parallaxsecond
diff --git a/‎.github/actions/ci_script/action.yml
Lines changed: 0 additions & 37 deletions b/‎.github/actions/ci_script/action.yml
Lines changed: 0 additions & 37 deletions
diff --git a/‎.github/workflows/ci.yml
Lines changed: 108 additions & 25 deletions b/‎.github/workflows/ci.yml
Lines changed: 108 additions & 25 deletions
diff --git a/‎.github/workflows/nightly.yml
Lines changed: 0 additions & 41 deletions b/‎.github/workflows/nightly.yml
Lines changed: 0 additions & 41 deletions
diff --git a/‎ci.sh
Lines changed: 0 additions & 40 deletions b/‎ci.sh
Lines changed: 0 additions & 40 deletions
diff --git a/‎cryptoki-sys/Cargo.toml
Lines changed: 1 addition & 1 deletion b/‎cryptoki-sys/Cargo.toml
Lines changed: 1 addition & 1 deletion
diff --git a/‎cryptoki/Cargo.toml
Lines changed: 1 addition & 1 deletion b/‎cryptoki/Cargo.toml
Lines changed: 1 addition & 1 deletion
diff --git a/‎cryptoki/src/mechanism/elliptic_curve.rs
Lines changed: 58 additions & 11 deletions b/‎cryptoki/src/mechanism/elliptic_curve.rs
Lines changed: 58 additions & 11 deletions
@@ -21,6 +21,14 @@ jobs:
       - name: Check formatting
         run: cargo fmt --all -- --check
 
+  lints:
+    name: Check lints with clippy
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Check formatting
+        run: cargo clippy --all-targets -- -D clippy::all -D clippy::cargo
+
   docs:
     name: Check documentation
     runs-on: ubuntu-latest
@@ -29,17 +37,105 @@ jobs:
       - name: Check documentation
         run: RUSTDOCFLAGS="-Dwarnings" cargo doc --document-private-items --no-deps
 
-  build:
-    name: Execute CI script
+  check:
+    name: Check for errors
     runs-on: ubuntu-latest
+    continue-on-error: true
+    strategy:
+      matrix:
+        target:
+          - x86_64-unknown-linux-gnu
+          - armv7-unknown-linux-gnueabi
+          - armv7-unknown-linux-gnueabihf
+          - arm-unknown-linux-gnueabi
+          - aarch64-unknown-linux-gnu
+          - i686-unknown-linux-gnu
+          - loongarch64-unknown-linux-gnu
+          - powerpc64-unknown-linux-gnu
+          - powerpc64le-unknown-linux-gnu
+          - x86_64-pc-windows-msvc
+          - x86_64-apple-darwin
+          - aarch64-apple-darwin
+          - x86_64-unknown-freebsd
+          - riscv64gc-unknown-linux-gnu
+        toolchain:
+          - stable
+          - "1.77" # MSRV
     steps:
       - uses: actions/checkout@v4
       - name: Setup Rust toolchain
         uses: actions-rs/toolchain@v1
         with:
-          toolchain: stable
-      - name: "Installs SoftHSM and execute tests"
-        uses: ./.github/actions/ci_script
+          toolchain: ${{ matrix.toolchain }}
+          default: true
+      - name: Install Rust target
+        run: rustup target add ${{ matrix.target }}
+      - name: Check source
+        run: cargo check --target ${{ matrix.target }} --workspace --all-targets
+      - name: Check all features source
+        run: cargo check --target ${{ matrix.target }} --all-features --workspace --all-targets
+
+  check-matrix:
+    name: Check if all checks succeeded
+    if: always()
+    needs:
+      - check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Decide whether the needed jobs succeeded or failed
+        uses: re-actors/alls-green@release/v1
+        with:
+          jobs: ${{ toJSON(needs) }}
+
+  tests-softhsm:
+    name: Run tests against SoftHSM
+    continue-on-error: true
+    strategy:
+      matrix:
+        target:
+          - x86_64-unknown-linux-gnu
+          - i686-unknown-linux-gnu
+          - aarch64-unknown-linux-gnu
+        toolchain:
+          - stable
+          - "1.77" # MSRV
+        include:
+          - target: x86_64-unknown-linux-gnu
+            runner: ubuntu-latest
+          - target: i686-unknown-linux-gnu
+            runner: ubuntu-latest
+          - target: aarch64-unknown-linux-gnu
+            runner: ubuntu-24.04-arm
+    runs-on: ${{ matrix.runner }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Rust toolchain
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ matrix.toolchain }}
+          default: true
+      - name: Install SoftHSM
+        run: |
+          if [ "${{ matrix.target }}" = "i686-unknown-linux-gnu" ]; then
+            sudo dpkg --add-architecture i386
+            sudo apt-get update -y -qq
+            sudo apt-get install -y -qq gcc-multilib:i386 libsofthsm2:i386 gcc:i386
+          else
+            sudo apt-get update -y -qq
+            sudo apt-get install -y -qq libsofthsm2
+          fi
+          mkdir /tmp/tokens
+          echo "directories.tokendir = /tmp/tokens" > /tmp/softhsm2.conf
+      - name: Install Rust target
+        run: rustup target add ${{ matrix.target }}
+      - name: Check
+        run: cargo check --target ${{ matrix.target }} --workspace --all-targets
+      - name: Test script
+        env:
+          TEST_PKCS11_MODULE: /usr/lib/softhsm/libsofthsm2.so
+          SOFTHSM2_CONF: /tmp/softhsm2.conf
+          RUSTFLAGS: "-D warnings"
+        run: RUST_BACKTRACE=1 cargo test --target ${{ matrix.target }}
 
