scripts/imgtool/keys.py - mirror/mcuboot - TrustedFirmware Git Browser

 """
 Cryptographic key management for imgtool.
 """

 from Crypto.Hash import SHA256
 from Crypto.PublicKey import RSA
 from Crypto.Signature import PKCS1_v1_5, PKCS1_PSS
 from ecdsa import SigningKey, NIST256p, util
 import hashlib
 from pyasn1.type import namedtype, univ
 from pyasn1.codec.der.encoder import encode

 # By default, we use RSA-PSS (PKCS 2.1).  That can be overridden on
 # the command line to support the older (less secure) PKCS1.5
 sign_rsa_pss = True

 AUTOGEN_MESSAGE = "/* Autogenerated by imgtool.py, do not edit. */"

 class RSAPublicKey(univ.Sequence):
     componentType = namedtype.NamedTypes(
             namedtype.NamedType('modulus', univ.Integer()),
             namedtype.NamedType('publicExponent', univ.Integer()))

 class RSA2048():
     def __init__(self, key):
         """Construct an RSA2048 key with the given key data"""
         self.key = key

     @staticmethod
     def generate():
         return RSA2048(RSA.generate(2048))

     def export_private(self, path):
         with open(path, 'wb') as f:
             f.write(self.key.exportKey('PEM'))

     def get_public_bytes(self):
         node = RSAPublicKey()
         node['modulus'] = self.key.n
         node['publicExponent'] = self.key.e
         return bytearray(encode(node))

     def emit_c(self):
         print(AUTOGEN_MESSAGE)
         print("const unsigned char rsa_pub_key[] = {", end='')
         encoded = self.get_public_bytes()
         for count, b in enumerate(encoded):
             if count % 8 == 0:
                 print("\n\t", end='')
             else:
                 print(" ", end='')
             print("0x{:02x},".format(b), end='')
         print("\n};")
         print("const unsigned int rsa_pub_key_len = {};".format(len(encoded)))

     def emit_rust(self):
         print(AUTOGEN_MESSAGE)
         print("static RSA_PUB_KEY: &'static [u8] = &[", end='')
         encoded = self.get_public_bytes()
         for count, b in enumerate(encoded):
             if count % 8 == 0:
                 print("\n    ", end='')
             else:
                 print(" ", end='')
             print("0x{:02x},".format(b), end='')
         print("\n];")

     def sig_type(self):
         """Return the type of this signature (as a string)"""
         if sign_rsa_pss:
             return "PKCS1_PSS_RSA2048_SHA256"
         else:
             return "PKCS15_RSA2048_SHA256"

     def sig_len(self):
         return 256

     def sig_tlv(self):
         return "RSA2048"

     def sign(self, payload):
         sha = SHA256.new(payload)
         if sign_rsa_pss:
             signer = PKCS1_PSS.new(self.key)
         else:
             signer = PKCS1_v1_5.new(self.key)
         signature = signer.sign(sha)
         assert len(signature) == self.sig_len()
         return signature

 class ECDSA256P1():
     def __init__(self, key):
         """Construct an ECDSA P-256 private key"""
         self.key = key

     @staticmethod
     def generate():
         return ECDSA256P1(SigningKey.generate(curve=NIST256p))

     def export_private(self, path):
         with open(path, 'wb') as f:
             f.write(self.key.to_pem())

     def get_public_bytes(self):
         vk = self.key.get_verifying_key()
         return bytes(vk.to_der())

     def emit_c(self):
         vk = self.key.get_verifying_key()
         print(AUTOGEN_MESSAGE)
         print("const unsigned char ecdsa_pub_key[] = {", end='')
         encoded = bytes(vk.to_der())
         for count, b in enumerate(encoded):
             if count % 8 == 0:
                 print("\n\t", end='')
             else:
                 print(" ", end='')
             print("0x{:02x},".format(b), end='')
         print("\n};")
         print("const unsigned int ecdsa_pub_key_len = {};".format(len(encoded)))

     def emit_rust(self):
         vk = self.key.get_verifying_key()
         print(AUTOGEN_MESSAGE)
         print("static ECDSA_PUB_KEY: &'static [u8] = &[", end='')
         encoded = bytes(vk.to_der())
         for count, b in enumerate(encoded):
             if count % 8 == 0:
                 print("\n    ", end='')
             else:
                 print(" ", end='')
             print("0x{:02x},".format(b), end='')
         print("\n];")

     def sign(self, payload):
         # To make this fixed length, possibly pad with zeros.
         sig = self.key.sign(payload, hashfunc=hashlib.sha256, sigencode=util.sigencode_der)
         sig += b'\000' * (self.sig_len() - len(sig))
         return sig

     def sig_len(self):
         # The DER encoding depends on the high bit, and can be
         # anywhere from 70 to 72 bytes.  Because we have to fill in
         # the length field before computing the signature, however,
         # we'll give the largest, and the sig checking code will allow
         # for it to be up to two bytes larger than the actual
         # signature.
         return 72

     def sig_type(self):
         """Return the type of this signature (as a string)"""
         return "ECDSA256_SHA256"

     def sig_tlv(self):
         return "ECDSA256"

 def load(path):
     with open(path, 'rb') as f:
         pem = f.read()
     try:
         key = RSA.importKey(pem)
         if key.n.bit_length() != 2048:
             raise Exception("Unsupported RSA bit length, only 2048 supported")
         return RSA2048(key)
     except ValueError:
         key = SigningKey.from_pem(pem)
         if key.curve.name != 'NIST256p':
             raise Exception("Unsupported ECDSA curve")
         return ECDSA256P1(key)
	"""
	Cryptographic key management for imgtool.
	"""

	from Crypto.Hash import SHA256
	from Crypto.PublicKey import RSA
	from Crypto.Signature import PKCS1_v1_5, PKCS1_PSS
	from ecdsa import SigningKey, NIST256p, util
	import hashlib
	from pyasn1.type import namedtype, univ
	from pyasn1.codec.der.encoder import encode

