aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--cryptech/py11/__init__.py533
-rw-r--r--cryptech/py11/attributes.py8
-rw-r--r--cryptech/py11/constants.py1048
-rw-r--r--cryptech/py11/exceptions.py210
-rw-r--r--cryptech/py11/types.py18
-rw-r--r--unit_tests.py128
6 files changed, 975 insertions, 970 deletions
diff --git a/cryptech/py11/__init__.py b/cryptech/py11/__init__.py
index 740ecb6..0c794ff 100644
--- a/cryptech/py11/__init__.py
+++ b/cryptech/py11/__init__.py
@@ -23,272 +23,273 @@ else:
class PKCS11 (object):
- """
- PKCS #11 API object, encapsulating the PKCS #11 library itself.
- Sample usage:
-
- from cryptech.py11 import *
-
- p11 = PKCS11()
- p11.C_Initialize()
- session = p11.C_OpenSession()
- p11.C_login(session, CK_USER, "secret")
- p11.C_FindObjectsInit(session, {CKA_CLASS: CKO_PRIVATE_KEY, CKA_KEY_TYPE: CKK_EC, CKA_ID: foo})
- keys = list(p11.C_FindObjects(session))
- p11.C_FindObjectsFinal(session)
- if len(keys) != 1:
- raise RuntimeError
- p11.C_SignInit(session, CK_ECDSA_SHA256, keys[0])
- sig = p11.Sign(session, "Your mother was a hamster")
- p11.C_CloseAllSessions(slot)
- p11.C_Finalize()
-
- The full raw PKCS #11 API is available via the .so attribute, but
- using this can be tricky, both because it requires strict adherence
- to the C API and because one needs to be careful not to run afoul of
- the Python garbage collector.
-
- The example above uses a set of interface routines built on top of the
- raw PKCS #11 API, which map the API into something a bit more Pythonic.
- """
-
- # Whether to use C_GetFunctionList() instead of dynamic link symbols.
- use_C_GetFunctionList = False
-
- def __init__(self, so_name = default_so_name):
- self.so_name = so_name
- self.so = CDLL(so_name)
- self.d = type("Dispatch", (object,), {})()
- for name, args in Prototypes:
- try:
- func = getattr(self.so, name)
- except AttributeError:
- self.use_C_GetFunctionList = True
- else:
- func.restype = CK_RV
- func.argtypes = args
- func.errcheck = CKR_Exception.raise_on_failure
- setattr(self.d, name, func)
- if self.use_C_GetFunctionList:
- functions = CK_FUNCTION_LIST_PTR()
- self.so.C_GetFunctionList(byref(functions))
- for name, args in Prototypes:
- func = getattr(functions.contents, name)
- func.errcheck = CKR_Exception.raise_on_failure
- setattr(self.d, name, func)
- self.adb = AttributeDB()
-
- def __getattr__(self, name):
- try:
- return getattr(self.d, name)
- except AttributeError:
- return getattr(self.so, name)
-
- def C_GetFunctionList(self):
- return self
-
- @property
- def version(self):
- info = CK_INFO()
- self.d.C_GetInfo(byref(info))
- return info.cryptokiVersion
-
- # Be very careful if you try to provide your own locking functions.
- # For most purposes, if you really just want locking, you're best
- # off specifying CKF_OS_LOCKING_OK and letting the C code deal with
- # it. The one case where you might want to provide your own locking
- # is when writing tests to verify behavior of the locking code.
- #
- # We have to stash references to the callback functions passed to
- # C_Initialize() to avoid dumping core when the garbage collector
- # deletes the function pointer instances out from under the C code.
-
- def C_Initialize(self, flags = 0, create_mutex = None, destroy_mutex = None, lock_mutex = None, unlock_mutex = None):
- if flags == 0 and create_mutex is None and destroy_mutex is None and lock_mutex is None and unlock_mutex is None:
- self._C_Initialize_args = None
- self.d.C_Initialize(None)
- else:
- create_mutex = CK_CREATEMUTEX() if create_mutex is None else CK_CREATEMUTEX(create_mutex)
- destroy_mutex = CK_DESTROYMUTEX() if destroy_mutex is None else CK_DESTROYMUTEX(destroy_mutex)
- lock_mutex = CK_LOCKMUTEX() if lock_mutex is None else CK_LOCKMUTEX(lock_mutex)
- unlock_mutex = CK_UNLOCKMUTEX() if unlock_mutex is None else CK_UNLOCKMUTEX(unlock_mutex)
- self._C_Initialize_args = CK_C_INITIALIZE_ARGS(create_mutex, destroy_mutex,
- lock_mutex, unlock_mutex, flags, None)
- self.d.C_Initialize(cast(byref(self._C_Initialize_args), CK_VOID_PTR))
-
- def C_Finalize(self):
- self.d.C_Finalize(None)
- self._C_Initialize_args = None
-
- def C_GetSlotList(self):
- count = CK_ULONG()
- self.d.C_GetSlotList(CK_TRUE, None, byref(count))
- slots = (CK_SLOT_ID * count.value)()
- self.d.C_GetSlotList(CK_TRUE, slots, byref(count))
- return tuple(slots[i] for i in range(count.value))
-
- def C_GetTokenInfo(self, slot_id):
- token_info = CK_TOKEN_INFO()
- self.d.C_GetTokenInfo(slot_id, byref(token_info))
- return token_info
-
- def C_OpenSession(self, slot, flags = CKF_RW_SESSION, application = None, notify = CK_NOTIFY()):
- flags |= CKF_SERIAL_SESSION
- handle = CK_SESSION_HANDLE()
- self.d.C_OpenSession(slot, flags, application, notify, byref(handle))
- return handle.value
-
- def C_GenerateRandom(self, session, n):
- buffer = create_string_buffer(n)
- self.d.C_GenerateRandom(session, buffer, sizeof(buffer))
- return buffer.raw
-
- def C_Login(self, session, user, pin):
- self.d.C_Login(session, user, pin, len(pin))
-
- def C_GetAttributeValue(self, session_handle, object_handle, *attributes):
- if len(attributes) == 1 and isinstance(attributes[0], (list, tuple)):
- attributes = attributes[0]
- template = self.adb.getvalue_create_template(attributes)
- self.d.C_GetAttributeValue(session_handle, object_handle, template, len(template))
- self.adb.getvalue_allocate_template(template)
- self.d.C_GetAttributeValue(session_handle, object_handle, template, len(template))
- return self.adb.from_ctypes(template)
-
- def C_FindObjectsInit(self, session, template = None, **kwargs):
- if kwargs:
- assert not template
- template = kwargs
- if template:
- self.d.C_FindObjectsInit(session, self.adb.to_ctypes(template), len(template))
- else:
- self.d.C_FindObjectsInit(session, None, 0)
-
- def C_FindObjects(self, session, chunk_size = 10):
- objects = (CK_OBJECT_HANDLE * chunk_size)()
- count = CK_ULONG(1)
- while count.value > 0:
- self.d.C_FindObjects(session, objects, len(objects), byref(count))
- for i in range(count.value):
- yield objects[i]
-
- def FindObjects(self, session, template = None, **kwargs):
- self.C_FindObjectsInit(session, template, **kwargs)
- result = tuple(self.C_FindObjects(session))
- self.C_FindObjectsFinal(session)
- return result
-
- def _parse_GenerateKeyPair_template(self,
- # Attributes common to public and private templates
- CKA_ID,
- CKA_LABEL = None,
- CKA_TOKEN = False,
- # Attributes only in private template
- CKA_SIGN = False,
- CKA_DECRYPT = False,
- CKA_UNWRAP = False,
- CKA_SENSITIVE = True,
- CKA_PRIVATE = True,
- CKA_EXTRACTABLE = False,
- # Finer-grained control for CKA_TOKEN
- public_CKA_TOKEN = False,
- private_CKA_TOKEN = False,
- # Anything else is only in public template
- **kwargs):
- if CKA_LABEL is None:
- CKA_LABEL = CKA_ID
- return (dict(kwargs,
- CKA_LABEL = CKA_LABEL,
- CKA_ID = CKA_ID,
- CKA_TOKEN = public_CKA_TOKEN or CKA_TOKEN),
- dict(CKA_LABEL = CKA_LABEL,
- CKA_ID = CKA_ID,
- CKA_TOKEN = private_CKA_TOKEN or CKA_TOKEN,
- CKA_SIGN = CKA_SIGN,
- CKA_DECRYPT = CKA_DECRYPT,
- CKA_UNWRAP = CKA_UNWRAP,
- CKA_SENSITIVE = CKA_SENSITIVE,
- CKA_PRIVATE = CKA_PRIVATE,
- CKA_EXTRACTABLE = CKA_EXTRACTABLE))
-
- def C_GenerateKeyPair(self, session, mechanism_type, public_template = None, private_template = None, **kwargs):
- if kwargs:
- assert not public_template and not private_template
- public_template, private_template = self._parse_GenerateKeyPair_template(**kwargs)
- public_template = self.adb.to_ctypes(public_template)
- private_template = self.adb.to_ctypes(private_template)
- mechanism = CK_MECHANISM(mechanism_type, None, 0)
- public_handle = CK_OBJECT_HANDLE()
- private_handle = CK_OBJECT_HANDLE()
- self.d.C_GenerateKeyPair(session, byref(mechanism),
- public_template, len(public_template),
- private_template, len(private_template),
- byref(public_handle), byref(private_handle))
- return public_handle.value, private_handle.value
-
- def C_SignInit(self, session, mechanism_type, private_key):
- mechanism = CK_MECHANISM(mechanism_type, None, 0)
- self.d.C_SignInit(session, byref(mechanism), private_key)
-
- def C_Sign(self, session, data):
- n = CK_ULONG()
- self.d.C_Sign(session, data, len(data), None, byref(n))
- sig = create_string_buffer(n.value)
- self.d.C_Sign(session, data, len(data), sig, byref(n))
- return sig.raw
-
- def C_SignUpdate(self, session, data):
- self.d.C_SignUpdate(session, data, len(data))
-
- def C_SignFinal(self, session):
- n = CK_ULONG()
- self.d.C_SignFinal(session, None, byref(n))
- sig = create_string_buffer(n.value)
- self.d.C_SignFinal(session, sig, byref(n))
- return sig.raw
-
- def C_VerifyInit(self, session, mechanism_type, public_key):
- mechanism = CK_MECHANISM(mechanism_type, None, 0)
- self.d.C_VerifyInit(session, byref(mechanism), public_key)
-
- def C_Verify(self, session, data, signature):
- self.d.C_Verify(session, data, len(data), signature, len(signature))
-
- def C_VerifyUpdate(self, session, data):
- self.d.C_VerifyUpdate(session, data, len(data))
-
- def C_VerifyFinal(self, session, signature):
- self.d.C_VerifyFinal(session, signature, len(signature))
-
- def C_CreateObject(self, session, template = None, **kwargs):
- if kwargs:
- assert not template
- template = kwargs
- template = self.adb.to_ctypes(template)
- handle = CK_OBJECT_HANDLE()
- self.d.C_CreateObject(session, template, len(template), byref(handle))
- return handle.value
-
- def C_DigestInit(self, session, mechanism_type):
- mechanism = CK_MECHANISM(mechanism_type, None, 0)
- self.d.C_DigestInit(session, byref(mechanism))
-
- def C_Digest(self, session, data):
- n = CK_ULONG()
- self.d.C_Digest(session, data, len(data), None, byref(n))
- hash = create_string_buffer(n.value)
- self.d.C_Digest(session, data, len(data), hash, byref(n))
- return hash.raw
-
- def C_DigestUpdate(self, session, data):
- self.d.C_DigestUpdate(session, data, len(data))
-
- def C_DigestFinal(self, session):
- n = CK_ULONG()
- self.d.C_DigestFinal(session, None, byref(n))
- hash = create_string_buffer(n.value)
- self.d.C_DigestFinal(session, hash, byref(n))
- return hash.raw
+ """
+ PKCS #11 API object, encapsulating the PKCS #11 library itself.
+ Sample usage:
+
+ from cryptech.py11 import *
+
+ p11 = PKCS11()
+ p11.C_Initialize()
+ session = p11.C_OpenSession()
+ p11.C_login(session, CK_USER, "secret")
+ p11.C_FindObjectsInit(session, {CKA_CLASS: CKO_PRIVATE_KEY, CKA_KEY_TYPE: CKK_EC, CKA_ID: foo})
+ keys = list(p11.C_FindObjects(session))
+ p11.C_FindObjectsFinal(session)
+ if len(keys) != 1:
+ raise RuntimeError
+ p11.C_SignInit(session, CK_ECDSA_SHA256, keys[0])
+ sig = p11.Sign(session, "Your mother was a hamster")
+ p11.C_CloseAllSessions(slot)
+ p11.C_Finalize()
+
+ The full raw PKCS #11 API is available via the .so attribute, but
+ using this can be tricky, both because it requires strict adherence
+ to the C API and because one needs to be careful not to run afoul of
+ the Python garbage collector.
+
+ The example above uses a set of interface routines built on top of the
+ raw PKCS #11 API, which map the API into something a bit more Pythonic.
+ """
+
+ # Whether to use C_GetFunctionList() instead of dynamic link symbols.
+ use_C_GetFunctionList = False
+
+ def __init__(self, so_name = default_so_name):
+ self.so_name = so_name
+ self.so = CDLL(so_name)
+ self.d = type("Dispatch", (object,), {})()
+ for name, args in Prototypes:
+ try:
+ func = getattr(self.so, name)
+ except AttributeError:
+ self.use_C_GetFunctionList = True
+ else:
+ func.restype = CK_RV
+ func.argtypes = args
+ func.errcheck = CKR_Exception.raise_on_failure
+ setattr(self.d, name, func)
+ if self.use_C_GetFunctionList:
+ functions = CK_FUNCTION_LIST_PTR()
+ self.so.C_GetFunctionList(byref(functions))
+ for name, args in Prototypes:
+ func = getattr(functions.contents, name)
+ func.errcheck = CKR_Exception.raise_on_failure
+ setattr(self.d, name, func)
+ self.adb = AttributeDB()
+
+ def __getattr__(self, name):
+ try:
+ return getattr(self.d, name)
+ except AttributeError:
+ return getattr(self.so, name)
+
+ def C_GetFunctionList(self):
+ return self
+
+ @property
+ def version(self):
+ info = CK_INFO()
+ self.d.C_GetInfo(byref(info))
+ return info.cryptokiVersion
+
+ # Be very careful if you try to provide your own locking functions.
+ # For most purposes, if you really just want locking, you're best
+ # off specifying CKF_OS_LOCKING_OK and letting the C code deal with
+ # it. The one case where you might want to provide your own locking
+ # is when writing tests to verify behavior of the locking code.
+ #
+ # We have to stash references to the callback functions passed to
+ # C_Initialize() to avoid dumping core when the garbage collector
+ # deletes the function pointer instances out from under the C code.
