digest-signature: Add new module to generate digest and signature

A new CMake module (GenerateAWSUpdateDigestAndSignature.cmake)
is introduced to be used to generate AWS update digest
and update signature to be used for AWS OTA update.

This change would enhance re-usability and decrease code
duplication within the applications.

Signed-off-by: Ahmed Ismail <[email protected]>

Middleware/AWS/cmake/GenerateAWSUpdateDigestAndSignature.cmake

@@ -0,0 +1,41 @@
+# Copyright 2023 Arm Limited and/or its affiliates
+# <[email protected]>
+# SPDX-License-Identifier: MIT
+
+include(ExternalProject)
+
+ExternalProject_Get_Property(tf-m-build BINARY_DIR)
+
+# This function is meant to generate the AWS update signature and digest
+# for the <update_target_name> input parameter, the name of the signature
+# and digest to be generated are passed to the function as <digest_name>
+# and <signature_name>.
+function(iot_reference_arm_corstone3xx_generate_aws_update_digest_and_signature target update_target_name digest_name signature_name)
+    add_custom_command(
+        TARGET
+            ${target}
+        POST_BUILD
+        DEPENDS
+            $<TARGET_FILE_DIR:${target}>/${update_target_name}.bin
+        COMMAND
+            openssl dgst -sha256 -binary
+                -out  $<TARGET_FILE_DIR:${target}>/${digest_name}.bin
+                $<TARGET_FILE_DIR:${target}>/${update_target_name}.bin
+        COMMAND
+            openssl pkeyutl -sign
+                -pkeyopt digest:sha256
+                -pkeyopt rsa_padding_mode:pss
+                -pkeyopt rsa_mgf1_md:sha256
+                -inkey ${BINARY_DIR}/install/image_signing/keys/root-RSA-2048_1.pem
+                -in  $<TARGET_FILE_DIR:${target}>/${digest_name}.bin
+                -out  $<TARGET_FILE_DIR:${target}>/${signature_name}.bin
+        COMMAND
+            openssl base64 -A
+                -in  $<TARGET_FILE_DIR:${target}>/${signature_name}.bin
+                -out  $<TARGET_FILE_DIR:${target}>/${signature_name}.txt
+        COMMAND
+            ${CMAKE_COMMAND} -E echo "Use this base 64 encoded signature in OTA job:"
+        COMMAND
+            ${CMAKE_COMMAND} -E cat  $<TARGET_FILE_DIR:${target}>/${signature_name}.txt
+    )
+endfunction()

Projects/aws-iot-example/CMakeLists.txt

@@ -324,30 +324,7 @@ add_custom_command(
                 ${CMAKE_CURRENT_BINARY_DIR}/aws-iot-example-update_signed.bin
 )
 
-add_custom_command(
-    TARGET
-        aws-iot-example
-    POST_BUILD
-    DEPENDS
-        ${CMAKE_CURRENT_BINARY_DIR}/aws-iot-example-update_signed.bin
-
-    BYPRODUCTS
-        ${CMAKE_CURRENT_BINARY_DIR}/update-digest.bin
-        ${CMAKE_CURRENT_BINARY_DIR}/update-signature.bin
-        ${CMAKE_CURRENT_BINARY_DIR}/update-signature.txt
-
-    COMMAND
-        openssl dgst -sha256 -binary -out ${CMAKE_CURRENT_BINARY_DIR}/update-digest.bin ${CMAKE_CURRENT_BINARY_DIR}/aws-iot-example-update_signed.bin
-
-    COMMAND
-        openssl pkeyutl -sign -pkeyopt digest:sha256 -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_mgf1_md:sha256 -inkey ${BINARY_DIR}/install/image_signing/keys/root-RSA-2048_1.pem -in ${CMAKE_CURRENT_BINARY_DIR}/update-digest.bin -out ${CMAKE_CURRENT_BINARY_DIR}/update-signature.bin
-
-    COMMAND
-        openssl base64 -A -in ${CMAKE_CURRENT_BINARY_DIR}/update-signature.bin -out ${CMAKE_CURRENT_BINARY_DIR}/update-signature.txt
+list(APPEND CMAKE_MODULE_PATH ${CMAKE_SOURCE_DIR}/Middleware/AWS/cmake)
+include(GenerateAWSUpdateDigestAndSignature)
 
-    COMMAND
-        ${CMAKE_COMMAND} -E echo "Use this base 64 encoded signature in OTA job:"
-
-    COMMAND
-        ${CMAKE_COMMAND} -E cat ${CMAKE_CURRENT_BINARY_DIR}/update-signature.txt
-)
+iot_reference_arm_corstone3xx_generate_aws_update_digest_and_signature(aws-iot-example aws-iot-example-update_signed update-digest update-signature)