def _sign(self, binary_to_sign, image_tosign_filename, cert_folder):
c_path.create_dir(cert_folder)
c_misc.store_data_to_file(image_tosign_filename, binary_to_sign)
sig_package = signerutils.getSigPackage(cert_folder)
if sig_package is not None:
tosign_file_binary = c_misc.load_data_from_file(
image_tosign_filename)
[signature, cert_chain_list] = signerutils.\
readSigFromZip(sig_package)
if self.validate_sig(tosign_file_binary, signature,
cert_chain_list) is False:
raise ExternalSignerError(
self.MESG_INVALID_SIG.format(image_tosign_filename,
sig_package))
else:
raise ExternalSignerError(
self.MESG_ASKUSERTOSIGN.format(image_tosign_filename,
cert_folder))
signer_output = self._get_signer_output(signature, cert_chain_list)
self._cleanup(cert_folder)
return signer_output
def get_parser(imageinfo,
validating=False,
signing=False,
prefix_override=None,
file_exists=True,
parsegens=None,
sign_attr=False):
# Get source image path
image_path = imageinfo.src_image.image_path
image_name = os.path.basename(image_path)
image_base, image_ext = os.path.splitext(image_name)
# Get the parser
mbn_parsegen_class = lookup_parsegen_class(imageinfo)
if mbn_parsegen_class is None:
parser = parsegen_mgr.get_parser(imageinfo.image_type.file_type)
else:
parser = parsegen_mgr.get_parser(mbn_parsegen_class.get_plugin_id())
data = load_data_from_file(image_path) if file_exists else None
return parser(data,
imageinfo=imageinfo,
debug_dir=imageinfo.dest_image.debug_dir_parsegen,
debug_prefix=(prefix_override if prefix_override is not None
else image_base),
debug_suffix=image_ext,
validating=validating,
signing=signing,
parsegens=parsegens,
sign_attr=sign_attr)
def get_parser(imageinfo,
validating=False,
signing=False,
prefix_override=None,
file_exists=True,
parsegens=None,
sign_attr=False):
# Import within this method
import os
from sectools.common.utils.c_misc import load_data_from_file
# Get source image path
image_path = imageinfo.src_image.image_path
image_name = os.path.basename(image_path)
image_base, image_ext = os.path.splitext(image_name)
# Get the parser
parser = parsegen_mgr.get_parser(imageinfo.image_type.file_type)
data = load_data_from_file(image_path) if file_exists else None
return parser(data,
imageinfo=imageinfo,
debug_dir=imageinfo.dest_image.debug_dir_parsegen,
debug_prefix=prefix_override
if prefix_override is not None else image_base,
debug_suffix=image_ext,
validating=validating,
signing=signing,
parsegens=parsegens,
sign_attr=sign_attr)
def get_parser(imageinfo):
# Import within this method
import os
from sectools.common.utils.c_misc import load_data_from_file
# Get source image path
image_path = imageinfo.src_image.image_path
image_name = os.path.basename(image_path)
image_base, image_ext = os.path.splitext(image_name)
# Check parser exists
file_type = imageinfo.image_type.file_type
if file_type not in PARSEGENS:
raise RuntimeError('Parser unavailable for file type: ' +
str(file_type) + '\n'
' ' + 'Available file types are: ' +
str(PARSEGENS.keys()))
# Get the parser
parser = PARSEGENS[file_type]
return parser(load_data_from_file(image_path),
imageinfo=imageinfo,
debug_dir=imageinfo.dest_image.debug_dir_parsegen,
debug_prefix=image_base,
debug_suffix=image_ext)
def _pil_split(self, src, prefix):
from sectools.common.parsegen.elf.format import ParseGenElf, pack_phdrs, PF_OS_SEGMENT_HASH
# Load the data
p_obj = ParseGenElf(load_data_from_file(src))
# File names
elfhdr = prefix + '.mdt'
# Cleanup
for eachpattern in [elfhdr, (prefix + '.b*')]:
import glob
for eachfile in glob.glob(eachpattern):
try: os.remove(eachfile)
except Exception: pass
# Create the mdt data
elfdata = p_obj.ehdr.pack() + pack_phdrs(p_obj.phdrs)
# Dump the segments
for idx, phdr in enumerate(p_obj.phdrs):
path = prefix + ('.b%02d' % idx)
store_data_to_file(path, p_obj.segments[phdr])
if phdr.f_os_segment_type == PF_OS_SEGMENT_HASH:
elfdata += p_obj.segments[phdr]
# Dump the final elfhdr mdt
store_data_to_file(elfhdr, elfdata)
def pil_split(src, prefix):
from sectools.common.parsegen.elf.format import ParseGenElf, pack_phdrs, PF_OS_SEGMENT_HASH
# Load the data
p_obj = ParseGenElf(load_data_from_file(src))
# File names
elfhdr = prefix + '.mdt'
# Cleanup
for eachpattern in [elfhdr, (prefix + '.b*')]:
import glob
for eachfile in glob.glob(eachpattern):
try:
os.remove(eachfile)
except Exception:
pass
# Create the mdt data
elfdata = p_obj.ehdr.pack() + pack_phdrs(p_obj.phdrs)
# Dump the segments
for idx, phdr in enumerate(p_obj.phdrs):
path = prefix + ('.b%02d' % idx)
store_data_to_file(path, p_obj.segments[phdr])
if phdr.f_os_segment_type == PF_OS_SEGMENT_HASH:
elfdata += p_obj.segments[phdr]
# Dump the final elfhdr mdt
store_data_to_file(elfhdr, elfdata)
def _generate_pkcs11_cfg(self, token_driver_home):
pkcs11_cfg_template_data = ensure_str(c_misc.load_data_from_file(self.PKCS11_CFG_TEMPLATE))
pkcs11_cfg_data = signerutils.macro_replace(pkcs11_cfg_template_data,
"token_driver_home",
token_driver_home,
isMandatory=True)
return c_path.create_tmp_file(data=pkcs11_cfg_data)
def _generate_pkcs11_cfg(self, token_driver_home):
pkcs11_cfg_template_data = c_misc.load_data_from_file(
self.PKCS11_CFG_TEMPLATE)
pkcs11_cfg_data = signerutils.macro_replace(pkcs11_cfg_template_data,
"token_driver_home",
token_driver_home,
isMandatory=True)
return utility_functions.store_data_to_temp_file(pkcs11_cfg_data)
def get_metabuild_log(self):
data = []
logdir = os.path.dirname(self.log)
ufc_log = c_path.join(logdir, UFC_LOG)
regenerate_log = c_path.join(logdir, REGENERATE_BUID_LOG)
buildloading_log = c_path.join(logdir, FASTBOOT_COMPLETE_LOG)
metabuild_log = c_path.join(logdir, META_BUILD_LOG)
# remove meta build log from previous session
if c_path.validate_file(metabuild_log):
os.remove(metabuild_log)
data.append('Meta build log:\n')
if c_path.validate_file(ufc_log):
data.append(SECTION_BREAK)
data.append('Step 1: UltraFastCopy meta build')
data.append('Meta Build: ' + self.meta_build_path)
data.append(SECTION_BREAK)
data.append(load_data_from_file(ufc_log))
else:
data.append('meta build copy skipped')
data.append(SECTION_BREAK)
if c_path.validate_file(regenerate_log):
data.append(SECTION_BREAK)
data.append('Step 2: Meta build regeneration')
data.append('Meta Build: ' + logdir)
data.append('Image Build:' + self.image_build_path)
data.append(SECTION_BREAK)
data.append(load_data_from_file(regenerate_log))
else:
data.append('meta build regeneration skipped')
data.append(SECTION_BREAK)
if c_path.validate_file(buildloading_log):
data.append(SECTION_BREAK)
data.append('Step 3: Meta build loading')
data.append('Meta Build: ' + logdir)
data.append(SECTION_BREAK)
data.append(load_data_from_file(buildloading_log))
store_data_to_file(metabuild_log, "\n".join(data))
return metabuild_log
def log_contains(self, string):
isPresent = False
log_path = os.path.join(self.args.output_dir, TOOL_NAME + "_log.txt")
if c_path.validate_file(log_path):
log_data = c_misc.load_data_from_file(log_path)
if log_data.find(string) > 0:
isPresent = True
return isPresent
def generate(self):
"""Generate the secdat file based on the configs which have been setup.
