1*9e94795aSAndroid Build Coastguard Worker#!/usr/bin/env python3 2*9e94795aSAndroid Build Coastguard Worker# 3*9e94795aSAndroid Build Coastguard Worker# Copyright (C) 2022 The Android Open Source Project 4*9e94795aSAndroid Build Coastguard Worker# 5*9e94795aSAndroid Build Coastguard Worker# Licensed under the Apache License, Version 2.0 (the "License"); 6*9e94795aSAndroid Build Coastguard Worker# you may not use this file except in compliance with the License. 7*9e94795aSAndroid Build Coastguard Worker# You may obtain a copy of the License at 8*9e94795aSAndroid Build Coastguard Worker# 9*9e94795aSAndroid Build Coastguard Worker# http://www.apache.org/licenses/LICENSE-2.0 10*9e94795aSAndroid Build Coastguard Worker# 11*9e94795aSAndroid Build Coastguard Worker# Unless required by applicable law or agreed to in writing, software 12*9e94795aSAndroid Build Coastguard Worker# distributed under the License is distributed on an "AS IS" BASIS, 13*9e94795aSAndroid Build Coastguard Worker# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14*9e94795aSAndroid Build Coastguard Worker# See the License for the specific language governing permissions and 15*9e94795aSAndroid Build Coastguard Worker# limitations under the License. 16*9e94795aSAndroid Build Coastguard Worker 17*9e94795aSAndroid Build Coastguard Workerimport common 18*9e94795aSAndroid Build Coastguard Workerimport logging 19*9e94795aSAndroid Build Coastguard Workerimport shlex 20*9e94795aSAndroid Build Coastguard Workerimport argparse 21*9e94795aSAndroid Build Coastguard Workerimport tempfile 22*9e94795aSAndroid Build Coastguard Workerimport zipfile 23*9e94795aSAndroid Build Coastguard Workerimport shutil 24*9e94795aSAndroid Build Coastguard Workerfrom common import OPTIONS, OptionHandler 25*9e94795aSAndroid Build Coastguard Workerfrom ota_signing_utils import AddSigningArgumentParse 26*9e94795aSAndroid Build Coastguard Worker 27*9e94795aSAndroid Build Coastguard Workerlogger = logging.getLogger(__name__) 28*9e94795aSAndroid Build Coastguard Worker 29*9e94795aSAndroid Build Coastguard WorkerOPTIONS.payload_signer = None 30*9e94795aSAndroid Build Coastguard WorkerOPTIONS.payload_signer_args = [] 31*9e94795aSAndroid Build Coastguard WorkerOPTIONS.payload_signer_maximum_signature_size = None 32*9e94795aSAndroid Build Coastguard WorkerOPTIONS.package_key = None 33*9e94795aSAndroid Build Coastguard Worker 34*9e94795aSAndroid Build Coastguard WorkerPAYLOAD_BIN = 'payload.bin' 35*9e94795aSAndroid Build Coastguard WorkerPAYLOAD_PROPERTIES_TXT = 'payload_properties.txt' 36*9e94795aSAndroid Build Coastguard Worker 37*9e94795aSAndroid Build Coastguard Workerclass SignerOptions(OptionHandler): 38*9e94795aSAndroid Build Coastguard Worker 39*9e94795aSAndroid Build Coastguard Worker @staticmethod 40*9e94795aSAndroid Build Coastguard Worker def ParseOptions(o, a): 41*9e94795aSAndroid Build Coastguard Worker if o in ("-k", "--package_key"): 42*9e94795aSAndroid Build Coastguard Worker OPTIONS.package_key = a 43*9e94795aSAndroid Build Coastguard Worker elif o == "--payload_signer": 44*9e94795aSAndroid Build Coastguard Worker OPTIONS.payload_signer = a 45*9e94795aSAndroid Build Coastguard Worker elif o == "--payload_signer_args": 46*9e94795aSAndroid Build Coastguard Worker OPTIONS.payload_signer_args = shlex.split(a) 47*9e94795aSAndroid Build Coastguard Worker elif o == "--payload_signer_maximum_signature_size": 48*9e94795aSAndroid Build Coastguard Worker OPTIONS.payload_signer_maximum_signature_size = a 49*9e94795aSAndroid Build Coastguard Worker elif o == "--payload_signer_key_size": 50*9e94795aSAndroid Build Coastguard Worker # TODO(xunchang) remove this option after cleaning up the callers. 