diff --git a/cryptoki-rustcrypto/src/ecdsa.rs b/cryptoki-rustcrypto/src/ecdsa.rs index a2b64a2..9f9e77e 100644 --- a/cryptoki-rustcrypto/src/ecdsa.rs +++ b/cryptoki-rustcrypto/src/ecdsa.rs @@ -1,7 +1,6 @@ use cryptoki::{ mechanism::Mechanism, object::{Attribute, AttributeType, KeyType, ObjectClass, ObjectHandle}, - session::Session, }; use der::{ asn1::{ObjectIdentifier, OctetStringRef}, @@ -25,6 +24,8 @@ use spki::{ use std::{convert::TryFrom, ops::Add}; use thiserror::Error; +use crate::SessionLike; + #[derive(Error, Debug)] pub enum Error { #[error("Cryptoki error: {0}")] @@ -47,19 +48,19 @@ impl SignAlgorithm for p256::NistP256 { } } -pub struct Signer { - session: Session, +pub struct Signer { + session: S, _public_key: ObjectHandle, private_key: ObjectHandle, verifying_key: VerifyingKey, } -impl Signer +impl Signer where FieldBytesSize: ModulusSize, AffinePoint: FromEncodedPoint + ToEncodedPoint, { - pub fn new(session: Session, label: &[u8]) -> Result { + pub fn new(session: S, label: &[u8]) -> Result { // First we'll lookup a private key with that label. let template = vec![ Attribute::Token(true), @@ -123,12 +124,12 @@ where }) } - pub fn into_session(self) -> Session { + pub fn into_session(self) -> S { self.session } } -impl AssociatedAlgorithmIdentifier for Signer +impl AssociatedAlgorithmIdentifier for Signer where C: AssociatedOid, { @@ -138,7 +139,7 @@ where PublicKey::::ALGORITHM_IDENTIFIER; } -impl signature::Keypair for Signer { +impl signature::Keypair for Signer { type VerifyingKey = VerifyingKey; fn verifying_key(&self) -> Self::VerifyingKey { @@ -146,7 +147,7 @@ impl signature::Keypair for Signer { } } -impl signature::Signer> for Signer +impl signature::Signer> for Signer where <::FieldBytesSize as Add>::Output: ArrayLength, { @@ -168,7 +169,7 @@ where } } -impl SignatureAlgorithmIdentifier for Signer +impl SignatureAlgorithmIdentifier for Signer where AffinePoint: FromEncodedPoint + ToEncodedPoint, FieldBytesSize: ModulusSize, diff --git a/cryptoki-rustcrypto/src/lib.rs b/cryptoki-rustcrypto/src/lib.rs index 3d02de0..ed6e4c0 100644 --- a/cryptoki-rustcrypto/src/lib.rs +++ b/cryptoki-rustcrypto/src/lib.rs @@ -1,2 +1,51 @@ +use cryptoki::{ + error::Result, + mechanism::Mechanism, + object::{Attribute, AttributeType, ObjectHandle}, + session::Session, +}; + pub mod ecdsa; pub mod rsa; + +pub trait SessionLike { + fn find_objects(&self, template: &[Attribute]) -> Result>; + fn get_attributes( + &self, + object: ObjectHandle, + attributes: &[AttributeType], + ) -> Result>; + fn sign(&self, mechanism: &Mechanism, key: ObjectHandle, data: &[u8]) -> Result>; +} + +impl SessionLike for Session { + fn find_objects(&self, template: &[Attribute]) -> Result> { + Session::find_objects(self, template) + } + fn get_attributes( + &self, + object: ObjectHandle, + attributes: &[AttributeType], + ) -> Result> { + Session::get_attributes(self, object, attributes) + } + fn sign(&self, mechanism: &Mechanism, key: ObjectHandle, data: &[u8]) -> Result> { + Session::sign(self, mechanism, key, data) + } +} + +impl<'s> SessionLike for &'s Session { + fn find_objects(&self, template: &[Attribute]) -> Result> { + Session::find_objects(self, template) + } + fn get_attributes( + &self, + object: ObjectHandle, + attributes: &[AttributeType], + ) -> Result> { + Session::get_attributes(self, object, attributes) + } + fn sign(&self, mechanism: &Mechanism, key: ObjectHandle, data: &[u8]) -> Result> { + Session::sign(self, mechanism, key, data) + } +} diff --git a/cryptoki-rustcrypto/src/rsa/pkcs1v15.rs b/cryptoki-rustcrypto/src/rsa/pkcs1v15.rs index da86980..54626b0 100644 --- a/cryptoki-rustcrypto/src/rsa/pkcs1v15.rs +++ b/cryptoki-rustcrypto/src/rsa/pkcs1v15.rs @@ -1,7 +1,4 @@ -use cryptoki::{ - object::{Attribute, AttributeType, KeyType, ObjectClass, ObjectHandle}, - session::Session, -}; +use cryptoki::object::{Attribute, AttributeType, KeyType, ObjectClass, ObjectHandle}; use der::AnyRef; use rsa::{ pkcs1, @@ -12,16 +9,17 @@ use spki::{AlgorithmIdentifierRef, AssociatedAlgorithmIdentifier, SignatureAlgor use std::convert::TryFrom; use super::{DigestSigning, Error}; +use crate::SessionLike; -pub struct Signer { - session: Session, +pub struct Signer { + session: S, _public_key: ObjectHandle, private_key: ObjectHandle, verifying_key: VerifyingKey, } -impl Signer { - pub fn new(session: Session, label: &[u8]) -> Result { +impl Signer { + pub fn new(session: S, label: &[u8]) -> Result { // First we'll lookup a private key with that label. let template = vec![ Attribute::Token(true), @@ -80,17 +78,17 @@ impl Signer { }) } - pub fn into_session(self) -> Session { + pub fn into_session(self) -> S { self.session } } -impl AssociatedAlgorithmIdentifier for Signer { +impl AssociatedAlgorithmIdentifier for Signer { type Params = AnyRef<'static>; const ALGORITHM_IDENTIFIER: AlgorithmIdentifierRef<'static> = pkcs1::ALGORITHM_ID; } -impl signature::Keypair for Signer { +impl signature::Keypair for Signer { type VerifyingKey = VerifyingKey; fn verifying_key(&self) -> Self::VerifyingKey { @@ -98,7 +96,7 @@ impl signature::Keypair for Signer { } } -impl signature::Signer for Signer { +impl signature::Signer for Signer { fn try_sign(&self, msg: &[u8]) -> Result { let bytes = self .session @@ -113,7 +111,7 @@ impl signature::Signer for Signer { } } -impl SignatureAlgorithmIdentifier for Signer { +impl SignatureAlgorithmIdentifier for Signer { type Params = AnyRef<'static>; const SIGNATURE_ALGORITHM_IDENTIFIER: AlgorithmIdentifierRef<'static> = diff --git a/cryptoki-rustcrypto/src/rsa/pss.rs b/cryptoki-rustcrypto/src/rsa/pss.rs index 1764a23..bf8ee0e 100644 --- a/cryptoki-rustcrypto/src/rsa/pss.rs +++ b/cryptoki-rustcrypto/src/rsa/pss.rs @@ -1,7 +1,4 @@ -use cryptoki::{ - object::{Attribute, AttributeType, KeyType, ObjectClass, ObjectHandle}, - session::Session, -}; +use cryptoki::object::{Attribute, AttributeType, KeyType, ObjectClass, ObjectHandle}; use der::{asn1::ObjectIdentifier, oid::AssociatedOid, Any, AnyRef}; use rsa::{ pkcs1::{self, RsaPssParams}, @@ -17,17 +14,18 @@ use spki::{ use std::convert::TryFrom; use super::{DigestSigning, Error}; +use crate::SessionLike; -pub struct Signer { - session: Session, +pub struct Signer { + session: S, _public_key: ObjectHandle, private_key: ObjectHandle, verifying_key: VerifyingKey, salt_len: usize, } -impl Signer { - pub fn new(session: Session, label: &[u8]) -> Result { +impl Signer { + pub fn new(session: S, label: &[u8]) -> Result { // First we'll lookup a private key with that label. let template = vec![ Attribute::Token(true), @@ -88,17 +86,17 @@ impl Signer { }) } - pub fn into_session(self) -> Session { + pub fn into_session(self) -> S { self.session } } -impl AssociatedAlgorithmIdentifier for Signer { +impl AssociatedAlgorithmIdentifier for Signer { type Params = AnyRef<'static>; const ALGORITHM_IDENTIFIER: AlgorithmIdentifierRef<'static> = pkcs1::ALGORITHM_ID; } -impl signature::Keypair for Signer { +impl signature::Keypair for Signer { type VerifyingKey = VerifyingKey; fn verifying_key(&self) -> Self::VerifyingKey { @@ -106,7 +104,7 @@ impl signature::Keypair for Signer { } } -impl signature::Signer for Signer { +impl signature::Signer for Signer { fn try_sign(&self, msg: &[u8]) -> Result { let bytes = self .session @@ -121,7 +119,7 @@ impl signature::Signer for Signer { } } -impl DynSignatureAlgorithmIdentifier for Signer { +impl DynSignatureAlgorithmIdentifier for Signer { fn signature_algorithm_identifier(&self) -> pkcs8::spki::Result { get_pss_signature_algo_id::(self.salt_len as u8) } diff --git a/cryptoki-rustcrypto/tests/ecdsa.rs b/cryptoki-rustcrypto/tests/ecdsa.rs index 8691ae6..d56592a 100644 --- a/cryptoki-rustcrypto/tests/ecdsa.rs +++ b/cryptoki-rustcrypto/tests/ecdsa.rs @@ -66,15 +66,13 @@ fn sign_verify() -> TestResult { let data = [0xFF, 0x55, 0xDD]; let signer = - ecdsa::Signer::::new(session, label).expect("Lookup keys from HSM"); + ecdsa::Signer::::new(&session, label).expect("Lookup keys from HSM"); let signature = signer.sign(&data); let verifying_key = signer.verifying_key(); verifying_key.verify(&data, &signature)?; - let session = signer.into_session(); - // delete keys session.destroy_object(public)?; session.destroy_object(private)?; diff --git a/cryptoki-rustcrypto/tests/rsa.rs b/cryptoki-rustcrypto/tests/rsa.rs index 4f56dbc..bcf90e3 100644 --- a/cryptoki-rustcrypto/tests/rsa.rs +++ b/cryptoki-rustcrypto/tests/rsa.rs @@ -49,15 +49,13 @@ fn pkcs1v15_sign_verify() -> TestResult { let data = [0xFF, 0x55, 0xDD]; let signer = - pkcs1v15::Signer::::new(session, label).expect("Lookup keys from HSM"); + pkcs1v15::Signer::::new(&session, label).expect("Lookup keys from HSM"); let signature = signer.sign(&data); let verifying_key = signer.verifying_key(); verifying_key.verify(&data, &signature)?; - let session = signer.into_session(); - // delete keys session.destroy_object(public)?; session.destroy_object(private)?; @@ -103,15 +101,14 @@ fn pss_sign_verify() -> TestResult { // data to sign let data = [0xFF, 0x55, 0xDD]; - let signer = pss::Signer::::new(session, label).expect("Lookup keys from HSM"); + let signer = + pss::Signer::::new(&session, label).expect("Lookup keys from HSM"); let signature = signer.sign(&data); let verifying_key = signer.verifying_key(); verifying_key.verify(&data, &signature)?; - let session = signer.into_session(); - // delete keys session.destroy_object(public)?; session.destroy_object(private)?; diff --git a/cryptoki-rustcrypto/tests/x509-ca.rs b/cryptoki-rustcrypto/tests/x509-ca.rs index a324bb2..002dd6b 100644 --- a/cryptoki-rustcrypto/tests/x509-ca.rs +++ b/cryptoki-rustcrypto/tests/x509-ca.rs @@ -54,7 +54,8 @@ fn pss_create_ca() -> TestResult { let (public, private) = session.generate_key_pair(&mechanism, &pub_key_template, &priv_key_template)?; - let signer = pss::Signer::::new(session, label).expect("Lookup keys from HSM"); + let signer = + pss::Signer::::new(&session, label).expect("Lookup keys from HSM"); let serial_number = SerialNumber::from(42u32); let validity = Validity::from_now(Duration::new(5, 0)).unwrap(); @@ -72,8 +73,6 @@ fn pss_create_ca() -> TestResult { let pem = certificate.to_pem(LineEnding::LF).expect("generate pem"); println!("{}", pem); - let session = signer.into_session(); - // delete keys session.destroy_object(public)?; session.destroy_object(private)?;