Unhandled attribute defined for undefined attributes. ECKdf struct changed for KDF type and shared value definition.

İlker BALTACI · İlker BALTACI · commit 71b3711a3db7 · 2024-12-24T10:49:11.000+03:00
Signed-off-by: İlker BALTACI &lt;ilker.baltaci@tubitak.gov.tr&gt;
diff --git a/cryptoki/src/mechanism/elliptic_curve.rs b/cryptoki/src/mechanism/elliptic_curve.rs
@@ -19,17 +19,17 @@ use std::ptr;
 #[repr(C)]
 pub struct Ecdh1DeriveParams<'a> {
     /// Key derivation function
-    kdf: CK_EC_KDF_TYPE,
+    pub kdf: CK_EC_KDF_TYPE,
     /// Length of the optional shared data used by some of the key
     /// derivation functions
-    shared_data_len: Ulong,
+    pub shared_data_len: Ulong,
     /// Address of the optional data or `std::ptr::null()` of there is
     /// no shared data
-    shared_data: *const u8,
+    pub shared_data: *const u8,
     /// Length of the other party's public key
-    public_data_len: Ulong,
+    pub public_data_len: Ulong,
     /// Pointer to the other party public key
-    public_data: *const u8,
+    pub public_data: *const u8,
     /// Marker type to ensure we don't outlive shared and public data
     _marker: PhantomData<&'a [u8]>,
 }
@@ -82,7 +82,15 @@ pub struct EcKdf<'a> {
     shared_data: Option<&'a [u8]>,
 }
 
-impl EcKdf<'_> {
+impl<'a> EcKdf<'a> {
+    /// Define KDF_TYPE and shared_data
+    pub fn new(kdf_type: CK_EC_KDF_TYPE, shared_data: Option<&'a [u8]>) -> Self {
+        Self {
+            kdf_type,
+            shared_data,
+        }
+    }
+
     /// The null transformation. The derived key value is produced by
     /// taking bytes from the left of the agreed value. The new key
     /// size is limited to the size of the agreed value.
diff --git a/cryptoki/src/mechanism/rsa.rs b/cryptoki/src/mechanism/rsa.rs
@@ -137,15 +137,15 @@ pub struct PkcsPssParams {
 pub struct PkcsOaepParams<'a> {
     /// mechanism ID of the message digest algorithm used to calculate the digest of the encoding
     /// parameter
-    hash_alg: MechanismType,
+    pub hash_alg: MechanismType,
     /// mask generation function to use on the encoded block
-    mgf: PkcsMgfType,
+    pub mgf: PkcsMgfType,
     /// source of the encoding parameter
-    source: CK_RSA_PKCS_OAEP_SOURCE_TYPE,
+    pub source: CK_RSA_PKCS_OAEP_SOURCE_TYPE,
     /// data used as the input for the encoding parameter source
-    source_data: *const c_void,
+    pub source_data: *const c_void,
     /// length of the encoding parameter source input
-    source_data_len: Ulong,
+    pub source_data_len: Ulong,
     /// marker type to ensure we don't outlive the source_data
     _marker: PhantomData<&'a [u8]>,
 }
diff --git a/cryptoki/src/object.rs b/cryptoki/src/object.rs
@@ -6,7 +6,7 @@ use crate::error::{Error, Result};
 use crate::mechanism::MechanismType;
 use crate::types::{Date, Ulong};
 use cryptoki_sys::*;
-use log::error;
+use log::{error, warn};
 use std::convert::TryFrom;
 use std::convert::TryInto;
 use std::ffi::c_void;
@@ -136,6 +136,8 @@ pub enum AttributeType {
     Wrap,
     /// Indicates that the key can only be wrapped with a wrapping key that has the Trusted attribute
     WrapWithTrusted,
+    /// Wraps undefined and custom attribute types.
+    Unhandled(CK_ATTRIBUTE_TYPE),
 }
 
 impl AttributeType {
@@ -328,6 +330,7 @@ impl From<AttributeType> for CK_ATTRIBUTE_TYPE {
             AttributeType::VerifyRecover => CKA_VERIFY_RECOVER,
             AttributeType::Wrap => CKA_WRAP,
             AttributeType::WrapWithTrusted => CKA_WRAP_WITH_TRUSTED,
+            AttributeType::Unhandled(attr_type) => attr_type,
         }
     }
 }
@@ -397,8 +400,10 @@ impl TryFrom<CK_ATTRIBUTE_TYPE> for AttributeType {
             CKA_WRAP => Ok(AttributeType::Wrap),
             CKA_WRAP_WITH_TRUSTED => Ok(AttributeType::WrapWithTrusted),
             attr_type => {
-                error!("Attribute type {} not supported.", attr_type);
-                Err(Error::NotSupported)
+                // error!("Attribute type {} not supported.", attr_type);
+                // Err(Error::NotSupported)
+                warn!("Unhandled attribute type {} detected.", attr_type);
+                Ok(AttributeType::Unhandled(attr_type))
             }
         }
     }
@@ -526,6 +531,8 @@ pub enum Attribute {
     Wrap(bool),
     /// Indicates that the key can only be wrapped with a wrapping key that has the Trusted attribute
     WrapWithTrusted(bool),
+    /// Not defined attributes enter this option.
+    Unhandled(CK_ATTRIBUTE_TYPE, Vec<u8>),
 }
 
 impl Attribute {
@@ -591,6 +598,9 @@ impl Attribute {
             Attribute::VerifyRecover(_) => AttributeType::VerifyRecover,
             Attribute::Wrap(_) => AttributeType::Wrap,
             Attribute::WrapWithTrusted(_) => AttributeType::WrapWithTrusted,
+            Attribute::Unhandled(attribute_type, _) => {
+                AttributeType::Unhandled(attribute_type.clone())
+            }
         }
     }
 
@@ -658,6 +668,7 @@ impl Attribute {
             Attribute::AllowedMechanisms(mechanisms) => {
                 size_of::<CK_MECHANISM_TYPE>() * mechanisms.len()
             }
+            Attribute::Unhandled(_, bytes) => bytes.len(),
         }
     }
 
@@ -730,7 +741,8 @@ impl Attribute {
             | Attribute::Subject(bytes)
             | Attribute::Url(bytes)
             | Attribute::Value(bytes)
-            | Attribute::Id(bytes) => bytes.as_ptr() as *mut c_void,
+            | Attribute::Id(bytes)
+            | Attribute::Unhandled(_, bytes) => bytes.as_ptr() as *mut c_void,
             // Unique types
             Attribute::CertificateType(certificate_type) => {
                 certificate_type as *const _ as *mut c_void
@@ -930,6 +942,7 @@ impl TryFrom<CK_ATTRIBUTE> for Attribute {
                     }
                 }
             }
+            AttributeType::Unhandled(_) => todo!(),
         }
     }
 }
@@ -1006,6 +1019,8 @@ impl ObjectClass {
     pub const MECHANISM: ObjectClass = ObjectClass { val: CKO_MECHANISM };
     /// An OTP key object
     pub const OTP_KEY: ObjectClass = ObjectClass { val: CKO_OTP_KEY };
+    /// A profile object
+    pub const PROFILE: ObjectClass = ObjectClass { val: CKO_PROFILE };
 
