diff options
-rw-r--r-- | GNUmakefile | 5 | ||||
-rw-r--r-- | py11/__init__.py | 5 | ||||
-rw-r--r-- | py11/attribute_map.py | 54 | ||||
-rw-r--r-- | py11/attributes.py | 16 | ||||
-rwxr-xr-x | scripts/build-py11-attributes | 66 |
5 files changed, 129 insertions, 17 deletions
diff --git a/GNUmakefile b/GNUmakefile index aa95233..4f8193e 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -53,7 +53,7 @@ ifndef OBJCOPY OBJCOPY := objcopy endif -all: libpkcs11.so p11util +all: libpkcs11.so p11util py11/attribute_map.py clean: rm -rf pkcs11.o pkcs11.so libpkcs11.so* p11util p11util.o schema.h attributes.h @@ -67,6 +67,9 @@ schema.h: schema.sql scripts/convert-schema.sed GNUmakefile attributes.h: attributes.yaml scripts/build-attributes GNUmakefile python scripts/build-attributes attributes.yaml attributes.h +py11/attribute_map.py: attributes.yaml scripts/build-py11-attributes GNUmakefile + python scripts/build-py11-attributes attributes.yaml py11/attribute_map.py + pkcs11.o: pkcs11.c sql_common.h schema.h attributes.h ${CC} ${CFLAGS} -c $< diff --git a/py11/__init__.py b/py11/__init__.py index b67ce8a..da0c946 100644 --- a/py11/__init__.py +++ b/py11/__init__.py @@ -1,7 +1,6 @@ # An attempt at a Python interface to PKCS 11 using the scary ctypes # module from the Python standard library. -from struct import pack, unpack from ctypes import * from .exceptions import * from .types import * @@ -12,7 +11,7 @@ from .prototypes import * class PKCS11 (object): - def __init__(self, so_name = "libpkcs11.so", attributes_initializer = "attributes.yaml"): + def __init__(self, so_name = "libpkcs11.so"): self.so_name = so_name self.so = CDLL(so_name) def raise_on_failure(rv): @@ -22,7 +21,7 @@ class PKCS11 (object): func = getattr(self.so, name) func.restype = raise_on_failure func.argtypes = args - self.adb = AttributeDB(attributes_initializer) + self.adb = AttributeDB() def __getattr__(self, name): return getattr(self.so, name) diff --git a/py11/attribute_map.py b/py11/attribute_map.py new file mode 100644 index 0000000..b689d6e --- /dev/null +++ b/py11/attribute_map.py @@ -0,0 +1,54 @@ +# This file was generated automatically from attributes.yaml by build-py11-attributes. Do not edit this file directly. + +attribute_map = { + 'CKA_COEFFICIENT': 'biginteger', + 'CKA_MECHANISM_TYPE': 'CK_MECHANISM_TYPE', + 'CKA_ID': 'bytearray', + 'CKA_VALUE': 'biginteger', + 'CKA_KEY_GEN_MECHANISM': 'CK_MECHANISM_TYPE', + 'CKA_LABEL': 'rfc2279string', + 'CKA_KEY_TYPE': 'CK_KEY_TYPE', + 'CKA_PRIME_2': 'biginteger', + 'CKA_APPLICATION': 'rfc2279string', + 'CKA_VERIFY': 'CK_BBOOL', + 'CKA_HASH_OF_ISSUER_PUBLIC_KEY': 'bytearray', + 'CKA_SIGN': 'CK_BBOOL', + 'CKA_MODULUS': 'biginteger', + 'CKA_START_DATE': 'CK_DATE', + 'CKA_CERTIFICATE_CATEGORY': 'CK_ULONG', + 'CKA_PRIVATE_EXPONENT': 'biginteger', + 'CKA_ALWAYS_SENSITIVE': 'CK_BBOOL', + 'CKA_LOCAL': 'CK_BBOOL', + 'CKA_PUBLIC_EXPONENT': 'biginteger', + 'CKA_SENSITIVE': 'CK_BBOOL', + 'CKA_WRAP_WITH_TRUSTED': 'CK_BBOOL', + 'CKA_EXTRACTABLE': 'CK_BBOOL', + 'CKA_SUBJECT': 'bytearray', + 'CKA_VERIFY_RECOVER': 'CK_BBOOL', + 'CKA_EXPONENT_1': 'biginteger', + 'CKA_TOKEN': 'CK_BBOOL', + 'CKA_DECRYPT': 'CK_BBOOL', + 'CKA_EC_PARAMS': 'bytearray', + 'CKA_END_DATE': 'CK_DATE', + 'CKA_JAVA_MIDP_SECURITY_DOMAIN': 'CK_ULONG', + 'CKA_MODIFIABLE': 'CK_BBOOL', + 'CKA_CHECK_VALUE': 'bytearray', + 