context: Rework the initialization again for PKCS#11 3.0

This is follow-up with the recommendations from #248 and this will
actually allow use to call the new functions from the crate.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Author: Jakuje

cryptoki/src/context/general_purpose.rs

@@ -37,24 +37,13 @@ macro_rules! check_fn {
     ($pkcs11:expr, $func_name:ident) => {{
         let func = paste! { $pkcs11
             .impl_
-                .function_list
+                .get_function_list()
                 .[<C_ $func_name>]
         };
         func.is_some()
     }};
 }
 
-macro_rules! check_30_fn {
-    ($pkcs11:expr, $func_name:ident) => {{
-        let func = paste! { $pkcs11
-            .impl_
-                .function_list_30
-                .map(|f| f.[<C_ $func_name>])
-        };
-        func.is_some()
-    }};
-}
-
 #[allow(missing_docs)]
 #[derive(Debug, Copy, Clone)]
 /// Enumeration of all functions defined by the PKCS11 spec
@@ -232,29 +221,29 @@ pub(super) fn is_fn_supported(ctx: &Pkcs11, function: Function) -> bool {
         Function::CancelFunction => check_fn!(ctx, CancelFunction),
         Function::WaitForSlotEvent => check_fn!(ctx, WaitForSlotEvent),
         /* PKCS #11 3.0 */
-        Function::GetInterfaceList => check_30_fn!(ctx, GetInterfaceList),
-        Function::GetInterface => check_30_fn!(ctx, GetInterface),
-        Function::LoginUser => check_30_fn!(ctx, LoginUser),
-        Function::SessionCancel => check_30_fn!(ctx, SessionCancel),
-        Function::MessageEncryptInit => check_30_fn!(ctx, MessageEncryptInit),
-        Function::EncryptMessage => check_30_fn!(ctx, EncryptMessage),
-        Function::EncryptMessageBegin => check_30_fn!(ctx, EncryptMessageBegin),
-        Function::EncryptMessageNext => check_30_fn!(ctx, EncryptMessageNext),
-        Function::MessageEncryptFinal => check_30_fn!(ctx, MessageEncryptFinal),
-        Function::MessageDecryptInit => check_30_fn!(ctx, MessageDecryptInit),
-        Function::DecryptMessage => check_30_fn!(ctx, DecryptMessage),
-        Function::DecryptMessageBegin => check_30_fn!(ctx, DecryptMessageBegin),
-        Function::DecryptMessageNext => check_30_fn!(ctx, DecryptMessageNext),
-        Function::MessageDecryptFinal => check_30_fn!(ctx, MessageDecryptFinal),
-        Function::MessageSignInit => check_30_fn!(ctx, MessageSignInit),
-        Function::SignMessage => check_30_fn!(ctx, SignMessage),
-        Function::SignMessageBegin => check_30_fn!(ctx, SignMessageBegin),
-        Function::SignMessageNext => check_30_fn!(ctx, SignMessageNext),
-        Function::MessageSignFinal => check_30_fn!(ctx, MessageSignFinal),
-        Function::MessageVerifyInit => check_30_fn!(ctx, MessageVerifyInit),
-        Function::VerifyMessage => check_30_fn!(ctx, VerifyMessage),
-        Function::VerifyMessageBegin => check_30_fn!(ctx, VerifyMessageBegin),
-        Function::VerifyMessageNext => check_30_fn!(ctx, VerifyMessageNext),
-        Function::MessageVerifyFinal => check_30_fn!(ctx, MessageVerifyFinal),
+        Function::GetInterfaceList => check_fn!(ctx, GetInterfaceList),
+        Function::GetInterface => check_fn!(ctx, GetInterface),
+        Function::LoginUser => check_fn!(ctx, LoginUser),
+        Function::SessionCancel => check_fn!(ctx, SessionCancel),
+        Function::MessageEncryptInit => check_fn!(ctx, MessageEncryptInit),
+        Function::EncryptMessage => check_fn!(ctx, EncryptMessage),
+        Function::EncryptMessageBegin => check_fn!(ctx, EncryptMessageBegin),
+        Function::EncryptMessageNext => check_fn!(ctx, EncryptMessageNext),
+        Function::MessageEncryptFinal => check_fn!(ctx, MessageEncryptFinal),
+        Function::MessageDecryptInit => check_fn!(ctx, MessageDecryptInit),
+        Function::DecryptMessage => check_fn!(ctx, DecryptMessage),
+        Function::DecryptMessageBegin => check_fn!(ctx, DecryptMessageBegin),
+        Function::DecryptMessageNext => check_fn!(ctx, DecryptMessageNext),
+        Function::MessageDecryptFinal => check_fn!(ctx, MessageDecryptFinal),
+        Function::MessageSignInit => check_fn!(ctx, MessageSignInit),
+        Function::SignMessage => check_fn!(ctx, SignMessage),
+        Function::SignMessageBegin => check_fn!(ctx, SignMessageBegin),
+        Function::SignMessageNext => check_fn!(ctx, SignMessageNext),
+        Function::MessageSignFinal => check_fn!(ctx, MessageSignFinal),
+        Function::MessageVerifyInit => check_fn!(ctx, MessageVerifyInit),
+        Function::VerifyMessage => check_fn!(ctx, VerifyMessage),
+        Function::VerifyMessageBegin => check_fn!(ctx, VerifyMessageBegin),
+        Function::VerifyMessageNext => check_fn!(ctx, VerifyMessageNext),
+        Function::MessageVerifyFinal => check_fn!(ctx, MessageVerifyFinal),
     }
 }

