def _create_pkcs11(self, plugin_conf, ffi=None): return pkcs11.PKCS11(library_path=plugin_conf.library_path, login_passphrase=plugin_conf.login, rw_session=plugin_conf.rw_session, slot_id=plugin_conf.slot_id, ffi=ffi, algorithm=plugin_conf.algorithm)
def _create_pkcs11_session(self, passphrase, libpath, slotid, hmacwrap): self.pkcs11 = pkcs11.PKCS11(library_path=libpath, login_passphrase=passphrase, rw_session=True, slot_id=slotid, encryption_mechanism='CKM_AES_CBC', hmac_keywrap_mechanism=hmacwrap) self.session = self.pkcs11.get_session()
def __init__(self, conf=CONF, ffi=None): self.conf = conf if conf.p11_crypto_plugin.library_path is None: raise ValueError(u._("library_path is required")) self.pkcs11 = pkcs11.PKCS11( library_path=conf.p11_crypto_plugin.library_path, login_passphrase=conf.p11_crypto_plugin.login, slot_id=conf.p11_crypto_plugin.slot_id, ffi=ffi) self.pkcs11.cache_mkek_and_hmac(conf.p11_crypto_plugin.mkek_label, conf.p11_crypto_plugin.hmac_label)
def setUp(self): super(WhenTestingPKCS11, self).setUp() self.lib = mock.Mock() self.lib.C_Initialize.return_value = pkcs11.CKR_OK self.lib.C_Finalize.return_value = pkcs11.CKR_OK self.lib.C_GetSlotList.side_effect = self._get_slot_list self.lib.C_GetTokenInfo.side_effect = self._get_token_info self.lib.C_OpenSession.side_effect = self._open_session self.lib.C_CloseSession.return_value = pkcs11.CKR_OK self.lib.C_GetSessionInfo.side_effect = self._get_session_user self.lib.C_Login.return_value = pkcs11.CKR_OK self.lib.C_FindObjectsInit.return_value = pkcs11.CKR_OK self.lib.C_FindObjects.side_effect = self._find_objects_one self.lib.C_FindObjectsFinal.return_value = pkcs11.CKR_OK self.lib.C_GenerateKey.side_effect = self._generate_key self.lib.C_GenerateRandom.side_effect = self._generate_random self.lib.C_SeedRandom.return_value = pkcs11.CKR_OK self.lib.C_EncryptInit.return_value = pkcs11.CKR_OK self.lib.C_Encrypt.side_effect = self._encrypt self.lib.C_DecryptInit.return_value = pkcs11.CKR_OK self.lib.C_Decrypt.side_effect = self._decrypt self.lib.C_WrapKey.side_effect = self._wrap_key self.lib.C_UnwrapKey.side_effect = self._unwrap_key self.lib.C_SignInit.return_value = pkcs11.CKR_OK self.lib.C_Sign.side_effect = self._sign self.lib.C_VerifyInit.return_value = pkcs11.CKR_OK self.lib.C_Verify.side_effect = self._verify self.lib.C_DestroyObject.return_value = pkcs11.CKR_OK self.ffi = pkcs11.build_ffi() setattr(self.ffi, 'dlopen', lambda x: self.lib) self.cfg_mock = mock.MagicMock(name='config mock') self.cfg_mock.library_path = '/dev/null' self.cfg_mock.login_passphrase = 'foobar' self.cfg_mock.rw_session = False self.cfg_mock.slot_id = 1 self.cfg_mock.encryption_mechanism = 'CKM_AES_CBC' self.cfg_mock.hmac_keywrap_mechanism = 'CKM_SHA256_HMAC' self.token_mock = mock.MagicMock() self.token_mock.label = b'myLabel' self.token_mock.serial_number = b'111111' self.pkcs11 = pkcs11.PKCS11( self.cfg_mock.library_path, self.cfg_mock.login_passphrase, self.cfg_mock.rw_session, self.cfg_mock.slot_id, self.cfg_mock.encryption_mechanism, ffi=self.ffi, hmac_keywrap_mechanism=self.cfg_mock.hmac_keywrap_mechanism )
def _create_pkcs11(self, plugin_conf, ffi=None): seed_random_buffer = None if plugin_conf.seed_file: with open(plugin_conf.seed_file, 'rb') as f: seed_random_buffer = f.read(plugin_conf.seed_length) return pkcs11.PKCS11( library_path=plugin_conf.library_path, login_passphrase=plugin_conf.login, rw_session=plugin_conf.rw_session, slot_id=plugin_conf.slot_id, ffi=ffi, algorithm=plugin_conf.algorithm, seed_random_buffer=seed_random_buffer, )
def __init__(self, ffi=None): self.parser = self.get_main_parser() self.subparsers = self.parser.add_subparsers( title='subcommands', description='Action to perform') self.add_mkek_args() self.add_hmac_args() self.args = self.parser.parse_args() if not self.args.passphrase: password = six.moves.input("Please enter your password: ") self.pkcs11 = pkcs11.PKCS11(library_path=self.args.library_path, login_passphrase=self.args.passphrase or password, slot_id=int(self.args.slot_id), ffi=ffi) self.session = self.pkcs11.create_working_session()
