pkcs11_protect_server 0.2.2

data/.yardopts

@@ -0,0 +1 @@
+--title "PKCS#11-ProtectServer/Ruby Interface" --no-private lib/**/*.rb ext/*.c ext/*.doc

data/Manifest.txt

@@ -0,0 +1,14 @@
+.gemtest
+.yardopts
+Manifest.txt
+README_PROTECT_SERVER.rdoc
+Rakefile
+ext/extconf.rb
+ext/generate_constants.rb
+ext/generate_structs.rb
+ext/pk11s.c
+lib/pkcs11_protect_server.rb
+lib/pkcs11_protect_server/extensions.rb
+test/helper.rb
+test/test_pkcs11_protect_server.rb
+test/test_pkcs11_protect_server_crypt.rb

data/README_PROTECT_SERVER.rdoc

@@ -0,0 +1,89 @@
+= PKCS #11/Ruby Interface for Safenet Protect Server HSM
+
+* Homepage: http://github.com/larskanis/pkcs11
+* API documentation: http://pkcs11.rubyforge.org/pkcs11/
+* Safenet[http://www.safenet-inc.com] - Protect Server HSM
+
+This ruby gem is an add-on to ruby-pkcs11[http://github.com/larskanis/pkcs11] .
+It allowes to use Protect Server specific extensions, which are beyond the PKCS#11 standard.
+That means CKA_EXPORT, CKM_DES3_DERIVE_CBC, structs like CK_DES3_CBC_PARAMS, special functions and so on.
+The module works on the Unix like operating systems and win32.
+
+== Requirements
+
+* ProtectServer PTKC-SDK to compile the module
+* pkcs11 gem installed (use: <tt>gem install pkcs11</tt> )
+
+== Installation
+
+  gem install pkcs11_protect_server -- --with-protect-server-sdk-dir=/path/to/ETcpsdk
+
+This installs the ProtectServer-PKCS#11 extension along with pkcs11-gem either by compiling (Unix)
+or by using the precompiled gem for Win32.
+
+  git clone git://github.com/larskanis/pkcs11.git
+  cd pkcs11_protect_server
+  rake gem PROTECT_SERVER_SDK_DIR=/path/to/ETcpsdk
+  gem install -l pkg/pkcs11_protect_server -- --with-protect-server-sdk-dir=/path/to/ETcpsdk
+
+Downloads and installs the gem from git source.
+
+== Usage
+
+Open the software emulation library and login to a session:
+
+  require "rubygems"
+  require "pkcs11_protect_server"
+
+  pkcs11 = PKCS11::ProtectServer::Library.new(:sw)
+  p pkcs11.info
+  session = pkcs11.active_slots.last.open
+  session.login(:USER, "1234")
+  # ... crypto operations
+  session.logout
+  session.close
+
+{PKCS11::ProtectServer::Library#initialize} tries to find the library file in
+the standard installation directory on Windows or Linux.
+
+== Cross compiling for mswin32
+
+Using rake-compiler a cross compiled pkcs11_protect_server.gem can be build on a linux host for
+the win32 platform. There are no runtime dependencies to any but the standard Windows DLLs.
+
+Install mingw32. On a debian based system this should work:
+
+  apt-get install mingw32
+
+On MacOS X, if you have MacPorts installed:
+
+  port install i386-mingw32-gcc
+
+Install the rake-compiler:
+
+  gem install rake-compiler
+
+Download and cross compile ruby for win32:
+
+  rake-compiler cross-ruby VERSION=1.8.7-p352
+  rake-compiler cross-ruby VERSION=1.9.2-p290
+
+Download and cross compile pkcs11_protect_server for win32:
+
+  rake cross native gem PROTECT_SERVER_SDK_DIR=/path/to/ETcpsdk
+
+If everything works, there should be pkcs11_protect_server-VERSION-x86-mswin32.gem in the pkg
+directory.
+
+
+== ToDo
+
+* implement ProtectServer specific function calls
+* implement possibility to use callbacks
+* add all structs and constants
+
+== Authors
+* Lars Kanis <kanis@comcard.de>
+
+== Copying
+See MIT-LICENSE included in the package.

