diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b570aa24..b3ee523c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -104,7 +104,7 @@ jobs: - uses: actions/upload-artifact@v4 if: failure() with: - name: Build logs ${{ matrix.name }} + name: Build logs ${{ matrix.db }} ${{ matrix.name }} path: | target/debug/build/*/output diff --git a/Makefile b/Makefile index 1e01a627..75998aee 100644 --- a/Makefile +++ b/Makefile @@ -18,3 +18,6 @@ fix-format: check-spell: @.github/codespell.sh + +docs: + cargo doc --features standard,nssdb,jsondb,fips --document-private-items diff --git a/src/aes.rs b/src/aes.rs index 6a8696b9..af375710 100644 --- a/src/aes.rs +++ b/src/aes.rs @@ -7,16 +7,21 @@ use crate::attribute::Attribute; use crate::error::Result; use crate::interface::*; use crate::mechanism::*; -use crate::misc::zeromem; +use crate::misc::{cast_params, zeromem}; use crate::object::*; use crate::ossl::aes::*; -use crate::{attr_element, cast_params}; use once_cell::sync::Lazy; +/// Smallest AES Key Size (128 bits) pub const MIN_AES_SIZE_BYTES: usize = 16; /* 128 bits */ +/// Medium AES Key size (192 bits) pub const MID_AES_SIZE_BYTES: usize = 24; /* 192 bits */ +/// Biggest AES Key Size (256 bits) pub const MAX_AES_SIZE_BYTES: usize = 32; /* 256 bits */ + +/// The AES block size is 128 bits (16 bytes) for all currently implemented +/// variants pub const AES_BLOCK_SIZE: usize = 16; pub(crate) fn check_key_len(len: usize) -> Result<()> { @@ -26,6 +31,14 @@ pub(crate) fn check_key_len(len: usize) -> Result<()> { } } +/// The AES Key Factory object +/// +/// Derives from the generic ObjectFactory, CommonKeyFactory and +/// SecretKeyFactory +/// +/// This is used to store the list of attributes allowed for an AES Key object, as well as provide +/// method for generic manipulation of AES key objects (generation, derivation, wrapping ...) + #[derive(Debug)] pub struct AesKeyFactory { attributes: Vec, @@ -170,9 +183,22 @@ impl SecretKeyFactory for AesKeyFactory { } } +/// A statically allocated Key Factory facility. +/// +/// Static allocation allows a single implementation to be shared by all users. +/// Factories store data that does not change for the life of the application +/// so it is safe to allocate them only once. static AES_KEY_FACTORY: Lazy> = Lazy::new(|| Box::new(AesKeyFactory::new())); +/// The Generic AES Mechanism object +/// +/// Implements access to the Mechanisms functions applicable to the AES +/// cryptosystem. +/// The mechanism function can implement a crypto operation directly or return +/// an allocated [AesOperation] object for operations that need to keep data +/// around until they complete. + #[derive(Debug)] pub(crate) struct AesMechanism { info: CK_MECHANISM_INFO, @@ -406,6 +432,12 @@ impl Mechanism for AesMechanism { } } +/// AES KDF Operation implementation +/// +/// An AES Operation specific for Key Derivation that uses the AES cipher +/// with various modes as the PRF to compute a derived key +/// Implements [Derive] + #[derive(Debug)] struct AesKDFOperation<'a> { mech: CK_MECHANISM_TYPE, @@ -417,6 +449,7 @@ struct AesKDFOperation<'a> { } impl AesKDFOperation<'_> { + /// Helper function to register the AES KDF Mechanisms fn register_mechanisms(mechs: &mut Mechanisms) { if mechs.get(CKM_AES_ECB).is_ok() { mechs.add_mechanism( @@ -440,6 +473,7 @@ impl AesKDFOperation<'_> { } } + /// Instantiates a new CKM_AES_ECB based KDF operation fn aes_ecb_new<'a>( params: CK_KEY_DERIVATION_STRING_DATA, ) -> Result> { @@ -464,6 +498,7 @@ impl AesKDFOperation<'_> { }) } + /// Instantiates a new CKM_AES_CBC based KDF operation fn aes_cbc_new<'a>( params: CK_AES_CBC_ENCRYPT_DATA_PARAMS, ) -> Result> { @@ -500,6 +535,7 @@ impl MechOperation for AesKDFOperation<'_> { } impl Derive for AesKDFOperation<'_> { + /// Derives a Key using the parameters set on the AESKDFOperation object fn derive( &mut self, key: &Object, @@ -547,6 +583,7 @@ impl Derive for AesKDFOperation<'_> { } } +/// Registers all implemented AES Mechanisms and Factories pub fn register(mechs: &mut Mechanisms, ot: &mut ObjectFactories) { AesOperation::register_mechanisms(mechs); AesKDFOperation::register_mechanisms(mechs); diff --git a/src/attribute.rs b/src/attribute.rs index d3d0a7d6..72079387 100644 --- a/src/attribute.rs +++ b/src/attribute.rs @@ -5,8 +5,7 @@ use std::borrow::Cow; use crate::error::{Error, Result}; use crate::interface::*; -use crate::misc::zeromem; -use crate::{bytes_to_vec, sizeof, void_ptr}; +use crate::misc::{bytes_to_vec, sizeof, void_ptr, zeromem}; #[derive(Debug, Clone, Copy, PartialEq)] pub enum AttrType { diff --git a/src/config.rs b/src/config.rs index a844c3c5..b7df9dc8 100644 --- a/src/config.rs +++ b/src/config.rs @@ -26,6 +26,33 @@ const DEFAULT_CONF_DIR: &str = "test"; pub const DEFAULT_CONF_NAME: &str = "token.conf"; +/// Configuration for a slot +/// +/// The basic facility of a PKCS#11 is the slot. The slot represents an +/// idealized hardware slot where a token can be inserted at any time to +/// execute operations. +/// +/// In Kryoptic we use slots to allow to provide multiple independent +/// tokens with their own storage separate from any other slot. Slots +/// can't share the same storage. +/// +/// Each slot is identified by a slot number (a u32 quantity) and can +/// optionally have a customized description and manufacturer string. +/// If no description or manufacturer strings are provided then default +/// ones are set and returned to PKCS#11 applications. +/// +/// Finally the storage is defined by a pair of arguments: dbtype and dbargs +/// +/// This structure is generally sourced from a toml configuration file that +/// defines the all the slots to be exposed to the application. +/// +/// Example: +/// +/// \[\[slots\]\] +/// slot = 1 +/// dbtype = "sql" +/// dbargs = "/var/lib/kryoptic/token.sql" + #[derive(Debug, Clone, Serialize, Deserialize)] pub struct Slot { pub slot: u32, @@ -36,6 +63,9 @@ pub struct Slot { } impl Slot { + /// Creates a new empty slot with the slot number set to the special + /// indicator of u32::MAX, which will fault if encountered by the + /// configuration processing functions pub fn new() -> Slot { Slot { slot: u32::MAX, @@ -46,6 +76,9 @@ impl Slot { } } + /// Creates a new slot with a specific dbtype and db arguments set + /// The slot number is set to u32::MAX which indicates this slot still + /// needs to be assigned a specific number (tests will do that) #[cfg(test)] pub fn with_db(dbtype: &str, dbargs: Option) -> Slot { Slot { @@ -58,6 +91,15 @@ impl Slot { } } +/// For compatibility with applications that expect DER encoded EC Points +/// +/// Allows to set a global default encoding for CKA_EC_POINT attributes. +/// +/// Example: +/// +/// \[ec_point_encoding\] +/// encoding = "Bytes" + #[derive(Clone, Copy, Debug, PartialEq, Serialize, Deserialize)] #[serde(tag = "encoding")] pub enum EcPointEncoding { @@ -71,6 +113,11 @@ impl Default for EcPointEncoding { } } +/// Main configuration structure +/// +/// The main config structure is comprised of two elements, a general +/// EC Point Encoding indicator and a list of slots + #[derive(Debug, Serialize, Deserialize)] pub struct Config { #[serde(default)] @@ -83,6 +130,8 @@ fn config_error(error: E) -> Error { } impl Config { + /// Creates a new, empty, config structure, with the EC POINT Encoding + /// set to the default. pub fn new() -> Config { Config { ec_point_encoding: EcPointEncoding::default(), @@ -90,6 +139,9 @@ impl Config { } } + /// Allows to add a preconfigured slot structure. + /// Available only for tests. Ensures the slot number is set and that + /// there are no duplicates #[cfg(test)] pub fn add_slot(&mut self, slot: Slot) -> Result<()> { for s in &self.slots { @@ -101,6 +153,27 @@ impl Config { Ok(()) } + /// Find the applicable configuration for Kryoptic. + /// Kryoptic searches for a configuration file in multiple places + /// falling back from one to the next and stops once configuration file + /// is found. There is no config file merging/include support currently + /// + /// The first place where configuration is looked for is in the file + /// indicated by the `KRYOPTIC_CONF` environment variable. If this + /// variable is not set, then the code checks if the standard + /// `XDG_CONFIG_HOME` environment variable is available. + /// If this variable exists kryoptic assumes the config file is named: + /// `${XDG_CONFIG_HOME}/kryoptic/token.conf` + /// + /// Otherwise if the environment variable HOME is set the code assumes + /// the configuration file is named: + /// `${HOME}/.config/kryoptic/token.conf` + /// + /// Finally if nothing matches the code tries the relative path: + /// `test/kryoptic/token.conf` + /// + /// It is srongly advised to set the `KRYOPTIC_CONF` variable for most + /// use cases. fn find_conf() -> Result { /* First check for our own env var, * this has the highest precedence */ @@ -130,12 +203,19 @@ impl Config { } } + /// Generates a configuration structure from the named file which must + /// be a properly formatted configuration file in toml format. fn from_file(filename: &str) -> Result { let config_str = fs::read_to_string(filename)?; let conf: Config = toml::from_str(&config_str).map_err(config_error)?; Ok(conf) } + /// Generates a configuration structure from a legacy argument as passed + /// into the reserved argument of the `C_Initialize()` function. + /// + /// A valid argument is the path of a file for the sqlite storage driver + /// which must end with a .sql suffix fn from_legacy_conf_string(name: &str) -> Result { let mut conf = Config { ec_point_encoding: EcPointEncoding::default(), @@ -156,6 +236,9 @@ impl Config { Ok(conf) } + /// Ensure all slot numbers are consistent, and allocates new slot + /// numbers for slots that have the special invalid slow number of + /// u32::MAX fn fix_slot_numbers(&mut self) { let mut slotnum: u32 = 0; /* if there are any slot missing a valid slot number @@ -183,6 +266,8 @@ impl Config { } } + /// Generates the default configuration structure by searching the default + /// configuration file pub fn default_config() -> Result { let filename = Self::find_conf()?; @@ -201,6 +286,16 @@ impl Config { } } + /// Load environment variables overrides for configurations items. + /// + /// The only variable currently defined is `KRYOPTIC_EC_POINT_ENCODING` + /// Which can be used to override the encoding specified in the + /// configuration file. This is useful when multiple applications use + /// the same configuration file but expect different behavior from the + /// configure default: + /// + /// Example: + /// `export KRYOPTIC_EC_POINT_ENCODING="BYTES"` pub fn load_env_vars_overrides(&mut self) { match env::var("KRYOPTIC_EC_POINT_ENCODING") { Ok(var) => { @@ -218,6 +313,9 @@ impl Config { } } + /// Loads the NSS DB Storage configuration which is generally provided + /// as a complex formatted string as a reserved