diff --git a/.cargo/audit.toml b/.cargo/audit.toml deleted file mode 100644 index 129db04df..000000000 --- a/.cargo/audit.toml +++ /dev/null @@ -1,45 +0,0 @@ -# -# All of the options which can be passed via CLI arguments can also be -# permanently specified in this file. - -[advisories] -# Security check -# Failing because mysql has some dependencies with problems but cannot be upgraded -# because new versions of bitvec/funty are incompatible with some of our crypto dependencies. -# All the 2023 are open SSl related but cannot be easily fixed by simply upgrading dependencies -ignore = [ - "RUSTSEC-2020-0071", # crate time in 2 versions (one not upgradable)... - "RUSTSEC-2023-0006", # openssl-src - "RUSTSEC-2023-0007", # openssl-src - "RUSTSEC-2023-0009", # openssl-src - "RUSTSEC-2023-0010", # openssl-src - "RUSTSEC-2023-0018", # openssl-src - "RUSTSEC-2023-0034", # openssl-src - "RUSTSEC-2023-0071", # rsa - "RUSTSEC-2023-0079", # pqc-kyber -] -# informational_warnings = ["unmaintained"] # warn for categories of informational advisories -# severity_threshold = "low" # CVSS severity ("none", "low", "medium", "high", "critical") - -# # Advisory Database Configuration -# [database] -# path = "~/.cargo/advisory-db" # Path where advisory git repo will be cloned -# url = "https://github.com/RustSec/advisory-db.git" # URL to git repo -# fetch = true # Perform a `git fetch` before auditing (default: true) -# stale = false # Allow stale advisory DB (i.e. no commits for 90 days, default: false) - -# # Output Configuration -# [output] -# deny = ["unmaintained"] # exit on error if unmaintained dependencies are found -# format = "terminal" # "terminal" (human readable report) or "json" -# quiet = false # Only print information on error -# show_tree = true # Show inverse dependency trees along with advisories (default: true) - -# # Target Configuration -# [target] -# arch = "x86_64" # Ignore advisories for CPU architectures other than this one -# os = "linux" # Ignore advisories for operating systems other than this one - -# [yanked] -# enabled = true # Warn for yanked crates in Cargo.lock (default: true) -# update_index = true # Auto-update the crates.io index (default: true) diff --git a/.github/workflows/build_all.yml b/.github/workflows/build_all.yml index 4e934abf4..72d1ab5b4 100644 --- a/.github/workflows/build_all.yml +++ b/.github/workflows/build_all.yml @@ -21,9 +21,9 @@ jobs: cargo build cd ../server cargo build - cd ../pkcs11 + cd ../pkcs11/provider cargo build - cd ../.. + cd ../../.. # Check binaries target/debug/ckms -h @@ -47,9 +47,9 @@ jobs: cargo build cd ../server cargo build - cd ../pkcs11 + cd ../pkcs11/provider cargo build - cd ../.. + cd ../../.. # Check binaries target/debug/ckms -h @@ -73,9 +73,9 @@ jobs: cargo build --features fips cd ../server cargo build --features fips - cd ../pkcs11 + cd ../pkcs11/provider cargo build - cd ../.. + cd ../../.. # Check binaries target/debug/ckms -h @@ -101,9 +101,9 @@ jobs: cargo build cd ../server cargo build - cd ../pkcs11 + cd ../pkcs11/provider cargo build - cd ../.. + cd ../../.. # Check binaries target/debug/ckms -h @@ -128,9 +128,9 @@ jobs: cargo build --features fips cd ../server cargo build --features fips - cd ../pkcs11 + cd ../pkcs11/provider cargo build - cd ../.. + cd ../../.. # Check binaries target/debug/ckms -h @@ -157,9 +157,9 @@ jobs: ldd ../../target/debug/ckms | grep ssl && exit 1 cd ../server cargo build - cd ../pkcs11 + cd ../pkcs11/provider cargo build - cd ../.. + cd ../../.. # Check binaries target/debug/ckms -h @@ -185,12 +185,10 @@ jobs: cd crate/cli cargo build --target x86_64-pc-windows-gnu - # The `pkcs11` crate build FAILS on debug with: - # /usr/bin/x86_64-w64-mingw32-ld: error: export ordinal too large: 85394 # build pkcs11 provider - # cd ../pkcs11 - # cargo build --target x86_64-pc-windows-gnu - cd ../.. + cd ../pkcs11/provider + cargo build --release --target x86_64-pc-windows-gnu + cd ../../.. sudo mkdir -p /usr/local/openssl sudo chown -R $USER /usr/local/openssl @@ -201,7 +199,7 @@ jobs: artifacts: | target/x86_64-pc-windows-gnu/debug/ckms.exe target/x86_64-pc-windows-gnu/debug/cosmian_kms_server.exe - # target/x86_64-pc-windows-gnu/debug/ckms_pkcs11.dll + target/x86_64-pc-windows-gnu/release/ckms_pkcs11.dll mac-tests: uses: ./.github/workflows/build_generic.yml @@ -217,9 +215,9 @@ jobs: cd crate/cli cargo build --target x86_64-apple-darwin otool -L ../../target/x86_64-apple-darwin/debug/ckms | grep openssl && exit 1 - cd ../pkcs11 + cd ../pkcs11/provider cargo build --target x86_64-apple-darwin - cd ../server + cd ../../server cargo build --target x86_64-apple-darwin cd ../.. diff --git a/.github/workflows/build_all_release.yml b/.github/workflows/build_all_release.yml index 80a5d5dcf..e10ff8505 100644 --- a/.github/workflows/build_all_release.yml +++ b/.github/workflows/build_all_release.yml @@ -21,9 +21,9 @@ jobs: cargo build --release cd ../server cargo build --release - cd ../pkcs11 + cd ../pkcs11/provider cargo build --release - cd ../.. + cd ../../.. # Check binaries target/release/ckms -h @@ -45,9 +45,9 @@ jobs: cargo build --release cd ../server cargo build --release - cd ../pkcs11 + cd ../pkcs11/provider cargo build --release - cd ../.. + cd ../../.. # Check binaries target/release/ckms -h @@ -69,9 +69,9 @@ jobs: cargo build --release --features fips cd ../server cargo build --release --features fips - cd ../pkcs11 + cd ../pkcs11/provider cargo build --release - cd ../.. + cd ../../.. # Check binaries target/release/ckms -h @@ -95,9 +95,9 @@ jobs: cargo build --release cd ../server cargo build --release - cd ../pkcs11 + cd ../pkcs11/provider cargo build --release - cd ../.. + cd ../../.. # Check binaries target/release/ckms -h @@ -120,9 +120,9 @@ jobs: cargo build --release --features fips cd ../server cargo build --release --features fips - cd ../pkcs11 + cd ../pkcs11/provider cargo build --release - cd ../.. + cd ../../.. # Check binaries target/release/ckms -h @@ -147,9 +147,9 @@ jobs: ldd ../../target/release/ckms | grep ssl && exit 1 cd ../server cargo build --release - cd ../pkcs11 + cd ../pkcs11/provider cargo build --release - cd ../.. + cd ../../.. # Check binaries target/release/ckms -h @@ -174,9 +174,9 @@ jobs: cargo build --release --target x86_64-pc-windows-gnu # build pkcs11 provider - cd ../pkcs11 + cd ../pkcs11/provider cargo build --release --target x86_64-pc-windows-gnu - cd ../.. + cd ../../.. sudo mkdir -p /usr/local/openssl sudo chown -R $USER /usr/local/openssl @@ -203,9 +203,9 @@ jobs: cd crate/cli cargo build --release --target x86_64-apple-darwin otool -L ../../target/x86_64-apple-darwin/release/ckms | grep openssl && exit 1 - cd ../pkcs11 + cd ../pkcs11/provider cargo build --release --target x86_64-apple-darwin - cd ../server + cd ../../server cargo build --release --target x86_64-apple-darwin cd ../.. diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index db05cbb99..2d87570ec 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -10,14 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: dtolnay/rust-toolchain@stable - - uses: actions/cache@v3 - with: - path: ~/.cargo/bin - key: ${{ runner.os }}-cargo-audit-v0.15.2 - - uses: rustsec/audit-check@v1 - with: - token: ${{ secrets.GITHUB_TOKEN }} + - uses: EmbarkStudios/cargo-deny-action@v1 cargo-lint: uses: ./.github/workflows/clippy.yml @@ -61,7 +54,7 @@ jobs: kms_path: . os: macos-12 - archive_name: windows_tests - kms_path: . + kms_path: debug os: windows-2019 steps: diff --git a/.github/workflows/main_release.yml b/.github/workflows/main_release.yml index 1eb6e7ce8..62308f6d1 100644 --- a/.github/workflows/main_release.yml +++ b/.github/workflows/main_release.yml @@ -5,10 +5,10 @@ on: push: # any tags, including tags with / like v1.0/alpha tags: - - "**" + - '**' schedule: # every day at 3 AM - - cron: "00 3 * * *" + - cron: 00 3 * * * jobs: cargo-audit: @@ -16,14 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: dtolnay/rust-toolchain@stable - - uses: actions/cache@v3 - with: - path: ~/.cargo/bin - key: ${{ runner.os }}-cargo-audit-v0.15.2 - - uses: rustsec/audit-check@v1 - with: - token: ${{ secrets.GITHUB_TOKEN }} + - uses: EmbarkStudios/cargo-deny-action@v1 cargo-lint: uses: ./.github/workflows/clippy.yml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index f34198079..97eb3ea40 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -10,14 +10,14 @@ exclude: crate/cli/test_data|documentation/pandoc|documentation/overrides|enclave|crate/server/src/tests/test_utils.rs|crate/cli/src/tests/utils/test_utils.rs|crate/client/src/lib.rs|crate/cli/src/tests/certificates/openssl.rs|crate/client/src/kms_rest_client.rs|.pre-commit-config.yaml|crate/server/src/routes/google_cse/jwt.rs|crate/server/src/routes/google_cse/python/openssl|documentation/docs/google_cse repos: - repo: https://github.com/compilerla/conventional-pre-commit - rev: v2.1.1 + rev: v3.2.0 hooks: - id: conventional-pre-commit stages: [commit-msg] args: [] # optional: list of Conventional Commits types to allow e.g. [feat, fix, ci, chore, test] - repo: https://github.com/pre-commit/mirrors-prettier - rev: v3.0.0-alpha.4 + rev: v4.0.0-alpha.8 hooks: - id: prettier stages: [commit] @@ -27,7 +27,7 @@ repos: exclude: documentation/theme_overrides/assets - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.32.2 + rev: v0.40.0 hooks: - id: markdownlint-fix args: @@ -50,27 +50,27 @@ repos: - id: markdown-toc - repo: https://github.com/tcort/markdown-link-check - rev: v3.11.2 + rev: v3.12.1 hooks: - id: markdown-link-check args: [-q] exclude: documentation/docs/ms_dke/ms_dke.md - repo: https://github.com/jumanjihouse/pre-commit-hook-yamlfmt - rev: 0.2.2 + rev: 0.2.3 hooks: - id: yamlfmt args: [--mapping, "2", --sequence, "4", --offset, "2"] exclude: ansible - repo: https://github.com/crate-ci/typos - rev: v1.13.1 + rev: v1.21.0 hooks: - id: typos - exclude: documentation/docs/images/google_cse.drawio.svg|crate/test_server/src/test_jwt.rs|crate/pkcs11/documentation/veracrypt_ckms.svg|crate/client/test_data/configs/kms.bad|crate/test_server/certificates/|crate/client/test_data/configs/|crate/server/src/tests/google_cse/ + exclude: documentation/docs/images/google_cse.drawio.svg|crate/test_server/src/test_jwt.rs|crate/pkcs11/documentation/veracrypt_ckms.svg|crate/client/test_data/configs/kms.bad|crate/test_server/certificates/|crate/client/test_data/configs/|crate/server/src/tests/google_cse/|crate/pkcs11/sys/src/ - repo: https://github.com/Lucas-C/pre-commit-hooks - rev: v1.3.1 + rev: v1.5.5 hooks: - id: forbid-crlf - id: remove-crlf @@ -80,7 +80,7 @@ repos: exclude: ^.git/ - repo: https://github.com/sirosen/texthooks - rev: 0.4.0 + rev: 0.6.6 hooks: - id: fix-smartquotes - id: fix-ligatures @@ -94,7 +94,7 @@ repos: - id: shellcheck - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.4.0 + rev: v4.6.0 hooks: - id: check-added-large-files - id: check-ast @@ -128,30 +128,12 @@ repos: exclude: crate/kmip/src/kmip/extra/x509_extensions.rs - repo: https://github.com/psf/black - rev: 22.10.0 + rev: 24.4.2 hooks: - id: black # avoid clash with `double-quote-string-fixer` args: [--skip-string-normalization] - - repo: https://github.com/Cube707/mkdocs - rev: e8733d1373c1543d6052925d3272b2ff51dbb140 - hooks: - - id: mkdocs-build - additional_dependencies: - - mkdocs-plugin-progress - - mkdocs-kroki-plugin - - mkdocs-material - - mkdocs-meta-descriptions-plugin - - markdown-katex - entry: bash -c 'cd documentation && mkdocs build --strict' - - - repo: https://github.com/cisagov/pre-commit-packer - rev: v0.0.2 - hooks: - - id: packer_fmt - - id: packer_validate - - repo: https://github.com/Cosmian/git-hooks.git rev: v1.0.25 hooks: diff --git a/CHANGELOG.md b/CHANGELOG.md index 80dc56edb..6847298a6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,8 +2,23 @@ All notable changes to this project will be documented in this file. +## [4.16.0] - 2024-05-06 + +### Bug Fixes + +- Fixed import of symmetric key tag to '_kk' from '_sk' + +### Features + +- Add support for LUKS via PKCS#11 module +- Add support for CKM_RSA_PKCS (PKCS#1 v1.5) for RSA encryption/decryption + ## [4.15.2] - 2024-05-03 +### Features + +- Create Gmail key pairs and identities with `ckms` via Gmail API ([#243](https://github.com/Cosmian/kms/pull/243)) + ### Bug Fixes - Comment out mermaid configuration @@ -35,14 +50,16 @@ All notable changes to this project will be documented in this file. - Handle many identity providers in jwt authentication - New command line argument `--key-usage` to define key or certificate usage on import -- Exhaustive verification that the key used to perform cryptographic operations is allowed to do them +- Exhaustive verification that the key used to perform cryptographic operations is allowed to do + them - KMIP object creation can now precisely define the usage of the key it describes ## [4.14.2] - 2024-04-05 ### Ci -- Add standalone workflow to test KMS in Cosmian VM ([#233](https://github.com/Cosmian/kms/pull/233)) +- Add standalone workflow to test KMS in Cosmian + VM ([#233](https://github.com/Cosmian/kms/pull/233)) ### Features @@ -63,8 +80,10 @@ All notable changes to this project will be documented in this file. ### Bug Fixes - Fixed double quotes problem in cosmian vm test (CI) -- Fixed trailing null byte bug for biguint/bytes conversions ([#224](https://github.com/Cosmian/kms/pull/224)) -- Make the CLI compile on Windows and MacOS (without openssl installed) ([#209](https://github.com/Cosmian/kms/pull/209)) +- Fixed trailing null byte bug for biguint/bytes + conversions ([#224](https://github.com/Cosmian/kms/pull/224)) +- Make the CLI compile on Windows and macOS (without openssl + installed) ([#209](https://github.com/Cosmian/kms/pull/209)) ### Features @@ -90,11 +109,13 @@ All notable changes to this project will be documented in this file. ### Bug fixes -- `ckms` needs `kmip` dependency with features `openssl` ([#202](https://github.com/Cosmian/kms/pull/202)) +- `ckms` needs `kmip` dependency with + features `openssl` ([#202](https://github.com/Cosmian/kms/pull/202)) ### Ci -- Push GCP images on cosmian-dev and cosmian-public only once ([#203](https://github.com/Cosmian/kms/pull/203)) +- Push GCP images on cosmian-dev and cosmian-public only + once ([#203](https://github.com/Cosmian/kms/pull/203)) ## [4.13.2] - 2024-03-09 @@ -112,11 +133,15 @@ All notable changes to this project will be documented in this file. ### Features -- Save KMIP Attributes in a proper column of `Objects` table [#166](https://github.com/Cosmian/kms/pull/166): +- Save KMIP Attributes in a proper column of `Objects` + table [#166](https://github.com/Cosmian/kms/pull/166): - Remove all custom tags `_cert_spki`, `_cert_cn`, `_cert_issuer` and `_cert_sk` -- Add support for CoverCrypt `rekey`, `prune`, and `Policy` editing methods [#179](https://github.com/Cosmian/kms/pull/179): +- Add support for CoverCrypt `rekey`, `prune`, and `Policy` editing + methods [#179](https://github.com/Cosmian/kms/pull/179): - Add CLI commands to perform these actions -- Accurate CryptographicUsageMask for KMIP creation (RSA and EC keys) [#189](https://github.com/Cosmian/kms/pull/189) and [#187](https://github.com/Cosmian/kms/pull/187). +- Accurate CryptographicUsageMask for KMIP creation (RSA and EC + keys) [#189](https://github.com/Cosmian/kms/pull/189) + and [#187](https://github.com/Cosmian/kms/pull/187). ### Refactor @@ -131,7 +156,8 @@ All notable changes to this project will be documented in this file. - Fixing inconsistent crypto consts [#190](https://github.com/Cosmian/kms/pull/190). - Fix interpolation in error macros [#184](https://github.com/Cosmian/kms/pull/184). -- Move internal KMIP Objects into `Box` to avoid stack memory overflow [#200](https://github.com/Cosmian/kms/pull/200). +- Move internal KMIP Objects into `Box` to avoid stack memory + overflow [#200](https://github.com/Cosmian/kms/pull/200). ## [4.12.0] - 2024-02-08 @@ -139,17 +165,22 @@ All notable changes to this project will be documented in this file. - Generalize the refresh of JWKS in the middleware [#150](https://github.com/Cosmian/kms/pull/150). - CI speed up [#173](https://github.com/Cosmian/kms/pull/173). -- Add support for Microsoft Double Key Encryption (DKE) endpoints [#170](https://github.com/Cosmian/kms/pull/170). -- Re-organized crypto package by algorithm, removed duplicated code [#170](https://github.com/Cosmian/kms/pull/170). +- Add support for Microsoft Double Key Encryption (DKE) + endpoints [#170](https://github.com/Cosmian/kms/pull/170). +- Re-organized crypto package by algorithm, removed duplicated + code [#170](https://github.com/Cosmian/kms/pull/170). - Add support for FIPS mode for the ckms client [#170](https://github.com/Cosmian/kms/pull/170). -- Documented TOML configuration file for the KMS server [#170](https://github.com/Cosmian/kms/pull/170). -- Overall improvements to the documentation on algorithms and FIPS mode [#170](https://github.com/Cosmian/kms/pull/170). +- Documented TOML configuration file for the KMS + server [#170](https://github.com/Cosmian/kms/pull/170). +- Overall improvements to the documentation on algorithms and FIPS + mode [#170](https://github.com/Cosmian/kms/pull/170). ## [4.11.3] - 2024-01-26 ### Features -- CLI: allow multiple operations to be supplied at once for access control [#155](https://github.com/Cosmian/kms/pull/155). +- CLI: allow multiple operations to be supplied at once for access + control [#155](https://github.com/Cosmian/kms/pull/155). ### Miscellaneous Tasks @@ -159,7 +190,8 @@ All notable changes to this project will be documented in this file. ### Ci -- Test and deliver in CI missing FIPS binary (fips.so and openssl.cnf for FIPS) [#152](https://github.com/Cosmian/kms/issues/153) +- Test and deliver in CI missing FIPS binary (fips.so and openssl.cnf for + FIPS) [#152](https://github.com/Cosmian/kms/issues/153) ## [4.11.1] - 2024-01-18 @@ -181,14 +213,18 @@ All notable changes to this project will be documented in this file. ### Features - X509 v3 extensions support [#120](https://github.com/Cosmian/kms/issues/120) -- Dynamic salt for password derivation, resolving issue [#124](https://github.com/Cosmian/kms/issues/124) [#128](https://github.com/Cosmian/kms/issues/128) +- Dynamic salt for password derivation, resolving + issue [#124](https://github.com/Cosmian/kms/issues/124) [#128](https://github.com/Cosmian/kms/issues/128) - Support Cosmian VM [#129](https://github.com/Cosmian/kms/issues/129) -- Make rsa oaep aes a generalized encryption system for use in all kms and not only for key wrapping [#130](https://github.com/Cosmian/kms/issues/130) +- Make rsa oaep aes a generalized encryption system for use in all kms and not only for key + wrapping [#130](https://github.com/Cosmian/kms/issues/130) - ECIES implementation for Hybrid Encryption [#134](https://github.com/Cosmian/kms/issues/134) -- Add pyo3 methods for symmetric `create_key`, `encrypt`, `decrypt` [#135](https://github.com/Cosmian/kms/issues/135) +- Add pyo3 methods for + symmetric `create_key`, `encrypt`, `decrypt` [#135](https://github.com/Cosmian/kms/issues/135) - Add RSA keys create key pair [#137](https://github.com/Cosmian/kms/issues/137) - Upgrade Rust toolchain to 2024-01-09 [#141](https://github.com/Cosmian/kms/issues/141) -- Support keypair generation for curve448 Montgomery and edwards forms [#143](https://github.com/Cosmian/kms/issues/143) +- Support keypair generation for curve448 Montgomery and edwards + forms [#143](https://github.com/Cosmian/kms/issues/143) ## [4.10.1] - 2023-12-12 @@ -201,7 +237,8 @@ All notable changes to this project will be documented in this file. ### Features - Support for certificate generation using the Certify KMIP operation and a PKCS#10 or a public key -- Support for most standardized encoding formats on import.export: PKCS#8, PKCS#1, SEC1, X509, PKCS#12 +- Support for most standardized encoding formats on import.export: PKCS#8, PKCS#1, SEC1, X509, + PKCS#12 - Improvements to the Locate functionality for attributes and tags - Support for the Get Attributes KMIP operation - Database: support for atomic operations @@ -209,7 +246,8 @@ All notable changes to this project will be documented in this file. - Deactivated automatic certificate verification, which will be reallocated for the future `Validate` KMIP operation support [#102](https://github.com/Cosmian/kms/issues/102) - Deactivated the non KMIP compliant certificate "quick create feature", - which can now be achieved using the `Certify` KMIP operation [#103](https://github.com/Cosmian/kms/issues/103) + which can now be achieved using the `Certify` KMIP + operation [#103](https://github.com/Cosmian/kms/issues/103) ### Bug Fixes @@ -234,7 +272,7 @@ All notable changes to this project will be documented in this file. ### Ci -- Test KMS inside a SGX machine +- Test KMS inside an SGX machine ### Features @@ -292,11 +330,13 @@ All notable changes to this project will be documented in this file. - add Covercrypt bulk encryption - KMS CLI `ckms`: - can import the Mozilla Common CA Database (CCADB) - - can import a PKCS12 certificate (splitting in 2 KMIP objects: X509 certificate and private key) + - can import a PKCS12 certificate (splitting in 2 KMIP objects: X509 certificate and private + key) ### Bug Fixes -- Improved database data structures using Maps and Sets instead of Vectors where uniqueness is required +- Improved database data structures using Maps and Sets instead of Vectors where uniqueness is + required - Enable bootstrap server for non "enclaves" servers ## [4.6.0] - 2023-09-01 @@ -311,14 +351,20 @@ All notable changes to this project will be documented in this file. ### Features -- bootstrap: the KMS server now supports bootstrap mode to facilitate the secure input of secret components, including the database encryption secret and the HTTPS certificate key, directly into the encrypted machine memory, through a secure connection +- bootstrap: the KMS server now supports bootstrap mode to facilitate the secure input of secret + components, including the database encryption secret and the HTTPS certificate key, directly into + the encrypted machine memory, through a secure connection - Add certificate support: - in cosmian_kms_server: - implement `Certify` KMIP operation - in addition, the KMS server will automatically add: - the system tag `_cert` on `Certificate` object - - the system tag `_cert_uid=` where `certificate_uid` is used as the link between public/private key objects and the related certificate object - - the system tag `_cert_spki=` on `Certificate` object where SPKI refers to [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.7). The SPKI value identifies uniquely the underlying certificate + - the system tag `_cert_uid=` where `certificate_uid` is used as the + link between public/private key objects and the related certificate object + - the system tag `_cert_spki=` on `Certificate` object where + SPKI refers + to [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.7). The SPKI + value identifies uniquely the underlying certificate - the system tag `_cert_ca=` on CA `Certificate` object - import X509 certificate as PEM and also import private key as PEM - export generic KMIP key `wrapped` by X509 certificate @@ -351,7 +397,8 @@ In addition, the user server will automatically add a system tag based on the ob Use the tags to export objects, locate them, or request data encryption and decryption. - Added `locate` to the `ckms`client -- Added `Redis-Findex` backend support so that the KMS can encrypt the KMS server data and indexes at the application level. +- Added `Redis-Findex` backend support so that the KMS can encrypt the KMS server data and indexes + at the application level. - Added JWE support ## [4.4.3] - 2023-07-17 @@ -392,7 +439,8 @@ Use the tags to export objects, locate them, or request data encryption and decr - Upgrading of SQLX - Upgrading of PKCS12 support - Removal of Eyre in the CLI -- Use of cloudproof_rust as a dependency rather than Covercrypt and Crypto Core directly to avoid version conflicts +- Use of cloudproof_rust as a dependency rather than Covercrypt and Crypto Core directly to avoid + version conflicts - Authentication: - support for more JWT providers - support for certificate authentication @@ -459,7 +507,7 @@ Use the tags to export objects, locate them, or request data encryption and decr ### Documentation -- Improves the install doc and details the important options +- Improves the installation doc and details the important options - Makes wording coherent between doc and code ### Features @@ -515,7 +563,8 @@ Use the tags to export objects, locate them, or request data encryption and decr ### Changed -- data to encrypt with CoverCrypt is not a JSON anymore but a custom binary format (see `DataToEncrypt` struct) +- data to encrypt with CoverCrypt is not a JSON anymore but a custom binary format ( + see `DataToEncrypt` struct) - decrypted data with CoverCrypt is now a custom binary format (see `DecryptedData` struct) ### Fixed diff --git a/Cargo.lock b/Cargo.lock index be0bd1a93..c45259aec 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -420,30 +420,6 @@ version = "1.0.82" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f538837af36e6f6a9be0faa67f9a314f8119e4e4b5867c6ab40ed60360142519" -[[package]] -name = "apple-security-framework" -version = "2.9.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "07831f002eaa83d94f7e2c1300f3268a8f949c35a41dd99faceb6575c191d871" -dependencies = [ - "apple-security-framework-sys", - "bitflags 2.5.0", - "core-foundation", - "core-foundation-sys", - "libc", - "num-bigint", -] - -[[package]] -name = "apple-security-framework-sys" -version = "2.9.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "09acfa027e87e9f590474e9ef19d0f12158bf1c72af80ac76806f17e84959a42" -dependencies = [ - "core-foundation-sys", - "libc", -] - [[package]] name = "arbitrary" version = "1.3.2" @@ -640,6 +616,29 @@ dependencies = [ "serde", ] +[[package]] +name = "bindgen" +version = "0.69.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a00dc851838a2120612785d195287475a3ac45514741da670b735818822129a0" +dependencies = [ + "bitflags 2.5.0", + "cexpr", + "clang-sys", + "itertools 0.12.1", + "lazy_static", + "lazycell", + "log", + "prettyplease", + "proc-macro2", + "quote", + "regex", + "rustc-hash", + "shlex", + "syn 2.0.48", + "which", +] + [[package]] name = "binstring" version = "0.1.1" @@ -755,6 +754,15 @@ dependencies = [ "libc", ] +[[package]] +name = "cexpr" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" +dependencies = [ + "nom", +] + [[package]] name = "cfg-if" version = "1.0.0" @@ -813,25 +821,37 @@ dependencies = [ [[package]] name = "ckms_pkcs11" -version = "4.15.2" +version = "4.16.0" dependencies = [ "cosmian_kmip", "cosmian_kms_client", "cosmian_logger", + "cosmian_pkcs11_module", "etcetera", "kms_test_server", - "native-pkcs11", - "native-pkcs11-traits", "serde_json", "sha3", "thiserror", "tokio", "tracing", "tracing-error", + "tracing-journald", "tracing-subscriber", + "x509-cert", "zeroize", ] +[[package]] +name = "clang-sys" +version = "1.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "67523a3b4be3ce1989d607a828d036249522dd9c1c8de7f4dd2dae43a37369d1" +dependencies = [ + "glob", + "libc", + "libloading", +] + [[package]] name = "clap" version = "4.5.4" @@ -1179,7 +1199,7 @@ dependencies = [ [[package]] name = "cosmian_kmip" -version = "4.15.2" +version = "4.16.0" dependencies = [ "argon2", "base58", @@ -1194,7 +1214,7 @@ dependencies = [ "serde", "serde_json", "sha3", - "strum 0.25.0", + "strum", "thiserror", "time", "tracing", @@ -1205,7 +1225,7 @@ dependencies = [ [[package]] name = "cosmian_kms_cli" -version = "4.15.2" +version = "4.16.0" dependencies = [ "actix-rt", "actix-server", @@ -1229,7 +1249,7 @@ dependencies = [ "reqwest", "serde", "serde_json", - "strum 0.25.0", + "strum", "tempfile", "thiserror", "tokio", @@ -1243,7 +1263,7 @@ dependencies = [ [[package]] name = "cosmian_kms_client" -version = "4.15.2" +version = "4.16.0" dependencies = [ "base64 0.21.7", "cloudproof", @@ -1266,7 +1286,7 @@ dependencies = [ [[package]] name = "cosmian_kms_python" -version = "4.15.2" +version = "4.16.0" dependencies = [ "cloudproof", "cosmian_kmip", @@ -1281,7 +1301,7 @@ dependencies = [ [[package]] name = "cosmian_kms_server" -version = "4.15.2" +version = "4.16.0" dependencies = [ "actix-cors", "actix-http", @@ -1329,10 +1349,31 @@ dependencies = [ [[package]] name = "cosmian_logger" -version = "4.15.2" +version = "4.16.0" +dependencies = [ + "tracing", + "tracing-subscriber", +] + +[[package]] +name = "cosmian_pkcs11_module" +version = "4.16.0" dependencies = [ + "bincode", + "hex", + "log", + "once_cell", + "p256", + "pkcs1", + "pkcs11_sys", + "rand", + "serde", + "serial_test", + "strum_macros 0.26.2", + "thiserror", "tracing", "tracing-subscriber", + "zeroize", ] [[package]] @@ -1476,6 +1517,19 @@ dependencies = [ "syn 2.0.48", ] +[[package]] +name = "dashmap" +version = "5.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "978747c1d849a7d2ee5e8adc0159961c48fb7e5db2f06af6723b80123bb53856" +dependencies = [ + "cfg-if", + "hashbrown", + "lock_api", + "once_cell", + "parking_lot_core", +] + [[package]] name = "data-encoding" version = "2.5.0" @@ -1972,6 +2026,12 @@ version = "0.28.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253" +[[package]] +name = "glob" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" + [[package]] name = "group" version = "0.13.0" @@ -2204,7 +2264,7 @@ dependencies = [ "iana-time-zone-haiku", "js-sys", "wasm-bindgen", - "windows-core 0.52.0", + "windows-core", ] [[package]] @@ -2348,7 +2408,7 @@ dependencies = [ [[package]] name = "kms_test_server" -version = "4.15.2" +version = "4.16.0" dependencies = [ "actix-server", "base64 0.21.7", @@ -2375,6 +2435,12 @@ dependencies = [ "spin 0.5.2", ] +[[package]] +name = "lazycell" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" + [[package]] name = "leb128" version = "0.2.5" @@ -2387,6 +2453,16 @@ version = "0.2.153" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd" +[[package]] +name = "libloading" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c2a198fb6b0eada2a8df47933734e6d35d350665a33a3593d7164fa52c75c19" +dependencies = [ + "cfg-if", + "windows-targets 0.52.5", +] + [[package]] name = "libm" version = "0.2.8" @@ -2520,85 +2596,6 @@ dependencies = [ "windows-sys 0.48.0", ] -[[package]] -name = "native-pkcs11" -version = "0.2.17" -source = "git+https://github.com/Cosmian/native-pkcs11.git?rev=114c93de2e32c2b943578f0aad1c0f43d69e7726#114c93de2e32c2b943578f0aad1c0f43d69e7726" -dependencies = [ - "log", - "native-pkcs11-core", - "native-pkcs11-keychain", - "native-pkcs11-traits", - "native-pkcs11-windows", - "once_cell", - "pkcs11-sys", - "thiserror", - "tracing", - "tracing-error", - "tracing-journald", - "tracing-subscriber", -] - -[[package]] -name = "native-pkcs11-core" -version = "0.2.17" -source = "git+https://github.com/Cosmian/native-pkcs11.git?rev=114c93de2e32c2b943578f0aad1c0f43d69e7726#114c93de2e32c2b943578f0aad1c0f43d69e7726" -dependencies = [ - "bincode", - "log", - "native-pkcs11-keychain", - "native-pkcs11-traits", - "native-pkcs11-windows", - "once_cell", - "p256", - "pkcs1", - "pkcs11-sys", - "serde", - "strum 0.26.2", - "strum_macros 0.26.2", - "thiserror", - "tracing", -] - -[[package]] -name = "native-pkcs11-keychain" -version = "0.2.17" -source = "git+https://github.com/Cosmian/native-pkcs11.git?rev=114c93de2e32c2b943578f0aad1c0f43d69e7726#114c93de2e32c2b943578f0aad1c0f43d69e7726" -dependencies = [ - "apple-security-framework", - "apple-security-framework-sys", - "core-foundation", - "native-pkcs11-traits", - "p256", - "rand", - "rsa", - "spki", - "thiserror", - "tracing", - "tracing-error", - "x509-cert", -] - -[[package]] -name = "native-pkcs11-traits" -version = "0.2.17" -source = "git+https://github.com/Cosmian/native-pkcs11.git?rev=114c93de2e32c2b943578f0aad1c0f43d69e7726#114c93de2e32c2b943578f0aad1c0f43d69e7726" -dependencies = [ - "once_cell", - "rand", - "x509-cert", - "zeroize", -] - -[[package]] -name = "native-pkcs11-windows" -version = "0.2.17" -source = "git+https://github.com/Cosmian/native-pkcs11.git?rev=114c93de2e32c2b943578f0aad1c0f43d69e7726#114c93de2e32c2b943578f0aad1c0f43d69e7726" -dependencies = [ - "native-pkcs11-traits", - "windows", -] - [[package]] name = "native-tls" version = "0.2.11" @@ -2824,9 +2821,9 @@ dependencies = [ [[package]] name = "ordered-multimap" -version = "0.7.1" +version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4d6a8c22fc714f0c2373e6091bf6f5e9b37b1bc0b1184874b7e0a4e303d318f" +checksum = "49203cdcae0030493bad186b28da2fa25645fa276a51b6fec8010d281e02ef79" dependencies = [ "dlv-list", "hashbrown", @@ -3005,9 +3002,11 @@ dependencies = [ ] [[package]] -name = "pkcs11-sys" +name = "pkcs11_sys" version = "0.2.17" -source = "git+https://github.com/Cosmian/native-pkcs11.git?rev=114c93de2e32c2b943578f0aad1c0f43d69e7726#114c93de2e32c2b943578f0aad1c0f43d69e7726" +dependencies = [ + "bindgen", +] [[package]] name = "pkcs5" @@ -3122,6 +3121,16 @@ dependencies = [ "termtree", ] +[[package]] +name = "prettyplease" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8d3928fb5db768cb86f891ff014f0144589297e3c6a1aba6ed7cecfdace270c7" +dependencies = [ + "proc-macro2", + "syn 2.0.48", +] + [[package]] name = "primeorder" version = "0.13.6" @@ -3465,6 +3474,12 @@ version = "0.1.23" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" +[[package]] +name = "rustc-hash" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" + [[package]] name = "rustc_version" version = "0.4.0" @@ -3690,6 +3705,29 @@ dependencies = [ "serde", ] +[[package]] +name = "serial_test" +version = "3.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "953ad9342b3aaca7cb43c45c097dd008d4907070394bd0751a0aa8817e5a018d" +dependencies = [ + "dashmap", + "lazy_static", + "parking_lot", + "serial_test_derive", +] + +[[package]] +name = "serial_test_derive" +version = "3.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b93fb4adc70021ac1b47f7d45e8cc4169baaa7ea58483bc5b721d19a26202212" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.48", +] + [[package]] name = "sha1" version = "0.10.6" @@ -3737,6 +3775,12 @@ dependencies = [ "lazy_static", ] +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + [[package]] name = "signal-hook-registry" version = "1.4.1" @@ -4049,12 +4093,6 @@ dependencies = [ "strum_macros 0.25.3", ] -[[package]] -name = "strum" -version = "0.26.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d8cec3501a5194c432b2b7976db6b7d10ec95c253208b45f83f7136aa985e29" - [[package]] name = "strum_macros" version = "0.25.3" @@ -4791,6 +4829,18 @@ version = "0.25.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1" +[[package]] +name = "which" +version = "4.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" +dependencies = [ + "either", + "home", + "once_cell", + "rustix", +] + [[package]] name = "whoami" version = "1.5.1" @@ -4823,16 +4873,6 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" -[[package]] -name = "windows" -version = "0.54.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9252e5725dbed82865af151df558e754e4a3c2c30818359eb17465f1346a1b49" -dependencies = [ - "windows-core 0.54.0", - "windows-targets 0.52.5", -] - [[package]] name = "windows-core" version = "0.52.0" @@ -4842,25 +4882,6 @@ dependencies = [ "windows-targets 0.52.5", ] -[[package]] -name = "windows-core" -version = "0.54.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "12661b9c89351d684a50a8a643ce5f608e20243b9fb84687800163429f161d65" -dependencies = [ - "windows-result", - "windows-targets 0.52.5", -] - -[[package]] -name = "windows-result" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "749f0da9cc72d82e600d8d2e44cadd0b9eedb9038f71a1c58556ac1c5791813b" -dependencies = [ - "windows-targets 0.52.5", -] - [[package]] name = "windows-sys" version = "0.48.0" diff --git a/Cargo.toml b/Cargo.toml index a4be9bbe8..0def6f6bb 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,5 +1,5 @@ [workspace] -default-members = ["crate/cli", "crate/server", "crate/pkcs11"] +default-members = ["crate/cli", "crate/server", "crate/pkcs11/provider"] members = [ "crate/cli", "crate/client", @@ -7,8 +7,10 @@ members = [ "crate/server", "crate/logger", "crate/pyo3", - "crate/pkcs11", "crate/test_server", + "crate/pkcs11/sys", + "crate/pkcs11/module", + "crate/pkcs11/provider", ] # Do that if you don't want to enable `dev` feature by default due to the `dev-dependencies` of the cli. # For more details, read: https://doc.rust-lang.org/cargo/reference/resolver.html#feature-resolver-version-2 @@ -16,10 +18,16 @@ members = [ resolver = "2" [workspace.package] +version = "4.16.0" edition = "2021" rust-version = "1.71.0" -authors = ["Bruno Grieder ", "Emmanuel Coste "] -license = "Business Source License 1.1" +authors = [ + "Bruno Grieder ", + "Emmanuel Coste ", + "Hugo Rosenkranz-Costa " +] +license = "BUSL-1.1" # "Business Source License 1.1" +license-file = "LICENSE" repository = "https://github.com/Cosmian/kms" [profile.release] diff --git a/Dockerfile b/Dockerfile index be6d7b3b3..938b19d14 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM ubuntu:22.04 as builder -LABEL version="4.15.2" +LABEL version="4.16.0" LABEL name="Cosmian KMS docker container" ARG FEATURES diff --git a/README.md b/README.md index f2691e99f..9099a178f 100644 --- a/README.md +++ b/README.md @@ -5,9 +5,11 @@ Cosmian KMS is an implementation of a high-performance, massively scalable, **Key Management System** that presents some unique features, such as -- the ability to run in a public cloud - or any zero-trust environment - using application-level - encryption ( - see [Redis-Findex](https://docs.cosmian.com/cosmian_key_management_system/replicated_mode/)) +- the ability to confidentially run in a public cloud - or any zero-trust environment - + using + Cosmian VM (see [Cosmian VM](https://docs.cosmian.com/compute/cosmian_vm/overview/)) + and application-level encryption + (see [Redis-Findex](https://docs.cosmian.com/cosmian_key_management_system/replicated_mode/)) - a JSON KMIP 2.1 compliant interface - support for object tagging to easily manage keys and secrets - a full-featured command line and graphical @@ -19,7 +21,8 @@ Management System** that presents some unique features, such as [Google Workspace Client Side Encryption (CSE)](https://support.google.com/a/answer/14326936?fl=1&sjid=15335080317297331676-NA) - out of the box support of [Microsoft Double Key Encryption (DKE)](https://learn.microsoft.com/en-us/purview/double-key-encryption) -- [Veracrypt](https://veracrypt.fr/en/Home.html) disk encryption support +- [Veracrypt](https://veracrypt.fr/en/Home.html) + and [LUKS](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup) disk encryption support The KMS has an extensive online [documentation](https://docs.cosmian.com/cosmian_key_management_system/) @@ -46,7 +49,7 @@ Keys can be wrapped and unwrapped using RSA, ECIES or RFC5649/AES KWP. ## Quick start -Pre-built binaries [are available](https://package.cosmian.com/kms/4.15.2/) +Pre-built binaries [are available](https://package.cosmian.com/kms/4.16.0/) for Linux, MacOS and Windows, as well as Docker images. Tu run the server binary, OpenSSL must be available in your path (see "building the KMS" below for details); other binaries do not have this requirement. @@ -55,7 +58,7 @@ Using Docker, to quick-start a Cosmian KMS server on `http://localhost:9998` tha inside the container, simply run the following command: ```sh -docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.15.2 +docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.16.0 ``` See the [documentation](https://docs.cosmian.com/cosmian_key_management_system/) for more. diff --git a/crate/cli/Cargo.toml b/crate/cli/Cargo.toml index c4d7183e8..8207796b1 100644 --- a/crate/cli/Cargo.toml +++ b/crate/cli/Cargo.toml @@ -1,8 +1,11 @@ [package] name = "cosmian_kms_cli" -version = "4.15.2" -edition = "2021" -license-file = "../../LICENSE" +version.workspace = true +authors.workspace = true +edition.workspace = true +license.workspace = true +repository.workspace = true +rust-version.workspace = true description = "CLI used to manage the Cosmian KMS." [[bin]] @@ -37,7 +40,9 @@ cloudproof = { workspace = true } cosmian_kms_client = { path = "../client" } der = { version = "0.7", features = ["pem"] } env_logger = { workspace = true } -jwt-simple = { version = "0.12", default-features = false, features = ["pure-rust"] } +jwt-simple = { version = "0.12", default-features = false, features = [ + "pure-rust", +] } oauth2 = "4.4" pem = "3.0" reqwest = { workspace = true } diff --git a/crate/cli/src/actions/cover_crypt/decrypt.rs b/crate/cli/src/actions/cover_crypt/decrypt.rs index 5a4cbdd09..10489810b 100644 --- a/crate/cli/src/actions/cover_crypt/decrypt.rs +++ b/crate/cli/src/actions/cover_crypt/decrypt.rs @@ -6,6 +6,7 @@ use cosmian_kms_client::{ crypto::generic::kmip_requests::build_decryption_request, kmip::{kmip_operations::DecryptedData, kmip_types::CryptographicAlgorithm}, }, + kmip::kmip_types::CryptographicParameters, read_bytes_from_file, read_bytes_from_files_to_bulk, write_bulk_decrypted_data, write_single_decrypted_data, KmsClient, }; @@ -80,8 +81,10 @@ impl DecryptAction { self.authentication_data .as_deref() .map(|s| s.as_bytes().to_vec()), - Some(cryptographic_algorithm), - None, + Some(CryptographicParameters { + cryptographic_algorithm: Some(cryptographic_algorithm), + ..Default::default() + }), ); tracing::debug!