def encrypt_segment(self, binary_segment, segment_num):
'''
Encrypt elf segments using cbc encryption
input:
binary_segment: A string representing the binary segment that needs to be encrypted.
segment_num: The segment number, used to calculate the segment IV
output:
encrypted_binary_segment: CBC encrypted segment
'''
if len(binary_segment) < 16 and len(binary_segment)!=0:
raise RuntimeError("The input plaintext is less than the minimum.")
else:
# image_iv=self.encryption_parameters.encryption_params_parser.MD_SIGN[0].IMG_ENC_INFO[0].IMG_ENC_IV
# computed_segment_iv = compute_segment_iv(segment_num, image_iv)
# pt_buf_len=len(binary_segment)
# # how much data are we going to encrypt
# data_to_enc_len = pt_buf_len - (pt_buf_len % 16)
# data_to_enc=binary_segment[:data_to_enc_len]
# encrypted_binary_segment, encryption_key, segment_iv = crypto_functions.cbc_encrypt_binary(data_to_enc, binascii.hexlify(self.encryption_parameters.l3_key), binascii.hexlify(computed_segment_iv))
# encrypted_binary_segment+=binary_segment[data_to_enc_len:]
pt_fn=utility_functions.store_data_to_temp_file(binary_segment)
op_fn=utility_functions.store_data_to_temp_file("")
self.encryption_parameters.ssd_p.enc_segment(segment_num, pt_fn, op_fn)
encrypted_binary_segment=utility_functions.get_data_from_file(op_fn)
os.unlink(pt_fn)
os.unlink(op_fn)
return encrypted_binary_segment
def encrypt_segment(self, binary_segment, segment_num):
'''
Encrypt elf segments using cbc encryption
input:
binary_segment: A string representing the binary segment that needs to be encrypted.
segment_num: The segment number, used to calculate the segment IV
output:
encrypted_binary_segment: CBC encrypted segment
'''
if len(binary_segment) < 16 and len(binary_segment) != 0:
raise RuntimeError("The input plaintext is less than the minimum.")
else:
# image_iv=self.encryption_parameters.encryption_params_parser.MD_SIGN[0].IMG_ENC_INFO[0].IMG_ENC_IV
# computed_segment_iv = compute_segment_iv(segment_num, image_iv)
# pt_buf_len=len(binary_segment)
# # how much data are we going to encrypt
# data_to_enc_len = pt_buf_len - (pt_buf_len % 16)
# data_to_enc=binary_segment[:data_to_enc_len]
# encrypted_binary_segment, encryption_key, segment_iv = crypto_functions.cbc_encrypt_binary(data_to_enc, binascii.hexlify(self.encryption_parameters.l3_key), binascii.hexlify(computed_segment_iv))
# encrypted_binary_segment+=binary_segment[data_to_enc_len:]
pt_fn = utility_functions.store_data_to_temp_file(binary_segment)
op_fn = utility_functions.store_data_to_temp_file("")
self.encryption_parameters.ssd_p.enc_segment(
segment_num, pt_fn, op_fn)
encrypted_binary_segment = utility_functions.get_data_from_file(
op_fn)
os.unlink(pt_fn)
os.unlink(op_fn)
return encrypted_binary_segment
def get_text(cls, cert_data):
cert_path = store_data_to_temp_file(cert_data)
try:
retval = crypto_functions.get_der_certificate_text(cert_path)
finally:
os.remove(cert_path)
return retval
def _decode_encryption_parameters_blob(self, encryption_params_blob,
private_key):
encryption_params_blob = self.extract_encryption_parameters(
encryption_params_blob)[1]
tmp_config_file_path = utility_functions.store_data_to_temp_file(
encryption_params_blob)
encryption_params_parser = CoreConfig(auto_gen_ssd_xml_config,
tmp_config_file_path).root
encrypted_image_encryption_key_base64 = encryption_params_parser.MD_SIGN[
0].IEK_ENC_INFO[0].IEK_CIPHER_VALUE
encrypted_image_encryption_key = binascii.a2b_base64(
encrypted_image_encryption_key_base64)
if self.iek_enc_algo == IEK_ENC_ALGO_RSA_2048:
image_encryption_key = crypto_functions.decrypt_with_private_der_key(
encrypted_image_encryption_key, private_key)
else:
image_encryption_iv_base64 = encryption_params_parser.MD_SIGN[
0].IEK_ENC_INFO[0].IEK_ENC_IV
image_encryption_iv_bin = binascii.a2b_base64(
