First cut at Python interface to PKCS #11 using ctypes API.

author: Rob Austein <sra@hactrn.net> 2015-09-11 08:57:19 -0400
committer: Rob Austein <sra@hactrn.net> 2015-09-11 08:57:19 -0400
commit: 6613e3a06ec27bf4bf029b99cfbab1ffa251db15 (patch)
tree: 0f9b89eb09d76f3c4e7deec6ee6d8569c6a6db51
parent: ae7b3e1789a4ff96876ba09b18b5a07777a7d23b (diff)
5 files changed, 1121 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
index 7c8f9f4..9426d0c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
 *.[oa]
 *.l[oa]
+*.pyc
 *.so
 *.so.*
 *~
diff --git a/py11/__init__.py b/py11/__init__.py
new file mode 100644
index 0000000..d99c1b0
--- /dev/null
+++ b/py11/__init__.py
@@ -0,0 +1,197 @@
+# An attempt at a Python interface to PKCS 11 using the scary ctypes
+# module from the Python standard library.
+
+from struct      import pack, unpack
+from ctypes      import *
+from .exceptions import *
+from .types      import *
+from .constants  import *
+
+# Prototypes for the PKCS #11 public functions.
+#
+# We don't bother implementing C_GetFunctionList(), because it would
+# be extremely tedious and it's not all that useful to us in Python.
+# Instead, we emulate its behavior in the PKCS11 class.
+
+PKCS11_Prototypes = (
+  ("C_Initialize",           [CK_VOID_PTR]),
+  ("C_Finalize",             [CK_VOID_PTR]),
+  ("C_GetInfo",              [CK_INFO_PTR]),
+# ("C_GetFunctionList",      [CK_FUNCTION_LIST_PTR_PTR]),
+  ("C_GetSlotList",          [CK_BBOOL, CK_SLOT_ID_PTR, CK_ULONG_PTR]),
+  ("C_GetSlotInfo",          [CK_SLOT_ID, CK_SLOT_INFO_PTR]),
+  ("C_GetTokenInfo",         [CK_SLOT_ID, CK_TOKEN_INFO_PTR]),
+  ("C_GetMechanismList",     [CK_SLOT_ID, CK_MECHANISM_TYPE_PTR, CK_ULONG_PTR]),
+  ("C_GetMechanismInfo",     [CK_SLOT_ID, CK_MECHANISM_TYPE, CK_MECHANISM_INFO_PTR]),
+  ("C_InitToken",            [CK_SLOT_ID, CK_UTF8CHAR_PTR, CK_ULONG, CK_UTF8CHAR_PTR]),
+  ("C_InitPIN",              [CK_SESSION_HANDLE, CK_UTF8CHAR_PTR, CK_ULONG]),
+  ("C_SetPIN",               [CK_SESSION_HANDLE, CK_UTF8CHAR_PTR, CK_ULONG, CK_UTF8CHAR_PTR, CK_ULONG]),
+  ("C_OpenSession",          [CK_SLOT_ID, CK_FLAGS, CK_VOID_PTR, CK_NOTIFY, CK_SESSION_HANDLE_PTR]),
+  ("C_CloseSession",         [CK_SESSION_HANDLE]),
+  ("C_CloseAllSessions",     [CK_SLOT_ID]),
+  ("C_GetSessionInfo",       [CK_SESSION_HANDLE, CK_SESSION_INFO_PTR]),
+  ("C_GetOperationState",    [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR]),
+  ("C_SetOperationState",    [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_OBJECT_HANDLE, CK_OBJECT_HANDLE]),
+  ("C_Login",                [CK_SESSION_HANDLE, CK_USER_TYPE, CK_UTF8CHAR_PTR, CK_ULONG]),
+  ("C_Logout",               [CK_SESSION_HANDLE]),
+  ("C_CreateObject",         [CK_SESSION_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG, CK_OBJECT_HANDLE_PTR]),
+  ("C_CopyObject",           [CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG, CK_OBJECT_HANDLE_PTR]),
+  ("C_DestroyObject",        [CK_SESSION_HANDLE, CK_OBJECT_HANDLE]),
+  ("C_GetObjectSize",        [CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ULONG_PTR]),
+  ("C_GetAttributeValue",    [CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG]),
+  ("C_SetAttributeValue",    [CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG]),
+  ("C_FindObjectsInit",      [CK_SESSION_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG]),
+  ("C_FindObjects",          [CK_SESSION_HANDLE, CK_OBJECT_HANDLE_PTR, CK_ULONG, CK_ULONG_PTR]),
+  ("C_FindObjectsFinal",     [CK_SESSION_HANDLE]),
+  ("C_EncryptInit",          [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE]),
+  ("C_Encrypt",              [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]),
+  ("C_EncryptUpdate",        [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]),
+  ("C_EncryptFinal",         [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR]),
+  ("C_DecryptInit",          [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE]),
+  ("C_Decrypt",              [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]),
+  ("C_DecryptUpdate",        [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]),
+  ("C_DecryptFinal",         [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR]),
+  ("C_DigestInit",           [CK_SESSION_HANDLE, CK_MECHANISM_PTR]),
+  ("C_Digest",               [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]),
+  ("C_DigestUpdate",         [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG]),
+  ("C_DigestKey",            [CK_SESSION_HANDLE, CK_OBJECT_HANDLE]),
+  ("C_DigestFinal",          [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR]),
+  ("C_SignInit",             [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE]),
+  ("C_Sign",                 [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]),
+  ("C_SignUpdate",           [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG]),
+  ("C_SignFinal",            [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR]),
+  ("C_SignRecoverInit",      [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE]),
+  ("C_SignRecover",          [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]),
+  ("C_VerifyInit",           [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE]),
+  ("C_Verify",               [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG]),
+  ("C_VerifyUpdate",         [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG]),
+  ("C_VerifyFinal",          [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG]),
+  ("C_VerifyRecoverInit",    [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE]),
+  ("C_VerifyRecover",        [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]),
+  ("C_DigestEncryptUpdate",  [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]),
+  ("C_DecryptDigestUpdate",  [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]),
+  ("C_SignEncryptUpdate",    [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]),
+  ("C_DecryptVerifyUpdate",  [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]),
+  ("C_GenerateKey",          [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_ATTRIBUTE_PTR, CK_ULONG, CK_OBJECT_HANDLE_PTR]),
+  ("C_GenerateKeyPair",      [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_ATTRIBUTE_PTR, CK_ULONG,
+                              CK_ATTRIBUTE_PTR, CK_ULONG, CK_OBJECT_HANDLE_PTR, CK_OBJECT_HANDLE_PTR]),
+  ("C_WrapKey",              [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE, CK_OBJECT_HANDLE,
+                              CK_BYTE_PTR, CK_ULONG_PTR]),
+  ("C_UnwrapKey",            [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                              CK_ATTRIBUTE_PTR, CK_ULONG, CK_OBJECT_HANDLE_PTR]),
+  ("C_DeriveKey",            [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG,
+                              CK_OBJECT_HANDLE_PTR]),
+  ("C_SeedRandom",           [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG]),
+  ("C_GenerateRandom",       [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG]),
+  ("C_GetFunctionStatus",    [CK_SESSION_HANDLE]),
+  ("C_CancelFunction",       [CK_SESSION_HANDLE]),
+  ("C_WaitForSlotEvent",     [CK_FLAGS, CK_SLOT_ID_PTR, CK_VOID_PTR]))
+
+
+# Need to convert attributes between a sane Pythonic representation
+# and something ctypes can handle.  Pythoninc representation would be
+# an iteraable of two element sequences, or perhaps a dict.