data/Rakefile

@@ -0,0 +1,86 @@
+# -*- coding: utf-8 -*-
+# -*- ruby -*-
+
+require 'rubygems'
+require 'hoe'
+require 'rake/extensiontask'
+require 'rbconfig'
+
+PROTECT_SERVER_SDK_DIR = ENV['PROTECT_SERVER_SDK_DIR'] || '/opt/ETcpsdk'
+RUBY_PKCS11_EXT_DIR = File.expand_path('../ext')
+
+GENERATED_FILES = [
+  'ext/pk11s_struct_impl.inc',
+  'ext/pk11s_struct_def.inc',
+  'ext/pk11s_const_def.inc',
+  'ext/pk11s_struct.doc',
+  'ext/pk11_struct_macros.h',
+  'ext/pk11_const_macros.h',
+  'ext/pk11_version.h',
+]
+
+CLEAN.include GENERATED_FILES
+CLEAN.include 'lib/pkcs11_protect_server_ext.so'
+CLEAN.include 'tmp'
+
+def pkcs11_version
+  file = File.join(RUBY_PKCS11_EXT_DIR, 'pk11_version.h')
+  version_re = /VERSION += +([\"\'])([\d][\d\w\.]+)\1/
+  File.read_utf(file)[version_re, 2]
+end
+
+hoe = Hoe.spec 'pkcs11_protect_server' do
+  developer('Lars Kanis', 'kanis@comcard.de')
+  extra_deps << ['pkcs11', "= #{pkcs11_version}"]
+  extra_dev_deps << ['yard', '>= 0.6']
+  extra_dev_deps << ['rake-compiler', '>= 0.7']
+
+  self.url = 'http://github.com/larskanis/pkcs11'
+  self.summary = 'Safenet-ProtectServer extensions for PKCS#11-Ruby'
+  self.description = 'This module allows Ruby programs to use vendor extensions for Safenet Protect Server.'
+  self.version = pkcs11_version
+
+  self.readme_file = 'README_PROTECT_SERVER.rdoc'
+  self.history_file = '../History.txt'
+  self.extra_rdoc_files << self.readme_file << 'ext/pk11s.c'
+  spec_extras[:extensions] = 'ext/extconf.rb'
+  spec_extras[:files] = File.read_utf("Manifest.txt").split(/\r?\n\r?/)
+  spec_extras[:files] += GENERATED_FILES
+  spec_extras[:has_rdoc] = 'yard'
+end
+
+ENV['RUBY_CC_VERSION'] ||= '1.8.7:1.9.2'
+
+Rake::ExtensionTask.new('pkcs11_protect_server_ext', hoe.spec) do |ext|
+  ext.ext_dir = 'ext'
+  ext.cross_compile = true                # enable cross compilation (requires cross compile toolchain)
+  ext.cross_platform = ['i386-mingw32']     # forces the Windows platform instead of the default one
+
+  ext.config_options << "--with-protect-server-sdk-dir=#{PROTECT_SERVER_SDK_DIR.inspect}"
+end
+
+def copy_from_base_task(filename)
+  file File.join('ext', filename) => File.join(RUBY_PKCS11_EXT_DIR, filename) do |t|
+    cp t.prerequisites.first, t.name, :verbose=>true
+  end
+end
+
+copy_from_base_task 'pk11_struct_macros.h'
+copy_from_base_task 'pk11_const_macros.h'
+copy_from_base_task 'pk11_version.h'
+
+file 'ext/extconf.rb' => ['ext/pk11s_struct_def.inc', 'ext/pk11s_const_def.inc', 'ext/pk11_struct_macros.h', 'ext/pk11_const_macros.h', 'ext/pk11_version.h']
+file 'ext/pk11s_struct_def.inc' => 'ext/generate_structs.rb' do
+  sh "#{RbConfig::CONFIG['ruby_install_name']} ext/generate_structs.rb --def ext/pk11s_struct_def.inc --impl ext/pk11s_struct_impl.inc --doc ext/pk11s_struct.doc #{File.join(PROTECT_SERVER_SDK_DIR, 'include/ctvdef.h').inspect}"
+end
+file 'ext/pk11s_struct_impl.inc' => 'ext/pk11s_struct_def.inc'
+file 'ext/pk11s_struct.doc' => 'ext/pk11s_struct_def.inc'
+
+file 'ext/pk11s_const_def.inc' => 'ext/generate_constants.rb' do
+  sh "#{RbConfig::CONFIG['ruby_install_name']} ext/generate_constants.rb --const ext/pk11s_const_def.inc #{File.join(PROTECT_SERVER_SDK_DIR, 'include/ctvdef.h').inspect}"
+end
+file 'ext/pk11s.c' => ['ext/pk11s_struct_def.inc', 'ext/pk11s_struct_impl.inc', 'ext/pk11s_const_def.inc']
+
+task :doc_files => 'ext/pk11s_struct.doc'
+
+# vim: syntax=ruby

