Make Session take a reference to Pkcs11 and remove inner Arc

wiktor-k · wiktor-k · commit 9f19f12aee62 · 2025-06-23T13:45:08.000+02:00
Signed-off-by: Wiktor Kwapisiewicz &lt;wiktor@metacode.biz&gt;
diff --git a/cryptoki/src/context/mod.rs b/cryptoki/src/context/mod.rs
@@ -35,7 +35,6 @@ use std::fmt;
 use std::mem;
 use std::path::Path;
 use std::ptr;
-use std::sync::Arc;
 use std::sync::RwLock;
 
 /// Enum for various function lists
@@ -101,10 +100,10 @@ impl Drop for Pkcs11Impl {
 }
 
 /// Main PKCS11 context. Should usually be unique per application.
-#[derive(Clone, Debug)]
+#[derive(Debug)]
 pub struct Pkcs11 {
-    pub(crate) impl_: Arc<Pkcs11Impl>,
-    initialized: Arc<RwLock<bool>>,
+    pub(crate) impl_: Pkcs11Impl,
+    initialized: RwLock<bool>,
 }
 
 impl Pkcs11 {
@@ -155,11 +154,11 @@ impl Pkcs11 {
                     let list30_ptr: *mut cryptoki_sys::CK_FUNCTION_LIST_3_0 =
                         ifce.pFunctionList as *mut cryptoki_sys::CK_FUNCTION_LIST_3_0;
                     return Ok(Pkcs11 {
-                        impl_: Arc::new(Pkcs11Impl {
+                        impl_: Pkcs11Impl {
                             _pkcs11_lib: pkcs11_lib,
                             function_list: FunctionList::V3_0(*list30_ptr),
-                        }),
-                        initialized: Arc::new(RwLock::new(false)),
+                        },
+                        initialized: RwLock::new(false),
                     });
                 }
                 /* fall back to the 2.* API */
@@ -174,21 +173,17 @@ impl Pkcs11 {
         let list_ptr = *list.as_ptr();
 
         Ok(Pkcs11 {
-            impl_: Arc::new(Pkcs11Impl {
+            impl_: Pkcs11Impl {
                 _pkcs11_lib: pkcs11_lib,
                 function_list: FunctionList::V2(v2tov3(*list_ptr)),
-            }),
-            initialized: Arc::new(RwLock::new(false)),
+            },
+            initialized: RwLock::new(false),
         })
     }
 
     /// Initialize the PKCS11 library
     pub fn initialize(&self, init_args: CInitializeArgs) -> Result<()> {
-        let mut init_lock = self
-            .initialized
-            .as_ref()
-            .write()
-            .expect("lock not to be poisoned");
+        let mut init_lock = self.initialized.write().expect("lock not to be poisoned");
         if *init_lock {
             Err(Error::AlreadyInitialized)?
         }
@@ -197,11 +192,7 @@ impl Pkcs11 {
 
     /// Check whether the PKCS11 library has been initialized
     pub fn is_initialized(&self) -> bool {
-        *self
-            .initialized
-            .as_ref()
-            .read()
-            .expect("lock not to be poisoned")
+        *self.initialized.read().expect("lock not to be poisoned")
     }
 
     /// Finalize the PKCS11 library. Indicates that the application no longer needs to use PKCS11.
diff --git a/cryptoki/src/context/session_management.rs b/cryptoki/src/context/session_management.rs
@@ -13,7 +13,7 @@ use super::Function;
 
 impl Pkcs11 {
     #[inline(always)]
-    fn open_session(&self, slot_id: Slot, read_write: bool) -> Result<Session> {
+    fn open_session(&self, slot_id: Slot, read_write: bool) -> Result<Session<'_>> {
         let mut session_handle = 0;
 
         let flags = if read_write {
@@ -33,7 +33,7 @@ impl Pkcs11 {
             .into_result(Function::OpenSession)?;
         }
 
