@@ -6,6 +6,7 @@ pub mod aead;
66pub mod elliptic_curve;
77mod mechanism_info;
88pub mod rsa;
9+ pub mod ekdf;
910
1011use crate :: error:: Error ;
1112use cryptoki_sys:: * ;
@@ -17,6 +18,7 @@ use std::ops::Deref;
1718use std:: ptr:: null_mut;
1819
1920pub use mechanism_info:: MechanismInfo ;
21+ use crate :: mechanism:: rsa:: { PkcsOaepParams , PkcsOaepSource } ;
2022
2123#[ derive( Copy , Debug , Clone , PartialEq , Eq ) ]
2224// transparent so that a vector of MechanismType should have the same layout than a vector of
@@ -64,6 +66,9 @@ impl MechanismType {
6466 /// AES-GCM mechanism
6567pub const AES_GCM : MechanismType = MechanismType { val : CKM_AES_GCM } ;
6668
69+ /// Derivation via encryption
70+ pub const AES_CBC_ENCRYPT_DATA : MechanismType = MechanismType { val : CKM_AES_CBC_ENCRYPT_DATA } ;
71+
6772 // RSA
6873 /// PKCS #1 RSA key pair generation mechanism
6974pub const RSA_PKCS_KEY_PAIR_GEN : MechanismType = MechanismType {
@@ -241,6 +246,10 @@ impl MechanismType {
241246pub const SHA512_RSA_PKCS_PSS : MechanismType = MechanismType {
242247 val : CKM_SHA512_RSA_PKCS_PSS ,
243248 } ;
249+ /// GENERIC-SECRET-KEY-GEN mechanism
250+ pub const GENERIC_SECRET_KEY_GEN : MechanismType = MechanismType {
251+ val : CKM_GENERIC_SECRET_KEY_GEN
252+ } ;
244253
245254 pub ( crate ) fn stringify ( mech : CK_MECHANISM_TYPE ) -> String {
246255 match mech {
@@ -629,6 +638,7 @@ impl TryFrom<CK_MECHANISM_TYPE> for MechanismType {
629638 fn try_from ( mechanism_type : CK_MECHANISM_TYPE ) -> Result < Self , Self :: Error > {
630639 match mechanism_type {
631640 CKM_AES_KEY_GEN => Ok ( MechanismType :: AES_KEY_GEN ) ,
641+ CKM_AES_CBC_ENCRYPT_DATA => Ok ( MechanismType :: AES_CBC_ENCRYPT_DATA ) ,
632642 CKM_RSA_PKCS_KEY_PAIR_GEN => Ok ( MechanismType :: RSA_PKCS_KEY_PAIR_GEN ) ,
633643 CKM_RSA_PKCS => Ok ( MechanismType :: RSA_PKCS ) ,
634644 CKM_RSA_PKCS_PSS => Ok ( MechanismType :: RSA_PKCS_PSS ) ,
@@ -648,6 +658,7 @@ impl TryFrom<CK_MECHANISM_TYPE> for MechanismType {
648658 CKM_SHA256_RSA_PKCS => Ok ( MechanismType :: SHA256_RSA_PKCS ) ,
649659 CKM_SHA384_RSA_PKCS => Ok ( MechanismType :: SHA384_RSA_PKCS ) ,
650660 CKM_SHA512_RSA_PKCS => Ok ( MechanismType :: SHA512_RSA_PKCS ) ,
661+ CKM_GENERIC_SECRET_KEY_GEN => Ok ( MechanismType :: GENERIC_SECRET_KEY_GEN ) ,
651662 other => {
652663 error ! ( "Mechanism type {} is not supported." , other) ;
653664 Err ( Error :: NotSupported )
@@ -689,6 +700,14 @@ pub enum Mechanism<'a> {
689700AesKeyWrapPad ,
690701 /// AES-GCM mechanism
691702AesGcm ( aead:: GcmParams < ' a > ) ,
703+ /// AES-CBC-ENCRYPT-DATA mechanism
704+ ///
705+ /// The parameter to this mechanism is the initialization vector and the message to encrypt. These mechanisms allow
706+ /// derivation of keys using the result of an encryption operation as the key value.
707+ ///
708+ /// For derivation, the message length must be a multiple of the block
709+ /// size. See https://www.cryptsoft.com/pkcs11doc/v220/
710+ AesCbcEncryptData ( ekdf:: AesCbcDeriveParams < ' a > ) ,
692711
693712 // RSA
694713 /// PKCS #1 RSA key pair generation mechanism
@@ -701,7 +720,7 @@ pub enum Mechanism<'a> {
701720RsaPkcsPss ( rsa:: PkcsPssParams ) ,
702721 /// Multi-purpose mechanism based on the RSA public-key cryptosystem and the OAEP block format
703722/// defined in PKCS #1
704- RsaPkcsOaep ( rsa :: PkcsOaepParams < ' a > ) ,
723+ RsaPkcsOaep ( PkcsOaepParams < ' a > ) ,
705724 /// Multi-purpose mechanism based on the RSA public-key cryptosystem. This is so-called "raw"
706725/// RSA, as assumed in X.509.
