1 // Copyright 2017 Marcus Heese
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 #![allow(non_camel_case_types, non_snake_case, clippy::unreadable_literal)]
15
16 extern crate libloading;
17 extern crate num_bigint;
18
19 #[cfg(test)]
20 #[macro_use] extern crate serial_test_derive;
21
22 #[cfg(test)]
23 mod tests;
24
25 /// This module is basically a full conversion of the `pkcs11t.h` C header file.
26 pub mod types;
27 /// This module is basically a full conversion of the `pkcs11f.h` C header file.
28 pub mod functions;
29 /// The error types are defined here - they are used throughout the crate.
30 pub mod errors;
31
32 use types::*;
33 use functions::*;
34 use errors::Error;
35
36
37 use std::mem;
38 use std::path::Path;
39 use std::ptr;
40 use std::ffi::CString;
41 //use libc::c_uchar;
42
43
44 trait CkFrom<T> {
from(T) -> Self45 fn from(T) -> Self;
46 }
47
48 impl CkFrom<bool> for CK_BBOOL {
from(b: bool) -> Self49 fn from(b: bool) -> Self {
50 if b {
51 1
52 } else {
53 0
54 }
55 }
56 }
57
58 impl CkFrom<CK_BBOOL> for bool {
from(b: CK_BBOOL) -> bool59 fn from(b: CK_BBOOL) -> bool {
60 match b {
61 0 => false,
62 _ => true,
63 }
64 }
65 }
66
label_from_str(label: &str) -> [CK_UTF8CHAR; 32]67 fn label_from_str(label: &str) -> [CK_UTF8CHAR; 32] {
68 // initialize a fixed-size array with whitespace characters
69 let mut lab: [CK_UTF8CHAR; 32] = [32; 32];
70 let mut i = 0;
71 for c in label.chars() {
72 if i + c.len_utf8() <= 32 {
73 let mut buf = [0; 4];
74 let bytes = c.encode_utf8(&mut buf).as_bytes();
75 for b in bytes {
76 lab[i] = *b;
77 i += 1;
78 }
79 } else {
80 break;
81 }
82 }
83 lab
84 }
85
86 #[derive(Debug)]
87 pub struct Ctx {
88 lib: libloading::Library,
89 _is_initialized: bool,
90 version: CK_VERSION,
91 C_Initialize: C_Initialize,
92 C_Finalize: C_Finalize,
93 C_GetInfo: C_GetInfo,
94 C_GetFunctionList: C_GetFunctionList,
95 C_GetSlotList: C_GetSlotList,
96 C_GetSlotInfo: C_GetSlotInfo,
97 C_GetTokenInfo: C_GetTokenInfo,
98 C_GetMechanismList: C_GetMechanismList,
99 C_GetMechanismInfo: C_GetMechanismInfo,
100 C_InitToken: C_InitToken,
101 C_InitPIN: C_InitPIN,
102 C_SetPIN: C_SetPIN,
103 C_OpenSession: C_OpenSession,
104 C_CloseSession: C_CloseSession,
105 C_CloseAllSessions: C_CloseAllSessions,
106 C_GetSessionInfo: C_GetSessionInfo,
107 C_GetOperationState: C_GetOperationState,
108 C_SetOperationState: C_SetOperationState,
109 C_Login: C_Login,
110 C_Logout: C_Logout,
111 C_CreateObject: C_CreateObject,
112 C_CopyObject: C_CopyObject,
113 C_DestroyObject: C_DestroyObject,
114 C_GetObjectSize: C_GetObjectSize,
115 C_GetAttributeValue: C_GetAttributeValue,
116 C_SetAttributeValue: C_SetAttributeValue,
117 C_FindObjectsInit: C_FindObjectsInit,
118 C_FindObjects: C_FindObjects,
119 C_FindObjectsFinal: C_FindObjectsFinal,
120 C_EncryptInit: C_EncryptInit,
121 C_Encrypt: C_Encrypt,
122 C_EncryptUpdate: C_EncryptUpdate,
123 C_EncryptFinal: C_EncryptFinal,
124 C_DecryptInit: C_DecryptInit,
125 C_Decrypt: C_Decrypt,
126 C_DecryptUpdate: C_DecryptUpdate,
127 C_DecryptFinal: C_DecryptFinal,
128 C_DigestInit: C_DigestInit,
129 C_Digest: C_Digest,
130 C_DigestUpdate: C_DigestUpdate,
131 C_DigestKey: C_DigestKey,
132 C_DigestFinal: C_DigestFinal,
133 C_SignInit: C_SignInit,
134 C_Sign: C_Sign,
135 C_SignUpdate: C_SignUpdate,
136 C_SignFinal: C_SignFinal,
137 C_SignRecoverInit: C_SignRecoverInit,
138 C_SignRecover: C_SignRecover,
139 C_VerifyInit: C_VerifyInit,
140 C_Verify: C_Verify,
141 C_VerifyUpdate: C_VerifyUpdate,
142 C_VerifyFinal: C_VerifyFinal,
143 C_VerifyRecoverInit: C_VerifyRecoverInit,
144 C_VerifyRecover: C_VerifyRecover,
145 C_DigestEncryptUpdate: C_DigestEncryptUpdate,
146 C_DecryptDigestUpdate: C_DecryptDigestUpdate,
147 C_SignEncryptUpdate: C_SignEncryptUpdate,
148 C_DecryptVerifyUpdate: C_DecryptVerifyUpdate,
149 C_GenerateKey: C_GenerateKey,
150 C_GenerateKeyPair: C_GenerateKeyPair,
151 C_WrapKey: C_WrapKey,
152 C_UnwrapKey: C_UnwrapKey,
153 C_DeriveKey: C_DeriveKey,
154 C_SeedRandom: C_SeedRandom,
155 C_GenerateRandom: C_GenerateRandom,
156 C_GetFunctionStatus: C_GetFunctionStatus,
157 C_CancelFunction: C_CancelFunction,
158 // Functions added in for Cryptoki Version 2.01 or later
159 C_WaitForSlotEvent: Option<C_WaitForSlotEvent>,
160 }
161
162 impl Ctx {
new<P>(filename: P) -> Result<Ctx, Error> where P: AsRef<Path>,163 pub fn new<P>(filename: P) -> Result<Ctx, Error>
164 where
165 P: AsRef<Path>,
166 {
167 unsafe {
168 let lib = libloading::Library::new(filename.as_ref())?;
169 let mut list = mem::MaybeUninit::uninit();
170 {
171 let func: libloading::Symbol<unsafe extern "C" fn(CK_FUNCTION_LIST_PTR_PTR) -> CK_RV> = lib.get(b"C_GetFunctionList")?;
172 match func(list.as_mut_ptr()) {
173 CKR_OK => (),
174 err => return Err(Error::Pkcs11(err)),
175 }
176 }
177
178 let list_ptr = *list.as_ptr();
179
180 Ok(Ctx {
181 lib,
182 _is_initialized: false,
183 version: (*list_ptr).version,
184 C_Initialize: (*list_ptr).C_Initialize.ok_or(Error::Module("C_Initialize function not found"))?,
185 C_Finalize: (*list_ptr).C_Finalize.ok_or(Error::Module("C_Finalize function not found"))?,
186 C_GetInfo: (*list_ptr).C_GetInfo.ok_or(Error::Module("C_GetInfo function not found"))?,
187 C_GetFunctionList: (*list_ptr).C_GetFunctionList.ok_or(Error::Module("C_GetFunctionList function not found"))?,
188 C_GetSlotList: (*list_ptr).C_GetSlotList.ok_or(Error::Module("C_GetSlotList function not found"))?,
189 C_GetSlotInfo: (*list_ptr).C_GetSlotInfo.ok_or(Error::Module("C_GetSlotInfo function not found"))?,
190 C_GetTokenInfo: (*list_ptr).C_GetTokenInfo.ok_or(Error::Module("C_GetTokenInfo function not found"))?,
191 C_GetMechanismList: (*list_ptr).C_GetMechanismList.ok_or(Error::Module("C_GetMechanismList function not found"))?,
192 C_GetMechanismInfo: (*list_ptr).C_GetMechanismInfo.ok_or(Error::Module("C_GetMechanismInfo function not found"))?,
193 C_InitToken: (*list_ptr).C_InitToken.ok_or(Error::Module("C_InitToken function not found"))?,
194 C_InitPIN: (*list_ptr).C_InitPIN.ok_or(Error::Module("C_InitPIN function not found"))?,
195 C_SetPIN: (*list_ptr).C_SetPIN.ok_or(Error::Module("C_SetPIN function not found"))?,
196 C_OpenSession: (*list_ptr).C_OpenSession.ok_or(Error::Module("C_OpenSession function not found"))?,
197 C_CloseSession: (*list_ptr).C_CloseSession.ok_or(Error::Module("C_CloseSession function not found"))?,
198 C_CloseAllSessions: (*list_ptr).C_CloseAllSessions.ok_or(Error::Module("C_CloseAllSessions function not found"))?,
199 C_GetSessionInfo: (*list_ptr).C_GetSessionInfo.ok_or(Error::Module("C_GetSessionInfo function not found"))?,
200 C_GetOperationState: (*list_ptr).C_GetOperationState.ok_or(Error::Module("C_GetOperationState function not found"))?,
201 C_SetOperationState: (*list_ptr).C_SetOperationState.ok_or(Error::Module("C_SetOperationState function not found"))?,
202 C_Login: (*list_ptr).C_Login.ok_or(Error::Module("C_Login function not found"))?,
203 C_Logout: (*list_ptr).C_Logout.ok_or(Error::Module("C_Logout function not found"))?,
204 C_CreateObject: (*list_ptr).C_CreateObject.ok_or(Error::Module("C_CreateObject function not found"))?,
205 C_CopyObject: (*list_ptr).C_CopyObject.ok_or(Error::Module("C_CopyObject function not found"))?,
206 C_DestroyObject: (*list_ptr).C_DestroyObject.ok_or(Error::Module("C_DestroyObject function not found"))?,
207 C_GetObjectSize: (*list_ptr).C_GetObjectSize.ok_or(Error::Module("C_GetObjectSize function not found"))?,