cryptoki/src/context/mod.rs

@@ -14,7 +14,7 @@ macro_rules! get_pkcs11 {
 /// Suitable only if the caller can't return a Result.
 macro_rules! get_pkcs11_func {
     ($pkcs11:expr, $func_name:ident) => {
-        ($pkcs11.impl_.function_list.$func_name)
+        ($pkcs11.impl_.get_function_list().$func_name)
     };
 }
 
@@ -38,31 +38,51 @@ use std::ptr;
 use std::sync::Arc;
 use std::sync::RwLock;
 
+/// Enum for various function lists
+/// Each following is super-set of the previous one with overlapping start so we store them
+/// in the largest one so we can reference also potentially NULL/non-existing functions
+#[derive(Debug)]
+enum FunctionList {
+    /// PKCS #11 2.40 CK_FUNCTION_LIST
+    V2(cryptoki_sys::CK_FUNCTION_LIST_3_0),
+    /// PKCS #11 3.0 CK_FUNCTION_LIST_3_0
+    V3_0(cryptoki_sys::CK_FUNCTION_LIST_3_0),
+    // TODO when PKCS #11 3.2 will be imported, change the above to 3_2 too!
+    // PKCS #11 3.2 CK_FUNCTION_LIST_3_2
+    //V3_2(cryptoki_sys::CK_FUNCTION_LIST_3_2),
+}
+
 // Implementation of Pkcs11 class that can be enclosed in a single Arc
 pub(crate) struct Pkcs11Impl {
     // Even if this field is never read, it is needed for the pointers in function_list to remain
     // valid.
     _pkcs11_lib: cryptoki_sys::Pkcs11,
-    pub(crate) function_list: cryptoki_sys::CK_FUNCTION_LIST,
-    pub(crate) function_list_30: Option<cryptoki_sys::CK_FUNCTION_LIST_3_0>,
+    function_list: FunctionList,
 }
 
 impl fmt::Debug for Pkcs11Impl {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
         f.debug_struct("Pkcs11Impl")
             .field("function_list", &self.function_list)
-            .field("function_list_30", &self.function_list_30)
             .finish()
     }
 }
 
