Pycryptoki Daemon Package¶
Start pycryptoki.daemon.rpyc_pycryptoki.py
on your remote client, then connect to it
using RemotePycryptokiClient
. You can then
use the RemotePycryptokiClient as if it were local:
pycryptoki = RemotePycryptokiClient('10.2.96.130', port=8001)
pycryptoki.c_initialize_ex() # Executed on the daemon!
session = pycryptoki.c_open_session_ex(0)
#etc
daemon.rpyc_pycryptoki¶
RPYC-based daemon that allows for remote execution of pycryptoki commands.
Start via ./rpyc_pycryptoki.py -i <ip> -p <port>
or python rpyc_pycryptoki.py -i <ip> -p <port>
All methods starting are useable via rpyc_conn.root.<method>
All methods ending with _ex
will automatically check the return code from
cryptoki & raise an exception if it is not CKR_OK. It will NOT give you the return code, instead
just returning the second part of the regular return tuple:
c_open_session() # Returns: (ret_code, session_handle)
c_open_session_ex() # Returns: session_handle, raises exception if ret_code != CKR_OK
-
class
pycryptoki.daemon.rpyc_pycryptoki.
PycryptokiService
[source]¶ Bases:
rpyc.core.service.SlaveService
This is the core service to expose over RPYC.
If you’re working with pointers, you’ll need to create the pointer in a function here rather than passing in a pointer from the client (pointers getting pickled makes no sense).
-
static
c_close_all_sessions
(slot)¶ Closes all the sessions on a given slot
Parameters: slot – The slot to close all sessions on Returns: retcode Return type: int
-
static
c_close_all_sessions_ex
(slot)¶ Executes
c_close_all_sessions()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_close_session
(h_session)¶ Closes a session
Parameters: h_session (int) – Session handle Returns: retcode Return type: int
-
static
c_close_session_ex
(h_session)¶ Executes
c_close_session()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_copy_object
(h_session, h_object, template=None)¶ Method to call the C_CopyObject cryptoki command.
Parameters: Returns: (retcode, Handle to the new cloned object)
Return type: tuple
-
static
c_copy_object_ex
(h_session, h_object, template=None)¶ Executes
c_copy_object()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_create_object
(h_session, template)¶ Creates an object based on a given python template
Parameters: Returns: (retcode, the handle of the object)
Return type: tuple
-
static
c_create_object_ex
(h_session, template)¶ Executes
c_create_object()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_decrypt
(h_session, h_key, encrypted_data, mechanism, output_buffer=None)¶ Decrypt given data with the given key and mechanism.
Note
If data is a list or tuple of strings, multi-part decryption will be used.
Parameters: - h_session (int) – The session to use
- h_key (int) – The handle of the key to use to decrypt
- encrypted_data (bytes) –
Data to be decrypted
Note
Data will be converted to hexadecimal by calling:
to_hex(from_bytestring(data))
If you need to pass in raw hex data, call:
to_bytestring(from_hex(hex-data))
- References:
- mechanism – See the
parse_mechanism()
function for possible values. - output_buffer (list|int) – Integer or list of integers that specify a size of output buffer to use for an operation. By default will query with NULL pointer buffer to get required size of buffer.
Returns: (Retcode, Python bytestring of decrypted data))
Return type: tuple
-
static
c_decrypt_ex
(h_session, h_key, encrypted_data, mechanism, output_buffer=None)¶ Executes
c_decrypt()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_derive_key
(h_session, h_base_key, template, mechanism=None)¶ Derives a key from another key.
Parameters: Returns: The result code, The derived key’s handle
-
static
c_derive_key_ex
(h_session, h_base_key, template, mechanism=None)¶ Executes
c_derive_key()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_destroy_object
(h_session, h_object_value)¶ Deletes the object corresponsing to the passed in object handle
Parameters: Returns: Return code
-
static
c_destroy_object_ex
(h_session, h_object_value)¶ Executes
c_destroy_object()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_digest
(h_session, data_to_digest, digest_flavor, mechanism=None, output_buffer=None)¶ Digests some data
Parameters: - h_session (int) – Session handle
- data_to_digest (bytes) – The data to digest, either a string or a list of strings. If this is a list a multipart operation will be used
- digest_flavor (int) – The flavour of the mechanism to digest (MD2, SHA-1, HAS-160, SHA224, SHA256, SHA384, SHA512)
- mechanism – See the
parse_mechanism()
function for possible values. If None will use digest flavor. - output_buffer (list|int) – Integer or list of integers that specify a size of output buffer to use for an operation. By default will query with NULL pointer buffer to get required size of buffer.
Returns: (retcode, a python string of the digested data)
Return type: tuple
-
static
c_digest_ex
(h_session, data_to_digest, digest_flavor, mechanism=None, output_buffer=None)¶ Executes
c_digest()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_digest_key
(h_session, h_key, digest_flavor, mechanism=None)¶ Digest a key
Parameters:
-
static
c_digest_key_ex
(h_session, h_key, digest_flavor, mechanism=None)¶ Executes
c_digestkey()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_encrypt
(h_session, h_key, data, mechanism, output_buffer=None)¶ Encrypts data with a given key and encryption flavor encryption flavors
Note
If data is a list or tuple of strings, multi-part encryption will be used.
Parameters: - h_session (int) – Current session
- h_key (int) – The key handle to encrypt the data with
- data –
The data to encrypt, either a bytestring or a list of bytestrings. If this is a list a multipart operation will be used
Note
This will be converted to hexadecimal by calling:
to_hex(from_bytestring(data))
If you need to pass in raw hex data, call:
to_bytestring(from_hex(hex-data))
- References:
- mechanism – See the
parse_mechanism()
function for possible values. - output_buffer (list|int) – Integer or list of integers that specify a size of output buffer to use for an operation. By default will query with NULL pointer buffer to get required size of buffer.
