mirror of
https://github.com/OpenKMIP/PyKMIP.git
synced 2025-07-24 14:34:23 +02:00
Merge pull request #286 from OpenKMIP/feat/update-crypto-param
Updating the CryptographicParameters struct
This commit is contained in:
commit
66f80922f3
@ -13,6 +13,8 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import six
|
||||
|
||||
from kmip.core import enums
|
||||
|
||||
from kmip.core.enums import CertificateTypeEnum
|
||||
@ -24,6 +26,7 @@ from kmip.core.errors import ErrorStrings
|
||||
|
||||
from kmip.core.misc import KeyFormatType
|
||||
|
||||
from kmip.core.primitives import Boolean
|
||||
from kmip.core.primitives import ByteString
|
||||
from kmip.core.primitives import Enumeration
|
||||
from kmip.core.primitives import Integer
|
||||
@ -255,163 +258,468 @@ class HashingAlgorithm(Enumeration):
|
||||
|
||||
|
||||
class CryptographicParameters(Struct):
|
||||
"""
|
||||
A set of values for cryptographic operations.
|
||||
|
||||
class BlockCipherMode(Enumeration):
|
||||
A structure containing optional fields describing certain cryptographic
|
||||
parameters to be used when performing cryptographic operations with the
|
||||
associated KMIP object.
|
||||
"""
|
||||
|
||||
def __init__(self, value=None):
|
||||
super(CryptographicParameters.BlockCipherMode, self).__init__(
|
||||
enums.BlockCipherMode, value, Tags.BLOCK_CIPHER_MODE)
|
||||
|
||||
class PaddingMethod(Enumeration):
|
||||
|
||||
def __init__(self, value=None):
|
||||
super(CryptographicParameters.PaddingMethod, self).__init__(
|
||||
enums.PaddingMethod, value, Tags.PADDING_METHOD)
|
||||
|
||||
class KeyRoleType(Enumeration):
|
||||
|
||||
def __init__(self, value=None):
|
||||
super(CryptographicParameters.KeyRoleType, self).__init__(
|
||||
enums.KeyRoleType, value, Tags.KEY_ROLE_TYPE)
|
||||
|
||||
class DigitalSignatureAlgorithm(Enumeration):
|
||||
|
||||
def __init__(self, value=None):
|
||||
super(CryptographicParameters.DigitalSignatureAlgorithm,
|
||||
self).__init__(enums.DigitalSignatureAlgorithm,
|
||||
value, Tags.DIGITAL_SIGNATURE_ALGORITHM)
|
||||
|
||||
# TODO: Need to implement other fields of CryptographicParameters (3.6)
|
||||
def __init__(self,
|
||||
block_cipher_mode=None,
|
||||
padding_method=None,
|
||||
hashing_algorithm=None,
|
||||
key_role_type=None,
|
||||
digital_signature_algorithm=None,
|
||||
cryptographic_algorithm=None):
|
||||
cryptographic_algorithm=None,
|
||||
random_iv=None,
|
||||
iv_length=None,
|
||||
tag_length=None,
|
||||
fixed_field_length=None,
|
||||
invocation_field_length=None,
|
||||
counter_length=None,
|
||||
initial_counter_value=None):
|
||||
super(CryptographicParameters, self).__init__(
|
||||
tag=Tags.CRYPTOGRAPHIC_PARAMETERS)
|
||||
|
||||
self._block_cipher_mode = None
|
||||
self._padding_method = None
|
||||
self._hashing_algorithm = None
|
||||
self._key_role_type = None
|
||||
self._digital_signature_algorithm = None
|
||||
self._cryptographic_algorithm = None
|
||||
self._random_iv = None
|
||||
self._iv_length = None
|
||||
self._tag_length = None
|
||||
self._fixed_field_length = None
|
||||
self._invocation_field_length = None
|
||||
self._counter_length = None
|
||||
self._initial_counter_value = None
|
||||
|
||||
self.block_cipher_mode = block_cipher_mode
|
||||
self.padding_method = padding_method
|
||||
self.hashing_algorithm = hashing_algorithm
|
||||
self.key_role_type = key_role_type
|
||||
self.digital_signature_algorithm = digital_signature_algorithm
|
||||
self.cryptographic_algorithm = cryptographic_algorithm
|
||||
self.random_iv = random_iv
|
||||
self.iv_length = iv_length
|
||||
self.tag_length = tag_length
|
||||
self.fixed_field_length = fixed_field_length
|
||||
self.invocation_field_length = invocation_field_length
|
||||
self.counter_length = counter_length
|
||||
self.initial_counter_value = initial_counter_value
|
||||
|
||||
@property
|
||||
def block_cipher_mode(self):
|
||||
if self._block_cipher_mode:
|
||||
return self._block_cipher_mode.value
|
||||
else:
|
||||
return None
|
||||
|
||||
@block_cipher_mode.setter
|
||||
def block_cipher_mode(self, value):
|
||||
if value is None:
|
||||
self._block_cipher_mode = None
|
||||
elif isinstance(value, enums.BlockCipherMode):
|
||||
self._block_cipher_mode = Enumeration(
|
||||
enums.BlockCipherMode,
|
||||
value=value,
|
||||
tag=Tags.BLOCK_CIPHER_MODE
|
||||
)
|
||||
else:
|
||||
raise TypeError(
|
||||
"block cipher mode must be a BlockCipherMode enumeration"
|
||||
)
|
||||
|
||||
@property
|
||||
def padding_method(self):
|
||||
if self._padding_method:
|
||||
return self._padding_method.value
|
||||
else:
|
||||
return None
|
||||
|
||||
@padding_method.setter
|
||||
def padding_method(self, value):
|
||||
if value is None:
|
||||
self._padding_method = None
|
||||
elif isinstance(value, enums.PaddingMethod):
|
||||
self._padding_method = Enumeration(
|
||||
enums.PaddingMethod,
|
||||
value=value,
|
||||
tag=Tags.PADDING_METHOD
|
||||
)
|
||||
else:
|
||||
raise TypeError(
|
||||
"padding method must be a PaddingMethod enumeration"
|
||||
)
|
||||
|
||||
@property
|
||||
def hashing_algorithm(self):
|
||||
if self._hashing_algorithm:
|
||||
return self._hashing_algorithm.value
|
||||
else:
|
||||
return None
|
||||
|
||||
@hashing_algorithm.setter
|
||||
def hashing_algorithm(self, value):
|
||||
if value is None:
|
||||
self._hashing_algorithm = None
|
||||
elif isinstance(value, enums.HashingAlgorithm):
|
||||
self._hashing_algorithm = Enumeration(
|
||||
enums.HashingAlgorithm,
|
||||
value=value,
|
||||
tag=Tags.HASHING_ALGORITHM
|
||||
)
|
||||
else:
|
||||
raise TypeError(
|
||||
"hashing algorithm must be a HashingAlgorithm enumeration"
|
||||
)
|
||||
|
||||
@property
|
||||
def key_role_type(self):
|
||||
if self._key_role_type:
|
||||
return self._key_role_type.value
|
||||
else:
|
||||
return None
|
||||
|
||||
@key_role_type.setter
|
||||
def key_role_type(self, value):
|
||||
if value is None:
|
||||
self._key_role_type = None
|
||||
elif isinstance(value, enums.KeyRoleType):
|
||||
self._key_role_type = Enumeration(
|
||||
enums.KeyRoleType,
|
||||
value=value,
|
||||
tag=Tags.KEY_ROLE_TYPE
|
||||
)
|
||||
else:
|
||||
raise TypeError(
|
||||
"key role type must be a KeyRoleType enumeration"
|
||||
)
|
||||
|
||||
@property
|
||||
def digital_signature_algorithm(self):
|
||||
if self._digital_signature_algorithm:
|
||||
return self._digital_signature_algorithm.value
|
||||
else:
|
||||
return None
|
||||
|
||||
@digital_signature_algorithm.setter
|
||||
def digital_signature_algorithm(self, value):
|
||||
if value is None:
|
||||
self._digital_signature_algorithm = None
|
||||
elif isinstance(value, enums.DigitalSignatureAlgorithm):
|
||||
self._digital_signature_algorithm = Enumeration(
|
||||
enums.DigitalSignatureAlgorithm,
|
||||
value=value,
|
||||
tag=Tags.DIGITAL_SIGNATURE_ALGORITHM
|
||||
)
|
||||
else:
|
||||
raise TypeError(
|
||||
"digital signature algorithm must be a "
|
||||
"DigitalSignatureAlgorithm enumeration"
|
||||
)
|
||||
|
||||
@property
|
||||
def cryptographic_algorithm(self):
|
||||
if self._cryptographic_algorithm:
|
||||
return self._cryptographic_algorithm.value
|
||||
else:
|
||||
return None
|
||||
|
||||
@cryptographic_algorithm.setter
|
||||
def cryptographic_algorithm(self, value):
|
||||
if value is None:
|
||||
self._cryptographic_algorithm = None
|
||||
elif isinstance(value, enums.CryptographicAlgorithm):
|
||||
self._cryptographic_algorithm = Enumeration(
|
||||
enums.CryptographicAlgorithm,
|
||||
value=value,
|
||||
tag=Tags.CRYPTOGRAPHIC_ALGORITHM
|
||||
)
|
||||
else:
|
||||
raise TypeError(
|
||||
"cryptographic algorithm must be a CryptographicAlgorithm "
|
||||
"enumeration"
|
||||
)
|
||||
|
||||
@property
|
||||
def random_iv(self):
|
||||
if self._random_iv:
|
||||
return self._random_iv.value
|
||||
else:
|
||||
return None
|
||||
|
||||
@random_iv.setter
|
||||
def random_iv(self, value):
|
||||
if value is None:
|
||||
self._random_iv = None
|
||||
elif isinstance(value, bool):
|
||||
self._random_iv = Boolean(
|
||||
value=value,
|
||||
tag=Tags.RANDOM_IV
|
||||
)
|
||||
else:
|
||||
raise TypeError("random iv must be a boolean")
|
||||
|
||||
@property
|
||||
def iv_length(self):
|
||||
if self._iv_length:
|
||||
return self._iv_length.value
|
||||
else:
|
||||
return None
|
||||
|
||||
@iv_length.setter
|
||||
def iv_length(self, value):
|
||||
if value is None:
|
||||
self._iv_length = None
|
||||
elif isinstance(value, six.integer_types):
|
||||
self._iv_length = Integer(
|
||||
value=value,
|
||||
tag=Tags.IV_LENGTH
|
||||
)
|
||||
else:
|
||||
