Merge pull request parallaxsecond#59 from mjb3279/clone-context-for-session

Implemented new way of holding the context within the session

Author: ionut-arm

cryptoki/src/context/general_purpose.rs

@@ -5,7 +5,6 @@
 use crate::context::{CInitializeArgs, Info, Pkcs11};
 use crate::error::{Result, Rv};
 use cryptoki_sys::{CK_C_INITIALIZE_ARGS, CK_INFO};
-use std::ptr;
 
 // See public docs on stub in parent mod.rs
 #[inline(always)]
@@ -21,13 +20,6 @@ pub(super) fn initialize(ctx: &Pkcs11, init_args: CInitializeArgs) -> Result<()>
     }
 }
 
-#[inline(always)]
-pub(super) fn finalize_private(ctx: &Pkcs11) -> Result<()> {
-    // Safe because Session contain a reference to self so that this function can not be called
-    // while there are live Session instances.
-    unsafe { Rv::from(get_pkcs11!(ctx, C_Finalize)(ptr::null_mut())).into_result() }
-}
-
 // See public docs on stub in parent mod.rs
 #[inline(always)]
 pub(super) fn get_library_info(ctx: &Pkcs11) -> Result<Info> {

cryptoki/src/context/mod.rs

@@ -6,6 +6,7 @@
 macro_rules! get_pkcs11 {
     ($pkcs11:expr, $func_name:ident) => {
         ($pkcs11
+            .impl_
             .function_list
             .$func_name
             .ok_or(crate::error::Error::NullFunctionPointer)?)
@@ -32,18 +33,50 @@ use derivative::Derivative;
 use log::error;
 use std::mem;
 use std::path::Path;
+use std::ptr;
+use std::sync::Arc;
 
-/// Main PKCS11 context. Should usually be unique per application.
 #[derive(Derivative)]
 #[derivative(Debug)]
-pub struct Pkcs11 {
+// Implementation of Pkcs11 class that can be enclosed in a single Arc
+pub(crate) struct Pkcs11Impl {
     // Even if this field is never read, it is needed for the pointers in function_list to remain
     // valid.
     #[derivative(Debug = "ignore")]
     _pkcs11_lib: cryptoki_sys::Pkcs11,
     pub(crate) function_list: cryptoki_sys::_CK_FUNCTION_LIST,
 }
 
+impl Pkcs11Impl {
+    // Private finalize call
+    #[inline(always)]
+    fn finalize(&self) -> Result<()> {
+        unsafe {
+            Rv::from(self
+                .function_list
+                .C_Finalize
+                .ok_or(Error::NullFunctionPointer)?(
+                ptr::null_mut()
+            ))
+            .into_result()
+        }
+    }
+}
+
+impl Drop for Pkcs11Impl {
+    fn drop(&mut self) {
+        if let Err(e) = self.finalize() {
+            error!("Failed to finalize: {}", e);
+        }
+    }
+}
+
+/// Main PKCS11 context. Should usually be unique per application.
+#[derive(Clone, Debug)]
+pub struct Pkcs11 {
+    pub(crate) impl_: Arc<Pkcs11Impl>,
+}
+
 impl Pkcs11 {
     /// Instantiate a new context from the path of a PKCS11 dynamic llibrary implementation.
     pub fn new<P>(filename: P) -> Result<Self>
@@ -60,8 +93,10 @@ impl Pkcs11 {
             let list_ptr = *list.as_ptr();
 
             Ok(Pkcs11 {
-                _pkcs11_lib: pkcs11_lib,
-                function_list: *list_ptr,
+                impl_: Arc::new(Pkcs11Impl {
+                    _pkcs11_lib: pkcs11_lib,
+                    function_list: *list_ptr,
+                }),
             })
         }
     }
@@ -127,11 +162,3 @@ impl Pkcs11 {
         session_management::open_session_no_callback(self, slot_id, flags)
     }
 }
-
-impl Drop for Pkcs11 {
-    fn drop(&mut self) {
-        if let Err(e) = general_purpose::finalize_private(self) {
-            error!("Failed to finalize: {}", e);
-        }
-    }
-}

cryptoki/src/context/session_management.rs

@@ -29,5 +29,5 @@ pub(super) fn open_session_no_callback(
         .into_result()?;
     }
 
