diff options
| author | Rob Austein <sra@hactrn.net> | 2020-06-10 00:46:48 -0400 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2020-06-10 00:46:48 -0400 |
| commit | 8dc8f4c9cf7d1fc10cc110407a73f55909eeeb9d (patch) | |
| tree | 55ebd7ad173108b9a46aa86f4d87e37877c7bd97 | |
| parent | 3e6addd37b2165857a8208b7cb003485a5654cfa (diff) | |
Whack with club until works with Python 2 and Python 3
String types are still a bit weird. Amost everything here is
currently required to be bytes rather than str in Python 3, which
feels a bit unnatural, but everything on the wire has to be bytes and
we don't really have enough information to know when we should be
converting back to str. In the long term, once we ditch Python 2, we
may be able to do a bit better for things like the string versions of
attribute names, but for the moment it's simplest to stick with bytes.
| -rw-r--r-- | cryptech/py11/__init__.py | 533 | ||||
| -rw-r--r-- | cryptech/py11/attributes.py | 8 | ||||
| -rw-r--r-- | cryptech/py11/constants.py | 1048 | ||||
| -rw-r--r-- | cryptech/py11/exceptions.py | 210 | ||||
| -rw-r--r-- | cryptech/py11/types.py | 18 | ||||
| -rw-r--r-- | unit_tests.py | 128 |
6 files changed, 975 insertions, 970 deletions
diff --git a/cryptech/py11/__init__.py b/cryptech/py11/__init__.py index 740ecb6..0c794ff 100644 --- a/cryptech/py11/__init__.py +++ b/cryptech/py11/__init__.py @@ -23,272 +23,273 @@ else: class PKCS11 (object): - """ - PKCS #11 API object, encapsulating the PKCS #11 library itself. - Sample usage: - - from cryptech.py11 import * - - p11 = PKCS11() - p11.C_Initialize() - session = p11.C_OpenSession() - p11.C_login(session, CK_USER, "secret") - p11.C_FindObjectsInit(session, {CKA_CLASS: CKO_PRIVATE_KEY, CKA_KEY_TYPE: CKK_EC, CKA_ID: foo}) - keys = list(p11.C_FindObjects(session)) - p11.C_FindObjectsFinal(session) - if len(keys) != 1: - raise RuntimeError - p11.C_SignInit(session, CK_ECDSA_SHA256, keys[0]) - sig = p11.Sign(session, "Your mother was a hamster") - p11.C_CloseAllSessions(slot) - p11.C_Finalize() - - The full raw PKCS #11 API is available via the .so attribute, but - using this can be tricky, both because it requires strict adherence - to the C API and because one needs to be careful not to run afoul of - the Python garbage collector. - - The example above uses a set of interface routines built on top of the - raw PKCS #11 API, which map the API into something a bit more Pythonic. - """ - - # Whether to use C_GetFunctionList() instead of dynamic link symbols. - use_C_GetFunctionList = False - - def __init__(self, so_name = default_so_name): - self.so_name = so_name - self.so = CDLL(so_name) - self.d = type("Dispatch", (object,), {})() - for name, args in Prototypes: - try: - func = getattr(self.so, name) - except AttributeError: - self.use_C_GetFunctionList = True - else: - func.restype = CK_RV - func.argtypes = args - func.errcheck = CKR_Exception.raise_on_failure - setattr(self.d, name, func) - if self.use_C_GetFunctionList: - functions = CK_FUNCTION_LIST_PTR() - self.so.C_GetFunctionList(byref(functions)) - for name, args in Prototypes: - func = getattr(functions.contents, name) - func.errcheck = CKR_Exception.raise_on_failure - setattr(self.d, name, func) - self.adb = AttributeDB() - - def __getattr__(self, name): - try: - return getattr(self.d, name) - except AttributeError: - return getattr(self.so, name) - - def C_GetFunctionList(self): - return self - - @property - def version(self): - info = CK_INFO() - self.d.C_GetInfo(byref(info)) - return info.cryptokiVersion - - # Be very careful if you try to provide your own locking functions. - # For most purposes, if you really just want locking, you're best - # off specifying CKF_OS_LOCKING_OK and letting the C code deal with - # it. The one case where you might want to provide your own locking - # is when writing tests to verify behavior of the locking code. - # - # We have to stash references to the callback functions passed to - # C_Initialize() to avoid dumping core when the garbage collector - # deletes the function pointer instances out from under the C code. - - def C_Initialize(self, flags = 0, create_mutex = None, destroy_mutex = None, lock_mutex = None, unlock_mutex = None): - if flags == 0 and create_mutex is None and destroy_mutex is None and lock_mutex is None and unlock_mutex is None: - self._C_Initialize_args = None - self.d.C_Initialize(None) - else: - create_mutex = CK_CREATEMUTEX() if create_mutex is None else CK_CREATEMUTEX(create_mutex) - destroy_mutex = CK_DESTROYMUTEX() if destroy_mutex is None else CK_DESTROYMUTEX(destroy_mutex) - lock_mutex = CK_LOCKMUTEX() if lock_mutex is None else CK_LOCKMUTEX(lock_mutex) - unlock_mutex = CK_UNLOCKMUTEX() if unlock_mutex is None else CK_UNLOCKMUTEX(unlock_mutex) - self._C_Initialize_args = CK_C_INITIALIZE_ARGS(create_mutex, destroy_mutex, - lock_mutex, unlock_mutex, flags, None) - self.d.C_Initialize(cast(byref(self._C_Initialize_args), CK_VOID_PTR)) - - def C_Finalize(self): - self.d.C_Finalize(None) - self._C_Initialize_args = None - - def C_GetSlotList(self): - count = CK_ULONG() - self.d.C_GetSlotList(CK_TRUE, None, byref(count)) - slots = (CK_SLOT_ID * count.value)() - self.d.C_GetSlotList(CK_TRUE, slots, byref(count)) - return tuple(slots[i] for i in range(count.value)) - - def C_GetTokenInfo(self, slot_id): - token_info = CK_TOKEN_INFO() - self.d.C_GetTokenInfo(slot_id, byref(token_info)) - return token_info - - def C_OpenSession(self, slot, flags = CKF_RW_SESSION, application = None, notify = CK_NOTIFY()): - flags |= CKF_SERIAL_SESSION - handle = CK_SESSION_HANDLE() - self.d.C_OpenSession(slot, flags, application, notify, byref(handle)) - return handle.value - - def C_GenerateRandom(self, session, n): - buffer = create_string_buffer(n) - self.d.C_GenerateRandom(session, buffer, sizeof(buffer)) - return buffer.raw - - def C_Login(self, session, user, pin): - self.d.C_Login(session, user, pin, len(pin)) - - def C_GetAttributeValue(self, session_handle, object_handle, *attributes): - if len(attributes) == 1 and isinstance(attributes[0], (list, tuple)): - attributes = attributes[0] - template = self.adb.getvalue_create_template(attributes) - self.d.C_GetAttributeValue(session_handle, object_handle, template, len(template)) - self.adb.getvalue_allocate_template(template) - self.d.C_GetAttributeValue(session_handle, object_handle, template, len(template)) - return self.adb.from_ctypes(template) - - def C_FindObjectsInit(self, session, template = None, **kwargs): - if kwargs: - assert not template - template = kwargs - if template: - self.d.C_FindObjectsInit(session, self.adb.to_ctypes(template), len(template)) - else: - self.d.C_FindObjectsInit(session, None, 0) - - def C_FindObjects(self, session, chunk_size = 10): - objects = (CK_OBJECT_HANDLE * chunk_size)() - count = CK_ULONG(1) - while count.value > 0: - self.d.C_FindObjects(session, objects, len(objects), byref(count)) - for i in range(count.value): - yield objects[i] - - def FindObjects(self, session, template = None, **kwargs): - self.C_FindObjectsInit(session, template, **kwargs) - result = tuple(self.C_FindObjects(session)) - self.C_FindObjectsFinal(session) - return result - - def _parse_GenerateKeyPair_template(self, - # Attributes common to public and private templates - CKA_ID, - CKA_LABEL = None, - CKA_TOKEN = False, - # Attributes only in private template - CKA_SIGN = False, - CKA_DECRYPT = False, - CKA_UNWRAP = False, - CKA_SENSITIVE = True, - CKA_PRIVATE = True, - CKA_EXTRACTABLE = False, - # Finer-grained control for CKA_TOKEN - public_CKA_TOKEN = False, - private_CKA_TOKEN = False, - # Anything else is only in public template - **kwargs): - if CKA_LABEL is None: - CKA_LABEL = CKA_ID - return (dict(kwargs, - CKA_LABEL = CKA_LABEL, - CKA_ID = CKA_ID, - CKA_TOKEN = public_CKA_TOKEN or CKA_TOKEN), - dict(CKA_LABEL = CKA_LABEL, - CKA_ID = CKA_ID, - CKA_TOKEN = private_CKA_TOKEN or CKA_TOKEN, - CKA_SIGN = CKA_SIGN, - CKA_DECRYPT = CKA_DECRYPT, - CKA_UNWRAP = CKA_UNWRAP, - CKA_SENSITIVE = CKA_SENSITIVE, - CKA_PRIVATE = CKA_PRIVATE, - CKA_EXTRACTABLE = CKA_EXTRACTABLE)) - - def C_GenerateKeyPair(self, session, mechanism_type, public_template = None, private_template = None, **kwargs): - if kwargs: - assert not public_template and not private_template - public_template, private_template = self._parse_GenerateKeyPair_template(**kwargs) - public_template = self.adb.to_ctypes(public_template) - private_template = self.adb.to_ctypes(private_template) - mechanism = CK_MECHANISM(mechanism_type, None, 0) - public_handle = CK_OBJECT_HANDLE() - private_handle = CK_OBJECT_HANDLE() - self.d.C_GenerateKeyPair(session, byref(mechanism), - public_template, len(public_template), - private_template, len(private_template), - byref(public_handle), byref(private_handle)) - return public_handle.value, private_handle.value - - def C_SignInit(self, session, mechanism_type, private_key): - mechanism = CK_MECHANISM(mechanism_type, None, 0) - self.d.C_SignInit(session, byref(mechanism), private_key) - - def C_Sign(self, session, data): - n = CK_ULONG() - self.d.C_Sign(session, data, len(data), None, byref(n)) - sig = create_string_buffer(n.value) - self.d.C_Sign(session, data, len(data), sig, byref(n)) - return sig.raw - - def C_SignUpdate(self, session, data): - self.d.C_SignUpdate(session, data, len(data)) - - def C_SignFinal(self, session): - n = CK_ULONG() - self.d.C_SignFinal(session, None, byref(n)) - sig = create_string_buffer(n.value) - self.d.C_SignFinal(session, sig, byref(n)) - return sig.raw - - def C_VerifyInit(self, session, mechanism_type, public_key): - mechanism = CK_MECHANISM(mechanism_type, None, 0) - self.d.C_VerifyInit(session, byref(mechanism), public_key) - - def C_Verify(self, session, data, signature): - self.d.C_Verify(session, data, len(data), signature, len(signature)) - - def C_VerifyUpdate(self, session, data): - self.d.C_VerifyUpdate(session, data, len(data)) - - def C_VerifyFinal(self, session, signature): - self.d.C_VerifyFinal(session, signature, len(signature)) - - def C_CreateObject(self, session, template = None, **kwargs): - if kwargs: - assert not template - template = kwargs - template = self.adb.to_ctypes(template) - handle = CK_OBJECT_HANDLE() - self.d.C_CreateObject(session, template, len(template), byref(handle)) - return handle.value - - def C_DigestInit(self, session, mechanism_type): - mechanism = CK_MECHANISM(mechanism_type, None, 0) - self.d.C_DigestInit(session, byref(mechanism)) - - def C_Digest(self, session, data): - n = CK_ULONG() - self.d.C_Digest(session, data, len(data), None, byref(n)) - hash = create_string_buffer(n.value) - self.d.C_Digest(session, data, len(data), hash, byref(n)) - return hash.raw - - def C_DigestUpdate(self, session, data): - self.d.C_DigestUpdate(session, data, len(data)) - - def C_DigestFinal(self, session): - n = CK_ULONG() - self.d.C_DigestFinal(session, None, byref(n)) - hash = create_string_buffer(n.value) - self.d.C_DigestFinal(session, hash, byref(n)) - return hash.raw + """ + PKCS #11 API object, encapsulating the PKCS #11 library itself. + Sample usage: + + from cryptech.py11 import * + + p11 = PKCS11() + p11.C_Initialize() + session = p11.C_OpenSession() + p11.C_login(session, CK_USER, "secret") + p11.C_FindObjectsInit(session, {CKA_CLASS: CKO_PRIVATE_KEY, CKA_KEY_TYPE: CKK_EC, CKA_ID: foo}) + keys = list(p11.C_FindObjects(session)) + p11.C_FindObjectsFinal(session) + if len(keys) != 1: + raise RuntimeError + p11.C_SignInit(session, CK_ECDSA_SHA256, keys[0]) + sig = p11.Sign(session, "Your mother was a hamster") + p11.C_CloseAllSessions(slot) + p11.C_Finalize() + + The full raw PKCS #11 API is available via the .so attribute, but + using this can be tricky, both because it requires strict adherence + to the C API and because one needs to be careful not to run afoul of + the Python garbage collector. + + The example above uses a set of interface routines built on top of the + raw PKCS #11 API, which map the API into something a bit more Pythonic. + """ + + # Whether to use C_GetFunctionList() instead of dynamic link symbols. + use_C_GetFunctionList = False + + def __init__(self, so_name = default_so_name): + self.so_name = so_name + self.so = CDLL(so_name) + self.d = type("Dispatch", (object,), {})() + for name, args in Prototypes: + try: + func = getattr(self.so, name) + except AttributeError: + self.use_C_GetFunctionList = True + else: + func.restype = CK_RV + func.argtypes = args + func.errcheck = CKR_Exception.raise_on_failure + setattr(self.d, name, func) + if self.use_C_GetFunctionList: + functions = CK_FUNCTION_LIST_PTR() + self.so.C_GetFunctionList(byref(functions)) + for name, args in Prototypes: + func = getattr(functions.contents, name) + func.errcheck = CKR_Exception.raise_on_failure + setattr(self.d, name, func) + self.adb = AttributeDB() + + def __getattr__(self, name): + try: + return getattr(self.d, name) + except AttributeError: + return getattr(self.so, name) + + def C_GetFunctionList(self): + return self + + @property + def version(self): + info = CK_INFO() + self.d.C_GetInfo(byref(info)) + return info.cryptokiVersion + + # Be very careful if you try to provide your own locking functions. + # For most purposes, if you really just want locking, you're best + # off specifying CKF_OS_LOCKING_OK and letting the C code deal with + # it. The one case where you might want to provide your own locking + # is when writing tests to verify behavior of the locking code. + # + # We have to stash references to the callback functions passed to + # C_Initialize() to avoid dumping core when the garbage collector + # deletes the function pointer instances out from under the C code. + + def C_Initialize(self, flags = 0, create_mutex = None, destroy_mutex = None, lock_mutex = None, unlock_mutex = None): + if flags == 0 and create_mutex is None and destroy_mutex is None and lock_mutex is None and unlock_mutex is None: + self._C_Initialize_args = None + self.d.C_Initialize(None) + else: + create_mutex = CK_CREATEMUTEX() if create_mutex is None else CK_CREATEMUTEX(create_mutex) + destroy_mutex = CK_DESTROYMUTEX() if destroy_mutex is None else CK_DESTROYMUTEX(destroy_mutex) + lock_mutex = CK_LOCKMUTEX() if lock_mutex is None else CK_LOCKMUTEX(lock_mutex) + unlock_mutex = CK_UNLOCKMUTEX() if unlock_mutex is None else CK_UNLOCKMUTEX(unlock_mutex) + self._C_Initialize_args = CK_C_INITIALIZE_ARGS(create_mutex, destroy_mutex, + lock_mutex, unlock_mutex, flags, None) + self.d.C_Initialize(cast(byref(self._C_Initialize_args), CK_VOID_PTR)) + + def C_Finalize(self): + self.d.C_Finalize(None) + self._C_Initialize_args = None + + def C_GetSlotList(self): + count = CK_ULONG() + self.d.C_GetSlotList(CK_TRUE, None, byref(count)) + slots = (CK_SLOT_ID * count.value)() + self.d.C_GetSlotList(CK_TRUE, slots, byref(count)) + return tuple(slots[i] for i in range(count.value)) + + def C_GetTokenInfo(self, slot_id): + token_info = CK_TOKEN_INFO() + self.d.C_GetTokenInfo(slot_id, byref(token_info)) + return token_info + + def C_OpenSession(self, slot, flags = CKF_RW_SESSION, application = None, notify = CK_NOTIFY()): + flags |= CKF_SERIAL_SESSION + handle = CK_SESSION_HANDLE() + self.d.C_OpenSession(slot, flags, application, notify, byref(handle)) + return handle.value + + def C_GenerateRandom(self, session, n): + buffer = create_string_buffer(n) + self.d.C_GenerateRandom(session, buffer, sizeof(buffer)) + return buffer.raw + + def C_Login(self, session, user, pin): + pin = pin.encode() + self.d.C_Login(session, user, pin, len(pin)) + + def C_GetAttributeValue(self, session_handle, object_handle, *attributes): + if len(attributes) == 1 and isinstance(attributes[0], (list, tuple)): + attributes = attributes[0] + template = self.adb.getvalue_create_template(attributes) + self.d.C_GetAttributeValue(session_handle, object_handle, template, len(template)) + self.adb.getvalue_allocate_template(template) + self.d.C_GetAttributeValue(session_handle, object_handle, template, len(template)) + return self.adb.from_ctypes(template) + + def C_FindObjectsInit(self, session, template = None, **kwargs): + if kwargs: + assert not template + template = kwargs + if template: + self.d.C_FindObjectsInit(session, self.adb.to_ctypes(template), len(template)) + else: + self.d.C_FindObjectsInit(session, None, 0) + + def C_FindObjects(self, session, chunk_size = 10): + objects = (CK_OBJECT_HANDLE * chunk_size)() + count = CK_ULONG(1) + while count.value > 0: + self.d.C_FindObjects(session, objects, len(objects), byref(count)) + for i in range(count.value): + yield objects[i] + + def FindObjects(self, session, template = None, **kwargs): + self.C_FindObjectsInit(session, template, **kwargs) + result = tuple(self.C_FindObjects(session)) + self.C_FindObjectsFinal(session) + return result + + def _parse_GenerateKeyPair_template(self, + # Attributes common to public and private templates + CKA_ID, + CKA_LABEL = None, + CKA_TOKEN = False, + # Attributes only in private template + CKA_SIGN = False, + CKA_DECRYPT = False, + CKA_UNWRAP = False, + CKA_SENSITIVE = True, + CKA_PRIVATE = True, + CKA_EXTRACTABLE = False, + # Finer-grained control for CKA_TOKEN + public_CKA_TOKEN = False, + private_CKA_TOKEN = False, + # Anything else is only in public template + **kwargs): + if CKA_LABEL is None: + CKA_LABEL = CKA_ID + return (dict(kwargs, + CKA_LABEL = CKA_LABEL, + CKA_ID = CKA_ID, + CKA_TOKEN = public_CKA_TOKEN or CKA_TOKEN), + dict(CKA_LABEL = CKA_LABEL, + CKA_ID = CKA_ID, + CKA_TOKEN = private_CKA_TOKEN or CKA_TOKEN, + CKA_SIGN = CKA_SIGN, + CKA_DECRYPT = CKA_DECRYPT, + CKA_UNWRAP = CKA_UNWRAP, + CKA_SENSITIVE = CKA_SENSITIVE, + CKA_PRIVATE = CKA_PRIVATE, + CKA_EXTRACTABLE = CKA_EXTRACTABLE)) + + def C_GenerateKeyPair(self, session, mechanism_type, public_template = None, private_template = None, **kwargs): + if kwargs: + assert not public_template and not private_template + public_template, private_template = self._parse_GenerateKeyPair_template(**kwargs) + public_template = self.adb.to_ctypes(public_template) + private_template = self.adb.to_ctypes(private_template) + mechanism = CK_MECHANISM(mechanism_type, None, 0) + public_handle = CK_OBJECT_HANDLE() + private_handle = CK_OBJECT_HANDLE() + self.d.C_GenerateKeyPair(session, byref(mechanism), + public_template, len(public_template), + private_template, len(private_template), + byref(public_handle), byref(private_handle)) + return public_handle.value, private_handle.value + + def C_SignInit(self, session, mechanism_type, private_key): + mechanism = CK_MECHANISM(mechanism_type, None, 0) + self.d.C_SignInit(session, byref(mechanism), private_key) + + def C_Sign(self, session, data): + n = CK_ULONG() + self.d.C_Sign(session, data, len(data), None, byref(n)) + sig = create_string_buffer(n.value) + self.d.C_Sign(session, data, len(data), sig, byref(n)) + return sig.raw + + def C_SignUpdate(self, session, data): + self.d.C_SignUpdate(session, data, len(data)) + + def C_SignFinal(self, session): + n = CK_ULONG() + self.d.C_SignFinal(session, None, byref(n)) + sig = create_string_buffer(n.value) + self.d.C_SignFinal(session, sig, byref(n)) + return sig.raw + + def C_VerifyInit(self, session, mechanism_type, public_key): + mechanism = CK_MECHANISM(mechanism_type, None, 0) + self.d.C_VerifyInit(session, byref(mechanism), public_key) + + def C_Verify(self, session, data, signature): + self.d.C_Verify(session, data, len(data), signature, len(signature)) + + def C_VerifyUpdate(self, session, data): + self.d.C_VerifyUpdate(session, data, len(data)) + + def C_VerifyFinal(self, session, signature): + self.d.C_VerifyFinal(session, signature, len(signature)) + + def C_CreateObject(self, session, template = None, **kwargs): + if kwargs: + assert not template + template = kwargs + template = self.adb.to_ctypes(template) + handle = CK_OBJECT_HANDLE() + self.d.C_CreateObject(session, template, len(template), byref(handle)) + return handle.value + + def C_DigestInit(self, session, mechanism_type): + mechanism = CK_MECHANISM(mechanism_type, None, 0) + self.d.C_DigestInit(session, byref(mechanism)) + + def C_Digest(self, session, data): + n = CK_ULONG() + self.d.C_Digest(session, data, len(data), None, byref(n)) + hash = create_string_buffer(n.value) + self.d.C_Digest(session, data, len(data), hash, byref(n)) + return hash.raw + + def C_DigestUpdate(self, session, data): + self.d.C_DigestUpdate(session, data, len(data)) + + def C_DigestFinal(self, session): + n = CK_ULONG() + self.d.C_DigestFinal(session, None, byref(n)) + hash = create_string_buffer(n.value) + self.d.C_DigestFinal(session, hash, byref(n)) + return hash.raw __all__ = ["PKCS11"] __all__.extend(name for name in globals() diff --git a/cryptech/py11/attributes.py b/cryptech/py11/attributes.py index c6a87da..035677c 100644 --- a/cryptech/py11/attributes.py +++ b/cryptech/py11/attributes.py @@ -15,7 +15,7 @@ class Attribute(object): from . import types assert attribute_name.startswith("CKA_") attribute_number = getattr(constants, attribute_name) - type_class = getattr(types, type_name, str) + type_class = getattr(types, type_name, bytes) if type_class is CK_BBOOL: cls = Attribute_CK_BBOOL elif type_class is CK_ULONG: @@ -35,15 +35,15 @@ class Attribute(object): def decode(self, x): return x class Attribute_CK_BBOOL(Attribute): - def encode(self, x): return chr(int(x)) - def decode(self, x): return bool(ord(x)) + def encode(self, x): return pack("B", int(x)) + def decode(self, x): return bool(unpack("B", x)[0]) class Attribute_CK_ULONG(Attribute): def encode(self, x): return pack("L", x) def decode(self, x): return unpack("L", x)[0] class Attribute_biginteger(Attribute): - def encode(self, x): return "\x00" if x == 0 else unhexlify("{0:0{1}x".format(x, ((x.bit_length() + 7) / 8) * 2)) + def encode(self, x): return "\x00" if x == 0 else unhexlify("{0:0{1}x}".format(x, ((x.bit_length() + 7) // 8) * 2)) def decode(self, x): return int(hexlify(x), 16) diff --git a/cryptech/py11/constants.py b/cryptech/py11/constants.py index