TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / faf2dd1f6a9a815b85e7cdcdc9e5f3bb3ebd89cd / . / scripts / imgtool / keys / rsa_test.py
blob: 7610106bc8d4760ff5d27162a3ac428d7b0ffa29 [file] [log] [blame]
David Brown5e7c6dd2017-11-16 14:47:16 -0700[diff] [blame]1"""
2Tests for RSA keys
3"""
4
David Brown79c4fcf2021-01-26 15:04:05 -0700[diff] [blame]5# SPDX-License-Identifier: Apache-2.0
6
David Brown5e7c6dd2017-11-16 14:47:16 -0700[diff] [blame]7import io
8import os
9import sys
10import tempfile
11import unittest
12
13from cryptography.exceptions import InvalidSignature
14from cryptography.hazmat.primitives.asymmetric.padding import PSS, MGF1
15from cryptography.hazmat.primitives.hashes import SHA256
16
17# Setup sys path so 'imgtool' is in it.
Fabio Utzig19fd79a2019-05-08 18:20:39 -0300[diff] [blame]18sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__),
19 '../..')))
David Brown5e7c6dd2017-11-16 14:47:16 -0700[diff] [blame]20
Fabio Utzig19fd79a2019-05-08 18:20:39 -0300[diff] [blame]21from imgtool.keys import load, RSA, RSAUsageError
22from imgtool.keys.rsa import RSA_KEY_SIZES
23
David Brown5e7c6dd2017-11-16 14:47:16 -0700[diff] [blame]24
25class KeyGeneration(unittest.TestCase):
26
27 def setUp(self):
28 self.test_dir = tempfile.TemporaryDirectory()
29
30 def tname(self, base):
31 return os.path.join(self.test_dir.name, base)
32
33 def tearDown(self):
34 self.test_dir.cleanup()
35
36 def test_keygen(self):
Fabio Utzig19fd79a2019-05-08 18:20:39 -0300[diff] [blame]37 # Try generating a RSA key with non-supported size
38 with self.assertRaises(RSAUsageError):
39 RSA.generate(key_size=1024)
David Brown5e7c6dd2017-11-16 14:47:16 -0700[diff] [blame]40
Fabio Utzig19fd79a2019-05-08 18:20:39 -0300[diff] [blame]41 for key_size in RSA_KEY_SIZES:
42 name1 = self.tname("keygen.pem")
43 k = RSA.generate(key_size=key_size)
44 k.export_private(name1, b'secret')
David Brown5e7c6dd2017-11-16 14:47:16 -0700[diff] [blame]45
Fabio Utzig19fd79a2019-05-08 18:20:39 -0300[diff] [blame]46 # Try loading the key without a password.
47 self.assertIsNone(load(name1))
David Brown5e7c6dd2017-11-16 14:47:16 -0700[diff] [blame]48
Fabio Utzig19fd79a2019-05-08 18:20:39 -0300[diff] [blame]49 k2 = load(name1, b'secret')
David Brown5e7c6dd2017-11-16 14:47:16 -0700[diff] [blame]50
Fabio Utzig19fd79a2019-05-08 18:20:39 -0300[diff] [blame]51 pubname = self.tname('keygen-pub.pem')
52 k2.export_public(pubname)
53 pk2 = load(pubname)
54
55 # We should be able to export the public key from the loaded
56 # public key, but not the private key.
57 pk2.export_public(self.tname('keygen-pub2.pem'))
58 self.assertRaises(RSAUsageError, pk2.export_private,
59 self.tname('keygen-priv2.pem'))
David Brown5e7c6dd2017-11-16 14:47:16 -0700[diff] [blame]60
61 def test_emit(self):
62 """Basic sanity check on the code emitters."""