208 C_GetAttributeValue: (*list_ptr).C_GetAttributeValue.ok_or(Error::Module("C_GetAttributeValue function not found"))?,
209 C_SetAttributeValue: (*list_ptr).C_SetAttributeValue.ok_or(Error::Module("C_SetAttributeValue function not found"))?,
210 C_FindObjectsInit: (*list_ptr).C_FindObjectsInit.ok_or(Error::Module("C_FindObjectsInit function not found"))?,
211 C_FindObjects: (*list_ptr).C_FindObjects.ok_or(Error::Module("C_FindObjects function not found"))?,
212 C_FindObjectsFinal: (*list_ptr).C_FindObjectsFinal.ok_or(Error::Module("C_FindObjectsFinal function not found"))?,
213 C_EncryptInit: (*list_ptr).C_EncryptInit.ok_or(Error::Module("C_EncryptInit function not found"))?,
214 C_Encrypt: (*list_ptr).C_Encrypt.ok_or(Error::Module("C_Encrypt function not found"))?,
215 C_EncryptUpdate: (*list_ptr).C_EncryptUpdate.ok_or(Error::Module("C_EncryptUpdate function not found"))?,
216 C_EncryptFinal: (*list_ptr).C_EncryptFinal.ok_or(Error::Module("C_EncryptFinal function not found"))?,
217 C_DecryptInit: (*list_ptr).C_DecryptInit.ok_or(Error::Module("C_DecryptInit function not found"))?,
218 C_Decrypt: (*list_ptr).C_Decrypt.ok_or(Error::Module("C_Decrypt function not found"))?,
219 C_DecryptUpdate: (*list_ptr).C_DecryptUpdate.ok_or(Error::Module("C_DecryptUpdate function not found"))?,
220 C_DecryptFinal: (*list_ptr).C_DecryptFinal.ok_or(Error::Module("C_DecryptFinal function not found"))?,
221 C_DigestInit: (*list_ptr).C_DigestInit.ok_or(Error::Module("C_DigestInit function not found"))?,
222 C_Digest: (*list_ptr).C_Digest.ok_or(Error::Module("C_Digest function not found"))?,
223 C_DigestUpdate: (*list_ptr).C_DigestUpdate.ok_or(Error::Module("C_DigestUpdate function not found"))?,
224 C_DigestKey: (*list_ptr).C_DigestKey.ok_or(Error::Module("C_DigestKey function not found"))?,
225 C_DigestFinal: (*list_ptr).C_DigestFinal.ok_or(Error::Module("C_DigestFinal function not found"))?,
226 C_SignInit: (*list_ptr).C_SignInit.ok_or(Error::Module("C_SignInit function not found"))?,
227 C_Sign: (*list_ptr).C_Sign.ok_or(Error::Module("C_Sign function not found"))?,
228 C_SignUpdate: (*list_ptr).C_SignUpdate.ok_or(Error::Module("C_SignUpdate function not found"))?,
229 C_SignFinal: (*list_ptr).C_SignFinal.ok_or(Error::Module("C_SignFinal function not found"))?,
230 C_SignRecoverInit: (*list_ptr).C_SignRecoverInit.ok_or(Error::Module("C_SignRecoverInit function not found"))?,
231 C_SignRecover: (*list_ptr).C_SignRecover.ok_or(Error::Module("C_SignRecover function not found"))?,
232 C_VerifyInit: (*list_ptr).C_VerifyInit.ok_or(Error::Module("C_VerifyInit function not found"))?,
233 C_Verify: (*list_ptr).C_Verify.ok_or(Error::Module("C_Verify function not found"))?,
234 C_VerifyUpdate: (*list_ptr).C_VerifyUpdate.ok_or(Error::Module("C_VerifyUpdate function not found"))?,
235 C_VerifyFinal: (*list_ptr).C_VerifyFinal.ok_or(Error::Module("C_VerifyFinal function not found"))?,
236 C_VerifyRecoverInit: (*list_ptr).C_VerifyRecoverInit.ok_or(Error::Module("C_VerifyRecoverInit function not found"))?,
237 C_VerifyRecover: (*list_ptr).C_VerifyRecover.ok_or(Error::Module("C_VerifyRecover function not found"))?,
238 C_DigestEncryptUpdate: (*list_ptr).C_DigestEncryptUpdate.ok_or(Error::Module("C_DigestEncryptUpdate function not found"))?,
239 C_DecryptDigestUpdate: (*list_ptr).C_DecryptDigestUpdate.ok_or(Error::Module("C_DecryptDigestUpdate function not found"))?,
240 C_SignEncryptUpdate: (*list_ptr).C_SignEncryptUpdate.ok_or(Error::Module("C_SignEncryptUpdate function not found"))?,
241 C_DecryptVerifyUpdate: (*list_ptr).C_DecryptVerifyUpdate.ok_or(Error::Module("C_DecryptVerifyUpdate function not found"))?,
242 C_GenerateKey: (*list_ptr).C_GenerateKey.ok_or(Error::Module("C_GenerateKey function not found"))?,
243 C_GenerateKeyPair: (*list_ptr).C_GenerateKeyPair.ok_or(Error::Module("C_GenerateKeyPair function not found"))?,
244 C_WrapKey: (*list_ptr).C_WrapKey.ok_or(Error::Module("C_WrapKey function not found"))?,
245 C_UnwrapKey: (*list_ptr).C_UnwrapKey.ok_or(Error::Module("C_UnwrapKey function not found"))?,
246 C_DeriveKey: (*list_ptr).C_DeriveKey.ok_or(Error::Module("C_DeriveKey function not found"))?,
247 C_SeedRandom: (*list_ptr).C_SeedRandom.ok_or(Error::Module("C_SeedRandom function not found"))?,
248 C_GenerateRandom: (*list_ptr).C_GenerateRandom.ok_or(Error::Module("C_GenerateRandom function not found"))?,
249 C_GetFunctionStatus: (*list_ptr).C_GetFunctionStatus.ok_or(Error::Module("C_GetFunctionStatus function not found"))?,
250 C_CancelFunction: (*list_ptr).C_CancelFunction.ok_or(Error::Module("C_CancelFunction function not found"))?,
251 // Functions added in for Cryptoki Version 2.01 or later
252 C_WaitForSlotEvent: (*list_ptr).C_WaitForSlotEvent,
253 })
254 }
255 }
256
new_and_initialize<P>(filename: P) -> Result<Ctx, Error> where P: AsRef<Path>,257 pub fn new_and_initialize<P>(filename: P) -> Result<Ctx, Error>
258 where
259 P: AsRef<Path>,
260 {
261 let mut ctx = Ctx::new(filename)?;
262 ctx.initialize(None)?;
263 Ok(ctx)
264 }
265
is_initialized(&self) -> bool266 pub fn is_initialized(&self) -> bool {
267 self._is_initialized
268 }
269
initialized(&self) -> Result<(), Error>270 fn initialized(&self) -> Result<(), Error> {
271 if !self._is_initialized {
272 Err(Error::Module("module not initialized"))
273 } else {
274 Ok(())
275 }
276 }
277
not_initialized(&self) -> Result<(), Error>278 fn not_initialized(&self) -> Result<(), Error> {
279 if self._is_initialized {
280 Err(Error::Module("module already initialized"))
281 } else {
282 Ok(())
283 }
284 }
285
initialize(&mut self, init_args: Option<CK_C_INITIALIZE_ARGS>) -> Result<(), Error>286 pub fn initialize(&mut self, init_args: Option<CK_C_INITIALIZE_ARGS>) -> Result<(), Error> {
287 self.not_initialized()?;
288 // if no args are specified, library expects NULL
289 let init_args = match init_args {
290 Some(mut args) => &mut args,
291 None => ptr::null_mut()
292 };
293 match (self.C_Initialize)(init_args) {
294 CKR_OK => {
295 self._is_initialized = true;
296 Ok(())
297 }
298 err => Err(Error::Pkcs11(err)),
299 }
300 }
301
finalize(&mut self) -> Result<(), Error>302 pub fn finalize(&mut self) -> Result<(), Error> {
303 self.initialized()?;
304 match (self.C_Finalize)(ptr::null_mut()) {
305 CKR_OK => {
306 self._is_initialized = false;
307 Ok(())
308 }
309 err => Err(Error::Pkcs11(err)),
310 }
311 }
312
get_info(&self) -> Result<CK_INFO, Error>313 pub fn get_info(&self) -> Result<CK_INFO, Error> {
314 self.initialized()?;
315 let mut info = CK_INFO::new();
316 match (self.C_GetInfo)(&mut info) {
317 CKR_OK => Ok(info),
318 err => Err(Error::Pkcs11(err)),
319 }
320 }
321
get_function_list(&self) -> Result<CK_FUNCTION_LIST, Error>322 pub fn get_function_list(&self) -> Result<CK_FUNCTION_LIST, Error> {
323 let mut list = mem::MaybeUninit::uninit();
324 match (self.C_GetFunctionList)(&mut list.as_mut_ptr()) {
325 CKR_OK => unsafe { Ok(*list.as_ptr()) },
326 err => Err(Error::Pkcs11(err)),
327 }
328 }
329
get_slot_list(&self, token_present: bool) -> Result<Vec<CK_SLOT_ID>, Error>330 pub fn get_slot_list(&self, token_present: bool) -> Result<Vec<CK_SLOT_ID>, Error> {
331 self.initialized()?;
332 let mut slots_len: CK_ULONG = 0;
333 match (self.C_GetSlotList)(CkFrom::from(token_present), ptr::null_mut(), &mut slots_len) {
334 CKR_OK => {
335 // now slots_len contains the number of slots,
336 // and we can generate a vector with the right capacity
337 // important is to pass slots_len **again** because in
338 // the 2nd call it is used to tell C how big the memory
339 // in slots is.
340 let mut slots = Vec::<CK_SLOT_ID>::with_capacity(slots_len as usize);
341 let slots_ptr = slots.as_mut_ptr();
342 match (self.C_GetSlotList)(CkFrom::from(token_present), slots_ptr, &mut slots_len) {
343 CKR_OK => {
344 unsafe {
345 slots.set_len(slots_len as usize);
346 }
347 Ok(slots)
348 }
349 err => Err(Error::Pkcs11(err)),
350 }
351 }
352 err => Err(Error::Pkcs11(err)),
353 }
354 }
355
get_slot_info(&self, slot_id: CK_SLOT_ID) -> Result<CK_SLOT_INFO, Error>356 pub fn get_slot_info(&self, slot_id: CK_SLOT_ID) -> Result<CK_SLOT_INFO, Error> {
357 self.initialized()?;
358 let mut info: CK_SLOT_INFO = Default::default();
359 match (self.C_GetSlotInfo)(slot_id, &mut info) {
360 CKR_OK => Ok(info),
361 err => Err(Error::Pkcs11(err)),
362 }
363 }
364
get_token_info(&self, slot_id: CK_SLOT_ID) -> Result<CK_TOKEN_INFO, Error>365 pub fn get_token_info(&self, slot_id: CK_SLOT_ID) -> Result<CK_TOKEN_INFO, Error> {
366 self.initialized()?;
367 let mut info: CK_TOKEN_INFO = Default::default();
368 match (self.C_GetTokenInfo)(slot_id, &mut info) {
369 CKR_OK => Ok(info),
370 err => Err(Error::Pkcs11(err)),
371 }
372 }
373
get_mechanism_list(&self, slot_id: CK_SLOT_ID) -> Result<Vec<CK_MECHANISM_TYPE>, Error>374 pub fn get_mechanism_list(&self, slot_id: CK_SLOT_ID) -> Result<Vec<CK_MECHANISM_TYPE>, Error> {
375 self.initialized()?;
376 let mut count: CK_ULONG = 0;
377 match (self.C_GetMechanismList)(slot_id, ptr::null_mut(), &mut count) {
378 CKR_OK => {
379 // see get_slot_list() for an explanation - it works the same way
380 let mut list = Vec::<CK_MECHANISM_TYPE>::with_capacity(count as usize);
381 let list_ptr = list.as_mut_ptr();
382 match (self.C_GetMechanismList)(slot_id, list_ptr, &mut count) {
383 CKR_OK => {
384 unsafe {
385 list.set_len(count as usize);
386 }
387 Ok(list)
388 }
389 err => Err(Error::Pkcs11(err)),
390 }
391 }
392 err => Err(Error::Pkcs11(err)),
393 }
394 }
395
get_mechanism_info(&self, slot_id: CK_SLOT_ID, mechanism_type: CK_MECHANISM_TYPE) -> Result<CK_MECHANISM_INFO, Error>396 pub fn get_mechanism_info(&self, slot_id: CK_SLOT_ID, mechanism_type: CK_MECHANISM_TYPE) -> Result<CK_MECHANISM_INFO, Error> {
397 self.initialized()?;
398 let mut info: CK_MECHANISM_INFO = Default::default();
399 match (self.C_GetMechanismInfo)(slot_id, mechanism_type, &mut info) {
400 CKR_OK => Ok(info),
401 err => Err(Error::Pkcs11(err)),
402 }
403 }
404
init_token<'a, 'b>(&self, slot_id: CK_SLOT_ID, pin: Option<&'a str>, label: &'b str) -> Result<(), Error>405 pub fn init_token<'a, 'b>(&self, slot_id: CK_SLOT_ID, pin: Option<&'a str>, label: &'b str) -> Result<(), Error> {
406 self.initialized()?;
407 let mut formatted_label = label_from_str(label).to_vec();
408 let formatted_label_ptr = formatted_label.as_mut_ptr();
409 match pin {
410 Some(pin) => if let Ok(cpin) = CString::new(pin) {
411 let mut cpin_bytes = cpin.into_bytes();
412 match (self.C_InitToken)(slot_id, cpin_bytes.as_mut_ptr(), cpin_bytes.len() as CK_ULONG, formatted_label_ptr) {
413 CKR_OK => Ok(()),
414 err => Err(Error::Pkcs11(err)),
415 }
416 } else {
417 Err(Error::InvalidInput("PIN contains a nul byte"))
418 },
419 None => {
420 // CKF_PROTECTED_AUTHENTICATION_PATH requires a NULL pointer
421 match (self.C_InitToken)(slot_id, ptr::null_mut(), 0, formatted_label_ptr) {
422 CKR_OK => Ok(()),
423 err => Err(Error::Pkcs11(err)),
424 }
425 }
426 }
427 }
428
init_pin<'a>(&self, session: CK_SESSION_HANDLE, pin: Option<&'a str>) -> Result<(), Error>429 pub fn init_pin<'a>(&self, session: CK_SESSION_HANDLE, pin: Option<&'a str>) -> Result<(), Error> {
430 self.initialized()?;
431 match pin {
432 Some(pin) => if let Ok(cpin) = CString::new(pin) {
433 let mut cpin_bytes = cpin.into_bytes();
434 match (self.C_InitPIN)(session, cpin_bytes.as_mut_ptr(), cpin_bytes.len() as CK_ULONG) {
435 CKR_OK => Ok(()),
436 err => Err(Error::Pkcs11(err)),
437 }
438 } else {
439 Err(Error::InvalidInput("PIN contains a nul byte"))
440 },
441 None => match (self.C_InitPIN)(session, ptr::null_mut(), 0) {
442 CKR_OK => Ok(()),
443 err => Err(Error::Pkcs11(err)),
444 },
445 }
446 }
447
set_pin<'a, 'b>(&self, session: CK_SESSION_HANDLE, old_pin: Option<&'a str>, new_pin: Option<&'b str>) -> Result<(), Error>448 pub fn set_pin<'a, 'b>(&self, session: CK_SESSION_HANDLE, old_pin: Option<&'a str>, new_pin: Option<&'b str>) -> Result<(), Error> {
449 self.initialized()?;
450 if old_pin.is_none() && new_pin.is_none() {
451 match (self.C_SetPIN)(session, ptr::null_mut(), 0, ptr::null_mut(), 0) {
452 CKR_OK => Ok(()),
453 err => Err(Error::Pkcs11(err)),
454 }
455 } else if old_pin.is_some() && new_pin.is_some() {
456 let old_cpin_res = CString::new(old_pin.unwrap());
457 let new_cpin_res = CString::new(new_pin.unwrap());
458 if old_cpin_res.is_err() {
459 return Err(Error::InvalidInput("Old PIN contains a nul byte"));
460 }
461 if new_cpin_res.is_err() {
462 return Err(Error::InvalidInput("New PIN contains a nul byte"));
463 }
464 let mut old_cpin = old_cpin_res.unwrap().into_bytes();
465 let mut new_cpin = new_cpin_res.unwrap().into_bytes();
466 match (self.C_SetPIN)(session, old_cpin.as_mut_ptr(), old_cpin.len() as CK_ULONG, new_cpin.as_mut_ptr(), new_cpin.len() as CK_ULONG) {
467 CKR_OK => Ok(()),
468 err => Err(Error::Pkcs11(err)),
469 }
470 } else {
471 Err(Error::InvalidInput("both PINs must be either set or unset"))
472 }
473 }
474
open_session(&self, slot_id: CK_SLOT_ID, flags: CK_FLAGS, application: Option<CK_VOID_PTR>, notify: CK_NOTIFY) -> Result<CK_SESSION_HANDLE, Error>475 pub fn open_session(&self, slot_id: CK_SLOT_ID, flags: CK_FLAGS, application: Option<CK_VOID_PTR>, notify: CK_NOTIFY) -> Result<CK_SESSION_HANDLE, Error> {
476 self.initialized()?;
477 let mut session: CK_SESSION_HANDLE = 0;
478 match (self.C_OpenSession)(slot_id, flags, application.unwrap_or(ptr::null_mut()), notify, &mut session) {
479 CKR_OK => Ok(session),
480 err => Err(Error::Pkcs11(err)),
481 }
482 }
483
close_session(&self, session: CK_SESSION_HANDLE) -> Result<(), Error>484 pub fn close_session(&self, session: CK_SESSION_HANDLE) -> Result<(), Error> {
485 self.initialized()?;
486 match (self.C_CloseSession)(session) {
487 CKR_OK => Ok(()),
488 err => Err(Error::Pkcs11(err)),
489 }
490 }
491
close_all_sessions(&self, slot_id: CK_SLOT_ID) -> Result<(), Error>492 pub fn close_all_sessions(&self, slot_id: CK_SLOT_ID) -> Result<(), Error> {
493 self.initialized()?;
494 match (self.C_CloseAllSessions)(slot_id) {
495 CKR_OK => Ok(()),
496 err => Err(Error::Pkcs11(err)),
497 }
498 }
499
