-
Notifications
You must be signed in to change notification settings - Fork 102
146 lines (109 loc) · 4.22 KB
/
test-keytools.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
name: Wolfboot keytools test workflow
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
# ECC
- name: make clean
run: |
make distclean
- name: Select config
run: |
cp config/examples/sim-ecc.config .config && make include/target.h
- name: Build tools
run: |
make -C tools/keytools && make -C tools/bin-assemble
- name: Build wolfboot
run: |
make ${{inputs.make-args}}
- name: Generate external key
run: |
openssl ecparam -name prime256v1 -genkey -noout -outform DER -out private-key.der
- name: Export external public key
run: |
openssl ec -in private-key.der -inform DER -pubout -out public-key.der -outform DER
- name: Import external public key
run: |
./tools/keytools/keygen --ecc256 -i public-key.der
- name: Hash the image elf
run: |
./tools/keytools/sign --ecc256 --sha-only --sha256 test-app/image.elf public-key.der 1
- name: Sign the digest with the external key
run: |
openssl pkeyutl -sign -keyform der -inkey private-key.der -in test-app/image_v1_digest.bin > test-app/image_v1.sig
- name: Generate final signed binary
run: |
./tools/keytools/sign --ecc256 --sha256 --manual-sign test-app/image.elf public-key.der 1 test-app/image_v1.sig
# ED25519
- name: make clean
run: |
make distclean
- name: Select config
run: |
cp config/examples/sim.config .config && make include/target.h
- name: Build tools
run: |
make -C tools/keytools && make -C tools/bin-assemble
- name: Build wolfboot
run: |
make ${{inputs.make-args}}
- name: Generate external key
run: |
openssl genpkey -algorithm ed25519 -out private-key.der -outform DER
- name: Export external public key
run: |
openssl pkey -in private-key.der -inform DER -pubout -out public-key.der -outform DER
- name: Import external public key
run: |
./tools/keytools/keygen --ed25519 -i public-key.der
- name: Hash the image elf
run: |
./tools/keytools/sign --ed25519 --sha-only --sha256 test-app/image.elf public-key.der 1
- name: Sign the digest with the external key
run: |
openssl pkeyutl -sign -keyform der -inkey private-key.der -rawin -in test-app/image_v1_digest.bin > test-app/image_v1.sig
- name: Generate final signed binary
run: |
./tools/keytools/sign --ed25519 --sha256 --manual-sign test-app/image.elf public-key.der 1 test-app/image_v1.sig
# RSA
- name: make clean
run: |
make distclean
- name: Select config
run: |
cp config/examples/sim-rsa.config .config && make include/target.h
- name: Build tools
run: |
make -C tools/keytools && make -C tools/bin-assemble
- name: Build wolfboot
run: |
make ${{inputs.make-args}}
- name: Generate external key
run: |
openssl genrsa -out private-key.pem 2048
- name: Convert to DER
run: |
openssl rsa -in private-key.pem -inform PEM -out private-key.der -outform DER
- name: Export external public key
run: |
openssl rsa -inform DER -outform DER -in private-key.der -out public-key.der -pubout
- name: Import external public key
run: |
./tools/keytools/keygen --rsa2048 -i public-key.der
- name: Hash the image elf
run: |
./tools/keytools/sign --rsa2048 --sha-only --sha256 test-app/image.elf public-key.der 1
- name: Sign the digest with the external key
run: |
openssl pkeyutl -sign -keyform der -inkey private-key.der -in test-app/image_v1_digest.bin > test-app/image_v1.sig
- name: Generate final signed binary
run: |
./tools/keytools/sign --rsa2048 --sha256 --manual-sign test-app/image.elf public-key.der 1 test-app/image_v1.sig