1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
|
#!/usr/bin/env python3
# SPDX-License-Identifier: BSD-2-Clause
#
# Copyright (C) 2023, STMicroelectronics
#
try:
from elftools.elf.elffile import ELFFile
from elftools.elf.sections import SymbolTableSection
from elftools.elf.enums import ENUM_P_TYPE_ARM
from elftools.elf.enums import *
except ImportError:
print("""
***
ERROR: "pyelftools" python module is not installed or version < 0.25.
***
""")
raise
try:
from Cryptodome.Hash import SHA256
from Cryptodome.Signature import pkcs1_15
from Cryptodome.PublicKey import RSA
from Cryptodome.Signature import DSS
from Cryptodome.PublicKey import ECC
except ImportError:
print("""
***
ERROR: "pycryptodomex" python module should be installed.
***
""")
raise
import os
import sys
import struct
import logging
import binascii
# Generated file structure:
#
# -----+-------------+
# / | Magic | 32-bit word, magic value equal to
# / +-------------+ 0x3543A468
# / +-------------+
# / | version | 32-bit word, version of the format
# / +-------------+
# +-----------+ +-------------+
# | Header | | TLV size | 32-bit word, size of the TLV
# +-----------+ +-------------+ (aligned on 64-bit), in bytes.
# \ +-------------+
# \ | sign size | 32-bit word, size of the signature
# \ +-------------+ (aligned on 64-bit), in bytes.
# \ +-------------+
# \ | images size | 32-bit word, size of the images to
# -----+-------------+ load (aligned on 64-bit), in bytes.
#
# +-------------+ Information used to authenticate the
# | TLV | images and boot the remote processor,
# | | stored in Type-Length-Value format.
# +-------------+ 'Type' and 'Length' are 32-bit words.
#
# +-------------+
# | Signature | Signature of the header and the TLV.
# +-------------+
#
# +-------------+
# | Firmware |
# | image 1 |
# +-------------+
# ...
# +-------------+
# | Firmware |
# | image n |
# +-------------+
# Generic type definitions
TLV_TYPES = {
'SIGNTYPE': 0x00000001, # algorithm used for signature
'HASHTYPE': 0x00000002, # algorithm used for computing segment's hash
'NUM_IMG': 0x00000003, # number of images to load
'IMGTYPE': 0x00000004, # array of type of images to load
'IMGSIZE': 0x00000005, # array of the size of the images to load
'HASHTABLE': 0x000000010, # segment hash table for authentication
'PKEYINFO': 0x0000000011, # information to retrieve signature key
}
GENERIC_TLV_TYPE_RANGE = range(0x00000000, 0x00010000)
PLATFORM_TLV_TYPE_RANGE = range(0x00010000, 0x00020000)
HEADER_MAGIC = 0x3543A468
logging.basicConfig(stream=sys.stderr, level=logging.INFO)
ENUM_HASH_TYPE = dict(
SHA256=1,
)
ENUM_SIGNATURE_TYPE = dict(
RSA=1,
ECC=2,
)
ENUM_BINARY_TYPE = dict(
ELF=1,
)
def dump_buffer(buf, step=16, name="", logger=logging.debug, indent=""):
logger("%s%s:" % (indent, name))
for i in range(0, len(buf), step):
logger("%s " % (indent) + " ".
join(["%02X" % c for c in buf[i:i+step]]))
logger("\n")
class TLV():
def __init__(self):
self.buf = bytearray()
self.tlvs = {}
def add(self, kind, payload):
"""
Add a TLV record. Argument type is either the type scalar ID or a
matching string defined in TLV_TYPES.
"""
if isinstance(kind, int):
buf = struct.pack('II', kind, len(payload))
else:
buf = struct.pack('II', TLV_TYPES[kind], len(payload))
# Ensure that each TLV is 64-bit aligned
align_64b = (len(payload) + len(buf)) % 8
self.buf += buf
self.buf += payload
if align_64b:
self.buf += bytearray(8 - align_64b)
def add_plat_tlv(self, cust_tlv):
# Get list of custom protected TLVs from the command-line
for tlv in cust_tlv:
type_id = int(tlv[0], 0)
if type_id not in PLATFORM_TLV_TYPE_RANGE:
raise Exception('TLV %s not in range' % hex(type_id))
value = tlv[1]
if value.startswith('0x'):
int_val = int(value[2:], 16)
self.tlvs[type_id] = int_val.to_bytes(4, 'little')
else:
self.tlvs[type_id] = value.encode('utf-8')
if self.tlvs is not None:
for type_id, value in self.tlvs.items():
self.add(type_id, value)
def get(self):
"""
Get a byte-array that concatenates all the TLV added.