a8392ea..4ef6914 100644 --- a/cryptech/py11/constants.py +++ b/cryptech/py11/constants.py @@ -41,575 +41,575 @@ CKF_LOGIN_REQUIRED = 0x00000004 CKF_USER_PIN_INITIALIZED = 0x00000008 CKF_RESTORE_KEY_NOT_NEEDED = 0x00000020 CKF_CLOCK_ON_TOKEN = 0x00000040 -CKF_PROTECTED_AUTHENTICATION_PATH = 0x00000100 -CKF_DUAL_CRYPTO_OPERATIONS = 0x00000200 -CKF_TOKEN_INITIALIZED = 0x00000400 -CKF_SECONDARY_AUTHENTICATION = 0x00000800 -CKF_USER_PIN_COUNT_LOW = 0x00010000 -CKF_USER_PIN_FINAL_TRY = 0x00020000 -CKF_USER_PIN_LOCKED = 0x00040000 -CKF_USER_PIN_TO_BE_CHANGED = 0x00080000 -CKF_SO_PIN_COUNT_LOW = 0x00100000 -CKF_SO_PIN_FINAL_TRY = 0x00200000 -CKF_SO_PIN_LOCKED = 0x00400000 -CKF_SO_PIN_TO_BE_CHANGED = 0x00800000 +CKF_PROTECTED_AUTHENTICATION_PATH = 0x00000100 +CKF_DUAL_CRYPTO_OPERATIONS = 0x00000200 +CKF_TOKEN_INITIALIZED = 0x00000400 +CKF_SECONDARY_AUTHENTICATION = 0x00000800 +CKF_USER_PIN_COUNT_LOW = 0x00010000 +CKF_USER_PIN_FINAL_TRY = 0x00020000 +CKF_USER_PIN_LOCKED = 0x00040000 +CKF_USER_PIN_TO_BE_CHANGED = 0x00080000 +CKF_SO_PIN_COUNT_LOW = 0x00100000 +CKF_SO_PIN_FINAL_TRY = 0x00200000 +CKF_SO_PIN_LOCKED = 0x00400000 +CKF_SO_PIN_TO_BE_CHANGED = 0x00800000 CKF_ERROR_STATE = 0x01000000 CKU_SO = 0 CKU_USER = 1 -CKU_CONTEXT_SPECIFIC = 2 +CKU_CONTEXT_SPECIFIC = 2 -CKS_RO_PUBLIC_SESSION = 0 -CKS_RO_USER_FUNCTIONS = 1 -CKS_RW_PUBLIC_SESSION = 2 -CKS_RW_USER_FUNCTIONS = 3 -CKS_RW_SO_FUNCTIONS = 4 +CKS_RO_PUBLIC_SESSION = 0 +CKS_RO_USER_FUNCTIONS = 1 +CKS_RW_PUBLIC_SESSION = 2 +CKS_RW_USER_FUNCTIONS = 3 +CKS_RW_SO_FUNCTIONS = 4 CKF_RW_SESSION = 0x00000002 -CKF_SERIAL_SESSION = 0x00000004 +CKF_SERIAL_SESSION = 0x00000004 CKO_DATA = 0x00000000 CKO_CERTIFICATE = 0x00000001 CKO_PUBLIC_KEY = 0x00000002 -CKO_PRIVATE_KEY = 0x00000003 -CKO_SECRET_KEY = 0x00000004 -CKO_HW_FEATURE = 0x00000005 -CKO_DOMAIN_PARAMETERS = 0x00000006 -CKO_MECHANISM = 0x00000007 -CKO_OTP_KEY = 0x00000008 -CKO_VENDOR_DEFINED = 0x80000000 +CKO_PRIVATE_KEY = 0x00000003 +CKO_SECRET_KEY = 0x00000004 +CKO_HW_FEATURE = 0x00000005 +CKO_DOMAIN_PARAMETERS = 0x00000006 +CKO_MECHANISM = 0x00000007 +CKO_OTP_KEY = 0x00000008 +CKO_VENDOR_DEFINED = 0x80000000 -CKH_MONOTONIC_COUNTER = 0x00000001 -CKH_CLOCK = 0x00000002 -CKH_USER_INTERFACE = 0x00000003 -CKH_VENDOR_DEFINED = 0x80000000 +CKH_MONOTONIC_COUNTER = 0x00000001 +CKH_CLOCK = 0x00000002 +CKH_USER_INTERFACE = 0x00000003 +CKH_VENDOR_DEFINED = 0x80000000 -CKK_RSA = 0x00000000 -CKK_DSA = 0x00000001 -CKK_DH = 0x00000002 -CKK_ECDSA = 0x00000003 -CKK_EC = 0x00000003 -CKK_X9_42_DH = 0x00000004 -CKK_KEA = 0x00000005 -CKK_GENERIC_SECRET = 0x00000010 -CKK_RC2 = 0x00000011 -CKK_RC4 = 0x00000012 -CKK_DES = 0x00000013 -CKK_DES2 = 0x00000014 -CKK_DES3 = 0x00000015 -CKK_CAST = 0x00000016 -CKK_CAST3 = 0x00000017 -CKK_CAST5 = 0x00000018 -CKK_CAST128 = 0x00000018 -CKK_RC5 = 0x00000019 -CKK_IDEA = 0x0000001A -CKK_SKIPJACK = 0x0000001B -CKK_BATON = 0x0000001C -CKK_JUNIPER = 0x0000001D -CKK_CDMF = 0x0000001E -CKK_AES = 0x0000001F -CKK_BLOWFISH = 0x00000020 -CKK_TWOFISH = 0x00000021 -CKK_SECURID = 0x00000022 -CKK_HOTP = 0x00000023 -CKK_ACTI = 0x00000024 -CKK_CAMELLIA = 0x00000025 -CKK_ARIA = 0x00000026 -CKK_MD5_HMAC = 0x00000027 -CKK_SHA_1_HMAC = 0x00000028 -CKK_RIPEMD128_HMAC = 0x00000029 -CKK_RIPEMD160_HMAC = 0x0000002A -CKK_SHA256_HMAC = 0x0000002B -CKK_SHA384_HMAC = 0x0000002C -CKK_SHA512_HMAC = 0x0000002D -CKK_SHA224_HMAC = 0x0000002E -CKK_SEED = 0x0000002F -CKK_GOSTR3410 = 0x00000030 -CKK_GOSTR3411 = 0x00000031 -CKK_GOST28147 = 0x00000032 -CKK_VENDOR_DEFINED = 0x80000000 +CKK_RSA = 0x00000000 +CKK_DSA = 0x00000001 +CKK_DH = 0x00000002 +CKK_ECDSA = 0x00000003 +CKK_EC = 0x00000003 +CKK_X9_42_DH = 0x00000004 +CKK_KEA = 0x00000005 +CKK_GENERIC_SECRET = 0x00000010 +CKK_RC2 = 0x00000011 +CKK_RC4 = 0x00000012 +CKK_DES = 0x00000013 +CKK_DES2 = 0x00000014 +CKK_DES3 = 0x00000015 +CKK_CAST = 0x00000016 +CKK_CAST3 = 0x00000017 +CKK_CAST5 = 0x00000018 +CKK_CAST128 = 0x00000018 +CKK_RC5 = 0x00000019 +CKK_IDEA = 0x0000001A +CKK_SKIPJACK = 0x0000001B +CKK_BATON = 0x0000001C +CKK_JUNIPER = 0x0000001D +CKK_CDMF = 0x0000001E +CKK_AES = 0x0000001F +CKK_BLOWFISH = 0x00000020 +CKK_TWOFISH = 0x00000021 +CKK_SECURID = 0x00000022 +CKK_HOTP = 0x00000023 +CKK_ACTI = 0x00000024 +CKK_CAMELLIA = 0x00000025 +CKK_ARIA = 0x00000026 +CKK_MD5_HMAC = 0x00000027 +CKK_SHA_1_HMAC = 0x00000028 +CKK_RIPEMD128_HMAC = 0x00000029 +CKK_RIPEMD160_HMAC = 0x0000002A +CKK_SHA256_HMAC = 0x0000002B +CKK_SHA384_HMAC = 0x0000002C +CKK_SHA512_HMAC = 0x0000002D +CKK_SHA224_HMAC = 0x0000002E +CKK_SEED = 0x0000002F +CKK_GOSTR3410 = 0x00000030 +CKK_GOSTR3411 = 0x00000031 +CKK_GOST28147 = 0x00000032 +CKK_VENDOR_DEFINED = 0x80000000 -CKC_X_509 = 0x00000000 -CKC_X_509_ATTR_CERT = 0x00000001 -CKC_WTLS = 0x00000002 -CKC_VENDOR_DEFINED = 0x80000000 +CKC_X_509 = 0x00000000 +CKC_X_509_ATTR_CERT = 0x00000001 +CKC_WTLS = 0x00000002 +CKC_VENDOR_DEFINED = 0x80000000 -CKF_ARRAY_ATTRIBUTE = 0x40000000 +CKF_ARRAY_ATTRIBUTE = 0x40000000 -CK_OTP_FORMAT_DECIMAL = 0 -CK_OTP_FORMAT_HEXADECIMAL = 1 -CK_OTP_FORMAT_ALPHANUMERIC = 2 -CK_OTP_FORMAT_BINARY = 3 +CK_OTP_FORMAT_DECIMAL = 0 +CK_OTP_FORMAT_HEXADECIMAL = 1 +CK_OTP_FORMAT_ALPHANUMERIC = 2 +CK_OTP_FORMAT_BINARY = 3 -CK_OTP_PARAM_IGNORED = 0 -CK_OTP_PARAM_OPTIONAL = 1 -CK_OTP_PARAM_MANDATORY = 2 +CK_OTP_PARAM_IGNORED = 0 +CK_OTP_PARAM_OPTIONAL = 1 +CK_OTP_PARAM_MANDATORY = 2 -CKA_CLASS = 0x00000000 -CKA_TOKEN = 0x00000001 -CKA_PRIVATE = 0x00000002 -CKA_LABEL = 0x00000003 -CKA_APPLICATION = 0x00000010 -CKA_VALUE = 0x00000011 -CKA_OBJECT_ID = 0x00000012 -CKA_CERTIFICATE_TYPE = 0x00000080 -CKA_ISSUER = 0x00000081 -CKA_SERIAL_NUMBER = 0x00000082 -CKA_AC_ISSUER = 0x00000083 -CKA_OWNER = 0x00000084 -CKA_ATTR_TYPES = 0x00000085 -CKA_TRUSTED = 0x00000086 -CKA_CERTIFICATE_CATEGORY = 0x00000087 -CKA_JAVA_MIDP_SECURITY_DOMAIN = 0x00000088 -CKA_URL = 0x00000089 -CKA_HASH_OF_SUBJECT_PUBLIC_KEY = 0x0000008A -CKA_HASH_OF_ISSUER_PUBLIC_KEY = 0x0000008B -CKA_CHECK_VALUE = 0x00000090 -CKA_KEY_TYPE = 0x00000100 -CKA_SUBJECT = 0x00000101 +CKA_CLASS = 0x00000000 +CKA_TOKEN = 0x00000001 +CKA_PRIVATE = 0x00000002 +CKA_LABEL = 0x00000003 +CKA_APPLICATION = 0x00000010 +CKA_VALUE = 0x00000011 +CKA_OBJECT_ID = 0x00000012 +CKA_CERTIFICATE_TYPE = 0x00000080 +CKA_ISSUER = 0x00000081 +CKA_SERIAL_NUMBER = 0x00000082 +CKA_AC_ISSUER = 0x00000083 +CKA_OWNER = 0x00000084 +CKA_ATTR_TYPES = 0x00000085 +CKA_TRUSTED = 0x00000086 +CKA_CERTIFICATE_CATEGORY = 0x00000087 +CKA_JAVA_MIDP_SECURITY_DOMAIN = 0x00000088 +CKA_URL = 0x00000089 +CKA_HASH_OF_SUBJECT_PUBLIC_KEY = 0x0000008A +CKA_HASH_OF_ISSUER_PUBLIC_KEY = 0x0000008B +CKA_CHECK_VALUE = 0x00000090 +CKA_KEY_TYPE = 0x00000100 +CKA_SUBJECT = 0x00000101 CKA_ID = 0x00000102 -CKA_SENSITIVE = 0x00000103 -CKA_ENCRYPT = 0x00000104 -CKA_DECRYPT = 0x00000105 -CKA_WRAP = 0x00000106 -CKA_UNWRAP = 0x00000107 -CKA_SIGN = 0x00000108 -CKA_SIGN_RECOVER = 0x00000109 -CKA_VERIFY = 0x0000010A -CKA_VERIFY_RECOVER = 0x0000010B -CKA_DERIVE = 0x0000010C -CKA_START_DATE = 0x00000110 -CKA_END_DATE = 0x00000111 -CKA_MODULUS = 0x00000120 -CKA_MODULUS_BITS = 0x00000121 -CKA_PUBLIC_EXPONENT = 0x00000122 -CKA_PRIVATE_EXPONENT = 0x00000123 -CKA_PRIME_1 = 0x00000124 -CKA_PRIME_2 = 0x00000125 -CKA_EXPONENT_1 = 0x00000126 -CKA_EXPONENT_2 = 0x00000127 -CKA_COEFFICIENT = 0x00000128 -CKA_PRIME = 0x00000130 -CKA_SUBPRIME = 0x00000131 -CKA_BASE = 0x00000132 -CKA_PRIME_BITS = 0x00000133 -CKA_SUBPRIME_BITS = 0x00000134 -CKA_SUB_PRIME_BITS = CKA_SUBPRIME_BITS -CKA_VALUE_BITS = 0x00000160 -CKA_VALUE_LEN = 0x00000161 -CKA_EXTRACTABLE = 0x00000162 -CKA_LOCAL = 0x00000163 -CKA_NEVER_EXTRACTABLE = 0x00000164 -CKA_ALWAYS_SENSITIVE = 0x00000165 -CKA_KEY_GEN_MECHANISM = 0x00000166 -CKA_MODIFIABLE = 0x00000170 -CKA_ECDSA_PARAMS = 0x00000180 -CKA_EC_PARAMS = 0x00000180 -CKA_EC_POINT = 0x00000181 -CKA_SECONDARY_AUTH = 0x00000200 -CKA_AUTH_PIN_FLAGS = 0x00000201 -CKA_ALWAYS_AUTHENTICATE = 0x00000202 -CKA_WRAP_WITH_TRUSTED = 0x00000210 -CKA_WRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE|0x00000211) -CKA_UNWRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE|0x00000212) -CKA_DERIVE_TEMPLATE = (CKF_ARRAY_ATTRIBUTE|0x00000213) -CKA_OTP_FORMAT = 0x00000220 -CKA_OTP_LENGTH = 0x00000221 -CKA_OTP_TIME_INTERVAL = 0x00000222 -CKA_OTP_USER_FRIENDLY_MODE = 0x00000223 -CKA_OTP_CHALLENGE_REQUIREMENT = 0x00000224 -CKA_OTP_TIME_REQUIREMENT = 0x00000225 -CKA_OTP_COUNTER_REQUIREMENT = 0x00000226 -CKA_OTP_PIN_REQUIREMENT = 0x00000227 -CKA_OTP_COUNTER = 0x0000022E -CKA_OTP_TIME = 0x0000022F -CKA_OTP_USER_IDENTIFIER = 0x0000022A +CKA_SENSITIVE = 0x00000103 +CKA_ENCRYPT = 0x00000104 +CKA_DECRYPT = 0x00000105 +CKA_WRAP = 0x00000106 +CKA_UNWRAP = 0x00000107 +CKA_SIGN = 0x00000108 +CKA_SIGN_RECOVER = 0x00000109 +CKA_VERIFY = 0x0000010A +CKA_VERIFY_RECOVER = 0x0000010B +CKA_DERIVE = 0x0000010C +CKA_START_DATE = 0x00000110 +CKA_END_DATE = 0x00000111 +CKA_MODULUS = 0x00000120 +CKA_MODULUS_BITS = 0x00000121 +CKA_PUBLIC_EXPONENT = 0x00000122 +CKA_PRIVATE_EXPONENT = 0x00000123 +CKA_PRIME_1 = 0x00000124 +CKA_PRIME_2 = 0x00000125 +CKA_EXPONENT_1 = 0x00000126 +CKA_EXPONENT_2 = 0x00000127 +CKA_COEFFICIENT = 0x00000128 +CKA_PRIME = 0x00000130 +CKA_SUBPRIME = 0x00000131 +CKA_BASE = 0x00000132 +CKA_PRIME_BITS = 0x00000133 +CKA_SUBPRIME_BITS = 0x00000134 +CKA_SUB_PRIME_BITS = CKA_SUBPRIME_BITS +CKA_VALUE_BITS = 0x00000160 +CKA_VALUE_LEN = 0x00000161 +CKA_EXTRACTABLE = 0x00000162 +CKA_LOCAL = 0x00000163 +CKA_NEVER_EXTRACTABLE = 0x00000164 +CKA_ALWAYS_SENSITIVE = 0x00000165 +CKA_KEY_GEN_MECHANISM = 0x00000166 +CKA_MODIFIABLE = 0x00000170 +CKA_ECDSA_PARAMS = 0x00000180 +CKA_EC_PARAMS = 0x00000180 +CKA_EC_POINT = 0x00000181 +CKA_SECONDARY_AUTH = 0x00000200 +CKA_AUTH_PIN_FLAGS = 0x00000201 +CKA_ALWAYS_AUTHENTICATE = 0x00000202 +CKA_WRAP_WITH_TRUSTED = 0x00000210 +CKA_WRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE|0x00000211) +CKA_UNWRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE|0x00000212) +CKA_DERIVE_TEMPLATE = (CKF_ARRAY_ATTRIBUTE|0x00000213) +CKA_OTP_FORMAT = 0x00000220 +CKA_OTP_LENGTH = 0x00000221 +CKA_OTP_TIME_INTERVAL = 0x00000222 +CKA_OTP_USER_FRIENDLY_MODE = 0x00000223 +CKA_OTP_CHALLENGE_REQUIREMENT = 0x00000224 +CKA_OTP_TIME_REQUIREMENT = 0x00000225 +CKA_OTP_COUNTER_REQUIREMENT = 0x00000226 +CKA_OTP_PIN_REQUIREMENT = 0x00000227 +CKA_OTP_COUNTER = 0x0000022E +CKA_OTP_TIME = 0x0000022F +CKA_OTP_USER_IDENTIFIER = 0x0000022A CKA_OTP_SERVICE_IDENTIFIER = 0x0000022B -CKA_OTP_SERVICE_LOGO = 0x0000022C -CKA_OTP_SERVICE_LOGO_TYPE = 0x0000022D -CKA_GOSTR3410_PARAMS = 0x00000250 -CKA_GOSTR3411_PARAMS = 0x00000251 -CKA_GOST28147_PARAMS = 0x00000252 -CKA_HW_FEATURE_TYPE = 0x00000300 -CKA_RESET_ON_INIT = 0x00000301 -CKA_HAS_RESET = 0x00000302 -CKA_PIXEL_X = 0x00000400 -CKA_PIXEL_Y = 0x00000401 -CKA_RESOLUTION = 0x00000402 -CKA_CHAR_ROWS = 0x00000403 -CKA_CHAR_COLUMNS = 0x00000404 -CKA_COLOR = 0x00000405 -CKA_BITS_PER_PIXEL = 0x00000406 -CKA_CHAR_SETS = 0x00000480 -CKA_ENCODING_METHODS = 0x00000481 -CKA_MIME_TYPES = 0x00000482 -CKA_MECHANISM_TYPE = 0x00000500 -CKA_REQUIRED_CMS_ATTRIBUTES = 0x00000501 -CKA_DEFAULT_CMS_ATTRIBUTES = 0x00000502 -CKA_SUPPORTED_CMS_ATTRIBUTES = 0x00000503 -CKA_ALLOWED_MECHANISMS = (CKF_ARRAY_ATTRIBUTE|0x00000600) -CKA_VENDOR_DEFINED = 0x80000000 +CKA_OTP_SERVICE_LOGO = 0x0000022C +CKA_OTP_SERVICE_LOGO_TYPE = 0x0000022D +CKA_GOSTR3410_PARAMS = 0x00000250 +CKA_GOSTR3411_PARAMS = 0x00000251 +CKA_GOST28147_PARAMS = 0x00000252 +CKA_HW_FEATURE_TYPE = 0x00000300 +CKA_RESET_ON_INIT = 0x00000301 +CKA_HAS_RESET = 0x00000302 +CKA_PIXEL_X = 0x00000400 +CKA_PIXEL_Y = 0x00000401 +CKA_RESOLUTION = 0x00000402 +CKA_CHAR_ROWS = 0x00000403 +CKA_CHAR_COLUMNS = 0x00000404 +CKA_COLOR = 0x00000405 +CKA_BITS_PER_PIXEL = 0x00000406 +CKA_CHAR_SETS = 0x00000480 +CKA_ENCODING_METHODS = 0x00000481 +CKA_MIME_TYPES = 0x00000482 +CKA_MECHANISM_TYPE = 0x00000500 +CKA_REQUIRED_CMS_ATTRIBUTES = 0x00000501 +CKA_DEFAULT_CMS_ATTRIBUTES = 0x00000502 +CKA_SUPPORTED_CMS_ATTRIBUTES = 0x00000503 +CKA_ALLOWED_MECHANISMS = (CKF_ARRAY_ATTRIBUTE|0x00000600) +CKA_VENDOR_DEFINED = 0x80000000 -CKM_RSA_PKCS_KEY_PAIR_GEN = 0x00000000 -CKM_RSA_PKCS = 0x00000001 -CKM_RSA_9796 = 0x00000002 -CKM_RSA_X_509 = 0x00000003 -CKM_MD2_RSA_PKCS = 0x00000004 -CKM_MD5_RSA_PKCS = 0x00000005 -CKM_SHA1_RSA_PKCS = 0x00000006 -CKM_RIPEMD128_RSA_PKCS = 0x00000007 -CKM_RIPEMD160_RSA_PKCS = 0x00000008 -CKM_RSA_PKCS_OAEP = 0x00000009 -CKM_RSA_X9_31_KEY_PAIR_GEN = 0x0000000A +CKM_RSA_PKCS_KEY_PAIR_GEN = 0x00000000 +CKM_RSA_PKCS = 0x00000001 +CKM_RSA_9796 = 0x00000002 +CKM_RSA_X_509 = 0x00000003 +CKM_MD2_RSA_PKCS = 0x00000004 +CKM_MD5_RSA_PKCS = 0x00000005 +CKM_SHA1_RSA_PKCS = 0x00000006 +CKM_RIPEMD128_RSA_PKCS = 0x00000007 +CKM_RIPEMD160_RSA_PKCS = 0x00000008 +CKM_RSA_PKCS_OAEP = 0x00000009 +CKM_RSA_X9_31_KEY_PAIR_GEN = 0x0000000A CKM_RSA_X9_31 = 0x0000000B -CKM_SHA1_RSA_X9_31 = 0x0000000C -CKM_RSA_PKCS_PSS = 0x0000000D -CKM_SHA1_RSA_PKCS_PSS = 0x0000000E -CKM_DSA_KEY_PAIR_GEN = 0x00000010 -CKM_DSA = 0x00000011 -CKM_DSA_SHA1 = 0x00000012 -CKM_DSA_SHA224 = 0x00000013 -CKM_DSA_SHA256 = 0x00000014 -CKM_DSA_SHA384 = 0x00000015 -CKM_DSA_SHA512 = 0x00000016 -CKM_DH_PKCS_KEY_PAIR_GEN = 0x00000020 -CKM_DH_PKCS_DERIVE = 0x00000021 -CKM_X9_42_DH_KEY_PAIR_GEN = 0x00000030 -CKM_X9_42_DH_DERIVE = 0x00000031 -CKM_X9_42_DH_HYBRID_DERIVE = 0x00000032 -CKM_X9_42_MQV_DERIVE = 0x00000033 -CKM_SHA256_RSA_PKCS = 0x00000040 -CKM_SHA384_RSA_PKCS = 0x00000041 -CKM_SHA512_RSA_PKCS = 0x00000042 -CKM_SHA256_RSA_PKCS_PSS = 0x00000043 -CKM_SHA384_RSA_PKCS_PSS = 0x00000044 -CKM_SHA512_RSA_PKCS_PSS = 0x00000045 -CKM_SHA224_RSA_PKCS = 0x00000046 -CKM_SHA224_RSA_PKCS_PSS = 0x00000047 -CKM_RC2_KEY_GEN = 0x00000100 -CKM_RC2_ECB = 0x00000101 -CKM_RC2_CBC = 0x00000102 -CKM_RC2_MAC = 0x00000103 -CKM_RC2_MAC_GENERAL = 0x00000104 -CKM_RC2_CBC_PAD = 0x00000105 -CKM_RC4_KEY_GEN = 0x00000110 -CKM_RC4 = 0x00000111 -CKM_DES_KEY_GEN = 0x00000120 -CKM_DES_ECB = 0x00000121 -CKM_DES_CBC = 0x00000122 -CKM_DES_MAC = 0x00000123 -CKM_DES_MAC_GENERAL = 0x00000124 -CKM_DES_CBC_PAD = 0x00000125 -CKM_DES2_KEY_GEN = 0x00000130 -CKM_DES3_KEY_GEN = 0x00000131 -CKM_DES3_ECB = 0x00000132 -CKM_DES3_CBC = 0x00000133 -CKM_DES3_MAC = 0x00000134 -CKM_DES3_MAC_GENERAL = 0x00000135 -CKM_DES3_CBC_PAD = 0x00000136 -CKM_DES3_CMAC_GENERAL = 0x00000137 -CKM_DES3_CMAC = 0x00000138 -CKM_CDMF_KEY_GEN = 0x00000140 -CKM_CDMF_ECB = 0x00000141 -CKM_CDMF_CBC = 0x00000142 -CKM_CDMF_MAC = 0x00000143 -CKM_CDMF_MAC_GENERAL = 0x00000144 -CKM_CDMF_CBC_PAD = 0x00000145 -CKM_DES_OFB64 = 0x00000150 -CKM_DES_OFB8 = 0x00000151 -CKM_DES_CFB64 = 0x00000152 -CKM_DES_CFB8 = 0x00000153 +CKM_SHA1_RSA_X9_31 = 0x0000000C +CKM_RSA_PKCS_PSS = 0x0000000D +CKM_SHA1_RSA_PKCS_PSS = 0x0000000E +CKM_DSA_KEY_PAIR_GEN = 0x00000010 +CKM_DSA = 0x00000011 +CKM_DSA_SHA1 = 0x00000012 +CKM_DSA_SHA224 = 0x00000013 +CKM_DSA_SHA256 = 0x00000014 +CKM_DSA_SHA384 = 0x00000015 +CKM_DSA_SHA512 = 0x00000016 +CKM_DH_PKCS_KEY_PAIR_GEN = 0x00000020 +CKM_DH_PKCS_DERIVE = 0x00000021 +CKM_X9_42_DH_KEY_PAIR_GEN = 0x00000030 +CKM_X9_42_DH_DERIVE = 0x00000031 +CKM_X9_42_DH_HYBRID_DERIVE = 0x00000032 +CKM_X9_42_MQV_DERIVE = 0x00000033 +CKM_SHA256_RSA_PKCS = 0x00000040 +CKM_SHA384_RSA_PKCS = 0x00000041 +CKM_SHA512_RSA_PKCS = 0x00000042 +CKM_SHA256_RSA_PKCS_PSS = 0x00000043 +CKM_SHA384_RSA_PKCS_PSS = 0x00000044 +CKM_SHA512_RSA_PKCS_PSS = 0x00000045 +CKM_SHA224_RSA_PKCS = 0x00000046 +CKM_SHA224_RSA_PKCS_PSS = 0x00000047 +CKM_RC2_KEY_GEN = 0x00000100 +CKM_RC2_ECB = 0x00000101 +CKM_RC2_CBC = 0x00000102 +CKM_RC2_MAC = 0x00000103 +CKM_RC2_MAC_GENERAL = 0x00000104 +CKM_RC2_CBC_PAD = 0x00000105 +CKM_RC4_KEY_GEN = 0x00000110 +CKM_RC4 = 0x00000111 +CKM_DES_KEY_GEN = 0x00000120 +CKM_DES_ECB = 0x00000121 +CKM_DES_CBC = 0x00000122 +CKM_DES_MAC = 0x00000123 +CKM_DES_MAC_GENERAL = 0x00000124 +CKM_DES_CBC_PAD = 0x00000125 +CKM_DES2_KEY_GEN = 0x00000130 +CKM_DES3_KEY_GEN = 0x00000131 +CKM_DES3_ECB = 0x00000132 +CKM_DES3_CBC = 0x00000133 +CKM_DES3_MAC = 0x00000134 +CKM_DES3_MAC_GENERAL = 0x00000135 +CKM_DES3_CBC_PAD = 0x00000136 +CKM_DES3_CMAC_GENERAL = 0x00000137 +CKM_DES3_CMAC = 0x00000138 +CKM_CDMF_KEY_GEN = 0x00000140 +CKM_CDMF_ECB = 0x00000141 +CKM_CDMF_CBC = 0x00000142 +CKM_CDMF_MAC = 0x00000143 +CKM_CDMF_MAC_GENERAL = 0x00000144 +CKM_CDMF_CBC_PAD = 0x00000145 +CKM_DES_OFB64 = 0x00000150 +CKM_DES_OFB8 = 0x00000151 +CKM_DES_CFB64 = 0x00000152 +CKM_DES_CFB8 = 0x00000153 CKM_MD2 = 0x00000200 -CKM_MD2_HMAC = 0x00000201 -CKM_MD2_HMAC_GENERAL = 0x00000202 -CKM_MD5 = 0x00000210 -CKM_MD5_HMAC = 0x00000211 -CKM_MD5_HMAC_GENERAL = 0x00000212 -CKM_SHA_1 = 0x00000220 -CKM_SHA_1_HMAC = 0x00000221 -CKM_SHA_1_HMAC_GENERAL = 0x00000222 -CKM_RIPEMD128 = 0x00000230 -CKM_RIPEMD128_HMAC = 0x00000231 -CKM_RIPEMD128_HMAC_GENERAL = 0x00000232 -CKM_RIPEMD160 = 0x00000240 -CKM_RIPEMD160_HMAC = 0x00000241 -CKM_RIPEMD160_HMAC_GENERAL = 0x00000242 -CKM_SHA256 = 0x00000250 -CKM_SHA256_HMAC = 0x00000251 -CKM_SHA256_HMAC_GENERAL = 0x00000252 -CKM_SHA224 = 0x00000255 -CKM_SHA224_HMAC = 0x00000256 -CKM_SHA224_HMAC_GENERAL = 0x00000257 -CKM_SHA384 = 0x00000260 -CKM_SHA384_HMAC = 0x00000261 -CKM_SHA384_HMAC_GENERAL = 0x00000262 -CKM_SHA512 = 0x00000270 -CKM_SHA512_HMAC = 0x00000271 -CKM_SHA512_HMAC_GENERAL = 0x00000272 -CKM_SECURID_KEY_GEN = 0x00000280 -CKM_SECURID = 0x00000282 -CKM_HOTP_KEY_GEN = 0x00000290 -CKM_HOTP = 0x00000291 -CKM_ACTI = 0x000002A0 -CKM_ACTI_KEY_GEN = 0x000002A1 -CKM_CAST_KEY_GEN = 0x00000300 -CKM_CAST_ECB = 0x00000301 -CKM_CAST_CBC = 0x00000302 -CKM_CAST_MAC = 0x00000303 -CKM_CAST_MAC_GENERAL = 0x00000304 -CKM_CAST_CBC_PAD = 0x00000305 -CKM_CAST3_KEY_GEN = 0x00000310 -CKM_CAST3_ECB = 0x00000311 -CKM_CAST3_CBC = 0x00000312 -CKM_CAST3_MAC = 0x00000313 -CKM_CAST3_MAC_GENERAL = 0x00000314 -CKM_CAST3_CBC_PAD = 0x00000315 -CKM_CAST5_KEY_GEN = 0x00000320 -CKM_CAST128_KEY_GEN = 0x00000320 -CKM_CAST5_ECB = 0x00000321 -CKM_CAST128_ECB = 0x00000321 -CKM_CAST5_CBC = 0x00000322 -CKM_CAST128_CBC = 0x00000322 -CKM_CAST5_MAC = 0x00000323 -CKM_CAST128_MAC = 0x00000323 -CKM_CAST5_MAC_GENERAL = 0x00000324 -CKM_CAST128_MAC_GENERAL = 0x00000324 -CKM_CAST5_CBC_PAD = 0x00000325 -CKM_CAST128_CBC_PAD = 0x00000325 -CKM_RC5_KEY_GEN = 0x00000330 -CKM_RC5_ECB = 0x00000331 -CKM_RC5_CBC = 0x00000332 -CKM_RC5_MAC = 0x00000333 -CKM_RC5_MAC_GENERAL = 0x00000334 -CKM_RC5_CBC_PAD = 0x00000335 -CKM_IDEA_KEY_GEN = 0x00000340 -CKM_IDEA_ECB = 0x00000341 -CKM_IDEA_CBC = 0x00000342 -CKM_IDEA_MAC = 0x00000343 -CKM_IDEA_MAC_GENERAL = 0x00000344 -CKM_IDEA_CBC_PAD = 0x00000345 -CKM_GENERIC_SECRET_KEY_GEN = 0x00000350 -CKM_CONCATENATE_BASE_AND_KEY = 0x00000360 -CKM_CONCATENATE_BASE_AND_DATA = 0x00000362 -CKM_CONCATENATE_DATA_AND_BASE = 0x00000363 -CKM_XOR_BASE_AND_DATA = 0x00000364 -CKM_EXTRACT_KEY_FROM_KEY = 0x00000365 -CKM_SSL3_PRE_MASTER_KEY_GEN = 0x00000370 -CKM_SSL3_MASTER_KEY_DERIVE = 0x00000371 -CKM_SSL3_KEY_AND_MAC_DERIVE = 0x00000372 -CKM_SSL3_MASTER_KEY_DERIVE_DH = 0x00000373 -CKM_TLS_PRE_MASTER_KEY_GEN = 0x00000374 -CKM_TLS_MASTER_KEY_DERIVE = 0x00000375 -CKM_TLS_KEY_AND_MAC_DERIVE = 0x00000376 -CKM_TLS_MASTER_KEY_DERIVE_DH = 0x00000377 -CKM_TLS_PRF = 0x00000378 -CKM_SSL3_MD5_MAC = 0x00000380 -CKM_SSL3_SHA1_MAC = 0x00000381 -CKM_MD5_KEY_DERIVATION = 0x00000390 -CKM_MD2_KEY_DERIVATION = 0x00000391 -CKM_SHA1_KEY_DERIVATION = 0x00000392 -CKM_SHA256_KEY_DERIVATION = 0x00000393 -CKM_SHA384_KEY_DERIVATION = 0x00000394 -CKM_SHA512_KEY_DERIVATION = 0x00000395 -CKM_SHA224_KEY_DERIVATION = 0x00000396 -CKM_PBE_MD2_DES_CBC = 0x000003A0 -CKM_PBE_MD5_DES_CBC = 0x000003A1 -CKM_PBE_MD5_CAST_CBC = 0x000003A2 -CKM_PBE_MD5_CAST3_CBC = 0x000003A3 -CKM_PBE_MD5_CAST5_CBC = 0x000003A4 -CKM_PBE_MD5_CAST128_CBC = 0x000003A4 -CKM_PBE_SHA1_CAST5_CBC = 0x000003A5 -CKM_PBE_SHA1_CAST128_CBC = 0x000003A5 -CKM_PBE_SHA1_RC4_128 = 0x000003A6 -CKM_PBE_SHA1_RC4_40 = 0x000003A7 -CKM_PBE_SHA1_DES3_EDE_CBC = 0x000003A8 -CKM_PBE_SHA1_DES2_EDE_CBC = 0x000003A9 -CKM_PBE_SHA1_RC2_128_CBC = 0x000003AA -CKM_PBE_SHA1_RC2_40_CBC = 0x000003AB -CKM_PKCS5_PBKD2 = 0x000003B0 -CKM_PBA_SHA1_WITH_SHA1_HMAC = 0x000003C0 -CKM_WTLS_PRE_MASTER_KEY_GEN = 0x000003D0 -CKM_WTLS_MASTER_KEY_DERIVE = 0x000003D1 -CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC = 0x000003D2 -CKM_WTLS_PRF = 0x000003D3 -CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE = 0x000003D4 -CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE = 0x000003D5 -CKM_KEY_WRAP_LYNKS = 0x00000400 -CKM_KEY_WRAP_SET_OAEP = 0x00000401 -CKM_CMS_SIG = 0x00000500 -CKM_KIP_DERIVE = 0x00000510 -CKM_KIP_WRAP = 0x00000511 -CKM_KIP_MAC = 0x00000512 -CKM_CAMELLIA_KEY_GEN = 0x00000550 -CKM_CAMELLIA_ECB = 0x00000551 -CKM_CAMELLIA_CBC = 0x00000552 -CKM_CAMELLIA_MAC = 0x00000553 -CKM_CAMELLIA_MAC_GENERAL = 0x00000554 -CKM_CAMELLIA_CBC_PAD = 0x00000555 -CKM_CAMELLIA_ECB_ENCRYPT_DATA = 0x00000556 -CKM_CAMELLIA_CBC_ENCRYPT_DATA = 0x00000557 -CKM_CAMELLIA_CTR = 0x00000558 -CKM_ARIA_KEY_GEN = 0x00000560 -CKM_ARIA_ECB = 0x00000561 -CKM_ARIA_CBC = 0x00000562 -CKM_ARIA_MAC = 0x00000563 -CKM_ARIA_MAC_GENERAL = 0x00000564 -CKM_ARIA_CBC_PAD = 0x00000565 -CKM_ARIA_ECB_ENCRYPT_DATA = 0x00000566 -CKM_ARIA_CBC_ENCRYPT_DATA = 0x00000567 -CKM_SEED_KEY_GEN = 0x00000650 -CKM_SEED_ECB = 0x00000651 -CKM_SEED_CBC = 0x00000652 -CKM_SEED_MAC = 0x00000653 -CKM_SEED_MAC_GENERAL = 0x00000654 -CKM_SEED_CBC_PAD = 0x00000655 -CKM_SEED_ECB_ENCRYPT_DATA = 0x00000656 -CKM_SEED_CBC_ENCRYPT_DATA = 0x00000657 -CKM_SKIPJACK_KEY_GEN = 0x00001000 -CKM_SKIPJACK_ECB64 = 0x00001001 -CKM_SKIPJACK_CBC64 = 0x00001002 -CKM_SKIPJACK_OFB64 = 0x00001003 -CKM_SKIPJACK_CFB64 = 0x00001004 -CKM_SKIPJACK_CFB32 = 0x00001005 -CKM_SKIPJACK_CFB16 = 0x00001006 -CKM_SKIPJACK_CFB8 = 0x00001007 -CKM_SKIPJACK_WRAP = 0x00001008 -CKM_SKIPJACK_PRIVATE_WRAP = 0x00001009 -CKM_SKIPJACK_RELAYX = 0x0000100a -CKM_KEA_KEY_PAIR_GEN = 0x00001010 -CKM_KEA_KEY_DERIVE = 0x00001011 -CKM_FORTEZZA_TIMESTAMP = 0x00001020 -CKM_BATON_KEY_GEN = 0x00001030 -CKM_BATON_ECB128 = 0x00001031 +CKM_MD2_HMAC = 0x00000201 +CKM_MD2_HMAC_GENERAL = 0x00000202 +CKM_MD5 = 0x00000210 +CKM_MD5_HMAC = 0x00000211 +CKM_MD5_HMAC_GENERAL = 0x00000212 +CKM_SHA_1 = 0x00000220 +CKM_SHA_1_HMAC = 0x00000221 +CKM_SHA_1_HMAC_GENERAL = 0x00000222 +CKM_RIPEMD128 = 