def generate_fec(data_model, region_id, row): ''' helper function to generate fec from fuse region ID ''' try: for region in data_model.module[0].fuse_region: if region.id == region_id: for fuse in region.fuse: if fuse.n == row: fec = compute_fec( int(fuse.value, 16) & defines.FEC_DATA_56BIT_MASK) # now that we got fec, find the fec field in this row and set it for field in fuse.field: if field.id == 'FEC_VALUE': field.value = hex(fec) logger.debug2( 'generate_fec for ' + region_id + ', row ' + str(row) + ' : ' + hex(fec) + ' - ' + hex( int(fuse.value, 16) & defines.FEC_DATA_56BIT_MASK)) return fuse.value # got to this point, not found raise RuntimeError("USER config FEC_VALUE field not found: " + region_id + ' : row ' + row) raise except: raise RuntimeError("Error from generate_fec(): " + region_id)
def _get_config_path(self, chipset_dir): """Returns the config found in the chipset dir matching the naming conventions. If the config file is not found in the dir, None is returned. :param str chipset_dir: The directory in which to look for config path. :returns: config_file :rtype: (str) """ config = None chipset_from_dir_name = os.path.basename(chipset_dir) for entry in os.listdir(chipset_dir): path = c_path.join(chipset_dir, entry) if c_path.validate_file(path) and re.match(defines.XML_NAME_REGEX, entry): # Extract the chipset from the file try: chipset_from_file = ConfigParser.get_chipset_from_file(path) except Exception as e: logger.warning('Skipping file: ' + entry + '\n' ' ' + 'Failed to load the file: ' + str(e)) continue # Check the naming conventions if chipset_from_file == chipset_from_dir_name: config = path else: logger.warning('Skipping file: ' + entry + '\n' ' ' + 'Chipset from file: "' + chipset_from_file + '" does not match chipset from dir name: "' + chipset_from_dir_name + '"') else: logger.debug2('Skipping file: ' + entry + '\n' ' ' + 'Name does not match any of the naming convention patters') logger.debug2('Config path found for chipset_dir: ' + chipset_dir + '\n' ' ' + 'config: ' + str(config)) return config
def _get_config_path(self, chipset_dir): """Returns the config found in the chipset dir matching the naming conventions. If the config file is not found in the dir, None is returned. :param str chipset_dir: The directory in which to look for config path. :returns: config_file :rtype: (str) """ config = None chipset_from_dir_name = os.path.basename(chipset_dir) for entry in os.listdir(chipset_dir): path = c_path.join(chipset_dir, entry) if c_path.validate_file(path) and entry.endswith(defines.XML_NAME_ENDING): # Extract the chipset from the file try: chipset_from_file = ConfigParser.get_chipset_from_file(path) except Exception as e: logger.warning('Skipping file: ' + entry + '\n' ' ' + 'Failed to load the file: ' + str(e)) continue # Check the naming conventions if chipset_from_file == chipset_from_dir_name: config = path else: logger.warning('Skipping file: ' + entry + '\n' ' ' + 'Chipset from file: "' + chipset_from_file + '" does not match chipset from dir name: "' + chipset_from_dir_name + '"') else: logger.debug2('Skipping file: ' + entry + '\n' ' ' + 'Name does not match any of the naming convention patters') logger.debug2('Config path found for chipset_dir: ' + chipset_dir + '\n' ' ' + 'config: ' + str(config)) return config
def dump_signer_debug_data(self, image, sign_assets): if image.dest_image.debug_dir_signer is None: return c_path.create_debug_dir(image.dest_image.debug_dir_signer) sa = sign_assets fp = image.dest_image from imageinfo import DestImagePath assert isinstance(fp, DestImagePath) debug_logs = [ (sa.root_cert, fp.debug_file_signer_root_cert), (sa.attestation_ca_cert, fp.debug_file_signer_attestation_ca_cert), (sa.attestation_cert, fp.debug_file_signer_attestation_cert), (sa.signature, fp.debug_file_signer_signature), (sa.cert_chain, fp.debug_file_signer_cert_chain) ] # Save the private attributes too debug_logs += [ (sa.root_key, fp.debug_file_signer_root_key), (sa.attestation_ca_key, fp.debug_file_signer_attestation_ca_key), (sa.attestation_key, fp.debug_file_signer_attestation_key) ] for data, debug_file in debug_logs: try: store_data_to_file(debug_file, data) except Exception: logger.debug2('Failed to save debug file ' + debug_file + '\n' ' ' + str(sys.exc_info()[1]))
def dump_parsegen_debug_data(self, image, parsegen): if image.dest_image.debug_dir_parsegen is None: return so = parsegen fp = image.dest_image from imageinfo import DestImagePath assert isinstance(fp, DestImagePath) debug_logs = [] try: debug_logs.append((so.get_data(False, False, False), fp.debug_file_parsegen_unsigned)) except Exception: pass try: debug_logs.append((so.data_to_sign, fp.debug_file_parsegen_tosign)) except Exception: pass try: debug_logs.append((so.cert_chain, fp.debug_file_parsegen_cert_chain)) except Exception: pass try: debug_logs.append((so.data_signature, fp.debug_file_parsegen_signature)) except Exception: pass try: debug_logs.append((so.get_data(True, False, False), fp.debug_file_parsegen_integrity_check)) except Exception: pass try: debug_logs.append((so.get_data(True, True, False), fp.debug_file_parsegen_signed)) except Exception: pass try: debug_logs.append((so.get_data(True, True, True), fp.debug_file_parsegen_encrypted)) except Exception: pass for data, debug_file in debug_logs: try: store_data_to_file(debug_file, data) except Exception: logger.debug2('Failed to save debug file ' + debug_file + '\n' ' ' + str(sys.exc_info()[1]))
def privkey_pem_to_der(pem_privkey): """ Convert PEM format PRIVATE key into DER format input: pem_privkey: String containing base64 PEM Private key output der_privkey: String containing binary Private key """ der_privkey = '' pem_tempfile_name = utility_functions.store_data_to_temp_file(pem_privkey) try: der_privkey = utility_functions.system_command_logged( [ openssl_binary_path, 'rsa', '-in', pem_tempfile_name, '-inform', 'PEM', '-outform', 'DER' ], stderr_to_temp=True) logger.debug2("PEM Format private key: " + hexdump(der_privkey)) except: logger.critical( "privkey_pem_to_der: OPENSSL Could not convert PEM key to DER key") finally: os.unlink(pem_tempfile_name) logger.debug("Deleting temporary file: " + pem_tempfile_name) return der_privkey
def privkey_der_to_pem(der_privkey): """ Convert binary DER format PRIVATE key into base64 coded ASCII PEM format input: der_privkey: String containing binary PRIVATE KEY output pem_privkey: String containing base64 PEM PRIVATE KEY """ pem_privkey = '' der_tempfile_name = utility_functions.store_data_to_temp_file(der_privkey) try: pem_privkey = utility_functions.system_command_logged( [ openssl_binary_path, 'rsa', '-in', der_tempfile_name, '-inform', 'DER', '-outform', 'PEM' ], stderr_to_temp=True) logger.debug2("PEM Format Private Key: " + pem_privkey) except: logger.critical( "privkey_der_to_pem: OPENSSL Could not convert DER key to PEM") finally: os.unlink(der_tempfile_name) logger.debug("Deleting temporary file: " + der_tempfile_name) return pem_privkey
def cert_pem_to_der(pem_certificate): """ Convert PEM format certificate into DER format input: pem_certificate: String containing base64 PEM certificate output der_certificate: String containing binary certificate """ pem_tempfile_name = utility_functions.store_data_to_temp_file( pem_certificate) try: der_certificate = utility_functions.system_command_logged( [ openssl_binary_path, 'x509', '-in', pem_tempfile_name, '-inform', 'PEM', '-outform', 'DER' ], stderr_to_temp=True) except: logger.critical( "cert_pem_to_der: OPENSSL could not convert PEM cert to DER") logger.debug2("PEM Format certificate: " + hexdump(der_certificate)) logger.debug("Deleting temporary file: " + pem_tempfile_name) os.unlink(pem_tempfile_name) return der_certificate