argument when calling + /// the `C_Intialize()` function. #[cfg(feature = "nssdb")] fn from_nss_init_args(args: &str) -> Result { let mut conf = Config { @@ -232,6 +330,8 @@ impl Config { Ok(conf) } + /// Calls the correct configuration parser based on the detected + /// database configuration string fn conf_from_args(&self, args: &str) -> Result { if args.starts_with("kryoptic_conf=") { let comps: Vec<&str> = args.splitn(2, '=').collect(); @@ -248,6 +348,8 @@ impl Config { Self::from_legacy_conf_string(args) } + /// Allows to specify the configuration file as a string provided as the + /// reserved argument of the `C_Initialize()` function. pub fn from_init_args(&mut self, args: &str) -> Result<()> { let conf = self.conf_from_args(args)?; diff --git a/src/ec/ecdh.rs b/src/ec/ecdh.rs index 3980afe9..0c2476ad 100644 --- a/src/ec/ecdh.rs +++ b/src/ec/ecdh.rs @@ -7,11 +7,10 @@ use crate::ec::ecdsa::{MAX_EC_SIZE_BITS, MIN_EC_SIZE_BITS}; use crate::error::Result; use crate::interface::*; use crate::mechanism::{Mechanism, Mechanisms, Operation}; +use crate::misc::cast_params; use crate::object::ObjectFactories; use crate::ossl::ecdh::ECDHOperation; -use crate::cast_params; - pub fn register(mechs: &mut Mechanisms, _: &mut ObjectFactories) { ECDHMechanism::register_mechanisms(mechs); } diff --git a/src/ec/ecdsa.rs b/src/ec/ecdsa.rs index 86c82ce5..692878d5 100644 --- a/src/ec/ecdsa.rs +++ b/src/ec/ecdsa.rs @@ -3,7 +3,6 @@ use std::fmt::Debug; -use crate::attr_element; use crate::attribute::Attribute; use crate::ec::*; use crate::error::{general_error, Error, Result}; diff --git a/src/ec/eddsa.rs b/src/ec/eddsa.rs index ee13a415..3e02c6ee 100644 --- a/src/ec/eddsa.rs +++ b/src/ec/eddsa.rs @@ -3,7 +3,6 @@ use std::fmt::Debug; -use crate::attr_element; use crate::attribute::Attribute; use crate::ec::*; use crate::error::{general_error, Error, Result}; diff --git a/src/ec/montgomery.rs b/src/ec/montgomery.rs index 4bcb2769..d4f65e47 100644 --- a/src/ec/montgomery.rs +++ b/src/ec/montgomery.rs @@ -3,7 +3,6 @@ use std::fmt::Debug; -use crate::attr_element; use crate::attribute::Attribute; use crate::ec::montgomery::montgomery::ECMontgomeryOperation; use crate::ec::*; diff --git a/src/enabled.rs b/src/enabled.rs index 3242c6af..146d435e 100644 --- a/src/enabled.rs +++ b/src/enabled.rs @@ -43,7 +43,7 @@ mod tlskdf; use mechanism::Mechanisms; use object::ObjectFactories; -pub fn register_all(mechs: &mut Mechanisms, ot: &mut ObjectFactories) { +fn register_all(mechs: &mut Mechanisms, ot: &mut ObjectFactories) { object::register(mechs, ot); #[cfg(feature = "aes")] diff --git a/src/error.rs b/src/error.rs index 49353cb9..b4b5e2dd 100644 --- a/src/error.rs +++ b/src/error.rs @@ -211,7 +211,7 @@ impl From for Error { } } -#[macro_export] +#[allow(unused_macros)] macro_rules! some_or_err { ($action:expr) => { if let Some(ref x) = $action { @@ -228,7 +228,10 @@ macro_rules! some_or_err { } }; } +#[allow(unused_imports)] +pub(crate) use some_or_err; +#[allow(dead_code)] pub fn general_error(error: E) -> Error where E: Into>, @@ -236,9 +239,18 @@ where Error::ck_rv_from_error(interface::CKR_GENERAL_ERROR, error) } +#[allow(dead_code)] pub fn device_error(error: E) -> Error where E: Into>, { Error::ck_rv_from_error(interface::CKR_DEVICE_ERROR, error) } + +macro_rules! map_err { + ($map:expr, $err:tt) => {{ + use crate::error::Error; + $map.map_err(|e| Error::ck_rv_from_error($err, e)) + }}; +} +pub(crate) use map_err; diff --git a/src/fips/indicators.rs b/src/fips/indicators.rs index e0667a31..581cab06 100644 --- a/src/fips/indicators.rs +++ b/src/fips/indicators.rs @@ -1,12 +1,11 @@ // Copyright 2024 Simo Sorce // See LICENSE.txt file for terms -use crate::attr_element; use crate::attribute::Attribute; use crate::ec::{get_oid_from_obj, oid_to_bits}; use crate::error::Result; use crate::interface::*; -use crate::object::{OAFlags, Object, ObjectAttr, ObjectFactory}; +use crate::object::{attr_element, OAFlags, Object, ObjectAttr, ObjectFactory}; use crate::Token; use once_cell::sync::Lazy; diff --git a/src/hmac.rs b/src/hmac.rs index 4322cd4d..d18e96cd 100644 --- a/src/hmac.rs +++ b/src/hmac.rs @@ -7,9 +7,8 @@ use crate::error::{Error, Result}; use crate::hash; use crate::interface::*; use crate::mechanism::*; -use crate::misc::zeromem; +use crate::misc::{sizeof, zeromem}; use crate::object::*; -use crate::sizeof; use once_cell::sync::Lazy; diff --git a/src/lib.rs b/src/lib.rs index 2eec28ce..74801244 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,6 +1,12 @@ // Copyright 2023 Simo Sorce // See LICENSE.txt file for terms +#![warn(missing_docs)] + +//! This is Kryoptic +//! +//! A cryptographic software token using the PKCS#11 standard API + use std::cell::RefCell; use std::collections::HashMap; use std::ffi::{c_char, CStr}; @@ -49,6 +55,8 @@ include!("enabled.rs"); mod kasn1; mod misc; +use crate::misc::{bytes_to_slice, bytes_to_vec, cast_params}; + macro_rules! ret_to_rv { ($ret:expr) => { match $ret { @@ -93,11 +101,19 @@ macro_rules! cast_or_ret { thread_local!(static CSPRNG: RefCell = RefCell::new(RNG::new("HMAC DRBG SHA256").unwrap())); -pub fn get_random_data(data: &mut [u8]) -> Result<()> { +/// Fill a buffer with random data +/// +/// Uses the instantaited CSPRNG to fill the buffer with random data + +fn get_random_data(data: &mut [u8]) -> Result<()> { CSPRNG.with(|rng| rng.borrow_mut().generate_random(data)) } -pub fn random_add_seed(data: &[u8]) -> Result<()> { +/// Add seed data to the CSPRNG +/// +/// This is not counted as entropy but just as additional data + +fn random_add_seed(data: &[u8]) -> Result<()> { CSPRNG.with(|rng| rng.borrow_mut().add_seed(data)) } @@ -419,6 +435,10 @@ pub fn add_slot(slot: config::Slot) -> CK_RV { CKR_OK } +/// Implementation of C_Initialize function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203255](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203255) + extern "C" fn fn_initialize(_init_args: CK_VOID_PTR) -> CK_RV { let mut gconf = global_wlock!(noinitcheck CONFIG); @@ -492,10 +512,18 @@ fn set_ec_point_encoding(val: config::EcPointEncoding) -> CK_RV { CKR_OK } +/// Implementation of C_Finalize function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203256](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203256) + extern "C" fn fn_finalize(_reserved: CK_VOID_PTR) -> CK_RV { global_wlock!(STATE).finalize() } +/// Implementation of C_GetMechanismList function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203266](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203266) + extern "C" fn fn_get_mechanism_list( slot_id: CK_SLOT_ID, mechanism_list: CK_MECHANISM_TYPE_PTR, @@ -532,6 +560,11 @@ extern "C" fn fn_get_mechanism_list( } CKR_OK } + +/// Implementation of C_GetMechanismInfo function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203267](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203267) + extern "C" fn fn_get_mechanism_info( slot_id: CK_SLOT_ID, typ: CK_MECHANISM_TYPE, @@ -545,6 +578,11 @@ extern "C" fn fn_get_mechanism_info( } CKR_OK } + +/// Implementation of C_InitToken function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203268](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203268) + extern "C" fn fn_init_token( slot_id: CK_SLOT_ID, pin: CK_UTF8CHAR_PTR, @@ -572,6 +610,11 @@ extern "C" fn fn_init_token( _ => CKR_GENERAL_ERROR, } } + +/// Implementation of C_InitPIN function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203269](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203269) + extern "C" fn fn_init_pin( s_handle: CK_SESSION_HANDLE, pin: CK_UTF8CHAR_PTR, @@ -587,6 +630,11 @@ extern "C" fn fn_init_pin( ret_to_rv!(token.set_pin(CKU_USER, &vpin, &vec![0u8; 0])) } + +/// Implementation of C_SetPIN function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203270](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203270) + extern "C" fn fn_set_pin( s_handle: CK_SESSION_HANDLE, old_pin: CK_UTF8CHAR_PTR, @@ -624,6 +672,11 @@ extern "C" fn fn_set_pin( ret } + +/// Implementation of C_OpenSession function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203272](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203272) + extern "C" fn fn_open_session( slot_id: CK_SLOT_ID, flags: CK_FLAGS, @@ -649,6 +702,11 @@ extern "C" fn fn_open_session( } CKR_OK } + +/// Implementation of C_CloseSession function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203273](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203273) + extern "C" fn fn_close_session(s_handle: CK_SESSION_HANDLE) -> CK_RV { let mut wstate = global_wlock!(STATE); let mut token = res_or_ret!(wstate.get_token_from_session_mut(s_handle)); @@ -657,6 +715,11 @@ extern "C" fn fn_close_session(s_handle: CK_SESSION_HANDLE) -> CK_RV { let _ = res_or_ret!(wstate.drop_session(s_handle)); CKR_OK } + +/// Implementation of C_CloseAllSessions function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203274](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203274) + extern "C" fn fn_close_all_sessions(slot_id: CK_SLOT_ID) -> CK_RV { let mut wstate = global_wlock!(STATE); let dropped_sessions = res_or_ret!(wstate.drop_all_sessions_slot(slot_id)); @@ -666,6 +729,11 @@ extern "C" fn fn_close_all_sessions(slot_id: CK_SLOT_ID) -> CK_RV { } CKR_OK } + +/// Implementation of C_GetSessionInfo function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203275](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203275) + extern "C" fn fn_get_session_info( s_handle: CK_SESSION_HANDLE, info: CK_SESSION_INFO_PTR, @@ -677,6 +745,11 @@ extern "C" fn fn_get_session_info( } CKR_OK } + +/// Implementation of C_GetOperationState function (Not Implemented Yet) +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203277](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203277) + extern "C" fn fn_get_operation_state( _session: CK_SESSION_HANDLE, _operation_state: CK_BYTE_PTR, @@ -684,6 +757,11 @@ extern "C" fn fn_get_operation_state( ) -> CK_RV { CKR_FUNCTION_NOT_SUPPORTED } + +/// Implementation of C_SetOperationState function (Not Implemented Yet) +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203278](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203278) + extern "C" fn fn_set_operation_state( _session: CK_SESSION_HANDLE, _operation_state: CK_BYTE_PTR, @@ -693,6 +771,11 @@ extern "C" fn fn_set_operation_state( ) -> CK_RV { CKR_FUNCTION_NOT_SUPPORTED } + +/// Implementation of C_Login function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203279](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203279) + extern "C" fn fn_login( s_handle: CK_SESSION_HANDLE, user_type: CK_USER_TYPE, @@ -751,6 +834,11 @@ extern "C" fn fn_login( } } } + +/// Implementation of C_Logout function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203281](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203281) + extern "C" fn fn_logout(s_handle: CK_SESSION_HANDLE) -> CK_RV { let rstate = global_rlock!