Returns: (Retcode, Python bytestring of encrypted data)
Return type: tuple
-
static
c_encrypt_ex
(h_session, h_key, data, mechanism, output_buffer=None)¶ Executes
c_encrypt()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_finalize
()¶ Finalizes PKCS11 library.
Returns: Cryptoki return code
-
static
c_finalize_ex
()¶ Executes
c_finalize()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_find_objects
(h_session, template, num_entries)¶ Calls c_find_objects and c_find_objects_init to get a python dictionary of the objects found.
Parameters: - h_session (int) – Session handle
- template – A python dictionary of the object template to look for
- num_entries – The max number of entries to return
Returns: Returns a list of handles of objects found
-
static
c_find_objects_ex
(h_session, template, num_entries)¶ Executes
c_find_objects()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_generate_key
(h_session, mechanism=None, template=None)¶ Generates a symmetric key of a given flavor given the correct template.
Parameters: Returns: (retcode, generated key handle)
Rtype tuple:
-
static
c_generate_key_ex
(h_session, mechanism=None, template=None)¶ Executes
c_generate_key()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_generate_key_pair
(h_session, mechanism=None, pbkey_template=None, prkey_template=None)¶ Generates a private and public key pair for a given flavor, and given public and private key templates. The return value will be the handle for the key.
Parameters: Returns: (retcode, public key handle, private key handle)
Return type: tuple
-
static
c_generate_key_pair_ex
(h_session, mechanism=None, pbkey_template=None, prkey_template=None)¶ Executes
c_generate_key_pair()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_generate_random
(h_session, length)¶ Generates a sequence of random numbers
Parameters: Returns: (retcode, A string of random data)
Return type: tuple
-
static
c_generate_random_ex
(h_session, length)¶ Executes
c_generate_random()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_get_attribute_value
(h_session, h_object, template)¶ Calls C_GetAttrributeValue to get an attribute value based on a python template
Parameters: - h_session (int) – Session handle
- h_object – The handle of the object to get attributes for
- template – A python dictionary representing the template of the attributes to be retrieved
Returns: A python dictionary representing the attributes returned from the HSM/library
-
static
c_get_attribute_value_ex
(h_session, h_object, template)¶ Executes
c_get_attribute_value()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_get_info
()¶ Get general information about the Cryptoki Library
Returns a dictionary containing the following keys:
- cryptokiVersion
- manufacturerID
- flags
- libraryDescription
- libraryVersion
cryptokiVersion
andlibraryVersion
areCK_VERSION
structs, and the major/minor values can be accessed directly (info['cryptokiVersion'].major == 2
)Returns: (retcode, info dictionary)
-
static
c_get_info_ex
()¶ Executes
c_get_info()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_get_mechanism_info
(slot, mechanism_type)¶ Gets a mechanism’s info
Parameters: - slot – The slot to query
- mechanism_type – The type of the mechanism to get the information for
Returns: The result code, The mechanism info
-
static
c_get_mechanism_info_ex
(slot, mechanism_type)¶ Executes
c_get_mechanism_info()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_get_mechanism_list
(slot)¶ Gets the list of mechanisms from the HSM
Parameters: slot – The slot number to get the mechanism list on Returns: The result code, A python dictionary representing the mechanism list
-
static
c_get_mechanism_list_ex
(slot)¶ Executes
c_get_mechanism_list()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_get_ped_id
(slot)¶ Get the PED ID for the given slot.
Parameters: slot – slot number Returns: The result code and ID
-
static
c_get_ped_id_ex
(slot)¶ Executes
c_get_ped_id()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_get_session_info
(session)¶ Get information about the given session.
Parameters: session (int) – session handle Returns: (retcode, dictionary of session information) Return type: tuple
-
static
c_get_session_info_ex
(session)¶ Executes
c_get_session_info()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_get_slot_info
(slot)¶ Get information about the given slot number.
Parameters: slot (int) – Target slot Returns: Dictionary of slot information
-
static
c_get_slot_info_ex
(slot)¶ Executes
c_get_slot_info()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_get_slot_list
(token_present=True)¶ Get a list of all slots.
Parameters: token_present (bool) – If true, will only return slots that have a token present. Returns: List of slots
-
static
c_get_slot_list_ex
(token_present=True)¶ Executes
c_get_slot_list()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_get_token_info
(slot_id, rstrip=True)¶ Gets the token info for a given slot id
Parameters: Returns: (retcode, A python dictionary representing the token info)
Return type: tuple
-
static
c_get_token_info_ex
(slot_id, rstrip=True)¶ Executes
c_get_token_info()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_init_pin
(h_session, pin)¶ Initializes the PIN
Parameters: - h_session (int) – Session handle
- pin – pin to c_initialize
Returns: THe result code
-
static
c_init_pin_ex
(h_session, pin)¶ Executes
c_init_pin()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_init_token
(slot_num, password, token_label='Main Token')¶ Initializes at token at a given slot with the proper password and label
Parameters: - slot_num – The index of the slot to c_initialize a token in
- password – The password to c_initialize the slot with
- token_label – The label to c_initialize the slot with (Default value = ‘Main Token’)
Returns: The result code
-
static
c_init_token_ex
(slot_num, password, token_label='Main Token')¶ Executes
c_init_token()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_initialize
(flags=None, init_struct=None)¶ Initializes current process for use with PKCS11.
Some sample flags:
CKF_LIBRARY_CANT_CREATE_OS_THREADS CKF_OS_LOCKING_OKSee the PKCS11 documentation for more details.
Parameters: - flags (int) – Flags to be set within InitArgs Struct. (Default = None)
- init_struct – InitArgs structure (Default = None)
Returns: Cryptoki return code.
