Systematic restructuring of internal state #208
Conversation
MatthiasValvekens
force-pushed
the
feature/internal-state-systematisation
branch
from
918499b to
f339867
Compare
| cdef CK_VERSION fw_version | ||
|
|
||
| @staticmethod | ||
| cdef Slot make(CK_FUNCTION_LIST *funclist, CK_SLOT_ID slot_id, CK_SLOT_INFO info, tuple cryptoki_version): |
There was a problem hiding this comment.
Using Cython extension types (cdef classes) pretty much forces moving a bunch of state-touching logic from types.py to the Cython layer. It's not too bad, though. API-wise, there's no real breakage for a user that doesn't access any of the Cython internals directly.
| ) | ||
|
|
||
|
|
||
| cdef class OperationContext: |
There was a problem hiding this comment.
This is the main context manager class that monitors operations. There are subtypes for search & crypto ops.
| # All other APIs are taken from the CK_FUNCTION_LIST table | ||
| ctypedef CK_RV (*C_GetFunctionList_ptr) (CK_FUNCTION_LIST **) nogil | ||
|
|
||
| ctypedef CK_RV (*KeyOperationInit) ( |
There was a problem hiding this comment.
Some function pointer typedefs for cryptographic operations. Used in the context manager that deals with sizing buffers for the module, since the logic cares fairly little about what the underlying operations are for, so these typedefs allow for some poor mans' generics...
pkcs11/_pkcs11.pyx
Outdated
| def _encrypt(self, data, | ||
| mechanism=None, mechanism_param=None): | ||
|
|
||
| cdef class KeyOperation(OperationContext): |
There was a problem hiding this comment.
This context manager deals with cryptographic operations and the associated buffer management etc.
| # cancel the operation if still active | ||
| # This is a PKCS#11 3.x feature | ||
| with nogil: | ||
| retval = self.op_init(self.session.handle, NULL, self.key) |
There was a problem hiding this comment.
It's a bit of a shame that this very elegant way of cancelling operations is only available in modules that support version 3.x...
| @requires(pkcs11.Mechanism.AES_KEY_GEN, pkcs11.Mechanism.AES_CBC_PAD) | ||
| # Ideally deleting iterator #1 would terminate the operation, but it | ||
| # currently does not. | ||
| @unittest.expectedFailure |
There was a problem hiding this comment.
This test actually works now :)
MatthiasValvekens
force-pushed
the
feature/internal-state-systematisation
branch
from
f339867 to
89f11a9
Compare
- Needed to get rid of global funclist pointer to make this work. - This required the ability to pass around a C-level pointer between classes (can't do that with Python-level attrs), so a significant part of the Cython classes were reworked into Cython extension types. - Skeletons in types.py no longer hold any attributes or init logic. - Logic to reuse existing loaded libs when possible was preserved.
MatthiasValvekens
force-pushed
the
feature/internal-state-systematisation
branch
from
89f11a9 to
cd1aac3
Compare
Covers search, encryption/decryption, and sign/verify.
MatthiasValvekens
force-pushed
the
feature/internal-state-systematisation
branch
from
cd1aac3 to
09e363d
Compare
2 participants
This is a big refactor intended to clean up the way the library handles internal state a bit (library handles, running operations, etc.).
The main goals were the following:
Challenges faced:
_funclistpointer and passing it around between classes.I ended up rewriting most of the internal Cython types as
cdef classclasses to achieve this, since those classes can have C-level values (including raw pointers) as attributes. I handled the token operation management code similarly.