Partial verification secondary

demo/demo_primary.py

@@ -494,7 +494,7 @@ def get_metadata_for_ecu(ecu_serial, force_partial_verification=False):
   fname = None
 
   if force_partial_verification:
-    fname = primary_ecu.get_partial_metadata_fname()
+    fname = primary_ecu.get_partial_metadata_archive_fname()
 
   else:
     # Note that in Python 2.7.4 and later, unzipping should prevent files from

demo/demo_secondary.py

@@ -63,6 +63,7 @@
 _ecu_serial = 'TCUdemocar'
 _primary_host = demo.PRIMARY_SERVER_HOST
 _primary_port = demo.PRIMARY_SERVER_DEFAULT_PORT
+_partial_verifying = False
 firmware_filename = 'secondary_firmware.txt'
 current_firmware_fileinfo = {}
 secondary_ecu = None
@@ -79,7 +80,8 @@ def clean_slate(
     vin=_vin,
     ecu_serial=_ecu_serial,
     primary_host=None,
-    primary_port=None):
+    primary_port=None,
+    partial_verifying=_partial_verifying):
   """
   """
 
@@ -88,12 +90,14 @@ def clean_slate(
   global _ecu_serial
   global _primary_host
   global _primary_port
+  global _partial_verifying
   global nonce
   global CLIENT_DIRECTORY
   global attacks_detected
 
   _vin = vin
   _ecu_serial = ecu_serial
+  _partial_verifying = partial_verifying
 
   if primary_host is not None:
     _primary_host = primary_host
@@ -104,6 +108,12 @@ def clean_slate(
   CLIENT_DIRECTORY = os.path.join(
       uptane.WORKING_DIR, CLIENT_DIRECTORY_PREFIX + demo.get_random_string(5))
 
+  # If secondary is partial verification then it would need director public key
+  if _partial_verifying:
+    key_director_pub = demo.import_public_key('director')
+  else:
+    key_director_pub = None
+
   # Load the public timeserver key.
   key_timeserver_pub = demo.import_public_key('timeserver')
 
@@ -154,7 +164,9 @@ def clean_slate(
       ecu_key=ecu_key,
       time=clock,
       firmware_fileinfo=factory_firmware_fileinfo,
-      timeserver_public_key=key_timeserver_pub)
+      timeserver_public_key=key_timeserver_pub,
+      director_public_key=key_director_pub,
+      partial_verifying=_partial_verifying)
 
 
 
@@ -302,7 +314,8 @@ def update_cycle():
 
   # Download the metadata from the Primary in the form of an archive. This
   # returns the binary data that we need to write to file.
-  metadata_archive = pserver.get_metadata(secondary_ecu.ecu_serial)
+  metadata_from_primary = pserver.get_metadata(
+      secondary_ecu.ecu_serial, secondary_ecu.partial_verifying)
 
   # Verify the time attestation and internalize the time (if verified, the time
   # will be used in place of system time to perform future metadata expiration
@@ -326,7 +339,7 @@ def update_cycle():
       secondary_ecu.full_client_dir, 'metadata_archive.zip')
 
   with open(archive_fname, 'wb') as fobj:
-    fobj.write(metadata_archive.data)
+    fobj.write(metadata_from_primary.data)
 
   # Now tell the Secondary reference implementation code where the archive file
   # is and let it expand and validate the metadata.

samples/metadata_samples_long_expiry/initial_w_no_update/full_metadata_archive/director/metadata/root.json

