예제 #1
0
def test_srktable_parse_not_valid_header():
    srkitem_rsa = SrkItemRSA(modulus=bytes(2048), exponent=bytes(4))
    srkitem_rsa._header._tag = 0xFF

    srkitem_rsa_out = srkitem_rsa.export()
    with pytest.raises(NotImplementedSRKItem):
        SrkItem.parse(srkitem_rsa_out)
예제 #2
0
def test_srk_table_cert_hashing(data_dir, srk_pem):
    """Recreate SRK_1_2_H3_H4 table from certificates"""
    srk_table = SrkTable(version=0x40)
    srk_table.append(
        SrkItem.from_certificate(
            x509.load_pem_x509_certificate(srk_pem[0], default_backend())))
    srk_table.append(
        SrkItem.from_certificate(
            x509.load_pem_x509_certificate(srk_pem[1], default_backend())))
    srk_table.append(
        SrkItem.from_certificate(
            x509.load_pem_x509_certificate(srk_pem[2],
                                           default_backend())).hashed_entry())
    srk_table.append(
        SrkItem.from_certificate(
            x509.load_pem_x509_certificate(srk_pem[3],
                                           default_backend())).hashed_entry())
    assert srk_table.export()
    assert len(srk_table.export_fuses()) == 32
    assert srk_table.info()  # test export returns any result

    with open(os.path.join(data_dir, 'SRK_1_2_H3_H4_table.bin'), 'rb') as f:
        preimaged_srk_table_data = f.read()
    assert srk_table.export() == preimaged_srk_table_data
    assert srk_table == SrkTable.parse(preimaged_srk_table_data)

    with open(os.path.join(data_dir, 'SRK_1_2_3_4_fuse.bin'), 'rb') as f:
        srk_fuses = f.read()
    assert srk_table.export_fuses() == srk_fuses
예제 #3
0
def srk_table4(cpu_params: CpuParams) -> SrkTable:
    """Create SRK table with four root SRK keys

    :param cpu_params: processor specific parameters of the test
    :return: SrkTable instance
    """
    result = SrkTable()
    for cert_prefix in ['SRK1', 'SRK2', 'SRK3', 'SRK4']:
        cert_data = load_binary(cpu_params.cert_data_dir, cert_prefix + '_sha256_2048_65537_v3_ca_crt.pem')
        certificate = x509.load_pem_x509_certificate(cert_data, default_backend())
        result.append(SrkItem.from_certificate(certificate))
    return result
예제 #4
0
def test_srk_table_export(data_dir, srk_pem):
    srk_table = SrkTable(version=0x40)

    for pem_data in srk_pem:
        cert = x509.load_pem_x509_certificate(pem_data, default_backend())
        srk_table.append(SrkItem.from_certificate(cert))

    with open(os.path.join(data_dir, 'SRK_1_2_3_4_table.bin'), 'rb') as f:
        srk_table_data = f.read()

    assert srk_table.export() == srk_table_data
    assert srk_table == SrkTable.parse(srk_table_data)
예제 #5
0
def test_srk_table_single_cert(srk_pem):
    """Smoke test that SrkTable with single certificate works"""
    srk_table = SrkTable(version=0x40)
    cert = x509.load_pem_x509_certificate(srk_pem[0], default_backend())
    srk_table.append(SrkItem.from_certificate(cert))

    # test export() returns any result
    assert srk_table.export()
    # test export_fuses() returns valid length
    assert len(srk_table.export_fuses()) == 32
    # test get_fuse() returns valid value
    for fuse_index in range(8):
        assert srk_table.get_fuse(fuse_index) >= 0
    with pytest.raises(AssertionError):
        srk_table.get_fuse(8)
    # test info() returns non-empty text
    assert srk_table.info()  # test export returns any result
예제 #6
0
def main() -> None:
    """Main function."""
    cert_files = [f for f in os.listdir(DATA_DIR) if f.endswith(".pem")]
    if not cert_files:
        print(f'Add generated *.pem files into "{DATA_DIR}" directory')
        sys.exit()

    # Create SRK Table instance
    srk_table = SrkTable(version=0x40)

    for cert_file in cert_files:
        with open(f"{DATA_DIR}/{cert_file}", "rb") as f:
            certificate = x509.load_pem_x509_certificate(
                f.read(), default_backend())
            srk_item = SrkItem.from_certificate(certificate)
            srk_table.append(srk_item)

    with open(f"{DATA_DIR}/srk_fuses.bin", "wb") as f:
        f.write(srk_table.export_fuses())

    with open(f"{DATA_DIR}/srk_table.bin", "wb") as f:
        f.write(srk_table.export())
예제 #7
0
def test_srktable_from_certificate_ecc(data_dir):
    certificate = load_certificate(os.path.join(data_dir, 'ecc.crt'))

    with pytest.raises(NotImplementedSRKCertificate):
        SrkItem.from_certificate(certificate)