1#! /usr/bin/env python3 2# 3# Copyright 2017-2020 Linaro Limited 4# Copyright 2019-2023 Arm Limited 5# 6# SPDX-License-Identifier: Apache-2.0 7# 8# Licensed under the Apache License, Version 2.0 (the "License"); 9# you may not use this file except in compliance with the License. 10# You may obtain a copy of the License at 11# 12# http://www.apache.org/licenses/LICENSE-2.0 13# 14# Unless required by applicable law or agreed to in writing, software 15# distributed under the License is distributed on an "AS IS" BASIS, 16# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17# See the License for the specific language governing permissions and 18# limitations under the License. 19 20import re 21import click 22import getpass 23import imgtool.keys as keys 24import sys 25import base64 26from imgtool import image, imgtool_version 27from imgtool.version import decode_version 28from imgtool.dumpinfo import dump_imginfo 29from .keys import ( 30 RSAUsageError, ECDSAUsageError, Ed25519UsageError, X25519UsageError) 31 32MIN_PYTHON_VERSION = (3, 6) 33if sys.version_info < MIN_PYTHON_VERSION: 34 sys.exit("Python %s.%s or newer is required by imgtool." 35 % MIN_PYTHON_VERSION) 36 37 38def gen_rsa2048(keyfile, passwd): 39 keys.RSA.generate().export_private(path=keyfile, passwd=passwd) 40 41 42def gen_rsa3072(keyfile, passwd): 43 keys.RSA.generate(key_size=3072).export_private(path=keyfile, 44 passwd=passwd) 45 46 47def gen_ecdsa_p256(keyfile, passwd): 48 keys.ECDSA256P1.generate().export_private(keyfile, passwd=passwd) 49 50 51def gen_ecdsa_p384(keyfile, passwd): 52 keys.ECDSA384P1.generate().export_private(keyfile, passwd=passwd) 53 54 55def gen_ed25519(keyfile, passwd): 56 keys.Ed25519.generate().export_private(path=keyfile, passwd=passwd) 57 58 59def gen_x25519(keyfile, passwd): 60 keys.X25519.generate().export_private(path=keyfile, passwd=passwd) 61 62 63valid_langs = ['c', 'rust'] 64valid_hash_encodings = ['lang-c', 'raw'] 65valid_encodings = ['lang-c', 'lang-rust', 'pem', 'raw'] 66keygens = { 67 'rsa-2048': gen_rsa2048, 68 'rsa-3072': gen_rsa3072, 69 'ecdsa-p256': gen_ecdsa_p256, 70 'ecdsa-p384': gen_ecdsa_p384, 71 'ed25519': gen_ed25519, 72 'x25519': gen_x25519, 73} 74valid_formats = ['openssl', 'pkcs8'] 75 76 77def load_signature(sigfile): 78 with open(sigfile, 'rb') as f: 79 signature = base64.b64decode(f.read()) 80 return signature 81 82 83def save_signature(sigfile, sig): 84 with open(sigfile, 'wb') as f: 85 signature = base64.b64encode(sig) 86 f.write(signature) 87 88 89def load_key(keyfile): 90 # TODO: better handling of invalid pass-phrase 91 key = keys.load(keyfile) 92 if key is not None: 93 return key 94 passwd = getpass.getpass("Enter key passphrase: ").encode('utf-8') 95 return keys.load(keyfile, passwd) 96 97 98def get_password(): 99 while True: 100 passwd = getpass.getpass("Enter key passphrase: ") 101 passwd2 = getpass.getpass("Reenter passphrase: ") 102 if passwd == passwd2: 103 break 104 print("Passwords do not match, try again") 105 106 # Password must be bytes, always use UTF-8 for consistent 107 # encoding. 108 return passwd.encode('utf-8') 109 110 111@click.option('-p', '--password', is_flag=True, 112 help='Prompt for password to protect key') 113@click.option('-t', '--type', metavar='type', required=True, 114 type=click.Choice(keygens.keys()), prompt=True, 115 help='{}'.format('One of: {}'.format(', '.join(keygens.keys())))) 116@click.option('-k', '--key', metavar='filename', required=True) 117@click.command(help='Generate pub/private keypair') 118def keygen(type, key, password): 119 password = get_password() if password else None 120 keygens[type](key, password) 121 122 123@click.option('-l', '--lang', metavar='lang', 124 type=click.Choice(valid_langs), 125 help='This option is deprecated. Please use the ' 126 '`--encoding` option. ' 127 'Valid langs: {}'.format(', '.join(valid_langs))) 128@click.option('-e', '--encoding', metavar='encoding', 129 type=click.Choice(valid_encodings), 130 help='Valid encodings: {}'.format(', '.join(valid_encodings))) 131@click.option('-k', '--key', metavar='filename', required=True) 132@click.option('-o', '--output', metavar='output', required=False, 133 help='Specify the output file\'s name. \ 134 The stdout is used if it is not provided.') 