imgtool: Rename key-ids to psa-key-ids

Since the key id concept in the PSA specific, rename the variables
accordingly.

Signed-off-by: Maulik Patel <maulik.patel@arm.com>
Change-Id: I8a8a5ceba5554211f185cc4045a6081b6d407507

Author: maulik-arm

scripts/imgtool/image.py

@@ -277,7 +277,7 @@ def __init__(self, version=None, header_size=IMAGE_HEADER_SIZE,
 
         self.image_hash = None
         self.image_size = None
-        self.signature = None
+        self.signatures = None
         self.version = version or versmod.decode_version("0")
         self.header_size = header_size
         self.pad_header = pad_header
@@ -299,7 +299,7 @@ def __init__(self, version=None, header_size=IMAGE_HEADER_SIZE,
         self.enctlv_len = 0
         self.max_align = max(DEFAULT_MAX_ALIGN, align) if max_align is None else int(max_align)
         self.non_bootable = non_bootable
-        self.key_ids = None
+        self.psa_key_ids = None
 
         if self.max_align == DEFAULT_MAX_ALIGN:
             self.boot_magic = bytes([
@@ -672,9 +672,9 @@ def create(self, keys, public_key_format, enckey, dependencies=None,
             self.signatures = []
             for i, key in enumerate(keys):
                 # If key IDs are provided, and we have enough for this key, add it first.
-                if self.key_ids is not None and len(self.key_ids) > i:
+                if self.psa_key_ids is not None and len(self.psa_key_ids) > i:
                     # Convert key id (an integer) to 4-byte defined endian bytes.
-                    kid_bytes = self.key_ids[i].to_bytes(4, self.endian)
+                    kid_bytes = self.psa_key_ids[i].to_bytes(4, self.endian)
                     tlv.add('KEYID', kid_bytes)  # Using the TLV tag that corresponds to key IDs.
 
                 if public_key_format == 'hash':
@@ -961,9 +961,9 @@ def verify(imgfile, key):
             return VerifyResult.INVALID_SIGNATURE, None, None, None
 
 
-    def set_key_ids(self, key_ids):
+    def set_key_ids(self, psa_key_ids):
         """Set list of key IDs (integers) to be inserted before each signature."""
-        self.key_ids = key_ids
+        self.psa_key_ids = psa_key_ids
 
     def _add_key_id_tlv_to_unprotected(self, tlv, key_id: int):
         """Add a key ID TLV into the *unprotected* TLV area."""

scripts/imgtool/main.py

@@ -449,7 +449,7 @@ def convert(self, value, param, ctx):
               help='send to OUTFILE the payload or payload''s digest instead '
               'of complied image. These data can be used for external image '
               'signing')
-@click.option('--key-ids', multiple=True, type=int, required=False,
+@click.option('--psa-key-ids', multiple=True, type=int, required=False,
               help='List of integer key IDs for each signature.')
 @click.command(help='''Create a signed or unsigned image\n
                INFILE and OUTFILE are parsed as Intel HEX if the params have
@@ -460,7 +460,7 @@ def sign(key, public_key_format, align, version, pad_sig, header_size,
          dependencies, load_addr, hex_addr, erased_val, save_enctlv,
          security_counter, boot_record, custom_tlv, rom_fixed, max_align,
          clear, fix_sig, fix_sig_pubkey, sig_out, user_sha, hmac_sha, is_pure,
-         vector_to_sign, non_bootable, key_ids):
+         vector_to_sign, non_bootable, psa_key_ids):
 
     if confirm:
         # Confirmed but non-padded images don't make much sense, because
@@ -476,6 +476,10 @@ def sign(key, public_key_format, align, version, pad_sig, header_size,
                       non_bootable=non_bootable)
     compression_tlvs = {}
     img.load(infile)
+    # If the user passed any key IDs, apply them here:
+    if psa_key_ids:
+        click.echo(f"Signing with PSA key IDs: {psa_key_ids}")
+        img.set_key_ids(list(psa_key_ids))
     if key:
         loaded_keys = [load_key(k) for k in key]
     else: