def _format(self, terse: bool) -> str: vh = self.fw.vendor_header if not terse: vhash = compute_vhash(vh) output = [ "Vendor Header " + _format_container(vh), "Pubkey bundle hash: {}".format(vhash.hex()), ] else: output = [ "Vendor Header for {vendor} version {version} ({size} bytes)". format( vendor=click.style(vh.text, bold=True), version=_format_version(vh.version), size=vh.header_len, ), ] fingerprint = firmware.header_digest(vh) if not terse: output.append("Fingerprint: {}".format( click.style(fingerprint.hex(), bold=True))) sig_status = self.check_signature() sym = SYM_OK if sig_status.is_ok() else SYM_FAIL output.append("{} Signature is {}".format(sym, sig_status.value)) return "\n".join(output)
def _check_signature_any(header: c.Container, m: int, pubkeys: List[bytes], is_devel: bool) -> Optional[bool]: if all_zero(header.signature) and header.sigmask == 0: return Status.MISSING try: digest = firmware.header_digest(header) cosi.verify(header.signature, digest, m, pubkeys, header.sigmask) return Status.VALID if not is_devel else Status.DEVEL except Exception: return Status.INVALID
def digest(self) -> bytes: return firmware.header_digest(self.digest_header)