Message ID | 20220722123150.10869-1-ayoub.zaki@embexus.com |
---|---|
State | Accepted |
Headers | show |
Series | [swugenerator,V2] add option to encrypt sw-description | expand |
Hallo Ayoub, On 22.07.22 14:31, Ayoub Zaki wrote: > Signed-off-by: Ayoub Zaki <ayoub.zaki@embexus.com> > --- > swugenerator/generator.py | 20 ++++++++++++++++---- > swugenerator/main.py | 10 ++++++++++ > 2 files changed, 26 insertions(+), 4 deletions(-) > > diff --git a/swugenerator/generator.py b/swugenerator/generator.py > index c6b55e8..3f03b1d 100644 > --- a/swugenerator/generator.py > +++ b/swugenerator/generator.py > @@ -3,6 +3,7 @@ > # SPDX-License-Identifier: GPLv3 > import logging > import os > +import shutil > import re > import codecs > import libconf > @@ -15,7 +16,7 @@ from swugenerator.artifact import Artifact > > > class SWUGenerator: > - def __init__(self, template, out, confvars, dirs, crypt, aeskey, firstiv, no_compress=False): > + def __init__(self, template, out, confvars, dirs, crypt, aeskey, firstiv, encrypt_swdesc=False, no_compress=False): > self.swdescription = template > self.artifacts = [] > self.out = open(out, 'wb') > @@ -29,6 +30,7 @@ class SWUGenerator: > self.signtool = crypt > self.aeskey = aeskey > self.aesiv = firstiv > + self.encryptswdesc = encrypt_swdesc > self.nocompress = no_compress > > @staticmethod > @@ -61,7 +63,7 @@ class SWUGenerator: > > # Encrypt if required > if 'encrypted' in entry and self.aeskey: > - iv = self.generate_iv() > + iv = self.aesiv > new_path = os.path.join(self.temp.name, entry['filename']) > new.encrypt(new_path, self.aeskey, iv) > new.fullfilename = new_path > @@ -146,8 +148,18 @@ class SWUGenerator: > > self.save_swdescription(os.path.join(self.temp.name, sw.filename), swdesc) > > - if self.signtool: > - sw_desc_in = os.path.join(self.temp.name, sw.filename) > + # Encrypt sw-description if required > + if self.aeskey and self.encryptswdesc: > + iv = self.aesiv > + sw_desc_plain = os.path.join(self.temp.name, 'sw-description.plain') > + sw_desc_enc = os.path.join(self.temp.name, 'sw-description.enc') > + shutil.copyfile(sw.fullfilename, sw_desc_plain) > + sw.encrypt(sw_desc_enc, self.aeskey, iv) > + shutil.copyfile(sw_desc_enc, sw.fullfilename) > + Do we still need both "plain" and "enc" after encryption ? What about to have just "sw-description", and the code for signing remains untouched ? I think that at this point, sw-description was completely processed and we just need to save it and we do not need to have both (plain and encrypted). > + if self.signtool: > + sw_desc_in = os.path.join(self.temp.name, 'sw-description.plain' > + if self.aeskey and self.encryptswdesc else 'sw-description') > sw_desc_out = os.path.join(self.temp.name, 'sw-description.sig') > self.signtool.prepare_cmd(sw_desc_in, sw_desc_out) > self.signtool.sign() > diff --git a/swugenerator/main.py b/swugenerator/main.py > index 318e333..f6173ff 100644 > --- a/swugenerator/main.py > +++ b/swugenerator/main.py > @@ -78,6 +78,15 @@ def main() -> None: > help="sw-description template", > ) > > + parser.add_argument( > + "-t", > + "--encrypt-swdesc", > + action='store_const', > + const=True, > + default=False, > + help="Encrypt sw-description", > + ) > + > parser.add_argument( > "-a", > "--artifactory", > @@ -172,6 +181,7 @@ def main() -> None: > artidirs, > sign_option, > key, iv, > + args.encrypt_swdesc, > args.no_compress) > swu.process() > swu.close() Regards, Stefano
Hallo Stefano, I don't get your point ? after the encryption "sw-description" file is encrypted and we need to the sign the plain one. On Friday, August 5, 2022 at 11:00:06 AM UTC+2 Stefano Babic wrote: > Hallo Ayoub, > > On 22.07.22 14:31, Ayoub Zaki wrote: > > Signed-off-by: Ayoub Zaki <ayoub...