Exemple #1
0
def ca_set_authorization_data(h_session, h_object, old_auth_data,
                              new_auth_data):
    """
    User changes authorization data on key object (private, secret)

    :param h_session: session handle
    :param object: key handle to update
    :param old_auth_data: byte list, e.g. [11, 12, 13, ..]
    :param new_auth_data: byte list, e.g. [11, 12, 13, ..]
    :return: Ret code
    """
    old_auth_data_ptr, old_auth_data_length = to_byte_array(old_auth_data)
    old_auth_data_ptr = cast(old_auth_data_ptr, POINTER(CK_UTF8CHAR))

    new_auth_data_ptr, new_auth_data_length = to_byte_array(new_auth_data)
    new_auth_data_ptr = cast(new_auth_data_ptr, POINTER(CK_UTF8CHAR))

    h_object = CK_OBJECT_HANDLE(h_object)
    h_session = CK_SESSION_HANDLE(h_session)

    return CA_SetAuthorizationData(
        h_session,
        h_object,
        old_auth_data_ptr,
        old_auth_data_length,
        new_auth_data_ptr,
        new_auth_data_length,
    )
Exemple #2
0
def ca_read_utilization_metrics(session):
    """
    HSM reads utilization data and saves as a snapshot

    :param session: session id that was opened to run the function
    :return: Ret code
    """
    h_session = CK_SESSION_HANDLE(session)
    return CA_ReadUtilizationMetrics(h_session)
Exemple #3
0
def ca_increment_failed_auth_count(h_session, h_object):
    """
    This function is called by HA group when auth failure happens on a key
    to sync up status. Here its defined mostly for testing purposes
    :param h_session: session handle
    :param object: key handle to update
    :return: Ret code
    """
    h_object = CK_OBJECT_HANDLE(h_object)
    h_session = CK_SESSION_HANDLE(h_session)

    return CA_IncrementFailedAuthCount(h_session, h_object)
Exemple #4
0
def ca_read_and_reset_utilization_metrics(session):
    """
    HSM reads current utilization data and saves as a snapshot;
    HSM resets metrics to zeroes

    :param session: session id that was opened to run the function
    :return: a dictionary with partition serial numbers as keys,
            value - dictionary of utilization metrics
    """
    h_session = CK_SESSION_HANDLE(session)

    return CA_ReadAndResetUtilizationMetrics(h_session)
Exemple #5
0
def ca_assign_key(h_session, h_object):
    """
    Crypto Officer assigns a key

    :param h_session: session handle
    :param object: key handle to assign
    :return: Ret code
    """

    h_object = CK_OBJECT_HANDLE(h_object)
    h_session = CK_SESSION_HANDLE(h_session)

    return CA_AssignKey(h_session, h_object)
Exemple #6
0
def ca_authorize_key(h_session, h_object, auth_data):
    """
    User authorizes key within session or access for use

    :param h_session: session handle
    :param object: key handle to authorize
    :param auth_data: authorization byte list, e.g. [11, 12, 13, ..]
    :return: Ret code
    """
    auth_data_ptr, auth_data_length = to_byte_array(auth_data)
    auth_data_ptr = cast(auth_data_ptr, POINTER(CK_UTF8CHAR))

    h_object = CK_OBJECT_HANDLE(h_object)
    h_session = CK_SESSION_HANDLE(h_session)

    return CA_AuthorizeKey(h_session, h_object, auth_data_ptr,
                           auth_data_length)
Exemple #7
0
def ca_reset_authorization_data(h_session, h_object, auth_data):
    """
    CO resets auth data on unassigned key

    :param h_session: session handle
    :param object: key handle to update
    :param auth_data: byte list, e.g. [11, 12, 13, ..]
    :return: Ret code
    """
    auth_data_ptr, auth_data_length = to_byte_array(auth_data)
    auth_data_ptr = cast(auth_data_ptr, POINTER(CK_UTF8CHAR))

    h_object = CK_OBJECT_HANDLE(h_object)
    h_session = CK_SESSION_HANDLE(h_session)

    return CA_ResetAuthorizationData(h_session, h_object, auth_data_ptr,
                                     auth_data_length)
Exemple #8
0
def ca_get_session_info(session):
    """
    ca extension function that returns session information

    :param session: session handle
    :return: tuple of return code and session info dict
    """
    session_info = {}
    h_session = CK_SESSION_HANDLE(session)
    aid_hi = CK_ULONG()
    aid_lo = CK_ULONG()
    container = CK_ULONG()
    auth_level = CK_ULONG()
    ret = CA_GetSessionInfo(h_session, byref(aid_hi), byref(aid_lo),
                            byref(container), byref(auth_level))
    if ret != CKR_OK:
        return ret, None

    session_info['aidHigh'] = aid_hi.value
    session_info['aidLow'] = aid_lo.value
    session_info['containerNumber'] = container.value
    session_info['authenticationLevel'] = auth_level.value

    return ret, session_info