707726RsaX509 ,
@@ -816,6 +835,9 @@ pub enum Mechanism<'a> {
816835Sha384RsaPkcsPss ( rsa:: PkcsPssParams ) ,
817836 /// SHA256-RSA-PKCS-PSS mechanism
818837Sha512RsaPkcsPss ( rsa:: PkcsPssParams ) ,
838+
839+ /// GENERIC-SECRET-KEY-GEN mechanism
840+ GenericSecretKeyGen
819841}
820842
821843impl Mechanism < ' _ > {
@@ -829,7 +851,7 @@ impl Mechanism<'_> {
829851 Mechanism :: AesKeyWrap => MechanismType :: AES_KEY_WRAP ,
830852 Mechanism :: AesKeyWrapPad => MechanismType :: AES_KEY_WRAP_PAD ,
831853 Mechanism :: AesGcm ( _) => MechanismType :: AES_GCM ,
832-
854+ Mechanism :: AesCbcEncryptData ( _ ) => MechanismType :: AES_CBC_ENCRYPT_DATA ,
833855 Mechanism :: RsaPkcsKeyPairGen => MechanismType :: RSA_PKCS_KEY_PAIR_GEN ,
834856 Mechanism :: RsaPkcs => MechanismType :: RSA_PKCS ,
835857 Mechanism :: RsaPkcsPss ( _) => MechanismType :: RSA_PKCS_PSS ,
@@ -874,6 +896,8 @@ impl Mechanism<'_> {
874896 Mechanism :: Sha256RsaPkcsPss ( _) => MechanismType :: SHA256_RSA_PKCS_PSS ,
875897 Mechanism :: Sha384RsaPkcsPss ( _) => MechanismType :: SHA384_RSA_PKCS_PSS ,
876898 Mechanism :: Sha512RsaPkcsPss ( _) => MechanismType :: SHA512_RSA_PKCS_PSS ,
899+
900+ Mechanism :: GenericSecretKeyGen => MechanismType :: GENERIC_SECRET_KEY_GEN
877901 }
878902 }
879903}
@@ -883,9 +907,13 @@ impl From<&Mechanism<'_>> for CK_MECHANISM {
883907 let mechanism = mech. mechanism_type ( ) . into ( ) ;
884908 match mech {
885909 // Mechanisms with parameters
886- Mechanism :: AesCbc ( params) | Mechanism :: AesCbcPad ( params) => {
910+ Mechanism :: AesCbc ( params)
911+ | Mechanism :: AesCbcPad ( params) => {
887912 make_mechanism ( mechanism, params)
888- }
913+ } ,
914+ Mechanism :: AesCbcEncryptData ( params) => {
915+ make_mechanism ( mechanism, params)
916+ } ,
889917 Mechanism :: DesCbc ( params)
890918 | Mechanism :: Des3Cbc ( params)
891919 | Mechanism :: DesCbcPad ( params)
@@ -936,7 +964,8 @@ impl From<&Mechanism<'_>> for CK_MECHANISM {
936964 | Mechanism :: Sha224RsaPkcs
937965 | Mechanism :: Sha256RsaPkcs
938966 | Mechanism :: Sha384RsaPkcs
939- | Mechanism :: Sha512RsaPkcs => CK_MECHANISM {
967+ | Mechanism :: Sha512RsaPkcs
968+ | Mechanism :: GenericSecretKeyGen => CK_MECHANISM {
940969 mechanism,
941970 pParameter : null_mut ( ) ,
942971 ulParameterLen : 0 ,
@@ -961,7 +990,7 @@ fn make_mechanism<T>(mechanism: CK_MECHANISM_TYPE, param: &T) -> CK_MECHANISM {
961990
962991#[ cfg( feature = "psa-crypto-conversions" ) ]
963992#[ allow( deprecated) ]
964- impl TryFrom < psa_crypto:: types:: algorithm:: Algorithm > for Mechanism {
993+ impl TryFrom < psa_crypto:: types:: algorithm:: Algorithm > for Mechanism < ' _ > {
965994 type Error = Error ;
966995
967996 fn try_from ( alg : psa_crypto:: types:: algorithm:: Algorithm ) -> Result < Self , Self :: Error > {
@@ -989,13 +1018,11 @@ impl TryFrom<psa_crypto::types::algorithm::Algorithm> for Mechanism {
9891018 Ok ( Mechanism :: Ecdsa )
9901019 }
9911020 Algorithm :: AsymmetricEncryption ( AsymmetricEncryption :: RsaOaep { hash_alg } ) => {
992- Ok ( Mechanism :: RsaPkcsOaep ( rsa:: PkcsOaepParams {
993- hash_alg : Mechanism :: try_from ( Algorithm :: from ( hash_alg) ) ?. mechanism_type ( ) ,
994- mgf : rsa:: PkcsMgfType :: from_psa_crypto_hash ( hash_alg) ?,
995- source : rsa:: PkcsOaepSourceType :: DATA_SPECIFIED ,
996- source_data : std:: ptr:: null ( ) ,
997- source_data_len : 0 . into ( ) ,
998- } ) )
1021+ Ok ( Mechanism :: RsaPkcsOaep ( PkcsOaepParams :: new (
1022+ Mechanism :: try_from ( Algorithm :: from ( hash_alg) ) ?. mechanism_type ( ) ,
1023+ rsa:: PkcsMgfType :: from_psa_crypto_hash ( hash_alg) ?,
1024+ PkcsOaepSource :: empty ( ) ,
1025+ ) ) )
9991026 }
10001027 alg => {
10011028 error ! ( "{:?} is not a supported algorithm" , alg) ;
0 commit comments