raise TypeError("iv length must be an integer")
|
||||
|
||||
@property
|
||||
def tag_length(self):
|
||||
if self._tag_length:
|
||||
return self._tag_length.value
|
||||
else:
|
||||
return None
|
||||
|
||||
@tag_length.setter
|
||||
def tag_length(self, value):
|
||||
if value is None:
|
||||
self._tag_length = None
|
||||
elif isinstance(value, six.integer_types):
|
||||
self._tag_length = Integer(
|
||||
value=value,
|
||||
tag=Tags.TAG_LENGTH
|
||||
)
|
||||
else:
|
||||
raise TypeError("tag length must be an integer")
|
||||
|
||||
@property
|
||||
def fixed_field_length(self):
|
||||
if self._fixed_field_length:
|
||||
return self._fixed_field_length.value
|
||||
else:
|
||||
return None
|
||||
|
||||
@fixed_field_length.setter
|
||||
def fixed_field_length(self, value):
|
||||
if value is None:
|
||||
self._fixed_field_length = None
|
||||
elif isinstance(value, six.integer_types):
|
||||
self._fixed_field_length = Integer(
|
||||
value=value,
|
||||
tag=Tags.FIXED_FIELD_LENGTH
|
||||
)
|
||||
else:
|
||||
raise TypeError("fixed field length must be an integer")
|
||||
|
||||
@property
|
||||
def invocation_field_length(self):
|
||||
if self._invocation_field_length:
|
||||
return self._invocation_field_length.value
|
||||
else:
|
||||
return None
|
||||
|
||||
@invocation_field_length.setter
|
||||
def invocation_field_length(self, value):
|
||||
if value is None:
|
||||
self._invocation_field_length = None
|
||||
elif isinstance(value, six.integer_types):
|
||||
self._invocation_field_length = Integer(
|
||||
value=value,
|
||||
tag=Tags.INVOCATION_FIELD_LENGTH
|
||||
)
|
||||
else:
|
||||
raise TypeError("invocation field length must be an integer")
|
||||
|
||||
@property
|
||||
def counter_length(self):
|
||||
if self._counter_length:
|
||||
return self._counter_length.value
|
||||
else:
|
||||
return None
|
||||
|
||||
@counter_length.setter
|
||||
def counter_length(self, value):
|
||||
if value is None:
|
||||
self._counter_length = None
|
||||
elif isinstance(value, six.integer_types):
|
||||
self._counter_length = Integer(
|
||||
value=value,
|
||||
tag=Tags.COUNTER_LENGTH
|
||||
)
|
||||
else:
|
||||
raise TypeError("counter length must be an integer")
|
||||
|
||||
@property
|
||||
def initial_counter_value(self):
|
||||
if self._initial_counter_value:
|
||||
return self._initial_counter_value.value
|
||||
else:
|
||||
return None
|
||||
|
||||
@initial_counter_value.setter
|
||||
def initial_counter_value(self, value):
|
||||
if value is None:
|
||||
self._initial_counter_value = None
|
||||
elif isinstance(value, six.integer_types):
|
||||
self._initial_counter_value = Integer(
|
||||
value=value,
|
||||
tag=Tags.INITIAL_COUNTER_VALUE
|
||||
)
|
||||
else:
|
||||
raise TypeError("initial counter value must be an integer")
|
||||
|
||||
def read(self, istream):
|
||||
super(CryptographicParameters, self).read(istream)
|
||||
tstream = BytearrayStream(istream.read(self.length))
|
||||
|
||||
if self.is_tag_next(Tags.BLOCK_CIPHER_MODE, tstream):
|
||||
self.block_cipher_mode = CryptographicParameters.BlockCipherMode()
|
||||
self.block_cipher_mode.read(tstream)
|
||||
self._block_cipher_mode = Enumeration(
|
||||
enums.BlockCipherMode,
|
||||
tag=Tags.BLOCK_CIPHER_MODE
|
||||
)
|
||||
self._block_cipher_mode.read(tstream)
|
||||
|
||||
if self.is_tag_next(Tags.PADDING_METHOD, tstream):
|
||||
self.padding_method = CryptographicParameters.PaddingMethod()
|
||||
self.padding_method.read(tstream)
|
||||
self._padding_method = Enumeration(
|
||||
enums.PaddingMethod,
|
||||
tag=Tags.PADDING_METHOD
|
||||
)
|
||||
self._padding_method.read(tstream)
|
||||
|
||||
if self.is_tag_next(Tags.HASHING_ALGORITHM, tstream):
|
||||
self.hashing_algorithm = HashingAlgorithm()
|
||||
self.hashing_algorithm.read(tstream)
|
||||
self._hashing_algorithm = Enumeration(
|
||||
enums.HashingAlgorithm,
|
||||
tag=Tags.HASHING_ALGORITHM
|
||||
)
|
||||
self._hashing_algorithm.read(tstream)
|
||||
|
||||
if self.is_tag_next(Tags.KEY_ROLE_TYPE, tstream):
|
||||
self.key_role_type = CryptographicParameters.KeyRoleType()
|
||||
self.key_role_type.read(tstream)
|
||||
self._key_role_type = Enumeration(
|
||||
enums.KeyRoleType,
|
||||
tag=Tags.KEY_ROLE_TYPE
|
||||
)
|
||||
self._key_role_type.read(tstream)
|
||||
|
||||
if self.is_tag_next(Tags.DIGITAL_SIGNATURE_ALGORITHM, tstream):
|
||||
self.digital_signature_algorithm = \
|
||||
CryptographicParameters.DigitalSignatureAlgorithm()
|
||||
self.digital_signature_algorithm.read(tstream)
|
||||
self._digital_signature_algorithm = Enumeration(
|
||||
enums.DigitalSignatureAlgorithm,
|
||||
tag=Tags.DIGITAL_SIGNATURE_ALGORITHM
|
||||
)
|
||||
self._digital_signature_algorithm.read(tstream)
|
||||
|
||||
if self.is_tag_next(Tags.CRYPTOGRAPHIC_ALGORITHM, tstream):
|
||||
self.cryptographic_algorithm = CryptographicAlgorithm()
|
||||
self.cryptographic_algorithm.read(tstream)
|
||||
self._cryptographic_algorithm = Enumeration(
|
||||
enums.CryptographicAlgorithm,
|
||||
tag=Tags.CRYPTOGRAPHIC_ALGORITHM
|
||||
)
|
||||
self._cryptographic_algorithm.read(tstream)
|
||||
|
||||
if self.is_tag_next(Tags.RANDOM_IV, tstream):
|
||||
self._random_iv = Boolean(tag=Tags.RANDOM_IV)
|
||||
self._random_iv.read(tstream)
|
||||
|
||||
if self.is_tag_next(Tags.IV_LENGTH, tstream):
|
||||
self._iv_length = Integer(tag=Tags.IV_LENGTH)
|
||||
self._iv_length.read(tstream)
|
||||
|
||||
if self.is_tag_next(Tags.TAG_LENGTH, tstream):
|
||||
self._tag_length = Integer(tag=Tags.TAG_LENGTH)
|
||||
self._tag_length.read(tstream)
|
||||
|
||||
if self.is_tag_next(Tags.FIXED_FIELD_LENGTH, tstream):
|
||||
self._fixed_field_length = Integer(tag=Tags.FIXED_FIELD_LENGTH)
|
||||
self._fixed_field_length.read(tstream)
|
||||
|
||||
if self.is_tag_next(Tags.INVOCATION_FIELD_LENGTH, tstream):
|
||||
self._invocation_field_length = Integer(
|
||||
tag=Tags.INVOCATION_FIELD_LENGTH
|
||||
)
|
||||
self._invocation_field_length.read(tstream)
|
||||
|
||||
if self.is_tag_next(Tags.COUNTER_LENGTH, tstream):
|
||||
self._counter_length = Integer(tag=Tags.COUNTER_LENGTH)
|
||||
self._counter_length.read(tstream)
|
||||
|
||||
if self.is_tag_next(Tags.INITIAL_COUNTER_VALUE, tstream):
|
||||
self._initial_counter_value = Integer(
|
||||
tag=Tags.INITIAL_COUNTER_VALUE
|
||||
)
|
||||
self._initial_counter_value.read(tstream)
|
||||
|
||||
self.is_oversized(tstream)
|
||||
self.validate()
|
||||
|
||||
def write(self, ostream):
|
||||
tstream = BytearrayStream()
|
||||
|
||||
# Write the contents of the request payload
|
||||
if self.block_cipher_mode is not None:
|
||||
self.block_cipher_mode.write(tstream)
|
||||
if self.padding_method is not None:
|
||||
self.padding_method.write(tstream)
|
||||
if self.hashing_algorithm is not None:
|
||||
self.hashing_algorithm.write(tstream)
|
||||
if self.key_role_type is not None:
|
||||
self.key_role_type.write(tstream)
|
||||
if self.digital_signature_algorithm is not None:
|
||||
self.digital_signature_algorithm.write(tstream)
|
||||
if self.cryptographic_algorithm is not None:
|
||||
self.cryptographic_algorithm.write(tstream)
|
||||
if self._block_cipher_mode:
|
||||
self._block_cipher_mode.write(tstream)
|
||||
if self._padding_method:
|
||||
self._padding_method.write(tstream)
|
||||
if self._hashing_algorithm:
|
||||
self._hashing_algorithm.write(tstream)
|
||||
if self._key_role_type:
|
||||
self._key_role_type.write(tstream)
|
||||
if self._digital_signature_algorithm:
|
||||
self._digital_signature_algorithm.write(tstream)
|
||||
if self._cryptographic_algorithm:
|
||||
self._cryptographic_algorithm.write(tstream)
|
||||
if self._random_iv:
|
||||
self._random_iv.write(tstream)
|
||||
if self._iv_length:
|
||||
self._iv_length.write(tstream)
|
||||
if self._tag_length:
|
||||
self._tag_length.write(tstream)
|
||||
if self._fixed_field_length:
|
||||
self._fixed_field_length.write(tstream)
|
||||
if self._invocation_field_length:
|
||||
self._invocation_field_length.write(tstream)
|
||||
if self._counter_length:
|
||||
self._counter_length.write(tstream)
|
||||
if self._initial_counter_value:
|
||||
self._initial_counter_value.write(tstream)
|
||||
|
||||
# Write the length and value of the request payload
|
||||
self.length = tstream.length()
|
||||
super(CryptographicParameters, self).write(ostream)
|
||||
ostream.write(tstream.buffer)
|
||||
|
||||
def validate(self):
|
||||
self.__validate()
|
||||
|
||||
def __validate(self):
|
||||
if self.block_cipher_mode is not None:
|
||||
if not isinstance(self.block_cipher_mode, self.BlockCipherMode):
|
||||
msg = "Invalid block cipher mode"
|
||||
msg += "; expected {0}, received {1}".format(
|
||||
self.BlockCipherMode, self.block_cipher_mode)
|
||||
raise TypeError(msg)
|
||||
if self.padding_method is not None:
|
||||
if not isinstance(self.padding_method, self.PaddingMethod):
|
||||
msg = "Invalid padding method"
|
||||
msg += "; expected {0}, received {1}".format(
|
||||
self.PaddingMethod, self.padding_method)
|
||||
raise TypeError(msg)
|
||||
if self.hashing_algorithm is not None:
|
||||
if not isinstance(self.hashing_algorithm, HashingAlgorithm):
|
||||
msg = "Invalid hashing algorithm"
|
||||
msg += "; expected {0}, received {1}".format(
|
||||
HashingAlgorithm, self.hashing_algorithm)
|
||||
raise TypeError(msg)
|
||||
if self.key_role_type is not None:
|
||||
if not isinstance(self.key_role_type, self.KeyRoleType):
|
||||
msg = "Invalid key role type"
|
||||
msg += "; expected {0}, received {1}".format(
|
||||
self.KeyRoleType, self.key_role_type)
|
||||
raise TypeError(msg)
|
||||
if self.digital_signature_algorithm is not None:
|
||||
if not isinstance(
|
||||
self.digital_signature_algorithm,
|
||||
CryptographicParameters.DigitalSignatureAlgorithm
|
||||
):
|
||||
msg = "Invalid digital signature algorithm"
|
||||
msg += "; expected {0}, received {1}".format(
|
||||
CryptographicParameters.DigitalSignatureAlgorithm,
|
||||
self.digital_signature_algorithm)
|
||||
raise TypeError(msg)
|
||||
if self.cryptographic_algorithm is not None:
|
||||
if not isinstance(self.cryptographic_algorithm,
|
||||
CryptographicAlgorithm):
|
||||
msg = "Invalid cryptograhic algorithm"
|
||||
msg += "; expected {0}, received {1}".format(
|
||||
CryptographicAlgorithm, self.cryptographic_algorithm)
|
||||
raise TypeError(msg)
|
||||
|
||||
def __eq__(self, other):
|
||||
if isinstance(other, CryptographicParameters):
|
||||
if self.block_cipher_mode != other.block_cipher_mode:
|
||||
return False
|
||||
elif self.key_role_type != other.key_role_type:
|
||||
elif self.padding_method != other.padding_method:
|
||||
return False
|
||||
elif self.hashing_algorithm != other.hashing_algorithm:
|
||||
return False
|
||||
elif self.key_role_type != other.key_role_type:
|
||||
return False
|
||||
elif self.digital_signature_algorithm \
|
||||
!= other.digital_signature_algorithm:
|
||||
return False
|
||||
elif self.cryptographic_algorithm != other.cryptographic_algorithm:
|
||||
return False
|
||||
elif self.padding_method != other.padding_method:
|
||||
elif self.random_iv != other.random_iv:
|
||||
return False
|
||||
elif self.iv_length != other.iv_length:
|
||||
return False
|
||||
elif self.tag_length != other.tag_length:
|
||||
return False
|
||||
elif self.fixed_field_length != other.fixed_field_length:
|
||||
return False
|
||||
elif self.invocation_field_length != other.invocation_field_length:
|
||||
return False
|
||||
elif self.counter_length != other.counter_length:
|
||||
return False
|
||||
elif self.initial_counter_value != other.initial_counter_value:
|
||||
return False
|
||||
else:
|
||||
return True
|
||||
@ -422,6 +730,47 @@ class CryptographicParameters(Struct):
|
||||
else:
|
||||
return NotImplemented
|
||||
|
||||
def __repr__(self):
|
||||
args = ", ".join([
|
||||
"block_cipher_mode={0}".format(self.block_cipher_mode),
|
||||
"padding_method={0}".format(self.padding_method),
|
||||
"hashing_algorithm={0}".format(self.hashing_algorithm),
|
||||
"key_role_type={0}".format(self.key_role_type),
|
||||
"digital_signature_algorithm={0}".format(
|
||||
self.digital_signature_algorithm
|
||||
),
|
||||
"cryptographic_algorithm={0}".format(
|
||||
self.cryptographic_algorithm
|
||||
),
|
||||
"random_iv={0}".format(self.random_iv),
|
||||
"iv_length={0}".format(self.iv_length),
|
||||
"tag_length={0}".format(self.tag_length),
|
||||
"fixed_field_length={0}".format(self.fixed_field_length),
|
||||
"invocation_field_length={0}".format(
|
||||
self.invocation_field_length
|
||||
),
|
||||
"counter_length={0}".format(self.counter_length),
|
||||
"initial_counter_value={0}".format(self.initial_counter_value)
|
||||
])
|
||||
return "CryptographicParameters({0})".format(args)
|
||||
|
||||
def __str__(self):
|
||||
return str({
|
||||
'block_cipher_mode': self.block_cipher_mode,
|
||||
'padding_method': self.padding_method,
|
||||
'hashing_algorithm': self.hashing_algorithm,
|
||||
