[Feature]add MT2731_MP2_MR2_SVN388 baseline version
Change-Id: Ief04314834b31e27effab435d3ca8ba33b499059
diff --git a/src/devtools/packer/mt2731/cryptoSB.py b/src/devtools/packer/mt2731/cryptoSB.py
new file mode 100644
index 0000000..a481b17
--- /dev/null
+++ b/src/devtools/packer/mt2731/cryptoSB.py
@@ -0,0 +1,490 @@
+import binascii
+import Crypto.Random.OSRNG.posix as RNG
+from Crypto.Cipher import AES
+from Crypto.Hash import MD5
+from Crypto.Hash import SHA
+from Crypto.Hash import SHA224
+from Crypto.Hash import SHA256
+from Crypto.Hash import SHA384
+from Crypto.Hash import SHA512
+from Crypto.Hash import HMAC
+from Crypto.Util import Counter
+import CryptoPlus
+from CryptoPlus.Cipher import python_AES as CP_python_AES
+import ecdsa
+from ecdsa import SigningKey, VerifyingKey
+from ecdsa.curves import NIST192p, NIST224p, NIST256p, NIST384p
+from ecdsa.util import sigencode_string
+from hashlib import sha1, sha224, sha256, sha384
+
+''' Select ECDSA Curve '''
+__CURVE = 'prime256v1'
+
+AUTH_ECDSA_NISTP256 = 0
+AUTH_ECDSA_NISTP384 = 1
+AUTH_AES_CMAC = 2
+AUTH_HMAC_SHA256 = 3
+
+AUTH_ECDSA_NISTP192 = 10
+AUTH_ECDSA_NISTP224 = 11
+
+''' Select ECDSA module '''
+
+''' Select Key Mode '''
+__K_STRING = 0
+__K_PEM = 1
+__K_DER = 2
+
+
+def crypto_pad_to_align(x, align):
+ if(align == 0):
+ return x
+ else:
+ size = len(x)
+ #print("size 0x%x" %size)
+ pad_size = (align - size % align) % align
+ for i in range(0, pad_size, 1):
+ x += b'\x00'
+ #cryptoSB.dump(x)
+ return x
+
+
+# This module is python-ecdsa (warner/python-ecdsa)
+class pythonECDSA:
+ def __init__(self, priv=None, pub=None, curve=None):
+ #print("pure-python ECDSA init")
+ None
+ def sign_string(self, privk, msg, sbc_auth_alg):
+ if(sbc_auth_alg == AUTH_ECDSA_NISTP256):
+ sk = SigningKey.from_string(privk, curve=NIST256p, hashfunc=sha256)
+ signature_str = sk.sign(msg, hashfunc=sha256, sigencode=sigencode_string)
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP384):
+ sk = SigningKey.from_string(privk, curve=NIST384p, hashfunc=sha384)
+ signature_str = sk.sign(msg, hashfunc=sha384, sigencode=sigencode_string)
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP192):
+ sk = SigningKey.from_string(privk, curve=NIST192p, hashfunc=sha1)
+ signature_str = sk.sign(msg, hashfunc=sha1, sigencode=sigencode_string)
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP224):
+ sk = SigningKey.from_string(privk, curve=NIST224p, hashfunc=sha224)
+ signature_str = sk.sign(msg, hashfunc=sha224, sigencode=sigencode_string)
+ return signature_str
+ def sign_pem(self, privk, msg, sbc_auth_alg):
+ #print(" run sign pem")
+ if(sbc_auth_alg == AUTH_ECDSA_NISTP256):
+ sk = SigningKey.from_pem(privk, hashfunc=sha256)
+ signature_pem = sk.sign(msg, hashfunc=sha256)
+
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP384):
+ sk = SigningKey.from_pem(privk, hashfunc=sha384)
+ signature_pem = sk.sign(msg, hashfunc=sha384)
+
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP192):
+ sk = SigningKey.from_pem(privk, hashfunc=sha1)
+ signature_pem = sk.sign(msg, hashfunc=sha1)
+
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP224):
+ sk = SigningKey.from_pem(privk, hashfunc=sha224)