("{decrypt_request:?}"); diff --git a/crate/cli/src/actions/cover_crypt/encrypt.rs b/crate/cli/src/actions/cover_crypt/encrypt.rs index 448bd34e3..34127547a 100644 --- a/crate/cli/src/actions/cover_crypt/encrypt.rs +++ b/crate/cli/src/actions/cover_crypt/encrypt.rs @@ -6,6 +6,7 @@ use cosmian_kms_client::{ crypto::generic::kmip_requests::build_encryption_request, kmip::kmip_types::CryptographicAlgorithm, }, + kmip::kmip_types::CryptographicParameters, read_bytes_from_file, read_bytes_from_files_to_bulk, write_bulk_encrypted_data, write_single_encrypted_data, KmsClient, }; @@ -84,8 +85,10 @@ impl EncryptAction { self.authentication_data .as_deref() .map(|s| s.as_bytes().to_vec()), - Some(cryptographic_algorithm), - None, + Some(CryptographicParameters { + cryptographic_algorithm: Some(cryptographic_algorithm), + ..Default::default() + }), )?; tracing::debug!("{encrypt_request:?}"); diff --git a/crate/cli/src/actions/elliptic_curves/decrypt.rs b/crate/cli/src/actions/elliptic_curves/decrypt.rs index 8688ec089..7d6ba65f6 100644 --- a/crate/cli/src/actions/elliptic_curves/decrypt.rs +++ b/crate/cli/src/actions/elliptic_curves/decrypt.rs @@ -64,7 +64,6 @@ impl DecryptAction { .as_deref() .map(|s| s.as_bytes().to_vec()), None, - None, ); // Query the KMS with your kmip data and get the key pair ids diff --git a/crate/cli/src/actions/elliptic_curves/encrypt.rs b/crate/cli/src/actions/elliptic_curves/encrypt.rs index 8b98bda86..dfffe238e 100644 --- a/crate/cli/src/actions/elliptic_curves/encrypt.rs +++ b/crate/cli/src/actions/elliptic_curves/encrypt.rs @@ -65,7 +65,6 @@ impl EncryptAction { .as_deref() .map(|s| s.as_bytes().to_vec()), None, - None, )?; // Query the KMS with your kmip data and get the key pair ids diff --git a/crate/cli/src/actions/google/keypairs/disable_keypairs.rs b/crate/cli/src/actions/google/keypairs/disable_keypairs.rs index 62b5e322a..770914b72 100644 --- a/crate/cli/src/actions/google/keypairs/disable_keypairs.rs +++ b/crate/cli/src/actions/google/keypairs/disable_keypairs.rs @@ -25,7 +25,7 @@ impl DisableKeypairsAction { pub async fn run(&self, conf_path: &PathBuf) -> Result<(), CliError> { let endpoint = [KEYPAIRS_ENDPOINT, &self.keypairs_id, ":disable"].concat(); let gmail_client = GmailClient::new(conf_path, &self.user_id); - let response = gmail_client.await?.post(&endpoint, "".to_string()).await?; + let response = gmail_client.await?.post(&endpoint, String::new()).await?; GmailClient::handle_response(response).await } } diff --git a/crate/cli/src/actions/google/keypairs/insert_keypairs.rs b/crate/cli/src/actions/google/keypairs/insert_keypairs.rs index 2e0452db2..b425887f5 100644 --- a/crate/cli/src/actions/google/keypairs/insert_keypairs.rs +++ b/crate/cli/src/actions/google/keypairs/insert_keypairs.rs @@ -105,7 +105,7 @@ impl InsertKeypairsAction { email: &str, key_file: &PathBuf, ) -> Result<(), CliError> { - println!("Processing {:?}.", email); + println!("Processing {email:?}."); let read_to_string = |path: &PathBuf| -> Result { let mut f = File::open(path)?; @@ -131,8 +131,8 @@ impl InsertKeypairsAction { .await?; let res = GmailClient::handle_response(response).await; match res { - Ok(_) => println!("Keypairs inserted for {:?}.", email), - Err(error) => println!("Error inserting keypairs for {:?} : {:?}", email, error), + Ok(()) => println!("Keypairs inserted for {email:?}."), + Err(error) => println!("Error inserting keypairs for {email:?} : {error:?}"), } Ok(()) } @@ -146,15 +146,15 @@ impl InsertKeypairsAction { let email_key_file_map = Self::get_email_to_file(&wrapped_key_files, "wrap")?; let email_cert_file_map = Self::get_email_to_file(&p7_cert_files, "p7pem")?; - println!("wrapped_key_files: {:?}.", wrapped_key_files); - println!("p7_cert_files: {:?}.", p7_cert_files); + println!("wrapped_key_files: {wrapped_key_files:?}."); + println!("p7_cert_files: {p7_cert_files:?}."); for (email, key_file) in &email_key_file_map { if !email_cert_file_map.contains_key(email) { - println!("Skipping {:?}, missing cert file.", email); + println!("Skipping {email:?}, missing cert file."); continue; } - Self::post_keypairs(&gmail_client, &email_cert_file_map, email, key_file).await? + Self::post_keypairs(&gmail_client, &email_cert_file_map, email, key_file).await?; } Ok(()) } diff --git a/crate/cli/src/actions/google/keypairs/obliterate_keypairs.rs b/crate/cli/src/actions/google/keypairs/obliterate_keypairs.rs index 12a0c7911..5c3d0a0a2 100644 --- a/crate/cli/src/actions/google/keypairs/obliterate_keypairs.rs +++ b/crate/cli/src/actions/google/keypairs/obliterate_keypairs.rs @@ -26,7 +26,7 @@ impl ObliterateKeypairsAction { pub async fn run(&self, conf_path: &PathBuf) -> Result<(), CliError> { let endpoint: String = [KEYPAIRS_ENDPOINT, &self.keypairs_id, ":obliterate"].concat(); let gmail_client = GmailClient::new(conf_path, &self.user_id); - let response = gmail_client.await?.post(&endpoint, "".to_string()).await?; + let response = gmail_client.await?.post(&endpoint, String::new()).await?; GmailClient::handle_response(response).await } } diff --git a/crate/cli/src/actions/rsa/decrypt.rs b/crate/cli/src/actions/rsa/decrypt.rs index ad070d95f..f81ad2eb5 100644 --- a/crate/cli/src/actions/rsa/decrypt.rs +++ b/crate/cli/src/actions/rsa/decrypt.rs @@ -7,23 +7,36 @@ use cosmian_kms_client::{ }; use crate::{ - actions::rsa::{EncryptionAlgorithm, HashFn}, + actions::rsa::{to_cryptographic_parameters, EncryptionAlgorithm, HashFn}, cli_bail, error::{result::CliResultHelper, CliError}, }; /// Decrypt a file with the given public key using either +/// - `CKM_RSA_PKCS` a.k.a PKCS #1 RSA V1.5 as specified in PKCS#11 v2.40 /// - `CKM_RSA_PKCS_OAEP` a.k.a PKCS #1 RSA OAEP as specified in PKCS#11 v2.40 -/// - `RSA_OAEP` `AES_128_GCM` -/// By default the hashing function used with RSA OAEP is set to SHA-256 +/// - `CKM_RSA_AES_KEY_WRAP` as specified in PKCS#11 v2.40 +/// +/// `CKM_RSA_PKCS` is deprecated in FIPS 140-3 and is therefore not available in FIPS mode. +/// `CKM_RSA_AES_KEY_WRAP` is meant be used to wrap/unwrap keys with RSA keys although, +/// since it is using `AES_KEY_WRAP_PAD` (a.k.a RFC 5649), encrypt/decrypt operations of text +/// with arbitrary length should be possible as specified in PKCS#11 v2.40 2.14. +/// +/// By default, the hashing function used with `CKM_RSA_PKCS_OAEP` and `CKM_RSA_AES_KEY_WRAP` +/// is set to SHA-256 and is ignored with RSA PKCS. +/// When using `CKM_RSA_PKCS`: +/// - the maximum plaintext length is k-11 where k is the length in octets of the RSA modulus +/// - the ciphertext input length is the same as the RSA modulus length. /// /// When using `CKM_RSA_PKCS_OAEP`: -/// - the authentication data is ignored /// - the maximum plaintext length is k-2-2*hLen where /// - k is the length in octets of the RSA modulus /// - hLen is the length in octets of the hash function output /// - the ciphertext input length is the same as the RSA modulus length. /// +/// When using `CKM_RSA_AES_KEY_WRAP`: +/// - the plaintext length is unlimited +/// /// Note: this is not a streaming call: the file is entirely loaded in memory before being sent for decryption. #[derive(Parser, Debug)] #[clap(verbatim_doc_comment)] @@ -57,10 +70,6 @@ pub struct DecryptAction { /// The encrypted output file path #[clap(required = false, long, short = 'o')] output_file: Option, - - /// Optional authentication data that was supplied during encryption. - #[clap(required = false, long, short)] - authentication_data: Option, } impl DecryptAction { @@ -84,11 +93,11 @@ impl DecryptAction { None, data, None, - self.authentication_data - .as_deref() - .map(|s| s.as_bytes().to_vec()), - Some(self.encryption_algorithm.into()), - Some(self.hash_fn.into()), + None, + Some(to_cryptographic_parameters( + self.encryption_algorithm, + self.hash_fn, + )), ); // Query the KMS with your kmip data and get the key pair ids diff --git a/crate/cli/src/actions/rsa/encrypt.rs b/crate/cli/src/actions/rsa/encrypt.rs index ad7abce78..989f6495e 100644 --- a/crate/cli/src/actions/rsa/encrypt.rs +++ b/crate/cli/src/actions/rsa/encrypt.rs @@ -7,15 +7,24 @@ use cosmian_kms_client::{ }; use crate::{ - actions::rsa::{EncryptionAlgorithm, HashFn}, + actions::rsa::{to_cryptographic_parameters, EncryptionAlgorithm, HashFn}, cli_bail, error::{result::CliResultHelper, CliError}, }; /// Encrypt a file with the given public key using either +/// - `CKM_RSA_PKCS` a.k.a PKCS #1 RSA V1.5 as specified in PKCS#11 v2.40 /// - `CKM_RSA_PKCS_OAEP` a.k.a PKCS #1 RSA OAEP as specified in PKCS#11 v2.40 -/// - `RSA_OAEP` `AES_128_GCM` -/// By default the hashing function used with RSA OAEP is set to SHA-256 +/// - `CKM_RSA_AES_KEY_WRAP` as specified in PKCS#11 v2.40 +/// +/// `CKM_RSA_PKCS` is deprecated in FIPS 140-3 and is therefore not available in FIPS mode. +/// `CKM_RSA_AES_KEY_WRAP` is meant be used to wrap/unwrap keys with RSA keys although, +/// since it is using `AES_KEY_WRAP_PAD` (a.k.a RFC 5649), encrypt/decrypt operations of text +/// with arbitrary length should be possible as specified in PKCS#11 v2.40 2.14. +/// +/// When using `CKM_RSA_PKCS`: +/// - the maximum plaintext length is k-11 where k is the length in octets of the RSA modulus +/// - the output length is the same as the RSA modulus length. /// /// When using `CKM_RSA_PKCS_OAEP`: /// - the authentication data is ignored @@ -24,6 +33,9 @@ use crate::{ /// - hLen is the length in octets of the hash function output /// - the output length is the same as the RSA modulus length. /// +/// When using `CKM_RSA_AES_KEY_WRAP`: +/// - the plaintext length is unlimited +/// /// Note: this is not a streaming call: the file is entirely loaded in memory before being sent for encryption. #[derive(Parser, Debug)] #[clap(verbatim_doc_comment)] @@ -57,11 +69,6 @@ pub struct EncryptAction { /// The encrypted output file path #[clap(required = false, long, short = 'o')] output_file: Option, - - /// Optional authentication data. - /// This data needs to be provided back for decryption. - #[clap(required = false, long, short = 'a')] - authentication_data: Option, } impl EncryptAction { @@ -85,11 +92,11 @@ impl EncryptAction { None, data, None, - self.authentication_data - .as_deref() - .map(|s| s.as_bytes().to_vec()), - Some(self.encryption_algorithm.into()), - Some(self.hash_fn.into()), + None, + Some(to_cryptographic_parameters( + self.encryption_algorithm, + self.hash_fn, + )), )?; // Query the KMS with your kmip data and get the key pair ids diff --git a/crate/cli/src/actions/rsa/mod.rs b/crate/cli/src/actions/rsa/mod.rs index 05d39ae88..c48914ac1 100644 --- a/crate/cli/src/actions/rsa/mod.rs +++ b/crate/cli/src/actions/rsa/mod.rs @@ -1,6 +1,9 @@ +use std::fmt::Display; + use clap::Parser; use cosmian_kms_client::{ cosmian_kmip::kmip::kmip_types::{CryptographicAlgorithm, HashingAlgorithm}, + kmip::kmip_types::{CryptographicParameters, PaddingMethod}, KmsClient, }; @@ -33,15 +36,22 @@ impl RsaCommands { #[derive(clap::ValueEnum, Debug, Clone, Copy)] pub enum EncryptionAlgorithm { + #[cfg(not(feature = "fips"))] + // a.k.a PKCS#1 v1.5 RSA + CkmRsaPkcs, + // a.k.a PKCS#1 RSA OAEP CkmRsaPkcsOaep, - RsaOaepAes128Gcm, + // CKM_RSA_AES_KEY_WRAP + CkmRsaAesKeyWrap, } -impl From for CryptographicAlgorithm { - fn from(value: EncryptionAlgorithm) -> Self { - match value { - EncryptionAlgorithm::CkmRsaPkcsOaep => CryptographicAlgorithm::RSA, - EncryptionAlgorithm::RsaOaepAes128Gcm => CryptographicAlgorithm::AES, +impl Display for EncryptionAlgorithm { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + match self { + EncryptionAlgorithm::CkmRsaPkcsOaep => write!(f, "ckm-rsa-pkcs-oaep"), + EncryptionAlgorithm::CkmRsaAesKeyWrap => write!(f, "ckm-rsa-aes-key-wrap"), + #[cfg(not(feature = "fips"))] + EncryptionAlgorithm::CkmRsaPkcs => write!(f, "ckm-rsa-pkcs"), } } } @@ -59,6 +69,22 @@ pub enum HashFn { Sha3_512, } +impl Display for HashFn { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + match self { + HashFn::Sha1 => write!(f, "sha1"), + HashFn::Sha224 => write!(f, "sha224"), + HashFn::Sha256 => write!(f, "sha256"), + HashFn::Sha384 => write!(f, "sha384"), + HashFn::Sha512 => write!(f, "sha512"), + HashFn::Sha3_224 => write!(f, "sha3-224"), + HashFn::Sha3_256 => write!(f, "sha3-256"), + HashFn::Sha3_384 => write!(f, "sha3-384"), + HashFn::Sha3_512 => write!(f, "sha3-512"), + } + } +} + impl From for HashingAlgorithm { fn from(value: HashFn) -> Self { match value { @@ -74,3 +100,30 @@ impl From for HashingAlgorithm { } } } + +fn to_cryptographic_parameters( + alg: EncryptionAlgorithm, + hash_fn: HashFn, +) -> CryptographicParameters { + match alg { + #[cfg(not(feature = "fips"))] + EncryptionAlgorithm::CkmRsaPkcs => CryptographicParameters { + cryptographic_algorithm: Some(CryptographicAlgorithm::RSA), + padding_method: Some(PaddingMethod::PKCS1v15), + hashing_algorithm: None, + ..Default::default() + }, + EncryptionAlgorithm::CkmRsaPkcsOaep => CryptographicParameters { + cryptographic_algorithm: Some(CryptographicAlgorithm::RSA), + padding_method: Some(PaddingMethod::OAEP), + hashing_algorithm: Some(hash_fn.into()), + ..Default::default() + }, + EncryptionAlgorithm::CkmRsaAesKeyWrap => CryptographicParameters { + cryptographic_algorithm: Some(CryptographicAlgorithm::AES), + padding_method: Some(PaddingMethod::OAEP), + hashing_algorithm: Some(hash_fn.into()), + ..Default::default() + }, + } +} diff --git a/crate/cli/src/actions/symmetric/decrypt.rs b/crate/cli/src/actions/symmetric/decrypt.rs index d0cbaaa65..5e385ebb0 100644 --- a/crate/cli/src/actions/symmetric/decrypt.rs +++ b/crate/cli/src/actions/symmetric/decrypt.rs @@ -74,7 +74,6 @@ impl DecryptAction { .as_deref() .map(|s| s.as_bytes().to_vec()), None, - None, ); // Query the KMS with your kmip data and get the key pair ids diff --git a/crate/cli/src/actions/symmetric/encrypt.rs b/crate/cli/src/actions/symmetric/encrypt.rs index f9936d310..10e253ba5 100644 --- a/crate/cli/src/actions/symmetric/encrypt.rs +++ b/crate/cli/src/actions/symmetric/encrypt.rs @@ -71,7 +71,6 @@ impl EncryptAction { .as_deref() .map(|s| s.as_bytes().to_vec()), None, - None, )?; // Query the KMS with your kmip data and get the key pair ids diff --git a/crate/cli/src/actions/symmetric/keys/create_key.rs b/crate/cli/src/actions/symmetric/keys/create_key.rs index d8e07a494..1ae7dabcb 100644 --- a/crate/cli/src/actions/symmetric/keys/create_key.rs +++ b/crate/cli/src/actions/symmetric/keys/create_key.rs @@ -117,7 +117,6 @@ impl CreateKeyAction { .with_context(|| "failed creating the key")? .unique_identifier .to_string() - .context("The server did not return the key uid as a string")? } }; diff --git a/crate/cli/src/tests/cover_crypt/conf.rs b/crate/cli/src/tests/cover_crypt/conf.rs index 21f81e0f8..68c9b2e81 100644 --- a/crate/cli/src/tests/cover_crypt/conf.rs +++ b/crate/cli/src/tests/cover_crypt/conf.rs @@ -29,7 +29,8 @@ pub async fn test_bad_conf() -> Result<(), CliError> { cmd.arg("ec").args(vec!["keys", "create"]); recover_cmd_logs(&mut cmd); cmd.assert().failure().stderr(predicate::str::contains( - "Configuration file \"notfound.json\" from env var does not exist", + "Configuration file \"notfound.json\" specified in KMS_CLI_CONF environment variable does \ + not exist", )); let mut cmd = Command::cargo_bin(PROG_NAME)?; diff --git a/crate/cli/src/tests/rsa/encrypt_decrypt.rs b/crate/cli/src/tests/rsa/encrypt_decrypt.rs index 058dbdc32..690c43921 100644 --- a/crate/cli/src/tests/rsa/encrypt_decrypt.rs +++ b/crate/cli/src/tests/rsa/encrypt_decrypt.rs @@ -21,7 +21,7 @@ pub fn encrypt( input_files: &[&str], public_key_id: &str, encryption_algorithm: EncryptionAlgorithm, - hash_fn: HashFn, + hash_fn: Option, output_file: Option<&str>, authentication_data: Option<&str>, ) -> Result<(), CliError> { @@ -34,22 +34,13 @@ pub fn encrypt( args.push("--key-id"); args.push(public_key_id); args.push("--encryption-algorithm"); - args.push(match encryption_algorithm { - EncryptionAlgorithm::CkmRsaPkcsOaep => "ckm-rsa-pkcs-oaep", - EncryptionAlgorithm::RsaOaepAes128Gcm => "rsa-oaep-aes128-gcm", - }); - args.push("--hashing-algorithm"); - args.push(match hash_fn { - HashFn::Sha1 => "sha1", - HashFn::Sha224 => "sha224", - HashFn::Sha256 => "sha256", - HashFn::Sha384 => "sha384", - HashFn::Sha512 => "sha512", - HashFn::Sha3_224 => "sha3-224", - HashFn::Sha3_256 => "sha3-256", - HashFn::Sha3_384 => "sha3-384", - HashFn::Sha3_512 => "sha3-512", - }); + let encryption_algorithm = encryption_algorithm.to_string(); + args.push(&encryption_algorithm); + let hash_fn_s = hash_fn.map(|h| h.to_string()).unwrap_or_default(); + if hash_fn.is_some() { + args.push("--hashing-algorithm"); + args.push(&hash_fn_s); + } if let Some(output_file) = output_file { args.push("-o"); args.push(output_file); @@ -72,7 +63,7 @@ pub fn decrypt( input_file: &str, private_key_id: &str, encryption_algorithm: EncryptionAlgorithm, - hash_fn: HashFn, + hash_fn: Option, output_file: Option<&str>, authentication_data: Option<&str>, ) -> Result<(), CliError> { @@ -81,22 +72,13 @@ pub fn decrypt( cmd.env("RUST_LOG", "cosmian_kms_cli=info"); let mut args = vec!["decrypt", input_file, "--key-id", private_key_id]; args.push("--encryption-algorithm"); - args.push(match encryption_algorithm { - EncryptionAlgorithm::CkmRsaPkcsOaep => "ckm-rsa-pkcs-oaep", - EncryptionAlgorithm::RsaOaepAes128Gcm => "rsa-oaep-aes128-gcm", - }); - args.push("--hashing-algorithm"); - args.push(match hash_fn { - HashFn::Sha1 => "sha1", - HashFn::Sha224 => "sha224", - HashFn::Sha256 => "sha256", - HashFn::Sha384 => "sha384", - HashFn::Sha512 => "sha512", - HashFn::Sha3_224 => "sha3-224", - HashFn::Sha3_256 => "sha3-256", - HashFn::Sha3_384 => "sha3-384", - HashFn::Sha3_512 => "sha3-512", - }); + let encryption_algorithm = encryption_algorithm.to_string(); + args.push(&encryption_algorithm); + let hash_fn_str = hash_fn.map(|h| h.to_string()).unwrap_or_default(); + if hash_fn.is_some() { + args.push("--hashing-algorithm"); + args.push(&hash_fn_str); + } if let Some(output_file) = output_file { args.push("-o"); args.push(output_file); @@ -115,10 +97,85 @@ pub fn decrypt( )) } +#[cfg(not(feature = "fips"))] +#[tokio::test] +async fn test_rsa_encrypt_decrypt_using_ckm_rsa_pkcs() -> Result<(), CliError> { + // to enable this, add cosmian_logger = { path = "../logger" } to dev-dependencies in Cargo.toml + // log_init( + // "cosmian_kms_cli=trace,cosmian_kms_server=info,cosmian_kms_server::core::operations=trace,\ + // cosmian_kms_utils=trace,cosmian_kmip=info", + // ); + let ctx = ONCE.get_or_try_init(start_default_test_kms_server).await?; + + // create a temp dir + let tmp_dir = TempDir::new()?; + let tmp_path = tmp_dir.path(); + + let input_file = PathBuf::from("test_data/plain.txt"); + let output_file = tmp_path.join("plain.enc"); + let recovered_file = tmp_path.join("plain.txt"); + + fs::remove_file(&output_file).ok(); + assert!(!output_file.exists()); + + let (private_key_id, public_key_id) = + create_rsa_4096_bits_key_pair(&ctx.owner_client_conf_path, &[])?; + + println!("private_key_id: {private_key_id}"); + println!("public_key_id: {public_key_id}"); + encrypt( + &ctx.owner_client_conf_path, + &[input_file.to_str().unwrap()], + &public_key_id, + EncryptionAlgorithm::CkmRsaPkcs, + None, + Some(output_file.to_str().unwrap()), + None, + )?; + + // the user key should be able to decrypt the file + decrypt( + &ctx.owner_client_conf_path, + output_file.to_str().unwrap(), + &private_key_id, + EncryptionAlgorithm::CkmRsaPkcs, + None, + Some(recovered_file.to_str().unwrap()), + None, + )?; + assert!(recovered_file.exists()); + assert_eq!( + read_bytes_from_file(&input_file)?, + read_bytes_from_file(&recovered_file)? + ); + + // the user key should NOT be able to decrypt with another algorithm + assert!( + decrypt( + &ctx.owner_client_conf_path, + output_file.to_str().unwrap(), + &private_key_id, + EncryptionAlgorithm::CkmRsaAesKeyWrap, + None, + Some(recovered_file.to_str().unwrap()), + None, + ) + .is_err() + ); + + let original_content = read_bytes_from_file(&input_file)?; + let recovered_content = read_bytes_from_file(&recovered_file)?; + assert_eq!(original_content, recovered_content); + + Ok(()) +} + #[tokio::test] async fn test_rsa_encrypt_decrypt_using_ckm_rsa_pkcs_oaep() -> Result<(), CliError> { + // to enable this, add cosmian_logger = { path = "../logger" } to dev-dependencies in Cargo.toml // log_init( - // "cosmian_kms_cli=trace,cosmian_kms_server=trace,cosmian_kms_utils=trace,cosmian_kmip=trace", + // "cosmian_kms_cli=trace,cosmian_kms_server=info,cosmian_kms_server::core::operations=trace,\ + // cosmian_kms_utils=trace,cosmian_kmip=info", // ); let ctx = ONCE.get_or_try_init(start_default_test_kms_server).await?; @@ -143,7 +200,7 @@ async fn test_rsa_encrypt_decrypt_using_ckm_rsa_pkcs_oaep() -> Result<(), CliErr &[input_file.to_str().unwrap()], &public_key_id, EncryptionAlgorithm::CkmRsaPkcsOaep, - HashFn::Sha256, + Some(HashFn::Sha256), Some(output_file.to_str().unwrap()), None, )?; @@ -154,11 +211,15 @@ async fn test_rsa_encrypt_decrypt_using_ckm_rsa_pkcs_oaep() -> Result<(), CliErr output_file.to_str().unwrap(), &private_key_id, EncryptionAlgorithm::CkmRsaPkcsOaep, - HashFn::Sha256, + Some(HashFn::Sha256), Some(recovered_file.to_str().unwrap()), None, )?; assert!(recovered_file.exists()); + assert_eq!( + read_bytes_from_file(&input_file)?, + read_bytes_from_file(&recovered_file)? + ); // the user key should NOT be able to decrypt with another algorithm assert!( @@ -166,8 +227,8 @@ async fn test_rsa_encrypt_decrypt_using_ckm_rsa_pkcs_oaep() -> Result<(), CliErr &ctx.owner_client_conf_path, output_file.to_str().unwrap(), &private_key_id, - EncryptionAlgorithm::RsaOaepAes128Gcm, - HashFn::Sha256, + EncryptionAlgorithm::CkmRsaAesKeyWrap, + Some(HashFn::Sha256), Some(recovered_file.to_str().unwrap()), None, ) @@ -181,7 +242,7 @@ async fn test_rsa_encrypt_decrypt_using_ckm_rsa_pkcs_oaep() -> Result<(), CliErr output_file.to_str().unwrap(), &private_key_id, EncryptionAlgorithm::CkmRsaPkcsOaep, - HashFn::Sha1, + Some(HashFn::Sha1), Some(recovered_file.to_str().unwrap()), None, ) @@ -196,7 +257,7 @@ async fn test_rsa_encrypt_decrypt_using_ckm_rsa_pkcs_oaep() -> Result<(), CliErr } #[tokio::test] -async fn test_rsa_encrypt_decrypt_using_rsa_oaep_aes128gcm() -> Result<(), CliError> { +async fn test_rsa_encrypt_decrypt_using_rsa_aes_key_wrap() -> Result<(), CliError> { // log_init( // "cosmian_kms_cli=trace,cosmian_kms_server=trace,cosmian_kms_utils=trace,cosmian_kmip=trace", // ); @@ -222,8 +283,8 @@ async fn test_rsa_encrypt_decrypt_using_rsa_oaep_aes128gcm() -> Result<(), CliEr &ctx.owner_client_conf_path, &[input_file.to_str().unwrap()], &public_key_id, - EncryptionAlgorithm::RsaOaepAes128Gcm, - HashFn::Sha256, + EncryptionAlgorithm::CkmRsaAesKeyWrap, + Some(HashFn::Sha256), Some(output_file.to_str().unwrap()), None, )?; @@ -233,8 +294,8 @@ async fn test_rsa_encrypt_decrypt_using_rsa_oaep_aes128gcm() -> Result<(), CliEr &ctx.owner_client_conf_path, output_file.to_str().unwrap(), &private_key_id, - EncryptionAlgorithm::RsaOaepAes128Gcm, - HashFn::Sha256, + EncryptionAlgorithm::CkmRsaAesKeyWrap, + Some(HashFn::Sha256), Some(recovered_file.to_str().unwrap()), None, )?; @@ -247,7 +308,7 @@ async fn test_rsa_encrypt_decrypt_using_rsa_oaep_aes128gcm() -> Result<(), CliEr output_file.to_str().unwrap(), &private_key_id, EncryptionAlgorithm::CkmRsaPkcsOaep, - HashFn::Sha256, + Some(HashFn::Sha256), Some(recovered_file.to_str().unwrap()), None, ) @@ -260,8 +321,8 @@ async fn test_rsa_encrypt_decrypt_using_rsa_oaep_aes128gcm() -> Result<(), CliEr &ctx.owner_client_conf_path, output_file.to_str().unwrap(), &private_key_id, - EncryptionAlgorithm::RsaOaepAes128Gcm, - HashFn::Sha1, + EncryptionAlgorithm::CkmRsaAesKeyWrap, + Some(HashFn::Sha1), Some(recovered_file.to_str().unwrap()), None, ) @@ -297,7 +358,7 @@ async fn test_rsa_encrypt_decrypt_using_tags() -> Result<(), CliError> { &[input_file.to_str().unwrap()], "[\"tag_rsa\"]", EncryptionAlgorithm::CkmRsaPkcsOaep, - HashFn::Sha256, + Some(HashFn::Sha256), Some(output_file.to_str().unwrap()), None, )?; @@ -308,7 +369,7 @@ async fn test_rsa_encrypt_decrypt_using_tags() -> Result<(), CliError> { output_file.to_str().unwrap(), "[\"tag_rsa\"]", EncryptionAlgorithm::CkmRsaPkcsOaep, - HashFn::Sha256, + Some(HashFn::Sha256), Some(recovered_file.to_str().unwrap()), None, )?; diff --git a/crate/client/Cargo.toml b/crate/client/Cargo.toml index 5e92bd130..def0f4e48 100644 --- a/crate/client/Cargo.toml +++ b/crate/client/Cargo.toml @@ -1,9 +1,11 @@ [package] name = "cosmian_kms_client" -version = "4.15.2" -authors = ["Bruno Grieder "] -edition = "2021" -license-file = "../../LICENSE" +version.workspace = true +authors.workspace = true +edition.workspace = true +license.workspace = true +repository.workspace = true +rust-version.workspace = true [lib] # doc test linking as a separate binary is extremely slow diff --git a/crate/client/src/config.rs b/crate/client/src/config.rs index de889714f..43add1aa6 100644 --- a/crate/client/src/config.rs +++ b/crate/client/src/config.rs @@ -6,10 +6,14 @@ use std::{ }; use der::{DecodePem, Encode}; +#[cfg(target_os = "linux")] +use log::info; use rustls::Certificate; use serde::{Deserialize, Serialize}; use x509_cert::Certificate as X509Certificate; +#[cfg(target_os = "linux")] +use crate::client_bail; use crate::{ error::{result::RestClientResultHelper, ClientError}, KmsClient, @@ -43,7 +47,7 @@ fn get_home_folder() -> Option { } /// Returns the default configuration path -/// or an error if the home folder cannot be determined +/// or an error if the path cannot be determined fn get_default_conf_path() -> Result { get_home_folder() .ok_or_else(|| ClientError::NotSupported("unable to determine the home folder".to_owned())) @@ -171,13 +175,47 @@ impl ClientConf { // Error if the specified file does not exist if !conf_path.exists() { return Err(ClientError::NotSupported(format!( - "Configuration file {conf_path:?} from env var does not exist" + "Configuration file {conf_path:?} specified in {KMS_CLI_CONF_ENV} environment \ + variable does not exist" ))) } return Ok(conf_path) } - get_default_conf_path() + let user_conf_path = get_default_conf_path(); + + #[cfg(not(target_os = "linux"))] + return user_conf_path; + + #[cfg(target_os = "linux")] + match user_conf_path { + Err(_) => { + // no user home, this may be the system attempting a load + let p = PathBuf::from("/etc/cosmian/kms.json"); + if p.exists() { + info!("No active user, using configuration at {p:?}"); + return Ok(p) + } + client_bail!("no configuration found at {p:?}, and no current user, bailing out"); + } + Ok(p) => { + // the user home exists, if there is no conf file, check /etc/cosmian/kms.json + if !p.exists() { + let sp = PathBuf::from("/etc/cosmian/kms.json"); + if sp.exists() { + info!( + "Linux user conf path is at: {p:?} but is empty, using {sp:?} instead" + ); + return Ok(sp) + } + info!( + "Linux user conf path is at: {p:?} and will be initialized with a default \ + value" + ); + } + Ok(p) + } + } } pub fn save(&self, conf_path: &PathBuf) -> Result<(), ClientError> { diff --git a/crate/client/src/import_utils.rs b/crate/client/src/import_utils.rs index 0ad773878..215940469 100644 --- a/crate/client/src/import_utils.rs +++ b/crate/client/src/import_utils.rs @@ -6,7 +6,7 @@ use crate::{ kmip_operations::Import, kmip_types::{Attributes, KeyWrapType, UniqueIdentifier}, }, - ClientError, ClientResultHelper, KmsClient, + ClientError, KmsClient, }; /// Import an Object into the KMS @@ -72,8 +72,6 @@ pub async fn import_object<'a, T: IntoIterator>>( // send the import request let response = kms_rest_client.import(import).await?; - response.unique_identifier.to_string().context( - "import_object: the server did not return a string unique identifier for the imported \ - object", - ) + // return the unique identifier + Ok(response.unique_identifier.to_string()) } diff --git a/crate/kmip/Cargo.toml b/crate/kmip/Cargo.toml index 39b43bfa3..f25a71a79 100644 --- a/crate/kmip/Cargo.toml +++ b/crate/kmip/Cargo.toml @@ -1,8 +1,11 @@ [package] name = "cosmian_kmip" -version = "4.15.2" -edition = "2021" -license-file = "../../LICENSE" +version.workspace = true +authors.workspace = true +edition.workspace = true +license.workspace = true +repository.workspace = true +rust-version.workspace = true [lib] # doc test linking as a separate binary is extremely slow diff --git a/crate/kmip/src/crypto/elliptic_curves/mod.rs b/crate/kmip/src/crypto/elliptic_curves/mod.rs index 7571ea3ef..7432dedb0 100644 --- a/crate/kmip/src/crypto/elliptic_curves/mod.rs +++ b/crate/kmip/src/crypto/elliptic_curves/mod.rs @@ -1,7 +1,8 @@ #[cfg(feature = "fips")] use crate::kmip::kmip_types::CryptographicUsageMask; -#[cfg(all(not(feature = "fips"), feature = "openssl"))] +#[cfg(not(feature = "fips"))] +#[cfg(feature = "openssl")] pub mod ecies; pub mod kmip_requests; pub mod operation; diff --git a/crate/kmip/src/crypto/generic/kmip_requests.rs b/crate/kmip/src/crypto/generic/kmip_requests.rs index 8baf80902..f0fe44650 100644 --- a/crate/kmip/src/crypto/generic/kmip_requests.rs +++ b/crate/kmip/src/crypto/generic/kmip_requests.rs @@ -8,8 +8,7 @@ use crate::{ kmip_objects::{Object, ObjectType}, kmip_operations::{Decrypt, Encrypt, ErrorReason, Import, Revoke}, kmip_types::{ - Attributes, CryptographicAlgorithm, CryptographicParameters, HashingAlgorithm, - KeyWrapType, RevocationReason, UniqueIdentifier, + Attributes, CryptographicParameters, KeyWrapType, RevocationReason, UniqueIdentifier, }, }, }; @@ -40,8 +39,7 @@ pub fn build_encryption_request( plaintext: Vec, header_metadata: Option>, authentication_data: Option>, - cryptographic_algorithm: Option, - hashing_algorithm: Option, + cryptographic_parameters: Option, ) -> Result { let data_to_encrypt = Zeroizing::from(if encryption_policy.is_some() { DataToEncrypt { @@ -55,12 +53,6 @@ pub fn build_encryption_request( plaintext }); - let cryptographic_parameters = cryptographic_algorithm.map(|ca| CryptographicParameters { - cryptographic_algorithm: Some(ca), - hashing_algorithm, - ..Default::default() - }); - Ok(Encrypt { unique_identifier: Some(UniqueIdentifier::TextString( key_unique_identifier.to_owned(), @@ -86,15 +78,8 @@ pub fn build_decryption_request( ciphertext: Vec, authenticated_tag: Option>, authentication_data: Option>, - cryptographic_algorithm: Option, - hashing_algorithm: Option, + cryptographic_parameters: Option, ) -> Decrypt { - let cryptographic_parameters = cryptographic_algorithm.map(|ca| CryptographicParameters { - cryptographic_algorithm: Some(ca), - hashing_algorithm, - ..Default::default() - }); - Decrypt { unique_identifier: Some(UniqueIdentifier::TextString( key_unique_identifier.to_owned(), diff --git a/crate/kmip/src/crypto/rsa/ckm_rsa_aes_key_wrap.rs b/crate/kmip/src/crypto/rsa/ckm_rsa_aes_key_wrap.rs index 3f123faa0..2f59e70d3 100644 --- a/crate/kmip/src/crypto/rsa/ckm_rsa_aes_key_wrap.rs +++ b/crate/kmip/src/crypto/rsa/ckm_rsa_aes_key_wrap.rs @@ -46,7 +46,7 @@ pub fn ckm_rsa_aes_key_wrap( // Encapsulate it using RSA-OAEP. let encapsulation = ckm_rsa_pkcs_oaep_key_wrap(pubkey, hash_fn, &kek)?; - // Wrap key according to RFC 5649 as recommended. + // Wrap key according to RFC 5649 (CKM_AES_KEY_WRAP_PAD) as recommended. let wk = rfc5649_wrap(plaintext, &kek)?; Ok([encapsulation, wk].concat()) diff --git a/crate/kmip/src/crypto/rsa/ckm_rsa_pkcs.rs b/crate/kmip/src/crypto/rsa/ckm_rsa_pkcs.rs new file mode 100644 index 000000000..21ae54033 --- /dev/null +++ b/crate/kmip/src/crypto/rsa/ckm_rsa_pkcs.rs @@ -0,0 +1,150 @@ +//! Implements the RSA Key Encryption Mechanism `CKM_RSA_PKCS` +//! a.k.a PKCS #1 RSA V1.5 as specified in PKCS#11 v2.40 available at +//! https://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226893 +//! +//! This scheme is no longer FIPS approved for wrap/unwrap encrypt/decrypt operations. +use openssl::{ + pkey::{PKey, Private, Public}, + pkey_ctx::PkeyCtx, +}; +use zeroize::Zeroizing; + +#[cfg(feature = "fips")] +use super::FIPS_MIN_RSA_MODULUS_LENGTH; +use crate::error::KmipError; +#[cfg(feature = "fips")] +use crate::kmip_bail; + +/// Key Wrap using `CKM_RSA_PKCS` +/// a.k.a PKCS #1 RSA V1.5 as specified in PKCS#11 v2.40 available at +/// https://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226893 +/// +/// The maximum dek length is k-11 where k is the length in octets of the RSA modulus +/// The output length is the same as the modulus length. +/// +/// Arguments: +/// - `pubkey`: the public key used to wrap the key +/// - `dek`: the data encryption key to wrap +pub fn ckm_rsa_pkcs_key_wrap(pub_key: &PKey, dek: &[u8]) -> Result, KmipError> { + let (mut ctx, mut ciphertext) = init_ckm_rsa_pkcs_encryption_context(pub_key)?; + ctx.encrypt_to_vec(dek, &mut ciphertext)?; + Ok(ciphertext) +} + +/// Encryption using `CKM_RSA_PKCS` +/// a.k.a PKCS #1 RSA V1.5 as specified in PKCS#11 v2.40 available at +/// https://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226893 +/// +/// The maximum plaintext length is k-11 where k is the length in octets of the RSA modulus +/// The output length is the same as the modulus length. +/// +/// Arguments: +/// - `pubkey`: the public key used to wrap the key +/// - `plaintext`: the plaintext to encrypt +pub fn ckm_rsa_pkcs_encrypt( + pub_key: &PKey, + plaintext: &[u8], +) -> Result, KmipError> { + let (mut ctx, mut ciphertext) = init_ckm_rsa_pkcs_encryption_context(pub_key)?; + ctx.encrypt_to_vec(plaintext, &mut ciphertext)?; + Ok(ciphertext) +} + +fn init_ckm_rsa_pkcs_encryption_context( + pub_key: &PKey, +) -> Result<(PkeyCtx, Vec), KmipError> { + let rsa_pub_key = pub_key.rsa()?; + + // The ciphertext has the same length as the modulus. + let encapsulation_bytes_len = rsa_pub_key.size() as usize; + let ciphertext = Vec::with_capacity(encapsulation_bytes_len); + + // Perform OAEP encryption. + let mut ctx = PkeyCtx::new(pub_key)?; + ctx.encrypt_init()?; + ctx.set_rsa_padding(openssl::rsa::Padding::PKCS1)?; + Ok((ctx, ciphertext)) +} + +/// Key Unwrap using `CKM_RSA_PKCS` +/// a.k.a PKCS #1 RSA V1.5 as specified in PKCS#11 v2.40 available at +/// https://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226893 +/// +/// The wrapped data encryption key (dek) should be of size k where k is the length in octets of the RSA modulus. +/// +/// The data encryption key length is k-11. +/// +/// Arguments: +/// - `pubkey`: the public key used to wrap the key +/// - `dek`: the `dek` of the data encryption key to unwrap +pub fn ckm_rsa_pkcs_key_unwrap( + priv_key: &PKey, + dek: &[u8], +) -> Result>, KmipError> { + let (mut ctx, mut plaintext) = init_ckm_rsa_pkcs_decryption_context(priv_key)?; + ctx.decrypt_to_vec(dek, &mut plaintext)?; + Ok(plaintext) +} + +/// Decrypt using `CKM_RSA_PKCS` +/// a.k.a PKCS #1 RSA V1.5 as specified in PKCS#11 v2.40 available at +/// https://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226893 +/// +/// The ciphertext should be of size k where k is the length in octets of the RSA modulus. +/// +/// The plaintext length is k-11. +/// +/// Arguments: +/// - `pubkey`: the public key used to wrap the key +/// - `hash_fn`: the hash function to use for OAEP +/// - `ciphertext`: the ciphertext to decrypt +pub fn ckm_rsa_pkcs_decrypt( + priv_key: &PKey, + ciphertext: &[u8], +) -> Result>, KmipError> { + let (mut ctx, mut plaintext) = init_ckm_rsa_pkcs_decryption_context(priv_key)?; + ctx.decrypt_to_vec(ciphertext, &mut plaintext)?; + Ok(plaintext) +} + +fn init_ckm_rsa_pkcs_decryption_context( + priv_key: &PKey, +) -> Result<(PkeyCtx, Zeroizing>), KmipError> { + let rsa_priv_key = priv_key.rsa()?; + + // The plaintext has length equal to the modulus length - 11 bytes. + let plaintext_bytes_len = rsa_priv_key.size() as usize - 11; + let plaintext = Zeroizing::from(Vec::with_capacity(plaintext_bytes_len)); + + // Perform OAEP encryption. + let mut ctx = PkeyCtx::new(priv_key)?; + ctx.decrypt_init()?; + ctx.set_rsa_padding(openssl::rsa::Padding::PKCS1)?; + Ok((ctx, plaintext)) +} + +#[cfg(test)] +mod tests { + use openssl::pkey::PKey; + use zeroize::Zeroizing; + + use crate::{ + crypto::rsa::ckm_rsa_pkcs::{ckm_rsa_pkcs_key_unwrap, ckm_rsa_pkcs_key_wrap}, + error::KmipError, + }; + + #[test] + fn test_ckm_rsa_pkcs_oaep() -> Result<(), KmipError> { + let priv_key = PKey::from_rsa(openssl::rsa::Rsa::generate(2048)?)?; + let pub_key = PKey::public_key_from_pem(&priv_key.public_key_to_pem()?)?; + + let dek_to_wrap = Zeroizing::from(vec![0x01; 2048 / 8 - 2 - 2 * 256 / 8]); + let wrapped_key = ckm_rsa_pkcs_key_wrap(&pub_key, &dek_to_wrap)?; + assert_eq!(wrapped_key.len(), 2048 / 8); + let unwrapped_key = ckm_rsa_pkcs_key_unwrap(&priv_key, &wrapped_key)?; + assert_eq!(unwrapped_key.len(), 2048 / 8 - 2 - 2 * 256 / 8); + assert_eq!