135@click.command(help='Dump public key from keypair') 136def getpub(key, encoding, lang, output): 137 if encoding and lang: 138 raise click.UsageError('Please use only one of `--encoding/-e` ' 139 'or `--lang/-l`') 140 elif not encoding and not lang: 141 # Preserve old behavior defaulting to `c`. If `lang` is removed, 142 # `default=valid_encodings[0]` should be added to `-e` param. 143 lang = valid_langs[0] 144 key = load_key(key) 145 146 if not output: 147 output = sys.stdout 148 if key is None: 149 print("Invalid passphrase") 150 elif lang == 'c' or encoding == 'lang-c': 151 key.emit_c_public(file=output) 152 elif lang == 'rust' or encoding == 'lang-rust': 153 key.emit_rust_public(file=output) 154 elif encoding == 'pem': 155 key.emit_public_pem(file=output) 156 elif encoding == 'raw': 157 key.emit_raw_public(file=output) 158 else: 159 raise click.UsageError() 160 161 162@click.option('-e', '--encoding', metavar='encoding', 163 type=click.Choice(valid_hash_encodings), 164 help='Valid encodings: {}. ' 165 'Default value is {}.' 166 .format(', '.join(valid_hash_encodings), 167 valid_hash_encodings[0])) 168@click.option('-k', '--key', metavar='filename', required=True) 169@click.option('-o', '--output', metavar='output', required=False, 170 help='Specify the output file\'s name. \ 171 The stdout is used if it is not provided.') 172@click.command(help='Dump the SHA256 hash of the public key') 173def getpubhash(key, output, encoding): 174 if not encoding: 175 encoding = valid_hash_encodings[0] 176 key = load_key(key) 177 178 if not output: 179 output = sys.stdout 180 if key is None: 181 print("Invalid passphrase") 182 elif encoding == 'lang-c': 183 key.emit_c_public_hash(file=output) 184 elif encoding == 'raw': 185 key.emit_raw_public_hash(file=output) 186 else: 187 raise click.UsageError() 188 189 190@click.option('--minimal', default=False, is_flag=True, 191 help='Reduce the size of the dumped private key to include only ' 192 'the minimum amount of data required to decrypt. This ' 193 'might require changes to the build config. Check the docs!' 194 ) 195@click.option('-k', '--key', metavar='filename', required=True) 196@click.option('-f', '--format', 197 type=click.Choice(valid_formats), 198 help='Valid formats: {}'.format(', '.join(valid_formats)) 199 ) 200@click.command(help='Dump private key from keypair') 201def getpriv(key, minimal, format): 202 key = load_key(key) 203 if key is None: 204 print("Invalid passphrase") 205 try: 206 key.emit_private(minimal, format) 207 except (RSAUsageError, ECDSAUsageError, Ed25519UsageError, 208 X25519UsageError) as e: 209 raise click.UsageError(e) 210 211 212@click.argument('imgfile') 213@click.option('-k', '--key', metavar='filename') 214@click.command(help="Check that signed image can be verified by given key") 215def verify(key, imgfile): 216 key = load_key(key) if key else None 217 ret, version, digest = image.Image.verify(imgfile, key) 218 if ret == image.VerifyResult.OK: 219 print("Image was correctly validated") 220 print("Image version: {}.{}.{}+{}".format(*version)) 221 print("Image digest: {}".format(digest.hex())) 222 return 223 elif ret == image.VerifyResult.INVALID_MAGIC: 224 print("Invalid image magic; is this an MCUboot image?") 225 elif ret == image.VerifyResult.INVALID_TLV_INFO_MAGIC: 226 print("Invalid TLV info magic; is this an MCUboot image?") 227 elif ret == image.VerifyResult.INVALID_HASH: 228 print("Image has an invalid hash") 229 elif ret == image.VerifyResult.INVALID_SIGNATURE: 230 print("No signature found for the given key") 231 elif ret == image.VerifyResult.KEY_MISMATCH: 232 print("Key type does not match TLV record") 233 else: 234 print("Unknown return code: {}".format(ret)) 235 sys.exit(1) 236 237 238@click.argument('imgfile') 239@click.option('-o', '--outfile', metavar='filename', required=False, 240 help='Save image information to outfile in YAML format') 241@click.option('-s', '--silent', default=False, is_flag=True, 242 help='Do not print image information to output') 243@click.command(help='Print header, TLV area and trailer information ' 244 'of a signed image') 245def dumpinfo(imgfile, outfile, silent): 246 dump_imginfo(imgfile, outfile, silent) 247 print("dumpinfo has run successfully") 248 249 250def validate_version(ctx, param, value): 251 try: 252 decode_version(value) 253 return value 254 except ValueError as e: 255 raise click.BadParameter("{}".format(e)) 256 257 258def validate_security_counter(ctx, param, value): 259 if value is not None: 260 if value.lower() == 'auto': 261 return 'auto' 262 else: 263 try: 264 return int(value, 0) 265 except ValueError: 266 raise click.BadParameter( 267 "{} is not a valid integer. Please use code literals " 268 "prefixed with 0b/0B, 0o/0O, or 0x/0X as necessary." 269 .format(value)) 270 271 272def validate_header_size(ctx, param, value): 273 min_hdr_size = image.IMAGE_HEADER_SIZE 274 if value < min_hdr_size: 275 raise click.BadParameter( 276 "Minimum value for -H/--header-size is {}".format(min_hdr_size)) 277 return value 278 279 280def get_dependencies(ctx, param, value): 281 if value is not None: 282 versions = [] 283 images = re.findall(r"\((\d+)", value) 284 if len(images) == 0: 285 raise click.BadParameter( 286 "Image dependency format is invalid: {}".format(value)) 287 raw_versions = re.findall(r",\s*([0-9.+]+)\)", value) 288 if len(images) != len(raw_versions): 289 raise click.BadParameter( 290 '''There's a mismatch between the number of dependency images 291 and versions in: {}'''.format(value)) 292 for raw_version in raw_versions: 293 try: 294 versions.append(decode_version(raw_version)) 295 except ValueError as e: 296 raise click.BadParameter("{}".format(e)) 297 dependencies = dict() 298 dependencies[image.DEP_IMAGES_KEY] = images 299 dependencies[image.DEP_VERSIONS_KEY] = versions 300 return dependencies 301 302 303class BasedIntParamType(click.ParamType): 304 name = 'integer' 305 306 def convert(self, value, param, ctx): 307 try: 308 return int(value, 0) 309 except ValueError: 310 self.fail('%s is not a valid integer. Please use code literals ' 311 'prefixed with 0b/0B, 0o/0O, or 0x/0X as necessary.' 312 % value, param, ctx) 313 314 315@click.argument('outfile') 316@click.argument('infile') 317@click.option('--custom-tlv', required=False, nargs=2, default=[], 318 multiple=True, metavar='[tag] [value]', 319 help='Custom TLV that will be placed into protected area. ' 320 'Add "0x" prefix if the value should be interpreted as an ' 321 'integer, otherwise it will be interpreted as a string. ' 322 'Specify the option multiple times to add multiple TLVs.') 323@click.option('-R', '--erased-val', type=click.Choice(['0', '0xff']), 324 required=False, 325 help='The value that is read back from erased flash.') 326@click.option('-x', '--hex-addr', type=BasedIntParamType(), required=False, 327 help='Adjust address in hex output file.') 328@click.option('-L', '--load-addr', type=BasedIntParamType(), required=False, 329 help='Load address for image when it should run from RAM.') 330@click.option('-F', '--rom-fixed', type=BasedIntParamType(), required=False, 331 help='Set flash address the image is built for.') 332@click.option('--save-enctlv', default=False, is_flag=True, 333 help='When upgrading, save encrypted key TLVs instead of plain ' 334 'keys. Enable when BOOT_SWAP_SAVE_ENCTLV config option ' 335 'was set.') 336@click.option('-E', '--encrypt', metavar='filename', 337 help='Encrypt image using the provided public key. ' 338 '(Not supported in direct-xip or ram-load mode.)') 339@click.option('--encrypt-keylen', default='128', 340 type=click.Choice(['128', '256']), 341 help='When encrypting the image using AES, select a 128 bit or ' 342 '256 bit key len.') 343@click.option('-c', '--clear', required=False, is_flag=True, default=False, 344 help='Output a non-encrypted image with encryption capabilities,' 345 'so it can be installed in the primary slot, and encrypted ' 346 'when swapped to the secondary.') 347@click.option('-e', '--endian', type=click.Choice(['little', 'big']), 348 default='little', help="Select little or big endian") 349@click.option('--overwrite-only', default=False, is_flag=True, 350 help='Use overwrite-only instead of swap upgrades') 351@click.option('--boot-record', metavar='sw_type', help='Create CBOR encoded ' 352 'boot record TLV. The sw_type represents the role of the ' 353 'software component (e.g. CoFM for coprocessor firmware). ' 354 '[max. 12 characters]') 355@click.option('-M', '--max-sectors', type=int, 356 help='When padding allow for this amount of sectors (defaults ' 357 'to 128)') 358@click.option('--confirm', default=False, is_flag=True, 359 help='When padding the image, mark it as confirmed (implies ' 360 '--pad)') 361@click.option('--pad', default=False, is_flag=True, 362 help='Pad image to --slot-size bytes, adding trailer magic') 363@click.option('-S', '--slot-size', type=BasedIntParamType(), required=True, 364 help='Size of the slot. If the slots have different sizes, use ' 365 'the size of the secondary slot.') 366@click.option('--pad-header', default=False, is_flag=True, 367 help='Add --header-size zeroed bytes at the beginning of the ' 368 'image') 369@click.option('-H', '--header-size', callback=validate_header_size, 370 type=BasedIntParamType(), required=True) 371@click.option('--pad-sig', default=False, is_flag=True, 372 help='Add 0-2 bytes of padding to ECDSA signature ' 373 '(for mcuboot <1.5)') 374@click.option('-d', '--dependencies', callback=get_dependencies, 375 required=False, help='''Add dependence on another image, format: 376 "(<image_ID>,<image_version>), ... "''') 377@click.option('-s', '--security-counter', callback=validate_security_counter, 378 help='Specify the value of security counter. Use the `auto` ' 379 'keyword to automatically generate it from the image version.') 380@click.option('-v', '--version', callback=validate_version, required=True) 381@click.option('--align', type=click.Choice(['1', '2', '4', '8', '16', '32']), 382 default='1', 383 required=False, 384 help='Alignment used by swap update modes.') 385@click.option('--max-align', type=click.Choice(['8', '16', '32']), 386 required=False, 387 help='Maximum flash alignment. Set if flash alignment of the ' 388 'primary and secondary slot differ and any of them is larger ' 389 'than 8.') 390@click.option('--public-key-format', type=click.Choice(['hash', 'full']), 391 default='hash', help='In what format to add the public key to ' 392 'the image manifest: full key or hash of the key.') 393@click.option('-k', '--key', metavar='filename') 394@click.option('--fix-sig', metavar='filename', 395 help='fixed signature for the image. It will be used instead of ' 396 'the signature calculated using the public key') 397@click.option('--fix-sig-pubkey', metavar='filename', 398 help='public key relevant to fixed signature') 399@click.option('--sig-out', metavar='filename', 400 help='Path to the file to which signature will be written. ' 401 'The image signature will be encoded as base64 formatted string') 402@click.option('--vector-to-sign', type=click.Choice(['payload', 'digest']), 403 help='send to OUTFILE the payload or payload''s digest instead ' 404 'of complied image. These data can be used for external image ' 405 'signing') 406@click.command(help='''Create a signed or unsigned image\n 407 INFILE and OUTFILE are parsed as Intel HEX if the params have 408 .hex extension, otherwise binary format is used''') 409def sign(key, public_key_format, align, version, pad_sig, header_size, 410 pad_header, slot_size, pad, confirm, max_sectors, overwrite_only, 411 endian, encrypt_keylen, encrypt, infile, outfile, dependencies, 412 load_addr, hex_addr, erased_val, save_enctlv, security_counter, 413 boot_record, custom_tlv, rom_fixed, max_align, clear, fix_sig, 414 fix_sig_pubkey, sig_out, vector_to_sign): 415 416 if confirm: 417 # Confirmed but non-padded images don't make much sense, because 418 # otherwise there's no trailer area for writing the confirmed status. 