[Cryptech-Commits] [sw/pkcs11] 03/07: Minimal documentation for py11.
git at cryptech.is
git at cryptech.is
Mon Sep 21 23:26:09 UTC 2015
This is an automated email from the git hooks/post-receive script.
sra at hactrn.net pushed a commit to branch ecdsa
in repository sw/pkcs11.
commit 48f0c98b02ef77fa63d31a58341b07d07b6c47f6
Author: Rob Austein <sra at hactrn.net>
Date: Sun Sep 20 17:51:01 2015 -0400
Minimal documentation for py11.
---
py11/__init__.py | 37 +++++++++++++++++++++++++++++++++++--
py11/mutex.py | 23 ++++++++++++++++++++++-
2 files changed, 57 insertions(+), 3 deletions(-)
diff --git a/py11/__init__.py b/py11/__init__.py
index 86eb346..d800ab7 100644
--- a/py11/__init__.py
+++ b/py11/__init__.py
@@ -1,5 +1,10 @@
-# An attempt at a Python interface to PKCS 11 using the scary ctypes
-# module from the Python standard library.
+"""
+This is a Python interface to PKCS #11, using the ctypes module from
+the Python standard library.
+
+This is not (yet?) a complete implementation. It's intended primarily
+to simplify testing of the underlying PKCS #11 shared library.
+"""
from ctypes import *
from .exceptions import *
@@ -10,6 +15,34 @@ from .prototypes import *
class PKCS11 (object):
+ """
+ PKCS #11 API object, encapsulating the PKCS #11 library itself.
+ Sample usage:
+
+ from py11 import *
+
+ p11 = PKCS11()
+ p11.C_Initialize()
+ session = p11.C_OpenSession()
+ p11.C_login(session, CK_USER, "secret")
+ p11.C_FindObjectsInit(session, {CKA_CLASS: CKO_PRIVATE_KEY, CKA_KEY_TYPE: CKK_EC, CKA_ID: foo})
+ keys = list(p11.C_FindObjects(session))
+ p11.C_FindObjectsFinal(session)
+ if len(keys) != 1:
+ raise RuntimeError
+ p11.C_SignInit(session, CK_ECDSA_SHA256, keys[0])
+ sig = p11.Sign(session, "Your mother was a hamster")
+ p11.C_CloseAllSessions(slot)
+ p11.C_Finalize()
+
+ The full raw PKCS #11 API is available via the .so attribute, but
+ using this can be tricky, both because it requires strict adherence
+ to the C API and because one needs to be careful not to run afoul of
+ the Python garbage collector.
+
+ The example above uses a set of interface routines built on top of the
+ raw PKCS #11 API, which map the API into something a bit more Pythonic.
+ """
def __init__(self, so_name = "libpkcs11.so"):
self.so_name = so_name
diff --git a/py11/mutex.py b/py11/mutex.py
index 1d99aa1..f71e006 100644
--- a/py11/mutex.py
+++ b/py11/mutex.py
@@ -1,4 +1,25 @@
-# Optional mutex implementation.
+"""
+Optional Python mutex implementation for py11 library, using the
+threading.Lock primitive to provide the mutex itself.
+
+Most of the code in this module has to do with mapping between the
+Python and PKCS #11 APIs.
+
+If you just want locking, it's probably simpler to let the C code
+handle it, by passing CKF_OS_LOCKING_OK to C_Initialize().
+
+The main reason for having a complete implementation in Python is to
+test the API.
+
+Sample usage:
+
+ from p11 import *
+ from py11.mutex import MutexDB
+
+ p11 = PKCS11()
+ mdb = MutexDB()
+ p11.C_Initialize(0, mdb.create, mdb.destroy, mdb.lock, mdb.unlock)
+"""
from struct import pack, unpack
from .types import *
More information about the Commits
mailing list