skf_rs/lib.rs
1// FIXME: fix allow(dead_code) in the future
2#![allow(dead_code)]
3mod engine;
4mod error;
5pub mod helper;
6pub mod spec;
7
8use skf_api::native::types::{ECCPrivateKeyBlob, ECCPublicKeyBlob, ECCSignatureBlob, HANDLE};
9use std::fmt::Debug;
10use std::time::Duration;
11
12pub type Error = error::Error;
13pub type Result<T> = std::result::Result<T, Error>;
14
15pub type Engine = engine::Engine;
16pub type LibLoader = engine::LibLoader;
17
18#[derive(Debug)]
19pub struct PluginEvent {
20 pub device_name: String,
21 pub event: u8,
22}
23
24/// 256-bit hash value
25pub type HASH256 = [u8; 32];
26
27/// ECC encrypt output,Wrapper of [DST](https://doc.rust-lang.org/reference/dynamically-sized-types.html) `ECCCipherBlob`
28#[derive(Debug)]
29pub struct ECCEncryptedData {
30 pub ec_x: [u8; 64],
31 pub ec_y: [u8; 64],
32 pub hash: HASH256,
33 pub cipher: Vec<u8>,
34}
35impl Default for ECCEncryptedData {
36 fn default() -> Self {
37 Self {
38 ec_x: [0; 64],
39 ec_y: [0; 64],
40 hash: [0; 32],
41 cipher: vec![],
42 }
43 }
44}
45
46/// ECC Enveloped key,Wrapper of [DST](https://doc.rust-lang.org/reference/dynamically-sized-types.html) `EnvelopedKeyBlob`
47#[derive(Debug)]
48pub struct EnvelopedKeyData {
49 pub version: u32,
50 pub sym_alg_id: u32,
51 pub bits: u32,
52 pub encrypted_pri_key: [u8; 64],
53 pub pub_key: ECCPublicKeyBlob,
54 pub ecc_cipher: ECCEncryptedData,
55}
56
57impl Default for EnvelopedKeyData {
58 fn default() -> Self {
59 Self {
60 version: 0,
61 sym_alg_id: 0,
62 bits: 0,
63 encrypted_pri_key: [0u8; 64],
64 pub_key: ECCPublicKeyBlob::default(),
65 ecc_cipher: ECCEncryptedData::default(),
66 }
67 }
68}
69
70#[derive(Debug, Default)]
71pub struct Version {
72 pub major: u8,
73 pub minor: u8,
74}
75
76#[derive(Debug)]
77pub struct DeviceInformation {
78 pub version: Version,
79 pub manufacturer: String,
80 pub issuer: String,
81 pub label: String,
82 pub serial_number: String,
83 pub hw_version: Version,
84 pub firmware_version: Version,
85 pub alg_sym_cap: u32,
86 pub alg_asym_cap: u32,
87 pub alg_hash_cap: u32,
88 pub dev_auth_alg_id: u32,
89 pub total_space: u32,
90 pub free_space: u32,
91 pub max_ecc_buffer_size: u32,
92 pub max_buffer_size: u32,
93 pub reserved: [u8; 64],
94}
95
96pub const DEV_STATE_ABSENT: u32 = 0;
97pub const DEV_STATE_PRESENT: u32 = 1;
98pub const DEV_STATE_UNKNOWN: u32 = 2;
99
100pub trait DeviceManager {
101 /// Enumerate all devices
102 ///
103 /// [presented_only] - Enumerate only presented devices,false means list all supported devices by underlying driver
104 fn enumerate_device_name(&self, presented_only: bool) -> Result<Vec<String>>;
105
106 /// Get device state
107 ///
108 /// [device_name] - The device name
109 ///
110 /// # state value
111 /// - [DEV_STATE_ABSENT]
112 /// - [DEV_STATE_PRESENT]
113 /// - [DEV_STATE_UNKNOWN]
114 fn device_state(&self, device_name: &str) -> Result<u32>;
115
116 /// Wait for plug event,This function will block current thread
117 ///
118 /// If error happens, Error will be returned,otherwise `Some(PluginEvent)` will be returned
119 ///
120 /// `Ok(None)` means no event
121 fn wait_plug_event(&self) -> Result<Option<PluginEvent>>;
122
123 /// Cancel wait for plug event
124 fn cancel_wait_plug_event(&self) -> Result<()>;
125
126 /// Connect device with device name
127 ///
