Skip to content

Commit

Permalink
py3: softhsm key_id must be bytes
Browse files Browse the repository at this point in the history 
softhsm works with bytes, so key_id must be byte otherwise we get errors
from bytes and string comparison

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Jan Cholasta <[email protected]>
Reviewed-By: Stanislav Laznicka <[email protected]>
  • Loading branch information
@MartinBasti
MartinBasti committed Jun 1, 2017
1 parent 27f8f9f commit d7a9e81
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 5 deletions.
5 changes: 1 addition & 4 deletions ipaserver/install/dnskeysyncinstance.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@
import os
import pwd
import grp
import random
import shutil
import stat

Expand Down Expand Up @@ -282,9 +281,7 @@ def __setup_replica_keys(self):
key_id = None
while True:
# check if key with this ID exist in softHSM
# id is 16 Bytes long
key_id = "".join(chr(random.randint(0, 255))
for _ in range(0, 16))
key_id = _ipap11helper.gen_key_id()
replica_pubkey_dn = DN(('ipk11UniqueId', 'autogenerate'), dn_base)


Expand Down
15 changes: 14 additions & 1 deletion ipaserver/p11helper.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
import random
import ctypes.util
import binascii
import struct

import six
from cryptography.hazmat.backends import default_backend
Expand Down Expand Up @@ -1824,6 +1825,18 @@ def get_attribute(self, key_object, attr):
MECH_AES_KEY_WRAP_PAD = CKM_AES_KEY_WRAP_PAD


def gen_key_id(key_id_len=16):
"""
Generate random softhsm KEY_ID
:param key_id_len: this should be 16
:return: random softhsm KEY_ID in bytes representation
"""
return struct.pack(
"B" * key_id_len, # key_id must be bytes
*(random.randint(0, 255) for _ in range(key_id_len))
)


def generate_master_key(p11, keylabel=u"dnssec-master", key_length=16,
disable_old_keys=True):
assert isinstance(p11, P11_Helper)
Expand All @@ -1832,7 +1845,7 @@ def generate_master_key(p11, keylabel=u"dnssec-master", key_length=16,
while True:
# check if key with this ID exist in LDAP or softHSM
# id is 16 Bytes long
key_id = "".join(chr(random.randint(0, 255)) for _ in range(0, 16))
key_id = gen_key_id()
keys = p11.find_keys(KEY_CLASS_SECRET_KEY,
label=keylabel,
id=key_id)
Expand Down

0 comments on commit d7a9e81

Please sign in to comment.