(unwrapped_key, dek_to_wrap); + + Ok(()) + } +} diff --git a/crate/kmip/src/crypto/rsa/mod.rs b/crate/kmip/src/crypto/rsa/mod.rs index 1a7de122a..8a0e0ee0b 100644 --- a/crate/kmip/src/crypto/rsa/mod.rs +++ b/crate/kmip/src/crypto/rsa/mod.rs @@ -1,15 +1,19 @@ #[cfg(feature = "fips")] use crate::kmip::kmip_types::CryptographicUsageMask; +use crate::kmip::kmip_types::{ + CryptographicAlgorithm, CryptographicParameters, HashingAlgorithm, PaddingMethod, +}; #[cfg(feature = "openssl")] pub mod ckm_rsa_aes_key_wrap; #[cfg(feature = "openssl")] +#[cfg(not(feature = "fips"))] +pub mod ckm_rsa_pkcs; +#[cfg(feature = "openssl")] pub mod ckm_rsa_pkcs_oaep; pub mod kmip_requests; #[cfg(feature = "openssl")] pub mod operation; -#[cfg(feature = "openssl")] -pub mod rsa_oaep_aes_gcm; #[cfg(feature = "fips")] /// FIPS minimum modulus length in bits. @@ -30,3 +34,26 @@ pub const FIPS_PUBLIC_RSA_MASK: CryptographicUsageMask = CryptographicUsageMask: .union(CryptographicUsageMask::WrapKey) .union(CryptographicUsageMask::DeriveKey) .union(CryptographicUsageMask::KeyAgreement); + +#[must_use] +pub fn default_cryptographic_parameters( + cryptographic_parameters: Option<&CryptographicParameters>, +) -> (CryptographicAlgorithm, PaddingMethod, HashingAlgorithm) { + cryptographic_parameters + .map(|cp| { + ( + cp.cryptographic_algorithm + .unwrap_or(CryptographicAlgorithm::RSA), + cp.padding_method.unwrap_or(PaddingMethod::OAEP), + cp.hashing_algorithm.unwrap_or(HashingAlgorithm::SHA256), + ) + }) + .unwrap_or_else(|| { + ( + // default to CKM_RSA_PKCS_OAEP_KEY_WRAP + CryptographicAlgorithm::RSA, + PaddingMethod::OAEP, + HashingAlgorithm::SHA256, + ) + }) +} diff --git a/crate/kmip/src/crypto/rsa/rsa_oaep_aes_gcm.rs b/crate/kmip/src/crypto/rsa/rsa_oaep_aes_gcm.rs index fb9daff05..be75494cc 100644 --- a/crate/kmip/src/crypto/rsa/rsa_oaep_aes_gcm.rs +++ b/crate/kmip/src/crypto/rsa/rsa_oaep_aes_gcm.rs @@ -25,7 +25,7 @@ use crate::{ /// /// Send `c|iv|ct|tag` where `|` is the concatenation operator, `iv` the /// initialization vector and `tag` the authentication tag. -pub fn rsa_oaep_aes_gcm_encrypt( +pub fn ckm_rsa_oaep_aes_key_wrap_encrypt( pubkey: &PKey, hash_fn: HashingAlgorithm, plaintext: &[u8], @@ -123,7 +123,7 @@ mod tests { use openssl::{pkey::PKey, rand::rand_bytes}; use crate::{ - crypto::rsa::rsa_oaep_aes_gcm::{rsa_oaep_aes_gcm_decrypt, rsa_oaep_aes_gcm_encrypt}, + crypto::rsa::rsa_oaep_aes_gcm::{rsa_oaep_aes_gcm_decrypt, ckm_rsa_oaep_aes_key_wrap_encrypt}, error::KmipError, kmip::kmip_types::HashingAlgorithm, }; @@ -140,7 +140,7 @@ mod tests { let mut plaintext = [0; 256]; rand_bytes(&mut plaintext)?; - let ct = rsa_oaep_aes_gcm_encrypt( + let ct = ckm_rsa_oaep_aes_key_wrap_encrypt( &pubkey, HashingAlgorithm::SHA256, &plaintext, diff --git a/crate/kmip/src/kmip/kmip_types.rs b/crate/kmip/src/kmip/kmip_types.rs index f61fa9d0d..2c3911467 100644 --- a/crate/kmip/src/kmip/kmip_types.rs +++ b/crate/kmip/src/kmip/kmip_types.rs @@ -1969,15 +1969,6 @@ impl UniqueIdentifier { _ => None, } } - - /// Returns the value as a string if it is a `TextString` - #[must_use] - pub fn to_string(&self) -> Option { - match self { - UniqueIdentifier::TextString(s) => Some(s.clone()), - _ => None, - } - } } /// This field contains the version number of the protocol, ensuring that diff --git a/crate/logger/Cargo.toml b/crate/logger/Cargo.toml index 7468ce09e..0568c8613 100644 --- a/crate/logger/Cargo.toml +++ b/crate/logger/Cargo.toml @@ -1,9 +1,11 @@ [package] name = "cosmian_logger" -version = "4.15.2" -authors = ["Emmanuel Coste "] -edition = "2021" -license-file = "../../LICENSE" +version.workspace = true +authors.workspace = true +edition.workspace = true +license.workspace = true +repository.workspace = true +rust-version.workspace = true [dependencies] tracing = { workspace = true } diff --git a/crate/pkcs11/README.md b/crate/pkcs11/README.md index dbb087bb0..a0c2bd3c4 100644 --- a/crate/pkcs11/README.md +++ b/crate/pkcs11/README.md @@ -1,24 +1,6 @@ -# A PKCS#11 provider for Cosmian KMS +The PKCS#11 library is built from the `provider` crate. -This project builds libraries for Linux, MACOS and Windows, to use the Cosmian KMS as a PKCS#11 provider. +The `module` crate is a modified fork of Google native_pkcs11 crate. See its readme for details. -The PKCS#11 standard defines an API for cryptographic devices, such as hardware security modules (HSMs) and smart cards. -The Cosmian KMS is a cloud-based cryptographic service that provides a secure and scalable key management solution. - -The PKCS#11 2.40 standard is available at - - -The primary goal is to support the Cosmian KMS as a Veracrypt keyfiles provider, -but it can be used with any application that supports PKCS#11. - -## Building the project - -The project uses a submodule `natice-pkcs11` which is a fork of the Google project with the same name. - -To update the submodule, use the following command: - -```sh -git submodule update --init --recursive - ``` - -Please use the `data_objects` branch of the submodule which adds support for the required CKO_DATA object type. +The `sys`crate is a direct clone of the crate with the same name from the `native_pkcs11` crate. Its license is Apache +2.0. diff --git a/crate/pkcs11/module/APACHE_LICENSE b/crate/pkcs11/module/APACHE_LICENSE new file mode 100644 index 000000000..261eeb9e9 --- /dev/null +++ b/crate/pkcs11/module/APACHE_LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/crate/pkcs11/module/Cargo.toml b/crate/pkcs11/module/Cargo.toml new file mode 100644 index 000000000..a1fd11bb8 --- /dev/null +++ b/crate/pkcs11/module/Cargo.toml @@ -0,0 +1,39 @@ +[package] +name = "cosmian_pkcs11_module" +version.workspace = true +authors.workspace = true +edition.workspace = true +license.workspace = true +repository.workspace = true +rust-version.workspace = true +description = "Cross-platform PKCS#11 module written in rust, originally forked from Google/native_pkcs11" + +[lib] +doctest = false + +[dependencies] +bincode = "1.3.3" +hex = "0.4.3" +log = "0.4.21" +once_cell = "1.19.0" +p256 = { version = "0.13.2", default-features = false, features = [ + "arithmetic", + "pkcs8", + "std", +] } +pkcs1 = "0.7.5" +pkcs11_sys = { path = "../sys" } +rand = "0.8.5" +serde = { version = "1.0.197", features = ["derive"] } +strum_macros = "0.26.2" +thiserror = "1.0.57" +tracing = "0.1.40" +tracing-subscriber = { version = "0.3.18", features = ["env-filter"] } +zeroize = "1.7.0" + +[dev-dependencies] +serial_test = { version = "3.0.0", default-features = false } +tracing = { version = "0.1.40", default-features = false } +tracing-subscriber = { version = "0.3.18", default-features = false, features = [ + "env-filter", +] } diff --git a/crate/pkcs11/module/README.md b/crate/pkcs11/module/README.md new file mode 100644 index 000000000..8cc41c408 --- /dev/null +++ b/crate/pkcs11/module/README.md @@ -0,0 +1,36 @@ +# PKCS#11 Driver + +## Foreword + +This code is originally forked from commit +cc26f7f8a70359d98b9b589a712f7a559688b348 released under Apache License 2.0, provided in this directory. Since Google did +not seem to be interested in our PRs, the original code has been copied and heavily modified to cover our uses cases. + +Original authors include: + +- "Brandon Weeks " +- "Kevin King " + +The modified code is released under the Business Source License 1.1, as is the rest of this project. + +## Implementing + +The `native_pkcs11_traits::Backend` trait must be implemented to add support for +a store. Backends are registered in the exported +`C_GetFunctionList` function. In order to register a backend, export the method from +the crate. For example: + +```rust +use native_pkcs11::{CKR_OK, CK_FUNCTION_LIST_PTR_PTR, CK_RV, FUNC_LIST}; + +#[no_mangle] +pub extern "C" fn C_GetFunctionList(function_list_ptr_ptr: CK_FUNCTION_LIST_PTR_PTR) -> CK_RV { + // add the custom backend + native_pkcs11_traits::register_backend(Box::new(backend::MyBackend {})); + // assign this function to the native-pkcs11 function list C_GetFunctionList + FUNC_LIST.C_GetFunctionList = Some(C_GetFunctionList); + // assign the result to the output parameter + unsafe { *function_list_ptr_ptr = &mut FUNC_LIST }; + return CKR_OK; +} +``` diff --git a/crate/pkcs11/module/src/core/attribute.rs b/crate/pkcs11/module/src/core/attribute.rs new file mode 100644 index 000000000..c0fdca779 --- /dev/null +++ b/crate/pkcs11/module/src/core/attribute.rs @@ -0,0 +1,421 @@ +// Copyright 2024 Cosmian Tech SAS +// Changes made to the original code are +// licensed under the Business Source License version 1.1. +// +//Original code: +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +use core::ops::Deref; +use std::ffi::CString; + +use pkcs11_sys::{ + CKA_ALWAYS_AUTHENTICATE, CKA_ALWAYS_SENSITIVE, CKA_APPLICATION, CKA_CERTIFICATE_CATEGORY, + CKA_CERTIFICATE_TYPE, CKA_CLASS, CKA_COEFFICIENT, CKA_DECRYPT, CKA_EC_PARAMS, CKA_EC_POINT, + CKA_ENCRYPT, CKA_EXPONENT_1, CKA_EXPONENT_2, CKA_EXTRACTABLE, CKA_ID, CKA_ISSUER, CKA_KEY_TYPE, + CKA_LABEL, CKA_MODULUS, CKA_MODULUS_BITS, CKA_NEVER_EXTRACTABLE, CKA_PRIME_1, CKA_PRIME_2, + CKA_PRIVATE, CKA_PRIVATE_EXPONENT, CKA_PROFILE_ID, CKA_PUBLIC_EXPONENT, CKA_SENSITIVE, + CKA_SERIAL_NUMBER, CKA_SIGN, CKA_SIGN_RECOVER, CKA_SUBJECT, CKA_TOKEN, CKA_TRUSTED, CKA_UNWRAP, + CKA_VALUE, CKA_VALUE_LEN, CKA_VERIFY, CKA_VERIFY_RECOVER, CKA_WRAP, CKC_X_509, CK_ATTRIBUTE, + CK_ATTRIBUTE_TYPE, CK_BBOOL, CK_CERTIFICATE_CATEGORY, CK_CERTIFICATE_TYPE, CK_FALSE, + CK_KEY_TYPE, CK_OBJECT_CLASS, CK_PROFILE_ID, CK_TRUE, CK_ULONG, +}; +use strum_macros::Display; +use tracing::{debug, trace}; + +use crate::{MError, MResult}; + +#[derive(Debug, Display, PartialEq, Eq, Clone, Copy)] +pub enum AttributeType { + AlwaysAuthenticate, + AlwaysSensitive, + Application, + CertificateCategory, + CertificateType, + Class, + Coefficient, + Decrypt, + EcParams, + EcPoint, + Encrypt, + Exponent1, + Exponent2, + Extractable, + Id, + Issuer, + KeyType, + Label, + Modulus, + ModulusBits, + NeverExtractable, + Prime1, + Prime2, + Private, + PrivateExponent, + ProfileId, + PublicExponent, + Sensitive, + SerialNumber, + Sign, + SignRecover, + Subject, + Token, + Trusted, + Unwrap, + Value, + ValueLen, + Verify, + VerifyRecover, + Wrap, +} + +impl TryFrom for AttributeType { + type Error = MError; + + fn try_from(type_: CK_ATTRIBUTE_TYPE) -> MResult { + match type_ { + CKA_ALWAYS_AUTHENTICATE => Ok(AttributeType::AlwaysAuthenticate), + CKA_ALWAYS_SENSITIVE => Ok(AttributeType::AlwaysSensitive), + CKA_APPLICATION => Ok(AttributeType::Application), + CKA_CERTIFICATE_CATEGORY => Ok(AttributeType::CertificateCategory), + CKA_CERTIFICATE_TYPE => Ok(AttributeType::CertificateType), + CKA_CLASS => Ok(AttributeType::Class), + CKA_COEFFICIENT => Ok(AttributeType::Coefficient), + CKA_DECRYPT => Ok(AttributeType::Decrypt), + CKA_EC_PARAMS => Ok(AttributeType::EcParams), + CKA_EC_POINT => Ok(AttributeType::EcPoint), + CKA_ENCRYPT => Ok(AttributeType::Encrypt), + CKA_EXPONENT_1 => Ok(AttributeType::Exponent1), + CKA_EXPONENT_2 => Ok(AttributeType::Exponent2), + CKA_EXTRACTABLE => Ok(AttributeType::Extractable), + CKA_ID => Ok(AttributeType::Id), + CKA_ISSUER => Ok(AttributeType::Issuer), + CKA_KEY_TYPE => Ok(AttributeType::KeyType), + CKA_LABEL => Ok(AttributeType::Label), + CKA_MODULUS => Ok(AttributeType::Modulus), + CKA_MODULUS_BITS => Ok(AttributeType::ModulusBits), + CKA_NEVER_EXTRACTABLE => Ok(AttributeType::NeverExtractable), + CKA_PRIME_1 => Ok(AttributeType::Prime1), + CKA_PRIME_2 => Ok(AttributeType::Prime2), + CKA_PRIVATE => Ok(AttributeType::Private), + CKA_PRIVATE_EXPONENT => Ok(AttributeType::PrivateExponent), + CKA_PROFILE_ID => Ok(AttributeType::ProfileId), + CKA_PUBLIC_EXPONENT => Ok(AttributeType::PublicExponent), + CKA_SENSITIVE => Ok(AttributeType::Sensitive), + CKA_SIGN => Ok(AttributeType::Sign), + CKA_SIGN_RECOVER => Ok(AttributeType::SignRecover), + CKA_SERIAL_NUMBER => Ok(AttributeType::SerialNumber), + CKA_SUBJECT => Ok(AttributeType::Subject), + CKA_TOKEN => Ok(AttributeType::Token), + CKA_TRUSTED => Ok(AttributeType::Trusted), + CKA_UNWRAP => Ok(AttributeType::Unwrap), + CKA_VALUE => Ok(AttributeType::Value), + CKA_VALUE_LEN => Ok(AttributeType::ValueLen), + CKA_VERIFY => Ok(AttributeType::Verify), + CKA_VERIFY_RECOVER => Ok(AttributeType::VerifyRecover), + CKA_WRAP => Ok(AttributeType::Wrap), + _ => Err(MError::AttributeTypeInvalid(type_)), + } + } +} + +#[derive(Debug, PartialEq, Eq, Clone)] +pub enum Attribute { + AlwaysAuthenticate(bool), + AlwaysSensitive(bool), + Application(CString), + CertificateCategory(CK_CERTIFICATE_CATEGORY), + CertificateType(CK_CERTIFICATE_TYPE), + Class(CK_OBJECT_CLASS), + Coefficient(Vec), + Decrypt(bool), + EcParams(Vec), + EcPoint(Vec), + Encrypt(bool), + Exponent1(Vec), + Exponent2(Vec), + Extractable(bool), + Id(Vec), + Issuer(Vec), + KeyType(CK_KEY_TYPE), + Label(String), + Modulus(Vec), + ModulusBits(CK_ULONG), + NeverExtractable(bool), + Prime1(Vec), + Prime2(Vec), + Private(bool), + PrivateExponent(Vec), + ProfileId(CK_PROFILE_ID), + PublicExponent(Vec), + Sensitive(bool), + SerialNumber(Vec), + Sign(bool), + SignRecover(bool), + Subject(Vec), + Token(bool), + Trusted(bool), + Unwrap(bool), + Value(Vec), + ValueLen(CK_ULONG), + Verify(bool), + VerifyRecover(bool), + Wrap(bool), +} + +impl Attribute { + #[must_use] + pub fn attribute_type(&self) -> AttributeType { + match self { + Attribute::AlwaysAuthenticate(_) => AttributeType::AlwaysAuthenticate, + Attribute::AlwaysSensitive(_) => AttributeType::AlwaysSensitive, + Attribute::Application(_) => AttributeType::Application, + Attribute::CertificateCategory(_) => AttributeType::CertificateCategory, + Attribute::CertificateType(_) => AttributeType::CertificateType, + Attribute::Class(_) => AttributeType::Class, + Attribute::Coefficient(_) => AttributeType::Coefficient, + Attribute::Decrypt(_) => AttributeType::Decrypt, + Attribute::EcParams(_) => AttributeType::EcParams, + Attribute::EcPoint(_) => AttributeType::EcPoint, + Attribute::Encrypt(_) => AttributeType::Encrypt, + Attribute::Exponent1(_) => AttributeType::Exponent1, + Attribute::Exponent2(_) => AttributeType::Exponent2, + Attribute::Extractable(_) => AttributeType::Extractable, + Attribute::Id(_) => AttributeType::Id, + Attribute::Issuer(_) => AttributeType::Issuer, + Attribute::KeyType(_) => AttributeType::KeyType, + Attribute::Label(_) => AttributeType::Label, + Attribute::Modulus(_) => AttributeType::Modulus, + Attribute::ModulusBits(_) => AttributeType::ModulusBits, + Attribute::NeverExtractable(_) => AttributeType::NeverExtractable, + Attribute::Prime1(_) => AttributeType::Prime1, + Attribute::Prime2(_) => AttributeType::Prime2, + Attribute::Private(_) => AttributeType::Private, + Attribute::PrivateExponent(_) => AttributeType::PrivateExponent, + Attribute::ProfileId(_) => AttributeType::ProfileId, + Attribute::PublicExponent(_) => AttributeType::PublicExponent, + Attribute::Sensitive(_) => AttributeType::Sensitive, + Attribute::SerialNumber(_) => AttributeType::SerialNumber, + Attribute::Sign(_) => AttributeType::Sign, + Attribute::SignRecover(_) => AttributeType::SignRecover, + Attribute::Subject(_) => AttributeType::Subject, + Attribute::Token(_) => AttributeType::Token, + Attribute::Trusted(_) => AttributeType::Trusted, + Attribute::Unwrap(_) => AttributeType::Unwrap, + Attribute::Value(_) => AttributeType::Value, + Attribute::ValueLen(_) => AttributeType::ValueLen, + Attribute::Verify(_) => AttributeType::Verify, + Attribute::VerifyRecover(_) => AttributeType::VerifyRecover, + Attribute::Wrap(_) => AttributeType::Wrap, + } + } + + #[must_use] + pub fn as_raw_value(&self) -> Vec { + match self { + Attribute::AlwaysAuthenticate(bool) + | Attribute::AlwaysSensitive(bool) + | Attribute::Decrypt(bool) + | Attribute::Encrypt(bool) + | Attribute::Extractable(bool) + | Attribute::NeverExtractable(bool) + | Attribute::Private(bool) + | Attribute::Sensitive(bool) + | Attribute::Sign(bool) + | Attribute::SignRecover(bool) + | Attribute::Token(bool) + | Attribute::Trusted(bool) + | Attribute::Unwrap(bool) + | Attribute::Verify(bool) + | Attribute::VerifyRecover(bool) + | Attribute::Wrap(bool) => { + CK_BBOOL::to_ne_bytes(if *bool { CK_TRUE } else { CK_FALSE }).to_vec() + } + Attribute::CertificateCategory(int) + | Attribute::CertificateType(int) + | Attribute::Class(int) + | Attribute::KeyType(int) + | Attribute::ModulusBits(int) + | Attribute::ProfileId(int) + | Attribute::ValueLen(int) => int.to_ne_bytes().to_vec(), + Attribute::Coefficient(bytes) + | Attribute::EcParams(bytes) + | Attribute::EcPoint(bytes) + | Attribute::Exponent1(bytes) + | Attribute::Exponent2(bytes) + | Attribute::Id(bytes) + | Attribute::Issuer(bytes) + | Attribute::Modulus(bytes) + | Attribute::Prime1(bytes) + | Attribute::Prime2(bytes) + | Attribute::PrivateExponent(bytes) + | Attribute::PublicExponent(bytes) + | Attribute::SerialNumber(bytes) + | Attribute::Subject(bytes) + | Attribute::Value(bytes) => bytes.clone(), + Attribute::Application(c_string) => c_string.as_bytes().to_vec(), + Attribute::Label(string) => string.as_bytes().to_vec(), + } + } +} + +impl TryFrom for Attribute { + type Error = MError; + + fn try_from(attribute: CK_ATTRIBUTE) -> MResult { + trace!("Parsing attribute: {:?}", attribute); + let attr_type = AttributeType::try_from(attribute.type_)?; + let val = if attribute.ulValueLen > 0 { + if attribute.pValue.is_null() { + return Err(MError::NullPtr); + } + unsafe { + std::slice::from_raw_parts( + attribute.pValue as *const u8, + attribute.ulValueLen.try_into()?, + ) + } + } else { + &[] + }; + + let attr = match attr_type { + AttributeType::AlwaysAuthenticate => { + Ok(Attribute::AlwaysAuthenticate(try_u8_into_bool(val)?)) + } + AttributeType::AlwaysSensitive => { + Ok(Attribute::AlwaysSensitive(try_u8_into_bool(val)?)) + } + AttributeType::Application => Ok(Attribute::Application(CString::from_vec_with_nul( + val.to_vec(), + )?)), + AttributeType::CertificateCategory => Ok(Attribute::CertificateCategory( + CK_CERTIFICATE_CATEGORY::from_ne_bytes(val.try_into()?), + )), + AttributeType::CertificateType => Ok(Attribute::CertificateType( + CK_CERTIFICATE_TYPE::from_ne_bytes(val.try_into()?), + )), + AttributeType::Class => Ok(Attribute::Class(CK_OBJECT_CLASS::from_ne_bytes( + val.try_into()?, + ))), + AttributeType::Coefficient => Ok(Attribute::Coefficient(val.to_vec())), + AttributeType::Decrypt => Ok(Attribute::Decrypt(try_u8_into_bool(val)?)), + AttributeType::EcParams => Ok(Attribute::EcParams(val.to_vec())), + AttributeType::EcPoint => Ok(Attribute::EcPoint(val.to_vec())), + AttributeType::Encrypt => Ok(Attribute::Encrypt(try_u8_into_bool(val)?)), + AttributeType::Exponent1 => Ok(Attribute::Exponent1(val.to_vec())), + AttributeType::Exponent2 => Ok(Attribute::Exponent2(val.to_vec())), + AttributeType::Extractable => Ok(Attribute::Extractable(try_u8_into_bool(val)?)), + AttributeType::Id => Ok(Attribute::Id(val.to_vec())), + AttributeType::Issuer => Ok(Attribute::Issuer(val.to_vec())), + AttributeType::KeyType => Ok(Attribute::KeyType(CK_KEY_TYPE::from_ne_bytes( + val.try_into()?, + ))), + AttributeType::Label => Ok(Attribute::Label(String::from_utf8(val.to_vec())?)), + AttributeType::Modulus => Ok(Attribute::Modulus(val.to_vec())), + AttributeType::ModulusBits => Ok(Attribute::ModulusBits(CK_ULONG::from_ne_bytes( + val.try_into()?, + ))), + AttributeType::NeverExtractable => { + Ok(Attribute::NeverExtractable(try_u8_into_bool(val)?)) + } + AttributeType::Prime1 => Ok(Attribute::Prime1(val.to_vec())), + AttributeType::Prime2 => Ok(Attribute::Prime2(val.to_vec())), + AttributeType::Private => Ok(Attribute::Private(try_u8_into_bool(val)?)), + AttributeType::PrivateExponent => Ok(Attribute::PrivateExponent(val.to_vec())), + AttributeType::ProfileId => Ok(Attribute::ProfileId(CK_ULONG::from_ne_bytes( + val.try_into()?, + ))), + AttributeType::PublicExponent => Ok(Attribute::PublicExponent(val.to_vec())), + AttributeType::Sensitive => Ok(Attribute::Sensitive(try_u8_into_bool(val)?)), + AttributeType::SerialNumber => Ok(Attribute::SerialNumber(val.to_vec())), + AttributeType::Subject => Ok(Attribute::Subject(val.to_vec())), + AttributeType::Sign => Ok(Attribute::Sign(try_u8_into_bool(val)?)), + AttributeType::SignRecover => Ok(Attribute::SignRecover(try_u8_into_bool(val)?)), + AttributeType::Token => Ok(Attribute::Token(try_u8_into_bool(val)?)), + AttributeType::Trusted => Ok(Attribute::Trusted(try_u8_into_bool(val)?)), + AttributeType::Unwrap => Ok(Attribute::Unwrap(try_u8_into_bool(val)?)), + AttributeType::Value => Ok(Attribute::Value(val.to_vec())), + AttributeType::ValueLen => Ok(Attribute::ValueLen(CK_ULONG::from_ne_bytes( + val.try_into()?, + ))), + AttributeType::Verify => Ok(Attribute::Verify(try_u8_into_bool(val)?)), + AttributeType::VerifyRecover => Ok(Attribute::VerifyRecover(try_u8_into_bool(val)?)), + AttributeType::Wrap => Ok(Attribute::Wrap(try_u8_into_bool(val)?)), + }; + + debug!("Attribute {:?} => {:?}", attribute, attr); + attr + } +} + +// Borrowed from: +// https://github.com/parallaxsecond/rust-cryptoki/blob/89055f2a30e30d07a99e5904e9231d743c75d8e5/cryptoki/src/object.rs#L769 +fn try_u8_into_bool(slice: &[u8]) -> MResult { + let as_array: [u8; std::mem::size_of::()] = slice.try_into()?; + let as_byte = CK_BBOOL::from_ne_bytes(as_array); + Ok(!matches!(as_byte, 0u8)) +} + +#[derive(Debug, Clone)] +pub struct Attributes(Vec); + +impl Attributes { + #[must_use] + pub fn get(&self, type_: AttributeType) -> Option<&Attribute> { + self.0.iter().find(|&attr| attr.attribute_type() == type_) + } + + pub fn get_class(&self) -> MResult { + match self.get(AttributeType::Class) { + Some(Attribute::Class(class)) => Ok(*class), + None => Err(MError::Todo("get_class: no class attribute".to_string())), + other => Err(MError::Todo(format!( + "get_class: unexpected attribute value: {other:?}, on class attribute type" + ))), + } + } + + /// Ensure that the attributes contain a `CKC_X_509` certificate request or None. + pub fn ensure_X509_or_none(&self) -> MResult<()> { + match self.get(AttributeType::CertificateType) { + Some(Attribute::CertificateType(cert_type)) => match *cert_type { + CKC_X_509 => Ok(()), + _ => Err(MError::Todo(format!( + "ensure_X509_or_none: support for certificate type: {cert_type} is not \ + implemented" + ))), + }, + Some(other_type) => Err(MError::Todo(format!( + "ensure_X509_or_none: unexpected attribute value: {other_type:?}, on class \ + attribute type" + ))), + None => Ok(()), + } + } +} + +impl Deref for Attributes { + type Target = Vec; + + fn deref(&self) -> &Vec { + &self.0 + } +} + +impl From> for Attributes { + fn from(value: Vec) -> Self { + Attributes(value) + } +} diff --git a/crate/pkcs11/module/src/core/compoundid.rs b/crate/pkcs11/module/src/core/compoundid.rs new file mode 100644 index 000000000..197120e6b --- /dev/null +++ b/crate/pkcs11/module/src/core/compoundid.rs @@ -0,0 +1,43 @@ +// Copyright 2024 Cosmian Tech SAS +// Changes made to the original code are +// licensed under the Business Source License version 1.1. +// +//Original code: +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +use bincode::Options; + +use crate::MResult; + +#[derive(serde::Serialize, serde::Deserialize)] +pub struct Id { + pub label: Option, + pub hash: Vec, +} + +fn bincode_opts() -> impl bincode::Options { + bincode::options() + .with_limit(2048) + .reject_trailing_bytes() + .with_fixint_encoding() +} + +pub fn encode(id: &Id) -> MResult> { + Ok(bincode_opts().serialize(id)?) +} + +pub fn decode(data: &[u8]) -> MResult { + Ok(bincode_opts().deserialize(data)?) +} diff --git a/crate/pkcs11/module/src/core/mechanism.rs b/crate/pkcs11/module/src/core/mechanism.rs new file mode 100644 index 000000000..63c0e8b7f --- /dev/null +++ b/crate/pkcs11/module/src/core/mechanism.rs @@ -0,0 +1,169 @@ +// Copyright 2024 Cosmian Tech SAS +// Changes made to the original code are +// licensed under the Business Source License version 1.1. +// +//Original code: +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +use pkcs11_sys::{ + CKG_MGF1_SHA1, CKG_MGF1_SHA224, CKG_MGF1_SHA256, CKG_MGF1_SHA384, CKG_MGF1_SHA512, CKM_ECDSA, + CKM_RSA_PKCS, CKM_RSA_PKCS_PSS, CKM_SHA1_RSA_PKCS, CKM_SHA224, CKM_SHA256, CKM_SHA256_RSA_PKCS, + CKM_SHA384, CKM_SHA384_RSA_PKCS, CKM_SHA512, CKM_SHA512_RSA_PKCS, CKM_SHA_1, CK_MECHANISM, + CK_MECHANISM_TYPE, CK_RSA_PKCS_PSS_PARAMS, +}; + +use crate::{ + traits::{DigestType, EncryptionAlgorithm, SignatureAlgorithm}, + MError, +}; + +pub const SUPPORTED_SIGNATURE_MECHANISMS: &[CK_MECHANISM_TYPE] = &[ + CKM_RSA_PKCS, + CKM_SHA1_RSA_PKCS, + CKM_SHA256_RSA_PKCS, + CKM_SHA384_RSA_PKCS, + CKM_SHA512_RSA_PKCS, + CKM_ECDSA, + CKM_RSA_PKCS_PSS, +]; + +#[derive(Debug)] +pub enum Mechanism { + Ecdsa, + RsaPkcs, + RsaPkcsSha1, + RsaPkcsSha256, + RsaPkcsSha384, + RsaPkcsSha512, + RsaPss { + digest_algorithm: DigestType, + mask_generation_function: DigestType, + salt_length: u64, + }, +} + +#[allow(clippy::missing_safety_doc)] +pub unsafe fn parse_mechanism(mechanism: CK_MECHANISM) -> Result { + match mechanism.mechanism { + CKM_ECDSA => Ok(Mechanism::Ecdsa), + CKM_RSA_PKCS => Ok(Mechanism::RsaPkcs), + CKM_SHA1_RSA_PKCS => Ok(Mechanism::RsaPkcsSha1), + CKM_SHA256_RSA_PKCS => Ok(Mechanism::RsaPkcsSha256), + CKM_SHA384_RSA_PKCS => Ok(Mechanism::RsaPkcsSha384), + CKM_SHA512_RSA_PKCS => Ok(Mechanism::RsaPkcsSha512), + CKM_RSA_PKCS_PSS => { + // Bind to locals to prevent unaligned reads https://github.com/rust-lang/rust/issues/82523 + let mechanism_type = mechanism.mechanism; + let parameter_ptr = mechanism.pParameter; + let parameter_len = mechanism.ulParameterLen; + if parameter_ptr.is_null() { + tracing::error!("pParameter null"); + return Err(MError::MechanismInvalid(mechanism_type)); + } + if (parameter_len as usize) != std::mem::size_of::() { + tracing::error!( + "pParameter incorrect: {} != {}", + parameter_len, + std::mem::size_of::() + ); + return Err(MError::MechanismInvalid(mechanism_type)); + } + // TODO(kcking): check alignment as well? + let params: CK_RSA_PKCS_PSS_PARAMS = + unsafe { parameter_ptr.cast::().read() }; + let mgf = params.mgf; + let hash_alg = params.hashAlg; + let salt_len = params.sLen; + + let mgf = match mgf { + CKG_MGF1_SHA1 => DigestType::Sha1, + CKG_MGF1_SHA224 => DigestType::Sha224, + CKG_MGF1_SHA256 => DigestType::Sha256, + CKG_MGF1_SHA384 => DigestType::Sha384, + CKG_MGF1_SHA512 => DigestType::Sha512, + _ => { + tracing::error!("Unsupported mgf: {}", mgf); + return Err(MError::MechanismInvalid(mechanism_type)); + } + }; + + let hash_alg = match hash_alg { + CKM_SHA_1 => DigestType::Sha1, + CKM_SHA224 => DigestType::Sha224, + CKM_SHA256 => DigestType::Sha256, + CKM_SHA384 => DigestType::Sha384, + CKM_SHA512 => DigestType::Sha512, + _ => { + tracing::error!("Unsupported hashAlg: {}", hash_alg); + return Err(MError::MechanismInvalid(mechanism_type)); + } + }; + + #[allow(clippy::unnecessary_cast)] + Ok(Mechanism::RsaPss { + digest_algorithm: hash_alg, + mask_generation_function: mgf, + // Cast needed on windows + salt_length: salt_len as u64, + }) + } + _ => Err(MError::MechanismInvalid(mechanism.mechanism)), + } +} + +impl From for CK_MECHANISM_TYPE { + fn from(mechanism: Mechanism) -> Self { + match mechanism { + Mechanism::Ecdsa => CKM_ECDSA, + Mechanism::RsaPkcs => CKM_RSA_PKCS, + Mechanism::RsaPkcsSha1 => CKM_SHA1_RSA_PKCS, + Mechanism::RsaPkcsSha256 => CKM_SHA256_RSA_PKCS, + Mechanism::RsaPkcsSha384 => CKM_SHA384_RSA_PKCS, + Mechanism::RsaPkcsSha512 => CKM_SHA512_RSA_PKCS, + Mechanism::RsaPss { .. } => CKM_RSA_PKCS_PSS, + } + } +} + +impl From for SignatureAlgorithm { + fn from(mechanism: Mechanism) -> Self { + match mechanism { + Mechanism::Ecdsa => SignatureAlgorithm::Ecdsa, + Mechanism::RsaPkcs => SignatureAlgorithm::RsaPkcs1v15Raw, + Mechanism::RsaPkcsSha1 => SignatureAlgorithm::RsaPkcs1v15Sha1, + Mechanism::RsaPkcsSha256 => SignatureAlgorithm::RsaPkcs1v15Sha256, + Mechanism::RsaPkcsSha384 => SignatureAlgorithm::RsaPkcs1v15Sha512, + Mechanism::RsaPkcsSha512 => SignatureAlgorithm::RsaPkcs1v15Sha384, + Mechanism::RsaPss { + digest_algorithm, + mask_generation_function, + salt_length, + } => SignatureAlgorithm::RsaPss { + digest: digest_algorithm, + mask_generation_function, + salt_length, + }, + } + } +} + +impl From for EncryptionAlgorithm { + fn from(mechanism: Mechanism) -> Self { + match mechanism { + Mechanism::RsaPkcs => EncryptionAlgorithm::RsaPkcs1v15, + x => panic!("Unsupported encryption algorithm: {x:?}"), + } + } +} diff --git a/crate/pkcs11/module/src/core/mod.rs b/crate/pkcs11/module/src/core/mod.rs new file mode 100644 index 000000000..3fff85fdb --- /dev/null +++ b/crate/pkcs11/module/src/core/mod.rs @@ -0,0 +1,23 @@ +// Copyright 2024 Cosmian Tech SAS +// Changes made to the original code are +// licensed under the Business Source License version 1.1. +// +//Original code: +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +pub mod attribute; +pub mod compoundid; +pub mod mechanism; +pub mod object; diff --git a/crate/pkcs11/module/src/core/object.rs b/crate/pkcs11/module/src/core/object.rs new file mode 100644 index 000000000..dab302c19 --- /dev/null +++ b/crate/pkcs11/module/src/core/object.rs @@ -0,0 +1,266 @@ +// Copyright 2024 Cosmian Tech SAS +// Changes made to the original code are +// licensed under the Business Source License version 1.1. +// +//Original code: +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +use std::{fmt::Debug, sync::Arc}; + +use p256::pkcs8::{ + der::{asn1::OctetString, Encode}, + AssociatedOid, +}; +use pkcs1::{der::Decode, RsaPublicKey}; +use pkcs11_sys::{ + CKC_X_509, CKK_EC, CKK_RSA, CKO_CERTIFICATE, CKO_DATA, CKO_PRIVATE_KEY, CKO_PROFILE, + CKO_PUBLIC_KEY, CK_CERTIFICATE_CATEGORY_UNSPECIFIED, CK_PROFILE_ID, +}; +use tracing::debug; + +use crate::{ + core::attribute::{Attribute, AttributeType, Attributes}, + traits::{ + backend, Certificate, DataObject, KeyAlgorithm, PrivateKey, PublicKey, RemoteObjectId, + }, +}; + +// TODO(bweeks): resolve by improving the ObjectStore implementation. +#[allow(clippy::derived_hash_with_manual_eq)] +#[derive(Debug, Hash, Eq, Clone)] +pub enum Object { + Certificate(Arc), + PrivateKey(Arc), + Profile(CK_PROFILE_ID), + PublicKey(Arc), + DataObject(Arc), + RemoteObjectId(Arc), +} + +// #[derive(PartialEq)] fails to compile because it tries to move the Box<_>ed +// values. +// https://github.com/rust-lang/rust/issues/78808#issuecomment-723304465 +impl PartialEq for Object { + fn eq(&self, other: &Self) -> bool { + match (self, other) { + (Self::Certificate(l0), Self::Certificate(r0)) => l0 == r0, + (Self::PrivateKey(l0), Self::PrivateKey(r0)) => l0 == r0, + (Self::Profile(l0), Self::Profile(r0)) => l0 == r0, + (Self::PublicKey(l0), Self::PublicKey(r0)) => l0 == r0, + (Self::DataObject(l0), Self::DataObject(r0)) => l0 == r0, + (Self::RemoteObjectId(l0), Self::RemoteObjectId(r0)) => l0 == r0, + ( + Self::Certificate(_) + | Self::PrivateKey(_) + | Self::Profile(_) + | Self::PublicKey(_) + | Self::DataObject(_) + | Self::RemoteObjectId(_), + _, + ) => false, + } + } +} + +impl Object { + pub fn attribute(&self, type_: AttributeType) -> Option { + let attribute = match self { + Object::Certificate(cert) => match type_ { + AttributeType::CertificateCategory => Some(Attribute::CertificateCategory( + CK_CERTIFICATE_CATEGORY_UNSPECIFIED, + )), + AttributeType::CertificateType => Some(Attribute::CertificateType(CKC_X_509)), + AttributeType::Class => Some(Attribute::Class(CKO_CERTIFICATE)), + AttributeType::Id => Some(Attribute::Id( + crate::core::compoundid::encode(&crate::core::compoundid::Id { + label: Some(cert.label()), + hash: cert.public_key().public_key_hash(), + }) + .ok()?, + )), + AttributeType::Issuer => cert.issuer().map(Attribute::Issuer).ok(), + AttributeType::Label => Some(Attribute::Label(cert.label())), + AttributeType::Token => Some(Attribute::Token(true)), + AttributeType::Trusted => Some(Attribute::Trusted(false)), + AttributeType::SerialNumber => { + cert.serial_number().map(Attribute::SerialNumber).ok() + } + AttributeType::Subject => cert.subject().map(Attribute::Subject).ok(), + AttributeType::Value => cert.to_der().map(Attribute::Value).ok(), + _ => { + debug!("certificate: type_ unimplemented: {:?}", type_); + None + } + }, + Object::PrivateKey(private_key) => match type_ { + AttributeType::AlwaysSensitive => Some(Attribute::AlwaysSensitive(true)), + AttributeType::AlwaysAuthenticate => Some(Attribute::AlwaysAuthenticate(false)), + AttributeType::Class => Some(Attribute::Class(CKO_PRIVATE_KEY)), + AttributeType::Decrypt => Some(Attribute::Decrypt(false)), + AttributeType::EcParams => { + Some(Attribute::EcParams(p256::NistP256::OID.to_der().ok()?)) + } + AttributeType::Extractable => Some(Attribute::Extractable(false)), + AttributeType::Id => Some(Attribute::Id( + crate::core::compoundid::encode(&crate::core::compoundid::Id { + label: Some(private_key.label()), + hash: private_key.public_key_id(), + }) + .ok()?, + )), + AttributeType::KeyType => Some(Attribute::KeyType(match private_key.algorithm() { + KeyAlgorithm::Rsa => CKK_RSA, + KeyAlgorithm::Ecc => CKK_EC, + })), + AttributeType::Label => Some(Attribute::Label(private_key.label())), + AttributeType::Modulus => { + let modulus = private_key + .find_public_key(backend()) + .ok() + .flatten() + .and_then(|public_key| { + let der = public_key.to_der(); + RsaPublicKey::from_der(&der) + .map(|pk| pk.modulus.as_bytes().to_vec()) + .ok() + }); + modulus.map(Attribute::Modulus) + } + AttributeType::NeverExtractable => Some(Attribute::NeverExtractable(true)), + AttributeType::Private => Some(Attribute::Private(true)), + AttributeType::PublicExponent => { + let public_exponent = private_key + .find_public_key(backend()) + .ok() + .flatten() + .and_then(|public_key| { + let der = public_key.to_der(); + RsaPublicKey::from_der(&der) + .map(|pk| pk.public_exponent.as_bytes().to_vec()) + .ok() + }); + public_exponent.map(Attribute::PublicExponent) + } + AttributeType::Sensitive => Some(Attribute::Sensitive(true)), + AttributeType::Sign => Some(Attribute::Sign(true)), + AttributeType::SignRecover => Some(Attribute::SignRecover(false)), + AttributeType::Token => Some(Attribute::Token(true)), + AttributeType::Unwrap => Some(Attribute::Unwrap(false)), + _ => { + debug!("private_key: type_ unimplemented: {:?}", type_); + None + } + }, + Object::Profile(id) => match type_ { + AttributeType::Class => Some(Attribute::Class(CKO_PROFILE)), + AttributeType::ProfileId => Some(Attribute::ProfileId(*id)), + AttributeType::Token => Some(Attribute::Token(true)), + AttributeType::Private => Some(Attribute::Private(true)), + _ => { + debug!("profile: type_ unimplemented: {:?}", type_); + None + } + }, + Object::PublicKey(pk) => match type_ { + AttributeType::Class => Some(Attribute::Class(CKO_PUBLIC_KEY)), + AttributeType::Label => Some(Attribute::Label(pk.label())), + AttributeType::Modulus => { + let key = pk.to_der(); + let key = RsaPublicKey::from_der(&key).unwrap(); + Some(Attribute::Modulus(key.modulus.as_bytes().to_vec())) + } + AttributeType::PublicExponent => { + let key = pk.to_der(); + let key = RsaPublicKey::from_der(&key).unwrap(); + Some(Attribute::Modulus(key.public_exponent.as_bytes().to_vec())) + } + AttributeType::KeyType => Some(Attribute::KeyType(match pk.algorithm() { + KeyAlgorithm::Rsa => CKK_RSA, + KeyAlgorithm::Ecc => CKK_EC, + })), + AttributeType::Id => Some(Attribute::Id( + crate::core::compoundid::encode(&crate::core::compoundid::Id { + label: Some(pk.label()), + hash: pk.public_key_hash(), + }) + .ok()?, + )), + AttributeType::EcPoint => { + if pk.algorithm() != KeyAlgorithm::Ecc { + return None; + } + let wrapped = OctetString::new(pk.to_der()).ok()?; + Some(Attribute::EcPoint(wrapped.to_der().ok()?)) + } + AttributeType::EcParams => { + Some(Attribute::EcParams(p256::NistP256::OID.to_der().ok()?)) + } + _ => { + debug!("public_key: type_ unimplemented: {:?}", type_); + None + } + }, + Object::DataObject(data) => match type_ { + AttributeType::Class => Some(Attribute::Class(CKO_DATA)), + AttributeType::Id => Some(Attribute::Id( + crate::core::compoundid::encode(&crate::core::compoundid::Id { + label: Some(data.label()), + hash: data.data_hash(), + }) + .ok()?, + )), + // TODO(BGR) we should hold zeroizable values here + AttributeType::Value => Some(Attribute::Value(data.value().to_vec())), + AttributeType::Application => Some(Attribute::Application(data.application())), + AttributeType::Private => Some(Attribute::Private(true)), + AttributeType::Label => Some(Attribute::Label(data.label())), + _ => { + debug!("Data object: type_ unimplemented: {:?}", type_); + None + } + }, + Object::RemoteObjectId(remote_object_id) => match type_ { + AttributeType::Id => Some(Attribute::Id( + remote_object_id.remote_id().as_bytes().to_vec(), + )), + _ => { + debug!("Remote object id: type_ unimplemented: {:?}", type_); + None + } + }, + }; + debug!("attribute: {:?} => {:?}", type_, attribute); + attribute + } + + #[must_use] + pub fn matches(&self, others: &Attributes) -> bool { + if let Some(class) = others.get(AttributeType::Class) { + if *class != self.attribute(AttributeType::Class).unwrap() { + return false; + } + } + for other in &**others { + if let Some(attr) = self.attribute(other.attribute_type()) { + if *other != attr { + return false; + } + } else { + return false; + } + } + true + } +} diff --git a/crate/pkcs11/module/src/error.rs b/crate/pkcs11/module/src/error.rs new file mode 100644 index 000000000..2a2b3ddd6 --- /dev/null +++ b/crate/pkcs11/module/src/error.rs @@ -0,0 +1,151 @@ +// Copyright 2024 Cosmian Tech SAS +// Changes made to the original code are +// licensed under the Business Source License version 1.1. +// +// Original code: +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +use pkcs11_sys::{ + CKR_ARGUMENTS_BAD, CKR_ATTRIBUTE_TYPE_INVALID, CKR_ATTRIBUTE_VALUE_INVALID, + CKR_BUFFER_TOO_SMALL, CKR_CRYPTOKI_ALREADY_INITIALIZED, CKR_CRYPTOKI_NOT_INITIALIZED, + CKR_FUNCTION_NOT_PARALLEL, CKR_FUNCTION_NOT_SUPPORTED, CKR_GENERAL_ERROR, + CKR_KEY_HANDLE_INVALID, CKR_MECHANISM_INVALID, CKR_NEED_TO_CREATE_THREADS, + CKR_OBJECT_HANDLE_INVALID, CKR_OPERATION_NOT_INITIALIZED, CKR_RANDOM_NO_RNG, + CKR_SESSION_HANDLE_INVALID, CKR_SESSION_PARALLEL_NOT_SUPPORTED, CKR_SLOT_ID_INVALID, + CKR_TOKEN_WRITE_PROTECTED, CK_ATTRIBUTE_TYPE, CK_MECHANISM_TYPE, CK_OBJECT_HANDLE, CK_RV, + CK_SESSION_HANDLE, CK_SLOT_ID, +}; +use thiserror::Error; + +use crate::core::attribute::AttributeType; + +pub type MResult = Result; + +#[derive(Error, Debug)] +pub enum MError { + // Cryptoki errors. + #[error("arguments bad")] + ArgumentsBad, + + #[error("{0} is not a valid attribute type")] + AttributeTypeInvalid(CK_ATTRIBUTE_TYPE), + + #[error("the value for attribute {0} is invalid")] + AttributeValueInvalid(AttributeType), + + #[error("buffer too small")] + BufferTooSmall, + + #[error("cryptoki module has already been initialized")] + CryptokiAlreadyInitialized, + + #[error("cryptoki module has not been initialized")] + CryptokiNotInitialized, + + #[error("function not parallel")] + FunctionNotParallel, + + #[error("function not supported")] + FunctionNotSupported, + + #[error("key handle {0} is invalid")] + KeyHandleInvalid(CK_OBJECT_HANDLE), + + #[error("module cannot function without being able to spawn threads")] + NeedToCreateThreads, + + #[error("{0} is not a valid mechanism")] + MechanismInvalid(CK_MECHANISM_TYPE), + + #[error("object {0} is invalid")] + ObjectHandleInvalid(CK_OBJECT_HANDLE), + + #[error("operation has not been initialized")] + OperationNotInitialized, + + #[error("no random number generator")] + RandomNoRng, + + #[error("session handle {0} is invalid")] + SessionHandleInvalid(CK_SESSION_HANDLE), + + #[error("token does not support parallel sessions")] + SessionParallelNotSupported, + + #[error("slot id {0} is invalid")] + SlotIdInvalid(CK_SLOT_ID), + + #[error("token is write protected")] + TokenWriteProtected, + + // Other errors. + #[error("{0}")] + FromUtf8(#[from] std::string::FromUtf8Error), + + #[error("{0}")] + FromVecWithNul(#[from] std::ffi::FromVecWithNulError), + + #[error("null pointer error")] + NullPtr, + + #[error("{0}")] + TryFromInt(#[from] std::num::TryFromIntError), + + #[error("{0}")] + TryFromSlice(#[from] std::array::TryFromSliceError), + + // Catch-all for backend-related errors. + #[error("{0}")] + Backend(#[from] Box), + + #[error("{0}")] + Bincode(#[from] Box), + + #[error("{0}")] + Todo(String), +} + +impl From for CK_RV { + fn from(e: MError) -> Self { + match e { + MError::ArgumentsBad => CKR_ARGUMENTS_BAD, + MError::AttributeTypeInvalid(_) => CKR_ATTRIBUTE_TYPE_INVALID, + MError::AttributeValueInvalid(_) => CKR_ATTRIBUTE_VALUE_INVALID, + MError::BufferTooSmall => CKR_BUFFER_TOO_SMALL, + MError::CryptokiAlreadyInitialized => CKR_CRYPTOKI_ALREADY_INITIALIZED, + MError::CryptokiNotInitialized => CKR_CRYPTOKI_NOT_INITIALIZED, + MError::FunctionNotParallel => CKR_FUNCTION_NOT_PARALLEL, + MError::FunctionNotSupported => CKR_FUNCTION_NOT_SUPPORTED, + MError::KeyHandleInvalid(_) => CKR_KEY_HANDLE_INVALID, + MError::MechanismInvalid(_) => CKR_MECHANISM_INVALID, + MError::NeedToCreateThreads => CKR_NEED_TO_CREATE_THREADS, + MError::ObjectHandleInvalid(_) => CKR_OBJECT_HANDLE_INVALID, + MError::OperationNotInitialized => CKR_OPERATION_NOT_INITIALIZED, + MError::RandomNoRng => CKR_RANDOM_NO_RNG, + MError::SessionHandleInvalid(_) => CKR_SESSION_HANDLE_INVALID, + MError::SessionParallelNotSupported => CKR_SESSION_PARALLEL_NOT_SUPPORTED, + MError::SlotIdInvalid(_) => CKR_SLOT_ID_INVALID, + MError::TokenWriteProtected => CKR_TOKEN_WRITE_PROTECTED, + + MError::Backend(_) + | MError::Bincode(_) + | MError::FromUtf8(_) + | MError::FromVecWithNul(_) + | MError::NullPtr + | MError::Todo(_) + | MError::TryFromInt(_) + | MError::TryFromSlice(_) => CKR_GENERAL_ERROR, + } + } +} diff --git a/crate/pkcs11/module/src/lib.rs b/crate/pkcs11/module/src/lib.rs new file mode 100644 index 000000000..a1c4bd1e8 --- /dev/null +++ b/crate/pkcs11/module/src/lib.rs @@ -0,0 +1,1176 @@ +// Copyright 2024 Cosmian Tech SAS +// Changes made to the original code are +// licensed under the Business Source License version 1.1. +// +// Original code: +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#![allow(non_snake_case)] +#![allow(clippy::missing_safety_doc)] +#![deny(unsafe_op_in_unsafe_fn)] +//avoid renaming all unused parameters with _ in all unused functions +#![allow(unused_variables)] + +use core::{ + attribute::{Attribute, Attributes}, + mechanism::{parse_mechanism, SUPPORTED_SIGNATURE_MECHANISMS}, + object::Object, +}; +use std::{ + cmp, slice, + sync::atomic::{AtomicBool, Ordering}, +}; + +use log::debug; +use pkcs11_sys::{ + CKF_HW_SLOT, CKF_PROTECTED_AUTHENTICATION_PATH, CKF_RNG, CKF_RW_SESSION, CKF_SERIAL_SESSION, + CKF_SIGN, CKF_TOKEN_INITIALIZED, CKF_TOKEN_PRESENT, CKF_USER_PIN_INITIALIZED, + CKF_WRITE_PROTECTED, CKS_RO_USER_FUNCTIONS, CKS_RW_USER_FUNCTIONS, CK_ATTRIBUTE_PTR, CK_BBOOL, + CK_BYTE_PTR, CK_C_INITIALIZE_ARGS_PTR, CK_FLAGS, CK_FUNCTION_LIST, CK_INFO, CK_INFO_PTR, + CK_MECHANISM_INFO, CK_MECHANISM_INFO_PTR, CK_MECHANISM_PTR, CK_MECHANISM_TYPE, + CK_MECHANISM_TYPE_PTR, CK_NOTIFY, CK_OBJECT_HANDLE, CK_OBJECT_HANDLE_PTR, CK_SESSION_HANDLE, + CK_SESSION_HANDLE_PTR, CK_SESSION_INFO, CK_SESSION_INFO_PTR, CK_SLOT_ID, CK_SLOT_ID_PTR, + CK_SLOT_INFO, CK_SLOT_INFO_PTR, CK_TOKEN_INFO, CK_TOKEN_INFO_PTR, CK_ULONG, CK_ULONG_PTR, + CK_UNAVAILABLE_INFORMATION, CK_USER_TYPE, CK_UTF8CHAR_PTR, CK_VERSION, CK_VOID_PTR, + CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR, +}; +pub use pkcs11_sys::{CKR_OK, CK_FUNCTION_LIST_PTR_PTR, CK_RV}; +use rand::RngCore; +use tracing::{info, trace}; + +use crate::{sessions::SignContext, traits::backend}; + +pub mod core; +mod error; + +pub use error::{MError, MResult}; + +use crate::{core::attribute::AttributeType, sessions::DecryptContext, traits::RemoteObjectType}; + +mod sessions; +#[cfg(test)] +mod tests; +pub mod traits; + +const SLOT_DESCRIPTION: &[u8; 64] = + b"Platform Cryptography Support "; +const SLOT_ID: CK_SLOT_ID = 1; + +static INITIALIZED: AtomicBool = AtomicBool::new(false); + +fn result_to_rv(name: &str, f: F) -> CK_RV +where + F: FnOnce() -> MResult<()>, +{ + match f() { + Ok(()) => CKR_OK, + Err(e) => { + tracing::error!("{}: {}", name, e); + e.into() + } + } +} + +#[macro_export] +macro_rules! cryptoki_fn { + (fn $name:ident ( $($arg:ident : $type:ty),* $(,)?) $body:block) => { + #[tracing::instrument(level = tracing::Level::TRACE, ret)] + #[no_mangle] + pub extern "C" fn $name($($arg: $type),*) -> CK_RV { + result_to_rv(stringify!($name), || $body) + } + }; + (unsafe fn $name:ident ( $($arg:ident : $type:ty),* $(,)?) $body:block) => { + #[tracing::instrument(level = tracing::Level::TRACE, ret)] + #[no_mangle] + pub unsafe extern "C" fn $name($($arg: $type),*) -> CK_RV { + result_to_rv(stringify!($name), || $body) + } + }; +} + +macro_rules! cryptoki_fn_not_supported { + ($name:ident, $($arg:ident: $type:ty),*) => { + cryptoki_fn!