55
66use core:: { convert:: TryInto , marker:: PhantomData , ptr, slice} ;
77
8- use crate :: object:: Attribute ;
8+ use crate :: object:: { Attribute , ObjectHandle } ;
99
1010use super :: MechanismType ;
1111
@@ -273,7 +273,7 @@ impl<'a> KbkdfCounterParams<'a> {
273273pub fn new (
274274 prf_mechanism : MechanismType ,
275275 prf_data_params : & ' a [ PrfCounterDataParam < ' a > ] ,
276- additional_derived_keys : & ' a mut [ DerivedKey < ' a > ] ,
276+ additional_derived_keys : Option < & ' a mut [ DerivedKey < ' a > ] > ,
277277 ) -> Self {
278278 Self {
279279 inner : cryptoki_sys:: CK_SP800_108_KDF_PARAMS {
@@ -283,31 +283,41 @@ impl<'a> KbkdfCounterParams<'a> {
283283 . try_into ( )
284284 . expect ( "number of data parameters does not fit in CK_ULONG" ) ,
285285 pDataParams : prf_data_params. as_ptr ( ) as cryptoki_sys:: CK_PRF_DATA_PARAM_PTR ,
286- ulAdditionalDerivedKeys : additional_derived_keys
287- . len ( )
288- . try_into ( )
289- . expect ( "number of additional derived keys does not fit in CK_ULONG" ) ,
290- pAdditionalDerivedKeys : additional_derived_keys. as_mut_ptr ( )
291- as cryptoki_sys:: CK_DERIVED_KEY_PTR ,
286+ ulAdditionalDerivedKeys : additional_derived_keys. as_ref ( ) . map_or ( 0 , |keys| {
287+ keys. len ( )
288+ . try_into ( )
289+ . expect ( "number of additional derived keys does not fit in CK_ULONG" )
290+ } ) ,
291+ pAdditionalDerivedKeys : additional_derived_keys. map_or ( ptr:: null_mut ( ) , |keys| {
292+ keys. as_mut_ptr ( ) as cryptoki_sys:: CK_DERIVED_KEY_PTR
293+ } ) ,
292294 } ,
293295 _marker : PhantomData ,
294296 }
295297 }
296298
297299 /// The additional keys derived by the KDF, as per the params
298- pub fn additional_derived_keys ( & self ) -> Vec < cryptoki_sys:: CK_OBJECT_HANDLE > {
299- let derived_keys = unsafe {
300- slice:: from_raw_parts (
301- self . inner . pAdditionalDerivedKeys ,
302- self . inner . ulAdditionalDerivedKeys as _ ,
303- )
304- } ;
300+ pub ( crate ) fn additional_derived_keys ( & self ) -> Option < Vec < ObjectHandle > > {
301+ if self . inner . ulAdditionalDerivedKeys == 0 {
302+ None
303+ } else {
304+ // SAFETY: if the number of derived keys > 0, then at least one was explicitly provided during construction
305+ let derived_keys = unsafe {
306+ slice:: from_raw_parts (
307+ self . inner . pAdditionalDerivedKeys ,
308+ self . inner . ulAdditionalDerivedKeys as _ ,
309+ )
310+ } ;
305311
306- unsafe {
307- derived_keys
308- . iter ( )
309- . map ( |derived_key| * derived_key. phKey )
310- . collect ( )
312+ Some (
313+ derived_keys
314+ . iter ( )
315+ . map ( |derived_key| {
316+ // SAFETY: a value is always provided during construction
317+ ObjectHandle :: new ( unsafe { * derived_key. phKey } )
318+ } )
319+ . collect ( ) ,
320+ )
311321 }
312322 }
313323}
@@ -340,7 +350,7 @@ impl<'a> KbkdfFeedbackParams<'a> {
340350 prf_mechanism : MechanismType ,
341351 prf_data_params : & ' a [ PrfDataParam < ' a > ] ,
342352 iv : Option < & ' a [ u8 ] > ,
343- additional_derived_keys : & ' a mut [ DerivedKey < ' a > ] ,
353+ additional_derived_keys : Option < & ' a mut [ DerivedKey < ' a > ] > ,
344354 ) -> Self {
345355 Self {
346356 inner : cryptoki_sys:: CK_SP800_108_FEEDBACK_KDF_PARAMS {
@@ -356,31 +366,41 @@ impl<'a> KbkdfFeedbackParams<'a> {
356366 . expect ( "IV length does not fit in CK_ULONG" )
357367 } ) ,
358368 pIV : iv. map_or ( ptr:: null_mut ( ) , |iv| iv. as_ptr ( ) as * mut _ ) ,
359- ulAdditionalDerivedKeys : additional_derived_keys
360- . len ( )
361- . try_into ( )
362- . expect ( "number of additional derived keys does not fit in CK_ULONG" ) ,
363- pAdditionalDerivedKeys : additional_derived_keys. as_mut_ptr ( )
364- as cryptoki_sys:: CK_DERIVED_KEY_PTR ,
369+ ulAdditionalDerivedKeys : additional_derived_keys. as_ref ( ) . map_or ( 0 , |keys| {
370+ keys. len ( )
371+ . try_into ( )
372+ . expect ( "number of additional derived keys does not fit in CK_ULONG" )
373+ } ) ,
374+ pAdditionalDerivedKeys : additional_derived_keys. map_or ( ptr:: null_mut ( ) , |keys| {
375+ keys. as_mut_ptr ( ) as cryptoki_sys:: CK_DERIVED_KEY_PTR
376+ } ) ,
365377 } ,
366378 _marker : PhantomData ,
367379 }
368380 }
369381
370382 /// The additional keys derived by the KDF, as per the params
371- pub fn additional_derived_keys ( & self ) -> Vec < cryptoki_sys:: CK_OBJECT_HANDLE > {
372- let derived_keys = unsafe {
373- slice:: from_raw_parts (
374- self . inner . pAdditionalDerivedKeys ,
375- self . inner . ulAdditionalDerivedKeys as _ ,
376- )
377- } ;
383+ pub ( crate ) fn additional_derived_keys ( & self ) -> Option < Vec < ObjectHandle > > {
384+ if self . inner . ulAdditionalDerivedKeys == 0 {
385+ None
386+ } else {
387+ // SAFETY: if the number of derived keys > 0, then at least one was explicitly provided during construction
388+ let derived_keys = unsafe {
389+ slice:: from_raw_parts (
390+ self . inner . pAdditionalDerivedKeys ,
391+ self . inner . ulAdditionalDerivedKeys as _ ,
392+ )
393+ } ;
378394
379- unsafe {
380- derived_keys
381- . iter ( )
382- . map ( |derived_key| * derived_key. phKey )
383- . collect ( )
395+ Some (
396+ derived_keys
397+ . iter ( )
398+ . map ( |derived_key| {
399+ // SAFETY: a value is always provided during construction
400+ ObjectHandle :: new ( unsafe { * derived_key. phKey } )
401+ } )
402+ . collect ( ) ,
403+ )
384404 }
385405 }
386406}
@@ -410,7 +430,7 @@ impl<'a> KbkdfDoublePipelineParams<'a> {
410430pub fn new (
411431 prf_mechanism : MechanismType ,
412432 prf_data_params : & ' a [ PrfDataParam < ' a > ] ,
413- additional_derived_keys : & ' a mut [ DerivedKey < ' a > ] ,
433+ additional_derived_keys : Option < & ' a mut [ DerivedKey < ' a > ] > ,
414434 ) -> Self {
415435 Self {
416436 inner : cryptoki_sys:: CK_SP800_108_KDF_PARAMS {
@@ -420,31 +440,41 @@ impl<'a> KbkdfDoublePipelineParams<'a> {
420440 . try_into ( )
421441 . expect ( "number of data parameters does not fit in CK_ULONG" ) ,
422442 pDataParams : prf_data_params. as_ptr ( ) as cryptoki_sys:: CK_PRF_DATA_PARAM_PTR ,
423- ulAdditionalDerivedKeys : additional_derived_keys
424- . len ( )
425- . try_into ( )
426- . expect ( "number of additional derived keys does not fit in CK_ULONG" ) ,
427- pAdditionalDerivedKeys : additional_derived_keys. as_mut_ptr ( )
428- as cryptoki_sys:: CK_DERIVED_KEY_PTR ,
443+ ulAdditionalDerivedKeys : additional_derived_keys. as_ref ( ) . map_or ( 0 , |keys| {
444+ keys. len ( )
445+ . try_into ( )
446+ . expect ( "number of additional derived keys does not fit in CK_ULONG" )
447+ } ) ,
448+ pAdditionalDerivedKeys : additional_derived_keys. map_or ( ptr:: null_mut ( ) , |keys| {
449+ keys. as_mut_ptr ( ) as cryptoki_sys:: CK_DERIVED_KEY_PTR
450+ } ) ,
429451 } ,
430452 _marker : PhantomData ,
431453 }
432454 }
433455
434456 /// The additional keys derived by the KDF, as per the params
435- pub fn additional_derived_keys ( & self ) -> Vec < cryptoki_sys:: CK_OBJECT_HANDLE > {
436- let derived_keys = unsafe {
437- slice:: from_raw_parts (
438- self . inner . pAdditionalDerivedKeys ,
439- self . inner . ulAdditionalDerivedKeys as _ ,
440- )
441- } ;
457+ pub ( crate ) fn additional_derived_keys ( & self ) -> Option < Vec < ObjectHandle > > {
458+ if self . inner . ulAdditionalDerivedKeys == 0 {
459+ None
460+ } else {
461+ // SAFETY: if the number of derived keys > 0, then at least one was explicitly provided during construction
462+ let derived_keys = unsafe {
463+ slice:: from_raw_parts (
464+ self . inner . pAdditionalDerivedKeys ,
465+ self . inner . ulAdditionalDerivedKeys as _ ,
466+ )
467+ } ;
442468
443- unsafe {
444- derived_keys
445- . iter ( )
446- . map ( |derived_key| * derived_key. phKey )
447- . collect ( )
469+ Some (
470+ derived_keys
471+ . iter ( )
472+ . map ( |derived_key| {
473+ // SAFETY: a value is always provided during construction
474+ ObjectHandle :: new ( unsafe { * derived_key. phKey } )
475+ } )
476+ . collect ( ) ,
477+ )
448478 }
449479 }
450480}
0 commit comments