'key_role_type': self.key_role_type,
|
||||
'digital_signature_algorithm': self.digital_signature_algorithm,
|
||||
'cryptographic_algorithm': self.cryptographic_algorithm,
|
||||
'random_iv': self.random_iv,
|
||||
'iv_length': self.iv_length,
|
||||
'tag_length': self.tag_length,
|
||||
'fixed_field_length': self.fixed_field_length,
|
||||
'invocation_field_length': self.invocation_field_length,
|
||||
'counter_length': self.counter_length,
|
||||
'initial_counter_value': self.initial_counter_value
|
||||
})
|
||||
|
||||
|
||||
class CertificateType(Enumeration):
|
||||
"""
|
||||
|
@ -136,52 +136,39 @@ class AttributeValueFactory(object):
|
||||
return attributes.CryptographicLength(length)
|
||||
|
||||
def _create_cryptographic_parameters(self, params):
|
||||
bcm = None
|
||||
padding_method = None
|
||||
hashing_algorithm = None
|
||||
key_role_type = None
|
||||
digital_signature_algorithm = None
|
||||
cryptographic_algorithm = None
|
||||
# TODO: Need to implement other fields of CryptographicParameters (3.6)
|
||||
if params is None:
|
||||
params = {}
|
||||
|
||||
if params is not None:
|
||||
|
||||
if 'block_cipher_mode' in params:
|
||||
bcm = attributes.CryptographicParameters.BlockCipherMode(
|
||||
params.get('block_cipher_mode'))
|
||||
|
||||
padding_method = None
|
||||
if 'padding_method' in params:
|
||||
padding_method = attributes.CryptographicParameters. \
|
||||
PaddingMethod(params.get('padding_method'))
|
||||
|
||||
key_role_type = None
|
||||
if 'key_role_type' in params:
|
||||
key_role_type = attributes.CryptographicParameters.KeyRoleType(
|
||||
params.get('key_role_type'))
|
||||
|
||||
hashing_algorithm = None
|
||||
if 'hashing_algorithm' in params:
|
||||
hashing_algorithm = attributes.HashingAlgorithm(
|
||||
params.get("hashing_algorithm"))
|
||||
|
||||
if 'digital_signature_algorithm' in params:
|
||||
digital_signature_algorithm = \
|
||||
attributes.CryptographicParameters. \
|
||||
DigitalSignatureAlgorithm(
|
||||
params.get("digital_signature_algorithm"))
|
||||
|
||||
if 'cryptographic_algorithm' in params:
|
||||
cryptographic_algorithm = attributes.CryptographicAlgorithm(
|
||||
params.get("cryptographic_algorithm"))
|
||||
|
||||
return attributes.CryptographicParameters(
|
||||
block_cipher_mode=bcm,
|
||||
padding_method=padding_method,
|
||||
hashing_algorithm=hashing_algorithm,
|
||||
key_role_type=key_role_type,
|
||||
digital_signature_algorithm=digital_signature_algorithm,
|
||||
cryptographic_algorithm=cryptographic_algorithm)
|
||||
if isinstance(params, dict):
|
||||
return attributes.CryptographicParameters(
|
||||
block_cipher_mode=params.get('block_cipher_mode', None),
|
||||
padding_method=params.get('padding_method', None),
|
||||
hashing_algorithm=params.get('hashing_algorithm', None),
|
||||
key_role_type=params.get('key_role_type', None),
|
||||
digital_signature_algorithm=params.get(
|
||||
'digital_signature_algorithm',
|
||||
None
|
||||
),
|
||||
cryptographic_algorithm=params.get(
|
||||
'cryptographic_algorithm',
|
||||
None
|
||||
),
|
||||
random_iv=params.get('random_iv', None),
|
||||
iv_length=params.get('iv_length', None),
|
||||
tag_length=params.get('tag_length', None),
|
||||
fixed_field_length=params.get('fixed_field_length', None),
|
||||
invocation_field_length=params.get(
|
||||
'invocation_field_length',
|
||||
None
|
||||
),
|
||||
counter_length=params.get('counter_length', None),
|
||||
initial_counter_value=params.get(
|
||||
'initial_counter_value',
|
||||
None
|
||||
)
|
||||
)
|
||||
else:
|
||||
raise TypeError("cryptographic parameters must be a dict")
|
||||
|
||||
def _create_cryptographic_usage_mask(self, flags):
|
||||
mask = None
|
||||
|
@ -22,8 +22,7 @@ from kmip.core import objects as cobjects
|
||||
|
||||
from kmip.core.factories import attributes
|
||||
|
||||
from kmip.core.attributes import CryptographicParameters, \
|
||||
CryptographicAlgorithm
|
||||
from kmip.core.attributes import CryptographicParameters
|
||||
|
||||
from kmip.pie import api
|
||||
from kmip.pie import exceptions
|
||||
@ -687,7 +686,8 @@ class ProxyKmipClient(api.KmipClient):
|
||||
raise exceptions.ClientConnectionNotOpen()
|
||||
|
||||
parameters_attribute = CryptographicParameters(
|
||||
cryptographic_algorithm=CryptographicAlgorithm(algorithm))
|
||||
cryptographic_algorithm=algorithm
|
||||
)
|
||||
|
||||
# Get the message authentication code and handle the results
|
||||
result = self.proxy.mac(data, uid, parameters_attribute)
|
||||
|
@ -1700,7 +1700,7 @@ class KmipEngine(object):
|
||||
if (payload.cryptographic_parameters and
|
||||
payload.cryptographic_parameters.cryptographic_algorithm):
|
||||
algorithm = \
|
||||
payload.cryptographic_parameters.cryptographic_algorithm.value
|
||||
payload.cryptographic_parameters.cryptographic_algorithm
|
||||
elif (isinstance(managed_object, objects.Key) and
|
||||
managed_object.cryptographic_algorithm):
|
||||
algorithm = managed_object.cryptographic_algorithm
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -93,35 +93,55 @@ class TestAttributeValueFactory(testtools.TestCase):
|
||||
'digital_signature_algorithm':
|
||||
enums.DigitalSignatureAlgorithm.ECDSA_WITH_SHA512,
|
||||
'cryptographic_algorithm':
|
||||
enums.CryptographicAlgorithm.HMAC_SHA512}
|
||||
params = self.factory.create_attribute_value(
|
||||
enums.AttributeType.CRYPTOGRAPHIC_PARAMETERS, value)
|
||||
enums.CryptographicAlgorithm.HMAC_SHA512,
|
||||
'random_iv': True,
|
||||
'iv_length': 96,
|
||||
'tag_length': None,
|
||||
'fixed_field_length': 32,
|
||||
'invocation_field_length': 64,
|
||||
'counter_length': None,
|
||||
'initial_counter_value': 1
|
||||
}
|
||||
cryptographic_parameters = self.factory.create_attribute_value(
|
||||
enums.AttributeType.CRYPTOGRAPHIC_PARAMETERS,
|
||||
value
|
||||
)
|
||||
|
||||
# TODO (peter-hamilton): Update assertEquals after structure changes
|
||||
self.assertIsInstance(params, attributes.CryptographicParameters)
|
||||
self.assertIsInstance(
|
||||
cryptographic_parameters,
|
||||
attributes.CryptographicParameters
|
||||
)
|
||||
self.assertEqual(
|
||||
attributes.CryptographicParameters.BlockCipherMode(
|
||||
enums.BlockCipherMode.NIST_KEY_WRAP),
|
||||
params.block_cipher_mode)
|
||||
enums.BlockCipherMode.NIST_KEY_WRAP,
|
||||
cryptographic_parameters.block_cipher_mode
|
||||
)
|
||||
self.assertEqual(
|
||||
attributes.CryptographicParameters.PaddingMethod(
|
||||
enums.PaddingMethod.ANSI_X9_23),
|
||||
params.padding_method)
|
||||
enums.PaddingMethod.ANSI_X9_23,
|
||||
cryptographic_parameters.padding_method
|
||||
)
|
||||
self.assertEqual(
|
||||
attributes.CryptographicParameters.KeyRoleType(
|
||||
enums.KeyRoleType.KEK),
|
||||
params.key_role_type)
|
||||
enums.KeyRoleType.KEK,
|
||||
cryptographic_parameters.key_role_type
|
||||
)
|
||||
self.assertEqual(
|
||||
attributes.HashingAlgorithm(enums.HashingAlgorithm.SHA_512),
|
||||
params.hashing_algorithm)
|
||||
enums.HashingAlgorithm.SHA_512,
|
||||
cryptographic_parameters.hashing_algorithm
|
||||
)
|
||||
self.assertEqual(
|
||||
attributes.CryptographicParameters.DigitalSignatureAlgorithm(
|
||||
enums.DigitalSignatureAlgorithm.ECDSA_WITH_SHA512),
|
||||
params.digital_signature_algorithm)
|
||||
enums.DigitalSignatureAlgorithm.ECDSA_WITH_SHA512,
|
||||
cryptographic_parameters.digital_signature_algorithm
|
||||
)
|
||||
self.assertEqual(
|
||||
attributes.CryptographicAlgorithm(
|
||||
enums.CryptographicAlgorithm.HMAC_SHA512),
|
||||
params.cryptographic_algorithm)
|
||||
enums.CryptographicAlgorithm.HMAC_SHA512,
|
||||
cryptographic_parameters.cryptographic_algorithm
|
||||
)
|
||||
self.assertEqual(True, cryptographic_parameters.random_iv)
|
||||
self.assertEqual(96, cryptographic_parameters.iv_length)
|
||||
self.assertEqual(None, cryptographic_parameters.tag_length)
|
||||
self.assertEqual(32, cryptographic_parameters.fixed_field_length)
|
||||
self.assertEqual(64, cryptographic_parameters.invocation_field_length)
|
||||
self.assertEqual(None, cryptographic_parameters.counter_length)
|
||||
self.assertEqual(1, cryptographic_parameters.initial_counter_value)
|
||||
|
||||
def test_create_cryptographic_domain_parameters(self):
|
||||
"""
|
||||
|
@ -31,8 +31,8 @@ class TestMACRequestPayload(TestCase):
|
||||
self.unique_identifier = attributes.UniqueIdentifier(value='1')
|
||||
self.cryptographic_parameters = \
|
||||
attributes.CryptographicParameters(
|
||||
cryptographic_algorithm=attributes.CryptographicAlgorithm(
|
||||
enums.CryptographicAlgorithm.HMAC_SHA512)
|
||||
cryptographic_algorithm=enums.CryptographicAlgorithm.