-        Ok(Session::new(session_handle, self.clone()))
+        Ok(Session::new(session_handle, self))
     }
 
     /// Open a new Read-Only session
@@ -60,14 +60,14 @@ impl Pkcs11 {
     /// let session = client.open_ro_session(slot)?;
     /// # let _ = session; Ok(()) }
     /// ```
-    pub fn open_ro_session(&self, slot_id: Slot) -> Result<Session> {
+    pub fn open_ro_session(&self, slot_id: Slot) -> Result<Session<'_>> {
         self.open_session(slot_id, false)
     }
 
     /// Open a new Read/Write session
     ///
     /// Note: No callback is set when opening the session.
-    pub fn open_rw_session(&self, slot_id: Slot) -> Result<Session> {
+    pub fn open_rw_session(&self, slot_id: Slot) -> Result<Session<'_>> {
         self.open_session(slot_id, true)
     }
 }
diff --git a/cryptoki/src/session/decryption.rs b/cryptoki/src/session/decryption.rs
@@ -10,7 +10,7 @@ use crate::session::Session;
 use cryptoki_sys::*;
 use std::convert::TryInto;
 
-impl Session {
+impl Session<'_> {
     /// Single-part decryption operation
     pub fn decrypt(
         &self,
diff --git a/cryptoki/src/session/digesting.rs b/cryptoki/src/session/digesting.rs
@@ -10,7 +10,7 @@ use crate::session::Session;
 use cryptoki_sys::*;
 use std::convert::TryInto;
 
-impl Session {
+impl Session<'_> {
     /// Single-part digesting operation
     pub fn digest(&self, m: &Mechanism, data: &[u8]) -> Result<Vec<u8>> {
         let mut mechanism: CK_MECHANISM = m.into();
diff --git a/cryptoki/src/session/encryption.rs b/cryptoki/src/session/encryption.rs
@@ -10,7 +10,7 @@ use crate::session::Session;
 use cryptoki_sys::*;
 use std::convert::TryInto;
 
-impl Session {
+impl Session<'_> {
     /// Single-part encryption operation
     pub fn encrypt(
         &self,
diff --git a/cryptoki/src/session/key_management.rs b/cryptoki/src/session/key_management.rs
@@ -10,7 +10,7 @@ use crate::session::Session;
 use cryptoki_sys::{CK_ATTRIBUTE, CK_MECHANISM, CK_MECHANISM_PTR};
 use std::convert::TryInto;
 
-impl Session {
+impl Session<'_> {
     /// Generate a secret key
     pub fn generate_key(
         &self,
diff --git a/cryptoki/src/session/message_decryption.rs b/cryptoki/src/session/message_decryption.rs
@@ -10,7 +10,7 @@ use crate::session::Session;
 use cryptoki_sys::*;
 use std::convert::TryInto;
 
-impl Session {
+impl Session<'_> {
     /// Prepare a session for one or more Message-based decryption using the same mechanism and key
     pub fn message_decrypt_init(&self, mechanism: &Mechanism, key: ObjectHandle) -> Result<()> {
         let mut mechanism: CK_MECHANISM = mechanism.into();
diff --git a/cryptoki/src/session/message_encryption.rs b/cryptoki/src/session/message_encryption.rs
@@ -10,7 +10,7 @@ use crate::session::Session;
 use cryptoki_sys::*;
 use std::convert::TryInto;
 
-impl Session {
+impl Session<'_> {
     /// Prepare a session for one or more Message-based encryption using the same mechanism and key
     pub fn message_encrypt_init(&self, mechanism: &Mechanism, key: ObjectHandle) -> Result<()> {
         let mut mechanism: CK_MECHANISM = mechanism.into();
diff --git a/cryptoki/src/session/mod.rs b/cryptoki/src/session/mod.rs
@@ -31,37 +31,33 @@ pub use session_info::{SessionInfo, SessionState};
 /// threads. A Session needs to be created in its own thread or to be passed by ownership to
 /// another thread.
 #[derive(Debug)]
-pub struct Session {
+pub struct Session<'a> {
     handle: CK_SESSION_HANDLE,
-    client: Pkcs11,
+    client: &'a Pkcs11,
     // This is not used but to prevent Session to automatically implement Send and Sync
     _guard: PhantomData<*mut u32>,
 }
 
-impl std::fmt::Display for Session {
+impl<'a> std::fmt::Display for Session<'a> {
     fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
         write!(f, "{}", self.handle)
     }
 }
 
-impl std::fmt::LowerHex for Session {
+impl<'a> std::fmt::LowerHex for Session<'a> {
     fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
         write!(f, "{:08x}", self.handle)
     }
 }
 
-impl std::fmt::UpperHex for Session {
+impl<'a> std::fmt::UpperHex for Session<'a> {
     fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
         write!(f, "{:08X}", self.handle)
     }
 }
 
-// Session does not implement Sync to prevent the same Session instance to be used from multiple
-// threads.
-unsafe impl Send for Session {}
-
-impl Session {
-    pub(crate) fn new(handle: CK_SESSION_HANDLE, client: Pkcs11) -> Self {
+impl<'a> Session<'a> {
+    pub(crate) fn new(handle: CK_SESSION_HANDLE, client: &'a Pkcs11) -> Self {
         Session {
             handle,
             client,
@@ -70,7 +66,7 @@ impl Session {
     }
 }
 
-impl Session {
+impl<'a> Session<'a> {
     /// Close a session
     /// This will be called on drop as well.
     pub fn close(self) {}
diff --git a/cryptoki/src/session/object_management.rs b/cryptoki/src/session/object_management.rs
@@ -78,7 +78,7 @@ const MAX_OBJECT_COUNT: NonZeroUsize = unsafe { NonZeroUsize::new_unchecked(10)
 /// ```
 #[derive(Debug)]
 pub struct ObjectHandleIterator<'a> {
-    session: &'a Session,
+    session: &'a Session<'a>,
     object_count: usize,
     index: usize,
     cache: Vec<CK_OBJECT_HANDLE>,
@@ -207,7 +207,7 @@ impl Drop for ObjectHandleIterator<'_> {
     }
 }
 
-impl Session {
+impl Session<'_> {
     /// Iterate over session objects matching a template.
     ///
     /// # Arguments
@@ -224,7 +224,7 @@ impl Session {
     /// * [`ObjectHandleIterator`] for more information on how to use the iterator
     /// * [`Session::iter_objects_with_cache_size`] for a way to specify the cache size
     #[inline(always)]
-    pub fn iter_objects(&self, template: &[Attribute]) -> Result<ObjectHandleIterator> {
+    pub fn iter_objects(&self, template: &[Attribute]) -> Result<ObjectHandleIterator<'_>> {
         self.iter_objects_with_cache_size(template, MAX_OBJECT_COUNT)
     }
 
@@ -248,7 +248,7 @@ impl Session {
         &self,
         template: &[Attribute],
         cache_size: NonZeroUsize,
-    ) -> Result<ObjectHandleIterator> {
+    ) -> Result<ObjectHandleIterator<'_>> {
         let template: Vec<CK_ATTRIBUTE> = template.iter().map(Into::into).collect();
         ObjectHandleIterator::new(self, template, cache_size)
     }
diff --git a/cryptoki/src/session/random.rs b/cryptoki/src/session/random.rs
@@ -7,7 +7,7 @@ use crate::error::{Result, Rv};
 use crate::session::Session;
 use std::convert::TryInto;
 
-impl Session {
+impl Session<'_> {
     /// Generates a random number and sticks it in a slice
     ///
     /// # Arguments
diff --git a/cryptoki/src/session/session_management.rs b/cryptoki/src/session/session_management.rs
@@ -14,7 +14,7 @@ use log::error;
 use secrecy::ExposeSecret;
 use std::convert::{TryFrom, TryInto};
 
-impl Drop for Session {
+impl Drop for Session<'_> {
     fn drop(&mut self) {
         #[inline(always)]
         fn close(session: &Session) -> Result<()> {
@@ -32,7 +32,7 @@ impl Drop for Session {
     }
 }
 
-impl Session {
+impl Session<'_> {
     /// Log a session in.
     ///
     /// # Arguments
diff --git a/cryptoki/src/session/signing_macing.rs b/cryptoki/src/session/signing_macing.rs
@@ -10,7 +10,7 @@ use crate::session::Session;
 use cryptoki_sys::*;
 use std::convert::TryInto;
 
-impl Session {
+impl Session<'_> {
     /// Sign data in single-part
     pub fn sign(&self, mechanism: &Mechanism, key: ObjectHandle, data: &[u8]) -> Result<Vec<u8>> {
         let mut mechanism: CK_MECHANISM = mechanism.into();
diff --git a/cryptoki/src/session/slot_token_management.rs b/cryptoki/src/session/slot_token_management.rs
@@ -9,7 +9,7 @@ use crate::types::AuthPin;
 use secrecy::ExposeSecret;
 use std::convert::TryInto;
 
-impl Session {
+impl Session<'_> {
     /// Initialize the normal user's pin for a token
     pub fn init_pin(&self, pin: &AuthPin) -> Result<()> {
         unsafe {
diff --git a/cryptoki/tests/basic.rs b/cryptoki/tests/basic.rs
@@ -22,6 +22,7 @@ use cryptoki::types::AuthPin;
 use serial_test::serial;
 use std::collections::HashMap;
 use std::num::NonZeroUsize;
+use std::sync::Arc;
 use std::thread;
 
 use cryptoki::mechanism::ekdf::AesCbcDeriveParams;
@@ -992,6 +993,7 @@ fn login_feast() {
     const SESSIONS: usize = 100;
 
     let (pkcs11, slot) = init_pins();
+    let pkcs11 = Arc::new(pkcs11);
     let mut threads = Vec::new();
 
     for _ in 0..SESSIONS {
@@ -1197,7 +1199,7 @@ fn get_attribute_info_test() -> TestResult {
         session.generate_key_pair(&mechanism, &pub_key_template, &priv_key_template)?;
 
     let pub_attribs = vec![AttributeType::PublicExponent, AttributeType::Modulus];
-    let mut priv_attribs = [
+    let priv_attribs = [
         AttributeType::PublicExponent,
         AttributeType::Modulus,
         AttributeType::PrivateExponent,
@@ -1328,7 +1330,7 @@ fn is_initialized_test() {
 fn test_clone_initialize() {
     use cryptoki::context::CInitializeArgs;
 
-    let pkcs11 = get_pkcs11();
+    let pkcs11 = Arc::new(get_pkcs11());
 