+
+def attributes_to_ctypes(dict_or_iterable):
+  if isinstance(dict_or_iterable, dict):
+    dict_or_iterable = dict_or_iterable.iteritems()
+  items = tuple(dict_or_iterable)
+  a = (CK_ATTRIBUTE * len(items))()
+  for i, kv in enumerate(items):
+    k, v = kv
+    if isinstance(v, bool):
+      v = pack("B", int(v))
+    elif isinstance(v, (int, long)):
+      v = pack("L", v)
+    a[i].type = k
+    a[i].pValue = create_string_buffer(v)
+    a[i].ulValueLen = len(v)
+  return a
+
+class PKCS11 (object):
+
+  def __init__(self, so_name = "libpkcs11.so"):
+    self.so_name = so_name
+    self.so = CDLL(so_name)
+    def raise_on_failure(rv):
+      if rv != CKR_OK:
+        raise CKR_Exception.ckr_map[rv]
+    for name, args in PKCS11_Prototypes:
+      func = getattr(self.so, name)
+      func.restype = raise_on_failure
+      func.argtypes = args
+
+  def __getattr__(self, name):
+    return getattr(self.so, name)
+
+  def C_GetFunctionList(self):
+    return self
+
+  @property
+  def version(self):
+    info = CK_INFO()
+    self.so.C_GetInfo(byref(info))
+    return info.cryptokiVersion
+
+  def C_Initialize(self):
+    self.so.C_Initialize(None)
+
+  def C_Finalize(self):
+    self.so.C_Finalize(None)
+
+  def C_GetSlotList(self):
+    slots = (CK_SLOT_ID * 10)()
+    count = CK_ULONG(len(slots))
+    self.so.C_GetSlotList(CK_TRUE, slots, byref(count))
+    return [slots[i] for i in xrange(count.value)]
+
+  def C_GetTokenInfo(self, slot_id):
+    token_info = CK_TOKEN_INFO()
+    self.so.C_GetTokenInfo(slot_id, byref(token_info))
+    return token_info
+
+  def C_OpenSession(self, slot, flags = CKF_SERIAL_SESSION | CKF_RW_SESSION, application = None, notify = CK_NOTIFY()):
+    handle = CK_SESSION_HANDLE()
+    self.so.C_OpenSession(slot, flags, application, notify, byref(handle))
+    return handle.value
+
+  def C_GenerateRandom(self, session, n):
+    buffer = create_string_buffer(n)
+    self.so.C_GenerateRandom(session, buffer, sizeof(buffer))
+    return buffer.raw
+
+  def C_Login(self, session, user, pin):
+    self.so.C_Login(session, user, pin, len(pin))
+
+  def C_GetAttributeValue(self, session_handle, object_handle, attributes):
+    if not isinstance(attributes, (list, tuple)):
+      attributes = tuple(attributes)
+    if not all(isinstance(a, (int, long)) for a in attributes):
+      raise TypeError
+    t = (CK_ATTRIBUTE * len(attributes))()
+    for i in xrange(len(attributes)):
+      t[i].type = attributes[i]
+      t[i].pValue = None
+      t[i].ulValueLen = 0
+    self.so.C_GetAttributeValue(session_handle, object_handle, byref(t), len(t))
+    for a in t:
+      a.pValue = create_string_buffer(a.ulValueLen)
+    self.so.C_GetAttributeValue(session_handle, object_handle, byref(t), len(t))
+    return dict((a.type, a.pValue.raw) for a in t)
+
+  def C_GenerateKeyPair(self, session, mechanism_type, public_template, private_template):
+    mechanism = CK_MECHANISM(mechanism_type, None, 0)
+    public_template  = attributes_to_ctypes(public_template)
+    private_template = attributes_to_ctypes(private_template)
+    public_handle  = CK_OBJECT_HANDLE()
+    private_handle = CK_OBJECT_HANDLE()
+    self.so.C_GenerateKeyPair(session, byref(mechanism),
+                              public_template,  len(public_template),
+                              private_template, len(private_template),
+                              byref(public_handle), byref(private_handle))
+    return public_handle.value, private_handle.value
+
+__all__ = ["PKCS11"]
+__all__.extend(name for name in globals()
+               if name.startswith("CK")
+               or name.startswith("CRYPTOKI_"))
diff --git a/py11/constants.py b/py11/constants.py
new file mode 100644
index 0000000..a8392ea
--- /dev/null
+++ b/py11/constants.py
@@ -0,0 +1,615 @@
+# An attempt at a Python interface to PKCS 11 using the scary ctypes
+# module from the Python standard library.
+
+# This code is derived from the RSA PKCS #11 C header files, which say:
+#
+# License to copy and use this software is granted provided that it is
+# identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
+# (Cryptoki)" in all material mentioning or referencing this software.
+#
+# License is also granted to make and use derivative works provided that
+# such works are identified as "derived from the RSA Security Inc. PKCS #11
+# Cryptographic Token Interface (Cryptoki)" in all material mentioning or
+# referencing the derived work.
+#
+# RSA Security Inc. makes no representations concerning either the
+# merchantability of this software or the suitability of this software for
+# any particular purpose. It is provided "as is" without express or implied
+# warranty of any kind.
+
+CRYPTOKI_VERSION_MAJOR                  = 2
+CRYPTOKI_VERSION_MINOR                  = 30
+CRYPTOKI_VERSION_AMENDMENT              = 0
+
+CK_TRUE                                 = 1
+CK_FALSE                                = 0
+
+CK_UNAVAILABLE_INFORMATION              = ~0
+CK_EFFECTIVELY_INFINITE                 = 0
+
+CK_INVALID_HANDLE                       = 0
+
+CKN_SURRENDER                           = 0
+CKN_OTP_CHANGED                         = 1
+
+CKF_TOKEN_PRESENT                       = 0x00000001
+CKF_REMOVABLE_DEVICE                    = 0x00000002
+CKF_HW_SLOT                             = 0x00000004
+CKF_RNG                                 = 0x00000001
+CKF_WRITE_PROTECTED                     = 0x00000002
+CKF_LOGIN_REQUIRED                      = 0x00000004
+CKF_USER_PIN_INITIALIZED                = 0x00000008
+CKF_RESTORE_KEY_NOT_NEEDED              = 0x00000020
+CKF_CLOCK_ON_TOKEN                      = 0x00000040
+CKF_PROTECTED_AUTHENTICATION_PATH	= 0x00000100
+CKF_DUAL_CRYPTO_OPERATIONS		= 0x00000200
+CKF_TOKEN_INITIALIZED			= 0x00000400
+CKF_SECONDARY_AUTHENTICATION		= 0x00000800
+CKF_USER_PIN_COUNT_LOW			= 0x00010000
+CKF_USER_PIN_FINAL_TRY			= 0x00020000
+CKF_USER_PIN_LOCKED			= 0x00040000
+CKF_USER_PIN_TO_BE_CHANGED		= 0x00080000
+CKF_SO_PIN_COUNT_LOW			= 0x00100000
+CKF_SO_PIN_FINAL_TRY			= 0x00200000
+CKF_SO_PIN_LOCKED			= 0x00400000
+CKF_SO_PIN_TO_BE_CHANGED		= 0x00800000
+CKF_ERROR_STATE                         = 0x01000000
+
+CKU_SO                                  = 0
+CKU_USER                                = 1
+CKU_CONTEXT_SPECIFIC			= 2
+
+CKS_RO_PUBLIC_SESSION			= 0
+CKS_RO_USER_FUNCTIONS			= 1
+CKS_RW_PUBLIC_SESSION			= 2
+CKS_RW_USER_FUNCTIONS			= 3
+CKS_RW_SO_FUNCTIONS			= 4
+
+CKF_RW_SESSION                          = 0x00000002
+CKF_SERIAL_SESSION			= 0x00000004
+
+CKO_DATA                                = 0x00000000
+CKO_CERTIFICATE                         = 0x00000001
+CKO_PUBLIC_KEY                          = 0x00000002
+CKO_PRIVATE_KEY				= 0x00000003
+CKO_SECRET_KEY				= 0x00000004
+CKO_HW_FEATURE				= 0x00000005
+CKO_DOMAIN_PARAMETERS			= 0x00000006
+CKO_MECHANISM				= 0x00000007
+CKO_OTP_KEY				= 0x00000008
+CKO_VENDOR_DEFINED			= 0x80000000
+
+CKH_MONOTONIC_COUNTER			= 0x00000001
+CKH_CLOCK				= 0x00000002
+CKH_USER_INTERFACE			= 0x00000003
+CKH_VENDOR_DEFINED			= 0x80000000
+
+CKK_RSA					= 0x00000000
+CKK_DSA					= 0x00000001
+CKK_DH					= 0x00000002
+CKK_ECDSA				= 0x00000003
+CKK_EC					= 0x00000003
+CKK_X9_42_DH				= 0x00000004
+CKK_KEA					= 0x00000005
+CKK_GENERIC_SECRET			= 0x00000010
+CKK_RC2					= 0x00000011
+CKK_RC4					= 0x00000012
+CKK_DES					= 0x00000013
+CKK_DES2				= 0x00000014
+CKK_DES3				= 0x00000015
+CKK_CAST				= 0x00000016
+CKK_CAST3				= 0x00000017
+CKK_CAST5				= 0x00000018
+CKK_CAST128				= 0x00000018
+CKK_RC5					= 0x00000019
+CKK_IDEA				= 0x0000001A
+CKK_SKIPJACK				= 0x0000001B
+CKK_BATON				= 0x0000001C
+CKK_JUNIPER				= 0x0000001D
+CKK_CDMF				= 0x0000001E
+CKK_AES					= 0x0000001F
+CKK_BLOWFISH				= 0x00000020
+CKK_TWOFISH				= 0x00000021
+CKK_SECURID				= 0x00000022
+CKK_HOTP				= 0x00000023
+CKK_ACTI				= 0x00000024
+CKK_CAMELLIA				= 0x00000025
+CKK_ARIA				= 0x00000026
+CKK_MD5_HMAC				= 0x00000027
+CKK_SHA_1_HMAC				= 0x00000028
+CKK_RIPEMD128_HMAC			= 0x00000029
+CKK_RIPEMD160_HMAC			= 0x0000002A
+CKK_SHA256_HMAC				= 0x0000002B
+CKK_SHA384_HMAC				= 0x0000002C
+CKK_SHA512_HMAC				= 0x0000002D
+CKK_SHA224_HMAC				= 0x0000002E
+CKK_SEED				= 0x0000002F
+CKK_GOSTR3410				= 0x00000030
+CKK_GOSTR3411				= 0x00000031
+CKK_GOST28147				= 0x00000032
+CKK_VENDOR_DEFINED			= 0x80000000
+
+CKC_X_509				= 0x00000000
+CKC_X_509_ATTR_CERT			= 0x00000001
+CKC_WTLS				= 0x00000002
+CKC_VENDOR_DEFINED			= 0x80000000
+
+CKF_ARRAY_ATTRIBUTE			= 0x40000000
+
+CK_OTP_FORMAT_DECIMAL			= 0
+CK_OTP_FORMAT_HEXADECIMAL		= 1
+CK_OTP_FORMAT_ALPHANUMERIC		= 2
+CK_OTP_FORMAT_BINARY			= 3
+
+CK_OTP_PARAM_IGNORED			= 0
+CK_OTP_PARAM_OPTIONAL			= 1
+CK_OTP_PARAM_MANDATORY			= 2
+
+CKA_CLASS				= 0x00000000
+CKA_TOKEN				= 0x00000001
+CKA_PRIVATE				= 0x00000002
+CKA_LABEL				= 0x00000003
+CKA_APPLICATION				= 0x00000010
+CKA_VALUE				= 0x00000011
+CKA_OBJECT_ID				= 0x00000012
+CKA_CERTIFICATE_TYPE			= 0x00000080
+CKA_ISSUER				= 0x00000081
+CKA_SERIAL_NUMBER			= 0x00000082
+CKA_AC_ISSUER				= 0x00000083
+CKA_OWNER				= 0x00000084
+CKA_ATTR_TYPES				= 0x00000085
+CKA_TRUSTED				= 0x00000086
+CKA_CERTIFICATE_CATEGORY		= 0x00000087
+CKA_JAVA_MIDP_SECURITY_DOMAIN		= 0x00000088
+CKA_URL         			= 0x00000089
+CKA_HASH_OF_SUBJECT_PUBLIC_KEY		= 0x0000008A
+CKA_HASH_OF_ISSUER_PUBLIC_KEY		= 0x0000008B
+CKA_CHECK_VALUE				= 0x00000090
+CKA_KEY_TYPE				= 0x00000100
+CKA_SUBJECT				= 0x00000101
+CKA_ID                                  = 0x00000102
+CKA_SENSITIVE				= 0x00000103
+CKA_ENCRYPT				= 0x00000104
+CKA_DECRYPT				= 0x00000105
+CKA_WRAP				= 0x00000106
+CKA_UNWRAP				= 0x00000107
+CKA_SIGN				= 0x00000108
+CKA_SIGN_RECOVER			= 0x00000109
+CKA_VERIFY				= 0x0000010A
+CKA_VERIFY_RECOVER			= 0x0000010B
+CKA_DERIVE				= 0x0000010C
+CKA_START_DATE				= 0x00000110
+CKA_END_DATE				= 0x00000111
+CKA_MODULUS				= 0x00000120
+CKA_MODULUS_BITS			= 0x00000121
+CKA_PUBLIC_EXPONENT			= 0x00000122
+CKA_PRIVATE_EXPONENT			= 0x00000123
+CKA_PRIME_1				= 0x00000124
+CKA_PRIME_2				= 0x00000125
+CKA_EXPONENT_1				= 0x00000126
+CKA_EXPONENT_2				= 0x00000127
+CKA_COEFFICIENT				= 0x00000128
+CKA_PRIME				= 0x00000130
+CKA_SUBPRIME				= 0x00000131
+CKA_BASE				= 0x00000132
+CKA_PRIME_BITS				= 0x00000133
+CKA_SUBPRIME_BITS			= 0x00000134
+CKA_SUB_PRIME_BITS			= CKA_SUBPRIME_BITS
+CKA_VALUE_BITS				= 0x00000160
+CKA_VALUE_LEN				= 0x00000161
+CKA_EXTRACTABLE				= 0x00000162
+CKA_LOCAL				= 0x00000163
+CKA_NEVER_EXTRACTABLE			= 0x00000164
+CKA_ALWAYS_SENSITIVE			= 0x00000165
+CKA_KEY_GEN_MECHANISM			= 0x00000166
+CKA_MODIFIABLE				= 0x00000170
+CKA_ECDSA_PARAMS			= 0x00000180
+CKA_EC_PARAMS				= 0x00000180
+CKA_EC_POINT				= 0x00000181
+CKA_SECONDARY_AUTH			= 0x00000200
+CKA_AUTH_PIN_FLAGS			= 0x00000201
+CKA_ALWAYS_AUTHENTICATE			= 0x00000202
+CKA_WRAP_WITH_TRUSTED			= 0x00000210
+CKA_WRAP_TEMPLATE			= (CKF_ARRAY_ATTRIBUTE|0x00000211)
+CKA_UNWRAP_TEMPLATE			= (CKF_ARRAY_ATTRIBUTE|0x00000212)
+CKA_DERIVE_TEMPLATE			= (CKF_ARRAY_ATTRIBUTE|0x00000213)
+CKA_OTP_FORMAT				= 0x00000220
+CKA_OTP_LENGTH				= 0x00000221
+CKA_OTP_TIME_INTERVAL			= 0x00000222
+CKA_OTP_USER_FRIENDLY_MODE		= 0x00000223
+CKA_OTP_CHALLENGE_REQUIREMENT		= 0x00000224
+CKA_OTP_TIME_REQUIREMENT		= 0x00000225
+CKA_OTP_COUNTER_REQUIREMENT		= 0x00000226
+CKA_OTP_PIN_REQUIREMENT			= 0x00000227
+CKA_OTP_COUNTER				= 0x0000022E
+CKA_OTP_TIME				= 0x0000022F
+CKA_OTP_USER_IDENTIFIER			= 0x0000022A
+CKA_OTP_SERVICE_IDENTIFIER              = 0x0000022B
+CKA_OTP_SERVICE_LOGO			= 0x0000022C
+CKA_OTP_SERVICE_LOGO_TYPE		= 0x0000022D
+CKA_GOSTR3410_PARAMS			= 0x00000250
+CKA_GOSTR3411_PARAMS			= 0x00000251
+CKA_GOST28147_PARAMS			= 0x00000252
+CKA_HW_FEATURE_TYPE			= 0x00000300
+CKA_RESET_ON_INIT			= 0x00000301
+CKA_HAS_RESET				= 0x00000302
+CKA_PIXEL_X				= 0x00000400
+CKA_PIXEL_Y				= 0x00000401
+CKA_RESOLUTION				= 0x00000402
+CKA_CHAR_ROWS				= 0x00000403
+CKA_CHAR_COLUMNS			= 0x00000404
+CKA_COLOR				= 0x00000405
+CKA_BITS_PER_PIXEL			= 0x00000406
+CKA_CHAR_SETS				= 0x00000480
+CKA_ENCODING_METHODS			= 0x00000481
+CKA_MIME_TYPES				= 0x00000482
+CKA_MECHANISM_TYPE			= 0x00000500
+CKA_REQUIRED_CMS_ATTRIBUTES		= 0x00000501
+CKA_DEFAULT_CMS_ATTRIBUTES		= 0x00000502
+CKA_SUPPORTED_CMS_ATTRIBUTES		= 0x00000503
+CKA_ALLOWED_MECHANISMS			= (CKF_ARRAY_ATTRIBUTE|0x00000600)
+CKA_VENDOR_DEFINED			= 0x80000000
+
+CKM_RSA_PKCS_KEY_PAIR_GEN		= 0x00000000
+CKM_RSA_PKCS				= 0x00000001
+CKM_RSA_9796				= 0x00000002
+CKM_RSA_X_509				= 0x00000003
+CKM_MD2_RSA_PKCS			= 0x00000004
+CKM_MD5_RSA_PKCS			= 0x00000005
+CKM_SHA1_RSA_PKCS			= 0x00000006
+CKM_RIPEMD128_RSA_PKCS			= 0x00000007
+CKM_RIPEMD160_RSA_PKCS			= 0x00000008
+CKM_RSA_PKCS_OAEP			= 0x00000009
+CKM_RSA_X9_31_KEY_PAIR_GEN		= 0x0000000A
+CKM_RSA_X9_31                           = 0x0000000B
+CKM_SHA1_RSA_X9_31			= 0x0000000C
+CKM_RSA_PKCS_PSS			= 0x0000000D
+CKM_SHA1_RSA_PKCS_PSS			= 0x0000000E
+CKM_DSA_KEY_PAIR_GEN			= 0x00000010
+CKM_DSA 				= 0x00000011
+CKM_DSA_SHA1				= 0x00000012
+CKM_DSA_SHA224				= 0x00000013
+CKM_DSA_SHA256				= 0x00000014
+CKM_DSA_SHA384				= 0x00000015
+CKM_DSA_SHA512				= 0x00000016
+CKM_DH_PKCS_KEY_PAIR_GEN		= 0x00000020
+CKM_DH_PKCS_DERIVE			= 0x00000021
+CKM_X9_42_DH_KEY_PAIR_GEN		= 0x00000030
+CKM_X9_42_DH_DERIVE			= 0x00000031
+CKM_X9_42_DH_HYBRID_DERIVE		= 0x00000032
+CKM_X9_42_MQV_DERIVE			= 0x00000033
+CKM_SHA256_RSA_PKCS			= 0x00000040
+CKM_SHA384_RSA_PKCS			= 0x00000041
+CKM_SHA512_RSA_PKCS			= 0x00000042
+CKM_SHA256_RSA_PKCS_PSS			= 0x00000043
+CKM_SHA384_RSA_PKCS_PSS			= 0x00000044
+CKM_SHA512_RSA_PKCS_PSS			= 0x00000045
+CKM_SHA224_RSA_PKCS			= 0x00000046
+CKM_SHA224_RSA_PKCS_PSS			= 0x00000047
+CKM_RC2_KEY_GEN				= 0x00000100
+CKM_RC2_ECB				= 0x00000101
+CKM_RC2_CBC				= 0x00000102
+CKM_RC2_MAC				= 0x00000103
+CKM_RC2_MAC_GENERAL			= 0x00000104
+CKM_RC2_CBC_PAD				= 0x00000105
+CKM_RC4_KEY_GEN				= 0x00000110
+CKM_RC4					= 0x00000111
+CKM_DES_KEY_GEN				= 0x00000120
+CKM_DES_ECB				= 0x00000121
+CKM_DES_CBC				= 0x00000122
+CKM_DES_MAC				= 0x00000123
+CKM_DES_MAC_GENERAL			= 0x00000124
+CKM_DES_CBC_PAD				= 0x00000125
+CKM_DES2_KEY_GEN			= 0x00000130
+CKM_DES3_KEY_GEN			= 0x00000131
+CKM_DES3_ECB				= 0x00000132
+CKM_DES3_CBC				= 0x00000133
+CKM_DES3_MAC				= 0x00000134
+CKM_DES3_MAC_GENERAL			= 0x00000135
+CKM_DES3_CBC_PAD			= 0x00000136
+CKM_DES3_CMAC_GENERAL			= 0x00000137
+CKM_DES3_CMAC				= 0x00000138
+CKM_CDMF_KEY_GEN			= 0x00000140
+CKM_CDMF_ECB				= 0x00000141
+CKM_CDMF_CBC				= 0x00000142
+CKM_CDMF_MAC				= 0x00000143
+CKM_CDMF_MAC_GENERAL			= 0x00000144
+CKM_CDMF_CBC_PAD			= 0x00000145
+CKM_DES_OFB64				= 0x00000150
+CKM_DES_OFB8				= 0x00000151
+CKM_DES_CFB64				= 0x00000152
+CKM_DES_CFB8				= 0x00000153
+CKM_MD2                                 = 0x00000200
+CKM_MD2_HMAC				= 0x00000201
+CKM_MD2_HMAC_GENERAL			= 0x00000202
+CKM_MD5 				= 0x00000210
+CKM_MD5_HMAC				= 0x00000211
+CKM_MD5_HMAC_GENERAL			= 0x00000212
+CKM_SHA_1				= 0x00000220
+CKM_SHA_1_HMAC				= 0x00000221
+CKM_SHA_1_HMAC_GENERAL			= 0x00000222
+CKM_RIPEMD128				= 0x00000230
+CKM_RIPEMD128_HMAC			= 0x00000231
+CKM_RIPEMD128_HMAC_GENERAL		= 0x00000232
+CKM_RIPEMD160				= 0x00000240
+CKM_RIPEMD160_HMAC			= 0x00000241
+CKM_RIPEMD160_HMAC_GENERAL		= 0x00000242
+CKM_SHA256				= 0x00000250
+CKM_SHA256_HMAC				= 0x00000251
+CKM_SHA256_HMAC_GENERAL			= 0x00000252
+CKM_SHA224				= 0x00000255
+CKM_SHA224_HMAC				= 0x00000256
+CKM_SHA224_HMAC_GENERAL			= 0x00000257
+CKM_SHA384				= 0x00000260
+CKM_SHA384_HMAC				= 0x00000261
+CKM_SHA384_HMAC_GENERAL			= 0x00000262
+CKM_SHA512				= 0x00000270
+CKM_SHA512_HMAC				= 0x00000271
+CKM_SHA512_HMAC_GENERAL			= 0x00000272
+CKM_SECURID_KEY_GEN			= 0x00000280
+CKM_SECURID				= 0x00000282
+CKM_HOTP_KEY_GEN			= 0x00000290
+CKM_HOTP				= 0x00000291
+CKM_ACTI				= 0x000002A0
+CKM_ACTI_KEY_GEN			= 0x000002A1
+CKM_CAST_KEY_GEN			= 0x00000300
+CKM_CAST_ECB				= 0x00000301
+CKM_CAST_CBC				= 0x00000302
+CKM_CAST_MAC				= 0x00000303
+CKM_CAST_MAC_GENERAL			= 0x00000304
+CKM_CAST_CBC_PAD			= 0x00000305
+CKM_CAST3_KEY_GEN			= 0x00000310
+CKM_CAST3_ECB				= 0x00000311
+CKM_CAST3_CBC				= 0x00000312
+CKM_CAST3_MAC				= 0x00000313
+CKM_CAST3_MAC_GENERAL			= 0x00000314
+CKM_CAST3_CBC_PAD			= 0x00000315
+CKM_CAST5_KEY_GEN			= 0x00000320
+CKM_CAST128_KEY_GEN			= 0x00000320
+CKM_CAST5_ECB				= 0x00000321
+CKM_CAST128_ECB				= 0x00000321
+CKM_CAST5_CBC				= 0x00000322
+CKM_CAST128_CBC				= 0x00000322
+CKM_CAST5_MAC				= 0x00000323
+CKM_CAST128_MAC				= 0x00000323
+CKM_CAST5_MAC_GENERAL			= 0x00000324
+CKM_CAST128_MAC_GENERAL			= 0x00000324
+CKM_CAST5_CBC_PAD			= 0x00000325
+CKM_CAST128_CBC_PAD			= 0x00000325
+CKM_RC5_KEY_GEN				= 0x00000330
+CKM_RC5_ECB				= 0x00000331
+CKM_RC5_CBC				= 0x00000332
+CKM_RC5_MAC				= 0x00000333
+CKM_RC5_MAC_GENERAL			= 0x00000334
+CKM_RC5_CBC_PAD				= 0x00000335
+CKM_IDEA_KEY_GEN			= 0x00000340
+CKM_IDEA_ECB				= 0x00000341
+CKM_IDEA_CBC				= 0x00000342
+CKM_IDEA_MAC				= 0x00000343
+CKM_IDEA_MAC_GENERAL			= 0x00000344
+CKM_IDEA_CBC_PAD			= 0x00000345
+CKM_GENERIC_SECRET_KEY_GEN		= 0x00000350
+CKM_CONCATENATE_BASE_AND_KEY		= 0x00000360
+CKM_CONCATENATE_BASE_AND_DATA		= 0x00000362
+CKM_CONCATENATE_DATA_AND_BASE		= 0x00000363
+CKM_XOR_BASE_AND_DATA			= 0x00000364
+CKM_EXTRACT_KEY_FROM_KEY		= 0x00000365
+CKM_SSL3_PRE_MASTER_KEY_GEN		= 0x00000370
+CKM_SSL3_MASTER_KEY_DERIVE		= 0x00000371
+CKM_SSL3_KEY_AND_MAC_DERIVE		= 0x00000372
+CKM_SSL3_MASTER_KEY_DERIVE_DH		= 0x00000373
+CKM_TLS_PRE_MASTER_KEY_GEN		= 0x00000374
+CKM_TLS_MASTER_KEY_DERIVE		= 0x00000375
+CKM_TLS_KEY_AND_MAC_DERIVE		= 0x00000376
+CKM_TLS_MASTER_KEY_DERIVE_DH		= 0x00000377
+CKM_TLS_PRF				= 0x00000378
+CKM_SSL3_MD5_MAC			= 0x00000380
+CKM_SSL3_SHA1_MAC			= 0x00000381
+CKM_MD5_KEY_DERIVATION			= 0x00000390
+CKM_MD2_KEY_DERIVATION			= 0x00000391
+CKM_SHA1_KEY_DERIVATION			= 0x00000392
+CKM_SHA256_KEY_DERIVATION		= 0x00000393
+CKM_SHA384_KEY_DERIVATION		= 0x00000394
+CKM_SHA512_KEY_DERIVATION		= 0x00000395
+CKM_SHA224_KEY_DERIVATION		= 0x00000396
+CKM_PBE_MD2_DES_CBC			= 0x000003A0
+CKM_PBE_MD5_DES_CBC			= 0x000003A1
+CKM_PBE_MD5_CAST_CBC			= 0x000003A2
+CKM_PBE_MD5_CAST3_CBC			= 0x000003A3
+CKM_PBE_MD5_CAST5_CBC			= 0x000003A4
+CKM_PBE_MD5_CAST128_CBC			= 0x000003A4
+CKM_PBE_SHA1_CAST5_CBC			= 0x000003A5
+CKM_PBE_SHA1_CAST128_CBC		= 0x000003A5
+CKM_PBE_SHA1_RC4_128			= 0x000003A6
+CKM_PBE_SHA1_RC4_40			= 0x000003A7
+CKM_PBE_SHA1_DES3_EDE_CBC		= 0x000003A8
+CKM_PBE_SHA1_DES2_EDE_CBC		= 0x000003A9
+CKM_PBE_SHA1_RC2_128_CBC		= 0x000003AA
+CKM_PBE_SHA1_RC2_40_CBC			= 0x000003AB
+CKM_PKCS5_PBKD2				= 0x000003B0
+CKM_PBA_SHA1_WITH_SHA1_HMAC		= 0x000003C0
+CKM_WTLS_PRE_MASTER_KEY_GEN		= 0x000003D0
+CKM_WTLS_MASTER_KEY_DERIVE		= 0x000003D1
+CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC	= 0x000003D2
+CKM_WTLS_PRF				= 0x000003D3
+CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE	= 0x000003D4
+CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE	= 0x000003D5
+CKM_KEY_WRAP_LYNKS			= 0x00000400
+CKM_KEY_WRAP_SET_OAEP			= 0x00000401
+CKM_CMS_SIG				= 0x00000500
+CKM_KIP_DERIVE				= 0x00000510
+CKM_KIP_WRAP				= 0x00000511
+CKM_KIP_MAC				= 0x00000512
+CKM_CAMELLIA_KEY_GEN			= 0x00000550
+CKM_CAMELLIA_ECB			= 0x00000551
+CKM_CAMELLIA_CBC			= 0x00000552
+CKM_CAMELLIA_MAC			= 0x00000553
+CKM_CAMELLIA_MAC_GENERAL		= 0x00000554
+CKM_CAMELLIA_CBC_PAD			= 0x00000555
+CKM_CAMELLIA_ECB_ENCRYPT_DATA		= 0x00000556
+CKM_CAMELLIA_CBC_ENCRYPT_DATA		= 0x00000557
+CKM_CAMELLIA_CTR			= 0x00000558
+CKM_ARIA_KEY_GEN			= 0x00000560
+CKM_ARIA_ECB				= 0x00000561
+CKM_ARIA_CBC				= 0x00000562
+CKM_ARIA_MAC				= 0x00000563
+CKM_ARIA_MAC_GENERAL			= 0x00000564
+CKM_ARIA_CBC_PAD			= 0x00000565
+CKM_ARIA_ECB_ENCRYPT_DATA		= 0x00000566
+CKM_ARIA_CBC_ENCRYPT_DATA		= 0x00000567
+CKM_SEED_KEY_GEN			= 0x00000650
+CKM_SEED_ECB				= 0x00000651
+CKM_SEED_CBC				= 0x00000652
+CKM_SEED_MAC				= 0x00000653
+CKM_SEED_MAC_GENERAL			= 0x00000654
+CKM_SEED_CBC_PAD			= 0x00000655
+CKM_SEED_ECB_ENCRYPT_DATA		= 0x00000656
+CKM_SEED_CBC_ENCRYPT_DATA		= 0x00000657
+CKM_SKIPJACK_KEY_GEN			= 0x00001000
+CKM_SKIPJACK_ECB64			= 0x00001001
+CKM_SKIPJACK_CBC64			= 0x00001002
+CKM_SKIPJACK_OFB64			= 0x00001003
+CKM_SKIPJACK_CFB64			= 0x00001004
+CKM_SKIPJACK_CFB32			= 0x00001005
+CKM_SKIPJACK_CFB16			= 0x00001006
+CKM_SKIPJACK_CFB8			= 0x00001007
+CKM_SKIPJACK_WRAP			= 0x00001008
+CKM_SKIPJACK_PRIVATE_WRAP		= 0x00001009
+CKM_SKIPJACK_RELAYX			= 0x0000100a
+CKM_KEA_KEY_PAIR_GEN			= 0x00001010
+CKM_KEA_KEY_DERIVE			= 0x00001011
+CKM_FORTEZZA_TIMESTAMP			= 0x00001020
+CKM_BATON_KEY_GEN			= 0x00001030
+CKM_BATON_ECB128			= 0x00001031
+CKM_BATON_ECB96                         = 0x00001032
+CKM_BATON_CBC128			= 0x00001033
+CKM_BATON_COUNTER			= 0x00001034
+CKM_BATON_SHUFFLE			= 0x00001035
+CKM_BATON_WRAP                          = 0x00001036
+CKM_ECDSA_KEY_PAIR_GEN			= 0x00001040
+CKM_EC_KEY_PAIR_GEN			= 0x00001040
+CKM_ECDSA       			= 0x00001041
+CKM_ECDSA_SHA1          		= 0x00001042
+CKM_ECDSA_SHA224			= 0x00001043
+CKM_ECDSA_SHA256			= 0x00001044
+CKM_ECDSA_SHA384			= 0x00001045
+CKM_ECDSA_SHA512			= 0x00001046
+CKM_ECDH1_DERIVE			= 0x00001050
+CKM_ECDH1_COFACTOR_DERIVE		= 0x00001051
+CKM_ECMQV_DERIVE			= 0x00001052
+CKM_JUNIPER_KEY_GEN			= 0x00001060
+CKM_JUNIPER_ECB128			= 0x00001061
+CKM_JUNIPER_CBC128			= 0x00001062
+CKM_JUNIPER_COUNTER			= 0x00001063
+CKM_JUNIPER_SHUFFLE			= 0x00001064
+CKM_JUNIPER_WRAP			= 0x00001065
+CKM_FASTHASH    			= 0x00001070
+CKM_AES_KEY_GEN				= 0x00001080
+CKM_AES_ECB				= 0x00001081
+CKM_AES_CBC				= 0x00001082
+CKM_AES_MAC				= 0x00001083
+CKM_AES_MAC_GENERAL			= 0x00001084
+CKM_AES_CBC_PAD				= 0x00001085
+CKM_AES_CTR				= 0x00001086
+CKM_AES_CTS				= 0x00001089
+CKM_AES_CMAC				= 0x0000108A
+CKM_AES_CMAC_GENERAL			= 0x0000108B
+CKM_BLOWFISH_KEY_GEN			= 0x00001090
+CKM_BLOWFISH_CBC			= 0x00001091
+CKM_TWOFISH_KEY_GEN			= 0x00001092
+CKM_TWOFISH_CBC				= 0x00001093
+CKM_AES_GCM				= 0x00001087
+CKM_AES_CCM				= 0x00001088
+CKM_AES_KEY_WRAP			= 0x00001090
+CKM_AES_KEY_WRAP_PAD			= 0x00001091
+CKM_BLOWFISH_CBC_PAD			= 0x00001094
+CKM_TWOFISH_CBC_PAD			= 0x00001095
+CKM_DES_ECB_ENCRYPT_DATA		= 0x00001100
+CKM_DES_CBC_ENCRYPT_DATA		= 0x00001101
+CKM_DES3_ECB_ENCRYPT_DATA		= 0x00001102
+CKM_DES3_CBC_ENCRYPT_DATA		= 0x00001103
+CKM_AES_ECB_ENCRYPT_DATA		= 0x00001104
+CKM_AES_CBC_ENCRYPT_DATA		= 0x00001105
+CKM_GOSTR3410_KEY_PAIR_GEN		= 0x00001200
+CKM_GOSTR3410                           = 0x00001201
+CKM_GOSTR3410_WITH_GOSTR3411		= 0x00001202
+CKM_GOSTR3410_KEY_WRAP			= 0x00001203
+CKM_GOSTR3410_DERIVE			= 0x00001204
+CKM_GOSTR3411                           = 0x00001210
+CKM_GOSTR3411_HMAC			= 0x00001211
+CKM_GOST28147_KEY_GEN			= 0x00001220
+CKM_GOST28147_ECB			= 0x00001221
+CKM_GOST28147   			= 0x00001222
+CKM_GOST28147_MAC			= 0x00001223
+CKM_GOST28147_KEY_WRAP			= 0x00001224
+CKM_DSA_PARAMETER_GEN			= 0x00002000
+CKM_DH_PKCS_PARAMETER_GEN		= 0x00002001
+CKM_X9_42_DH_PARAMETER_GEN		= 0x00002002
+CKM_AES_OFB                             = 0x00002104
+CKM_AES_CFB64   			= 0x00002105
+CKM_AES_CFB8    			= 0x00002106
+CKM_AES_CFB128  			= 0x00002107
+CKM_RSA_PKCS_TPM_1_1			= 0x00004001
+CKM_RSA_PKCS_OAEP_TPM_1_1		= 0x00004002
+CKM_VENDOR_DEFINED			= 0x80000000
+
+CKF_HW          			= 0x00000001
+CKF_ENCRYPT             		= 0x00000100
+CKF_DECRYPT                     	= 0x00000200
+CKF_DIGEST                              = 0x00000400
+CKF_SIGN                                = 0x00000800
+CKF_SIGN_RECOVER			= 0x00001000
+CKF_VERIFY      			= 0x00002000
+CKF_VERIFY_RECOVER			= 0x00004000
+CKF_GENERATE            		= 0x00008000
+CKF_GENERATE_KEY_PAIR			= 0x00010000
+CKF_WRAP                        	= 0x00020000
+CKF_UNWRAP                              = 0x00040000
+CKF_DERIVE      			= 0x00080000
+CKF_EC_F_P      			= 0x00100000
+CKF_EC_F_2M             		= 0x00200000
+CKF_EC_ECPARAMETERS			= 0x00400000
+CKF_EC_NAMEDCURVE			= 0x00800000
+CKF_EC_UNCOMPRESS			= 0x01000000
+CKF_EC_COMPRESS                 	= 0x02000000
+CKF_EXTENSION   			= 0x80000000
+
+CKF_LIBRARY_CANT_CREATE_OS_THREADS	= 0x00000001
+CKF_OS_LOCKING_OK			= 0x00000002
+
+CKF_DONT_BLOCK                          = 1
+
+CKG_MGF1_SHA1                           = 0x00000001
+CKG_MGF1_SHA256                         = 0x00000002
+CKG_MGF1_SHA384 			= 0x00000003
+CKG_MGF1_SHA512 			= 0x00000004
+CKG_MGF1_SHA224 			= 0x00000005
+
+CKZ_DATA_SPECIFIED			= 0x00000001
+
+CKD_NULL                                = 0x00000001
+CKD_SHA1_KDF    			= 0x00000002
+
+CKD_SHA1_KDF_ASN1			= 0x00000003
+CKD_SHA1_KDF_CONCATENATE		= 0x00000004
+CKD_SHA224_KDF  			= 0x00000005
+CKD_SHA256_KDF  			= 0x00000006
+CKD_SHA384_KDF  			= 0x00000007
+CKD_SHA512_KDF  			= 0x00000008
+CKD_CPDIVERSIFY_KDF			= 0x00000009
+
+CK_OTP_VALUE                            = 0
+CK_OTP_PIN                              = 1
+CK_OTP_CHALLENGE			= 2
+CK_OTP_TIME                             = 3
+CK_OTP_COUNTER                          = 4
+CK_OTP_FLAGS    			= 5
+CK_OTP_OUTPUT_LENGTH			= 6
+CK_OTP_OUTPUT_FORMAT			= 7
+
+CKF_NEXT_OTP            		= 0x00000001
+CKF_EXCLUDE_TIME			= 0x00000002
+CKF_EXCLUDE_COUNTER			= 0x00000004
+CKF_EXCLUDE_CHALLENGE			= 0x00000008
+CKF_EXCLUDE_PIN                 	= 0x00000010
+CKF_USER_FRIENDLY_OTP			= 0x00000020
diff --git a/py11/exceptions.py b/py11/exceptions.py
new file mode 100644
index 0000000..7f86fe4
--- /dev/null
+++ b/py11/exceptions.py
@@ -0,0 +1,128 @@
+# An attempt at a Python interface to PKCS 11 using the scary ctypes
+# module from the Python standard library.
+
+# This code is derived from the RSA PKCS #11 C header files, which say:
+#
+# License to copy and use this software is granted provided that it is
+# identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
+# (Cryptoki)" in all material mentioning or referencing this software.
+#
+# License is also granted to make and use derivative works provided that
+# such works are identified as "derived from the RSA Security Inc. PKCS #11
+# Cryptographic Token Interface (Cryptoki)" in all material mentioning or
+# referencing the derived work.
+#
+# RSA Security Inc. makes no representations concerning either the
+# merchantability of this software or the suitability of this software for
+# any particular purpose. It is provided "as is" without express or implied
+# warranty of any kind.
+
+class CKR_Exception(Exception):
+  """
+  Base class for PKCS #11 exceptions.
+  """
+
+  ckr_code = None
+  ckr_map  = {}
+
+  def __int__(self):
+    return self.ckr_code
+
+CKR_OK                                                                    = 0x00000000
+
+class CKR_CANCEL        			(CKR_Exception): ckr_code = 0x00000001
+class CKR_HOST_MEMORY   			(CKR_Exception): ckr_code = 0x00000002
+class CKR_SLOT_ID_INVALI        		(CKR_Exception): ckr_code = 0x00000003
+class CKR_GENERAL_ERROR                 	(CKR_Exception): ckr_code = 0x00000005
+class CKR_FUNCTION_FAILED			(CKR_Exception): ckr_code = 0x00000006
+class CKR_ARGUMENTS_BAD                         (CKR_Exception): ckr_code = 0x00000007
+class CKR_NO_EVENT				(CKR_Exception): ckr_code = 0x00000008
+class CKR_NEED_TO_CREATE_THREADS		(CKR_Exception): ckr_code = 0x00000009
+class CKR_CANT_LOCK				(CKR_Exception): ckr_code = 0x0000000A
+class CKR_ATTRIBUTE_READ_ONLY			(CKR_Exception): ckr_code = 0x00000010
+class CKR_ATTRIBUTE_SENSITIVE			(CKR_Exception): ckr_code = 0x00000011
+class CKR_ATTRIBUTE_TYPE_INVALID		(CKR_Exception): ckr_code = 0x00000012
+class CKR_ATTRIBUTE_VALUE_INVALID		(CKR_Exception): ckr_code = 0x00000013
+class CKR_DATA_INVALID				(CKR_Exception): ckr_code = 0x00000020
+class CKR_DATA_LEN_RANGE			(CKR_Exception): ckr_code = 0x00000021
+class CKR_DEVICE_ERROR				(CKR_Exception): ckr_code = 0x00000030
+class CKR_DEVICE_MEMORY				(CKR_Exception): ckr_code = 0x00000031
+class CKR_DEVICE_REMOVED			(CKR_Exception): ckr_code = 0x00000032
+class CKR_ENCRYPTED_DATA_INVALID		(CKR_Exception): ckr_code = 0x00000040
+class CKR_ENCRYPTED_DATA_LEN_RANGE		(CKR_Exception): ckr_code = 0x00000041
+class CKR_FUNCTION_CANCELED			(CKR_Exception): ckr_code = 0x00000050
+class CKR_FUNCTION_NOT_PARALLEL			(CKR_Exception): ckr_code = 0x00000051
+class CKR_FUNCTION_NOT_SUPPORTED		(CKR_Exception): ckr_code = 0x00000054
+class CKR_KEY_HANDLE_INVALID			(CKR_Exception): ckr_code = 0x00000060
+class CKR_KEY_SIZE_RANGE			(CKR_Exception): ckr_code = 0x00000062
+class CKR_KEY_TYPE_INCONSISTENT			(CKR_Exception): ckr_code = 0x00000063
+class CKR_KEY_NOT_NEEDED			(CKR_Exception): ckr_code = 0x00000064
+class CKR_KEY_CHANGED				(CKR_Exception): ckr_code = 0x00000065
+class CKR_KEY_NEEDED				(CKR_Exception): ckr_code = 0x00000066
+class CKR_KEY_INDIGESTIBLE			(CKR_Exception): ckr_code = 0x00000067
+class CKR_KEY_FUNCTION_NOT_PERMITTED		(CKR_Exception): ckr_code = 0x00000068
+class CKR_KEY_NOT_WRAPPABLE			(CKR_Exception): ckr_code = 0x00000069
+class CKR_KEY_UNEXTRACTABLE			(CKR_Exception): ckr_code = 0x0000006A
+class CKR_MECHANISM_INVALID			(CKR_Exception): ckr_code = 0x00000070
+class CKR_MECHANISM_PARAM_INVALID		(CKR_Exception): ckr_code = 0x00000071
+class CKR_OBJECT_HANDLE_INVALID			(CKR_Exception): ckr_code = 0x00000082
+class CKR_OPERATION_ACTIVE			(CKR_Exception): ckr_code = 0x00000090
+class CKR_OPERATION_NOT_INITIALIZED		(CKR_Exception): ckr_code = 0x00000091
+class CKR_PIN_INCORRECT				(CKR_Exception): ckr_code = 0x000000A0
+class CKR_PIN_INVALID				(CKR_Exception): ckr_code = 0x000000A1
+class CKR_PIN_LEN_RANGE				(CKR_Exception): ckr_code = 0x000000A2
+class CKR_PIN_EXPIRED				(CKR_Exception): ckr_code = 0x000000A3
+class CKR_PIN_LOCKED				(CKR_Exception): ckr_code = 0x000000A4
+class CKR_SESSION_CLOSED			(CKR_Exception): ckr_code = 0x000000B0
+class CKR_SESSION_COUNT				(CKR_Exception): ckr_code = 0x000000B1
+class CKR_SESSION_HANDLE_INVALID		(CKR_Exception): ckr_code = 0x000000B3
+class CKR_SESSION_PARALLEL_NOT_SUPPORTED	(CKR_Exception): ckr_code = 0x000000B4
+class CKR_SESSION_READ_ONLY			(CKR_Exception): ckr_code = 0x000000B5
+class CKR_SESSION_EXISTS			(CKR_Exception): ckr_code = 0x000000B6
+class CKR_SESSION_READ_ONLY_EXISTS		(CKR_Exception): ckr_code = 0x000000B7
+class CKR_SESSION_READ_WRITE_SO_EXISTS		(CKR_Exception): ckr_code = 0x000000B8
+class CKR_SIGNATURE_INVALID			(CKR_Exception): ckr_code = 0x000000C0
+class CKR_SIGNATURE_LEN_RANGE			(CKR_Exception): ckr_code = 0x000000C1
+class CKR_TEMPLATE_INCOMPLETE			(CKR_Exception): ckr_code = 0x000000D0
+class CKR_TEMPLATE_INCONSISTENT			(CKR_Exception): ckr_code = 0x000000D1
+class CKR_TOKEN_NOT_PRESENT			(CKR_Exception): ckr_code = 0x000000E0
+class CKR_TOKEN_NOT_RECOGNIZED			(CKR_Exception): ckr_code = 0x000000E1
+class CKR_TOKEN_WRITE_PROTECTED			(CKR_Exception): ckr_code = 0x000000E2
+class CKR_UNWRAPPING_KEY_HANDLE_INVALID		(CKR_Exception): ckr_code = 0x000000F0
+class CKR_UNWRAPPING_KEY_SIZE_RANGE		(CKR_Exception): ckr_code = 0x000000F1
+class CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT	(CKR_Exception): ckr_code = 0x000000F2
+class CKR_USER_ALREADY_LOGGED_IN		(CKR_Exception): ckr_code = 0x00000100
+class CKR_USER_NOT_LOGGED_IN			(CKR_Exception): ckr_code = 0x00000101
+class CKR_USER_PIN_NOT_INITIALIZED		(CKR_Exception): ckr_code = 0x00000102
+class CKR_USER_TYPE_INVALID			(CKR_Exception): ckr_code = 0x00000103
+class CKR_USER_ANOTHER_ALREADY_LOGGED_IN	(CKR_Exception): ckr_code = 0x00000104
+class CKR_USER_TOO_MANY_TYPES			(CKR_Exception): ckr_code = 0x00000105
+class CKR_WRAPPED_KEY_INVALID			(CKR_Exception): ckr_code = 0x00000110
+class CKR_WRAPPED_KEY_LEN_RANGE			(CKR_Exception): ckr_code = 0x00000112
+class CKR_WRAPPING_KEY_HANDLE_INVALID		(CKR_Exception): ckr_code = 0x00000113
+class CKR_WRAPPING_KEY_SIZE_RANGE		(CKR_Exception): ckr_code = 0x00000114
+class CKR_WRAPPING_KEY_TYPE_INCONSISTENT	(CKR_Exception): ckr_code = 0x00000115
+class CKR_RANDOM_SEED_NOT_SUPPORTED		(CKR_Exception): ckr_code = 0x00000120
+class CKR_RANDOM_NO_RNG				(CKR_Exception): ckr_code = 0x00000121
+class CKR_DOMAIN_PARAMS_INVALID			(CKR_Exception): ckr_code = 0x00000130
+class CKR_BUFFER_TOO_SMALL			(CKR_Exception): ckr_code = 0x00000150
+class CKR_SAVED_STATE_INVALID			(CKR_Exception): ckr_code = 0x00000160
+class CKR_INFORMATION_SENSITIVE			(CKR_Exception): ckr_code = 0x00000170
+class CKR_STATE_UNSAVEABLE			(CKR_Exception): ckr_code = 0x00000180
+class CKR_CRYPTOKI_NOT_INITIALIZED		(CKR_Exception): ckr_code = 0x00000190
+class CKR_CRYPTOKI_ALREADY_INITIALIZED		(CKR_Exception): ckr_code = 0x00000191
+class CKR_MUTEX_BAD				(CKR_Exception): ckr_code = 0x000001A0
+class CKR_MUTEX_NOT_LOCKED			(CKR_Exception): ckr_code = 0x000001A1
+class CKR_NEW_PIN_MODE				(CKR_Exception): ckr_code = 0x000001B0
+class CKR_NEXT_OTP				(CKR_Exception): ckr_code = 0x000001B1
+class CKR_EXCEEDED_MAX_ITERATIONS		(CKR_Exception): ckr_code = 0x000001B5
+class CKR_FIPS_SELF_TEST_FAILED			(CKR_Exception): ckr_code = 0x000001B6
+class CKR_LIBRARY_LOAD_FAILED			(CKR_Exception): ckr_code = 0x000001B7
+class CKR_PIN_TOO_WEAK  			(CKR_Exception): ckr_code = 0x000001B8
+class CKR_PUBLIC_KEY_INVALID			(CKR_Exception): ckr_code = 0x000001B9
+class CKR_FUNCTION_REJECTED			(CKR_Exception): ckr_code = 0x00000200
+class CKR_VENDOR_DEFINED			(CKR_Exception): ckr_code = 0x80000000
+
+for e in globals().values():
+  if isinstance(e, type) and issubclass(e, CKR_Exception) and e is not CKR_Exception:
+    CKR_Exception.ckr_map[e.ckr_code] = e
diff --git a/py11/types.py b/py11/types.py
new file mode 100644
index 0000000..4d0b279
--- /dev/null
+++ b/py11/types.py
@@ -0,0 +1,180 @@
+# An attempt at a Python interface to PKCS 11 using the scary ctypes
+# module from the Python standard library.
+
+from ctypes import *
+
+# This code is derived from the RSA PKCS #11 C header files, which say:
+#
+# License to copy and use this software is granted provided that it is
+# identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
+# (Cryptoki)" in all material mentioning or referencing this software.
+#
+# License is also granted to make and use derivative works provided that
+# such works are identified as "derived from the RSA Security Inc. PKCS #11
+# Cryptographic Token Interface (Cryptoki)" in all material mentioning or
+# referencing the derived work.
+#
+# RSA Security Inc. makes no representations concerning either the
+# merchantability of this software or the suitability of this software for
+# any particular purpose. It is provided "as is" without express or implied
+# warranty of any kind.
+
+# This is not a complete set of PKCS #11 types, because the full set
+# with all the optional mechanisms is tediously long and each
+# structure type requires hand conversion.  Goal at the moment is to
+# cover stuff we care about in the base specification.  Add other
+# mechanism-specific stuff later as needed.
+
+# Mapping beween C and Python at the lowest level isn't perfect
+# because characters are integer types in C while they're strings in
+# Python.  It looks like we want the string handling in most cases
+# other than CK_BBOOL and CK_VERSION, map lowest-level PKCS #11 types
+# accordingly.
+
+CK_BYTE                                 = c_char
+CK_CHAR                                 = CK_BYTE
+CK_UTF8CHAR                             = CK_BYTE
+CK_BBOOL                                = c_ubyte
+CK_ULONG                                = c_ulong
+CK_LONG                                 = c_long
+CK_FLAGS                                = CK_ULONG
+CK_VOID_PTR                             = POINTER(c_char)
+
+CK_BYTE_PTR                             = POINTER(CK_BYTE)
+CK_CHAR_PTR                             = POINTER(CK_CHAR)
+CK_UTF8CHAR_PTR                         = POINTER(CK_UTF8CHAR)
+CK_ULONG_PTR                            = POINTER(CK_ULONG)
+CK_VOID_PTR_PTR                         = POINTER(CK_VOID_PTR)
+
+class CK_VERSION (Structure):
+  _fields_ = [("major",                 c_ubyte),
+              ("minor",                 c_ubyte)]
+
+CK_VERSION_PTR                          = POINTER(CK_VERSION)
+
+class CK_INFO (Structure):
+  _fields_ = [("cryptokiVersion",       CK_VERSION),
+              ("manufacturerID",        CK_UTF8CHAR * 32),
+              ("flags",                 CK_FLAGS),
+              ("libraryDescription",    CK_UTF8CHAR * 32),
+              ("libraryVersion",        CK_VERSION)]
+
+CK_INFO_PTR                             = POINTER(CK_INFO)
+
+CK_NOTIFICATION                         = CK_ULONG
+
+CK_SLOT_ID                              = CK_ULONG
+
+CK_SLOT_ID_PTR                          = POINTER(CK_SLOT_ID)
+
+class CK_SLOT_INFO (Structure):
+  _fields_ = [("slotDescription",       CK_UTF8CHAR * 64),
+              ("manufacturerID",        CK_UTF8CHAR * 32),
+              ("flags",                 CK_FLAGS),
+              ("hardwareVersion",       CK_VERSION),
+              ("firmwareVersion",       CK_VERSION)]
+
+CK_SLOT_INFO_PTR                        = POINTER(CK_SLOT_INFO)
+
+class CK_TOKEN_INFO (Structure):
+  _fields_ = [("label",                 CK_UTF8CHAR * 32),
+              ("manufacturerID",        CK_UTF8CHAR * 32),
+              ("model",                 CK_UTF8CHAR * 16),
+              ("serialNumber",          CK_CHAR * 16),
+              ("flags",                 CK_FLAGS),
+              ("ulMaxSessionCount",	CK_ULONG),
+              ("ulSessionCount",	CK_ULONG),
+              ("ulMaxRwSessionCount",	CK_ULONG),
+              ("ulRwSessionCount",	CK_ULONG),
+              ("ulMaxPinLen",           CK_ULONG),
+              ("ulMinPinLen",           CK_ULONG),
+              ("ulTotalPublicMemory",	CK_ULONG),
+              ("ulFreePublicMemory",	CK_ULONG),
+              ("ulTotalPrivateMemory",	CK_ULONG),
+              ("ulFreePrivateMemory",	CK_ULONG),
+              ("hardwareVersion",	CK_VERSION),
+              ("firmwareVersion",	CK_VERSION),
+              ("utcTime",               CK_CHAR * 16)]
+
+CK_TOKEN_INFO_PTR                       = POINTER(CK_TOKEN_INFO)
+
+CK_SESSION_HANDLE                       = CK_ULONG
+
+CK_SESSION_HANDLE_PTR                   = POINTER(CK_SESSION_HANDLE)
+
+CK_USER_TYPE                            = CK_ULONG
+
+CK_STATE                                = CK_ULONG
+
+class CK_SESSION_INFO (Structure):
+  _fields_ = [("slotID",                CK_SLOT_ID),
+              ("state",                 CK_STATE),
+              ("flags",                 CK_FLAGS),
+              ("ulDeviceError",         CK_ULONG)]
+
+CK_SESSION_INFO_PTR                     = POINTER(CK_SESSION_INFO)
+
+CK_OBJECT_HANDLE                        = CK_ULONG
+
+CK_OBJECT_HANDLE_PTR                    = POINTER(CK_OBJECT_HANDLE)
+
+CK_OBJECT_CLASS                         = CK_ULONG
+
+CK_OBJECT_CLASS_PTR                     = POINTER(CK_OBJECT_CLASS)
+
+CK_HW_FEATURE_TYPE                      = CK_ULONG
+
+CK_KEY_TYPE                             = CK_ULONG
+
+CK_CERTIFICATE_TYPE                     = CK_ULONG
+
+CK_ATTRIBUTE_TYPE                       = CK_ULONG
+
+class CK_ATTRIBUTE (Structure):
+  _fields_ = [("type",                  CK_ATTRIBUTE_TYPE),
+              ("pValue",                CK_VOID_PTR),
+              ("ulValueLen",            CK_ULONG)]
+
+CK_ATTRIBUTE_PTR                        = POINTER(CK_ATTRIBUTE)
+
+class CK_DATE (Structure):
+  _fields_ = [("year",                  CK_CHAR * 4),
+              ("month",                 CK_CHAR * 2),
+              ("day",                   CK_CHAR * 2)]
+
+CK_MECHANISM_TYPE                       = CK_ULONG
+
+CK_MECHANISM_TYPE_PTR                   = POINTER(CK_MECHANISM_TYPE)
+
+class CK_MECHANISM (Structure):
+  _fields_ = [("mechanism",             CK_MECHANISM_TYPE),
+              ("pParameter",            CK_VOID_PTR),
+              ("ulParameterLen",        CK_ULONG)]
+
+CK_MECHANISM_PTR                        = POINTER(CK_MECHANISM)
+
+class CK_MECHANISM_INFO (Structure):
+  _fields_ = [("ulMinKeySize",          CK_ULONG),
+              ("ulMaxKeySize",          CK_ULONG),
+              ("flags",                 CK_FLAGS)]
+
+CK_MECHANISM_INFO_PTR                   = POINTER(CK_MECHANISM_INFO)
+
+CK_RV                                   = CK_ULONG
+
+CK_NOTIFY                               = CFUNCTYPE(CK_RV, CK_SESSION_HANDLE, CK_NOTIFICATION, CK_VOID_PTR)
+
+CK_CREATEMUTEX                          = CFUNCTYPE(CK_RV, CK_VOID_PTR_PTR)
+CK_DESTROYMUTEX                         = CFUNCTYPE(CK_RV, CK_VOID_PTR)
+CK_LOCKMUTEX                            = CFUNCTYPE(CK_RV, CK_VOID_PTR)
+CK_UNLOCKMUTEX                          = CFUNCTYPE(CK_RV, CK_VOID_PTR)
+
+class CK_C_INITIALIZE_ARGS (Structure):
+  _fields_ = [("CreateMutex",           CK_CREATEMUTEX),
+              ("DestroyMutex",          CK_DESTROYMUTEX),
+              ("LockMutex",             CK_LOCKMUTEX),
+              ("UnlockMutex",           CK_UNLOCKMUTEX),
+              ("flags",                 CK_FLAGS),
+              ("pReserved",             CK_VOID_PTR)]
+
+CK_C_INITIALIZE_ARGS_PTR                = POINTER(CK_C_INITIALIZE_ARGS)
author	Rob Austein <sra@hactrn.net>	2015-09-11 08:57:19 -0400
committer	Rob Austein <sra@hactrn.net>	2015-09-11 08:57:19 -0400
commit	6613e3a06ec27bf4bf029b99cfbab1ffa251db15 (patch)
tree	0f9b89eb09d76f3c4e7deec6ee6d8569c6a6db51
parent	ae7b3e1789a4ff96876ba09b18b5a07777a7d23b (diff)