128 /// [device_name] - The device name
129 fn connect(&self, device_name: &str) -> Result<Box<dyn SkfDevice>>;
130
131 /// Connect to device by enumerate all devices and select one,if no device matches the selector, None will be returned
132 ///
133 /// [selector] - The device selector,if device list is not empty, the selector will be invoked to select one
134 ///
135 /// ## error
136 /// - `Error::NotFound` returned means there is no device to connect,or the selector returns None
137 fn connect_selected(
138 &self,
139 selector: fn(Vec<&str>) -> Option<&str>,
140 ) -> Result<Box<dyn SkfDevice>>;
141}
142
143pub trait DeviceCtl {
144 /// Set label of device
145 ///
146 /// [label] - The label.
147 ///
148 /// # specification note
149 /// - `label`: should less than 32 bytes
150 fn set_label(&self, label: &str) -> Result<()>;
151
152 /// Get device info,e.g. vendor id,product id
153 fn info(&self) -> Result<DeviceInformation>;
154
155 /// Lock device for exclusive access
156 ///
157 /// [timeout] - The lock timeout,`None` means wait forever
158 fn lock(&self, timeout: Option<Duration>) -> Result<()>;
159
160 /// Unlock device
161 fn unlock(&self) -> Result<()>;
162
163 /// Transmit data to execute,and get response
164 ///
165 /// [command] - The command to execute
166 ///
167 /// [recv_capacity] - The capacity of receive buffer
168 /// # specification note
169 ///
170 /// This function is for testing purpose
171 fn transmit(&self, command: &[u8], recv_capacity: usize) -> Result<Vec<u8>>;
172}
173
174/// Cryptographic services provided by SKF device objects
175pub trait DeviceCrypto {
176 /// Generate random data
177 ///
178 /// [len] - The random data length to generate,in bytes
179 fn gen_random(&self, len: usize) -> Result<Vec<u8>>;
180
181 /// Import plain symmetric key(AKA session key)
182 ///
183 /// [alg_id] - The algorithm id,see [CryptoAlgorithm]
184 ///
185 /// [key] - The symmetric key
186 /// ## Owner object lifetime requirement
187 /// If owner object([SkfDevice]) is dropped, the key will be invalid
188 fn set_symmetric_key(&self, alg_id: u32, key: &[u8]) -> Result<Box<dyn ManagedKey>>;
189
190 /// Encrypt data,using external ecc public key
191 ///
192 /// [key] - The public key
193 ///
194 /// [data] - The data to encrypt
195 fn ext_ecc_encrypt(&self, key: &ECCPublicKeyBlob, data: &[u8]) -> Result<ECCEncryptedData>;
196
197 /// Decrypt data,using external ecc private key
198 ///
199 /// [key] - The private key
200 ///
201 /// [cipher] - The encrypted data,returned by `ext_ecc_encrypt`
202 fn ext_ecc_decrypt(
203 &self,
204 key: &ECCPrivateKeyBlob,
205 cipher: &ECCEncryptedData,
206 ) -> Result<Vec<u8>>;
207
208 /// Sign data,using external ecc private key
209 ///
210 /// [key] - The private key
211 ///
212 /// [data] - The data to sign
213 fn ext_ecc_sign(&self, key: &ECCPrivateKeyBlob, data: &[u8]) -> Result<ECCSignatureBlob>;
214
215 /// Verify signature,using external ecc public key
216 ///
217 /// [key] - The public key
218 ///
219 /// [data] - The data to verify
220 ///
221 /// [signature] - The signature,returned by `ext_ecc_sign`
222 fn ext_ecc_verify(
223 &self,
224 key: &ECCPublicKeyBlob,
225 data: &[u8],
226 signature: &ECCSignatureBlob,
227 ) -> Result<()>;
228
229 /// Verify signature
230 ///
231 /// [key] - The public key
232 ///
233 /// [hash] - The hash value of data.
