Blame - scripts/imgtool/keys/ecdsa_test.py - mirror/mcuboot

blob: 65b709f6fce1d3afa3d0ddf789c423b171a86d0d [file] [log] [blame]

David Brown	b6e0ae6	2017-11-21 15:13:04 -0700	[diff] [blame]	1	"""
				2	Tests for ECDSA keys
				3	"""
				4
David Brown	79c4fcf	2021-01-26 15:04:05 -0700	[diff] [blame^]	5	# SPDX-License-Identifier: Apache-2.0
				6
David Brown	b6e0ae6	2017-11-21 15:13:04 -0700	[diff] [blame]	7	import io
				8	import os.path
				9	import sys
				10	import tempfile
				11	import unittest
				12
				13	from cryptography.exceptions import InvalidSignature
				14	from cryptography.hazmat.primitives.asymmetric import ec
				15	from cryptography.hazmat.primitives.hashes import SHA256
				16
				17	sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '../..')))
				18
				19	from imgtool.keys import load, ECDSA256P1, ECDSAUsageError
				20
				21	class EcKeyGeneration(unittest.TestCase):
				22
				23	def setUp(self):
				24	self.test_dir = tempfile.TemporaryDirectory()
				25
				26	def tname(self, base):
				27	return os.path.join(self.test_dir.name, base)
				28
				29	def tearDown(self):
				30	self.test_dir.cleanup()
				31
				32	def test_keygen(self):
				33	name1 = self.tname("keygen.pem")
				34	k = ECDSA256P1.generate()
				35	k.export_private(name1, b'secret')
				36
				37	self.assertIsNone(load(name1))
				38
				39	k2 = load(name1, b'secret')
				40
				41	pubname = self.tname('keygen-pub.pem')
				42	k2.export_public(pubname)
				43	pk2 = load(pubname)
				44
				45	# We should be able to export the public key from the loaded
				46	# public key, but not the private key.
				47	pk2.export_public(self.tname('keygen-pub2.pem'))
				48	self.assertRaises(ECDSAUsageError,
				49	pk2.export_private, self.tname('keygen-priv2.pem'))
				50
				51	def test_emit(self):
				52	"""Basic sanity check on the code emitters."""
				53	k = ECDSA256P1.generate()
				54
				55	ccode = io.StringIO()
Fabio Utzig	9560d77	2020-04-02 13:44:30 -0300	[diff] [blame]	56	k.emit_c_public(ccode)
David Brown	b6e0ae6	2017-11-21 15:13:04 -0700	[diff] [blame]	57	self.assertIn("ecdsa_pub_key", ccode.getvalue())
				58	self.assertIn("ecdsa_pub_key_len", ccode.getvalue())
				59
				60	rustcode = io.StringIO()
Fabio Utzig	9560d77	2020-04-02 13:44:30 -0300	[diff] [blame]	61	k.emit_rust_public(rustcode)
David Brown	b6e0ae6	2017-11-21 15:13:04 -0700	[diff] [blame]	62	self.assertIn("ECDSA_PUB_KEY", rustcode.getvalue())
				63
				64	def test_emit_pub(self):
				65	"""Basic sanity check on the code emitters."""
				66	pubname = self.tname("public.pem")
				67	k = ECDSA256P1.generate()
				68	k.export_public(pubname)
				69
				70	k2 = load(pubname)
				71
				72	ccode = io.StringIO()
Fabio Utzig	9560d77	2020-04-02 13:44:30 -0300	[diff] [blame]	73	k2.emit_c_public(ccode)
David Brown	b6e0ae6	2017-11-21 15:13:04 -0700	[diff] [blame]	74	self.assertIn("ecdsa_pub_key", ccode.getvalue())
				75	self.assertIn("ecdsa_pub_key_len", ccode.getvalue())
				76
				77	rustcode = io.StringIO()
Fabio Utzig	9560d77	2020-04-02 13:44:30 -0300	[diff] [blame]	78	k2.emit_rust_public(rustcode)
David Brown	b6e0ae6	2017-11-21 15:13:04 -0700	[diff] [blame]	79	self.assertIn("ECDSA_PUB_KEY", rustcode.getvalue())
				80
				81	def test_sig(self):
				82	k = ECDSA256P1.generate()
				83	buf = b'This is the message'
David Brown	2c9153a	2017-11-21 15:18:12 -0700	[diff] [blame]	84	sig = k.raw_sign(buf)
David Brown	b6e0ae6	2017-11-21 15:13:04 -0700	[diff] [blame]	85
				86	# The code doesn't have any verification, so verify this
				87	# manually.
				88	k.key.public_key().verify(
				89	signature=sig,
				90	data=buf,
				91	signature_algorithm=ec.ECDSA(SHA256()))
				92
				93	# Modify the message to make sure the signature fails.
				94	self.assertRaises(InvalidSignature,
				95	k.key.public_key().verify,
				96	signature=sig,
				97	data=b'This is thE message',
				98	signature_algorithm=ec.ECDSA(SHA256()))
				99
				100	if __name__ == '__main__':
				101	unittest.main()