tyler.durden
/
PyKMIP
mirror of https://github.com/OpenKMIP/PyKMIP.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updating the CryptographicParameters struct 

This change updates the CryptographicParameters struct, removing the
primitive class wrappers that it used to use for attribute values
and replacing them with struct properties that internally manage the
primitive objects directly. This gutting and regutting necessitates
cascading changes to every part of the library that used these
internal primitive class wrappers, including unit tests, client and
client tests, and attribute factory handlers. All of these have been
updated to reflect the correct usage of the CryptographicParameters
struct.

This change also adds in additional attribute members for the
CryptographicParameters struct to bring it up to spec with KMIP 1.2.
This commit is contained in:
Peter Hamilton 2017-05-24 15:39:09 -04:00
parent e591873bf4
commit 471d0a1ad8
10 changed files with 1636 additions and 341 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

553
kmip/core/attributes.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
import six
from kmip.core import enums from kmip.core import enums
from kmip.core.enums import CertificateTypeEnum from kmip.core.enums import CertificateTypeEnum
@ -24,6 +26,7 @@ from kmip.core.errors import ErrorStrings
from kmip.core.misc import KeyFormatType from kmip.core.misc import KeyFormatType
from kmip.core.primitives import Boolean
from kmip.core.primitives import ByteString from kmip.core.primitives import ByteString
from kmip.core.primitives import Enumeration from kmip.core.primitives import Enumeration
from kmip.core.primitives import Integer from kmip.core.primitives import Integer
@ -255,163 +258,468 @@ class HashingAlgorithm(Enumeration):
class CryptographicParameters(Struct): class CryptographicParameters(Struct):
"""
A set of values for cryptographic operations.
class BlockCipherMode(Enumeration): A structure containing optional fields describing certain cryptographic
parameters to be used when performing cryptographic operations with the
associated KMIP object.
"""
def __init__(self, value=None):
super(CryptographicParameters.BlockCipherMode, self).__init__(
enums.BlockCipherMode, value, Tags.BLOCK_CIPHER_MODE)
class PaddingMethod(Enumeration):
def __init__(self, value=None):
super(CryptographicParameters.PaddingMethod, self).__init__(
enums.PaddingMethod, value, Tags.PADDING_METHOD)
class KeyRoleType(Enumeration):
def __init__(self, value=None):
super(CryptographicParameters.KeyRoleType, self).__init__(
enums.KeyRoleType, value, Tags.KEY_ROLE_TYPE)
class DigitalSignatureAlgorithm(Enumeration):
def __init__(self, value=None):
super(CryptographicParameters.DigitalSignatureAlgorithm,
self).__init__(enums.DigitalSignatureAlgorithm,
value, Tags.DIGITAL_SIGNATURE_ALGORITHM)
# TODO: Need to implement other fields of CryptographicParameters (3.6)
def __init__(self, def __init__(self,
block_cipher_mode=None, block_cipher_mode=None,
padding_method=None, padding_method=None,
hashing_algorithm=None, hashing_algorithm=None,
key_role_type=None, key_role_type=None,
digital_signature_algorithm=None, digital_signature_algorithm=None,
cryptographic_algorithm=None): cryptographic_algorithm=None,
random_iv=None,
iv_length=None,
tag_length=None,
fixed_field_length=None,
invocation_field_length=None,
counter_length=None,
initial_counter_value=None):
super(CryptographicParameters, self).__init__( super(CryptographicParameters, self).__init__(
tag=Tags.CRYPTOGRAPHIC_PARAMETERS) tag=Tags.CRYPTOGRAPHIC_PARAMETERS)
self._block_cipher_mode = None
self._padding_method = None
self._hashing_algorithm = None
self._key_role_type = None
self._digital_signature_algorithm = None
self._cryptographic_algorithm = None
self._random_iv = None
self._iv_length = None
self._tag_length = None
self._fixed_field_length = None
self._invocation_field_length = None
self._counter_length = None
self._initial_counter_value = None
self.block_cipher_mode = block_cipher_mode self.block_cipher_mode = block_cipher_mode
self.padding_method = padding_method self.padding_method = padding_method
self.hashing_algorithm = hashing_algorithm self.hashing_algorithm = hashing_algorithm
self.key_role_type = key_role_type self.key_role_type = key_role_type
self.digital_signature_algorithm = digital_signature_algorithm self.digital_signature_algorithm = digital_signature_algorithm
self.cryptographic_algorithm = cryptographic_algorithm self.cryptographic_algorithm = cryptographic_algorithm
self.random_iv = random_iv
self.iv_length = iv_length
self.tag_length = tag_length
self.fixed_field_length = fixed_field_length
self.invocation_field_length = invocation_field_length
self.counter_length = counter_length
self.initial_counter_value = initial_counter_value
@property
def block_cipher_mode(self):
if self._block_cipher_mode:
return self._block_cipher_mode.value
else:
return None
@block_cipher_mode.setter
def block_cipher_mode(self, value):
if value is None:
self._block_cipher_mode = None
elif isinstance(value, enums.BlockCipherMode):
self._block_cipher_mode = Enumeration(
enums.BlockCipherMode,
value=value,
tag=Tags.BLOCK_CIPHER_MODE
)
else:
raise TypeError(
"block cipher mode must be a BlockCipherMode enumeration"
)
@property
def padding_method(self):
if self._padding_method:
return self._padding_method.value
else:
return None
@padding_method.setter
def padding_method(self, value):
if value is None:
self._padding_method = None
elif isinstance(value, enums.PaddingMethod):
self._padding_method = Enumeration(
enums.PaddingMethod,
value=value,
tag=Tags.PADDING_METHOD
)
else:
raise TypeError(
"padding method must be a PaddingMethod enumeration"
)
@property
def hashing_algorithm(self):
if self._hashing_algorithm:
return self._hashing_algorithm.value
else:
return None
@hashing_algorithm.setter
def hashing_algorithm(self, value):
if value is None:
self._hashing_algorithm = None
elif isinstance(value, enums.HashingAlgorithm):
self._hashing_algorithm = Enumeration(
enums.HashingAlgorithm,
value=value,
tag=Tags.HASHING_ALGORITHM
)
else:
raise TypeError(
"hashing algorithm must be a HashingAlgorithm enumeration"
)
@property
def key_role_type(self):
if self._key_role_type:
return self._key_role_type.value
else:
return None
@key_role_type.setter
def key_role_type(self, value):
if value is None:
self._key_role_type = None
elif isinstance(value, enums.KeyRoleType):
self._key_role_type = Enumeration(
enums.KeyRoleType,
value=value,
tag=Tags.KEY_ROLE_TYPE
)
else:
raise TypeError(
"key role type must be a KeyRoleType enumeration"
)
@property
def digital_signature_algorithm(self):
if self._digital_signature_algorithm:
return self._digital_signature_algorithm.value
else:
return None
@digital_signature_algorithm.setter
def digital_signature_algorithm(self, value):
if value is None:
self._digital_signature_algorithm = None
elif isinstance(value, enums.DigitalSignatureAlgorithm):
self._digital_signature_algorithm = Enumeration(
enums.DigitalSignatureAlgorithm,
value=value,
tag=Tags.DIGITAL_SIGNATURE_ALGORITHM
)
else:
raise TypeError(
"digital signature algorithm must be a "
"DigitalSignatureAlgorithm enumeration"
)
@property
def cryptographic_algorithm(self):
if self._cryptographic_algorithm:
return self._cryptographic_algorithm.value
else:
return None
@cryptographic_algorithm.setter
def cryptographic_algorithm(self, value):
if value is None:
self._cryptographic_algorithm = None
elif isinstance(value, enums.CryptographicAlgorithm):
self._cryptographic_algorithm = Enumeration(
enums.CryptographicAlgorithm,
value=value,
tag=Tags.CRYPTOGRAPHIC_ALGORITHM
)
else:
raise TypeError(
"cryptographic algorithm must be a CryptographicAlgorithm "
"enumeration"
)
@property
def random_iv(self):
if self._random_iv:
return self._random_iv.value
else:
return None
@random_iv.setter
def random_iv(self, value):
if value is None:
self._random_iv = None
elif isinstance(value, bool):
self._random_iv = Boolean(
value=value,
tag=Tags.RANDOM_IV
)
else:
raise TypeError("random iv must be a boolean")
@property
def iv_length(self):
if self._iv_length:
return self._iv_length.value
else:
return None
@iv_length.setter
