def suite(): """ Create a test suite with all our tests. If the OS environment variable 'YHSM_ZAP' is set and evaluates to true, we will include the special test case class that erases the current YubiHSM config and creates a new one with known keys to be used by the other tests. NOTE that this is ONLY POSSIBLE if the YubiHSM is already in DEBUG mode. """ global test_modules # Check if we have a YubiHSM present, and start with locking it's keystore # XXX produce a better error message than 'error: None' when initializing fails hsm = pyhsm.YHSM(device = os.getenv('YHSM_DEVICE', '/dev/ttyACM0')) try: hsm.unlock("BADPASSPHRASE99") except pyhsm.exception.YHSM_CommandFailed, e: if hsm.version.have_key_store_decrypt(): if e.status != pyhsm.defines.YSM_MISMATCH: raise else: if e.status != pyhsm.defines.YSM_KEY_STORAGE_LOCKED and \ e.status != pyhsm.defines.YSM_FUNCTION_DISABLED: raise
def __init__(self, filename, debug): self.section = _CONFIG_SECTION _CONFIG_DEFAULTS['debug'] = str(debug) self.config = ConfigParser.ConfigParser(_CONFIG_DEFAULTS) if not self.config.read([filename]): raise EduIDAPIError( "Failed loading config file {!r}".format(filename)) # split on comma and strip. cache result. tmp_add_raw_allow = str(self.config.get(self.section, 'add_raw_allow')) # for pylint self._parsed_add_raw_allow = \ [x.strip() for x in tmp_add_raw_allow.split(',')] self.keys = eduid_api.keystore.KeyStore(self.keystore_fn) self._parsed_oath_aead_keyhandle = None self.yhsm = None kh_str = self.config.get(self.section, 'oath_aead_keyhandle') if self.oath_yhsm_device or kh_str: try: import pyhsm if kh_str: self._parsed_oath_aead_keyhandle = pyhsm.util.key_handle_to_int( kh_str.strip()) try: self.yhsm = pyhsm.YHSM(device=self.oath_yhsm_device) # stir up the pool for _ in xrange(10): self.yhsm.random(32) except pyhsm.exception.YHSM_Error: raise EduIDAPIError('YubiHSM init error') except ImportError: raise EduIDAPIError( "yhsm settings present, but import of pyhsm failed")
def main(): args = parse_args() args_fixup(args) hsm = pyhsm.YHSM(device=args.device, debug=args.debug) nonce, aead = generate_aead(hsm, args) return display_oath_entry(args, nonce, aead)
def main(): args = parse_args() args_fixup(args) print "Key handle : %s" % (args.key_handle) print "YHSM device : %s" % (args.device) print "" hsm = pyhsm.YHSM(device = args.device, debug=args.debug) nonce, aead = generate_aead(hsm, args) oath_c = validate_oath_c(hsm, args, nonce, aead) if not store_oath_entry(args, nonce, aead, oath_c): return 1
def main(): args = parse_args() if args.debug: print "YHSM device : %s" % (args.device) print "" hsm = pyhsm.YHSM(device=args.device, debug=args.debug) status = 1 if args.otp: status = validate_otp(hsm, args) elif args.oath: status = validate_oath(hsm, args) return status
def main(): args = parse_args() args_fixup(args) hsm = pyhsm.YHSM(device=args.device, debug=args.debug) # Load our key nonce = args.nonce.decode('hex') aead = args.aead.decode('hex') data = args.data.decode('hex') hsm.load_temp_key(nonce, args.key_handle, aead) print hsm.hmac_sha1(pyhsm.defines.YSM_TEMP_KEY_HANDLE, data).get_hash().encode('hex') return True
def main(): args = parse_args() args_fixup(args) print "output dir : %s" % (args.output_dir) print "keys to generate : %s" % (args.count) print "key handles : %s" % (args.key_handles) print "start public_id : %s (0x%x)" % (args.start_id, args.start_id) print "YHSM device : %s" % (args.device) print "" if os.path.isfile(args.device): hsm = pyhsm.soft_hsm.SoftYHSM.from_file(args.device) else: hsm = pyhsm.YHSM(device=args.device) gen_keys(hsm, args)
def main(): args = parse_args() args_fixup(args) hsm = pyhsm.YHSM(device=args.device, debug=args.debug) nonce = args.nonce.decode('hex') aead = args.aead.decode('hex') new_counter = pyhsm.oath_hotp.search_for_oath_code(hsm, args.key_handle, nonce, aead, \ args.counter, args.token, args.look_ahead) if new_counter == args.counter + 1: print new_counter return True print "FAIL" return False
def main(): """ The main function that will be executed when running this as a stand alone script. """ my_name = os.path.basename(sys.argv[0]) if not my_name: my_name = "yhsm-validation-server" syslog.openlog(my_name, syslog.LOG_PID, syslog.LOG_LOCAL0) global args args = parse_args() args_fixup() global hsm try: hsm = pyhsm.YHSM(device=args.device, debug=args.debug) except serial.SerialException, e: my_log_message( args, syslog.LOG_ERR, 'Failed opening YubiHSM device "%s" : %s' % (args.device, e)) return 1
def main(): args = parse_args() args_fixup(args) if sys.stdin.readline() != "# ykksm 1\n": sys.stderr.write( "Did not get '# ykksm 1' header as first line of input.\n") sys.exit(1) print "output dir : %s" % (args.output_dir) print "key handles : %s" % (args.key_handles) print "YHSM device : %s" % (args.device) print "" if args.aes_key: keys = {kh: args.aes_key for kh in args.key_handles} hsm = SoftYHSM(keys, args.debug) elif os.path.isfile(args.device): hsm = SoftYHSM.from_file(args.device, debug=args.debug) else: hsm = pyhsm.YHSM(device=args.device, debug=args.debug) return not import_keys(hsm, args)
def main(): """ Main program. """ my_name = os.path.basename(sys.argv[0]) if not my_name: my_name = "yhsm-yubikey-ksm" syslog.openlog(my_name, syslog.LOG_PID, syslog.LOG_LOCAL0) args = parse_args() args_fixup(args) aead_backend = None if args.db_url: # Using an SQL database for AEADs try: aead_backend = SQLBackend(args.db_url, args.key_handles) except Exception as e: my_log_message(args.debug or args.verbose, syslog.LOG_ERR, 'Could not connect to database "%s" : %s' % (args.db_url, e)) return 1 else: # Using the filesystem for AEADs try: aead_backend = FSBackend(args.aead_dir, args.key_handles) except Exception as e: my_log_message(args.debug or args.verbose, syslog.LOG_ERR, 'Could not create AEAD FSBackend: %s' % e) return 1 if args.device == '-': # Using a soft-HSM with keys from stdin try: hsm = SoftYHSM.from_json(sys.stdin.read(), debug=args.debug) except ValueError as e: my_log_message(args.debug or args.verbose, syslog.LOG_ERR, 'Failed opening soft YHSM from stdin : %s' % (e)) return 1 elif os.path.isfile(args.device): # Using a soft-HSM from file try: hsm = SoftYHSM.from_file(args.device, debug=args.debug) except ValueError as e: my_log_message(args.debug or args.verbose, syslog.LOG_ERR, 'Failed opening soft YHSM "%s" : %s' % (args.device, e)) return 1 else: # Using a real HSM try: hsm = pyhsm.YHSM(device=args.device, debug=args.debug) context.files_preserve = [hsm.get_raw_device()] except serial.SerialException as e: my_log_message(args.debug or args.verbose, syslog.LOG_ERR, 'Failed opening YubiHSM device "%s" : %s' % (args.device, e)) return 1 if args.daemon: with context: run(hsm, aead_backend, args) else: try: run(hsm, aead_backend, args) except KeyboardInterrupt: print "" print "Shutting down" print ""