LudovicRousseau / PyKCS11 / 16367380199

"""

  Copyright (C) 2006-2025 Ludovic Rousseau (ludovic.rousseau@free.fr)

  Copyright (C) 2010 Giuseppe Amato (additions to original interface)

This file is free software; you can redistribute it and/or modify it

under the terms of the GNU General Public License as published by

the Free Software Foundation; either version 2 of the License, or

(at your option) any later version.

This program is distributed in the hope that it will be useful, but

WITHOUT ANY WARRANTY; without even the implied warranty of

MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

General Public License for more details.

You should have received a copy of the GNU General Public License

along with this program; if not, write to the Free Software

Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA.

"""

# pylint: disable=too-many-lines

# special CKR[] values

    """

    add a __repr__() method to the LowLevel equivalent

    """

        else:

        """

        return the representation of a tuple

        the __str__ method will use it also

        """

    """

    add a __repr__() method to the LowLevel equivalent

    """

        """

        convert the fields of the object into a dictionnary

        """

        # all the attibutes defined by PKCS#11

        # only use the integer values and not the strings like 'CKM_RSA_PKCS'

        # all the attributes of the object

            else:

        """

        text representation of the object

        """

    """

    Base class for CK_* classes

    """

    # dictionnary of integer_value: text_value for the flags bits

    # dictionnary of fields names and types

    # type can be "pair", "flags" or "text"

        """

        parse the `self.flags` field and create a list of `CKF_*` strings

        corresponding to bits set in flags

        :return: a list of strings

        :rtype: list

        """

        """

        Dummy method. Will be overwriden if necessary

        """

        """

        convert the fields of the object into a dictionnary

        """

            else:

        """

        text representation of the object

        """

            else:

    """

    matches the PKCS#11 CK_SLOT_INFO structure

    :ivar slotDescription: blank padded

    :type slotDescription: string

    :ivar manufacturerID: blank padded

    :type manufacturerID: string

    :ivar flags: See :func:`CkClass.flags2text`

    :type flags: integer

    :ivar hardwareVersion: 2 elements list

    :type hardwareVersion: list

    :ivar firmwareVersion: 2 elements list

    :type firmwareVersion: list

    """

        CKF_TOKEN_PRESENT: "CKF_TOKEN_PRESENT",

        CKF_REMOVABLE_DEVICE: "CKF_REMOVABLE_DEVICE",

        CKF_HW_SLOT: "CKF_HW_SLOT",

    }

        "slotDescription": "text",

        "manufacturerID": "text",

        "flags": "flags",

        "hardwareVersion": "text",

        "firmwareVersion": "text",

    }

    """

    matches the PKCS#11 CK_INFO structure

    :ivar cryptokiVersion: Cryptoki interface version

    :type cryptokiVersion: integer

    :ivar manufacturerID: blank padded

    :type manufacturerID: string

    :ivar flags: must be zero

    :type flags: integer

    :ivar libraryDescription: blank padded

    :type libraryDescription: string

    :var libraryVersion: 2 elements list

    :type libraryVersion: list

    """

        "cryptokiVersion": "pair",

        "manufacturerID": "text",

        "flags": "flags",

        "libraryDescription": "text",

        "libraryVersion": "pair",

    }

    """

    matches the PKCS#11 CK_SESSION_INFO structure

    :ivar slotID: ID of the slot that interfaces with the token

    :type slotID: integer

    :ivar state: state of the session

    :type state: integer

    :ivar flags: bit flags that define the type of session

    :type flags: integer

    :ivar ulDeviceError: an error code defined by the cryptographic token

    :type ulDeviceError: integer

    """

        CKF_RW_SESSION: "CKF_RW_SESSION",

        CKF_SERIAL_SESSION: "CKF_SERIAL_SESSION",

    }

        """

        parse the `self.state` field and return a `CKS_*` string

        corresponding to the state

        :return: a string

        :rtype: string

        """

        "slotID": "text",

        "state": "text",

        "flags": "flags",

        "ulDeviceError": "text",

    }

    """

    matches the PKCS#11 CK_TOKEN_INFO structure

    :ivar label: blank padded

    :type label: string

    :ivar manufacturerID: blank padded

    :type manufacturerID: string

    :ivar model: string blank padded

    :type model: string

    :ivar serialNumber: string blank padded

    :type serialNumber: string

    :ivar flags:

    :type flags: integer

    :ivar ulMaxSessionCount:

    :type ulMaxSessionCount: integer

    :ivar ulSessionCount:

    :type ulSessionCount: integer

    :ivar ulMaxRwSessionCount:

