def _generate_signing_package(self, hash_to_sign, signing_attributes, cass_signer_attributes, image_path, signingpackage_fname, binary_to_sign): signingpackage = SigningPackage(secimage.__version__) signingrequest = signingpackage.createSigningRequest("image_to_sign=%s" % image_path) hexbindigest = binascii.b2a_hex(hash_to_sign) logger.debug("Digest to sign (hexbinary)= [%s]" % hexbindigest) signingrequest.setDigest(hexbindigest) signingrequest.setCapability(signing_attributes.cass_capability) signingrequest.setSigningAttribute(Certificate.SIGNATTR_SW_SIZE, "0x%.8X" % len(binary_to_sign)) hmac_params = signerutils.get_hmac_params_from_config(signing_attributes) signingrequest.setSigningAttribute(Certificate.SIGNATTR_HW_ID, "0x%s" % hmac_params.msm_id_str) signingrequest.setSigningAttribute(Certificate.SIGNATTR_SW_ID, signing_attributes.sw_id) signingrequest.setSigningAttribute(Certificate.SIGNATTR_MODEL_ID, signing_attributes.model_id) signingrequest.setSigningAttribute(Certificate.SIGNATTR_OEM_ID, signing_attributes.oem_id) if signing_attributes.debug: signingrequest.setSigningAttribute(Certificate.SIGNATTR_DEBUG, signing_attributes.debug) if signing_attributes.app_id: signingrequest.setSigningAttribute(Certificate.SIGNATTR_APP_ID, signing_attributes.app_id) if signing_attributes.crash_dump: signingrequest.setSigningAttribute(Certificate.SIGNATTR_CRASH_DUMP, signing_attributes.crash_dump) if self._is_oid_supported(signing_attributes) is True: attr_min, attr_max = Certificate.GetOIDAttrName(signing_attributes.object_id.name) #Min/max can be supplied by CASS server and is optional if signing_attributes.object_id.min: signingrequest.setSigningAttribute(attr_min, signing_attributes.object_id.min) if signing_attributes.object_id.max: signingrequest.setSigningAttribute(attr_max, signing_attributes.object_id.max) else: #opendsp does not CASS_SIGNATTR_USE_EXP3 currently if signing_attributes.exponent == 3: signingrequest.setSigningAttribute(self.CASS_SIGNATTR_USE_EXP3, 'TRUE') elif signing_attributes.exponent == 65537: signingrequest.setSigningAttribute(self.CASS_SIGNATTR_USE_EXP3, 'FALSE') else: raise RuntimeError, "Exponent value of {0} is invalid!".format(signing_attributes.exponent) # Set signature algorithm to SHA256 by default signingrequest.setSigningAttribute(Certificate.SIGNATTR_SHA256, 'TRUE') pathname, fname = os.path.split(signingpackage_fname) c_path.create_dir(pathname) signingpackage.toxml() signingpackage.saveToFile(signingpackage_fname) logger.info("Signing package created. Digest = [%s]" % signingpackage.getDigest()) return signingpackage