TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / 78e57c7b6e89eaae41b2426afb0e86a2146d6504^! / . / scripts / imgtool / main.py
commit78e57c7b6e89eaae41b2426afb0e86a2146d6504[log] [tgz]
authorIoannis Konstantelias <ikonstadel@gmail.com>Thu Nov 28 16:06:12 2019 +0200
committerFabio Utzig <utzig@utzig.org>Tue Dec 17 16:26:53 2019 -0300
treea53f930ea06b85674fcc4d0191cdd26d81a9d854
parent6f4d8f8597a09b9ceda3f617328374ff717d5f73 [diff] [blame]
scripts: imgtool: Add command to dump private keys

This applies a few improvements to a commit previously included in
PR #596:

* Move functions to dump a private key to the private key classes
* Remove language option; always dumps in C format
* Add option to generate a minimal dump. This will remove extra
  parameters that are present in keys generated with the `keygen`
  command.
  For P256 this will remove the public point, which is already
  ignored by the parsing function. The resulting key dump shrinks
  from 138 to 70 bytes.
  For RSA it will remove the DP/DQ/QP parameters which are only
  used with CRT enabled, and if not available, can be calculated at
  runtime. This reduces the size of a key dump from around 1190
  bytes to somewhere close to 800 bytes. A patch to the RSA parsing
  routine will be added in another commit.

Signed-off-by: Fabio Utzig <utzig@apache.org>
Signed-off-by: Ioannis Konstantelias <ikonstadel@gmail.com>

diff --git a/scripts/imgtool/main.py b/scripts/imgtool/main.py
index 2c1e049..61ed282 100755
--- a/scripts/imgtool/main.py
+++ b/scripts/imgtool/main.py

@@ -92,19 +92,33 @@
 @click.option('-l', '--lang', metavar='lang', default=valid_langs[0],
               type=click.Choice(valid_langs))
 @click.option('-k', '--key', metavar='filename', required=True)
-@click.command(help='Get public key from keypair')
+@click.command(help='Dump public key from keypair')
 def getpub(key, lang):
     key = load_key(key)
     if key is None:
         print("Invalid passphrase")
     elif lang == 'c':
-        key.emit_c()
+        key.emit_c_public()
     elif lang == 'rust':
-        key.emit_rust()
+        key.emit_rust_public()
     else:
         raise ValueError("BUG: should never get here!")
 
 
+@click.option('--minimal', default=False, is_flag=True,
+              help='Reduce the size of the dumped private key to include only '
+                   'the minimum amount of data required to decrypt. This '
+                   'might require changes to the build config. Check the docs!'
+              )
+@click.option('-k', '--key', metavar='filename', required=True)
+@click.command(help='Dump private key from keypair')
+def getpriv(key, minimal):
+    key = load_key(key)
+    if key is None:
+        print("Invalid passphrase")
+    key.emit_private(minimal)
+
+
 @click.argument('imgfile')
 @click.option('-k', '--key', metavar='filename')
 @click.command(help="Check that signed image can be verified by given key")
@@ -271,6 +285,7 @@
 
 imgtool.add_command(keygen)
 imgtool.add_command(getpub)
+imgtool.add_command(getpriv)
 imgtool.add_command(verify)
 imgtool.add_command(sign)
 imgtool.add_command(version)