@embexus.com> > > --- > > swugenerator/generator.py | 20 ++++++++++++++++---- > > swugenerator/main.py | 10 ++++++++++ > > 2 files changed, 26 insertions(+), 4 deletions(-) > > > > diff --git a/swugenerator/generator.py b/swugenerator/generator.py > > index c6b55e8..3f03b1d 100644 > > --- a/swugenerator/generator.py > > +++ b/swugenerator/generator.py > > @@ -3,6 +3,7 @@ > > # SPDX-License-Identifier: GPLv3 > > import logging > > import os > > +import shutil > > import re > > import codecs > > import libconf > > @@ -15,7 +16,7 @@ from swugenerator.artifact import Artifact > > > > > > class SWUGenerator: > > - def __init__(self, template, out, confvars, dirs, crypt, aeskey, > firstiv, no_compress=False): > > + def __init__(self, template, out, confvars, dirs, crypt, aeskey, > firstiv, encrypt_swdesc=False, no_compress=False): > > self.swdescription = template > > self.artifacts = [] > > self.out = open(out, 'wb') > > @@ -29,6 +30,7 @@ class SWUGenerator: > > self.signtool = crypt > > self.aeskey = aeskey > > self.aesiv = firstiv > > + self.encryptswdesc = encrypt_swdesc > > self.nocompress = no_compress > > > > @staticmethod > > @@ -61,7 +63,7 @@ class SWUGenerator: > > > > # Encrypt if required > > if 'encrypted' in entry and self.aeskey: > > - iv = self.generate_iv() > > + iv = self.aesiv > > new_path = os.path.join(self.temp.name, entry['filename']) > > new.encrypt(new_path, self.aeskey, iv) > > new.fullfilename = new_path > > @@ -146,8 +148,18 @@ class SWUGenerator: > > > > self.save_swdescription(os.path.join(self.temp.name, sw.filename), > swdesc) > > > > - if self.signtool: > > - sw_desc_in = os.path.join(self.temp.name, sw.filename) > > + # Encrypt sw-description if required > > + if self.aeskey and self.encryptswdesc: > > + iv = self.aesiv > > + sw_desc_plain = os.path.join(self.temp.name, 'sw-description.plain') > > + sw_desc_enc = os.path.join(self.temp.name, 'sw-description.enc') > > + shutil.copyfile(sw.fullfilename, sw_desc_plain) > > + sw.encrypt(sw_desc_enc, self.aeskey, iv) > > + shutil.copyfile(sw_desc_enc, sw.fullfilename) > > + > > Do we still need both "plain" and "enc" after encryption ? What about to > have just "sw-description", and the code for signing remains untouched ? > I think that at this point, sw-description was completely processed and > we just need to save it and we do not need to have both (plain and > encrypted). > > > + if self.signtool: > > + sw_desc_in = os.path.join(self.temp.name, 'sw-description.plain' > > + if self.aeskey and self.encryptswdesc else 'sw-description') > > sw_desc_out = os.path.join(self.temp.name, 'sw-description.sig') > > self.signtool.prepare_cmd(sw_desc_in, sw_desc_out) > > self.signtool.sign() > > diff --git a/swugenerator/main.py b/swugenerator/main.py > > index 318e333..f6173ff 100644 > > --- a/swugenerator/main.py > > +++ b/swugenerator/main.py > > @@ -78,6 +78,15 @@ def main() -> None: > > help="sw-description template", > > ) > > > > + parser.add_argument( > > + "-t", > > + "--encrypt-swdesc", > > + action='store_const', > > + const=True, > > + default=False, > > + help="Encrypt sw-description", > > + ) > > + > > parser.add_argument( > > "-a", > > "--artifactory", > > @@ -172,6 +181,7 @@ def main() -> None: > > artidirs, > > sign_option, > > key, iv, > > + args.encrypt_swdesc, > > args.no_compress) > > swu.process() > > swu.close() > > Regards, > Stefano > > -- > ===================================================================== > DENX Software Engineering GmbH, Managing Director: Wolfgang Denk > HRB 165235 Munich, Office: Kirchenstr.5, 82194 Groebenzell, Germany > Phone: +49-8142-66989-53 <+49%208142%206698953> Fax: +49-8142-66989-80 > <+49%208142%206698980> Email: sba...@denx.de > ===================================================================== >
On 08.08.22 14:11, 'ayoub...@googlemail.com' via swupdate wrote: > Hallo Stefano, > > I don't get your point ? > > after the encryption "sw-description" file is encrypted and we need to > the sign the plain one. > Sorry for noise, you're right ! Best regards, Stefano > > > > > > On Friday, August 5, 2022 at 11:00:06 AM UTC+2 Stefano Babic wrote: > > Hallo Ayoub, > > On 22.07.22 14:31, Ayoub Zaki wrote: > > Signed-off-by: Ayoub Zaki <ayoub...