def ca_set_authorization_data(h_session, h_object, old_auth_data,
new_auth_data):
"""
User changes authorization data on key object (private, secret)
:param h_session: session handle
:param object: key handle to update
:param old_auth_data: byte list, e.g. [11, 12, 13, ..]
:param new_auth_data: byte list, e.g. [11, 12, 13, ..]
:return: Ret code
"""
old_auth_data_ptr, old_auth_data_length = to_byte_array(old_auth_data)
old_auth_data_ptr = cast(old_auth_data_ptr, POINTER(CK_UTF8CHAR))
new_auth_data_ptr, new_auth_data_length = to_byte_array(new_auth_data)
new_auth_data_ptr = cast(new_auth_data_ptr, POINTER(CK_UTF8CHAR))
h_object = CK_OBJECT_HANDLE(h_object)
h_session = CK_SESSION_HANDLE(h_session)
return CA_SetAuthorizationData(
h_session,
h_object,
old_auth_data_ptr,
old_auth_data_length,
new_auth_data_ptr,
new_auth_data_length,
)
def test_to_byte_array_list_fail_neg(self, list_val):
"""
to_byte_array() with incompatible param:
:param list_val: random list of negative integers. -ValueError
"""
with pytest.raises(ValueError):
pointer, leng = to_byte_array(list_val)
def test_to_byte_array_int(self, int_val):
"""
to_byte_array() with param:
:param int_val: random positive integer
"""
pointer, leng = to_byte_array(int_val)
self.verify_c_type(pointer, leng)
py_bytes = self.reverse_case(pointer, leng, to_byte_array)
assert int(py_bytes, 16) == int_val
def test_to_byte_array_from_hex(self, test_val):
"""
to_byte_array() with param:
:param list_val: list of ints in range (0-255), convert to bytearray
"""
pointer, leng = to_byte_array(test_val)
self.verify_c_type(pointer, leng)
py_bytes = self.reverse_case(pointer, leng, to_byte_array)
assert py_bytes == b"deadbeef"
def test_to_byte_array_hexstring(self, int_val):
"""
to_byte_array() with param:
:param int_val: random integer to be converted to hex string.
"""
hex_string = hex(int_val).replace("0x", "").replace("L", "")
pointer, leng = to_byte_array(hex_string)
self.verify_c_type(pointer, leng)
py_bytes = self.reverse_case(pointer, leng, to_byte_array)
assert int(py_bytes, 16) == int(hex_string, 16)
def test_to_byte_array_int_neg_overflow(self, int_val):
"""
to_byte_array() with param:
:param int_val: random int value. Will result in data loss
"""
pointer, leng = to_byte_array(int_val)
self.verify_c_type(pointer, leng)
py_bytes = self.reverse_case(pointer, leng, to_byte_array)
LOG.debug("to_byte_array() data loss: %s => %s", b(hex(int_val)), py_bytes)
assert int(py_bytes, 16) != int_val
def test_to_byte_array(self, list_val):
"""
to_byte_array() with param:
:param list_val: list of ints in range (0-255), convert to bytearray
"""
b_array = bytearray(list_val)
pointer, leng = to_byte_array(b_array)
self.verify_c_type(pointer, leng)
py_bytes = self.reverse_case(pointer, leng, to_byte_array)
assert py_bytes == hexlify(b_array)
def test_to_byte_array_list(self, list_val):
"""
to_byte_array() with param:
:param list_val: randomly list of postive integers (within byte range).
"""
pointer, leng = to_byte_array(list_val)
self.verify_c_type(pointer, leng)
py_bytes = self.reverse_case(pointer, leng, to_byte_array)
# Create list from returned byte-string
py_list = []
for i in range(0, len(py_bytes), 2):
py_list.append(int(py_bytes[i:i + 2], 16))
assert py_list == list_val
def ca_authorize_key(h_session, h_object, auth_data):
"""
User authorizes key within session or access for use
:param h_session: session handle
:param object: key handle to authorize
:param auth_data: authorization byte list, e.g. [11, 12, 13, ..]
:return: Ret code
"""
auth_data_ptr, auth_data_length = to_byte_array(auth_data)
auth_data_ptr = cast(auth_data_ptr, POINTER(CK_UTF8CHAR))
h_object = CK_OBJECT_HANDLE(h_object)
h_session = CK_SESSION_HANDLE(h_session)
return CA_AuthorizeKey(h_session, h_object, auth_data_ptr,
auth_data_length)
def ca_reset_authorization_data(h_session, h_object, auth_data):
"""
CO resets auth data on unassigned key
:param h_session: session handle
:param object: key handle to update
:param auth_data: byte list, e.g. [11, 12, 13, ..]
:return: Ret code
"""
auth_data_ptr, auth_data_length = to_byte_array(auth_data)
auth_data_ptr = cast(auth_data_ptr, POINTER(CK_UTF8CHAR))
h_object = CK_OBJECT_HANDLE(h_object)
h_session = CK_SESSION_HANDLE(h_session)
return CA_ResetAuthorizationData(h_session, h_object, auth_data_ptr,
auth_data_length)
def ca_get_object_handle(slot, session, objectouid):
"""
Calls CA_GetObjectHandle to get the object handle from OUID
:param slot: partition slot number
:param session: session id that was opened to run the function
:param objectouid: OUID, a string of the hex value that maps to object handle
:return: a tuple containing the return code and the object handle mapping the given OUID
"""
objecttype = CK_ULONG()
objecthandle = CK_ULONG()
# ulContainerNumber is required which is of type CK_ULONG
container_number = ca_get_session_info_ex(session)['containerNumber']
ouid, size_ouid = to_byte_array(int(objectouid, 16))
c_ouid = cast(ouid, POINTER(c_ubyte))
ret = CA_GetObjectHandle(CK_SLOT_ID(slot), container_number, c_ouid,
byref(objecttype), byref(objecthandle))
if ret != CKR_OK:
return ret, None
return ret, objecthandle.value
