import sys import os import struct script_folder, script_name = os.path.split(os.path.realpath(__file__)) sys.path.append(os.path.join(script_folder, "lib")) import gfh import cert def get_file_sizeb(file_path): if not os.path.isfile(file_path): return 0 file_handle = open(file_path, "rb") file_handle.seek(0, 2) file_size = file_handle.tell() file_handle.close() return file_size def concatb(file1_path, file2_path): file1_size = get_file_sizeb(file1_path) file2_size = get_file_sizeb(file2_path) file1 = open(file1_path, "ab+") file2 = open(file2_path, "rb") file1.write(file2.read(file2_size)) file2.close() file1.close() class sctrl_cert: def __init__(self, out_path, sctrl_cert_path): self.m_out_path = out_path if not os.path.exists(self.m_out_path): os.makedirs(self.m_out_path) self.m_sctrl_cert_path = sctrl_cert_path self.m_gfh = gfh.image_gfh() self.m_key_path = "" self.m_out_path = out_path self.m_sig_handler = None def create_gfh(self, gfh_config): self.m_gfh.load_ini(gfh_config) self.m_gfh.dump() return def sign(self, key_ini_path, key_cert_path, primary_dbg_config_ini_path, primary_dbg_path, secondary_config_file_path): #tool auth contains only gfh and signature, no extra content self.m_gfh.finalize(0, key_ini_path) #create tbs_sctrl_cert.bin tbs_sctrl_cert_file_path = os.path.join(self.m_out_path, "tbs_sctrl_cert.bin") tbs_sctrl_cert_file = open(tbs_sctrl_cert_file_path, "wb") tbs_sctrl_cert_file.write(self.m_gfh.pack()) tbs_sctrl_cert_file.close() print "===sctrl_cert sign===" if self.m_gfh.get_sig_type() == "CERT_CHAIN": self.m_sig_handler = cert.cert_chain_v5() #create key cert if key_cert_path == "": key_cert_path = os.path.join(self.m_out_path, "key_cert.bin") if os.path.isfile(key_ini_path): key_cert_folder_name, key_cert_file_name = os.path.split(os.path.abspath(key_cert_path)) self.m_sig_handler.create_key_cert(key_ini_path, self.m_out_path, key_cert_file_name) key_cert_path = os.path.join(self.m_out_path, key_cert_file_name) else: self.m_sig_handler.set_key_cert(key_cert_path) #create primary debug cert if primary_dbg_path == "": primary_dbg_path = "primary_dbg_cert.bin" if os.path.isfile(primary_dbg_config_ini_path): primary_dbg_cert_folder_name, primary_dbg_cert_file_name = os.path.split(os.path.abspath(primary_dbg_path)) self.m_sig_handler.create_primary_dbg_cert(primary_dbg_config_ini_path, tbs_sctrl_cert_file_path, self.m_out_path, primary_dbg_cert_file_name) primary_dbg_cert_path = os.path.join(self.m_out_path, primary_dbg_cert_file_name) else: self.m_sig_handler.set_primary_dbg_cert(primary_dbg_path) #create secondary debug cert secondary_dbg_cert_file_name = "secondary_dbg_cert.bin" secondary_dbg_cert_file_path = os.path.join(self.m_out_path, secondary_dbg_cert_file_name) self.m_sig_handler.create_secondary_dbg_cert(secondary_config_file_path, self.m_out_path, secondary_dbg_cert_file_name) #create final cert chain sig_name = "sctrl_cert.sig" sig_file_path = os.path.join(self.m_out_path, sig_name) self.m_sig_handler.output(self.m_out_path, sig_name) #create final sctrl cert if os.path.isfile(self.m_sctrl_cert_path): os.remove(self.m_sctrl_cert_path) concatb(self.m_sctrl_cert_path, tbs_sctrl_cert_file_path) concatb(self.m_sctrl_cert_path, sig_file_path) os.remove(secondary_dbg_cert_file_path) elif self.m_gfh.get_sig_type() == "SINGLE": self.m_sig_handler = cert.sig_single(self.m_gfh.get_pad_type()) self.m_sig_handler.set_out_path(self.m_out_path) self.m_sig_handler.create(key_ini_path, tbs_sctrl_cert_file_path) self.m_sig_handler.sign() sig_name = "sctrl_cert.sig" sig_file_path = os.path.join(self.m_out_path, sig_name) self.m_sig_handler.output(self.m_out_path, sig_name) #create final toolauth file if os.path.isfile(self.m_sctrl_cert_path): os.remove(self.m_sctrl_cert_path) concatb(self.m_sctrl_cert_path, tbs_sctrl_cert_file_path) concatb(self.m_sctrl_cert_path, sig_file_path) else: print "unknown signature type" #clean up os.remove(tbs_sctrl_cert_file_path) os.remove(sig_file_path) return def main(): #parameter parsing idx = 1 key_ini_path = "" key_cert_path = "" gfh_config_ini_path = "" primary_dbg_path = "" primary_dbg_config_ini_path = "" secondary_dbg_config_ini_path = "" sctrl_cert_path = "" while idx < len(sys.argv): if sys.argv[idx][0] == '-': if sys.argv[idx][1] == 'i': print "key: " + sys.argv[idx + 1] key_ini_path = sys.argv[idx + 1] idx += 2 elif sys.argv[idx][1] == 'g': print "gfh config: " + sys.argv[idx + 1] gfh_config_ini_path = sys.argv[idx + 1] idx += 2 elif sys.argv[idx][1] == 'p': print "primary dbg cert: " + sys.argv[idx + 1] primary_dbg_path = sys.argv[idx + 1] idx += 2 elif sys.argv[idx][1] == 'q': print "primary dbg cert config: " + sys.argv[idx + 1] primary_dbg_config_ini_path = sys.argv[idx + 1] idx += 2 elif sys.argv[idx][1] == 's': print "secondary dbg cert config: " + sys.argv[idx + 1] secondary_dbg_config_ini_path = sys.argv[idx + 1] idx += 2 elif sys.argv[idx][1] == 'k': print "key cert: " + sys.argv[idx + 1] key_cert_path = sys.argv[idx + 1] idx += 2 else: print "unknown input" idx += 2 else: sctrl_cert_path = sys.argv[idx] print "sctrl_cert_path: " + sctrl_cert_path idx += 1 if not key_cert_path and not key_ini_path: print "key path is not given!" return -1 if not gfh_config_ini_path: print "sctrl_cert_config_path is not given!" return -1 if not sctrl_cert_path: print "sctrl_cert is not given!" return -1 out_path = os.path.dirname(os.path.abspath(sctrl_cert_path)) sctrl_cert_obj = sctrl_cert(out_path, sctrl_cert_path) sctrl_cert_obj.create_gfh(gfh_config_ini_path) sctrl_cert_obj.sign(key_ini_path, key_cert_path, primary_dbg_config_ini_path, primary_dbg_path, secondary_dbg_config_ini_path) return 0 if __name__ == '__main__': main()