234 /// When using the SM2 algorithm, the data is the result of pre-processing the data to be
235 /// signed through the SM2 signature pre-processing. The pre-processing procedure follows `GM/T 0009`.
236 ///
237 /// [signature] - The signature,returned by `ext_ecc_sign`
238 fn ecc_verify(
239 &self,
240 key: &ECCPublicKeyBlob,
241 hash: &[u8],
242 signature: &ECCSignatureBlob,
243 ) -> Result<()>;
244
245 /// Key exchange step: generate session key for initiator
246 ///
247 /// see [SKF_GenerateKeyWithECC] for more details
248 ///
249 /// [agreement_key] - The agreement key,returned by `SkfContainer::sk_gen_agreement_data`
250 ///
251 /// [responder_key] - The responder's public key
252 ///
253 /// [responder_tmp_key] - The responder's temporary public key,returned by `SkfContainer::sk_gen_agreement_data_and_key`
254 ///
255 /// [responder_id] - Responder's ID,max 32 bytes
256 fn ecc_gen_session_key(
257 &self,
258 agreement_key: &dyn ManagedKey,
259 responder_key: &ECCPublicKeyBlob,
260 responder_tmp_key: &ECCPublicKeyBlob,
261 responder_id: &[u8],
262 ) -> Result<Box<dyn ManagedKey>>;
263}
264
265#[derive(Debug, Default)]
266pub struct AppAttr {
267 pub admin_pin: String,
268 pub admin_pin_retry_count: u32,
269 pub user_pin: String,
270 pub user_pin_retry_count: u32,
271 pub create_file_rights: u32,
272}
273
274/// Application management
275pub trait AppManager {
276 /// Enumerate all apps in the device,return app names
277 fn enumerate_app_name(&self) -> Result<Vec<String>>;
278
279 /// Create app in the device
280 ///
281 /// [name] - The app name
282 ///
283 /// [attr] - The attribute of app
284 /// ## Owner object lifetime requirement
285 /// If owner object([SkfDevice]) is dropped, the `SkfApp` object will be invalid
286 fn create_app(&self, name: &str, attr: &AppAttr) -> Result<Box<dyn SkfApp>>;
287
288 /// Open app
289 ///
290 /// [name] - The app name to open
291 /// ## Owner object lifetime requirement
292 /// If owner object([SkfDevice]) is dropped, the `SkfApp` object will be invalid
293 fn open_app(&self, name: &str) -> Result<Box<dyn SkfApp>>;
294 /// Delete app
295 ///
296 /// [name] - The app name to delete
297 fn delete_app(&self, name: &str) -> Result<()>;
298}
299
300/// Device authentication
301pub trait DeviceAuth {
302 /// Device authentication
303 ///
304 /// [data] - The authentication data
305 ///
306 /// ## authentication process
307 /// 1. Call the `SKF_GetRandom` function to get an 8-byte random number `RND` from the device,
308 /// and pads it to the block size of the cryptographic algorithm with `0x00` to form the data block `D0`
309 /// 2. Encrypts `D0` to get the encrypted result `D1`, and calls `SKF_DevAuth`, sending `D1` to the device
310 /// 3. Upon receiving `D1`, the device verifies whether `D1` is correct. If correct, the device authentication passes, otherwise the device authentication fails.
