def sign(self, data_to_sign, imageinfo, debug_dir=None, is_hash=False, **kwargs): """ This function returns a SignerOutput object which has all the security assets generated by the signer. """ # Set the input information self.set_input(data_to_sign, imageinfo, debug_dir=debug_dir, is_hash=is_hash, **kwargs) # Set the certificates and keys for output signer_output = self.sign_hash(self.hash_to_sign, imageinfo, data_to_sign, debug_dir=debug_dir, hash_algo=self.hash_algo) # Get the hmac params from attestation cert or hash segment extracted_image_attributes = self._attribute_extractor( cert_data=signer_output.attestation_cert, attributes=self.signing_attributes_class(), **kwargs).attributes hmac_from_image = HMAC() hmac_from_image.init_from_image_attributes(extracted_image_attributes, self.signing_attributes) # Get the hmac params from config hmac_from_config = HMAC() hmac_from_config.init_from_config(self.signing_attributes) # Recreate the hash to sign if necessary if hmac_from_config.hmac_type == hmac_from_config.HMAC_TYPE_QTI and not hmac_from_image.is_equal( hmac_from_config): if self.data_to_sign is not None: self.hash_to_sign = hmac_from_image.hmac(self.data_to_sign) else: raise RuntimeError( 'HMAC params from image cannot be used with pre-generated hash.' ) # Set the signature signer_output.signature = self.get_signature() signer_output.unsigned_hash = self.hash_to_sign self._print_attestation_cert_props(signer_output.attestation_cert, **kwargs) return signer_output
def sign(self, data_to_sign, imageinfo, debug_dir=None, is_hash=False): ''' This function returns a SignerOutput object which has all the security assets generated by the signer. ''' # Set the input information self.set_input(data_to_sign, imageinfo, debug_dir, is_hash) # Set the certificates and keys for output signer_output = SignerOutput() signer_output.root_cert, signer_output.root_key = self.get_root_cert_key() if self.CA in self.certs: signer_output.attestation_ca_cert, signer_output.attestation_ca_key = self.get_ca_cert_key() signer_output.attestation_cert, signer_output.attestation_key = self.get_attest_cert_key() # Set the root certs for MRC signer_output.root_cert_list = self.get_root_cert_list() # Get the hmac params from attestation cert hmac_from_cert = HMAC() hmac_from_cert.init_from_cert(signer_output.attestation_cert) # Get the hmac params from config hmac_from_config = HMAC() hmac_from_config.init_from_config(self.signing_attributes) # Recreate the hash to sign if necessary if (hmac_from_config.hmac_type == hmac_from_config.HMAC_TYPE_QC and not hmac_from_cert.is_equal(hmac_from_config)): if self.data_to_sign is not None: self.hash_to_sign = hmac_from_cert.hmac(self.data_to_sign) else: raise RuntimeError('HMAC params from attestation certificate cannot be used with pre-generated hash.') # Set the signature signer_output.signature = self.get_signature() signer_output.unsigned_hash = self.hash_to_sign # Update the certs signer_output.update_certs_format() # Set the cert chain signer_output.generate_cert_chain() # Print certificate properties (to make tests pass and give good debug information) logger.info('\nAttestation Certificate Properties:\n' + str(Certificate(signer_output.attestation_cert))) return signer_output
def sign(self, data_to_sign, imageinfo, debug_dir=None, is_hash=False, hash_segment_metadata=None): """ This function returns a SignerOutput object which has all the security assets generated by the signer. """ # Set the input information self.set_input(data_to_sign, imageinfo, debug_dir, is_hash) signer_output = self.sign_hash(self.hash_to_sign, imageinfo, data_to_sign, debug_dir=debug_dir, hash_algo=self.hash_algo) # Get the hmac params from attestation cert or hash segment extracted_image_attributes = AttributeExtractor(cert_data=signer_output.attestation_cert, hash_segment_metadata=hash_segment_metadata).attributes hmac_from_image = HMAC() hmac_from_image.init_from_image_attributes(extracted_image_attributes) # Get the hmac params from config hmac_from_config = HMAC() hmac_from_config.init_from_config(self.signing_attributes) # Recreate the hash to sign if necessary if hmac_from_config.hmac_type == hmac_from_config.HMAC_TYPE_QTI and not hmac_from_image.is_equal(hmac_from_config): if self.data_to_sign is not None: self.hash_to_sign = hmac_from_image.hmac(self.data_to_sign) else: raise RuntimeError('HMAC params from image cannot be used with pre-generated hash.') # Set the signature signer_output.signature = self.get_signature() signer_output.unsigned_hash = self.hash_to_sign # Print certificate properties (to make tests pass and give good debug information) if hash_segment_metadata is None: logger.info('\nAttestation Certificate Properties:\n' + str(Certificate(signer_output.attestation_cert))) return signer_output