-    Ok(Session::new(session_handle, ctx))
+    Ok(Session::new(session_handle, ctx.clone()))
 }

cryptoki/src/session/decryption.rs

@@ -12,7 +12,7 @@ use std::convert::TryInto;
 // See public docs on stub in parent mod.rs
 #[inline(always)]
 pub(super) fn decrypt(
-    session: &Session<'_>,
+    session: &Session,
     mechanism: &Mechanism,
     key: ObjectHandle,
     encrypted_data: &[u8],

cryptoki/src/session/encryption.rs

@@ -12,7 +12,7 @@ use std::convert::TryInto;
 // See public docs on stub in parent mod.rs
 #[inline(always)]
 pub fn encrypt(
-    session: &Session<'_>,
+    session: &Session,
     mechanism: &Mechanism,
     key: ObjectHandle,
     data: &[u8],

cryptoki/src/session/key_management.rs

@@ -12,7 +12,7 @@ use std::convert::TryInto;
 // See public docs on stub in parent mod.rs
 #[inline(always)]
 pub(super) fn generate_key(
-    session: &Session<'_>,
+    session: &Session,
     mechanism: &Mechanism,
     template: &[Attribute],
 ) -> Result<ObjectHandle> {
@@ -36,7 +36,7 @@ pub(super) fn generate_key(
 // See public docs on stub in parent mod.rs
 #[inline(always)]
 pub(super) fn generate_key_pair(
-    session: &Session<'_>,
+    session: &Session,
     mechanism: &Mechanism,
     pub_key_template: &[Attribute],
     priv_key_template: &[Attribute],
@@ -71,7 +71,7 @@ pub(super) fn generate_key_pair(
 // See public docs on stub in parent mod.rs
 #[inline(always)]
 pub(super) fn derive_key(
-    session: &Session<'_>,
+    session: &Session,
     mechanism: &Mechanism,
     base_key: ObjectHandle,
     template: &[Attribute],
@@ -97,7 +97,7 @@ pub(super) fn derive_key(
 // See public docs on stub in parent mod.rs
 #[inline(always)]
 pub(super) fn wrap_key(
-    session: &Session<'_>,
+    session: &Session,
     mechanism: &Mechanism,
     wrapping_key: ObjectHandle,
     key: ObjectHandle,
@@ -135,7 +135,7 @@ pub(super) fn wrap_key(
 // See public docs on stub in parent mod.rs
 #[inline(always)]
 pub(super) fn unwrap_key(
-    session: &Session<'_>,
+    session: &Session,
     mechanism: &Mechanism,
     unwrapping_key: ObjectHandle,
     wrapped_key: &[u8],

cryptoki/src/session/mod.rs

@@ -14,6 +14,7 @@ use log::error;
 use std::collections::HashMap;
 use std::convert::TryInto;
 use std::fmt::Formatter;
+use std::marker::PhantomData;
 use std::ops::Deref;
 
 mod decryption;
@@ -35,46 +36,46 @@ pub use flags::*;
 /// threads. A Session needs to be created in its own thread or to be passed by ownership to
 /// another thread.
 #[derive(Debug)]
-pub struct Session<'a> {
+pub struct Session {
     handle: CK_SESSION_HANDLE,
-    client: &'a Pkcs11,
+    client: Pkcs11,
     // This is not used but to prevent Session to automatically implement Send and Sync
-    _guard: *mut u32,
+    _guard: PhantomData<*mut u32>,
 }
 
-impl std::fmt::Display for Session<'_> {
+impl std::fmt::Display for Session {
     fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
         write!(f, "{}", self.handle)
     }
 }
 
-impl std::fmt::LowerHex for Session<'_> {
+impl std::fmt::LowerHex for Session {
     fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
         write!(f, "{:08x}", self.handle)
     }
 }
 
-impl std::fmt::UpperHex for Session<'_> {
+impl std::fmt::UpperHex for Session {
     fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
         write!(f, "{:08X}", self.handle)
     }
 }
 