311 fn device_auth(&self, data: &[u8]) -> Result<()>;
312
313 /// Change device authentication key
314 ///
315 /// [key] - The new authentication key
316 fn change_device_auth_key(&self, key: &[u8]) -> Result<()>;
317}
318
319/// Represents a device instance,call `DeviceManager::connect()` or `DeviceManager::connect_selected()` to get one
320/// ## Disconnect
321/// Device instance is disconnected when `Drop`
322pub trait SkfDevice: DeviceCtl + DeviceAuth + AppManager + DeviceCrypto {
323 /// Block cipher service
324 fn block_cipher(&self) -> Result<Box<dyn SkfBlockCipher + Send + Sync>>;
325
326 /// The name when it is opened
327 fn name(&self) -> &str;
328}
329
330/// PIN type: Admin
331pub const PIN_TYPE_ADMIN: u8 = 0;
332
333/// PIN type: User
334pub const PIN_TYPE_USER: u8 = 1;
335
336/// PIN information
337#[derive(Debug, Default)]
338pub struct PinInfo {
339 pub max_retry_count: u32,
340 pub remain_retry_count: u32,
341 pub default_pin: bool,
342}
343
344pub trait AppSecurity {
345 /// Lock device for exclusive access
346 ///
347 /// [pin_type] - The pin type, can be `PIN_TYPE_ADMIN` or `PIN_TYPE_USER`
348 ///
349 /// [old_pin] - The old pin
350 ///
351 /// [new_pin] - The new pin
352 ///
353 /// ## specification note
354 /// - PIN verification failed: The value of remaining retry count will be returned, `0` means the PIN has been locked
355 /// - PIN verification success: `None` will be returned
356 ///
357 /// ## Error
358 /// - `Error::PinVerifyFailed` returned when PIN verification failed
359 ///
360 fn change_pin(&self, pin_type: u8, old_pin: &str, new_pin: &str) -> Result<()>;
361
362 /// Verify PIN to get access rights
363 ///
364 /// [pin_type] - The pin type,can be `PIN_TYPE_ADMIN` or `PIN_TYPE_USER`
365 ///
366 /// [pin] - The pin value
367 /// ## specification note
368 /// - PIN verification failed: The value of remaining retry count will be returned, `0` means the PIN has been locked
369 /// - PIN verification success: `None` will be returned
370 ///
371 /// ## Error
372 /// - `Error::PinVerifyFailed` returned when PIN verification failed
373 fn verify_pin(&self, pin_type: u8, pin: &str) -> Result<()>;
374
375 /// Get PIN info
376 ///
377 /// [pin_type] - The pin type,can be `PIN_TYPE_ADMIN` or `PIN_TYPE_USER`
378 fn pin_info(&self, pin_type: u8) -> Result<PinInfo>;
379
380 /// Unlock user PIN
381 ///
382 /// [admin_pin] - The admin PIN
383 ///
384 /// [new_pin] - The new PIN
385 ///
386 /// [recv_capacity] - The capacity of receive buffer
387 /// # specification note
388 /// - PIN verification failed: The value of remaining retry count will be returned, `0` means the PIN has been locked
389 /// - PIN verification success: `None` will be returned
390 ///
391 /// ## Error
392 /// - `Error::PinVerifyFailed` returned when PIN verification failed
393 fn unblock_pin(&self, admin_pin: &str, new_pin: &str) -> Result<()>;
394
395 /// Clear secure state
396 fn clear_secure_state(&self) -> Result<()>;
397}
398
399/// File permission: none
400pub const FILE_PERM_NONE: u32 = 0x00000000;
401/// File permission: permit to admin account
402pub const FILE_PERM_ADMIN: u32 = 0x00000001;
403/// File permission: permit to user account
404pub const FILE_PERM_USER: u32 = 0x00000010;
405/// File permission: permit to everyone
406pub const FILE_PERM_EVERYONE: u32 = 0x000000FF;
407#[derive(Debug, Default)]
408pub struct FileAttr {
409 pub file_name: String,
410 pub file_size: usize,
411 pub read_rights: u32,
412 pub write_rights: u32,
413}
414
415#[derive(Debug)]
416pub struct FileAttrBuilder {
417 file_name: String,
418 file_size: usize,
419 read_rights: u32,
420 write_rights: u32,
421}
422pub trait FileManager {
423 /// Enumerate all file in the app,return file names
424 fn enumerate_file_name(&self) -> Result<Vec<String>>;
425
426 /// Create file in the app
427 ///
428 ///[attr] - The file attribute
429 ///
430 /// ## file name
431 ///
432 /// The file name,should less than 32 bytes, It will be truncated if it is too long
433 fn create_file(&self, attr: &FileAttr) -> Result<()>;
434
435 /// Delete file from app
436 ///
437 /// [name] - The file name to delete
438 fn delete_file(&self, name: &str) -> Result<()>;
439 /// Read data from file
440 ///
441 /// [name] - The file name
442 ///
443 /// [offset] - File offset to read
444 ///
445 /// [size] - Read size,in bytes
446 ///
447 /// ## specification note
448 /// actual read size may be less than [size]
449 fn read_file(&self, name: &str, offset: u32, size: usize) -> Result<Vec<u8>>;
450 /// Write date to file
451 ///
452 /// [name] - The file name
453 ///
454 /// [offset] - File offset to write
455 ///
456 /// [data] - The data to write
457 fn write_file(&self, name: &str, offset: u32, data: &[u8]) -> Result<()>;
458 /// Get file attribute info
459 ///
460 /// [name] - The file name
461 fn get_file_info(&self, name: &str) -> Result<FileAttr>;
462}
463
464pub trait ContainerManager {
465 /// Enumerate all apps in the app,return container names
466 fn enumerate_container_name(&self) -> Result<Vec<String>>;
467
468 /// Create container in the app
469 ///
470 /// [name] - The container name
471 fn create_container(&self, name: &str) -> Result<Box<dyn SkfContainer>>;
472
473 /// Open container by name
474 ///
475 /// [name] - The container name
476 fn open_container(&self, name: &str) -> Result<Box<dyn SkfContainer>>;
477
478 /// Delete container by name
479 ///
480 /// [name] - The container name
481 fn delete_container(&self, name: &str) -> Result<()>;
482}
483
484/// Represents an Application instance
485/// ## Close
486/// Application instance is closed when `Drop`
487pub trait SkfApp: AppSecurity + FileManager + ContainerManager {
488 /// The name when it is opened
489 fn name(&self) -> &str;
490}
491
492const CONTAINER_TYPE_UNKNOWN: u32 = 0;
493const CONTAINER_TYPE_RSA: u32 = 0;
494const CONTAINER_TYPE_ECC: u32 = 0;
495
496/// Represents a Container instance
497/// ## Close
498/// Container instance is closed when `Drop`
499/// ## Owner object lifetime requirement
500/// If owner object([SkfApp]) is dropped, the `SkfContainer` object will be invalid
501pub trait SkfContainer {
502 /// The name when it is opened
503 fn name(&self) -> &str;
504
505 /// Get container type,the value of type can be:
506 /// - [CONTAINER_TYPE_UNKNOWN]
507 /// - [CONTAINER_TYPE_RSA]
508 /// - [CONTAINER_TYPE_ECC]
509 fn get_type(&self) -> Result<u32>;
510
511 /// Import certificate to container
512 ///
513 /// [signer] - True means The imported certificate is used for sign
514 ///
515 /// [data] - The certificate data
516 fn import_certificate(&self, signer: bool, data: &[u8]) -> Result<()>;
517
518 /// Export certificate from container
519 ///
520 /// [signer] - True means The exported certificate is used for sign
521 fn export_certificate(&self, signer: bool) -> Result<Vec<u8>>;
522
523 /// Generate ECC key pair(signing part),the private key will be stored in the container.
524 ///
525 /// see [SKF_GenECCKeyPair] for more details
526 ///
527 /// [alg_id] - The algorithm id, supported values is `SGD_SM2_1`
528 fn ecc_gen_key_pair(&self, alg_id: u32) -> Result<ECCPublicKeyBlob>;
529
530 /// Import ECC key pair( encryption part) to container.
531 ///
532 /// see [SKF_ImportECCKeyPair] for more details
533 ///
534 /// [enveloped_key] - The enveloped key data
535 ///
536 /// ## permission state requirement
537 /// user permission
538 fn ecc_import_key_pair(&self, enveloped_key: &EnvelopedKeyData) -> Result<()>;
539
540 /// Export ECC public key from container.
541 ///
542 /// see [SKF_ExportPublicKey] for more details
543 ///
544 /// [sign_part] - True means The exported public key is used for sign
545 fn ecc_export_public_key(&self, sign_part: bool) -> Result<Vec<u8>>;
546
547 /// Sign data use signing key in the container
548 ///
549 /// see [SKF_ECCSignData] for more details
550 ///
551 /// [hash] - The hash value of data.
552 /// When using the SM2 algorithm, the data is the result of pre-processing the data to be
553 /// signed through the SM2 signature pre-processing. The pre-processing procedure follows `GM/T 0009`.
554 fn ecc_sign(&self, hash: &[u8]) -> Result<ECCSignatureBlob>;
555
556 /// Key exchange step: generate ephemeral public key and agreement key for initiator
557 ///
558 /// see [SKF_GenerateAgreementDataWithECC] for more details
559 ///
560 /// [alg_id] - The algorithm id used for session key generation
561 ///
562 /// [id] - Initiator's ID,max 32 bytes
563 ///
564 /// ## Return value
565 /// return ephemeral public key and key agreement handle
566 fn sk_gen_agreement_data(
567 &self,
568 alg_id: u32,
569 id: &[u8],
570 ) -> Result<(ECCPublicKeyBlob, Box<dyn ManagedKey>)>;
571
572 /// Key exchange step: generate ephemeral public key and session key for responder
573 ///
574 /// see [SKF_GenerateAgreementDataAndKeyWithECC] for more details
575 ///
576 /// [alg_id] - The algorithm id used for session key generation
577 ///
578 /// [initiator_key] - Initiator's public key
579 ///
580 /// [initiator_tmp_key] - Initiator's ephemeral public key
581 ///
582 /// [initiator_id] - Initiator's ID,max 32 bytes
583 ///
584 /// [responder_id] - Responder's ID,max 32 bytes
585 ///
586 /// ## Return value
587 /// return ephemeral public key and session key handle
588 fn sk_gen_agreement_data_and_key(
589 &self,
590 alg_id: u32,
591 initiator_key: &ECCPublicKeyBlob,
592 initiator_tmp_key: &ECCPublicKeyBlob,
593 initiator_id: &[u8],
594 responder_id: &[u8],
595 ) -> Result<(ECCPublicKeyBlob, Box<dyn ManagedKey>)>;
596
597 /// Import session key
598 ///
599 /// see [SKF_ImportSessionKey] for more details
600 ///
601 /// [alg_id] - The algorithm id
602 ///
603 /// [key_data] - The session key data
604 fn sk_import(&self, alg_id: u32, key_data: &[u8]) -> Result<Box<dyn ManagedKey>>;
605
606 /// Generate session key and export it
607 ///
608 /// [alg_id] - The algorithm id used for session key generation
609 ///
610 /// [key] - The public key,used for encrypt session key
611 fn sk_export(
612 &self,
613 alg_id: u32,
614 key: &ECCPublicKeyBlob,
615 ) -> Result<(Box<dyn ManagedKey>, ECCEncryptedData)>;
616}
617
618pub type Hash256 = [u8; 32];
619
620/// Block cipher parameter,wrapper of `BlockCipherParam`
621#[derive(Debug, Default)]
