kryoptic-lib 1.3.1

A PKCS #11 software token written in Rust
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112

// Copyright 2024 Simo Sorce
// See LICENSE.txt file for terms

//! This module implements PKCS#11 digest (hashing) mechanisms using the
//! OpenSSL EVP_Digest interface.

use crate::error::Result;
use crate::mechanism::{Digest, MechOperation};
use crate::ossl::common::{mech_type_to_digest_alg, osslctx};
use crate::pkcs11::*;

use ossl::digest::OsslDigest;

/// Represents an active hash (digest) operation.
#[derive(Debug)]
pub struct HashOperation {
    /// The specific hash mechanism being used (e.g., CKM_SHA256).
    mech: CK_MECHANISM_TYPE,
    /// The underlying OpenSSL digest (algorithm and context).
    hasher: OsslDigest,
    /// Flag indicating if the operation has been finalized.
    finalized: bool,
    /// Flag indicating if the operation is in progress (update called).
    in_use: bool,
}

impl HashOperation {
    /// Creates a new `HashOperation` for the specified mechanism type.
    /// Determines the OpenSSL algorithm name from the mechanism type.
    pub fn new(mech: CK_MECHANISM_TYPE) -> Result<HashOperation> {
        Ok(HashOperation {
            mech: mech,
            hasher: OsslDigest::new(
                osslctx(),
                mech_type_to_digest_alg(mech)?,
                None,
            )?,
            finalized: false,
            in_use: false,
        })
    }
}

impl MechOperation for HashOperation {
    fn mechanism(&self) -> Result<CK_MECHANISM_TYPE> {
        Ok(self.mech)
    }

    fn finalized(&self) -> bool {
        self.finalized
    }
    fn reset(&mut self) -> Result<()> {
        self.hasher.reset(None)?;
        self.finalized = false;
        self.in_use = false;
        Ok(())
    }
}

impl Digest for HashOperation {
    fn digest(&mut self, data: &[u8], digest: &mut [u8]) -> Result<()> {
        if self.in_use || self.finalized {
            return Err(CKR_OPERATION_NOT_INITIALIZED)?;
        }
        if digest.len() != self.hasher.size() {
            return Err(CKR_GENERAL_ERROR)?;
        }
        self.finalized = true;
        self.hasher.update(data)?;
        let len = self.hasher.finalize(digest)?;
        if len != digest.len() {
            return Err(CKR_GENERAL_ERROR)?;
        }
        Ok(())
    }

    fn digest_update(&mut self, data: &[u8]) -> Result<()> {
        if self.finalized {
            return Err(CKR_OPERATION_NOT_INITIALIZED)?;
        }
        self.in_use = true;
        match self.hasher.update(data) {
            Ok(()) => Ok(()),
            Err(_) => {
                self.finalized = true;
                Err(CKR_DEVICE_ERROR)?
            }
        }
    }

    fn digest_final(&mut self, digest: &mut [u8]) -> Result<()> {
        if !self.in_use {
            return Err(CKR_OPERATION_NOT_INITIALIZED)?;
        }
        if self.finalized {
            return Err(CKR_OPERATION_NOT_INITIALIZED)?;
        }
        if digest.len() != self.hasher.size() {
            return Err(CKR_GENERAL_ERROR)?;
        }
        self.finalized = true;
        let len = self.hasher.finalize(digest)?;
        if len != digest.len() {
            return Err(CKR_GENERAL_ERROR)?;
        }
        Ok(())
    }

    fn digest_len(&self) -> Result<usize> {
        Ok(self.hasher.size())
    }
}