RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2025-01-16 09:52:45 +01:00
Code Releases Activity
4c0e8e554b
RIOT/dist/tools/suit_v3/suit-manifest-generator/suit_tool/sign.py
Koen Zandberg 009a317b14
dist/tools/suit_v3: Add ietf-v3 manifest generator 
Co-authored-by: Kaspar Schleiser <kaspar@schleiser.de>
2020-03-18 14:13:12 +01:00

112 lines
4.1 KiB
Python
Raw Blame History

#!/usr/bin/python3
# -*- coding: utf-8 -*-
# ----------------------------------------------------------------------------
# Copyright 2019 ARM Limited or its affiliates
#
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ----------------------------------------------------------------------------
import cbor
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.asymmetric import ed25519
from cryptography.hazmat.primitives.asymmetric import utils as asymmetric_utils
from cryptography.hazmat.primitives import serialization as ks
from suit_tool.manifest import COSE_Sign1, COSEList, \
SUITWrapper, SUITBytes, SUITBWrapField
import logging
import binascii
LOG = logging.getLogger(__name__)
def get_cose_es_bytes(private_key, sig_val):
ASN1_signature = private_key.sign(sig_val, ec.ECDSA(hashes.SHA256()))
r,s = asymmetric_utils.decode_dss_signature(ASN1_signature)
ssize = private_key.key_size
signature_bytes = r.to_bytes(ssize//8, byteorder='big') + s.to_bytes(ssize//8, byteorder='big')
return signature_bytes
def get_cose_ed25519_bytes(private_key, sig_val):
return private_key.sign(sig_val)
def main(options):
# Read the manifest wrapper
wrapper = cbor.loads(options.manifest.read())
private_key = None
digest = None
try:
private_key = ks.load_pem_private_key(options.private_key.read(), password=None, backend=default_backend())
if isinstance(private_key, ec.EllipticCurvePrivateKey):
options.key_type = 'ES{}'.format(private_key.key_size)
elif isinstance(private_key, ed25519.Ed25519PrivateKey):
options.key_type = 'EdDSA'
else:
LOG.critical('Unrecognized key: {}'.format(type(private_key).__name__))
return 1
digest = {
'ES256' : hashes.Hash(hashes.SHA256(), backend=default_backend()),
'ES384' : hashes.Hash(hashes.SHA384(), backend=default_backend()),
'ES512' : hashes.Hash(hashes.SHA512(), backend=default_backend()),
'EdDSA' : hashes.Hash(hashes.SHA256(), backend=default_backend()),
}.get(options.key_type)
except:
digest= hashes.Hash(hashes.SHA256(), backend=default_backend())
# private_key = None
# TODO: Implement loading of DSA keys not supported by python cryptography
LOG.critical('Non-library key type not implemented')
# return 1
digest.update(cbor.dumps(wrapper[SUITWrapper.fields['manifest'].suit_key]))
cose_signature = COSE_Sign1().from_json({
'protected' : {
'alg' : options.key_type
},
'unprotected' : {},
'payload' : {
'algorithm-id' : 'sha256',
'digest-bytes' : binascii.b2a_hex(digest.finalize())
}
})
Sig_structure = cbor.dumps([
"Signature1",
cose_signature.protected.to_suit(),
b'',
cose_signature.payload.to_suit(),
], sort_keys = True)
sig_val = Sig_structure
signature_bytes = {
'ES256' : get_cose_es_bytes,
'ES384' : get_cose_es_bytes,
'ES512' : get_cose_es_bytes,
'EdDSA' : get_cose_ed25519_bytes,
}.get(options.key_type)(private_key, sig_val)
cose_signature.signature = SUITBytes().from_suit(signature_bytes)
auth = SUITBWrapField(COSEList)().from_json([{
'COSE_Sign1_Tagged' : cose_signature.to_json()
}])
wrapper[SUITWrapper.fields['auth'].suit_key] = auth.to_suit()
options.output_file.write(cbor.dumps(wrapper, sort_keys=True))
return 0
View Git Blame Copy Permalink