     pub(crate) fn stringify(class: CK_OBJECT_CLASS) -> String {
         match class {
@@ -1018,6 +1033,7 @@ impl ObjectClass {
             CKO_DOMAIN_PARAMETERS => String::from(stringify!(CKO_DOMAIN_PARAMETERS)),
             CKO_MECHANISM => String::from(stringify!(CKO_MECHANISM)),
             CKO_OTP_KEY => String::from(stringify!(CKO_OTP_KEY)),
+            CKO_PROFILE => String::from(stringify!(CKO_PROFILE)),
             _ => format!("unknown ({class:08x})"),
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@ use crate::error::{Error, Result};`
`6`	`6`	`use crate::mechanism::MechanismType;`
`7`	`7`	`use crate::types::{Date, Ulong};`
`8`	`8`	`use cryptoki_sys::*;`
`9`		`-use log::error;`
	`9`	`+use log::{error, warn};`
`10`	`10`	`use std::convert::TryFrom;`
`11`	`11`	`use std::convert::TryInto;`
`12`	`12`	`use std::ffi::c_void;`
`@@ -136,6 +136,8 @@ pub enum AttributeType {`
`136`	`136`	`Wrap,`
`137`	`137`	`/// Indicates that the key can only be wrapped with a wrapping key that has the Trusted attribute`
`138`	`138`	`WrapWithTrusted,`
	`139`	`+ /// Wraps undefined and custom attribute types.`
	`140`	`+ Unhandled(CK_ATTRIBUTE_TYPE),`
`139`	`141`	`}`
`140`	`142`
`141`	`143`	`impl AttributeType {`
`@@ -328,6 +330,7 @@ impl From<AttributeType> for CK_ATTRIBUTE_TYPE {`
`328`	`330`	`AttributeType::VerifyRecover => CKA_VERIFY_RECOVER,`
`329`	`331`	`AttributeType::Wrap => CKA_WRAP,`
`330`	`332`	`AttributeType::WrapWithTrusted => CKA_WRAP_WITH_TRUSTED,`
	`333`	`+ AttributeType::Unhandled(attr_type) => attr_type,`
`331`	`334`	`}`
`332`	`335`	`}`
`333`	`336`	`}`
`@@ -397,8 +400,10 @@ impl TryFrom<CK_ATTRIBUTE_TYPE> for AttributeType {`
`397`	`400`	`CKA_WRAP => Ok(AttributeType::Wrap),`
`398`	`401`	`CKA_WRAP_WITH_TRUSTED => Ok(AttributeType::WrapWithTrusted),`
`399`	`402`	`attr_type => {`
`400`		`- error!("Attribute type {} not supported.", attr_type);`
`401`		`- Err(Error::NotSupported)`
	`403`	`+ // error!("Attribute type {} not supported.", attr_type);`
	`404`	`+ // Err(Error::NotSupported)`
	`405`	`+ warn!("Unhandled attribute type {} detected.", attr_type);`
	`406`	`+ Ok(AttributeType::Unhandled(attr_type))`
`402`	`407`	`}`
`403`	`408`	`}`
`404`	`409`	`}`
`@@ -526,6 +531,8 @@ pub enum Attribute {`
`526`	`531`	`Wrap(bool),`
`527`	`532`	`/// Indicates that the key can only be wrapped with a wrapping key that has the Trusted attribute`
`528`	`533`	`WrapWithTrusted(bool),`
	`534`	`+ /// Not defined attributes enter this option.`
	`535`	`+ Unhandled(CK_ATTRIBUTE_TYPE, Vec<u8>),`
`529`	`536`	`}`
`530`	`537`
`531`	`538`	`impl Attribute {`
`@@ -591,6 +598,9 @@ impl Attribute {`
`591`	`598`	`Attribute::VerifyRecover(_) => AttributeType::VerifyRecover,`
`592`	`599`	`Attribute::Wrap(_) => AttributeType::Wrap,`
`593`	`600`	`Attribute::WrapWithTrusted(_) => AttributeType::WrapWithTrusted,`
	`601`	`+ Attribute::Unhandled(attribute_type, _) => {`
	`602`	`+ AttributeType::Unhandled(attribute_type.clone())`
	`603`	`+ }`
`594`	`604`	`}`
`595`	`605`	`}`
`596`	`606`
`@@ -658,6 +668,7 @@ impl Attribute {`
`658`	`668`	`Attribute::AllowedMechanisms(mechanisms) => {`
`659`	`669`	`size_of::<CK_MECHANISM_TYPE>() * mechanisms.len()`
`660`	`670`	`}`
	`671`	`+ Attribute::Unhandled(_, bytes) => bytes.len(),`
`661`	`672`	`}`
`662`	`673`	`}`
`663`	`674`
`@@ -730,7 +741,8 @@ impl Attribute {`
`730`	`741`	`\| Attribute::Subject(bytes)`
`731`	`742`	`\| Attribute::Url(bytes)`
`732`	`743`	`\| Attribute::Value(bytes)`
`733`		`- \| Attribute::Id(bytes) => bytes.as_ptr() as *mut c_void,`
	`744`	`+ \| Attribute::Id(bytes)`
	`745`	`+ \| Attribute::Unhandled(_, bytes) => bytes.as_ptr() as *mut c_void,`
`734`	`746`	`// Unique types`
`735`	`747`	`Attribute::CertificateType(certificate_type) => {`
`736`	`748`	`certificate_type as const _ as mut c_void`
`@@ -930,6 +942,7 @@ impl TryFrom<CK_ATTRIBUTE> for Attribute {`
`930`	`942`	`}`
`931`	`943`	`}`
`932`	`944`	`}`
	`945`	`+ AttributeType::Unhandled(_) => todo!(),`
`933`	`946`	`}`
`934`	`947`	`}`
`935`	`948`	`}`
`@@ -1006,6 +1019,8 @@ impl ObjectClass {`
`1006`	`1019`	`pub const MECHANISM: ObjectClass = ObjectClass { val: CKO_MECHANISM };`
`1007`	`1020`	`/// An OTP key object`
`1008`	`1021`	`pub const OTP_KEY: ObjectClass = ObjectClass { val: CKO_OTP_KEY };`
	`1022`	`+ /// A profile object`
	`1023`	`+ pub const PROFILE: ObjectClass = ObjectClass { val: CKO_PROFILE };`
`1009`	`1024`
`1010`	`1025`	`pub(crate) fn stringify(class: CK_OBJECT_CLASS) -> String {`
`1011`	`1026`	`match class {`
`@@ -1018,6 +1033,7 @@ impl ObjectClass {`
`1018`	`1033`	`CKO_DOMAIN_PARAMETERS => String::from(stringify!(CKO_DOMAIN_PARAMETERS)),`
`1019`	`1034`	`CKO_MECHANISM => String::from(stringify!(CKO_MECHANISM)),`
`1020`	`1035`	`CKO_OTP_KEY => String::from(stringify!(CKO_OTP_KEY)),`
	`1036`	`+ CKO_PROFILE => String::from(stringify!(CKO_PROFILE)),`
`1021`	`1037`	`_ => format!("unknown ({class:08x})"),`
`1022`	`1038`	`}`
`1023`	`1039`	`}`