def _create_pkcs11(self, plugin_conf, ffi=None):
return pkcs11.PKCS11(library_path=plugin_conf.library_path,
login_passphrase=plugin_conf.login,
rw_session=plugin_conf.rw_session,
slot_id=plugin_conf.slot_id,
ffi=ffi,
algorithm=plugin_conf.algorithm)
def _create_pkcs11_session(self, passphrase, libpath, slotid, hmacwrap):
self.pkcs11 = pkcs11.PKCS11(library_path=libpath,
login_passphrase=passphrase,
rw_session=True,
slot_id=slotid,
encryption_mechanism='CKM_AES_CBC',
hmac_keywrap_mechanism=hmacwrap)
self.session = self.pkcs11.get_session()
def __init__(self, conf=CONF, ffi=None):
self.conf = conf
if conf.p11_crypto_plugin.library_path is None:
raise ValueError(u._("library_path is required"))
self.pkcs11 = pkcs11.PKCS11(
library_path=conf.p11_crypto_plugin.library_path,
login_passphrase=conf.p11_crypto_plugin.login,
slot_id=conf.p11_crypto_plugin.slot_id,
ffi=ffi)
self.pkcs11.cache_mkek_and_hmac(conf.p11_crypto_plugin.mkek_label,
conf.p11_crypto_plugin.hmac_label)
def setUp(self):
super(WhenTestingPKCS11, self).setUp()
self.lib = mock.Mock()
self.lib.C_Initialize.return_value = pkcs11.CKR_OK
self.lib.C_Finalize.return_value = pkcs11.CKR_OK
self.lib.C_GetSlotList.side_effect = self._get_slot_list
self.lib.C_GetTokenInfo.side_effect = self._get_token_info
self.lib.C_OpenSession.side_effect = self._open_session
self.lib.C_CloseSession.return_value = pkcs11.CKR_OK
self.lib.C_GetSessionInfo.side_effect = self._get_session_user
self.lib.C_Login.return_value = pkcs11.CKR_OK
self.lib.C_FindObjectsInit.return_value = pkcs11.CKR_OK
self.lib.C_FindObjects.side_effect = self._find_objects_one
self.lib.C_FindObjectsFinal.return_value = pkcs11.CKR_OK
self.lib.C_GenerateKey.side_effect = self._generate_key
self.lib.C_GenerateRandom.side_effect = self._generate_random
self.lib.C_SeedRandom.return_value = pkcs11.CKR_OK
self.lib.C_EncryptInit.return_value = pkcs11.CKR_OK
self.lib.C_Encrypt.side_effect = self._encrypt
self.lib.C_DecryptInit.return_value = pkcs11.CKR_OK
self.lib.C_Decrypt.side_effect = self._decrypt
self.lib.C_WrapKey.side_effect = self._wrap_key
self.lib.C_UnwrapKey.side_effect = self._unwrap_key
self.lib.C_SignInit.return_value = pkcs11.CKR_OK
self.lib.C_Sign.side_effect = self._sign
self.lib.C_VerifyInit.return_value = pkcs11.CKR_OK
self.lib.C_Verify.side_effect = self._verify
self.lib.C_DestroyObject.return_value = pkcs11.CKR_OK
self.ffi = pkcs11.build_ffi()
setattr(self.ffi, 'dlopen', lambda x: self.lib)
self.cfg_mock = mock.MagicMock(name='config mock')
self.cfg_mock.library_path = '/dev/null'
self.cfg_mock.login_passphrase = 'foobar'
self.cfg_mock.rw_session = False
self.cfg_mock.slot_id = 1
self.cfg_mock.encryption_mechanism = 'CKM_AES_CBC'
self.cfg_mock.hmac_keywrap_mechanism = 'CKM_SHA256_HMAC'
self.token_mock = mock.MagicMock()
self.token_mock.label = b'myLabel'
self.token_mock.serial_number = b'111111'
self.pkcs11 = pkcs11.PKCS11(
self.cfg_mock.library_path, self.cfg_mock.login_passphrase,
self.cfg_mock.rw_session, self.cfg_mock.slot_id,
self.cfg_mock.encryption_mechanism,
ffi=self.ffi,
hmac_keywrap_mechanism=self.cfg_mock.hmac_keywrap_mechanism
)
def _create_pkcs11(self, plugin_conf, ffi=None):
seed_random_buffer = None
if plugin_conf.seed_file:
with open(plugin_conf.seed_file, 'rb') as f:
seed_random_buffer = f.read(plugin_conf.seed_length)
return pkcs11.PKCS11(
library_path=plugin_conf.library_path,
login_passphrase=plugin_conf.login,
rw_session=plugin_conf.rw_session,
slot_id=plugin_conf.slot_id,
ffi=ffi,
algorithm=plugin_conf.algorithm,
seed_random_buffer=seed_random_buffer,
)
def __init__(self, ffi=None):
self.parser = self.get_main_parser()
self.subparsers = self.parser.add_subparsers(
title='subcommands', description='Action to perform')
self.add_mkek_args()
self.add_hmac_args()
self.args = self.parser.parse_args()
if not self.args.passphrase:
password = six.moves.input("Please enter your password: ")
self.pkcs11 = pkcs11.PKCS11(library_path=self.args.library_path,
login_passphrase=self.args.passphrase
or password,
slot_id=int(self.args.slot_id),
ffi=ffi)
self.session = self.pkcs11.create_working_session()
def _create_pkcs11(self, plugin_conf, ffi=None):
seed_random_buffer = None
if plugin_conf.seed_file:
with open(plugin_conf.seed_file, 'rb') as f:
seed_random_buffer = f.read(plugin_conf.seed_length)
