[swugenerator][PATCH] add option to encrypt sw-description
72 views
Skip to first unread message
Ayoub Zaki
Jul 22, 2022, 7:04:59 AM7/22/22
to swup...@googlegroups.com, Ayoub Zaki
Signed-off-by: Ayoub Zaki <ayoub...@embexus.com>
---
swugenerator/generator.py | 11 ++++++++++-
swugenerator/main.py | 10 ++++++++++
2 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/swugenerator/generator.py b/swugenerator/generator.py
index c6b55e8..aad1f3e 100644
--- a/swugenerator/generator.py
+++ b/swugenerator/generator.py
@@ -3,6 +3,7 @@
# SPDX-License-Identifier: GPLv3
import logging
import os
+import shutil
import re
import codecs
import libconf
@@ -15,7 +16,7 @@ from swugenerator.artifact import Artifact
class SWUGenerator:
- def __init__(self, template, out, confvars, dirs, crypt, aeskey, firstiv, no_compress=False):
+ def __init__(self, template, out, confvars, dirs, crypt, aeskey, firstiv, encrypt_swdesc=False, no_compress=False):
self.swdescription = template
self.artifacts = []
self.out = open(out, 'wb')
@@ -29,6 +30,7 @@ class SWUGenerator:
self.signtool = crypt
self.aeskey = aeskey
self.aesiv = firstiv
+ self.encryptswdesc = encrypt_swdesc
self.nocompress = no_compress
@staticmethod
@@ -152,6 +154,13 @@ class SWUGenerator:
self.signtool.prepare_cmd(sw_desc_in, sw_desc_out)
self.signtool.sign()
+ # Encrypt sw-description if required
+ if self.aeskey and self.encryptswdesc:
+ iv = self.generate_iv()
+ sw_desc_out = os.path.join(self.temp.name, 'sw-description.enc')
+ sw.encrypt(sw_desc_out, self.aeskey, iv)
+ shutil.copyfile(sw_desc_out, sw.fullfilename)
+
for artifact in self.artifacts:
self.cpiofile.addartifacttoswu(artifact.fullfilename)
diff --git a/swugenerator/main.py b/swugenerator/main.py
index 318e333..f6173ff 100644
--- a/swugenerator/main.py
+++ b/swugenerator/main.py
@@ -78,6 +78,15 @@ def main() -> None:
help="sw-description template",
)
+ parser.add_argument(
+ "-t",
+ "--encrypt-swdesc",
+ action='store_const',
+ const=True,
+ default=False,
+ help="Encrypt sw-description",
+ )
+
parser.add_argument(
"-a",
"--artifactory",
@@ -172,6 +181,7 @@ def main() -> None:
artidirs,
sign_option,
key, iv,
+ args.encrypt_swdesc,
args.no_compress)
swu.process()
swu.close()
--
2.25.1
---
swugenerator/generator.py | 11 ++++++++++-
swugenerator/main.py | 10 ++++++++++
2 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/swugenerator/generator.py b/swugenerator/generator.py
index c6b55e8..aad1f3e 100644
--- a/swugenerator/generator.py
+++ b/swugenerator/generator.py
@@ -3,6 +3,7 @@
# SPDX-License-Identifier: GPLv3
import logging
import os
+import shutil
import re
import codecs
import libconf
@@ -15,7 +16,7 @@ from swugenerator.artifact import Artifact
class SWUGenerator:
- def __init__(self, template, out, confvars, dirs, crypt, aeskey, firstiv, no_compress=False):
+ def __init__(self, template, out, confvars, dirs, crypt, aeskey, firstiv, encrypt_swdesc=False, no_compress=False):
self.swdescription = template
self.artifacts = []
self.out = open(out, 'wb')
@@ -29,6 +30,7 @@ class SWUGenerator:
self.signtool = crypt
self.aeskey = aeskey
self.aesiv = firstiv
+ self.encryptswdesc = encrypt_swdesc
self.nocompress = no_compress
@staticmethod
@@ -152,6 +154,13 @@ class SWUGenerator:
