From 6730146b732cab6bd5eafd2be1f273c515440ca7 Mon Sep 17 00:00:00 2001
From: Dmitry Smirnov <d.smirnov@goqrate.com>
Date: Thu, 14 Aug 2025 12:48:19 +0300
Subject: [PATCH 1/2] Expand ATTRIBUTE_TYPES for GOSTR support.

Changes to be committed:
	modified:   pkcs11/attributes.py
---
 pkcs11/attributes.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkcs11/attributes.py b/pkcs11/attributes.py
index 5cb5141..c838f3a 100644
--- a/pkcs11/attributes.py
+++ b/pkcs11/attributes.py
@@ -89,6 +89,8 @@ def _enum(type_):
     Attribute.VERIFY_RECOVER: handle_bool,
     Attribute.WRAP: handle_bool,
     Attribute.WRAP_WITH_TRUSTED: handle_bool,
+    Attribute.GOSTR3410_PARAMS: handle_bytes,
+    Attribute.GOSTR3411_PARAMS: handle_bytes,
 }
 """
 Map of attributes to (serialize, deserialize) functions.

From 911aff7bb8cf301eed1a1e490e3b664f7bb76935 Mon Sep 17 00:00:00 2001
From: Dmitry Smirnov <d.smirnov@goqrate.com>
Date: Fri, 22 Aug 2025 09:40:22 +0300
Subject: [PATCH 2/2] Allow vendor defined mechanism in MechanismWithParam

---
 pkcs11/_pkcs11.pyx | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pkcs11/_pkcs11.pyx b/pkcs11/_pkcs11.pyx
index 4261fe4..741faa7 100644
--- a/pkcs11/_pkcs11.pyx
+++ b/pkcs11/_pkcs11.pyx
@@ -162,7 +162,7 @@ cdef class MechanismWithParam:
                 raise ArgumentsBad("No default mechanism for this key type. "
                                     "Please specify `mechanism`.")
 
-        if not isinstance(mechanism, Mechanism):
+        if not (isinstance(mechanism, Mechanism) or mechanism & Mechanism._VENDOR_DEFINED):
             raise ArgumentsBad("`mechanism` must be a Mechanism.")
         # Possible types of parameters we might need to allocate
         # These are used to make assigning to the object we malloc() easier
@@ -298,6 +298,12 @@ cdef class MechanismWithParam:
             aes_ctr_params.ulCounterBits = (16 - len(param.nonce)) * 8
             aes_ctr_params.cb = param.nonce + b"\x00" * (15 - len(param.nonce)) + b"\x01"
 
+        elif mechanism & Mechanism._VENDOR_DEFINED and param:
+            if not isinstance(param, bytes):
+                raise ArgumentsBad("'mechanism_param' type must be bytes")
+            self.data.pParameter = <CK_BYTE *> param
+            paramlen =  len(param)
+            
         elif param is None:
             self.data.pParameter = NULL
             paramlen = 0