def test_extract_binary_public_key(self): ExtractKeyArgs = namedtuple('extract_public_key_args', ['version', 'keyfile', 'public_keyfile']) with tempfile.NamedTemporaryFile( ) as pub_keyfile, tempfile.NamedTemporaryFile() as pub_keyfile2: args = ExtractKeyArgs( '1', self._open('ecdsa_secure_boot_signing_key.pem'), pub_keyfile) espsecure.extract_public_key(args) args = ExtractKeyArgs( '1', self._open('ecdsa_secure_boot_signing_key2.pem'), pub_keyfile2) espsecure.extract_public_key(args) pub_keyfile.seek(0) pub_keyfile2.seek(0) # use correct extracted public key to verify args = self.VerifyArgs('1', pub_keyfile, self._open('bootloader_signed.bin')) espsecure.verify_signature(args) # use wrong extracted public key to try and verify args = self.VerifyArgs('1', pub_keyfile2, self._open('bootloader_signed.bin')) with self.assertRaises(esptool.FatalError) as cm: espsecure.verify_signature(args) self.assertIn("Signature is not valid", str(cm.exception))
def test_extract_binary_public_key(self): ExtractKeyArgs = namedtuple('extract_public_key_args', [ 'keyfile', 'public_keyfile' ]) pub_keyfile = tempfile.NamedTemporaryFile(delete=False) pub_keyfile2 = tempfile.NamedTemporaryFile(delete=False) try: args = ExtractKeyArgs(self._open('ecdsa_secure_boot_signing_key.pem'), pub_keyfile) espsecure.extract_public_key(args) args = ExtractKeyArgs(self._open('ecdsa_secure_boot_signing_key2.pem'), pub_keyfile2) espsecure.extract_public_key(args) pub_keyfile.seek(0) pub_keyfile2.seek(0) # use correct extracted public key to verify args = self.VerifyArgs(pub_keyfile, self._open('bootloader_signed.bin')) espsecure.verify_signature(args) # use wrong extracted public key to try and verify args = self.VerifyArgs(pub_keyfile2, self._open('bootloader_signed.bin')) with self.assertRaises(esptool.FatalError) as cm: espsecure.verify_signature(args) self.assertIn("Signature is not valid", str(cm.exception)) finally: os.unlink(pub_keyfile.name) os.unlink(pub_keyfile2.name)
def test_generate_and_extract_key_v2(self): keydir = tempfile.mkdtemp( ) # tempfile.TemporaryDirectory() would be better but we need compatibility with old Pythons self.addCleanup(os.rmdir, keydir) # keyfile cannot exist before generation -> tempfile.NamedTemporaryFile() cannot be used for keyfile keyfile_name = os.path.join(keydir, 'key.pem') self.addCleanup(os.remove, keyfile_name) args = self.GenerateKeyArgs('2', keyfile_name) espsecure.generate_signing_key(args) with tempfile.NamedTemporaryFile() as pub_keyfile, open( keyfile_name, 'rb') as keyfile: args = self.ExtractKeyArgs('2', keyfile, pub_keyfile) espsecure.extract_public_key(args)
def test_generate_and_extract_key_v2(self): keydir = tempfile.mkdtemp() # tempfile.TemporaryDirectory() would be better but we need compatibility with old Pythons self.addCleanup(os.rmdir, keydir) # keyfile cannot exist before generation -> tempfile.NamedTemporaryFile() cannot be used for keyfile keyfile_name = os.path.join(keydir, 'key.pem') # We need to manually delete the keyfile as we are iterating over different schemes with the same keyfile # so instead of using addCleanup, we remove it using os.remove at the end of each pass for scheme in ["rsa3072", "ecdsa192", "ecdsa256"]: args = self.GenerateKeyArgs('2', scheme, keyfile_name) espsecure.generate_signing_key(args) with tempfile.NamedTemporaryFile() as pub_keyfile, open(keyfile_name, 'rb') as keyfile: args = self.ExtractKeyArgs('2', keyfile, pub_keyfile) espsecure.extract_public_key(args) os.remove(keyfile_name)