pkcs11 0.2.1 → 0.2.2

data/History.txt

@@ -1,3 +1,13 @@
+=== 0.2.2 / 2011-12-12
+
+* add ability to change PKCS11 base methods in order to use vendor defined attributes, return codes and mechanisms
+* restructured C code to avoid duplicated code in vendor extension gems
+* add gem pkcs11_protect_server to cover many ProtectServer specific extensions
+* update test/helper to find newer libsoftokn3
+* add task for generating combined docs of PKCS11 and PKCS11::ProtectServer
+* changed PKCS11#slots to return all slots of the device by default
+* add ability to set/get multiple attributes with Object#[] and Object#[]=
+
 === 0.2.1 / 2011-04-21
 
 * add some more CK_ULONG and CK_BOOL attributes

data/Manifest.txt

@@ -1,4 +1,5 @@
 .autotest
+.gemtest
 .yardopts
 History.txt
 MIT-LICENSE
@@ -21,6 +22,7 @@ ext/pk11.h
 ext/pk11_const.c
 ext/pk11_const_macros.h
 ext/pk11_struct_macros.h
+ext/pk11_version.h
 lib/pkcs11.rb
 lib/pkcs11/extensions.rb
 lib/pkcs11/helper.rb
@@ -28,8 +30,20 @@ lib/pkcs11/library.rb
 lib/pkcs11/object.rb
 lib/pkcs11/session.rb
 lib/pkcs11/slot.rb
-sample/firefox_certs.rb
-sample/nssckbi.rb
+pkcs11_protect_server/.gemtest
+pkcs11_protect_server/.yardopts
+pkcs11_protect_server/Manifest.txt
+pkcs11_protect_server/README_PROTECT_SERVER.rdoc
+pkcs11_protect_server/Rakefile
+pkcs11_protect_server/ext/extconf.rb
+pkcs11_protect_server/ext/generate_constants.rb
+pkcs11_protect_server/ext/generate_structs.rb
+pkcs11_protect_server/ext/pk11s.c
+pkcs11_protect_server/lib/pkcs11_protect_server.rb
+pkcs11_protect_server/lib/pkcs11_protect_server/extensions.rb
+pkcs11_protect_server/test/helper.rb
+pkcs11_protect_server/test/test_pkcs11_protect_server.rb
+pkcs11_protect_server/test/test_pkcs11_protect_server_crypt.rb
 test/fixtures/softokn/cert8.db
 test/fixtures/softokn/key3.db
 test/fixtures/softokn/secmod.db

data/README.rdoc

@@ -55,7 +55,7 @@ This opens a PKCS#11 library and prints it's information block.
 Then a {PKCS11::Session} to the first active slot of the device is opened and
 a login is done on the user account. Now, a 112 bit DES3 key is generated and
 some plaintext is encrypted with it. A 8-byte zero IV is used. In many cases method parameters
-can be Integer (like CKA_LABEL) or, as in the sample, Symbol (:LABEL) which is internally
+can be Integer (like PKCS11::CKA_LABEL) or, as in the sample, Symbol (:LABEL) which is internally
 converted.
 
 Many more usage examples can be found in the unit tests of the <tt>test</tt>
@@ -65,8 +65,24 @@ Detail information for the API specification is provided by RSA Security Inc.
 Please refer the URL: http://www.rsa.com/rsalabs/node.asp?id=2133. Browsable HTML
 can be found at http://www.cryptsoft.com/pkcs11doc.
 
+=== Vendor extensions
+Some vendors extend their libraries beyond the standard, in it's own way.
+This can be used by vendor specific packages:
+* Safenet ProtectServer: {file:pkcs11_protect_server/README_PROTECT_SERVER.rdoc}
 
-== Cross compiling for mswin32
+=== Threading
+
+The pkcs11 binding fully supports native, background Ruby threads.
+This of course only applies to Rubinius and Ruby 1.9.x or higher since
+earlier versions of Ruby do not support native threads.
+
+Calling the Cryptoki library from multiple threads simultaneously,
+requires to open it with flag PKCS11::CKF_OS_LOCKING_OK.
+Application-supplied synchronization primitives
+(CreateMutex, DestroyMutex, LockMutex, UnlockMutex) are not supported.
+
+
+== Cross compiling for Windows
 
 Using rake-compiler a cross compiled pkcs11-gem can be build on a linux host for
 the win32 platform. There are no runtime dependencies to any but the standard Windows DLLs.
@@ -85,20 +101,21 @@ Install the rake-compiler:
 
 Download and cross compile ruby for win32:
 
-  rake-compiler cross-ruby VERSION=1.8.6-p287
+  rake-compiler cross-ruby VERSION=1.8.7-p352
+  rake-compiler cross-ruby VERSION=1.9.2-p290
 
-Download and cross compile pkcs11 for win32:
+Download and cross compile pkcs11 for win32 (MRI 1.8+1.9 fat gem):
 
-  rake cross native gem
+  rake cross native gem RUBY_CC_VERSION=1.8.7:1.9.2
 
-If everything works, there should be pkcs11-VERSION-x86-mswin32.gem in the pkg
+If everything works, there should be pkcs11-VERSION-x86-mingw32.gem in the pkg
 directory.
 
 
 == ToDo
 
 * encoding support for Ruby 1.9
-* support for proprietary extensions of different vendors
+* support for proprietary extensions of different vendors (done for Safenet-ProtectServer)
 * PKCS#11 v2.3
 
 == Development Status

data/Rakefile

@@ -6,11 +6,16 @@ require 'hoe'
 require 'rake/extensiontask'
 require 'rbconfig'
 
-CLEAN.include 'ext/pk11_struct_def.inc'
-CLEAN.include 'ext/pk11_struct_impl.inc'
-CLEAN.include 'ext/pk11_const_def.inc'
-CLEAN.include 'ext/pk11_thread_funcs.h'
-CLEAN.include 'ext/pk11_thread_funcs.c'
+GENERATED_FILES = [
+  'ext/pk11_struct_impl.inc',
+  'ext/pk11_struct_def.inc',
+  'ext/pk11_const_def.inc',
+  'ext/pk11_struct.doc',
+  'ext/pk11_thread_funcs.h',
+  'ext/pk11_thread_funcs.c',
+]
+
+CLEAN.include GENERATED_FILES
 CLEAN.include 'lib/pkcs11_ext.so'
 CLEAN.include 'tmp'
 
@@ -28,43 +33,49 @@ hoe = Hoe.spec 'pkcs11' do
   self.readme_file = 'README.rdoc'
   self.extra_rdoc_files << self.readme_file << 'ext/pk11.c'
   spec_extras[:extensions] = 'ext/extconf.rb'
-  spec_extras[:files] = File.read_utf("Manifest.txt").split(/\r?\n\r?/)
-  spec_extras[:files] << 'ext/pk11_struct_impl.inc'
-  spec_extras[:files] << 'ext/pk11_struct_def.inc'
-  spec_extras[:files] << 'ext/pk11_const_def.inc'
-  spec_extras[:files] << 'ext/pk11_thread_funcs.h'
-  spec_extras[:files] << 'ext/pk11_thread_funcs.c'
+  spec_extras[:files] = File.read_utf("Manifest.txt").split(/\r?\n\r?/).reject{|f| f=~/^pkcs11_/ }
+  spec_extras[:files] += GENERATED_FILES
   spec_extras[:has_rdoc] = 'yard'
 end
 
-ENV['RUBY_CC_VERSION'] ||= '1.8.6:1.9.2'
+ENV['RUBY_CC_VERSION'] ||= '1.8.7:1.9.2'
 
