Pycryptoki¶

Overview¶

Pycryptoki is an open-source Python wrapper around Safenet’s C PKCS11 library. Using python’s ctypes library, we can simplify memory management, and provide easy, pythonic access to a PKCS11 shared library.

The primary function of pycryptoki is to simplify PKCS11 calls. Rather than needing to calculate data sizes, buffers, or other low-level memory manipulation, you simply need to pass in data.

It’s highly recommended that you have the PKCS11 documentation handy, as pycryptoki uses that as the underlying C interface. Session management, object management, and other concepts are unchanged from PKCS11.

from pycryptoki.default_templates import *
from pycryptoki.defines import *
from pycryptoki.key_generator import *
from pycryptoki.session_management import *


c_initialize_ex()
auth_session = c_open_session_ex(0)   # HSM slot # in this example is 0
login_ex(auth_session, 0, 'userpin')  # 0 is still the slot number, ‘userpin’ should be replaced by your password (None if PED or no challenge)

# Get some default templates
# They are simple python dictionaries, and can be modified to suit needs.
pub_template, priv_template = get_default_key_pair_template(CKM_RSA_PKCS_KEY_PAIR_GEN)

# Modifying template would look like:
pub_template[CKA_LABEL] = b"RSA PKCS Pub Key"
pub_template[CKA_MODULUS_BITS] = 2048   # 2048 key size

pubkey, privkey = c_generate_key_pair_ex(auth_session, CKM_RSA_PKCS_KEY_PAIR_GEN, pub_template, priv_template)
print("Generated Private key at %s and Public key at %s" % (privkey, pubkey))

c_logout_ex(auth_session)
c_close_session_ex(auth_session)
c_finalize_ex()

Getting Started¶

To use pycryptoki, you must have SafeNet LunaClient installed.

Installation¶

Pycryptoki can be installed on any machine that has Python installed. Python versions >= 2.7 are supported.:

pip install git+https://github.com/gemalto/pycryptoki

Pycryptoki will attempt to auto-locate the SafeNet Cryptoki shared library when pycryptoki is first called. It will use the configuration files as defined by the LunaClient documentation to determine which library to use.

Simple Example¶

This example will print out information about the given token slot.

from pycryptoki.session_management import (c_initialize_ex,
                                           c_get_info_ex,
                                           get_firmware_version,
                                           c_get_token_info_ex,
                                           c_finalize_ex)


c_initialize_ex()
print("C_GetInfo: ")
print("\n".join("\t{}: {}".format(x, y) for x, y in c_get_info_ex().items()))
token_info = c_get_token_info_ex(0)
print("C_GetTokenInfo:")
print("\n".join("\t{}: {}".format(x, y) for x, y in token_info.items()))
print("Firmware version: {}".format(get_firmware_version(0)))

c_finalize_ex()

Examples¶

Generating an RSA Key Pair¶

This example creates a 1024b RSA Key Pair.

from pycryptoki.session_management import (c_initialize_ex, c_finalize_ex,
                                           c_open_session_ex, c_close_session_ex,
                                           login_ex)
from pycryptoki.defines import CKM_RSA_PKCS_KEY_PAIR_GEN
from pycryptoki.key_generator import c_generate_key_pair_ex

c_initialize_ex()
session = c_open_session_ex(0)      # 0 -> slot number
login_ex(session, 0, 'userpin')     # 0 -> Slot number, 'userpin' -> token password

# Templates are dictionaries in pycryptoki
pub_template = {CKA_TOKEN: True,
                CKA_PRIVATE: True,
                CKA_MODIFIABLE: True,
                CKA_ENCRYPT: True,
                CKA_VERIFY: True,
                CKA_WRAP: True,
                CKA_MODULUS_BITS: 1024,  # long 0 - MAX_RSA_KEY_NBITS
                CKA_PUBLIC_EXPONENT: 3,  # byte
                CKA_LABEL: b"RSA Public Key"}
priv_template = {CKA_TOKEN: True,
                 CKA_PRIVATE: True,
                 CKA_SENSITIVE: True,
                 CKA_MODIFIABLE: True,
                 CKA_EXTRACTABLE: True,
                 CKA_DECRYPT: True,
                 CKA_SIGN: True,
                 CKA_UNWRAP: True,
                 CKA_LABEL: b"RSA Private Key"}

pub_key, priv_key = c_generate_key_pair_ex(session,
                                           mechanism=CKM_RSA_PKCS_KEY_PAIR_GEN,
                                           pbkey_template=pub_template,
                                           prkey_template=priv_template)

c_close_session_ex(session)
c_finalize_ex()

Encrypting data with AES-CBC-PAD¶

This example generates a 24-byte AES key, then encrypts some data with that key using the AES-CBC-PAD mechanism.

from pycryptoki.session_management import (c_initialize_ex, c_finalize_ex,
                                           c_open_session_ex, c_close_session_ex,
                                           login_ex)
from pycryptoki.defines import (CKM_AES_KEY_GEN,
                                CKA_LABEL,
                                CKA_ENCRYPT,
                                CKA_DECRYPT,
                                CKA_TOKEN,
                                CKA_CLASS,
                                CKA_KEY_TYPE,
                                CKK_AES,
                                CKO_SECRET_KEY,
                                CKA_SENSITIVE,
                                CKA_WRAP,
                                CKA_UNWRAP,
                                CKA_DERIVE,
                                CKA_VALUE_LEN,
                                CKA_EXTRACTABLE,
                                CKA_PRIVATE,
                                CKM_AES_CBC_PAD)
from pycryptoki.key_generator import c_generate_key_ex
from pycryptoki.encryption import c_encrypt_ex
from pycryptoki.conversions import to_bytestring, from_hex
from pycryptoki.mechanism import Mechanism

c_initialize_ex()
session = c_open_session_ex(0)      # 0 = slot number
login_ex(session, 0, 'userpin')        # 'userpin' = token password


template = {CKA_LABEL: b"Sample AES Key",
            CKA_ENCRYPT: True,
            CKA_DECRYPT: True,
            CKA_TOKEN: False,
            CKA_CLASS: CKO_SECRET_KEY,
            CKA_KEY_TYPE: CKK_AES,
            CKA_SENSITIVE: True,
            CKA_PRIVATE: True,
            CKA_WRAP: True,
            CKA_UNWRAP: True,
            CKA_DERIVE: True,
            CKA_VALUE_LEN: 24,
            CKA_EXTRACTABLE: True,}
aes_key = c_generate_key_ex(session, CKM_AES_KEY_GEN, template)

# Data is in hex format here
raw_data = "d0d77c63ab61e75a5fd4719fa77cc2de1d817efedcbd43e7663736007672e8c7"

# Convert to raw bytes before passing into c_encrypt:
data_to_encrypt = to_bytestring(from_hex(raw_data))


# Note: this is *bad crypto practice*! DO NOT USE STATIC IVS!!
mechanism = Mechanism(mech_type=CKM_AES_CBC_PAD,
                      params={"iv": list(range(16))})
static_iv_encrypted_data = c_encrypt_ex(session, aes_key, data_to_encrypt, mechanism)

c_close_session_ex(session)
c_finalize_ex()

Finding a key and decrypting Data¶

This example follows from the previous one, except instead of generating a key, we’ll find one that was already used.

from pycryptoki.session_management import (c_initialize_ex, c_finalize_ex,
                                           c_open_session_ex, c_close_session_ex,
                                           login_ex)
from pycryptoki.object_attr_lookup import c_find_objects_ex
from pycryptoki.defines import (CKM_AES_KEY_GEN,
                                CKA_LABEL,
                                CKA_ENCRYPT,
                                CKA_DECRYPT,
                                CKA_TOKEN,
                                CKA_CLASS,
                                CKA_KEY_TYPE,
                                CKK_AES,
                                CKO_SECRET_KEY,
                                CKA_SENSITIVE,
                                CKA_WRAP,
                                CKA_UNWRAP,
                                CKA_DERIVE,
                                CKA_VALUE_LEN,
                                CKA_EXTRACTABLE,
                                CKA_PRIVATE,
                                CKM_AES_CBC_PAD)
from pycryptoki.encryption import c_decrypt_ex
from pycryptoki.conversions import to_bytestring, from_hex
from pycryptoki.mechanism import Mechanism

c_initialize_ex()
session = c_open_session_ex(0)      # 0 = slot number
login_ex(session, 0, 'userpin')        # 'userpin' = token password

template = {CKA_LABEL: b"Sample AES key"}

keys = c_find_objects_ex(session, template, 1)
aes_key = keys.pop(0) # Use the first key found.

# Data is in hex format here
raw_data = "95e28bc6da451f3064d688dd283c5c43a5dd374cb21064df836e2970e1024c2448f129062aacbae3e45abd098b893346"

# Convert to raw bytes before passing into c_decrypt:
data_to_decrypt = to_bytestring(from_hex(raw_data))


# Note: this is *bad crypto practice*! DO NOT USE STATIC IVS!!
mechanism = Mechanism(mech_type=CKM_AES_CBC_PAD,
                      params={"iv": list(range(16))})
original_data = c_decrypt_ex(session, aes_key, data_to_decrypt, mechanism)

c_close_session_ex(session)
c_finalize_ex()

Frequent Issues ¶

Contents

Frequent Issues

Wrong data type ¶

Any cryptographic function working on data (ex. c_encrypt, c_unwrap) will expect a bytestring. A string object in Python2 is by default a bytestring, but in Python3 is a unicode string.

For example:

c_encrypt(session, key, "this is some test data", mechanism)

Will work in Python 2, but NOT Python 3. Instead, use the pycryptoki.conversions module to ensure that any data you pass into the cryptoki library is of the correct form.

Another ‘gotcha’ is that hex data represented as a string that is then used in an encrypt call would result in 2x the length of expected data:

from pycryptoki.conversions import to_bytestring, from_hex
hex_data = "deadbeef"
assert len(hex_data) == 8
raw_data = list(from_hex(hex_data))
assert len(raw_data) == 4
print (raw_data)
# Prints: [222, 173, 190, 239]

Another example:

from pycryptoki.conversions import to_bytestring, from_hex
some_hex_data = "06abde23df89"
data_to_encrypt = to_bytestring(from_hex(some_hex_data))
c_encrypt(session, key, data_to_encrypt, mechanism)

Note

See this article for more details about the differences between unicode and bytestrings in: python: http://lucumr.pocoo.org/2014/1/5/unicode-in-2-and-3/

Internal Initialization Vectors ¶

When you use an internal IV for AES mechanisms, the IV is appended to the cipher text. This needs to be stripped off and used to create the mechanism for decryption:

from pycryptoki.encryption import c_encrypt_ex

data_to_encrypt = b"a" * 64
mech = Mechanism(CKM_AES_KW,
                 params={"iv": []}) # Uses an internal IV

enc_data = c_encrypt_ex(session, key, data_to_encrypt, mech)
iv = enc_data[-16:] # Strip off the last 16 bytes of the encrypted data.
decrypt_mech = Mechanism(CKM_AES_KW,
                         params={"iv": iv})
decrypted_data = c_decrypt_ex(session, key, enc_data[:-16], decrypt_mech)

PKCS11 Calling Conventions ¶

The PKCS11 library has two main methods for returning data to the caller:

Pycryptoki will let you perform either method for any function that returns data in a variable-length buffer with the output_buffer keyword argument. This argument takes either an integer, or a list of integers. The integer specifies the size of the buffer to use for the returned output. This means if you use a very small integer, you could get back CKR_BUFFER_TOO_SMALL (and you could also allocate a buffer that is incredibly large – limited by the memory of your system).

By default, pycryptoki will use method #2 (querying the library for buffer size):

data = b"deadbeef"
c_decrypt_ex(session, key, data, mechanism)

Will result in the raw underlying PKCS11 calls:

DEBUG: Cryptoki call: C_DecryptInit(8, <pycryptoki.cryptoki.CK_MECHANISM object at 0x7f693480c598>, c_ulong(26))
DEBUG: Cryptoki call: C_Decrypt(8, <pycryptoki.cryptoki.LP_c_ubyte object at 0x7f69347df598>, c_ulong(2056), None, <pycryptoki.cryptoki.LP_c_ulong object at 0x7f69347dfbf8>)
DEBUG: Allocating <class 'ctypes.c_ubyte'> buffer of size: 2048
DEBUG: Cryptoki call: C_Decrypt(8, <pycryptoki.cryptoki.LP_c_ubyte object at 0x7f69347df598>, c_ulong(2056), <pycryptoki.cryptoki.LP_c_ubyte object at 0x7f693498c9d8>, <pycryptoki.cryptoki.LP_c_ulong object at 0x7f693498c840>)

Note

None in python is the equivalent to NULL in C.

An example using a pre-allocated buffer:

data = b"deadbeef"
c_decrypt_ex(session, key, data, mechanism, output_buffer=0xffff)

And the resulting PKCS11 calls:

DEBUG: Cryptoki call: C_DecryptInit(8, <pycryptoki.cryptoki.CK_MECHANISM object at 0x7f693480c598>, c_ulong(26))
DEBUG: Allocating <class 'ctypes.c_ubyte'> buffer of size: 2048
DEBUG: Cryptoki call: C_Decrypt(8, <pycryptoki.cryptoki.LP_c_ubyte object at 0x7f69347df598>, c_ulong(2056), <pycryptoki.cryptoki.LP_c_ubyte object at 0x7f693498c9d8>, <pycryptoki.cryptoki.LP_c_ulong object at 0x7f693498c840>)

For multi-part operations, output_buffer should be a list of integers of equal size to the number of parts in the operation:

data = [b"a" * 8, b"b" * 8, b"c" * 8, b"d" * 8]
output_buffer = [0xffff] * len(data)  # Equivalent to: [0xffff, 0xffff, 0xffff, 0xffff]
c_encrypt_ex(session, key, data, mechanism, output_buffer=output_buffer)

For a multi-part operation that returns data in the C_*Final function, the output buffer will be equivalent to the largest buffer size specified in the output_buffer list.

API Reference¶

There are some general guidelines to using pycryptoki:

Session/Token Management ¶

Modules for Token and session creation and management.

Contents

Session/Token Management
- Session Management
- Token Management

Session Management ¶

Methods responsible for managing a user’s session and login/c_logout

pycryptoki.session_management.c_initialize(flags=None, init_struct=None)[source]¶

Initializes current process for use with PKCS11.

Some sample flags:

See the PKCS11 documentation for more details.

Parameters:	flags (int) – Flags to be set within InitArgs Struct. (Default = None) init_struct – InitArgs structure (Default = None)
Returns:	Cryptoki return code.

pycryptoki.session_management.c_initialize_ex(flags=None, init_struct=None)¶

Executes c_initialize(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.c_finalize()[source]¶

Finalizes PKCS11 library.

Returns:	Cryptoki return code

pycryptoki.session_management.c_finalize_ex()¶

Executes c_finalize(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.c_open_session(slot_num, flags=6)[source]¶

Opens a session on the given slot

Parameters:	slot_num (int) – The slot to get a session on flags (int) – The flags to open the session with (Default value = (CKF_SERIAL_SESSION \| CKF_RW_SESSION)
Returns:	(retcode, session handle)
Return type:	tuple

pycryptoki.session_management.c_open_session_ex(slot_num, flags=6)¶

Executes c_open_session(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.login(h_session, slot_num=1, password=None, user_type=1)[source]¶

Login to the given session.

Parameters:	h_session (int) – Session handle slot_num (int) – Slot index to login on (Default value = 1) password (bytes) – Password to login with (Default value = “userpin”) user_type (int) – User type to login as (Default value = 1)
Returns:	retcode
Return type:	int

pycryptoki.session_management.login_ex(h_session, slot_num=1, password=None, user_type=1)¶

Executes login(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.c_get_info()[source]¶

Get general information about the Cryptoki Library

Returns a dictionary containing the following keys:

cryptokiVersion and libraryVersion are CK_VERSION structs, and the major/minor values can be accessed directly (info['cryptokiVersion'].major == 2)

Returns:	(retcode, info dictionary)

pycryptoki.session_management.c_get_info_ex()¶

Executes c_get_info(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.c_get_slot_list(token_present=True)[source]¶

Get a list of all slots.

Parameters:	token_present (bool) – If true, will only return slots that have a token present.
Returns:	List of slots

pycryptoki.session_management.c_get_slot_list_ex(token_present=True)¶

Executes c_get_slot_list(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.c_get_slot_info(slot)[source]¶

Get information about the given slot number.

Parameters:	slot (int) – Target slot
Returns:	Dictionary of slot information

pycryptoki.session_management.c_get_slot_info_ex(slot)¶

Executes c_get_slot_info(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.c_get_session_info(session)[source]¶

Get information about the given session.

Parameters:	session (int) – session handle
Returns:	(retcode, dictionary of session information)
Return type:	tuple

pycryptoki.session_management.c_get_session_info_ex(session)¶

Executes c_get_session_info(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.c_get_token_info(slot_id, rstrip=True)[source]¶

Gets the token info for a given slot id

Parameters:	slot_id (int) – Token slot ID rstrip (bool) – If true, will strip trailing whitespace from char data.
Returns:	(retcode, A python dictionary representing the token info)
Return type:	tuple

pycryptoki.session_management.c_get_token_info_ex(slot_id, rstrip=True)¶

Executes c_get_token_info(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.get_slot_dict(token_present=False)[source]¶

Compiles a dictionary of the available slots

Returns:	A python dictionary of the available slots

pycryptoki.session_management.get_slot_dict_ex(token_present=False)¶

Executes get_slot_dict(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.c_close_session(h_session)[source]¶

Closes a session

Parameters:	h_session (int) – Session handle
Returns:	retcode
Return type:	int

pycryptoki.session_management.c_close_session_ex(h_session)¶

Executes c_close_session(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.c_logout(h_session)[source]¶

Logs out of a given session

Parameters:	h_session (int) – Session handle
Returns:	retcode
Return type:	int

pycryptoki.session_management.c_logout_ex(h_session)¶

Executes c_logout(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.c_init_pin(h_session, pin)[source]¶

Initializes the PIN

Parameters:	h_session (int) – Session handle pin – pin to c_initialize
Returns:	THe result code

pycryptoki.session_management.c_init_pin_ex(h_session, pin)¶

Executes c_init_pin(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.ca_factory_reset(slot)[source]¶

Does a factory reset on a given slot

Parameters:	slot – The slot to do a factory reset on
Returns:	The result code

pycryptoki.session_management.ca_factory_reset_ex(slot)¶

Executes ca_factory_reset(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.c_set_pin(h_session, old_pass, new_pass)[source]¶

Allows a user to change their PIN

Parameters:	h_session (int) – Session handle old_pass – The user’s old password new_pass – The user’s desired new password
Returns:	The result code

pycryptoki.session_management.c_set_pin_ex(h_session, old_pass, new_pass)¶

Executes c_set_pin(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.c_close_all_sessions(slot)[source]¶

Closes all the sessions on a given slot

Parameters:	slot – The slot to close all sessions on
Returns:	retcode
Return type:	int

pycryptoki.session_management.c_close_all_sessions_ex(slot)¶

Executes c_close_all_sessions(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.ca_openapplicationID(slot, id_high, id_low)[source]¶

Open an application ID on the given slot.

Parameters:	slot (int) – Slot on which to open the APP ID id_high (int) – High value of App ID id_low (int) – Low value of App ID
Returns:	retcode
Return type:	int

pycryptoki.session_management.ca_openapplicationID_ex(slot, id_high, id_low)¶

Executes ca_openapplicationID(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.ca_closeapplicationID(slot, id_high, id_low)[source]¶

Close a given AppID on a slot.

Parameters:	slot (int) – Slot on which to close the APP ID id_high (int) – High value of App ID id_low (int) – Low value of App ID
Returns:	retcode
Return type:	int

pycryptoki.session_management.ca_closeapplicationID_ex(slot, id_high, id_low)¶

Executes ca_closeapplicationID(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.ca_setapplicationID(id_high, id_low)[source]¶

Set the App ID for the current process.

Parameters:	id_high (int) – High value of App ID id_low (int) – Low value of App ID
Returns:	retcode
Return type:	int

pycryptoki.session_management.ca_setapplicationID_ex(id_high, id_low)¶

Executes ca_setapplicationID(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.ca_restart(slot)[source]¶

Parameters:	slot –

pycryptoki.session_management.ca_restart_ex(slot)¶

Executes ca_restart(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.get_firmware_version(slot)[source]¶

Returns a string representing the firmware version of the given slot.

It will first try to call CA_GetFirmwareVersion, and if that fails (not present on older cryptoki libraries), will call C_GetTokenInfo.

Parameters:	slot (int) – Token slot number
Returns:	Firmware String in the format “X.Y.Z”, where X is major, Y is minor, Z is subminor.
Return type:	str

Token Management ¶

Created on Aug 24, 2012

@author: mhughes

pycryptoki.token_management.c_init_token(slot_num, password, token_label='Main Token')[source]¶

Initializes at token at a given slot with the proper password and label

Parameters:	slot_num – The index of the slot to c_initialize a token in password – The password to c_initialize the slot with token_label – The label to c_initialize the slot with (Default value = ‘Main Token’)
Returns:	The result code

pycryptoki.token_management.c_init_token_ex(slot_num, password, token_label='Main Token')¶

Executes c_init_token(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.token_management.get_token_by_label(label)[source]¶

Iterates through all the tokens and returns the first token that has a label that is identical to the one that is passed in

Parameters:	label – The label of the token to search for
Returns:	The result code, The slot of the token

pycryptoki.token_management.get_token_by_label_ex(label)¶

Executes get_token_by_label(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.token_management.c_get_mechanism_list(slot)[source]¶

Gets the list of mechanisms from the HSM

Parameters:	slot – The slot number to get the mechanism list on
Returns:	The result code, A python dictionary representing the mechanism list

pycryptoki.token_management.c_get_mechanism_list_ex(slot)¶

Executes c_get_mechanism_list(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.token_management.c_get_mechanism_info(slot, mechanism_type)[source]¶

Gets a mechanism’s info

Parameters:	slot – The slot to query mechanism_type – The type of the mechanism to get the information for
Returns:	The result code, The mechanism info

pycryptoki.token_management.c_get_mechanism_info_ex(slot, mechanism_type)¶

Executes c_get_mechanism_info(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.token_management.ca_get_token_policies(slot)[source]¶

Get the policies of the given slot.

Parameters:	slot (int) – Target slot number
Returns:	retcode, {id: val} dict of policies (None if command failed)

pycryptoki.token_management.ca_get_token_policies_ex(slot)¶

Executes ca_get_token_policies(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Key Generation and Management ¶

Contents

Key Generation and Management

Key Generation ¶

Methods used to generate keys.

pycryptoki.key_generator.c_copy_object(h_session, h_object, template=None)[source]¶

Method to call the C_CopyObject cryptoki command.

Parameters:	h_session (int) – Session handle h_object (int) – Handle to the object to be cloned template (dict) – Template for the new object. Defaults to None
Returns:	(retcode, Handle to the new cloned object)
Return type:	tuple

pycryptoki.key_generator.c_copy_object_ex(h_session, h_object, template=None)¶

Executes c_copy_object(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.key_generator.c_derive_key(h_session, h_base_key, template, mechanism=None)[source]¶

Derives a key from another key.

Parameters:	h_session (int) – Session handle h_base_key (int) – The base key template (dict) – A python template of attributes to set on derived key mechanism – See the `parse_mechanism()` function for possible values.
Returns:	The result code, The derived key’s handle

pycryptoki.key_generator.c_derive_key_ex(h_session, h_base_key, template, mechanism=None)¶

Executes c_derive_key(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.key_generator.c_destroy_object(h_session, h_object_value)[source]¶

Deletes the object corresponsing to the passed in object handle

Parameters:	h_session (int) – Session handle h_object_value (int) – The handle of the object to delete
Returns:	Return code

pycryptoki.key_generator.c_destroy_object_ex(h_session, h_object_value)¶

Executes c_destroy_object(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.key_generator.c_generate_key(h_session, mechanism=None, template=None)[source]¶

Generates a symmetric key of a given flavor given the correct template.

Parameters:	h_session (int) – Session handle template (dict) – The template to use to generate the key mechanism – See the `parse_mechanism()` function for possible values.
Returns:	(retcode, generated key handle)
Rtype tuple:

pycryptoki.key_generator.c_generate_key_ex(h_session, mechanism=None, template=None)¶

Executes c_generate_key(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.key_generator.c_generate_key_pair(h_session, mechanism=None, pbkey_template=None, prkey_template=None)[source]¶

Generates a private and public key pair for a given flavor, and given public and private key templates. The return value will be the handle for the key.

Parameters:	h_session (int) – Session handle pbkey_template (dict) – The public key template to use for key generation prkey_template (dict) – The private key template to use for key generation mechanism – See the `parse_mechanism()` function for possible values.
Returns:	(retcode, public key handle, private key handle)
Return type:	tuple

pycryptoki.key_generator.c_generate_key_pair_ex(h_session, mechanism=None, pbkey_template=None, prkey_template=None)¶

Executes c_generate_key_pair(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.key_generator.clear_keys(h_session)[source]¶

Quick hacked together function that can be used to clear the first 10 000 keys.

Parameters:	h_session (int) – Session handle

Key Management ¶

Methods responsible for key management

pycryptoki.key_management.ca_generatemofn(h_session, m_value, vector_value, vector_count, is_secure_port_used)[source]¶

Generates MofN secret information on a token.

Parameters:	h_session (int) – Session handle m_value – m vector_count – number of vectors is_secure_port_used – is secure port used vector_value –
Returns:	the result code

pycryptoki.key_management.ca_generatemofn_ex(h_session, m_value, vector_value, vector_count, is_secure_port_used)¶

Executes ca_generatemofn(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.key_management.ca_modifyusagecount(h_session, h_object, command_type, value)[source]¶

Modifies CKA_USAGE_COUNT attribute of the object.

Parameters:	h_session (int) – Session handle h_object – object command_type – command type value – value
Returns:	the result code

pycryptoki.key_management.ca_modifyusagecount_ex(h_session, h_object, command_type, value)¶

Executes ca_modifyusagecount(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Key Usage ¶

Methods responsible for key usage

pycryptoki.key_usage.ca_clonemofn(h_session)[source]¶

Clones MofN secret from one token to another.

Parameters:	h_session (int) – Session handle
Returns:	the result code

pycryptoki.key_usage.ca_clonemofn_ex(h_session)¶

Executes ca_clonemofn(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.key_usage.ca_duplicatemofn(h_session)[source]¶

Duplicates a set of M of N vectors.

Parameters:	h_session (int) – Session handle
Returns:	the result code

pycryptoki.key_usage.ca_duplicatemofn_ex(h_session)¶

Executes ca_duplicatemofn(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Encryption/Decryption ¶

Contents

Encryption/Decryption

Encryption ¶

pycryptoki.encryption.c_encrypt(h_session, h_key, data, mechanism, output_buffer=None)[source]¶

Encrypts data with a given key and encryption flavor encryption flavors

Note

If data is a list or tuple of strings, multi-part encryption will be used.

Parameters:	h_session (int) – Current session h_key (int) – The key handle to encrypt the data with data – The data to encrypt, either a bytestring or a list of bytestrings. If this is a list a multipart operation will be used Note This will be converted to hexadecimal by calling: to_hex(from_bytestring(data)) If you need to pass in raw hex data, call: to_bytestring(from_hex(hex-data)) References: `to_hex()` `from_hex()` `to_bytestring()` `from_bytestring()` mechanism – See the `parse_mechanism()` function for possible values. output_buffer (list\|int) – Integer or list of integers that specify a size of output buffer to use for an operation. By default will query with NULL pointer buffer to get required size of buffer.
Returns:	(Retcode, Python bytestring of encrypted data)
Return type:	tuple

pycryptoki.encryption.c_encrypt_ex(h_session, h_key, data, mechanism, output_buffer=None)¶

Executes c_encrypt(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Decryption ¶

pycryptoki.encryption.c_decrypt(h_session, h_key, encrypted_data, mechanism, output_buffer=None)[source]¶

Decrypt given data with the given key and mechanism.

Note

If data is a list or tuple of strings, multi-part decryption will be used.

Parameters:	h_session (int) – The session to use h_key (int) – The handle of the key to use to decrypt encrypted_data (bytes) – Data to be decrypted Note Data will be converted to hexadecimal by calling: to_hex(from_bytestring(data)) If you need to pass in raw hex data, call: to_bytestring(from_hex(hex-data)) References: `to_hex()` `from_hex()` `to_bytestring()` `from_bytestring()` mechanism – See the `parse_mechanism()` function for possible values. output_buffer (list\|int) – Integer or list of integers that specify a size of output buffer to use for an operation. By default will query with NULL pointer buffer to get required size of buffer.
Returns:	(Retcode, Python bytestring of decrypted data))
Return type:	tuple

pycryptoki.encryption.c_decrypt_ex(h_session, h_key, encrypted_data, mechanism, output_buffer=None)¶

Executes c_decrypt(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Key Wrapping/Unwrapping ¶

pycryptoki.encryption.c_wrap_key(h_session, h_wrapping_key, h_key, mechanism, output_buffer=None)[source]¶

Wrap a key off the HSM into an encrypted data blob.

Parameters:	h_session (int) – The session to use h_wrapping_key (int) – The handle of the key to use to wrap another key h_key (int) – The key to wrap based on the encryption flavor mechanism – See the `parse_mechanism()` function for possible values.
Returns:	(Retcode, python bytestring representing wrapped key)
Return type:	tuple

pycryptoki.encryption.c_wrap_key_ex(h_session, h_wrapping_key, h_key, mechanism, output_buffer=None)¶

Executes c_wrap_key(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.encryption.c_unwrap_key(h_session, h_unwrapping_key, wrapped_key, key_template, mechanism)[source]¶

Unwrap a key from an encrypted data blob.

Parameters:	h_session (int) – The session to use h_unwrapping_key (int) – The wrapping key handle wrapped_key (bytes) – The wrapped key Note Data will be converted to hexadecimal by calling: to_hex(from_bytestring(data)) If you need to pass in raw hex data, call: to_bytestring(from_hex(hex-data)) References: `to_hex()` `from_hex()` `to_bytestring()` `from_bytestring()` key_template (dict) – The python template representing the new key’s template mechanism – See the `parse_mechanism()` function for possible values.
Returns:	(Retcode, unwrapped key handle)
Return type:	tuple

pycryptoki.encryption.c_unwrap_key_ex(h_session, h_unwrapping_key, wrapped_key, key_template, mechanism)¶

Executes c_unwrap_key(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Multipart Helper ¶

pycryptoki.encryption.do_multipart_operation(h_session, c_update_function, c_finalize_function, input_data_list, output_buffer=None)[source]¶

Some code which will do a multipart encrypt or decrypt since they are the same with just different functions called

Parameters:

h_session (int) – Session handle
c_update_function – C_<NAME>Update function to call to update each operation.
c_finalize_function – Function to call at end of multipart operation.
input_data_list –
List of data to call update function on.
Note

Data will be converted to hexadecimal by calling:
```
to_hex(from_bytestring(data))
```
If you need to pass in raw hex data, call:
```
to_bytestring(from_hex(hex-data))
```
References:
output_buffer (list) – List of integers that specify a size of output buffers to use for multi-part operations. By default will query with NULL pointer buffer to get required size of buffer

Sign/Verify operations ¶

Contents

Sign/Verify operations
- Sign
- Verify

Sign ¶

pycryptoki.sign_verify.c_sign(h_session, h_key, data_to_sign, mechanism, output_buffer=None)[source]¶

Signs the given data with given key and mechanism.

Note

If data is a list or tuple of strings, multi-part operations will be used.

Parameters:	h_session (int) – Session handle data_to_sign – The data to sign, either a string or a list of strings. If this is a list a multipart operation will be used (using C_…Update and C_…Final) ex: ”This is a proper argument of some data to use in the function” [“This is another format of data this”, “function will accept.”, “It will operate on these strings in parts”] h_key (int) – The signing key mechanism – See the `parse_mechanism()` function for possible values. output_buffer (list\|int) – Integer or list of integers that specify a size of output buffer to use for an operation. By default will query with NULL pointer buffer to get required size of buffer.
Returns:	(retcode, python string of signed data)
Return type:	tuple

pycryptoki.sign_verify.c_sign_ex(h_session, h_key, data_to_sign, mechanism, output_buffer=None)¶

Executes c_sign(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Verify ¶

pycryptoki.sign_verify.c_verify(h_session, h_key, data_to_verify, signature, mechanism)[source]¶

Verifies data with the given signature, key and mechanism.

Note

If data is a list or tuple of strings, multi-part operations will be used.

Parameters:

h_session (int) – Session handle
data_to_verify –
The data to sign, either a string or a list of strings. If this is a list a multipart operation will be used (using C_…Update and C_…Final)

ex:
- ”This is a proper argument of some data to use in the function”
- [“This is another format of data this”, “function will accept.”, “It will operate on these strings in parts”]
signature (bytes) – Signature with which to verify the data.
h_key (int) – The verifying key
mechanism – See the parse_mechanism() function for possible values.

Returns:

retcode of verify operation

pycryptoki.sign_verify.c_verify_ex(h_session, h_key, data_to_verify, signature, mechanism)¶

Executes c_verify(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.sign_verify.do_multipart_verify(h_session, input_data_list, signature)[source]¶

Do a multipart verify operation

Parameters:	h_session (int) – Session handle input_data_list – list of data to verify with signature – signature to verify
Returns:	The result code

Attributes and Conversions ¶

Contents

Attributes and Conversions
- Conversions

This module contains a wrapper around the key attributes and the template struct generation to make it possible to create templates in python and easily convert them into templates in C.

pycryptoki.attributes.KEY_TRANSFORMS CK_ATTRIBUTE Types mapped to Python->C transformation functions¶

pycryptoki.attributes.ret_type(c_type)[source]¶

Decorator to set a returned C Type so we can determine what type to use for an AutoCArray

Parameters:	c_type – Default return-type of the transform function.

pycryptoki.attributes.to_long(val, reverse=False)[source]¶

Convert a integer/long value to a pValue, ulValueLen tuple

Parameters:	val – Value to convert reverse – Whether to convert from C -> Python
Returns:	(`ctypes.c_void_p` ptr to `ctypes.c_ulong`, `ctypes.c_ulong`

size of long value)

pycryptoki.attributes.to_bool(val, reverse=False)[source]¶

Convert a boolean-ish value to a pValue, ulValueLen tuple.

Parameters:	val – Value to convert reverse – Whether to convert from C -> Python
Returns:	(`ctypes.c_void_p` ptr to `pycryptoki.cryptoki.CK_BBOOL`,

ctypes.c_ulong size of bool value)

pycryptoki.attributes.to_char_array(val, reverse=False)[source]¶

Convert the given string or list of string values into a char array.

This is slightly different than to_byte_array, which has different assumptions as to the format of the input.

Parameters:	val – Value to convert reverse – Whether to convert from C -> Python
Returns:	(`ctypes.c_void_p` ptr to `pycryptoki.cryptoki.CK_CHAR` array,

ctypes.c_ulong size of array)

pycryptoki.attributes.to_ck_date(val, reverse=False)[source]¶

Transform a date string, date dictionary, or date object into a PKCS11 readable form (YYYYMMDD)

Parameters:	val – Value to convert reverse – Whether to convert from C -> Python
Returns:	(`ctypes.c_void_p` ptr to `pycryptoki.cryptoki.CK_CHAR` array,

ctypes.c_ulong size of array)

pycryptoki.attributes.to_pka_key_status(val, reverse=False)[source]¶

Transform a Per Key Authorization Key Status object into a PKCS11 readable byte string

Parameters:	val – Value to convert reverse – Whether to convert from C -> Python
Returns:	(`ctypes.c_void_p` ptr to `pycryptoki.cryptoki.CK_KEY_STATUS` object,

ctypes.c_ulong size of array)

pycryptoki.attributes.to_byte_array(val, reverse=False)[source]¶

Converts an arbitrarily sized integer, list, or byte array into a byte array.

It’ll zero-pad the bit length so it’s a multiple of 8, then convert the int to binary, split the binary string into sections of 8, then place each section into a slot in a ctypes.c_ubyte array (converting to small int).

Parameters:	val – Value to convert reverse – Whether to convert from C -> Python
Returns:	(`ctypes.c_void_p` ptr to `pycryptoki.cryptoki.CK_BYTE` array,

ctypes.c_ulong size of array)

pycryptoki.attributes.to_sub_attributes(val, reverse=False)[source]¶

Convert to another Attributes class & return the struct.

Parameters:	val – Value to convert reverse – Whether to convert from C -> Python
Returns:	(`ctypes.c_void_p` ptr to `pycryptoki.cryptoki.CK_ATTRIBUTE` array,

ctypes.c_ulong size of array)

class pycryptoki.attributes.Attributes(*args, **kwargs)[source]¶

Python container for handling PKCS11 Attributes.

Provides get_c_struct(), that would returns a list of C Structs, each with the following structure:

class CK_ATTRIBUTE(Structure):
    '''
    Defines type, value and length of an attribute:

    c_ulong type;
    c_void_p pValue;
    c_ulong ulValueLen;
    '''
    pass

This list of structs can be used with C_GetAttributeValue() to get the length of the value that will be placed in pValue (will be set to ulValueLen), or if you already know the length required you can ‘blank fill’ pValue for direct use.

You can also provide new transformations in the form of a dictionary that will be preferred to the KEY_TRANSFORMS dictionary. This is passed in only as a keyword argument:

transform = {1L: lambda x: return x**2}`
attrs = Attributes({...}, new_transforms=transform)
# attrs.get_c_struct will use the lambda expression in the transform dictionary
# for key 1L

get_c_struct()[source]¶

Build an array of CK_ATTRIBUTE Structs & return it.

Returns:	`CK_ATTRIBUTE` array

static from_c_struct(c_struct)[source]¶

Build out a dictionary from a c_struct.

Parameters:	c_struct – Pointer to an array of `CK_ATTRIBUTE` structs
Returns:	dict

pycryptoki.attributes.c_struct_to_python(c_struct)[source]¶

Converts a C struct to a python dictionary.

Parameters:	c_struct – The c struct to convert into a dictionary in python
Returns:	Returns a python dictionary which represents the C struct passed in

pycryptoki.attributes.convert_c_ubyte_array_to_string(byte_array)[source]¶

Converts a ctypes unsigned byte array into a string.

Parameters:	byte_array –

Conversions ¶

Provide low-level conversions between common data types.

The from_xyz functions should all return an iterator over a list of integers, representing the individual bytes in the passed-in value.

The to_xyz functions take in an iterable of integers and convert it to the specified type.

Example 1

Convert a raw bytestring to hex¶

raw_bytes = from_bytestring(b"Some test data")
assert raw_bytes = [83, 111, 109, 101, 32, 116, 101, 115, 116, 32, 100, 97, 116, 97]

hex_data = to_hex(from_bytestring(b"Some test data"))
assert hex_data == b'536f6d6520746573742064617461'

Example 2

Convert hex data to a raw bytestring¶

bytestring_data = to_bytestring(from_hex(b'536f6d6520746573742064617461'))
assert bytestring_data == b"Some test data"

raw_bytes = list(from_hex(b'536f6d6520746573742064617461'))
assert raw_bytes == [83, 111, 109, 101, 32, 116, 101, 115, 116, 32, 100, 97, 116, 97]

pycryptoki.conversions.from_bytestring(ascii_)[source]¶

Convert an iterable of strings into an iterable of integers.

Note

For bytestrings on python3, this does effectively nothing, since iterating over a bytestring in python 3 will return integers.

Parameters:	ascii – String to convert
Returns:	iterator

pycryptoki.conversions.to_bytestring(ascii_)[source]¶

Convert an iterable of integers into a bytestring.

Parameters:	ascii (iterable) – Iterable of integers
Returns:	bytestring

pycryptoki.conversions.from_bin(bin_)[source]¶

Convert a string-representation of binary into a list of integers.

Parameters:	bin (str) – String representation of binary data (ex: “10110111”)
Returns:	iterator over integers

pycryptoki.conversions.to_bin(ascii_)[source]¶

Convert an iterable of integers to a binary representation.

Parameters:	ascii (iterable) – iterable of integers
Returns:	bytestring of the binary values

pycryptoki.conversions.from_hex(hex_)[source]¶

Convert a hexademical string to an iterable of integers.

Parameters:	hex (str) – Hex string
Returns:	Iterator

pycryptoki.conversions.to_hex(ints)[source]¶

Convert an iterable of integers to a hexadecimal string.

Parameters:	ints (iterable) – Iterable of integers
Returns:	bytestring representing the hex data.

Mechanisms ¶

Contents

Mechanisms

Conversions for pure-python dictionaries to C struct mechanisms.

To implement a new Mechanism:

Create a new mechanism class, deriving from Mechanism
Set REQUIRED_PARAMS as a class variable. REQUIRED_PARAMS should be a list of strings, defining required parameter keys.
```
class IvMechanism(Mechanism):
    REQUIRED_PARAMS = ['iv']
```

Override to_c_mech() on the new mechanism class. This function can access self.params to get passed-in parameters, and should create the C parameter struct required by the mechanism. This should also return self.mech (which is a CK_MECHANISM struct).

Simple Example¶

class IvMechanism(Mechanism):
    REQUIRED_PARAMS = ['iv']

    def to_c_mech(self):
        super(IvMechanism, self).to_c_mech()
        if len(self.params['iv']) == 0:
            LOG.debug("Setting IV to NULL (using internal)")
            iv_ba = None
            iv_len = 0
        else:
            iv_ba, iv_len = to_byte_array(self.params['iv'])
        self.mech.pParameter = iv_ba
        self.mech.usParameterLen = iv_len
        return self.mech

Example with a PARAMS struct¶

class AESXTSMechanism(Mechanism):
    REQUIRED_PARAMS = ['cb', 'hTweakKey']

    def to_c_mech(self):
        super(AESXTSMechanism, self).to_c_mech()
        xts_params = CK_AES_XTS_PARAMS()
        xts_params.cb = (CK_BYTE * 16)(*self.params['cb'])
        xts_params.hTweakKey = CK_ULONG(self.params['hTweakKey'])
        self.mech.pParameter = cast(pointer(xts_params), c_void_p)
        self.mech.usParameterLen = CK_ULONG(sizeof(xts_params))
        return self.mech

Helpers ¶

Mechanism base class, as well as helper functions for parsing Mechanism arguments to pycryptoki functions.

class pycryptoki.mechanism.helpers.Mechanism(mech_type='UNKNOWN', params=None)[source]¶

Bases: object

Base class for pycryptoki mechanisms. Performs checks for missing parameters w/ created mechs, and creates the base Mechanism Struct for conversion to ctypes.

REQUIRED_PARAMS = []¶

to_c_mech()[source]¶

Create the Mechanism structure & set the mech type to the passed-in flavor.

Returns:	`CK_MECHANISM`

exception pycryptoki.mechanism.helpers.MechanismException[source]¶

Bases: Exception

Exception raised for mechanism errors. Ex: required parameters are missing

pycryptoki.mechanism.helpers.get_c_struct_from_mechanism(python_dictionary, params_type_string)[source]¶

Gets a c struct from a python dictionary representing that struct

Parameters:	python_dictionary – The python dictionary representing the C struct, see `CK_AES_CBC_PAD_EXTRACT_PARAMS` for an example params_type_string – A string representing the parameter struct. ex. for `CK_AES_CBC_PAD_EXTRACT_PARAMS` use the string `CK_AES_CBC_PAD_EXTRACT_PARAMS`
Returns:	A C struct

pycryptoki.mechanism.helpers.get_python_dict_from_c_mechanism(c_mechanism, params_type_string)[source]¶

Gets a python dictionary from a c mechanism’s struct for serialization and easier test case writing

Parameters:	c_mechanism – The c mechanism to convert to a python dictionary params_type_string – A string representing the parameter struct. ex. for `CK_AES_CBC_PAD_EXTRACT_PARAMS` use the string `CK_AES_CBC_PAD_EXTRACT_PARAMS`
Returns:	A python dictionary representing the c struct

pycryptoki.mechanism.helpers.parse_mechanism(mechanism_param)[source]¶

Designed for use with any function call that takes in a mechanism, this will handle a mechanism parameter that is one of the following:

Warning

If you’re using this with rpyc, you need to make sure the call to_c_mech occurs on the server (the machine with the HSM)! If you pass in a Mechanism class that was created on the client, the resulting call into to_c_mech() will also be on the client side!

Note

You can look at REQUIRED_PARAMS on each mechanism class to see what parameters are required.

Parameters:	mechanism_param – Parameter to convert to a C Mechanism.
Returns:	`CK_MECHANISM` struct.

AES Mechanisms ¶

AES-specific mechanism implementations.

class pycryptoki.mechanism.aes.AESCBCEncryptDataMechanism(mech_type='UNKNOWN', params=None)[source]¶

Bases: pycryptoki.mechanism.helpers.Mechanism

AES CBC mechanism for deriving keys from encrypted data.

REQUIRED_PARAMS = ['iv', 'data']¶

to_c_mech()[source]¶

Convert extra parameters to ctypes, then build out the mechanism.

Returns:	`CK_MECHANISM`

class pycryptoki.mechanism.aes.AESCTRMechanism(mech_type='UNKNOWN', params=None)[source]¶

Bases: pycryptoki.mechanism.helpers.Mechanism

AES CTR Mechanism param conversion.

REQUIRED_PARAMS = ['cb', 'ulCounterBits']¶

to_c_mech()[source]¶

Convert extra parameters to ctypes, then build out the mechanism.

Returns:	`CK_MECHANISM`

class pycryptoki.mechanism.aes.AESECBEncryptDataMechanism(mech_type='UNKNOWN', params=None)[source]¶

Bases: pycryptoki.mechanism.helpers.Mechanism

AES mechanism for deriving keys from encrypted data.

REQUIRED_PARAMS = ['data']¶

to_c_mech()[source]¶

Convert extra parameters to ctypes, then build out the mechanism.

Returns:	`CK_MECHANISM`

class pycryptoki.mechanism.aes.AESGCMMechanism(mech_type='UNKNOWN', params=None)[source]¶

Bases: pycryptoki.mechanism.helpers.Mechanism

Creates the AES-GCM specific param structure & converts python types to C types.

REQUIRED_PARAMS = ['iv', 'AAD', 'ulTagBits']¶

to_c_mech()[source]¶

Convert extra parameters to ctypes, then build out the mechanism.

Returns:	`CK_MECHANISM`

class pycryptoki.mechanism.aes.AESXTSMechanism(mech_type='UNKNOWN', params=None)[source]¶

Bases: pycryptoki.mechanism.helpers.Mechanism

Creates the AES-XTS specific param structure & converts python types to C types.

REQUIRED_PARAMS = ['cb', 'hTweakKey']¶

to_c_mech()[source]¶

Convert extra parameters to ctypes, then build out the mechanism.

Returns:	`CK_MECHANISM`

class pycryptoki.mechanism.aes.Iv16Mechanism(mech_type='UNKNOWN', params=None)[source]¶

Bases: pycryptoki.mechanism.helpers.Mechanism

Mech class for flavors that require an IV set in the mechanism. Will default to [1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8] if no IV is passed in

to_c_mech()[source]¶

Convert extra parameters to ctypes, then build out the mechanism.

Returns:	`CK_MECHANISM`

class pycryptoki.mechanism.aes.IvMechanism(mech_type='UNKNOWN', params=None)[source]¶

Bases: pycryptoki.mechanism.helpers.Mechanism

Mech class for flavors that require an IV set in the mechanism. Will default to [0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38] if no IV is passed in

to_c_mech()[source]¶

Convert extra parameters to ctypes, then build out the mechanism.

Returns:	`CK_MECHANISM`

Generic Mechanisms ¶

Generic Mechanisms conversions.

class pycryptoki.mechanism.generic.AutoMech(mech_type='UNKNOWN', params=None)[source]¶

Bases: pycryptoki.mechanism.helpers.Mechanism

An attempt to examine underlying C Struct and fill in the appropriate fields, making some assumptions about the data. This works best with parameter structs that only have CK_ULONGs within them (though there is a best-effort attempt to handle arrays).

Warning

Do not use this if the mechanism is already defined!

to_c_mech()[source]¶

Attempt to handle generic mechanisms by introspection of the structure.

Returns:	`CK_MECHANISM`

class pycryptoki.mechanism.generic.ConcatenationDeriveMechanism(mech_type='UNKNOWN', params=None)[source]¶

Bases: pycryptoki.mechanism.helpers.Mechanism

Mechanism class for key derivations. This will take in a second key handle in the parameters, and use it in the resulting Structure.

REQUIRED_PARAMS = ['h_second_key']¶

to_c_mech()[source]¶

Add in a pointer to the second key in the resulting mech structure.

Returns:	`CK_MECHANISM`

class pycryptoki.mechanism.generic.NullMech(mech_type='UNKNOWN', params=None)[source]¶

Bases: pycryptoki.mechanism.helpers.Mechanism

Class that creates a mechanism from a flavor with null parameters. Used mostly for signing mechanisms that really don’t need anything else.

to_c_mech()[source]¶

Simply set the pParameter to null pointer.

Returns:	`CK_MECHANISM`

class pycryptoki.mechanism.generic.StringDataDerivationMechanism(mech_type='UNKNOWN', params=None)[source]¶

Bases: pycryptoki.mechanism.helpers.Mechanism

Mechanism class for key derivation using passed in string data.

REQUIRED_PARAMS = ['data']¶

to_c_mech()[source]¶

Convert data to bytearray, then use in the resulting mech structure.

Returns:	`CK_MECHANISM`

RC Mechanisms ¶

RC-related Mechanism implementations

class pycryptoki.mechanism.rc.RC2CBCMechanism(mech_type='UNKNOWN', params=None)[source]¶

Bases: pycryptoki.mechanism.helpers.Mechanism

Creates required RC2CBC Param structure & converts python data to C data.

REQUIRED_PARAMS = ['usEffectiveBits', 'iv']¶

to_c_mech()[source]¶

Convert extra parameters to ctypes, then build out the mechanism.

Returns:	`CK_MECHANISM`

class pycryptoki.mechanism.rc.RC2Mechanism(mech_type='UNKNOWN', params=None)[source]¶

Bases: pycryptoki.mechanism.helpers.Mechanism

Sets the mechanism parameter to the usEffectiveBits

REQUIRED_PARAMS = ['usEffectiveBits']¶

to_c_mech()[source]¶

Convert extra parameters to ctypes, then build out the mechanism.

Returns:	`CK_MECHANISM`

class pycryptoki.mechanism.rc.RC5CBCMechanism(mech_type='UNKNOWN', params=None)[source]¶

Bases: pycryptoki.mechanism.helpers.Mechanism

Creates required RC5CBC Param structure & converts python data to C data.

REQUIRED_PARAMS = ['ulWordsize', 'ulRounds', 'iv']¶

to_c_mech()[source]¶

Convert extra parameters to ctypes, then build out the mechanism.

Returns:	`CK_MECHANISM`

class pycryptoki.mechanism.rc.RC5Mechanism(mech_type='UNKNOWN', params=None)[source]¶

Bases: pycryptoki.mechanism.helpers.Mechanism

Creates required RC5 Param structure & converts python data to C data.

REQUIRED_PARAMS = ['ulWordsize', 'ulRounds']¶

to_c_mech()[source]¶

Convert extra parameters to ctypes, then build out the mechanism.

Returns:	`CK_MECHANISM`

RSA Mechanisms ¶

RSA-related Mechanism implementations.

class pycryptoki.mechanism.rsa.RSAPKCSOAEPMechanism(mech_type='UNKNOWN', params=None)[source]¶

Bases: pycryptoki.mechanism.helpers.Mechanism

Create the required RSA_PKCS_OAEP param structure & convert python data to C data.

REQUIRED_PARAMS = ['hashAlg', 'mgf']¶

to_c_mech()[source]¶

Convert extra parameters to ctypes, then build out the mechanism.

Returns:	`CK_MECHANISM`

class pycryptoki.mechanism.rsa.RSAPKCSPSSMechanism(mech_type='UNKNOWN', params=None)[source]¶

Bases: pycryptoki.mechanism.helpers.Mechanism

Create the required RSA_PKCS_PSS param structure & convert python data to C data.

REQUIRED_PARAMS = ['hashAlg', 'mgf']¶

to_c_mech()[source]¶

Uses default salt length of 8. Can be overridden w/ a parameter though.

Returns:	`CK_MECHANISM`

Miscellaneous ¶

Contents

Miscellaneous

RNG, Digest, Creating Objects ¶

PKCS11 Interface to the following functions:

c_generate_random
c_seed_random
c_digest
c_digestkey
c_create_object
c_set_ped_id (CA_ function)
c_get_ped_id (CA_ function)

pycryptoki.misc.c_generate_random(h_session, length)[source]¶

Generates a sequence of random numbers

Parameters:	h_session (int) – Session handle length (int) – The length in bytes of the random number sequence
Returns:	(retcode, A string of random data)
Return type:	tuple

pycryptoki.misc.c_generate_random_ex(h_session, length)¶

Executes c_generate_random(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.misc.c_seed_random(h_session, seed)[source]¶

Seeds the random number generator

Parameters:	h_session (int) – Session handle seed (bytes) – A python string of some seed
Returns:	retcode
Return type:	int

pycryptoki.misc.c_seed_random_ex(h_session, seed)¶

Executes c_seed_random(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.misc.c_digest(h_session, data_to_digest, digest_flavor, mechanism=None, output_buffer=None)[source]¶

Digests some data

Parameters:	h_session (int) – Session handle data_to_digest (bytes) – The data to digest, either a string or a list of strings. If this is a list a multipart operation will be used digest_flavor (int) – The flavour of the mechanism to digest (MD2, SHA-1, HAS-160, SHA224, SHA256, SHA384, SHA512) mechanism – See the `parse_mechanism()` function for possible values. If None will use digest flavor. output_buffer (list\|int) – Integer or list of integers that specify a size of output buffer to use for an operation. By default will query with NULL pointer buffer to get required size of buffer.
Returns:	(retcode, a python string of the digested data)
Return type:	tuple

pycryptoki.misc.c_digest_ex(h_session, data_to_digest, digest_flavor, mechanism=None, output_buffer=None)¶

Executes c_digest(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.misc.c_digestkey(h_session, h_key, digest_flavor, mechanism=None)[source]¶

Digest a key

Parameters:	h_session (int) – Session handle h_key (int) – Key to digest digest_flavor (int) – Digest flavor mechanism – See the `parse_mechanism()` function for possible values. If None will use digest flavor.

pycryptoki.misc.c_digestkey_ex(h_session, h_key, digest_flavor, mechanism=None)¶

Executes c_digestkey(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.misc.c_create_object(h_session, template)[source]¶

Creates an object based on a given python template

Parameters:	h_session (int) – Session handle template (dict) – The python template which the object will be based on
Returns:	(retcode, the handle of the object)
Return type:	tuple

pycryptoki.misc.c_create_object_ex(h_session, template)¶

Executes c_create_object(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.misc.c_set_ped_id(slot, id)[source]¶

Set the PED ID for the given slot.

Parameters:	slot – slot number id – PED ID to use
Returns:	The result code

pycryptoki.misc.c_set_ped_id_ex(slot, id)¶

Executes c_set_ped_id(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.misc.c_get_ped_id(slot)[source]¶

Get the PED ID for the given slot.

Parameters:	slot – slot number
Returns:	The result code and ID

pycryptoki.misc.c_get_ped_id_ex(slot)¶

Executes c_get_ped_id(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Find Objects, Attribute Setting/Getting ¶

Functions for dealing with object attributes

pycryptoki.object_attr_lookup.c_find_objects(h_session, template, num_entries)[source]¶

Calls c_find_objects and c_find_objects_init to get a python dictionary of the objects found.

Parameters:	h_session (int) – Session handle template – A python dictionary of the object template to look for num_entries – The max number of entries to return
Returns:	Returns a list of handles of objects found

pycryptoki.object_attr_lookup.c_find_objects_ex(h_session, template, num_entries)¶

Executes c_find_objects(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.object_attr_lookup.c_get_attribute_value(h_session, h_object, template)[source]¶

Calls C_GetAttrributeValue to get an attribute value based on a python template

Parameters:	h_session (int) – Session handle h_object – The handle of the object to get attributes for template – A python dictionary representing the template of the attributes to be retrieved
Returns:	A python dictionary representing the attributes returned from the HSM/library

pycryptoki.object_attr_lookup.c_get_attribute_value_ex(h_session, h_object, template)¶

Executes c_get_attribute_value(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.object_attr_lookup.c_set_attribute_value(h_session, h_object, template)[source]¶

Calls C_SetAttributeValue to set an attribute value based on a python template

Parameters:	h_session (int) – Session handle h_object – The handle of the object to get attributes for template – A python dictionary representing the template of the attributes to be written
Returns:	A python dictionary representing the attributes returned from the HSM/library

pycryptoki.object_attr_lookup.c_set_attribute_value_ex(h_session, h_object, template)¶

Executes c_set_attribute_value(), and checks the retcode; raising an exception if the return code is not CKR_OK.

HSM Management ¶

Methods responsible for pycryptoki ‘hsm management’ set of commands.

pycryptoki.hsm_management.c_performselftest(slot, test_type, input_data, input_data_len)[source]¶

Test: Performs a self test for specified test type on a given slot.

Parameters:

slot – slot number
test_type – type of test CK_ULONG
input_data – pointer to input data CK_BYTE_PTR
input_data_len – input data length CK_ULONG

Returns:

the result code

[CK_SLOT_ID, CK_ULONG, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]

pycryptoki.hsm_management.c_performselftest_ex(slot, test_type, input_data, input_data_len)¶

Executes c_performselftest(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.hsm_management.ca_settokencertificatesignature(h_session, access_level, customer_id, pub_template, signature, signature_len)[source]¶

Completes the installation of a certificate on a token. The caller must supply a public key and a signature for token certificate. The public key is provided through the template; it must contain a key type, a modulus and a public exponent.

Parameters:	h_session (int) – Session handle access_level – the access level customer_id – the customer ID pub_template – the public template signature – the signature signature_len – the length in bytes of the signature
Returns:	the result code

pycryptoki.hsm_management.ca_settokencertificatesignature_ex(h_session, access_level, customer_id, pub_template, signature, signature_len)¶

Executes ca_settokencertificatesignature(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.hsm_management.ca_hainit(h_session, h_key)[source]¶

Creates a login key pair on the primary token.

Parameters:	h_session (int) – Session handle h_key – the login private key
Returns:	the result code

pycryptoki.hsm_management.ca_hainit_ex(h_session, h_key)¶

Executes ca_hainit(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.hsm_management.ca_createloginchallenge(h_session, user_type, challenge)[source]¶

Creates a login challenge for the given user.

Parameters:	h_session (int) – Session handle user_type – user type challenge – challenge
Returns:	the result code

pycryptoki.hsm_management.ca_createloginchallenge_ex(h_session, user_type, challenge)¶

Executes ca_createloginchallenge(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.hsm_management.ca_initializeremotepedvector(h_session)[source]¶

Initializes a remote PED vector

Parameters:	h_session (int) – Session handle
Returns:	the result code

pycryptoki.hsm_management.ca_initializeremotepedvector_ex(h_session)¶

Executes ca_initializeremotepedvector(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.hsm_management.ca_deleteremotepedvector(h_session)[source]¶

Deletes a remote PED vector

Parameters:	h_session (int) – Session handle
Returns:	the result code

pycryptoki.hsm_management.ca_deleteremotepedvector_ex(h_session)¶

Executes ca_deleteremotepedvector(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.hsm_management.ca_mtkrestore(slot)[source]¶

Restore the MTK

Parameters:	slot – slot number
Returns:	the result code

pycryptoki.hsm_management.ca_mtkrestore_ex(slot)¶

Executes ca_mtkrestore(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.hsm_management.ca_mtkresplit(slot)[source]¶

Resplit the MTK

Parameters:	slot – slot number
Returns:	the result code

pycryptoki.hsm_management.ca_mtkresplit_ex(slot)¶

Executes ca_mtkresplit(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.hsm_management.ca_mtkzeroize(slot)[source]¶

Zeroize the MTK

Parameters:	slot – slot number
Returns:	the result code

pycryptoki.hsm_management.ca_mtkzeroize_ex(slot)¶

Executes ca_mtkzeroize(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.hsm_management.ca_set_hsm_policy(h_session, policy_id, policy_val)[source]¶

Sets the HSM policies by calling CA_SetHSMPolicy

Parameters:	h_session (int) – Session handle policy_id – The ID of the policy being set policy_val – The value of the policy being set
Returns:	The result code

pycryptoki.hsm_management.ca_set_hsm_policy_ex(h_session, policy_id, policy_val)¶

Executes ca_set_hsm_policy(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.hsm_management.ca_set_hsm_policies(h_session, policies)[source]¶

Set multiple HSM policies.

Parameters:	h_session (int) – Session handle policies – dict of policy ID ints and value ints
Returns:	result code

pycryptoki.hsm_management.ca_set_hsm_policies_ex(h_session, policies)¶

Executes ca_set_hsm_policies(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.hsm_management.ca_set_destructive_hsm_policy(h_session, policy_id, policy_val)[source]¶

Sets the destructive HSM policies by calling CA_SetDestructiveHSMPolicy

Parameters:	h_session (int) – Session handle policy_id – The ID of the policy being set policy_val – The value of the policy being set
Returns:	The result code

pycryptoki.hsm_management.ca_set_destructive_hsm_policy_ex(h_session, policy_id, policy_val)¶

Executes ca_set_destructive_hsm_policy(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.hsm_management.ca_set_destructive_hsm_policies(h_session, policies)[source]¶

Set multiple HSM policies.

Parameters:	h_session (int) – Session handle policies – dict of policy ID ints and value ints
Returns:	result code

pycryptoki.hsm_management.ca_set_destructive_hsm_policies_ex(h_session, policies)¶

Executes ca_set_destructive_hsm_policies(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.hsm_management.ca_get_hsm_capability_set(slot)[source]¶

Get the capabilities of the given slot.

Parameters:	slot (int) – Target slot number
Returns:	retcode, {id: val} dict of capabilities (None if command failed)

pycryptoki.hsm_management.ca_get_hsm_capability_set_ex(slot)¶

Executes ca_get_hsm_capability_set(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.hsm_management.ca_get_hsm_capability_setting(slot, capability_id)[source]¶

Get the value of a single capability

Parameters:	slot – slot ID of slot to query capability_id – capability ID
Returns:	result code, CK_ULONG representing capability active or not

pycryptoki.hsm_management.ca_get_hsm_capability_setting_ex(slot, capability_id)¶

Executes ca_get_hsm_capability_setting(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.hsm_management.ca_get_hsm_policy_set(slot)[source]¶

Get the policies of the given slot.

