[Cryptech-Commits] [sw/pkcs11] 13/14: Move YAML parsing to external script so py11 doesn't have to worry about finding attributes.yaml at runtime.

git at cryptech.is git at cryptech.is
Mon Sep 14 21:44:04 UTC 2015

Previous message (by thread): [Cryptech-Commits] [sw/pkcs11] 12/14: Add attribute database based on attributes.yaml. Simplify prototype definitions and move them to separate module.
Next message (by thread): [Cryptech-Commits] [sw/pkcs11] 14/14: Debug PKCS #11 ECDSA signature and verification.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch ecdsa
in repository sw/pkcs11.

commit e9eb486fae220903f039ffae5125894c1e156aa4
Author: Rob Austein <sra at hactrn.net>
Date:   Sat Sep 12 18:12:05 2015 -0400

    Move YAML parsing to external script so py11 doesn't have to worry
    about finding attributes.yaml at runtime.
---
 GNUmakefile                   |  5 +++-
 py11/__init__.py              |  5 ++--
 py11/attribute_map.py         | 54 +++++++++++++++++++++++++++++++++++
 py11/attributes.py            | 16 ++---------
 scripts/build-py11-attributes | 66 +++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 129 insertions(+), 17 deletions(-)

diff --git a/GNUmakefile b/GNUmakefile
index aa95233..4f8193e 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -53,7 +53,7 @@ ifndef OBJCOPY
   OBJCOPY := objcopy
 endif
 
-all: libpkcs11.so p11util
+all: libpkcs11.so p11util py11/attribute_map.py
 
 clean:
 	rm -rf pkcs11.o pkcs11.so libpkcs11.so* p11util p11util.o schema.h attributes.h
@@ -67,6 +67,9 @@ schema.h: schema.sql scripts/convert-schema.sed GNUmakefile
 attributes.h: attributes.yaml scripts/build-attributes GNUmakefile
 	python scripts/build-attributes attributes.yaml attributes.h
 
+py11/attribute_map.py: attributes.yaml scripts/build-py11-attributes GNUmakefile
+	python scripts/build-py11-attributes attributes.yaml py11/attribute_map.py
+
 pkcs11.o: pkcs11.c sql_common.h schema.h attributes.h
 	${CC} ${CFLAGS} -c $<
 
diff --git a/py11/__init__.py b/py11/__init__.py
index b67ce8a..da0c946 100644
--- a/py11/__init__.py
+++ b/py11/__init__.py
@@ -1,7 +1,6 @@
 # An attempt at a Python interface to PKCS 11 using the scary ctypes
 # module from the Python standard library.
 
-from struct      import pack, unpack
 from ctypes      import *
 from .exceptions import *
 from .types      import *
@@ -12,7 +11,7 @@ from .prototypes import *
 
 class PKCS11 (object):
 
-  def __init__(self, so_name = "libpkcs11.so", attributes_initializer = "attributes.yaml"):
+  def __init__(self, so_name = "libpkcs11.so"):
     self.so_name = so_name
     self.so = CDLL(so_name)
     def raise_on_failure(rv):
@@ -22,7 +21,7 @@ class PKCS11 (object):
       func = getattr(self.so, name)
       func.restype = raise_on_failure
       func.argtypes = args
-    self.adb = AttributeDB(attributes_initializer)
+    self.adb = AttributeDB()
 