 Rake::ExtensionTask.new('pkcs11_ext', hoe.spec) do |ext|
   ext.ext_dir = 'ext'
   ext.cross_compile = true                # enable cross compilation (requires cross compile toolchain)
-  ext.cross_platform = ['i386-mswin32', 'i386-mingw32']     # forces the Windows platform instead of the default one
+  ext.cross_platform = ['i386-mingw32']     # forces the Windows platform instead of the default one
 end
 
 file 'ext/extconf.rb' => ['ext/pk11_struct_def.inc', 'ext/pk11_thread_funcs.c']
 file 'ext/pk11_struct_def.inc' => 'ext/generate_structs.rb' do
-  sh "#{Config::CONFIG['ruby_install_name']} ext/generate_structs.rb --def ext/pk11_struct_def.inc --impl ext/pk11_struct_impl.inc --doc ext/pk11_struct.doc ext/include/pkcs11t.h"
+  sh "#{RbConfig::CONFIG['ruby_install_name']} ext/generate_structs.rb --def ext/pk11_struct_def.inc --impl ext/pk11_struct_impl.inc --doc ext/pk11_struct.doc ext/include/pkcs11t.h"
 end
 file 'ext/pk11_struct_impl.inc' => 'ext/pk11_struct_def.inc'
+file 'ext/pk11_struct.doc' => 'ext/pk11_struct_def.inc'
+
 file 'ext/pk11_const_def.inc' => 'ext/generate_constants.rb' do
-  sh "#{Config::CONFIG['ruby_install_name']} ext/generate_constants.rb --const ext/pk11_const_def.inc ext/include/pkcs11t.h"
+  sh "#{RbConfig::CONFIG['ruby_install_name']} ext/generate_constants.rb --const ext/pk11_const_def.inc ext/include/pkcs11t.h"
 end
 file 'ext/pk11.c' => ['ext/pk11_struct_def.inc', 'ext/pk11_struct_impl.inc', 'ext/pk11_struct_macros.h']
 file 'ext/pk11_const.c' => ['ext/pk11_const_def.inc', 'ext/pk11_const_macros.h']
 
 file 'ext/pk11_thread_funcs.h' => 'ext/generate_thread_funcs.rb' do
-  sh "#{Config::CONFIG['ruby_install_name']} ext/generate_thread_funcs.rb --impl ext/pk11_thread_funcs.c --decl ext/pk11_thread_funcs.h ext/include/pkcs11f.h"
+  sh "#{RbConfig::CONFIG['ruby_install_name']} ext/generate_thread_funcs.rb --impl ext/pk11_thread_funcs.c --decl ext/pk11_thread_funcs.h ext/include/pkcs11f.h"
 end
 file 'ext/pk11_thread_funcs.c' => 'ext/pk11_thread_funcs.h'
 file 'ext/pk11.h' => 'ext/pk11_thread_funcs.h'
 
+task :docs_of_vendor_extensions do
+  Dir['pkcs11_*'].each do |dir|
+    chdir(dir) do
+      sh "rake doc_files"
+    end
+  end
+end
+
 desc "Generate static HTML documentation with YARD"
-task :yardoc do
-  sh "yardoc"
+task :yardoc=>['ext/pk11_struct.doc', :docs_of_vendor_extensions] do
+  sh "yardoc --title \"PKCS#11/Ruby Interface\" --no-private lib/**/*.rb ext/*.c ext/*.doc pkcs11_protect_server/lib/**/*.rb pkcs11_protect_server/ext/*.c pkcs11_protect_server/ext/*.doc - pkcs11_protect_server/README_PROTECT_SERVER.rdoc"
 end
 
 desc "Publish YARD to wherever you want."

data/ext/generate_structs.rb

@@ -36,7 +36,10 @@ class StructParser
   Attribute = Struct.new(:type, :name, :qual, :mark)
   IgnoreStructs = %w[CK_ATTRIBUTE CK_MECHANISM]
   OnlyAllocatorStructs = %w[CK_MECHANISM_INFO CK_C_INITIALIZE_ARGS CK_INFO CK_SLOT_INFO CK_TOKEN_INFO CK_SESSION_INFO]
-  STRUCT_MODULE = 'PKCS11'
+
+  def struct_module
+    'PKCS11'
+  end
 
   class CStruct
     def attr_by_sign(key)
@@ -44,6 +47,12 @@ class StructParser
     end
   end
 
+  class Attribute
+    def type_noptr
+      type.gsub(/_PTR$/,'')
+    end
+  end
+
   def parse_files(files)
     structs = []
     files.each do |file_h|
@@ -69,6 +78,8 @@ class StructParser
     write_files
   end
 
+  def array_attribute_names; ['pParams']; end
+
   def write_files
     File.open(options.def, "w") do |fd_def|
     File.open(options.impl, "w") do |fd_impl|
@@ -82,24 +93,25 @@ class StructParser
         fd_impl.puts "PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(#{struct.name});"
       end
       fd_def.puts "PKCS11_DEFINE_STRUCT(#{struct.name});"
-      fd_doc.puts"class #{STRUCT_MODULE}::#{struct.name} < #{STRUCT_MODULE}::CStruct"
+      fd_doc.puts"class #{struct_module}::#{struct.name} < #{struct_module}::CStruct"
       fd_doc.puts"# Size of corresponding C struct in bytes\nSIZEOF_STRUCT=Integer"
       fd_doc.puts"# @return [String] Binary copy of the C struct\ndef to_s; end"
       fd_doc.puts"# @return [Array<String>] Attributes of this struct\ndef members; end"
 