51*9e94795aSAndroid Build Coastguard Worker logger.warning("The option '--payload_signer_key_size' is deprecated." 52*9e94795aSAndroid Build Coastguard Worker " Use '--payload_signer_maximum_signature_size' instead.") 53*9e94795aSAndroid Build Coastguard Worker OPTIONS.payload_signer_maximum_signature_size = a 54*9e94795aSAndroid Build Coastguard Worker else: 55*9e94795aSAndroid Build Coastguard Worker return False 56*9e94795aSAndroid Build Coastguard Worker return True 57*9e94795aSAndroid Build Coastguard Worker 58*9e94795aSAndroid Build Coastguard Worker def __init__(self): 59*9e94795aSAndroid Build Coastguard Worker super().__init__( 60*9e94795aSAndroid Build Coastguard Worker ["payload_signer=", 61*9e94795aSAndroid Build Coastguard Worker "package_key=", 62*9e94795aSAndroid Build Coastguard Worker "payload_signer_args=", 63*9e94795aSAndroid Build Coastguard Worker "payload_signer_maximum_signature_size=", 64*9e94795aSAndroid Build Coastguard Worker "payload_signer_key_size="], 65*9e94795aSAndroid Build Coastguard Worker SignerOptions.ParseOptions 66*9e94795aSAndroid Build Coastguard Worker ) 67*9e94795aSAndroid Build Coastguard Worker 68*9e94795aSAndroid Build Coastguard Worker 69*9e94795aSAndroid Build Coastguard Workersigner_options = SignerOptions() 70*9e94795aSAndroid Build Coastguard Worker 71*9e94795aSAndroid Build Coastguard Worker 72*9e94795aSAndroid Build Coastguard Workerclass PayloadSigner(object): 73*9e94795aSAndroid Build Coastguard Worker """A class that wraps the payload signing works. 74*9e94795aSAndroid Build Coastguard Worker 75*9e94795aSAndroid Build Coastguard Worker When generating a Payload, hashes of the payload and metadata files will be 76*9e94795aSAndroid Build Coastguard Worker signed with the device key, either by calling an external payload signer or 77*9e94795aSAndroid Build Coastguard Worker by calling openssl with the package key. This class provides a unified 78*9e94795aSAndroid Build Coastguard Worker interface, so that callers can just call PayloadSigner.Sign(). 79*9e94795aSAndroid Build Coastguard Worker 80*9e94795aSAndroid Build Coastguard Worker If an external payload signer has been specified (OPTIONS.payload_signer), it 81*9e94795aSAndroid Build Coastguard Worker calls the signer with the provided args (OPTIONS.payload_signer_args). Note 82*9e94795aSAndroid Build Coastguard Worker that the signing key should be provided as part of the payload_signer_args. 83*9e94795aSAndroid Build Coastguard Worker Otherwise without an external signer, it uses the package key 84*9e94795aSAndroid Build Coastguard Worker (OPTIONS.package_key) and calls openssl for the signing works. 85*9e94795aSAndroid Build Coastguard Worker """ 86*9e94795aSAndroid Build Coastguard Worker 87*9e94795aSAndroid Build Coastguard Worker def __init__(self, package_key=None, private_key_suffix=None, pw=None, payload_signer=None, 88*9e94795aSAndroid Build Coastguard Worker payload_signer_args=None, payload_signer_maximum_signature_size=None): 89*9e94795aSAndroid Build Coastguard Worker if package_key is None: 90*9e94795aSAndroid Build Coastguard Worker package_key = OPTIONS.package_key 91*9e94795aSAndroid Build Coastguard Worker if private_key_suffix is None: 92*9e94795aSAndroid Build Coastguard Worker private_key_suffix = OPTIONS.private_key_suffix 93*9e94795aSAndroid Build Coastguard Worker if payload_signer_args is None: 94*9e94795aSAndroid Build Coastguard Worker payload_signer_args = OPTIONS.payload_signer_args 95*9e94795aSAndroid Build Coastguard Worker if payload_signer_maximum_signature_size is None: 96*9e94795aSAndroid Build Coastguard Worker payload_signer_maximum_signature_size = OPTIONS.payload_signer_maximum_signature_size 97*9e94795aSAndroid Build Coastguard Worker 98*9e94795aSAndroid Build Coastguard Worker if payload_signer is None: 99*9e94795aSAndroid Build Coastguard Worker # Prepare the payload signing key. 100*9e94795aSAndroid Build Coastguard Worker private_key = package_key + private_key_suffix 101*9e94795aSAndroid Build Coastguard Worker 102*9e94795aSAndroid Build Coastguard Worker cmd = ["openssl", "pkcs8", "-in", private_key, "-inform", "DER"] 103*9e94795aSAndroid Build Coastguard Worker cmd.extend(["-passin", "pass:" + pw] if pw else ["-nocrypt"]) 104*9e94795aSAndroid Build Coastguard Worker signing_key = common.MakeTempFile(prefix="key-", suffix=".key") 105*9e94795aSAndroid Build Coastguard Worker cmd.extend(["-out", signing_key]) 106*9e94795aSAndroid Build Coastguard Worker common.RunAndCheckOutput(cmd, verbose=True) 107*9e94795aSAndroid Build Coastguard Worker 108*9e94795aSAndroid Build Coastguard Worker self.signer = "openssl" 109*9e94795aSAndroid Build Coastguard Worker self.signer_args = ["pkeyutl", "-sign", "-inkey", signing_key, 110*9e94795aSAndroid Build Coastguard Worker "-pkeyopt", "digest:sha256"] 111*9e94795aSAndroid Build Coastguard Worker self.maximum_signature_size = self._GetMaximumSignatureSizeInBytes( 112*9e94795aSAndroid Build Coastguard Worker signing_key) 113*9e94795aSAndroid Build Coastguard Worker else: 114*9e94795aSAndroid Build Coastguard Worker self.signer = payload_signer 115*9e94795aSAndroid Build Coastguard Worker self.signer_args = payload_signer_args 116*9e94795aSAndroid Build Coastguard Worker if payload_signer_maximum_signature_size: 117*9e94795aSAndroid Build Coastguard Worker self.maximum_signature_size = int( 118*9e94795aSAndroid Build Coastguard Worker payload_signer_maximum_signature_size) 119*9e94795aSAndroid Build Coastguard Worker else: 120*9e94795aSAndroid Build Coastguard Worker # The legacy config uses RSA2048 keys. 121*9e94795aSAndroid Build Coastguard Worker logger.warning("The maximum signature size for payload signer is not" 122*9e94795aSAndroid Build Coastguard Worker " set, default to 256 bytes.") 123*9e94795aSAndroid Build Coastguard Worker self.maximum_signature_size = 256 124*9e94795aSAndroid Build Coastguard Worker 125*9e94795aSAndroid Build Coastguard Worker @staticmethod 126*9e94795aSAndroid Build Coastguard Worker def _GetMaximumSignatureSizeInBytes(signing_key): 127*9e94795aSAndroid Build Coastguard Worker out_signature_size_file = common.MakeTempFile("signature_size") 128*9e94795aSAndroid Build Coastguard Worker cmd = ["delta_generator", "--out_maximum_signature_size_file={}".format( 129*9e94795aSAndroid Build Coastguard Worker out_signature_size_file), "--private_key={}".format(signing_key)] 130*9e94795aSAndroid Build Coastguard Worker common.RunAndCheckOutput(cmd, verbose=True) 131*9e94795aSAndroid Build Coastguard Worker with open(out_signature_size_file) as f: 132*9e94795aSAndroid Build Coastguard Worker signature_size = f.read().rstrip() 133*9e94795aSAndroid Build Coastguard Worker logger.info("%s outputs the maximum signature size: %s", cmd[0], 134*9e94795aSAndroid Build Coastguard Worker signature_size) 135*9e94795aSAndroid Build Coastguard Worker return int(signature_size) 136*9e94795aSAndroid Build Coastguard Worker 137*9e94795aSAndroid Build Coastguard Worker @staticmethod 138*9e94795aSAndroid Build Coastguard Worker def _Run(cmd): 139*9e94795aSAndroid Build Coastguard Worker common.RunAndCheckOutput(cmd, stdout=None, stderr=None) 140*9e94795aSAndroid Build Coastguard Worker 141*9e94795aSAndroid Build Coastguard Worker def SignPayload(self, unsigned_payload): 142*9e94795aSAndroid Build Coastguard Worker 143*9e94795aSAndroid Build Coastguard Worker # 1. Generate hashes of the payload and metadata files. 