Refactor object module into submodules

Split the `src/object` implementation into distinct submodules for
better organization:
- `factory`: Core object factory logic and registry.
- `key`: Key-specific traits and factories.
- `certs`: Certificate and trust object factories.

Rename `CommonKeyFactory` to `KeyFactory` and move key-related methods
into it. Update `ObjectFactory` to allow casting to specific factory
traits via methods like `as_key_factory` and update call sites
accordingly.

Co-authored-by: Gemini <gemini@google.com>
Signed-off-by: Simo Sorce <simo@redhat.com>

Author: simo5

src/aes.rs

@@ -86,7 +86,7 @@ pub(crate) fn check_key_len(len: usize) -> Result<()> {
 /// [AES secret key objects](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203476)
 /// (Version 3.1)
 ///
-/// Derives from the generic ObjectFactory, CommonKeyFactory and
+/// Derives from the generic ObjectFactory, KeyFactory and
 /// SecretKeyFactory
 ///
 /// This is used to store the list of attributes allowed for an AES Key object, as well as provide
@@ -135,8 +135,44 @@ impl ObjectFactory for AesKeyFactory {
         Ok(obj)
     }
 
+    fn get_data(&self) -> &ObjectFactoryData {
+        &self.data
+    }
+    fn get_data_mut(&mut self) -> &mut ObjectFactoryData {
+        &mut self.data
+    }
+
+    fn as_key_factory(&self) -> Result<&dyn KeyFactory> {
+        Ok(self)
+    }
+
+    fn as_secret_key_factory(&self) -> Result<&dyn SecretKeyFactory> {
+        Ok(self)
+    }
+}
+
+impl KeyFactory for AesKeyFactory {
+    /// The AES derive adds key length checks on top of the generic secret
+    /// derive helper
+    fn key_derive(
+        &self,
+        template: &[CK_ATTRIBUTE],
+
+        origin: &Object,
+    ) -> Result<Object> {
+        let obj = self.internal_key_derive(template, origin)?;
+
+        let key_len = self.get_key_len(&obj);
+        if key_len != 0 {
+            if check_key_len(key_len).is_err() {
+                return Err(CKR_TEMPLATE_INCONSISTENT)?;
+            }
+        }
+        Ok(obj)
+    }
+
     fn export_for_wrapping(&self, key: &Object) -> Result<Vec<u8>> {
-        SecretKeyFactory::export_for_wrapping(self, key)
+        SecretKeyFactory::default_export_for_wrapping(self, key)
     }
 
     fn import_from_wrapped(
@@ -166,42 +202,10 @@ impl ObjectFactory for AesKeyFactory {
                 return Err(e);
             }
         }
-        SecretKeyFactory::import_from_wrapped(self, data, template)
-    }
-
-    /// The AES derive adds key length checks on top of the generic secret
-    /// derive helper
-    fn default_key_derive(
-        &self,
-        template: &[CK_ATTRIBUTE],
-        origin: &Object,
-    ) -> Result<Object> {
-        let obj = self.internal_key_derive(template, origin)?;
-
-        let key_len = self.get_key_len(&obj);
-        if key_len != 0 {
-            if check_key_len(key_len).is_err() {
-                return Err(CKR_TEMPLATE_INCONSISTENT)?;
-            }
-        }
-        Ok(obj)
-    }
-
-    fn as_secret_key_factory(&self) -> Result<&dyn SecretKeyFactory> {
-        Ok(self)
-    }
-
-    fn get_data(&self) -> &ObjectFactoryData {
-        &self.data
-    }
-
-    fn get_data_mut(&mut self) -> &mut ObjectFactoryData {
-        &mut self.data
+        SecretKeyFactory::default_import_from_wrapped(self, data, template)
     }
 }
 
-impl CommonKeyFactory for AesKeyFactory {}
-
 impl SecretKeyFactory for AesKeyFactory {
     /// Helper to set key that check the key is correctly formed for an
     /// AES key object
@@ -303,7 +307,8 @@ impl Mechanism for AesMechanism {
         if mech.mechanism != CKM_AES_KEY_GEN {
             return Err(CKR_MECHANISM_INVALID)?;
         }
-        let mut key = AES_KEY_FACTORY.default_key_generate(template)?;
+        let mut key =
+            AES_KEY_FACTORY.as_key_factory()?.key_generate(template)?;
         key.ensure_ulong(CKA_CLASS, CKO_SECRET_KEY)
             .map_err(|_| CKR_TEMPLATE_INCONSISTENT)?;
         key.ensure_ulong(CKA_KEY_TYPE, CKK_AES)
@@ -330,11 +335,10 @@ impl Mechanism for AesMechanism {
         if self.info.flags & CKF_WRAP != CKF_WRAP {
             return Err(CKR_MECHANISM_INVALID)?;
         }
-
         AesOperation::wrap(
             mech,
             wrapping_key,
-            key_template.export_for_wrapping(key)?,
+            key_template.as_key_factory()?.export_for_wrapping(key)?,
             data,
         )
     }
@@ -356,7 +360,9 @@ impl Mechanism for AesMechanism {
             return Err(CKR_MECHANISM_INVALID)?;
         }
         let keydata = AesOperation::unwrap(mech, wrapping_key, data)?;
-        key_template.import_from_wrapped(keydata, template)
+        key_template
+            .as_key_factory()?
+            .import_from_wrapped(keydata, template)
     }
 
     /// Implements the AES derivation operation
@@ -622,10 +628,9 @@ impl Derive for AesKDFOperation<'_> {
         }
         self.finalized = true;
         key.check_key_ops(CKO_SECRET_KEY, CKK_AES, CKA_DERIVE)?;
-
         let factory =
             objfactories.get_obj_factory_from_key_template(template)?;
-        let mut obj = factory.default_key_derive(template, key)?;
+        let mut obj = factory.as_key_factory()?.key_derive(template, key)?;
 
         let mechanism = CK_MECHANISM {
             mechanism: self.mech,

src/ec/ecdsa.rs

@@ -186,17 +186,20 @@ impl ObjectFactory for ECDSAPubFactory {
     fn get_data(&self) -> &ObjectFactoryData {
         &self.data
     }
-
     fn get_data_mut(&mut self) -> &mut ObjectFactoryData {
         &mut self.data
     }
 
+    fn as_key_factory(&self) -> Result<&dyn KeyFactory> {
+        Ok(self)
+    }
+
     fn as_public_key_factory(&self) -> Result<&dyn PubKeyFactory> {
         Ok(self)
     }
 }
 
-impl CommonKeyFactory for ECDSAPubFactory {}
+impl KeyFactory for ECDSAPubFactory {}
 
 impl PubKeyFactory for ECDSAPubFactory {
     fn pub_from_private<'a>(
@@ -251,6 +254,7 @@ impl ECDSAPrivFactory {
         factory
     }
 }
+
 impl ObjectFactory for ECDSAPrivFactory {
     /// Creates an ECDSA Private-Key Object from a template
     ///
@@ -315,30 +319,19 @@ impl ObjectFactory for ECDSAPrivFactory {
         Ok(obj)
     }
 
-    fn export_for_wrapping(&self, key: &Object) -> Result<Vec<u8>> {
-        PrivKeyFactory::export_for_wrapping(self, key)
-    }
-
-    fn import_from_wrapped(
-        &self,
-        data: Vec<u8>,
-        template: &[CK_ATTRIBUTE],
-    ) -> Result<Object> {
-        PrivKeyFactory::import_from_wrapped(self, data, template)
-    }
-
     fn get_data(&self) -> &ObjectFactoryData {
         &self.data
     }
-
     fn get_data_mut(&mut self) -> &mut ObjectFactoryData {
         &mut self.data
     }
-}
 
-impl CommonKeyFactory for ECDSAPrivFactory {}
+    fn as_key_factory(&self) -> Result<&dyn KeyFactory> {
+        Ok(self)
+    }
+}
 
-impl PrivKeyFactory for ECDSAPrivFactory {
+impl KeyFactory for ECDSAPrivFactory {
     fn export_for_wrapping(&self, key: &Object) -> Result<Vec<u8>> {
         export_for_wrapping(key)
     }
@@ -348,10 +341,12 @@ impl PrivKeyFactory for ECDSAPrivFactory {
         data: Vec<u8>,
         template: &[CK_ATTRIBUTE],
     ) -> Result<Object> {
-        import_from_wrapped(CKK_EC, data, self.default_key_unwrap(template)?)
+        import_from_wrapped(CKK_EC, data, self.key_unwrap(template)?)
     }
 }
 
+impl PrivKeyFactory for ECDSAPrivFactory {}
+
 /// Object that represents CKK_EC related mechanisms
 #[derive(Debug)]
 pub struct EcdsaMechanism {
@@ -422,17 +417,19 @@ impl Mechanism for EcdsaMechanism {
         pubkey_template: &[CK_ATTRIBUTE],
         prikey_template: &[CK_ATTRIBUTE],
     ) -> Result<(Object, Object)> {
-        let mut pubkey =
-            PUBLIC_KEY_FACTORY.default_key_generate(pubkey_template)?;
+        let mut pubkey = PUBLIC_KEY_FACTORY
+            .as_key_factory()?
+            .key_generate(pubkey_template)?;
         pubkey
             .ensure_ulong(CKA_CLASS, CKO_PUBLIC_KEY)
             .map_err(|_| CKR_TEMPLATE_INCONSISTENT)?;
         pubkey
             .ensure_ulong(CKA_KEY_TYPE, CKK_EC)
             .map_err(|_| CKR_TEMPLATE_INCONSISTENT)?;
 
-        let mut privkey =
-            PRIVATE_KEY_FACTORY.default_key_generate(prikey_template)?;
+        let mut privkey = PRIVATE_KEY_FACTORY
+            .as_key_factory()?
+            .key_generate(prikey_template)?;
         privkey
             .ensure_ulong(CKA_CLASS, CKO_PRIVATE_KEY)
             .map_err(|_| CKR_TEMPLATE_INCONSISTENT)?;

src/ec/eddsa.rs

@@ -167,17 +167,20 @@ impl ObjectFactory for EDDSAPubFactory {
     fn get_data(&self) -> &ObjectFactoryData {
         &self.data
     }
-
     fn get_data_mut(&mut self) -> &mut ObjectFactoryData {
         &mut self.data
     }
 
+    fn as_key_factory(&self) -> Result<&dyn KeyFactory> {
+        Ok(self)
+    }
+
     fn as_public_key_factory(&self) -> Result<&dyn PubKeyFactory> {
         Ok(self)
     }
 }
 
-impl CommonKeyFactory for EDDSAPubFactory {}
+impl KeyFactory for EDDSAPubFactory {}
 
 impl PubKeyFactory for EDDSAPubFactory {
     fn pub_from_private<'a>(
@@ -289,30 +292,19 @@ impl ObjectFactory for EDDSAPrivFactory {
         Ok(obj)
     }
 
-    fn export_for_wrapping(&self, key: &Object) -> Result<Vec<u8>> {
-        PrivKeyFactory::export_for_wrapping(self, key)
-    }
-
-    fn import_from_wrapped(
-        &self,
-        data: Vec<u8>,
-        template: &[CK_ATTRIBUTE],
-    ) -> Result<Object> {
-        PrivKeyFactory::import_from_wrapped(self, data, template)
-    }
-
     fn get_data(&self) -> &ObjectFactoryData {
         &self.data
     }
-
     fn get_data_mut(&mut self) -> &mut ObjectFactoryData {
         &mut self.data
     }
-}
 
-impl CommonKeyFactory for EDDSAPrivFactory {}
+    fn as_key_factory(&self) -> Result<&dyn KeyFactory> {
+        Ok(self)
+    }
+}
 
-impl PrivKeyFactory for EDDSAPrivFactory {
+impl KeyFactory for EDDSAPrivFactory {
     fn export_for_wrapping(&self, key: &Object) -> Result<Vec<u8>> {
         export_for_wrapping(key)
     }
@@ -322,14 +314,12 @@ impl PrivKeyFactory for EDDSAPrivFactory {
         data: Vec<u8>,
         template: &[CK_ATTRIBUTE],
     ) -> Result<Object> {
-        import_from_wrapped(
-            CKK_EC_EDWARDS,
-            data,
-            self.default_key_unwrap(template)?,
-        )
+        import_from_wrapped(CKK_EC_EDWARDS, data, self.key_unwrap(template)?)
     }
 }
 
+impl PrivKeyFactory for EDDSAPrivFactory {}
+
 /// Object that represents EdDSA related mechanisms
 
 #[derive(Debug)]
@@ -396,17 +386,19 @@ impl Mechanism for EddsaMechanism {
         pubkey_template: &[CK_ATTRIBUTE],
         prikey_template: &[CK_ATTRIBUTE],
     ) -> Result<(Object, Object)> {
-        let mut pubkey =
-            PUBLIC_KEY_FACTORY.default_key_generate(pubkey_template)?;
+        let mut pubkey = PUBLIC_KEY_FACTORY
+            .as_key_factory()?
+            .key_generate(pubkey_template)?;
         pubkey
             .ensure_ulong(CKA_CLASS, CKO_PUBLIC_KEY)
             .map_err(|_| CKR_TEMPLATE_INCONSISTENT)?;
         pubkey
             .ensure_ulong(CKA_KEY_TYPE, CKK_EC_EDWARDS)
             .map_err(|_| CKR_TEMPLATE_INCONSISTENT)?;
 
-        let mut privkey =
-            PRIVATE_KEY_FACTORY.default_key_generate(prikey_template)?;
+        let mut privkey = PRIVATE_KEY_FACTORY
+            .as_key_factory()?
+            .key_generate(prikey_template)?;
         privkey
             .ensure_ulong(CKA_CLASS, CKO_PRIVATE_KEY)
             .map_err(|_| CKR_TEMPLATE_INCONSISTENT)?;