new_auth_data_ptr = cast(new_auth_data_ptr, POINTER(CK_UTF8CHAR))
h_object = CK_OBJECT_HANDLE(h_object)
h_session = CK_SESSION_HANDLE(h_session)
return CA_SetAuthorizationData(
h_session,
h_object,
old_auth_data_ptr,
old_auth_data_length,
new_auth_data_ptr,
new_auth_data_length,
)
ca_set_authorization_data_ex = make_error_handle_function(
ca_set_authorization_data)
def ca_reset_authorization_data(h_session, h_object, auth_data):
"""
CO resets auth data on unassigned key
:param h_session: session handle
:param object: key handle to update
:param auth_data: byte list, e.g. [11, 12, 13, ..]
:return: Ret code
"""
auth_data_ptr, auth_data_length = to_byte_array(auth_data)
auth_data_ptr = cast(auth_data_ptr, POINTER(CK_UTF8CHAR))
h_object = CK_OBJECT_HANDLE(h_object)
license_len = c_ulong()
ret = CA_RetrieveLicenseList(slot, byref(license_len), None)
if ret == CKR_OK:
licenses = (c_ulong * license_len.value)()
ret = CA_RetrieveLicenseList(slot, license_len,
cast(licenses, POINTER(c_ulong)))
LOG.info("Getting license id. slot=%s", slot)
if ret != CKR_OK:
return ret, []
else:
return ret, []
return ret, [(licenses[x], licenses[x + 1])
for x in range(0, license_len.value, 2)]
ca_retrieve_license_list_ex = make_error_handle_function(
ca_retrieve_license_list)
def ca_retrieve_allowed_containers(slot):
"""Gets the maximum allowed container number for a given slot id
:param int slot_id: Slot index to get the maximum allowed container number
:returns: (ret code, A unsigned integer representing the maximum allowed container number)
:rtype: unsigned integer
"""
allowed_partition_number = c_ulong()
ret = CA_GetNumberOfAllowedContainers(slot,
byref(allowed_partition_number))
LOG.info("Getting allowed maximum container number. slot=%s", slot)
return ret, allowed_partition_number
:param int wrapping_key: The wrapping key based on the encryption flavor
:param wrap_mechanism: See the :py:func:`~pycryptoki.mechanism.parse_mechanism` function
for possible values.
:param output_buffer: The size of the wrapped key, defaulted to a cert size
:returns: (Retcode, python bytestring representing wrapped key)
:rtype: tuple
"""
# derive key parameters preparation
derive_mech = parse_mechanism(derive_mechanism)
c_template = Attributes(derive_template).get_c_struct()
# wrapping key parameter preparation
wrap_mech = parse_mechanism(wrap_mechanism)
# derive key and wrap function requires the size and in that way is
# inconsistent with wrap function
size = CK_ULONG(output_buffer)
wrapped_key = AutoCArray(ctype=c_ubyte, size=size)
ret = CA_DeriveKeyAndWrap(h_session, derive_mech,
CK_OBJECT_HANDLE(h_base_key), c_template,
CK_ULONG(len(derive_template)), wrap_mech,
CK_OBJECT_HANDLE(wrapping_key),
wrapped_key.array, wrapped_key.size)
if ret != CKR_OK:
return ret, None
return ret, string_at(wrapped_key.array, wrapped_key.size.contents.value)
ca_derive_key_and_wrap_ex = make_error_handle_function(ca_derive_key_and_wrap)
objecttype = CK_ULONG()
objecthandle = CK_ULONG()
# ulContainerNumber is required which is of type CK_ULONG
container_number = ca_get_session_info_ex(session)['containerNumber']
ouid, size_ouid = to_byte_array(int(objectouid, 16))
c_ouid = cast(ouid, POINTER(c_ubyte))
ret = CA_GetObjectHandle(CK_SLOT_ID(slot), container_number, c_ouid,
byref(objecttype), byref(objecthandle))
if ret != CKR_OK:
return ret, None
return ret, objecthandle.value
ca_get_object_handle_ex = make_error_handle_function(ca_get_object_handle)
def ca_destroy_multiple_objects(h_session, objects):
"""Delete multiple objects corresponding to given object handles
:param int h_session: Session handle
:param list objects: The handles of the objects to delete
:returns: Return code
"""
handles_count = len(objects)
handles = AutoCArray(data=objects, ctype=CK_ULONG)
ret = CA_DestroyMultipleObjects(h_session, handles_count, handles.array,
byref(CK_ULONG()))
return ret
3: 'DECRYPT',
4: 'KEY_GENERATION',
5: 'KEY_DERIVATION'
}
def ca_read_utilization_metrics(session):
"""
HSM reads utilization data and saves as a snapshot
:param session: session id that was opened to run the function
:return: Ret code
"""
h_session = CK_SESSION_HANDLE(session)
return CA_ReadUtilizationMetrics(h_session)
ca_read_utilization_metrics_ex = make_error_handle_function(ca_read_utilization_metrics)
def ca_read_and_reset_utilization_metrics(session):
"""
HSM reads current utilization data and saves as a snapshot;
HSM resets metrics to zeroes
:param session: session id that was opened to run the function
:return: a dictionary with partition serial numbers as keys,
value - dictionary of utilization metrics
"""
h_session = CK_SESSION_HANDLE(session)
return CA_ReadAndResetUtilizationMetrics(h_session)
ca_read_and_reset_utilization_metrics_ex = \
LOG = logging.getLogger(__name__)
def ca_get_session_info(session):
"""
ca extension function that returns session information
:param session: session handle
:return: tuple of return code and session info dict
"""
session_info = {}
h_session = CK_SESSION_HANDLE(session)
aid_hi = CK_ULONG()
aid_lo = CK_ULONG()
container = CK_ULONG()
auth_level = CK_ULONG()
ret = CA_GetSessionInfo(h_session, byref(aid_hi), byref(aid_lo),
byref(container), byref(auth_level))
if ret != CKR_OK:
return ret, None
session_info['aidHigh'] = aid_hi.value
session_info['aidLow'] = aid_lo.value
session_info['containerNumber'] = container.value
session_info['authenticationLevel'] = auth_level.value
return ret, session_info
ca_get_session_info_ex = make_error_handle_function(ca_get_session_info)
:param dict attributes: Attributes for the key.
:return: retcode, key_handle.
"""
attrs = Attributes(attributes).get_c_struct()
c_key_data = AutoCArray(ctype=CK_BYTE, data=key_data)
key_handle = CK_ULONG()
ret = CA_Bip32ImportPublicKey(
session, c_key_data.array, len(c_key_data), attrs, len(attributes), byref(key_handle)
)
if ret != CKR_OK:
return ret, None
return ret, key_handle.value
ca_bip32_import_public_key_ex = make_error_handle_function(ca_bip32_import_public_key)
def ca_bip32_export_public_key(session, key):
"""
Exports a BIP32 Key from the HSM.
:param int session: Session handle.
:return: retcode, key data (base58 encoded bytestring)
"""
c_key_data = AutoCArray(ctype=CK_BYTE, size=CK_ULONG(CKG_BIP32_MAX_SERIALIZED_LEN))
ret = CA_Bip32ExportPublicKey(session, key, c_key_data.array, c_key_data.size)
if ret != CKR_OK:
return ret, None
return ret, string_at(c_key_data.array, c_key_data.size.contents.value)