144*9e94795aSAndroid Build Coastguard Worker payload_sig_file = common.MakeTempFile(prefix="sig-", suffix=".bin") 145*9e94795aSAndroid Build Coastguard Worker metadata_sig_file = common.MakeTempFile(prefix="sig-", suffix=".bin") 146*9e94795aSAndroid Build Coastguard Worker cmd = ["delta_generator", 147*9e94795aSAndroid Build Coastguard Worker "--in_file=" + unsigned_payload, 148*9e94795aSAndroid Build Coastguard Worker "--signature_size=" + str(self.maximum_signature_size), 149*9e94795aSAndroid Build Coastguard Worker "--out_metadata_hash_file=" + metadata_sig_file, 150*9e94795aSAndroid Build Coastguard Worker "--out_hash_file=" + payload_sig_file] 151*9e94795aSAndroid Build Coastguard Worker self._Run(cmd) 152*9e94795aSAndroid Build Coastguard Worker 153*9e94795aSAndroid Build Coastguard Worker # 2. Sign the hashes. 154*9e94795aSAndroid Build Coastguard Worker signed_payload_sig_file = self.SignHashFile(payload_sig_file) 155*9e94795aSAndroid Build Coastguard Worker signed_metadata_sig_file = self.SignHashFile(metadata_sig_file) 156*9e94795aSAndroid Build Coastguard Worker 157*9e94795aSAndroid Build Coastguard Worker # 3. Insert the signatures back into the payload file. 158*9e94795aSAndroid Build Coastguard Worker signed_payload_file = common.MakeTempFile(prefix="signed-payload-", 159*9e94795aSAndroid Build Coastguard Worker suffix=".bin") 160*9e94795aSAndroid Build Coastguard Worker cmd = ["delta_generator", 161*9e94795aSAndroid Build Coastguard Worker "--in_file=" + unsigned_payload, 162*9e94795aSAndroid Build Coastguard Worker "--out_file=" + signed_payload_file, 163*9e94795aSAndroid Build Coastguard Worker "--signature_size=" + str(self.maximum_signature_size), 164*9e94795aSAndroid Build Coastguard Worker "--metadata_signature_file=" + signed_metadata_sig_file, 165*9e94795aSAndroid Build Coastguard Worker "--payload_signature_file=" + signed_payload_sig_file] 166*9e94795aSAndroid Build Coastguard Worker self._Run(cmd) 167*9e94795aSAndroid Build Coastguard Worker return signed_payload_file 168*9e94795aSAndroid Build Coastguard Worker 169*9e94795aSAndroid Build Coastguard Worker def SignHashFile(self, in_file): 170*9e94795aSAndroid Build Coastguard Worker """Signs the given input file. Returns the output filename.""" 171*9e94795aSAndroid Build Coastguard Worker out_file = common.MakeTempFile(prefix="signed-", suffix=".bin") 172*9e94795aSAndroid Build Coastguard Worker cmd = [self.signer] + self.signer_args + ['-in', in_file, '-out', out_file] 173*9e94795aSAndroid Build Coastguard Worker common.RunAndCheckOutput(cmd) 174*9e94795aSAndroid Build Coastguard Worker return out_file 175*9e94795aSAndroid Build Coastguard Worker 176*9e94795aSAndroid Build Coastguard Workerdef GeneratePayloadProperties(payload_file): 177*9e94795aSAndroid Build Coastguard Worker properties_file = common.MakeTempFile(prefix="payload-properties-", 178*9e94795aSAndroid Build Coastguard Worker suffix=".txt") 179*9e94795aSAndroid Build Coastguard Worker cmd = ["delta_generator", 180*9e94795aSAndroid Build Coastguard Worker "--in_file=" + payload_file, 181*9e94795aSAndroid Build Coastguard Worker "--properties_file=" + properties_file] 