@embexus.com> > > --- > > swugenerator/generator.py | 20 ++++++++++++++++---- > > swugenerator/main.py | 10 ++++++++++ > > 2 files changed, 26 insertions(+), 4 deletions(-) > > > > diff --git a/swugenerator/generator.py b/swugenerator/generator.py > > index c6b55e8..3f03b1d 100644 > > --- a/swugenerator/generator.py > > +++ b/swugenerator/generator.py > > @@ -3,6 +3,7 @@ > > # SPDX-License-Identifier: GPLv3 > > import logging > > import os > > +import shutil > > import re > > import codecs > > import libconf > > @@ -15,7 +16,7 @@ from swugenerator.artifact import Artifact > > > > > > class SWUGenerator: > > - def __init__(self, template, out, confvars, dirs, crypt, > aeskey, firstiv, no_compress=False): > > + def __init__(self, template, out, confvars, dirs, crypt, > aeskey, firstiv, encrypt_swdesc=False, no_compress=False): > > self.swdescription = template > > self.artifacts = [] > > self.out = open(out, 'wb') > > @@ -29,6 +30,7 @@ class SWUGenerator: > > self.signtool = crypt > > self.aeskey = aeskey > > self.aesiv = firstiv > > + self.encryptswdesc = encrypt_swdesc > > self.nocompress = no_compress > > > > @staticmethod > > @@ -61,7 +63,7 @@ class SWUGenerator: > > > > # Encrypt if required > > if 'encrypted' in entry and self.aeskey: > > - iv = self.generate_iv() > > + iv = self.aesiv > > new_path = os.path.join(self.temp.name <http://self.temp.name>, > entry['filename']) > > new.encrypt(new_path, self.aeskey, iv) > > new.fullfilename = new_path > > @@ -146,8 +148,18 @@ class SWUGenerator: > > > > self.save_swdescription(os.path.join(self.temp.name > <http://self.temp.name>, sw.filename), swdesc) > > > > - if self.signtool: > > - sw_desc_in = os.path.join(self.temp.name > <http://self.temp.name>, sw.filename) > > + # Encrypt sw-description if required > > + if self.aeskey and self.encryptswdesc: > > + iv = self.aesiv > > + sw_desc_plain = os.path.join(self.temp.name > <http://self.temp.name>, 'sw-description.plain') > > + sw_desc_enc = os.path.join(self.temp.name > <http://self.temp.name>, 'sw-description.enc') > > + shutil.copyfile(sw.fullfilename, sw_desc_plain) > > + sw.encrypt(sw_desc_enc, self.aeskey, iv) > > + shutil.copyfile(sw_desc_enc, sw.fullfilename) > > + > > Do we still need both "plain" and "enc" after encryption ? What > about to > have just "sw-description", and the code for signing remains > untouched ? > I think that at this point, sw-description was completely processed and > we just need to save it and we do not need to have both (plain and > encrypted). > > > + if self.signtool: > > + sw_desc_in = os.path.join(self.temp.name > <http://self.temp.name>, 'sw-description.plain' > > + if self.aeskey and self.encryptswdesc else 'sw-description') > > sw_desc_out = os.path.join(self.temp.name > <http://self.temp.name>, 'sw-description.sig') > > self.signtool.prepare_cmd(sw_desc_in, sw_desc_out) > > self.signtool.sign() > > diff --git a/swugenerator/main.py b/swugenerator/main.py > > index 318e333..f6173ff 100644 > > --- a/swugenerator/main.py > > +++ b/swugenerator/main.py > > @@ -78,6 +78,15 @@ def main() -> None: > > help="sw-description template", > > ) > > > > + parser.add_argument( > > + "-t", > > + "--encrypt-swdesc", > > + action='store_const', > > + const=True, > > + default=False, > > + help="Encrypt sw-description", > > + ) > > + > > parser.add_argument( > > "-a", > > "--artifactory", > > @@ -172,6 +181,7 @@ def main() -> None: > > artidirs, > > sign_option, > > key, iv, > > + args.encrypt_swdesc, > > args.no_compress) > > swu.process() > > swu.close() > > Regards, > Stefano > > -- > ===================================================================== > DENX Software Engineering GmbH, Managing Director: Wolfgang Denk > HRB 165235 Munich, Office: Kirchenstr.5, 82194 Groebenzell, Germany > Phone: +49-8142-66989-53 <tel:+49%208142%206698953> Fax: > +49-8142-66989-80 <tel:+49%208142%206698980> Email: sba...@denx.de > ===================================================================== > > -- > You received this message because you are subscribed to the Google > Groups "swupdate" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to swupdate+unsubscribe@googlegroups.com > <mailto:swupdate+unsubscribe@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/swupdate/020f13ad-8b87-48c7-9f05-653683af0f9fn%40googlegroups.com > <https://groups.google.com/d/msgid/swupdate/020f13ad-8b87-48c7-9f05-653683af0f9fn%40googlegroups.com?utm_medium=email&utm_source=footer>.