(STATE); let session = res_or_ret!(rstate.get_session(s_handle)); @@ -777,6 +865,10 @@ macro_rules! fail_if_cka_token_true { }; } +/// Implementation of C_CreateObject function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203283](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203283) + extern "C" fn fn_create_object( s_handle: CK_SESSION_HANDLE, template: CK_ATTRIBUTE_PTR, @@ -843,6 +935,11 @@ extern "C" fn fn_create_object( CKR_OK } + +/// Implementation of C_CopyObject function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203284](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203284) + extern "C" fn fn_copy_object( s_handle: CK_SESSION_HANDLE, o_handle: CK_OBJECT_HANDLE, @@ -870,6 +967,11 @@ extern "C" fn fn_copy_object( CKR_OK } + +/// Implementation of C_DestroyObject function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203285](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203285) + extern "C" fn fn_destroy_object( s_handle: CK_SESSION_HANDLE, o_handle: CK_OBJECT_HANDLE, @@ -886,6 +988,10 @@ extern "C" fn fn_destroy_object( ret_to_rv!(token.destroy_object(o_handle)) } +/// Implementation of C_GetObjectSize function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203286](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203286) + extern "C" fn fn_get_object_size( s_handle: CK_SESSION_HANDLE, o_handle: CK_OBJECT_HANDLE, @@ -900,6 +1006,10 @@ extern "C" fn fn_get_object_size( CKR_OK } +/// Implementation of C_GetAttributeValue function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203287](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203287) + extern "C" fn fn_get_attribute_value( s_handle: CK_SESSION_HANDLE, o_handle: CK_OBJECT_HANDLE, @@ -978,6 +1088,10 @@ extern "C" fn fn_get_attribute_value( result } +/// Implementation of C_SetAttributeValue function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203288](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203288) + extern "C" fn fn_set_attribute_value( s_handle: CK_SESSION_HANDLE, o_handle: CK_OBJECT_HANDLE, @@ -1003,6 +1117,10 @@ extern "C" fn fn_set_attribute_value( ret_to_rv!(token.set_object_attrs(o_handle, &mut tmpl)) } +/// Implementation of C_FindObjectsInit function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203289](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203289) + extern "C" fn fn_find_objects_init( s_handle: CK_SESSION_HANDLE, template: CK_ATTRIBUTE_PTR, @@ -1018,6 +1136,10 @@ extern "C" fn fn_find_objects_init( ret_to_rv!(session.new_search_operation(&mut token, tmpl)) } +/// Implementation of C_FindObjects function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203290](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203290) + extern "C" fn fn_find_objects( s_handle: CK_SESSION_HANDLE, ph_object: CK_OBJECT_HANDLE_PTR, @@ -1053,6 +1175,11 @@ extern "C" fn fn_find_objects( } CKR_OK } + +/// Implementation of C_FindObjectsFinal function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203291](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203291) + extern "C" fn fn_find_objects_final(s_handle: CK_SESSION_HANDLE) -> CK_RV { let rstate = global_rlock!(STATE); let mut session = res_or_ret!(rstate.get_session_mut(s_handle)); @@ -1083,6 +1210,11 @@ macro_rules! check_op_empty_or_fail { }; } +/// Check that the mechanism is allowed by the Key object +/// +/// Verifies that the mechanism is listed in the CKA_ALLOWED_MECHANISMS +/// attribute if such attribute is present, otherwise allows everything. + fn check_allowed_mechs(mech: &CK_MECHANISM, key: &object::Object) -> CK_RV { let allowed = match key.get_attr(CKA_ALLOWED_MECHANISMS) { Some(attr) => attr, @@ -1113,6 +1245,10 @@ fn check_allowed_mechs(mech: &CK_MECHANISM, key: &object::Object) -> CK_RV { return CKR_MECHANISM_INVALID; } +/// Implementation of C_EncryptInit function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203293](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203293) + extern "C" fn fn_encrypt_init( s_handle: CK_SESSION_HANDLE, mechptr: CK_MECHANISM_PTR, @@ -1141,6 +1277,10 @@ extern "C" fn fn_encrypt_init( } } +/// Implementation of C_Encrypt function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203294](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203294) + extern "C" fn fn_encrypt( s_handle: CK_SESSION_HANDLE, pdata: CK_BYTE_PTR, @@ -1186,6 +1326,11 @@ extern "C" fn fn_encrypt( } CKR_OK } + +/// Implementation of C_EncryptUpdate function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203295](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203295) + extern "C" fn fn_encrypt_update( s_handle: CK_SESSION_HANDLE, part: CK_BYTE_PTR, @@ -1225,6 +1370,11 @@ extern "C" fn fn_encrypt_update( unsafe { *pul_encrypted_part_len = retlen }; CKR_OK } + +/// Implementation of C_EncryptFinal function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203296](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203296) + extern "C" fn fn_encrypt_final( s_handle: CK_SESSION_HANDLE, last_encrypted_part: CK_BYTE_PTR, @@ -1267,6 +1417,10 @@ extern "C" fn fn_encrypt_final( CKR_OK } +/// Implementation of C_DecryptInit function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203304](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203304) + extern "C" fn fn_decrypt_init( s_handle: CK_SESSION_HANDLE, mechptr: CK_MECHANISM_PTR, @@ -1294,6 +1448,11 @@ extern "C" fn fn_decrypt_init( CKR_MECHANISM_INVALID } } + +/// Implementation of C_Decrypt function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203305](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203305) + extern "C" fn fn_decrypt( s_handle: CK_SESSION_HANDLE, encrypted_data: CK_BYTE_PTR, @@ -1340,6 +1499,11 @@ extern "C" fn fn_decrypt( } CKR_OK } + +/// Implementation of C_DecryptUpdate function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203306](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203306) + extern "C" fn fn_decrypt_update( s_handle: CK_SESSION_HANDLE, encrypted_part: CK_BYTE_PTR, @@ -1380,6 +1544,11 @@ extern "C" fn fn_decrypt_update( unsafe { *pul_part_len = retlen }; CKR_OK } + +/// Implementation of C_DecryptFinal function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203307](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203307) + extern "C" fn fn_decrypt_final( s_handle: CK_SESSION_HANDLE, last_part: CK_BYTE_PTR, @@ -1422,6 +1591,10 @@ extern "C" fn fn_decrypt_final( CKR_OK } +/// Implementation of C_DigestInit +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203315](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203315) + extern "C" fn fn_digest_init( s_handle: CK_SESSION_HANDLE, mechptr: CK_MECHANISM_PTR, @@ -1442,6 +1615,10 @@ extern "C" fn fn_digest_init( } } +/// Implementation of C_Digest function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203316](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203316) + extern "C" fn fn_digest( s_handle: CK_SESSION_HANDLE, pdata: CK_BYTE_PTR, @@ -1492,6 +1669,11 @@ extern "C" fn fn_digest( } ret } + +/// Implementation of C_DigestUpdate function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203317](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203317) + extern "C" fn fn_digest_update( s_handle: CK_SESSION_HANDLE, part: CK_BYTE_PTR, @@ -1513,6 +1695,11 @@ extern "C" fn fn_digest_update( let data: &[u8] = unsafe { std::slice::from_raw_parts(part, plen) }; ret_to_rv!(operation.digest_update(data)) } + +/// Implementation of C_DigestKey function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203318](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203318) + extern "C" fn fn_digest_key( s_handle: CK_SESSION_HANDLE, key_handle: CK_OBJECT_HANDLE, @@ -1549,6 +1736,11 @@ extern "C" fn fn_digest_key( CKR_OK } + +/// Implementation of C_DigestFinal function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203319](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203319) + extern "C" fn fn_digest_final( s_handle: CK_SESSION_HANDLE, pdigest: CK_BYTE_PTR, @@ -1596,6 +1788,10 @@ extern "C" fn fn_digest_final( ret } +/// Implementation of C_SignInit function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203321](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203321) + extern "C" fn fn_sign_init( s_handle: CK_SESSION_HANDLE, mechptr: CK_MECHANISM_PTR, @@ -1622,6 +1818,11 @@ extern "C" fn fn_sign_init( CKR_MECHANISM_INVALID } } + +/// Implementation of C_Sign function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203322](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203322) + extern "C" fn fn_sign( s_handle: CK_SESSION_HANDLE, pdata: CK_BYTE_PTR, @@ -1673,6 +1874,11 @@ extern "C" fn fn_sign( } ret } + +/// Implementation of C_SignUpdate function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203323](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203323) + extern "C" fn fn_sign_update( s_handle: CK_SESSION_HANDLE, part: CK_BYTE_PTR, @@ -1694,6 +1900,11 @@ extern "C" fn fn_sign_update( let data: &[u8] = unsafe { std::slice::from_raw_parts(part, plen) }; ret_to_rv!(operation.sign_update(data)) } + +/// Implementation of C_SignFinal function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203324](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203324) + extern "C" fn fn_sign_final( s_handle: CK_SESSION_HANDLE, psignature: CK_BYTE_PTR, @@ -1740,6 +1951,11 @@ extern "C" fn fn_sign_final( } ret } + +/// Implementation of C_SignRecoverInit function (Not Implemented Yet) +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203325](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203325) + extern "C" fn fn_sign_recover_init( _session: CK_SESSION_HANDLE, _mechanism: CK_MECHANISM_PTR, @@ -1747,6 +1963,11 @@ extern "C" fn fn_sign_recover_init( ) -> CK_RV { CKR_FUNCTION_NOT_SUPPORTED } + +/// Implementation of C_SignRecover function (Not Implemented Yet) +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203326](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203326) + extern "C" fn fn_sign_recover( _session: CK_SESSION_HANDLE, _data: CK_BYTE_PTR, @@ -1756,6 +1977,11 @@ extern "C" fn fn_sign_recover( ) -> CK_RV { CKR_FUNCTION_NOT_SUPPORTED } + +/// Implementation of C_VerifyInit function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203334](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203334) + extern "C" fn fn_verify_init( s_handle: CK_SESSION_HANDLE, mechptr: CK_MECHANISM_PTR, @@ -1782,6 +2008,11 @@ extern "C" fn fn_verify_init( CKR_MECHANISM_INVALID } } + +/// Implementation of C_Verify function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203335](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203335) + extern "C" fn fn_verify( s_handle: CK_SESSION_HANDLE, pdata: CK_BYTE_PTR, @@ -1820,6 +2051,11 @@ extern "C" fn fn_verify( ret } + +/// Implementation of C_VerifyUpdate function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203336](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203336) + extern "C" fn fn_verify_update( s_handle: CK_SESSION_HANDLE, part: CK_BYTE_PTR, @@ -1841,6 +2077,11 @@ extern "C" fn fn_verify_update( let data: &[u8] = unsafe { std::slice::from_raw_parts(part, plen) }; ret_to_rv!