kryoptic-lib 1.5.1

A PKCS #11 software token written in Rust
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

// Copyright 2024 Simo Sorce
// See LICENSE.txt file for terms

//! This module implements the PKCS#11 mechanisms to access the HMAC-based
//! Key Derivation Function (HKDF) as specified in
//! [RFC 5869](https://www.rfc-editor.org/rfc/rfc5869)

use std::fmt::Debug;
use std::sync::LazyLock;

use crate::error::Result;
use crate::mechanism::{Derive, Mechanism, Mechanisms};
use crate::object::{
    GenericSecretKeyFactory, GenericSecretKeyMechanism, ObjectFactories,
    ObjectFactory, ObjectType,
};
use crate::ossl::hkdf::HKDFOperation;
use crate::pkcs11::*;

/// Object that holds Mechanisms for HKDF
static HKDF_MECHS: LazyLock<[Box<dyn Mechanism>; 2]> = LazyLock::new(|| {
    [
        Box::new(HKDFMechanism {
            info: CK_MECHANISM_INFO {
                ulMinKeySize: 0,
                ulMaxKeySize: CK_ULONG::try_from(u32::MAX).unwrap(),
                flags: CKF_DERIVE,
            },
        }),
        Box::new(GenericSecretKeyMechanism::new(CKK_HKDF)),
    ]
});

static HKDF_KEY_FACTORY: LazyLock<Box<dyn ObjectFactory>> =
    LazyLock::new(|| Box::new(GenericSecretKeyFactory::new()));

/// Registers all HKDF related mechanisms
pub fn register(mechs: &mut Mechanisms, ot: &mut ObjectFactories) {
    for ckm in &[CKM_HKDF_DERIVE, CKM_HKDF_DATA] {
        mechs.add_mechanism(*ckm, &(*HKDF_MECHS)[0]);
    }
    mechs.add_mechanism(CKM_HKDF_KEY_GEN, &(*HKDF_MECHS)[1]);
    ot.add_factory(
        ObjectType::new(CKO_SECRET_KEY, CKK_HKDF),
        &(*HKDF_KEY_FACTORY),
    );
}

/// Object that represents the HKDF mechanism
#[derive(Debug)]
struct HKDFMechanism {
    info: CK_MECHANISM_INFO,
}

impl Mechanism for HKDFMechanism {
    /// Returns a reference to the mechanism info
    fn info(&self) -> &CK_MECHANISM_INFO {
        &self.info
    }

    /// Initializes a HKDF Derive operation
    fn derive_operation(&self, mech: &CK_MECHANISM) -> Result<Box<dyn Derive>> {
        if self.info.flags & CKF_DERIVE != CKF_DERIVE {
            return Err(CKR_MECHANISM_INVALID)?;
        }

        match mech.mechanism {
            CKM_HKDF_DERIVE | CKM_HKDF_DATA => {
                Ok(Box::new(HKDFOperation::new(mech)?))
            }
            _ => Err(CKR_MECHANISM_INVALID)?,
        }
    }
}