From 65afc19302adc3524598664fd0c0ebabd73a6b13 Mon Sep 17 00:00:00 2001 From: Michael J Boquard Date: Wed, 22 Sep 2021 20:40:35 -0400 Subject: [PATCH 1/3] Updates for getting attribute info - Updated comment for `get_attribute_info` - Added `get_attribute_info_map` - Added `get_single_attribute_info` - Added `Hash` derivation for `AttributeType` Signed-off-by: Michael J Boquard --- cryptoki/src/functions/object_management.rs | 141 ++++++++++++++++++++ cryptoki/src/types/object.rs | 2 +- cryptoki/tests/basic.rs | 100 +++++++++++++- 3 files changed, 241 insertions(+), 2 deletions(-) diff --git a/cryptoki/src/functions/object_management.rs b/cryptoki/src/functions/object_management.rs index e9c315ca..90c597b2 100644 --- a/cryptoki/src/functions/object_management.rs +++ b/cryptoki/src/functions/object_management.rs @@ -8,6 +8,7 @@ use crate::types::object::{Attribute, AttributeInfo, AttributeType, ObjectHandle use crate::types::session::Session; use crate::Result; use cryptoki_sys::*; +use std::collections::HashMap; use std::convert::TryInto; // Search 10 elements at a time @@ -97,6 +98,66 @@ impl<'a> Session<'a> { } /// Get the attribute info of an object: if the attribute is present and its size. + /// + /// # Arguments + /// + /// * `object` - The [ObjectHandle] used to reference the object + /// * `attributes` - The list of attributes to get the information of + /// + /// # Returns + /// + /// This function will return a Vector of [AttributeInfo] enums that will either contain + /// the size of the requested attribute or [AttributeInfo::Unavailable] if the attribute is + /// not available to be read from `object`. + /// + /// _Note: An attribute returning [AttributeInfo::Unavailable] may mean that the attribute is + /// either sensitive or not a valid type for `object`. This function does not distinguish + /// between those two errors._ + /// + /// The list of returned attributes is 1-to-1 matched with the provided vector of attribute + /// types. If you wish, you may create a hash table simply by: + /// + /// ```rust + /// use cryptoki::Pkcs11; + /// use cryptoki::types::locking::CInitializeArgs; + /// use cryptoki::types::object::AttributeType; + /// use cryptoki::types::session::UserType; + /// use cryptoki::types::SessionFlags; + /// use std::collections::HashMap; + /// use std::env; + /// + /// let pkcs11 = Pkcs11::new( + /// env::var("PKCS11_SOFTHSM2_MODULE") + /// .unwrap_or_else(|_| "/usr/local/lib/softhsm/libsofthsm2.so".to_string()), + /// ) + /// .unwrap(); + /// + /// pkcs11.initialize(CInitializeArgs::OsThreads).unwrap(); + /// let slot = pkcs11.get_slots_with_token().unwrap().remove(0); + /// let mut flags = SessionFlags::new(); + /// let _ = flags.set_rw_session(true).set_serial_session(true); + /// + /// pkcs11.set_pin(slot, "1234").unwrap(); + /// let session = pkcs11.open_session_no_callback(slot, flags).unwrap(); + /// session.login(UserType::User); + /// + /// let empty_attrib= vec![]; + /// if let Some(object) = session.find_objects(&empty_attrib).unwrap().get(0) { + /// let attribute_types = vec![ + /// AttributeType::Token, + /// AttributeType::Private, + /// AttributeType::Modulus, + /// AttributeType::KeyType, + /// AttributeType::Verify,]; + /// + /// let attribute_info = session.get_attribute_info(*object, &attribute_types).unwrap(); + /// + /// let hash = attribute_types + /// .iter() + /// .zip(attribute_info.iter()) + /// .collect::>(); + /// } + /// ``` pub fn get_attribute_info( &self, object: ObjectHandle, @@ -132,6 +193,86 @@ impl<'a> Session<'a> { } } + /// Get the attribute info of an object: if the attribute is present and its size. + /// + /// # Arguments + /// + /// * `object` - The [ObjectHandle] used to reference the object + /// * `attributes` - The list of attributes to get the information of + /// + /// # Returns + /// + /// This function will return a HashMap of [AttributeType] and [AttributeInfo] enums that will + /// either contain the size of the requested attribute or [AttributeInfo::Unavailable] if the + /// attribute is not available to be read from `object`. + /// + /// _Note: An attribute returning [AttributeInfo::Unavailable] may mean that the attribute is + /// either sensitive or not a valid type for `object`. This function does not distinguish + /// between those two errors._ + pub fn get_attribute_info_map( + &self, + object: ObjectHandle, + attributes: Vec, + ) -> Result> { + let attrib_info = self.get_attribute_info(object, attributes.as_slice())?; + + Ok(attributes + .iter() + .cloned() + .zip(attrib_info.iter().cloned()) + .collect::>()) + } + + /// Returns information about a single attributes + /// + /// # Arguments + /// + /// * `object` - The [ObjectHandle] to get the attribute from + /// * `attribute_type` - The attribute to get + /// + /// # Returns + /// + /// A tuple containing the return code from `C_GetAttributeInfo` and the [AttributeInfo] for + /// the requested attribute. + /// + /// The return code may be [Rv::Ok] or an `Rv::Error` containing either + /// [RvError::AttributeTypeInvalid] (if the attribute is not a valid attribute for the object), + /// or a [RvError::AttributeSensitive] (if the attribute is a sensitive attribute for an + /// object marked as sensitive, e.g. the private exponent of an RSA key) + pub fn get_single_attribute_info( + &self, + object: ObjectHandle, + attribute_type: AttributeType, + ) -> Result<(Rv, AttributeInfo)> { + let mut template: Vec = vec![CK_ATTRIBUTE { + type_: attribute_type.into(), + pValue: std::ptr::null_mut(), + ulValueLen: 0, + }]; + + let rv = unsafe { + Rv::from(get_pkcs11!(self.client(), C_GetAttributeValue)( + self.handle(), + object.handle(), + template.as_mut_ptr(), + template.len().try_into()?, + )) + }; + + match rv { + Rv::Ok + | Rv::Error(RvError::AttributeSensitive) + | Rv::Error(RvError::AttributeTypeInvalid) => Ok(( + rv, + match template[0].ulValueLen { + CK_UNAVAILABLE_INFORMATION => AttributeInfo::Unavailable, + len => AttributeInfo::Available(len.try_into()?), + }, + )), + Rv::Error(rv_error) => Err(rv_error.into()), + } + } + /// Get the attributes values of an object. /// Ignore the unavailable one. One has to call the get_attribute_info method to check which /// ones are unavailable. diff --git a/cryptoki/src/types/object.rs b/cryptoki/src/types/object.rs index 112a885c..0885b689 100644 --- a/cryptoki/src/types/object.rs +++ b/cryptoki/src/types/object.rs @@ -13,7 +13,7 @@ use std::ffi::c_void; use std::fmt::Formatter; use std::ops::Deref; -#[derive(Debug, Copy, Clone, Ord, PartialOrd, Eq, PartialEq)] +#[derive(Debug, Copy, Clone, Ord, PartialOrd, Eq, PartialEq, Hash)] #[non_exhaustive] /// Type of an attribute pub enum AttributeType { diff --git a/cryptoki/tests/basic.rs b/cryptoki/tests/basic.rs index 0495fdcd..4ddfcd63 100644 --- a/cryptoki/tests/basic.rs +++ b/cryptoki/tests/basic.rs @@ -3,12 +3,13 @@ mod common; use common::init_pins; -use cryptoki::types::function::RvError; +use cryptoki::types::function::{Rv, RvError}; use cryptoki::types::mechanism::Mechanism; use cryptoki::types::object::{Attribute, AttributeInfo, AttributeType, KeyType, ObjectClass}; use cryptoki::types::session::{SessionState, UserType}; use cryptoki::types::SessionFlags; use serial_test::serial; +use std::collections::HashMap; use std::error::Error; use std::sync::Arc; use std::thread; @@ -539,3 +540,100 @@ fn generate_random_test() -> Result<()> { assert!