def iv_length(self, value):
if value is None:
self._iv_length = None
elif isinstance(value, six.integer_types):
self._iv_length = Integer(
value=value,
tag=Tags.IV_LENGTH
)
else:
raise TypeError("iv length must be an integer")
@property
def tag_length(self):
if self._tag_length:
return self._tag_length.value
else:
return None
@tag_length.setter
def tag_length(self, value):
if value is None:
self._tag_length = None
elif isinstance(value, six.integer_types):
self._tag_length = Integer(
value=value,
tag=Tags.TAG_LENGTH
)
else:
raise TypeError("tag length must be an integer")
@property
def fixed_field_length(self):
if self._fixed_field_length:
return self._fixed_field_length.value
else:
return None
@fixed_field_length.setter
def fixed_field_length(self, value):
if value is None:
self._fixed_field_length = None
elif isinstance(value, six.integer_types):
self._fixed_field_length = Integer(
value=value,
tag=Tags.FIXED_FIELD_LENGTH
)
else:
raise TypeError("fixed field length must be an integer")
@property
def invocation_field_length(self):
if self._invocation_field_length:
return self._invocation_field_length.value
else:
return None
@invocation_field_length.setter
def invocation_field_length(self, value):
if value is None:
self._invocation_field_length = None
elif isinstance(value, six.integer_types):
self._invocation_field_length = Integer(
value=value,
tag=Tags.INVOCATION_FIELD_LENGTH
)
else:
raise TypeError("invocation field length must be an integer")
@property
def counter_length(self):
if self._counter_length:
return self._counter_length.value
else:
return None
@counter_length.setter
def counter_length(self, value):
if value is None:
self._counter_length = None
elif isinstance(value, six.integer_types):
self._counter_length = Integer(
value=value,
tag=Tags.COUNTER_LENGTH
)
else:
raise TypeError("counter length must be an integer")
@property
def initial_counter_value(self):
if self._initial_counter_value:
return self._initial_counter_value.value
else:
return None
@initial_counter_value.setter
def initial_counter_value(self, value):
if value is None:
self._initial_counter_value = None
elif isinstance(value, six.integer_types):
self._initial_counter_value = Integer(
value=value,
tag=Tags.INITIAL_COUNTER_VALUE
)
else:
raise TypeError("initial counter value must be an integer")
def read(self, istream): def read(self, istream):
super(CryptographicParameters, self).read(istream) super(CryptographicParameters, self).read(istream)
tstream = BytearrayStream(istream.read(self.length)) tstream = BytearrayStream(istream.read(self.length))
if self.is_tag_next(Tags.BLOCK_CIPHER_MODE, tstream): if self.is_tag_next(Tags.BLOCK_CIPHER_MODE, tstream):
self.block_cipher_mode = CryptographicParameters.BlockCipherMode() self._block_cipher_mode = Enumeration(
self.block_cipher_mode.read(tstream) enums.BlockCipherMode,
tag=Tags.BLOCK_CIPHER_MODE
)
self._block_cipher_mode.read(tstream)
if self.is_tag_next(Tags.PADDING_METHOD, tstream): if self.is_tag_next(Tags.PADDING_METHOD, tstream):
self.padding_method = CryptographicParameters.PaddingMethod() self._padding_method = Enumeration(
self.padding_method.read(tstream) enums.PaddingMethod,
tag=Tags.PADDING_METHOD
)
self._padding_method.read(tstream)
if self.is_tag_next(Tags.HASHING_ALGORITHM, tstream): if self.is_tag_next(Tags.HASHING_ALGORITHM, tstream):
self.hashing_algorithm = HashingAlgorithm() self._hashing_algorithm = Enumeration(
self.hashing_algorithm.read(tstream) enums.HashingAlgorithm,
tag=Tags.HASHING_ALGORITHM
)
self._hashing_algorithm.read(tstream)
if self.is_tag_next(Tags.KEY_ROLE_TYPE, tstream): if self.is_tag_next(Tags.KEY_ROLE_TYPE, tstream):
self.key_role_type = CryptographicParameters.KeyRoleType() self._key_role_type = Enumeration(
self.key_role_type.read(tstream) enums.KeyRoleType,
tag=Tags.KEY_ROLE_TYPE
)
self._key_role_type.read(tstream)
if self.is_tag_next(Tags.DIGITAL_SIGNATURE_ALGORITHM, tstream): if self.is_tag_next(Tags.DIGITAL_SIGNATURE_ALGORITHM, tstream):
self.digital_signature_algorithm = \ self._digital_signature_algorithm = Enumeration(
