commit 8101d1fa445eb4c371ebdfb7ac8cfc0c0eeda755
author Fabio Utzig <utzig@apache.org> Thu May 09 15:03:22 2019 -0300
committer Fabio Utzig <utzig@utzig.org> Thu Jun 13 19:21:05 2019 -0300
tree 838b2d94a6f3061770b325a70548d5cafdd1c6cf
parent fc07eab118e673abaa0eb8634848b00c3487d42a

Add ed25519 signing support to imgtool

This adds ed25519 signature support using the "prehash" method. Instead
of using the direct contents of the image and header payloads, a sha256
is generated and signed (SHA256-Ed25519). This allows for compatibility
with already existing tools that use the sha256 hash, like mcumgr, etc.

Signed-off-by: Fabio Utzig <utzig@apache.org>

scripts/imgtool/keys/ed25519.py

diff --git a/scripts/imgtool/keys/ed25519.py b/scripts/imgtool/keys/ed25519.py
new file mode 100644
index 0000000..57eb99a
--- /dev/null
+++ b/scripts/imgtool/keys/ed25519.py
@@ -0,0 +1,98 @@
+"""
+ECDSA key management
+"""
+
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.asymmetric import ed25519
+
+from .general import KeyClass
+
+
+class Ed25519UsageError(Exception):
+    pass
+
+
+class Ed25519Public(KeyClass):
+    def __init__(self, key):
+        self.key = key
+
+    def shortname(self):
+        return "ed25519"
+
+    def _unsupported(self, name):
+        raise Ed25519UsageError("Operation {} requires private key".format(name))
+
+    def _get_public(self):
+        return self.key
+
+    def get_public_bytes(self):
+        # The key is embedded into MBUboot in "SubjectPublicKeyInfo" format
+        return self._get_public().public_bytes(
+                encoding=serialization.Encoding.DER,
+                format=serialization.PublicFormat.SubjectPublicKeyInfo)
+
+    def export_private(self, path, passwd=None):
+        self._unsupported('export_private')
+
+    def export_public(self, path):
+        """Write the public key to the given file."""
+        pem = self._get_public().public_bytes(
+                encoding=serialization.Encoding.PEM,
+                format=serialization.PublicFormat.SubjectPublicKeyInfo)
+        with open(path, 'wb') as f:
+            f.write(pem)
+
+    def sig_type(self):
+        return "ED25519"
+
+    def sig_tlv(self):
+        return "ED25519"
+
+    def sig_len(self):
+        return 64
+
+
+class Ed25519(Ed25519Public):
+    """
+    Wrapper around an ECDSA private key.
+    """
+
+    def __init__(self, key):
+        """key should be an instance of EllipticCurvePrivateKey"""
+        self.key = key
+
+    @staticmethod
+    def generate():
+        pk = ed25519.Ed25519PrivateKey.generate()
+        return Ed25519(pk)
+
+    def _get_public(self):
+        return self.key.public_key()
+
+    def export_private(self, path, passwd=None):
+        """
+        Write the private key to the given file, protecting it with the
+        optional password.
+        """
+        if passwd is None:
+            enc = serialization.NoEncryption()
+        else:
+            enc = serialization.BestAvailableEncryption(passwd)
+        pem = self.key.private_bytes(
+                encoding=serialization.Encoding.PEM,
+                format=serialization.PrivateFormat.PKCS8,
+                encryption_algorithm=enc)
+        with open(path, 'wb') as f:
+            f.write(pem)
+
+    def sign_digest(self, digest):
+        """Return the actual signature"""
+        return self.key.sign(data=digest)
+
+    def verify_digest(self, signature, digest):
+        """Verify that signature is valid for given digest"""
+        k = self.key
+        if isinstance(self.key, ed25519.Ed25519PrivateKey):
+            k = self.key.public_key()
+        return k.verify(signature=signature, data=digest)