   def __getattr__(self, name):
     return getattr(self.so, name)
diff --git a/py11/attribute_map.py b/py11/attribute_map.py
new file mode 100644
index 0000000..b689d6e
--- /dev/null
+++ b/py11/attribute_map.py
@@ -0,0 +1,54 @@
+# This file was generated automatically from attributes.yaml by build-py11-attributes.  Do not edit this file directly.
+
+attribute_map = {
+ 'CKA_COEFFICIENT': 'biginteger',
+ 'CKA_MECHANISM_TYPE': 'CK_MECHANISM_TYPE',
+ 'CKA_ID': 'bytearray',
+ 'CKA_VALUE': 'biginteger',
+ 'CKA_KEY_GEN_MECHANISM': 'CK_MECHANISM_TYPE',
+ 'CKA_LABEL': 'rfc2279string',
+ 'CKA_KEY_TYPE': 'CK_KEY_TYPE',
+ 'CKA_PRIME_2': 'biginteger',
+ 'CKA_APPLICATION': 'rfc2279string',
+ 'CKA_VERIFY': 'CK_BBOOL',
+ 'CKA_HASH_OF_ISSUER_PUBLIC_KEY': 'bytearray',
+ 'CKA_SIGN': 'CK_BBOOL',
+ 'CKA_MODULUS': 'biginteger',
+ 'CKA_START_DATE': 'CK_DATE',
+ 'CKA_CERTIFICATE_CATEGORY': 'CK_ULONG',
+ 'CKA_PRIVATE_EXPONENT': 'biginteger',
+ 'CKA_ALWAYS_SENSITIVE': 'CK_BBOOL',
+ 'CKA_LOCAL': 'CK_BBOOL',
+ 'CKA_PUBLIC_EXPONENT': 'biginteger',
+ 'CKA_SENSITIVE': 'CK_BBOOL',
+ 'CKA_WRAP_WITH_TRUSTED': 'CK_BBOOL',
+ 'CKA_EXTRACTABLE': 'CK_BBOOL',
+ 'CKA_SUBJECT': 'bytearray',
+ 'CKA_VERIFY_RECOVER': 'CK_BBOOL',
+ 'CKA_EXPONENT_1': 'biginteger',
+ 'CKA_TOKEN': 'CK_BBOOL',
+ 'CKA_DECRYPT': 'CK_BBOOL',
+ 'CKA_EC_PARAMS': 'bytearray',
+ 'CKA_END_DATE': 'CK_DATE',
+ 'CKA_JAVA_MIDP_SECURITY_DOMAIN': 'CK_ULONG',
+ 'CKA_MODIFIABLE': 'CK_BBOOL',
+ 'CKA_CHECK_VALUE': 'bytearray',
+ 'CKA_URL': 'rfc2279string',
+ 'CKA_SERIAL_NUMBER': 'bytearray',
+ 'CKA_MODULUS_BITS': 'CK_ULONG',
+ 'CKA_WRAP': 'CK_BBOOL',
+ 'CKA_SIGN_RECOVER': 'CK_BBOOL',
+ 'CKA_TRUSTED': 'CK_BBOOL',
+ 'CKA_DERIVE': 'CK_BBOOL',
+ 'CKA_UNWRAP': 'CK_BBOOL',
+ 'CKA_NEVER_EXTRACTABLE': 'CK_BBOOL',
+ 'CKA_PRIVATE': 'CK_BBOOL',
+ 'CKA_ENCRYPT': 'CK_BBOOL',
+ 'CKA_EXPONENT_2': 'biginteger',
+ 'CKA_PRIME_1': 'biginteger',
+ 'CKA_EC_POINT': 'bytearray',
+ 'CKA_ISSUER': 'bytearray',
+ 'CKA_CERTIFICATE_TYPE': 'CK_CERTIFICATE_TYPE',
+ 'CKA_CLASS': 'CK_OBJECT_CLASS',
+ 'CKA_OBJECT_ID': 'bytearray',
+ 'CKA_HASH_OF_SUBJECT_PUBLIC_KEY': 'bytearray'}
diff --git a/py11/attributes.py b/py11/attributes.py
index 00af79c..7c90768 100644
--- a/py11/attributes.py
+++ b/py11/attributes.py
@@ -48,24 +48,14 @@ class Attribute_biginteger(Attribute):
 
 class AttributeDB(object):
 
-  def __init__(self, initializer = None):
+  def __init__(self):
+    from .attribute_map import attribute_map
     self.db = {}
-    if isinstance(initializer, str):
-      initializer = self.parse_yaml(initializer)
-    for attribute_name, type_name in initializer:
+    for attribute_name, type_name in attribute_map.iteritems():
       a = Attribute.new(attribute_name, type_name)
       self.db[a.name] = a
       self.db[a.code] = a
 
-  @staticmethod
-  def parse_yaml(yaml_filename):
-    from yaml import safe_load
-    with open(yaml_filename) as f:
-      for y in safe_load(f):
-        for k, v in y.iteritems():
-          if k.startswith("CKA_") and "type" in v:
-            yield k, v["type"]
-
   def encode(self, k, v):
     return self.db[k].encode(v) if k in self.db else v
 
diff --git a/scripts/build-py11-attributes b/scripts/build-py11-attributes
new file mode 100755
index 0000000..c14aa45
--- /dev/null
+++ b/scripts/build-py11-attributes
@@ -0,0 +1,66 @@
+#!/usr/bin/env python
+
+"""
+Generate a Python file based on a YAML description of PKCS #11
+attributes.  See comments in attributes.yaml for details.
+
+For use in Python we don't care about most of the annotations
+in the YAML file, just the attribute name and data type.
+"""
+
+# Author: Rob Austein
+# Copyright (c) 2015, SUNET
+#
+# Redistribution and use in source and binary forms, with or
+# without modification, are permitted provided that the following
+# conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# This requires a third-party YAML parser.  On Debian-family Linux,
+# you can install this with:
+#
+#   sudo apt-get install python-yaml
+
+import os
+import sys
+import yaml
+import argparse
+
+parser = argparse.ArgumentParser(description = __doc__, formatter_class = argparse.ArgumentDefaultsHelpFormatter)
+parser.add_argument("yaml_file",      help = "Input YAML file", nargs = "?", type = argparse.FileType("r"), default = sys.stdin)
+parser.add_argument("output_file",    help = "Output .py file", nargs = "?", type = argparse.FileType("w"), default = sys.stdout)
+args = parser.parse_args()
+
+attribute_map = dict(
+  (k, v["type"])
+  for y in yaml.safe_load(args.yaml_file)
+  for k, v in y.iteritems()
+  if k.startswith("CKA_") and "type" in v) 
+
+args.output_file.write('''\
+# This file was generated automatically from %(input)s by %(script)s.  Do not edit this file directly.
+
+attribute_map = %(attribute_map)s
+''' % dict(script = os.path.basename(sys.argv[0]),
+           input  = args.yaml_file.name,
+           attribute_map = repr(attribute_map).replace(",", ",\n").replace("{", "{\n ")))

Previous message (by thread): [Cryptech-Commits] [sw/pkcs11] 12/14: Add attribute database based on attributes.yaml. Simplify prototype definitions and move them to separate module.
Next message (by thread): [Cryptech-Commits] [sw/pkcs11] 14/14: Debug PKCS #11 ECDSA signature and verification.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Commits mailing list