622pub struct BlockCipherParameter {
623 /// IV data,max 32 bytes,Empty means no IV
624 pub iv: Vec<u8>,
625 /// padding type,
626 /// - 0: None
627 /// - 1: PKCS7
628 pub padding_type: u8,
629 pub feed_bit_len: u32,
630}
631
632/// Represents a key object
633/// ## Close
634/// key object is closed when `Drop`
635pub trait ManagedKey: AsRef<HANDLE> {}
636
637/// Block cipher service
638pub trait SkfBlockCipher {
639 /// Initialize encryption
640 ///
641 /// [key] - The key object
642 ///
643 /// [param] - The encryption parameter
644 fn encrypt_init(&self, key: &dyn ManagedKey, param: &BlockCipherParameter) -> Result<()>;
645
646 /// Encrypt data
647 ///
648 /// [data] - The data to encrypt
649 ///
650 /// [buffer_size] - The buffer size to receive encrypted data,it depends on the encryption parameter passed by `encrypt_init` and crypto algorithm
651 ///
652 /// see `SKF_Encrypt` for more details
653 fn encrypt(&self, key: &dyn ManagedKey, data: &[u8], buffer_size: usize) -> Result<Vec<u8>>;
654
655 /// Encrypting multiple groups of data.
656 ///
657 /// [data] - The data to encrypt
658 ///
659 /// [buffer_size] - The buffer size to receive encrypted data,it depends on the encryption parameter passed by `encrypt_init` and crypto algorithm
660 ///
661 /// see `SKF_EncryptUpdate` for more details
662 fn encrypt_update(
663 &self,
664 key: &dyn ManagedKey,
665 data: &[u8],
666 buffer_size: usize,
667 ) -> Result<Vec<u8>>;
668
669 /// Finish encrypting multiple groups of data, return the remaining encrypted result
670 ///
671 /// [buffer_size] - The buffer size to receive encrypted data,it depends on the encryption parameter passed by `encrypt_init` and crypto algorithm
672 ///
673 /// see `SKF_EncryptFinal` for more details
674 fn encrypt_final(&self, key: &dyn ManagedKey, buffer_size: usize) -> Result<Vec<u8>>;
675
676 /// Initialize decryption
677 ///
678 /// [key] - The key object
679 ///
680 /// [param] - The decryption parameter
681 ///
682 /// see `SKF_DecryptInit` for more details
683 fn decrypt_init(&self, key: &dyn ManagedKey, param: &BlockCipherParameter) -> Result<()>;
684
685 /// Decrypt data
686 ///
687 /// [data] - The data to decrypt
688 ///
689 /// [buffer_size] - The buffer size to receive decrypted data,it depends on the decryption parameter passed by `decrypt_init` and crypto algorithm
690 ///
691 /// see `SKF_Decrypt` for more details
692 fn decrypt(&self, key: &dyn ManagedKey, data: &[u8], buffer_size: usize) -> Result<Vec<u8>>;
693
694 /// Decrypting multiple groups of data.
695 ///
696 /// [data] - The data to decrypt
697 ///
698 /// [buffer_size] - The buffer size to receive decrypted data,it depends on the encryption parameter passed by `decrypt_init` and crypto algorithm
699 ///
700 /// see `SKF_EncryptUpdate` for more details
701 fn decrypt_update(
702 &self,
703 key: &dyn ManagedKey,
704 data: &[u8],
705 buffer_size: usize,
706 ) -> Result<Vec<u8>>;
707
708 /// Finish decrypting multiple groups of data, return the remaining decrypted result
709 ///
710 /// [buffer_size] - The buffer size to receive decrypted data,it depends on the decryption parameter passed by `decrypt_init` and crypto algorithm
711 ///
712 /// see `SKF_EncryptFinal` for more details
713 fn decrypt_final(&self, key: &dyn ManagedKey, buffer_size: usize) -> Result<Vec<u8>>;
714}