|
||||
HMAC_SHA512
|
||||
)
|
||||
self.data = objects.Data(
|
||||
value=(b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B'
|
||||
|
@ -1077,13 +1077,13 @@ class TestRequestMessage(TestCase):
|
||||
cryptographic_algorithm = parameters_attribute.cryptographic_algorithm
|
||||
msg = "Bad cryptographic algorithm type: expected {0}, received {1}"
|
||||
self.assertIsInstance(cryptographic_algorithm,
|
||||
attr.CryptographicAlgorithm,
|
||||
msg.format(attr.CryptographicAlgorithm,
|
||||
enums.CryptographicAlgorithm,
|
||||
msg.format(enums.CryptographicAlgorithm,
|
||||
type(cryptographic_algorithm)))
|
||||
msg = "Bad cryptographic algorithm value: expected {0}, received {1}"
|
||||
self.assertEquals(cryptographic_algorithm.value,
|
||||
self.assertEquals(cryptographic_algorithm,
|
||||
enums.CryptographicAlgorithm.HMAC_SHA512,
|
||||
msg.format(cryptographic_algorithm.value,
|
||||
msg.format(cryptographic_algorithm,
|
||||
enums.CryptographicAlgorithm.HMAC_SHA512))
|
||||
|
||||
data = request_payload.data
|
||||
@ -1114,8 +1114,7 @@ class TestRequestMessage(TestCase):
|
||||
b'\x0C\x0D\x0E\x0F')
|
||||
)
|
||||
parameters_attribute = attr.CryptographicParameters(
|
||||
cryptographic_algorithm=attr.
|
||||
CryptographicAlgorithm(enums.CryptographicAlgorithm.HMAC_SHA512)
|
||||
cryptographic_algorithm=enums.CryptographicAlgorithm.HMAC_SHA512
|
||||
)
|
||||
request_payload = mac.MACRequestPayload(
|
||||
unique_identifier=uuid,
|
||||
|
@ -5157,8 +5157,7 @@ class TestKmipEngine(testtools.TestCase):
|
||||
uuid = str(obj.unique_identifier)
|
||||
|
||||
cryptographic_parameters = attributes.CryptographicParameters(
|
||||
cryptographic_algorithm=attributes.
|
||||
CryptographicAlgorithm(algorithm_b)
|
||||
cryptographic_algorithm=algorithm_b
|
||||
)
|
||||
|
||||
# Verify when cryptographic_parameters is specified in request
|
||||
@ -5226,8 +5225,8 @@ class TestKmipEngine(testtools.TestCase):
|
||||
uuid_no_algorithm = str(obj_no_algorithm.unique_identifier)
|
||||
|
||||
cryptographic_parameters = attributes.CryptographicParameters(
|
||||
cryptographic_algorithm=attributes.
|
||||
CryptographicAlgorithm(algorithm))
|
||||
cryptographic_algorithm=algorithm
|
||||
)
|
||||
|
||||
payload_no_key = mac.MACRequestPayload(
|
||||
unique_identifier=attributes.UniqueIdentifier(uuid_no_key),
|
||||
@ -5303,8 +5302,7 @@ class TestKmipEngine(testtools.TestCase):
|
||||
uuid = str(obj.unique_identifier)
|
||||
|
||||
cryptographic_parameters = attributes.CryptographicParameters(
|
||||
cryptographic_algorithm=attributes.
|
||||
CryptographicAlgorithm(algorithm_b)
|
||||
cryptographic_algorithm=algorithm_b
|
||||
)
|
||||
|
||||
# Verify when cryptographic_parameters is specified in request
|
||||
@ -5352,8 +5350,7 @@ class TestKmipEngine(testtools.TestCase):
|
||||
uuid = str(obj.unique_identifier)
|
||||
|
||||
cryptographic_parameters = attributes.CryptographicParameters(
|
||||
cryptographic_algorithm=attributes.
|
||||
CryptographicAlgorithm(algorithm_b)
|
||||
cryptographic_algorithm=algorithm_b
|
||||
)
|
||||
|
||||
# Verify when cryptographic_parameters is specified in request
|
||||
|
@ -16,8 +16,7 @@
|
||||
from testtools import TestCase
|
||||
|
||||
from kmip.core.attributes import PrivateKeyUniqueIdentifier
|
||||
from kmip.core.attributes import CryptographicParameters, \
|
||||
CryptographicAlgorithm
|
||||
from kmip.core.attributes import CryptographicParameters
|
||||
|
||||
|
||||
from kmip.core.enums import AuthenticationSuite
|
||||
@ -786,8 +785,7 @@ class TestKMIPClient(TestCase):
|
||||
uuid = '1'
|
||||
|
||||
cryptographic_parameters = CryptographicParameters(
|
||||
cryptographic_algorithm=CryptographicAlgorithm(
|
||||
CryptographicAlgorithmEnum.HMAC_SHA512)
|
||||
cryptographic_algorithm=CryptographicAlgorithmEnum.HMAC_SHA512
|
||||
)
|
||||
|
||||
self.client._send_message.side_effect = verify_request
|
||||
|
Loading…
x
Reference in New Issue
Block a user