       # find attributes belonging together for array of struct
-      struct.attrs.select{|attr| structs_by_name[attr.type.gsub(/_PTR$/,'')] }.each do |attr|
-        if attr.name=='pParams' && (len_attr = struct.attr_by_sign("CK_ULONG ulCount"))
-          fd_impl.puts "PKCS11_IMPLEMENT_STRUCT_PTR_ARRAY_ACCESSOR(#{struct.name}, #{attr.type.gsub(/_PTR$/,'')}, #{attr.name}, #{len_attr.name});"
+      struct.attrs.select{|attr| structs_by_name[attr.type_noptr] || std_structs_by_name[attr.type_noptr] }.each do |attr|
+        if array_attribute_names.include?(attr.name) && (len_attr = struct.attr_by_sign("CK_ULONG ulCount") || struct.attr_by_sign("CK_ULONG count") || struct.attr_by_sign("CK_ULONG #{attr.name}Count"))
+          std_struct = "PKCS11_" if std_structs_by_name[attr.type_noptr]
+          fd_impl.puts "PKCS11_IMPLEMENT_#{std_struct}STRUCT_PTR_ARRAY_ACCESSOR(#{struct.name}, #{attr.type_noptr}, #{attr.name}, #{len_attr.name});"
           fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct.name}, #{attr.name});"
-          fd_doc.puts"# @return [Array<PKCS11::#{attr.type.gsub(/_PTR$/,'')}>] accessor for #{attr.name} and #{len_attr.name}\nattr_accessor :#{attr.name}"
+          fd_doc.puts"# @return [Array<PKCS11::#{attr.type_noptr}>] accessor for #{attr.name} and #{len_attr.name}\nattr_accessor :#{attr.name}"
           len_attr.mark = true
           attr.mark = true
         end
       end
       # find string attributes belonging together
       struct.attrs.select{|attr| ['CK_BYTE_PTR', 'CK_VOID_PTR', 'CK_UTF8CHAR_PTR', 'CK_CHAR_PTR'].include?(attr.type) }.each do |attr|
-        if len_attr=struct.attr_by_sign("CK_ULONG #{attr.name.gsub(/^p/, "ul")}Len")
+        if len_attr=struct.attr_by_sign("CK_ULONG #{attr.name.gsub(/^p([A-Z])/){ "ul"+$1 }}Len")
           fd_impl.puts "PKCS11_IMPLEMENT_STRING_PTR_LEN_ACCESSOR(#{struct.name}, #{attr.name}, #{len_attr.name});"
           fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct.name}, #{attr.name});"
           fd_doc.puts"# @return [String, nil] accessor for #{attr.name} and #{len_attr.name}\nattr_accessor :#{attr.name}"
@@ -136,7 +148,7 @@ class StructParser
             fd_impl.puts "PKCS11_IMPLEMENT_BYTE_ACCESSOR(#{struct.name}, #{attr.name});"
             fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct.name}, #{attr.name});"
             fd_doc.puts"# @return [Integer] accessor for #{attr.name} (CK_BYTE)\nattr_accessor :#{attr.name}"
-          when 'CK_ULONG', 'CK_FLAGS', 'CK_SLOT_ID', 'CK_STATE', 'CK_COUNT', 'CK_SIZE', /CK_[A-Z_0-9]+_TYPE/
+          when 'CK_ULONG', 'CK_FLAGS', 'CK_SLOT_ID', 'CK_STATE', /CK_[A-Z_0-9]+_TYPE/
             fd_impl.puts "PKCS11_IMPLEMENT_ULONG_ACCESSOR(#{struct.name}, #{attr.name});"
             fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct.name}, #{attr.name});"
             fd_doc.puts"# @return [Integer] accessor for #{attr.name} (CK_ULONG)\nattr_accessor :#{attr.name}"
@@ -148,7 +160,7 @@ class StructParser
             fd_impl.puts "PKCS11_IMPLEMENT_BOOL_ACCESSOR(#{struct.name}, #{attr.name});"
             fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct.name}, #{attr.name});"
             fd_doc.puts"# @return [Boolean]  Bool value\nattr_accessor :#{attr.name}"
-          when 'CK_ULONG_PTR', 'CK_COUNT_PTR'
+          when 'CK_ULONG_PTR'
             fd_impl.puts "PKCS11_IMPLEMENT_ULONG_PTR_ACCESSOR(#{struct.name}, #{attr.name});"
             fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct.name}, #{attr.name});"
             fd_doc.puts"# @return [Integer, nil] accessor for #{attr.name} (CK_ULONG_PTR)\nattr_accessor :#{attr.name}"
@@ -157,19 +169,19 @@ class StructParser
             if structs_by_name[attr.type]
               fd_impl.puts "PKCS11_IMPLEMENT_STRUCT_ACCESSOR(#{struct.name}, #{attr.type}, #{attr.name});"
               fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct.name}, #{attr.name});"
-              fd_doc.puts"# @return [#{STRUCT_MODULE}::#{attr.type}] inline struct\nattr_accessor :#{attr.name}"
-            elsif (attr_noptr=attr.type.gsub(/_PTR$/,'')) && structs_by_name[attr_noptr]
-              fd_impl.puts "PKCS11_IMPLEMENT_STRUCT_PTR_ACCESSOR(#{struct.name}, #{attr_noptr}, #{attr.name});"
+              fd_doc.puts"# @return [#{struct_module}::#{attr.type}] inline struct\nattr_accessor :#{attr.name}"
+            elsif structs_by_name[attr.type_noptr]
+              fd_impl.puts "PKCS11_IMPLEMENT_STRUCT_PTR_ACCESSOR(#{struct.name}, #{attr.type_noptr}, #{attr.name});"
               fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct.name}, #{attr.name});"
-              fd_doc.puts"# @return [#{STRUCT_MODULE}::#{attr_noptr}, nil] pointer to struct\nattr_accessor :#{attr.name}"
+              fd_doc.puts"# @return [#{struct_module}::#{attr.type_noptr}, nil] pointer to struct\nattr_accessor :#{attr.name}"
             elsif std_structs_by_name[attr.type]
               fd_impl.puts "PKCS11_IMPLEMENT_PKCS11_STRUCT_ACCESSOR(#{struct.name}, #{attr.type}, #{attr.name});"
               fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct.name}, #{attr.name});"
               fd_doc.puts"# @return [PKCS11::#{attr.type}] inline struct (see pkcs11.gem)\nattr_accessor :#{attr.name}"
-            elsif (attr_noptr=attr.type.gsub(/_PTR$/,'')) && std_structs_by_name[attr_noptr]
-              fd_impl.puts "PKCS11_IMPLEMENT_PKCS11_STRUCT_PTR_ACCESSOR(#{struct.name}, #{attr_noptr}, #{attr.name});"
+            elsif std_structs_by_name[attr.type_noptr]
+              fd_impl.puts "PKCS11_IMPLEMENT_PKCS11_STRUCT_PTR_ACCESSOR(#{struct.name}, #{attr.type_noptr}, #{attr.name});"
               fd_def.puts "PKCS11_DEFINE_MEMBER(#{struct.name}, #{attr.name});"
-              fd_doc.puts"# @return [PKCS11::#{attr_noptr}, nil] pointer to struct (see pkcs11.gem)\nattr_accessor :#{attr.name}"
+              fd_doc.puts"# @return [PKCS11::#{attr.type_noptr}, nil] pointer to struct (see pkcs11.gem)\nattr_accessor :#{attr.name}"
             else
               fd_impl.puts "/* unimplemented attr #{attr.type} #{attr.name} #{attr.qual} */"
               fd_def.puts "/* unimplemented attr #{attr.type} #{attr.name} #{attr.qual} */"

data/ext/pk11.c

@@ -1,5 +1,6 @@
 #include "pk11.h"
 #include "pk11_struct_macros.h"
+#include "pk11_version.h"
 
 #if defined(compile_for_windows)
   #include <winbase.h> /* for LoadLibrary() */
@@ -7,8 +8,6 @@
   #include <dlfcn.h>
 #endif
 
-static const char *VERSION = "0.2.1";
-
 static ID sNEW;
 static VALUE mPKCS11;
 static VALUE cPKCS11;
@@ -41,11 +40,10 @@ static VALUE aCK_MECHANISM_members;
 VALUE pkcs11_return_value_to_class(CK_RV, VALUE);
 
 static void
-pkcs11_raise(CK_RV rv)
+pkcs11_raise(VALUE self, CK_RV rv)
 {
-  VALUE class;
-  class = pkcs11_return_value_to_class(rv, ePKCS11Error);
-  rb_raise(class, "%lu", rv);
+  rb_funcall(self, rb_intern("vendor_raise_on_return_value"), 1, ULONG2NUM(rv));
+  rb_raise(ePKCS11Error, "method vendor_raise_on_return_value should never return");
 }
 
 ///////////////////////////////////////
@@ -113,7 +111,7 @@ pkcs11_C_Finalize(VALUE self)
 