return pkcs11.PKCS11(
library_path=plugin_conf.library_path,
login_passphrase=plugin_conf.login,
rw_session=plugin_conf.rw_session,
slot_id=plugin_conf.slot_id,
encryption_mechanism=plugin_conf.encryption_mechanism,
ffi=ffi,
seed_random_buffer=seed_random_buffer,
generate_iv=plugin_conf.generate_iv,
)
def _create_pkcs11(self, plugin_conf, ffi=None):
seed_random_buffer = None
if plugin_conf.seed_file:
with open(plugin_conf.seed_file, 'rb') as f:
seed_random_buffer = f.read(plugin_conf.seed_length)
return pkcs11.PKCS11(
library_path=plugin_conf.library_path,
login_passphrase=plugin_conf.login,
rw_session=plugin_conf.rw_session,
slot_id=plugin_conf.slot_id,
encryption_mechanism=plugin_conf.encryption_mechanism,
ffi=ffi,
seed_random_buffer=seed_random_buffer,
generate_iv=plugin_conf.aes_gcm_generate_iv,
always_set_cka_sensitive=plugin_conf.always_set_cka_sensitive,
hmac_keywrap_mechanism=plugin_conf.hmac_keywrap_mechanism,
token_serial_number=plugin_conf.token_serial_number,
token_label=plugin_conf.token_label
)
def _create_pkcs11(self, ffi=None):
seed_random_buffer = None
if self.seed_file:
with open(self.seed_file, 'rb') as f:
seed_random_buffer = f.read(self.seed_length)
return pkcs11.PKCS11(
library_path=self.library_path,
login_passphrase=self.login,
rw_session=self.rw_session,
slot_id=self.slot_id,
encryption_mechanism=self.encryption_mechanism,
ffi=ffi,
seed_random_buffer=seed_random_buffer,
generate_iv=self.generate_iv,
always_set_cka_sensitive=self.cka_sensitive,
hmac_keywrap_mechanism=self.hmac_keywrap_mechanism,
token_serial_number=self.token_serial_number,
token_labels=self.token_labels,
os_locking_ok=self.os_locking_ok)
def setUp(self):
super(WhenTestingPKCS11, self).setUp()
self.lib = mock.Mock()
self.lib.C_Initialize.return_value = pkcs11.CKR_OK
self.lib.C_Finalize.return_value = pkcs11.CKR_OK
self.lib.C_OpenSession.side_effect = self._open_session
self.lib.C_CloseSession.return_value = pkcs11.CKR_OK
self.lib.C_GetSessionInfo.side_effect = self._get_session_user
self.lib.C_Login.return_value = pkcs11.CKR_OK
self.lib.C_FindObjectsInit.return_value = pkcs11.CKR_OK
self.lib.C_FindObjects.side_effect = self._find_objects_one
self.lib.C_FindObjectsFinal.return_value = pkcs11.CKR_OK
self.lib.C_GenerateKey.side_effect = self._generate_key
self.lib.C_GenerateRandom.side_effect = self._generate_random
self.lib.C_EncryptInit.return_value = pkcs11.CKR_OK
self.lib.C_Encrypt.side_effect = self._encrypt
self.lib.C_DecryptInit.return_value = pkcs11.CKR_OK
self.lib.C_Decrypt.side_effect = self._decrypt
self.lib.C_WrapKey.side_effect = self._wrap_key
self.lib.C_UnwrapKey.side_effect = self._unwrap_key
self.lib.C_SignInit.return_value = pkcs11.CKR_OK
self.lib.C_Sign.side_effect = self._sign
self.lib.C_VerifyInit.return_value = pkcs11.CKR_OK
self.lib.C_Verify.side_effect = self._verify
self.lib.C_DestroyObject.return_value = pkcs11.CKR_OK
self.ffi = pkcs11.build_ffi()
setattr(self.ffi, 'dlopen', lambda x: self.lib)
self.cfg_mock = mock.MagicMock(name='config mock')
self.cfg_mock.library_path = '/dev/null'
self.cfg_mock.login_passphrase = 'foobar'
self.cfg_mock.rw_session = False
self.cfg_mock.slot_id = 1
self.cfg_mock.algorithm = 'CKM_AES_GCM'
self.pkcs11 = pkcs11.PKCS11(self.cfg_mock.library_path,
self.cfg_mock.login_passphrase,
self.cfg_mock.rw_session,
self.cfg_mock.slot_id,
ffi=self.ffi)
def _create_pkcs11_session(self, conf, passphrase, libpath, slotid,
hmacwrap):
if passphrase is None:
passphrase = conf.p11_crypto_plugin.login
if libpath is None:
libpath = conf.p11_crypto_plugin.library_path
if slotid is None:
slotid = conf.p11_crypto_plugin.slot_id
elif type(slotid) is not int:
slotid = int(slotid)
if hmacwrap is None:
hmacwrap = conf.p11_crypto_plugin.hmac_keywrap_mechanism
self.pkcs11 = pkcs11.PKCS11(
library_path=libpath,
login_passphrase=passphrase,
rw_session=True,
slot_id=slotid,
encryption_mechanism='CKM_AES_CBC',
hmac_keywrap_mechanism=hmacwrap,
token_serial_number=conf.p11_crypto_plugin.token_serial_number,
token_labels=conf.p11_crypto_plugin.token_labels)
self.session = self.pkcs11.get_session()
def _create_pkcs11_session(self, passphrase, libpath, slotid):
self.pkcs11 = pkcs11.PKCS11(library_path=libpath,
login_passphrase=passphrase,
rw_session=True,
slot_id=slotid)
self.session = self.pkcs11.get_session()