Parameters:	slot (int) – Target slot number
Returns:	retcode, {id: val} dict of policies (None if command failed)

pycryptoki.hsm_management.ca_get_hsm_policy_set_ex(slot)¶

Executes ca_get_hsm_policy_set(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.hsm_management.ca_get_hsm_policy_setting(slot, policy_id)[source]¶

Get the value of a single policy

Parameters:	slot – slot ID of slot to query policy_id – policy ID
Returns:	result code, CK_ULONG representing policy active or not

pycryptoki.hsm_management.ca_get_hsm_policy_setting_ex(slot, policy_id)¶

Executes ca_get_hsm_policy_setting(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Audit Functions ¶

Methods responsible for managing a user’s session and login/c_logout

pycryptoki.audit_handling.ca_init_audit(slot, audit_pin, audit_label)[source]¶

Parameters:	slot – audit_pin – audit_label –

pycryptoki.audit_handling.ca_init_audit_ex(slot, audit_pin, audit_label)¶

Executes ca_init_audit(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.audit_handling.ca_time_sync(h_session, ultime)[source]¶

Parameters:	h_session (int) – Session handle ultime –

pycryptoki.audit_handling.ca_time_sync_ex(h_session, ultime)¶

Executes ca_time_sync(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.audit_handling.ca_get_time(h_session)[source]¶

Parameters:	h_session (int) – Session handle

pycryptoki.audit_handling.ca_get_time_ex(h_session)¶

Executes ca_get_time(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Backup Functions ¶

Backup related commands

pycryptoki.backup.ca_open_secure_token(h_session, storage_path, dev_ID, mode)[source]¶

Parameters:	h_session (int) – Session handle storage_path – dev_ID – mode –

pycryptoki.backup.ca_open_secure_token_ex(h_session, storage_path, dev_ID, mode)¶

Executes ca_open_secure_token(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.backup.ca_close_secure_token(h_session, h_ID)[source]¶

Parameters:	h_session (int) – Session handle h_ID –

pycryptoki.backup.ca_close_secure_token_ex(h_session, h_ID)¶

Executes ca_close_secure_token(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.backup.ca_extract(h_session, mechanism)[source]¶

Parameters:	h_session (int) – Session handle mechanism – See the `parse_mechanism()` function for possible values.

pycryptoki.backup.ca_extract_ex(h_session, mechanism)¶

Executes ca_extract(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.backup.ca_insert(h_session, mechanism)[source]¶

Parameters:	h_session (int) – Session handle mechanism – See the `parse_mechanism()` function for possible values.

pycryptoki.backup.ca_insert_ex(h_session, mechanism)¶

Executes ca_insert(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.backup.ca_sim_extract(h_session, key_handles, authform, auth_secrets=None, subset_size=0, delete_after_extract=False)[source]¶

Extract multiple keys to a wrapped blob. The returned blob can then be written into a file.

Parameters:

h_session (int) – Session handle
key_handles (list[int]) – List of key handles to extract
authform (int) – Type of authentication to use. See pycryptoki.backup.SIM_AUTH for details
auth_secrets (list(str)) – Authorization secrets to use (Length will correspond to the N value in ckdemo)
subset_size (int) – Subset size required for key use (Corresponds to the M value in ckdemo)
delete_after_extract (bool) – If true, will destroy the original keys after they have been extracted.

Returns:

retcode, blob_data tuple.

pycryptoki.backup.ca_sim_extract_ex(h_session, key_handles, authform, auth_secrets=None, subset_size=0, delete_after_extract=False)¶

Executes ca_sim_extract(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.backup.ca_sim_insert(h_session, blob_data, authform, auth_secrets=None)[source]¶

Insert keys into the HSM from blob data that was wrapped off using SIM.

Parameters:	h_session (int) – Session handle blob_data (str) – Read in raw wrapped data. Typically read in from a file. authform (int) – Type of authentication to use. See `pycryptoki.backup.SIM_AUTH` for details auth_secrets (list[str]) – Authorization secrets to use (Length will correspond to the `N` value in ckdemo)
Returns:	retcode, keys tuple, where `keys` is a list of integers.

pycryptoki.backup.ca_sim_insert_ex(h_session, blob_data, authform, auth_secrets=None)¶

Executes ca_sim_insert(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.backup.ca_sim_multisign(h_session, blob_data, data_to_sign, mechanism, authform, auth_secrets=None)[source]¶

Sign data using keys that were extracted to a SIM blob.

Parameters:

h_session (int) – Session handle
blob_data (str) – Read in raw wrapped key data. Typically read in from a file.
data_to_sign – List of bytestring data to sign
mechanism – Mechanism to use with the Sign operation
authform (int) – Type of authentication to use. See pycryptoki.backup.SIM_AUTH for details
auth_secrets (list[str]) – Authorization secrets to use (Length will correspond to the N value in ckdemo)

Returns:

retcode, signature list

pycryptoki.backup.ca_sim_multisign_ex(h_session, blob_data, data_to_sign, mechanism, authform, auth_secrets=None)¶

Executes ca_sim_multisign(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Pycryptoki Helpers ¶

These are various helper modules and functions. They contain constant definitions, C parameter structs, configuration parsing, and default templates.

Contents

Pycryptoki Helpers

lookup_dicts ¶

Module that contains lookup dictionaries for easy logging of error codes and other constants within pycryptoki.

pycryptoki.lookup_dicts.ATTR_NAME_LOOKUP = {0: 'CKA_CLASS', 1: 'CKA_TOKEN', 2: 'CKA_PRIVATE', 3: 'CKA_LABEL', 16: 'CKA_APPLICATION', 17: 'CKA_VALUE', 128: 'CKA_CERTIFICATE_TYPE', 129: 'CKA_ISSUER', 130: 'CKA_SERIAL_NUMBER', 256: 'CKA_KEY_TYPE', 257: 'CKA_SUBJECT', 258: 'CKA_ID', 259: 'CKA_SENSITIVE', 260: 'CKA_ENCRYPT', 261: 'CKA_DECRYPT', 262: 'CKA_WRAP', 263: 'CKA_UNWRAP', 264: 'CKA_SIGN', 265: 'CKA_SIGN_RECOVER', 266: 'CKA_VERIFY', 267: 'CKA_VERIFY_RECOVER', 268: 'CKA_DERIVE', 272: 'CKA_START_DATE', 273: 'CKA_END_DATE', 288: 'CKA_MODULUS', 289: 'CKA_MODULUS_BITS', 290: 'CKA_PUBLIC_EXPONENT', 291: 'CKA_PRIVATE_EXPONENT', 292: 'CKA_PRIME_1', 293: 'CKA_PRIME_2', 294: 'CKA_EXPONENT_1', 295: 'CKA_EXPONENT_2', 296: 'CKA_COEFFICIENT', 304: 'CKA_PRIME', 305: 'CKA_SUBPRIME', 306: 'CKA_BASE', 307: 'CKA_PRIME_BITS', 308: 'CKA_SUBPRIME_BITS', 352: 'CKA_VALUE_BITS', 353: 'CKA_VALUE_LEN', 354: 'CKA_EXTRACTABLE', 355: 'CKA_LOCAL', 356: 'CKA_NEVER_EXTRACTABLE', 357: 'CKA_ALWAYS_SENSITIVE', 368: 'CKA_MODIFIABLE', 384: 'CKA_EC_PARAMS', 385: 'CKA_EC_POINT', 1073742354: 'CKA_UNWRAP_TEMPLATE', 1073742355: 'CKA_DERIVE_TEMPLATE', 2147483649: 'CKA_CCM_PRIVATE', 2147483650: 'CKA_FINGERPRINT_SHA1', 2147483653: 'CKA_OUID', 2147483654: 'CKA_X9_31_GENERATED', 2147483656: 'CKA_EKM_UID', 2147483905: 'CKA_USAGE_COUNT', 2147483909: 'CKA_BYTES_REMAINING', 2147484160: 'CKA_USAGE_LIMIT', 2147487744: 'CKA_GENERIC_1', 2147487745: 'CKA_GENERIC_2', 2147487746: 'CKA_GENERIC_3', 2147487747: 'CKA_FINGERPRINT_SHA256', 2147487749: 'CKA_AUTH_DATA', 2147487750: 'CKA_ASSIGNED', 2147487751: 'CKA_KEY_STATUS', 2147487752: 'CKA_FAILED_KEY_AUTH_COUNT'}¶

pycryptoki.lookup_dicts.ret_vals_dictionary = {0: 'CKR_OK', 1: 'CKR_CANCEL', 2: 'CKR_HOST_MEMORY', 3: 'CKR_SLOT_ID_INVALID', 5: 'CKR_GENERAL_ERROR', 6: 'CKR_FUNCTION_FAILED', 7: 'CKR_ARGUMENTS_BAD', 8: 'CKR_NO_EVENT', 9: 'CKR_NEED_TO_CREATE_THREADS', 10: 'CKR_CANT_LOCK', 16: 'CKR_ATTRIBUTE_READ_ONLY', 17: 'CKR_ATTRIBUTE_SENSITIVE', 18: 'CKR_ATTRIBUTE_TYPE_INVALID', 19: 'CKR_ATTRIBUTE_VALUE_INVALID', 32: 'CKR_DATA_INVALID', 33: 'CKR_DATA_LEN_RANGE', 48: 'CKR_DEVICE_ERROR', 49: 'CKR_DEVICE_MEMORY', 50: 'CKR_DEVICE_REMOVED', 64: 'CKR_ENCRYPTED_DATA_INVALID', 65: 'CKR_ENCRYPTED_DATA_LEN_RANGE', 80: 'CKR_FUNCTION_CANCELED', 81: 'CKR_FUNCTION_NOT_PARALLEL', 82: 'CKR_FUNCTION_PARALLEL', 84: 'CKR_FUNCTION_NOT_SUPPORTED', 96: 'CKR_KEY_HANDLE_INVALID', 98: 'CKR_KEY_SIZE_RANGE', 99: 'CKR_KEY_TYPE_INCONSISTENT', 100: 'CKR_KEY_NOT_NEEDED', 101: 'CKR_KEY_CHANGED', 102: 'CKR_KEY_NEEDED', 103: 'CKR_KEY_INDIGESTIBLE', 104: 'CKR_KEY_FUNCTION_NOT_PERMITTED', 105: 'CKR_KEY_NOT_WRAPPABLE', 106: 'CKR_KEY_UNEXTRACTABLE', 112: 'CKR_MECHANISM_INVALID', 113: 'CKR_MECHANISM_PARAM_INVALID', 130: 'CKR_OBJECT_HANDLE_INVALID', 144: 'CKR_OPERATION_ACTIVE', 145: 'CKR_OPERATION_NOT_INITIALIZED', 160: 'CKR_PIN_INCORRECT', 161: 'CKR_PIN_INVALID', 162: 'CKR_PIN_LEN_RANGE', 163: 'CKR_PIN_EXPIRED', 164: 'CKR_PIN_LOCKED', 176: 'CKR_SESSION_CLOSED', 177: 'CKR_SESSION_COUNT', 178: 'CKR_SESSION_EXCLUSIVE_EXISTS', 179: 'CKR_SESSION_HANDLE_INVALID', 180: 'CKR_SESSION_PARALLEL_NOT_SUPPORTED', 181: 'CKR_SESSION_READ_ONLY', 182: 'CKR_SESSION_EXISTS', 183: 'CKR_SESSION_READ_ONLY_EXISTS', 184: 'CKR_SESSION_READ_WRITE_SO_EXISTS', 192: 'CKR_SIGNATURE_INVALID', 193: 'CKR_SIGNATURE_LEN_RANGE', 208: 'CKR_TEMPLATE_INCOMPLETE', 209: 'CKR_TEMPLATE_INCONSISTENT', 224: 'CKR_TOKEN_NOT_PRESENT', 225: 'CKR_TOKEN_NOT_RECOGNIZED', 226: 'CKR_TOKEN_WRITE_PROTECTED', 240: 'CKR_UNWRAPPING_KEY_HANDLE_INVALID', 241: 'CKR_UNWRAPPING_KEY_SIZE_RANGE', 242: 'CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT', 256: 'CKR_USER_ALREADY_LOGGED_IN', 257: 'CKR_USER_NOT_LOGGED_IN', 258: 'CKR_USER_PIN_NOT_INITIALIZED', 259: 'CKR_USER_TYPE_INVALID', 260: 'CKR_USER_ANOTHER_ALREADY_LOGGED_IN', 261: 'CKR_USER_TOO_MANY_TYPES', 272: 'CKR_WRAPPED_KEY_INVALID', 274: 'CKR_WRAPPED_KEY_LEN_RANGE', 275: 'CKR_WRAPPING_KEY_HANDLE_INVALID', 276: 'CKR_WRAPPING_KEY_SIZE_RANGE', 277: 'CKR_WRAPPING_KEY_TYPE_INCONSISTENT', 288: 'CKR_RANDOM_SEED_NOT_SUPPORTED', 289: 'CKR_RANDOM_NO_RNG', 304: 'CKR_DOMAIN_PARAMS_INVALID', 321: 'CKR_INSERTION_CALLBACK_NOT_SUPPORTED', 336: 'CKR_BUFFER_TOO_SMALL', 352: 'CKR_SAVED_STATE_INVALID', 368: 'CKR_INFORMATION_SENSITIVE', 384: 'CKR_STATE_UNSAVEABLE', 400: 'CKR_CRYPTOKI_NOT_INITIALIZED', 401: 'CKR_CRYPTOKI_ALREADY_INITIALIZED', 416: 'CKR_MUTEX_BAD', 417: 'CKR_MUTEX_NOT_LOCKED', 432: 'CKR_NEW_PIN_MODE', 433: 'CKR_NEXT_OTP', 512: 'CKR_FUNCTION_REJECTED', 2147483648: 'CKR_VENDOR_DEFINED', 2147483652: 'CKR_RC_ERROR', 2147483653: 'CKR_CONTAINER_HANDLE_INVALID', 2147483654: 'CKR_TOO_MANY_CONTAINERS', 2147483655: 'CKR_USER_LOCKED_OUT', 2147483656: 'CKR_CLONING_PARAMETER_ALREADY_EXISTS', 2147483657: 'CKR_CLONING_PARAMETER_MISSING', 2147483658: 'CKR_CERTIFICATE_DATA_MISSING', 2147483659: 'CKR_CERTIFICATE_DATA_INVALID', 2147483660: 'CKR_ACCEL_DEVICE_ERROR', 2147483661: 'CKR_WRAPPING_ERROR', 2147483662: 'CKR_UNWRAPPING_ERROR', 2147483663: 'CKR_MAC_MISSING', 2147483664: 'CKR_DAC_POLICY_PID_MISMATCH', 2147483665: 'CKR_DAC_MISSING', 2147483666: 'CKR_BAD_DAC', 2147483667: 'CKR_SSK_MISSING', 2147483668: 'CKR_BAD_MAC', 2147483669: 'CKR_DAK_MISSING', 2147483670: 'CKR_BAD_DAK', 2147483671: 'CKR_SIM_AUTHORIZATION_FAILED', 2147483672: 'CKR_SIM_VERSION_UNSUPPORTED', 2147483673: 'CKR_SIM_CORRUPT_DATA', 2147483674: 'CKR_USER_NOT_AUTHORIZED', 2147483675: 'CKR_MAX_OBJECT_COUNT_EXCEEDED', 2147483676: 'CKR_SO_LOGIN_FAILURE_THRESHOLD', 2147483677: 'CKR_SIM_AUTHFORM_INVALID', 2147483678: 'CKR_CITS_DAK_MISSING', 2147483679: 'CKR_UNABLE_TO_CONNECT', 2147483680: 'CKR_PARTITION_DISABLED', 2147483681: 'CKR_CALLBACK_ERROR', 2147483682: 'CKR_SECURITY_PARAMETER_MISSING', 2147483683: 'CKR_SP_TIMEOUT', 2147483684: 'CKR_TIMEOUT', 2147483685: 'CKR_ECC_UNKNOWN_CURVE', 2147483686: 'CKR_MTK_ZEROIZED', 2147483687: 'CKR_MTK_STATE_INVALID', 2147483688: 'CKR_INVALID_ENTRY_TYPE', 2147483689: 'CKR_MTK_SPLIT_INVALID', 2147483690: 'CKR_HSM_STORAGE_FULL', 2147483691: 'CKR_DEVICE_TIMEOUT', 2147483692: 'CKR_CONTAINER_OBJECT_STORAGE_FULL', 2147483693: 'CKR_PED_CLIENT_NOT_RUNNING', 2147483694: 'CKR_PED_UNPLUGGED', 2147483695: 'CKR_ECC_POINT_INVALID', 2147483696: 'CKR_OPERATION_NOT_ALLOWED', 2147483697: 'CKR_LICENSE_CAPACITY_EXCEEDED', 2147483698: 'CKR_LOG_FILE_NOT_OPEN', 2147483699: 'CKR_LOG_FILE_WRITE_ERROR', 2147483700: 'CKR_LOG_BAD_FILE_NAME', 2147483701: 'CKR_LOG_FULL', 2147483702: 'CKR_LOG_NO_KCV', 2147483703: 'CKR_LOG_BAD_RECORD_HMAC', 2147483704: 'CKR_LOG_BAD_TIME', 2147483705: 'CKR_LOG_AUDIT_NOT_INITIALIZED', 2147483706: 'CKR_LOG_RESYNC_NEEDED', 2147483707: 'CKR_AUDIT_LOGIN_TIMEOUT_IN_PROGRESS', 2147483708: 'CKR_AUDIT_LOGIN_FAILURE_THRESHOLD', 2147483709: 'CKR_INVALID_FUF_TARGET', 2147483710: 'CKR_INVALID_FUF_HEADER', 2147483711: 'CKR_INVALID_FUF_VERSION', 2147483712: 'CKR_ECC_ECC_RESULT_AT_INF', 2147483713: 'CKR_AGAIN', 2147483714: 'CKR_TOKEN_COPIED', 2147483715: 'CKR_SLOT_NOT_EMPTY', 2147483716: 'CKR_USER_ALREADY_ACTIVATED', 2147483717: 'CKR_STC_NO_CONTEXT', 2147483718: 'CKR_STC_CLIENT_IDENTITY_NOT_CONFIGURED', 2147483719: 'CKR_STC_PARTITION_IDENTITY_NOT_CONFIGURED', 2147483720: 'CKR_STC_DH_KEYGEN_ERROR', 2147483721: 'CKR_STC_CIPHER_SUITE_REJECTED', 2147483722: 'CKR_STC_DH_KEY_NOT_FROM_SAME_GROUP', 2147483723: 'CKR_STC_COMPUTE_DH_KEY_ERROR', 2147483724: 'CKR_STC_FIRST_PHASE_KDF_ERROR', 2147483725: 'CKR_STC_SECOND_PHASE_KDF_ERROR', 2147483726: 'CKR_STC_KEY_CONFIRMATION_FAILED', 2147483727: 'CKR_STC_NO_SESSION_KEY', 2147483728: 'CKR_STC_RESPONSE_BAD_MAC', 2147483729: 'CKR_STC_NOT_ENABLED', 2147483730: 'CKR_STC_CLIENT_HANDLE_INVALID', 2147483731: 'CKR_STC_SESSION_INVALID', 2147483732: 'CKR_STC_CONTAINER_INVALID', 2147483733: 'CKR_STC_SEQUENCE_NUM_INVALID', 2147483734: 'CKR_STC_NO_CHANNEL', 2147483735: 'CKR_STC_RESPONSE_DECRYPT_ERROR', 2147483736: 'CKR_STC_RESPONSE_REPLAYED', 2147483737: 'CKR_STC_REKEY_CHANNEL_MISMATCH', 2147483738: 'CKR_STC_RSA_ENCRYPT_ERROR', 2147483739: 'CKR_STC_RSA_SIGN_ERROR', 2147483740: 'CKR_STC_RSA_DECRYPT_ERROR', 2147483741: 'CKR_STC_RESPONSE_UNEXPECTED_KEY', 2147483742: 'CKR_STC_UNEXPECTED_NONCE_PAYLOAD_SIZE', 2147483743: 'CKR_STC_UNEXPECTED_DH_DATA_SIZE', 2147483744: 'CKR_STC_OPEN_CIPHER_MISMATCH', 2147483745: 'CKR_STC_OPEN_DHNIST_PUBKEY_ERROR', 2147483746: 'CKR_STC_OPEN_KEY_MATERIAL_GEN_FAIL', 2147483747: 'CKR_STC_OPEN_RESP_GEN_FAIL', 2147483748: 'CKR_STC_ACTIVATE_MACTAG_U_VERIFY_FAIL', 2147483749: 'CKR_STC_ACTIVATE_MACTAG_V_GEN_FAIL', 2147483750: 'CKR_STC_ACTIVATE_RESP_GEN_FAIL', 2147483751: 'CKR_CHALLENGE_INCORRECT', 2147483752: 'CKR_ACCESS_ID_INVALID', 2147483753: 'CKR_ACCESS_ID_ALREADY_EXISTS', 2147483759: 'CKR_OBJECT_ALREADY_EXISTS', 2147483764: 'CKR_KEK_RETRY_FAILURE', 2147483765: 'CKR_RNG_RESEED_TOO_EARLY', 2147483775: 'CKR_INVALID_UTILIZATION_METRICS', 2147483791: 'CKR_ASSIGNED_KEY_REQUIRES_AUTH_DATA', 2147483792: 'CKR_ROLE_CANNOT_MAKE_KEYS_ASSIGNED', 2147483793: 'CKR_ASSIGNED_KEY_CANNOT_BE_MODIFIED', 2147483794: 'CKR_AUTH_DATA_TOO_LARGE', 2147483795: 'CKR_AUTH_DATA_TOO_SMALL', 2147483796: 'CKR_OH_AUTH_DATA_NOT_PROVIDED', 2147483797: 'CKR_ASSIGNED_KEY_FAILED_ATTRIBUTE_DEPENDENCIES', 2147483798: 'CKR_KEY_CANNOT_BE_AUTHORIZED', 2147483799: 'CKR_KEY_NOT_AUTHORIZED', 2147483800: 'CKR_AUTH_DATA_INCORRECT', 2147483801: 'CKR_SMK_ID_NOT_FOUND', 2147483802: 'CKR_INTERNAL_INTEGRITY_ERROR', 2147483803: 'CKR_ASSIGNED_KEY_CANNOT_BE_RESET', 2147483804: 'CKR_AUTH_DATA_INCORRECT_AND_LIMIT_REACHED', 2147483924: 'CKR_OBJECT_READ_ONLY', 2147483958: 'CKR_KEY_NOT_ACTIVE'}¶

default_templates ¶

File containing a number of templates taken from CKDemo and manually converted into python format. See the attributes.py file for methods to convert them into the proper C format.

pycryptoki.default_templates.CERTIFICATE_TEMPLATE = {0: 1, 1: True, 3: b'Created certificate object', 17: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1], 128: 0, 257: b''}¶: The simple data object template taken from CKDemo when you select the Create Object option and choose data

pycryptoki.default_templates.CKM_DH_PKCS_PARAMETER_GEN_TEMP = {1: True, 2: True, 3: b'SH PKCS Parameter Key', 259: True, 307: 512}¶: The simple certificate object taken from CKDemo when you select the Create Object option and choose certificate

pycryptoki.default_templates.CKM_SSL3_PRE_MASTER_KEY_GEN_TEMP = {1: True, 3: b'SSL3 Pre Master Key', 260: 4097, 268: True}¶: Curve dictionary for ECDSA with oids as lists, taken from Components/tools/common/CommonData.cpp

pycryptoki.default_templates.KEY_PAIR_GENERATOR_TEMPLATES = {0: ({1: True, 2: True, 368: True, 260: True, 266: True, 262: True, 289: 1024, 290: 3, 3: b'RSA Public Key'}, {1: True, 2: True, 259: True, 368: True, 354: True, 261: True, 264: True, 263: True, 3: b'RSA Private Key'}), 10: ({1: True, 2: True, 368: True, 260: True, 266: True, 262: True, 289: 1024, 290: 3, 3: b'RSA Public Key'}, {1: True, 2: True, 259: True, 368: True, 354: True, 261: True, 264: True, 263: True, 3: b'RSA Private Key'}), 16: ({1: True, 2: True, 260: True, 266: True, 262: True, 304: [160, 56, 62, 230, 146, 248, 245, 186, 221, 249, 49, 123, 22, 237, 210, 132, 163, 99, 25, 176, 83, 247, 58, 212, 49, 174, 75, 93, 178, 198, 99, 11, 90, 191, 232, 197, 203, 157, 35, 6, 80, 220, 114, 238, 251, 230, 242, 97, 219, 47, 67, 230, 131, 129, 88, 140, 253, 74, 116, 81, 187, 187, 48, 197, 149, 33, 215, 142, 167, 109, 192, 112, 207, 129, 120, 51, 25, 159, 247, 21, 203, 209, 18, 162, 88, 80, 105, 53, 68, 102, 46, 18, 187, 39, 147, 168, 20, 132, 119, 100, 172, 39, 124, 92, 240, 107, 62, 4, 74, 69, 145, 62, 221, 97, 146, 41, 221, 215, 40, 147, 20, 208, 11, 182, 167, 218, 241, 126, 184, 99, 243, 29, 194, 44, 204, 5, 246, 20, 193, 187, 12, 234, 76, 69, 79, 198, 160, 41, 192, 210, 86, 141, 28, 94, 239, 127, 124, 65, 241, 182, 89, 206, 217, 36, 221, 14, 171, 199, 201, 188, 58, 85, 144, 212, 3, 18, 227, 236, 19, 162, 202, 161, 128, 237, 107, 12, 125, 84, 209, 99, 202, 31, 50, 205, 137, 39, 160, 253, 57, 78, 81, 222, 242, 163, 30, 131, 252, 83, 115, 190, 248, 210, 95, 101, 50, 239, 81, 95, 134, 123, 11, 49, 115, 143, 242, 127, 172, 173, 13, 251, 64, 231, 107, 104, 58, 59, 17, 201, 159, 89, 200, 164, 152, 186, 43, 136, 8, 112, 15, 32, 21, 20, 92, 119, 219, 164, 32, 197, 240, 219, 149, 172, 136, 3, 106, 64, 144, 74, 83, 179, 128, 170, 12, 117, 128, 90, 13, 253, 173, 76, 190, 170, 72, 145, 171, 216, 77, 36, 187, 100, 77, 150, 197, 159, 51, 158, 1, 107, 180, 50, 31, 244, 238, 51, 228, 3, 206, 160, 222, 158, 217, 89, 204, 108, 27, 186, 44, 125, 199, 68, 222, 122, 34, 95, 101, 251, 10, 120, 238, 87, 186, 125, 42, 146, 242, 71, 80, 218, 166, 140, 138, 106, 131, 6, 195, 92, 73, 13, 45, 47, 88, 146, 190, 18, 65, 134, 10, 213, 69, 59, 27, 227, 43, 14, 199, 41, 152, 62, 60, 151, 211, 40, 115, 252, 130, 199, 180, 244, 107, 253, 165, 20, 158, 143], 305: [243, 150, 82, 208, 14, 247, 150, 45, 174, 125, 138, 19, 168, 9, 168, 20, 197, 228, 249, 186, 142, 109, 234, 61, 24, 243, 81, 72, 4, 252, 225, 55], 306: [7, 31, 148, 151, 248, 88, 133, 94, 166, 31, 168, 5, 151, 52, 192, 18, 42, 201, 28, 185, 248, 29, 253, 143, 166, 236, 192, 131, 246, 12, 179, 14, 168, 11, 21, 86, 229, 195, 144, 208, 6, 115, 36, 104, 40, 212, 188, 237, 161, 132, 137, 21, 171, 134, 255, 36, 86, 142, 64, 2, 3, 153, 189, 185, 246, 117, 18, 89, 81, 173, 30, 87, 29, 212, 242, 35, 70, 20, 137, 171, 101, 69, 4, 64, 226, 43, 1, 184, 245, 155, 155, 56, 105, 47, 18, 11, 152, 52, 221, 40, 235, 159, 240, 138, 252, 68, 152, 225, 114, 235, 61, 84, 178, 138, 142, 177, 0, 171, 80, 165, 102, 123, 154, 158, 138, 173, 63, 104, 241, 222, 177, 4, 96, 74, 61, 46, 15, 37, 10, 156, 24, 139, 116, 97, 236, 215, 222, 198, 86, 181, 119, 232, 70, 126, 70, 78, 17, 172, 73, 68, 151, 136, 101, 205, 245, 99, 170, 182, 162, 230, 138, 41, 83, 149, 43, 10, 104, 232, 129, 72, 110, 118, 52, 212, 145, 141, 249, 112, 167, 206, 13, 96, 138, 146, 112, 142, 73, 82, 18, 253, 75, 38, 121, 13, 92, 7, 221, 90, 181, 90, 232, 32, 155, 99, 25, 5, 85, 192, 67, 183, 128, 47, 174, 120, 121, 126, 79, 99, 241, 203, 24, 9, 175, 74, 252, 96, 178, 180, 175, 120, 186, 179, 173, 156, 204, 57, 16, 8, 150, 67, 142, 103, 145, 174, 236, 144, 232, 153, 249, 118, 89, 69, 79, 76, 117, 150, 51, 176, 216, 87, 181, 5, 18, 69, 21, 199, 94, 58, 100, 144, 231, 22, 140, 115, 250, 21, 104, 232, 201, 4, 176, 66, 73, 250, 49, 168, 60, 109, 131, 138, 247, 212, 45, 72, 113, 9, 137, 249, 251, 201, 195, 123, 44, 135, 145, 87, 201, 233, 129, 142, 164, 221, 183, 122, 31, 188, 102, 62, 216, 45, 232, 56, 195, 171, 59, 130, 197, 125, 208, 255, 191, 164, 149, 230, 234, 211, 62, 68, 5, 208, 88, 233, 179, 123, 58, 113, 206, 189, 228, 47, 77, 51, 70, 180, 197, 249, 214, 73, 139, 115, 188, 27, 159, 13, 61, 12, 73, 41, 66, 153, 112, 233, 197, 235], 3: b'DSA 3072_256 Public Key'}, {1: True, 2: True, 259: True, 261: True, 264: True, 263: True, 354: True, 3: b'DSA Public Key'}), 32: ({1: True, 2: True, 268: True, 304: [244, 136, 253, 88, 78, 73, 219, 205, 32, 180, 157, 228, 145, 7, 54, 107, 51, 108, 56, 13, 69, 29, 15, 124, 136, 179, 28, 124, 91, 45, 142, 246, 243, 201, 35, 192, 67, 240, 165, 91, 24, 141, 142, 187, 85, 140, 184, 93, 56, 211, 52, 253, 124, 23, 87, 67, 163, 29, 24, 108, 222, 51, 33, 44, 181, 42, 255, 60, 225, 177, 41, 64, 24, 17, 141, 124, 132, 167, 10, 114, 214, 134, 196, 3, 25, 200, 7, 41, 122, 202, 149, 12, 217, 150, 159, 171, 208, 10, 80, 155, 2, 70, 211, 8, 61, 102, 164, 93, 65, 159, 156, 124, 189, 137, 75, 34, 25, 38, 186, 171, 162, 94, 195, 85, 233, 47, 120, 199], 306: [2], 3: b'DH Public Key'}, {352: 1024, 1: True, 2: True, 259: True, 268: True, 354: True, 3: b'DH Private Key'}), 4160: ({1: True, 2: True, 260: True, 266: True, 268: True, 384: [6, 5, 43, 129, 4, 0, 6], 3: b'ECDSA Public Key'}, {1: True, 2: True, 259: True, 261: True, 264: True, 268: True, 354: True, 3: b'ECDSA Private Key'}), 2147483905: ({1: True, 2: True, 260: True, 266: True, 262: True, 304: [236, 254, 163, 63, 162, 39, 195, 177, 167, 223, 215, 241, 187, 72, 124, 212, 38, 171, 10, 43, 43, 58, 241, 143, 239, 157, 97, 205, 79, 123, 187, 141, 125, 141, 76, 132, 19, 122, 175, 229, 181, 186, 157, 228, 210, 181, 139, 0, 57, 188, 102, 156, 124, 61, 152, 126, 10, 116, 27, 6, 207, 151, 181, 62, 203, 30, 29, 34, 81, 230, 212, 226, 114, 167, 114, 211, 76, 63, 252, 212, 213, 124, 63, 68, 162, 27, 252, 151, 173, 52, 178, 143, 211, 207, 119, 137, 122, 206, 100, 198, 146, 170, 105, 19, 237, 34, 162, 59, 69, 25, 152, 136, 41, 5, 124, 210, 51, 175, 161, 247, 171, 102, 64, 202, 5, 126, 22, 153, 122, 146, 170, 94, 7, 192, 199, 60, 130, 180, 150, 2, 35, 102, 153, 151, 163, 64, 241, 54, 155, 51, 199, 190, 233, 172, 206, 133, 248, 189, 106, 38, 15, 121, 231, 158, 238, 238, 214, 130, 200, 125, 75, 231, 76, 47, 68, 154, 27, 104, 63, 186, 228, 253, 25, 202, 208, 151, 211, 113, 18, 140, 134, 190, 147, 132, 183, 53, 42, 209, 58, 154, 39, 143, 54, 79, 8, 158, 56, 223, 37, 232, 74, 112, 77, 228, 251, 22, 64, 165, 25, 252, 98, 145, 118, 29, 171, 17, 226, 247, 128, 231, 26, 98, 46, 154, 191, 133, 254, 25, 74, 69, 121, 59, 250, 179, 161, 233, 138, 29, 253, 87, 181, 199, 9, 121, 184, 27], 305: [229, 125, 72, 212, 68, 61, 96, 178, 111, 72, 130, 61, 29, 234, 206, 242, 180, 74, 108, 71, 91, 18, 67, 71, 180, 129, 71, 248, 162, 253, 51, 211], 306: [104, 144, 234, 111, 90, 86, 79, 210, 161, 254, 7, 215, 188, 165, 171, 128, 249, 90, 95, 71, 233, 127, 252, 154, 234, 103, 19, 248, 173, 54, 225, 252, 2, 66, 23, 205, 249, 190, 92, 233, 166, 205, 219, 107, 92, 30, 126, 34, 14, 213, 127, 43, 12, 155, 247, 226, 213, 35, 193, 69, 11, 70, 126, 100, 128, 201, 111, 155, 32, 118, 208, 63, 174, 140, 77, 153, 62, 156, 230, 107, 201, 184, 57, 165, 88, 21, 108, 105, 121, 42, 250, 52, 118, 23, 100, 106, 42, 41, 77, 206, 228, 7, 120, 163, 203, 147, 122, 120, 42, 81, 145, 189, 66, 151, 59, 7, 49, 202, 79, 98, 42, 99, 224, 105, 69, 49, 200, 117, 62, 58, 176, 232, 141, 220, 134, 28, 117, 28, 37, 46, 116, 24, 137, 179, 62, 57, 14, 28, 165, 196, 117, 31, 49, 30, 25, 97, 91, 190, 167, 24, 155, 4, 242, 41, 200, 231, 64, 132, 57, 210, 40, 165, 48, 91, 34, 120, 51, 171, 168, 48, 152, 28, 51, 236, 254, 231, 144, 140, 109, 57, 84, 66, 155, 239, 48, 222, 161, 21, 254, 230, 208, 63, 19, 240, 160, 46, 178, 25, 228, 185, 176, 186, 172, 50, 194, 36, 11, 42, 71, 23, 218, 124, 17, 108, 226, 9, 36, 113, 48, 172, 20, 12, 211, 171, 220, 231, 120, 164, 39, 39, 243, 44, 250, 253, 174, 158, 81, 104, 71, 178, 108, 228, 203, 183, 102, 3], 3: b'KCDSA Public Key'}, {1: True, 2: True, 259: True, 261: True, 264: True, 263: True, 354: True, 3: b'KCDSA Private Key'}), 2147483970: ({1: True, 2: True, 368: True, 260: True, 266: True, 262: True, 289: 1024, 290: 3, 3: b'RSA Public Key'}, {1: True, 2: True, 259: True, 368: True, 354: True, 261: True, 264: True, 263: True, 3: b'RSA Private Key'}), 2147483971: ({1: True, 2: True, 368: True, 260: True, 266: True, 262: True, 289: 1024, 290: 3, 3: b'RSA Public Key'}, {1: True, 2: True, 259: True, 368: True, 354: True, 261: True, 264: True, 263: True, 3: b'RSA Private Key'})}¶: This list is not complete

pycryptoki.default_templates.get_default_key_pair_template(mechanism)[source]¶

Gets the default template for the given key pair gen mechanism, returns a deep copy

Parameters:	mechanism –

pycryptoki.default_templates.get_default_key_template(mechanism)[source]¶

Gets a default template for the given key gen mechanism, returns a deep copy

Parameters:	mechanism –

defaults ¶

A file containing commonly used strings or other data similar to a config file

Extensions to the PKCS11 API ¶

Thales-specific Extensions to the PKCS11 API.

Contents

Extensions to the PKCS11 API

Derive Key And Wrap ¶

derive and wrap extended method

pycryptoki.ca_extensions.derive_wrap.ca_derive_key_and_wrap(h_session, derive_mechanism, h_base_key, derive_template, wrapping_key, wrap_mechanism, output_buffer=2048)[source]¶

Derive a key from the base key and wrap it off the HSM using the wrapping key

Parameters:	h_session (int) – The session to use h_base_key (int) – The base key derive_template (dict) – A python template of attributes to set on derived key derive_mechanism – See the `parse_mechanism()` function for possible values. wrapping_key (int) – The wrapping key based on the encryption flavor wrap_mechanism – See the `parse_mechanism()` function for possible values. output_buffer – The size of the wrapped key, defaulted to a cert size
Returns:	(Retcode, python bytestring representing wrapped key)
Return type:	tuple

pycryptoki.ca_extensions.derive_wrap.ca_derive_key_and_wrap_ex(h_session, derive_mechanism, h_base_key, derive_template, wrapping_key, wrap_mechanism, output_buffer=2048)¶

Executes ca_derive_key_and_wrap(), and checks the retcode; raising an exception if the return code is not CKR_OK.

HSM Info ¶

Methods responsible for retrieving hsm info from the K7 card

pycryptoki.ca_extensions.hsm_info.ca_retrieve_license_list(slot)[source]¶

Gets the license info for a given slot id

Parameters:	slot_id (int) – Slot index to get the license id’s
Returns:	(A python list representing the license id’s)
Return type:	list

pycryptoki.ca_extensions.hsm_info.ca_retrieve_license_list_ex(slot)¶

Executes ca_retrieve_license_list(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.ca_extensions.hsm_info.ca_retrieve_allowed_containers(slot)[source]¶

Gets the maximum allowed container number for a given slot id

Parameters:	slot_id (int) – Slot index to get the maximum allowed container number
Returns:	(ret code, A unsigned integer representing the maximum allowed container number)
Return type:	unsigned integer

pycryptoki.ca_extensions.hsm_info.ca_retrieve_allowed_containers_ex(slot)¶

Executes ca_retrieve_allowed_containers(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.ca_extensions.hsm_info.ca_retrieve_hsm_storage_info(slot)[source]¶

Gets the hsm storage info for a given slot id

Parameters:	slot_id (int) – Slot index to get the hsm storage info
Returns:	(ret code, hsm_storage_info dictionary)
Return type:	dictionary

pycryptoki.ca_extensions.hsm_info.ca_retrieve_hsm_storage_info_ex(slot)¶

Executes ca_retrieve_hsm_storage_info(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.ca_extensions.hsm_info.ca_get_tsv(slot)[source]¶

Get the TSV(Module State Vector) for a given slot id

Parameters:	slot_id (int) – Slot index to get the TSV(Module State Vector)
Returns:	(ret code, TSV)
Return type:	tuple

pycryptoki.ca_extensions.hsm_info.ca_get_tsv_ex(slot)¶

Executes ca_get_tsv(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.ca_extensions.hsm_info.ca_get_cv_firmware_version(slot_id)[source]¶

Cryptovisor specific ca extension function to get cv fw version

Parameters:	slot_id – slot id
Returns:	tuple of return code and cv fw version

pycryptoki.ca_extensions.hsm_info.ca_get_cv_firmware_version_ex(slot_id)¶

Executes ca_get_cv_firmware_version(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Object Commands ¶

Module to work with objects, specifically dealing with ca_extension functions

pycryptoki.ca_extensions.object_handler.ca_get_object_handle(slot, session, objectouid)[source]¶

Calls CA_GetObjectHandle to get the object handle from OUID

Parameters:	slot – partition slot number session – session id that was opened to run the function objectouid – OUID, a string of the hex value that maps to object handle
Returns:	a tuple containing the return code and the object handle mapping the given OUID

pycryptoki.ca_extensions.object_handler.ca_get_object_handle_ex(slot, session, objectouid)¶

Executes ca_get_object_handle(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.ca_extensions.object_handler.ca_destroy_multiple_objects(h_session, objects)[source]¶

Delete multiple objects corresponding to given object handles

Parameters:	h_session (int) – Session handle objects (list) – The handles of the objects to delete
Returns:	Return code

pycryptoki.ca_extensions.object_handler.ca_destroy_multiple_objects_ex(h_session, objects)¶

Executes ca_destroy_multiple_objects(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Per Key Authorization ¶

Module to work with PKA / Per key authorization

pycryptoki.ca_extensions.per_key_auth.ca_set_authorization_data(h_session, h_object, old_auth_data, new_auth_data)[source]¶

User changes authorization data on key object (private, secret)

Parameters:	h_session – session handle object – key handle to update old_auth_data – byte list, e.g. [11, 12, 13, ..] new_auth_data – byte list, e.g. [11, 12, 13, ..]
Returns:	Ret code

pycryptoki.ca_extensions.per_key_auth.ca_set_authorization_data_ex(h_session, h_object, old_auth_data, new_auth_data)¶

Executes ca_set_authorization_data(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.ca_extensions.per_key_auth.ca_reset_authorization_data(h_session, h_object, auth_data)[source]¶

CO resets auth data on unassigned key

Parameters:	h_session – session handle object – key handle to update auth_data – byte list, e.g. [11, 12, 13, ..]
Returns:	Ret code

pycryptoki.ca_extensions.per_key_auth.ca_reset_authorization_data_ex(h_session, h_object, auth_data)¶

Executes ca_reset_authorization_data(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.ca_extensions.per_key_auth.ca_increment_failed_auth_count(h_session, h_object)[source]¶: This function is called by HA group when auth failure happens on a key to sync up status. Here its defined mostly for testing purposes :param h_session: session handle :param object: key handle to update :return: Ret code

pycryptoki.ca_extensions.per_key_auth.ca_increment_failed_auth_count_ex(h_session, h_object)¶

Executes ca_increment_failed_auth_count(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.ca_extensions.per_key_auth.ca_authorize_key(h_session, h_object, auth_data)[source]¶

User authorizes key within session or access for use

Parameters:	h_session – session handle object – key handle to authorize auth_data – authorization byte list, e.g. [11, 12, 13, ..]
Returns:	Ret code

pycryptoki.ca_extensions.per_key_auth.ca_authorize_key_ex(h_session, h_object, auth_data)¶

Executes ca_authorize_key(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.ca_extensions.per_key_auth.ca_assign_key(h_session, h_object)[source]¶

Crypto Officer assigns a key

Parameters:	h_session – session handle object – key handle to assign
Returns:	Ret code

pycryptoki.ca_extensions.per_key_auth.ca_assign_key_ex(h_session, h_object)¶

Executes ca_assign_key(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Session Commands ¶

Module to work with sessions, specifically dealing with ca_extension functions

pycryptoki.ca_extensions.session.ca_get_session_info(session)[source]¶

ca extension function that returns session information

Parameters:	session – session handle
Returns:	tuple of return code and session info dict

pycryptoki.ca_extensions.session.ca_get_session_info_ex(session)¶

Executes ca_get_session_info(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.ca_extensions.session.ca_get_application_id()[source]¶

Get the current process’s AccessID.

Returns:	retcode, bytestring tuple.

pycryptoki.ca_extensions.session.ca_get_application_id_ex()¶

Executes ca_get_application_id(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.ca_extensions.session.ca_open_application_id_v2(slot, appid)[source]¶

Open the given AccessID for the target slot.

Parameters:	slot – Slot #. appid – bytestring of length 16.
Returns:	Retcode.

pycryptoki.ca_extensions.session.ca_open_application_id_v2_ex(slot, appid)¶

Executes ca_open_application_id_v2(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.ca_extensions.session.ca_close_application_id_v2(slot, appid)[source]¶

Close the AccessID associated with the given slot.

Parameters:	slot – Slot #. appid – bytestring of length 16.
Returns:	Retcode.

pycryptoki.ca_extensions.session.ca_close_application_id_v2_ex(slot, appid)¶

Executes ca_close_application_id_v2(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.ca_extensions.session.ca_set_application_id_v2(appid)[source]¶

Set the Current process’s AccessID.

Parameters:	appid – bytestring of length 16
Returns:	Retcode

pycryptoki.ca_extensions.session.ca_set_application_id_v2_ex(appid)¶

Executes ca_set_application_id_v2(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Utilization Metrics ¶

Module to work with utilization metrics

pycryptoki.ca_extensions.utilization_metrics.ca_read_utilization_metrics(session)[source]¶

HSM reads utilization data and saves as a snapshot

Parameters:	session – session id that was opened to run the function
Returns:	Ret code

pycryptoki.ca_extensions.utilization_metrics.ca_read_utilization_metrics_ex(session)¶

Executes ca_read_utilization_metrics(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.ca_extensions.utilization_metrics.ca_read_and_reset_utilization_metrics(session)[source]¶

HSM reads current utilization data and saves as a snapshot; HSM resets metrics to zeroes

Parameters:	session – session id that was opened to run the function
Returns:	a dictionary with partition serial numbers as keys, value - dictionary of utilization metrics

pycryptoki.ca_extensions.utilization_metrics.ca_read_and_reset_utilization_metrics_ex(session)¶

Executes ca_read_and_reset_utilization_metrics(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.ca_extensions.utilization_metrics.ca_read_all_utilization_counters(h_session)[source]¶

Read Metrics from previously saved HSM snapshot Call either functions prior to create snapshot: ca_read_utilization_metrics ca_read_and_reset_utilization_metrics

Returns:	a dictionary, where keys are serial numbers

and values are dictionaries of bins and values, example: ‘SIGN’:0

pycryptoki.ca_extensions.utilization_metrics.ca_read_all_utilization_counters_ex(h_session)¶

Executes ca_read_all_utilization_counters(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Python/C Bindings¶

Definitions of PKCS11 types and Function bindings.

pycryptoki.cryptoki.CA_ActivateMofN(*args)¶

Cryptoki DLL call to CA_ActivateMofN.

Parameters:	arg1 – c_ulong arg2 – LP_CA_MOFN_ACTIVATION arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_CapabilityUpdate(*args)¶

Cryptoki DLL call to CA_CapabilityUpdate.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – c_ulong arg5 – LP_c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_CheckOperationState(*args)¶

Cryptoki DLL call to CA_CheckOperationState.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_ChoosePrimarySlot(*args)¶

Cryptoki DLL call to CA_ChoosePrimarySlot.

Parameters:	arg1 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_ChooseSecondarySlot(*args)¶

Cryptoki DLL call to CA_ChooseSecondarySlot.

Parameters:	arg1 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_CloneAllObjectsToSession(*args)¶

Cryptoki DLL call to CA_CloneAllObjectsToSession.

Parameters:	arg1 – c_ulong arg2 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_CloneAsSource(*args)¶

Cryptoki DLL call to CA_CloneAsSource.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – LP_c_ubyte arg5 – c_ulong arg6 – c_ubyte arg7 – LP_c_ubyte arg8 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_CloneAsTarget(*args)¶

Cryptoki DLL call to CA_CloneAsTarget.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_c_ubyte arg5 – c_ulong arg6 – c_ulong arg7 – c_ulong arg8 – c_ubyte arg9 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_CloneAsTargetInit(*args)¶

Cryptoki DLL call to CA_CloneAsTargetInit.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_c_ubyte arg5 – c_ulong arg6 – c_ubyte arg7 – LP_c_ubyte arg8 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_CloneModifyMofN(*args)¶

Cryptoki DLL call to CA_CloneModifyMofN.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_void_p
Returns:	c_ulong

pycryptoki.cryptoki.CA_CloneMofN(*args)¶

Cryptoki DLL call to CA_CloneMofN.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_void_p
Returns:	c_ulong

pycryptoki.cryptoki.CA_CloneObject(*args)¶

Cryptoki DLL call to CA_CloneObject.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – c_ulong arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_CloneObjectToAllSessions(*args)¶

Cryptoki DLL call to CA_CloneObjectToAllSessions.

Parameters:	arg1 – c_ulong arg2 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_ClonePrivateKey(*args)¶

Cryptoki DLL call to CA_ClonePrivateKey.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_CloseAllSecondarySessions(*args)¶

Cryptoki DLL call to CA_CloseAllSecondarySessions.

Parameters:	arg1 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_CloseApplicationID(*args)¶

Cryptoki DLL call to CA_CloseApplicationID.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_CloseApplicationIDForContainer(*args)¶

Cryptoki DLL call to CA_CloseApplicationIDForContainer.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_CloseApplicationIDV2(*args)¶

Cryptoki DLL call to CA_CloseApplicationIDV2.

Parameters:	arg1 – c_ulong arg2 – LP_CK_APPLICATION_ID
Returns:	c_ulong

pycryptoki.cryptoki.CA_CloseSecondarySession(*args)¶

Cryptoki DLL call to CA_CloseSecondarySession.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_CloseSecureToken(*args)¶

Cryptoki DLL call to CA_CloseSecureToken.

Parameters:	arg1 – c_ulong arg2 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_ConfigureRemotePED(*args)¶

Cryptoki DLL call to CA_ConfigureRemotePED.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_CreateContainer(*args)¶

Cryptoki DLL call to CA_CreateContainer.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – c_ulong arg5 – LP_c_ubyte arg6 – c_ulong arg7 – c_ulong arg8 – c_ulong arg9 – c_ulong arg10 – c_ulong arg11 – c_ulong arg12 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_CreateContainerLoginChallenge(*args)¶

Cryptoki DLL call to CA_CreateContainerLoginChallenge.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – c_ulong arg5 – LP_c_ubyte arg6 – LP_c_ulong arg7 – LP_c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_CreateContainerWithPolicy(*args)¶

Cryptoki DLL call to CA_CreateContainerWithPolicy.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – c_ulong arg5 – LP_c_ubyte arg6 – c_ulong arg7 – c_ulong arg8 – c_ulong arg9 – c_ulong arg10 – c_ulong arg11 – c_ulong arg12 – LP_c_ulong arg13 – c_ulong arg14 – c_ulong arg15 – LP_c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_CreateLoginChallenge(*args)¶

Cryptoki DLL call to CA_CreateLoginChallenge.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – LP_c_ubyte arg5 – LP_c_ulong arg6 – LP_c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_Deactivate(*args)¶

Cryptoki DLL call to CA_Deactivate.

Parameters:	arg1 – c_ulong arg2 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_DeactivateMofN(*args)¶

Cryptoki DLL call to CA_DeactivateMofN.

Parameters:	arg1 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_DeleteContainer(*args)¶

Cryptoki DLL call to CA_DeleteContainer.

Parameters:	arg1 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_DeleteContainerWithHandle(*args)¶

Cryptoki DLL call to CA_DeleteContainerWithHandle.

Parameters:	arg1 – c_ulong arg2 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_DeleteRemotePEDVector(*args)¶

Cryptoki DLL call to CA_DeleteRemotePEDVector.

Parameters:	arg1 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_DeriveKeyAndWrap(*args)¶

Cryptoki DLL call to CA_DeriveKeyAndWrap.

Parameters:	arg1 – c_ulong arg2 – LP_CK_MECHANISM arg3 – c_ulong arg4 – LP_CK_ATTRIBUTE arg5 – c_ulong arg6 – LP_CK_MECHANISM arg7 – c_ulong arg8 – LP_c_ubyte arg9 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_DestroyMultipleObjects(*args)¶

Cryptoki DLL call to CA_DestroyMultipleObjects.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ulong arg4 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_DisableUnauthTokenInsertion(*args)¶

Cryptoki DLL call to CA_DisableUnauthTokenInsertion.

Parameters:	arg1 – c_ulong arg2 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_DismantleRemotePED(*args)¶

Cryptoki DLL call to CA_DismantleRemotePED.

Parameters:	arg1 – c_ulong arg2 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_DuplicateMofN(*args)¶

Cryptoki DLL call to CA_DuplicateMofN.

Parameters:	arg1 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_EnableUnauthTokenInsertion(*args)¶

Cryptoki DLL call to CA_EnableUnauthTokenInsertion.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_EncodeECChar2Params(*args)¶

Cryptoki DLL call to CA_EncodeECChar2Params.

Parameters:

arg1 – LP_c_ubyte
arg2 – LP_c_ulong
arg3 – c_ulong
arg4 – c_ulong
arg5 – c_ulong
arg6 – c_ulong
arg7 – LP_c_ubyte
arg8 – c_ulong
arg9 – LP_c_ubyte
arg10 – c_ulong
arg11 – LP_c_ubyte
arg12 – c_ulong
arg13 – LP_c_ubyte
arg14 – c_ulong
arg15 – LP_c_ubyte
arg16 – c_ulong
arg17 – LP_c_ubyte
arg18 – c_ulong
arg19 – LP_c_ubyte
arg20 – c_ulong

Returns:

c_ulong

pycryptoki.cryptoki.CA_EncodeECParamsFromFile(*args)¶

Cryptoki DLL call to CA_EncodeECParamsFromFile.

Parameters:	arg1 – LP_c_ubyte arg2 – LP_c_ulong arg3 – LP_c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_EncodeECPrimeParams(*args)¶

Cryptoki DLL call to CA_EncodeECPrimeParams.

Parameters:

arg1 – LP_c_ubyte
arg2 – LP_c_ulong
arg3 – LP_c_ubyte
arg4 – c_ulong
arg5 – LP_c_ubyte
arg6 – c_ulong
arg7 – LP_c_ubyte
arg8 – c_ulong
arg9 – LP_c_ubyte
arg10 – c_ulong
arg11 – LP_c_ubyte
arg12 – c_ulong
arg13 – LP_c_ubyte
arg14 – c_ulong
arg15 – LP_c_ubyte
arg16 – c_ulong
arg17 – LP_c_ubyte
arg18 – c_ulong

Returns:

c_ulong

pycryptoki.cryptoki.CA_Extract(*args)¶

Cryptoki DLL call to CA_Extract.

Parameters:	arg1 – c_ulong arg2 – LP_CK_MECHANISM
Returns:	c_ulong

pycryptoki.cryptoki.CA_ExtractMaskedObject(*args)¶

Cryptoki DLL call to CA_ExtractMaskedObject.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_FactoryReset(*args)¶

Cryptoki DLL call to CA_FactoryReset.

Parameters:	arg1 – c_ulong arg2 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_FindAdminSlotForSlot(*args)¶

Cryptoki DLL call to CA_FindAdminSlotForSlot.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_FirmwareRollback(*args)¶

Cryptoki DLL call to CA_FirmwareRollback.

Parameters:	arg1 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_FirmwareUpdate(*args)¶

Cryptoki DLL call to CA_FirmwareUpdate.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – LP_c_ubyte arg5 – c_ulong arg6 – LP_c_ubyte arg7 – c_ulong arg8 – LP_c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_GenerateCloneableMofN(*args)¶

Cryptoki DLL call to CA_GenerateCloneableMofN.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_CA_MOFN_GENERATION arg4 – c_ulong arg5 – c_ulong arg6 – c_void_p
Returns:	c_ulong

pycryptoki.cryptoki.CA_GenerateCloningKEV(*args)¶

Cryptoki DLL call to CA_GenerateCloningKEV.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GenerateMofN(*args)¶

Cryptoki DLL call to CA_GenerateMofN.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_CA_MOFN_GENERATION arg4 – c_ulong arg5 – c_ulong arg6 – c_void_p
Returns:	c_ulong

pycryptoki.cryptoki.CA_GenerateTokenKeys(*args)¶

Cryptoki DLL call to CA_GenerateTokenKeys.

Parameters:	arg1 – c_ulong arg2 – LP_CK_ATTRIBUTE arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_Get(*args)¶

Cryptoki DLL call to CA_Get.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetApplicationID(*args)¶

Cryptoki DLL call to CA_GetApplicationID.

Parameters:	arg1 – LP_CK_APPLICATION_ID
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetCVFirmwareVersion(*args)¶

Cryptoki DLL call to CA_GetCVFirmwareVersion.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong arg3 – LP_c_ulong arg4 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetClusterState(*args)¶

Cryptoki DLL call to CA_GetClusterState.

Parameters:	arg1 – c_ulong arg2 – LP_CK_CLUSTER_STATE
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetConfigurationElementDescription(*args)¶

Cryptoki DLL call to CA_GetConfigurationElementDescription.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – c_ulong arg5 – LP_c_ulong arg6 – LP_c_ulong arg7 – LP_c_ulong arg8 – LP_c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetContainerCapabilitySet(*args)¶

Cryptoki DLL call to CA_GetContainerCapabilitySet.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ulong arg4 – LP_c_ulong arg5 – LP_c_ulong arg6 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetContainerCapabilitySetting(*args)¶

Cryptoki DLL call to CA_GetContainerCapabilitySetting.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetContainerList(*args)¶

Cryptoki DLL call to CA_GetContainerList.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – LP_c_ulong arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetContainerName(*args)¶

Cryptoki DLL call to CA_GetContainerName.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetContainerPolicySet(*args)¶

Cryptoki DLL call to CA_GetContainerPolicySet.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ulong arg4 – LP_c_ulong arg5 – LP_c_ulong arg6 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetContainerPolicySetting(*args)¶

Cryptoki DLL call to CA_GetContainerPolicySetting.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetContainerStatus(*args)¶

Cryptoki DLL call to CA_GetContainerStatus.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ulong arg4 – LP_c_ulong arg5 – LP_c_ulong arg6 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetContainerStorageInformation(*args)¶

Cryptoki DLL call to CA_GetContainerStorageInformation.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ulong arg4 – LP_c_ulong arg5 – LP_c_ulong arg6 – LP_c_ulong arg7 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetExtendedTPV(*args)¶

Cryptoki DLL call to CA_GetExtendedTPV.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetFPV(*args)¶

Cryptoki DLL call to CA_GetFPV.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetFunctionList(*args)¶

Cryptoki DLL call to CA_GetFunctionList.

Parameters:	arg1 – LP_LP_CK_SFNT_CA_FUNCTION_LIST
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetHAState(*args)¶

Cryptoki DLL call to CA_GetHAState.

Parameters:	arg1 – c_ulong arg2 – LP_CK_HA_STATUS
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetHSMCapabilitySet(*args)¶

Cryptoki DLL call to CA_GetHSMCapabilitySet.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong arg3 – LP_c_ulong arg4 – LP_c_ulong arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetHSMCapabilitySetting(*args)¶

Cryptoki DLL call to CA_GetHSMCapabilitySetting.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetHSMPolicySet(*args)¶

Cryptoki DLL call to CA_GetHSMPolicySet.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong arg3 – LP_c_ulong arg4 – LP_c_ulong arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetHSMPolicySetting(*args)¶

Cryptoki DLL call to CA_GetHSMPolicySetting.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetHSMStats(*args)¶

Cryptoki DLL call to CA_GetHSMStats.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ulong arg4 – LP_HSM_STATS_PARAMS
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetHSMStorageInformation(*args)¶

Cryptoki DLL call to CA_GetHSMStorageInformation.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong arg3 – LP_c_ulong arg4 – LP_c_ulong arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetModuleInfo(*args)¶

Cryptoki DLL call to CA_GetModuleInfo.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_CKCA_MODULE_INFO
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetModuleList(*args)¶

Cryptoki DLL call to CA_GetModuleList.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong arg3 – c_ulong arg4 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetMofNStatus(*args)¶

Cryptoki DLL call to CA_GetMofNStatus.

Parameters:	arg1 – c_ulong arg2 – LP_CA_M_OF_N_STATUS
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetNumberOfAllowedContainers(*args)¶

Cryptoki DLL call to CA_GetNumberOfAllowedContainers.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetObjectHandle(*args)¶

Cryptoki DLL call to CA_GetObjectHandle.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – LP_c_ulong arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetObjectUID(*args)¶

Cryptoki DLL call to CA_GetObjectUID.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – c_ulong arg5 – LP_c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetPartitionPolicyTemplate(*args)¶

Cryptoki DLL call to CA_GetPartitionPolicyTemplate.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong arg3 – LP_c_ulong arg4 – LP_c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetPedId(*args)¶

Cryptoki DLL call to CA_GetPedId.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetPrimarySlot(*args)¶

Cryptoki DLL call to CA_GetPrimarySlot.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetRemotePEDVectorStatus(*args)¶

Cryptoki DLL call to CA_GetRemotePEDVectorStatus.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetRollbackFirmwareVersion(*args)¶

Cryptoki DLL call to CA_GetRollbackFirmwareVersion.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetSecondarySlot(*args)¶

Cryptoki DLL call to CA_GetSecondarySlot.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetSecureElementMeta(*args)¶

Cryptoki DLL call to CA_GetSecureElementMeta.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_CK_MECHANISM arg4 – LP_c_ulong arg5 – LP_c_ulong arg6 – LP_c_ubyte arg7 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetServerInstanceBySlotID(*args)¶

Cryptoki DLL call to CA_GetServerInstanceBySlotID.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetSessionInfo(*args)¶

Cryptoki DLL call to CA_GetSessionInfo.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong arg3 – LP_c_ulong arg4 – LP_c_ulong arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetSlotIdForContainer(*args)¶

Cryptoki DLL call to CA_GetSlotIdForContainer.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetSlotIdForPhysicalSlot(*args)¶

Cryptoki DLL call to CA_GetSlotIdForPhysicalSlot.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetSlotListFromServerInstance(*args)¶

Cryptoki DLL call to CA_GetSlotListFromServerInstance.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetTPV(*args)¶

Cryptoki DLL call to CA_GetTPV.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetTSV(*args)¶

Cryptoki DLL call to CA_GetTSV.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetTime(*args)¶

Cryptoki DLL call to CA_GetTime.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetTokenCapabilities(*args)¶

Cryptoki DLL call to CA_GetTokenCapabilities.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong arg3 – LP_c_ulong arg4 – LP_c_ulong arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetTokenCertificateInfo(*args)¶

Cryptoki DLL call to CA_GetTokenCertificateInfo.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetTokenCertificates(*args)¶

Cryptoki DLL call to CA_GetTokenCertificates.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetTokenInsertionCount(*args)¶

Cryptoki DLL call to CA_GetTokenInsertionCount.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetTokenObjectHandle(*args)¶

Cryptoki DLL call to CA_GetTokenObjectHandle.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – LP_c_ulong arg4 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetTokenObjectUID(*args)¶

Cryptoki DLL call to CA_GetTokenObjectUID.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – LP_c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetTokenPolicies(*args)¶

Cryptoki DLL call to CA_GetTokenPolicies.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong arg3 – LP_c_ulong arg4 – LP_c_ulong arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetTokenStatus(*args)¶

Cryptoki DLL call to CA_GetTokenStatus.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong arg3 – LP_c_ulong arg4 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetTokenStorageInformation(*args)¶

Cryptoki DLL call to CA_GetTokenStorageInformation.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong arg3 – LP_c_ulong arg4 – LP_c_ulong arg5 – LP_c_ulong arg6 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetTunnelSlotNumber(*args)¶

Cryptoki DLL call to CA_GetTunnelSlotNumber.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetUnauthTokenInsertionStatus(*args)¶

Cryptoki DLL call to CA_GetUnauthTokenInsertionStatus.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ulong arg4 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetUserContainerName(*args)¶

Cryptoki DLL call to CA_GetUserContainerName.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_GetUserContainerNumber(*args)¶

Cryptoki DLL call to CA_GetUserContainerNumber.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_HAActivateMofN(*args)¶

Cryptoki DLL call to CA_HAActivateMofN.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_HAAnswerLoginChallenge(*args)¶

Cryptoki DLL call to CA_HAAnswerLoginChallenge.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – c_ulong arg5 – LP_c_ubyte arg6 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_HAAnswerMofNChallenge(*args)¶

Cryptoki DLL call to CA_HAAnswerMofNChallenge.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_c_ubyte arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_HAGetLoginChallenge(*args)¶

Cryptoki DLL call to CA_HAGetLoginChallenge.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – c_ulong arg5 – LP_c_ubyte arg6 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_HAGetMasterPublic(*args)¶

Cryptoki DLL call to CA_HAGetMasterPublic.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_HAInit(*args)¶

Cryptoki DLL call to CA_HAInit.

