index : sw/libhal	auto_magic auto_zeroise ft-crc32 hal_core_alloc2-fix import_export_raw js_keywrap master modexpng python3 rsa-blind-mutation sha3_mode
	Cryptech libhal: crypto software, HSM management, RPC	git repositories

aboutsummaryrefslogtreecommitdiff

log msg author committer range

path: root/tests

Age	Commit message (Expand)	Author
2015-06-04	Disable HMAC-SHA-384 tests as neither my implementation nor PyCrypto	Rob Austein
2015-06-04	HMAC implementation and test vectors.	Rob Austein
2015-06-04	Refactor hash code prior to adding HMAC (which we need for PBKDF2).	Rob Austein
2015-06-03	ModExp now working!	Rob Austein
2015-06-01	Add padding options to test workaround for current ModExp bugs.	Rob Austein
2015-05-28	More fun with RSA test cases, still not working.	Rob Austein
2015-05-27	First pass at RSA tests.	Rob Austein
2015-05-25	Cleanup: names of *_core_present() functions, Makefile.	Rob Austein
2015-05-25	Doh, skip tests when we know core isn't present.	Rob Austein
2015-05-25	Add missing truncated SHA-512 cases.	Rob Austein
2015-05-24	Cleanup.	Rob Austein
2015-05-24	Debug hash-testing code.	Rob Austein
2015-05-24	First pass on hash test code.	Rob Austein
2015-05-24	AES key wrap now working with AES core.	Rob Austein
2015-05-24	Typing "!" when one meant "~" has interesting effects when bit masking.	Rob Austein
2015-05-23	Guess it might help to write the config value to the AES core after	Rob Austein
2015-05-21	Add test cases for 128-bit and 256-bit KEKs.	Rob Austein
2015-05-21	Add test harness: no useful tests yet, just the framework.	Rob Austein

• [prev]

generated by cgit v1.2.3 (git 2.25.1) at 2024-09-29 10:20:38 +0000

#!/usr/bin/env python

"""
Generate a C header file based on a YAML description of PKCS #11
attributes.  See comments in attributes.yaml for details.
"""

# Author: Rob Austein
# Copyright (c) 2015, NORDUnet A/S
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# - Redistributions of source code must retain the above copyright notice,
#   this list of conditions and the following disclaimer.
#
# - Redistributions in binary form must reproduce the above copyright
#   notice, this list of conditions and the following disclaimer in the
#   documentation and/or other materials provided with the distribution.
#
# - Neither the name of the NORDUnet nor the names of its contributors may
#   be used to endorse or promote products derived from this software
#   without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

# This requires a third-party YAML parser.  On Debian-family Linux,
# you can install this with:
#
#   sudo apt-get install python-yaml

import os
import sys
import yaml
import argparse


def define_flags(flag_names):
  """
  Flag definitions.  Called later, here at front of program just to
  make them easier to find.
  """

  flag_names.create("DEFAULT_VALUE", "Value field contains default")
  flag_names.footnote( 1, "REQUIRED_BY_CREATEOBJECT")
  flag_names.footnote( 2, "FORBIDDEN_BY_CREATEOBJECT")
  flag_names.footnote( 3, "REQUIRED_BY_GENERATE")
  flag_names.footnote( 4, "FORBIDDEN_BY_GENERATE")
  flag_names.footnote( 5, "REQUIRED_BY_UNWRAP")
  flag_names.footnote( 6, "FORBIDDEN_BY_UNWRAP")
  flag_names.footnote( 7, "SENSITIVE")
  flag_names.footnote( 8, "PERHAPS_MODIFIABLE")
  flag_names.footnote( 9, "DEFAULT_IS_TOKEN_SPECIFIC")
  flag_names.footnote(10, "ONLY_SO_USER_CAN_SET")
  flag_names.footnote(11, "LATCHES_WHEN_TRUE")
  flag_names.footnote(12, "LATCHES_WHEN_FALSE")


class PKCS11ParseError(Exception):
  "Failure parsing PCKS #11 object definitions from YAML data."


def write_lines(*lines, **d):
  """
  Utility to simplify writing formatted text to the output stream.
  """

  for line in lines:
    args.output_file.write((line % d) + "\n")


class Flags(object):
  """
  Descriptor flag database.