CryptographicParameters.DigitalSignatureAlgorithm() enums.DigitalSignatureAlgorithm,
self.digital_signature_algorithm.read(tstream) tag=Tags.DIGITAL_SIGNATURE_ALGORITHM
)
self._digital_signature_algorithm.read(tstream)
if self.is_tag_next(Tags.CRYPTOGRAPHIC_ALGORITHM, tstream): if self.is_tag_next(Tags.CRYPTOGRAPHIC_ALGORITHM, tstream):
self.cryptographic_algorithm = CryptographicAlgorithm() self._cryptographic_algorithm = Enumeration(
self.cryptographic_algorithm.read(tstream) enums.CryptographicAlgorithm,
tag=Tags.CRYPTOGRAPHIC_ALGORITHM
)
self._cryptographic_algorithm.read(tstream)
if self.is_tag_next(Tags.RANDOM_IV, tstream):
self._random_iv = Boolean(tag=Tags.RANDOM_IV)
self._random_iv.read(tstream)
if self.is_tag_next(Tags.IV_LENGTH, tstream):
self._iv_length = Integer(tag=Tags.IV_LENGTH)
self._iv_length.read(tstream)
if self.is_tag_next(Tags.TAG_LENGTH, tstream):
self._tag_length = Integer(tag=Tags.TAG_LENGTH)
self._tag_length.read(tstream)
if self.is_tag_next(Tags.FIXED_FIELD_LENGTH, tstream):
self._fixed_field_length = Integer(tag=Tags.FIXED_FIELD_LENGTH)
self._fixed_field_length.read(tstream)
if self.is_tag_next(Tags.INVOCATION_FIELD_LENGTH, tstream):
self._invocation_field_length = Integer(
tag=Tags.INVOCATION_FIELD_LENGTH
)
self._invocation_field_length.read(tstream)
if self.is_tag_next(Tags.COUNTER_LENGTH, tstream):
self._counter_length = Integer(tag=Tags.COUNTER_LENGTH)
self._counter_length.read(tstream)
if self.is_tag_next(Tags.INITIAL_COUNTER_VALUE, tstream):
self._initial_counter_value = Integer(
tag=Tags.INITIAL_COUNTER_VALUE
)
self._initial_counter_value.read(tstream)
self.is_oversized(tstream) self.is_oversized(tstream)
self.validate()
def write(self, ostream): def write(self, ostream):
tstream = BytearrayStream() tstream = BytearrayStream()
# Write the contents of the request payload if self._block_cipher_mode:
if self.block_cipher_mode is not None: self._block_cipher_mode.write(tstream)
self.block_cipher_mode.write(tstream) if self._padding_method:
if self.padding_method is not None: self._padding_method.write(tstream)
self.padding_method.write(tstream) if self._hashing_algorithm:
if self.hashing_algorithm is not None: self._hashing_algorithm.write(tstream)
self.hashing_algorithm.write(tstream) if self._key_role_type:
if self.key_role_type is not None: self._key_role_type.write(tstream)
self.key_role_type.write(tstream) if self._digital_signature_algorithm:
if self.digital_signature_algorithm is not None: self._digital_signature_algorithm.write(tstream)
self.digital_signature_algorithm.write(tstream) if self._cryptographic_algorithm:
if self.cryptographic_algorithm is not None: self._cryptographic_algorithm.write(tstream)
self.cryptographic_algorithm.write(tstream) if self._random_iv:
self._random_iv.write(tstream)
if self._iv_length:
self._iv_length.write(tstream)
if self._tag_length:
self._tag_length.write(tstream)
if self._fixed_field_length:
self._fixed_field_length.write(tstream)
if self._invocation_field_length:
self._invocation_field_length.write(tstream)
if self._counter_length:
self._counter_length.write(tstream)
if self._initial_counter_value:
self._initial_counter_value.write(tstream)
# Write the length and value of the request payload
self.length = tstream.length() self.length = tstream.length()
super(CryptographicParameters, self).write(ostream) super(CryptographicParameters, self).write(ostream)
ostream.write(tstream.buffer) ostream.write(tstream.buffer)
def validate(self):
self.__validate()
def __validate(self):
if self.block_cipher_mode is not None:
if not isinstance(self.block_cipher_mode, self.BlockCipherMode):
msg = "Invalid block cipher mode"
msg += "; expected {0}, received {1}".format(
self.BlockCipherMode, self.block_cipher_mode)
raise TypeError(msg)
if self.padding_method is not None:
if not isinstance(self.padding_method, self.PaddingMethod):
msg = "Invalid padding method"
msg += "; expected {0}, received {1}".format(
self.PaddingMethod, self.padding_method)
raise TypeError(msg)
if self.hashing_algorithm is not None:
if not isinstance(self.hashing_algorithm, HashingAlgorithm):
msg = "Invalid hashing algorithm"