def cert_der_to_pem(der_certificate): """ Convert binary DER format certificate into base64 coded ASCII PEM format input: der_certificate: String containing binary certificate output pem_certificate: String containing base64 PEM certificate """ der_tempfile_name = utility_functions.store_data_to_temp_file( der_certificate) try: pem_certificate = utility_functions.system_command_logged( [ openssl_binary_path, 'x509', '-in', der_tempfile_name, '-inform', 'DER', '-outform', 'PEM' ], stderr_to_temp=True) except: logger.critical( "cert_der_to_pem: OPENSSL could not convert DER cert to PEM") logger.debug2("PEM Format certificate: " + pem_certificate) logger.debug("Deleting temporary file: " + der_tempfile_name) os.unlink(der_tempfile_name) return pem_certificate
def decrypt_with_private_der_key(encrypted_message, private_key): """ Decrypt an encrypted message with a private key input: encrypted_message = String representation of encrypted message private_key = String representation of private key output: message = String representing decrypted message """ private_key_tempfile_name = utility_functions.store_data_to_temp_file( private_key) encrypted_message_tempfile_name = utility_functions.store_data_to_temp_file( encrypted_message) pt_tempfile_name = utility_functions.store_data_to_temp_file('') command_list = [ openssl_binary_path, 'rsautl', '-decrypt', '-inkey', private_key_tempfile_name, '-in', encrypted_message_tempfile_name, '-keyform', 'DER' ] try: message = utility_functions.system_command_logged(command_list, stderr_to_temp=True) return message except: logger.debug2( "decrypt_with_private_der_key: OPENSSL could not decrypt with private key" )
def discover(self): """Searches for the ecies binary in the predefined packaged path. :returns str: Path to the ecies binary. """ module_name = BINARY_NAME.title() filenames = bin_names(BINARY_NAME) filenames += alternate_bin_names(BINARY_NAME) module = ModuleNotFound for filename in filenames: file_path = c_path.join(packaged_bin_folder, filename) if c_path.validate_file(file_path): module = file_path logger.debug2(module_name + ': Found at - ' + module) break else: logger.debug2(module_name + ': Not Found') # Log if permissions are not correct if module != ModuleNotFound and not os.access(module, os.X_OK): logger.error(module_name + ': Cannot execute. Missing execution permission.') return module
def discover(self): '''Searches for the openssl binary in: #. The environment using the openssl tag #. Prepackaged binary folder #. Current path #. System path :returns str: Path to the openssl binary. ''' module_name = BINARY_NAME.title() filenames = bin_names(BINARY_NAME) module = ModuleNotFound for filename in filenames: # Using the environment if OPENSSL_ENV_DIR_TAG in os.environ: env_module = c_path.join(os.environ[OPENSSL_ENV_DIR_TAG], filename) if not c_path.validate_file(env_module): logger.debug2( module_name + ': File from environment does not exist at - ' + env_module) elif not self.is_supported_version(env_module): logger.debug2( module_name + ': File from environment is not the correct version - ' + env_module) else: module = env_module logger.debug2(module_name + ': Found from environment at - ' + env_module) break # Searching in prepacked dir, current dir and system paths else: folder = packaged_bin_folder modules_found = c_path.which(filename, paths=[folder]) for module_found in modules_found: if not self.is_supported_version(module_found): continue module = module_found conf_file = c_path.join(folder, OPENSSL_CONF_FILE) if c_path.validate_file(conf_file): os.environ[OPENSSL_ENV_CONF_TAG] = conf_file logger.debug2(module_name + ': Found at - ' + module) break else: logger.debug2(module_name + ': Not Found') # Log if permissions are not correct if module != ModuleNotFound and not os.access(module, os.X_OK): logger.error(module_name + ': Cannot execute. Missing execution permission.') return module
