Message ID | 20220722110455.22146-1-ayoub.zaki@embexus.com |
---|---|
State | Changes Requested |
Headers | show |
Series | [swugenerator] add option to encrypt sw-description | expand |
Hi, please ignore this patch, I prepare a v2 for it the reason is that encryption should precede the signing of sw-description. On 22.07.22 13:04, Ayoub Zaki wrote: > Signed-off-by: Ayoub Zaki <ayoub.zaki@embexus.com> > --- > swugenerator/generator.py | 11 ++++++++++- > swugenerator/main.py | 10 ++++++++++ > 2 files changed, 20 insertions(+), 1 deletion(-) > > diff --git a/swugenerator/generator.py b/swugenerator/generator.py > index c6b55e8..aad1f3e 100644 > --- a/swugenerator/generator.py > +++ b/swugenerator/generator.py > @@ -3,6 +3,7 @@ > # SPDX-License-Identifier: GPLv3 > import logging > import os > +import shutil > import re > import codecs > import libconf > @@ -15,7 +16,7 @@ from swugenerator.artifact import Artifact > > > class SWUGenerator: > - def __init__(self, template, out, confvars, dirs, crypt, aeskey, firstiv, no_compress=False): > + def __init__(self, template, out, confvars, dirs, crypt, aeskey, firstiv, encrypt_swdesc=False, no_compress=False): > self.swdescription = template > self.artifacts = [] > self.out = open(out, 'wb') > @@ -29,6 +30,7 @@ class SWUGenerator: > self.signtool = crypt > self.aeskey = aeskey > self.aesiv = firstiv > + self.encryptswdesc = encrypt_swdesc > self.nocompress = no_compress > > @staticmethod > @@ -152,6 +154,13 @@ class SWUGenerator: > self.signtool.prepare_cmd(sw_desc_in, sw_desc_out) > self.signtool.sign() > > + # Encrypt sw-description if required > + if self.aeskey and self.encryptswdesc: > + iv = self.generate_iv() > + sw_desc_out = os.path.join(self.temp.name, 'sw-description.enc') > + sw.encrypt(sw_desc_out, self.aeskey, iv) > + shutil.copyfile(sw_desc_out, sw.fullfilename) > + > for artifact in self.artifacts: > self.cpiofile.addartifacttoswu(artifact.fullfilename) > > diff --git a/swugenerator/main.py b/swugenerator/main.py > index 318e333..f6173ff 100644 > --- a/swugenerator/main.py > +++ b/swugenerator/main.py > @@ -78,6 +78,15 @@ def main() -> None: > help="sw-description template", > ) > > + parser.add_argument( > + "-t", > + "--encrypt-swdesc", > + action='store_const', > + const=True, > + default=False, > + help="Encrypt sw-description", > + ) > + > parser.add_argument( > "-a", > "--artifactory", > @@ -172,6 +181,7 @@ def main() -> None: > artidirs, > sign_option, > key, iv, > + args.encrypt_swdesc, > args.no_compress) > swu.process() > swu.close() Mit freundlichen Grüßen / Kind regards
diff --git a/swugenerator/generator.py b/swugenerator/generator.py index c6b55e8..aad1f3e 100644 --- a/swugenerator/generator.py +++ b/swugenerator/generator.py @@ -3,6 +3,7 @@ # SPDX-License-Identifier: GPLv3 import logging import os +import shutil import re import codecs import libconf @@ -15,7 +16,7 @@ from swugenerator.artifact import Artifact class SWUGenerator: - def __init__(self, template, out, confvars, dirs, crypt, aeskey, firstiv, no_compress=False): + def __init__(self, template, out, confvars, dirs, crypt, aeskey, firstiv, encrypt_swdesc=False, no_compress=False): self.swdescription = template self.artifacts = [] self.out = open(out, 'wb') @@ -29,6 +30,7 @@ class SWUGenerator: self.signtool = crypt self.aeskey = aeskey self.aesiv = firstiv + self.encryptswdesc = encrypt_swdesc self.nocompress = no_compress @staticmethod @@ -152,6 +154,13 @@ class SWUGenerator: self.signtool.prepare_cmd(sw_desc_in, sw_desc_out) self.signtool.sign() + # Encrypt sw-description if required + if self.aeskey and self.encryptswdesc: + iv = self.generate_iv() + sw_desc_out = os.path.join(self.temp.name, 'sw-description.enc') + sw.encrypt(sw_desc_out, self.aeskey, iv) + shutil.copyfile(sw_desc_out, sw.fullfilename) + for artifact in self.artifacts: self.cpiofile.addartifacttoswu(artifact.fullfilename) diff --git a/swugenerator/main.py b/swugenerator/main.py index 318e333..f6173ff 100644 --- a/swugenerator/main.py +++ b/swugenerator/main.py @@ -78,6 +78,15 @@ def main() -> None: help="sw-description template", ) + parser.add_argument( + "-t", + "--encrypt-swdesc", + action='store_const', + const=True, + default=False, + help="Encrypt sw-description", + ) + parser.add_argument( "-a", "--artifactory", @@ -172,6 +181,7 @@ def main() -> None: artidirs, sign_option, key, iv, + args.encrypt_swdesc, args.no_compress) swu.process() swu.close()
Signed-off-by: Ayoub Zaki <ayoub.zaki@embexus.com> --- swugenerator/generator.py | 11 ++++++++++- swugenerator/main.py | 10 ++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-)