Gitiles
Code Review Sign In
192.168.1.100 / T103 / 1f884588077ad3476b9c91cbb0ee9ee0332bbb68 / . / src / devtools / packer / mt2731 / cryptoSB.py
blob: a481b172b29ce8902ab60814f091a3f6dc9662b9 [file] [log] [blame]
rjw1f884582022-01-06 17:20:42 +0800[diff] [blame^]1import binascii
2import Crypto.Random.OSRNG.posix as RNG
3from Crypto.Cipher import AES
4from Crypto.Hash import MD5
5from Crypto.Hash import SHA
6from Crypto.Hash import SHA224
7from Crypto.Hash import SHA256
8from Crypto.Hash import SHA384
9from Crypto.Hash import SHA512
10from Crypto.Hash import HMAC
11from Crypto.Util import Counter
12import CryptoPlus
13from CryptoPlus.Cipher import python_AES as CP_python_AES
14import ecdsa
15from ecdsa import SigningKey, VerifyingKey
16from ecdsa.curves import NIST192p, NIST224p, NIST256p, NIST384p
17from ecdsa.util import sigencode_string
18from hashlib import sha1, sha224, sha256, sha384
19
20''' Select ECDSA Curve '''
21__CURVE = 'prime256v1'
22
23AUTH_ECDSA_NISTP256 = 0
24AUTH_ECDSA_NISTP384 = 1
25AUTH_AES_CMAC = 2
26AUTH_HMAC_SHA256 = 3
27
28AUTH_ECDSA_NISTP192 = 10
29AUTH_ECDSA_NISTP224 = 11
30
31''' Select ECDSA module '''
32
33''' Select Key Mode '''
34__K_STRING = 0
35__K_PEM = 1
36__K_DER = 2
37
38
39def crypto_pad_to_align(x, align):
40 if(align == 0):
41 return x
42 else:
43 size = len(x)
44 #print("size 0x%x" %size)
45 pad_size = (align - size % align) % align
46 for i in range(0, pad_size, 1):
47 x += b'\x00'
48 #cryptoSB.dump(x)
49 return x
50
51
52# This module is python-ecdsa (warner/python-ecdsa)
53class pythonECDSA:
54 def __init__(self, priv=None, pub=None, curve=None):
55 #print("pure-python ECDSA init")
56 None
57 def sign_string(self, privk, msg, sbc_auth_alg):
58 if(sbc_auth_alg == AUTH_ECDSA_NISTP256):
59 sk = SigningKey.from_string(privk, curve=NIST256p, hashfunc=sha256)
60 signature_str = sk.sign(msg, hashfunc=sha256, sigencode=sigencode_string)
61 elif(sbc_auth_alg == AUTH_ECDSA_NISTP384):
62 sk = SigningKey.from_string(privk, curve=NIST384p, hashfunc=sha384)
63 signature_str = sk.sign(msg, hashfunc=sha384, sigencode=sigencode_string)
64 elif(sbc_auth_alg == AUTH_ECDSA_NISTP192):
65 sk = SigningKey.from_string(privk, curve=NIST192p, hashfunc=sha1)
66 signature_str = sk.sign(msg, hashfunc=sha1, sigencode=sigencode_string)
67 elif(sbc_auth_alg == AUTH_ECDSA_NISTP224):
68 sk = SigningKey.from_string(privk, curve=NIST224p, hashfunc=sha224)
69 signature_str = sk.sign(msg, hashfunc=sha224, sigencode=sigencode_string)
70 return signature_str
71 def sign_pem(self, privk, msg, sbc_auth_alg):
72 #print(" run sign pem")
73 if(sbc_auth_alg == AUTH_ECDSA_NISTP256):
74 sk = SigningKey.from_pem(privk, hashfunc=sha256)
75 signature_pem = sk.sign(msg, hashfunc=sha256)
76
77 elif(sbc_auth_alg == AUTH_ECDSA_NISTP384):
78 sk = SigningKey.from_pem(privk, hashfunc=sha384)
79 signature_pem = sk.sign(msg, hashfunc=sha384)
80
81 elif(sbc_auth_alg == AUTH_ECDSA_NISTP192):
82 sk = SigningKey.from_pem(privk, hashfunc=sha1)
83 signature_pem = sk.sign(msg, hashfunc=sha1)
84
85 elif(sbc_auth_alg == AUTH_ECDSA_NISTP224):
86 sk = SigningKey.from_pem(privk, hashfunc=sha224)
87 signature_pem = sk.sign(msg, hashfunc=sha224)
88
89 return signature_pem
90 def sign_der(self, privk, msg, sbc_auth_alg):