 // Session does not implement Sync to prevent the same Session instance to be used from multiple
 // threads.
-unsafe impl<'a> Send for Session<'a> {}
+unsafe impl Send for Session {}
 
-impl<'a> Session<'a> {
-    pub(crate) fn new(handle: CK_SESSION_HANDLE, client: &'a Pkcs11) -> Self {
+impl Session {
+    pub(crate) fn new(handle: CK_SESSION_HANDLE, client: Pkcs11) -> Self {
         Session {
             handle,
             client,
-            _guard: std::ptr::null_mut::<u32>(),
+            _guard: PhantomData,
         }
     }
 }
 
-impl Session<'_> {
+impl Session {
     /// Initialize the normal user's pin for a token
     pub fn init_pin(&self, pin: &str) -> Result<()> {
         slot_token_management::init_pin(self, pin)
@@ -339,11 +340,11 @@ impl Session<'_> {
     }
 
     pub(crate) fn client(&self) -> &Pkcs11 {
-        self.client
+        &self.client
     }
 }
 
-impl Drop for Session<'_> {
+impl Drop for Session {
     fn drop(&mut self) {
         if let Err(e) = session_management::close_private(self) {
             error!("Failed to close session: {}", e);

cryptoki/src/session/object_management.rs

@@ -14,10 +14,7 @@ const MAX_OBJECT_COUNT: usize = 10;
 
 // See public docs on stub in parent mod.rs
 #[inline(always)]
-pub(super) fn find_objects(
-    session: &Session<'_>,
-    template: &[Attribute],
-) -> Result<Vec<ObjectHandle>> {
+pub(super) fn find_objects(session: &Session, template: &[Attribute]) -> Result<Vec<ObjectHandle>> {
     let mut template: Vec<CK_ATTRIBUTE> = template.iter().map(|attr| attr.into()).collect();
 
     unsafe {
@@ -71,7 +68,7 @@ pub(super) fn find_objects(
 
 // See public docs on stub in parent mod.rs
 #[inline(always)]
-pub(super) fn create_object(session: &Session<'_>, template: &[Attribute]) -> Result<ObjectHandle> {
+pub(super) fn create_object(session: &Session, template: &[Attribute]) -> Result<ObjectHandle> {
     let mut template: Vec<CK_ATTRIBUTE> = template.iter().map(|attr| attr.into()).collect();
     let mut object_handle = 0;
 
@@ -90,7 +87,7 @@ pub(super) fn create_object(session: &Session<'_>, template: &[Attribute]) -> Re
 
 // See public docs on stub in parent mod.rs
 #[inline(always)]
-pub(super) fn destroy_object(session: &Session<'_>, object: ObjectHandle) -> Result<()> {
+pub(super) fn destroy_object(session: &Session, object: ObjectHandle) -> Result<()> {
     unsafe {
         Rv::from(get_pkcs11!(session.client(), C_DestroyObject)(
             session.handle(),
@@ -103,7 +100,7 @@ pub(super) fn destroy_object(session: &Session<'_>, object: ObjectHandle) -> Res
 // See public docs on stub in parent mod.rs
 #[inline(always)]
 pub(super) fn get_attribute_info(
-    session: &Session<'_>,
+    session: &Session,
     object: ObjectHandle,
     attributes: &[AttributeType],
 ) -> Result<Vec<AttributeInfo>> {
@@ -136,7 +133,7 @@ pub(super) fn get_attribute_info(
 // See public docs on stub in parent mod.rs
 #[inline(always)]
 pub(super) fn get_attribute_info_map(
-    session: &Session<'_>,
+    session: &Session,
     object: ObjectHandle,
     attributes: Vec<AttributeType>,
 ) -> Result<HashMap<AttributeType, AttributeInfo>> {
@@ -152,7 +149,7 @@ pub(super) fn get_attribute_info_map(
 // See public docs on stub in parent mod.rs
 #[inline(always)]
 pub(super) fn get_attributes(
-    session: &Session<'_>,
+    session: &Session,
     object: ObjectHandle,
     attributes: &[AttributeType],
 ) -> Result<Vec<Attribute>> {

cryptoki/src/session/random.rs

@@ -8,7 +8,7 @@ use std::convert::TryInto;
 