(!random_vec.iter().all(|&x| x == 0)); Ok(()) } + +#[test] +#[serial] +fn get_attribute_info_test() -> Result<()> { + let (pkcs11, slot) = init_pins(); + + let mut flags = SessionFlags::new(); + let _ = flags.set_rw_session(true).set_serial_session(true); + + // open a session + let session = pkcs11.open_session_no_callback(slot, flags)?; + + // log in the session + session.login(UserType::User)?; + + // get mechanism + let mechanism = Mechanism::RsaPkcsKeyPairGen; + + let public_exponent: Vec = vec![0x01, 0x00, 0x01]; + let modulus_bits = 2048; + + // pub key template + let pub_key_template = vec![ + Attribute::Token(false.into()), + Attribute::Private(false.into()), + Attribute::PublicExponent(public_exponent), + Attribute::ModulusBits(modulus_bits.into()), + ]; + + // priv key template + let priv_key_template = vec![ + Attribute::Token(false.into()), + Attribute::Sensitive(true.into()), + Attribute::Extractable(false.into()), + ]; + + // generate a key pair + let (public, private) = + session.generate_key_pair(&mechanism, &pub_key_template, &priv_key_template)?; + + let pub_attribs = vec![AttributeType::PublicExponent, AttributeType::Modulus]; + + let attrib_info = session.get_attribute_info(public, &pub_attribs)?; + let hash = pub_attribs + .iter() + .zip(attrib_info.iter()) + .collect::>(); + + if let AttributeInfo::Available(size) = hash[&AttributeType::Modulus] { + assert_eq!(*size, 2048 / 8); + } else { + panic!("Modulus should not return Unavailable for an RSA public key"); + } + + if let AttributeInfo::Unavailable = hash[&AttributeType::PublicExponent] { + panic!("Public Exponent should not return Unavailable for an RSA public key"); + } + + let (rv, attrib_info) = + session.get_single_attribute_info(private, AttributeType::PrivateExponent)?; + + if let Rv::Error(rv_err) = rv { + assert_eq!(rv_err, RvError::AttributeSensitive); + if let AttributeInfo::Available(_) = attrib_info { + panic!("PrivateExponent on a sensitive, private RSA key should return Unavailable"); + } + } else { + panic!("PrivateExponent should return an error on a sensitive, private RSA key"); + } + + let attrib_info = session.get_attribute_info(private, &pub_attribs)?; + let hash = pub_attribs + .iter() + .zip(attrib_info.iter()) + .collect::>(); + + if let AttributeInfo::Available(size) = hash[&AttributeType::Modulus] { + assert_eq!(*size, 2048 / 8); + } else { + panic!("Modulus should not return Unavailable on an RSA private key"); + } + if let AttributeInfo::Unavailable = hash[&AttributeType::PublicExponent] { + panic!("PublicExponent should not return Unavailable on an RSA private key"); + } + + let hash = session.get_attribute_info_map(private, pub_attribs)?; + if let AttributeInfo::Available(size) = hash[&AttributeType::Modulus] { + assert_eq!(size, 2048 / 8); + } else { + panic!("Modulus should not return Unavailable on an RSA private key"); + } + if let AttributeInfo::Unavailable = hash[&AttributeType::PublicExponent] { + panic!("PublicExponent should not return Unavailable on an RSA private key"); + } + + Ok(()) +} From 89e015c9c2947a93a7a8a8eccf856a405f6d8457 Mon Sep 17 00:00:00 2001 From: Michael J Boquard Date: Fri, 24 Sep 2021 16:23:04 -0400 Subject: [PATCH 2/3] Updates for PR - Updated `AttributeInfo` to include `Sensitive` and `TypeInvalid` variants - Removed `Unavailable` variant from `AttributeInfo` - Updated `get_attribute_info` to step through each attribute - Removed `get_single_attribute_info` Signed-off-by: Michael J Boquard --- cryptoki/src/functions/object_management.rs | 108 +++++--------------- cryptoki/src/types/object.rs | 6 +- cryptoki/tests/basic.rs | 48 +++++---- 3 files changed, 58 insertions(+), 104 deletions(-) diff --git a/cryptoki/src/functions/object_management.rs b/cryptoki/src/functions/object_management.rs index 90c597b2..244f3751 100644 --- a/cryptoki/src/functions/object_management.rs +++ b/cryptoki/src/functions/object_management.rs @@ -107,12 +107,10 @@ impl<'a> Session<'a> { /// # Returns /// /// This function will return a Vector of [AttributeInfo] enums that will either contain - /// the size of the requested attribute or [AttributeInfo::Unavailable] if the attribute is - /// not available to be read from `object`. - /// - /// _Note: An attribute returning [AttributeInfo::Unavailable] may mean that the attribute is - /// either sensitive or not a valid type for `object`. This function does not distinguish - /// between those two errors._ + /// the size of the requested attribute, [AttributeInfo::Empty] if the attribute is + /// empty, [AttributeInfo::TypeInvalid] if the attribute is not a valid type for the object, + /// or [AttributeInfo::Sensitive] if the requested attribute is sensitive and will not be + /// returned to the user. /// /// The list of returned attributes is 1-to-1 matched with the provided vector of attribute /// types. If you wish, you may create a hash table simply by: @@ -163,34 +161,34 @@ impl<'a> Session<'a> { object: ObjectHandle, attributes: &[AttributeType], ) -> Result> { - let mut template: Vec = attributes - .iter() - .map(|attr_type| CK_ATTRIBUTE { - type_: (*attr_type).into(), + let mut results = Vec::new(); + + for attrib in attributes.iter() { + let mut template: Vec = vec![CK_ATTRIBUTE { + type_: (*attrib).into(), pValue: std::ptr::null_mut(), ulValueLen: 0, - }) - .collect(); + }]; - match unsafe { - Rv::from(get_pkcs11!(self.client(), C_GetAttributeValue)( - self.handle(), - object.handle(), - template.as_mut_ptr(), - template.len().try_into()?, - )) - } { - Rv::Ok - | Rv::Error(RvError::AttributeSensitive) - | Rv::Error(RvError::AttributeTypeInvalid) => Ok(template - .iter() - .map(|attr| match attr.ulValueLen { - CK_UNAVAILABLE_INFORMATION => Ok(AttributeInfo::Unavailable), - len => Ok(AttributeInfo::Available(len.try_into()?)), - }) - .collect::>>()?), - Rv::Error(rv_error) => Err(rv_error.into()), + match unsafe { + Rv::from(get_pkcs11!(self.client(), C_GetAttributeValue)( + self.handle(), + object.handle(), + template.as_mut_ptr(), + template.len().try_into()?, + )) + } { + Rv::Ok => { + results.push(AttributeInfo::Available(template[0].ulValueLen.try_into()?)) + } + Rv::Error(RvError::AttributeSensitive) => results.push(AttributeInfo::Sensitive), + Rv::Error(RvError::AttributeTypeInvalid) => { + results.push(AttributeInfo::TypeInvalid) + } + rv => rv.into_result()?, + } } + Ok(results) } /// Get the attribute info of an object: if the attribute is present and its size. @@ -223,56 +221,6 @@ impl<'a> Session<'a> { .collect::>()) } - /// Returns information about a single attributes - /// - /// # Arguments - /// - /// * `object` - The [ObjectHandle] to get the attribute from - /// * `attribute_type` - The attribute to get - /// - /// # Returns - /// - /// A tuple containing the return code from `C_GetAttributeInfo` and the [AttributeInfo] for - /// the requested attribute. - /// - /// The return code may be [Rv::Ok] or an `Rv::Error` containing either - /// [RvError::AttributeTypeInvalid] (if the attribute is not a valid attribute for the object), - /// or a [RvError::AttributeSensitive] (if the attribute is a sensitive attribute for an - /// object marked as sensitive, e.g. the private exponent of an RSA key) - pub fn get_single_attribute_info( - &self, - object: ObjectHandle, - attribute_type: AttributeType, - ) -> Result<(Rv, AttributeInfo)> { - let mut template: Vec = vec![CK_ATTRIBUTE { - type_: attribute_type.into(), - pValue: std::ptr::null_mut(), - ulValueLen: 0, - }]; - - let rv = unsafe { - Rv::from(get_pkcs11!