From 3e74c23d33f65cdc079f043d444e5f7997a39a96 Mon Sep 17 00:00:00 2001 From: Ahmed Ismail Date: Fri, 6 Oct 2023 15:37:06 +0100 Subject: [PATCH] digest-signature: Add new module to generate digest and signature A new CMake module (GenerateAWSUpdateDigestAndSignature.cmake) is introduced to be used to generate AWS update digest and update signature to be used for AWS OTA update. This change would enhance re-usability and decrease code duplication within the applications. Signed-off-by: Ahmed Ismail --- .../GenerateAWSUpdateDigestAndSignature.cmake | 41 +++++++++++++++++++ Projects/aws-iot-example/CMakeLists.txt | 29 ++----------- 2 files changed, 44 insertions(+), 26 deletions(-) create mode 100644 Middleware/AWS/cmake/GenerateAWSUpdateDigestAndSignature.cmake diff --git a/Middleware/AWS/cmake/GenerateAWSUpdateDigestAndSignature.cmake b/Middleware/AWS/cmake/GenerateAWSUpdateDigestAndSignature.cmake new file mode 100644 index 00000000..8e3cb6df --- /dev/null +++ b/Middleware/AWS/cmake/GenerateAWSUpdateDigestAndSignature.cmake @@ -0,0 +1,41 @@ +# Copyright 2023 Arm Limited and/or its affiliates +# +# SPDX-License-Identifier: MIT + +include(ExternalProject) + +ExternalProject_Get_Property(tf-m-build BINARY_DIR) + +# This function is meant to generate the AWS update signature and digest +# for the input parameter, the name of the signature +# and digest to be generated are passed to the function as +# and . +function(iot_reference_arm_corstone3xx_generate_aws_update_digest_and_signature target update_target_name digest_name signature_name) + add_custom_command( + TARGET + ${target} + POST_BUILD + DEPENDS + $/${update_target_name}.bin + COMMAND + openssl dgst -sha256 -binary + -out $/${digest_name}.bin + $/${update_target_name}.bin + COMMAND + openssl pkeyutl -sign + -pkeyopt digest:sha256 + -pkeyopt rsa_padding_mode:pss + -pkeyopt rsa_mgf1_md:sha256 + -inkey ${BINARY_DIR}/install/image_signing/keys/root-RSA-2048_1.pem + -in $/${digest_name}.bin + -out $/${signature_name}.bin + COMMAND + openssl base64 -A + -in $/${signature_name}.bin + -out $/${signature_name}.txt + COMMAND + ${CMAKE_COMMAND} -E echo "Use this base 64 encoded signature in OTA job:" + COMMAND + ${CMAKE_COMMAND} -E cat $/${signature_name}.txt + ) +endfunction() diff --git a/Projects/aws-iot-example/CMakeLists.txt b/Projects/aws-iot-example/CMakeLists.txt index 5763fa78..f02e4df6 100644 --- a/Projects/aws-iot-example/CMakeLists.txt +++ b/Projects/aws-iot-example/CMakeLists.txt @@ -324,30 +324,7 @@ add_custom_command( ${CMAKE_CURRENT_BINARY_DIR}/aws-iot-example-update_signed.bin ) -add_custom_command( - TARGET - aws-iot-example - POST_BUILD - DEPENDS - ${CMAKE_CURRENT_BINARY_DIR}/aws-iot-example-update_signed.bin - - BYPRODUCTS - ${CMAKE_CURRENT_BINARY_DIR}/update-digest.bin - ${CMAKE_CURRENT_BINARY_DIR}/update-signature.bin - ${CMAKE_CURRENT_BINARY_DIR}/update-signature.txt - - COMMAND - openssl dgst -sha256 -binary -out ${CMAKE_CURRENT_BINARY_DIR}/update-digest.bin ${CMAKE_CURRENT_BINARY_DIR}/aws-iot-example-update_signed.bin - - COMMAND - openssl pkeyutl -sign -pkeyopt digest:sha256 -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_mgf1_md:sha256 -inkey ${BINARY_DIR}/install/image_signing/keys/root-RSA-2048_1.pem -in ${CMAKE_CURRENT_BINARY_DIR}/update-digest.bin -out ${CMAKE_CURRENT_BINARY_DIR}/update-signature.bin - - COMMAND - openssl base64 -A -in ${CMAKE_CURRENT_BINARY_DIR}/update-signature.bin -out ${CMAKE_CURRENT_BINARY_DIR}/update-signature.txt +list(APPEND CMAKE_MODULE_PATH ${CMAKE_SOURCE_DIR}/Middleware/AWS/cmake) +include(GenerateAWSUpdateDigestAndSignature) - COMMAND - ${CMAKE_COMMAND} -E echo "Use this base 64 encoded signature in OTA job:" - - COMMAND - ${CMAKE_COMMAND} -E cat ${CMAKE_CURRENT_BINARY_DIR}/update-signature.txt -) +iot_reference_arm_corstone3xx_generate_aws_update_digest_and_signature(aws-iot-example aws-iot-example-update_signed update-digest update-signature)