[Cryptech-Commits] [sw/libhal] 12/14: First cut at libhal.py support for key backup.

git at cryptech.is git at cryptech.is
Thu Apr 6 23:38:11 UTC 2017


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch pkcs8
in repository sw/libhal.

commit 07f5d9d00f62c53ee28b28965e65f7ea9a05152e
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Thu Apr 6 01:12:13 2017 -0400

    First cut at libhal.py support for key backup.
---
 libhal.py | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/libhal.py b/libhal.py
index 510827c..92f3987 100644
--- a/libhal.py
+++ b/libhal.py
@@ -192,6 +192,8 @@ RPCFunc.define('''
     RPC_FUNC_PKEY_GET_KEY_CURVE,
     RPC_FUNC_PKEY_SET_ATTRIBUTES,
     RPC_FUNC_PKEY_GET_ATTRIBUTES,
+    RPC_FUNC_PKEY_EXPORT,
+    RPC_FUNC_PKEY_IMPORT,
 ''')
 
 class HALDigestAlgorithm(Enum): pass
@@ -240,6 +242,7 @@ HAL_KEY_FLAG_USAGE_KEYENCIPHERMENT      = (1 << 1)
 HAL_KEY_FLAG_USAGE_DATAENCIPHERMENT     = (1 << 2)
 HAL_KEY_FLAG_TOKEN                      = (1 << 3)
 HAL_KEY_FLAG_PUBLIC                     = (1 << 4)
+HAL_KEY_FLAG_EXPORTABLE                 = (1 << 5)
 
 HAL_PKEY_ATTRIBUTE_NIL                  = (0xFFFFFFFF)
 
@@ -402,6 +405,11 @@ class PKey(Handle):
         result.update(self.hsm.pkey_get_attributes(self, attrs.iterkeys(), sum(attrs.itervalues())))
         return result
 
+    def export_pkey(self, pkey):
+        return self.hsm.pkey_export(pkey = pkey, kekek = self, pkcs8_max = 2560, kek_max = 512)
+
+    def import_pkey(self, pkcs8, kek, flags = 0):
+        return self.hsm.pkey_import(kekek = self, pkcs8 = pkcs8, kek = kek, flags = flags)
 
 class HSM(object):
 
@@ -649,3 +657,15 @@ class HSM(object):
                 return dict((r.unpack_uint(), r.unpack_bytes()) for i in xrange(n))
             else:
                 return dict((r.unpack_uint(), r.unpack_uint()) for i in xrange(n))
+
+    def pkey_export(self, pkey, kekek, pkcs8_max = 2560, kek_max = 512):
+        with self.rpc(RPC_FUNC_PKEY_EXPORT, pkey, kekek, pkcs8_max, kek_max) as r:
+            pkcs8, kek = r.unpack_bytes(), r.unpack_bytes()
+            logger.debug("Exported pkey %s", pkey.uuid)
+            return pkcs8, kek
+
+    def pkey_import(self, kekek, pkcs8, kek, flags = 0, client = 0, session = 0):
+        with self.rpc(RPC_FUNC_PKEY_IMPORT, session, kekek, pkcs8, kek, flags, client = client) as r:
+            pkey = PKey(self, r.unpack_uint(), UUID(bytes = r.unpack_bytes()))
+            logger.debug("Imported pkey %s", pkey.uuid)
+            return pkey



More information about the Commits mailing list