(fn $name($($arg: $type),*) {Err(MError::FunctionNotSupported)}); + }; +} + +#[macro_export] +macro_rules! not_null { + ($ptr:expr) => { + if $ptr.is_null() { + return Err(MError::ArgumentsBad); + } + }; +} + +macro_rules! initialized { + () => { + if INITIALIZED.load(Ordering::SeqCst) == false { + return Err(MError::CryptokiNotInitialized); + } + }; +} + +macro_rules! valid_session { + ($handle:expr) => { + if !sessions::exists($handle) { + return Err(MError::SessionHandleInvalid($handle)); + } + }; +} + +macro_rules! valid_slot { + ($id:expr) => { + if $id != SLOT_ID { + return Err(MError::SlotIdInvalid($id)); + } + }; +} + +pub static mut FUNC_LIST: CK_FUNCTION_LIST = CK_FUNCTION_LIST { + // In this structure 'version' is the cryptoki specification version number. The major and minor + // versions must be set to 0x02 and 0x28 indicating a version 2.40 compatible structure. + version: CK_VERSION { major: 2, minor: 4 }, + C_Initialize: Some(C_Initialize), + C_Finalize: Some(C_Finalize), + C_GetInfo: Some(C_GetInfo), + C_GetFunctionList: None, + C_GetSlotList: Some(C_GetSlotList), + C_GetSlotInfo: Some(C_GetSlotInfo), + C_GetTokenInfo: Some(C_GetTokenInfo), + C_GetMechanismList: Some(C_GetMechanismList), + C_GetMechanismInfo: Some(C_GetMechanismInfo), + C_InitToken: Some(C_InitToken), + C_InitPIN: Some(C_InitPIN), + C_SetPIN: Some(C_SetPIN), + C_OpenSession: Some(C_OpenSession), + C_CloseSession: Some(C_CloseSession), + C_CloseAllSessions: Some(C_CloseAllSessions), + C_GetSessionInfo: Some(C_GetSessionInfo), + C_GetOperationState: Some(C_GetOperationState), + C_SetOperationState: Some(C_SetOperationState), + C_Login: Some(C_Login), + C_Logout: Some(C_Logout), + C_CreateObject: Some(C_CreateObject), + C_CopyObject: Some(C_CopyObject), + C_DestroyObject: Some(C_DestroyObject), + C_GetObjectSize: Some(C_GetObjectSize), + C_GetAttributeValue: Some(C_GetAttributeValue), + C_SetAttributeValue: Some(C_SetAttributeValue), + C_FindObjectsInit: Some(C_FindObjectsInit), + C_FindObjects: Some(C_FindObjects), + C_FindObjectsFinal: Some(C_FindObjectsFinal), + C_EncryptInit: Some(C_EncryptInit), + C_Encrypt: Some(C_Encrypt), + C_EncryptUpdate: Some(C_EncryptUpdate), + C_EncryptFinal: Some(C_EncryptFinal), + C_DecryptInit: Some(C_DecryptInit), + C_Decrypt: Some(C_Decrypt), + C_DecryptUpdate: Some(C_DecryptUpdate), + C_DecryptFinal: Some(C_DecryptFinal), + C_DigestInit: Some(C_DigestInit), + C_Digest: Some(C_Digest), + C_DigestUpdate: Some(C_DigestUpdate), + C_DigestKey: Some(C_DigestKey), + C_DigestFinal: Some(C_DigestFinal), + C_SignInit: Some(C_SignInit), + C_Sign: Some(C_Sign), + C_SignUpdate: Some(C_SignUpdate), + C_SignFinal: Some(C_SignFinal), + C_SignRecoverInit: Some(C_SignRecoverInit), + C_SignRecover: Some(C_SignRecover), + C_VerifyInit: Some(C_VerifyInit), + C_Verify: Some(C_Verify), + C_VerifyUpdate: Some(C_VerifyUpdate), + C_VerifyFinal: Some(C_VerifyFinal), + C_VerifyRecoverInit: Some(C_VerifyRecoverInit), + C_VerifyRecover: Some(C_VerifyRecover), + C_DigestEncryptUpdate: Some(C_DigestEncryptUpdate), + C_DecryptDigestUpdate: Some(C_DecryptDigestUpdate), + C_SignEncryptUpdate: Some(C_SignEncryptUpdate), + C_DecryptVerifyUpdate: Some(C_DecryptVerifyUpdate), + C_GenerateKey: Some(C_GenerateKey), + C_GenerateKeyPair: Some(C_GenerateKeyPair), + C_WrapKey: Some(C_WrapKey), + C_UnwrapKey: Some(C_UnwrapKey), + C_DeriveKey: Some(C_DeriveKey), + C_SeedRandom: Some(C_SeedRandom), + C_GenerateRandom: Some(C_GenerateRandom), + C_GetFunctionStatus: Some(C_GetFunctionStatus), + C_CancelFunction: Some(C_CancelFunction), + C_WaitForSlotEvent: Some(C_WaitForSlotEvent), +}; + +cryptoki_fn!( + fn C_Initialize(pInitArgs: CK_VOID_PTR) { + if !pInitArgs.is_null() { + let args = unsafe { *(pInitArgs as CK_C_INITIALIZE_ARGS_PTR) }; + if !args.pReserved.is_null() { + return Err(MError::ArgumentsBad); + } + } + if INITIALIZED.swap(true, Ordering::SeqCst) { + return Err(MError::CryptokiAlreadyInitialized); + } + Ok(()) + } +); + +cryptoki_fn!( + fn C_Finalize(pReserved: CK_VOID_PTR) { + initialized!(); + if !pReserved.is_null() { + return Err(MError::ArgumentsBad); + } + INITIALIZED.store(false, Ordering::SeqCst); + Ok(()) + } +); + +cryptoki_fn!( + unsafe fn C_GetInfo(pInfo: CK_INFO_PTR) { + initialized!(); + not_null!(pInfo); + let backend = backend(); + let info = CK_INFO { + cryptokiVersion: CK_VERSION { + major: CRYPTOKI_VERSION_MAJOR, + minor: CRYPTOKI_VERSION_MINOR, + }, + manufacturerID: backend.token_manufacturer_id(), + flags: 0, + libraryDescription: backend.library_description(), + libraryVersion: CK_VERSION { + major: backend.library_version().major, + minor: backend.library_version().minor, + }, + }; + unsafe { *pInfo = info }; + Ok(()) + } +); + +cryptoki_fn!( + unsafe fn C_GetSlotList( + _tokenPresent: CK_BBOOL, + pSlotList: CK_SLOT_ID_PTR, + pulCount: CK_ULONG_PTR, + ) { + initialized!(); + not_null!(pulCount); + if !pSlotList.is_null() { + if unsafe { *pulCount } < 1 { + return Err(MError::BufferTooSmall); + } + // TODO: this should be an array. + unsafe { *pSlotList = SLOT_ID }; + } + unsafe { *pulCount = 1 }; + Ok(()) + } +); + +cryptoki_fn!( + unsafe fn C_GetSlotInfo(slotID: CK_SLOT_ID, pInfo: CK_SLOT_INFO_PTR) { + initialized!(); + valid_slot!(slotID); + not_null!(pInfo); + let backend = backend(); + let info = CK_SLOT_INFO { + slotDescription: *SLOT_DESCRIPTION, + manufacturerID: backend.token_manufacturer_id(), + flags: CKF_TOKEN_PRESENT, + hardwareVersion: CK_VERSION { + major: backend.library_version().major, + minor: backend.library_version().minor, + }, + firmwareVersion: CK_VERSION { + major: backend.library_version().major, + minor: backend.library_version().minor, + }, + }; + unsafe { *pInfo = info }; + Ok(()) + } +); + +cryptoki_fn!( + unsafe fn C_GetTokenInfo(slotID: CK_SLOT_ID, pInfo: CK_TOKEN_INFO_PTR) { + initialized!(); + valid_slot!(slotID); + not_null!(pInfo); + + let backend = backend(); + + let info = CK_TOKEN_INFO { + label: backend.token_label(), + manufacturerID: backend.token_manufacturer_id(), + model: backend.token_model(), + serialNumber: backend.token_serial_number(), + flags: CKF_TOKEN_INITIALIZED + | CKF_PROTECTED_AUTHENTICATION_PATH + | CKF_WRITE_PROTECTED + | CKF_USER_PIN_INITIALIZED + | CKF_RNG + | CKF_HW_SLOT, /* systemd-cryptenroll() requires this to be an hardware slot to + * be detected by auto */ + ulMaxSessionCount: CK_UNAVAILABLE_INFORMATION, + ulSessionCount: CK_UNAVAILABLE_INFORMATION, + ulMaxRwSessionCount: CK_UNAVAILABLE_INFORMATION, + ulRwSessionCount: CK_UNAVAILABLE_INFORMATION, + ulTotalPublicMemory: CK_UNAVAILABLE_INFORMATION, + ulFreePublicMemory: CK_UNAVAILABLE_INFORMATION, + ulTotalPrivateMemory: CK_UNAVAILABLE_INFORMATION, + ulFreePrivateMemory: CK_UNAVAILABLE_INFORMATION, + // TODO: populate all fields. + ..Default::default() + }; + unsafe { *pInfo = info }; + Ok(()) + } +); + +cryptoki_fn!( + unsafe fn C_GetMechanismList( + slotID: CK_SLOT_ID, + pMechanismList: CK_MECHANISM_TYPE_PTR, + pulCount: CK_ULONG_PTR, + ) { + initialized!(); + not_null!(pulCount); + valid_slot!(slotID); + if !pMechanismList.is_null() { + if (unsafe { *pulCount } as usize) < SUPPORTED_SIGNATURE_MECHANISMS.len() { + unsafe { *pulCount = SUPPORTED_SIGNATURE_MECHANISMS.len() as CK_ULONG }; + return Err(MError::BufferTooSmall); + } + unsafe { + slice::from_raw_parts_mut(pMechanismList, SUPPORTED_SIGNATURE_MECHANISMS.len()) + } + .copy_from_slice(SUPPORTED_SIGNATURE_MECHANISMS); + } + unsafe { *pulCount = SUPPORTED_SIGNATURE_MECHANISMS.len() as CK_ULONG }; + Ok(()) + } +); + +cryptoki_fn!( + unsafe fn C_GetMechanismInfo( + slotID: CK_SLOT_ID, + mechType: CK_MECHANISM_TYPE, + pInfo: CK_MECHANISM_INFO_PTR, + ) { + initialized!(); + valid_slot!(slotID); + not_null!(pInfo); + if !SUPPORTED_SIGNATURE_MECHANISMS.contains(&mechType) { + return Err(MError::MechanismInvalid(mechType)); + } + let info = CK_MECHANISM_INFO { + flags: CKF_SIGN, + ..Default::default() + }; + unsafe { *pInfo = info }; + Ok(()) + } +); + +cryptoki_fn!( + fn C_InitToken( + slotID: CK_SLOT_ID, + _pPin: CK_UTF8CHAR_PTR, + _ulPinLen: CK_ULONG, + _pLabel: CK_UTF8CHAR_PTR, + ) { + initialized!(); + valid_slot!(slotID); + Err(MError::TokenWriteProtected) + } +); + +cryptoki_fn!( + fn C_InitPIN(hSession: CK_SESSION_HANDLE, _pPin: CK_UTF8CHAR_PTR, _ulPinLen: CK_ULONG) { + initialized!(); + valid_session!(hSession); + Err(MError::TokenWriteProtected) + } +); + +cryptoki_fn!( + fn C_SetPIN( + hSession: CK_SESSION_HANDLE, + _pOldPin: CK_UTF8CHAR_PTR, + _ulOldLen: CK_ULONG, + _pNewPin: CK_UTF8CHAR_PTR, + _ulNewLen: CK_ULONG, + ) { + initialized!(); + valid_session!(hSession); + Err(MError::TokenWriteProtected) + } +); + +cryptoki_fn!( + unsafe fn C_OpenSession( + slotID: CK_SLOT_ID, + flags: CK_FLAGS, + _pApplication: CK_VOID_PTR, + _Notify: CK_NOTIFY, + phSession: CK_SESSION_HANDLE_PTR, + ) { + initialized!(); + valid_slot!(slotID); + not_null!(phSession); + if flags & CKF_SERIAL_SESSION == 0 { + return Err(MError::SessionParallelNotSupported); + } + unsafe { *phSession = sessions::create(flags) }; + Ok(()) + } +); + +cryptoki_fn!( + fn C_CloseSession(hSession: CK_SESSION_HANDLE) { + initialized!(); + if sessions::close(hSession) { + return Ok(()); + } + Err(MError::SessionHandleInvalid(hSession)) + } +); + +cryptoki_fn!( + fn C_CloseAllSessions(slotID: CK_SLOT_ID) { + initialized!(); + valid_slot!(slotID); + sessions::close_all(); + Ok(()) + } +); + +cryptoki_fn!( + unsafe fn C_GetSessionInfo(hSession: CK_SESSION_HANDLE, pInfo: CK_SESSION_INFO_PTR) { + initialized!(); + valid_session!(hSession); + not_null!(pInfo); + let flags = sessions::flags(hSession); + let state = if flags & CKF_RW_SESSION == 0 { + CKS_RO_USER_FUNCTIONS + } else { + CKS_RW_USER_FUNCTIONS + }; + let info = CK_SESSION_INFO { + slotID: SLOT_ID, + state, + flags, + ulDeviceError: 0, + }; + unsafe { *pInfo = info }; + Ok(()) + } +); + +cryptoki_fn_not_supported!( + C_GetOperationState, + hSession: CK_SESSION_HANDLE, + pOperationState: CK_BYTE_PTR, + pulOperationStateLen: CK_ULONG_PTR +); + +cryptoki_fn_not_supported!( + C_SetOperationState, + hSession: CK_SESSION_HANDLE, + pOperationState: CK_BYTE_PTR, + ulOperationStateLen: CK_ULONG, + hEncryptionKey: CK_OBJECT_HANDLE, + hAuthenticationKey: CK_OBJECT_HANDLE +); + +cryptoki_fn!( + fn C_Login( + hSession: CK_SESSION_HANDLE, + _userType: CK_USER_TYPE, + _pPin: CK_UTF8CHAR_PTR, + _ulPinLen: CK_ULONG, + ) { + initialized!(); + valid_session!(hSession); + Ok(()) + } +); + +cryptoki_fn!( + fn C_Logout(hSession: CK_SESSION_HANDLE) { + initialized!(); + valid_session!(hSession); + Ok(()) + } +); + +cryptoki_fn_not_supported!( + C_CreateObject, + hSession: CK_SESSION_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + phObject: CK_OBJECT_HANDLE_PTR +); + +cryptoki_fn_not_supported!( + C_CopyObject, + hSession: CK_SESSION_HANDLE, + hObject: CK_OBJECT_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + phNewObject: CK_OBJECT_HANDLE_PTR +); + +cryptoki_fn_not_supported!( + C_DestroyObject, + hSession: CK_SESSION_HANDLE, + hObject: CK_OBJECT_HANDLE +); + +cryptoki_fn_not_supported!( + C_GetObjectSize, + hSession: CK_SESSION_HANDLE, + hObject: CK_OBJECT_HANDLE, + pulSize: CK_ULONG_PTR +); + +cryptoki_fn!( + unsafe fn C_GetAttributeValue( + hSession: CK_SESSION_HANDLE, + hObject: CK_OBJECT_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + ) { + initialized!(); + valid_session!(hSession); + not_null!(pTemplate); + trace!( + "C_GetAttributeValue: session: {:?}, object: {:?}", + hSession, + hObject + ); + sessions::session(hSession, |session| -> MResult<()> { + let object_store = &session + .find_ctx + .as_ref() + .ok_or_else(|| MError::OperationNotInitialized)? + .objects; + let object = match object_store.get(hObject as usize) { + Some(object) => object, + None => { + return Err(MError::ObjectHandleInvalid(hObject)); + } + }; + let template = if ulCount > 0 { + if pTemplate.is_null() { + return Err(MError::ArgumentsBad); + } + unsafe { slice::from_raw_parts_mut(pTemplate, ulCount as usize) } + } else { + &mut [] + }; + for attribute in template.iter_mut() { + let type_: AttributeType = attribute + .type_ + .try_into() + .map_err(|_| MError::AttributeTypeInvalid(attribute.type_))?; + if let Some(value) = object.attribute(type_) { + let value = value.as_raw_value(); + attribute.ulValueLen = value.len() as CK_ULONG; + if attribute.pValue.is_null() { + continue; + } + if (attribute.ulValueLen as usize) < value.len() { + continue; + } + unsafe { + slice::from_raw_parts_mut(attribute.pValue.cast::(), value.len()) + } + .copy_from_slice(&value); + } else { + attribute.ulValueLen = CK_UNAVAILABLE_INFORMATION; + } + info!( + "C_GetAttributeValue: session: {:?}, object: {:?},type: {:?}", + hSession, + hObject, + type_.to_string(), + ); + debug!("C_GetAttributeValue: attribute: {:?}", attribute); + } + Ok(()) + }) + } +); + +cryptoki_fn_not_supported!( + C_SetAttributeValue, + hSession: CK_SESSION_HANDLE, + hObject: CK_OBJECT_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG +); + +cryptoki_fn!( + unsafe fn C_FindObjectsInit( + hSession: CK_SESSION_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + ) { + initialized!(); + valid_session!(hSession); + + let template: Attributes = unsafe { slice::from_raw_parts(pTemplate, ulCount as usize) } + .iter() + .map(|attr| (*attr).try_into()) + .collect::>>()? + .into(); + + sessions::session(hSession, |session| -> MResult<()> { + session.load_find_context(template) + }) + } +); + +cryptoki_fn!( + unsafe fn C_FindObjects( + hSession: CK_SESSION_HANDLE, + phObject: CK_OBJECT_HANDLE_PTR, + ulMaxObjectCount: CK_ULONG, + pulObjectCount: CK_ULONG_PTR, + ) { + initialized!(); + valid_session!(hSession); + not_null!(phObject); + not_null!(pulObjectCount); + sessions::session(hSession, |session| -> MResult<()> { + let find_ctx = match &mut session.find_ctx { + Some(find_ctx) => find_ctx, + None => { + unsafe { *pulObjectCount = 0 }; + return Err(MError::OperationNotInitialized); + } + }; + debug!( + "C_FindObjects: objects still available: {:?}", + find_ctx.unread_indexes + ); + if find_ctx.unread_indexes.is_empty() { + info!("C_FindObjects: no more objects to return"); + unsafe { *pulObjectCount = 0 }; + return Ok(()); + } + let max_objects = cmp::min(find_ctx.objects.len(), ulMaxObjectCount as usize); + let handles = find_ctx + .unread_indexes + .drain(0..max_objects) + .collect::>(); + info!("C_FindObjects: returning {} objects", handles.len()); + let output = unsafe { slice::from_raw_parts_mut(phObject, max_objects) }; + output.copy_from_slice(handles.as_slice()); + unsafe { *pulObjectCount = max_objects as CK_ULONG }; + Ok(()) + }) + } +); + +cryptoki_fn!( + fn C_FindObjectsFinal(hSession: CK_SESSION_HANDLE) { + initialized!(); + valid_session!(hSession); + sessions::session(hSession, |session| -> MResult<()> { + // re-initialize the find context unread indexes + let find_ctx = session + .find_ctx + .as_mut() + .ok_or(MError::OperationNotInitialized)?; + find_ctx.unread_indexes = find_ctx + .objects + .iter() + .enumerate() + .map(|(i, _)| i as CK_OBJECT_HANDLE) + .collect(); + Ok(()) + }) + } +); + +cryptoki_fn_not_supported!( + C_EncryptInit, + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE +); + +cryptoki_fn_not_supported!( + C_Encrypt, + hSession: CK_SESSION_HANDLE, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pEncryptedData: CK_BYTE_PTR, + pulEncryptedDataLen: CK_ULONG_PTR +); + +cryptoki_fn_not_supported!( + C_EncryptUpdate, + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + pEncryptedPart: CK_BYTE_PTR, + pulEncryptedPartLen: CK_ULONG_PTR +); + +cryptoki_fn_not_supported!( + C_EncryptFinal, + hSession: CK_SESSION_HANDLE, + pLastEncryptedPart: CK_BYTE_PTR, + pulLastEncryptedPartLen: CK_ULONG_PTR +); + +cryptoki_fn!( + unsafe fn C_DecryptInit( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) { + initialized!(); + valid_session!(hSession); + not_null!(pMechanism); + sessions::session(hSession, |session| -> MResult<()> { + let mechanism = unsafe { parse_mechanism(pMechanism.read()) }?; + let object_store = &session + .find_ctx + .as_ref() + .ok_or(MError::OperationNotInitialized)? + .objects; + match object_store.get(hKey as usize) { + Some(Object::RemoteObjectId(remote_object)) => match remote_object.remote_type() { + RemoteObjectType::PublicKey | RemoteObjectType::Certificate => { + Err(MError::KeyHandleInvalid(hKey)) + } + RemoteObjectType::PrivateKey | RemoteObjectType::SymmetricKey => { + debug!( + "C_DecryptInit: session: {:?}, remote_object: {:?}, mechanism: {:?}", + hSession, &remote_object, &mechanism + ); + session.decrypt_ctx = Some(DecryptContext { + remote_object: remote_object.clone(), + algorithm: mechanism.into(), + ciphertext: None, + }); + Ok(()) + } + }, + Some(_) | None => Err(MError::KeyHandleInvalid(hKey)), + } + }) + } +); + +cryptoki_fn!( + unsafe fn C_Decrypt( + hSession: CK_SESSION_HANDLE, + pEncryptedData: CK_BYTE_PTR, + ulEncryptedDataLen: CK_ULONG, + pData: CK_BYTE_PTR, + pulDataLen: CK_ULONG_PTR, + ) { + initialized!(); + valid_session!(hSession); + if ulEncryptedDataLen == 0 { + return Err(MError::ArgumentsBad); + } + not_null!(pEncryptedData); + not_null!(pData); + not_null!(pulDataLen); + sessions::session(hSession, |session| -> MResult<()> { + let encrypted_data = + unsafe { slice::from_raw_parts(pEncryptedData, ulEncryptedDataLen as usize) }; + unsafe { + debug!( + "C_Decrypt: session: {:?}, encrypted_data_len: {:?}, cleartext_len: {:?}, \ + ciphertext: {:?}", + hSession, + encrypted_data.len(), + *pulDataLen as usize, + hex::encode(encrypted_data) + ); + } + unsafe { session.decrypt(encrypted_data.to_vec(), pData, pulDataLen) }?; + Ok(()) + }) + } +); + +cryptoki_fn!( + unsafe fn C_DecryptUpdate( + hSession: CK_SESSION_HANDLE, + pEncryptedPart: CK_BYTE_PTR, + ulEncryptedPartLen: CK_ULONG, + pPart: CK_BYTE_PTR, + pulPartLen: CK_ULONG_PTR, + ) { + initialized!(); + valid_session!(hSession); + if ulEncryptedPartLen == 0 { + return Err(MError::ArgumentsBad); + } + not_null!(pEncryptedPart); + not_null!(pPart); + not_null!(pulPartLen); + Err(MError::FunctionNotSupported) + } +); + +cryptoki_fn!( + unsafe fn C_DecryptFinal( + hSession: CK_SESSION_HANDLE, + pLastPart: CK_BYTE_PTR, + pulLastPartLen: CK_ULONG_PTR, + ) { + initialized!(); + valid_session!(hSession); + not_null!(pLastPart); + not_null!(pulLastPartLen); + Err(MError::FunctionNotSupported) + } +); + +cryptoki_fn_not_supported!( + C_DigestInit, + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR +); + +cryptoki_fn_not_supported!( + C_Digest, + hSession: CK_SESSION_HANDLE, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pDigest: CK_BYTE_PTR, + pulDigestLen: CK_ULONG_PTR +); + +cryptoki_fn_not_supported!( + C_DigestUpdate, + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG +); + +cryptoki_fn_not_supported!( + C_DigestKey, + hSession: CK_SESSION_HANDLE, + hKey: CK_OBJECT_HANDLE +); + +cryptoki_fn_not_supported!( + C_DigestFinal, + hSession: CK_SESSION_HANDLE, + pDigest: CK_BYTE_PTR, + pulDigestLen: CK_ULONG_PTR +); + +cryptoki_fn!( + unsafe fn C_SignInit( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) { + initialized!(); + valid_session!(hSession); + not_null!(pMechanism); + sessions::session(hSession, |session| -> MResult<()> { + let object_store = &session + .find_ctx + .as_ref() + .ok_or(MError::OperationNotInitialized)? + .objects; + let private_key = match object_store.get(hKey as usize) { + Some(Object::PrivateKey(private_key)) => private_key, + Some(_) | None => return Err(MError::KeyHandleInvalid(hKey)), + }; + let mechanism = unsafe { parse_mechanism(pMechanism.read()) }?; + session.sign_ctx = Some(SignContext { + algorithm: mechanism.into(), + private_key: private_key.clone(), + payload: None, + }); + Ok(()) + }) + } +); + +cryptoki_fn!( + unsafe fn C_Sign( + hSession: CK_SESSION_HANDLE, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + pulSignatureLen: CK_ULONG_PTR, + ) { + initialized!(); + valid_session!(hSession); + not_null!(pData); + not_null!(pulSignatureLen); + sessions::session(hSession, |session| -> MResult<()> { + let data = unsafe { slice::from_raw_parts(pData, ulDataLen as usize) }; + unsafe { session.sign(Some(data), pSignature, pulSignatureLen) }?; + Ok(()) + }) + } +); + +cryptoki_fn!( + unsafe fn C_SignUpdate(hSession: CK_SESSION_HANDLE, pPart: CK_BYTE_PTR, ulPartLen: CK_ULONG) { + initialized!(); + valid_session!(hSession); + not_null!(pPart); + sessions::session(hSession, |session| -> MResult<()> { + let sign_ctx = match session.sign_ctx.as_mut() { + None => return Err(MError::OperationNotInitialized), + Some(sign_ctx) => sign_ctx, + }; + sign_ctx + .payload + .get_or_insert(vec![]) + .extend_from_slice(unsafe { slice::from_raw_parts(pPart, ulPartLen as usize) }); + Ok(()) + }) + } +); + +cryptoki_fn!( + unsafe fn C_SignFinal( + hSession: CK_SESSION_HANDLE, + pSignature: CK_BYTE_PTR, + pulSignatureLen: CK_ULONG_PTR, + ) { + initialized!(); + valid_session!(hSession); + not_null!(pSignature); + not_null!(pulSignatureLen); + sessions::session(hSession, |session| -> MResult<()> { + unsafe { session.sign(None, pSignature, pulSignatureLen) }?; + Ok(()) + }) + } +); + +cryptoki_fn_not_supported!( + C_SignRecoverInit, + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE +); + +cryptoki_fn_not_supported!( + C_SignRecover, + hSession: CK_SESSION_HANDLE, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + pulSignatureLen: CK_ULONG_PTR +); + +cryptoki_fn_not_supported!( + C_VerifyInit, + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE +); + +cryptoki_fn_not_supported!( + C_Verify, + hSession: CK_SESSION_HANDLE, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + ulSignatureLen: CK_ULONG +); + +cryptoki_fn_not_supported!( + C_VerifyUpdate, + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG +); + +cryptoki_fn_not_supported!( + C_VerifyFinal, + hSession: CK_SESSION_HANDLE, + pSignature: CK_BYTE_PTR, + ulSignatureLen: CK_ULONG +); + +cryptoki_fn_not_supported!( + C_VerifyRecoverInit, + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE +); + +cryptoki_fn_not_supported!( + C_VerifyRecover, + hSession: CK_SESSION_HANDLE, + pSignature: CK_BYTE_PTR, + ulSignatureLen: CK_ULONG, + pData: CK_BYTE_PTR, + pulDataLen: CK_ULONG_PTR +); + +cryptoki_fn_not_supported!( + C_DigestEncryptUpdate, + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + pEncryptedPart: CK_BYTE_PTR, + pulEncryptedPartLen: CK_ULONG_PTR +); + +cryptoki_fn_not_supported!( + C_DecryptDigestUpdate, + hSession: CK_SESSION_HANDLE, + pEncryptedPart: CK_BYTE_PTR, + ulEncryptedPartLen: CK_ULONG, + pPart: CK_BYTE_PTR, + pulPartLen: CK_ULONG_PTR +); + +cryptoki_fn_not_supported!( + C_SignEncryptUpdate, + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + pEncryptedPart: CK_BYTE_PTR, + pulEncryptedPartLen: CK_ULONG_PTR +); + +cryptoki_fn_not_supported!( + C_DecryptVerifyUpdate, + hSession: CK_SESSION_HANDLE, + pEncryptedPart: CK_BYTE_PTR, + ulEncryptedPartLen: CK_ULONG, + pPart: CK_BYTE_PTR, + pulPartLen: CK_ULONG_PTR +); + +cryptoki_fn_not_supported!( + C_GenerateKey, + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + phKey: CK_OBJECT_HANDLE_PTR +); + +cryptoki_fn_not_supported!( + C_GenerateKeyPair, + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + pPublicKeyTemplate: CK_ATTRIBUTE_PTR, + ulPublicKeyAttributeCount: CK_ULONG, + pPrivateKeyTemplate: CK_ATTRIBUTE_PTR, + ulPrivateKeyAttributeCount: CK_ULONG, + phPublicKey: CK_OBJECT_HANDLE_PTR, + phPrivateKey: CK_OBJECT_HANDLE_PTR +); + +cryptoki_fn_not_supported!( + C_WrapKey, + hSession: CK_SESSION_HANDLE, + _pMechanism: CK_MECHANISM_PTR, + _hWrappingKey: CK_OBJECT_HANDLE, + _hKey: CK_OBJECT_HANDLE, + _pWrappedKey: CK_BYTE_PTR, + _pulWrappedKeyLen: CK_ULONG_PTR +); + +cryptoki_fn_not_supported!( + C_UnwrapKey, + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hUnwrappingKey: CK_OBJECT_HANDLE, + pWrappedKey: CK_BYTE_PTR, + ulWrappedKeyLen: CK_ULONG, + pTemplate: CK_ATTRIBUTE_PTR, + ulAttributeCount: CK_ULONG, + phKey: CK_OBJECT_HANDLE_PTR +); + +cryptoki_fn_not_supported!( + C_DeriveKey, + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hBaseKey: CK_OBJECT_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulAttributeCount: CK_ULONG, + phKey: CK_OBJECT_HANDLE_PTR +); + +cryptoki_fn!( + fn C_SeedRandom(hSession: CK_SESSION_HANDLE, pSeed: CK_BYTE_PTR, _ulSeedLen: CK_ULONG) { + initialized!(); + valid_session!(hSession); + not_null!(pSeed); + Err(MError::RandomNoRng) + } +); + +cryptoki_fn!( + unsafe fn C_GenerateRandom( + hSession: CK_SESSION_HANDLE, + pRandomData: CK_BYTE_PTR, + ulRandomLen: CK_ULONG, + ) { + initialized!(); + valid_session!(hSession); + not_null!(pRandomData); + let mut bytes = vec![0; ulRandomLen as usize]; + let mut rng = rand::thread_rng(); + rng.fill_bytes(&mut bytes); + unsafe { slice::from_raw_parts_mut(pRandomData, ulRandomLen as usize) } + .copy_from_slice(&bytes); + trace!("Generated random: {}", hex::encode(&bytes)); + Ok(()) + } +); + +cryptoki_fn!( + fn C_GetFunctionStatus(hSession: CK_SESSION_HANDLE) { + initialized!(); + valid_session!(hSession); + Err(MError::FunctionNotParallel) + } +); + +cryptoki_fn!( + fn C_CancelFunction(hSession: CK_SESSION_HANDLE) { + initialized!(); + valid_session!(hSession); + Err(MError::FunctionNotParallel) + } +); + +cryptoki_fn_not_supported!( + C_WaitForSlotEvent, + flags: CK_FLAGS, + pSlot: CK_SLOT_ID_PTR, + pReserved: CK_VOID_PTR +); diff --git a/crate/pkcs11/module/src/sessions.rs b/crate/pkcs11/module/src/sessions.rs new file mode 100644 index 000000000..0b8e35be4 --- /dev/null +++ b/crate/pkcs11/module/src/sessions.rs @@ -0,0 +1,253 @@ +// Copyright 2024 Cosmian Tech SAS +// Changes made to the original code are +// licensed under the Business Source License version 1.1. +// +// Original code: +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +use std::{ + collections::HashMap, + sync::{self, atomic::Ordering, Arc}, +}; + +use once_cell::sync::Lazy; +use pkcs11_sys::{ + CK_BYTE_PTR, CK_FLAGS, CK_OBJECT_HANDLE, CK_SESSION_HANDLE, CK_ULONG, CK_ULONG_PTR, +}; +use tracing::{debug, error, info}; + +use crate::{ + core::{attribute::Attributes, object::Object}, + traits::{backend, EncryptionAlgorithm, RemoteObjectId, SearchOptions}, +}; +use crate::{ + // object_store::ObjectStore, + traits::{PrivateKey, SignatureAlgorithm}, + MError, + MResult, +}; + +// "Valid session handles in Cryptoki always have nonzero values." +#[cfg(not(target_os = "windows"))] +static NEXT_SESSION_HANDLE: sync::atomic::AtomicU64 = sync::atomic::AtomicU64::new(1); +#[cfg(target_os = "windows")] +static NEXT_SESSION_HANDLE: sync::atomic::AtomicU32 = sync::atomic::AtomicU32::new(1); + +type SessionMap = HashMap; + +static SESSIONS: Lazy> = Lazy::new(Default::default); +// pub static OBJECT_STORE: Lazy> = Lazy::new(Default::default); + +#[derive(Debug)] +pub struct FindContext { + /// The PKCS#11 objects manipulated by this context. + pub objects: Vec, + /// The indexes that have not yet been read by C_FindObjects + pub unread_indexes: Vec, +} + +#[derive(Debug)] +pub struct SignContext { + pub algorithm: SignatureAlgorithm, + pub private_key: Arc, + /// Payload stored for multipart C_SignUpdate operations. + pub payload: Option>, +} + +#[derive(Debug)] +pub struct DecryptContext { + pub remote_object: Arc, + pub algorithm: EncryptionAlgorithm, + /// Ciphertext stored for multipart C_DecryptUpdate operations. + pub ciphertext: Option>, +} + +impl Session { + /// Sign the provided data, or stored payload if data is not provided. + pub unsafe fn sign( + &mut self, + data: Option<&[u8]>, + pSignature: CK_BYTE_PTR, + pulSignatureLen: CK_ULONG_PTR, + ) -> MResult<()> { + let sign_ctx = match self.sign_ctx.as_mut() { + Some(sign_ctx) => sign_ctx, + None => return Err(MError::OperationNotInitialized), + }; + let data = data + .or(sign_ctx.payload.as_deref()) + .ok_or(MError::OperationNotInitialized)?; + let signature = match sign_ctx.private_key.sign(&sign_ctx.algorithm, data) { + Ok(sig) => sig, + Err(e) => { + tracing::error!("signature failed: {e:?}"); + return Err(MError::ArgumentsBad); + } + }; + if !pSignature.is_null() { + // TODO(bweeks): This will cause a second sign call when this function is + // called again with an appropriately-sized buffer. Do we really need to + // sign twice for ECDSA? Consider storing the signature in the ctx for the next + // call. + if (unsafe { *pulSignatureLen } as usize) < signature.len() { + return Err(MError::BufferTooSmall); + } + unsafe { std::slice::from_raw_parts_mut(pSignature, signature.len()) } + .copy_from_slice(&signature); + self.sign_ctx = None; + } + unsafe { *pulSignatureLen = signature.len().try_into().unwrap() }; + Ok(()) + } + + pub unsafe fn decrypt( + &mut self, + ciphertext: Vec, + pData: CK_BYTE_PTR, + pulDataLen: CK_ULONG_PTR, + ) -> MResult<()> { + let decrypt_ctx = match self.decrypt_ctx.as_mut() { + Some(decrypt_ctx) => decrypt_ctx, + None => return Err(MError::OperationNotInitialized), + }; + let cleartext = backend().decrypt( + decrypt_ctx.remote_object.clone(), + decrypt_ctx.algorithm, + ciphertext, + )?; + if !pData.is_null() { + if (unsafe { *pulDataLen } as usize) < cleartext.len() { + return Err(MError::BufferTooSmall); + } + unsafe { std::slice::from_raw_parts_mut(pData, cleartext.len()) } + .copy_from_slice(&cleartext); + unsafe { *pulDataLen = cleartext.len() as CK_ULONG }; + self.decrypt_ctx = None; + } + Ok(()) + } +} + +#[derive(Default, Debug)] +pub struct Session { + flags: CK_FLAGS, + pub find_ctx: Option, + pub sign_ctx: Option, + pub decrypt_ctx: Option, +} + +impl Session { + pub fn load_find_context(&mut self, template: Attributes) -> MResult<()> { + if template.is_empty() { + error!("load_find_context: empty template"); + return Err(MError::ArgumentsBad); + } + let search_class = template.get_class()?; + let search_options = SearchOptions::try_from(&template)?; + debug!( + "load_find_context: loading for class: {:?} and options: {:?} from template {:?}", + search_class, search_options, template + ); + match search_options { + SearchOptions::All => { + let objects: Vec = match search_class { + pkcs11_sys::CKO_CERTIFICATE => { + template.ensure_X509_or_none()?; + backend() + .find_all_certificates()? + .into_iter() + .map(Object::Certificate) + .collect() + } + pkcs11_sys::CKO_PUBLIC_KEY => backend() + .find_all_public_keys()? + .into_iter() + .map(Object::PublicKey) + .collect(), + pkcs11_sys::CKO_PRIVATE_KEY => backend() + .find_all_private_keys()? + .into_iter() + .map(Object::RemoteObjectId) + .collect(), + pkcs11_sys::CKO_DATA => backend() + .find_all_data_objects()? + .into_iter() + .map(Object::DataObject) + .collect(), + o => return Err(MError::Todo(format!("Object not supported: {o}"))), + }; + info!( + "load_find_context: found {} objects for search class {}", + objects.len(), + search_class + ); + let indexes = objects + .iter() + .enumerate() + .map(|(i, _)| i as CK_OBJECT_HANDLE) + .collect(); + self.find_ctx = Some(FindContext { + objects, + unread_indexes: indexes, + }); + } + SearchOptions::Label(_) => { + todo!("load_find_context: search by label") + } + SearchOptions::Id(_) => { + todo!("load_find_context: search by id") + } + } + + Ok(()) + } +} + +pub fn create(flags: CK_FLAGS) -> CK_SESSION_HANDLE { + let handle = NEXT_SESSION_HANDLE.fetch_add(1, Ordering::SeqCst); + SESSIONS.lock().unwrap().insert( + handle, + Session { + flags, + ..Default::default() + }, + ); + handle +} + +pub fn exists(handle: CK_SESSION_HANDLE) -> bool { + SESSIONS.lock().unwrap().contains_key(&handle) +} + +pub fn flags(handle: CK_SESSION_HANDLE) -> CK_FLAGS { + SESSIONS.lock().unwrap().get(&handle).unwrap().flags +} + +pub fn session(h: CK_SESSION_HANDLE, callback: F) -> MResult<()> +where + F: FnOnce(&mut Session) -> MResult<()>, +{ + let mut session_map = SESSIONS.lock().unwrap(); + let session = &mut session_map.get_mut(&h).unwrap(); + callback(session) +} + +pub fn close(handle: CK_SESSION_HANDLE) -> bool { + SESSIONS.lock().unwrap().remove(&handle).is_some() +} + +pub fn close_all() { + SESSIONS.lock().unwrap().clear(); +} diff --git a/crate/pkcs11/module/src/tests.rs b/crate/pkcs11/module/src/tests.rs new file mode 100644 index 000000000..be8c2c954 --- /dev/null +++ b/crate/pkcs11/module/src/tests.rs @@ -0,0 +1,654 @@ +use std::{ + ptr, + ptr::addr_of_mut, + sync::{Arc, Once}, +}; + +use pkcs11_sys::{ + CKA_CLASS, CKM_DSA, CKO_PRIVATE_KEY, CKR_ARGUMENTS_BAD, CKR_BUFFER_TOO_SMALL, + CKR_CRYPTOKI_ALREADY_INITIALIZED, CKR_CRYPTOKI_NOT_INITIALIZED, CKR_FUNCTION_NOT_PARALLEL, + CKR_MECHANISM_INVALID, CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_HANDLE_INVALID, + CKR_SESSION_PARALLEL_NOT_SUPPORTED, CKR_SLOT_ID_INVALID, CK_ATTRIBUTE, CK_C_INITIALIZE_ARGS, + CK_FALSE, CK_INVALID_HANDLE, +}; +use serial_test::serial; +use tracing::Level; +use tracing_subscriber::FmtSubscriber; +use zeroize::Zeroizing; + +use super::*; +use crate::traits::{ + register_backend, Backend, Certificate, DataObject, EncryptionAlgorithm, KeyAlgorithm, + PrivateKey, PublicKey, RemoteObjectId, SearchOptions, Version, +}; + +static TRACING_INIT: Once = Once::new(); +pub fn initialize_logging() { + TRACING_INIT.call_once(|| { + let subscriber = FmtSubscriber::builder() + .with_max_level(Level::INFO) // Adjust the level as needed + .with_writer(std::io::stdout) + .finish(); + tracing::subscriber::set_global_default(subscriber) + .expect("Setting default subscriber failed"); + }); +} + +struct TestBackend {} + +impl Backend for TestBackend { + fn token_label(&self) -> [u8; 32] { + *b"Foo software token " + } + + fn token_manufacturer_id(&self) -> [u8; 32] { + *b"Foo manufacturer id " + } + + fn token_model(&self) -> [u8; 16] { + *b"Foo model " + } + + fn token_serial_number(&self) -> [u8; 16] { + *b"1234567890abcdef" + } + + fn library_description(&self) -> [u8; 32] { + *b"Foo PKCS#11 library " + } + + fn library_version(&self) -> Version { + Version { major: 1, minor: 0 } + } + + fn find_certificate(&self, _query: SearchOptions) -> MResult>> { + Ok(None) + } + + fn find_all_certificates(&self) -> MResult>> { + Ok(vec![]) + } + + fn find_private_key(&self, _query: SearchOptions) -> MResult>> { + Ok(None) + } + + fn find_public_key(&self, _query: SearchOptions) -> MResult>> { + Ok(None) + } + + fn find_all_private_keys(&self) -> MResult>> { + Ok(vec![]) + } + + fn find_all_public_keys(&self) -> MResult>> { + Ok(vec![]) + } + + fn find_data_object(&self, _query: SearchOptions) -> MResult>> { + Ok(None) + } + + fn find_all_data_objects(&self) -> MResult>> { + Ok(vec![]) + } + + fn generate_key( + &self, + _algorithm: KeyAlgorithm, + _label: Option<&str>, + ) -> MResult> { + todo!() + } + + fn decrypt( + &self, + _remote_object: Arc, + _algorithm: EncryptionAlgorithm, + _data: Vec, + ) -> MResult>> { + Ok(Zeroizing::new(Vec::new())) + } +} + +cryptoki_fn!( + unsafe fn C_GetFunctionList(ppFunctionList: CK_FUNCTION_LIST_PTR_PTR) { + not_null!(ppFunctionList); + unsafe { *ppFunctionList = addr_of_mut!(FUNC_LIST) }; + register_backend(Box::new(TestBackend {})); + Ok(()) + } +); + +pub fn test_init() { + initialize_logging(); + if !INITIALIZED.load(Ordering::SeqCst) { + let mut func_list: &mut CK_FUNCTION_LIST = &mut CK_FUNCTION_LIST { + ..Default::default() + }; + // Update the function list with this PKCS#11 entry function + func_list.C_GetFunctionList = Some(C_GetFunctionList); + unsafe { C_GetFunctionList(std::ptr::addr_of_mut!(func_list) as *mut _) }; + } +} + +#[test] +#[serial] +fn get_initialize() { + test_init(); + assert_eq!({ C_Initialize(ptr::null_mut()) }, CKR_OK); + assert_eq!( + { C_Initialize(ptr::null_mut()) }, + CKR_CRYPTOKI_ALREADY_INITIALIZED + ); + assert_eq!({ C_Finalize(ptr::null_mut()) }, CKR_OK); + let mut args = CK_C_INITIALIZE_ARGS::default(); + assert_eq!( + { C_Initialize((&mut args as CK_C_INITIALIZE_ARGS_PTR).cast::()) }, + CKR_OK + ); + assert_eq!({ C_Finalize(ptr::null_mut()) }, CKR_OK); + // Expect CKR_ARGUMENTS_BAD if pReserved is not null. + args.pReserved = (1 as *mut u32).cast::(); + assert_eq!( + { C_Initialize((&mut args as CK_C_INITIALIZE_ARGS_PTR).cast::()) }, + CKR_ARGUMENTS_BAD + ); +} + +#[test] +#[serial] +fn finalize() { + test_init(); + assert_eq!({ C_Initialize(ptr::null_mut()) }, CKR_OK); + // Expect CKR_ARGUMENTS_BAD if pReserved is not null. + assert_eq!( + { C_Finalize((1 as *mut u32).cast::()) }, + CKR_ARGUMENTS_BAD + ); + assert_eq!({ C_Finalize(ptr::null_mut()) }, CKR_OK); + assert_eq!( + { C_Finalize(ptr::null_mut()) }, + CKR_CRYPTOKI_NOT_INITIALIZED + ); +} + +#[test] +#[serial] +fn get_info() { + test_init(); + assert_eq!({ C_Initialize(ptr::null_mut()) }, CKR_OK); + let mut info = CK_INFO::default(); + assert_eq!(unsafe { C_GetInfo(&mut info) }, CKR_OK); + // Expect CKR_ARGUMENTS_BAD if pInfo is null. + assert_eq!(unsafe { C_GetInfo(ptr::null_mut()) }, CKR_ARGUMENTS_BAD); + // Expect CKR_CRYPTOKI_NOT_INITIALIZED if token is not initialized. + assert_eq!({ C_Finalize(ptr::null_mut()) }, CKR_OK); + assert_eq!( + unsafe { C_GetInfo(&mut info) }, + CKR_CRYPTOKI_NOT_INITIALIZED + ); +} + +#[test] +#[serial] +fn get_function_list() { + test_init(); + let mut function_list = CK_FUNCTION_LIST::default(); + let mut function_list_pointer: *mut CK_FUNCTION_LIST = &mut function_list; + assert_eq!( + unsafe { C_GetFunctionList(&mut function_list_pointer) }, + CKR_OK + ); + // Expect CKR_ARGUMENTS_BAD if ppFunctionList is null. + assert_eq!( + unsafe { C_GetFunctionList(ptr::null_mut()) }, + CKR_ARGUMENTS_BAD + ); +} + +#[test] +#[serial] +fn get_slot_list() { + test_init(); + assert_eq!({ C_Initialize(ptr::null_mut()) }, CKR_OK); + let mut count = 0; + assert_eq!( + unsafe { C_GetSlotList(CK_FALSE, ptr::null_mut(), &mut count) }, + CKR_OK + ); + assert_eq!(count, 1); + // Expect CKR_ARGUMENTS_BAD if pulCount is null. + assert_eq!( + unsafe { C_GetSlotList(CK_FALSE, ptr::null_mut(), ptr::null_mut()) }, + CKR_ARGUMENTS_BAD + ); + // Expect CKR_BUFFER_TOO_SMALL if pulCount is less than the number of + // slots. + let mut count = 0; + let mut slot_list = vec![0; 0]; + assert_eq!( + unsafe { C_GetSlotList(CK_FALSE, slot_list.as_mut_ptr(), &mut count) }, + CKR_BUFFER_TOO_SMALL + ); + // Expect CKR_CRYPTOKI_NOT_INITIALIZED if token is not initialized. + assert_eq!({ C_Finalize(ptr::null_mut()) }, CKR_OK); + assert_eq!( + unsafe { C_GetSlotList(CK_FALSE, ptr::null_mut(), &mut count) }, + CKR_CRYPTOKI_NOT_INITIALIZED + ); +} + +#[test] +#[serial] +fn get_slot_info() { + test_init(); + assert_eq!({ C_Initialize(ptr::null_mut()) }, CKR_OK); + let mut slot_info = CK_SLOT_INFO::default(); + assert_eq!(unsafe { C_GetSlotInfo(SLOT_ID, &mut slot_info) }, CKR_OK); + // Expect CKR_ARGUMENTS_BAD if pInfo is null. + assert_eq!( + unsafe { C_GetSlotInfo(SLOT_ID, ptr::null_mut()) }, + CKR_ARGUMENTS_BAD + ); + // Expect CKR_SLOT_ID_INVALID if slotID references a nonexistent slot. + assert_eq!( + unsafe { C_GetSlotInfo(SLOT_ID + 1, ptr::null_mut()) }, + CKR_SLOT_ID_INVALID + ); + // Expect CKR_CRYPTOKI_NOT_INITIALIZED if token is not initialized. + assert_eq!({ C_Finalize(ptr::null_mut()) }, CKR_OK); + assert_eq!( + unsafe { C_GetSlotInfo(SLOT_ID, &mut slot_info) }, + CKR_CRYPTOKI_NOT_INITIALIZED + ); +} + +#[test] +#[serial] +fn get_token_info() { + test_init(); + assert_eq!({ C_Initialize(ptr::null_mut()) }, CKR_OK); + assert_eq!( + unsafe { C_GetTokenInfo(SLOT_ID, &mut CK_TOKEN_INFO::default()) }, + CKR_OK + ); + // Expect CKR_SLOT_ID_INVALID if slotID references a nonexistent slot. + assert_eq!( + unsafe { C_GetTokenInfo(SLOT_ID + 1, ptr::null_mut()) }, + CKR_SLOT_ID_INVALID + ); + // Expect CKR_ARGUMENTS_BAD if pInfo is null. + assert_eq!( + unsafe { C_GetSlotInfo(SLOT_ID, ptr::null_mut()) }, + CKR_ARGUMENTS_BAD + ); + // Expect CKR_CRYPTOKI_NOT_INITIALIZED if token is not initialized. + assert_eq!({ C_Finalize(ptr::null_mut()) }, CKR_OK); + assert_eq!( + unsafe { C_GetTokenInfo(SLOT_ID, &mut CK_TOKEN_INFO::default()) }, + CKR_CRYPTOKI_NOT_INITIALIZED + ); +} + +#[test] +#[serial] +fn get_mechanism_list() { + test_init(); + assert_eq!({ C_Initialize(ptr::null_mut()) }, CKR_OK); + let mut count = 0; + assert_eq!( + unsafe { C_GetMechanismList(SLOT_ID, ptr::null_mut(), &mut count) }, + CKR_OK + ); + assert_ne!(count, 0); + let mut mechanisms = Vec::::with_capacity(count as usize); + assert_eq!( + unsafe { C_GetMechanismList(SLOT_ID, mechanisms.as_mut_ptr(), &mut count) }, + CKR_OK + ); + unsafe { + mechanisms.set_len(count as usize); + } + assert_eq!(mechanisms, *SUPPORTED_SIGNATURE_MECHANISMS); + // Expect CKR_SLOT_ID_INVALID if slotID references a nonexistent slot. + assert_eq!( + unsafe { C_GetMechanismList(SLOT_ID + 1, ptr::null_mut(), &mut count) }, + CKR_SLOT_ID_INVALID + ); + // Expect CKR_ARGUMENTS_BAD if pulCount is null. + assert_eq!( + unsafe { C_GetMechanismList(SLOT_ID, ptr::null_mut(), ptr::null_mut()) }, + CKR_ARGUMENTS_BAD + ); + // Expect CKR_BUFFER_TOO_SMALL if pulCount is less than the number of + // mechanisms. + assert_eq!( + unsafe { C_GetMechanismList(SLOT_ID, mechanisms.as_mut_ptr(), &mut (count - 1)) }, + CKR_BUFFER_TOO_SMALL + ); + // Expect CKR_CRYPTOKI_NOT_INITIALIZED if token is not initialized. + assert_eq!({ C_Finalize(ptr::null_mut()) }, CKR_OK); + assert_eq!( + unsafe { C_GetMechanismList(SLOT_ID, ptr::null_mut(), ptr::null_mut()) }, + CKR_CRYPTOKI_NOT_INITIALIZED + ); +} + +#[test] +#[serial] +fn get_mechanism_info() { + test_init(); + assert_eq!({ C_Initialize(ptr::null_mut()) }, CKR_OK); + let mut info = CK_MECHANISM_INFO::default(); + assert_eq!( + unsafe { C_GetMechanismInfo(SLOT_ID, SUPPORTED_SIGNATURE_MECHANISMS[0], &mut info,) }, + CKR_OK + ); + // Expect CKR_MECHANISM_INVALID if type is an unsupported mechanism. + assert_eq!( + unsafe { C_GetMechanismInfo(SLOT_ID, CKM_DSA, &mut info) }, + CKR_MECHANISM_INVALID + ); + // Expect CKR_ARGUMENTS_BAD if pInfo is null. + assert_eq!( + unsafe { C_GetMechanismInfo(SLOT_ID, SUPPORTED_SIGNATURE_MECHANISMS[0], ptr::null_mut(),) }, + CKR_ARGUMENTS_BAD + ); + // Expect CKR_CRYPTOKI_NOT_INITIALIZED if token is not initialized. + assert_eq!({ C_Finalize(ptr::null_mut()) }, CKR_OK); + assert_eq!( + unsafe { C_GetMechanismInfo(SLOT_ID, SUPPORTED_SIGNATURE_MECHANISMS[0], ptr::null_mut(),) }, + CKR_CRYPTOKI_NOT_INITIALIZED + ); +} + +#[test] +#[serial] +fn open_session() { + test_init(); + assert_eq!({ C_Initialize(ptr::null_mut()) }, CKR_OK); + let flags = CKF_SERIAL_SESSION; + let mut handle = CK_INVALID_HANDLE; + assert_eq!( + unsafe { C_OpenSession(SLOT_ID, flags, ptr::null_mut(), None, &mut handle) }, + CKR_OK + ); + // Expect CKR_SLOT_ID_INVALID if slotID references a nonexistent slot. + assert_eq!( + unsafe { C_OpenSession(SLOT_ID + 1, flags, ptr::null_mut(), None, &mut handle,) }, + CKR_SLOT_ID_INVALID + ); + // Expect CKR_SESSION_PARALLEL_NOT_SUPPORTED if CKF_SERIAL_SESSION flag + // is not set. + assert_eq!( + unsafe { C_OpenSession(SLOT_ID, 0, ptr::null_mut(), None, &mut handle) }, + CKR_SESSION_PARALLEL_NOT_SUPPORTED + ); + // Expect CKR_ARGUMENTS_BAD if phSession is null. + assert_eq!( + unsafe { C_OpenSession(SLOT_ID, flags, ptr::null_mut(), None, ptr::null_mut(),) }, + CKR_ARGUMENTS_BAD + ); + assert_eq!({ C_CloseSession(handle) }, CKR_OK); + assert_eq!({ C_Finalize(ptr::null_mut()) }, CKR_OK); +} + +#[test] +#[serial] +fn close_session() { + test_init(); + assert_eq!({ C_Initialize(ptr::null_mut()) }, CKR_OK); + let mut handle = CK_INVALID_HANDLE; + assert_eq!( + unsafe { + C_OpenSession( + SLOT_ID, + CKF_SERIAL_SESSION, + ptr::null_mut(), + None, + &mut handle, + ) + }, + CKR_OK + ); + assert_eq!({ C_CloseSession(handle) }, CKR_OK); + // Expect CKR_SESSION_HANDLE_INVALID if the session has already been closed. + assert_eq!({ C_CloseSession(handle) }, CKR_SESSION_HANDLE_INVALID); + // Expect CKR_SESSION_HANDLE_INVALID if hSession is not a valid handle. + assert_eq!( + { C_CloseSession(CK_INVALID_HANDLE) }, + CKR_SESSION_HANDLE_INVALID + ); + assert_eq!({ C_Finalize(ptr::null_mut()) }, CKR_OK); +} + +#[test] +#[serial] +fn get_session_info() { + test_init(); + assert_eq!({ C_Initialize(ptr::null_mut()) }, CKR_OK); + let mut handle = CK_INVALID_HANDLE; + assert_eq!( + unsafe { + C_OpenSession( + SLOT_ID, + CKF_SERIAL_SESSION, + ptr::null_mut(), + None, + &mut handle, + ) + }, + CKR_OK + ); + let mut session_info = CK_SESSION_INFO::default(); + assert_eq!( + unsafe { C_GetSessionInfo(handle, &mut session_info) }, + CKR_OK + ); + // Expect CKR_SESSION_HANDLE_INVALID if hSession is not a valid handle. + assert_eq!( + unsafe { C_GetSessionInfo(CK_INVALID_HANDLE, &mut session_info) }, + CKR_SESSION_HANDLE_INVALID + ); + // Expect CKR_ARGUMENTS_BAD if pInfo is null. + assert_eq!( + unsafe { C_GetSessionInfo(handle, ptr::null_mut()) }, + CKR_ARGUMENTS_BAD + ); + assert_eq!({ C_CloseSession(handle) }, CKR_OK); + assert_eq!({ C_Finalize(ptr::null_mut()) }, CKR_OK); +} + +#[test] +#[serial] +fn get_attribute_value() { + test_init(); + assert_eq!({ C_Initialize(ptr::null_mut()) }, CKR_OK); + let mut session_h = CK_INVALID_HANDLE; + assert_eq!( + unsafe { + C_OpenSession( + SLOT_ID, + CKF_SERIAL_SESSION, + ptr::null_mut(), + None, + &mut session_h, + ) + }, + CKR_OK + ); + let mut template = vec![CK_ATTRIBUTE::default()]; + assert_eq!( + unsafe { + C_GetAttributeValue( + session_h, + CK_INVALID_HANDLE, + template.as_mut_ptr(), + template.len() as CK_ULONG, + ) + }, + CKR_OPERATION_NOT_INITIALIZED + ); + assert_eq!({ C_Finalize(ptr::null_mut()) }, CKR_OK); + assert_eq!( + unsafe { C_GetAttributeValue(session_h, 0, template.as_mut_ptr(), 0) }, + CKR_CRYPTOKI_NOT_INITIALIZED + ); +} + +#[test] +#[serial] +fn find_objects_init() { + test_init(); + assert_eq!({ C_Initialize(ptr::null_mut()) }, CKR_OK); + let mut handle = CK_INVALID_HANDLE; + assert_eq!( + unsafe { + C_OpenSession( + SLOT_ID, + CKF_SERIAL_SESSION, + ptr::null_mut(), + None, + &mut handle, + ) + }, + CKR_OK + ); + let mut template = vec![CK_ATTRIBUTE { + type_: CKA_CLASS, + pValue: &CKO_PRIVATE_KEY as *const CK_ULONG as CK_VOID_PTR, + ulValueLen: std::mem::size_of_val(&CKO_PRIVATE_KEY) as CK_ULONG, + }]; + assert_eq!( + unsafe { C_FindObjectsInit(handle, template.as_mut_ptr(), template.len() as CK_ULONG) }, + CKR_OK + ); + assert_eq!({ C_Finalize(ptr::null_mut()) }, CKR_OK); + assert_eq!( + unsafe { C_FindObjectsInit(handle, template.as_mut_ptr(), template.len() as CK_ULONG) }, + CKR_CRYPTOKI_NOT_INITIALIZED + ); +} + +#[test] +#[serial] +fn find_objects() { + test_init(); + assert_eq!({ C_Initialize(ptr::null_mut()) }, CKR_OK); + let mut handle = CK_INVALID_HANDLE; + assert_eq!( + unsafe { + C_OpenSession( + SLOT_ID, + CKF_SERIAL_SESSION, + ptr::null_mut(), + None, + &mut handle, + ) + }, + CKR_OK + ); + let mut template = vec![CK_ATTRIBUTE { + type_: CKA_CLASS, + pValue: &CKO_PRIVATE_KEY as *const CK_ULONG as CK_VOID_PTR, + ulValueLen: std::mem::size_of_val(&CKO_PRIVATE_KEY) as CK_ULONG, + }]; + assert_eq!( + unsafe { C_FindObjectsInit(handle, template.as_mut_ptr(), template.len() as CK_ULONG) }, + CKR_OK + ); + let mut objects = vec![CK_OBJECT_HANDLE::default()]; + let mut count = 0; + assert_eq!( + unsafe { C_FindObjects(handle, objects.as_mut_ptr(), 1, &mut count) }, + CKR_OK + ); + assert_eq!(count, 0); + assert_eq!({ C_Finalize(ptr::null_mut()) }, CKR_OK); + assert_eq!( + unsafe { C_FindObjects(handle, ptr::null_mut(), 0, ptr::null_mut()) }, + CKR_CRYPTOKI_NOT_INITIALIZED + ); +} + +#[test] +#[serial] +fn find_objects_final() { + test_init(); + assert_eq!({ C_Initialize(ptr::null_mut()) }, CKR_OK); + let mut handle = CK_INVALID_HANDLE; + assert_eq!( + unsafe { + C_OpenSession( + SLOT_ID, + CKF_SERIAL_SESSION, + ptr::null_mut(), + None, + &mut handle, + ) + }, + CKR_OK + ); + let mut template = vec![CK_ATTRIBUTE { + type_: CKA_CLASS, + pValue: &CKO_PRIVATE_KEY as *const CK_ULONG as CK_VOID_PTR, + ulValueLen: std::mem::size_of_val(&CKO_PRIVATE_KEY) as CK_ULONG, + }]; + assert_eq!( + unsafe { C_FindObjectsInit(handle, template.as_mut_ptr(), template.len() as CK_ULONG) }, + CKR_OK + ); + assert_eq!({ C_FindObjectsFinal(handle) }, CKR_OK); + assert_eq!({ C_Finalize(ptr::null_mut()) }, CKR_OK); + assert_eq!({ C_FindObjectsFinal(handle) }, CKR_CRYPTOKI_NOT_INITIALIZED); +} +#[test] +#[serial] +fn get_function_status() { + test_init(); + assert_eq!({ C_Initialize(ptr::null_mut()) }, CKR_OK); + let mut session_h = CK_INVALID_HANDLE; + assert_eq!( + unsafe { + C_OpenSession( + SLOT_ID, + CKF_SERIAL_SESSION, + ptr::null_mut(), + None, + &mut session_h, + ) + }, + CKR_OK + ); + assert_eq!( + { C_GetFunctionStatus(session_h) }, + CKR_FUNCTION_NOT_PARALLEL + ); + assert_eq!({ C_Finalize(ptr::null_mut()) }, CKR_OK); +} + +#[test] +#[serial] +fn cancel_function() { + test_init(); + assert_eq!({ C_Initialize(ptr::null_mut()) }, CKR_OK); + let mut session_h = CK_INVALID_HANDLE; + assert_eq!( + unsafe { + C_OpenSession( + SLOT_ID, + CKF_SERIAL_SESSION, + ptr::null_mut(), + None, + &mut session_h, + ) + }, + CKR_OK + ); + assert_eq!( + { C_GetFunctionStatus(session_h) }, + CKR_FUNCTION_NOT_PARALLEL + ); + assert_eq!({ C_Finalize(ptr::null_mut()) }, CKR_OK); +} diff --git a/crate/pkcs11/module/src/traits/backend.rs b/crate/pkcs11/module/src/traits/backend.rs new file mode 100644 index 000000000..6b3dc78b8 --- /dev/null +++ b/crate/pkcs11/module/src/traits/backend.rs @@ -0,0 +1,65 @@ +use std::sync::{Arc, RwLock}; + +use once_cell::sync::Lazy; +use zeroize::Zeroizing; + +use crate::{ + traits::{ + Certificate, DataObject, EncryptionAlgorithm, KeyAlgorithm, PrivateKey, PublicKey, + RemoteObjectId, SearchOptions, Version, + }, + MResult, +}; + +// The Backend is first staged so it can be stored in a Box. This +// allows the Backend to be reference with `&'static`. +static STAGED_BACKEND: RwLock>> = RwLock::new(None); +static BACKEND: Lazy> = + Lazy::new(|| STAGED_BACKEND.write().unwrap().take().unwrap()); + +/// Stores a backend to later be returned by all calls `crate::backend()`. +pub fn register_backend(backend: Box) { + *STAGED_BACKEND.write().unwrap() = Some(backend); +} + +pub fn backend() -> &'static dyn Backend { + BACKEND.as_ref() +} + +pub trait Backend: Send + Sync { + /// The token label + /// e.g. + /// `*b"Foo software token "` + fn token_label(&self) -> [u8; 32]; + /// The id of the manufacturer of the token + fn token_manufacturer_id(&self) -> [u8; 32]; + /// The model of the token + fn token_model(&self) -> [u8; 16]; + /// The serial number of the token + fn token_serial_number(&self) -> [u8; 16]; + /// The description of this library + fn library_description(&self) -> [u8; 32]; + /// The version of this library + fn library_version(&self) -> Version; + + fn find_certificate(&self, query: SearchOptions) -> MResult>>; + fn find_all_certificates(&self) -> MResult>>; + fn find_private_key(&self, query: SearchOptions) -> MResult>>; + fn find_public_key(&self, query: SearchOptions) -> MResult>>; + fn find_all_private_keys(&self) -> MResult>>; + fn find_all_public_keys(&self) -> MResult>>; + fn find_data_object(&self, query: SearchOptions) -> MResult>>; + fn find_all_data_objects(&self) -> MResult>>; + fn generate_key( + &self, + algorithm: KeyAlgorithm, + label: Option<&str>, + ) -> MResult>; + + fn decrypt( + &self, + remote_object: Arc, + algorithm: EncryptionAlgorithm, + ciphertext: Vec, + ) -> MResult>>; +} diff --git a/crate/pkcs11/module/src/traits/certificate.rs b/crate/pkcs11/module/src/traits/certificate.rs new file mode 100644 index 000000000..46a5858a4 --- /dev/null +++ b/crate/pkcs11/module/src/traits/certificate.rs @@ -0,0 +1,37 @@ +use std::{any::Any, hash::Hash}; + +use crate::{ + traits::{KeyAlgorithm, PublicKey}, + MResult, +}; + +pub trait Certificate: Send + Sync + std::fmt::Debug { + fn label(&self) -> String; + fn to_der(&self) -> MResult>; + fn public_key(&self) -> &dyn PublicKey; + fn algorithm(&self) -> KeyAlgorithm { + self.public_key().algorithm() + } + fn issuer(&self) -> MResult>; + fn serial_number(&self) -> MResult>; + fn subject(&self) -> MResult>; +} + +impl PartialEq for dyn Certificate { + fn eq(&self, other: &Self) -> bool { + self.to_der().unwrap_or_else(|_| vec![]) == other.to_der().unwrap_or_else(|_| vec![]) + && self.label() == other.label() + } +} + +impl Eq for dyn Certificate {} + +impl Hash for dyn Certificate { + fn hash(&self, state: &mut H) { + self.type_id().hash(state); + self.to_der() + .unwrap_or_else(|_| vec![]) //unlikely: the certificate is originally parsed from DER + .hash(state); + self.label().hash(state); + } +} diff --git a/crate/pkcs11/module/src/traits/data_object.rs b/crate/pkcs11/module/src/traits/data_object.rs new file mode 100644 index 000000000..628796a0b --- /dev/null +++ b/crate/pkcs11/module/src/traits/data_object.rs @@ -0,0 +1,42 @@ +// Copyright 2024 Cosmian Tech SAS +// Changes made to the original code are +// licensed under the Business Source License version 1.1. + +//! `CKO_DATA` object as defined in PKCS#11 2.40 4.5 +//! [PKCS#11 2.40 ~ 4.5](http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html#_Toc416959706) + +use std::{any::Any, ffi::CString, hash::Hash}; + +use zeroize::{Zeroize, Zeroizing}; + +pub trait DataObject: Zeroize + Send + Sync { + /// The value of the object which may be a secret + fn value(&self) -> Zeroizing>; + /// The application that manages the object + fn application(&self) -> CString; + fn data_hash(&self) -> Vec; + fn label(&self) -> String; +} + +impl std::fmt::Debug for dyn DataObject { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + f.debug_struct("Data") + .field("label", &self.label()) + .finish_non_exhaustive() + } +} + +impl PartialEq for dyn DataObject { + fn eq(&self, other: &Self) -> bool { + self.data_hash() == other.data_hash() && self.label() == other.label() + } +} + +impl Eq for dyn DataObject {} +impl Hash for dyn DataObject { + fn hash(&self, state: &mut H) { + self.type_id().hash(state); + self.data_hash().hash(state); + self.label().hash(state); + } +} diff --git a/crate/pkcs11/module/src/traits/encryption_algorithms.rs b/crate/pkcs11/module/src/traits/encryption_algorithms.rs new file mode 100644 index 000000000..3cfce35ff --- /dev/null +++ b/crate/pkcs11/module/src/traits/encryption_algorithms.rs @@ -0,0 +1,5 @@ +#[derive(Debug, Clone, Copy)] +pub enum EncryptionAlgorithm { + // CKM_RSA_PKCS + RsaPkcs1v15, +} diff --git a/crate/pkcs11/module/src/traits/mod.rs b/crate/pkcs11/module/src/traits/mod.rs new file mode 100644 index 000000000..2568ea5e7 --- /dev/null +++ b/crate/pkcs11/module/src/traits/mod.rs @@ -0,0 +1,137 @@ +// Copyright 2024 Cosmian Tech SAS +// Changes made to the original code are +// licensed under the Business Source License version 1.1. +// +//Original code: +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +use std::{any::Any, hash::Hash, sync::Arc}; + +pub use backend::{backend, register_backend, Backend}; +pub use certificate::Certificate; +pub use data_object::DataObject; +pub use encryption_algorithms::EncryptionAlgorithm; +pub use once_cell; +pub use private_key::PrivateKey; +pub use remote_object_id::{RemoteObjectId, RemoteObjectType}; +pub use signature_algorithm::SignatureAlgorithm; + +use crate::{ + core::attribute::{Attribute, AttributeType, Attributes}, + MError, MResult, +}; + +mod backend; +mod certificate; +mod data_object; +mod encryption_algorithms; +mod private_key; +mod remote_object_id; +mod signature_algorithm; + +pub type Digest = [u8; 20]; + +#[derive(Debug, PartialEq, Eq, Clone)] +pub enum DigestType { + Sha1, + Sha224, + Sha256, + Sha384, + Sha512, +} + +impl DigestType { + #[must_use] + pub fn digest_len(&self) -> usize { + match self { + DigestType::Sha1 => 20, + DigestType::Sha224 => 28, + DigestType::Sha256 => 32, + DigestType::Sha384 => 48, + DigestType::Sha512 => 64, + } + } +} + +pub trait PublicKey: Send + Sync + std::fmt::Debug { + fn public_key_hash(&self) -> Vec; + fn label(&self) -> String; + fn to_der(&self) -> Vec; + fn verify(&self, algorithm: &SignatureAlgorithm, data: &[u8], signature: &[u8]) -> MResult<()>; + fn delete(self: Arc); + fn algorithm(&self) -> KeyAlgorithm; +} + +impl PartialEq for dyn PublicKey { + fn eq(&self, other: &Self) -> bool { + self.public_key_hash() == other.public_key_hash() && self.label() == other.label() + } +} + +impl Eq for dyn PublicKey {} + +impl Hash for dyn PublicKey { + fn hash(&self, state: &mut H) { + self.type_id().hash(state); + self.public_key_hash().hash(state); + self.label().hash(state); + } +} + +#[derive(Debug)] +pub enum SearchOptions { + All, + Label(String), + Id(Vec), +} + +impl TryFrom<&Attributes> for SearchOptions { + type Error = MError; + + fn try_from(attributes: &Attributes) -> std::result::Result { + if attributes.is_empty() { + return Ok(SearchOptions::All); + } + if let Some(Attribute::Id(id)) = attributes.get(AttributeType::Id) { + // let id = compoundid::decode(id)?; + Ok(SearchOptions::Id(id.clone())) + } else if let Some(Attribute::Label(label)) = attributes.get(AttributeType::Label) { + Ok(SearchOptions::Label(label.into())) + } else { + Ok(SearchOptions::All) + } + } +} + +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +pub enum KeyAlgorithm { + Rsa, + Ecc, +} + +pub struct Version { + pub major: u8, + pub minor: u8, +} + +pub fn random_label() -> String { + use rand::{distributions::Alphanumeric, Rng}; + String::from("bumpkey ") + + &rand::thread_rng() + .sample_iter(&Alphanumeric) + .take(32) + .map(char::from) + .collect::() +} diff --git a/crate/pkcs11/module/src/traits/private_key.rs b/crate/pkcs11/module/src/traits/private_key.rs new file mode 100644 index 000000000..680d960d4 --- /dev/null +++ b/crate/pkcs11/module/src/traits/private_key.rs @@ -0,0 +1,59 @@ +// Copyright 2024 Cosmian Tech SAS +// Changes made to the original code are +// licensed under the Business Source License version 1.1. +// +//Original code: +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +use std::{any::Any, hash::Hash, sync::Arc}; + +use crate::{ + traits::{Backend, KeyAlgorithm, PublicKey, SearchOptions, SignatureAlgorithm}, + MResult, +}; + +pub trait PrivateKey: Send + Sync { + fn public_key_id(&self) -> Vec; + fn label(&self) -> String; + fn sign(&self, algorithm: &SignatureAlgorithm, data: &[u8]) -> MResult>; + fn algorithm(&self) -> KeyAlgorithm; + fn find_public_key(&self, backend: &dyn Backend) -> MResult>> { + backend.find_public_key(SearchOptions::Id(self.public_key_id())) + } +} + +impl std::fmt::Debug for dyn PrivateKey { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + f.debug_struct("PrivateKey") + .field("label", &self.label()) + .finish_non_exhaustive() + } +} + +impl PartialEq for dyn PrivateKey { + fn eq(&self, other: &Self) -> bool { + self.public_key_id() == other.public_key_id() && self.label() == other.label() + } +} + +impl Eq for dyn PrivateKey {} + +impl Hash for dyn PrivateKey { + fn hash(&self, state: &mut H) { + self.type_id().hash(state); + self.public_key_id().hash(state); + self.label().hash(state); + } +} diff --git a/crate/pkcs11/module/src/traits/remote_object_id.rs b/crate/pkcs11/module/src/traits/remote_object_id.rs new file mode 100644 index 000000000..773c299af --- /dev/null +++ b/crate/pkcs11/module/src/traits/remote_object_id.rs @@ -0,0 +1,43 @@ +// Copyright 2024 Cosmian Tech SAS +// Changes made to the original code are +// licensed under the Business Source License version 1.1. + +use std::hash::Hash; + +#[derive(Debug, Clone)] +pub enum RemoteObjectType { + PublicKey, + Certificate, + PrivateKey, + SymmetricKey, +} + +/// A remote object is an object that is stored on a remote server +/// and for which we have a reference to. +pub trait RemoteObjectId: Send + Sync { + fn remote_id(&self) -> String; + + fn remote_type(&self) -> RemoteObjectType; +} + +impl std::fmt::Debug for dyn RemoteObjectId { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + f.debug_struct("RemoteObjectId") + .field("id", &self.remote_id()) + .field("type", &self.remote_type()) + .finish_non_exhaustive() + } +} +impl PartialEq for dyn RemoteObjectId { + fn eq(&self, other: &Self) -> bool { + self.remote_id() == other.remote_id() + } +} + +impl Eq for dyn RemoteObjectId {} + +impl Hash for dyn RemoteObjectId { + fn hash(&self, state: &mut H) { + self.remote_id().hash(state); + } +} diff --git a/crate/pkcs11/module/src/traits/signature_algorithm.rs b/crate/pkcs11/module/src/traits/signature_algorithm.rs new file mode 100644 index 000000000..f1ea05a90 --- /dev/null +++ b/crate/pkcs11/module/src/traits/signature_algorithm.rs @@ -0,0 +1,17 @@ +use crate::traits::DigestType; + +#[derive(Debug, Clone)] +pub enum SignatureAlgorithm { + Ecdsa, + RsaRaw, + RsaPkcs1v15Raw, + RsaPkcs1v15Sha1, + RsaPkcs1v15Sha384, + RsaPkcs1v15Sha256, + RsaPkcs1v15Sha512, + RsaPss { + digest: DigestType, + mask_generation_function: DigestType, + salt_length: u64, + }, +} diff --git a/crate/pkcs11/.gitignore b/crate/pkcs11/provider/.gitignore similarity index 100% rename from crate/pkcs11/.gitignore rename to crate/pkcs11/provider/.gitignore diff --git a/crate/pkcs11/Cargo.toml b/crate/pkcs11/provider/Cargo.toml similarity index 50% rename from crate/pkcs11/Cargo.toml rename to crate/pkcs11/provider/Cargo.toml index e43d480bd..185c4a747 100644 --- a/crate/pkcs11/Cargo.toml +++ b/crate/pkcs11/provider/Cargo.toml @@ -1,7 +1,11 @@ [package] name = "ckms_pkcs11" -version = "4.15.2" -edition = "2021" +version.workspace = true +authors.workspace = true +edition.workspace = true +license.workspace = true +repository.workspace = true +rust-version.workspace = true [lib] name = "ckms_pkcs11" @@ -11,14 +15,11 @@ crate-type = ["rlib", "dylib"] doctest = false [dependencies] -cosmian_kmip = { path = "../kmip" } -cosmian_kms_client = { path = "../client" } -cosmian_logger = { path = "../logger" } +cosmian_kmip = { path = "../../kmip" } +cosmian_kms_client = { path = "../../client" } +cosmian_logger = { path = "../../logger" } +cosmian_pkcs11_module = { path = "../module" } etcetera = "0.8.0" -native-pkcs11 = { git = "https://github.com/Cosmian/native-pkcs11.git", rev = "114c93de2e32c2b943578f0aad1c0f43d69e7726", features = [ - "custom-function-list", -] } -native-pkcs11-traits = { git = "https://github.com/Cosmian/native-pkcs11.git", rev = "114c93de2e32c2b943578f0aad1c0f43d69e7726" } serde_json = { workspace = true } sha3 = "0.10.8" thiserror = { workspace = true } @@ -26,7 +27,11 @@ tokio = { workspace = true } tracing = { workspace = true } tracing-error = "0.2.0" tracing-subscriber = { version = "0.3.18", features = ["env-filter"] } +x509-cert = { version = "0.2.5", default-features = false } zeroize = { workspace = true } +[target.'cfg(target_os = "linux")'.dependencies] +tracing-journald = "0.3.0" + [dev-dependencies] -kms_test_server = { path = "../test_server" } +kms_test_server = { path = "../../test_server" } diff --git a/crate/pkcs11/provider/README.md b/crate/pkcs11/provider/README.md new file mode 100644 index 000000000..31a2e36fa --- /dev/null +++ b/crate/pkcs11/provider/README.md @@ -0,0 +1,16 @@ +# A PKCS#11 provider for Cosmian KMS + +This project builds libraries for Linux, MACOS and Windows, to use the Cosmian KMS as a PKCS#11 provider. + +The PKCS#11 standard defines an API for cryptographic devices, such as hardware security modules (HSMs) and smart cards. +The Cosmian KMS is a cloud-based cryptographic service that provides a secure and scalable key management solution. + +The PKCS#11 2.40 standard is available at + + +The primary goal is to support the Cosmian KMS as + +- a Veracrypt keyfiles provider, +- a LUKS keys provider, + +but it can be used with any application that supports PKCS#11. diff --git a/crate/pkcs11/provider/src/backend.rs b/crate/pkcs11/provider/src/backend.rs new file mode 100644 index 000000000..b6a166bc9 --- /dev/null +++ b/crate/pkcs11/provider/src/backend.rs @@ -0,0 +1,206 @@ +use std::sync::Arc; + +use cosmian_kmip::kmip::kmip_types::KeyFormatType; +use cosmian_kms_client::KmsClient; +use cosmian_pkcs11_module::traits::{ + Backend, Certificate, DataObject, EncryptionAlgorithm, KeyAlgorithm, PrivateKey, PublicKey, + RemoteObjectId, RemoteObjectType, SearchOptions, SignatureAlgorithm, Version, +}; +use tracing::{debug, trace}; +use zeroize::Zeroizing; + +use crate::{ + error::Pkcs11Error, + kms_object::{get_kms_objects, kms_decrypt, locate_kms_objects}, + pkcs11_certificate::Pkcs11Certificate, + pkcs11_data_object::Pkcs11DataObject, + pkcs11_private_key::Pkcs11PrivateKey, +}; + +const COSMIAN_PKCS11_DISK_ENCRYPTION_TAG: &str = "disk-encryption"; + +pub struct CkmsBackend { + kms_client: KmsClient, +} + +impl CkmsBackend { + /// Instantiate a new `CkmsBackend` using the + pub fn instantiate(kms_client: KmsClient) -> Result { + Ok(CkmsBackend { kms_client }) + } +} + +impl Backend for CkmsBackend { + fn token_label(&self) -> [u8; 32] { + *b"Cosmian-KMS " + } + + fn token_manufacturer_id(&self) -> [u8; 32] { + *b"Cosmian " + } + + fn token_model(&self) -> [u8; 16] { + *b"software " + } + + fn token_serial_number(&self) -> [u8; 16] { + let version = env!("CARGO_PKG_VERSION").as_bytes(); + let len = version.len().min(16); + let mut sn = [0x20; 16]; + sn[0..len].copy_from_slice(&version[..len]); + sn + } + + fn library_description(&self) -> [u8; 32] { + *b"Cosmian KMS PKCS#11 provider " + } + + fn library_version(&self) -> Version { + let version = env!("CARGO_PKG_VERSION"); + let mut split = version.split('.'); + let major = split.next().unwrap_or("0").parse::().unwrap_or(0); + let minor = split.next().unwrap_or("0").parse::().unwrap_or(0); + Version { major, minor } + } + + fn find_certificate( + &self, + _query: SearchOptions, + ) -> cosmian_pkcs11_module::MResult>> { + trace!("find_all_certificates"); + Ok(None) + } + + fn find_all_certificates(&self) -> cosmian_pkcs11_module::MResult>> { + trace!("find_all_certificates"); + let disk_encryption_tag = std::env::var("COSMIAN_PKCS11_DISK_ENCRYPTION_TAG") + .unwrap_or(COSMIAN_PKCS11_DISK_ENCRYPTION_TAG.to_string()); + let kms_objects = get_kms_objects( + &self.kms_client, + &[disk_encryption_tag, "_cert".to_string()], + KeyFormatType::X509, + )?; + let mut result = Vec::with_capacity(kms_objects.len()); + for dao in kms_objects { + let data_object: Arc = Arc::new(Pkcs11Certificate::try_from(dao)?); + result.push(data_object); + } + Ok(result) + } + + fn find_private_key( + &self, + _query: SearchOptions, + ) -> cosmian_pkcs11_module::MResult>> { + trace!("find_private_key: {:?}", _query); + Ok(None) + } + + fn find_public_key( + &self, + query: SearchOptions, + ) -> cosmian_pkcs11_module::MResult>> { + trace!("find_public_key: {:?}", query); + Ok(None) + } + + fn find_all_private_keys( + &self, + ) -> cosmian_pkcs11_module::MResult>> { + trace!("find_all_private_keys"); + let disk_encryption_tag = std::env::var("COSMIAN_PKCS11_DISK_ENCRYPTION_TAG") + .unwrap_or(COSMIAN_PKCS11_DISK_ENCRYPTION_TAG.to_string()); + Ok( + locate_kms_objects(&self.kms_client, &[disk_encryption_tag, "_sk".to_string()])? + .into_iter() + .map(|id| { + Arc::new(Pkcs11PrivateKey::new(id, RemoteObjectType::PrivateKey)) + as Arc + }) + .collect(), + ) + } + + fn find_all_public_keys(&self) -> cosmian_pkcs11_module::MResult>> { + trace!("find_all_public_keys"); + Ok(vec![]) + } + + fn find_data_object( + &self, + query: SearchOptions, + ) -> cosmian_pkcs11_module::MResult>> { + trace!("find_data_object: {:?}", query); + Ok(None) + } + + fn find_all_data_objects(&self) -> cosmian_pkcs11_module::MResult>> { + trace!("find_all_data_objects"); + let disk_encryption_tag = std::env::var("COSMIAN_PKCS11_DISK_ENCRYPTION_TAG") + .unwrap_or(COSMIAN_PKCS11_DISK_ENCRYPTION_TAG.to_string()); + let kms_objects = get_kms_objects( + &self.kms_client, + &[disk_encryption_tag, "_kk".to_string()], + KeyFormatType::Raw, + )?; + let mut result = Vec::with_capacity(kms_objects.len()); + for dao in kms_objects { + let data_object: Arc = Arc::new(Pkcs11DataObject::try_from(dao)?); + result.push(data_object); + } + Ok(result) + } + + fn generate_key( + &self, + algorithm: KeyAlgorithm, + label: Option<&str>, + ) -> cosmian_pkcs11_module::MResult> { + trace!("generate_key: {:?}, {:?}", algorithm, label); + Ok(Arc::new(EmptyPrivateKeyImpl {})) + } + + fn decrypt( + &self, + remote_object: Arc, + algorithm: EncryptionAlgorithm, + ciphertext: Vec, + ) -> cosmian_pkcs11_module::MResult>> { + debug!( + "decrypt: {:?}, cipher text length: {}", + remote_object, + ciphertext.len() + ); + kms_decrypt( + &self.kms_client, + remote_object.remote_id(), + algorithm, + ciphertext, + ) + .map_err(Into::into) + } +} + +pub(crate) struct EmptyPrivateKeyImpl; + +impl PrivateKey for EmptyPrivateKeyImpl { + fn public_key_id(&self) -> Vec { + vec![] + } + + fn label(&self) -> String { + "PrivateKeyImpl".to_string() + } + + fn sign( + &self, + _algorithm: &SignatureAlgorithm, + _data: &[u8], + ) -> cosmian_pkcs11_module::MResult> { + Ok(vec![]) + } + + fn algorithm(&self) -> KeyAlgorithm { + KeyAlgorithm::Rsa + } +} diff --git a/crate/pkcs11/src/error/mod.rs b/crate/pkcs11/provider/src/error/mod.rs similarity index 89% rename from crate/pkcs11/src/error/mod.rs rename to crate/pkcs11/provider/src/error/mod.rs index 7006cafe4..5b39c6f00 100644 --- a/crate/pkcs11/src/error/mod.rs +++ b/crate/pkcs11/provider/src/error/mod.rs @@ -13,6 +13,10 @@ pub enum Pkcs11Error { #[error("Conversion error: {0}")] Conversion(String), + // PKCS11 Module errors + #[error("PKCS#11 error: {0}")] + Pkcs11(String), + // Any errors on KMIP format due to mistake of the user #[error("{0}: {1}")] KmipError(ErrorReason, String), @@ -54,6 +58,18 @@ impl From for Pkcs11Error { } } +impl From for Pkcs11Error { + fn from(e: cosmian_pkcs11_module::MError) -> Self { + Self::Pkcs11(e.to_string()) + } +} + +impl From for cosmian_pkcs11_module::MError { + fn from(e: Pkcs11Error) -> Self { + Self::Backend(Box::new(e)) + } +} + impl From for Pkcs11Error { fn from(e: TryFromSliceError) -> Self { Self::Conversion(e.to_string()) @@ -102,6 +118,12 @@ impl From> for Pkcs11Error { } } +impl From for Pkcs11Error { + fn from(e: x509_cert::der::Error) -> Self { + Self::Conversion(e.to_string()) + } +} + /// Return early with an error if a condition is not satisfied. /// /// This macro is equivalent to `if !$cond { return Err(From::from($err)); }`. diff --git a/crate/pkcs11/src/error/result.rs b/crate/pkcs11/provider/src/error/result.rs similarity index 100% rename from crate/pkcs11/src/error/result.rs rename to crate/pkcs11/provider/src/error/result.rs diff --git a/crate/pkcs11/provider/src/kms_object.rs b/crate/pkcs11/provider/src/kms_object.rs new file mode 100644 index 000000000..003af9b13 --- /dev/null +++ b/crate/pkcs11/provider/src/kms_object.rs @@ -0,0 +1,146 @@ +use cosmian_kmip::kmip::{ + kmip_objects::Object, + kmip_operations::{Decrypt, Locate}, + kmip_types::{ + Attributes, CryptographicAlgorithm, CryptographicParameters, KeyFormatType, PaddingMethod, + UniqueIdentifier, + }, +}; +use cosmian_kms_client::{batch_export_objects, ClientConf, KmsClient}; +use cosmian_pkcs11_module::traits::EncryptionAlgorithm; +use tracing::{debug, trace}; +use zeroize::Zeroizing; + +use crate::error::Pkcs11Error; + +/// A wrapper around a KMS KMIP object. +#[derive(Debug)] +pub struct KmsObject { + pub object: Object, + pub attributes: Attributes, + pub other_tags: Vec, +} + +pub fn get_kms_client() -> Result { + let conf_path = ClientConf::location(None)?; + let conf = ClientConf::load(&conf_path)?; + let kms_client = conf.initialize_kms_client()?; + Ok(kms_client) +} + +pub fn locate_kms_objects( + kms_client: &KmsClient, + tags: &[String], +) -> Result, Pkcs11Error> { + tokio::runtime::Runtime::new()?.block_on(locate_kms_objects_async(kms_client, tags)) +} + +pub(crate) async fn locate_kms_objects_async( + kms_client: &KmsClient, + tags: &[String], +) -> Result, Pkcs11Error> { + locate_objects(kms_client, tags).await +} + +pub fn get_kms_objects( + kms_client: &KmsClient, + tags: &[String], + key_format_type: KeyFormatType, +) -> Result, Pkcs11Error> { + tokio::runtime::Runtime::new()?.block_on(get_kms_objects_async( + kms_client, + tags, + key_format_type, + )) +} + +pub(crate) async fn get_kms_objects_async( + kms_client: &KmsClient, + tags: &[String], + key_format_type: KeyFormatType, +) -> Result, Pkcs11Error> { + let key_ids = locate_objects(kms_client, tags).await?; + let responses = + batch_export_objects(kms_client, key_ids, true, None, true, Some(key_format_type)).await?; + trace!("Found objects: {:?}", responses); + let mut results = vec![]; + for response in responses { + let (object, attributes) = response.map_err(|e| Pkcs11Error::ServerError(e.to_string()))?; + let other_tags = attributes + .get_tags() + .into_iter() + .filter(|t| !t.is_empty() && !tags.contains(t) && !t.starts_with('_')) + .collect::>(); + results.push(KmsObject { + object, + attributes, + other_tags, + }); + } + Ok(results) +} + +async fn locate_objects( + kms_client: &KmsClient, + tags: &[String], +) -> Result, Pkcs11Error> { + let mut attributes = Attributes::default(); + attributes.set_tags(tags)?; + + let locate = Locate { + attributes, + ..Default::default() + }; + let response = kms_client.locate(locate).await?; + let uniques_identifiers = response + .unique_identifiers + .unwrap_or_default() + .iter() + .map(std::string::ToString::to_string) + .filter(|id| !id.is_empty()) + .collect(); + debug!( + "Located objects: tags: {:?} => {:?}", + tags, uniques_identifiers + ); + Ok(uniques_identifiers) +} + +pub fn kms_decrypt( + kms_client: &KmsClient, + key_id: String, + encryption_algorithm: EncryptionAlgorithm, + data: Vec, +) -> Result>, Pkcs11Error> { + tokio::runtime::Runtime::new()?.block_on(kms_decrypt_async( + kms_client, + key_id, + encryption_algorithm, + data, + )) +} + +pub(crate) async fn kms_decrypt_async( + kms_client: &KmsClient, + key_id: String, + encryption_algorithm: EncryptionAlgorithm, + data: Vec, +) -> Result>, Pkcs11Error> { + let cryptographic_parameters = match encryption_algorithm { + EncryptionAlgorithm::RsaPkcs1v15 => CryptographicParameters { + cryptographic_algorithm: Some(CryptographicAlgorithm::RSA), + padding_method: Some(PaddingMethod::PKCS1v15), + ..Default::default() + }, + }; + let decryption_request = Decrypt { + unique_identifier: Some(UniqueIdentifier::TextString(key_id)), + cryptographic_parameters: Some(cryptographic_parameters), + data: Some(data), + ..Default::default() + }; + let response = kms_client.decrypt(decryption_request).await?; + response.data.ok_or_else(|| { + Pkcs11Error::ServerError("Decryption response does not contain data".to_string()) + }) +} diff --git a/crate/pkcs11/src/lib.rs b/crate/pkcs11/provider/src/lib.rs similarity index 62% rename from crate/pkcs11/src/lib.rs rename to crate/pkcs11/provider/src/lib.rs index d92489b3d..514061b55 100644 --- a/crate/pkcs11/src/lib.rs +++ b/crate/pkcs11/provider/src/lib.rs @@ -1,22 +1,27 @@ -use std::ptr::addr_of_mut; +use std::{ptr::addr_of_mut, str::FromStr}; -use native_pkcs11::{CKR_OK, CK_FUNCTION_LIST_PTR_PTR, CK_RV, FUNC_LIST}; +use cosmian_pkcs11_module::{CKR_OK, CK_FUNCTION_LIST_PTR_PTR, CK_RV, FUNC_LIST}; +use tracing::Level; -use crate::{logging::initialize_logging, pkcs_11_data_object::get_kms_client}; +use crate::{kms_object::get_kms_client, logging::initialize_logging}; mod backend; mod error; +mod kms_object; mod logging; -mod pkcs_11_data_object; +mod pkcs11_certificate; +mod pkcs11_data_object; +mod pkcs11_private_key; /// # Safety /// This function is the first one called by the PKCS#11 library client /// to get the PKCS#11 functions list. #[no_mangle] pub unsafe extern "C" fn C_GetFunctionList(pp_function_list: CK_FUNCTION_LIST_PTR_PTR) -> CK_RV { - initialize_logging("ckms-pkcs11.log", None, None); + let debug_level = std::env::var("COSMIAN_PKCS11_LOGGING_LEVEL").unwrap_or("info".to_string()); + initialize_logging("ckms-pkcs11", Level::from_str(&debug_level).ok(), None); // Instantiate a backend with a kms client using the `kms.json` file in the local default directory. - native_pkcs11_traits::register_backend(Box::new( + cosmian_pkcs11_module::traits::register_backend(Box::new( backend::CkmsBackend::instantiate( get_kms_client() .expect("failed instantiating the KMS client with the current configuration"), diff --git a/crate/pkcs11/src/logging.rs b/crate/pkcs11/provider/src/logging.rs similarity index 56% rename from crate/pkcs11/src/logging.rs rename to crate/pkcs11/provider/src/logging.rs index dd9d0bfd3..553da7552 100644 --- a/crate/pkcs11/src/logging.rs +++ b/crate/pkcs11/provider/src/logging.rs @@ -1,6 +1,6 @@ use std::{fs, fs::OpenOptions, path::PathBuf, sync::Once}; -use tracing::level_filters::LevelFilter; +use tracing::Level; use tracing_error::ErrorLayer; use tracing_subscriber::{ fmt::format::FmtSpan, layer::SubscriberExt, util::SubscriberInitExt, EnvFilter, Registry, @@ -8,22 +8,19 @@ use tracing_subscriber::{ static TRACING_INIT: Once = Once::new(); -pub fn initialize_logging( - log_name: &str, - log_home: Option, - level_filter: Option, -) { +pub fn initialize_logging(log_name: &str, level: Option, log_home: Option) { TRACING_INIT.call_once(|| { - init(log_name, log_home, level_filter).unwrap_or_else(|e| { + init(log_name, level, log_home).unwrap_or_else(|e| { eprintln!("Failed to initialize logging: {e}"); }); }); } +#[cfg(not(target_os = "linux"))] fn init( log_name: &str, + level: Option, log_home: Option, - level_filter: Option, ) -> Result<(), Box> { let log_home = match log_home { None => { @@ -32,18 +29,39 @@ fn init( } Some(log_home) => PathBuf::from(log_home), }; + log_to_file(log_name, level.unwrap_or(Level::INFO), &log_home) +} + +#[cfg(target_os = "linux")] +/// For Linux, log to /var/log +fn init( + log_name: &str, + level: Option, + _log_home: Option, +) -> Result<(), Box> { + let level = level.unwrap_or(Level::INFO); + println!("ckms-pkcs11 module logging at {level} level to file /var/log/{log_name}.log"); + log_to_file(log_name, level, &PathBuf::from("/var/log")) +} + +fn log_to_file( + log_name: &str, + level: Level, + log_home: &PathBuf, +) -> Result<(), Box> { // Use `create_dir_all` to create the directory and all its parent directories // if they do not exist. - fs::create_dir_all(&log_home)?; - let log_path = log_home.join(log_name); + if !log_home.exists() { + fs::create_dir_all(log_home)?; + } + let log_path = log_home.join(format!("{log_name}.log")); // Open the file in append mode, or create it if it doesn't exist. let file = OpenOptions::new() .append(true) .create(true) .open(log_path)?; - let env_filter = EnvFilter::builder() - .with_default_directive(level_filter.unwrap_or(LevelFilter::TRACE).into()) - .from_env_lossy(); + let env_filter = + EnvFilter::new(format!("info,ckms_pkcs11={level},cosmian_pkcs11_module={level}").as_str()); _ = Registry::default() .with( tracing_subscriber::fmt::layer() diff --git a/crate/pkcs11/provider/src/pkcs11_certificate.rs b/crate/pkcs11/provider/src/pkcs11_certificate.rs new file mode 100644 index 000000000..62640c86f --- /dev/null +++ b/crate/pkcs11/provider/src/pkcs11_certificate.rs @@ -0,0 +1,75 @@ +use cosmian_kmip::kmip::{kmip_objects::Object, kmip_types::CertificateType}; +use cosmian_pkcs11_module::traits::{Certificate, PublicKey}; +use x509_cert::{ + der::{Decode, Encode}, + Certificate as X509Certificate, +}; + +use crate::{error::Pkcs11Error, kms_object::KmsObject}; + +/// A PKCS11 Certificate is a Certificate that wraps data from a KMS object +#[derive(Debug)] +pub struct Pkcs11Certificate { + pub certificate: X509Certificate, + pub label: String, +} + +impl TryFrom for Pkcs11Certificate { + type Error = Pkcs11Error; + + fn try_from(kms_object: KmsObject) -> Result { + match kms_object.object { + Object::Certificate { + certificate_type, + certificate_value, + .. + } => match certificate_type { + CertificateType::X509 => Ok(Self { + certificate: X509Certificate::from_der(&certificate_value).map_err(|e| { + Pkcs11Error::ServerError(format!( + "Invalid X509 Certificate DER bytes: {e:?}" + )) + })?, + label: kms_object.other_tags.join(","), + }), + _ => Err(Pkcs11Error::ServerError(format!( + "Invalid Certificate Type: {certificate_type:?}" + ))), + }, + o => Err(Pkcs11Error::ServerError(format!( + "Invalid KMS Object for a certificate: {o:?}" + ))), + } + } +} + +impl Certificate for Pkcs11Certificate { + fn label(&self) -> String { + self.label.clone() + } + + fn to_der(&self) -> cosmian_pkcs11_module::MResult> { + self.certificate + .to_der() + .map_err(|e| Pkcs11Error::from(e).into()) + } + + fn public_key(&self) -> &dyn PublicKey { + todo!("implement get public key got certificate") + } + + fn issuer(&self) -> cosmian_pkcs11_module::MResult> { + Encode::to_der(&self.certificate.tbs_certificate.issuer) + .map_err(|e| Pkcs11Error::from(e).into()) + } + + fn serial_number(&self) -> cosmian_pkcs11_module::MResult> { + Encode::to_der(&self.certificate.tbs_certificate.serial_number) + .map_err(|e| Pkcs11Error::from(e).into()) + } + + fn subject(&self) -> cosmian_pkcs11_module::MResult> { + Encode::to_der(&self.certificate.tbs_certificate.subject) + .map_err(|e| Pkcs11Error::from(e).into()) + } +} diff --git a/crate/pkcs11/provider/src/pkcs11_data_object.rs b/crate/pkcs11/provider/src/pkcs11_data_object.rs new file mode 100644 index 000000000..efe20d1f2 --- /dev/null +++ b/crate/pkcs11/provider/src/pkcs11_data_object.rs @@ -0,0 +1,55 @@ +use std::ffi::CString; + +use cosmian_pkcs11_module::traits::DataObject; +use sha3::Digest; +use zeroize::{Zeroize, Zeroizing}; + +use crate::{error::Pkcs11Error, kms_object::KmsObject}; + +/// A PKCS11 data object is a `DataObject` that wraps data from a KMS object +#[derive(Debug)] +pub struct Pkcs11DataObject { + value: Zeroizing>, + label: String, +} + +impl TryFrom for Pkcs11DataObject { + type Error = Pkcs11Error; + + fn try_from(kms_object: KmsObject) -> Result { + Ok(Pkcs11DataObject { + value: kms_object.object.key_block()?.key_bytes()?, + label: kms_object.other_tags.join(","), + }) + } +} + +impl Zeroize for Pkcs11DataObject { + fn zeroize(&mut self) { + self.value.zeroize(); + } +} + +impl DataObject for Pkcs11DataObject { + fn value(&self) -> Zeroizing> { + self.value.clone() + } + + fn application(&self) -> CString { + CString::new(b"Cosmian KMS PKCS11 provider").unwrap_or_default() + } + + fn data_hash(&self) -> Vec { + // This is a hash of key material which may be leaked by the application + // We need pre-image and collision resistance. + // => use a cryptographic SHA3-256 hash + let mut hasher = sha3::Sha3_256::new(); + hasher.update(self.value.as_slice()); + let result = hasher.finalize(); + result.to_vec() + } + + fn label(&self) -> String { + self.label.clone() + } +} diff --git a/crate/pkcs11/provider/src/pkcs11_private_key.rs b/crate/pkcs11/provider/src/pkcs11_private_key.rs new file mode 100644 index 000000000..40d87019b --- /dev/null +++ b/crate/pkcs11/provider/src/pkcs11_private_key.rs @@ -0,0 +1,27 @@ +use cosmian_pkcs11_module::traits::{RemoteObjectId, RemoteObjectType}; + +/// A PKCS11 data object is a `DataObject` that wraps data from a KMS object +#[derive(Debug)] +pub struct Pkcs11PrivateKey { + remote_id: String, + remote_object_type: RemoteObjectType, +} + +impl Pkcs11PrivateKey { + pub fn new(remote_id: String, remote_object_type: RemoteObjectType) -> Self { + Self { + remote_id, + remote_object_type, + } + } +} + +impl RemoteObjectId for Pkcs11PrivateKey { + fn remote_id(&self) -> String { + self.remote_id.clone() + } + + fn remote_type(&self) -> RemoteObjectType { + self.remote_object_type.clone() + } +} diff --git a/crate/pkcs11/provider/src/tests.rs b/crate/pkcs11/provider/src/tests.rs new file mode 100644 index 000000000..29af93f50 --- /dev/null +++ b/crate/pkcs11/provider/src/tests.rs @@ -0,0 +1,151 @@ +use cosmian_kmip::{ + crypto::symmetric::create_symmetric_key_kmip_object, + kmip::{ + kmip_data_structures::{KeyBlock, KeyMaterial, KeyValue}, + kmip_objects::Object, + kmip_types::{CryptographicAlgorithm, KeyFormatType}, + }, +}; +use cosmian_kms_client::{import_object, KmsClient}; +use cosmian_pkcs11_module::traits::Backend; +use kms_test_server::{start_default_test_kms_server, ONCE}; + +use crate::{backend::CkmsBackend, error::Pkcs11Error, kms_object::get_kms_objects_async}; + +#[tokio::test] +async fn test_kms_client() -> Result<(), Pkcs11Error> { + let ctx = ONCE + .get_or_try_init(start_default_test_kms_server) + .await + .unwrap(); + + let kms_client = ctx.owner_client_conf.initialize_kms_client()?; + create_keys(&kms_client).await?; + + let keys = get_kms_objects_async( + &kms_client, + &["disk-encryption".to_string()], + KeyFormatType::Raw, + ) + .await?; + assert_eq!