Parameters:	arg1 – c_ulong arg2 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_HALogin(*args)¶

Cryptoki DLL call to CA_HALogin.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_c_ubyte arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_IndirectLogin(*args)¶

Cryptoki DLL call to CA_IndirectLogin.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_InitAudit(*args)¶

Cryptoki DLL call to CA_InitAudit.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_InitIndirectPIN(*args)¶

Cryptoki DLL call to CA_InitIndirectPIN.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_InitIndirectToken(*args)¶

Cryptoki DLL call to CA_InitIndirectToken.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_c_ubyte arg5 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_InitRolePIN(*args)¶

Cryptoki DLL call to CA_InitRolePIN.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_InitSlotRolePIN(*args)¶

Cryptoki DLL call to CA_InitSlotRolePIN.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – LP_c_ubyte arg5 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_InitializeRemotePEDVector(*args)¶

Cryptoki DLL call to CA_InitializeRemotePEDVector.

Parameters:	arg1 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_Insert(*args)¶

Cryptoki DLL call to CA_Insert.

Parameters:	arg1 – c_ulong arg2 – LP_CK_MECHANISM
Returns:	c_ulong

pycryptoki.cryptoki.CA_InsertMaskedObject(*args)¶

Cryptoki DLL call to CA_InsertMaskedObject.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong arg3 – LP_c_ubyte arg4 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_InvokeService(*args)¶

Cryptoki DLL call to CA_InvokeService.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_InvokeServiceAsynch(*args)¶

Cryptoki DLL call to CA_InvokeServiceAsynch.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_InvokeServiceFinal(*args)¶

Cryptoki DLL call to CA_InvokeServiceFinal.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_InvokeServiceInit(*args)¶

Cryptoki DLL call to CA_InvokeServiceInit.

Parameters:	arg1 – c_ulong arg2 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_InvokeServiceSinglePart(*args)¶

Cryptoki DLL call to CA_InvokeServiceSinglePart.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – c_ulong arg5 – LP_c_ubyte arg6 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_IsMofNEnabled(*args)¶

Cryptoki DLL call to CA_IsMofNEnabled.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_IsMofNRequired(*args)¶

Cryptoki DLL call to CA_IsMofNRequired.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_LKMInitiatorChallenge(*args)¶

Cryptoki DLL call to CA_LKMInitiatorChallenge.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – c_ulong arg5 – LP_CK_LKM_TOKEN_ID_S arg6 – LP_CK_LKM_TOKEN_ID_S arg7 – LP_c_ubyte arg8 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_LKMInitiatorComplete(*args)¶

Cryptoki DLL call to CA_LKMInitiatorComplete.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_CK_ATTRIBUTE arg5 – c_ulong arg6 – LP_CK_ATTRIBUTE arg7 – c_ulong arg8 – LP_c_ubyte arg9 – LP_c_ulong arg10 – LP_c_ulong arg11 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_LKMReceiverComplete(*args)¶

Cryptoki DLL call to CA_LKMReceiverComplete.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_CK_ATTRIBUTE arg5 – c_ulong arg6 – LP_CK_ATTRIBUTE arg7 – c_ulong arg8 – LP_c_ulong arg9 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_LKMReceiverResponse(*args)¶

Cryptoki DLL call to CA_LKMReceiverResponse.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – c_ulong arg5 – LP_CK_LKM_TOKEN_ID_S arg6 – LP_c_ubyte arg7 – c_ulong arg8 – LP_c_ubyte arg9 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_ListSecureTokenInit(*args)¶

Cryptoki DLL call to CA_ListSecureTokenInit.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – LP_c_ulong arg5 – LP_c_ulong arg6 – LP_c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_ListSecureTokenUpdate(*args)¶

Cryptoki DLL call to CA_ListSecureTokenUpdate.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – LP_c_ubyte arg5 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_LoadEncryptedModule(*args)¶

Cryptoki DLL call to CA_LoadEncryptedModule.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – c_ulong arg5 – LP_c_ubyte arg6 – c_ulong arg7 – LP_c_ubyte arg8 – c_ulong arg9 – LP_c_ubyte arg10 – c_ulong arg11 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_LoadModule(*args)¶

Cryptoki DLL call to CA_LoadModule.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_c_ubyte arg5 – c_ulong arg6 – LP_c_ubyte arg7 – c_ulong arg8 – LP_c_ubyte arg9 – c_ulong arg10 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_LockClusteredSlot(*args)¶

Cryptoki DLL call to CA_LockClusteredSlot.

Parameters:	arg1 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_LogExportSecret(*args)¶

Cryptoki DLL call to CA_LogExportSecret.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_LogExternal(*args)¶

Cryptoki DLL call to CA_LogExternal.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_LogGetConfig(*args)¶

Cryptoki DLL call to CA_LogGetConfig.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong arg3 – LP_c_ulong arg4 – LP_c_ulong arg5 – LP_c_ulong arg6 – LP_c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_LogGetStatus(*args)¶

Cryptoki DLL call to CA_LogGetStatus.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong arg3 – LP_c_ulong arg4 – LP_c_ulong arg5 – LP_c_ulong arg6 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_LogImportSecret(*args)¶

Cryptoki DLL call to CA_LogImportSecret.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_LogSetConfig(*args)¶

Cryptoki DLL call to CA_LogSetConfig.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – c_ulong arg5 – c_ulong arg6 – LP_c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_LogVerify(*args)¶

Cryptoki DLL call to CA_LogVerify.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – c_ulong arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_LogVerifyFile(*args)¶

Cryptoki DLL call to CA_LogVerifyFile.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – LP_c_ulong
Returns:	c_ulong

class pycryptoki.cryptoki.CA_MOFN_ACTIVATION[source]¶

pVector¶: Structure/Union member

ulVectorLen¶: Structure/Union member

pycryptoki.cryptoki.CA_MOFN_ACTIVATION_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CA_MOFN_ACTIVATION

class pycryptoki.cryptoki.CA_MOFN_GENERATION[source]¶

pVector¶: Structure/Union member

ulVectorLen¶: Structure/Union member

ulWeight¶: Structure/Union member

pycryptoki.cryptoki.CA_MOFN_GENERATION_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CA_MOFN_GENERATION

pycryptoki.cryptoki.CA_MOFN_STATUS¶: alias of pycryptoki.cryptoki.ck_defs.CA_M_OF_N_STATUS

pycryptoki.cryptoki.CA_MOFN_STATUS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CA_M_OF_N_STATUS

pycryptoki.cryptoki.CA_MTKGetState(*args)¶

Cryptoki DLL call to CA_MTKGetState.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_MTKResplit(*args)¶

Cryptoki DLL call to CA_MTKResplit.

Parameters:	arg1 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_MTKRestore(*args)¶

Cryptoki DLL call to CA_MTKRestore.

Parameters:	arg1 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_MTKSetStorage(*args)¶

Cryptoki DLL call to CA_MTKSetStorage.

Parameters:	arg1 – c_ulong arg2 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_MTKZeroize(*args)¶

Cryptoki DLL call to CA_MTKZeroize.

Parameters:	arg1 – c_ulong
Returns:	c_ulong

class pycryptoki.cryptoki.CA_M_OF_N_STATUS[source]¶

ulFlag¶: Structure/Union member

ulID¶: Structure/Union member

ulM¶: Structure/Union member

ulN¶: Structure/Union member

ulSecretSize¶: Structure/Union member

pycryptoki.cryptoki.CA_ManualKCV(*args)¶

Cryptoki DLL call to CA_ManualKCV.

Parameters:	arg1 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_ModifyMofN(*args)¶

Cryptoki DLL call to CA_ModifyMofN.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_CA_MOFN_GENERATION arg4 – c_ulong arg5 – c_ulong arg6 – c_void_p
Returns:	c_ulong

pycryptoki.cryptoki.CA_ModifyUsageCount(*args)¶

Cryptoki DLL call to CA_ModifyUsageCount.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_MultisignValue(*args)¶

Cryptoki DLL call to CA_MultisignValue.

Parameters:	arg1 – c_ulong arg2 – LP_CK_MECHANISM arg3 – c_ulong arg4 – LP_c_ubyte arg5 – LP_c_ulong arg6 – LP_c_ulong arg7 – LP_LP_c_ubyte arg8 – LP_c_ulong arg9 – LP_LP_c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_OpenApplicationID(*args)¶

Cryptoki DLL call to CA_OpenApplicationID.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_OpenApplicationIDForContainer(*args)¶

Cryptoki DLL call to CA_OpenApplicationIDForContainer.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_OpenApplicationIDV2(*args)¶

Cryptoki DLL call to CA_OpenApplicationIDV2.

Parameters:	arg1 – c_ulong arg2 – LP_CK_APPLICATION_ID
Returns:	c_ulong

pycryptoki.cryptoki.CA_OpenSecureToken(*args)¶

Cryptoki DLL call to CA_OpenSecureToken.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – c_ulong arg5 – c_ulong arg6 – LP_c_ulong arg7 – LP_c_ulong arg8 – c_ulong arg9 – LP_c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_OpenSession(*args)¶

Cryptoki DLL call to CA_OpenSession.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – c_void_p arg5 – CFunctionType arg6 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_OpenSessionWithAppID(*args)¶

Cryptoki DLL call to CA_OpenSessionWithAppID.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – c_ulong arg5 – c_void_p arg6 – CFunctionType arg7 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_PerformModuleCall(*args)¶

Cryptoki DLL call to CA_PerformModuleCall.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – c_ulong arg5 – LP_c_ubyte arg6 – c_ulong arg7 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_PerformSelfTest(*args)¶

Cryptoki DLL call to CA_PerformSelfTest.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – c_ulong arg5 – LP_c_ubyte arg6 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_QueryLicense(*args)¶

Cryptoki DLL call to CA_QueryLicense.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – LP_c_ulong arg5 – LP_c_ulong arg6 – LP_c_ulong arg7 – LP_c_ubyte
Returns:	c_ulong

class pycryptoki.cryptoki.CA_ROLE_STATE[source]¶

flags¶: Structure/Union member

loginAttemptsLeft¶: Structure/Union member

primaryAuthMech¶: Structure/Union member

secondaryAuthMech¶: Structure/Union member

pycryptoki.cryptoki.CA_ReadCommonStore(*args)¶

Cryptoki DLL call to CA_ReadCommonStore.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_ReplaceFastPathKEK(*args)¶

Cryptoki DLL call to CA_ReplaceFastPathKEK.

Parameters:	arg1 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_ResetDevice(*args)¶

Cryptoki DLL call to CA_ResetDevice.

Parameters:	arg1 – c_ulong arg2 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_ResetPIN(*args)¶

Cryptoki DLL call to CA_ResetPIN.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_Restart(*args)¶

Cryptoki DLL call to CA_Restart.

Parameters:	arg1 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_RestartForContainer(*args)¶

Cryptoki DLL call to CA_RestartForContainer.

Parameters:	arg1 – c_ulong arg2 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_RetrieveLicenseList(*args)¶

Cryptoki DLL call to CA_RetrieveLicenseList.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_RoleStateGet(*args)¶

Cryptoki DLL call to CA_RoleStateGet.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_CA_ROLE_STATE
Returns:	c_ulong

pycryptoki.cryptoki.CA_SIMExtract(*args)¶

Cryptoki DLL call to CA_SIMExtract.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ulong arg4 – c_ulong arg5 – c_ulong arg6 – c_ulong arg7 – LP_c_ulong arg8 – LP_LP_c_ubyte arg9 – c_ubyte arg10 – LP_c_ulong arg11 – LP_c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_SIMInsert(*args)¶

Cryptoki DLL call to CA_SIMInsert.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – LP_c_ulong arg5 – LP_LP_c_ubyte arg6 – c_ulong arg7 – LP_c_ubyte arg8 – LP_c_ulong arg9 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_SIMMultiSign(*args)¶

Cryptoki DLL call to CA_SIMMultiSign.

Parameters:	arg1 – c_ulong arg2 – LP_CK_MECHANISM arg3 – c_ulong arg4 – c_ulong arg5 – LP_c_ulong arg6 – LP_LP_c_ubyte arg7 – c_ulong arg8 – LP_c_ubyte arg9 – c_ulong arg10 – LP_c_ulong arg11 – LP_LP_c_ubyte arg12 – LP_c_ulong arg13 – LP_LP_c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCClearCipherAlgorithm(*args)¶

Cryptoki DLL call to CA_STCClearCipherAlgorithm.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCClearDigestAlgorithm(*args)¶

Cryptoki DLL call to CA_STCClearDigestAlgorithm.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCDeregister(*args)¶

Cryptoki DLL call to CA_STCDeregister.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCGetAdminPubKey(*args)¶

Cryptoki DLL call to CA_STCGetAdminPubKey.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – LP_c_ulong arg4 – LP_c_ubyte arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCGetChannelID(*args)¶

Cryptoki DLL call to CA_STCGetChannelID.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCGetCipherAlgorithm(*args)¶

Cryptoki DLL call to CA_STCGetCipherAlgorithm.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCGetCipherID(*args)¶

Cryptoki DLL call to CA_STCGetCipherID.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCGetCipherIDs(*args)¶

Cryptoki DLL call to CA_STCGetCipherIDs.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong arg3 – LP_c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCGetCipherNameByID(*args)¶

Cryptoki DLL call to CA_STCGetCipherNameByID.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCGetClientInfo(*args)¶

Cryptoki DLL call to CA_STCGetClientInfo.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – LP_c_ubyte arg5 – LP_c_ulong arg6 – LP_c_ulong arg7 – LP_c_ubyte arg8 – LP_c_ulong arg9 – LP_c_ubyte arg10 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCGetClientsList(*args)¶

Cryptoki DLL call to CA_STCGetClientsList.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ulong arg4 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCGetCurrentKeyLife(*args)¶

Cryptoki DLL call to CA_STCGetCurrentKeyLife.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCGetDigestAlgorithm(*args)¶

Cryptoki DLL call to CA_STCGetDigestAlgorithm.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCGetDigestID(*args)¶

Cryptoki DLL call to CA_STCGetDigestID.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCGetDigestIDs(*args)¶

Cryptoki DLL call to CA_STCGetDigestIDs.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong arg3 – LP_c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCGetDigestNameByID(*args)¶

Cryptoki DLL call to CA_STCGetDigestNameByID.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCGetKeyActivationTimeOut(*args)¶

Cryptoki DLL call to CA_STCGetKeyActivationTimeOut.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCGetKeyLifeTime(*args)¶

Cryptoki DLL call to CA_STCGetKeyLifeTime.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCGetMaxSessions(*args)¶

Cryptoki DLL call to CA_STCGetMaxSessions.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCGetPartPubKey(*args)¶

Cryptoki DLL call to CA_STCGetPartPubKey.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – LP_c_ulong arg5 – LP_c_ubyte arg6 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCGetPubKey(*args)¶

Cryptoki DLL call to CA_STCGetPubKey.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – LP_c_ubyte arg5 – LP_c_ulong arg6 – LP_c_ubyte arg7 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCGetSequenceWindowSize(*args)¶

Cryptoki DLL call to CA_STCGetSequenceWindowSize.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCGetState(*args)¶

Cryptoki DLL call to CA_STCGetState.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCIsEnabled(*args)¶

Cryptoki DLL call to CA_STCIsEnabled.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCRegister(*args)¶

Cryptoki DLL call to CA_STCRegister.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – c_ulong arg5 – LP_c_ubyte arg6 – c_ulong arg7 – LP_c_ubyte arg8 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCSetCipherAlgorithm(*args)¶

Cryptoki DLL call to CA_STCSetCipherAlgorithm.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCSetDigestAlgorithm(*args)¶

Cryptoki DLL call to CA_STCSetDigestAlgorithm.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCSetKeyActivationTimeOut(*args)¶

Cryptoki DLL call to CA_STCSetKeyActivationTimeOut.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCSetKeyLifeTime(*args)¶

Cryptoki DLL call to CA_STCSetKeyLifeTime.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCSetMaxSessions(*args)¶

Cryptoki DLL call to CA_STCSetMaxSessions.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_STCSetSequenceWindowSize(*args)¶

Cryptoki DLL call to CA_STCSetSequenceWindowSize.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_STMGetState(*args)¶

Cryptoki DLL call to CA_STMGetState.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_STMToggle(*args)¶

Cryptoki DLL call to CA_STMToggle.

Parameters:	arg1 – c_ulong arg2 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_SetApplicationID(*args)¶

Cryptoki DLL call to CA_SetApplicationID.

Parameters:	arg1 – c_ulong arg2 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_SetApplicationIDV2(*args)¶

Cryptoki DLL call to CA_SetApplicationIDV2.

Parameters:	arg1 – LP_CK_APPLICATION_ID
Returns:	c_ulong

pycryptoki.cryptoki.CA_SetCloningDomain(*args)¶

Cryptoki DLL call to CA_SetCloningDomain.

Parameters:	arg1 – LP_c_ubyte arg2 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_SetContainerPolicies(*args)¶

Cryptoki DLL call to CA_SetContainerPolicies.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – LP_c_ulong arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_SetContainerPolicy(*args)¶

Cryptoki DLL call to CA_SetContainerPolicy.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_SetContainerSize(*args)¶

Cryptoki DLL call to CA_SetContainerSize.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_SetDestructiveHSMPolicies(*args)¶

Cryptoki DLL call to CA_SetDestructiveHSMPolicies.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ulong arg4 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_SetDestructiveHSMPolicy(*args)¶

Cryptoki DLL call to CA_SetDestructiveHSMPolicy.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_SetExtendedTPV(*args)¶

Cryptoki DLL call to CA_SetExtendedTPV.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_SetHSMPolicies(*args)¶

Cryptoki DLL call to CA_SetHSMPolicies.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ulong arg4 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_SetHSMPolicy(*args)¶

Cryptoki DLL call to CA_SetHSMPolicy.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_SetKCV(*args)¶

Cryptoki DLL call to CA_SetKCV.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_SetLKCV(*args)¶

Cryptoki DLL call to CA_SetLKCV.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_SetMofN(*args)¶

Cryptoki DLL call to CA_SetMofN.

Parameters:	arg1 – c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.CA_SetPedId(*args)¶

Cryptoki DLL call to CA_SetPedId.

Parameters:	arg1 – c_ulong arg2 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_SetRDK(*args)¶

Cryptoki DLL call to CA_SetRDK.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_SetTPV(*args)¶

Cryptoki DLL call to CA_SetTPV.

Parameters:	arg1 – c_ulong arg2 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_SetTokenCertificateSignature(*args)¶

Cryptoki DLL call to CA_SetTokenCertificateSignature.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – LP_CK_ATTRIBUTE arg5 – c_ulong arg6 – LP_c_ubyte arg7 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_SetTokenPolicies(*args)¶

Cryptoki DLL call to CA_SetTokenPolicies.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong arg4 – LP_c_ulong arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_SetUserContainerName(*args)¶

Cryptoki DLL call to CA_SetUserContainerName.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_SpRawRead(*args)¶

Cryptoki DLL call to CA_SpRawRead.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_SpRawWrite(*args)¶

Cryptoki DLL call to CA_SpRawWrite.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_SwitchSecondarySlot(*args)¶

Cryptoki DLL call to CA_SwitchSecondarySlot.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_TamperClear(*args)¶

Cryptoki DLL call to CA_TamperClear.

Parameters:	arg1 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_TimeSync(*args)¶

Cryptoki DLL call to CA_TimeSync.

Parameters:	arg1 – c_ulong arg2 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_TokenDelete(*args)¶

Cryptoki DLL call to CA_TokenDelete.

Parameters:	arg1 – c_ulong arg2 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_TokenInsert(*args)¶

Cryptoki DLL call to CA_TokenInsert.

Parameters:	arg1 – c_ulong arg2 – LP_CT_Token arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_TokenInsertNoAuth(*args)¶

Cryptoki DLL call to CA_TokenInsertNoAuth.

Parameters:	arg1 – LP_CT_Token arg2 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_TokenZeroize(*args)¶

Cryptoki DLL call to CA_TokenZeroize.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_UnloadModule(*args)¶

Cryptoki DLL call to CA_UnloadModule.

Parameters:	arg1 – c_ulong arg2 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_UnlockClusteredSlot(*args)¶

Cryptoki DLL call to CA_UnlockClusteredSlot.

Parameters:	arg1 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_WaitForSlotEvent(*args)¶

Cryptoki DLL call to CA_WaitForSlotEvent.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong arg3 – LP_c_ulong arg4 – c_void_p
Returns:	c_ulong

pycryptoki.cryptoki.CA_WriteCommonStore(*args)¶

Cryptoki DLL call to CA_WriteCommonStore.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CA_Zeroize(*args)¶

Cryptoki DLL call to CA_Zeroize.

Parameters:	arg1 – c_ulong arg2 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.CKA_SIM_AUTH_FORM¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CKCA_MODULE_ID¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CKCA_MODULE_ID_PTR¶: alias of pycryptoki.cryptoki.c_defs.LP_c_ulong

class pycryptoki.cryptoki.CKCA_MODULE_INFO[source]¶

developerName¶: Structure/Union member

moduleDescription¶: Structure/Union member

moduleVersion¶: Structure/Union member

ulModuleSize¶: Structure/Union member

pycryptoki.cryptoki.CKCA_MODULE_INFO_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CKCA_MODULE_INFO

class pycryptoki.cryptoki.CK_AES_CBC_ENCRYPT_DATA_PARAMS[source]¶

iv¶: Structure/Union member

length¶: Structure/Union member

pData¶: Structure/Union member

pycryptoki.cryptoki.CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_AES_CBC_ENCRYPT_DATA_PARAMS

class pycryptoki.cryptoki.CK_AES_CBC_PAD_EXTRACT_PARAMS[source]¶

ctxID¶: Structure/Union member

pBuffer¶: Structure/Union member

pbFileName¶: Structure/Union member

pedId¶: Structure/Union member

pulBufferLen¶: Structure/Union member

ulDeleteAfterExtract¶: Structure/Union member

ulHandle¶: Structure/Union member

ulStorage¶: Structure/Union member

ulType¶: Structure/Union member

pycryptoki.cryptoki.CK_AES_CBC_PAD_EXTRACT_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_AES_CBC_PAD_EXTRACT_PARAMS

class pycryptoki.cryptoki.CK_AES_CBC_PAD_INSERT_PARAMS[source]¶

ctxID¶: Structure/Union member

pBuffer¶: Structure/Union member

pbFileName¶: Structure/Union member

pedId¶: Structure/Union member

pulHandle¶: Structure/Union member

pulType¶: Structure/Union member

ulBufferLen¶: Structure/Union member

ulContainerState¶: Structure/Union member

ulStorage¶: Structure/Union member

ulStorageType¶: Structure/Union member

pycryptoki.cryptoki.CK_AES_CBC_PAD_INSERT_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_AES_CBC_PAD_INSERT_PARAMS

class pycryptoki.cryptoki.CK_AES_CTR_PARAMS[source]¶

cb¶: Structure/Union member

ulCounterBits¶: Structure/Union member

pycryptoki.cryptoki.CK_AES_CTR_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_AES_CTR_PARAMS

class pycryptoki.cryptoki.CK_AES_GCM_PARAMS[source]¶

pAAD¶: Structure/Union member

pIv¶: Structure/Union member

ulAADLen¶: Structure/Union member

ulIvBits¶: Structure/Union member

ulIvLen¶: Structure/Union member

ulTagBits¶: Structure/Union member

pycryptoki.cryptoki.CK_AES_GCM_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.CK_AES_GCM_PARAMS

pycryptoki.cryptoki.CK_AES_GMAC_PARAMS¶: alias of pycryptoki.cryptoki.ck_defs.CK_AES_GCM_PARAMS

pycryptoki.cryptoki.CK_AES_GMAC_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_AES_GCM_PARAMS

class pycryptoki.cryptoki.CK_AES_XTS_PARAMS[source]¶

cb¶: Structure/Union member

hTweakKey¶: Structure/Union member

pycryptoki.cryptoki.CK_AES_XTS_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_AES_XTS_PARAMS

class pycryptoki.cryptoki.CK_ARIA_CBC_ENCRYPT_DATA_PARAMS[source]¶

iv¶: Structure/Union member

length¶: Structure/Union member

pData¶: Structure/Union member

pycryptoki.cryptoki.CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_ARIA_CBC_ENCRYPT_DATA_PARAMS

pycryptoki.cryptoki.CK_ARIA_CTR_PARAMS¶: alias of pycryptoki.cryptoki.ck_defs.CK_AES_CTR_PARAMS

pycryptoki.cryptoki.CK_ARIA_CTR_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_AES_CTR_PARAMS

class pycryptoki.cryptoki.CK_ATTRIBUTE[source]¶

pValue¶: Structure/Union member

type¶: Structure/Union member

usValueLen¶: Structure/Union member

pycryptoki.cryptoki.CK_ATTRIBUTE_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_ATTRIBUTE

pycryptoki.cryptoki.CK_ATTRIBUTE_TYPE¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CK_BBOOL¶: alias of ctypes.c_ubyte

pycryptoki.cryptoki.CK_BYTE¶: alias of ctypes.c_ubyte

pycryptoki.cryptoki.CK_BYTE_PTR¶: alias of pycryptoki.cryptoki.c_defs.LP_c_ubyte

class pycryptoki.cryptoki.CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS[source]¶

iv¶: Structure/Union member

length¶: Structure/Union member

pData¶: Structure/Union member

pycryptoki.cryptoki.CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS

class pycryptoki.cryptoki.CK_CAMELLIA_CTR_PARAMS[source]¶

cb¶: Structure/Union member

ulCounterBits¶: Structure/Union member

pycryptoki.cryptoki.CK_CAMELLIA_CTR_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_CAMELLIA_CTR_PARAMS

pycryptoki.cryptoki.CK_CERTIFICATE_TYPE¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CK_CHAR¶: alias of ctypes.c_ubyte

pycryptoki.cryptoki.CK_CHAR_PTR¶: alias of pycryptoki.cryptoki.c_defs.LP_c_ubyte

class pycryptoki.cryptoki.CK_CLUSTER_STATE[source]¶

bMembers¶: Structure/Union member

ulMemberStatus¶: Structure/Union member

pycryptoki.cryptoki.CK_CLUSTER_STATE_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_CLUSTER_STATE

class pycryptoki.cryptoki.CK_CMS_SIG_PARAMS[source]¶

certificateHandle¶: Structure/Union member

pContentType¶: Structure/Union member

pDigestMechanism¶: Structure/Union member

pRequestedAttributes¶: Structure/Union member

pRequiredAttributes¶: Structure/Union member

pSigningMechanism¶: Structure/Union member

ulRequestedAttributesLen¶: Structure/Union member

ulRequiredAttributesLen¶: Structure/Union member

pycryptoki.cryptoki.CK_CMS_SIG_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_CMS_SIG_PARAMS

pycryptoki.cryptoki.CK_CREATEMUTEX¶: alias of ctypes.CFUNCTYPE.<locals>.CFunctionType

class pycryptoki.cryptoki.CK_DATE[source]¶

day¶: Structure/Union member

month¶: Structure/Union member

year¶: Structure/Union member

pycryptoki.cryptoki.CK_DESTROYMUTEX¶: alias of ctypes.CFUNCTYPE.<locals>.CFunctionType

class pycryptoki.cryptoki.CK_DES_CBC_ENCRYPT_DATA_PARAMS[source]¶

iv¶: Structure/Union member

length¶: Structure/Union member

pData¶: Structure/Union member

pycryptoki.cryptoki.CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_DES_CBC_ENCRYPT_DATA_PARAMS

class pycryptoki.cryptoki.CK_DES_CTR_PARAMS[source]¶

cb¶: Structure/Union member

ulCounterBits¶: Structure/Union member

pycryptoki.cryptoki.CK_DES_CTR_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_DES_CTR_PARAMS

class pycryptoki.cryptoki.CK_ECDH1_DERIVE_PARAMS[source]¶

kdf¶: Structure/Union member

pPublicData¶: Structure/Union member

pSharedData¶: Structure/Union member

ulPublicDataLen¶: Structure/Union member

ulSharedDataLen¶: Structure/Union member

pycryptoki.cryptoki.CK_ECDH1_DERIVE_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_ECDH1_DERIVE_PARAMS

class pycryptoki.cryptoki.CK_ECDH2_DERIVE_PARAMS[source]¶

hPrivateData¶: Structure/Union member

kdf¶: Structure/Union member

pPublicData¶: Structure/Union member

pPublicData2¶: Structure/Union member

pSharedData¶: Structure/Union member

ulPrivateDataLen¶: Structure/Union member

ulPublicDataLen¶: Structure/Union member

ulPublicDataLen2¶: Structure/Union member

ulSharedDataLen¶: Structure/Union member

pycryptoki.cryptoki.CK_ECDH2_DERIVE_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_ECDH2_DERIVE_PARAMS

class pycryptoki.cryptoki.CK_ECIES_PARAMS[source]¶

dhPrimitive¶: Structure/Union member

encScheme¶: Structure/Union member

kdf¶: Structure/Union member

macScheme¶: Structure/Union member

pSharedData1¶: Structure/Union member

pSharedData2¶: Structure/Union member

ulEncKeyLenInBits¶: Structure/Union member

ulMacKeyLenInBits¶: Structure/Union member

ulMacLenInBits¶: Structure/Union member

ulSharedDataLen1¶: Structure/Union member

ulSharedDataLen2¶: Structure/Union member

pycryptoki.cryptoki.CK_ECIES_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_ECIES_PARAMS

class pycryptoki.cryptoki.CK_ECMQV_DERIVE_PARAMS[source]¶

hPrivateData¶: Structure/Union member

kdf¶: Structure/Union member

pPublicData¶: Structure/Union member

pPublicData2¶: Structure/Union member

pSharedData¶: Structure/Union member

publicKey¶: Structure/Union member

ulPrivateDataLen¶: Structure/Union member

ulPublicDataLen¶: Structure/Union member

ulPublicDataLen2¶: Structure/Union member

ulSharedDataLen¶: Structure/Union member

pycryptoki.cryptoki.CK_ECMQV_DERIVE_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_ECMQV_DERIVE_PARAMS

pycryptoki.cryptoki.CK_EC_DH_PRIMITIVE¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CK_EC_ENC_SCHEME¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CK_EC_KDF_TYPE¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CK_EC_MAC_SCHEME¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CK_EXTRACT_PARAMS¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CK_EXTRACT_PARAMS_PTR¶: alias of pycryptoki.cryptoki.c_defs.LP_c_ulong

