pkcs11 0.2.0-x86-mingw32 → 0.2.1-x86-mingw32

data/.yardopts

@@ -1,2 +1 @@
---no-private lib/**/*.rb ext/*.c ext/*.doc
-
+--title "PKCS#11/Ruby Interface" --no-private lib/**/*.rb ext/*.c ext/*.doc

data/History.txt

@@ -1,3 +1,13 @@
+=== 0.2.1 / 2011-04-21
+
+* add some more CK_ULONG and CK_BOOL attributes
+* add array of structs accessor used in CK_OTP_PARAMS
+* refactured inc-file generation
+* bit more documentation
+* bugfix: print CKR-values as unsigned long
+* bugfix: Slot#mechanism_info didn't work with Symbol
+
+
 === 0.2.0 / 2011-01-18
 
 * switch API documentation to YARD instead of RDOC

data/Manifest.txt

@@ -6,6 +6,7 @@ Manifest.txt
 README.rdoc
 Rakefile
 ext/extconf.rb
+ext/generate_constants.rb
 ext/generate_structs.rb
 ext/generate_thread_funcs.rb
 ext/include/cryptoki.h
@@ -18,6 +19,8 @@ ext/include/pkcs11t.h
 ext/pk11.c
 ext/pk11.h
 ext/pk11_const.c
+ext/pk11_const_macros.h
+ext/pk11_struct_macros.h
 lib/pkcs11.rb
 lib/pkcs11/extensions.rb
 lib/pkcs11/helper.rb

data/README.rdoc

@@ -6,7 +6,7 @@
 This module allows Ruby programs to interface with "RSA Security Inc.
 PKCS #11 Cryptographic Token Interface (Cryptoki)".
 PKCS #11 is the de-facto standard to access cryptographic devices.
-You must have the PKCS #11 v2.20 implementation library installed in
+You must have a PKCS #11 v2.20 implementation library installed in
 order to use this module. Tested implementations of PKCS#11 librarys
 include:
 * OpenSC[http://www.opensc-project.org] supported Smart Cards
@@ -23,11 +23,20 @@ This installs the PKCS#11 extension either by compiling (Unix) or by using the p
 
 == Usage
 Cryptoki has a reputation to be complicated to implement and use.
-While this seems to be true for C it shouldn't for Ruby.
-
-{PKCS11.open} opens a PKCS#11 Unix *.so file or Windows-DLL. It requires
-a suitable PKCS #11 implementation.
-
+While this seems to be true for C, it shouldn't for Ruby.
+
+* {PKCS11.open} opens a PKCS#11 Unix *.so file or Windows-DLL with a suitable PKCS #11 implementation
+  and returns a {PKCS11::Library}.
+* {PKCS11::Library#slots} returns a list of {PKCS11::Slot} for all slots accessable by the library.
+* {PKCS11::Slot#open} opens a {PKCS11::Session} which is used for object handling
+  and cryptographic operations.
+* {PKCS11::Object} represents a key, data or certificate object.
+* all constants defined in PKCS#11 v2.20 are available in the module {PKCS11}
+  and contain the associated Integer value (CKA_KEY_TYPE, CKK_AES, CKM_SHA_1 etc.)
+* also all structs are available in the module {PKCS11} as proper ruby classes
+  ({PKCS11::CK_VERSION}, {PKCS11::CK_OTP_PARAMS} etc.)
+
+=== Example
   require "rubygems"
   require "pkcs11"
   include PKCS11
@@ -36,20 +45,25 @@ a suitable PKCS #11 implementation.
   p pkcs11.info
   session = pkcs11.active_slots.first.open
   session.login(:USER, "1234")
-  # ... crypto operations
+  secret_key = session.generate_key(:DES2_KEY_GEN,
+    :ENCRYPT=>true, :DECRYPT=>true, :SENSITIVE=>true, :TOKEN=>true, :LABEL=>'my key')
+  cryptogram = session.encrypt( {:DES3_CBC_PAD=>"\0"*8}, secret_key, "some plaintext")
   session.logout
   session.close
 
