Skip to content

Commit

Permalink
December merge from internal
Browse files Browse the repository at this point in the history
* Includes a few more CA_ extension functions
* Adds padding options for AutoCArray

Change-Id: Ia1108dc9ae26becdd7eb993dcb78b526b665cf97
  • Loading branch information
Ashley Straw committed Dec 1, 2020
2 parents 58a0b17 + b039529 commit 8d6a747
Show file tree
Hide file tree
Showing 32 changed files with 243 additions and 74 deletions.
5 changes: 5 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
# Created by https://www.gitignore.io
.gitreview
.pytest_cache
.venv
_docs
coverage.xml
junit*.xml
.python-version
### PyCharm ###
# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm

Expand Down
74 changes: 74 additions & 0 deletions .gitlab-ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
image: otaaplvlp05.gemalto.com:5443/py_tox_tester:latest

# Change pip's cache directory to be inside the project directory since we can
# only cache local items.
variables:
PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"

# Pip's cache doesn't store the python packages
# https://pip.pypa.io/en/stable/reference/pip_install/#caching
#
# If you want to also cache the installed packages, you have to install
# them in a virtualenv and cache it as well.
cache:
paths:
- .cache/pip

stages:
- lint
- test
- build
- deploy

before_script:
- export PATH="$HOME/.pyenv/bin/:$PATH"
- eval "$(pyenv init -)"
- pyenv global 3.8.5 3.6.12 3.7.9 2.7.15
- python -V
- source /.venv/bin/activate

lint:
needs: []
stage: lint
interruptible: true
script:
- black -l 100 . --check

test:
needs: []
stage: test
script:
- tox -e clean
- tox -p -e py27,py36,py37,py38
- tox -e report
interruptible: true
artifacts:
when: always
paths:
- junit*.xml
reports:
junit: junit*.xml
cobertura: coverage.xml


build:
stage: build
interruptible: true
script:
- python2.7 setup.py bdist_wheel
- python3.8 setup.py bdist_wheel

artifacts:
paths:
- dist/*.whl

deploy:
tags:
- hsmtest
stage: deploy
dependencies:
- build
only:
- release
script: /root/deploy.sh

6 changes: 3 additions & 3 deletions docs/conf.py
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@
"sphinx.ext.intersphinx",
"sphinx.ext.todo",
"sphinx.ext.viewcode",
"sphinxcontrib.napoleon",
"sphinx.ext.napoleon",
]

# Add any paths that contain templates here, relative to this directory.
Expand All @@ -52,7 +52,7 @@

# General information about the project.
project = u"Pycryptoki"
copyright = u"2018, Gemalto"
copyright = u"2020, Gemalto"

# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
Expand All @@ -61,7 +61,7 @@
# The short X.Y version.
version = "2.5"
# The full version, including alpha/beta/rc tags.
release = "2.5.13"
release = "2.5.18"

# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
Expand Down
1 change: 0 additions & 1 deletion docs/requirements.txt
Original file line number Diff line number Diff line change
@@ -1,3 +1,2 @@
sphinx
sphinx_rtd_theme
sphinxcontrib-napoleon
4 changes: 4 additions & 0 deletions pycryptoki/attributes.py
Original file line number Diff line number Diff line change
Expand Up @@ -297,6 +297,10 @@ def to_byte_array(val, reverse=False):
if "\\x" in repr(val):
val = list(from_bytestring(val))
byte_array = (CK_BYTE * len(val))(*val)
# byte value with leading zeros: b'005211001100000128230900'
elif val.startswith(b"00"):
val = bytearray(binascii.unhexlify(val))
byte_array = (CK_BYTE * len(val))(*val)
# Hex string: '01af'
else:
val = int(val, 16)
Expand Down
15 changes: 15 additions & 0 deletions pycryptoki/ca_extensions/session.py
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
CA_OpenApplicationIDForContainerV2,
CA_CloseApplicationIDForContainerV2,
CA_GetUserContainerNumber,
CA_SessionCancel,
)
from pycryptoki.defines import CKR_OK
from pycryptoki.exceptions import make_error_handle_function
Expand Down Expand Up @@ -198,3 +199,17 @@ def ca_close_application_id_for_container_v2(slot, appid, container):
ca_close_application_id_for_container_v2_ex = make_error_handle_function(
ca_close_application_id_for_container_v2
)


