Extend tests for signing commands.

NCSDK-31355 Signed-off-by: Artur Hadasz <[email protected]>
nrfconnect · Feb 7, 2025 · bcb0a45 · bcb0a45
1 parent 2e22c17
commit bcb0a45
Show file tree

Hide file tree

Showing 6 changed files with 598 additions and 24 deletions.
diff --git a/ncs/sign_script.py b/ncs/sign_script.py
@@ -36,7 +36,7 @@ class SuitCoseSignAlgorithms(Enum):
     COSE_ALG_ES_384 = -35
     COSE_ALG_ES_521 = -36
     COSE_ALG_EdDSA = -8
-    COSE_ALG_VS_HashedEdDSA = -65537
+    COSE_ALG_VS_HashEdDSA = -65537
 
 
 class SuitIds(Enum):

diff --git a/suit_generator/suit_sign_script_base.py b/suit_generator/suit_sign_script_base.py
@@ -19,7 +19,7 @@ class SuitSignAlgorithms(Enum):
     ES_384 = "es-384"
     ES_521 = "es-521"
     EdDSA = "eddsa"
-    VS_HashedEdDSA = "hash-eddsa"
+    VS_HashEdDSA = "hash-eddsa"
 
     def __str__(self):
         return self.value

diff --git a/tests/kms_script_mock.py b/tests/kms_script_mock.py
@@ -0,0 +1,61 @@
+#
+# Copyright (c) 2025 Nordic Semiconductor ASA
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+"""Script mocking the KMS script."""
+from __future__ import annotations
+
+from suit_generator.suit_kms_base import SuitKMSBase
+import json
+
+
+class SuitMockKMS(SuitKMSBase):
+    """Implementation mocking a KMS."""
+
+    def init_kms(self, context: str) -> None:
+        """
+        Initialize the KMS.
+
+        :param context: The context to be used - json string with keys {"output_file": "<path>", "ctx": "<ctx>"}
+
+        For signing mocking it also has to contain a "signature" key with the mocked signature to be returned.
+        For encryption mocking it also has to contain "iv", "encryption_key" and "encrypted_data" keys
+        with the mocked values to be returned.
+        All the data will be stored into the file pointed by the output_file key.
+
+        """
+        context_loaded = json.loads(context)
+        self.output_file = context_loaded["output_file"]
+        self.json_data = {"init_kms_ctx": context_loaded["ctx"]}
+
+    def encrypt(self, plaintext: bytes, key_name: str, context: str, aad: bytes) -> tuple[bytes, bytes, bytes]:
+        """Mock of the KMS script encrypt function."""
+        context_loaded = json.loads(context)
+        self.json_data["encrypt_plaintext"] = plaintext.decode()
+        self.json_data["encrypt_key_name"] = key_name
+        self.json_data["encrypt_context"] = context_loaded["ctx"]
+        self.json_data["encrypt_aad"] = aad.decode()
+        with open(self.output_file, "w") as f:
+            json.dump(self.json_data, f)
+        return (
+            context_loaded["iv"].encode(),
+            context_loaded["encryption_key"].encode(),
+            context_loaded["encrypted_data"].encode(),
+        )
+
+    def sign(self, data: bytes, key_name: str, algorithm: str, context: str) -> bytes:
+        """Mock of the KMS script sign function."""
+        context_loaded = json.loads(context)
+        self.json_data["sign_data"] = data.hex()
+        self.json_data["sign_key_name"] = key_name
+        self.json_data["sign_algorithm"] = algorithm
+        self.json_data["sign_context"] = context_loaded["ctx"]
+        with open(self.output_file, "w") as f:
+            json.dump(self.json_data, f)
+        return context_loaded["signature"].encode()
+
+
+def suit_kms_factory():
+    """Get a KMS object."""
+    return SuitMockKMS()
diff --git a/tests/sign_script_mock.py b/tests/sign_script_mock.py
@@ -0,0 +1,65 @@
+#
+# Copyright (c) 2025 Nordic Semiconductor ASA
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+"""Script mocking the Sign script."""
+from __future__ import annotations
+from suit_generator.suit_sign_script_base import (
+    SuitEnvelopeSignerBase,
+    SignatureAlreadyPresentActions,
+    SuitSignAlgorithms,
+)
+import cbor2
+import json
+from pathlib import Path
+from enum import Enum
+
+
+class SuitIds(Enum):
+    """Suit elements identifiers."""
+
+    SUIT_AUTHENTICATION_WRAPPER = 2
+
+
+class SignerMock(SuitEnvelopeSignerBase):
+    """Signer mock implementation."""
+
+    def mock_add_signature(self, mocked_signature: bytes) -> None:
+        """Add signature object to the envelope."""
+        data = [cbor2.dumps({}), {}, None, mocked_signature]
+        new_auth = cbor2.CBORTag(18, data)
+        auth_block = cbor2.loads(self.envelope.value[SuitIds.SUIT_AUTHENTICATION_WRAPPER.value])
+        auth_block.append(cbor2.dumps(new_auth))
+        self.envelope.value[SuitIds.SUIT_AUTHENTICATION_WRAPPER.value] = cbor2.dumps(auth_block)
+
+    def sign_envelope(
+        self,
+        input_envelope: cbor2.CBORTag,
+        key_name: str,
+        key_id: int,
+        algorithm: SuitSignAlgorithms,
+        context: str,
+        kms_script: Path,
+        already_signed_action: SignatureAlreadyPresentActions,
+    ) -> cbor2.CBORTag:
+        """Mock adding signature to the envelope."""
+        context_loaded = json.loads(context)
+        self.output_file = f"test_output_{key_name}.json"
+        self.json_data = {"key_name": key_name}
+        self.json_data["key_id"] = key_id
+        self.json_data["algorithm"] = algorithm.value
+        self.json_data["context"] = context_loaded["ctx"]
+        self.json_data["kms_script"] = kms_script
+        self.json_data["already_signed_action"] = already_signed_action.value
+        with open(self.output_file, "w") as f:
+            json.dump(self.json_data, f)
+
+        self.envelope = input_envelope
+        self.mock_add_signature(context_loaded["signature"].encode())
+        return self.envelope
+
+
+def suit_signer_factory():
+    """Get a Signer object."""
+    return SignerMock()