def ep11init(self):
if not os.environ.get('ZHSM'):
print("$ZHSM environment variable is not set, defaulting to the original software AES")
self.grep11ServerStub = 0
else:
zhsm = os.environ['ZHSM']
print("zHSM host: " + zhsm)
channel = grpc.insecure_channel(zhsm + ':9876')
self.grep11ServerStub = server_pb2_grpc.CryptoStub(channel)
def decrypt_with_iv(self, key, iv, encrypted_data):
# return None if there is no ZHSM
if not self.channel:
print("no grpc channel configured")
return None
grep11ServerStub = server_pb2_grpc.CryptoStub(self.channel)
try:
ep11key = self.ep11key(grep11ServerStub, key)
print("pyep11.AES.decrypt: key=" + key.hex())
request = server_pb2.DecryptSingleRequest(
Mech=pkcs11_pb2.Mechanism(Mechanism=ep11.CKM_AES_CBC_PAD,
Parameter=iv),
Key=ep11key,
Ciphered=encrypted_data)
cipherState = grep11ServerStub.DecryptSingle(request)
plaintext = cipherState.Plain[:]
if len(plaintext) < 128:
print("Decrypted message " + str(plaintext))
else:
print("Decrypted message " + "..........................")
#print("Decrypted message " + plaintext.hex())
#print("Encrypted message " + encrypted_data.hex())
return plaintext
except grpc.RpcError as rpc_error:
print(
f'decrypt_with_iv: RPC failed with code {rpc_error.code()}: {rpc_error}'
)
print('grpc error code=' + str(rpc_error._state.code) + ' ' +
str(type(rpc_error._state.code)))
raise HpcsError()
except Exception as e:
exc_type, exc_obj, tb = sys.exc_info()
lineno = tb.tb_lineno
print('Unexpected error: ' + str(e) + ' ' + str(type(e)) + ' at ' +
str(lineno))
raise HpcsError()
def encrypt_with_iv(self, key, iv, data):
# return None if there is no ZHSM
if not self.channel:
return None
grep11ServerStub = server_pb2_grpc.CryptoStub(self.channel)
try:
ep11key = self.ep11key(grep11ServerStub, key)
print("pyep11.AES.encrypt: key=" + key.hex())
request = server_pb2.EncryptSingleRequest(
Mech=pkcs11_pb2.Mechanism(Mechanism=ep11.CKM_AES_CBC_PAD,
Parameter=iv),
Key=ep11key,
Plain=data)
cipherState = grep11ServerStub.EncryptSingle(request)
ciphertext = cipherState.Ciphered[:]
if len(data) < 128:
print("Original message " + str(data))
else:
print("Original message " + "..........................")
#print("Original message " + data.hex())
#print("Encrypted message " + ciphertext.hex())
return ciphertext
except grpc.RpcError as rpc_error:
print(
f'encrypt_with_iv: RPC failed with code {rpc_error.code()}: {rpc_error}'
)
print('grpc error code=' + str(rpc_error._state.code) + ' ' +
str(type(rpc_error._state.code)))
return None
except Exception as e:
exc_type, exc_obj, tb = sys.exc_info()
lineno = tb.tb_lineno
print('Unexpected error: ' + str(e) + ' ' + str(type(e)) + ' at ' +
str(lineno))
return None