diff --git a/swugenerator/generator.py b/swugenerator/generator.py index c6b55e8..3f03b1d 100644 --- a/swugenerator/generator.py +++ b/swugenerator/generator.py @@ -3,6 +3,7 @@ # SPDX-License-Identifier: GPLv3 import logging import os +import shutil import re import codecs import libconf @@ -15,7 +16,7 @@ from swugenerator.artifact import Artifact class SWUGenerator: - def __init__(self, template, out, confvars, dirs, crypt, aeskey, firstiv, no_compress=False): + def __init__(self, template, out, confvars, dirs, crypt, aeskey, firstiv, encrypt_swdesc=False, no_compress=False): self.swdescription = template self.artifacts = [] self.out = open(out, 'wb') @@ -29,6 +30,7 @@ class SWUGenerator: self.signtool = crypt self.aeskey = aeskey self.aesiv = firstiv + self.encryptswdesc = encrypt_swdesc self.nocompress = no_compress @staticmethod @@ -61,7 +63,7 @@ class SWUGenerator: # Encrypt if required if 'encrypted' in entry and self.aeskey: - iv = self.generate_iv() + iv = self.aesiv new_path = os.path.join(self.temp.name, entry['filename']) new.encrypt(new_path, self.aeskey, iv) new.fullfilename = new_path @@ -146,8 +148,18 @@ class SWUGenerator: self.save_swdescription(os.path.join(self.temp.name, sw.filename), swdesc) - if self.signtool: - sw_desc_in = os.path.join(self.temp.name, sw.filename) + # Encrypt sw-description if required + if self.aeskey and self.encryptswdesc: + iv = self.aesiv + sw_desc_plain = os.path.join(self.temp.name, 'sw-description.plain') + sw_desc_enc = os.path.join(self.temp.name, 'sw-description.enc') + shutil.copyfile(sw.fullfilename, sw_desc_plain) + sw.encrypt(sw_desc_enc, self.aeskey, iv) + shutil.copyfile(sw_desc_enc, sw.fullfilename) + + if self.signtool: + sw_desc_in = os.path.join(self.temp.name, 'sw-description.plain' + if self.aeskey and self.encryptswdesc else 'sw-description') sw_desc_out = os.path.join(self.temp.name, 'sw-description.sig') self.signtool.prepare_cmd(sw_desc_in, sw_desc_out) self.signtool.sign() diff --git a/swugenerator/main.py b/swugenerator/main.py index 318e333..f6173ff 100644 --- a/swugenerator/main.py +++ b/swugenerator/main.py @@ -78,6 +78,15 @@ def main() -> None: help="sw-description template", ) + parser.add_argument( + "-t", + "--encrypt-swdesc", + action='store_const', + const=True, + default=False, + help="Encrypt sw-description", + ) + parser.add_argument( "-a", "--artifactory", @@ -172,6 +181,7 @@ def main() -> None: artidirs, sign_option, key, iv, + args.encrypt_swdesc, args.no_compress) swu.process() swu.close()
Signed-off-by: Ayoub Zaki <ayoub.zaki@embexus.com> --- swugenerator/generator.py | 20 ++++++++++++++++---- swugenerator/main.py | 10 ++++++++++ 2 files changed, 26 insertions(+), 4 deletions(-)