mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-11-06 19:32:18 +01:00
102 lines
3.6 KiB
Diff
102 lines
3.6 KiB
Diff
From 18a1affce12b9efe9591ef4c1560d1ffaf839886 Mon Sep 17 00:00:00 2001
|
|
From: Michal Starecek <michal.starecek@nxp.com>
|
|
Date: Fri, 5 Apr 2024 12:55:38 +0200
|
|
Subject: [PATCH] Split key-hash for signature genearation into mandatory and
|
|
optional groups (#71)
|
|
|
|
---
|
|
tests/nxpcrypto/test_nxpcrypto.py | 70 +++++++++++++++++++++----------
|
|
1 file changed, 47 insertions(+), 23 deletions(-)
|
|
|
|
diff --git a/tests/nxpcrypto/test_nxpcrypto.py b/tests/nxpcrypto/test_nxpcrypto.py
|
|
index 8539641..b94c720 100644
|
|
--- a/tests/nxpcrypto/test_nxpcrypto.py
|
|
+++ b/tests/nxpcrypto/test_nxpcrypto.py
|
|
@@ -401,32 +401,13 @@ def get_key_path(data_dir: str, key_type: str):
|
|
return private, public
|
|
|
|
|
|
-@pytest.mark.parametrize(
|
|
- "key_type",
|
|
- ["secp256r1", "secp384r1", "secp521r1", "rsa2048", "rsa4096"],
|
|
-)
|
|
-@pytest.mark.parametrize(
|
|
- "algorithm",
|
|
- [
|
|
- None,
|
|
- EnumHashAlgorithm.SHA1,
|
|
- EnumHashAlgorithm.SHA256,
|
|
- EnumHashAlgorithm.SHA384,
|
|
- EnumHashAlgorithm.SHA512,
|
|
- EnumHashAlgorithm.MD5,
|
|
- ],
|
|
-)
|
|
-def test_nxpcrypto_create_signature_algorithm(
|
|
- cli_runner: CliRunner,
|
|
- data_dir: str,
|
|
- tmpdir,
|
|
- key_type: str,
|
|
- algorithm: Optional[EnumHashAlgorithm],
|
|
-):
|
|
+def run_signature(
|
|
+ cli_runner: CliRunner, data_dir: str, tmpdir: str, key_type: str, algorithm: EnumHashAlgorithm
|
|
+) -> None:
|
|
priv_key, pub_key = get_key_path(data_dir, key_type)
|
|
|
|
input_file = os.path.join(data_dir, "data_to_sign.bin")
|
|
- output_file = os.path.join(tmpdir, "signature.bin")
|
|
+ output_file = os.path.join(tmpdir, f"signature_{key_type}_{algorithm}.bin")
|
|
|
|
cmd = f"signature create -k {priv_key} -i {input_file} -o {output_file}"
|
|
if algorithm:
|
|
@@ -443,6 +424,49 @@ def test_nxpcrypto_create_signature_algorithm(
|
|
assert pub.verify_signature(signature, load_binary(input_file), **extra_params)
|
|
|
|
|
|
+@pytest.mark.parametrize(
|
|
+ "key_type, algorithms",
|
|
+ [
|
|
+ ("secp256r1", [None, EnumHashAlgorithm.SHA256]),
|
|
+ ("secp384r1", [None, EnumHashAlgorithm.SHA384]),
|
|
+ ("secp521r1", [None, EnumHashAlgorithm.SHA512]),
|
|
+ ("rsa2048", [None, EnumHashAlgorithm.SHA256]),
|
|
+ ("rsa4096", [None, EnumHashAlgorithm.SHA256]),
|
|
+ ],
|
|
+)
|
|
+def test_nxpcrypto_create_signature_algorithm_mandatory(
|
|
+ cli_runner: CliRunner,
|
|
+ data_dir: str,
|
|
+ tmpdir,
|
|
+ key_type: str,
|
|
+ algorithms: List[Optional[EnumHashAlgorithm]],
|
|
+):
|
|
+ for algorithm in algorithms:
|
|
+ run_signature(cli_runner, data_dir, tmpdir, key_type, algorithm)
|
|
+
|
|
+
|
|
+@pytest.mark.xfail(reason="Some Linux distributions allows only certain combinations of key-hash")
|
|
+@pytest.mark.parametrize(
|
|
+ "key_type, algorithms",
|
|
+ [
|
|
+ ("secp256r1", [EnumHashAlgorithm.SHA384, EnumHashAlgorithm.SHA512]),
|
|
+ ("secp384r1", [EnumHashAlgorithm.SHA256, EnumHashAlgorithm.SHA512]),
|
|
+ ("secp521r1", [EnumHashAlgorithm.SHA256, EnumHashAlgorithm.SHA384]),
|
|
+ ("rsa2048", [EnumHashAlgorithm.SHA384, EnumHashAlgorithm.SHA512]),
|
|
+ ("rsa4096", [EnumHashAlgorithm.SHA384, EnumHashAlgorithm.SHA512]),
|
|
+ ],
|
|
+)
|
|
+def test_nxpcrypto_create_signature_algorithm_optional(
|
|
+ cli_runner: CliRunner,
|
|
+ data_dir: str,
|
|
+ tmpdir,
|
|
+ key_type: str,
|
|
+ algorithms: List[Optional[EnumHashAlgorithm]],
|
|
+):
|
|
+ for algorithm in algorithms:
|
|
+ run_signature(cli_runner, data_dir, tmpdir, key_type, algorithm)
|
|
+
|
|
+
|
|
@pytest.mark.skipif(not IS_OSCCA_SUPPORTED, reason="OSCCA support is not installed")
|
|
def test_nxpcrypto_create_signature_algorithm_oscca(cli_runner: CliRunner, data_dir: str, tmpdir):
|
|
input_file = os.path.join(data_dir, "data_to_sign.bin")
|