def resolve_remote_server_info(self): host, port = QCOM_SIGNING_SERVER_HOST, QCOM_SIGNING_SERVER_PORT if ENV_SIGNING_SERVER_HOST_TAG in os.environ: logger.debug2(str(ENV_SIGNING_SERVER_HOST_TAG) + ' tag found in environment') host = os.environ[ENV_SIGNING_SERVER_HOST_TAG] if ENV_SIGNING_SERVER_PORT_TAG in os.environ: logger.debug2(str(ENV_SIGNING_SERVER_PORT_TAG) + ' tag found in environment') port = int(os.environ[ENV_SIGNING_SERVER_PORT_TAG]) return host, port
def sha_hash(self, data, sha_algo=None): if not data: raise RuntimeError('No data to hash') if sha_algo not in utils.hash_algos_map.keys(): logger.warning('No SHA algo specified. Defaulting to SHA-256') msg = utils.hash(data, sha_algo) msg_bin = binascii.a2b_hex(msg) logger.debug2("H(code image) : " + msg) return msg_bin
def hmac_sha(self, data, sha_algo=None): hash_lib_func = self.HASH_ALGO_MAP.get(self.hash_algo, None) if hash_lib_func is None: raise RuntimeError('Unknown HASH algorithm: ' + str(self.hash_algo)) # Create hash msg = hash_lib_func(data).hexdigest() logger.debug2("H(code image) : " + msg) return binascii.a2b_hex(msg)
def is_supported_version(cls, openssl_bin): '''Returns True if the version of the openssl is supported ''' # Get the version info try: version = cls.get_version(openssl_bin) except Exception as e: logger.debug2(str(e)) return False # Check if version is less than minimum return LooseVersion(version) >= LooseVersion(OPENSSL_VERSION_MIN)
def is_supported_version(cls, openssl_bin, min_version=OPENSSL_VERSION_MIN): """Returns True if the version of the openssl is supported """ # Get the version info try: openssl_version = cls.get_version(openssl_bin) except Exception as e: logger.debug2(str(e)) return False # Check if version is less than minimum return min_version <= openssl_version
def configs(self): """(list[obj]) List of objects of :class:`ConfigParser` generated by loading the config files in the config_dir. """ configs = [] for path in self.config_paths: logger.debug2('Loading config: ' + path) try: configs.append(ConfigParser(path)) except Exception as e: logger.warning('Failed to load config: ' + path + '\n' ' ' + 'Error: ' + str(e)) return configs
def discover(self): """Searches for the M2Crypto library in the python package. :returns module: M2Crypto python module """ module_name = MODULE_NAME module = ModuleNotFound try: import M2Crypto as module logger.debug2(module_name + ': Found at - ' + str(module)) except ImportError as e: logger.debug2(module_name + ': Not Found - ' + str(e)) return module
def get_field_value(data_model, region_id, field_id ): ''' helper function to get the field value from data model ''' for region in data_model.module[0].fuse_region: if region.id == region_id: for fuse in region.fuse: for field in fuse.field: if field.id == field_id: logger.debug2('USER config get region: '+region.id+', field: '+field.id+', value:'+field.value) return field.value # got to this point, not found raise RuntimeError("USER config entry not found in OEM config: "+region_id+' : '+field_id)
def dump_signer_debug_data(self, image, sign_assets, parsegen): if image.dest_image.debug_dir_signer is None: return c_path.create_debug_dir(image.dest_image.debug_dir_signer) sa = sign_assets fp = image.dest_image from imageinfo import DestImagePath assert isinstance(fp, DestImagePath) # Backup parsegen authority authority = parsegen.authority # QTI Signature and Cert Chain parsegen.authority = defines.AUTHORITY_QTI data_signature_qti = parsegen.data_signature cert_chain_qti = parsegen.cert_chain # OEM Signature and Cert Chain parsegen.authority = defines.AUTHORITY_OEM data_signature = parsegen.data_signature cert_chain = parsegen.cert_chain # Restore authority parsegen.authority = authority debug_logs = [ (sa.root_cert, fp.debug_file_signer_root_cert), (sa.attestation_ca_cert, fp.debug_file_signer_attestation_ca_cert), (sa.attestation_cert, fp.debug_file_signer_attestation_cert), (data_signature, fp.debug_file_signer_signature), (cert_chain, fp.debug_file_signer_cert_chain), (data_signature_qti, fp.debug_file_signer_qti_signature), (cert_chain_qti, fp.debug_file_signer_qti_cert_chain) ] # Save the private attributes too debug_logs += [ (sa.root_key, fp.debug_file_signer_root_key), (sa.attestation_ca_key, fp.debug_file_signer_attestation_ca_key), (sa.attestation_key, fp.debug_file_signer_attestation_key) ] for data, debug_file in debug_logs: try: store_data_to_file(debug_file, data) except Exception: logger.debug2('Failed to save debug file ' + debug_file + '\n' ' ' + str(sys.exc_info()[1]))