data/ext/extconf.rb

@@ -0,0 +1,16 @@
+require "mkmf"
+require "rubygems"
+
+inc, lib = dir_config('protect-server-sdk', '/opt/ETcpsdk/include', '/opt/ETcpsdk/lib')
+puts "using ProtectServer-SDK include:#{inc} lib:#{lib}"
+
+# inc, lib = dir_config('ruby-pkcs11')
+# inc ||= Gem.required_location('pkcs11', '../ext')
+# puts "using ruby-pkcs11 include:#{inc} lib:#{lib}"
+# raise "path to ruby-pkcs11/ext could not be found (use --with-ruby-pkcs11-include=my_path)" unless inc
+# $INCFLAGS << " -I"+inc
+
+find_header('pk11_struct_macros.h')
+find_header('pk11_const_macros.h')
+
+create_makefile("pkcs11_protect_server_ext");

data/ext/generate_constants.rb

@@ -0,0 +1,41 @@
+#!/usr/bin/env ruby
+# Quick and dirty parser for PKCS#11 constants and
+# generator for Ruby wrapper classes.
+
+require File.expand_path(File.join(File.dirname(__FILE__), '../../ext/generate_constants'))
+
+module PKCS11
+module ProtectServer
+class ConstantParser < PKCS11::ConstantParser
+  ConstGroups = [
+    ConstTemplate.new(/#define\s+(CKM_[A-Z_0-9]+)\s+(.+)/, 'PKCS11_DEFINE_MECHANISM'),
+    ConstTemplate.new(/#define\s+(CKA_[A-Z_0-9]+)\s+(.+)/, 'PKCS11_DEFINE_ATTRIBUTE'),
+    ConstTemplate.new(/#define\s+(CKO_[A-Z_0-9]+)\s+(.+)/, 'PKCS11_DEFINE_OBJECT_CLASS'),
+    ConstTemplate.new(/#define\s+(CKR_[A-Z_0-9]+)\s+(.+)/, 'PKCS11_DEFINE_RETURN_VALUE'),
+  ]
+
+  IgnoreConstants = %w[CKR_CERTIFICATE_NOT_YET_ACTIVE CKR_CERTIFICATE_EXPIRED]
+
+  def start!
+    File.open(options.const, "w") do |fd_const|
+      options.files.each do |file_h|
+        c_src = IO.read(file_h)
+        ConstGroups.each do |const_group|
+          c_src.scan(const_group.regexp) do
+            const_name, const_value = $1, $2
+            next if IgnoreConstants.include?(const_name)
+
+            fd_const.puts "#{const_group.def}(#{const_name}); /* #{const_value} */"
+          end
+        end
+      end
+    end
+  end
+end
+end
+end
+
+
+if $0==__FILE__
+  PKCS11::ProtectServer::ConstantParser.run(ARGV)
+end

data/ext/generate_structs.rb

@@ -0,0 +1,75 @@
+#!/usr/bin/env ruby
+# Quick and dirty parser for PKCS#11 structs and
+# generator for Ruby wrapper classes.
+
+require 'rubygems'
+require 'pkcs11'
+require File.expand_path(File.join(File.dirname(__FILE__), '../../ext/generate_structs'))
+
+module PKCS11
+module ProtectServer
+class StructParser < PKCS11::StructParser
+
+  SIZE_CONSTANTS = {
+    'CK_MANUFACTURER_SIZE' => 32,
+    'CK_SERIAL_NUMBER_SIZE' => 16,
+    'CK_TIME_SIZE' => 16,
+    'CK_LIB_DESC_SIZE' => 32,
+    'CK_SLOT_DESCRIPTION_SIZE' => 64,
+    'CK_SLOT_MANUFACTURER_SIZE' => 32,
+    'CK_MAX_PIN_LEN' => 32,
+    'CK_TOKEN_LABEL_SIZE' => 32,
+    'CK_TOKEN_MANUFACTURER_SIZE' => 32,
+    'CK_TOKEN_MODEL_SIZE' => 16,
+    'CK_TOKEN_SERIAL_NUMBER_SIZE' => 16,
+    'CK_TOKEN_TIME_SIZE' => 16,
+    'CK_MAX_PBE_IV_SIZE' =>	8,
+    'CK_MAX_PAD_SIZE' => 16,
+  }
+
+  ULONG_TYPES = %w[CK_COUNT CK_SIZE CK_TIMESTAMP_FORMAT]
+  ULONG_PTR_TYPES = %w[CK_COUNT_PTR]
+
+  def struct_module
+    'PKCS11::ProtectServer'
+  end
+
+  def array_attribute_names; %w[attributes mechanism certAttr hCert]; end
+
+  def parse_files(files)
+    structs = []
+    files.each do |file_h|
+      c_src = IO.read(file_h)
+      c_src.scan(/struct\s+([A-Z_0-9]+)\s*\{(.*?)\}/m) do |struct|
+        struct_text = $2
+        struct = PKCS11::StructParser::CStruct.new( $1, [] )
+
+        struct_text.scan(/^\s+([A-Z_0-9]+)([\*\s]+)([\w_]+)\s*(\[\s*(\w+)\s*\])?/) do |elem|
+          type, name = $1, $3
+          qual = SIZE_CONSTANTS[$5] || $5
+          ptr = $2.include?('*')
+          type = "CK_ULONG" if ULONG_TYPES.include?(type)
+          type = "CK_ULONG_PTR" if ULONG_PTR_TYPES.include?(type)
+          struct.attrs << Attribute.new(ptr ? type+"_PTR" : type, name, qual)
+        end
+        structs << struct
+      end
+    end
+    return structs
+  end
+
+  def start!
+    @structs = parse_files(options.files)
+    @structs_by_name = @structs.inject({}){|sum, v| sum[v.name]=v; sum }
+    @std_structs_by_name = PKCS11.constants.select{|c| PKCS11.const_get(c).respond_to?(:ancestors) && !(PKCS11.const_get(c).ancestors & [PKCS11::CStruct, PKCS11::CK_ATTRIBUTE]).empty? }.inject({}){|sum, v| sum[v.to_s]=true; sum }
+
+    write_files
+  end
+end
+end
+end
+
+
+if $0==__FILE__
+  PKCS11::ProtectServer::StructParser.run(ARGV)
+end