(keys.len(), 2); + let mut labels = keys + .iter() + .flat_map(|k| k.other_tags.clone()) + .collect::>(); + labels.sort(); + assert_eq!(labels, vec!["vol1".to_string(), "vol2".to_string()]); + Ok(()) +} + +fn initialize_backend() -> Result { + cosmian_logger::log_utils::log_init("fatal,cosmian_kms_client=debug"); + let rt = tokio::runtime::Runtime::new().unwrap(); + let owner_client_conf = rt.block_on(async { + let ctx = ONCE + .get_or_try_init(start_default_test_kms_server) + .await + .unwrap(); + + let kms_client = ctx.owner_client_conf.initialize_kms_client().unwrap(); + create_keys(&kms_client).await.unwrap(); + load_p12().await.unwrap(); + ctx.owner_client_conf.clone() + }); + + CkmsBackend::instantiate(owner_client_conf.initialize_kms_client()?) +} + +async fn create_keys(kms_client: &KmsClient) -> Result<(), Pkcs11Error> { + let vol1 = create_symmetric_key_kmip_object(&[1, 2, 3, 4], CryptographicAlgorithm::AES); + let _vol1_id = import_object( + kms_client, + Some("vol1".to_string()), + vol1, + None, + false, + true, + ["disk-encryption", "vol1"], + ) + .await?; + + let vol2 = create_symmetric_key_kmip_object(&[4, 5, 6, 7], CryptographicAlgorithm::AES); + let _vol2_id = import_object( + kms_client, + Some("vol2".to_string()), + vol2, + None, + false, + true, + ["disk-encryption", "vol2"], + ) + .await?; + + Ok(()) +} + +async fn load_p12() -> Result { + let ctx = ONCE + .get_or_try_init(start_default_test_kms_server) + .await + .unwrap(); + + let kms_client = ctx.owner_client_conf.initialize_kms_client()?; + let p12_bytes = include_bytes!("../test_data/certificate.p12"); + + let p12_sk = Object::PrivateKey { + key_block: KeyBlock { + key_format_type: KeyFormatType::PKCS12, + key_compression_type: None, + key_value: KeyValue { + key_material: KeyMaterial::ByteString(zeroize::Zeroizing::new(p12_bytes.to_vec())), + attributes: None, + }, + // According to the KMIP spec, the cryptographic algorithm is not required + // as long as it can be recovered from the Key Format Type or the Key Value. + // Also it should not be specified if the cryptographic length is not specified. + cryptographic_algorithm: None, + // See comment above + cryptographic_length: None, + key_wrapping_data: None, + }, + }; + + let p12_id = import_object( + &kms_client, + Some("test.p12".to_string()), + p12_sk, + None, + false, + true, + ["disk-encryption", "luks_volume"], + ) + .await?; + Ok(p12_id) +} + +#[test] +fn test_backend() -> Result<(), Pkcs11Error> { + let backend = initialize_backend()?; + + // data objects + let data_objects = backend.find_all_data_objects()?; + assert_eq!(data_objects.len(), 2); + let mut labels = data_objects + .iter() + .map(|dao| dao.label().clone()) + .collect::>(); + labels.sort(); + assert_eq!(labels, vec!["vol1".to_string(), "vol2".to_string()]); + + // RSA certificate + let certificates = backend.find_all_certificates()?; + assert_eq!(certificates.len(), 1); + assert_eq!(certificates[0].label(), "luks_volume"); + + // RSA private key + let private_keys = backend.find_all_private_keys()?; + assert_eq!(private_keys.len(), 1); + + Ok(()) +} diff --git a/crate/pkcs11/provider/test_data/cert.pem b/crate/pkcs11/provider/test_data/cert.pem new file mode 100644 index 000000000..d7ae58f52 --- /dev/null +++ b/crate/pkcs11/provider/test_data/cert.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID+TCCAuGgAwIBAgIUL4UzYLbYkT1GF42kLHy5h9PTsEgwDQYJKoZIhvcNAQEL +BQAwgYsxCzAJBgNVBAYTAkZSMQwwCgYDVQQIDANJZEYxDjAMBgNVBAcMBVBhcmlz +MRAwDgYDVQQKDAdDb3NtaWFuMQwwCgYDVQQLDANSJkQxHTAbBgNVBAMMFHRlc3Qt +ZGlzay1lbmNyeXB0aW9uMR8wHQYJKoZIhvcNAQkBFhB0ZWNoQGNvc21pYW4uY29t +MB4XDTI0MDMyOTA3MjEyM1oXDTI1MDMyOTA3MjEyM1owgYsxCzAJBgNVBAYTAkZS +MQwwCgYDVQQIDANJZEYxDjAMBgNVBAcMBVBhcmlzMRAwDgYDVQQKDAdDb3NtaWFu +MQwwCgYDVQQLDANSJkQxHTAbBgNVBAMMFHRlc3QtZGlzay1lbmNyeXB0aW9uMR8w +HQYJKoZIhvcNAQkBFhB0ZWNoQGNvc21pYW4uY29tMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAwCp0DyT1uJ7BmILZ6z1n7oajuAPmVgVoDuvOtWqf65eP +pQ1RdArQ1+Kh9ZnzJt8CqTgFyOyganIeB1Wo/knva9LXfe6SxLY/2T5nV5pvAlOM +VG/Jy0NBRSv3zqx6Jw8TDMXC3h8xKZZMAgPaf0JBEMOqeQ7W/wTrWLAcEmqR7EZr +2ZGB4A6bio0Heh9rZToXstkxQuhSGATejbWYFFPtYyZVcO95Dr98rHKzp5EhN5Oi +xGWQE6hnL5j/jn1tsHkawCFT3WpvkgP/xZJdOYMhv7iNx7sMNqC4o/hcSO6UEW/h +nak5Y1eCXx+N2AvKsEFDA8cZQj3xbWgDB4enTqFiVwIDAQABo1MwUTAdBgNVHQ4E +FgQUDNwzy1Wxmr+UAp1urOTQqPY08kYwHwYDVR0jBBgwFoAUDNwzy1Wxmr+UAp1u +rOTQqPY08kYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAt9J4 +8olmcHRihDLo/+59tYuH2dRNRQgnTzpXhT+rn1Zvk3ptQncb6v/U/xdZqyGxYq6l +Uw0Vd63FLjF0Kwv/GdO8xIlHuN74Vyjs+/iTasHQJPEnI8uldZ/s8+lkxY0rEPGp +uXKHcC8zKplHBVeWQbbMcoZsfpdHyBlmtrdd8q2YtUNiwxmhbjrEgy2UZIDTb9Cl +9D1ujse9slX6VLwatszgR0IhY+VQ2hwW57SQIc2o8OakGd1KbyFBHLL4fZgZqA8B +fGQ/ZzaX4ZiXRqonObUPZtAl128YeGZxvXXalrDIGOjblE+pThD/Q819z32EITG3 +pYKIaTlNdZvPcyyACw== +-----END CERTIFICATE----- diff --git a/crate/pkcs11/provider/test_data/cert_4096.pem b/crate/pkcs11/provider/test_data/cert_4096.pem new file mode 100644 index 000000000..53bc8ff48 --- /dev/null +++ b/crate/pkcs11/provider/test_data/cert_4096.pem @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF4zCCA8ugAwIBAgIUD88IsHJ5NHfNTvBbMrTNPYhFA98wDQYJKoZIhvcNAQEL +BQAwgYAxCzAJBgNVBAYTAkZSMQwwCgYDVQQIDANJZEYxDjAMBgNVBAcMBVBhcmlz +MRAwDgYDVQQKDAdDb3NtaWFuMQwwCgYDVQQLDANSJkQxEjAQBgNVBAMMCXRlc3Qt +NDA5NjEfMB0GCSqGSIb3DQEJARYQdGVjaEBjb3NtaWFuLmNvbTAeFw0yNDA0MDMx +OTU5MTNaFw0yNTA0MDMxOTU5MTNaMIGAMQswCQYDVQQGEwJGUjEMMAoGA1UECAwD +SWRGMQ4wDAYDVQQHDAVQYXJpczEQMA4GA1UECgwHQ29zbWlhbjEMMAoGA1UECwwD +UiZEMRIwEAYDVQQDDAl0ZXN0LTQwOTYxHzAdBgkqhkiG9w0BCQEWEHRlY2hAY29z +bWlhbi5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC+avbTMRfE +CUBWiMxHeWeFeh3i59hYGZ5F6hEfxq+n2u0BkBALOA7NvXEnn+78j2qj3qWdujii +pF+R3iaH7B0IdUTxdfNUrGvaGj4RKp7ENa7v2803O0s7b1qngrRJFyeEwQbwJoAJ +V5uPLi6iEIt5+nslTfMSEgGZmiQ/FL+4c+jgT6oH5LQwdN1GkKSl/kDgpBSCQM5N +1M+hpIToHj+pefYGUZk3SdBBkBvOtzkJexcTNHCTlZRPgUvzdjPL9txzk/hHtB/w +uN5aw1cBkFpVVFxT3J8aholxF71xW36lAfmAaGGkk7p00QYN/0o9qjodkVIuGi6A +tkdKVqq3s15TJOErri6uI0c5PAwsTW1UsaVyeSLNh5ELyQ3JTL81Mb9m9xeFwQ4t +EUPqfdIo+vKS68m3G1F2xlZJ09nN4n7QW4QLuyElvhrROIvnXX/ukmLgyQdzG8qK +lm5OxB/oLE7aua3i9pH9E0H+W8ARpS4sTbqrwk7sE1GaTTdAr62e6w2ZY6OwHeY5 +HCDICix+5YR8NKej8xcqYk+e67kP6bmvsmjdJqwbJSXPa3jVFz/60EDxnNf4i8Bp +NmLbTKEpmOgvq18pFjRmkqXGhvPVXtnh9TQfg0QOIc4yBd+UDLHn8kHqdUtfG1hF +0qo7f4sx4MLdAhaeum7mhq9bgEPfoK5LcwIDAQABo1MwUTAdBgNVHQ4EFgQUn/w7 +Qdx7gAbVYgwDRRiikodxBPMwHwYDVR0jBBgwFoAUn/w7Qdx7gAbVYgwDRRiikodx +BPMwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAYRzpspb16LXh +UVew83sXmmiIaqYShtPBtNZGWNFiq9P+oaPmGFh/gYdia1rc370B5eBS6F5stmzp +fiLErRLaujjnARi6tbSfLhipxkQxamE8inNCamARyly/8k0KtY/sUM8NUI1iMYUw +b275GZQc95s9iNovavTu/OoLGTzAUoPbViw4odOnkex3Hy/DsOykBSlS8PT18g1S +oN+u5PnLm+6Ckv8827aOumoebK3SP+rLfqFdnAkDCm/bDAUOofOyM9lODlSev1Y0 +T17vD4mcsY6ctrjRfpnwF8rN0Fu02adobuWmAFovtufnH9CwK4g3iHGOkE/buUcr +9bzvit4XgrmmbIyK22zUEQr/laDk0zFCQv64vwW12ggxF/YrteB8mtY4q8EzgTLC +99bcGJQdoGCTSFduuMTsR6EUF0BT9+J8iVN/o3eo6qF0JaODxoeTPwqfUC00JNYF +pl36XvCpknBDp8Lf1RsThKdhS6lUrUsivYlRjjH3OlZ75wAVnoeYCQbmLtNOywWB +yWONXwDYNnJ+iWz44RqNZ+90GlNMZ8uvC+z3pqeVmZQjUq7LlZrTUB6EQBWf5u4T +BjsmAXhnodlKSQyFQmSDuMIwypx74VEHJSNAgEwh0oxOPH4Jr5Q61IYsVsMoFuKc +BRpj4hIMpbagaClezWbnW/r8yGU2owU= +-----END CERTIFICATE----- diff --git a/crate/pkcs11/provider/test_data/certificate.p12 b/crate/pkcs11/provider/test_data/certificate.p12 new file mode 100644 index 000000000..089e23723 Binary files /dev/null and b/crate/pkcs11/provider/test_data/certificate.p12 differ diff --git a/crate/pkcs11/provider/test_data/certificate_4096.p12 b/crate/pkcs11/provider/test_data/certificate_4096.p12 new file mode 100644 index 000000000..ae76e7518 Binary files /dev/null and b/crate/pkcs11/provider/test_data/certificate_4096.p12 differ diff --git a/crate/pkcs11/provider/test_data/private_key.pem b/crate/pkcs11/provider/test_data/private_key.pem new file mode 100644 index 000000000..f484cec4e --- /dev/null +++ b/crate/pkcs11/provider/test_data/private_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDAKnQPJPW4nsGY +gtnrPWfuhqO4A+ZWBWgO6861ap/rl4+lDVF0CtDX4qH1mfMm3wKpOAXI7KBqch4H +Vaj+Se9r0td97pLEtj/ZPmdXmm8CU4xUb8nLQ0FFK/fOrHonDxMMxcLeHzEplkwC +A9p/QkEQw6p5Dtb/BOtYsBwSapHsRmvZkYHgDpuKjQd6H2tlOhey2TFC6FIYBN6N +tZgUU+1jJlVw73kOv3yscrOnkSE3k6LEZZATqGcvmP+OfW2weRrAIVPdam+SA//F +kl05gyG/uI3Huww2oLij+FxI7pQRb+GdqTljV4JfH43YC8qwQUMDxxlCPfFtaAMH +h6dOoWJXAgMBAAECggEAWZ7S/schdCdSKZMJF91NDeCsFSN4dnDSDXdrMY+XIrRO +EU9rR//NU4nGN/lC/cNvBcVzaTf2Pn6XQ5tvE50etH4h8wDjYSuQDny8jI4hLIgT +f8Oc7JeipqRxT2mAFJxCqafHkHkin/8Q1rW+XrBjEPL4G7pQiaHdMsD7bplWEccc +pinQxwt9vvfRiGXpetXdhcNFroXsl2sXvJ4In/0Y3u1lW0u2ne/6R+WAiBWZo23V +HnusRbMLamDl6+rTIIWSdJ0CZT7q80O9JkBRyM24Cogp49q+5FB2p5t5UdqGeCoJ +mevkTZBmLCmDGV5kcWL9Hapzm2887eARiKyBt1OXvQKBgQDtPrXxIYznJvgAu5II +GRPZj/1QzUayjtcvhgJIobgpt8L4RfZHTYD8nPv1gP3iWHyFIfkyxcbZVCo2+KF4 +b8MndOBqgP039e04ioDsLtKFspqU4/OgCtUxwQ9pj68MzUPAqUDdChAjHVZwU3B7 +m4iIxZiNMSpvPCYcpvf6AZUOQwKBgQDPW3IAnJDiGqQ8lf5H+2zmzSXHz7pqFVDA +aHAWwaGw+6ebZMyCtHyzZXSAvCO1VENH1Cj9/U7ed0CQUZuF7ZR39KHOXjzDEXtL +zUeBsRHNh10DR5qfdZhEh3AB5L2NFOdlMB02OQjkMAtU5jnTSy9zA69muXaS2t/V +XCA+M9a8XQKBgQDaHtPsVGpVg1B0a/+BDn1fg7DkfzbGp+lTuiOTX4wQXvEUjk41 +lB5JIpPMTcIePjiNtoSEl62Q1n7Rd5oNPsPwHNbPVLR6pNJrL3wEqa/IWEMjLMkq +lYsZaWSgKwhH/tiR44rNLplTj3+PWkeKfZ70EKeG+HMJPgXURfarlpTSPQKBgQCY +SczcbiBqLq7YYEC0lQ9SIvDQYtvB9Y2tAgbwb51U4j4iflFE3VGIX8bElWiUUCJp +qoPApj06XdLpK0ZRgj88Kkp7yfJOQZSQA1+0/Fra28OQGRKSckc2bVHx0hD0gJnB +UyjhHdpN3Is1+zAU4m8ixV4Yz7Up/d3OUS7NAD2BcQKBgAtpi6KN978UayJkta5e +RRqXA+pajpLPZUOjLVNdF5a2Pji+iBInYJAv4ePHrmmFQ636vSut1xzb9a3d3zkL +kCGnCFQFFI1V9ESSCEVOE7z/1aRHwPTfH0Gzb+RqNTayDIlBxT5rxzilXrPgPmkb +EERrDoA64iZQEuKFcAPgmJQg +-----END PRIVATE KEY----- diff --git a/crate/pkcs11/provider/test_data/private_key_4096.pem b/crate/pkcs11/provider/test_data/private_key_4096.pem new file mode 100644 index 000000000..340b1a184 --- /dev/null +++ b/crate/pkcs11/provider/test_data/private_key_4096.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC+avbTMRfECUBW +iMxHeWeFeh3i59hYGZ5F6hEfxq+n2u0BkBALOA7NvXEnn+78j2qj3qWdujiipF+R +3iaH7B0IdUTxdfNUrGvaGj4RKp7ENa7v2803O0s7b1qngrRJFyeEwQbwJoAJV5uP +Li6iEIt5+nslTfMSEgGZmiQ/FL+4c+jgT6oH5LQwdN1GkKSl/kDgpBSCQM5N1M+h +pIToHj+pefYGUZk3SdBBkBvOtzkJexcTNHCTlZRPgUvzdjPL9txzk/hHtB/wuN5a +w1cBkFpVVFxT3J8aholxF71xW36lAfmAaGGkk7p00QYN/0o9qjodkVIuGi6AtkdK +Vqq3s15TJOErri6uI0c5PAwsTW1UsaVyeSLNh5ELyQ3JTL81Mb9m9xeFwQ4tEUPq +fdIo+vKS68m3G1F2xlZJ09nN4n7QW4QLuyElvhrROIvnXX/ukmLgyQdzG8qKlm5O +xB/oLE7aua3i9pH9E0H+W8ARpS4sTbqrwk7sE1GaTTdAr62e6w2ZY6OwHeY5HCDI +Cix+5YR8NKej8xcqYk+e67kP6bmvsmjdJqwbJSXPa3jVFz/60EDxnNf4i8BpNmLb +TKEpmOgvq18pFjRmkqXGhvPVXtnh9TQfg0QOIc4yBd+UDLHn8kHqdUtfG1hF0qo7 +f4sx4MLdAhaeum7mhq9bgEPfoK5LcwIDAQABAoICAFC2/pFfCffrA/6qVg0mBR+r +N+fq5uXRVinEoiWaDvNT9YroCiT3Si8j0kc9oAwmrslvozxMp50pl+k5BZQwHc5s +ByFjIhYOUFlPLmgQbOQ27UR3I3H6DFXRSdgfq1QgIHxBZjN93mAXZrU2mkXQRY8b +AgA6HoLWZx85G4wxu2LwnxIWMrjN1SOFJha3UVObhtyyMI9V8R1EzA50snHCALJS +JFthU1UAUOq5r0/ckqzWJF3bqKymhwt8fzlgLWyT47aKTn/2dmOPuZE3pDXhfqkU +7V4O8tJHnRL3QTI/2lsPjzdDB8C/bhX+VFaylEG3WpMV+oPYTUX5/hYgzpS3z48r +PnCB+M35Gdse0VqR8dntR/3AXjsgfG4AVwRLTPOVjLUBX9Nk19hOzTWHrCmg/vNm +rDv1rxWKSagPFpk9TRK6zr9i+KmiHDV2ld+NxI9Md6DHbI+GUGyLBg2kOyvO7ldl +A270Own3bDcZhvMaGMk1/pKTahcg1SarAsc/sgcEk1rySV07NVSOgTQfev2rM6iY +DE5y7d+QpWGzeylOxBLbp93LYdVaYJpqfFzDxMJofEAVi9zawbiaXBVjtQAXALdp +rn41lIxOm9m72uQELt3G3XLfoPcoOW6IGMN5R3apmbtppHfRndgxRR+qhj6sAGAD +x7uXmFBmmH6Lc8yv9MphAoIBAQDsmcB4ziZ/AHXnSzv+vifo5n7UgZWeS9syrE7W +fb78GvIF/9scDVmauwwH3uWgBwJqrdiNnugAmLL3RG4I0WG2wYyR/6BnFjJ8c0iF ++XqiCoaIFpOQCpiwGyQqcl2uni+QWwnUrSAlHzf2c6UJY04ZCG4MWOoguBzqRUr4 +YNzt9i2MLPttv80/NLWWEqF2Gqt4xPv+HK8t5YSgJzph6ASVmeADdz/pC7wPYnVP +6Pl2E+UNXveJED09Q4w18Qw1iqJbklLq1tTMtIQjmuuk6IOAge/GlwK46vnguKx1 +MkoBGw86vhAK172Ozg4Q6yawKsmL8U+yLSSMxVm9wSLHmBElAoIBAQDOB9X0TiL+ +VFzZ5DOyIaqiwuefgZilfKSLkjPs5mNsmXxLd9R5xbC3LMl6itLhpFhjCJqG9fJl +LApNuPE7MMSRW3MqPH9hNipNQtfxZo7pY2Y+BDwmttBcejulWvjL9pKUv14OcynM +uDkqOm4lp2COyWJxZK2Lt8Hfcs4kLPVixO49rTDeIQqy4mPo/t9CD+BUL9timalC +Aelo1FL84IIpkwClcKNjaiFphB3L0qdvyfYYcuZV+Gzie7jO3FAlUiPBpXhSC1Cl +wuKNU4hPpVfqXRhbcB/bTIGFefThOvty3Lgt+8SYW0k0OAbOE+MQdcIblJkXoPhI +WJ3LCnVzTMK3AoIBAQDIFlKWF0io+Lu86XwIN8nKhTrW/euI3f+2f8+ARwE/dI4e +krw6ofOYDfzjnxWz2pmpm/FZ+vuanYgj4kPnwyKOimoVggelhjkV0+yOGGgkJyCU +b/tEwiFUNO/F0cf2ByKUQtkyeWKI4jjSfAQix09hjiZ63KrLFsilOgpnuIq91wW3 +2MacjqrFfA7gpkrTdURzsqqkwJ9JAiPByMrvx2YxGds/MxbiP6E/pXUuKgjlWXfI +cfqGeCxB5iDp8TrxAJfDNyBWJ2342+QvtDD52gRzpe8fk8+ikFzXNXXq+qdo/fhI +Jjms4bwVy55LooGqU9T0OxO5y8FwJul4tp9yCeDdAoIBAQCOKAPtLFiiyUzDntw4 +hVg6M2cjvIS5clYKY1dmltR1IzYK0GSPnOLAkKt33P+CZyYBNveANYUJX6jAVeJE +Z/LJJKNCujldtsTbSEq9Knli+Y2bLsreH3eGx2QORMWz3a7n6V6Zc8aclWQECgrj ++if6fWNqQAAqjiC773fiqA6sFpsXfT9hlMTQBrrPEcSzzUaIb/jcgI+zlqQZC58z +EildTCu++wgRWTIyntD8SJ302RHvbqAVI3Llll4+hO7bwWAghe6OFXaQ2PX+c2tz +IO+XKqLavHOOmawoj6xyF4NVjouaVsQgJ6RL3nh7imc6fTXwV8iF8DA/or1FUjMV +2hnjAoIBAA0sX5iO02RzMQtf/GeXbgVh/WEWd9Q5NQeuBkMRNlF6ZYfJtvgMKaIi +oaLU6sKNMf6RRE2s+Kaq3u+VouM2ZpR8AUTcg3WaYlHufy8Tcl1Aw3tX3k4OU9yc +fzNWvJnQNqwKZkIon/WuAxvr/kTjYdYyoubD+/x7WlJoZLVe6eVzBnzidNY54bv9 +XGofy6DxZvU0LhZ8GqPTk2qIGtxPBPr7Vcv/leA518hQLfpO4GBU4MnshVQMe/RW +sEmnC5GxYwFFsoWuKPbQ2+AK5Ho3n77OTH+oKavvMY+ufNaY16PtlaDT3XRJ1ajq +OvLQzvQOQuFe3iHUAv2md16B1kfzKsA= +-----END PRIVATE KEY----- diff --git a/crate/pkcs11/src/backend.rs b/crate/pkcs11/src/backend.rs deleted file mode 100644 index 0f31bcbbe..000000000 --- a/crate/pkcs11/src/backend.rs +++ /dev/null @@ -1,121 +0,0 @@ -use std::sync::Arc; - -use cosmian_kms_client::KmsClient; -use native_pkcs11_traits::{ - Backend, Certificate, DataObject, KeyAlgorithm, PrivateKey, PublicKey, SearchOptions, - SignatureAlgorithm, -}; -use tracing::trace; - -use crate::{error::Pkcs11Error, pkcs_11_data_object::get_pkcs11_keys}; - -pub struct CkmsBackend { - kms_client: KmsClient, -} - -impl CkmsBackend { - /// Instantiate a new `CkmsBackend` using the - pub fn instantiate(kms_client: KmsClient) -> Result { - Ok(CkmsBackend { kms_client }) - } -} - -impl Backend for CkmsBackend { - fn name(&self) -> String { - trace!("name"); - "Cosmian KMS".to_string() - } - - fn find_certificate( - &self, - _query: SearchOptions, - ) -> native_pkcs11_traits::Result>> { - trace!("find_all_certificates"); - Ok(None) - } - - fn find_all_certificates(&self) -> native_pkcs11_traits::Result>> { - trace!("find_all_certificates"); - Ok(vec![]) - } - - fn find_private_key( - &self, - _query: SearchOptions, - ) -> native_pkcs11_traits::Result>> { - trace!("find_private_key: {:?}", _query); - Ok(None) - } - - fn find_public_key( - &self, - query: SearchOptions, - ) -> native_pkcs11_traits::Result>> { - trace!("find_public_key: {:?}", query); - Ok(None) - } - - fn find_all_private_keys(&self) -> native_pkcs11_traits::Result>> { - trace!("find_all_private_keys"); - Ok(vec![]) - } - - fn find_all_public_keys(&self) -> native_pkcs11_traits::Result>> { - trace!("find_all_public_keys"); - Ok(vec![]) - } - - fn find_data_object( - &self, - query: SearchOptions, - ) -> native_pkcs11_traits::Result>> { - trace!("find_data_object: {:?}", query); - Ok(None) - } - - fn find_all_data_objects(&self) -> native_pkcs11_traits::Result>> { - trace!("find_all_data_objects"); - let disk_encryption_tag = std::env::var("COSMIAN_PKCS11_DISK_ENCRYPTION_TAG") - .unwrap_or("disk-encryption".to_string()); - let keys = get_pkcs11_keys(&self.kms_client, &[disk_encryption_tag])?; - Ok(keys - .into_iter() - .map(|dao| -> Arc { Arc::new(dao) }) - .collect()) - } - - fn generate_key( - &self, - algorithm: KeyAlgorithm, - label: Option<&str>, - ) -> native_pkcs11_traits::Result> { - trace!("generate_key: {:?}, {:?}", algorithm, label); - Ok(Arc::new(EmptyPrivateKeyImpl {})) - } -} - -struct EmptyPrivateKeyImpl; - -impl PrivateKey for EmptyPrivateKeyImpl { - fn public_key_hash(&self) -> Vec { - vec![] - } - - fn label(&self) -> String { - "PrivateKeyImpl".to_string() - } - - fn sign( - &self, - _algorithm: &SignatureAlgorithm, - _data: &[u8], - ) -> native_pkcs11_traits::Result> { - Ok(vec![]) - } - - fn delete(&self) {} - - fn algorithm(&self) -> KeyAlgorithm { - KeyAlgorithm::Rsa - } -} diff --git a/crate/pkcs11/src/pkcs_11_data_object.rs b/crate/pkcs11/src/pkcs_11_data_object.rs deleted file mode 100644 index 1ee879742..000000000 --- a/crate/pkcs11/src/pkcs_11_data_object.rs +++ /dev/null @@ -1,173 +0,0 @@ -use std::{ffi::CString, sync::RwLock}; - -use cosmian_kmip::kmip::{ - kmip_operations::Locate, - kmip_types::{Attributes, KeyFormatType}, -}; -use cosmian_kms_client::{batch_export_objects, ClientConf, KmsClient}; -use native_pkcs11_traits::DataObject; -use sha3::Digest; -use zeroize::{Zeroize, Zeroizing}; - -use crate::error::Pkcs11Error; - -#[derive(Debug)] -pub struct Pkcs11DataObject { - pub value: RwLock>>, - pub label: String, -} - -impl Zeroize for Pkcs11DataObject { - fn zeroize(&mut self) { - self.value - .write() - .expect("failed locking the Data Object value") - .zeroize(); - } -} - -impl DataObject for Pkcs11DataObject { - fn value(&self) -> Zeroizing> { - self.value - .read() - .expect("failed locking the Data Object value") - .clone() - } - - fn application(&self) -> CString { - CString::new(b"Cosmian KMS PKCS11 provider").unwrap_or_default() - } - - fn data_hash(&self) -> Vec { - // This is a hash of key material which may be leaked by the application - // We need pre-image and collision resistance. - // => use a cryptographic SHA3-256 hash - let mut hasher = sha3::Sha3_256::new(); - hasher.update( - self.value - .read() - .expect("failed locking the Data Object value") - .as_slice(), - ); - let result = hasher.finalize(); - result.to_vec() - } - - fn label(&self) -> String { - self.label.clone() - } - - fn delete(&self) { - self.value - .write() - .expect("failed locking the Data Object value") - .zeroize(); - } -} - -pub fn get_kms_client() -> Result { - let conf_path = ClientConf::location(None)?; - let conf = ClientConf::load(&conf_path)?; - let kms_client = conf.initialize_kms_client()?; - Ok(kms_client) -} - -pub fn get_pkcs11_keys( - kms_client: &KmsClient, - tags: &[String], -) -> Result, Pkcs11Error> { - tokio::runtime::Runtime::new()?.block_on(get_pkcs11_keys_async(kms_client, tags)) -} - -pub(crate) async fn get_pkcs11_keys_async( - kms_client: &KmsClient, - tags: &[String], -) -> Result, Pkcs11Error> { - let key_ids = locate_keys(kms_client, tags).await?; - let responses = batch_export_objects( - kms_client, - key_ids, - true, - None, - true, - Some(KeyFormatType::Raw), - ) - .await?; - let mut results = vec![]; - for response in &responses { - match response { - Ok((object, attributes)) => { - let key_bytes = object.key_block()?.key_bytes()?; - let other_tags = attributes - .get_tags() - .into_iter() - .filter(|t| !(t.is_empty() || tags.contains(t) || t.starts_with('_'))) - .collect::>() - .join(","); - results.push(Pkcs11DataObject { - value: RwLock::from(key_bytes), - label: other_tags, - }); - } - Err(e) => { - return Err(Pkcs11Error::ServerError(e.to_string())); - } - } - } - Ok(results) -} - -// async fn export_key( -// kms_client: &KmsClient, -// tags: &[String], -// ) -> Result { -// let id = serde_json::to_string(&tags)?; -// let unwrap = true; -// let wrapping_key_id = None; -// let allow_revoked = false; -// let (object, attributes) = export_object( -// kms_client, -// &id, -// unwrap, -// wrapping_key_id, -// allow_revoked, -// Some(KeyFormatType::Raw), -// ) -// .await?; -// -// let key_bytes = object.key_block()?.key_bytes()?; -// -// let other_tags = attributes -// .unwrap_or_default() -// .get_tags() -// .into_iter() -// .filter(|t| !(t.is_empty() || tags.contains(t) || t.starts_with('_'))) -// .collect::>() -// .join(","); -// -// Ok(Pkcs11DataObject { -// value: RwLock::from(key_bytes), -// label: other_tags, -// }) -// } - -async fn locate_keys(kms_client: &KmsClient, tags: &[String]) -> Result, Pkcs11Error> { - let mut attributes = Attributes::default(); - attributes.set_tags(tags)?; - - let locate = Locate { - maximum_items: None, - offset_items: None, - storage_status_mask: None, - object_group_member: None, - attributes, - }; - let keys = kms_client.locate(locate).await?; - Ok(keys - .unique_identifiers - .unwrap_or(vec![]) - .iter() - .map(|id| id.to_string().unwrap_or_default()) - .filter(|id| !id.is_empty()) - .collect()) -} diff --git a/crate/pkcs11/src/tests.rs b/crate/pkcs11/src/tests.rs deleted file mode 100644 index 9d6a03f84..000000000 --- a/crate/pkcs11/src/tests.rs +++ /dev/null @@ -1,82 +0,0 @@ -use cosmian_kmip::{ - crypto::symmetric::create_symmetric_key_kmip_object, kmip::kmip_types::CryptographicAlgorithm, -}; -use cosmian_kms_client::{import_object, KmsClient}; -use kms_test_server::{start_default_test_kms_server, ONCE}; -use native_pkcs11_traits::Backend; - -use crate::{backend::CkmsBackend, error::Pkcs11Error, pkcs_11_data_object::get_pkcs11_keys_async}; - -#[tokio::test] -async fn test_kms_client() -> Result<(), Pkcs11Error> { - let ctx = ONCE - .get_or_try_init(start_default_test_kms_server) - .await - .unwrap(); - - let kms_client = ctx.owner_client_conf.initialize_kms_client()?; - create_keys(&kms_client).await?; - - let keys = get_pkcs11_keys_async(&kms_client, &["disk-encryption".to_string()]).await?; - assert_eq!(keys.len(), 2); - let mut labels = keys - .iter() - .map(|k| k.label.clone()) - .collect::>(); - labels.sort(); - assert_eq!(labels, vec!["vol1".to_string(), "vol2".to_string()]); - Ok(()) -} - -#[test] -fn test_backend() -> Result<(), Pkcs11Error> { - cosmian_logger::log_utils::log_init("fatal,cosmian_kms_client=debug"); - let rt = tokio::runtime::Runtime::new().unwrap(); - let owner_client_conf = rt.block_on(async { - let ctx = ONCE - .get_or_try_init(start_default_test_kms_server) - .await - .unwrap(); - - let kms_client = ctx.owner_client_conf.initialize_kms_client().unwrap(); - create_keys(&kms_client).await.unwrap(); - ctx.owner_client_conf.clone() - }); - - let backend = CkmsBackend::instantiate(owner_client_conf.initialize_kms_client()?)?; - let data_objects = backend.find_all_data_objects()?; - assert_eq!(data_objects.len(), 2); - let mut labels = data_objects - .iter() - .map(|dao| dao.label().clone()) - .collect::>(); - labels.sort(); - assert_eq!(labels, vec!["vol1".to_string(), "vol2".to_string()]); - Ok(()) -} - -async fn create_keys(kms_client: &KmsClient) -> Result<(), Pkcs11Error> { - let vol1 = create_symmetric_key_kmip_object(&[1, 2, 3, 4], CryptographicAlgorithm::AES); - let _vol1_id = import_object( - kms_client, - Some("vol1".to_string()), - vol1, - None, - false, - true, - ["disk-encryption", "vol1"], - ) - .await?; - let vol2 = create_symmetric_key_kmip_object(&[4, 5, 6, 7], CryptographicAlgorithm::AES); - let _vol2_id = import_object( - kms_client, - Some("vol2".to_string()), - vol2, - None, - false, - true, - ["disk-encryption", "vol2"], - ) - .await?; - Ok(()) -} diff --git a/crate/pkcs11/sys/.gitignore b/crate/pkcs11/sys/.gitignore new file mode 100644 index 000000000..ea8c4bf7f --- /dev/null +++ b/crate/pkcs11/sys/.gitignore @@ -0,0 +1 @@ +/target diff --git a/crate/pkcs11/sys/Cargo.toml b/crate/pkcs11/sys/Cargo.toml new file mode 100644 index 000000000..2a293617b --- /dev/null +++ b/crate/pkcs11/sys/Cargo.toml @@ -0,0 +1,15 @@ +[package] +name = "pkcs11_sys" +version = "0.2.17" +authors = [ + "Brandon Weeks ", + "Kevin King ", +] +edition.workspace = true +license = "Apache-2.0" +repository.workspace = true +rust-version.workspace = true +description = "Generated bindings for pkcs11.h. Useful for building PKCS#11 modules in rust." + +[build-dependencies] +bindgen = { version = "0.69.4", optional = true } diff --git a/crate/pkcs11/sys/LICENSE b/crate/pkcs11/sys/LICENSE new file mode 100644 index 000000000..261eeb9e9 --- /dev/null +++ b/crate/pkcs11/sys/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/crate/pkcs11/sys/build.rs b/crate/pkcs11/sys/build.rs new file mode 100644 index 000000000..b0c7273ab --- /dev/null +++ b/crate/pkcs11/sys/build.rs @@ -0,0 +1,188 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#[cfg(feature = "bindgen")] +mod generate { + + use bindgen::callbacks; + + const LICENSE_HEADER: &str = r#"// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License."#; + + #[derive(Debug)] + pub struct CargoCallbacks; + + impl callbacks::ParseCallbacks for CargoCallbacks { + // https://github.com/rust-lang/rust-bindgen/issues/1594 + fn int_macro(&self, name: &str, _: i64) -> Option { + if ["CK_TRUE", "CK_FALSE"].contains(&name) { + Some(callbacks::IntKind::Custom { + name: "CK_BBOOL", + is_signed: false, + }) + } else if name.starts_with("CK_") { + Some(callbacks::IntKind::Custom { + name: "CK_ULONG", + is_signed: false, + }) + } else if name.starts_with("CKA_") { + Some(callbacks::IntKind::Custom { + name: "CK_ATTRIBUTE_TYPE", + is_signed: false, + }) + } else if name.starts_with("CKC_") { + Some(callbacks::IntKind::Custom { + name: "CK_CERTIFICATE_TYPE", + is_signed: false, + }) + } else if name.starts_with("CKD_") { + Some(callbacks::IntKind::Custom { + name: "CK_EC_KDF_TYPE", + is_signed: false, + }) + } else if name.starts_with("CKF_") { + Some(callbacks::IntKind::Custom { + name: "CK_FLAGS", + is_signed: false, + }) + } else if name.starts_with("CKG_MGF1_") { + Some(callbacks::IntKind::Custom { + name: "CK_RSA_PKCS_MGF_TYPE", + is_signed: false, + }) + } else if name.starts_with("CKG_") { + Some(callbacks::IntKind::Custom { + name: "CK_GENERATOR_FUNCTION", + is_signed: false, + }) + } else if name.starts_with("CKH_") { + Some(callbacks::IntKind::Custom { + name: "CK_HW_FEATURE_TYPE", + is_signed: false, + }) + } else if name.starts_with("CKK_") { + Some(callbacks::IntKind::Custom { + name: "CK_KEY_TYPE", + is_signed: false, + }) + } else if name.starts_with("CKM_") { + Some(callbacks::IntKind::Custom { + name: "CK_MECHANISM_TYPE", + is_signed: false, + }) + } else if name.starts_with("CKN_") { + Some(callbacks::IntKind::Custom { + name: "CK_NOTIFICATION", + is_signed: false, + }) + } else if name.starts_with("CKO_") { + Some(callbacks::IntKind::Custom { + name: "CK_OBJECT_CLASS", + is_signed: false, + }) + } else if name.starts_with("CKP_") { + Some(callbacks::IntKind::Custom { + name: "CK_PROFILE_ID", + is_signed: false, + }) + } else if name.starts_with("CKR_") { + Some(callbacks::IntKind::Custom { + name: "CK_RV", + is_signed: false, + }) + } else if name.starts_with("CKS_") { + Some(callbacks::IntKind::Custom { + name: "CK_STATE", + is_signed: false, + }) + } else if name.starts_with("CKU_") { + Some(callbacks::IntKind::Custom { + name: "CK_USER_TYPE", + is_signed: false, + }) + } else if name.starts_with("CKZ_") { + Some(callbacks::IntKind::Custom { + name: "CK_RSA_PKCS_OAEP_SOURCE_TYPE", + is_signed: false, + }) + } else if name.starts_with("CRYPTOKI_VERSION_") { + Some(callbacks::IntKind::Custom { + name: "CK_BYTE", + is_signed: false, + }) + } else { + None + } + } + + fn include_file(&self, filename: &str) { + println!("cargo:rerun-if-changed={filename}"); + } + + fn will_parse_macro(&self, name: &str) -> callbacks::MacroParsingBehavior { + if name.starts_with('_') { + callbacks::MacroParsingBehavior::Ignore + } else { + callbacks::MacroParsingBehavior::Default + } + } + } + + #[allow(unused)] + fn windows_modifications(builder: bindgen::Builder) -> bindgen::Builder { + builder.blocklist_item("CK_UNAVAILABLE_INFORMATION") + } + + fn target_specific_output_path() -> String { + format!("src/pkcs11_{}.rs", std::env::consts::FAMILY) + } + + pub fn generate_main() { + println!("cargo:rerun-if-changed=pkcs11.h"); + + let bindings = bindgen::Builder::default() + .header("pkcs11.h") + .derive_default(true) + .parse_callbacks(Box::new(CargoCallbacks)) + .raw_line(LICENSE_HEADER); + + #[cfg(target_os = "windows")] + let bindings = windows_modifications(bindings); + + let bindings = bindings.generate().expect("failed to generate bindings"); + + bindings + .write_to_file(target_specific_output_path()) + .expect("failed to write bindings"); + } +} + +#[cfg(not(feature = "bindgen"))] +fn main() {} + +#[cfg(feature = "bindgen")] +fn main() { + generate::generate_main(); +} diff --git a/crate/pkcs11/sys/pkcs11.h b/crate/pkcs11/sys/pkcs11.h new file mode 100644 index 000000000..b4c9795c5 --- /dev/null +++ b/crate/pkcs11/sys/pkcs11.h @@ -0,0 +1,43 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// This header file incorporates WIN32-specific advice from +// https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/include/pkcs11-v3.1/pkcs11.h. + +#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) +#define CK_DECLARE_FUNCTION(returnType, name) returnType __declspec(dllexport) name +#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType __declspec(dllimport)(*name) +/* There is a matching pop below. */ +#pragma pack(push, cryptoki, 1) +#else +#define CK_DECLARE_FUNCTION(returnType, name) returnType name +#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType(*name) +#endif + +#define CK_PTR * +#define CK_DEFINE_FUNCTION(returnType, name) returnType name +#define CK_CALLBACK_FUNCTION(returnType, name) returnType(*name) + +#ifndef NULL_PTR +#define NULL_PTR 0 +#endif + +#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) +#endif + +#include "third_party/pkcs11/pkcs11.h" + +#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) +#pragma pack(pop, cryptoki) +#endif \ No newline at end of file diff --git a/crate/pkcs11/sys/src/lib.rs b/crate/pkcs11/sys/src/lib.rs new file mode 100644 index 000000000..c2bfe1d28 --- /dev/null +++ b/crate/pkcs11/sys/src/lib.rs @@ -0,0 +1,29 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#![allow(non_camel_case_types)] +#![allow(non_snake_case)] + +#[cfg(target_os = "windows")] +mod pkcs11_windows; +#[cfg(target_os = "windows")] +pub use pkcs11_windows::*; + +#[cfg(target_os = "windows")] +pub const CK_UNAVAILABLE_INFORMATION: u32 = std::u32::MAX; + +#[cfg(not(target_os = "windows"))] +mod pkcs11_unix; +#[cfg(not(target_os = "windows"))] +pub use pkcs11_unix::*; diff --git a/crate/pkcs11/sys/src/pkcs11_unix.rs b/crate/pkcs11/sys/src/pkcs11_unix.rs new file mode 100644 index 000000000..6d7594682 --- /dev/null +++ b/crate/pkcs11/sys/src/pkcs11_unix.rs @@ -0,0 +1,11723 @@ +/* automatically generated by rust-bindgen 0.69.4 */ + +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +pub const NULL_PTR: u32 = 0; +pub const CRYPTOKI_VERSION_MAJOR: CK_BYTE = 3; +pub const CRYPTOKI_VERSION_MINOR: CK_BYTE = 1; +pub const CRYPTOKI_VERSION_AMENDMENT: CK_BYTE = 0; +pub const CK_TRUE: CK_BBOOL = 1; +pub const CK_FALSE: CK_BBOOL = 0; +pub const FALSE: u32 = 0; +pub const TRUE: u32 = 1; +pub const CK_UNAVAILABLE_INFORMATION: CK_ULONG = 18446744073709551615; +pub const CK_EFFECTIVELY_INFINITE: CK_ULONG = 0; +pub const CK_INVALID_HANDLE: CK_ULONG = 0; +pub const CKN_SURRENDER: CK_NOTIFICATION = 0; +pub const CKN_OTP_CHANGED: CK_NOTIFICATION = 1; +pub const CKF_TOKEN_PRESENT: CK_FLAGS = 1; +pub const CKF_REMOVABLE_DEVICE: CK_FLAGS = 2; +pub const CKF_HW_SLOT: CK_FLAGS = 4; +pub const CKF_RNG: CK_FLAGS = 1; +pub const CKF_WRITE_PROTECTED: CK_FLAGS = 2; +pub const CKF_LOGIN_REQUIRED: CK_FLAGS = 4; +pub const CKF_USER_PIN_INITIALIZED: CK_FLAGS = 8; +pub const CKF_RESTORE_KEY_NOT_NEEDED: CK_FLAGS = 32; +pub const CKF_CLOCK_ON_TOKEN: CK_FLAGS = 64; +pub const CKF_PROTECTED_AUTHENTICATION_PATH: CK_FLAGS = 256; +pub const CKF_DUAL_CRYPTO_OPERATIONS: CK_FLAGS = 512; +pub const CKF_TOKEN_INITIALIZED: CK_FLAGS = 1024; +pub const CKF_SECONDARY_AUTHENTICATION: CK_FLAGS = 2048; +pub const CKF_USER_PIN_COUNT_LOW: CK_FLAGS = 65536; +pub const CKF_USER_PIN_FINAL_TRY: CK_FLAGS = 131072; +pub const CKF_USER_PIN_LOCKED: CK_FLAGS = 262144; +pub const CKF_USER_PIN_TO_BE_CHANGED: CK_FLAGS = 524288; +pub const CKF_SO_PIN_COUNT_LOW: CK_FLAGS = 1048576; +pub const CKF_SO_PIN_FINAL_TRY: CK_FLAGS = 2097152; +pub const CKF_SO_PIN_LOCKED: CK_FLAGS = 4194304; +pub const CKF_SO_PIN_TO_BE_CHANGED: CK_FLAGS = 8388608; +pub const CKF_ERROR_STATE: CK_FLAGS = 16777216; +pub const CKU_SO: CK_USER_TYPE = 0; +pub const CKU_USER: CK_USER_TYPE = 1; +pub const CKU_CONTEXT_SPECIFIC: CK_USER_TYPE = 2; +pub const CKS_RO_PUBLIC_SESSION: CK_STATE = 0; +pub const CKS_RO_USER_FUNCTIONS: CK_STATE = 1; +pub const CKS_RW_PUBLIC_SESSION: CK_STATE = 2; +pub const CKS_RW_USER_FUNCTIONS: CK_STATE = 3; +pub const CKS_RW_SO_FUNCTIONS: CK_STATE = 4; +pub const CKF_RW_SESSION: CK_FLAGS = 2; +pub const CKF_SERIAL_SESSION: CK_FLAGS = 4; +pub const CKO_DATA: CK_OBJECT_CLASS = 0; +pub const CKO_CERTIFICATE: CK_OBJECT_CLASS = 1; +pub const CKO_PUBLIC_KEY: CK_OBJECT_CLASS = 2; +pub const CKO_PRIVATE_KEY: CK_OBJECT_CLASS = 3; +pub const CKO_SECRET_KEY: CK_OBJECT_CLASS = 4; +pub const CKO_HW_FEATURE: CK_OBJECT_CLASS = 5; +pub const CKO_DOMAIN_PARAMETERS: CK_OBJECT_CLASS = 6; +pub const CKO_MECHANISM: CK_OBJECT_CLASS = 7; +pub const CKO_OTP_KEY: CK_OBJECT_CLASS = 8; +pub const CKO_PROFILE: CK_OBJECT_CLASS = 9; +pub const CKO_VENDOR_DEFINED: CK_OBJECT_CLASS = 2147483648; +pub const CKP_INVALID_ID: CK_PROFILE_ID = 0; +pub const CKP_BASELINE_PROVIDER: CK_PROFILE_ID = 1; +pub const CKP_EXTENDED_PROVIDER: CK_PROFILE_ID = 2; +pub const CKP_AUTHENTICATION_TOKEN: CK_PROFILE_ID = 3; +pub const CKP_PUBLIC_CERTIFICATES_TOKEN: CK_PROFILE_ID = 4; +pub const CKP_COMPLETE_PROVIDER: CK_PROFILE_ID = 5; +pub const CKP_HKDF_TLS_TOKEN: CK_PROFILE_ID = 6; +pub const CKP_VENDOR_DEFINED: CK_PROFILE_ID = 2147483648; +pub const CKH_MONOTONIC_COUNTER: CK_HW_FEATURE_TYPE = 1; +pub const CKH_CLOCK: CK_HW_FEATURE_TYPE = 2; +pub const CKH_USER_INTERFACE: CK_HW_FEATURE_TYPE = 3; +pub const CKH_VENDOR_DEFINED: CK_HW_FEATURE_TYPE = 2147483648; +pub const CKK_RSA: CK_KEY_TYPE = 0; +pub const CKK_DSA: CK_KEY_TYPE = 1; +pub const CKK_DH: CK_KEY_TYPE = 2; +pub const CKK_ECDSA: CK_KEY_TYPE = 3; +pub const CKK_EC: CK_KEY_TYPE = 3; +pub const CKK_X9_42_DH: CK_KEY_TYPE = 4; +pub const CKK_KEA: CK_KEY_TYPE = 5; +pub const CKK_GENERIC_SECRET: CK_KEY_TYPE = 16; +pub const CKK_RC2: CK_KEY_TYPE = 17; +pub const CKK_RC4: CK_KEY_TYPE = 18; +pub const CKK_DES: CK_KEY_TYPE = 19; +pub const CKK_DES2: CK_KEY_TYPE = 20; +pub const CKK_DES3: CK_KEY_TYPE = 21; +pub const CKK_CAST: CK_KEY_TYPE = 22; +pub const CKK_CAST3: CK_KEY_TYPE = 23; +pub const CKK_CAST5: CK_KEY_TYPE = 24; +pub const CKK_CAST128: CK_KEY_TYPE = 24; +pub const CKK_RC5: CK_KEY_TYPE = 25; +pub const CKK_IDEA: CK_KEY_TYPE = 26; +pub const CKK_SKIPJACK: CK_KEY_TYPE = 27; +pub const CKK_BATON: CK_KEY_TYPE = 28; +pub const CKK_JUNIPER: CK_KEY_TYPE = 29; +pub const CKK_CDMF: CK_KEY_TYPE = 30; +pub const CKK_AES: CK_KEY_TYPE = 31; +pub const CKK_BLOWFISH: CK_KEY_TYPE = 32; +pub const CKK_TWOFISH: CK_KEY_TYPE = 33; +pub const CKK_SECURID: CK_KEY_TYPE = 34; +pub const CKK_HOTP: CK_KEY_TYPE = 35; +pub const CKK_ACTI: CK_KEY_TYPE = 36; +pub const CKK_CAMELLIA: CK_KEY_TYPE = 37; +pub const CKK_ARIA: CK_KEY_TYPE = 38; +pub const CKK_MD5_HMAC: CK_KEY_TYPE = 39; +pub const CKK_SHA_1_HMAC: CK_KEY_TYPE = 40; +pub const CKK_RIPEMD128_HMAC: CK_KEY_TYPE = 41; +pub const CKK_RIPEMD160_HMAC: CK_KEY_TYPE = 42; +pub const CKK_SHA256_HMAC: CK_KEY_TYPE = 43; +pub const CKK_SHA384_HMAC: CK_KEY_TYPE = 44; +pub const CKK_SHA512_HMAC: CK_KEY_TYPE = 45; +pub const CKK_SHA224_HMAC: CK_KEY_TYPE = 46; +pub const CKK_SEED: CK_KEY_TYPE = 47; +pub const CKK_GOSTR3410: CK_KEY_TYPE = 48; +pub const CKK_GOSTR3411: CK_KEY_TYPE = 49; +pub const CKK_GOST28147: CK_KEY_TYPE = 50; +pub const CKK_CHACHA20: CK_KEY_TYPE = 51; +pub const CKK_POLY1305: CK_KEY_TYPE = 52; +pub const CKK_AES_XTS: CK_KEY_TYPE = 53; +pub const CKK_SHA3_224_HMAC: CK_KEY_TYPE = 54; +pub const CKK_SHA3_256_HMAC: CK_KEY_TYPE = 55; +pub const CKK_SHA3_384_HMAC: CK_KEY_TYPE = 56; +pub const CKK_SHA3_512_HMAC: CK_KEY_TYPE = 57; +pub const CKK_BLAKE2B_160_HMAC: CK_KEY_TYPE = 58; +pub const CKK_BLAKE2B_256_HMAC: CK_KEY_TYPE = 59; +pub const CKK_BLAKE2B_384_HMAC: CK_KEY_TYPE = 60; +pub const CKK_BLAKE2B_512_HMAC: CK_KEY_TYPE = 61; +pub const CKK_SALSA20: CK_KEY_TYPE = 62; +pub const CKK_X2RATCHET: CK_KEY_TYPE = 63; +pub const CKK_EC_EDWARDS: CK_KEY_TYPE = 64; +pub const CKK_EC_MONTGOMERY: CK_KEY_TYPE = 65; +pub const CKK_HKDF: CK_KEY_TYPE = 66; +pub const CKK_SHA512_224_HMAC: CK_KEY_TYPE = 67; +pub const CKK_SHA512_256_HMAC: CK_KEY_TYPE = 68; +pub const CKK_SHA512_T_HMAC: CK_KEY_TYPE = 69; +pub const CKK_HSS: CK_KEY_TYPE = 70; +pub const CKK_VENDOR_DEFINED: CK_KEY_TYPE = 2147483648; +pub const CK_CERTIFICATE_CATEGORY_UNSPECIFIED: CK_ULONG = 0; +pub const CK_CERTIFICATE_CATEGORY_TOKEN_USER: CK_ULONG = 1; +pub const CK_CERTIFICATE_CATEGORY_AUTHORITY: CK_ULONG = 2; +pub const CK_CERTIFICATE_CATEGORY_OTHER_ENTITY: CK_ULONG = 3; +pub const CK_SECURITY_DOMAIN_UNSPECIFIED: CK_ULONG = 0; +pub const CK_SECURITY_DOMAIN_MANUFACTURER: CK_ULONG = 1; +pub const CK_SECURITY_DOMAIN_OPERATOR: CK_ULONG = 2; +pub const CK_SECURITY_DOMAIN_THIRD_PARTY: CK_ULONG = 3; +pub const CKC_X_509: CK_CERTIFICATE_TYPE = 0; +pub const CKC_X_509_ATTR_CERT: CK_CERTIFICATE_TYPE = 1; +pub const CKC_WTLS: CK_CERTIFICATE_TYPE = 2; +pub const CKC_VENDOR_DEFINED: CK_CERTIFICATE_TYPE = 2147483648; +pub const CKF_ARRAY_ATTRIBUTE: CK_FLAGS = 1073741824; +pub const CK_OTP_FORMAT_DECIMAL: CK_ULONG = 0; +pub const CK_OTP_FORMAT_HEXADECIMAL: CK_ULONG = 1; +pub const CK_OTP_FORMAT_ALPHANUMERIC: CK_ULONG = 2; +pub const CK_OTP_FORMAT_BINARY: CK_ULONG = 3; +pub const CK_OTP_PARAM_IGNORED: CK_ULONG = 0; +pub const CK_OTP_PARAM_OPTIONAL: CK_ULONG = 1; +pub const CK_OTP_PARAM_MANDATORY: CK_ULONG = 2; +pub const CKA_CLASS: CK_ATTRIBUTE_TYPE = 0; +pub const CKA_TOKEN: CK_ATTRIBUTE_TYPE = 1; +pub const CKA_PRIVATE: CK_ATTRIBUTE_TYPE = 2; +pub const CKA_LABEL: CK_ATTRIBUTE_TYPE = 3; +pub const CKA_UNIQUE_ID: CK_ATTRIBUTE_TYPE = 4; +pub const CKA_APPLICATION: CK_ATTRIBUTE_TYPE = 16; +pub const CKA_VALUE: CK_ATTRIBUTE_TYPE = 17; +pub const CKA_OBJECT_ID: CK_ATTRIBUTE_TYPE = 18; +pub const CKA_CERTIFICATE_TYPE: CK_ATTRIBUTE_TYPE = 128; +pub const CKA_ISSUER: CK_ATTRIBUTE_TYPE = 129; +pub const CKA_SERIAL_NUMBER: CK_ATTRIBUTE_TYPE = 130; +pub const CKA_AC_ISSUER: CK_ATTRIBUTE_TYPE = 131; +pub const CKA_OWNER: CK_ATTRIBUTE_TYPE = 132; +pub const CKA_ATTR_TYPES: CK_ATTRIBUTE_TYPE = 133; +pub const CKA_TRUSTED: CK_ATTRIBUTE_TYPE = 134; +pub const CKA_CERTIFICATE_CATEGORY: CK_ATTRIBUTE_TYPE = 135; +pub const CKA_JAVA_MIDP_SECURITY_DOMAIN: CK_ATTRIBUTE_TYPE = 136; +pub const CKA_URL: CK_ATTRIBUTE_TYPE = 137; +pub const CKA_HASH_OF_SUBJECT_PUBLIC_KEY: CK_ATTRIBUTE_TYPE = 138; +pub const CKA_HASH_OF_ISSUER_PUBLIC_KEY: CK_ATTRIBUTE_TYPE = 139; +pub const CKA_NAME_HASH_ALGORITHM: CK_ATTRIBUTE_TYPE = 140; +pub const CKA_CHECK_VALUE: CK_ATTRIBUTE_TYPE = 144; +pub const CKA_KEY_TYPE: CK_ATTRIBUTE_TYPE = 256; +pub const CKA_SUBJECT: CK_ATTRIBUTE_TYPE = 257; +pub const CKA_ID: CK_ATTRIBUTE_TYPE = 258; +pub const CKA_SENSITIVE: CK_ATTRIBUTE_TYPE = 259; +pub const CKA_ENCRYPT: CK_ATTRIBUTE_TYPE = 260; +pub const CKA_DECRYPT: CK_ATTRIBUTE_TYPE = 261; +pub const CKA_WRAP: CK_ATTRIBUTE_TYPE = 262; +pub const CKA_UNWRAP: CK_ATTRIBUTE_TYPE = 263; +pub const CKA_SIGN: CK_ATTRIBUTE_TYPE = 264; +pub const CKA_SIGN_RECOVER: CK_ATTRIBUTE_TYPE = 265; +pub const CKA_VERIFY: CK_ATTRIBUTE_TYPE = 266; +pub const CKA_VERIFY_RECOVER: CK_ATTRIBUTE_TYPE = 267; +pub const CKA_DERIVE: CK_ATTRIBUTE_TYPE = 268; +pub const CKA_START_DATE: CK_ATTRIBUTE_TYPE = 272; +pub const CKA_END_DATE: CK_ATTRIBUTE_TYPE = 273; +pub const CKA_MODULUS: CK_ATTRIBUTE_TYPE = 288; +pub const CKA_MODULUS_BITS: CK_ATTRIBUTE_TYPE = 289; +pub const CKA_PUBLIC_EXPONENT: CK_ATTRIBUTE_TYPE = 290; +pub const CKA_PRIVATE_EXPONENT: CK_ATTRIBUTE_TYPE = 291; +pub const CKA_PRIME_1: CK_ATTRIBUTE_TYPE = 292; +pub const CKA_PRIME_2: CK_ATTRIBUTE_TYPE = 293; +pub const CKA_EXPONENT_1: CK_ATTRIBUTE_TYPE = 294; +pub const CKA_EXPONENT_2: CK_ATTRIBUTE_TYPE = 295; +pub const CKA_COEFFICIENT: CK_ATTRIBUTE_TYPE = 296; +pub const CKA_PUBLIC_KEY_INFO: CK_ATTRIBUTE_TYPE = 297; +pub const CKA_PRIME: CK_ATTRIBUTE_TYPE = 304; +pub const CKA_SUBPRIME: CK_ATTRIBUTE_TYPE = 305; +pub const CKA_BASE: CK_ATTRIBUTE_TYPE = 306; +pub const CKA_PRIME_BITS: CK_ATTRIBUTE_TYPE = 307; +pub const CKA_SUBPRIME_BITS: CK_ATTRIBUTE_TYPE = 308; +pub const CKA_SUB_PRIME_BITS: CK_ATTRIBUTE_TYPE = 308; +pub const CKA_VALUE_BITS: CK_ATTRIBUTE_TYPE = 352; +pub const CKA_VALUE_LEN: CK_ATTRIBUTE_TYPE = 353; +pub const CKA_EXTRACTABLE: CK_ATTRIBUTE_TYPE = 354; +pub const CKA_LOCAL: CK_ATTRIBUTE_TYPE = 355; +pub const CKA_NEVER_EXTRACTABLE: CK_ATTRIBUTE_TYPE = 356; +pub const CKA_ALWAYS_SENSITIVE: CK_ATTRIBUTE_TYPE = 357; +pub const CKA_KEY_GEN_MECHANISM: CK_ATTRIBUTE_TYPE = 358; +pub const CKA_MODIFIABLE: CK_ATTRIBUTE_TYPE = 368; +pub const CKA_COPYABLE: CK_ATTRIBUTE_TYPE = 369; +pub const CKA_DESTROYABLE: CK_ATTRIBUTE_TYPE = 370; +pub const CKA_ECDSA_PARAMS: CK_ATTRIBUTE_TYPE = 384; +pub const CKA_EC_PARAMS: CK_ATTRIBUTE_TYPE = 384; +pub const CKA_EC_POINT: CK_ATTRIBUTE_TYPE = 385; +pub const CKA_SECONDARY_AUTH: CK_ATTRIBUTE_TYPE = 512; +pub const CKA_AUTH_PIN_FLAGS: CK_ATTRIBUTE_TYPE = 513; +pub const CKA_ALWAYS_AUTHENTICATE: CK_ATTRIBUTE_TYPE = 514; +pub const CKA_WRAP_WITH_TRUSTED: CK_ATTRIBUTE_TYPE = 528; +pub const CKA_WRAP_TEMPLATE: CK_ATTRIBUTE_TYPE = 1073742353; +pub const CKA_UNWRAP_TEMPLATE: CK_ATTRIBUTE_TYPE = 1073742354; +pub const CKA_DERIVE_TEMPLATE: CK_ATTRIBUTE_TYPE = 1073742355; +pub const CKA_OTP_FORMAT: CK_ATTRIBUTE_TYPE = 544; +pub const CKA_OTP_LENGTH: CK_ATTRIBUTE_TYPE = 545; +pub const CKA_OTP_TIME_INTERVAL: CK_ATTRIBUTE_TYPE = 546; +pub const CKA_OTP_USER_FRIENDLY_MODE: CK_ATTRIBUTE_TYPE = 547; +pub const CKA_OTP_CHALLENGE_REQUIREMENT: CK_ATTRIBUTE_TYPE = 548; +pub const CKA_OTP_TIME_REQUIREMENT: CK_ATTRIBUTE_TYPE = 549; +pub const CKA_OTP_COUNTER_REQUIREMENT: CK_ATTRIBUTE_TYPE = 550; +pub const CKA_OTP_PIN_REQUIREMENT: CK_ATTRIBUTE_TYPE = 551; +pub const CKA_OTP_COUNTER: CK_ATTRIBUTE_TYPE = 558; +pub const CKA_OTP_TIME: CK_ATTRIBUTE_TYPE = 559; +pub const CKA_OTP_USER_IDENTIFIER: CK_ATTRIBUTE_TYPE = 554; +pub const CKA_OTP_SERVICE_IDENTIFIER: CK_ATTRIBUTE_TYPE = 555; +pub const CKA_OTP_SERVICE_LOGO: CK_ATTRIBUTE_TYPE = 556; +pub const CKA_OTP_SERVICE_LOGO_TYPE: CK_ATTRIBUTE_TYPE = 557; +pub const CKA_GOSTR3410_PARAMS: CK_ATTRIBUTE_TYPE = 592; +pub const CKA_GOSTR3411_PARAMS: CK_ATTRIBUTE_TYPE = 593; +pub const CKA_GOST28147_PARAMS: CK_ATTRIBUTE_TYPE = 594; +pub const CKA_HW_FEATURE_TYPE: CK_ATTRIBUTE_TYPE = 768; +pub const CKA_RESET_ON_INIT: CK_ATTRIBUTE_TYPE = 769; +pub const CKA_HAS_RESET: CK_ATTRIBUTE_TYPE = 770; +pub const CKA_PIXEL_X: CK_ATTRIBUTE_TYPE = 1024; +pub const CKA_PIXEL_Y: CK_ATTRIBUTE_TYPE = 1025; +pub const CKA_RESOLUTION: CK_ATTRIBUTE_TYPE = 1026; +pub const CKA_CHAR_ROWS: CK_ATTRIBUTE_TYPE = 1027; +pub const CKA_CHAR_COLUMNS: CK_ATTRIBUTE_TYPE = 1028; +pub const CKA_COLOR: CK_ATTRIBUTE_TYPE = 1029; +pub const CKA_BITS_PER_PIXEL: CK_ATTRIBUTE_TYPE = 1030; +pub const CKA_CHAR_SETS: CK_ATTRIBUTE_TYPE = 1152; +pub const CKA_ENCODING_METHODS: CK_ATTRIBUTE_TYPE = 1153; +pub const CKA_MIME_TYPES: CK_ATTRIBUTE_TYPE = 1154; +pub const CKA_MECHANISM_TYPE: CK_ATTRIBUTE_TYPE = 1280; +pub const CKA_REQUIRED_CMS_ATTRIBUTES: CK_ATTRIBUTE_TYPE = 1281; +pub const CKA_DEFAULT_CMS_ATTRIBUTES: CK_ATTRIBUTE_TYPE = 1282; +pub const CKA_SUPPORTED_CMS_ATTRIBUTES: CK_ATTRIBUTE_TYPE = 1283; +pub const CKA_ALLOWED_MECHANISMS: CK_ATTRIBUTE_TYPE = 1073743360; +pub const CKA_PROFILE_ID: CK_ATTRIBUTE_TYPE = 1537; +pub const CKA_X2RATCHET_BAG: CK_ATTRIBUTE_TYPE = 1538; +pub const CKA_X2RATCHET_BAGSIZE: CK_ATTRIBUTE_TYPE = 1539; +pub const CKA_X2RATCHET_BOBS1STMSG: CK_ATTRIBUTE_TYPE = 1540; +pub const CKA_X2RATCHET_CKR: CK_ATTRIBUTE_TYPE = 1541; +pub const CKA_X2RATCHET_CKS: CK_ATTRIBUTE_TYPE = 1542; +pub const CKA_X2RATCHET_DHP: CK_ATTRIBUTE_TYPE = 1543; +pub const CKA_X2RATCHET_DHR: CK_ATTRIBUTE_TYPE = 1544; +pub const CKA_X2RATCHET_DHS: CK_ATTRIBUTE_TYPE = 1545; +pub const CKA_X2RATCHET_HKR: CK_ATTRIBUTE_TYPE = 1546; +pub const CKA_X2RATCHET_HKS: CK_ATTRIBUTE_TYPE = 1547; +pub const CKA_X2RATCHET_ISALICE: CK_ATTRIBUTE_TYPE = 1548; +pub const CKA_X2RATCHET_NHKR: CK_ATTRIBUTE_TYPE = 1549; +pub const CKA_X2RATCHET_NHKS: CK_ATTRIBUTE_TYPE = 1550; +pub const CKA_X2RATCHET_NR: CK_ATTRIBUTE_TYPE = 1551; +pub const CKA_X2RATCHET_NS: CK_ATTRIBUTE_TYPE = 1552; +pub const CKA_X2RATCHET_PNS: CK_ATTRIBUTE_TYPE = 1553; +pub const CKA_X2RATCHET_RK: CK_ATTRIBUTE_TYPE = 1554; +pub const CKA_HSS_LEVELS: CK_ATTRIBUTE_TYPE = 1559; +pub const CKA_HSS_LMS_TYPE: CK_ATTRIBUTE_TYPE = 1560; +pub const CKA_HSS_LMOTS_TYPE: CK_ATTRIBUTE_TYPE = 1561; +pub const CKA_HSS_LMS_TYPES: CK_ATTRIBUTE_TYPE = 1562; +pub const CKA_HSS_LMOTS_TYPES: CK_ATTRIBUTE_TYPE = 1563; +pub const CKA_HSS_KEYS_REMAINING: CK_ATTRIBUTE_TYPE = 1564; +pub const CKA_VENDOR_DEFINED: CK_ATTRIBUTE_TYPE = 2147483648; +pub const CKM_RSA_PKCS_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 0; +pub const CKM_RSA_PKCS: CK_MECHANISM_TYPE = 1; +pub const CKM_RSA_9796: CK_MECHANISM_TYPE = 2; +pub const CKM_RSA_X_509: CK_MECHANISM_TYPE = 3; +pub const CKM_MD2_RSA_PKCS: CK_MECHANISM_TYPE = 4; +pub const CKM_MD5_RSA_PKCS: CK_MECHANISM_TYPE = 5; +pub const CKM_SHA1_RSA_PKCS: CK_MECHANISM_TYPE = 6; +pub const CKM_RIPEMD128_RSA_PKCS: CK_MECHANISM_TYPE = 7; +pub const CKM_RIPEMD160_RSA_PKCS: CK_MECHANISM_TYPE = 8; +pub const CKM_RSA_PKCS_OAEP: CK_MECHANISM_TYPE = 9; +pub const CKM_RSA_X9_31_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 10; +pub const CKM_RSA_X9_31: CK_MECHANISM_TYPE = 11; +pub const CKM_SHA1_RSA_X9_31: CK_MECHANISM_TYPE = 12; +pub const CKM_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 13; +pub const CKM_SHA1_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 14; +pub const CKM_DSA_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 16; +pub const CKM_DSA: CK_MECHANISM_TYPE = 17; +pub const CKM_DSA_SHA1: CK_MECHANISM_TYPE = 18; +pub const CKM_DSA_SHA224: CK_MECHANISM_TYPE = 19; +pub const CKM_DSA_SHA256: CK_MECHANISM_TYPE = 20; +pub const CKM_DSA_SHA384: CK_MECHANISM_TYPE = 21; +pub const CKM_DSA_SHA512: CK_MECHANISM_TYPE = 22; +pub const CKM_DSA_SHA3_224: CK_MECHANISM_TYPE = 24; +pub const CKM_DSA_SHA3_256: CK_MECHANISM_TYPE = 25; +pub const CKM_DSA_SHA3_384: CK_MECHANISM_TYPE = 26; +pub const CKM_DSA_SHA3_512: CK_MECHANISM_TYPE = 27; +pub const CKM_DH_PKCS_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 32; +pub const CKM_DH_PKCS_DERIVE: CK_MECHANISM_TYPE = 33; +pub const CKM_X9_42_DH_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 48; +pub const CKM_X9_42_DH_DERIVE: CK_MECHANISM_TYPE = 49; +pub const CKM_X9_42_DH_HYBRID_DERIVE: CK_MECHANISM_TYPE = 50; +pub const CKM_X9_42_MQV_DERIVE: CK_MECHANISM_TYPE = 51; +pub const CKM_SHA256_RSA_PKCS: CK_MECHANISM_TYPE = 64; +pub const CKM_SHA384_RSA_PKCS: CK_MECHANISM_TYPE = 65; +pub const CKM_SHA512_RSA_PKCS: CK_MECHANISM_TYPE = 66; +pub const CKM_SHA256_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 67; +pub const CKM_SHA384_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 68; +pub const CKM_SHA512_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 69; +pub const CKM_SHA224_RSA_PKCS: CK_MECHANISM_TYPE = 70; +pub const CKM_SHA224_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 71; +pub const CKM_SHA512_224: CK_MECHANISM_TYPE = 72; +pub const CKM_SHA512_224_HMAC: CK_MECHANISM_TYPE = 73; +pub const CKM_SHA512_224_HMAC_GENERAL: CK_MECHANISM_TYPE = 74; +pub const CKM_SHA512_224_KEY_DERIVATION: CK_MECHANISM_TYPE = 75; +pub const CKM_SHA512_256: CK_MECHANISM_TYPE = 76; +pub const CKM_SHA512_256_HMAC: CK_MECHANISM_TYPE = 77; +pub const CKM_SHA512_256_HMAC_GENERAL: CK_MECHANISM_TYPE = 78; +pub const CKM_SHA512_256_KEY_DERIVATION: CK_MECHANISM_TYPE = 79; +pub const CKM_SHA512_T: CK_MECHANISM_TYPE = 80; +pub const CKM_SHA512_T_HMAC: CK_MECHANISM_TYPE = 81; +pub const CKM_SHA512_T_HMAC_GENERAL: CK_MECHANISM_TYPE = 82; +pub const CKM_SHA512_T_KEY_DERIVATION: CK_MECHANISM_TYPE = 83; +pub const CKM_SHA3_256_RSA_PKCS: CK_MECHANISM_TYPE = 96; +pub const CKM_SHA3_384_RSA_PKCS: CK_MECHANISM_TYPE = 97; +pub const CKM_SHA3_512_RSA_PKCS: CK_MECHANISM_TYPE = 98; +pub const CKM_SHA3_256_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 99; +pub const CKM_SHA3_384_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 100; +pub const CKM_SHA3_512_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 101; +pub const CKM_SHA3_224_RSA_PKCS: CK_MECHANISM_TYPE = 102; +pub const CKM_SHA3_224_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 103; +pub const CKM_RC2_KEY_GEN: CK_MECHANISM_TYPE = 256; +pub const CKM_RC2_ECB: CK_MECHANISM_TYPE = 257; +pub const CKM_RC2_CBC: CK_MECHANISM_TYPE = 258; +pub const CKM_RC2_MAC: CK_MECHANISM_TYPE = 259; +pub const CKM_RC2_MAC_GENERAL: CK_MECHANISM_TYPE = 260; +pub const CKM_RC2_CBC_PAD: CK_MECHANISM_TYPE = 261; +pub const CKM_RC4_KEY_GEN: CK_MECHANISM_TYPE = 272; +pub const CKM_RC4: CK_MECHANISM_TYPE = 273; +pub const CKM_DES_KEY_GEN: CK_MECHANISM_TYPE = 288; +pub const CKM_DES_ECB: CK_MECHANISM_TYPE = 289; +pub const CKM_DES_CBC: CK_MECHANISM_TYPE = 290; +pub const CKM_DES_MAC: CK_MECHANISM_TYPE = 291; +pub const CKM_DES_MAC_GENERAL: CK_MECHANISM_TYPE = 292; +pub const CKM_DES_CBC_PAD: CK_MECHANISM_TYPE = 293; +pub const CKM_DES2_KEY_GEN: CK_MECHANISM_TYPE = 304; +pub const CKM_DES3_KEY_GEN: CK_MECHANISM_TYPE = 305; +pub const CKM_DES3_ECB: CK_MECHANISM_TYPE = 306; +pub const CKM_DES3_CBC: CK_MECHANISM_TYPE = 307; +pub const CKM_DES3_MAC: CK_MECHANISM_TYPE = 308; +pub const CKM_DES3_MAC_GENERAL: CK_MECHANISM_TYPE = 309; +pub const CKM_DES3_CBC_PAD: CK_MECHANISM_TYPE = 310; +pub const CKM_DES3_CMAC_GENERAL: CK_MECHANISM_TYPE = 311; +pub const CKM_DES3_CMAC: CK_MECHANISM_TYPE = 312; +pub const CKM_CDMF_KEY_GEN: CK_MECHANISM_TYPE = 320; +pub const CKM_CDMF_ECB: CK_MECHANISM_TYPE = 321; +pub const CKM_CDMF_CBC: CK_MECHANISM_TYPE = 322; +pub const CKM_CDMF_MAC: CK_MECHANISM_TYPE = 323; +pub const CKM_CDMF_MAC_GENERAL: CK_MECHANISM_TYPE = 324; +pub const CKM_CDMF_CBC_PAD: CK_MECHANISM_TYPE = 325; +pub const CKM_DES_OFB64: CK_MECHANISM_TYPE = 336; +pub const CKM_DES_OFB8: CK_MECHANISM_TYPE = 337; +pub const CKM_DES_CFB64: CK_MECHANISM_TYPE = 338; +pub const CKM_DES_CFB8: CK_MECHANISM_TYPE = 339; +pub const CKM_MD2: CK_MECHANISM_TYPE = 512; +pub const CKM_MD2_HMAC: CK_MECHANISM_TYPE = 513; +pub const CKM_MD2_HMAC_GENERAL: CK_MECHANISM_TYPE = 514; +pub const CKM_MD5: CK_MECHANISM_TYPE = 528; +pub const CKM_MD5_HMAC: CK_MECHANISM_TYPE = 529; +pub const CKM_MD5_HMAC_GENERAL: CK_MECHANISM_TYPE = 530; +pub const CKM_SHA_1: CK_MECHANISM_TYPE = 544; +pub const CKM_SHA_1_HMAC: CK_MECHANISM_TYPE = 545; +pub const CKM_SHA_1_HMAC_GENERAL: CK_MECHANISM_TYPE = 546; +pub const CKM_RIPEMD128: CK_MECHANISM_TYPE = 560; +pub const CKM_RIPEMD128_HMAC: CK_MECHANISM_TYPE = 561; +pub const CKM_RIPEMD128_HMAC_GENERAL: CK_MECHANISM_TYPE = 562; +pub const CKM_RIPEMD160: CK_MECHANISM_TYPE = 576; +pub const CKM_RIPEMD160_HMAC: CK_MECHANISM_TYPE = 577; +pub const CKM_RIPEMD160_HMAC_GENERAL: CK_MECHANISM_TYPE = 578; +pub const CKM_SHA256: CK_MECHANISM_TYPE = 592; +pub const CKM_SHA256_HMAC: CK_MECHANISM_TYPE = 593; +pub const CKM_SHA256_HMAC_GENERAL: CK_MECHANISM_TYPE = 594; +pub const CKM_SHA224: CK_MECHANISM_TYPE = 597; +pub const CKM_SHA224_HMAC: CK_MECHANISM_TYPE = 598; +pub const CKM_SHA224_HMAC_GENERAL: CK_MECHANISM_TYPE = 599; +pub const CKM_SHA384: CK_MECHANISM_TYPE = 608; +pub const CKM_SHA384_HMAC: CK_MECHANISM_TYPE = 609; +pub const CKM_SHA384_HMAC_GENERAL: CK_MECHANISM_TYPE = 610; +pub const CKM_SHA512: CK_MECHANISM_TYPE = 624; +pub const CKM_SHA512_HMAC: CK_MECHANISM_TYPE = 625; +pub const CKM_SHA512_HMAC_GENERAL: CK_MECHANISM_TYPE = 626; +pub const CKM_SECURID_KEY_GEN: CK_MECHANISM_TYPE = 640; +pub const CKM_SECURID: CK_MECHANISM_TYPE = 642; +pub const CKM_HOTP_KEY_GEN: CK_MECHANISM_TYPE = 656; +pub const CKM_HOTP: CK_MECHANISM_TYPE = 657; +pub const CKM_ACTI: CK_MECHANISM_TYPE = 672; +pub const CKM_ACTI_KEY_GEN: CK_MECHANISM_TYPE = 673; +pub const CKM_SHA3_256: CK_MECHANISM_TYPE = 688; +pub const CKM_SHA3_256_HMAC: CK_MECHANISM_TYPE = 689; +pub const CKM_SHA3_256_HMAC_GENERAL: CK_MECHANISM_TYPE = 690; +pub const CKM_SHA3_256_KEY_GEN: CK_MECHANISM_TYPE = 691; +pub const CKM_SHA3_224: CK_MECHANISM_TYPE = 693; +pub const CKM_SHA3_224_HMAC: CK_MECHANISM_TYPE = 694; +pub const CKM_SHA3_224_HMAC_GENERAL: CK_MECHANISM_TYPE = 695; +pub const CKM_SHA3_224_KEY_GEN: CK_MECHANISM_TYPE = 696; +pub const CKM_SHA3_384: CK_MECHANISM_TYPE = 704; +pub const CKM_SHA3_384_HMAC: CK_MECHANISM_TYPE = 705; +pub const CKM_SHA3_384_HMAC_GENERAL: CK_MECHANISM_TYPE = 706; +pub const CKM_SHA3_384_KEY_GEN: CK_MECHANISM_TYPE = 707; +pub const CKM_SHA3_512: CK_MECHANISM_TYPE = 720; +pub const CKM_SHA3_512_HMAC: CK_MECHANISM_TYPE = 721; +pub const CKM_SHA3_512_HMAC_GENERAL: CK_MECHANISM_TYPE = 722; +pub const CKM_SHA3_512_KEY_GEN: CK_MECHANISM_TYPE = 723; +pub const CKM_CAST_KEY_GEN: CK_MECHANISM_TYPE = 768; +pub const CKM_CAST_ECB: CK_MECHANISM_TYPE = 769; +pub const CKM_CAST_CBC: CK_MECHANISM_TYPE = 770; +pub const CKM_CAST_MAC: CK_MECHANISM_TYPE = 771; +pub const CKM_CAST_MAC_GENERAL: CK_MECHANISM_TYPE = 772; +pub const CKM_CAST_CBC_PAD: CK_MECHANISM_TYPE = 773; +pub const CKM_CAST3_KEY_GEN: CK_MECHANISM_TYPE = 784; +pub const CKM_CAST3_ECB: CK_MECHANISM_TYPE = 785; +pub const CKM_CAST3_CBC: CK_MECHANISM_TYPE = 786; +pub const CKM_CAST3_MAC: CK_MECHANISM_TYPE = 787; +pub const CKM_CAST3_MAC_GENERAL: CK_MECHANISM_TYPE = 788; +pub const CKM_CAST3_CBC_PAD: CK_MECHANISM_TYPE = 789; +pub const CKM_CAST5_KEY_GEN: CK_MECHANISM_TYPE = 800; +pub const CKM_CAST128_KEY_GEN: CK_MECHANISM_TYPE = 800; +pub const CKM_CAST5_ECB: CK_MECHANISM_TYPE = 801; +pub const CKM_CAST128_ECB: CK_MECHANISM_TYPE = 801; +pub const CKM_CAST5_CBC: CK_MECHANISM_TYPE = 802; +pub const CKM_CAST128_CBC: CK_MECHANISM_TYPE = 802; +pub const CKM_CAST5_MAC: CK_MECHANISM_TYPE = 803; +pub const CKM_CAST128_MAC: CK_MECHANISM_TYPE = 803; +pub const CKM_CAST5_MAC_GENERAL: CK_MECHANISM_TYPE = 804; +pub const CKM_CAST128_MAC_GENERAL: CK_MECHANISM_TYPE = 804; +pub const CKM_CAST5_CBC_PAD: CK_MECHANISM_TYPE = 805; +pub const CKM_CAST128_CBC_PAD: CK_MECHANISM_TYPE = 805; +pub const CKM_RC5_KEY_GEN: CK_MECHANISM_TYPE = 816; +pub const CKM_RC5_ECB: CK_MECHANISM_TYPE = 817; +pub const CKM_RC5_CBC: CK_MECHANISM_TYPE = 818; +pub const CKM_RC5_MAC: CK_MECHANISM_TYPE = 819; +pub const CKM_RC5_MAC_GENERAL: CK_MECHANISM_TYPE = 820; +pub const CKM_RC5_CBC_PAD: CK_MECHANISM_TYPE = 821; +pub const CKM_IDEA_KEY_GEN: CK_MECHANISM_TYPE = 832; +pub const CKM_IDEA_ECB: CK_MECHANISM_TYPE = 833; +pub const CKM_IDEA_CBC: CK_MECHANISM_TYPE = 834; +pub const CKM_IDEA_MAC: CK_MECHANISM_TYPE = 835; +pub const CKM_IDEA_MAC_GENERAL: CK_MECHANISM_TYPE = 836; +pub const CKM_IDEA_CBC_PAD: CK_MECHANISM_TYPE = 837; +pub const CKM_GENERIC_SECRET_KEY_GEN: CK_MECHANISM_TYPE = 848; +pub const CKM_CONCATENATE_BASE_AND_KEY: CK_MECHANISM_TYPE = 864; +pub const CKM_CONCATENATE_BASE_AND_DATA: CK_MECHANISM_TYPE = 866; +pub const CKM_CONCATENATE_DATA_AND_BASE: CK_MECHANISM_TYPE = 867; +pub const CKM_XOR_BASE_AND_DATA: CK_MECHANISM_TYPE = 868; +pub const CKM_EXTRACT_KEY_FROM_KEY: CK_MECHANISM_TYPE = 869; +pub const CKM_SSL3_PRE_MASTER_KEY_GEN: CK_MECHANISM_TYPE = 880; +pub const CKM_SSL3_MASTER_KEY_DERIVE: CK_MECHANISM_TYPE = 881; +pub const CKM_SSL3_KEY_AND_MAC_DERIVE: CK_MECHANISM_TYPE = 882; +pub const CKM_SSL3_MASTER_KEY_DERIVE_DH: CK_MECHANISM_TYPE = 883; +pub const CKM_TLS_PRE_MASTER_KEY_GEN: CK_MECHANISM_TYPE = 884; +pub const CKM_TLS_MASTER_KEY_DERIVE: CK_MECHANISM_TYPE = 885; +pub const CKM_TLS_KEY_AND_MAC_DERIVE: CK_MECHANISM_TYPE = 886; +pub const CKM_TLS_MASTER_KEY_DERIVE_DH: CK_MECHANISM_TYPE = 887; +pub const CKM_TLS_PRF: CK_MECHANISM_TYPE = 888; +pub const CKM_SSL3_MD5_MAC: CK_MECHANISM_TYPE = 896; +pub const CKM_SSL3_SHA1_MAC: CK_MECHANISM_TYPE = 897; +pub const CKM_MD5_KEY_DERIVATION: CK_MECHANISM_TYPE = 912; +pub const CKM_MD2_KEY_DERIVATION: CK_MECHANISM_TYPE = 913; +pub const CKM_SHA1_KEY_DERIVATION: CK_MECHANISM_TYPE = 914; +pub const CKM_SHA256_KEY_DERIVATION: CK_MECHANISM_TYPE = 915; +pub const CKM_SHA384_KEY_DERIVATION: CK_MECHANISM_TYPE = 916; +pub const CKM_SHA512_KEY_DERIVATION: CK_MECHANISM_TYPE = 917; +pub const CKM_SHA224_KEY_DERIVATION: CK_MECHANISM_TYPE = 918; +pub const CKM_SHA3_256_KEY_DERIVATION: CK_MECHANISM_TYPE = 919; +pub const CKM_SHA3_224_KEY_DERIVATION: CK_MECHANISM_TYPE = 920; +pub const CKM_SHA3_384_KEY_DERIVATION: CK_MECHANISM_TYPE = 921; +pub const CKM_SHA3_512_KEY_DERIVATION: CK_MECHANISM_TYPE = 922; +pub const CKM_SHAKE_128_KEY_DERIVATION: CK_MECHANISM_TYPE = 923; +pub const CKM_SHAKE_256_KEY_DERIVATION: CK_MECHANISM_TYPE = 924; +pub const CKM_SHA3_256_KEY_DERIVE: CK_MECHANISM_TYPE = 919; +pub const CKM_SHA3_224_KEY_DERIVE: CK_MECHANISM_TYPE = 920; +pub const CKM_SHA3_384_KEY_DERIVE: CK_MECHANISM_TYPE = 921; +pub const CKM_SHA3_512_KEY_DERIVE: CK_MECHANISM_TYPE = 922; +pub const CKM_SHAKE_128_KEY_DERIVE: CK_MECHANISM_TYPE = 923; +pub const CKM_SHAKE_256_KEY_DERIVE: CK_MECHANISM_TYPE = 924; +pub const CKM_PBE_MD2_DES_CBC: CK_MECHANISM_TYPE = 928; +pub const CKM_PBE_MD5_DES_CBC: CK_MECHANISM_TYPE = 929; +pub const CKM_PBE_MD5_CAST_CBC: CK_MECHANISM_TYPE = 930; +pub const CKM_PBE_MD5_CAST3_CBC: CK_MECHANISM_TYPE = 931; +pub const CKM_PBE_MD5_CAST5_CBC: CK_MECHANISM_TYPE = 932; +pub const CKM_PBE_MD5_CAST128_CBC: CK_MECHANISM_TYPE = 932; +pub const CKM_PBE_SHA1_CAST5_CBC: CK_MECHANISM_TYPE = 933; +pub const CKM_PBE_SHA1_CAST128_CBC: CK_MECHANISM_TYPE = 933; +pub const CKM_PBE_SHA1_RC4_128: CK_MECHANISM_TYPE = 934; +pub const CKM_PBE_SHA1_RC4_40: CK_MECHANISM_TYPE = 935; +pub const CKM_PBE_SHA1_DES3_EDE_CBC: CK_MECHANISM_TYPE = 936; +pub const CKM_PBE_SHA1_DES2_EDE_CBC: CK_MECHANISM_TYPE = 937; +pub const CKM_PBE_SHA1_RC2_128_CBC: CK_MECHANISM_TYPE = 938; +pub const CKM_PBE_SHA1_RC2_40_CBC: CK_MECHANISM_TYPE = 939; +pub const CKM_PKCS5_PBKD2: CK_MECHANISM_TYPE = 944; +pub const CKM_PBA_SHA1_WITH_SHA1_HMAC: CK_MECHANISM_TYPE = 960; +pub const CKM_WTLS_PRE_MASTER_KEY_GEN: CK_MECHANISM_TYPE = 976; +pub const CKM_WTLS_MASTER_KEY_DERIVE: CK_MECHANISM_TYPE = 977; +pub const CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC: CK_MECHANISM_TYPE = 978; +pub const CKM_WTLS_PRF: CK_MECHANISM_TYPE = 979; +pub const CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE: CK_MECHANISM_TYPE = 980; +pub const CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE: CK_MECHANISM_TYPE = 981; +pub const CKM_TLS10_MAC_SERVER: CK_MECHANISM_TYPE = 982; +pub const CKM_TLS10_MAC_CLIENT: CK_MECHANISM_TYPE = 983; +pub const CKM_TLS12_MAC: CK_MECHANISM_TYPE = 984; +pub const CKM_TLS12_KDF: CK_MECHANISM_TYPE = 985; +pub const CKM_TLS12_MASTER_KEY_DERIVE: CK_MECHANISM_TYPE = 992; +pub const CKM_TLS12_KEY_AND_MAC_DERIVE: CK_MECHANISM_TYPE = 993; +pub const CKM_TLS12_MASTER_KEY_DERIVE_DH: CK_MECHANISM_TYPE = 994; +pub const CKM_TLS12_KEY_SAFE_DERIVE: CK_MECHANISM_TYPE = 995; +pub const CKM_TLS_MAC: CK_MECHANISM_TYPE = 996; +pub const CKM_TLS_KDF: CK_MECHANISM_TYPE = 997; +pub const CKM_KEY_WRAP_LYNKS: CK_MECHANISM_TYPE = 1024; +pub const CKM_KEY_WRAP_SET_OAEP: CK_MECHANISM_TYPE = 1025; +pub const CKM_CMS_SIG: CK_MECHANISM_TYPE = 1280; +pub const CKM_KIP_DERIVE: CK_MECHANISM_TYPE = 1296; +pub const CKM_KIP_WRAP: CK_MECHANISM_TYPE = 1297; +pub const CKM_KIP_MAC: CK_MECHANISM_TYPE = 1298; +pub const CKM_CAMELLIA_KEY_GEN: CK_MECHANISM_TYPE = 1360; +pub const CKM_CAMELLIA_ECB: CK_MECHANISM_TYPE = 1361; +pub const CKM_CAMELLIA_CBC: CK_MECHANISM_TYPE = 1362; +pub const CKM_CAMELLIA_MAC: CK_MECHANISM_TYPE = 1363; +pub const CKM_CAMELLIA_MAC_GENERAL: CK_MECHANISM_TYPE = 1364; +pub const CKM_CAMELLIA_CBC_PAD: CK_MECHANISM_TYPE = 1365; +pub const CKM_CAMELLIA_ECB_ENCRYPT_DATA: CK_MECHANISM_TYPE = 1366; +pub const CKM_CAMELLIA_CBC_ENCRYPT_DATA: CK_MECHANISM_TYPE = 1367; +pub const CKM_CAMELLIA_CTR: CK_MECHANISM_TYPE = 1368; +pub const CKM_ARIA_KEY_GEN: CK_MECHANISM_TYPE = 1376; +pub const CKM_ARIA_ECB: CK_MECHANISM_TYPE = 1377; +pub const CKM_ARIA_CBC: CK_MECHANISM_TYPE = 1378; +pub const CKM_ARIA_MAC: CK_MECHANISM_TYPE = 1379; +pub const CKM_ARIA_MAC_GENERAL: CK_MECHANISM_TYPE = 1380; +pub const CKM_ARIA_CBC_PAD: CK_MECHANISM_TYPE = 1381; +pub const CKM_ARIA_ECB_ENCRYPT_DATA: CK_MECHANISM_TYPE = 1382; +pub const CKM_ARIA_CBC_ENCRYPT_DATA: CK_MECHANISM_TYPE = 1383; +pub const CKM_SEED_KEY_GEN: CK_MECHANISM_TYPE = 1616; +pub const CKM_SEED_ECB: CK_MECHANISM_TYPE = 1617; +pub const CKM_SEED_CBC: CK_MECHANISM_TYPE = 1618; +pub const CKM_SEED_MAC: CK_MECHANISM_TYPE = 1619; +pub const CKM_SEED_MAC_GENERAL: CK_MECHANISM_TYPE = 1620; +pub const CKM_SEED_CBC_PAD: CK_MECHANISM_TYPE = 1621; +pub const CKM_SEED_ECB_ENCRYPT_DATA: CK_MECHANISM_TYPE = 1622; +pub const CKM_SEED_CBC_ENCRYPT_DATA: CK_MECHANISM_TYPE = 1623; +pub const CKM_SKIPJACK_KEY_GEN: CK_MECHANISM_TYPE = 4096; +pub const CKM_SKIPJACK_ECB64: CK_MECHANISM_TYPE = 4097; +pub const CKM_SKIPJACK_CBC64: CK_MECHANISM_TYPE = 4098; +pub const CKM_SKIPJACK_OFB64: CK_MECHANISM_TYPE = 4099; +pub const CKM_SKIPJACK_CFB64: CK_MECHANISM_TYPE = 4100; +pub const CKM_SKIPJACK_CFB32: CK_MECHANISM_TYPE = 4101; +pub const CKM_SKIPJACK_CFB16: CK_MECHANISM_TYPE = 4102; +pub const CKM_SKIPJACK_CFB8: CK_MECHANISM_TYPE = 4103; +pub const CKM_SKIPJACK_WRAP: CK_MECHANISM_TYPE = 4104; +pub const CKM_SKIPJACK_PRIVATE_WRAP: CK_MECHANISM_TYPE = 4105; +pub const CKM_SKIPJACK_RELAYX: CK_MECHANISM_TYPE = 4106; +pub const CKM_KEA_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 4112; +pub const CKM_KEA_KEY_DERIVE: CK_MECHANISM_TYPE = 4113; +pub const CKM_KEA_DERIVE: CK_MECHANISM_TYPE = 4114; +pub const CKM_FORTEZZA_TIMESTAMP: CK_MECHANISM_TYPE = 4128; +pub const CKM_BATON_KEY_GEN: CK_MECHANISM_TYPE = 4144; +pub const CKM_BATON_ECB128: CK_MECHANISM_TYPE = 4145; +pub const CKM_BATON_ECB96: CK_MECHANISM_TYPE = 4146; +pub const CKM_BATON_CBC128: CK_MECHANISM_TYPE = 4147; +pub const CKM_BATON_COUNTER: CK_MECHANISM_TYPE = 4148; +pub const CKM_BATON_SHUFFLE: CK_MECHANISM_TYPE = 4149; +pub const CKM_BATON_WRAP: CK_MECHANISM_TYPE = 4150; +pub const CKM_ECDSA_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 4160; +pub const CKM_EC_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 4160; +pub const CKM_ECDSA: CK_MECHANISM_TYPE = 4161; +pub const CKM_ECDSA_SHA1: CK_MECHANISM_TYPE = 4162; +pub const CKM_ECDSA_SHA224: CK_MECHANISM_TYPE = 4163; +pub const CKM_ECDSA_SHA256: CK_MECHANISM_TYPE = 4164; +pub const CKM_ECDSA_SHA384: CK_MECHANISM_TYPE = 4165; +pub const CKM_ECDSA_SHA512: CK_MECHANISM_TYPE = 4166; +pub const CKM_EC_KEY_PAIR_GEN_W_EXTRA_BITS: CK_MECHANISM_TYPE = 5131; +pub const CKM_ECDH1_DERIVE: CK_MECHANISM_TYPE = 4176; +pub const CKM_ECDH1_COFACTOR_DERIVE: CK_MECHANISM_TYPE = 4177; +pub const CKM_ECMQV_DERIVE: CK_MECHANISM_TYPE = 4178; +pub const CKM_ECDH_AES_KEY_WRAP: CK_MECHANISM_TYPE = 4179; +pub const CKM_RSA_AES_KEY_WRAP: CK_MECHANISM_TYPE = 4180; +pub const CKM_JUNIPER_KEY_GEN: CK_MECHANISM_TYPE = 4192; +pub const CKM_JUNIPER_ECB128: CK_MECHANISM_TYPE = 4193; +pub const CKM_JUNIPER_CBC128: CK_MECHANISM_TYPE = 4194; +pub const CKM_JUNIPER_COUNTER: CK_MECHANISM_TYPE = 4195; +pub const CKM_JUNIPER_SHUFFLE: CK_MECHANISM_TYPE = 4196; +pub const CKM_JUNIPER_WRAP: CK_MECHANISM_TYPE = 4197; +pub const CKM_FASTHASH: CK_MECHANISM_TYPE = 4208; +pub const CKM_AES_XTS: CK_MECHANISM_TYPE = 4209; +pub const CKM_AES_XTS_KEY_GEN: CK_MECHANISM_TYPE = 4210; +pub const CKM_AES_KEY_GEN: CK_MECHANISM_TYPE = 4224; +pub const CKM_AES_ECB: CK_MECHANISM_TYPE = 4225; +pub const CKM_AES_CBC: CK_MECHANISM_TYPE = 4226; +pub const CKM_AES_MAC: CK_MECHANISM_TYPE = 4227; +pub const CKM_AES_MAC_GENERAL: CK_MECHANISM_TYPE = 4228; +pub const CKM_AES_CBC_PAD: CK_MECHANISM_TYPE = 4229; +pub const CKM_AES_CTR: CK_MECHANISM_TYPE = 4230; +pub const CKM_AES_GCM: CK_MECHANISM_TYPE = 4231; +pub const CKM_AES_CCM: CK_MECHANISM_TYPE = 4232; +pub const CKM_AES_CTS: CK_MECHANISM_TYPE = 4233; +pub const CKM_AES_CMAC: CK_MECHANISM_TYPE = 4234; +pub const CKM_AES_CMAC_GENERAL: CK_MECHANISM_TYPE = 4235; +pub const CKM_AES_XCBC_MAC: CK_MECHANISM_TYPE = 4236; +pub const CKM_AES_XCBC_MAC_96: CK_MECHANISM_TYPE = 4237; +pub const CKM_AES_GMAC: CK_MECHANISM_TYPE = 4238; +pub const CKM_BLOWFISH_KEY_GEN: CK_MECHANISM_TYPE = 4240; +pub const CKM_BLOWFISH_CBC: CK_MECHANISM_TYPE = 4241; +pub const CKM_TWOFISH_KEY_GEN: CK_MECHANISM_TYPE = 4242; +pub const CKM_TWOFISH_CBC: CK_MECHANISM_TYPE = 4243; +pub const CKM_BLOWFISH_CBC_PAD: CK_MECHANISM_TYPE = 4244; +pub const CKM_TWOFISH_CBC_PAD: CK_MECHANISM_TYPE = 4245; +pub const CKM_DES_ECB_ENCRYPT_DATA: CK_MECHANISM_TYPE = 4352; +pub const CKM_DES_CBC_ENCRYPT_DATA: CK_MECHANISM_TYPE = 4353; +pub const CKM_DES3_ECB_ENCRYPT_DATA: CK_MECHANISM_TYPE = 4354; +pub const CKM_DES3_CBC_ENCRYPT_DATA: CK_MECHANISM_TYPE = 4355; +pub const CKM_AES_ECB_ENCRYPT_DATA: CK_MECHANISM_TYPE = 4356; +pub const CKM_AES_CBC_ENCRYPT_DATA: CK_MECHANISM_TYPE = 4357; +pub const CKM_GOSTR3410_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 4608; +pub const CKM_GOSTR3410: CK_MECHANISM_TYPE = 4609; +pub const CKM_GOSTR3410_WITH_GOSTR3411: CK_MECHANISM_TYPE = 4610; +pub const CKM_GOSTR3410_KEY_WRAP: CK_MECHANISM_TYPE = 4611; +pub const CKM_GOSTR3410_DERIVE: CK_MECHANISM_TYPE = 4612; +pub const CKM_GOSTR3411: CK_MECHANISM_TYPE = 4624; +pub const CKM_GOSTR3411_HMAC: CK_MECHANISM_TYPE = 4625; +pub const CKM_GOST28147_KEY_GEN: CK_MECHANISM_TYPE = 4640; +pub const CKM_GOST28147_ECB: CK_MECHANISM_TYPE = 4641; +pub const CKM_GOST28147: CK_MECHANISM_TYPE = 4642; +pub const CKM_GOST28147_MAC: CK_MECHANISM_TYPE = 4643; +pub const CKM_GOST28147_KEY_WRAP: CK_MECHANISM_TYPE = 4644; +pub const CKM_CHACHA20_KEY_GEN: CK_MECHANISM_TYPE = 4645; +pub const CKM_CHACHA20: CK_MECHANISM_TYPE = 4646; +pub const CKM_POLY1305_KEY_GEN: CK_MECHANISM_TYPE = 4647; +pub const CKM_POLY1305: CK_MECHANISM_TYPE = 4648; +pub const CKM_DSA_PARAMETER_GEN: CK_MECHANISM_TYPE = 8192; +pub const CKM_DH_PKCS_PARAMETER_GEN: CK_MECHANISM_TYPE = 8193; +pub const CKM_X9_42_DH_PARAMETER_GEN: CK_MECHANISM_TYPE = 8194; +pub const CKM_DSA_PROBABILISTIC_PARAMETER_GEN: CK_MECHANISM_TYPE = 8195; +pub const CKM_DSA_PROBABLISTIC_PARAMETER_GEN: CK_MECHANISM_TYPE = 8195; +pub const CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN: CK_MECHANISM_TYPE = 8196; +pub const CKM_DSA_FIPS_G_GEN: CK_MECHANISM_TYPE = 8197; +pub const CKM_AES_OFB: CK_MECHANISM_TYPE = 8452; +pub const CKM_AES_CFB64: CK_MECHANISM_TYPE = 8453; +pub const CKM_AES_CFB8: CK_MECHANISM_TYPE = 8454; +pub const CKM_AES_CFB128: CK_MECHANISM_TYPE = 8455; +pub const CKM_AES_CFB1: CK_MECHANISM_TYPE = 8456; +pub const CKM_AES_KEY_WRAP: CK_MECHANISM_TYPE = 8457; +pub const CKM_AES_KEY_WRAP_PAD: CK_MECHANISM_TYPE = 8458; +pub const CKM_AES_KEY_WRAP_KWP: CK_MECHANISM_TYPE = 8459; +pub const CKM_AES_KEY_WRAP_PKCS7: CK_MECHANISM_TYPE = 8460; +pub const CKM_RSA_PKCS_TPM_1_1: CK_MECHANISM_TYPE = 16385; +pub const CKM_RSA_PKCS_OAEP_TPM_1_1: CK_MECHANISM_TYPE = 16386; +pub const CKM_SHA_1_KEY_GEN: CK_MECHANISM_TYPE = 16387; +pub const CKM_SHA224_KEY_GEN: CK_MECHANISM_TYPE = 16388; +pub const CKM_SHA256_KEY_GEN: CK_MECHANISM_TYPE = 16389; +pub const CKM_SHA384_KEY_GEN: CK_MECHANISM_TYPE = 16390; +pub const CKM_SHA512_KEY_GEN: CK_MECHANISM_TYPE = 16391; +pub const CKM_SHA512_224_KEY_GEN: CK_MECHANISM_TYPE = 16392; +pub const CKM_SHA512_256_KEY_GEN: CK_MECHANISM_TYPE = 16393; +pub const CKM_SHA512_T_KEY_GEN: CK_MECHANISM_TYPE = 16394; +pub const CKM_NULL: CK_MECHANISM_TYPE = 16395; +pub const CKM_BLAKE2B_160: CK_MECHANISM_TYPE = 16396; +pub const CKM_BLAKE2B_160_HMAC: CK_MECHANISM_TYPE = 16397; +pub const CKM_BLAKE2B_160_HMAC_GENERAL: CK_MECHANISM_TYPE = 16398; +pub const CKM_BLAKE2B_160_KEY_DERIVE: CK_MECHANISM_TYPE = 16399; +pub const CKM_BLAKE2B_160_KEY_GEN: CK_MECHANISM_TYPE = 16400; +pub const CKM_BLAKE2B_256: CK_MECHANISM_TYPE = 16401; +pub const CKM_BLAKE2B_256_HMAC: CK_MECHANISM_TYPE = 16402; +pub const CKM_BLAKE2B_256_HMAC_GENERAL: CK_MECHANISM_TYPE = 16403; +pub const CKM_BLAKE2B_256_KEY_DERIVE: CK_MECHANISM_TYPE = 16404; +pub const CKM_BLAKE2B_256_KEY_GEN: CK_MECHANISM_TYPE = 16405; +pub const CKM_BLAKE2B_384: CK_MECHANISM_TYPE = 16406; +pub const CKM_BLAKE2B_384_HMAC: CK_MECHANISM_TYPE = 16407; +pub const CKM_BLAKE2B_384_HMAC_GENERAL: CK_MECHANISM_TYPE = 16408; +pub const CKM_BLAKE2B_384_KEY_DERIVE: CK_MECHANISM_TYPE = 16409; +pub const CKM_BLAKE2B_384_KEY_GEN: CK_MECHANISM_TYPE = 16410; +pub const CKM_BLAKE2B_512: CK_MECHANISM_TYPE = 16411; +pub const CKM_BLAKE2B_512_HMAC: CK_MECHANISM_TYPE = 16412; +pub const CKM_BLAKE2B_512_HMAC_GENERAL: CK_MECHANISM_TYPE = 16413; +pub const CKM_BLAKE2B_512_KEY_DERIVE: CK_MECHANISM_TYPE = 16414; +pub const CKM_BLAKE2B_512_KEY_GEN: CK_MECHANISM_TYPE = 16415; +pub const CKM_SALSA20: CK_MECHANISM_TYPE = 16416; +pub const CKM_CHACHA20_POLY1305: CK_MECHANISM_TYPE = 16417; +pub const CKM_SALSA20_POLY1305: CK_MECHANISM_TYPE = 16418; +pub const CKM_X3DH_INITIALIZE: CK_MECHANISM_TYPE = 16419; +pub const CKM_X3DH_RESPOND: CK_MECHANISM_TYPE = 16420; +pub const CKM_X2RATCHET_INITIALIZE: CK_MECHANISM_TYPE = 16421; +pub const CKM_X2RATCHET_RESPOND: CK_MECHANISM_TYPE = 16422; +pub const CKM_X2RATCHET_ENCRYPT: CK_MECHANISM_TYPE = 16423; +pub const CKM_X2RATCHET_DECRYPT: CK_MECHANISM_TYPE = 16424; +pub const CKM_XEDDSA: CK_MECHANISM_TYPE = 16425; +pub const CKM_HKDF_DERIVE: CK_MECHANISM_TYPE = 16426; +pub const CKM_HKDF_DATA: CK_MECHANISM_TYPE = 16427; +pub const CKM_HKDF_KEY_GEN: CK_MECHANISM_TYPE = 16428; +pub const CKM_SALSA20_KEY_GEN: CK_MECHANISM_TYPE = 16429; +pub const CKM_ECDSA_SHA3_224: CK_MECHANISM_TYPE = 4167; +pub const CKM_ECDSA_SHA3_256: CK_MECHANISM_TYPE = 4168; +pub const CKM_ECDSA_SHA3_384: CK_MECHANISM_TYPE = 4169; +pub const CKM_ECDSA_SHA3_512: CK_MECHANISM_TYPE = 4170; +pub const CKM_EC_EDWARDS_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 4181; +pub const CKM_EC_MONTGOMERY_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 4182; +pub const CKM_EDDSA: CK_MECHANISM_TYPE = 4183; +pub const CKM_SP800_108_COUNTER_KDF: CK_MECHANISM_TYPE = 940; +pub const CKM_SP800_108_FEEDBACK_KDF: CK_MECHANISM_TYPE = 941; +pub const CKM_SP800_108_DOUBLE_PIPELINE_KDF: CK_MECHANISM_TYPE = 942; +pub const CKM_IKE2_PRF_PLUS_DERIVE: CK_MECHANISM_TYPE = 16430; +pub const CKM_IKE_PRF_DERIVE: CK_MECHANISM_TYPE = 16431; +pub const CKM_IKE1_PRF_DERIVE: CK_MECHANISM_TYPE = 16432; +pub const CKM_IKE1_EXTENDED_DERIVE: CK_MECHANISM_TYPE = 16433; +pub const CKM_HSS_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 16434; +pub const CKM_HSS: CK_MECHANISM_TYPE = 16435; +pub const CKM_VENDOR_DEFINED: CK_MECHANISM_TYPE = 2147483648; +pub const CKF_HW: CK_FLAGS = 1; +pub const CKF_MESSAGE_ENCRYPT: CK_FLAGS = 2; +pub const CKF_MESSAGE_DECRYPT: CK_FLAGS = 4; +pub const CKF_MESSAGE_SIGN: CK_FLAGS = 8; +pub const CKF_MESSAGE_VERIFY: CK_FLAGS = 16; +pub const CKF_MULTI_MESSAGE: CK_FLAGS = 32; +pub const CKF_MULTI_MESSGE: CK_FLAGS = 32; +pub const CKF_FIND_OBJECTS: CK_FLAGS = 64; +pub const CKF_ENCRYPT: CK_FLAGS = 256; +pub const CKF_DECRYPT: CK_FLAGS = 512; +pub const CKF_DIGEST: CK_FLAGS = 1024; +pub const CKF_SIGN: CK_FLAGS = 2048; +pub const CKF_SIGN_RECOVER: CK_FLAGS = 4096; +pub const CKF_VERIFY: CK_FLAGS = 8192; +pub const CKF_VERIFY_RECOVER: CK_FLAGS = 16384; +pub const CKF_GENERATE: CK_FLAGS = 32768; +pub const CKF_GENERATE_KEY_PAIR: CK_FLAGS = 65536; +pub const CKF_WRAP: CK_FLAGS = 131072; +pub const CKF_UNWRAP: CK_FLAGS = 262144; +pub const CKF_DERIVE: CK_FLAGS = 524288; +pub const CKF_EC_F_P: CK_FLAGS = 1048576; +pub const CKF_EC_F_2M: CK_FLAGS = 2097152; +pub const CKF_EC_ECPARAMETERS: CK_FLAGS = 4194304; +pub const CKF_EC_OID: CK_FLAGS = 8388608; +pub const CKF_EC_NAMEDCURVE: CK_FLAGS = 8388608; +pub const CKF_EC_UNCOMPRESS: CK_FLAGS = 16777216; +pub const CKF_EC_COMPRESS: CK_FLAGS = 33554432; +pub const CKF_EC_CURVENAME: CK_FLAGS = 67108864; +pub const CKF_EXTENSION: CK_FLAGS = 2147483648; +pub const CKR_OK: CK_RV = 0; +pub const CKR_CANCEL: CK_RV = 1; +pub const CKR_HOST_MEMORY: CK_RV = 2; +pub const CKR_SLOT_ID_INVALID: CK_RV = 3; +pub const CKR_GENERAL_ERROR: CK_RV = 5; +pub const CKR_FUNCTION_FAILED: CK_RV = 6; +pub const CKR_ARGUMENTS_BAD: CK_RV = 7; +pub const CKR_NO_EVENT: CK_RV = 8; +pub const CKR_NEED_TO_CREATE_THREADS: CK_RV = 9; +pub const CKR_CANT_LOCK: CK_RV = 10; +pub const CKR_ATTRIBUTE_READ_ONLY: CK_RV = 16; +pub const CKR_ATTRIBUTE_SENSITIVE: CK_RV = 17; +pub const CKR_ATTRIBUTE_TYPE_INVALID: CK_RV = 18; +pub const CKR_ATTRIBUTE_VALUE_INVALID: CK_RV = 19; +pub const CKR_ACTION_PROHIBITED: CK_RV = 27; +pub const CKR_DATA_INVALID: CK_RV = 32; +pub const CKR_DATA_LEN_RANGE: CK_RV = 33; +pub const CKR_DEVICE_ERROR: CK_RV = 48; +pub const CKR_DEVICE_MEMORY: CK_RV = 49; +pub const CKR_DEVICE_REMOVED: CK_RV = 50; +pub const CKR_ENCRYPTED_DATA_INVALID: CK_RV = 64; +pub const CKR_ENCRYPTED_DATA_LEN_RANGE: CK_RV = 65; +pub const CKR_AEAD_DECRYPT_FAILED: CK_RV = 66; +pub const CKR_FUNCTION_CANCELED: CK_RV = 80; +pub const CKR_FUNCTION_NOT_PARALLEL: CK_RV = 81; +pub const CKR_FUNCTION_NOT_SUPPORTED: CK_RV = 84; +pub const CKR_KEY_HANDLE_INVALID: CK_RV = 96; +pub const CKR_KEY_SIZE_RANGE: CK_RV = 98; +pub const CKR_KEY_TYPE_INCONSISTENT: CK_RV = 99; +pub const CKR_KEY_NOT_NEEDED: CK_RV = 100; +pub const CKR_KEY_CHANGED: CK_RV = 101; +pub const CKR_KEY_NEEDED: CK_RV = 102; +pub const CKR_KEY_INDIGESTIBLE: CK_RV = 103; +pub const CKR_KEY_FUNCTION_NOT_PERMITTED: CK_RV = 104; +pub const CKR_KEY_NOT_WRAPPABLE: CK_RV = 105; +pub const CKR_KEY_UNEXTRACTABLE: CK_RV = 106; +pub const CKR_MECHANISM_INVALID: CK_RV = 112; +pub const CKR_MECHANISM_PARAM_INVALID: CK_RV = 113; +pub const CKR_OBJECT_HANDLE_INVALID: CK_RV = 130; +pub const CKR_OPERATION_ACTIVE: CK_RV = 144; +pub const CKR_OPERATION_NOT_INITIALIZED: CK_RV = 145; +pub const CKR_PIN_INCORRECT: CK_RV = 160; +pub const CKR_PIN_INVALID: CK_RV = 161; +pub const CKR_PIN_LEN_RANGE: CK_RV = 162; +pub const CKR_PIN_EXPIRED: CK_RV = 163; +pub const CKR_PIN_LOCKED: CK_RV = 164; +pub const CKR_SESSION_CLOSED: CK_RV = 176; +pub const CKR_SESSION_COUNT: CK_RV = 177; +pub const CKR_SESSION_HANDLE_INVALID: CK_RV = 179; +pub const CKR_SESSION_PARALLEL_NOT_SUPPORTED: CK_RV = 180; +pub const CKR_SESSION_READ_ONLY: CK_RV = 181; +pub const CKR_SESSION_EXISTS: CK_RV = 182; +pub const CKR_SESSION_READ_ONLY_EXISTS: CK_RV = 183; +pub const CKR_SESSION_READ_WRITE_SO_EXISTS: CK_RV = 184; +pub const CKR_SIGNATURE_INVALID: CK_RV = 192; +pub const CKR_SIGNATURE_LEN_RANGE: CK_RV = 193; +pub const CKR_TEMPLATE_INCOMPLETE: CK_RV = 208; +pub const CKR_TEMPLATE_INCONSISTENT: CK_RV = 209; +pub const CKR_TOKEN_NOT_PRESENT: CK_RV = 224; +pub const CKR_TOKEN_NOT_RECOGNIZED: CK_RV = 225; +pub const CKR_TOKEN_WRITE_PROTECTED: CK_RV = 226; +pub const CKR_UNWRAPPING_KEY_HANDLE_INVALID: CK_RV = 240; +pub const CKR_UNWRAPPING_KEY_SIZE_RANGE: CK_RV = 241; +pub const CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT: CK_RV = 242; +pub const CKR_USER_ALREADY_LOGGED_IN: CK_RV = 256; +pub const CKR_USER_NOT_LOGGED_IN: CK_RV = 257; +pub const CKR_USER_PIN_NOT_INITIALIZED: CK_RV = 258; +pub const CKR_USER_TYPE_INVALID: CK_RV = 259; +pub const CKR_USER_ANOTHER_ALREADY_LOGGED_IN: CK_RV = 260; +pub const CKR_USER_TOO_MANY_TYPES: CK_RV = 261; +pub const CKR_WRAPPED_KEY_INVALID: CK_RV = 272; +pub const CKR_WRAPPED_KEY_LEN_RANGE: CK_RV = 274; +pub const CKR_WRAPPING_KEY_HANDLE_INVALID: CK_RV = 275; +pub const CKR_WRAPPING_KEY_SIZE_RANGE: CK_RV = 276; +pub const CKR_WRAPPING_KEY_TYPE_INCONSISTENT: CK_RV = 277; +pub const CKR_RANDOM_SEED_NOT_SUPPORTED: CK_RV = 288; +pub const CKR_RANDOM_NO_RNG: CK_RV = 289; +pub const CKR_DOMAIN_PARAMS_INVALID: CK_RV = 304; +pub const CKR_CURVE_NOT_SUPPORTED: CK_RV = 320; +pub const CKR_BUFFER_TOO_SMALL: CK_RV = 336; +pub const CKR_SAVED_STATE_INVALID: CK_RV = 352; +pub const CKR_INFORMATION_SENSITIVE: CK_RV = 368; +pub const CKR_STATE_UNSAVEABLE: CK_RV = 384; +pub const CKR_CRYPTOKI_NOT_INITIALIZED: CK_RV = 400; +pub const CKR_CRYPTOKI_ALREADY_INITIALIZED: CK_RV = 401; +pub const CKR_MUTEX_BAD: CK_RV = 416; +pub const CKR_MUTEX_NOT_LOCKED: CK_RV = 417; +pub const CKR_NEW_PIN_MODE: CK_RV = 432; +pub const CKR_NEXT_OTP: CK_RV = 433; +pub const CKR_EXCEEDED_MAX_ITERATIONS: CK_RV = 437; +pub const CKR_FIPS_SELF_TEST_FAILED: CK_RV = 438; +pub const CKR_LIBRARY_LOAD_FAILED: CK_RV = 439; +pub const CKR_PIN_TOO_WEAK: CK_RV = 440; +pub const CKR_PUBLIC_KEY_INVALID: CK_RV = 441; +pub const CKR_FUNCTION_REJECTED: CK_RV = 512; +pub const CKR_TOKEN_RESOURCE_EXCEEDED: CK_RV = 513; +pub const CKR_OPERATION_CANCEL_FAILED: CK_RV = 514; +pub const CKR_KEY_EXHAUSTED: CK_RV = 515; +pub const CKR_VENDOR_DEFINED: CK_RV = 2147483648; +pub const CKF_END_OF_MESSAGE: CK_FLAGS = 1; +pub const CKF_INTERFACE_FORK_SAFE: CK_FLAGS = 1; +pub const CKF_LIBRARY_CANT_CREATE_OS_THREADS: CK_FLAGS = 1; +pub const CKF_OS_LOCKING_OK: CK_FLAGS = 2; +pub const CKF_DONT_BLOCK: CK_FLAGS = 1; +pub const CKG_MGF1_SHA1: CK_RSA_PKCS_MGF_TYPE = 1; +pub const CKG_MGF1_SHA256: CK_RSA_PKCS_MGF_TYPE = 2; +pub const CKG_MGF1_SHA384: CK_RSA_PKCS_MGF_TYPE = 3; +pub const CKG_MGF1_SHA512: CK_RSA_PKCS_MGF_TYPE = 4; +pub const CKG_MGF1_SHA224: CK_RSA_PKCS_MGF_TYPE = 5; +pub const CKG_MGF1_SHA3_224: CK_RSA_PKCS_MGF_TYPE = 6; +pub const CKG_MGF1_SHA3_256: CK_RSA_PKCS_MGF_TYPE = 7; +pub const CKG_MGF1_SHA3_384: CK_RSA_PKCS_MGF_TYPE = 8; +pub const CKG_MGF1_SHA3_512: CK_RSA_PKCS_MGF_TYPE = 9; +pub const CKZ_DATA_SPECIFIED: CK_RSA_PKCS_OAEP_SOURCE_TYPE = 1; +pub const CKD_NULL: CK_EC_KDF_TYPE = 1; +pub const CKD_SHA1_KDF: CK_EC_KDF_TYPE = 2; +pub const CKD_SHA1_KDF_ASN1: CK_EC_KDF_TYPE = 3; +pub const CKD_SHA1_KDF_CONCATENATE: CK_EC_KDF_TYPE = 4; +pub const CKD_SHA224_KDF: CK_EC_KDF_TYPE = 5; +pub const CKD_SHA256_KDF: CK_EC_KDF_TYPE = 6; +pub const CKD_SHA384_KDF: CK_EC_KDF_TYPE = 7; +pub const CKD_SHA512_KDF: CK_EC_KDF_TYPE = 8; +pub const CKD_CPDIVERSIFY_KDF: CK_EC_KDF_TYPE = 9; +pub const CKD_SHA3_224_KDF: CK_EC_KDF_TYPE = 10; +pub const CKD_SHA3_256_KDF: CK_EC_KDF_TYPE = 11; +pub const CKD_SHA3_384_KDF: CK_EC_KDF_TYPE = 12; +pub const CKD_SHA3_512_KDF: CK_EC_KDF_TYPE = 13; +pub const CKD_SHA1_KDF_SP800: CK_EC_KDF_TYPE = 14; +pub const CKD_SHA224_KDF_SP800: CK_EC_KDF_TYPE = 15; +pub const CKD_SHA256_KDF_SP800: CK_EC_KDF_TYPE = 16; +pub const CKD_SHA384_KDF_SP800: CK_EC_KDF_TYPE = 17; +pub const CKD_SHA512_KDF_SP800: CK_EC_KDF_TYPE = 18; +pub const CKD_SHA3_224_KDF_SP800: CK_EC_KDF_TYPE = 19; +pub const CKD_SHA3_256_KDF_SP800: CK_EC_KDF_TYPE = 20; +pub const CKD_SHA3_384_KDF_SP800: CK_EC_KDF_TYPE = 21; +pub const CKD_SHA3_512_KDF_SP800: CK_EC_KDF_TYPE = 22; +pub const CKD_BLAKE2B_160_KDF: CK_EC_KDF_TYPE = 23; +pub const CKD_BLAKE2B_256_KDF: CK_EC_KDF_TYPE = 24; +pub const CKD_BLAKE2B_384_KDF: CK_EC_KDF_TYPE = 25; +pub const CKD_BLAKE2B_512_KDF: CK_EC_KDF_TYPE = 26; +pub const CKP_PKCS5_PBKD2_HMAC_SHA1: CK_PROFILE_ID = 1; +pub const CKP_PKCS5_PBKD2_HMAC_GOSTR3411: CK_PROFILE_ID = 2; +pub const CKP_PKCS5_PBKD2_HMAC_SHA224: CK_PROFILE_ID = 3; +pub const CKP_PKCS5_PBKD2_HMAC_SHA256: CK_PROFILE_ID = 4; +pub const CKP_PKCS5_PBKD2_HMAC_SHA384: CK_PROFILE_ID = 5; +pub const CKP_PKCS5_PBKD2_HMAC_SHA512: CK_PROFILE_ID = 6; +pub const CKP_PKCS5_PBKD2_HMAC_SHA512_224: CK_PROFILE_ID = 7; +pub const CKP_PKCS5_PBKD2_HMAC_SHA512_256: CK_PROFILE_ID = 8; +pub const CKZ_SALT_SPECIFIED: CK_RSA_PKCS_OAEP_SOURCE_TYPE = 1; +pub const CK_OTP_VALUE: CK_ULONG = 0; +pub const CK_OTP_PIN: CK_ULONG = 1; +pub const CK_OTP_CHALLENGE: CK_ULONG = 2; +pub const CK_OTP_TIME: CK_ULONG = 3; +pub const CK_OTP_COUNTER: CK_ULONG = 4; +pub const CK_OTP_FLAGS: CK_ULONG = 5; +pub const CK_OTP_OUTPUT_LENGTH: CK_ULONG = 6; +pub const CK_OTP_OUTPUT_FORMAT: CK_ULONG = 7; +pub const CKF_NEXT_OTP: CK_FLAGS = 1; +pub const CKF_EXCLUDE_TIME: CK_FLAGS = 2; +pub const CKF_EXCLUDE_COUNTER: CK_FLAGS = 4; +pub const CKF_EXCLUDE_CHALLENGE: CK_FLAGS = 8; +pub const CKF_EXCLUDE_PIN: CK_FLAGS = 16; +pub const CKF_USER_FRIENDLY_OTP: CK_FLAGS = 32; +pub const CKG_NO_GENERATE: CK_GENERATOR_FUNCTION = 0; +pub const CKG_GENERATE: CK_GENERATOR_FUNCTION = 1; +pub const CKG_GENERATE_COUNTER: CK_GENERATOR_FUNCTION = 2; +pub const CKG_GENERATE_RANDOM: CK_GENERATOR_FUNCTION = 3; +pub const CKG_GENERATE_COUNTER_XOR: CK_GENERATOR_FUNCTION = 4; +pub const CK_SP800_108_ITERATION_VARIABLE: CK_ULONG = 1; +pub const CK_SP800_108_OPTIONAL_COUNTER: CK_ULONG = 2; +pub const CK_SP800_108_DKM_LENGTH: CK_ULONG = 3; +pub const CK_SP800_108_BYTE_ARRAY: CK_ULONG = 4; +pub const CK_SP800_108_COUNTER: CK_ULONG = 2; +pub const CK_SP800_108_DKM_LENGTH_SUM_OF_KEYS: CK_ULONG = 1; +pub const CK_SP800_108_DKM_LENGTH_SUM_OF_SEGMENTS: CK_ULONG = 2; +pub const CKF_HKDF_SALT_NULL: CK_FLAGS = 1; +pub const CKF_HKDF_SALT_DATA: CK_FLAGS = 2; +pub const CKF_HKDF_SALT_KEY: CK_FLAGS = 4; +pub const CK_NEED_ARG_LIST: CK_ULONG = 1; +pub const CK_PKCS11_2_0_ONLY: CK_ULONG = 1; +pub type CK_BYTE = ::std::os::raw::c_uchar; +pub type CK_CHAR = CK_BYTE; +pub type CK_UTF8CHAR = CK_BYTE; +pub type CK_BBOOL = CK_BYTE; +pub type CK_ULONG = ::std::os::raw::c_ulong; +pub type CK_LONG = ::std::os::raw::c_long; +pub type CK_FLAGS = CK_ULONG; +pub type CK_BYTE_PTR = *mut CK_BYTE; +pub type CK_CHAR_PTR = *mut CK_CHAR; +pub type CK_UTF8CHAR_PTR = *mut CK_UTF8CHAR; +pub type CK_ULONG_PTR = *mut CK_ULONG; +pub type CK_VOID_PTR = *mut ::std::os::raw::c_void; +pub type CK_VOID_PTR_PTR = *mut CK_VOID_PTR; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_VERSION { + pub major: CK_BYTE, + pub minor: CK_BYTE, +} +#[test] +fn bindgen_test_layout_CK_VERSION() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 2usize, + concat!