def confirmSignature(cert, signature):
try:
certificate = crypto.load_certificate(crypto.FILETYPE_ASN1,
bytes(cert))
except crypto.Error:
print("Invalid certificate")
return False
if not verifyCert(certificate):
print("Certificate is not valid.")
return False
try:
signature = bytes(ckbytelist(bytes(json.loads(signature))))
except PyKCS11Error:
print("Signature is not valid.")
return False
BI = [
x[1] for x in certificate.get_subject().get_components()
if "serialNumber" in str(x[0])
][0]
try:
crypto.verify(certificate, signature, BI, 'RSA-SHA1')
except crypto.Error:
print("Signature is not valid")
return False
return True
def test_LowLevel(self):
a = PyKCS11.LowLevel.CPKCS11Lib()
self.assertIsNotNone(a)
info = PyKCS11.LowLevel.CK_INFO()
self.assertIsNotNone(info)
slotInfo = PyKCS11.LowLevel.CK_SLOT_INFO()
self.assertIsNotNone(slotInfo)
lib = os.getenv("PYKCS11LIB")
if lib is None:
raise (Exception("Define PYKCS11LIB"))
session = PyKCS11.LowLevel.CK_SESSION_HANDLE()
self.assertIsNotNone(session)
sessionInfo = PyKCS11.LowLevel.CK_SESSION_INFO()
self.assertIsNotNone(sessionInfo)
tokenInfo = PyKCS11.LowLevel.CK_TOKEN_INFO()
self.assertIsNotNone(tokenInfo)
slotList = PyKCS11.LowLevel.ckintlist()
self.assertIsNotNone(slotList)
a.Load(lib)
self.assertEqual(a.C_GetInfo(info), PyKCS11.LowLevel.CKR_OK)
manufacturerID = info.GetManufacturerID()
self.assertEqual(manufacturerID, "SoftHSM".ljust(32))
del info
a.C_GetSlotList(0, slotList)
slot = slotList[0]
self.assertEqual(a.C_GetSlotInfo(slot, slotInfo),
PyKCS11.LowLevel.CKR_OK)
self.assertEqual(
a.C_OpenSession(
slot,
PyKCS11.LowLevel.CKF_SERIAL_SESSION
| PyKCS11.LowLevel.CKF_RW_SESSION,
session,
),
PyKCS11.LowLevel.CKR_OK,
)
self.assertEqual(a.C_GetSessionInfo(session, sessionInfo),
PyKCS11.LowLevel.CKR_OK)
self.assertEqual(a.C_GetTokenInfo(slot, tokenInfo),
PyKCS11.LowLevel.CKR_OK)
label = tokenInfo.GetLabel()
manufacturerID = tokenInfo.GetManufacturerID()
flags = tokenInfo.flags
model = tokenInfo.GetModel()
pin = ckbytelist("1234")
self.assertEqual(a.C_Login(session, PyKCS11.LowLevel.CKU_USER, pin),
PyKCS11.LowLevel.CKR_OK)
self.assertEqual(a.C_Logout(session), PyKCS11.LowLevel.CKR_OK)
self.assertEqual(a.C_CloseSession(session), PyKCS11.LowLevel.CKR_OK)
self.assertEqual(
a.C_OpenSession(slotList[0], PyKCS11.LowLevel.CKF_SERIAL_SESSION,
session),
PyKCS11.LowLevel.CKR_OK,
)
self.assertEqual(a.C_Login(session, PyKCS11.LowLevel.CKU_USER, pin),
PyKCS11.LowLevel.CKR_OK)
SearchResult = PyKCS11.LowLevel.ckobjlist(10)
SearchTemplate = PyKCS11.LowLevel.ckattrlist(2)
SearchTemplate[0].SetNum(PyKCS11.LowLevel.CKA_CLASS,
PyKCS11.LowLevel.CKO_CERTIFICATE)
SearchTemplate[1].SetBool(PyKCS11.LowLevel.CKA_TOKEN, True)
self.assertEqual(a.C_FindObjectsInit(session, SearchTemplate),
PyKCS11.LowLevel.CKR_OK)