msg += "; expected {0}, received {1}".format(
HashingAlgorithm, self.hashing_algorithm)
raise TypeError(msg)
if self.key_role_type is not None:
if not isinstance(self.key_role_type, self.KeyRoleType):
msg = "Invalid key role type"
msg += "; expected {0}, received {1}".format(
self.KeyRoleType, self.key_role_type)
raise TypeError(msg)
if self.digital_signature_algorithm is not None:
if not isinstance(
self.digital_signature_algorithm,
CryptographicParameters.DigitalSignatureAlgorithm
):
msg = "Invalid digital signature algorithm"
msg += "; expected {0}, received {1}".format(
CryptographicParameters.DigitalSignatureAlgorithm,
self.digital_signature_algorithm)
raise TypeError(msg)
if self.cryptographic_algorithm is not None:
if not isinstance(self.cryptographic_algorithm,
CryptographicAlgorithm):
msg = "Invalid cryptograhic algorithm"
msg += "; expected {0}, received {1}".format(
CryptographicAlgorithm, self.cryptographic_algorithm)
raise TypeError(msg)
def __eq__(self, other): def __eq__(self, other):
if isinstance(other, CryptographicParameters): if isinstance(other, CryptographicParameters):
if self.block_cipher_mode != other.block_cipher_mode: if self.block_cipher_mode != other.block_cipher_mode:
return False return False
elif self.key_role_type != other.key_role_type: elif self.padding_method != other.padding_method:
return False return False
elif self.hashing_algorithm != other.hashing_algorithm: elif self.hashing_algorithm != other.hashing_algorithm:
return False return False
elif self.key_role_type != other.key_role_type:
return False
elif self.digital_signature_algorithm \ elif self.digital_signature_algorithm \
!= other.digital_signature_algorithm: != other.digital_signature_algorithm:
return False return False
elif self.cryptographic_algorithm != other.cryptographic_algorithm: elif self.cryptographic_algorithm != other.cryptographic_algorithm:
return False return False
elif self.padding_method != other.padding_method: elif self.random_iv != other.random_iv:
return False
elif self.iv_length != other.iv_length:
return False
elif self.tag_length != other.tag_length:
return False
elif self.fixed_field_length != other.fixed_field_length:
return False
elif self.invocation_field_length != other.invocation_field_length:
return False
elif self.counter_length != other.counter_length:
return False
elif self.initial_counter_value != other.initial_counter_value:
return False return False
else: else:
return True return True
@ -422,6 +730,47 @@ class CryptographicParameters(Struct):
else: else:
return NotImplemented return NotImplemented
def __repr__(self):
args = ", ".join([
"block_cipher_mode={0}".format(self.block_cipher_mode),
"padding_method={0}".format(self.padding_method),
"hashing_algorithm={0}".format(self.hashing_algorithm),
"key_role_type={0}".format(self.key_role_type),
"digital_signature_algorithm={0}".format(
self.digital_signature_algorithm
),
"cryptographic_algorithm={0}".format(
self.cryptographic_algorithm
),
"random_iv={0}".format(self.random_iv),
"iv_length={0}".format(self.iv_length),
"tag_length={0}".format(self.tag_length),
"fixed_field_length={0}".format(self.fixed_field_length),
"invocation_field_length={0}".format(
self.invocation_field_length
),
"counter_length={0}".format(self.counter_length),
"initial_counter_value={0}".format(self.initial_counter_value)
])
return "CryptographicParameters({0})".format(args)
def __str__(self):
return str({
'block_cipher_mode': self.block_cipher_mode,
'padding_method': self.padding_method,
'hashing_algorithm': self.hashing_algorithm,
'key_role_type': self.key_role_type,
'digital_signature_algorithm': self.digital_signature_algorithm,
'cryptographic_algorithm': self.cryptographic_algorithm,
'random_iv': self.random_iv,
'iv_length': self.iv_length,
'tag_length': self.tag_length,
'fixed_field_length': self.fixed_field_length,
'invocation_field_length': self.invocation_field_length,
'counter_length': self.counter_length,
'initial_counter_value': self.initial_counter_value
})
class CertificateType(Enumeration): class CertificateType(Enumeration):
""" """

