scripts: migrate away from pycryptodome

Move away from pycryptodome and use pyca/cryptography instead.

pycryptodome has been a little confusing due to other similar packages
(pycrypto, pycryptodome

scripts: migrate away from pycryptodome

Move away from pycryptodome and use pyca/cryptography instead.

pycryptodome has been a little confusing due to other similar packages
(pycrypto, pycryptodomex). pyca/cryptography also allow custom backends
other than OpenSSL, so it will make additional signing backends (AWS,
Azure, GCP) possible in the future (where the private key will be
protected by the cloud service provider rather than in plaintext).

Signed-off-by: Donald Chan <hoiho@lab126.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

scripts: support both pycryptodome and pycryptodomex

Current actual Python library for cryptography is being distributed in
two flavors: pycroptodome and pycroptodomex. They are basically the same
l

scripts: support both pycryptodome and pycryptodomex

Current actual Python library for cryptography is being distributed in
two flavors: pycroptodome and pycroptodomex. They are basically the same
library, but with different import names:

- pycryptodome provides 'Crypto' module and indented to directly replace
old pycrypto library

- pycryptodomex provides 'Cryptodome' module and is intended for old
distributions, where pycrypto is still present

Most of the modern Linux distributions provide both of the libraries, so
there is no difference which one is to use. But some of them (like
Yocto/Poky) provide only one.

This patches makes scripts agnostic to a crypto library flavor being used
by trying to import Cryptodome first and then Crypto if first import fails.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

scripts/pem_to_pub.py: use Cryptodome module instead of Crypto

Upgrade scripts/pem_to_pub.py to use module Cryptodome instead of
module Crypto for consistency with the other helper Python scripts
of

scripts/pem_to_pub.py: use Cryptodome module instead of Crypto

Upgrade scripts/pem_to_pub.py to use module Cryptodome instead of
module Crypto for consistency with the other helper Python scripts
of OP-TEE OS package.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

scripts: convert remainging scripts to python3

Convert the remaining scripts to python3. Mostly done with 2to3 and
manual adjustements to the code afterwards.

Signed-off-by: Rouven Czerwinski <r.cz

scripts: convert remainging scripts to python3

Convert the remaining scripts to python3. Mostly done with 2to3 and
manual adjustements to the code afterwards.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU, QEMUv8)

show more ...

pem_to_pub_c.py: Rework code to be more pythonic

Instances of open() were wrapped in with statements to ensure proper
closing of files even in the case of errors. This also improves
the readability

pem_to_pub_c.py: Rework code to be more pythonic

Instances of open() were wrapped in with statements to ensure proper
closing of files even in the case of errors. This also improves
the readability of the code.

Signed-off-by: Markus S. Wamser <markus.wamser@mixed-mode.de>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
[jf: add file name to commit subject and use imperative mood]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

pem_to_pub_c.py: Add sanity check for public exponent of TA signing key

This change fixes a potential security vulnerability.

The public exponent of the TA signing key is stored by OP-TEE OS as an

pem_to_pub_c.py: Add sanity check for public exponent of TA signing key

This change fixes a potential security vulnerability.

The public exponent of the TA signing key is stored by OP-TEE OS as an
unsigned 32-bit integer. While rarely seen in the wild, public exponents
that overflow this storage field exist. Although the C compiler usually
generates an overflow warning when such an exponent would be set, this
happens only once after the key was changed and is easily overlooked.
With this change the script throws an exception, notifying the user of the
unsuitable key.

Without the sanity check, such an unsuitable key would simply lead to
TA signature verification failures. However, if the public exponent e
is close to a multiple of 2^32, a small exponent attack to forge a
signature might be feasible.

Signed-off-by: Markus S. Wamser <markus.wamser@mixed-mode.de>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
[jf: add file name to commit subject]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

pem_to_pub_c.py: fix issues reported by pycodestyle and re-indent

Fixes issues reported by: pycodestyle pem_to_pub_c.py and re-indent
(4 spaces).
Patch obtained by running: autopep8 -i -a -a pem_to_

pem_to_pub_c.py: fix issues reported by pycodestyle and re-indent

Fixes issues reported by: pycodestyle pem_to_pub_c.py and re-indent
(4 spaces).
Patch obtained by running: autopep8 -i -a -a pem_to_pub_c.py.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove 'All rights reserved' from Linaro files

The text 'All rights reserved' is useless [1]. The Free Software
Foundation's REUSE Initiative best practices document [2] does not
contain these words

Remove 'All rights reserved' from Linaro files

The text 'All rights reserved' is useless [1]. The Free Software
Foundation's REUSE Initiative best practices document [2] does not
contain these words. Therefore, we can safely remove the text from the
files that are owned by Linaro.

Generated by:
spdxify.py --linaro-only --strip-arr optee_os/

Link: [1] https://en.wikipedia.org/wiki/All_rights_reserved
Link: [2] https://reuse.software/practices/
Link: [3] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Remove license notice from Linaro files

Now that we have added SPDX identifiers, we can safely remove the
verbose license text from the files that are owned by Linaro.

Generated by [1]:
spdxify.p

Remove license notice from Linaro files

Now that we have added SPDX identifiers, we can safely remove the
verbose license text from the files that are owned by Linaro.

Generated by [1]:
spdxify.py --linaro-only --strip-license-text optee_os/

Link: [1] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Add SPDX license identifiers

Adds one SPDX-License-Identifier line [1] to each source files that
contains license text.

Generated by [2]:
spdxify.py --add-spdx optee_os/

The scancode tool [3] wa

Add SPDX license identifiers

Adds one SPDX-License-Identifier line [1] to each source files that
contains license text.

Generated by [2]:
spdxify.py --add-spdx optee_os/

The scancode tool [3] was used to double check the license matching
code in the Python script. All the licenses detected by scancode are
either detected by spdxify.py, or have no SPDX identifier, or are false
matches.

Link: [1] https://spdx.org/licenses/
Link: [2] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py
Link: [3] https://github.com/nexB/scancode-toolkit
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

TA as ELF + signature

Changes format of TA to use the ELF format instead. This patch also adds
signature checking of the TA. The format of the TA is:
<Signed header>
<ELF header>
<Program header> (p

TA as ELF + signature

Changes format of TA to use the ELF format instead. This patch also adds
signature checking of the TA. The format of the TA is:
<Signed header>
<ELF header>
<Program header> (part of ELF spec, pointing out segments to load)
<Sections>

A struct ta_head is placed in the first section of the first segment
to carry flags and other properties of the TA.

elf32.h, elf64.h and elf_common.h are imported from FreeBSD.

In addition to the R_ARM_RELATIVE relocation type, adds support for
R_ARM_ABS32 relocations. Since a symbol table is needed to process this
relocation type a separate program header is added in the TA ELF
containing the sections .dynamic, .dynsym, .dynstr and .hash. These
sections are only needed during relocation and could be released once
the TA is relocated.

A default signing key has been generated with
openssl genrsa -out key.pem
and added as keys/default_ta.pem

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU, FVP)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)

show more ...