def get_dependencies(ctx, param, value):
if value is not None:
versions = []
images = re.findall(r"\((\d+)", value)
if len(images) == 0:
raise click.BadParameter(
"Image dependency format is invalid: {}".format(value))
raw_versions = re.findall(r",\s*([0-9.+]+)\)", value)
if len(images) != len(raw_versions):
raise click.BadParameter(
'''There's a mismatch between the number of dependency images
and versions in: {}'''.format(value))
for raw_version in raw_versions:
try:
versions.append(decode_version(raw_version))
except ValueError as e:
raise click.BadParameter("{}".format(e))
dependencies = dict()
dependencies[image.DEP_IMAGES_KEY] = images
dependencies[image.DEP_VERSIONS_KEY] = versions
return dependencies
def sign(key, align, version, header_size, pad_header, slot_size, pad,
max_sectors, overwrite_only, endian, encrypt, infile, outfile,
dependencies):
img = image.Image(version=decode_version(version),
header_size=header_size,
pad_header=pad_header,
pad=pad,
align=int(align),
slot_size=slot_size,
max_sectors=max_sectors,
overwrite_only=overwrite_only,
endian=endian)
img.load(infile)
key = load_key(key) if key else None
enckey = load_key(encrypt) if encrypt else None
if enckey:
if not isinstance(enckey, (keys.RSA, keys.RSAPublic)):
raise Exception("Encryption only available with RSA key")
if key and not isinstance(key, keys.RSA):
raise Exception("Signing only available with private RSA key")
img.create(key, enckey, dependencies)
img.save(outfile)
def sign(key, align, version, header_size, pad_header, slot_size, pad, confirm,
max_sectors, overwrite_only, endian, encrypt, infile, outfile,
dependencies, load_addr, hex_addr, erased_val, save_enctlv,
security_counter):
img = image.Image(version=decode_version(version), header_size=header_size,
pad_header=pad_header, pad=pad, confirm=confirm,
align=int(align), slot_size=slot_size,
max_sectors=max_sectors, overwrite_only=overwrite_only,
endian=endian, load_addr=load_addr, erased_val=erased_val,
save_enctlv=save_enctlv,
security_counter=security_counter)
img.load(infile)
key = load_key(key) if key else None
enckey = load_key(encrypt) if encrypt else None
if enckey and key:
if ((isinstance(key, keys.ECDSA256P1) and
not isinstance(enckey, keys.ECDSA256P1Public))
or (isinstance(key, keys.RSA) and
not isinstance(enckey, keys.RSAPublic))):
# FIXME
raise click.UsageError("Signing and encryption must use the same "
"type of key")
img.create(key, enckey, dependencies)
img.save(outfile, hex_addr)
def sign(key, align, version, header_size, pad_header, slot_size, pad,
max_sectors, overwrite_only, endian, encrypt, key2, hashtrail,
extfile, infile, outfile):
img = image.Image(version=decode_version(version),
header_size=header_size,
pad_header=pad_header,
pad=pad,
align=int(align),
slot_size=slot_size,
max_sectors=max_sectors,
overwrite_only=overwrite_only,
endian=endian,
hashtrail=hashtrail)
img.load(infile)
key = load_key(key) if key else None
key2 = load_key(key2) if key2 else None
enckey = load_key(encrypt) if encrypt else None
if enckey:
if not isinstance(enckey, (keys.RSA2048, keys.RSA2048Public)):
raise Exception("Encryption only available with RSA")
if key and not isinstance(key, (keys.RSA2048, keys.RSA2048Public)):
raise Exception("Encryption with sign only available with RSA")
img.create(key, enckey, key2, extfile)
img.save(outfile)
def validate_version(ctx, param, value):
try:
decode_version(value)
return value
except ValueError as e:
raise click.BadParameter("{}".format(e))
def sign(key, public_key_format, align, version, pad_sig, header_size,
pad_header, slot_size, pad, confirm, max_sectors, overwrite_only,
endian, encrypt_keylen, encrypt, infile, outfile, dependencies,
load_addr, hex_addr, erased_val, save_enctlv, security_counter,
boot_record, custom_tlv, rom_fixed, max_align, clear):
if confirm:
# Confirmed but non-padded images don't make much sense, because
# otherwise there's no trailer area for writing the confirmed status.
pad = True
img = image.Image(version=decode_version(version),
header_size=header_size,
pad_header=pad_header,
pad=pad,
confirm=confirm,
align=int(align),
slot_size=slot_size,
max_sectors=max_sectors,
overwrite_only=overwrite_only,
endian=endian,
load_addr=load_addr,
rom_fixed=rom_fixed,
erased_val=erased_val,
save_enctlv=save_enctlv,
security_counter=security_counter,
max_align=max_align)
img.load(infile)
key = load_key(key) if key else None
enckey = load_key(encrypt) if encrypt else None
if enckey and key:
if ((isinstance(key, keys.ECDSA256P1)
and not isinstance(enckey, keys.ECDSA256P1Public))
or (isinstance(key, keys.RSA)
and not isinstance(enckey, keys.RSAPublic))):
# FIXME
raise click.UsageError("Signing and encryption must use the same "
"type of key")
if pad_sig and hasattr(key, 'pad_sig'):
key.pad_sig = True
# Get list of custom protected TLVs from the command-line
custom_tlvs = {}
for tlv in custom_tlv:
tag = int(tlv[0], 0)
if tag in custom_tlvs:
raise click.UsageError('Custom TLV %s already exists.' % hex(tag))
if tag in image.TLV_VALUES.values():
raise click.UsageError(
'Custom TLV %s conflicts with predefined TLV.' % hex(tag))
value = tlv[1]
if value.startswith('0x'):
if len(value[2:]) % 2:
raise click.UsageError('Custom TLV length is odd.')
custom_tlvs[tag] = bytes.fromhex(value[2:])
else:
custom_tlvs[tag] = value.encode('utf-8')
img.create(key, public_key_format, enckey, dependencies, boot_record,
custom_tlvs, int(encrypt_keylen), clear)
img.save(outfile, hex_addr)
