diff mbox series

[swugenerator] add option to encrypt sw-description

Message ID 20220722110455.22146-1-ayoub.zaki@embexus.com
State Changes Requested
Headers show
Series [swugenerator] add option to encrypt sw-description | expand

Commit Message

Ayoub Zaki July 22, 2022, 11:04 a.m. UTC 
Signed-off-by: Ayoub Zaki <ayoub.zaki@embexus.com>
---
 swugenerator/generator.py | 11 ++++++++++-
 swugenerator/main.py      | 10 ++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

Comments

Ayoub Zaki July 22, 2022, 11:50 a.m. UTC | #1 
Hi,


please ignore this patch, I prepare a v2 for it the reason is that 
encryption should precede the signing of sw-description.


On 22.07.22 13:04, Ayoub Zaki wrote:
> Signed-off-by: Ayoub Zaki <ayoub.zaki@embexus.com>
> ---
>   swugenerator/generator.py | 11 ++++++++++-
>   swugenerator/main.py      | 10 ++++++++++
>   2 files changed, 20 insertions(+), 1 deletion(-)
>
> diff --git a/swugenerator/generator.py b/swugenerator/generator.py
> index c6b55e8..aad1f3e 100644
> --- a/swugenerator/generator.py
> +++ b/swugenerator/generator.py
> @@ -3,6 +3,7 @@
>   # SPDX-License-Identifier: GPLv3
>   import logging
>   import os
> +import shutil
>   import re
>   import codecs
>   import libconf
> @@ -15,7 +16,7 @@ from swugenerator.artifact import Artifact
>   
>   
>   class SWUGenerator:
> -    def __init__(self, template, out, confvars, dirs, crypt, aeskey, firstiv, no_compress=False):
> +    def __init__(self, template, out, confvars, dirs, crypt, aeskey, firstiv, encrypt_swdesc=False, no_compress=False):
>           self.swdescription = template
>           self.artifacts = []
>           self.out = open(out, 'wb')
> @@ -29,6 +30,7 @@ class SWUGenerator:
>           self.signtool = crypt
>           self.aeskey = aeskey
>           self.aesiv = firstiv
> +        self.encryptswdesc = encrypt_swdesc
>           self.nocompress = no_compress
>   
>       @staticmethod
> @@ -152,6 +154,13 @@ class SWUGenerator:
>               self.signtool.prepare_cmd(sw_desc_in, sw_desc_out)
>               self.signtool.sign()
>   
> +        # Encrypt sw-description if required
> +        if self.aeskey and self.encryptswdesc:
> +            iv = self.generate_iv()
> +            sw_desc_out = os.path.join(self.temp.name, 'sw-description.enc')
> +            sw.encrypt(sw_desc_out, self.aeskey, iv)
> +            shutil.copyfile(sw_desc_out, sw.fullfilename)
> +
>           for artifact in self.artifacts:
>               self.cpiofile.addartifacttoswu(artifact.fullfilename)
>   
> diff --git a/swugenerator/main.py b/swugenerator/main.py
> index 318e333..f6173ff 100644
> --- a/swugenerator/main.py
> +++ b/swugenerator/main.py
> @@ -78,6 +78,15 @@ def main() -> None:
>           help="sw-description template",
>       )
>   
> +    parser.add_argument(
> +        "-t",
> +        "--encrypt-swdesc",
> +        action='store_const',
> +        const=True,
> +        default=False,
> +        help="Encrypt sw-description",
> +    )
> +
>       parser.add_argument(
>           "-a",
>           "--artifactory",
> @@ -172,6 +181,7 @@ def main() -> None:
>                                        artidirs,
>                                        sign_option,
>                                        key, iv,
> +                                     args.encrypt_swdesc,
>                                        args.no_compress)
>           swu.process()
>           swu.close()

Mit freundlichen Grüßen / Kind regards
diff mbox series

Patch

diff --git a/swugenerator/generator.py b/swugenerator/generator.py
index c6b55e8..aad1f3e 100644
--- a/swugenerator/generator.py
+++ b/swugenerator/generator.py
@@ -3,6 +3,7 @@ 
 # SPDX-License-Identifier: GPLv3
 import logging
 import os
+import shutil
 import re
 import codecs
 import libconf
@@ -15,7 +16,7 @@  from swugenerator.artifact import Artifact
 
 
 class SWUGenerator:
-    def __init__(self, template, out, confvars, dirs, crypt, aeskey, firstiv, no_compress=False):
+    def __init__(self, template, out, confvars, dirs, crypt, aeskey, firstiv, encrypt_swdesc=False, no_compress=False):
         self.swdescription = template
         self.artifacts = []
         self.out = open(out, 'wb')
@@ -29,6 +30,7 @@  class SWUGenerator:
         self.signtool = crypt
         self.aeskey = aeskey
         self.aesiv = firstiv
+        self.encryptswdesc = encrypt_swdesc
         self.nocompress = no_compress
 
     @staticmethod
@@ -152,6 +154,13 @@  class SWUGenerator:
             self.signtool.prepare_cmd(sw_desc_in, sw_desc_out)
             self.signtool.sign()
 
+        # Encrypt sw-description if required
+        if self.aeskey and self.encryptswdesc:
+            iv = self.generate_iv()
+            sw_desc_out = os.path.join(self.temp.name, 'sw-description.enc')
+            sw.encrypt(sw_desc_out, self.aeskey, iv)
+            shutil.copyfile(sw_desc_out, sw.fullfilename)
+ 
         for artifact in self.artifacts:
             self.cpiofile.addartifacttoswu(artifact.fullfilename)
 
diff --git a/swugenerator/main.py b/swugenerator/main.py
index 318e333..f6173ff 100644
--- a/swugenerator/main.py
+++ b/swugenerator/main.py
@@ -78,6 +78,15 @@  def main() -> None:
         help="sw-description template",
     )
 
+    parser.add_argument(
+        "-t",
+        "--encrypt-swdesc",
+        action='store_const',
+        const=True,
+        default=False,
+        help="Encrypt sw-description",
+    )
+
     parser.add_argument(
         "-a",
         "--artifactory",
@@ -172,6 +181,7 @@  def main() -> None:
                                      artidirs,
                                      sign_option,
                                      key, iv,
+                                     args.encrypt_swdesc,
                                      args.no_compress)
         swu.process()
         swu.close()