data/ext/pk11_const_macros.h

@@ -0,0 +1,38 @@
+#ifndef PK11_CONST_MACROS_INCLUDED
+#define PK11_CONST_MACROS_INCLUDED
+
+/**************************************************/
+/* constant definition                            */
+/**************************************************/
+
+#define PKCS11_DEFINE_CONST(constant) \
+  rb_define_const(MODULE_FOR_CONSTS, #constant, INT2NUM(constant))
+
+#define PKCS11_DEFINE_CONST_GROUP(group, name, value) \
+  do { \
+    VALUE rvalue, str, old; \
+    rvalue = ULONG2NUM(value); \
+    rb_define_const(MODULE_FOR_CONSTS, name, rvalue); \
+    str = rb_obj_freeze(rb_str_new2(name)); \
+    old = rb_hash_aref(group, rvalue); \
+    if (!NIL_P(old)) rb_warning("%s is equal to %s", RSTRING_PTR(old), name); \
+    rb_hash_aset(group, rvalue, str); \
+  } while(0)
+
+#define PKCS11_DEFINE_OBJECT_CLASS(constant) \
+  PKCS11_DEFINE_CONST_GROUP(vOBJECT_CLASSES, #constant, constant)
+#define PKCS11_DEFINE_ATTRIBUTE(constant) \
+  PKCS11_DEFINE_CONST_GROUP(vATTRIBUTES, #constant, constant)
+#define PKCS11_DEFINE_MECHANISM(constant) \
+  PKCS11_DEFINE_CONST_GROUP(vMECHANISMS, #constant, constant)
+#define PKCS11_DEFINE_RETURN_VALUE(constant) \
+  do { \
+    VALUE eError = rb_define_class_under(MODULE_FOR_CONSTS, #constant, BASECLASS_FOR_ERRORS); \
+    VALUE rvalue = ULONG2NUM(constant); \
+    VALUE old = rb_hash_aref(vRETURN_VALUES, rvalue); \
+    if (!NIL_P(old)) rb_warning("%s is equal to %s", RSTRING_PTR(old), #constant); \
+    rb_hash_aset(vRETURN_VALUES, rvalue, eError); \
+  } while(0)
+
+
+#endif