+ signature_pem = sk.sign(msg, hashfunc=sha224)
+
+ return signature_pem
+ def sign_der(self, privk, msg, sbc_auth_alg):
+ #print(" run sign der")
+ if(sbc_auth_alg == AUTH_ECDSA_NISTP256):
+ sk = SigningKey.from_der(privk, hashfunc=sha256)
+ signature_der = sk.sign(msg, hashfunc=sha256)
+
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP384):
+ sk = SigningKey.from_der(privk, hashfunc=sha384)
+ signature_der = sk.sign(msg, hashfunc=sha384)
+
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP192):
+ sk = SigningKey.from_der(privk, hashfunc=sha1)
+ signature_der = sk.sign(msg, hashfunc=sha1)
+
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP224):
+ sk = SigningKey.from_der(privk, hashfunc=sha224)
+ signature_der = sk.sign(msg, hashfunc=sha224)
+
+
+ return signature_der
+ def verify_string(self, pubk, signature_str, msg, sbc_auth_alg):
+ if(sbc_auth_alg == AUTH_ECDSA_NISTP256):
+ vk = VerifyingKey.from_string(pubk, curve=NIST256p, hashfunc=sha256)
+ ret = vk.verify(signature_str, msg)
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP384):
+ vk = VerifyingKey.from_string(pubk, curve=NIST384p, hashfunc=sha384)
+ ret = vk.verify(signature_str, msg)
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP192):
+ vk = VerifyingKey.from_string(pubk, curve=NIST192p, hashfunc=sha1)
+ ret = vk.verify(signature_str, msg)
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP224):
+ vk = VerifyingKey.from_string(pubk, curve=NIST224p, hashfunc=sha224)
+ ret = vk.verify(signature_str, msg)
+ return ret
+ def verify_pem(self, pubk, signature_pem, msg, sbc_auth_alg):
+ #print(" run verify pem")
+ if(sbc_auth_alg == AUTH_ECDSA_NISTP256):
+ vk = VerifyingKey.from_pem(pubk)
+ ret = vk.verify(signature_pem, msg, hashfunc=sha256)
+
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP384):
+ vk = VerifyingKey.from_pem(pubk)
+ ret = vk.verify(signature_pem, msg, hashfunc=sha384)
+
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP192):
+ vk = VerifyingKey.from_pem(pubk)
+ ret = vk.verify(signature_pem, msg, hashfunc=sha1)
+
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP224):
+ vk = VerifyingKey.from_pem(pubk)
+ ret = vk.verify(signature_pem, msg, hashfunc=sha224)
+ return ret
+ def verify_der(self, pubk, signature_der, msg, sbc_auth_alg):
+ #print(" run verify der")
+ if(sbc_auth_alg == AUTH_ECDSA_NISTP256):
+ vk = VerifyingKey.from_der(pubk)
+ ret = vk.verify(signature_der, msg, hashfunc=sha256)
+
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP384):
+ vk = VerifyingKey.from_der(pubk)
+ ret = vk.verify(signature_der, msg, hashfunc=sha384)
+
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP192):
+ vk = VerifyingKey.from_der(pubk)
+ ret = vk.verify(signature_der, msg, hashfunc=sha1)
+
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP224):
+ vk = VerifyingKey.from_der(pubk)
+ ret = vk.verify(signature_der, msg, hashfunc=sha224)
+ return ret
+ def gen_key_string(self, sbc_auth_alg):
+ if(sbc_auth_alg == AUTH_ECDSA_NISTP256):
+ sk = SigningKey.generate(curve=NIST256p, hashfunc=sha256)
+ vk = sk.get_verifying_key()
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP384):
+ sk = SigningKey.generate(curve=NIST384p, hashfunc=sha384)
+ vk = sk.get_verifying_key()
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP192):
+ sk = SigningKey.generate(curve=NIST192p, hashfunc=sha1)
+ vk = sk.get_verifying_key()
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP224):
+ sk = SigningKey.generate(curve=NIST224p, hashfunc=sha224)
+ vk = sk.get_verifying_key()
+ privk_str = sk.to_string()
+ pubk_str = vk.to_string()
+ return privk_str, pubk_str
+ def gen_key_pem(self, sbc_auth_alg):
+ if(sbc_auth_alg == AUTH_ECDSA_NISTP256):
+ sk = SigningKey.generate(curve=NIST256p, hashfunc=sha256)
+ vk = sk.get_verifying_key()
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP384):
+ sk = SigningKey.generate(curve=NIST384p, hashfunc=sha384)
+ vk = sk.get_verifying_key()
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP192):
+ sk = SigningKey.generate(curve=NIST192p, hashfunc=sha1)
+ vk = sk.get_verifying_key()
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP224):
+ sk = SigningKey.generate(curve=NIST224p, hashfunc=sha224)
+ vk = sk.get_verifying_key()
+ privk_pem = sk.to_pem()
+ pubk_pem = vk.to_pem()
+ return privk_pem, pubk_pem
+ def gen_key_der(self, sbc_auth_alg):
+ if(sbc_auth_alg == AUTH_ECDSA_NISTP256):
+ sk = SigningKey.generate(curve=NIST256p, hashfunc=sha256)
+ vk = sk.get_verifying_key()
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP384):
+ sk = SigningKey.generate(curve=NIST384p, hashfunc=sha384)
+ vk = sk.get_verifying_key()
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP384):
+ sk = SigningKey.generate(curve=NIST192p, hashfunc=sha1)
+ vk = sk.get_verifying_key()
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP224):
+ sk = SigningKey.generate(curve=NIST224p, hashfunc=sha224)
+ vk = sk.get_verifying_key()
+ privk_der = sk.to_der()
+ pubk_der = vk.to_der()
+ return privk_der, pubk_der
+
+class AESCipher:
+ def __init__(self, key, blk_sz):
+ #self.key = md5(key.encode('utf8')).hexdigest()
+ self.key = key
+ self.blk_sz = blk_sz
+ keylen = len(key)
+ if(keylen != blk_sz):
+ print("ERROR: key length fail:")
+ return 0
+
+ def aes_encrypt(self, data):
+ #data = pad(data)
+ #print(":".join("{:02x}".format(ord(e)) for e in data))
+ cryptor = AES.new(self.key, AES.MODE_ECB)
+ return cryptor.encrypt(data)
+
+ def aes_decrypt(self, data):
+ #data = pad(data)
+ #print(":".join("{:02x}".format(ord(e)) for e in data))
+ cryptor = AES.new(self.key, AES.MODE_ECB)
+ return cryptor.decrypt(data)
+
+ def aes_cbc_encrypt(self, data, iv):
+ cryptor = AES.new(self.key, AES.MODE_CBC, iv)
+ return cryptor.encrypt(data)
+
+ def aes_cbc_decrypt(self, data, iv):
+ cryptor = AES.new(self.key, AES.MODE_CBC, iv)
+ return cryptor.decrypt(data)
+
+ def aes_ctr_encrypt_only_counter(self, data, prefix_const, init_counter):
+ #ctr_e = Counter.new(64, prefix = prefix_const)
+ #cryptor = AES.new(self.key, AES.MODE_CTR, counter=lambda: init_counter)
+
+ ctr_e = Counter.new(128, initial_value=long(init_counter.encode('hex'), 16), allow_wraparound=True)
+ cryptor = AES.new(self.key, AES.MODE_CTR, counter=ctr_e)
+
+ return cryptor.encrypt(data)
+
+ def aes_ctr_decrypt_only_counter(self, data, prefix_const, init_counter):