image_encryption_iv_base64)
image_encryption_iv_hex = binascii.hexlify(image_encryption_iv_bin)
image_encryption_key = crypto_functions.cbc_decrypt_binary(
encrypted_image_encryption_key, binascii.hexlify(private_key),
image_encryption_iv_hex)
image_encryption_iv_base64 = encryption_params_parser.MD_SIGN[
0].IMG_ENC_INFO[0].IMG_ENC_IV
image_encryption_iv = binascii.a2b_base64(image_encryption_iv_base64)
return image_encryption_key, image_encryption_iv
def _generate_pkcs11_cfg(self, token_driver_home):
pkcs11_cfg_template_data = c_misc.load_data_from_file(
self.PKCS11_CFG_TEMPLATE)
pkcs11_cfg_data = signerutils.macro_replace(pkcs11_cfg_template_data,
"token_driver_home",
token_driver_home,
isMandatory=True)
return utility_functions.store_data_to_temp_file(pkcs11_cfg_data)
def _generate_attestation_certificate_extensions(self,
attestation_certificate_extensions_path,
tcg_min,
tcg_max):
v3_attest_file = c_misc.load_data_from_file(attestation_certificate_extensions_path)
v3_attest_file_new = v3_attest_file + \
self._generate_tcg_config(tcg_min, tcg_max)
v3_attest_file_temp = utility_functions.store_data_to_temp_file(v3_attest_file_new)
return v3_attest_file_temp
def _generate_attestation_certificate_extensions(
self, attestation_certificate_extensions_path, tcg_min, tcg_max):
v3_attest_file = c_misc.load_data_from_file(
attestation_certificate_extensions_path)
v3_attest_file_new = v3_attest_file + \
self._generate_tcg_config(tcg_min, tcg_max)
v3_attest_file_temp = utility_functions.store_data_to_temp_file(
v3_attest_file_new)
return v3_attest_file_temp
def _generate_attestation_certificate_extensions(self,
attestation_certificate_extensions_path,
oid_name,
min_str,
max_str):
v3_attest_file = c_misc.load_data_from_file(attestation_certificate_extensions_path)
v3_attest_file_new = v3_attest_file + \
self._generate_oid_config(oid_name, min_str, max_str)
v3_attest_file_temp = utility_functions.store_data_to_temp_file(v3_attest_file_new)
return v3_attest_file_temp
def _decode_encryption_parameters_blob(self, encryption_params_blob, private_key):
encryption_params_blob=self.extract_encryption_parameters(encryption_params_blob)[1]
tmp_config_file_path = utility_functions.store_data_to_temp_file(encryption_params_blob)
encryption_params_parser = CoreConfig(auto_gen_ssd_xml_config, tmp_config_file_path).root
encrypted_image_encryption_key_base64=encryption_params_parser.MD_SIGN[0].IEK_ENC_INFO[0].IEK_CIPHER_VALUE
encrypted_image_encryption_key=binascii.a2b_base64(encrypted_image_encryption_key_base64)
if self.iek_enc_algo==IEK_ENC_ALGO_RSA_2048:
image_encryption_key=crypto_functions.decrypt_with_private_der_key(encrypted_image_encryption_key, private_key)
else:
image_encryption_iv_base64=encryption_params_parser.MD_SIGN[0].IEK_ENC_INFO[0].IEK_ENC_IV
image_encryption_iv_bin=binascii.a2b_base64(image_encryption_iv_base64)
image_encryption_iv_hex=binascii.hexlify(image_encryption_iv_bin)
image_encryption_key=crypto_functions.cbc_decrypt_binary(encrypted_image_encryption_key, binascii.hexlify(private_key), image_encryption_iv_hex)
image_encryption_iv_base64=encryption_params_parser.MD_SIGN[0].IMG_ENC_INFO[0].IMG_ENC_IV
image_encryption_iv=binascii.a2b_base64(image_encryption_iv_base64)
return image_encryption_key, image_encryption_iv
def _generate_new_encryption_params_blob(self):
enc_xml_fname=utility_functions.store_data_to_temp_file('')
self.ssd_p.gen_signed_ssd_xml(enc_xml_fname)
enc_xml=utility_functions.get_data_from_file(enc_xml_fname)
os.unlink(enc_xml_fname)
return enc_xml
def _generate_new_encryption_params_blob(self):
enc_xml_fname=utility_functions.store_data_to_temp_file('')
self.ssd_p.gen_signed_ssd_xml(enc_xml_fname)
enc_xml=utility_functions.get_data_from_file(enc_xml_fname)
os.unlink(enc_xml_fname)
return enc_xml
