def sign(self,
data_to_sign,
imageinfo,
debug_dir=None,
is_hash=False,
**kwargs):
"""
This function returns a SignerOutput object which has all the security assets generated
by the signer.
"""
# Set the input information
self.set_input(data_to_sign,
imageinfo,
debug_dir=debug_dir,
is_hash=is_hash,
**kwargs)
# Set the certificates and keys for output
signer_output = self.sign_hash(self.hash_to_sign,
imageinfo,
data_to_sign,
debug_dir=debug_dir,
hash_algo=self.hash_algo)
# Get the hmac params from attestation cert or hash segment
extracted_image_attributes = self._attribute_extractor(
cert_data=signer_output.attestation_cert,
attributes=self.signing_attributes_class(),
**kwargs).attributes
hmac_from_image = HMAC()
hmac_from_image.init_from_image_attributes(extracted_image_attributes,
self.signing_attributes)
# Get the hmac params from config
hmac_from_config = HMAC()
hmac_from_config.init_from_config(self.signing_attributes)
# Recreate the hash to sign if necessary
if hmac_from_config.hmac_type == hmac_from_config.HMAC_TYPE_QTI and not hmac_from_image.is_equal(
hmac_from_config):
if self.data_to_sign is not None:
self.hash_to_sign = hmac_from_image.hmac(self.data_to_sign)
else:
raise RuntimeError(
'HMAC params from image cannot be used with pre-generated hash.'
)
# Set the signature
signer_output.signature = self.get_signature()
signer_output.unsigned_hash = self.hash_to_sign
self._print_attestation_cert_props(signer_output.attestation_cert,
**kwargs)
return signer_output
def sign(self, data_to_sign, imageinfo, debug_dir=None, is_hash=False, hash_segment_metadata=None):
"""
This function returns a SignerOutput object which has all the security assets generated
by the signer.
"""
# Set the input information
self.set_input(data_to_sign, imageinfo, debug_dir, is_hash)
signer_output = self.sign_hash(self.hash_to_sign, imageinfo, data_to_sign, debug_dir=debug_dir, hash_algo=self.hash_algo)
# Get the hmac params from attestation cert or hash segment
extracted_image_attributes = AttributeExtractor(cert_data=signer_output.attestation_cert, hash_segment_metadata=hash_segment_metadata).attributes
hmac_from_image = HMAC()
hmac_from_image.init_from_image_attributes(extracted_image_attributes)
# Get the hmac params from config
hmac_from_config = HMAC()
hmac_from_config.init_from_config(self.signing_attributes)
# Recreate the hash to sign if necessary
if hmac_from_config.hmac_type == hmac_from_config.HMAC_TYPE_QTI and not hmac_from_image.is_equal(hmac_from_config):
if self.data_to_sign is not None:
self.hash_to_sign = hmac_from_image.hmac(self.data_to_sign)
else:
raise RuntimeError('HMAC params from image cannot be used with pre-generated hash.')
# Set the signature
signer_output.signature = self.get_signature()
signer_output.unsigned_hash = self.hash_to_sign
# Print certificate properties (to make tests pass and give good debug information)
if hash_segment_metadata is None:
logger.info('\nAttestation Certificate Properties:\n' +
str(Certificate(signer_output.attestation_cert)))
return signer_output