def ca_session_cancel(h_session, flags):
"""
User cancels ongoing crypto operation
:param h_session: session handle
:param flags: session flags
:return: Ret code
"""
return CA_SessionCancel(CK_SESSION_HANDLE(h_session), CK_FLAGS(flags))


ca_session_cancel_ex = make_error_handle_function(ca_session_cancel)
12 changes: 6 additions & 6 deletions pycryptoki/ca_extensions/utilization_metrics.py
Original file line number Diff line number Diff line change
Expand Up @@ -57,13 +57,13 @@ def ca_read_and_reset_utilization_metrics(session):

def ca_read_all_utilization_counters(h_session):
"""
Read Metrics from previously saved HSM snapshot
Call either functions prior to create snapshot:
ca_read_utilization_metrics
ca_read_and_reset_utilization_metrics
Read Metrics from previously saved HSM snapshot
Call either functions prior to create snapshot:
ca_read_utilization_metrics
ca_read_and_reset_utilization_metrics
:return: a dictionary, where keys are serial numbers
and values are dictionaries of bins and values, example: 'SIGN':0
:return: a dictionary, where keys are serial numbers
and values are dictionaries of bins and values, example: 'SIGN':0
"""
# Reading length of counters
length = c_ulong()
Expand Down
33 changes: 25 additions & 8 deletions pycryptoki/common_utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
from _ctypes import pointer, POINTER
from ctypes import c_ulong, cast, create_string_buffer

from six import b, string_types
from six import b, text_type

from pycryptoki.cryptoki import CK_CHAR
from pycryptoki.defines import CKR_OK
Expand All @@ -28,7 +28,7 @@ class AutoCArray(object):
"""

def __init__(self, data=None, ctype=c_ulong, size=None):
def __init__(self, data=None, ctype=c_ulong, size=None, pad=False, pad_char=b"\x00"):
"""
Initialize the Array.
Expand All @@ -48,18 +48,35 @@ def __init__(self, data=None, ctype=c_ulong, size=None):
:param data: Data array should be initialized with. Needs to be string/list.
:param ctype: Type of data the array should store (Default: CK_ULONG)
:param size: Size of the array. PKCS#11 calls will init this for us, but you can also
specify it manually.
specify it manually.
.. note:: This has no effect if you are passing in data and do NOT specify pad=True. The
array will be auto-sized to the data length, unless you ask for it to be padded.
:param pad: If true, will pad the array to the specified size with the given pad_char. Valid
only for bytes/string types.
:param pad_char: Character to use for padding out the array.
:raises: ValueError when the size of the data is larger than the specified pad size.
"""
self._array = None
self._size = size
self.ctype = ctype

# name was just for logging.
if data is not None:
# Parse out any given data.
if isinstance(data, (bytes, string_types)):
self._array = create_string_buffer(b(data), len(data))
self._size = c_ulong(len(data))
if isinstance(data, (bytes, text_type)):
# Conversions to bytes...
if isinstance(data, text_type):
data = b(data)
if isinstance(pad_char, text_type):
pad_char = b(pad_char)

if pad and size:
# If len(data) > size, this raises ValueError
self._array = create_string_buffer(data, size)
self._array[len(data) :] = pad_char * (size - len(data))
else:
self._array = create_string_buffer(data, len(data))
self._size = c_ulong(len(self._array))
self.ctype = CK_CHAR
elif isinstance(data, list):
self._array = (ctype * len(data))(*data)
Expand Down
2 changes: 1 addition & 1 deletion pycryptoki/conversions.py
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
def _chunks(inval, chunk_size):
"""
Split an iterable into chunks of the given size.
:param inval: Iterable to be chunked.
:param chunk_size: Size of chunks.
:return: Iterator
Expand Down
1 change: 1 addition & 0 deletions pycryptoki/cryptoki/_ck_func_list.py
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ class CK_SFNT_CA_FUNCTION_LIST(Structure):
)
CK_CA_AssignKey = CFUNCTYPE(CK_RV, CK_SESSION_HANDLE, CK_OBJECT_HANDLE)
CK_CA_IncrementFailedAuthCount = CFUNCTYPE(CK_RV, CK_SESSION_HANDLE, CK_OBJECT_HANDLE)
CK_CA_SessionCancel = CFUNCTYPE(CK_RV, CK_SESSION_HANDLE, CK_FLAGS)
CK_CA_ManualKCV = CFUNCTYPE(CK_RV, CK_SESSION_HANDLE)
CK_CA_SetLKCV = CFUNCTYPE(CK_RV, CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG)
CK_CA_SetKCV = CFUNCTYPE(CK_RV, CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG)
Expand Down
1 change: 1 addition & 0 deletions pycryptoki/cryptoki/func_defs.py
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,7 @@
CA_IncrementFailedAuthCount = make_late_binding_function(
"CA_IncrementFailedAuthCount", [CK_SESSION_HANDLE, CK_OBJECT_HANDLE]
)
CA_SessionCancel = make_late_binding_function("CA_SessionCancel", [CK_SESSION_HANDLE, CK_FLAGS])
CA_ManualKCV = make_late_binding_function("CA_ManualKCV", [CK_SESSION_HANDLE])
CA_SetLKCV = make_late_binding_function("CA_SetLKCV", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG])
CA_SetKCV = make_late_binding_function("CA_SetKCV", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG])
Expand Down
5 changes: 5 additions & 0 deletions pycryptoki/daemon/rpyc_pycryptoki.py
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,8 @@
ca_open_application_id_for_container_v2_ex,
ca_close_application_id_for_container_v2,
ca_close_application_id_for_container_v2_ex,
ca_session_cancel,
ca_session_cancel_ex,
)
from pycryptoki.ca_extensions.stc import (
ca_stc_register,
Expand Down Expand Up @@ -674,6 +676,9 @@ def test_attrs(attributes):
ca_reset_authorization_data = staticmethod(ca_reset_authorization_data)
ca_reset_authorization_data_ex = staticmethod(ca_reset_authorization_data_ex)

