def sign(key, align, version, header_size, pad_header, slot_size, pad,
max_sectors, overwrite_only, endian, encrypt, infile, outfile,
dependencies, load_addr, hex_addr, erased_val, save_enctlv,
security_counter):
img = image.Image(version=decode_version(version),
header_size=header_size,
pad_header=pad_header,
pad=pad,
align=int(align),
slot_size=slot_size,
max_sectors=max_sectors,
overwrite_only=overwrite_only,
endian=endian,
load_addr=load_addr,
erased_val=erased_val,
save_enctlv=save_enctlv,
security_counter=security_counter)
img.load(infile)
key = load_key(key) if key else None
enckey = load_key(encrypt) if encrypt else None
if enckey and key:
if ((isinstance(key, keys.ECDSA256P1)
and not isinstance(enckey, keys.ECDSA256P1Public))
or (isinstance(key, keys.RSA)
and not isinstance(enckey, keys.RSAPublic))):
# FIXME
raise click.UsageError("Signing and encryption must use the same "
"type of key")
img.create(key, enckey, dependencies)
img.save(outfile, hex_addr)
def create(image_offset, align, slot_address, version, slot_size, endian,
signkey, encrkey, test_image, infile, outfile):
signkey = load_key(signkey)
if signkey is not None:
encrkey = load_key(encrkey) if encrkey else None
img = image.Image(image_offset=image_offset,
slot_size=slot_size,
align=int(align),
slot_address=slot_address,
version=decode_version(version),
endian=endian)
img.load(infile)
img.create(signkey, encrkey)
img.save(outfile)
if test_image is not None:
print("const unsigned char {}[{}] = {{".format(
test_image, len(img.payload)),
end='')
for count, b in enumerate(img.payload):
if count % 8 == 0:
print("\n" + "\t", end='')
else:
print(" ", end='')
print("0x{:02x},".format(b), end='')
print("\n};")
else:
print("Wrong signkey provided")
def sign(key, public_key_format, align, version, pad_sig, header_size,
pad_header, slot_size, pad, confirm, max_sectors, overwrite_only,
endian, encrypt, infile, outfile, dependencies, load_addr, hex_addr,
erased_val, save_enctlv, security_counter, boot_record, custom_tlv):
if confirm:
# Confirmed but non-padded images don't make much sense, because
# otherwise there's no trailer area for writing the confirmed status.
pad = True
img = image.Image(version=decode_version(version),
header_size=header_size,
pad_header=pad_header,
pad=pad,
confirm=confirm,
align=int(align),
slot_size=slot_size,
max_sectors=max_sectors,
overwrite_only=overwrite_only,
endian=endian,
load_addr=load_addr,
erased_val=erased_val,
save_enctlv=save_enctlv,
security_counter=security_counter)
img.load(infile)
key = load_key(key) if key else None
enckey = load_key(encrypt) if encrypt else None
if enckey and key:
if ((isinstance(key, keys.ECDSA256P1)
and not isinstance(enckey, keys.ECDSA256P1Public))
or (isinstance(key, keys.RSA)
and not isinstance(enckey, keys.RSAPublic))):
# FIXME
raise click.UsageError("Signing and encryption must use the same "
"type of key")
if pad_sig and hasattr(key, 'pad_sig'):
key.pad_sig = True
# Get list of custom protected TLVs from the command-line
custom_tlvs = {}
for tlv in custom_tlv:
tag = int(tlv[0], 0)
if tag in custom_tlvs:
raise click.UsageError('Custom TLV %s already exists.' % hex(tag))
if tag in image.TLV_VALUES.values():
raise click.UsageError(
'Custom TLV %s conflicts with predefined TLV.' % hex(tag))
value = tlv[1]
if value.startswith('0x'):
if len(value[2:]) % 2:
raise click.UsageError('Custom TLV length is odd.')
custom_tlvs[tag] = bytes.fromhex(value[2:])
else:
custom_tlvs[tag] = value.encode('utf-8')
img.create(key, public_key_format, enckey, dependencies, boot_record,
custom_tlvs)
img.save(outfile, hex_addr)
def sign(key, align, version, header_size, pad_header, slot_size, pad,
max_sectors, overwrite_only, endian, encrypt, infile, outfile):
img = image.Image(version=decode_version(version), header_size=header_size,
pad_header=pad_header, pad=pad, align=int(align),
slot_size=slot_size, max_sectors=max_sectors,
overwrite_only=overwrite_only, endian=endian)
img.load(infile)
key = load_key(key) if key else None
enckey = load_key(encrypt) if encrypt else None
if enckey:
if not isinstance(enckey, (keys.RSA2048, keys.RSA2048Public)):
raise Exception("Encryption only available with RSA key")
if key and not isinstance(key, keys.RSA2048):
raise Exception("Signing only available with private RSA key")
img.create(key, enckey)
img.save(outfile)