:param str secdat: the path to the secdat file to be generated.
"""
retval_gen, reterr_gen = self._verify_generate()
if not retval_gen:
raise RuntimeError(reterr_gen)
# Get the version from config file
ucp = self._config_parser
ucp_file_version = ucp.get_secdat_file_version()
ucp_fuse_version = ucp.get_secdat_fuse_version()
ucp_file_info = ucp.get_secdat_file_info()
version_dir = self.get_version_dir(ucp_file_version)
#--------------------------------------------------------------------------------------------------------
# Setting input_secdat path:
# @ if input given as -s
# @ if sec.dat exists in the keyprovision_output
#--------------------------------------------------------------------------------------------------------
in_secdat = None
# Checking self secdat
if in_secdat is None:
try:
in_secdat = self.secdat
except Exception:
pass
# Checking common secdat
if in_secdat is None:
common_secdat = c_path.join(self.output_dir, defines.COMMON_DIR, version_dir, defines.SEC_DAT)
if os.path.isfile(common_secdat):
in_secdat = common_secdat
# Create list of output secdat
out_secdats = []
IO = namedtuple('IO', 'in_data out_path')
out_secdats.append(IO(None, c_path.join(self.output_dir, self.FEATURE_DIR, version_dir, defines.SEC_DAT)))
out_secdats.append(IO(load_data_from_file(in_secdat) if in_secdat else None,
c_path.join(self.output_dir, defines.COMMON_DIR, version_dir, defines.SEC_DAT)))
# Generate the secdats:
for secdat in out_secdats:
out_dir = os.path.dirname(secdat.out_path)
c_path.create_dir(out_dir)
secdat_obj = secdat_pg(self.SECDAT_SEGMENT_TYPE, secdat.in_data)
secdat_obj.data_model = self.data_model
secdat_obj.write(secdat.out_path, ucp_file_version, ucp_fuse_version, ucp_file_info)
self.dump_debug_data_model(self.data_model, out_dir)
self.dump_debug_secdat(secdat_obj, out_dir)
logger.info('Secdat generated at: ' + secdat.out_path)
self.secdat = c_path.join(self.output_dir, self.FEATURE_DIR, version_dir, defines.SEC_DAT)
def _generate_attestation_certificate_extensions(self,
attestation_certificate_extensions_path,
tcg_min,
tcg_max):
v3_attest_file = c_misc.load_data_from_file(attestation_certificate_extensions_path)
v3_attest_file_new = v3_attest_file + \
self._generate_tcg_config(tcg_min, tcg_max)
v3_attest_file_temp = utility_functions.store_data_to_temp_file(v3_attest_file_new)
return v3_attest_file_temp
def _generate_attestation_certificate_extensions(
self, attestation_certificate_extensions_path, tcg_min, tcg_max):
v3_attest_file = c_misc.load_data_from_file(
attestation_certificate_extensions_path)
v3_attest_file_new = v3_attest_file + \
self._generate_tcg_config(tcg_min, tcg_max)
v3_attest_file_temp = utility_functions.store_data_to_temp_file(
v3_attest_file_new)
return v3_attest_file_temp
def __init__(self, cert_blob=None, path=None, allow_missing_ou=False):
self.allow_missing_ou = allow_missing_ou
if cert_blob is not None:
self.cert_blob = cert_blob
elif path is not None:
self.cert_blob = c_misc.load_data_from_file(path)
else:
raise RuntimeError("cert_blob and path cannot be both None")
self.certificate_text = crypto.cert.get_text(self.cert_blob)
self.asn1_text = crypto.cert.get_asn1_text(self.cert_blob)
def _generate_attestation_certificate_extensions(self,
attestation_certificate_extensions_path,
oid_name,
min_str,
max_str):
v3_attest_file = c_misc.load_data_from_file(attestation_certificate_extensions_path)
v3_attest_file_new = v3_attest_file + \
self._generate_oid_config(oid_name, min_str, max_str)
v3_attest_file_temp = utility_functions.store_data_to_temp_file(v3_attest_file_new)
return v3_attest_file_temp
def sign(self, signingpackage_fname, outputdir):
signaturepackage_binary = None
cmds = self._getCmds(signingpackage_fname, outputdir)
cass_server = self.cass_signer_attributes.server.host if self.cass_signer_attributes.server else "default CASS server"
logger.info("Connecting to {0}".format(cass_server))
output = self._executeCmds(cmds)
logger.debug(output)
signaturepackage_filepath = os.path.join(outputdir, self.SIGNATUREPACKPAGE_RELPATH)
if os.path.isfile(signaturepackage_filepath):
logger.info("Signature package retrieved from server.")
signaturepackage_binary = c_misc.load_data_from_file(signaturepackage_filepath)
return signaturepackage_binary
def __init__(self, cert_blob=None, path=None):
if cert_blob is not None:
self.cert_blob = cert_blob
elif path is not None:
self.cert_blob = c_misc.load_data_from_file(path)
else:
raise RuntimeError("cert_blob and path cannot be both None")
self.certificate_text = crypto_functions.get_certificate_text_from_binary(self.cert_blob)
self.asn1_text = crypto_functions.get_asn1_text_from_binary(self.cert_blob)
self.tcg_min, self.tcg_max = self._get_oid(self.asn1_text, name="tcg")
self.fid_min, self.fid_max = self._get_oid(self.asn1_text, name="feature_id")
def sign(self, signingpackage_fname, outputdir):
signaturepackage_binary = None
cmds = self._getCmds(signingpackage_fname, outputdir)
cass_server = self.cass_signer_attributes.server.host if self.cass_signer_attributes.server else "default CASS server"
logger.info("Connecting to {0}".format(cass_server))
output = self._executeCmds(cmds)
logger.debug(output)
signaturepackage_filepath = os.path.join(outputdir, self.SIGNATUREPACKPAGE_RELPATH)
if os.path.isfile(signaturepackage_filepath):
logger.info("Signature package retrieved from server.")
signaturepackage_binary = c_misc.load_data_from_file(signaturepackage_filepath)
#clean up
path, filename = os.path.split(signaturepackage_filepath)
shutil.rmtree(path)
return signaturepackage_binary
def get_parser(imageinfo):
# Import within this method
import os
from sectools.common.utils.c_misc import load_data_from_file
# Get source image path
image_path = imageinfo.src_image.image_path
image_name = os.path.basename(image_path)
image_base, image_ext = os.path.splitext(image_name)
# Get the parser
parser = parsegen_mgr.get_parser(imageinfo.image_type.file_type)
return parser(load_data_from_file(image_path), imageinfo=imageinfo,
debug_dir=imageinfo.dest_image.debug_dir_parsegen,
debug_prefix=image_base,
debug_suffix=image_ext)
def sign(self, signingpackage_fname, outputdir):
signaturepackage_binary = None
cmds = self._getCmds(signingpackage_fname, outputdir)
cass_server = self.cass_signer_attributes.server.host if self.cass_signer_attributes.server else "default CASS server"
logger.info("Connecting to {0}".format(cass_server))
logger.debug("Executing commands: \n'" + "\n".join(cmds) + "'\n")
output = self._executeCmds(cmds)
logger.debug(output)
signaturepackage_filepath = os.path.join(outputdir, self.SIGNATUREPACKPAGE_RELPATH)
if os.path.isfile(signaturepackage_filepath):
logger.info("Signature package retrieved from server: " + c_path.normalize(signaturepackage_filepath))
signaturepackage_binary = c_misc.load_data_from_file(signaturepackage_filepath)
# clean up
path, filename = os.path.split(signaturepackage_filepath)
shutil.rmtree(path)
return signaturepackage_binary
def get_cert_list(self, num_root_certs):
save_index = self.cert_mrc_index
cert_list = []
for i in range(0, num_root_certs):
self.cert_mrc_index = i
cert_path = self.get_root_cert()
if os.path.isfile(cert_path) is False:
err_str = "certificate_path does not exist: {0}!".format(cert_path)
raise RuntimeError(err_str)
cert = c_misc.load_data_from_file(cert_path)
cert_list.append(cert)
self.cert_mrc_index = save_index
return cert_list
def sign(self):
signature_package_response = None
self._get_cmds()
cass_server = self.cass_signer_attributes.server.host if self.cass_signer_attributes.server else "default CASS server"
logger.info("Connecting to {0}".format(cass_server))
output = self._execute_cmds()
logger.debug(output)
signature_package_file_path = os.path.join(
self.output_dir, self.SIGNATURE_PACKPAGE_REL_PATH)
if os.path.isfile(signature_package_file_path):
logger.info("Signature package retrieved from server: " +
c_path.normalize(signature_package_file_path))
signature_package_response = c_misc.load_data_from_file(
signature_package_file_path)
# clean up
path, filename = os.path.split(signature_package_file_path)
shutil.rmtree(path)
return signature_package_response
def get_rootcerts(self):
root_cert_list = []
for i in range(0, self.general_properties.num_root_certs):
config_cert_name = self.cert_config.multirootcert.root_cert_name
root_cert_path_to_replace = os.path.join(self.cert_config.multirootcert.directory, config_cert_name)
root_cert_path = self.replace_macros(
root_cert_path_to_replace,
exponent=str(self.signing_attributes.exponent),
key_size=str(self.general_properties.key_size),
index=str(i))
if os.path.isfile(root_cert_path) is False:
err_str = "certificate_path does not exist: {0}!".format(root_cert_path)
raise RuntimeError(err_str)
root_cert = c_misc.load_data_from_file(root_cert_path)
root_cert_list.append(root_cert)
logger.debug('Package root cert {0}: {1}'.format(i, root_cert_path))
return root_cert_list
def _get_rootcerts_from_config(self, cert_config, num_root_certs):
root_cert_list = []
if cert_config.multirootcert:
for i in range(0, num_root_certs):
config_cert_name = cert_config.multirootcert.root_cert_name
cert_name = signerutils.macro_replace(config_cert_name,
"index",
str(i),
isMandatory=True)
root_cert_path = os.path.join(
cert_config.multirootcert.directory, cert_name)
if os.path.isfile(root_cert_path) is False:
err_str = "certificate_path does not exist: {0}!".format(
root_cert_path)
raise RuntimeError(err_str)
root_cert = c_misc.load_data_from_file(root_cert_path)
root_cert_list.append(root_cert)
logger.debug('Package root cert {0}: {1}'.format(
i, root_cert_path))
return root_cert_list
def get_parser(imageinfo):
# Import within this method
import os
from sectools.common.utils.c_misc import load_data_from_file
# Get source image path
image_path = imageinfo.src_image.image_path
image_name = os.path.basename(image_path)
image_base, image_ext = os.path.splitext(image_name)
# Check parser exists
file_type = imageinfo.image_type.file_type
if file_type not in PARSEGENS:
raise RuntimeError('Parser unavailable for file type: ' + str(file_type) + '\n'
' ' + 'Available file types are: ' + str(PARSEGENS.keys()))
# Get the parser
parser = PARSEGENS[file_type]
return parser(load_data_from_file(image_path), imageinfo=imageinfo,
debug_dir=imageinfo.dest_image.debug_dir_parsegen,
debug_prefix=image_base,
debug_suffix=image_ext)
def get_rootcerts(self):
root_cert_list = []
for i in range(0, self.general_properties.num_root_certs):
config_cert_name = self.cert_config.multirootcert.root_cert_name
root_cert_path_to_replace = os.path.join(
self.cert_config.multirootcert.directory, config_cert_name)
root_cert_path = self.replace_macros(
root_cert_path_to_replace,
exponent=str(self.signing_attributes.exponent),
key_size=str(self.general_properties.key_size),
index=str(i))
if os.path.isfile(root_cert_path) is False:
err_str = "certificate_path does not exist: {0}!".format(
root_cert_path)
raise RuntimeError(err_str)
root_cert = c_misc.load_data_from_file(root_cert_path)
root_cert_list.append(root_cert)
logger.debug('Package root cert {0}: {1}'.format(
i, root_cert_path))
return root_cert_list
def _create_parsegen_obj(self, image, validating=False, signing=False, file_exists=True,
parsegens=None, sign_attr=False):
c_path.create_debug_dir(image.dest_image.debug_dir_parsegen)
image_path = image.src_image.image_path
image_name = os.path.basename(image_path)
image_base, image_ext = os.path.splitext(image_name)
data = load_data_from_file(image_path) if file_exists else None
parsegen = ElfMbnV3Base(data,
imageinfo=image,
debug_dir=image.dest_image.debug_dir_parsegen,
debug_prefix=image_base,
debug_suffix=image_ext,
validating=validating,
signing=signing,
parsegens=parsegens,
sign_attr=sign_attr)
# Check if parsegen authority settings are correct
parsegen.authority = self.authority
parsegen.validate_authority()
return parsegen
def read_from_file(self, file_path):
self.set_data(load_data_from_file(file_path))
def _validate_generation(self, dp_file):
"""Validate the generation
"""
reterr = []
# Set the debug params
if self.debug:
debug_dir = c_path.join(self.output_dir, defines.DEST_DEBUG_DIR)
debug_prefix, debug_suffix = os.path.splitext(
os.path.basename(c_path.join(self.output_dir, 'dp.dat')))
else:
debug_dir, debug_prefix, debug_suffix = None, None, None
dbgpelfparser = ParseGenDbgpElf(
data=load_data_from_file(dp_file),
version=self._config_parser.root.file_properties.revision,
debug_dir=debug_dir,
debug_prefix=debug_prefix,
debug_suffix=debug_suffix,
elf_class=None)
# Validate against the debugpolicy config file
if self._config_parser:
if dbgpelfparser.dbgpparser.header.version != self._config_parser.root.file_properties.revision:
reterr.append(
'Revision mismatch '
'' + 'Debugpolicy File: ' +
str(dbgpelfparser.dbgpparser.header.version) + '' +
' Config File: ' +
str(self._config_parser.root.file_properties.revision))
logger.error(reterr)
return
if getattr(dbgpelfparser.dbgpparser.header, 'sernum_start', None) is not None and \
dbgpelfparser.dbgpparser.header.sernum_start != self._config_parser.root.file_properties.serial_number_start:
reterr.append(
'Serial Number Start mismatch '
'' + ':- \nDebugpolicy File: ' +
str(dbgpelfparser.dbgpparser.header.sernum_start) + '' +
'\nConfig File: ' +
str(self._config_parser.root.file_properties.
serial_number_start))
if getattr(dbgpelfparser.dbgpparser.header, 'sernum_end', None) is not None and \
dbgpelfparser.dbgpparser.header.sernum_end != self._config_parser.root.file_properties.serial_number_end:
reterr.append('Serial Number End mismatch '
'' + ':- \nDebugpolicy File: ' +
str(dbgpelfparser.dbgpparser.header.sernum_end) +
'' + '\nConfig File: ' +
str(self._config_parser.root.file_properties.
serial_number_end))
if dbgpelfparser.dbgpparser.header.flags != self._config_parser.root.file_properties.flags:
reterr.append(
'Flags mismatch '
'' + ':- \nDebugpolicy File: ' +
str(dbgpelfparser.dbgpparser.header.flags) + '' +
'\nConfig File: ' +
str(self._config_parser.root.file_properties.flags))
if self._config_parser.root.file_properties.image_bit_map is not None:
if dbgpelfparser.dbgpparser.header.imagebit_map != self._config_parser.root.file_properties.image_bit_map:
reterr.append(
'Image Bit Map mismatch '
'' + ':- \nDebugpolicy File: ' +
str(dbgpelfparser.dbgpparser.header.imagebit_map) +
'' + '\nConfig File: ' +
str(self._config_parser.root.file_properties.
image_bit_map))
if self._config_parser.root.file_properties.image_bit_map is None:
if getattr(dbgpelfparser.dbgpparser.header, 'imagebit_map',
None) is not None:
if dbgpelfparser.dbgpparser.header.imagebit_map != 0:
if dbgpelfparser.dbgpparser.header.imagebit_map != self._config_parser.root.file_properties.image_bit_map:
reterr.append('Image Bit Map mismatch '
'' + ':- \nDebugpolicy File: ' +
str(dbgpelfparser.dbgpparser.header.
imagebit_map) + '' +
'\nConfig File: ' +
str(self._config_parser.root.
file_properties.image_bit_map))
if self._config_parser.root.file_properties.image_id_list is not None:
if len(self._config_parser.root.file_properties.image_id_list.
image_id) == 0:
for i in range(
len(
list(dbgpelfparser.dbgpparser.header.
imgid_array))):
if list(dbgpelfparser.dbgpparser.header.imgid_array
)[i] != 0:
reterr.append(
'Image ID Array mismatch '
'' + ':- \nDebugpolicy File: ' +
str(dbgpelfparser.dbgpparser.header.imgid_array
) + '' + '\nConfig File: ' +
str(self._config_parser.root.file_properties.
image_id_list.image_id +
list([0] *
(32 - len(self._config_parser.root.
file_properties.
image_id_list.image_id)))))
break
else:
for i in range(
len(self._config_parser.root.file_properties.
image_id_list.image_id)):
if list(
dbgpelfparser.dbgpparser.header.imgid_array
)[i] != self._config_parser.root.file_properties.image_id_list.image_id[
i]:
reterr.append(
'Image ID Array mismatch '
'' + ':- \nDebugpolicy File: ' +
str(dbgpelfparser.dbgpparser.header.imgid_array
) + '' + '\nConfig File: ' +
str(self._config_parser.root.file_properties.
image_id_list.image_id +
list([0] *
(32 - len(self._config_parser.root.
file_properties.
image_id_list.image_id)))))
break
if self._config_parser.root.file_properties.image_id_list is None:
if getattr(dbgpelfparser.dbgpparser.header, 'imgid_count',
None) is not None:
if dbgpelfparser.dbgpparser.header.imgid_count != 0:
reterr.append(
'Image ID Array mismatch '
'' + ':- \nDebugpolicy File: ' +
str(dbgpelfparser.dbgpparser.header.imgid_array) +
'' + '\nConfig File: ' +
str(self._config_parser.root.file_properties.
image_id_list))
if dbgpelfparser.dbgpparser.header.rootcerthash_array[:dbgpelfparser.dbgpparser.header.rootcerthash_count] != \
[x.lower() for x in self._config_parser.root.file_properties.root_cert_hash_list.root_cert_hash]:
reterr.append(
'Root Certificate Hash Array mismatch '
'' + ':- \nDebugpolicy File: ' +
str(dbgpelfparser.dbgpparser.header.rootcerthash_array) +
'' + '\nConfig File: ' +
str(self._config_parser.root.file_properties.
root_cert_hash_list.root_cert_hash))
if getattr(dbgpelfparser.dbgpparser.header, 'serial_num_array',
None) is not None:
if len(self._config_parser.root.file_properties.
serial_num_list.serial_num) == 0:
reterr.append(
'Serial Number Array mismatch '
'' + ':- \nDebugpolicy File: ' +
str(dbgpelfparser.dbgpparser.header.serial_num_array) +
'' + '\nConfig File: ' +
str(self._config_parser.root.file_properties.
serial_num_list.serial_num +
list([0] *
(200 -
len(self._config_parser.root.file_properties.
serial_num_list.serial_num)))))
else:
for i in range(
len(self._config_parser.root.file_properties.
serial_num_list.serial_num)):
if list(
dbgpelfparser.dbgpparser.header.
serial_num_array
)[i] != self._config_parser.root.file_properties.serial_num_list.serial_num[
i]:
reterr.append(
'Serial Number Array mismatch '
'' + ':- \nDebugpolicy File: ' +
str(dbgpelfparser.dbgpparser.header.
serial_num_array) + '' +
'\nConfig File: ' +
str(self._config_parser.root.file_properties.
serial_num_list.serial_num +
list([0] *
(200 -
len(self._config_parser.root.
file_properties.serial_num_list.
serial_num)))))
break
if self._config_parser.root.file_properties.root_cert_hash_qc_list is not None:
if len(self._config_parser.root.file_properties.
root_cert_hash_qc_list.root_cert_hash_qc) == 0:
for i in range(
len(
list(dbgpelfparser.dbgpparser.header.
rootcerthash_qc_array))):
if list(dbgpelfparser.dbgpparser.header.
rootcerthash_qc_array)[i] != 0:
reterr.append(
'Root Certificate Hash QC Array mismatch '
'' + ':- \nDebugpolicy File: ' +
str(dbgpelfparser.dbgpparser.header.
rootcerthash_qc_array) + '' +
'\nConfig File: ' +
str(self._config_parser.root.file_properties.
root_cert_hash_qc_list.root_cert_hash_qc +
list([0] * (4 - len(
self._config_parser.root.
file_properties.root_cert_hash_qc_list.
root_cert_hash_qc)))))
break
else:
for i in range(
len(self._config_parser.root.file_properties.
root_cert_hash_qc_list.root_cert_hash_qc)):
if list(
dbgpelfparser.dbgpparser.header.
rootcerthash_qc_array
)[i].lower(
) != self._config_parser.root.file_properties.root_cert_hash_qc_list.root_cert_hash_qc[
i].lower():
reterr.append(
'Root Certificate Hash QC Array mismatch '
'' + ':- \nDebugpolicy File: ' +
str(dbgpelfparser.dbgpparser.header.
rootcerthash_qc_array) + '' +
'\nConfig File: ' +
str(self._config_parser.root.file_properties.
root_cert_hash_qc_list.root_cert_hash_qc +
list([0] * (4 - len(
self._config_parser.root.
file_properties.root_cert_hash_qc_list.
root_cert_hash_qc)))))
break
if self._config_parser.root.file_properties.root_cert_hash_qc_list is None:
if getattr(dbgpelfparser.dbgpparser.header,
'rootcerthash_qc_count', None) is not None:
if dbgpelfparser.dbgpparser.header.rootcerthash_qc_count != 0:
reterr.append(
'Root Certificate Hash QC Array mismatch '
'' + ':- \nDebugpolicy File: ' +
str(dbgpelfparser.dbgpparser.header.
rootcerthash_qc_array) + '' +
'\nConfig File: ' +
str(self._config_parser.root.file_properties.
root_cert_hash_qc_list))
if reterr:
if len(reterr) > 1:
reterr = [(' ' + str(idx + 1) + '. ' + error)
for idx, error in enumerate(reterr)]
reterr = 'Following errors were found during validation:\n\n' + '\n'.join(
reterr)
else:
reterr = reterr[0]
logger.error(reterr)
else:
logger.info(
'Validation of debugpolicy file against debugpolicy config file is Successful!'
)