def main(args): """Parses the command line arguments, performs any basic operations based on the parsed arguments and starts processing using the isc module. """ # Print the tool's launch command logger.debug2('\n\n Sectools launched as: "' + ' '.join(sys.argv) + '"\n') if len(args) > 1: feature = args[1] for supported_feature in FEATURES_LIST: if feature == supported_feature.CMD_ARG_TOOL_NAME: supported_feature.main(supported_feature.parse_args(sys.argv[1:])) break else: raise RuntimeError('Feature provided from command line: "' + feature + '" is invalid.' + '\n' ' ' + 'Please choose from : ' + str([f.CMD_ARG_TOOL_NAME for f in FEATURES_LIST]))
def get_public_key_from_certificate(certificate): if 'BEGIN CERTIFICATE' not in certificate: certificate = cert_der_to_pem(certificate) pubkey=_extract_public_key_from_certificate(certificate) pubkey_file_name=utility_functions.store_data_to_temp_file(pubkey) command_list=[openssl_binary_path,'rsa','-pubin','-inform','PEM','-text','-noout','<',pubkey_file_name] logger.debug("Command_list = " + repr(command_list)) pubkey_text = utility_functions.system_command_logged(command_list, stderr_to_temp=True) logger.debug2("Pubkey text: " + pubkey_text) os.unlink(pubkey_file_name)
def privkey_pem_to_der(pem_privkey): """ Convert PEM format PRIVATE key into DER format input: pem_privkey: String containing base64 PEM Private key output der_privkey: String containing binary Private key """ pem_tempfile_name = utility_functions.store_data_to_temp_file(pem_privkey) try: der_privkey = utility_functions.system_command_logged([openssl_binary_path, 'rsa', '-in', pem_tempfile_name, '-inform', 'PEM', '-outform', 'DER'], stderr_to_temp=True) except: logger.critical("privkey_pem_to_der: OPENSSL Could not convert PEM key to DER key") logger.debug2("PEM Format private key: " + hexdump(der_privkey)) logger.debug("Deleting temporary file: " + pem_tempfile_name) os.unlink(pem_tempfile_name) return der_privkey
def privkey_der_to_pem(der_privkey): """ Convert binary DER format PRIVATE key into base64 coded ASCII PEM format input: der_privkey: String containing binary PRIVATE KEY output pem_privkey: String containing base64 PEM PRIVATE KEY """ der_tempfile_name = utility_functions.store_data_to_temp_file(der_privkey) try: pem_privkey = utility_functions.system_command_logged([openssl_binary_path, 'rsa', '-in', der_tempfile_name, '-inform', 'DER', '-outform', 'PEM'], stderr_to_temp=True) except: logger.critical("privkey_der_to_pem: OPENSSL Could not convert DER key to PEM") logger.debug2("PEM Format Private Key: " + pem_privkey) logger.debug("Deleting temporary file: " + der_tempfile_name) os.unlink(der_tempfile_name) return pem_privkey
def is_supported_version(cls, openssl_bin): '''Returns True if the version of the openssl is supported ''' # Get the version info try: version = cls.get_version(openssl_bin) except Exception as e: logger.debug2(str(e)) return False # Check if version is less than minimum openssl_version_min = OPENSSL_VERSION_MIN.split('.') if (int(openssl_version_min[0]) > int(version[0]) or # Major int(openssl_version_min[1]) > int(version[1]) or # Minor int(openssl_version_min[2]) > int(version[2])): # Patch return False return True
