InfiniTime/tools/mcuboot/imgtool/keys/rsa_test.py

"""
Tests for RSA keys
"""

import io
import os
import sys
import tempfile
import unittest

from cryptography.exceptions import InvalidSignature
from cryptography.hazmat.primitives.asymmetric.padding import PSS, MGF1
from cryptography.hazmat.primitives.hashes import SHA256

# Setup sys path so 'imgtool' is in it.
sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__),
                                                '../..')))

from imgtool.keys import load, RSA, RSAUsageError
from imgtool.keys.rsa import RSA_KEY_SIZES


class KeyGeneration(unittest.TestCase):

    def setUp(self):
        self.test_dir = tempfile.TemporaryDirectory()

    def tname(self, base):
        return os.path.join(self.test_dir.name, base)

    def tearDown(self):
        self.test_dir.cleanup()

    def test_keygen(self):
        # Try generating a RSA key with non-supported size
        with self.assertRaises(RSAUsageError):
            RSA.generate(key_size=1024)

        for key_size in RSA_KEY_SIZES:
            name1 = self.tname("keygen.pem")
            k = RSA.generate(key_size=key_size)
            k.export_private(name1, b'secret')

            # Try loading the key without a password.
            self.assertIsNone(load(name1))

            k2 = load(name1, b'secret')

            pubname = self.tname('keygen-pub.pem')
            k2.export_public(pubname)
            pk2 = load(pubname)

            # We should be able to export the public key from the loaded
            # public key, but not the private key.
            pk2.export_public(self.tname('keygen-pub2.pem'))
            self.assertRaises(RSAUsageError, pk2.export_private,
                              self.tname('keygen-priv2.pem'))

    def test_emit(self):
        """Basic sanity check on the code emitters."""
        for key_size in RSA_KEY_SIZES:
            k = RSA.generate(key_size=key_size)

            ccode = io.StringIO()
            k.emit_c_public(ccode)
            self.assertIn("rsa_pub_key", ccode.getvalue())
            self.assertIn("rsa_pub_key_len", ccode.getvalue())

            rustcode = io.StringIO()
            k.emit_rust_public(rustcode)
            self.assertIn("RSA_PUB_KEY", rustcode.getvalue())

    def test_emit_pub(self):
        """Basic sanity check on the code emitters, from public key."""
        pubname = self.tname("public.pem")
        for key_size in RSA_KEY_SIZES:
            k = RSA.generate(key_size=key_size)
            k.export_public(pubname)

            k2 = load(pubname)

            ccode = io.StringIO()
            k2.emit_c_public(ccode)
            self.assertIn("rsa_pub_key", ccode.getvalue())
            self.assertIn("rsa_pub_key_len", ccode.getvalue())

            rustcode = io.StringIO()
            k2.emit_rust_public(rustcode)
            self.assertIn("RSA_PUB_KEY", rustcode.getvalue())

    def test_sig(self):
        for key_size in RSA_KEY_SIZES:
            k = RSA.generate(key_size=key_size)
            buf = b'This is the message'
            sig = k.sign(buf)

            # The code doesn't have any verification, so verify this
            # manually.
            k.key.public_key().verify(
                signature=sig,
                data=buf,
                padding=PSS(mgf=MGF1(SHA256()), salt_length=32),
                algorithm=SHA256())

            # Modify the message to make sure the signature fails.
            self.assertRaises(InvalidSignature,
                              k.key.public_key().verify,
                              signature=sig,
                              data=b'This is thE message',
                              padding=PSS(mgf=MGF1(SHA256()), salt_length=32),
                              algorithm=SHA256())


if __name__ == '__main__':
    unittest.main()
Generate pinetime-recovery : a light version of InfiniTime design to be used as a recovery firmware : it only provides basic UI and BLE connectivity for OTA. This new FW is build on the same codebasse than the actual InfiniTime. Only the display task is different (this allows to remove lvgl from the recovery fw, which is very heavy). CMake builds and docker have been modified accordingly. Note than the fw is converted into an image and then into a DFU in the cmake build (previously, it was only done in the 2021-01-26 19:31:45 +00:00			`"""`
			`Tests for RSA keys`
			`"""`

