From 09a065bb67bf055da0417a6c972c11ba5ab13da0 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Tue, 8 Nov 2016 01:44:50 -0500 Subject: First cut at multi-attribute get/set/delete API. This is not yet complete, only the ks_volatile driver supports it, ks_flash will be a bit more complicated and isn't written yet. At the moment, this adds a complete duplicate set of {set,get,delete}_attributes() functions in parallel to the earlier {set,get,delete}_attribute() functions. We will almost certainly want to get rid of the duplicates, probably (but not necessarily) the entire single-attribute suite. At the moment, though, we want both sets so we can compare execution speeds of the two sets of functions. --- libhal.py | 33 ++++++++++++++++++++++++++++++--- 1 file changed, 30 insertions(+), 3 deletions(-) (limited to 'libhal.py') diff --git a/libhal.py b/libhal.py index 06445f0..4023edc 100644 --- a/libhal.py +++ b/libhal.py @@ -112,6 +112,7 @@ HALError.define(HAL_ERROR_KSI_INDEX_CHUNK_ORPHANED = "Key index chunk orphaned" HALError.define(HAL_ERROR_KSI_INDEX_CHUNK_MISSING = "Key index chunk missing") HALError.define(HAL_ERROR_KSI_INDEX_CHUNK_OVERLAPS = "Key index chunk overlaps") HALError.define(HAL_ERROR_KEYSTORE_WRONG_BLOCK_TYPE = "Wrong block type in keystore") +HALError.define(HAL_ERROR_RPC_PROTOCOL_ERROR = "RPC protocol error") class Enum(int): @@ -183,6 +184,9 @@ RPCFunc.define(''' RPC_FUNC_PKEY_GET_ATTRIBUTE, RPC_FUNC_PKEY_DELETE_ATTRIBUTE, RPC_FUNC_PKEY_GET_KEY_CURVE, + RPC_FUNC_PKEY_SET_ATTRIBUTES, + RPC_FUNC_PKEY_GET_ATTRIBUTES, + RPC_FUNC_PKEY_DELETE_ATTRIBUTES, ''') class HALDigestAlgorithm(Enum): pass @@ -389,6 +393,15 @@ class PKey(Handle): def delete_attribute(self, attr_type): self.hsm.pkey_delete_attribute(self, attr_type) + def set_attributes(self, attributes): + self.hsm.pkey_set_attributes(self, attributes) + + def get_attributes(self, attributes, attributes_buffer_len = 2048): + return self.hsm.pkey_get_attributes(self, attributes, attributes_buffer_len) + + def delete_attributes(self, attributes): + self.hsm.pkey_delete_attributes(self, attributes) + class HSM(object): @@ -642,7 +655,7 @@ class HSM(object): key_name = UUID(bytes = r.unpack_bytes()) yield key_type, key_curve, key_flags, key_name - def pkey_match(self, type = 0, curve = 0, flags = 0, attributes = (), + def pkey_match(self, type = 0, curve = 0, flags = 0, attributes = {}, length = 64, client = 0, session = 0): u = UUID(int = 0) n = length @@ -655,8 +668,6 @@ class HSM(object): yield u def pkey_set_attribute(self, pkey, attr_type, attr_value = None): - if attr_value is None and isinstance(attr_type, Attribute): - attr_type, attr_value = attr_type.type, attr_type.attr_value with self.rpc(RPC_FUNC_PKEY_SET_ATTRIBUTE, pkey, attr_type, attr_value): return @@ -667,3 +678,19 @@ class HSM(object): def pkey_delete_attribute(self, pkey, attr_type): with self.rpc(RPC_FUNC_PKEY_DELETE_ATTRIBUTE, pkey, attr_type): return + + def pkey_set_attributes(self, pkey, attributes): + with self.rpc(RPC_FUNC_PKEY_SET_ATTRIBUTES, pkey, attributes): + return + + def pkey_get_attributes(self, pkey, attributes, attributes_buffer_len = 2048): + attributes = tuple(attributes) + with self.rpc(RPC_FUNC_PKEY_GET_ATTRIBUTES, pkey, attributes, attributes_buffer_len) as r: + n = r.unpack_uint() + if n != len(attributes): + raise HAL_ERROR_RPC_PROTOCOL_ERROR + return dict((r.unpack_uint(), r.unpack_bytes()) for i in xrange(n)) + + def pkey_delete_attributes(self, pkey, attributes): + with self.rpc(RPC_FUNC_PKEY_DELETE_ATTRIBUTES, pkey, attributes): + return -- cgit v1.2.3