pycryptoki.cryptoki.CK_FLAGS¶: alias of ctypes.c_ulong

class pycryptoki.cryptoki.CK_FUNCTION_LIST[source]¶

C_CancelFunction¶: Structure/Union member

C_CloseAllSessions¶: Structure/Union member

C_CloseSession¶: Structure/Union member

C_CopyObject¶: Structure/Union member

C_CreateObject¶: Structure/Union member

C_Decrypt¶: Structure/Union member

C_DecryptDigestUpdate¶: Structure/Union member

C_DecryptFinal¶: Structure/Union member

C_DecryptInit¶: Structure/Union member

C_DecryptUpdate¶: Structure/Union member

C_DecryptVerifyUpdate¶: Structure/Union member

C_DeriveKey¶: Structure/Union member

C_DestroyObject¶: Structure/Union member

C_Digest¶: Structure/Union member

C_DigestEncryptUpdate¶: Structure/Union member

C_DigestFinal¶: Structure/Union member

C_DigestInit¶: Structure/Union member

C_DigestKey¶: Structure/Union member

C_DigestUpdate¶: Structure/Union member

C_Encrypt¶: Structure/Union member

C_EncryptFinal¶: Structure/Union member

C_EncryptInit¶: Structure/Union member

C_EncryptUpdate¶: Structure/Union member

C_Finalize¶: Structure/Union member

C_FindObjects¶: Structure/Union member

C_FindObjectsFinal¶: Structure/Union member

C_FindObjectsInit¶: Structure/Union member

C_GenerateKey¶: Structure/Union member

C_GenerateKeyPair¶: Structure/Union member

C_GenerateRandom¶: Structure/Union member

C_GetAttributeValue¶: Structure/Union member

C_GetFunctionList¶: Structure/Union member

C_GetFunctionStatus¶: Structure/Union member

C_GetInfo¶: Structure/Union member

C_GetMechanismInfo¶: Structure/Union member

C_GetMechanismList¶: Structure/Union member

C_GetObjectSize¶: Structure/Union member

C_GetOperationState¶: Structure/Union member

C_GetSessionInfo¶: Structure/Union member

C_GetSlotInfo¶: Structure/Union member

C_GetSlotList¶: Structure/Union member

C_GetTokenInfo¶: Structure/Union member

C_InitPIN¶: Structure/Union member

C_InitToken¶: Structure/Union member

C_Initialize¶: Structure/Union member

C_Login¶: Structure/Union member

C_Logout¶: Structure/Union member

C_OpenSession¶: Structure/Union member

C_SeedRandom¶: Structure/Union member

C_SetAttributeValue¶: Structure/Union member

C_SetOperationState¶: Structure/Union member

C_SetPIN¶: Structure/Union member

C_Sign¶: Structure/Union member

C_SignEncryptUpdate¶: Structure/Union member

C_SignFinal¶: Structure/Union member

C_SignInit¶: Structure/Union member

C_SignRecover¶: Structure/Union member

C_SignRecoverInit¶: Structure/Union member

C_SignUpdate¶: Structure/Union member

C_UnwrapKey¶: Structure/Union member

C_Verify¶: Structure/Union member

C_VerifyFinal¶: Structure/Union member

C_VerifyInit¶: Structure/Union member

C_VerifyRecover¶: Structure/Union member

C_VerifyRecoverInit¶: Structure/Union member

C_VerifyUpdate¶: Structure/Union member

C_WaitForSlotEvent¶: Structure/Union member

C_WrapKey¶: Structure/Union member

version¶: Structure/Union member

pycryptoki.cryptoki.CK_FUNCTION_LIST_PTR¶: alias of pycryptoki.cryptoki._ck_func_list.LP_CK_FUNCTION_LIST

pycryptoki.cryptoki.CK_FUNCTION_LIST_PTR_PTR¶: alias of pycryptoki.cryptoki._ck_func_list.LP_LP_CK_FUNCTION_LIST

pycryptoki.cryptoki.CK_GetTotalOperations¶: alias of ctypes.CFUNCTYPE.<locals>.CFunctionType

class pycryptoki.cryptoki.CK_HA_MEMBER[source]¶

memberSerial¶: Structure/Union member

memberStatus¶: Structure/Union member

pycryptoki.cryptoki.CK_HA_MEMBER_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_HA_MEMBER

pycryptoki.cryptoki.CK_HA_STATE_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_HA_STATUS

class pycryptoki.cryptoki.CK_HA_STATUS[source]¶

groupSerial¶: Structure/Union member

listSize¶: Structure/Union member

memberList¶: Structure/Union member

pycryptoki.cryptoki.CK_HW_FEATURE_TYPE¶: alias of ctypes.c_ulong

class pycryptoki.cryptoki.CK_INFO[source]¶

cryptokiVersion¶: Structure/Union member

flags¶: Structure/Union member

libraryDescription¶: Structure/Union member

libraryVersion¶: Structure/Union member

manufacturerID¶: Structure/Union member

pycryptoki.cryptoki.CK_INFO_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_INFO

pycryptoki.cryptoki.CK_KDF_PRF_ENCODING_SCHEME¶: alias of ctypes.c_ulong

class pycryptoki.cryptoki.CK_KDF_PRF_PARAMS[source]¶

pContext¶: Structure/Union member

pLabel¶: Structure/Union member

prfType¶: Structure/Union member

ulContextLen¶: Structure/Union member

ulCounter¶: Structure/Union member

ulEncodingScheme¶: Structure/Union member

ulLabelLen¶: Structure/Union member

pycryptoki.cryptoki.CK_KDF_PRF_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_KDF_PRF_PARAMS

pycryptoki.cryptoki.CK_KDF_PRF_TYPE¶: alias of ctypes.c_ulong

class pycryptoki.cryptoki.CK_KEA_DERIVE_PARAMS[source]¶

isSender¶: Structure/Union member

pPublicData¶: Structure/Union member

pRandomA¶: Structure/Union member

pRandomB¶: Structure/Union member

ulPublicDataLen¶: Structure/Union member

ulRandomLen¶: Structure/Union member

pycryptoki.cryptoki.CK_KEA_DERIVE_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_KEA_DERIVE_PARAMS

class pycryptoki.cryptoki.CK_KEY_DERIVATION_STRING_DATA[source]¶

pData¶: Structure/Union member

ulLen¶: Structure/Union member

pycryptoki.cryptoki.CK_KEY_DERIVATION_STRING_DATA_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_KEY_DERIVATION_STRING_DATA

pycryptoki.cryptoki.CK_KEY_TYPE¶: alias of ctypes.c_ulong

class pycryptoki.cryptoki.CK_KEY_WRAP_SET_OAEP_PARAMS[source]¶

bBC¶: Structure/Union member

pX¶: Structure/Union member

ulXLen¶: Structure/Union member

pycryptoki.cryptoki.CK_KEY_WRAP_SET_OAEP_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_KEY_WRAP_SET_OAEP_PARAMS

class pycryptoki.cryptoki.CK_KIP_PARAMS[source]¶

hKey¶: Structure/Union member

pMechanism¶: Structure/Union member

pSeed¶: Structure/Union member

ulSeedLen¶: Structure/Union member

pycryptoki.cryptoki.CK_KIP_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_KIP_PARAMS

pycryptoki.cryptoki.CK_LKM_TOKEN_ID¶: alias of pycryptoki.cryptoki.ck_defs.CK_LKM_TOKEN_ID_S

pycryptoki.cryptoki.CK_LKM_TOKEN_ID_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_LKM_TOKEN_ID_S

class pycryptoki.cryptoki.CK_LKM_TOKEN_ID_S[source]¶

id¶: Structure/Union member

pycryptoki.cryptoki.CK_LOCKMUTEX¶: alias of ctypes.CFUNCTYPE.<locals>.CFunctionType

pycryptoki.cryptoki.CK_LONG¶: alias of ctypes.c_long

pycryptoki.cryptoki.CK_MAC_GENERAL_PARAMS¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CK_MAC_GENERAL_PARAMS_PTR¶: alias of pycryptoki.cryptoki.c_defs.LP_c_ulong

class pycryptoki.cryptoki.CK_MECHANISM[source]¶

mechanism¶: Structure/Union member

pParameter¶: Structure/Union member

usParameterLen¶: Structure/Union member

class pycryptoki.cryptoki.CK_MECHANISM_INFO[source]¶

flags¶: Structure/Union member

ulMaxKeySize¶: Structure/Union member

ulMinKeySize¶: Structure/Union member

pycryptoki.cryptoki.CK_MECHANISM_INFO_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_MECHANISM_INFO

pycryptoki.cryptoki.CK_MECHANISM_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_MECHANISM

pycryptoki.cryptoki.CK_MECHANISM_TYPE¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CK_MECHANISM_TYPE_PTR¶: alias of pycryptoki.cryptoki.c_defs.LP_c_ulong

pycryptoki.cryptoki.CK_NOTIFICATION¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CK_NOTIFY¶: alias of ctypes.CFUNCTYPE.<locals>.CFunctionType

pycryptoki.cryptoki.CK_OBJECT_CLASS¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CK_OBJECT_CLASS_PTR¶: alias of pycryptoki.cryptoki.c_defs.LP_c_ulong

pycryptoki.cryptoki.CK_OBJECT_HANDLE¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CK_OBJECT_HANDLE_PTR¶: alias of pycryptoki.cryptoki.c_defs.LP_c_ulong

class pycryptoki.cryptoki.CK_OTP_PARAM[source]¶

pValue¶: Structure/Union member

type¶: Structure/Union member

usValueLen¶: Structure/Union member

class pycryptoki.cryptoki.CK_OTP_PARAMS[source]¶

pParams¶: Structure/Union member

ulCount¶: Structure/Union member

pycryptoki.cryptoki.CK_OTP_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_OTP_PARAMS

pycryptoki.cryptoki.CK_OTP_PARAM_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_OTP_PARAM

pycryptoki.cryptoki.CK_OTP_PARAM_TYPE¶: alias of ctypes.c_ulong

class pycryptoki.cryptoki.CK_OTP_SIGNATURE_INFO[source]¶

pParams¶: Structure/Union member

ulCount¶: Structure/Union member

pycryptoki.cryptoki.CK_OTP_SIGNATURE_INFO_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_OTP_SIGNATURE_INFO

pycryptoki.cryptoki.CK_PARAM_TYPE¶: alias of ctypes.c_ulong

class pycryptoki.cryptoki.CK_PBE_PARAMS[source]¶

pInitVector¶: Structure/Union member

pPassword¶: Structure/Union member

pSalt¶: Structure/Union member

usIteration¶: Structure/Union member

usPasswordLen¶: Structure/Union member

usSaltLen¶: Structure/Union member

pycryptoki.cryptoki.CK_PBE_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_PBE_PARAMS

class pycryptoki.cryptoki.CK_PKCS5_PBKD2_PARAMS[source]¶

iterations¶: Structure/Union member

pPassword¶: Structure/Union member

pPrfData¶: Structure/Union member

pSaltSourceData¶: Structure/Union member

prf¶: Structure/Union member

saltSource¶: Structure/Union member

ulPrfDataLen¶: Structure/Union member

ulSaltSourceDataLen¶: Structure/Union member

usPasswordLen¶: Structure/Union member

pycryptoki.cryptoki.CK_PKCS5_PBKD2_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_PKCS5_PBKD2_PARAMS

pycryptoki.cryptoki.CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR¶: alias of pycryptoki.cryptoki.c_defs.LP_c_ulong

pycryptoki.cryptoki.CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR¶: alias of pycryptoki.cryptoki.c_defs.LP_c_ulong

pycryptoki.cryptoki.CK_PRF_KDF_PARAMS¶: alias of pycryptoki.cryptoki.ck_defs.CK_KDF_PRF_PARAMS

class pycryptoki.cryptoki.CK_RC2_CBC_PARAMS[source]¶

iv¶: Structure/Union member

usEffectiveBits¶: Structure/Union member

pycryptoki.cryptoki.CK_RC2_CBC_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_RC2_CBC_PARAMS

class pycryptoki.cryptoki.CK_RC2_MAC_GENERAL_PARAMS[source]¶

ulMacLength¶: Structure/Union member

usEffectiveBits¶: Structure/Union member

pycryptoki.cryptoki.CK_RC2_MAC_GENERAL_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_RC2_MAC_GENERAL_PARAMS

pycryptoki.cryptoki.CK_RC2_PARAMS¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CK_RC2_PARAMS_PTR¶: alias of pycryptoki.cryptoki.c_defs.LP_c_ulong

class pycryptoki.cryptoki.CK_RC5_CBC_PARAMS[source]¶

pIv¶: Structure/Union member

ulIvLen¶: Structure/Union member

ulRounds¶: Structure/Union member

ulWordsize¶: Structure/Union member

pycryptoki.cryptoki.CK_RC5_CBC_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_RC5_CBC_PARAMS

class pycryptoki.cryptoki.CK_RC5_MAC_GENERAL_PARAMS[source]¶

ulMacLength¶: Structure/Union member

ulRounds¶: Structure/Union member

ulWordsize¶: Structure/Union member

pycryptoki.cryptoki.CK_RC5_MAC_GENERAL_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_RC5_MAC_GENERAL_PARAMS

class pycryptoki.cryptoki.CK_RC5_PARAMS[source]¶

ulRounds¶: Structure/Union member

ulWordsize¶: Structure/Union member

pycryptoki.cryptoki.CK_RC5_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_RC5_PARAMS

pycryptoki.cryptoki.CK_RSA_PKCS_MGF_TYPE¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CK_RSA_PKCS_MGF_TYPE_PTR¶: alias of pycryptoki.cryptoki.c_defs.LP_c_ulong

class pycryptoki.cryptoki.CK_RSA_PKCS_OAEP_PARAMS[source]¶

hashAlg¶: Structure/Union member

mgf¶: Structure/Union member

pSourceData¶: Structure/Union member

source¶: Structure/Union member

ulSourceDataLen¶: Structure/Union member

pycryptoki.cryptoki.CK_RSA_PKCS_OAEP_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_RSA_PKCS_OAEP_PARAMS

pycryptoki.cryptoki.CK_RSA_PKCS_OAEP_SOURCE_TYPE¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR¶: alias of pycryptoki.cryptoki.c_defs.LP_c_ulong

class pycryptoki.cryptoki.CK_RSA_PKCS_PSS_PARAMS[source]¶

hashAlg¶: Structure/Union member

mgf¶: Structure/Union member

usSaltLen¶: Structure/Union member

pycryptoki.cryptoki.CK_RSA_PKCS_PSS_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_RSA_PKCS_PSS_PARAMS

pycryptoki.cryptoki.CK_RV¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CK_ResetTotalOperations¶: alias of ctypes.CFUNCTYPE.<locals>.CFunctionType

pycryptoki.cryptoki.CK_SEED_CTR_PARAMS¶: alias of pycryptoki.cryptoki.ck_defs.CK_AES_CTR_PARAMS

pycryptoki.cryptoki.CK_SEED_CTR_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_AES_CTR_PARAMS

pycryptoki.cryptoki.CK_SESSION_HANDLE¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CK_SESSION_HANDLE_PTR¶: alias of pycryptoki.cryptoki.c_defs.LP_c_ulong

class pycryptoki.cryptoki.CK_SESSION_INFO[source]¶

flags¶: Structure/Union member

slotID¶: Structure/Union member

state¶: Structure/Union member

usDeviceError¶: Structure/Union member

pycryptoki.cryptoki.CK_SESSION_INFO_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_SESSION_INFO

class pycryptoki.cryptoki.CK_SFNT_CA_FUNCTION_LIST[source]¶

CA_ActivateMofN¶: Structure/Union member

CA_AuthorizeKey¶: Structure/Union member

CA_CapabilityUpdate¶: Structure/Union member

CA_CheckOperationState¶: Structure/Union member

CA_ChoosePrimarySlot¶: Structure/Union member

CA_ChooseSecondarySlot¶: Structure/Union member

CA_CloneAllObjectsToSession¶: Structure/Union member

CA_CloneAsSource¶: Structure/Union member

CA_CloneAsTarget¶: Structure/Union member

CA_CloneAsTargetInit¶: Structure/Union member

CA_CloneModifyMofN¶: Structure/Union member

CA_CloneMofN¶: Structure/Union member

CA_CloneObject¶: Structure/Union member

CA_CloneObjectToAllSessions¶: Structure/Union member

CA_ClonePrivateKey¶: Structure/Union member

CA_CloseAllSecondarySessions¶: Structure/Union member

CA_CloseApplicationID¶: Structure/Union member

CA_CloseApplicationIDForContainer¶: Structure/Union member

CA_CloseSecondarySession¶: Structure/Union member

CA_CloseSecureToken¶: Structure/Union member

CA_ConfigureRemotePED¶: Structure/Union member

CA_CreateContainer¶: Structure/Union member

CA_CreateContainerLoginChallenge¶: Structure/Union member

CA_CreateLoginChallenge¶: Structure/Union member

CA_Deactivate¶: Structure/Union member

CA_DeactivateMofN¶: Structure/Union member

CA_DeleteContainer¶: Structure/Union member

CA_DeleteContainerWithHandle¶: Structure/Union member

CA_DeleteRemotePEDVector¶: Structure/Union member

CA_DescribeUtilizationBinId¶: Structure/Union member

CA_DestroyMultipleObjects¶: Structure/Union member

CA_DisableUnauthTokenInsertion¶: Structure/Union member

CA_DismantleRemotePED¶: Structure/Union member

CA_DuplicateMofN¶: Structure/Union member

CA_EnableUnauthTokenInsertion¶: Structure/Union member

CA_EncodeECChar2Params¶: Structure/Union member

CA_EncodeECParamsFromFile¶: Structure/Union member

CA_EncodeECPrimeParams¶: Structure/Union member

CA_Extract¶: Structure/Union member

CA_ExtractMaskedObject¶: Structure/Union member

CA_FactoryReset¶: Structure/Union member

CA_FindAdminSlotForSlot¶: Structure/Union member

CA_FirmwareRollback¶: Structure/Union member

CA_FirmwareUpdate¶: Structure/Union member

CA_GenerateCloneableMofN¶: Structure/Union member

CA_GenerateCloningKEV¶: Structure/Union member

CA_GenerateMofN¶: Structure/Union member

CA_GenerateTokenKeys¶: Structure/Union member

CA_GetCVFirmwareVersion¶: Structure/Union member

CA_GetClusterState¶: Structure/Union member

CA_GetConfigurationElementDescription¶: Structure/Union member

CA_GetContainerCapabilitySet¶: Structure/Union member

CA_GetContainerCapabilitySetting¶: Structure/Union member

CA_GetContainerList¶: Structure/Union member

CA_GetContainerName¶: Structure/Union member

CA_GetContainerPolicySet¶: Structure/Union member

CA_GetContainerPolicySetting¶: Structure/Union member

CA_GetContainerStatus¶: Structure/Union member

CA_GetContainerStorageInformation¶: Structure/Union member

CA_GetExtendedTPV¶: Structure/Union member

CA_GetFPV¶: Structure/Union member

CA_GetFirmwareVersion¶: Structure/Union member

CA_GetFunctionList¶: Structure/Union member

CA_GetHAState¶: Structure/Union member

CA_GetHSMCapabilitySet¶: Structure/Union member

CA_GetHSMCapabilitySetting¶: Structure/Union member

CA_GetHSMPolicySet¶: Structure/Union member

CA_GetHSMPolicySetting¶: Structure/Union member

CA_GetHSMStats¶: Structure/Union member

CA_GetHSMStorageInformation¶: Structure/Union member

CA_GetModuleInfo¶: Structure/Union member

CA_GetModuleList¶: Structure/Union member

CA_GetMofNStatus¶: Structure/Union member

CA_GetNumberOfAllowedContainers¶: Structure/Union member

CA_GetObjectHandle¶: Structure/Union member

CA_GetObjectUID¶: Structure/Union member

CA_GetPedId¶: Structure/Union member

CA_GetPrimarySlot¶: Structure/Union member

CA_GetRemotePEDVectorStatus¶: Structure/Union member

CA_GetRollbackFirmwareVersion¶: Structure/Union member

CA_GetSecondarySlot¶: Structure/Union member

CA_GetSecureElementMeta¶: Structure/Union member

CA_GetServerInstanceBySlotID¶: Structure/Union member

CA_GetSessionInfo¶: Structure/Union member

CA_GetSlotIdForContainer¶: Structure/Union member

CA_GetSlotIdForPhysicalSlot¶: Structure/Union member

CA_GetSlotListFromServerInstance¶: Structure/Union member

CA_GetTPV¶: Structure/Union member

CA_GetTSV¶: Structure/Union member

CA_GetTime¶: Structure/Union member

CA_GetTokenCapabilities¶: Structure/Union member

CA_GetTokenCertificateInfo¶: Structure/Union member

CA_GetTokenCertificates¶: Structure/Union member

CA_GetTokenInsertionCount¶: Structure/Union member

CA_GetTokenObjectHandle¶: Structure/Union member

CA_GetTokenObjectUID¶: Structure/Union member

CA_GetTokenPolicies¶: Structure/Union member

CA_GetTokenStatus¶: Structure/Union member

CA_GetTokenStorageInformation¶: Structure/Union member

CA_GetTunnelSlotNumber¶: Structure/Union member

CA_GetUnauthTokenInsertionStatus¶: Structure/Union member

CA_GetUserContainerName¶: Structure/Union member

CA_GetUserContainerNumber¶: Structure/Union member

CA_HAActivateMofN¶: Structure/Union member

CA_HAAnswerLoginChallenge¶: Structure/Union member

CA_HAAnswerMofNChallenge¶: Structure/Union member

CA_HAGetLoginChallenge¶: Structure/Union member

CA_HAGetMasterPublic¶: Structure/Union member

CA_HAInit¶: Structure/Union member

CA_HALogin¶: Structure/Union member

CA_IndirectLogin¶: Structure/Union member

CA_InitAudit¶: Structure/Union member

CA_InitIndirectPIN¶: Structure/Union member

CA_InitIndirectToken¶: Structure/Union member

CA_InitRolePIN¶: Structure/Union member

CA_InitSlotRolePIN¶: Structure/Union member

CA_InitializeRemotePEDVector¶: Structure/Union member

CA_Insert¶: Structure/Union member

CA_InsertMaskedObject¶: Structure/Union member

CA_InvokeService¶: Structure/Union member

CA_InvokeServiceAsynch¶: Structure/Union member

CA_InvokeServiceFinal¶: Structure/Union member

CA_InvokeServiceInit¶: Structure/Union member

CA_InvokeServiceSinglePart¶: Structure/Union member

CA_IsMofNEnabled¶: Structure/Union member

CA_IsMofNRequired¶: Structure/Union member

CA_LKMInitiatorChallenge¶: Structure/Union member

CA_LKMInitiatorComplete¶: Structure/Union member

CA_LKMReceiverComplete¶: Structure/Union member

CA_LKMReceiverResponse¶: Structure/Union member

CA_ListSecureTokenInit¶: Structure/Union member

CA_ListSecureTokenUpdate¶: Structure/Union member

CA_LoadEncryptedModule¶: Structure/Union member

CA_LoadModule¶: Structure/Union member

CA_LockClusteredSlot¶: Structure/Union member

CA_LogExportSecret¶: Structure/Union member

CA_LogExternal¶: Structure/Union member

CA_LogGetConfig¶: Structure/Union member

CA_LogGetStatus¶: Structure/Union member

CA_LogImportSecret¶: Structure/Union member

CA_LogSetConfig¶: Structure/Union member

CA_LogVerify¶: Structure/Union member

CA_LogVerifyFile¶: Structure/Union member

CA_MTKGetState¶: Structure/Union member

CA_MTKResplit¶: Structure/Union member

CA_MTKRestore¶: Structure/Union member

CA_MTKSetStorage¶: Structure/Union member

CA_MTKZeroize¶: Structure/Union member

CA_ManualKCV¶: Structure/Union member

CA_ModifyMofN¶: Structure/Union member

CA_ModifyUsageCount¶: Structure/Union member

CA_MultisignValue¶: Structure/Union member

CA_OpenApplicationID¶: Structure/Union member

CA_OpenApplicationIDForContainer¶: Structure/Union member

CA_OpenSecureToken¶: Structure/Union member

CA_OpenSession¶: Structure/Union member

CA_OpenSessionWithAppID¶: Structure/Union member

CA_PerformModuleCall¶: Structure/Union member

CA_PerformSelfTest¶: Structure/Union member

CA_QueryLicense¶: Structure/Union member

CA_ReadAllUtilizationCounters¶: Structure/Union member

CA_ReadAndResetUtilizationMetrics¶: Structure/Union member

CA_ReadCommonStore¶: Structure/Union member

CA_ReadUtilizationMetrics¶: Structure/Union member

CA_ReplaceFastPathKEK¶: Structure/Union member

CA_ResetDevice¶: Structure/Union member

CA_ResetPIN¶: Structure/Union member

CA_Restart¶: Structure/Union member

CA_RestartForContainer¶: Structure/Union member

CA_RetrieveLicenseList¶: Structure/Union member

CA_RoleStateGet¶: Structure/Union member

CA_SIMExtract¶: Structure/Union member

CA_SIMInsert¶: Structure/Union member

CA_SIMMultiSign¶: Structure/Union member

CA_STCClearCipherAlgorithm¶: Structure/Union member

CA_STCClearDigestAlgorithm¶: Structure/Union member

CA_STCDeregister¶: Structure/Union member

CA_STCGetAdminPubKey¶: Structure/Union member

CA_STCGetChannelID¶: Structure/Union member

CA_STCGetCipherAlgorithm¶: Structure/Union member

CA_STCGetCipherID¶: Structure/Union member

CA_STCGetCipherIDs¶: Structure/Union member

CA_STCGetCipherNameByID¶: Structure/Union member

CA_STCGetClientInfo¶: Structure/Union member

CA_STCGetClientsList¶: Structure/Union member

CA_STCGetCurrentKeyLife¶: Structure/Union member

CA_STCGetDigestAlgorithm¶: Structure/Union member

CA_STCGetDigestID¶: Structure/Union member

CA_STCGetDigestIDs¶: Structure/Union member

CA_STCGetDigestNameByID¶: Structure/Union member

CA_STCGetKeyActivationTimeOut¶: Structure/Union member

CA_STCGetKeyLifeTime¶: Structure/Union member

CA_STCGetMaxSessions¶: Structure/Union member

CA_STCGetPartPubKey¶: Structure/Union member

CA_STCGetPubKey¶: Structure/Union member

CA_STCGetSequenceWindowSize¶: Structure/Union member

CA_STCGetState¶: Structure/Union member

CA_STCIsEnabled¶: Structure/Union member

CA_STCRegister¶: Structure/Union member

CA_STCSetCipherAlgorithm¶: Structure/Union member

CA_STCSetDigestAlgorithm¶: Structure/Union member

CA_STCSetKeyActivationTimeOut¶: Structure/Union member

CA_STCSetKeyLifeTime¶: Structure/Union member

CA_STCSetMaxSessions¶: Structure/Union member

CA_STCSetSequenceWindowSize¶: Structure/Union member

CA_STMGetState¶: Structure/Union member

CA_STMToggle¶: Structure/Union member

CA_SetApplicationID¶: Structure/Union member

CA_SetAuthorizationData¶: Structure/Union member

CA_SetCloningDomain¶: Structure/Union member

CA_SetContainerPolicies¶: Structure/Union member

CA_SetContainerPolicy¶: Structure/Union member

CA_SetContainerSize¶: Structure/Union member

CA_SetDestructiveHSMPolicies¶: Structure/Union member

CA_SetDestructiveHSMPolicy¶: Structure/Union member

CA_SetExtendedTPV¶: Structure/Union member

CA_SetHSMPolicies¶: Structure/Union member

CA_SetHSMPolicy¶: Structure/Union member

CA_SetKCV¶: Structure/Union member

CA_SetLKCV¶: Structure/Union member

CA_SetMofN¶: Structure/Union member

CA_SetPedId¶: Structure/Union member

CA_SetRDK¶: Structure/Union member

CA_SetTPV¶: Structure/Union member

CA_SetTokenCertificateSignature¶: Structure/Union member

CA_SetTokenPolicies¶: Structure/Union member

CA_SetUserContainerName¶: Structure/Union member

CA_SpRawRead¶: Structure/Union member

CA_SpRawWrite¶: Structure/Union member

CA_SwitchSecondarySlot¶: Structure/Union member

CA_TimeSync¶: Structure/Union member

CA_TokenDelete¶: Structure/Union member

CA_TokenInsert¶: Structure/Union member

CA_TokenInsertNoAuth¶: Structure/Union member

CA_TokenZeroize¶: Structure/Union member

CA_UnloadModule¶: Structure/Union member

CA_UnlockClusteredSlot¶: Structure/Union member

CA_WaitForSlotEvent¶: Structure/Union member

CA_WriteCommonStore¶: Structure/Union member

CA_Zeroize¶: Structure/Union member

version¶: Structure/Union member

pycryptoki.cryptoki.CK_SFNT_CA_FUNCTION_LIST_PTR¶: alias of pycryptoki.cryptoki._ck_func_list.LP_CK_SFNT_CA_FUNCTION_LIST

pycryptoki.cryptoki.CK_SFNT_CA_FUNCTION_LIST_PTR_PTR¶: alias of pycryptoki.cryptoki._ck_func_list.LP_LP_CK_SFNT_CA_FUNCTION_LIST

class pycryptoki.cryptoki.CK_SKIPJACK_PRIVATE_WRAP_PARAMS[source]¶

pBaseG¶: Structure/Union member

pPassword¶: Structure/Union member

pPrimeP¶: Structure/Union member

pPublicData¶: Structure/Union member

pRandomA¶: Structure/Union member

pSubprimeQ¶: Structure/Union member

ulPAndGLen¶: Structure/Union member

ulPublicDataLen¶: Structure/Union member

ulQLen¶: Structure/Union member

ulRandomLen¶: Structure/Union member

usPasswordLen¶: Structure/Union member

pycryptoki.cryptoki.CK_SKIPJACK_PRIVATE_WRAP_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_SKIPJACK_PRIVATE_WRAP_PARAMS

class pycryptoki.cryptoki.CK_SKIPJACK_RELAYX_PARAMS[source]¶

pNewPassword¶: Structure/Union member

pNewPublicData¶: Structure/Union member

pNewRandomA¶: Structure/Union member

pOldPassword¶: Structure/Union member

pOldPublicData¶: Structure/Union member

pOldRandomA¶: Structure/Union member

pOldWrappedX¶: Structure/Union member

ulNewPasswordLen¶: Structure/Union member

ulNewPublicDataLen¶: Structure/Union member

ulNewRandomLen¶: Structure/Union member

ulOldPasswordLen¶: Structure/Union member

ulOldPublicDataLen¶: Structure/Union member

ulOldRandomLen¶: Structure/Union member

ulOldWrappedXLen¶: Structure/Union member

pycryptoki.cryptoki.CK_SKIPJACK_RELAYX_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_SKIPJACK_RELAYX_PARAMS

pycryptoki.cryptoki.CK_SLOT_ID¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CK_SLOT_ID_PTR¶: alias of pycryptoki.cryptoki.c_defs.LP_c_ulong

class pycryptoki.cryptoki.CK_SLOT_INFO[source]¶

firmwareVersion¶: Structure/Union member

flags¶: Structure/Union member

hardwareVersion¶: Structure/Union member

manufacturerID¶: Structure/Union member

slotDescription¶: Structure/Union member

pycryptoki.cryptoki.CK_SLOT_INFO_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_SLOT_INFO

class pycryptoki.cryptoki.CK_SSL3_KEY_MAT_OUT[source]¶

hClientKey¶: Structure/Union member

hClientMacSecret¶: Structure/Union member

hServerKey¶: Structure/Union member

hServerMacSecret¶: Structure/Union member

pIVClient¶: Structure/Union member

pIVServer¶: Structure/Union member

pycryptoki.cryptoki.CK_SSL3_KEY_MAT_OUT_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_SSL3_KEY_MAT_OUT

class pycryptoki.cryptoki.CK_SSL3_KEY_MAT_PARAMS[source]¶

RandomInfo¶: Structure/Union member

bIsExport¶: Structure/Union member

pReturnedKeyMaterial¶: Structure/Union member

ulIVSizeInBits¶: Structure/Union member

ulKeySizeInBits¶: Structure/Union member

ulMacSizeInBits¶: Structure/Union member

pycryptoki.cryptoki.CK_SSL3_KEY_MAT_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_SSL3_KEY_MAT_PARAMS

class pycryptoki.cryptoki.CK_SSL3_MASTER_KEY_DERIVE_PARAMS[source]¶

RandomInfo¶: Structure/Union member

pVersion¶: Structure/Union member

pycryptoki.cryptoki.CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_SSL3_MASTER_KEY_DERIVE_PARAMS