-This opens a {PKCS11::Session} to the first active slot of the device.
-A {PKCS11::Session} can be used for all cryptographic operations
-on the device.
-
-Detail information for the API specification is provided by RSA Security Inc.
-Please refer the URL: http://www.rsa.com/rsalabs/node.asp?id=2133.
+This opens a PKCS#11 library and prints it's information block.
+Then a {PKCS11::Session} to the first active slot of the device is opened and
+a login is done on the user account. Now, a 112 bit DES3 key is generated and
+some plaintext is encrypted with it. A 8-byte zero IV is used. In many cases method parameters
+can be Integer (like CKA_LABEL) or, as in the sample, Symbol (:LABEL) which is internally
+converted.
 
-Many usage examples can be found in the unit tests of the <tt>test</tt>
+Many more usage examples can be found in the unit tests of the <tt>test</tt>
 directory of the project or gem.
 
+Detail information for the API specification is provided by RSA Security Inc.
+Please refer the URL: http://www.rsa.com/rsalabs/node.asp?id=2133. Browsable HTML
+can be found at http://www.cryptsoft.com/pkcs11doc.
 
 
 == Cross compiling for mswin32
@@ -89,6 +103,9 @@ directory.
 
 == Development Status
 
+Any operation that is possible with PKCS#11 in C, should be likewise possible in Ruby.
+Otherwise it is considered as a bug in the binding.
+
   STATE   FUNCTION               NOTE
   ------  ---------------------  ----------------------------------------
   DONE    C_Initialize

data/Rakefile

@@ -47,11 +47,14 @@ end
 
 file 'ext/extconf.rb' => ['ext/pk11_struct_def.inc', 'ext/pk11_thread_funcs.c']
 file 'ext/pk11_struct_def.inc' => 'ext/generate_structs.rb' do
-  sh "#{Config::CONFIG['ruby_install_name']} ext/generate_structs.rb --def ext/pk11_struct_def.inc --impl ext/pk11_struct_impl.inc --const ext/pk11_const_def.inc --doc ext/pk11_struct.doc ext/include/pkcs11t.h"
+  sh "#{Config::CONFIG['ruby_install_name']} ext/generate_structs.rb --def ext/pk11_struct_def.inc --impl ext/pk11_struct_impl.inc --doc ext/pk11_struct.doc ext/include/pkcs11t.h"
 end
 file 'ext/pk11_struct_impl.inc' => 'ext/pk11_struct_def.inc'
-file 'ext/pk11.c' => 'ext/pk11_struct_def.inc'
-file 'ext/pk11_const.c' => 'ext/pk11_struct_def.inc'
+file 'ext/pk11_const_def.inc' => 'ext/generate_constants.rb' do
+  sh "#{Config::CONFIG['ruby_install_name']} ext/generate_constants.rb --const ext/pk11_const_def.inc ext/include/pkcs11t.h"
+end
+file 'ext/pk11.c' => ['ext/pk11_struct_def.inc', 'ext/pk11_struct_impl.inc', 'ext/pk11_struct_macros.h']
+file 'ext/pk11_const.c' => ['ext/pk11_const_def.inc', 'ext/pk11_const_macros.h']
 
 file 'ext/pk11_thread_funcs.h' => 'ext/generate_thread_funcs.rb' do
   sh "#{Config::CONFIG['ruby_install_name']} ext/generate_thread_funcs.rb --impl ext/pk11_thread_funcs.c --decl ext/pk11_thread_funcs.h ext/include/pkcs11f.h"