(operation.verify_update(data)) } + +/// Implementation of C_VerifyFinal function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203337](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203337) + extern "C" fn fn_verify_final( s_handle: CK_SESSION_HANDLE, psignature: CK_BYTE_PTR, @@ -1875,6 +2116,11 @@ extern "C" fn fn_verify_final( ret } + +/// Implementation of C_VerifyRecoverInit function (Not Implemented Yet) +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203338](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203338) + extern "C" fn fn_verify_recover_init( _session: CK_SESSION_HANDLE, _mechanism: CK_MECHANISM_PTR, @@ -1882,6 +2128,11 @@ extern "C" fn fn_verify_recover_init( ) -> CK_RV { CKR_FUNCTION_NOT_SUPPORTED } + +/// Implementation of C_VerifyRecover function (Not Implemented Yet) +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203339](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203339) + extern "C" fn fn_verify_recover( _session: CK_SESSION_HANDLE, _signature: CK_BYTE_PTR, @@ -1891,6 +2142,11 @@ extern "C" fn fn_verify_recover( ) -> CK_RV { CKR_FUNCTION_NOT_SUPPORTED } + +/// Implementation of C_DigestEncryptUpdate function (Not Implemented Yet) +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203347](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203347) + extern "C" fn fn_digest_encrypt_update( _session: CK_SESSION_HANDLE, _part: CK_BYTE_PTR, @@ -1900,6 +2156,11 @@ extern "C" fn fn_digest_encrypt_update( ) -> CK_RV { CKR_FUNCTION_NOT_SUPPORTED } + +/// Implementation of C_DecryptDigestUpdate function (Not Implemented Yet) +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203348](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203348) + extern "C" fn fn_decrypt_digest_update( _session: CK_SESSION_HANDLE, _encrypted_part: CK_BYTE_PTR, @@ -1909,6 +2170,11 @@ extern "C" fn fn_decrypt_digest_update( ) -> CK_RV { CKR_FUNCTION_NOT_SUPPORTED } + +/// Implementation of C_SignEncryptUpdate function (Not Implemented Yet) +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203349](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203349) + extern "C" fn fn_sign_encrypt_update( _session: CK_SESSION_HANDLE, _part: CK_BYTE_PTR, @@ -1918,6 +2184,11 @@ extern "C" fn fn_sign_encrypt_update( ) -> CK_RV { CKR_FUNCTION_NOT_SUPPORTED } + +/// Implementation of C_DecryptVerifyUpdate function (Not Implemented Yet) +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203350](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203350) + extern "C" fn fn_decrypt_verify_update( _session: CK_SESSION_HANDLE, _encrypted_part: CK_BYTE_PTR, @@ -1928,6 +2199,10 @@ extern "C" fn fn_decrypt_verify_update( CKR_FUNCTION_NOT_SUPPORTED } +/// Implementation of C_GenerateKey function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203352](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203352) + extern "C" fn fn_generate_key( s_handle: CK_SESSION_HANDLE, mechptr: CK_MECHANISM_PTR, @@ -1987,6 +2262,10 @@ extern "C" fn fn_generate_key( CKR_OK } +/// Implementation of C_GeneateKeyPair function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203353](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203353) + extern "C" fn fn_generate_key_pair( s_handle: CK_SESSION_HANDLE, mechptr: CK_MECHANISM_PTR, @@ -2068,6 +2347,10 @@ extern "C" fn fn_generate_key_pair( } } +/// Implementation of C_WrapKey function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203354](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203354) + extern "C" fn fn_wrap_key( s_handle: CK_SESSION_HANDLE, mechptr: CK_MECHANISM_PTR, @@ -2135,6 +2418,10 @@ extern "C" fn fn_wrap_key( CKR_OK } +/// Implementation of C_UnwrapKey function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203355](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203355) + extern "C" fn fn_unwrap_key( s_handle: CK_SESSION_HANDLE, mechptr: CK_MECHANISM_PTR, @@ -2204,6 +2491,10 @@ extern "C" fn fn_unwrap_key( } } +/// Implementation of C_DeriveKey function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203356](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203356) + extern "C" fn fn_derive_key( s_handle: CK_SESSION_HANDLE, mechptr: CK_MECHANISM_PTR, @@ -2409,6 +2700,10 @@ extern "C" fn fn_derive_key( } } +/// Implementation of C_SeedRandom function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203358](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203358) + extern "C" fn fn_seed_random( s_handle: CK_SESSION_HANDLE, seed: CK_BYTE_PTR, @@ -2421,6 +2716,10 @@ extern "C" fn fn_seed_random( ret_to_rv!(random_add_seed(data)) } +/// Implementation of C_GeneateRandom function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203359](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203359) + extern "C" fn fn_generate_random( s_handle: CK_SESSION_HANDLE, random_data: CK_BYTE_PTR, @@ -2433,12 +2732,27 @@ extern "C" fn fn_generate_random( unsafe { std::slice::from_raw_parts_mut(random_data, rndlen) }; ret_to_rv!(get_random_data(data)) } + +/// Implementation of C_GetFunctionStatus function (Not Implemented Yet) +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203361](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203361) + extern "C" fn fn_get_function_status(_session: CK_SESSION_HANDLE) -> CK_RV { CKR_FUNCTION_NOT_SUPPORTED } + +/// Implementation of C_CancelFunction function (Not Implemented Yet) +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203362](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203362) + extern "C" fn fn_cancel_function(_session: CK_SESSION_HANDLE) -> CK_RV { CKR_FUNCTION_NOT_SUPPORTED } + +/// Implementation of C_WaitForSlotEvent function (Not Implemented Yet) +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203265](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203265) + extern "C" fn fn_wait_for_slot_event( _flags: CK_FLAGS, _slot: CK_SLOT_ID_PTR, @@ -2447,7 +2761,7 @@ extern "C" fn fn_wait_for_slot_event( CKR_FUNCTION_NOT_SUPPORTED } -pub static FNLIST_240: CK_FUNCTION_LIST = CK_FUNCTION_LIST { +static FNLIST_240: CK_FUNCTION_LIST = CK_FUNCTION_LIST { version: CK_VERSION { major: 2, minor: 40, @@ -2522,6 +2836,10 @@ pub static FNLIST_240: CK_FUNCTION_LIST = CK_FUNCTION_LIST { C_WaitForSlotEvent: Some(fn_wait_for_slot_event), }; +/// Implementation of C_GetSlotList function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203262](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203262) + extern "C" fn fn_get_slot_list( _token_present: CK_BBOOL, slot_list: CK_SLOT_ID_PTR, @@ -2556,6 +2874,10 @@ extern "C" fn fn_get_slot_list( CKR_OK } +/// Implementation of C_GetSlotInfo function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203263](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203263) + extern "C" fn fn_get_slot_info( slot_id: CK_SLOT_ID, info: CK_SLOT_INFO_PTR, @@ -2572,6 +2894,10 @@ extern "C" fn fn_get_slot_info( CKR_OK } +/// Implementation of C_GetTokenInfo function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203264](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203264) + extern "C" fn fn_get_token_info( slot_id: CK_SLOT_ID, info: CK_TOKEN_INFO_PTR, @@ -2603,6 +2929,10 @@ static MODULE_INFO: CK_INFO = CK_INFO { libraryVersion: LIBRARY_VERSION, }; +/// Implementation of C_GetInfo function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203257](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203257) + extern "C" fn fn_get_info(info: CK_INFO_PTR) -> CK_RV { unsafe { *info = MODULE_INFO; @@ -2610,6 +2940,21 @@ extern "C" fn fn_get_info(info: CK_INFO_PTR) -> CK_RV { CKR_OK } +/// Provides access to the functions defined in the API specification +/// +/// The vtable returned by this function includes a version specifier as +/// the first element of this table. This version number determines the +/// length and contents of the rest of the vtable. +/// +/// Often for backwards compatibility reasons the table returned by this +/// function is the table specified in PKCS#11 v2.40. +/// +/// While access to later versions of the table is deferred to the +/// `C_GeInterfaceList` function available starting with version 3.0 of the +/// specification. +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203258](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203258) + #[no_mangle] pub extern "C" fn C_GetFunctionList(fnlist: CK_FUNCTION_LIST_PTR_PTR) -> CK_RV { unsafe { @@ -2620,6 +2965,10 @@ pub extern "C" fn C_GetFunctionList(fnlist: CK_FUNCTION_LIST_PTR_PTR) -> CK_RV { // Additional 3.0 functions +/// Implementation of C_LoginUser function (Not Implemented Yet) +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203280](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203280) + extern "C" fn fn_login_user( _session: CK_SESSION_HANDLE, _user_type: CK_USER_TYPE, @@ -2630,6 +2979,11 @@ extern "C" fn fn_login_user( ) -> CK_RV { CKR_FUNCTION_NOT_SUPPORTED } + +/// Implementation of C_SessionCancel function (Not Implemented Yet) +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203276](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203276) + extern "C" fn fn_session_cancel( _session: CK_SESSION_HANDLE, _flags: CK_FLAGS, @@ -2637,6 +2991,10 @@ extern "C" fn fn_session_cancel( CKR_FUNCTION_NOT_SUPPORTED } +/// Implementation of C_MessageEncryptInit function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203298](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203298) + extern "C" fn fn_message_encrypt_init( s_handle: CK_SESSION_HANDLE, mechptr: CK_MECHANISM_PTR, @@ -2663,6 +3021,10 @@ extern "C" fn fn_message_encrypt_init( } } +/// Implementation of C_EncryptMessage function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203299](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203299) + extern "C" fn fn_encrypt_message( s_handle: CK_SESSION_HANDLE, parameter: CK_VOID_PTR, @@ -2740,6 +3102,10 @@ extern "C" fn fn_encrypt_message( CKR_OK } +/// Implementation of C_EncryptMessageBegin function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203300](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203300) + extern "C" fn fn_encrypt_message_begin( s_handle: CK_SESSION_HANDLE, parameter: CK_VOID_PTR, @@ -2780,6 +3146,10 @@ extern "C" fn fn_encrypt_message_begin( ret_to_rv!