TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / a513b8e66875035ae2bfe7934caead852b410847 / . / scripts / imgtool / keys / ed25519_test.py
blob: 31f43fe9bc09f8c32a5a79ca96617ebafdf5c77a [file] [log] [blame]
Fabio Utzig8101d1f2019-05-09 15:03:22 -0300[diff] [blame]1"""
2Tests for ECDSA keys
3"""
4
Fabio Utzig9560d772020-04-02 13:44:30 -0300[diff] [blame]5import hashlib
Fabio Utzig8101d1f2019-05-09 15:03:22 -0300[diff] [blame]6import io
7import os.path
8import sys
9import tempfile
10import unittest
11
12from cryptography.exceptions import InvalidSignature
13from cryptography.hazmat.primitives.asymmetric import ed25519
14
15sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '../..')))
16
17from imgtool.keys import load, Ed25519, Ed25519UsageError
18
19
20class Ed25519KeyGeneration(unittest.TestCase):
21
22 def setUp(self):
23 self.test_dir = tempfile.TemporaryDirectory()
24
25 def tname(self, base):
26 return os.path.join(self.test_dir.name, base)
27
28 def tearDown(self):
29 self.test_dir.cleanup()
30
31 def test_keygen(self):
32 name1 = self.tname("keygen.pem")
33 k = Ed25519.generate()
34 k.export_private(name1, b'secret')
35
36 self.assertIsNone(load(name1))
37
38 k2 = load(name1, b'secret')
39
40 pubname = self.tname('keygen-pub.pem')
41 k2.export_public(pubname)
42 pk2 = load(pubname)
43
44 # We should be able to export the public key from the loaded
45 # public key, but not the private key.
46 pk2.export_public(self.tname('keygen-pub2.pem'))
47 self.assertRaises(Ed25519UsageError,
48 pk2.export_private, self.tname('keygen-priv2.pem'))
49
50 def test_emit(self):
51 """Basic sanity check on the code emitters."""
52 k = Ed25519.generate()
53
54 ccode = io.StringIO()
Fabio Utzig9560d772020-04-02 13:44:30 -0300[diff] [blame]55 k.emit_c_public(ccode)
Fabio Utzig8101d1f2019-05-09 15:03:22 -0300[diff] [blame]56 self.assertIn("ed25519_pub_key", ccode.getvalue())
57 self.assertIn("ed25519_pub_key_len", ccode.getvalue())
58
59 rustcode = io.StringIO()
Fabio Utzig9560d772020-04-02 13:44:30 -0300[diff] [blame]60 k.emit_rust_public(rustcode)
Fabio Utzig8101d1f2019-05-09 15:03:22 -0300[diff] [blame]61 self.assertIn("ED25519_PUB_KEY", rustcode.getvalue())
62
63 def test_emit_pub(self):
64 """Basic sanity check on the code emitters."""
65 pubname = self.tname("public.pem")
66 k = Ed25519.generate()
67 k.export_public(pubname)
68
69 k2 = load(pubname)
70
71 ccode = io.StringIO()
Fabio Utzig9560d772020-04-02 13:44:30 -0300[diff] [blame]72 k2.emit_c_public(ccode)
Fabio Utzig8101d1f2019-05-09 15:03:22 -0300[diff] [blame]73 self.assertIn("ed25519_pub_key", ccode.getvalue())
74 self.assertIn("ed25519_pub_key_len", ccode.getvalue())
75
76 rustcode = io.StringIO()
Fabio Utzig9560d772020-04-02 13:44:30 -0300[diff] [blame]77 k2.emit_rust_public(rustcode)
Fabio Utzig8101d1f2019-05-09 15:03:22 -0300[diff] [blame]78 self.assertIn("ED25519_PUB_KEY", rustcode.getvalue())
79
80 def test_sig(self):
81 k = Ed25519.generate()
82 buf = b'This is the message'
Fabio Utzig9560d772020-04-02 13:44:30 -0300[diff] [blame]83 sha = hashlib.sha256()
84 sha.update(buf)
85 digest = sha.digest()
86 sig = k.sign_digest(digest)
Fabio Utzig8101d1f2019-05-09 15:03:22 -0300[diff] [blame]87
88 # The code doesn't have any verification, so verify this
89 # manually.
Fabio Utzig9560d772020-04-02 13:44:30 -0300[diff] [blame]90 k.key.public_key().verify(signature=sig, data=digest)
Fabio Utzig8101d1f2019-05-09 15:03:22 -0300[diff] [blame]91
92 # Modify the message to make sure the signature fails.
Fabio Utzig9560d772020-04-02 13:44:30 -0300[diff] [blame]93 sha = hashlib.sha256()
94 sha.update(b'This is thE message')
95 new_digest = sha.digest()
Fabio Utzig8101d1f2019-05-09 15:03:22 -0300[diff] [blame]96 self.assertRaises(InvalidSignature,
97 k.key.public_key().verify,
98 signature=sig,
Fabio Utzig9560d772020-04-02 13:44:30 -0300[diff] [blame]99 data=new_digest)
Fabio Utzig8101d1f2019-05-09 15:03:22 -0300[diff] [blame]100
101
102if __name__ == '__main__':
103 unittest.main()