• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/usr/bin/env python3
2# -*- coding: utf-8 -*-
3
4# Copyright (c) 2023 Huawei Device Co., Ltd.
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
17import hashlib
18from base64 import b64encode
19from build_pkcs7 import BLOCK_SIZE, sign_digest
20from log_exception import UPDATE_LOGGER
21from utils import OPTIONS_MANAGER
22
23
24def sign_func_sha256(sign_file, private_key_file):
25    """
26    sign one file with private key
27    :param sign_file: path of file ready to be signed
28    :param private_key_file: private key path, ex. rsa_private_key2048.pem
29    :return: base64 code of the signature
30    """
31    hash_sha256 = hashlib.sha256()
32    with open(sign_file, 'rb') as file:
33        chunk = file.read(BLOCK_SIZE)
34        while chunk:
35            hash_sha256.update(chunk)
36            chunk = file.read(BLOCK_SIZE)
37    signature = sign_digest(hash_sha256.digest(), private_key_file)
38    if signature == False:
39        UPDATE_LOGGER.print_log("sign digest failed", log_type=UPDATE_LOGGER.ERROR_LOG)
40        return ""
41    return str(b64encode(signature).decode("ascii"))
42
43
44def generate_signed_data(file_lists, sign_func, private_key_file):
45    """
46    get hash signed data of file lists, hash signed data format:
47    Name: build_tools/updater_binary
48    signed-data: xxxxxxx
49
50    Name: build_tools/updater_binary
51    signed-data: xxxxxxx
52
53    ....
54    :param file_lists: path list of file ready to be signed, list item contains file_path and name_in_signed_data
55    :param sign_func: signature function, ex. sign_func_sha256
56    :param private_key_file: private key path, ex. rsa_private_key2048.pem
57    :return: hash signed data of the file_lists
58    """
59    max_file_num = 32
60    if not sign_func:
61        UPDATE_LOGGER.print_log("please provide a sign function", log_type=UPDATE_LOGGER.ERROR_LOG)
62        return ""
63
64    if len(file_lists) > max_file_num:
65        UPDATE_LOGGER.print_log("signed file can't be more than %d" % max_file_num,
66            log_type=UPDATE_LOGGER.ERROR_LOG)
67        return ""
68    sign_res_list = []
69    for file, name in file_lists:
70        sign_res = sign_func(file, private_key_file)
71        if sign_res == "":
72            UPDATE_LOGGER.print_log("sign file {} failed".format(name), log_type=UPDATE_LOGGER.ERROR_LOG)
73            return ""
74        sign_res_list += ["Name: {}\nsigned-data: {}\n".format(name, sign_res)]
75    return "\n".join(sign_res_list)
76
77
78def generate_signed_data_default(file_lists):
79    return generate_signed_data(file_lists, sign_func_sha256, OPTIONS_MANAGER.private_key)