1""" 2Definitions imported from PKCS11 C headers. 3""" 4 5cdef extern from '../extern/cryptoki.h': 6 7 ctypedef unsigned char CK_BYTE 8 ctypedef CK_BYTE CK_BBOOL 9 ctypedef CK_BYTE CK_UTF8CHAR 10 ctypedef unsigned char CK_CHAR 11 ctypedef unsigned long int CK_ULONG 12 ctypedef CK_ULONG CK_ATTRIBUTE_TYPE 13 ctypedef CK_ULONG CK_EC_KDF_TYPE 14 ctypedef CK_ULONG CK_FLAGS 15 ctypedef CK_ULONG CK_MECHANISM_TYPE 16 ctypedef CK_ULONG CK_OBJECT_HANDLE 17 ctypedef CK_ULONG CK_RSA_PKCS_MGF_TYPE 18 ctypedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE 19 ctypedef CK_ULONG CK_SESSION_HANDLE 20 ctypedef CK_ULONG CK_SLOT_ID 21 ctypedef CK_ULONG CK_STATE 22 23 ctypedef enum CK_RV: 24 CKR_OK, 25 CKR_CANCEL, 26 CKR_HOST_MEMORY, 27 CKR_SLOT_ID_INVALID, 28 29 CKR_GENERAL_ERROR, 30 CKR_FUNCTION_FAILED, 31 32 CKR_ARGUMENTS_BAD, 33 CKR_NO_EVENT, 34 CKR_NEED_TO_CREATE_THREADS, 35 CKR_CANT_LOCK, 36 37 CKR_ATTRIBUTE_READ_ONLY, 38 CKR_ATTRIBUTE_SENSITIVE, 39 CKR_ATTRIBUTE_TYPE_INVALID, 40 CKR_ATTRIBUTE_VALUE_INVALID, 41 CKR_DATA_INVALID, 42 CKR_DATA_LEN_RANGE, 43 CKR_DEVICE_ERROR, 44 CKR_DEVICE_MEMORY, 45 CKR_DEVICE_REMOVED, 46 CKR_ENCRYPTED_DATA_INVALID, 47 CKR_ENCRYPTED_DATA_LEN_RANGE, 48 CKR_FUNCTION_CANCELED, 49 CKR_FUNCTION_NOT_PARALLEL, 50 51 CKR_FUNCTION_NOT_SUPPORTED, 52 53 CKR_KEY_HANDLE_INVALID, 54 55 CKR_KEY_SIZE_RANGE, 56 CKR_KEY_TYPE_INCONSISTENT, 57 58 CKR_KEY_NOT_NEEDED, 59 CKR_KEY_CHANGED, 60 CKR_KEY_NEEDED, 61 CKR_KEY_INDIGESTIBLE, 62 CKR_KEY_FUNCTION_NOT_PERMITTED, 63 CKR_KEY_NOT_WRAPPABLE, 64 CKR_KEY_UNEXTRACTABLE, 65 66 CKR_MECHANISM_INVALID, 67 CKR_MECHANISM_PARAM_INVALID, 68 69 CKR_OBJECT_HANDLE_INVALID, 70 CKR_OPERATION_ACTIVE, 71 CKR_OPERATION_NOT_INITIALIZED, 72 CKR_PIN_INCORRECT, 73 CKR_PIN_INVALID, 74 CKR_PIN_LEN_RANGE, 75 76 CKR_PIN_EXPIRED, 77 CKR_PIN_LOCKED, 78 79 CKR_SESSION_CLOSED, 80 CKR_SESSION_COUNT, 81 CKR_SESSION_HANDLE_INVALID, 82 CKR_SESSION_PARALLEL_NOT_SUPPORTED, 83 CKR_SESSION_READ_ONLY, 84 CKR_SESSION_EXISTS, 85 86 CKR_SESSION_READ_ONLY_EXISTS, 87 CKR_SESSION_READ_WRITE_SO_EXISTS, 88 89 CKR_SIGNATURE_INVALID, 90 CKR_SIGNATURE_LEN_RANGE, 91 CKR_TEMPLATE_INCOMPLETE, 92 CKR_TEMPLATE_INCONSISTENT, 93 CKR_TOKEN_NOT_PRESENT, 94 CKR_TOKEN_NOT_RECOGNIZED, 95 CKR_TOKEN_WRITE_PROTECTED, 96 CKR_UNWRAPPING_KEY_HANDLE_INVALID, 97 CKR_UNWRAPPING_KEY_SIZE_RANGE, 98 CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, 99 CKR_USER_ALREADY_LOGGED_IN, 100 CKR_USER_NOT_LOGGED_IN, 101 CKR_USER_PIN_NOT_INITIALIZED, 