def _get_config_paths(self, chipset_dir): """Returns a tuple of the configs found in the chipset dir matching the naming conventions. If any of the config files is not found in the dir, its value is returned as None. :param str chipset_dir: The directory in which to look for config paths. :returns: (oem_config_path, qc_config_path, ui_config_path, user_config_path) :rtype: (tuple(str)) """ oem, qc, ui, user = None, None, None, None chipset_from_dir_name = os.path.basename(chipset_dir) for entry in os.listdir(chipset_dir): path = c_path.join(chipset_dir, entry) if c_path.validate_file(path): # Extract the chipset from the file try: chipset_from_file = ConfigParser.get_chipset_from_file( path) except Exception as e: logger.debug2('Skipping file: ' + entry + '\n' ' ' + 'Failed to load the file: ' + str(e)) continue # Check the naming conventions if chipset_from_file == chipset_from_dir_name: if entry.endswith(defines.XML_NAME_ENDING_OEM): oem = path elif entry.endswith(defines.XML_NAME_ENDING_QC): qc = path elif entry.endswith(defines.XML_NAME_ENDING_UI): ui = path elif entry.endswith(defines.XML_NAME_ENDING_USER): user = path else: logger.debug2( 'Skipping file: ' + entry + '\n' ' ' + 'Name does not match any of the naming convention patters' ) else: logger.debug2('Skipping file: ' + entry + '\n' ' ' + 'Chipset from file: "' + chipset_from_file + '" does not match chipset from dir name: "' + chipset_from_dir_name + '"') logger.debug2('Config paths found for chipset_dir: ' + chipset_dir + '\n' ' ' + 'oem: ' + str(oem) + '\n' ' ' + 'qc: ' + str(qc) + '\n' ' ' + 'ui: ' + str(ui) + '\n' ' ' + 'user: ' + str(user)) return oem, qc, ui, user
def set_field_value(data_model, region_id, field_id, value ): ''' helper function to find the field and set its value ''' if not isinstance(value, str): value = hex(value).rstrip('L') for region in data_model.module[0].fuse_region: if region.id == region_id: for fuse in region.fuse: for field in fuse.field: if field.id == field_id: field.value = value logger.debug2('USER config set region: '+region.id+', field: '+field.id+', value:'+field.value) return True, field.value # got to this point, not found raise RuntimeError("USER config entry not found in OEM config: "+region_id+' : '+field_id)
def cert_pem_to_der(pem_certificate): """ Convert PEM format certificate into DER format input: pem_certificate: String containing base64 PEM certificate output der_certificate: String containing binary certificate """ pem_tempfile_name = utility_functions.store_data_to_temp_file(pem_certificate) try: der_certificate = utility_functions.system_command_logged([openssl_binary_path, 'x509', '-in', pem_tempfile_name, '-inform', 'PEM', '-outform', 'DER'], stderr_to_temp=True) except: logger.critical("cert_pem_to_der: OPENSSL could not convert PEM cert to DER") logger.debug2("PEM Format certificate: " + hexdump(der_certificate)) logger.debug("Deleting temporary file: " + pem_tempfile_name) os.unlink(pem_tempfile_name) return der_certificate
def decrypt_with_private_der_key(encrypted_message, private_key): """ Decrypt an encrypted message with a private key input: encrypted_message = String representation of encrypted message private_key = String representation of private key output: message = String representing decrypted message """ private_key_tempfile_name =utility_functions.store_data_to_temp_file(private_key) encrypted_message_tempfile_name = utility_functions.store_data_to_temp_file(encrypted_message) pt_tempfile_name=utility_functions.store_data_to_temp_file('') command_list=[openssl_binary_path, 'rsautl', '-decrypt', '-inkey', private_key_tempfile_name, '-in', encrypted_message_tempfile_name, '-keyform','DER'] try: message = utility_functions.system_command_logged(command_list, stderr_to_temp=True) return message except: logger.debug2("decrypt_with_private_der_key: OPENSSL could not decrypt with private key")
