Пример #1
0
    def encrypt(self, message, key, iv):
        """ Function to encrypt binary with a CBC 128 bit cipher.
        input:
        binary_blob: Binary blob to encrypt
        hex_preexisting_128_bit_key: hex representation of 128bit key | None,
        if None, the key is generated

        hex_preexisting_iv: hex representation of image IV | None,
        if None, the IV is generated

        output:
        (encrypted_binary, encryption_key, image_iv): Tuple with the encrypted binary, the key, and the IV
        """
        message_path, encrypted_message_path = None, None
        try:
            message_path = c_path.create_tmp_file(message)
            encrypted_message_path = c_path.create_tmp_file()

            cmd = [
                self.openssl, 'enc', '-aes-128-cbc', '-in', message_path,
                '-out', encrypted_message_path, '-K', key, '-iv', iv, '-nopad'
            ]
            run_command(cmd)
            return c_path.load_data_from_file(encrypted_message_path)
        finally:
            if message_path is not None:
                c_path.remove_tmp_file(message_path)
            if encrypted_message_path is not None:
                c_path.remove_tmp_file(encrypted_message_path)
Пример #2
0
    def decrypt(self, message, key, iv):
        """ Function to decrypt a CBC encrypted binary.
        input:
        encrypted_blob: Encrypted Binary blob to decrypt
        hex_preexisting_128_bit_key: hex representation of 128bit key

        hex_preexisting_iv: hex representation of image IV

        output:
        plaintext_binary: Decrypted plaintext binary
        """
        message_path, decrypted_message_path = None, None
        try:
            message_path = c_path.create_tmp_file(message)
            decrypted_message_path = c_path.create_tmp_file()

            cmd = [
                self.openssl, 'enc', '-aes-128-cbc', '-d', '-in', message_path,
                '-out', decrypted_message_path, '-K', key, '-iv', iv, '-nopad'
            ]
            run_command(cmd)
            return c_path.load_data_from_file(decrypted_message_path)
        finally:
            if message_path is not None:
                c_path.remove_tmp_file(message_path)
            if decrypted_message_path is not None:
                c_path.remove_tmp_file(decrypted_message_path)
Пример #3
0
    def validate_cert_chain(self, root_cert, ca_cert_chain):
        """ Verify the certificate chain to be valid

        input:
        certificate_chain: [cert1,cert2,cert3]
        List of certificates (*in PEM FORMAT*) in the certificate chain. It assumes that the last certificate is the Root CA certificate.

        output:
        [True|False]
        Boolean value
        """
        ca_cert_chain_path, root_cert_path = None, None
        try:
            ca_cert_chain_path = c_path.create_tmp_file(ca_cert_chain)
            root_cert_path = c_path.create_tmp_file(root_cert)
            cmd = [
                self.openssl, 'verify', '-CAfile', ca_cert_chain_path,
                root_cert_path
            ]
            validity = run_command(cmd).rstrip()
            return validity == (root_cert_path + ': OK')
        finally:
            if ca_cert_chain_path is not None:
                c_path.remove_tmp_file(ca_cert_chain_path)
            if root_cert_path is not None:
                c_path.remove_tmp_file(root_cert_path)
Пример #4
0
    def sign_cert(self, cert, ca_cert, ca_priv_key, extfile=None, hash_algo=CertBase.HASH_ALGO_SHA256,
                  days=None, serial=None, sign_algo=CertBase.SIGN_ALGO_RSA_PKCS,
                  pad_hash_algo=CertBase.HASH_ALGO_SHA256, pad_salt_len=CertBase.PAD_PSS_SALT_1):
        cert_path, ca_cert_path, ca_priv_path = None, None, None
        try:
            cert_path = c_path.create_tmp_file(cert)
            ca_cert_path = c_path.create_tmp_file(ca_cert)
            ca_priv_path = c_path.create_tmp_file(ca_priv_key)

            cmd = [self.openssl, OPENSSL_CERT_MODE, '-req',
                   '-in', cert_path,
                   '-CAkey', ca_priv_path,
                   '-CA', ca_cert_path,
                   ]
            if days is not None:
                cmd += ['-days', str(days)]
            if serial is not None:
                cmd += ['-set_serial', str(serial)]
            if extfile is not None:
                cmd += ['-extfile', extfile]
            if hash_algo is not None:
                cmd += ['-' + hash_algo]
            if sign_algo == self.SIGN_ALGO_RSA_PSS:
                cmd += ['-sigopt', 'rsa_padding_mode:pss',
                        '-sigopt', 'rsa_pss_saltlen:' + pad_salt_len,
                        '-sigopt', 'digest:' + pad_hash_algo]
            else:
                cmd += ['-CAcreateserial']
            return run_command(cmd)
        finally:
            c_path.remove_tmp_file(cert_path)
            c_path.remove_tmp_file(ca_cert_path)
            c_path.remove_tmp_file(ca_priv_path)
Пример #5
0
    def encrypt(self, message, key, iv, aad):
        """ Function to encrypt binary with a CCM 128 bit cipher.
        input:
        binary_blob: Binary blob to encrypt
        hex_preexisting_128_bit_key: hex representarion of 128bit key | None,
        if None, the key is generated

        hex_preexisting_iv: hex representarion of image IV | None,
        if None, the IV is generated

        hex_preexisting_aad: hex representation of Additional Authentication data needed by the algorithm

        output:
        (encrypted_binary, encryption_key, image_iv, hex_preexisting_aad): Tuple with the encrypted binary, the key, the IV, and the AAD
        """
        message_path, encrypted_message_path = None, None
        try:
            message_path = c_path.create_tmp_file(message)
            encrypted_message_path = c_path.create_tmp_file()

            cmd = [
                self.crypto_cbc, '--operation=encrypt', '--input-file',
                message_path, '--output', encrypted_message_path, '--key', key,
                '--iv', iv, '--aad', aad
            ]
            run_command(cmd)
            return c_path.load_data_from_file(encrypted_message_path)
        finally:
            if message_path is not None:
                c_path.remove_tmp_file(message_path)
            if encrypted_message_path is not None:
                c_path.remove_tmp_file(encrypted_message_path)
Пример #6
0
    def verify(self, message, key, signature):
        """ Decrypt and verify an encrypted message using a public key and signature

        :param message: message to verify
        :param key: public key
        :param signature: signature
        :return verified: boolean outcome of verification
        :rtype: bool
        """
        signature = EcdsaOpenSSLImpl.strip_sig_padding(signature)

        expected_retcode = 1
        message_path = c_path.create_tmp_file(message)
        key_path = c_path.create_tmp_file(key)
        signature_path = c_path.create_tmp_file(signature)

        cmd = ([
            self.openssl, OPENSSL_PKEYUTL_MODE, '-verify', '-pubin', '-inkey',
            key_path, '-sigfile', signature_path, '-in', message_path
        ])
        try:
            output = run_command(cmd, expected_retcode)
            if output.strip() == 'Signature Verified Successfully':
                return True
            else:
                return False
        finally:
            c_path.remove_tmp_file(message_path)
            c_path.remove_tmp_file(key_path)
            c_path.remove_tmp_file(signature_path)
Пример #7
0
    def decrypt(self, message, key, iv, aad):
        """ Function to decrypt a CCM encrypted binary.
        input:
        encrypted_blob: Encrypted Binary blob to decrypt
        hex_preexisting_128_bit_key: hex representarion of 128bit key

        hex_preexisting_iv: hex representarion of image IV

        hex_preexisting_aad: hex representation of Additional Authentication data needed by the algorithm

        output:
        plaintext_binary: Decrypted plaintext binary
        """
        message_path, decrypted_message_path = None, None
        try:
            message_path = c_path.create_tmp_file(message)
            decrypted_message_path = c_path.create_tmp_file()

            cmd = [
                self.crypto_ccm, '--operation=decrypt', '--input-file',
                message_path, '--output', decrypted_message_path, '--key', key,
                '--iv', iv, '--aad', aad
            ]
            run_command(cmd)
            return c_path.load_data_from_file(decrypted_message_path)
        finally:
            if message_path is not None:
                c_path.remove_tmp_file(message_path)
            if decrypted_message_path is not None:
                c_path.remove_tmp_file(decrypted_message_path)
Пример #8
0
 def _pkeyutl(self, message, key, preopts, options, expected_retcode=0):
     message_path = c_path.create_tmp_file(message)
     key_path = c_path.create_tmp_file(key)
     cmd = ([self.openssl, OPENSSL_PKEYUTL_MODE] + preopts +
            ['-inkey', key_path, '-in', message_path] + options)
     try:
         return run_command(cmd, expected_retcode)
     finally:
         c_path.remove_tmp_file(message_path)
         c_path.remove_tmp_file(key_path)
Пример #9
0
    def decrypt(self, message, key, iv, ciphername=AesCbcBase.CIPHERNAME_128):
        message_path, decrypted_message_path = None, None
        try:
            message_path = c_path.create_tmp_file(message)
            decrypted_message_path = c_path.create_tmp_file()

            cmd = [
                self.openssl, 'enc', ciphername, '-d', '-in', message_path,
                '-K', key, '-iv', iv, '-out', decrypted_message_path, '-nopad'
            ]
            run_command(cmd)
            return c_path.load_data_from_file(decrypted_message_path)
        finally:
            c_path.remove_tmp_file(message_path)
            c_path.remove_tmp_file(decrypted_message_path)
Пример #10
0
    def verify(self, message, key, signature, padding=RsaBase.RSA_PAD_PSS,
               hash_algo=RsaBase.RSA_HASH_SHA256,
               salt_len=RsaBase.RSA_PAD_PSS_SALT_1):
        """ Decrypt an encrypted message with a public key
        input:
            encrypted_message = String representation of encrypted message
            public_key = String representation of public key

        output:
            message = String representing decrypted message
        """
        padding_opt = self._get_pad_opt(OPENSSL_PKEYUTL_MODE, padding)
        hash_opt = self._get_hash_opt(hash_algo)
        pad_opts = []
        signature_path = None
        if padding == RsaBase.RSA_PAD_PSS:
            signature_path = c_path.create_tmp_file(signature)
            pad_opts += ['-sigfile', signature_path,
                         '-pkeyopt', 'rsa_pss_saltlen:' + salt_len,
                         '-pkeyopt', 'digest:' + hash_opt]
        try:
            output = self._pkeyutl(message, key, ['-verify', '-pubin'],
                                   ['-pkeyopt', 'rsa_padding_mode:'+padding_opt],
                                   expected_retcode=1)
            if output.strip() == 'Signature Verified Successfully':
                return True
            else:
                return False
        finally:
            if signature_path is not None:
                c_path.remove_tmp_file(signature_path)
Пример #11
0
    def verify(self,
               message,
               key,
               signature,
               padding=RsaBase.RSA_PAD_PSS,
               hash_algo=RsaBase.RSA_HASH_SHA256,
               salt_len=RsaBase.RSA_PAD_PSS_SALT_1):
        # Create options for the rsa operation
        pad_opts = [
            '-pkeyopt', 'rsa_padding_mode:' +
            self._get_pad_opt(OPENSSL_PKEYUTL_MODE, padding)
        ]
        if padding == self.RSA_PAD_PSS:
            hash_opt = self._get_hash_opt(hash_algo)
            pad_opts += [
                '-pkeyopt', 'rsa_pss_saltlen:' + salt_len, '-pkeyopt',
                'digest:' + hash_opt
            ]

        signature_path = c_path.create_tmp_file(signature)
        pad_opts = ['-sigfile', signature_path] + pad_opts

        # Return if message matches signature
        try:
            expected_retcode = 0 if OpenSSLDiscoveryImpl.is_supported_version(
                self.openssl,
                min_version=OPENSSL_PKEYUTL_FIXED_VERSION_MIN) else 1
            output = self._pkeyutl(message,
                                   key, ['-verify', '-pubin'],
                                   pad_opts,
                                   expected_retcode=expected_retcode)
            return 'Signature Verified Successfully' in output
        finally:
            c_path.remove_tmp_file(signature_path)
Пример #12
0
    def encrypt(self, message, key, iv, aad):
        message_path, encrypted_message_path = None, None
        try:
            message_path = c_path.create_tmp_file(message)
            encrypted_message_path = c_path.create_tmp_file()

            cmd = [
                self.crypto_ccm, '--input-file', message_path, '--key', key,
                '--iv', iv, '--output', encrypted_message_path,
                '--operation=encrypt', '--aad', aad
            ]
            run_command(cmd, log=False)
            return c_path.load_data_from_file(encrypted_message_path)
        finally:
            c_path.remove_tmp_file(message_path)
            c_path.remove_tmp_file(encrypted_message_path)
Пример #13
0
    def decrypt(self, message, key, iv):
        message_path, decrypted_message_path = None, None
        try:
            message_path = c_path.create_tmp_file(message)
            decrypted_message_path = c_path.create_tmp_file()

            cmd = [
                self.crypto_cbc, '--input-file', message_path, '--key', key,
                '--iv', iv, '--output', decrypted_message_path,
                '--operation=decrypt'
            ]
            run_command(cmd, log=False)
            return c_path.load_data_from_file(decrypted_message_path)
        finally:
            c_path.remove_tmp_file(message_path)
            c_path.remove_tmp_file(decrypted_message_path)
Пример #14
0
 def _generate_pkcs11_cfg(self, token_driver_home):
     pkcs11_cfg_template_data = ensure_str(c_misc.load_data_from_file(self.PKCS11_CFG_TEMPLATE))
     pkcs11_cfg_data = signerutils.macro_replace(pkcs11_cfg_template_data,
                               "token_driver_home",
                               token_driver_home,
                               isMandatory=True)
     return c_path.create_tmp_file(data=pkcs11_cfg_data)
Пример #15
0
 def _decode_encryption_parameters_blob(self, encryption_params_blob,
                                        private_key):
     encryption_params_blob = self.extract_encryption_parameters(
         encryption_params_blob)[1]
     tmp_config_file_path = c_path.create_tmp_file(
         data=encryption_params_blob)
     encryption_params_parser = CoreConfig(auto_gen_ssd_xml_config,
                                           tmp_config_file_path).root
     encrypted_image_encryption_key_base64 = encryption_params_parser.MD_SIGN[
         0].IEK_ENC_INFO[0].IEK_CIPHER_VALUE
     encrypted_image_encryption_key = binascii.a2b_base64(
         encrypted_image_encryption_key_base64)
     if self.iek_enc_algo == IEK_ENC_ALGO_RSA_2048:
         private_key_pem = crypto.rsa.get_key_in_format(
             private_key, crypto.utils.FORMAT_PEM)
         image_encryption_key = crypto.rsa.decrypt(
             encrypted_image_encryption_key,
             private_key_pem,
             padding=crypto.rsa.RSA_PAD_PKCS)
     else:
         image_encryption_iv_base64 = encryption_params_parser.MD_SIGN[
             0].IEK_ENC_INFO[0].IEK_ENC_IV
         image_encryption_iv_bin = binascii.a2b_base64(
             image_encryption_iv_base64)
         image_encryption_iv_hex = binascii.hexlify(image_encryption_iv_bin)
         image_encryption_key = crypto.aes_cbc.decrypt(
             encrypted_image_encryption_key, binascii.hexlify(private_key),
             image_encryption_iv_hex)
     image_encryption_iv_base64 = encryption_params_parser.MD_SIGN[
         0].IMG_ENC_INFO[0].IMG_ENC_IV
     image_encryption_iv = binascii.a2b_base64(image_encryption_iv_base64)
     return image_encryption_key, image_encryption_iv
Пример #16
0
    def gen_keys(self, curve, priv_key_path=None, pub_key_path=None):
        # Generate the key pair using openssl
        priv_key = self._gen_ecdsa_key_pair(curve)

