mirror/u-boot-2016
1
0
Fork 0
mirror of https://git.codelinaro.org/clo/qsdk/oss/boot/u-boot-2016.git synced 2025-12-10 07:44:53 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge "tools: Add image encryption script for aes xts mode"

Browse source
This commit is contained in:
Linux Build Service Account 2024-05-16 01:19:36 -07:00 committed by Gerrit - the friendly Code Review server
commit 114650d440
1 changed files with 73 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

73
tools/encrypt_image_aes_xts.py Normal file
View file

@ -0,0 +1,73 @@
/*
* Copyright (c) 2024 Qualcomm Innovation Center, Inc. All rights reserved.
* SPDX-License-Identifier: GPL-2.0-only
*/
#!/usr/bin/env python3
"""
This script encrypts the provided image in blocks of 512.
Currently only AES XTS is supported. For other modes use
standard OpenSSL tool.
Usage: python3 encrypt_image.py <input image> <key> <output image name>
"""
import os
import sys
from typing import BinaryIO
# Import the pre-requisites
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.ciphers import Cipher
from cryptography.hazmat.primitives.ciphers.algorithms import AES
from cryptography.hazmat.primitives.ciphers.modes import XTS
sectorsize = 512
sec_dbl = sectorsize * 2
def xts_encrypt(rawfile: BinaryIO, key: bytes, encrypted_file: BinaryIO):
algorithm = AES(key)
sec_cnt = 0
while True:
rawsector = rawfile.read(sectorsize)
if not rawsector:
break
# Pad data to 512
if len(rawsector) < sectorsize:
raw_mul = (sectorsize - len(rawsector))
rawsector += (b'\x00' * raw_mul)
xts_tweak_bytes = sec_cnt.to_bytes(length=16, byteorder='little')
encryptor = Cipher(algorithm=algorithm, mode=XTS(xts_tweak_bytes), backend=default_backend()).encryptor()
xts_output = encryptor.update(rawsector) + encryptor.finalize()
encrypted_file.write(xts_output)
sec_cnt += 1
plain_size = sec_cnt * sectorsize
pad_check = (plain_size % (sec_dbl * 4))
if (pad_check != 0):
pad_length = ((plain_size // sec_dbl) + 4) * sec_dbl
pad_length = (pad_length - plain_size)
encrypted_file.write(b'\x00' * pad_length)
if __name__ == '__main__':
if len(sys.argv) != 4:
print("Usage: python3 encrypt_image.py <input image> <key> <output image name>")
sys.exit(1)
plain_image = sys.argv[1]
cipher_image = sys.argv[3]
enc_key = sys.argv[2]
with open(enc_key, 'rb') as f:
rootfs_key = f.read()
with open(plain_image, 'rb') as rootfs_img, open(cipher_image, 'wb') as rootfs_enc:
xts_encrypt(rootfs_img, rootfs_key, rootfs_enc)