(operation.msg_encrypt_begin(parameter, parameter_len, adata)) } +/// Implementation of C_EncryptMessageNext function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203301](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203301) + extern "C" fn fn_encrypt_message_next( s_handle: CK_SESSION_HANDLE, parameter: CK_VOID_PTR, @@ -2862,6 +3232,10 @@ extern "C" fn fn_encrypt_message_next( CKR_OK } +/// Implementation of C_MessageEncryptFinal function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203302](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203302) + extern "C" fn fn_message_encrypt_final(s_handle: CK_SESSION_HANDLE) -> CK_RV { let rstate = global_rlock!(STATE); let mut session = res_or_ret!(rstate.get_session_mut(s_handle)); @@ -2875,6 +3249,10 @@ extern "C" fn fn_message_encrypt_final(s_handle: CK_SESSION_HANDLE) -> CK_RV { ret_to_rv!(operation.finalize()) } +/// Implementation of C_MessageDecryptInit function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203309](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203309) + extern "C" fn fn_message_decrypt_init( s_handle: CK_SESSION_HANDLE, mechptr: CK_MECHANISM_PTR, @@ -2901,6 +3279,10 @@ extern "C" fn fn_message_decrypt_init( } } +/// Implementation of C_DecryptMessage function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203310](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203310) + extern "C" fn fn_decrypt_message( s_handle: CK_SESSION_HANDLE, parameter: CK_VOID_PTR, @@ -2978,6 +3360,10 @@ extern "C" fn fn_decrypt_message( CKR_OK } +/// Implementation of C_DecryptMessageBegin function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203311](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203311) + extern "C" fn fn_decrypt_message_begin( s_handle: CK_SESSION_HANDLE, parameter: CK_VOID_PTR, @@ -3018,6 +3404,10 @@ extern "C" fn fn_decrypt_message_begin( ret_to_rv!(operation.msg_decrypt_begin(parameter, parameter_len, adata)) } +/// Implementation of C_DecryptMessageNext function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203312](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203312) + extern "C" fn fn_decrypt_message_next( s_handle: CK_SESSION_HANDLE, parameter: CK_VOID_PTR, @@ -3101,6 +3491,10 @@ extern "C" fn fn_decrypt_message_next( CKR_OK } +/// Implementation of C_MessageDecryptFinal function +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203313](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203313) + extern "C" fn fn_message_decrypt_final(s_handle: CK_SESSION_HANDLE) -> CK_RV { let rstate = global_rlock!(STATE); let mut session = res_or_ret!(rstate.get_session_mut(s_handle)); @@ -3114,6 +3508,10 @@ extern "C" fn fn_message_decrypt_final(s_handle: CK_SESSION_HANDLE) -> CK_RV { ret_to_rv!(operation.finalize()) } +/// Implementation of C_MessageSignInit function (Not Implemented Yet) +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203328](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203328) + extern "C" fn fn_message_sign_init( _session: CK_SESSION_HANDLE, _mechanism: CK_MECHANISM_PTR, @@ -3121,6 +3519,11 @@ extern "C" fn fn_message_sign_init( ) -> CK_RV { CKR_FUNCTION_NOT_SUPPORTED } + +/// Implementation of C_SignMessage function (Not Implemented Yet) +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203329](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203329) + extern "C" fn fn_sign_message( _session: CK_SESSION_HANDLE, _parameter: CK_VOID_PTR, @@ -3132,6 +3535,11 @@ extern "C" fn fn_sign_message( ) -> CK_RV { CKR_FUNCTION_NOT_SUPPORTED } + +/// Implementation of C_SignMessageBegin function (Not Implemented Yet) +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203330](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203330) + extern "C" fn fn_sign_message_begin( _session: CK_SESSION_HANDLE, _parameter: CK_VOID_PTR, @@ -3139,6 +3547,11 @@ extern "C" fn fn_sign_message_begin( ) -> CK_RV { CKR_FUNCTION_NOT_SUPPORTED } + +/// Implementation of C_SignMessageNext function (Not Implemented Yet) +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203331](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203331) + extern "C" fn fn_sign_message_next( _session: CK_SESSION_HANDLE, _parameter: CK_VOID_PTR, @@ -3150,9 +3563,19 @@ extern "C" fn fn_sign_message_next( ) -> CK_RV { CKR_FUNCTION_NOT_SUPPORTED } + +/// Implementation of C_MessageSignFinal function (Not Implemented Yet) +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203332](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203332) + extern "C" fn fn_message_sign_final(_session: CK_SESSION_HANDLE) -> CK_RV { CKR_FUNCTION_NOT_SUPPORTED } + +/// Implementation of C_MessageVerifyInit function (Not Implemented Yet) +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203341](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203341) + extern "C" fn fn_message_verify_init( _session: CK_SESSION_HANDLE, _mechanism: CK_MECHANISM_PTR, @@ -3160,6 +3583,11 @@ extern "C" fn fn_message_verify_init( ) -> CK_RV { CKR_FUNCTION_NOT_SUPPORTED } + +/// Implementation of C_VerifyMessage function (Not Implemented Yet) +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203342](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203342) + extern "C" fn fn_verify_message( _session: CK_SESSION_HANDLE, _parameter: CK_VOID_PTR, @@ -3171,6 +3599,11 @@ extern "C" fn fn_verify_message( ) -> CK_RV { CKR_FUNCTION_NOT_SUPPORTED } + +/// Implementation of C_VerifyMessageBegin function (Not Implemented Yet) +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203343](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203343) + extern "C" fn fn_verify_message_begin( _session: CK_SESSION_HANDLE, _parameter: CK_VOID_PTR, @@ -3178,6 +3611,11 @@ extern "C" fn fn_verify_message_begin( ) -> CK_RV { CKR_FUNCTION_NOT_SUPPORTED } + +/// Implementation of C_VerifyMessageNext function (Not Implemented Yet) +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203344](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203344) + extern "C" fn fn_verify_message_next( _session: CK_SESSION_HANDLE, _parameter: CK_VOID_PTR, @@ -3189,11 +3627,16 @@ extern "C" fn fn_verify_message_next( ) -> CK_RV { CKR_FUNCTION_NOT_SUPPORTED } + +/// Implementation of C_MessageVerifyFinal function (Not Implemented Yet) +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203345](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203345) + extern "C" fn fn_message_verify_final(_session: CK_SESSION_HANDLE) -> CK_RV { CKR_FUNCTION_NOT_SUPPORTED } -pub static FNLIST_300: CK_FUNCTION_LIST_3_0 = CK_FUNCTION_LIST_3_0 { +static FNLIST_300: CK_FUNCTION_LIST_3_0 = CK_FUNCTION_LIST_3_0 { version: CK_VERSION { major: 3, minor: 0 }, C_Initialize: Some(fn_initialize), C_Finalize: Some(fn_finalize), @@ -3334,6 +3777,18 @@ static INTERFACE_SET: Lazy> = Lazy::new(|| { v }); +/// Provides access to the list of interfaces defined by this implementation +/// +/// Starting with PKCS#11 version 3.0.0 tokens provide a list of interfaces +/// that can be obtained from the token. Each interface provides a name, and +/// a pointer to a vtable containing the functions defined for that interface. +/// Additionally flags are returned as well. +/// Custom interfaces can be defined by any vendor by specifying a custom +/// interface name. The name "PKCS 11" is reserved for official standard +/// interfaces. +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203259](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203259) + #[no_mangle] pub extern "C" fn C_GetInterfaceList( interfaces_list: CK_INTERFACE_PTR, @@ -3369,6 +3824,14 @@ pub extern "C" fn C_GetInterfaceList( CKR_OK } +/// Returns a specific interface identified by name and version +/// +/// Applications that wants to immediately access a specific interface name, +/// optionally a speific version too. +/// The `interface` argument returns the pointer to the requested vtable +/// +/// Version 3.1 Specification: [https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203260](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203260) + #[no_mangle] pub extern "C" fn C_GetInterface( interface_name: CK_UTF8CHAR_PTR, @@ -3416,6 +3879,11 @@ pub extern "C" fn C_GetInterface( CKR_ARGUMENTS_BAD } +/// Implementation of the OpenSSL provider initialization function +/// +/// This function allows OpenSSL to use this module as an OpenSSL FIPS +/// provider + #[cfg(feature = "fips")] #[no_mangle] pub extern "C" fn OSSL_provider_init( diff --git a/src/mechanism.rs b/src/mechanism.rs index 4b1474c9..dd2ee26b 100644 --- a/src/mechanism.rs +++ b/src/mechanism.rs @@ -247,12 +247,15 @@ pub trait Mac: MechOperation { fn mac(&mut self, _data: &[u8], _digest: &mut [u8]) -> Result<()> { Err(CKR_GENERAL_ERROR)? } + #[allow(dead_code)] fn mac_update(&mut self, _data: &[u8]) -> Result<()> { Err(CKR_GENERAL_ERROR)? } + #[allow(dead_code)] fn mac_final(&mut self, _digest: &mut [u8]) -> Result<()> { Err(CKR_GENERAL_ERROR)? } + #[allow(dead_code)] fn mac_len(&self) -> Result { Err(CKR_GENERAL_ERROR)? } diff --git a/src/misc.rs b/src/misc.rs index 3e9626f8..e52c3388 100644 --- a/src/misc.rs +++ b/src/misc.rs @@ -9,14 +9,6 @@ use crate::object::{Object, ObjectFactories, ObjectType}; use crate::ossl::common::zeromem as ossl_zeromem; pub const CK_ULONG_SIZE: usize = std::mem::size_of::(); -#[macro_export] -macro_rules! map_err { - ($map:expr, $err:tt) => {{ - $map.map_err(|e| error::Error::ck_rv_from_error($err, e)) - }}; -} - -#[macro_export] macro_rules! bytes_to_vec { ($ptr:expr, $len:expr) => {{ let ptr = $ptr as *const u8; @@ -33,22 +25,22 @@ macro_rules! bytes_to_vec { } }}; } +pub(crate) use bytes_to_vec; -#[macro_export] macro_rules! void_ptr { ($ptr:expr) => { $ptr as *const _ as CK_VOID_PTR }; } +pub(crate) use void_ptr; -#[macro_export] macro_rules! byte_ptr { ($ptr:expr) => { $ptr as *const _ as CK_BYTE_PTR }; } +pub(crate) use byte_ptr; -#[macro_export] macro_rules! cast_params { ($mech:expr, $params:ty) => {{ let Ok(len) = usize::try_from($mech.ulParameterLen) else { @@ -80,15 +72,15 @@ macro_rules! cast_params { unsafe { *($param as *const $params) } }}; } +pub(crate) use cast_params; -#[macro_export] macro_rules! sizeof { ($type:ty) => { CK_ULONG::try_from(std::mem::size_of::<$type>()).unwrap() }; } +pub(crate) use sizeof; -#[macro_export] macro_rules! bytes_to_slice { ($ptr: expr, $len:expr, $typ:ty) => { if $len > 0 { @@ -116,6 +108,7 @@ macro_rules! bytes_to_slice { } }; } +pub(crate) use bytes_to_slice; #[allow(dead_code)] pub fn common_derive_data_object( diff --git a/src/native/sp800_108.rs b/src/native/sp800_108.rs index 80936ea9..67849f70 100644 --- a/src/native/sp800_108.rs +++ b/src/native/sp800_108.rs @@ -2,13 +2,12 @@ // See LICENSE.txt file for terms use crate::attribute::Attribute; -use crate::error; -use crate::error::Result; +use crate::error::{map_err, Result}; use crate::interface::*; use crate::mechanism::{Derive, Mac, MechOperation, Mechanisms}; +use crate::misc::{bytes_to_slice, bytes_to_vec}; use crate::object::{Object, ObjectFactories}; use crate::sp800_108::*; -use crate::{bytes_to_slice, bytes_to_vec, map_err}; macro_rules! maxsize { ($size: expr) => { diff --git a/src/native/sshkdf.rs b/src/native/sshkdf.rs index dfeb23a3..af102f64 100644 --- a/src/native/sshkdf.rs +++ b/src/native/sshkdf.rs @@ -10,7 +10,6 @@ use crate::interface::*; use crate::mechanism::{Derive, MechOperation, Mechanisms}; use crate::misc; use crate::object::{Object, ObjectFactories}; -use crate::{bytes_to_vec, cast_params}; #[derive(Debug)] pub struct SSHKDFOperation { @@ -25,7 +24,7 @@ pub struct SSHKDFOperation { impl SSHKDFOperation { pub fn new(mech: &CK_MECHANISM) -> Result { - let params = cast_params!