self.signtool.prepare_cmd(sw_desc_in, sw_desc_out)
self.signtool.sign()
+ # Encrypt sw-description if required
+ if self.aeskey and self.encryptswdesc:
+ iv = self.generate_iv()
+ sw_desc_out = os.path.join(self.temp.name, 'sw-description.enc')
+ sw.encrypt(sw_desc_out, self.aeskey, iv)
+ shutil.copyfile(sw_desc_out, sw.fullfilename)
+
for artifact in self.artifacts:
self.cpiofile.addartifacttoswu(artifact.fullfilename)
diff --git a/swugenerator/main.py b/swugenerator/main.py
index 318e333..f6173ff 100644
--- a/swugenerator/main.py
+++ b/swugenerator/main.py
@@ -78,6 +78,15 @@ def main() -> None:
help="sw-description template",
)
+ parser.add_argument(
+ "-t",
+ "--encrypt-swdesc",
+ action='store_const',
+ const=True,
+ default=False,
+ help="Encrypt sw-description",
+ )
+
parser.add_argument(
"-a",
"--artifactory",
@@ -172,6 +181,7 @@ def main() -> None:
artidirs,
sign_option,
key, iv,
+ args.encrypt_swdesc,
args.no_compress)
swu.process()
swu.close()
--
2.25.1
Ayoub Zaki
Jul 22, 2022, 7:50:45 AM7/22/22
to swup...@googlegroups.com
Hi,
please ignore this patch, I prepare a v2 for it the reason is that
encryption should precede the signing of sw-description.
Mit freundlichen Grüßen / Kind regards
--
Ayoub Zaki
Embedded Systems Consultant
please ignore this patch, I prepare a v2 for it the reason is that
encryption should precede the signing of sw-description.
--
Ayoub Zaki
Embedded Systems Consultant
Ayoub Zaki
Jul 22, 2022, 8:31:55 AM7/22/22
to swup...@googlegroups.com, Ayoub Zaki
swugenerator/generator.py | 20 ++++++++++++++++----
swugenerator/main.py | 10 ++++++++++
2 files changed, 26 insertions(+), 4 deletions(-)
diff --git a/swugenerator/generator.py b/swugenerator/generator.py
index c6b55e8..3f03b1d 100644
# Encrypt if required
if 'encrypted' in entry and self.aeskey:
- iv = self.generate_iv()
+ iv = self.aesiv
new_path = os.path.join(self.temp.name, entry['filename'])
new.encrypt(new_path, self.aeskey, iv)
new.fullfilename = new_path
@@ -146,8 +148,18 @@ class SWUGenerator:
self.save_swdescription(os.path.join(self.temp.name, sw.filename), swdesc)
- if self.signtool:
- sw_desc_in = os.path.join(self.temp.name, sw.filename)
+ sw_desc_plain = os.path.join(self.temp.name, 'sw-description.plain')
+ sw_desc_enc = os.path.join(self.temp.name, 'sw-description.enc')
+ shutil.copyfile(sw.fullfilename, sw_desc_plain)
+ sw.encrypt(sw_desc_enc, self.aeskey, iv)
+ shutil.copyfile(sw_desc_enc, sw.fullfilename)
+
+ if self.signtool:
+ sw_desc_in = os.path.join(self.temp.name, 'sw-description.plain'
+ if self.aeskey and self.encryptswdesc else 'sw-description')
sw_desc_out = os.path.join(self.temp.name, 'sw-description.sig')
self.signtool.prepare_cmd(sw_desc_in, sw_desc_out)
self.signtool.sign()
--
2.25.1
swugenerator/main.py | 10 ++++++++++
2 files changed, 26 insertions(+), 4 deletions(-)
diff --git a/swugenerator/generator.py b/swugenerator/generator.py
index c6b55e8..3f03b1d 100644
--- a/swugenerator/generator.py
+++ b/swugenerator/generator.py
@@ -3,6 +3,7 @@
# SPDX-License-Identifier: GPLv3
import logging
import os
+import shutil
import re
import codecs
import libconf
@@ -15,7 +16,7 @@ from swugenerator.artifact import Artifact
class SWUGenerator:
- def __init__(self, template, out, confvars, dirs, crypt, aeskey, firstiv, no_compress=False):
+ def __init__(self, template, out, confvars, dirs, crypt, aeskey, firstiv, encrypt_swdesc=False, no_compress=False):
self.swdescription = template
self.artifacts = []
self.out = open(out, 'wb')
@@ -29,6 +30,7 @@ class SWUGenerator:
self.signtool = crypt
self.aeskey = aeskey
self.aesiv = firstiv
+ self.encryptswdesc = encrypt_swdesc
self.nocompress = no_compress
@staticmethod
@@ -61,7 +63,7 @@ class SWUGenerator:
+++ b/swugenerator/generator.py
@@ -3,6 +3,7 @@
# SPDX-License-Identifier: GPLv3
import logging
import os
+import shutil
import re
import codecs
import libconf
@@ -15,7 +16,7 @@ from swugenerator.artifact import Artifact
class SWUGenerator:
- def __init__(self, template, out, confvars, dirs, crypt, aeskey, firstiv, no_compress=False):
+ def __init__(self, template, out, confvars, dirs, crypt, aeskey, firstiv, encrypt_swdesc=False, no_compress=False):
self.swdescription = template
self.artifacts = []
self.out = open(out, 'wb')
@@ -29,6 +30,7 @@ class SWUGenerator:
self.signtool = crypt
self.aeskey = aeskey
self.aesiv = firstiv
+ self.encryptswdesc = encrypt_swdesc
self.nocompress = no_compress
@staticmethod
# Encrypt if required
if 'encrypted' in entry and self.aeskey:
- iv = self.generate_iv()
+ iv = self.aesiv
new_path = os.path.join(self.temp.name, entry['filename'])
new.encrypt(new_path, self.aeskey, iv)
new.fullfilename = new_path
@@ -146,8 +148,18 @@ class SWUGenerator:
self.save_swdescription(os.path.join(self.temp.name, sw.filename), swdesc)
- if self.signtool:
- sw_desc_in = os.path.join(self.temp.name, sw.filename)
+ # Encrypt sw-description if required
+ if self.aeskey and self.encryptswdesc:
+ iv = self.aesiv
+ if self.aeskey and self.encryptswdesc:
+ sw_desc_plain = os.path.join(self.temp.name, 'sw-description.plain')
+ sw_desc_enc = os.path.join(self.temp.name, 'sw-description.enc')
+ shutil.copyfile(sw.fullfilename, sw_desc_plain)
+ sw.encrypt(sw_desc_enc, self.aeskey, iv)
+ shutil.copyfile(sw_desc_enc, sw.fullfilename)
+
+ if self.signtool:
+ sw_desc_in = os.path.join(self.temp.name, 'sw-description.plain'
+ if self.aeskey and self.encryptswdesc else 'sw-description')
sw_desc_out = os.path.join(self.temp.name, 'sw-description.sig')
self.signtool.prepare_cmd(sw_desc_in, sw_desc_out)
self.signtool.sign()
2.25.1
Stefano Babic
Aug 5, 2022, 5:00:06 AM8/5/22
to Ayoub Zaki, swup...@googlegroups.com
Hallo Ayoub,
Do we still need both "plain" and "enc" after encryption ? What about to
have just "sw-description", and the code for signing remains untouched ?
I think that at this point, sw-description was completely processed and
we just need to save it and we do not need to have both (plain and
encrypted).
Regards,
Stefano
--
=====================================================================
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, 82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sba...@denx.de
=====================================================================
have just "sw-description", and the code for signing remains untouched ?
I think that at this point, sw-description was completely processed and
we just need to save it and we do not need to have both (plain and
encrypted).