-
static
c_initialize_ex
(flags=None, init_struct=None)¶ Executes
c_initialize()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_logout
(h_session)¶ Logs out of a given session
Parameters: h_session (int) – Session handle Returns: retcode Return type: int
-
static
c_logout_ex
(h_session)¶ Executes
c_logout()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_open_session
(slot_num, flags=6)¶ Opens a session on the given slot
Parameters: Returns: (retcode, session handle)
Return type: tuple
-
static
c_open_session_ex
(slot_num, flags=6)¶ Executes
c_open_session()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_performselftest
(slot, test_type, input_data, input_data_len)¶ Test: Performs a self test for specified test type on a given slot.
Parameters: - slot – slot number
- test_type – type of test CK_ULONG
- input_data – pointer to input data CK_BYTE_PTR
- input_data_len – input data length CK_ULONG
Returns: the result code
[CK_SLOT_ID, CK_ULONG, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]
-
static
c_performselftest_ex
(slot, test_type, input_data, input_data_len)¶ Executes
c_performselftest()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_seed_random
(h_session, seed)¶ Seeds the random number generator
Parameters: - h_session (int) – Session handle
- seed (bytes) – A python string of some seed
Returns: retcode
Return type:
-
static
c_seed_random_ex
(h_session, seed)¶ Executes
c_seed_random()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_set_attribute_value
(h_session, h_object, template)¶ Calls C_SetAttributeValue to set an attribute value based on a python template
Parameters: - h_session (int) – Session handle
- h_object – The handle of the object to get attributes for
- template – A python dictionary representing the template of the attributes to be written
Returns: A python dictionary representing the attributes returned from the HSM/library
-
static
c_set_attribute_value_ex
(h_session, h_object, template)¶ Executes
c_set_attribute_value()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_set_ped_id
(slot, id)¶ Set the PED ID for the given slot.
Parameters: - slot – slot number
- id – PED ID to use
Returns: The result code
-
static
c_set_ped_id_ex
(slot, id)¶ Executes
c_set_ped_id()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_set_pin
(h_session, old_pass, new_pass)¶ Allows a user to change their PIN
Parameters: - h_session (int) – Session handle
- old_pass – The user’s old password
- new_pass – The user’s desired new password
Returns: The result code
-
static
c_set_pin_ex
(h_session, old_pass, new_pass)¶ Executes
c_set_pin()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_sign
(h_session, h_key, data_to_sign, mechanism, output_buffer=None)¶ Signs the given data with given key and mechanism.
Note
If data is a list or tuple of strings, multi-part operations will be used.
Parameters: - h_session (int) – Session handle
- data_to_sign –
The data to sign, either a string or a list of strings. If this is a list a multipart operation will be used (using C_…Update and C_…Final)
ex:
- ”This is a proper argument of some data to use in the function”
- [“This is another format of data this”, “function will accept.”, “It will operate on these strings in parts”]
- h_key (int) – The signing key
- mechanism – See the
parse_mechanism()
function for possible values. - output_buffer (list|int) – Integer or list of integers that specify a size of output buffer to use for an operation. By default will query with NULL pointer buffer to get required size of buffer.
Returns: (retcode, python string of signed data)
Return type: tuple
-
static
c_sign_ex
(h_session, h_key, data_to_sign, mechanism, output_buffer=None)¶ Executes
c_sign()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_unwrap_key
(h_session, h_unwrapping_key, wrapped_key, key_template, mechanism)¶ Unwrap a key from an encrypted data blob.
Parameters: - h_session (int) – The session to use
- h_unwrapping_key (int) – The wrapping key handle
- wrapped_key (bytes) –
The wrapped key
Note
Data will be converted to hexadecimal by calling:
to_hex(from_bytestring(data))
If you need to pass in raw hex data, call:
to_bytestring(from_hex(hex-data))
- References:
- key_template (dict) – The python template representing the new key’s template
- mechanism – See the
parse_mechanism()
function for possible values.
Returns: (Retcode, unwrapped key handle)
Return type: tuple
-
static
c_unwrap_key_ex
(h_session, h_unwrapping_key, wrapped_key, key_template, mechanism)¶ Executes
c_unwrap_key()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_verify
(h_session, h_key, data_to_verify, signature, mechanism)¶ Verifies data with the given signature, key and mechanism.
Note
If data is a list or tuple of strings, multi-part operations will be used.
Parameters: - h_session (int) – Session handle
- data_to_verify –
The data to sign, either a string or a list of strings. If this is a list a multipart operation will be used (using C_…Update and C_…Final)
ex:
- ”This is a proper argument of some data to use in the function”
- [“This is another format of data this”, “function will accept.”, “It will operate on these strings in parts”]
- signature (bytes) – Signature with which to verify the data.
- h_key (int) – The verifying key
- mechanism – See the
parse_mechanism()
function for possible values.
Returns: retcode of verify operation
-
static
c_verify_ex
(h_session, h_key, data_to_verify, signature, mechanism)¶ Executes
c_verify()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
c_wrap_key
(h_session, h_wrapping_key, h_key, mechanism, output_buffer=None)¶ Wrap a key off the HSM into an encrypted data blob.
Parameters: Returns: (Retcode, python bytestring representing wrapped key)
Return type: tuple
-
static
c_wrap_key_ex
(h_session, h_wrapping_key, h_key, mechanism, output_buffer=None)¶ Executes
c_wrap_key()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_assign_key
(h_session, h_object)¶ Crypto Officer assigns a key
Parameters: - h_session – session handle
- object – key handle to assign
Returns: Ret code
-
static
ca_assign_key_ex
(h_session, h_object)¶ Executes
ca_assign_key()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
User authorizes key within session or access for use
Parameters: - h_session – session handle
- object – key handle to authorize
- auth_data – authorization byte list, e.g. [11, 12, 13, ..]