@@ -3,7 +3,7 @@
   {
    "keyid": "fdba7eaa358fa5a8113a789f60c4a6ce29c4478d8d8eff3e27d1d77416696ab2",
    "method": "ed25519",
-   "sig": "e9855e5171934d56a78033cead3dc217d6df3730f9c668742346a4e66f0d1141fe7283a21964e0c35163e76b6103e36a04d44f1b0799fe34af45c65f32f38b09"
+   "sig": "1749f961bda975ef8db96b56b8b61465ef36fbbb45ce9c92248303851e36c21bd28d1cadfff9a12a0b1d87c3ea9294736d976a5a00b83167bc99c6b2a3a8860d"
   }
  ],
  "signed": {
@@ -12,7 +12,7 @@
    "gz"
   ],
   "consistent_snapshot": false,
-  "expires": "2037-09-28T12:46:29Z",
+  "expires": "2038-01-18T03:14:15Z",
   "keys": {
    "630cf584f392430b2119a4395e39624e86f5e5c5374507a789be5cf35bf090d6": {
     "keyid_hash_algorithms": [

samples/metadata_samples_long_expiry/initial_w_no_update/full_metadata_archive/director/metadata/snapshot.der

@@ -1,4 +1,3 @@
-0�֠f�
�{'��

�X�V�

�0�targets.der�

�=�root.der�

�w�

�'0%
-

 k����8��}
-"��Lc~r�I9�A���9�

�i0g �<��=3_�6T�`Gࡍ�Y^��Sk���Vx��
-

@��*��E�d�5[���{��%����UYQ���)�'gH��\ǃL8�	
��s�|jz&�j���
+0�֠f�
�����

�X�V�

�0�targets.der�

�=�root.der�

�w�

�'0%
+

 �������;_�k.c_f?��l½j�8�

�i0g �<��=3_�6T�`Gࡍ�Y^��Sk���Vx��
+

@~�`��)vzo�B���8���7�ob��l��������"x/�9��5p���p�(���

samples/metadata_samples_long_expiry/initial_w_no_update/full_metadata_archive/director/metadata/snapshot.json

@@ -3,16 +3,16 @@
   {
    "keyid": "f93cfcf33d335ff43654ec6047e0a18dd5595ee3de53136b94c9c756788a0f97",
    "method": "ed25519",
-   "sig": "7606de7a3cb4d899755d8fe085f8834a356ca81b65814e89aa5062faa78360ff12b9977825fa9e14baf3daf63c4da2c354ec0fe233a98d3aac63d5758caab60e"
+   "sig": "dbf828452d952b1423b6797bceb6f1eea0f049cf3da73f42af85c032b3a4b3265d9eb164616ea94afe8bcf0d2c972a0abdf11a7a0a0107711bbf47eb9df7ff04"
   }
  ],
  "signed": {
   "_type": "Snapshot",
-  "expires": "2037-09-28T12:46:29Z",
+  "expires": "2038-01-18T03:14:15Z",
   "meta": {
    "root.json": {
     "hashes": {
-     "sha256": "2a6db46564a0fbc905bf7a36eddc172f1ce3a52871f18f2594e5160b2321e62d"
+     "sha256": "983203b28c67ea490db40bc82801aa771c9522ccbbc33bcf3239e37eef95523d"
     },
     "length": 2120,
     "version": 1

samples/metadata_samples_long_expiry/initial_w_no_update/full_metadata_archive/director/metadata/targets.json

@@ -3,7 +3,7 @@
   {
    "keyid": "630cf584f392430b2119a4395e39624e86f5e5c5374507a789be5cf35bf090d6",
    "method": "ed25519",
-   "sig": "263a6d873455bac478366d92edc04cac55cc0e545b5f4249cf696254263d58de6a225446ce96725bccb83ffdaab548fcd89cb790020039ef336fb422364c1800"
+   "sig": "df56f77ffad98db3152a9c27fda8220a60373174fb5b5173039bf5eb9d2a7fb23926f37d0b41f67c72a29ad20d3c908db327982c59852e986d270a3336432a03"
   }
  ],
  "signed": {
@@ -12,7 +12,7 @@
    "keys": {},
    "roles": []
   },
-  "expires": "2037-09-28T12:46:29Z",
+  "expires": "2038-01-18T03:14:15Z",
   "targets": {},
   "version": 1
  }

samples/metadata_samples_long_expiry/initial_w_no_update/full_metadata_archive/director/metadata/timestamp.json