"""
if len(self.buf) == 0:
return bytes()
return bytes(self.buf)
class RSA_Signature(object):
def __init__(self, key):
self._hasher = SHA256.new()
self.signer = pkcs1_15.new(key)
def hash_compute(self, segment):
self._hasher.update(segment)
def sign(self):
return self.signer.sign(self._hasher)
class ECC_Signature(object):
def __init__(self, key):
self._hasher = SHA256.new()
self.signer = DSS.new(key, 'fips-186-3')
def hash_compute(self, segment):
self._hasher.update(segment)
def sign(self):
return self.signer.sign(self._hasher)
Signature = {
1: RSA_Signature,
2: ECC_Signature,
}
class SegmentHashStruct:
pass
class SegmentHash(object):
'''
Hash table based on Elf program segments
'''
def __init__(self, img):
self._num_segments = img.num_segments()
self._pack_fmt = '<%dL' % 8
self.img = img
self.hashProgTable = bytes()
self._offset = 0
def get_table(self):
'''
Create a segment hash table containing for each segment:
- the segments header
- a hash of the segment
'''
h = SHA256.new()
seg = SegmentHashStruct()
self.size = (h.digest_size + 32) * self._num_segments
logging.debug("hash section size %d" % self.size)
del h
self.buf = bytearray(self.size)
self._bufview_ = memoryview(self.buf)
for i in range(self._num_segments):
h = SHA256.new()
segment = self.img.get_segment(i)
seg.header = self.img.get_segment(i).header
logging.debug("compute hash for segment offset %s" % seg.header)
h.update(segment.data())
seg.hash = h.digest()
logging.debug("hash computed: %s" % seg.hash)
del h
struct.pack_into('<I', self._bufview_, self._offset,
ENUM_P_TYPE_ARM[seg.header.p_type])
self._offset += 4
struct.pack_into('<7I', self._bufview_, self._offset,
seg.header.p_offset, seg.header.p_vaddr,
seg.header.p_paddr, seg.header.p_filesz,
seg.header.p_memsz, seg.header.p_flags,
seg.header.p_align)
self._offset += 28
struct.pack_into('<32B', self._bufview_, self._offset, *seg.hash)
self._offset += 32
dump_buffer(self.buf, name='hash table', indent="\t")
return self.buf
class ImageHeader(object):
'''
Image header
'''
magic = 'HELF' # SHDR_MAGIC
version = 1
MAGIC_OFFSET = 0
VERSION_OFFSET = 4
SIGN_LEN_OFFSET = 8
IMG_LEN_OFFSET = 12
TLV_LEN_OFFSET = 16
PTLV_LEN_OFFSET = 20
def __init__(self):
self.size = 56
self.magic = HEADER_MAGIC
self.version = 1
self.tlv_length = 0
self.sign_length = 0
self.img_length = 0
self.shdr = struct.pack('<IIIII',
self.magic, self.version,
self.tlv_length, self.sign_length,
self.img_length)
def dump(self):
logging.debug("\tMAGIC\t\t= %08X" % (self.magic))
logging.debug("\tHEADER_VERSION\t= %08X" % (self.version))
logging.debug("\tTLV_LENGTH\t= %08X" % (self.tlv_length))
logging.debug("\tSIGN_LENGTH\t= %08X" % (self.sign_length))
logging.debug("\tIMAGE_LENGTH\t= %08X" % (self.img_length))
def get_packed(self):
return struct.pack('<IIIII',
self.magic, self.version,
self.tlv_length, self.sign_length, self.img_length)
def get_args(logger):
from argparse import ArgumentParser, RawDescriptionHelpFormatter
import textwrap
parser = ArgumentParser(
description='Sign a remote processor firmware loadable by OP-TEE.',
usage='\n %(prog)s [ arguments ]\n\n'
' Generate signed loadable binary \n' +
' Takes arguments --in, --out --key\n' +
' %(prog)s --help show available arguments\n\n')
parser.add_argument('--in', required=True, dest='in_file',
help='Name of firmware input file ' +
'(can be used multiple times)', action='append')
parser.add_argument('--out', required=True, dest='out_file',
help='Name of the signed firmware output file')
parser.add_argument('--key', required=True,
help='Name of signing key file',
dest='key_file')
parser.add_argument('--key_info', required=False,
help='Name file containing extra key information',
dest='key_info')
parser.add_argument('--key_type', required=False,
help='Type of signing key: should be RSA or ECC',
default='RSA',
dest='key_type')
parser.add_argument('--key_pwd', required=False,
help='passphrase for the private key decryption',
dest='key_pwd')
parser.add_argument('--plat-tlv', required=False, nargs=2,
metavar=("ID", "value"), action='append',
help='Platform TLV that will be placed into image '
'plat_tlv area. Add "0x" prefix to interpret '
'the value as an integer, otherwise it will be '
'interpreted as a string. Option can be used '
'multiple times to add multiple TLVs.',
default=[], dest='plat_tlv')
parsed = parser.parse_args()
# Set defaults for optional arguments.
if parsed.out_file is None:
parsed.out_file = str(parsed.in_file)+'.sig'
return parsed
def rsa_key(key_file, key_pwd):
return RSA.importKey(open(key_file).read(), key_pwd)
def ecc_key(key_file, key_pwd):
return ECC.import_key(open(key_file).read(), key_pwd)
key_type = {
1: rsa_key,
2: ecc_key,
}
def rsa_sig_size(key):
return key.size_in_bytes()
def ecc_sig_size(key):
