TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_os / refs/heads/import/mbedtls-2.16.0 / . / scripts / sign.py
blob: 84fd7714c098ff2425213f915bf11e8003e642d0 [file] [log] [blame]
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]1#!/usr/bin/env python
2#
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]3# Copyright (c) 2015, 2017, Linaro Limited
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]4#
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]5# SPDX-License-Identifier: BSD-2-Clause
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]6
Jerome Forissier4a477922018-11-14 11:02:49 +0100[diff] [blame]7
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]8def uuid_parse(s):
9 from uuid import UUID
10 return UUID(s)
11
12
13def int_parse(str):
14 return int(str, 0)
15
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]16
17def get_args():
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]18 from argparse import ArgumentParser
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]19
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]20 parser = ArgumentParser()
21 parser.add_argument('--uuid', required=True,
22 type=uuid_parse, help='UUID of TA')
23 parser.add_argument('--version', type=int_parse, default=0, help='Version')
24 parser.add_argument('--key', required=True, help='Name of key file')
25 parser.add_argument('--in', required=True, dest='inf',
26 help='Name of in file')
27 parser.add_argument('--out', required=True, help='Name of out file')
28 return parser.parse_args()
29
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]30
31def main():
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]32 from Crypto.Signature import PKCS1_v1_5
33 from Crypto.Hash import SHA256
34 from Crypto.PublicKey import RSA
35 import struct
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]36
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]37 args = get_args()
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]38
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]39 f = open(args.key, 'rb')
40 key = RSA.importKey(f.read())
41 f.close()
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]42
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]43 f = open(args.inf, 'rb')
44 img = f.read()
45 f.close()
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]46
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]47 signer = PKCS1_v1_5.new(key)
48 h = SHA256.new()
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]49
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]50 digest_len = h.digest_size
51 sig_len = len(signer.sign(h))
52 img_size = len(img)
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]53
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]54 magic = 0x4f545348 # SHDR_MAGIC
55 img_type = 1 # SHDR_BOOTSTRAP_TA
56 algo = 0x70004830 # TEE_ALG_RSASSA_PKCS1_V1_5_SHA256
57 shdr = struct.pack('<IIIIHH',
58 magic, img_type, img_size, algo, digest_len, sig_len)
59 shdr_uuid = args.uuid.bytes
60 shdr_version = struct.pack('<I', args.version)
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]61
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]62 h.update(shdr)
63 h.update(shdr_uuid)
64 h.update(shdr_version)
65 h.update(img)
66 sig = signer.sign(h)
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]67
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]68 f = open(args.out, 'wb')
69 f.write(shdr)
70 f.write(h.digest())
71 f.write(sig)
72 f.write(shdr_uuid)
73 f.write(shdr_version)
74 f.write(img)
75 f.close()
76
Jens Wiklanderbc420742015-05-05 14:59:15 +0200[diff] [blame]77
78if __name__ == "__main__":
Jens Wiklandercd5cf432017-11-28 16:59:15 +0100[diff] [blame]79 main()