Lines Matching refs:args
95 def digest_secure_bootloader(args): argument
99 _check_output_is_not_input(args.keyfile, args.output)
100 _check_output_is_not_input(args.image, args.output)
101 _check_output_is_not_input(args.iv, args.output)
102 if args.iv is not None:
104 iv = args.iv.read(128)
107 plaintext_image = args.image.read()
108 args.image.seek(0)
112 fw_image = esptool.bin_image.ESP32FirmwareImage(args.image)
132 key = _load_hardware_key(args.keyfile)
148 if args.output is None:
149 args.output = os.path.splitext(args.image.name)[0] + "-digest-0x0000.bin"
150 with open(args.output, "wb") as f:
157 print("digest+image written to %s" % args.output)
166 def generate_signing_key(args): argument
167 if os.path.exists(args.keyfile):
168 raise esptool.FatalError("ERROR: Key file %s already exists" % args.keyfile)
169 if args.version == "1":
170 if hasattr(args, "scheme"):
171 if args.scheme != "ecdsa256" and args.scheme is not None:
176 _generate_ecdsa_signing_key(ecdsa.NIST256p, args.keyfile)
177 print("ECDSA NIST256p private key in PEM format written to %s" % args.keyfile)
178 elif args.version == "2":
179 if args.scheme == "rsa3072" or args.scheme is None:
188 with open(args.keyfile, "wb") as f:
191 elif args.scheme == "ecdsa192":
193 _generate_ecdsa_signing_key(ecdsa.NIST192p, args.keyfile)
195 elif args.scheme == "ecdsa256":
197 _generate_ecdsa_signing_key(ecdsa.NIST256p, args.keyfile)
199 elif args.scheme == "ecdsa384":
201 _generate_ecdsa_signing_key(ecdsa.NIST384p, args.keyfile)
344 def sign_data(args): argument
345 if args.keyfile:
346 _check_output_is_not_input(args.keyfile, args.output)
347 _check_output_is_not_input(args.datafile, args.output)
348 if args.version == "1":
349 return sign_secure_boot_v1(args)
350 elif args.version == "2":
351 return sign_secure_boot_v2(args)
354 def sign_secure_boot_v1(args): argument
358 binary_content = args.datafile.read()
360 if args.hsm:
366 if args.signature:
368 if len(args.pub_key) > 1:
370 signature = args.signature[0].read()
372 vk = _load_ecdsa_verifying_key(args.pub_key[0])
374 if len(args.keyfile) > 1:
376 sk = _load_ecdsa_signing_key(args.keyfile[0])
385 if args.output is None or os.path.abspath(args.output) == os.path.abspath(
386 args.datafile.name
388 args.datafile.close()
389 outfile = open(args.datafile.name, "ab")
391 outfile = open(args.output, "wb")
398 print("Signed %d bytes of data from %s" % (len(binary_content), args.datafile.name))
401 def sign_secure_boot_v2(args): argument
409 contents = args.datafile.read()
413 signature = args.signature
414 pub_key = args.pub_key
417 if args.signature:
431 elif args.append_signatures:
464 if args.hsm:
465 if args.hsm_config is None:
472 config = hsm.read_hsm_config(args.hsm_config)
488 key_count = len(args.keyfile)
507 args.keyfile, contents
532 if args.output is None:
533 args.datafile.close()
534 args.output = args.datafile.name
535 with open(args.output, "wb") as f:
753 def verify_signature(args): argument
754 if args.version == "1":
755 return verify_signature_v1(args)
756 elif args.version == "2":
757 return verify_signature_v2(args)
760 def verify_signature_v1(args): argument
762 key_data = args.keyfile.read()
782 binary_content = args.datafile.read()
825 def verify_signature_v2(args): argument
828 keyfile = args.keyfile
829 if args.hsm:
830 if args.hsm_config is None:
837 config = hsm.read_hsm_config(args.hsm_config)
850 image_content = args.datafile.read()
940 def extract_public_key(args): argument
941 _check_output_is_not_input(args.keyfile, args.public_keyfile)
942 if args.version == "1":
947 sk = _load_ecdsa_signing_key(args.keyfile)
949 args.public_keyfile.write(vk.to_string())
950 elif args.version == "2":
955 sk = _load_sbv2_signing_key(args.keyfile.read())
960 args.public_keyfile.write(vk)
962 "%s public key extracted to %s" % (args.keyfile.name, args.public_keyfile.name)
997 def signature_info_v2(args): argument
1004 image_content = args.datafile.read()
1103 def digest_sbv2_public_key(args): argument
1104 _check_output_is_not_input(args.keyfile, args.output)
1105 public_key_digest = _digest_sbv2_public_key(args.keyfile)
1106 with open(args.output, "wb") as f:
1109 % (args.keyfile.name, args.output)
1114 def digest_rsa_public_key(args): argument
1116 digest_sbv2_public_key(args)
1119 def digest_private_key(args): argument
1120 _check_output_is_not_input(args.keyfile, args.digest_file)
1121 sk = _load_ecdsa_signing_key(args.keyfile)
1126 if args.keylen == 192:
1128 args.digest_file.write(result)
1132 args.keyfile.name,
1133 "" if args.keylen == 256 else " (truncated to 192 bits)",
1134 args.digest_file.name,
1228 def generate_flash_encryption_key(args): argument
1229 print("Writing %d random bits to key file %s" % (args.keylen, args.key_file.name))
1230 args.key_file.write(os.urandom(args.keylen // 8))
1398 def decrypt_flash_data(args): argument
1399 _check_output_is_not_input(args.keyfile, args.output)
1400 _check_output_is_not_input(args.encrypted_file, args.output)
1401 if args.aes_xts:
1403 args.output, args.encrypted_file, args.address, args.keyfile, True
1407 args.output,
1408 args.encrypted_file,
1409 args.address,
1410 args.keyfile,
1411 args.flash_crypt_conf,
1416 def encrypt_flash_data(args): argument
1417 _check_output_is_not_input(args.keyfile, args.output)
1418 _check_output_is_not_input(args.plaintext_file, args.output)
1419 if args.aes_xts:
1421 args.output, args.plaintext_file, args.address, args.keyfile, False
1425 args.output,
1426 args.plaintext_file,
1427 args.address,
1428 args.keyfile,
1429 args.flash_crypt_conf,
1879 args = parser.parse_args(custom_commandline)
1881 if args.operation is None:
1887 operation_func = globals()[args.operation]
1888 operation_func(args)
1890 for arg_name in vars(args):
1891 obj = getattr(args, arg_name)
1907 if [arg for arg in e.args if "Could not deserialize key data." in arg]: