diff --git a/cryptoki-sys/build.rs b/cryptoki-sys/build.rs index 582a4b31..c1dec796 100644 --- a/cryptoki-sys/build.rs +++ b/cryptoki-sys/build.rs @@ -31,6 +31,7 @@ mod generate { ("CKC_", "CK_CERTIFICATE_TYPE"), ("CKD_", "CK_EC_KDF_TYPE"), ("CKF_", "CK_FLAGS"), + ("CKV_", "CK_ULONG"), ("CKG_MGF1_", "CK_RSA_PKCS_MGF_TYPE"), ("CKG", "CK_GENERATOR_FUNCTION"), ("CKH_", "CK_HW_FEATURE_TYPE"), diff --git a/cryptoki-sys/src/bindings/aarch64-apple-darwin.rs b/cryptoki-sys/src/bindings/aarch64-apple-darwin.rs index f508810d..c10d7fa1 100644 --- a/cryptoki-sys/src/bindings/aarch64-apple-darwin.rs +++ b/cryptoki-sys/src/bindings/aarch64-apple-darwin.rs @@ -1039,14 +1039,14 @@ pub const CKT_TRUST_MUST_VERIFY_TRUST: u32 = 4; pub const CKU_SO: CK_USER_TYPE = 0; pub const CKU_USER: CK_USER_TYPE = 1; pub const CKU_CONTEXT_SPECIFIC: CK_USER_TYPE = 2; -pub const CKV_AUTHORITY_TYPE_UNSPECIFIED: u32 = 0; -pub const CKV_AUTHORITY_TYPE_NIST_CMVP: u32 = 1; -pub const CKV_AUTHORITY_TYPE_COMMON_CRITERIA: u32 = 2; -pub const CKV_TYPE_UNSPECIFIED: u32 = 0; -pub const CKV_TYPE_SOFTWARE: u32 = 1; -pub const CKV_TYPE_HARDWARE: u32 = 2; -pub const CKV_TYPE_FIRMWARE: u32 = 3; -pub const CKV_TYPE_HYBRID: u32 = 4; +pub const CKV_AUTHORITY_TYPE_UNSPECIFIED: CK_ULONG = 0; +pub const CKV_AUTHORITY_TYPE_NIST_CMVP: CK_ULONG = 1; +pub const CKV_AUTHORITY_TYPE_COMMON_CRITERIA: CK_ULONG = 2; +pub const CKV_TYPE_UNSPECIFIED: CK_ULONG = 0; +pub const CKV_TYPE_SOFTWARE: CK_ULONG = 1; +pub const CKV_TYPE_HARDWARE: CK_ULONG = 2; +pub const CKV_TYPE_FIRMWARE: CK_ULONG = 3; +pub const CKV_TYPE_HYBRID: CK_ULONG = 4; pub const CKZ_DATA_SPECIFIED: CK_RSA_PKCS_OAEP_SOURCE_TYPE = 1; pub const CKZ_SALT_SPECIFIED: CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE = 1; pub type CK_BBOOL = ::std::os::raw::c_uchar; diff --git a/cryptoki-sys/src/bindings/aarch64-unknown-linux-gnu.rs b/cryptoki-sys/src/bindings/aarch64-unknown-linux-gnu.rs index f508810d..c10d7fa1 100644 --- a/cryptoki-sys/src/bindings/aarch64-unknown-linux-gnu.rs +++ b/cryptoki-sys/src/bindings/aarch64-unknown-linux-gnu.rs @@ -1039,14 +1039,14 @@ pub const CKT_TRUST_MUST_VERIFY_TRUST: u32 = 4; pub const CKU_SO: CK_USER_TYPE = 0; pub const CKU_USER: CK_USER_TYPE = 1; pub const CKU_CONTEXT_SPECIFIC: CK_USER_TYPE = 2; -pub const CKV_AUTHORITY_TYPE_UNSPECIFIED: u32 = 0; -pub const CKV_AUTHORITY_TYPE_NIST_CMVP: u32 = 1; -pub const CKV_AUTHORITY_TYPE_COMMON_CRITERIA: u32 = 2; -pub const CKV_TYPE_UNSPECIFIED: u32 = 0; -pub const CKV_TYPE_SOFTWARE: u32 = 1; -pub const CKV_TYPE_HARDWARE: u32 = 2; -pub const CKV_TYPE_FIRMWARE: u32 = 3; -pub const CKV_TYPE_HYBRID: u32 = 4; +pub const CKV_AUTHORITY_TYPE_UNSPECIFIED: CK_ULONG = 0; +pub const CKV_AUTHORITY_TYPE_NIST_CMVP: CK_ULONG = 1; +pub const CKV_AUTHORITY_TYPE_COMMON_CRITERIA: CK_ULONG = 2; +pub const CKV_TYPE_UNSPECIFIED: CK_ULONG = 0; +pub const CKV_TYPE_SOFTWARE: CK_ULONG = 1; +pub const CKV_TYPE_HARDWARE: CK_ULONG = 2; +pub const CKV_TYPE_FIRMWARE: CK_ULONG = 3; +pub const CKV_TYPE_HYBRID: CK_ULONG = 4; pub const CKZ_DATA_SPECIFIED: CK_RSA_PKCS_OAEP_SOURCE_TYPE = 1; pub const CKZ_SALT_SPECIFIED: CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE = 1; pub type CK_BBOOL = ::std::os::raw::c_uchar; diff --git a/cryptoki-sys/src/bindings/arm-unknown-linux-gnueabi.rs b/cryptoki-sys/src/bindings/arm-unknown-linux-gnueabi.rs index c6d1e04f..1815c3df 100644 --- a/cryptoki-sys/src/bindings/arm-unknown-linux-gnueabi.rs +++ b/cryptoki-sys/src/bindings/arm-unknown-linux-gnueabi.rs @@ -1039,14 +1039,14 @@ pub const CKT_TRUST_MUST_VERIFY_TRUST: u32 = 4; pub const CKU_SO: CK_USER_TYPE = 0; pub const CKU_USER: CK_USER_TYPE = 1; pub const CKU_CONTEXT_SPECIFIC: CK_USER_TYPE = 2; -pub const CKV_AUTHORITY_TYPE_UNSPECIFIED: u32 = 0; -pub const CKV_AUTHORITY_TYPE_NIST_CMVP: u32 = 1; -pub const CKV_AUTHORITY_TYPE_COMMON_CRITERIA: u32 = 2; -pub const CKV_TYPE_UNSPECIFIED: u32 = 0; -pub const CKV_TYPE_SOFTWARE: u32 = 1; -pub const CKV_TYPE_HARDWARE: u32 = 2; -pub const CKV_TYPE_FIRMWARE: u32 = 3; -pub const CKV_TYPE_HYBRID: u32 = 4; +pub const CKV_AUTHORITY_TYPE_UNSPECIFIED: CK_ULONG = 0; +pub const CKV_AUTHORITY_TYPE_NIST_CMVP: CK_ULONG = 1; +pub const CKV_AUTHORITY_TYPE_COMMON_CRITERIA: CK_ULONG = 2; +pub const CKV_TYPE_UNSPECIFIED: CK_ULONG = 0; +pub const CKV_TYPE_SOFTWARE: CK_ULONG = 1; +pub const CKV_TYPE_HARDWARE: CK_ULONG = 2; +pub const CKV_TYPE_FIRMWARE: CK_ULONG = 3; +pub const CKV_TYPE_HYBRID: CK_ULONG = 4; pub const CKZ_DATA_SPECIFIED: CK_RSA_PKCS_OAEP_SOURCE_TYPE = 1; pub const CKZ_SALT_SPECIFIED: CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE = 1; pub type CK_BBOOL = ::std::os::raw::c_uchar; diff --git a/cryptoki-sys/src/bindings/generic.rs b/cryptoki-sys/src/bindings/generic.rs index 366382e4..d9b090c4 100644 --- a/cryptoki-sys/src/bindings/generic.rs +++ b/cryptoki-sys/src/bindings/generic.rs @@ -1039,14 +1039,14 @@ pub const CKT_TRUST_MUST_VERIFY_TRUST: u32 = 4; pub const CKU_SO: CK_USER_TYPE = 0; pub const CKU_USER: CK_USER_TYPE = 1; pub const CKU_CONTEXT_SPECIFIC: CK_USER_TYPE = 2; -pub const CKV_AUTHORITY_TYPE_UNSPECIFIED: u32 = 0; -pub const CKV_AUTHORITY_TYPE_NIST_CMVP: u32 = 1; -pub const CKV_AUTHORITY_TYPE_COMMON_CRITERIA: u32 = 2; -pub const CKV_TYPE_UNSPECIFIED: u32 = 0; -pub const CKV_TYPE_SOFTWARE: u32 = 1; -pub const CKV_TYPE_HARDWARE: u32 = 2; -pub const CKV_TYPE_FIRMWARE: u32 = 3; -pub const CKV_TYPE_HYBRID: u32 = 4; +pub const CKV_AUTHORITY_TYPE_UNSPECIFIED: CK_ULONG = 0; +pub const CKV_AUTHORITY_TYPE_NIST_CMVP: CK_ULONG = 1; +pub const CKV_AUTHORITY_TYPE_COMMON_CRITERIA: CK_ULONG = 2; +pub const CKV_TYPE_UNSPECIFIED: CK_ULONG = 0; +pub const CKV_TYPE_SOFTWARE: CK_ULONG = 1; +pub const CKV_TYPE_HARDWARE: CK_ULONG = 2; +pub const CKV_TYPE_FIRMWARE: CK_ULONG = 3; +pub const CKV_TYPE_HYBRID: CK_ULONG = 4; pub const CKZ_DATA_SPECIFIED: CK_RSA_PKCS_OAEP_SOURCE_TYPE = 1; pub const CKZ_SALT_SPECIFIED: CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE = 1; pub type CK_BBOOL = ::std::os::raw::c_uchar; diff --git a/cryptoki-sys/src/bindings/i686-unknown-linux-gnu.rs b/cryptoki-sys/src/bindings/i686-unknown-linux-gnu.rs index c6d1e04f..1815c3df 100644 --- a/cryptoki-sys/src/bindings/i686-unknown-linux-gnu.rs +++ b/cryptoki-sys/src/bindings/i686-unknown-linux-gnu.rs @@ -1039,14 +1039,14 @@ pub const CKT_TRUST_MUST_VERIFY_TRUST: u32 = 4; pub const CKU_SO: CK_USER_TYPE = 0; pub const CKU_USER: CK_USER_TYPE = 1; pub const CKU_CONTEXT_SPECIFIC: CK_USER_TYPE = 2; -pub const CKV_AUTHORITY_TYPE_UNSPECIFIED: u32 = 0; -pub const CKV_AUTHORITY_TYPE_NIST_CMVP: u32 = 1; -pub const CKV_AUTHORITY_TYPE_COMMON_CRITERIA: u32 = 2; -pub const CKV_TYPE_UNSPECIFIED: u32 = 0; -pub const CKV_TYPE_SOFTWARE: u32 = 1; -pub const CKV_TYPE_HARDWARE: u32 = 2; -pub const CKV_TYPE_FIRMWARE: u32 = 3; -pub const CKV_TYPE_HYBRID: u32 = 4; +pub const CKV_AUTHORITY_TYPE_UNSPECIFIED: CK_ULONG = 0; +pub const CKV_AUTHORITY_TYPE_NIST_CMVP: CK_ULONG = 1; +pub const CKV_AUTHORITY_TYPE_COMMON_CRITERIA: CK_ULONG = 2; +pub const CKV_TYPE_UNSPECIFIED: CK_ULONG = 0; +pub const CKV_TYPE_SOFTWARE: CK_ULONG = 1; +pub const CKV_TYPE_HARDWARE: CK_ULONG = 2; +pub const CKV_TYPE_FIRMWARE: CK_ULONG = 3; +pub const CKV_TYPE_HYBRID: CK_ULONG = 4; pub const CKZ_DATA_SPECIFIED: CK_RSA_PKCS_OAEP_SOURCE_TYPE = 1; pub const CKZ_SALT_SPECIFIED: CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE = 1; pub type CK_BBOOL = ::std::os::raw::c_uchar; diff --git a/cryptoki-sys/src/bindings/loongarch64-unknown-linux-gnu.rs b/cryptoki-sys/src/bindings/loongarch64-unknown-linux-gnu.rs index f508810d..c10d7fa1 100644 --- a/cryptoki-sys/src/bindings/loongarch64-unknown-linux-gnu.rs +++ b/cryptoki-sys/src/bindings/loongarch64-unknown-linux-gnu.rs @@ -1039,14 +1039,14 @@ pub const CKT_TRUST_MUST_VERIFY_TRUST: u32 = 4; pub const CKU_SO: CK_USER_TYPE = 0; pub const CKU_USER: CK_USER_TYPE = 1; pub const CKU_CONTEXT_SPECIFIC: CK_USER_TYPE = 2; -pub const CKV_AUTHORITY_TYPE_UNSPECIFIED: u32 = 0; -pub const CKV_AUTHORITY_TYPE_NIST_CMVP: u32 = 1; -pub const CKV_AUTHORITY_TYPE_COMMON_CRITERIA: u32 = 2; -pub const CKV_TYPE_UNSPECIFIED: u32 = 0; -pub const CKV_TYPE_SOFTWARE: u32 = 1; -pub const CKV_TYPE_HARDWARE: u32 = 2; -pub const CKV_TYPE_FIRMWARE: u32 = 3; -pub const CKV_TYPE_HYBRID: u32 = 4; +pub const CKV_AUTHORITY_TYPE_UNSPECIFIED: CK_ULONG = 0; +pub const CKV_AUTHORITY_TYPE_NIST_CMVP: CK_ULONG = 1; +pub const CKV_AUTHORITY_TYPE_COMMON_CRITERIA: CK_ULONG = 2; +pub const CKV_TYPE_UNSPECIFIED: CK_ULONG = 0; +pub const CKV_TYPE_SOFTWARE: CK_ULONG = 1; +pub const CKV_TYPE_HARDWARE: CK_ULONG = 2; +pub const CKV_TYPE_FIRMWARE: CK_ULONG = 3; +pub const CKV_TYPE_HYBRID: CK_ULONG = 4; pub const CKZ_DATA_SPECIFIED: CK_RSA_PKCS_OAEP_SOURCE_TYPE = 1; pub const CKZ_SALT_SPECIFIED: CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE = 1; pub type CK_BBOOL = ::std::os::raw::c_uchar; diff --git a/cryptoki-sys/src/bindings/powerpc64-unknown-linux-gnu.rs b/cryptoki-sys/src/bindings/powerpc64-unknown-linux-gnu.rs index f508810d..c10d7fa1 100644 --- a/cryptoki-sys/src/bindings/powerpc64-unknown-linux-gnu.rs +++ b/cryptoki-sys/src/bindings/powerpc64-unknown-linux-gnu.rs @@ -1039,14 +1039,14 @@ pub const CKT_TRUST_MUST_VERIFY_TRUST: u32 = 4; pub const CKU_SO: CK_USER_TYPE = 0; pub const CKU_USER: CK_USER_TYPE = 1; pub const CKU_CONTEXT_SPECIFIC: CK_USER_TYPE = 2; -pub const CKV_AUTHORITY_TYPE_UNSPECIFIED: u32 = 0; -pub const CKV_AUTHORITY_TYPE_NIST_CMVP: u32 = 1; -pub const CKV_AUTHORITY_TYPE_COMMON_CRITERIA: u32 = 2; -pub const CKV_TYPE_UNSPECIFIED: u32 = 0; -pub const CKV_TYPE_SOFTWARE: u32 = 1; -pub const CKV_TYPE_HARDWARE: u32 = 2; -pub const CKV_TYPE_FIRMWARE: u32 = 3; -pub const CKV_TYPE_HYBRID: u32 = 4; +pub const CKV_AUTHORITY_TYPE_UNSPECIFIED: CK_ULONG = 0; +pub const CKV_AUTHORITY_TYPE_NIST_CMVP: CK_ULONG = 1; +pub const CKV_AUTHORITY_TYPE_COMMON_CRITERIA: CK_ULONG = 2; +pub const CKV_TYPE_UNSPECIFIED: CK_ULONG = 0; +pub const CKV_TYPE_SOFTWARE: CK_ULONG = 1; +pub const CKV_TYPE_HARDWARE: CK_ULONG = 2; +pub const CKV_TYPE_FIRMWARE: CK_ULONG = 3; +pub const CKV_TYPE_HYBRID: CK_ULONG = 4; pub const CKZ_DATA_SPECIFIED: CK_RSA_PKCS_OAEP_SOURCE_TYPE = 1; pub const CKZ_SALT_SPECIFIED: CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE = 1; pub type CK_BBOOL = ::std::os::raw::c_uchar; diff --git a/cryptoki-sys/src/bindings/riscv64gc-unknown-linux-gnu.rs b/cryptoki-sys/src/bindings/riscv64gc-unknown-linux-gnu.rs index f508810d..c10d7fa1 100644 --- a/cryptoki-sys/src/bindings/riscv64gc-unknown-linux-gnu.rs +++ b/cryptoki-sys/src/bindings/riscv64gc-unknown-linux-gnu.rs @@ -1039,14 +1039,14 @@ pub const CKT_TRUST_MUST_VERIFY_TRUST: u32 = 4; pub const CKU_SO: CK_USER_TYPE = 0; pub const CKU_USER: CK_USER_TYPE = 1; pub const CKU_CONTEXT_SPECIFIC: CK_USER_TYPE = 2; -pub const CKV_AUTHORITY_TYPE_UNSPECIFIED: u32 = 0; -pub const CKV_AUTHORITY_TYPE_NIST_CMVP: u32 = 1; -pub const CKV_AUTHORITY_TYPE_COMMON_CRITERIA: u32 = 2; -pub const CKV_TYPE_UNSPECIFIED: u32 = 0; -pub const CKV_TYPE_SOFTWARE: u32 = 1; -pub const CKV_TYPE_HARDWARE: u32 = 2; -pub const CKV_TYPE_FIRMWARE: u32 = 3; -pub const CKV_TYPE_HYBRID: u32 = 4; +pub const CKV_AUTHORITY_TYPE_UNSPECIFIED: CK_ULONG = 0; +pub const CKV_AUTHORITY_TYPE_NIST_CMVP: CK_ULONG = 1; +pub const CKV_AUTHORITY_TYPE_COMMON_CRITERIA: CK_ULONG = 2; +pub const CKV_TYPE_UNSPECIFIED: CK_ULONG = 0; +pub const CKV_TYPE_SOFTWARE: CK_ULONG = 1; +pub const CKV_TYPE_HARDWARE: CK_ULONG = 2; +pub const CKV_TYPE_FIRMWARE: CK_ULONG = 3; +pub const CKV_TYPE_HYBRID: CK_ULONG = 4; pub const CKZ_DATA_SPECIFIED: CK_RSA_PKCS_OAEP_SOURCE_TYPE = 1; pub const CKZ_SALT_SPECIFIED: CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE = 1; pub type CK_BBOOL = ::std::os::raw::c_uchar; diff --git a/cryptoki-sys/src/bindings/x86_64-apple-darwin.rs b/cryptoki-sys/src/bindings/x86_64-apple-darwin.rs index f508810d..c10d7fa1 100644 --- a/cryptoki-sys/src/bindings/x86_64-apple-darwin.rs +++ b/cryptoki-sys/src/bindings/x86_64-apple-darwin.rs @@ -1039,14 +1039,14 @@ pub const CKT_TRUST_MUST_VERIFY_TRUST: u32 = 4; pub const CKU_SO: CK_USER_TYPE = 0; pub const CKU_USER: CK_USER_TYPE = 1; pub const CKU_CONTEXT_SPECIFIC: CK_USER_TYPE = 2; -pub const CKV_AUTHORITY_TYPE_UNSPECIFIED: u32 = 0; -pub const CKV_AUTHORITY_TYPE_NIST_CMVP: u32 = 1; -pub const CKV_AUTHORITY_TYPE_COMMON_CRITERIA: u32 = 2; -pub const CKV_TYPE_UNSPECIFIED: u32 = 0; -pub const CKV_TYPE_SOFTWARE: u32 = 1; -pub const CKV_TYPE_HARDWARE: u32 = 2; -pub const CKV_TYPE_FIRMWARE: u32 = 3; -pub const CKV_TYPE_HYBRID: u32 = 4; +pub const CKV_AUTHORITY_TYPE_UNSPECIFIED: CK_ULONG = 0; +pub const CKV_AUTHORITY_TYPE_NIST_CMVP: CK_ULONG = 1; +pub const CKV_AUTHORITY_TYPE_COMMON_CRITERIA: CK_ULONG = 2; +pub const CKV_TYPE_UNSPECIFIED: CK_ULONG = 0; +pub const CKV_TYPE_SOFTWARE: CK_ULONG = 1; +pub const CKV_TYPE_HARDWARE: CK_ULONG = 2; +pub const CKV_TYPE_FIRMWARE: CK_ULONG = 3; +pub const CKV_TYPE_HYBRID: CK_ULONG = 4; pub const CKZ_DATA_SPECIFIED: CK_RSA_PKCS_OAEP_SOURCE_TYPE = 1; pub const CKZ_SALT_SPECIFIED: CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE = 1; pub type CK_BBOOL = ::std::os::raw::c_uchar; diff --git a/cryptoki-sys/src/bindings/x86_64-pc-windows-msvc.rs b/cryptoki-sys/src/bindings/x86_64-pc-windows-msvc.rs index 0b338900..dc8ceb7b 100644 --- a/cryptoki-sys/src/bindings/x86_64-pc-windows-msvc.rs +++ b/cryptoki-sys/src/bindings/x86_64-pc-windows-msvc.rs @@ -1039,14 +1039,14 @@ pub const CKT_TRUST_MUST_VERIFY_TRUST: u32 = 4; pub const CKU_SO: CK_USER_TYPE = 0; pub const CKU_USER: CK_USER_TYPE = 1; pub const CKU_CONTEXT_SPECIFIC: CK_USER_TYPE = 2; -pub const CKV_AUTHORITY_TYPE_UNSPECIFIED: u32 = 0; -pub const CKV_AUTHORITY_TYPE_NIST_CMVP: u32 = 1; -pub const CKV_AUTHORITY_TYPE_COMMON_CRITERIA: u32 = 2; -pub const CKV_TYPE_UNSPECIFIED: u32 = 0; -pub const CKV_TYPE_SOFTWARE: u32 = 1; -pub const CKV_TYPE_HARDWARE: u32 = 2; -pub const CKV_TYPE_FIRMWARE: u32 = 3; -pub const CKV_TYPE_HYBRID: u32 = 4; +pub const CKV_AUTHORITY_TYPE_UNSPECIFIED: CK_ULONG = 0; +pub const CKV_AUTHORITY_TYPE_NIST_CMVP: CK_ULONG = 1; +pub const CKV_AUTHORITY_TYPE_COMMON_CRITERIA: CK_ULONG = 2; +pub const CKV_TYPE_UNSPECIFIED: CK_ULONG = 0; +pub const CKV_TYPE_SOFTWARE: CK_ULONG = 1; +pub const CKV_TYPE_HARDWARE: CK_ULONG = 2; +pub const CKV_TYPE_FIRMWARE: CK_ULONG = 3; +pub const CKV_TYPE_HYBRID: CK_ULONG = 4; pub const CKZ_DATA_SPECIFIED: CK_RSA_PKCS_OAEP_SOURCE_TYPE = 1; pub const CKZ_SALT_SPECIFIED: CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE = 1; pub type CK_BBOOL = ::std::os::raw::c_uchar; diff --git a/cryptoki-sys/src/bindings/x86_64-unknown-freebsd.rs b/cryptoki-sys/src/bindings/x86_64-unknown-freebsd.rs index f508810d..c10d7fa1 100644 --- a/cryptoki-sys/src/bindings/x86_64-unknown-freebsd.rs +++ b/cryptoki-sys/src/bindings/x86_64-unknown-freebsd.rs @@ -1039,14 +1039,14 @@ pub const CKT_TRUST_MUST_VERIFY_TRUST: u32 = 4; pub const CKU_SO: CK_USER_TYPE = 0; pub const CKU_USER: CK_USER_TYPE = 1; pub const CKU_CONTEXT_SPECIFIC: CK_USER_TYPE = 2; -pub const CKV_AUTHORITY_TYPE_UNSPECIFIED: u32 = 0; -pub const CKV_AUTHORITY_TYPE_NIST_CMVP: u32 = 1; -pub const CKV_AUTHORITY_TYPE_COMMON_CRITERIA: u32 = 2; -pub const CKV_TYPE_UNSPECIFIED: u32 = 0; -pub const CKV_TYPE_SOFTWARE: u32 = 1; -pub const CKV_TYPE_HARDWARE: u32 = 2; -pub const CKV_TYPE_FIRMWARE: u32 = 3; -pub const CKV_TYPE_HYBRID: u32 = 4; +pub const CKV_AUTHORITY_TYPE_UNSPECIFIED: CK_ULONG = 0; +pub const CKV_AUTHORITY_TYPE_NIST_CMVP: CK_ULONG = 1; +pub const CKV_AUTHORITY_TYPE_COMMON_CRITERIA: CK_ULONG = 2; +pub const CKV_TYPE_UNSPECIFIED: CK_ULONG = 0; +pub const CKV_TYPE_SOFTWARE: CK_ULONG = 1; +pub const CKV_TYPE_HARDWARE: CK_ULONG = 2; +pub const CKV_TYPE_FIRMWARE: CK_ULONG = 3; +pub const CKV_TYPE_HYBRID: CK_ULONG = 4; pub const CKZ_DATA_SPECIFIED: CK_RSA_PKCS_OAEP_SOURCE_TYPE = 1; pub const CKZ_SALT_SPECIFIED: CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE = 1; pub type CK_BBOOL = ::std::os::raw::c_uchar; diff --git a/cryptoki-sys/src/bindings/x86_64-unknown-linux-gnu.rs b/cryptoki-sys/src/bindings/x86_64-unknown-linux-gnu.rs index f508810d..c10d7fa1 100644 --- a/cryptoki-sys/src/bindings/x86_64-unknown-linux-gnu.rs +++ b/cryptoki-sys/src/bindings/x86_64-unknown-linux-gnu.rs @@ -1039,14 +1039,14 @@ pub const CKT_TRUST_MUST_VERIFY_TRUST: u32 = 4; pub const CKU_SO: CK_USER_TYPE = 0; pub const CKU_USER: CK_USER_TYPE = 1; pub const CKU_CONTEXT_SPECIFIC: CK_USER_TYPE = 2; -pub const CKV_AUTHORITY_TYPE_UNSPECIFIED: u32 = 0; -pub const CKV_AUTHORITY_TYPE_NIST_CMVP: u32 = 1; -pub const CKV_AUTHORITY_TYPE_COMMON_CRITERIA: u32 = 2; -pub const CKV_TYPE_UNSPECIFIED: u32 = 0; -pub const CKV_TYPE_SOFTWARE: u32 = 1; -pub const CKV_TYPE_HARDWARE: u32 = 2; -pub const CKV_TYPE_FIRMWARE: u32 = 3; -pub const CKV_TYPE_HYBRID: u32 = 4; +pub const CKV_AUTHORITY_TYPE_UNSPECIFIED: CK_ULONG = 0; +pub const CKV_AUTHORITY_TYPE_NIST_CMVP: CK_ULONG = 1; +pub const CKV_AUTHORITY_TYPE_COMMON_CRITERIA: CK_ULONG = 2; +pub const CKV_TYPE_UNSPECIFIED: CK_ULONG = 0; +pub const CKV_TYPE_SOFTWARE: CK_ULONG = 1; +pub const CKV_TYPE_HARDWARE: CK_ULONG = 2; +pub const CKV_TYPE_FIRMWARE: CK_ULONG = 3; +pub const CKV_TYPE_HYBRID: CK_ULONG = 4; pub const CKZ_DATA_SPECIFIED: CK_RSA_PKCS_OAEP_SOURCE_TYPE = 1; pub const CKZ_SALT_SPECIFIED: CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE = 1; pub type CK_BBOOL = ::std::os::raw::c_uchar; diff --git a/cryptoki/src/object.rs b/cryptoki/src/object.rs index 7680da3c..9aeaa384 100644 --- a/cryptoki/src/object.rs +++ b/cryptoki/src/object.rs @@ -4,7 +4,7 @@ use crate::error::{Error, Result}; use crate::mechanism::MechanismType; -use crate::types::{Date, Ulong}; +use crate::types::{Date, Ulong, Version}; use cryptoki_sys::*; use log::error; use std::convert::TryFrom; @@ -92,8 +92,12 @@ pub enum AttributeType { NeverExtractable, /// Object ID ObjectId, + /// Object Validation flags + ObjectValidationFlags, /// DER encoding of the attribute certificate's subject field Owner, + /// Algorithm-specific parameter set + ParameterSet, /// Prime number value of a key Prime, /// The prime `p` of an RSA private key @@ -108,6 +112,10 @@ pub enum AttributeType { PublicExponent, /// DER-encoding of the SubjectPublicKeyInfo PublicKeyInfo, + /// Profile ID + ProfileId, + /// Seed to derive private key + Seed, /// Determines if the key is sensitive Sensitive, /// DER encoding of the certificate serial number @@ -130,6 +138,30 @@ pub enum AttributeType { Unwrap, /// Gives the URL where the complete certificate can be obtained Url, + /// Identifier indicating the validation type + ValidationType, + /// Version of the validation standard or specification + ValidationVersion, + /// Validation level, Meaning is Validation type specific + ValidationLevel, + /// How the module is identified in the validation documentation + ValidationModuleId, + /// Flags identifying this validation in sessions and objects + ValidationFlag, + /// Identifies the authority that issues the validation + ValidationAuthorityType, + /// 2 letter ISO country code + ValidationCountry, + /// Identifier of the validation certificate + ValidationCertificateIdentifier, + /// Validation authority URI from which information related to the validation is available. + /// If the Validation Certificate URI is not provided, the validation object SHOULD include + /// a Validation Vendor URI. + ValidationCertificateUri, + /// Validation Vendor URI from which information related to the validation is available. + ValidationVendorUri, + /// Profile used for validation + ValidationProfile, /// Value of the object Value, /// Length in bytes of the value @@ -144,10 +176,6 @@ pub enum AttributeType { Wrap, /// Indicates that the key can only be wrapped with a wrapping key that has the Trusted attribute WrapWithTrusted, - /// Seed to derive private key - Seed, - /// Algorithm-specific parameter set - ParameterSet, } impl AttributeType { @@ -269,6 +297,25 @@ impl AttributeType { CKA_UNIQUE_ID => String::from(stringify!(CKA_UNIQUE_ID)), CKA_SEED => String::from(stringify!(CKA_SEED)), CKA_PARAMETER_SET => String::from(stringify!(CKA_PARAMETER_SET)), + CKA_PROFILE_ID => String::from(stringify!(CKA_PROFILE_ID)), + CKA_OBJECT_VALIDATION_FLAGS => String::from(stringify!(CKA_OBJECT_VALIDATION_FLAGS)), + CKA_VALIDATION_TYPE => String::from(stringify!(CKA_VALIDATION_TYPE)), + CKA_VALIDATION_VERSION => String::from(stringify!(CKA_VALIDATION_VERSION)), + CKA_VALIDATION_LEVEL => String::from(stringify!(CKA_VALIDATION_LEVEL)), + CKA_VALIDATION_MODULE_ID => String::from(stringify!(CKA_VALIDATION_MODULE_ID)), + CKA_VALIDATION_FLAG => String::from(stringify!(CKA_VALIDATION_FLAG)), + CKA_VALIDATION_AUTHORITY_TYPE => { + String::from(stringify!(CKA_VALIDATION_AUTHORITY_TYPE)) + } + CKA_VALIDATION_COUNTRY => String::from(stringify!(CKA_VALIDATION_COUNTRY)), + CKA_VALIDATION_CERTIFICATE_IDENTIFIER => { + String::from(stringify!(CKA_VALIDATION_CERTIFICATE_IDENTIFIER)) + } + CKA_VALIDATION_CERTIFICATE_URI => { + String::from(stringify!(CKA_VALIDATION_CERTIFICATE_URI)) + } + CKA_VALIDATION_VENDOR_URI => String::from(stringify!(CKA_VALIDATION_VENDOR_URI)), + CKA_VALIDATION_PROFILE => String::from(stringify!(CKA_VALIDATION_PROFILE)), CKA_VENDOR_DEFINED..=CK_ULONG::MAX => { format!("{}_{}", stringify!(CKA_VENDOR_DEFINED), val) } @@ -323,6 +370,7 @@ impl From for CK_ATTRIBUTE_TYPE { AttributeType::Modulus => CKA_MODULUS, AttributeType::ModulusBits => CKA_MODULUS_BITS, AttributeType::NeverExtractable => CKA_NEVER_EXTRACTABLE, + AttributeType::ObjectValidationFlags => CKA_OBJECT_VALIDATION_FLAGS, AttributeType::ObjectId => CKA_OBJECT_ID, AttributeType::Owner => CKA_OWNER, AttributeType::ParameterSet => CKA_PARAMETER_SET, @@ -331,6 +379,7 @@ impl From for CK_ATTRIBUTE_TYPE { AttributeType::Prime2 => CKA_PRIME_2, AttributeType::Private => CKA_PRIVATE, AttributeType::PrivateExponent => CKA_PRIVATE_EXPONENT, + AttributeType::ProfileId => CKA_PROFILE_ID, AttributeType::PublicExponent => CKA_PUBLIC_EXPONENT, AttributeType::PublicKeyInfo => CKA_PUBLIC_KEY_INFO, AttributeType::Seed => CKA_SEED, @@ -345,6 +394,17 @@ impl From for CK_ATTRIBUTE_TYPE { AttributeType::UniqueId => CKA_UNIQUE_ID, AttributeType::Unwrap => CKA_UNWRAP, AttributeType::Url => CKA_URL, + AttributeType::ValidationType => CKA_VALIDATION_TYPE, + AttributeType::ValidationVersion => CKA_VALIDATION_VERSION, + AttributeType::ValidationLevel => CKA_VALIDATION_LEVEL, + AttributeType::ValidationModuleId => CKA_VALIDATION_MODULE_ID, + AttributeType::ValidationFlag => CKA_VALIDATION_FLAG, + AttributeType::ValidationAuthorityType => CKA_VALIDATION_AUTHORITY_TYPE, + AttributeType::ValidationCountry => CKA_VALIDATION_COUNTRY, + AttributeType::ValidationCertificateIdentifier => CKA_VALIDATION_CERTIFICATE_IDENTIFIER, + AttributeType::ValidationCertificateUri => CKA_VALIDATION_CERTIFICATE_URI, + AttributeType::ValidationVendorUri => CKA_VALIDATION_VENDOR_URI, + AttributeType::ValidationProfile => CKA_VALIDATION_PROFILE, AttributeType::Value => CKA_VALUE, AttributeType::ValueLen => CKA_VALUE_LEN, AttributeType::VendorDefined(val) => val, @@ -397,6 +457,7 @@ impl TryFrom for AttributeType { CKA_MODULUS => Ok(AttributeType::Modulus), CKA_MODULUS_BITS => Ok(AttributeType::ModulusBits), CKA_NEVER_EXTRACTABLE => Ok(AttributeType::NeverExtractable), + CKA_OBJECT_VALIDATION_FLAGS => Ok(AttributeType::ObjectValidationFlags), CKA_OBJECT_ID => Ok(AttributeType::ObjectId), CKA_OWNER => Ok(AttributeType::Owner), CKA_PARAMETER_SET => Ok(AttributeType::ParameterSet), @@ -405,6 +466,7 @@ impl TryFrom for AttributeType { CKA_PRIME_2 => Ok(AttributeType::Prime2), CKA_PRIVATE => Ok(AttributeType::Private), CKA_PRIVATE_EXPONENT => Ok(AttributeType::PrivateExponent), + CKA_PROFILE_ID => Ok(AttributeType::ProfileId), CKA_PUBLIC_EXPONENT => Ok(AttributeType::PublicExponent), CKA_PUBLIC_KEY_INFO => Ok(AttributeType::PublicKeyInfo), CKA_SEED => Ok(AttributeType::Seed), @@ -419,6 +481,18 @@ impl TryFrom for AttributeType { CKA_UNIQUE_ID => Ok(AttributeType::UniqueId), CKA_UNWRAP => Ok(AttributeType::Unwrap), CKA_URL => Ok(AttributeType::Url), + CKA_VALIDATION_TYPE => Ok(AttributeType::ValidationType), + CKA_VALIDATION_VERSION => Ok(AttributeType::ValidationVersion), + CKA_VALIDATION_LEVEL => Ok(AttributeType::ValidationLevel), + CKA_VALIDATION_MODULE_ID => Ok(AttributeType::ValidationModuleId), + CKA_VALIDATION_FLAG => Ok(AttributeType::ValidationFlag), + CKA_VALIDATION_AUTHORITY_TYPE => Ok(AttributeType::ValidationAuthorityType), + CKA_VALIDATION_COUNTRY => Ok(AttributeType::ValidationCountry), + CKA_VALIDATION_CERTIFICATE_IDENTIFIER => { + Ok(AttributeType::ValidationCertificateIdentifier) + } + CKA_VALIDATION_CERTIFICATE_URI => Ok(AttributeType::ValidationCertificateUri), + CKA_VALIDATION_PROFILE => Ok(AttributeType::ValidationProfile), CKA_VALUE => Ok(AttributeType::Value), CKA_VALUE_LEN => Ok(AttributeType::ValueLen), CKA_VERIFY => Ok(AttributeType::Verify), @@ -510,6 +584,8 @@ pub enum Attribute { ModulusBits(Ulong), /// Indicates if the key has never had the Extractable attribute set to true NeverExtractable(bool), + /// Object Validation Flags + ObjectValidationFlags(Ulong), /// Object ID ObjectId(Vec), /// DER encoding of the attribute certificate's subject field @@ -526,6 +602,8 @@ pub enum Attribute { Private(bool), /// The private exponent `d` PrivateExponent(Vec), + /// The Profile ID + ProfileId(ProfileIdType), /// Public exponent value of a key PublicExponent(Vec), /// DER-encoding of the SubjectPublicKeyInfo @@ -554,6 +632,29 @@ pub enum Attribute { Unwrap(bool), /// Gives the URL where the complete certificate can ber obtained Url(Vec), + /// Identifier indicating the validation type + ValidationType(ValidationType), + /// Version of the validation standard or specification + ValidationVersion(Version), + /// Validation level, Meaning is Validation type specific + ValidationLevel(Ulong), + /// How the module is identified in the validation documentation + ValidationModuleId(Vec), + /// Flags identifying this validation in sessions and objects + ValidationFlag(Ulong), + /// Identifies the authority that issues the validation + ValidationAuthorityType(ValidationAuthorityType), + /// 2 letter ISO country code + ValidationCountry(Vec), + /// Identifier of the validation certificate + ValidationCertificateIdentifier(Vec), + /// Validation authority URI from which information related to the validation is available. If the Validation + /// Certificate URI is not provided, the validation object SHOULD include a Validation Vendor URI. + ValidationCertificateUri(Vec), + /// Validation Vendor URI from which information related to the validation is available. + ValidationVendorUri(Vec), + /// Profile used for validation + ValidationProfile(Vec), /// Value of the object Value(Vec), /// Length in bytes of the value @@ -610,6 +711,7 @@ impl Attribute { Attribute::Modulus(_) => AttributeType::Modulus, Attribute::ModulusBits(_) => AttributeType::ModulusBits, Attribute::NeverExtractable(_) => AttributeType::NeverExtractable, + Attribute::ObjectValidationFlags(_) => AttributeType::ObjectValidationFlags, Attribute::ObjectId(_) => AttributeType::ObjectId, Attribute::Owner(_) => AttributeType::Owner, Attribute::ParameterSet(_) => AttributeType::ParameterSet, @@ -618,6 +720,7 @@ impl Attribute { Attribute::Prime2(_) => AttributeType::Prime2, Attribute::Private(_) => AttributeType::Private, Attribute::PrivateExponent(_) => AttributeType::PrivateExponent, + Attribute::ProfileId(_) => AttributeType::ProfileId, Attribute::PublicExponent(_) => AttributeType::PublicExponent, Attribute::PublicKeyInfo(_) => AttributeType::PublicKeyInfo, Attribute::Seed(_) => AttributeType::Seed, @@ -632,6 +735,19 @@ impl Attribute { Attribute::UniqueId(_) => AttributeType::UniqueId, Attribute::Unwrap(_) => AttributeType::Unwrap, Attribute::Url(_) => AttributeType::Url, + Attribute::ValidationType(_) => AttributeType::ValidationType, + Attribute::ValidationVersion(_) => AttributeType::ValidationVersion, + Attribute::ValidationLevel(_) => AttributeType::ValidationLevel, + Attribute::ValidationModuleId(_) => AttributeType::ValidationModuleId, + Attribute::ValidationFlag(_) => AttributeType::ValidationFlag, + Attribute::ValidationAuthorityType(_) => AttributeType::ValidationAuthorityType, + Attribute::ValidationCountry(_) => AttributeType::ValidationCountry, + Attribute::ValidationCertificateIdentifier(_) => { + AttributeType::ValidationCertificateIdentifier + } + Attribute::ValidationCertificateUri(_) => AttributeType::ValidationCertificateUri, + Attribute::ValidationVendorUri(_) => AttributeType::ValidationVendorUri, + Attribute::ValidationProfile(_) => AttributeType::ValidationProfile, Attribute::Value(_) => AttributeType::Value, Attribute::ValueLen(_) => AttributeType::ValueLen, Attribute::VendorDefined((num, _)) => *num, @@ -670,9 +786,15 @@ impl Attribute { | Attribute::Wrap(_) | Attribute::WrapWithTrusted(_) => size_of::(), Attribute::Base(_) => 1, - Attribute::Application(bytes) | Attribute::Label(bytes) | Attribute::Url(bytes) => { - size_of::() * bytes.len() - } + Attribute::Application(bytes) + | Attribute::Label(bytes) + | Attribute::Url(bytes) + | Attribute::ValidationModuleId(bytes) + | Attribute::ValidationCountry(bytes) + | Attribute::ValidationCertificateIdentifier(bytes) + | Attribute::ValidationCertificateUri(bytes) + | Attribute::ValidationVendorUri(bytes) + | Attribute::ValidationProfile(bytes) => size_of::() * bytes.len(), Attribute::AcIssuer(bytes) => bytes.len(), Attribute::AttrTypes(bytes) => bytes.len(), Attribute::CertificateType(_) => size_of::(), @@ -691,6 +813,7 @@ impl Attribute { Attribute::KeyType(_) => size_of::(), Attribute::Modulus(bytes) => bytes.len(), Attribute::ModulusBits(_) => size_of::(), + Attribute::ObjectValidationFlags(_) => size_of::(), Attribute::ObjectId(bytes) => bytes.len(), Attribute::Owner(bytes) => bytes.len(), Attribute::ParameterSet(_) => size_of::(), @@ -698,12 +821,18 @@ impl Attribute { Attribute::Prime1(bytes) => bytes.len(), Attribute::Prime2(bytes) => bytes.len(), Attribute::PrivateExponent(bytes) => bytes.len(), + Attribute::ProfileId(_) => size_of::(), Attribute::PublicExponent(bytes) => bytes.len(), Attribute::PublicKeyInfo(bytes) => bytes.len(), Attribute::Seed(bytes) => bytes.len(), Attribute::SerialNumber(bytes) => bytes.len(), Attribute::Subject(bytes) => bytes.len(), Attribute::UniqueId(bytes) => bytes.len(), + Attribute::ValidationFlag(_) => size_of::(), + Attribute::ValidationType(_) => size_of::(), + Attribute::ValidationVersion(_) => size_of::(), + Attribute::ValidationLevel(_) => size_of::(), + Attribute::ValidationAuthorityType(_) => size_of::(), Attribute::Value(bytes) => bytes.len(), Attribute::ValueLen(_) => size_of::(), Attribute::EndDate(_) | Attribute::StartDate(_) => size_of::(), @@ -755,9 +884,10 @@ impl Attribute { | Attribute::Wrap(b) | Attribute::WrapWithTrusted(b) => b as *const _ as *mut c_void, // CK_ULONG - Attribute::ModulusBits(val) | Attribute::ValueLen(val) => { - val as *const _ as *mut c_void - } + Attribute::ModulusBits(val) + | Attribute::ValueLen(val) + | Attribute::ObjectValidationFlags(val) + | Attribute::ValidationLevel(val) => val as *const _ as *mut c_void, // Vec Attribute::AcIssuer(bytes) | Attribute::Application(bytes) @@ -788,16 +918,31 @@ impl Attribute { | Attribute::UniqueId(bytes) | Attribute::Url(bytes) | Attribute::Value(bytes) + | Attribute::ValidationModuleId(bytes) + | Attribute::ValidationCountry(bytes) + | Attribute::ValidationCertificateIdentifier(bytes) + | Attribute::ValidationCertificateUri(bytes) + | Attribute::ValidationVendorUri(bytes) + | Attribute::ValidationProfile(bytes) | Attribute::VendorDefined((_, bytes)) | Attribute::Id(bytes) => bytes.as_ptr() as *mut c_void, // Unique types Attribute::ParameterSet(val) => val as *const _ as *mut c_void, + Attribute::ProfileId(val) => val as *const _ as *mut c_void, Attribute::CertificateType(certificate_type) => { certificate_type as *const _ as *mut c_void } Attribute::Class(object_class) => object_class as *const _ as *mut c_void, Attribute::KeyGenMechanism(mech) => mech as *const _ as *mut c_void, Attribute::KeyType(key_type) => key_type as *const _ as *mut c_void, + Attribute::ValidationFlag(flag) => flag as *const _ as *mut c_void, + Attribute::ValidationType(validation_type) => { + validation_type as *const _ as *mut c_void + } + Attribute::ValidationVersion(version) => version as *const _ as *mut c_void, + Attribute::ValidationAuthorityType(authority_type) => { + authority_type as *const _ as *mut c_void + } Attribute::AllowedMechanisms(mechanisms) => mechanisms.as_ptr() as *mut c_void, Attribute::EndDate(date) | Attribute::StartDate(date) => { date as *const _ as *mut c_void @@ -886,6 +1031,15 @@ impl TryFrom for Attribute { AttributeType::ValueLen => Ok(Attribute::ValueLen( CK_ULONG::from_ne_bytes(val.try_into()?).into(), )), + AttributeType::ObjectValidationFlags => Ok(Attribute::ObjectValidationFlags( + CK_ULONG::from_ne_bytes(val.try_into()?).into(), + )), + AttributeType::ValidationLevel => Ok(Attribute::ValidationLevel( + CK_ULONG::from_ne_bytes(val.try_into()?).into(), + )), + AttributeType::ValidationFlag => Ok(Attribute::ValidationFlag( + CK_ULONG::from_ne_bytes(val.try_into()?).into(), + )), // Vec AttributeType::AcIssuer => Ok(Attribute::AcIssuer(val.to_vec())), AttributeType::Application => Ok(Attribute::Application(val.to_vec())), @@ -919,9 +1073,22 @@ impl TryFrom for Attribute { AttributeType::Subject => Ok(Attribute::Subject(val.to_vec())), AttributeType::UniqueId => Ok(Attribute::UniqueId(val.to_vec())), AttributeType::Url => Ok(Attribute::Url(val.to_vec())), + AttributeType::ValidationModuleId => Ok(Attribute::ValidationModuleId(val.to_vec())), + AttributeType::ValidationCountry => Ok(Attribute::ValidationCountry(val.to_vec())), + AttributeType::ValidationCertificateIdentifier => { + Ok(Attribute::ValidationCertificateIdentifier(val.to_vec())) + } + AttributeType::ValidationCertificateUri => { + Ok(Attribute::ValidationCertificateUri(val.to_vec())) + } + AttributeType::ValidationVendorUri => Ok(Attribute::ValidationVendorUri(val.to_vec())), + AttributeType::ValidationProfile => Ok(Attribute::ValidationProfile(val.to_vec())), AttributeType::Value => Ok(Attribute::Value(val.to_vec())), AttributeType::Id => Ok(Attribute::Id(val.to_vec())), // Unique types + AttributeType::ProfileId => Ok(Attribute::ProfileId(ProfileIdType { + val: CK_ULONG::from_ne_bytes(val.try_into()?), + })), AttributeType::ParameterSet => Ok(Attribute::ParameterSet(ParameterSetType { val: CK_ULONG::from_ne_bytes(val.try_into()?).into(), })), @@ -937,6 +1104,15 @@ impl TryFrom for Attribute { AttributeType::KeyType => Ok(Attribute::KeyType( CK_KEY_TYPE::from_ne_bytes(val.try_into()?).try_into()?, )), + AttributeType::ValidationType => Ok(Attribute::ValidationType( + CK_VALIDATION_TYPE::from_ne_bytes(val.try_into()?).try_into()?, + )), + AttributeType::ValidationAuthorityType => Ok(Attribute::ValidationAuthorityType( + CK_VALIDATION_AUTHORITY_TYPE::from_ne_bytes(val.try_into()?).try_into()?, + )), + AttributeType::ValidationVersion => { + Ok(Attribute::ValidationVersion(Version::new(val[0], val[1]))) + } AttributeType::AllowedMechanisms => { let val = unsafe { std::slice::from_raw_parts( @@ -1278,6 +1454,12 @@ impl ObjectClass { pub const MECHANISM: ObjectClass = ObjectClass { val: CKO_MECHANISM }; /// An OTP key object pub const OTP_KEY: ObjectClass = ObjectClass { val: CKO_OTP_KEY }; + /// Profile object + pub const PROFILE: ObjectClass = ObjectClass { val: CKO_PROFILE }; + /// Validation object + pub const VALIDATION: ObjectClass = ObjectClass { + val: CKO_VALIDATION, + }; pub(crate) fn stringify(class: CK_OBJECT_CLASS) -> String { match class { @@ -1290,6 +1472,8 @@ impl ObjectClass { CKO_DOMAIN_PARAMETERS => String::from(stringify!(CKO_DOMAIN_PARAMETERS)), CKO_MECHANISM => String::from(stringify!(CKO_MECHANISM)), CKO_OTP_KEY => String::from(stringify!(CKO_OTP_KEY)), + CKO_PROFILE => String::from(stringify!(CKO_PROFILE)), + CKO_VALIDATION => String::from(stringify!(CKO_VALIDATION)), _ => format!("unknown ({class:08x})"), } } @@ -1329,6 +1513,8 @@ impl TryFrom for ObjectClass { CKO_DOMAIN_PARAMETERS => Ok(ObjectClass::DOMAIN_PARAMETERS), CKO_MECHANISM => Ok(ObjectClass::MECHANISM), CKO_OTP_KEY => Ok(ObjectClass::OTP_KEY), + CKO_PROFILE => Ok(ObjectClass::PROFILE), + CKO_VALIDATION => Ok(ObjectClass::VALIDATION), _ => { error!("Object class {} is not supported.", object_class); @@ -1708,3 +1894,251 @@ impl TryFrom for CertificateType { } } } + +#[derive(Debug, Copy, Clone, PartialEq, Eq)] +#[repr(transparent)] +/// The PKCS#11 Profile ID +/// +/// The profiles and their meaning is defined in the following document: +/// +/// +pub struct ProfileIdType { + val: CK_PROFILE_ID, +} + +impl ProfileIdType { + /// Baseline Provider + pub const BASELINE_PROFIDER: ProfileIdType = ProfileIdType { + val: CKP_BASELINE_PROVIDER, + }; + /// Extended Provider + pub const EXTENDED_PROFIDER: ProfileIdType = ProfileIdType { + val: CKP_EXTENDED_PROVIDER, + }; + /// Authentication Token Provider or Consumer + pub const AUTHENTICATION_TOKEN: ProfileIdType = ProfileIdType { + val: CKP_AUTHENTICATION_TOKEN, + }; + /// Public Certificates Token Provider or Consumer + pub const PUBLIC_CERTIFICATES_TOKEN: ProfileIdType = ProfileIdType { + val: CKP_PUBLIC_CERTIFICATES_TOKEN, + }; + /// Complete Provider + pub const COMPLETE_PROVIDER: ProfileIdType = ProfileIdType { + val: CKP_COMPLETE_PROVIDER, + }; + /// HKDF TLS Token + pub const HKDF_TLS_TOKEN: ProfileIdType = ProfileIdType { + val: CKP_HKDF_TLS_TOKEN, + }; + + pub(crate) fn stringify(profile_id: CK_PROFILE_ID) -> String { + match profile_id { + CKP_BASELINE_PROVIDER => String::from(stringify!(CKP_BASELINE_PROVIDER)), + CKP_EXTENDED_PROVIDER => String::from(stringify!(CKP_EXTENDED_PROVIDER)), + CKP_AUTHENTICATION_TOKEN => String::from(stringify!(CKP_AUTHENTICATION_TOKEN)), + CKP_PUBLIC_CERTIFICATES_TOKEN => { + String::from(stringify!(CKP_PUBLIC_CERTIFICATES_TOKEN)) + } + CKP_COMPLETE_PROVIDER => String::from(stringify!(CKP_COMPLETE_PROVIDER)), + CKP_HKDF_TLS_TOKEN => String::from(stringify!(CKP_HKDF_TLS_TOKEN)), + _ => format!("unknown ({profile_id:08x})"), + } + } +} + +impl std::fmt::Display for ProfileIdType { + fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { + write!(f, "{}", ProfileIdType::stringify(self.val)) + } +} + +impl Deref for ProfileIdType { + type Target = CK_PROFILE_ID; + + fn deref(&self) -> &Self::Target { + &self.val + } +} + +impl From for CK_PROFILE_ID { + fn from(profile_id: ProfileIdType) -> Self { + *profile_id + } +} + +impl TryFrom for ProfileIdType { + type Error = Error; + + fn try_from(profile_id: CK_PROFILE_ID) -> Result { + match profile_id { + CKP_BASELINE_PROVIDER => Ok(ProfileIdType::BASELINE_PROFIDER), + CKP_EXTENDED_PROVIDER => Ok(ProfileIdType::EXTENDED_PROFIDER), + CKP_AUTHENTICATION_TOKEN => Ok(ProfileIdType::AUTHENTICATION_TOKEN), + CKP_PUBLIC_CERTIFICATES_TOKEN => Ok(ProfileIdType::PUBLIC_CERTIFICATES_TOKEN), + CKP_COMPLETE_PROVIDER => Ok(ProfileIdType::COMPLETE_PROVIDER), + CKP_HKDF_TLS_TOKEN => Ok(ProfileIdType::HKDF_TLS_TOKEN), + _ => { + error!("Profile Id {} is not supported.", profile_id); + Err(Error::NotSupported) + } + } + } +} + +#[derive(Debug, Copy, Clone, PartialEq, Eq)] +#[repr(transparent)] +/// The PKCS#11 3.2 Validation Type +/// +/// identifies the type of validation +pub struct ValidationType { + val: CK_VALIDATION_TYPE, +} + +impl ValidationType { + /// Unspecified validation type + pub const UNSPECIFIED: ValidationType = ValidationType { + val: CKV_TYPE_UNSPECIFIED, + }; + /// Software validation type + pub const SOFTWARE: ValidationType = ValidationType { + val: CKV_TYPE_SOFTWARE, + }; + /// Hardware validation type + pub const HARDWARE: ValidationType = ValidationType { + val: CKV_TYPE_HARDWARE, + }; + /// Firmware validation type + pub const FIRMWARE: ValidationType = ValidationType { + val: CKV_TYPE_FIRMWARE, + }; + /// Hybrid validation type + pub const HYBRID: ValidationType = ValidationType { + val: CKV_TYPE_HYBRID, + }; + + pub(crate) fn stringify(validation_type: CK_VALIDATION_TYPE) -> String { + match validation_type { + CKV_TYPE_UNSPECIFIED => String::from(stringify!(CKV_TYPE_UNSPECIFIED)), + CKV_TYPE_SOFTWARE => String::from(stringify!(CKV_TYPE_SOFTWARE)), + CKV_TYPE_HARDWARE => String::from(stringify!(CKV_TYPE_HARDWARE)), + CKV_TYPE_FIRMWARE => String::from(stringify!(CKV_TYPE_FIRMWARE)), + CKV_TYPE_HYBRID => String::from(stringify!(CKV_TYPE_HYBRID)), + _ => format!("unknown ({validation_type:08x})"), + } + } +} + +impl std::fmt::Display for ValidationType { + fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { + write!(f, "{}", ValidationType::stringify(self.val)) + } +} + +impl Deref for ValidationType { + type Target = CK_VALIDATION_TYPE; + + fn deref(&self) -> &Self::Target { + &self.val + } +} + +impl From for CK_VALIDATION_TYPE { + fn from(validation_type: ValidationType) -> Self { + *validation_type + } +} + +impl TryFrom for ValidationType { + type Error = Error; + + fn try_from(validation_type: CK_VALIDATION_TYPE) -> Result { + match validation_type { + CKV_TYPE_UNSPECIFIED => Ok(ValidationType::UNSPECIFIED), + CKV_TYPE_SOFTWARE => Ok(ValidationType::SOFTWARE), + CKV_TYPE_HARDWARE => Ok(ValidationType::HARDWARE), + CKV_TYPE_FIRMWARE => Ok(ValidationType::FIRMWARE), + CKV_TYPE_HYBRID => Ok(ValidationType::HYBRID), + _ => { + error!("Validation type {} is not supported.", validation_type); + Err(Error::NotSupported) + } + } + } +} + +#[derive(Debug, Copy, Clone, PartialEq, Eq)] +#[repr(transparent)] +/// The PKCS#11 3.2 Validation Authority Type +/// +/// identifies the type of validation authority +pub struct ValidationAuthorityType { + val: CK_VALIDATION_AUTHORITY_TYPE, +} + +impl ValidationAuthorityType { + /// Unspecified validation authority type + pub const UNSPECIFIED: ValidationAuthorityType = ValidationAuthorityType { + val: CKV_AUTHORITY_TYPE_UNSPECIFIED, + }; + /// NIST CMVP validation authority type + pub const NIST_CMVP: ValidationAuthorityType = ValidationAuthorityType { + val: CKV_AUTHORITY_TYPE_NIST_CMVP, + }; + /// Common Criteria validation authority type + pub const COMMON_CRITERIA: ValidationAuthorityType = ValidationAuthorityType { + val: CKV_AUTHORITY_TYPE_COMMON_CRITERIA, + }; + + pub(crate) fn stringify(authority_type: CK_VALIDATION_AUTHORITY_TYPE) -> String { + match authority_type { + CKV_AUTHORITY_TYPE_UNSPECIFIED => { + String::from(stringify!(CKV_AUTHORITY_TYPE_UNSPECIFIED)) + } + CKV_AUTHORITY_TYPE_NIST_CMVP => String::from(stringify!(CKV_AUTHORITY_TYPE_NIST_CMVP)), + CKV_AUTHORITY_TYPE_COMMON_CRITERIA => { + String::from(stringify!(CKV_AUTHORITY_TYPE_COMMON_CRITERIA)) + } + _ => format!("unknown ({authority_type:08x})"), + } + } +} + +impl std::fmt::Display for ValidationAuthorityType { + fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { + write!(f, "{}", ValidationAuthorityType::stringify(self.val)) + } +} + +impl Deref for ValidationAuthorityType { + type Target = CK_VALIDATION_AUTHORITY_TYPE; + + fn deref(&self) -> &Self::Target { + &self.val + } +} + +impl From for CK_VALIDATION_AUTHORITY_TYPE { + fn from(validation_type: ValidationAuthorityType) -> Self { + *validation_type + } +} + +impl TryFrom for ValidationAuthorityType { + type Error = Error; + + fn try_from(authority_type: CK_VALIDATION_AUTHORITY_TYPE) -> Result { + match authority_type { + CKV_AUTHORITY_TYPE_UNSPECIFIED => Ok(ValidationAuthorityType::UNSPECIFIED), + CKV_AUTHORITY_TYPE_NIST_CMVP => Ok(ValidationAuthorityType::NIST_CMVP), + CKV_AUTHORITY_TYPE_COMMON_CRITERIA => Ok(ValidationAuthorityType::COMMON_CRITERIA), + _ => { + error!( + "Validation Authority type {} is not supported.", + authority_type + ); + Err(Error::NotSupported) + } + } + } +} diff --git a/cryptoki/src/session/mod.rs b/cryptoki/src/session/mod.rs index c8ec7bb4..119e73d0 100644 --- a/cryptoki/src/session/mod.rs +++ b/cryptoki/src/session/mod.rs @@ -21,9 +21,11 @@ mod session_info; mod session_management; mod signing_macing; mod slot_token_management; +mod validation; pub use object_management::ObjectHandleIterator; pub use session_info::{SessionInfo, SessionState}; +pub use validation::ValidationFlagsType; /// Type that identifies a session /// diff --git a/cryptoki/src/session/object_management.rs b/cryptoki/src/session/object_management.rs index 3cec80d3..95ea7db7 100644 --- a/cryptoki/src/session/object_management.rs +++ b/cryptoki/src/session/object_management.rs @@ -224,7 +224,7 @@ impl Session { /// * [`ObjectHandleIterator`] for more information on how to use the iterator /// * [`Session::iter_objects_with_cache_size`] for a way to specify the cache size #[inline(always)] - pub fn iter_objects(&self, template: &[Attribute]) -> Result { + pub fn iter_objects(&self, template: &[Attribute]) -> Result> { self.iter_objects_with_cache_size(template, MAX_OBJECT_COUNT) } @@ -248,7 +248,7 @@ impl Session { &self, template: &[Attribute], cache_size: NonZeroUsize, - ) -> Result { + ) -> Result> { let template: Vec = template.iter().map(Into::into).collect(); ObjectHandleIterator::new(self, template, cache_size) } diff --git a/cryptoki/src/session/validation.rs b/cryptoki/src/session/validation.rs new file mode 100644 index 00000000..6bfefe98 --- /dev/null +++ b/cryptoki/src/session/validation.rs @@ -0,0 +1,68 @@ +// Copyright 2025 Contributors to the Parsec project. +// SPDX-License-Identifier: Apache-2.0 +//! Session Validation + +use crate::context::Function; +use crate::error::{Result, Rv}; +use crate::session::Session; +use cryptoki_sys::*; +use std::fmt::{Debug, Formatter}; +use std::ops::Deref; + +/// The type of validation flag to query +#[derive(Copy, Clone, Debug)] +pub struct ValidationFlagsType { + val: CK_SESSION_VALIDATION_FLAGS_TYPE, +} + +impl ValidationFlagsType { + /// Check the last operation met all requirements of a validated mechanism. + pub const VALIDATION_OK: ValidationFlagsType = ValidationFlagsType { + val: CKS_LAST_VALIDATION_OK, + }; + + pub(crate) fn stringify(flags: CK_SESSION_VALIDATION_FLAGS_TYPE) -> String { + match flags { + CKS_LAST_VALIDATION_OK => String::from(stringify!(CKS_LAST_VALIDATION_OK)), + _ => format!("unknown ({flags:08x})"), + } + } +} + +impl std::fmt::Display for ValidationFlagsType { + fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { + write!(f, "{}", ValidationFlagsType::stringify(self.val)) + } +} + +impl Deref for ValidationFlagsType { + type Target = CK_SESSION_VALIDATION_FLAGS_TYPE; + + fn deref(&self) -> &Self::Target { + &self.val + } +} + +impl From for CK_SESSION_VALIDATION_FLAGS_TYPE { + fn from(val: ValidationFlagsType) -> Self { + *val + } +} + +impl Session { + /// Get requested validation flags from the session + /// + /// The only supported flag as for PKCS#11 3.2 is `ValidationFlagsType::VALIDATION_OK` + pub fn get_validation_flags(&self, flags_type: ValidationFlagsType) -> Result { + let mut flags: CK_FLAGS = 0; + unsafe { + Rv::from(get_pkcs11!(self.client(), C_GetSessionValidationFlags)( + self.handle(), + flags_type.into(), + &mut flags, + )) + .into_result(Function::GetSessionValidationFlags)?; + } + Ok(flags) + } +} diff --git a/cryptoki/src/types.rs b/cryptoki/src/types.rs index dd9c6f12..46354be9 100644 --- a/cryptoki/src/types.rs +++ b/cryptoki/src/types.rs @@ -192,7 +192,6 @@ impl std::fmt::Display for Version { impl Version { /// Construct a new version - #[cfg(test)] pub(crate) fn new(major: u8, minor: u8) -> Self { Self { major, minor } } diff --git a/cryptoki/tests/basic.rs b/cryptoki/tests/basic.rs index 41c20ace..204c3708 100644 --- a/cryptoki/tests/basic.rs +++ b/cryptoki/tests/basic.rs @@ -45,7 +45,7 @@ fn sign_verify() -> TestResult { let mechanism = Mechanism::RsaPkcsKeyPairGen; let public_exponent: Vec = vec![0x01, 0x00, 0x01]; - let modulus_bits = 1024; + let modulus_bits = 2048; // pub key template let pub_key_template = vec![ @@ -231,7 +231,7 @@ fn sign_verify_multipart() -> TestResult { // Define parameters for keypair let public_exponent = vec![0x01, 0x00, 0x01]; - let modulus_bits = 1024; + let modulus_bits = 2048; let pub_key_template = vec![ Attribute::Token(true), @@ -340,7 +340,7 @@ fn sign_verify_multipart_already_initialized() -> TestResult { // Define parameters for keypair let public_exponent = vec![0x01, 0x00, 0x01]; - let modulus_bits = 1024; + let modulus_bits = 2048; let pub_key_template = vec![ Attribute::Token(true), @@ -405,7 +405,7 @@ fn encrypt_decrypt() -> TestResult { let mechanism = Mechanism::RsaPkcsKeyPairGen; let public_exponent: Vec = vec![0x01, 0x00, 0x01]; - let modulus_bits = 1024; + let modulus_bits = 2048; // pub key template let pub_key_template = vec![ @@ -1025,7 +1025,7 @@ fn wrap_and_unwrap_key() { Attribute::Token(true), Attribute::Private(true), Attribute::PublicExponent(vec![0x01, 0x00, 0x01]), - Attribute::ModulusBits(1024.into()), + Attribute::ModulusBits(2048.into()), // key needs to have "wrap" attribute to wrap other keys Attribute::Wrap(true), ]; @@ -1044,7 +1044,7 @@ fn wrap_and_unwrap_key() { let wrapped_key = session .wrap_key(&Mechanism::RsaPkcs, wrapping_key, key_to_be_wrapped) .unwrap(); - assert_eq!(wrapped_key.len(), 128); + assert_eq!(wrapped_key.len(), 256); let unwrapped_key = session .unwrap_key( @@ -1665,7 +1665,7 @@ fn update_attributes_key() -> TestResult { Attribute::Token(true), Attribute::Private(true), Attribute::PublicExponent(vec![0x01, 0x00, 0x01]), - Attribute::ModulusBits(1024.into()), + Attribute::ModulusBits(2048.into()), ]; // priv key template @@ -3757,7 +3757,6 @@ fn aes_cmac_verify_impl(key: [u8; 16], message: &[u8], expected_mac: [u8; 16]) - Ok(()) } -/// AES-CMAC test vectors from RFC 4493 #[test] #[serial] fn unique_id() -> TestResult { @@ -3822,13 +3821,87 @@ fn unique_id() -> TestResult { )) )); } else { + assert!(matches!( + res, + Err(Error::Pkcs11(_, Function::SetAttributeValue)) + )); + } + + session.destroy_object(key)?; + + Ok(()) +} + +#[test] +#[serial] +fn validation() -> TestResult { + let (pkcs11, slot) = init_pins(); + let session = pkcs11.open_rw_session(slot)?; + session.login(UserType::User, Some(&AuthPin::new(USER_PIN.into())))?; + + let key: [u8; 16] = [ + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, + 0x3c, + ]; + + // Can not create object with ObjectValidationFlags + let key_template = vec![ + Attribute::Class(ObjectClass::SECRET_KEY), + Attribute::KeyType(KeyType::AES), + Attribute::Token(true), + Attribute::Sensitive(true), + Attribute::Private(true), + Attribute::Value(key.into()), + Attribute::ObjectValidationFlags(0x03.into()), + ]; + let res = session.create_object(&key_template); + assert!(res.is_err()); + assert!(matches!( + res, + Err(Error::Pkcs11( + RvError::AttributeTypeInvalid, + Function::CreateObject + )) + )); + + let generate_template = vec![ + Attribute::Token(true), + Attribute::ValueLen(32.into()), + Attribute::Encrypt(true), + ]; + + // generate a secret key + let key = session.generate_key(&Mechanism::AesKeyGen, &generate_template)?; + + // we can get the ObjectValidationFlags attribute + let attrs = session.get_attributes(key, &[AttributeType::ObjectValidationFlags])?; + if is_softhsm() { + // SoftHSM does not support this attribute at all + assert_eq!(attrs.len(), 0); + } else { + // Kryoptic supports the ObjectValidationFlag only if it is built as a FIPS provider + //assert!(matches!(attrs.first(), Some(Attribute::ObjectValidationFlags(_)))); + assert_eq!(attrs.len(), 0); + } + + // we can not set the ObjectValidationFlags attribute + let update_template = vec![Attribute::ObjectValidationFlags(0x03.into())]; + let res = session.update_attributes(key, &update_template); + assert!(res.is_err()); + if is_softhsm() { + // SoftHSM does not support this attribute at all assert!(matches!( res, Err(Error::Pkcs11( - RvError::AttributeReadOnly, + RvError::AttributeTypeInvalid, Function::SetAttributeValue )) )); + } else { + assert!(matches!( + res, + Err(Error::Pkcs11(_, Function::SetAttributeValue)) + )); } session.destroy_object(key)?; diff --git a/cryptoki/tests/common/mod.rs b/cryptoki/tests/common/mod.rs index 41d200ac..47a6b1da 100644 --- a/cryptoki/tests/common/mod.rs +++ b/cryptoki/tests/common/mod.rs @@ -7,9 +7,9 @@ use cryptoki::types::AuthPin; use std::env; // The default user pin -pub static USER_PIN: &str = "fedcba"; +pub static USER_PIN: &str = "fedcba123456"; // The default SO pin -pub static SO_PIN: &str = "abcdef"; +pub static SO_PIN: &str = "abcdef654321"; fn get_pkcs11_path() -> String { env::var("TEST_PKCS11_MODULE")