[Python-modules-commits] [pykcs11] 02/04: New upstream version 1.4.3
Ludovic Rousseau
rousseau at moszumanska.debian.org
Sat Jun 24 15:37:23 UTC 2017
This is an automated email from the git hooks/post-receive script.
rousseau pushed a commit to branch master
in repository pykcs11.
commit 238ed8b3d1e8b13eba660a403de118d327b53d4f
Author: Ludovic Rousseau <rousseau at debian.org>
Date: Sat Jun 24 16:30:11 2017 +0200
New upstream version 1.4.3
---
MANIFEST | 2 +-
Makefile | 15 ++-
PKG-INFO | 2 +-
PyKCS11/LowLevel.py | 31 ++++++
PyKCS11/__init__.py | 188 ++++++++++++++++----------------
README.md | 212 ++++++++++++++++++++++++++++++++++++
samples/encrypt.py | 4 +-
samples/generate.py | 6 +-
samples/modulus.py | 8 +-
samples/signature.py | 6 +-
setup.py | 2 +-
src/opensc/pkcs11.h | 11 ++
src/pkcs11lib.cpp | 2 +-
src/pykcs11.i | 45 ++++++--
src/pykcs11_wrap.cpp | 295 ++++++++++++++++++++++++++++++++++++++++++++-------
15 files changed, 669 insertions(+), 160 deletions(-)
diff --git a/MANIFEST b/MANIFEST
index 49253cc..254e192 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -1,4 +1,4 @@
-readme.txt
+README.md
pykcs11.rc
resource.h
setup.py
diff --git a/Makefile b/Makefile
index f0cd4cd..1bb07bb 100644
--- a/Makefile
+++ b/Makefile
@@ -20,12 +20,14 @@ clean distclean:
rm -rf build
rm -f *.pyc PyKCS11/*.pyc
rm -f PyKCS11/LowLevel.py
+ rm -f PyKCS11/_LowLevel*
rm -f build-stamp
+ rm -f tests/*.pyc
rebuild: clean build
src/pykcs11_wrap.cpp: src/pykcs11.i
- cd src ; swig -c++ -python pykcs11.i ; mv pykcs11_wrap.cxx pykcs11_wrap.cpp ; mv LowLevel.py ../PyKCS11
+ cd src ; swig -c++ -python pykcs11.i ; mv pykcs11_wrap.cxx pykcs11_wrap.cpp ; mv LowLevel.py ../PyKCS11/
src/pykcs11.i: src/opensc/pkcs11.h src/pkcs11lib.h src/pykcs11string.h src/ck_attribute_smart.h
touch $@
@@ -36,6 +38,17 @@ dist: clean
pypi: clean
$(PYTHON) setup.py sdist upload
+prepare4test: build
+ cd PyKCS11 ; ln -sf ../build/lib.*/PyKCS11/_LowLevel*.so
+
+tests: prepare4test
+ $(PYTHON) run_test.py
+
+coverage: prepare4test
+ coverage run run_test.py
+ coverage report
+ coverage html
+
doc: build
rm -rf html
epydoc --verbose PyKCS11
diff --git a/PKG-INFO b/PKG-INFO
index 4907aa5..8b383cc 100644
--- a/PKG-INFO
+++ b/PKG-INFO
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: PyKCS11
-Version: 1.4.2
+Version: 1.4.3
Summary: A Full PKCS#11 wrapper for Python
Home-page: https://github.com/LudovicRousseau/PyKCS11
Author: Ludovic Rousseau
diff --git a/PyKCS11/LowLevel.py b/PyKCS11/LowLevel.py
index 7311c75..dd7b703 100644
--- a/PyKCS11/LowLevel.py
+++ b/PyKCS11/LowLevel.py
@@ -998,6 +998,37 @@ CK_RSA_PKCS_OAEP_PARAMS_swigregister = _LowLevel.CK_RSA_PKCS_OAEP_PARAMS_swigreg
CK_RSA_PKCS_OAEP_PARAMS_swigregister(CK_RSA_PKCS_OAEP_PARAMS)
CK_RSA_PKCS_OAEP_PARAMS_LENGTH = _LowLevel.CK_RSA_PKCS_OAEP_PARAMS_LENGTH
+class CK_RSA_PKCS_PSS_PARAMS(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, CK_RSA_PKCS_PSS_PARAMS, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, CK_RSA_PKCS_PSS_PARAMS, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["hashAlg"] = _LowLevel.CK_RSA_PKCS_PSS_PARAMS_hashAlg_set
+ __swig_getmethods__["hashAlg"] = _LowLevel.CK_RSA_PKCS_PSS_PARAMS_hashAlg_get
+ if _newclass:
+ hashAlg = _swig_property(_LowLevel.CK_RSA_PKCS_PSS_PARAMS_hashAlg_get, _LowLevel.CK_RSA_PKCS_PSS_PARAMS_hashAlg_set)
+ __swig_setmethods__["mgf"] = _LowLevel.CK_RSA_PKCS_PSS_PARAMS_mgf_set
+ __swig_getmethods__["mgf"] = _LowLevel.CK_RSA_PKCS_PSS_PARAMS_mgf_get
+ if _newclass:
+ mgf = _swig_property(_LowLevel.CK_RSA_PKCS_PSS_PARAMS_mgf_get, _LowLevel.CK_RSA_PKCS_PSS_PARAMS_mgf_set)
+ __swig_setmethods__["sLen"] = _LowLevel.CK_RSA_PKCS_PSS_PARAMS_sLen_set
+ __swig_getmethods__["sLen"] = _LowLevel.CK_RSA_PKCS_PSS_PARAMS_sLen_get
+ if _newclass:
+ sLen = _swig_property(_LowLevel.CK_RSA_PKCS_PSS_PARAMS_sLen_get, _LowLevel.CK_RSA_PKCS_PSS_PARAMS_sLen_set)
+
+ def __init__(self):