get_session_info(&self, session: CK_SESSION_HANDLE) -> Result<CK_SESSION_INFO, Error>500 pub fn get_session_info(&self, session: CK_SESSION_HANDLE) -> Result<CK_SESSION_INFO, Error> {
501 self.initialized()?;
502 let mut info: CK_SESSION_INFO = Default::default();
503 match (self.C_GetSessionInfo)(session, &mut info) {
504 CKR_OK => Ok(info),
505 err => Err(Error::Pkcs11(err)),
506 }
507 }
508
get_operation_state(&self, session: CK_SESSION_HANDLE) -> Result<Vec<CK_BYTE>, Error>509 pub fn get_operation_state(&self, session: CK_SESSION_HANDLE) -> Result<Vec<CK_BYTE>, Error> {
510 self.initialized()?;
511 let mut state_length: CK_ULONG = 0;
512 match (self.C_GetOperationState)(session, ptr::null_mut(), &mut state_length) {
513 CKR_OK => {
514 let mut state: Vec<CK_BYTE> = Vec::with_capacity(state_length as usize);
515 let state_ptr = state.as_mut_ptr();
516 match (self.C_GetOperationState)(session, state_ptr, &mut state_length) {
517 CKR_OK => {
518 unsafe {
519 state.set_len(state_length as usize);
520 }
521 Ok(state)
522 }
523 err => Err(Error::Pkcs11(err)),
524 }
525 }
526 err => Err(Error::Pkcs11(err)),
527 }
528 }
529
set_operation_state( &self, session: CK_SESSION_HANDLE, operation_state: Vec<CK_BYTE>, encryption_key: Option<CK_OBJECT_HANDLE>, authentication_key: Option<CK_OBJECT_HANDLE>, ) -> Result<(), Error>530 pub fn set_operation_state(
531 &self,
532 session: CK_SESSION_HANDLE,
533 operation_state: Vec<CK_BYTE>,
534 encryption_key: Option<CK_OBJECT_HANDLE>,
535 authentication_key: Option<CK_OBJECT_HANDLE>,
536 ) -> Result<(), Error> {
537 self.initialized()?;
538 let mut operation_state = operation_state;
539 match (self.C_SetOperationState)(session, operation_state.as_mut_ptr(), operation_state.len() as CK_ULONG, encryption_key.unwrap_or(0), authentication_key.unwrap_or(0)) {
540 CKR_OK => Ok(()),
541 err => Err(Error::Pkcs11(err)),
542 }
543 }
544
login<'a>(&self, session: CK_SESSION_HANDLE, user_type: CK_USER_TYPE, pin: Option<&'a str>) -> Result<(), Error>545 pub fn login<'a>(&self, session: CK_SESSION_HANDLE, user_type: CK_USER_TYPE, pin: Option<&'a str>) -> Result<(), Error> {
546 self.initialized()?;
547 match pin {
548 Some(pin) => if let Ok(cpin) = CString::new(pin) {
549 let mut cpin_bytes = cpin.into_bytes();
550 match (self.C_Login)(session, user_type, cpin_bytes.as_mut_ptr(), cpin_bytes.len() as CK_ULONG) {
551 CKR_OK => Ok(()),
552 err => Err(Error::Pkcs11(err)),
553 }
554 } else {
555 Err(Error::InvalidInput("PIN contains a nul byte"))
556 },
557 None => match (self.C_Login)(session, user_type, ptr::null_mut(), 0) {
558 CKR_OK => Ok(()),
559 err => Err(Error::Pkcs11(err)),
560 },
561 }
562 }
563
564 /// Some dongle drivers (such as Safenet) allow NUL bytes in PINs, and fail
565 /// login if a NUL containing PIN is truncated. Combined with poor PIN gen
566 /// algorithms which insert NULs into the PIN, you might need a way to supply
567 /// raw bytes for a PIN, instead of converting from a UTF8 string as per spec
login_with_raw(&self, session: CK_SESSION_HANDLE, user_type: CK_USER_TYPE, pin: Option<&[CK_BYTE]>) -> Result<(), Error>568 pub fn login_with_raw(&self, session: CK_SESSION_HANDLE, user_type: CK_USER_TYPE, pin: Option<&[CK_BYTE]>) -> Result<(), Error> {
569 self.initialized()?;
570 match pin {
571 Some(pin) => {
572 let mut pin = pin.to_vec();
573 match (self.C_Login)(session, user_type, pin.as_mut_ptr(), pin.len() as CK_ULONG) {
574 CKR_OK => Ok(()),
575 err => Err(Error::Pkcs11(err)),
576 }
577 },
578 None => match (self.C_Login)(session, user_type, ptr::null_mut(), 0) {
579 CKR_OK => Ok(()),
580 err => Err(Error::Pkcs11(err)),
581 },
582 }
583 }
584
logout(&self, session: CK_SESSION_HANDLE) -> Result<(), Error>585 pub fn logout(&self, session: CK_SESSION_HANDLE) -> Result<(), Error> {
586 self.initialized()?;
587 match (self.C_Logout)(session) {
588 CKR_OK => Ok(()),
589 err => Err(Error::Pkcs11(err)),
590 }
591 }
592
create_object(&self, session: CK_SESSION_HANDLE, template: &[CK_ATTRIBUTE]) -> Result<CK_OBJECT_HANDLE, Error>593 pub fn create_object(&self, session: CK_SESSION_HANDLE, template: &[CK_ATTRIBUTE]) -> Result<CK_OBJECT_HANDLE, Error> {
594 self.initialized()?;
595 let mut template = template.to_vec();
596 let mut oh: CK_OBJECT_HANDLE = CK_INVALID_HANDLE;
597 match (self.C_CreateObject)(session, template.as_mut_ptr(), template.len() as CK_ULONG, &mut oh) {
598 CKR_OK => Ok(oh),
599 err => Err(Error::Pkcs11(err)),
600 }
601 }
602
copy_object(&self, session: CK_SESSION_HANDLE, object: CK_OBJECT_HANDLE, template: &[CK_ATTRIBUTE]) -> Result<CK_OBJECT_HANDLE, Error>603 pub fn copy_object(&self, session: CK_SESSION_HANDLE, object: CK_OBJECT_HANDLE, template: &[CK_ATTRIBUTE]) -> Result<CK_OBJECT_HANDLE, Error> {
604 self.initialized()?;
605 let mut template = template.to_vec();
606 let mut oh: CK_OBJECT_HANDLE = CK_INVALID_HANDLE;
607 match (self.C_CopyObject)(session, object, template.as_mut_ptr(), template.len() as CK_ULONG, &mut oh) {
608 CKR_OK => Ok(oh),
609 err => Err(Error::Pkcs11(err)),
610 }
611 }
612
destroy_object(&self, session: CK_SESSION_HANDLE, object: CK_OBJECT_HANDLE) -> Result<(), Error>613 pub fn destroy_object(&self, session: CK_SESSION_HANDLE, object: CK_OBJECT_HANDLE) -> Result<(), Error> {
614 self.initialized()?;
615 match (self.C_DestroyObject)(session, object) {
616 CKR_OK => Ok(()),
617 err => Err(Error::Pkcs11(err)),
618 }
619 }
620
get_object_size(&self, session: CK_SESSION_HANDLE, object: CK_OBJECT_HANDLE) -> Result<CK_ULONG, Error>621 pub fn get_object_size(&self, session: CK_SESSION_HANDLE, object: CK_OBJECT_HANDLE) -> Result<CK_ULONG, Error> {
622 self.initialized()?;
623 let mut size: CK_ULONG = 0;
624 match (self.C_GetObjectSize)(session, object, &mut size) {
625 CKR_OK => Ok(size),
626 err => Err(Error::Pkcs11(err)),
627 }
628 }
629
get_attribute_value<'a>(&self, session: CK_SESSION_HANDLE, object: CK_OBJECT_HANDLE, template: &'a mut Vec<CK_ATTRIBUTE>) -> Result<(CK_RV, &'a Vec<CK_ATTRIBUTE>), Error>630 pub fn get_attribute_value<'a>(&self, session: CK_SESSION_HANDLE, object: CK_OBJECT_HANDLE, template: &'a mut Vec<CK_ATTRIBUTE>) -> Result<(CK_RV, &'a Vec<CK_ATTRIBUTE>), Error> {
631 self.initialized()?;
632 /*
633 Note that the error codes CKR_ATTRIBUTE_SENSITIVE, CKR_ATTRIBUTE_TYPE_INVALID, and CKR_BUFFER_TOO_SMALL
634 do not denote true errors for C_GetAttributeValue. If a call to C_GetAttributeValue returns any of these three
635 values, then the call MUST nonetheless have processed every attribute in the template supplied to
