Commit f72e3741 authored by Andrzej Puzdrowski's avatar Andrzej Puzdrowski Committed by David Brown
Browse files

imgtool: image signature export



Extend sign/create command so it now allow to export the image
signature to the file pointed by --sig-out option.
The image signature will be encoded as base64 formatted string.

Signed-off-by: default avatarAndrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
parent 160303c2
...@@ -447,12 +447,14 @@ class Image(): ...@@ -447,12 +447,14 @@ class Image():
else: else:
sig = key.sign_digest(digest) sig = key.sign_digest(digest)
tlv.add(key.sig_tlv(), sig) tlv.add(key.sig_tlv(), sig)
self.signature = sig
elif fixed_sig is not None and key is None: elif fixed_sig is not None and key is None:
if public_key_format == 'hash': if public_key_format == 'hash':
tlv.add('KEYHASH', pubbytes) tlv.add('KEYHASH', pubbytes)
else: else:
tlv.add('PUBKEY', pub) tlv.add('PUBKEY', pub)
tlv.add(pub_key.sig_tlv(), fixed_sig['value']) tlv.add(pub_key.sig_tlv(), fixed_sig['value'])
self.signature = fixed_sig['value']
else: else:
raise click.UsageError("Can not sign using key and provide fixed-signature at the same time") raise click.UsageError("Can not sign using key and provide fixed-signature at the same time")
......
...@@ -74,6 +74,11 @@ def load_signature(sigfile): ...@@ -74,6 +74,11 @@ def load_signature(sigfile):
signature = base64.b64decode(f.read()) signature = base64.b64decode(f.read())
return signature return signature
def save_signature(sigfile, sig):
with open(sigfile, 'wb') as f:
signature = base64.b64encode(sig)
f.write(signature)
def load_key(keyfile): def load_key(keyfile):
# TODO: better handling of invalid pass-phrase # TODO: better handling of invalid pass-phrase
key = keys.load(keyfile) key = keys.load(keyfile)
...@@ -313,6 +318,9 @@ class BasedIntParamType(click.ParamType): ...@@ -313,6 +318,9 @@ class BasedIntParamType(click.ParamType):
'the signature calculated using the public key') 'the signature calculated using the public key')
@click.option('--fix-sig-pubkey', metavar='filename', @click.option('--fix-sig-pubkey', metavar='filename',
help='public key relevant to fixed signature') help='public key relevant to fixed signature')
@click.option('--sig-out', metavar='filename',
help='Path to the file to which signature will be written'
'The image signature will be encoded as base64 formatted string')
@click.command(help='''Create a signed or unsigned image\n @click.command(help='''Create a signed or unsigned image\n
INFILE and OUTFILE are parsed as Intel HEX if the params have INFILE and OUTFILE are parsed as Intel HEX if the params have
.hex extension, otherwise binary format is used''') .hex extension, otherwise binary format is used''')
...@@ -321,7 +329,7 @@ def sign(key, public_key_format, align, version, pad_sig, header_size, ...@@ -321,7 +329,7 @@ def sign(key, public_key_format, align, version, pad_sig, header_size,
endian, encrypt_keylen, encrypt, infile, outfile, dependencies, endian, encrypt_keylen, encrypt, infile, outfile, dependencies,
load_addr, hex_addr, erased_val, save_enctlv, security_counter, load_addr, hex_addr, erased_val, save_enctlv, security_counter,
boot_record, custom_tlv, rom_fixed, max_align, clear, fix_sig, boot_record, custom_tlv, rom_fixed, max_align, clear, fix_sig,
fix_sig_pubkey): fix_sig_pubkey, sig_out):
if confirm: if confirm:
# Confirmed but non-padded images don't make much sense, because # Confirmed but non-padded images don't make much sense, because
...@@ -388,6 +396,10 @@ def sign(key, public_key_format, align, version, pad_sig, header_size, ...@@ -388,6 +396,10 @@ def sign(key, public_key_format, align, version, pad_sig, header_size,
custom_tlvs, int(encrypt_keylen), clear, baked_signature, pub_key) custom_tlvs, int(encrypt_keylen), clear, baked_signature, pub_key)
img.save(outfile, hex_addr) img.save(outfile, hex_addr)
if sig_out is not None:
new_signature = img.get_signature()
save_signature(sig_out, new_signature)
class AliasesGroup(click.Group): class AliasesGroup(click.Group):
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment