def _validate_oid_values(self, signing_attributes, general_properties, mandatory=True):
        if self._is_oid_supported(signing_attributes) is False:
            return

        oid_name = signing_attributes.object_id.name
        oid_min = signing_attributes.object_id.min
        oid_max = signing_attributes.object_id.max

        config_params_32bits = {
                      "min": oid_min,
                      "max": oid_max,
                      }

        for key in config_params_32bits.keys():
            valid = False
            if config_params_32bits[key] and \
                (Attribute.validate(num_bits=32, string=config_params_32bits[key]) is True):
                    valid = True
            elif (not config_params_32bits[key]) and \
                (mandatory is False):
                valid = True

            if valid == False:
                raise ConfigError(self.MSG_INVALID_32_INTEGER.
                                    format(oid_name,
                                           key, config_params_32bits[key]))

        if oid_min and oid_max and \
            (Attribute.init(num_bits=32, string=oid_min).value > \
            Attribute.init(num_bits=32, string=oid_max).value):
            valid = False
            raise ConfigError('{0} min must be less than max, min={1} max={2}' \
                                .format(oid_name, oid_min, oid_max))
示例#2
0
    def _generate_oid_config(self, oid_name, min_str, max_str):
        min_attr = Attribute.init(num_bits=32, string=min_str)
        max_attr = Attribute.init(num_bits=32, string=max_str)

        oid_str = "%.8X%.8X" % (min_attr.value, max_attr.value)
        oid_cfg = "\n%s=DER:%s:%s:%s:%s:%s:%s:%s:%s" % \
                (Certificate.GetOIDByName(oid_name), oid_str[0:2], oid_str[2:4], oid_str[4:6], oid_str[6:8], \
                 oid_str[8:10], oid_str[10:12], oid_str[12:14], oid_str[14:16])

        return oid_cfg
    def _generate_tcg_config(self, tcg_min_str, tcg_max_str):
        tcg_min = Attribute.init(num_bits=32, string=tcg_min_str)
        tcg_max = Attribute.init(num_bits=32, string=tcg_max_str)

        tcg_str = "%.8X%.8X" % (tcg_min.value, tcg_max.value)
        tcg_cfg = "\n%s=DER:%s:%s:%s:%s:%s:%s:%s:%s" % \
                (Certificate.TCG_OID, tcg_str[0:2], tcg_str[2:4], tcg_str[4:6], tcg_str[6:8], \
                 tcg_str[8:10], tcg_str[10:12], tcg_str[12:14], tcg_str[14:16])

        return tcg_cfg
示例#4
0
    def _generate_tcg_config(self, tcg_min_str, tcg_max_str):
        tcg_min = Attribute.init(num_bits=32, string=tcg_min_str)
        tcg_max = Attribute.init(num_bits=32, string=tcg_max_str)

        tcg_str = "%.8X%.8X" % (tcg_min.value, tcg_max.value)
        tcg_cfg = "\n%s=DER:%s:%s:%s:%s:%s:%s:%s:%s" % \
                (Certificate.TCG_OID, tcg_str[0:2], tcg_str[2:4], tcg_str[4:6], tcg_str[6:8], \
                 tcg_str[8:10], tcg_str[10:12], tcg_str[12:14], tcg_str[14:16])

        return tcg_cfg
示例#5
0
    def validate_tcg_from_config(self, ca_cert_path, signing_attributes):
        ca_cert_obj = Certificate(path=ca_cert_path)

        tcg_min_str = signing_attributes.tcg_min
        tcg_max_str = signing_attributes.tcg_max

        tcg_min_attest = Attribute.init(num_bits=32, string=tcg_min_str)
        tcg_max_attest = Attribute.init(num_bits=32, string=tcg_max_str)

        return self._validate_tcg_raw(tcg_min_attest, tcg_max_attest,
                                      ca_cert_obj.tcg_min, ca_cert_obj.tcg_max)
    def validate_tcg_from_config(self, ca_cert_path, signing_attributes):
        ca_cert_obj = Certificate(path=ca_cert_path)

        tcg_min_str = signing_attributes.tcg_min
        tcg_max_str = signing_attributes.tcg_max

        tcg_min_attest = Attribute.init(num_bits=32, string=tcg_min_str)
        tcg_max_attest = Attribute.init(num_bits=32, string=tcg_max_str)

        return self._validate_tcg_raw(tcg_min_attest,
                                     tcg_max_attest,
                                     ca_cert_obj.tcg_min,
                                     ca_cert_obj.tcg_max)
示例#7
0
    def validate_oid_from_config(self, ca_cert_path, signing_attributes):
        ca_cert_obj = Certificate(path=ca_cert_path)

        min_str = signing_attributes.object_id.min
        max_str = signing_attributes.object_id.max

        min_attest = Attribute.init(num_bits=32, string=min_str)
        max_attest = Attribute.init(num_bits=32, string=max_str)

        min_ca = None
        max_ca = None
        if signing_attributes.object_id.name == "tcg":
            min_ca = ca_cert_obj.tcg_min
            max_ca = ca_cert_obj.tcg_max

        return self._validate_oid_raw(min_attest, max_attest, min_ca, max_ca)
    def _get_oid(self, asn1_text, name):
        _min = None
        _max = None

        oid = self.GetOIDByName(name)

        oid_ext = asn1_text.find(oid)
        if oid_ext > -1:
            oid_pattern=re.compile(r'\[HEX DUMP\]:([a-fA-F\d]+)')
            oid_match=oid_pattern.search(asn1_text[oid_ext:])
            if oid_match is not None:
                #tcg_str = tcg_match.group(1).replace(' ', '') #remove spaces
                oid_str = oid_match.group(1)
                _min = Attribute.init(num_bits=32, string="0x"+oid_str[0:8])
                _max = Attribute.init(num_bits=32, string="0x"+oid_str[8:16])

        return _min, _max
    def _get_tcg(self, asn1_text):
        _tcg_min = None
        _tcg_max = None

        tcg_ext = asn1_text.find(self.TCG_OID)
        if tcg_ext > -1:
            tcg_pattern = re.compile(r'\[HEX DUMP\]:([a-fA-F\d]+)')
            tcg_match = tcg_pattern.search(asn1_text[tcg_ext:])
            if tcg_match is not None:
                #tcg_str = tcg_match.group(1).replace(' ', '') #remove spaces
                tcg_str = tcg_match.group(1)
                _tcg_min = Attribute.init(num_bits=32,
                                          string="0x" + tcg_str[0:8])
                _tcg_max = Attribute.init(num_bits=32,
                                          string="0x" + tcg_str[8:16])

        return _tcg_min, _tcg_max
    def validate_inputs(self, signing_attributes, general_properties):

        config_params_32bits = {
                      "tcg_min": signing_attributes.tcg_min,
                      "tcg_max": signing_attributes.tcg_max,
                      }

        for key in config_params_32bits.keys():
            if Attribute.validate(num_bits=32, string=config_params_32bits[key]) is False:
                raise ConfigError("{0}:{1} is not a valid 32 bit integer".
                                    format(key, config_params_32bits[key]))
示例#11
0
    def get_testsig_from_args(self, args):
        serial_num_str = None
        if args.validate:
            testsig_index = args.image_file.find(TESTSIG_PREFIX)
            if testsig_index >= 0:
                filename, ext = os.path.splitext(args.image_file)
                serial_num_str = filename[testsig_index + len(TESTSIG_PREFIX):]
        elif args.testsig:
            serial_num_str = args.testsig

        return Attribute.init(num_bits=32, string=serial_num_str)
示例#12
0
    def validate_inputs(self, signing_attributes, general_properties):

        config_params_32bits = {
            "tcg_min": signing_attributes.tcg_min,
            "tcg_max": signing_attributes.tcg_max,
        }

        for key in config_params_32bits.keys():
            if Attribute.validate(num_bits=32,
                                  string=config_params_32bits[key]) is False:
                raise ConfigError(
                    "{0}:{1} is not a valid 32 bit integer".format(
                        key, config_params_32bits[key]))
    def _get_ou_attr(self, attr_name, certificate_text):
        attr = None