class pycryptoki.cryptoki.CK_SSL3_RANDOM_DATA[source]¶

pClientRandom¶: Structure/Union member

pServerRandom¶: Structure/Union member

ulClientRandomLen¶: Structure/Union member

ulServerRandomLen¶: Structure/Union member

pycryptoki.cryptoki.CK_STATE¶: alias of ctypes.c_ulong

class pycryptoki.cryptoki.CK_TLS_PRF_PARAMS[source]¶

pLabel¶: Structure/Union member

pOutput¶: Structure/Union member

pSeed¶: Structure/Union member

pulOutputLen¶: Structure/Union member

ulLabelLen¶: Structure/Union member

ulSeedLen¶: Structure/Union member

pycryptoki.cryptoki.CK_TLS_PRF_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_TLS_PRF_PARAMS

class pycryptoki.cryptoki.CK_TOKEN_INFO[source]¶

firmwareVersion¶: Structure/Union member

flags¶: Structure/Union member

hardwareVersion¶: Structure/Union member

label¶: Structure/Union member

manufacturerID¶: Structure/Union member

model¶: Structure/Union member

serialNumber¶: Structure/Union member

ulFreePrivateMemory¶: Structure/Union member

ulFreePublicMemory¶: Structure/Union member

ulTotalPrivateMemory¶: Structure/Union member

ulTotalPublicMemory¶: Structure/Union member

usMaxPinLen¶: Structure/Union member

usMaxRwSessionCount¶: Structure/Union member

usMaxSessionCount¶: Structure/Union member

usMinPinLen¶: Structure/Union member

usRwSessionCount¶: Structure/Union member

usSessionCount¶: Structure/Union member

utcTime¶: Structure/Union member

pycryptoki.cryptoki.CK_TOKEN_INFO_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_TOKEN_INFO

pycryptoki.cryptoki.CK_ULONG¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CK_ULONG_PTR¶: alias of pycryptoki.cryptoki.c_defs.LP_c_ulong

pycryptoki.cryptoki.CK_UNLOCKMUTEX¶: alias of ctypes.CFUNCTYPE.<locals>.CFunctionType

pycryptoki.cryptoki.CK_USER_TYPE¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CK_USHORT¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CK_USHORT_PTR¶: alias of pycryptoki.cryptoki.c_defs.LP_c_ulong

pycryptoki.cryptoki.CK_UTF8CHAR¶: alias of ctypes.c_ubyte

pycryptoki.cryptoki.CK_UTF8CHAR_PTR¶: alias of pycryptoki.cryptoki.c_defs.LP_c_ubyte

class pycryptoki.cryptoki.CK_VERSION[source]¶

major¶: Structure/Union member

minor¶: Structure/Union member

pycryptoki.cryptoki.CK_VERSION_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_VERSION

pycryptoki.cryptoki.CK_VOID_PTR¶: alias of ctypes.c_void_p

pycryptoki.cryptoki.CK_VOID_PTR_PTR¶: alias of pycryptoki.cryptoki.c_defs.LP_c_void_p

class pycryptoki.cryptoki.CK_WTLS_KEY_MAT_OUT[source]¶

hKey¶: Structure/Union member

hMacSecret¶: Structure/Union member

pIV¶: Structure/Union member

pycryptoki.cryptoki.CK_WTLS_KEY_MAT_OUT_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_WTLS_KEY_MAT_OUT

class pycryptoki.cryptoki.CK_WTLS_KEY_MAT_PARAMS[source]¶

DigestMechanism¶: Structure/Union member

RandomInfo¶: Structure/Union member

bIsExport¶: Structure/Union member

pReturnedKeyMaterial¶: Structure/Union member

ulIVSizeInBits¶: Structure/Union member

ulKeySizeInBits¶: Structure/Union member

ulMacSizeInBits¶: Structure/Union member

ulSequenceNumber¶: Structure/Union member

pycryptoki.cryptoki.CK_WTLS_KEY_MAT_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_WTLS_KEY_MAT_PARAMS

class pycryptoki.cryptoki.CK_WTLS_MASTER_KEY_DERIVE_PARAMS[source]¶

DigestMechanism¶: Structure/Union member

RandomInfo¶: Structure/Union member

pVersion¶: Structure/Union member

pycryptoki.cryptoki.CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_WTLS_MASTER_KEY_DERIVE_PARAMS

class pycryptoki.cryptoki.CK_WTLS_PRF_PARAMS[source]¶

DigestMechanism¶: Structure/Union member

pLabel¶: Structure/Union member

pOutput¶: Structure/Union member

pSeed¶: Structure/Union member

pulOutputLen¶: Structure/Union member

ulLabelLen¶: Structure/Union member

ulSeedLen¶: Structure/Union member

pycryptoki.cryptoki.CK_WTLS_PRF_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_WTLS_PRF_PARAMS

class pycryptoki.cryptoki.CK_WTLS_RANDOM_DATA[source]¶

pClientRandom¶: Structure/Union member

pServerRandom¶: Structure/Union member

ulClientRandomLen¶: Structure/Union member

ulServerRandomLen¶: Structure/Union member

pycryptoki.cryptoki.CK_WTLS_RANDOM_DATA_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_WTLS_RANDOM_DATA

class pycryptoki.cryptoki.CK_X9_42_DH1_DERIVE_PARAMS[source]¶

kdf¶: Structure/Union member

pOtherInfo¶: Structure/Union member

pPublicData¶: Structure/Union member

ulOtherInfoLen¶: Structure/Union member

ulPublicDataLen¶: Structure/Union member

pycryptoki.cryptoki.CK_X9_42_DH1_DERIVE_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_X9_42_DH1_DERIVE_PARAMS

class pycryptoki.cryptoki.CK_X9_42_DH2_DERIVE_PARAMS[source]¶

hPrivateData¶: Structure/Union member

kdf¶: Structure/Union member

pOtherInfo¶: Structure/Union member

pPublicData¶: Structure/Union member

pPublicData2¶: Structure/Union member

ulOtherInfoLen¶: Structure/Union member

ulPrivateDataLen¶: Structure/Union member

ulPublicDataLen¶: Structure/Union member

ulPublicDataLen2¶: Structure/Union member

pycryptoki.cryptoki.CK_X9_42_DH2_DERIVE_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_X9_42_DH2_DERIVE_PARAMS

pycryptoki.cryptoki.CK_X9_42_DH_KDF_TYPE¶: alias of ctypes.c_ulong

pycryptoki.cryptoki.CK_X9_42_DH_KDF_TYPE_PTR¶: alias of pycryptoki.cryptoki.c_defs.LP_c_ulong

class pycryptoki.cryptoki.CK_X9_42_MQV_DERIVE_PARAMS[source]¶

hPrivateData¶: Structure/Union member

kdf¶: Structure/Union member

pOtherInfo¶: Structure/Union member

pPublicData¶: Structure/Union member

pPublicData2¶: Structure/Union member

publicKey¶: Structure/Union member

ulOtherInfoLen¶: Structure/Union member

ulPrivateDataLen¶: Structure/Union member

ulPublicDataLen¶: Structure/Union member

ulPublicDataLen2¶: Structure/Union member

pycryptoki.cryptoki.CK_X9_42_MQV_DERIVE_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_X9_42_MQV_DERIVE_PARAMS

class pycryptoki.cryptoki.CK_XOR_BASE_DATA_KDF_PARAMS[source]¶

kdf¶: Structure/Union member

pSharedData¶: Structure/Union member

ulSharedDataLen¶: Structure/Union member

pycryptoki.cryptoki.CK_XOR_BASE_DATA_KDF_PARAMS_PTR¶: alias of pycryptoki.cryptoki.ck_defs.LP_CK_XOR_BASE_DATA_KDF_PARAMS

pycryptoki.cryptoki.C_CancelFunction(*args)¶

Cryptoki DLL call to C_CancelFunction.

Parameters:	arg1 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_CloseAllSessions(*args)¶

Cryptoki DLL call to C_CloseAllSessions.

Parameters:	arg1 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_CloseSession(*args)¶

Cryptoki DLL call to C_CloseSession.

Parameters:	arg1 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_CopyObject(*args)¶

Cryptoki DLL call to C_CopyObject.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_CK_ATTRIBUTE arg4 – c_ulong arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_CreateObject(*args)¶

Cryptoki DLL call to C_CreateObject.

Parameters:	arg1 – c_ulong arg2 – LP_CK_ATTRIBUTE arg3 – c_ulong arg4 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_Decrypt(*args)¶

Cryptoki DLL call to C_Decrypt.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_c_ubyte arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_DecryptDigestUpdate(*args)¶

Cryptoki DLL call to C_DecryptDigestUpdate.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_c_ubyte arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_DecryptFinal(*args)¶

Cryptoki DLL call to C_DecryptFinal.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_DecryptInit(*args)¶

Cryptoki DLL call to C_DecryptInit.

Parameters:	arg1 – c_ulong arg2 – LP_CK_MECHANISM arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_DecryptUpdate(*args)¶

Cryptoki DLL call to C_DecryptUpdate.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_c_ubyte arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_DecryptVerifyUpdate(*args)¶

Cryptoki DLL call to C_DecryptVerifyUpdate.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_c_ubyte arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_DeriveKey(*args)¶

Cryptoki DLL call to C_DeriveKey.

Parameters:	arg1 – c_ulong arg2 – LP_CK_MECHANISM arg3 – c_ulong arg4 – LP_CK_ATTRIBUTE arg5 – c_ulong arg6 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_DestroyObject(*args)¶

Cryptoki DLL call to C_DestroyObject.

Parameters:	arg1 – c_ulong arg2 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_Digest(*args)¶

Cryptoki DLL call to C_Digest.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_c_ubyte arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_DigestEncryptUpdate(*args)¶

Cryptoki DLL call to C_DigestEncryptUpdate.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_c_ubyte arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_DigestFinal(*args)¶

Cryptoki DLL call to C_DigestFinal.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_DigestInit(*args)¶

Cryptoki DLL call to C_DigestInit.

Parameters:	arg1 – c_ulong arg2 – LP_CK_MECHANISM
Returns:	c_ulong

pycryptoki.cryptoki.C_DigestKey(*args)¶

Cryptoki DLL call to C_DigestKey.

Parameters:	arg1 – c_ulong arg2 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_DigestUpdate(*args)¶

Cryptoki DLL call to C_DigestUpdate.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_Encrypt(*args)¶

Cryptoki DLL call to C_Encrypt.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_c_ubyte arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_EncryptFinal(*args)¶

Cryptoki DLL call to C_EncryptFinal.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_EncryptInit(*args)¶

Cryptoki DLL call to C_EncryptInit.

Parameters:	arg1 – c_ulong arg2 – LP_CK_MECHANISM arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_EncryptUpdate(*args)¶

Cryptoki DLL call to C_EncryptUpdate.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_c_ubyte arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_Finalize(*args)¶

Cryptoki DLL call to C_Finalize.

Parameters:	arg1 – c_void_p
Returns:	c_ulong

pycryptoki.cryptoki.C_FindObjects(*args)¶

Cryptoki DLL call to C_FindObjects.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong arg3 – c_ulong arg4 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_FindObjectsFinal(*args)¶

Cryptoki DLL call to C_FindObjectsFinal.

Parameters:	arg1 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_FindObjectsInit(*args)¶

Cryptoki DLL call to C_FindObjectsInit.

Parameters:	arg1 – c_ulong arg2 – LP_CK_ATTRIBUTE arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_GenerateKey(*args)¶

Cryptoki DLL call to C_GenerateKey.

Parameters:	arg1 – c_ulong arg2 – LP_CK_MECHANISM arg3 – LP_CK_ATTRIBUTE arg4 – c_ulong arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_GenerateKeyPair(*args)¶

Cryptoki DLL call to C_GenerateKeyPair.

Parameters:	arg1 – c_ulong arg2 – LP_CK_MECHANISM arg3 – LP_CK_ATTRIBUTE arg4 – c_ulong arg5 – LP_CK_ATTRIBUTE arg6 – c_ulong arg7 – LP_c_ulong arg8 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_GenerateRandom(*args)¶

Cryptoki DLL call to C_GenerateRandom.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_GetAttributeValue(*args)¶

Cryptoki DLL call to C_GetAttributeValue.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_CK_ATTRIBUTE arg4 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_GetFunctionList(*args)¶

Cryptoki DLL call to C_GetFunctionList.

Parameters:	arg1 – LP_LP_CK_FUNCTION_LIST
Returns:	c_ulong

pycryptoki.cryptoki.C_GetFunctionStatus(*args)¶

Cryptoki DLL call to C_GetFunctionStatus.

Parameters:	arg1 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_GetInfo(*args)¶

Cryptoki DLL call to C_GetInfo.

Parameters:	arg1 – LP_CK_INFO
Returns:	c_ulong

pycryptoki.cryptoki.C_GetMechanismInfo(*args)¶

Cryptoki DLL call to C_GetMechanismInfo.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_CK_MECHANISM_INFO
Returns:	c_ulong

pycryptoki.cryptoki.C_GetMechanismList(*args)¶

Cryptoki DLL call to C_GetMechanismList.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_GetObjectSize(*args)¶

Cryptoki DLL call to C_GetObjectSize.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_GetOperationState(*args)¶

Cryptoki DLL call to C_GetOperationState.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_GetSessionInfo(*args)¶

Cryptoki DLL call to C_GetSessionInfo.

Parameters:	arg1 – c_ulong arg2 – LP_CK_SESSION_INFO
Returns:	c_ulong

pycryptoki.cryptoki.C_GetSlotInfo(*args)¶

Cryptoki DLL call to C_GetSlotInfo.

Parameters:	arg1 – c_ulong arg2 – LP_CK_SLOT_INFO
Returns:	c_ulong

pycryptoki.cryptoki.C_GetSlotList(*args)¶

Cryptoki DLL call to C_GetSlotList.

Parameters:	arg1 – c_ubyte arg2 – LP_c_ulong arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_GetTokenInfo(*args)¶

Cryptoki DLL call to C_GetTokenInfo.

Parameters:	arg1 – c_ulong arg2 – LP_CK_TOKEN_INFO
Returns:	c_ulong

pycryptoki.cryptoki.C_InitPIN(*args)¶

Cryptoki DLL call to C_InitPIN.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_InitToken(*args)¶

Cryptoki DLL call to C_InitToken.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_c_ubyte
Returns:	c_ulong

pycryptoki.cryptoki.C_Initialize(*args)¶

Cryptoki DLL call to C_Initialize.

Parameters:	arg1 – c_void_p
Returns:	c_ulong

pycryptoki.cryptoki.C_Login(*args)¶

Cryptoki DLL call to C_Login.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_c_ubyte arg4 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_Logout(*args)¶

Cryptoki DLL call to C_Logout.

Parameters:	arg1 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_OpenSession(*args)¶

Cryptoki DLL call to C_OpenSession.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – c_void_p arg4 – CFunctionType arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_SeedRandom(*args)¶

Cryptoki DLL call to C_SeedRandom.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_SetAttributeValue(*args)¶

Cryptoki DLL call to C_SetAttributeValue.

Parameters:	arg1 – c_ulong arg2 – c_ulong arg3 – LP_CK_ATTRIBUTE arg4 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_SetOperationState(*args)¶

Cryptoki DLL call to C_SetOperationState.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – c_ulong arg5 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_SetPIN(*args)¶

Cryptoki DLL call to C_SetPIN.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_c_ubyte arg5 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_Sign(*args)¶

Cryptoki DLL call to C_Sign.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_c_ubyte arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_SignEncryptUpdate(*args)¶

Cryptoki DLL call to C_SignEncryptUpdate.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_c_ubyte arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_SignFinal(*args)¶

Cryptoki DLL call to C_SignFinal.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_SignInit(*args)¶

Cryptoki DLL call to C_SignInit.

Parameters:	arg1 – c_ulong arg2 – LP_CK_MECHANISM arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_SignRecover(*args)¶

Cryptoki DLL call to C_SignRecover.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_c_ubyte arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_SignRecoverInit(*args)¶

Cryptoki DLL call to C_SignRecoverInit.

Parameters:	arg1 – c_ulong arg2 – LP_CK_MECHANISM arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_SignUpdate(*args)¶

Cryptoki DLL call to C_SignUpdate.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_UnwrapKey(*args)¶

Cryptoki DLL call to C_UnwrapKey.

Parameters:	arg1 – c_ulong arg2 – LP_CK_MECHANISM arg3 – c_ulong arg4 – LP_c_ubyte arg5 – c_ulong arg6 – LP_CK_ATTRIBUTE arg7 – c_ulong arg8 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_Verify(*args)¶

Cryptoki DLL call to C_Verify.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_c_ubyte arg5 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_VerifyFinal(*args)¶

Cryptoki DLL call to C_VerifyFinal.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_VerifyInit(*args)¶

Cryptoki DLL call to C_VerifyInit.

Parameters:	arg1 – c_ulong arg2 – LP_CK_MECHANISM arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_VerifyRecover(*args)¶

Cryptoki DLL call to C_VerifyRecover.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong arg4 – LP_c_ubyte arg5 – LP_c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_VerifyRecoverInit(*args)¶

Cryptoki DLL call to C_VerifyRecoverInit.

Parameters:	arg1 – c_ulong arg2 – LP_CK_MECHANISM arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_VerifyUpdate(*args)¶

Cryptoki DLL call to C_VerifyUpdate.

Parameters:	arg1 – c_ulong arg2 – LP_c_ubyte arg3 – c_ulong
Returns:	c_ulong

pycryptoki.cryptoki.C_WaitForSlotEvent(*args)¶

Cryptoki DLL call to C_WaitForSlotEvent.

Parameters:	arg1 – c_ulong arg2 – LP_c_ulong arg3 – c_void_p
Returns:	c_ulong

pycryptoki.cryptoki.C_WrapKey(*args)¶

Cryptoki DLL call to C_WrapKey.

Parameters:	arg1 – c_ulong arg2 – LP_CK_MECHANISM arg3 – c_ulong arg4 – c_ulong arg5 – LP_c_ubyte arg6 – LP_c_ulong
Returns:	c_ulong

class pycryptoki.cryptoki.HSM_STATS_PARAMS[source]¶

ulHighValue¶: Structure/Union member

ulId¶: Structure/Union member

ulLowValue¶: Structure/Union member

Pycryptoki Daemon Package¶

Start pycryptoki.daemon.rpyc_pycryptoki.py on your remote client, then connect to it using RemotePycryptokiClient. You can then use the RemotePycryptokiClient as if it were local:

pycryptoki = RemotePycryptokiClient('10.2.96.130', port=8001)
pycryptoki.c_initialize_ex()  # Executed on the daemon!
session = pycryptoki.c_open_session_ex(0)
#etc

daemon.rpyc_pycryptoki¶

RPYC-based daemon that allows for remote execution of pycryptoki commands.

Start via ./rpyc_pycryptoki.py -i <ip> -p <port> or python rpyc_pycryptoki.py -i <ip> -p <port>

All methods starting are useable via rpyc_conn.root.<method>

All methods ending with _ex will automatically check the return code from cryptoki & raise an exception if it is not CKR_OK. It will NOT give you the return code, instead just returning the second part of the regular return tuple:

c_open_session()     # Returns: (ret_code, session_handle)
c_open_session_ex()  # Returns: session_handle, raises exception if ret_code != CKR_OK

class pycryptoki.daemon.rpyc_pycryptoki.PycryptokiService[source]¶

Bases: rpyc.core.service.SlaveService

This is the core service to expose over RPYC.

If you’re working with pointers, you’ll need to create the pointer in a function here rather than passing in a pointer from the client (pointers getting pickled makes no sense).

static c_close_all_sessions(slot)¶

Closes all the sessions on a given slot

Parameters:	slot – The slot to close all sessions on
Returns:	retcode
Return type:	int

static c_close_all_sessions_ex(slot)¶

Executes c_close_all_sessions(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_close_session(h_session)¶

Closes a session

Parameters:	h_session (int) – Session handle
Returns:	retcode
Return type:	int

static c_close_session_ex(h_session)¶

Executes c_close_session(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_copy_object(h_session, h_object, template=None)¶

Method to call the C_CopyObject cryptoki command.

Parameters:	h_session (int) – Session handle h_object (int) – Handle to the object to be cloned template (dict) – Template for the new object. Defaults to None
Returns:	(retcode, Handle to the new cloned object)
Return type:	tuple

static c_copy_object_ex(h_session, h_object, template=None)¶

Executes c_copy_object(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_create_object(h_session, template)¶

Creates an object based on a given python template

Parameters:	h_session (int) – Session handle template (dict) – The python template which the object will be based on
Returns:	(retcode, the handle of the object)
Return type:	tuple

static c_create_object_ex(h_session, template)¶

Executes c_create_object(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_decrypt(h_session, h_key, encrypted_data, mechanism, output_buffer=None)¶

Decrypt given data with the given key and mechanism.

Note

If data is a list or tuple of strings, multi-part decryption will be used.

Parameters:	h_session (int) – The session to use h_key (int) – The handle of the key to use to decrypt encrypted_data (bytes) – Data to be decrypted Note Data will be converted to hexadecimal by calling: to_hex(from_bytestring(data)) If you need to pass in raw hex data, call: to_bytestring(from_hex(hex-data)) References: `to_hex()` `from_hex()` `to_bytestring()` `from_bytestring()` mechanism – See the `parse_mechanism()` function for possible values. output_buffer (list\|int) – Integer or list of integers that specify a size of output buffer to use for an operation. By default will query with NULL pointer buffer to get required size of buffer.
Returns:	(Retcode, Python bytestring of decrypted data))
Return type:	tuple

static c_decrypt_ex(h_session, h_key, encrypted_data, mechanism, output_buffer=None)¶

Executes c_decrypt(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_derive_key(h_session, h_base_key, template, mechanism=None)¶

Derives a key from another key.

Parameters:	h_session (int) – Session handle h_base_key (int) – The base key template (dict) – A python template of attributes to set on derived key mechanism – See the `parse_mechanism()` function for possible values.
Returns:	The result code, The derived key’s handle

static c_derive_key_ex(h_session, h_base_key, template, mechanism=None)¶

Executes c_derive_key(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_destroy_object(h_session, h_object_value)¶

Deletes the object corresponsing to the passed in object handle

Parameters:	h_session (int) – Session handle h_object_value (int) – The handle of the object to delete
Returns:	Return code

static c_destroy_object_ex(h_session, h_object_value)¶

Executes c_destroy_object(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_digest(h_session, data_to_digest, digest_flavor, mechanism=None, output_buffer=None)¶

Digests some data

Parameters:	h_session (int) – Session handle data_to_digest (bytes) – The data to digest, either a string or a list of strings. If this is a list a multipart operation will be used digest_flavor (int) – The flavour of the mechanism to digest (MD2, SHA-1, HAS-160, SHA224, SHA256, SHA384, SHA512) mechanism – See the `parse_mechanism()` function for possible values. If None will use digest flavor. output_buffer (list\|int) – Integer or list of integers that specify a size of output buffer to use for an operation. By default will query with NULL pointer buffer to get required size of buffer.
Returns:	(retcode, a python string of the digested data)
Return type:	tuple

static c_digest_ex(h_session, data_to_digest, digest_flavor, mechanism=None, output_buffer=None)¶

Executes c_digest(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_digest_key(h_session, h_key, digest_flavor, mechanism=None)¶

Digest a key

Parameters:	h_session (int) – Session handle h_key (int) – Key to digest digest_flavor (int) – Digest flavor mechanism – See the `parse_mechanism()` function for possible values. If None will use digest flavor.

static c_digest_key_ex(h_session, h_key, digest_flavor, mechanism=None)¶

Executes c_digestkey(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_encrypt(h_session, h_key, data, mechanism, output_buffer=None)¶

Encrypts data with a given key and encryption flavor encryption flavors

Note

If data is a list or tuple of strings, multi-part encryption will be used.

Parameters:	h_session (int) – Current session h_key (int) – The key handle to encrypt the data with data – The data to encrypt, either a bytestring or a list of bytestrings. If this is a list a multipart operation will be used Note This will be converted to hexadecimal by calling: to_hex(from_bytestring(data)) If you need to pass in raw hex data, call: to_bytestring(from_hex(hex-data)) References: `to_hex()` `from_hex()` `to_bytestring()` `from_bytestring()` mechanism – See the `parse_mechanism()` function for possible values. output_buffer (list\|int) – Integer or list of integers that specify a size of output buffer to use for an operation. By default will query with NULL pointer buffer to get required size of buffer.
Returns:	(Retcode, Python bytestring of encrypted data)
Return type:	tuple

static c_encrypt_ex(h_session, h_key, data, mechanism, output_buffer=None)¶

Executes c_encrypt(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_finalize()¶

Finalizes PKCS11 library.

Returns:	Cryptoki return code

static c_finalize_ex()¶

Executes c_finalize(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_find_objects(h_session, template, num_entries)¶

Calls c_find_objects and c_find_objects_init to get a python dictionary of the objects found.

Parameters:	h_session (int) – Session handle template – A python dictionary of the object template to look for num_entries – The max number of entries to return
Returns:	Returns a list of handles of objects found

static c_find_objects_ex(h_session, template, num_entries)¶

Executes c_find_objects(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_generate_key(h_session, mechanism=None, template=None)¶

Generates a symmetric key of a given flavor given the correct template.

Parameters:	h_session (int) – Session handle template (dict) – The template to use to generate the key mechanism – See the `parse_mechanism()` function for possible values.
Returns:	(retcode, generated key handle)
Rtype tuple:

static c_generate_key_ex(h_session, mechanism=None, template=None)¶

Executes c_generate_key(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_generate_key_pair(h_session, mechanism=None, pbkey_template=None, prkey_template=None)¶

Generates a private and public key pair for a given flavor, and given public and private key templates. The return value will be the handle for the key.

Parameters:	h_session (int) – Session handle pbkey_template (dict) – The public key template to use for key generation prkey_template (dict) – The private key template to use for key generation mechanism – See the `parse_mechanism()` function for possible values.
Returns:	(retcode, public key handle, private key handle)
Return type:	tuple

static c_generate_key_pair_ex(h_session, mechanism=None, pbkey_template=None, prkey_template=None)¶

Executes c_generate_key_pair(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_generate_random(h_session, length)¶

Generates a sequence of random numbers

Parameters:	h_session (int) – Session handle length (int) – The length in bytes of the random number sequence
Returns:	(retcode, A string of random data)
Return type:	tuple

static c_generate_random_ex(h_session, length)¶

Executes c_generate_random(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_get_attribute_value(h_session, h_object, template)¶

Calls C_GetAttrributeValue to get an attribute value based on a python template

Parameters:	h_session (int) – Session handle h_object – The handle of the object to get attributes for template – A python dictionary representing the template of the attributes to be retrieved
Returns:	A python dictionary representing the attributes returned from the HSM/library

static c_get_attribute_value_ex(h_session, h_object, template)¶

Executes c_get_attribute_value(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_get_info()¶

Get general information about the Cryptoki Library

Returns a dictionary containing the following keys:

cryptokiVersion and libraryVersion are CK_VERSION structs, and the major/minor values can be accessed directly (info['cryptokiVersion'].major == 2)

Returns:	(retcode, info dictionary)

static c_get_info_ex()¶

Executes c_get_info(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_get_mechanism_info(slot, mechanism_type)¶

Gets a mechanism’s info

Parameters:	slot – The slot to query mechanism_type – The type of the mechanism to get the information for
Returns:	The result code, The mechanism info

static c_get_mechanism_info_ex(slot, mechanism_type)¶

Executes c_get_mechanism_info(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_get_mechanism_list(slot)¶

Gets the list of mechanisms from the HSM

Parameters:	slot – The slot number to get the mechanism list on
Returns:	The result code, A python dictionary representing the mechanism list

static c_get_mechanism_list_ex(slot)¶

Executes c_get_mechanism_list(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_get_ped_id(slot)¶

Get the PED ID for the given slot.

Parameters:	slot – slot number
Returns:	The result code and ID

static c_get_ped_id_ex(slot)¶

Executes c_get_ped_id(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_get_session_info(session)¶

Get information about the given session.

Parameters:	session (int) – session handle
Returns:	(retcode, dictionary of session information)
Return type:	tuple

static c_get_session_info_ex(session)¶

Executes c_get_session_info(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_get_slot_info(slot)¶

Get information about the given slot number.

Parameters:	slot (int) – Target slot
Returns:	Dictionary of slot information

static c_get_slot_info_ex(slot)¶

Executes c_get_slot_info(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_get_slot_list(token_present=True)¶

Get a list of all slots.

Parameters:	token_present (bool) – If true, will only return slots that have a token present.
Returns:	List of slots

static c_get_slot_list_ex(token_present=True)¶

Executes c_get_slot_list(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_get_token_info(slot_id, rstrip=True)¶

Gets the token info for a given slot id

Parameters:	slot_id (int) – Token slot ID rstrip (bool) – If true, will strip trailing whitespace from char data.
Returns:	(retcode, A python dictionary representing the token info)
Return type:	tuple

static c_get_token_info_ex(slot_id, rstrip=True)¶

Executes c_get_token_info(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_init_pin(h_session, pin)¶

Initializes the PIN

Parameters:	h_session (int) – Session handle pin – pin to c_initialize
Returns:	THe result code

static c_init_pin_ex(h_session, pin)¶

Executes c_init_pin(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_init_token(slot_num, password, token_label='Main Token')¶

Initializes at token at a given slot with the proper password and label

Parameters:	slot_num – The index of the slot to c_initialize a token in password – The password to c_initialize the slot with token_label – The label to c_initialize the slot with (Default value = ‘Main Token’)
Returns:	The result code

static c_init_token_ex(slot_num, password, token_label='Main Token')¶

Executes c_init_token(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_initialize(flags=None, init_struct=None)¶

Initializes current process for use with PKCS11.

Some sample flags:

See the PKCS11 documentation for more details.

Parameters:	flags (int) – Flags to be set within InitArgs Struct. (Default = None) init_struct – InitArgs structure (Default = None)
Returns:	Cryptoki return code.

static c_initialize_ex(flags=None, init_struct=None)¶

Executes c_initialize(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_logout(h_session)¶

Logs out of a given session

Parameters:	h_session (int) – Session handle
Returns:	retcode
Return type:	int

static c_logout_ex(h_session)¶

Executes c_logout(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_open_session(slot_num, flags=6)¶

Opens a session on the given slot

Parameters:	slot_num (int) – The slot to get a session on flags (int) – The flags to open the session with (Default value = (CKF_SERIAL_SESSION \| CKF_RW_SESSION)
Returns:	(retcode, session handle)
Return type:	tuple

static c_open_session_ex(slot_num, flags=6)¶

Executes c_open_session(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_performselftest(slot, test_type, input_data, input_data_len)¶

Test: Performs a self test for specified test type on a given slot.

Parameters:

slot – slot number
test_type – type of test CK_ULONG
input_data – pointer to input data CK_BYTE_PTR
input_data_len – input data length CK_ULONG

Returns:

the result code

[CK_SLOT_ID, CK_ULONG, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]

static c_performselftest_ex(slot, test_type, input_data, input_data_len)¶

Executes c_performselftest(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_seed_random(h_session, seed)¶

Seeds the random number generator

Parameters:	h_session (int) – Session handle seed (bytes) – A python string of some seed
Returns:	retcode
Return type:	int

static c_seed_random_ex(h_session, seed)¶

Executes c_seed_random(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_set_attribute_value(h_session, h_object, template)¶

Calls C_SetAttributeValue to set an attribute value based on a python template

Parameters:	h_session (int) – Session handle h_object – The handle of the object to get attributes for template – A python dictionary representing the template of the attributes to be written
Returns:	A python dictionary representing the attributes returned from the HSM/library

static c_set_attribute_value_ex(h_session, h_object, template)¶

Executes c_set_attribute_value(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_set_ped_id(slot, id)¶

Set the PED ID for the given slot.

