def _get_dck(dck_key_path: str) -> bytes:
"""Loads the Debugger Public Key (DCK).
:return: binary representing the DCK key
"""
dck_key = crypto.load_public_key(file_path=dck_key_path)
assert isinstance(dck_key, crypto.EllipticCurvePublicKey)
return ecc_key_to_bytes(key=dck_key, length=66)
def _get_rot_pub(rot_pub_id: int, rot_pub_keys: List[str]) -> bytes:
"""Loads the vendor RoT Public key that corresponds to the private key used for singing.
:return: binary representing the rotk public key
"""
root_key = rot_pub_keys[rot_pub_id]
root_public_key = crypto.load_public_key(root_key)
length = root_public_key.key_size // 8
assert isinstance(root_public_key, crypto.EllipticCurvePublicKey)
data = ecc_key_to_bytes(root_public_key, length=length)
return data
def create_ctrk_table(rot_pub_keys: List[str]) -> bytes:
"""Creates ctrk table."""
if len(rot_pub_keys) == 1:
return bytes()
ctrk_table = bytes()
for pub_key_path in rot_pub_keys:
pub_key = crypto.load_public_key(pub_key_path)
assert isinstance(pub_key, crypto.EllipticCurvePublicKey)
key_length = pub_key.key_size
data = ecc_key_to_bytes(key=pub_key, length=key_length // 8)
ctrk_hash = internal_backend.hash(data=data,
algorithm=f'sha{key_length}')
ctrk_table += ctrk_hash
return ctrk_table
def _get_rot_meta(used_root_cert: int, rot_pub_keys: List[str]) -> bytes:
"""Creates the RoT meta-data required by the device to corroborate.
The meta-data is created by getting the public numbers (modulus and exponent)
from each of the RoT public keys, hashing them and combing together.
:return: binary representing the rot-meta data
"""
rot_meta = bytearray(528)
for index, rot_key in enumerate(rot_pub_keys):
rot = crypto.load_public_key(file_path=rot_key)
assert isinstance(rot, crypto.EllipticCurvePublicKey)
data = ecc_key_to_bytes(key=rot, length=66)
rot_meta[index * 132:(index + 1) * 132] = data
return bytes(rot_meta)
