Add new verify command imgtool verify -k <some-key.(pub|sec)> <img-file> Allow imgtool to validate that an image has a valid sha256sum and that it was signed by the supplied key. NOTE: this does not yet support verifying encrypted images Signed-off-by: Fabio Utzig <utzig@apache.org>

commit: 4a5477ad96c0b24fc088aa51d9d9b2eb21b07b09 [log] [tgz]
author: Fabio Utzig <utzig@apache.org> Mon May 27 15:45:08 2019 -0300
committer: Fabio Utzig <utzig@utzig.org> Wed May 29 08:56:12 2019 -0300
tree: 11ae6fa08c29d85512c24d1c24d150750a911734
parent: 05b594b01d9c7f48a1cfb211e8961fbed420bea5 [diff] [blame]
diff --git a/scripts/imgtool/keys/ecdsa.py b/scripts/imgtool/keys/ecdsa.py
index f541d16..f93783d 100644
--- a/scripts/imgtool/keys/ecdsa.py
+++ b/scripts/imgtool/keys/ecdsa.py

@@ -57,6 +57,14 @@
         # signature.
         return 72
 
+    def verify(self, signature, payload):
+        k = self.key
+        if isinstance(self.key, ec.EllipticCurvePrivateKey):
+            k = self.key.public_key()
+        return k.verify(signature=signature, data=payload,
+                        signature_algorithm=ec.ECDSA(SHA256()))
+
+
 class ECDSA256P1(ECDSA256P1Public):
     """
     Wrapper around an ECDSA private key.
commit	4a5477ad96c0b24fc088aa51d9d9b2eb21b07b09	[log] [tgz]
author	Fabio Utzig <utzig@apache.org>	Mon May 27 15:45:08 2019 -0300
committer	Fabio Utzig <utzig@utzig.org>	Wed May 29 08:56:12 2019 -0300
tree	11ae6fa08c29d85512c24d1c24d150750a911734
parent	05b594b01d9c7f48a1cfb211e8961fbed420bea5 [diff] [blame]