(self.client(), C_GetAttributeValue)( - self.handle(), - object.handle(), - template.as_mut_ptr(), - template.len().try_into()?, - )) - }; - - match rv { - Rv::Ok - | Rv::Error(RvError::AttributeSensitive) - | Rv::Error(RvError::AttributeTypeInvalid) => Ok(( - rv, - match template[0].ulValueLen { - CK_UNAVAILABLE_INFORMATION => AttributeInfo::Unavailable, - len => AttributeInfo::Available(len.try_into()?), - }, - )), - Rv::Error(rv_error) => Err(rv_error.into()), - } - } - /// Get the attributes values of an object. /// Ignore the unavailable one. One has to call the get_attribute_info method to check which /// ones are unavailable. diff --git a/cryptoki/src/types/object.rs b/cryptoki/src/types/object.rs index 0885b689..e9eeacbb 100644 --- a/cryptoki/src/types/object.rs +++ b/cryptoki/src/types/object.rs @@ -1286,8 +1286,10 @@ impl TryFrom for KeyType { #[derive(Debug, Copy, Clone)] /// Information about the attribute of an object pub enum AttributeInfo { - /// The attribute is not defined for the object - Unavailable, + /// The requested attribute is not a valid attribute for the object + TypeInvalid, + /// The value of the attribute is sensitive and will not be returned + Sensitive, /// The attribute is available to get from the object and has the specified size in bytes. Available(usize), } diff --git a/cryptoki/tests/basic.rs b/cryptoki/tests/basic.rs index 4ddfcd63..a0c1139d 100644 --- a/cryptoki/tests/basic.rs +++ b/cryptoki/tests/basic.rs @@ -10,7 +10,6 @@ use cryptoki::types::session::{SessionState, UserType}; use cryptoki::types::SessionFlags; use serial_test::serial; use std::collections::HashMap; -use std::error::Error; use std::sync::Arc; use std::thread; @@ -581,6 +580,8 @@ fn get_attribute_info_test() -> Result<()> { session.generate_key_pair(&mechanism, &pub_key_template, &priv_key_template)?; let pub_attribs = vec![AttributeType::PublicExponent, AttributeType::Modulus]; + let mut priv_attribs = pub_attribs.clone(); + priv_attribs.push(AttributeType::PrivateExponent); let attrib_info = session.get_attribute_info(public, &pub_attribs)?; let hash = pub_attribs @@ -594,24 +595,13 @@ fn get_attribute_info_test() -> Result<()> { panic!("Modulus should not return Unavailable for an RSA public key"); } - if let AttributeInfo::Unavailable = hash[&AttributeType::PublicExponent] { - panic!("Public Exponent should not return Unavailable for an RSA public key"); + match hash[&AttributeType::PublicExponent] { + AttributeInfo::Available(_) => {} + _ => panic!("Public Exponent should not return Unavailable for an RSA public key"), } - let (rv, attrib_info) = - session.get_single_attribute_info(private, AttributeType::PrivateExponent)?; - - if let Rv::Error(rv_err) = rv { - assert_eq!(rv_err, RvError::AttributeSensitive); - if let AttributeInfo::Available(_) = attrib_info { - panic!("PrivateExponent on a sensitive, private RSA key should return Unavailable"); - } - } else { - panic!("PrivateExponent should return an error on a sensitive, private RSA key"); - } - - let attrib_info = session.get_attribute_info(private, &pub_attribs)?; - let hash = pub_attribs + let attrib_info = session.get_attribute_info(private, &priv_attribs)?; + let hash = priv_attribs .iter() .zip(attrib_info.iter()) .collect::>(); @@ -621,18 +611,32 @@ fn get_attribute_info_test() -> Result<()> { } else { panic!