+ #ctr_d = Counter.new(128, prefix = prefix_const)
+ #cryptor = AES.new(self.key, AES.MODE_CTR, counter=lambda: init_counter)
+
+ ctr_d = Counter.new(128, initial_value=long(init_counter.encode('hex'), 16), allow_wraparound=True)
+ cryptor = AES.new(self.key, AES.MODE_CTR, counter=ctr_d)
+ return cryptor.decrypt(data)
+
+ def aes_ctr_encrypt(self, data, prefix_str, initvalue):
+ #print("0x%x" %long(initvalue.encode('hex'), 16))
+ #print(len(prefix_str))
+ nbits = (128 - (len(prefix_str)*8))
+ ctr_e = Counter.new(nbits, prefix = prefix_str, initial_value=long(initvalue.encode('hex'), 16), allow_wraparound=True)
+ cryptor = AES.new(self.key, AES.MODE_CTR, counter=ctr_e)
+
+ return cryptor.encrypt(data)
+
+ def aes_ctr_decrypt(self, data, prefix_str, initvalue):
+ nbits = (128 - (len(prefix_str)*8))
+ ctr_d = Counter.new(nbits, prefix = prefix_str, initial_value=long(initvalue.encode('hex'), 16), allow_wraparound=True)
+ cryptor = AES.new(self.key, AES.MODE_CTR, counter=ctr_d)
+
+ return cryptor.decrypt(data)
+
+
+def strip_key(key):
+ #src_key = key.lstrip("x").rstrip("L")
+ src_key = key[2:].rstrip("L")
+ key_byte = binascii.a2b_hex(src_key)
+ return key_byte
+
+def my_img_enc(data, key, iv, img_enc_alg, align=None):
+ #dump(data)
+
+ #align
+ bin = crypto_pad_to_align(data, align)
+
+ if(img_enc_alg == 0):
+ # AES 128 ECB
+ aes = AESCipher(key, 16)
+ encmsg = aes.aes_encrypt(bin)
+ #print("AES 128 ECB image result:")
+ #dump(encmsg)
+ elif(img_enc_alg == 1):
+ # AES 128 CBC
+ aes = AESCipher(key, 16)
+ encmsg = aes.aes_cbc_encrypt(bin, iv)
+ #print("AES 128 CBC image result:")
+ #dump(encmsg)
+ elif(img_enc_alg == 2):
+ # AES 256 ECB
+ aes = AESCipher(key, 32)
+ encmsg = aes.aes_encrypt(bin)
+ #print("AES 256 ECB image result:")
+ #dump(encmsg)
+ elif(img_enc_alg == 3):
+ # AES 256 CBC
+ aes = AESCipher(key, 32)
+ encmsg = aes.aes_cbc_encrypt(bin, iv)
+ #print("AES 256 CBC image result:")
+ #dump(encmsg)
+
+ return encmsg
+
+# dump str to bytes
+def dump(data):
+ for i in range(0, len(data)):
+ print ("0x%02x,"%ord(data[i])),
+ if(((i+1)%16) == 0):
+ print("")
+
+class HASH:
+ def __init__(self):
+ #print("//class HASH init")
+ None
+
+ def hash_sha1(self, data):
+ #print("SHA1:")
+ hash = SHA.new()
+ hash.update(data)
+ digest = hash.digest()
+ return digest
+ def hash_sha224(self, data):
+ #print("SHA224:")
+ hash = SHA224.new()
+ hash.update(data)
+ digest = hash.digest()
+ return digest
+ def hash_sha256(self, data):
+ #print("SHA256:")
+ hash = SHA256.new()
+ hash.update(data)
+ digest = hash.digest()
+ return digest
+ def hash_sha384(self, data):
+ #print("SHA384:")
+ hash = SHA384.new()
+ hash.update(data)
+ digest = hash.digest()
+ return digest
+
+ def hash_sha512(self, data):
+ #print("SHA512:")
+ hash = SHA512.new()
+ hash.update(data)
+ digest = hash.digest()
+ return digest
+ def hash_md5(self, data):
+ #print("MD5:")
+ hash = MD5.new()
+ hash.update(data)
+ digest = hash.digest()
+ return digest
+
+def sb_hash(data, sbc_auth_alg):
+ #print("run my_hash:")
+
+ #myhash = HASH()
+
+ if((sbc_auth_alg == 1) or (sbc_auth_alg == 5) ):
+ sbhash = HASH()
+ digest = sbhash.hash_sha384(data)