@@ -3,16 +3,16 @@
   {
    "keyid": "da9c65c96c5c4072f6984f7aa81216d776aca6664d49cb4dfafbc7119320d9cc",
    "method": "ed25519",
-   "sig": "3500dd4af7002c2a7d36c1a4b546b87979805a5c31f6038b39ca19d5d61868b5d3cc8c96c93eb44c3ed862859f45739e926626b73b7beb2d37ceeb83b32c8b0c"
+   "sig": "4d29caea1f135790c99f5112c89833c363e23a72f082dee707bf9723a9c45bda47f8bfd8711a646139e16d892c9a0ea99b86c85f021ce9db28ee70ae3d5c6e07"
   }
  ],
  "signed": {
   "_type": "Timestamp",
-  "expires": "2037-09-28T12:46:29Z",
+  "expires": "2038-01-18T03:14:15Z",
   "meta": {
    "snapshot.json": {
     "hashes": {
-     "sha256": "114817f21566942dbcdafe97e3d1aca1660db86d8920a872c65b76d9890409de"
+     "sha256": "9d98d3a1a89a277eb23fb3237709318fbea54249c539dbf5b53eb8318c75847a"
     },
     "length": 594,
     "version": 1

samples/metadata_samples_long_expiry/initial_w_no_update/full_metadata_archive/imagerepo/metadata/root.json

@@ -3,7 +3,7 @@
   {
    "keyid": "94c836f0c45168f0a437eef0e487b910f58db4d462ae457b5730a4487130f290",
    "method": "ed25519",
-   "sig": "bdbbbfa6b75e98bbc5f04549f1b181e39cc7c8ad8bd86a41c061825e01ed5d2cf1a294cb45f7441cb15fe0302264a98c7813af699c12ba25ccee08878436c20b"
+   "sig": "f08d8dfe263e55facaaa16eda78a8e51fbbaa2e36ae47b93a8103ca0982dc3deb988f7a1aee5c805a322232b01299c5919b3f8cb6bf04cca7a68e9ac3903d309"
   }
  ],
  "signed": {
@@ -12,7 +12,7 @@
    "gz"
   ],
   "consistent_snapshot": false,
-  "expires": "2037-09-28T12:46:18Z",
+  "expires": "2038-01-18T03:14:07Z",
   "keys": {
    "6fcd9a928358ad8ca7e946325f57ec71d50cb5977a8d02c5ab0de6765fef040a": {
     "keyid_hash_algorithms": [

samples/metadata_samples_long_expiry/initial_w_no_update/full_metadata_archive/imagerepo/metadata/snapshot.json

@@ -3,16 +3,16 @@
   {
    "keyid": "aaf05f8d054f8068bf6cb46beed7c824e2560802df462fc8681677586582ca99",
    "method": "ed25519",
-   "sig": "8cb2bff8f52a5aed8979a9c1ebfa047fb4ee58b63830037593bd240ceaafbae274c80c9d59aa3b6fba2bdd6de3c535e3230de2a51509042ca2f7d61523065709"
+   "sig": "5259eabac762bf61e0edce451f0645861ee79f3d6654d03c484badbff95e6c216daf82cc9a9a6285540a1126486fc5f3cf6a35985b7dc62ec32e4f2ab882d600"
   }
  ],
  "signed": {
   "_type": "Snapshot",
-  "expires": "2037-09-28T12:46:18Z",
+  "expires": "2038-01-18T03:14:07Z",
   "meta": {
    "root.json": {
     "hashes": {
-     "sha256": "69385580f90dcd47d7d309070f65515188d392b41416d1efeb330978b77e4a96"
+     "sha256": "46f623b52e1e0d17bef556175227c90ea0d79c3f4e33957294fe5b1fdbddae76"
     },
     "length": 2120,
     "version": 1

samples/metadata_samples_long_expiry/initial_w_no_update/full_metadata_archive/imagerepo/metadata/targets.json