data/ext/pk11_struct_macros.h

@@ -0,0 +1,435 @@
+#ifndef PK11_STRUCT_MACROS_INCLUDED
+#define PK11_STRUCT_MACROS_INCLUDED
+
+/**************************************************/
+/* struct/attribute implementation                */
+/**************************************************/
+
+#define HANDLE2NUM(n) ULONG2NUM(n)
+#define NUM2HANDLE(n) PKNUM2ULONG(n)
+#define PKNUM2ULONG(n) pkcs11_num2ulong(n)
+
+static VALUE
+pkcs11_num2ulong(VALUE val)
+{
+  if (TYPE(val) == T_BIGNUM || TYPE(val) == T_FIXNUM) {
+    return NUM2ULONG(val);
+  }
+  return NUM2ULONG(rb_to_int(val));
+}
+
+static VALUE
+get_string(VALUE obj, off_t offset, size_t size)
+{
+  char *ptr = (char*)DATA_PTR(obj);
+  return rb_str_new(ptr+offset, size);
+}
+
+static VALUE
+set_string(VALUE obj, VALUE value, off_t offset, size_t size)
+{
+  char *ptr = (char*)DATA_PTR(obj);
+  int len = size;
+  StringValue(value);
+  if (RSTRING_LEN(value) < len) len = RSTRING_LEN(value);
+  memset(ptr+offset, 0, size);
+  memcpy(ptr+offset, RSTRING_PTR(value), len);
+  return value;
+}
+
+static VALUE
+get_ulong(VALUE obj, off_t offset)
+{
+  char *ptr = (char*)DATA_PTR(obj);
+  return ULONG2NUM(*(CK_ULONG_PTR)(ptr+offset));
+}
+
+static VALUE
+set_ulong(VALUE obj, VALUE value, off_t offset)
+{
+  char *ptr = (char*)DATA_PTR(obj);
+  *(CK_ULONG_PTR)(ptr+offset) = NUM2ULONG(value);
+  return value;
+}
+
+static VALUE
+get_byte(VALUE obj, off_t offset)
+{
+  char *ptr = (char*)DATA_PTR(obj);
+  return ULONG2NUM(*(CK_BYTE_PTR)(ptr+offset));
+}
+
+static VALUE
+set_byte(VALUE obj, VALUE value, off_t offset)
+{
+  char *ptr = (char*)DATA_PTR(obj);
+  *(CK_BYTE_PTR)(ptr+offset) = NUM2ULONG(value);
+  return value;
+}
+
+static VALUE
+get_ulong_ptr(VALUE obj, off_t offset)
+{
+  char *ptr = (char*)DATA_PTR(obj);
+  CK_ULONG_PTR p = *(CK_ULONG_PTR *)(ptr+offset);
+  if (!p) return Qnil;
+  return ULONG2NUM(*p);
+}
+
+static VALUE
+set_ulong_ptr(VALUE obj, VALUE value, const char *name, off_t offset)
+{
+  VALUE new_obj;
+  CK_ULONG_PTR *ptr = (CK_ULONG_PTR *)((char*)DATA_PTR(obj) + offset);
+  if (NIL_P(value)){
+    rb_iv_set(obj, name, value);
+    *ptr = NULL_PTR;
+    return value;
+  }
+  new_obj = Data_Make_Struct(rb_cInteger, CK_ULONG, 0, free, *ptr);
+  rb_iv_set(obj, name, new_obj);
+  **ptr = NUM2ULONG(value);
+  return value;
+}
+
+static VALUE
+get_handle(VALUE obj, off_t offset)
+{
+  char *ptr = (char*)DATA_PTR(obj);
+  return HANDLE2NUM(*(CK_OBJECT_HANDLE_PTR)(ptr+offset));
+}
+
+static VALUE
+set_handle(VALUE obj, VALUE value, off_t offset)
+{
+  char *ptr = (char*)DATA_PTR(obj);
+  *(CK_OBJECT_HANDLE_PTR)(ptr+offset) = NUM2HANDLE(value);
+  return value;
+}
+
+static VALUE
+get_bool(VALUE obj, off_t offset)
+{
+  char *ptr = (char*)DATA_PTR(obj);
+  if(*(CK_BBOOL*)(ptr+offset)) return Qtrue;
+  else return Qfalse;
+}
+
+static VALUE
+set_bool(VALUE obj, VALUE value, off_t offset)
+{
+  char *ptr = (char*)DATA_PTR(obj);
+  if(value == Qfalse) *(CK_BBOOL*)(ptr+offset) = 0;
+  else if(value == Qtrue) *(CK_BBOOL*)(ptr+offset) = 1;
+  else rb_raise(rb_eArgError, "arg must be true or false");
+  return value;
+}
+
+static VALUE
+get_string_ptr(VALUE obj, const char *name, off_t offset)
+{
+  char *ptr = (char*)DATA_PTR(obj);
+  char *p = *(char**)(ptr+offset);
+  if (!p) return Qnil;
+  return rb_str_new2(p);
+}
+
+static VALUE
