def _generate_mkhk(self, key_length, key_label): with self.mk_cache_lock, self.caching_session_lock: session = self.caching_session if key_label in self.mk_cache or \ self.pkcs11.get_key_handle(key_label, session) is not None: raise exception.P11CryptoPluginKeyException( u._("A master key with that label already exists") ) mk = self.pkcs11.generate_key( key_length, session, key_label, sign=True, master_key=True ) self.mk_cache[key_label] = mk return mk
def get_key_handle(self, key_type, label, session): attributes = self._build_attributes([ Attribute(CKA_CLASS, CKO_SECRET_KEY), Attribute(CKA_KEY_TYPE, _KEY_TYPES[key_type]), Attribute(CKA_LABEL, str(label)) ]) rv = self.lib.C_FindObjectsInit(session, attributes.template, len(attributes.template)) self._check_error(rv) count = self.ffi.new("CK_ULONG *") obj_handle_ptr = self.ffi.new("CK_OBJECT_HANDLE[2]") rv = self.lib.C_FindObjects(session, obj_handle_ptr, 2, count) self._check_error(rv) key = None if count[0] == 1: key = obj_handle_ptr[0] rv = self.lib.C_FindObjectsFinal(session) self._check_error(rv) if count[0] > 1: raise exception.P11CryptoPluginKeyException() return key