Returns: Ret code
Executes
ca_authorize_key()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_clonemofn
(h_session)¶ Clones MofN secret from one token to another.
Parameters: h_session (int) – Session handle Returns: the result code
-
static
ca_clonemofn_ex
(h_session)¶ Executes
ca_clonemofn()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_close_application_id_v2
(slot, appid)¶ Close the AccessID associated with the given slot.
Parameters: - slot – Slot #.
- appid – bytestring of length 16.
Returns: Retcode.
-
static
ca_close_application_id_v2_ex
(slot, appid)¶ Executes
ca_close_application_id_v2()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_close_secure_token_ex
(h_session, h_ID)¶ Executes
ca_close_secure_token()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_closeapplicationID
(slot, id_high, id_low)¶ Close a given AppID on a slot.
Parameters: Returns: retcode
Return type:
-
static
ca_closeapplicationID_ex
(slot, id_high, id_low)¶ Executes
ca_closeapplicationID()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_create_container
(h_session, storage_size, password=None, label='Inserted Token')¶ Inserts a token into a slot without a Security Officer on the token
Parameters: - h_session (int) – Session handle
- storage_size – The storage size of the token (0 for undefined/unlimited)
- password – The password associated with the token (Default value = ‘userpin’)
- label – The label associated with the token (Default value = ‘Inserted Token’)
Returns: The result code, The container number
-
static
ca_create_container_ex
(h_session, storage_size, password=None, label='Inserted Token')¶ Executes
ca_create_container()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_createloginchallenge
(h_session, user_type, challenge)¶ Creates a login challenge for the given user.
Parameters: - h_session (int) – Session handle
- user_type – user type
- challenge – challenge
Returns: the result code
-
static
ca_createloginchallenge_ex
(h_session, user_type, challenge)¶ Executes
ca_createloginchallenge()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_delete_container_with_handle
(h_session, h_container)¶ Delete a container by handle
Parameters: - h_session (int) – Session handle
- h_container – target container handle
Returns: result code
-
static
ca_delete_container_with_handle_ex
(h_session, h_container)¶ Executes
ca_delete_container_with_handle()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_deleteremotepedvector
(h_session)¶ Deletes a remote PED vector
Parameters: h_session (int) – Session handle Returns: the result code
-
static
ca_deleteremotepedvector_ex
(h_session)¶ Executes
ca_deleteremotepedvector()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_derive_key_and_wrap
(h_session, derive_mechanism, h_base_key, derive_template, wrapping_key, wrap_mechanism, output_buffer=2048)¶ Derive a key from the base key and wrap it off the HSM using the wrapping key
Parameters: - h_session (int) – The session to use
- h_base_key (int) – The base key
- derive_template (dict) – A python template of attributes to set on derived key
- derive_mechanism – See the
parse_mechanism()
function for possible values. - wrapping_key (int) – The wrapping key based on the encryption flavor
- wrap_mechanism – See the
parse_mechanism()
function for possible values. - output_buffer – The size of the wrapped key, defaulted to a cert size
Returns: (Retcode, python bytestring representing wrapped key)
Return type: tuple
-
static
ca_derive_key_and_wrap_ex
(h_session, derive_mechanism, h_base_key, derive_template, wrapping_key, wrap_mechanism, output_buffer=2048)¶ Executes
ca_derive_key_and_wrap()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_destroy_multiple_objects
(h_session, objects)¶ Delete multiple objects corresponding to given object handles
Parameters: - h_session (int) – Session handle
- objects (list) – The handles of the objects to delete
Returns: Return code
-
static
ca_destroy_multiple_objects_ex
(h_session, objects)¶ Executes
ca_destroy_multiple_objects()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_duplicatemofn
(h_session)¶ Duplicates a set of M of N vectors.
Parameters: h_session (int) – Session handle Returns: the result code
-
static
ca_duplicatemofn_ex
(h_session)¶ Executes
ca_duplicatemofn()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_extract
(h_session, mechanism)¶ Parameters: - h_session (int) – Session handle
- mechanism – See the
parse_mechanism()
function for possible values.
-
static
ca_extract_ex
(h_session, mechanism)¶ Executes
ca_extract()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_factory_reset
(slot)¶ Does a factory reset on a given slot
Parameters: slot – The slot to do a factory reset on Returns: The result code
-
static
ca_factory_reset_ex
(slot)¶ Executes
ca_factory_reset()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_generatemofn
(h_session, m_value, vector_value, vector_count, is_secure_port_used)¶ Generates MofN secret information on a token.
Parameters: - h_session (int) – Session handle
- m_value – m
- vector_count – number of vectors
- is_secure_port_used – is secure port used
- vector_value –
Returns: the result code
-
static
ca_generatemofn_ex
(h_session, m_value, vector_value, vector_count, is_secure_port_used)¶ Executes
ca_generatemofn()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_get_application_id
()¶ Get the current process’s AccessID.
Returns: retcode, bytestring tuple.
-
static
ca_get_application_id_ex
()¶ Executes
ca_get_application_id()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_get_container_capability_set
(slot, h_container)¶ Get the container capabilities of the given slot.
Parameters: Returns: result code, {id: val} dict of capabilities (None if command failed)
-
static
ca_get_container_capability_set_ex
(slot, h_container)¶ Executes
ca_get_container_capability_set()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_get_container_capability_setting
(slot, h_container, capability_id)¶ Get the value of a container’s single capability
Parameters: - slot – slot ID of slot to query
- h_container – target container handle
- capability_id – capability ID
Returns: result code, CK_ULONG representing capability active or not
-
static
ca_get_container_capability_setting_ex
(slot, h_container, capability_id)¶ Executes
ca_get_container_capability_setting()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_get_container_list
(slot, group_handle=0, container_type=0)¶ Get list of containers.