        ou_id = Certificate_OU.GetID(attr_name)
        attr_pattern=re.compile(r'OU={0} ([a-fA-F\d]+) {1}'.format(ou_id, attr_name))
        attr_match=attr_pattern.search(certificate_text)
        if attr_match is not None:
            attr_str = attr_match.group(1)
            if len(attr_str) in [4, 8, 16]:
                attr = Attribute.init(num_bits = len(attr_str)*4, string="0x"+attr_str)
            else:
                attr = attr_str

        return attr
示例#14
0
 def validate_serial_num(self, value):
     if Attribute.validate(num_bits=32, string=value) is False:
         raise RuntimeError('testsig serial number ' + str(value) +
                            ' is not a valid 32 bit number')
示例#15
0
 def serial_num(self, value):
     if value is not None:
         self.validate_serial_num(value)
         value = Attribute.init(num_bits=32, string=value).value
     self._serial_num = value
示例#16
0
    def c_validate(self):
        """Validates the command line args provided by the user.

        :raises: RuntimeError if any error occurs.
        """
        args = self.parsed_args
        err = []

        config_params_32bits = {
            "tcg min": args.tcg_min,
            "tcg max": args.tcg_max,
            'testsig': args.testsig,
            "tcg fix": args.tcg_fix,
        }

        #import pdb; pdb.set_trace()
        if (args.input_dir or args.image_file) and args.testsig:
            err.append(
                'Generate testsig (-t) and sign with image_file (-i or -r) cannot be used together'
            )

        if args.capability and (args.cass is False):
            err.append(
                'Capability (-p) is only supported when CASS (-c) is used')

        if not (args.image_file or args.input_dir) and not args.testsig:
            err.append(
                'Either generate testsig (-t) or sign with image_file (-i or -r) must be specified'
            )

        if args.validate and (args.testsig or args.input_dir):
            err.append(
                'Validate (-a) should be used with image_file (-i). An input signed image should be referenced by -i.'
            )

        if args.validate is False and args.image_file:
            path, filename = os.path.split(args.image_file)
            if filename.startswith(TESTSIG_PREFIX):
                err.append(
                    'Cannot sign testsig file {0}. Please use -t to generate testsig instead.'
                    .format(args.image_file))

        if args.tcg_fix:
            for key in ["tcg min", "tcg max"]:
                if config_params_32bits[key]:
                    err.append(
                        "{0} should not be specified when tcg_fix is specified"
                        .format(key))

        for key in config_params_32bits:
            if Attribute.validate(num_bits=32,
                                  string=config_params_32bits[key]) is False:
                err.append('{0}:{1} is not a valid 32 bit integer'.format(
                    key, config_params_32bits[key]))

        # Check and sanitize any paths for read access
        for path in ['image_file', 'config']:
            path_val = getattr(args, path, None)
            if path_val:
                path_val = c_path.normalize(path_val)
                if not c_path.validate_file(path_val):
                    err.append('Cannot access ' + path + ' at: ' + path_val)
                setattr(args, path, path_val)

        for path in ['input_dir']:
            path_val = getattr(args, path, None)
            if path_val:
                path_val = c_path.normalize(path_val)
                if not c_path.validate_dir(path_val):
                    err.append('Cannot access ' + path + ' at: ' + path_val)
                setattr(args, path, path_val)

        # Check and sanitize paths for write access
        for path in ['output_dir']:
            path_val = getattr(args, path, None)
            if path_val:
                path_val = c_path.normalize(path_val)
                try:
                    c_path.create_dir(path_val)
                except Exception as e:
                    err.append('Cannot write at: ' + path_val + '\n'
                               '    ' + 'Error: ' + str(e))
                setattr(args, path, path_val)

        # Raise error if any
        if err:
            if len(err) > 1:
                err = [('  ' + str(idx + 1) + '. ' + error)
                       for idx, error in enumerate(err)]
                err = 'Please check the command line args:\n\n' + '\n'.join(
                    err)
            else:
                err = err[0]
            raise RuntimeError(err)