# to be improve...
# DSA size is N/4 so 64 for DSA (L,N) = (2048, 256)
return 64
sig_size_type = {
1: rsa_sig_size,
2: ecc_sig_size,
}
def main():
from Cryptodome.Signature import pss
from Cryptodome.Hash import SHA256
from Cryptodome.PublicKey import RSA
import base64
import logging
import struct
logging.basicConfig()
logger = logging.getLogger(os.path.basename(__file__))
args = get_args(logger)
# Initialise the header */
s_header = ImageHeader()
tlv = TLV()
sign_type = ENUM_SIGNATURE_TYPE[args.key_type]
get_key = key_type.get(sign_type, lambda: "Invalid sign type")
key = get_key(args.key_file, args.key_pwd)
if not key.has_private():
logger.error('Provided key cannot be used for signing, ')
sys.exit(1)
tlv.add('SIGNTYPE', sign_type.to_bytes(1, 'little'))
images_type = []
hash_tlv = bytearray()
images_size = []
# Firmware image
for inputf in args.in_file:
logging.debug("image %s" % inputf)
input_file = open(inputf, 'rb')
img = ELFFile(input_file)
# Only ARM machine has been tested and well supported yet.
# Indeed this script uses of ENUM_P_TYPE_ARM dic
assert img.get_machine_arch() in ["ARM"]
# Need to reopen the file to get the raw data
with open(inputf, 'rb') as f:
bin_img = f.read()
size = len(bin_img)
align_64b = size % 8
if align_64b:
size += 8 - align_64b
images_size.extend(size.to_bytes(4, 'little'))
s_header.img_length += size
f.close()
# Store image type information
bin_type = ENUM_BINARY_TYPE['ELF']
images_type += bin_type.to_bytes(1, 'little')
# Compute the hash table and add it to TLV blob
hash_table = SegmentHash(img)
hash_tlv.extend(hash_table.get_table())
# Add image information
# The 'IMGTYPE' contains a byte array of the image type (ENUM_BINARY_TYPE).
# The 'IMGSIZE' contains a byte array of the size (32-bit) of each image.
tlv.add('NUM_IMG', len(args.in_file).to_bytes(1, 'little'))
tlv.add('IMGTYPE', bytearray(images_type))
tlv.add('IMGSIZE', bytearray(images_size))
# Add hash type information in TLV blob
# The 'HASHTYPE' TLV contains a byte associated to ENUM_HASH_TYPE.
hash_type = ENUM_HASH_TYPE['SHA256']
tlv.add('HASHTYPE', hash_type.to_bytes(1, 'little'))
# Add hash table information in TLV blob
# The HASHTABLE TLV contains a byte array containing all the ELF segment
# with associated hash.
tlv.add('HASHTABLE', hash_tlv)
# Add optional key information to TLV
if args.key_info:
with open(args.key_info, 'rb') as f:
key_info = f.read()
tlv.add('PKEYINFO', key_info)
# Compute custom TLV that will be passed to the platform PTA
# Get list of custom protected TLVs from the command-line
if args.plat_tlv:
tlv.add_plat_tlv(args.plat_tlv)
# Get the TLV area and compute its size (with 64 bit alignment)
tlvs_buff = tlv.get()
s_header.tlv_length = len(tlvs_buff)
align_64b = 8 - (s_header.tlv_length % 8)
if align_64b:
s_header.tlv_length += 8 - align_64b
tlvs_buff += bytearray(8 - align_64b)
dump_buffer(tlvs_buff, name='TLVS', indent="\t")
# Signature chunk
sign_size = sig_size_type.get(ENUM_SIGNATURE_TYPE[args.key_type],
lambda: "Invalid sign type")(key)
s_header.sign_length = sign_size
# Construct the Header
header = s_header.get_packed()
# Generate signature
signer = Signature.get(ENUM_SIGNATURE_TYPE[args.key_type])(key)
signer.hash_compute(header)
signer.hash_compute(tlvs_buff)
signature = signer.sign()
if len(signature) != sign_size:
raise Exception(("Actual signature length is not equal to ",
"the computed one: {} != {}".
format(len(signature), sign_size)))
s_header.dump()
with open(args.out_file, 'wb') as f:
f.write(header)
f.write(tlvs_buff)
f.write(signature)
align_64b = sign_size % 8
if align_64b:
f.write(bytearray(8 - align_64b))
for inputf in args.in_file:
with open(inputf, 'rb') as fin:
bin_img = fin.read()
f.write(bin_img)
fin.close()
align_64b = len(bin_img) % 8
if align_64b:
f.write(bytearray(8 - align_64b))
if __name__ == "__main__":
main()
|
