Commit f72e3741 authored by Andrzej Puzdrowski's avatar Andrzej Puzdrowski Committed by David Brown
Browse files

imgtool: image signature export



Extend sign/create command so it now allow to export the image
signature to the file pointed by --sig-out option.
The image signature will be encoded as base64 formatted string.

Signed-off-by: default avatarAndrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
parent 160303c2
......@@ -447,12 +447,14 @@ class Image():
else:
sig = key.sign_digest(digest)
tlv.add(key.sig_tlv(), sig)
self.signature = sig
elif fixed_sig is not None and key is None:
if public_key_format == 'hash':
tlv.add('KEYHASH', pubbytes)
else:
tlv.add('PUBKEY', pub)
tlv.add(pub_key.sig_tlv(), fixed_sig['value'])
self.signature = fixed_sig['value']
else:
raise click.UsageError("Can not sign using key and provide fixed-signature at the same time")
......
......@@ -74,6 +74,11 @@ def load_signature(sigfile):
signature = base64.b64decode(f.read())
return signature
def save_signature(sigfile, sig):
with open(sigfile, 'wb') as f:
signature = base64.b64encode(sig)
f.write(signature)
def load_key(keyfile):
# TODO: better handling of invalid pass-phrase
key = keys.load(keyfile)
......@@ -313,6 +318,9 @@ class BasedIntParamType(click.ParamType):
'the signature calculated using the public key')
@click.option('--fix-sig-pubkey', metavar='filename',
help='public key relevant to fixed signature')
@click.option('--sig-out', metavar='filename',
help='Path to the file to which signature will be written'
'The image signature will be encoded as base64 formatted string')
@click.command(help='''Create a signed or unsigned image\n
INFILE and OUTFILE are parsed as Intel HEX if the params have
.hex extension, otherwise binary format is used''')
......@@ -321,7 +329,7 @@ def sign(key, public_key_format, align, version, pad_sig, header_size,
endian, encrypt_keylen, encrypt, infile, outfile, dependencies,
load_addr, hex_addr, erased_val, save_enctlv, security_counter,
boot_record, custom_tlv, rom_fixed, max_align, clear, fix_sig,
fix_sig_pubkey):
fix_sig_pubkey, sig_out):
if confirm:
# Confirmed but non-padded images don't make much sense, because
......@@ -388,6 +396,10 @@ def sign(key, public_key_format, align, version, pad_sig, header_size,
custom_tlvs, int(encrypt_keylen), clear, baked_signature, pub_key)
img.save(outfile, hex_addr)
if sig_out is not None:
new_signature = img.get_signature()
save_signature(sig_out, new_signature)
class AliasesGroup(click.Group):
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment