From 96631b362fc12b546cb096d763981c7128bf0230 Mon Sep 17 00:00:00 2001
From: "r.tyminski" <r.tyminski@partner.samsung.com>
Date: Wed, 14 Jun 2017 10:31:43 +0200
Subject: Added packaging and necessary changes for gbs compilation.

Packaging for optee-os binary and optee-os TA devkit.
Modify pem_to_pub_c.py and sign.py script to use openssl
if pycrypto is not available.
Allow to disable Terminal User Interface (TUI) from compilation.
Compile 32-bit TA devkit with CFG_WITH_VFP=n. GBS compile with softfp.

Change-Id: If3ad89d8871c1a8f7f1a519b07941316acdbdd14
---
 scripts/pem_to_pub_c.py |  41 +++++++++++++++---
 scripts/sign.py         | 113 ++++++++++++++++++++++++++++++++++--------------
 2 files changed, 115 insertions(+), 39 deletions(-)

(limited to 'scripts')

diff --git a/scripts/pem_to_pub_c.py b/scripts/pem_to_pub_c.py
index 47c004d..92f4b81 100755
--- a/scripts/pem_to_pub_c.py
+++ b/scripts/pem_to_pub_c.py
@@ -26,6 +26,33 @@
 # POSSIBILITY OF SUCH DAMAGE.
 #
 
+from collections import namedtuple
+PublicKey = namedtuple("PublicKey", "e n")
+
+def importKey_crypto(pem_key_file):
+	try:
+		module = __import__("Crypto.PublicKey.RSA")
+		f = open(pem_key_file, 'r')
+		key = module.PublicKey.RSA.importKey(f.read())
+		f.close()
+		return PublicKey(e=key.publickey().e, n=module.Util.number.long_to_bytes(key.publickey().n))
+	except ImportError:
+		return None
+
+def importKey_openssl(pem_key_file):
+	import subprocess
+	cmd = "cat " + pem_key_file + " | openssl rsa -inform PEM -noout -text | grep publicE | sed 's/publicExponent: //' | cut -d ' ' -f1 | tr -d '\n'"
+	e = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
+	if not e:
+		print "Exporting exponent value from key {0} has failed.".format(pem_key_file)
+                return None
+	cmd = "cat " + pem_key_file + " | openssl rsa -inform PEM -noout -modulus | sed 's/Modulus=//' | tr -d '\n'"
+	n = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
+	if not n:
+		print "Exporting modulus value from key {0} has failed.".format(pem_key_file)
+		return None
+	return PublicKey(e=e, n=n.decode("hex"))
+
 def get_args():
 	import argparse
 
@@ -42,14 +69,14 @@ def get_args():
 
 def main():
 	import array
-	from Crypto.PublicKey import RSA
-	from Crypto.Util.number import long_to_bytes
 
 	args = get_args();
 
-	f = open(args.key, 'r')
-	key = RSA.importKey(f.read())
-	f.close
+	key = importKey_crypto(args.key)
+	if key is None:
+		key = importKey_openssl(args.key)
+		if key is None:
+			return
 
 	f = open(args.out, 'w')
 
@@ -57,11 +84,11 @@ def main():
 	f.write("#include <stddef.h>\n\n");
 
 	f.write("const uint32_t " + args.prefix + "_exponent = " +
-		str(key.publickey().e) + ";\n\n")
+		str(key.e) + ";\n\n")
 
 	f.write("const uint8_t " + args.prefix + "_modulus[] = {\n")
 	i = 0;
-	for x in array.array("B", long_to_bytes(key.publickey().n)):
+	for x in array.array("B", key.n):
 		f.write("0x" + '{0:02x}'.format(x) + ",")
 		i = i + 1;
 		if i % 8 == 0:
diff --git a/scripts/sign.py b/scripts/sign.py
index f407f3b..cffee18 100755
--- a/scripts/sign.py
+++ b/scripts/sign.py
@@ -26,55 +26,104 @@
 # POSSIBILITY OF SUCH DAMAGE.
 #
 
-def get_args():
-	from argparse import ArgumentParser
+import struct
+from collections import namedtuple
+PublicKey = namedtuple("PublicKey", "e n")
 
-	parser = ArgumentParser()
-	parser.add_argument('--key', required=True, help='Name of key file')
-	parser.add_argument('--in', required=True, dest='inf', \
-			help='Name of in file')
-	parser.add_argument('--out', required=True, help='Name of out file')
-	return parser.parse_args()
+magic = 0x4f545348	# SHDR_MAGIC
+img_type = 0		# SHDR_TA
+algo = 0x70004830	# TEE_ALG_RSASSA_PKCS1_V1_5_SHA256
 
-def main():
-	from Crypto.Signature import PKCS1_v1_5
-	from Crypto.Hash import SHA256
-	from Crypto.PublicKey import RSA
-	import struct
+def sign_crypto(args):
+	try:
+		module = __import__("Crypto.PublicKey.RSA")
+		module_sig = __import__("Crypto.Signature.PKCS1_v1_5")
+		f = open(args.key, 'rb')
+		key = module.PublicKey.RSA.importKey(f.read())
+		f.close()
 
-	args = get_args()
+		f = open(args.inf, 'rb')
+		img = f.read()
+		f.close()
 
-	f = open(args.key, 'rb')
-	key = RSA.importKey(f.read())
-	f.close()
+		signer = module_sig.Signature.PKCS1_v1_5.new(key)
+		h = module.Hash.SHA256.new()
+
+		digest_len = h.digest_size
+		sig_len = len(signer.sign(h))
+		img_size = len(img)
+
+		shdr = struct.pack('<IIIIHH', \
+			magic, img_type, img_size, algo, digest_len, sig_len)
 
+		h.update(shdr)
+		h.update(img)
+		sig = signer.sign(h)
+		f = open(args.out, 'wb')
+		f.write(shdr)
+		f.write(h.digest())
+		f.write(sig)
+		f.write(img)
+		f.close()
+		return True
+	except ImportError:
+		return False
+
+def sign_openssl(args):
+	import subprocess
 	f = open(args.inf, 'rb')
 	img = f.read()
 	f.close()
 
-	signer = PKCS1_v1_5.new(key)
-	h = SHA256.new()
-
-	digest_len = h.digest_size
-	sig_len = len(signer.sign(h))
+	digest_len = 32
+	sig_len = 256
 	img_size = len(img)
 
-	magic = 0x4f545348	# SHDR_MAGIC
-	img_type = 0		# SHDR_TA
-	algo = 0x70004830	# TEE_ALG_RSASSA_PKCS1_V1_5_SHA256
-	shdr = struct.pack('<IIIIHH', \
-		magic, img_type, img_size, algo, digest_len, sig_len)
+	shdr = struct.pack('<IIIIHH', magic, img_type, img_size, algo, digest_len, sig_len)
+
+	f = open(args.inf + ".tmp", 'wb')
+	f.write(shdr)
+	f.write(img)
+	f.close()
+
+	cmd = "openssl dgst -binary -sha256 " + args.inf + ".tmp"
+	hash_img = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
+	if not hash_img:
+		print "Generating hash from {0} has failed.".format(args.inf + ".tmp")
+                return False
 
-	h.update(shdr)
-	h.update(img)
-	sig = signer.sign(h)
+	cmd = "openssl dgst -binary -sha256 -sign " + args.key + " " + args.inf + ".tmp"
+	sig_img = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
+	if not sig_img:
+		print "Generating signature from {0} with key {1} has failed.".format(args.inf + ".hash", args.key)
+                return False
 
 	f = open(args.out, 'wb')
 	f.write(shdr)
-	f.write(h.digest())
-	f.write(sig)
+	f.write(hash_img)
+	f.write(sig_img)
 	f.write(img)
 	f.close()
+	return True
+
+def get_args():
+	from argparse import ArgumentParser
+
+	parser = ArgumentParser()
+	parser.add_argument('--key', required=True, help='Name of key file')
+	parser.add_argument('--in', required=True, dest='inf', \
+			help='Name of in file')
+	parser.add_argument('--out', required=True, help='Name of out file')
+	return parser.parse_args()
+
+def main():
+	args = get_args()
+
+	sig = sign_crypto(args)
+	if sig is False:
+		sig = sign_openssl(args)
+		if sig is False:
+			return -1
 
 if __name__ == "__main__":
 	main()
-- 
cgit v1.2.3