102 CKR_USER_TYPE_INVALID, 103 104 CKR_USER_ANOTHER_ALREADY_LOGGED_IN, 105 CKR_USER_TOO_MANY_TYPES, 106 107 CKR_WRAPPED_KEY_INVALID, 108 CKR_WRAPPED_KEY_LEN_RANGE, 109 CKR_WRAPPING_KEY_HANDLE_INVALID, 110 CKR_WRAPPING_KEY_SIZE_RANGE, 111 CKR_WRAPPING_KEY_TYPE_INCONSISTENT, 112 CKR_RANDOM_SEED_NOT_SUPPORTED, 113 114 CKR_RANDOM_NO_RNG, 115 116 CKR_DOMAIN_PARAMS_INVALID, 117 118 CKR_BUFFER_TOO_SMALL, 119 CKR_SAVED_STATE_INVALID, 120 CKR_INFORMATION_SENSITIVE, 121 CKR_STATE_UNSAVEABLE, 122 123 CKR_CRYPTOKI_NOT_INITIALIZED, 124 CKR_CRYPTOKI_ALREADY_INITIALIZED, 125 CKR_MUTEX_BAD, 126 CKR_MUTEX_NOT_LOCKED, 127 128 CKR_NEW_PIN_MODE, 129 CKR_NEXT_OTP, 130 CKR_EXCEEDED_MAX_ITERATIONS, 131 CKR_FIPS_SELF_TEST_FAILED, 132 CKR_LIBRARY_LOAD_FAILED, 133 CKR_PIN_TOO_WEAK, 134 CKR_PUBLIC_KEY_INVALID, 135 136 CKR_FUNCTION_REJECTED, 137 138 CKR_VENDOR_DEFINED, 139 140 141 ctypedef enum CK_USER_TYPE: 142 CKU_SO, 143 CKU_USER, 144 CKU_CONTEXT_SPECIFIC, 145 146 cdef enum: 147 CK_TRUE, 148 CK_FALSE, 149 150 cdef enum: # CK_FLAGS 151 CKF_RW_SESSION, 152 CKF_SERIAL_SESSION, 153 154 cdef enum: # CKZ 155 CKZ_DATA_SPECIFIED, 156 157 cdef enum: # CK_STATE 158 CKS_RO_PUBLIC_SESSION, 159 CKS_RO_USER_FUNCTIONS, 160 CKS_RW_PUBLIC_SESSION, 161 CKS_RW_USER_FUNCTIONS, 162 CKS_RW_SO_FUNCTIONS 163 164 ctypedef struct CK_VERSION: 165 CK_BYTE major 166 CK_BYTE minor 167 168 ctypedef struct CK_INFO: 169 CK_VERSION cryptokiVersion; 170 CK_UTF8CHAR manufacturerID[32] 171 CK_FLAGS flags 172 173 CK_UTF8CHAR libraryDescription[32] 174 CK_VERSION libraryVersion; 175 176 ctypedef struct CK_SLOT_INFO: 177 CK_UTF8CHAR slotDescription[64] 178 CK_UTF8CHAR manufacturerID[32] 179 CK_FLAGS flags 180 181 CK_VERSION hardwareVersion 182 CK_VERSION firmwareVersion 183 184 ctypedef struct CK_MECHANISM_INFO: 185 CK_ULONG ulMinKeySize 186 CK_ULONG ulMaxKeySize 187 CK_FLAGS flags 188 189 ctypedef struct CK_TOKEN_INFO: 190 CK_UTF8CHAR label[32] 191 CK_UTF8CHAR manufacturerID[32] 192 CK_UTF8CHAR model[16] 193 CK_CHAR serialNumber[16] 194 CK_FLAGS flags 195 196 CK_ULONG ulMaxSessionCount 197 CK_ULONG ulSessionCount 198 CK_ULONG ulMaxRwSessionCount 199 CK_ULONG ulRwSessionCount 200 CK_ULONG ulMaxPinLen 201 CK_ULONG ulMinPinLen 202 CK_ULONG ulTotalPublicMemory 203 CK_ULONG ulFreePublicMemory 204 CK_ULONG ulTotalPrivateMemory 205 CK_ULONG ulFreePrivateMemory 206 CK_VERSION hardwareVersion 207 CK_VERSION firmwareVersion 208 CK_CHAR utcTime[16] 209 210 ctypedef struct CK_SESSION_INFO: 211 CK_SLOT_ID slotID 212 CK_STATE state 213 CK_FLAGS flags 214 CK_ULONG ulDeviceError 215 216 ctypedef struct CK_MECHANISM: 217 CK_MECHANISM_TYPE mechanism 218 void *pParameter 219 CK_ULONG ulParameterLen 220 221 ctypedef struct CK_ATTRIBUTE: 222 CK_ATTRIBUTE_TYPE type 223 void *pValue 224 CK_ULONG ulValueLen 225 226 ctypedef struct CK_RSA_PKCS_OAEP_PARAMS: 227 CK_MECHANISM_TYPE hashAlg 228 CK_RSA_PKCS_MGF_TYPE mgf 229 CK_RSA_PKCS_OAEP_SOURCE_TYPE source 230 void *pSourceData 231 CK_ULONG ulSourceDataLen 232 233 ctypedef struct CK_RSA_PKCS_PSS_PARAMS: 234 CK_MECHANISM_TYPE hashAlg 235 CK_RSA_PKCS_MGF_TYPE mgf 236 CK_ULONG sLen 237 238 ctypedef struct CK_ECDH1_DERIVE_PARAMS: 239 CK_EC_KDF_TYPE kdf 240 CK_ULONG ulSharedDataLen 241 CK_BYTE *pSharedData 242 CK_ULONG ulPublicDataLen 243 CK_BYTE *pPublicData 244 245 cdef struct CK_FUNCTION_LIST: 246 CK_VERSION version 247 ## pointers to library functions are stored here 248 ## caution: order matters! 249 250 ## general purpose 251 CK_RV C_Initialize(void *) nogil 252 253 CK_RV C_Finalize(void *) nogil 254 255 CK_RV C_GetInfo(CK_INFO *info) nogil 256 257 CK_RV C_GetFunctionList(CK_FUNCTION_LIST **) nogil 258 259 ## slot and token management 260 CK_RV C_GetSlotList(CK_BBOOL tokenPresent, 261 CK_SLOT_ID *slotList, 262 CK_ULONG *count) nogil 263 264 CK_RV C_GetSlotInfo(CK_SLOT_ID slotID, 265 CK_SLOT_INFO *info) nogil 266 267 CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, 268 CK_TOKEN_INFO *info) nogil 269 270 CK_RV C_GetMechanismList(CK_SLOT_ID slotID, 271 CK_MECHANISM_TYPE *mechanismList, 272 CK_ULONG *count) nogil 273 274 CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, 275 CK_MECHANISM_TYPE mechanism, 276 CK_MECHANISM_INFO *info) nogil 277 278 CK_RV C_InitToken(CK_SLOT_ID slotID, 279 CK_UTF8CHAR *pPin, 280 CK_ULONG ulPinLen, 281 CK_UTF8CHAR *pLabel) nogil 282 283 CK_RV C_InitPIN(CK_SESSION_HANDLE hSession, 284 CK_UTF8CHAR *pPin, 285 CK_ULONG ulPinLen) nogil 286 287 CK_RV C_SetPIN(CK_SESSION_HANDLE hSession, 288 CK_UTF8CHAR *pOldPin, 289 CK_ULONG ulOldLen, 290 CK_UTF8CHAR *pNewPin, 291 CK_ULONG ulNewLen) nogil 292 293 ## session management 294 CK_RV C_OpenSession(CK_SLOT_ID slotID, 295 CK_FLAGS flags, 296 void *application, 297 void *notify, 298 CK_SESSION_HANDLE *handle) nogil 299 300 CK_RV C_CloseSession(CK_SESSION_HANDLE session) nogil 301 302 CK_RV C_CloseAllSessions(CK_SLOT_ID slotID) nogil 303 304 CK_RV C_GetSessionInfo(CK_SESSION_HANDLE hSession, 305 CK_SESSION_INFO *pInfo) nogil 306 307 CK_RV C_GetOperationState(CK_SESSION_HANDLE hSession, 308 CK_BYTE *pOperationState, 309 CK_ULONG *pulOperationStateLen) nogil 310 311 CK_RV C_SetOperationState(CK_SESSION_HANDLE hSession, 312 CK_BYTE *pOperationState, 313 CK_ULONG ulOperationStateLen, 314 CK_OBJECT_HANDLE hEncryptionKey, 315 CK_OBJECT_HANDLE hAuthenticationKey) nogil 316 317 CK_RV C_Login(CK_SESSION_HANDLE session, 318 CK_USER_TYPE userType, 319 CK_UTF8CHAR *pin, 320 CK_ULONG pinLen) nogil 321 322 CK_RV C_Logout(CK_SESSION_HANDLE session) nogil 323 324 ## object management 325 CK_RV C_CreateObject(CK_SESSION_HANDLE session, 326 CK_ATTRIBUTE *template, 327 CK_ULONG count, 328 CK_OBJECT_HANDLE *key) nogil 329 330 CK_RV C_CopyObject(CK_SESSION_HANDLE session, 331 CK_OBJECT_HANDLE key, 332 CK_ATTRIBUTE *template, 333 CK_ULONG count, 334 CK_OBJECT_HANDLE *new_key) nogil 335 336 CK_RV C_DestroyObject(CK_SESSION_HANDLE session, 337 CK_OBJECT_HANDLE key) nogil 338 339 CK_RV C_GetObjectSize(CK_SESSION_HANDLE hSession, 340 CK_OBJECT_HANDLE hObject, 341 CK_ULONG *pulSize) nogil 342 343 CK_RV C_GetAttributeValue(CK_SESSION_HANDLE session, 344 CK_OBJECT_HANDLE key, 345 CK_ATTRIBUTE *template, 346 CK_ULONG count) nogil 347 348 CK_RV C_SetAttributeValue(CK_SESSION_HANDLE session, 349 CK_OBJECT_HANDLE key, 350 CK_ATTRIBUTE *template, 351 CK_ULONG count) nogil 352 353 CK_RV C_FindObjectsInit(CK_SESSION_HANDLE session, 354 CK_ATTRIBUTE *template, 355 CK_ULONG count) nogil 356 357 CK_RV C_FindObjects(CK_SESSION_HANDLE session, 358 CK_OBJECT_HANDLE *objects, 359 CK_ULONG objectsMax, 360 CK_ULONG *objectsLength) nogil 361 362 CK_RV C_FindObjectsFinal(CK_SESSION_HANDLE session) nogil 363 364 ## encryption and decryption 365 CK_RV C_EncryptInit(CK_SESSION_HANDLE session, 366 CK_MECHANISM *mechanism, 367 CK_OBJECT_HANDLE key) nogil 368 369 CK_RV C_Encrypt(CK_SESSION_HANDLE session, 370 CK_BYTE *plaintext, 371 CK_ULONG plaintext_len, 372 CK_BYTE *ciphertext, 373 CK_ULONG *ciphertext_len) nogil 374 375 CK_RV C_EncryptUpdate(CK_SESSION_HANDLE session, 376 CK_BYTE *part_in, 377 CK_ULONG part_in_len, 378 CK_BYTE *part_out, 379 CK_ULONG *part_out_len) nogil 380 381 CK_RV C_EncryptFinal(CK_SESSION_HANDLE session, 382 CK_BYTE *part_out, 383 CK_ULONG *part_out_len) nogil 384 385 CK_RV C_DecryptInit(CK_SESSION_HANDLE session, 386 CK_MECHANISM *mechanism, 387 CK_OBJECT_HANDLE key) nogil 388 389 CK_RV C_Decrypt(CK_SESSION_HANDLE session, 390 CK_BYTE *ciphertext, 391 CK_ULONG ciphertext_len, 392 CK_BYTE *plaintext, 393 CK_ULONG *plaintext_len) nogil 394 395 CK_RV C_DecryptUpdate(CK_SESSION_HANDLE session, 396 CK_BYTE *part_in, 397 CK_ULONG part_in_len, 398 CK_BYTE *part_out, 399 CK_ULONG *part_out_len) nogil 400 401 CK_RV C_DecryptFinal(CK_SESSION_HANDLE session, 402 CK_BYTE *part_out, 403 CK_ULONG *part_out_len) nogil 404 405 ## Message digests 406 CK_RV C_DigestInit(CK_SESSION_HANDLE session, 407 CK_MECHANISM *mechanism) nogil 408 409 CK_RV C_Digest(CK_SESSION_HANDLE session, 410 CK_BYTE *data, 411 CK_ULONG data_len, 412 CK_BYTE *digest, 413 CK_ULONG *digest_len) nogil 414 415 CK_RV C_DigestUpdate(CK_SESSION_HANDLE session, 416 CK_BYTE *data, 417 CK_ULONG data_len) nogil 418 419 CK_RV C_DigestKey(CK_SESSION_HANDLE session, 420 CK_OBJECT_HANDLE key) nogil 421 422 CK_RV C_DigestFinal(CK_SESSION_HANDLE session, 423 CK_BYTE *digest, 424 CK_ULONG *digest_len) nogil 425 426 ## Signing and MACing 427 CK_RV C_SignInit(CK_SESSION_HANDLE session, 428 CK_MECHANISM *mechanism, 429 CK_OBJECT_HANDLE key) nogil 430 431 CK_RV C_Sign(CK_SESSION_HANDLE session, 432 CK_BYTE *text, 433 CK_ULONG text_len, 434 CK_BYTE *signature, 435 CK_ULONG *sig_len) nogil 436 437 CK_RV C_SignUpdate(CK_SESSION_HANDLE session, 438 CK_BYTE *part, 439 CK_ULONG part_len) nogil 440 441 CK_RV C_SignFinal(CK_SESSION_HANDLE session, 442 CK_BYTE *signature, 443 CK_ULONG *sig_len) nogil 444 445 CK_RV C_SignRecoverInit(CK_SESSION_HANDLE session, 446 CK_MECHANISM *mechanism, 447 CK_OBJECT_HANDLE key) nogil 448 449 CK_RV C_SignRecover(CK_SESSION_HANDLE session, 450 CK_BYTE *text, 451 CK_ULONG text_len, 452 CK_BYTE *signature, 453 CK_ULONG *sig_len) nogil 454 455 456 ## Verifying signatures and MACs 457 CK_RV C_VerifyInit(CK_SESSION_HANDLE session, 458 CK_MECHANISM *mechanism, 459 CK_OBJECT_HANDLE key) nogil 460 461 CK_RV C_Verify(CK_SESSION_HANDLE session, 462 CK_BYTE *text, 463 CK_ULONG text_len, 464 CK_BYTE *signature, 465 CK_ULONG sig_len) nogil 466 467 CK_RV C_VerifyUpdate(CK_SESSION_HANDLE session, 468 CK_BYTE *text, 469 CK_ULONG text_len) nogil 470 471 CK_RV C_VerifyFinal(CK_SESSION_HANDLE session, 472 CK_BYTE *signature, 473 CK_ULONG sig_len) nogil 474 475 CK_RV C_VerifyRecoverInit(CK_SESSION_HANDLE session, 476 CK_MECHANISM *mechanism, 477 CK_OBJECT_HANDLE key) nogil 478 479 CK_RV C_VerifyRecover(CK_SESSION_HANDLE session, 480 CK_BYTE *text, 481 CK_ULONG text_len, 482 CK_BYTE *signature, 483 CK_ULONG sig_len) nogil 484 485 ## dual-function crypto operations 486 CK_RV C_DigestEncryptUpdate(CK_SESSION_HANDLE session, 487 CK_BYTE *data, 488 CK_ULONG data_len, 489 CK_BYTE *encrypted, 490 CK_ULONG *encrypted_len) nogil 491 492 CK_RV C_DecryptDigestUpdate(CK_SESSION_HANDLE session, 493 CK_BYTE *encrypted, 494 CK_ULONG encrypted_len, 495 CK_BYTE *data, 496 CK_ULONG *data_len) nogil 497 498 CK_RV C_SignEncryptUpdate(CK_SESSION_HANDLE session, 499 CK_BYTE *part, 500 CK_ULONG part_len) nogil 501 502 CK_RV C_DecryptVerifyUpdate(CK_SESSION_HANDLE session, 503 CK_BYTE *text, 504 CK_ULONG text_len) nogil 505 506 ## key management 507 CK_RV C_GenerateKey(CK_SESSION_HANDLE session, 508 CK_MECHANISM *mechanism, 509 CK_ATTRIBUTE *template, 510 CK_ULONG count, 511 CK_OBJECT_HANDLE *key) nogil 512 513 CK_RV C_GenerateKeyPair(CK_SESSION_HANDLE session, 514 CK_MECHANISM *mechanism, 515 CK_ATTRIBUTE *public_template, 516 CK_ULONG public_count, 517 CK_ATTRIBUTE *private_template, 518 CK_ULONG private_count, 519 CK_OBJECT_HANDLE *public_key, 520 CK_OBJECT_HANDLE *private_key) nogil 521 522 CK_RV C_WrapKey(CK_SESSION_HANDLE session, 523 CK_MECHANISM *mechanism, 524 CK_OBJECT_HANDLE wrapping_key, 525 CK_OBJECT_HANDLE key_to_wrap, 526 CK_BYTE *wrapped_key, 527 CK_ULONG *wrapped_key_len) nogil 528 529 CK_RV C_UnwrapKey(CK_SESSION_HANDLE session, 530 CK_MECHANISM *mechanism, 531 CK_OBJECT_HANDLE unwrapping_key, 532 CK_BYTE *wrapped_key, 533 CK_ULONG wrapped_key_len, 534 CK_ATTRIBUTE *attrs, 535 CK_ULONG attr_len, 536 CK_OBJECT_HANDLE *unwrapped_key) nogil 537 538 CK_RV C_DeriveKey(CK_SESSION_HANDLE session, 539 CK_MECHANISM *mechanism, 540 CK_OBJECT_HANDLE src_key, 541 CK_ATTRIBUTE *template, 542 CK_ULONG count, 543 CK_OBJECT_HANDLE *new_key) nogil 544 545 ## random number generation 546 CK_RV C_SeedRandom(CK_SESSION_HANDLE session, 547 CK_BYTE *seed, 548 CK_ULONG length) nogil 549 550 CK_RV C_GenerateRandom(CK_SESSION_HANDLE session, 551 CK_BYTE *random, 552 CK_ULONG length) nogil 553 554 555 ## parallel processing 556 CK_RV C_GetFunctionStatus(CK_SESSION_HANDLE session) nogil 557 558 CK_RV C_CancelFunction(CK_SESSION_HANDLE session) nogil 559 560 ## smart card events 561 CK_RV C_WaitForSlotEvent(CK_FLAGS flags, 562 CK_SLOT_ID *slot, 563 void *pRserved) nogil 564 565# The only external API call that must be defined in a PKCS#11 library 566# All other APIs are taken from the CK_FUNCTION_LIST table 567ctypedef CK_RV (*C_GetFunctionList_ptr) (CK_FUNCTION_LIST **) nogil 568