(mech, KR_SSHKDF_PARAMS); + let params = misc::cast_params!(mech, KR_SSHKDF_PARAMS); if !hash::is_valid_hash(params.prfHashMechanism) { return Err(CKR_MECHANISM_PARAM_INVALID)?; @@ -46,11 +45,14 @@ impl SSHKDFOperation { finalized: false, prf: params.prfHashMechanism, key_type: params.derivedKeyType, - exchange_hash: bytes_to_vec!( + exchange_hash: misc::bytes_to_vec!( params.pExchangeHash, params.ulExchangeHashLen ), - session_id: bytes_to_vec!(params.pSessionId, params.ulSessionIdLen), + session_id: misc::bytes_to_vec!( + params.pSessionId, + params.ulSessionIdLen + ), is_data: is_data, }) } diff --git a/src/object.rs b/src/object.rs index d71c90d6..b92e9f83 100644 --- a/src/object.rs +++ b/src/object.rs @@ -296,14 +296,14 @@ impl ObjectAttr { } } -#[macro_export] macro_rules! attr_element { ($id:expr; $flags:expr; $from_type:expr; val $defval:expr) => { ObjectAttr::new($from_type($id, $defval), $flags) }; } +pub(crate) use attr_element; -#[macro_export] +#[allow(unused_macros)] macro_rules! bytes_attr_not_empty { ($obj:expr; $id:expr) => { match $obj.get_attr_as_bytes($id) { @@ -322,6 +322,8 @@ macro_rules! bytes_attr_not_empty { } }; } +#[allow(unused_imports)] +pub(crate) use bytes_attr_not_empty; pub trait ObjectFactory: Debug + Send + Sync { fn create(&self, _template: &[CK_ATTRIBUTE]) -> Result { @@ -502,6 +504,7 @@ pub trait ObjectFactory: Debug + Send + Sync { Ok(obj) } + #[allow(dead_code)] fn set_attribute_default( &self, attr: CK_ATTRIBUTE_TYPE, diff --git a/src/ossl/aes.rs b/src/ossl/aes.rs index 5a7eed98..7cbfdb5d 100644 --- a/src/ossl/aes.rs +++ b/src/ossl/aes.rs @@ -5,16 +5,17 @@ use std::ffi::{c_char, c_int, c_void}; use crate::aes::*; use crate::error; -use crate::error::Result; +use crate::error::{map_err, Result}; use crate::interface::*; use crate::mechanism::*; -use crate::misc::zeromem; +use crate::misc::{ + bytes_to_slice, bytes_to_vec, cast_params, void_ptr, zeromem, +}; use crate::object::Object; use crate::ossl::bindings::*; use crate::ossl::common::*; #[cfg(feature = "fips")] use crate::ossl::fips::*; -use crate::{bytes_to_slice, bytes_to_vec, cast_params, map_err, void_ptr}; use crate::get_random_data; @@ -34,9 +35,14 @@ const AES_128_WRAP_PAD_NAME: &[u8; 17] = b"AES-128-WRAP-PAD\0"; const AES_192_WRAP_PAD_NAME: &[u8; 17] = b"AES-192-WRAP-PAD\0"; const AES_256_WRAP_PAD_NAME: &[u8; 17] = b"AES-256-WRAP-PAD\0"; -/* It is safe to share const ciphers as they do not change once they have been - * created, and reference static function pointers and other data that is - * always valid */ +/// AES EVP_CIPHER Object Wrapper +/// +/// Gives access to the underlying OpenSSL Cipher context for a specific +/// OpenSSL AES cipher mode. +/// +/// It is safe to share const ciphers as they do not change once they have +/// been created, and reference static function pointers and other data that +/// is always valid struct AesCipher { cipher: Option, } @@ -119,6 +125,10 @@ aes_cipher!(AES_128_WRAP_PAD; AES_128_WRAP_PAD_NAME); aes_cipher!(AES_192_WRAP_PAD; AES_192_WRAP_PAD_NAME); aes_cipher!(AES_256_WRAP_PAD; AES_256_WRAP_PAD_NAME); +/// A raw AES Key wrapper +/// +/// Ensures the data is zeroized on deallocation + #[derive(Debug)] struct AesKey { raw: Vec, @@ -130,12 +140,14 @@ impl Drop for AesKey { } } +/// Returns an allocated [AesKey] object, given a AES Key Object fn object_to_raw_key(key: &Object) -> Result { let val = key.get_attr_as_bytes(CKA_VALUE)?; check_key_len(val.len())?; Ok(AesKey { raw: val.clone() }) } +/// Helper function to allocate AesMechanism definition objects fn new_mechanism(flags: CK_FLAGS) -> Box { Box::new(AesMechanism::new( CK_ULONG::try_from(MIN_AES_SIZE_BYTES).unwrap(), @@ -144,6 +156,11 @@ fn new_mechanism(flags: CK_FLAGS) -> Box { )) } +/// AES Initialization Vector Object +/// +/// Defines the characteristics of the IV to be used in the AES operation +/// it is referenced from. Size, generation method, counter, etc.. + #[derive(Debug)] struct AesIvData { buf: Vec, @@ -180,6 +197,13 @@ impl Drop for AesIvData { } } +/// AES Parameters Object +/// +/// Defines the parameters used for the associated AES operation. Holds +/// the IV definitions, maximum number of blocks that can be encrypted, +/// whether Cipher stealing mode is on. As well as data length, Additional +/// Authenticated Data and the Tag length for authenticated modes. + #[derive(Debug)] struct AesParams { iv: AesIvData, @@ -198,6 +222,11 @@ impl AesParams { } } +/// The Generic AES Operation data structure +/// +/// Provides access to all the low level encryption.decryption/etc functions +/// required to implement the AES cryptosystem + #[derive(Debug)] pub struct AesOperation { mech: CK_MECHANISM_TYPE, @@ -220,6 +249,7 @@ impl Drop for AesOperation { } impl AesOperation { + /// Helper function to register all AES Mechanisms pub fn register_mechanisms(mechs: &mut Mechanisms) { for ckm in &[ CKM_AES_ECB, @@ -266,6 +296,8 @@ impl AesOperation { mechs.add_mechanism(CKM_AES_KEY_GEN, new_mechanism(CKF_GENERATE)); } + /// Helper function to initialize the AES operation parameters based on + /// the provided CK_MECHANISM structure fn init_params(mech: &CK_MECHANISM) -> Result { match mech.mechanism { CKM_AES_CCM => { @@ -487,6 +519,8 @@ impl AesOperation { } } + /// Helper function to get the correct EVP_CIPHER context from the + /// provided AES mechanism type. fn get_cipher( mech: CK_MECHANISM_TYPE, keylen: usize, @@ -578,6 +612,11 @@ impl AesOperation { }) } + /// Helper function that generate IVs according to the parameters + /// stored in the object. + /// + /// Each call returns the next IV and updates counters or any other + /// data in the operation object as needed. fn generate_iv(&mut self) -> Result<()> { let genbits = self.params.iv.buf.len() * 8 - self.params.iv.fixedbits; if self.params.iv.counter == 0 { @@ -643,6 +682,9 @@ impl AesOperation { Ok(()) } + /// Helper function to prepare the IV for the next operation. + /// It may generate a new IV or use what is provided (eg in the + /// decryption case) fn prep_iv(&mut self) -> Result<()> { if self.params.iv.gen != CKG_NO_GENERATE { self.generate_iv()?; @@ -663,6 +705,8 @@ impl AesOperation { Ok(()) } + /// Helper function to add CTS mode to the parameters + /// array to be passed to OpenSSL functions. fn cts_params(&mut self, params: &mut OsslParam) -> Result<()> { params.add_const_c_string( name_as_char(OSSL_CIPHER_PARAM_CTS_MODE), @@ -675,6 +719,8 @@ impl AesOperation { ) } + /// Helper function for setting up CCM tag lengths on the + /// underlying EVP_CIPHER_CTX OpenSSL context. fn ccm_tag_len(&mut self) -> Result<()> { let res = unsafe { EVP_CIPHER_CTX_ctrl( @@ -691,6 +737,11 @@ impl AesOperation { } } + /// Encryption Initialization helper + /// + /// Sets up all the required context or parameters setting to direct + /// the underlying OpenSSL crypto library, based on the configured + /// mechanism and all the parameters stored on the object. fn encrypt_initialize(&mut self) -> Result<()> { let evpcipher = match Self::get_cipher(self.mech, self.key.raw.len()) { Ok(c) => c, @@ -792,6 +843,11 @@ impl AesOperation { Ok(()) } + /// Decryption Initialization helper + /// + /// Sets up all the required context or parameters setting to direct + /// the underlying OpenSSL crypto library, based on the configured + /// mechanism and all the parameters stored on the object. fn decrypt_initialize(&mut self) -> Result<()> { let evpcipher = match Self::get_cipher(self.mech, self.key.raw.len()) { Ok(c) => c, @@ -897,6 +953,7 @@ impl AesOperation { Ok(()) } + /// Instantiates a new Encryption AES Operation pub fn encrypt_new( mech: &CK_MECHANISM, key: &Object, @@ -916,6 +973,7 @@ impl AesOperation { }) } + /// Instantiates a new Decryption AES Operation pub fn decrypt_new( mech: &CK_MECHANISM, key: &Object, @@ -935,6 +993,7 @@ impl AesOperation { }) } + /// Instantiates a new AES Key-Wrap Operation pub fn wrap( mech: &CK_MECHANISM, wrapping_key: &Object, @@ -971,6 +1030,7 @@ impl AesOperation { result } + /// Instantiates a new AES Key-Unwrap Operation pub fn unwrap( mech: &CK_MECHANISM, wrapping_key: &Object, @@ -983,12 +1043,15 @@ impl AesOperation { Ok(result) } + /// Internal helper for dealing with fatal errors fn op_err(&mut self, err: CK_RV) -> error::Error { self.finalized = true; error::Error::ck_rv(err) } - /* returns pointer to IV */ + /// Helper to set parameters for Message Based operations + /// + /// Returns a pointer to the IV/Nonce buffer provided by the application fn init_msg_params( &mut self, parameter: CK_VOID_PTR, @@ -1151,7 +1214,9 @@ impl AesOperation { } } - /* returns pointer to tag */ + /// Verifies the message encryption parameters on subsequent calls + /// + /// Returns a pointer to the Tag/Mac buffer provided by the application fn check_msg_params( &mut self, parameter: CK_VOID_PTR, @@ -1237,6 +1302,7 @@ impl AesOperation { } } + /// Instantiates a messaged-based encryption operation pub fn msg_encrypt_init( mech: &CK_MECHANISM, key: &Object, @@ -1261,6 +1327,7 @@ impl AesOperation { }) } + /// Initializes a new messaged-based encryption fn msg_encrypt_new( &mut self, parameter: CK_VOID_PTR, @@ -1303,6 +1370,7 @@ impl AesOperation { Ok(()) } + /// Instantiates a messaged-based decryption operation pub fn msg_decrypt_init( mech: &CK_MECHANISM, key: &Object, @@ -1327,6 +1395,7 @@ impl AesOperation { }) } + /// Initializes a new messaged-based decryption fn msg_decrypt_new( &mut self, parameter: CK_VOID_PTR, @@ -1364,6 +1433,7 @@ impl AesOperation { Ok(()) } + /// AEAD specific FIPS checks #[cfg(feature = "fips")] fn fips_approval_aead(&mut self) -> Result<()> { /* For AEAD we handle indicators directly because OpenSSL has an @@ -1425,6 +1495,10 @@ impl MechOperation for AesOperation { } impl Encryption for AesOperation { + /// One shot encryption implementation + /// + /// Internally calls [AesOperation::encrypt_update] and + /// [AesOperation::encrypt_final] fn encrypt(&mut self, plain: &[u8], cipher: &mut [u8]) -> Result { if self.finalized { return Err(CKR_OPERATION_NOT_INITIALIZED)?; @@ -1436,6 +1510,8 @@ impl Encryption for AesOperation { Ok(outl + self.encrypt_final(&mut cipher[outl..])