Add pub unsafe accessors for object/session handles and ObjectHandle new

Signed-off-by: Jack Shannon <[email protected]>

Author: jhshannon17

cryptoki/src/object.rs

@@ -1029,9 +1029,23 @@ impl ObjectHandle {
         ObjectHandle { handle }
     }
 
+    /// Create a new object handle from a raw handle.
+    /// # Safety
+    /// Considered unsafe due to ability for client to arbitrarily create object handles.
+    pub unsafe fn new_from_raw(handle: CK_OBJECT_HANDLE) -> Self {
+        ObjectHandle { handle }
+    }
+
     pub(crate) fn handle(&self) -> CK_OBJECT_HANDLE {
         self.handle
     }
+
+    /// Get the raw handle of the object.
+    /// # Safety
+    /// Considered unsafe because of pub access to the underlying handle type.
+    pub unsafe fn raw_handle(&self) -> CK_OBJECT_HANDLE {
+        self.handle
+    }
 }
 
 impl std::fmt::Display for ObjectHandle {

cryptoki/src/session/mod.rs

@@ -80,6 +80,13 @@ impl Session {
         self.handle
     }
 
+    /// Get the raw handle of the session.
+    /// # Safety
+    /// Considered unsafe because of pub access to the underlying handle type.
+    pub unsafe fn raw_handle(&self) -> CK_SESSION_HANDLE {
+        self.handle
+    }
+
     pub(crate) fn client(&self) -> &Pkcs11 {
         &self.client
     }

cryptoki/tests/common/mod.rs

@@ -11,7 +11,7 @@ pub static USER_PIN: &str = "fedcba";
 // The default SO pin
 pub static SO_PIN: &str = "abcdef";
 
-fn get_pkcs11_path() -> String {
+pub fn get_pkcs11_path() -> String {
     env::var("TEST_PKCS11_MODULE")
         .unwrap_or_else(|_| "/usr/local/lib/softhsm/libsofthsm2.so".to_string())
 }
@@ -26,13 +26,26 @@ pub fn is_kryoptic() -> bool {
     get_pkcs11_path().contains("kryoptic")
 }
 
+#[allow(dead_code)]
 pub fn get_pkcs11() -> Pkcs11 {
     Pkcs11::new(get_pkcs11_path()).unwrap()
 }
 
+#[allow(dead_code)]
+pub fn get_pkcs11_from_self() -> Pkcs11 {
+    Pkcs11::new_from_self().unwrap()
+}
+
+#[allow(dead_code)]
 pub fn init_pins() -> (Pkcs11, Slot) {
     let pkcs11 = get_pkcs11();
 
+    let slot = init_pins_from_pkcs11(&pkcs11);
+
+    (pkcs11, slot)
+}
+
+pub fn init_pins_from_pkcs11(pkcs11: &Pkcs11) -> Slot {
     // initialize the library
     pkcs11.initialize(CInitializeArgs::OsThreads).unwrap();
 
@@ -50,7 +63,7 @@ pub fn init_pins() -> (Pkcs11, Slot) {
         session.init_pin(&AuthPin::new(USER_PIN.into())).unwrap();
     }
 
-    (pkcs11, slot)
+    slot
 }
 
 #[allow(dead_code)]

cryptoki/tests/vendor_extensions.rs

@@ -0,0 +1,168 @@
+// Copyright 2021 Contributors to the Parsec project.
+// SPDX-License-Identifier: Apache-2.0
+#![allow(non_camel_case_types)]
+#![allow(non_snake_case)]
+
+mod common;
+
+use crate::common::{get_pkcs11_path, USER_PIN};
+use common::{get_pkcs11_from_self, init_pins_from_pkcs11};
+use cryptoki::context::Function;
+use cryptoki::error::{Result, Rv};
+use cryptoki::mechanism::Mechanism;
+use cryptoki::object::{Attribute, AttributeType, KeyType, ObjectClass, ObjectHandle};
+use cryptoki::session::{Session, UserType};
+use cryptoki::types::AuthPin;
+use cryptoki_sys::{
+    CK_ATTRIBUTE, CK_MECHANISM, CK_MECHANISM_PTR, CK_OBJECT_HANDLE, CK_RV, CK_SESSION_HANDLE,
+    CK_ULONG,
+};
+use libloading::os::unix::{RTLD_GLOBAL, RTLD_NOW};
+use serial_test::serial;
+
+use testresult::TestResult;
+
+type C_DeriveKey = unsafe extern "C" fn(
+    arg1: CK_SESSION_HANDLE,
+    arg2: *mut CK_MECHANISM,
+    arg3: CK_OBJECT_HANDLE,
+    arg4: *mut CK_ATTRIBUTE,
+    arg5: CK_ULONG,
+    arg6: *mut CK_OBJECT_HANDLE,
+) -> CK_RV;
+
+fn load_from_library(library_path: String) -> Result<(libloading::Library, C_DeriveKey)> {
+    let library = unsafe {
+        libloading::os::unix::Library::open(Some(library_path), RTLD_NOW | RTLD_GLOBAL)
+            .expect("this should never fail")
+    };
+
+    let C_DeriveKey = unsafe { library.get(b"C_DeriveKey\0").map(|sym| *sym) }?;
+
+    Ok((library.into(), C_DeriveKey))
+}
+
+trait VendorDeriveKey {
+    fn vendor_derive_key(
+        &self,
+        vendor_fn: C_DeriveKey,
+        mechanism: &Mechanism,
+        base_key: ObjectHandle,
+        template: &[Attribute],
+    ) -> Result<ObjectHandle>;
+}
+
+impl VendorDeriveKey for Session {
+    /// re-implement derive_key to test unsafe accessors for vendor extensions
+    fn vendor_derive_key(
+        &self,
+        vendor_fn: C_DeriveKey,
+        mechanism: &Mechanism,
+        base_key: ObjectHandle,
+        template: &[Attribute],
+    ) -> Result<ObjectHandle> {
+        let mut mechanism: CK_MECHANISM = mechanism.into();
+        let mut template: Vec<CK_ATTRIBUTE> = template.iter().map(|attr| attr.into()).collect();
+        let mut handle = 0;
+        unsafe {
+            Rv::from(vendor_fn(
+                self.raw_handle(),
+                &mut mechanism as CK_MECHANISM_PTR,
+                base_key.raw_handle(),
+                template.as_mut_ptr(),
+                template.len().try_into()?,
+                &mut handle,
+            ))
+            .into_result(Function::DeriveKey)?;
+
+            Ok(ObjectHandle::new_from_raw(handle))
+        }
+    }
+}
+
+#[test]
+#[serial]
+fn unsafe_accessors_for_vendor_extension() -> TestResult {
+    let (_library, C_DeriveKey) = load_from_library(get_pkcs11_path())?;
+    let pkcs11 = get_pkcs11_from_self();
+    let slot = init_pins_from_pkcs11(&pkcs11);
+
+    // open a session
+    let session = pkcs11.open_rw_session(slot)?;
+
+    // log in the session
+    session.login(UserType::User, Some(&AuthPin::new(USER_PIN.into())))?;
+
+    // get mechanism
+    let mechanism = Mechanism::EccKeyPairGen;
+
+    let secp256r1_oid: Vec<u8> = vec![0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07];
+
+    // pub key template
+    let pub_key_template = vec![
+        Attribute::Token(true),
+        Attribute::Private(false),
+        Attribute::Derive(true),
+        Attribute::KeyType(KeyType::EC),
+        Attribute::Verify(true),
+        Attribute::EcParams(secp256r1_oid),
+    ];
+
+    // priv key template
+    let priv_key_template = vec![
+        Attribute::Token(true),
+        Attribute::Private(true),
+        Attribute::Sensitive(true),
+        Attribute::Extractable(false),
+        Attribute::Derive(true),
+        Attribute::Sign(true),
+    ];
+
+    // generate a key pair
+    let (public, private) =
+        session.generate_key_pair(&mechanism, &pub_key_template, &priv_key_template)?;
+
+    let ec_point_attribute = session
+        .get_attributes(public, &[AttributeType::EcPoint])?
+        .remove(0);
+
+    let ec_point = if let Attribute::EcPoint(point) = ec_point_attribute {
+        point
+    } else {
+        panic!("Expected EC point attribute.");
+    };
+
+    use cryptoki::mechanism::elliptic_curve::*;
+
+    let params = Ecdh1DeriveParams::new(EcKdf::null(), &ec_point);
+
+    let shared_secret = session.vendor_derive_key(
+        C_DeriveKey,
+        &Mechanism::Ecdh1Derive(params),
+        private,
+        &[
+            Attribute::Class(ObjectClass::SECRET_KEY),
+            Attribute::KeyType(KeyType::GENERIC_SECRET),
+            Attribute::Sensitive(false),
+            Attribute::Extractable(true),
+            Attribute::Token(false),
+        ],
+    )?;
+
+    let value_attribute = session
+        .get_attributes(shared_secret, &[AttributeType::Value])?
+        .remove(0);
+    let value = if let Attribute::Value(value) = value_attribute {
+        value
+    } else {
+        panic!("Expected value attribute.");
+    };
+
+    assert_eq!(value.len(), 32);
+
+    // delete keys
+    session.destroy_object(public)?;
+    session.destroy_object(private)?;
+
+    Ok(())
+}