Fabio Utzig19fd79a2019-05-08 18:20:39 -0300[diff] [blame]63 for key_size in RSA_KEY_SIZES:
64 k = RSA.generate(key_size=key_size)
David Brown5e7c6dd2017-11-16 14:47:16 -0700[diff] [blame]65
Denis Mingulovfaf2dd12023-09-26 09:22:44 +0300[diff] [blame^]66 pubpem = io.StringIO()
67 k.emit_public_pem(pubpem)
68 self.assertIn("BEGIN PUBLIC KEY", pubpem.getvalue())
69 self.assertIn("END PUBLIC KEY", pubpem.getvalue())
70
Fabio Utzig19fd79a2019-05-08 18:20:39 -0300[diff] [blame]71 ccode = io.StringIO()
Fabio Utzig9560d772020-04-02 13:44:30 -0300[diff] [blame]72 k.emit_c_public(ccode)
Fabio Utzig19fd79a2019-05-08 18:20:39 -0300[diff] [blame]73 self.assertIn("rsa_pub_key", ccode.getvalue())
74 self.assertIn("rsa_pub_key_len", ccode.getvalue())
David Brown5e7c6dd2017-11-16 14:47:16 -0700[diff] [blame]75
Denis Mingulovfaf2dd12023-09-26 09:22:44 +0300[diff] [blame^]76 hashccode = io.StringIO()
77 k.emit_c_public_hash(hashccode)
78 self.assertIn("rsa_pub_key_hash", hashccode.getvalue())
79 self.assertIn("rsa_pub_key_hash_len", hashccode.getvalue())
80
Fabio Utzig19fd79a2019-05-08 18:20:39 -0300[diff] [blame]81 rustcode = io.StringIO()
Fabio Utzig9560d772020-04-02 13:44:30 -0300[diff] [blame]82 k.emit_rust_public(rustcode)
Fabio Utzig19fd79a2019-05-08 18:20:39 -0300[diff] [blame]83 self.assertIn("RSA_PUB_KEY", rustcode.getvalue())
David Brown5e7c6dd2017-11-16 14:47:16 -0700[diff] [blame]84
Denis Mingulovfaf2dd12023-09-26 09:22:44 +0300[diff] [blame^]85 # raw data - bytes
86 pubraw = io.BytesIO()
87 k.emit_raw_public(pubraw)
88 self.assertTrue(len(pubraw.getvalue()) > 0)
89
90 hashraw = io.BytesIO()
91 k.emit_raw_public_hash(hashraw)
92 self.assertTrue(len(hashraw.getvalue()) > 0)
93
David Brown5e7c6dd2017-11-16 14:47:16 -0700[diff] [blame]94 def test_emit_pub(self):
95 """Basic sanity check on the code emitters, from public key."""
96 pubname = self.tname("public.pem")
Fabio Utzig19fd79a2019-05-08 18:20:39 -0300[diff] [blame]97 for key_size in RSA_KEY_SIZES:
98 k = RSA.generate(key_size=key_size)
99 k.export_public(pubname)
David Brown5e7c6dd2017-11-16 14:47:16 -0700[diff] [blame]100
Fabio Utzig19fd79a2019-05-08 18:20:39 -0300[diff] [blame]101 k2 = load(pubname)
David Brown5e7c6dd2017-11-16 14:47:16 -0700[diff] [blame]102
Fabio Utzig19fd79a2019-05-08 18:20:39 -0300[diff] [blame]103 ccode = io.StringIO()
Fabio Utzig9560d772020-04-02 13:44:30 -0300[diff] [blame]104 k2.emit_c_public(ccode)
Fabio Utzig19fd79a2019-05-08 18:20:39 -0300[diff] [blame]105 self.assertIn("rsa_pub_key", ccode.getvalue())
106 self.assertIn("rsa_pub_key_len", ccode.getvalue())
David Brown5e7c6dd2017-11-16 14:47:16 -0700[diff] [blame]107
Fabio Utzig19fd79a2019-05-08 18:20:39 -0300[diff] [blame]108 rustcode = io.StringIO()
Fabio Utzig9560d772020-04-02 13:44:30 -0300[diff] [blame]109 k2.emit_rust_public(rustcode)
Fabio Utzig19fd79a2019-05-08 18:20:39 -0300[diff] [blame]110 self.assertIn("RSA_PUB_KEY", rustcode.getvalue())
David Brown5e7c6dd2017-11-16 14:47:16 -0700[diff] [blame]111
112 def test_sig(self):
Fabio Utzig19fd79a2019-05-08 18:20:39 -0300[diff] [blame]113 for key_size in RSA_KEY_SIZES:
114 k = RSA.generate(key_size=key_size)
115 buf = b'This is the message'
116 sig = k.sign(buf)
David Brown5e7c6dd2017-11-16 14:47:16 -0700[diff] [blame]117
Fabio Utzig19fd79a2019-05-08 18:20:39 -0300[diff] [blame]118 # The code doesn't have any verification, so verify this
119 # manually.
120 k.key.public_key().verify(
David Brown5e7c6dd2017-11-16 14:47:16 -0700[diff] [blame]121 signature=sig,
122 data=buf,
David Brown20462a72017-11-21 14:28:51 -0700[diff] [blame]123 padding=PSS(mgf=MGF1(SHA256()), salt_length=32),
David Brown5e7c6dd2017-11-16 14:47:16 -0700[diff] [blame]124 algorithm=SHA256())
125
Fabio Utzig19fd79a2019-05-08 18:20:39 -0300[diff] [blame]126 # Modify the message to make sure the signature fails.
127 self.assertRaises(InvalidSignature,
128 k.key.public_key().verify,
129 signature=sig,
130 data=b'This is thE message',
131 padding=PSS(mgf=MGF1(SHA256()), salt_length=32),
132 algorithm=SHA256())
133
David Brown5e7c6dd2017-11-16 14:47:16 -0700[diff] [blame]134
135if __name__ == '__main__':
136 unittest.main()