run_test_vectors.sh: extract Merkle tree 3 pubkey from Merkle tree

The Public Keys given for Merkle 3 in the test vectors are wrong
(they don't correspond to the Merkle tree or to the test vectors
where they are used). The pubkey in the Merkle tree XML file is
correct, so we extract the key from there to run the test vectors
that need this key.

utils/extract_merkle_tree_key.py

@@ -0,0 +1,26 @@
+#!/usr/bin/env python3
+
+import argparse
+import sys
+import xml.etree.ElementTree as ET
+
+
+def parse_args():
+    parser = argparse.ArgumentParser(
+        prog='extract_merkle_tree_key.py',
+        description=('Extracts the ECDSA public key from '
+                     'an XML file for a Merkle tree'))
+    parser.add_argument('input_file')
+    return parser.parse_args()
+
+
+def main():
+    args = parse_args()
+    tree = ET.parse(args.input_file)
+    root = tree.getroot()
+    pk = root.find('body').find('MerkleTree').find('PublicKey')
+    print(pk.find('point').text)
+
+
+if __name__ == '__main__':
+    main()

utils/run_test_vectors.sh

@@ -25,6 +25,8 @@ CONVERT=$GALILEO_OSNMA_DIR/osnma-test-vectors-to-galmon/target/release/osnma-tes
 GALMON_OSNMA=$GALILEO_OSNMA_DIR/galmon-osnma/target/release/galmon-osnma
 GET_MERKLE=$GALILEO_OSNMA_DIR/utils/extract_merkle_tree_root.py
 GET_PUBKEY=$GALILEO_OSNMA_DIR/utils/extract_public_key.py
+GET_PUBKEY_FROM_MERKLE=$GALILEO_OSNMA_DIR/utils/extract_merkle_tree_key.py
+SEC1_TO_PEM=$GALILEO_OSNMA_DIR/utils/sec1_to_pem.py
 
 PUBKEY=/tmp/pubkey.pem
 
@@ -194,9 +196,12 @@ $CONVERT "${TEST_VECTOR_DIR}/osnma_test_vectors/nmt_step3/07_OCT_2023_GST_14_45_
 
 echo "Test vector: New Merkle Tree (step 2 only, starting with Merkle tree 3 and PKID 1)"
 
-openssl x509 \
-        -in "${TEST_VECTOR_DIR}/cryptographic_material/Merkle_tree_3/PublicKey/OSNMA_PublicKey_20231008111500_PKID_1.crt" \
-        -noout -pubkey > $PUBKEY
+# The PublicKey files for Merkle_tree_3 are wrong (they don't match the public key in the
+# Merkle tree XML file, nor the pubkey used in the OSNMA test vectors).
+#
+# We load the pubkey from the Merkle tree instead
+
+$SEC1_TO_PEM $($GET_PUBKEY_FROM_MERKLE ${TEST_VECTOR_DIR}/cryptographic_material/Merkle_tree_3/MerkleTree/OSNMA_MerkleTree_20231007201500_PKID_1.xml) > $PUBKEY
 PKID=1
 MERKLE="$($GET_MERKLE ${TEST_VECTOR_DIR}/cryptographic_material/Merkle_tree_3/MerkleTree/OSNMA_MerkleTree_20231007201500_PKID_1.xml)"
 

utils/sec1_to_pem.py

@@ -0,0 +1,27 @@
+#!/usr/bin/env python3
+
+import argparse
+import sys
+
+import ecdsa
+
+
+def parse_args():
+    parser = argparse.ArgumentParser(
+        prog='sec1_to_pem.py',
+        description='Converts a SEC1 encoded public key in hex to PEM format')
+    parser.add_argument('--curve', default='NIST256p')
+    parser.add_argument('sec1_hex')
+    return parser.parse_args()
+
+
+def main():
+    args = parse_args()
+    curve = getattr(ecdsa, args.curve)
+    sec1 = bytes.fromhex(args.sec1_hex)
+    vk = ecdsa.VerifyingKey.from_string(sec1, curve=curve)
+    print(str(vk.to_pem(), encoding='ascii'), end='')
+
+
+if __name__ == '__main__':
+    main()