Parameters: - slot – slot ID of the slot to query
- group_handle – group ID
- container_type – type of container
Returns: result code, list of container handles
-
static
ca_get_container_list_ex
(slot, group_handle=0, container_type=0)¶ Executes
ca_get_container_list()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_get_container_name
(slot, h_container)¶ Get a container’s name
Parameters: - slot – target slot
- h_container – target container handle
Returns: result code, container name string
-
static
ca_get_container_name_ex
(slot, h_container)¶ Executes
ca_get_container_name()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_get_container_policy_set
(slot, h_container)¶ Get the policies of the given slot and container.
Parameters: Returns: result code, {id: val} dict of policies (None if command failed)
-
static
ca_get_container_policy_set_ex
(slot, h_container)¶ Executes
ca_get_container_policy_set()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_get_container_policy_setting
(slot, h_container, policy_id)¶ Get the value of a container’s single policy
Parameters: - slot – slot ID of slot to query
- h_container – target container handle
- policy_id – policy ID
Returns: result code, CK_ULONG representing policy active or not
-
static
ca_get_container_policy_setting_ex
(slot, h_container, policy_id)¶ Executes
ca_get_container_policy_setting()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_get_container_status
(slot, h_container)¶ Get a container’s Status
Parameters: - slot – target slot
- h_container – target container handle
Returns: result code, dict of flags, dict of failed logins
-
static
ca_get_container_status_ex
(slot, h_container)¶ Executes
ca_get_container_status()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_get_container_storage_information
(slot, h_container)¶ Get a container’s storage information
Parameters: - slot – target slot
- h_container – target container handle
Returns: result code, dict of storage values
-
static
ca_get_container_storage_information_ex
(slot, h_container)¶ Executes
ca_get_container_storage_information()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_get_cv_firmware_version
(slot_id)¶ Cryptovisor specific ca extension function to get cv fw version
Parameters: slot_id – slot id Returns: tuple of return code and cv fw version
-
static
ca_get_cv_firmware_version_ex
(slot_id)¶ Executes
ca_get_cv_firmware_version()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_get_hsm_capability_set
(slot)¶ Get the capabilities of the given slot.
Parameters: slot (int) – Target slot number Returns: retcode, {id: val} dict of capabilities (None if command failed)
-
static
ca_get_hsm_capability_set_ex
(slot)¶ Executes
ca_get_hsm_capability_set()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_get_hsm_capability_setting
(slot, capability_id)¶ Get the value of a single capability
Parameters: - slot – slot ID of slot to query
- capability_id – capability ID
Returns: result code, CK_ULONG representing capability active or not
-
static
ca_get_hsm_capability_setting_ex
(slot, capability_id)¶ Executes
ca_get_hsm_capability_setting()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_get_hsm_policy_set
(slot)¶ Get the policies of the given slot.
Parameters: slot (int) – Target slot number Returns: retcode, {id: val} dict of policies (None if command failed)
-
static
ca_get_hsm_policy_set_ex
(slot)¶ Executes
ca_get_hsm_policy_set()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_get_hsm_policy_setting
(slot, policy_id)¶ Get the value of a single policy
Parameters: - slot – slot ID of slot to query
- policy_id – policy ID
Returns: result code, CK_ULONG representing policy active or not
-
static
ca_get_hsm_policy_setting_ex
(slot, policy_id)¶ Executes
ca_get_hsm_policy_setting()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_get_object_handle
(slot, session, objectouid)¶ Calls CA_GetObjectHandle to get the object handle from OUID
Parameters: - slot – partition slot number
- session – session id that was opened to run the function
- objectouid – OUID, a string of the hex value that maps to object handle
Returns: a tuple containing the return code and the object handle mapping the given OUID
-
static
ca_get_object_handle_ex
(slot, session, objectouid)¶ Executes
ca_get_object_handle()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_get_session_info
(session)¶ ca extension function that returns session information
Parameters: session – session handle Returns: tuple of return code and session info dict
-
static
ca_get_session_info_ex
(session)¶ Executes
ca_get_session_info()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_get_time_ex
(h_session)¶ Executes
ca_get_time()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_get_token_policies
(slot)¶ Get the policies of the given slot.
Parameters: slot (int) – Target slot number Returns: retcode, {id: val} dict of policies (None if command failed)
-
static
ca_get_token_policies_ex
(slot)¶ Executes
ca_get_token_policies()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_hainit
(h_session, h_key)¶ Creates a login key pair on the primary token.
Parameters: - h_session (int) – Session handle
- h_key – the login private key
Returns: the result code
-
static
ca_hainit_ex
(h_session, h_key)¶ Executes
ca_hainit()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_increment_failed_auth_count
(h_session, h_object)¶ This function is called by HA group when auth failure happens on a key to sync up status. Here its defined mostly for testing purposes :param h_session: session handle :param object: key handle to update :return: Ret code
-
static
ca_increment_failed_auth_count_ex
(h_session, h_object)¶ Executes
ca_increment_failed_auth_count()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_init_audit
(slot, audit_pin, audit_label)¶ Parameters: - slot –
- audit_pin –
- audit_label –
-
static
ca_init_audit_ex
(slot, audit_pin, audit_label)¶ Executes
ca_init_audit()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_initializeremotepedvector
(h_session)¶ Initializes a remote PED vector
Parameters: h_session (int) – Session handle Returns: the result code
-
static
ca_initializeremotepedvector_ex
(h_session)¶ Executes
ca_initializeremotepedvector()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_insert
(h_session, mechanism)¶ Parameters: - h_session (int) – Session handle
- mechanism – See the
parse_mechanism()
function for possible values.