'CKA_URL': 'rfc2279string', + 'CKA_SERIAL_NUMBER': 'bytearray', + 'CKA_MODULUS_BITS': 'CK_ULONG', + 'CKA_WRAP': 'CK_BBOOL', + 'CKA_SIGN_RECOVER': 'CK_BBOOL', + 'CKA_TRUSTED': 'CK_BBOOL', + 'CKA_DERIVE': 'CK_BBOOL', + 'CKA_UNWRAP': 'CK_BBOOL', + 'CKA_NEVER_EXTRACTABLE': 'CK_BBOOL', + 'CKA_PRIVATE': 'CK_BBOOL', + 'CKA_ENCRYPT': 'CK_BBOOL', + 'CKA_EXPONENT_2': 'biginteger', + 'CKA_PRIME_1': 'biginteger', + 'CKA_EC_POINT': 'bytearray', + 'CKA_ISSUER': 'bytearray', + 'CKA_CERTIFICATE_TYPE': 'CK_CERTIFICATE_TYPE', + 'CKA_CLASS': 'CK_OBJECT_CLASS', + 'CKA_OBJECT_ID': 'bytearray', + 'CKA_HASH_OF_SUBJECT_PUBLIC_KEY': 'bytearray'} diff --git a/py11/attributes.py b/py11/attributes.py index 00af79c..7c90768 100644 --- a/py11/attributes.py +++ b/py11/attributes.py @@ -48,24 +48,14 @@ class Attribute_biginteger(Attribute): class AttributeDB(object): - def __init__(self, initializer = None): + def __init__(self): + from .attribute_map import attribute_map self.db = {} - if isinstance(initializer, str): - initializer = self.parse_yaml(initializer) - for attribute_name, type_name in initializer: + for attribute_name, type_name in attribute_map.iteritems(): a = Attribute.new(attribute_name, type_name) self.db[a.name] = a self.db[a.code] = a - @staticmethod - def parse_yaml(yaml_filename): - from yaml import safe_load - with open(yaml_filename) as f: - for y in safe_load(f): - for k, v in y.iteritems(): - if k.startswith("CKA_") and "type" in v: - yield k, v["type"] - def encode(self, k, v): return self.db[k].encode(v) if k in self.db else v diff --git a/scripts/build-py11-attributes b/scripts/build-py11-attributes new file mode 100755 index 0000000..c14aa45 --- /dev/null +++ b/scripts/build-py11-attributes @@ -0,0 +1,66 @@ +#!/usr/bin/env python + +""" +Generate a Python file based on a YAML description of PKCS #11 +attributes. See comments in attributes.yaml for details. + +For use in Python we don't care about most of the annotations +in the YAML file, just the attribute name and data type. +""" + +# Author: Rob Austein +# Copyright (c) 2015, SUNET +# +# Redistribution and use in source and binary forms, with or +# without modification, are permitted provided that the following +# conditions are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# This requires a third-party YAML parser. On Debian-family Linux, +# you can install this with: +# +# sudo apt-get install python-yaml + +import os +import sys +import yaml +import argparse + +parser = argparse.ArgumentParser(description = __doc__, formatter_class = argparse.ArgumentDefaultsHelpFormatter) +parser.add_argument("yaml_file", help = "Input YAML file", nargs = "?", type = argparse.FileType("r"), default = sys.stdin) +parser.add_argument("output_file", help = "Output .py file", nargs = "?", type = argparse.FileType("w"), default = sys.stdout) +args = parser.parse_args() + +attribute_map = dict( + (k, v["type"]) + for y in yaml.safe_load(args.yaml_file) + for k, v in y.iteritems() + if k.startswith("CKA_") and "type" in v) + +args.output_file.write('''\ +# This file was generated automatically from %(input)s by %(script)s. Do not edit this file directly. + +attribute_map = %(attribute_map)s +''' % dict(script = os.path.basename(sys.argv[0]), + input = args.yaml_file.name, + attribute_map = repr(attribute_map).replace(",", ",\n").replace("{", "{\n "))) |