diff options
author | Rob Austein <sra@hactrn.net> | 2015-09-12 00:40:01 -0400 |
---|---|---|
committer | Rob Austein <sra@hactrn.net> | 2015-09-12 00:40:01 -0400 |
commit | d4dd9a8becf0c8f28479f0e48cc7f6708f786ee4 (patch) | |
tree | fdf0aa499feba5f9ade16392001c092ed350923e | |
parent | 85ae5390f4511f0bfe4b56179d5583a4997d504d (diff) |
Add attribute database based on attributes.yaml.
Simplify prototype definitions and move them to separate module.
-rw-r--r-- | py11/__init__.py | 134 | ||||
-rw-r--r-- | py11/attributes.py | 105 | ||||
-rw-r--r-- | py11/prototypes.py | 85 |
3 files changed, 203 insertions, 121 deletions
diff --git a/py11/__init__.py b/py11/__init__.py index 7acb7aa..b67ce8a 100644 --- a/py11/__init__.py +++ b/py11/__init__.py @@ -6,120 +6,23 @@ from ctypes import * from .exceptions import * from .types import * from .constants import * +from .attributes import * +from .prototypes import * -# Prototypes for the PKCS #11 public functions. -# -# We don't bother implementing C_GetFunctionList(), because it would -# be extremely tedious and it's not all that useful to us in Python. -# Instead, we emulate its behavior in the PKCS11 class. - -PKCS11_Prototypes = ( - ("C_Initialize", [CK_VOID_PTR]), - ("C_Finalize", [CK_VOID_PTR]), - ("C_GetInfo", [CK_INFO_PTR]), -# ("C_GetFunctionList", [CK_FUNCTION_LIST_PTR_PTR]), - ("C_GetSlotList", [CK_BBOOL, CK_SLOT_ID_PTR, CK_ULONG_PTR]), - ("C_GetSlotInfo", [CK_SLOT_ID, CK_SLOT_INFO_PTR]), - ("C_GetTokenInfo", [CK_SLOT_ID, CK_TOKEN_INFO_PTR]), - ("C_GetMechanismList", [CK_SLOT_ID, CK_MECHANISM_TYPE_PTR, CK_ULONG_PTR]), - ("C_GetMechanismInfo", [CK_SLOT_ID, CK_MECHANISM_TYPE, CK_MECHANISM_INFO_PTR]), - ("C_InitToken", [CK_SLOT_ID, CK_UTF8CHAR_PTR, CK_ULONG, CK_UTF8CHAR_PTR]), - ("C_InitPIN", [CK_SESSION_HANDLE, CK_UTF8CHAR_PTR, CK_ULONG]), - ("C_SetPIN", [CK_SESSION_HANDLE, CK_UTF8CHAR_PTR, CK_ULONG, CK_UTF8CHAR_PTR, CK_ULONG]), - ("C_OpenSession", [CK_SLOT_ID, CK_FLAGS, CK_VOID_PTR, CK_NOTIFY, CK_SESSION_HANDLE_PTR]), - ("C_CloseSession", [CK_SESSION_HANDLE]), - ("C_CloseAllSessions", [CK_SLOT_ID]), - ("C_GetSessionInfo", [CK_SESSION_HANDLE, CK_SESSION_INFO_PTR]), - ("C_GetOperationState", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR]), - ("C_SetOperationState", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_OBJECT_HANDLE, CK_OBJECT_HANDLE]), - ("C_Login", [CK_SESSION_HANDLE, CK_USER_TYPE, CK_UTF8CHAR_PTR, CK_ULONG]), - ("C_Logout", [CK_SESSION_HANDLE]), - ("C_CreateObject", [CK_SESSION_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG, CK_OBJECT_HANDLE_PTR]), - ("C_CopyObject", [CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG, CK_OBJECT_HANDLE_PTR]), - ("C_DestroyObject", [CK_SESSION_HANDLE, CK_OBJECT_HANDLE]), - ("C_GetObjectSize", [CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ULONG_PTR]), - ("C_GetAttributeValue", [CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG]), - ("C_SetAttributeValue", [CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG]), - ("C_FindObjectsInit", [CK_SESSION_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG]), - ("C_FindObjects", [CK_SESSION_HANDLE, CK_OBJECT_HANDLE_PTR, CK_ULONG, CK_ULONG_PTR]), - ("C_FindObjectsFinal", [CK_SESSION_HANDLE]), - ("C_EncryptInit", [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE]), - ("C_Encrypt", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]), - ("C_EncryptUpdate", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]), - ("C_EncryptFinal", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR]), - ("C_DecryptInit", [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE]), - ("C_Decrypt", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]), - ("C_DecryptUpdate", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]), - ("C_DecryptFinal", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR]), - ("C_DigestInit", [CK_SESSION_HANDLE, CK_MECHANISM_PTR]), - ("C_Digest", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]), - ("C_DigestUpdate", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG]), - ("C_DigestKey", [CK_SESSION_HANDLE, CK_OBJECT_HANDLE]), - ("C_DigestFinal", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR]), - ("C_SignInit", [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE]), - ("C_Sign", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]), - ("C_SignUpdate", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG]), - ("C_SignFinal", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR]), - ("C_SignRecoverInit", [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE]), - ("C_SignRecover", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]), - ("C_VerifyInit", [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE]), - ("C_Verify", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG]), - ("C_VerifyUpdate", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG]), - ("C_VerifyFinal", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG]), - ("C_VerifyRecoverInit", [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE]), - ("C_VerifyRecover", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]), - ("C_DigestEncryptUpdate", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]), - ("C_DecryptDigestUpdate", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]), - ("C_SignEncryptUpdate", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]), - ("C_DecryptVerifyUpdate", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]), - ("C_GenerateKey", [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_ATTRIBUTE_PTR, CK_ULONG, CK_OBJECT_HANDLE_PTR]), - ("C_GenerateKeyPair", [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_ATTRIBUTE_PTR, CK_ULONG, - CK_ATTRIBUTE_PTR, CK_ULONG, CK_OBJECT_HANDLE_PTR, CK_OBJECT_HANDLE_PTR]), - ("C_WrapKey", [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE, CK_OBJECT_HANDLE, - CK_BYTE_PTR, CK_ULONG_PTR]), - ("C_UnwrapKey", [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE, CK_BYTE_PTR, CK_ULONG, - CK_ATTRIBUTE_PTR, CK_ULONG, CK_OBJECT_HANDLE_PTR]), - ("C_DeriveKey", [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG, - CK_OBJECT_HANDLE_PTR]), - ("C_SeedRandom", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG]), - ("C_GenerateRandom", [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG]), - ("C_GetFunctionStatus", [CK_SESSION_HANDLE]), - ("C_CancelFunction", [CK_SESSION_HANDLE]), - ("C_WaitForSlotEvent", [CK_FLAGS, CK_SLOT_ID_PTR, CK_VOID_PTR])) - - -# Need to convert attributes between a sane Pythonic representation -# and something ctypes can handle. Pythoninc representation would be -# an iteraable of two element sequences, or perhaps a dict. - -def attributes_to_ctypes(dict_or_iterable): - if isinstance(dict_or_iterable, dict): - dict_or_iterable = dict_or_iterable.iteritems() - items = tuple(dict_or_iterable) - a = (CK_ATTRIBUTE * len(items))() - for i, kv in enumerate(items): - k, v = kv - if isinstance(v, bool): - v = pack("B", int(v)) - elif isinstance(v, (int, long)): - v = pack("L", v) - a[i].type = k - a[i].pValue = create_string_buffer(v) - a[i].ulValueLen = len(v) - return a class PKCS11 (object): - def __init__(self, so_name = "libpkcs11.so"): + def __init__(self, so_name = "libpkcs11.so", attributes_initializer = "attributes.yaml"): self.so_name = so_name self.so = CDLL(so_name) def raise_on_failure(rv): if rv != CKR_OK: raise CKR_Exception.ckr_map[rv] - for name, args in PKCS11_Prototypes: + for name, args in Prototypes.iteritems(): func = getattr(self.so, name) func.restype = raise_on_failure func.argtypes = args + self.adb = AttributeDB(attributes_initializer) def __getattr__(self, name): return getattr(self.so, name) @@ -164,41 +67,30 @@ class PKCS11 (object): self.so.C_Login(session, user, pin, len(pin)) def C_GetAttributeValue(self, session_handle, object_handle, attributes): - if not isinstance(attributes, (list, tuple)): - attributes = tuple(attributes) - if not all(isinstance(a, (int, long)) for a in attributes): - raise TypeError - template = (CK_ATTRIBUTE * len(attributes))() - for i in xrange(len(attributes)): - template[i].type = attributes[i] - template[i].pValue = None - template[i].ulValueLen = 0 + template = self.adb.getvalue_create_template(attributes) self.so.C_GetAttributeValue(session_handle, object_handle, template, len(template)) - for t in template: - t.pValue = create_string_buffer(t.ulValueLen) + self.adb.getvalue_allocate_template(template) self.so.C_GetAttributeValue(session_handle, object_handle, template, len(template)) - return dict((t.type, t.pValue[:t.ulValueLen]) for t in template) + return self.adb.from_ctypes(template) def C_FindObjectsInit(self, session, template): if template: - self.so.C_FindObjectsInit(session, attributes_to_ctypes(template), len(template)) + self.so.C_FindObjectsInit(session, self.adb.to_ctypes(template), len(template)) else: self.so.C_FindObjectsInit(session, None, 0) def C_FindObjects(self, session, chunk_size = 10): objects = (CK_OBJECT_HANDLE * chunk_size)() - count = CK_ULONG() - while True: + count = CK_ULONG(1) + while count.value > 0: self.so.C_FindObjects(session, objects, len(objects), byref(count)) for i in xrange(count.value): yield objects[i] - if count.value == 0: - break def C_GenerateKeyPair(self, session, mechanism_type, public_template, private_template): mechanism = CK_MECHANISM(mechanism_type, None, 0) - public_template = attributes_to_ctypes(public_template) - private_template = attributes_to_ctypes(private_template) + public_template = self.adb.to_ctypes(public_template) + private_template = self.adb.to_ctypes(private_template) public_handle = CK_OBJECT_HANDLE() private_handle = CK_OBJECT_HANDLE() self.so.C_GenerateKeyPair(session, byref(mechanism), diff --git a/py11/attributes.py b/py11/attributes.py new file mode 100644 index 0000000..00af79c --- /dev/null +++ b/py11/attributes.py @@ -0,0 +1,105 @@ +# An attempt at a Python interface to PKCS 11 using the scary ctypes +# module from the Python standard library. + +from struct import pack, unpack +from ctypes import * +from .types import * +from .constants import * + +class Attribute(object): + + @classmethod + def new(cls, attribute_name, type_name): + from . import constants + from . import types + assert attribute_name.startswith("CKA_") + attribute_number = getattr(constants, attribute_name) + type_class = getattr(types, type_name, str) + if type_class is CK_BBOOL: + cls = Attribute_CK_BBOOL + elif type_class is CK_ULONG: + cls = Attribute_CK_ULONG + elif type_name == "biginteger": + cls = Attribute_biginteger + return cls(attribute_name, attribute_number, type_name, type_class) + + def __init__(self, attribute_name, attribute_number, type_name, type_class): + assert attribute_name.startswith("CKA_") + self.name = attribute_name + self.code = attribute_number + self.type_name = type_name + self.type_class = type_class + + def encode(self, x): return x + def decode(self, x): return x + +class Attribute_CK_BBOOL(Attribute): + def encode(self, x): return chr(int(x)) + def decode(self, x): return bool(ord(x)) + +class Attribute_CK_ULONG(Attribute): + def encode(self, x): return pack("L", x) + def decode(self, x): return unpack("L", x)[0] + +class Attribute_biginteger(Attribute): + def encode(self, x): return ("%*x" % (((x.bit_length() + 7) / 8) * 2, x)).decode("hex") + def decode(self, x): return long(x.encode("hex"), 16) + + +class AttributeDB(object): + + def __init__(self, initializer = None): + self.db = {} + if isinstance(initializer, str): + initializer = self.parse_yaml(initializer) + for attribute_name, type_name in initializer: + a = Attribute.new(attribute_name, type_name) + self.db[a.name] = a + self.db[a.code] = a + + @staticmethod + def parse_yaml(yaml_filename): + from yaml import safe_load + with open(yaml_filename) as f: + for y in safe_load(f): + for k, v in y.iteritems(): + if k.startswith("CKA_") and "type" in v: + yield k, v["type"] + + def encode(self, k, v): + return self.db[k].encode(v) if k in self.db else v + + def decode(self, k, v): + return self.db[k].decode(v) if k in self.db else v + + def getvalue_create_template(self, attributes): + attributes = tuple(self.db[a].code for a in attributes) + template = (CK_ATTRIBUTE * len(attributes))() + for i in xrange(len(attributes)): + template[i].type = attributes[i] + template[i].pValue = None + template[i].ulValueLen = 0 + return template + + def getvalue_allocate_template(self, template): + for t in template: + t.pValue = create_string_buffer(t.ulValueLen) + + def from_ctypes(self, template): + return dict((t.type, self.decode(t.type, t.pValue[:t.ulValueLen])) + for t in template) + + def to_ctypes(self, attributes): + attributes = tuple(attributes.iteritems() + if isinstance(attributes, dict) else + attributes) + template = (CK_ATTRIBUTE * len(attributes))() + for i, kv in enumerate(attributes): + k, v = kv + if k in self.db: + a = self.db[k] + k, v = a.code, a.encode(v) + template[i].type = k + template[i].pValue = create_string_buffer(v) + template[i].ulValueLen = len(v) + return template diff --git a/py11/prototypes.py b/py11/prototypes.py new file mode 100644 index 0000000..7951515 --- /dev/null +++ b/py11/prototypes.py @@ -0,0 +1,85 @@ +# An attempt at a Python interface to PKCS 11 using the scary ctypes +# module from the Python standard library. + +from ctypes import * +from .types import * + +# Prototypes for the PKCS #11 public functions. +# +# We don't bother implementing C_GetFunctionList(), because it would +# be extremely tedious and it's not all that useful to us in Python. +# Instead, we emulate its behavior in the PKCS11 class. + +Prototypes = dict( + C_Initialize = [CK_VOID_PTR], + C_Finalize = [CK_VOID_PTR], + C_GetInfo = [CK_INFO_PTR], +# C_GetFunctionList = [CK_FUNCTION_LIST_PTR_PTR], + C_GetSlotList = [CK_BBOOL, CK_SLOT_ID_PTR, CK_ULONG_PTR], + C_GetSlotInfo = [CK_SLOT_ID, CK_SLOT_INFO_PTR], + C_GetTokenInfo = [CK_SLOT_ID, CK_TOKEN_INFO_PTR], + C_GetMechanismList = [CK_SLOT_ID, CK_MECHANISM_TYPE_PTR, CK_ULONG_PTR], + C_GetMechanismInfo = [CK_SLOT_ID, CK_MECHANISM_TYPE, CK_MECHANISM_INFO_PTR], + C_InitToken = [CK_SLOT_ID, CK_UTF8CHAR_PTR, CK_ULONG, CK_UTF8CHAR_PTR], + C_InitPIN = [CK_SESSION_HANDLE, CK_UTF8CHAR_PTR, CK_ULONG], + C_SetPIN = [CK_SESSION_HANDLE, CK_UTF8CHAR_PTR, CK_ULONG, CK_UTF8CHAR_PTR, CK_ULONG], + C_OpenSession = [CK_SLOT_ID, CK_FLAGS, CK_VOID_PTR, CK_NOTIFY, CK_SESSION_HANDLE_PTR], + C_CloseSession = [CK_SESSION_HANDLE], + C_CloseAllSessions = [CK_SLOT_ID], + C_GetSessionInfo = [CK_SESSION_HANDLE, CK_SESSION_INFO_PTR], + C_GetOperationState = [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR], + C_SetOperationState = [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_OBJECT_HANDLE, CK_OBJECT_HANDLE], + C_Login = [CK_SESSION_HANDLE, CK_USER_TYPE, CK_UTF8CHAR_PTR, CK_ULONG], + C_Logout = [CK_SESSION_HANDLE], + C_CreateObject = [CK_SESSION_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG, CK_OBJECT_HANDLE_PTR], + C_CopyObject = [CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG, CK_OBJECT_HANDLE_PTR], + C_DestroyObject = [CK_SESSION_HANDLE, CK_OBJECT_HANDLE], + C_GetObjectSize = [CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ULONG_PTR], + C_GetAttributeValue = [CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG], + C_SetAttributeValue = [CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG], + C_FindObjectsInit = [CK_SESSION_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG], + C_FindObjects = [CK_SESSION_HANDLE, CK_OBJECT_HANDLE_PTR, CK_ULONG, CK_ULONG_PTR], + C_FindObjectsFinal = [CK_SESSION_HANDLE], + C_EncryptInit = [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE], + C_Encrypt = [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR], + C_EncryptUpdate = [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR], + C_EncryptFinal = [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR], + C_DecryptInit = [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE], + C_Decrypt = [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR], + C_DecryptUpdate = [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR], + C_DecryptFinal = [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR], + C_DigestInit = [CK_SESSION_HANDLE, CK_MECHANISM_PTR], + C_Digest = [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR], + C_DigestUpdate = [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG], + C_DigestKey = [CK_SESSION_HANDLE, CK_OBJECT_HANDLE], + C_DigestFinal = [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR], + C_SignInit = [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE], + C_Sign = [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR], + C_SignUpdate = [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG], + C_SignFinal = [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR], + C_SignRecoverInit = [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE], + C_SignRecover = [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR], + C_VerifyInit = [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE], + C_Verify = [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG], + C_VerifyUpdate = [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG], + C_VerifyFinal = [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG], + C_VerifyRecoverInit = [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE], + C_VerifyRecover = [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR], + C_DigestEncryptUpdate = [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR], + C_DecryptDigestUpdate = [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR], + C_SignEncryptUpdate = [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR], + C_DecryptVerifyUpdate = [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR], + C_GenerateKey = [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_ATTRIBUTE_PTR, CK_ULONG, CK_OBJECT_HANDLE_PTR], + C_GenerateKeyPair = [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_ATTRIBUTE_PTR, CK_ULONG, + CK_ATTRIBUTE_PTR, CK_ULONG, CK_OBJECT_HANDLE_PTR, CK_OBJECT_HANDLE_PTR], + C_WrapKey = [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE, CK_OBJECT_HANDLE, + CK_BYTE_PTR, CK_ULONG_PTR], + C_UnwrapKey = [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE, CK_BYTE_PTR, CK_ULONG, + CK_ATTRIBUTE_PTR, CK_ULONG, CK_OBJECT_HANDLE_PTR], + C_DeriveKey = [CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG, + CK_OBJECT_HANDLE_PTR], + C_SeedRandom = [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG], + C_GenerateRandom = [CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG], + C_GetFunctionStatus = [CK_SESSION_HANDLE], + C_CancelFunction = [CK_SESSION_HANDLE], + C_WaitForSlotEvent = [CK_FLAGS, CK_SLOT_ID_PTR, CK_VOID_PTR]) |