Skip to content

Commit

Permalink
Merge branch 'cpv4_ca_funcs' into 'release'
Browse files Browse the repository at this point in the history
Cpv4 ca funcs

See merge request luna-automation/pycryptoki!24
  • Loading branch information
Ashley Straw 10033832 committed May 25, 2021
2 parents f7d8613 + 89bf270 commit bf5cfb7
Show file tree
Hide file tree
Showing 10 changed files with 459 additions and 2 deletions.
2 changes: 1 addition & 1 deletion docs/conf.py
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@
# The short X.Y version.
version = "2.5"
# The full version, including alpha/beta/rc tags.
release = "2.5.22"
release = "2.5.23"

# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
Expand Down
59 changes: 59 additions & 0 deletions pycryptoki/ca_extensions/cpv4.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
"""
cpv4 ca extensions
"""
import logging
from collections import namedtuple
from copy import deepcopy

from pycryptoki.defines import CKR_OK
from pycryptoki.cryptoki import (
CA_MigrateKeys,
CK_ULONG,
CK_SESSION_HANDLE,
CK_OBJECT_MIGRATION_DATA,
)
from pycryptoki.exceptions import make_error_handle_function


LOG = logging.getLogger(__name__)
MIGRATION_KEYS = ["object_type", "source_handle"]
MIGRATION_DATA = namedtuple("MIGRATION_DATA", deepcopy(MIGRATION_KEYS))


def get_mig_data_c_struct(mig_data_list):
"""
Build an array of :class:`~pycryptoki.cryptoki.CK_OBJECT_MIGRATION_DATA` Structs & return it.
:return: :class:`~pycryptoki.cryptoki.CK_OBJECT_MIGRATION_DATA` array
"""
ret_struct = (CK_OBJECT_MIGRATION_DATA * len(mig_data_list))()
for index, mig_data in enumerate(mig_data_list):
object_type, source_handle = mig_data
ret_struct[index] = CK_OBJECT_MIGRATION_DATA(
objectType=object_type, sourceHandle=source_handle
)
return ret_struct


def ca_migrate_keys(
source_session, target_session, migration_flags, num_objects, objects_to_migrate
):
"""
Runs CA_MigrateKeys command
:param objects_to_migrate: a list of tuples (objectType, sourceHandle) or list of MIGRATION_DATA
"""
objects_to_migrate = (
objects_to_migrate if isinstance(objects_to_migrate, list) else [objects_to_migrate]
)
c_mig_data = get_mig_data_c_struct(objects_to_migrate)

ret = CA_MigrateKeys(source_session, target_session, migration_flags, num_objects, c_mig_data)

if ret != CKR_OK:
return ret, None

return ret, [(data.rv, data.targetHandle) for data in c_mig_data]


ca_migrate_keys_ex = make_error_handle_function(ca_migrate_keys)
4 changes: 4 additions & 0 deletions pycryptoki/cryptoki/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,8 @@
"CA_InitSlotRolePIN",
"CA_InitializeRemotePEDVector",
"CA_Insert",
"CA_MigrateKeys",
"CA_MigrationStartSessionNegotiation",
"CA_InsertMaskedObject",
"CA_InvokeService",
"CA_InvokeServiceAsynch",
Expand Down Expand Up @@ -476,6 +478,8 @@
"CK_CPV4_EXTRACT_PARAMS_PTR",
"CK_CPV4_INSERT_PARAMS",
"CK_CPV4_INSERT_PARAMS_PTR",
"CK_OBJECT_MIGRATION_DATA",
"CK_OBJECT_MIGRATION_DATA_PTR",
"C_CancelFunction",
"C_CloseAllSessions",
"C_CloseSession",
Expand Down
16 changes: 16 additions & 0 deletions pycryptoki/cryptoki/ck_defs.py
Original file line number Diff line number Diff line change
Expand Up @@ -1126,6 +1126,22 @@ def __init__(self, aid=None):
struct_def(CK_APPLICATION_ID, [("id", CK_BYTE * 16)])


class CK_OBJECT_MIGRATION_DATA(Structure):
pass


struct_def(
CK_OBJECT_MIGRATION_DATA,
[
("objectType", CK_ULONG),
("sourceHandle", CK_OBJECT_HANDLE),
("targetHandle", CK_OBJECT_HANDLE),
("rv", CK_RV),
],
)
CK_OBJECT_MIGRATION_DATA_PTR = POINTER(CK_OBJECT_MIGRATION_DATA)