91 #print(" run sign der")
92 if(sbc_auth_alg == AUTH_ECDSA_NISTP256):
93 sk = SigningKey.from_der(privk, hashfunc=sha256)
94 signature_der = sk.sign(msg, hashfunc=sha256)
95
96 elif(sbc_auth_alg == AUTH_ECDSA_NISTP384):
97 sk = SigningKey.from_der(privk, hashfunc=sha384)
98 signature_der = sk.sign(msg, hashfunc=sha384)
99
100 elif(sbc_auth_alg == AUTH_ECDSA_NISTP192):
101 sk = SigningKey.from_der(privk, hashfunc=sha1)
102 signature_der = sk.sign(msg, hashfunc=sha1)
103
104 elif(sbc_auth_alg == AUTH_ECDSA_NISTP224):
105 sk = SigningKey.from_der(privk, hashfunc=sha224)
106 signature_der = sk.sign(msg, hashfunc=sha224)
107
108
109 return signature_der
110 def verify_string(self, pubk, signature_str, msg, sbc_auth_alg):
111 if(sbc_auth_alg == AUTH_ECDSA_NISTP256):
112 vk = VerifyingKey.from_string(pubk, curve=NIST256p, hashfunc=sha256)
113 ret = vk.verify(signature_str, msg)
114 elif(sbc_auth_alg == AUTH_ECDSA_NISTP384):
115 vk = VerifyingKey.from_string(pubk, curve=NIST384p, hashfunc=sha384)
116 ret = vk.verify(signature_str, msg)
117 elif(sbc_auth_alg == AUTH_ECDSA_NISTP192):
118 vk = VerifyingKey.from_string(pubk, curve=NIST192p, hashfunc=sha1)
119 ret = vk.verify(signature_str, msg)
120 elif(sbc_auth_alg == AUTH_ECDSA_NISTP224):
121 vk = VerifyingKey.from_string(pubk, curve=NIST224p, hashfunc=sha224)
122 ret = vk.verify(signature_str, msg)
123 return ret
124 def verify_pem(self, pubk, signature_pem, msg, sbc_auth_alg):
125 #print(" run verify pem")
126 if(sbc_auth_alg == AUTH_ECDSA_NISTP256):
127 vk = VerifyingKey.from_pem(pubk)
128 ret = vk.verify(signature_pem, msg, hashfunc=sha256)
129
130 elif(sbc_auth_alg == AUTH_ECDSA_NISTP384):
131 vk = VerifyingKey.from_pem(pubk)
132 ret = vk.verify(signature_pem, msg, hashfunc=sha384)
133
134 elif(sbc_auth_alg == AUTH_ECDSA_NISTP192):
135 vk = VerifyingKey.from_pem(pubk)
136 ret = vk.verify(signature_pem, msg, hashfunc=sha1)
137
138 elif(sbc_auth_alg == AUTH_ECDSA_NISTP224):
139 vk = VerifyingKey.from_pem(pubk)
140 ret = vk.verify(signature_pem, msg, hashfunc=sha224)
141 return ret
142 def verify_der(self, pubk, signature_der, msg, sbc_auth_alg):
143 #print(" run verify der")
144 if(sbc_auth_alg == AUTH_ECDSA_NISTP256):
145 vk = VerifyingKey.from_der(pubk)
146 ret = vk.verify(signature_der, msg, hashfunc=sha256)
147
148 elif(sbc_auth_alg == AUTH_ECDSA_NISTP384):
149 vk = VerifyingKey.from_der(pubk)
150 ret = vk.verify(signature_der, msg, hashfunc=sha384)
151
152 elif(sbc_auth_alg == AUTH_ECDSA_NISTP192):
153 vk = VerifyingKey.from_der(pubk)
154 ret = vk.verify(signature_der, msg, hashfunc=sha1)
155
156 elif(sbc_auth_alg == AUTH_ECDSA_NISTP224):
157 vk = VerifyingKey.from_der(pubk)
158 ret = vk.verify(signature_der, msg, hashfunc=sha224)
159 return ret
160 def gen_key_string(self, sbc_auth_alg):
161 if(sbc_auth_alg == AUTH_ECDSA_NISTP256):
162 sk = SigningKey.generate(curve=NIST256p, hashfunc=sha256)
163 vk = sk.get_verifying_key()
164 elif(sbc_auth_alg == AUTH_ECDSA_NISTP384):
165 sk = SigningKey.generate(curve=NIST384p, hashfunc=sha384)
166 vk = sk.get_verifying_key()
167 elif(sbc_auth_alg == AUTH_ECDSA_NISTP192):
168 sk = SigningKey.generate(curve=NIST192p, hashfunc=sha1)
169 vk = sk.get_verifying_key()
170 elif(sbc_auth_alg == AUTH_ECDSA_NISTP224):
171 sk = SigningKey.generate(curve=NIST224p, hashfunc=sha224)
172 vk = sk.get_verifying_key()
173 privk_str = sk.to_string()
174 pubk_str = vk.to_string()
175 return privk_str, pubk_str
176 def gen_key_pem(self, sbc_auth_alg):
177 if(sbc_auth_alg == AUTH_ECDSA_NISTP256):
178 sk = SigningKey.generate(curve=NIST256p, hashfunc=sha256)
179 vk = sk.get_verifying_key()
180 elif(sbc_auth_alg == AUTH_ECDSA_NISTP384):
181 sk = SigningKey.generate(curve=NIST384p, hashfunc=sha384)
182 vk = sk.get_verifying_key()
183 elif(sbc_auth_alg == AUTH_ECDSA_NISTP192):
184 sk = SigningKey.generate(curve=NIST192p, hashfunc=sha1)
185 vk = sk.get_verifying_key()
186 elif(sbc_auth_alg == AUTH_ECDSA_NISTP224):
187 sk = SigningKey.generate(curve=NIST224p, hashfunc=sha224)
188 vk = sk.get_verifying_key()
189 privk_pem = sk.to_pem()
190 pubk_pem = vk.to_pem()
191 return privk_pem, pubk_pem
192 def gen_key_der(self, sbc_auth_alg):
193 if(sbc_auth_alg == AUTH_ECDSA_NISTP256):
194 sk = SigningKey.generate(curve=NIST256p, hashfunc=sha256)
195 vk = sk.get_verifying_key()
196 elif(sbc_auth_alg == AUTH_ECDSA_NISTP384):
197 sk = SigningKey.generate(curve=NIST384p, hashfunc=sha384)
198 vk = sk.get_verifying_key()
199 elif(sbc_auth_alg == AUTH_ECDSA_NISTP384):
200 sk = SigningKey.generate(curve=NIST192p, hashfunc=sha1)
201 vk = sk.get_verifying_key()
202 elif(sbc_auth_alg == AUTH_ECDSA_NISTP224):
203 sk = SigningKey.generate(curve=NIST224p, hashfunc=sha224)
204 vk = sk.get_verifying_key()
205 privk_der = sk.to_der()
206 pubk_der = vk.to_der()
207 return privk_der, pubk_der
208
209class AESCipher:
210 def __init__(self, key, blk_sz):
211 #self.key = md5(key.encode('utf8')).hexdigest()
212 self.key = key
213 self.blk_sz = blk_sz
214 keylen = len(key)
215 if(keylen != blk_sz):
216 print("ERROR: key length fail:")
217 return 0
218
219 def aes_encrypt(self, data):
220 #data = pad(data)
221 #print(":".join("{:02x}".format(ord(e)) for e in data))
222 cryptor = AES.new(self.key, AES.MODE_ECB)
223 return cryptor.encrypt(data)
224
225 def aes_decrypt(self, data):
226 #data = pad(data)
227 #print(":".join("{:02x}".format(ord(e)) for e in data))
228 cryptor = AES.new(self.key, AES.MODE_ECB)
229 return cryptor.decrypt(data)
230
231 def aes_cbc_encrypt(self, data, iv):
232 cryptor = AES.new(self.key, AES.MODE_CBC, iv)
233 return cryptor.encrypt(data)
234
235 def aes_cbc_decrypt(self, data, iv):
236 cryptor = AES.new(self.key, AES.MODE_CBC, iv)
237 return cryptor.decrypt(data)
238
239 def aes_ctr_encrypt_only_counter(self, data, prefix_const, init_counter):
240 #ctr_e = Counter.new(64, prefix = prefix_const)
241 #cryptor = AES.new(self.key, AES.MODE_CTR, counter=lambda: init_counter)
242
243 ctr_e = Counter.new(128, initial_value=long(init_counter.encode('hex'), 16), allow_wraparound=True)
244 cryptor = AES.new(self.key, AES.MODE_CTR, counter=ctr_e)
245
246 return cryptor.encrypt(data)
247
248 def aes_ctr_decrypt_only_counter(self, data, prefix_const, init_counter):
249 #ctr_d = Counter.new(128, prefix = prefix_const)
250 #cryptor = AES.new(self.key, AES.MODE_CTR, counter=lambda: init_counter)
251
252 ctr_d = Counter.new(128, initial_value=long(init_counter.encode('hex'), 16), allow_wraparound=True)
253 cryptor = AES.new(self.key, AES.MODE_CTR, counter=ctr_d)
254 return cryptor.decrypt(data)
255
256 def aes_ctr_encrypt(self, data, prefix_str, initvalue):
257 #print("0x%x" %long(initvalue.encode('hex'), 16))
258 #print(len(prefix_str))
259 nbits = (128 - (len(prefix_str)*8))
260 ctr_e = Counter.new(nbits, prefix = prefix_str, initial_value=long(initvalue.encode('hex'), 16), allow_wraparound=True)
261 cryptor = AES.new(self.key, AES.MODE_CTR, counter=ctr_e)
262
263 return cryptor.encrypt(data)
264
265 def aes_ctr_decrypt(self, data, prefix_str, initvalue):
266 nbits = (128 - (len(prefix_str)*8))
267 ctr_d = Counter.new(nbits, prefix = prefix_str, initial_value=long(initvalue.encode('hex'), 16), allow_wraparound=True)
268 cryptor = AES.new(self.key, AES.MODE_CTR, counter=ctr_d)
269
270 return cryptor.decrypt(data)
271
272
273def strip_key(key):
274 #src_key = key.lstrip("x").rstrip("L")
275 src_key = key[2:].rstrip("L")
276 key_byte = binascii.a2b_hex(src_key)
277 return key_byte
278
279def my_img_enc(data, key, iv, img_enc_alg, align=None):
280 #dump(data)
281
282 #align
283 bin = crypto_pad_to_align(data, align)
284
285 if(img_enc_alg == 0):
286 # AES 128 ECB
287 aes = AESCipher(key, 16)
288 encmsg = aes.aes_encrypt(bin)
289 #print("AES 128 ECB image result:")
290 #dump(encmsg)
291 elif(img_enc_alg == 1):
292 # AES 128 CBC
293 aes = AESCipher(key, 16)
294 encmsg = aes.aes_cbc_encrypt(bin, iv)
295 #print("AES 128 CBC image result:")
296 #dump(encmsg)
297 elif(img_enc_alg == 2):
298 # AES 256 ECB
299 aes = AESCipher(key, 32)
300 encmsg = aes.aes_encrypt(bin)
301 #print("AES 256 ECB image result:")
302 #dump(encmsg)
303 elif(img_enc_alg == 3):
304 # AES 256 CBC
305 aes = AESCipher(key, 32)
306 encmsg = aes.aes_cbc_encrypt(bin, iv)
307 #print("AES 256 CBC image result:")
308 #dump(encmsg)
309
310 return encmsg
311
312# dump str to bytes
313def dump(data):
314 for i in range(0, len(data)):
315 print ("0x%02x,"%ord(data[i])),
316 if(((i+1)%16) == 0):
317 print("")
318
319class HASH:
320 def __init__(self):
321 #print("//class HASH init")
322 None
323
324 def hash_sha1(self, data):
325 #print("SHA1:")
326 hash = SHA.new()
327 hash.update(data)
328 digest = hash.digest()
329 return digest
330 def hash_sha224(self, data):
331 #print("SHA224:")
332 hash = SHA224.new()
333 hash.update(data)
334 digest = hash.digest()
335 return digest
336 def hash_sha256(self, data):
337 #print("SHA256:")
338 hash = SHA256.new()
339 hash.update(data)
340 digest = hash.digest()
341 return digest
342 def hash_sha384(self, data):
343 #print("SHA384:")
344 hash = SHA384.new()
345 hash.update(data)
346 digest = hash.digest()
347 return digest
348
349 def hash_sha512(self, data):
350 #print("SHA512:")
351 hash = SHA512.new()
352 hash.update(data)
353 digest = hash.digest()
354 return digest
355 def hash_md5(self, data):
356 #print("MD5:")
357 hash = MD5.new()
358 hash.update(data)
359 digest = hash.digest()
360 return digest
361
362def sb_hash(data, sbc_auth_alg):
363 #print("run my_hash:")
364
365 #myhash = HASH()
366
367 if((sbc_auth_alg == 1) or (sbc_auth_alg == 5) ):
368 sbhash = HASH()
369 digest = sbhash.hash_sha384(data)
370 return digest
371 elif(sbc_auth_alg == 0) or (sbc_auth_alg == 2) or (sbc_auth_alg == 3) or (sbc_auth_alg == 4):
372 sbhash = HASH()
373 digest = sbhash.hash_sha256(data)
374 return digest
375 elif((sbc_auth_alg == 6)):
376 sbhash = HASH()
377 digest = sbhash.hash_sha512(data)
378 return digest
379 else:
380 print("ERROR: run sb_hash fail")
381
382
383
384def hmac_sha256(key, bdata):
385
386 b = HMAC.new(key, digestmod=SHA256)
387 b.update(bdata)
388 digest = b.digest()
389 #digest = b.hexdigest()
390 #dump(digest)
391
392 return digest
393
394def aescmac(key, msg):
395 #print("AES CMAC: ")
396 cipher = CP_python_AES.new(key, CP_python_AES.MODE_CMAC)
397 out = cipher.encrypt(msg)
398
399 #outhex = cipher.encrypt(msg).encode('hex')
400 #out = outhex.decode('hex')
401 return out
402
403def ecdsa_sign_nistp256_string(privk, msg):
404 ecdsa = pythonECDSA()
405 signature = ecdsa.sign_string(privk, msg, AUTH_ECDSA_NISTP256)
406
407 return signature
408
409def ecdsa_sign_nistp256_pem(privk, msg):
410 ecdsa = pythonECDSA()
411 signature = ecdsa.sign_pem(privk, msg, AUTH_ECDSA_NISTP256)
412 return signature
413
414def ecdsa_sign_nistp256_der(privk, msg):
415 ecdsa = pythonECDSA()
416 signature = ecdsa.sign_der(privk, msg, AUTH_ECDSA_NISTP256)
417
418 return signature
419
420def ecdsa_sign_nistp384_string(privk, msg):
421 ecdsa = pythonECDSA()
422 signature = ecdsa.sign_string(privk, msg, AUTH_ECDSA_NISTP384)
423 return signature
424
425def ecdsa_sign_nistp384_pem(privk, msg):
426 ecdsa = pythonECDSA()
427 signature = ecdsa.sign_pem(privk, msg, AUTH_ECDSA_NISTP384)
428
429 return signature
430
431def ecdsa_sign_nistp384_der(privk, msg):
432 ecdsa = pythonECDSA()
433 signature = ecdsa.sign_der(privk, msg, AUTH_ECDSA_NISTP384)
434
435 return signature
436
437
438def pubkey_string(pubk, sbc_auth_alg):
439 sk = VerifyingKey.from_pem(pubk)
440 return sk.to_string()
441def privkey_string(privk, sbc_auth_alg):
442 if(sbc_auth_alg == AUTH_ECDSA_NISTP256):
443 sk = SigningKey.from_pem(privk, hashfunc=sha256)
444 return sk.to_string()
445 else:
446 sk = SigningKey.from_pem(privk, hashfunc=sha384)
447 return sk.to_string()
448
449def sb_sign(privk, pubk, msg, sbc_auth_alg, key_mode=__K_STRING):
450 #print("Start sb_sign:")
451
452 if(sbc_auth_alg == AUTH_ECDSA_NISTP256):
453 #pyelliptic ECDSA NIST p256
454 if(key_mode == __K_STRING):
455 signature = ecdsa_sign_nistp256_string(privk, msg)
456 #another use
457 #ecdsa = pythonECDSA()
458 #signature = ecdsa.sign_string(privk, msg, AUTH_ECDSA_NISTP256)
459
460 elif(key_mode == __K_PEM):
461 signature = ecdsa_sign_nistp256_pem(privk, msg)
462
463 elif(key_mode == __K_DER):
464 signature = ecdsa_sign_nistp256_der(privk, msg)
465 return signature
466
467 elif(sbc_auth_alg == AUTH_ECDSA_NISTP384):
468 #pyelliptic ECDSA_NIST_p384
469 if(key_mode == __K_STRING):
470 signature = ecdsa_sign_nistp384_string(privk, msg)
471
472 elif(key_mode == __K_PEM):
473 signature = ecdsa_sign_nistp384_pem(privk, msg)
474
475 elif(key_mode == __K_DER):
476 signature = ecdsa_sign_nistp384_der(privk, msg)
477
478 return signature
479
480 elif(sbc_auth_alg == AUTH_AES_CMAC):
481 #AES128_CMAC
482 signature = aescmac(privk, msg)
483 return signature
484 elif(sbc_auth_alg == AUTH_HMAC_SHA256):
485 #HMAC-SHA256
486 signature = hmac_sha256(privk, msg)
487 return signature
488 else:
489 print("ERROR: wrong authentication algorithm!!")
490