search

ThalesGroup / pycryptoki

Python interface to SafeNet's PKCS11 library implementation
Apache License 2.0
58 stars 22 forks source link

Update helpers.py to allow CHRYSTOKI_DLL_FILE override #36

Closed brice-fr closed 1 year ago

brice-fr commented 1 year ago

CHRYSTOKI_DLL_FILE is defined in pycryptoki.defaults but could in theory be overriden with a full library (.dll or .so) path to the PKCS11 module. This commit will allow to take into account a new assignement of defaults.CHRYSTOKI_DLL_FILE done before importing session_management.c_initialize_ex

astraw38 commented 1 year ago

Hi @brice-fr ,

I believe this is already supported under lines 54-58:

    if CHRYSTOKI_DLL_FILE is not None:
        # Use this value for the location of the DLL
        dll_path = CHRYSTOKI_DLL_FILE
        LOG.debug("Using DLL Path from defaults.py: %s", dll_path)
        return dll_path

However, I'm not opposed to allowing the DLL/.SO to be set directly from environment variables, rather than needing to modify defaults.py (or read in a Chrystoki.conf file). Modifying the source like that is rather awkward.

brice-fr commented 1 year ago

Indeed you are right @astraw38, I got confused in my testing (where I was trying to override the defaults value from the code). Actually the actual code (I re-installed) works well if the defaults value is replaced at the proper location in the main script (before importing pycryptoki.session_management) like for example below (the DLL is not the good one, I know...) :

`import logging

logging.basicConfig(level=logging.DEBUG)

LOG = logging.getLogger(name)

LOG.debug("Importing pycryptoki") import pycryptoki

LOG.debug("Overriding defaults.CHRYSTOKI_DLL_FILE") from pycryptoki import defaults defaults.CHRYSTOKI_DLL_FILE = "C:\Progra~1\SafeNet\Authentication\SAC\x64\IDPrimePKCS1164.dll"

LOG.debug("Importing pycryptoki.session_management") from pycryptoki.session_management import *

from pycryptoki.cryptoki.helpers import CryptokiDLLSingleton

c_initialize_ex()

from pycryptoki.cryptoki import CK_VERSION print("Library Info") print('└','DLL Path',CryptokiDLLSingleton().get_dll()._name) LibraryInfo = c_get_info_ex() for key, value in LibraryInfo.items(): if isinstance(value, (bytes, bytearray)): print('└',key, ':', value.decode('utf-8').rstrip('\x08').rstrip('\x0a')) elif isinstance(value, CK_VERSION): print('└',key, ':',str(value.major)+'.'+str(value.minor)) else: print('└',key, ':', value)

c_finalize_ex()`

Being able to set DLL/.SO directly from environment variables in a similar way as the conf file would indeed be another nice option. I may rework on that.

astraw38 commented 1 year ago

I forgot that I added an override via envvar a while back:

            #  depends on different product, lib path could be configured by pointing to path, or stored in a file
            dll_path = os.environ.get(CRYSTOKI_CONF_DLL, parse_chrystoki_conf())

So you should be able to set that envvar to completely bypass the Chrystoki.conf/ini.