+ this = _LowLevel.new_CK_RSA_PKCS_PSS_PARAMS()
+ try:
+ self.this.append(this)
+ except __builtin__.Exception:
+ self.this = this
+ __swig_destroy__ = _LowLevel.delete_CK_RSA_PKCS_PSS_PARAMS
+ __del__ = lambda self: None
+CK_RSA_PKCS_PSS_PARAMS_swigregister = _LowLevel.CK_RSA_PKCS_PSS_PARAMS_swigregister
+CK_RSA_PKCS_PSS_PARAMS_swigregister(CK_RSA_PKCS_PSS_PARAMS)
+
+CK_RSA_PKCS_PSS_PARAMS_LENGTH = _LowLevel.CK_RSA_PKCS_PSS_PARAMS_LENGTH
class CK_MECHANISM_INFO(_object):
__swig_setmethods__ = {}
__setattr__ = lambda self, name, value: _swig_setattr(self, CK_MECHANISM_INFO, name, value)
diff --git a/PyKCS11/__init__.py b/PyKCS11/__init__.py
index ccdd6bf..a2eda95 100644
--- a/PyKCS11/__init__.py
+++ b/PyKCS11/__init__.py
@@ -21,27 +21,6 @@ import PyKCS11.LowLevel
import os
import sys
-PY3 = sys.version_info[0] >= 3
-if PY3:
- def byte_to_int(byte):
- return byte
-
- def to_param_string(param):
- if isinstance(param, str):
- return bytes(param, 'ascii')
- else:
- return bytes(param)
-else:
- def byte_to_int(byte):
- return ord(byte)
-
- def to_param_string(param):
- if isinstance(param, str):
- return param
- else:
- return str(bytearray(param))
-
- range = xrange
# redefine PKCS#11 constants
CK_TRUE = PyKCS11.LowLevel.CK_TRUE
@@ -82,6 +61,7 @@ for x in PyKCS11.LowLevel.__dict__.keys():
eval(x[:3])[x] = eval(x) # => CKM['CKM_RSA_PKCS'] = CKM_RSA_PKCS
# special CKR[] values
+CKR[-3] = "Unknown format"
CKR[-2] = "Unkown PKCS#11 type"
CKR[-1] = "Load"
@@ -91,6 +71,46 @@ class ckbytelist(PyKCS11.LowLevel.ckbytelist):
add a __repr__() method to the LowLevel equivalent
"""
+ def __init__(self, data=[]):
+ # default size of the vector
+ size = 0
+ if isinstance(data, int):
+ size = data
+ data = None
+
+ super(ckbytelist, self).__init__(size)
+
+ # No value to initialize
+ if data is None:
+ return
+
+ # b'abc'
+ if isinstance(data, bytes):
+ self.reserve(len(data))
+ for x in data:
+ if sys.version_info[0] <= 2:
+ # Python 2
+ v = ord(x)
+ else:
+ # Python 3 and more
+ v = x
+ self.append(v)
+
+ # "abc"
+ elif isinstance(data, str):
+ tmp = bytes(data, "utf-8")
+ self.reserve(len(tmp))
+ for x in tmp:
+ self.append(x)
+
+ # [141, 142, 143]
+ elif isinstance(data, list) or isinstance(data, ckbytelist):
+ self.reserve(len(data))
+ for c in range(len(data)):
+ self.append(data[c])
+ else:
+ raise PyKCS11.PyKCS11Error(-3, text=type(data))
+
def __repr__(self):
"""
return the representation of a tuple
@@ -591,7 +611,7 @@ class PyKCS11Lib(object):
@param slot: slot number returned by L{getSlotList}
@type slot: integer
- @param flags: 0 (default), L{CKF_RW_SESSION} for RW session
+ @param flags: 0 (default), CKF_RW_SESSION for RW session
@type flags: integer
@return: a L{Session} object
"""
@@ -693,10 +713,10 @@ class Mechanism(object):
"""
self._mech = PyKCS11.LowLevel.CK_MECHANISM()
self._mech.mechanism = mechanism
- self._param = None
+ self._param = None
if param:
- self._param = to_param_string(param)
- self._mech.pParameter = self._param
+ self._param = ckbytelist(param)
+ self._mech.pParameter = self._param
self._mech.ulParameterLen = len(param)
def to_native(self):
@@ -708,25 +728,28 @@ MechanismRSAGENERATEKEYPAIR = Mechanism(CKM_RSA_PKCS_KEY_PAIR_GEN, None)
MechanismECGENERATEKEYPAIR = Mechanism(CKM_EC_KEY_PAIR_GEN, None)
MechanismAESGENERATEKEY = Mechanism(CKM_AES_KEY_GEN, None)
+
class RSAOAEPMechanism(object):
"""RSA OAEP Wrapping mechanism"""
- def __init__(self, hash, mgf, label=None):
+ def __init__(self, hashAlg, mgf, label=None):
"""
- @param hash: the hash algorithm to use (like L{CKM_SHA256})
+ @param hashAlg: the hash algorithm to use (like CKM_SHA256)
@param mgf: the mask generation function to use (like
- L{CKG_MGF1_SHA256})
+ CKG_MGF1_SHA256)
@param label: the (optional) label to use
"""
self._param = PyKCS11.LowLevel.CK_RSA_PKCS_OAEP_PARAMS()
- self._param.hashAlg = hash
+ self._param.hashAlg = hashAlg
