From a5e9766062846fa9245c6f283151f7dc152d33da Mon Sep 17 00:00:00 2001 From: "Chen, Gang G" Date: Sat, 15 Jul 2023 11:46:26 +0800 Subject: [PATCH] debug patch for sbl Signed-off-by: Chen, Gang G --- containertool/CommonUtility.py | 2 ++ containertool/GenContainer.py | 28 +++++++++++++++++++++++++++- containertool/SingleSign.py | 9 +++++++++ 3 files changed, 38 insertions(+), 1 deletion(-) diff --git a/containertool/CommonUtility.py b/containertool/CommonUtility.py index d1cce6a..89b862c 100644 --- a/containertool/CommonUtility.py +++ b/containertool/CommonUtility.py @@ -311,6 +311,8 @@ def get_auth_hash_type (key_type, sign_scheme): def gen_pub_key (in_key, pub_key = None): + print ("in_key = %s" % in_key) + print ("pub_key = %s" % pub_key) keydata = single_sign_gen_pub_key (in_key, pub_key) publickey = PUB_KEY_HDR() diff --git a/containertool/GenContainer.py b/containertool/GenContainer.py index 47e66b6..3f34c4e 100755 --- a/containertool/GenContainer.py +++ b/containertool/GenContainer.py @@ -275,19 +275,29 @@ def calculate_auth_data (file, auth_type, priv_key, out_dir): pass elif auth_type in ["SHA2_256"]: data = get_file_data (file) + + print ("SHA2_256") hash_data.extend (hashlib.sha256(data).digest()) elif auth_type in ["SHA2_384"]: + print ("SHA2_384") data = get_file_data (file) hash_data.extend (hashlib.sha384(data).digest()) elif auth_type in ['RSA2048_PKCS1_SHA2_256', 'RSA3072_PKCS1_SHA2_384', 'RSA2048_PSS_SHA2_256', 'RSA3072_PSS_SHA2_384' ]: + print ("auth_type %s" % auth_type) + print ("priv_key %s" % priv_key) auth_type = adjust_auth_type (auth_type, priv_key) + print ("adjust auth_type %s" % auth_type) pub_key = os.path.join(out_dir, basename + '.pub') + print ("pub_key %s" % pub_key) di = gen_pub_key (priv_key, pub_key) key_hash = CONTAINER.get_pub_key_hash (di, CONTAINER._auth_to_hashalg_str[auth_type]) hash_data.extend (key_hash) + print ("hash_data %s" % hash_data) out_file = os.path.join(out_dir, basename + '.sig') + print ("out_file %s" % out_file) rsa_sign_file (priv_key, pub_key, CONTAINER._auth_to_hashalg_str[auth_type], CONTAINER._auth_to_signscheme_str[auth_type], file, out_file, False, True) auth_data.extend (get_file_data(out_file)) + print ("auth_data %s" % auth_data) else: raise Exception ("Unsupport AuthType '%s' !" % auth_type) return hash_data, auth_data @@ -365,15 +375,22 @@ def adjust_header (self): header.data_size = (length + alignment) & ~alignment else: header.data_size = 0 + print ("header.data_size: %X" % header.data_size) auth_type = self.get_auth_type_str (header.auth_type) basename = header.signature.decode() hdr_file = os.path.join(self.out_dir, basename + '.hdr') hdr_data = bytearray (header) + print ("basename: %s" % basename) + print ("hdr_file: %s" % hdr_file) for component in header.comp_entry: hdr_data.extend (component) hdr_data.extend (component.hash_data) gen_file_from_object (hdr_file, hdr_data) hash_data, auth_data = CONTAINER.calculate_auth_data (hdr_file, auth_type, header.priv_key, self.out_dir) + print ("auth_tye: %s" % auth_type) + print ("header.priv_key: %s" % header.priv_key) + print ("self.out_dir: %s" % self.out_dir) + print (len(auth_data) , len(header.auth_data)) if len(auth_data) != len(header.auth_data): print (len(auth_data) , len(header.auth_data)) raise Exception ("Unexpected authentication data length for container header !") @@ -588,6 +605,7 @@ def extract (self, name = '', file_path = ''): else: file_name = os.path.splitext(os.path.basename (file_path))[0] + '.bin' + print ("extract file_file : %s" % file_name) # create header entry auth_type_str = self.get_auth_type_str (self.header.auth_type) match = re.match('RSA(\d+)_', auth_type_str) @@ -598,6 +616,7 @@ def extract (self, name = '', file_path = ''): key_file = 'KEY_ID_CONTAINER_RSA%s' % match.group(1) else: key_file = '' + print ("key_file : %s" % key_file) alignment = self.header.alignment image_type_str = CONTAINER.get_image_type_str(self.header.image_type) header = ['%s' % self.header.signature.decode(), file_name, image_type_str, auth_type_str, key_file] @@ -663,6 +682,10 @@ def gen_container_bin (container_list, out_dir, inp_dir, key_dir = '.', tool_dir for each in container_list: container = CONTAINER () container.set_dir_path (out_dir, inp_dir, key_dir, tool_dir) + print ("out_dir: %s \n" % out_dir) + print ("inp_dir: %s \n" % inp_dir) + print ("key_dir: %s \n" % key_dir) + print ("tool_dir: %s \n" % tool_dir) out_file = container.create (each) print ("Container '%s' was created successfully at: \n %s" % (container.header.signature.decode(), out_file)) @@ -766,7 +789,10 @@ def create_container (args): hdr_entry = list (container_list[0][0]) hdr_entry[3] = args.auth container_list[0][0] = tuple(hdr_entry) - + print ("out_dir: %s" % out_dir) + print ("comp_dir: %s" % comp_dir) + print ("key_dir: %s" % key_dir) + print ("tool_dir: %s" % tool_dir) gen_container_bin (container_list, out_dir, comp_dir, key_dir, tool_dir) def extract_container (args): diff --git a/containertool/SingleSign.py b/containertool/SingleSign.py index 5b03d39..a885e8b 100644 --- a/containertool/SingleSign.py +++ b/containertool/SingleSign.py @@ -260,6 +260,7 @@ def single_sign_gen_pub_key (in_key, pub_key_file = None): # Expect key to be in PEM format is_prv_key = False cmdline = [get_openssl_path(), 'rsa', '-pubout', '-text', '-noout', '-in', '%s' % in_key] + print ("cmdline1 = %s" % cmdline) # Check if it is public key or private key text = open(in_key, 'r').read() if '-BEGIN RSA PRIVATE KEY-' in text or '-BEGIN PRIVATE KEY-' in text: @@ -269,12 +270,14 @@ def single_sign_gen_pub_key (in_key, pub_key_file = None): else: raise Exception('Unknown key format "%s" !' % in_key) + print ("cmdline2 = %s" % cmdline) if pub_key_file: cmdline.extend (['-out', '%s' % pub_key_file]) capture = False else: capture = True + print ("cmdline3 = %s" % cmdline) output = run_process (cmdline, capture_out = capture) if not capture: output = text = open(pub_key_file, 'r').read() @@ -282,11 +285,17 @@ def single_sign_gen_pub_key (in_key, pub_key_file = None): data = data.replace('\n', '') data = data.replace(' ', '') + print ("data = %s" % data) # Extract the modulus if is_prv_key: + print ("prv_key") match = re.search('modulus(.*)publicExponent:\s+(\d+)\s+', data) else: + print ("pub_key") match = re.search('Modulus(?:.*?):(.*)Exponent:\s+(\d+)\s+', data) + + print ("match %X", match) + if not match: raise Exception('Public key not found!') modulus = match.group(1).replace(':', '')