|
7 | 7 |
|
8 | 8 | This is the high-level, Rust idiomatic wrapper crate for PKCS #11. |
9 | 9 |
|
| 10 | +The items in this crate only expose idiomatic and safe Rust types and |
| 11 | +functions to interface with the PKCS11 API. All the PKCS11 items might |
| 12 | +not be implemented but everything that is implemented is safe. |
| 13 | + |
| 14 | +## Example |
| 15 | + |
| 16 | +The following example initializes an empty token and generates a new RSA key. |
| 17 | + |
| 18 | +```rust |
| 19 | +# fn main() -> testresult::TestResult { |
| 20 | +use cryptoki::object::Attribute; |
| 21 | +use cryptoki::context::{CInitializeArgs, Pkcs11}; |
| 22 | +use cryptoki::session::UserType; |
| 23 | +use cryptoki::types::AuthPin; |
| 24 | +use cryptoki::mechanism::Mechanism; |
| 25 | + |
| 26 | +// initialize a new Pkcs11 object using the module from the env variable |
| 27 | +let pkcs11 = Pkcs11::new(std::env::var("PKCS11_SOFTHSM2_MODULE")?)?; |
| 28 | + |
| 29 | +pkcs11.initialize(CInitializeArgs::OsThreads)?; |
| 30 | + |
| 31 | +let slot = pkcs11.get_slots_with_token()?[0]; |
| 32 | + |
| 33 | +// initialize a test token |
| 34 | +let so_pin = AuthPin::new("abcdef".into()); |
| 35 | +pkcs11.init_token(slot, &so_pin, "Test Token")?; |
| 36 | + |
| 37 | +let user_pin = AuthPin::new("fedcba".into()); |
| 38 | + |
| 39 | +// initialize user PIN |
| 40 | +{ |
| 41 | + let session = pkcs11.open_rw_session(slot)?; |
| 42 | + session.login(UserType::So, Some(&so_pin))?; |
| 43 | + session.init_pin(&user_pin)?; |
| 44 | +} |
| 45 | + |
| 46 | +// login as a user, the token has to be already initialized |
| 47 | +let session = pkcs11.open_rw_session(slot)?; |
| 48 | +session.login(UserType::User, Some(&user_pin))?; |
| 49 | + |
| 50 | +// template of the public key |
| 51 | +let pub_key_template = vec![ |
| 52 | + Attribute::Token(true), |
| 53 | + Attribute::Private(false), |
| 54 | + Attribute::PublicExponent(vec![0x01, 0x00, 0x01]), |
| 55 | + Attribute::ModulusBits(1024.into()), |
| 56 | +]; |
| 57 | + |
| 58 | +let priv_key_template = vec![Attribute::Token(true)]; |
| 59 | + |
| 60 | +// generate an RSA key according to passed templates |
| 61 | +let (public, private) = session.generate_key_pair(&Mechanism::RsaPkcsKeyPairGen, &pub_key_template, &priv_key_template)?; |
| 62 | +# Ok(()) } |
| 63 | +``` |
| 64 | + |
| 65 | +## Conformance Notes |
| 66 | + |
| 67 | +Throughout this crate, many functions and other items include additional |
| 68 | +"**Conformance**" notes. These notes may provide guarantees about behavior or |
| 69 | +additional, contextual information. In all cases, such items pertain |
| 70 | +to information from the PKCS#11 standard and are contingent on the provider |
| 71 | +being accessed through this crate conforming to that standard. That is, this |
| 72 | +crate is permitted to *assume* these guarantees, and is does not necessarily |
| 73 | +check for or enforce them itself. |
| 74 | + |
| 75 | +## License |
| 76 | + |
| 77 | +This project is licensed under the [Apache License, Version 2.0](https://www.apache.org/licenses/LICENSE-2.0). |
| 78 | + |
| 79 | +### Contribution |
| 80 | + |
| 81 | +Unless you explicitly state otherwise, any contribution intentionally |
| 82 | +submitted for inclusion in this crate by you, as defined in the |
| 83 | +Apache-2.0 license, shall be licensed as above, without any |
| 84 | +additional terms or conditions. |
| 85 | + |
10 | 86 | *Copyright 2021 Contributors to the Parsec project.* |
0 commit comments