def __init__(self, backend, key, algorithm, session=None): self._algorithm = algorithm self._backend = backend if isinstance(key, KeyHandle): self._key = key else: # TODO: pass the key type at some point self._key = key_handle_from_bytes(key, backend) if session is None: try: ckm = { "md5": backend._binding.CKM_MD5_HMAC, "sha1": backend._binding.CKM_SHA1_HMAC, "sha224": backend._binding.CKM_SHA224_HMAC, "sha256": backend._binding.CKM_SHA256_HMAC, "sha384": backend._binding.CKM_SHA384_HMAC, "sha512": backend._binding.CKM_SHA512_HMAC, }[self.algorithm.name] except KeyError: raise UnsupportedAlgorithm( "{0} is not a supported hash on this backend.".format( algorithm.name), _Reasons.UNSUPPORTED_HASH ) mech = self._backend._ffi.new("CK_MECHANISM *") mech.mechanism = ckm session = self._backend._session_pool.acquire_and_init( backend, self._backend._lib.C_SignInit, mech, self._key._handle ) self._session = session
def __init__(self, backend, cipher, mode, operation): self._backend = backend # TODO: softhsm only supports AES/3DES with ECB/CBC if not backend.cipher_supported(cipher, mode): raise UnsupportedAlgorithm( "cipher {0} in {1} mode is not supported " "by this backend.".format( cipher.name, mode.name if mode else mode), _Reasons.UNSUPPORTED_CIPHER ) if isinstance(cipher, KeyHandle): self._key_handle = cipher.key else: self._key_handle = key_handle_from_bytes(cipher.key, backend) self._cipher = cipher self._mode = mode self._operation = operation self._buffer = b"" if isinstance(self._cipher, ciphers.BlockCipherAlgorithm): self._block_size = self._cipher.block_size // 8 else: self._block_size = 1 if isinstance(mode, modes.ModeWithInitializationVector): iv_nonce = self._backend._ffi.new( "CK_BYTE[]", mode.initialization_vector ) iv_nonce_len = len(mode.initialization_vector) elif isinstance(mode, modes.ModeWithNonce): iv_nonce = self._backend._ffi.new("CK_BYTE[]", mode.nonce) iv_nonce_len = len(mode.nonce) else: iv_nonce = self._backend._ffi.NULL iv_nonce_len = 0 mech = self._backend._ffi.new("CK_MECHANISM *") mech.mechanism = self._get_mechanism(cipher, mode) mech.parameter = iv_nonce mech.parameter_len = iv_nonce_len self._session = self._backend._session_pool.acquire_and_init( backend, self._operation["init"], mech, self._key_handle._handle )