77
kmip/core/factories/attribute_values.py
View File

@ -136,52 +136,39 @@ class AttributeValueFactory(object):
return attributes.CryptographicLength(length) return attributes.CryptographicLength(length)
def _create_cryptographic_parameters(self, params): def _create_cryptographic_parameters(self, params):
bcm = None if params is None:
padding_method = None params = {}
hashing_algorithm = None
key_role_type = None
digital_signature_algorithm = None
cryptographic_algorithm = None
# TODO: Need to implement other fields of CryptographicParameters (3.6)
if params is not None: if isinstance(params, dict):
return attributes.CryptographicParameters(
if 'block_cipher_mode' in params: block_cipher_mode=params.get('block_cipher_mode', None),
bcm = attributes.CryptographicParameters.BlockCipherMode( padding_method=params.get('padding_method', None),
params.get('block_cipher_mode')) hashing_algorithm=params.get('hashing_algorithm', None),
key_role_type=params.get('key_role_type', None),
padding_method = None digital_signature_algorithm=params.get(
if 'padding_method' in params: 'digital_signature_algorithm',
padding_method = attributes.CryptographicParameters. \ None
PaddingMethod(params.get('padding_method')) ),
cryptographic_algorithm=params.get(
key_role_type = None 'cryptographic_algorithm',
if 'key_role_type' in params: None
key_role_type = attributes.CryptographicParameters.KeyRoleType( ),
params.get('key_role_type')) random_iv=params.get('random_iv', None),
iv_length=params.get('iv_length', None),
hashing_algorithm = None tag_length=params.get('tag_length', None),
if 'hashing_algorithm' in params: fixed_field_length=params.get('fixed_field_length', None),
hashing_algorithm = attributes.HashingAlgorithm( invocation_field_length=params.get(
params.get("hashing_algorithm")) 'invocation_field_length',
None
if 'digital_signature_algorithm' in params: ),
digital_signature_algorithm = \ counter_length=params.get('counter_length', None),
attributes.CryptographicParameters. \ initial_counter_value=params.get(
DigitalSignatureAlgorithm( 'initial_counter_value',
params.get("digital_signature_algorithm")) None
)
if 'cryptographic_algorithm' in params: )
cryptographic_algorithm = attributes.CryptographicAlgorithm( else:
params.get("cryptographic_algorithm")) raise TypeError("cryptographic parameters must be a dict")
return attributes.CryptographicParameters(
block_cipher_mode=bcm,
padding_method=padding_method,
hashing_algorithm=hashing_algorithm,
key_role_type=key_role_type,
digital_signature_algorithm=digital_signature_algorithm,
cryptographic_algorithm=cryptographic_algorithm)
def _create_cryptographic_usage_mask(self, flags): def _create_cryptographic_usage_mask(self, flags):
mask = None mask = None

6
kmip/pie/client.py
View File

@ -22,8 +22,7 @@ from kmip.core import objects as cobjects
from kmip.core.factories import attributes from kmip.core.factories import attributes
from kmip.core.attributes import CryptographicParameters, \ from kmip.core.attributes import CryptographicParameters
CryptographicAlgorithm
from kmip.pie import api from kmip.pie import api
from kmip.pie import exceptions from kmip.pie import exceptions
@ -687,7 +686,8 @@ class ProxyKmipClient(api.KmipClient):
raise exceptions.ClientConnectionNotOpen() raise exceptions.ClientConnectionNotOpen()
parameters_attribute = CryptographicParameters( parameters_attribute = CryptographicParameters(
cryptographic_algorithm=CryptographicAlgorithm(algorithm)) cryptographic_algorithm=algorithm
)
# Get the message authentication code and handle the results # Get the message authentication code and handle the results
result = self.proxy.mac(data, uid, parameters_attribute) result = self.proxy.mac(data, uid, parameters_attribute)

2
kmip/services/server/engine.py
View File

@ -1700,7 +1700,7 @@ class KmipEngine(object):
if (payload.cryptographic_parameters and if (payload.cryptographic_parameters and
payload.cryptographic_parameters.cryptographic_algorithm): payload.cryptographic_parameters.cryptographic_algorithm):
algorithm = \ algorithm = \
payload.cryptographic_parameters.cryptographic_algorithm.value payload.cryptographic_parameters.cryptographic_algorithm
elif (isinstance(managed_object, objects.Key) and elif (isinstance(managed_object, objects.Key) and
managed_object.cryptographic_algorithm): managed_object.cryptographic_algorithm):
algorithm = managed_object.cryptographic_algorithm algorithm = managed_object.cryptographic_algorithm