def cert_der_to_pem(der_certificate): """ Convert binary DER format certificate into base64 coded ASCII PEM format input: der_certificate: String containing binary certificate output pem_certificate: String containing base64 PEM certificate """ der_tempfile_name = utility_functions.store_data_to_temp_file(der_certificate) try: pem_certificate = utility_functions.system_command_logged([openssl_binary_path, 'x509', '-in', der_tempfile_name, '-inform', 'DER', '-outform', 'PEM'], stderr_to_temp=True) except: logger.critical("cert_der_to_pem: OPENSSL could not convert DER cert to PEM") logger.debug2("PEM Format certificate: " + pem_certificate) logger.debug("Deleting temporary file: " + der_tempfile_name) os.unlink(der_tempfile_name) return pem_certificate
def sha_hash(self, data, sha_algo=None): if not data: raise RuntimeError('No data to hash') if sha_algo == 'sha1': hashlib_calc = hashlib.sha1 elif sha_algo == 'sha256': hashlib_calc = hashlib.sha256 elif sha_algo == 'sha384': hashlib_calc = hashlib.sha384 else: logger.warning('No SHA algo specified. Defaulting to SHA-256') hashlib_calc = hashlib.sha256 msg = hashlib_calc(data).hexdigest() msg_bin = binascii.a2b_hex(msg) logger.debug2("H(code image) : " + msg) return msg_bin
def discover(self): """Searches for the crypto cbc binary in the predefined packaged path. :returns str: Path to the crypto cbc binary. """ module_name = BINARY_NAME.title() filenames = bin_names(BINARY_NAME) module = ModuleNotFound for filename in filenames: file_path = c_path.join(packaged_bin_folder, filename) if c_path.validate_file(file_path): module = file_path logger.debug2(module_name + ': Found at - ' + module) break else: logger.debug2(module_name + ': Not Found') return module
def create_certificate(certificate_params, certificate_key_pair, CACertificate, CA_key_pair, days, configfile, serial_num, extfile_name): """ Generate a certificate. input: certificate_params ={ 'C' : "US", 'ST' : "California", 'L' : "San Diego", 'O' : "ASIC", 'CN' : "Qualcomm", 'OU' : [r"General Use Test Key (for testing only)", r"CDMA Technologies"] } Dictionary of parameters to put in the certificate. The parameters above are an example If the same parameter has multiple values as 'OU' above, create a list of values CACertificate: String representation of CA certificate used to sign the cert certificate_key_pair = None | key_pair = {"public_key": [Generated public key], "private_key": [Generated private key] } Dictionary holding the values of public and private keys. If this is None, a key is generated. days = validity period of certificate in days configfile = configfile used by openssl output: certificate: String representation of PEM certificate. certificate_key_pair : {"public_key": certificate public key], "private_key": certificate private key] } """ csr, csr_key_pair = _create_sigining_request(certificate_params, certificate_key_pair, days, configfile) logger.debug2(csr + repr(csr_key_pair)) certificate, ca_key_pair = _sign_csr_with_CA_certificate( csr, CACertificate, CA_key_pair, days, serial_num, extfile_name) return (certificate, csr_key_pair)
def dump_signer_debug_data(self, image, sign_assets): if image.dest_image.debug_dir_signer is None: return sa = sign_assets fp = image.dest_image from imageinfo import DestImagePath assert isinstance(fp, DestImagePath) debug_logs = [(sa.root_cert, fp.debug_file_signer_root_cert), (sa.attestation_ca_cert, fp.debug_file_signer_attestation_ca_cert), (sa.attestation_cert, fp.debug_file_signer_attestation_cert), (sa.attestation_key, fp.debug_file_signer_attestation_key), (sa.signature, fp.debug_file_signer_signature), (sa.cert_chain, fp.debug_file_signer_cert_chain)] for data, debug_file in debug_logs: try: store_data_to_file(debug_file, data) except Exception: logger.debug2('Failed to save debug file ' + debug_file + '\n' ' ' + str(sys.exc_info()[1]))