   GetFunction(self, C_Finalize, func);
   CallFunction(C_Finalize, func, rv, NULL_PTR);
-  if (rv != CKR_OK) pkcs11_raise(rv);
+  if (rv != CKR_OK) pkcs11_raise(self,rv);
 
   return self;
 }
@@ -208,7 +206,7 @@ pkcs11_C_GetFunctionList(VALUE self)
   if(!func) rb_raise(ePKCS11Error, "%s", dlerror());
 #endif
   CallFunction(C_GetFunctionList, func, rv, &(ctx->functions));
-  if (rv != CKR_OK) pkcs11_raise(rv);
+  if (rv != CKR_OK) pkcs11_raise(self,rv);
 
   return self;
 }
@@ -234,7 +232,7 @@ pkcs11_C_Initialize(int argc, VALUE *argv, VALUE self)
   }
   GetFunction(self, C_Initialize, func);
   CallFunction(C_Initialize, func, rv, args);
-  if (rv != CKR_OK) pkcs11_raise(rv);
+  if (rv != CKR_OK) pkcs11_raise(self,rv);
 
   return self;
 }
@@ -264,7 +262,7 @@ pkcs11_C_GetInfo(VALUE self)
   GetFunction(self, C_GetInfo, func);
   info = pkcs11_new_struct(cCK_INFO);
   CallFunction(C_GetInfo, func, rv, (CK_INFO_PTR)DATA_PTR(info));
-  if (rv != CKR_OK) pkcs11_raise(rv);
+  if (rv != CKR_OK) pkcs11_raise(self,rv);
 
   return info;
 }
@@ -281,12 +279,12 @@ pkcs11_C_GetSlotList(VALUE self, VALUE presented)
 
   GetFunction(self, C_GetSlotList, func);
   CallFunction(C_GetSlotList, func, rv, CK_FALSE, NULL_PTR, &ulSlotCount);
-  if (rv != CKR_OK) pkcs11_raise(rv);
+  if (rv != CKR_OK) pkcs11_raise(self,rv);
   pSlotList = (CK_SLOT_ID_PTR)malloc(ulSlotCount*sizeof(CK_SLOT_ID));
   CallFunction(C_GetSlotList, func, rv, RTEST(presented) ? CK_TRUE : CK_FALSE, pSlotList, &ulSlotCount);
   if (rv != CKR_OK) {
     free(pSlotList);
-    pkcs11_raise(rv);
+    pkcs11_raise(self,rv);
   }
   for (i = 0; i < ulSlotCount; i++)
     rb_ary_push(ary, HANDLE2NUM(pSlotList[i]));
@@ -305,7 +303,7 @@ pkcs11_C_GetSlotInfo(VALUE self, VALUE slot_id)
   GetFunction(self, C_GetSlotInfo, func);
   info = pkcs11_new_struct(cCK_SLOT_INFO);
   CallFunction(C_GetSlotInfo, func, rv, NUM2HANDLE(slot_id), DATA_PTR(info));
-  if (rv != CKR_OK) pkcs11_raise(rv);
+  if (rv != CKR_OK) pkcs11_raise(self,rv);
 
   return info;
 }
@@ -320,7 +318,7 @@ pkcs11_C_GetTokenInfo(VALUE self, VALUE slot_id)
   GetFunction(self, C_GetTokenInfo, func);
   info = pkcs11_new_struct(cCK_TOKEN_INFO);
   CallFunction(C_GetTokenInfo, func, rv, NUM2HANDLE(slot_id), DATA_PTR(info));
-  if (rv != CKR_OK) pkcs11_raise(rv);
+  if (rv != CKR_OK) pkcs11_raise(self,rv);
 
   return info;
 }
@@ -338,7 +336,7 @@ pkcs11_C_GetMechanismList(VALUE self, VALUE slot_id)
   ary = rb_ary_new();
   GetFunction(self, C_GetMechanismList, func);
   CallFunction(C_GetMechanismList, func, rv, NUM2HANDLE(slot_id), NULL_PTR, &count);
-  if (rv != CKR_OK) pkcs11_raise(rv);
+  if (rv != CKR_OK) pkcs11_raise(self,rv);
   if (count == 0) return ary;
 
   types = (CK_MECHANISM_TYPE_PTR)malloc(sizeof(CK_MECHANISM_TYPE)*count);
@@ -346,7 +344,7 @@ pkcs11_C_GetMechanismList(VALUE self, VALUE slot_id)
   CallFunction(C_GetMechanismList, func, rv, NUM2HANDLE(slot_id), types, &count);
   if (rv != CKR_OK){
     free(types);
-    pkcs11_raise(rv);
+    pkcs11_raise(self,rv);
   }
   for (i = 0; i < count; i++)
     rb_ary_push(ary, HANDLE2NUM(*(types+i)));
@@ -365,7 +363,7 @@ pkcs11_C_GetMechanismInfo(VALUE self, VALUE slot_id, VALUE type)
   info = pkcs11_new_struct(cCK_MECHANISM_INFO);
   GetFunction(self, C_GetMechanismInfo, func);
   CallFunction(C_GetMechanismInfo, func, rv, NUM2HANDLE(slot_id), NUM2HANDLE(type), DATA_PTR(info));
-  if (rv != CKR_OK) pkcs11_raise(rv);
+  if (rv != CKR_OK) pkcs11_raise(self,rv);
 
   return info;
 }
@@ -382,7 +380,7 @@ pkcs11_C_InitToken(VALUE self, VALUE slot_id, VALUE pin, VALUE label)
   CallFunction(C_InitToken, func, rv, NUM2HANDLE(slot_id),
             (CK_UTF8CHAR_PTR)RSTRING_PTR(pin), RSTRING_LEN(pin),
             (CK_UTF8CHAR_PTR)RSTRING_PTR(label));
-  if (rv != CKR_OK) pkcs11_raise(rv);
+  if (rv != CKR_OK) pkcs11_raise(self,rv);
 
   return self;
 }
@@ -397,7 +395,7 @@ pkcs11_C_InitPIN(VALUE self, VALUE session, VALUE pin)
   GetFunction(self, C_InitPIN, func);
   CallFunction(C_InitPIN, func, rv, NUM2HANDLE(session),
             (CK_UTF8CHAR_PTR)RSTRING_PTR(pin), RSTRING_LEN(pin));
-  if (rv != CKR_OK) pkcs11_raise(rv);
+  if (rv != CKR_OK) pkcs11_raise(self,rv);
 
   return self;
 }
@@ -411,7 +409,7 @@ pkcs11_C_OpenSession(VALUE self, VALUE slot_id, VALUE flags)
 
   GetFunction(self, C_OpenSession, func);
   CallFunction(C_OpenSession, func, rv, NUM2HANDLE(slot_id), NUM2ULONG(flags), 0, 0, &handle);
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
 
   return HANDLE2NUM(handle);
 }
@@ -426,7 +424,7 @@ pkcs11_C_Login(VALUE self, VALUE session, VALUE user_type, VALUE pin)
   GetFunction(self, C_Login, func);
   CallFunction(C_Login, func, rv, NUM2HANDLE(session), NUM2ULONG(user_type),
             (CK_UTF8CHAR_PTR)RSTRING_PTR(pin), RSTRING_LEN(pin));
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
 
   return self;
 }
@@ -439,7 +437,7 @@ pkcs11_C_Logout(VALUE self, VALUE session)
 
   GetFunction(self, C_Logout, func);
   CallFunction(C_Logout, func, rv, NUM2HANDLE(session));
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
 
   return self;
 }
@@ -452,7 +450,7 @@ pkcs11_C_CloseSession(VALUE self, VALUE session)
 
   GetFunction(self, C_CloseSession, func);
   CallFunction(C_CloseSession, func, rv, NUM2HANDLE(session));
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
 
   return self;
 }
@@ -465,7 +463,7 @@ pkcs11_C_CloseAllSessions(VALUE self, VALUE slot_id)
 
   GetFunction(self, C_CloseAllSessions, func);
   CallFunction(C_CloseAllSessions, func, rv, NUM2HANDLE(slot_id));
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
 
   return self;
 }
@@ -480,7 +478,7 @@ pkcs11_C_GetSessionInfo(VALUE self, VALUE session)
   info = pkcs11_new_struct(cCK_SESSION_INFO);
   GetFunction(self, C_GetSessionInfo, func);
   CallFunction(C_GetSessionInfo, func, rv, NUM2HANDLE(session), DATA_PTR(info));
-  if (rv != CKR_OK) pkcs11_raise(rv);
+  if (rv != CKR_OK) pkcs11_raise(self,rv);
 
   return info;
 }
@@ -495,10 +493,10 @@ pkcs11_C_GetOperationState(VALUE self, VALUE session)
 
   GetFunction(self, C_GetOperationState, func);
   CallFunction(C_GetOperationState, func, rv, NUM2HANDLE(session), NULL_PTR, &size);
-  if (rv != CKR_OK) pkcs11_raise(rv);
+  if (rv != CKR_OK) pkcs11_raise(self,rv);
   state = rb_str_new(0, size);
   CallFunction(C_GetOperationState, func, rv, NUM2HANDLE(session), (CK_BYTE_PTR)RSTRING_PTR(state), &size);
-  if (rv != CKR_OK) pkcs11_raise(rv);
+  if (rv != CKR_OK) pkcs11_raise(self,rv);
   rb_str_set_len(state, size);
 
   return state;
@@ -515,7 +513,7 @@ pkcs11_C_SetOperationState(VALUE self, VALUE session, VALUE state, VALUE enc_key
   CallFunction(C_SetOperationState, func, rv, NUM2HANDLE(session),
             (CK_BYTE_PTR)RSTRING_PTR(state), RSTRING_LEN(state),
             NUM2HANDLE(enc_key), NUM2HANDLE(auth_key));
-  if (rv != CKR_OK) pkcs11_raise(rv);
+  if (rv != CKR_OK) pkcs11_raise(self,rv);
 
   return self;
 }
@@ -532,7 +530,7 @@ pkcs11_C_SetPIN(VALUE self, VALUE session, VALUE old_pin, VALUE new_pin)
   CallFunction(C_SetPIN, func, rv, NUM2HANDLE(session),
             (CK_UTF8CHAR_PTR)RSTRING_PTR(old_pin), RSTRING_LEN(old_pin),
             (CK_UTF8CHAR_PTR)RSTRING_PTR(new_pin), RSTRING_LEN(new_pin));
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
 
   return self;
 }
@@ -571,7 +569,7 @@ pkcs11_C_CreateObject(VALUE self, VALUE session, VALUE template)
   GetFunction(self, C_CreateObject, func);
   CallFunction(C_CreateObject, func, rv, NUM2HANDLE(session), tmp, RARRAY_LEN(template), &handle);
   free(tmp);
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
 
   return HANDLE2NUM(handle);
 }
@@ -588,7 +586,7 @@ pkcs11_C_CopyObject(VALUE self, VALUE session, VALUE object, VALUE template)
   GetFunction(self, C_CopyObject, func);
   CallFunction(C_CopyObject, func, rv, NUM2HANDLE(session), NUM2HANDLE(object), tmp, RARRAY_LEN(template), &handle);
   free(tmp);
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
 
   return HANDLE2NUM(handle);
 }
@@ -601,7 +599,7 @@ pkcs11_C_DestroyObject(VALUE self, VALUE session, VALUE handle)
 
   GetFunction(self, C_DestroyObject, func);
   CallFunction(C_DestroyObject, func, rv, NUM2HANDLE(session), NUM2HANDLE(handle));
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
 
   return self;
 }
@@ -615,7 +613,7 @@ pkcs11_C_GetObjectSize(VALUE self, VALUE session, VALUE handle)
 
   GetFunction(self, C_GetObjectSize, func);
   CallFunction(C_GetObjectSize, func, rv, NUM2HANDLE(session), NUM2HANDLE(handle), &size);
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
 
   return ULONG2NUM(size);
 }
@@ -635,7 +633,7 @@ pkcs11_C_FindObjectsInit(VALUE self, VALUE session, VALUE template)
   GetFunction(self, C_FindObjectsInit, func);
   CallFunction(C_FindObjectsInit, func, rv, NUM2HANDLE(session), tmp, tmp_size);
   free(tmp);
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
 
   return self;
 }
@@ -648,7 +646,7 @@ pkcs11_C_FindObjectsFinal(VALUE self, VALUE session)
 
   GetFunction(self, C_FindObjectsFinal, func);
   CallFunction(C_FindObjectsFinal, func, rv, NUM2HANDLE(session));
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
 
   return self;
 }
@@ -669,7 +667,7 @@ pkcs11_C_FindObjects(VALUE self, VALUE session, VALUE max_count)
   CallFunction(C_FindObjects, func, rv, NUM2HANDLE(session), handles, NUM2ULONG(max_count), &count);
   if(rv != CKR_OK){
     free(handles);
-    pkcs11_raise(rv);
+    pkcs11_raise(self,rv);
   }
   ary = rb_ary_new();
   for(i = 0; i < count; i++)
@@ -689,6 +687,7 @@ pkcs11_C_GetAttributeValue(VALUE self, VALUE session, VALUE handle, VALUE templa
   CK_ULONG i, template_size;
   CK_ATTRIBUTE_PTR tmp;
   VALUE ary;
+  VALUE class_attr = rb_funcall(self, rb_intern("vendor_class_CK_ATTRIBUTE"), 0);
 
   tmp = pkcs11_attr_ary2buf(template);
   template_size = RARRAY_LEN(template);
@@ -696,7 +695,7 @@ pkcs11_C_GetAttributeValue(VALUE self, VALUE session, VALUE handle, VALUE templa
   CallFunction(C_GetAttributeValue, func, rv, NUM2HANDLE(session), NUM2HANDLE(handle), tmp, template_size);
   if(rv != CKR_OK){
     free(tmp);
-    pkcs11_raise(rv);
+    pkcs11_raise(self,rv);
   }
 
   for (i = 0; i < template_size; i++){
@@ -711,13 +710,13 @@ pkcs11_C_GetAttributeValue(VALUE self, VALUE session, VALUE handle, VALUE templa
       if (attr->pValue) free(attr->pValue);
     }
     free(tmp);
-    pkcs11_raise(rv);
+    pkcs11_raise(self,rv);
   }
   ary = rb_ary_new();
   for (i = 0; i < template_size; i++){
     CK_ATTRIBUTE_PTR attr = tmp + i;
     if (attr->ulValueLen != (CK_ULONG)-1){
-      VALUE v = pkcs11_new_struct(cCK_ATTRIBUTE);
+      VALUE v = pkcs11_new_struct(class_attr);
       memcpy(DATA_PTR(v), attr, sizeof(CK_ATTRIBUTE));
       rb_ary_push(ary, v);
     }
@@ -740,7 +739,7 @@ pkcs11_C_SetAttributeValue(VALUE self, VALUE session, VALUE handle, VALUE templa
   GetFunction(self, C_SetAttributeValue, func);
   CallFunction(C_SetAttributeValue, func, rv, NUM2HANDLE(session), NUM2HANDLE(handle), tmp, template_size);
   free(tmp);
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
 
   return self;
 }
@@ -754,7 +753,7 @@ pkcs11_C_SeedRandom(VALUE self, VALUE session, VALUE seed)
   GetFunction(self, C_SeedRandom, func);
   CallFunction(C_SeedRandom, func, rv, NUM2HANDLE(session),
             (CK_BYTE_PTR)RSTRING_PTR(seed), RSTRING_LEN(seed));
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
 
   return self;
 }
@@ -769,7 +768,7 @@ pkcs11_C_GenerateRandom(VALUE self, VALUE session, VALUE size)
 
   GetFunction(self, C_GenerateRandom, func);
   CallFunction(C_GenerateRandom, func, rv, NUM2HANDLE(session), (CK_BYTE_PTR)RSTRING_PTR(buf), sz);
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
 
   return buf;
 }
@@ -784,7 +783,7 @@ pkcs11_C_WaitForSlotEvent(VALUE self, VALUE flags)
   GetFunction(self, C_WaitForSlotEvent, func);
   CallFunction(C_WaitForSlotEvent, func, rv, NUM2ULONG(flags), &slot_id, NULL_PTR);
   if(rv == CKR_NO_EVENT) return Qnil;
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
 
   return HANDLE2NUM(slot_id);
 }
@@ -806,10 +805,10 @@ typedef VALUE (*verify_func)
 typedef VALUE (*verify_final_func)
     (CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG);
 
-#define common_crypt(s, d, sz, f)            common_crypt_update(s, d, sz, f)
+#define common_crypt(self, s, d, sz, f)            common_crypt_update(self, s, d, sz, f)
 
 static VALUE
-common_init(VALUE session, VALUE mechanism, VALUE key, init_func func)
+common_init(VALUE self, VALUE session, VALUE mechanism, VALUE key, init_func func)
 {
   CK_RV rv;
   CK_MECHANISM_PTR m;
@@ -819,13 +818,13 @@ common_init(VALUE session, VALUE mechanism, VALUE key, init_func func)
   m = DATA_PTR(mechanism);
   /* Use the function signature of any of the various C_*Init functions. */
   CallFunction(C_EncryptInit, func, rv, NUM2HANDLE(session), m, NUM2HANDLE(key));
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
 
   return Qnil;
 }
 
 static VALUE
-common_crypt_update(VALUE session, VALUE data, VALUE size, crypt_update_func func)
+common_crypt_update(VALUE self, VALUE session, VALUE data, VALUE size, crypt_update_func func)
 {
   CK_RV rv;
   CK_ULONG sz = 0;
@@ -836,7 +835,7 @@ common_crypt_update(VALUE session, VALUE data, VALUE size, crypt_update_func fun
     CallFunction(C_EncryptUpdate, func, rv, NUM2HANDLE(session),
               (CK_BYTE_PTR)RSTRING_PTR(data), RSTRING_LEN(data),
               NULL_PTR, &sz);
-    if(rv != CKR_OK) pkcs11_raise(rv);
+    if(rv != CKR_OK) pkcs11_raise(self,rv);
   }else{
     sz = NUM2ULONG(size);
   }
@@ -845,14 +844,14 @@ common_crypt_update(VALUE session, VALUE data, VALUE size, crypt_update_func fun
   CallFunction(C_EncryptUpdate, func, rv, NUM2HANDLE(session),
             (CK_BYTE_PTR)RSTRING_PTR(data), RSTRING_LEN(data),
             (CK_BYTE_PTR)RSTRING_PTR(buf), &sz);
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
   rb_str_set_len(buf, sz);
 
   return buf;
 }
 
 static VALUE
-common_crypt_final(VALUE session, VALUE size, crypt_final_func func)
+common_crypt_final(VALUE self, VALUE session, VALUE size, crypt_final_func func)
 {
   CK_RV rv;
   CK_ULONG sz = 0;
@@ -860,34 +859,34 @@ common_crypt_final(VALUE session, VALUE size, crypt_final_func func)
 
   if (NIL_P(size)){
     CallFunction(C_EncryptFinal, func, rv, NUM2HANDLE(session), NULL_PTR, &sz);
-    if(rv != CKR_OK) pkcs11_raise(rv);
+    if(rv != CKR_OK) pkcs11_raise(self,rv);
   }else{
     sz = NUM2ULONG(size);
   }
   buf = rb_str_new(0, sz);
 
   CallFunction(C_EncryptFinal, func, rv, NUM2HANDLE(session), (CK_BYTE_PTR)RSTRING_PTR(buf), &sz);
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
   rb_str_set_len(buf, sz);
 
   return buf;
 }
 
 static VALUE
-common_sign_update(VALUE session, VALUE data, sign_update_func func)
+common_sign_update(VALUE self, VALUE session, VALUE data, sign_update_func func)
 {
   CK_RV rv;
 
   StringValue(data);
   CallFunction(C_SignUpdate, func, rv, NUM2HANDLE(session),
             (CK_BYTE_PTR)RSTRING_PTR(data), RSTRING_LEN(data));
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
 
   return Qnil;
 }
 
 static VALUE
-common_verify(VALUE session, VALUE data, VALUE sig, verify_func func)
+common_verify(VALUE self, VALUE session, VALUE data, VALUE sig, verify_func func)
 {
   CK_RV rv;
 
@@ -897,7 +896,7 @@ common_verify(VALUE session, VALUE data, VALUE sig, verify_func func)
   CallFunction(C_Verify, func, rv, NUM2HANDLE(session),
             (CK_BYTE_PTR)RSTRING_PTR(data), RSTRING_LEN(data),
             (CK_BYTE_PTR)RSTRING_PTR(sig), RSTRING_LEN(sig));
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
 
   return Qnil;
 }
@@ -909,7 +908,7 @@ pkcs11_C_EncryptInit(VALUE self, VALUE session, VALUE mechanism, VALUE key)
 {
   CK_C_EncryptInit func;
   GetFunction(self, C_EncryptInit, func);
-  common_init(session, mechanism, key, func);
+  common_init(self, session, mechanism, key, func);
   return self;
 }
 
@@ -918,7 +917,7 @@ pkcs11_C_Encrypt(VALUE self, VALUE session, VALUE data, VALUE size)
 {
   CK_C_Encrypt func;
   GetFunction(self, C_Encrypt, func);
-  return common_crypt(session, data, size, func);
+  return common_crypt(self, session, data, size, func);
 }
 
 static VALUE
@@ -926,7 +925,7 @@ pkcs11_C_EncryptUpdate(VALUE self, VALUE session, VALUE data, VALUE size)
 {
   CK_C_EncryptUpdate func;
   GetFunction(self, C_EncryptUpdate, func);
-  return common_crypt_update(session, data, size, func);
+  return common_crypt_update(self, session, data, size, func);
 }
 
 static VALUE
@@ -934,7 +933,7 @@ pkcs11_C_EncryptFinal(VALUE self, VALUE session, VALUE size)
 {
   CK_C_EncryptFinal func;
   GetFunction(self, C_EncryptFinal, func);
-  return common_crypt_final(session, size, func);
+  return common_crypt_final(self, session, size, func);
 }
 
 static VALUE
@@ -942,7 +941,7 @@ pkcs11_C_DecryptInit(VALUE self, VALUE session, VALUE mechanism, VALUE key)
 {
   CK_C_DecryptInit func;
   GetFunction(self, C_DecryptInit, func);
-  common_init(session, mechanism, key, func);
+  common_init(self, session, mechanism, key, func);
   return self;
 }
 
@@ -951,7 +950,7 @@ pkcs11_C_Decrypt(VALUE self, VALUE session, VALUE data, VALUE size)
 {
   CK_C_Decrypt func;
   GetFunction(self, C_Decrypt, func);
-  return common_crypt(session, data, size, func);
+  return common_crypt(self, session, data, size, func);
 }
 
 static VALUE
@@ -959,7 +958,7 @@ pkcs11_C_DecryptUpdate(VALUE self, VALUE session, VALUE data, VALUE size)
 {
   CK_C_DecryptUpdate func;
   GetFunction(self, C_DecryptUpdate, func);
-  return common_crypt_update(session, data, size, func);
+  return common_crypt_update(self, session, data, size, func);
 }
 
 static VALUE
@@ -967,21 +966,21 @@ pkcs11_C_DecryptFinal(VALUE self, VALUE session, VALUE size)
 {
   CK_C_DecryptFinal func;
   GetFunction(self, C_DecryptFinal, func);
-  return common_crypt_final(session, size, func);
+  return common_crypt_final(self, session, size, func);
 }
 
-#define common_sign(s, d, sz, f)            common_crypt(s, d, sz, f)
-#define common_sign_final(s, sz, f)         common_crypt_final(s, sz, f)
-#define common_verify_update(s, d, f)       common_sign_update(s, d, f)
-#define common_verify_final(s, d, f)        common_sign_update(s, d, f)
-#define common_verify_recover(s, d, sz, f)  common_sign(s, d, sz, f)
+#define common_sign(self, s, d, sz, f)            common_crypt(self, s, d, sz, f)
+#define common_sign_final(self, s, sz, f)         common_crypt_final(self, s, sz, f)
+#define common_verify_update(self, s, d, f)       common_sign_update(self, s, d, f)
+#define common_verify_final(self, s, d, f)        common_sign_update(self, s, d, f)
+#define common_verify_recover(self, s, d, sz, f)  common_sign(self, s, d, sz, f)
 
 static VALUE
 pkcs11_C_SignInit(VALUE self, VALUE session, VALUE mechanism, VALUE key)
 {
   CK_C_SignInit func;
   GetFunction(self, C_SignInit, func);
-  common_init(session, mechanism, key, func);
+  common_init(self, session, mechanism, key, func);
   return self;
 }
 
@@ -990,7 +989,7 @@ pkcs11_C_Sign(VALUE self, VALUE session, VALUE data, VALUE size)
 {
   CK_C_Sign func;
   GetFunction(self, C_Sign, func);
-  return common_sign(session, data, size, func);
+  return common_sign(self, session, data, size, func);
 }
 
 static VALUE
@@ -998,7 +997,7 @@ pkcs11_C_SignUpdate(VALUE self, VALUE session, VALUE data)
 {
   CK_C_SignUpdate func;
   GetFunction(self, C_SignUpdate, func);
-  common_sign_update(session, data, func);
+  common_sign_update(self, session, data, func);
   return self;
 }
 
@@ -1007,7 +1006,7 @@ pkcs11_C_SignFinal(VALUE self, VALUE session, VALUE size)
 {
   CK_C_SignFinal func;
   GetFunction(self, C_SignFinal, func);
-  return common_sign_final(session, size, func);
+  return common_sign_final(self, session, size, func);
 }
 
 static VALUE
@@ -1015,7 +1014,7 @@ pkcs11_C_SignRecoverInit(VALUE self, VALUE session, VALUE mechanism, VALUE key)
 {
   CK_C_SignRecoverInit func;
   GetFunction(self, C_SignRecoverInit, func);
-  common_init(session, mechanism, key, func);
+  common_init(self, session, mechanism, key, func);
   return self;
 }
 
@@ -1024,7 +1023,7 @@ pkcs11_C_SignRecover(VALUE self, VALUE session, VALUE data, VALUE size)
 {
   CK_C_SignRecover func;
   GetFunction(self, C_SignRecover, func);
-  return common_sign(session, data, size, func);
+  return common_sign(self, session, data, size, func);
 }
 
 static VALUE
@@ -1032,7 +1031,7 @@ pkcs11_C_VerifyInit(VALUE self, VALUE session, VALUE mechanism, VALUE key)
 {
   CK_C_VerifyInit func;
   GetFunction(self, C_VerifyInit, func);
-  common_init(session, mechanism, key, func);
+  common_init(self, session, mechanism, key, func);
   return self;
 }
 
@@ -1041,7 +1040,7 @@ pkcs11_C_Verify(VALUE self, VALUE session, VALUE data, VALUE sig)
 {
   CK_C_Verify func;
   GetFunction(self, C_Verify, func);
-  common_verify(session, data, sig, func);
+  common_verify(self, session, data, sig, func);
   return Qtrue;
 }
 
@@ -1050,7 +1049,7 @@ pkcs11_C_VerifyUpdate(VALUE self, VALUE session, VALUE data)
 {
   CK_C_VerifyUpdate func;
   GetFunction(self, C_VerifyUpdate, func);
-  common_verify_update(session, data, func);
+  common_verify_update(self, session, data, func);
   return self;
 }
 
@@ -1059,7 +1058,7 @@ pkcs11_C_VerifyFinal(VALUE self, VALUE session, VALUE sig)
 {
   CK_C_VerifyFinal func;
   GetFunction(self, C_VerifyFinal, func);
-  common_verify_final(session, sig, func);
+  common_verify_final(self, session, sig, func);
   return Qtrue;
 }
 
@@ -1068,7 +1067,7 @@ pkcs11_C_VerifyRecoverInit(VALUE self, VALUE session, VALUE mechanism, VALUE key
 {
   CK_C_VerifyRecoverInit func;
   GetFunction(self, C_VerifyRecoverInit, func);
-  common_init(session, mechanism, key, func);
+  common_init(self, session, mechanism, key, func);
   return self;
 }
 
@@ -1077,13 +1076,13 @@ pkcs11_C_VerifyRecover(VALUE self, VALUE session, VALUE sig, VALUE size)
 {
   CK_C_VerifyRecover func;
   GetFunction(self, C_VerifyRecover, func);
-  common_verify_recover(session, sig, size, func);
+  common_verify_recover(self, session, sig, size, func);
   return Qtrue;
 }
 
-#define common_digest(s, d, sz, f)      common_crypt(s, d, sz, f)
-#define common_digest_update(s, d, f)   common_sign_update(s, d, f)
-#define common_digest_final(s, sz, f)   common_crypt_final(s, sz, f)
+#define common_digest(self, s, d, sz, f)      common_crypt(self, s, d, sz, f)
+#define common_digest_update(self, s, d, f)   common_sign_update(self, s, d, f)
+#define common_digest_final(self, s, sz, f)   common_crypt_final(self, s, sz, f)
 
 VALUE
 pkcs11_C_DigestInit(VALUE self, VALUE session, VALUE mechanism)
@@ -1097,7 +1096,7 @@ pkcs11_C_DigestInit(VALUE self, VALUE session, VALUE mechanism)
       rb_raise(rb_eArgError, "2nd arg must be a PKCS11::CK_MECHANISM");
   m = DATA_PTR(mechanism);
   CallFunction(C_DigestInit, func, rv, NUM2HANDLE(session), m);
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
 
   return self;
 }
@@ -1107,7 +1106,7 @@ pkcs11_C_Digest(VALUE self, VALUE session, VALUE data, VALUE size)
 {
   CK_C_Digest func;
   GetFunction(self, C_Digest, func);
-  return common_digest(session, data, size, func);
+  return common_digest(self, session, data, size, func);
 }
 
 VALUE
@@ -1115,7 +1114,7 @@ pkcs11_C_DigestUpdate(VALUE self, VALUE session, VALUE data)
 {
   CK_C_DigestUpdate func;
   GetFunction(self, C_DigestUpdate, func);
-  common_digest_update(session, data, func);
+  common_digest_update(self, session, data, func);
   return self;
 }
 
@@ -1127,7 +1126,7 @@ pkcs11_C_DigestKey(VALUE self, VALUE session, VALUE handle)
 
   GetFunction(self, C_DigestKey, func);
   CallFunction(C_DigestKey, func, rv, NUM2HANDLE(session), NUM2HANDLE(handle));
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
 
   return self;
 }
@@ -1137,7 +1136,7 @@ pkcs11_C_DigestFinal(VALUE self, VALUE session, VALUE size)
 {
   CK_C_DigestFinal func;
   GetFunction(self, C_DigestFinal, func);
-  return common_digest_final(session, size, func);
+  return common_digest_final(self, session, size, func);
 }
 
 VALUE
@@ -1145,7 +1144,7 @@ pkcs11_C_DigestEncryptUpdate(VALUE self, VALUE session, VALUE data, VALUE size)
 {
   CK_C_DigestEncryptUpdate func;
   GetFunction(self, C_DigestEncryptUpdate, func);
-  return common_crypt_update(session, data, size, func);
+  return common_crypt_update(self, session, data, size, func);
 }
 
 VALUE
@@ -1153,7 +1152,7 @@ pkcs11_C_DecryptDigestUpdate(VALUE self, VALUE session, VALUE data, VALUE size)
 {
   CK_C_DecryptDigestUpdate func;
   GetFunction(self, C_DecryptDigestUpdate, func);
-  return common_crypt_update(session, data, size, func);
+  return common_crypt_update(self, session, data, size, func);
 }
 
 VALUE
@@ -1161,7 +1160,7 @@ pkcs11_C_SignEncryptUpdate(VALUE self, VALUE session, VALUE data, VALUE size)
 {
   CK_C_SignEncryptUpdate func;
   GetFunction(self, C_SignEncryptUpdate, func);
-  return common_crypt_update(session, data, size, func);
+  return common_crypt_update(self, session, data, size, func);
 }
 
 VALUE
@@ -1169,7 +1168,7 @@ pkcs11_C_DecryptVerifyUpdate(VALUE self, VALUE session, VALUE data, VALUE size)
 {
   CK_C_DecryptVerifyUpdate func;
   GetFunction(self, C_DecryptVerifyUpdate, func);
-  return common_crypt_update(session, data, size, func);
+  return common_crypt_update(self, session, data, size, func);
 }
 
 VALUE
@@ -1187,7 +1186,7 @@ pkcs11_C_GenerateKey(VALUE self, VALUE session, VALUE mechanism, VALUE template)
   tmp = pkcs11_attr_ary2buf(template);
   CallFunction(C_GenerateKey, func, rv, NUM2HANDLE(session), m, tmp, RARRAY_LEN(template), &handle);
   free(tmp);
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
 
   return HANDLE2NUM(handle);
 }
@@ -1215,7 +1214,7 @@ pkcs11_C_GenerateKeyPair(VALUE self, VALUE session, VALUE mechanism, VALUE pubke
             &pubkey_handle, &privkey_handle);
   free(pubkey_tmp);
   free(privkey_tmp);
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
   ary = rb_ary_new();
   rb_ary_push(ary, HANDLE2NUM(pubkey_handle));
   rb_ary_push(ary, HANDLE2NUM(privkey_handle));
@@ -1240,7 +1239,7 @@ pkcs11_C_WrapKey(VALUE self, VALUE session, VALUE mechanism, VALUE wrapping, VAL
     CallFunction(C_WrapKey, func, rv, NUM2HANDLE(session), m,
               NUM2HANDLE(wrapping), NUM2HANDLE(wrapped),
               (CK_BYTE_PTR)NULL_PTR, &sz);
-    if(rv != CKR_OK) pkcs11_raise(rv);
+    if(rv != CKR_OK) pkcs11_raise(self,rv);
   }else{
     sz = NUM2ULONG(size);
   }
@@ -1249,7 +1248,7 @@ pkcs11_C_WrapKey(VALUE self, VALUE session, VALUE mechanism, VALUE wrapping, VAL
   CallFunction(C_WrapKey, func, rv, NUM2HANDLE(session), m,
             NUM2HANDLE(wrapping), NUM2HANDLE(wrapped),
             (CK_BYTE_PTR)RSTRING_PTR(buf), &sz);
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
   rb_str_set_len(buf, sz);
 
   return buf;
@@ -1273,7 +1272,7 @@ pkcs11_C_UnwrapKey(VALUE self, VALUE session, VALUE mechanism, VALUE wrapping, V
             (CK_BYTE_PTR)RSTRING_PTR(wrapped), RSTRING_LEN(wrapped),
             tmp, RARRAY_LEN(template), &h);
   free(tmp);
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
 
   return HANDLE2NUM(h);
 }
@@ -1295,11 +1294,43 @@ pkcs11_C_DeriveKey(VALUE self, VALUE session, VALUE mechanism, VALUE base, VALUE
   CallFunction(C_DeriveKey, func, rv, NUM2HANDLE(session), m, NUM2HANDLE(base),
             tmp, RARRAY_LEN(template), &h);
   free(tmp);
-  if(rv != CKR_OK) pkcs11_raise(rv);
+  if(rv != CKR_OK) pkcs11_raise(self,rv);
 
   return HANDLE2NUM(h);
 }
 
+/* rb_define_method(cPKCS11, "vendor_raise_on_return_value", pkcs11_vendor_raise_on_return_value, 1); */
+/*
+ * Raise an exception for the given PKCS#11 return value. This method can be overloaded
+ * to raise vendor specific exceptions. It is only called for rv!=0 and it should never
+ * return regulary, but always by an exception.
+ * @param [Integer] rv return value of the latest operation
+ */
+static VALUE
+pkcs11_vendor_raise_on_return_value(VALUE self, VALUE rv_value)
+{
+  VALUE class;
+  CK_RV rv = NUM2ULONG(rv_value);
+  class = pkcs11_return_value_to_class(rv, ePKCS11Error);
+  rb_raise(class, "%lu", rv);
+
+  return Qnil;
+}
+
+
+/* rb_define_method(cPKCS11, "vendor_class_CK_ATTRIBUTE", pkcs11_vendor_class_CK_ATTRIBUTE, 0); */
+/*
+ * Return class CK_ATTRIBUTE. This method can be overloaded
+ * to return a derived class that appropriate converts vendor specific attributes.
+ * @return [CK_ATTRIBUTE] some kind of CK_ATTRIBUTE
+ */
+static VALUE
+pkcs11_vendor_class_CK_ATTRIBUTE(VALUE self)
+{
+  return cCK_ATTRIBUTE;
+}
+
+
 ///////////////////////////////////////
 
 static void
@@ -1614,6 +1645,8 @@ Init_pkcs11_ext()
   PKCS11_DEFINE_METHOD(C_WaitForSlotEvent, 1);
   PKCS11_DEFINE_METHOD(C_Finalize, 0);
   PKCS11_DEFINE_METHOD(unload_library, 0);
+  PKCS11_DEFINE_METHOD(vendor_raise_on_return_value, 1);
+  PKCS11_DEFINE_METHOD(vendor_class_CK_ATTRIBUTE, 0);
 
   ///////////////////////////////////////