def encrypt_segment(self, binary_segment, segment_num): ''' Encrypt elf segments using cbc encryption input: binary_segment: A string representing the binary segment that needs to be encrypted. segment_num: The segment number, used to calculate the segment IV output: encrypted_binary_segment: CBC encrypted segment ''' if len(binary_segment) < 16 and len(binary_segment)!=0: raise RuntimeError("The input plaintext is less than the minimum.") else: # image_iv=self.encryption_parameters.encryption_params_parser.MD_SIGN[0].IMG_ENC_INFO[0].IMG_ENC_IV # computed_segment_iv = compute_segment_iv(segment_num, image_iv) # pt_buf_len=len(binary_segment) # # how much data are we going to encrypt # data_to_enc_len = pt_buf_len - (pt_buf_len % 16) # data_to_enc=binary_segment[:data_to_enc_len] # encrypted_binary_segment, encryption_key, segment_iv = crypto_functions.cbc_encrypt_binary(data_to_enc, binascii.hexlify(self.encryption_parameters.l3_key), binascii.hexlify(computed_segment_iv)) # encrypted_binary_segment+=binary_segment[data_to_enc_len:] pt_fn=utility_functions.store_data_to_temp_file(binary_segment) op_fn=utility_functions.store_data_to_temp_file("") self.encryption_parameters.ssd_p.enc_segment(segment_num, pt_fn, op_fn) encrypted_binary_segment=utility_functions.get_data_from_file(op_fn) os.unlink(pt_fn) os.unlink(op_fn) return encrypted_binary_segment
def encrypt_segment(self, binary_segment, segment_num): ''' Encrypt elf segments using cbc encryption input: binary_segment: A string representing the binary segment that needs to be encrypted. segment_num: The segment number, used to calculate the segment IV output: encrypted_binary_segment: CBC encrypted segment ''' if len(binary_segment) < 16 and len(binary_segment) != 0: raise RuntimeError("The input plaintext is less than the minimum.") else: # image_iv=self.encryption_parameters.encryption_params_parser.MD_SIGN[0].IMG_ENC_INFO[0].IMG_ENC_IV # computed_segment_iv = compute_segment_iv(segment_num, image_iv) # pt_buf_len=len(binary_segment) # # how much data are we going to encrypt # data_to_enc_len = pt_buf_len - (pt_buf_len % 16) # data_to_enc=binary_segment[:data_to_enc_len] # encrypted_binary_segment, encryption_key, segment_iv = crypto_functions.cbc_encrypt_binary(data_to_enc, binascii.hexlify(self.encryption_parameters.l3_key), binascii.hexlify(computed_segment_iv)) # encrypted_binary_segment+=binary_segment[data_to_enc_len:] pt_fn = utility_functions.store_data_to_temp_file(binary_segment) op_fn = utility_functions.store_data_to_temp_file("") self.encryption_parameters.ssd_p.enc_segment( segment_num, pt_fn, op_fn) encrypted_binary_segment = utility_functions.get_data_from_file( op_fn) os.unlink(pt_fn) os.unlink(op_fn) return encrypted_binary_segment
def get_text(cls, cert_data): cert_path = store_data_to_temp_file(cert_data) try: retval = crypto_functions.get_der_certificate_text(cert_path) finally: os.remove(cert_path) return retval
def _decode_encryption_parameters_blob(self, encryption_params_blob, private_key): encryption_params_blob = self.extract_encryption_parameters( encryption_params_blob)[1] tmp_config_file_path = utility_functions.store_data_to_temp_file( encryption_params_blob) encryption_params_parser = CoreConfig(auto_gen_ssd_xml_config, tmp_config_file_path).root encrypted_image_encryption_key_base64 = encryption_params_parser.MD_SIGN[ 0].IEK_ENC_INFO[0].IEK_CIPHER_VALUE encrypted_image_encryption_key = binascii.a2b_base64( encrypted_image_encryption_key_base64) if self.iek_enc_algo == IEK_ENC_ALGO_RSA_2048: image_encryption_key = crypto_functions.decrypt_with_private_der_key( encrypted_image_encryption_key, private_key) else: image_encryption_iv_base64 = encryption_params_parser.MD_SIGN[ 0].IEK_ENC_INFO[0].IEK_ENC_IV image_encryption_iv_bin = binascii.a2b_base64( image_encryption_iv_base64) image_encryption_iv_hex = binascii.hexlify(image_encryption_iv_bin) image_encryption_key = crypto_functions.cbc_decrypt_binary( encrypted_image_encryption_key, binascii.hexlify(private_key), image_encryption_iv_hex) image_encryption_iv_base64 = encryption_params_parser.MD_SIGN[ 0].IMG_ENC_INFO[0].IMG_ENC_IV image_encryption_iv = binascii.a2b_base64(image_encryption_iv_base64) return image_encryption_key, image_encryption_iv
