def sign(key, align, version, header_size, pad_header, slot_size, pad, max_sectors, overwrite_only, endian, encrypt, infile, outfile, dependencies, load_addr, hex_addr, erased_val, save_enctlv, security_counter): img = image.Image(version=decode_version(version), header_size=header_size, pad_header=pad_header, pad=pad, align=int(align), slot_size=slot_size, max_sectors=max_sectors, overwrite_only=overwrite_only, endian=endian, load_addr=load_addr, erased_val=erased_val, save_enctlv=save_enctlv, security_counter=security_counter) img.load(infile) key = load_key(key) if key else None enckey = load_key(encrypt) if encrypt else None if enckey and key: if ((isinstance(key, keys.ECDSA256P1) and not isinstance(enckey, keys.ECDSA256P1Public)) or (isinstance(key, keys.RSA) and not isinstance(enckey, keys.RSAPublic))): # FIXME raise click.UsageError("Signing and encryption must use the same " "type of key") img.create(key, enckey, dependencies) img.save(outfile, hex_addr)
def create(image_offset, align, slot_address, version, slot_size, endian, signkey, encrkey, test_image, infile, outfile): signkey = load_key(signkey) if signkey is not None: encrkey = load_key(encrkey) if encrkey else None img = image.Image(image_offset=image_offset, slot_size=slot_size, align=int(align), slot_address=slot_address, version=decode_version(version), endian=endian) img.load(infile) img.create(signkey, encrkey) img.save(outfile) if test_image is not None: print("const unsigned char {}[{}] = {{".format( test_image, len(img.payload)), end='') for count, b in enumerate(img.payload): if count % 8 == 0: print("\n" + "\t", end='') else: print(" ", end='') print("0x{:02x},".format(b), end='') print("\n};") else: print("Wrong signkey provided")
def sign(key, public_key_format, align, version, pad_sig, header_size, pad_header, slot_size, pad, confirm, max_sectors, overwrite_only, endian, encrypt, infile, outfile, dependencies, load_addr, hex_addr, erased_val, save_enctlv, security_counter, boot_record, custom_tlv): if confirm: # Confirmed but non-padded images don't make much sense, because # otherwise there's no trailer area for writing the confirmed status. pad = True img = image.Image(version=decode_version(version), header_size=header_size, pad_header=pad_header, pad=pad, confirm=confirm, align=int(align), slot_size=slot_size, max_sectors=max_sectors, overwrite_only=overwrite_only, endian=endian, load_addr=load_addr, erased_val=erased_val, save_enctlv=save_enctlv, security_counter=security_counter) img.load(infile) key = load_key(key) if key else None enckey = load_key(encrypt) if encrypt else None if enckey and key: if ((isinstance(key, keys.ECDSA256P1) and not isinstance(enckey, keys.ECDSA256P1Public)) or (isinstance(key, keys.RSA) and not isinstance(enckey, keys.RSAPublic))): # FIXME raise click.UsageError("Signing and encryption must use the same " "type of key") if pad_sig and hasattr(key, 'pad_sig'): key.pad_sig = True # Get list of custom protected TLVs from the command-line custom_tlvs = {} for tlv in custom_tlv: tag = int(tlv[0], 0) if tag in custom_tlvs: raise click.UsageError('Custom TLV %s already exists.' % hex(tag)) if tag in image.TLV_VALUES.values(): raise click.UsageError( 'Custom TLV %s conflicts with predefined TLV.' % hex(tag)) value = tlv[1] if value.startswith('0x'): if len(value[2:]) % 2: raise click.UsageError('Custom TLV length is odd.') custom_tlvs[tag] = bytes.fromhex(value[2:]) else: custom_tlvs[tag] = value.encode('utf-8') img.create(key, public_key_format, enckey, dependencies, boot_record, custom_tlvs) img.save(outfile, hex_addr)
def sign(key, align, version, header_size, pad_header, slot_size, pad, max_sectors, overwrite_only, endian, encrypt, infile, outfile): img = image.Image(version=decode_version(version), header_size=header_size, pad_header=pad_header, pad=pad, align=int(align), slot_size=slot_size, max_sectors=max_sectors, overwrite_only=overwrite_only, endian=endian) img.load(infile) key = load_key(key) if key else None enckey = load_key(encrypt) if encrypt else None if enckey: if not isinstance(enckey, (keys.RSA2048, keys.RSA2048Public)): raise Exception("Encryption only available with RSA key") if key and not isinstance(key, keys.RSA2048): raise Exception("Signing only available with private RSA key") img.create(key, enckey) img.save(outfile)