TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_os / 049aefa8fb9318a35352e128e2eb032d8eee3da8 / . / scripts / sign.py
blob: ad47479b589c694039469273a2d2fe8d29c36060 [file] [log] [blame]
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]1#!/usr/bin/env python
2#
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]3# Copyright (c) 2015, 2017, Linaro Limited
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]4#
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]5# SPDX-License-Identifier: BSD-2-Clause
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]6
7def uuid_parse(s):
8 from uuid import UUID
9 return UUID(s)
10
11
12def int_parse(str):
13 return int(str, 0)
14
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]15
16def get_args():
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]17 from argparse import ArgumentParser
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]18
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]19 parser = ArgumentParser()
20 parser.add_argument('--uuid', required=True,
21 type=uuid_parse, help='UUID of TA')
22 parser.add_argument('--version', type=int_parse, default=0, help='Version')
23 parser.add_argument('--key', required=True, help='Name of key file')
24 parser.add_argument('--in', required=True, dest='inf',
25 help='Name of in file')
26 parser.add_argument('--out', required=True, help='Name of out file')
27 return parser.parse_args()
28
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]29
30def main():
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]31 from Crypto.Signature import PKCS1_v1_5
32 from Crypto.Hash import SHA256
33 from Crypto.PublicKey import RSA
34 import struct
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]35
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]36 args = get_args()
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]37
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]38 f = open(args.key, 'rb')
39 key = RSA.importKey(f.read())
40 f.close()
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]41
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]42 f = open(args.inf, 'rb')
43 img = f.read()
44 f.close()
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]45
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]46 signer = PKCS1_v1_5.new(key)
47 h = SHA256.new()
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]48
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]49 digest_len = h.digest_size
50 sig_len = len(signer.sign(h))
51 img_size = len(img)
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]52
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]53 magic = 0x4f545348 # SHDR_MAGIC
54 img_type = 1 # SHDR_BOOTSTRAP_TA
55 algo = 0x70004830 # TEE_ALG_RSASSA_PKCS1_V1_5_SHA256
56 shdr = struct.pack('<IIIIHH',
57 magic, img_type, img_size, algo, digest_len, sig_len)
58 shdr_uuid = args.uuid.bytes
59 shdr_version = struct.pack('<I', args.version)
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]60
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]61 h.update(shdr)
62 h.update(shdr_uuid)
63 h.update(shdr_version)
64 h.update(img)
65 sig = signer.sign(h)
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]66
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]67 f = open(args.out, 'wb')
68 f.write(shdr)
69 f.write(h.digest())
70 f.write(sig)
71 f.write(shdr_uuid)
72 f.write(shdr_version)
73 f.write(img)
74 f.close()
75
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]76
77if __name__ == "__main__":
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]78 main()