Parameters:	slot – slot number id – PED ID to use
Returns:	The result code

static c_set_ped_id_ex(slot, id)¶

Executes c_set_ped_id(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_set_pin(h_session, old_pass, new_pass)¶

Allows a user to change their PIN

Parameters:	h_session (int) – Session handle old_pass – The user’s old password new_pass – The user’s desired new password
Returns:	The result code

static c_set_pin_ex(h_session, old_pass, new_pass)¶

Executes c_set_pin(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_sign(h_session, h_key, data_to_sign, mechanism, output_buffer=None)¶

Signs the given data with given key and mechanism.

Note

If data is a list or tuple of strings, multi-part operations will be used.

Parameters:	h_session (int) – Session handle data_to_sign – The data to sign, either a string or a list of strings. If this is a list a multipart operation will be used (using C_…Update and C_…Final) ex: ”This is a proper argument of some data to use in the function” [“This is another format of data this”, “function will accept.”, “It will operate on these strings in parts”] h_key (int) – The signing key mechanism – See the `parse_mechanism()` function for possible values. output_buffer (list\|int) – Integer or list of integers that specify a size of output buffer to use for an operation. By default will query with NULL pointer buffer to get required size of buffer.
Returns:	(retcode, python string of signed data)
Return type:	tuple

static c_sign_ex(h_session, h_key, data_to_sign, mechanism, output_buffer=None)¶

Executes c_sign(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_unwrap_key(h_session, h_unwrapping_key, wrapped_key, key_template, mechanism)¶

Unwrap a key from an encrypted data blob.

Parameters:	h_session (int) – The session to use h_unwrapping_key (int) – The wrapping key handle wrapped_key (bytes) – The wrapped key Note Data will be converted to hexadecimal by calling: to_hex(from_bytestring(data)) If you need to pass in raw hex data, call: to_bytestring(from_hex(hex-data)) References: `to_hex()` `from_hex()` `to_bytestring()` `from_bytestring()` key_template (dict) – The python template representing the new key’s template mechanism – See the `parse_mechanism()` function for possible values.
Returns:	(Retcode, unwrapped key handle)
Return type:	tuple

static c_unwrap_key_ex(h_session, h_unwrapping_key, wrapped_key, key_template, mechanism)¶

Executes c_unwrap_key(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_verify(h_session, h_key, data_to_verify, signature, mechanism)¶

Verifies data with the given signature, key and mechanism.

Note

If data is a list or tuple of strings, multi-part operations will be used.

Parameters:

h_session (int) – Session handle
data_to_verify –
The data to sign, either a string or a list of strings. If this is a list a multipart operation will be used (using C_…Update and C_…Final)

ex:
- ”This is a proper argument of some data to use in the function”
- [“This is another format of data this”, “function will accept.”, “It will operate on these strings in parts”]
signature (bytes) – Signature with which to verify the data.
h_key (int) – The verifying key
mechanism – See the parse_mechanism() function for possible values.

Returns:

retcode of verify operation

static c_verify_ex(h_session, h_key, data_to_verify, signature, mechanism)¶

Executes c_verify(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_wrap_key(h_session, h_wrapping_key, h_key, mechanism, output_buffer=None)¶

Wrap a key off the HSM into an encrypted data blob.

Parameters:	h_session (int) – The session to use h_wrapping_key (int) – The handle of the key to use to wrap another key h_key (int) – The key to wrap based on the encryption flavor mechanism – See the `parse_mechanism()` function for possible values.
Returns:	(Retcode, python bytestring representing wrapped key)
Return type:	tuple

static c_wrap_key_ex(h_session, h_wrapping_key, h_key, mechanism, output_buffer=None)¶

Executes c_wrap_key(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_assign_key(h_session, h_object)¶

Crypto Officer assigns a key

Parameters:	h_session – session handle object – key handle to assign
Returns:	Ret code

static ca_assign_key_ex(h_session, h_object)¶

Executes ca_assign_key(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_authorize_key(h_session, h_object, auth_data)¶

User authorizes key within session or access for use

Parameters:	h_session – session handle object – key handle to authorize auth_data – authorization byte list, e.g. [11, 12, 13, ..]
Returns:	Ret code

static ca_authorize_key_ex(h_session, h_object, auth_data)¶

Executes ca_authorize_key(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_clonemofn(h_session)¶

Clones MofN secret from one token to another.

Parameters:	h_session (int) – Session handle
Returns:	the result code

static ca_clonemofn_ex(h_session)¶

Executes ca_clonemofn(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_close_application_id_v2(slot, appid)¶

Close the AccessID associated with the given slot.

Parameters:	slot – Slot #. appid – bytestring of length 16.
Returns:	Retcode.

static ca_close_application_id_v2_ex(slot, appid)¶

Executes ca_close_application_id_v2(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_close_secure_token(h_session, h_ID)¶

Parameters:	h_session (int) – Session handle h_ID –

static ca_close_secure_token_ex(h_session, h_ID)¶

Executes ca_close_secure_token(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_closeapplicationID(slot, id_high, id_low)¶

Close a given AppID on a slot.

Parameters:	slot (int) – Slot on which to close the APP ID id_high (int) – High value of App ID id_low (int) – Low value of App ID
Returns:	retcode
Return type:	int

static ca_closeapplicationID_ex(slot, id_high, id_low)¶

Executes ca_closeapplicationID(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_create_container(h_session, storage_size, password=None, label='Inserted Token')¶

Inserts a token into a slot without a Security Officer on the token

Parameters:	h_session (int) – Session handle storage_size – The storage size of the token (0 for undefined/unlimited) password – The password associated with the token (Default value = ‘userpin’) label – The label associated with the token (Default value = ‘Inserted Token’)
Returns:	The result code, The container number

static ca_create_container_ex(h_session, storage_size, password=None, label='Inserted Token')¶

Executes ca_create_container(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_createloginchallenge(h_session, user_type, challenge)¶

Creates a login challenge for the given user.

Parameters:	h_session (int) – Session handle user_type – user type challenge – challenge
Returns:	the result code

static ca_createloginchallenge_ex(h_session, user_type, challenge)¶

Executes ca_createloginchallenge(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_delete_container_with_handle(h_session, h_container)¶

Delete a container by handle

Parameters:	h_session (int) – Session handle h_container – target container handle
Returns:	result code

static ca_delete_container_with_handle_ex(h_session, h_container)¶

Executes ca_delete_container_with_handle(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_deleteremotepedvector(h_session)¶

Deletes a remote PED vector

Parameters:	h_session (int) – Session handle
Returns:	the result code

static ca_deleteremotepedvector_ex(h_session)¶

Executes ca_deleteremotepedvector(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_derive_key_and_wrap(h_session, derive_mechanism, h_base_key, derive_template, wrapping_key, wrap_mechanism, output_buffer=2048)¶

Derive a key from the base key and wrap it off the HSM using the wrapping key

Parameters:	h_session (int) – The session to use h_base_key (int) – The base key derive_template (dict) – A python template of attributes to set on derived key derive_mechanism – See the `parse_mechanism()` function for possible values. wrapping_key (int) – The wrapping key based on the encryption flavor wrap_mechanism – See the `parse_mechanism()` function for possible values. output_buffer – The size of the wrapped key, defaulted to a cert size
Returns:	(Retcode, python bytestring representing wrapped key)
Return type:	tuple

static ca_derive_key_and_wrap_ex(h_session, derive_mechanism, h_base_key, derive_template, wrapping_key, wrap_mechanism, output_buffer=2048)¶

Executes ca_derive_key_and_wrap(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_destroy_multiple_objects(h_session, objects)¶

Delete multiple objects corresponding to given object handles

Parameters:	h_session (int) – Session handle objects (list) – The handles of the objects to delete
Returns:	Return code

static ca_destroy_multiple_objects_ex(h_session, objects)¶

Executes ca_destroy_multiple_objects(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_duplicatemofn(h_session)¶

Duplicates a set of M of N vectors.

Parameters:	h_session (int) – Session handle
Returns:	the result code

static ca_duplicatemofn_ex(h_session)¶

Executes ca_duplicatemofn(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_extract(h_session, mechanism)¶

Parameters:	h_session (int) – Session handle mechanism – See the `parse_mechanism()` function for possible values.

static ca_extract_ex(h_session, mechanism)¶

Executes ca_extract(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_factory_reset(slot)¶

Does a factory reset on a given slot

Parameters:	slot – The slot to do a factory reset on
Returns:	The result code

static ca_factory_reset_ex(slot)¶

Executes ca_factory_reset(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_generatemofn(h_session, m_value, vector_value, vector_count, is_secure_port_used)¶

Generates MofN secret information on a token.

Parameters:	h_session (int) – Session handle m_value – m vector_count – number of vectors is_secure_port_used – is secure port used vector_value –
Returns:	the result code

static ca_generatemofn_ex(h_session, m_value, vector_value, vector_count, is_secure_port_used)¶

Executes ca_generatemofn(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_application_id()¶

Get the current process’s AccessID.

Returns:	retcode, bytestring tuple.

static ca_get_application_id_ex()¶

Executes ca_get_application_id(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_container_capability_set(slot, h_container)¶

Get the container capabilities of the given slot.

Parameters:	slot (int) – target slot number h_container (int) – target container handle
Returns:	result code, {id: val} dict of capabilities (None if command failed)

static ca_get_container_capability_set_ex(slot, h_container)¶

Executes ca_get_container_capability_set(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_container_capability_setting(slot, h_container, capability_id)¶

Get the value of a container’s single capability

Parameters:	slot – slot ID of slot to query h_container – target container handle capability_id – capability ID
Returns:	result code, CK_ULONG representing capability active or not

static ca_get_container_capability_setting_ex(slot, h_container, capability_id)¶

Executes ca_get_container_capability_setting(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_container_list(slot, group_handle=0, container_type=0)¶

Get list of containers.

Parameters:	slot – slot ID of the slot to query group_handle – group ID container_type – type of container
Returns:	result code, list of container handles

static ca_get_container_list_ex(slot, group_handle=0, container_type=0)¶

Executes ca_get_container_list(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_container_name(slot, h_container)¶

Get a container’s name

Parameters:	slot – target slot h_container – target container handle
Returns:	result code, container name string

static ca_get_container_name_ex(slot, h_container)¶

Executes ca_get_container_name(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_container_policy_set(slot, h_container)¶

Get the policies of the given slot and container.

Parameters:	slot (int) – target slot number h_container (int) – target container handle
Returns:	result code, {id: val} dict of policies (None if command failed)

static ca_get_container_policy_set_ex(slot, h_container)¶

Executes ca_get_container_policy_set(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_container_policy_setting(slot, h_container, policy_id)¶

Get the value of a container’s single policy

Parameters:	slot – slot ID of slot to query h_container – target container handle policy_id – policy ID
Returns:	result code, CK_ULONG representing policy active or not

static ca_get_container_policy_setting_ex(slot, h_container, policy_id)¶

Executes ca_get_container_policy_setting(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_container_status(slot, h_container)¶

Get a container’s Status

Parameters:	slot – target slot h_container – target container handle
Returns:	result code, dict of flags, dict of failed logins

static ca_get_container_status_ex(slot, h_container)¶

Executes ca_get_container_status(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_container_storage_information(slot, h_container)¶

Get a container’s storage information

Parameters:	slot – target slot h_container – target container handle
Returns:	result code, dict of storage values

static ca_get_container_storage_information_ex(slot, h_container)¶

Executes ca_get_container_storage_information(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_cv_firmware_version(slot_id)¶

Cryptovisor specific ca extension function to get cv fw version

Parameters:	slot_id – slot id
Returns:	tuple of return code and cv fw version

static ca_get_cv_firmware_version_ex(slot_id)¶

Executes ca_get_cv_firmware_version(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_hsm_capability_set(slot)¶

Get the capabilities of the given slot.

Parameters:	slot (int) – Target slot number
Returns:	retcode, {id: val} dict of capabilities (None if command failed)

static ca_get_hsm_capability_set_ex(slot)¶

Executes ca_get_hsm_capability_set(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_hsm_capability_setting(slot, capability_id)¶

Get the value of a single capability

Parameters:	slot – slot ID of slot to query capability_id – capability ID
Returns:	result code, CK_ULONG representing capability active or not

static ca_get_hsm_capability_setting_ex(slot, capability_id)¶

Executes ca_get_hsm_capability_setting(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_hsm_policy_set(slot)¶

Get the policies of the given slot.

Parameters:	slot (int) – Target slot number
Returns:	retcode, {id: val} dict of policies (None if command failed)

static ca_get_hsm_policy_set_ex(slot)¶

Executes ca_get_hsm_policy_set(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_hsm_policy_setting(slot, policy_id)¶

Get the value of a single policy

Parameters:	slot – slot ID of slot to query policy_id – policy ID
Returns:	result code, CK_ULONG representing policy active or not

static ca_get_hsm_policy_setting_ex(slot, policy_id)¶

Executes ca_get_hsm_policy_setting(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_object_handle(slot, session, objectouid)¶

Calls CA_GetObjectHandle to get the object handle from OUID

Parameters:	slot – partition slot number session – session id that was opened to run the function objectouid – OUID, a string of the hex value that maps to object handle
Returns:	a tuple containing the return code and the object handle mapping the given OUID

static ca_get_object_handle_ex(slot, session, objectouid)¶

Executes ca_get_object_handle(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_session_info(session)¶

ca extension function that returns session information

Parameters:	session – session handle
Returns:	tuple of return code and session info dict

static ca_get_session_info_ex(session)¶

Executes ca_get_session_info(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_time(h_session)¶

Parameters:	h_session (int) – Session handle

static ca_get_time_ex(h_session)¶

Executes ca_get_time(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_token_policies(slot)¶

Get the policies of the given slot.

Parameters:	slot (int) – Target slot number
Returns:	retcode, {id: val} dict of policies (None if command failed)

static ca_get_token_policies_ex(slot)¶

Executes ca_get_token_policies(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_hainit(h_session, h_key)¶

Creates a login key pair on the primary token.

Parameters:	h_session (int) – Session handle h_key – the login private key
Returns:	the result code

static ca_hainit_ex(h_session, h_key)¶

Executes ca_hainit(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_increment_failed_auth_count(h_session, h_object)¶: This function is called by HA group when auth failure happens on a key to sync up status. Here its defined mostly for testing purposes :param h_session: session handle :param object: key handle to update :return: Ret code

static ca_increment_failed_auth_count_ex(h_session, h_object)¶

Executes ca_increment_failed_auth_count(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_init_audit(slot, audit_pin, audit_label)¶

Parameters:	slot – audit_pin – audit_label –

static ca_init_audit_ex(slot, audit_pin, audit_label)¶

Executes ca_init_audit(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_initializeremotepedvector(h_session)¶

Initializes a remote PED vector

Parameters:	h_session (int) – Session handle
Returns:	the result code

static ca_initializeremotepedvector_ex(h_session)¶

Executes ca_initializeremotepedvector(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_insert(h_session, mechanism)¶

Parameters:	h_session (int) – Session handle mechanism – See the `parse_mechanism()` function for possible values.

static ca_insert_ex(h_session, mechanism)¶

Executes ca_insert(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_modifyusagecount(h_session, h_object, command_type, value)¶

Modifies CKA_USAGE_COUNT attribute of the object.

Parameters:	h_session (int) – Session handle h_object – object command_type – command type value – value
Returns:	the result code

static ca_modifyusagecount_ex(h_session, h_object, command_type, value)¶

Executes ca_modifyusagecount(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_mtkresplit(slot)¶

Resplit the MTK

Parameters:	slot – slot number
Returns:	the result code

static ca_mtkresplit_ex(slot)¶

Executes ca_mtkresplit(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_mtkrestore(slot)¶

Restore the MTK

Parameters:	slot – slot number
Returns:	the result code

static ca_mtkrestore_ex(slot)¶

Executes ca_mtkrestore(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_mtkzeroize(slot)¶

Zeroize the MTK

Parameters:	slot – slot number
Returns:	the result code

static ca_mtkzeroize_ex(slot)¶

Executes ca_mtkzeroize(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_open_application_id_v2(slot, appid)¶

Open the given AccessID for the target slot.

Parameters:	slot – Slot #. appid – bytestring of length 16.
Returns:	Retcode.

static ca_open_application_id_v2_ex(slot, appid)¶

Executes ca_open_application_id_v2(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_open_secure_token(h_session, storage_path, dev_ID, mode)¶

Parameters:	h_session (int) – Session handle storage_path – dev_ID – mode –

static ca_open_secure_token_ex(h_session, storage_path, dev_ID, mode)¶

Executes ca_open_secure_token(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_openapplicationID(slot, id_high, id_low)¶

Open an application ID on the given slot.

Parameters:	slot (int) – Slot on which to open the APP ID id_high (int) – High value of App ID id_low (int) – Low value of App ID
Returns:	retcode
Return type:	int

static ca_openapplicationID_ex(slot, id_high, id_low)¶

Executes ca_openapplicationID(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_read_all_utilization_counters(h_session)¶

Read Metrics from previously saved HSM snapshot Call either functions prior to create snapshot: ca_read_utilization_metrics ca_read_and_reset_utilization_metrics

Returns:	a dictionary, where keys are serial numbers

and values are dictionaries of bins and values, example: ‘SIGN’:0

static ca_read_all_utilization_counters_ex(h_session)¶

Executes ca_read_all_utilization_counters(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_read_and_reset_utilization_metrics(session)¶

HSM reads current utilization data and saves as a snapshot; HSM resets metrics to zeroes

Parameters:	session – session id that was opened to run the function
Returns:	a dictionary with partition serial numbers as keys, value - dictionary of utilization metrics

static ca_read_and_reset_utilization_metrics_ex(session)¶

Executes ca_read_and_reset_utilization_metrics(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_read_utilization_metrics(session)¶

HSM reads utilization data and saves as a snapshot

Parameters:	session – session id that was opened to run the function
Returns:	Ret code

static ca_read_utilization_metrics_ex(session)¶

Executes ca_read_utilization_metrics(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_reset_authorization_data(h_session, h_object, auth_data)¶

CO resets auth data on unassigned key

Parameters:	h_session – session handle object – key handle to update auth_data – byte list, e.g. [11, 12, 13, ..]
Returns:	Ret code

static ca_reset_authorization_data_ex(h_session, h_object, auth_data)¶

Executes ca_reset_authorization_data(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_restart(slot)¶

Parameters:	slot –

static ca_restart_ex(slot)¶

Executes ca_restart(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_set_authorization_data(h_session, h_object, old_auth_data, new_auth_data)¶

User changes authorization data on key object (private, secret)

Parameters:	h_session – session handle object – key handle to update old_auth_data – byte list, e.g. [11, 12, 13, ..] new_auth_data – byte list, e.g. [11, 12, 13, ..]
Returns:	Ret code

static ca_set_authorization_data_ex(h_session, h_object, old_auth_data, new_auth_data)¶

Executes ca_set_authorization_data(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_set_container_policies(h_session, h_container, policies)¶

Set multiple container policies.

Parameters:	h_session (int) – Session handle h_container – target container handle policies – dict of policy ID ints and value ints
Returns:	result code

static ca_set_container_policies_ex(h_session, h_container, policies)¶

Executes ca_set_container_policies(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_set_container_policy(h_session, h_containerber, policy_id, policy_val)¶

Sets a policy on the container.

NOTE: With per partition SO this method should generally not be used. Instead ca_set_partition_policies should be used

Parameters:	h_session (int) – Session handle h_containerber – The container number to set the policy on. policy_id – The identifier of the policy (ex. CONTAINER_CONFIG_MINIMUM_PIN_LENGTH) policy_val – The value to set the policy to
Returns:	The result code

static ca_set_container_policy_ex(h_session, h_containerber, policy_id, policy_val)¶

Executes ca_set_container_policy(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_set_container_size(h_session, h_container, size)¶

Set a container’s size

Parameters:	h_session (int) – Session handle h_container – target container handle size – size
Returns:	result code

static ca_set_container_size_ex(h_session, h_container, size)¶

Executes ca_set_container_size(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_set_destructive_hsm_policies(h_session, policies)¶

Set multiple HSM policies.

Parameters:	h_session (int) – Session handle policies – dict of policy ID ints and value ints
Returns:	result code

static ca_set_destructive_hsm_policies_ex(h_session, policies)¶

Executes ca_set_destructive_hsm_policies(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_set_destructive_hsm_policy(h_session, policy_id, policy_val)¶

Sets the destructive HSM policies by calling CA_SetDestructiveHSMPolicy

Parameters:	h_session (int) – Session handle policy_id – The ID of the policy being set policy_val – The value of the policy being set
Returns:	The result code

static ca_set_destructive_hsm_policy_ex(h_session, policy_id, policy_val)¶

Executes ca_set_destructive_hsm_policy(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_set_hsm_policies(h_session, policies)¶

Set multiple HSM policies.

Parameters:	h_session (int) – Session handle policies – dict of policy ID ints and value ints
Returns:	result code

static ca_set_hsm_policies_ex(h_session, policies)¶

Executes ca_set_hsm_policies(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_set_hsm_policy(h_session, policy_id, policy_val)¶

Sets the HSM policies by calling CA_SetHSMPolicy

Parameters:	h_session (int) – Session handle policy_id – The ID of the policy being set policy_val – The value of the policy being set
Returns:	The result code

static ca_set_hsm_policy_ex(h_session, policy_id, policy_val)¶

Executes ca_set_hsm_policy(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_setapplicationID(id_high, id_low)¶

Set the App ID for the current process.

Parameters:	id_high (int) – High value of App ID id_low (int) – Low value of App ID
Returns:	retcode
Return type:	int

static ca_setapplicationID_ex(id_high, id_low)¶

Executes ca_setapplicationID(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_settokencertificatesignature(h_session, access_level, customer_id, pub_template, signature, signature_len)¶

Completes the installation of a certificate on a token. The caller must supply a public key and a signature for token certificate. The public key is provided through the template; it must contain a key type, a modulus and a public exponent.

Parameters:	h_session (int) – Session handle access_level – the access level customer_id – the customer ID pub_template – the public template signature – the signature signature_len – the length in bytes of the signature
Returns:	the result code

static ca_settokencertificatesignature_ex(h_session, access_level, customer_id, pub_template, signature, signature_len)¶

Executes ca_settokencertificatesignature(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_sim_extract(h_session, key_handles, authform, auth_secrets=None, subset_size=0, delete_after_extract=False)¶

Extract multiple keys to a wrapped blob. The returned blob can then be written into a file.

Parameters:

h_session (int) – Session handle
key_handles (list[int]) – List of key handles to extract
authform (int) – Type of authentication to use. See pycryptoki.backup.SIM_AUTH for details
auth_secrets (list(str)) – Authorization secrets to use (Length will correspond to the N value in ckdemo)
subset_size (int) – Subset size required for key use (Corresponds to the M value in ckdemo)
delete_after_extract (bool) – If true, will destroy the original keys after they have been extracted.

Returns:

retcode, blob_data tuple.

static ca_sim_extract_ex(h_session, key_handles, authform, auth_secrets=None, subset_size=0, delete_after_extract=False)¶

Executes ca_sim_extract(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_sim_insert(h_session, blob_data, authform, auth_secrets=None)¶

Insert keys into the HSM from blob data that was wrapped off using SIM.

Parameters:	h_session (int) – Session handle blob_data (str) – Read in raw wrapped data. Typically read in from a file. authform (int) – Type of authentication to use. See `pycryptoki.backup.SIM_AUTH` for details auth_secrets (list[str]) – Authorization secrets to use (Length will correspond to the `N` value in ckdemo)
Returns:	retcode, keys tuple, where `keys` is a list of integers.

static ca_sim_insert_ex(h_session, blob_data, authform, auth_secrets=None)¶

Executes ca_sim_insert(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_sim_multisign(h_session, blob_data, data_to_sign, mechanism, authform, auth_secrets=None)¶

Sign data using keys that were extracted to a SIM blob.

Parameters:

h_session (int) – Session handle
blob_data (str) – Read in raw wrapped key data. Typically read in from a file.
data_to_sign – List of bytestring data to sign
mechanism – Mechanism to use with the Sign operation
authform (int) – Type of authentication to use. See pycryptoki.backup.SIM_AUTH for details
auth_secrets (list[str]) – Authorization secrets to use (Length will correspond to the N value in ckdemo)

Returns:

retcode, signature list

static ca_sim_multisign_ex(h_session, blob_data, data_to_sign, mechanism, authform, auth_secrets=None)¶

Executes ca_sim_multisign(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_time_sync(h_session, ultime)¶

Parameters:	h_session (int) – Session handle ultime –

static ca_time_sync_ex(h_session, ultime)¶

Executes ca_time_sync(), and checks the retcode; raising an exception if the return code is not CKR_OK.

exposed_ca_authorize_key¶

staticmethod(function) -> method

Convert a function to be a static method.

A static method does not receive an implicit first argument. To declare a static method, use this idiom:

It can be called either on the class (e.g. C.f()) or on an instance (e.g. C().f()). The instance is ignored except for its class.

Static methods in Python are similar to those found in Java or C++. For a more advanced concept, see the classmethod builtin.

exposed_ca_authorize_key_ex¶

staticmethod(function) -> method

Convert a function to be a static method.

A static method does not receive an implicit first argument. To declare a static method, use this idiom:

It can be called either on the class (e.g. C.f()) or on an instance (e.g. C().f()). The instance is ignored except for its class.

Static methods in Python are similar to those found in Java or C++. For a more advanced concept, see the classmethod builtin.

exposed_ca_set_authorization_data¶

staticmethod(function) -> method

Convert a function to be a static method.

A static method does not receive an implicit first argument. To declare a static method, use this idiom:

It can be called either on the class (e.g. C.f()) or on an instance (e.g. C().f()). The instance is ignored except for its class.

Static methods in Python are similar to those found in Java or C++. For a more advanced concept, see the classmethod builtin.

exposed_ca_set_authorization_data_ex¶

staticmethod(function) -> method

Convert a function to be a static method.

A static method does not receive an implicit first argument. To declare a static method, use this idiom:

It can be called either on the class (e.g. C.f()) or on an instance (e.g. C().f()). The instance is ignored except for its class.

Static methods in Python are similar to those found in Java or C++. For a more advanced concept, see the classmethod builtin.

static get_token_by_label(label)¶

Iterates through all the tokens and returns the first token that has a label that is identical to the one that is passed in

Parameters:	label – The label of the token to search for
Returns:	The result code, The slot of the token

static get_token_by_label_ex(label)¶

Executes get_token_by_label(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static login(h_session, slot_num=1, password=None, user_type=1)¶

Login to the given session.

Parameters:	h_session (int) – Session handle slot_num (int) – Slot index to login on (Default value = 1) password (bytes) – Password to login with (Default value = “userpin”) user_type (int) – User type to login as (Default value = 1)
Returns:	retcode
Return type:	int

static login_ex(h_session, slot_num=1, password=None, user_type=1)¶

Executes login(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static test_attrs(attributes)[source]¶: Function used for validating that dicts can be used across rpyc pipes.

static test_conn()[source]¶: Test Function used to validate that custom functions are properly exposed over RPYC. Specifically not using something like conn.ping() to verify exposed functions.

static to_bool(val, reverse=False)¶

Convert a boolean-ish value to a pValue, ulValueLen tuple.

Parameters:	val – Value to convert reverse – Whether to convert from C -> Python
Returns:	(`ctypes.c_void_p` ptr to `pycryptoki.cryptoki.CK_BBOOL`,

ctypes.c_ulong size of bool value)

static to_byte_array(val, reverse=False)¶

Converts an arbitrarily sized integer, list, or byte array into a byte array.

It’ll zero-pad the bit length so it’s a multiple of 8, then convert the int to binary, split the binary string into sections of 8, then place each section into a slot in a ctypes.c_ubyte array (converting to small int).

Parameters:	val – Value to convert reverse – Whether to convert from C -> Python
Returns:	(`ctypes.c_void_p` ptr to `pycryptoki.cryptoki.CK_BYTE` array,

ctypes.c_ulong size of array)

static to_char_array(val, reverse=False)¶

Convert the given string or list of string values into a char array.

This is slightly different than to_byte_array, which has different assumptions as to the format of the input.

Parameters:	val – Value to convert reverse – Whether to convert from C -> Python
Returns:	(`ctypes.c_void_p` ptr to `pycryptoki.cryptoki.CK_CHAR` array,

ctypes.c_ulong size of array)

static to_ck_date(val, reverse=False)¶

Transform a date string, date dictionary, or date object into a PKCS11 readable form (YYYYMMDD)

Parameters:	val – Value to convert reverse – Whether to convert from C -> Python
Returns:	(`ctypes.c_void_p` ptr to `pycryptoki.cryptoki.CK_CHAR` array,

ctypes.c_ulong size of array)

static to_long(val, reverse=False)¶

Convert a integer/long value to a pValue, ulValueLen tuple

Parameters:	val – Value to convert reverse – Whether to convert from C -> Python
Returns:	(`ctypes.c_void_p` ptr to `ctypes.c_ulong`, `ctypes.c_ulong`

size of long value)

static to_subattributes(val, reverse=False)¶

Convert to another Attributes class & return the struct.

Parameters:	val – Value to convert reverse – Whether to convert from C -> Python
Returns:	(`ctypes.c_void_p` ptr to `pycryptoki.cryptoki.CK_ATTRIBUTE` array,

ctypes.c_ulong size of array)

pycryptoki.daemon.rpyc_pycryptoki.configure_logging(logfile=None)[source]¶

Setup logging. If a log file is specified, will log to that file.

Parameters:	logfile (str) – Log file path/name to use for logging.
Returns:	Configured logger.

pycryptoki.daemon.rpyc_pycryptoki.create_server_subprocess(target, args, logger)[source]¶

Create the subprocess, set it as a daemon, setup a signal handler in case the parent process is killed, the child process should also be killed, then return the subprocess.

Parameters:	target – Target function to run in a subprocess args – Args to pass to the function
Returns:	multiprocessing.Process

pycryptoki.daemon.rpyc_pycryptoki.server_launch(service, ip, port, config)[source]¶

Target for the multiprocessing Pycryptoki service.

Parameters:	service – ip – port – config –
Returns:

pycryptoki.pycryptoki_client¶

class pycryptoki.pycryptoki_client.LocalPycryptokiClient[source]¶

Bases: object

Class forwards calls to pycryptoki to local client but looks identical to remote client

cleanup()[source]¶

kill()[source]¶

class pycryptoki.pycryptoki_client.RemotePycryptokiClient(ip=None, port=None)[source]¶

Bases: object

Class to handle connecting to a remote Pycryptoki RPYC daemon.

After instantiation, you can use it directly to make calls to a remote cryptoki library via RPYC (no need to do any imports or anything like that, just use the direct pycryptoki call like client.c_initialize_ex() )

Parameters:	ip – IP Address of the client the remote daemon is running on. port – What Port the daemon is running on.

cleanup()[source]¶

kill()[source]¶: Close out the local RPYC connection.

start()[source]¶: Start the connection to the remote RPYC daemon.

started¶

Check if the RPYC connection is alive.

Returns:	boolean

pycryptoki.pycryptoki_client.connection_test(func)[source]¶

Decorator to check that the underlying rpyc connection is alive before sending commands across it.

Parameters:	func –
Returns:

pycryptoki.pycryptoki_client.log_args(funcname, arg_dict)[source]¶

This will run through each of the key, value pairs of the argument spec passed into pycryptoki and perform the following checks:

Parameters:	arg_dict –
Returns:

pycryptoki.pycryptoki_client.retry(ExceptionToCheck, tries=4, delay=3, backoff=2, logger=None)[source]¶

Retry calling the decorated function using an exponential backoff.

http://www.saltycrane.com/blog/2009/11/trying-out-retry-decorator-python/ original from: http://wiki.python.org/moin/PythonDecoratorLibrary#Retry

Parameters:

ExceptionToCheck (Exception or tuple) – the exception to check. may be a tuple of exceptions to check
tries (int) – number of times to try (not retry) before giving up
delay (int) – initial delay between retries in seconds
backoff (int) – backoff multiplier e.g. value of 2 will double the delay each retry
logger (logging.Logger instance) – logger to use. If None, print