ca_session_cancel = staticmethod(ca_session_cancel)
ca_session_cancel_ex = staticmethod(ca_session_cancel_ex)

ca_bip32_import_public_key = staticmethod(ca_bip32_import_public_key)
ca_bip32_import_public_key_ex = staticmethod(ca_bip32_import_public_key_ex)
ca_bip32_export_public_key = staticmethod(ca_bip32_export_public_key)
Expand Down
3 changes: 3 additions & 0 deletions pycryptoki/defines.py
Original file line number Diff line number Diff line change
Expand Up @@ -1545,6 +1545,8 @@
CKR_MECHANISM_PARAM_INVALID = 0x00000071
CKR_MUTEX_BAD = 0x000001A0
CKR_MUTEX_NOT_LOCKED = 0x000001A1
CKR_TOKEN_RESOURCE_EXCEEDED = 0x00000201
CKR_OPERATION_CANCEL_FAILED = 0x00000202
CKR_NEED_TO_CREATE_THREADS = 0x00000009
CKR_NEW_PIN_MODE = 0x000001B0
CKR_NEXT_OTP = 0x000001B1
Expand Down Expand Up @@ -2082,6 +2084,7 @@
CKR_AUTH_DATA_NOT_ALLOWED = CKR_VENDOR_DEFINED + 0x0102
CKR_ASSIGNED_KEY_NOT_ALLOWED = CKR_VENDOR_DEFINED + 0x0103
CKR_INTEGER_OVERFLOW = CKR_VENDOR_DEFINED + 0x0104
CKR_BUSY = CKR_VENDOR_DEFINED + 0x1604


CKR_BIP32_CHILD_INDEX_INVALID = CKR_VENDOR_DEFINED | 0x83
Expand Down
4 changes: 2 additions & 2 deletions pycryptoki/encryption.py
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ def c_encrypt(h_session, h_key, data, mechanism, output_buffer=None):
:param mechanism: See the :py:func:`~pycryptoki.mechanism.parse_mechanism` function
for possible values.
:param list|int output_buffer: Integer or list of integers that specify a size of output
:param list|int output_buffer: Integer or list of integers that specify a size of output
buffer to use for an operation. By default will query with NULL pointer buffer
to get required size of buffer.
:returns: (Retcode, Python bytestring of encrypted data)
Expand Down Expand Up @@ -161,7 +161,7 @@ def c_decrypt(h_session, h_key, encrypted_data, mechanism, output_buffer=None):
:param mechanism: See the :py:func:`~pycryptoki.mechanism.parse_mechanism` function
for possible values.
:param list|int output_buffer: Integer or list of integers that specify a size of output
:param list|int output_buffer: Integer or list of integers that specify a size of output
buffer to use for an operation. By default will query with NULL pointer buffer
to get required size of buffer.
:returns: (Retcode, Python bytestring of decrypted data))
Expand Down
6 changes: 2 additions & 4 deletions pycryptoki/hsm_management.py
Original file line number Diff line number Diff line change
Expand Up @@ -343,8 +343,7 @@ def ca_get_hsm_capability_set(slot):

