Add support to get session validation flags

Jakuje · Jakuje · commit 8eb5ff8f42a8 · 2025-08-18T18:39:59.000+02:00
Signed-off-by: Jakub Jelen &lt;jjelen@redhat.com&gt;
diff --git a/cryptoki/src/session/mod.rs b/cryptoki/src/session/mod.rs
@@ -21,9 +21,11 @@ mod session_info;
 mod session_management;
 mod signing_macing;
 mod slot_token_management;
+mod validation;
 
 pub use object_management::ObjectHandleIterator;
 pub use session_info::{SessionInfo, SessionState};
+pub use validation::ValidationFlagsType;
 
 /// Type that identifies a session
 ///
diff --git a/cryptoki/src/session/validation.rs b/cryptoki/src/session/validation.rs
@@ -0,0 +1,68 @@
+// Copyright 2025 Contributors to the Parsec project.
+// SPDX-License-Identifier: Apache-2.0
+//! Session Validation
+
+use crate::context::Function;
+use crate::error::{Result, Rv};
+use crate::session::Session;
+use cryptoki_sys::*;
+use std::fmt::{Debug, Formatter};
+use std::ops::Deref;
+
+/// The type of validation flag to query
+#[derive(Copy, Clone, Debug)]
+pub struct ValidationFlagsType {
+    val: CK_SESSION_VALIDATION_FLAGS_TYPE,
+}
+
+impl ValidationFlagsType {
+    /// Check the last operation met all requirements of a validated mechanism.
+    pub const VALIDATION_OK: ValidationFlagsType = ValidationFlagsType {
+        val: CKS_LAST_VALIDATION_OK,
+    };
+
+    pub(crate) fn stringify(flags: CK_SESSION_VALIDATION_FLAGS_TYPE) -> String {
+        match flags {
+            CKS_LAST_VALIDATION_OK => String::from(stringify!(CKS_LAST_VALIDATION_OK)),
+            _ => format!("unknown ({flags:08x})"),
+        }
+    }
+}
+
+impl std::fmt::Display for ValidationFlagsType {
+    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
+        write!(f, "{}", ValidationFlagsType::stringify(self.val))
+    }
+}
+
+impl Deref for ValidationFlagsType {
+    type Target = CK_SESSION_VALIDATION_FLAGS_TYPE;
+
+    fn deref(&self) -> &Self::Target {
+        &self.val
+    }
+}
+
+impl From<ValidationFlagsType> for CK_SESSION_VALIDATION_FLAGS_TYPE {
+    fn from(val: ValidationFlagsType) -> Self {
+        *val
+    }
+}
+
+impl Session {
+    /// Get requested validation flags from the session
+    ///
+    /// The only supported flag as for PKCS#11 3.2 is `ValidationFlagsType::VALIDATION_OK`
+    pub fn get_validation_flags(&self, flags_type: ValidationFlagsType) -> Result<CK_FLAGS> {
+        let mut flags: CK_FLAGS = 0;
+        unsafe {
+            Rv::from(get_pkcs11!(self.client(), C_GetSessionValidationFlags)(
+                self.handle(),
+                flags_type.into(),
+                &mut flags,
+            ))
+            .into_result(Function::GetSessionValidationFlags)?;
+        }
+        Ok(flags)
+    }
+}