+set_string_ptr(VALUE obj, VALUE value, const char *name, off_t offset)
+{
+  char *ptr = (char*)DATA_PTR(obj);
+  if (NIL_P(value)){
+    rb_iv_set(obj, name, value);
+    *(CK_VOID_PTR*)(ptr+offset) = NULL_PTR;
+    return value;
+  }
+  StringValue(value);
+  value = rb_obj_freeze(rb_str_dup(value));
+  rb_iv_set(obj, name, value);
+  *(CK_VOID_PTR*)(ptr+offset) = RSTRING_PTR(value);
+  return value;
+}
+
+static VALUE
+get_string_ptr_len(VALUE obj, const char *name, off_t offset, off_t offset_len)
+{
+  unsigned long l;
+  char *ptr = (char*)DATA_PTR(obj);
+  char *p = *(char**)(ptr+offset);
+  if (!p) return Qnil;
+  l = *(unsigned long*)(ptr+offset_len);
+  return rb_str_new(p, l);
+}
+
+static VALUE
+set_string_ptr_len(VALUE obj, VALUE value, const char *name, off_t offset, off_t offset_len)
+{
+  char *ptr = (char*)DATA_PTR(obj);
+  if (NIL_P(value)){
+    rb_iv_set(obj, name, value);
+    *(CK_VOID_PTR*)(ptr+offset) = NULL_PTR;
+    *(unsigned long*)(ptr+offset_len) = 0;
+    return value;
+  }
+  StringValue(value);
+  value = rb_obj_freeze(rb_str_dup(value));
+  rb_iv_set(obj, name, value);
+  *(CK_VOID_PTR*)(ptr+offset) = RSTRING_PTR(value);
+  *(unsigned long*)(ptr+offset_len) = RSTRING_LEN(value);
+  return value;
+}
+
+static VALUE
+get_struct_inline(VALUE obj, VALUE klass, const char *name, off_t offset)
+{
+  char *ptr = (char*)DATA_PTR(obj) + offset;
+  VALUE inline_obj = Data_Wrap_Struct(klass, 0, 0, ptr);
+  rb_iv_set(inline_obj, name, obj);
+  return inline_obj;
+}
+
+static VALUE
+set_struct_inline(VALUE obj, VALUE klass, const char *struct_name, VALUE value, const char *name, off_t offset, int sizeofstruct)
+{
+  char *ptr = (char*)DATA_PTR(obj) + offset;
+  if (!rb_obj_is_kind_of(value, klass))
+    rb_raise(rb_eArgError, "arg must be a PKCS11::%s", struct_name);
+  memcpy(ptr, DATA_PTR(value), sizeofstruct);
+  return value;
+}
+
+static VALUE
+get_struct_ptr(VALUE obj, VALUE klass, const char *name, off_t offset, int sizeofstruct)
+{
+  char *ptr = (char*)DATA_PTR(obj);
+  char *p = *(char**)(ptr+offset);
+  void *mem;
+  VALUE new_obj;
+  if (!p) return Qnil;
+  mem = xmalloc(sizeofstruct);
+  memcpy(mem, p, sizeofstruct);
+  new_obj = Data_Wrap_Struct(klass, 0, -1, mem);
+  return new_obj;
+}
+
+static VALUE
+set_struct_ptr(VALUE obj, VALUE klass, const char *struct_name, VALUE value, const char *name, off_t offset)
+{
+  char *ptr = (char*)DATA_PTR(obj) + offset;
+  if (NIL_P(value)){
+    rb_iv_set(obj, name, value);
+    *(CK_VOID_PTR*)ptr = NULL_PTR;
+    return value;
+  }
+  if (!rb_obj_is_kind_of(value, klass))
+    rb_raise(rb_eArgError, "arg must be a PKCS11::%s", struct_name);
+  *(CK_VOID_PTR*)ptr = DATA_PTR(value);
+  rb_iv_set(obj, name, value);
+  return value;
+}
+
+static VALUE
+get_struct_ptr_array(VALUE obj, VALUE klass, off_t offset, off_t offset_len, int sizeofstruct)
+{
+  unsigned long i;
+  char *ptr = DATA_PTR(obj);
+  char *p = *(char **)(ptr+offset);
+  unsigned long l = *(unsigned long*)(ptr+offset_len);
+  VALUE ary = rb_ary_new();
+  for (i = 0; i < l; i++){
+    VALUE new_obj;
+    void *mem = xmalloc(sizeofstruct);
+    memcpy(mem, p + sizeofstruct * i, sizeofstruct);
+    new_obj = Data_Wrap_Struct(klass, 0, -1, mem);
+    rb_ary_push(ary, new_obj);
+  }
+  return ary;
+}
+
+static VALUE
+set_struct_ptr_array(VALUE obj, VALUE klass, const char *struct_name, VALUE value, const char *name, off_t offset, off_t offset_len, int sizeofstruct)
+{
+  int i;
+  VALUE str_buf;
+  char *ptr = DATA_PTR(obj);
+  Check_Type(value, T_ARRAY);
+
+  str_buf = rb_str_buf_new(sizeofstruct * RARRAY_LEN(value));
+
+  for (i = 0; i < RARRAY_LEN(value); i++){
+    VALUE entry = rb_ary_entry(value, i);
+    if (!rb_obj_is_kind_of(entry, klass))
+      rb_raise(rb_eArgError, "arg must be array of PKCS11::%s", struct_name);
+    memcpy(RSTRING_PTR(str_buf) + sizeofstruct * i, DATA_PTR(entry), sizeofstruct);
+  }
+  *(CK_VOID_PTR*)(ptr+offset) = RSTRING_PTR(str_buf);
+  *(unsigned long*)(ptr+offset_len) = RARRAY_LEN(value);
+  rb_iv_set(obj, name, str_buf);
+  return value;
+}
+
+
+#define OFFSET_OF(s, f) ((off_t)((char*)&(((s*)0)->f) - (char*)0))
+#define SIZE_OF(s, f) (sizeof(((s*)0)->f))
+
+#define PKCS11_IMPLEMENT_ALLOCATOR(s) \
+static VALUE s##_s_alloc(VALUE self){ \
+  s *info; \
+  VALUE obj = Data_Make_Struct(self, s, 0, -1, info); \
+  return obj; \
+} \
+static VALUE c##s##_to_s(VALUE self){ \
+  return rb_str_new(DATA_PTR(self), sizeof(s)); \
+} \
+static VALUE c##s##_members(VALUE self){ \
+  return a##s##_members; \
+}
+
+#define PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(s) \
+static VALUE c##s;\
+static VALUE a##s##_members;\
+PKCS11_IMPLEMENT_ALLOCATOR(s);
+
+#define PKCS11_IMPLEMENT_STRING_ACCESSOR(s, f) \
+static VALUE c##s##_get_##f(VALUE o){ \
+  return get_string(o, OFFSET_OF(s, f), SIZE_OF(s, f)); \
+} \
+static VALUE c##s##_set_##f(VALUE o, VALUE v){ \
+  return set_string(o, v, OFFSET_OF(s, f), SIZE_OF(s, f)); \
+}
+
+#define PKCS11_IMPLEMENT_ULONG_ACCESSOR(s, f) \
+static VALUE c##s##_get_##f(VALUE o){ \
+  return get_ulong(o, OFFSET_OF(s, f)); \
+} \
+static VALUE c##s##_set_##f(VALUE o, VALUE v){ \
+  return set_ulong(o, v, OFFSET_OF(s, f)); \
+}
+
+#define PKCS11_IMPLEMENT_BYTE_ACCESSOR(s, f) \
+static VALUE c##s##_get_##f(VALUE o){ \
+  return get_byte(o, OFFSET_OF(s, f)); \
+} \
+static VALUE c##s##_set_##f(VALUE o, VALUE v){ \
+  return set_byte(o, v, OFFSET_OF(s, f)); \
+}
+
+#define PKCS11_IMPLEMENT_ULONG_PTR_ACCESSOR(s, f) \
+static VALUE c##s##_get_##f(VALUE o){ \
+  return get_ulong_ptr(o, OFFSET_OF(s, f)); \
+} \
+static VALUE c##s##_set_##f(VALUE o, VALUE v){ \
+  return set_ulong_ptr(o, v, #f, OFFSET_OF(s, f)); \
+}
+
+#define PKCS11_IMPLEMENT_HANDLE_ACCESSOR(s, f) \
+static VALUE c##s##_get_##f(VALUE o){ \
+  return get_handle(o, OFFSET_OF(s, f)); \
+} \
+static VALUE c##s##_set_##f(VALUE o, VALUE v){ \
+  return set_handle(o, v, OFFSET_OF(s, f)); \
+}
+
+#define PKCS11_IMPLEMENT_BOOL_ACCESSOR(s, f) \
+static VALUE c##s##_get_##f(VALUE o){ \
+  return get_bool(o, OFFSET_OF(s, f)); \
+} \
+static VALUE c##s##_set_##f(VALUE o, VALUE v){ \
+  return set_bool(o, v, OFFSET_OF(s, f)); \
+}
+
+#define PKCS11_IMPLEMENT_STRING_PTR_ACCESSOR(s, f) \
+static VALUE c##s##_get_##f(VALUE o){ \
+  return get_string_ptr(o, #f, OFFSET_OF(s, f)); \
+} \
+static VALUE c##s##_set_##f(VALUE o, VALUE v){ \
+  return set_string_ptr(o, v, #f, OFFSET_OF(s, f)); \
+}
+
+#define PKCS11_IMPLEMENT_STRING_PTR_LEN_ACCESSOR(s, f, l) \
+static VALUE c##s##_get_##f(VALUE o){ \
+  return get_string_ptr_len(o, #f, OFFSET_OF(s, f), OFFSET_OF(s, l)); \
+} \
+static VALUE c##s##_set_##f(VALUE o, VALUE v){ \
+  return set_string_ptr_len(o, v, #f, OFFSET_OF(s, f), OFFSET_OF(s, l)); \
