diff --git a/Cargo.toml b/Cargo.toml index 9fda9ce..c155dc7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,38 +10,5 @@ # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and -# limitations under the License. -[package] -name = "pkcs11" -version = "0.6.0" -authors = ["Marcus Heese "] -edition = '2018' -description = "Rust PKCS#11 Library" -#documentation = "https://github.com/mheese/rust-pkcs11" -homepage = "https://github.com/mheese/rust-pkcs11" -repository = "https://github.com/mheese/rust-pkcs11" -readme = "README.md" -keywords = ["pkcs11", "cryptoki"] -categories = ["external-ffi-bindings", "cryptography", "hardware-support"] -license = "Apache-2.0" -license-file = "LICENSE" -exclude = [ - "pkcs11-docs/**", -] - -[badges] -maintenance = { status = "actively-developed" } -codecov = { repository = "mheese/rust-pkcs11", branch = "master", service = "github" } -is-it-maintained-issue-resolution = { repository = "mheese/rust-pkcs11" } -is-it-maintained-open-issues = { repository = "mheese/rust-pkcs11" } - -[dependencies] -libloading = "0.6.1" -num-bigint = "0.2.6" -#libc = "0.2.33" - -[dev-dependencies] -num-traits = "0.2.11" -hex = "0.4.2" -serial_test = "0.4.0" -serial_test_derive = "0.4.0" +[workspace] +members = ["pkcs11", "pkcs11-sys"] diff --git a/pkcs11-sys/Cargo.toml b/pkcs11-sys/Cargo.toml new file mode 100644 index 0000000..3fbe1c7 --- /dev/null +++ b/pkcs11-sys/Cargo.toml @@ -0,0 +1,28 @@ +[package] +name = "pkcs11-sys" +version = "0.6.0" +authors = ["Marcus Heese "] +edition = "2018" +homepage = "https://github.com/mheese/rust-pkcs11" +repository = "https://github.com/mheese/rust-pkcs11" +readme = "README.md" +keywords = ["pkcs11", "cryptoki"] +categories = ["external-ffi-bindings", "cryptography", "hardware-support"] +license-file = "LICENSE" +links = "pkcs11" +build="build.rs" + +include = [ + "README.md", + "Cargo.toml", + "build.rs", +] + +[build-dependencies] +bindgen = { version = "0.56.0", optional = true } + +[dependencies] +libloading = "0.6.3" + +[features] +generate-bindings = ["bindgen"] diff --git a/pkcs11-sys/build.rs b/pkcs11-sys/build.rs new file mode 100644 index 0000000..d3e2ed7 --- /dev/null +++ b/pkcs11-sys/build.rs @@ -0,0 +1,45 @@ +fn main() { + #[cfg(feature = "generate-bindings")] + { + generate_bindings(); + } + + #[cfg(not(feature = "generate-bindings"))] + { + let supported_platforms = vec![String::from("x86_64-unknown-linux-gnu")]; + let target = std::env::var("TARGET").unwrap(); + + // check if target is in the list of supported ones or panic with nice message + if !supported_platforms.contains(&target) { + panic!(format!("Compilation target ({}) is not part of the supported targets ({:?}). Please compile with the \"generate-bindings\" feature or add support for your platform :)", target, supported_platforms)); + } + } +} + +// Only on a specific feature +#[cfg(feature = "generate-bindings")] +fn generate_bindings() { + let bindings = bindgen::Builder::default() + .header("pkcs11.h") + .dynamic_library_name("Pkcs11") + // The PKCS11 library works in a slightly different way to most shared libraries. We have + // to call `C_GetFunctionList`, which returns a list of pointers to the _actual_ library + // functions. This is the only function we need to create a binding for. + .whitelist_function("C_GetFunctionList") + // This is needed because no types will be generated if `whitelist_function` is used. + // Unsure if this is a bug. + .whitelist_type("*") + // Derive the `Debug` trait for the generated structs where possible. + .derive_debug(true) + // Derive the `Default` trait for the generated structs where possible. + .derive_default(true) + .parse_callbacks(Box::new(bindgen::CargoCallbacks)) + .generate() + .expect("Unable to generate bindings"); + + // Write the bindings to the $OUT_DIR/pkcs11_bindings.rs file. + let out_path = std::path::PathBuf::from(std::env::var("OUT_DIR").unwrap()); + bindings + .write_to_file(out_path.join("pkcs11_bindings.rs")) + .expect("Couldn't write bindings!"); +} diff --git a/pkcs11-sys/pkcs11.h b/pkcs11-sys/pkcs11.h new file mode 100644 index 0000000..4d8c365 --- /dev/null +++ b/pkcs11-sys/pkcs11.h @@ -0,0 +1,1748 @@ +/* pkcs11.h + Copyright 2006, 2007 g10 Code GmbH + Copyright 2006 Andreas Jellinghaus + Copyright 2017 Red Hat, Inc. + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even + the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + PURPOSE. */ + +/* Please submit any changes back to the p11-kit project at + https://github.com/p11-glue/p11-kit/, so that + they can be picked up by other projects from there as well. */ + +/* This file is a modified implementation of the PKCS #11 standard by + OASIS group. It is mostly a drop-in replacement, with the + following change: + + This header file does not require any macro definitions by the user + (like CK_DEFINE_FUNCTION etc). In fact, it defines those macros + for you (if useful, some are missing, let me know if you need + more). + + There is an additional API available that does comply better to the + GNU coding standard. It can be switched on by defining + CRYPTOKI_GNU before including this header file. For this, the + following changes are made to the specification: + + All structure types are changed to a "struct ck_foo" where CK_FOO + is the type name in PKCS #11. + + All non-structure types are changed to ck_foo_t where CK_FOO is the + lowercase version of the type name in PKCS #11. The basic types + (CK_ULONG et al.) are removed without substitute. + + All members of structures are modified in the following way: Type + indication prefixes are removed, and underscore characters are + inserted before words. Then the result is lowercased. + + Note that function names are still in the original case, as they + need for ABI compatibility. + + CK_FALSE, CK_TRUE and NULL_PTR are removed without substitute. Use + . + + If CRYPTOKI_COMPAT is defined before including this header file, + then none of the API changes above take place, and the API is the + one defined by the PKCS #11 standard. */ + +#ifndef PKCS11_H +#define PKCS11_H 1 + +#if defined(__cplusplus) +extern "C" { +#endif + + +/* The version of cryptoki we implement. The revision is changed with + each modification of this file. */ +#define CRYPTOKI_VERSION_MAJOR 2 +#define CRYPTOKI_VERSION_MINOR 40 +#define P11_KIT_CRYPTOKI_VERSION_REVISION 0 + + +/* Compatibility interface is default, unless CRYPTOKI_GNU is + given. */ +#ifndef CRYPTOKI_GNU +#ifndef CRYPTOKI_COMPAT +#define CRYPTOKI_COMPAT 1 +#endif +#endif + +/* System dependencies. */ + +#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) + +/* There is a matching pop below. */ +#pragma pack(push, cryptoki, 1) + +#ifdef CRYPTOKI_EXPORTS +#define CK_SPEC __declspec(dllexport) +#else +#define CK_SPEC __declspec(dllimport) +#endif + +#else + +#define CK_SPEC + +#endif + + +#ifdef CRYPTOKI_COMPAT + /* If we are in compatibility mode, switch all exposed names to the + PKCS #11 variant. There are corresponding #undefs below. */ + +#define ck_flags_t CK_FLAGS +#define ck_version _CK_VERSION + +#define ck_info _CK_INFO +#define cryptoki_version cryptokiVersion +#define manufacturer_id manufacturerID +#define library_description libraryDescription +#define library_version libraryVersion + +#define ck_notification_t CK_NOTIFICATION +#define ck_slot_id_t CK_SLOT_ID + +#define ck_slot_info _CK_SLOT_INFO +#define slot_description slotDescription +#define hardware_version hardwareVersion +#define firmware_version firmwareVersion + +#define ck_token_info _CK_TOKEN_INFO +#define serial_number serialNumber +#define max_session_count ulMaxSessionCount +#define session_count ulSessionCount +#define max_rw_session_count ulMaxRwSessionCount +#define rw_session_count ulRwSessionCount +#define max_pin_len ulMaxPinLen +#define min_pin_len ulMinPinLen +#define total_public_memory ulTotalPublicMemory +#define free_public_memory ulFreePublicMemory +#define total_private_memory ulTotalPrivateMemory +#define free_private_memory ulFreePrivateMemory +#define utc_time utcTime + +#define ck_session_handle_t CK_SESSION_HANDLE +#define ck_user_type_t CK_USER_TYPE +#define ck_state_t CK_STATE + +#define ck_session_info _CK_SESSION_INFO +#define slot_id slotID +#define device_error ulDeviceError + +#define ck_object_handle_t CK_OBJECT_HANDLE +#define ck_object_class_t CK_OBJECT_CLASS +#define ck_hw_feature_type_t CK_HW_FEATURE_TYPE +#define ck_key_type_t CK_KEY_TYPE +#define ck_certificate_type_t CK_CERTIFICATE_TYPE +#define ck_attribute_type_t CK_ATTRIBUTE_TYPE + +#define ck_attribute _CK_ATTRIBUTE +#define value pValue +#define value_len ulValueLen + +#define count ulCount + +#define ck_date _CK_DATE + +#define ck_mechanism_type_t CK_MECHANISM_TYPE + +#define ck_mechanism _CK_MECHANISM +#define parameter pParameter +#define parameter_len ulParameterLen + +#define params pParams + +#define ck_mechanism_info _CK_MECHANISM_INFO +#define min_key_size ulMinKeySize +#define max_key_size ulMaxKeySize + +#define ck_param_type CK_PARAM_TYPE +#define ck_otp_param CK_OTP_PARAM +#define ck_otp_params CK_OTP_PARAMS +#define ck_otp_signature_info CK_OTP_SIGNATURE_INFO + +#define ck_rv_t CK_RV +#define ck_notify_t CK_NOTIFY + +#define ck_function_list _CK_FUNCTION_LIST + +#define ck_createmutex_t CK_CREATEMUTEX +#define ck_destroymutex_t CK_DESTROYMUTEX +#define ck_lockmutex_t CK_LOCKMUTEX +#define ck_unlockmutex_t CK_UNLOCKMUTEX + +#define ck_c_initialize_args _CK_C_INITIALIZE_ARGS +#define create_mutex CreateMutex +#define destroy_mutex DestroyMutex +#define lock_mutex LockMutex +#define unlock_mutex UnlockMutex +#define reserved pReserved + +#define ck_rsa_pkcs_mgf_type_t CK_RSA_PKCS_MGF_TYPE +#define ck_rsa_pkcs_oaep_source_type_t CK_RSA_PKCS_OAEP_SOURCE_TYPE +#define hash_alg hashAlg +#define s_len sLen +#define source_data pSourceData +#define source_data_len ulSourceDataLen + +#define counter_bits ulCounterBits +#define iv_ptr pIv +#define iv_len ulIvLen +#define iv_bits ulIvBits +#define aad_ptr pAAD +#define aad_len ulAADLen +#define tag_bits ulTagBits +#define shared_data_len ulSharedDataLen +#define shared_data pSharedData +#define public_data_len ulPublicDataLen +#define public_data pPublicData +#define string_data pData +#define string_data_len ulLen +#define data_params pData +#endif /* CRYPTOKI_COMPAT */ + + + +typedef unsigned long ck_flags_t; + +struct ck_version +{ + unsigned char major; + unsigned char minor; +}; + + +struct ck_info +{ + struct ck_version cryptoki_version; + unsigned char manufacturer_id[32]; + ck_flags_t flags; + unsigned char library_description[32]; + struct ck_version library_version; +}; + + +typedef unsigned long ck_notification_t; + +const unsigned long CKN_SURRENDER = 0UL; + + +typedef unsigned long ck_slot_id_t; + + +struct ck_slot_info +{ + unsigned char slot_description[64]; + unsigned char manufacturer_id[32]; + ck_flags_t flags; + struct ck_version hardware_version; + struct ck_version firmware_version; +}; + +const unsigned long CKF_TOKEN_PRESENT = 1UL << 0; +const unsigned long CKF_REMOVABLE_DEVICE = 1UL << 1; +const unsigned long CKF_HW_SLOT = 1UL << 2; +const unsigned long CKF_ARRAY_ATTRIBUTE = 1UL << 30; + +struct ck_token_info +{ + unsigned char label[32]; + unsigned char manufacturer_id[32]; + unsigned char model[16]; + unsigned char serial_number[16]; + ck_flags_t flags; + unsigned long max_session_count; + unsigned long session_count; + unsigned long max_rw_session_count; + unsigned long rw_session_count; + unsigned long max_pin_len; + unsigned long min_pin_len; + unsigned long total_public_memory; + unsigned long free_public_memory; + unsigned long total_private_memory; + unsigned long free_private_memory; + struct ck_version hardware_version; + struct ck_version firmware_version; + unsigned char utc_time[16]; +}; + + +#define CKF_RNG (1UL << 0) +#define CKF_WRITE_PROTECTED (1UL << 1) +#define CKF_LOGIN_REQUIRED (1UL << 2) +#define CKF_USER_PIN_INITIALIZED (1UL << 3) +#define CKF_RESTORE_KEY_NOT_NEEDED (1UL << 5) +#define CKF_CLOCK_ON_TOKEN (1UL << 6) +#define CKF_PROTECTED_AUTHENTICATION_PATH (1UL << 8) +#define CKF_DUAL_CRYPTO_OPERATIONS (1UL << 9) +#define CKF_TOKEN_INITIALIZED (1UL << 10) +#define CKF_SECONDARY_AUTHENTICATION (1UL << 11) +#define CKF_USER_PIN_COUNT_LOW (1UL << 16) +#define CKF_USER_PIN_FINAL_TRY (1UL << 17) +#define CKF_USER_PIN_LOCKED (1UL << 18) +#define CKF_USER_PIN_TO_BE_CHANGED (1UL << 19) +#define CKF_SO_PIN_COUNT_LOW (1UL << 20) +#define CKF_SO_PIN_FINAL_TRY (1UL << 21) +#define CKF_SO_PIN_LOCKED (1UL << 22) +#define CKF_SO_PIN_TO_BE_CHANGED (1UL << 23) + +#define CK_UNAVAILABLE_INFORMATION ((unsigned long)-1L) +#define CK_EFFECTIVELY_INFINITE (0UL) + + +typedef unsigned long ck_session_handle_t; + +#define CK_INVALID_HANDLE (0UL) + + +typedef unsigned long ck_user_type_t; + +#define CKU_SO (0UL) +#define CKU_USER (1UL) +#define CKU_CONTEXT_SPECIFIC (2UL) + + +typedef unsigned long ck_state_t; + +#define CKS_RO_PUBLIC_SESSION (0UL) +#define CKS_RO_USER_FUNCTIONS (1UL) +#define CKS_RW_PUBLIC_SESSION (2UL) +#define CKS_RW_USER_FUNCTIONS (3UL) +#define CKS_RW_SO_FUNCTIONS (4UL) + + +struct ck_session_info +{ + ck_slot_id_t slot_id; + ck_state_t state; + ck_flags_t flags; + unsigned long device_error; +}; + +#define CKF_RW_SESSION (1UL << 1) +#define CKF_SERIAL_SESSION (1UL << 2) + + +typedef unsigned long ck_object_handle_t; + + +typedef unsigned long ck_object_class_t; + +#define CKO_DATA (0UL) +#define CKO_CERTIFICATE (1UL) +#define CKO_PUBLIC_KEY (2UL) +#define CKO_PRIVATE_KEY (3UL) +#define CKO_SECRET_KEY (4UL) +#define CKO_HW_FEATURE (5UL) +#define CKO_DOMAIN_PARAMETERS (6UL) +#define CKO_MECHANISM (7UL) +#define CKO_OTP_KEY (8UL) +#define CKO_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + + +typedef unsigned long ck_hw_feature_type_t; + +#define CKH_MONOTONIC_COUNTER (1UL) +#define CKH_CLOCK (2UL) +#define CKH_USER_INTERFACE (3UL) +#define CKH_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + + +typedef unsigned long ck_key_type_t; + +#define CKK_RSA (0UL) +#define CKK_DSA (1UL) +#define CKK_DH (2UL) +#define CKK_ECDSA (3UL) +#define CKK_EC (3UL) +#define CKK_X9_42_DH (4UL) +#define CKK_KEA (5UL) +#define CKK_GENERIC_SECRET (0x10UL) +#define CKK_RC2 (0x11UL) +#define CKK_RC4 (0x12UL) +#define CKK_DES (0x13UL) +#define CKK_DES2 (0x14UL) +#define CKK_DES3 (0x15UL) +#define CKK_CAST (0x16UL) +#define CKK_CAST3 (0x17UL) +#define CKK_CAST128 (0x18UL) +#define CKK_RC5 (0x19UL) +#define CKK_IDEA (0x1aUL) +#define CKK_SKIPJACK (0x1bUL) +#define CKK_BATON (0x1cUL) +#define CKK_JUNIPER (0x1dUL) +#define CKK_CDMF (0x1eUL) +#define CKK_AES (0x1fUL) +#define CKK_BLOWFISH (0x20UL) +#define CKK_TWOFISH (0x21UL) +#define CKK_SECURID (0x22UL) +#define CKK_HOTP (0x23UL) +#define CKK_ACTI (0x24UL) +#define CKK_CAMELLIA (0x25UL) +#define CKK_ARIA (0x26UL) +#define CKK_MD5_HMAC (0x27UL) +#define CKK_SHA_1_HMAC (0x28UL) +#define CKK_RIPEMD128_HMAC (0x29UL) +#define CKK_RIPEMD160_HMAC (0x2aUL) +#define CKK_SHA256_HMAC (0x2bUL) +#define CKK_SHA384_HMAC (0x2cUL) +#define CKK_SHA512_HMAC (0x2dUL) +#define CKK_SHA224_HMAC (0x2eUL) +#define CKK_SEED (0x2fUL) +#define CKK_GOSTR3410 (0x30UL) +#define CKK_GOSTR3411 (0x31UL) +#define CKK_GOST28147 (0x32UL) +#define CKK_EC_EDWARDS (0x40UL) +#define CKK_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + + +typedef unsigned long ck_certificate_type_t; + +#define CKC_X_509 (0UL) +#define CKC_X_509_ATTR_CERT (1UL) +#define CKC_WTLS (2UL) +#define CKC_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + +#define CKC_OPENPGP (CKC_VENDOR_DEFINED|0x504750UL) + +typedef unsigned long ck_attribute_type_t; + +#define CKA_CLASS (0UL) +#define CKA_TOKEN (1UL) +#define CKA_PRIVATE (2UL) +#define CKA_LABEL (3UL) +#define CKA_APPLICATION (0x10UL) +#define CKA_VALUE (0x11UL) +#define CKA_OBJECT_ID (0x12UL) +#define CKA_CERTIFICATE_TYPE (0x80UL) +#define CKA_ISSUER (0x81UL) +#define CKA_SERIAL_NUMBER (0x82UL) +#define CKA_AC_ISSUER (0x83UL) +#define CKA_OWNER (0x84UL) +#define CKA_ATTR_TYPES (0x85UL) +#define CKA_TRUSTED (0x86UL) +#define CKA_CERTIFICATE_CATEGORY (0x87UL) +#define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88UL) +#define CKA_URL (0x89UL) +#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8aUL) +#define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8bUL) +#define CKA_NAME_HASH_ALGORITHM (0x8cUL) +#define CKA_CHECK_VALUE (0x90UL) +#define CKA_KEY_TYPE (0x100UL) +#define CKA_SUBJECT (0x101UL) +#define CKA_ID (0x102UL) +#define CKA_SENSITIVE (0x103UL) +#define CKA_ENCRYPT (0x104UL) +#define CKA_DECRYPT (0x105UL) +#define CKA_WRAP (0x106UL) +#define CKA_UNWRAP (0x107UL) +#define CKA_SIGN (0x108UL) +#define CKA_SIGN_RECOVER (0x109UL) +#define CKA_VERIFY (0x10aUL) +#define CKA_VERIFY_RECOVER (0x10bUL) +#define CKA_DERIVE (0x10cUL) +#define CKA_START_DATE (0x110UL) +#define CKA_END_DATE (0x111UL) +#define CKA_MODULUS (0x120UL) +#define CKA_MODULUS_BITS (0x121UL) +#define CKA_PUBLIC_EXPONENT (0x122UL) +#define CKA_PRIVATE_EXPONENT (0x123UL) +#define CKA_PRIME_1 (0x124UL) +#define CKA_PRIME_2 (0x125UL) +#define CKA_EXPONENT_1 (0x126UL) +#define CKA_EXPONENT_2 (0x127UL) +#define CKA_COEFFICIENT (0x128UL) +#define CKA_PUBLIC_KEY_INFO (0x129UL) +#define CKA_PRIME (0x130UL) +#define CKA_SUBPRIME (0x131UL) +#define CKA_BASE (0x132UL) +#define CKA_PRIME_BITS (0x133UL) +#define CKA_SUB_PRIME_BITS (0x134UL) +#define CKA_VALUE_BITS (0x160UL) +#define CKA_VALUE_LEN (0x161UL) +#define CKA_EXTRACTABLE (0x162UL) +#define CKA_LOCAL (0x163UL) +#define CKA_NEVER_EXTRACTABLE (0x164UL) +#define CKA_ALWAYS_SENSITIVE (0x165UL) +#define CKA_KEY_GEN_MECHANISM (0x166UL) +#define CKA_MODIFIABLE (0x170UL) +#define CKA_COPYABLE (0x171UL) +#define CKA_DESTROYABLE (0x172UL) +#define CKA_ECDSA_PARAMS (0x180UL) +#define CKA_EC_PARAMS (0x180UL) +#define CKA_EC_POINT (0x181UL) +#define CKA_SECONDARY_AUTH (0x200UL) +#define CKA_AUTH_PIN_FLAGS (0x201UL) +#define CKA_ALWAYS_AUTHENTICATE (0x202UL) +#define CKA_WRAP_WITH_TRUSTED (0x210UL) +#define CKA_OTP_FORMAT (0x220UL) +#define CKA_OTP_LENGTH (0x221UL) +#define CKA_OTP_TIME_INTERVAL (0x222UL) +#define CKA_OTP_USER_FRIENDLY_MODE (0x223UL) +#define CKA_OTP_CHALLENGE_REQUIREMENT (0x224UL) +#define CKA_OTP_TIME_REQUIREMENT (0x225UL) +#define CKA_OTP_COUNTER_REQUIREMENT (0x226UL) +#define CKA_OTP_PIN_REQUIREMENT (0x227UL) +#define CKA_OTP_USER_IDENTIFIER (0x22AUL) +#define CKA_OTP_SERVICE_IDENTIFIER (0x22BUL) +#define CKA_OTP_SERVICE_LOGO (0x22CUL) +#define CKA_OTP_SERVICE_LOGO_TYPE (0x22DUL) +#define CKA_OTP_COUNTER (0x22EUL) +#define CKA_OTP_TIME (0x22FUL) +#define CKA_GOSTR3410_PARAMS (0x250UL) +#define CKA_GOSTR3411_PARAMS (0x251UL) +#define CKA_GOST28147_PARAMS (0x252UL) +#define CKA_HW_FEATURE_TYPE (0x300UL) +#define CKA_RESET_ON_INIT (0x301UL) +#define CKA_HAS_RESET (0x302UL) +#define CKA_PIXEL_X (0x400UL) +#define CKA_PIXEL_Y (0x401UL) +#define CKA_RESOLUTION (0x402UL) +#define CKA_CHAR_ROWS (0x403UL) +#define CKA_CHAR_COLUMNS (0x404UL) +#define CKA_COLOR (0x405UL) +#define CKA_BITS_PER_PIXEL (0x406UL) +#define CKA_CHAR_SETS (0x480UL) +#define CKA_ENCODING_METHODS (0x481UL) +#define CKA_MIME_TYPES (0x482UL) +#define CKA_MECHANISM_TYPE (0x500UL) +#define CKA_REQUIRED_CMS_ATTRIBUTES (0x501UL) +#define CKA_DEFAULT_CMS_ATTRIBUTES (0x502UL) +#define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503UL) +#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211UL) +#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212UL) +#define CKA_DERIVE_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x213UL) +#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600UL) +#define CKA_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + + +struct ck_attribute +{ + ck_attribute_type_t type; + void *value; + unsigned long value_len; +}; + + +struct ck_date +{ + unsigned char year[4]; + unsigned char month[2]; + unsigned char day[2]; +}; + + +typedef unsigned long ck_mechanism_type_t; + +#define CKM_RSA_PKCS_KEY_PAIR_GEN (0UL) +#define CKM_RSA_PKCS (1UL) +#define CKM_RSA_9796 (2UL) +#define CKM_RSA_X_509 (3UL) +#define CKM_MD2_RSA_PKCS (4UL) +#define CKM_MD5_RSA_PKCS (5UL) +#define CKM_SHA1_RSA_PKCS (6UL) +#define CKM_RIPEMD128_RSA_PKCS (7UL) +#define CKM_RIPEMD160_RSA_PKCS (8UL) +#define CKM_RSA_PKCS_OAEP (9UL) +#define CKM_RSA_X9_31_KEY_PAIR_GEN (0xaUL) +#define CKM_RSA_X9_31 (0xbUL) +#define CKM_SHA1_RSA_X9_31 (0xcUL) +#define CKM_RSA_PKCS_PSS (0xdUL) +#define CKM_SHA1_RSA_PKCS_PSS (0xeUL) +#define CKM_DSA_KEY_PAIR_GEN (0x10UL) +#define CKM_DSA (0x11UL) +#define CKM_DSA_SHA1 (0x12UL) +#define CKM_DSA_SHA224 (0x13UL) +#define CKM_DSA_SHA256 (0x14UL) +#define CKM_DSA_SHA384 (0x15UL) +#define CKM_DSA_SHA512 (0x16UL) +#define CKM_DH_PKCS_KEY_PAIR_GEN (0x20UL) +#define CKM_DH_PKCS_DERIVE (0x21UL) +#define CKM_X9_42_DH_KEY_PAIR_GEN (0x30UL) +#define CKM_X9_42_DH_DERIVE (0x31UL) +#define CKM_X9_42_DH_HYBRID_DERIVE (0x32UL) +#define CKM_X9_42_MQV_DERIVE (0x33UL) +#define CKM_SHA256_RSA_PKCS (0x40UL) +#define CKM_SHA384_RSA_PKCS (0x41UL) +#define CKM_SHA512_RSA_PKCS (0x42UL) +#define CKM_SHA256_RSA_PKCS_PSS (0x43UL) +#define CKM_SHA384_RSA_PKCS_PSS (0x44UL) +#define CKM_SHA512_RSA_PKCS_PSS (0x45UL) +#define CKM_SHA512_224 (0x48UL) +#define CKM_SHA512_224_HMAC (0x49UL) +#define CKM_SHA512_224_HMAC_GENERAL (0x4aUL) +#define CKM_SHA512_224_KEY_DERIVATION (0x4bUL) +#define CKM_SHA512_256 (0x4cUL) +#define CKM_SHA512_256_HMAC (0x4dUL) +#define CKM_SHA512_256_HMAC_GENERAL (0x4eUL) +#define CKM_SHA512_256_KEY_DERIVATION (0x4fUL) +#define CKM_SHA512_T (0x50UL) +#define CKM_SHA512_T_HMAC (0x51UL) +#define CKM_SHA512_T_HMAC_GENERAL (0x52UL) +#define CKM_SHA512_T_KEY_DERIVATION (0x53UL) +#define CKM_RC2_KEY_GEN (0x100UL) +#define CKM_RC2_ECB (0x101UL) +#define CKM_RC2_CBC (0x102UL) +#define CKM_RC2_MAC (0x103UL) +#define CKM_RC2_MAC_GENERAL (0x104UL) +#define CKM_RC2_CBC_PAD (0x105UL) +#define CKM_RC4_KEY_GEN (0x110UL) +#define CKM_RC4 (0x111UL) +#define CKM_DES_KEY_GEN (0x120UL) +#define CKM_DES_ECB (0x121UL) +#define CKM_DES_CBC (0x122UL) +#define CKM_DES_MAC (0x123UL) +#define CKM_DES_MAC_GENERAL (0x124UL) +#define CKM_DES_CBC_PAD (0x125UL) +#define CKM_DES2_KEY_GEN (0x130UL) +#define CKM_DES3_KEY_GEN (0x131UL) +#define CKM_DES3_ECB (0x132UL) +#define CKM_DES3_CBC (0x133UL) +#define CKM_DES3_MAC (0x134UL) +#define CKM_DES3_MAC_GENERAL (0x135UL) +#define CKM_DES3_CBC_PAD (0x136UL) +#define CKM_DES3_CMAC_GENERAL (0x137UL) +#define CKM_DES3_CMAC (0x138UL) +#define CKM_CDMF_KEY_GEN (0x140UL) +#define CKM_CDMF_ECB (0x141UL) +#define CKM_CDMF_CBC (0x142UL) +#define CKM_CDMF_MAC (0x143UL) +#define CKM_CDMF_MAC_GENERAL (0x144UL) +#define CKM_CDMF_CBC_PAD (0x145UL) +#define CKM_DES_OFB64 (0x150UL) +#define CKM_DES_OFB8 (0x151UL) +#define CKM_DES_CFB64 (0x152UL) +#define CKM_DES_CFB8 (0x153UL) +#define CKM_MD2 (0x200UL) +#define CKM_MD2_HMAC (0x201UL) +#define CKM_MD2_HMAC_GENERAL (0x202UL) +#define CKM_MD5 (0x210UL) +#define CKM_MD5_HMAC (0x211UL) +#define CKM_MD5_HMAC_GENERAL (0x212UL) +#define CKM_SHA_1 (0x220UL) +#define CKM_SHA_1_HMAC (0x221UL) +#define CKM_SHA_1_HMAC_GENERAL (0x222UL) +#define CKM_RIPEMD128 (0x230UL) +#define CKM_RIPEMD128_HMAC (0x231UL) +#define CKM_RIPEMD128_HMAC_GENERAL (0x232UL) +#define CKM_RIPEMD160 (0x240UL) +#define CKM_RIPEMD160_HMAC (0x241UL) +#define CKM_RIPEMD160_HMAC_GENERAL (0x242UL) +#define CKM_SHA256 (0x250UL) +#define CKM_SHA256_HMAC (0x251UL) +#define CKM_SHA256_HMAC_GENERAL (0x252UL) +#define CKM_SHA384 (0x260UL) +#define CKM_SHA384_HMAC (0x261UL) +#define CKM_SHA384_HMAC_GENERAL (0x262UL) +#define CKM_SHA512 (0x270UL) +#define CKM_SHA512_HMAC (0x271UL) +#define CKM_SHA512_HMAC_GENERAL (0x272UL) +#define CKM_SECURID_KEY_GEN (0x280UL) +#define CKM_SECURID (0x282UL) +#define CKM_HOTP_KEY_GEN (0x290UL) +#define CKM_HOTP (0x291UL) +#define CKM_ACTI (0x2a0UL) +#define CKM_ACTI_KEY_GEN (0x2a1UL) +#define CKM_CAST_KEY_GEN (0x300UL) +#define CKM_CAST_ECB (0x301UL) +#define CKM_CAST_CBC (0x302UL) +#define CKM_CAST_MAC (0x303UL) +#define CKM_CAST_MAC_GENERAL (0x304UL) +#define CKM_CAST_CBC_PAD (0x305UL) +#define CKM_CAST3_KEY_GEN (0x310UL) +#define CKM_CAST3_ECB (0x311UL) +#define CKM_CAST3_CBC (0x312UL) +#define CKM_CAST3_MAC (0x313UL) +#define CKM_CAST3_MAC_GENERAL (0x314UL) +#define CKM_CAST3_CBC_PAD (0x315UL) +#define CKM_CAST5_KEY_GEN (0x320UL) +#define CKM_CAST128_KEY_GEN (0x320UL) +#define CKM_CAST5_ECB (0x321UL) +#define CKM_CAST128_ECB (0x321UL) +#define CKM_CAST5_CBC (0x322UL) +#define CKM_CAST128_CBC (0x322UL) +#define CKM_CAST5_MAC (0x323UL) +#define CKM_CAST128_MAC (0x323UL) +#define CKM_CAST5_MAC_GENERAL (0x324UL) +#define CKM_CAST128_MAC_GENERAL (0x324UL) +#define CKM_CAST5_CBC_PAD (0x325UL) +#define CKM_CAST128_CBC_PAD (0x325UL) +#define CKM_RC5_KEY_GEN (0x330UL) +#define CKM_RC5_ECB (0x331UL) +#define CKM_RC5_CBC (0x332UL) +#define CKM_RC5_MAC (0x333UL) +#define CKM_RC5_MAC_GENERAL (0x334UL) +#define CKM_RC5_CBC_PAD (0x335UL) +#define CKM_IDEA_KEY_GEN (0x340UL) +#define CKM_IDEA_ECB (0x341UL) +#define CKM_IDEA_CBC (0x342UL) +#define CKM_IDEA_MAC (0x343UL) +#define CKM_IDEA_MAC_GENERAL (0x344UL) +#define CKM_IDEA_CBC_PAD (0x345UL) +#define CKM_GENERIC_SECRET_KEY_GEN (0x350UL) +#define CKM_CONCATENATE_BASE_AND_KEY (0x360UL) +#define CKM_CONCATENATE_BASE_AND_DATA (0x362UL) +#define CKM_CONCATENATE_DATA_AND_BASE (0x363UL) +#define CKM_XOR_BASE_AND_DATA (0x364UL) +#define CKM_EXTRACT_KEY_FROM_KEY (0x365UL) +#define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370UL) +#define CKM_SSL3_MASTER_KEY_DERIVE (0x371UL) +#define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372UL) +#define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373UL) +#define CKM_TLS_PRE_MASTER_KEY_GEN (0x374UL) +#define CKM_TLS_MASTER_KEY_DERIVE (0x375UL) +#define CKM_TLS_KEY_AND_MAC_DERIVE (0x376UL) +#define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377UL) +#define CKM_TLS_PRF (0x378UL) +#define CKM_SSL3_MD5_MAC (0x380UL) +#define CKM_SSL3_SHA1_MAC (0x381UL) +#define CKM_MD5_KEY_DERIVATION (0x390UL) +#define CKM_MD2_KEY_DERIVATION (0x391UL) +#define CKM_SHA1_KEY_DERIVATION (0x392UL) +#define CKM_SHA256_KEY_DERIVATION (0x393UL) +#define CKM_SHA384_KEY_DERIVATION (0x394UL) +#define CKM_SHA512_KEY_DERIVATION (0x395UL) +#define CKM_PBE_MD2_DES_CBC (0x3a0UL) +#define CKM_PBE_MD5_DES_CBC (0x3a1UL) +#define CKM_PBE_MD5_CAST_CBC (0x3a2UL) +#define CKM_PBE_MD5_CAST3_CBC (0x3a3UL) +#define CKM_PBE_MD5_CAST5_CBC (0x3a4UL) +#define CKM_PBE_MD5_CAST128_CBC (0x3a4UL) +#define CKM_PBE_SHA1_CAST5_CBC (0x3a5UL) +#define CKM_PBE_SHA1_CAST128_CBC (0x3a5UL) +#define CKM_PBE_SHA1_RC4_128 (0x3a6UL) +#define CKM_PBE_SHA1_RC4_40 (0x3a7UL) +#define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8UL) +#define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9UL) +#define CKM_PBE_SHA1_RC2_128_CBC (0x3aaUL) +#define CKM_PBE_SHA1_RC2_40_CBC (0x3abUL) +#define CKM_PKCS5_PBKD2 (0x3b0UL) +#define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0UL) +#define CKM_WTLS_PRE_MASTER_KEY_GEN (0x3d0UL) +#define CKM_WTLS_MASTER_KEY_DERIVE (0x3d1UL) +#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC (0x3d2UL) +#define CKM_WTLS_PRF (0x3d3UL) +#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE (0x3d4UL) +#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE (0x3d5UL) +#define CKM_TLS10_MAC_SERVER (0x3d6UL) +#define CKM_TLS10_MAC_CLIENT (0x3d7UL) +#define CKM_TLS12_MAC (0x3d8UL) +#define CKM_TLS12_KDF (0x3d9UL) +#define CKM_TLS12_MASTER_KEY_DERIVE (0x3e0UL) +#define CKM_TLS12_KEY_AND_MAC_DERIVE (0x3e1UL) +#define CKM_TLS12_MASTER_KEY_DERIVE_DH (0x3e2UL) +#define CKM_TLS12_KEY_SAFE_DERIVE (0x3e3UL) +#define CKM_TLS_MAC (0x3e4UL) +#define CKM_TLS_KDF (0x3e5UL) +#define CKM_KEY_WRAP_LYNKS (0x400UL) +#define CKM_KEY_WRAP_SET_OAEP (0x401UL) +#define CKM_CMS_SIG (0x500UL) +#define CKM_KIP_DERIVE (0x510UL) +#define CKM_KIP_WRAP (0x511UL) +#define CKM_KIP_MAC (0x512UL) +#define CKM_CAMELLIA_KEY_GEN (0x550UL) +#define CKM_CAMELLIA_CTR (0x558UL) +#define CKM_ARIA_KEY_GEN (0x560UL) +#define CKM_ARIA_ECB (0x561UL) +#define CKM_ARIA_CBC (0x562UL) +#define CKM_ARIA_MAC (0x563UL) +#define CKM_ARIA_MAC_GENERAL (0x564UL) +#define CKM_ARIA_CBC_PAD (0x565UL) +#define CKM_ARIA_ECB_ENCRYPT_DATA (0x566UL) +#define CKM_ARIA_CBC_ENCRYPT_DATA (0x567UL) +#define CKM_SEED_KEY_GEN (0x650UL) +#define CKM_SEED_ECB (0x651UL) +#define CKM_SEED_CBC (0x652UL) +#define CKM_SEED_MAC (0x653UL) +#define CKM_SEED_MAC_GENERAL (0x654UL) +#define CKM_SEED_CBC_PAD (0x655UL) +#define CKM_SEED_ECB_ENCRYPT_DATA (0x656UL) +#define CKM_SEED_CBC_ENCRYPT_DATA (0x657UL) +#define CKM_SKIPJACK_KEY_GEN (0x1000UL) +#define CKM_SKIPJACK_ECB64 (0x1001UL) +#define CKM_SKIPJACK_CBC64 (0x1002UL) +#define CKM_SKIPJACK_OFB64 (0x1003UL) +#define CKM_SKIPJACK_CFB64 (0x1004UL) +#define CKM_SKIPJACK_CFB32 (0x1005UL) +#define CKM_SKIPJACK_CFB16 (0x1006UL) +#define CKM_SKIPJACK_CFB8 (0x1007UL) +#define CKM_SKIPJACK_WRAP (0x1008UL) +#define CKM_SKIPJACK_PRIVATE_WRAP (0x1009UL) +#define CKM_SKIPJACK_RELAYX (0x100aUL) +#define CKM_KEA_KEY_PAIR_GEN (0x1010UL) +#define CKM_KEA_KEY_DERIVE (0x1011UL) +#define CKM_FORTEZZA_TIMESTAMP (0x1020UL) +#define CKM_BATON_KEY_GEN (0x1030UL) +#define CKM_BATON_ECB128 (0x1031UL) +#define CKM_BATON_ECB96 (0x1032UL) +#define CKM_BATON_CBC128 (0x1033UL) +#define CKM_BATON_COUNTER (0x1034UL) +#define CKM_BATON_SHUFFLE (0x1035UL) +#define CKM_BATON_WRAP (0x1036UL) +#define CKM_ECDSA_KEY_PAIR_GEN (0x1040UL) +#define CKM_EC_KEY_PAIR_GEN (0x1040UL) +#define CKM_ECDSA (0x1041UL) +#define CKM_ECDSA_SHA1 (0x1042UL) +#define CKM_ECDSA_SHA224 (0x1043UL) +#define CKM_ECDSA_SHA256 (0x1044UL) +#define CKM_ECDSA_SHA384 (0x1045UL) +#define CKM_ECDSA_SHA512 (0x1046UL) +#define CKM_ECDH1_DERIVE (0x1050UL) +#define CKM_ECDH1_COFACTOR_DERIVE (0x1051UL) +#define CKM_ECMQV_DERIVE (0x1052UL) +#define CKM_ECDH_AES_KEY_WRAP (0x1053UL) +#define CKM_RSA_AES_KEY_WRAP (0x1054UL) +#define CKM_JUNIPER_KEY_GEN (0x1060UL) +#define CKM_JUNIPER_ECB128 (0x1061UL) +#define CKM_JUNIPER_CBC128 (0x1062UL) +#define CKM_JUNIPER_COUNTER (0x1063UL) +#define CKM_JUNIPER_SHUFFLE (0x1064UL) +#define CKM_JUNIPER_WRAP (0x1065UL) +#define CKM_FASTHASH (0x1070UL) +#define CKM_AES_KEY_GEN (0x1080UL) +#define CKM_AES_ECB (0x1081UL) +#define CKM_AES_CBC (0x1082UL) +#define CKM_AES_MAC (0x1083UL) +#define CKM_AES_MAC_GENERAL (0x1084UL) +#define CKM_AES_CBC_PAD (0x1085UL) +#define CKM_AES_CTR (0x1086UL) +#define CKM_AES_GCM (0x1087UL) +#define CKM_AES_CCM (0x1088UL) +#define CKM_AES_CTS (0x1089UL) +#define CKM_AES_CMAC (0x108aUL) +#define CKM_AES_CMAC_GENERAL (0x108bUL) +#define CKM_AES_XCBC_MAC (0x108cUL) +#define CKM_AES_XCBC_MAC_96 (0x108dUL) +#define CKM_AES_GMAC (0x108eUL) +#define CKM_BLOWFISH_KEY_GEN (0x1090UL) +#define CKM_BLOWFISH_CBC (0x1091UL) +#define CKM_TWOFISH_KEY_GEN (0x1092UL) +#define CKM_TWOFISH_CBC (0x1093UL) +#define CKM_BLOWFISH_CBC_PAD (0x1094UL) +#define CKM_TWOFISH_CBC_PAD (0x1095UL) +#define CKM_DES_ECB_ENCRYPT_DATA (0x1100UL) +#define CKM_DES_CBC_ENCRYPT_DATA (0x1101UL) +#define CKM_DES3_ECB_ENCRYPT_DATA (0x1102UL) +#define CKM_DES3_CBC_ENCRYPT_DATA (0x1103UL) +#define CKM_AES_ECB_ENCRYPT_DATA (0x1104UL) +#define CKM_AES_CBC_ENCRYPT_DATA (0x1105UL) +#define CKM_GOSTR3410_KEY_PAIR_GEN (0x1200UL) +#define CKM_GOSTR3410 (0x1201UL) +#define CKM_GOSTR3410_WITH_GOSTR3411 (0x1202UL) +#define CKM_GOSTR3410_KEY_WRAP (0x1203UL) +#define CKM_GOSTR3410_DERIVE (0x1204UL) +#define CKM_GOSTR3411 (0x1210UL) +#define CKM_GOSTR3411_HMAC (0x1211UL) +#define CKM_GOST28147_KEY_GEN (0x1220UL) +#define CKM_GOST28147_ECB (0x1221UL) +#define CKM_GOST28147 (0x1222UL) +#define CKM_GOST28147_MAC (0x1223UL) +#define CKM_GOST28147_KEY_WRAP (0x1224UL) +#define CKM_DSA_PARAMETER_GEN (0x2000UL) +#define CKM_DH_PKCS_PARAMETER_GEN (0x2001UL) +#define CKM_X9_42_DH_PARAMETER_GEN (0x2002UL) +#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN (0x2003UL) +#define CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN (0x2004UL) +#define CKM_AES_OFB (0x2104UL) +#define CKM_AES_CFB64 (0x2105UL) +#define CKM_AES_CFB8 (0x2106UL) +#define CKM_AES_CFB128 (0x2107UL) +#define CKM_AES_CFB1 (0x2108UL) + +#define CKM_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + +/* Ammendments */ +#define CKM_SHA224 (0x255UL) +#define CKM_SHA224_HMAC (0x256UL) +#define CKM_SHA224_HMAC_GENERAL (0x257UL) +#define CKM_SHA224_RSA_PKCS (0x46UL) +#define CKM_SHA224_RSA_PKCS_PSS (0x47UL) +#define CKM_SHA224_KEY_DERIVATION (0x396UL) + +#define CKM_CAMELLIA_KEY_GEN (0x550UL) +#define CKM_CAMELLIA_ECB (0x551UL) +#define CKM_CAMELLIA_CBC (0x552UL) +#define CKM_CAMELLIA_MAC (0x553UL) +#define CKM_CAMELLIA_MAC_GENERAL (0x554UL) +#define CKM_CAMELLIA_CBC_PAD (0x555UL) +#define CKM_CAMELLIA_ECB_ENCRYPT_DATA (0x556UL) +#define CKM_CAMELLIA_CBC_ENCRYPT_DATA (0x557UL) + +#define CKM_AES_KEY_WRAP (0x2109UL) +#define CKM_AES_KEY_WRAP_PAD (0x210aUL) + +#define CKM_RSA_PKCS_TPM_1_1 (0x4001UL) +#define CKM_RSA_PKCS_OAEP_TPM_1_1 (0x4002UL) + +/* From version 3.0 */ +#define CKM_EC_EDWARDS_KEY_PAIR_GEN (0x1055UL) +#define CKM_EDDSA (0x1057UL) + +/* Attribute and other constants related to OTP */ +#define CK_OTP_FORMAT_DECIMAL (0UL) +#define CK_OTP_FORMAT_HEXADECIMAL (1UL) +#define CK_OTP_FORMAT_ALPHANUMERIC (2UL) +#define CK_OTP_FORMAT_BINARY (3UL) +#define CK_OTP_PARAM_IGNORED (0UL) +#define CK_OTP_PARAM_OPTIONAL (1UL) +#define CK_OTP_PARAM_MANDATORY (2UL) + +#define CK_OTP_VALUE (0UL) +#define CK_OTP_PIN (1UL) +#define CK_OTP_CHALLENGE (2UL) +#define CK_OTP_TIME (3UL) +#define CK_OTP_COUNTER (4UL) +#define CK_OTP_FLAGS (5UL) +#define CK_OTP_OUTPUT_LENGTH (6UL) +#define CK_OTP_FORMAT (7UL) + +/* OTP mechanism flags */ +#define CKF_NEXT_OTP (0x01UL) +#define CKF_EXCLUDE_TIME (0x02UL) +#define CKF_EXCLUDE_COUNTER (0x04UL) +#define CKF_EXCLUDE_CHALLENGE (0x08UL) +#define CKF_EXCLUDE_PIN (0x10UL) +#define CKF_USER_FRIENDLY_OTP (0x20UL) + +#define CKN_OTP_CHANGED (0x01UL) + +struct ck_mechanism +{ + ck_mechanism_type_t mechanism; + void *parameter; + unsigned long parameter_len; +}; + + +struct ck_mechanism_info +{ + unsigned long min_key_size; + unsigned long max_key_size; + ck_flags_t flags; +}; + +typedef unsigned long ck_param_type; + +typedef struct ck_otp_param { + ck_param_type type; + void *value; + unsigned long value_len; +} ck_otp_param; + +typedef struct ck_otp_params { + struct ck_otp_param *params; + unsigned long count; +} ck_otp_params; + +typedef struct ck_otp_signature_info +{ + struct ck_otp_param *params; + unsigned long count; +} ck_otp_signature_info; + +#define CKG_MGF1_SHA1 0x00000001UL +#define CKG_MGF1_SHA224 0x00000005UL +#define CKG_MGF1_SHA256 0x00000002UL +#define CKG_MGF1_SHA384 0x00000003UL +#define CKG_MGF1_SHA512 0x00000004UL + +typedef unsigned long ck_rsa_pkcs_mgf_type_t; + +struct ck_rsa_pkcs_pss_params { + ck_mechanism_type_t hash_alg; + ck_rsa_pkcs_mgf_type_t mgf; + unsigned long s_len; +}; + +typedef unsigned long ck_rsa_pkcs_oaep_source_type_t; + +struct ck_rsa_pkcs_oaep_params { + ck_mechanism_type_t hash_alg; + ck_rsa_pkcs_mgf_type_t mgf; + ck_rsa_pkcs_oaep_source_type_t source; + void *source_data; + unsigned long source_data_len; +}; + +struct ck_aes_ctr_params { + unsigned long counter_bits; + unsigned char cb[16]; +}; + +struct ck_gcm_params { + unsigned char *iv_ptr; + unsigned long iv_len; + unsigned long iv_bits; + unsigned char *aad_ptr; + unsigned long aad_len; + unsigned long tag_bits; +}; + + +/* The following EC Key Derivation Functions are defined */ +#define CKD_NULL (0x01UL) +#define CKD_SHA1_KDF (0x02UL) + +/* The following X9.42 DH key derivation functions are defined */ +#define CKD_SHA1_KDF_ASN1 (0x03UL) +#define CKD_SHA1_KDF_CONCATENATE (0x04UL) +#define CKD_SHA224_KDF (0x05UL) +#define CKD_SHA256_KDF (0x06UL) +#define CKD_SHA384_KDF (0x07UL) +#define CKD_SHA512_KDF (0x08UL) +#define CKD_CPDIVERSIFY_KDF (0x09UL) + +typedef unsigned long ck_ec_kdf_t; + +struct ck_ecdh1_derive_params { + ck_ec_kdf_t kdf; + unsigned long shared_data_len; + unsigned char *shared_data; + unsigned long public_data_len; + unsigned char *public_data; +}; + +struct ck_key_derivation_string_data { + unsigned char *string_data; + unsigned long string_data_len; +}; + +struct ck_des_cbc_encrypt_data_params { + unsigned char iv[8]; + unsigned char *data_params; + unsigned long length; +}; + +struct ck_aes_cbc_encrypt_data_params { + unsigned char iv[16]; + unsigned char *data_params; + unsigned long length; +}; + +#define CKF_HW (1UL << 0) +#define CKF_ENCRYPT (1UL << 8) +#define CKF_DECRYPT (1UL << 9) +#define CKF_DIGEST (1UL << 10) +#define CKF_SIGN (1UL << 11) +#define CKF_SIGN_RECOVER (1UL << 12) +#define CKF_VERIFY (1UL << 13) +#define CKF_VERIFY_RECOVER (1UL << 14) +#define CKF_GENERATE (1UL << 15) +#define CKF_GENERATE_KEY_PAIR (1UL << 16) +#define CKF_WRAP (1UL << 17) +#define CKF_UNWRAP (1UL << 18) +#define CKF_DERIVE (1UL << 19) +#define CKF_EXTENSION ((unsigned long) (1UL << 31)) + +#define CKF_EC_F_P (1UL << 20) +#define CKF_EC_NAMEDCURVE (1UL << 23) +#define CKF_EC_UNCOMPRESS (1UL << 24) +#define CKF_EC_COMPRESS (1UL << 25) + + +/* Flags for C_WaitForSlotEvent. */ +#define CKF_DONT_BLOCK (1UL) + + +typedef unsigned long ck_rv_t; + + +typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session, + ck_notification_t event, void *application); + +/* Forward reference. */ +struct ck_function_list; + +#define _CK_DECLARE_FUNCTION(name, args) \ +typedef ck_rv_t (*CK_ ## name) args; \ +ck_rv_t CK_SPEC name args + +_CK_DECLARE_FUNCTION (C_Initialize, (void *init_args)); +_CK_DECLARE_FUNCTION (C_Finalize, (void *reserved)); +_CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info *info)); +_CK_DECLARE_FUNCTION (C_GetFunctionList, + (struct ck_function_list **function_list)); + +_CK_DECLARE_FUNCTION (C_GetSlotList, + (unsigned char token_present, ck_slot_id_t *slot_list, + unsigned long *count)); +_CK_DECLARE_FUNCTION (C_GetSlotInfo, + (ck_slot_id_t slot_id, struct ck_slot_info *info)); +_CK_DECLARE_FUNCTION (C_GetTokenInfo, + (ck_slot_id_t slot_id, struct ck_token_info *info)); +_CK_DECLARE_FUNCTION (C_WaitForSlotEvent, + (ck_flags_t flags, ck_slot_id_t *slot, void *reserved)); +_CK_DECLARE_FUNCTION (C_GetMechanismList, + (ck_slot_id_t slot_id, + ck_mechanism_type_t *mechanism_list, + unsigned long *count)); +_CK_DECLARE_FUNCTION (C_GetMechanismInfo, + (ck_slot_id_t slot_id, ck_mechanism_type_t type, + struct ck_mechanism_info *info)); +_CK_DECLARE_FUNCTION (C_InitToken, + (ck_slot_id_t slot_id, unsigned char *pin, + unsigned long pin_len, unsigned char *label)); +_CK_DECLARE_FUNCTION (C_InitPIN, + (ck_session_handle_t session, unsigned char *pin, + unsigned long pin_len)); +_CK_DECLARE_FUNCTION (C_SetPIN, + (ck_session_handle_t session, unsigned char *old_pin, + unsigned long old_len, unsigned char *new_pin, + unsigned long new_len)); + +_CK_DECLARE_FUNCTION (C_OpenSession, + (ck_slot_id_t slot_id, ck_flags_t flags, + void *application, ck_notify_t notify, + ck_session_handle_t *session)); +_CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session)); +_CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id)); +_CK_DECLARE_FUNCTION (C_GetSessionInfo, + (ck_session_handle_t session, + struct ck_session_info *info)); +_CK_DECLARE_FUNCTION (C_GetOperationState, + (ck_session_handle_t session, + unsigned char *operation_state, + unsigned long *operation_state_len)); +_CK_DECLARE_FUNCTION (C_SetOperationState, + (ck_session_handle_t session, + unsigned char *operation_state, + unsigned long operation_state_len, + ck_object_handle_t encryption_key, + ck_object_handle_t authentiation_key)); +_CK_DECLARE_FUNCTION (C_Login, + (ck_session_handle_t session, ck_user_type_t user_type, + unsigned char *pin, unsigned long pin_len)); +_CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session)); + +_CK_DECLARE_FUNCTION (C_CreateObject, + (ck_session_handle_t session, + struct ck_attribute *templ, + unsigned long count, ck_object_handle_t *object)); +_CK_DECLARE_FUNCTION (C_CopyObject, + (ck_session_handle_t session, ck_object_handle_t object, + struct ck_attribute *templ, unsigned long count, + ck_object_handle_t *new_object)); +_CK_DECLARE_FUNCTION (C_DestroyObject, + (ck_session_handle_t session, + ck_object_handle_t object)); +_CK_DECLARE_FUNCTION (C_GetObjectSize, + (ck_session_handle_t session, + ck_object_handle_t object, + unsigned long *size)); +_CK_DECLARE_FUNCTION (C_GetAttributeValue, + (ck_session_handle_t session, + ck_object_handle_t object, + struct ck_attribute *templ, + unsigned long count)); +_CK_DECLARE_FUNCTION (C_SetAttributeValue, + (ck_session_handle_t session, + ck_object_handle_t object, + struct ck_attribute *templ, + unsigned long count)); +_CK_DECLARE_FUNCTION (C_FindObjectsInit, + (ck_session_handle_t session, + struct ck_attribute *templ, + unsigned long count)); +_CK_DECLARE_FUNCTION (C_FindObjects, + (ck_session_handle_t session, + ck_object_handle_t *object, + unsigned long max_object_count, + unsigned long *object_count)); +_CK_DECLARE_FUNCTION (C_FindObjectsFinal, + (ck_session_handle_t session)); + +_CK_DECLARE_FUNCTION (C_EncryptInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_Encrypt, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *encrypted_data, + unsigned long *encrypted_data_len)); +_CK_DECLARE_FUNCTION (C_EncryptUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len)); +_CK_DECLARE_FUNCTION (C_EncryptFinal, + (ck_session_handle_t session, + unsigned char *last_encrypted_part, + unsigned long *last_encrypted_part_len)); + +_CK_DECLARE_FUNCTION (C_DecryptInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_Decrypt, + (ck_session_handle_t session, + unsigned char *encrypted_data, + unsigned long encrypted_data_len, + unsigned char *data, unsigned long *data_len)); +_CK_DECLARE_FUNCTION (C_DecryptUpdate, + (ck_session_handle_t session, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, unsigned long *part_len)); +_CK_DECLARE_FUNCTION (C_DecryptFinal, + (ck_session_handle_t session, + unsigned char *last_part, + unsigned long *last_part_len)); + +_CK_DECLARE_FUNCTION (C_DigestInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism)); +_CK_DECLARE_FUNCTION (C_Digest, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *digest, + unsigned long *digest_len)); +_CK_DECLARE_FUNCTION (C_DigestUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len)); +_CK_DECLARE_FUNCTION (C_DigestKey, + (ck_session_handle_t session, ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_DigestFinal, + (ck_session_handle_t session, + unsigned char *digest, + unsigned long *digest_len)); + +_CK_DECLARE_FUNCTION (C_SignInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_Sign, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *signature, + unsigned long *signature_len)); +_CK_DECLARE_FUNCTION (C_SignUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len)); +_CK_DECLARE_FUNCTION (C_SignFinal, + (ck_session_handle_t session, + unsigned char *signature, + unsigned long *signature_len)); +_CK_DECLARE_FUNCTION (C_SignRecoverInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_SignRecover, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *signature, + unsigned long *signature_len)); + +_CK_DECLARE_FUNCTION (C_VerifyInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_Verify, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *signature, + unsigned long signature_len)); +_CK_DECLARE_FUNCTION (C_VerifyUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len)); +_CK_DECLARE_FUNCTION (C_VerifyFinal, + (ck_session_handle_t session, + unsigned char *signature, + unsigned long signature_len)); +_CK_DECLARE_FUNCTION (C_VerifyRecoverInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_VerifyRecover, + (ck_session_handle_t session, + unsigned char *signature, + unsigned long signature_len, + unsigned char *data, + unsigned long *data_len)); + +_CK_DECLARE_FUNCTION (C_DigestEncryptUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len)); +_CK_DECLARE_FUNCTION (C_DecryptDigestUpdate, + (ck_session_handle_t session, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, + unsigned long *part_len)); +_CK_DECLARE_FUNCTION (C_SignEncryptUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len)); +_CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate, + (ck_session_handle_t session, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, + unsigned long *part_len)); + +_CK_DECLARE_FUNCTION (C_GenerateKey, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + struct ck_attribute *templ, + unsigned long count, + ck_object_handle_t *key)); +_CK_DECLARE_FUNCTION (C_GenerateKeyPair, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + struct ck_attribute *public_key_template, + unsigned long public_key_attribute_count, + struct ck_attribute *private_key_template, + unsigned long private_key_attribute_count, + ck_object_handle_t *public_key, + ck_object_handle_t *private_key)); +_CK_DECLARE_FUNCTION (C_WrapKey, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t wrapping_key, + ck_object_handle_t key, + unsigned char *wrapped_key, + unsigned long *wrapped_key_len)); +_CK_DECLARE_FUNCTION (C_UnwrapKey, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t unwrapping_key, + unsigned char *wrapped_key, + unsigned long wrapped_key_len, + struct ck_attribute *templ, + unsigned long attribute_count, + ck_object_handle_t *key)); +_CK_DECLARE_FUNCTION (C_DeriveKey, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t base_key, + struct ck_attribute *templ, + unsigned long attribute_count, + ck_object_handle_t *key)); + +_CK_DECLARE_FUNCTION (C_SeedRandom, + (ck_session_handle_t session, unsigned char *seed, + unsigned long seed_len)); +_CK_DECLARE_FUNCTION (C_GenerateRandom, + (ck_session_handle_t session, + unsigned char *random_data, + unsigned long random_len)); + +_CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session)); +_CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session)); + + +struct ck_function_list +{ + struct ck_version version; + CK_C_Initialize C_Initialize; + CK_C_Finalize C_Finalize; + CK_C_GetInfo C_GetInfo; + CK_C_GetFunctionList C_GetFunctionList; + CK_C_GetSlotList C_GetSlotList; + CK_C_GetSlotInfo C_GetSlotInfo; + CK_C_GetTokenInfo C_GetTokenInfo; + CK_C_GetMechanismList C_GetMechanismList; + CK_C_GetMechanismInfo C_GetMechanismInfo; + CK_C_InitToken C_InitToken; + CK_C_InitPIN C_InitPIN; + CK_C_SetPIN C_SetPIN; + CK_C_OpenSession C_OpenSession; + CK_C_CloseSession C_CloseSession; + CK_C_CloseAllSessions C_CloseAllSessions; + CK_C_GetSessionInfo C_GetSessionInfo; + CK_C_GetOperationState C_GetOperationState; + CK_C_SetOperationState C_SetOperationState; + CK_C_Login C_Login; + CK_C_Logout C_Logout; + CK_C_CreateObject C_CreateObject; + CK_C_CopyObject C_CopyObject; + CK_C_DestroyObject C_DestroyObject; + CK_C_GetObjectSize C_GetObjectSize; + CK_C_GetAttributeValue C_GetAttributeValue; + CK_C_SetAttributeValue C_SetAttributeValue; + CK_C_FindObjectsInit C_FindObjectsInit; + CK_C_FindObjects C_FindObjects; + CK_C_FindObjectsFinal C_FindObjectsFinal; + CK_C_EncryptInit C_EncryptInit; + CK_C_Encrypt C_Encrypt; + CK_C_EncryptUpdate C_EncryptUpdate; + CK_C_EncryptFinal C_EncryptFinal; + CK_C_DecryptInit C_DecryptInit; + CK_C_Decrypt C_Decrypt; + CK_C_DecryptUpdate C_DecryptUpdate; + CK_C_DecryptFinal C_DecryptFinal; + CK_C_DigestInit C_DigestInit; + CK_C_Digest C_Digest; + CK_C_DigestUpdate C_DigestUpdate; + CK_C_DigestKey C_DigestKey; + CK_C_DigestFinal C_DigestFinal; + CK_C_SignInit C_SignInit; + CK_C_Sign C_Sign; + CK_C_SignUpdate C_SignUpdate; + CK_C_SignFinal C_SignFinal; + CK_C_SignRecoverInit C_SignRecoverInit; + CK_C_SignRecover C_SignRecover; + CK_C_VerifyInit C_VerifyInit; + CK_C_Verify C_Verify; + CK_C_VerifyUpdate C_VerifyUpdate; + CK_C_VerifyFinal C_VerifyFinal; + CK_C_VerifyRecoverInit C_VerifyRecoverInit; + CK_C_VerifyRecover C_VerifyRecover; + CK_C_DigestEncryptUpdate C_DigestEncryptUpdate; + CK_C_DecryptDigestUpdate C_DecryptDigestUpdate; + CK_C_SignEncryptUpdate C_SignEncryptUpdate; + CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate; + CK_C_GenerateKey C_GenerateKey; + CK_C_GenerateKeyPair C_GenerateKeyPair; + CK_C_WrapKey C_WrapKey; + CK_C_UnwrapKey C_UnwrapKey; + CK_C_DeriveKey C_DeriveKey; + CK_C_SeedRandom C_SeedRandom; + CK_C_GenerateRandom C_GenerateRandom; + CK_C_GetFunctionStatus C_GetFunctionStatus; + CK_C_CancelFunction C_CancelFunction; + CK_C_WaitForSlotEvent C_WaitForSlotEvent; +}; + + +typedef ck_rv_t (*ck_createmutex_t) (void **mutex); +typedef ck_rv_t (*ck_destroymutex_t) (void *mutex); +typedef ck_rv_t (*ck_lockmutex_t) (void *mutex); +typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex); + + +struct ck_c_initialize_args +{ + ck_createmutex_t create_mutex; + ck_destroymutex_t destroy_mutex; + ck_lockmutex_t lock_mutex; + ck_unlockmutex_t unlock_mutex; + ck_flags_t flags; + void *reserved; +}; + + +#define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1UL << 0) +#define CKF_OS_LOCKING_OK (1UL << 1) + +#define CKR_OK (0UL) +#define CKR_CANCEL (1UL) +#define CKR_HOST_MEMORY (2UL) +#define CKR_SLOT_ID_INVALID (3UL) +#define CKR_GENERAL_ERROR (5UL) +#define CKR_FUNCTION_FAILED (6UL) +#define CKR_ARGUMENTS_BAD (7UL) +#define CKR_NO_EVENT (8UL) +#define CKR_NEED_TO_CREATE_THREADS (9UL) +#define CKR_CANT_LOCK (0xaUL) +#define CKR_ATTRIBUTE_READ_ONLY (0x10UL) +#define CKR_ATTRIBUTE_SENSITIVE (0x11UL) +#define CKR_ATTRIBUTE_TYPE_INVALID (0x12UL) +#define CKR_ATTRIBUTE_VALUE_INVALID (0x13UL) +#define CKR_ACTION_PROHIBITED (0x1BUL) +#define CKR_DATA_INVALID (0x20UL) +#define CKR_DATA_LEN_RANGE (0x21UL) +#define CKR_DEVICE_ERROR (0x30UL) +#define CKR_DEVICE_MEMORY (0x31UL) +#define CKR_DEVICE_REMOVED (0x32UL) +#define CKR_ENCRYPTED_DATA_INVALID (0x40UL) +#define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41UL) +#define CKR_FUNCTION_CANCELED (0x50UL) +#define CKR_FUNCTION_NOT_PARALLEL (0x51UL) +#define CKR_FUNCTION_NOT_SUPPORTED (0x54UL) +#define CKR_KEY_HANDLE_INVALID (0x60UL) +#define CKR_KEY_SIZE_RANGE (0x62UL) +#define CKR_KEY_TYPE_INCONSISTENT (0x63UL) +#define CKR_KEY_NOT_NEEDED (0x64UL) +#define CKR_KEY_CHANGED (0x65UL) +#define CKR_KEY_NEEDED (0x66UL) +#define CKR_KEY_INDIGESTIBLE (0x67UL) +#define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68UL) +#define CKR_KEY_NOT_WRAPPABLE (0x69UL) +#define CKR_KEY_UNEXTRACTABLE (0x6aUL) +#define CKR_MECHANISM_INVALID (0x70UL) +#define CKR_MECHANISM_PARAM_INVALID (0x71UL) +#define CKR_OBJECT_HANDLE_INVALID (0x82UL) +#define CKR_OPERATION_ACTIVE (0x90UL) +#define CKR_OPERATION_NOT_INITIALIZED (0x91UL) +#define CKR_PIN_INCORRECT (0xa0UL) +#define CKR_PIN_INVALID (0xa1UL) +#define CKR_PIN_LEN_RANGE (0xa2UL) +#define CKR_PIN_EXPIRED (0xa3UL) +#define CKR_PIN_LOCKED (0xa4UL) +#define CKR_SESSION_CLOSED (0xb0UL) +#define CKR_SESSION_COUNT (0xb1UL) +#define CKR_SESSION_HANDLE_INVALID (0xb3UL) +#define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4UL) +#define CKR_SESSION_READ_ONLY (0xb5UL) +#define CKR_SESSION_EXISTS (0xb6UL) +#define CKR_SESSION_READ_ONLY_EXISTS (0xb7UL) +#define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8UL) +#define CKR_SIGNATURE_INVALID (0xc0UL) +#define CKR_SIGNATURE_LEN_RANGE (0xc1UL) +#define CKR_TEMPLATE_INCOMPLETE (0xd0UL) +#define CKR_TEMPLATE_INCONSISTENT (0xd1UL) +#define CKR_TOKEN_NOT_PRESENT (0xe0UL) +#define CKR_TOKEN_NOT_RECOGNIZED (0xe1UL) +#define CKR_TOKEN_WRITE_PROTECTED (0xe2UL) +#define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0UL) +#define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1UL) +#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2UL) +#define CKR_USER_ALREADY_LOGGED_IN (0x100UL) +#define CKR_USER_NOT_LOGGED_IN (0x101UL) +#define CKR_USER_PIN_NOT_INITIALIZED (0x102UL) +#define CKR_USER_TYPE_INVALID (0x103UL) +#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104UL) +#define CKR_USER_TOO_MANY_TYPES (0x105UL) +#define CKR_WRAPPED_KEY_INVALID (0x110UL) +#define CKR_WRAPPED_KEY_LEN_RANGE (0x112UL) +#define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113UL) +#define CKR_WRAPPING_KEY_SIZE_RANGE (0x114UL) +#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115UL) +#define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120UL) +#define CKR_RANDOM_NO_RNG (0x121UL) +#define CKR_DOMAIN_PARAMS_INVALID (0x130UL) +#define CKR_BUFFER_TOO_SMALL (0x150UL) +#define CKR_SAVED_STATE_INVALID (0x160UL) +#define CKR_INFORMATION_SENSITIVE (0x170UL) +#define CKR_STATE_UNSAVEABLE (0x180UL) +#define CKR_CRYPTOKI_NOT_INITIALIZED (0x190UL) +#define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191UL) +#define CKR_MUTEX_BAD (0x1a0UL) +#define CKR_MUTEX_NOT_LOCKED (0x1a1UL) +#define CKR_NEW_PIN_MODE (0x1b0UL) +#define CKR_NEXT_OTP (0x1b1UL) +#define CKR_EXCEEDED_MAX_ITERATIONS (0x1c0UL) +#define CKR_FIPS_SELF_TEST_FAILED (0x1c1UL) +#define CKR_LIBRARY_LOAD_FAILED (0x1c2UL) +#define CKR_PIN_TOO_WEAK (0x1c3UL) +#define CKR_PUBLIC_KEY_INVALID (0x1c4UL) +#define CKR_FUNCTION_REJECTED (0x200UL) +#define CKR_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + + +#define CKZ_DATA_SPECIFIED (0x01UL) + + + +/* Compatibility layer. */ + +#ifdef CRYPTOKI_COMPAT + +#undef CK_DEFINE_FUNCTION +#define CK_DEFINE_FUNCTION(retval, name) retval CK_SPEC name + +/* For NULL. */ +#include + +typedef unsigned char CK_BYTE; +typedef unsigned char CK_CHAR; +typedef unsigned char CK_UTF8CHAR; +typedef unsigned char CK_BBOOL; +typedef unsigned long int CK_ULONG; +typedef long int CK_LONG; +typedef CK_BYTE *CK_BYTE_PTR; +typedef CK_CHAR *CK_CHAR_PTR; +typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR; +typedef CK_ULONG *CK_ULONG_PTR; +typedef void *CK_VOID_PTR; +typedef void **CK_VOID_PTR_PTR; +#define CK_FALSE 0 +#define CK_TRUE 1 +#ifndef CK_DISABLE_TRUE_FALSE +#ifndef FALSE +#define FALSE 0 +#endif +#ifndef TRUE +#define TRUE 1 +#endif +#endif + +typedef struct ck_version CK_VERSION; +typedef struct ck_version *CK_VERSION_PTR; + +typedef struct ck_info CK_INFO; +typedef struct ck_info *CK_INFO_PTR; + +typedef ck_slot_id_t *CK_SLOT_ID_PTR; + +typedef struct ck_slot_info CK_SLOT_INFO; +typedef struct ck_slot_info *CK_SLOT_INFO_PTR; + +typedef struct ck_token_info CK_TOKEN_INFO; +typedef struct ck_token_info *CK_TOKEN_INFO_PTR; + +typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR; + +typedef struct ck_session_info CK_SESSION_INFO; +typedef struct ck_session_info *CK_SESSION_INFO_PTR; + +typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR; + +typedef ck_object_class_t *CK_OBJECT_CLASS_PTR; + +typedef struct ck_attribute CK_ATTRIBUTE; +typedef struct ck_attribute *CK_ATTRIBUTE_PTR; + +typedef struct ck_date CK_DATE; +typedef struct ck_date *CK_DATE_PTR; + +typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR; + +typedef struct ck_mechanism CK_MECHANISM; +typedef struct ck_mechanism *CK_MECHANISM_PTR; + +typedef struct ck_mechanism_info CK_MECHANISM_INFO; +typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR; + +typedef struct ck_otp_mechanism_info CK_OTP_MECHANISM_INFO; +typedef struct ck_otp_mechanism_info *CK_OTP_MECHANISM_INFO_PTR; + +typedef struct ck_function_list CK_FUNCTION_LIST; +typedef struct ck_function_list *CK_FUNCTION_LIST_PTR; +typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR; + +typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS; +typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR; + +typedef struct ck_rsa_pkcs_pss_params CK_RSA_PKCS_PSS_PARAMS; +typedef struct ck_rsa_pkcs_pss_params *CK_RSA_PKCS_PSS_PARAMS_PTR; + +typedef struct ck_rsa_pkcs_oaep_params CK_RSA_PKCS_OAEP_PARAMS; +typedef struct ck_rsa_pkcs_oaep_params *CK_RSA_PKCS_OAEP_PARAMS_PTR; + +typedef struct ck_aes_ctr_params CK_AES_CTR_PARAMS; +typedef struct ck_aes_ctr_params *CK_AES_CTR_PARAMS_PTR; + +typedef struct ck_gcm_params CK_GCM_PARAMS; +typedef struct ck_gcm_params *CK_GCM_PARAMS_PTR; + +typedef struct ck_ecdh1_derive_params CK_ECDH1_DERIVE_PARAMS; +typedef struct ck_ecdh1_derive_params *CK_ECDH1_DERIVE_PARAMS_PTR; + +typedef struct ck_key_derivation_string_data CK_KEY_DERIVATION_STRING_DATA; +typedef struct ck_key_derivation_string_data *CK_KEY_DERIVATION_STRING_DATA_PTR; + +typedef struct ck_des_cbc_encrypt_data_params CK_DES_CBC_ENCRYPT_DATA_PARAMS; +typedef struct ck_des_cbc_encrypt_data_params *CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR; + +typedef struct ck_aes_cbc_encrypt_data_params CK_AES_CBC_ENCRYPT_DATA_PARAMS; +typedef struct ck_aes_cbc_encrypt_data_params *CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR; + +#ifndef NULL_PTR +#define NULL_PTR NULL +#endif + +/* Delete the helper macros defined at the top of the file. */ +#undef ck_flags_t +#undef ck_version + +#undef ck_info +#undef cryptoki_version +#undef manufacturer_id +#undef library_description +#undef library_version + +#undef ck_notification_t +#undef ck_slot_id_t + +#undef ck_slot_info +#undef slot_description +#undef hardware_version +#undef firmware_version + +#undef ck_token_info +#undef serial_number +#undef max_session_count +#undef session_count +#undef max_rw_session_count +#undef rw_session_count +#undef max_pin_len +#undef min_pin_len +#undef total_public_memory +#undef free_public_memory +#undef total_private_memory +#undef free_private_memory +#undef utc_time + +#undef ck_session_handle_t +#undef ck_user_type_t +#undef ck_state_t + +#undef ck_session_info +#undef slot_id +#undef device_error + +#undef ck_object_handle_t +#undef ck_object_class_t +#undef ck_hw_feature_type_t +#undef ck_key_type_t +#undef ck_certificate_type_t +#undef ck_attribute_type_t + +#undef ck_attribute +#undef value +#undef value_len + +#undef params +#undef count + +#undef ck_date + +#undef ck_mechanism_type_t + +#undef ck_mechanism +#undef parameter +#undef parameter_len + +#undef ck_mechanism_info + +#undef ck_param_type +#undef ck_otp_param +#undef ck_otp_params +#undef ck_otp_signature_info + +#undef min_key_size +#undef max_key_size + +#undef ck_rv_t +#undef ck_notify_t + +#undef ck_function_list + +#undef ck_createmutex_t +#undef ck_destroymutex_t +#undef ck_lockmutex_t +#undef ck_unlockmutex_t + +#undef ck_c_initialize_args +#undef create_mutex +#undef destroy_mutex +#undef lock_mutex +#undef unlock_mutex +#undef reserved + +#endif /* CRYPTOKI_COMPAT */ + + +/* System dependencies. */ +#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) +#pragma pack(pop, cryptoki) +#endif + +#if defined(__cplusplus) +} +#endif + +#endif /* PKCS11_H */ diff --git a/pkcs11-sys/src/bindings/x86_64-unknown-linux-gnu.rs b/pkcs11-sys/src/bindings/x86_64-unknown-linux-gnu.rs new file mode 100644 index 0000000..16599f4 --- /dev/null +++ b/pkcs11-sys/src/bindings/x86_64-unknown-linux-gnu.rs @@ -0,0 +1,2915 @@ +/* automatically generated by rust-bindgen 0.56.0 */ + +pub type CK_FLAGS = ::std::os::raw::c_ulong; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _CK_VERSION { + pub major: ::std::os::raw::c_uchar, + pub minor: ::std::os::raw::c_uchar, +} +#[test] +fn bindgen_test_layout__CK_VERSION() { + assert_eq!( + ::std::mem::size_of::<_CK_VERSION>(), + 2usize, + concat!("Size of: ", stringify!(_CK_VERSION)) + ); + assert_eq!( + ::std::mem::align_of::<_CK_VERSION>(), + 1usize, + concat!("Alignment of ", stringify!(_CK_VERSION)) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_VERSION>())).major as *const _ as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(_CK_VERSION), + "::", + stringify!(major) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_VERSION>())).minor as *const _ as usize }, + 1usize, + concat!( + "Offset of field: ", + stringify!(_CK_VERSION), + "::", + stringify!(minor) + ) + ); +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _CK_INFO { + pub cryptokiVersion: _CK_VERSION, + pub manufacturerID: [::std::os::raw::c_uchar; 32usize], + pub flags: CK_FLAGS, + pub libraryDescription: [::std::os::raw::c_uchar; 32usize], + pub libraryVersion: _CK_VERSION, +} +#[test] +fn bindgen_test_layout__CK_INFO() { + assert_eq!( + ::std::mem::size_of::<_CK_INFO>(), + 88usize, + concat!("Size of: ", stringify!(_CK_INFO)) + ); + assert_eq!( + ::std::mem::align_of::<_CK_INFO>(), + 8usize, + concat!("Alignment of ", stringify!(_CK_INFO)) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_INFO>())).cryptokiVersion as *const _ as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(_CK_INFO), + "::", + stringify!(cryptokiVersion) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_INFO>())).manufacturerID as *const _ as usize }, + 2usize, + concat!( + "Offset of field: ", + stringify!(_CK_INFO), + "::", + stringify!(manufacturerID) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_INFO>())).flags as *const _ as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(_CK_INFO), + "::", + stringify!(flags) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_INFO>())).libraryDescription as *const _ as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(_CK_INFO), + "::", + stringify!(libraryDescription) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_INFO>())).libraryVersion as *const _ as usize }, + 80usize, + concat!( + "Offset of field: ", + stringify!(_CK_INFO), + "::", + stringify!(libraryVersion) + ) + ); +} +pub type CK_NOTIFICATION = ::std::os::raw::c_ulong; +pub type CK_SLOT_ID = ::std::os::raw::c_ulong; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _CK_SLOT_INFO { + pub slotDescription: [::std::os::raw::c_uchar; 64usize], + pub manufacturerID: [::std::os::raw::c_uchar; 32usize], + pub flags: CK_FLAGS, + pub hardwareVersion: _CK_VERSION, + pub firmwareVersion: _CK_VERSION, +} +#[test] +fn bindgen_test_layout__CK_SLOT_INFO() { + assert_eq!( + ::std::mem::size_of::<_CK_SLOT_INFO>(), + 112usize, + concat!("Size of: ", stringify!(_CK_SLOT_INFO)) + ); + assert_eq!( + ::std::mem::align_of::<_CK_SLOT_INFO>(), + 8usize, + concat!("Alignment of ", stringify!(_CK_SLOT_INFO)) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_SLOT_INFO>())).slotDescription as *const _ as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(_CK_SLOT_INFO), + "::", + stringify!(slotDescription) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_SLOT_INFO>())).manufacturerID as *const _ as usize }, + 64usize, + concat!( + "Offset of field: ", + stringify!(_CK_SLOT_INFO), + "::", + stringify!(manufacturerID) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_SLOT_INFO>())).flags as *const _ as usize }, + 96usize, + concat!( + "Offset of field: ", + stringify!(_CK_SLOT_INFO), + "::", + stringify!(flags) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_SLOT_INFO>())).hardwareVersion as *const _ as usize }, + 104usize, + concat!( + "Offset of field: ", + stringify!(_CK_SLOT_INFO), + "::", + stringify!(hardwareVersion) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_SLOT_INFO>())).firmwareVersion as *const _ as usize }, + 106usize, + concat!( + "Offset of field: ", + stringify!(_CK_SLOT_INFO), + "::", + stringify!(firmwareVersion) + ) + ); +} +impl Default for _CK_SLOT_INFO { + fn default() -> Self { + unsafe { ::std::mem::zeroed() } + } +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _CK_TOKEN_INFO { + pub label: [::std::os::raw::c_uchar; 32usize], + pub manufacturerID: [::std::os::raw::c_uchar; 32usize], + pub model: [::std::os::raw::c_uchar; 16usize], + pub serialNumber: [::std::os::raw::c_uchar; 16usize], + pub flags: CK_FLAGS, + pub ulMaxSessionCount: ::std::os::raw::c_ulong, + pub ulSessionCount: ::std::os::raw::c_ulong, + pub ulMaxRwSessionCount: ::std::os::raw::c_ulong, + pub ulRwSessionCount: ::std::os::raw::c_ulong, + pub ulMaxPinLen: ::std::os::raw::c_ulong, + pub ulMinPinLen: ::std::os::raw::c_ulong, + pub ulTotalPublicMemory: ::std::os::raw::c_ulong, + pub ulFreePublicMemory: ::std::os::raw::c_ulong, + pub ulTotalPrivateMemory: ::std::os::raw::c_ulong, + pub ulFreePrivateMemory: ::std::os::raw::c_ulong, + pub hardwareVersion: _CK_VERSION, + pub firmwareVersion: _CK_VERSION, + pub utcTime: [::std::os::raw::c_uchar; 16usize], +} +#[test] +fn bindgen_test_layout__CK_TOKEN_INFO() { + assert_eq!( + ::std::mem::size_of::<_CK_TOKEN_INFO>(), + 208usize, + concat!("Size of: ", stringify!(_CK_TOKEN_INFO)) + ); + assert_eq!( + ::std::mem::align_of::<_CK_TOKEN_INFO>(), + 8usize, + concat!("Alignment of ", stringify!(_CK_TOKEN_INFO)) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_TOKEN_INFO>())).label as *const _ as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(_CK_TOKEN_INFO), + "::", + stringify!(label) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_TOKEN_INFO>())).manufacturerID as *const _ as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(_CK_TOKEN_INFO), + "::", + stringify!(manufacturerID) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_TOKEN_INFO>())).model as *const _ as usize }, + 64usize, + concat!( + "Offset of field: ", + stringify!(_CK_TOKEN_INFO), + "::", + stringify!(model) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_TOKEN_INFO>())).serialNumber as *const _ as usize }, + 80usize, + concat!( + "Offset of field: ", + stringify!(_CK_TOKEN_INFO), + "::", + stringify!(serialNumber) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_TOKEN_INFO>())).flags as *const _ as usize }, + 96usize, + concat!( + "Offset of field: ", + stringify!(_CK_TOKEN_INFO), + "::", + stringify!(flags) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_TOKEN_INFO>())).ulMaxSessionCount as *const _ as usize + }, + 104usize, + concat!( + "Offset of field: ", + stringify!(_CK_TOKEN_INFO), + "::", + stringify!(ulMaxSessionCount) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_TOKEN_INFO>())).ulSessionCount as *const _ as usize }, + 112usize, + concat!( + "Offset of field: ", + stringify!(_CK_TOKEN_INFO), + "::", + stringify!(ulSessionCount) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_TOKEN_INFO>())).ulMaxRwSessionCount as *const _ as usize + }, + 120usize, + concat!( + "Offset of field: ", + stringify!(_CK_TOKEN_INFO), + "::", + stringify!(ulMaxRwSessionCount) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_TOKEN_INFO>())).ulRwSessionCount as *const _ as usize }, + 128usize, + concat!( + "Offset of field: ", + stringify!(_CK_TOKEN_INFO), + "::", + stringify!(ulRwSessionCount) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_TOKEN_INFO>())).ulMaxPinLen as *const _ as usize }, + 136usize, + concat!( + "Offset of field: ", + stringify!(_CK_TOKEN_INFO), + "::", + stringify!(ulMaxPinLen) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_TOKEN_INFO>())).ulMinPinLen as *const _ as usize }, + 144usize, + concat!( + "Offset of field: ", + stringify!(_CK_TOKEN_INFO), + "::", + stringify!(ulMinPinLen) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_TOKEN_INFO>())).ulTotalPublicMemory as *const _ as usize + }, + 152usize, + concat!( + "Offset of field: ", + stringify!(_CK_TOKEN_INFO), + "::", + stringify!(ulTotalPublicMemory) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_TOKEN_INFO>())).ulFreePublicMemory as *const _ as usize + }, + 160usize, + concat!( + "Offset of field: ", + stringify!(_CK_TOKEN_INFO), + "::", + stringify!(ulFreePublicMemory) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_TOKEN_INFO>())).ulTotalPrivateMemory as *const _ as usize + }, + 168usize, + concat!( + "Offset of field: ", + stringify!(_CK_TOKEN_INFO), + "::", + stringify!(ulTotalPrivateMemory) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_TOKEN_INFO>())).ulFreePrivateMemory as *const _ as usize + }, + 176usize, + concat!( + "Offset of field: ", + stringify!(_CK_TOKEN_INFO), + "::", + stringify!(ulFreePrivateMemory) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_TOKEN_INFO>())).hardwareVersion as *const _ as usize }, + 184usize, + concat!( + "Offset of field: ", + stringify!(_CK_TOKEN_INFO), + "::", + stringify!(hardwareVersion) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_TOKEN_INFO>())).firmwareVersion as *const _ as usize }, + 186usize, + concat!( + "Offset of field: ", + stringify!(_CK_TOKEN_INFO), + "::", + stringify!(firmwareVersion) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_TOKEN_INFO>())).utcTime as *const _ as usize }, + 188usize, + concat!( + "Offset of field: ", + stringify!(_CK_TOKEN_INFO), + "::", + stringify!(utcTime) + ) + ); +} +pub type CK_SESSION_HANDLE = ::std::os::raw::c_ulong; +pub type CK_USER_TYPE = ::std::os::raw::c_ulong; +pub type CK_STATE = ::std::os::raw::c_ulong; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _CK_SESSION_INFO { + pub slotID: CK_SLOT_ID, + pub state: CK_STATE, + pub flags: CK_FLAGS, + pub ulDeviceError: ::std::os::raw::c_ulong, +} +#[test] +fn bindgen_test_layout__CK_SESSION_INFO() { + assert_eq!( + ::std::mem::size_of::<_CK_SESSION_INFO>(), + 32usize, + concat!("Size of: ", stringify!(_CK_SESSION_INFO)) + ); + assert_eq!( + ::std::mem::align_of::<_CK_SESSION_INFO>(), + 8usize, + concat!("Alignment of ", stringify!(_CK_SESSION_INFO)) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_SESSION_INFO>())).slotID as *const _ as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(_CK_SESSION_INFO), + "::", + stringify!(slotID) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_SESSION_INFO>())).state as *const _ as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(_CK_SESSION_INFO), + "::", + stringify!(state) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_SESSION_INFO>())).flags as *const _ as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(_CK_SESSION_INFO), + "::", + stringify!(flags) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_SESSION_INFO>())).ulDeviceError as *const _ as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(_CK_SESSION_INFO), + "::", + stringify!(ulDeviceError) + ) + ); +} +pub type CK_OBJECT_HANDLE = ::std::os::raw::c_ulong; +pub type CK_OBJECT_CLASS = ::std::os::raw::c_ulong; +pub type CK_HW_FEATURE_TYPE = ::std::os::raw::c_ulong; +pub type CK_KEY_TYPE = ::std::os::raw::c_ulong; +pub type CK_CERTIFICATE_TYPE = ::std::os::raw::c_ulong; +pub type CK_ATTRIBUTE_TYPE = ::std::os::raw::c_ulong; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _CK_ATTRIBUTE { + pub type_: CK_ATTRIBUTE_TYPE, + pub pValue: *mut ::std::os::raw::c_void, + pub ulValueLen: ::std::os::raw::c_ulong, +} +#[test] +fn bindgen_test_layout__CK_ATTRIBUTE() { + assert_eq!( + ::std::mem::size_of::<_CK_ATTRIBUTE>(), + 24usize, + concat!("Size of: ", stringify!(_CK_ATTRIBUTE)) + ); + assert_eq!( + ::std::mem::align_of::<_CK_ATTRIBUTE>(), + 8usize, + concat!("Alignment of ", stringify!(_CK_ATTRIBUTE)) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_ATTRIBUTE>())).type_ as *const _ as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(_CK_ATTRIBUTE), + "::", + stringify!(type_) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_ATTRIBUTE>())).pValue as *const _ as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(_CK_ATTRIBUTE), + "::", + stringify!(pValue) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_ATTRIBUTE>())).ulValueLen as *const _ as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(_CK_ATTRIBUTE), + "::", + stringify!(ulValueLen) + ) + ); +} +impl Default for _CK_ATTRIBUTE { + fn default() -> Self { + unsafe { ::std::mem::zeroed() } + } +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _CK_DATE { + pub year: [::std::os::raw::c_uchar; 4usize], + pub month: [::std::os::raw::c_uchar; 2usize], + pub day: [::std::os::raw::c_uchar; 2usize], +} +#[test] +fn bindgen_test_layout__CK_DATE() { + assert_eq!( + ::std::mem::size_of::<_CK_DATE>(), + 8usize, + concat!("Size of: ", stringify!(_CK_DATE)) + ); + assert_eq!( + ::std::mem::align_of::<_CK_DATE>(), + 1usize, + concat!("Alignment of ", stringify!(_CK_DATE)) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_DATE>())).year as *const _ as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(_CK_DATE), + "::", + stringify!(year) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_DATE>())).month as *const _ as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(_CK_DATE), + "::", + stringify!(month) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_DATE>())).day as *const _ as usize }, + 6usize, + concat!( + "Offset of field: ", + stringify!(_CK_DATE), + "::", + stringify!(day) + ) + ); +} +pub type CK_MECHANISM_TYPE = ::std::os::raw::c_ulong; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _CK_MECHANISM { + pub mechanism: CK_MECHANISM_TYPE, + pub pParameter: *mut ::std::os::raw::c_void, + pub ulParameterLen: ::std::os::raw::c_ulong, +} +#[test] +fn bindgen_test_layout__CK_MECHANISM() { + assert_eq!( + ::std::mem::size_of::<_CK_MECHANISM>(), + 24usize, + concat!("Size of: ", stringify!(_CK_MECHANISM)) + ); + assert_eq!( + ::std::mem::align_of::<_CK_MECHANISM>(), + 8usize, + concat!("Alignment of ", stringify!(_CK_MECHANISM)) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_MECHANISM>())).mechanism as *const _ as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(_CK_MECHANISM), + "::", + stringify!(mechanism) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_MECHANISM>())).pParameter as *const _ as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(_CK_MECHANISM), + "::", + stringify!(pParameter) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_MECHANISM>())).ulParameterLen as *const _ as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(_CK_MECHANISM), + "::", + stringify!(ulParameterLen) + ) + ); +} +impl Default for _CK_MECHANISM { + fn default() -> Self { + unsafe { ::std::mem::zeroed() } + } +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _CK_MECHANISM_INFO { + pub ulMinKeySize: ::std::os::raw::c_ulong, + pub ulMaxKeySize: ::std::os::raw::c_ulong, + pub flags: CK_FLAGS, +} +#[test] +fn bindgen_test_layout__CK_MECHANISM_INFO() { + assert_eq!( + ::std::mem::size_of::<_CK_MECHANISM_INFO>(), + 24usize, + concat!("Size of: ", stringify!(_CK_MECHANISM_INFO)) + ); + assert_eq!( + ::std::mem::align_of::<_CK_MECHANISM_INFO>(), + 8usize, + concat!("Alignment of ", stringify!(_CK_MECHANISM_INFO)) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_MECHANISM_INFO>())).ulMinKeySize as *const _ as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(_CK_MECHANISM_INFO), + "::", + stringify!(ulMinKeySize) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_MECHANISM_INFO>())).ulMaxKeySize as *const _ as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(_CK_MECHANISM_INFO), + "::", + stringify!(ulMaxKeySize) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_MECHANISM_INFO>())).flags as *const _ as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(_CK_MECHANISM_INFO), + "::", + stringify!(flags) + ) + ); +} +pub type CK_PARAM_TYPE = ::std::os::raw::c_ulong; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_OTP_PARAM { + pub type_: CK_PARAM_TYPE, + pub pValue: *mut ::std::os::raw::c_void, + pub ulValueLen: ::std::os::raw::c_ulong, +} +#[test] +fn bindgen_test_layout_CK_OTP_PARAM() { + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(CK_OTP_PARAM)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_OTP_PARAM)) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::())).type_ as *const _ as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_OTP_PARAM), + "::", + stringify!(type_) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::())).pValue as *const _ as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_OTP_PARAM), + "::", + stringify!(pValue) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::())).ulValueLen as *const _ as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_OTP_PARAM), + "::", + stringify!(ulValueLen) + ) + ); +} +impl Default for CK_OTP_PARAM { + fn default() -> Self { + unsafe { ::std::mem::zeroed() } + } +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_OTP_PARAMS { + pub pParams: *mut CK_OTP_PARAM, + pub ulCount: ::std::os::raw::c_ulong, +} +#[test] +fn bindgen_test_layout_CK_OTP_PARAMS() { + assert_eq!( + ::std::mem::size_of::(), + 16usize, + concat!("Size of: ", stringify!(CK_OTP_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_OTP_PARAMS)) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::())).pParams as *const _ as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_OTP_PARAMS), + "::", + stringify!(pParams) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::())).ulCount as *const _ as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_OTP_PARAMS), + "::", + stringify!(ulCount) + ) + ); +} +impl Default for CK_OTP_PARAMS { + fn default() -> Self { + unsafe { ::std::mem::zeroed() } + } +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_OTP_SIGNATURE_INFO { + pub pParams: *mut CK_OTP_PARAM, + pub ulCount: ::std::os::raw::c_ulong, +} +#[test] +fn bindgen_test_layout_CK_OTP_SIGNATURE_INFO() { + assert_eq!( + ::std::mem::size_of::(), + 16usize, + concat!("Size of: ", stringify!(CK_OTP_SIGNATURE_INFO)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_OTP_SIGNATURE_INFO)) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::())).pParams as *const _ as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_OTP_SIGNATURE_INFO), + "::", + stringify!(pParams) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::())).ulCount as *const _ as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_OTP_SIGNATURE_INFO), + "::", + stringify!(ulCount) + ) + ); +} +impl Default for CK_OTP_SIGNATURE_INFO { + fn default() -> Self { + unsafe { ::std::mem::zeroed() } + } +} +pub type CK_RSA_PKCS_MGF_TYPE = ::std::os::raw::c_ulong; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct ck_rsa_pkcs_pss_params { + pub hashAlg: CK_MECHANISM_TYPE, + pub mgf: CK_RSA_PKCS_MGF_TYPE, + pub sLen: ::std::os::raw::c_ulong, +} +#[test] +fn bindgen_test_layout_ck_rsa_pkcs_pss_params() { + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(ck_rsa_pkcs_pss_params)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(ck_rsa_pkcs_pss_params)) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::())).hashAlg as *const _ as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(ck_rsa_pkcs_pss_params), + "::", + stringify!(hashAlg) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::())).mgf as *const _ as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(ck_rsa_pkcs_pss_params), + "::", + stringify!(mgf) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::())).sLen as *const _ as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(ck_rsa_pkcs_pss_params), + "::", + stringify!(sLen) + ) + ); +} +pub type CK_RSA_PKCS_OAEP_SOURCE_TYPE = ::std::os::raw::c_ulong; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct ck_rsa_pkcs_oaep_params { + pub hashAlg: CK_MECHANISM_TYPE, + pub mgf: CK_RSA_PKCS_MGF_TYPE, + pub source: CK_RSA_PKCS_OAEP_SOURCE_TYPE, + pub pSourceData: *mut ::std::os::raw::c_void, + pub ulSourceDataLen: ::std::os::raw::c_ulong, +} +#[test] +fn bindgen_test_layout_ck_rsa_pkcs_oaep_params() { + assert_eq!( + ::std::mem::size_of::(), + 40usize, + concat!("Size of: ", stringify!(ck_rsa_pkcs_oaep_params)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(ck_rsa_pkcs_oaep_params)) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::())).hashAlg as *const _ as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(ck_rsa_pkcs_oaep_params), + "::", + stringify!(hashAlg) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::())).mgf as *const _ as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(ck_rsa_pkcs_oaep_params), + "::", + stringify!(mgf) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::())).source as *const _ as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(ck_rsa_pkcs_oaep_params), + "::", + stringify!(source) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).pSourceData as *const _ as usize + }, + 24usize, + concat!( + "Offset of field: ", + stringify!(ck_rsa_pkcs_oaep_params), + "::", + stringify!(pSourceData) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).ulSourceDataLen as *const _ as usize + }, + 32usize, + concat!( + "Offset of field: ", + stringify!(ck_rsa_pkcs_oaep_params), + "::", + stringify!(ulSourceDataLen) + ) + ); +} +impl Default for ck_rsa_pkcs_oaep_params { + fn default() -> Self { + unsafe { ::std::mem::zeroed() } + } +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct ck_aes_ctr_params { + pub ulCounterBits: ::std::os::raw::c_ulong, + pub cb: [::std::os::raw::c_uchar; 16usize], +} +#[test] +fn bindgen_test_layout_ck_aes_ctr_params() { + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(ck_aes_ctr_params)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(ck_aes_ctr_params)) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::())).ulCounterBits as *const _ as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(ck_aes_ctr_params), + "::", + stringify!(ulCounterBits) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::())).cb as *const _ as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(ck_aes_ctr_params), + "::", + stringify!(cb) + ) + ); +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct ck_gcm_params { + pub pIv: *mut ::std::os::raw::c_uchar, + pub ulIvLen: ::std::os::raw::c_ulong, + pub ulIvBits: ::std::os::raw::c_ulong, + pub pAAD: *mut ::std::os::raw::c_uchar, + pub ulAADLen: ::std::os::raw::c_ulong, + pub ulTagBits: ::std::os::raw::c_ulong, +} +#[test] +fn bindgen_test_layout_ck_gcm_params() { + assert_eq!( + ::std::mem::size_of::(), + 48usize, + concat!("Size of: ", stringify!(ck_gcm_params)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(ck_gcm_params)) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::())).pIv as *const _ as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(ck_gcm_params), + "::", + stringify!(pIv) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::())).ulIvLen as *const _ as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(ck_gcm_params), + "::", + stringify!(ulIvLen) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::())).ulIvBits as *const _ as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(ck_gcm_params), + "::", + stringify!(ulIvBits) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::())).pAAD as *const _ as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(ck_gcm_params), + "::", + stringify!(pAAD) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::())).ulAADLen as *const _ as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(ck_gcm_params), + "::", + stringify!(ulAADLen) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::())).ulTagBits as *const _ as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(ck_gcm_params), + "::", + stringify!(ulTagBits) + ) + ); +} +impl Default for ck_gcm_params { + fn default() -> Self { + unsafe { ::std::mem::zeroed() } + } +} +pub type ck_ec_kdf_t = ::std::os::raw::c_ulong; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct ck_ecdh1_derive_params { + pub kdf: ck_ec_kdf_t, + pub ulSharedDataLen: ::std::os::raw::c_ulong, + pub pSharedData: *mut ::std::os::raw::c_uchar, + pub ulPublicDataLen: ::std::os::raw::c_ulong, + pub pPublicData: *mut ::std::os::raw::c_uchar, +} +#[test] +fn bindgen_test_layout_ck_ecdh1_derive_params() { + assert_eq!( + ::std::mem::size_of::(), + 40usize, + concat!("Size of: ", stringify!(ck_ecdh1_derive_params)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(ck_ecdh1_derive_params)) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::())).kdf as *const _ as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(ck_ecdh1_derive_params), + "::", + stringify!(kdf) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).ulSharedDataLen as *const _ as usize + }, + 8usize, + concat!( + "Offset of field: ", + stringify!(ck_ecdh1_derive_params), + "::", + stringify!(ulSharedDataLen) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).pSharedData as *const _ as usize + }, + 16usize, + concat!( + "Offset of field: ", + stringify!(ck_ecdh1_derive_params), + "::", + stringify!(pSharedData) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).ulPublicDataLen as *const _ as usize + }, + 24usize, + concat!( + "Offset of field: ", + stringify!(ck_ecdh1_derive_params), + "::", + stringify!(ulPublicDataLen) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).pPublicData as *const _ as usize + }, + 32usize, + concat!( + "Offset of field: ", + stringify!(ck_ecdh1_derive_params), + "::", + stringify!(pPublicData) + ) + ); +} +impl Default for ck_ecdh1_derive_params { + fn default() -> Self { + unsafe { ::std::mem::zeroed() } + } +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct ck_key_derivation_string_data { + pub pData: *mut ::std::os::raw::c_uchar, + pub ulLen: ::std::os::raw::c_ulong, +} +#[test] +fn bindgen_test_layout_ck_key_derivation_string_data() { + assert_eq!( + ::std::mem::size_of::(), + 16usize, + concat!("Size of: ", stringify!(ck_key_derivation_string_data)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(ck_key_derivation_string_data)) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).pData as *const _ as usize + }, + 0usize, + concat!( + "Offset of field: ", + stringify!(ck_key_derivation_string_data), + "::", + stringify!(pData) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).ulLen as *const _ as usize + }, + 8usize, + concat!( + "Offset of field: ", + stringify!(ck_key_derivation_string_data), + "::", + stringify!(ulLen) + ) + ); +} +impl Default for ck_key_derivation_string_data { + fn default() -> Self { + unsafe { ::std::mem::zeroed() } + } +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct ck_des_cbc_encrypt_data_params { + pub iv: [::std::os::raw::c_uchar; 8usize], + pub pData: *mut ::std::os::raw::c_uchar, + pub length: ::std::os::raw::c_ulong, +} +#[test] +fn bindgen_test_layout_ck_des_cbc_encrypt_data_params() { + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(ck_des_cbc_encrypt_data_params)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(ck_des_cbc_encrypt_data_params)) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).iv as *const _ as usize + }, + 0usize, + concat!( + "Offset of field: ", + stringify!(ck_des_cbc_encrypt_data_params), + "::", + stringify!(iv) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).pData as *const _ as usize + }, + 8usize, + concat!( + "Offset of field: ", + stringify!(ck_des_cbc_encrypt_data_params), + "::", + stringify!(pData) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).length as *const _ as usize + }, + 16usize, + concat!( + "Offset of field: ", + stringify!(ck_des_cbc_encrypt_data_params), + "::", + stringify!(length) + ) + ); +} +impl Default for ck_des_cbc_encrypt_data_params { + fn default() -> Self { + unsafe { ::std::mem::zeroed() } + } +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct ck_aes_cbc_encrypt_data_params { + pub iv: [::std::os::raw::c_uchar; 16usize], + pub pData: *mut ::std::os::raw::c_uchar, + pub length: ::std::os::raw::c_ulong, +} +#[test] +fn bindgen_test_layout_ck_aes_cbc_encrypt_data_params() { + assert_eq!( + ::std::mem::size_of::(), + 32usize, + concat!("Size of: ", stringify!(ck_aes_cbc_encrypt_data_params)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(ck_aes_cbc_encrypt_data_params)) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).iv as *const _ as usize + }, + 0usize, + concat!( + "Offset of field: ", + stringify!(ck_aes_cbc_encrypt_data_params), + "::", + stringify!(iv) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).pData as *const _ as usize + }, + 16usize, + concat!( + "Offset of field: ", + stringify!(ck_aes_cbc_encrypt_data_params), + "::", + stringify!(pData) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).length as *const _ as usize + }, + 24usize, + concat!( + "Offset of field: ", + stringify!(ck_aes_cbc_encrypt_data_params), + "::", + stringify!(length) + ) + ); +} +impl Default for ck_aes_cbc_encrypt_data_params { + fn default() -> Self { + unsafe { ::std::mem::zeroed() } + } +} +pub type CK_RV = ::std::os::raw::c_ulong; +pub type CK_NOTIFY = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + event: CK_NOTIFICATION, + application: *mut ::std::os::raw::c_void, + ) -> CK_RV, +>; +pub type CK_C_Initialize = + ::std::option::Option CK_RV>; +pub type CK_C_Finalize = + ::std::option::Option CK_RV>; +pub type CK_C_GetInfo = ::std::option::Option CK_RV>; +pub type CK_C_GetFunctionList = ::std::option::Option< + unsafe extern "C" fn(function_list: *mut *mut _CK_FUNCTION_LIST) -> CK_RV, +>; +pub type CK_C_GetSlotList = ::std::option::Option< + unsafe extern "C" fn( + token_present: ::std::os::raw::c_uchar, + slot_list: *mut CK_SLOT_ID, + ulCount: *mut ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_GetSlotInfo = ::std::option::Option< + unsafe extern "C" fn(slotID: CK_SLOT_ID, info: *mut _CK_SLOT_INFO) -> CK_RV, +>; +pub type CK_C_GetTokenInfo = ::std::option::Option< + unsafe extern "C" fn(slotID: CK_SLOT_ID, info: *mut _CK_TOKEN_INFO) -> CK_RV, +>; +pub type CK_C_WaitForSlotEvent = ::std::option::Option< + unsafe extern "C" fn( + flags: CK_FLAGS, + slot: *mut CK_SLOT_ID, + pReserved: *mut ::std::os::raw::c_void, + ) -> CK_RV, +>; +pub type CK_C_GetMechanismList = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + mechanism_list: *mut CK_MECHANISM_TYPE, + ulCount: *mut ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_GetMechanismInfo = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + type_: CK_MECHANISM_TYPE, + info: *mut _CK_MECHANISM_INFO, + ) -> CK_RV, +>; +pub type CK_C_InitToken = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + pin: *mut ::std::os::raw::c_uchar, + pin_len: ::std::os::raw::c_ulong, + label: *mut ::std::os::raw::c_uchar, + ) -> CK_RV, +>; +pub type CK_C_InitPIN = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + pin: *mut ::std::os::raw::c_uchar, + pin_len: ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_SetPIN = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + old_pin: *mut ::std::os::raw::c_uchar, + old_len: ::std::os::raw::c_ulong, + new_pin: *mut ::std::os::raw::c_uchar, + new_len: ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_OpenSession = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + flags: CK_FLAGS, + application: *mut ::std::os::raw::c_void, + notify: CK_NOTIFY, + session: *mut CK_SESSION_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_CloseSession = + ::std::option::Option CK_RV>; +pub type CK_C_CloseAllSessions = + ::std::option::Option CK_RV>; +pub type CK_C_GetSessionInfo = ::std::option::Option< + unsafe extern "C" fn(session: CK_SESSION_HANDLE, info: *mut _CK_SESSION_INFO) -> CK_RV, +>; +pub type CK_C_GetOperationState = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + operation_state: *mut ::std::os::raw::c_uchar, + operation_state_len: *mut ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_SetOperationState = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + operation_state: *mut ::std::os::raw::c_uchar, + operation_state_len: ::std::os::raw::c_ulong, + encryption_key: CK_OBJECT_HANDLE, + authentiation_key: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_Login = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + user_type: CK_USER_TYPE, + pin: *mut ::std::os::raw::c_uchar, + pin_len: ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_Logout = + ::std::option::Option CK_RV>; +pub type CK_C_CreateObject = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + templ: *mut _CK_ATTRIBUTE, + ulCount: ::std::os::raw::c_ulong, + object: *mut CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_CopyObject = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + object: CK_OBJECT_HANDLE, + templ: *mut _CK_ATTRIBUTE, + ulCount: ::std::os::raw::c_ulong, + new_object: *mut CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_DestroyObject = ::std::option::Option< + unsafe extern "C" fn(session: CK_SESSION_HANDLE, object: CK_OBJECT_HANDLE) -> CK_RV, +>; +pub type CK_C_GetObjectSize = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + object: CK_OBJECT_HANDLE, + size: *mut ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_GetAttributeValue = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + object: CK_OBJECT_HANDLE, + templ: *mut _CK_ATTRIBUTE, + ulCount: ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_SetAttributeValue = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + object: CK_OBJECT_HANDLE, + templ: *mut _CK_ATTRIBUTE, + ulCount: ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_FindObjectsInit = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + templ: *mut _CK_ATTRIBUTE, + ulCount: ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_FindObjects = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + object: *mut CK_OBJECT_HANDLE, + max_object_count: ::std::os::raw::c_ulong, + object_count: *mut ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_FindObjectsFinal = + ::std::option::Option CK_RV>; +pub type CK_C_EncryptInit = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + mechanism: *mut _CK_MECHANISM, + key: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_Encrypt = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + data: *mut ::std::os::raw::c_uchar, + data_len: ::std::os::raw::c_ulong, + encrypted_data: *mut ::std::os::raw::c_uchar, + encrypted_data_len: *mut ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_EncryptUpdate = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + part: *mut ::std::os::raw::c_uchar, + part_len: ::std::os::raw::c_ulong, + encrypted_part: *mut ::std::os::raw::c_uchar, + encrypted_part_len: *mut ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_EncryptFinal = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + last_encrypted_part: *mut ::std::os::raw::c_uchar, + last_encrypted_part_len: *mut ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_DecryptInit = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + mechanism: *mut _CK_MECHANISM, + key: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_Decrypt = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + encrypted_data: *mut ::std::os::raw::c_uchar, + encrypted_data_len: ::std::os::raw::c_ulong, + data: *mut ::std::os::raw::c_uchar, + data_len: *mut ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_DecryptUpdate = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + encrypted_part: *mut ::std::os::raw::c_uchar, + encrypted_part_len: ::std::os::raw::c_ulong, + part: *mut ::std::os::raw::c_uchar, + part_len: *mut ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_DecryptFinal = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + last_part: *mut ::std::os::raw::c_uchar, + last_part_len: *mut ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_DigestInit = ::std::option::Option< + unsafe extern "C" fn(session: CK_SESSION_HANDLE, mechanism: *mut _CK_MECHANISM) -> CK_RV, +>; +pub type CK_C_Digest = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + data: *mut ::std::os::raw::c_uchar, + data_len: ::std::os::raw::c_ulong, + digest: *mut ::std::os::raw::c_uchar, + digest_len: *mut ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_DigestUpdate = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + part: *mut ::std::os::raw::c_uchar, + part_len: ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_DigestKey = ::std::option::Option< + unsafe extern "C" fn(session: CK_SESSION_HANDLE, key: CK_OBJECT_HANDLE) -> CK_RV, +>; +pub type CK_C_DigestFinal = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + digest: *mut ::std::os::raw::c_uchar, + digest_len: *mut ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_SignInit = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + mechanism: *mut _CK_MECHANISM, + key: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_Sign = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + data: *mut ::std::os::raw::c_uchar, + data_len: ::std::os::raw::c_ulong, + signature: *mut ::std::os::raw::c_uchar, + signature_len: *mut ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_SignUpdate = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + part: *mut ::std::os::raw::c_uchar, + part_len: ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_SignFinal = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + signature: *mut ::std::os::raw::c_uchar, + signature_len: *mut ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_SignRecoverInit = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + mechanism: *mut _CK_MECHANISM, + key: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_SignRecover = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + data: *mut ::std::os::raw::c_uchar, + data_len: ::std::os::raw::c_ulong, + signature: *mut ::std::os::raw::c_uchar, + signature_len: *mut ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_VerifyInit = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + mechanism: *mut _CK_MECHANISM, + key: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_Verify = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + data: *mut ::std::os::raw::c_uchar, + data_len: ::std::os::raw::c_ulong, + signature: *mut ::std::os::raw::c_uchar, + signature_len: ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_VerifyUpdate = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + part: *mut ::std::os::raw::c_uchar, + part_len: ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_VerifyFinal = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + signature: *mut ::std::os::raw::c_uchar, + signature_len: ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_VerifyRecoverInit = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + mechanism: *mut _CK_MECHANISM, + key: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_VerifyRecover = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + signature: *mut ::std::os::raw::c_uchar, + signature_len: ::std::os::raw::c_ulong, + data: *mut ::std::os::raw::c_uchar, + data_len: *mut ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_DigestEncryptUpdate = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + part: *mut ::std::os::raw::c_uchar, + part_len: ::std::os::raw::c_ulong, + encrypted_part: *mut ::std::os::raw::c_uchar, + encrypted_part_len: *mut ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_DecryptDigestUpdate = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + encrypted_part: *mut ::std::os::raw::c_uchar, + encrypted_part_len: ::std::os::raw::c_ulong, + part: *mut ::std::os::raw::c_uchar, + part_len: *mut ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_SignEncryptUpdate = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + part: *mut ::std::os::raw::c_uchar, + part_len: ::std::os::raw::c_ulong, + encrypted_part: *mut ::std::os::raw::c_uchar, + encrypted_part_len: *mut ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_DecryptVerifyUpdate = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + encrypted_part: *mut ::std::os::raw::c_uchar, + encrypted_part_len: ::std::os::raw::c_ulong, + part: *mut ::std::os::raw::c_uchar, + part_len: *mut ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_GenerateKey = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + mechanism: *mut _CK_MECHANISM, + templ: *mut _CK_ATTRIBUTE, + ulCount: ::std::os::raw::c_ulong, + key: *mut CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_GenerateKeyPair = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + mechanism: *mut _CK_MECHANISM, + public_key_template: *mut _CK_ATTRIBUTE, + public_key_attribute_count: ::std::os::raw::c_ulong, + private_key_template: *mut _CK_ATTRIBUTE, + private_key_attribute_count: ::std::os::raw::c_ulong, + public_key: *mut CK_OBJECT_HANDLE, + private_key: *mut CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_WrapKey = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + mechanism: *mut _CK_MECHANISM, + wrapping_key: CK_OBJECT_HANDLE, + key: CK_OBJECT_HANDLE, + wrapped_key: *mut ::std::os::raw::c_uchar, + wrapped_key_len: *mut ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_UnwrapKey = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + mechanism: *mut _CK_MECHANISM, + unwrapping_key: CK_OBJECT_HANDLE, + wrapped_key: *mut ::std::os::raw::c_uchar, + wrapped_key_len: ::std::os::raw::c_ulong, + templ: *mut _CK_ATTRIBUTE, + attribute_count: ::std::os::raw::c_ulong, + key: *mut CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_DeriveKey = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + mechanism: *mut _CK_MECHANISM, + base_key: CK_OBJECT_HANDLE, + templ: *mut _CK_ATTRIBUTE, + attribute_count: ::std::os::raw::c_ulong, + key: *mut CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_SeedRandom = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + seed: *mut ::std::os::raw::c_uchar, + seed_len: ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_GenerateRandom = ::std::option::Option< + unsafe extern "C" fn( + session: CK_SESSION_HANDLE, + random_data: *mut ::std::os::raw::c_uchar, + random_len: ::std::os::raw::c_ulong, + ) -> CK_RV, +>; +pub type CK_C_GetFunctionStatus = + ::std::option::Option CK_RV>; +pub type CK_C_CancelFunction = + ::std::option::Option CK_RV>; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _CK_FUNCTION_LIST { + pub version: _CK_VERSION, + pub C_Initialize: CK_C_Initialize, + pub C_Finalize: CK_C_Finalize, + pub C_GetInfo: CK_C_GetInfo, + pub C_GetFunctionList: CK_C_GetFunctionList, + pub C_GetSlotList: CK_C_GetSlotList, + pub C_GetSlotInfo: CK_C_GetSlotInfo, + pub C_GetTokenInfo: CK_C_GetTokenInfo, + pub C_GetMechanismList: CK_C_GetMechanismList, + pub C_GetMechanismInfo: CK_C_GetMechanismInfo, + pub C_InitToken: CK_C_InitToken, + pub C_InitPIN: CK_C_InitPIN, + pub C_SetPIN: CK_C_SetPIN, + pub C_OpenSession: CK_C_OpenSession, + pub C_CloseSession: CK_C_CloseSession, + pub C_CloseAllSessions: CK_C_CloseAllSessions, + pub C_GetSessionInfo: CK_C_GetSessionInfo, + pub C_GetOperationState: CK_C_GetOperationState, + pub C_SetOperationState: CK_C_SetOperationState, + pub C_Login: CK_C_Login, + pub C_Logout: CK_C_Logout, + pub C_CreateObject: CK_C_CreateObject, + pub C_CopyObject: CK_C_CopyObject, + pub C_DestroyObject: CK_C_DestroyObject, + pub C_GetObjectSize: CK_C_GetObjectSize, + pub C_GetAttributeValue: CK_C_GetAttributeValue, + pub C_SetAttributeValue: CK_C_SetAttributeValue, + pub C_FindObjectsInit: CK_C_FindObjectsInit, + pub C_FindObjects: CK_C_FindObjects, + pub C_FindObjectsFinal: CK_C_FindObjectsFinal, + pub C_EncryptInit: CK_C_EncryptInit, + pub C_Encrypt: CK_C_Encrypt, + pub C_EncryptUpdate: CK_C_EncryptUpdate, + pub C_EncryptFinal: CK_C_EncryptFinal, + pub C_DecryptInit: CK_C_DecryptInit, + pub C_Decrypt: CK_C_Decrypt, + pub C_DecryptUpdate: CK_C_DecryptUpdate, + pub C_DecryptFinal: CK_C_DecryptFinal, + pub C_DigestInit: CK_C_DigestInit, + pub C_Digest: CK_C_Digest, + pub C_DigestUpdate: CK_C_DigestUpdate, + pub C_DigestKey: CK_C_DigestKey, + pub C_DigestFinal: CK_C_DigestFinal, + pub C_SignInit: CK_C_SignInit, + pub C_Sign: CK_C_Sign, + pub C_SignUpdate: CK_C_SignUpdate, + pub C_SignFinal: CK_C_SignFinal, + pub C_SignRecoverInit: CK_C_SignRecoverInit, + pub C_SignRecover: CK_C_SignRecover, + pub C_VerifyInit: CK_C_VerifyInit, + pub C_Verify: CK_C_Verify, + pub C_VerifyUpdate: CK_C_VerifyUpdate, + pub C_VerifyFinal: CK_C_VerifyFinal, + pub C_VerifyRecoverInit: CK_C_VerifyRecoverInit, + pub C_VerifyRecover: CK_C_VerifyRecover, + pub C_DigestEncryptUpdate: CK_C_DigestEncryptUpdate, + pub C_DecryptDigestUpdate: CK_C_DecryptDigestUpdate, + pub C_SignEncryptUpdate: CK_C_SignEncryptUpdate, + pub C_DecryptVerifyUpdate: CK_C_DecryptVerifyUpdate, + pub C_GenerateKey: CK_C_GenerateKey, + pub C_GenerateKeyPair: CK_C_GenerateKeyPair, + pub C_WrapKey: CK_C_WrapKey, + pub C_UnwrapKey: CK_C_UnwrapKey, + pub C_DeriveKey: CK_C_DeriveKey, + pub C_SeedRandom: CK_C_SeedRandom, + pub C_GenerateRandom: CK_C_GenerateRandom, + pub C_GetFunctionStatus: CK_C_GetFunctionStatus, + pub C_CancelFunction: CK_C_CancelFunction, + pub C_WaitForSlotEvent: CK_C_WaitForSlotEvent, +} +#[test] +fn bindgen_test_layout__CK_FUNCTION_LIST() { + assert_eq!( + ::std::mem::size_of::<_CK_FUNCTION_LIST>(), + 552usize, + concat!("Size of: ", stringify!(_CK_FUNCTION_LIST)) + ); + assert_eq!( + ::std::mem::align_of::<_CK_FUNCTION_LIST>(), + 8usize, + concat!("Alignment of ", stringify!(_CK_FUNCTION_LIST)) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).version as *const _ as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(version) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_Initialize as *const _ as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_Initialize) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_Finalize as *const _ as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_Finalize) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_GetInfo as *const _ as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_GetInfo) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_GetFunctionList as *const _ as usize + }, + 32usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_GetFunctionList) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_GetSlotList as *const _ as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_GetSlotList) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_GetSlotInfo as *const _ as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_GetSlotInfo) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_GetTokenInfo as *const _ as usize + }, + 56usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_GetTokenInfo) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_GetMechanismList as *const _ as usize + }, + 64usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_GetMechanismList) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_GetMechanismInfo as *const _ as usize + }, + 72usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_GetMechanismInfo) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_InitToken as *const _ as usize }, + 80usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_InitToken) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_InitPIN as *const _ as usize }, + 88usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_InitPIN) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_SetPIN as *const _ as usize }, + 96usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_SetPIN) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_OpenSession as *const _ as usize }, + 104usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_OpenSession) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_CloseSession as *const _ as usize + }, + 112usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_CloseSession) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_CloseAllSessions as *const _ as usize + }, + 120usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_CloseAllSessions) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_GetSessionInfo as *const _ as usize + }, + 128usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_GetSessionInfo) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_GetOperationState as *const _ as usize + }, + 136usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_GetOperationState) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_SetOperationState as *const _ as usize + }, + 144usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_SetOperationState) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_Login as *const _ as usize }, + 152usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_Login) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_Logout as *const _ as usize }, + 160usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_Logout) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_CreateObject as *const _ as usize + }, + 168usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_CreateObject) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_CopyObject as *const _ as usize }, + 176usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_CopyObject) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_DestroyObject as *const _ as usize + }, + 184usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_DestroyObject) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_GetObjectSize as *const _ as usize + }, + 192usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_GetObjectSize) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_GetAttributeValue as *const _ as usize + }, + 200usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_GetAttributeValue) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_SetAttributeValue as *const _ as usize + }, + 208usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_SetAttributeValue) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_FindObjectsInit as *const _ as usize + }, + 216usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_FindObjectsInit) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_FindObjects as *const _ as usize }, + 224usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_FindObjects) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_FindObjectsFinal as *const _ as usize + }, + 232usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_FindObjectsFinal) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_EncryptInit as *const _ as usize }, + 240usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_EncryptInit) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_Encrypt as *const _ as usize }, + 248usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_Encrypt) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_EncryptUpdate as *const _ as usize + }, + 256usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_EncryptUpdate) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_EncryptFinal as *const _ as usize + }, + 264usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_EncryptFinal) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_DecryptInit as *const _ as usize }, + 272usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_DecryptInit) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_Decrypt as *const _ as usize }, + 280usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_Decrypt) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_DecryptUpdate as *const _ as usize + }, + 288usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_DecryptUpdate) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_DecryptFinal as *const _ as usize + }, + 296usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_DecryptFinal) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_DigestInit as *const _ as usize }, + 304usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_DigestInit) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_Digest as *const _ as usize }, + 312usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_Digest) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_DigestUpdate as *const _ as usize + }, + 320usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_DigestUpdate) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_DigestKey as *const _ as usize }, + 328usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_DigestKey) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_DigestFinal as *const _ as usize }, + 336usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_DigestFinal) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_SignInit as *const _ as usize }, + 344usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_SignInit) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_Sign as *const _ as usize }, + 352usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_Sign) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_SignUpdate as *const _ as usize }, + 360usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_SignUpdate) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_SignFinal as *const _ as usize }, + 368usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_SignFinal) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_SignRecoverInit as *const _ as usize + }, + 376usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_SignRecoverInit) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_SignRecover as *const _ as usize }, + 384usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_SignRecover) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_VerifyInit as *const _ as usize }, + 392usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_VerifyInit) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_Verify as *const _ as usize }, + 400usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_Verify) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_VerifyUpdate as *const _ as usize + }, + 408usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_VerifyUpdate) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_VerifyFinal as *const _ as usize }, + 416usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_VerifyFinal) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_VerifyRecoverInit as *const _ as usize + }, + 424usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_VerifyRecoverInit) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_VerifyRecover as *const _ as usize + }, + 432usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_VerifyRecover) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_DigestEncryptUpdate as *const _ as usize + }, + 440usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_DigestEncryptUpdate) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_DecryptDigestUpdate as *const _ as usize + }, + 448usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_DecryptDigestUpdate) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_SignEncryptUpdate as *const _ as usize + }, + 456usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_SignEncryptUpdate) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_DecryptVerifyUpdate as *const _ as usize + }, + 464usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_DecryptVerifyUpdate) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_GenerateKey as *const _ as usize }, + 472usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_GenerateKey) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_GenerateKeyPair as *const _ as usize + }, + 480usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_GenerateKeyPair) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_WrapKey as *const _ as usize }, + 488usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_WrapKey) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_UnwrapKey as *const _ as usize }, + 496usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_UnwrapKey) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_DeriveKey as *const _ as usize }, + 504usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_DeriveKey) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_SeedRandom as *const _ as usize }, + 512usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_SeedRandom) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_GenerateRandom as *const _ as usize + }, + 520usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_GenerateRandom) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_GetFunctionStatus as *const _ as usize + }, + 528usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_GetFunctionStatus) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_CancelFunction as *const _ as usize + }, + 536usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_CancelFunction) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_FUNCTION_LIST>())).C_WaitForSlotEvent as *const _ as usize + }, + 544usize, + concat!( + "Offset of field: ", + stringify!(_CK_FUNCTION_LIST), + "::", + stringify!(C_WaitForSlotEvent) + ) + ); +} +pub type CK_CREATEMUTEX = + ::std::option::Option CK_RV>; +pub type CK_DESTROYMUTEX = + ::std::option::Option CK_RV>; +pub type CK_LOCKMUTEX = + ::std::option::Option CK_RV>; +pub type CK_UNLOCKMUTEX = + ::std::option::Option CK_RV>; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _CK_C_INITIALIZE_ARGS { + pub CreateMutex: CK_CREATEMUTEX, + pub DestroyMutex: CK_DESTROYMUTEX, + pub LockMutex: CK_LOCKMUTEX, + pub UnlockMutex: CK_UNLOCKMUTEX, + pub flags: CK_FLAGS, + pub pReserved: *mut ::std::os::raw::c_void, +} +#[test] +fn bindgen_test_layout__CK_C_INITIALIZE_ARGS() { + assert_eq!( + ::std::mem::size_of::<_CK_C_INITIALIZE_ARGS>(), + 48usize, + concat!("Size of: ", stringify!(_CK_C_INITIALIZE_ARGS)) + ); + assert_eq!( + ::std::mem::align_of::<_CK_C_INITIALIZE_ARGS>(), + 8usize, + concat!("Alignment of ", stringify!(_CK_C_INITIALIZE_ARGS)) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_C_INITIALIZE_ARGS>())).CreateMutex as *const _ as usize + }, + 0usize, + concat!( + "Offset of field: ", + stringify!(_CK_C_INITIALIZE_ARGS), + "::", + stringify!(CreateMutex) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_C_INITIALIZE_ARGS>())).DestroyMutex as *const _ as usize + }, + 8usize, + concat!( + "Offset of field: ", + stringify!(_CK_C_INITIALIZE_ARGS), + "::", + stringify!(DestroyMutex) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_C_INITIALIZE_ARGS>())).LockMutex as *const _ as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(_CK_C_INITIALIZE_ARGS), + "::", + stringify!(LockMutex) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::<_CK_C_INITIALIZE_ARGS>())).UnlockMutex as *const _ as usize + }, + 24usize, + concat!( + "Offset of field: ", + stringify!(_CK_C_INITIALIZE_ARGS), + "::", + stringify!(UnlockMutex) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_C_INITIALIZE_ARGS>())).flags as *const _ as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(_CK_C_INITIALIZE_ARGS), + "::", + stringify!(flags) + ) + ); + assert_eq!( + unsafe { &(*(::std::ptr::null::<_CK_C_INITIALIZE_ARGS>())).pReserved as *const _ as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(_CK_C_INITIALIZE_ARGS), + "::", + stringify!(pReserved) + ) + ); +} +impl Default for _CK_C_INITIALIZE_ARGS { + fn default() -> Self { + unsafe { ::std::mem::zeroed() } + } +} +pub type size_t = ::std::os::raw::c_ulong; +pub type wchar_t = ::std::os::raw::c_int; +#[repr(C)] +#[repr(align(16))] +#[derive(Debug, Default, Copy, Clone)] +pub struct max_align_t { + pub __clang_max_align_nonce1: ::std::os::raw::c_longlong, + pub __bindgen_padding_0: u64, + pub __clang_max_align_nonce2: u128, +} +#[test] +fn bindgen_test_layout_max_align_t() { + assert_eq!( + ::std::mem::size_of::(), + 32usize, + concat!("Size of: ", stringify!(max_align_t)) + ); + assert_eq!( + ::std::mem::align_of::(), + 16usize, + concat!("Alignment of ", stringify!(max_align_t)) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).__clang_max_align_nonce1 as *const _ as usize + }, + 0usize, + concat!( + "Offset of field: ", + stringify!(max_align_t), + "::", + stringify!(__clang_max_align_nonce1) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).__clang_max_align_nonce2 as *const _ as usize + }, + 16usize, + concat!( + "Offset of field: ", + stringify!(max_align_t), + "::", + stringify!(__clang_max_align_nonce2) + ) + ); +} +pub type CK_BYTE = ::std::os::raw::c_uchar; +pub type CK_CHAR = ::std::os::raw::c_uchar; +pub type CK_UTF8CHAR = ::std::os::raw::c_uchar; +pub type CK_BBOOL = ::std::os::raw::c_uchar; +pub type CK_ULONG = ::std::os::raw::c_ulong; +pub type CK_LONG = ::std::os::raw::c_long; +pub type CK_BYTE_PTR = *mut CK_BYTE; +pub type CK_CHAR_PTR = *mut CK_CHAR; +pub type CK_UTF8CHAR_PTR = *mut CK_UTF8CHAR; +pub type CK_ULONG_PTR = *mut CK_ULONG; +pub type CK_VOID_PTR = *mut ::std::os::raw::c_void; +pub type CK_VOID_PTR_PTR = *mut *mut ::std::os::raw::c_void; +pub type CK_VERSION = _CK_VERSION; +pub type CK_VERSION_PTR = *mut _CK_VERSION; +pub type CK_INFO = _CK_INFO; +pub type CK_INFO_PTR = *mut _CK_INFO; +pub type CK_SLOT_ID_PTR = *mut CK_SLOT_ID; +pub type CK_SLOT_INFO = _CK_SLOT_INFO; +pub type CK_SLOT_INFO_PTR = *mut _CK_SLOT_INFO; +pub type CK_TOKEN_INFO = _CK_TOKEN_INFO; +pub type CK_TOKEN_INFO_PTR = *mut _CK_TOKEN_INFO; +pub type CK_SESSION_HANDLE_PTR = *mut CK_SESSION_HANDLE; +pub type CK_SESSION_INFO = _CK_SESSION_INFO; +pub type CK_SESSION_INFO_PTR = *mut _CK_SESSION_INFO; +pub type CK_OBJECT_HANDLE_PTR = *mut CK_OBJECT_HANDLE; +pub type CK_OBJECT_CLASS_PTR = *mut CK_OBJECT_CLASS; +pub type CK_ATTRIBUTE = _CK_ATTRIBUTE; +pub type CK_ATTRIBUTE_PTR = *mut _CK_ATTRIBUTE; +pub type CK_DATE = _CK_DATE; +pub type CK_DATE_PTR = *mut _CK_DATE; +pub type CK_MECHANISM_TYPE_PTR = *mut CK_MECHANISM_TYPE; +pub type CK_MECHANISM = _CK_MECHANISM; +pub type CK_MECHANISM_PTR = *mut _CK_MECHANISM; +pub type CK_MECHANISM_INFO = _CK_MECHANISM_INFO; +pub type CK_MECHANISM_INFO_PTR = *mut _CK_MECHANISM_INFO; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct ck_otp_mechanism_info { + _unused: [u8; 0], +} +pub type CK_OTP_MECHANISM_INFO = ck_otp_mechanism_info; +pub type CK_OTP_MECHANISM_INFO_PTR = *mut ck_otp_mechanism_info; +pub type CK_FUNCTION_LIST = _CK_FUNCTION_LIST; +pub type CK_FUNCTION_LIST_PTR = *mut _CK_FUNCTION_LIST; +pub type CK_FUNCTION_LIST_PTR_PTR = *mut *mut _CK_FUNCTION_LIST; +pub type CK_C_INITIALIZE_ARGS = _CK_C_INITIALIZE_ARGS; +pub type CK_C_INITIALIZE_ARGS_PTR = *mut _CK_C_INITIALIZE_ARGS; +pub type CK_RSA_PKCS_PSS_PARAMS = ck_rsa_pkcs_pss_params; +pub type CK_RSA_PKCS_PSS_PARAMS_PTR = *mut ck_rsa_pkcs_pss_params; +pub type CK_RSA_PKCS_OAEP_PARAMS = ck_rsa_pkcs_oaep_params; +pub type CK_RSA_PKCS_OAEP_PARAMS_PTR = *mut ck_rsa_pkcs_oaep_params; +pub type CK_AES_CTR_PARAMS = ck_aes_ctr_params; +pub type CK_AES_CTR_PARAMS_PTR = *mut ck_aes_ctr_params; +pub type CK_GCM_PARAMS = ck_gcm_params; +pub type CK_GCM_PARAMS_PTR = *mut ck_gcm_params; +pub type CK_ECDH1_DERIVE_PARAMS = ck_ecdh1_derive_params; +pub type CK_ECDH1_DERIVE_PARAMS_PTR = *mut ck_ecdh1_derive_params; +pub type CK_KEY_DERIVATION_STRING_DATA = ck_key_derivation_string_data; +pub type CK_KEY_DERIVATION_STRING_DATA_PTR = *mut ck_key_derivation_string_data; +pub type CK_DES_CBC_ENCRYPT_DATA_PARAMS = ck_des_cbc_encrypt_data_params; +pub type CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR = *mut ck_des_cbc_encrypt_data_params; +pub type CK_AES_CBC_ENCRYPT_DATA_PARAMS = ck_aes_cbc_encrypt_data_params; +pub type CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR = *mut ck_aes_cbc_encrypt_data_params; +extern crate libloading; +pub struct Pkcs11 { + __library: ::libloading::Library, + pub C_GetFunctionList: Result< + unsafe extern "C" fn(function_list: *mut *mut _CK_FUNCTION_LIST) -> CK_RV, + ::libloading::Error, + >, +} +impl Pkcs11 { + pub unsafe fn new

(path: P) -> Result + where + P: AsRef<::std::ffi::OsStr>, + { + let __library = ::libloading::Library::new(path)?; + let C_GetFunctionList = __library + .get("C_GetFunctionList".as_bytes()) + .map(|sym| *sym); + Ok(Pkcs11 { + __library, + C_GetFunctionList, + }) + } + pub unsafe fn C_GetFunctionList(&self, function_list: *mut *mut _CK_FUNCTION_LIST) -> CK_RV { + let sym = self + .C_GetFunctionList + .as_ref() + .expect("Expected function, got error."); + (sym)(function_list) + } +} diff --git a/pkcs11-sys/src/lib.rs b/pkcs11-sys/src/lib.rs new file mode 100644 index 0000000..0a8fbd9 --- /dev/null +++ b/pkcs11-sys/src/lib.rs @@ -0,0 +1,723 @@ +#![allow(non_upper_case_globals)] +#![allow(non_camel_case_types)] +#![allow(non_snake_case)] +#![allow(clippy::redundant_field_names)] +#![allow(clippy::missing_safety_doc)] +#![allow(clippy::string_lit_as_bytes)] + +// For supported targets: use the generated and committed bindings. +#[cfg(all( + not(feature = "generate-bindings"), + target_arch = "x86_64", + target_os = "linux" +))] +include!(concat!( + env!("CARGO_MANIFEST_DIR"), + "/src/bindings/x86_64-unknown-linux-gnu.rs" +)); + +// If the "generate-bindings" feature is on, use the generated bindings. +#[cfg(feature = "generate-bindings")] +include!(concat!(env!("OUT_DIR"), "/pkcs11_bindings.rs")); + +/// Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the +/// CKM_X9_42_DH_PARAMETER_GEN mechanisms +pub type CK_X9_42_DH_KDF_TYPE = CK_ULONG; +pub type CK_X9_42_DH_KDF_TYPE_PTR = *mut CK_X9_42_DH_KDF_TYPE; + +pub type CK_EC_KDF_TYPE = CK_ULONG; + +// The values below are defined in pkcs11.h with `#define` macros. As a result, bindgen cannot +// generate bindings for them. They are included here for completeness. +pub const CKN_SURRENDER: CK_NOTIFICATION = 0; +pub const CKF_TOKEN_PRESENT: CK_FLAGS = 0x00000001; +pub const CKF_REMOVABLE_DEVICE: CK_FLAGS = 0x00000002; +pub const CKF_HW_SLOT: CK_FLAGS = 0x00000004; +pub const CKF_ARRAY_ATTRIBUTE: CK_FLAGS = 0x40000000; +pub const CKA_WRAP_TEMPLATE: CK_ATTRIBUTE_TYPE = CKF_ARRAY_ATTRIBUTE | 0x00000211; +pub const CKA_UNWRAP_TEMPLATE: CK_ATTRIBUTE_TYPE = CKF_ARRAY_ATTRIBUTE | 0x00000212; +pub const CKA_DERIVE_TEMPLATE: CK_ATTRIBUTE_TYPE = CKF_ARRAY_ATTRIBUTE | 0x00000213; +pub const CKA_ALLOWED_MECHANISMS: CK_ATTRIBUTE_TYPE = CKF_ARRAY_ATTRIBUTE | 0x00000600; +pub const CKF_RNG: CK_FLAGS = 0x00000001; +pub const CKF_WRITE_PROTECTED: CK_FLAGS = 0x00000002; +pub const CKF_LOGIN_REQUIRED: CK_FLAGS = 0x00000004; +pub const CKF_USER_PIN_INITIALIZED: CK_FLAGS = 0x00000008; +pub const CKF_RESTORE_KEY_NOT_NEEDED: CK_FLAGS = 0x00000020; +pub const CKF_CLOCK_ON_TOKEN: CK_FLAGS = 0x00000040; +pub const CKF_PROTECTED_AUTHENTICATION_PATH: CK_FLAGS = 0x00000100; +pub const CKF_DUAL_CRYPTO_OPERATIONS: CK_FLAGS = 0x00000200; +pub const CKF_TOKEN_INITIALIZED: CK_FLAGS = 0x00000400; +pub const CKF_SECONDARY_AUTHENTICATION: CK_FLAGS = 0x00000800; +pub const CKF_USER_PIN_COUNT_LOW: CK_FLAGS = 0x00010000; +pub const CKF_USER_PIN_FINAL_TRY: CK_FLAGS = 0x00020000; +pub const CKF_USER_PIN_LOCKED: CK_FLAGS = 0x00040000; +pub const CKF_USER_PIN_TO_BE_CHANGED: CK_FLAGS = 0x00080000; +pub const CKF_SO_PIN_COUNT_LOW: CK_FLAGS = 0x00100000; +pub const CKF_SO_PIN_FINAL_TRY: CK_FLAGS = 0x00200000; +pub const CKF_SO_PIN_LOCKED: CK_FLAGS = 0x00400000; +pub const CKF_SO_PIN_TO_BE_CHANGED: CK_FLAGS = 0x00800000; +pub const CK_UNAVAILABLE_INFORMATION: CK_ULONG = !0; +pub const CK_EFFECTIVELY_INFINITE: CK_ULONG = 0; +pub const CK_INVALID_HANDLE: CK_ULONG = 0; +pub const CKU_SO: CK_USER_TYPE = 0; +pub const CKU_USER: CK_USER_TYPE = 1; +pub const CKU_CONTEXT_SPECIFIC: CK_USER_TYPE = 2; +pub const CKS_RO_PUBLIC_SESSION: CK_STATE = 0; +pub const CKS_RO_USER_FUNCTIONS: CK_STATE = 1; +pub const CKS_RW_PUBLIC_SESSION: CK_STATE = 2; +pub const CKS_RW_USER_FUNCTIONS: CK_STATE = 3; +pub const CKS_RW_SO_FUNCTIONS: CK_STATE = 4; +pub const CKF_RW_SESSION: CK_FLAGS = 0x00000002; +pub const CKF_SERIAL_SESSION: CK_FLAGS = 0x00000004; +pub const CKO_DATA: CK_OBJECT_CLASS = 0x00000000; +pub const CKO_CERTIFICATE: CK_OBJECT_CLASS = 0x00000001; +pub const CKO_PUBLIC_KEY: CK_OBJECT_CLASS = 0x00000002; +pub const CKO_PRIVATE_KEY: CK_OBJECT_CLASS = 0x00000003; +pub const CKO_SECRET_KEY: CK_OBJECT_CLASS = 0x00000004; +pub const CKO_HW_FEATURE: CK_OBJECT_CLASS = 0x00000005; +pub const CKO_DOMAIN_PARAMETERS: CK_OBJECT_CLASS = 0x00000006; +pub const CKO_MECHANISM: CK_OBJECT_CLASS = 0x00000007; +pub const CKO_OTP_KEY: CK_OBJECT_CLASS = 0x00000008; +pub const CKO_VENDOR_DEFINED: CK_OBJECT_CLASS = 0x80000000; +pub const CKH_MONOTONIC_COUNTER: CK_HW_FEATURE_TYPE = 0x00000001; +pub const CKH_CLOCK: CK_HW_FEATURE_TYPE = 0x00000002; +pub const CKH_USER_INTERFACE: CK_HW_FEATURE_TYPE = 0x00000003; +pub const CKH_VENDOR_DEFINED: CK_HW_FEATURE_TYPE = 0x80000000; +pub const CKK_RSA: CK_KEY_TYPE = 0x00000000; +pub const CKK_DSA: CK_KEY_TYPE = 0x00000001; +pub const CKK_DH: CK_KEY_TYPE = 0x00000002; +pub const CKK_ECDSA: CK_KEY_TYPE = CKK_EC; +pub const CKK_EC: CK_KEY_TYPE = 0x00000003; +pub const CKK_X9_42_DH: CK_KEY_TYPE = 0x00000004; +pub const CKK_KEA: CK_KEY_TYPE = 0x00000005; +pub const CKK_GENERIC_SECRET: CK_KEY_TYPE = 0x00000010; +pub const CKK_RC2: CK_KEY_TYPE = 0x00000011; +pub const CKK_RC4: CK_KEY_TYPE = 0x00000012; +pub const CKK_DES: CK_KEY_TYPE = 0x00000013; +pub const CKK_DES2: CK_KEY_TYPE = 0x00000014; +pub const CKK_DES3: CK_KEY_TYPE = 0x00000015; +pub const CKK_CAST: CK_KEY_TYPE = 0x00000016; +pub const CKK_CAST3: CK_KEY_TYPE = 0x00000017; +pub const CKK_CAST5: CK_KEY_TYPE = CKK_CAST128; +pub const CKK_CAST128: CK_KEY_TYPE = 0x00000018; +pub const CKK_RC5: CK_KEY_TYPE = 0x00000019; +pub const CKK_IDEA: CK_KEY_TYPE = 0x0000001A; +pub const CKK_SKIPJACK: CK_KEY_TYPE = 0x0000001B; +pub const CKK_BATON: CK_KEY_TYPE = 0x0000001C; +pub const CKK_JUNIPER: CK_KEY_TYPE = 0x0000001D; +pub const CKK_CDMF: CK_KEY_TYPE = 0x0000001E; +pub const CKK_AES: CK_KEY_TYPE = 0x0000001F; +pub const CKK_BLOWFISH: CK_KEY_TYPE = 0x00000020; +pub const CKK_TWOFISH: CK_KEY_TYPE = 0x00000021; +pub const CKK_SECURID: CK_KEY_TYPE = 0x00000022; +pub const CKK_HOTP: CK_KEY_TYPE = 0x00000023; +pub const CKK_ACTI: CK_KEY_TYPE = 0x00000024; +pub const CKK_CAMELLIA: CK_KEY_TYPE = 0x00000025; +pub const CKK_ARIA: CK_KEY_TYPE = 0x00000026; +pub const CKK_MD5_HMAC: CK_KEY_TYPE = 0x00000027; +pub const CKK_SHA_1_HMAC: CK_KEY_TYPE = 0x00000028; +pub const CKK_RIPEMD128_HMAC: CK_KEY_TYPE = 0x00000029; +pub const CKK_RIPEMD160_HMAC: CK_KEY_TYPE = 0x0000002A; +pub const CKK_SHA256_HMAC: CK_KEY_TYPE = 0x0000002B; +pub const CKK_SHA384_HMAC: CK_KEY_TYPE = 0x0000002C; +pub const CKK_SHA512_HMAC: CK_KEY_TYPE = 0x0000002D; +pub const CKK_SHA224_HMAC: CK_KEY_TYPE = 0x0000002E; +pub const CKK_SEED: CK_KEY_TYPE = 0x0000002F; +pub const CKK_GOSTR3410: CK_KEY_TYPE = 0x00000030; +pub const CKK_GOSTR3411: CK_KEY_TYPE = 0x00000031; +pub const CKK_GOST28147: CK_KEY_TYPE = 0x00000032; +pub const CKK_VENDOR_DEFINED: CK_KEY_TYPE = 0x80000000; +pub const CKC_X_509: CK_CERTIFICATE_TYPE = 0x00000000; +pub const CKC_X_509_ATTR_CERT: CK_CERTIFICATE_TYPE = 0x00000001; +pub const CKC_WTLS: CK_CERTIFICATE_TYPE = 0x00000002; +pub const CKC_VENDOR_DEFINED: CK_CERTIFICATE_TYPE = 0x80000000; +pub const CKA_CLASS: CK_ATTRIBUTE_TYPE = 0x00000000; +pub const CKA_TOKEN: CK_ATTRIBUTE_TYPE = 0x00000001; +pub const CKA_PRIVATE: CK_ATTRIBUTE_TYPE = 0x00000002; +pub const CKA_LABEL: CK_ATTRIBUTE_TYPE = 0x00000003; +pub const CKA_APPLICATION: CK_ATTRIBUTE_TYPE = 0x00000010; +pub const CKA_VALUE: CK_ATTRIBUTE_TYPE = 0x00000011; +pub const CKA_OBJECT_ID: CK_ATTRIBUTE_TYPE = 0x00000012; +pub const CKA_CERTIFICATE_TYPE: CK_ATTRIBUTE_TYPE = 0x00000080; +pub const CKA_ISSUER: CK_ATTRIBUTE_TYPE = 0x00000081; +pub const CKA_SERIAL_NUMBER: CK_ATTRIBUTE_TYPE = 0x00000082; +pub const CKA_AC_ISSUER: CK_ATTRIBUTE_TYPE = 0x00000083; +pub const CKA_OWNER: CK_ATTRIBUTE_TYPE = 0x00000084; +pub const CKA_ATTR_TYPES: CK_ATTRIBUTE_TYPE = 0x00000085; +pub const CKA_TRUSTED: CK_ATTRIBUTE_TYPE = 0x00000086; +pub const CKA_CERTIFICATE_CATEGORY: CK_ATTRIBUTE_TYPE = 0x00000087; +pub const CKA_JAVA_MIDP_SECURITY_DOMAIN: CK_ATTRIBUTE_TYPE = 0x00000088; +pub const CKA_URL: CK_ATTRIBUTE_TYPE = 0x00000089; +pub const CKA_HASH_OF_SUBJECT_PUBLIC_KEY: CK_ATTRIBUTE_TYPE = 0x0000008A; +pub const CKA_HASH_OF_ISSUER_PUBLIC_KEY: CK_ATTRIBUTE_TYPE = 0x0000008B; +pub const CKA_NAME_HASH_ALGORITHM: CK_ATTRIBUTE_TYPE = 0x0000008C; +pub const CKA_CHECK_VALUE: CK_ATTRIBUTE_TYPE = 0x00000090; +pub const CKA_KEY_TYPE: CK_ATTRIBUTE_TYPE = 0x00000100; +pub const CKA_SUBJECT: CK_ATTRIBUTE_TYPE = 0x00000101; +pub const CKA_ID: CK_ATTRIBUTE_TYPE = 0x00000102; +pub const CKA_SENSITIVE: CK_ATTRIBUTE_TYPE = 0x00000103; +pub const CKA_ENCRYPT: CK_ATTRIBUTE_TYPE = 0x00000104; +pub const CKA_DECRYPT: CK_ATTRIBUTE_TYPE = 0x00000105; +pub const CKA_WRAP: CK_ATTRIBUTE_TYPE = 0x00000106; +pub const CKA_UNWRAP: CK_ATTRIBUTE_TYPE = 0x00000107; +pub const CKA_SIGN: CK_ATTRIBUTE_TYPE = 0x00000108; +pub const CKA_SIGN_RECOVER: CK_ATTRIBUTE_TYPE = 0x00000109; +pub const CKA_VERIFY: CK_ATTRIBUTE_TYPE = 0x0000010A; +pub const CKA_VERIFY_RECOVER: CK_ATTRIBUTE_TYPE = 0x0000010B; +pub const CKA_DERIVE: CK_ATTRIBUTE_TYPE = 0x0000010C; +pub const CKA_START_DATE: CK_ATTRIBUTE_TYPE = 0x00000110; +pub const CKA_END_DATE: CK_ATTRIBUTE_TYPE = 0x00000111; +pub const CKA_MODULUS: CK_ATTRIBUTE_TYPE = 0x00000120; +pub const CKA_MODULUS_BITS: CK_ATTRIBUTE_TYPE = 0x00000121; +pub const CKA_PUBLIC_EXPONENT: CK_ATTRIBUTE_TYPE = 0x00000122; +pub const CKA_PRIVATE_EXPONENT: CK_ATTRIBUTE_TYPE = 0x00000123; +pub const CKA_PRIME_1: CK_ATTRIBUTE_TYPE = 0x00000124; +pub const CKA_PRIME_2: CK_ATTRIBUTE_TYPE = 0x00000125; +pub const CKA_EXPONENT_1: CK_ATTRIBUTE_TYPE = 0x00000126; +pub const CKA_EXPONENT_2: CK_ATTRIBUTE_TYPE = 0x00000127; +pub const CKA_COEFFICIENT: CK_ATTRIBUTE_TYPE = 0x00000128; +pub const CKA_PUBLIC_KEY_INFO: CK_ATTRIBUTE_TYPE = 0x00000129; +pub const CKA_PRIME: CK_ATTRIBUTE_TYPE = 0x00000130; +pub const CKA_SUBPRIME: CK_ATTRIBUTE_TYPE = 0x00000131; +pub const CKA_BASE: CK_ATTRIBUTE_TYPE = 0x00000132; +pub const CKA_PRIME_BITS: CK_ATTRIBUTE_TYPE = 0x00000133; +pub const CKA_SUBPRIME_BITS: CK_ATTRIBUTE_TYPE = 0x00000134; +pub const CKA_SUB_PRIME_BITS: CK_ATTRIBUTE_TYPE = CKA_SUBPRIME_BITS; +pub const CKA_VALUE_BITS: CK_ATTRIBUTE_TYPE = 0x00000160; +pub const CKA_VALUE_LEN: CK_ATTRIBUTE_TYPE = 0x00000161; +pub const CKA_EXTRACTABLE: CK_ATTRIBUTE_TYPE = 0x00000162; +pub const CKA_LOCAL: CK_ATTRIBUTE_TYPE = 0x00000163; +pub const CKA_NEVER_EXTRACTABLE: CK_ATTRIBUTE_TYPE = 0x00000164; +pub const CKA_ALWAYS_SENSITIVE: CK_ATTRIBUTE_TYPE = 0x00000165; +pub const CKA_KEY_GEN_MECHANISM: CK_ATTRIBUTE_TYPE = 0x00000166; +pub const CKA_MODIFIABLE: CK_ATTRIBUTE_TYPE = 0x00000170; +pub const CKA_COPYABLE: CK_ATTRIBUTE_TYPE = 0x00000171; +pub const CKA_DESTROYABLE: CK_ATTRIBUTE_TYPE = 0x00000172; +pub const CKA_ECDSA_PARAMS: CK_ATTRIBUTE_TYPE = CKA_EC_PARAMS; +pub const CKA_EC_PARAMS: CK_ATTRIBUTE_TYPE = 0x00000180; +pub const CKA_EC_POINT: CK_ATTRIBUTE_TYPE = 0x00000181; +pub const CKA_SECONDARY_AUTH: CK_ATTRIBUTE_TYPE = 0x00000200; /* Deprecated */ +pub const CKA_AUTH_PIN_FLAGS: CK_ATTRIBUTE_TYPE = 0x00000201; /* Deprecated */ +pub const CKA_ALWAYS_AUTHENTICATE: CK_ATTRIBUTE_TYPE = 0x00000202; +pub const CKA_WRAP_WITH_TRUSTED: CK_ATTRIBUTE_TYPE = 0x00000210; +pub const CKA_OTP_FORMAT: CK_ATTRIBUTE_TYPE = 0x00000220; +pub const CKA_OTP_LENGTH: CK_ATTRIBUTE_TYPE = 0x00000221; +pub const CKA_OTP_TIME_INTERVAL: CK_ATTRIBUTE_TYPE = 0x00000222; +pub const CKA_OTP_USER_FRIENDLY_MODE: CK_ATTRIBUTE_TYPE = 0x00000223; +pub const CKA_OTP_CHALLENGE_REQUIREMENT: CK_ATTRIBUTE_TYPE = 0x00000224; +pub const CKA_OTP_TIME_REQUIREMENT: CK_ATTRIBUTE_TYPE = 0x00000225; +pub const CKA_OTP_COUNTER_REQUIREMENT: CK_ATTRIBUTE_TYPE = 0x00000226; +pub const CKA_OTP_PIN_REQUIREMENT: CK_ATTRIBUTE_TYPE = 0x00000227; +pub const CKA_OTP_USER_IDENTIFIER: CK_ATTRIBUTE_TYPE = 0x0000022A; +pub const CKA_OTP_SERVICE_IDENTIFIER: CK_ATTRIBUTE_TYPE = 0x0000022B; +pub const CKA_OTP_SERVICE_LOGO: CK_ATTRIBUTE_TYPE = 0x0000022C; +pub const CKA_OTP_SERVICE_LOGO_TYPE: CK_ATTRIBUTE_TYPE = 0x0000022D; +pub const CKA_OTP_COUNTER: CK_ATTRIBUTE_TYPE = 0x0000022E; +pub const CKA_OTP_TIME: CK_ATTRIBUTE_TYPE = 0x0000022F; +pub const CKA_GOSTR3410_PARAMS: CK_ATTRIBUTE_TYPE = 0x00000250; +pub const CKA_GOSTR3411_PARAMS: CK_ATTRIBUTE_TYPE = 0x00000251; +pub const CKA_GOST28147_PARAMS: CK_ATTRIBUTE_TYPE = 0x00000252; +pub const CKA_HW_FEATURE_TYPE: CK_ATTRIBUTE_TYPE = 0x00000300; +pub const CKA_RESET_ON_INIT: CK_ATTRIBUTE_TYPE = 0x00000301; +pub const CKA_HAS_RESET: CK_ATTRIBUTE_TYPE = 0x00000302; +pub const CKA_PIXEL_X: CK_ATTRIBUTE_TYPE = 0x00000400; +pub const CKA_PIXEL_Y: CK_ATTRIBUTE_TYPE = 0x00000401; +pub const CKA_RESOLUTION: CK_ATTRIBUTE_TYPE = 0x00000402; +pub const CKA_CHAR_ROWS: CK_ATTRIBUTE_TYPE = 0x00000403; +pub const CKA_CHAR_COLUMNS: CK_ATTRIBUTE_TYPE = 0x00000404; +pub const CKA_COLOR: CK_ATTRIBUTE_TYPE = 0x00000405; +pub const CKA_BITS_PER_PIXEL: CK_ATTRIBUTE_TYPE = 0x00000406; +pub const CKA_CHAR_SETS: CK_ATTRIBUTE_TYPE = 0x00000480; +pub const CKA_ENCODING_METHODS: CK_ATTRIBUTE_TYPE = 0x00000481; +pub const CKA_MIME_TYPES: CK_ATTRIBUTE_TYPE = 0x00000482; +pub const CKA_MECHANISM_TYPE: CK_ATTRIBUTE_TYPE = 0x00000500; +pub const CKA_REQUIRED_CMS_ATTRIBUTES: CK_ATTRIBUTE_TYPE = 0x00000501; +pub const CKA_DEFAULT_CMS_ATTRIBUTES: CK_ATTRIBUTE_TYPE = 0x00000502; +pub const CKA_SUPPORTED_CMS_ATTRIBUTES: CK_ATTRIBUTE_TYPE = 0x00000503; +pub const CKA_VENDOR_DEFINED: CK_ATTRIBUTE_TYPE = 0x80000000; +pub const CKM_RSA_PKCS_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 0x00000000; +pub const CKM_RSA_PKCS: CK_MECHANISM_TYPE = 0x00000001; +pub const CKM_RSA_9796: CK_MECHANISM_TYPE = 0x00000002; +pub const CKM_RSA_X_509: CK_MECHANISM_TYPE = 0x00000003; +pub const CKM_MD2_RSA_PKCS: CK_MECHANISM_TYPE = 0x00000004; +pub const CKM_MD5_RSA_PKCS: CK_MECHANISM_TYPE = 0x00000005; +pub const CKM_SHA1_RSA_PKCS: CK_MECHANISM_TYPE = 0x00000006; +pub const CKM_RIPEMD128_RSA_PKCS: CK_MECHANISM_TYPE = 0x00000007; +pub const CKM_RIPEMD160_RSA_PKCS: CK_MECHANISM_TYPE = 0x00000008; +pub const CKM_RSA_PKCS_OAEP: CK_MECHANISM_TYPE = 0x00000009; +pub const CKM_RSA_X9_31_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 0x0000000A; +pub const CKM_RSA_X9_31: CK_MECHANISM_TYPE = 0x0000000B; +pub const CKM_SHA1_RSA_X9_31: CK_MECHANISM_TYPE = 0x0000000C; +pub const CKM_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 0x0000000D; +pub const CKM_SHA1_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 0x0000000E; +pub const CKM_DSA_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 0x00000010; +pub const CKM_DSA: CK_MECHANISM_TYPE = 0x00000011; +pub const CKM_DSA_SHA1: CK_MECHANISM_TYPE = 0x00000012; +pub const CKM_DSA_SHA224: CK_MECHANISM_TYPE = 0x00000013; +pub const CKM_DSA_SHA256: CK_MECHANISM_TYPE = 0x00000014; +pub const CKM_DSA_SHA384: CK_MECHANISM_TYPE = 0x00000015; +pub const CKM_DSA_SHA512: CK_MECHANISM_TYPE = 0x00000016; +pub const CKM_DH_PKCS_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 0x00000020; +pub const CKM_DH_PKCS_DERIVE: CK_MECHANISM_TYPE = 0x00000021; +pub const CKM_X9_42_DH_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 0x00000030; +pub const CKM_X9_42_DH_DERIVE: CK_MECHANISM_TYPE = 0x00000031; +pub const CKM_X9_42_DH_HYBRID_DERIVE: CK_MECHANISM_TYPE = 0x00000032; +pub const CKM_X9_42_MQV_DERIVE: CK_MECHANISM_TYPE = 0x00000033; +pub const CKM_SHA256_RSA_PKCS: CK_MECHANISM_TYPE = 0x00000040; +pub const CKM_SHA384_RSA_PKCS: CK_MECHANISM_TYPE = 0x00000041; +pub const CKM_SHA512_RSA_PKCS: CK_MECHANISM_TYPE = 0x00000042; +pub const CKM_SHA256_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 0x00000043; +pub const CKM_SHA384_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 0x00000044; +pub const CKM_SHA512_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 0x00000045; +pub const CKM_SHA512_224: CK_MECHANISM_TYPE = 0x00000048; +pub const CKM_SHA512_224_HMAC: CK_MECHANISM_TYPE = 0x00000049; +pub const CKM_SHA512_224_HMAC_GENERAL: CK_MECHANISM_TYPE = 0x0000004A; +pub const CKM_SHA512_224_KEY_DERIVATION: CK_MECHANISM_TYPE = 0x0000004B; +pub const CKM_SHA512_256: CK_MECHANISM_TYPE = 0x0000004C; +pub const CKM_SHA512_256_HMAC: CK_MECHANISM_TYPE = 0x0000004D; +pub const CKM_SHA512_256_HMAC_GENERAL: CK_MECHANISM_TYPE = 0x0000004E; +pub const CKM_SHA512_256_KEY_DERIVATION: CK_MECHANISM_TYPE = 0x0000004F; +pub const CKM_SHA512_T: CK_MECHANISM_TYPE = 0x00000050; +pub const CKM_SHA512_T_HMAC: CK_MECHANISM_TYPE = 0x00000051; +pub const CKM_SHA512_T_HMAC_GENERAL: CK_MECHANISM_TYPE = 0x00000052; +pub const CKM_SHA512_T_KEY_DERIVATION: CK_MECHANISM_TYPE = 0x00000053; +pub const CKM_RC2_KEY_GEN: CK_MECHANISM_TYPE = 0x00000100; +pub const CKM_RC2_ECB: CK_MECHANISM_TYPE = 0x00000101; +pub const CKM_RC2_CBC: CK_MECHANISM_TYPE = 0x00000102; +pub const CKM_RC2_MAC: CK_MECHANISM_TYPE = 0x00000103; +pub const CKM_RC2_MAC_GENERAL: CK_MECHANISM_TYPE = 0x00000104; +pub const CKM_RC2_CBC_PAD: CK_MECHANISM_TYPE = 0x00000105; +pub const CKM_RC4_KEY_GEN: CK_MECHANISM_TYPE = 0x00000110; +pub const CKM_RC4: CK_MECHANISM_TYPE = 0x00000111; +pub const CKM_DES_KEY_GEN: CK_MECHANISM_TYPE = 0x00000120; +pub const CKM_DES_ECB: CK_MECHANISM_TYPE = 0x00000121; +pub const CKM_DES_CBC: CK_MECHANISM_TYPE = 0x00000122; +pub const CKM_DES_MAC: CK_MECHANISM_TYPE = 0x00000123; +pub const CKM_DES_MAC_GENERAL: CK_MECHANISM_TYPE = 0x00000124; +pub const CKM_DES_CBC_PAD: CK_MECHANISM_TYPE = 0x00000125; +pub const CKM_DES2_KEY_GEN: CK_MECHANISM_TYPE = 0x00000130; +pub const CKM_DES3_KEY_GEN: CK_MECHANISM_TYPE = 0x00000131; +pub const CKM_DES3_ECB: CK_MECHANISM_TYPE = 0x00000132; +pub const CKM_DES3_CBC: CK_MECHANISM_TYPE = 0x00000133; +pub const CKM_DES3_MAC: CK_MECHANISM_TYPE = 0x00000134; +pub const CKM_DES3_MAC_GENERAL: CK_MECHANISM_TYPE = 0x00000135; +pub const CKM_DES3_CBC_PAD: CK_MECHANISM_TYPE = 0x00000136; +pub const CKM_DES3_CMAC_GENERAL: CK_MECHANISM_TYPE = 0x00000137; +pub const CKM_DES3_CMAC: CK_MECHANISM_TYPE = 0x00000138; +pub const CKM_CDMF_KEY_GEN: CK_MECHANISM_TYPE = 0x00000140; +pub const CKM_CDMF_ECB: CK_MECHANISM_TYPE = 0x00000141; +pub const CKM_CDMF_CBC: CK_MECHANISM_TYPE = 0x00000142; +pub const CKM_CDMF_MAC: CK_MECHANISM_TYPE = 0x00000143; +pub const CKM_CDMF_MAC_GENERAL: CK_MECHANISM_TYPE = 0x00000144; +pub const CKM_CDMF_CBC_PAD: CK_MECHANISM_TYPE = 0x00000145; +pub const CKM_DES_OFB64: CK_MECHANISM_TYPE = 0x00000150; +pub const CKM_DES_OFB8: CK_MECHANISM_TYPE = 0x00000151; +pub const CKM_DES_CFB64: CK_MECHANISM_TYPE = 0x00000152; +pub const CKM_DES_CFB8: CK_MECHANISM_TYPE = 0x00000153; +pub const CKM_MD2: CK_MECHANISM_TYPE = 0x00000200; +pub const CKM_MD2_HMAC: CK_MECHANISM_TYPE = 0x00000201; +pub const CKM_MD2_HMAC_GENERAL: CK_MECHANISM_TYPE = 0x00000202; +pub const CKM_MD5: CK_MECHANISM_TYPE = 0x00000210; +pub const CKM_MD5_HMAC: CK_MECHANISM_TYPE = 0x00000211; +pub const CKM_MD5_HMAC_GENERAL: CK_MECHANISM_TYPE = 0x00000212; +pub const CKM_SHA_1: CK_MECHANISM_TYPE = 0x00000220; +pub const CKM_SHA_1_HMAC: CK_MECHANISM_TYPE = 0x00000221; +pub const CKM_SHA_1_HMAC_GENERAL: CK_MECHANISM_TYPE = 0x00000222; +pub const CKM_RIPEMD128: CK_MECHANISM_TYPE = 0x00000230; +pub const CKM_RIPEMD128_HMAC: CK_MECHANISM_TYPE = 0x00000231; +pub const CKM_RIPEMD128_HMAC_GENERAL: CK_MECHANISM_TYPE = 0x00000232; +pub const CKM_RIPEMD160: CK_MECHANISM_TYPE = 0x00000240; +pub const CKM_RIPEMD160_HMAC: CK_MECHANISM_TYPE = 0x00000241; +pub const CKM_RIPEMD160_HMAC_GENERAL: CK_MECHANISM_TYPE = 0x00000242; +pub const CKM_SHA256: CK_MECHANISM_TYPE = 0x00000250; +pub const CKM_SHA256_HMAC: CK_MECHANISM_TYPE = 0x00000251; +pub const CKM_SHA256_HMAC_GENERAL: CK_MECHANISM_TYPE = 0x00000252; +pub const CKM_SHA384: CK_MECHANISM_TYPE = 0x00000260; +pub const CKM_SHA384_HMAC: CK_MECHANISM_TYPE = 0x00000261; +pub const CKM_SHA384_HMAC_GENERAL: CK_MECHANISM_TYPE = 0x00000262; +pub const CKM_SHA512: CK_MECHANISM_TYPE = 0x00000270; +pub const CKM_SHA512_HMAC: CK_MECHANISM_TYPE = 0x00000271; +pub const CKM_SHA512_HMAC_GENERAL: CK_MECHANISM_TYPE = 0x00000272; +pub const CKM_SECURID_KEY_GEN: CK_MECHANISM_TYPE = 0x00000280; +pub const CKM_SECURID: CK_MECHANISM_TYPE = 0x00000282; +pub const CKM_HOTP_KEY_GEN: CK_MECHANISM_TYPE = 0x00000290; +pub const CKM_HOTP: CK_MECHANISM_TYPE = 0x00000291; +pub const CKM_ACTI: CK_MECHANISM_TYPE = 0x000002A0; +pub const CKM_ACTI_KEY_GEN: CK_MECHANISM_TYPE = 0x000002A1; +pub const CKM_CAST_KEY_GEN: CK_MECHANISM_TYPE = 0x00000300; +pub const CKM_CAST_ECB: CK_MECHANISM_TYPE = 0x00000301; +pub const CKM_CAST_CBC: CK_MECHANISM_TYPE = 0x00000302; +pub const CKM_CAST_MAC: CK_MECHANISM_TYPE = 0x00000303; +pub const CKM_CAST_MAC_GENERAL: CK_MECHANISM_TYPE = 0x00000304; +pub const CKM_CAST_CBC_PAD: CK_MECHANISM_TYPE = 0x00000305; +pub const CKM_CAST3_KEY_GEN: CK_MECHANISM_TYPE = 0x00000310; +pub const CKM_CAST3_ECB: CK_MECHANISM_TYPE = 0x00000311; +pub const CKM_CAST3_CBC: CK_MECHANISM_TYPE = 0x00000312; +pub const CKM_CAST3_MAC: CK_MECHANISM_TYPE = 0x00000313; +pub const CKM_CAST3_MAC_GENERAL: CK_MECHANISM_TYPE = 0x00000314; +pub const CKM_CAST3_CBC_PAD: CK_MECHANISM_TYPE = 0x00000315; +pub const CKM_CAST5_KEY_GEN: CK_MECHANISM_TYPE = 0x00000320; +pub const CKM_CAST128_KEY_GEN: CK_MECHANISM_TYPE = 0x00000320; +pub const CKM_CAST5_ECB: CK_MECHANISM_TYPE = 0x00000321; +pub const CKM_CAST128_ECB: CK_MECHANISM_TYPE = 0x00000321; +pub const CKM_CAST5_CBC: CK_MECHANISM_TYPE = CKM_CAST128_CBC; +pub const CKM_CAST128_CBC: CK_MECHANISM_TYPE = 0x00000322; +pub const CKM_CAST5_MAC: CK_MECHANISM_TYPE = CKM_CAST128_MAC; +pub const CKM_CAST128_MAC: CK_MECHANISM_TYPE = 0x00000323; +pub const CKM_CAST5_MAC_GENERAL: CK_MECHANISM_TYPE = CKM_CAST128_MAC_GENERAL; +pub const CKM_CAST128_MAC_GENERAL: CK_MECHANISM_TYPE = 0x00000324; +pub const CKM_CAST5_CBC_PAD: CK_MECHANISM_TYPE = CKM_CAST128_CBC_PAD; +pub const CKM_CAST128_CBC_PAD: CK_MECHANISM_TYPE = 0x00000325; +pub const CKM_RC5_KEY_GEN: CK_MECHANISM_TYPE = 0x00000330; +pub const CKM_RC5_ECB: CK_MECHANISM_TYPE = 0x00000331; +pub const CKM_RC5_CBC: CK_MECHANISM_TYPE = 0x00000332; +pub const CKM_RC5_MAC: CK_MECHANISM_TYPE = 0x00000333; +pub const CKM_RC5_MAC_GENERAL: CK_MECHANISM_TYPE = 0x00000334; +pub const CKM_RC5_CBC_PAD: CK_MECHANISM_TYPE = 0x00000335; +pub const CKM_IDEA_KEY_GEN: CK_MECHANISM_TYPE = 0x00000340; +pub const CKM_IDEA_ECB: CK_MECHANISM_TYPE = 0x00000341; +pub const CKM_IDEA_CBC: CK_MECHANISM_TYPE = 0x00000342; +pub const CKM_IDEA_MAC: CK_MECHANISM_TYPE = 0x00000343; +pub const CKM_IDEA_MAC_GENERAL: CK_MECHANISM_TYPE = 0x00000344; +pub const CKM_IDEA_CBC_PAD: CK_MECHANISM_TYPE = 0x00000345; +pub const CKM_GENERIC_SECRET_KEY_GEN: CK_MECHANISM_TYPE = 0x00000350; +pub const CKM_CONCATENATE_BASE_AND_KEY: CK_MECHANISM_TYPE = 0x00000360; +pub const CKM_CONCATENATE_BASE_AND_DATA: CK_MECHANISM_TYPE = 0x00000362; +pub const CKM_CONCATENATE_DATA_AND_BASE: CK_MECHANISM_TYPE = 0x00000363; +pub const CKM_XOR_BASE_AND_DATA: CK_MECHANISM_TYPE = 0x00000364; +pub const CKM_EXTRACT_KEY_FROM_KEY: CK_MECHANISM_TYPE = 0x00000365; +pub const CKM_SSL3_PRE_MASTER_KEY_GEN: CK_MECHANISM_TYPE = 0x00000370; +pub const CKM_SSL3_MASTER_KEY_DERIVE: CK_MECHANISM_TYPE = 0x00000371; +pub const CKM_SSL3_KEY_AND_MAC_DERIVE: CK_MECHANISM_TYPE = 0x00000372; +pub const CKM_SSL3_MASTER_KEY_DERIVE_DH: CK_MECHANISM_TYPE = 0x00000373; +pub const CKM_TLS_PRE_MASTER_KEY_GEN: CK_MECHANISM_TYPE = 0x00000374; +pub const CKM_TLS_MASTER_KEY_DERIVE: CK_MECHANISM_TYPE = 0x00000375; +pub const CKM_TLS_KEY_AND_MAC_DERIVE: CK_MECHANISM_TYPE = 0x00000376; +pub const CKM_TLS_MASTER_KEY_DERIVE_DH: CK_MECHANISM_TYPE = 0x00000377; +pub const CKM_TLS_PRF: CK_MECHANISM_TYPE = 0x00000378; +pub const CKM_SSL3_MD5_MAC: CK_MECHANISM_TYPE = 0x00000380; +pub const CKM_SSL3_SHA1_MAC: CK_MECHANISM_TYPE = 0x00000381; +pub const CKM_MD5_KEY_DERIVATION: CK_MECHANISM_TYPE = 0x00000390; +pub const CKM_MD2_KEY_DERIVATION: CK_MECHANISM_TYPE = 0x00000391; +pub const CKM_SHA1_KEY_DERIVATION: CK_MECHANISM_TYPE = 0x00000392; +pub const CKM_SHA256_KEY_DERIVATION: CK_MECHANISM_TYPE = 0x00000393; +pub const CKM_SHA384_KEY_DERIVATION: CK_MECHANISM_TYPE = 0x00000394; +pub const CKM_SHA512_KEY_DERIVATION: CK_MECHANISM_TYPE = 0x00000395; +pub const CKM_PBE_MD2_DES_CBC: CK_MECHANISM_TYPE = 0x000003A0; +pub const CKM_PBE_MD5_DES_CBC: CK_MECHANISM_TYPE = 0x000003A1; +pub const CKM_PBE_MD5_CAST_CBC: CK_MECHANISM_TYPE = 0x000003A2; +pub const CKM_PBE_MD5_CAST3_CBC: CK_MECHANISM_TYPE = 0x000003A3; +pub const CKM_PBE_MD5_CAST5_CBC: CK_MECHANISM_TYPE = CKM_PBE_MD5_CAST128_CBC; +pub const CKM_PBE_MD5_CAST128_CBC: CK_MECHANISM_TYPE = 0x000003A4; +pub const CKM_PBE_SHA1_CAST5_CBC: CK_MECHANISM_TYPE = CKM_PBE_SHA1_CAST128_CBC; +pub const CKM_PBE_SHA1_CAST128_CBC: CK_MECHANISM_TYPE = 0x000003A5; +pub const CKM_PBE_SHA1_RC4_128: CK_MECHANISM_TYPE = 0x000003A6; +pub const CKM_PBE_SHA1_RC4_40: CK_MECHANISM_TYPE = 0x000003A7; +pub const CKM_PBE_SHA1_DES3_EDE_CBC: CK_MECHANISM_TYPE = 0x000003A8; +pub const CKM_PBE_SHA1_DES2_EDE_CBC: CK_MECHANISM_TYPE = 0x000003A9; +pub const CKM_PBE_SHA1_RC2_128_CBC: CK_MECHANISM_TYPE = 0x000003AA; +pub const CKM_PBE_SHA1_RC2_40_CBC: CK_MECHANISM_TYPE = 0x000003AB; +pub const CKM_PKCS5_PBKD2: CK_MECHANISM_TYPE = 0x000003B0; +pub const CKM_PBA_SHA1_WITH_SHA1_HMAC: CK_MECHANISM_TYPE = 0x000003C0; +pub const CKM_WTLS_PRE_MASTER_KEY_GEN: CK_MECHANISM_TYPE = 0x000003D0; +pub const CKM_WTLS_MASTER_KEY_DERIVE: CK_MECHANISM_TYPE = 0x000003D1; +pub const CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC: CK_MECHANISM_TYPE = 0x000003D2; +pub const CKM_WTLS_PRF: CK_MECHANISM_TYPE = 0x000003D3; +pub const CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE: CK_MECHANISM_TYPE = 0x000003D4; +pub const CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE: CK_MECHANISM_TYPE = 0x000003D5; +pub const CKM_TLS10_MAC_SERVER: CK_MECHANISM_TYPE = 0x000003D6; +pub const CKM_TLS10_MAC_CLIENT: CK_MECHANISM_TYPE = 0x000003D7; +pub const CKM_TLS12_MAC: CK_MECHANISM_TYPE = 0x000003D8; +pub const CKM_TLS12_KDF: CK_MECHANISM_TYPE = 0x000003D9; +pub const CKM_TLS12_MASTER_KEY_DERIVE: CK_MECHANISM_TYPE = 0x000003E0; +pub const CKM_TLS12_KEY_AND_MAC_DERIVE: CK_MECHANISM_TYPE = 0x000003E1; +pub const CKM_TLS12_MASTER_KEY_DERIVE_DH: CK_MECHANISM_TYPE = 0x000003E2; +pub const CKM_TLS12_KEY_SAFE_DERIVE: CK_MECHANISM_TYPE = 0x000003E3; +pub const CKM_TLS_MAC: CK_MECHANISM_TYPE = 0x000003E4; +pub const CKM_TLS_KDF: CK_MECHANISM_TYPE = 0x000003E5; +pub const CKM_KEY_WRAP_LYNKS: CK_MECHANISM_TYPE = 0x00000400; +pub const CKM_KEY_WRAP_SET_OAEP: CK_MECHANISM_TYPE = 0x00000401; +pub const CKM_CMS_SIG: CK_MECHANISM_TYPE = 0x00000500; +pub const CKM_KIP_DERIVE: CK_MECHANISM_TYPE = 0x00000510; +pub const CKM_KIP_WRAP: CK_MECHANISM_TYPE = 0x00000511; +pub const CKM_KIP_MAC: CK_MECHANISM_TYPE = 0x00000512; +pub const CKM_CAMELLIA_KEY_GEN: CK_MECHANISM_TYPE = 0x00000550; +pub const CKM_CAMELLIA_CTR: CK_MECHANISM_TYPE = 0x00000558; +pub const CKM_ARIA_KEY_GEN: CK_MECHANISM_TYPE = 0x00000560; +pub const CKM_ARIA_ECB: CK_MECHANISM_TYPE = 0x00000561; +pub const CKM_ARIA_CBC: CK_MECHANISM_TYPE = 0x00000562; +pub const CKM_ARIA_MAC: CK_MECHANISM_TYPE = 0x00000563; +pub const CKM_ARIA_MAC_GENERAL: CK_MECHANISM_TYPE = 0x00000564; +pub const CKM_ARIA_CBC_PAD: CK_MECHANISM_TYPE = 0x00000565; +pub const CKM_ARIA_ECB_ENCRYPT_DATA: CK_MECHANISM_TYPE = 0x00000566; +pub const CKM_ARIA_CBC_ENCRYPT_DATA: CK_MECHANISM_TYPE = 0x00000567; +pub const CKM_SEED_KEY_GEN: CK_MECHANISM_TYPE = 0x00000650; +pub const CKM_SEED_ECB: CK_MECHANISM_TYPE = 0x00000651; +pub const CKM_SEED_CBC: CK_MECHANISM_TYPE = 0x00000652; +pub const CKM_SEED_MAC: CK_MECHANISM_TYPE = 0x00000653; +pub const CKM_SEED_MAC_GENERAL: CK_MECHANISM_TYPE = 0x00000654; +pub const CKM_SEED_CBC_PAD: CK_MECHANISM_TYPE = 0x00000655; +pub const CKM_SEED_ECB_ENCRYPT_DATA: CK_MECHANISM_TYPE = 0x00000656; +pub const CKM_SEED_CBC_ENCRYPT_DATA: CK_MECHANISM_TYPE = 0x00000657; +pub const CKM_SKIPJACK_KEY_GEN: CK_MECHANISM_TYPE = 0x00001000; +pub const CKM_SKIPJACK_ECB64: CK_MECHANISM_TYPE = 0x00001001; +pub const CKM_SKIPJACK_CBC64: CK_MECHANISM_TYPE = 0x00001002; +pub const CKM_SKIPJACK_OFB64: CK_MECHANISM_TYPE = 0x00001003; +pub const CKM_SKIPJACK_CFB64: CK_MECHANISM_TYPE = 0x00001004; +pub const CKM_SKIPJACK_CFB32: CK_MECHANISM_TYPE = 0x00001005; +pub const CKM_SKIPJACK_CFB16: CK_MECHANISM_TYPE = 0x00001006; +pub const CKM_SKIPJACK_CFB8: CK_MECHANISM_TYPE = 0x00001007; +pub const CKM_SKIPJACK_WRAP: CK_MECHANISM_TYPE = 0x00001008; +pub const CKM_SKIPJACK_PRIVATE_WRAP: CK_MECHANISM_TYPE = 0x00001009; +pub const CKM_SKIPJACK_RELAYX: CK_MECHANISM_TYPE = 0x0000100a; +pub const CKM_KEA_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 0x00001010; +pub const CKM_KEA_KEY_DERIVE: CK_MECHANISM_TYPE = 0x00001011; +pub const CKM_FORTEZZA_TIMESTAMP: CK_MECHANISM_TYPE = 0x00001020; +pub const CKM_BATON_KEY_GEN: CK_MECHANISM_TYPE = 0x00001030; +pub const CKM_BATON_ECB128: CK_MECHANISM_TYPE = 0x00001031; +pub const CKM_BATON_ECB96: CK_MECHANISM_TYPE = 0x00001032; +pub const CKM_BATON_CBC128: CK_MECHANISM_TYPE = 0x00001033; +pub const CKM_BATON_COUNTER: CK_MECHANISM_TYPE = 0x00001034; +pub const CKM_BATON_SHUFFLE: CK_MECHANISM_TYPE = 0x00001035; +pub const CKM_BATON_WRAP: CK_MECHANISM_TYPE = 0x00001036; +pub const CKM_ECDSA_KEY_PAIR_GEN: CK_MECHANISM_TYPE = CKM_EC_KEY_PAIR_GEN; +pub const CKM_EC_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 0x00001040; +pub const CKM_ECDSA: CK_MECHANISM_TYPE = 0x00001041; +pub const CKM_ECDSA_SHA1: CK_MECHANISM_TYPE = 0x00001042; +pub const CKM_ECDSA_SHA224: CK_MECHANISM_TYPE = 0x00001043; +pub const CKM_ECDSA_SHA256: CK_MECHANISM_TYPE = 0x00001044; +pub const CKM_ECDSA_SHA384: CK_MECHANISM_TYPE = 0x00001045; +pub const CKM_ECDSA_SHA512: CK_MECHANISM_TYPE = 0x00001046; +pub const CKM_ECDH1_DERIVE: CK_MECHANISM_TYPE = 0x00001050; +pub const CKM_ECDH1_COFACTOR_DERIVE: CK_MECHANISM_TYPE = 0x00001051; +pub const CKM_ECMQV_DERIVE: CK_MECHANISM_TYPE = 0x00001052; +pub const CKM_ECDH_AES_KEY_WRAP: CK_MECHANISM_TYPE = 0x00001053; +pub const CKM_RSA_AES_KEY_WRAP: CK_MECHANISM_TYPE = 0x00001054; +pub const CKM_JUNIPER_KEY_GEN: CK_MECHANISM_TYPE = 0x00001060; +pub const CKM_JUNIPER_ECB128: CK_MECHANISM_TYPE = 0x00001061; +pub const CKM_JUNIPER_CBC128: CK_MECHANISM_TYPE = 0x00001062; +pub const CKM_JUNIPER_COUNTER: CK_MECHANISM_TYPE = 0x00001063; +pub const CKM_JUNIPER_SHUFFLE: CK_MECHANISM_TYPE = 0x00001064; +pub const CKM_JUNIPER_WRAP: CK_MECHANISM_TYPE = 0x00001065; +pub const CKM_FASTHASH: CK_MECHANISM_TYPE = 0x00001070; +pub const CKM_AES_KEY_GEN: CK_MECHANISM_TYPE = 0x00001080; +pub const CKM_AES_ECB: CK_MECHANISM_TYPE = 0x00001081; +pub const CKM_AES_CBC: CK_MECHANISM_TYPE = 0x00001082; +pub const CKM_AES_MAC: CK_MECHANISM_TYPE = 0x00001083; +pub const CKM_AES_MAC_GENERAL: CK_MECHANISM_TYPE = 0x00001084; +pub const CKM_AES_CBC_PAD: CK_MECHANISM_TYPE = 0x00001085; +pub const CKM_AES_CTR: CK_MECHANISM_TYPE = 0x00001086; +pub const CKM_AES_GCM: CK_MECHANISM_TYPE = 0x00001087; +pub const CKM_AES_CCM: CK_MECHANISM_TYPE = 0x00001088; +pub const CKM_AES_CTS: CK_MECHANISM_TYPE = 0x00001089; +pub const CKM_AES_CMAC: CK_MECHANISM_TYPE = 0x0000108A; +pub const CKM_AES_CMAC_GENERAL: CK_MECHANISM_TYPE = 0x0000108B; +pub const CKM_AES_XCBC_MAC: CK_MECHANISM_TYPE = 0x0000108C; +pub const CKM_AES_XCBC_MAC_96: CK_MECHANISM_TYPE = 0x0000108D; +pub const CKM_AES_GMAC: CK_MECHANISM_TYPE = 0x0000108E; +pub const CKM_BLOWFISH_KEY_GEN: CK_MECHANISM_TYPE = 0x00001090; +pub const CKM_BLOWFISH_CBC: CK_MECHANISM_TYPE = 0x00001091; +pub const CKM_TWOFISH_KEY_GEN: CK_MECHANISM_TYPE = 0x00001092; +pub const CKM_TWOFISH_CBC: CK_MECHANISM_TYPE = 0x00001093; +pub const CKM_BLOWFISH_CBC_PAD: CK_MECHANISM_TYPE = 0x00001094; +pub const CKM_TWOFISH_CBC_PAD: CK_MECHANISM_TYPE = 0x00001095; +pub const CKM_DES_ECB_ENCRYPT_DATA: CK_MECHANISM_TYPE = 0x00001100; +pub const CKM_DES_CBC_ENCRYPT_DATA: CK_MECHANISM_TYPE = 0x00001101; +pub const CKM_DES3_ECB_ENCRYPT_DATA: CK_MECHANISM_TYPE = 0x00001102; +pub const CKM_DES3_CBC_ENCRYPT_DATA: CK_MECHANISM_TYPE = 0x00001103; +pub const CKM_AES_ECB_ENCRYPT_DATA: CK_MECHANISM_TYPE = 0x00001104; +pub const CKM_AES_CBC_ENCRYPT_DATA: CK_MECHANISM_TYPE = 0x00001105; +pub const CKM_GOSTR3410_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 0x00001200; +pub const CKM_GOSTR3410: CK_MECHANISM_TYPE = 0x00001201; +pub const CKM_GOSTR3410_WITH_GOSTR3411: CK_MECHANISM_TYPE = 0x00001202; +pub const CKM_GOSTR3410_KEY_WRAP: CK_MECHANISM_TYPE = 0x00001203; +pub const CKM_GOSTR3410_DERIVE: CK_MECHANISM_TYPE = 0x00001204; +pub const CKM_GOSTR3411: CK_MECHANISM_TYPE = 0x00001210; +pub const CKM_GOSTR3411_HMAC: CK_MECHANISM_TYPE = 0x00001211; +pub const CKM_GOST28147_KEY_GEN: CK_MECHANISM_TYPE = 0x00001220; +pub const CKM_GOST28147_ECB: CK_MECHANISM_TYPE = 0x00001221; +pub const CKM_GOST28147: CK_MECHANISM_TYPE = 0x00001222; +pub const CKM_GOST28147_MAC: CK_MECHANISM_TYPE = 0x00001223; +pub const CKM_GOST28147_KEY_WRAP: CK_MECHANISM_TYPE = 0x00001224; +pub const CKM_DSA_PARAMETER_GEN: CK_MECHANISM_TYPE = 0x00002000; +pub const CKM_DH_PKCS_PARAMETER_GEN: CK_MECHANISM_TYPE = 0x00002001; +pub const CKM_X9_42_DH_PARAMETER_GEN: CK_MECHANISM_TYPE = 0x00002002; +pub const CKM_DSA_PROBABLISTIC_PARAMETER_GEN: CK_MECHANISM_TYPE = 0x00002003; +pub const CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN: CK_MECHANISM_TYPE = 0x00002004; +pub const CKM_AES_OFB: CK_MECHANISM_TYPE = 0x00002104; +pub const CKM_AES_CFB64: CK_MECHANISM_TYPE = 0x00002105; +pub const CKM_AES_CFB8: CK_MECHANISM_TYPE = 0x00002106; +pub const CKM_AES_CFB128: CK_MECHANISM_TYPE = 0x00002107; +pub const CKM_AES_CFB1: CK_MECHANISM_TYPE = 0x00002108; +pub const CKM_VENDOR_DEFINED: CK_MECHANISM_TYPE = 0x80000000; +pub const CKM_SHA224: CK_MECHANISM_TYPE = 0x00000255; +pub const CKM_SHA224_HMAC: CK_MECHANISM_TYPE = 0x00000256; +pub const CKM_SHA224_HMAC_GENERAL: CK_MECHANISM_TYPE = 0x00000257; +pub const CKM_SHA224_RSA_PKCS: CK_MECHANISM_TYPE = 0x00000046; +pub const CKM_SHA224_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 0x00000047; +pub const CKM_SHA224_KEY_DERIVATION: CK_MECHANISM_TYPE = 0x00000396; +pub const CKM_CAMELLIA_ECB: CK_MECHANISM_TYPE = 0x00000551; +pub const CKM_CAMELLIA_CBC: CK_MECHANISM_TYPE = 0x00000552; +pub const CKM_CAMELLIA_MAC: CK_MECHANISM_TYPE = 0x00000553; +pub const CKM_CAMELLIA_MAC_GENERAL: CK_MECHANISM_TYPE = 0x00000554; +pub const CKM_CAMELLIA_CBC_PAD: CK_MECHANISM_TYPE = 0x00000555; +pub const CKM_CAMELLIA_ECB_ENCRYPT_DATA: CK_MECHANISM_TYPE = 0x00000556; +pub const CKM_CAMELLIA_CBC_ENCRYPT_DATA: CK_MECHANISM_TYPE = 0x00000557; +pub const CKM_AES_KEY_WRAP: CK_MECHANISM_TYPE = 0x00002109; +pub const CKM_AES_KEY_WRAP_PAD: CK_MECHANISM_TYPE = 0x0000210A; +pub const CKM_RSA_PKCS_TPM_1_1: CK_MECHANISM_TYPE = 0x00004001; +pub const CKM_RSA_PKCS_OAEP_TPM_1_1: CK_MECHANISM_TYPE = 0x00004002; +pub const CK_OTP_FORMAT_DECIMAL: CK_ULONG = 0; +pub const CK_OTP_FORMAT_HEXADECIMAL: CK_ULONG = 1; +pub const CK_OTP_FORMAT_ALPHANUMERIC: CK_ULONG = 2; +pub const CK_OTP_FORMAT_BINARY: CK_ULONG = 3; +pub const CK_OTP_PARAM_IGNORED: CK_ULONG = 0; +pub const CK_OTP_PARAM_OPTIONAL: CK_ULONG = 1; +pub const CK_OTP_PARAM_MANDATORY: CK_ULONG = 2; +pub const CK_OTP_VALUE: CK_ULONG = 0; +pub const CK_OTP_PIN: CK_ULONG = 1; +pub const CK_OTP_CHALLENGE: CK_ULONG = 2; +pub const CK_OTP_TIME: CK_ULONG = 3; +pub const CK_OTP_COUNTER: CK_ULONG = 4; +pub const CK_OTP_FLAGS: CK_ULONG = 5; +pub const CK_OTP_OUTPUT_LENGTH: CK_ULONG = 6; +pub const CKF_NEXT_OTP: CK_FLAGS = 0x00000001; +pub const CKF_EXCLUDE_TIME: CK_FLAGS = 0x00000002; +pub const CKF_EXCLUDE_COUNTER: CK_FLAGS = 0x00000004; +pub const CKF_EXCLUDE_CHALLENGE: CK_FLAGS = 0x00000008; +pub const CKF_EXCLUDE_PIN: CK_FLAGS = 0x00000010; +pub const CKF_USER_FRIENDLY_OTP: CK_FLAGS = 0x00000020; +pub const CKN_OTP_CHANGED: CK_NOTIFICATION = 1; +pub const CKG_MGF1_SHA1: CK_RSA_PKCS_MGF_TYPE = 0x00000001; +pub const CKG_MGF1_SHA224: CK_RSA_PKCS_MGF_TYPE = 0x00000005; +pub const CKG_MGF1_SHA256: CK_RSA_PKCS_MGF_TYPE = 0x00000002; +pub const CKG_MGF1_SHA384: CK_RSA_PKCS_MGF_TYPE = 0x00000003; +pub const CKG_MGF1_SHA512: CK_RSA_PKCS_MGF_TYPE = 0x00000004; +pub const CKD_NULL: CK_EC_KDF_TYPE = 0x00000001; +pub const CKD_SHA1_KDF: CK_EC_KDF_TYPE = 0x00000002; +pub const CKD_SHA1_KDF_ASN1: CK_X9_42_DH_KDF_TYPE = 0x00000003; +pub const CKD_SHA1_KDF_CONCATENATE: CK_X9_42_DH_KDF_TYPE = 0x00000004; +pub const CKD_SHA224_KDF: CK_X9_42_DH_KDF_TYPE = 0x00000005; +pub const CKD_SHA256_KDF: CK_X9_42_DH_KDF_TYPE = 0x00000006; +pub const CKD_SHA384_KDF: CK_X9_42_DH_KDF_TYPE = 0x00000007; +pub const CKD_SHA512_KDF: CK_X9_42_DH_KDF_TYPE = 0x00000008; +pub const CKD_CPDIVERSIFY_KDF: CK_X9_42_DH_KDF_TYPE = 0x00000009; +pub const CKF_HW: CK_FLAGS = 0x00000001; /* performed by HW */ +pub const CKF_ENCRYPT: CK_FLAGS = 0x00000100; +pub const CKF_DECRYPT: CK_FLAGS = 0x00000200; +pub const CKF_DIGEST: CK_FLAGS = 0x00000400; +pub const CKF_SIGN: CK_FLAGS = 0x00000800; +pub const CKF_SIGN_RECOVER: CK_FLAGS = 0x00001000; +pub const CKF_VERIFY: CK_FLAGS = 0x00002000; +pub const CKF_VERIFY_RECOVER: CK_FLAGS = 0x00004000; +pub const CKF_GENERATE: CK_FLAGS = 0x00008000; +pub const CKF_GENERATE_KEY_PAIR: CK_FLAGS = 0x00010000; +pub const CKF_WRAP: CK_FLAGS = 0x00020000; +pub const CKF_UNWRAP: CK_FLAGS = 0x00040000; +pub const CKF_DERIVE: CK_FLAGS = 0x00080000; +pub const CKF_EXTENSION: CK_FLAGS = 0x80000000; +pub const CKF_EC_F_P: CK_FLAGS = 0x00100000; +pub const CKF_EC_NAMEDCURVE: CK_FLAGS = 0x00800000; +pub const CKF_EC_UNCOMPRESS: CK_FLAGS = 0x01000000; +pub const CKF_EC_COMPRESS: CK_FLAGS = 0x02000000; +pub const CKF_DONT_BLOCK: CK_FLAGS = 1; +pub const CKF_LIBRARY_CANT_CREATE_OS_THREADS: CK_FLAGS = 0x00000001; +pub const CKF_OS_LOCKING_OK: CK_FLAGS = 0x00000002; +pub const CKR_OK: CK_RV = 0x00000000; +pub const CKR_CANCEL: CK_RV = 0x00000001; +pub const CKR_HOST_MEMORY: CK_RV = 0x00000002; +pub const CKR_SLOT_ID_INVALID: CK_RV = 0x00000003; +pub const CKR_GENERAL_ERROR: CK_RV = 0x00000005; +pub const CKR_FUNCTION_FAILED: CK_RV = 0x00000006; +pub const CKR_ARGUMENTS_BAD: CK_RV = 0x00000007; +pub const CKR_NO_EVENT: CK_RV = 0x00000008; +pub const CKR_NEED_TO_CREATE_THREADS: CK_RV = 0x00000009; +pub const CKR_CANT_LOCK: CK_RV = 0x0000000A; +pub const CKR_ATTRIBUTE_READ_ONLY: CK_RV = 0x00000010; +pub const CKR_ATTRIBUTE_SENSITIVE: CK_RV = 0x00000011; +pub const CKR_ATTRIBUTE_TYPE_INVALID: CK_RV = 0x00000012; +pub const CKR_ATTRIBUTE_VALUE_INVALID: CK_RV = 0x00000013; +pub const CKR_ACTION_PROHIBITED: CK_RV = 0x0000001B; +pub const CKR_DATA_INVALID: CK_RV = 0x00000020; +pub const CKR_DATA_LEN_RANGE: CK_RV = 0x00000021; +pub const CKR_DEVICE_ERROR: CK_RV = 0x00000030; +pub const CKR_DEVICE_MEMORY: CK_RV = 0x00000031; +pub const CKR_DEVICE_REMOVED: CK_RV = 0x00000032; +pub const CKR_ENCRYPTED_DATA_INVALID: CK_RV = 0x00000040; +pub const CKR_ENCRYPTED_DATA_LEN_RANGE: CK_RV = 0x00000041; +pub const CKR_FUNCTION_CANCELED: CK_RV = 0x00000050; +pub const CKR_FUNCTION_NOT_PARALLEL: CK_RV = 0x00000051; +pub const CKR_FUNCTION_NOT_SUPPORTED: CK_RV = 0x00000054; +pub const CKR_CURVE_NOT_SUPPORTED: CK_RV = 0x00000140; +pub const CKR_KEY_HANDLE_INVALID: CK_RV = 0x00000060; +pub const CKR_KEY_SIZE_RANGE: CK_RV = 0x00000062; +pub const CKR_KEY_TYPE_INCONSISTENT: CK_RV = 0x00000063; +pub const CKR_KEY_NOT_NEEDED: CK_RV = 0x00000064; +pub const CKR_KEY_CHANGED: CK_RV = 0x00000065; +pub const CKR_KEY_NEEDED: CK_RV = 0x00000066; +pub const CKR_KEY_INDIGESTIBLE: CK_RV = 0x00000067; +pub const CKR_KEY_FUNCTION_NOT_PERMITTED: CK_RV = 0x00000068; +pub const CKR_KEY_NOT_WRAPPABLE: CK_RV = 0x00000069; +pub const CKR_KEY_UNEXTRACTABLE: CK_RV = 0x0000006A; +pub const CKR_MECHANISM_INVALID: CK_RV = 0x00000070; +pub const CKR_MECHANISM_PARAM_INVALID: CK_RV = 0x00000071; +pub const CKR_OBJECT_HANDLE_INVALID: CK_RV = 0x00000082; +pub const CKR_OPERATION_ACTIVE: CK_RV = 0x00000090; +pub const CKR_OPERATION_NOT_INITIALIZED: CK_RV = 0x00000091; +pub const CKR_PIN_INCORRECT: CK_RV = 0x000000A0; +pub const CKR_PIN_INVALID: CK_RV = 0x000000A1; +pub const CKR_PIN_LEN_RANGE: CK_RV = 0x000000A2; +pub const CKR_PIN_EXPIRED: CK_RV = 0x000000A3; +pub const CKR_PIN_LOCKED: CK_RV = 0x000000A4; +pub const CKR_SESSION_CLOSED: CK_RV = 0x000000B0; +pub const CKR_SESSION_COUNT: CK_RV = 0x000000B1; +pub const CKR_SESSION_HANDLE_INVALID: CK_RV = 0x000000B3; +pub const CKR_SESSION_PARALLEL_NOT_SUPPORTED: CK_RV = 0x000000B4; +pub const CKR_SESSION_READ_ONLY: CK_RV = 0x000000B5; +pub const CKR_SESSION_EXISTS: CK_RV = 0x000000B6; +pub const CKR_SESSION_READ_ONLY_EXISTS: CK_RV = 0x000000B7; +pub const CKR_SESSION_READ_WRITE_SO_EXISTS: CK_RV = 0x000000B8; +pub const CKR_SIGNATURE_INVALID: CK_RV = 0x000000C0; +pub const CKR_SIGNATURE_LEN_RANGE: CK_RV = 0x000000C1; +pub const CKR_TEMPLATE_INCOMPLETE: CK_RV = 0x000000D0; +pub const CKR_TEMPLATE_INCONSISTENT: CK_RV = 0x000000D1; +pub const CKR_TOKEN_NOT_PRESENT: CK_RV = 0x000000E0; +pub const CKR_TOKEN_NOT_RECOGNIZED: CK_RV = 0x000000E1; +pub const CKR_TOKEN_WRITE_PROTECTED: CK_RV = 0x000000E2; +pub const CKR_UNWRAPPING_KEY_HANDLE_INVALID: CK_RV = 0x000000F0; +pub const CKR_UNWRAPPING_KEY_SIZE_RANGE: CK_RV = 0x000000F1; +pub const CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT: CK_RV = 0x000000F2; +pub const CKR_USER_ALREADY_LOGGED_IN: CK_RV = 0x00000100; +pub const CKR_USER_NOT_LOGGED_IN: CK_RV = 0x00000101; +pub const CKR_USER_PIN_NOT_INITIALIZED: CK_RV = 0x00000102; +pub const CKR_USER_TYPE_INVALID: CK_RV = 0x00000103; +pub const CKR_USER_ANOTHER_ALREADY_LOGGED_IN: CK_RV = 0x00000104; +pub const CKR_USER_TOO_MANY_TYPES: CK_RV = 0x00000105; +pub const CKR_WRAPPED_KEY_INVALID: CK_RV = 0x00000110; +pub const CKR_WRAPPED_KEY_LEN_RANGE: CK_RV = 0x00000112; +pub const CKR_WRAPPING_KEY_HANDLE_INVALID: CK_RV = 0x00000113; +pub const CKR_WRAPPING_KEY_SIZE_RANGE: CK_RV = 0x00000114; +pub const CKR_WRAPPING_KEY_TYPE_INCONSISTENT: CK_RV = 0x00000115; +pub const CKR_RANDOM_SEED_NOT_SUPPORTED: CK_RV = 0x00000120; +pub const CKR_RANDOM_NO_RNG: CK_RV = 0x00000121; +pub const CKR_DOMAIN_PARAMS_INVALID: CK_RV = 0x00000130; +pub const CKR_BUFFER_TOO_SMALL: CK_RV = 0x00000150; +pub const CKR_SAVED_STATE_INVALID: CK_RV = 0x00000160; +pub const CKR_INFORMATION_SENSITIVE: CK_RV = 0x00000170; +pub const CKR_STATE_UNSAVEABLE: CK_RV = 0x00000180; +pub const CKR_CRYPTOKI_NOT_INITIALIZED: CK_RV = 0x00000190; +pub const CKR_CRYPTOKI_ALREADY_INITIALIZED: CK_RV = 0x00000191; +pub const CKR_MUTEX_BAD: CK_RV = 0x000001A0; +pub const CKR_MUTEX_NOT_LOCKED: CK_RV = 0x000001A1; +pub const CKR_NEW_PIN_MODE: CK_RV = 0x000001B0; +pub const CKR_NEXT_OTP: CK_RV = 0x000001B1; +pub const CKR_EXCEEDED_MAX_ITERATIONS: CK_RV = 0x000001B5; +pub const CKR_FIPS_SELF_TEST_FAILED: CK_RV = 0x000001B6; +pub const CKR_LIBRARY_LOAD_FAILED: CK_RV = 0x000001B7; +pub const CKR_PIN_TOO_WEAK: CK_RV = 0x000001B8; +pub const CKR_PUBLIC_KEY_INVALID: CK_RV = 0x000001B9; +pub const CKR_FUNCTION_REJECTED: CK_RV = 0x00000200; +pub const CKR_VENDOR_DEFINED: CK_RV = 0x80000000; +pub const CKZ_DATA_SPECIFIED: CK_RSA_PKCS_OAEP_SOURCE_TYPE = 0x00000001; +pub const CK_FALSE: CK_BBOOL = 0; +pub const CK_TRUE: CK_BBOOL = 1; diff --git a/pkcs11/Cargo.toml b/pkcs11/Cargo.toml new file mode 100644 index 0000000..7f96eb9 --- /dev/null +++ b/pkcs11/Cargo.toml @@ -0,0 +1,52 @@ +# Copyright 2017 Marcus Heese +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +[package] +name = "pkcs11" +version = "0.6.0" +authors = ["Marcus Heese "] +edition = '2018' +description = "Rust PKCS#11 Library" +#documentation = "https://github.com/mheese/rust-pkcs11" +homepage = "https://github.com/mheese/rust-pkcs11" +repository = "https://github.com/mheese/rust-pkcs11" +readme = "README.md" +keywords = ["pkcs11", "cryptoki"] +categories = ["external-ffi-bindings", "cryptography", "hardware-support"] +license = "Apache-2.0" +exclude = [ + "pkcs11-docs/**", +] + +[badges] +maintenance = { status = "actively-developed" } +codecov = { repository = "mheese/rust-pkcs11", branch = "master", service = "github" } +is-it-maintained-issue-resolution = { repository = "mheese/rust-pkcs11" } +is-it-maintained-open-issues = { repository = "mheese/rust-pkcs11" } + +[dependencies] +libloading = "0.6.1" +num-bigint = "0.2.6" +pkcs11-sys = { path = "../pkcs11-sys" } +log = "0.4.11" +secrecy = "0.7.0" +psa-crypto = { git = "https://github.com/parallaxsecond/rust-psa-crypto", rev = "18dd4dda96d8b61d2e112b9e6ad83e90fe768d78", default-features = false, optional = true } + +[dev-dependencies] +num-traits = "0.2.11" +hex = "0.4.2" +serial_test = "0.4.0" +serial_test_derive = "0.4.0" + +[features] +psa-crypto-conversions = ["psa-crypto"] diff --git a/src/errors.rs b/pkcs11/src/errors.rs similarity index 100% rename from src/errors.rs rename to pkcs11/src/errors.rs diff --git a/src/functions.rs b/pkcs11/src/functions.rs similarity index 100% rename from src/functions.rs rename to pkcs11/src/functions.rs diff --git a/src/lib.rs b/pkcs11/src/lib.rs similarity index 99% rename from src/lib.rs rename to pkcs11/src/lib.rs index 276a737..79e8714 100644 --- a/src/lib.rs +++ b/pkcs11/src/lib.rs @@ -27,6 +27,9 @@ mod tests; pub mod errors; /// This module is basically a full conversion of the `pkcs11f.h` C header file. pub mod functions; +/// This module provides safe and idiomatic abstractions +#[deny(missing_docs)] +pub mod new; /// This module is basically a full conversion of the `pkcs11t.h` C header file. pub mod types; diff --git a/pkcs11/src/new/functions/decryption.rs b/pkcs11/src/new/functions/decryption.rs new file mode 100644 index 0000000..b91b3ca --- /dev/null +++ b/pkcs11/src/new/functions/decryption.rs @@ -0,0 +1,62 @@ +//! Decrypting data + +use crate::get_pkcs11; +use crate::new::types::function::Rv; +use crate::new::types::mechanism::Mechanism; +use crate::new::types::object::ObjectHandle; +use crate::new::types::session::Session; +use crate::new::Result; +use pkcs11_sys::*; +use std::convert::TryInto; + +impl<'a> Session<'a> { + /// Single-part decryption operation + pub fn decrypt( + &self, + mechanism: &Mechanism, + key: ObjectHandle, + encrypted_data: &[u8], + ) -> Result> { + let mut mechanism: CK_MECHANISM = mechanism.into(); + let mut data_len = 0; + + unsafe { + Rv::from(get_pkcs11!(self.client(), C_DecryptInit)( + self.handle(), + &mut mechanism as CK_MECHANISM_PTR, + key.handle(), + )) + .into_result()?; + } + + // Get the output buffer length + unsafe { + Rv::from(get_pkcs11!(self.client(), C_Decrypt)( + self.handle(), + // C_Decrypt should not modify this buffer + encrypted_data.as_ptr() as *mut u8, + encrypted_data.len().try_into()?, + std::ptr::null_mut(), + &mut data_len, + )) + .into_result()?; + } + + let mut data = vec![0; data_len.try_into()?]; + + unsafe { + Rv::from(get_pkcs11!(self.client(), C_Decrypt)( + self.handle(), + encrypted_data.as_ptr() as *mut u8, + encrypted_data.len().try_into()?, + data.as_mut_ptr(), + &mut data_len, + )) + .into_result()?; + } + + data.resize(data_len.try_into()?, 0); + + Ok(data) + } +} diff --git a/pkcs11/src/new/functions/encryption.rs b/pkcs11/src/new/functions/encryption.rs new file mode 100644 index 0000000..fae9a6e --- /dev/null +++ b/pkcs11/src/new/functions/encryption.rs @@ -0,0 +1,61 @@ +//! Encrypting data + +use crate::get_pkcs11; +use crate::new::types::function::Rv; +use crate::new::types::mechanism::Mechanism; +use crate::new::types::object::ObjectHandle; +use crate::new::types::session::Session; +use crate::new::Result; +use pkcs11_sys::*; +use std::convert::TryInto; + +impl<'a> Session<'a> { + /// Single-part encryption operation + pub fn encrypt( + &self, + mechanism: &Mechanism, + key: ObjectHandle, + data: &[u8], + ) -> Result> { + let mut mechanism: CK_MECHANISM = mechanism.into(); + let mut encrypted_data_len = 0; + + unsafe { + Rv::from(get_pkcs11!(self.client(), C_EncryptInit)( + self.handle(), + &mut mechanism as CK_MECHANISM_PTR, + key.handle(), + )) + .into_result()?; + } + + // Get the output buffer length + unsafe { + Rv::from(get_pkcs11!(self.client(), C_Encrypt)( + self.handle(), + data.as_ptr() as *mut u8, + data.len().try_into()?, + std::ptr::null_mut(), + &mut encrypted_data_len, + )) + .into_result()?; + } + + let mut encrypted_data = vec![0; encrypted_data_len.try_into()?]; + + unsafe { + Rv::from(get_pkcs11!(self.client(), C_Encrypt)( + self.handle(), + data.as_ptr() as *mut u8, + data.len().try_into()?, + encrypted_data.as_mut_ptr(), + &mut encrypted_data_len, + )) + .into_result()?; + } + + encrypted_data.resize(encrypted_data_len.try_into()?, 0); + + Ok(encrypted_data) + } +} diff --git a/pkcs11/src/new/functions/general_purpose.rs b/pkcs11/src/new/functions/general_purpose.rs new file mode 100644 index 0000000..4872a80 --- /dev/null +++ b/pkcs11/src/new/functions/general_purpose.rs @@ -0,0 +1,34 @@ +//! General-purpose functions + +use crate::get_pkcs11; +use crate::new::types::function::Rv; +use crate::new::types::locking::CInitializeArgs; +use crate::new::Pkcs11; +use crate::new::Result; +use pkcs11_sys::CK_C_INITIALIZE_ARGS; +use std::ptr; + +impl Pkcs11 { + /// Initialize the PKCS11 library + pub fn initialize(&self, init_args: CInitializeArgs) -> Result<()> { + // if no args are specified, library expects NULL + let mut init_args = CK_C_INITIALIZE_ARGS::from(init_args); + let init_args_ptr = &mut init_args; + unsafe { + Rv::from(get_pkcs11!(self, C_Initialize)( + init_args_ptr as *mut CK_C_INITIALIZE_ARGS as *mut ::std::ffi::c_void, + )) + .into_result() + } + } + + pub(crate) fn finalize_private(&self) -> Result<()> { + // Safe because Session contain a reference to self so that this function can not be called + // while there are live Session instances. + unsafe { Rv::from(get_pkcs11!(self, C_Finalize)(ptr::null_mut())).into_result() } + } + + /// Finalize the PKCS11 library. Indicates that the application no longer needs to use PKCS11. + /// The library is also automatically finalized on drop. + pub fn finalize(self) {} +} diff --git a/pkcs11/src/new/functions/key_management.rs b/pkcs11/src/new/functions/key_management.rs new file mode 100644 index 0000000..6986fac --- /dev/null +++ b/pkcs11/src/new/functions/key_management.rs @@ -0,0 +1,46 @@ +//! Key management functions + +use crate::get_pkcs11; +use crate::new::types::function::Rv; +use crate::new::types::mechanism::Mechanism; +use crate::new::types::object::{Attribute, ObjectHandle}; +use crate::new::types::session::Session; +use crate::new::Result; +use pkcs11_sys::{CK_ATTRIBUTE, CK_MECHANISM, CK_MECHANISM_PTR}; +use std::convert::TryInto; + +impl<'a> Session<'a> { + /// Generate a public/private key pair + pub fn generate_key_pair( + &self, + mechanism: &Mechanism, + pub_key_template: &[Attribute], + priv_key_template: &[Attribute], + ) -> Result<(ObjectHandle, ObjectHandle)> { + let mut mechanism: CK_MECHANISM = mechanism.into(); + let mut pub_key_template: Vec = + pub_key_template.iter().map(|attr| attr.into()).collect(); + let mut priv_key_template: Vec = + priv_key_template.iter().map(|attr| attr.into()).collect(); + let mut pub_handle = 0; + let mut priv_handle = 0; + unsafe { + Rv::from(get_pkcs11!(self.client(), C_GenerateKeyPair)( + self.handle(), + &mut mechanism as CK_MECHANISM_PTR, + pub_key_template.as_mut_ptr(), + pub_key_template.len().try_into()?, + priv_key_template.as_mut_ptr(), + priv_key_template.len().try_into()?, + &mut pub_handle, + &mut priv_handle, + )) + .into_result()?; + } + + Ok(( + ObjectHandle::new(pub_handle), + ObjectHandle::new(priv_handle), + )) + } +} diff --git a/pkcs11/src/new/functions/mod.rs b/pkcs11/src/new/functions/mod.rs new file mode 100644 index 0000000..9b53b59 --- /dev/null +++ b/pkcs11/src/new/functions/mod.rs @@ -0,0 +1,10 @@ +//! PKCS11 functions + +pub mod decryption; +pub mod encryption; +pub mod general_purpose; +pub mod key_management; +pub mod object_management; +pub mod session_management; +pub mod signing_macing; +pub mod slot_token_management; diff --git a/pkcs11/src/new/functions/object_management.rs b/pkcs11/src/new/functions/object_management.rs new file mode 100644 index 0000000..4aa39dd --- /dev/null +++ b/pkcs11/src/new/functions/object_management.rs @@ -0,0 +1,182 @@ +//! Object management functions + +use crate::get_pkcs11; +use crate::new::types::function::{Rv, RvError}; +use crate::new::types::object::{Attribute, AttributeInfo, AttributeType, ObjectHandle}; +use crate::new::types::session::Session; +use crate::new::Result; +use pkcs11_sys::*; +use std::convert::TryInto; + +// Search 10 elements at a time +const MAX_OBJECT_COUNT: usize = 10; + +impl<'a> Session<'a> { + /// Search for session objects matching a template + pub fn find_objects(&self, template: &[Attribute]) -> Result> { + let mut template: Vec = template.iter().map(|attr| attr.into()).collect(); + + unsafe { + Rv::from(get_pkcs11!(self.client(), C_FindObjectsInit)( + self.handle(), + template.as_mut_ptr(), + template.len().try_into()?, + )) + .into_result()?; + } + + let mut object_handles = [0; MAX_OBJECT_COUNT]; + let mut object_count = 0; + let mut objects = Vec::new(); + + unsafe { + Rv::from(get_pkcs11!(self.client(), C_FindObjects)( + self.handle(), + object_handles.as_mut_ptr() as CK_OBJECT_HANDLE_PTR, + MAX_OBJECT_COUNT.try_into()?, + &mut object_count, + )) + .into_result()?; + } + + while object_count > 0 { + objects.extend_from_slice(&object_handles[..object_count.try_into()?]); + + unsafe { + Rv::from(get_pkcs11!(self.client(), C_FindObjects)( + self.handle(), + object_handles.as_mut_ptr() as CK_OBJECT_HANDLE_PTR, + MAX_OBJECT_COUNT.try_into()?, + &mut object_count, + )) + .into_result()?; + } + } + + unsafe { + Rv::from(get_pkcs11!(self.client(), C_FindObjectsFinal)( + self.handle(), + )) + .into_result()?; + } + + let objects = objects.into_iter().map(ObjectHandle::new).collect(); + + Ok(objects) + } + + /// Create a new object + pub fn create_object(&self, template: &[Attribute]) -> Result { + let mut template: Vec = template.iter().map(|attr| attr.into()).collect(); + let mut object_handle = 0; + + unsafe { + Rv::from(get_pkcs11!(self.client(), C_CreateObject)( + self.handle(), + template.as_mut_ptr(), + template.len().try_into()?, + &mut object_handle as CK_OBJECT_HANDLE_PTR, + )) + .into_result()?; + } + + Ok(ObjectHandle::new(object_handle)) + } + + /// Destroy an object + pub fn destroy_object(&self, object: ObjectHandle) -> Result<()> { + unsafe { + Rv::from(get_pkcs11!(self.client(), C_DestroyObject)( + self.handle(), + object.handle(), + )) + .into_result() + } + } + + /// Get the attribute info of an object: if the attribute is present and its size. + pub fn get_attribute_info( + &self, + object: ObjectHandle, + attributes: &[AttributeType], + ) -> Result> { + let mut template: Vec = attributes + .iter() + .map(|attr_type| CK_ATTRIBUTE { + type_: (*attr_type).into(), + pValue: std::ptr::null_mut(), + ulValueLen: 0, + }) + .collect(); + + match unsafe { + Rv::from(get_pkcs11!(self.client(), C_GetAttributeValue)( + self.handle(), + object.handle(), + template.as_mut_ptr(), + template.len().try_into()?, + )) + } { + Rv::Ok + | Rv::Error(RvError::AttributeSensitive) + | Rv::Error(RvError::AttributeTypeInvalid) => Ok(template + .iter() + .map(|attr| match attr.ulValueLen { + CK_UNAVAILABLE_INFORMATION => Ok(AttributeInfo::Unavailable), + len => Ok(AttributeInfo::Available(len.try_into()?)), + }) + .collect::>>()?), + Rv::Error(rv_error) => Err(rv_error.into()), + } + } + + /// Get the attributes values of an object. + /// Ignore the unavailable one. One has to call the get_attribute_info method to check which + /// ones are unavailable. + pub fn get_attributes( + &self, + object: ObjectHandle, + attributes: &[AttributeType], + ) -> Result> { + let attrs_info = self.get_attribute_info(object, attributes)?; + + // Allocating a chunk of memory where to put the attributes value. + let attrs_memory: Vec<(AttributeType, Vec)> = attrs_info + .iter() + .zip(attributes.iter()) + .filter_map(|(attr_info, attr_type)| { + if let AttributeInfo::Available(size) = attr_info { + Some((*attr_type, vec![0; *size])) + } else { + None + } + }) + .collect(); + + let mut template: Vec = attrs_memory + .iter() + .map(|(attr_type, memory)| { + Ok(CK_ATTRIBUTE { + type_: (*attr_type).into(), + pValue: memory.as_ptr() as *mut std::ffi::c_void, + ulValueLen: memory.len().try_into()?, + }) + }) + .collect::>>()?; + + // This should only return OK as all attributes asked should be + // available. Concurrency problem? + unsafe { + Rv::from(get_pkcs11!(self.client(), C_GetAttributeValue)( + self.handle(), + object.handle(), + template.as_mut_ptr(), + template.len().try_into()?, + )) + .into_result()?; + } + + // Convert from CK_ATTRIBUTE to Attribute + template.into_iter().map(|attr| attr.try_into()).collect() + } +} diff --git a/pkcs11/src/new/functions/session_management.rs b/pkcs11/src/new/functions/session_management.rs new file mode 100644 index 0000000..2e83836 --- /dev/null +++ b/pkcs11/src/new/functions/session_management.rs @@ -0,0 +1,56 @@ +//! Session management functions + +use crate::get_pkcs11; +use crate::new::types::function::Rv; +use crate::new::types::session::{Session, UserType}; +use crate::new::types::slot_token::Slot; +use crate::new::types::Flags; +use crate::new::Pkcs11; +use crate::new::Result; + +impl Pkcs11 { + /// Open a new session with no callback set + pub fn open_session_no_callback(&self, slot_id: Slot, flags: Flags) -> Result { + let mut session_handle = 0; + + unsafe { + Rv::from(get_pkcs11!(self, C_OpenSession)( + slot_id.id(), + flags.into(), + // TODO: abstract those types or create new functions for callbacks + std::ptr::null_mut(), + None, + &mut session_handle, + )) + .into_result()?; + } + + Ok(Session::new(session_handle, &self, slot_id)) + } +} + +impl<'a> Session<'a> { + /// Close a session + /// This will be called on drop as well. + pub fn close(&self) {} + + pub(crate) fn close_private(&self) -> Result<()> { + unsafe { Rv::from(get_pkcs11!(self.client(), C_CloseSession)(self.handle())).into_result() } + } + + /// Log a session in + /// + /// Do not fail if the user is already logged in. It happens if another session on the same slot + /// has already called the log in operation. Record the login call and only log out when there + /// aren't anymore sessions requiring log in state. + pub fn login(&self, user_type: UserType) -> Result<()> { + self.client().login(self, user_type) + } + + /// Log a session out + /// + /// Will also be called on drop. + pub fn logout(&self) -> Result<()> { + self.client().logout(self) + } +} diff --git a/pkcs11/src/new/functions/signing_macing.rs b/pkcs11/src/new/functions/signing_macing.rs new file mode 100644 index 0000000..7f7e163 --- /dev/null +++ b/pkcs11/src/new/functions/signing_macing.rs @@ -0,0 +1,88 @@ +//! Signing and authentication functions + +use crate::get_pkcs11; +use crate::new::types::function::Rv; +use crate::new::types::mechanism::Mechanism; +use crate::new::types::object::ObjectHandle; +use crate::new::types::session::Session; +use crate::new::Result; +use pkcs11_sys::*; +use std::convert::TryInto; + +impl<'a> Session<'a> { + /// Sign data in single-part + pub fn sign(&self, mechanism: &Mechanism, key: ObjectHandle, data: &[u8]) -> Result> { + let mut mechanism: CK_MECHANISM = mechanism.into(); + let mut signature_len = 0; + + unsafe { + Rv::from(get_pkcs11!(self.client(), C_SignInit)( + self.handle(), + &mut mechanism as CK_MECHANISM_PTR, + key.handle(), + )) + .into_result()?; + } + + // Get the output buffer length + unsafe { + Rv::from(get_pkcs11!(self.client(), C_Sign)( + self.handle(), + data.as_ptr() as *mut u8, + data.len().try_into()?, + std::ptr::null_mut(), + &mut signature_len, + )) + .into_result()?; + } + + let mut signature = vec![0; signature_len.try_into()?]; + + //TODO: we should add a new error instead of those unwrap! + unsafe { + Rv::from(get_pkcs11!(self.client(), C_Sign)( + self.handle(), + data.as_ptr() as *mut u8, + data.len().try_into()?, + signature.as_mut_ptr(), + &mut signature_len, + )) + .into_result()?; + } + + signature.resize(signature_len.try_into()?, 0); + + Ok(signature) + } + + /// Verify data in single-part + pub fn verify( + &self, + mechanism: &Mechanism, + key: ObjectHandle, + data: &[u8], + signature: &[u8], + ) -> Result<()> { + let mut mechanism: CK_MECHANISM = mechanism.into(); + + unsafe { + Rv::from(get_pkcs11!(self.client(), C_VerifyInit)( + self.handle(), + &mut mechanism as CK_MECHANISM_PTR, + key.handle(), + )) + .into_result()?; + } + + unsafe { + Rv::from(get_pkcs11!(self.client(), C_Verify)( + self.handle(), + data.as_ptr() as *mut u8, + data.len().try_into()?, + signature.as_ptr() as *mut u8, + signature.len().try_into()?, + )) + .into_result() + } + } +} diff --git a/pkcs11/src/new/functions/slot_token_management.rs b/pkcs11/src/new/functions/slot_token_management.rs new file mode 100644 index 0000000..0d0ceb1 --- /dev/null +++ b/pkcs11/src/new/functions/slot_token_management.rs @@ -0,0 +1,111 @@ +//! Slot and token management functions + +use crate::get_pkcs11; +use crate::new::types::function::Rv; +use crate::new::types::slot_token::Slot; +use crate::new::Pkcs11; +use crate::new::Result; +use crate::new::Session; +use secrecy::{ExposeSecret, Secret}; +use std::convert::TryInto; +use std::ffi::CString; + +impl Pkcs11 { + /// Get all slots available with a token + pub fn get_slots_with_token(&self) -> Result> { + let mut slot_count = 0; + + unsafe { + Rv::from(get_pkcs11!(self, C_GetSlotList)( + pkcs11_sys::CK_TRUE, + std::ptr::null_mut(), + &mut slot_count, + )) + .into_result()?; + } + + let mut slots = vec![0; slot_count.try_into()?]; + + unsafe { + Rv::from(get_pkcs11!(self, C_GetSlotList)( + pkcs11_sys::CK_TRUE, + slots.as_mut_ptr(), + &mut slot_count, + )) + .into_result()?; + } + + let mut slots: Vec = slots.into_iter().map(Slot::new).collect(); + + // This should always truncate slots. + slots.resize(slot_count.try_into()?, Slot::new(0)); + + Ok(slots) + } + + /// Get all slots + pub fn get_all_slots(&self) -> Result> { + let mut slot_count = 0; + + unsafe { + Rv::from(get_pkcs11!(self, C_GetSlotList)( + pkcs11_sys::CK_FALSE, + std::ptr::null_mut(), + &mut slot_count, + )) + .into_result()?; + } + + let mut slots = vec![0; slot_count.try_into()?]; + + unsafe { + Rv::from(get_pkcs11!(self, C_GetSlotList)( + pkcs11_sys::CK_FALSE, + slots.as_mut_ptr(), + &mut slot_count, + )) + .into_result()?; + } + + let mut slots: Vec = slots.into_iter().map(Slot::new).collect(); + + // This should always truncate slots. + slots.resize(slot_count.try_into()?, Slot::new(0)); + + Ok(slots) + } + + /// Initialize a token + /// + /// Currently will use an empty label for all tokens. + pub fn init_token(&self, slot: Slot, pin: &str) -> Result<()> { + let pin = Secret::new(CString::new(pin)?.into_bytes()); + // FIXME: make a good conversion to the label format + // 32 is the ASCII code for ' ' + let label = [b' '; 32]; + unsafe { + Rv::from(get_pkcs11!(self, C_InitToken)( + slot.id(), + pin.expose_secret().as_ptr() as *mut u8, + pin.expose_secret().len().try_into()?, + label.as_ptr() as *mut u8, + )) + .into_result() + } + } +} + +impl<'a> Session<'a> { + /// Initialize the normal user's pin for a token + pub fn init_pin(&self, pin: &str) -> Result<()> { + let pin = Secret::new(CString::new(pin)?.into_bytes()); + unsafe { + Rv::from(get_pkcs11!(self.client(), C_InitPIN)( + self.handle(), + pin.expose_secret().as_ptr() as *mut u8, + pin.expose_secret().len().try_into()?, + )) + .into_result() + } + } +} diff --git a/pkcs11/src/new/mod.rs b/pkcs11/src/new/mod.rs new file mode 100644 index 0000000..c78c0ea --- /dev/null +++ b/pkcs11/src/new/mod.rs @@ -0,0 +1,511 @@ +//! Rust PKCS11 new abstraction +//! +//! The items in the new module only expose idiomatic and safe Rust types and functions to +//! interface with the PKCS11 API. All the PKCS11 items might not be implemented but everything +//! that is implemented is safe. +//! +//! The modules under `new` follow the structure of the PKCS11 document version 2.40 available [here](http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html). + +pub mod functions; +pub mod objects; +pub mod types; + +use crate::new::types::function::{Rv, RvError}; +use crate::new::types::session::{Session, UserType}; +use crate::new::types::slot_token::Slot; +use log::error; +use pkcs11_sys::*; +use secrecy::{ExposeSecret, Secret, SecretVec}; +use std::collections::{HashMap, HashSet}; +use std::convert::TryInto; +use std::ffi::CString; +use std::fmt; +use std::mem; +use std::path::Path; +use std::sync::{Mutex, RwLock}; + +#[macro_export] +macro_rules! get_pkcs11 { + ($pkcs11:expr, $func_name:ident) => { + ($pkcs11 + .function_list + .$func_name + .ok_or(crate::new::Error::NullFunctionPointer)?) + }; +} + +/// Main PKCS11 context. Should usually be unique per application. +pub struct Pkcs11 { + // Even if this field is never read, it is needed for the pointers in function_list to remain + // valid. + _pkcs11_lib: pkcs11_sys::Pkcs11, + function_list: pkcs11_sys::_CK_FUNCTION_LIST, + // Handle of sessions currently logged in per slot. This is used for logging in and out. + logged_sessions: Mutex>>, + // Pin per slot, will be used for login. Ideally this should also be filtered by user type. + pins: RwLock>>, +} + +impl Pkcs11 { + /// Instantiate a new context from the path of a PKCS11 dynamic llibrary implementation. + pub fn new

(filename: P) -> Result + where + P: AsRef, + { + unsafe { + let pkcs11_lib = + pkcs11_sys::Pkcs11::new(filename.as_ref()).map_err(Error::LibraryLoading)?; + let mut list = mem::MaybeUninit::uninit(); + + Rv::from(pkcs11_lib.C_GetFunctionList(list.as_mut_ptr())).into_result()?; + + let list_ptr = *list.as_ptr(); + + Ok(Pkcs11 { + _pkcs11_lib: pkcs11_lib, + function_list: *list_ptr, + logged_sessions: Mutex::new(HashMap::new()), + pins: RwLock::new(HashMap::new()), + }) + } + } + + /// Set the PIN used when logging in sessions. + /// The pin set is the one that is going to be use with all user type specified when logging in. + /// It needs to be changed before calling login with a different user type. + pub fn set_pin(&self, slot: Slot, pin: &str) -> Result<()> { + let _ = self + .pins + .write() + .expect("Pins lock poisoned") + .insert(slot, Secret::new(CString::new(pin)?.into_bytes())); + Ok(()) + } + + /// Clear the pin store. + /// Ignore if the pin was not set previously on the slot. Note that the pin will be cleared + /// anyway on drop. + pub fn clear_pin(&self, slot: Slot) { + // The removed pin will be zeroized on drop as it is a SecretVec + let _ = self.pins.write().expect("Pins lock poisoned").remove(&slot); + } + + // Do not fail if the user is already logged in. It happens if another session on the same slot + // has already called the log in operation. Record the login call and only log out when there + // aren't anymore sessions requiring log in state. + fn login(&self, session: &Session, user_type: UserType) -> Result<()> { + let pins = self.pins.read().expect("Pins lock poisoned"); + let pin = pins + .get(&session.slot()) + .ok_or(Error::PinNotSet)? + .expose_secret(); + + let mut logged_sessions = self + .logged_sessions + .lock() + .expect("Logged sessions mutex poisoned!"); + + match unsafe { + Rv::from(get_pkcs11!(self, C_Login)( + session.handle(), + user_type.into(), + pin.as_ptr() as *mut u8, + pin.len().try_into()?, + )) + } { + Rv::Ok | Rv::Error(RvError::UserAlreadyLoggedIn) => { + if let Some(session_handles) = logged_sessions.get_mut(&session.slot()) { + // It might already been present in if this session already tried to log in. + let _ = session_handles.insert(session.handle()); + } else { + let mut new_set = HashSet::new(); + let _ = new_set.insert(session.handle()); + let _ = logged_sessions.insert(session.slot(), new_set); + } + Ok(()) + } + Rv::Error(err) => Err(err.into()), + } + } + + fn logout(&self, session: &Session) -> Result<()> { + let mut logged_sessions = self + .logged_sessions + .lock() + .expect("Logged sessions mutex poisoned!"); + + // A non-logged in session might call this method. + + if let Some(session_handles) = logged_sessions.get_mut(&session.slot()) { + if session_handles.contains(&session.handle()) { + if session_handles.len() == 1 { + // Only this session is logged in, we can logout. + unsafe { + Rv::from(get_pkcs11!(self, C_Logout)(session.handle())).into_result()?; + } + } + let _ = session_handles.remove(&session.handle()); + } + } + + Ok(()) + } +} + +#[derive(Debug)] +/// Main error type +pub enum Error { + /// Any error that happens during library loading of the PKCS#11 module is encompassed under + /// this error. It is a direct forward of the underlying error from libloading. + LibraryLoading(libloading::Error), + + /// All PKCS#11 functions that return non-zero translate to this error. + Pkcs11(types::function::RvError), + + /// This error marks a feature that is not yet supported by the PKCS11 Rust abstraction layer. + NotSupported, + + /// Error happening while converting types + TryFromInt(std::num::TryFromIntError), + + /// Error when converting a slice to an array + TryFromSlice(std::array::TryFromSliceError), + + /// Error with nul characters in Strings + NulError(std::ffi::NulError), + + /// Calling a PKCS11 function that is a NULL function pointer. + NullFunctionPointer, + + /// The value is not one of those expected. + InvalidValue, + + /// The PIN was not set before logging in. + PinNotSet, +} + +impl fmt::Display for Error { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + match self { + Error::LibraryLoading(e) => write!(f, "libloading error ({})", e), + Error::Pkcs11(e) => write!(f, "PKCS11 error: {}", e), + Error::NotSupported => write!(f, "Feature not supported"), + Error::TryFromInt(e) => write!(f, "Conversion between integers failed ({})", e), + Error::TryFromSlice(e) => write!(f, "Error converting slice to array ({})", e), + Error::NulError(e) => write!(f, "An interior nul byte was found ({})", e), + Error::NullFunctionPointer => write!(f, "Calling a NULL function pointer"), + Error::InvalidValue => write!(f, "The value is not one of the expected options"), + Error::PinNotSet => write!(f, "Pin has not been set before trying to log in"), + } + } +} + +impl std::error::Error for Error { + fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { + match self { + Error::LibraryLoading(e) => Some(e), + Error::TryFromInt(e) => Some(e), + Error::TryFromSlice(e) => Some(e), + Error::NulError(e) => Some(e), + Error::Pkcs11(_) + | Error::NotSupported + | Error::NullFunctionPointer + | Error::PinNotSet + | Error::InvalidValue => None, + } + } +} + +impl From for Error { + fn from(err: libloading::Error) -> Error { + Error::LibraryLoading(err) + } +} + +impl From for Error { + fn from(err: std::num::TryFromIntError) -> Error { + Error::TryFromInt(err) + } +} + +impl From for Error { + fn from(err: std::array::TryFromSliceError) -> Error { + Error::TryFromSlice(err) + } +} + +impl From for Error { + fn from(err: std::ffi::NulError) -> Error { + Error::NulError(err) + } +} + +impl From for Error { + fn from(_err: std::convert::Infallible) -> Error { + unreachable!() + } +} + +impl Drop for Pkcs11 { + fn drop(&mut self) { + if let Err(e) = self.finalize_private() { + error!("Failed to finalize: {}", e); + } + } +} + +/// Main Result type +pub type Result = core::result::Result; + +#[cfg(test)] +mod tests { + use crate::new::types::locking::CInitializeArgs; + use crate::new::types::mechanism::Mechanism; + use crate::new::types::object::{ + Attribute, AttributeInfo, AttributeType, KeyType, ObjectClass, + }; + use crate::new::types::session::UserType; + use crate::new::types::Flags; + use crate::new::Pkcs11; + use crate::new::Slot; + use std::env; + use std::sync::Arc; + use std::thread; + + fn init_pins() -> (Pkcs11, Slot) { + let pkcs11 = Pkcs11::new( + env::var("PKCS11_SOFTHSM2_MODULE") + .unwrap_or_else(|_| "/usr/local/lib/softhsm/libsofthsm2.so".to_string()), + ) + .unwrap(); + + // initialize the library + pkcs11.initialize(CInitializeArgs::OsThreads).unwrap(); + + // find a slot, get the first one + let slot = pkcs11.get_slots_with_token().unwrap().remove(0); + + pkcs11.init_token(slot, "1234").unwrap(); + pkcs11.set_pin(slot, "1234").unwrap(); + + // set flags + let mut flags = Flags::new(); + flags.set_rw_session(true).set_serial_session(true); + + { + // open a session + let session = pkcs11.open_session_no_callback(slot, flags).unwrap(); + // log in the session + session.login(UserType::So).unwrap(); + session.init_pin("1234").unwrap(); + } + + (pkcs11, slot) + } + + #[test] + #[serial] + fn sign_verify() { + let (pkcs11, slot) = init_pins(); + + // set flags + let mut flags = Flags::new(); + flags.set_rw_session(true).set_serial_session(true); + + // open a session + let session = pkcs11.open_session_no_callback(slot, flags).unwrap(); + + // log in the session + session.login(UserType::User).unwrap(); + + // get mechanism + let mechanism = Mechanism::RsaPkcsKeyPairGen; + + let public_exponent: Vec = vec![0x01, 0x00, 0x01]; + let modulus_bits: u64 = 1024; + + // pub key template + let pub_key_template = vec![ + Attribute::Token(true.into()), + Attribute::Private(false.into()), + Attribute::PublicExponent(public_exponent), + Attribute::ModulusBits(modulus_bits.into()), + ]; + + // priv key template + let priv_key_template = vec![Attribute::Token(true.into())]; + + // generate a key pair + let (public, private) = session + .generate_key_pair(&mechanism, &pub_key_template, &priv_key_template) + .unwrap(); + + // data to sign + let data = [0xFF, 0x55, 0xDD]; + + // sign something with it + let signature = session.sign(&Mechanism::RsaPkcs, private, &data).unwrap(); + + // verify the signature + session + .verify(&Mechanism::RsaPkcs, public, &data, &signature) + .unwrap(); + + // delete keys + session.destroy_object(public).unwrap(); + session.destroy_object(private).unwrap(); + } + + #[test] + #[serial] + fn encrypt_decrypt() { + let (pkcs11, slot) = init_pins(); + + // set flags + let mut flags = Flags::new(); + flags.set_rw_session(true).set_serial_session(true); + + // open a session + let session = pkcs11.open_session_no_callback(slot, flags).unwrap(); + + // log in the session + session.login(UserType::User).unwrap(); + + // get mechanism + let mechanism = Mechanism::RsaPkcsKeyPairGen; + + let public_exponent: Vec = vec![0x01, 0x00, 0x01]; + let modulus_bits: u64 = 1024; + + // pub key template + let pub_key_template = vec![ + Attribute::Token(true.into()), + Attribute::Private(false.into()), + Attribute::PublicExponent(public_exponent), + Attribute::ModulusBits(modulus_bits.into()), + Attribute::Encrypt(true.into()), + ]; + + // priv key template + let priv_key_template = vec![ + Attribute::Token(true.into()), + Attribute::Decrypt(true.into()), + ]; + + // generate a key pair + let (public, private) = session + .generate_key_pair(&mechanism, &pub_key_template, &priv_key_template) + .unwrap(); + + // data to encrypt + let data = vec![0xFF, 0x55, 0xDD]; + + // encrypt something with it + let encrypted_data = session.encrypt(&Mechanism::RsaPkcs, public, &data).unwrap(); + + // decrypt + let decrypted_data = session + .decrypt(&Mechanism::RsaPkcs, private, &encrypted_data) + .unwrap(); + + // The decrypted buffer is bigger than the original one. + assert_eq!(data, decrypted_data); + + // delete keys + session.destroy_object(public).unwrap(); + session.destroy_object(private).unwrap(); + } + + #[test] + #[serial] + fn import_export() { + let (pkcs11, slot) = init_pins(); + + // set flags + let mut flags = Flags::new(); + flags.set_rw_session(true).set_serial_session(true); + + // open a session + let session = pkcs11.open_session_no_callback(slot, flags).unwrap(); + + // log in the session + session.login(UserType::User).unwrap(); + + let public_exponent: Vec = vec![0x01, 0x00, 0x01]; + let modulus = vec![0xFF; 1024]; + + let template = vec![ + Attribute::Token(true.into()), + Attribute::Private(false.into()), + Attribute::PublicExponent(public_exponent), + Attribute::Modulus(modulus.clone()), + Attribute::Class(ObjectClass::PUBLIC_KEY), + Attribute::KeyType(KeyType::RSA), + Attribute::Verify(true.into()), + ]; + + { + // Intentionally forget the object handle to find it later + let _public_key = session.create_object(&template).unwrap(); + } + + let is_it_the_public_key = session.find_objects(&template).unwrap().remove(0); + + let attribute_info = session + .get_attribute_info(is_it_the_public_key, &[AttributeType::Modulus]) + .unwrap() + .remove(0); + + if let AttributeInfo::Available(size) = attribute_info { + assert_eq!(size, 1024); + } else { + panic!("The Modulus attribute was expected to be present.") + }; + + let attr = session + .get_attributes(is_it_the_public_key, &[AttributeType::Modulus]) + .unwrap() + .remove(0); + + if let Attribute::Modulus(modulus_cmp) = attr { + assert_eq!(modulus[..], modulus_cmp[..]); + } else { + panic!("Expected the Modulus attribute."); + } + + // delete key + session.destroy_object(is_it_the_public_key).unwrap(); + } + + #[test] + #[serial] + fn login_feast() { + const SESSIONS: usize = 100; + + let (pkcs11, slot) = init_pins(); + + // set flags + let mut flags = Flags::new(); + flags.set_rw_session(true).set_serial_session(true); + + let pkcs11 = Arc::from(pkcs11); + let mut threads = Vec::new(); + + for _ in 0..SESSIONS { + let pkcs11 = pkcs11.clone(); + threads.push(thread::spawn(move || { + let session = pkcs11.open_session_no_callback(slot, flags).unwrap(); + session.login(UserType::User).unwrap(); + session.login(UserType::User).unwrap(); + session.login(UserType::User).unwrap(); + session.logout().unwrap(); + session.logout().unwrap(); + session.logout().unwrap(); + })); + } + + for thread in threads { + thread.join().unwrap(); + } + } +} diff --git a/pkcs11/src/new/objects/mod.rs b/pkcs11/src/new/objects/mod.rs new file mode 100644 index 0000000..ff58136 --- /dev/null +++ b/pkcs11/src/new/objects/mod.rs @@ -0,0 +1 @@ +//! PKCS11 objects diff --git a/pkcs11/src/new/types/function.rs b/pkcs11/src/new/types/function.rs new file mode 100644 index 0000000..bf3949a --- /dev/null +++ b/pkcs11/src/new/types/function.rs @@ -0,0 +1,436 @@ +//! Function types + +use crate::new::{Error, Result}; +use log::error; +use pkcs11_sys::*; +use std::fmt; + +#[derive(Debug)] +/// Return value of a PKCS11 function +pub enum Rv { + /// The function exited successfully + Ok, + /// There was an error + Error(RvError), +} + +impl From for Rv { + fn from(ck_rv: CK_RV) -> Self { + match ck_rv { + CKR_OK => Rv::Ok, + CKR_CANCEL => Rv::Error(RvError::Cancel), + CKR_HOST_MEMORY => Rv::Error(RvError::HostMemory), + CKR_SLOT_ID_INVALID => Rv::Error(RvError::SlotIdInvalid), + CKR_GENERAL_ERROR => Rv::Error(RvError::GeneralError), + CKR_FUNCTION_FAILED => Rv::Error(RvError::FunctionFailed), + CKR_ARGUMENTS_BAD => Rv::Error(RvError::ArgumentsBad), + CKR_NO_EVENT => Rv::Error(RvError::NoEvent), + CKR_NEED_TO_CREATE_THREADS => Rv::Error(RvError::NeedToCreateThreads), + CKR_CANT_LOCK => Rv::Error(RvError::CantLock), + CKR_ATTRIBUTE_READ_ONLY => Rv::Error(RvError::AttributeReadOnly), + CKR_ATTRIBUTE_SENSITIVE => Rv::Error(RvError::AttributeSensitive), + CKR_ATTRIBUTE_TYPE_INVALID => Rv::Error(RvError::AttributeTypeInvalid), + CKR_ATTRIBUTE_VALUE_INVALID => Rv::Error(RvError::AttributeValueInvalid), + CKR_ACTION_PROHIBITED => Rv::Error(RvError::ActionProhibited), + CKR_DATA_INVALID => Rv::Error(RvError::DataInvalid), + CKR_DATA_LEN_RANGE => Rv::Error(RvError::DataLenRange), + CKR_DEVICE_ERROR => Rv::Error(RvError::DeviceError), + CKR_DEVICE_MEMORY => Rv::Error(RvError::DeviceMemory), + CKR_DEVICE_REMOVED => Rv::Error(RvError::DeviceRemoved), + CKR_ENCRYPTED_DATA_INVALID => Rv::Error(RvError::EncryptedDataInvalid), + CKR_ENCRYPTED_DATA_LEN_RANGE => Rv::Error(RvError::EncryptedDataLenRange), + CKR_FUNCTION_CANCELED => Rv::Error(RvError::FunctionCanceled), + CKR_FUNCTION_NOT_PARALLEL => Rv::Error(RvError::FunctionNotParallel), + CKR_FUNCTION_NOT_SUPPORTED => Rv::Error(RvError::FunctionNotSupported), + CKR_CURVE_NOT_SUPPORTED => Rv::Error(RvError::CurveNotSupported), + CKR_KEY_HANDLE_INVALID => Rv::Error(RvError::KeyHandleInvalid), + CKR_KEY_SIZE_RANGE => Rv::Error(RvError::KeySizeRange), + CKR_KEY_TYPE_INCONSISTENT => Rv::Error(RvError::KeyTypeInconsistent), + CKR_KEY_NOT_NEEDED => Rv::Error(RvError::KeyNotNeeded), + CKR_KEY_CHANGED => Rv::Error(RvError::KeyChanged), + CKR_KEY_NEEDED => Rv::Error(RvError::KeyNeeded), + CKR_KEY_INDIGESTIBLE => Rv::Error(RvError::KeyIndigestible), + CKR_KEY_FUNCTION_NOT_PERMITTED => Rv::Error(RvError::KeyFunctionNotPermitted), + CKR_KEY_NOT_WRAPPABLE => Rv::Error(RvError::KeyNotWrappable), + CKR_KEY_UNEXTRACTABLE => Rv::Error(RvError::KeyUnextractable), + CKR_MECHANISM_INVALID => Rv::Error(RvError::MechanismInvalid), + CKR_MECHANISM_PARAM_INVALID => Rv::Error(RvError::MechanismParamInvalid), + CKR_OBJECT_HANDLE_INVALID => Rv::Error(RvError::ObjectHandleInvalid), + CKR_OPERATION_ACTIVE => Rv::Error(RvError::OperationActive), + CKR_OPERATION_NOT_INITIALIZED => Rv::Error(RvError::OperationNotInitialized), + CKR_PIN_INCORRECT => Rv::Error(RvError::PinIncorrect), + CKR_PIN_INVALID => Rv::Error(RvError::PinInvalid), + CKR_PIN_LEN_RANGE => Rv::Error(RvError::PinLenRange), + CKR_PIN_EXPIRED => Rv::Error(RvError::PinExpired), + CKR_PIN_LOCKED => Rv::Error(RvError::PinLocked), + CKR_SESSION_CLOSED => Rv::Error(RvError::SessionClosed), + CKR_SESSION_COUNT => Rv::Error(RvError::SessionCount), + CKR_SESSION_HANDLE_INVALID => Rv::Error(RvError::SessionHandleInvalid), + CKR_SESSION_PARALLEL_NOT_SUPPORTED => Rv::Error(RvError::SessionParallelNotSupported), + CKR_SESSION_READ_ONLY => Rv::Error(RvError::SessionReadOnly), + CKR_SESSION_EXISTS => Rv::Error(RvError::SessionExists), + CKR_SESSION_READ_ONLY_EXISTS => Rv::Error(RvError::SessionReadOnlyExists), + CKR_SESSION_READ_WRITE_SO_EXISTS => Rv::Error(RvError::SessionReadWriteSoExists), + CKR_SIGNATURE_INVALID => Rv::Error(RvError::SignatureInvalid), + CKR_SIGNATURE_LEN_RANGE => Rv::Error(RvError::SignatureLenRange), + CKR_TEMPLATE_INCOMPLETE => Rv::Error(RvError::TemplateIncomplete), + CKR_TEMPLATE_INCONSISTENT => Rv::Error(RvError::TemplateInconsistent), + CKR_TOKEN_NOT_PRESENT => Rv::Error(RvError::TokenNotPresent), + CKR_TOKEN_NOT_RECOGNIZED => Rv::Error(RvError::TokenNotRecognized), + CKR_TOKEN_WRITE_PROTECTED => Rv::Error(RvError::TokenWriteProtected), + CKR_UNWRAPPING_KEY_HANDLE_INVALID => Rv::Error(RvError::UnwrappingKeyHandleInvalid), + CKR_UNWRAPPING_KEY_SIZE_RANGE => Rv::Error(RvError::UnwrappingKeySizeRange), + CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT => { + Rv::Error(RvError::UnwrappingKeyTypeInconsistent) + } + CKR_USER_ALREADY_LOGGED_IN => Rv::Error(RvError::UserAlreadyLoggedIn), + CKR_USER_NOT_LOGGED_IN => Rv::Error(RvError::UserNotLoggedIn), + CKR_USER_PIN_NOT_INITIALIZED => Rv::Error(RvError::UserPinNotInitialized), + CKR_USER_TYPE_INVALID => Rv::Error(RvError::UserTypeInvalid), + CKR_USER_ANOTHER_ALREADY_LOGGED_IN => Rv::Error(RvError::UserAnotherAlreadyLoggedIn), + CKR_USER_TOO_MANY_TYPES => Rv::Error(RvError::UserTooManyTypes), + CKR_WRAPPED_KEY_INVALID => Rv::Error(RvError::WrappedKeyInvalid), + CKR_WRAPPED_KEY_LEN_RANGE => Rv::Error(RvError::WrappedKeyLenRange), + CKR_WRAPPING_KEY_HANDLE_INVALID => Rv::Error(RvError::WrappingKeyHandleInvalid), + CKR_WRAPPING_KEY_SIZE_RANGE => Rv::Error(RvError::WrappingKeySizeRange), + CKR_WRAPPING_KEY_TYPE_INCONSISTENT => Rv::Error(RvError::WrappingKeyTypeInconsistent), + CKR_RANDOM_SEED_NOT_SUPPORTED => Rv::Error(RvError::RandomSeedNotSupported), + CKR_RANDOM_NO_RNG => Rv::Error(RvError::RandomNoRng), + CKR_DOMAIN_PARAMS_INVALID => Rv::Error(RvError::DomainParamsInvalid), + CKR_BUFFER_TOO_SMALL => Rv::Error(RvError::BufferTooSmall), + CKR_SAVED_STATE_INVALID => Rv::Error(RvError::SavedStateInvalid), + CKR_INFORMATION_SENSITIVE => Rv::Error(RvError::InformationSensitive), + CKR_STATE_UNSAVEABLE => Rv::Error(RvError::StateUnsaveable), + CKR_CRYPTOKI_NOT_INITIALIZED => Rv::Error(RvError::CryptokiNotInitialized), + CKR_CRYPTOKI_ALREADY_INITIALIZED => Rv::Error(RvError::CryptokiAlreadyInitialized), + CKR_MUTEX_BAD => Rv::Error(RvError::MutexBad), + CKR_MUTEX_NOT_LOCKED => Rv::Error(RvError::MutexNotLocked), + CKR_NEW_PIN_MODE => Rv::Error(RvError::NewPinMode), + CKR_NEXT_OTP => Rv::Error(RvError::NextOtp), + CKR_EXCEEDED_MAX_ITERATIONS => Rv::Error(RvError::ExceededMaxIterations), + CKR_FIPS_SELF_TEST_FAILED => Rv::Error(RvError::FipsSelfTestFailed), + CKR_LIBRARY_LOAD_FAILED => Rv::Error(RvError::LibraryLoadFailed), + CKR_PIN_TOO_WEAK => Rv::Error(RvError::PinTooWeak), + CKR_PUBLIC_KEY_INVALID => Rv::Error(RvError::PublicKeyInvalid), + CKR_FUNCTION_REJECTED => Rv::Error(RvError::FunctionRejected), + CKR_VENDOR_DEFINED => Rv::Error(RvError::VendorDefined), + other => { + error!( + "Can not find a corresponding error for {}, converting to GeneralError.", + other + ); + Rv::Error(RvError::GeneralError) + } + } + } +} + +#[derive(Debug, PartialEq)] +/// Description of a return value error +pub enum RvError { + /// When a function executing in serial with an application decides to give the application a chance to do some work, it calls an application-supplied function with a CKN_SURRENDER callback (see Section 5.16). If the callback returns the value CKR_CANCEL, then the function aborts and returns CKR_FUNCTION_CANCELED. + Cancel, + /// The computer that the Cryptoki library is running on has insufficient memory to perform the requested function. + HostMemory, + /// The specified slot ID is not valid. + SlotIdInvalid, + /// Some horrible, unrecoverable error has occurred. In the worst case, it is possible that the function only partially succeeded, and that the computer and/or token is in an inconsistent state. + GeneralError, + /// The requested function could not be performed, but detailed information about why not is not available in this error return. If the failed function uses a session, it is possible that the CK_SESSION_INFO structure that can be obtained by calling C_GetSessionInfo will hold useful information about what happened in its ulDeviceError field. In any event, although the function call failed, the situation is not necessarily totally hopeless, as it is likely to be when CKR_GENERAL_ERROR is returned. Depending on what the root cause of the error actually was, it is possible that an attempt to make the exact same function call again would succeed. + FunctionFailed, + /// This is a rather generic error code which indicates that the arguments supplied to the Cryptoki function were in some way not appropriate. + ArgumentsBad, + /// This value can only be returned by C_GetSlotEvent. It is returned when C_GetSlotEvent is called in non-blocking mode and there are no new slot events to return. + NoEvent, + /// This value can only be returned by C_Initialize. It is returned when two conditions hold: 1. The application called C_Initialize in a way which tells the Cryptoki library that application threads executing calls to the library cannot use native operating system methods to spawn new threads. 2. The library cannot function properly without being able to spawn new threads in the above fashion. + NeedToCreateThreads, + /// This value can only be returned by C_Initialize. It means that the type of locking requested by the application for thread-safety is not available in this library, and so the application cannot make use of this library in the specified fashion. + CantLock, + /// An attempt was made to set a value for an attribute which may not be set by the application, or which may not be modified by the application. See Section 4.1 for more information. + AttributeReadOnly, + /// An attempt was made to obtain the value of an attribute of an object which cannot be satisfied because the object is either sensitive or un-extractable. + AttributeSensitive, + /// An invalid attribute type was specified in a template. See Section 4.1 for more information. + AttributeTypeInvalid, + /// An invalid value was specified for a particular attribute in a template. See Section 4.1 for more information. + AttributeValueInvalid, + /// This value can only be returned by C_CopyObject, C_SetAttributeValue and C_DestroyObject. It denotes that the action may not be taken, either because of underlying policy restrictions on the token, or because the object has the the relevant CKA_COPYABLE, CKA_MODIFIABLE or CKA_DESTROYABLE policy attribute set to CK_FALSE. + ActionProhibited, + /// The plaintext input data to a cryptographic operation is invalid. This return value has lower priority than CKR_DATA_LEN_RANGE. + DataInvalid, + /// The plaintext input data to a cryptographic operation has a bad length. Depending on the operation’s mechanism, this could mean that the plaintext data is too short, too long, or is not a multiple of some particular block size. This return value has higher priority than CKR_DATA_INVALID. + DataLenRange, + /// Some problem has occurred with the token and/or slot. This error code can be returned by more than just the functions mentioned above; in particular, it is possible for C_GetSlotInfo to return CKR_DEVICE_ERROR. + DeviceError, + /// The token does not have sufficient memory to perform the requested function. + DeviceMemory, + /// The token was removed from its slot during the execution of the function. + DeviceRemoved, + /// The encrypted input to a decryption operation has been determined to be invalid ciphertext. This return value has lower priority than CKR_ENCRYPTED_DATA_LEN_RANGE. + EncryptedDataInvalid, + /// The ciphertext input to a decryption operation has been determined to be invalid ciphertext solely on the basis of its length. Depending on the operation’s mechanism, this could mean that the ciphertext is too short, too long, or is not a multiple of some particular block size. This return value has higher priority than CKR_ENCRYPTED_DATA_INVALID. + EncryptedDataLenRange, + /// The function was canceled in mid-execution. This happens to a cryptographic function if the function makes a CKN_SURRENDER application callback which returns CKR_CANCEL (see CKR_CANCEL). It also happens to a function that performs PIN entry through a protected path. The method used to cancel a protected path PIN entry operation is device dependent. + FunctionCanceled, + /// There is currently no function executing in parallel in the specified session. This is a legacy error code which is only returned by the legacy functions C_GetFunctionStatus and C_CancelFunction. + FunctionNotParallel, + /// The requested function is not supported by this Cryptoki library. Even unsupported functions in the Cryptoki API should have a “stub” in the library; this stub should simply return the value CKR_FUNCTION_NOT_SUPPORTED. + FunctionNotSupported, + /// This curve is not supported by this token. Used with Elliptic Curve mechanisms. + CurveNotSupported, + /// The specified key handle is not valid. It may be the case that the specified handle is a valid handle for an object which is not a key. We reiterate here that 0 is never a valid key handle. + KeyHandleInvalid, + /// Although the requested keyed cryptographic operation could in principle be carried out, this Cryptoki library (or the token) is unable to actually do it because the supplied key‘s size is outside the range of key sizes that it can handle. + KeySizeRange, + /// The specified key is not the correct type of key to use with the specified mechanism. This return value has a higher priority than CKR_KEY_FUNCTION_NOT_PERMITTED. + KeyTypeInconsistent, + /// An extraneous key was supplied to C_SetOperationState. For example, an attempt was made to restore a session that had been performing a message digesting operation, and an encryption key was supplied. + KeyNotNeeded, + /// This value is only returned by C_SetOperationState. It indicates that one of the keys specified is not the same key that was being used in the original saved session. + KeyChanged, + /// This value is only returned by C_SetOperationState. It indicates that the session state cannot be restored because C_SetOperationState needs to be supplied with one or more keys that were being used in the original saved session. + KeyNeeded, + /// This error code can only be returned by C_DigestKey. It indicates that the value of the specified key cannot be digested for some reason (perhaps the key isn’t a secret key, or perhaps the token simply can’t digest this kind of key). + KeyIndigestible, + /// An attempt has been made to use a key for a cryptographic purpose that the key’s attributes are not set to allow it to do. For example, to use a key for performing encryption, that key MUST have its CKA_ENCRYPT attribute set to CK_TRUE (the fact that the key MUST have a CKA_ENCRYPT attribute implies that the key cannot be a private key). This return value has lower priority than CKR_KEY_TYPE_INCONSISTENT. + KeyFunctionNotPermitted, + /// Although the specified private or secret key does not have its CKA_EXTRACTABLE attribute set to CK_FALSE, Cryptoki (or the token) is unable to wrap the key as requested (possibly the token can only wrap a given key with certain types of keys, and the wrapping key specified is not one of these types). Compare with CKR_KEY_UNEXTRACTABLE. + KeyNotWrappable, + /// The specified private or secret key can’t be wrapped because its CKA_EXTRACTABLE attribute is set to CK_FALSE. Compare with CKR_KEY_NOT_WRAPPABLE. + KeyUnextractable, + /// An invalid mechanism was specified to the cryptographic operation. This error code is an appropriate return value if an unknown mechanism was specified or if the mechanism specified cannot be used in the selected token with the selected function. + MechanismInvalid, + /// Invalid parameters were supplied to the mechanism specified to the cryptographic operation. Which parameter values are supported by a given mechanism can vary from token to token. + MechanismParamInvalid, + /// The specified object handle is not valid. We reiterate here that 0 is never a valid object handle. + ObjectHandleInvalid, + /// There is already an active operation (or combination of active operations) which prevents Cryptoki from activating the specified operation. For example, an active object-searching operation would prevent Cryptoki from activating an encryption operation with C_EncryptInit. Or, an active digesting operation and an active encryption operation would prevent Cryptoki from activating a signature operation. Or, on a token which doesn’t support simultaneous dual cryptographic operations in a session (see the description of the CKF_DUAL_CRYPTO_OPERATIONS flag in the CK_TOKEN_INFO structure), an active signature operation would prevent Cryptoki from activating an encryption operation. + OperationActive, + /// There is no active operation of an appropriate type in the specified session. For example, an application cannot call C_Encrypt in a session without having called C_EncryptInit first to activate an encryption operation. + OperationNotInitialized, + /// The specified PIN is incorrect, i.e., does not match the PIN stored on the token. More generally-- when authentication to the token involves something other than a PIN-- the attempt to authenticate the user has failed. + PinIncorrect, + /// The specified PIN has invalid characters in it. This return code only applies to functions which attempt to set a PIN. + PinInvalid, + /// The specified PIN is too long or too short. This return code only applies to functions which attempt to set a PIN. + PinLenRange, + /// The specified PIN has expired, and the requested operation cannot be carried out unless C_SetPIN is called to change the PIN value. Whether or not the normal user’s PIN on a token ever expires varies from token to token. + PinExpired, + /// The specified PIN is “locked”, and cannot be used. That is, because some particular number of failed authentication attempts has been reached, the token is unwilling to permit further attempts at authentication. Depending on the token, the specified PIN may or may not remain locked indefinitely. + PinLocked, + /// The session was closed during the execution of the function. Note that, as stated in [PKCS11-UG], the behavior of Cryptoki is undefined if multiple threads of an application attempt to access a common Cryptoki session simultaneously. Therefore, there is actually no guarantee that a function invocation could ever return the value CKR_SESSION_CLOSED. An example of multiple threads accessing a common session simultaneously is where one thread is using a session when another thread closes that same session. + SessionClosed, + /// This value can only be returned by C_OpenSession. It indicates that the attempt to open a session failed, either because the token has too many sessions already open, or because the token has too many read/write sessions already open. + SessionCount, + /// The specified session handle was invalid at the time that the function was invoked. Note that this can happen if the session’s token is removed before the function invocation, since removing a token closes all sessions with it. + SessionHandleInvalid, + /// The specified token does not support parallel sessions. This is a legacy error code—in Cryptoki Version 2.01 and up, no token supports parallel sessions. CKR_SESSION_PARALLEL_NOT_SUPPORTED can only be returned by C_OpenSession, and it is only returned when C_OpenSession is called in a particular [deprecated] way. + SessionParallelNotSupported, + /// The specified session was unable to accomplish the desired action because it is a read-only session. This return value has lower priority than CKR_TOKEN_WRITE_PROTECTED. + SessionReadOnly, + /// This value can only be returned by C_InitToken. It indicates that a session with the token is already open, and so the token cannot be initialized. + SessionExists, + /// A read-only session already exists, and so the SO cannot be logged in. + SessionReadOnlyExists, + /// A read/write SO session already exists, and so a read-only session cannot be opened. + SessionReadWriteSoExists, + /// The provided signature/MAC is invalid. This return value has lower priority than CKR_SIGNATURE_LEN_RANGE. + SignatureInvalid, + /// The provided signature/MAC can be seen to be invalid solely on the basis of its length. This return value has higher priority than CKR_SIGNATURE_INVALID. + SignatureLenRange, + /// The template specified for creating an object is incomplete, and lacks some necessary attributes. See Section 4.1 for more information. + TemplateIncomplete, + /// The template specified for creating an object has conflicting attributes. See Section 4.1 for more information. + TemplateInconsistent, + /// The token was not present in its slot at the time that the function was invoked. + TokenNotPresent, + /// The Cryptoki library and/or slot does not recognize the token in the slot. + TokenNotRecognized, + /// The requested action could not be performed because the token is write-protected. This return value has higher priority than CKR_SESSION_READ_ONLY. + TokenWriteProtected, + /// This value can only be returned by C_UnwrapKey. It indicates that the key handle specified to be used to unwrap another key is not valid. + UnwrappingKeyHandleInvalid, + /// This value can only be returned by C_UnwrapKey. It indicates that although the requested unwrapping operation could in principle be carried out, this Cryptoki library (or the token) is unable to actually do it because the supplied key’s size is outside the range of key sizes that it can handle. + UnwrappingKeySizeRange, + /// This value can only be returned by C_UnwrapKey. It indicates that the type of the key specified to unwrap another key is not consistent with the mechanism specified for unwrapping. + UnwrappingKeyTypeInconsistent, + /// This value can only be returned by C_Login. It indicates that the specified user cannot be logged into the session, because it is already logged into the session. For example, if an application has an open SO session, and it attempts to log the SO into it, it will receive this error code. + UserAlreadyLoggedIn, + /// The desired action cannot be performed because the appropriate user (or an appropriate user) is not logged in. One example is that a session cannot be logged out unless it is logged in. Another example is that a private object cannot be created on a token unless the session attempting to create it is logged in as the normal user. A final example is that cryptographic operations on certain tokens cannot be performed unless the normal user is logged in. + UserNotLoggedIn, + /// This value can only be returned by C_Login. It indicates that the normal user’s PIN has not yet been initialized with C_InitPIN. + UserPinNotInitialized, + /// An invalid value was specified as a CK_USER_TYPE. Valid types are CKU_SO, CKU_USER, and CKU_CONTEXT_SPECIFIC. + UserTypeInvalid, + /// This value can only be returned by C_Login. It indicates that the specified user cannot be logged into the session, because another user is already logged into the session. For example, if an application has an open SO session, and it attempts to log the normal user into it, it will receive this error code. + UserAnotherAlreadyLoggedIn, + /// An attempt was made to have more distinct users simultaneously logged into the token than the token and/or library permits. For example, if some application has an open SO session, and another application attempts to log the normal user into a session, the attempt may return this error. It is not required to, however. Only if the simultaneous distinct users cannot be supported does C_Login have to return this value. Note that this error code generalizes to true multi-user tokens. + UserTooManyTypes, + /// This value can only be returned by C_UnwrapKey. It indicates that the provided wrapped key is not valid. If a call is made to C_UnwrapKey to unwrap a particular type of key (i.e., some particular key type is specified in the template provided to C_UnwrapKey), and the wrapped key provided to C_UnwrapKey is recognizably not a wrapped key of the proper type, then C_UnwrapKey should return CKR_WRAPPED_KEY_INVALID. This return value has lower priority than CKR_WRAPPED_KEY_LEN_RANGE. + WrappedKeyInvalid, + /// This value can only be returned by C_UnwrapKey. It indicates that the provided wrapped key can be seen to be invalid solely on the basis of its length. This return value has higher priority than CKR_WRAPPED_KEY_INVALID. + WrappedKeyLenRange, + /// This value can only be returned by C_WrapKey. It indicates that the key handle specified to be used to wrap another key is not valid. + WrappingKeyHandleInvalid, + /// This value can only be returned by C_WrapKey. It indicates that although the requested wrapping operation could in principle be carried out, this Cryptoki library (or the token) is unable to actually do it because the supplied wrapping key’s size is outside the range of key sizes that it can handle. + WrappingKeySizeRange, + /// This value can only be returned by C_WrapKey. It indicates that the type of the key specified to wrap another key is not consistent with the mechanism specified for wrapping. + WrappingKeyTypeInconsistent, + /// This value can only be returned by C_SeedRandom. It indicates that the token’s random number generator does not accept seeding from an application. This return value has lower priority than CKR_RANDOM_NO_RNG. + RandomSeedNotSupported, + /// This value can be returned by C_SeedRandom and C_GenerateRandom. It indicates that the specified token doesn’t have a random number generator. This return value has higher priority than CKR_RANDOM_SEED_NOT_SUPPORTED. + RandomNoRng, + /// Invalid or unsupported domain parameters were supplied to the function. Which representation methods of domain parameters are supported by a given mechanism can vary from token to token. + DomainParamsInvalid, + /// The output of the function is too large to fit in the supplied buffer. + BufferTooSmall, + /// This value can only be returned by C_SetOperationState. It indicates that the supplied saved cryptographic operations state is invalid, and so it cannot be restored to the specified session. + SavedStateInvalid, + /// The information requested could not be obtained because the token considers it sensitive, and is not able or willing to reveal it. + InformationSensitive, + /// The cryptographic operations state of the specified session cannot be saved for some reason (possibly the token is simply unable to save the current state). This return value has lower priority than CKR_OPERATION_NOT_INITIALIZED. + StateUnsaveable, + /// This value can be returned by any function other than C_Initialize and C_GetFunctionList. It indicates that the function cannot be executed because the Cryptoki library has not yet been initialized by a call to C_Initialize. + CryptokiNotInitialized, + /// This value can only be returned by C_Initialize. It means that the Cryptoki library has already been initialized (by a previous call to C_Initialize which did not have a matching C_Finalize call). + CryptokiAlreadyInitialized, + /// This error code can be returned by mutex-handling functions that are passed a bad mutex object as an argument. Unfortunately, it is possible for such a function not to recognize a bad mutex object. There is therefore no guarantee that such a function will successfully detect bad mutex objects and return this value. + MutexBad, + /// This error code can be returned by mutex-unlocking functions. It indicates that the mutex supplied to the mutex-unlocking function was not locked. + MutexNotLocked, + /// CKR_NEW_PIN_MODE + NewPinMode, + /// CKR_NEXT_OTP + NextOtp, + /// An iterative algorithm (for key pair generation, domain parameter generation etc.) failed because we have exceeded the maximum number of iterations. This error code has precedence over CKR_FUNCTION_FAILED. Examples of iterative algorithms include DSA signature generation (retry if either r = 0 or s = 0) and generation of DSA primes p and q specified in FIPS 186-4. + ExceededMaxIterations, + /// A FIPS 140-2 power-up self-test or conditional self-test failed. The token entered an error state. Future calls to cryptographic functions on the token will return CKR_GENERAL_ERROR. CKR_FIPS_SELF_TEST_FAILED has a higher precedence over CKR_GENERAL_ERROR. This error may be returned by C_Initialize, if a power-up self-test failed, by C_GenerateRandom or C_SeedRandom, if the continuous random number generator test failed, or by C_GenerateKeyPair, if the pair-wise consistency test failed. + FipsSelfTestFailed, + /// The Cryptoki library could not load a dependent shared library. + LibraryLoadFailed, + /// The specified PIN is too weak so that it could be easy to guess. If the PIN is too short, CKR_PIN_LEN_RANGE should be returned instead. This return code only applies to functions which attempt to set a PIN. + PinTooWeak, + /// The public key fails a public key validation. For example, an EC public key fails the public key validation specified in Section 5.2.2 of ANSI X9.62. This error code may be returned by C_CreateObject, when the public key is created, or by C_VerifyInit or C_VerifyRecoverInit, when the public key is used. It may also be returned by C_DeriveKey, in preference to CKR_MECHANISM_PARAM_INVALID, if the other party's public key specified in the mechanism's parameters is invalid. + PublicKeyInvalid, + /// The signature request is rejected by the user. + FunctionRejected, + /// CKR_VENDOR_DEFINED + VendorDefined, +} + +impl fmt::Display for RvError { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + match self { + RvError::Cancel => write!(f, "When a function executing in serial with an application decides to give the application a chance to do some work, it calls an application-supplied function with a CKN_SURRENDER callback (see Section 5.16). If the callback returns the value CKR_CANCEL, then the function aborts and returns CKR_FUNCTION_CANCELED."), + RvError::HostMemory => write!(f, "The computer that the Cryptoki library is running on has insufficient memory to perform the requested function."), + RvError::SlotIdInvalid => write!(f, "The specified slot ID is not valid."), + RvError::GeneralError => write!(f, "Some horrible, unrecoverable error has occurred. In the worst case, it is possible that the function only partially succeeded, and that the computer and/or token is in an inconsistent state."), + RvError::FunctionFailed => write!(f, "The requested function could not be performed, but detailed information about why not is not available in this error return. If the failed function uses a session, it is possible that the CK_SESSION_INFO structure that can be obtained by calling C_GetSessionInfo will hold useful information about what happened in its ulDeviceError field. In any event, although the function call failed, the situation is not necessarily totally hopeless, as it is likely to be when CKR_GENERAL_ERROR is returned. Depending on what the root cause of the error actually was, it is possible that an attempt to make the exact same function call again would succeed."), + RvError::ArgumentsBad => write!(f, "This is a rather generic error code which indicates that the arguments supplied to the Cryptoki function were in some way not appropriate."), + RvError::NoEvent => write!(f, "This value can only be returned by C_GetSlotEvent. It is returned when C_GetSlotEvent is called in non-blocking mode and there are no new slot events to return."), + RvError::NeedToCreateThreads => write!(f, "This value can only be returned by C_Initialize. It is returned when two conditions hold: 1. The application called C_Initialize in a way which tells the Cryptoki library that application threads executing calls to the library cannot use native operating system methods to spawn new threads. 2. The library cannot function properly without being able to spawn new threads in the above fashion."), + RvError::CantLock => write!(f, "This value can only be returned by C_Initialize. It means that the type of locking requested by the application for thread-safety is not available in this library, and so the application cannot make use of this library in the specified fashion."), + RvError::AttributeReadOnly => write!(f, "An attempt was made to set a value for an attribute which may not be set by the application, or which may not be modified by the application. See Section 4.1 for more information."), + RvError::AttributeSensitive => write!(f, "An attempt was made to obtain the value of an attribute of an object which cannot be satisfied because the object is either sensitive or un-extractable."), + RvError::AttributeTypeInvalid => write!(f, "An invalid attribute type was specified in a template. See Section 4.1 for more information."), + RvError::AttributeValueInvalid => write!(f, "An invalid value was specified for a particular attribute in a template. See Section 4.1 for more information."), + RvError::ActionProhibited => write!(f, " This value can only be returned by C_CopyObject, C_SetAttributeValue and C_DestroyObject. It denotes that the action may not be taken, either because of underlying policy restrictions on the token, or because the object has the the relevant CKA_COPYABLE, CKA_MODIFIABLE or CKA_DESTROYABLE policy attribute set to CK_FALSE."), + RvError::DataInvalid => write!(f, "The plaintext input data to a cryptographic operation is invalid. This return value has lower priority than CKR_DATA_LEN_RANGE."), + RvError::DataLenRange => write!(f, "The plaintext input data to a cryptographic operation has a bad length. Depending on the operation’s mechanism, this could mean that the plaintext data is too short, too long, or is not a multiple of some particular block size. This return value has higher priority than CKR_DATA_INVALID."), + RvError::DeviceError => write!(f, "Some problem has occurred with the token and/or slot. This error code can be returned by more than just the functions mentioned above; in particular, it is possible for C_GetSlotInfo to return CKR_DEVICE_ERROR."), + RvError::DeviceMemory => write!(f, "The token does not have sufficient memory to perform the requested function."), + RvError::DeviceRemoved => write!(f, "The token was removed from its slot during the execution of the function."), + RvError::EncryptedDataInvalid => write!(f, "The encrypted input to a decryption operation has been determined to be invalid ciphertext. This return value has lower priority than CKR_ENCRYPTED_DATA_LEN_RANGE."), + RvError::EncryptedDataLenRange => write!(f, "The ciphertext input to a decryption operation has been determined to be invalid ciphertext solely on the basis of its length. Depending on the operation’s mechanism, this could mean that the ciphertext is too short, too long, or is not a multiple of some particular block size. This return value has higher priority than CKR_ENCRYPTED_DATA_INVALID."), + RvError::FunctionCanceled => write!(f, "The function was canceled in mid-execution. This happens to a cryptographic function if the function makes a CKN_SURRENDER application callback which returns CKR_CANCEL (see CKR_CANCEL). It also happens to a function that performs PIN entry through a protected path. The method used to cancel a protected path PIN entry operation is device dependent."), + RvError::FunctionNotParallel => write!(f, "There is currently no function executing in parallel in the specified session. This is a legacy error code which is only returned by the legacy functions C_GetFunctionStatus and C_CancelFunction."), + RvError::FunctionNotSupported => write!(f, "The requested function is not supported by this Cryptoki library. Even unsupported functions in the Cryptoki API should have a “stub” in the library; this stub should simply return the value CKR_FUNCTION_NOT_SUPPORTED."), + RvError::CurveNotSupported => write!(f, " This curve is not supported by this token. Used with Elliptic Curve mechanisms."), + RvError::KeyHandleInvalid => write!(f, "The specified key handle is not valid. It may be the case that the specified handle is a valid handle for an object which is not a key. We reiterate here that 0 is never a valid key handle."), + RvError::KeySizeRange => write!(f, "Although the requested keyed cryptographic operation could in principle be carried out, this Cryptoki library (or the token) is unable to actually do it because the supplied key‘s size is outside the range of key sizes that it can handle."), + RvError::KeyTypeInconsistent => write!(f, "The specified key is not the correct type of key to use with the specified mechanism. This return value has a higher priority than CKR_KEY_FUNCTION_NOT_PERMITTED."), + RvError::KeyNotNeeded => write!(f, "An extraneous key was supplied to C_SetOperationState. For example, an attempt was made to restore a session that had been performing a message digesting operation, and an encryption key was supplied."), + RvError::KeyChanged => write!(f, "This value is only returned by C_SetOperationState. It indicates that one of the keys specified is not the same key that was being used in the original saved session."), + RvError::KeyNeeded => write!(f, "This value is only returned by C_SetOperationState. It indicates that the session state cannot be restored because C_SetOperationState needs to be supplied with one or more keys that were being used in the original saved session."), + RvError::KeyIndigestible => write!(f, "This error code can only be returned by C_DigestKey. It indicates that the value of the specified key cannot be digested for some reason (perhaps the key isn’t a secret key, or perhaps the token simply can’t digest this kind of key)."), + RvError::KeyFunctionNotPermitted => write!(f, "An attempt has been made to use a key for a cryptographic purpose that the key’s attributes are not set to allow it to do. For example, to use a key for performing encryption, that key MUST have its CKA_ENCRYPT attribute set to CK_TRUE (the fact that the key MUST have a CKA_ENCRYPT attribute implies that the key cannot be a private key). This return value has lower priority than CKR_KEY_TYPE_INCONSISTENT."), + RvError::KeyNotWrappable => write!(f, "Although the specified private or secret key does not have its CKA_EXTRACTABLE attribute set to CK_FALSE, Cryptoki (or the token) is unable to wrap the key as requested (possibly the token can only wrap a given key with certain types of keys, and the wrapping key specified is not one of these types). Compare with CKR_KEY_UNEXTRACTABLE."), + RvError::KeyUnextractable => write!(f, "The specified private or secret key can’t be wrapped because its CKA_EXTRACTABLE attribute is set to CK_FALSE. Compare with CKR_KEY_NOT_WRAPPABLE."), + RvError::MechanismInvalid => write!(f, "An invalid mechanism was specified to the cryptographic operation. This error code is an appropriate return value if an unknown mechanism was specified or if the mechanism specified cannot be used in the selected token with the selected function."), + RvError::MechanismParamInvalid => write!(f, "Invalid parameters were supplied to the mechanism specified to the cryptographic operation. Which parameter values are supported by a given mechanism can vary from token to token."), + RvError::ObjectHandleInvalid => write!(f, "The specified object handle is not valid. We reiterate here that 0 is never a valid object handle."), + RvError::OperationActive => write!(f, "There is already an active operation (or combination of active operations) which prevents Cryptoki from activating the specified operation. For example, an active object-searching operation would prevent Cryptoki from activating an encryption operation with C_EncryptInit. Or, an active digesting operation and an active encryption operation would prevent Cryptoki from activating a signature operation. Or, on a token which doesn’t support simultaneous dual cryptographic operations in a session (see the description of the CKF_DUAL_CRYPTO_OPERATIONS flag in the CK_TOKEN_INFO structure), an active signature operation would prevent Cryptoki from activating an encryption operation."), + RvError::OperationNotInitialized => write!(f, "There is no active operation of an appropriate type in the specified session. For example, an application cannot call C_Encrypt in a session without having called C_EncryptInit first to activate an encryption operation."), + RvError::PinIncorrect => write!(f, "The specified PIN is incorrect, i.e., does not match the PIN stored on the token. More generally-- when authentication to the token involves something other than a PIN-- the attempt to authenticate the user has failed."), + RvError::PinInvalid => write!(f, "The specified PIN has invalid characters in it. This return code only applies to functions which attempt to set a PIN."), + RvError::PinLenRange => write!(f, "The specified PIN is too long or too short. This return code only applies to functions which attempt to set a PIN."), + RvError::PinExpired => write!(f, "The specified PIN has expired, and the requested operation cannot be carried out unless C_SetPIN is called to change the PIN value. Whether or not the normal user’s PIN on a token ever expires varies from token to token."), + RvError::PinLocked => write!(f, "The specified PIN is “locked”, and cannot be used. That is, because some particular number of failed authentication attempts has been reached, the token is unwilling to permit further attempts at authentication. Depending on the token, the specified PIN may or may not remain locked indefinitely."), + RvError::SessionClosed => write!(f, "The session was closed during the execution of the function. Note that, as stated in [PKCS11-UG], the behavior of Cryptoki is undefined if multiple threads of an application attempt to access a common Cryptoki session simultaneously. Therefore, there is actually no guarantee that a function invocation could ever return the value CKR_SESSION_CLOSED. An example of multiple threads accessing a common session simultaneously is where one thread is using a session when another thread closes that same session."), + RvError::SessionCount => write!(f, "This value can only be returned by C_OpenSession. It indicates that the attempt to open a session failed, either because the token has too many sessions already open, or because the token has too many read/write sessions already open."), + RvError::SessionHandleInvalid => write!(f, "The specified session handle was invalid at the time that the function was invoked. Note that this can happen if the session’s token is removed before the function invocation, since removing a token closes all sessions with it."), + RvError::SessionParallelNotSupported => write!(f, "The specified token does not support parallel sessions. This is a legacy error code—in Cryptoki Version 2.01 and up, no token supports parallel sessions. CKR_SESSION_PARALLEL_NOT_SUPPORTED can only be returned by C_OpenSession, and it is only returned when C_OpenSession is called in a particular [deprecated] way."), + RvError::SessionReadOnly => write!(f, "The specified session was unable to accomplish the desired action because it is a read-only session. This return value has lower priority than CKR_TOKEN_WRITE_PROTECTED."), + RvError::SessionExists => write!(f, "This value can only be returned by C_InitToken. It indicates that a session with the token is already open, and so the token cannot be initialized."), + RvError::SessionReadOnlyExists => write!(f, "A read-only session already exists, and so the SO cannot be logged in."), + RvError::SessionReadWriteSoExists => write!(f, "A read/write SO session already exists, and so a read-only session cannot be opened."), + RvError::SignatureInvalid => write!(f, "The provided signature/MAC is invalid. This return value has lower priority than CKR_SIGNATURE_LEN_RANGE."), + RvError::SignatureLenRange => write!(f, "The provided signature/MAC can be seen to be invalid solely on the basis of its length. This return value has higher priority than CKR_SIGNATURE_INVALID."), + RvError::TemplateIncomplete => write!(f, "The template specified for creating an object is incomplete, and lacks some necessary attributes. See Section 4.1 for more information."), + RvError::TemplateInconsistent => write!(f, "The template specified for creating an object has conflicting attributes. See Section 4.1 for more information."), + RvError::TokenNotPresent => write!(f, "The token was not present in its slot at the time that the function was invoked."), + RvError::TokenNotRecognized => write!(f, "The Cryptoki library and/or slot does not recognize the token in the slot."), + RvError::TokenWriteProtected => write!(f, "The requested action could not be performed because the token is write-protected. This return value has higher priority than CKR_SESSION_READ_ONLY."), + RvError::UnwrappingKeyHandleInvalid => write!(f, "This value can only be returned by C_UnwrapKey. It indicates that the key handle specified to be used to unwrap another key is not valid."), + RvError::UnwrappingKeySizeRange => write!(f, "This value can only be returned by C_UnwrapKey. It indicates that although the requested unwrapping operation could in principle be carried out, this Cryptoki library (or the token) is unable to actually do it because the supplied key’s size is outside the range of key sizes that it can handle."), + RvError::UnwrappingKeyTypeInconsistent => write!(f, "This value can only be returned by C_UnwrapKey. It indicates that the type of the key specified to unwrap another key is not consistent with the mechanism specified for unwrapping."), + RvError::UserAlreadyLoggedIn => write!(f, "This value can only be returned by C_Login. It indicates that the specified user cannot be logged into the session, because it is already logged into the session. For example, if an application has an open SO session, and it attempts to log the SO into it, it will receive this error code."), + RvError::UserNotLoggedIn => write!(f, "The desired action cannot be performed because the appropriate user (or an appropriate user) is not logged in. One example is that a session cannot be logged out unless it is logged in. Another example is that a private object cannot be created on a token unless the session attempting to create it is logged in as the normal user. A final example is that cryptographic operations on certain tokens cannot be performed unless the normal user is logged in."), + RvError::UserPinNotInitialized => write!(f, "This value can only be returned by C_Login. It indicates that the normal user’s PIN has not yet been initialized with C_InitPIN."), + RvError::UserTypeInvalid => write!(f, "An invalid value was specified as a CK_USER_TYPE. Valid types are CKU_SO, CKU_USER, and CKU_CONTEXT_SPECIFIC."), + RvError::UserAnotherAlreadyLoggedIn => write!(f, "This value can only be returned by C_Login. It indicates that the specified user cannot be logged into the session, because another user is already logged into the session. For example, if an application has an open SO session, and it attempts to log the normal user into it, it will receive this error code."), + RvError::UserTooManyTypes => write!(f, "An attempt was made to have more distinct users simultaneously logged into the token than the token and/or library permits. For example, if some application has an open SO session, and another application attempts to log the normal user into a session, the attempt may return this error. It is not required to, however. Only if the simultaneous distinct users cannot be supported does C_Login have to return this value. Note that this error code generalizes to true multi-user tokens."), + RvError::WrappedKeyInvalid => write!(f, "This value can only be returned by C_UnwrapKey. It indicates that the provided wrapped key is not valid. If a call is made to C_UnwrapKey to unwrap a particular type of key (i.e., some particular key type is specified in the template provided to C_UnwrapKey), and the wrapped key provided to C_UnwrapKey is recognizably not a wrapped key of the proper type, then C_UnwrapKey should return CKR_WRAPPED_KEY_INVALID. This return value has lower priority than CKR_WRAPPED_KEY_LEN_RANGE."), + RvError::WrappedKeyLenRange => write!(f, "This value can only be returned by C_UnwrapKey. It indicates that the provided wrapped key can be seen to be invalid solely on the basis of its length. This return value has higher priority than CKR_WRAPPED_KEY_INVALID."), + RvError::WrappingKeyHandleInvalid => write!(f, "This value can only be returned by C_WrapKey. It indicates that the key handle specified to be used to wrap another key is not valid."), + RvError::WrappingKeySizeRange => write!(f, "This value can only be returned by C_WrapKey. It indicates that although the requested wrapping operation could in principle be carried out, this Cryptoki library (or the token) is unable to actually do it because the supplied wrapping key’s size is outside the range of key sizes that it can handle."), + RvError::WrappingKeyTypeInconsistent => write!(f, "This value can only be returned by C_WrapKey. It indicates that the type of the key specified to wrap another key is not consistent with the mechanism specified for wrapping."), + RvError::RandomSeedNotSupported => write!(f, "This value can only be returned by C_SeedRandom. It indicates that the token’s random number generator does not accept seeding from an application. This return value has lower priority than CKR_RANDOM_NO_RNG."), + RvError::RandomNoRng => write!(f, "This value can be returned by C_SeedRandom and C_GenerateRandom. It indicates that the specified token doesn’t have a random number generator. This return value has higher priority than CKR_RANDOM_SEED_NOT_SUPPORTED."), + RvError::DomainParamsInvalid => write!(f, "Invalid or unsupported domain parameters were supplied to the function. Which representation methods of domain parameters are supported by a given mechanism can vary from token to token."), + RvError::BufferTooSmall => write!(f, "The output of the function is too large to fit in the supplied buffer."), + RvError::SavedStateInvalid => write!(f, "This value can only be returned by C_SetOperationState. It indicates that the supplied saved cryptographic operations state is invalid, and so it cannot be restored to the specified session."), + RvError::InformationSensitive => write!(f, "The information requested could not be obtained because the token considers it sensitive, and is not able or willing to reveal it."), + RvError::StateUnsaveable => write!(f, "The cryptographic operations state of the specified session cannot be saved for some reason (possibly the token is simply unable to save the current state). This return value has lower priority than CKR_OPERATION_NOT_INITIALIZED."), + RvError::CryptokiNotInitialized => write!(f, "This value can be returned by any function other than C_Initialize and C_GetFunctionList. It indicates that the function cannot be executed because the Cryptoki library has not yet been initialized by a call to C_Initialize."), + RvError::CryptokiAlreadyInitialized => write!(f, "This value can only be returned by C_Initialize. It means that the Cryptoki library has already been initialized (by a previous call to C_Initialize which did not have a matching C_Finalize call)."), + RvError::MutexBad => write!(f, "This error code can be returned by mutex-handling functions that are passed a bad mutex object as an argument. Unfortunately, it is possible for such a function not to recognize a bad mutex object. There is therefore no guarantee that such a function will successfully detect bad mutex objects and return this value."), + RvError::MutexNotLocked => write!(f, "This error code can be returned by mutex-unlocking functions. It indicates that the mutex supplied to the mutex-unlocking function was not locked."), + RvError::NewPinMode => write!(f, "CKR_NEW_PIN_MODE"), + RvError::NextOtp => write!(f, "CKR_NEXT_OTP"), + RvError::ExceededMaxIterations => write!(f, "An iterative algorithm (for key pair generation, domain parameter generation etc.) failed because we have exceeded the maximum number of iterations. This error code has precedence over CKR_FUNCTION_FAILED. Examples of iterative algorithms include DSA signature generation (retry if either r = 0 or s = 0) and generation of DSA primes p and q specified in FIPS 186-4."), + RvError::FipsSelfTestFailed => write!(f, "A FIPS 140-2 power-up self-test or conditional self-test failed. The token entered an error state. Future calls to cryptographic functions on the token will return CKR_GENERAL_ERROR. CKR_FIPS_SELF_TEST_FAILED has a higher precedence over CKR_GENERAL_ERROR. This error may be returned by C_Initialize, if a power-up self-test failed, by C_GenerateRandom or C_SeedRandom, if the continuous random number generator test failed, or by C_GenerateKeyPair, if the pair-wise consistency test failed."), + RvError::LibraryLoadFailed => write!(f, "The Cryptoki library could not load a dependent shared library."), + RvError::PinTooWeak => write!(f, "The specified PIN is too weak so that it could be easy to guess. If the PIN is too short, CKR_PIN_LEN_RANGE should be returned instead. This return code only applies to functions which attempt to set a PIN."), + RvError::PublicKeyInvalid => write!(f, "The public key fails a public key validation. For example, an EC public key fails the public key validation specified in Section 5.2.2 of ANSI X9.62. This error code may be returned by C_CreateObject, when the public key is created, or by C_VerifyInit or C_VerifyRecoverInit, when the public key is used. It may also be returned by C_DeriveKey, in preference to CKR_MECHANISM_PARAM_INVALID, if the other party's public key specified in the mechanism's parameters is invalid."), + RvError::FunctionRejected => write!(f, "The signature request is rejected by the user."), + RvError::VendorDefined => write!(f, "CKR_VENDOR_DEFINED"), + } + } +} + +impl From for Error { + fn from(rv_error: RvError) -> Self { + Error::Pkcs11(rv_error) + } +} + +impl Rv { + /// Convert the return value into a standard Result type + pub fn into_result(self) -> Result<()> { + match self { + Rv::Ok => Ok(()), + Rv::Error(rv_error) => Err(Error::Pkcs11(rv_error)), + } + } +} diff --git a/pkcs11/src/new/types/locking.rs b/pkcs11/src/new/types/locking.rs new file mode 100644 index 0000000..ef7819a --- /dev/null +++ b/pkcs11/src/new/types/locking.rs @@ -0,0 +1,31 @@ +//! Locking related type + +use crate::new::types::Flags; +use std::ptr; + +/// Argument for the initialize function +pub enum CInitializeArgs { + /// The library can use the native OS library for locking + OsThreads, + // TODO: add variants for custom mutexes here and no multithreading, safety implications for + // that. +} + +impl From for pkcs11_sys::CK_C_INITIALIZE_ARGS { + fn from(c_initialize_args: CInitializeArgs) -> Self { + let mut flags = Flags::default(); + match c_initialize_args { + CInitializeArgs::OsThreads => { + flags.set_os_locking_ok(true); + Self { + flags: flags.into(), + CreateMutex: None, + DestroyMutex: None, + LockMutex: None, + UnlockMutex: None, + pReserved: ptr::null_mut(), + } + } + } + } +} diff --git a/pkcs11/src/new/types/mechanism/mod.rs b/pkcs11/src/new/types/mechanism/mod.rs new file mode 100644 index 0000000..57c9065 --- /dev/null +++ b/pkcs11/src/new/types/mechanism/mod.rs @@ -0,0 +1,206 @@ +//! Data types for mechanisms + +pub mod rsa; + +use crate::new::Error; +use log::error; +use pkcs11_sys::*; +use std::convert::{TryFrom, TryInto}; +use std::ffi::c_void; +use std::ops::Deref; +use std::ptr::null_mut; + +#[derive(Debug, Clone, PartialEq, Eq)] +// transparent so that a vector of MechanismType should have the same layout than a vector of +// CK_MECHANISM_TYPE. +/// Type of a mechanism +#[repr(transparent)] +pub struct MechanismType { + val: CK_MECHANISM_TYPE, +} + +impl MechanismType { + // RSA + /// PKCS #1 RSA key pair generation mechanism + pub const RSA_PKCS_KEY_PAIR_GEN: MechanismType = MechanismType { + val: CKM_RSA_PKCS_KEY_PAIR_GEN, + }; + /// Multi-purpose mechanism based on the RSA public-key cryptosystem and the block formats + /// initially defined in PKCS #1 v1.5 + pub const RSA_PKCS: MechanismType = MechanismType { val: CKM_RSA_PKCS }; + /// Mechanism based on the RSA public-key cryptosystem and the PSS block format defined in PKCS + /// #1 + pub const RSA_PKCS_PSS: MechanismType = MechanismType { + val: CKM_RSA_PKCS_PSS, + }; + /// Multi-purpose mechanism based on the RSA public-key cryptosystem and the OAEP block format + /// defined in PKCS #1 + pub const RSA_PKCS_OAEP: MechanismType = MechanismType { + val: CKM_RSA_PKCS_OAEP, + }; + + // SHA-n + /// SHA-1 mechanism + pub const SHA1: MechanismType = MechanismType { val: CKM_SHA_1 }; + /// SHA-256 mechanism + pub const SHA256: MechanismType = MechanismType { val: CKM_SHA256 }; + /// SHA-384 mechanism + pub const SHA384: MechanismType = MechanismType { val: CKM_SHA384 }; + /// SHA-512 mechanism + pub const SHA512: MechanismType = MechanismType { val: CKM_SHA512 }; +} + +impl Deref for MechanismType { + type Target = CK_MECHANISM_TYPE; + + fn deref(&self) -> &Self::Target { + &self.val + } +} + +impl From for CK_MECHANISM_TYPE { + fn from(mechanism_type: MechanismType) -> Self { + *mechanism_type + } +} + +impl TryFrom for MechanismType { + type Error = Error; + + fn try_from(mechanism_type: CK_MECHANISM_TYPE) -> Result { + match mechanism_type { + CKM_RSA_PKCS_KEY_PAIR_GEN => Ok(MechanismType::RSA_PKCS_KEY_PAIR_GEN), + CKM_RSA_PKCS => Ok(MechanismType::RSA_PKCS), + CKM_RSA_PKCS_PSS => Ok(MechanismType::RSA_PKCS_PSS), + CKM_RSA_PKCS_OAEP => Ok(MechanismType::RSA_PKCS_OAEP), + CKM_SHA_1 => Ok(MechanismType::SHA1), + CKM_SHA256 => Ok(MechanismType::SHA256), + CKM_SHA384 => Ok(MechanismType::SHA384), + CKM_SHA512 => Ok(MechanismType::SHA512), + other => { + error!