?) } + /// Calls the underlying OpenSSL function to encrypt the plaintext buffer + /// provided, according to the configured mode fn encrypt_update( &mut self, plain: &[u8], @@ -1542,6 +1618,10 @@ impl Encryption for AesOperation { Ok(usize::try_from(outl)?) } + /// Calls the underlying OpenSSL function to finalize the encryption + /// operation, according to the configured mode + /// + /// May return additional data in the cipher buffer fn encrypt_final(&mut self, cipher: &mut [u8]) -> Result { if self.finalized { return Err(CKR_OPERATION_NOT_INITIALIZED)?; @@ -1660,6 +1740,11 @@ impl Encryption for AesOperation { Ok(outlen) } + /// Provides the expect buffer size for the provided input plaintext length + /// based on the selected mode of operation. + /// + /// May return different values depending on the internal status and the + /// mode of operation. fn encryption_len(&mut self, data_len: usize, fin: bool) -> Result { if self.finalized { return Err(CKR_OPERATION_NOT_INITIALIZED)?; @@ -1722,6 +1807,10 @@ impl Encryption for AesOperation { } impl Decryption for AesOperation { + /// One shot decryption implementation + /// + /// Internally calls [AesOperation::decrypt_update] and + /// [AesOperation::decrypt_final] fn decrypt(&mut self, cipher: &[u8], plain: &mut [u8]) -> Result { if self.finalized { return Err(CKR_OPERATION_NOT_INITIALIZED)?; @@ -1740,6 +1829,8 @@ impl Decryption for AesOperation { Ok(outlen + self.decrypt_final(&mut plain[outlen..])?) } + /// Calls the underlying OpenSSL function to decrypt the ciphertext buffer + /// provided, according to the configured mode fn decrypt_update( &mut self, cipher: &[u8], @@ -1939,6 +2030,10 @@ impl Decryption for AesOperation { Ok(outlen) } + /// Calls the underlying OpenSSL function to finalize the decryption + /// operation, according to the configured mode + /// + /// May return additional data in the plain buffer fn decrypt_final(&mut self, plain: &mut [u8]) -> Result { if self.finalized { return Err(CKR_OPERATION_NOT_INITIALIZED)?; @@ -2055,6 +2150,11 @@ impl Decryption for AesOperation { Ok(outlen) } + /// Provides the expect buffer size for the provided input ciphertext length + /// based on the selected mode of operation. + /// + /// May return different values depending on the internal status and the + /// mode of operation. fn decryption_len(&mut self, data_len: usize, fin: bool) -> Result { if self.finalized { return Err(CKR_OPERATION_NOT_INITIALIZED)?; @@ -2141,6 +2241,10 @@ impl MessageOperation for AesOperation { } impl MsgEncryption for AesOperation { + /// One Shot message-based encryption implementation + /// + /// Internally calls [AesOperation::msg_encrypt_begin] and + /// [AesOperation::msg_encrypt_final] fn msg_encrypt( &mut self, param: CK_VOID_PTR, @@ -2153,6 +2257,7 @@ impl MsgEncryption for AesOperation { self.msg_encrypt_final(param, paramlen, plain, cipher) } + /// Begin a new message based encryption fn msg_encrypt_begin( &mut self, param: CK_VOID_PTR, @@ -2165,6 +2270,9 @@ impl MsgEncryption for AesOperation { self.msg_encrypt_new(param, paramlen, aad) } + /// Feed the next plaintext buffer to be encrypted + /// + /// Returns output data in the provided cipher buffer fn msg_encrypt_next( &mut self, param: CK_VOID_PTR, @@ -2217,6 +2325,9 @@ impl MsgEncryption for AesOperation { Ok(usize::try_from(outl)?) } + /// Feed the final plaintext buffer to be encrypted + /// + /// Returns output data in the provided cipher buffer fn msg_encrypt_final( &mut self, param: CK_VOID_PTR, @@ -2309,6 +2420,8 @@ impl MsgEncryption for AesOperation { Ok(outlen) } + /// Provides the expect buffer size for the provided input plaintext length + /// based on the selected mode of operation. fn msg_encryption_len( &mut self, data_len: usize, @@ -2326,6 +2439,10 @@ impl MsgEncryption for AesOperation { } impl MsgDecryption for AesOperation { + /// One Shot message-based decryption implementation + /// + /// Internally calls [AesOperation::msg_decrypt_begin] and + /// [AesOperation::msg_decrypt_final] fn msg_decrypt( &mut self, param: CK_VOID_PTR, @@ -2338,6 +2455,7 @@ impl MsgDecryption for AesOperation { self.msg_decrypt_final(param, paramlen, cipher, plain) } + /// Begin a new message based decryption fn msg_decrypt_begin( &mut self, param: CK_VOID_PTR, @@ -2350,6 +2468,9 @@ impl MsgDecryption for AesOperation { self.msg_decrypt_new(param, paramlen, aad) } + /// Feed the next ciphertext buffer to be decrypted + /// + /// Returns output data in the provided plain buffer fn msg_decrypt_next( &mut self, param: CK_VOID_PTR, @@ -2402,6 +2523,9 @@ impl MsgDecryption for AesOperation { Ok(usize::try_from(outl)?) } + /// Feed the final ciphertext buffer to be decrypted + /// + /// Returns output data in the provided plain buffer fn msg_decrypt_final( &mut self, param: CK_VOID_PTR, @@ -2498,6 +2622,8 @@ impl MsgDecryption for AesOperation { Ok(outlen) } + /// Provides the expect buffer size for the provided input plaintext length + /// based on the selected mode of operation. fn msg_decryption_len( &mut self, data_len: usize, @@ -2531,12 +2657,14 @@ pub struct AesCmacOperation { } impl AesCmacOperation { + /// Helper to register the CMAC mechanisms pub fn register_mechanisms(mechs: &mut Mechanisms) { for ckm in &[CKM_AES_CMAC, CKM_AES_CMAC_GENERAL] { mechs.add_mechanism(*ckm, new_mechanism(CKF_SIGN | CKF_VERIFY)); } } + /// Initializes and returns a CMAC operation pub fn init(mech: &CK_MECHANISM, key: &Object) -> Result { let maclen = match mech.mechanism { CKM_AES_CMAC_GENERAL => { @@ -2592,6 +2720,7 @@ impl AesCmacOperation { }) } + /// Begins a CMAC computation fn begin(&mut self) -> Result<()> { if self.in_use { return Err(CKR_OPERATION_NOT_INITIALIZED)?; @@ -2599,6 +2728,7 @@ impl AesCmacOperation { Ok(()) } + /// Feeds the next data buffer into the CMAC computation fn update(&mut self, data: &[u8]) -> Result<()> { if self.finalized { return Err(CKR_OPERATION_NOT_INITIALIZED)?; @@ -2615,6 +2745,8 @@ impl AesCmacOperation { Ok(()) } + /// Finalizes the CMAC computation and returns the output in the + /// provided buffer fn finalize(&mut self, output: &mut [u8]) -> Result<()> { if self.finalized { return Err(CKR_OPERATION_NOT_INITIALIZED)?; @@ -2649,6 +2781,7 @@ impl AesCmacOperation { Ok(()) } + /// CMAC specific FIPS checks #[cfg(feature = "fips")] fn fips_approval_cmac(&mut self) -> Result<()> { /* @@ -2678,6 +2811,9 @@ impl MechOperation for AesCmacOperation { } } +/// Implements the (internal) Mac interface for the AES CMAC operation +/// +/// All methods just call the related the internal method impl Mac for AesCmacOperation { fn mac(&mut self, data: &[u8], mac: &mut [u8]) -> Result<()> { self.begin()?; @@ -2700,6 +2836,9 @@ impl Mac for AesCmacOperation { } } +/// Implements the Sign interface for the AES CMAC operation +/// +/// All methods just call the related the internal method impl Sign for AesCmacOperation { fn sign(&mut self, data: &[u8], signature: &mut [u8]) -> Result<()> { self.begin()?; @@ -2722,6 +2861,9 @@ impl Sign for AesCmacOperation { } } +/// Implements the Verify interface for the AES CMAC operation +/// +/// All methods just call the related the internal method impl Verify for AesCmacOperation { fn verify(&mut self, data: &[u8], signature: &[u8]) -> Result<()> { self.begin()?; @@ -2749,6 +2891,9 @@ impl Verify for AesCmacOperation { } } +/// The AES MAC operation object +/// +/// This object is used to hold data for any AES MAC operation #[derive(Debug)] pub struct AesMacOperation { mech: CK_MECHANISM_TYPE, @@ -2772,12 +2917,14 @@ impl Drop for AesMacOperation { #[allow(dead_code)] impl AesMacOperation { + /// Helper to register the MAC mechanisms pub fn register_mechanisms(mechs: &mut Mechanisms) { for ckm in &[CKM_AES_MAC, CKM_AES_MAC_GENERAL] { mechs.add_mechanism(*ckm, new_mechanism(CKF_SIGN | CKF_VERIFY)); } } + /// Initializes and returns a MAC operation pub fn init(mech: &CK_MECHANISM, key: &Object) -> Result { let maclen = match mech.mechanism { CKM_AES_MAC_GENERAL => { @@ -2818,6 +2965,7 @@ impl AesMacOperation { }) } + /// Begins a MAC computation fn begin(&mut self) -> Result<()> { if self.in_use { return Err(CKR_OPERATION_NOT_INITIALIZED)?; @@ -2825,6 +2973,7 @@ impl AesMacOperation { Ok(()) } + /// Feeds the next data buffer into the MAC computation fn update(&mut self, data: &[u8]) -> Result<()> { if self.finalized { return Err(CKR_OPERATION_NOT_INITIALIZED)?; @@ -2873,6 +3022,8 @@ impl AesMacOperation { Ok(()) } + /// Finalizes the MAC computation and returns the output in the + /// provided buffer fn finalize(&mut self, output: &mut [u8]) -> Result<()> { if !self.in_use { return Err(CKR_OPERATION_NOT_INITIALIZED)?; @@ -2920,6 +3071,9 @@ impl MechOperation for AesMacOperation { } } +/// Implements the Sign interface for the AES MAC operation +/// +/// All methods just call the related the internal method impl Sign for AesMacOperation { fn sign(&mut self, data: &[u8], signature: &mut [u8]) -> Result<()> { self.begin()?; @@ -2940,6 +3094,9 @@ impl Sign for AesMacOperation { } } +/// Implements the Verify interface for the AES MAC operation +/// +/// All methods just call the related the internal method impl Verify for AesMacOperation { fn verify(&mut self, data: &[u8], signature: &[u8]) -> Result<()> { self.begin()?; diff --git a/src/ossl/common.rs b/src/ossl/common.rs index eb6310b0..5fa7ba11 100644 --- a/src/ossl/common.rs +++ b/src/ossl/common.rs @@ -7,10 +7,10 @@ use std::ffi::{c_char, c_int, c_uint, c_void}; use crate::error::Result; use crate::interface::*; use crate::kasn1::oid; +use crate::misc::{byte_ptr, void_ptr}; use crate::object::Object; use crate::ossl::bindings::*; use crate::ossl::get_libctx; -use crate::{byte_ptr, void_ptr}; #[cfg(feature = "ecc")] use crate::ec::get_oid_from_obj; @@ -153,11 +153,13 @@ ptr_wrapper!(ctx; CIPHER; Cipher); ptr_wrapper!(ctx_from_name; KDF; Kdf); ptr_wrapper!