    :type ulMaxRwSessionCount: integer

    :ivar ulRwSessionCount:

    :type ulRwSessionCount: integer

    :ivar ulMaxPinLen:

    :type ulMaxPinLen: integer

    :ivar ulMinPinLen:

    :type ulMinPinLen: integer

    :ivar ulTotalPublicMemory:

    :type ulTotalPublicMemory: integer

    :ivar ulFreePublicMemory:

    :type ulFreePublicMemory: integer

    :ivar ulTotalPrivateMemory:

    :type ulTotalPrivateMemory: integer

    :ivar ulFreePrivateMemory:

    :type ulFreePrivateMemory: integer

    :ivar hardwareVersion: 2 elements list

    :type hardwareVersion: list

    :ivar firmwareVersion: 2 elements list

    :type firmwareVersion: list

    :ivar utcTime: string

    :type utcTime: string

    """

    # pylint: disable=too-many-instance-attributes

        CKF_RNG: "CKF_RNG",

        CKF_WRITE_PROTECTED: "CKF_WRITE_PROTECTED",

        CKF_LOGIN_REQUIRED: "CKF_LOGIN_REQUIRED",

        CKF_USER_PIN_INITIALIZED: "CKF_USER_PIN_INITIALIZED",

        CKF_RESTORE_KEY_NOT_NEEDED: "CKF_RESTORE_KEY_NOT_NEEDED",

        CKF_CLOCK_ON_TOKEN: "CKF_CLOCK_ON_TOKEN",

        CKF_PROTECTED_AUTHENTICATION_PATH: "CKF_PROTECTED_AUTHENTICATION_PATH",

        CKF_DUAL_CRYPTO_OPERATIONS: "CKF_DUAL_CRYPTO_OPERATIONS",

        CKF_TOKEN_INITIALIZED: "CKF_TOKEN_INITIALIZED",

        CKF_SECONDARY_AUTHENTICATION: "CKF_SECONDARY_AUTHENTICATION",

        CKF_USER_PIN_COUNT_LOW: "CKF_USER_PIN_COUNT_LOW",

        CKF_USER_PIN_FINAL_TRY: "CKF_USER_PIN_FINAL_TRY",

        CKF_USER_PIN_LOCKED: "CKF_USER_PIN_LOCKED",

        CKF_USER_PIN_TO_BE_CHANGED: "CKF_USER_PIN_TO_BE_CHANGED",

        CKF_SO_PIN_COUNT_LOW: "CKF_SO_PIN_COUNT_LOW",

        CKF_SO_PIN_FINAL_TRY: "CKF_SO_PIN_FINAL_TRY",

        CKF_SO_PIN_LOCKED: "CKF_SO_PIN_LOCKED",

        CKF_SO_PIN_TO_BE_CHANGED: "CKF_SO_PIN_TO_BE_CHANGED",

    }

        "label": "text",

        "manufacturerID": "text",

        "model": "text",

        "serialNumber": "text",

        "flags": "flags",

        "ulMaxSessionCount": "text",

        "ulSessionCount": "text",

        "ulMaxRwSessionCount": "text",

        "ulRwSessionCount": "text",

        "ulMaxPinLen": "text",

        "ulMinPinLen": "text",

        "ulTotalPublicMemory": "text",

        "ulFreePublicMemory": "text",

        "ulTotalPrivateMemory": "text",

        "ulFreePrivateMemory": "text",

        "hardwareVersion": "pair",

        "firmwareVersion": "pair",

        "utcTime": "text",

    }

    """

    matches the PKCS#11 CK_MECHANISM_INFO structure

    :ivar ulMinKeySize: minimum size of the key

    :type ulMinKeySize: integer

    :ivar ulMaxKeySize: maximum size of the key

    :type ulMaxKeySize: integer

    :ivar flags: bit flags specifying mechanism capabilities

    :type flags: integer

    """

        CKF_HW: "CKF_HW",

        CKF_ENCRYPT: "CKF_ENCRYPT",

        CKF_DECRYPT: "CKF_DECRYPT",

        CKF_DIGEST: "CKF_DIGEST",

        CKF_SIGN: "CKF_SIGN",

        CKF_SIGN_RECOVER: "CKF_SIGN_RECOVER",

        CKF_VERIFY: "CKF_VERIFY",

        CKF_VERIFY_RECOVER: "CKF_VERIFY_RECOVER",

        CKF_GENERATE: "CKF_GENERATE",

        CKF_GENERATE_KEY_PAIR: "CKF_GENERATE_KEY_PAIR",

        CKF_WRAP: "CKF_WRAP",

        CKF_UNWRAP: "CKF_UNWRAP",

        CKF_DERIVE: "CKF_DERIVE",

        CKF_EXTENSION: "CKF_EXTENSION",

    }

    """define the possible PyKCS11 exceptions"""

        """

        The text representation of a PKCS#11 error is something like:

        "CKR_DEVICE_ERROR (0x00000030)"

        """

    """high level PKCS#11 binding"""

    # shared by all instances

        # pylint: disable=too-many-boolean-expressions

            PyKCS11

            and PyKCS11.__name__

            and PyKCS11.LowLevel

            and PyKCS11.LowLevel.__name__

            and PyKCS11.LowLevel._LowLevel

            and PyKCS11.LowLevel._LowLevel.__name__

        ):

            # unload the library

        """

        load a PKCS#11 library

        :type pkcs11dll_filename: string

        :param pkcs11dll_filename: the library name.

          If this parameter is not set then the environment variable

          `PYKCS11LIB` is used instead

        :returns: a :class:`PyKCS11Lib` object

        :raises: :class:`PyKCS11Error` (-1): when the load fails

        """

                        -1, "No PKCS11 library specified (set PYKCS11LIB env variable)"

                    )

                # if the instance was previously initialized,

                # create a new low level library object for it

            # if the lib is already in use: reuse it

            else:

                # else load it

                    "ref": self.lib,

                    "nb_users": 0,

                }

            # remember the lib file name

            # increase user number

        """

        unload the current instance of a PKCS#11 library

        """

        """

        unload the current instance of a PKCS#11 library

        The lock is already held

        """

        # in case NO library was found and used

                -1,

                f"invalid PyKCS11Lib state: {self.pkcs11dll_filename} "

                + f"not in {PyKCS11Lib._loaded_libs}",

            )

        # decrease user number

            # unload only if no more used

        # remove unused entry

        # the case < 0 happens if lib loading failed

        """

        C_InitToken

        :param slot: slot number returned by :func:`getSlotList`

        :type slot: integer

        :param pin: Security Officer's initial PIN

        :param label: new label of the token

        """

        """

        C_GetInfo

        :return: a :class:`CK_INFO` object

        """

        """

        C_GetSlotList

        :param tokenPresent: `False` (default) to list all slots,

          `True` to list only slots with present tokens

        :type tokenPresent: bool

        :return: a list of available slots

        :rtype: list

        """

        """

        C_GetSlotInfo

        :param slot: slot number returned by :func:`getSlotList`

        :type slot: integer

        :return: a :class:`CK_SLOT_INFO` object

        """

        """

        C_GetTokenInfo

        :param slot: slot number returned by :func:`getSlotList`

        :type slot: integer

        :return: a :class:`CK_TOKEN_INFO` object

        """

            tokeninfo.hardwareVersion.major,

            tokeninfo.hardwareVersion.minor,

        )

            tokeninfo.firmwareVersion.major,

            tokeninfo.firmwareVersion.minor,

        )

        """

        C_OpenSession

        :param slot: slot number returned by :func:`getSlotList`

        :type slot: integer

        :param flags: 0 (default), `CKF_RW_SESSION` for RW session

        :type flags: integer

        :return: a :class:`Session` object

        """

        """

        C_CloseAllSessions

        :param slot: slot number

        :type slot: integer

        """

        """

        C_GetMechanismList

        :param slot: slot number returned by :func:`getSlotList`

        :type slot: integer

        :return: the list of available mechanisms for a slot

        :rtype: list

        """

        """

        C_GetMechanismInfo

        :param slot: slot number returned by :func:`getSlotList`

        :type slot: integer

        :param ckm_type: a `CKM_*` type

        :type ckm_type: integer

        :return: information about a mechanism

        :rtype: a :class:`CK_MECHANISM_INFO` object

        """

        """

        C_WaitForSlotEvent

        :param flags: 0 (default) or `CKF_DONT_BLOCK`

        :type flags: integer

        :return: slot

        :rtype: integer

        """

    """Wraps CK_MECHANISM"""

    # pylint: disable=too-few-public-methods

        """

        :param mechanism: the mechanism to be used

        :type mechanism: integer, any `CKM_*` value

        :param param: data to be used as crypto operation parameter

          (i.e. the IV for some algorithms)

        :type param: string or list/tuple of bytes

        :see: :func:`Session.decrypt`, :func:`Session.sign`

        """

        """convert mechanism to native format"""

    """CKM_AES_GCM warpping mechanism"""

    # pylint: disable=too-few-public-methods

        """

        :param iv: initialization vector

        :param aad: additional authentication data

        :param tagBits: length of authentication tag in bits

        """