Generate default test keys for RSA2048 and RSA3072
RSA keys are generated based on key ids defined. User can append signing_keys as per their requirements. Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This commit is contained in:
parent
f764b32506
commit
c8dc8b756e
|
@ -0,0 +1,95 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
## @ GenerateKeys.py
|
||||||
|
#
|
||||||
|
# This script is an reference to generate test RSA private keys required by slimbootloader.
|
||||||
|
# This should be one time key generation for a project based on usecase needs and this would
|
||||||
|
# be pre-requiste to generate this before Slimboot build. These keys should be used for
|
||||||
|
# various components signing in Slimboot
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
|
||||||
|
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
#
|
||||||
|
##
|
||||||
|
|
||||||
|
##
|
||||||
|
# Import Modules
|
||||||
|
#
|
||||||
|
import os
|
||||||
|
import sys
|
||||||
|
import datetime
|
||||||
|
import ntpath
|
||||||
|
import argparse
|
||||||
|
import binascii
|
||||||
|
from ctypes import *
|
||||||
|
from CommonUtility import *
|
||||||
|
|
||||||
|
|
||||||
|
RSA_KEY_SIZE = {
|
||||||
|
"RSA2048" : '2048',
|
||||||
|
"RSA3072" : '3072',
|
||||||
|
}
|
||||||
|
|
||||||
|
def signing_keys():
|
||||||
|
signing_keys_list = []
|
||||||
|
signing_keys_list.append ([
|
||||||
|
# Key ID | Key File Name start |
|
||||||
|
# ===========================================================
|
||||||
|
# MASTER_KEY_ID is used for signing Slimboot Key Hash Manifest (KEYH Component)
|
||||||
|
("MASTER_KEY_ID", "MasterTestKey_Priv"),
|
||||||
|
|
||||||
|
# CFGDATA_KEY_ID is used for signing external Config data blob)
|
||||||
|
("CFGDATA_KEY_ID", "ConfigTestKey_Priv"),
|
||||||
|
|
||||||
|
# FIRMWAREUPDATE_KEY_ID is used for signing capsule firmware update image)
|
||||||
|
("FIRMWAREUPDATE_KEY_ID", "FirmwareUpdateTestKey_Priv"),
|
||||||
|
|
||||||
|
# CONTAINER_KEY_ID is used for signing container header with mono signature
|
||||||
|
("CONTAINER_KEY_ID", "ContainerTestKey_Priv"),
|
||||||
|
|
||||||
|
# CONTAINER_COMP_KEY_ID is used for signing container components
|
||||||
|
# One can add multiple component keys as needed.
|
||||||
|
("CONTAINER_COMP_KEY_ID", "ContainerCompTestKey_Priv"),
|
||||||
|
])
|
||||||
|
|
||||||
|
return signing_keys_list
|
||||||
|
|
||||||
|
# Generate RSA Key based on required key size
|
||||||
|
def GenerateRsaKeys (openssl_path, key_dir, key_size):
|
||||||
|
key_list = signing_keys()
|
||||||
|
for item in key_list:
|
||||||
|
for Key_name, Key_file_name in item:
|
||||||
|
cmd = '%s genrsa -F4 -out %s/%s_RSA%s.pem %s' % (openssl_path, key_dir, Key_file_name, key_size, key_size)
|
||||||
|
run_process (cmd.split())
|
||||||
|
|
||||||
|
return
|
||||||
|
|
||||||
|
def main():
|
||||||
|
parser = argparse.ArgumentParser()
|
||||||
|
|
||||||
|
parser.add_argument('-k', '--key_dir', dest='KeyDir', type=str, required=True, help='Key directory path')
|
||||||
|
parser.add_argument('-s', '--key_size', dest='KeySize', type=str, choices=['RSA2048', 'RSA3072', 'ALL'], default='ALL', help='key size for generation')
|
||||||
|
|
||||||
|
#
|
||||||
|
# Parse command line arguments
|
||||||
|
#
|
||||||
|
args = parser.parse_args()
|
||||||
|
|
||||||
|
if not os.path.isdir(args.KeyDir):
|
||||||
|
print ("Key directory path do not exists. Create directory %s !!" % args.KeyDir)
|
||||||
|
os.mkdir(args.KeyDir)
|
||||||
|
|
||||||
|
openssl_path = get_openssl_path()
|
||||||
|
|
||||||
|
if args.KeySize is 'ALL':
|
||||||
|
# Generate keys for key size 2048 and 3072
|
||||||
|
GenerateRsaKeys(openssl_path, args.KeyDir, RSA_KEY_SIZE["RSA2048"])
|
||||||
|
GenerateRsaKeys(openssl_path, args.KeyDir, RSA_KEY_SIZE["RSA3072"])
|
||||||
|
else:
|
||||||
|
# Generate keys for requested key size
|
||||||
|
GenerateRsaKeys(openssl_path, args.KeyDir, RSA_KEY_SIZE[args.KeySize])
|
||||||
|
|
||||||
|
return
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
sys.exit(main())
|
Loading…
Reference in New Issue