1241
kmip/tests/unit/core/attributes/test_attributes.py
View File

File diff suppressed because it is too large Load Diff

64
kmip/tests/unit/core/factories/test_attribute_values.py
View File

@ -93,35 +93,55 @@ class TestAttributeValueFactory(testtools.TestCase):
'digital_signature_algorithm': 'digital_signature_algorithm':
enums.DigitalSignatureAlgorithm.ECDSA_WITH_SHA512, enums.DigitalSignatureAlgorithm.ECDSA_WITH_SHA512,
'cryptographic_algorithm': 'cryptographic_algorithm':
enums.CryptographicAlgorithm.HMAC_SHA512} enums.CryptographicAlgorithm.HMAC_SHA512,
params = self.factory.create_attribute_value( 'random_iv': True,
enums.AttributeType.CRYPTOGRAPHIC_PARAMETERS, value) 'iv_length': 96,
'tag_length': None,
'fixed_field_length': 32,
'invocation_field_length': 64,
'counter_length': None,
'initial_counter_value': 1
}
cryptographic_parameters = self.factory.create_attribute_value(
enums.AttributeType.CRYPTOGRAPHIC_PARAMETERS,
value
)
# TODO (peter-hamilton): Update assertEquals after structure changes self.assertIsInstance(
self.assertIsInstance(params, attributes.CryptographicParameters) cryptographic_parameters,
attributes.CryptographicParameters
)
self.assertEqual( self.assertEqual(
attributes.CryptographicParameters.BlockCipherMode( enums.BlockCipherMode.NIST_KEY_WRAP,
enums.BlockCipherMode.NIST_KEY_WRAP), cryptographic_parameters.block_cipher_mode
params.block_cipher_mode) )
self.assertEqual( self.assertEqual(
attributes.CryptographicParameters.PaddingMethod( enums.PaddingMethod.ANSI_X9_23,
enums.PaddingMethod.ANSI_X9_23), cryptographic_parameters.padding_method
params.padding_method) )
self.assertEqual( self.assertEqual(
attributes.CryptographicParameters.KeyRoleType( enums.KeyRoleType.KEK,
enums.KeyRoleType.KEK), cryptographic_parameters.key_role_type
params.key_role_type) )
self.assertEqual( self.assertEqual(
attributes.HashingAlgorithm(enums.HashingAlgorithm.SHA_512), enums.HashingAlgorithm.SHA_512,
params.hashing_algorithm) cryptographic_parameters.hashing_algorithm
)
self.assertEqual( self.assertEqual(
attributes.CryptographicParameters.DigitalSignatureAlgorithm( enums.DigitalSignatureAlgorithm.ECDSA_WITH_SHA512,
enums.DigitalSignatureAlgorithm.ECDSA_WITH_SHA512), cryptographic_parameters.digital_signature_algorithm
params.digital_signature_algorithm) )
self.assertEqual( self.assertEqual(
attributes.CryptographicAlgorithm( enums.CryptographicAlgorithm.HMAC_SHA512,
enums.CryptographicAlgorithm.HMAC_SHA512), cryptographic_parameters.cryptographic_algorithm
params.cryptographic_algorithm) )
self.assertEqual(True, cryptographic_parameters.random_iv)
self.assertEqual(96, cryptographic_parameters.iv_length)
self.assertEqual(None, cryptographic_parameters.tag_length)
self.assertEqual(32, cryptographic_parameters.fixed_field_length)
self.assertEqual(64, cryptographic_parameters.invocation_field_length)
self.assertEqual(None, cryptographic_parameters.counter_length)
self.assertEqual(1, cryptographic_parameters.initial_counter_value)
def test_create_cryptographic_domain_parameters(self): def test_create_cryptographic_domain_parameters(self):
""" """

4
kmip/tests/unit/core/messages/payloads/test_mac.py
View File

@ -31,8 +31,8 @@ class TestMACRequestPayload(TestCase):
self.unique_identifier = attributes.UniqueIdentifier(value='1') self.unique_identifier = attributes.UniqueIdentifier(value='1')
self.cryptographic_parameters = \ self.cryptographic_parameters = \
attributes.CryptographicParameters( attributes.CryptographicParameters(
cryptographic_algorithm=attributes.CryptographicAlgorithm( cryptographic_algorithm=enums.CryptographicAlgorithm.
enums.CryptographicAlgorithm.HMAC_SHA512) HMAC_SHA512
) )
self.data = objects.Data( self.data = objects.Data(
value=(b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B' value=(b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B'