 impl Pkcs11Impl {
+    #[inline(always)]
+    pub(crate) fn get_function_list(&self) -> cryptoki_sys::CK_FUNCTION_LIST_3_0 {
+        match self.function_list {
+            FunctionList::V2(l) => l,
+            FunctionList::V3_0(l) => l,
+        }
+    }
+
     // Private finalize call
     #[inline(always)]
     fn finalize(&self) -> Result<()> {
         unsafe {
             Rv::from(self
-                .function_list
+                .get_function_list()
                 .C_Finalize
                 .ok_or(Error::NullFunctionPointer)?(
                 ptr::null_mut()
@@ -137,8 +157,7 @@ impl Pkcs11 {
                     return Ok(Pkcs11 {
                         impl_: Arc::new(Pkcs11Impl {
                             _pkcs11_lib: pkcs11_lib,
-                            function_list: *list_ptr, /* the function list aliases */
-                            function_list_30: Some(*list30_ptr),
+                            function_list: FunctionList::V3_0(*list30_ptr),
                         }),
                         initialized: Arc::new(RwLock::new(false)),
                     });
@@ -157,8 +176,7 @@ impl Pkcs11 {
         Ok(Pkcs11 {
             impl_: Arc::new(Pkcs11Impl {
                 _pkcs11_lib: pkcs11_lib,
-                function_list: *list_ptr,
-                function_list_30: None,
+                function_list: FunctionList::V2(v2tov3(*list_ptr)),
             }),
             initialized: Arc::new(RwLock::new(false)),
         })
@@ -200,3 +218,102 @@ impl Pkcs11 {
         is_fn_supported(self, function)
     }
 }
+
+/// This would be great to be From/Into, but it would have to live inside of the cryptoki-sys
+fn v2tov3(f: cryptoki_sys::CK_FUNCTION_LIST) -> cryptoki_sys::CK_FUNCTION_LIST_3_0 {
+    cryptoki_sys::CK_FUNCTION_LIST_3_0 {
+        version: f.version,
+        C_Initialize: f.C_Initialize,
+        C_Finalize: f.C_Finalize,
+        C_GetInfo: f.C_GetInfo,
+        C_GetFunctionList: f.C_GetFunctionList,
+        C_GetSlotList: f.C_GetSlotList,
+        C_GetSlotInfo: f.C_GetSlotInfo,
+        C_GetTokenInfo: f.C_GetTokenInfo,
+        C_GetMechanismList: f.C_GetMechanismList,
+        C_GetMechanismInfo: f.C_GetMechanismInfo,
+        C_InitToken: f.C_InitToken,
+        C_InitPIN: f.C_InitPIN,
+        C_SetPIN: f.C_SetPIN,
+        C_OpenSession: f.C_OpenSession,
+        C_CloseSession: f.C_CloseSession,
+        C_CloseAllSessions: f.C_CloseAllSessions,
+        C_GetSessionInfo: f.C_GetSessionInfo,
+        C_GetOperationState: f.C_GetOperationState,
+        C_SetOperationState: f.C_SetOperationState,
+        C_Login: f.C_Login,
+        C_Logout: f.C_Logout,
+        C_CreateObject: f.C_CreateObject,
+        C_CopyObject: f.C_CopyObject,
+        C_DestroyObject: f.C_DestroyObject,
+        C_GetObjectSize: f.C_GetObjectSize,
+        C_GetAttributeValue: f.C_GetAttributeValue,
+        C_SetAttributeValue: f.C_SetAttributeValue,
+        C_FindObjectsInit: f.C_FindObjectsInit,
+        C_FindObjects: f.C_FindObjects,
+        C_FindObjectsFinal: f.C_FindObjectsFinal,
+        C_EncryptInit: f.C_EncryptInit,
+        C_Encrypt: f.C_Encrypt,
+        C_EncryptUpdate: f.C_EncryptUpdate,
+        C_EncryptFinal: f.C_EncryptFinal,
+        C_DecryptInit: f.C_DecryptInit,
+        C_Decrypt: f.C_Decrypt,
+        C_DecryptUpdate: f.C_DecryptUpdate,
+        C_DecryptFinal: f.C_DecryptFinal,
+        C_DigestInit: f.C_DigestInit,
+        C_Digest: f.C_Digest,
+        C_DigestUpdate: f.C_DigestUpdate,
+        C_DigestKey: f.C_DigestKey,
+        C_DigestFinal: f.C_DigestFinal,
+        C_SignInit: f.C_SignInit,
+        C_Sign: f.C_Sign,
+        C_SignUpdate: f.C_SignUpdate,
+        C_SignFinal: f.C_SignFinal,
+        C_SignRecoverInit: f.C_SignRecoverInit,
+        C_SignRecover: f.C_SignRecover,
+        C_VerifyInit: f.C_VerifyInit,
+        C_Verify: f.C_Verify,
+        C_VerifyUpdate: f.C_VerifyUpdate,
+        C_VerifyFinal: f.C_VerifyFinal,
+        C_VerifyRecoverInit: f.C_VerifyRecoverInit,
+        C_VerifyRecover: f.C_VerifyRecover,
+        C_DigestEncryptUpdate: f.C_DigestEncryptUpdate,
+        C_DecryptDigestUpdate: f.C_DecryptDigestUpdate,
+        C_SignEncryptUpdate: f.C_SignEncryptUpdate,
+        C_DecryptVerifyUpdate: f.C_DecryptVerifyUpdate,
+        C_GenerateKey: f.C_GenerateKey,
+        C_GenerateKeyPair: f.C_GenerateKeyPair,
+        C_WrapKey: f.C_WrapKey,
+        C_UnwrapKey: f.C_UnwrapKey,
+        C_DeriveKey: f.C_DeriveKey,
+        C_SeedRandom: f.C_SeedRandom,
+        C_GenerateRandom: f.C_GenerateRandom,
+        C_GetFunctionStatus: f.C_GetFunctionStatus,
+        C_CancelFunction: f.C_CancelFunction,
+        C_WaitForSlotEvent: f.C_WaitForSlotEvent,
+        C_GetInterfaceList: None,
+        C_GetInterface: None,
+        C_LoginUser: None,
+        C_SessionCancel: None,
+        C_MessageEncryptInit: None,
+        C_EncryptMessage: None,
+        C_EncryptMessageBegin: None,
+        C_EncryptMessageNext: None,
+        C_MessageEncryptFinal: None,
+        C_MessageDecryptInit: None,
+        C_DecryptMessage: None,
+        C_DecryptMessageBegin: None,
+        C_DecryptMessageNext: None,
+        C_MessageDecryptFinal: None,
+        C_MessageSignInit: None,
+        C_SignMessage: None,
+        C_SignMessageBegin: None,
+        C_SignMessageNext: None,
+        C_MessageSignFinal: None,
+        C_MessageVerifyInit: None,
+        C_VerifyMessage: None,
+        C_VerifyMessageBegin: None,
+        C_VerifyMessageNext: None,
+        C_MessageVerifyFinal: None,
+    }
+}