+}
+
+#define PKCS11_IMPLEMENT_STRUCT_ACCESSOR(s, k, f) \
+static VALUE c##s##_get_##f(VALUE o){ \
+  return get_struct_inline(o, c##k, #f, OFFSET_OF(s, f)); \
+} \
+static VALUE c##s##_set_##f(VALUE o, VALUE v){ \
+  return set_struct_inline(o, c##k, #k, v, #f, OFFSET_OF(s, f), sizeof(k)); \
+}
+
+#define PKCS11_IMPLEMENT_PKCS11_STRUCT_ACCESSOR(s, k, f) \
+static VALUE c##s##_get_##f(VALUE o){ \
+  VALUE klass = rb_const_get(rb_const_get(rb_cObject, rb_intern("PKCS11")), rb_intern(#k)); \
+  return get_struct_inline(o, klass, #f, OFFSET_OF(s, f)); \
+} \
+static VALUE c##s##_set_##f(VALUE o, VALUE v){ \
+  VALUE klass = rb_const_get(rb_const_get(rb_cObject, rb_intern("PKCS11")), rb_intern(#k)); \
+  return set_struct_inline(o, klass, #k, v, #f, OFFSET_OF(s, f), sizeof(k)); \
+}
+
+#define PKCS11_IMPLEMENT_STRUCT_PTR_ACCESSOR(s, k, f) \
+static VALUE c##s##_get_##f(VALUE o){ \
+  return get_struct_ptr(o, c##k, #f, OFFSET_OF(s, f), sizeof(k)); \
+} \
+static VALUE c##s##_set_##f(VALUE o, VALUE v){ \
+  return set_struct_ptr(o, c##k, #k, v, #f, OFFSET_OF(s, f)); \
+}
+
+#define PKCS11_IMPLEMENT_PKCS11_STRUCT_PTR_ACCESSOR(s, k, f) \
+static VALUE c##s##_get_##f(VALUE o){ \
+  VALUE klass = rb_const_get(rb_const_get(rb_cObject, rb_intern("PKCS11")), rb_intern(#k)); \
+  return get_struct_ptr(o, klass, #f, OFFSET_OF(s, f), sizeof(k)); \
+} \
+static VALUE c##s##_set_##f(VALUE o, VALUE v){ \
+  VALUE klass = rb_const_get(rb_const_get(rb_cObject, rb_intern("PKCS11")), rb_intern(#k)); \
+  return set_struct_ptr(o, klass, #k, v, #f, OFFSET_OF(s, f)); \
+}
+
+#define PKCS11_IMPLEMENT_STRUCT_PTR_ARRAY_ACCESSOR(s, k, f, l) \
+static VALUE c##s##_get_##f(VALUE o){ \
+  return get_struct_ptr_array(o, c##k, OFFSET_OF(s, f), OFFSET_OF(s, l), sizeof(k)); \
+} \
+static VALUE c##s##_set_##f(VALUE o, VALUE v){ \
+  return set_struct_ptr_array(o, c##k, #k, v, #f, OFFSET_OF(s, f), OFFSET_OF(s, l), sizeof(k)); \
+}
+
+#define PKCS11_IMPLEMENT_PKCS11_STRUCT_PTR_ARRAY_ACCESSOR(s, k, f, l) \
+static VALUE c##s##_get_##f(VALUE o){ \
+  VALUE klass = rb_const_get(rb_const_get(rb_cObject, rb_intern("PKCS11")), rb_intern(#k)); \
+  return get_struct_ptr_array(o, klass, OFFSET_OF(s, f), OFFSET_OF(s, l), sizeof(k)); \
+} \
+static VALUE c##s##_set_##f(VALUE o, VALUE v){ \
+  VALUE klass = rb_const_get(rb_const_get(rb_cObject, rb_intern("PKCS11")), rb_intern(#k)); \
+  return set_struct_ptr_array(o, klass, #k, v, #f, OFFSET_OF(s, f), OFFSET_OF(s, l), sizeof(k)); \
+}
+
+
+/**************************************************/
+/* struct/attribute definition                    */
+/**************************************************/
+
+#define PKCS11_DEFINE_STRUCT(s) \
+  do { \
+    c##s = rb_define_class_under(MODULE_FOR_STRUCTS, #s, BASECLASS_FOR_STRUCTS); \
+    a##s##_members = rb_ary_new(); \
+    rb_define_alloc_func(c##s, s##_s_alloc); \
+    rb_define_const(c##s, "SIZEOF_STRUCT", ULONG2NUM(sizeof(s))); \
+    rb_define_method(c##s, "to_s", c##s##_to_s, 0); \
+    rb_define_method(c##s, "members", c##s##_members, 0); \
+    rb_iv_set(c##s, "members", a##s##_members); \
+  } while(0)
+
+#define PKCS11_DEFINE_MEMBER(s, f) \
+  do { \
+    rb_define_method(c##s, #f, c##s##_get_##f, 0); \
+    rb_define_method(c##s, #f "=", c##s##_set_##f, 1); \
+    rb_ary_push(a##s##_members, rb_str_new2(#f)); \
+  } while(0)
+
+
+#endif