEY files, and then write to OUTPUT file. Note some special images (specified by IMAGE_TYPE, like 'recovery' or 'factory_install') may have additional steps (ex, tweaking verity hash or not stripping files) when generating output file. Args: image_type: Type of image (e.g., 'factory', 'recovery'). input_file: Image to sign. (read-only: copied to output_file). output_file: Signed image. (file is created here) kernel_part_id: partition number (or name) for the kernel (usually 2, 4 on recovery media.) keydir: Path of keyset dir to use. keyA_prefix: Prefix for kernA key (e.g., 'recovery_'). vboot_path: Vboot_reference/scripts/image_signing dir path. Raises SignImageException """ extra_env = _PathForVbootSigningScripts(vboot_path) logging.info('Preparing %s image...', image_type) cros_build_lib.run(['cp', '--sparse=always', input_file, output_file]) keyset = keys.Keyset(keydir) firmware.ResignImageFirmware(output_file, keyset) with osutils.TempDir() as dest_dir: with image_lib.LoopbackPartitions(output_file, dest_dir) as image: rootfs_dir = image.Mount(('ROOT-A', ))[0] SignAndroidImage(rootfs_dir, keyset, vboot_path=vboot_path) SignUefiBinaries(image, rootfs_dir, keyset, vboot_path=vboot_path) image.Unmount(('ROOT-A', )) # TODO(lamontjones): From this point on, all we really want at the moment # is the loopback devicefile names, but that may change as we implement # more of the shell functions. # # We do not actually want to have any filesystems mounted at this point. loop_kernA = image.GetPartitionDevName('KERN-A') loop_rootfs = image.GetPartitionDevName('ROOT-A') loop_kern = image.GetPartitionDevName(kernel_part_id) kernA_cmd = _GetKernelCmdLine(loop_kernA) if (image_type != 'factory_install' and not kernA_cmd.GetKernelParameter('cros_legacy') and not kernA_cmd.GetKernelParameter('cros_efi')): cros_build_lib.run( ['strip_boot_from_image.sh', '--image', loop_rootfs], extra_env=extra_env) ClearResignFlag(image) UpdateRootfsHash(image, loop_kern, keyset, keyA_prefix) UpdateStatefulPartitionVblock(image, keyset) if image_type == 'recovery': UpdateRecoveryKernelHash(image, keyset) UpdateLegacyBootloader(image, loop_kern) logging.info('Signed %s image written to %s', image_type, output_file)
def testCheckRequiredPrivateKeysMissing(self): ks_empty = keys.Keyset() s0 = MockBaseSigner(required_keys_private=['key1']) self.assertFalse(s0.CheckKeyset(ks_empty))
def testCheck(self): ks = keys.Keyset() s = signer.BaseSigner() self.assertTrue(s.CheckKeyset(ks))
def testGetCmdArgs(self): keyset = keys.Keyset() fs = signer.FutilitySigner() self.assertRaises(NotImplementedError, fs.GetFutilityArgs, keyset, 'foo', 'bar')
def testSignWithMockMissingKey(self): keyset = keys.Keyset() fsm = MockFutilitySigner() self.assertFalse(fsm.Sign(keyset, 'foo', 'bar'))
def testCheckRequiredKeyblocksEmpty(self): ks_empty = keys.Keyset() s0 = MockBaseSigner(required_keyblocks=['key1']) self.assertFalse(s0.CheckKeyset(ks_empty))
def testSign(self): keyset = keys.Keyset() fs = signer.FutilitySigner() self.assertRaises(NotImplementedError, fs.Sign, keyset, 'dummy', 'dummy')
def testAddKey(self): ks0 = keys.Keyset() key0 = keys.KeyPair('key0', self.tempdir) ks0.AddKey(key0) self.assertEqual(ks0.keys['key0'], key0)
def testSign(self): ks = keys.Keyset() s = signer.BaseSigner() with self.assertRaises(NotImplementedError): s.Sign(ks, 'input', 'output')