data/ext/generate_constants.rb

@@ -0,0 +1,57 @@
+#!/usr/bin/env ruby
+# Quick and dirty parser for PKCS#11 constants and
+# generator for Ruby wrapper classes.
+
+require 'optparse'
+
+module PKCS11
+class ConstantParser
+
+  attr_accessor :options
+
+  def self.run(argv)
+    s = self.new
+    options = Struct.new(:verbose, :const, :files).new
+    OptionParser.new(argv) do |opts|
+      opts.banner = "Usage: #{$0} [options] <header-file.h>*"
+
+      opts.on("-v", "--[no-]verbose", "Run verbosely", &options.method(:verbose=))
+      opts.on("--const FILE", "Write const implementations to this file", &options.method(:const=))
+      opts.on_tail("-h", "--help", "Show this message") do
+        puts opts
+        exit
+      end
+    end.parse!
+    options.files = argv
+    s.options = options
+    s.start!
+  end
+  
+  ConstTemplate = Struct.new :regexp, :def
+  ConstGroups = [
+    ConstTemplate.new(/#define\s+(CKM_[A-Z_0-9]+)\s+(\w+)/, 'PKCS11_DEFINE_MECHANISM'),
+    ConstTemplate.new(/#define\s+(CKA_[A-Z_0-9]+)\s+(\w+)/, 'PKCS11_DEFINE_ATTRIBUTE'),
+    ConstTemplate.new(/#define\s+(CKO_[A-Z_0-9]+)\s+(\w+)/, 'PKCS11_DEFINE_OBJECT_CLASS'),
+    ConstTemplate.new(/#define\s+(CKR_[A-Z_0-9]+)\s+(\w+)/, 'PKCS11_DEFINE_RETURN_VALUE'),
+  ]
+
+  def start!
+    File.open(options.const, "w") do |fd_const|
+      options.files.each do |file_h|
+        c_src = IO.read(file_h)
+        ConstGroups.each do |const_group|
+          c_src.scan(const_group.regexp) do
+            const_name, const_value = $1, $2
+            
+            fd_const.puts "#{const_group.def}(#{const_name}); /* #{const_value} */"
+          end
+        end
+      end
+    end
+  end
+end
+end
+
+if $0==__FILE__
+  PKCS11::ConstantParser.run(ARGV)
+end

data/ext/generate_structs.rb

@@ -4,154 +4,191 @@
 
 require 'optparse'
 
-options = Struct.new(:verbose, :def, :impl, :const, :doc).new
-OptionParser.new do |opts|
-	opts.banner = "Usage: #{$0} [options] <header-file.h>*"
-
-	opts.on("-v", "--[no-]verbose", "Run verbosely", &options.method(:verbose=))
-	opts.on("--def FILE", "Write struct definitions to this file", &options.method(:def=))
-  opts.on("--impl FILE", "Write struct implementations to this file", &options.method(:impl=))
-  opts.on("--const FILE", "Write const implementations to this file", &options.method(:const=))
-  opts.on("--doc FILE", "Write documentation to this file", &options.method(:doc=))
-	opts.on_tail("-h", "--help", "Show this message") do
-		puts opts
-		exit
-	end
-end.parse!
-
-Attribute = Struct.new(:type, :name, :qual)
-IgnoreStructs = %w[CK_ATTRIBUTE CK_MECHANISM]
-OnlyAllocatorStructs = %w[CK_MECHANISM_INFO CK_C_INITIALIZE_ARGS CK_INFO CK_SLOT_INFO CK_TOKEN_INFO CK_SESSION_INFO]
-
-structs = {}
-File.open(options.def, "w") do |fd_def|
-File.open(options.impl, "w") do |fd_impl|
-File.open(options.doc, "w") do |fd_doc|
-ARGV.each do |file_h|
-	c_src = IO.read(file_h)
-	c_src.scan(/struct\s+([A-Z_0-9]+)\s*\{(.*?)\}/m) do |struct|
-		struct_name, struct_text = $1, $2
-		
-		attrs = {}
-		struct_text.scan(/^\s+([A-Z_0-9]+)\s+([\w_]+)\s*(\[\s*(\d+)\s*\])?/) do |elem|
-			attr = Attribute.new($1, $2, $4)
-			attrs[$1+" "+$2] = attr
-# 			puts attr.inspect
-		end
-    structs[struct_name] = attrs
-
-    next if IgnoreStructs.include?(struct_name)
-
-    if OnlyAllocatorStructs.include?(struct_name)
-      fd_impl.puts "PKCS11_IMPLEMENT_ALLOCATOR(#{struct_name});"
-    else
-      fd_impl.puts "PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(#{struct_name});"
+module PKCS11
+class StructParser
+
+  attr_accessor :options
+  attr_accessor :structs
+  attr_accessor :structs_by_name
+  attr_accessor :std_structs_by_name
+
+  def self.run(argv)
+    s = self.new
+    options = Struct.new(:verbose, :def, :impl, :doc, :files).new
+    OptionParser.new(argv) do |opts|
+      opts.banner = "Usage: #{$0} [options] <header-file.h>*"
+
+      opts.on("-v", "--[no-]verbose", "Run verbosely", &options.method(:verbose=))
+      opts.on("--def FILE", "Write struct definitions to this file", &options.method(:def=))
+      opts.on("--impl FILE", "Write struct implementations to this file", &options.method(:impl=))
+      opts.on("--doc FILE", "Write documentation to this file", &options.method(:doc=))
+      opts.on_tail("-h", "--help", "Show this message") do
+        puts opts
+        exit
+      end
+    end.parse!
+    options.files = argv
+    s.options = options
+    s.start!
+  end
+
+  CStruct = Struct.new(:name, :attrs)
+  Attribute = Struct.new(:type, :name, :qual, :mark)
+  IgnoreStructs = %w[CK_ATTRIBUTE CK_MECHANISM]
+  OnlyAllocatorStructs = %w[CK_MECHANISM_INFO CK_C_INITIALIZE_ARGS CK_INFO CK_SLOT_INFO CK_TOKEN_INFO CK_SESSION_INFO]
+  STRUCT_MODULE = 'PKCS11'
+
+  class CStruct
+    def attr_by_sign(key)
+      attrs.find{|a| a.type+" "+a.name==key }
     end
-    fd_def.puts "PKCS11_DEFINE_STRUCT(#{struct_name});"
-    fd_doc.puts"class PKCS11::#{struct_name} < PKCS11::CStruct"
-    fd_doc.puts"# Size of corresponding C struct in bytes\nSIZEOF_STRUCT=Integer"
-    fd_doc.puts"# @return [String] Binary copy of the C struct\ndef to_s; end"
-    fd_doc.puts"# @return [Array<String>] Attributes of this struct\ndef members; end"
-    
-		# try to find attributes belonging together
-		attrs.select{|key, attr| ['CK_BYTE_PTR', 'CK_VOID_PTR', 'CK_UTF8CHAR_PTR'].include?(attr.type) }.each do |key, attr|
-			if len_attr=attrs["CK_ULONG #{attr.name.gsub(/^p/, "ul")}Len"]
-				fd_impl.puts "PKCS11_IMPLEMENT_STRING_PTR_LEN_ACCESSOR(#{struct_name}, #{attr.name}, #{len_attr.name});"
-				fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct_name}, #{attr.name});"
-        fd_doc.puts"# @return [String, nil] accessor for #{attr.name} and #{len_attr.name}\nattr_accessor :#{attr.name}"
-				attrs.delete_if{|k,v| v==len_attr}
-			elsif attr.name=='pData' && (len_attr = attrs["CK_ULONG length"] || attrs["CK_ULONG ulLen"])
-				fd_impl.puts "PKCS11_IMPLEMENT_STRING_PTR_LEN_ACCESSOR(#{struct_name}, #{attr.name}, #{len_attr.name});"
-				fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct_name}, #{attr.name});"
-        fd_doc.puts"# @return [String, nil] accessor for #{attr.name} and #{len_attr.name}\nattr_accessor :#{attr.name}"
-				attrs.delete_if{|k,v| v==len_attr}
-			else
-				fd_impl.puts "PKCS11_IMPLEMENT_STRING_PTR_ACCESSOR(#{struct_name}, #{attr.name});"
-				fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct_name}, #{attr.name});"
-        fd_doc.puts"# @return [String, nil] accessor for #{attr.name}\nattr_accessor :#{attr.name}"
-			end
-			attrs.delete_if{|k,v| v==attr}
-		end
-		
-		# standalone attributes
-		attrs.each do |key, attr|
-      if attr.qual
-        # Attributes with qualifier
-        case attr.type
-        when 'CK_BYTE', 'CK_UTF8CHAR', 'CK_CHAR'
-          fd_impl.puts "PKCS11_IMPLEMENT_STRING_ACCESSOR(#{struct_name}, #{attr.name});"
-          fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct_name}, #{attr.name});"
-          fd_doc.puts"# @return [String] accessor for #{attr.name} (max #{attr.qual} bytes)\nattr_accessor :#{attr.name}"
-        else
-          fd_impl.puts "/* unimplemented attr #{attr.type} #{attr.name} #{attr.qual} */"
-          fd_def.puts "/* unimplemented attr #{attr.type} #{attr.name} #{attr.qual} */"
+  end
+
+  def parse_files(files)
+    structs = []
+    files.each do |file_h|
+      c_src = IO.read(file_h)
+      c_src.scan(/struct\s+([A-Z_0-9]+)\s*\{(.*?)\}/m) do |struct|
+        struct_text = $2
+        struct = CStruct.new( $1, [] )
+
+        struct_text.scan(/^\s+([A-Z_0-9]+)\s+([\w_]+)\s*(\[\s*(\d+)\s*\])?/) do |elem|
+          struct.attrs << Attribute.new($1, $2, $4)
         end
+        structs << struct
+      end
+    end
+    return structs
+  end
+
+  def start!
+    @structs = parse_files(options.files)
+    @structs_by_name = @structs.inject({}){|sum, v| sum[v.name]=v; sum }
+    @std_structs_by_name = @structs_by_name.dup
+
+    write_files
+  end
+
+  def write_files
+    File.open(options.def, "w") do |fd_def|
+    File.open(options.impl, "w") do |fd_impl|
+    File.open(options.doc, "w") do |fd_doc|
+    structs.each do |struct|
+      next if IgnoreStructs.include?(struct.name)
+
+      if OnlyAllocatorStructs.include?(struct.name)
+        fd_impl.puts "PKCS11_IMPLEMENT_ALLOCATOR(#{struct.name});"
       else
-        case attr.type
-        when 'CK_BYTE'
-          fd_impl.puts "PKCS11_IMPLEMENT_BYTE_ACCESSOR(#{struct_name}, #{attr.name});"
-          fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct_name}, #{attr.name});"
-          fd_doc.puts"# @return [Integer] accessor for #{attr.name} (CK_BYTE)\nattr_accessor :#{attr.name}"
-        when 'CK_ULONG', 'CK_FLAGS', 'CK_SLOT_ID', 'CK_STATE', /CK_[A-Z_0-9]+_TYPE/
-          fd_impl.puts "PKCS11_IMPLEMENT_ULONG_ACCESSOR(#{struct_name}, #{attr.name});"
-          fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct_name}, #{attr.name});"
-          fd_doc.puts"# @return [Integer] accessor for #{attr.name} (CK_ULONG)\nattr_accessor :#{attr.name}"
-        when 'CK_OBJECT_HANDLE'
-          fd_impl.puts "PKCS11_IMPLEMENT_HANDLE_ACCESSOR(#{struct_name}, #{attr.name});"
-          fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct_name}, #{attr.name});"
-          fd_doc.puts"# @return [Integer, PKCS11::Object] Object handle (CK_ULONG)\nattr_accessor :#{attr.name}"
-        when 'CK_BBOOL'
-          fd_impl.puts "PKCS11_IMPLEMENT_BOOL_ACCESSOR(#{struct_name}, #{attr.name});"
-          fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct_name}, #{attr.name});"
-          fd_doc.puts"# @return [Boolean]  Bool value\nattr_accessor :#{attr.name}"
-        when 'CK_ULONG_PTR'
-          fd_impl.puts "PKCS11_IMPLEMENT_ULONG_PTR_ACCESSOR(#{struct_name}, #{attr.name});"
-          fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct_name}, #{attr.name});"
-          fd_doc.puts"# @return [Integer, nil] accessor for #{attr.name} (CK_ULONG_PTR)\nattr_accessor :#{attr.name}"
+        fd_impl.puts "PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(#{struct.name});"
+      end
+      fd_def.puts "PKCS11_DEFINE_STRUCT(#{struct.name});"
+      fd_doc.puts"class #{STRUCT_MODULE}::#{struct.name} < #{STRUCT_MODULE}::CStruct"
+      fd_doc.puts"# Size of corresponding C struct in bytes\nSIZEOF_STRUCT=Integer"
+      fd_doc.puts"# @return [String] Binary copy of the C struct\ndef to_s; end"
+      fd_doc.puts"# @return [Array<String>] Attributes of this struct\ndef members; end"
+
+      # find attributes belonging together for array of struct
+      struct.attrs.select{|attr| structs_by_name[attr.type.gsub(/_PTR$/,'')] }.each do |attr|
+        if attr.name=='pParams' && (len_attr = struct.attr_by_sign("CK_ULONG ulCount"))
+          fd_impl.puts "PKCS11_IMPLEMENT_STRUCT_PTR_ARRAY_ACCESSOR(#{struct.name}, #{attr.type.gsub(/_PTR$/,'')}, #{attr.name}, #{len_attr.name});"
+          fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct.name}, #{attr.name});"
+          fd_doc.puts"# @return [Array<PKCS11::#{attr.type.gsub(/_PTR$/,'')}>] accessor for #{attr.name} and #{len_attr.name}\nattr_accessor :#{attr.name}"
+          len_attr.mark = true
+          attr.mark = true
+        end
+      end
+      # find string attributes belonging together
+      struct.attrs.select{|attr| ['CK_BYTE_PTR', 'CK_VOID_PTR', 'CK_UTF8CHAR_PTR', 'CK_CHAR_PTR'].include?(attr.type) }.each do |attr|
+        if len_attr=struct.attr_by_sign("CK_ULONG #{attr.name.gsub(/^p/, "ul")}Len")
+          fd_impl.puts "PKCS11_IMPLEMENT_STRING_PTR_LEN_ACCESSOR(#{struct.name}, #{attr.name}, #{len_attr.name});"
+          fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct.name}, #{attr.name});"
+          fd_doc.puts"# @return [String, nil] accessor for #{attr.name} and #{len_attr.name}\nattr_accessor :#{attr.name}"
+          len_attr.mark = true
+        elsif attr.name=='pData' && (len_attr = struct.attr_by_sign("CK_ULONG length") || struct.attr_by_sign("CK_ULONG ulLen"))
+          fd_impl.puts "PKCS11_IMPLEMENT_STRING_PTR_LEN_ACCESSOR(#{struct.name}, #{attr.name}, #{len_attr.name});"
+          fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct.name}, #{attr.name});"
+          fd_doc.puts"# @return [String, nil] accessor for #{attr.name} and #{len_attr.name}\nattr_accessor :#{attr.name}"
+          len_attr.mark = true
         else
-          # Struct attributes
-          if structs[attr.type]
-            fd_impl.puts "PKCS11_IMPLEMENT_STRUCT_ACCESSOR(#{struct_name}, #{attr.type}, #{attr.name});"
-            fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct_name}, #{attr.name});"
-            fd_doc.puts"# @return [PKCS11::#{attr.type}] inline struct\nattr_accessor :#{attr.name}"
-          elsif structs[attr.type.gsub(/_PTR$/,'')]
-            fd_impl.puts "PKCS11_IMPLEMENT_STRUCT_PTR_ACCESSOR(#{struct_name}, #{attr.type.gsub(/_PTR$/,'')}, #{attr.name});"
-            fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct_name}, #{attr.name});"
-            fd_doc.puts"# @return [PKCS11::#{attr.type.gsub(/_PTR$/,'')}, nil] pointer to struct\nattr_accessor :#{attr.name}"
+          fd_impl.puts "PKCS11_IMPLEMENT_STRING_PTR_ACCESSOR(#{struct.name}, #{attr.name});"
+          fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct.name}, #{attr.name});"
+          fd_doc.puts"# @return [String, nil] accessor for #{attr.name}\nattr_accessor :#{attr.name}"
+        end
+        attr.mark = true
+      end
+
+      # standalone attributes
+      struct.attrs.reject{|a| a.mark }.each do |attr|
+        if attr.qual
+          # Attributes with qualifier
+          case attr.type
+          when 'CK_BYTE', 'CK_UTF8CHAR', 'CK_CHAR'
+            fd_impl.puts "PKCS11_IMPLEMENT_STRING_ACCESSOR(#{struct.name}, #{attr.name});"
+            fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct.name}, #{attr.name});"
+            fd_doc.puts"# @return [String] accessor for #{attr.name} (max #{attr.qual} bytes)\nattr_accessor :#{attr.name}"
           else
             fd_impl.puts "/* unimplemented attr #{attr.type} #{attr.name} #{attr.qual} */"
             fd_def.puts "/* unimplemented attr #{attr.type} #{attr.name} #{attr.qual} */"
           end
+        else
+          case attr.type
+          when 'CK_BYTE'
+            fd_impl.puts "PKCS11_IMPLEMENT_BYTE_ACCESSOR(#{struct.name}, #{attr.name});"
+            fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct.name}, #{attr.name});"
+            fd_doc.puts"# @return [Integer] accessor for #{attr.name} (CK_BYTE)\nattr_accessor :#{attr.name}"
+          when 'CK_ULONG', 'CK_FLAGS', 'CK_SLOT_ID', 'CK_STATE', 'CK_COUNT', 'CK_SIZE', /CK_[A-Z_0-9]+_TYPE/
+            fd_impl.puts "PKCS11_IMPLEMENT_ULONG_ACCESSOR(#{struct.name}, #{attr.name});"
+            fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct.name}, #{attr.name});"
+            fd_doc.puts"# @return [Integer] accessor for #{attr.name} (CK_ULONG)\nattr_accessor :#{attr.name}"
+          when 'CK_OBJECT_HANDLE'
+            fd_impl.puts "PKCS11_IMPLEMENT_HANDLE_ACCESSOR(#{struct.name}, #{attr.name});"
+            fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct.name}, #{attr.name});"
+            fd_doc.puts"# @return [Integer, PKCS11::Object] Object handle (CK_ULONG)\nattr_accessor :#{attr.name}"
+          when 'CK_BBOOL'
+            fd_impl.puts "PKCS11_IMPLEMENT_BOOL_ACCESSOR(#{struct.name}, #{attr.name});"
+            fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct.name}, #{attr.name});"
+            fd_doc.puts"# @return [Boolean]  Bool value\nattr_accessor :#{attr.name}"
+          when 'CK_ULONG_PTR', 'CK_COUNT_PTR'
+            fd_impl.puts "PKCS11_IMPLEMENT_ULONG_PTR_ACCESSOR(#{struct.name}, #{attr.name});"
+            fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct.name}, #{attr.name});"
+            fd_doc.puts"# @return [Integer, nil] accessor for #{attr.name} (CK_ULONG_PTR)\nattr_accessor :#{attr.name}"
+          else
+            # Struct attributes
+            if structs_by_name[attr.type]
+              fd_impl.puts "PKCS11_IMPLEMENT_STRUCT_ACCESSOR(#{struct.name}, #{attr.type}, #{attr.name});"
+              fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct.name}, #{attr.name});"
+              fd_doc.puts"# @return [#{STRUCT_MODULE}::#{attr.type}] inline struct\nattr_accessor :#{attr.name}"
+            elsif (attr_noptr=attr.type.gsub(/_PTR$/,'')) && structs_by_name[attr_noptr]
+              fd_impl.puts "PKCS11_IMPLEMENT_STRUCT_PTR_ACCESSOR(#{struct.name}, #{attr_noptr}, #{attr.name});"
+              fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct.name}, #{attr.name});"
+              fd_doc.puts"# @return [#{STRUCT_MODULE}::#{attr_noptr}, nil] pointer to struct\nattr_accessor :#{attr.name}"
+            elsif std_structs_by_name[attr.type]
+              fd_impl.puts "PKCS11_IMPLEMENT_PKCS11_STRUCT_ACCESSOR(#{struct.name}, #{attr.type}, #{attr.name});"
+              fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct.name}, #{attr.name});"
+              fd_doc.puts"# @return [PKCS11::#{attr.type}] inline struct (see pkcs11.gem)\nattr_accessor :#{attr.name}"
+            elsif (attr_noptr=attr.type.gsub(/_PTR$/,'')) && std_structs_by_name[attr_noptr]
+              fd_impl.puts "PKCS11_IMPLEMENT_PKCS11_STRUCT_PTR_ACCESSOR(#{struct.name}, #{attr_noptr}, #{attr.name});"
+              fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct.name}, #{attr.name});"
+              fd_doc.puts"# @return [PKCS11::#{attr_noptr}, nil] pointer to struct (see pkcs11.gem)\nattr_accessor :#{attr.name}"
+            else
+              fd_impl.puts "/* unimplemented attr #{attr.type} #{attr.name} #{attr.qual} */"
+              fd_def.puts "/* unimplemented attr #{attr.type} #{attr.name} #{attr.qual} */"
+            end
+          end
         end
       end
-		end
-	
-		fd_impl.puts
-		fd_def.puts
-    fd_doc.puts"end"
-	end
-end
-end
-end
-end
 
-ConstTemplate = Struct.new :regexp, :def
-ConstGroups = [
-  ConstTemplate.new(/#define\s+(CKM_[A-Z_0-9]+)\s+(\w+)/, 'PKCS11_DEFINE_MECHANISM'),
-  ConstTemplate.new(/#define\s+(CKA_[A-Z_0-9]+)\s+(\w+)/, 'PKCS11_DEFINE_ATTRIBUTE'),
-  ConstTemplate.new(/#define\s+(CKO_[A-Z_0-9]+)\s+(\w+)/, 'PKCS11_DEFINE_OBJECT_CLASS'),
-  ConstTemplate.new(/#define\s+(CKR_[A-Z_0-9]+)\s+(\w+)/, 'PKCS11_DEFINE_RETURN_VALUE'),
-]
-
-File.open(options.const, "w") do |fd_const|
-ARGV.each do |file_h|
-  c_src = IO.read(file_h)
-  ConstGroups.each do |const_group|
-    c_src.scan(const_group.regexp) do
-      const_name, const_value = $1, $2
-      
-      fd_const.puts "#{const_group.def}(#{const_name}); /* #{const_value} */"
+      fd_impl.puts
+      fd_def.puts
+      fd_doc.puts "end"
+    end
+    end
+    end
     end
   end
 end
 end
+
+if $0==__FILE__
+  PKCS11::StructParser.run(ARGV)
+end