cryptoki 0.12.0

Rust-native wrapper around the PKCS #11 API
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133

// Copyright 2021 Contributors to the Parsec project.
// SPDX-License-Identifier: Apache-2.0
//! Session types

use crate::context::Pkcs11;

use crate::error::Result;
use cryptoki_sys::*;
use std::cell::Cell;
use std::fmt::Formatter;
use std::marker::PhantomData;

mod decryption;
mod digesting;
mod encapsulation;
mod encryption;
mod key_management;
mod message_decryption;
mod message_encryption;
mod object_management;
mod random;
mod session_info;
mod session_management;
mod signing_macing;
mod slot_token_management;
mod validation;

pub use object_management::ObjectHandleIterator;
pub use session_info::{SessionInfo, SessionState};
pub use validation::ValidationFlagsType;

#[derive(Debug, PartialEq, Eq, Clone, Copy)]
pub(crate) enum CloseOnDrop {
    AutomaticallyCloseSession,
    DoNotClose,
}

/// Type that identifies a session
///
/// It will automatically get closed (and logout) on drop.
/// Session does not implement Sync to prevent the same Session instance to be used from multiple
/// threads. A Session needs to be created in its own thread or to be passed by ownership to
/// another thread.
#[derive(Debug)]
pub struct Session {
    handle: CK_SESSION_HANDLE,
    client: Pkcs11,
    // This is not used but to prevent Session to automatically implement Sync
    _guard: PhantomData<*mut u32>,
    close_on_drop: CloseOnDrop,
    closed: Cell<bool>,
}

impl std::fmt::Display for Session {
    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
        write!(f, "{}", self.handle)
    }
}

impl std::fmt::LowerHex for Session {
    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
        write!(f, "{:08x}", self.handle)
    }
}

impl std::fmt::UpperHex for Session {
    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
        write!(f, "{:08X}", self.handle)
    }
}

// Session does not implement Sync to prevent the same Session instance to be used from multiple
// threads. Send is allowed to let users pass a Session by ownership to threads.
unsafe impl Send for Session {}

impl Session {
    pub(crate) fn new(
        handle: CK_SESSION_HANDLE,
        client: Pkcs11,
        close_on_drop: CloseOnDrop,
    ) -> Self {
        Session {
            handle,
            client,
            _guard: PhantomData,
            close_on_drop,
            closed: Cell::new(false),
        }
    }
}

impl Session {
    /// Close a session
    /// This will be called on drop as well.
    pub fn close(self) -> Result<()> {
        self.close_inner()
    }

    /// Get the raw handle of the session.
    pub fn handle(&self) -> CK_SESSION_HANDLE {
        self.handle
    }

    pub(crate) fn client(&self) -> &Pkcs11 {
        &self.client
    }
}

/// Types of PKCS11 users
#[derive(Copy, Clone, Debug)]
pub enum UserType {
    /// Security Officer
    So,
    /// User
    User,
    /// Context Specific
    ContextSpecific,
    /// Vendor extension
    VendorExtension(u32),
}

impl From<UserType> for CK_USER_TYPE {
    // Mask lint for n.into() on 32-bit systems.
    #![allow(clippy::useless_conversion)]
    fn from(user_type: UserType) -> CK_USER_TYPE {
        match user_type {
            UserType::So => CKU_SO,
            UserType::User => CKU_USER,
            UserType::ContextSpecific => CKU_CONTEXT_SPECIFIC,
            UserType::VendorExtension(n) => n.into(),
        }
    }
}