(ctx_from_name; MAC; Mac); +#[cfg(any(feature = "ecc", feature = "rsa"))] #[derive(Debug)] pub struct EvpPkeyCtx { ptr: *mut EVP_PKEY_CTX, } +#[cfg(any(feature = "ecc", feature = "rsa"))] impl EvpPkeyCtx { pub fn new(name: *const c_char) -> Result { let ptr = unsafe { @@ -186,6 +188,7 @@ impl EvpPkeyCtx { } } +#[cfg(any(feature = "ecc", feature = "rsa"))] impl Drop for EvpPkeyCtx { fn drop(&mut self) { unsafe { @@ -194,14 +197,18 @@ impl Drop for EvpPkeyCtx { } } +#[cfg(any(feature = "ecc", feature = "rsa"))] unsafe impl Send for EvpPkeyCtx {} +#[cfg(any(feature = "ecc", feature = "rsa"))] unsafe impl Sync for EvpPkeyCtx {} +#[cfg(any(feature = "ecc", feature = "rsa"))] #[derive(Debug)] pub struct EvpPkey { ptr: *mut EVP_PKEY, } +#[cfg(any(feature = "ecc", feature = "rsa"))] impl EvpPkey { pub fn fromdata( pkey_name: *const c_char, @@ -275,6 +282,7 @@ impl EvpPkey { self.ptr } + #[cfg(any(feature = "ecc", feature = "rsa"))] fn from_object(obj: &Object, class: CK_OBJECT_CLASS) -> Result { let key_class = match class { CKO_PUBLIC_KEY => EVP_PKEY_PUBLIC_KEY, @@ -296,10 +304,12 @@ impl EvpPkey { Self::fromdata(name, key_class, ¶ms) } + #[cfg(any(feature = "ecc", feature = "rsa"))] pub fn pubkey_from_object(obj: &Object) -> Result { Self::from_object(obj, CKO_PUBLIC_KEY) } + #[cfg(any(feature = "ecc", feature = "rsa"))] pub fn privkey_from_object(obj: &Object) -> Result { Self::from_object(obj, CKO_PRIVATE_KEY) } @@ -330,6 +340,7 @@ impl EvpPkey { } } +#[cfg(any(feature = "ecc", feature = "rsa"))] impl Drop for EvpPkey { fn drop(&mut self) { unsafe { @@ -338,7 +349,9 @@ impl Drop for EvpPkey { } } +#[cfg(any(feature = "ecc", feature = "rsa"))] unsafe impl Send for EvpPkey {} +#[cfg(any(feature = "ecc", feature = "rsa"))] unsafe impl Sync for EvpPkey {} pub const CIPHER_NAME_AES128: &[u8; 7] = b"AES128\0"; @@ -387,6 +400,7 @@ impl<'a> OsslParam<'a> { } } + #[allow(dead_code)] pub fn from_ptr(ptr: *mut OSSL_PARAM) -> Result> { if ptr.is_null() { return Err(CKR_DEVICE_ERROR)?; @@ -423,6 +437,7 @@ impl<'a> OsslParam<'a> { p } + #[allow(dead_code)] pub fn add_bn(&mut self, key: *const c_char, v: &Vec) -> Result<()> { if self.finalized { return Err(CKR_GENERAL_ERROR)?; @@ -522,6 +537,7 @@ impl<'a> OsslParam<'a> { Ok(()) } + #[allow(dead_code)] pub fn add_const_c_string( &mut self, key: *const c_char, @@ -542,6 +558,7 @@ impl<'a> OsslParam<'a> { Ok(()) } + #[allow(dead_code)] pub fn add_octet_string( &mut self, key: *const c_char, @@ -613,6 +630,7 @@ impl<'a> OsslParam<'a> { Ok(()) } + #[allow(dead_code)] pub fn add_uint( &mut self, key: *const c_char, @@ -633,6 +651,7 @@ impl<'a> OsslParam<'a> { Ok(()) } + #[allow(dead_code)] pub fn add_int( &mut self, key: *const c_char, @@ -711,6 +730,7 @@ impl<'a> OsslParam<'a> { } } + #[allow(dead_code)] pub fn as_ptr(&self) -> *const OSSL_PARAM { if !self.finalized { panic!("Unfinalized OsslParam"); @@ -718,6 +738,7 @@ impl<'a> OsslParam<'a> { self.p.as_ref().as_ptr() } + #[allow(dead_code)] pub fn as_mut_ptr(&mut self) -> *mut OSSL_PARAM { if !self.finalized { panic!("Unfinalized OsslParam"); @@ -744,6 +765,7 @@ impl<'a> OsslParam<'a> { Ok(val) } + #[allow(dead_code)] pub fn get_bn(&self, key: *const c_char) -> Result> { if !self.finalized { return Err(CKR_GENERAL_ERROR)?; @@ -776,6 +798,7 @@ impl<'a> OsslParam<'a> { Ok(vec) } + #[allow(dead_code)] pub fn get_octet_string(&self, key: *const c_char) -> Result<&'a [u8]> { if !self.finalized { return Err(CKR_GENERAL_ERROR)?; @@ -860,17 +883,25 @@ pub fn mech_type_to_digest_name(mech: CK_MECHANISM_TYPE) -> *const c_char { }) as *const c_char } +#[cfg(feature = "ecc")] pub static EC_NAME: &[u8; 3] = b"EC\0"; -#[cfg(feature = "fips")] +#[cfg(all(feature = "ecc", feature = "fips"))] pub static ECDSA_NAME: &[u8; 6] = b"ECDSA\0"; /* Curve names as used in OpenSSL */ +#[cfg(feature = "ecc")] const NAME_SECP256R1: &[u8] = b"prime256v1\0"; +#[cfg(feature = "ecc")] const NAME_SECP384R1: &[u8] = b"secp384r1\0"; +#[cfg(feature = "ecc")] const NAME_SECP521R1: &[u8] = b"secp521r1\0"; +#[cfg(feature = "ecc")] const NAME_ED25519: &[u8] = b"ED25519\0"; +#[cfg(feature = "ecc")] const NAME_ED448: &[u8] = b"ED448\0"; +#[cfg(feature = "ecc")] const NAME_X25519: &[u8] = b"X25519\0"; +#[cfg(feature = "ecc")] const NAME_X448: &[u8] = b"X448\0"; #[cfg(feature = "ecc")] diff --git a/src/ossl/ecdh.rs b/src/ossl/ecdh.rs index 17cc94e3..a4f8cee8 100644 --- a/src/ossl/ecdh.rs +++ b/src/ossl/ecdh.rs @@ -5,10 +5,10 @@ use core::ffi::{c_char, c_int, c_uint}; use std::borrow::Cow; use crate::attribute::CkAttrs; -use crate::bytes_to_vec; use crate::error::Result; use crate::interface::*; use crate::mechanism::*; +use crate::misc::bytes_to_vec; use crate::object::{default_key_attributes, Object, ObjectFactories}; use crate::ossl::bindings::*; use crate::ossl::common::*; diff --git a/src/ossl/ecdsa.rs b/src/ossl/ecdsa.rs index 248113cd..5113e1d7 100644 --- a/src/ossl/ecdsa.rs +++ b/src/ossl/ecdsa.rs @@ -6,7 +6,7 @@ use core::ffi::{c_char, c_int}; use crate::attribute::Attribute; use crate::ec::ecdsa::*; use crate::ec::get_ec_point_from_obj; -use crate::error::Result; +use crate::error::{some_or_err, Result}; use crate::interface::*; use crate::kasn1::DerEncBigUint; use crate::mechanism::*; @@ -14,7 +14,6 @@ use crate::misc::zeromem; use crate::object::Object; use crate::ossl::bindings::*; use crate::ossl::common::*; -use crate::some_or_err; #[cfg(feature = "fips")] use crate::ossl::fips::*; diff --git a/src/ossl/eddsa.rs b/src/ossl/eddsa.rs index c1f74b4c..4ba7c923 100644 --- a/src/ossl/eddsa.rs +++ b/src/ossl/eddsa.rs @@ -5,13 +5,13 @@ use std::ffi::{c_char, c_int}; use crate::attribute::Attribute; use crate::ec::get_ec_point_from_obj; -use crate::error::Result; +use crate::error::{some_or_err, Result}; use crate::interface::*; use crate::mechanism::*; +use crate::misc::{bytes_to_vec, cast_params}; use crate::object::Object; use crate::ossl::bindings::*; use crate::ossl::common::*; -use crate::{bytes_to_vec, cast_params, some_or_err}; #[cfg(feature = "fips")] use crate::ossl::fips::*; diff --git a/src/ossl/hkdf.rs b/src/ossl/hkdf.rs index 1340b077..c6f3d16f 100644 --- a/src/ossl/hkdf.rs +++ b/src/ossl/hkdf.rs @@ -10,13 +10,12 @@ use crate::hash::INVALID_HASH_SIZE; use crate::hmac::hmac_size; use crate::interface::*; use crate::mechanism::{Derive, MechOperation, Mechanisms}; -use crate::misc; +use crate::misc::*; use crate::object::{Object, ObjectFactories}; use crate::ossl::bindings::*; use crate::ossl::common::*; #[cfg(feature = "fips")] use crate::ossl::fips::*; -use crate::{bytes_to_slice, cast_params}; #[derive(Debug)] pub struct HKDFOperation { @@ -212,14 +211,9 @@ impl Derive for HKDFOperation { } let (mut obj, keysize) = if self.emit_data_obj { - misc::common_derive_data_object(template, objfactories, self.prflen) + common_derive_data_object(template, objfactories, self.prflen) } else { - misc::common_derive_key_object( - key, - template, - objfactories, - self.prflen, - ) + common_derive_key_object(key, template, objfactories, self.prflen) }?; if !self.expand && keysize != self.prflen { diff --git a/src/ossl/kbkdf.rs b/src/ossl/kbkdf.rs index 0f6ad16d..fbcae1c1 100644 --- a/src/ossl/kbkdf.rs +++ b/src/ossl/kbkdf.rs @@ -4,16 +4,15 @@ use std::ffi::c_int; use crate::attribute::Attribute; -use crate::error; -use crate::error::Result; +use crate::error::{map_err, Result}; use crate::interface::*; use crate::mechanism::{Derive, MechOperation, Mechanisms}; +use crate::misc::{bytes_to_slice, bytes_to_vec}; use crate::object::{Object, ObjectFactories}; use crate::ossl::bindings::*; use crate::ossl::common::*; use crate::ossl::fips::*; use crate::sp800_108::*; -use crate::{bytes_to_slice, bytes_to_vec, map_err}; const SP800_MODE_COUNTER: &[u8; 8] = b"counter\0"; const SP800_MODE_FEEDBACK: &[u8; 9] = b"feedback\0"; diff --git a/src/ossl/rsa.rs b/src/ossl/rsa.rs index 870aab51..fb8f65aa 100644 --- a/src/ossl/rsa.rs +++ b/src/ossl/rsa.rs @@ -4,15 +4,15 @@ use core::ffi::{c_char, c_int, c_uint}; use crate::attribute::Attribute; +use crate::error::some_or_err; use crate::error::{Error, Result}; use crate::hash::{hash_size, INVALID_HASH_SIZE}; use crate::interface::*; use crate::mechanism::*; -use crate::misc::zeromem; +use crate::misc::{bytes_to_vec, cast_params, zeromem}; use crate::object::Object; use crate::ossl::bindings::*; use crate::ossl::common::*; -use crate::{bytes_to_vec, cast_params, some_or_err}; #[cfg(not(feature = "fips"))] use crate::ossl::get_libctx; diff --git a/src/pbkdf2.rs b/src/pbkdf2.rs index 33e1d589..934d2e79 100644 --- a/src/pbkdf2.rs +++ b/src/pbkdf2.rs @@ -8,10 +8,9 @@ use crate::error::Result; use crate::hmac; use crate::interface::*; use crate::mechanism::{Mechanism, Mechanisms}; +use crate::misc::{bytes_to_vec, cast_params}; use crate::object::{default_key_attributes, Object, ObjectFactories}; -use crate::{bytes_to_vec, cast_params}; - #[cfg(not(feature = "fips"))] use crate::native::pbkdf2::pbkdf2_derive; diff --git a/src/rsa.rs b/src/rsa.rs index 4e667c3b..9b79800c 100644 --- a/src/rsa.rs +++ b/src/rsa.rs @@ -10,7 +10,6 @@ use crate::kasn1::{oid, DerEncBigUint, PrivateKeyInfo}; use crate::mechanism::*; use crate::object::*; use crate::ossl::rsa::*; -use crate::{attr_element, bytes_attr_not_empty}; use asn1; use once_cell::sync::Lazy; diff --git a/src/sp800_108.rs b/src/sp800_108.rs index 2d913dc2..a7d0881f 100644 --- a/src/sp800_108.rs +++ b/src/sp800_108.rs @@ -3,14 +3,12 @@ use std::fmt::Debug; -use crate::error; -use crate::error::Result; +use crate::error::{map_err, Result}; use crate::interface::*; use crate::mechanism::{Mechanism, Mechanisms, Operation}; +use crate::misc::{bytes_to_vec, cast_params, sizeof}; use crate::object::{Object, ObjectFactories}; -use crate::{bytes_to_vec, cast_params, map_err, sizeof}; - #[cfg(not(feature = "fips"))] use crate::native::sp800_108::*; diff --git a/src/storage/aci.rs b/src/storage/aci.rs index f1944c4c..f156bb28 100644 --- a/src/storage/aci.rs +++ b/src/storage/aci.rs @@ -8,12 +8,11 @@ use crate::attribute::CkAttrs; use crate::error::Result; use crate::interface::*; use crate::kasn1::*; -use crate::misc::zeromem; +use crate::misc::{byte_ptr, sizeof, void_ptr, zeromem}; use crate::object::Object; use crate::token::TokenFacilities; use crate::Operation; use crate::CSPRNG; -use crate::{byte_ptr, sizeof, void_ptr}; use asn1; diff --git a/src/storage/nssdb/ci.rs b/src/storage/nssdb/ci.rs index b4d3b7df..87d28efa 100644 --- a/src/storage/nssdb/ci.rs +++ b/src/storage/nssdb/ci.rs @@ -9,12 +9,11 @@ use crate::error::Result; use crate::interface::*; use crate::kasn1::oid::*; use crate::kasn1::pkcs::*; -use crate::misc::zeromem; +use crate::misc::{sizeof, void_ptr, zeromem}; use crate::object::Object; use crate::storage::aci::pbkdf2_derive; use crate::token::TokenFacilities; use crate::CSPRNG; -use crate::{sizeof, void_ptr}; const SHA256_LEN: usize = 32; const MAX_KEY_CACHE_SIZE: usize = 128; diff --git a/src/tests/mod.rs b/src/tests/mod.rs index c5f25c7a..e86585aa 100644 --- a/src/tests/mod.rs +++ b/src/tests/mod.rs @@ -6,6 +6,7 @@ use std::fs::{create_dir_all, remove_dir_all, OpenOptions}; use std::io::Write; use std::sync::Once; +use crate::misc::*; use crate::storage::StorageDBInfo; use crate::*; diff --git a/src/tests/util.rs b/src/tests/util.rs index b7d0767c..10829728 100644 --- a/src/tests/util.rs +++ b/src/tests/util.rs @@ -3,7 +3,6 @@ use crate::tests::*; -pub const CK_ULONG_SIZE: usize = std::mem::size_of::(); pub const CK_BBOOL_SIZE: usize = std::mem::size_of::(); macro_rules! make_attribute { diff --git a/src/tlskdf.rs b/src/tlskdf.rs index 3a7d6356..429b70a4 100644 --- a/src/tlskdf.rs +++ b/src/tlskdf.rs @@ -8,9 +8,8 @@ use crate::error::Result; use crate::hmac::{hash_to_hmac_mech, register_mechs_only}; use crate::interface::*; use crate::mechanism::*; -use crate::misc::CK_ULONG_SIZE; +use crate::misc::{bytes_to_slice, bytes_to_vec, cast_params, CK_ULONG_SIZE}; use crate::object::{Object, ObjectFactories}; -use crate::{bytes_to_slice, bytes_to_vec, cast_params}; use constant_time_eq::constant_time_eq; use once_cell::sync::Lazy;