def get_dependencies(ctx, param, value): if value is not None: versions = [] images = re.findall(r"\((\d+)", value) if len(images) == 0: raise click.BadParameter( "Image dependency format is invalid: {}".format(value)) raw_versions = re.findall(r",\s*([0-9.+]+)\)", value) if len(images) != len(raw_versions): raise click.BadParameter( '''There's a mismatch between the number of dependency images and versions in: {}'''.format(value)) for raw_version in raw_versions: try: versions.append(decode_version(raw_version)) except ValueError as e: raise click.BadParameter("{}".format(e)) dependencies = dict() dependencies[image.DEP_IMAGES_KEY] = images dependencies[image.DEP_VERSIONS_KEY] = versions return dependencies
def sign(key, align, version, header_size, pad_header, slot_size, pad, max_sectors, overwrite_only, endian, encrypt, infile, outfile, dependencies): img = image.Image(version=decode_version(version), header_size=header_size, pad_header=pad_header, pad=pad, align=int(align), slot_size=slot_size, max_sectors=max_sectors, overwrite_only=overwrite_only, endian=endian) img.load(infile) key = load_key(key) if key else None enckey = load_key(encrypt) if encrypt else None if enckey: if not isinstance(enckey, (keys.RSA, keys.RSAPublic)): raise Exception("Encryption only available with RSA key") if key and not isinstance(key, keys.RSA): raise Exception("Signing only available with private RSA key") img.create(key, enckey, dependencies) img.save(outfile)
def sign(key, align, version, header_size, pad_header, slot_size, pad, confirm, max_sectors, overwrite_only, endian, encrypt, infile, outfile, dependencies, load_addr, hex_addr, erased_val, save_enctlv, security_counter): img = image.Image(version=decode_version(version), header_size=header_size, pad_header=pad_header, pad=pad, confirm=confirm, align=int(align), slot_size=slot_size, max_sectors=max_sectors, overwrite_only=overwrite_only, endian=endian, load_addr=load_addr, erased_val=erased_val, save_enctlv=save_enctlv, security_counter=security_counter) img.load(infile) key = load_key(key) if key else None enckey = load_key(encrypt) if encrypt else None if enckey and key: if ((isinstance(key, keys.ECDSA256P1) and not isinstance(enckey, keys.ECDSA256P1Public)) or (isinstance(key, keys.RSA) and not isinstance(enckey, keys.RSAPublic))): # FIXME raise click.UsageError("Signing and encryption must use the same " "type of key") img.create(key, enckey, dependencies) img.save(outfile, hex_addr)
def sign(key, align, version, header_size, pad_header, slot_size, pad, max_sectors, overwrite_only, endian, encrypt, key2, hashtrail, extfile, infile, outfile): img = image.Image(version=decode_version(version), header_size=header_size, pad_header=pad_header, pad=pad, align=int(align), slot_size=slot_size, max_sectors=max_sectors, overwrite_only=overwrite_only, endian=endian, hashtrail=hashtrail) img.load(infile) key = load_key(key) if key else None key2 = load_key(key2) if key2 else None enckey = load_key(encrypt) if encrypt else None if enckey: if not isinstance(enckey, (keys.RSA2048, keys.RSA2048Public)): raise Exception("Encryption only available with RSA") if key and not isinstance(key, (keys.RSA2048, keys.RSA2048Public)): raise Exception("Encryption with sign only available with RSA") img.create(key, enckey, key2, extfile) img.save(outfile)
def validate_version(ctx, param, value): try: decode_version(value) return value except ValueError as e: raise click.BadParameter("{}".format(e))
def sign(key, public_key_format, align, version, pad_sig, header_size, pad_header, slot_size, pad, confirm, max_sectors, overwrite_only, endian, encrypt_keylen, encrypt, infile, outfile, dependencies, load_addr, hex_addr, erased_val, save_enctlv, security_counter, boot_record, custom_tlv, rom_fixed, max_align, clear): if confirm: # Confirmed but non-padded images don't make much sense, because # otherwise there's no trailer area for writing the confirmed status. pad = True img = image.Image(version=decode_version(version), header_size=header_size, pad_header=pad_header, pad=pad, confirm=confirm, align=int(align), slot_size=slot_size, max_sectors=max_sectors, overwrite_only=overwrite_only, endian=endian, load_addr=load_addr, rom_fixed=rom_fixed, erased_val=erased_val, save_enctlv=save_enctlv, security_counter=security_counter, max_align=max_align) img.load(infile) key = load_key(key) if key else None enckey = load_key(encrypt) if encrypt else None if enckey and key: if ((isinstance(key, keys.ECDSA256P1) and not isinstance(enckey, keys.ECDSA256P1Public)) or (isinstance(key, keys.RSA) and not isinstance(enckey, keys.RSAPublic))): # FIXME raise click.UsageError("Signing and encryption must use the same " "type of key") if pad_sig and hasattr(key, 'pad_sig'): key.pad_sig = True # Get list of custom protected TLVs from the command-line custom_tlvs = {} for tlv in custom_tlv: tag = int(tlv[0], 0) if tag in custom_tlvs: raise click.UsageError('Custom TLV %s already exists.' % hex(tag)) if tag in image.TLV_VALUES.values(): raise click.UsageError( 'Custom TLV %s conflicts with predefined TLV.' % hex(tag)) value = tlv[1] if value.startswith('0x'): if len(value[2:]) % 2: raise click.UsageError('Custom TLV length is odd.') custom_tlvs[tag] = bytes.fromhex(value[2:]) else: custom_tlvs[tag] = value.encode('utf-8') img.create(key, public_key_format, enckey, dependencies, boot_record, custom_tlvs, int(encrypt_keylen), clear) img.save(outfile, hex_addr)