     let clone = pkcs11.clone();
     assert!(

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ use super::Function;`
`13`	`13`
`14`	`14`	`impl Pkcs11 {`
`15`	`15`	`#[inline(always)]`
`16`		`- fn open_session(&self, slot_id: Slot, read_write: bool) -> Result<Session> {`
	`16`	`+ fn open_session(&self, slot_id: Slot, read_write: bool) -> Result<Session<'_>> {`
`17`	`17`	`let mut session_handle = 0;`
`18`	`18`
`19`	`19`	`let flags = if read_write {`
`@@ -33,7 +33,7 @@ impl Pkcs11 {`
`33`	`33`	`.into_result(Function::OpenSession)?;`
`34`	`34`	`}`
`35`	`35`
`36`		`- Ok(Session::new(session_handle, self.clone()))`
	`36`	`+ Ok(Session::new(session_handle, self))`
`37`	`37`	`}`
`38`	`38`
`39`	`39`	`/// Open a new Read-Only session`
`@@ -60,14 +60,14 @@ impl Pkcs11 {`
`60`	`60`	`/// let session = client.open_ro_session(slot)?;`
`61`	`61`	`/// # let _ = session; Ok(()) }`
`62`	`62`	/// ```
`63`		`- pub fn open_ro_session(&self, slot_id: Slot) -> Result<Session> {`
	`63`	`+ pub fn open_ro_session(&self, slot_id: Slot) -> Result<Session<'_>> {`
`64`	`64`	`self.open_session(slot_id, false)`
`65`	`65`	`}`
`66`	`66`
`67`	`67`	`/// Open a new Read/Write session`
`68`	`68`	`///`
`69`	`69`	`/// Note: No callback is set when opening the session.`
`70`		`- pub fn open_rw_session(&self, slot_id: Slot) -> Result<Session> {`
	`70`	`+ pub fn open_rw_session(&self, slot_id: Slot) -> Result<Session<'_>> {`
`71`	`71`	`self.open_session(slot_id, true)`
`72`	`72`	`}`
`73`	`73`	`}`
Original file line number	Diff line number	Diff line change
`@@ -31,37 +31,33 @@ pub use session_info::{SessionInfo, SessionState};`
`31`	`31`	`/// threads. A Session needs to be created in its own thread or to be passed by ownership to`
`32`	`32`	`/// another thread.`
`33`	`33`	`#[derive(Debug)]`
`34`		`-pub struct Session {`
	`34`	`+pub struct Session<'a> {`
`35`	`35`	`handle: CK_SESSION_HANDLE,`
`36`		`- client: Pkcs11,`
	`36`	`+ client: &'a Pkcs11,`
`37`	`37`	`// This is not used but to prevent Session to automatically implement Send and Sync`
`38`	`38`	`_guard: PhantomData<*mut u32>,`
`39`	`39`	`}`
`40`	`40`
`41`		`-impl std::fmt::Display for Session {`
	`41`	`+impl<'a> std::fmt::Display for Session<'a> {`
`42`	`42`	`fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {`
`43`	`43`	`write!(f, "{}", self.handle)`
`44`	`44`	`}`
`45`	`45`	`}`
`46`	`46`
`47`		`-impl std::fmt::LowerHex for Session {`
	`47`	`+impl<'a> std::fmt::LowerHex for Session<'a> {`
`48`	`48`	`fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {`
`49`	`49`	`write!(f, "{:08x}", self.handle)`
`50`	`50`	`}`
`51`	`51`	`}`
`52`	`52`
`53`		`-impl std::fmt::UpperHex for Session {`
	`53`	`+impl<'a> std::fmt::UpperHex for Session<'a> {`
`54`	`54`	`fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {`
`55`	`55`	`write!(f, "{:08X}", self.handle)`
`56`	`56`	`}`
`57`	`57`	`}`
`58`	`58`
`59`		`-// Session does not implement Sync to prevent the same Session instance to be used from multiple`
`60`		`-// threads.`
`61`		`-unsafe impl Send for Session {}`
`62`		`-`
`63`		`-impl Session {`
`64`		`- pub(crate) fn new(handle: CK_SESSION_HANDLE, client: Pkcs11) -> Self {`
	`59`	`+impl<'a> Session<'a> {`
	`60`	`+ pub(crate) fn new(handle: CK_SESSION_HANDLE, client: &'a Pkcs11) -> Self {`
`65`	`61`	`Session {`
`66`	`62`	`handle,`
`67`	`63`	`client,`
`@@ -70,7 +66,7 @@ impl Session {`
`70`	`66`	`}`
`71`	`67`	`}`
`72`	`68`
`73`		`-impl Session {`
	`69`	`+impl<'a> Session<'a> {`
`74`	`70`	`/// Close a session`
`75`	`71`	`/// This will be called on drop as well.`
`76`	`72`	`pub fn close(self) {}`