+ return digest
+ elif(sbc_auth_alg == 0) or (sbc_auth_alg == 2) or (sbc_auth_alg == 3) or (sbc_auth_alg == 4):
+ sbhash = HASH()
+ digest = sbhash.hash_sha256(data)
+ return digest
+ elif((sbc_auth_alg == 6)):
+ sbhash = HASH()
+ digest = sbhash.hash_sha512(data)
+ return digest
+ else:
+ print("ERROR: run sb_hash fail")
+
+
+
+def hmac_sha256(key, bdata):
+
+ b = HMAC.new(key, digestmod=SHA256)
+ b.update(bdata)
+ digest = b.digest()
+ #digest = b.hexdigest()
+ #dump(digest)
+
+ return digest
+
+def aescmac(key, msg):
+ #print("AES CMAC: ")
+ cipher = CP_python_AES.new(key, CP_python_AES.MODE_CMAC)
+ out = cipher.encrypt(msg)
+
+ #outhex = cipher.encrypt(msg).encode('hex')
+ #out = outhex.decode('hex')
+ return out
+
+def ecdsa_sign_nistp256_string(privk, msg):
+ ecdsa = pythonECDSA()
+ signature = ecdsa.sign_string(privk, msg, AUTH_ECDSA_NISTP256)
+
+ return signature
+
+def ecdsa_sign_nistp256_pem(privk, msg):
+ ecdsa = pythonECDSA()
+ signature = ecdsa.sign_pem(privk, msg, AUTH_ECDSA_NISTP256)
+ return signature
+
+def ecdsa_sign_nistp256_der(privk, msg):
+ ecdsa = pythonECDSA()
+ signature = ecdsa.sign_der(privk, msg, AUTH_ECDSA_NISTP256)
+
+ return signature
+
+def ecdsa_sign_nistp384_string(privk, msg):
+ ecdsa = pythonECDSA()
+ signature = ecdsa.sign_string(privk, msg, AUTH_ECDSA_NISTP384)
+ return signature
+
+def ecdsa_sign_nistp384_pem(privk, msg):
+ ecdsa = pythonECDSA()
+ signature = ecdsa.sign_pem(privk, msg, AUTH_ECDSA_NISTP384)
+
+ return signature
+
+def ecdsa_sign_nistp384_der(privk, msg):
+ ecdsa = pythonECDSA()
+ signature = ecdsa.sign_der(privk, msg, AUTH_ECDSA_NISTP384)
+
+ return signature
+
+
+def pubkey_string(pubk, sbc_auth_alg):
+ sk = VerifyingKey.from_pem(pubk)
+ return sk.to_string()
+def privkey_string(privk, sbc_auth_alg):
+ if(sbc_auth_alg == AUTH_ECDSA_NISTP256):
+ sk = SigningKey.from_pem(privk, hashfunc=sha256)
+ return sk.to_string()
+ else:
+ sk = SigningKey.from_pem(privk, hashfunc=sha384)
+ return sk.to_string()
+
+def sb_sign(privk, pubk, msg, sbc_auth_alg, key_mode=__K_STRING):
+ #print("Start sb_sign:")
+
+ if(sbc_auth_alg == AUTH_ECDSA_NISTP256):
+ #pyelliptic ECDSA NIST p256
+ if(key_mode == __K_STRING):
+ signature = ecdsa_sign_nistp256_string(privk, msg)
+ #another use
+ #ecdsa = pythonECDSA()
+ #signature = ecdsa.sign_string(privk, msg, AUTH_ECDSA_NISTP256)
+
+ elif(key_mode == __K_PEM):
+ signature = ecdsa_sign_nistp256_pem(privk, msg)
+
+ elif(key_mode == __K_DER):
+ signature = ecdsa_sign_nistp256_der(privk, msg)
+ return signature
+
+ elif(sbc_auth_alg == AUTH_ECDSA_NISTP384):
+ #pyelliptic ECDSA_NIST_p384
+ if(key_mode == __K_STRING):
+ signature = ecdsa_sign_nistp384_string(privk, msg)
+
+ elif(key_mode == __K_PEM):
+ signature = ecdsa_sign_nistp384_pem(privk, msg)
+
+ elif(key_mode == __K_DER):
+ signature = ecdsa_sign_nistp384_der(privk, msg)
+
+ return signature
+
+ elif(sbc_auth_alg == AUTH_AES_CMAC):
+ #AES128_CMAC
+ signature = aescmac(privk, msg)
+ return signature
+ elif(sbc_auth_alg == AUTH_HMAC_SHA256):
+ #HMAC-SHA256
+ signature = hmac_sha256(privk, msg)
+ return signature
+ else:
+ print("ERROR: wrong authentication algorithm!!")
+