0x00000230 +CKM_RIPEMD128_HMAC = 0x00000231 +CKM_RIPEMD128_HMAC_GENERAL = 0x00000232 +CKM_RIPEMD160 = 0x00000240 +CKM_RIPEMD160_HMAC = 0x00000241 +CKM_RIPEMD160_HMAC_GENERAL = 0x00000242 +CKM_SHA256 = 0x00000250 +CKM_SHA256_HMAC = 0x00000251 +CKM_SHA256_HMAC_GENERAL = 0x00000252 +CKM_SHA224 = 0x00000255 +CKM_SHA224_HMAC = 0x00000256 +CKM_SHA224_HMAC_GENERAL = 0x00000257 +CKM_SHA384 = 0x00000260 +CKM_SHA384_HMAC = 0x00000261 +CKM_SHA384_HMAC_GENERAL = 0x00000262 +CKM_SHA512 = 0x00000270 +CKM_SHA512_HMAC = 0x00000271 +CKM_SHA512_HMAC_GENERAL = 0x00000272 +CKM_SECURID_KEY_GEN = 0x00000280 +CKM_SECURID = 0x00000282 +CKM_HOTP_KEY_GEN = 0x00000290 +CKM_HOTP = 0x00000291 +CKM_ACTI = 0x000002A0 +CKM_ACTI_KEY_GEN = 0x000002A1 +CKM_CAST_KEY_GEN = 0x00000300 +CKM_CAST_ECB = 0x00000301 +CKM_CAST_CBC = 0x00000302 +CKM_CAST_MAC = 0x00000303 +CKM_CAST_MAC_GENERAL = 0x00000304 +CKM_CAST_CBC_PAD = 0x00000305 +CKM_CAST3_KEY_GEN = 0x00000310 +CKM_CAST3_ECB = 0x00000311 +CKM_CAST3_CBC = 0x00000312 +CKM_CAST3_MAC = 0x00000313 +CKM_CAST3_MAC_GENERAL = 0x00000314 +CKM_CAST3_CBC_PAD = 0x00000315 +CKM_CAST5_KEY_GEN = 0x00000320 +CKM_CAST128_KEY_GEN = 0x00000320 +CKM_CAST5_ECB = 0x00000321 +CKM_CAST128_ECB = 0x00000321 +CKM_CAST5_CBC = 0x00000322 +CKM_CAST128_CBC = 0x00000322 +CKM_CAST5_MAC = 0x00000323 +CKM_CAST128_MAC = 0x00000323 +CKM_CAST5_MAC_GENERAL = 0x00000324 +CKM_CAST128_MAC_GENERAL = 0x00000324 +CKM_CAST5_CBC_PAD = 0x00000325 +CKM_CAST128_CBC_PAD = 0x00000325 +CKM_RC5_KEY_GEN = 0x00000330 +CKM_RC5_ECB = 0x00000331 +CKM_RC5_CBC = 0x00000332 +CKM_RC5_MAC = 0x00000333 +CKM_RC5_MAC_GENERAL = 0x00000334 +CKM_RC5_CBC_PAD = 0x00000335 +CKM_IDEA_KEY_GEN = 0x00000340 +CKM_IDEA_ECB = 0x00000341 +CKM_IDEA_CBC = 0x00000342 +CKM_IDEA_MAC = 0x00000343 +CKM_IDEA_MAC_GENERAL = 0x00000344 +CKM_IDEA_CBC_PAD = 0x00000345 +CKM_GENERIC_SECRET_KEY_GEN = 0x00000350 +CKM_CONCATENATE_BASE_AND_KEY = 0x00000360 +CKM_CONCATENATE_BASE_AND_DATA = 0x00000362 +CKM_CONCATENATE_DATA_AND_BASE = 0x00000363 +CKM_XOR_BASE_AND_DATA = 0x00000364 +CKM_EXTRACT_KEY_FROM_KEY = 0x00000365 +CKM_SSL3_PRE_MASTER_KEY_GEN = 0x00000370 +CKM_SSL3_MASTER_KEY_DERIVE = 0x00000371 +CKM_SSL3_KEY_AND_MAC_DERIVE = 0x00000372 +CKM_SSL3_MASTER_KEY_DERIVE_DH = 0x00000373 +CKM_TLS_PRE_MASTER_KEY_GEN = 0x00000374 +CKM_TLS_MASTER_KEY_DERIVE = 0x00000375 +CKM_TLS_KEY_AND_MAC_DERIVE = 0x00000376 +CKM_TLS_MASTER_KEY_DERIVE_DH = 0x00000377 +CKM_TLS_PRF = 0x00000378 +CKM_SSL3_MD5_MAC = 0x00000380 +CKM_SSL3_SHA1_MAC = 0x00000381 +CKM_MD5_KEY_DERIVATION = 0x00000390 +CKM_MD2_KEY_DERIVATION = 0x00000391 +CKM_SHA1_KEY_DERIVATION = 0x00000392 +CKM_SHA256_KEY_DERIVATION = 0x00000393 +CKM_SHA384_KEY_DERIVATION = 0x00000394 +CKM_SHA512_KEY_DERIVATION = 0x00000395 +CKM_SHA224_KEY_DERIVATION = 0x00000396 +CKM_PBE_MD2_DES_CBC = 0x000003A0 +CKM_PBE_MD5_DES_CBC = 0x000003A1 +CKM_PBE_MD5_CAST_CBC = 0x000003A2 +CKM_PBE_MD5_CAST3_CBC = 0x000003A3 +CKM_PBE_MD5_CAST5_CBC = 0x000003A4 +CKM_PBE_MD5_CAST128_CBC = 0x000003A4 +CKM_PBE_SHA1_CAST5_CBC = 0x000003A5 +CKM_PBE_SHA1_CAST128_CBC = 0x000003A5 +CKM_PBE_SHA1_RC4_128 = 0x000003A6 +CKM_PBE_SHA1_RC4_40 = 0x000003A7 +CKM_PBE_SHA1_DES3_EDE_CBC = 0x000003A8 +CKM_PBE_SHA1_DES2_EDE_CBC = 0x000003A9 +CKM_PBE_SHA1_RC2_128_CBC = 0x000003AA +CKM_PBE_SHA1_RC2_40_CBC = 0x000003AB +CKM_PKCS5_PBKD2 = 0x000003B0 +CKM_PBA_SHA1_WITH_SHA1_HMAC = 0x000003C0 +CKM_WTLS_PRE_MASTER_KEY_GEN = 0x000003D0 +CKM_WTLS_MASTER_KEY_DERIVE = 0x000003D1 +CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC = 0x000003D2 +CKM_WTLS_PRF = 0x000003D3 +CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE = 0x000003D4 +CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE = 0x000003D5 +CKM_KEY_WRAP_LYNKS = 0x00000400 +CKM_KEY_WRAP_SET_OAEP = 0x00000401 +CKM_CMS_SIG = 0x00000500 +CKM_KIP_DERIVE = 0x00000510 +CKM_KIP_WRAP = 0x00000511 +CKM_KIP_MAC = 0x00000512 +CKM_CAMELLIA_KEY_GEN = 0x00000550 +CKM_CAMELLIA_ECB = 0x00000551 +CKM_CAMELLIA_CBC = 0x00000552 +CKM_CAMELLIA_MAC = 0x00000553 +CKM_CAMELLIA_MAC_GENERAL = 0x00000554 +CKM_CAMELLIA_CBC_PAD = 0x00000555 +CKM_CAMELLIA_ECB_ENCRYPT_DATA = 0x00000556 +CKM_CAMELLIA_CBC_ENCRYPT_DATA = 0x00000557 +CKM_CAMELLIA_CTR = 0x00000558 +CKM_ARIA_KEY_GEN = 0x00000560 +CKM_ARIA_ECB = 0x00000561 +CKM_ARIA_CBC = 0x00000562 +CKM_ARIA_MAC = 0x00000563 +CKM_ARIA_MAC_GENERAL = 0x00000564 +CKM_ARIA_CBC_PAD = 0x00000565 +CKM_ARIA_ECB_ENCRYPT_DATA = 0x00000566 +CKM_ARIA_CBC_ENCRYPT_DATA = 0x00000567 +CKM_SEED_KEY_GEN = 0x00000650 +CKM_SEED_ECB = 0x00000651 +CKM_SEED_CBC = 0x00000652 +CKM_SEED_MAC = 0x00000653 +CKM_SEED_MAC_GENERAL = 0x00000654 +CKM_SEED_CBC_PAD = 0x00000655 +CKM_SEED_ECB_ENCRYPT_DATA = 0x00000656 +CKM_SEED_CBC_ENCRYPT_DATA = 0x00000657 +CKM_SKIPJACK_KEY_GEN = 0x00001000 +CKM_SKIPJACK_ECB64 = 0x00001001 +CKM_SKIPJACK_CBC64 = 0x00001002 +CKM_SKIPJACK_OFB64 = 0x00001003 +CKM_SKIPJACK_CFB64 = 0x00001004 +CKM_SKIPJACK_CFB32 = 0x00001005 +CKM_SKIPJACK_CFB16 = 0x00001006 +CKM_SKIPJACK_CFB8 = 0x00001007 +CKM_SKIPJACK_WRAP = 0x00001008 +CKM_SKIPJACK_PRIVATE_WRAP = 0x00001009 +CKM_SKIPJACK_RELAYX = 0x0000100a +CKM_KEA_KEY_PAIR_GEN = 0x00001010 +CKM_KEA_KEY_DERIVE = 0x00001011 +CKM_FORTEZZA_TIMESTAMP = 0x00001020 +CKM_BATON_KEY_GEN = 0x00001030 +CKM_BATON_ECB128 = 0x00001031 CKM_BATON_ECB96 = 0x00001032 -CKM_BATON_CBC128 = 0x00001033 -CKM_BATON_COUNTER = 0x00001034 -CKM_BATON_SHUFFLE = 0x00001035 +CKM_BATON_CBC128 = 0x00001033 +CKM_BATON_COUNTER = 0x00001034 +CKM_BATON_SHUFFLE = 0x00001035 CKM_BATON_WRAP = 0x00001036 -CKM_ECDSA_KEY_PAIR_GEN = 0x00001040 -CKM_EC_KEY_PAIR_GEN = 0x00001040 -CKM_ECDSA = 0x00001041 -CKM_ECDSA_SHA1 = 0x00001042 -CKM_ECDSA_SHA224 = 0x00001043 -CKM_ECDSA_SHA256 = 0x00001044 -CKM_ECDSA_SHA384 = 0x00001045 -CKM_ECDSA_SHA512 = 0x00001046 -CKM_ECDH1_DERIVE = 0x00001050 -CKM_ECDH1_COFACTOR_DERIVE = 0x00001051 -CKM_ECMQV_DERIVE = 0x00001052 -CKM_JUNIPER_KEY_GEN = 0x00001060 -CKM_JUNIPER_ECB128 = 0x00001061 -CKM_JUNIPER_CBC128 = 0x00001062 -CKM_JUNIPER_COUNTER = 0x00001063 -CKM_JUNIPER_SHUFFLE = 0x00001064 -CKM_JUNIPER_WRAP = 0x00001065 -CKM_FASTHASH = 0x00001070 -CKM_AES_KEY_GEN = 0x00001080 -CKM_AES_ECB = 0x00001081 -CKM_AES_CBC = 0x00001082 -CKM_AES_MAC = 0x00001083 -CKM_AES_MAC_GENERAL = 0x00001084 -CKM_AES_CBC_PAD = 0x00001085 -CKM_AES_CTR = 0x00001086 -CKM_AES_CTS = 0x00001089 -CKM_AES_CMAC = 0x0000108A -CKM_AES_CMAC_GENERAL = 0x0000108B -CKM_BLOWFISH_KEY_GEN = 0x00001090 -CKM_BLOWFISH_CBC = 0x00001091 -CKM_TWOFISH_KEY_GEN = 0x00001092 -CKM_TWOFISH_CBC = 0x00001093 -CKM_AES_GCM = 0x00001087 -CKM_AES_CCM = 0x00001088 -CKM_AES_KEY_WRAP = 0x00001090 -CKM_AES_KEY_WRAP_PAD = 0x00001091 -CKM_BLOWFISH_CBC_PAD = 0x00001094 -CKM_TWOFISH_CBC_PAD = 0x00001095 -CKM_DES_ECB_ENCRYPT_DATA = 0x00001100 -CKM_DES_CBC_ENCRYPT_DATA = 0x00001101 -CKM_DES3_ECB_ENCRYPT_DATA = 0x00001102 -CKM_DES3_CBC_ENCRYPT_DATA = 0x00001103 -CKM_AES_ECB_ENCRYPT_DATA = 0x00001104 -CKM_AES_CBC_ENCRYPT_DATA = 0x00001105 -CKM_GOSTR3410_KEY_PAIR_GEN = 0x00001200 +CKM_ECDSA_KEY_PAIR_GEN = 0x00001040 +CKM_EC_KEY_PAIR_GEN = 0x00001040 +CKM_ECDSA = 0x00001041 +CKM_ECDSA_SHA1 = 0x00001042 +CKM_ECDSA_SHA224 = 0x00001043 +CKM_ECDSA_SHA256 = 0x00001044 +CKM_ECDSA_SHA384 = 0x00001045 +CKM_ECDSA_SHA512 = 0x00001046 +CKM_ECDH1_DERIVE = 0x00001050 +CKM_ECDH1_COFACTOR_DERIVE = 0x00001051 +CKM_ECMQV_DERIVE = 0x00001052 +CKM_JUNIPER_KEY_GEN = 0x00001060 +CKM_JUNIPER_ECB128 = 0x00001061 +CKM_JUNIPER_CBC128 = 0x00001062 +CKM_JUNIPER_COUNTER = 0x00001063 +CKM_JUNIPER_SHUFFLE = 0x00001064 +CKM_JUNIPER_WRAP = 0x00001065 +CKM_FASTHASH = 0x00001070 +CKM_AES_KEY_GEN = 0x00001080 +CKM_AES_ECB = 0x00001081 +CKM_AES_CBC = 0x00001082 +CKM_AES_MAC = 0x00001083 +CKM_AES_MAC_GENERAL = 0x00001084 +CKM_AES_CBC_PAD = 0x00001085 +CKM_AES_CTR = 0x00001086 +CKM_AES_CTS = 0x00001089 +CKM_AES_CMAC = 0x0000108A +CKM_AES_CMAC_GENERAL = 0x0000108B +CKM_BLOWFISH_KEY_GEN = 0x00001090 +CKM_BLOWFISH_CBC = 0x00001091 +CKM_TWOFISH_KEY_GEN = 0x00001092 +CKM_TWOFISH_CBC = 0x00001093 +CKM_AES_GCM = 0x00001087 +CKM_AES_CCM = 0x00001088 +CKM_AES_KEY_WRAP = 0x00001090 +CKM_AES_KEY_WRAP_PAD = 0x00001091 +CKM_BLOWFISH_CBC_PAD = 0x00001094 +CKM_TWOFISH_CBC_PAD = 0x00001095 +CKM_DES_ECB_ENCRYPT_DATA = 0x00001100 +CKM_DES_CBC_ENCRYPT_DATA = 0x00001101 +CKM_DES3_ECB_ENCRYPT_DATA = 0x00001102 +CKM_DES3_CBC_ENCRYPT_DATA = 0x00001103 +CKM_AES_ECB_ENCRYPT_DATA = 0x00001104 +CKM_AES_CBC_ENCRYPT_DATA = 0x00001105 +CKM_GOSTR3410_KEY_PAIR_GEN = 0x00001200 CKM_GOSTR3410 = 0x00001201 -CKM_GOSTR3410_WITH_GOSTR3411 = 0x00001202 -CKM_GOSTR3410_KEY_WRAP = 0x00001203 -CKM_GOSTR3410_DERIVE = 0x00001204 +CKM_GOSTR3410_WITH_GOSTR3411 = 0x00001202 +CKM_GOSTR3410_KEY_WRAP = 0x00001203 +CKM_GOSTR3410_DERIVE = 0x00001204 CKM_GOSTR3411 = 0x00001210 -CKM_GOSTR3411_HMAC = 0x00001211 -CKM_GOST28147_KEY_GEN = 0x00001220 -CKM_GOST28147_ECB = 0x00001221 -CKM_GOST28147 = 0x00001222 -CKM_GOST28147_MAC = 0x00001223 -CKM_GOST28147_KEY_WRAP = 0x00001224 -CKM_DSA_PARAMETER_GEN = 0x00002000 -CKM_DH_PKCS_PARAMETER_GEN = 0x00002001 -CKM_X9_42_DH_PARAMETER_GEN = 0x00002002 +CKM_GOSTR3411_HMAC = 0x00001211 +CKM_GOST28147_KEY_GEN = 0x00001220 +CKM_GOST28147_ECB = 0x00001221 +CKM_GOST28147 = 0x00001222 +CKM_GOST28147_MAC = 0x00001223 +CKM_GOST28147_KEY_WRAP = 0x00001224 +CKM_DSA_PARAMETER_GEN = 0x00002000 +CKM_DH_PKCS_PARAMETER_GEN = 0x00002001 +CKM_X9_42_DH_PARAMETER_GEN = 0x00002002 CKM_AES_OFB = 0x00002104 -CKM_AES_CFB64 = 0x00002105 -CKM_AES_CFB8 = 0x00002106 -CKM_AES_CFB128 = 0x00002107 -CKM_RSA_PKCS_TPM_1_1 = 0x00004001 -CKM_RSA_PKCS_OAEP_TPM_1_1 = 0x00004002 -CKM_VENDOR_DEFINED = 0x80000000 +CKM_AES_CFB64 = 0x00002105 +CKM_AES_CFB8 = 0x00002106 +CKM_AES_CFB128 = 0x00002107 +CKM_RSA_PKCS_TPM_1_1 = 0x00004001 +CKM_RSA_PKCS_OAEP_TPM_1_1 = 0x00004002 +CKM_VENDOR_DEFINED = 0x80000000 -CKF_HW = 0x00000001 -CKF_ENCRYPT = 0x00000100 -CKF_DECRYPT = 0x00000200 +CKF_HW = 0x00000001 +CKF_ENCRYPT = 0x00000100 +CKF_DECRYPT = 0x00000200 CKF_DIGEST = 0x00000400 CKF_SIGN = 0x00000800 -CKF_SIGN_RECOVER = 0x00001000 -CKF_VERIFY = 0x00002000 -CKF_VERIFY_RECOVER = 0x00004000 -CKF_GENERATE = 0x00008000 -CKF_GENERATE_KEY_PAIR = 0x00010000 -CKF_WRAP = 0x00020000 +CKF_SIGN_RECOVER = 0x00001000 +CKF_VERIFY = 0x00002000 +CKF_VERIFY_RECOVER = 0x00004000 +CKF_GENERATE = 0x00008000 +CKF_GENERATE_KEY_PAIR = 0x00010000 +CKF_WRAP = 0x00020000 CKF_UNWRAP = 0x00040000 -CKF_DERIVE = 0x00080000 -CKF_EC_F_P = 0x00100000 -CKF_EC_F_2M = 0x00200000 -CKF_EC_ECPARAMETERS = 0x00400000 -CKF_EC_NAMEDCURVE = 0x00800000 -CKF_EC_UNCOMPRESS = 0x01000000 -CKF_EC_COMPRESS = 0x02000000 -CKF_EXTENSION = 0x80000000 +CKF_DERIVE = 0x00080000 +CKF_EC_F_P = 0x00100000 +CKF_EC_F_2M = 0x00200000 +CKF_EC_ECPARAMETERS = 0x00400000 +CKF_EC_NAMEDCURVE = 0x00800000 +CKF_EC_UNCOMPRESS = 0x01000000 +CKF_EC_COMPRESS = 0x02000000 +CKF_EXTENSION = 0x80000000 -CKF_LIBRARY_CANT_CREATE_OS_THREADS = 0x00000001 -CKF_OS_LOCKING_OK = 0x00000002 +CKF_LIBRARY_CANT_CREATE_OS_THREADS = 0x00000001 +CKF_OS_LOCKING_OK = 0x00000002 CKF_DONT_BLOCK = 1 CKG_MGF1_SHA1 = 0x00000001 CKG_MGF1_SHA256 = 0x00000002 -CKG_MGF1_SHA384 = 0x00000003 -CKG_MGF1_SHA512 = 