Add new verify command imgtool verify -k <some-key.(pub|sec)> <img-file> Allow imgtool to validate that an image has a valid sha256sum and that it was signed by the supplied key. NOTE: this does not yet support verifying encrypted images Signed-off-by: Fabio Utzig <utzig@apache.org>

commit: 4a5477ad96c0b24fc088aa51d9d9b2eb21b07b09 [log] [tgz]
author: Fabio Utzig <utzig@apache.org> Mon May 27 15:45:08 2019 -0300
committer: Fabio Utzig <utzig@utzig.org> Wed May 29 08:56:12 2019 -0300
tree: 11ae6fa08c29d85512c24d1c24d150750a911734
parent: 05b594b01d9c7f48a1cfb211e8961fbed420bea5 [diff] [blame]
diff --git a/scripts/imgtool/keys/rsa.py b/scripts/imgtool/keys/rsa.py
index 94af064..0f9a905 100644
--- a/scripts/imgtool/keys/rsa.py
+++ b/scripts/imgtool/keys/rsa.py

@@ -62,6 +62,14 @@
     def sig_len(self):
         return self.key_size() / 8
 
+    def verify(self, signature, payload):
+        k = self.key
+        if isinstance(self.key, rsa.RSAPrivateKey):
+            k = self.key.public_key()
+        return k.verify(signature=signature, data=payload,
+                        padding=PSS(mgf=MGF1(SHA256()), salt_length=32),
+                        algorithm=SHA256())
+
 
 class RSA(RSAPublic):
     """
commit	4a5477ad96c0b24fc088aa51d9d9b2eb21b07b09	[log] [tgz]
author	Fabio Utzig <utzig@apache.org>	Mon May 27 15:45:08 2019 -0300
committer	Fabio Utzig <utzig@utzig.org>	Wed May 29 08:56:12 2019 -0300
tree	11ae6fa08c29d85512c24d1c24d150750a911734
parent	05b594b01d9c7f48a1cfb211e8961fbed420bea5 [diff] [blame]