Generate default test keys for RSA2048 and RSA3072
RSA keys are generated based on key ids defined. User can append signing_keys as per their requirements. Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This commit is contained in:
parent
f764b32506
commit
c8dc8b756e
|
@ -0,0 +1,95 @@
|
|||
#!/usr/bin/env python
|
||||
## @ GenerateKeys.py
|
||||
#
|
||||
# This script is an reference to generate test RSA private keys required by slimbootloader.
|
||||
# This should be one time key generation for a project based on usecase needs and this would
|
||||
# be pre-requiste to generate this before Slimboot build. These keys should be used for
|
||||
# various components signing in Slimboot
|
||||
#
|
||||
#
|
||||
# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
|
||||
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
#
|
||||
##
|
||||
|
||||
##
|
||||
# Import Modules
|
||||
#
|
||||
import os
|
||||
import sys
|
||||
import datetime
|
||||
import ntpath
|
||||
import argparse
|
||||
import binascii
|
||||
from ctypes import *
|
||||
from CommonUtility import *
|
||||
|
||||
|
||||
RSA_KEY_SIZE = {
|
||||
"RSA2048" : '2048',
|
||||
"RSA3072" : '3072',
|
||||
}
|
||||
|
||||
def signing_keys():
|
||||
signing_keys_list = []
|
||||
signing_keys_list.append ([
|
||||
# Key ID | Key File Name start |
|
||||
# ===========================================================
|
||||
# MASTER_KEY_ID is used for signing Slimboot Key Hash Manifest (KEYH Component)
|
||||
("MASTER_KEY_ID", "MasterTestKey_Priv"),
|
||||
|
||||
# CFGDATA_KEY_ID is used for signing external Config data blob)
|
||||
("CFGDATA_KEY_ID", "ConfigTestKey_Priv"),
|
||||
|
||||
# FIRMWAREUPDATE_KEY_ID is used for signing capsule firmware update image)
|
||||
("FIRMWAREUPDATE_KEY_ID", "FirmwareUpdateTestKey_Priv"),
|
||||
|
||||
# CONTAINER_KEY_ID is used for signing container header with mono signature
|
||||
("CONTAINER_KEY_ID", "ContainerTestKey_Priv"),
|
||||
|
||||
# CONTAINER_COMP_KEY_ID is used for signing container components
|
||||
# One can add multiple component keys as needed.
|
||||
("CONTAINER_COMP_KEY_ID", "ContainerCompTestKey_Priv"),
|
||||
])
|
||||
|
||||
return signing_keys_list
|
||||
|
||||
# Generate RSA Key based on required key size
|
||||
def GenerateRsaKeys (openssl_path, key_dir, key_size):
|
||||
key_list = signing_keys()
|
||||
for item in key_list:
|
||||
for Key_name, Key_file_name in item:
|
||||
cmd = '%s genrsa -F4 -out %s/%s_RSA%s.pem %s' % (openssl_path, key_dir, Key_file_name, key_size, key_size)
|
||||
run_process (cmd.split())
|
||||
|
||||
return
|
||||
|
||||
def main():
|
||||
parser = argparse.ArgumentParser()
|
||||
|
||||
parser.add_argument('-k', '--key_dir', dest='KeyDir', type=str, required=True, help='Key directory path')
|
||||
parser.add_argument('-s', '--key_size', dest='KeySize', type=str, choices=['RSA2048', 'RSA3072', 'ALL'], default='ALL', help='key size for generation')
|
||||
|
||||
#
|
||||
# Parse command line arguments
|
||||
#
|
||||
args = parser.parse_args()
|
||||
|
||||
if not os.path.isdir(args.KeyDir):
|
||||
print ("Key directory path do not exists. Create directory %s !!" % args.KeyDir)
|
||||
os.mkdir(args.KeyDir)
|
||||
|
||||
openssl_path = get_openssl_path()
|
||||
|
||||
if args.KeySize is 'ALL':
|
||||
# Generate keys for key size 2048 and 3072
|
||||
GenerateRsaKeys(openssl_path, args.KeyDir, RSA_KEY_SIZE["RSA2048"])
|
||||
GenerateRsaKeys(openssl_path, args.KeyDir, RSA_KEY_SIZE["RSA3072"])
|
||||
else:
|
||||
# Generate keys for requested key size
|
||||
GenerateRsaKeys(openssl_path, args.KeyDir, RSA_KEY_SIZE[args.KeySize])
|
||||
|
||||
return
|
||||
|
||||
if __name__ == '__main__':
|
||||
sys.exit(main())
|
Loading…
Reference in New Issue