@@ -3,7 +3,7 @@
   {
    "keyid": "c24b457b2ca4b3c2f415efdbbebb914a0d05c5345b9889bda044362589d6f596",
    "method": "ed25519",
-   "sig": "aa5c4bd41dbb8bcf5fdc6fd44ec6b42998488fb1849cc9634e58e514dc5f00f7a59e75216db325f07bfdaba72558a9a4dcfe694f76c8e9af2980477a2893b208"
+   "sig": "6c300b24ffb94f9d1d3465e3e9a877a359c5e5316e3edfd86154eeee08503e111fa23c8b7ca8af2af74747e701272999e61b4930b98a15a41e4a6d20e781490f"
   }
  ],
  "signed": {
@@ -12,7 +12,7 @@
    "keys": {},
    "roles": []
   },
-  "expires": "2037-09-28T12:46:18Z",
+  "expires": "2038-01-18T03:14:07Z",
   "targets": {
    "/BCU1.0.txt": {
     "hashes": {

samples/metadata_samples_long_expiry/initial_w_no_update/full_metadata_archive/imagerepo/metadata/timestamp.json

@@ -3,16 +3,16 @@
   {
    "keyid": "6fcd9a928358ad8ca7e946325f57ec71d50cb5977a8d02c5ab0de6765fef040a",
    "method": "ed25519",
-   "sig": "8aa14b371d10f81a5f4232967d682ef254f5a92221b5cd224811e053d5a8bd99cc1298984c284580684a958eec2f40a6eaf0d8756bd950e5b3714736befda805"
+   "sig": "0c2a95485dca56dadf4be8f8f015de79d92e015427c79a5ff134df63f6a81b19abd2bec2fd85840a7624c2409faaf694cbec2467d9012a42660e223000eb540d"
   }
  ],
  "signed": {
   "_type": "Timestamp",
-  "expires": "2037-09-28T12:46:18Z",
+  "expires": "2038-01-18T03:14:07Z",
   "meta": {
    "snapshot.json": {
     "hashes": {
-     "sha256": "d37a3f9b41bd7ad4c87bc978f0341cbeb081bdee0891f087f33d34963c565e16"
+     "sha256": "d637c37e4417c7649b275403eacf3bf2c0db913bc72ac2847e55968d07ea0716"
     },
     "length": 594,
     "version": 1

samples/metadata_samples_long_expiry/initial_w_no_update/director_targets.json → samples/metadata_samples_long_expiry/initial_w_no_update/partial_metadata_archive/director/metadata/targets.json

@@ -3,7 +3,7 @@
   {
    "keyid": "630cf584f392430b2119a4395e39624e86f5e5c5374507a789be5cf35bf090d6",
    "method": "ed25519",
-   "sig": "263a6d873455bac478366d92edc04cac55cc0e545b5f4249cf696254263d58de6a225446ce96725bccb83ffdaab548fcd89cb790020039ef336fb422364c1800"
+   "sig": "df56f77ffad98db3152a9c27fda8220a60373174fb5b5173039bf5eb9d2a7fb23926f37d0b41f67c72a29ad20d3c908db327982c59852e986d270a3336432a03"
   }
  ],
  "signed": {
@@ -12,7 +12,7 @@
    "keys": {},
    "roles": []
   },
-  "expires": "2037-09-28T12:46:29Z",
+  "expires": "2038-01-18T03:14:15Z",
   "targets": {},
   "version": 1
  }

samples/metadata_samples_long_expiry/update_to_one_ecu/full_metadata_archive/director/metadata/root.json