   build-windows:
     name: Build on Windows
@@ -65,27 +161,14 @@ jobs:
           RUST_BACKTRACE=1 cargo build --all-features &&
           RUST_BACKTRACE=1 cargo test
 
-
-  build-msrv:
-    name: MSRV - Execute CI script
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup Rust toolchain on MSRV
-        uses: actions-rs/toolchain@v1
-        with:
-          toolchain: 1.66.0
-      - name: "Installs SoftHSM and execute tests"
-        uses: ./.github/actions/ci_script
-
   links:
     name: Check links
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
-    - name: Link Checker
-      uses: peter-evans/link-checker@v1
-      with:
-        args: -v -r *.md
-    - name: Fail if there were link errors
-      run: exit ${{ steps.lc.outputs.exit_code }}
+      - uses: actions/checkout@v4
+      - name: Link Checker
+        uses: peter-evans/link-checker@v1
+        with:
+          args: -v -r *.md
+      - name: Fail if there were link errors
+        run: exit ${{ steps.lc.outputs.exit_code }}
@@ -28,47 +28,6 @@ jobs:
       - name: Execute cargo udeps
         run: cargo +nightly udeps
 
-  build:
-    name: Execute builds with updated dependencies
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup Rust toolchain
-        uses: actions-rs/toolchain@v1
-        with:
-          toolchain: stable
-
-      - name: Install SoftHSM
-        run: |
-          sudo apt-get update -y -qq &&
-          sudo apt-get install -y -qq libsofthsm2 &&
-          mkdir /tmp/tokens
-          echo "directories.tokendir = /tmp/tokens" > /tmp/softhsm2.conf
-
-      - name: Install Rust targets
-        run: |
-          rustup target add armv7-unknown-linux-gnueabi &&
-          rustup target add armv7-unknown-linux-gnueabihf &&
-          rustup target add arm-unknown-linux-gnueabi &&
-          rustup target add aarch64-unknown-linux-gnu &&
-          rustup target add i686-unknown-linux-gnu &&
-          rustup target add powerpc64-unknown-linux-gnu &&
-          rustup target add powerpc64le-unknown-linux-gnu &&
-          rustup target add x86_64-pc-windows-msvc &&
-          rustup target add x86_64-apple-darwin &&
-          rustup target add aarch64-apple-darwin &&
-          rustup target add x86_64-unknown-freebsd
-          rustup target add loongarch64-unknown-linux-gnu
-          rustup target add riscv64gc-unknown-linux-gnu
-
-      - name: Test script
-        env:
-          TEST_PKCS11_MODULE: /usr/lib/softhsm/libsofthsm2.so
-          SOFTHSM2_CONF: /tmp/softhsm2.conf
-        run: |
-          rm Cargo.lock
-          ./ci.sh
-
   audit:
     name: Check for crates with security vulnerabilities
     runs-on: ubuntu-latest
 
@@ -10,7 +10,7 @@ categories = ["api-bindings", "external-ffi-bindings", "cryptography", "hardware
 license = "Apache-2.0"
 repository = "https://github.com/parallaxsecond/rust-cryptoki"
 documentation = "https://docs.rs/crate/cryptoki-sys"
-rust-version = "1.77.0"
+rust-version = "1.77"
 
