context: Try PKCS #11 3.x API to get new interfaces first

Fixes: #209
Signed-off-by: Jakub Jelen <[email protected]>

Author: Jakuje

cryptoki/src/context/general_purpose.rs

@@ -44,6 +44,17 @@ macro_rules! check_fn {
     }};
 }
 
+macro_rules! check_30_fn {
+    ($pkcs11:expr, $func_name:ident) => {{
+        let func = paste! { $pkcs11
+            .impl_
+                .function_list_30
+                .map(|f| f.[<C_ $func_name>])
+        };
+        func.is_some()
+    }};
+}
+
 #[allow(missing_docs)]
 #[derive(Debug, Copy, Clone)]
 /// Enumeration of all functions defined by the PKCS11 spec
@@ -116,6 +127,30 @@ pub enum Function {
     GetFunctionStatus,
     CancelFunction,
     WaitForSlotEvent,
+    GetInterfaceList,
+    GetInterface,
+    LoginUser,
+    SessionCancel,
+    MessageEncryptInit,
+    EncryptMessage,
+    EncryptMessageBegin,
+    EncryptMessageNext,
+    MessageEncryptFinal,
+    MessageDecryptInit,
+    DecryptMessage,
+    DecryptMessageBegin,
+    DecryptMessageNext,
+    MessageDecryptFinal,
+    MessageSignInit,
+    SignMessage,
+    SignMessageBegin,
+    SignMessageNext,
+    MessageSignFinal,
+    MessageVerifyInit,
+    VerifyMessage,
+    VerifyMessageBegin,
+    VerifyMessageNext,
+    MessageVerifyFinal,
 }
 
 impl Display for Function {
@@ -195,5 +230,29 @@ pub(super) fn is_fn_supported(ctx: &Pkcs11, function: Function) -> bool {
         Function::GetFunctionStatus => check_fn!(ctx, GetFunctionStatus),
         Function::CancelFunction => check_fn!(ctx, CancelFunction),
         Function::WaitForSlotEvent => check_fn!(ctx, WaitForSlotEvent),
+        Function::GetInterfaceList => check_30_fn!(ctx, GetInterfaceList),
+        Function::GetInterface => check_30_fn!(ctx, GetInterface),
+        Function::LoginUser => check_30_fn!(ctx, LoginUser),
+        Function::SessionCancel => check_30_fn!(ctx, SessionCancel),
+        Function::MessageEncryptInit => check_30_fn!(ctx, MessageEncryptInit),
+        Function::EncryptMessage => check_30_fn!(ctx, EncryptMessage),
+        Function::EncryptMessageBegin => check_30_fn!(ctx, EncryptMessageBegin),
+        Function::EncryptMessageNext => check_30_fn!(ctx, EncryptMessageNext),
+        Function::MessageEncryptFinal => check_30_fn!(ctx, MessageEncryptFinal),
+        Function::MessageDecryptInit => check_30_fn!(ctx, MessageDecryptInit),
+        Function::DecryptMessage => check_30_fn!(ctx, DecryptMessage),
+        Function::DecryptMessageBegin => check_30_fn!(ctx, DecryptMessageBegin),
+        Function::DecryptMessageNext => check_30_fn!(ctx, DecryptMessageNext),
+        Function::MessageDecryptFinal => check_30_fn!(ctx, MessageDecryptFinal),
+        Function::MessageSignInit => check_30_fn!(ctx, MessageSignInit),
+        Function::SignMessage => check_30_fn!(ctx, SignMessage),
+        Function::SignMessageBegin => check_30_fn!(ctx, SignMessageBegin),
+        Function::SignMessageNext => check_30_fn!(ctx, SignMessageNext),
+        Function::MessageSignFinal => check_30_fn!(ctx, MessageSignFinal),
+        Function::MessageVerifyInit => check_30_fn!(ctx, MessageVerifyInit),
+        Function::VerifyMessage => check_30_fn!(ctx, VerifyMessage),
+        Function::VerifyMessageBegin => check_30_fn!(ctx, VerifyMessageBegin),
+        Function::VerifyMessageNext => check_30_fn!(ctx, VerifyMessageNext),
+        Function::MessageVerifyFinal => check_30_fn!(ctx, MessageVerifyFinal),
     }
 }

cryptoki/src/context/mod.rs

@@ -44,12 +44,14 @@ pub(crate) struct Pkcs11Impl {
     // valid.
     _pkcs11_lib: cryptoki_sys::Pkcs11,
     pub(crate) function_list: cryptoki_sys::CK_FUNCTION_LIST,
+    pub(crate) function_list_30: Option<cryptoki_sys::CK_FUNCTION_LIST_3_0>,
 }
 
 impl fmt::Debug for Pkcs11Impl {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
         f.debug_struct("Pkcs11Impl")
             .field("function_list", &self.function_list)
+            .field("function_list_30", &self.function_list_30)
             .finish()
     }
 }
@@ -111,6 +113,33 @@ impl Pkcs11 {
     }
 
     unsafe fn _new(pkcs11_lib: cryptoki_sys::Pkcs11) -> Result<Self> {
+        /* First try the 3.0 API to get default interface. It might have some more functions than
+         * the 2.4 API */
+        let mut interface = mem::MaybeUninit::uninit();
+        if pkcs11_lib.C_GetInterface.is_ok() {
+            Rv::from(pkcs11_lib.C_GetInterface(ptr::null_mut(), ptr::null_mut(), interface.as_mut_ptr(), 0))
+                .into_result(Function::GetInterface)?;
+            if !interface.as_ptr().is_null() {
+                let ifce_ptr: *mut cryptoki_sys::CK_INTERFACE = *interface.as_ptr();
+                let ifce: cryptoki_sys::CK_INTERFACE = *ifce_ptr;
+
+                let list_ptr: *mut cryptoki_sys::CK_FUNCTION_LIST = ifce.pFunctionList as *mut cryptoki_sys::CK_FUNCTION_LIST;
+                let list: cryptoki_sys::CK_FUNCTION_LIST = *list_ptr;
+                if list.version.major >= 3 {
+                    let list30_ptr: *mut cryptoki_sys::CK_FUNCTION_LIST_3_0 = ifce.pFunctionList as *mut cryptoki_sys::CK_FUNCTION_LIST_3_0;
+                    return Ok(Pkcs11 {
+                        impl_: Arc::new(Pkcs11Impl {
+                            _pkcs11_lib: pkcs11_lib,
+                            function_list: *list_ptr, /* the function list aliases */
+                            function_list_30: Some(*list30_ptr),
+                        }),
+                        initialized: Arc::new(RwLock::new(false)),
+                    });
+                }
+                /* fall back to the 2.* API */
+            }
+        }
+
         let mut list = mem::MaybeUninit::uninit();
 
         Rv::from(pkcs11_lib.C_GetFunctionList(list.as_mut_ptr()))
@@ -122,6 +151,7 @@ impl Pkcs11 {
             impl_: Arc::new(Pkcs11Impl {
                 _pkcs11_lib: pkcs11_lib,
                 function_list: *list_ptr,
+                function_list_30: None,
             }),
             initialized: Arc::new(RwLock::new(false)),
         })