def _create_pkcs11(self, plugin_conf, ffi=None): seed_random_buffer = None if plugin_conf.seed_file: with open(plugin_conf.seed_file, 'rb') as f: seed_random_buffer = f.read(plugin_conf.seed_length) return pkcs11.PKCS11( library_path=plugin_conf.library_path, login_passphrase=plugin_conf.login, rw_session=plugin_conf.rw_session, slot_id=plugin_conf.slot_id, encryption_mechanism=plugin_conf.encryption_mechanism, ffi=ffi, seed_random_buffer=seed_random_buffer, generate_iv=plugin_conf.generate_iv, )
def _create_pkcs11(self, plugin_conf, ffi=None): seed_random_buffer = None if plugin_conf.seed_file: with open(plugin_conf.seed_file, 'rb') as f: seed_random_buffer = f.read(plugin_conf.seed_length) return pkcs11.PKCS11( library_path=plugin_conf.library_path, login_passphrase=plugin_conf.login, rw_session=plugin_conf.rw_session, slot_id=plugin_conf.slot_id, encryption_mechanism=plugin_conf.encryption_mechanism, ffi=ffi, seed_random_buffer=seed_random_buffer, generate_iv=plugin_conf.aes_gcm_generate_iv, always_set_cka_sensitive=plugin_conf.always_set_cka_sensitive, hmac_keywrap_mechanism=plugin_conf.hmac_keywrap_mechanism, token_serial_number=plugin_conf.token_serial_number, token_label=plugin_conf.token_label )
def _create_pkcs11(self, ffi=None): seed_random_buffer = None if self.seed_file: with open(self.seed_file, 'rb') as f: seed_random_buffer = f.read(self.seed_length) return pkcs11.PKCS11( library_path=self.library_path, login_passphrase=self.login, rw_session=self.rw_session, slot_id=self.slot_id, encryption_mechanism=self.encryption_mechanism, ffi=ffi, seed_random_buffer=seed_random_buffer, generate_iv=self.generate_iv, always_set_cka_sensitive=self.cka_sensitive, hmac_keywrap_mechanism=self.hmac_keywrap_mechanism, token_serial_number=self.token_serial_number, token_labels=self.token_labels, os_locking_ok=self.os_locking_ok)
def setUp(self): super(WhenTestingPKCS11, self).setUp() self.lib = mock.Mock() self.lib.C_Initialize.return_value = pkcs11.CKR_OK self.lib.C_Finalize.return_value = pkcs11.CKR_OK self.lib.C_OpenSession.side_effect = self._open_session self.lib.C_CloseSession.return_value = pkcs11.CKR_OK self.lib.C_GetSessionInfo.side_effect = self._get_session_user self.lib.C_Login.return_value = pkcs11.CKR_OK self.lib.C_FindObjectsInit.return_value = pkcs11.CKR_OK self.lib.C_FindObjects.side_effect = self._find_objects_one self.lib.C_FindObjectsFinal.return_value = pkcs11.CKR_OK self.lib.C_GenerateKey.side_effect = self._generate_key self.lib.C_GenerateRandom.side_effect = self._generate_random self.lib.C_EncryptInit.return_value = pkcs11.CKR_OK self.lib.C_Encrypt.side_effect = self._encrypt self.lib.C_DecryptInit.return_value = pkcs11.CKR_OK self.lib.C_Decrypt.side_effect = self._decrypt self.lib.C_WrapKey.side_effect = self._wrap_key self.lib.C_UnwrapKey.side_effect = self._unwrap_key self.lib.C_SignInit.return_value = pkcs11.CKR_OK self.lib.C_Sign.side_effect = self._sign self.lib.C_VerifyInit.return_value = pkcs11.CKR_OK self.lib.C_Verify.side_effect = self._verify self.lib.C_DestroyObject.return_value = pkcs11.CKR_OK self.ffi = pkcs11.build_ffi() setattr(self.ffi, 'dlopen', lambda x: self.lib) self.cfg_mock = mock.MagicMock(name='config mock') self.cfg_mock.library_path = '/dev/null' self.cfg_mock.login_passphrase = 'foobar' self.cfg_mock.rw_session = False self.cfg_mock.slot_id = 1 self.cfg_mock.algorithm = 'CKM_AES_GCM' self.pkcs11 = pkcs11.PKCS11(self.cfg_mock.library_path, self.cfg_mock.login_passphrase, self.cfg_mock.rw_session, self.cfg_mock.slot_id, ffi=self.ffi)
def _create_pkcs11_session(self, conf, passphrase, libpath, slotid, hmacwrap): if passphrase is None: passphrase = conf.p11_crypto_plugin.login if libpath is None: libpath = conf.p11_crypto_plugin.library_path if slotid is None: slotid = conf.p11_crypto_plugin.slot_id elif type(slotid) is not int: slotid = int(slotid) if hmacwrap is None: hmacwrap = conf.p11_crypto_plugin.hmac_keywrap_mechanism self.pkcs11 = pkcs11.PKCS11( library_path=libpath, login_passphrase=passphrase, rw_session=True, slot_id=slotid, encryption_mechanism='CKM_AES_CBC', hmac_keywrap_mechanism=hmacwrap, token_serial_number=conf.p11_crypto_plugin.token_serial_number, token_labels=conf.p11_crypto_plugin.token_labels) self.session = self.pkcs11.get_session()
def _create_pkcs11_session(self, passphrase, libpath, slotid): self.pkcs11 = pkcs11.PKCS11(library_path=libpath, login_passphrase=passphrase, rw_session=True, slot_id=slotid) self.session = self.pkcs11.get_session()