@refresh_c_arrays(1)
def _get_hsm_caps():
"""Closer for retries to work w/ properties
"""
"""Closer for retries to work w/ properties"""
return CA_GetHSMCapabilitySet(
slot_id, cap_ids.array, cap_ids.size, cap_vals.array, cap_vals.size
)
Expand Down Expand Up @@ -388,8 +387,7 @@ def ca_get_hsm_policy_set(slot):

@refresh_c_arrays(1)
def _ca_get_hsm_policy_set():
"""Closure for retries.
"""
"""Closure for retries."""
return CA_GetHSMPolicySet(
slot_id, pol_ids.array, pol_ids.size, pol_vals.array, pol_vals.size
)
Expand Down
3 changes: 3 additions & 0 deletions pycryptoki/lookup_dicts.py
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,8 @@
CKR_CRYPTOKI_ALREADY_INITIALIZED: "CKR_CRYPTOKI_ALREADY_INITIALIZED",
CKR_MUTEX_BAD: "CKR_MUTEX_BAD",
CKR_MUTEX_NOT_LOCKED: "CKR_MUTEX_NOT_LOCKED",
CKR_TOKEN_RESOURCE_EXCEEDED: "CKR_TOKEN_RESOURCE_EXCEEDED",
CKR_OPERATION_CANCEL_FAILED: "CKR_OPERATION_CANCEL_FAILED",
CKR_NEW_PIN_MODE: "CKR_NEW_PIN_MODE",
CKR_NEXT_OTP: "CKR_NEXT_OTP",
CKR_FUNCTION_REJECTED: "CKR_FUNCTION_REJECTED",
Expand Down Expand Up @@ -228,6 +230,7 @@
CKR_INTERNAL_INTEGRITY_ERROR: "CKR_INTERNAL_INTEGRITY_ERROR",
CKR_ASSIGNED_KEY_CANNOT_BE_RESET: "CKR_ASSIGNED_KEY_CANNOT_BE_RESET",
CKR_AUTH_DATA_INCORRECT_AND_LIMIT_REACHED: "CKR_AUTH_DATA_INCORRECT_AND_LIMIT_REACHED",
CKR_BUSY: "CKR_BUSY",
}

#:
Expand Down
3 changes: 2 additions & 1 deletion pycryptoki/mechanism/aes.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,8 @@
CK_KEY_DERIVATION_STRING_DATA,
CK_AES_CBC_ENCRYPT_DATA_PARAMS,
CK_AES_CTR_PARAMS,
c_ubyte)
c_ubyte,
)

LOG = logging.getLogger(__name__)

Expand Down
11 changes: 11 additions & 0 deletions pycryptoki/mechanism/des.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,17 @@
CK_DES_CBC_ENCRYPT_DATA_PARAMS,
)

from ..attributes import to_byte_array
from ..conversions import from_bytestring
from ..cryptoki import (
CK_ULONG,
CK_BYTE,
CK_BYTE_PTR,
CK_DES_CTR_PARAMS,
CK_KEY_DERIVATION_STRING_DATA,
CK_DES_CBC_ENCRYPT_DATA_PARAMS,
)

from ..attributes import to_byte_array
from ..conversions import from_bytestring
from ..cryptoki import CK_ULONG, CK_BYTE, CK_BYTE_PTR, CK_DES_CTR_PARAMS, \
Expand Down
5 changes: 2 additions & 3 deletions pycryptoki/misc.py
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ def c_digest(h_session, data_to_digest, digest_flavor, mechanism=None, output_bu
SHA224, SHA256, SHA384, SHA512)
:param mechanism: See the :py:func:`~pycryptoki.mechanism.parse_mechanism` function
for possible values. If None will use digest flavor.
:param list|int output_buffer: Integer or list of integers that specify a size of output
:param list|int output_buffer: Integer or list of integers that specify a size of output
buffer to use for an operation. By default will query with NULL pointer buffer
to get required size of buffer.
:returns: (retcode, a python string of the digested data)
Expand Down Expand Up @@ -132,8 +132,7 @@ def c_digest(h_session, data_to_digest, digest_flavor, mechanism=None, output_bu

@refresh_c_arrays(1)
def _digest():
""" Perform the digest operations
"""
"""Perform the digest operations"""
return C_Digest(
h_session,
c_data_to_digest,
Expand Down
Loading

0 comments on commit 8d6a747

Please sign in to comment.