@@ -3,7 +3,7 @@
   {
    "keyid": "fdba7eaa358fa5a8113a789f60c4a6ce29c4478d8d8eff3e27d1d77416696ab2",
    "method": "ed25519",
-   "sig": "e9855e5171934d56a78033cead3dc217d6df3730f9c668742346a4e66f0d1141fe7283a21964e0c35163e76b6103e36a04d44f1b0799fe34af45c65f32f38b09"
+   "sig": "1749f961bda975ef8db96b56b8b61465ef36fbbb45ce9c92248303851e36c21bd28d1cadfff9a12a0b1d87c3ea9294736d976a5a00b83167bc99c6b2a3a8860d"
   }
  ],
  "signed": {
@@ -12,7 +12,7 @@
    "gz"
   ],
   "consistent_snapshot": false,
-  "expires": "2037-09-28T12:46:29Z",
+  "expires": "2038-01-18T03:14:15Z",
   "keys": {
    "630cf584f392430b2119a4395e39624e86f5e5c5374507a789be5cf35bf090d6": {
     "keyid_hash_algorithms": [

samples/metadata_samples_long_expiry/update_to_one_ecu/full_metadata_archive/director/metadata/snapshot.json

@@ -3,16 +3,16 @@
   {
    "keyid": "f93cfcf33d335ff43654ec6047e0a18dd5595ee3de53136b94c9c756788a0f97",
    "method": "ed25519",
-   "sig": "701d882716b54c0953d6811e0d4e5cfe788d75f4d0c425af9b2ec9bd8e3abec3f2ac707575680601a1b983b11aa290ec7add7070734a6a05b2a1117a9a31320c"
+   "sig": "df224bc6165f35638d37cbd207d613660abf62abfa9c6d90b59f8989ad26e1f1661118863589ecaa29a3b36bff090c3dfec05106cb906c5ff7c08303ea66bc06"
   }
  ],
  "signed": {
   "_type": "Snapshot",
-  "expires": "2037-09-28T12:46:29Z",
+  "expires": "2038-01-18T03:14:15Z",
   "meta": {
    "root.json": {
     "hashes": {
-     "sha256": "2a6db46564a0fbc905bf7a36eddc172f1ce3a52871f18f2594e5160b2321e62d"
+     "sha256": "983203b28c67ea490db40bc82801aa771c9522ccbbc33bcf3239e37eef95523d"
     },
     "length": 2120,
     "version": 1

samples/metadata_samples_long_expiry/update_to_one_ecu/full_metadata_archive/director/metadata/targets.json

@@ -3,7 +3,7 @@
   {
    "keyid": "630cf584f392430b2119a4395e39624e86f5e5c5374507a789be5cf35bf090d6",
    "method": "ed25519",
-   "sig": "e97a2e9d819555cc2c8af799cb2020857a0217ca5246d3365e3d881d9f53aa94ded9ef6c64caa8b606728b52451555c3a79500c266163b9a66933bde7012c302"
+   "sig": "f8ed79a8d122eb1eaf1132c980989480c36a4393ed1e6d63fcfa27623b996d395bc1db150692dd339a003a7338bdafacdae03204ebaeb9d64c10bb050715e003"
   }
  ],
  "signed": {
@@ -12,8 +12,18 @@
    "keys": {},
    "roles": []
   },
-  "expires": "2037-09-28T12:46:29Z",
+  "expires": "2038-01-18T03:14:15Z",
   "targets": {
+   "/BCU1.1.txt": {
+    "custom": {
+     "ecu_serial": "BCUdemocar"
+    },
+    "hashes": {
+     "sha256": "1eb6fa5c6bb606c5326d6ef0ff05f5fcefde4e50c7daea530978090778b38bf4",
+     "sha512": "9727058c2ba828fdd2fc5ae02f52c10e47404283f92df3539989e2ada3cf7e85a9772faed1bd0bad3fc2bd8f6e5d15b976b8e832dd46874be72b994bc57a62a0"
+    },
+    "length": 18
+   },
    "/TCU1.1.txt": {
     "custom": {
      "ecu_serial": "TCUdemocar"

samples/metadata_samples_long_expiry/update_to_one_ecu/full_metadata_archive/director/metadata/timestamp.json

