From f529c96c93f1fc8de8e60ace3a8eff13928e6ee6 Mon Sep 17 00:00:00 2001 From: Direktor799 Date: Thu, 7 Nov 2024 23:52:18 +0800 Subject: [PATCH 1/4] feat: support vendor defined mechanisms Signed-off-by: Direktor799 --- cryptoki/src/mechanism/mod.rs | 33 ++++++++++++++++++++++ cryptoki/src/mechanism/vendor_defined.rs | 36 ++++++++++++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 cryptoki/src/mechanism/vendor_defined.rs diff --git a/cryptoki/src/mechanism/mod.rs b/cryptoki/src/mechanism/mod.rs index c91ece76..a2d8432a 100644 --- a/cryptoki/src/mechanism/mod.rs +++ b/cryptoki/src/mechanism/mod.rs @@ -8,6 +8,7 @@ pub mod elliptic_curve; pub mod hkdf; mod mechanism_info; pub mod rsa; +pub mod vendor_defined; use crate::error::Error; use cryptoki_sys::*; @@ -18,6 +19,7 @@ use std::fmt::Formatter; use std::mem::size_of; use std::ops::Deref; use std::ptr::null_mut; +use vendor_defined::VendorDefinedMechanism; use crate::mechanism::rsa::PkcsOaepParams; pub use mechanism_info::MechanismInfo; @@ -298,6 +300,28 @@ impl MechanismType { /// HKDF-DATA mechanism pub const HKDF_DATA: MechanismType = MechanismType { val: CKM_HKDF_DATA }; + /// Create vendor defined mechanism + /// + /// # Arguments + /// + /// * `adding` - The adding based on `CKM_VENDOR_DEFINED` + /// + /// Usually vendors defines custom mechanism like this: + /// ```c + /// #define CKM_SOME_CUSTOM_MECH (CKM_VENDOR_DEFINED | 0x00000001UL) + /// ``` + /// + /// It maps to + /// ```rust + /// pub const CKM_SOME_CUSTOM_MECH: MechanismType = + /// MechanismType::new_vendor_defined(0x00000001); + /// ``` + pub const fn new_vendor_defined(adding: u64) -> MechanismType { + MechanismType { + val: CKM_VENDOR_DEFINED | adding, + } + } + pub(crate) fn stringify(mech: CK_MECHANISM_TYPE) -> String { match mech { CKM_RSA_PKCS_KEY_PAIR_GEN => String::from(stringify!(CKM_RSA_PKCS_KEY_PAIR_GEN)), @@ -937,6 +961,9 @@ pub enum Mechanism<'a> { HkdfDerive(hkdf::HkdfParams<'a>), /// HKDF-DATA mechanism HkdfData(hkdf::HkdfParams<'a>), + + /// Vendor defined mechanism + VendorDefined(VendorDefinedMechanism<'a>), } impl Mechanism<'_> { @@ -1008,6 +1035,10 @@ impl Mechanism<'_> { Mechanism::HkdfKeyGen => MechanismType::HKDF_KEY_GEN, Mechanism::HkdfDerive(_) => MechanismType::HKDF_DERIVE, Mechanism::HkdfData(_) => MechanismType::HKDF_DATA, + + Mechanism::VendorDefined(vm) => MechanismType { + val: vm.inner.mechanism, + }, } } } @@ -1087,6 +1118,8 @@ impl From<&Mechanism<'_>> for CK_MECHANISM { pParameter: null_mut(), ulParameterLen: 0, }, + // Vendor defined mechanisms + Mechanism::VendorDefined(vm) => vm.inner, } } } diff --git a/cryptoki/src/mechanism/vendor_defined.rs b/cryptoki/src/mechanism/vendor_defined.rs new file mode 100644 index 00000000..50d75a1f --- /dev/null +++ b/cryptoki/src/mechanism/vendor_defined.rs @@ -0,0 +1,36 @@ +// Copyright 2024 Contributors to the Parsec project. +// SPDX-License-Identifier: Apache-2.0 +//! Mechanism types are defined with the objects and mechanism descriptions that use them. +//! Vendor defined values for this type may also be specified. +//! See: + +use std::{marker::PhantomData, ptr::null_mut}; + +use cryptoki_sys::CK_MECHANISM; + +use super::{make_mechanism, MechanismType}; + +/// Vendor defined mechanism. +#[derive(Debug, Clone, Copy)] +pub struct VendorDefinedMechanism<'a> { + pub(crate) inner: CK_MECHANISM, + /// Marker type to ensure we don't outlive the data + _marker: PhantomData<&'a [u8]>, +} + +impl<'a> VendorDefinedMechanism<'a> { + /// Create a new vendor defined mechanism. + pub fn new(mechanism_type: MechanismType, params: Option<&'a T>) -> Self { + Self { + inner: match params { + Some(params) => make_mechanism(mechanism_type.val, params), + None => CK_MECHANISM { + mechanism: mechanism_type.val, + pParameter: null_mut(), + ulParameterLen: 0, + }, + }, + _marker: PhantomData, + } + } +} From f4dc8e9c9ab54513c846afaed8e944465a565a47 Mon Sep 17 00:00:00 2001 From: Direktor799 Date: Fri, 8 Nov 2024 00:30:35 +0800 Subject: [PATCH 2/4] fix: use CK_ULONG for vendor mechs Signed-off-by: Direktor799 --- cryptoki/src/mechanism/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cryptoki/src/mechanism/mod.rs b/cryptoki/src/mechanism/mod.rs index a2d8432a..869887b4 100644 --- a/cryptoki/src/mechanism/mod.rs +++ b/cryptoki/src/mechanism/mod.rs @@ -316,7 +316,7 @@ impl MechanismType { /// pub const CKM_SOME_CUSTOM_MECH: MechanismType = /// MechanismType::new_vendor_defined(0x00000001); /// ``` - pub const fn new_vendor_defined(adding: u64) -> MechanismType { + pub const fn new_vendor_defined(adding: CK_ULONG) -> MechanismType { MechanismType { val: CKM_VENDOR_DEFINED | adding, } From 12e21fadbf16a577061e5d9b51054aae8baeecbe Mon Sep 17 00:00:00 2001 From: Direktor799 Date: Fri, 8 Nov 2024 00:42:43 +0800 Subject: [PATCH 3/4] fix: vendor mech doc test Signed-off-by: Direktor799 --- cryptoki/src/mechanism/mod.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cryptoki/src/mechanism/mod.rs b/cryptoki/src/mechanism/mod.rs index 869887b4..8b436f59 100644 --- a/cryptoki/src/mechanism/mod.rs +++ b/cryptoki/src/mechanism/mod.rs @@ -313,6 +313,8 @@ impl MechanismType { /// /// It maps to /// ```rust + /// use cryptoki::mechanism::MechanismType; + /// /// pub const CKM_SOME_CUSTOM_MECH: MechanismType = /// MechanismType::new_vendor_defined(0x00000001); /// ``` From add62911a785a3efabc8dcbe8babf489ea527800 Mon Sep 17 00:00:00 2001 From: Direktor799 Date: Tue, 12 Nov 2024 00:11:08 +0800 Subject: [PATCH 4/4] feat: pass value to vendor mechs Signed-off-by: Direktor799 --- cryptoki/src/mechanism/mod.rs | 25 ++++++++++++------------ cryptoki/src/mechanism/vendor_defined.rs | 1 + 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/cryptoki/src/mechanism/mod.rs b/cryptoki/src/mechanism/mod.rs index 8b436f59..88b4a7ee 100644 --- a/cryptoki/src/mechanism/mod.rs +++ b/cryptoki/src/mechanism/mod.rs @@ -304,23 +304,24 @@ impl MechanismType { /// /// # Arguments /// - /// * `adding` - The adding based on `CKM_VENDOR_DEFINED` + /// * `val` - The value of vendor defined mechanism /// - /// Usually vendors defines custom mechanism like this: - /// ```c - /// #define CKM_SOME_CUSTOM_MECH (CKM_VENDOR_DEFINED | 0x00000001UL) - /// ``` + /// # Errors + /// + /// If `val` is less then `CKM_VENDOR_DEFINED`, a `Error::InvalidValue` will be returned /// - /// It maps to + /// # Examples /// ```rust - /// use cryptoki::mechanism::MechanismType; + /// use cryptoki::mechanism::{vendor_defined::CKM_VENDOR_DEFINED, MechanismType}; /// - /// pub const CKM_SOME_CUSTOM_MECH: MechanismType = - /// MechanismType::new_vendor_defined(0x00000001); + /// let some_custom_mech: MechanismType = + /// MechanismType::new_vendor_defined(CKM_VENDOR_DEFINED | 0x00000001).unwrap(); /// ``` - pub const fn new_vendor_defined(adding: CK_ULONG) -> MechanismType { - MechanismType { - val: CKM_VENDOR_DEFINED | adding, + pub fn new_vendor_defined(val: CK_MECHANISM_TYPE) -> crate::error::Result { + if val < CKM_VENDOR_DEFINED { + Err(Error::InvalidValue) + } else { + Ok(MechanismType { val }) } } diff --git a/cryptoki/src/mechanism/vendor_defined.rs b/cryptoki/src/mechanism/vendor_defined.rs index 50d75a1f..cce5bdb7 100644 --- a/cryptoki/src/mechanism/vendor_defined.rs +++ b/cryptoki/src/mechanism/vendor_defined.rs @@ -6,6 +6,7 @@ use std::{marker::PhantomData, ptr::null_mut}; +pub use cryptoki_sys::CKM_VENDOR_DEFINED; use cryptoki_sys::CK_MECHANISM; use super::{make_mechanism, MechanismType};