def _validate_oid_values(self, signing_attributes, general_properties, mandatory=True):
if self._is_oid_supported(signing_attributes) is False:
return
oid_name = signing_attributes.object_id.name
oid_min = signing_attributes.object_id.min
oid_max = signing_attributes.object_id.max
config_params_32bits = {
"min": oid_min,
"max": oid_max,
}
for key in config_params_32bits.keys():
valid = False
if config_params_32bits[key] and \
(Attribute.validate(num_bits=32, string=config_params_32bits[key]) is True):
valid = True
elif (not config_params_32bits[key]) and \
(mandatory is False):
valid = True
if valid == False:
raise ConfigError(self.MSG_INVALID_32_INTEGER.
format(oid_name,
key, config_params_32bits[key]))
if oid_min and oid_max and \
(Attribute.init(num_bits=32, string=oid_min).value > \
Attribute.init(num_bits=32, string=oid_max).value):
valid = False
raise ConfigError('{0} min must be less than max, min={1} max={2}' \
.format(oid_name, oid_min, oid_max))
def _generate_oid_config(self, oid_name, min_str, max_str):
min_attr = Attribute.init(num_bits=32, string=min_str)
max_attr = Attribute.init(num_bits=32, string=max_str)
oid_str = "%.8X%.8X" % (min_attr.value, max_attr.value)
oid_cfg = "\n%s=DER:%s:%s:%s:%s:%s:%s:%s:%s" % \
(Certificate.GetOIDByName(oid_name), oid_str[0:2], oid_str[2:4], oid_str[4:6], oid_str[6:8], \
oid_str[8:10], oid_str[10:12], oid_str[12:14], oid_str[14:16])
return oid_cfg
def _generate_tcg_config(self, tcg_min_str, tcg_max_str):
tcg_min = Attribute.init(num_bits=32, string=tcg_min_str)
tcg_max = Attribute.init(num_bits=32, string=tcg_max_str)
tcg_str = "%.8X%.8X" % (tcg_min.value, tcg_max.value)
tcg_cfg = "\n%s=DER:%s:%s:%s:%s:%s:%s:%s:%s" % \
(Certificate.TCG_OID, tcg_str[0:2], tcg_str[2:4], tcg_str[4:6], tcg_str[6:8], \
tcg_str[8:10], tcg_str[10:12], tcg_str[12:14], tcg_str[14:16])
return tcg_cfg
def _generate_tcg_config(self, tcg_min_str, tcg_max_str):
tcg_min = Attribute.init(num_bits=32, string=tcg_min_str)
tcg_max = Attribute.init(num_bits=32, string=tcg_max_str)
tcg_str = "%.8X%.8X" % (tcg_min.value, tcg_max.value)
tcg_cfg = "\n%s=DER:%s:%s:%s:%s:%s:%s:%s:%s" % \
(Certificate.TCG_OID, tcg_str[0:2], tcg_str[2:4], tcg_str[4:6], tcg_str[6:8], \
tcg_str[8:10], tcg_str[10:12], tcg_str[12:14], tcg_str[14:16])
return tcg_cfg
def validate_tcg_from_config(self, ca_cert_path, signing_attributes):
ca_cert_obj = Certificate(path=ca_cert_path)
tcg_min_str = signing_attributes.tcg_min
tcg_max_str = signing_attributes.tcg_max
tcg_min_attest = Attribute.init(num_bits=32, string=tcg_min_str)
tcg_max_attest = Attribute.init(num_bits=32, string=tcg_max_str)
return self._validate_tcg_raw(tcg_min_attest, tcg_max_attest,
ca_cert_obj.tcg_min, ca_cert_obj.tcg_max)
def validate_tcg_from_config(self, ca_cert_path, signing_attributes):
ca_cert_obj = Certificate(path=ca_cert_path)
tcg_min_str = signing_attributes.tcg_min
tcg_max_str = signing_attributes.tcg_max
tcg_min_attest = Attribute.init(num_bits=32, string=tcg_min_str)
tcg_max_attest = Attribute.init(num_bits=32, string=tcg_max_str)
return self._validate_tcg_raw(tcg_min_attest,
tcg_max_attest,
ca_cert_obj.tcg_min,
ca_cert_obj.tcg_max)
def validate_oid_from_config(self, ca_cert_path, signing_attributes):
ca_cert_obj = Certificate(path=ca_cert_path)
min_str = signing_attributes.object_id.min
max_str = signing_attributes.object_id.max
min_attest = Attribute.init(num_bits=32, string=min_str)
max_attest = Attribute.init(num_bits=32, string=max_str)
min_ca = None
max_ca = None
if signing_attributes.object_id.name == "tcg":
min_ca = ca_cert_obj.tcg_min
max_ca = ca_cert_obj.tcg_max
return self._validate_oid_raw(min_attest, max_attest, min_ca, max_ca)
def _get_oid(self, asn1_text, name):
_min = None
_max = None
oid = self.GetOIDByName(name)
oid_ext = asn1_text.find(oid)
if oid_ext > -1:
oid_pattern=re.compile(r'\[HEX DUMP\]:([a-fA-F\d]+)')
oid_match=oid_pattern.search(asn1_text[oid_ext:])
if oid_match is not None:
#tcg_str = tcg_match.group(1).replace(' ', '') #remove spaces
oid_str = oid_match.group(1)
_min = Attribute.init(num_bits=32, string="0x"+oid_str[0:8])
_max = Attribute.init(num_bits=32, string="0x"+oid_str[8:16])
return _min, _max
def _get_tcg(self, asn1_text):
_tcg_min = None
_tcg_max = None
tcg_ext = asn1_text.find(self.TCG_OID)
if tcg_ext > -1:
tcg_pattern = re.compile(r'\[HEX DUMP\]:([a-fA-F\d]+)')
tcg_match = tcg_pattern.search(asn1_text[tcg_ext:])
if tcg_match is not None:
#tcg_str = tcg_match.group(1).replace(' ', '') #remove spaces
tcg_str = tcg_match.group(1)
_tcg_min = Attribute.init(num_bits=32,
string="0x" + tcg_str[0:8])
_tcg_max = Attribute.init(num_bits=32,
string="0x" + tcg_str[8:16])
return _tcg_min, _tcg_max
def get_testsig_from_args(self, args):
serial_num_str = None
if args.validate:
testsig_index = args.image_file.find(TESTSIG_PREFIX)
if testsig_index >= 0:
filename, ext = os.path.splitext(args.image_file)
serial_num_str = filename[testsig_index + len(TESTSIG_PREFIX):]
elif args.testsig:
serial_num_str = args.testsig
return Attribute.init(num_bits=32, string=serial_num_str)
def _get_ou_attr(self, attr_name, certificate_text):
attr = None
ou_id = Certificate_OU.GetID(attr_name)
attr_pattern=re.compile(r'OU={0} ([a-fA-F\d]+) {1}'.format(ou_id, attr_name))
attr_match=attr_pattern.search(certificate_text)
if attr_match is not None:
attr_str = attr_match.group(1)
if len(attr_str) in [4, 8, 16]:
attr = Attribute.init(num_bits = len(attr_str)*4, string="0x"+attr_str)
else:
attr = attr_str
return attr
def serial_num(self, value):
if value is not None:
self.validate_serial_num(value)
value = Attribute.init(num_bits=32, string=value).value
self._serial_num = value