self._param.mgf = mgf
self._source = None
+ self._param.src = CKZ_DATA_SPECIFIED
if label:
- self._param.src = CKZ_DATA_SPECIFIED
- self._source = to_param_string(label)
- self._param.pSourceData = self._source
- self._param.ulSourceDataLen = len(label)
+ self._source = ckbytelist(label)
+ self._param.ulSourceDataLen = len(self._source)
+ else:
+ self._param.ulSourceDataLen = 0
+ self._param.pSourceData = self._source
self._mech = PyKCS11.LowLevel.CK_MECHANISM()
self._mech.mechanism = CKM_RSA_PKCS_OAEP
self._mech.pParameter = self._param
@@ -735,6 +758,31 @@ class RSAOAEPMechanism(object):
def to_native(self):
return self._mech
+
+class RSA_PSS_Mechanism(object):
+ """RSA PSS Wrapping mechanism"""
+
+ def __init__(self, hashAlg, mgf, sLen):
+ """
+ @param hashAlg: the hash algorithm to use (like CKM_SHA384)
+ @param mgf: the mask generation function to use (like
+ CKG_MGF1_SHA384)
+ @param sLen: length, in bytes, of the salt value used in the PSS
+ encoding
+ """
+ self._param = PyKCS11.LowLevel.CK_RSA_PKCS_PSS_PARAMS()
+ self._param.hashAlg = hashAlg
+ self._param.mgf = mgf
+ self._param.sLen = sLen
+ self._mech = PyKCS11.LowLevel.CK_MECHANISM()
+ self._mech.mechanism = CKM_RSA_PKCS_PSS
+ self._mech.pParameter = self._param
+ self._mech.ulParameterLen = PyKCS11.LowLevel.CK_RSA_PKCS_PSS_PARAMS_LENGTH
+
+ def to_native(self):
+ return self._mech
+
+
class DigestSession(object):
def __init__(self, lib, session, mecha):
self._lib = lib
@@ -751,14 +799,7 @@ class DigestSession(object):
@param data: data to add to the digest
@type data: bytes or string
"""
- data1 = ckbytelist()
- data1.reserve(len(data))
- if isinstance(data, bytes):
- for x in data:
- data1.append(byte_to_int(x))
- else:
- for c in range(len(data)):
- data1.append(data[c])
+ data1 = ckbytelist(data)
rv = self._lib.C_DigestUpdate(self._session, data1)
if rv != CKR_OK:
raise PyKCS11Error(rv)
@@ -794,6 +835,7 @@ class DigestSession(object):
raise PyKCS11Error(rv)
return digest
+
class Session(object):
""" Manage L{PyKCS11Lib.openSession} objects """
@@ -943,16 +985,8 @@ class Session(object):
"""
digest = ckbytelist()
- ps = None # must be declared here or may be deallocated too early
m = mecha.to_native()
- data1 = ckbytelist()
- data1.reserve(len(data))
- if isinstance(data, bytes):
- for x in data:
- data1.append(byte_to_int(x))
- else:
- for c in range(len(data)):
- data1.append(data[c])
+ data1 = ckbytelist(data)
rv = self.lib.C_DigestInit(self.session, m)
if rv != CKR_OK:
raise PyKCS11Error(rv)
@@ -987,14 +1021,7 @@ class Session(object):
"""
m = mecha.to_native()
signature = ckbytelist()
- data1 = ckbytelist()
- data1.reserve(len(data))
- if isinstance(data, bytes):
- for x in data:
- data1.append(byte_to_int(x))
- else:
- for c in range(len(data)):
- data1.append(data[c])
+ data1 = ckbytelist(data)
rv = self.lib.C_SignInit(self.session, m, key)
if rv != CKR_OK:
raise PyKCS11Error(rv)
@@ -1026,15 +1053,7 @@ class Session(object):
"""
m = mecha.to_native()
- data1 = ckbytelist()
- data1.reserve(len(data))
-
- if isinstance(data, bytes):
- for x in data:
- data1.append(byte_to_int(x))
- else:
- for c in range(len(data)):
- data1.append(data[c])
+ data1 = ckbytelist(data)
rv = self.lib.C_VerifyInit(self.session, m, key)
if rv != CKR_OK:
raise PyKCS11Error(rv)
@@ -1066,16 +1085,8 @@ class Session(object):
"""
encrypted = ckbytelist()
- ps = None # must be declared here or may be deallocated too early
m = mecha.to_native()
- data1 = ckbytelist()
- data1.reserve(len(data))
- if isinstance(data, bytes):
- for x in data:
- data1.append(byte_to_int(x))
- else:
- for c in range(len(data)):
- data1.append(data[c])
+ data1 = ckbytelist(data)
rv = self.lib.C_EncryptInit(self.session, m, key)
if rv != CKR_OK:
raise PyKCS11Error(rv)
@@ -1110,14 +1121,7 @@ class Session(object):
"""
m = mecha.to_native()
decrypted = ckbytelist()
- data1 = ckbytelist()
- data1.reserve(len(data))
- if isinstance(data, bytes):
- for x in data:
- data1.append(byte_to_int(x))
- else:
- for c in range(len(data)):
- data1.append(data[c])
+ data1 = ckbytelist(data)
rv = self.lib.C_DecryptInit(self.session, m, key)
if rv != CKR_OK:
raise PyKCS11Error(rv)
@@ -1150,7 +1154,6 @@ class Session(object):
''.join(chr(i) for i in ckbytelistData)
"""
- m = PyKCS11.LowLevel.CK_MECHANISM()
wrapped = ckbytelist()
native = mecha.to_native()
# first call get wrapped size
@@ -1180,15 +1183,7 @@ class Session(object):
"""
m = mecha.to_native()
- wrapped = ckbytelist()
- data1 = ckbytelist()
- data1.reserve(len(wrappedKey))
- if isinstance(wrappedKey, bytes):
- for x in wrappedKey:
- data1.append(byte_to_int(x))
- else:
- for c in range(len(wrappedKey)):
- data1.append(wrappedKey[c])
+ data1 = ckbytelist(wrappedKey)
handle = PyKCS11.LowLevel.CK_OBJECT_HANDLE()
attrs = self._template2ckattrlist(template)
rv = self.lib.C_UnwrapKey(self.session, m, unwrappingKey, data1, attrs, handle)
@@ -1282,10 +1277,7 @@ class Session(object):
if isinstance(attr[1], int):
attrStr = str(attr[1])
if isinstance(attr[1], bytes):
- attrBin = ckbytelist()
- attrBin.reserve(len(attrStr))
- for c in range(len(attrStr)):
- attrBin.append(byte_to_int(attrStr[c]))
+ attrBin = ckbytelist(attrStr)
t[x].SetBin(attr[0], attrBin)
else:
raise PyKCS11Error(-2)
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..1aa4014
--- /dev/null
+++ b/README.md
@@ -0,0 +1,212 @@
+PyKCS11 - PKCS#11 Wrapper for Python - Project Overview
+=======================================================
+
+Authors
+=======
+
+- Copyright (C) 2004 Midori (midori -- a-t -- paipai dot net)
+- Copyright (C) 2006-2017 Ludovic Rousseau (ludovic.rousseau at free.fr)
+
+
+Licence
+=======
+
+ This file is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+Status
+======
+
+[](https://travis-ci.org/LudovicRousseau/PyKCS11)
+
+[](https://coveralls.io/github/LudovicRousseau/PyKCS11?branch=master)
+
+API
+===
+The API documentation is available at http://pkcs11wrap.sourceforge.net/api/
+
+Unix Howto
+==========
+To install::
+
+ $ make build
+ $ make install (or make install DESTDIR=/foo/bar)
+
+
+Windows Howto
+=============
+
+Prerequisites
+
+* Install python3 (and add "C:\Python34;C:\Python34\Scripts" to PATH
+ environment variable)
+* Install swig (and add swig install folder to PATH environment variable)
+* Install Visual studio 2010 SDK
+
+To install:
+
+Open "Visual Studio command prompt (2010)"
+
+cd to PyKCS11 folder and run::
+
+ > nmake -f Makefile.win32 build
+ > nmake -f Makefile.win32 install
+
+
+Known Bugs
+==========
+
+If in Windows the linker complains that the Python24_d.lib doesn't exists
+Please edit the "SWIG-Install-Dir\Lib\python\python.swg" file and replace
+following line::
+
+ #include "Python.h"
+
+with following code::
+
+ #ifdef _DEBUG
+ #undef _DEBUG
+ #include "Python.h"
+ #define _DEBUG
+ #else
+ #include "Python.h"
+ #endif
+
+This prevents the linker to try to link against the debug version of python lib
+that doesn't come with the standard distribution.
+
+
+History
+=======
+
+1.4.3 - June 2017, Ludovic Rousseau
+ - Add support of CKM_RSA_PKCS_PSS mechanism
+ - fix CKM_AES_CBC issue with Python 3
+ - add Unitary Tests (make tests)
+ - add tox support (automate and standardize testing in Python)
+ - add coverage support (measuring code coverage of Python programs)
+ - add Travis-CI configuration (automatic build and tests)
+ - some minor improvements
+
+1.4.2 - May 2017, Ludovic Rousseau
+ - Moved the project from https://bitbucket.org/PyKCS11/pykcs11 to
+ https://github.com/LudovicRousseau/PyKCS11
+ - Makefile: use a better default value for PREFIX
+ - Fix PyKCS11.__del__(): test that every module is accessible
+ - getSlotList(): add optional tokenPresent parameter
+ By default the method returns all the slots (like before the change).
+ - Always call C_Initialize() in ::Load() to work with some bogus
+ PKCS#11 library (like libCryptoki2 from Safenet Luna SA HSM)
+ - LowLevel samples: use PYKCS11LIB environment variable
+ - some minor improvements
+
+1.4.1 - February 2017, Ludovic Rousseau
+ - fix compilation under Python 3
+ - add rsa encryption sample program
+
+1.4.0 - February 2017, Ludovic Rousseau
+ - fix closeAllSessions() and move it Session to PKCS11Lib
+ - add RSAOAEPMechanism to support RSA Encryption
+ - add DigestSession which enables multi-part digesting
+ - add Elliptic curve keypair generating mechanism
+ - fix bug in Templates using booleans CK_TRUE/CK_FALSE
+ Templates are used by generateKey(), generateKeyPair(),
+ findObjects() createObject(), unwrapKey()
+ - fix dumpit.py sample for Python 3
+
+1.3.3 - November 2016, Ludovic Rousseau
+ - PKCS#11 definitions: sync with Cryptoki version 2.40
+ . add missing CKM_* and CKP_* defines
+ - Add generateKey() with default mechanism CKM_AES_KEY_GEN
+ - Make sure the PyKCS11Lib is referenced as long as Session object is live
+ - Fix OverflowError on Windows
+ - Attribute CKA_WRAP_WITH_TRUSTED is bool
+ - samples
+ - dumpit: ask to enter the PIN on the pinpad if needed
+ - getinfo & dumpit: add --slot= parameter
+ - some minor improvements
+
+1.3.2 - January 2016, Ludovic Rousseau
+ - Add wrappers for C_Verify, C_WrapKey, C_UnwrapKey
+ - PKCS#11 definitions: sync with Cryptoki version 2.30
+ - Generate CKM[CKM_VENDOR_DEFINED+x] values on the fly
+ - Fix use of a pinpad reader CKF_PROTECTED_AUTHENTICATION_PATH
+ - dumpit.py: lots of small fixes
+ - Setup call make to build pykcs11_wrap.cpp using SWIG
+ - Fix build on Windows
+ - Small bugs fixed
+
+1.3.1 - October 2015, Ludovic Rousseau
+ - PKCS#11 definitions: sync with Cryptoki version 2.30
+ - Add user type CK_CONTEXT_SPECIFIC
+ - Fixes #9, incorrect assignment of pParameter for CK_MECHANISMs.
+ - CKA_DERIVE is a CK_BBOOL and not byte array
+ - Add digest() and encrypt method to Session class
+ - Add samples:
+ - key-pair generation
+ - key-pair generation + certificate import
+ - printing public key modulus
+ - computing signature
+ - small bugs fixed
+
+1.3.0 - July 2014, Ludovic Rousseau
+ - add Python3 support
+
+1.2.4 - April 2012, Ludovic Rousseau
+ - improve epydoc documentation
+ - add pinpad support in C_Login() using pin=None
+ - add pinpad support in samples getinfo.py and dumpit.py
+ - add createObject()
+
+1.2.3 - December 2010, Ludovic Rousseau
+ - Add new classes CK_SLOT_INFO, CK_INFO, CK_SESSION_INFO,
+ CK_MECHANISM_INFO and CK_TOKEN_INFO instead of the low level ones
+ to have a __repr__() method. It is now possible to just print an
+ object of these classes and have a human readable version.
+ - Add a new class CK_OBJECT_HANDLE() to replace the low level one
+ and have a __repr__() method for objects returned by findObjects()
+ - Move initToken() from class Session to class PyKCS11Lib and add a
+ slot parameter.
+ - Add generateKeyPair and destoryObject support in high level
+ interface
+
+1.2.2 - June 2010, Ludovic Rousseau
+ - Debug low level C_GenerateRandom
+ - Add seedRandom() and generateRandom() in the high level API
+
+1.2.1 - November 2008, Ludovic Rousseau
+ - Use src/opensc/pkcs11.h instead of src/rsaref/* files since the
+ files from RSA are not free enough (no right to distribute modified
+ versions for example)
+ - improve samples/getinfo.py script
+ - bug fixes
+
+1.2.0 - August 2008, Ludovic Rousseau
+ - add getMechanismList() and getMechanismInfo()
+ - add Session().getSessionInfo()
+ - bug fixes
+
+1.1.1 - December 2006, Giuseppe Amato (Midori)
+ - bug fixes
+
+1.1.0 - August 2006, Ludovic Rousseau
+ - Introduce high level API
+
+1.0.2 - July 2006, Ludovic Rousseau
+ - port to Unix (tested on GNU/Linux only)
+ - explicit call to SWIG to generate the wrapper
+
+1.0.1 - 2004 Giuseppe Amato (Midori)
+ - first version
+ - Windows only
diff --git a/samples/encrypt.py b/samples/encrypt.py
index ad56a82..11240d9 100755
--- a/samples/encrypt.py
+++ b/samples/encrypt.py
@@ -24,8 +24,8 @@ import binascii
pkcs11 = PyKCS11Lib()
pkcs11.load() # define environment variable PYKCS11LIB=YourPKCS11Lib
-# get 2nd slot
-slot = pkcs11.getSlotList()[1]
+# get 1st slot
+slot = pkcs11.getSlotList()[0]
session = pkcs11.openSession(slot, CKF_SERIAL_SESSION | CKF_RW_SESSION)
session.login("1234")
diff --git a/samples/generate.py b/samples/generate.py
index 867e0fc..3c3508c 100755
--- a/samples/generate.py
+++ b/samples/generate.py
@@ -21,11 +21,11 @@ from PyKCS11 import *
pkcs11 = PyKCS11Lib()
pkcs11.load() # define environment variable PYKCS11LIB=YourPKCS11Lib
-# get 2nd slot
-slot = pkcs11.getSlotList()[1]
+# get 1st slot
+slot = pkcs11.getSlotList()[0]
session = pkcs11.openSession(slot, CKF_SERIAL_SESSION | CKF_RW_SESSION)
-session.login("11111111")
+session.login("1234")
pubTemplate = [
(CKA_CLASS, CKO_PUBLIC_KEY),
diff --git a/samples/modulus.py b/samples/modulus.py
index 18701ce..716ec90 100755
--- a/samples/modulus.py
+++ b/samples/modulus.py
@@ -24,14 +24,14 @@ import binascii
pkcs11 = PyKCS11Lib()
pkcs11.load() # define environment variable PYKCS11LIB=YourPKCS11Lib
-# get 2nd slot
-slot = pkcs11.getSlotList()[1]
+# get 1st slot
+slot = pkcs11.getSlotList()[0]
session = pkcs11.openSession(slot, CKF_SERIAL_SESSION | CKF_RW_SESSION)
-session.login("11111111")
+session.login("1234")
# key ID in hex (has to be tuple, that's why trailing comma)
-keyID = (0x11,)
+keyID = (0x22,)
# find public key and print modulus
pubKey = session.findObjects([(CKA_CLASS, CKO_PUBLIC_KEY), (CKA_ID, keyID)])[0]
diff --git a/samples/signature.py b/samples/signature.py
index 6aa830a..22931cb 100755
--- a/samples/signature.py
+++ b/samples/signature.py
@@ -25,13 +25,13 @@ pkcs11 = PyKCS11Lib()
pkcs11.load() # define environment variable PYKCS11LIB=YourPKCS11Lib
# get 3rd slot
-slot = pkcs11.getSlotList()[2]
+slot = pkcs11.getSlotList()[0]
session = pkcs11.openSession(slot, CKF_SERIAL_SESSION | CKF_RW_SESSION)
-session.login("22222222")
+session.login("1234")
# key ID in hex (has to be tuple, that's why trailing comma)
-keyID = (0x44,)
+keyID = (0x22,)
# "Hello world" in hex
toSign = "48656c6c6f20776f726c640d0a"
diff --git a/setup.py b/setup.py
index 8d6033c..3ea780d 100755
--- a/setup.py
+++ b/setup.py
@@ -55,7 +55,7 @@ else:
libraries_val = []
setup(name="PyKCS11",
- version="1.4.2",
+ version="1.4.3",
description="A Full PKCS#11 wrapper for Python",
keywords="crypto,pki,pkcs11,c++",
classifiers=classifiers,
diff --git a/src/opensc/pkcs11.h b/src/opensc/pkcs11.h
index d40d009..02c7419 100644
--- a/src/opensc/pkcs11.h
+++ b/src/opensc/pkcs11.h
@@ -707,6 +707,12 @@ struct ck_rsa_pkcs_oaep_params {
unsigned long source_data_len;
} ;
+typedef struct ck_rsa_pkcs_pss_params {
+ unsigned long hashAlg;
+ unsigned long mgf;
+ unsigned long sLen;
+} ;
+
#define CKF_HW (1 << 0)
#define CKF_ENCRYPT (1 << 8)
#define CKF_DECRYPT (1 << 9)
@@ -1273,6 +1279,9 @@ typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR;
typedef struct ck_rsa_pkcs_oaep_params CK_RSA_PKCS_OAEP_PARAMS;
typedef struct ck_rsa_pkcs_oaep_params *CK_RSA_PKCS_OAEP_PARAMS_PTR;
+typedef struct ck_rsa_pkcs_pss_params CK_RSA_PKCS_PSS_PARAMS;
+typedef struct ck_rsa_pkcs_pss_params *CK_RSA_PKCS_PSS_PARAMS_PTR;
+
typedef struct ck_function_list CK_FUNCTION_LIST;
typedef struct ck_function_list *CK_FUNCTION_LIST_PTR;
typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR;
@@ -1347,6 +1356,8 @@ typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;
#undef ck_rsa_pkcs_oaep_params
+#undef ck_rsa_pkcs_pss_params
+
#undef ck_rv_t
#undef ck_notify_t
diff --git a/src/pkcs11lib.cpp b/src/pkcs11lib.cpp
index e3827ce..282289a 100644
--- a/src/pkcs11lib.cpp
+++ b/src/pkcs11lib.cpp
@@ -74,7 +74,7 @@ bool CPKCS11Lib::Load(const char* szLib)
}
rv = m_pFunc->C_Initialize(NULL);
- if (CKR_OK != rv)
+ if (CKR_OK != rv && CKR_CRYPTOKI_ALREADY_INITIALIZED != rv)
return false;
m_bFinalizeOnClose = true;
diff --git a/src/pykcs11.i b/src/pykcs11.i
index f7ff4d6..66f588d 100644
--- a/src/pykcs11.i
+++ b/src/pykcs11.i
@@ -228,18 +228,22 @@ typedef struct CK_DATE{
};
%typemap(in) void* {
- char *buf;
- size_t sz;
- int alloc2 = 0;
- // If the value being set is of string type:
- if (PyString_Check($input) &&
- SWIG_IsOK(SWIG_AsCharPtrAndSize($input, &buf, &sz, &alloc2))) {
- arg2 = buf;
- } else {
+ vector<unsigned char> *vect;
+ // If the value being set is of ckbytelist type:
+ if (SWIG_IsOK(SWIG_ConvertPtr($input, (void **)&vect, SWIGTYPE_p_std__vectorT_unsigned_char_std__allocatorT_unsigned_char_t_t, 0)))
+ {
+ // Get the data from the vector
+ arg2 = vect->data();
+ }
+ else
+ {
// If the value being set is of CK_RSA_PKCS_OAEP_PARAMS type:
int res2 = SWIG_ConvertPtr($input, &arg2, $descriptor(CK_RSA_PKCS_OAEP_PARAMS*), 0 | 0 );
if (!SWIG_IsOK(res2)) {
- SWIG_exception_fail(SWIG_ArgError(res2), "unsupported CK_MECHANISM Parameter type.");
+ res2 = SWIG_ConvertPtr($input, &arg2, $descriptor(CK_RSA_PKCS_PSS_PARAMS*), 0);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "unsupported CK_MECHANISM Parameter type.");
+ }
}
}
}
@@ -287,6 +291,29 @@ typedef struct CK_RSA_PKCS_OAEP_PARAMS {
%constant int CK_RSA_PKCS_OAEP_PARAMS_LENGTH = sizeof(CK_RSA_PKCS_OAEP_PARAMS);
+//%typemap(in) void*;
+//%typemap(in) void* = char*;
+
+typedef struct CK_RSA_PKCS_PSS_PARAMS {
+ unsigned long hashAlg;
+ unsigned long mgf;
+ unsigned long sLen;
+} CK_RSA_PKCS_PSS_PARAMS;
+
+%extend CK_RSA_PKCS_PSS_PARAMS
+{
+ CK_RSA_PKCS_PSS_PARAMS()
+ {
+ CK_RSA_PKCS_PSS_PARAMS *p = new CK_RSA_PKCS_PSS_PARAMS();
+ p->hashAlg = 0;
+ p->mgf = 0;
+ p->sLen = 0;
+ return p;
+ }
+};
+
+%constant int CK_RSA_PKCS_PSS_PARAMS_LENGTH = sizeof(CK_RSA_PKCS_PSS_PARAMS);
+
typedef struct CK_MECHANISM_INFO {
%immutable;
unsigned long ulMinKeySize;
diff --git a/src/pykcs11_wrap.cpp b/src/pykcs11_wrap.cpp
index aa055df..8c6a0d5 100644
--- a/src/pykcs11_wrap.cpp
+++ b/src/pykcs11_wrap.cpp
@@ -3014,33 +3014,34 @@ SWIG_Python_NonDynamicSetAttr(PyObject *obj, PyObject *name, PyObject *value) {
#define SWIGTYPE_p_CK_MECHANISM_INFO swig_types[4]
#define SWIGTYPE_p_CK_OBJECT_HANDLE swig_types[5]
#define SWIGTYPE_p_CK_RSA_PKCS_OAEP_PARAMS swig_types[6]
-#define SWIGTYPE_p_CK_SESSION_HANDLE swig_types[7]
-#define SWIGTYPE_p_CK_SESSION_INFO swig_types[8]
-#define SWIGTYPE_p_CK_SLOT_INFO swig_types[9]
-#define SWIGTYPE_p_CK_TOKEN_INFO swig_types[10]
-#define SWIGTYPE_p_CK_VERSION swig_types[11]
-#define SWIGTYPE_p_CPKCS11Lib swig_types[12]
-#define SWIGTYPE_p_allocator_type swig_types[13]
-#define SWIGTYPE_p_char swig_types[14]
-#define SWIGTYPE_p_difference_type swig_types[15]
-#define SWIGTYPE_p_p_PyObject swig_types[16]
-#define SWIGTYPE_p_size_type swig_types[17]
-#define SWIGTYPE_p_std__allocatorT_CK_ATTRIBUTE_SMART_t swig_types[18]
-#define SWIGTYPE_p_std__allocatorT_CK_OBJECT_HANDLE_t swig_types[19]
-#define SWIGTYPE_p_std__allocatorT_long_t swig_types[20]
-#define SWIGTYPE_p_std__allocatorT_unsigned_char_t swig_types[21]
-#define SWIGTYPE_p_std__invalid_argument swig_types[22]
-#define SWIGTYPE_p_std__vectorT_CK_ATTRIBUTE_SMART_std__allocatorT_CK_ATTRIBUTE_SMART_t_t swig_types[23]
-#define SWIGTYPE_p_std__vectorT_CK_OBJECT_HANDLE_std__allocatorT_CK_OBJECT_HANDLE_t_t swig_types[24]
-#define SWIGTYPE_p_std__vectorT_long_std__allocatorT_long_t_t swig_types[25]
-#define SWIGTYPE_p_std__vectorT_unsigned_char_std__allocatorT_unsigned_char_t_t swig_types[26]
-#define SWIGTYPE_p_swig__SwigPyIterator swig_types[27]
-#define SWIGTYPE_p_unsigned_char swig_types[28]
-#define SWIGTYPE_p_unsigned_long swig_types[29]
-#define SWIGTYPE_p_value_type swig_types[30]
-#define SWIGTYPE_p_void swig_types[31]
-static swig_type_info *swig_types[33];
-static swig_module_info swig_module = {swig_types, 32, 0, 0, 0, 0};
+#define SWIGTYPE_p_CK_RSA_PKCS_PSS_PARAMS swig_types[7]
+#define SWIGTYPE_p_CK_SESSION_HANDLE swig_types[8]
+#define SWIGTYPE_p_CK_SESSION_INFO swig_types[9]
+#define SWIGTYPE_p_CK_SLOT_INFO swig_types[10]
+#define SWIGTYPE_p_CK_TOKEN_INFO swig_types[11]
+#define SWIGTYPE_p_CK_VERSION swig_types[12]
+#define SWIGTYPE_p_CPKCS11Lib swig_types[13]
+#define SWIGTYPE_p_allocator_type swig_types[14]
+#define SWIGTYPE_p_char swig_types[15]
+#define SWIGTYPE_p_difference_type swig_types[16]
+#define SWIGTYPE_p_p_PyObject swig_types[17]
+#define SWIGTYPE_p_size_type swig_types[18]
+#define SWIGTYPE_p_std__allocatorT_CK_ATTRIBUTE_SMART_t swig_types[19]
+#define SWIGTYPE_p_std__allocatorT_CK_OBJECT_HANDLE_t swig_types[20]
+#define SWIGTYPE_p_std__allocatorT_long_t swig_types[21]
+#define SWIGTYPE_p_std__allocatorT_unsigned_char_t swig_types[22]
+#define SWIGTYPE_p_std__invalid_argument swig_types[23]
+#define SWIGTYPE_p_std__vectorT_CK_ATTRIBUTE_SMART_std__allocatorT_CK_ATTRIBUTE_SMART_t_t swig_types[24]
+#define SWIGTYPE_p_std__vectorT_CK_OBJECT_HANDLE_std__allocatorT_CK_OBJECT_HANDLE_t_t swig_types[25]
+#define SWIGTYPE_p_std__vectorT_long_std__allocatorT_long_t_t swig_types[26]
+#define SWIGTYPE_p_std__vectorT_unsigned_char_std__allocatorT_unsigned_char_t_t swig_types[27]
+#define SWIGTYPE_p_swig__SwigPyIterator swig_types[28]
+#define SWIGTYPE_p_unsigned_char swig_types[29]
+#define SWIGTYPE_p_unsigned_long swig_types[30]
+#define SWIGTYPE_p_value_type swig_types[31]
+#define SWIGTYPE_p_void swig_types[32]
+static swig_type_info *swig_types[34];
+static swig_module_info swig_module = {swig_types, 33, 0, 0, 0, 0};
#define SWIG_TypeQuery(name) SWIG_TypeQueryModule(&swig_module, &swig_module, name)
#define SWIG_MangledTypeQuery(name) SWIG_MangledTypeQueryModule(&swig_module, &swig_module, name)
@@ -5610,6 +5611,13 @@ SWIGINTERNINLINE PyObject*
return PyInt_FromLong((long) value);
}
+SWIGINTERN CK_RSA_PKCS_PSS_PARAMS *new_CK_RSA_PKCS_PSS_PARAMS(){
+ CK_RSA_PKCS_PSS_PARAMS *p = new CK_RSA_PKCS_PSS_PARAMS();
+ p->hashAlg = 0;
+ p->mgf = 0;
+ p->sLen = 0;
+ return p;
+ }
SWIGINTERN int
SWIG_AsVal_bool (PyObject *obj, bool *val)
@@ -15834,18 +15842,22 @@ SWIGINTERN PyObject *_wrap_CK_MECHANISM_pParameter_set(PyObject *SWIGUNUSEDPARM(
}
arg1 = reinterpret_cast< CK_MECHANISM * >(argp1);
{
- char *buf;
- size_t sz;
- int alloc2 = 0;
- // If the value being set is of string type:
- if (PyString_Check(obj1) &&
- SWIG_IsOK(SWIG_AsCharPtrAndSize(obj1, &buf, &sz, &alloc2))) {
- arg2 = buf;
- } else {
+ vector<unsigned char> *vect;
+ // If the value being set is of ckbytelist type:
+ if (SWIG_IsOK(SWIG_ConvertPtr(obj1, (void **)&vect, SWIGTYPE_p_std__vectorT_unsigned_char_std__allocatorT_unsigned_char_t_t, 0)))
+ {
+ // Get the data from the vector
+ arg2 = vect->data();
+ }
+ else
+ {
// If the value being set is of CK_RSA_PKCS_OAEP_PARAMS type:
int res2 = SWIG_ConvertPtr(obj1, &arg2, SWIGTYPE_p_CK_RSA_PKCS_OAEP_PARAMS, 0 | 0 );
if (!SWIG_IsOK(res2)) {
- SWIG_exception_fail(SWIG_ArgError(res2), "unsupported CK_MECHANISM Parameter type.");
+ res2 = SWIG_ConvertPtr(obj1, &arg2, SWIGTYPE_p_CK_RSA_PKCS_PSS_PARAMS, 0);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "unsupported CK_MECHANISM Parameter type.");
+ }
}
}
}
@@ -16274,6 +16286,203 @@ SWIGINTERN PyObject *CK_RSA_PKCS_OAEP_PARAMS_swigregister(PyObject *SWIGUNUSEDPA
return SWIG_Py_Void();
}
+SWIGINTERN PyObject *_wrap_CK_RSA_PKCS_PSS_PARAMS_hashAlg_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ CK_RSA_PKCS_PSS_PARAMS *arg1 = (CK_RSA_PKCS_PSS_PARAMS *) 0 ;
+ unsigned long arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned long val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
... 246 lines suppressed ...
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/pykcs11.git
More information about the Python-modules-commits
mailing list