Stefano
--
=====================================================================
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, 82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sba...@denx.de
=====================================================================
ayoub...@googlemail.com
Aug 8, 2022, 8:11:22 AM8/8/22
to swupdate
Hallo Stefano,
I don't get your point ?
after the encryption "sw-description" file is encrypted and we need to the sign the plain one.
Stefano Babic
Aug 8, 2022, 10:28:44 AM8/8/22
to ayoub...@googlemail.com, swupdate
On 08.08.22 14:11, 'ayoub...@googlemail.com' via swupdate wrote:
> Hallo Stefano,
>
> I don't get your point ?
>
> after the encryption "sw-description" file is encrypted and we need to
> the sign the plain one.
>
Sorry for noise, you're right !
> Hallo Stefano,
>
> I don't get your point ?
>
> after the encryption "sw-description" file is encrypted and we need to
> the sign the plain one.
>
Best regards,
Stefano
> entry['filename'])
> > new.encrypt(new_path, self.aeskey, iv)
> > new.fullfilename = new_path
> > @@ -146,8 +148,18 @@ class SWUGenerator:
> >
> > self.save_swdescription(os.path.join(self.temp.name
> <http://self.temp.name>, sw.filename), swdesc)
> > new.encrypt(new_path, self.aeskey, iv)
> > new.fullfilename = new_path
> > @@ -146,8 +148,18 @@ class SWUGenerator:
> >
> > self.save_swdescription(os.path.join(self.temp.name
> <http://self.temp.name>, sw.filename)
> > + # Encrypt sw-description if required
> > + if self.aeskey and self.encryptswdesc:
> > + iv = self.aesiv
> > + sw_desc_plain = os.path.join(self.temp.name
> <http://self.temp.name>, 'sw-description.plain')
> > + if self.aeskey and self.encryptswdesc:
> > + iv = self.aesiv
> > + sw_desc_plain = os.path.join(self.temp.name
> > + sw_desc_enc = os.path.join(self.temp.name
> <http://self.temp.name>, 'sw-description.enc')
> > + shutil.copyfile(sw.fullfilename, sw_desc_plain)
> > + sw.encrypt(sw_desc_enc, self.aeskey, iv)
> > + shutil.copyfile(sw_desc_enc, sw.fullfilename)
> > +
>
> Do we still need both "plain" and "enc" after encryption ? What
> about to
> have just "sw-description", and the code for signing remains
> untouched ?
> I think that at this point, sw-description was completely processed and
> we just need to save it and we do not need to have both (plain and
> encrypted).
>
> > + if self.signtool:
> > + sw_desc_in = os.path.join(self.temp.name
> <http://self.temp.name>, 'sw-description.plain'
> > + sw.encrypt(sw_desc_enc, self.aeskey, iv)
> > + shutil.copyfile(sw_desc_enc, sw.fullfilename)
> > +
>
> Do we still need both "plain" and "enc" after encryption ? What
> about to
> have just "sw-description", and the code for signing remains
> untouched ?
> I think that at this point, sw-description was completely processed and
> we just need to save it and we do not need to have both (plain and
> encrypted).
>
> > + if self.signtool:
> > + sw_desc_in = os.path.join(self.temp.name
> > + if self.aeskey and self.encryptswdesc else 'sw-description')
> > sw_desc_out = os.path.join(self.temp.name
> <http://self.temp.name>, 'sw-description.sig')
> > sw_desc_out = os.path.join(self.temp.name
> +49-8142-66989-80 <tel:+49%208142%206698980> Email: sba...@denx.de
> =====================================================================
>
> --
> You received this message because you are subscribed to the Google
> Groups "swupdate" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to swupdate+u...@googlegroups.com
> <mailto:swupdate+u...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/swupdate/020f13ad-8b87-48c7-9f05-653683af0f9fn%40googlegroups.com
> <https://groups.google.com/d/msgid/swupdate/020f13ad-8b87-48c7-9f05-653683af0f9fn%40googlegroups.com?utm_medium=email&utm_source=footer>.
Reply all
Reply to author
Forward
0 new messages