Esempio n. 1
0
    def __init__(
            self,
            version: int,
            is_expired: bool,
            snapshot_keys_idx: list,
            targets: dict,
            delegations: dict,
            snapshot_sign_keys_idx: list=None,
            **kwargs) -> None:
        super().__init__(**kwargs)
        self.role_name = 'snapshot'

        if snapshot_sign_keys_idx is None:
            snapshot_sign_keys_idx = snapshot_keys_idx

        # TODO manipulate version
        targets_version = targets['signed']['version']
        targets_json = self.jsonify(targets)

        signed = {
            '_type': 'Snapshot',
            'version': version,
            'expires': '2017-01-01T00:00:00Z' if is_expired else '2038-01-19T03:14:06Z',
            'meta': {
                'targets.json': {
                    'hashes': {
                        'sha256': sha256(targets_json, bad_hash=False),
                        'sha512': sha512(targets_json, bad_hash=False),
                    },
                    'length': len(targets_json),
                    'version': targets_version,
                },
            },
        }

        for (name, meta) in delegations.items():
            delegation_json = self.jsonify(meta)
            signed['meta'][name] = {
                'hashes': {
                    'sha256': sha256(delegation_json, bad_hash=False),
                    'sha512': sha512(delegation_json, bad_hash=False),
                },
                'length': len(delegation_json),
                'version': meta['signed']['version'],  # TODO manipulate version
             }

        sig_directives = [(self.get_key(i), False) for i in snapshot_sign_keys_idx]

        self.value = {'signed': signed, 'signatures': self.sign(sig_directives, signed)}
Esempio n. 2
0
    def __init__(
        self,
        name: str,
        content: bytes,
        hardware_id: str,
        do_write: bool = True,
        alteration: str = None,
        ecu_identifier: str = None,
    ) -> None:
        self.name = name
        self.content = content
        self.do_write = do_write

        bad_hash = False
        size_mod = 0
        bad_ecu_id = False
        bad_hw_id = False

        if alteration is None:
            pass
        elif alteration == 'bad-hash':
            bad_hash = True
        elif alteration == 'oversized':
            size_mod = -1
        elif alteration == 'bad-ecu-id':
            if ecu_identifier is None:
                raise ValueError('Tried to modify ECU ID with no ECU ID')
            bad_ecu_id = True
        elif alteration == 'bad-hw-id':
            bad_hw_id = True
        else:
            raise ValueError('Unknown alteration: {}'.format(alteration))

        self.meta = {
            'length': len(content) + size_mod,
            'hashes': {
                'sha256': sha256(content, bad_hash=bad_hash),
                'sha512': sha512(content, bad_hash=bad_hash),
            },
            'custom': {},
        }

        if ecu_identifier is None:
            # Only used by Image repo metadata.
            self.meta['custom'] = {
                'hardwareIds': [
                    hardware_id + ('-XXX' if bad_hw_id else ''),
                ],
            }
        else:
            # Only used by Director metadata.
            ecu_identifier = ecu_identifier + ('-XXX' if bad_ecu_id else '')
            self.meta['custom']['ecuIdentifiers'] = {
                ecu_identifier: {
                    'hardwareId': hardware_id + ('-XXX' if bad_hw_id else ''),
                },
            }
Esempio n. 3
0
    def __init__(self,
                 snapshot: dict,
                 timestamp_keys_idx: list,
                 timestamp_keys_bad_sign_idx: list,
                 timestamp_version: int,
                 is_expired: bool,
                 snapshot_version: int,
                 timestamp_sign_keys_idx: list = None,
                 **kwargs) -> None:
        super().__init__(is_delegation=False, **kwargs)
        self.role_name = 'timestamp'

        if timestamp_sign_keys_idx is None:
            timestamp_sign_keys_idx = timestamp_keys_idx

        if snapshot_version is None:
            snapshot_version = snapshot['signed']['version']

        snapshot_json = self.cjson(snapshot)

        signed = {
            '_type': kwargs.get('_type', 'Timestamp'),
            'version': 1,  # TODO
            'expires':
            '2017-01-01T00:00:00Z' if is_expired else '2038-01-19T03:14:06Z',
            'meta': {
                'snapshot.json': {
                    'version': snapshot_version,
                    'length':
                    len(self.jsonify(snapshot)
                        ),  # Server returns snapshot.json with self.jsonify
                    'hashes': {
                        'sha256': sha256(snapshot_json, bad_hash=False),
                        'sha512': sha512(snapshot_json, bad_hash=False),
                    },
                },
            },
        }

        sig_directives = [(self.get_key(i), i in timestamp_keys_bad_sign_idx)
                          for i in timestamp_sign_keys_idx]
        self.value = {
            'signed': signed,
            'signatures': self.sign(sig_directives, signed)
        }
Esempio n. 4
0
 def key_id(self, pub: str, bad_id: bool) -> str:
     return sha256(self.cjson(pub).encode('utf-8'), bad_id)
Esempio n. 5
0
    def __init__(
            self,
            version: int,
            is_expired: bool,
            snapshot_keys_idx: list,
            targets: dict,
            delegations: dict,  # role_name -> contents_dict
            snapshot_sign_keys_idx: list = None,
            targets_version: int = None,
            add_targets_hash_and_length: bool = False,
            **kwargs) -> None:
        super().__init__(is_delegation=False, **kwargs)
        self.role_name = 'snapshot'

        if snapshot_sign_keys_idx is None:
            snapshot_sign_keys_idx = snapshot_keys_idx

        if targets_version:
            targets_version = targets_version
        else:
            targets_version = targets['signed']['version']

        signed = {
            '_type': kwargs.get('_type', 'Snapshot'),
            'version': version,
            'expires':
            '2017-01-01T00:00:00Z' if is_expired else '2038-01-19T03:14:06Z',
            'meta': {
                'targets.json': {
                    'version': targets_version,
                },
            },
        }

        if add_targets_hash_and_length:
            targets_content = self.cjson(targets).encode('utf-8')
            signed['meta']['targets.json']['hashes'] = {
                'sha256': sha256(targets_content, False),
            }
            signed['meta']['targets.json']['length'] = len(targets_content)

        for (name, meta) in delegations.items():
            if name == SKIPPED_DELEGATION_NAME:
                continue

            if meta.snapshot_version:
                delegation_version = meta.snapshot_version
            else:
                delegation_version = meta.value['signed']['version']

            signed['meta'][name + '.json'] = {
                'version': delegation_version,
            }

        sig_directives = [(self.get_key(i), False)
                          for i in snapshot_sign_keys_idx]

        self.value = {
            'signed': signed,
            'signatures': self.sign(sig_directives, signed)
        }