			`import io`
			`import os`
			`import sys`
			`import tempfile`
			`import unittest`

			`from cryptography.exceptions import InvalidSignature`
			`from cryptography.hazmat.primitives.asymmetric.padding import PSS, MGF1`
			`from cryptography.hazmat.primitives.hashes import SHA256`

			`# Setup sys path so 'imgtool' is in it.`
			`sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__),`
			`'../..')))`

			`from imgtool.keys import load, RSA, RSAUsageError`
			`from imgtool.keys.rsa import RSA_KEY_SIZES`


			`class KeyGeneration(unittest.TestCase):`

			`def setUp(self):`
			`self.test_dir = tempfile.TemporaryDirectory()`

			`def tname(self, base):`
			`return os.path.join(self.test_dir.name, base)`

			`def tearDown(self):`
			`self.test_dir.cleanup()`

			`def test_keygen(self):`
			`# Try generating a RSA key with non-supported size`
			`with self.assertRaises(RSAUsageError):`
			`RSA.generate(key_size=1024)`

			`for key_size in RSA_KEY_SIZES:`
			`name1 = self.tname("keygen.pem")`
			`k = RSA.generate(key_size=key_size)`
			`k.export_private(name1, b'secret')`

			`# Try loading the key without a password.`
			`self.assertIsNone(load(name1))`

			`k2 = load(name1, b'secret')`

			`pubname = self.tname('keygen-pub.pem')`
			`k2.export_public(pubname)`
			`pk2 = load(pubname)`

			`# We should be able to export the public key from the loaded`
			`# public key, but not the private key.`
			`pk2.export_public(self.tname('keygen-pub2.pem'))`
			`self.assertRaises(RSAUsageError, pk2.export_private,`
			`self.tname('keygen-priv2.pem'))`

			`def test_emit(self):`
			`"""Basic sanity check on the code emitters."""`
			`for key_size in RSA_KEY_SIZES:`
			`k = RSA.generate(key_size=key_size)`

			`ccode = io.StringIO()`
			`k.emit_c_public(ccode)`
			`self.assertIn("rsa_pub_key", ccode.getvalue())`
			`self.assertIn("rsa_pub_key_len", ccode.getvalue())`

			`rustcode = io.StringIO()`
			`k.emit_rust_public(rustcode)`
			`self.assertIn("RSA_PUB_KEY", rustcode.getvalue())`

			`def test_emit_pub(self):`
			`"""Basic sanity check on the code emitters, from public key."""`
			`pubname = self.tname("public.pem")`
			`for key_size in RSA_KEY_SIZES:`
			`k = RSA.generate(key_size=key_size)`
			`k.export_public(pubname)`

			`k2 = load(pubname)`

			`ccode = io.StringIO()`
			`k2.emit_c_public(ccode)`
			`self.assertIn("rsa_pub_key", ccode.getvalue())`
			`self.assertIn("rsa_pub_key_len", ccode.getvalue())`

			`rustcode = io.StringIO()`
			`k2.emit_rust_public(rustcode)`
			`self.assertIn("RSA_PUB_KEY", rustcode.getvalue())`

			`def test_sig(self):`
			`for key_size in RSA_KEY_SIZES:`
			`k = RSA.generate(key_size=key_size)`
			`buf = b'This is the message'`
			`sig = k.sign(buf)`

			`# The code doesn't have any verification, so verify this`
			`# manually.`
			`k.key.public_key().verify(`
			`signature=sig,`
			`data=buf,`
			`padding=PSS(mgf=MGF1(SHA256()), salt_length=32),`
			`algorithm=SHA256())`

			`# Modify the message to make sure the signature fails.`
			`self.assertRaises(InvalidSignature,`
			`k.key.public_key().verify,`
			`signature=sig,`
			`data=b'This is thE message',`
			`padding=PSS(mgf=MGF1(SHA256()), salt_length=32),`
			`algorithm=SHA256())`


			`if __name__ == '__main__':`
			`unittest.main()`