Added multi-part decryption/encryption bindings

jacobprudhomme · jacobprudhomme · commit 58eec0aec99a · 2025-03-28T13:35:50.000+01:00
Signed-off-by: Jacob Prud'homme &lt;2160185+jacobprudhomme@users.noreply.github.com&gt;
diff --git a/cryptoki/src/session/decryption.rs b/cryptoki/src/session/decryption.rs
@@ -60,4 +60,82 @@ impl Session {
 
         Ok(data)
     }
+
+    /// Starts new multi-part decryption operation
+    pub fn decrypt_initialize(&self, mechanism: &Mechanism, key: ObjectHandle) -> Result<()> {
+        let mut mechanism: CK_MECHANISM = mechanism.into();
+
+        unsafe {
+            Rv::from(get_pkcs11!(self.client(), C_DecryptInit)(
+                self.handle(),
+                &mut mechanism as CK_MECHANISM_PTR,
+                key.handle(),
+            ))
+            .into_result(Function::DecryptInit)?;
+        }
+
+        Ok(())
+    }
+
+    /// Continues an ongoing multi-part decryption operation
+    pub fn decrypt_update(&self, encrypted_data: &[u8]) -> Result<Vec<u8>> {
+        let mut data_len = 0;
+
+        // Get the output buffer length
+        unsafe {
+            Rv::from(get_pkcs11!(self.client(), C_DecryptUpdate)(
+                self.handle(),
+                encrypted_data.as_ptr() as *mut u8,
+                encrypted_data.len().try_into()?,
+                std::ptr::null_mut(),
+                &mut data_len,
+            ))
+            .into_result(Function::DecryptUpdate)?;
+        }
+
+        let mut data = vec![0; data_len.try_into()?];
+
+        unsafe {
+            Rv::from(get_pkcs11!(self.client(), C_DecryptUpdate)(
+                self.handle(),
+                encrypted_data.as_ptr() as *mut u8,
+                encrypted_data.len().try_into()?,
+                data.as_mut_ptr(),
+                &mut data_len,
+            ))
+            .into_result(Function::DecryptUpdate)?;
+        }
+
+        Ok(data)
+    }
+
+    /// Finalizes ongoing multi-part decryption operation
+    pub fn decrypt_finalize(&self) -> Result<Vec<u8>> {
+        let mut data_len = 0;
+
+        // Get the output buffer length
+        unsafe {
+            Rv::from(get_pkcs11!(self.client(), C_DecryptFinal)(
+                self.handle(),
+                std::ptr::null_mut(),
+                &mut data_len,
+            ))
+            .into_result(Function::DecryptFinal)?;
+        }
+
+        let mut data = vec![0; data_len.try_into()?];
+
+        unsafe {
+            Rv::from(get_pkcs11!(self.client(), C_DecryptFinal)(
+                self.handle(),
+                data.as_mut_ptr(),
+                &mut data_len,
+            ))
+            .into_result(Function::DecryptFinal)?;
+        }
+
+        data.resize(data_len.try_into()?, 0);
+
+        Ok(data)
+    }
 }
diff --git a/cryptoki/src/session/encryption.rs b/cryptoki/src/session/encryption.rs
@@ -59,4 +59,82 @@ impl Session {
 
         Ok(encrypted_data)
     }
+
+    /// Starts new multi-part encryption operation
+    pub fn encrypt_initialize(&self, mechanism: &Mechanism, key: ObjectHandle) -> Result<()> {
+        let mut mechanism: CK_MECHANISM = mechanism.into();
+
+        unsafe {
+            Rv::from(get_pkcs11!(self.client(), C_EncryptInit)(
+                self.handle(),
+                &mut mechanism as CK_MECHANISM_PTR,
+                key.handle(),
+            ))
+            .into_result(Function::EncryptInit)?;
+        }
+
+        Ok(())
+    }
+
+    /// Continues an ongoing multi-part encryption operation
+    pub fn encrypt_update(&self, data: &[u8]) -> Result<Vec<u8>> {
+        let mut encrypted_data_len = 0;
+
+        // Get the output buffer length
+        unsafe {
+            Rv::from(get_pkcs11!(self.client(), C_EncryptUpdate)(
+                self.handle(),
+                data.as_ptr() as *mut u8,
+                data.len().try_into()?,
+                std::ptr::null_mut(),
+                &mut encrypted_data_len,
+            ))
+            .into_result(Function::EncryptUpdate)?;
+        }
+
+        let mut encrypted_data = vec![0; encrypted_data_len.try_into()?];
+
+        unsafe {
+            Rv::from(get_pkcs11!(self.client(), C_EncryptUpdate)(
+                self.handle(),
+                data.as_ptr() as *mut u8,
+                data.len().try_into()?,
+                encrypted_data.as_mut_ptr(),
+                &mut encrypted_data_len,
+            ))
+            .into_result(Function::EncryptUpdate)?;
+        }
+
+        Ok(encrypted_data)
+    }
+
+    /// Finalizes ongoing multi-part encryption operation
+    pub fn encrypt_finalize(&self) -> Result<Vec<u8>> {
+        let mut encrypted_data_len = 0;
+
+        // Get the output buffer length
+        unsafe {
+            Rv::from(get_pkcs11!(self.client(), C_EncryptFinal)(
+                self.handle(),
+                std::ptr::null_mut(),
+                &mut encrypted_data_len,
+            ))
+            .into_result(Function::EncryptFinal)?;
+        }
+
+        let mut encrypted_data = vec![0; encrypted_data_len.try_into()?];
+
+        unsafe {
+            Rv::from(get_pkcs11!(self.client(), C_EncryptFinal)(
+                self.handle(),
+                encrypted_data.as_mut_ptr(),
+                &mut encrypted_data_len,
+            ))
+            .into_result(Function::EncryptFinal)?;
+        }
+
+        encrypted_data.resize(encrypted_data_len.try_into()?, 0);
+
+        Ok(encrypted_data)
+    }
 }