+
+ def C_Initialize(self, flags = 0, create_mutex = None, destroy_mutex = None, lock_mutex = None, unlock_mutex = None):
+ if flags == 0 and create_mutex is None and destroy_mutex is None and lock_mutex is None and unlock_mutex is None:
+ self._C_Initialize_args = None
+ self.d.C_Initialize(None)
+ else:
+ create_mutex = CK_CREATEMUTEX() if create_mutex is None else CK_CREATEMUTEX(create_mutex)
+ destroy_mutex = CK_DESTROYMUTEX() if destroy_mutex is None else CK_DESTROYMUTEX(destroy_mutex)
+ lock_mutex = CK_LOCKMUTEX() if lock_mutex is None else CK_LOCKMUTEX(lock_mutex)
+ unlock_mutex = CK_UNLOCKMUTEX() if unlock_mutex is None else CK_UNLOCKMUTEX(unlock_mutex)
+ self._C_Initialize_args = CK_C_INITIALIZE_ARGS(create_mutex, destroy_mutex,
+ lock_mutex, unlock_mutex, flags, None)
+ self.d.C_Initialize(cast(byref(self._C_Initialize_args), CK_VOID_PTR))
+
+ def C_Finalize(self):
+ self.d.C_Finalize(None)
+ self._C_Initialize_args = None
+
+ def C_GetSlotList(self):
+ count = CK_ULONG()
+ self.d.C_GetSlotList(CK_TRUE, None, byref(count))
+ slots = (CK_SLOT_ID * count.value)()
+ self.d.C_GetSlotList(CK_TRUE, slots, byref(count))
+ return tuple(slots[i] for i in range(count.value))
+
+ def C_GetTokenInfo(self, slot_id):
+ token_info = CK_TOKEN_INFO()
+ self.d.C_GetTokenInfo(slot_id, byref(token_info))
+ return token_info
+
+ def C_OpenSession(self, slot, flags = CKF_RW_SESSION, application = None, notify = CK_NOTIFY()):
+ flags |= CKF_SERIAL_SESSION
+ handle = CK_SESSION_HANDLE()
+ self.d.C_OpenSession(slot, flags, application, notify, byref(handle))
+ return handle.value
+
+ def C_GenerateRandom(self, session, n):
+ buffer = create_string_buffer(n)
+ self.d.C_GenerateRandom(session, buffer, sizeof(buffer))
+ return buffer.raw
+
+ def C_Login(self, session, user, pin):
+ pin = pin.encode()
+ self.d.C_Login(session, user, pin, len(pin))
+
+ def C_GetAttributeValue(self, session_handle, object_handle, *attributes):
+ if len(attributes) == 1 and isinstance(attributes[0], (list, tuple)):
+ attributes = attributes[0]
+ template = self.adb.getvalue_create_template(attributes)
+ self.d.C_GetAttributeValue(session_handle, object_handle, template, len(template))
+ self.adb.getvalue_allocate_template(template)
+ self.d.C_GetAttributeValue(session_handle, object_handle, template, len(template))
+ return self.adb.from_ctypes(template)
+
+ def C_FindObjectsInit(self, session, template = None, **kwargs):
+ if kwargs:
+ assert not template
+ template = kwargs
+ if template:
+ self.d.C_FindObjectsInit(session, self.adb.to_ctypes(template), len(template))
+ else:
+ self.d.C_FindObjectsInit(session, None, 0)
+
+ def C_FindObjects(self, session, chunk_size = 10):
+ objects = (CK_OBJECT_HANDLE * chunk_size)()
+ count = CK_ULONG(1)
+ while count.value > 0:
+ self.d.C_FindObjects(session, objects, len(objects), byref(count))
+ for i in range(count.value):
+ yield objects[i]
+
+ def FindObjects(self, session, template = None, **kwargs):
+ self.C_FindObjectsInit(session, template, **kwargs)
+ result = tuple(self.C_FindObjects(session))
+ self.C_FindObjectsFinal(session)
+ return result
+
+ def _parse_GenerateKeyPair_template(self,
+ # Attributes common to public and private templates
+ CKA_ID,
+ CKA_LABEL = None,
+ CKA_TOKEN = False,
+ # Attributes only in private template
+ CKA_SIGN = False,
+ CKA_DECRYPT = False,
+ CKA_UNWRAP = False,
+ CKA_SENSITIVE = True,
+ CKA_PRIVATE = True,
+ CKA_EXTRACTABLE = False,
+ # Finer-grained control for CKA_TOKEN
+ public_CKA_TOKEN = False,
+ private_CKA_TOKEN = False,
+ # Anything else is only in public template
+ **kwargs):
+ if CKA_LABEL is None:
+ CKA_LABEL = CKA_ID
+ return (dict(kwargs,
+ CKA_LABEL = CKA_LABEL,
+ CKA_ID = CKA_ID,
+ CKA_TOKEN = public_CKA_TOKEN or CKA_TOKEN),
+ dict(CKA_LABEL = CKA_LABEL,
+ CKA_ID = CKA_ID,
+ CKA_TOKEN = private_CKA_TOKEN or CKA_TOKEN,
+ CKA_SIGN = CKA_SIGN,
+ CKA_DECRYPT = CKA_DECRYPT,
+ CKA_UNWRAP = CKA_UNWRAP,
+ CKA_SENSITIVE = CKA_SENSITIVE,
+ CKA_PRIVATE = CKA_PRIVATE,
+ CKA_EXTRACTABLE = CKA_EXTRACTABLE))
+
+ def C_GenerateKeyPair(self, session, mechanism_type, public_template = None, private_template = None, **kwargs):
+ if kwargs:
+ assert not public_template and not private_template
+ public_template, private_template = self._parse_GenerateKeyPair_template(**kwargs)
+ public_template = self.adb.to_ctypes(public_template)
+ private_template = self.adb.to_ctypes(private_template)
+ mechanism = CK_MECHANISM(mechanism_type, None, 0)
+ public_handle = CK_OBJECT_HANDLE()
+ private_handle = CK_OBJECT_HANDLE()
+ self.d.C_GenerateKeyPair(session, byref(mechanism),
+ public_template, len(public_template),
+ private_template, len(private_template),
+ byref(public_handle), byref(private_handle))
+ return public_handle.value, private_handle.value
+
+ def C_SignInit(self, session, mechanism_type, private_key):
+ mechanism = CK_MECHANISM(mechanism_type, None, 0)
+ self.d.C_SignInit(session, byref(mechanism), private_key)
+
+ def C_Sign(self, session, data):
+ n = CK_ULONG()
+ self.d.C_Sign(session, data, len(data), None, byref(n))
+ sig = create_string_buffer(n.value)
+ self.d.C_Sign(session, data, len(data), sig, byref(n))
+ return sig.raw
+
+ def C_SignUpdate(self, session, data):
+ self.d.C_SignUpdate(session, data, len(data))
+
+ def C_SignFinal(self, session):
+ n = CK_ULONG()
+ self.d.C_SignFinal(session, None, byref(n))
+ sig = create_string_buffer(n.value)
+ self.d.C_SignFinal(session, sig, byref(n))
+ return sig.raw
+
+ def C_VerifyInit(self, session, mechanism_type, public_key):
+ mechanism = CK_MECHANISM(mechanism_type, None, 0)
+ self.d.C_VerifyInit(session, byref(mechanism), public_key)
+
+ def C_Verify(self, session, data, signature):
+ self.d.C_Verify(session, data, len(data), signature, len(signature))
+
+ def C_VerifyUpdate(self, session, data):
+ self.d.C_VerifyUpdate(session, data, len(data))
+
+ def C_VerifyFinal(self, session, signature):
+ self.d.C_VerifyFinal(session, signature, len(signature))
+
+ def C_CreateObject(self, session, template = None, **kwargs):
+ if kwargs:
+ assert not template
+ template = kwargs
+ template = self.adb.to_ctypes(template)
+ handle = CK_OBJECT_HANDLE()
+ self.d.C_CreateObject(session, template, len(template), byref(handle))
+ return handle.value
+
+ def C_DigestInit(self, session, mechanism_type):
+ mechanism = CK_MECHANISM(mechanism_type, None, 0)
+ self.d.C_DigestInit(session, byref(mechanism))
+
+ def C_Digest(self, session, data):
+ n = CK_ULONG()
+ self.d.C_Digest(session, data, len(data), None, byref(n))
+ hash = create_string_buffer(n.value)
+ self.d.C_Digest(session, data, len(data), hash, byref(n))
+ return hash.raw
+
+ def C_DigestUpdate(self, session, data):
+ self.d.C_DigestUpdate(session, data, len(data))
+
+ def C_DigestFinal(self, session):
+ n = CK_ULONG()
+ self.d.C_DigestFinal(session, None, byref(n))
+ hash = create_string_buffer(n.value)
+ self.d.C_DigestFinal(session, hash, byref(n))
+ return hash.raw
__all__ = ["PKCS11"]
__all__.extend(name for name in globals()
diff --git a/cryptech/py11/attributes.py b/cryptech/py11/attributes.py
index c6a87da..035677c 100644
--- a/cryptech/py11/attributes.py
+++ b/cryptech/py11/attributes.py
@@ -15,7 +15,7 @@ class Attribute(object):
from . import types
assert attribute_name.startswith("CKA_")
attribute_number = getattr(constants, attribute_name)
- type_class = getattr(types, type_name, str)
+ type_class = getattr(types, type_name, bytes)
if type_class is CK_BBOOL:
cls = Attribute_CK_BBOOL
elif type_class is CK_ULONG:
@@ -35,15 +35,15 @@ class Attribute(object):
def decode(self, x): return x
class Attribute_CK_BBOOL(Attribute):
- def encode(self, x): return chr(int(x))
- def decode(self, x): return bool(ord(x))
+ def encode(self, x): return pack("B", int(x))
+ def decode(self, x): return bool(unpack("B", x)[0])
class Attribute_CK_ULONG(Attribute):
def encode(self, x): return pack("L", x)
def decode(self, x): return unpack("L", x)[0]
class Attribute_biginteger(Attribute):
- def encode(self, x): return "\x00" if x == 0 else unhexlify("{0:0{1}x".format(x, ((x.bit_length() + 7) / 8) * 2))
+ def encode(self, x): return "\x00" if x == 0 else unhexlify("{0:0{1}x}".format(x, ((x.bit_length() + 7) // 8) * 2))
def decode(self, x): return int(hexlify(x), 16)
diff --git a/cryptech/py11/constants.py b/cryptech/py11/constants.py
index a8392ea..4ef6914 100644
--- a/cryptech/py11/constants.py
+++ b/cryptech/py11/constants.py
@@ -41,575 +41,575 @@ CKF_LOGIN_REQUIRED = 0x00000004
CKF_USER_PIN_INITIALIZED = 0x00000008
CKF_RESTORE_KEY_NOT_NEEDED = 0x00000020
CKF_CLOCK_ON_TOKEN = 0x00000040
-CKF_PROTECTED_AUTHENTICATION_PATH = 0x00000100
-CKF_DUAL_CRYPTO_OPERATIONS = 0x00000200
-CKF_TOKEN_INITIALIZED = 0x00000400
-CKF_SECONDARY_AUTHENTICATION = 0x00000800
-CKF_USER_PIN_COUNT_LOW = 0x00010000
-CKF_USER_PIN_FINAL_TRY = 0x00020000
-CKF_USER_PIN_LOCKED = 0x00040000
-CKF_USER_PIN_TO_BE_CHANGED = 0x00080000
-CKF_SO_PIN_COUNT_LOW = 0x00100000
-CKF_SO_PIN_FINAL_TRY = 0x00200000
-CKF_SO_PIN_LOCKED = 0x00400000
-CKF_SO_PIN_TO_BE_CHANGED = 0x00800000
+CKF_PROTECTED_AUTHENTICATION_PATH = 0x00000100
+CKF_DUAL_CRYPTO_OPERATIONS = 0x00000200
+CKF_TOKEN_INITIALIZED = 0x00000400
+CKF_SECONDARY_AUTHENTICATION = 0x00000800
+CKF_USER_PIN_COUNT_LOW = 0x00010000
+CKF_USER_PIN_FINAL_TRY = 0x00020000
+CKF_USER_PIN_LOCKED = 0x00040000
+CKF_USER_PIN_TO_BE_CHANGED = 0x00080000
+CKF_SO_PIN_COUNT_LOW = 0x00100000
+CKF_SO_PIN_FINAL_TRY = 0x00200000
+CKF_SO_PIN_LOCKED = 0x00400000
+CKF_SO_PIN_TO_BE_CHANGED = 0x00800000
CKF_ERROR_STATE = 0x01000000
CKU_SO = 0
CKU_USER = 1
-CKU_CONTEXT_SPECIFIC = 2
+CKU_CONTEXT_SPECIFIC = 2
-CKS_RO_PUBLIC_SESSION = 0
-CKS_RO_USER_FUNCTIONS = 1
-CKS_RW_PUBLIC_SESSION = 2
-CKS_RW_USER_FUNCTIONS = 3
-CKS_RW_SO_FUNCTIONS = 4
+CKS_RO_PUBLIC_SESSION = 0
+CKS_RO_USER_FUNCTIONS = 1
+CKS_RW_PUBLIC_SESSION = 2
+CKS_RW_USER_FUNCTIONS = 3
+CKS_RW_SO_FUNCTIONS = 4
CKF_RW_SESSION = 0x00000002
-CKF_SERIAL_SESSION = 0x00000004
+CKF_SERIAL_SESSION = 0x00000004
CKO_DATA = 0x00000000
CKO_CERTIFICATE = 0x00000001
CKO_PUBLIC_KEY = 0x00000002
-CKO_PRIVATE_KEY = 0x00000003
-CKO_SECRET_KEY = 0x00000004
-CKO_HW_FEATURE = 0x00000005
-CKO_DOMAIN_PARAMETERS = 0x00000006
-CKO_MECHANISM = 0x00000007
-CKO_OTP_KEY = 0x00000008
-CKO_VENDOR_DEFINED = 0x80000000
+CKO_PRIVATE_KEY = 0x00000003
+CKO_SECRET_KEY = 0x00000004
+CKO_HW_FEATURE = 0x00000005
+CKO_DOMAIN_PARAMETERS = 0x00000006
+CKO_MECHANISM = 0x00000007
+CKO_OTP_KEY = 0x00000008
+CKO_VENDOR_DEFINED = 0x80000000
-CKH_MONOTONIC_COUNTER = 0x00000001
-CKH_CLOCK = 0x00000002
-CKH_USER_INTERFACE = 0x00000003