("Mechanism type {} is not supported.", other); + Err(Error::NotSupported) + } + } + } +} + +#[derive(Debug, Clone)] +/// Type defining a specific mechanism and its parameters +pub enum Mechanism { + // RSA + /// PKCS #1 RSA key pair generation mechanism + RsaPkcsKeyPairGen, + /// Multi-purpose mechanism based on the RSA public-key cryptosystem and the block formats + /// initially defined in PKCS #1 v1.5 + RsaPkcs, + /// Mechanism based on the RSA public-key cryptosystem and the PSS block format defined in PKCS + /// #1 + RsaPkcsPss(rsa::PkcsPssParams), + /// Multi-purpose mechanism based on the RSA public-key cryptosystem and the OAEP block format + /// defined in PKCS #1 + RsaPkcsOaep(rsa::PkcsOaepParams), + + // SHA-n + /// SHA-1 mechanism + Sha1, + /// SHA-256 mechanism + Sha256, + /// SHA-384 mechanism + Sha384, + /// SHA-512 mechanism + Sha512, +} + +impl Mechanism { + /// Get the type of a mechanism + pub fn mechanism_type(&self) -> MechanismType { + match self { + Mechanism::RsaPkcsKeyPairGen => MechanismType::RSA_PKCS_KEY_PAIR_GEN, + Mechanism::RsaPkcs => MechanismType::RSA_PKCS, + Mechanism::RsaPkcsPss(_) => MechanismType::RSA_PKCS_PSS, + Mechanism::RsaPkcsOaep(_) => MechanismType::RSA_PKCS_OAEP, + + Mechanism::Sha1 => MechanismType::SHA1, + Mechanism::Sha256 => MechanismType::SHA256, + Mechanism::Sha384 => MechanismType::SHA384, + Mechanism::Sha512 => MechanismType::SHA512, + } + } +} + +impl From<&Mechanism> for CK_MECHANISM { + fn from(mech: &Mechanism) -> Self { + let mechanism = mech.mechanism_type().into(); + match mech { + Mechanism::RsaPkcsPss(params) => CK_MECHANISM { + mechanism, + pParameter: params as *const _ as *mut c_void, + ulParameterLen: std::mem::size_of::() + .try_into() + .expect("usize can not fit in CK_ULONG"), + }, + Mechanism::RsaPkcsOaep(params) => CK_MECHANISM { + mechanism, + pParameter: params as *const _ as *mut c_void, + ulParameterLen: std::mem::size_of::() + .try_into() + .expect("usize can not fit in CK_ULONG"), + }, + // Mechanisms without parameters + Mechanism::RsaPkcsKeyPairGen + | Mechanism::RsaPkcs + | Mechanism::Sha1 + | Mechanism::Sha256 + | Mechanism::Sha384 + | Mechanism::Sha512 => CK_MECHANISM { + mechanism, + pParameter: null_mut(), + ulParameterLen: 0, + }, + } + } +} + +#[cfg(feature = "psa-crypto-conversions")] +#[allow(deprecated)] +impl TryFrom for Mechanism { + type Error = Error; + + fn try_from(alg: psa_crypto::types::algorithm::Algorithm) -> Result { + use psa_crypto::types::algorithm::{ + Algorithm, AsymmetricEncryption, AsymmetricSignature, Hash, SignHash, + }; + + match alg { + Algorithm::Hash(Hash::Sha1) => Ok(Mechanism::Sha1), + Algorithm::Hash(Hash::Sha256) => Ok(Mechanism::Sha256), + Algorithm::Hash(Hash::Sha384) => Ok(Mechanism::Sha384), + Algorithm::Hash(Hash::Sha512) => Ok(Mechanism::Sha512), + Algorithm::AsymmetricSignature(AsymmetricSignature::RsaPkcs1v15Sign { .. }) + | Algorithm::AsymmetricEncryption(AsymmetricEncryption::RsaPkcs1v15Crypt { .. }) => { + Ok(Mechanism::RsaPkcs) + } + Algorithm::AsymmetricSignature(AsymmetricSignature::RsaPss { + hash_alg: SignHash::Specific(hash_alg), + }) => Ok(Mechanism::RsaPkcsPss(rsa::PkcsPssParams { + hash_alg: Mechanism::try_from(Algorithm::from(hash_alg))?.mechanism_type(), + mgf: rsa::PkcsMgfType::from_psa_crypto_hash(hash_alg)?, + s_len: hash_alg.hash_length().try_into()?, + })), + Algorithm::AsymmetricEncryption(AsymmetricEncryption::RsaOaep { hash_alg }) => { + Ok(Mechanism::RsaPkcsOaep(rsa::PkcsOaepParams { + hash_alg: Mechanism::try_from(Algorithm::from(hash_alg))?.mechanism_type(), + mgf: rsa::PkcsMgfType::from_psa_crypto_hash(hash_alg)?, + source: rsa::PkcsOaepSourceType::DATA_SPECIFIED, + source_data: std::ptr::null(), + source_data_len: 0.into(), + })) + } + alg => { + error!("{:?} is not a supported algorithm", alg); + Err(Error::NotSupported) + } + } + } +} diff --git a/pkcs11/src/new/types/mechanism/rsa.rs b/pkcs11/src/new/types/mechanism/rsa.rs new file mode 100644 index 0000000..0ffc2aa --- /dev/null +++ b/pkcs11/src/new/types/mechanism/rsa.rs @@ -0,0 +1,184 @@ +//! RSA mechanism types + +use crate::new::types::mechanism::{Mechanism, MechanismType}; +use crate::new::types::Ulong; +use crate::new::{Error, Result}; +use log::error; +use pkcs11_sys::*; +use std::convert::TryFrom; +use std::ffi::c_void; +use std::ops::Deref; + +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +#[repr(transparent)] +/// Message Generation Function (MGF) applied to a message block when formatting a message block +/// for the PKCS #1 OAEP encryption scheme or the PKCS #1 PSS signature scheme. +pub struct PkcsMgfType { + val: CK_RSA_PKCS_MGF_TYPE, +} + +impl PkcsMgfType { + /// MGF1 SHA-1 + pub const MGF1_SHA1: PkcsMgfType = PkcsMgfType { val: CKG_MGF1_SHA1 }; + /// MGF1 SHA-224 + pub const MGF1_SHA224: PkcsMgfType = PkcsMgfType { + val: CKG_MGF1_SHA224, + }; + /// MGF1 SHA-256 + pub const MGF1_SHA256: PkcsMgfType = PkcsMgfType { + val: CKG_MGF1_SHA256, + }; + /// MGF1 SHA-384 + pub const MGF1_SHA384: PkcsMgfType = PkcsMgfType { + val: CKG_MGF1_SHA384, + }; + /// MGF1 SHA-512 + pub const MGF1_SHA512: PkcsMgfType = PkcsMgfType { + val: CKG_MGF1_SHA512, + }; +} + +impl Deref for PkcsMgfType { + type Target = CK_RSA_PKCS_MGF_TYPE; + + fn deref(&self) -> &Self::Target { + &self.val + } +} + +impl From for CK_RSA_PKCS_MGF_TYPE { + fn from(mgf_type: PkcsMgfType) -> Self { + *mgf_type + } +} + +impl TryFrom for PkcsMgfType { + type Error = Error; + + fn try_from(mgf_type: CK_RSA_PKCS_MGF_TYPE) -> Result { + match mgf_type { + CKG_MGF1_SHA1 => Ok(PkcsMgfType::MGF1_SHA1), + CKG_MGF1_SHA224 => Ok(PkcsMgfType::MGF1_SHA224), + CKG_MGF1_SHA256 => Ok(PkcsMgfType::MGF1_SHA256), + CKG_MGF1_SHA384 => Ok(PkcsMgfType::MGF1_SHA384), + CKG_MGF1_SHA512 => Ok(PkcsMgfType::MGF1_SHA512), + other => { + error!( + "Mask Generation Function type {} is not one of the valid values.", + other + ); + Err(Error::InvalidValue) + } + } + } +} + +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +#[repr(transparent)] +/// Source of the encoding parameter when formatting a message block for the PKCS #1 OAEP +/// encryption scheme +pub struct PkcsOaepSourceType { + val: CK_RSA_PKCS_OAEP_SOURCE_TYPE, +} + +impl PkcsOaepSourceType { + /// Array of CK_BYTE containing the value of the encoding parameter. If the parameter is + /// empty, pSourceData must be NULL and ulSourceDataLen must be zero. + pub const DATA_SPECIFIED: PkcsOaepSourceType = PkcsOaepSourceType { + val: CKZ_DATA_SPECIFIED, + }; +} + +impl Deref for PkcsOaepSourceType { + type Target = CK_RSA_PKCS_OAEP_SOURCE_TYPE; + + fn deref(&self) -> &Self::Target { + &self.val + } +} + +impl From for CK_RSA_PKCS_OAEP_SOURCE_TYPE { + fn from(pkcs_oaep_source_type: PkcsOaepSourceType) -> Self { + *pkcs_oaep_source_type + } +} + +impl TryFrom for PkcsOaepSourceType { + type Error = Error; + + fn try_from(pkcs_oaep_source_type: CK_RSA_PKCS_OAEP_SOURCE_TYPE) -> Result { + match pkcs_oaep_source_type { + CKZ_DATA_SPECIFIED => Ok(PkcsOaepSourceType::DATA_SPECIFIED), + other => { + error!("OAEP source type {} is not one of the valid values.", other); + Err(Error::InvalidValue) + } + } + } +} + +/// Parameters of the RsaPkcsPss mechanism +#[derive(Debug, Clone)] +#[repr(C)] +pub struct PkcsPssParams { + /// hash algorithm used in the PSS encoding; if the signature mechanism does not include + /// message hashing, then this value must be the mechanism used by the application to generate + /// the message hash; if the signature mechanism includes hashing, then this value must match + /// the hash algorithm indicated by the signature mechanism + pub hash_alg: MechanismType, + /// mask generation function to use on the encoded block + pub mgf: PkcsMgfType, + /// length, in bytes, of the salt value used in the PSS encoding; typical values are the length + /// of the message hash and zero + pub s_len: Ulong, +} + +impl From for Mechanism { + fn from(pkcs_pss_params: PkcsPssParams) -> Self { + Mechanism::RsaPkcsPss(pkcs_pss_params) + } +} + +/// Parameters of the RsaPkcsOaep mechanism +#[derive(Debug, Clone)] +#[repr(C)] +pub struct PkcsOaepParams { + /// mechanism ID of the message digest algorithm used to calculate the digest of the encoding + /// parameter + pub hash_alg: MechanismType, + /// mask generation function to use on the encoded block + pub mgf: PkcsMgfType, + /// source of the encoding parameter + pub source: PkcsOaepSourceType, + /// data used as the input for the encoding parameter source + pub source_data: *const c_void, + /// length of the encoding parameter source input + pub source_data_len: Ulong, +} + +impl From for Mechanism { + fn from(pkcs_oaep_params: PkcsOaepParams) -> Self { + Mechanism::RsaPkcsOaep(pkcs_oaep_params) + } +} + +#[cfg(feature = "psa-crypto-conversions")] +#[allow(deprecated)] +impl PkcsMgfType { + /// Convert a PSA Crypto Hash algorithm to a MGF type + pub fn from_psa_crypto_hash(alg: psa_crypto::types::algorithm::Hash) -> Result { + use psa_crypto::types::algorithm::Hash; + + match alg { + Hash::Sha1 => Ok(PkcsMgfType::MGF1_SHA1), + Hash::Sha224 => Ok(PkcsMgfType::MGF1_SHA224), + Hash::Sha256 => Ok(PkcsMgfType::MGF1_SHA256), + Hash::Sha384 => Ok(PkcsMgfType::MGF1_SHA384), + Hash::Sha512 => Ok(PkcsMgfType::MGF1_SHA512), + alg => { + error!("{:?} is not a supported MGF1 algorithm", alg); + Err(Error::NotSupported) + } + } + } +} diff --git a/pkcs11/src/new/types/mod.rs b/pkcs11/src/new/types/mod.rs new file mode 100644 index 0000000..8a7b04a --- /dev/null +++ b/pkcs11/src/new/types/mod.rs @@ -0,0 +1,434 @@ +//! PKCS11 General Data Types + +pub mod function; +pub mod locking; +pub mod mechanism; +pub mod object; +pub mod session; +pub mod slot_token; + +use crate::new::{Error, Result}; +use log::error; +use pkcs11_sys::*; +use std::convert::TryFrom; +use std::convert::TryInto; +use std::ops::Deref; + +#[derive(Default, Clone, Copy)] +/// Collection of boolean flags +pub struct Flags { + flags: CK_FLAGS, +} + +impl Flags { + /// Create a new instance with all flags set to false + pub fn new() -> Self { + Flags::default() + } + + fn set_flag(&mut self, flag: CK_FLAGS, b: bool) { + if b { + self.flags |= flag; + } else { + self.flags &= !flag; + } + } + + /// Set the TOKEN_PRESENT flag + pub fn set_token_present(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_TOKEN_PRESENT, b); + self + } + + /// Set the REMOVABLE_DEVICE flag + pub fn set_removable_device(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_REMOVABLE_DEVICE, b); + self + } + + /// Set the HW_SLOT flag + pub fn set_hw_slot(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_HW_SLOT, b); + self + } + + /// Set the ARRAY_ATTRIBUTE flag + pub fn set_array_attribute(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_ARRAY_ATTRIBUTE, b); + self + } + + /// Set the RNG flag + pub fn set_rng(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_RNG, b); + self + } + + /// Set the WRITE_PROTECTED flag + pub fn set_write_protected(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_WRITE_PROTECTED, b); + self + } + + /// Set the LOGIN_REQUIRED flag + pub fn set_login_required(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_LOGIN_REQUIRED, b); + self + } + + /// Set the USER_PIN_INITIALIZED flag + pub fn set_user_pin_initialized(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_USER_PIN_INITIALIZED, b); + self + } + + /// Set the RESTORE_KEY_NOT_NEEDED flag + pub fn set_restore_key_not_needed(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_RESTORE_KEY_NOT_NEEDED, b); + self + } + + /// Set the CLOCK_ON_TOKEN flag + pub fn set_clock_on_token(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_CLOCK_ON_TOKEN, b); + self + } + + /// Set the PROTECTED_AUTHENTICATION flag + pub fn set_protected_authentication_path(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_PROTECTED_AUTHENTICATION_PATH, b); + self + } + + /// Set the DUAL_CRYPTO_OPERATIONS flag + pub fn set_dual_crypto_operations(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_DUAL_CRYPTO_OPERATIONS, b); + self + } + + /// Set the TOKEN_INITIALIZED flag + pub fn set_token_initialized(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_TOKEN_INITIALIZED, b); + self + } + + /// Set the SECONDARY_AUTHENTICATION flag + pub fn set_secondary_authentication(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_SECONDARY_AUTHENTICATION, b); + self + } + + /// Set the USER_PIN_COUNT_LOW flag + pub fn set_user_pin_count_low(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_USER_PIN_COUNT_LOW, b); + self + } + + /// Set the USER_PIN_FINAL_TRY flag + pub fn set_user_pin_final_try(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_USER_PIN_FINAL_TRY, b); + self + } + + /// Set the USER_PIN_LOCKED flag + pub fn set_user_pin_locked(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_USER_PIN_LOCKED, b); + self + } + + /// Set the USER_PIN_TO_BE_CHANGED flag + pub fn set_user_pin_to_be_changed(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_USER_PIN_TO_BE_CHANGED, b); + self + } + + /// Set the SO_PIN_COUNT_LOW flag + pub fn set_so_pin_count_low(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_SO_PIN_COUNT_LOW, b); + self + } + + /// Set the SO_PIN_FINAL_TRY flag + pub fn set_so_pin_final_try(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_SO_PIN_FINAL_TRY, b); + self + } + + /// Set the SO_PIN_LOCKED flag + pub fn set_so_pin_locked(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_SO_PIN_LOCKED, b); + self + } + + /// Set the SO_PIN_TO_BE_CHANGED flag + pub fn set_so_pin_to_be_changed(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_SO_PIN_TO_BE_CHANGED, b); + self + } + + /// Set the RW_SESSION flag + pub fn set_rw_session(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_RW_SESSION, b); + self + } + + /// Set the SERIAL_SESSION flag + pub fn set_serial_session(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_SERIAL_SESSION, b); + self + } + + /// Set the NEXT_OTP flag + pub fn set_next_otp(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_NEXT_OTP, b); + self + } + + /// Set the EXCLUDE_TIME flag + pub fn set_exclude_time(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_EXCLUDE_TIME, b); + self + } + + /// Set the EXCLUDE_COUNTER flag + pub fn set_exclude_counter(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_EXCLUDE_COUNTER, b); + self + } + + /// Set the EXCLUDE_CHALLENGE flag + pub fn set_exclude_challenge(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_EXCLUDE_CHALLENGE, b); + self + } + + /// Set the EXCLUDE_PIN flag + pub fn set_exclude_pin(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_EXCLUDE_PIN, b); + self + } + + /// Set the USER_FRIENDLY_OTP flag + pub fn set_user_friendly_otp(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_USER_FRIENDLY_OTP, b); + self + } + + /// Set the HW flag + pub fn set_hw(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_HW, b); + self + } + + /// Set the ENCRYPT flag + pub fn set_encrypt(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_ENCRYPT, b); + self + } + + /// Set the DECRYPT flag + pub fn set_decrypt(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_DECRYPT, b); + self + } + + /// Set the DIGEST flag + pub fn set_digest(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_DIGEST, b); + self + } + + /// Set the SIGN flag + pub fn set_sign(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_SIGN, b); + self + } + + /// Set the SIGN_RECOVER flag + pub fn set_sign_recover(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_SIGN_RECOVER, b); + self + } + + /// Set the VERIFY flag + pub fn set_verify(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_VERIFY, b); + self + } + + /// Set the VERIFY_RECOVER flag + pub fn set_verify_recover(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_VERIFY_RECOVER, b); + self + } + + /// Set the GENERATE flag + pub fn set_generate(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_GENERATE, b); + self + } + + /// Set the GENERATE_KEY_PAIR flag + pub fn set_generate_key_pair(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_GENERATE_KEY_PAIR, b); + self + } + + /// Set the WRAP flag + pub fn set_wrap(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_WRAP, b); + self + } + + /// Set the UNWRAP flag + pub fn set_unwrap(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_UNWRAP, b); + self + } + + /// Set the DERIVE flag + pub fn set_derive(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_DERIVE, b); + self + } + + /// Set the EXTENSION flag + pub fn set_extension(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_EXTENSION, b); + self + } + + /// Set the EC_F_P flag + pub fn set_ec_f_p(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_EC_F_P, b); + self + } + + /// Set the EC_NAMEDCURVE flag + pub fn set_ec_namedcurve(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_EC_NAMEDCURVE, b); + self + } + + /// Set the EC_UNCOMPRESS flag + pub fn set_ec_uncompress(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_EC_UNCOMPRESS, b); + self + } + + /// Set the EC_COMPRESS flag + pub fn set_ec_compress(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_EC_COMPRESS, b); + self + } + + /// Set the DONT_BLOCK flag + pub fn set_dont_block(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_DONT_BLOCK, b); + self + } + + /// Set the LIBRARY_CANT_CREATE_OS_THREADS flag + pub fn set_library_cant_create_os_threads(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_LIBRARY_CANT_CREATE_OS_THREADS, b); + self + } + + /// Set the OS_LOCKING_OK flag + pub fn set_os_locking_ok(&mut self, b: bool) -> &mut Self { + self.set_flag(CKF_OS_LOCKING_OK, b); + self + } +} + +impl From for pkcs11_sys::CK_FLAGS { + fn from(flags: Flags) -> Self { + flags.flags + } +} + +#[repr(u8)] +#[derive(Debug, Copy, Clone)] +/// Byte-sized boolean +pub enum Bbool { + /// False value + False = 0, + /// True value + True = 1, +} + +impl TryFrom<&[u8]> for Bbool { + type Error = Error; + + fn try_from(slice: &[u8]) -> Result { + CK_BBOOL::from_ne_bytes(slice.try_into()?).try_into() + } +} + +impl From for CK_BBOOL { + fn from(bbool: Bbool) -> Self { + bbool as CK_BBOOL + } +} + +impl From for Bbool { + fn from(val: bool) -> Self { + if val { + Bbool::True + } else { + Bbool::False + } + } +} + +impl TryFrom for Bbool { + type Error = Error; + + fn try_from(bbool: CK_BBOOL) -> Result { + match bbool { + CK_FALSE => Ok(Bbool::False), + CK_TRUE => Ok(Bbool::True), + other => { + error!("Bbool value {} is invalid.", other); + Err(Error::InvalidValue) + } + } + } +} + +#[derive(Debug, Copy, Clone, PartialEq, Eq)] +#[repr(transparent)] +/// Unsigned value, at least 32 bits long +pub struct Ulong { + val: CK_ULONG, +} + +impl Deref for Ulong { + type Target = CK_ULONG; + + fn deref(&self) -> &Self::Target { + &self.val + } +} + +impl From for CK_ULONG { + fn from(ulong: Ulong) -> Self { + *ulong + } +} + +impl From for Ulong { + fn from(ulong: CK_ULONG) -> Self { + Ulong { val: ulong } + } +} + +impl TryFrom for Ulong { + type Error = Error; + + fn try_from(ulong: usize) -> Result { + Ok(Ulong { + val: ulong.try_into()?, + }) + } +} diff --git a/pkcs11/src/new/types/object.rs b/pkcs11/src/new/types/object.rs new file mode 100644 index 0000000..71dba66 --- /dev/null +++ b/pkcs11/src/new/types/object.rs @@ -0,0 +1,512 @@ +//! Object types + +use crate::new::types::mechanism::MechanismType; +use crate::new::types::{Bbool, Ulong}; +use crate::new::{Error, Result}; +use log::error; +use pkcs11_sys::*; +use std::convert::TryFrom; +use std::convert::TryInto; +use std::ffi::c_void; +use std::ops::Deref; + +#[derive(Debug, Copy, Clone)] +/// Type of an attribute +pub enum AttributeType { + /// List of mechanisms allowed to be used with the key + AllowedMechanisms, + /// Base number value of a key + Base, + /// Type of an object + Class, + /// Determines if an object can be copied + Copyable, + /// Determines if a key supports decryption + Decrypt, + /// Determines if it is possible to derive other keys from the key + Derive, + /// Determines if a key supports encryption + Encrypt, + /// Determines if a key is extractable and can be wrapped + Extractable, + /// Key identifier for key + Id, + /// Type of a key + KeyType, + /// Description of the object + Label, + /// Determines if the object can be modified + Modifiable, + /// Modulus value of a key + Modulus, + /// Length in bits of the modulus of a key + ModulusBits, + /// Prime number value of a key + Prime, + /// Determines if the object is private + Private, + /// Public exponent value of a key + PublicExponent, + /// Determines if the key is sensitive + Sensitive, + /// Determines if a key supports signing + Sign, + /// Determines if a key supports signing where the data can be recovered from the signature + SignRecover, + /// Determines if the object is a token object + Token, + /// Determines if a key supports unwrapping + Unwrap, + /// Value of the object + Value, + /// Length in bytes of the value + ValueLen, + /// Determines if a key supports verifying + Verify, + /// Determines if a key supports verifying where the data can be recovered from the signature + VerifyRecover, + /// Determines if a key supports wrapping + Wrap, +} + +impl From for CK_ATTRIBUTE_TYPE { + fn from(attribute_type: AttributeType) -> Self { + match attribute_type { + AttributeType::AllowedMechanisms => CKA_ALLOWED_MECHANISMS, + AttributeType::Base => CKA_BASE, + AttributeType::Class => CKA_CLASS, + AttributeType::Copyable => CKA_COPYABLE, + AttributeType::Decrypt => CKA_DECRYPT, + AttributeType::Derive => CKA_DERIVE, + AttributeType::Encrypt => CKA_ENCRYPT, + AttributeType::Extractable => CKA_EXTRACTABLE, + AttributeType::Id => CKA_ID, + AttributeType::KeyType => CKA_KEY_TYPE, + AttributeType::Label => CKA_LABEL, + AttributeType::Modifiable => CKA_MODIFIABLE, + AttributeType::Modulus => CKA_MODULUS, + AttributeType::ModulusBits => CKA_MODULUS_BITS, + AttributeType::Prime => CKA_PRIME, + AttributeType::Private => CKA_PRIVATE, + AttributeType::PublicExponent => CKA_PUBLIC_EXPONENT, + AttributeType::Sensitive => CKA_SENSITIVE, + AttributeType::Sign => CKA_SIGN, + AttributeType::SignRecover => CKA_SIGN_RECOVER, + AttributeType::Token => CKA_TOKEN, + AttributeType::Unwrap => CKA_UNWRAP, + AttributeType::Value => CKA_VALUE, + AttributeType::ValueLen => CKA_VALUE_LEN, + AttributeType::Verify => CKA_VERIFY, + AttributeType::VerifyRecover => CKA_VERIFY_RECOVER, + AttributeType::Wrap => CKA_WRAP, + } + } +} + +impl TryFrom for AttributeType { + type Error = Error; + + fn try_from(attribute_type: CK_ATTRIBUTE_TYPE) -> Result { + match attribute_type { + CKA_ALLOWED_MECHANISMS => Ok(AttributeType::AllowedMechanisms), + CKA_BASE => Ok(AttributeType::Base), + CKA_CLASS => Ok(AttributeType::Class), + CKA_COPYABLE => Ok(AttributeType::Copyable), + CKA_DECRYPT => Ok(AttributeType::Decrypt), + CKA_DERIVE => Ok(AttributeType::Derive), + CKA_ENCRYPT => Ok(AttributeType::Encrypt), + CKA_EXTRACTABLE => Ok(AttributeType::Extractable), + CKA_ID => Ok(AttributeType::Id), + CKA_KEY_TYPE => Ok(AttributeType::KeyType), + CKA_LABEL => Ok(AttributeType::Label), + CKA_MODIFIABLE => Ok(AttributeType::Modifiable), + CKA_MODULUS => Ok(AttributeType::Modulus), + CKA_MODULUS_BITS => Ok(AttributeType::ModulusBits), + CKA_PRIME => Ok(AttributeType::Prime), + CKA_PRIVATE => Ok(AttributeType::Private), + CKA_PUBLIC_EXPONENT => Ok(AttributeType::PublicExponent), + CKA_SENSITIVE => Ok(AttributeType::Sensitive), + CKA_SIGN => Ok(AttributeType::Sign), + CKA_SIGN_RECOVER => Ok(AttributeType::SignRecover), + CKA_TOKEN => Ok(AttributeType::Token), + CKA_UNWRAP => Ok(AttributeType::Unwrap), + CKA_VALUE => Ok(AttributeType::Value), + CKA_VALUE_LEN => Ok(AttributeType::ValueLen), + CKA_VERIFY => Ok(AttributeType::Verify), + CKA_VERIFY_RECOVER => Ok(AttributeType::VerifyRecover), + CKA_WRAP => Ok(AttributeType::Wrap), + attr_type => { + error!("Attribute type {} not supported.", attr_type); + Err(Error::NotSupported) + } + } + } +} + +#[derive(Debug, Clone)] +/// Attribute value +pub enum Attribute { + /// List of mechanisms allowed to be used with the key + AllowedMechanisms(Vec), + /// Base number value of a key + Base(Vec), + /// Type of an object + Class(ObjectClass), + /// Determines if an object can be copied + Copyable(Bbool), + /// Determines if a key supports decryption + Decrypt(Bbool), + /// Determines if it is possible to derive other keys from the key + Derive(Bbool), + /// Determines if a key supports encryption + Encrypt(Bbool), + /// Determines if a key is extractable and can be wrapped + Extractable(Bbool), + /// Key identifier for key + Id(Vec), + /// Type of a key + KeyType(KeyType), + /// Description of the object + Label(Vec), + /// Determines if the object can be modified + Modifiable(Bbool), + /// Modulus value of a key + Modulus(Vec), + /// Length in bits of the modulus of a key + ModulusBits(Ulong), + /// Prime number value of a key + Prime(Vec), + /// Determines if the object is private + Private(Bbool), + /// Public exponent value of a key + PublicExponent(Vec), + /// Determines if the key is sensitive + Sensitive(Bbool), + /// Determines if a key supports signing + Sign(Bbool), + /// Determines if a key supports signing where the data can be recovered from the signature + SignRecover(Bbool), + /// Determines if the object is a token object + Token(Bbool), + /// Determines if a key supports unwrapping + Unwrap(Bbool), + /// Value of the object + Value(Vec), + /// Length in bytes of the value + ValueLen(Ulong), + /// Determines if a key supports verifying + Verify(Bbool), + /// Determines if a key supports verifying where the data can be recovered from the signature + VerifyRecover(Bbool), + /// Determines if a key supports wrapping + Wrap(Bbool), +} + +impl Attribute { + /// Get the type of an attribute + pub fn attribute_type(&self) -> AttributeType { + match self { + Attribute::AllowedMechanisms(_) => AttributeType::AllowedMechanisms, + Attribute::Base(_) => AttributeType::Base, + Attribute::Class(_) => AttributeType::Class, + Attribute::Copyable(_) => AttributeType::Copyable, + Attribute::Decrypt(_) => AttributeType::Decrypt, + Attribute::Derive(_) => AttributeType::Derive, + Attribute::Encrypt(_) => AttributeType::Encrypt, + Attribute::Extractable(_) => AttributeType::Extractable, + Attribute::Id(_) => AttributeType::Id, + Attribute::KeyType(_) => AttributeType::KeyType, + Attribute::Label(_) => AttributeType::Label, + Attribute::Modifiable(_) => AttributeType::Modifiable, + Attribute::Modulus(_) => AttributeType::Modulus, + Attribute::ModulusBits(_) => AttributeType::ModulusBits, + Attribute::Prime(_) => AttributeType::Prime, + Attribute::Private(_) => AttributeType::Private, + Attribute::PublicExponent(_) => AttributeType::PublicExponent, + Attribute::Sensitive(_) => AttributeType::Sensitive, + Attribute::Sign(_) => AttributeType::Sign, + Attribute::SignRecover(_) => AttributeType::SignRecover, + Attribute::Token(_) => AttributeType::Token, + Attribute::Unwrap(_) => AttributeType::Unwrap, + Attribute::Value(_) => AttributeType::Value, + Attribute::ValueLen(_) => AttributeType::ValueLen, + Attribute::Verify(_) => AttributeType::Verify, + Attribute::VerifyRecover(_) => AttributeType::VerifyRecover, + Attribute::Wrap(_) => AttributeType::Wrap, + } + } + + /// Returns the length in bytes of the objects contained by this CkAttribute. + fn len(&self) -> usize { + match self { + Attribute::Copyable(_) + | Attribute::Decrypt(_) + | Attribute::Derive(_) + | Attribute::Encrypt(_) + | Attribute::Extractable(_) + | Attribute::Modifiable(_) + | Attribute::Private(_) + | Attribute::Sensitive(_) + | Attribute::Sign(_) + | Attribute::SignRecover(_) + | Attribute::Token(_) + | Attribute::Unwrap(_) + | Attribute::Verify(_) + | Attribute::VerifyRecover(_) + | Attribute::Wrap(_) => 1, + Attribute::Base(_) => 1, + Attribute::Class(_) => std::mem::size_of::(), + Attribute::KeyType(_) => std::mem::size_of::(), + Attribute::Label(label) => std::mem::size_of::() * label.len(), + Attribute::ModulusBits(_) => std::mem::size_of::(), + Attribute::Prime(bytes) => bytes.len(), + Attribute::PublicExponent(bytes) => bytes.len(), + Attribute::Modulus(bytes) => bytes.len(), + Attribute::Value(bytes) => std::mem::size_of::() * bytes.len(), + Attribute::ValueLen(_) => std::mem::size_of::(), + Attribute::Id(bytes) => bytes.len(), + Attribute::AllowedMechanisms(mechanisms) => { + std::mem::size_of::() * mechanisms.len() + } + } + } + + /// Returns a CK_VOID_PTR pointing to the object contained by this CkAttribute. + /// + /// Casting from an immutable reference to a mutable pointer is kind of unsafe but the + /// Attribute structure will only be used with PKCS11 functions that do not modify the template + /// given. + /// The C_GetAttributeValue function, which is the only one that modifies the template given, + /// will not use Attribute parameters but return them + /// directly to the caller. + fn ptr(&self) -> *mut c_void { + match self { + // CK_BBOOL + Attribute::Copyable(b) + | Attribute::Decrypt(b) + | Attribute::Derive(b) + | Attribute::Encrypt(b) + | Attribute::Extractable(b) + | Attribute::Modifiable(b) + | Attribute::Private(b) + | Attribute::Sensitive(b) + | Attribute::Sign(b) + | Attribute::SignRecover(b) + | Attribute::Token(b) + | Attribute::Unwrap(b) + | Attribute::Verify(b) + | Attribute::VerifyRecover(b) + | Attribute::Wrap(b) => b as *const _ as *mut c_void, + // CK_ULONG + Attribute::ModulusBits(val) | Attribute::ValueLen(val) => { + val as *const _ as *mut c_void + } + // Vec + Attribute::Base(bytes) + | Attribute::Label(bytes) + | Attribute::Prime(bytes) + | Attribute::PublicExponent(bytes) + | Attribute::Modulus(bytes) + | Attribute::Value(bytes) + | Attribute::Id(bytes) => bytes.as_ptr() as *mut c_void, + // Unique types + Attribute::Class(object_class) => object_class as *const _ as *mut c_void, + Attribute::KeyType(key_type) => key_type as *const _ as *mut c_void, + Attribute::AllowedMechanisms(mechanisms) => mechanisms.as_ptr() as *mut c_void, + } + } +} + +impl From<&Attribute> for CK_ATTRIBUTE { + fn from(attribute: &Attribute) -> Self { + Self { + type_: attribute.attribute_type().into(), + pValue: attribute.ptr(), + // The panic should only happen if there is a bug. + ulValueLen: attribute + .len() + .try_into() + .expect("Can not convert the attribute length value (usize) to a CK_ULONG."), + } + } +} + +impl TryFrom for Attribute { + type Error = Error; + + fn try_from(attribute: CK_ATTRIBUTE) -> Result { + let attr_type = AttributeType::try_from(attribute.type_)?; + // Cast from c_void to u8 + let val = unsafe { + std::slice::from_raw_parts( + attribute.pValue as *const u8, + attribute.ulValueLen.try_into()?, + ) + }; + match attr_type { + // CK_BBOOL + AttributeType::Copyable => Ok(Attribute::Copyable(val.try_into()?)), + AttributeType::Decrypt => Ok(Attribute::Decrypt(val.try_into()?)), + AttributeType::Derive => Ok(Attribute::Derive(val.try_into()?)), + AttributeType::Encrypt => Ok(Attribute::Encrypt(val.try_into()?)), + AttributeType::Extractable => Ok(Attribute::Extractable(val.try_into()?)), + AttributeType::Modifiable => Ok(Attribute::Modifiable(val.try_into()?)), + AttributeType::Private => Ok(Attribute::Private(val.try_into()?)), + AttributeType::Sensitive => Ok(Attribute::Sensitive(val.try_into()?)), + AttributeType::Sign => Ok(Attribute::Sign(val.try_into()?)), + AttributeType::SignRecover => Ok(Attribute::SignRecover(val.try_into()?)), + AttributeType::Token => Ok(Attribute::Token(val.try_into()?)), + AttributeType::Unwrap => Ok(Attribute::Unwrap(val.try_into()?)), + AttributeType::Verify => Ok(Attribute::Verify(val.try_into()?)), + AttributeType::VerifyRecover => Ok(Attribute::VerifyRecover(val.try_into()?)), + AttributeType::Wrap => Ok(Attribute::Wrap(val.try_into()?)), + // CK_ULONG + AttributeType::ModulusBits => Ok(Attribute::ModulusBits( + CK_ULONG::from_ne_bytes(val.try_into()?).try_into()?, + )), + AttributeType::ValueLen => Ok(Attribute::ValueLen( + CK_ULONG::from_ne_bytes(val.try_into()?).try_into()?, + )), + // Vec + AttributeType::Base => Ok(Attribute::Base(val.to_vec())), + AttributeType::Label => Ok(Attribute::Label(val.to_vec())), + AttributeType::Prime => Ok(Attribute::Prime(val.to_vec())), + AttributeType::PublicExponent => Ok(Attribute::PublicExponent(val.to_vec())), + AttributeType::Modulus => Ok(Attribute::Modulus(val.to_vec())), + AttributeType::Value => Ok(Attribute::Value(val.to_vec())), + AttributeType::Id => Ok(Attribute::Id(val.to_vec())), + // Unique types + AttributeType::Class => Ok(Attribute::Class( + CK_OBJECT_CLASS::from_ne_bytes(val.try_into()?).try_into()?, + )), + AttributeType::KeyType => Ok(Attribute::KeyType( + CK_KEY_TYPE::from_ne_bytes(val.try_into()?).try_into()?, + )), + AttributeType::AllowedMechanisms => { + let val = unsafe { + std::slice::from_raw_parts( + attribute.pValue as *const CK_MECHANISM_TYPE, + attribute.ulValueLen.try_into()?, + ) + }; + let types: Vec = val + .to_vec() + .into_iter() + .map(|t| t.try_into()) + .collect::>>()?; + Ok(Attribute::AllowedMechanisms(types)) + } + } + } +} + +#[derive(Debug, Clone, Copy)] +/// Token specific identifier for an object +pub struct ObjectHandle { + handle: CK_OBJECT_HANDLE, +} + +impl ObjectHandle { + pub(crate) fn new(handle: CK_OBJECT_HANDLE) -> Self { + ObjectHandle { handle } + } + + pub(crate) fn handle(&self) -> CK_OBJECT_HANDLE { + self.handle + } +} + +#[derive(Debug, Clone, PartialEq, Eq)] +#[repr(transparent)] +/// Identifier of the class of an object +pub struct ObjectClass { + val: CK_OBJECT_CLASS, +} + +impl ObjectClass { + /// Public key object + pub const PUBLIC_KEY: ObjectClass = ObjectClass { + val: CKO_PUBLIC_KEY, + }; + /// Private key object + pub const PRIVATE_KEY: ObjectClass = ObjectClass { + val: CKO_PRIVATE_KEY, + }; +} + +impl Deref for ObjectClass { + type Target = CK_OBJECT_CLASS; + + fn deref(&self) -> &Self::Target { + &self.val + } +} + +impl From for CK_OBJECT_CLASS { + fn from(object_class: ObjectClass) -> Self { + *object_class + } +} + +impl TryFrom for ObjectClass { + type Error = Error; + + fn try_from(object_class: CK_OBJECT_CLASS) -> Result { + match object_class { + CKO_PUBLIC_KEY => Ok(ObjectClass::PUBLIC_KEY), + other => { + error!("Object class {} is not supported.", other); + Err(Error::NotSupported) + } + } + } +} + +#[derive(Debug, Copy, Clone, PartialEq, Eq)] +#[repr(transparent)] +/// Key type +pub struct KeyType { + val: CK_KEY_TYPE, +} + +impl KeyType { + /// RSA key + pub const RSA: KeyType = KeyType { val: CKK_RSA }; +} + +impl Deref for KeyType { + type Target = CK_KEY_TYPE; + + fn deref(&self) -> &Self::Target { + &self.val + } +} + +impl From for CK_KEY_TYPE { + fn from(key_type: KeyType) -> Self { + *key_type + } +} + +impl TryFrom for KeyType { + type Error = Error; + + fn try_from(key_type: CK_KEY_TYPE) -> Result { + match key_type { + CKK_RSA => Ok(KeyType::RSA), + other => { + error!("Key type {} is not supported.", other); + Err(Error::NotSupported) + } + } + } +} + +#[derive(Debug, Copy, Clone)] +/// Information about the attribute of an object +pub enum AttributeInfo { + /// The attribute is not defined for the object + Unavailable, + /// The attribute is available to get from the object and has the specified size in bytes. + Available(usize), +} diff --git a/pkcs11/src/new/types/session.rs b/pkcs11/src/new/types/session.rs new file mode 100644 index 0000000..39e8d4c --- /dev/null +++ b/pkcs11/src/new/types/session.rs @@ -0,0 +1,81 @@ +//! Session types + +use crate::new::types::slot_token::Slot; +use crate::new::Pkcs11; +use log::error; +use pkcs11_sys::*; + +/// Type that identifies a session +/// +/// It will automatically get closed (and logout) on drop. +/// Session does not implement Sync to prevent the same Session instance to be used from multiple +/// threads. A Session needs to be created in its own thread or to be passed by ownership to +/// another thread. +pub struct Session<'a> { + handle: CK_SESSION_HANDLE, + client: &'a Pkcs11, + // Slot to know the token this session was opened on + slot: Slot, + // This is not used but to prevent Session to automatically implement Send and Sync + _guard: *mut u32, +} + +// Session does not implement Sync to prevent the same Session instance to be used from multiple +// threads. +unsafe impl<'a> Send for Session<'a> {} + +impl<'a> Session<'a> { + pub(crate) fn new(handle: CK_SESSION_HANDLE, client: &'a Pkcs11, slot: Slot) -> Self { + Session { + handle, + client, + slot, + _guard: std::ptr::null_mut::(), + } + } + + pub(crate) fn handle(&self) -> CK_SESSION_HANDLE { + self.handle + } + + pub(crate) fn client(&self) -> &Pkcs11 { + self.client + } + + pub(crate) fn slot(&self) -> Slot { + self.slot + } +} + +impl Drop for Session<'_> { + fn drop(&mut self) { + // logout is ignored if the session is not logged in + if let Err(e) = self.logout() { + error!("Failed to logout session: {}", e); + } + + if let Err(e) = self.close_private() { + error!("Failed to close session: {}", e); + } + } +} + +/// Types of PKCS11 users +pub enum UserType { + /// Security Officer + So, + /// User + User, + /// Context Specific + ContextSpecific, +} + +impl From for CK_USER_TYPE { + fn from(user_type: UserType) -> CK_USER_TYPE { + match user_type { + UserType::So => CKU_SO, + UserType::User => CKU_USER, + UserType::ContextSpecific => CKU_CONTEXT_SPECIFIC, + } + } +} diff --git a/pkcs11/src/new/types/slot_token.rs b/pkcs11/src/new/types/slot_token.rs new file mode 100644 index 0000000..fac8567 --- /dev/null +++ b/pkcs11/src/new/types/slot_token.rs @@ -0,0 +1,28 @@ +//! Slot and token types + +use pkcs11_sys::CK_SLOT_ID; + +#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)] +/// Type identifying a slot +pub struct Slot { + slot_id: u64, +} + +impl Slot { + pub(crate) fn new(slot_id: CK_SLOT_ID) -> Slot { + Slot { slot_id } + } + + /// Underlying ID used for a slot + pub fn id(&self) -> u64 { + self.slot_id + } + + /// It is sometimes useful to create a Slot instance from a specific slot ID. If the slot_id + /// does not correspond to any slot, methods using it will fail safely. + /// Prefer using the Slot and Token Management methods to be sure to have valid slots to work + /// with. + pub fn from_u64(slot_id: u64) -> Self { + Slot { slot_id } + } +} diff --git a/src/tests.rs b/pkcs11/src/tests.rs similarity index 100% rename from src/tests.rs rename to pkcs11/src/tests.rs diff --git a/src/types.rs b/pkcs11/src/types.rs similarity index 100% rename from src/types.rs rename to pkcs11/src/types.rs