From 697a4bf42db5eeefec7d6d31b9aee857b9dedb6d Mon Sep 17 00:00:00 2001 From: Joe Rozner Date: Fri, 20 Dec 2024 19:30:12 -0800 Subject: [PATCH 1/5] Add support for vendor defined attributes Signed-off-by: Joe Rozner --- cryptoki/src/object.rs | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/cryptoki/src/object.rs b/cryptoki/src/object.rs index 19c74de5..2742a8ef 100644 --- a/cryptoki/src/object.rs +++ b/cryptoki/src/object.rs @@ -15,7 +15,6 @@ use std::mem::size_of; use std::ops::Deref; #[derive(Debug, Copy, Clone, Ord, PartialOrd, Eq, PartialEq, Hash)] -#[non_exhaustive] /// Type of an attribute pub enum AttributeType { /// DER-encoding of the attribute certificate's issuer @@ -128,6 +127,8 @@ pub enum AttributeType { Value, /// Length in bytes of the value ValueLen, + /// Vendor defined attribute + VendorDefined(CK_ATTRIBUTE_TYPE), /// Determines if a key supports verifying Verify, /// Determines if a key supports verifying where the data can be recovered from the signature @@ -254,6 +255,7 @@ impl AttributeType { CKA_UNWRAP_TEMPLATE => String::from(stringify!(CKA_UNWRAP_TEMPLATE)), CKA_DERIVE_TEMPLATE => String::from(stringify!(CKA_DERIVE_TEMPLATE)), CKA_ALLOWED_MECHANISMS => String::from(stringify!(CKA_ALLOWED_MECHANISMS)), + CKA_VENDOR_DEFINED => String::from(stringify!(CKA_VENDOR_DEFINED)), _ => format!("unknown ({val:08x})"), } } @@ -324,6 +326,7 @@ impl From for CK_ATTRIBUTE_TYPE { AttributeType::Url => CKA_URL, AttributeType::Value => CKA_VALUE, AttributeType::ValueLen => CKA_VALUE_LEN, + AttributeType::VendorDefined(val) => val, AttributeType::Verify => CKA_VERIFY, AttributeType::VerifyRecover => CKA_VERIFY_RECOVER, AttributeType::Wrap => CKA_WRAP, @@ -396,6 +399,7 @@ impl TryFrom for AttributeType { CKA_VERIFY_RECOVER => Ok(AttributeType::VerifyRecover), CKA_WRAP => Ok(AttributeType::Wrap), CKA_WRAP_WITH_TRUSTED => Ok(AttributeType::WrapWithTrusted), + 0x8000_0000..=0xffff_ffff => Ok(AttributeType::VendorDefined(attribute_type)), attr_type => { error!("Attribute type {} not supported.", attr_type); Err(Error::NotSupported) @@ -405,7 +409,6 @@ impl TryFrom for AttributeType { } #[derive(Debug, Clone, PartialEq, Eq)] -#[non_exhaustive] /// Attribute value pub enum Attribute { /// DER-encoding of the attribute certificate's issuer @@ -518,6 +521,8 @@ pub enum Attribute { Value(Vec), /// Length in bytes of the value ValueLen(Ulong), + /// Vendor defined value + VendorDefined((CK_ATTRIBUTE_TYPE, Vec)), /// Determines if a key supports verifying Verify(bool), /// Determines if a key supports verifying where the data can be recovered from the signature @@ -587,6 +592,7 @@ impl Attribute { Attribute::Url(_) => AttributeType::Url, Attribute::Value(_) => AttributeType::Value, Attribute::ValueLen(_) => AttributeType::ValueLen, + Attribute::VendorDefined((num, _)) => AttributeType::VendorDefined(*num), Attribute::Verify(_) => AttributeType::Verify, Attribute::VerifyRecover(_) => AttributeType::VerifyRecover, Attribute::Wrap(_) => AttributeType::Wrap, @@ -658,6 +664,7 @@ impl Attribute { Attribute::AllowedMechanisms(mechanisms) => { size_of::() * mechanisms.len() } + Attribute::VendorDefined((_, bytes)) => bytes.len(), } } @@ -730,6 +737,7 @@ impl Attribute { | Attribute::Subject(bytes) | Attribute::Url(bytes) | Attribute::Value(bytes) + | Attribute::VendorDefined((_, bytes)) | Attribute::Id(bytes) => bytes.as_ptr() as *mut c_void, // Unique types Attribute::CertificateType(certificate_type) => { @@ -929,7 +937,8 @@ impl TryFrom for Attribute { )?)) } } - } + }, + AttributeType::VendorDefined(t) => Ok(Attribute::VendorDefined((t, val.to_vec()))), } } } From 8aee5bdcf84e9aaa3ea9aa7d851566cc20847e61 Mon Sep 17 00:00:00 2001 From: Joe Rozner Date: Sat, 21 Dec 2024 09:55:43 -0800 Subject: [PATCH 2/5] Add fixes for feedback Signed-off-by: Joe Rozner --- cryptoki/src/object.rs | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/cryptoki/src/object.rs b/cryptoki/src/object.rs index 2742a8ef..4ef28a3f 100644 --- a/cryptoki/src/object.rs +++ b/cryptoki/src/object.rs @@ -14,6 +14,8 @@ use std::fmt::Formatter; use std::mem::size_of; use std::ops::Deref; +const MAX_CU_ULONG: CK_ULONG = !0; + #[derive(Debug, Copy, Clone, Ord, PartialOrd, Eq, PartialEq, Hash)] /// Type of an attribute pub enum AttributeType { @@ -255,7 +257,9 @@ impl AttributeType { CKA_UNWRAP_TEMPLATE => String::from(stringify!(CKA_UNWRAP_TEMPLATE)), CKA_DERIVE_TEMPLATE => String::from(stringify!(CKA_DERIVE_TEMPLATE)), CKA_ALLOWED_MECHANISMS => String::from(stringify!(CKA_ALLOWED_MECHANISMS)), - CKA_VENDOR_DEFINED => String::from(stringify!(CKA_VENDOR_DEFINED)), + CKA_VENDOR_DEFINED..=MAX_CU_ULONG => { + format!("{}_{}", stringify!(CKA_VENDOR_DEFINED), val) + } _ => format!("unknown ({val:08x})"), } } @@ -399,7 +403,7 @@ impl TryFrom for AttributeType { CKA_VERIFY_RECOVER => Ok(AttributeType::VerifyRecover), CKA_WRAP => Ok(AttributeType::Wrap), CKA_WRAP_WITH_TRUSTED => Ok(AttributeType::WrapWithTrusted), - 0x8000_0000..=0xffff_ffff => Ok(AttributeType::VendorDefined(attribute_type)), + CKA_VENDOR_DEFINED..=MAX_CU_ULONG => Ok(AttributeType::VendorDefined(attribute_type)), attr_type => { error!("Attribute type {} not supported.", attr_type); Err(Error::NotSupported) @@ -937,7 +941,7 @@ impl TryFrom for Attribute { )?)) } } - }, + } AttributeType::VendorDefined(t) => Ok(Attribute::VendorDefined((t, val.to_vec()))), } } From 2289253603631ce7119942e2ec77c51bd1b5f7f6 Mon Sep 17 00:00:00 2001 From: Joe Rozner Date: Sat, 21 Dec 2024 10:02:06 -0800 Subject: [PATCH 3/5] Switch away from CK_ATTRIBUTE_TYPE Signed-off-by: Joe Rozner --- cryptoki/src/object.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cryptoki/src/object.rs b/cryptoki/src/object.rs index 4ef28a3f..65255451 100644 --- a/cryptoki/src/object.rs +++ b/cryptoki/src/object.rs @@ -526,7 +526,7 @@ pub enum Attribute { /// Length in bytes of the value ValueLen(Ulong), /// Vendor defined value - VendorDefined((CK_ATTRIBUTE_TYPE, Vec)), + VendorDefined((AttributeType, Vec)), /// Determines if a key supports verifying Verify(bool), /// Determines if a key supports verifying where the data can be recovered from the signature @@ -596,7 +596,7 @@ impl Attribute { Attribute::Url(_) => AttributeType::Url, Attribute::Value(_) => AttributeType::Value, Attribute::ValueLen(_) => AttributeType::ValueLen, - Attribute::VendorDefined((num, _)) => AttributeType::VendorDefined(*num), + Attribute::VendorDefined((num, _)) => *num, Attribute::Verify(_) => AttributeType::Verify, Attribute::VerifyRecover(_) => AttributeType::VerifyRecover, Attribute::Wrap(_) => AttributeType::Wrap, @@ -942,7 +942,7 @@ impl TryFrom for Attribute { } } } - AttributeType::VendorDefined(t) => Ok(Attribute::VendorDefined((t, val.to_vec()))), + AttributeType::VendorDefined(t) => Ok(Attribute::VendorDefined((AttributeType::VendorDefined(t), val.to_vec()))), } } } From 6264c29dad541d5fa211a97227cc2237dad9ccd1 Mon Sep 17 00:00:00 2001 From: Joe Rozner Date: Sun, 22 Dec 2024 10:50:09 -0800 Subject: [PATCH 4/5] Fix formatting Signed-off-by: Joe Rozner --- cryptoki/src/object.rs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cryptoki/src/object.rs b/cryptoki/src/object.rs index 65255451..1836862a 100644 --- a/cryptoki/src/object.rs +++ b/cryptoki/src/object.rs @@ -942,7 +942,10 @@ impl TryFrom for Attribute { } } } - AttributeType::VendorDefined(t) => Ok(Attribute::VendorDefined((AttributeType::VendorDefined(t), val.to_vec()))), + AttributeType::VendorDefined(t) => Ok(Attribute::VendorDefined(( + AttributeType::VendorDefined(t), + val.to_vec(), + ))), } } } From 69213737ee032781e921ac18f923c39b00e1518c Mon Sep 17 00:00:00 2001 From: Joe Rozner Date: Mon, 23 Dec 2024 21:15:20 -0800 Subject: [PATCH 5/5] Add non_exhaustive back Signed-off-by: Joe Rozner --- cryptoki/src/object.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cryptoki/src/object.rs b/cryptoki/src/object.rs index 1836862a..449d4354 100644 --- a/cryptoki/src/object.rs +++ b/cryptoki/src/object.rs @@ -17,6 +17,7 @@ use std::ops::Deref; const MAX_CU_ULONG: CK_ULONG = !0; #[derive(Debug, Copy, Clone, Ord, PartialOrd, Eq, PartialEq, Hash)] +#[non_exhaustive] /// Type of an attribute pub enum AttributeType { /// DER-encoding of the attribute certificate's issuer @@ -413,6 +414,7 @@ impl TryFrom for AttributeType { } #[derive(Debug, Clone, PartialEq, Eq)] +#[non_exhaustive] /// Attribute value pub enum Attribute { /// DER-encoding of the attribute certificate's issuer