class CK_CPV4_EXTRACT_PARAMS(Structure):
pass

Expand Down
8 changes: 8 additions & 0 deletions pycryptoki/cryptoki/func_defs.py
Original file line number Diff line number Diff line change
Expand Up @@ -578,6 +578,14 @@
)
CA_Extract = make_late_binding_function("CA_Extract", [CK_SESSION_HANDLE, CK_MECHANISM_PTR])
CA_Insert = make_late_binding_function("CA_Insert", [CK_SESSION_HANDLE, CK_MECHANISM_PTR])
CA_MigrateKeys = make_late_binding_function(
"CA_MigrateKeys",
[CK_SESSION_HANDLE, CK_SESSION_HANDLE, CK_ULONG, CK_ULONG, CK_OBJECT_MIGRATION_DATA_PTR],
)
CA_MigrationStartSessionNegotiation = make_late_binding_function(
"CA_MigrationStartSessionNegotiation",
[CK_SESSION_HANDLE, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR, CK_ULONG_PTR, CK_BYTE_PTR],
)
CA_GetTokenObjectUID = make_late_binding_function(
"CA_GetTokenObjectUID", [CK_SLOT_ID, CK_ULONG, CK_ULONG, POINTER(CK_BYTE)]
)
Expand Down
3 changes: 3 additions & 0 deletions pycryptoki/daemon/rpyc_pycryptoki.py
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,7 @@
ca_get_cv_firmware_version,
ca_get_cv_firmware_version_ex,
)
from pycryptoki.ca_extensions.cpv4 import ca_migrate_keys, ca_migrate_keys_ex
from pycryptoki.cryptoki import CK_ULONG
from pycryptoki.encryption import (
c_encrypt,
Expand Down Expand Up @@ -754,6 +755,8 @@ def test_attrs(attributes):
ca_stc_get_digest_ids_ex = staticmethod(ca_stc_get_digest_ids_ex)
ca_stc_get_digest_name_by_id = staticmethod(ca_stc_get_digest_name_by_id)
ca_stc_get_digest_name_by_id_ex = staticmethod(ca_stc_get_digest_name_by_id_ex)
ca_migrate_keys = staticmethod(ca_migrate_keys)
ca_migrate_keys_ex = staticmethod(ca_migrate_keys_ex)


def server_launch(service, ip, port, config):
Expand Down
1 change: 1 addition & 0 deletions pycryptoki/defines.py
Original file line number Diff line number Diff line change
Expand Up @@ -1507,6 +1507,7 @@
CKF_EC_UNCOMPRESS = 0x01000000
CKF_EC_COMPRESS = 0x02000000
CKF_EXTENSION = 0x80000000
CKF_CPV4_CONTINUE_ON_ERR = 0x01
CKR_ARGUMENTS_BAD = 0x00000007
CKR_ATTRIBUTE_READ_ONLY = 0x00000010
CKR_ATTRIBUTE_SENSITIVE = 0x00000011
Expand Down
2 changes: 1 addition & 1 deletion setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
description="A python wrapper around the C cryptoki library.",
author="Ashley Straw",
url="https://github.com/gemalto/pycryptoki",
version="2.5.22",
version="2.5.23",
packages=[
"pycryptoki",
"pycryptoki.cryptoki",
Expand Down
9 changes: 9 additions & 0 deletions tests/functional/conftest.py
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,14 @@ def pytest_addoption(parser):
default=os.environ.get("SLOT", 1),
dest="test_slot",
)
optiongroup.addoption(
"--clo-slot",
help="Specify the slot as the target cloning slot",
type=int,
default=os.environ.get("CLONE_SLOT", 2),
dest="test_clone_slot",
required=False,
)
optiongroup.addoption(
"--reset",
help="Reset the HSM back to its default settings with a factory" " reset.",
Expand Down Expand Up @@ -97,6 +105,7 @@ def pytest_configure(config):
logger.setLevel(config.getoption("loglevel").upper())

hsm_config["test_slot"] = config.getoption("test_slot")
hsm_config["test_clone_slot"] = config.getoption("test_clone_slot")
hsm_config["user"] = config.getoption("user")
hsm_config["reset"] = config.getoption("reset")

Expand Down
Loading

0 comments on commit bf5cfb7

Please sign in to comment.