wip

nrfconnect · Jun 28, 2024 · d50dd78 · d50dd78
1 parent 8541955
commit d50dd78
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 4 deletions.
diff --git a/scripts/imgtool/image.py b/scripts/imgtool/image.py
@@ -63,6 +63,7 @@
         'PUBKEY': 0x02,
         'SHA256': 0x10,
         'SHA384': 0x11,
+        'SHA512': 0x12,
         'RSA2048': 0x20,
         'ECDSASIG': 0x22,
         'RSA3072': 0x23,
@@ -315,13 +316,16 @@ def ecies_hkdf(self, enckey, plainkey):
                 format=PublicFormat.Raw)
         return cipherkey, ciphermac, pubk
 
-    def create(self, key, public_key_format, enckey, dependencies=None,
+    def create(self, key, public_key_format, hash_type, enckey, dependencies=None,
                sw_type=None, custom_tlvs=None, encrypt_keylen=128, clear=False,
                fixed_sig=None, pub_key=None, vector_to_sign=None):
         self.enckey = enckey
 
         # Check what hashing algorithm should be used
-        if (key is not None and isinstance(key, ecdsa.ECDSA384P1) or
+        if (hash_type is "sha512"):
+            hash_algorithm = hashlib.sha512
+            hash_tlv = "SHA512"
+        elif (key is not None and isinstance(key, ecdsa.ECDSA384P1) or
                 pub_key is not None and isinstance(pub_key,
                                                    ecdsa.ECDSA384P1Public)):
             hash_algorithm = hashlib.sha384

diff --git a/scripts/imgtool/main.py b/scripts/imgtool/main.py
@@ -388,6 +388,8 @@ def convert(self, value, param, ctx):
 @click.option('--public-key-format', type=click.Choice(['hash', 'full']),
               default='hash', help='In what format to add the public key to '
               'the image manifest: full key or hash of the key.')
+@click.option('--hash-type', type=click.Choice(['sha256', 'sha384', 'sha512']),
+              default='sha256')
 @click.option('-k', '--key', metavar='filename')
 @click.option('--fix-sig', metavar='filename',
               help='fixed signature for the image. It will be used instead of '
@@ -404,7 +406,7 @@ def convert(self, value, param, ctx):
 @click.command(help='''Create a signed or unsigned image\n
                INFILE and OUTFILE are parsed as Intel HEX if the params have
                .hex extension, otherwise binary format is used''')
-def sign(key, public_key_format, align, version, pad_sig, header_size,
+def sign(key, public_key_format, hash_type, align, version, pad_sig, header_size,
          pad_header, slot_size, pad, confirm, max_sectors, overwrite_only,
          endian, encrypt_keylen, encrypt, infile, outfile, dependencies,
          load_addr, hex_addr, erased_val, save_enctlv, security_counter,
@@ -474,7 +476,7 @@ def sign(key, public_key_format, align, version, pad_sig, header_size,
             'value': raw_signature
         }
 
-    img.create(key, public_key_format, enckey, dependencies, boot_record,
+    img.create(key, public_key_format, hash_type, enckey, dependencies, boot_record,
                custom_tlvs, int(encrypt_keylen), clear, baked_signature,
                pub_key, vector_to_sign)
     img.save(outfile, hex_addr)