-
static
ca_insert_ex
(h_session, mechanism)¶ Executes
ca_insert()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_modifyusagecount
(h_session, h_object, command_type, value)¶ Modifies CKA_USAGE_COUNT attribute of the object.
Parameters: - h_session (int) – Session handle
- h_object – object
- command_type – command type
- value – value
Returns: the result code
-
static
ca_modifyusagecount_ex
(h_session, h_object, command_type, value)¶ Executes
ca_modifyusagecount()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_mtkresplit
(slot)¶ Resplit the MTK
Parameters: slot – slot number Returns: the result code
-
static
ca_mtkresplit_ex
(slot)¶ Executes
ca_mtkresplit()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_mtkrestore
(slot)¶ Restore the MTK
Parameters: slot – slot number Returns: the result code
-
static
ca_mtkrestore_ex
(slot)¶ Executes
ca_mtkrestore()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_mtkzeroize
(slot)¶ Zeroize the MTK
Parameters: slot – slot number Returns: the result code
-
static
ca_mtkzeroize_ex
(slot)¶ Executes
ca_mtkzeroize()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_open_application_id_v2
(slot, appid)¶ Open the given AccessID for the target slot.
Parameters: - slot – Slot #.
- appid – bytestring of length 16.
Returns: Retcode.
-
static
ca_open_application_id_v2_ex
(slot, appid)¶ Executes
ca_open_application_id_v2()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_open_secure_token
(h_session, storage_path, dev_ID, mode)¶ Parameters: - h_session (int) – Session handle
- storage_path –
- dev_ID –
- mode –
-
static
ca_open_secure_token_ex
(h_session, storage_path, dev_ID, mode)¶ Executes
ca_open_secure_token()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_openapplicationID
(slot, id_high, id_low)¶ Open an application ID on the given slot.
Parameters: Returns: retcode
Return type:
-
static
ca_openapplicationID_ex
(slot, id_high, id_low)¶ Executes
ca_openapplicationID()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_read_all_utilization_counters
(h_session)¶ Read Metrics from previously saved HSM snapshot Call either functions prior to create snapshot: ca_read_utilization_metrics ca_read_and_reset_utilization_metrics
Returns: a dictionary, where keys are serial numbers and values are dictionaries of bins and values, example: ‘SIGN’:0
-
static
ca_read_all_utilization_counters_ex
(h_session)¶ Executes
ca_read_all_utilization_counters()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_read_and_reset_utilization_metrics
(session)¶ HSM reads current utilization data and saves as a snapshot; HSM resets metrics to zeroes
Parameters: session – session id that was opened to run the function Returns: a dictionary with partition serial numbers as keys, value - dictionary of utilization metrics
-
static
ca_read_and_reset_utilization_metrics_ex
(session)¶ Executes
ca_read_and_reset_utilization_metrics()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_read_utilization_metrics
(session)¶ HSM reads utilization data and saves as a snapshot
Parameters: session – session id that was opened to run the function Returns: Ret code
-
static
ca_read_utilization_metrics_ex
(session)¶ Executes
ca_read_utilization_metrics()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
CO resets auth data on unassigned key
Parameters: - h_session – session handle
- object – key handle to update
- auth_data – byte list, e.g. [11, 12, 13, ..]
Returns: Ret code
Executes
ca_reset_authorization_data()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_restart
(slot)¶ Parameters: slot –
-
static
ca_restart_ex
(slot)¶ Executes
ca_restart()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
User changes authorization data on key object (private, secret)
Parameters: - h_session – session handle
- object – key handle to update
- old_auth_data – byte list, e.g. [11, 12, 13, ..]
- new_auth_data – byte list, e.g. [11, 12, 13, ..]
Returns: Ret code
Executes
ca_set_authorization_data()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_set_container_policies
(h_session, h_container, policies)¶ Set multiple container policies.
Parameters: - h_session (int) – Session handle
- h_container – target container handle
- policies – dict of policy ID ints and value ints
Returns: result code
-
static
ca_set_container_policies_ex
(h_session, h_container, policies)¶ Executes
ca_set_container_policies()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_set_container_policy
(h_session, h_containerber, policy_id, policy_val)¶ Sets a policy on the container.
NOTE: With per partition SO this method should generally not be used. Instead ca_set_partition_policies should be used
Parameters: - h_session (int) – Session handle
- h_containerber – The container number to set the policy on.
- policy_id – The identifier of the policy (ex. CONTAINER_CONFIG_MINIMUM_PIN_LENGTH)
- policy_val – The value to set the policy to
Returns: The result code
-
static
ca_set_container_policy_ex
(h_session, h_containerber, policy_id, policy_val)¶ Executes
ca_set_container_policy()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_set_container_size
(h_session, h_container, size)¶ Set a container’s size
Parameters: - h_session (int) – Session handle
- h_container – target container handle
- size – size
Returns: result code
-
static
ca_set_container_size_ex
(h_session, h_container, size)¶ Executes
ca_set_container_size()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_set_destructive_hsm_policies
(h_session, policies)¶ Set multiple HSM policies.
Parameters: - h_session (int) – Session handle
- policies – dict of policy ID ints and value ints
Returns: result code
-
static
ca_set_destructive_hsm_policies_ex
(h_session, policies)¶ Executes
ca_set_destructive_hsm_policies()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_set_destructive_hsm_policy
(h_session, policy_id, policy_val)¶ Sets the destructive HSM policies by calling CA_SetDestructiveHSMPolicy
Parameters: - h_session (int) – Session handle
- policy_id – The ID of the policy being set
- policy_val – The value of the policy being set
Returns: The result code
-
static
ca_set_destructive_hsm_policy_ex
(h_session, policy_id, policy_val)¶ Executes
ca_set_destructive_hsm_policy()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_set_hsm_policies
(h_session, policies)¶ Set multiple HSM policies.