636 C_GetAttributeValue. Each attribute in the template whose value can be returned by the call to
637 C_GetAttributeValue will be returned by the call to C_GetAttributeValue.
638 */
639 match (self.C_GetAttributeValue)(session, object, template.as_mut_ptr(), template.len() as CK_ULONG) {
640 CKR_OK => Ok((CKR_OK, template)),
641 CKR_ATTRIBUTE_SENSITIVE => Ok((CKR_ATTRIBUTE_SENSITIVE, template)),
642 CKR_ATTRIBUTE_TYPE_INVALID => Ok((CKR_ATTRIBUTE_TYPE_INVALID, template)),
643 CKR_BUFFER_TOO_SMALL => Ok((CKR_BUFFER_TOO_SMALL, template)),
644 err => Err(Error::Pkcs11(err)),
645 }
646 }
647
set_attribute_value(&self, session: CK_SESSION_HANDLE, object: CK_OBJECT_HANDLE, template: &[CK_ATTRIBUTE]) -> Result<(), Error>648 pub fn set_attribute_value(&self, session: CK_SESSION_HANDLE, object: CK_OBJECT_HANDLE, template: &[CK_ATTRIBUTE]) -> Result<(), Error> {
649 self.initialized()?;
650 let mut template = template.to_vec();
651 match (self.C_SetAttributeValue)(session, object, template.as_mut_ptr(), template.len() as CK_ULONG) {
652 CKR_OK => Ok(()),
653 err => Err(Error::Pkcs11(err)),
654 }
655 }
656
find_objects_init(&self, session: CK_SESSION_HANDLE, template: &[CK_ATTRIBUTE]) -> Result<(), Error>657 pub fn find_objects_init(&self, session: CK_SESSION_HANDLE, template: &[CK_ATTRIBUTE]) -> Result<(), Error> {
658 self.initialized()?;
659 let mut template = template.to_vec();
660 match (self.C_FindObjectsInit)(session, template.as_mut_ptr(), template.len() as CK_ULONG) {
661 CKR_OK => Ok(()),
662 err => Err(Error::Pkcs11(err)),
663 }
664 }
665
find_objects(&self, session: CK_SESSION_HANDLE, max_object_count: CK_ULONG) -> Result<Vec<CK_OBJECT_HANDLE>, Error>666 pub fn find_objects(&self, session: CK_SESSION_HANDLE, max_object_count: CK_ULONG) -> Result<Vec<CK_OBJECT_HANDLE>, Error> {
667 self.initialized()?;
668 let mut list: Vec<CK_OBJECT_HANDLE> = Vec::with_capacity(max_object_count as usize);
669 let mut count: CK_ULONG = 0;
670 match (self.C_FindObjects)(session, list.as_mut_ptr(), max_object_count, &mut count) {
671 CKR_OK => {
672 unsafe {
673 list.set_len(count as usize);
674 }
675 Ok(list)
676 }
677 err => Err(Error::Pkcs11(err)),
678 }
679 }
680
find_objects_final(&self, session: CK_SESSION_HANDLE) -> Result<(), Error>681 pub fn find_objects_final(&self, session: CK_SESSION_HANDLE) -> Result<(), Error> {
682 self.initialized()?;
683 match (self.C_FindObjectsFinal)(session) {
684 CKR_OK => Ok(()),
685 err => Err(Error::Pkcs11(err)),
686 }
687 }
688
encrypt_init(&self, session: CK_SESSION_HANDLE, mechanism: &CK_MECHANISM, key: CK_OBJECT_HANDLE) -> Result<(), Error>689 pub fn encrypt_init(&self, session: CK_SESSION_HANDLE, mechanism: &CK_MECHANISM, key: CK_OBJECT_HANDLE) -> Result<(), Error> {
690 self.initialized()?;
691 let mut mechanism = *mechanism;
692 match (self.C_EncryptInit)(session, &mut mechanism, key) {
693 CKR_OK => Ok(()),
694 err => Err(Error::Pkcs11(err)),
695 }
696 }
697
encrypt(&self, session: CK_SESSION_HANDLE, data: &[CK_BYTE]) -> Result<Vec<CK_BYTE>, Error>698 pub fn encrypt(&self, session: CK_SESSION_HANDLE, data: &[CK_BYTE]) -> Result<Vec<CK_BYTE>, Error> {
699 self.initialized()?;
700 let mut data = data.to_vec();
701 let mut encryptedDataLen: CK_ULONG = 0;
702 match (self.C_Encrypt)(session, data.as_mut_ptr(), data.len() as CK_ULONG, ptr::null_mut(), &mut encryptedDataLen) {
703 CKR_OK => {
704 let mut encryptedData: Vec<CK_BYTE> = Vec::with_capacity(encryptedDataLen as usize);
705 match (self.C_Encrypt)(session, data.as_mut_ptr(), data.len() as CK_ULONG, encryptedData.as_mut_ptr(), &mut encryptedDataLen) {
706 CKR_OK => {
707 unsafe {
708 encryptedData.set_len(encryptedDataLen as usize);
709 }
710 Ok(encryptedData)
711 },
712 err => Err(Error::Pkcs11(err)),
713 }
714 },
715 err => Err(Error::Pkcs11(err)),
716 }
717 }
718
encrypt_update(&self, session: CK_SESSION_HANDLE, part: &[CK_BYTE]) -> Result<Vec<CK_BYTE>, Error>719 pub fn encrypt_update(&self, session: CK_SESSION_HANDLE, part: &[CK_BYTE]) -> Result<Vec<CK_BYTE>, Error> {
720 self.initialized()?;
721 let mut part = part.to_vec();
722 let mut encryptedPartLen: CK_ULONG = 0;
723 match (self.C_EncryptUpdate)(session, part.as_mut_ptr(), part.len() as CK_ULONG, ptr::null_mut(), &mut encryptedPartLen) {
724 CKR_OK => {
725 let mut encryptedPart: Vec<CK_BYTE> = Vec::with_capacity(encryptedPartLen as usize);
726 match (self.C_EncryptUpdate)(session, part.as_mut_ptr(), part.len() as CK_ULONG, encryptedPart.as_mut_ptr(), &mut encryptedPartLen) {
727 CKR_OK => {
728 unsafe {
729 encryptedPart.set_len(encryptedPartLen as usize);
730 }
731 Ok(encryptedPart)
732 },
733 err => Err(Error::Pkcs11(err)),
734 }
735 },
736 err => Err(Error::Pkcs11(err)),
737 }
738 }
739
encrypt_final(&self, session: CK_SESSION_HANDLE) -> Result<Option<Vec<CK_BYTE>>, Error>740 pub fn encrypt_final(&self, session: CK_SESSION_HANDLE) -> Result<Option<Vec<CK_BYTE>>, Error> {
741 self.initialized()?;
742 let mut lastEncryptedPartLen: CK_ULONG = 0;
743 match (self.C_EncryptFinal)(session, ptr::null_mut(), &mut lastEncryptedPartLen) {
744 CKR_OK => {
745 if lastEncryptedPartLen == 0 {
746 Ok(None)
747 } else {
748 let mut lastEncryptedPart: Vec<CK_BYTE> = Vec::with_capacity(lastEncryptedPartLen as usize);
749 match (self.C_EncryptFinal)(session, lastEncryptedPart.as_mut_ptr(), &mut lastEncryptedPartLen) {
750 CKR_OK => {
751 unsafe {
752 lastEncryptedPart.set_len(lastEncryptedPartLen as usize);
753 }
754 Ok(Some(lastEncryptedPart))
755 },
756 err => Err(Error::Pkcs11(err)),
757 }
758 }
759 },
760 err => Err(Error::Pkcs11(err)),
761 }
762 }
763
decrypt_init(&self, session: CK_SESSION_HANDLE, mechanism: &CK_MECHANISM, key: CK_OBJECT_HANDLE) -> Result<(), Error>764 pub fn decrypt_init(&self, session: CK_SESSION_HANDLE, mechanism: &CK_MECHANISM, key: CK_OBJECT_HANDLE) -> Result<(), Error> {
765 self.initialized()?;
766 let mut mechanism = *mechanism;
767 match (self.C_DecryptInit)(session, &mut mechanism, key) {
768 CKR_OK => Ok(()),
769 err => Err(Error::Pkcs11(err)),
770 }
771 }
772
decrypt(&self, session: CK_SESSION_HANDLE, encryptedData: &[CK_BYTE]) -> Result<Vec<CK_BYTE>, Error>773 pub fn decrypt(&self, session: CK_SESSION_HANDLE, encryptedData: &[CK_BYTE]) -> Result<Vec<CK_BYTE>, Error> {
774 self.initialized()?;
775 let mut encrypted_data = encryptedData.to_vec();
776 let mut dataLen: CK_ULONG = 0;
777 match (self.C_Decrypt)(session, encrypted_data.as_mut_ptr(), encrypted_data.len() as CK_ULONG, ptr::null_mut(), &mut dataLen) {
778 CKR_OK => {
779 let mut data: Vec<CK_BYTE> = Vec::with_capacity(dataLen as usize);
780 match (self.C_Decrypt)(session, encrypted_data.as_mut_ptr(), encrypted_data.len() as CK_ULONG, data.as_mut_ptr(), &mut dataLen) {
781 CKR_OK => {
782 unsafe {
783 data.set_len(dataLen as usize);
784 }
785 Ok(data)
786 },
787 err => Err(Error::Pkcs11(err)),
788 }
789 },
790 err => Err(Error::Pkcs11(err)),
791 }
792 }
793
decrypt_update(&self, session: CK_SESSION_HANDLE, encryptedPart: &[CK_BYTE]) -> Result<Vec<CK_BYTE>, Error>794 pub fn decrypt_update(&self, session: CK_SESSION_HANDLE, encryptedPart: &[CK_BYTE]) -> Result<Vec<CK_BYTE>, Error> {
795 self.initialized()?;
796 let mut encrypted_part = encryptedPart.to_vec();
797 let mut partLen: CK_ULONG = 0;
798 match (self.C_DecryptUpdate)(session, encrypted_part.as_mut_ptr(), encrypted_part.len() as CK_ULONG, ptr::null_mut(), &mut partLen) {
799 CKR_OK => {
800 let mut part: Vec<CK_BYTE> = Vec::with_capacity(partLen as usize);
801 match (self.C_DecryptUpdate)(session, encrypted_part.as_mut_ptr(), encrypted_part.len() as CK_ULONG, part.as_mut_ptr(), &mut partLen) {
802 CKR_OK => {
803 unsafe {
804 part.set_len(partLen as usize);
805 }
806 Ok(part)
807 },
808 err => Err(Error::Pkcs11(err)),
809 }
810 },
811 err => Err(Error::Pkcs11(err)),
812 }
813 }
814
decrypt_final(&self, session: CK_SESSION_HANDLE) -> Result<Option<Vec<CK_BYTE>>, Error>815 pub fn decrypt_final(&self, session: CK_SESSION_HANDLE) -> Result<Option<Vec<CK_BYTE>>, Error> {
816 self.initialized()?;
817 let mut lastPartLen: CK_ULONG = 0;
818 match (self.C_DecryptFinal)(session, ptr::null_mut(), &mut lastPartLen) {
819 CKR_OK => {
820 if lastPartLen == 0 {
821 Ok(None)
822 } else {
823 let mut lastPart: Vec<CK_BYTE> = Vec::with_capacity(lastPartLen as usize);
824 match (self.C_DecryptFinal)(session, lastPart.as_mut_ptr(), &mut lastPartLen) {
825 CKR_OK => {
826 unsafe {
827 lastPart.set_len(lastPartLen as usize);
828 }
829 Ok(Some(lastPart))
830 },
831 err => Err(Error::Pkcs11(err)),
832 }
833 }
834 },
835 err => Err(Error::Pkcs11(err)),
836 }
837 }
838
digest_init(&self, session: CK_SESSION_HANDLE, mechanism: &CK_MECHANISM) -> Result<(), Error>839 pub fn digest_init(&self, session: CK_SESSION_HANDLE, mechanism: &CK_MECHANISM) -> Result<(), Error> {
840 self.initialized()?;
841 let mut mechanism = *mechanism;
842 match (self.C_DigestInit)(session, &mut mechanism) {
843 CKR_OK => Ok(()),
844 err => Err(Error::Pkcs11(err)),
845 }
846 }
847
digest(&self, session: CK_SESSION_HANDLE, data: &[CK_BYTE]) -> Result<Vec<CK_BYTE>, Error>848 pub fn digest(&self, session: CK_SESSION_HANDLE, data: &[CK_BYTE]) -> Result<Vec<CK_BYTE>, Error> {
849 self.initialized()?;
850 let mut data = data.to_vec();
851 let mut digestLen: CK_ULONG = 0;
852 match (self.C_Digest)(session, data.as_mut_ptr(), data.len() as CK_ULONG, ptr::null_mut(), &mut digestLen) {
853 CKR_OK => {
854 let mut digest: Vec<CK_BYTE> = Vec::with_capacity(digestLen as usize);
855 match (self.C_Digest)(session, data.as_mut_ptr(), data.len() as CK_ULONG, digest.as_mut_ptr(), &mut digestLen) {
856 CKR_OK => {
857 unsafe {
858 digest.set_len(digestLen as usize);
859 }
860 Ok(digest)
861 },
862 err => Err(Error::Pkcs11(err)),
863 }
864 },
865 err => Err(Error::Pkcs11(err)),
866 }
867 }
868
digest_update(&self, session: CK_SESSION_HANDLE, part: &[CK_BYTE]) -> Result<(), Error>869 pub fn digest_update(&self, session: CK_SESSION_HANDLE, part: &[CK_BYTE]) -> Result<(), Error> {
870 let mut part = part.to_vec();
871 match (self.C_DigestUpdate)(session, part.as_mut_ptr(), part.len() as CK_ULONG) {
872 CKR_OK => Ok(()),
873 err => Err(Error::Pkcs11(err)),
874 }
875 }
876
digest_key(&self, session: CK_SESSION_HANDLE, key: CK_OBJECT_HANDLE) -> Result<(), Error>877 pub fn digest_key(&self, session: CK_SESSION_HANDLE, key: CK_OBJECT_HANDLE) -> Result<(), Error> {
878 self.initialized()?;
879 match (self.C_DigestKey)(session, key) {
880 CKR_OK => Ok(()),
881 err => Err(Error::Pkcs11(err)),
882 }
883 }
884
digest_final(&self, session: CK_SESSION_HANDLE) -> Result<Vec<CK_BYTE>, Error>885 pub fn digest_final(&self, session: CK_SESSION_HANDLE) -> Result<Vec<CK_BYTE>, Error> {
886 self.initialized()?;
887 let mut digestLen: CK_ULONG = 0;
888 match (self.C_DigestFinal)(session, ptr::null_mut(), &mut digestLen) {
889 CKR_OK => {
890 let mut digest: Vec<CK_BYTE> = Vec::with_capacity(digestLen as usize);
891 match (self.C_DigestFinal)(session, digest.as_mut_ptr(), &mut digestLen) {
892 CKR_OK => {
893 unsafe {
894 digest.set_len(digestLen as usize);
895 }
896 Ok(digest)
897 },
898 err => Err(Error::Pkcs11(err)),
899 }
900 },
901 err => Err(Error::Pkcs11(err)),
902 }
903 }
904
sign_init(&self, session: CK_SESSION_HANDLE, mechanism: &CK_MECHANISM, key: CK_OBJECT_HANDLE) -> Result<(), Error>905 pub fn sign_init(&self, session: CK_SESSION_HANDLE, mechanism: &CK_MECHANISM, key: CK_OBJECT_HANDLE) -> Result<(), Error> {
906 self.initialized()?;
907 let mut mechanism = *mechanism;
908 match (self.C_SignInit)(session, &mut mechanism, key) {
909 CKR_OK => Ok(()),
910 err => Err(Error::Pkcs11(err)),
911 }
912 }
913
sign(&self, session: CK_SESSION_HANDLE, data: &[CK_BYTE]) -> Result<Vec<CK_BYTE>, Error>914 pub fn sign(&self, session: CK_SESSION_HANDLE, data: &[CK_BYTE]) -> Result<Vec<CK_BYTE>, Error> {
915 self.initialized()?;
916 let mut data = data.to_vec();
917 let mut signatureLen: CK_ULONG = 0;
918 match (self.C_Sign)(session, data.as_mut_ptr(), data.len() as CK_ULONG, ptr::null_mut(), &mut signatureLen) {
919 CKR_OK => {
920 let mut signature: Vec<CK_BYTE> = Vec::with_capacity(signatureLen as usize);
921 match (self.C_Sign)(session, data.as_mut_ptr(), data.len() as CK_ULONG, signature.as_mut_ptr(), &mut signatureLen) {
922 CKR_OK => {
923 unsafe {
924 signature.set_len(signatureLen as usize);
925 }
926 Ok(signature)
927 },
928 err => Err(Error::Pkcs11(err)),
929 }
930 },
931 err => Err(Error::Pkcs11(err)),
932 }
933 }
934
sign_update(&self, session: CK_SESSION_HANDLE, part: &[CK_BYTE]) -> Result<(), Error>935 pub fn sign_update(&self, session: CK_SESSION_HANDLE, part: &[CK_BYTE]) -> Result<(), Error> {
936 self.initialized()?;
937 let mut part = part.to_vec();
938 match (self.C_SignUpdate)(session, part.as_mut_ptr(), part.len() as CK_ULONG) {
939 CKR_OK => Ok(()),
940 err => Err(Error::Pkcs11(err)),
941 }
942 }
943
sign_final(&self, session: CK_SESSION_HANDLE) -> Result<Vec<CK_BYTE>, Error>944 pub fn sign_final(&self, session: CK_SESSION_HANDLE) -> Result<Vec<CK_BYTE>, Error> {
945 self.initialized()?;
946 let mut signatureLen: CK_ULONG = 0;
947 match (self.C_SignFinal)(session, ptr::null_mut(), &mut signatureLen) {
948 CKR_OK => {
949 let mut signature: Vec<CK_BYTE> = Vec::with_capacity(signatureLen as usize);
950 match (self.C_SignFinal)(session, signature.as_mut_ptr(), &mut signatureLen) {
951 CKR_OK => {
952 unsafe {
953 signature.set_len(signatureLen as usize);
954 }
955 Ok(signature)
956 },
957 err => Err(Error::Pkcs11(err)),
958 }
959 },
960 err => Err(Error::Pkcs11(err)),
961 }
962 }
963
sign_recover_init(&self, session: CK_SESSION_HANDLE, mechanism: &CK_MECHANISM, key: CK_OBJECT_HANDLE) -> Result<(), Error>964 pub fn sign_recover_init(&self, session: CK_SESSION_HANDLE, mechanism: &CK_MECHANISM, key: CK_OBJECT_HANDLE) -> Result<(), Error> {
965 self.initialized()?;
966 let mut mechanism = *mechanism;
967 match (self.C_SignRecoverInit)(session, &mut mechanism, key) {
968 CKR_OK => Ok(()),
969 err => Err(Error::Pkcs11(err))
970 }
971 }
972
sign_recover(&self, session: CK_SESSION_HANDLE, data: &[CK_BYTE]) -> Result<Vec<CK_BYTE>, Error>973 pub fn sign_recover(&self, session: CK_SESSION_HANDLE, data: &[CK_BYTE]) -> Result<Vec<CK_BYTE>, Error> {
974 self.initialized()?;
975 let mut data = data.to_vec();
976 let mut signatureLen: CK_ULONG = 0;
977 match (self.C_SignRecover)(session, data.as_mut_ptr(), data.len() as CK_ULONG, ptr::null_mut(), &mut signatureLen) {
978 CKR_OK => {
979 let mut signature: Vec<CK_BYTE> = Vec::with_capacity(signatureLen as usize);
980 match (self.C_SignRecover)(session, data.as_mut_ptr(), data.len() as CK_ULONG, signature.as_mut_ptr(), &mut signatureLen) {
981 CKR_OK => {
982 unsafe {
983 signature.set_len(signatureLen as usize);
984 }
985 Ok(signature)
986 },
987 err => Err(Error::Pkcs11(err)),
988 }
989 },
990 err => Err(Error::Pkcs11(err)),
991 }
992 }
993
verify_init(&self, session: CK_SESSION_HANDLE, mechanism: &CK_MECHANISM, key: CK_OBJECT_HANDLE) -> Result<(), Error>994 pub fn verify_init(&self, session: CK_SESSION_HANDLE, mechanism: &CK_MECHANISM, key: CK_OBJECT_HANDLE) -> Result<(), Error> {
995 self.initialized()?;
996 let mut mechanism = *mechanism;
997 match (self.C_VerifyInit)(session, &mut mechanism, key) {
998 CKR_OK => Ok(()),
999 err => Err(Error::Pkcs11(err)),
1000 }
1001 }
1002
verify(&self, session: CK_SESSION_HANDLE, data: &[CK_BYTE], signature: &[CK_BYTE]) -> Result<(), Error>1003 pub fn verify(&self, session: CK_SESSION_HANDLE, data: &[CK_BYTE], signature: &[CK_BYTE]) -> Result<(), Error> {
1004 self.initialized()?;
1005 let mut data = data.to_vec();
1006 let mut signature = signature.to_vec();
1007 match (self.C_Verify)(session, data.as_mut_ptr(), data.len() as CK_ULONG, signature.as_mut_ptr(), signature.len() as CK_ULONG) {
1008 CKR_OK => Ok(()),
1009 err => Err(Error::Pkcs11(err)),
1010 }
1011 }
1012
verify_update(&self, session: CK_SESSION_HANDLE, part: &[CK_BYTE]) -> Result<(), Error>1013 pub fn verify_update(&self, session: CK_SESSION_HANDLE, part: &[CK_BYTE]) -> Result<(), Error> {
1014 self.initialized()?;
1015 let mut part = part.to_vec();
1016 match (self.C_VerifyUpdate)(session, part.as_mut_ptr(), part.len() as CK_ULONG) {
1017 CKR_OK => Ok(()),
1018 err => Err(Error::Pkcs11(err)),
1019 }
1020 }
1021
verify_final(&self, session: CK_SESSION_HANDLE, signature: &[CK_BYTE]) -> Result<(), Error>1022 pub fn verify_final(&self, session: CK_SESSION_HANDLE, signature: &[CK_BYTE]) -> Result<(), Error> {
1023 self.initialized()?;
1024 let mut signature = signature.to_vec();
1025 match (self.C_VerifyFinal)(session, signature.as_mut_ptr(), signature.len() as CK_ULONG) {
1026 CKR_OK => Ok(()),
1027 err => Err(Error::Pkcs11(err)),
1028 }
1029 }
1030
verify_recover_init(&self, session: CK_SESSION_HANDLE, mechanism: &CK_MECHANISM, key: CK_OBJECT_HANDLE) -> Result<(), Error>1031 pub fn verify_recover_init(&self, session: CK_SESSION_HANDLE, mechanism: &CK_MECHANISM, key: CK_OBJECT_HANDLE) -> Result<(), Error> {
1032 self.initialized()?;
1033 let mut mechanism = *mechanism;
1034 match (self.C_VerifyRecoverInit)(session, &mut mechanism, key) {
1035 CKR_OK => Ok(()),
1036 err => Err(Error::Pkcs11(err)),
1037 }
1038 }
1039
verify_recover(&self, session: CK_SESSION_HANDLE, signature: &[CK_BYTE]) -> Result<Vec<CK_BYTE>, Error>1040 pub fn verify_recover(&self, session: CK_SESSION_HANDLE, signature: &[CK_BYTE]) -> Result<Vec<CK_BYTE>, Error> {
1041 self.initialized()?;
1042 let mut signature = signature.to_vec();
1043 let mut dataLen: CK_ULONG = 0;
1044 match (self.C_VerifyRecover)(session, signature.as_mut_ptr(), signature.len() as CK_ULONG, ptr::null_mut(), &mut dataLen) {
1045 CKR_OK => {
1046 let mut data: Vec<CK_BYTE> = Vec::with_capacity(dataLen as usize);
1047 match (self.C_VerifyRecover)(session, signature.as_mut_ptr(), signature.len() as CK_ULONG, data.as_mut_ptr(), &mut dataLen) {
1048 CKR_OK => {
1049 unsafe {
1050 data.set_len(dataLen as usize);
1051 }
1052 Ok(data)
1053 },
1054 err => Err(Error::Pkcs11(err)),
1055 }
1056 },
1057 err => Err(Error::Pkcs11(err)),
1058 }
1059 }
1060
digest_encrypt_update(&self, session: CK_SESSION_HANDLE, part: &[CK_BYTE]) -> Result<Vec<CK_BYTE>, Error>1061 pub fn digest_encrypt_update(&self, session: CK_SESSION_HANDLE, part: &[CK_BYTE]) -> Result<Vec<CK_BYTE>, Error> {
1062 self.initialized()?;
1063 let mut part = part.to_vec();
1064 let mut encryptedPartLen: CK_ULONG = 0;
1065 match (self.C_DigestEncryptUpdate)(session, part.as_mut_ptr(), part.len() as CK_ULONG, ptr::null_mut(), &mut encryptedPartLen) {
1066 CKR_OK => {
1067 let mut encryptedPart: Vec<CK_BYTE> = Vec::with_capacity(encryptedPartLen as usize);
1068 match (self.C_DigestEncryptUpdate)(session, part.as_mut_ptr(), part.len() as CK_ULONG, encryptedPart.as_mut_ptr(), &mut encryptedPartLen) {
1069 CKR_OK => {
1070 unsafe {
1071 encryptedPart.set_len(encryptedPartLen as usize);
1072 }
1073 Ok(encryptedPart)
1074 },
1075 err => Err(Error::Pkcs11(err)),
1076 }
1077 },
1078 err => Err(Error::Pkcs11(err)),
1079 }
1080 }
1081
decrypt_digest_update(&self, session: CK_SESSION_HANDLE, encryptedPart: &[CK_BYTE]) -> Result<Vec<CK_BYTE>, Error>1082 pub fn decrypt_digest_update(&self, session: CK_SESSION_HANDLE, encryptedPart: &[CK_BYTE]) -> Result<Vec<CK_BYTE>, Error> {
1083 self.initialized()?;
1084 let mut encrypted_part = encryptedPart.to_vec();
1085 let mut partLen: CK_ULONG = 0;
1086 match (self.C_DecryptDigestUpdate)(session, encrypted_part.as_mut_ptr(), encrypted_part.len() as CK_ULONG, ptr::null_mut(), &mut partLen) {
1087 CKR_OK => {
1088 let mut part: Vec<CK_BYTE> = Vec::with_capacity(partLen as usize);
1089 match (self.C_DecryptDigestUpdate)(session, encrypted_part.as_mut_ptr(), encrypted_part.len() as CK_ULONG, part.as_mut_ptr(), &mut partLen) {
1090 CKR_OK => {
1091 unsafe {
1092 part.set_len(partLen as usize);
1093 }
1094 Ok(part)
1095 },
1096 err => Err(Error::Pkcs11(err)),
1097 }
1098 },
1099 err => Err(Error::Pkcs11(err)),
1100 }
1101 }
1102
sign_encrypt_update(&self, session: CK_SESSION_HANDLE, part: &[CK_BYTE]) -> Result<Vec<CK_BYTE>, Error>1103 pub fn sign_encrypt_update(&self, session: CK_SESSION_HANDLE, part: &[CK_BYTE]) -> Result<Vec<CK_BYTE>, Error> {
1104 self.initialized()?;
1105 let mut part = part.to_vec();
1106 let mut encryptedPartLen: CK_ULONG = 0;
1107 match (self.C_SignEncryptUpdate)(session, part.as_mut_ptr(), part.len() as CK_ULONG, ptr::null_mut(), &mut encryptedPartLen) {
1108 CKR_OK => {
1109 let mut encryptedPart: Vec<CK_BYTE> = Vec::with_capacity(encryptedPartLen as usize);
1110 match (self.C_SignEncryptUpdate)(session, part.as_mut_ptr(), part.len() as CK_ULONG, encryptedPart.as_mut_ptr(), &mut encryptedPartLen) {
1111 CKR_OK => {
1112 unsafe {
1113 encryptedPart.set_len(encryptedPartLen as usize);
1114 }
1115 Ok(encryptedPart)
1116 },
1117 err => Err(Error::Pkcs11(err)),
1118 }
1119 },
1120 err => Err(Error::Pkcs11(err)),
1121 }
1122 }
1123
decrypt_verify_update(&self, session: CK_SESSION_HANDLE, encryptedPart: Vec<CK_BYTE>) -> Result<Vec<CK_BYTE>, Error>1124 pub fn decrypt_verify_update(&self, session: CK_SESSION_HANDLE, encryptedPart: Vec<CK_BYTE>) -> Result<Vec<CK_BYTE>, Error> {
1125 self.initialized()?;
1126 let mut encrypted_part = encryptedPart;
1127 let mut partLen: CK_ULONG = 0;
1128 match (self.C_DecryptVerifyUpdate)(session, encrypted_part.as_mut_ptr(), encrypted_part.len() as CK_ULONG, ptr::null_mut(), &mut partLen) {
1129 CKR_OK => {
1130 let mut part: Vec<CK_BYTE> = Vec::with_capacity(partLen as usize);
1131 match (self.C_DecryptVerifyUpdate)(session, encrypted_part.as_mut_ptr(), encrypted_part.len() as CK_ULONG, part.as_mut_ptr(), &mut partLen) {
1132 CKR_OK => {
1133 unsafe {
1134 part.set_len(partLen as usize);
1135 }
1136 Ok(part)
1137 },
1138 err => Err(Error::Pkcs11(err)),
1139 }
1140 },
1141 err => Err(Error::Pkcs11(err)),
1142 }
1143 }
1144
generate_key(&self, session: CK_SESSION_HANDLE, mechanism: &CK_MECHANISM, template: &[CK_ATTRIBUTE]) -> Result<CK_OBJECT_HANDLE, Error>1145 pub fn generate_key(&self, session: CK_SESSION_HANDLE, mechanism: &CK_MECHANISM, template: &[CK_ATTRIBUTE]) -> Result<CK_OBJECT_HANDLE, Error> {
1146 self.initialized()?;
1147 let mut mechanism = *mechanism;
1148 let mut template = template.to_vec();
1149 let mut object: CK_OBJECT_HANDLE = CK_INVALID_HANDLE;
1150 match (self.C_GenerateKey)(session, &mut mechanism, template.as_mut_ptr(), template.len() as CK_ULONG, &mut object) {
1151 CKR_OK => Ok(object),
1152 err => Err(Error::Pkcs11(err)),
1153 }
1154 }
1155
generate_key_pair( &self, session: CK_SESSION_HANDLE, mechanism: &CK_MECHANISM, publicKeyTemplate: &[CK_ATTRIBUTE], privateKeyTemplate: &[CK_ATTRIBUTE], ) -> Result<(CK_OBJECT_HANDLE, CK_OBJECT_HANDLE), Error>1156 pub fn generate_key_pair(
1157 &self,
1158 session: CK_SESSION_HANDLE,
1159 mechanism: &CK_MECHANISM,
1160 publicKeyTemplate: &[CK_ATTRIBUTE],
1161 privateKeyTemplate: &[CK_ATTRIBUTE],
1162 ) -> Result<(CK_OBJECT_HANDLE, CK_OBJECT_HANDLE), Error> {
1163 self.initialized()?;
1164 let mut mechanism = *mechanism;
1165 let mut public_key_template = publicKeyTemplate.to_vec();
1166 let mut private_key_template = privateKeyTemplate.to_vec();
1167 let mut pubOh: CK_OBJECT_HANDLE = CK_INVALID_HANDLE;
1168 let mut privOh: CK_OBJECT_HANDLE = CK_INVALID_HANDLE;
1169 match (self.C_GenerateKeyPair)(
1170 session,
1171 &mut mechanism,
1172 public_key_template.as_mut_ptr(),
1173 public_key_template.len() as CK_ULONG,
1174 private_key_template.as_mut_ptr(),
1175 private_key_template.len() as CK_ULONG,
1176 &mut pubOh,
1177 &mut privOh,
1178 ) {
1179 CKR_OK => Ok((pubOh, privOh)),
1180 err => Err(Error::Pkcs11(err)),
1181 }
1182 }
1183
wrap_key(&self, session: CK_SESSION_HANDLE, mechanism: &CK_MECHANISM, wrappingKey: CK_OBJECT_HANDLE, key: CK_OBJECT_HANDLE) -> Result<Vec<CK_BYTE>, Error>1184 pub fn wrap_key(&self, session: CK_SESSION_HANDLE, mechanism: &CK_MECHANISM, wrappingKey: CK_OBJECT_HANDLE, key: CK_OBJECT_HANDLE) -> Result<Vec<CK_BYTE>, Error> {
1185 self.initialized()?;
1186 let mut mechanism = *mechanism;
1187 let mut length: CK_ULONG = 0;
1188 match (self.C_WrapKey)(session, &mut mechanism, wrappingKey, key, ptr::null_mut(), &mut length) {
1189 CKR_OK => if length > 0 {
1190 let mut out: Vec<CK_BYTE> = Vec::with_capacity(length as usize);
1191 match (self.C_WrapKey)(session, &mut mechanism, wrappingKey, key, out.as_mut_ptr(), &mut length) {
1192 CKR_OK => {
1193 unsafe {
1194 out.set_len(length as usize);
1195 }
1196 Ok(out)
1197 }
1198 err => Err(Error::Pkcs11(err)),
1199 }
1200 } else {
1201 Ok(vec![])
1202 },
1203 err => Err(Error::Pkcs11(err)),
1204 }
1205 }
1206
unwrap_key( &self, session: CK_SESSION_HANDLE, mechanism: &CK_MECHANISM, unwrappingKey: CK_OBJECT_HANDLE, wrappedKey: &[CK_BYTE], template: &[CK_ATTRIBUTE], ) -> Result<CK_OBJECT_HANDLE, Error>1207 pub fn unwrap_key(
1208 &self,
1209 session: CK_SESSION_HANDLE,
1210 mechanism: &CK_MECHANISM,
1211 unwrappingKey: CK_OBJECT_HANDLE,
1212 wrappedKey: &[CK_BYTE],
1213 template: &[CK_ATTRIBUTE],
1214 ) -> Result<CK_OBJECT_HANDLE, Error> {
1215 self.initialized()?;
1216 let mut mechanism= *mechanism;
1217 let mut wrapped_key = wrappedKey.to_vec();
1218 let mut template = template.to_vec();
1219 let mut oh: CK_OBJECT_HANDLE = CK_INVALID_HANDLE;
1220 match (self.C_UnwrapKey)(
1221 session,
1222 &mut mechanism,
1223 unwrappingKey,
1224 wrapped_key.as_mut_ptr(),
1225 wrapped_key.len() as CK_ULONG,
1226 template.as_mut_ptr(),
1227 template.len() as CK_ULONG,
1228 &mut oh
1229 ) {
1230 CKR_OK => Ok(oh),
1231 err => Err(Error::Pkcs11(err)),
1232 }
1233 }
1234
derive_key(&self, session: CK_SESSION_HANDLE, mechanism: &CK_MECHANISM, baseKey: CK_OBJECT_HANDLE, template: &[CK_ATTRIBUTE]) -> Result<CK_OBJECT_HANDLE, Error>1235 pub fn derive_key(&self, session: CK_SESSION_HANDLE, mechanism: &CK_MECHANISM, baseKey: CK_OBJECT_HANDLE, template: &[CK_ATTRIBUTE]) -> Result<CK_OBJECT_HANDLE, Error> {
1236 self.initialized()?;
1237 let mut mechanism = *mechanism;
1238 let mut template = template.to_vec();
1239 let mut oh: CK_OBJECT_HANDLE = CK_INVALID_HANDLE;
1240 match (self.C_DeriveKey)(session, &mut mechanism, baseKey, template.as_mut_ptr(), template.len() as CK_ULONG, &mut oh) {
1241 CKR_OK => Ok(oh),
1242 err => Err(Error::Pkcs11(err)),
1243 }
1244 }
1245
seed_random(&self, session: CK_SESSION_HANDLE, seed: &[CK_BYTE]) -> Result<(), Error>1246 pub fn seed_random(&self, session: CK_SESSION_HANDLE, seed: &[CK_BYTE]) -> Result<(), Error> {
1247 let mut seed = seed.to_vec();
1248 match (self.C_SeedRandom)(session, seed.as_mut_ptr(), seed.len() as CK_ULONG) {
1249 CKR_OK => Ok(()),
1250 err => Err(Error::Pkcs11(err)),
1251 }
1252 }
1253
generate_random(&self, session: CK_SESSION_HANDLE, randomLength: CK_ULONG) -> Result<Vec<CK_BYTE>, Error>1254 pub fn generate_random(&self, session: CK_SESSION_HANDLE, randomLength: CK_ULONG) -> Result<Vec<CK_BYTE>, Error> {
1255 let mut data: Vec<CK_BYTE> = Vec::with_capacity(randomLength as usize);
1256 match (self.C_GenerateRandom)(session, data.as_mut_ptr(), randomLength) {
1257 CKR_OK => {
1258 unsafe {
1259 data.set_len(randomLength as usize);
1260 }
1261 Ok(data)
1262 }
1263 err => Err(Error::Pkcs11(err)),
1264 }
1265 }
1266
get_function_status(&self, session: CK_SESSION_HANDLE) -> Result<CK_RV, Error>1267 pub fn get_function_status(&self, session: CK_SESSION_HANDLE) -> Result<CK_RV, Error> {
1268 match (self.C_GetFunctionStatus)(session) {
1269 CKR_OK => Ok(CKR_OK),
1270 CKR_FUNCTION_NOT_PARALLEL => Ok(CKR_FUNCTION_NOT_PARALLEL),
1271 err => Err(Error::Pkcs11(err)),
1272 }
1273 }
1274
cancel_function(&self, session: CK_SESSION_HANDLE) -> Result<CK_RV, Error>1275 pub fn cancel_function(&self, session: CK_SESSION_HANDLE) -> Result<CK_RV, Error> {
1276 match (self.C_CancelFunction)(session) {
1277 CKR_OK => Ok(CKR_OK),
1278 CKR_FUNCTION_NOT_PARALLEL => Ok(CKR_FUNCTION_NOT_PARALLEL),
1279 err => Err(Error::Pkcs11(err)),
1280 }
1281 }
1282
wait_for_slot_event(&self, flags: CK_FLAGS) -> Result<CK_SLOT_ID, Error>1283 pub fn wait_for_slot_event(&self, flags: CK_FLAGS) -> Result<CK_SLOT_ID, Error> {
1284 let mut slotID: CK_SLOT_ID = 0;
1285 let C_WaitForSlotEvent = self.C_WaitForSlotEvent.ok_or(Error::Module("C_WaitForSlotEvent function not found"))?;
1286 match C_WaitForSlotEvent(flags, &mut slotID, ptr::null_mut()) {
1287 CKR_OK => Ok(slotID),
1288 err => Err(Error::Pkcs11(err)),
1289 }
1290 }
1291 }
1292
1293 impl Drop for Ctx {
drop(&mut self)1294 fn drop(&mut self) {
1295 if self.is_initialized() {
1296 if let Err(err) = self.finalize() {
1297 println!("ERROR: {}", err);
1298 }
1299 }
1300 }
1301 }
1302