@@ -3,16 +3,16 @@
   {
    "keyid": "da9c65c96c5c4072f6984f7aa81216d776aca6664d49cb4dfafbc7119320d9cc",
    "method": "ed25519",
-   "sig": "2e170caedf043a5df86f731d6b60eed84766ee66a9cb6a3ea42423a7a8d64dfedf1dec0c7fc1b56cd6479bfcc57c6f5861ded88446aaebb9f88b016020dd2603"
+   "sig": "19ecc7d5ae73238e91bc15577837d678d845f3a9efb0f23f908d600f6aa870198a391494f2440b15c9b460eed6ded0e30eaf4ffa8b8ae0eb52da594deb46b008"
   }
  ],
  "signed": {
   "_type": "Timestamp",
-  "expires": "2037-09-28T12:46:29Z",
+  "expires": "2038-01-18T03:14:15Z",
   "meta": {
    "snapshot.json": {
     "hashes": {
-     "sha256": "d6a27db7727136afedc07d1e34bb078a6436c6779fa13d324942f135e04d0710"
+     "sha256": "36020d21bbdaa8581156a333541367100c2409c48f35e018888c4fd5c9b1f9d7"
     },
     "length": 594,
     "version": 2

samples/metadata_samples_long_expiry/update_to_one_ecu/full_metadata_archive/imagerepo/metadata/root.json

@@ -3,7 +3,7 @@
   {
    "keyid": "94c836f0c45168f0a437eef0e487b910f58db4d462ae457b5730a4487130f290",
    "method": "ed25519",
-   "sig": "bdbbbfa6b75e98bbc5f04549f1b181e39cc7c8ad8bd86a41c061825e01ed5d2cf1a294cb45f7441cb15fe0302264a98c7813af699c12ba25ccee08878436c20b"
+   "sig": "f08d8dfe263e55facaaa16eda78a8e51fbbaa2e36ae47b93a8103ca0982dc3deb988f7a1aee5c805a322232b01299c5919b3f8cb6bf04cca7a68e9ac3903d309"
   }
  ],
  "signed": {
@@ -12,7 +12,7 @@
    "gz"
   ],
   "consistent_snapshot": false,
-  "expires": "2037-09-28T12:46:18Z",
+  "expires": "2038-01-18T03:14:07Z",
   "keys": {
    "6fcd9a928358ad8ca7e946325f57ec71d50cb5977a8d02c5ab0de6765fef040a": {
     "keyid_hash_algorithms": [

samples/metadata_samples_long_expiry/update_to_one_ecu/full_metadata_archive/imagerepo/metadata/snapshot.json

@@ -3,16 +3,16 @@
   {
    "keyid": "aaf05f8d054f8068bf6cb46beed7c824e2560802df462fc8681677586582ca99",
    "method": "ed25519",
-   "sig": "8cb2bff8f52a5aed8979a9c1ebfa047fb4ee58b63830037593bd240ceaafbae274c80c9d59aa3b6fba2bdd6de3c535e3230de2a51509042ca2f7d61523065709"
+   "sig": "5259eabac762bf61e0edce451f0645861ee79f3d6654d03c484badbff95e6c216daf82cc9a9a6285540a1126486fc5f3cf6a35985b7dc62ec32e4f2ab882d600"
   }
  ],
  "signed": {
   "_type": "Snapshot",
-  "expires": "2037-09-28T12:46:18Z",
+  "expires": "2038-01-18T03:14:07Z",
   "meta": {
    "root.json": {
     "hashes": {
-     "sha256": "69385580f90dcd47d7d309070f65515188d392b41416d1efeb330978b77e4a96"
+     "sha256": "46f623b52e1e0d17bef556175227c90ea0d79c3f4e33957294fe5b1fdbddae76"
     },
     "length": 2120,
     "version": 1