Parameters: - h_session (int) – Session handle
- policies – dict of policy ID ints and value ints
Returns: result code
-
static
ca_set_hsm_policies_ex
(h_session, policies)¶ Executes
ca_set_hsm_policies()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_set_hsm_policy
(h_session, policy_id, policy_val)¶ Sets the HSM policies by calling CA_SetHSMPolicy
Parameters: - h_session (int) – Session handle
- policy_id – The ID of the policy being set
- policy_val – The value of the policy being set
Returns: The result code
-
static
ca_set_hsm_policy_ex
(h_session, policy_id, policy_val)¶ Executes
ca_set_hsm_policy()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_setapplicationID
(id_high, id_low)¶ Set the App ID for the current process.
Parameters: Returns: retcode
Return type:
-
static
ca_setapplicationID_ex
(id_high, id_low)¶ Executes
ca_setapplicationID()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_settokencertificatesignature
(h_session, access_level, customer_id, pub_template, signature, signature_len)¶ Completes the installation of a certificate on a token. The caller must supply a public key and a signature for token certificate. The public key is provided through the template; it must contain a key type, a modulus and a public exponent.
Parameters: - h_session (int) – Session handle
- access_level – the access level
- customer_id – the customer ID
- pub_template – the public template
- signature – the signature
- signature_len – the length in bytes of the signature
Returns: the result code
-
static
ca_settokencertificatesignature_ex
(h_session, access_level, customer_id, pub_template, signature, signature_len)¶ Executes
ca_settokencertificatesignature()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_sim_extract
(h_session, key_handles, authform, auth_secrets=None, subset_size=0, delete_after_extract=False)¶ Extract multiple keys to a wrapped blob. The returned blob can then be written into a file.
Parameters: - h_session (int) – Session handle
- key_handles (list[int]) – List of key handles to extract
- authform (int) – Type of authentication to use. See
pycryptoki.backup.SIM_AUTH
for details - auth_secrets (list(str)) – Authorization secrets to use (Length will correspond to the
N
value in ckdemo) - subset_size (int) – Subset size required for key use (Corresponds to the
M
value in ckdemo) - delete_after_extract (bool) – If true, will destroy the original keys after they have been extracted.
Returns: retcode, blob_data tuple.
-
static
ca_sim_extract_ex
(h_session, key_handles, authform, auth_secrets=None, subset_size=0, delete_after_extract=False)¶ Executes
ca_sim_extract()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_sim_insert
(h_session, blob_data, authform, auth_secrets=None)¶ Insert keys into the HSM from blob data that was wrapped off using SIM.
Parameters: - h_session (int) – Session handle
- blob_data (str) – Read in raw wrapped data. Typically read in from a file.
- authform (int) – Type of authentication to use. See
pycryptoki.backup.SIM_AUTH
for details - auth_secrets (list[str]) – Authorization secrets to use (Length will correspond to the
N
value in ckdemo)
Returns: retcode, keys tuple, where
keys
is a list of integers.
-
static
ca_sim_insert_ex
(h_session, blob_data, authform, auth_secrets=None)¶ Executes
ca_sim_insert()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_sim_multisign
(h_session, blob_data, data_to_sign, mechanism, authform, auth_secrets=None)¶ Sign data using keys that were extracted to a SIM blob.
Parameters: - h_session (int) – Session handle
- blob_data (str) – Read in raw wrapped key data. Typically read in from a file.
- data_to_sign – List of bytestring data to sign
- mechanism – Mechanism to use with the Sign operation
- authform (int) – Type of authentication to use. See
pycryptoki.backup.SIM_AUTH
for details - auth_secrets (list[str]) – Authorization secrets to use (Length will correspond to the
N
value in ckdemo)
Returns: retcode, signature list
-
static
ca_sim_multisign_ex
(h_session, blob_data, data_to_sign, mechanism, authform, auth_secrets=None)¶ Executes
ca_sim_multisign()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
ca_time_sync_ex
(h_session, ultime)¶ Executes
ca_time_sync()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
staticmethod(function) -> method
Convert a function to be a static method.
A static method does not receive an implicit first argument. To declare a static method, use this idiom:
- class C:
@staticmethod def f(arg1, arg2, …):
…
It can be called either on the class (e.g. C.f()) or on an instance (e.g. C().f()). The instance is ignored except for its class.
Static methods in Python are similar to those found in Java or C++. For a more advanced concept, see the classmethod builtin.
staticmethod(function) -> method
Convert a function to be a static method.
A static method does not receive an implicit first argument. To declare a static method, use this idiom:
- class C:
@staticmethod def f(arg1, arg2, …):
…
It can be called either on the class (e.g. C.f()) or on an instance (e.g. C().f()). The instance is ignored except for its class.
Static methods in Python are similar to those found in Java or C++. For a more advanced concept, see the classmethod builtin.
staticmethod(function) -> method
Convert a function to be a static method.
A static method does not receive an implicit first argument. To declare a static method, use this idiom:
- class C:
@staticmethod def f(arg1, arg2, …):
…
It can be called either on the class (e.g. C.f()) or on an instance (e.g. C().f()). The instance is ignored except for its class.
Static methods in Python are similar to those found in Java or C++. For a more advanced concept, see the classmethod builtin.
staticmethod(function) -> method
Convert a function to be a static method.
A static method does not receive an implicit first argument. To declare a static method, use this idiom:
- class C:
@staticmethod def f(arg1, arg2, …):
…
It can be called either on the class (e.g. C.f()) or on an instance (e.g. C().f()). The instance is ignored except for its class.
Static methods in Python are similar to those found in Java or C++. For a more advanced concept, see the classmethod builtin.
-
static
get_token_by_label
(label)¶ Iterates through all the tokens and returns the first token that has a label that is identical to the one that is passed in
Parameters: label – The label of the token to search for Returns: The result code, The slot of the token
-
static
get_token_by_label_ex
(label)¶ Executes
get_token_by_label()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
login
(h_session, slot_num=1, password=None, user_type=1)¶ Login to the given session.
Parameters: Returns: retcode
Return type:
-
static
login_ex
(h_session, slot_num=1, password=None, user_type=1)¶ Executes
login()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
static
test_attrs
(attributes)[source]¶ Function used for validating that dicts can be used across rpyc pipes.
-
static
test_conn
()[source]¶ Test Function used to validate that custom functions are properly exposed over RPYC. Specifically not using something like conn.ping() to verify exposed functions.
-
static
to_bool
(val, reverse=False)¶ Convert a boolean-ish value to a pValue, ulValueLen tuple.
Parameters: - val – Value to convert
- reverse – Whether to convert from C -> Python
Returns: ctypes.c_ulong
size of bool value)
-
static
to_byte_array
(val, reverse=False)¶ Converts an arbitrarily sized integer, list, or byte array into a byte array.
It’ll zero-pad the bit length so it’s a multiple of 8, then convert the int to binary, split the binary string into sections of 8, then place each section into a slot in a
ctypes.c_ubyte
array (converting to small int).Parameters: - val – Value to convert
- reverse – Whether to convert from C -> Python
Returns: (
ctypes.c_void_p
ptr topycryptoki.cryptoki.CK_BYTE
array,ctypes.c_ulong
size of array)
-
static
to_char_array
(val, reverse=False)¶ Convert the given string or list of string values into a char array.
This is slightly different than to_byte_array, which has different assumptions as to the format of the input.
Parameters: - val – Value to convert
- reverse – Whether to convert from C -> Python
Returns: (
ctypes.c_void_p
ptr topycryptoki.cryptoki.CK_CHAR
array,ctypes.c_ulong
size of array)
-
static
to_ck_date
(val, reverse=False)¶ Transform a date string, date dictionary, or date object into a PKCS11 readable form (YYYYMMDD)
Parameters: - val – Value to convert
- reverse – Whether to convert from C -> Python
Returns: (
ctypes.c_void_p
ptr topycryptoki.cryptoki.CK_CHAR
array,ctypes.c_ulong
size of array)
-
static
to_long
(val, reverse=False)¶ Convert a integer/long value to a pValue, ulValueLen tuple
Parameters: - val – Value to convert
- reverse – Whether to convert from C -> Python
Returns: (
ctypes.c_void_p
ptr toctypes.c_ulong
,ctypes.c_ulong
size of long value)
-
static
to_subattributes
(val, reverse=False)¶ Convert to another Attributes class & return the struct.
Parameters: - val – Value to convert
- reverse – Whether to convert from C -> Python
Returns: (
ctypes.c_void_p
ptr topycryptoki.cryptoki.CK_ATTRIBUTE
array,ctypes.c_ulong
size of array)
-
static
-
pycryptoki.daemon.rpyc_pycryptoki.
configure_logging
(logfile=None)[source]¶ Setup logging. If a log file is specified, will log to that file.
Parameters: logfile (str) – Log file path/name to use for logging. Returns: Configured logger.
-
pycryptoki.daemon.rpyc_pycryptoki.
create_server_subprocess
(target, args, logger)[source]¶ Create the subprocess, set it as a daemon, setup a signal handler in case the parent process is killed, the child process should also be killed, then return the subprocess.
Parameters: - target – Target function to run in a subprocess
- args – Args to pass to the function
Returns: multiprocessing.Process
pycryptoki.pycryptoki_client¶
-
class
pycryptoki.pycryptoki_client.
LocalPycryptokiClient
[source]¶ Bases:
object
Class forwards calls to pycryptoki to local client but looks identical to remote client
-
class
pycryptoki.pycryptoki_client.
RemotePycryptokiClient
(ip=None, port=None)[source]¶ Bases:
object
Class to handle connecting to a remote Pycryptoki RPYC daemon.
After instantiation, you can use it directly to make calls to a remote cryptoki library via RPYC (no need to do any imports or anything like that, just use the direct pycryptoki call like client.c_initialize_ex() )
Parameters: - ip – IP Address of the client the remote daemon is running on.
- port – What Port the daemon is running on.
-
started
¶ Check if the RPYC connection is alive.
Returns: boolean
-
pycryptoki.pycryptoki_client.
connection_test
(func)[source]¶ Decorator to check that the underlying rpyc connection is alive before sending commands across it.
Parameters: func – Returns:
-
pycryptoki.pycryptoki_client.
log_args
(funcname, arg_dict)[source]¶ This will run through each of the key, value pairs of the argument spec passed into pycryptoki and perform the following checks:
- if key is a template, format the template data through a dict lookup
- if key is password, set the log data to be ‘*’
- if value is longer than 40 characters, abbreviate it.
Parameters: arg_dict – Returns:
-
pycryptoki.pycryptoki_client.
retry
(ExceptionToCheck, tries=4, delay=3, backoff=2, logger=None)[source]¶ Retry calling the decorated function using an exponential backoff.
http://www.saltycrane.com/blog/2009/11/trying-out-retry-decorator-python/ original from: http://wiki.python.org/moin/PythonDecoratorLibrary#Retry
Parameters: - ExceptionToCheck (Exception or tuple) – the exception to check. may be a tuple of exceptions to check
- tries (int) – number of times to try (not retry) before giving up
- delay (int) – initial delay between retries in seconds
- backoff (int) – backoff multiplier e.g. value of 2 will double the delay each retry
- logger (logging.Logger instance) – logger to use. If None, print