Python pkcs11 wrapper

This python extension module creates an object-oriented wrapper around PKCS11. That is, this wrapper will open up a pkcs11 module you have that is implemented in a .dll and allow you to call methods.

There isn't any documentation at this point but usage is quite straightforward. I endeavored to maintain similar naming to the real PKCS11 names. I drop the C_ and use a firstLowerCase convention for method names. Some things get wrapped up though like using C_FindObjectsInit. All the Init and then iteration is done inside the library so you just call findObjects passing a list of attributes and it takes care of the rest. For functions which return C structs I return python objects with attributes corresponding to the struct member names. 

All constants defined in PKCS11 are available at the module level. The module supports the following methods:

open(pkcs11dll_filename, [init string]) ==> <pkcs11dll object>

The pkcs11dll object supports the following methods:

getInfo() ==> <CK_INFO object> (just has attributes corresponding to the CK_INFO struct)
getSlotList() ==> (<slot_1_id>, <slot_2_id>, ....)
getSlotInfo(slot_id) ==> <CK_SLOT_INFO object>
getTokenInfo(slot_id) ==> <CK_TOKEN_INFO object>
getMechanismList(slot_id) ==> <CK_MECHANISM object>
getMechanismInfo(slot_id, mech_type) ==> (ulMinKeySize, ulMaxMeySize, flags)
openSession(slot_id) ==> <session object>

The session object supports the following methods:

login(user_type, pin) ==> None
logout() ==> None (this isn't really necessary, session automatically logs out when the object is deleted)
findObjects( ((attr, value), (attr, value),...) ) ==> (obj_id, ...)
getAttributeValue(obj_id, (attr, attr, ...)) ==> (value, value, ...)
setAttributeValue(obj_id, ( (attr, value), ...) ) ==> None
unwrapKey( (mech_type, mech_data), key_handle, wrapped_key_data, ( (attr, val), (attr, val), ...) ) ==> unwrapped_key_handle
deleteObject( object_handle ) ==> None
As you can see there are many other crypto functions which could be implemented but since my iButton device only unwraps keys and signs data I haven't bothered to put them in. Adding them is fairly straightforward. You can put them into pkcs11_session.cpp.

The struct-type objects:

CK_INFO:
	cryptokiVersion (tuple of 2 ints)
	manufacturerID (string)
	flags (int)
	libraryDescription (string)
	libraryVersion (tuple of 2 ints)

CK_TOKEN_INFO:
	label (string)
	manufacturerID (string)
	model (string)
	serialNumber (string)
	flags (int)
	ulMaxSessionCount (long)
	ulSessionCount (long)
	ulMaxRwSessionCount (long)
	ulRwSessionCount (long)
	ulMaxPinLen (long)
	ulMinPinLen (long)
	ulTotalPublicMemory (long)
	ulFreePublicMemory (long)
	ulTotalPrivateMemory (long)
	ulFreePrivateMemory (long)
	hardwareVersion (tuple of 2 ints)
	firmwareVersion (tuple of 2 ints)
	utcTime (string)

CK_SLOT_INFO:
	slotDescription (string)
	manufacturerID (string)
	flags (int)
	hardwareVersion (tuple of 2 ints)
	firmwareVersion (tuple of 2 ints)

And that's it for now.

January 30, 2003

--
Jens B. Jorgensen
jbj1@ultraemail.net