def gen_keys(self, curve, priv_key_path=None, pub_key_path=None): # Generate the key pair using openssl priv_key = self._gen_ecdsa_key_pair(curve) # Save the private key to file priv_path = priv_key_path if priv_key_path is not None else c_path.create_tmp_file( ) # Generate the public key file try: logger.debug('Writing generated private key to PEM file: ' + priv_path) c_path.store_data_to_file(priv_path, priv_key) # Extract the public key from the private key pub_key = self.get_public_key_from_private(priv_key) finally: # Cleanup temp file c_path.remove_tmp_file(priv_path) # Save the public key to file if pub_key_path is not None: logger.debug('Writing generated public key to PEM file: ' + pub_key_path) c_path.store_data_to_file(pub_key_path, pub_key) return priv_key, pub_key
def save_package(self): # Set local variables package = self.package pf = self.pf # Check that the package can be written to if package is None: raise RuntimeError('Package is not set') elif not c_path.validate_file_write(package): raise RuntimeError('Package could not be written to at ' + package) # Set internal functions write_func = lambda x, y: store_data_to_file(c_path.join(package, x), y ) if pf.zip: fp = zipfile.ZipFile(package, 'w') write_func = fp.writestr # Store the relevant files in the package try: for file_tag, file_info in pf.file_data.items(): # Decide optional and list tags file_type = file_info['type'] is_optional = False is_list = False if isinstance(file_type, tuple): is_optional = True file_type = file_type[0] if isinstance(file_type, list): is_list = True file_type = file_type[0] # Check optional data if file_info['data'] is None: if is_optional: continue else: raise RuntimeError(file_tag + ' doesnt have any data') # Write the data if is_list: if (len(file_info['data']) == 1): write_func(file_info['name'].format(''), file_info['data'][0]) else: for idx, d in enumerate(file_info['data']): write_func( file_info['name'].format('_' + str(idx + 1)), d) else: write_func(file_info['name'], file_info['data']) finally: if pf.zip: fp.close()
def generatesigpack(output_dir, hash_package, accept_signattrs=False, verbose=False, debug=False, quiet=False): """Returns the signature/certs package for the hash provided. """ retcode = 0 errstr = '' sig_package = '' # Objects to be cleaned at the end to_sign_file = None temp_config_file = None copied_sig_file = None try: # Unzip the hash package def get_hash_package_data(package): to_sign_package = Package( None, SecimageRemoteClientSigner.get_class_ToSignPackageFiles(), package=package) to_sign_package.update_data() return SecimageRemoteClientSigner.use_tosign_data( to_sign_package.pf) to_sign, signing_config = get_hash_package_data(hash_package) # Extract the signing info signing_config = json.loads(signing_config) chipset = str(signing_config['chipset']) sign_id = str(signing_config['sign_id']) # Save to_sign to a temp file to_sign_file_path = c_path.join(output_dir, 'hash_to_sign.bin') store_data_to_file(to_sign_file_path, to_sign) to_sign_file = to_sign_file_path if retcode == 0: # Create new config file to update the allow signing attribute & # the file type def update_cfg_cb(config): remote_config = auto_gen_xml_config.complex_remote_signer_attributes( ) remote_config.allow_signing_overrides = accept_signattrs config.root.signing.signer_attributes.remote_signer_attributes = remote_config sign_id_config = config.get_config_for_sign_id(sign_id) sign_id_config.pil_split = False sign_id_config.image_type = 'hash_to_sign' temp_config_file = c_path.join(output_dir, 'signature_package_config.xml') update_config(chipset, update_cfg_cb, temp_config_file) # Launch secimage once to get the image info list il = launch_secimage(config=temp_config_file, output_dir=output_dir, sign_id=sign_id, imagefile=to_sign_file, signer=SIGNER_LOCAL, verify_input=True, verbose=verbose, debug=debug, quiet=(False if verbose else True)) # Copy the zip to where its expected in the output directory hash_package_exp = SecimageRemoteClientSigner.get_to_sign_package_path( il[0]) if (hash_package != hash_package_exp): c_path.create_dir(os.path.dirname(hash_package_exp)) ret, err = copy_file(hash_package, hash_package_exp) copied_sig_file = hash_package_exp if not ret: raise RuntimeError(err) # Launch secimage il = launch_secimage(config=temp_config_file, output_dir=output_dir, sign_id=sign_id, imagefile=to_sign_file, signer=SIGNER_LOCAL, sign=True, verbose=verbose, debug=debug, quiet=quiet) # Verify the signature package was generated sig_package = SecimageRemoteClientSigner.get_signature_package_path( il[0]) if not c_path.validate_file(sig_package): retcode = 1 errstr = 'Failed to generate the signature package. ' + str( il[0].status.sign.error) except Exception as e: retcode = 1 errstr = 'Exception occurred while running secimage. Exception - ' + str( e) finally: if not debug: if to_sign_file is not None: try: os.remove(to_sign_file) except Exception: pass if temp_config_file is not None: try: os.remove(temp_config_file) except Exception: pass if copied_sig_file is not None: try: os.remove(copied_sig_file) except Exception: pass return retcode, errstr, sig_package