("Modulus should not return Unavailable on an RSA private key"); } - if let AttributeInfo::Unavailable = hash[&AttributeType::PublicExponent] { - panic!("PublicExponent should not return Unavailable on an RSA private key"); + + match hash[&AttributeType::PublicExponent] { + AttributeInfo::Available(_) => {} + _ => panic!("PublicExponent should not return Unavailable on an RSA private key"), + } + + match hash[&AttributeType::PrivateExponent] { + AttributeInfo::Sensitive => {} + _ => panic!("Private Exponent of RSA private key should be sensitive"), } - let hash = session.get_attribute_info_map(private, pub_attribs)?; + let hash = session.get_attribute_info_map(private, priv_attribs)?; if let AttributeInfo::Available(size) = hash[&AttributeType::Modulus] { assert_eq!(size, 2048 / 8); } else { panic!("Modulus should not return Unavailable on an RSA private key"); } - if let AttributeInfo::Unavailable = hash[&AttributeType::PublicExponent] { - panic!("PublicExponent should not return Unavailable on an RSA private key"); + + match hash[&AttributeType::PublicExponent] { + AttributeInfo::Available(_) => {} + _ => panic!("Public Exponent should not return Unavailable for an RSA private key"), + } + + match hash[&AttributeType::PrivateExponent] { + AttributeInfo::Sensitive => {} + _ => panic!("Private Exponent of RSA private key should be sensitive"), } Ok(()) From 823f5524f3d412f5a02f727e15bce40bf7cf8ede Mon Sep 17 00:00:00 2001 From: Michael J Boquard Date: Mon, 27 Sep 2021 11:41:49 -0400 Subject: [PATCH 3/3] Updates for PR - Updated function comments - Fixed some warnings generated by the docs Signed-off-by: Michael J Boquard --- cryptoki/src/functions/object_management.rs | 18 ++++++++---------- cryptoki/src/types/function.rs | 2 +- cryptoki/src/types/mechanism/mod.rs | 4 ++-- cryptoki/src/types/object.rs | 2 +- cryptoki/tests/basic.rs | 2 +- 5 files changed, 13 insertions(+), 15 deletions(-) diff --git a/cryptoki/src/functions/object_management.rs b/cryptoki/src/functions/object_management.rs index 244f3751..16955167 100644 --- a/cryptoki/src/functions/object_management.rs +++ b/cryptoki/src/functions/object_management.rs @@ -107,10 +107,9 @@ impl<'a> Session<'a> { /// # Returns /// /// This function will return a Vector of [AttributeInfo] enums that will either contain - /// the size of the requested attribute, [AttributeInfo::Empty] if the attribute is - /// empty, [AttributeInfo::TypeInvalid] if the attribute is not a valid type for the object, - /// or [AttributeInfo::Sensitive] if the requested attribute is sensitive and will not be - /// returned to the user. + /// the size of the requested attribute, [AttributeInfo::TypeInvalid] if the attribute is not a + /// valid type for the object, or [AttributeInfo::Sensitive] if the requested attribute is + /// sensitive and will not be returned to the user. /// /// The list of returned attributes is 1-to-1 matched with the provided vector of attribute /// types. If you wish, you may create a hash table simply by: @@ -156,6 +155,8 @@ impl<'a> Session<'a> { /// .collect::>(); /// } /// ``` + /// + /// Alternatively, you can call [Session::get_attribute_info_map], found below. pub fn get_attribute_info( &self, object: ObjectHandle, @@ -201,12 +202,9 @@ impl<'a> Session<'a> { /// # Returns /// /// This function will return a HashMap of [AttributeType] and [AttributeInfo] enums that will - /// either contain the size of the requested attribute or [AttributeInfo::Unavailable] if the - /// attribute is not available to be read from `object`. - /// - /// _Note: An attribute returning [AttributeInfo::Unavailable] may mean that the attribute is - /// either sensitive or not a valid type for `object`. This function does not distinguish - /// between those two errors._ + /// either contain the size of the requested attribute, [AttributeInfo::TypeInvalid] if the + /// attribute is not a valid type for the object, or [AttributeInfo::Sensitive] if the requested + /// attribute is sensitive and will not be returned to the user. pub fn get_attribute_info_map( &self, object: ObjectHandle, diff --git a/cryptoki/src/types/function.rs b/cryptoki/src/types/function.rs index 5275efb9..b16a3ba5 100644 --- a/cryptoki/src/types/function.rs +++ b/cryptoki/src/types/function.rs @@ -226,7 +226,7 @@ pub enum RvError { SessionCount, /// The specified session handle was invalid at the time that the function was invoked. Note that this can happen if the session’s token is removed before the function invocation, since removing a token closes all sessions with it. SessionHandleInvalid, - /// The specified token does not support parallel sessions. This is a legacy error code—in Cryptoki Version 2.01 and up, no token supports parallel sessions. CKR_SESSION_PARALLEL_NOT_SUPPORTED can only be returned by C_OpenSession, and it is only returned when C_OpenSession is called in a particular [deprecated] way. + /// The specified token does not support parallel sessions. This is a legacy error code—in Cryptoki Version 2.01 and up, no token supports parallel sessions. CKR_SESSION_PARALLEL_NOT_SUPPORTED can only be returned by C_OpenSession, and it is only returned when C_OpenSession is called in a particular `deprecated` way. SessionParallelNotSupported, /// The specified session was unable to accomplish the desired action because it is a read-only session. This return value has lower priority than CKR_TOKEN_WRITE_PROTECTED. SessionReadOnly, diff --git a/cryptoki/src/types/mechanism/mod.rs b/cryptoki/src/types/mechanism/mod.rs index 725d164a..91a48d12 100644 --- a/cryptoki/src/types/mechanism/mod.rs +++ b/cryptoki/src/types/mechanism/mod.rs @@ -52,12 +52,12 @@ impl MechanismType { // DES /// DES3 - /// Note that DES3 is deprecated. See https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf section 2, p. 6. + /// Note that DES3 is deprecated. See section 2, p. 6. pub const DES3_KEY_GEN: MechanismType = MechanismType { val: CKM_DES3_KEY_GEN, }; /// DES3 ECB - /// Note that DES3 is deprecated. See https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf section 2, p. 6. + /// Note that DES3 is deprecated. See section 2, p. 6. pub const DES3_ECB: MechanismType = MechanismType { val: CKM_DES3_ECB }; // ECC diff --git a/cryptoki/src/types/object.rs b/cryptoki/src/types/object.rs index e9eeacbb..f075ac53 100644 --- a/cryptoki/src/types/object.rs +++ b/cryptoki/src/types/object.rs @@ -1065,7 +1065,7 @@ impl KeyType { /// DES2 key pub const DES2: KeyType = KeyType { val: CKK_DES2 }; /// DES3 secret - /// Note that DES3 is deprecated. See https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf section 2, p. 6. + /// Note that DES3 is deprecated. See section 2, p. 6. pub const DES3: KeyType = KeyType { val: CKK_DES3 }; /// CAST key pub const CAST: KeyType = KeyType { val: CKK_CAST }; diff --git a/cryptoki/tests/basic.rs b/cryptoki/tests/basic.rs index a0c1139d..833f3569 100644 --- a/cryptoki/tests/basic.rs +++ b/cryptoki/tests/basic.rs @@ -3,7 +3,7 @@ mod common; use common::init_pins; -use cryptoki::types::function::{Rv, RvError}; +use cryptoki::types::function::RvError; use cryptoki::types::mechanism::Mechanism; use cryptoki::types::object::{Attribute, AttributeInfo, AttributeType, KeyType, ObjectClass}; use cryptoki::types::session::{SessionState, UserType};