def _generate_pkcs11_cfg(self, token_driver_home): pkcs11_cfg_template_data = c_misc.load_data_from_file( self.PKCS11_CFG_TEMPLATE) pkcs11_cfg_data = signerutils.macro_replace(pkcs11_cfg_template_data, "token_driver_home", token_driver_home, isMandatory=True) return utility_functions.store_data_to_temp_file(pkcs11_cfg_data)
def _generate_attestation_certificate_extensions(self, attestation_certificate_extensions_path, tcg_min, tcg_max): v3_attest_file = c_misc.load_data_from_file(attestation_certificate_extensions_path) v3_attest_file_new = v3_attest_file + \ self._generate_tcg_config(tcg_min, tcg_max) v3_attest_file_temp = utility_functions.store_data_to_temp_file(v3_attest_file_new) return v3_attest_file_temp
def _generate_attestation_certificate_extensions( self, attestation_certificate_extensions_path, tcg_min, tcg_max): v3_attest_file = c_misc.load_data_from_file( attestation_certificate_extensions_path) v3_attest_file_new = v3_attest_file + \ self._generate_tcg_config(tcg_min, tcg_max) v3_attest_file_temp = utility_functions.store_data_to_temp_file( v3_attest_file_new) return v3_attest_file_temp
def _generate_attestation_certificate_extensions(self, attestation_certificate_extensions_path, oid_name, min_str, max_str): v3_attest_file = c_misc.load_data_from_file(attestation_certificate_extensions_path) v3_attest_file_new = v3_attest_file + \ self._generate_oid_config(oid_name, min_str, max_str) v3_attest_file_temp = utility_functions.store_data_to_temp_file(v3_attest_file_new) return v3_attest_file_temp
def _decode_encryption_parameters_blob(self, encryption_params_blob, private_key): encryption_params_blob=self.extract_encryption_parameters(encryption_params_blob)[1] tmp_config_file_path = utility_functions.store_data_to_temp_file(encryption_params_blob) encryption_params_parser = CoreConfig(auto_gen_ssd_xml_config, tmp_config_file_path).root encrypted_image_encryption_key_base64=encryption_params_parser.MD_SIGN[0].IEK_ENC_INFO[0].IEK_CIPHER_VALUE encrypted_image_encryption_key=binascii.a2b_base64(encrypted_image_encryption_key_base64) if self.iek_enc_algo==IEK_ENC_ALGO_RSA_2048: image_encryption_key=crypto_functions.decrypt_with_private_der_key(encrypted_image_encryption_key, private_key) else: image_encryption_iv_base64=encryption_params_parser.MD_SIGN[0].IEK_ENC_INFO[0].IEK_ENC_IV image_encryption_iv_bin=binascii.a2b_base64(image_encryption_iv_base64) image_encryption_iv_hex=binascii.hexlify(image_encryption_iv_bin) image_encryption_key=crypto_functions.cbc_decrypt_binary(encrypted_image_encryption_key, binascii.hexlify(private_key), image_encryption_iv_hex) image_encryption_iv_base64=encryption_params_parser.MD_SIGN[0].IMG_ENC_INFO[0].IMG_ENC_IV image_encryption_iv=binascii.a2b_base64(image_encryption_iv_base64) return image_encryption_key, image_encryption_iv
def _generate_new_encryption_params_blob(self): enc_xml_fname=utility_functions.store_data_to_temp_file('') self.ssd_p.gen_signed_ssd_xml(enc_xml_fname) enc_xml=utility_functions.get_data_from_file(enc_xml_fname) os.unlink(enc_xml_fname) return enc_xml
def _generate_new_encryption_params_blob(self): enc_xml_fname=utility_functions.store_data_to_temp_file('') self.ssd_p.gen_signed_ssd_xml(enc_xml_fname) enc_xml=utility_functions.get_data_from_file(enc_xml_fname) os.unlink(enc_xml_fname) return enc_xml