def config_paths(self): """(list[tuple(str)]) List of the config paths found in the workspace conforming to the naming structure. """ config_dir = self.config_dir config_paths = [] logger.debug('Searching config path sets in dir: ' + config_dir) for entry in os.listdir(config_dir): path = c_path.join(config_dir, entry) if c_path.validate_dir(path): config = self._get_config_path(path) if config: config_paths.append(config) else: logger.debug2('Skipping dir: ' + entry + '\n' ' ' + 'Does not contain any configs') else: logger.debug2('Skipping file in first level: ' + entry) logger.debug('Config paths found from the config dir: ' + str(config_paths)) return config_paths
def configs(self): """(list[obj]) List of objects of :class:`ConfigParser` generated by loading the config files in the config_dir. """ configs = [] for oem, qc, ui, user in self.config_paths: logger.debug2('Loading configs: ' + '\n' ' ' + 'oem: ' + str(oem) + '\n' ' ' + 'qc: ' + str(qc) + '\n' ' ' + 'ui: ' + str(ui) + '\n' ' ' + 'user: '******'Failed to load configs.' ' ' + 'Error: ' + str(e)) return configs
def config_paths(self): """(list[tuple(str)]) List of the config paths found in the workspace conforming to the naming structure. """ config_dir = self.config_dir config_paths = [] logger.debug('Searching config path sets in dir: ' + config_dir) for entry in os.listdir(config_dir): path = c_path.join(config_dir, entry) if c_path.validate_dir(path): oem, qc, ui, user = self._get_config_paths(path) if oem or qc or ui or user: config_paths.append((oem, qc, ui, user)) else: logger.debug2('Skipping dir: ' + entry + '\n' ' ' + 'Does not contain any configs') else: logger.debug2('Skipping file in first level: ' + entry) logger.debug('Config paths found from the config dir: ' + str(config_paths)) return config_paths
def qcom_hmac(self, data, hmac_params): if data == None or hmac_params == None: raise RuntimeError('Input parameters to the HMAC function are incorrect') else: msm_id = hmac_params.MSM_ID sw_id = hmac_params.SW_ID ipad = 0x3636363636363636 opad = 0x5C5C5C5C5C5C5C5C logger.debug("MSM_ID key : " + repr(msm_id)) logger.debug("SW_ID key : " + repr(sw_id)) logger.debug("ipad : " + repr(ipad)) logger.debug("opad : " + repr(opad)) Si = sw_id ^ ipad Si = binascii.unhexlify(format(Si,'x')) So = msm_id ^ opad So = binascii.unhexlify(format(So,'x')) msg_step1 = hashlib.sha256(data).hexdigest() msg_step1_bin = binascii.a2b_hex(msg_step1) logger.debug2("H(code image) : " + msg_step1) msg_step2 = hashlib.sha256(Si + msg_step1_bin).hexdigest() msg_step2_bin = binascii.a2b_hex(msg_step2) logger.debug2("H[(SWID^ipad) || H(code image)] : " + msg_step2) msg_step3 = hashlib.sha256(So + msg_step2_bin).hexdigest() msg_step3_bin = binascii.a2b_hex(msg_step3) logger.debug2("H[(MSMID^opad) || H[(SWID^ipad) || H(code image)]] : " + msg_step3) hmac = msg_step3_bin return hmac
def create_certificate(certificate_params, certificate_key_pair, CACertificate, CA_key_pair, days, configfile, serial_num, extfile_name): """ Generate a certificate. input: certificate_params ={ 'C' : "US", 'ST' : "California", 'L' : "San Diego", 'O' : "ASIC", 'CN' : "Qualcomm", 'OU' : [r"General Use Test Key (for testing only)", r"CDMA Technologies"] } Dictionary of parameters to put in the certificate. The parameters above are an example If the same parameter has multiple values as 'OU' above, create a list of values CACertificate: String representation of CA certificate used to sign the cert certificate_key_pair = None | key_pair = {"public_key": [Generated public key], "private_key": [Generated private key] } Dictionary holding the values of public and private keys. If this is None, a key is generated. days = validity period of certificate in days configfile = configfile used by openssl output: certificate: String representation of PEM certificate. certificate_key_pair : {"public_key": certificate public key], "private_key": certificate private key] } """ csr,csr_key_pair = _create_sigining_request(certificate_params, certificate_key_pair, days, configfile) logger.debug2(csr + repr(csr_key_pair)) certificate,ca_key_pair = _sign_csr_with_CA_certificate(csr, CACertificate, CA_key_pair, days, serial_num, extfile_name) return (certificate, csr_key_pair)