#!/usr/bin/env python # # Copyright (C) 2017 The Android Open Source Project # # Permission is hereby granted, free of charge, to any person # obtaining a copy of this software and associated documentation # files (the "Software"), to deal in the Software without # restriction, including without limitation the rights to use, copy, # modify, merge, publish, distribute, sublicense, and/or sell copies # of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be # included in all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS # BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN # ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. # import subprocess import sys import errno import os def rsa_signer_with_files(argv): if len(argv) != 4: sys.stderr.write("Wrong number of arguments: {} <alg> <pub key> <file>\n".format(argv[0])) return errno.EINVAL signing_file = open(argv[3], mode='rw+') data = signing_file.read() if len(data) == 0: sys.stderr.write("There is no input data\n") return errno.EINVAL if os.environ.get('SIGNING_HELPER_GENERATE_WRONG_SIGNATURE'): # We're only called with this algorithm which signature size is 256. assert argv[1] == 'SHA256_RSA2048' signing_file.seek(0) signing_file.write('X'*256) return 0 if 'SIGNING_HELPER_TEST' not in os.environ or os.environ['SIGNING_HELPER_TEST'] == "": sys.stderr.write("env SIGNING_HELPER_TEST is not set or empty\n") return errno.EINVAL test_file_name = os.environ['SIGNING_HELPER_TEST'] if os.path.isfile(test_file_name) and not os.access(test_file_name, os.W_OK): sys.stderr.write("no permission to write into {} file\n".format(test_file_name)) return errno.EACCESS p = subprocess.Popen( ['openssl', 'rsautl', '-sign', '-inkey', argv[2], '-raw'], stdin=subprocess.PIPE, stdout=subprocess.PIPE) (pout, _) = p.communicate(data) retcode = p.wait() if retcode != 0: return retcode signing_file.seek(0) signing_file.write(pout) with open(test_file_name, "w") as f: f.write("DONE") return 0 if __name__ == '__main__': sys.exit(rsa_signer_with_files(sys.argv))