  Many of these are derived from PKCS #11 Table 15  footnotes
  """

  prefix = "P11_DESCRIPTOR_"            # Prefix string for all descriptor flags

  def __init__(self):
    self.names = []
    self.notes = {}
    self.width = 0

  def create(self, name, comment = None):
    """
    Create a descriptor flag.
    """

    assert len(self.names) < 32
    name = self.prefix + name
    self.names.append((name, comment))
    if len(name) > self.width:
      self.width = len(name)

  def footnote(self, number, name):
    """
    Create a descriptor flag for a PKCS #11 table 15 footnote.
    """

    assert number not in self.notes
    self.create(name, "Section 10.2 table 15 footnote #%2d" % number)
    self.notes[number] = self.prefix + name

  def write(self):
    """
    Generate the flags, assigning bit positions as we go.
    """

    assert len(self.names) < 32
    self.width = (((self.width + 4) >> 2) << 2) - 1
    bit = 1
    for name, comment in self.names:
      format = "#define %(name)s 0x%(bit)08x"
      if comment is not None:
        format += "  /* %(comment)s */"
      write_lines(format, bit = bit, comment = comment, name = "%-*s" % (self.width, name))
      bit <<= 1


class AttributeNumbers(dict):
  """
  Attribute names and numbers scraped (yuck) from pkcs11t.h.
  """

  def __init__(self, filename):
    with open(filename, "r") as f:
      for line in f:
        word = line.split()
        if len(word) <= 2 or word[0] != "#define" or not word[1].startswith("CKA_"):
          continue
        if word[2] in self:
          continue
        if word[2].startswith("(CKF_ARRAY_ATTRIBUTE|"):
          word[2] = word[2].translate(None, "()").split("|")[1]
        self[word[1]] = int(word[2], 16)


class Attribute(object):
  """
  Definition of one attribute.
  """

  def __init__(self, name, type = None, footnotes = None, default = None, value = None, unimplemented = False):
    assert value is None or default is None
    self.name = name
    self.type = type
    self.footnotes = footnotes
    self.default = self.convert_integers(default)
    self.value   = self.convert_integers(value)
    self.unimplemented = unimplemented

  @staticmethod
  def convert_integers(val):
    """
    Convert a non-negative integer initialization value into a byte array.
    """

    if not isinstance(val, (int, long)):
      return val
    if val < 0:
      raise ValueError("Negative integers not legal here: %s" % val)
    bytes = []
    while val > 0:
      bytes.insert(0, val & 0xFF)
      val >>= 8
    return bytes or [0]

  def inherit(self, other):
    """
    Merge values from paraent attribute definition, if any.
    """

    for k in ("type", "footnotes", "default", "value"):
      if getattr(self, k) is None:
        setattr(self, k, getattr(other, k))
    self.unimplemented = self.unimplemented or other.unimplemented

  def format_flags(self):
    """
    Generate the descriptor flags field.
    """

    flags = []
    if self.footnotes:
      flags.extend(flag_names.notes[f] for f in self.footnotes)
    if self.value is None and self.default is not None:
      flags.append("P11_DESCRIPTOR_DEFAULT_VALUE")
    flags = " | ".join(flags)
    return flags or "0"

  def format_size(self):
    """
    Generate the descriptor size field.
    """

    if isinstance(self.type, str) and self.type.startswith("CK_"):
      return "sizeof(%s)" % self.type
    elif self.type in ("rfc2279string", "biginteger", "bytearray"):
      return "0"
    else:
      raise PKCS11ParseError("Unknown meta-type %r" % self.type)

  def format_length(self):
    """
    Generate the descriptor length field.
    """

    value = self.value or self.default
    if isinstance(value, list):
      return "sizeof(const_0x%s)" % "".join("%02x" % v for v in value)
    elif value and isinstance(self.type, str) and self.type.startswith("CK_"):
      return "sizeof(%s)" % self.type
    else:
      return "0"

  def format_value(self):
    """
    Generate the descriptor value field.
    """

    value = self.value or self.default
    if not value:
      return "NULL_PTR"
    elif isinstance(value, list):
      return "const_0x" + "".join("%02x" % v for v in value)
    else:
      return "&const_" + value

  def format_constant(self, constants):
    """
    Generate constant initializer values.  These are merged so that we
    only end up declaring one copy of each initializer value no matter
    how many attributes use it.
    """

    value = self.value or self.default
    if not self.unimplemented and value:
      if isinstance(value, list):
        constants.add("static const CK_BYTE const_%s[] = { %s };" % (
          "0x" + "".join("%02x" % v for v in value),
          ", ".join("0x%02x" % v for v in value)))
      else:
        constants.add("static const %s const_%s = %s;" % (self.type, value, value))

  def generate(self):
    """
    Generate the descriptor line for this attribute.
    """

    if not self.unimplemented:
      args.output_file.write("  { %s, %s, %s, %s, %s },\n" % (
        self.name, self.format_size(), self.format_length(), self.format_value(), self.format_flags()))