self.assertEqual(a.C_FindObjects(session, SearchResult),
PyKCS11.LowLevel.CKR_OK)
self.assertEqual(a.C_FindObjectsFinal(session),
PyKCS11.LowLevel.CKR_OK)
for x in SearchResult:
print("object: " + hex(x.value()))
valTemplate = PyKCS11.LowLevel.ckattrlist(2)
valTemplate[0].SetType(PyKCS11.LowLevel.CKA_LABEL)
# valTemplate[0].Reserve(128)
valTemplate[1].SetType(PyKCS11.LowLevel.CKA_CLASS)
# valTemplate[1].Reserve(4)
print("C_GetAttributeValue(): " +
hex(a.C_GetAttributeValue(session, x, valTemplate)))
print(
"CKA_LABEL Len: ",
valTemplate[0].GetLen(),
" CKA_CLASS Len: ",
valTemplate[1].GetLen(),
)
print("C_GetAttributeValue(): " +
hex(a.C_GetAttributeValue(session, x, valTemplate)))
print("\tCKO_CERTIFICATE: " + valTemplate[0].GetString())
print("\tCKA_TOKEN: " + str(valTemplate[1].GetNum()))
self.assertEqual(a.C_Logout(session), PyKCS11.LowLevel.CKR_OK)
self.assertEqual(a.C_CloseSession(session), PyKCS11.LowLevel.CKR_OK)
self.assertEqual(a.C_Finalize(), PyKCS11.LowLevel.CKR_OK)
a.Unload()
from PyKCS11.LowLevel import *
from PyKCS11 import ckbytelist
import os
a = CPKCS11Lib()
info = CK_INFO()
slotInfo = CK_SLOT_INFO()
lib = os.getenv("PYKCS11LIB")
if lib is None:
raise (Exception("Define PYKCS11LIB"))
session = CK_SESSION_HANDLE()
sessionInfo = CK_SESSION_INFO()
tokenInfo = CK_TOKEN_INFO()
slotList = ckintlist()
pin = ckbytelist("1234")
print("Load of " + lib + ": " + str(a.Load(lib)))
print("C_GetInfo:", hex(a.C_GetInfo(info)))
print("Library manufacturerID:", info.GetManufacturerID())
del info
print("C_GetSlotList(NULL): " + hex(a.C_GetSlotList(0, slotList)))
print("\tAvailable Slots: " + str(len(slotList)))
for x in range(len(slotList)):
print("\tC_SlotInfo(): " + hex(a.C_GetSlotInfo(slotList[x], slotInfo)))
print(
"\t\tSlot N."
+ str(x)
+ ": ID="
import PyKCS11.LowLevel
from PyKCS11 import ckbytelist
import os
a = PyKCS11.LowLevel.CPKCS11Lib()
info = PyKCS11.LowLevel.CK_INFO()
slotInfo = PyKCS11.LowLevel.CK_SLOT_INFO()
lib = os.getenv("PYKCS11LIB")
if lib is None:
raise (Exception("Define PYKCS11LIB"))
session = PyKCS11.LowLevel.CK_SESSION_HANDLE()
sessionInfo = PyKCS11.LowLevel.CK_SESSION_INFO()
tokenInfo = PyKCS11.LowLevel.CK_TOKEN_INFO()
slotList = PyKCS11.LowLevel.ckintlist()
pin = ckbytelist("123456")
puk = ckbytelist("12345678")
Label = "PyKCS#11 Initialized Token "
print("Load of " + lib + ": " + str(a.Load(lib)))
print("C_GetInfo: " + hex(a.C_GetInfo(info)))
print("Library manufacturerID: " + info.GetManufacturerID())
del info
print("C_GetSlotList(NULL): " + hex(a.C_GetSlotList(1, slotList)))
print("\tAvailable Slots: " + str(len(slotList)))
if len(slotList) != 0:
print("\tC_SlotInfo(): " + hex(a.C_GetSlotInfo(slotList[0], slotInfo)))
print("\tC_GetTokenInfo(): " + hex(a.C_GetTokenInfo(slotList[0], tokenInfo)))