#!/usr/bin/env python
#
# Copyright (c) 2015, Linaro Limited
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#

def get_args():
	from argparse import ArgumentParser

	parser = ArgumentParser()
	parser.add_argument('--nkey', required=True, help='Name of new key file')
	parser.add_argument('--vendor', required=False, action='store_true')
	parser.add_argument('--passphrase', required=False, help='Passphrase of key file')
	parser.add_argument('--in', required=True, dest='inf', \
			help='Name of old signed file')
	parser.add_argument('--out', required=True, help='Name of new signed file')
	return parser.parse_args()

def main():
	import platform
	import os
	import sys
	print platform.python_version()
	print 'os.getcwd():', os.getcwd()
	print 'os.path.abspath(os.curdir):', os.path.abspath(os.curdir)
	print "os.path.abspath('.'):", os.path.abspath('.')
	print 'sys.path[0]:', sys.path[0]
	print 'sys.argv[0]:', sys.argv[0]
	from Crypto.Signature import PKCS1_v1_5
	from Crypto.Hash import SHA256
	from Crypto.PublicKey import RSA
	import struct

	args = get_args()
	

	f = open(args.nkey, 'rb')
	key = RSA.importKey(f.read(), args.passphrase)
	f.close()

	f = open(args.inf, 'rb')
	signed_img = f.read()
	f.close()

	signer = PKCS1_v1_5.new(key)
	h = SHA256.new()

	digest_len = h.digest_size
	sig_len = len(signer.sign(h))


	if len(signed_img) < struct.calcsize('<IIIIHH'):
		print "ERROR: Bad format. Length of signed image must be larger than %d, but get %d\n" % \
			(struct.calcsize('<IIIIHH'), len(signed_img))
		return

	old_shdr = signed_img[:struct.calcsize('<IIIIHH')]

	magic, img_type, img_size, algo, old_digest_len, old_sig_len = struct.unpack('<IIIIHH',
		old_shdr);
	
	if magic != 0x4f545348:
		# 0x4f545348 = SHDR_MAGIC
		print "Error: Bad format. Expecting magic=0x%x, but get 0x%x" % \
			(0x4f545348, magic)
		return
	
	# only handle SYS_TA/VENDOR_TA
	if img_type != 0 and img_type != 2:
		# 0 = SHDR_TA
		print ("ERROR: Bad format %d\n" % (img_type))
		return

	if algo != 0x70004830:
		# 0x70004830 = TEE_ALG_RSASSA_PKCS1_V1_5_SHA256
		print "ERROR: Bad format. Expecting algo=0x%x, but get 0x%x\n" % \
			(0x70004830, algo)
		return
	
	if args.vendor:
		print "Signing as a vendor TA"
		img_type = 2

	shdr = struct.pack('<IIIIHH',
		magic, img_type, img_size, algo, digest_len, sig_len)
	
	raw_img = signed_img[len(shdr) + digest_len + sig_len:]

	if len(raw_img) != img_size:
		print "ERROR: Bad format. Expecting image_size=%d, but get %d\n" % \
			(img_size, len(raw_img))
	
	h.update(shdr)
	h.update(raw_img)
	sig = signer.sign(h)

	f = open(args.out, 'wb')
	f.write(shdr)
	f.write(h.digest())
	f.write(sig)
	f.write(raw_img)
	f.close()

if __name__ == "__main__":
	main()