class Class(object):
  """
  A PKCS #11 class.
  """

  def __init__(self, db, name, superclass = None, concrete = False, **attrs):
    assert all(a.startswith("CKA_") for a in attrs), "Non-attribute: %r" % [a for a in attrs if not a.startswith("CKA_")]
    self.attributes = dict((k, Attribute(k, **v)) for k, v in attrs.iteritems())
    self.db = db
    self.name = name
    self.superclass = superclass
    self.concrete = concrete

  def inherit(self, other):
    """
    Inherit attributes from parent type.
    """

    for k, v in other.attributes.iteritems():
      if k not in self.attributes:
        self.attributes[k] = v
      else:
        self.attributes[k].inherit(v)

  def collect_constants(self, constants):
    """
    Collect initialization constants for all attributes.
    """

    if self.concrete:
      for a in self.attributes.itervalues():
        a.format_constant(constants)

  def generate(self):
    """
    Generate a descriptor for this type.
    """

    if self.concrete:

      write_lines("",
                  "static const p11_attribute_descriptor_t p11_attribute_descriptor_%(name)s[] = {",
                  name = self.name)

      for a in sorted(self.attributes, key = lambda x: attribute_numbers[x]):
        self.attributes[a].generate()

      write_lines("};",
                  "",
                  "static const p11_descriptor_t p11_descriptor_%(name)s = {",
                  "  p11_attribute_descriptor_%(name)s,",
                  "  sizeof(p11_attribute_descriptor_%(name)s)/sizeof(p11_attribute_descriptor_t)",
                  "};",
                  name = self.name)

  def keyclassmap(self):
    """
    Generate a keyclass map entry if this is a concrete key type.
    """

    if self.concrete and all(k in self.attributes and self.attributes[k].value for k in ("CKA_CLASS", "CKA_KEY_TYPE")):
      write_lines(" { %s, %s, &p11_descriptor_%s }," % (
        self.attributes["CKA_CLASS"].value, self.attributes["CKA_KEY_TYPE"].value, self.name))


class DB(object):
  """
  Object type database parsed from YAML
  """

  def __init__(self, y):
    self.ordered = [Class(self, **y) for y in y]
    self.named = dict((c.name, c) for c in self.ordered)
    for c in self.ordered:
      if c.superclass is not None:
        c.inherit(self.named[c.superclass])

  def generate(self):
    """
    Generate output for everything in the database.
    """

    constants = set()
    for c in self.ordered:
      c.collect_constants(constants)
    for constant in sorted(constants):
      write_lines(constant)
    for c in self.ordered:
      c.generate()
    write_lines("",
                "static const p11_descriptor_keyclass_map_t p11_descriptor_keyclass_map[] = {")
    for c in self.ordered:
      c.keyclassmap()
    write_lines("};")

# Main program

parser = argparse.ArgumentParser(description = __doc__, formatter_class = argparse.ArgumentDefaultsHelpFormatter)
parser.add_argument("--pkcs11t-file", help = "Alternate location for pkcs11t.h",                            default = "pkcs11t.h")
parser.add_argument("yaml_file",      help = "Input YAML file", nargs = "?", type = argparse.FileType("r"), default = sys.stdin)
parser.add_argument("output_file",    help = "Output .h file",  nargs = "?", type = argparse.FileType("w"), default = sys.stdout)
args = parser.parse_args()

attribute_numbers = AttributeNumbers(args.pkcs11t_file)

db = DB(yaml.load(args.yaml_file))

args.output_file.write('''\
/*
 * This file was generated automatically from %(input)s by %(script)s.  Do not edit this file directly.
 */

typedef struct {
  CK_ATTRIBUTE_TYPE type;
  CK_ULONG size;                        /* Size in bytes if this is a fixed-length attribute */
  CK_ULONG length;                      /* Length in bytes of the object to which value points */
  const void *value;                    /* Default or constant depending on P11_DESCRIPTOR_DEFAULT_VALUE */
  unsigned long flags;                  /* (NULL value with P11_DESCRIPTOR_DEFAULT_VALUE means zero length default */
} p11_attribute_descriptor_t;

typedef struct {
  const p11_attribute_descriptor_t *attributes;
  CK_ULONG n_attributes;
} p11_descriptor_t;

typedef struct {
  CK_OBJECT_CLASS object_class;
  CK_KEY_TYPE key_type;
  const p11_descriptor_t *descriptor;
} p11_descriptor_keyclass_map_t;

''' % dict(script = os.path.basename(sys.argv[0]), input  = args.yaml_file.name))

flag_names = Flags()
define_flags(flag_names)
flag_names.write()
write_lines("")
db.generate()