419 pad = True 420 img = image.Image(version=decode_version(version), header_size=header_size, 421 pad_header=pad_header, pad=pad, confirm=confirm, 422 align=int(align), slot_size=slot_size, 423 max_sectors=max_sectors, overwrite_only=overwrite_only, 424 endian=endian, load_addr=load_addr, rom_fixed=rom_fixed, 425 erased_val=erased_val, save_enctlv=save_enctlv, 426 security_counter=security_counter, max_align=max_align) 427 img.load(infile) 428 key = load_key(key) if key else None 429 enckey = load_key(encrypt) if encrypt else None 430 if enckey and key: 431 if ((isinstance(key, keys.ECDSA256P1) and 432 not isinstance(enckey, keys.ECDSA256P1Public)) 433 or (isinstance(key, keys.ECDSA384P1) and 434 not isinstance(enckey, keys.ECDSA384P1Public)) 435 or (isinstance(key, keys.RSA) and 436 not isinstance(enckey, keys.RSAPublic))): 437 # FIXME 438 raise click.UsageError("Signing and encryption must use the same " 439 "type of key") 440 441 if pad_sig and hasattr(key, 'pad_sig'): 442 key.pad_sig = True 443 444 # Get list of custom protected TLVs from the command-line 445 custom_tlvs = {} 446 for tlv in custom_tlv: 447 tag = int(tlv[0], 0) 448 if tag in custom_tlvs: 449 raise click.UsageError('Custom TLV %s already exists.' % hex(tag)) 450 if tag in image.TLV_VALUES.values(): 451 raise click.UsageError( 452 'Custom TLV %s conflicts with predefined TLV.' % hex(tag)) 453 454 value = tlv[1] 455 if value.startswith('0x'): 456 if len(value[2:]) % 2: 457 raise click.UsageError('Custom TLV length is odd.') 458 custom_tlvs[tag] = bytes.fromhex(value[2:]) 459 else: 460 custom_tlvs[tag] = value.encode('utf-8') 461 462 # Allow signature calculated externally. 463 raw_signature = load_signature(fix_sig) if fix_sig else None 464 465 baked_signature = None 466 pub_key = None 467 468 if raw_signature is not None: 469 if fix_sig_pubkey is None: 470 raise click.UsageError( 471 'public key of the fixed signature is not specified') 472 473 pub_key = load_key(fix_sig_pubkey) 474 475 baked_signature = { 476 'value': raw_signature 477 } 478 479 img.create(key, public_key_format, enckey, dependencies, boot_record, 480 custom_tlvs, int(encrypt_keylen), clear, baked_signature, 481 pub_key, vector_to_sign) 482 img.save(outfile, hex_addr) 483 484 if sig_out is not None: 485 new_signature = img.get_signature() 486 save_signature(sig_out, new_signature) 487 488 489class AliasesGroup(click.Group): 490 491 _aliases = { 492 "create": "sign", 493 } 494 495 def list_commands(self, ctx): 496 cmds = [k for k in self.commands] 497 aliases = [k for k in self._aliases] 498 return sorted(cmds + aliases) 499 500 def get_command(self, ctx, cmd_name): 501 rv = click.Group.get_command(self, ctx, cmd_name) 502 if rv is not None: 503 return rv 504 if cmd_name in self._aliases: 505 return click.Group.get_command(self, ctx, self._aliases[cmd_name]) 506 return None 507 508 509@click.command(help='Print imgtool version information') 510def version(): 511 print(imgtool_version) 512 513 514@click.command(cls=AliasesGroup, 515 context_settings=dict(help_option_names=['-h', '--help'])) 516def imgtool(): 517 pass 518 519 520imgtool.add_command(keygen) 521imgtool.add_command(getpub) 522imgtool.add_command(getpubhash) 523imgtool.add_command(getpriv) 524imgtool.add_command(verify) 525imgtool.add_command(sign) 526imgtool.add_command(version) 527imgtool.add_command(dumpinfo) 528 529 530if __name__ == '__main__': 531 imgtool() 532
