cryptoki 0.12.0

Rust-native wrapper around the PKCS #11 API
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

// Copyright 2025 Contributors to the Parsec project.
// SPDX-License-Identifier: Apache-2.0
//! Miscellaneous mechanisms:
//! - Simple key derivation mechanisms
//!   See: <https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203697>

use std::marker::PhantomData;

use cryptoki_sys::*;

/// A parameter used as input for one of the simple key derivation mechanisms
/// that takes a bytestring as input (CKM_CONCATENATE_BASE_AND_DATA,
/// CKM_CONCATENATE_DATA_AND_BASE, CKM_XOR_BASE_AND_DATA).
#[derive(Debug, Clone, Copy)]
#[repr(transparent)]
pub struct KeyDerivationStringData<'a> {
    inner: CK_KEY_DERIVATION_STRING_DATA,
    /// Marker type to ensure we don't outlive the data
    _marker: PhantomData<&'a [u8]>,
}

impl<'a> KeyDerivationStringData<'a> {
    /// Construct parameter for simple key derivation mechanisms that take a
    /// bytestring as one of their inputs.
    ///
    /// # Arguments
    ///
    /// * `data` - The bytestring to use as input to the key derivation method.
    pub fn new(data: &'a [u8]) -> Self {
        Self {
            inner: CK_KEY_DERIVATION_STRING_DATA {
                pData: data.as_ptr() as *mut _,
                ulLen: data
                    .len()
                    .try_into()
                    .expect("length of data does not fit in CK_ULONG"),
            },
            _marker: PhantomData,
        }
    }
}

/// A parameter indicating the index of the bit in the the base key from which
/// to extract the derived key.
#[derive(Debug, Clone, Copy)]
#[repr(transparent)]
pub struct ExtractParams(CK_EXTRACT_PARAMS);

impl ExtractParams {
    /// Construct parameter from index of bit from which to extract the derived
    /// key from the base key.
    ///
    /// # Arguments
    ///
    /// * `index` - The bit index from which to extract the derived key from the base key.
    pub fn new(index: usize) -> Self {
        Self(
            index
                .try_into()
                .expect("given usize value does not fit into CK_ULONG"),
        )
    }
}