	# By default, we use RSA-PSS (PKCS 2.1). That can be overridden on
	# the command line to support the older (less secure) PKCS1.5
	sign_rsa_pss = True

	AUTOGEN_MESSAGE = "/* Autogenerated by imgtool.py, do not edit. */"

	class RSAPublicKey(univ.Sequence):
	componentType = namedtype.NamedTypes(
	namedtype.NamedType('modulus', univ.Integer()),
	namedtype.NamedType('publicExponent', univ.Integer()))

	class RSA2048():
	def __init__(self, key):
	"""Construct an RSA2048 key with the given key data"""
	self.key = key

	@staticmethod
	def generate():
	return RSA2048(RSA.generate(2048))

	def export_private(self, path):
	with open(path, 'wb') as f:
	f.write(self.key.exportKey('PEM'))

	def get_public_bytes(self):
	node = RSAPublicKey()
	node['modulus'] = self.key.n
	node['publicExponent'] = self.key.e
	return bytearray(encode(node))

	def emit_c(self):
	print(AUTOGEN_MESSAGE)
	print("const unsigned char rsa_pub_key[] = {", end='')
	encoded = self.get_public_bytes()
	for count, b in enumerate(encoded):
	if count % 8 == 0:
	print("\n\t", end='')
	else:
	print(" ", end='')
	print("0x{:02x},".format(b), end='')
	print("\n};")
	print("const unsigned int rsa_pub_key_len = {};".format(len(encoded)))

	def emit_rust(self):
	print(AUTOGEN_MESSAGE)
	print("static RSA_PUB_KEY: &'static [u8] = &[", end='')
	encoded = self.get_public_bytes()
	for count, b in enumerate(encoded):
	if count % 8 == 0:
	print("\n ", end='')
	else:
	print(" ", end='')
	print("0x{:02x},".format(b), end='')
	print("\n];")

	def sig_type(self):
	"""Return the type of this signature (as a string)"""
	if sign_rsa_pss:
	return "PKCS1_PSS_RSA2048_SHA256"
	else:
	return "PKCS15_RSA2048_SHA256"

	def sig_len(self):
	return 256

	def sig_tlv(self):
	return "RSA2048"

	def sign(self, payload):
	sha = SHA256.new(payload)
	if sign_rsa_pss:
	signer = PKCS1_PSS.new(self.key)
	else:
	signer = PKCS1_v1_5.new(self.key)
	signature = signer.sign(sha)
	assert len(signature) == self.sig_len()
	return signature

	class ECDSA256P1():
	def __init__(self, key):
	"""Construct an ECDSA P-256 private key"""
	self.key = key

	@staticmethod
	def generate():
	return ECDSA256P1(SigningKey.generate(curve=NIST256p))

	def export_private(self, path):
	with open(path, 'wb') as f:
	f.write(self.key.to_pem())

	def get_public_bytes(self):
	vk = self.key.get_verifying_key()
	return bytes(vk.to_der())

	def emit_c(self):
	vk = self.key.get_verifying_key()
	print(AUTOGEN_MESSAGE)
	print("const unsigned char ecdsa_pub_key[] = {", end='')
	encoded = bytes(vk.to_der())
	for count, b in enumerate(encoded):
	if count % 8 == 0:
	print("\n\t", end='')
	else:
	print(" ", end='')
	print("0x{:02x},".format(b), end='')
	print("\n};")
	print("const unsigned int ecdsa_pub_key_len = {};".format(len(encoded)))

	def emit_rust(self):
	vk = self.key.get_verifying_key()
	print(AUTOGEN_MESSAGE)
	print("static ECDSA_PUB_KEY: &'static [u8] = &[", end='')
	encoded = bytes(vk.to_der())
	for count, b in enumerate(encoded):
	if count % 8 == 0:
	print("\n ", end='')
	else:
	print(" ", end='')
	print("0x{:02x},".format(b), end='')
	print("\n];")

	def sign(self, payload):
	# To make this fixed length, possibly pad with zeros.
	sig = self.key.sign(payload, hashfunc=hashlib.sha256, sigencode=util.sigencode_der)
	sig += b'\000' * (self.sig_len() - len(sig))
	return sig

	def sig_len(self):
	# The DER encoding depends on the high bit, and can be
	# anywhere from 70 to 72 bytes. Because we have to fill in
	# the length field before computing the signature, however,
	# we'll give the largest, and the sig checking code will allow
	# for it to be up to two bytes larger than the actual
	# signature.
	return 72

	def sig_type(self):
	"""Return the type of this signature (as a string)"""
	return "ECDSA256_SHA256"

	def sig_tlv(self):
	return "ECDSA256"

	def load(path):
	with open(path, 'rb') as f:
	pem = f.read()
	try:
	key = RSA.importKey(pem)
	if key.n.bit_length() != 2048:
	raise Exception("Unsupported RSA bit length, only 2048 supported")
	return RSA2048(key)
	except ValueError:
	key = SigningKey.from_pem(pem)
	if key.curve.name != 'NIST256p':
	raise Exception("Unsupported ECDSA curve")
	return ECDSA256P1(key)