-CKH_VENDOR_DEFINED = 0x80000000
+CKH_MONOTONIC_COUNTER = 0x00000001
+CKH_CLOCK = 0x00000002
+CKH_USER_INTERFACE = 0x00000003
+CKH_VENDOR_DEFINED = 0x80000000
-CKK_RSA = 0x00000000
-CKK_DSA = 0x00000001
-CKK_DH = 0x00000002
-CKK_ECDSA = 0x00000003
-CKK_EC = 0x00000003
-CKK_X9_42_DH = 0x00000004
-CKK_KEA = 0x00000005
-CKK_GENERIC_SECRET = 0x00000010
-CKK_RC2 = 0x00000011
-CKK_RC4 = 0x00000012
-CKK_DES = 0x00000013
-CKK_DES2 = 0x00000014
-CKK_DES3 = 0x00000015
-CKK_CAST = 0x00000016
-CKK_CAST3 = 0x00000017
-CKK_CAST5 = 0x00000018
-CKK_CAST128 = 0x00000018
-CKK_RC5 = 0x00000019
-CKK_IDEA = 0x0000001A
-CKK_SKIPJACK = 0x0000001B
-CKK_BATON = 0x0000001C
-CKK_JUNIPER = 0x0000001D
-CKK_CDMF = 0x0000001E
-CKK_AES = 0x0000001F
-CKK_BLOWFISH = 0x00000020
-CKK_TWOFISH = 0x00000021
-CKK_SECURID = 0x00000022
-CKK_HOTP = 0x00000023
-CKK_ACTI = 0x00000024
-CKK_CAMELLIA = 0x00000025
-CKK_ARIA = 0x00000026
-CKK_MD5_HMAC = 0x00000027
-CKK_SHA_1_HMAC = 0x00000028
-CKK_RIPEMD128_HMAC = 0x00000029
-CKK_RIPEMD160_HMAC = 0x0000002A
-CKK_SHA256_HMAC = 0x0000002B
-CKK_SHA384_HMAC = 0x0000002C
-CKK_SHA512_HMAC = 0x0000002D
-CKK_SHA224_HMAC = 0x0000002E
-CKK_SEED = 0x0000002F
-CKK_GOSTR3410 = 0x00000030
-CKK_GOSTR3411 = 0x00000031
-CKK_GOST28147 = 0x00000032
-CKK_VENDOR_DEFINED = 0x80000000
+CKK_RSA = 0x00000000
+CKK_DSA = 0x00000001
+CKK_DH = 0x00000002
+CKK_ECDSA = 0x00000003
+CKK_EC = 0x00000003
+CKK_X9_42_DH = 0x00000004
+CKK_KEA = 0x00000005
+CKK_GENERIC_SECRET = 0x00000010
+CKK_RC2 = 0x00000011
+CKK_RC4 = 0x00000012
+CKK_DES = 0x00000013
+CKK_DES2 = 0x00000014
+CKK_DES3 = 0x00000015
+CKK_CAST = 0x00000016
+CKK_CAST3 = 0x00000017
+CKK_CAST5 = 0x00000018
+CKK_CAST128 = 0x00000018
+CKK_RC5 = 0x00000019
+CKK_IDEA = 0x0000001A
+CKK_SKIPJACK = 0x0000001B
+CKK_BATON = 0x0000001C
+CKK_JUNIPER = 0x0000001D
+CKK_CDMF = 0x0000001E
+CKK_AES = 0x0000001F
+CKK_BLOWFISH = 0x00000020
+CKK_TWOFISH = 0x00000021
+CKK_SECURID = 0x00000022
+CKK_HOTP = 0x00000023
+CKK_ACTI = 0x00000024
+CKK_CAMELLIA = 0x00000025
+CKK_ARIA = 0x00000026
+CKK_MD5_HMAC = 0x00000027
+CKK_SHA_1_HMAC = 0x00000028
+CKK_RIPEMD128_HMAC = 0x00000029
+CKK_RIPEMD160_HMAC = 0x0000002A
+CKK_SHA256_HMAC = 0x0000002B
+CKK_SHA384_HMAC = 0x0000002C
+CKK_SHA512_HMAC = 0x0000002D
+CKK_SHA224_HMAC = 0x0000002E
+CKK_SEED = 0x0000002F
+CKK_GOSTR3410 = 0x00000030
+CKK_GOSTR3411 = 0x00000031
+CKK_GOST28147 = 0x00000032
+CKK_VENDOR_DEFINED = 0x80000000
-CKC_X_509 = 0x00000000
-CKC_X_509_ATTR_CERT = 0x00000001
-CKC_WTLS = 0x00000002
-CKC_VENDOR_DEFINED = 0x80000000
+CKC_X_509 = 0x00000000
+CKC_X_509_ATTR_CERT = 0x00000001
+CKC_WTLS = 0x00000002
+CKC_VENDOR_DEFINED = 0x80000000
-CKF_ARRAY_ATTRIBUTE = 0x40000000
+CKF_ARRAY_ATTRIBUTE = 0x40000000
-CK_OTP_FORMAT_DECIMAL = 0
-CK_OTP_FORMAT_HEXADECIMAL = 1
-CK_OTP_FORMAT_ALPHANUMERIC = 2
-CK_OTP_FORMAT_BINARY = 3
+CK_OTP_FORMAT_DECIMAL = 0
+CK_OTP_FORMAT_HEXADECIMAL = 1
+CK_OTP_FORMAT_ALPHANUMERIC = 2
+CK_OTP_FORMAT_BINARY = 3
-CK_OTP_PARAM_IGNORED = 0
-CK_OTP_PARAM_OPTIONAL = 1
-CK_OTP_PARAM_MANDATORY = 2
+CK_OTP_PARAM_IGNORED = 0
+CK_OTP_PARAM_OPTIONAL = 1
+CK_OTP_PARAM_MANDATORY = 2
-CKA_CLASS = 0x00000000
-CKA_TOKEN = 0x00000001
-CKA_PRIVATE = 0x00000002
-CKA_LABEL = 0x00000003
-CKA_APPLICATION = 0x00000010
-CKA_VALUE = 0x00000011
-CKA_OBJECT_ID = 0x00000012
-CKA_CERTIFICATE_TYPE = 0x00000080
-CKA_ISSUER = 0x00000081
-CKA_SERIAL_NUMBER = 0x00000082
-CKA_AC_ISSUER = 0x00000083
-CKA_OWNER = 0x00000084
-CKA_ATTR_TYPES = 0x00000085
-CKA_TRUSTED = 0x00000086
-CKA_CERTIFICATE_CATEGORY = 0x00000087
-CKA_JAVA_MIDP_SECURITY_DOMAIN = 0x00000088
-CKA_URL = 0x00000089
-CKA_HASH_OF_SUBJECT_PUBLIC_KEY = 0x0000008A
-CKA_HASH_OF_ISSUER_PUBLIC_KEY = 0x0000008B
-CKA_CHECK_VALUE = 0x00000090
-CKA_KEY_TYPE = 0x00000100
-CKA_SUBJECT = 0x00000101
+CKA_CLASS = 0x00000000
+CKA_TOKEN = 0x00000001
+CKA_PRIVATE = 0x00000002
+CKA_LABEL = 0x00000003
+CKA_APPLICATION = 0x00000010
+CKA_VALUE = 0x00000011
+CKA_OBJECT_ID = 0x00000012
+CKA_CERTIFICATE_TYPE = 0x00000080
+CKA_ISSUER = 0x00000081
+CKA_SERIAL_NUMBER = 0x00000082
+CKA_AC_ISSUER = 0x00000083
+CKA_OWNER = 0x00000084
+CKA_ATTR_TYPES = 0x00000085
+CKA_TRUSTED = 0x00000086
+CKA_CERTIFICATE_CATEGORY = 0x00000087
+CKA_JAVA_MIDP_SECURITY_DOMAIN = 0x00000088
+CKA_URL = 0x00000089
+CKA_HASH_OF_SUBJECT_PUBLIC_KEY = 0x0000008A
+CKA_HASH_OF_ISSUER_PUBLIC_KEY = 0x0000008B
+CKA_CHECK_VALUE = 0x00000090
+CKA_KEY_TYPE = 0x00000100
+CKA_SUBJECT = 0x00000101
CKA_ID = 0x00000102
-CKA_SENSITIVE = 0x00000103
-CKA_ENCRYPT = 0x00000104
-CKA_DECRYPT = 0x00000105
-CKA_WRAP = 0x00000106
-CKA_UNWRAP = 0x00000107
-CKA_SIGN = 0x00000108
-CKA_SIGN_RECOVER = 0x00000109
-CKA_VERIFY = 0x0000010A
-CKA_VERIFY_RECOVER = 0x0000010B
-CKA_DERIVE = 0x0000010C
-CKA_START_DATE = 0x00000110
-CKA_END_DATE = 0x00000111
-CKA_MODULUS = 0x00000120
-CKA_MODULUS_BITS = 0x00000121
-CKA_PUBLIC_EXPONENT = 0x00000122
-CKA_PRIVATE_EXPONENT = 0x00000123
-CKA_PRIME_1 = 0x00000124
-CKA_PRIME_2 = 0x00000125
-CKA_EXPONENT_1 = 0x00000126
-CKA_EXPONENT_2 = 0x00000127
-CKA_COEFFICIENT = 0x00000128
-CKA_PRIME = 0x00000130
-CKA_SUBPRIME = 0x00000131
-CKA_BASE = 0x00000132
-CKA_PRIME_BITS = 0x00000133
-CKA_SUBPRIME_BITS = 0x00000134
-CKA_SUB_PRIME_BITS = CKA_SUBPRIME_BITS
-CKA_VALUE_BITS = 0x00000160
-CKA_VALUE_LEN = 0x00000161
-CKA_EXTRACTABLE = 0x00000162
-CKA_LOCAL = 0x00000163
-CKA_NEVER_EXTRACTABLE = 0x00000164
-CKA_ALWAYS_SENSITIVE = 0x00000165
-CKA_KEY_GEN_MECHANISM = 0x00000166
-CKA_MODIFIABLE = 0x00000170
-CKA_ECDSA_PARAMS = 0x00000180
-CKA_EC_PARAMS = 0x00000180
-CKA_EC_POINT = 0x00000181
-CKA_SECONDARY_AUTH = 0x00000200
-CKA_AUTH_PIN_FLAGS = 0x00000201
-CKA_ALWAYS_AUTHENTICATE = 0x00000202
-CKA_WRAP_WITH_TRUSTED = 0x00000210
-CKA_WRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE|0x00000211)
-CKA_UNWRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE|0x00000212)
-CKA_DERIVE_TEMPLATE = (CKF_ARRAY_ATTRIBUTE|0x00000213)
-CKA_OTP_FORMAT = 0x00000220
-CKA_OTP_LENGTH = 0x00000221
-CKA_OTP_TIME_INTERVAL = 0x00000222
-CKA_OTP_USER_FRIENDLY_MODE = 0x00000223
-CKA_OTP_CHALLENGE_REQUIREMENT = 0x00000224
-CKA_OTP_TIME_REQUIREMENT = 0x00000225
-CKA_OTP_COUNTER_REQUIREMENT = 0x00000226
-CKA_OTP_PIN_REQUIREMENT = 0x00000227
-CKA_OTP_COUNTER = 0x0000022E
-CKA_OTP_TIME = 0x0000022F
-CKA_OTP_USER_IDENTIFIER = 0x0000022A
+CKA_SENSITIVE = 0x00000103
+CKA_ENCRYPT = 0x00000104
+CKA_DECRYPT = 0x00000105
+CKA_WRAP = 0x00000106
+CKA_UNWRAP = 0x00000107
+CKA_SIGN = 0x00000108
+CKA_SIGN_RECOVER = 0x00000109
+CKA_VERIFY = 0x0000010A
+CKA_VERIFY_RECOVER = 0x0000010B
+CKA_DERIVE = 0x0000010C
+CKA_START_DATE = 0x00000110
+CKA_END_DATE = 0x00000111
+CKA_MODULUS = 0x00000120
+CKA_MODULUS_BITS = 0x00000121
+CKA_PUBLIC_EXPONENT = 0x00000122
+CKA_PRIVATE_EXPONENT = 0x00000123
+CKA_PRIME_1 = 0x00000124
+CKA_PRIME_2 = 0x00000125
+CKA_EXPONENT_1 = 0x00000126
+CKA_EXPONENT_2 = 0x00000127
+CKA_COEFFICIENT = 0x00000128
+CKA_PRIME = 0x00000130
+CKA_SUBPRIME = 0x00000131
+CKA_BASE = 0x00000132
+CKA_PRIME_BITS = 0x00000133
+CKA_SUBPRIME_BITS = 0x00000134
+CKA_SUB_PRIME_BITS = CKA_SUBPRIME_BITS
+CKA_VALUE_BITS = 0x00000160
+CKA_VALUE_LEN = 0x00000161
+CKA_EXTRACTABLE = 0x00000162
+CKA_LOCAL = 0x00000163
+CKA_NEVER_EXTRACTABLE = 0x00000164
+CKA_ALWAYS_SENSITIVE = 0x00000165
+CKA_KEY_GEN_MECHANISM = 0x00000166
+CKA_MODIFIABLE = 0x00000170
+CKA_ECDSA_PARAMS = 0x00000180
+CKA_EC_PARAMS = 0x00000180
+CKA_EC_POINT = 0x00000181
+CKA_SECONDARY_AUTH = 0x00000200
+CKA_AUTH_PIN_FLAGS = 0x00000201
+CKA_ALWAYS_AUTHENTICATE = 0x00000202
+CKA_WRAP_WITH_TRUSTED = 0x00000210
+CKA_WRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE|0x00000211)
+CKA_UNWRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE|0x00000212)
+CKA_DERIVE_TEMPLATE = (CKF_ARRAY_ATTRIBUTE|0x00000213)
+CKA_OTP_FORMAT = 0x00000220
+CKA_OTP_LENGTH = 0x00000221
+CKA_OTP_TIME_INTERVAL = 0x00000222
+CKA_OTP_USER_FRIENDLY_MODE = 0x00000223
+CKA_OTP_CHALLENGE_REQUIREMENT = 0x00000224
+CKA_OTP_TIME_REQUIREMENT = 0x00000225
+CKA_OTP_COUNTER_REQUIREMENT = 0x00000226
+CKA_OTP_PIN_REQUIREMENT = 0x00000227
+CKA_OTP_COUNTER = 0x0000022E
+CKA_OTP_TIME = 0x0000022F
+CKA_OTP_USER_IDENTIFIER = 0x0000022A
CKA_OTP_SERVICE_IDENTIFIER = 0x0000022B
-CKA_OTP_SERVICE_LOGO = 0x0000022C
-CKA_OTP_SERVICE_LOGO_TYPE = 0x0000022D
-CKA_GOSTR3410_PARAMS = 0x00000250
-CKA_GOSTR3411_PARAMS = 0x00000251
-CKA_GOST28147_PARAMS = 0x00000252
-CKA_HW_FEATURE_TYPE = 0x00000300
-CKA_RESET_ON_INIT = 0x00000301
-CKA_HAS_RESET = 0x00000302
-CKA_PIXEL_X = 0x00000400
-CKA_PIXEL_Y = 0x00000401
-CKA_RESOLUTION = 0x00000402
-CKA_CHAR_ROWS = 0x00000403
-CKA_CHAR_COLUMNS = 0x00000404
-CKA_COLOR = 0x00000405
-CKA_BITS_PER_PIXEL = 0x00000406
-CKA_CHAR_SETS = 0x00000480
-CKA_ENCODING_METHODS = 0x00000481
-CKA_MIME_TYPES = 0x00000482
-CKA_MECHANISM_TYPE = 0x00000500
-CKA_REQUIRED_CMS_ATTRIBUTES = 0x00000501
-CKA_DEFAULT_CMS_ATTRIBUTES = 0x00000502
-CKA_SUPPORTED_CMS_ATTRIBUTES = 0x00000503
-CKA_ALLOWED_MECHANISMS = (CKF_ARRAY_ATTRIBUTE|0x00000600)
-CKA_VENDOR_DEFINED = 0x80000000
+CKA_OTP_SERVICE_LOGO = 0x0000022C
+CKA_OTP_SERVICE_LOGO_TYPE = 0x0000022D
+CKA_GOSTR3410_PARAMS = 0x00000250
+CKA_GOSTR3411_PARAMS = 0x00000251
+CKA_GOST28147_PARAMS = 0x00000252
+CKA_HW_FEATURE_TYPE = 0x00000300
+CKA_RESET_ON_INIT = 0x00000301
+CKA_HAS_RESET = 0x00000302
+CKA_PIXEL_X = 0x00000400
+CKA_PIXEL_Y = 0x00000401
+CKA_RESOLUTION = 0x00000402
+CKA_CHAR_ROWS = 0x00000403
+CKA_CHAR_COLUMNS = 0x00000404
+CKA_COLOR = 0x00000405
+CKA_BITS_PER_PIXEL = 0x00000406
+CKA_CHAR_SETS = 0x00000480
+CKA_ENCODING_METHODS = 0x00000481
+CKA_MIME_TYPES = 0x00000482
+CKA_MECHANISM_TYPE = 0x00000500
+CKA_REQUIRED_CMS_ATTRIBUTES = 0x00000501
+CKA_DEFAULT_CMS_ATTRIBUTES = 0x00000502
+CKA_SUPPORTED_CMS_ATTRIBUTES = 0x00000503
+CKA_ALLOWED_MECHANISMS = (CKF_ARRAY_ATTRIBUTE|0x00000600)
+CKA_VENDOR_DEFINED = 0x80000000
-CKM_RSA_PKCS_KEY_PAIR_GEN = 0x00000000
-CKM_RSA_PKCS = 0x00000001
-CKM_RSA_9796 = 0x00000002
-CKM_RSA_X_509 = 0x00000003
-CKM_MD2_RSA_PKCS = 0x00000004
-CKM_MD5_RSA_PKCS = 0x00000005
-CKM_SHA1_RSA_PKCS = 0x00000006
-CKM_RIPEMD128_RSA_PKCS = 0x00000007
-CKM_RIPEMD160_RSA_PKCS = 0x00000008
-CKM_RSA_PKCS_OAEP = 0x00000009
-CKM_RSA_X9_31_KEY_PAIR_GEN = 0x0000000A
+CKM_RSA_PKCS_KEY_PAIR_GEN = 0x00000000
+CKM_RSA_PKCS = 0x00000001
+CKM_RSA_9796 = 0x00000002
+CKM_RSA_X_509 = 0x00000003
+CKM_MD2_RSA_PKCS = 0x00000004
+CKM_MD5_RSA_PKCS = 0x00000005
+CKM_SHA1_RSA_PKCS = 0x00000006
+CKM_RIPEMD128_RSA_PKCS = 0x00000007
+CKM_RIPEMD160_RSA_PKCS = 0x00000008
+CKM_RSA_PKCS_OAEP = 0x00000009
+CKM_RSA_X9_31_KEY_PAIR_GEN = 0x0000000A
CKM_RSA_X9_31 = 0x0000000B
-CKM_SHA1_RSA_X9_31 = 0x0000000C
-CKM_RSA_PKCS_PSS = 0x0000000D
-CKM_SHA1_RSA_PKCS_PSS = 0x0000000E
-CKM_DSA_KEY_PAIR_GEN = 0x00000010
-CKM_DSA = 0x00000011
-CKM_DSA_SHA1 = 0x00000012
-CKM_DSA_SHA224 = 0x00000013
-CKM_DSA_SHA256 = 0x00000014
-CKM_DSA_SHA384 = 0x00000015
-CKM_DSA_SHA512 = 0x00000016
-CKM_DH_PKCS_KEY_PAIR_GEN = 0x00000020
-CKM_DH_PKCS_DERIVE = 0x00000021
-CKM_X9_42_DH_KEY_PAIR_GEN = 0x00000030
-CKM_X9_42_DH_DERIVE = 0x00000031
-CKM_X9_42_DH_HYBRID_DERIVE = 0x00000032
-CKM_X9_42_MQV_DERIVE = 0x00000033
-CKM_SHA256_RSA_PKCS = 0x00000040
-CKM_SHA384_RSA_PKCS = 0x00000041
-CKM_SHA512_RSA_PKCS = 0x00000042
-CKM_SHA256_RSA_PKCS_PSS = 0x00000043
-CKM_SHA384_RSA_PKCS_PSS = 0x00000044
-CKM_SHA512_RSA_PKCS_PSS = 0x00000045
-CKM_SHA224_RSA_PKCS = 0x00000046
-CKM_SHA224_RSA_PKCS_PSS = 0x00000047
-CKM_RC2_KEY_GEN = 0x00000100
-CKM_RC2_ECB = 0x00000101
-CKM_RC2_CBC = 0x00000102
-CKM_RC2_MAC = 0x00000103
-CKM_RC2_MAC_GENERAL = 0x00000104
-CKM_RC2_CBC_PAD = 0x00000105
-CKM_RC4_KEY_GEN = 0x00000110
-CKM_RC4 = 0x00000111
-CKM_DES_KEY_GEN = 0x00000120
-CKM_DES_ECB = 0x00000121
-CKM_DES_CBC = 0x00000122
-CKM_DES_MAC = 0x00000123
-CKM_DES_MAC_GENERAL = 0x00000124
-CKM_DES_CBC_PAD = 0x00000125
-CKM_DES2_KEY_GEN = 0x00000130
-CKM_DES3_KEY_GEN = 0x00000131
-CKM_DES3_ECB = 0x00000132
-CKM_DES3_CBC = 0x00000133
-CKM_DES3_MAC = 0x00000134
-CKM_DES3_MAC_GENERAL = 0x00000135
-CKM_DES3_CBC_PAD = 0x00000136
-CKM_DES3_CMAC_GENERAL = 0x00000137
-CKM_DES3_CMAC = 0x00000138
-CKM_CDMF_KEY_GEN = 0x00000140
-CKM_CDMF_ECB = 0x00000141
-CKM_CDMF_CBC = 0x00000142
-CKM_CDMF_MAC = 0x00000143
-CKM_CDMF_MAC_GENERAL = 0x00000144
-CKM_CDMF_CBC_PAD = 0x00000145
-CKM_DES_OFB64 = 0x00000150
-CKM_DES_OFB8 = 0x00000151
-CKM_DES_CFB64 = 0x00000152
-CKM_DES_CFB8 = 0x00000153
+CKM_SHA1_RSA_X9_31 = 0x0000000C
+CKM_RSA_PKCS_PSS = 0x0000000D
+CKM_SHA1_RSA_PKCS_PSS = 0x0000000E
+CKM_DSA_KEY_PAIR_GEN = 0x00000010
+CKM_DSA = 0x00000011
+CKM_DSA_SHA1 = 0x00000012
+CKM_DSA_SHA224 = 0x00000013
+CKM_DSA_SHA256 = 0x00000014
+CKM_DSA_SHA384 = 0x00000015
+CKM_DSA_SHA512 = 0x00000016
+CKM_DH_PKCS_KEY_PAIR_GEN = 0x00000020
+CKM_DH_PKCS_DERIVE = 0x00000021
+CKM_X9_42_DH_KEY_PAIR_GEN = 0x00000030
+CKM_X9_42_DH_DERIVE = 0x00000031
+CKM_X9_42_DH_HYBRID_DERIVE = 0x00000032
+CKM_X9_42_MQV_DERIVE = 0x00000033
+CKM_SHA256_RSA_PKCS = 0x00000040
+CKM_SHA384_RSA_PKCS = 0x00000041
+CKM_SHA512_RSA_PKCS = 0x00000042
+CKM_SHA256_RSA_PKCS_PSS = 0x00000043
+CKM_SHA384_RSA_PKCS_PSS = 0x00000044
+CKM_SHA512_RSA_PKCS_PSS = 0x00000045
+CKM_SHA224_RSA_PKCS = 0x00000046
+CKM_SHA224_RSA_PKCS_PSS = 0x00000047
+CKM_RC2_KEY_GEN = 0x00000100
+CKM_RC2_ECB = 0x00000101
+CKM_RC2_CBC = 0x00000102
+CKM_RC2_MAC = 0x00000103
+CKM_RC2_MAC_GENERAL = 0x00000104
+CKM_RC2_CBC_PAD = 0x00000105
+CKM_RC4_KEY_GEN = 0x00000110
+CKM_RC4 = 0x00000111
+CKM_DES_KEY_GEN = 0x00000120
+CKM_DES_ECB = 0x00000121
+CKM_DES_CBC = 0x00000122
+CKM_DES_MAC = 0x00000123
+CKM_DES_MAC_GENERAL = 0x00000124
+CKM_DES_CBC_PAD = 0x00000125
+CKM_DES2_KEY_GEN = 0x00000130
+CKM_DES3_KEY_GEN = 0x00000131
+CKM_DES3_ECB = 0x00000132
+CKM_DES3_CBC = 0x00000133
+CKM_DES3_MAC = 0x00000134
+CKM_DES3_MAC_GENERAL = 0x00000135
+CKM_DES3_CBC_PAD = 0x00000136
+CKM_DES3_CMAC_GENERAL = 0x00000137
+CKM_DES3_CMAC = 0x00000138
+CKM_CDMF_KEY_GEN = 0x00000140
+CKM_CDMF_ECB = 0x00000141
+CKM_CDMF_CBC = 0x00000142
+CKM_CDMF_MAC = 0x00000143
+CKM_CDMF_MAC_GENERAL = 0x00000144
+CKM_CDMF_CBC_PAD = 0x00000145
+CKM_DES_OFB64 = 0x00000150
+CKM_DES_OFB8 = 0x00000151
+CKM_DES_CFB64 = 0x00000152
+CKM_DES_CFB8 = 0x00000153
CKM_MD2 = 0x00000200
-CKM_MD2_HMAC = 0x00000201
-CKM_MD2_HMAC_GENERAL = 0x00000202
-CKM_MD5 = 0x00000210
-CKM_MD5_HMAC = 0x00000211
-CKM_MD5_HMAC_GENERAL = 0x00000212
-CKM_SHA_1 = 0x00000220
-CKM_SHA_1_HMAC = 0x00000221
-CKM_SHA_1_HMAC_GENERAL = 0x00000222
-CKM_RIPEMD128 = 0x00000230
-CKM_RIPEMD128_HMAC = 0x00000231
-CKM_RIPEMD128_HMAC_GENERAL = 0x00000232
-CKM_RIPEMD160 = 0x00000240
-CKM_RIPEMD160_HMAC = 0x00000241
-CKM_RIPEMD160_HMAC_GENERAL = 0x00000242
-CKM_SHA256 = 0x00000250
-CKM_SHA256_HMAC = 0x00000251
-CKM_SHA256_HMAC_GENERAL = 0x00000252
-CKM_SHA224 = 0x00000255
-CKM_SHA224_HMAC = 0x00000256
-CKM_SHA224_HMAC_GENERAL = 0x00000257
-CKM_SHA384 = 0x00000260
-CKM_SHA384_HMAC = 0x00000261
-CKM_SHA384_HMAC_GENERAL = 0x00000262
-CKM_SHA512 = 0x00000270
-CKM_SHA512_HMAC = 0x00000271
-CKM_SHA512_HMAC_GENERAL = 0x00000272
-CKM_SECURID_KEY_GEN = 0x00000280
-CKM_SECURID = 0x00000282
-CKM_HOTP_KEY_GEN = 0x00000290
-CKM_HOTP = 0x00000291
-CKM_ACTI = 0x000002A0
-CKM_ACTI_KEY_GEN = 0x000002A1
-CKM_CAST_KEY_GEN = 0x00000300
-CKM_CAST_ECB = 0x00000301
-CKM_CAST_CBC = 0x00000302
-CKM_CAST_MAC = 0x00000303
-CKM_CAST_MAC_GENERAL = 0x00000304
-CKM_CAST_CBC_PAD = 0x00000305
-CKM_CAST3_KEY_GEN = 0x00000310
-CKM_CAST3_ECB = 0x00000311
-CKM_CAST3_CBC = 0x00000312
-CKM_CAST3_MAC = 0x00000313
-CKM_CAST3_MAC_GENERAL = 0x00000314
-CKM_CAST3_CBC_PAD = 0x00000315
-CKM_CAST5_KEY_GEN = 0x00000320
-CKM_CAST128_KEY_GEN = 0x00000320
-CKM_CAST5_ECB = 0x00000321
-CKM_CAST128_ECB = 0x00000321
-CKM_CAST5_CBC = 0x00000322
-CKM_CAST128_CBC = 0x00000322
-CKM_CAST5_MAC = 0x00000323
-CKM_CAST128_MAC = 0x00000323
-CKM_CAST5_MAC_GENERAL = 0x00000324
-CKM_CAST128_MAC_GENERAL = 0x00000324
-CKM_CAST5_CBC_PAD = 0x00000325
-CKM_CAST128_CBC_PAD = 0x00000325
-CKM_RC5_KEY_GEN = 0x00000330
-CKM_RC5_ECB = 0x00000331
-CKM_RC5_CBC = 0x00000332
-CKM_RC5_MAC = 0x00000333
-CKM_RC5_MAC_GENERAL = 0x00000334
-CKM_RC5_CBC_PAD = 0x00000335
-CKM_IDEA_KEY_GEN = 0x00000340
-CKM_IDEA_ECB = 0x00000341
-CKM_IDEA_CBC = 0x00000342
-CKM_IDEA_MAC = 0x00000343
-CKM_IDEA_MAC_GENERAL = 0x00000344
-CKM_IDEA_CBC_PAD = 0x00000345
-CKM_GENERIC_SECRET_KEY_GEN = 0x00000350
-CKM_CONCATENATE_BASE_AND_KEY = 0x00000360
-CKM_CONCATENATE_BASE_AND_DATA = 0x00000362
-CKM_CONCATENATE_DATA_AND_BASE = 0x00000363
-CKM_XOR_BASE_AND_DATA = 0x00000364
-CKM_EXTRACT_KEY_FROM_KEY = 0x00000365
-CKM_SSL3_PRE_MASTER_KEY_GEN = 0x00000370
-CKM_SSL3_MASTER_KEY_DERIVE = 0x00000371
-CKM_SSL3_KEY_AND_MAC_DERIVE = 0x00000372
-CKM_SSL3_MASTER_KEY_DERIVE_DH = 0x00000373
-CKM_TLS_PRE_MASTER_KEY_GEN = 0x00000374
-CKM_TLS_MASTER_KEY_DERIVE = 0x00000375
-CKM_TLS_KEY_AND_MAC_DERIVE = 0x00000376
-CKM_TLS_MASTER_KEY_DERIVE_DH = 0x00000377
-CKM_TLS_PRF = 0x00000378
-CKM_SSL3_MD5_MAC = 0x00000380
-CKM_SSL3_SHA1_MAC = 0x00000381
-CKM_MD5_KEY_DERIVATION = 0x00000390
-CKM_MD2_KEY_DERIVATION = 0x00000391
-CKM_SHA1_KEY_DERIVATION = 0x00000392
-CKM_SHA256_KEY_DERIVATION = 0x00000393
-CKM_SHA384_KEY_DERIVATION = 0x00000394
-CKM_SHA512_KEY_DERIVATION = 0x00000395
-CKM_SHA224_KEY_DERIVATION = 0x00000396
-CKM_PBE_MD2_DES_CBC = 0x000003A0
-CKM_PBE_MD5_DES_CBC = 0x000003A1
-CKM_PBE_MD5_CAST_CBC = 0x000003A2
-CKM_PBE_MD5_CAST3_CBC = 0x000003A3
-CKM_PBE_MD5_CAST5_CBC = 0x000003A4
-CKM_PBE_MD5_CAST128_CBC = 0x000003A4
-CKM_PBE_SHA1_CAST5_CBC = 0x000003A5
-CKM_PBE_SHA1_CAST128_CBC = 0x000003A5
-CKM_PBE_SHA1_RC4_128 = 0x000003A6
-CKM_PBE_SHA1_RC4_40 = 0x000003A7
-CKM_PBE_SHA1_DES3_EDE_CBC = 0x000003A8
-CKM_PBE_SHA1_DES2_EDE_CBC = 0x000003A9
-CKM_PBE_SHA1_RC2_128_CBC = 0x000003AA
-CKM_PBE_SHA1_RC2_40_CBC = 0x000003AB
-CKM_PKCS5_PBKD2 = 0x000003B0
-CKM_PBA_SHA1_WITH_SHA1_HMAC = 0x000003C0
-CKM_WTLS_PRE_MASTER_KEY_GEN = 0x000003D0
-CKM_WTLS_MASTER_KEY_DERIVE = 0x000003D1
-CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC = 0x000003D2
-CKM_WTLS_PRF = 0x000003D3
-CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE = 0x000003D4
-CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE = 0x000003D5
-CKM_KEY_WRAP_LYNKS = 0x00000400
-CKM_KEY_WRAP_SET_OAEP = 0x00000401
-CKM_CMS_SIG = 0x00000500
-CKM_KIP_DERIVE = 0x00000510
-CKM_KIP_WRAP = 0x00000511
-CKM_KIP_MAC = 0x00000512
-CKM_CAMELLIA_KEY_GEN = 0x00000550
-CKM_CAMELLIA_ECB = 0x00000551
-CKM_CAMELLIA_CBC = 0x00000552
-CKM_CAMELLIA_MAC = 0x00000553
-CKM_CAMELLIA_MAC_GENERAL = 0x00000554
-CKM_CAMELLIA_CBC_PAD = 0x00000555
-CKM_CAMELLIA_ECB_ENCRYPT_DATA = 0x00000556
-CKM_CAMELLIA_CBC_ENCRYPT_DATA = 0x00000557
-CKM_CAMELLIA_CTR = 0x00000558
-CKM_ARIA_KEY_GEN = 0x00000560
-CKM_ARIA_ECB = 0x00000561
-CKM_ARIA_CBC = 0x00000562
-CKM_ARIA_MAC = 0x00000563
-CKM_ARIA_MAC_GENERAL = 0x00000564
-CKM_ARIA_CBC_PAD = 0x00000565
-CKM_ARIA_ECB_ENCRYPT_DATA = 0x00000566
-CKM_ARIA_CBC_ENCRYPT_DATA = 0x00000567
-CKM_SEED_KEY_GEN = 0x00000650
-CKM_SEED_ECB = 0x00000651
-CKM_SEED_CBC = 0x00000652
-CKM_SEED_MAC = 0x00000653
-CKM_SEED_MAC_GENERAL = 0x00000654
-CKM_SEED_CBC_PAD = 0x00000655
-CKM_SEED_ECB_ENCRYPT_DATA = 0x00000656
-CKM_SEED_CBC_ENCRYPT_DATA = 0x00000657
-CKM_SKIPJACK_KEY_GEN = 0x00001000
-CKM_SKIPJACK_ECB64 = 0x00001001
-CKM_SKIPJACK_CBC64 = 0x00001002
-CKM_SKIPJACK_OFB64 = 0x00001003
-CKM_SKIPJACK_CFB64 = 0x00001004
-CKM_SKIPJACK_CFB32 = 0x00001005
-CKM_SKIPJACK_CFB16 = 0x00001006
-CKM_SKIPJACK_CFB8 = 0x00001007
-CKM_SKIPJACK_WRAP = 0x00001008
-CKM_SKIPJACK_PRIVATE_WRAP = 0x00001009
-CKM_SKIPJACK_RELAYX = 0x0000100a
-CKM_KEA_KEY_PAIR_GEN = 0x00001010
-CKM_KEA_KEY_DERIVE = 0x00001011
-CKM_FORTEZZA_TIMESTAMP = 0x00001020
-CKM_BATON_KEY_GEN = 0x00001030
-CKM_BATON_ECB128 = 0x00001031
+CKM_MD2_HMAC = 0x00000201
+CKM_MD2_HMAC_GENERAL = 0x00000202
+CKM_MD5 = 0x00000210
+CKM_MD5_HMAC = 0x00000211
+CKM_MD5_HMAC_GENERAL = 0x00000212
+CKM_SHA_1 = 0x00000220
+CKM_SHA_1_HMAC = 0x00000221
+CKM_SHA_1_HMAC_GENERAL = 0x00000222
+CKM_RIPEMD128 = 0x00000230
+CKM_RIPEMD128_HMAC = 0x00000231
+CKM_RIPEMD128_HMAC_GENERAL = 0x00000232
+CKM_RIPEMD160 = 0x00000240
+CKM_RIPEMD160_HMAC = 0x00000241
+CKM_RIPEMD160_HMAC_GENERAL = 0x00000242
+CKM_SHA256 = 0x00000250
+CKM_SHA256_HMAC = 0x00000251
+CKM_SHA256_HMAC_GENERAL = 0x00000252
+CKM_SHA224 = 0x00000255
+CKM_SHA224_HMAC = 0x00000256
+CKM_SHA224_HMAC_GENERAL = 0x00000257
+CKM_SHA384 = 0x00000260
+CKM_SHA384_HMAC = 0x00000261
+CKM_SHA384_HMAC_GENERAL = 0x00000262
+CKM_SHA512 = 0x00000270
+CKM_SHA512_HMAC = 0x00000271
+CKM_SHA512_HMAC_GENERAL = 0x00000272
+CKM_SECURID_KEY_GEN = 0x00000280
+CKM_SECURID = 0x00000282
+CKM_HOTP_KEY_GEN = 0x00000290
+CKM_HOTP = 0x00000291
+CKM_ACTI = 0x000002A0
+CKM_ACTI_KEY_GEN = 0x000002A1
+CKM_CAST_KEY_GEN = 0x00000300
+CKM_CAST_ECB = 0x00000301
+CKM_CAST_CBC = 0x00000302
+CKM_CAST_MAC = 0x00000303
+CKM_CAST_MAC_GENERAL = 0x00000304
+CKM_CAST_CBC_PAD = 0x00000305
+CKM_CAST3_KEY_GEN = 0x00000310
+CKM_CAST3_ECB = 0x00000311
+CKM_CAST3_CBC = 0x00000312
+CKM_CAST3_MAC = 0x00000313
+CKM_CAST3_MAC_GENERAL = 0x00000314
+CKM_CAST3_CBC_PAD = 0x00000315
+CKM_CAST5_KEY_GEN = 0x00000320
+CKM_CAST128_KEY_GEN = 0x00000320
+CKM_CAST5_ECB = 0x00000321
+CKM_CAST128_ECB = 0x00000321
+CKM_CAST5_CBC = 0x00000322
+CKM_CAST128_CBC = 0x00000322
+CKM_CAST5_MAC = 0x00000323
+CKM_CAST128_MAC = 0x00000323
+CKM_CAST5_MAC_GENERAL = 0x00000324
+CKM_CAST128_MAC_GENERAL = 0x00000324
+CKM_CAST5_CBC_PAD = 0x00000325
+CKM_CAST128_CBC_PAD = 0x00000325
+CKM_RC5_KEY_GEN = 0x00000330
+CKM_RC5_ECB = 0x00000331
+CKM_RC5_CBC = 0x00000332
+CKM_RC5_MAC = 0x00000333
+CKM_RC5_MAC_GENERAL = 0x00000334
+CKM_RC5_CBC_PAD = 0x00000335
+CKM_IDEA_KEY_GEN = 0x00000340
+CKM_IDEA_ECB = 0x00000341
+CKM_IDEA_CBC = 0x00000342
+CKM_IDEA_MAC = 0x00000343
+CKM_IDEA_MAC_GENERAL = 0x00000344
+CKM_IDEA_CBC_PAD = 0x00000345
+CKM_GENERIC_SECRET_KEY_GEN = 0x00000350
+CKM_CONCATENATE_BASE_AND_KEY = 0x00000360
+CKM_CONCATENATE_BASE_AND_DATA = 0x00000362
+CKM_CONCATENATE_DATA_AND_BASE = 0x00000363
+CKM_XOR_BASE_AND_DATA = 0x00000364
+CKM_EXTRACT_KEY_FROM_KEY = 0x00000365
+CKM_SSL3_PRE_MASTER_KEY_GEN = 0x00000370
+CKM_SSL3_MASTER_KEY_DERIVE = 0x00000371
+CKM_SSL3_KEY_AND_MAC_DERIVE = 0x00000372
+CKM_SSL3_MASTER_KEY_DERIVE_DH = 0x00000373
+CKM_TLS_PRE_MASTER_KEY_GEN = 0x00000374
+CKM_TLS_MASTER_KEY_DERIVE = 0x00000375
+CKM_TLS_KEY_AND_MAC_DERIVE = 0x00000376
+CKM_TLS_MASTER_KEY_DERIVE_DH = 0x00000377
+CKM_TLS_PRF = 0x00000378
+CKM_SSL3_MD5_MAC = 0x00000380
+CKM_SSL3_SHA1_MAC = 0x00000381
+CKM_MD5_KEY_DERIVATION = 0x00000390
+CKM_MD2_KEY_DERIVATION = 0x00000391
+CKM_SHA1_KEY_DERIVATION = 0x00000392
+CKM_SHA256_KEY_DERIVATION = 0x00000393
+CKM_SHA384_KEY_DERIVATION = 0x00000394
+CKM_SHA512_KEY_DERIVATION = 0x00000395
+CKM_SHA224_KEY_DERIVATION = 0x00000396
+CKM_PBE_MD2_DES_CBC = 0x000003A0
+CKM_PBE_MD5_DES_CBC = 0x000003A1
+CKM_PBE_MD5_CAST_CBC = 0x000003A2
+CKM_PBE_MD5_CAST3_CBC = 0x000003A3
+CKM_PBE_MD5_CAST5_CBC = 0x000003A4
+CKM_PBE_MD5_CAST128_CBC = 0x000003A4
+CKM_PBE_SHA1_CAST5_CBC = 0x000003A5
+CKM_PBE_SHA1_CAST128_CBC = 0x000003A5
+CKM_PBE_SHA1_RC4_128 = 0x000003A6
+CKM_PBE_SHA1_RC4_40 = 0x000003A7
+CKM_PBE_SHA1_DES3_EDE_CBC = 0x000003A8
+CKM_PBE_SHA1_DES2_EDE_CBC = 0x000003A9
+CKM_PBE_SHA1_RC2_128_CBC = 0x000003AA
+CKM_PBE_SHA1_RC2_40_CBC = 0x000003AB
+CKM_PKCS5_PBKD2 = 0x000003B0
+CKM_PBA_SHA1_WITH_SHA1_HMAC = 0x000003C0
+CKM_WTLS_PRE_MASTER_KEY_GEN = 0x000003D0
+CKM_WTLS_MASTER_KEY_DERIVE = 0x000003D1
+CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC = 0x000003D2
+CKM_WTLS_PRF = 0x000003D3
+CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE = 0x000003D4
+CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE = 0x000003D5
+CKM_KEY_WRAP_LYNKS = 0x00000400
+CKM_KEY_WRAP_SET_OAEP = 0x00000401
+CKM_CMS_SIG = 0x00000500
+CKM_KIP_DERIVE = 0x00000510
+CKM_KIP_WRAP = 0x00000511
+CKM_KIP_MAC = 0x00000512
+CKM_CAMELLIA_KEY_GEN = 0x00000550
+CKM_CAMELLIA_ECB = 0x00000551
+CKM_CAMELLIA_CBC = 0x00000552
+CKM_CAMELLIA_MAC = 0x00000553
+CKM_CAMELLIA_MAC_GENERAL = 0x00000554
+CKM_CAMELLIA_CBC_PAD = 0x00000555
+CKM_CAMELLIA_ECB_ENCRYPT_DATA = 0x00000556
+CKM_CAMELLIA_CBC_ENCRYPT_DATA = 0x00000557
+CKM_CAMELLIA_CTR = 0x00000558
+CKM_ARIA_KEY_GEN = 0x00000560
+CKM_ARIA_ECB = 0x00000561
+CKM_ARIA_CBC = 0x00000562
+CKM_ARIA_MAC = 0x00000563
+CKM_ARIA_MAC_GENERAL = 0x00000564
+CKM_ARIA_CBC_PAD = 0x00000565
+CKM_ARIA_ECB_ENCRYPT_DATA = 0x00000566
+CKM_ARIA_CBC_ENCRYPT_DATA = 0x00000567
+CKM_SEED_KEY_GEN = 0x00000650
+CKM_SEED_ECB = 0x00000651
+CKM_SEED_CBC = 0x00000652
+CKM_SEED_MAC = 0x00000653
+CKM_SEED_MAC_GENERAL = 0x00000654
+CKM_SEED_CBC_PAD = 0x00000655
+CKM_SEED_ECB_ENCRYPT_DATA = 0x00000656
+CKM_SEED_CBC_ENCRYPT_DATA = 0x00000657
+CKM_SKIPJACK_KEY_GEN = 0x00001000
+CKM_SKIPJACK_ECB64 = 0x00001001
+CKM_SKIPJACK_CBC64 = 0x00001002
+CKM_SKIPJACK_OFB64 = 0x00001003
+CKM_SKIPJACK_CFB64 = 0x00001004
+CKM_SKIPJACK_CFB32 = 0x00001005
+CKM_SKIPJACK_CFB16 = 0x00001006
+CKM_SKIPJACK_CFB8 = 0x00001007
+CKM_SKIPJACK_WRAP = 0x00001008
+CKM_SKIPJACK_PRIVATE_WRAP = 0x00001009
+CKM_SKIPJACK_RELAYX = 0x0000100a
+CKM_KEA_KEY_PAIR_GEN = 0x00001010
+CKM_KEA_KEY_DERIVE = 0x00001011
+CKM_FORTEZZA_TIMESTAMP = 0x00001020
+CKM_BATON_KEY_GEN = 0x00001030
+CKM_BATON_ECB128 = 0x00001031
CKM_BATON_ECB96 = 0x00001032
-CKM_BATON_CBC128 = 0x00001033
-CKM_BATON_COUNTER = 0x00001034
-CKM_BATON_SHUFFLE = 0x00001035
+CKM_BATON_CBC128 = 0x00001033
+CKM_BATON_COUNTER = 0x00001034
+CKM_BATON_SHUFFLE = 0x00001035
CKM_BATON_WRAP = 0x00001036
-CKM_ECDSA_KEY_PAIR_GEN = 0x00001040
-CKM_EC_KEY_PAIR_GEN = 0x00001040
-CKM_ECDSA = 0x00001041
-CKM_ECDSA_SHA1 = 0x00001042
-CKM_ECDSA_SHA224 = 0x00001043
-CKM_ECDSA_SHA256 = 0x00001044
-CKM_ECDSA_SHA384 = 0x00001045
-CKM_ECDSA_SHA512 = 0x00001046
-CKM_ECDH1_DERIVE = 0x00001050
-CKM_ECDH1_COFACTOR_DERIVE = 0x00001051
-CKM_ECMQV_DERIVE = 0x00001052
-CKM_JUNIPER_KEY_GEN = 0x00001060
-CKM_JUNIPER_ECB128 = 0x00001061
-CKM_JUNIPER_CBC128 = 0x00001062
-CKM_JUNIPER_COUNTER = 0x00001063
-CKM_JUNIPER_SHUFFLE = 0x00001064
-CKM_JUNIPER_WRAP = 0x00001065
-CKM_FASTHASH = 0x00001070
-CKM_AES_KEY_GEN = 0x00001080
-CKM_AES_ECB = 0x00001081
-CKM_AES_CBC = 0x00001082
-CKM_AES_MAC = 0x00001083
-CKM_AES_MAC_GENERAL = 0x00001084
-CKM_AES_CBC_PAD = 0x00001085
-CKM_AES_CTR = 0x00001086
-CKM_AES_CTS = 0x00001089
-CKM_AES_CMAC = 0x0000108A
-CKM_AES_CMAC_GENERAL = 0x0000108B
-CKM_BLOWFISH_KEY_GEN = 0x00001090
-CKM_BLOWFISH_CBC = 0x00001091
-CKM_TWOFISH_KEY_GEN = 0x00001092
-CKM_TWOFISH_CBC = 0x00001093
-CKM_AES_GCM = 0x00001087
-CKM_AES_CCM = 0x00001088
-CKM_AES_KEY_WRAP = 0x00001090
-CKM_AES_KEY_WRAP_PAD = 0x00001091
-CKM_BLOWFISH_CBC_PAD = 0x00001094
-CKM_TWOFISH_CBC_PAD = 0x00001095
-CKM_DES_ECB_ENCRYPT_DATA = 0x00001100
-CKM_DES_CBC_ENCRYPT_DATA = 0x00001101
-CKM_DES3_ECB_ENCRYPT_DATA = 0x00001102
-CKM_DES3_CBC_ENCRYPT_DATA = 0x00001103
-CKM_AES_ECB_ENCRYPT_DATA = 0x00001104
-CKM_AES_CBC_ENCRYPT_DATA = 0x00001105
-CKM_GOSTR3410_KEY_PAIR_GEN = 0x00001200
+CKM_ECDSA_KEY_PAIR_GEN = 0x00001040
+CKM_EC_KEY_PAIR_GEN = 0x00001040
+CKM_ECDSA = 0x00001041
+CKM_ECDSA_SHA1 = 0x00001042
+CKM_ECDSA_SHA224 = 0x00001043
+CKM_ECDSA_SHA256 = 0x00001044
+CKM_ECDSA_SHA384 = 0x00001045
+CKM_ECDSA_SHA512 = 0x00001046
+CKM_ECDH1_DERIVE = 0x00001050
+CKM_ECDH1_COFACTOR_DERIVE = 0x00001051
+CKM_ECMQV_DERIVE = 0x00001052
+CKM_JUNIPER_KEY_GEN = 0x00001060
+CKM_JUNIPER_ECB128 = 0x00001061
+CKM_JUNIPER_CBC128 = 0x00001062
+CKM_JUNIPER_COUNTER = 0x00001063
+CKM_JUNIPER_SHUFFLE = 0x00001064
+CKM_JUNIPER_WRAP = 0x00001065
+CKM_FASTHASH = 0x00001070
+CKM_AES_KEY_GEN = 0x00001080
+CKM_AES_ECB = 0x00001081
+CKM_AES_CBC = 0x00001082
+CKM_AES_MAC = 0x00001083
+CKM_AES_MAC_GENERAL = 0x00001084
+CKM_AES_CBC_PAD = 0x00001085
+CKM_AES_CTR = 0x00001086
+CKM_AES_CTS = 0x00001089
+CKM_AES_CMAC = 0x0000108A
+CKM_AES_CMAC_GENERAL = 0x0000108B
+CKM_BLOWFISH_KEY_GEN = 0x00001090
+CKM_BLOWFISH_CBC = 0x00001091
+CKM_TWOFISH_KEY_GEN = 0x00001092
+CKM_TWOFISH_CBC = 0x00001093
+CKM_AES_GCM = 0x00001087
+CKM_AES_CCM = 0x00001088
+CKM_AES_KEY_WRAP = 0x00001090
+CKM_AES_KEY_WRAP_PAD = 0x00001091
+CKM_BLOWFISH_CBC_PAD = 0x00001094
+CKM_TWOFISH_CBC_PAD = 0x00001095
+CKM_DES_ECB_ENCRYPT_DATA = 0x00001100
+CKM_DES_CBC_ENCRYPT_DATA = 0x00001101
+CKM_DES3_ECB_ENCRYPT_DATA = 0x00001102
+CKM_DES3_CBC_ENCRYPT_DATA = 0x00001103
+CKM_AES_ECB_ENCRYPT_DATA = 0x00001104
+CKM_AES_CBC_ENCRYPT_DATA = 0x00001105
+CKM_GOSTR3410_KEY_PAIR_GEN = 0x00001200
CKM_GOSTR3410 = 0x00001201
-CKM_GOSTR3410_WITH_GOSTR3411 = 0x00001202
-CKM_GOSTR3410_KEY_WRAP = 0x00001203
-CKM_GOSTR3410_DERIVE = 0x00001204
+CKM_GOSTR3410_WITH_GOSTR3411 = 0x00001202
+CKM_GOSTR3410_KEY_WRAP = 0x00001203
+CKM_GOSTR3410_DERIVE = 0x00001204
CKM_GOSTR3411 = 0x00001210
-CKM_GOSTR3411_HMAC = 0x00001211
-CKM_GOST28147_KEY_GEN = 0x00001220
-CKM_GOST28147_ECB = 0x00001221
-CKM_GOST28147 = 0x00001222
-CKM_GOST28147_MAC = 0x00001223
-CKM_GOST28147_KEY_WRAP = 0x00001224
-CKM_DSA_PARAMETER_GEN = 0x00002000
-CKM_DH_PKCS_PARAMETER_GEN = 0x00002001
-CKM_X9_42_DH_PARAMETER_GEN = 0x00002002
+CKM_GOSTR3411_HMAC = 0x00001211
+CKM_GOST28147_KEY_GEN = 0x00001220
+CKM_GOST28147_ECB = 0x00001221
+CKM_GOST28147 = 0x00001222
+CKM_GOST28147_MAC = 0x00001223
+CKM_GOST28147_KEY_WRAP = 0x00001224
+CKM_DSA_PARAMETER_GEN = 0x00002000
+CKM_DH_PKCS_PARAMETER_GEN = 0x00002001
+CKM_X9_42_DH_PARAMETER_GEN = 0x00002002
CKM_AES_OFB = 0x00002104
-CKM_AES_CFB64 = 0x00002105
-CKM_AES_CFB8 = 0x00002106
-CKM_AES_CFB128 = 0x00002107
-CKM_RSA_PKCS_TPM_1_1 = 0x00004001
-CKM_RSA_PKCS_OAEP_TPM_1_1 = 0x00004002
-CKM_VENDOR_DEFINED = 0x80000000
+CKM_AES_CFB64 = 0x00002105
+CKM_AES_CFB8 = 0x00002106
+CKM_AES_CFB128 = 0x00002107
+CKM_RSA_PKCS_TPM_1_1 = 0x00004001
+CKM_RSA_PKCS_OAEP_TPM_1_1 = 0x00004002
+CKM_VENDOR_DEFINED = 0x80000000
-CKF_HW = 0x00000001
-CKF_ENCRYPT = 0x00000100
-CKF_DECRYPT = 0x00000200
+CKF_HW = 0x00000001
+CKF_ENCRYPT = 0x00000100
+CKF_DECRYPT = 0x00000200
CKF_DIGEST = 0x00000400
CKF_SIGN = 0x00000800
-CKF_SIGN_RECOVER = 0x00001000
-CKF_VERIFY = 0x00002000
-CKF_VERIFY_RECOVER = 0x00004000
-CKF_GENERATE = 0x00008000
-CKF_GENERATE_KEY_PAIR = 0x00010000
-CKF_WRAP = 0x00020000
+CKF_SIGN_RECOVER = 0x00001000
+CKF_VERIFY = 0x00002000
+CKF_VERIFY_RECOVER = 0x00004000
+CKF_GENERATE = 0x00008000
+CKF_GENERATE_KEY_PAIR = 0x00010000
+CKF_WRAP = 0x00020000
CKF_UNWRAP = 0x00040000
-CKF_DERIVE = 0x00080000
-CKF_EC_F_P = 0x00100000
-CKF_EC_F_2M = 0x00200000
-CKF_EC_ECPARAMETERS = 0x00400000
-CKF_EC_NAMEDCURVE = 0x00800000
-CKF_EC_UNCOMPRESS = 0x01000000
-CKF_EC_COMPRESS = 0x02000000
-CKF_EXTENSION = 0x80000000
+CKF_DERIVE = 0x00080000
+CKF_EC_F_P = 0x00100000
+CKF_EC_F_2M = 0x00200000
+CKF_EC_ECPARAMETERS = 0x00400000
+CKF_EC_NAMEDCURVE = 0x00800000
+CKF_EC_UNCOMPRESS = 0x01000000
+CKF_EC_COMPRESS = 0x02000000
+CKF_EXTENSION = 0x80000000
-CKF_LIBRARY_CANT_CREATE_OS_THREADS = 0x00000001
-CKF_OS_LOCKING_OK = 0x00000002
+CKF_LIBRARY_CANT_CREATE_OS_THREADS = 0x00000001
+CKF_OS_LOCKING_OK = 0x00000002
CKF_DONT_BLOCK = 1
CKG_MGF1_SHA1 = 0x00000001
CKG_MGF1_SHA256 = 0x00000002
-CKG_MGF1_SHA384 = 0x00000003
-CKG_MGF1_SHA512 = 0x00000004
-CKG_MGF1_SHA224 = 0x00000005
+CKG_MGF1_SHA384 = 0x00000003
+CKG_MGF1_SHA512 = 0x00000004
+CKG_MGF1_SHA224 = 0x00000005
-CKZ_DATA_SPECIFIED = 0x00000001
+CKZ_DATA_SPECIFIED = 0x00000001
CKD_NULL = 0x00000001
-CKD_SHA1_KDF = 0x00000002
+CKD_SHA1_KDF = 0x00000002
-CKD_SHA1_KDF_ASN1 = 0x00000003
-CKD_SHA1_KDF_CONCATENATE = 0x00000004
-CKD_SHA224_KDF = 0x00000005
-CKD_SHA256_KDF = 0x00000006
-CKD_SHA384_KDF = 0x00000007
-CKD_SHA512_KDF = 0x00000008
-CKD_CPDIVERSIFY_KDF = 0x00000009
+CKD_SHA1_KDF_ASN1 = 0x00000003
+CKD_SHA1_KDF_CONCATENATE = 0x00000004
+CKD_SHA224_KDF = 0x00000005
+CKD_SHA256_KDF = 0x00000006
+CKD_SHA384_KDF = 0x00000007
+CKD_SHA512_KDF = 0x00000008
+CKD_CPDIVERSIFY_KDF = 0x00000009
CK_OTP_VALUE = 0
CK_OTP_PIN = 1
-CK_OTP_CHALLENGE = 2
+CK_OTP_CHALLENGE = 2
CK_OTP_TIME = 3
CK_OTP_COUNTER = 4
-CK_OTP_FLAGS = 5
-CK_OTP_OUTPUT_LENGTH = 6
-CK_OTP_OUTPUT_FORMAT = 7
+CK_OTP_FLAGS = 5
+CK_OTP_OUTPUT_LENGTH = 6
+CK_OTP_OUTPUT_FORMAT = 7
-CKF_NEXT_OTP = 0x00000001
-CKF_EXCLUDE_TIME = 0x00000002
-CKF_EXCLUDE_COUNTER = 0x00000004
-CKF_EXCLUDE_CHALLENGE = 0x00000008
-CKF_EXCLUDE_PIN = 0x00000010
-CKF_USER_FRIENDLY_OTP = 0x00000020
+CKF_NEXT_OTP = 0x00000001
+CKF_EXCLUDE_TIME = 0x00000002
+CKF_EXCLUDE_COUNTER = 0x00000004
+CKF_EXCLUDE_CHALLENGE = 0x00000008
+CKF_EXCLUDE_PIN = 0x00000010
+CKF_USER_FRIENDLY_OTP = 0x00000020
diff --git a/cryptech/py11/exceptions.py b/cryptech/py11/exceptions.py
index 9512cda..7cfbe3f 100644
--- a/cryptech/py11/exceptions.py
+++ b/cryptech/py11/exceptions.py
@@ -18,116 +18,116 @@
# warranty of any kind.
class CKR_Exception(Exception):
- """
- Base class for PKCS #11 exceptions.
- """
+ """
+ Base class for PKCS #11 exceptions.
+ """
- ckr_code = None
- ckr_map = {}
+ ckr_code = None
+ ckr_map = {}
- def __int__(self):
- return self.ckr_code
+ def __int__(self):
+ return self.ckr_code
- @classmethod
- def raise_on_failure(cls, rv, func, *args):
- if rv != CKR_OK:
- raise cls.ckr_map[rv]
+ @classmethod
+ def raise_on_failure(cls, rv, func, *args):
+ if rv != CKR_OK:
+ raise cls.ckr_map[rv]
CKR_OK = 0x00000000
-class CKR_CANCEL (CKR_Exception): ckr_code = 0x00000001
-class CKR_HOST_MEMORY (CKR_Exception): ckr_code = 0x00000002
-class CKR_SLOT_ID_INVALI (CKR_Exception): ckr_code = 0x00000003
-class CKR_GENERAL_ERROR (CKR_Exception): ckr_code = 0x00000005
-class CKR_FUNCTION_FAILED (CKR_Exception): ckr_code = 0x00000006
+class CKR_CANCEL (CKR_Exception): ckr_code = 0x00000001
+class CKR_HOST_MEMORY (CKR_Exception): ckr_code = 0x00000002
+class CKR_SLOT_ID_INVALI (CKR_Exception): ckr_code = 0x00000003
+class CKR_GENERAL_ERROR (CKR_Exception): ckr_code = 0x00000005
+class CKR_FUNCTION_FAILED (CKR_Exception): ckr_code = 0x00000006
class CKR_ARGUMENTS_BAD (CKR_Exception): ckr_code = 0x00000007
-class CKR_NO_EVENT (CKR_Exception): ckr_code = 0x00000008
-class CKR_NEED_TO_CREATE_THREADS (CKR_Exception): ckr_code = 0x00000009
-class CKR_CANT_LOCK (CKR_Exception): ckr_code = 0x0000000A
-class CKR_ATTRIBUTE_READ_ONLY (CKR_Exception): ckr_code = 0x00000010
-class CKR_ATTRIBUTE_SENSITIVE (CKR_Exception): ckr_code = 0x00000011
-class CKR_ATTRIBUTE_TYPE_INVALID (CKR_Exception): ckr_code = 0x00000012
-class CKR_ATTRIBUTE_VALUE_INVALID (CKR_Exception): ckr_code = 0x00000013
-class CKR_DATA_INVALID (CKR_Exception): ckr_code = 0x00000020
-class CKR_DATA_LEN_RANGE (CKR_Exception): ckr_code = 0x00000021
-class CKR_DEVICE_ERROR (CKR_Exception): ckr_code = 0x00000030
-class CKR_DEVICE_MEMORY (CKR_Exception): ckr_code = 0x00000031
-class CKR_DEVICE_REMOVED (CKR_Exception): ckr_code = 0x00000032
-class CKR_ENCRYPTED_DATA_INVALID (CKR_Exception): ckr_code = 0x00000040
-class CKR_ENCRYPTED_DATA_LEN_RANGE (CKR_Exception): ckr_code = 0x00000041
-class CKR_FUNCTION_CANCELED (CKR_Exception): ckr_code = 0x00000050
-class CKR_FUNCTION_NOT_PARALLEL (CKR_Exception): ckr_code = 0x00000051
-class CKR_FUNCTION_NOT_SUPPORTED (CKR_Exception): ckr_code = 0x00000054
-class CKR_KEY_HANDLE_INVALID (CKR_Exception): ckr_code = 0x00000060
-class CKR_KEY_SIZE_RANGE (CKR_Exception): ckr_code = 0x00000062
-class CKR_KEY_TYPE_INCONSISTENT (CKR_Exception): ckr_code = 0x00000063
-class CKR_KEY_NOT_NEEDED (CKR_Exception): ckr_code = 0x00000064
-class CKR_KEY_CHANGED (CKR_Exception): ckr_code = 0x00000065
-class CKR_KEY_NEEDED (CKR_Exception): ckr_code = 0x00000066
-class CKR_KEY_INDIGESTIBLE (CKR_Exception): ckr_code = 0x00000067
-class CKR_KEY_FUNCTION_NOT_PERMITTED (CKR_Exception): ckr_code = 0x00000068
-class CKR_KEY_NOT_WRAPPABLE (CKR_Exception): ckr_code = 0x00000069
-class CKR_KEY_UNEXTRACTABLE (CKR_Exception): ckr_code = 0x0000006A
-class CKR_MECHANISM_INVALID (CKR_Exception): ckr_code = 0x00000070
-class CKR_MECHANISM_PARAM_INVALID (CKR_Exception): ckr_code = 0x00000071
-class CKR_OBJECT_HANDLE_INVALID (CKR_Exception): ckr_code = 0x00000082
-class CKR_OPERATION_ACTIVE (CKR_Exception): ckr_code = 0x00000090
-class CKR_OPERATION_NOT_INITIALIZED (CKR_Exception): ckr_code = 0x00000091
-class CKR_PIN_INCORRECT (CKR_Exception): ckr_code = 0x000000A0
-class CKR_PIN_INVALID (CKR_Exception): ckr_code = 0x000000A1
-class CKR_PIN_LEN_RANGE (CKR_Exception): ckr_code = 0x000000A2
-class CKR_PIN_EXPIRED (CKR_Exception): ckr_code = 0x000000A3
-class CKR_PIN_LOCKED (CKR_Exception): ckr_code = 0x000000A4
-class CKR_SESSION_CLOSED (CKR_Exception): ckr_code = 0x000000B0
-class CKR_SESSION_COUNT (CKR_Exception): ckr_code = 0x000000B1
-class CKR_SESSION_HANDLE_INVALID (CKR_Exception): ckr_code = 0x000000B3
-class CKR_SESSION_PARALLEL_NOT_SUPPORTED (CKR_Exception): ckr_code = 0x000000B4
-class CKR_SESSION_READ_ONLY (CKR_Exception): ckr_code = 0x000000B5
-class CKR_SESSION_EXISTS (CKR_Exception): ckr_code = 0x000000B6
-class CKR_SESSION_READ_ONLY_EXISTS (CKR_Exception): ckr_code = 0x000000B7
-class CKR_SESSION_READ_WRITE_SO_EXISTS (CKR_Exception): ckr_code = 0x000000B8
-class CKR_SIGNATURE_INVALID (CKR_Exception): ckr_code = 0x000000C0
-class CKR_SIGNATURE_LEN_RANGE (CKR_Exception): ckr_code = 0x000000C1
-class CKR_TEMPLATE_INCOMPLETE (CKR_Exception): ckr_code = 0x000000D0
-class CKR_TEMPLATE_INCONSISTENT (CKR_Exception): ckr_code = 0x000000D1
-class CKR_TOKEN_NOT_PRESENT (CKR_Exception): ckr_code = 0x000000E0
-class CKR_TOKEN_NOT_RECOGNIZED (CKR_Exception): ckr_code = 0x000000E1
-class CKR_TOKEN_WRITE_PROTECTED (CKR_Exception): ckr_code = 0x000000E2
-class CKR_UNWRAPPING_KEY_HANDLE_INVALID (CKR_Exception): ckr_code = 0x000000F0
-class CKR_UNWRAPPING_KEY_SIZE_RANGE (CKR_Exception): ckr_code = 0x000000F1
-class CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (CKR_Exception): ckr_code = 0x000000F2
-class CKR_USER_ALREADY_LOGGED_IN (CKR_Exception): ckr_code = 0x00000100
-class CKR_USER_NOT_LOGGED_IN (CKR_Exception): ckr_code = 0x00000101
-class CKR_USER_PIN_NOT_INITIALIZED (CKR_Exception): ckr_code = 0x00000102
-class CKR_USER_TYPE_INVALID (CKR_Exception): ckr_code = 0x00000103
-class CKR_USER_ANOTHER_ALREADY_LOGGED_IN (CKR_Exception): ckr_code = 0x00000104
-class CKR_USER_TOO_MANY_TYPES (CKR_Exception): ckr_code = 0x00000105
-class CKR_WRAPPED_KEY_INVALID (CKR_Exception): ckr_code = 0x00000110
-class CKR_WRAPPED_KEY_LEN_RANGE (CKR_Exception): ckr_code = 0x00000112
-class CKR_WRAPPING_KEY_HANDLE_INVALID (CKR_Exception): ckr_code = 0x00000113
-class CKR_WRAPPING_KEY_SIZE_RANGE (CKR_Exception): ckr_code = 0x00000114
-class CKR_WRAPPING_KEY_TYPE_INCONSISTENT (CKR_Exception): ckr_code = 0x00000115
-class CKR_RANDOM_SEED_NOT_SUPPORTED (CKR_Exception): ckr_code = 0x00000120
-class CKR_RANDOM_NO_RNG (CKR_Exception): ckr_code = 0x00000121
-class CKR_DOMAIN_PARAMS_INVALID (CKR_Exception): ckr_code = 0x00000130
-class CKR_BUFFER_TOO_SMALL (CKR_Exception): ckr_code = 0x00000150
-class CKR_SAVED_STATE_INVALID (CKR_Exception): ckr_code = 0x00000160
-class CKR_INFORMATION_SENSITIVE (CKR_Exception): ckr_code = 0x00000170
-class CKR_STATE_UNSAVEABLE (CKR_Exception): ckr_code = 0x00000180
-class CKR_CRYPTOKI_NOT_INITIALIZED (CKR_Exception): ckr_code = 0x00000190
-class CKR_CRYPTOKI_ALREADY_INITIALIZED (CKR_Exception): ckr_code = 0x00000191
-class CKR_MUTEX_BAD (CKR_Exception): ckr_code = 0x000001A0
-class CKR_MUTEX_NOT_LOCKED (CKR_Exception): ckr_code = 0x000001A1
-class CKR_NEW_PIN_MODE (CKR_Exception): ckr_code = 0x000001B0
-class CKR_NEXT_OTP (CKR_Exception): ckr_code = 0x000001B1
-class CKR_EXCEEDED_MAX_ITERATIONS (CKR_Exception): ckr_code = 0x000001B5
-class CKR_FIPS_SELF_TEST_FAILED (CKR_Exception): ckr_code = 0x000001B6
-class CKR_LIBRARY_LOAD_FAILED (CKR_Exception): ckr_code = 0x000001B7
-class CKR_PIN_TOO_WEAK (CKR_Exception): ckr_code = 0x000001B8
-class CKR_PUBLIC_KEY_INVALID (CKR_Exception): ckr_code = 0x000001B9
-class CKR_FUNCTION_REJECTED (CKR_Exception): ckr_code = 0x00000200
-class CKR_VENDOR_DEFINED (CKR_Exception): ckr_code = 0x80000000
+class CKR_NO_EVENT (CKR_Exception): ckr_code = 0x00000008
+class CKR_NEED_TO_CREATE_THREADS (CKR_Exception): ckr_code = 0x00000009
+class CKR_CANT_LOCK (CKR_Exception): ckr_code = 0x0000000A
+class CKR_ATTRIBUTE_READ_ONLY (CKR_Exception): ckr_code = 0x00000010
+class CKR_ATTRIBUTE_SENSITIVE (CKR_Exception): ckr_code = 0x00000011
+class CKR_ATTRIBUTE_TYPE_INVALID (CKR_Exception): ckr_code = 0x00000012
+class CKR_ATTRIBUTE_VALUE_INVALID (CKR_Exception): ckr_code = 0x00000013
+class CKR_DATA_INVALID (CKR_Exception): ckr_code = 0x00000020
+class CKR_DATA_LEN_RANGE (CKR_Exception): ckr_code = 0x00000021
+class CKR_DEVICE_ERROR (CKR_Exception): ckr_code = 0x00000030
+class CKR_DEVICE_MEMORY (CKR_Exception): ckr_code = 0x00000031
+class CKR_DEVICE_REMOVED (CKR_Exception): ckr_code = 0x00000032
+class CKR_ENCRYPTED_DATA_INVALID (CKR_Exception): ckr_code = 0x00000040
+class CKR_ENCRYPTED_DATA_LEN_RANGE (CKR_Exception): ckr_code = 0x00000041
+class CKR_FUNCTION_CANCELED (CKR_Exception): ckr_code = 0x00000050
+class CKR_FUNCTION_NOT_PARALLEL (CKR_Exception): ckr_code = 0x00000051
+class CKR_FUNCTION_NOT_SUPPORTED (CKR_Exception): ckr_code = 0x00000054
+class CKR_KEY_HANDLE_INVALID (CKR_Exception): ckr_code = 0x00000060
+class CKR_KEY_SIZE_RANGE (CKR_Exception): ckr_code = 0x00000062
+class CKR_KEY_TYPE_INCONSISTENT (CKR_Exception): ckr_code = 0x00000063
+class CKR_KEY_NOT_NEEDED (CKR_Exception): ckr_code = 0x00000064
+class CKR_KEY_CHANGED (CKR_Exception): ckr_code = 0x00000065
+class CKR_KEY_NEEDED (CKR_Exception): ckr_code = 0x00000066
+class CKR_KEY_INDIGESTIBLE (CKR_Exception): ckr_code = 0x00000067
+class CKR_KEY_FUNCTION_NOT_PERMITTED (CKR_Exception): ckr_code = 0x00000068
+class CKR_KEY_NOT_WRAPPABLE (CKR_Exception): ckr_code = 0x00000069
+class CKR_KEY_UNEXTRACTABLE (CKR_Exception): ckr_code = 0x0000006A
+class CKR_MECHANISM_INVALID (CKR_Exception): ckr_code = 0x00000070
+class CKR_MECHANISM_PARAM_INVALID (CKR_Exception): ckr_code = 0x00000071
+class CKR_OBJECT_HANDLE_INVALID (CKR_Exception): ckr_code = 0x00000082
+class CKR_OPERATION_ACTIVE (CKR_Exception): ckr_code = 0x00000090
+class CKR_OPERATION_NOT_INITIALIZED (CKR_Exception): ckr_code = 0x00000091
+class CKR_PIN_INCORRECT (CKR_Exception): ckr_code = 0x000000A0
+class CKR_PIN_INVALID (CKR_Exception): ckr_code = 0x000000A1
+class CKR_PIN_LEN_RANGE (CKR_Exception): ckr_code = 0x000000A2
+class CKR_PIN_EXPIRED (CKR_Exception): ckr_code = 0x000000A3
+class CKR_PIN_LOCKED (CKR_Exception): ckr_code = 0x000000A4
+class CKR_SESSION_CLOSED (CKR_Exception): ckr_code = 0x000000B0
+class CKR_SESSION_COUNT (CKR_Exception): ckr_code = 0x000000B1
+class CKR_SESSION_HANDLE_INVALID (CKR_Exception): ckr_code = 0x000000B3
+class CKR_SESSION_PARALLEL_NOT_SUPPORTED (CKR_Exception): ckr_code = 0x000000B4
+class CKR_SESSION_READ_ONLY (CKR_Exception): ckr_code = 0x000000B5
+class CKR_SESSION_EXISTS (CKR_Exception): ckr_code = 0x000000B6
+class CKR_SESSION_READ_ONLY_EXISTS (CKR_Exception): ckr_code = 0x000000B7
+class CKR_SESSION_READ_WRITE_SO_EXISTS (CKR_Exception): ckr_code = 0x000000B8
+class CKR_SIGNATURE_INVALID (CKR_Exception): ckr_code = 0x000000C0
+class CKR_SIGNATURE_LEN_RANGE (CKR_Exception): ckr_code = 0x000000C1
+class CKR_TEMPLATE_INCOMPLETE (CKR_Exception): ckr_code = 0x000000D0
+class CKR_TEMPLATE_INCONSISTENT (CKR_Exception): ckr_code = 0x000000D1
+class CKR_TOKEN_NOT_PRESENT (CKR_Exception): ckr_code = 0x000000E0
+class CKR_TOKEN_NOT_RECOGNIZED (CKR_Exception): ckr_code = 0x000000E1
+class CKR_TOKEN_WRITE_PROTECTED (CKR_Exception): ckr_code = 0x000000E2
+class CKR_UNWRAPPING_KEY_HANDLE_INVALID (CKR_Exception): ckr_code = 0x000000F0
+class CKR_UNWRAPPING_KEY_SIZE_RANGE (CKR_Exception): ckr_code = 0x000000F1
+class CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (CKR_Exception): ckr_code = 0x000000F2
+class CKR_USER_ALREADY_LOGGED_IN (CKR_Exception): ckr_code = 0x00000100
+class CKR_USER_NOT_LOGGED_IN (CKR_Exception): ckr_code = 0x00000101
+class CKR_USER_PIN_NOT_INITIALIZED (CKR_Exception): ckr_code = 0x00000102
+class CKR_USER_TYPE_INVALID (CKR_Exception): ckr_code = 0x00000103
+class CKR_USER_ANOTHER_ALREADY_LOGGED_IN (CKR_Exception): ckr_code = 0x00000104
+class CKR_USER_TOO_MANY_TYPES (CKR_Exception): ckr_code = 0x00000105
+class CKR_WRAPPED_KEY_INVALID (CKR_Exception): ckr_code = 0x00000110
+class CKR_WRAPPED_KEY_LEN_RANGE (CKR_Exception): ckr_code = 0x00000112
+class CKR_WRAPPING_KEY_HANDLE_INVALID (CKR_Exception): ckr_code = 0x00000113
+class CKR_WRAPPING_KEY_SIZE_RANGE (CKR_Exception): ckr_code = 0x00000114
+class CKR_WRAPPING_KEY_TYPE_INCONSISTENT (CKR_Exception): ckr_code = 0x00000115
+class CKR_RANDOM_SEED_NOT_SUPPORTED (CKR_Exception): ckr_code = 0x00000120
+class CKR_RANDOM_NO_RNG (CKR_Exception): ckr_code = 0x00000121
+class CKR_DOMAIN_PARAMS_INVALID (CKR_Exception): ckr_code = 0x00000130
+class CKR_BUFFER_TOO_SMALL (CKR_Exception): ckr_code = 0x00000150
+class CKR_SAVED_STATE_INVALID (CKR_Exception): ckr_code = 0x00000160
+class CKR_INFORMATION_SENSITIVE (CKR_Exception): ckr_code = 0x00000170
+class CKR_STATE_UNSAVEABLE (CKR_Exception): ckr_code = 0x00000180
+class CKR_CRYPTOKI_NOT_INITIALIZED (CKR_Exception): ckr_code = 0x00000190
+class CKR_CRYPTOKI_ALREADY_INITIALIZED (CKR_Exception): ckr_code = 0x00000191
+class CKR_MUTEX_BAD (CKR_Exception): ckr_code = 0x000001A0
+class CKR_MUTEX_NOT_LOCKED (CKR_Exception): ckr_code = 0x000001A1
+class CKR_NEW_PIN_MODE (CKR_Exception): ckr_code = 0x000001B0
+class CKR_NEXT_OTP (CKR_Exception): ckr_code = 0x000001B1
+class CKR_EXCEEDED_MAX_ITERATIONS (CKR_Exception): ckr_code = 0x000001B5
+class CKR_FIPS_SELF_TEST_FAILED (CKR_Exception): ckr_code = 0x000001B6
+class CKR_LIBRARY_LOAD_FAILED (CKR_Exception): ckr_code = 0x000001B7
+class CKR_PIN_TOO_WEAK (CKR_Exception): ckr_code = 0x000001B8
+class CKR_PUBLIC_KEY_INVALID (CKR_Exception): ckr_code = 0x000001B9
+class CKR_FUNCTION_REJECTED (CKR_Exception): ckr_code = 0x00000200
+class CKR_VENDOR_DEFINED (CKR_Exception): ckr_code = 0x80000000
-for e in globals().values():
- if isinstance(e, type) and issubclass(e, CKR_Exception) and e is not CKR_Exception:
- CKR_Exception.ckr_map[e.ckr_code] = e
+for e in list(globals().values()):
+ if isinstance(e, type) and issubclass(e, CKR_Exception) and e is not CKR_Exception:
+ CKR_Exception.ckr_map[e.ckr_code] = e
diff --git a/cryptech/py11/types.py b/cryptech/py11/types.py
index 91e2d8b..b5dc1e0 100644
--- a/cryptech/py11/types.py
+++ b/cryptech/py11/types.py
@@ -84,18 +84,18 @@ class CK_TOKEN_INFO (Structure):
("model", CK_UTF8CHAR * 16),
("serialNumber", CK_CHAR * 16),
("flags", CK_FLAGS),
- ("ulMaxSessionCount", CK_ULONG),
- ("ulSessionCount", CK_ULONG),
- ("ulMaxRwSessionCount", CK_ULONG),
- ("ulRwSessionCount", CK_ULONG),
+ ("ulMaxSessionCount", CK_ULONG),
+ ("ulSessionCount", CK_ULONG),
+ ("ulMaxRwSessionCount", CK_ULONG),
+ ("ulRwSessionCount", CK_ULONG),
("ulMaxPinLen", CK_ULONG),
("ulMinPinLen", CK_ULONG),
- ("ulTotalPublicMemory", CK_ULONG),
- ("ulFreePublicMemory", CK_ULONG),
+ ("ulTotalPublicMemory", CK_ULONG),
+ ("ulFreePublicMemory", CK_ULONG),
("ulTotalPrivateMemory",CK_ULONG),
- ("ulFreePrivateMemory", CK_ULONG),
- ("hardwareVersion", CK_VERSION),
- ("firmwareVersion", CK_VERSION),
+ ("ulFreePrivateMemory", CK_ULONG),
+ ("hardwareVersion", CK_VERSION),
+ ("firmwareVersion", CK_VERSION),
("utcTime", CK_CHAR * 16)]
CK_TOKEN_INFO_PTR = POINTER(CK_TOKEN_INFO)
diff --git a/unit_tests.py b/unit_tests.py
index 186daa9..512d648 100644
--- a/unit_tests.py
+++ b/unit_tests.py
@@ -23,6 +23,10 @@ try:
except ImportError:
pycrypto_loaded = False
+try:
+ long
+except NameError:
+ long = int
def log(msg):
if not args.quiet:
@@ -138,7 +142,7 @@ class TestDevice(TestCase):
"Test C_GetTokenInfo()"
token_info = p11.C_GetTokenInfo(args.slot)
self.assertIsInstance(token_info, CK_TOKEN_INFO)
- self.assertEqual(token_info.label.rstrip(), "Cryptech Token")
+ self.assertEqual(token_info.label.rstrip(), b"Cryptech Token")
def test_sessions_serial(self):
"Test C_OpenSession() for useful (serial) cases"
@@ -180,7 +184,7 @@ class TestDevice(TestCase):
session = p11.C_OpenSession(args.slot)
n = 17
random = p11.C_GenerateRandom(session, n)
- self.assertIsInstance(random, str)
+ self.assertIsInstance(random, bytes)
self.assertEqual(len(random), n)
def test_findObjects_operation_state(self):
@@ -189,7 +193,7 @@ class TestDevice(TestCase):
with self.assertRaises(CKR_OPERATION_NOT_INITIALIZED):
for handle in p11.C_FindObjects(session):
- self.assertIsInstance(handle, (int, int))
+ self.assertIsInstance(handle, (int, long))
with self.assertRaises(CKR_OPERATION_NOT_INITIALIZED):
p11.C_FindObjectsFinal(session)
@@ -200,7 +204,7 @@ class TestDevice(TestCase):
p11.C_FindObjectsInit(session, CKA_CLASS = CKO_PRIVATE_KEY)
for handle in p11.C_FindObjects(session):
- self.assertIsInstance(handle, (int, int))
+ self.assertIsInstance(handle, (int, long))
p11.C_FindObjectsFinal(session)
@@ -247,36 +251,36 @@ class TestKeys(TestCase):
self.assertIsKeypair(
p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN, CKA_TOKEN = False,
- CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256,
+ CKA_ID = b"EC-P256", CKA_EC_PARAMS = self.oid_p256,
CKA_SIGN = True, CKA_VERIFY = True))
self.assertIsKeypair(
p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN, CKA_TOKEN = True,
- CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256,
+ CKA_ID = b"EC-P256", CKA_EC_PARAMS = self.oid_p256,
CKA_SIGN = True, CKA_VERIFY = True))
self.assertIsKeypair(
p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN,
public_CKA_TOKEN = False, private_CKA_TOKEN = True,
- CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256,
+ CKA_ID = b"EC-P256", CKA_EC_PARAMS = self.oid_p256,
CKA_SIGN = True, CKA_VERIFY = True))
self.assertIsKeypair(
p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN,
public_CKA_TOKEN = True, private_CKA_TOKEN = False,
- CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256,
+ CKA_ID = b"EC-P256", CKA_EC_PARAMS = self.oid_p256,
CKA_SIGN = True, CKA_VERIFY = True))
def test_gen_sign_verify_ecdsa_p256_sha256(self):
"Generate/sign/verify with ECDSA-P256-SHA-256"
public_key, private_key = p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN,
- CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256,
+ CKA_ID = b"EC-P256", CKA_EC_PARAMS = self.oid_p256,
CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
self.assertIsKeypair(public_key, private_key)
- hamster = "Your mother was a hamster"
+ hamster = b"Your mother was a hamster"
p11.C_SignInit(self.session, CKM_ECDSA_SHA256, private_key)
sig = p11.C_Sign(self.session, hamster)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
p11.C_VerifyInit(self.session, CKM_ECDSA_SHA256, public_key)
p11.C_Verify(self.session, hamster, sig)
@@ -284,13 +288,13 @@ class TestKeys(TestCase):
"Generate/sign/verify with ECDSA-P384-SHA-384"
#if not args.all_tests: self.skipTest("SHA-384 not available in current build")
public_key, private_key = p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN,
- CKA_ID = "EC-P384", CKA_EC_PARAMS = self.oid_p384,
+ CKA_ID = b"EC-P384", CKA_EC_PARAMS = self.oid_p384,
CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
self.assertIsKeypair(public_key, private_key)
- hamster = "Your mother was a hamster"
+ hamster = b"Your mother was a hamster"
p11.C_SignInit(self.session, CKM_ECDSA_SHA384, private_key)
sig = p11.C_Sign(self.session, hamster)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
p11.C_VerifyInit(self.session, CKM_ECDSA_SHA384, public_key)
p11.C_Verify(self.session, hamster, sig)
@@ -298,13 +302,13 @@ class TestKeys(TestCase):
"Generate/sign/verify with ECDSA-P521-SHA-512"
#if not args.all_tests: self.skipTest("SHA-512 not available in current build")
public_key, private_key = p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN,
- CKA_ID = "EC-P521", CKA_EC_PARAMS = self.oid_p521,
+ CKA_ID = b"EC-P521", CKA_EC_PARAMS = self.oid_p521,
CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
self.assertIsKeypair(public_key, private_key)
- hamster = "Your mother was a hamster"
+ hamster = b"Your mother was a hamster"
p11.C_SignInit(self.session, CKM_ECDSA_SHA512, private_key)
sig = p11.C_Sign(self.session, hamster)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
p11.C_VerifyInit(self.session, CKM_ECDSA_SHA512, public_key)
p11.C_Verify(self.session, hamster, sig)
@@ -313,12 +317,12 @@ class TestKeys(TestCase):
"RSA 1024-bit generate/sign/verify test"
public_key, private_key = p11.C_GenerateKeyPair(
self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1024,
- CKA_ID = "RSA-1024", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
+ CKA_ID = b"RSA-1024", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
self.assertIsKeypair(public_key, private_key)
- hamster = "Your mother was a hamster"
+ hamster = b"Your mother was a hamster"
p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key)
sig = p11.C_Sign(self.session, hamster)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key)
p11.C_Verify(self.session, hamster, sig)
@@ -327,24 +331,24 @@ class TestKeys(TestCase):
#if not args.all_tests: self.skipTest("RSA key generation is still painfully slow")
public_key, private_key = p11.C_GenerateKeyPair(
self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 2048,
- CKA_ID = "RSA-2048", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
+ CKA_ID = b"RSA-2048", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
self.assertIsKeypair(public_key, private_key)
- hamster = "Your mother was a hamster"
+ hamster = b"Your mother was a hamster"
p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key)
sig = p11.C_Sign(self.session, hamster)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key)
p11.C_Verify(self.session, hamster, sig)
@staticmethod
def _build_ecpoint(x, y):
- bytes_per_coordinate = (max(x.bit_length(), y.bit_length()) + 15) / 16
+ bytes_per_coordinate = (max(x.bit_length(), y.bit_length()) + 15) // 16
value = b"\x04" + binascii.unhexlify("{0:0{2}x}{1:0{2}x}".format(x, y, bytes_per_coordinate))
if len(value) < 128:
- length = struct.pack("U", len(value))
+ length = struct.pack("B", len(value))
else:
n = len(value).bit_length()
- length = struct.pack("U", (n + 7) / 8) + binascii.unhexlify("{0:0{1}x}".format(len(value), (n + 15) / 16)))
+ length = struct.pack("B", (n + 7) // 8) + binascii.unhexlify("{0:0{1}x}".format(len(value), (n + 15) // 16))
tag = b"\x04"
return tag + length + value
@@ -359,8 +363,8 @@ class TestKeys(TestCase):
session = self.session,
CKA_CLASS = CKO_PUBLIC_KEY,
CKA_KEY_TYPE = CKK_EC,
- CKA_LABEL = "EC-P-256 test case from \"Suite B Implementer's Guide to FIPS 186-3\"",
- CKA_ID = "EC-P-256",
+ CKA_LABEL = b"EC-P-256 test case from \"Suite B Implementer's Guide to FIPS 186-3\"",
+ CKA_ID = b"EC-P-256",
CKA_VERIFY = True,
CKA_EC_POINT = Q,
CKA_EC_PARAMS = self.oid_p256)
@@ -379,8 +383,8 @@ class TestKeys(TestCase):
session = self.session,
CKA_CLASS = CKO_PUBLIC_KEY,
CKA_KEY_TYPE = CKK_EC,
- CKA_LABEL = "EC-P-384 test case from \"Suite B Implementer's Guide to FIPS 186-3\"",
- CKA_ID = "EC-P-384",
+ CKA_LABEL = b"EC-P-384 test case from \"Suite B Implementer's Guide to FIPS 186-3\"",
+ CKA_ID = b"EC-P-384",
CKA_VERIFY = True,
CKA_EC_POINT = Q,
CKA_EC_PARAMS = self.oid_p384)
@@ -392,13 +396,13 @@ class TestKeys(TestCase):
"Generate/sign/verify/destroy/reload/verify with ECDSA-P256-SHA-256"
public_key, private_key = p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN,
public_CKA_TOKEN = False, private_CKA_TOKEN = True,
- CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256,
+ CKA_ID = b"EC-P256", CKA_EC_PARAMS = self.oid_p256,
CKA_SIGN = True, CKA_VERIFY = True)
self.assertIsKeypair(public_key, private_key)
- hamster = "Your mother was a hamster"
+ hamster = b"Your mother was a hamster"
p11.C_SignInit(self.session, CKM_ECDSA_SHA256, private_key)
sig = p11.C_Sign(self.session, hamster)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
p11.C_VerifyInit(self.session, CKM_ECDSA_SHA256, public_key)
p11.C_Verify(self.session, hamster, sig)
@@ -419,7 +423,7 @@ class TestKeys(TestCase):
def _extract_rsa_public_key(self, handle):
a = p11.C_GetAttributeValue(self.session, handle, CKA_MODULUS, CKA_PUBLIC_EXPONENT)
- return RSA.construct((a[CKA_MODULUS], a[CKA_PUBLIC_EXPONENT]))
+ return RSA.construct((long(a[CKA_MODULUS]), long(a[CKA_PUBLIC_EXPONENT])))
def assertRawRSASignatureMatches(self, handle, plain, sig):
pubkey = self._extract_rsa_public_key(handle)
@@ -433,11 +437,11 @@ class TestKeys(TestCase):
tralala = b"tralala-en-hopsasa"
public_key, private_key = p11.C_GenerateKeyPair(
self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1024,
- CKA_ID = "RSA-1024", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
+ CKA_ID = b"RSA-1024", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
self.assertIsKeypair(public_key, private_key)
p11.C_SignInit(self.session, CKM_RSA_PKCS, private_key)
sig = p11.C_Sign(self.session, tralala)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
self.assertRawRSASignatureMatches(public_key, tralala, sig)
p11.C_VerifyInit(self.session, CKM_RSA_PKCS, public_key)
p11.C_Verify(self.session, tralala, sig)
@@ -449,11 +453,11 @@ class TestKeys(TestCase):
tralala = b"tralala-en-hopsasa"
public_key, private_key = p11.C_GenerateKeyPair(
self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 3416,
- CKA_ID = "RSA-3416", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
+ CKA_ID = b"RSA-3416", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
self.assertIsKeypair(public_key, private_key)
p11.C_SignInit(self.session, CKM_RSA_PKCS, private_key)
sig = p11.C_Sign(self.session, tralala)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
self.assertRawRSASignatureMatches(public_key, tralala, sig)
p11.C_VerifyInit(self.session, CKM_RSA_PKCS, public_key)
p11.C_Verify(self.session, tralala, sig)
@@ -484,22 +488,22 @@ class TestKeys(TestCase):
@unittest.skipUnless(pycrypto_loaded, "requires PyCrypto")
def test_load_sign_verify_rsa_1024(self):
"Load/sign/verify with RSA-1024-SHA-512 and externally-supplied key"
- public_key, private_key = self._load_rsa_keypair(rsa_1024_pem, "RSA-1024")
- hamster = "Your mother was a hamster"
+ public_key, private_key = self._load_rsa_keypair(rsa_1024_pem, b"RSA-1024")
+ hamster = b"Your mother was a hamster"
p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key)
sig = p11.C_Sign(self.session, hamster)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key)
p11.C_Verify(self.session, hamster, sig)
@unittest.skipUnless(pycrypto_loaded, "requires PyCrypto")
def test_load_sign_verify_rsa_2048(self):
"Load/sign/verify with RSA-2048-SHA-512 and externally-supplied key"
- public_key, private_key = self._load_rsa_keypair(rsa_2048_pem, "RSA-2048")
- hamster = "Your mother was a hamster"
+ public_key, private_key = self._load_rsa_keypair(rsa_2048_pem, b"RSA-2048")
+ hamster = b"Your mother was a hamster"
p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key)
sig = p11.C_Sign(self.session, hamster)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key)
p11.C_Verify(self.session, hamster, sig)
@@ -508,11 +512,11 @@ class TestKeys(TestCase):
"Load/sign/verify with RSA-3416-SHA-512 and externally-supplied key"
if not args.all_tests:
self.skipTest("Key length not a multiple of 32, so expected to fail (fairly quickly)")
- public_key, private_key = self._load_rsa_keypair(rsa_3416_pem, "RSA-3416")
- hamster = "Your mother was a hamster"
+ public_key, private_key = self._load_rsa_keypair(rsa_3416_pem, b"RSA-3416")
+ hamster = b"Your mother was a hamster"
p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key)
sig = p11.C_Sign(self.session, hamster)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key)
p11.C_Verify(self.session, hamster, sig)
@@ -522,12 +526,12 @@ class TestKeys(TestCase):
self.skipTest("Key length not a multiple of 32, so expected to fail (very slowly)")
public_key, private_key = p11.C_GenerateKeyPair(
self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 3416,
- CKA_ID = "RSA-3416", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
+ CKA_ID = b"RSA-3416", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
self.assertIsKeypair(public_key, private_key)
- hamster = "Your mother was a hamster"
+ hamster = b"Your mother was a hamster"
p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key)
sig = p11.C_Sign(self.session, hamster)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key)
p11.C_Verify(self.session, hamster, sig)
@@ -536,26 +540,26 @@ class TestKeys(TestCase):
with self.assertRaises(CKR_ATTRIBUTE_VALUE_INVALID):
p11.C_GenerateKeyPair(
self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1028,
- CKA_ID = "RSA-1028", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
+ CKA_ID = b"RSA-1028", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
def test_gen_sign_verify_rsa_1032(self):
"Generate/sign/verify with RSA-1032-SHA-512 (sic)"
public_key, private_key = p11.C_GenerateKeyPair(
self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1032,
- CKA_ID = "RSA-1032", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
+ CKA_ID = b"RSA-1032", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
self.assertIsKeypair(public_key, private_key)
- hamster = "Your mother was a hamster"
+ hamster = b"Your mother was a hamster"
p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key)
sig = p11.C_Sign(self.session, hamster)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key)
p11.C_Verify(self.session, hamster, sig)
@unittest.skipUnless(pycrypto_loaded, "requires PyCrypto")
def test_load_sign_verify_rsa_1024_with_rpki_data(self):
"Load/sign/verify with RSA-1024-SHA-256, externally-supplied key"
- public_key, private_key = self._load_rsa_keypair(rsa_1024_pem, "RSA-1024")
- tbs = '''
+ public_key, private_key = self._load_rsa_keypair(rsa_1024_pem, b"RSA-1024")
+ tbs = b'''
31 6B 30 1A 06 09 2A 86 48 86 F7 0D 01 09 03 31
0D 06 0B 2A 86 48 86 F7 0D 01 09 10 01 1A 30 1C
06 09 2A 86 48 86 F7 0D 01 09 05 31 0F 17 0D 31
@@ -564,11 +568,11 @@ class TestKeys(TestCase):
0F 1F 86 AF 45 25 4D 8F E1 1F C9 EA B3 83 4A 41
17 C1 42 B7 43 AD 51 5E F5 A2 F8 E3 25
'''
- tbs = binascii.unhexlify("".join(tbs.split()))
+ tbs = binascii.unhexlify(b"".join(tbs.split()))
p11.C_SignInit(self.session, CKM_SHA256_RSA_PKCS, private_key)
p11.C_SignUpdate(self.session, tbs)
sig = p11.C_SignFinal(self.session)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
p11.C_VerifyInit(self.session, CKM_SHA256_RSA_PKCS, public_key)
p11.C_Verify(self.session, tbs, sig)
verifier = PKCS1_v1_5.new(RSA.importKey(rsa_1024_pem))
@@ -583,14 +587,14 @@ class TestKeys(TestCase):
def _find_objects(self, chunk_size = 10, template = None, **kwargs):
p11.C_FindObjectsInit(self.session, template, **kwargs)
for handle in p11.C_FindObjects(self.session, chunk_size):
- self.assertIsInstance(handle, (int, int))
+ self.assertIsInstance(handle, (int, long))
p11.C_FindObjectsFinal(self.session)
@unittest.skipUnless(pycrypto_loaded, "requires PyCrypto")
def test_findObjects(self):
- self._load_rsa_keypair(rsa_1024_pem, "RSA-1024")
- self._load_rsa_keypair(rsa_2048_pem, "RSA-2048")
- self._load_rsa_keypair(rsa_3416_pem, "RSA-3416")
+ self._load_rsa_keypair(rsa_1024_pem, b"RSA-1024")
+ self._load_rsa_keypair(rsa_2048_pem, b"RSA-2048")
+ self._load_rsa_keypair(rsa_3416_pem, b"RSA-3416")
self._find_objects(chunk_size = 1, CKA_CLASS = CKO_PUBLIC_KEY)
self._find_objects(chunk_size = 1, CKA_CLASS = CKO_PRIVATE_KEY)
self._find_objects(chunk_size = 10, CKA_CLASS = CKO_PUBLIC_KEY)
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-17 11:08:34 +0000