aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/image-commands.mk22
-rwxr-xr-xscripts/netgear-encrypted-factory.py68
2 files changed, 90 insertions, 0 deletions
diff --git a/include/image-commands.mk b/include/image-commands.mk
index 376553b8d2..402e3d71ed 100644
--- a/include/image-commands.mk
+++ b/include/image-commands.mk
@@ -112,6 +112,15 @@ define Build/append-squashfs-fakeroot-be
cat $@.fakesquashfs >> $@
endef
+define Build/append-squashfs4-fakeroot
+ rm -rf $@.fakefs $@.fakesquashfs
+ mkdir $@.fakefs
+ $(STAGING_DIR_HOST)/bin/mksquashfs4 \
+ $@.fakefs $@.fakesquashfs \
+ -nopad -noappend -root-owned
+ cat $@.fakesquashfs >> $@
+endef
+
define Build/append-string
echo -n $(1) >> $@
endef
@@ -376,6 +385,19 @@ define Build/netgear-dni
mv $@.new $@
endef
+define Build/netgear-encrypted-factory
+ $(TOPDIR)/scripts/netgear-encrypted-factory.py \
+ --input-file $@ \
+ --output-file $@ \
+ --model $(NETGEAR_ENC_MODEL) \
+ --region $(NETGEAR_ENC_REGION) \
+ --version V1.0.0.0.$(VERSION_DIST).$(firstword $(subst -, ,$(REVISION))) \
+ --encryption-block-size 0x20000 \
+ --openssl-bin "$(STAGING_DIR_HOST)/bin/openssl" \
+ --key 6865392d342b4d212964363d6d7e7765312c7132613364316e26322a5a5e2538 \
+ --iv 4a253169516c38243d6c6d2d3b384145
+endef
+
define Build/openmesh-image
$(TOPDIR)/scripts/om-fwupgradecfg-gen.sh \
"$(call param_get_default,ce_type,$(1),$(DEVICE_NAME))" \
diff --git a/scripts/netgear-encrypted-factory.py b/scripts/netgear-encrypted-factory.py
new file mode 100755
index 0000000000..b6bb72f3b8
--- /dev/null
+++ b/scripts/netgear-encrypted-factory.py
@@ -0,0 +1,68 @@
+#!/usr/bin/env python3
+
+import argparse
+import re
+import struct
+import subprocess
+import zlib
+
+
+def main():
+ parser = argparse.ArgumentParser()
+ parser.add_argument('--input-file', type=str, required=True)
+ parser.add_argument('--output-file', type=str, required=True)
+ parser.add_argument('--model', type=str, required=True)
+ parser.add_argument('--region', type=str, required=True)
+ parser.add_argument('--version', type=str, required=True)
+ parser.add_argument('--encryption-block-size', type=str, required=True)
+ parser.add_argument('--openssl-bin', type=str, required=True)
+ parser.add_argument('--key', type=str, required=True)
+ parser.add_argument('--iv', type=str, required=True)
+ args = parser.parse_args()
+
+ assert re.match(r'V[0-9]\.[0-9]\.[0-9]\.[0-9]',
+ args.version), 'Version must start with Vx.x.x.x'
+ encryption_block_size = int(args.encryption_block_size, 0)
+ assert (encryption_block_size > 0 and encryption_block_size % 16 ==
+ 0), 'Encryption block size must be a multiple of the AES block size (16)'
+
+ image = open(args.input_file, 'rb').read()
+ image_enc = []
+ for i in range(0, len(image), encryption_block_size):
+ chunk = image[i:i + encryption_block_size]
+ chunk += b'\x00' * ((-len(chunk)) % 16) # pad to AES block size (16)
+ res = subprocess.run([
+ args.openssl_bin,
+ 'enc',
+ '-aes-256-cbc',
+ '-nosalt',
+ '-nopad',
+ '-K', args.key,
+ '-iv', args.iv
+ ],
+ check=True, input=chunk, stdout=subprocess.PIPE)
+ image_enc.append(res.stdout)
+ image_enc = b''.join(image_enc)
+
+ image_with_header = struct.pack(
+ '>32s32s64s64s64s256s12sII',
+ args.model.encode('ascii'),
+ args.region.encode('ascii'),
+ args.version.encode('ascii'),
+ b'Thu Jan 1 00:00:00 1970', # static date for reproducibility
+ b'', # reserved
+ b'', # RSA signature - omitted for now
+ b'encrpted_img',
+ len(image_enc),
+ encryption_block_size,
+ ) + image_enc
+
+ checksum = zlib.crc32(image_with_header, 0xffffffff) ^ 0xffffffff
+
+ with open(args.output_file, 'wb') as outfile:
+ outfile.write(image_with_header)
+ outfile.write(struct.pack('>I', checksum))
+
+
+if __name__ == "__main__":
+ main()