 // See public docs on stub in parent mod.rs
 #[inline(always)]
-pub(super) fn generate_random_slice(session: &Session<'_>, random_data: &mut [u8]) -> Result<()> {
+pub(super) fn generate_random_slice(session: &Session, random_data: &mut [u8]) -> Result<()> {
     unsafe {
         Rv::from(get_pkcs11!(session.client(), C_GenerateRandom)(
             session.handle(),
@@ -22,7 +22,7 @@ pub(super) fn generate_random_slice(session: &Session<'_>, random_data: &mut [u8
 
 // See public docs on stub in parent mod.rs
 #[inline(always)]
-pub(super) fn generate_random_vec(session: &Session<'_>, random_len: u32) -> Result<Vec<u8>> {
+pub(super) fn generate_random_vec(session: &Session, random_len: u32) -> Result<Vec<u8>> {
     let mut result: Vec<u8> = vec![0; random_len as usize];
     unsafe {
         Rv::from(get_pkcs11!(session.client(), C_GenerateRandom)(
@@ -37,7 +37,7 @@ pub(super) fn generate_random_vec(session: &Session<'_>, random_len: u32) -> Res
 
 // See public docs on stub in parent mod.rs
 #[inline(always)]
-pub(super) fn seed_random(session: &Session<'_>, seed: &[u8]) -> Result<()> {
+pub(super) fn seed_random(session: &Session, seed: &[u8]) -> Result<()> {
     unsafe {
         Rv::from(get_pkcs11!(session.client(), C_SeedRandom)(
             session.handle(),

cryptoki/src/session/session_management.rs

@@ -9,7 +9,7 @@ use std::convert::TryInto;
 
 // See public docs on close() in parent mod.rs
 #[inline(always)]
-pub(super) fn close_private(session: &Session<'_>) -> Result<()> {
+pub(super) fn close_private(session: &Session) -> Result<()> {
     unsafe {
         Rv::from(get_pkcs11!(session.client(), C_CloseSession)(
             session.handle(),
@@ -20,7 +20,7 @@ pub(super) fn close_private(session: &Session<'_>) -> Result<()> {
 
 // See public docs on stub in parent mod.rs
 #[inline(always)]
-pub(super) fn login(session: &Session<'_>, user_type: UserType, pin: Option<&str>) -> Result<()> {
+pub(super) fn login(session: &Session, user_type: UserType, pin: Option<&str>) -> Result<()> {
     let (pin, pin_len) = match pin {
         Some(pin) => (pin.as_ptr() as *mut u8, pin.len()),
         None => (std::ptr::null_mut(), 0),
@@ -38,13 +38,13 @@ pub(super) fn login(session: &Session<'_>, user_type: UserType, pin: Option<&str
 
 // See public docs on stub in parent mod.rs
 #[inline(always)]
-pub(super) fn logout(session: &Session<'_>) -> Result<()> {
+pub(super) fn logout(session: &Session) -> Result<()> {
     unsafe { Rv::from(get_pkcs11!(session.client(), C_Logout)(session.handle())).into_result() }
 }
 
 // See public docs on stub in parent mod.rs
 #[inline(always)]
-pub(super) fn get_session_info(session: &Session<'_>) -> Result<SessionInfo> {
+pub(super) fn get_session_info(session: &Session) -> Result<SessionInfo> {
     let mut session_info = CK_SESSION_INFO::default();
     unsafe {
         Rv::from(get_pkcs11!(session.client(), C_GetSessionInfo)(

cryptoki/src/session/signing_macing.rs

@@ -12,7 +12,7 @@ use std::convert::TryInto;
 // See public docs on stub in parent mod.rs
 #[inline(always)]
 pub(super) fn sign(
-    session: &Session<'_>,
+    session: &Session,
     mechanism: &Mechanism,
     key: ObjectHandle,
     data: &[u8],
@@ -63,7 +63,7 @@ pub(super) fn sign(
 // See public docs on stub in parent mod.rs
 #[inline(always)]
 pub(super) fn verify(
-    session: &Session<'_>,
+    session: &Session,
     mechanism: &Mechanism,
     key: ObjectHandle,
     data: &[u8],