182*9e94795aSAndroid Build Coastguard Worker common.RunAndCheckOutput(cmd) 183*9e94795aSAndroid Build Coastguard Worker return properties_file 184*9e94795aSAndroid Build Coastguard Worker 185*9e94795aSAndroid Build Coastguard Workerdef SignOtaPackage(input_path, output_path): 186*9e94795aSAndroid Build Coastguard Worker payload_signer = PayloadSigner( 187*9e94795aSAndroid Build Coastguard Worker OPTIONS.package_key, OPTIONS.private_key_suffix, 188*9e94795aSAndroid Build Coastguard Worker None, OPTIONS.payload_signer, OPTIONS.payload_signer_args) 189*9e94795aSAndroid Build Coastguard Worker common.ZipExclude(input_path, output_path, [PAYLOAD_BIN, PAYLOAD_PROPERTIES_TXT]) 190*9e94795aSAndroid Build Coastguard Worker with tempfile.NamedTemporaryFile() as unsigned_payload, zipfile.ZipFile(input_path, "r", allowZip64=True) as zfp: 191*9e94795aSAndroid Build Coastguard Worker with zfp.open("payload.bin") as payload_fp: 192*9e94795aSAndroid Build Coastguard Worker shutil.copyfileobj(payload_fp, unsigned_payload) 193*9e94795aSAndroid Build Coastguard Worker signed_payload = payload_signer.SignPayload(unsigned_payload.name) 194*9e94795aSAndroid Build Coastguard Worker properties_file = GeneratePayloadProperties(signed_payload) 195*9e94795aSAndroid Build Coastguard Worker with zipfile.ZipFile(output_path, "a", compression=zipfile.ZIP_STORED, allowZip64=True) as output_zfp: 196*9e94795aSAndroid Build Coastguard Worker common.ZipWrite(output_zfp, signed_payload, PAYLOAD_BIN) 197*9e94795aSAndroid Build Coastguard Worker common.ZipWrite(output_zfp, properties_file, PAYLOAD_PROPERTIES_TXT) 198*9e94795aSAndroid Build Coastguard Worker 199*9e94795aSAndroid Build Coastguard Worker 200*9e94795aSAndroid Build Coastguard Workerdef main(argv): 201*9e94795aSAndroid Build Coastguard Worker parser = argparse.ArgumentParser( 202*9e94795aSAndroid Build Coastguard Worker prog=argv[0], description="Given a series of .img files, produces a full OTA package that installs thoese images") 203*9e94795aSAndroid Build Coastguard Worker parser.add_argument("input_ota", type=str, 204*9e94795aSAndroid Build Coastguard Worker help="Input OTA for signing") 205*9e94795aSAndroid Build Coastguard Worker parser.add_argument('output_ota', type=str, 206*9e94795aSAndroid Build Coastguard Worker help='Output OTA for the signed package') 207*9e94795aSAndroid Build Coastguard Worker parser.add_argument("-v", action="store_true", 208*9e94795aSAndroid Build Coastguard Worker help="Enable verbose logging", dest="verbose") 209*9e94795aSAndroid Build Coastguard Worker AddSigningArgumentParse(parser) 210*9e94795aSAndroid Build Coastguard Worker args = parser.parse_args(argv[1:]) 211*9e94795aSAndroid Build Coastguard Worker input_ota = args.input_ota 212*9e94795aSAndroid Build Coastguard Worker output_ota = args.output_ota 213*9e94795aSAndroid Build Coastguard Worker if args.verbose: 214*9e94795aSAndroid Build Coastguard Worker OPTIONS.verbose = True 215*9e94795aSAndroid Build Coastguard Worker common.InitLogging() 216*9e94795aSAndroid Build Coastguard Worker if args.package_key: 217*9e94795aSAndroid Build Coastguard Worker OPTIONS.package_key = args.package_key 218*9e94795aSAndroid Build Coastguard Worker logger.info("Re-signing OTA package {}".format(input_ota)) 219*9e94795aSAndroid Build Coastguard Worker SignOtaPackage(input_ota, output_ota) 220*9e94795aSAndroid Build Coastguard Worker 221*9e94795aSAndroid Build Coastguard Workerif __name__ == "__main__": 222*9e94795aSAndroid Build Coastguard Worker import sys 223*9e94795aSAndroid Build Coastguard Worker main(sys.argv)