0x00000004 -CKG_MGF1_SHA224 = 0x00000005 +CKG_MGF1_SHA384 = 0x00000003 +CKG_MGF1_SHA512 = 0x00000004 +CKG_MGF1_SHA224 = 0x00000005 -CKZ_DATA_SPECIFIED = 0x00000001 +CKZ_DATA_SPECIFIED = 0x00000001 CKD_NULL = 0x00000001 -CKD_SHA1_KDF = 0x00000002 +CKD_SHA1_KDF = 0x00000002 -CKD_SHA1_KDF_ASN1 = 0x00000003 -CKD_SHA1_KDF_CONCATENATE = 0x00000004 -CKD_SHA224_KDF = 0x00000005 -CKD_SHA256_KDF = 0x00000006 -CKD_SHA384_KDF = 0x00000007 -CKD_SHA512_KDF = 0x00000008 -CKD_CPDIVERSIFY_KDF = 0x00000009 +CKD_SHA1_KDF_ASN1 = 0x00000003 +CKD_SHA1_KDF_CONCATENATE = 0x00000004 +CKD_SHA224_KDF = 0x00000005 +CKD_SHA256_KDF = 0x00000006 +CKD_SHA384_KDF = 0x00000007 +CKD_SHA512_KDF = 0x00000008 +CKD_CPDIVERSIFY_KDF = 0x00000009 CK_OTP_VALUE = 0 CK_OTP_PIN = 1 -CK_OTP_CHALLENGE = 2 +CK_OTP_CHALLENGE = 2 CK_OTP_TIME = 3 CK_OTP_COUNTER = 4 -CK_OTP_FLAGS = 5 -CK_OTP_OUTPUT_LENGTH = 6 -CK_OTP_OUTPUT_FORMAT = 7 +CK_OTP_FLAGS = 5 +CK_OTP_OUTPUT_LENGTH = 6 +CK_OTP_OUTPUT_FORMAT = 7 -CKF_NEXT_OTP = 0x00000001 -CKF_EXCLUDE_TIME = 0x00000002 -CKF_EXCLUDE_COUNTER = 0x00000004 -CKF_EXCLUDE_CHALLENGE = 0x00000008 -CKF_EXCLUDE_PIN = 0x00000010 -CKF_USER_FRIENDLY_OTP = 0x00000020 +CKF_NEXT_OTP = 0x00000001 +CKF_EXCLUDE_TIME = 0x00000002 +CKF_EXCLUDE_COUNTER = 0x00000004 +CKF_EXCLUDE_CHALLENGE = 0x00000008 +CKF_EXCLUDE_PIN = 0x00000010 +CKF_USER_FRIENDLY_OTP = 0x00000020 diff --git a/cryptech/py11/exceptions.py b/cryptech/py11/exceptions.py index 9512cda..7cfbe3f 100644 --- a/cryptech/py11/exceptions.py +++ b/cryptech/py11/exceptions.py @@ -18,116 +18,116 @@ # warranty of any kind. class CKR_Exception(Exception): - """ - Base class for PKCS #11 exceptions. - """ + """ + Base class for PKCS #11 exceptions. + """ - ckr_code = None - ckr_map = {} + ckr_code = None + ckr_map = {} - def __int__(self): - return self.ckr_code + def __int__(self): + return self.ckr_code - @classmethod - def raise_on_failure(cls, rv, func, *args): - if rv != CKR_OK: - raise cls.ckr_map[rv] + @classmethod + def raise_on_failure(cls, rv, func, *args): + if rv != CKR_OK: + raise cls.ckr_map[rv] CKR_OK = 0x00000000 -class CKR_CANCEL (CKR_Exception): ckr_code = 0x00000001 -class CKR_HOST_MEMORY (CKR_Exception): ckr_code = 0x00000002 -class CKR_SLOT_ID_INVALI (CKR_Exception): ckr_code = 0x00000003 -class CKR_GENERAL_ERROR (CKR_Exception): ckr_code = 0x00000005 -class CKR_FUNCTION_FAILED (CKR_Exception): ckr_code = 0x00000006 +class CKR_CANCEL (CKR_Exception): ckr_code = 0x00000001 +class CKR_HOST_MEMORY (CKR_Exception): ckr_code = 0x00000002 +class CKR_SLOT_ID_INVALI (CKR_Exception): ckr_code = 0x00000003 +class CKR_GENERAL_ERROR (CKR_Exception): ckr_code = 0x00000005 +class CKR_FUNCTION_FAILED (CKR_Exception): ckr_code = 0x00000006 class CKR_ARGUMENTS_BAD (CKR_Exception): ckr_code = 0x00000007 -class CKR_NO_EVENT (CKR_Exception): ckr_code = 0x00000008 -class CKR_NEED_TO_CREATE_THREADS (CKR_Exception): ckr_code = 0x00000009 -class CKR_CANT_LOCK (CKR_Exception): ckr_code = 0x0000000A -class CKR_ATTRIBUTE_READ_ONLY (CKR_Exception): ckr_code = 0x00000010 -class CKR_ATTRIBUTE_SENSITIVE (CKR_Exception): ckr_code = 0x00000011 -class CKR_ATTRIBUTE_TYPE_INVALID (CKR_Exception): ckr_code = 0x00000012 -class CKR_ATTRIBUTE_VALUE_INVALID (CKR_Exception): ckr_code = 0x00000013 -class CKR_DATA_INVALID (CKR_Exception): ckr_code = 0x00000020 -class CKR_DATA_LEN_RANGE (CKR_Exception): ckr_code = 0x00000021 -class CKR_DEVICE_ERROR (CKR_Exception): ckr_code = 0x00000030 -class CKR_DEVICE_MEMORY (CKR_Exception): ckr_code = 0x00000031 -class CKR_DEVICE_REMOVED (CKR_Exception): ckr_code = 0x00000032 -class CKR_ENCRYPTED_DATA_INVALID (CKR_Exception): ckr_code = 0x00000040 -class CKR_ENCRYPTED_DATA_LEN_RANGE (CKR_Exception): ckr_code = 0x00000041 -class CKR_FUNCTION_CANCELED (CKR_Exception): ckr_code = 0x00000050 -class CKR_FUNCTION_NOT_PARALLEL (CKR_Exception): ckr_code = 0x00000051 -class CKR_FUNCTION_NOT_SUPPORTED (CKR_Exception): ckr_code = 0x00000054 -class CKR_KEY_HANDLE_INVALID (CKR_Exception): ckr_code = 0x00000060 -class CKR_KEY_SIZE_RANGE (CKR_Exception): ckr_code = 0x00000062 -class CKR_KEY_TYPE_INCONSISTENT (CKR_Exception): ckr_code = 0x00000063 -class CKR_KEY_NOT_NEEDED (CKR_Exception): ckr_code = 0x00000064 -class CKR_KEY_CHANGED (CKR_Exception): ckr_code = 0x00000065 -class CKR_KEY_NEEDED (CKR_Exception): ckr_code = 0x00000066 -class CKR_KEY_INDIGESTIBLE (CKR_Exception): ckr_code = 0x00000067 -class CKR_KEY_FUNCTION_NOT_PERMITTED (CKR_Exception): ckr_code = 0x00000068 -class CKR_KEY_NOT_WRAPPABLE (CKR_Exception): ckr_code = 0x00000069 -class CKR_KEY_UNEXTRACTABLE (CKR_Exception): ckr_code = 0x0000006A -class CKR_MECHANISM_INVALID (CKR_Exception): ckr_code = 0x00000070 -class CKR_MECHANISM_PARAM_INVALID (CKR_Exception): ckr_code = 0x00000071 -class CKR_OBJECT_HANDLE_INVALID (CKR_Exception): ckr_code = 0x00000082 -class CKR_OPERATION_ACTIVE (CKR_Exception): ckr_code = 0x00000090 -class CKR_OPERATION_NOT_INITIALIZED (CKR_Exception): ckr_code = 0x00000091 -class CKR_PIN_INCORRECT (CKR_Exception): ckr_code = 0x000000A0 -class CKR_PIN_INVALID (CKR_Exception): ckr_code = 0x000000A1 -class CKR_PIN_LEN_RANGE (CKR_Exception): ckr_code = 0x000000A2 -class CKR_PIN_EXPIRED (CKR_Exception): ckr_code = 0x000000A3 -class CKR_PIN_LOCKED (CKR_Exception): ckr_code = 0x000000A4 -class CKR_SESSION_CLOSED (CKR_Exception): ckr_code = 0x000000B0 -class CKR_SESSION_COUNT (CKR_Exception): ckr_code = 0x000000B1 -class CKR_SESSION_HANDLE_INVALID (CKR_Exception): ckr_code = 0x000000B3 -class CKR_SESSION_PARALLEL_NOT_SUPPORTED (CKR_Exception): ckr_code = 0x000000B4 -class CKR_SESSION_READ_ONLY (CKR_Exception): ckr_code = 0x000000B5 -class CKR_SESSION_EXISTS (CKR_Exception): ckr_code = 0x000000B6 -class CKR_SESSION_READ_ONLY_EXISTS (CKR_Exception): ckr_code = 0x000000B7 -class CKR_SESSION_READ_WRITE_SO_EXISTS (CKR_Exception): ckr_code = 0x000000B8 -class CKR_SIGNATURE_INVALID (CKR_Exception): ckr_code = 0x000000C0 -class CKR_SIGNATURE_LEN_RANGE (CKR_Exception): ckr_code = 0x000000C1 -class CKR_TEMPLATE_INCOMPLETE (CKR_Exception): ckr_code = 0x000000D0 -class CKR_TEMPLATE_INCONSISTENT (CKR_Exception): ckr_code = 0x000000D1 -class CKR_TOKEN_NOT_PRESENT (CKR_Exception): ckr_code = 0x000000E0 -class CKR_TOKEN_NOT_RECOGNIZED (CKR_Exception): ckr_code = 0x000000E1 -class CKR_TOKEN_WRITE_PROTECTED (CKR_Exception): ckr_code = 0x000000E2 -class CKR_UNWRAPPING_KEY_HANDLE_INVALID (CKR_Exception): ckr_code = 0x000000F0 -class CKR_UNWRAPPING_KEY_SIZE_RANGE (CKR_Exception): ckr_code = 0x000000F1 -class CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (CKR_Exception): ckr_code = 0x000000F2 -class CKR_USER_ALREADY_LOGGED_IN (CKR_Exception): ckr_code = 0x00000100 -class CKR_USER_NOT_LOGGED_IN (CKR_Exception): ckr_code = 0x00000101 -class CKR_USER_PIN_NOT_INITIALIZED (CKR_Exception): ckr_code = 0x00000102 -class CKR_USER_TYPE_INVALID (CKR_Exception): ckr_code = 0x00000103 -class CKR_USER_ANOTHER_ALREADY_LOGGED_IN (CKR_Exception): ckr_code = 0x00000104 -class CKR_USER_TOO_MANY_TYPES (CKR_Exception): ckr_code = 0x00000105 -class CKR_WRAPPED_KEY_INVALID (CKR_Exception): ckr_code = 0x00000110 -class CKR_WRAPPED_KEY_LEN_RANGE (CKR_Exception): ckr_code = 0x00000112 -class CKR_WRAPPING_KEY_HANDLE_INVALID (CKR_Exception): ckr_code = 0x00000113 -class CKR_WRAPPING_KEY_SIZE_RANGE (CKR_Exception): ckr_code = 0x00000114 -class CKR_WRAPPING_KEY_TYPE_INCONSISTENT (CKR_Exception): ckr_code = 0x00000115 -class CKR_RANDOM_SEED_NOT_SUPPORTED (CKR_Exception): ckr_code = 0x00000120 -class CKR_RANDOM_NO_RNG (CKR_Exception): ckr_code = 0x00000121 -class CKR_DOMAIN_PARAMS_INVALID (CKR_Exception): ckr_code = 0x00000130 -class CKR_BUFFER_TOO_SMALL (CKR_Exception): ckr_code = 0x00000150 -class CKR_SAVED_STATE_INVALID (CKR_Exception): ckr_code = 0x00000160 -class CKR_INFORMATION_SENSITIVE (CKR_Exception): ckr_code = 0x00000170 -class CKR_STATE_UNSAVEABLE (CKR_Exception): ckr_code = 0x00000180 -class CKR_CRYPTOKI_NOT_INITIALIZED (CKR_Exception): ckr_code = 0x00000190 -class CKR_CRYPTOKI_ALREADY_INITIALIZED (CKR_Exception): ckr_code = 0x00000191 -class CKR_MUTEX_BAD (CKR_Exception): ckr_code = 0x000001A0 -class CKR_MUTEX_NOT_LOCKED (CKR_Exception): ckr_code = 0x000001A1 -class CKR_NEW_PIN_MODE (CKR_Exception): ckr_code = 0x000001B0 -class CKR_NEXT_OTP (CKR_Exception): ckr_code = 0x000001B1 -class CKR_EXCEEDED_MAX_ITERATIONS (CKR_Exception): ckr_code = 0x000001B5 -class CKR_FIPS_SELF_TEST_FAILED (CKR_Exception): ckr_code = 0x000001B6 -class CKR_LIBRARY_LOAD_FAILED (CKR_Exception): ckr_code = 0x000001B7 -class CKR_PIN_TOO_WEAK (CKR_Exception): ckr_code = 0x000001B8 -class CKR_PUBLIC_KEY_INVALID (CKR_Exception): ckr_code = 0x000001B9 -class CKR_FUNCTION_REJECTED (CKR_Exception): ckr_code = 0x00000200 -class CKR_VENDOR_DEFINED (CKR_Exception): ckr_code = 0x80000000 +class CKR_NO_EVENT (CKR_Exception): ckr_code = 0x00000008 +class CKR_NEED_TO_CREATE_THREADS (CKR_Exception): ckr_code = 0x00000009 +class CKR_CANT_LOCK (CKR_Exception): ckr_code = 0x0000000A +class CKR_ATTRIBUTE_READ_ONLY (CKR_Exception): ckr_code = 0x00000010 +class CKR_ATTRIBUTE_SENSITIVE (CKR_Exception): ckr_code = 0x00000011 +class CKR_ATTRIBUTE_TYPE_INVALID (CKR_Exception): ckr_code = 0x00000012 +class CKR_ATTRIBUTE_VALUE_INVALID (CKR_Exception): ckr_code = 0x00000013 +class CKR_DATA_INVALID (CKR_Exception): ckr_code = 0x00000020 +class CKR_DATA_LEN_RANGE (CKR_Exception): ckr_code = 0x00000021 +class CKR_DEVICE_ERROR (CKR_Exception): ckr_code = 0x00000030 +class CKR_DEVICE_MEMORY (CKR_Exception): ckr_code = 0x00000031 +class CKR_DEVICE_REMOVED (CKR_Exception): ckr_code = 0x00000032 +class CKR_ENCRYPTED_DATA_INVALID (CKR_Exception): ckr_code = 0x00000040 +class CKR_ENCRYPTED_DATA_LEN_RANGE (CKR_Exception): ckr_code = 0x00000041 +class CKR_FUNCTION_CANCELED (CKR_Exception): ckr_code = 0x00000050 +class CKR_FUNCTION_NOT_PARALLEL (CKR_Exception): ckr_code = 0x00000051 +class CKR_FUNCTION_NOT_SUPPORTED (CKR_Exception): ckr_code = 0x00000054 +class CKR_KEY_HANDLE_INVALID (CKR_Exception): ckr_code = 0x00000060 +class CKR_KEY_SIZE_RANGE (CKR_Exception): ckr_code = 0x00000062 +class CKR_KEY_TYPE_INCONSISTENT (CKR_Exception): ckr_code = 0x00000063 +class CKR_KEY_NOT_NEEDED (CKR_Exception): ckr_code = 0x00000064 +class CKR_KEY_CHANGED (CKR_Exception): ckr_code = 0x00000065 +class CKR_KEY_NEEDED (CKR_Exception): ckr_code = 0x00000066 +class CKR_KEY_INDIGESTIBLE (CKR_Exception): ckr_code = 0x00000067 +class CKR_KEY_FUNCTION_NOT_PERMITTED (CKR_Exception): ckr_code = 0x00000068 +class CKR_KEY_NOT_WRAPPABLE (CKR_Exception): ckr_code = 0x00000069 +class CKR_KEY_UNEXTRACTABLE (CKR_Exception): ckr_code = 0x0000006A +class CKR_MECHANISM_INVALID (CKR_Exception): ckr_code = 0x00000070 +class CKR_MECHANISM_PARAM_INVALID (CKR_Exception): ckr_code = 0x00000071 +class CKR_OBJECT_HANDLE_INVALID (CKR_Exception): ckr_code = 0x00000082 +class CKR_OPERATION_ACTIVE (CKR_Exception): ckr_code = 0x00000090 +class CKR_OPERATION_NOT_INITIALIZED (CKR_Exception): ckr_code = 0x00000091 +class CKR_PIN_INCORRECT (CKR_Exception): ckr_code = 0x000000A0 +class CKR_PIN_INVALID (CKR_Exception): ckr_code = 0x000000A1 +class CKR_PIN_LEN_RANGE (CKR_Exception): ckr_code = 0x000000A2 +class CKR_PIN_EXPIRED (CKR_Exception): ckr_code = 0x000000A3 +class CKR_PIN_LOCKED (CKR_Exception): ckr_code = 0x000000A4 +class CKR_SESSION_CLOSED (CKR_Exception): ckr_code = 0x000000B0 +class CKR_SESSION_COUNT (CKR_Exception): ckr_code = 0x000000B1 +class CKR_SESSION_HANDLE_INVALID (CKR_Exception): ckr_code = 0x000000B3 +class CKR_SESSION_PARALLEL_NOT_SUPPORTED (CKR_Exception): ckr_code = 0x000000B4 +class CKR_SESSION_READ_ONLY (CKR_Exception): ckr_code = 0x000000B5 +class CKR_SESSION_EXISTS (CKR_Exception): ckr_code = 0x000000B6 +class CKR_SESSION_READ_ONLY_EXISTS (CKR_Exception): ckr_code = 0x000000B7 +class CKR_SESSION_READ_WRITE_SO_EXISTS (CKR_Exception): ckr_code = 0x000000B8 +class CKR_SIGNATURE_INVALID (CKR_Exception): ckr_code = 0x000000C0 +class CKR_SIGNATURE_LEN_RANGE (CKR_Exception): ckr_code = 0x000000C1 +class CKR_TEMPLATE_INCOMPLETE (CKR_Exception): ckr_code = 0x000000D0 +class CKR_TEMPLATE_INCONSISTENT (CKR_Exception): ckr_code = 0x000000D1 +class CKR_TOKEN_NOT_PRESENT (CKR_Exception): ckr_code = 0x000000E0 +class CKR_TOKEN_NOT_RECOGNIZED (CKR_Exception): ckr_code = 0x000000E1 +class CKR_TOKEN_WRITE_PROTECTED (CKR_Exception): ckr_code = 0x000000E2 +class CKR_UNWRAPPING_KEY_HANDLE_INVALID (CKR_Exception): ckr_code = 0x000000F0 +class CKR_UNWRAPPING_KEY_SIZE_RANGE (CKR_Exception): ckr_code = 0x000000F1 +class CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (CKR_Exception): ckr_code = 0x000000F2 +class CKR_USER_ALREADY_LOGGED_IN (CKR_Exception): ckr_code = 0x00000100 +class CKR_USER_NOT_LOGGED_IN (CKR_Exception): ckr_code = 0x00000101 +class CKR_USER_PIN_NOT_INITIALIZED (CKR_Exception): ckr_code = 0x00000102 +class CKR_USER_TYPE_INVALID (CKR_Exception): ckr_code = 0x00000103 +class CKR_USER_ANOTHER_ALREADY_LOGGED_IN (CKR_Exception): ckr_code = 0x00000104 +class CKR_USER_TOO_MANY_TYPES (CKR_Exception): ckr_code = 0x00000105 +class CKR_WRAPPED_KEY_INVALID (CKR_Exception): ckr_code = 0x00000110 +class CKR_WRAPPED_KEY_LEN_RANGE (CKR_Exception): ckr_code = 0x00000112 +class CKR_WRAPPING_KEY_HANDLE_INVALID (CKR_Exception): ckr_code = 0x00000113 +class CKR_WRAPPING_KEY_SIZE_RANGE (CKR_Exception): ckr_code = 0x00000114 +class CKR_WRAPPING_KEY_TYPE_INCONSISTENT (CKR_Exception): ckr_code = 0x00000115 +class CKR_RANDOM_SEED_NOT_SUPPORTED (CKR_Exception): ckr_code = 0x00000120 +class CKR_RANDOM_NO_RNG (CKR_Exception): ckr_code = 0x00000121 +class CKR_DOMAIN_PARAMS_INVALID (CKR_Exception): ckr_code = 0x00000130 +class CKR_BUFFER_TOO_SMALL (CKR_Exception): ckr_code = 0x00000150 +class CKR_SAVED_STATE_INVALID (CKR_Exception): ckr_code = 0x00000160 +class CKR_INFORMATION_SENSITIVE (CKR_Exception): ckr_code = 0x00000170 +class CKR_STATE_UNSAVEABLE (CKR_Exception): ckr_code = 0x00000180 +class CKR_CRYPTOKI_NOT_INITIALIZED (CKR_Exception): ckr_code = 0x00000190 +class CKR_CRYPTOKI_ALREADY_INITIALIZED (CKR_Exception): ckr_code = 0x00000191 +class CKR_MUTEX_BAD (CKR_Exception): ckr_code = 0x000001A0 +class CKR_MUTEX_NOT_LOCKED (CKR_Exception): ckr_code = 0x000001A1 +class CKR_NEW_PIN_MODE (CKR_Exception): ckr_code = 0x000001B0 +class CKR_NEXT_OTP (CKR_Exception): ckr_code = 0x000001B1 +class CKR_EXCEEDED_MAX_ITERATIONS (CKR_Exception): ckr_code = 0x000001B5 +class CKR_FIPS_SELF_TEST_FAILED (CKR_Exception): ckr_code = 0x000001B6 +class CKR_LIBRARY_LOAD_FAILED (CKR_Exception): ckr_code = 0x000001B7 +class CKR_PIN_TOO_WEAK (CKR_Exception): ckr_code = 0x000001B8 +class CKR_PUBLIC_KEY_INVALID (CKR_Exception): ckr_code = 0x000001B9 +class CKR_FUNCTION_REJECTED (CKR_Exception): ckr_code = 0x00000200 +class CKR_VENDOR_DEFINED (CKR_Exception): ckr_code = 0x80000000 -for e in globals().values(): - if isinstance(e, type) and issubclass(e, CKR_Exception) and e is not CKR_Exception: - CKR_Exception.ckr_map[e.ckr_code] = e +for e in list(globals().values()): + if isinstance(e, type) and issubclass(e, CKR_Exception) and e is not CKR_Exception: + CKR_Exception.ckr_map[e.ckr_code] = e diff --git a/cryptech/py11/types.py b/cryptech/py11/types.py index 91e2d8b..b5dc1e0 100644 --- a/cryptech/py11/types.py +++ b/cryptech/py11/types.py @@ -84,18 +84,18 @@ class CK_TOKEN_INFO (Structure): ("model", CK_UTF8CHAR * 16), ("serialNumber", CK_CHAR * 16), ("flags", CK_FLAGS), - ("ulMaxSessionCount", CK_ULONG), - ("ulSessionCount", CK_ULONG), - ("ulMaxRwSessionCount", CK_ULONG), - ("ulRwSessionCount", CK_ULONG), + ("ulMaxSessionCount", CK_ULONG), + ("ulSessionCount", CK_ULONG), + ("ulMaxRwSessionCount", CK_ULONG), + ("ulRwSessionCount", CK_ULONG), ("ulMaxPinLen", CK_ULONG), ("ulMinPinLen", CK_ULONG), - ("ulTotalPublicMemory", CK_ULONG), - ("ulFreePublicMemory", CK_ULONG), + ("ulTotalPublicMemory", CK_ULONG), + ("ulFreePublicMemory", CK_ULONG), ("ulTotalPrivateMemory",CK_ULONG), - ("ulFreePrivateMemory", CK_ULONG), - ("hardwareVersion", CK_VERSION), - ("firmwareVersion", CK_VERSION), + ("ulFreePrivateMemory", CK_ULONG), + ("hardwareVersion", CK_VERSION), + ("firmwareVersion", CK_VERSION), ("utcTime", CK_CHAR * 16)] CK_TOKEN_INFO_PTR = POINTER(CK_TOKEN_INFO) diff --git a/unit_tests.py b/unit_tests.py index 186daa9..512d648 100644 --- a/unit_tests.py +++ b/unit_tests.py @@ -23,6 +23,10 @@ try: except ImportError: pycrypto_loaded = False +try: + long +except NameError: + long = int def log(msg): if not args.quiet: @@ -138,7 +142,7 @@ class TestDevice(TestCase): "Test C_GetTokenInfo()" token_info = p11.C_GetTokenInfo(args.slot) self.assertIsInstance(token_info, CK_TOKEN_INFO) - self.assertEqual(token_info.label.rstrip(), "Cryptech Token") + self.assertEqual(token_info.label.rstrip(), b"Cryptech Token") def test_sessions_serial(self): "Test C_OpenSession() for useful (serial) cases" @@ -180,7 +184,7 @@ class TestDevice(TestCase): session = p11.C_OpenSession(args.slot) n = 17 random = p11.C_GenerateRandom(session, n) - self.assertIsInstance(random, str) + self.assertIsInstance(random, bytes) self.assertEqual(len(random), n) def test_findObjects_operation_state(self): @@ -189,7 +193,7 @@ class TestDevice(TestCase): with self.assertRaises(CKR_OPERATION_NOT_INITIALIZED): for handle in p11.C_FindObjects(session): - self.assertIsInstance(handle, (int, int)) + self.assertIsInstance(handle, (int, long)) with self.assertRaises(CKR_OPERATION_NOT_INITIALIZED): p11.C_FindObjectsFinal(session) @@ -200,7 +204,7 @@ class TestDevice(TestCase): p11.C_FindObjectsInit(session, CKA_CLASS = CKO_PRIVATE_KEY) for handle in p11.C_FindObjects(session): - self.assertIsInstance(handle, (int, int)) + self.assertIsInstance(handle, (int, long)) p11.C_FindObjectsFinal(session) @@ -247,36 +251,36 @@ class TestKeys(TestCase): self.assertIsKeypair( p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN, CKA_TOKEN = False, - CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256, + CKA_ID = b"EC-P256", CKA_EC_PARAMS = self.oid_p256, CKA_SIGN = True, CKA_VERIFY = True)) self.assertIsKeypair( p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN, CKA_TOKEN = True, - CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256, + CKA_ID = b"EC-P256", CKA_EC_PARAMS = self.oid_p256, CKA_SIGN = True, CKA_VERIFY = True)) self.assertIsKeypair( p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN, public_CKA_TOKEN = False, private_CKA_TOKEN = True, - CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256, + CKA_ID = b"EC-P256", CKA_EC_PARAMS = self.oid_p256, CKA_SIGN = True, CKA_VERIFY = True)) self.assertIsKeypair( p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN, public_CKA_TOKEN = True, private_CKA_TOKEN = False, - CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256, + CKA_ID = b"EC-P256", CKA_EC_PARAMS = self.oid_p256, CKA_SIGN = True, CKA_VERIFY = True)) def test_gen_sign_verify_ecdsa_p256_sha256(self): "Generate/sign/verify with ECDSA-P256-SHA-256" public_key, private_key = p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN, - CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256, + CKA_ID = b"EC-P256", CKA_EC_PARAMS = self.oid_p256, CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True) self.assertIsKeypair(public_key, private_key) - hamster = "Your mother was a hamster" + hamster = b"Your mother was a hamster" p11.C_SignInit(self.session, CKM_ECDSA_SHA256, private_key) sig = p11.C_Sign(self.session, hamster) - self.assertIsInstance(sig, str) + self.assertIsInstance(sig, bytes) p11.C_VerifyInit(self.session, CKM_ECDSA_SHA256, public_key) p11.C_Verify(self.session, hamster, sig) @@ -284,13 +288,13 @@ class TestKeys(TestCase): "Generate/sign/verify with ECDSA-P384-SHA-384" #if not args.all_tests: self.skipTest("SHA-384 not available in current build") public_key, private_key = p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN, - CKA_ID = "EC-P384", CKA_EC_PARAMS = self.oid_p384, + CKA_ID = b"EC-P384", CKA_EC_PARAMS = self.oid_p384, CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True) self.assertIsKeypair(public_key, private_key) - hamster = "Your mother was a hamster" + hamster = b"Your mother was a hamster" p11.C_SignInit(self.session, CKM_ECDSA_SHA384, private_key) sig = p11.C_Sign(self.session, hamster) - self.assertIsInstance(sig, str) + self.assertIsInstance(sig, bytes) p11.C_VerifyInit(self.session, CKM_ECDSA_SHA384, public_key) p11.C_Verify(self.session, hamster, sig) @@ -298,13 +302,13 @@ class TestKeys(TestCase): "Generate/sign/verify with ECDSA-P521-SHA-512" #if not args.all_tests: self.skipTest("SHA-512 not available in current build") public_key, private_key = p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN, - CKA_ID = "EC-P521", CKA_EC_PARAMS = self.oid_p521, + CKA_ID = b"EC-P521", CKA_EC_PARAMS = self.oid_p521, CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True) self.assertIsKeypair(public_key, private_key) - hamster = "Your mother was a hamster" + hamster = b"Your mother was a hamster" p11.C_SignInit(self.session, CKM_ECDSA_SHA512, private_key) sig = p11.C_Sign(self.session, hamster) - self.assertIsInstance(sig, str) + self.assertIsInstance(sig, bytes) p11.C_VerifyInit(self.session, CKM_ECDSA_SHA512, public_key) p11.C_Verify(self.session, hamster, sig) @@ -313,12 +317,12 @@ class TestKeys(TestCase): "RSA 1024-bit generate/sign/verify test" public_key, private_key = p11.C_GenerateKeyPair( self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1024, - CKA_ID = "RSA-1024", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True) + CKA_ID = b"RSA-1024", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True) self.assertIsKeypair(public_key, private_key) - hamster = "Your mother was a hamster" + hamster = b"Your mother was a hamster" p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key) sig = p11.C_Sign(self.session, hamster) - self.assertIsInstance(sig, str) + self.assertIsInstance(sig, bytes) p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key) p11.C_Verify(self.session, hamster, sig) @@ -327,24 +331,24 @@ class TestKeys(TestCase): #if not args.all_tests: self.skipTest("RSA key generation is still painfully slow") public_key, private_key = p11.C_GenerateKeyPair( self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 2048, - CKA_ID = "RSA-2048", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True) + CKA_ID = b"RSA-2048", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True) self.assertIsKeypair(public_key, private_key) - hamster = "Your mother was a hamster" + hamster = b"Your mother was a hamster" p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key) sig = p11.C_Sign(self.session, hamster) - self.assertIsInstance(sig, str) + self.assertIsInstance(sig, bytes) p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key) p11.C_Verify(self.session, hamster, sig) @staticmethod def _build_ecpoint(x, y): - bytes_per_coordinate = (max(x.bit_length(), y.bit_length()) + 15) / 16 + bytes_per_coordinate = (max(x.bit_length(), y.bit_length()) + 15) // 16 value = b"\x04" + binascii.unhexlify("{0:0{2}x}{1:0{2}x}".format(x, y, bytes_per_coordinate)) if len(value) < 128: - length = struct.pack("U", len(value)) + length = struct.pack("B", len(value)) else: n = len(value).bit_length() - length = struct.pack("U", (n + 7) / 8) + binascii.unhexlify("{0:0{1}x}".format(len(value), (n + 15) / 16))) + length = struct.pack("B", (n + 7) // 8) + binascii.unhexlify("{0:0{1}x}".format(len(value), (n + 15) // 16)) tag = b"\x04" return tag + length + value @@ -359,8 +363,8 @@ class TestKeys(TestCase): session = self.session, CKA_CLASS = CKO_PUBLIC_KEY, CKA_KEY_TYPE = CKK_EC, - CKA_LABEL = "EC-P-256 test case from \"Suite B Implementer's Guide to FIPS 186-3\"", - CKA_ID = "EC-P-256", + CKA_LABEL = b"EC-P-256 test case from \"Suite B Implementer's Guide to FIPS 186-3\"", + CKA_ID = b"EC-P-256", CKA_VERIFY = True, CKA_EC_POINT = Q, CKA_EC_PARAMS = self.oid_p256) @@ -379,8 +383,8 @@ class TestKeys(TestCase): session = self.session, CKA_CLASS = CKO_PUBLIC_KEY, CKA_KEY_TYPE = CKK_EC, - CKA_LABEL = "EC-P-384 test case from \"Suite B Implementer's Guide to FIPS 186-3\"", - CKA_ID = "EC-P-384", + CKA_LABEL = b"EC-P-384 test case from \"Suite B Implementer's Guide to FIPS 186-3\"", + CKA_ID = b"EC-P-384", CKA_VERIFY = True, CKA_EC_POINT = Q, CKA_EC_PARAMS = self.oid_p384) @@ -392,13 +396,13 @@ class TestKeys(TestCase): "Generate/sign/verify/destroy/reload/verify with ECDSA-P256-SHA-256" public_key, private_key = p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN, public_CKA_TOKEN = False, private_CKA_TOKEN = True, - CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256, + CKA_ID = b"EC-P256", CKA_EC_PARAMS = self.oid_p256, CKA_SIGN = True, CKA_VERIFY = True) self.assertIsKeypair(public_key, private_key) - hamster = "Your mother was a hamster" + hamster = b"Your mother was a hamster" p11.C_SignInit(self.session, CKM_ECDSA_SHA256, private_key) sig = p11.C_Sign(self.session, hamster) - self.assertIsInstance(sig, str) + self.assertIsInstance(sig, bytes) p11.C_VerifyInit(self.session, CKM_ECDSA_SHA256, public_key) p11.C_Verify(self.session, hamster, sig) @@ -419,7 +423,7 @@ class TestKeys(TestCase): def _extract_rsa_public_key(self, handle): a = p11.C_GetAttributeValue(self.session, handle, CKA_MODULUS, CKA_PUBLIC_EXPONENT) - return RSA.construct((a[CKA_MODULUS], a[CKA_PUBLIC_EXPONENT])) + return RSA.construct((long(a[CKA_MODULUS]), long(a[CKA_PUBLIC_EXPONENT]))) def assertRawRSASignatureMatches(self, handle, plain, sig): pubkey = self._extract_rsa_public_key(handle) @@ -433,11 +437,11 @@ class TestKeys(TestCase): tralala = b"tralala-en-hopsasa" public_key, private_key = p11.C_GenerateKeyPair( self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1024, - CKA_ID = "RSA-1024", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True) + CKA_ID = b"RSA-1024", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True) self.assertIsKeypair(public_key, private_key) p11.C_SignInit(self.session, CKM_RSA_PKCS, private_key) sig = p11.C_Sign(self.session, tralala) - self.assertIsInstance(sig, str) + self.assertIsInstance(sig, bytes) self.assertRawRSASignatureMatches(public_key, tralala, sig) p11.C_VerifyInit(self.session, CKM_RSA_PKCS, public_key) p11.C_Verify(self.session, tralala, sig) @@ -449,11 +453,11 @@ class TestKeys(TestCase): tralala = b"tralala-en-hopsasa" public_key, private_key = p11.C_GenerateKeyPair( self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 3416, - CKA_ID = "RSA-3416", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True) + CKA_ID = b"RSA-3416", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True) self.assertIsKeypair(public_key, private_key) p11.C_SignInit(self.session, CKM_RSA_PKCS, private_key) sig = p11.C_Sign(self.session, tralala) - self.assertIsInstance(sig, str) + self.assertIsInstance(sig, bytes) self.assertRawRSASignatureMatches(public_key, tralala, sig) p11.C_VerifyInit(self.session, CKM_RSA_PKCS, public_key) p11.C_Verify(self.session, tralala, sig) @@ -484,22 +488,22 @@ class TestKeys(TestCase): @unittest.skipUnless(pycrypto_loaded, "requires PyCrypto") def test_load_sign_verify_rsa_1024(self): "Load/sign/verify with RSA-1024-SHA-512 and externally-supplied key" - public_key, private_key = self._load_rsa_keypair(rsa_1024_pem, "RSA-1024") - hamster = "Your mother was a hamster" + public_key, private_key = self._load_rsa_keypair(rsa_1024_pem, b"RSA-1024") + hamster = b"Your mother was a hamster" p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key) sig = p11.C_Sign(self.session, hamster) - self.assertIsInstance(sig, str) + self.assertIsInstance(sig, bytes) p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key) p11.C_Verify(self.session, hamster, sig) @unittest.skipUnless(pycrypto_loaded, "requires PyCrypto") def test_load_sign_verify_rsa_2048(self): "Load/sign/verify with RSA-2048-SHA-512 and externally-supplied key" - public_key, private_key = self._load_rsa_keypair(rsa_2048_pem, "RSA-2048") - hamster = "Your mother was a hamster" + public_key, private_key = self._load_rsa_keypair(rsa_2048_pem, b"RSA-2048") + hamster = b"Your mother was a hamster" p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key) sig = p11.C_Sign(self.session, hamster) - self.assertIsInstance(sig, str) + self.assertIsInstance(sig, bytes) p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key) p11.C_Verify(self.session, hamster, sig) @@ -508,11 +512,11 @@ class TestKeys(TestCase): "Load/sign/verify with RSA-3416-SHA-512 and externally-supplied key" if not args.all_tests: self.skipTest("Key length not a multiple of 32, so expected to fail (fairly quickly)") - public_key, private_key = self._load_rsa_keypair(rsa_3416_pem, "RSA-3416") - hamster = "Your mother was a hamster" + public_key, private_key = self._load_rsa_keypair(rsa_3416_pem, b"RSA-3416") + hamster = b"Your mother was a hamster" p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key) sig = p11.C_Sign(self.session, hamster) - self.assertIsInstance(sig, str) + self.assertIsInstance(sig, bytes) p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key) p11.C_Verify(self.session, hamster, sig) @@ -522,12 +526,12 @@ class TestKeys(TestCase): self.skipTest("Key length not a multiple of 32, so expected to fail (very slowly)") public_key, private_key = p11.C_GenerateKeyPair( self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 3416, - CKA_ID = "RSA-3416", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True) + CKA_ID = b"RSA-3416", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True) self.assertIsKeypair(public_key, private_key) - hamster = "Your mother was a hamster" + hamster = b"Your mother was a hamster" p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key) sig = p11.C_Sign(self.session, hamster) - self.assertIsInstance(sig, str) + self.assertIsInstance(sig, bytes) p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key) p11.C_Verify(self.session, hamster, sig) @@ -536,26 +540,26 @@ class TestKeys(TestCase): with self.assertRaises(CKR_ATTRIBUTE_VALUE_INVALID): p11.C_GenerateKeyPair( self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1028, - CKA_ID = "RSA-1028", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True) + CKA_ID = b"RSA-1028", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True) def test_gen_sign_verify_rsa_1032(self): "Generate/sign/verify with RSA-1032-SHA-512 (sic)" public_key, private_key = p11.C_GenerateKeyPair( self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1032, - CKA_ID = "RSA-1032", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True) + CKA_ID = b"RSA-1032", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True) self.assertIsKeypair(public_key, private_key) - hamster = "Your mother was a hamster" + hamster = b"Your mother was a hamster" p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key) sig = p11.C_Sign(self.session, hamster) - self.assertIsInstance(sig, str) + self.assertIsInstance(sig, bytes) p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key) p11.C_Verify(self.session, hamster, sig) @unittest.skipUnless(pycrypto_loaded, "requires PyCrypto") def test_load_sign_verify_rsa_1024_with_rpki_data(self): "Load/sign/verify with RSA-1024-SHA-256, externally-supplied key" - public_key, private_key = self._load_rsa_keypair(rsa_1024_pem, "RSA-1024") - tbs = ''' + public_key, private_key = self._load_rsa_keypair(rsa_1024_pem, b"RSA-1024") + tbs = b''' 31 6B 30 1A 06 09 2A 86 48 86 F7 0D 01 09 03 31 0D 06 0B 2A 86 48 86 F7 0D 01 09 10 01 1A 30 1C 06 09 2A 86 48 86 F7 0D 01 09 05 31 0F 17 0D 31 @@ -564,11 +568,11 @@ class TestKeys(TestCase): 0F 1F 86 AF 45 25 4D 8F E1 1F C9 EA B3 83 4A 41 17 C1 42 B7 43 AD 51 5E F5 A2 F8 E3 25 ''' - tbs = binascii.unhexlify("".join(tbs.split())) + tbs = binascii.unhexlify(b"".join(tbs.split())) p11.C_SignInit(self.session, CKM_SHA256_RSA_PKCS, private_key) p11.C_SignUpdate(self.session, tbs) sig = p11.C_SignFinal(self.session) - self.assertIsInstance(sig, str) + self.assertIsInstance(sig, bytes) p11.C_VerifyInit(self.session, CKM_SHA256_RSA_PKCS, public_key) p11.C_Verify(self.session, tbs, sig) verifier = PKCS1_v1_5.new(RSA.importKey(rsa_1024_pem)) @@ -583,14 +587,14 @@ class TestKeys(TestCase): def _find_objects(self, chunk_size = 10, template = None, **kwargs): p11.C_FindObjectsInit(self.session, template, **kwargs) for handle in p11.C_FindObjects(self.session, chunk_size): - self.assertIsInstance(handle, (int, int)) + self.assertIsInstance(handle, (int, long)) p11.C_FindObjectsFinal(self.session) @unittest.skipUnless(pycrypto_loaded, "requires PyCrypto") def test_findObjects(self): - self._load_rsa_keypair(rsa_1024_pem, "RSA-1024") - self._load_rsa_keypair(rsa_2048_pem, "RSA-2048") - self._load_rsa_keypair(rsa_3416_pem, "RSA-3416") + self._load_rsa_keypair(rsa_1024_pem, b"RSA-1024") + self._load_rsa_keypair(rsa_2048_pem, b"RSA-2048") + self._load_rsa_keypair(rsa_3416_pem, b"RSA-3416") self._find_objects(chunk_size = 1, CKA_CLASS = CKO_PUBLIC_KEY) self._find_objects(chunk_size = 1, CKA_CLASS = CKO_PRIVATE_KEY) self._find_objects(chunk_size = 10, CKA_CLASS = CKO_PUBLIC_KEY) |