espressif/esptool
1
0
Fork 0
mirror of https://github.com/espressif/esptool.git synced 2025-10-19 20:13:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(espsecure): Allow signing multiple files in one go

Browse Source
This commit is contained in:
Peter Dragun
2025-08-13 16:58:25 +02:00
parent 66a137738e
commit 0177d611ac
2 changed files with 32 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
espsecure/__init__.py
View File

@@ -21,6 +21,7 @@ from cryptography.hazmat.primitives.asymmetric import ec, padding, rsa, utils
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.utils import int_to_bytes from cryptography.utils import int_to_bytes
from esptool.cli_util import OptionEatAll
from esptool.logger import log from esptool.logger import log
import esptool import esptool
@@ -1645,6 +1646,8 @@ def generate_signing_key_cli(version, scheme, keyfile):
"--keyfile", "--keyfile",
"-k", "-k",
type=click.File("rb"), type=click.File("rb"),
cls=OptionEatAll,
required=True,
multiple=True, multiple=True,
help="Private key file for signing. Key is in PEM format.", help="Private key file for signing. Key is in PEM format.",
) )
@@ -1677,6 +1680,7 @@ def generate_signing_key_cli(version, scheme, keyfile):
@click.option( @click.option(
"--pub-key", "--pub-key",
type=click.File("rb"), type=click.File("rb"),
cls=OptionEatAll,
multiple=True, multiple=True,
help="Public key files corresponding to the private key used to generate the " help="Public key files corresponding to the private key used to generate the "
"pre-calculated signatures. Keys should be in PEM format.", "pre-calculated signatures. Keys should be in PEM format.",
@@ -1684,6 +1688,7 @@ def generate_signing_key_cli(version, scheme, keyfile):
@click.option( @click.option(
"--signature", "--signature",
type=click.File("rb"), type=click.File("rb"),
cls=OptionEatAll,
multiple=True, multiple=True,
default=None, default=None,
help="Pre-calculated signatures. Signatures generated using external private keys " help="Pre-calculated signatures. Signatures generated using external private keys "

27
test/test_espsecure.py
View File

@@ -197,6 +197,33 @@ class TestSigning(EspSecureTestCase):
output_file.close() output_file.close()
os.unlink(output_file.name) os.unlink(output_file.name)
def test_sign_v2_multiple_keys_cli(self):
keydir = os.path.join(TEST_DIR, "secure_images")
with tempfile.NamedTemporaryFile(delete=False) as output_file:
self.run_espsecure(
"sign-data --version 2 --keyfile "
f"{keydir}/rsa_secure_boot_signing_key.pem "
f"{keydir}/rsa_secure_boot_signing_key2.pem "
f"{keydir}/rsa_secure_boot_signing_key3.pem "
f"--output {output_file.name} "
f"{keydir}/bootloader_unsigned_v2.bin"
)
self.run_espsecure(
"verify-signature --version 2 --keyfile "
f"{keydir}/rsa_secure_boot_signing_key.pem "
f"{output_file.name}"
)
self.run_espsecure(
"verify-signature --version 2 --keyfile "
f"{keydir}/rsa_secure_boot_signing_key2.pem "
f"{output_file.name}"
)
self.run_espsecure(
"verify-signature --version 2 --keyfile "
f"{keydir}/rsa_secure_boot_signing_key3.pem "
f"{output_file.name}"
)
def test_sign_v2_multiple_keys(self): def test_sign_v2_multiple_keys(self):
# 3 keys + Verify with 3rd key # 3 keys + Verify with 3rd key
try: try: