Skip to content

Commit

Permalink
use a session ref
Browse files Browse the repository at this point in the history 
Signed-off-by: Arthur Gautier <[email protected]>
  • Loading branch information
@baloo
baloo committed Nov 24, 2023
1 parent e2c80cc commit 87a8e77
Show file tree
Hide file tree
Showing 7 changed files with 88 additions and 48 deletions.
21 changes: 11 additions & 10 deletions cryptoki-rustcrypto/src/ecdsa.rs
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
use cryptoki::{
mechanism::Mechanism,
object::{Attribute, AttributeType, KeyType, ObjectClass, ObjectHandle},
session::Session,
};
use der::{
asn1::{ObjectIdentifier, OctetStringRef},
Expand All @@ -25,6 +24,8 @@ use spki::{
use std::{convert::TryFrom, ops::Add};
use thiserror::Error;

use crate::SessionLike;

#[derive(Error, Debug)]
pub enum Error {
#[error("Cryptoki error: {0}")]
Expand All @@ -47,19 +48,19 @@ impl SignAlgorithm for p256::NistP256 {
}
}

pub struct Signer<C: SignAlgorithm> {
session: Session,
pub struct Signer<C: SignAlgorithm, S: SessionLike> {
session: S,
_public_key: ObjectHandle,
private_key: ObjectHandle,
verifying_key: VerifyingKey<C>,
}

impl<C: SignAlgorithm> Signer<C>
impl<C: SignAlgorithm, S: SessionLike> Signer<C, S>
where
FieldBytesSize<C>: ModulusSize,
AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
{
pub fn new(session: Session, label: &[u8]) -> Result<Self, Error> {
pub fn new(session: S, label: &[u8]) -> Result<Self, Error> {
// First we'll lookup a private key with that label.
let template = vec![
Attribute::Token(true),
Expand Down Expand Up @@ -123,12 +124,12 @@ where
})
}

pub fn into_session(self) -> Session {
pub fn into_session(self) -> S {
self.session
}
}

impl<C: SignAlgorithm> AssociatedAlgorithmIdentifier for Signer<C>
impl<C: SignAlgorithm, S: SessionLike> AssociatedAlgorithmIdentifier for Signer<C, S>
where
C: AssociatedOid,
{
Expand All @@ -138,15 +139,15 @@ where
PublicKey::<C>::ALGORITHM_IDENTIFIER;
}

impl<C: SignAlgorithm> signature::Keypair for Signer<C> {
impl<C: SignAlgorithm, S: SessionLike> signature::Keypair for Signer<C, S> {
type VerifyingKey = VerifyingKey<C>;

fn verifying_key(&self) -> Self::VerifyingKey {
self.verifying_key.clone()
}
}

impl<C: SignAlgorithm> signature::Signer<Signature<C>> for Signer<C>
impl<C: SignAlgorithm, S: SessionLike> signature::Signer<Signature<C>> for Signer<C, S>
where
<<C as ecdsa::elliptic_curve::Curve>::FieldBytesSize as Add>::Output: ArrayLength<u8>,
{
Expand All @@ -168,7 +169,7 @@ where
}
}

impl<C: SignAlgorithm> SignatureAlgorithmIdentifier for Signer<C>
impl<C: SignAlgorithm, S: SessionLike> SignatureAlgorithmIdentifier for Signer<C, S>
where
AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
FieldBytesSize<C>: ModulusSize,
Expand Down
49 changes: 49 additions & 0 deletions cryptoki-rustcrypto/src/lib.rs
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,51 @@
use cryptoki::{
error::Result,
mechanism::Mechanism,
object::{Attribute, AttributeType, ObjectHandle},
session::Session,
};

pub mod ecdsa;
pub mod rsa;

pub trait SessionLike {
fn find_objects(&self, template: &[Attribute]) -> Result<Vec<ObjectHandle>>;
fn get_attributes(
&self,
object: ObjectHandle,
attributes: &[AttributeType],
) -> Result<Vec<Attribute>>;
fn sign(&self, mechanism: &Mechanism, key: ObjectHandle, data: &[u8]) -> Result<Vec<u8>>;
}

impl SessionLike for Session {
fn find_objects(&self, template: &[Attribute]) -> Result<Vec<ObjectHandle>> {
Session::find_objects(self, template)
}
fn get_attributes(
&self,
object: ObjectHandle,
attributes: &[AttributeType],
) -> Result<Vec<Attribute>> {
Session::get_attributes(self, object, attributes)
}
fn sign(&self, mechanism: &Mechanism, key: ObjectHandle, data: &[u8]) -> Result<Vec<u8>> {
Session::sign(self, mechanism, key, data)
}
}

impl<'s> SessionLike for &'s Session {
fn find_objects(&self, template: &[Attribute]) -> Result<Vec<ObjectHandle>> {
Session::find_objects(self, template)
}
fn get_attributes(
&self,
object: ObjectHandle,
attributes: &[AttributeType],
) -> Result<Vec<Attribute>> {
Session::get_attributes(self, object, attributes)
}
fn sign(&self, mechanism: &Mechanism, key: ObjectHandle, data: &[u8]) -> Result<Vec<u8>> {
Session::sign(self, mechanism, key, data)
}
}
24 changes: 11 additions & 13 deletions cryptoki-rustcrypto/src/rsa/pkcs1v15.rs
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,4 @@
use cryptoki::{
object::{Attribute, AttributeType, KeyType, ObjectClass, ObjectHandle},
session::Session,
};
use cryptoki::object::{Attribute, AttributeType, KeyType, ObjectClass, ObjectHandle};
use der::AnyRef;
use rsa::{
pkcs1,
Expand All @@ -12,16 +9,17 @@ use spki::{AlgorithmIdentifierRef, AssociatedAlgorithmIdentifier, SignatureAlgor
use std::convert::TryFrom;

use super::{DigestSigning, Error};
use crate::SessionLike;

pub struct Signer<D: DigestSigning> {
session: Session,
pub struct Signer<D: DigestSigning, S: SessionLike> {
session: S,
_public_key: ObjectHandle,
private_key: ObjectHandle,
verifying_key: VerifyingKey<D>,
}

impl<D: DigestSigning> Signer<D> {
pub fn new(session: Session, label: &[u8]) -> Result<Self, Error> {
impl<D: DigestSigning, S: SessionLike> Signer<D, S> {
pub fn new(session: S, label: &[u8]) -> Result<Self, Error> {
// First we'll lookup a private key with that label.
let template = vec![
Attribute::Token(true),
Expand Down Expand Up @@ -80,25 +78,25 @@ impl<D: DigestSigning> Signer<D> {
})
}

pub fn into_session(self) -> Session {
pub fn into_session(self) -> S {
self.session
}
}

impl<D: DigestSigning> AssociatedAlgorithmIdentifier for Signer<D> {
impl<D: DigestSigning, S: SessionLike> AssociatedAlgorithmIdentifier for Signer<D, S> {
type Params = AnyRef<'static>;
const ALGORITHM_IDENTIFIER: AlgorithmIdentifierRef<'static> = pkcs1::ALGORITHM_ID;
}

impl<D: DigestSigning> signature::Keypair for Signer<D> {
impl<D: DigestSigning, S: SessionLike> signature::Keypair for Signer<D, S> {
type VerifyingKey = VerifyingKey<D>;

fn verifying_key(&self) -> Self::VerifyingKey {
self.verifying_key.clone()
}
}

impl<D: DigestSigning> signature::Signer<Signature> for Signer<D> {
impl<D: DigestSigning, S: SessionLike> signature::Signer<Signature> for Signer<D, S> {
fn try_sign(&self, msg: &[u8]) -> Result<Signature, signature::Error> {
let bytes = self
.session
Expand All @@ -113,7 +111,7 @@ impl<D: DigestSigning> signature::Signer<Signature> for Signer<D> {
}
}

impl<D: DigestSigning> SignatureAlgorithmIdentifier for Signer<D> {
impl<D: DigestSigning, S: SessionLike> SignatureAlgorithmIdentifier for Signer<D, S> {
type Params = AnyRef<'static>;

const SIGNATURE_ALGORITHM_IDENTIFIER: AlgorithmIdentifierRef<'static> =
Expand Down
24 changes: 11 additions & 13 deletions cryptoki-rustcrypto/src/rsa/pss.rs
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,4 @@
use cryptoki::{
object::{Attribute, AttributeType, KeyType, ObjectClass, ObjectHandle},
session::Session,
};
use cryptoki::object::{Attribute, AttributeType, KeyType, ObjectClass, ObjectHandle};
use der::{asn1::ObjectIdentifier, oid::AssociatedOid, Any, AnyRef};
use rsa::{
pkcs1::{self, RsaPssParams},
Expand All @@ -17,17 +14,18 @@ use spki::{
use std::convert::TryFrom;

use super::{DigestSigning, Error};
use crate::SessionLike;

pub struct Signer<D: DigestSigning> {
session: Session,
pub struct Signer<D: DigestSigning, S: SessionLike> {
session: S,
_public_key: ObjectHandle,
private_key: ObjectHandle,
verifying_key: VerifyingKey<D>,
salt_len: usize,
}

impl<D: DigestSigning> Signer<D> {
pub fn new(session: Session, label: &[u8]) -> Result<Self, Error> {
impl<D: DigestSigning, S: SessionLike> Signer<D, S> {
pub fn new(session: S, label: &[u8]) -> Result<Self, Error> {
// First we'll lookup a private key with that label.
let template = vec![
Attribute::Token(true),
Expand Down Expand Up @@ -88,25 +86,25 @@ impl<D: DigestSigning> Signer<D> {
})
}

pub fn into_session(self) -> Session {
pub fn into_session(self) -> S {
self.session
}
}

impl<D: DigestSigning> AssociatedAlgorithmIdentifier for Signer<D> {
impl<D: DigestSigning, S: SessionLike> AssociatedAlgorithmIdentifier for Signer<D, S> {
type Params = AnyRef<'static>;
const ALGORITHM_IDENTIFIER: AlgorithmIdentifierRef<'static> = pkcs1::ALGORITHM_ID;
}

impl<D: DigestSigning> signature::Keypair for Signer<D> {
impl<D: DigestSigning, S: SessionLike> signature::Keypair for Signer<D, S> {
type VerifyingKey = VerifyingKey<D>;

fn verifying_key(&self) -> Self::VerifyingKey {
self.verifying_key.clone()
}
}

impl<D: DigestSigning> signature::Signer<Signature> for Signer<D> {
impl<D: DigestSigning, S: SessionLike> signature::Signer<Signature> for Signer<D, S> {
fn try_sign(&self, msg: &[u8]) -> Result<Signature, signature::Error> {
let bytes = self
.session
Expand All @@ -121,7 +119,7 @@ impl<D: DigestSigning> signature::Signer<Signature> for Signer<D> {
}
}

impl<D: DigestSigning> DynSignatureAlgorithmIdentifier for Signer<D> {
impl<D: DigestSigning, S: SessionLike> DynSignatureAlgorithmIdentifier for Signer<D, S> {
fn signature_algorithm_identifier(&self) -> pkcs8::spki::Result<AlgorithmIdentifierOwned> {
get_pss_signature_algo_id::<D>(self.salt_len as u8)
}
Expand Down
4 changes: 1 addition & 3 deletions cryptoki-rustcrypto/tests/ecdsa.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,15 +66,13 @@ fn sign_verify() -> TestResult {
let data = [0xFF, 0x55, 0xDD];

let signer =
ecdsa::Signer::<p256::NistP256>::new(session, label).expect("Lookup keys from HSM");
ecdsa::Signer::<p256::NistP256, _>::new(&session, label).expect("Lookup keys from HSM");

let signature = signer.sign(&data);

let verifying_key = signer.verifying_key();
verifying_key.verify(&data, &signature)?;

let session = signer.into_session();

// delete keys
session.destroy_object(public)?;
session.destroy_object(private)?;
Expand Down
9 changes: 3 additions & 6 deletions cryptoki-rustcrypto/tests/rsa.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,15 +49,13 @@ fn pkcs1v15_sign_verify() -> TestResult {
let data = [0xFF, 0x55, 0xDD];

let signer =
pkcs1v15::Signer::<sha2::Sha256>::new(session, label).expect("Lookup keys from HSM");
pkcs1v15::Signer::<sha2::Sha256, _>::new(&session, label).expect("Lookup keys from HSM");

let signature = signer.sign(&data);

let verifying_key = signer.verifying_key();
verifying_key.verify(&data, &signature)?;

let session = signer.into_session();

// delete keys
session.destroy_object(public)?;
session.destroy_object(private)?;
Expand Down Expand Up @@ -103,15 +101,14 @@ fn pss_sign_verify() -> TestResult {
// data to sign
let data = [0xFF, 0x55, 0xDD];

let signer = pss::Signer::<sha2::Sha256>::new(session, label).expect("Lookup keys from HSM");
let signer =
pss::Signer::<sha2::Sha256, _>::new(&session, label).expect("Lookup keys from HSM");

let signature = signer.sign(&data);

let verifying_key = signer.verifying_key();
verifying_key.verify(&data, &signature)?;

let session = signer.into_session();

// delete keys
session.destroy_object(public)?;
session.destroy_object(private)?;
Expand Down
5 changes: 2 additions & 3 deletions cryptoki-rustcrypto/tests/x509-ca.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,8 @@ fn pss_create_ca() -> TestResult {
let (public, private) =
session.generate_key_pair(&mechanism, &pub_key_template, &priv_key_template)?;

let signer = pss::Signer::<sha2::Sha256>::new(session, label).expect("Lookup keys from HSM");
let signer =
pss::Signer::<sha2::Sha256, _>::new(&session, label).expect("Lookup keys from HSM");

let serial_number = SerialNumber::from(42u32);
let validity = Validity::from_now(Duration::new(5, 0)).unwrap();
Expand All @@ -72,8 +73,6 @@ fn pss_create_ca() -> TestResult {
let pem = certificate.to_pem(LineEnding::LF).expect("generate pem");
println!("{}", pem);

let session = signer.into_session();

// delete keys
session.destroy_object(public)?;
session.destroy_object(private)?;
Expand Down

0 comments on commit 87a8e77

Please sign in to comment.