 [build-dependencies]
 bindgen = { version = "0.72.0", optional = true }
 
@@ -10,7 +10,7 @@ categories = ["api-bindings", "external-ffi-bindings", "cryptography", "hardware
 license = "Apache-2.0"
 repository = "https://github.com/parallaxsecond/rust-cryptoki"
 documentation = "https://docs.rs/crate/cryptoki"
-rust-version = "1.77.0"
+rust-version = "1.77"
 
 [dependencies]
 bitflags = "2.9.1"
 
@@ -82,7 +82,45 @@ pub struct EcKdf<'a> {
     shared_data: Option<&'a [u8]>,
 }
 
-impl EcKdf<'_> {
+macro_rules! ansi {
+    { $func_name: ident, $algo: ident, $algo_name: literal } => {
+        #[doc = "The key derivation function based on "]
+        #[doc = $algo_name]
+        #[doc = " as defined in the ANSI X9.63 standard. The
+                 derived key is produced by concatenating hashes of
+                 the shared value followed by 00000001, 00000002,
+                 etc. until we find enough bytes to fill the
+                 `CKA_VALUE_LEN` of the derived key."]
+        pub fn $func_name(shared_data: &'a [u8]) -> Self {
+            Self {
+                kdf_type: $algo,
+                shared_data: Some(shared_data),
+            }
+        }
+    }
+}
+
+macro_rules! sp800 {
+    { $func_name: ident, $algo: ident, $algo_name: literal } => {
+        #[doc = "The key derivation function based on "]
+        #[doc = $algo_name]
+        #[doc = " as defined in the [NIST SP800-56A standard, revision
+                 2](http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf),
+                 section 5.8.1.1. The derived key is produced by
+                 concatenating hashes of 00000001, 00000002,
+                 etc. followed by the shared value until we find
+                 enough bytes to fill the `CKA_VALUE_LEN` of the
+                 derived key."]
+        pub fn $func_name(shared_data: &'a [u8]) -> Self {
+            Self {
+                kdf_type: $algo,
+                shared_data: Some(shared_data),
+            }
+        }
+    }
+}
+
+impl<'a> EcKdf<'a> {
     /// The null transformation. The derived key value is produced by
     /// taking bytes from the left of the agreed value. The new key
     /// size is limited to the size of the agreed value.
@@ -93,16 +131,25 @@ impl EcKdf<'_> {
         }
     }
 
-    /// The key derivation function based on sha256 as defined in the ANSI X9.63 standard. The
-    /// derived key is produced by concatenating hashes of the shared
-    /// value followed by 00000001, 00000002, etc. until we find
-    /// enough bytes to fill the `CKA_VALUE_LEN` of the derived key.
-    pub fn sha256() -> Self {
-        Self {
-            kdf_type: CKD_SHA256_KDF,
-            shared_data: None,
-        }
-    }
+    ansi!(sha1, CKD_SHA1_KDF, "SHA1");
+    ansi!(sha224, CKD_SHA224_KDF, "SHA224");
+    ansi!(sha256, CKD_SHA256_KDF, "SHA256");
+    ansi!(sha384, CKD_SHA384_KDF, "SHA384");
+    ansi!(sha512, CKD_SHA512_KDF, "SHA512");
+    ansi!(sha3_224, CKD_SHA3_224_KDF, "SHA3_224");
+    ansi!(sha3_256, CKD_SHA3_256_KDF, "SHA3_256");
+    ansi!(sha3_384, CKD_SHA3_384_KDF, "SHA3_384");
+    ansi!(sha3_512, CKD_SHA3_512_KDF, "SHA3_512");
+
+    sp800!(sha1_sp800, CKD_SHA1_KDF_SP800, "SHA1");
+    sp800!(sha224_sp800, CKD_SHA224_KDF_SP800, "SHA224");
+    sp800!(sha256_sp800, CKD_SHA256_KDF_SP800, "SHA256");
+    sp800!(sha384_sp800, CKD_SHA384_KDF_SP800, "SHA384");
+    sp800!(sha512_sp800, CKD_SHA512_KDF_SP800, "SHA512");
+    sp800!(sha3_224_sp800, CKD_SHA3_224_KDF_SP800, "SHA3_224");
+    sp800!(sha3_256_sp800, CKD_SHA3_256_KDF_SP800, "SHA3_256");
+    sp800!(sha3_384_sp800, CKD_SHA3_384_KDF_SP800, "SHA3_384");
+    sp800!(sha3_512_sp800, CKD_SHA3_512_KDF_SP800, "SHA3_512");
 
     // The intention here is to be able to support other methods with
     // shared data, without it being a breaking change, by just adding