11
kmip/tests/unit/core/messages/test_messages.py
View File

@ -1077,13 +1077,13 @@ class TestRequestMessage(TestCase):
cryptographic_algorithm = parameters_attribute.cryptographic_algorithm cryptographic_algorithm = parameters_attribute.cryptographic_algorithm
msg = "Bad cryptographic algorithm type: expected {0}, received {1}" msg = "Bad cryptographic algorithm type: expected {0}, received {1}"
self.assertIsInstance(cryptographic_algorithm, self.assertIsInstance(cryptographic_algorithm,
attr.CryptographicAlgorithm, enums.CryptographicAlgorithm,
msg.format(attr.CryptographicAlgorithm, msg.format(enums.CryptographicAlgorithm,
type(cryptographic_algorithm))) type(cryptographic_algorithm)))
msg = "Bad cryptographic algorithm value: expected {0}, received {1}" msg = "Bad cryptographic algorithm value: expected {0}, received {1}"
self.assertEquals(cryptographic_algorithm.value, self.assertEquals(cryptographic_algorithm,
enums.CryptographicAlgorithm.HMAC_SHA512, enums.CryptographicAlgorithm.HMAC_SHA512,
msg.format(cryptographic_algorithm.value, msg.format(cryptographic_algorithm,
enums.CryptographicAlgorithm.HMAC_SHA512)) enums.CryptographicAlgorithm.HMAC_SHA512))
data = request_payload.data data = request_payload.data
@ -1114,8 +1114,7 @@ class TestRequestMessage(TestCase):
b'\x0C\x0D\x0E\x0F') b'\x0C\x0D\x0E\x0F')
) )
parameters_attribute = attr.CryptographicParameters( parameters_attribute = attr.CryptographicParameters(
cryptographic_algorithm=attr. cryptographic_algorithm=enums.CryptographicAlgorithm.HMAC_SHA512
CryptographicAlgorithm(enums.CryptographicAlgorithm.HMAC_SHA512)
) )
request_payload = mac.MACRequestPayload( request_payload = mac.MACRequestPayload(
unique_identifier=uuid, unique_identifier=uuid,

13
kmip/tests/unit/services/server/test_engine.py
View File

@ -5157,8 +5157,7 @@ class TestKmipEngine(testtools.TestCase):
uuid = str(obj.unique_identifier) uuid = str(obj.unique_identifier)
cryptographic_parameters = attributes.CryptographicParameters( cryptographic_parameters = attributes.CryptographicParameters(
cryptographic_algorithm=attributes. cryptographic_algorithm=algorithm_b
CryptographicAlgorithm(algorithm_b)
) )
# Verify when cryptographic_parameters is specified in request # Verify when cryptographic_parameters is specified in request
@ -5226,8 +5225,8 @@ class TestKmipEngine(testtools.TestCase):
uuid_no_algorithm = str(obj_no_algorithm.unique_identifier) uuid_no_algorithm = str(obj_no_algorithm.unique_identifier)
cryptographic_parameters = attributes.CryptographicParameters( cryptographic_parameters = attributes.CryptographicParameters(
cryptographic_algorithm=attributes. cryptographic_algorithm=algorithm
CryptographicAlgorithm(algorithm)) )
payload_no_key = mac.MACRequestPayload( payload_no_key = mac.MACRequestPayload(
unique_identifier=attributes.UniqueIdentifier(uuid_no_key), unique_identifier=attributes.UniqueIdentifier(uuid_no_key),
@ -5303,8 +5302,7 @@ class TestKmipEngine(testtools.TestCase):
uuid = str(obj.unique_identifier) uuid = str(obj.unique_identifier)
cryptographic_parameters = attributes.CryptographicParameters( cryptographic_parameters = attributes.CryptographicParameters(
cryptographic_algorithm=attributes. cryptographic_algorithm=algorithm_b
CryptographicAlgorithm(algorithm_b)
) )
# Verify when cryptographic_parameters is specified in request # Verify when cryptographic_parameters is specified in request
@ -5352,8 +5350,7 @@ class TestKmipEngine(testtools.TestCase):
uuid = str(obj.unique_identifier) uuid = str(obj.unique_identifier)
cryptographic_parameters = attributes.CryptographicParameters( cryptographic_parameters = attributes.CryptographicParameters(
cryptographic_algorithm=attributes. cryptographic_algorithm=algorithm_b
CryptographicAlgorithm(algorithm_b)
) )
# Verify when cryptographic_parameters is specified in request # Verify when cryptographic_parameters is specified in request

6
kmip/tests/unit/services/test_kmip_client.py
View File

@ -16,8 +16,7 @@
from testtools import TestCase from testtools import TestCase
from kmip.core.attributes import PrivateKeyUniqueIdentifier from kmip.core.attributes import PrivateKeyUniqueIdentifier
from kmip.core.attributes import CryptographicParameters, \ from kmip.core.attributes import CryptographicParameters
CryptographicAlgorithm
from kmip.core.enums import AuthenticationSuite from kmip.core.enums import AuthenticationSuite
@ -786,8 +785,7 @@ class TestKMIPClient(TestCase):
uuid = '1' uuid = '1'
cryptographic_parameters = CryptographicParameters( cryptographic_parameters = CryptographicParameters(
cryptographic_algorithm=CryptographicAlgorithm( cryptographic_algorithm=CryptographicAlgorithmEnum.HMAC_SHA512
CryptographicAlgorithmEnum.HMAC_SHA512)
) )
self.client._send_message.side_effect = verify_request self.client._send_message.side_effect = verify_request