        # Save the private key to file
        priv_path = priv_key_path if priv_key_path is not None else c_path.create_tmp_file(
        )

        # Generate the public key file
        try:
            logger.debug('Writing generated private key to PEM file: ' +
                         priv_path)
            c_path.store_data_to_file(priv_path, priv_key)

            # Extract the public key from the private key
            pub_key = self.get_public_key_from_private(priv_key)
        finally:
            # Cleanup temp file
            c_path.remove_tmp_file(priv_path)

        # Save the public key to file
        if pub_key_path is not None:
            logger.debug('Writing generated public key to PEM file: ' +
                         pub_key_path)
            c_path.store_data_to_file(pub_key_path, pub_key)

        return priv_key, pub_key
Пример #17
0
 def get_public_key_from_private(self, priv_key):
     key_path = c_path.create_tmp_file(priv_key)
     try:
         cmd = [self.openssl, OPENSSL_RSA_MODE, '-in', key_path, '-pubout']
         return run_command(cmd)
     finally:
         c_path.remove_tmp_file(key_path)
Пример #18
0
 def create_cert(self, priv_key, subject_params=None, config=None, self_sign=False,
                 hash_algo=CertBase.HASH_ALGO_SHA256, days=None, serial=None, sign_algo=CertBase.SIGN_ALGO_RSA_PKCS,
                 pad_hash_algo=CertBase.HASH_ALGO_SHA256, pad_salt_len=CertBase.PAD_PSS_SALT_1):
     priv_path = c_path.create_tmp_file(priv_key)
     try:
         cmd = [self.openssl, 'req', '-new', '-key', priv_path]
         if subject_params is not None:
             subject = self.get_subject_from_params(subject_params)
             cmd += ['-subj', subject]
         if config is not None:
             cmd += ['-config', config]
         if self_sign:
             cmd += ['-x509']
             if days is not None:
                 cmd += ['-days', str(days)]
             if serial is not None:
                 cmd += ['-set_serial', str(serial)]
             if hash_algo is not None:
                 cmd += ['-' + hash_algo]
             if sign_algo == self.SIGN_ALGO_RSA_PSS:
                 cmd += ['-sigopt', 'rsa_padding_mode:pss',
                         '-sigopt', 'rsa_pss_saltlen:' + pad_salt_len,
                         '-sigopt', 'digest:' + pad_hash_algo]
         return run_command(cmd)
     finally:
         c_path.remove_tmp_file(priv_path)
Пример #19
0
 def get_asn1_text(self, cert):
     cert_path = c_path.create_tmp_file(cert)
     try:
         cmd = [self.openssl, 'asn1parse',
                '-in', cert_path,
                '-inform', self._get_format_opt(self.get_cert_format(cert))]
         return run_command(cmd, large_output=True)
     finally:
         c_path.remove_tmp_file(cert_path)
Пример #20
0
    def create_cert(self,
                    priv_key,
                    subject_params=None,
                    config=None,
                    hash_algo=CertBase.HASH_ALGO_SHA256,
                    self_sign=False,
                    days=None,
                    serial=None,
                    padding=CertBase.PAD_PKCS,
                    pad_hash_algo=CertBase.HASH_ALGO_SHA256,
                    pad_salt_len=CertBase.PAD_PSS_SALT_1):
        """ Create a self signed certificate
        input:
            subject_params = {
                                  'C'              : "US",
                                  'ST'             : "California",
                                  'L'              : "San Diego",
                                  'O'              : "ASIC",
                                  'CN'             : "Qualcomm",
                             }

            Dictionary of parameters to put in the certificate. The parameters above are an example

            days = validity period of certificate in days
            configfile = configfile used by openssl
            serial_num = Serial number of certificate
            padding = Type of padding

        output:
            certificate: String representation of PEM certificate.
        """
        priv_path = c_path.create_tmp_file(priv_key)
        try:
            cmd = [self.openssl, 'req', '-new', '-key', priv_path]
            if subject_params is not None:
                subject = self.get_subject_from_params(subject_params)
                cmd += ['-subj', subject]
            if config is not None:
                cmd += ['-config', config]
            if hash_algo is not None:
                cmd += ['-' + hash_algo]
            if self_sign:
                cmd += ['-x509']
                if padding == self.PAD_PSS:
                    cmd += [
                        '-sigopt', 'rsa_padding_mode:pss', '-sigopt',
                        'rsa_pss_saltlen:' + pad_salt_len, '-sigopt',
                        'digest:' + pad_hash_algo
                    ]
            if serial is not None:
                cmd += ['-set_serial', str(serial)]
            if days is not None:
                cmd += ['-days', str(days)]
            return run_command(cmd)
        finally:
            c_path.remove_tmp_file(priv_path)
Пример #21
0
 def get_pubkey(self, cert):
     cert_path = c_path.create_tmp_file(cert)
     try:
         cmd = [self.openssl, OPENSSL_CERT_MODE,
                '-in', cert_path,
                '-pubkey', '-noout',
                '-inform', self._get_format_opt(self.get_cert_format(cert))]
         return run_command(cmd)
     finally:
         c_path.remove_tmp_file(cert_path)
Пример #22
0
 def get_asn1_text(self, signature):
     signature_path = c_path.create_tmp_file(signature)
     try:
         cmd = [
             self.openssl, 'asn1parse', '-in', signature_path, '-inform',
             utils.FORMAT_DER
         ]
         return run_command(cmd, large_output=True)
     finally:
         c_path.remove_tmp_file(signature_path)
Пример #23
0
    def _generate_attestation_certificate_extensions(
            self, attestation_certificate_extensions_path, oid_name, min_str,
            max_str):
        v3_attest_file = ensure_str(
            c_path.load_data_from_file(
                attestation_certificate_extensions_path))
        v3_attest_file_new = v3_attest_file + self._generate_oid_config(
            oid_name, min_str, max_str)
        v3_attest_file_temp = c_path.create_tmp_file(data=v3_attest_file_new)

        return v3_attest_file_temp
Пример #24
0
 def get_text_from_key(self, key, inform, is_public=False):
     key_path = c_path.create_tmp_file(key)
     try:
         cmd = [self.openssl, 'rsa', '-text', '-noout',
                '-in', key_path,
                '-inform', self._get_format_opt(inform)]
         if is_public:
             cmd.append('-pubin')
         return run_command(cmd)
     finally:
         c_path.remove_tmp_file(key_path)
Пример #25
0
 def get_text(self, cert):
     cert_path = c_path.create_tmp_file(cert)
     try:
         cmd = [self.openssl, OPENSSL_CERT_MODE,
                '-in', cert_path,
                '-inform', self._get_format_opt(self.get_cert_format(cert)),
                '-noout', '-text',
                '-certopt', 'ext_dump']
         return run_command(cmd, large_output=True, ret_binary=False)
     finally:
         c_path.remove_tmp_file(cert_path)
Пример #26
0
    def decrypt(self, message, key, iv, aad):
        message_path, decrypted_message_path = None, None
        try:
            message_path = c_path.create_tmp_file(message)
            decrypted_message_path = c_path.create_tmp_file()

            cmd = [
                self.crypto_ccm, '--input-file', message_path, '--key', key,
                '--iv', iv, '--output', decrypted_message_path,
                '--operation=decrypt', '--aad', aad
            ]
            output = run_command(cmd, log=False)

            # Check there is no issue with the output
            if "Caught HashVerificationFailed..." in output:
                raise RuntimeError(output)

            return c_path.load_data_from_file(decrypted_message_path)
        finally:
            c_path.remove_tmp_file(message_path)
            c_path.remove_tmp_file(decrypted_message_path)
Пример #27
0
 def get_pubkey_from_cert(self, cert, inform, text_output=False):
     inform_opt = self._get_format_opt(inform)
     cert_path, pub_path = None, None
     try:
         cert_path = c_path.create_tmp_file(cert)
         cmd = [
             self.openssl, OPENSSL_CERT_MODE, '-pubkey', '-noout', '-in',
             cert_path, '-inform', inform_opt
         ]
         pub_key = run_command(cmd)
         if text_output:
             pub_path = c_path.create_tmp_file(pub_key)
             cmd = [
                 self.openssl, 'rsa', '-pubin', '-text', '-noout'
                 '-in', cert_path, '-inform', inform_opt
             ]
             pub_key = run_command(cmd)
     finally:
         if cert_path is not None: c_path.remove_tmp_file(cert_path)
         if pub_path is not None: c_path.remove_tmp_file(pub_path)
     return pub_key
Пример #28
0
    def validate_cert_chain(self, cert, ca_cert_chain):
        ca_cert_chain_path, cert_path = None, None
        try:
            ca_cert_chain_path = c_path.create_tmp_file(ca_cert_chain)
            cert_path = c_path.create_tmp_file(cert)

            # Check validity time
            valid_from, _ = self.get_validity(self.get_text(cert))
            lag = calendar.timegm(valid_from) - int(time.time())
            if lag > 0:
                logger.warning('Local machine\'s time is slow by at least ' + str(lag) + ' seconds.')

            cmd = [self.openssl, 'verify',
                   '-attime', str(calendar.timegm(valid_from)),
                   '-CAfile', ca_cert_chain_path, cert_path]
            return (cert_path + ': OK') in run_command(cmd, ret_binary=False)
        except RuntimeError:
            return False
        finally:
            c_path.remove_tmp_file(ca_cert_chain_path)
            c_path.remove_tmp_file(cert_path)
Пример #29
0
    def encrypt_segment(self, binary_segment, segment_num):
        '''
        Encrypt elf segments using cbc encryption
        input:
        binary_segment: A string representing the binary segment that needs to be encrypted.
        segment_num: The segment number, used to calculate the segment IV

        output:
        encrypted_binary_segment: CBC encrypted segment
        '''
        if len(binary_segment) < 16 and len(binary_segment) != 0:
            raise RuntimeError("The input plaintext is less than the minimum.")
        else:
            pt_fn = c_path.create_tmp_file(data=binary_segment)
            op_fn = c_path.create_tmp_file()
            self.encryption_parameters.ssd_p.enc_segment(
                segment_num, pt_fn, op_fn)
            encrypted_binary_segment = c_path.load_data_from_file(op_fn)
            os.unlink(pt_fn)
            os.unlink(op_fn)
            return encrypted_binary_segment
Пример #30
0
    def verify(self, message, key, signature):
        # Remove padding and save signature to file
        signature = EcdsaOpenSSLImpl.strip_sig_padding(signature)
        signature_path = c_path.create_tmp_file(signature)

        # Return if message matches signature
        try:
            output = self._pkeyutl(message,
                                   key, ['-verify', '-pubin'],
                                   ['-sigfile', signature_path],
                                   expected_retcode=1)
            return output.strip() == 'Signature Verified Successfully'
        finally:
            c_path.remove_tmp_file(signature_path)