("Size of: ", stringify!(CK_VERSION)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_VERSION)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).major) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_VERSION), + "::", + stringify!(major) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).minor) as usize - ptr as usize }, + 1usize, + concat!( + "Offset of field: ", + stringify!(CK_VERSION), + "::", + stringify!(minor) + ) + ); +} +pub type CK_VERSION_PTR = *mut CK_VERSION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_INFO { + pub cryptokiVersion: CK_VERSION, + pub manufacturerID: [CK_UTF8CHAR; 32usize], + pub flags: CK_FLAGS, + pub libraryDescription: [CK_UTF8CHAR; 32usize], + pub libraryVersion: CK_VERSION, +} +#[test] +fn bindgen_test_layout_CK_INFO() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 88usize, + concat!("Size of: ", stringify!(CK_INFO)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_INFO)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).cryptokiVersion) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_INFO), + "::", + stringify!(cryptokiVersion) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).manufacturerID) as usize - ptr as usize }, + 2usize, + concat!( + "Offset of field: ", + stringify!(CK_INFO), + "::", + stringify!(manufacturerID) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).flags) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_INFO), + "::", + stringify!(flags) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).libraryDescription) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_INFO), + "::", + stringify!(libraryDescription) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).libraryVersion) as usize - ptr as usize }, + 80usize, + concat!( + "Offset of field: ", + stringify!(CK_INFO), + "::", + stringify!(libraryVersion) + ) + ); +} +pub type CK_INFO_PTR = *mut CK_INFO; +pub type CK_NOTIFICATION = CK_ULONG; +pub type CK_SLOT_ID = CK_ULONG; +pub type CK_SLOT_ID_PTR = *mut CK_SLOT_ID; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SLOT_INFO { + pub slotDescription: [CK_UTF8CHAR; 64usize], + pub manufacturerID: [CK_UTF8CHAR; 32usize], + pub flags: CK_FLAGS, + pub hardwareVersion: CK_VERSION, + pub firmwareVersion: CK_VERSION, +} +#[test] +fn bindgen_test_layout_CK_SLOT_INFO() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 112usize, + concat!("Size of: ", stringify!(CK_SLOT_INFO)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_SLOT_INFO)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).slotDescription) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SLOT_INFO), + "::", + stringify!(slotDescription) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).manufacturerID) as usize - ptr as usize }, + 64usize, + concat!( + "Offset of field: ", + stringify!(CK_SLOT_INFO), + "::", + stringify!(manufacturerID) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).flags) as usize - ptr as usize }, + 96usize, + concat!( + "Offset of field: ", + stringify!(CK_SLOT_INFO), + "::", + stringify!(flags) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hardwareVersion) as usize - ptr as usize }, + 104usize, + concat!( + "Offset of field: ", + stringify!(CK_SLOT_INFO), + "::", + stringify!(hardwareVersion) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).firmwareVersion) as usize - ptr as usize }, + 106usize, + concat!( + "Offset of field: ", + stringify!(CK_SLOT_INFO), + "::", + stringify!(firmwareVersion) + ) + ); +} +impl Default for CK_SLOT_INFO { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_SLOT_INFO_PTR = *mut CK_SLOT_INFO; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_TOKEN_INFO { + pub label: [CK_UTF8CHAR; 32usize], + pub manufacturerID: [CK_UTF8CHAR; 32usize], + pub model: [CK_UTF8CHAR; 16usize], + pub serialNumber: [CK_CHAR; 16usize], + pub flags: CK_FLAGS, + pub ulMaxSessionCount: CK_ULONG, + pub ulSessionCount: CK_ULONG, + pub ulMaxRwSessionCount: CK_ULONG, + pub ulRwSessionCount: CK_ULONG, + pub ulMaxPinLen: CK_ULONG, + pub ulMinPinLen: CK_ULONG, + pub ulTotalPublicMemory: CK_ULONG, + pub ulFreePublicMemory: CK_ULONG, + pub ulTotalPrivateMemory: CK_ULONG, + pub ulFreePrivateMemory: CK_ULONG, + pub hardwareVersion: CK_VERSION, + pub firmwareVersion: CK_VERSION, + pub utcTime: [CK_CHAR; 16usize], +} +#[test] +fn bindgen_test_layout_CK_TOKEN_INFO() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 208usize, + concat!("Size of: ", stringify!(CK_TOKEN_INFO)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_TOKEN_INFO)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).label) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(label) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).manufacturerID) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(manufacturerID) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).model) as usize - ptr as usize }, + 64usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(model) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).serialNumber) as usize - ptr as usize }, + 80usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(serialNumber) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).flags) as usize - ptr as usize }, + 96usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(flags) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMaxSessionCount) as usize - ptr as usize }, + 104usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(ulMaxSessionCount) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSessionCount) as usize - ptr as usize }, + 112usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(ulSessionCount) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMaxRwSessionCount) as usize - ptr as usize }, + 120usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(ulMaxRwSessionCount) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulRwSessionCount) as usize - ptr as usize }, + 128usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(ulRwSessionCount) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMaxPinLen) as usize - ptr as usize }, + 136usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(ulMaxPinLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMinPinLen) as usize - ptr as usize }, + 144usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(ulMinPinLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulTotalPublicMemory) as usize - ptr as usize }, + 152usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(ulTotalPublicMemory) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulFreePublicMemory) as usize - ptr as usize }, + 160usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(ulFreePublicMemory) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulTotalPrivateMemory) as usize - ptr as usize }, + 168usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(ulTotalPrivateMemory) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulFreePrivateMemory) as usize - ptr as usize }, + 176usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(ulFreePrivateMemory) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hardwareVersion) as usize - ptr as usize }, + 184usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(hardwareVersion) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).firmwareVersion) as usize - ptr as usize }, + 186usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(firmwareVersion) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).utcTime) as usize - ptr as usize }, + 188usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(utcTime) + ) + ); +} +pub type CK_TOKEN_INFO_PTR = *mut CK_TOKEN_INFO; +pub type CK_SESSION_HANDLE = CK_ULONG; +pub type CK_SESSION_HANDLE_PTR = *mut CK_SESSION_HANDLE; +pub type CK_USER_TYPE = CK_ULONG; +pub type CK_STATE = CK_ULONG; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_SESSION_INFO { + pub slotID: CK_SLOT_ID, + pub state: CK_STATE, + pub flags: CK_FLAGS, + pub ulDeviceError: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_SESSION_INFO() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 32usize, + concat!("Size of: ", stringify!(CK_SESSION_INFO)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_SESSION_INFO)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).slotID) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SESSION_INFO), + "::", + stringify!(slotID) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).state) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_SESSION_INFO), + "::", + stringify!(state) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).flags) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_SESSION_INFO), + "::", + stringify!(flags) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulDeviceError) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_SESSION_INFO), + "::", + stringify!(ulDeviceError) + ) + ); +} +pub type CK_SESSION_INFO_PTR = *mut CK_SESSION_INFO; +pub type CK_OBJECT_HANDLE = CK_ULONG; +pub type CK_OBJECT_HANDLE_PTR = *mut CK_OBJECT_HANDLE; +pub type CK_OBJECT_CLASS = CK_ULONG; +pub type CK_OBJECT_CLASS_PTR = *mut CK_OBJECT_CLASS; +pub type CK_HW_FEATURE_TYPE = CK_ULONG; +pub type CK_KEY_TYPE = CK_ULONG; +pub type CK_CERTIFICATE_TYPE = CK_ULONG; +pub type CK_ATTRIBUTE_TYPE = CK_ULONG; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_ATTRIBUTE { + pub type_: CK_ATTRIBUTE_TYPE, + pub pValue: CK_VOID_PTR, + pub ulValueLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_ATTRIBUTE() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(CK_ATTRIBUTE)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_ATTRIBUTE)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).type_) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_ATTRIBUTE), + "::", + stringify!(type_) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pValue) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_ATTRIBUTE), + "::", + stringify!(pValue) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulValueLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_ATTRIBUTE), + "::", + stringify!(ulValueLen) + ) + ); +} +impl Default for CK_ATTRIBUTE { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_ATTRIBUTE_PTR = *mut CK_ATTRIBUTE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_DATE { + pub year: [CK_CHAR; 4usize], + pub month: [CK_CHAR; 2usize], + pub day: [CK_CHAR; 2usize], +} +#[test] +fn bindgen_test_layout_CK_DATE() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 8usize, + concat!("Size of: ", stringify!(CK_DATE)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_DATE)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).year) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_DATE), + "::", + stringify!(year) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).month) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_DATE), + "::", + stringify!(month) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).day) as usize - ptr as usize }, + 6usize, + concat!( + "Offset of field: ", + stringify!(CK_DATE), + "::", + stringify!(day) + ) + ); +} +pub type CK_MECHANISM_TYPE = CK_ULONG; +pub type CK_MECHANISM_TYPE_PTR = *mut CK_MECHANISM_TYPE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_MECHANISM { + pub mechanism: CK_MECHANISM_TYPE, + pub pParameter: CK_VOID_PTR, + pub ulParameterLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_MECHANISM() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(CK_MECHANISM)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_MECHANISM)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).mechanism) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_MECHANISM), + "::", + stringify!(mechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pParameter) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_MECHANISM), + "::", + stringify!(pParameter) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulParameterLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_MECHANISM), + "::", + stringify!(ulParameterLen) + ) + ); +} +impl Default for CK_MECHANISM { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_MECHANISM_PTR = *mut CK_MECHANISM; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_MECHANISM_INFO { + pub ulMinKeySize: CK_ULONG, + pub ulMaxKeySize: CK_ULONG, + pub flags: CK_FLAGS, +} +#[test] +fn bindgen_test_layout_CK_MECHANISM_INFO() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(CK_MECHANISM_INFO)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_MECHANISM_INFO)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMinKeySize) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_MECHANISM_INFO), + "::", + stringify!(ulMinKeySize) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMaxKeySize) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_MECHANISM_INFO), + "::", + stringify!(ulMaxKeySize) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).flags) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_MECHANISM_INFO), + "::", + stringify!(flags) + ) + ); +} +pub type CK_MECHANISM_INFO_PTR = *mut CK_MECHANISM_INFO; +pub type CK_RV = CK_ULONG; +pub type CK_NOTIFY = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + event: CK_NOTIFICATION, + pApplication: CK_VOID_PTR, + ) -> CK_RV, +>; +pub type CK_FUNCTION_LIST_PTR = *mut CK_FUNCTION_LIST; +pub type CK_FUNCTION_LIST_3_0_PTR = *mut CK_FUNCTION_LIST_3_0; +pub type CK_FUNCTION_LIST_PTR_PTR = *mut CK_FUNCTION_LIST_PTR; +pub type CK_FUNCTION_LIST_3_0_PTR_PTR = *mut CK_FUNCTION_LIST_3_0_PTR; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_INTERFACE { + pub pInterfaceName: *mut CK_CHAR, + pub pFunctionList: CK_VOID_PTR, + pub flags: CK_FLAGS, +} +#[test] +fn bindgen_test_layout_CK_INTERFACE() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(CK_INTERFACE)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_INTERFACE)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pInterfaceName) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_INTERFACE), + "::", + stringify!(pInterfaceName) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pFunctionList) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_INTERFACE), + "::", + stringify!(pFunctionList) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).flags) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_INTERFACE), + "::", + stringify!(flags) + ) + ); +} +impl Default for CK_INTERFACE { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_INTERFACE_PTR = *mut CK_INTERFACE; +pub type CK_INTERFACE_PTR_PTR = *mut CK_INTERFACE_PTR; +pub type CK_CREATEMUTEX = + ::std::option::Option CK_RV>; +pub type CK_DESTROYMUTEX = + ::std::option::Option CK_RV>; +pub type CK_LOCKMUTEX = ::std::option::Option CK_RV>; +pub type CK_UNLOCKMUTEX = ::std::option::Option CK_RV>; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_C_INITIALIZE_ARGS { + pub CreateMutex: CK_CREATEMUTEX, + pub DestroyMutex: CK_DESTROYMUTEX, + pub LockMutex: CK_LOCKMUTEX, + pub UnlockMutex: CK_UNLOCKMUTEX, + pub flags: CK_FLAGS, + pub pReserved: CK_VOID_PTR, +} +#[test] +fn bindgen_test_layout_CK_C_INITIALIZE_ARGS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 48usize, + concat!("Size of: ", stringify!(CK_C_INITIALIZE_ARGS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_C_INITIALIZE_ARGS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).CreateMutex) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_C_INITIALIZE_ARGS), + "::", + stringify!(CreateMutex) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).DestroyMutex) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_C_INITIALIZE_ARGS), + "::", + stringify!(DestroyMutex) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).LockMutex) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_C_INITIALIZE_ARGS), + "::", + stringify!(LockMutex) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).UnlockMutex) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_C_INITIALIZE_ARGS), + "::", + stringify!(UnlockMutex) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).flags) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_C_INITIALIZE_ARGS), + "::", + stringify!(flags) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pReserved) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_C_INITIALIZE_ARGS), + "::", + stringify!(pReserved) + ) + ); +} +impl Default for CK_C_INITIALIZE_ARGS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_C_INITIALIZE_ARGS_PTR = *mut CK_C_INITIALIZE_ARGS; +pub type CK_RSA_PKCS_MGF_TYPE = CK_ULONG; +pub type CK_RSA_PKCS_MGF_TYPE_PTR = *mut CK_RSA_PKCS_MGF_TYPE; +pub type CK_RSA_PKCS_OAEP_SOURCE_TYPE = CK_ULONG; +pub type CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR = *mut CK_RSA_PKCS_OAEP_SOURCE_TYPE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_RSA_PKCS_OAEP_PARAMS { + pub hashAlg: CK_MECHANISM_TYPE, + pub mgf: CK_RSA_PKCS_MGF_TYPE, + pub source: CK_RSA_PKCS_OAEP_SOURCE_TYPE, + pub pSourceData: CK_VOID_PTR, + pub ulSourceDataLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_RSA_PKCS_OAEP_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 40usize, + concat!("Size of: ", stringify!(CK_RSA_PKCS_OAEP_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_RSA_PKCS_OAEP_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hashAlg) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_RSA_PKCS_OAEP_PARAMS), + "::", + stringify!(hashAlg) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).mgf) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_RSA_PKCS_OAEP_PARAMS), + "::", + stringify!(mgf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).source) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_RSA_PKCS_OAEP_PARAMS), + "::", + stringify!(source) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSourceData) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_RSA_PKCS_OAEP_PARAMS), + "::", + stringify!(pSourceData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSourceDataLen) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_RSA_PKCS_OAEP_PARAMS), + "::", + stringify!(ulSourceDataLen) + ) + ); +} +impl Default for CK_RSA_PKCS_OAEP_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_RSA_PKCS_OAEP_PARAMS_PTR = *mut CK_RSA_PKCS_OAEP_PARAMS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_RSA_PKCS_PSS_PARAMS { + pub hashAlg: CK_MECHANISM_TYPE, + pub mgf: CK_RSA_PKCS_MGF_TYPE, + pub sLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_RSA_PKCS_PSS_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(CK_RSA_PKCS_PSS_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_RSA_PKCS_PSS_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hashAlg) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_RSA_PKCS_PSS_PARAMS), + "::", + stringify!(hashAlg) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).mgf) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_RSA_PKCS_PSS_PARAMS), + "::", + stringify!(mgf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).sLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_RSA_PKCS_PSS_PARAMS), + "::", + stringify!(sLen) + ) + ); +} +pub type CK_RSA_PKCS_PSS_PARAMS_PTR = *mut CK_RSA_PKCS_PSS_PARAMS; +pub type CK_EC_KDF_TYPE = CK_ULONG; +pub type CK_EC_KDF_TYPE_PTR = *mut CK_EC_KDF_TYPE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_ECDH1_DERIVE_PARAMS { + pub kdf: CK_EC_KDF_TYPE, + pub ulSharedDataLen: CK_ULONG, + pub pSharedData: CK_BYTE_PTR, + pub ulPublicDataLen: CK_ULONG, + pub pPublicData: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_ECDH1_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 40usize, + concat!("Size of: ", stringify!(CK_ECDH1_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_ECDH1_DERIVE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).kdf) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH1_DERIVE_PARAMS), + "::", + stringify!(kdf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSharedDataLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH1_DERIVE_PARAMS), + "::", + stringify!(ulSharedDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSharedData) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH1_DERIVE_PARAMS), + "::", + stringify!(pSharedData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH1_DERIVE_PARAMS), + "::", + stringify!(ulPublicDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH1_DERIVE_PARAMS), + "::", + stringify!(pPublicData) + ) + ); +} +impl Default for CK_ECDH1_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_ECDH1_DERIVE_PARAMS_PTR = *mut CK_ECDH1_DERIVE_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_ECDH2_DERIVE_PARAMS { + pub kdf: CK_EC_KDF_TYPE, + pub ulSharedDataLen: CK_ULONG, + pub pSharedData: CK_BYTE_PTR, + pub ulPublicDataLen: CK_ULONG, + pub pPublicData: CK_BYTE_PTR, + pub ulPrivateDataLen: CK_ULONG, + pub hPrivateData: CK_OBJECT_HANDLE, + pub ulPublicDataLen2: CK_ULONG, + pub pPublicData2: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_ECDH2_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 72usize, + concat!("Size of: ", stringify!(CK_ECDH2_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_ECDH2_DERIVE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).kdf) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH2_DERIVE_PARAMS), + "::", + stringify!(kdf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSharedDataLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH2_DERIVE_PARAMS), + "::", + stringify!(ulSharedDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSharedData) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH2_DERIVE_PARAMS), + "::", + stringify!(pSharedData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH2_DERIVE_PARAMS), + "::", + stringify!(ulPublicDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH2_DERIVE_PARAMS), + "::", + stringify!(pPublicData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPrivateDataLen) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH2_DERIVE_PARAMS), + "::", + stringify!(ulPrivateDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hPrivateData) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH2_DERIVE_PARAMS), + "::", + stringify!(hPrivateData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen2) as usize - ptr as usize }, + 56usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH2_DERIVE_PARAMS), + "::", + stringify!(ulPublicDataLen2) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData2) as usize - ptr as usize }, + 64usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH2_DERIVE_PARAMS), + "::", + stringify!(pPublicData2) + ) + ); +} +impl Default for CK_ECDH2_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_ECDH2_DERIVE_PARAMS_PTR = *mut CK_ECDH2_DERIVE_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_ECMQV_DERIVE_PARAMS { + pub kdf: CK_EC_KDF_TYPE, + pub ulSharedDataLen: CK_ULONG, + pub pSharedData: CK_BYTE_PTR, + pub ulPublicDataLen: CK_ULONG, + pub pPublicData: CK_BYTE_PTR, + pub ulPrivateDataLen: CK_ULONG, + pub hPrivateData: CK_OBJECT_HANDLE, + pub ulPublicDataLen2: CK_ULONG, + pub pPublicData2: CK_BYTE_PTR, + pub publicKey: CK_OBJECT_HANDLE, +} +#[test] +fn bindgen_test_layout_CK_ECMQV_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 80usize, + concat!("Size of: ", stringify!(CK_ECMQV_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_ECMQV_DERIVE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).kdf) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_ECMQV_DERIVE_PARAMS), + "::", + stringify!(kdf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSharedDataLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_ECMQV_DERIVE_PARAMS), + "::", + stringify!(ulSharedDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSharedData) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_ECMQV_DERIVE_PARAMS), + "::", + stringify!(pSharedData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_ECMQV_DERIVE_PARAMS), + "::", + stringify!(ulPublicDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_ECMQV_DERIVE_PARAMS), + "::", + stringify!(pPublicData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPrivateDataLen) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_ECMQV_DERIVE_PARAMS), + "::", + stringify!(ulPrivateDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hPrivateData) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_ECMQV_DERIVE_PARAMS), + "::", + stringify!(hPrivateData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen2) as usize - ptr as usize }, + 56usize, + concat!( + "Offset of field: ", + stringify!(CK_ECMQV_DERIVE_PARAMS), + "::", + stringify!(ulPublicDataLen2) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData2) as usize - ptr as usize }, + 64usize, + concat!( + "Offset of field: ", + stringify!(CK_ECMQV_DERIVE_PARAMS), + "::", + stringify!(pPublicData2) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).publicKey) as usize - ptr as usize }, + 72usize, + concat!( + "Offset of field: ", + stringify!(CK_ECMQV_DERIVE_PARAMS), + "::", + stringify!(publicKey) + ) + ); +} +impl Default for CK_ECMQV_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_ECMQV_DERIVE_PARAMS_PTR = *mut CK_ECMQV_DERIVE_PARAMS; +pub type CK_X9_42_DH_KDF_TYPE = CK_ULONG; +pub type CK_X9_42_DH_KDF_TYPE_PTR = *mut CK_X9_42_DH_KDF_TYPE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_X9_42_DH1_DERIVE_PARAMS { + pub kdf: CK_X9_42_DH_KDF_TYPE, + pub ulOtherInfoLen: CK_ULONG, + pub pOtherInfo: CK_BYTE_PTR, + pub ulPublicDataLen: CK_ULONG, + pub pPublicData: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_X9_42_DH1_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 40usize, + concat!("Size of: ", stringify!(CK_X9_42_DH1_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_X9_42_DH1_DERIVE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).kdf) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH1_DERIVE_PARAMS), + "::", + stringify!(kdf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulOtherInfoLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH1_DERIVE_PARAMS), + "::", + stringify!(ulOtherInfoLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOtherInfo) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH1_DERIVE_PARAMS), + "::", + stringify!(pOtherInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH1_DERIVE_PARAMS), + "::", + stringify!(ulPublicDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH1_DERIVE_PARAMS), + "::", + stringify!(pPublicData) + ) + ); +} +impl Default for CK_X9_42_DH1_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_X9_42_DH1_DERIVE_PARAMS_PTR = *mut CK_X9_42_DH1_DERIVE_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_X9_42_DH2_DERIVE_PARAMS { + pub kdf: CK_X9_42_DH_KDF_TYPE, + pub ulOtherInfoLen: CK_ULONG, + pub pOtherInfo: CK_BYTE_PTR, + pub ulPublicDataLen: CK_ULONG, + pub pPublicData: CK_BYTE_PTR, + pub ulPrivateDataLen: CK_ULONG, + pub hPrivateData: CK_OBJECT_HANDLE, + pub ulPublicDataLen2: CK_ULONG, + pub pPublicData2: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_X9_42_DH2_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 72usize, + concat!("Size of: ", stringify!(CK_X9_42_DH2_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_X9_42_DH2_DERIVE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).kdf) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH2_DERIVE_PARAMS), + "::", + stringify!(kdf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulOtherInfoLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH2_DERIVE_PARAMS), + "::", + stringify!(ulOtherInfoLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOtherInfo) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH2_DERIVE_PARAMS), + "::", + stringify!(pOtherInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH2_DERIVE_PARAMS), + "::", + stringify!(ulPublicDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH2_DERIVE_PARAMS), + "::", + stringify!(pPublicData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPrivateDataLen) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH2_DERIVE_PARAMS), + "::", + stringify!(ulPrivateDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hPrivateData) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH2_DERIVE_PARAMS), + "::", + stringify!(hPrivateData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen2) as usize - ptr as usize }, + 56usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH2_DERIVE_PARAMS), + "::", + stringify!(ulPublicDataLen2) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData2) as usize - ptr as usize }, + 64usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH2_DERIVE_PARAMS), + "::", + stringify!(pPublicData2) + ) + ); +} +impl Default for CK_X9_42_DH2_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_X9_42_DH2_DERIVE_PARAMS_PTR = *mut CK_X9_42_DH2_DERIVE_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_X9_42_MQV_DERIVE_PARAMS { + pub kdf: CK_X9_42_DH_KDF_TYPE, + pub ulOtherInfoLen: CK_ULONG, + pub pOtherInfo: CK_BYTE_PTR, + pub ulPublicDataLen: CK_ULONG, + pub pPublicData: CK_BYTE_PTR, + pub ulPrivateDataLen: CK_ULONG, + pub hPrivateData: CK_OBJECT_HANDLE, + pub ulPublicDataLen2: CK_ULONG, + pub pPublicData2: CK_BYTE_PTR, + pub publicKey: CK_OBJECT_HANDLE, +} +#[test] +fn bindgen_test_layout_CK_X9_42_MQV_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 80usize, + concat!("Size of: ", stringify!(CK_X9_42_MQV_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_X9_42_MQV_DERIVE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).kdf) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_MQV_DERIVE_PARAMS), + "::", + stringify!(kdf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulOtherInfoLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_MQV_DERIVE_PARAMS), + "::", + stringify!(ulOtherInfoLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOtherInfo) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_MQV_DERIVE_PARAMS), + "::", + stringify!(pOtherInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_MQV_DERIVE_PARAMS), + "::", + stringify!(ulPublicDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_MQV_DERIVE_PARAMS), + "::", + stringify!(pPublicData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPrivateDataLen) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_MQV_DERIVE_PARAMS), + "::", + stringify!(ulPrivateDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hPrivateData) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_MQV_DERIVE_PARAMS), + "::", + stringify!(hPrivateData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen2) as usize - ptr as usize }, + 56usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_MQV_DERIVE_PARAMS), + "::", + stringify!(ulPublicDataLen2) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData2) as usize - ptr as usize }, + 64usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_MQV_DERIVE_PARAMS), + "::", + stringify!(pPublicData2) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).publicKey) as usize - ptr as usize }, + 72usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_MQV_DERIVE_PARAMS), + "::", + stringify!(publicKey) + ) + ); +} +impl Default for CK_X9_42_MQV_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_X9_42_MQV_DERIVE_PARAMS_PTR = *mut CK_X9_42_MQV_DERIVE_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_KEA_DERIVE_PARAMS { + pub isSender: CK_BBOOL, + pub ulRandomLen: CK_ULONG, + pub pRandomA: CK_BYTE_PTR, + pub pRandomB: CK_BYTE_PTR, + pub ulPublicDataLen: CK_ULONG, + pub pPublicData: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_KEA_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 48usize, + concat!("Size of: ", stringify!(CK_KEA_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_KEA_DERIVE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).isSender) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_KEA_DERIVE_PARAMS), + "::", + stringify!(isSender) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulRandomLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_KEA_DERIVE_PARAMS), + "::", + stringify!(ulRandomLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pRandomA) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_KEA_DERIVE_PARAMS), + "::", + stringify!(pRandomA) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pRandomB) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_KEA_DERIVE_PARAMS), + "::", + stringify!(pRandomB) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_KEA_DERIVE_PARAMS), + "::", + stringify!(ulPublicDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_KEA_DERIVE_PARAMS), + "::", + stringify!(pPublicData) + ) + ); +} +impl Default for CK_KEA_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_KEA_DERIVE_PARAMS_PTR = *mut CK_KEA_DERIVE_PARAMS; +pub type CK_RC2_PARAMS = CK_ULONG; +pub type CK_RC2_PARAMS_PTR = *mut CK_RC2_PARAMS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_RC2_CBC_PARAMS { + pub ulEffectiveBits: CK_ULONG, + pub iv: [CK_BYTE; 8usize], +} +#[test] +fn bindgen_test_layout_CK_RC2_CBC_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 16usize, + concat!("Size of: ", stringify!(CK_RC2_CBC_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_RC2_CBC_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulEffectiveBits) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_RC2_CBC_PARAMS), + "::", + stringify!(ulEffectiveBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).iv) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_RC2_CBC_PARAMS), + "::", + stringify!(iv) + ) + ); +} +pub type CK_RC2_CBC_PARAMS_PTR = *mut CK_RC2_CBC_PARAMS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_RC2_MAC_GENERAL_PARAMS { + pub ulEffectiveBits: CK_ULONG, + pub ulMacLength: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_RC2_MAC_GENERAL_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 16usize, + concat!("Size of: ", stringify!(CK_RC2_MAC_GENERAL_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_RC2_MAC_GENERAL_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulEffectiveBits) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_RC2_MAC_GENERAL_PARAMS), + "::", + stringify!(ulEffectiveBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMacLength) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_RC2_MAC_GENERAL_PARAMS), + "::", + stringify!(ulMacLength) + ) + ); +} +pub type CK_RC2_MAC_GENERAL_PARAMS_PTR = *mut CK_RC2_MAC_GENERAL_PARAMS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_RC5_PARAMS { + pub ulWordsize: CK_ULONG, + pub ulRounds: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_RC5_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 16usize, + concat!("Size of: ", stringify!(CK_RC5_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_RC5_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulWordsize) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_RC5_PARAMS), + "::", + stringify!(ulWordsize) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulRounds) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_RC5_PARAMS), + "::", + stringify!(ulRounds) + ) + ); +} +pub type CK_RC5_PARAMS_PTR = *mut CK_RC5_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_RC5_CBC_PARAMS { + pub ulWordsize: CK_ULONG, + pub ulRounds: CK_ULONG, + pub pIv: CK_BYTE_PTR, + pub ulIvLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_RC5_CBC_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 32usize, + concat!("Size of: ", stringify!(CK_RC5_CBC_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_RC5_CBC_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulWordsize) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_RC5_CBC_PARAMS), + "::", + stringify!(ulWordsize) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulRounds) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_RC5_CBC_PARAMS), + "::", + stringify!(ulRounds) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pIv) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_RC5_CBC_PARAMS), + "::", + stringify!(pIv) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIvLen) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_RC5_CBC_PARAMS), + "::", + stringify!(ulIvLen) + ) + ); +} +impl Default for CK_RC5_CBC_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_RC5_CBC_PARAMS_PTR = *mut CK_RC5_CBC_PARAMS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_RC5_MAC_GENERAL_PARAMS { + pub ulWordsize: CK_ULONG, + pub ulRounds: CK_ULONG, + pub ulMacLength: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_RC5_MAC_GENERAL_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(CK_RC5_MAC_GENERAL_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_RC5_MAC_GENERAL_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulWordsize) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_RC5_MAC_GENERAL_PARAMS), + "::", + stringify!(ulWordsize) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulRounds) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_RC5_MAC_GENERAL_PARAMS), + "::", + stringify!(ulRounds) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMacLength) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_RC5_MAC_GENERAL_PARAMS), + "::", + stringify!(ulMacLength) + ) + ); +} +pub type CK_RC5_MAC_GENERAL_PARAMS_PTR = *mut CK_RC5_MAC_GENERAL_PARAMS; +pub type CK_MAC_GENERAL_PARAMS = CK_ULONG; +pub type CK_MAC_GENERAL_PARAMS_PTR = *mut CK_MAC_GENERAL_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_DES_CBC_ENCRYPT_DATA_PARAMS { + pub iv: [CK_BYTE; 8usize], + pub pData: CK_BYTE_PTR, + pub length: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_DES_CBC_ENCRYPT_DATA_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(CK_DES_CBC_ENCRYPT_DATA_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_DES_CBC_ENCRYPT_DATA_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).iv) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_DES_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(iv) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pData) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_DES_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(pData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).length) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_DES_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(length) + ) + ); +} +impl Default for CK_DES_CBC_ENCRYPT_DATA_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR = *mut CK_DES_CBC_ENCRYPT_DATA_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_AES_CBC_ENCRYPT_DATA_PARAMS { + pub iv: [CK_BYTE; 16usize], + pub pData: CK_BYTE_PTR, + pub length: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_AES_CBC_ENCRYPT_DATA_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 32usize, + concat!("Size of: ", stringify!(CK_AES_CBC_ENCRYPT_DATA_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_AES_CBC_ENCRYPT_DATA_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).iv) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(iv) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pData) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(pData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).length) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(length) + ) + ); +} +impl Default for CK_AES_CBC_ENCRYPT_DATA_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR = *mut CK_AES_CBC_ENCRYPT_DATA_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS { + pub ulPasswordLen: CK_ULONG, + pub pPassword: CK_BYTE_PTR, + pub ulPublicDataLen: CK_ULONG, + pub pPublicData: CK_BYTE_PTR, + pub ulPAndGLen: CK_ULONG, + pub ulQLen: CK_ULONG, + pub ulRandomLen: CK_ULONG, + pub pRandomA: CK_BYTE_PTR, + pub pPrimeP: CK_BYTE_PTR, + pub pBaseG: CK_BYTE_PTR, + pub pSubprimeQ: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_SKIPJACK_PRIVATE_WRAP_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 88usize, + concat!("Size of: ", stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPasswordLen) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS), + "::", + stringify!(ulPasswordLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPassword) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS), + "::", + stringify!(pPassword) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS), + "::", + stringify!(ulPublicDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS), + "::", + stringify!(pPublicData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPAndGLen) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS), + "::", + stringify!(ulPAndGLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulQLen) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS), + "::", + stringify!(ulQLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulRandomLen) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS), + "::", + stringify!(ulRandomLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pRandomA) as usize - ptr as usize }, + 56usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS), + "::", + stringify!(pRandomA) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPrimeP) as usize - ptr as usize }, + 64usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS), + "::", + stringify!(pPrimeP) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pBaseG) as usize - ptr as usize }, + 72usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS), + "::", + stringify!(pBaseG) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSubprimeQ) as usize - ptr as usize }, + 80usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS), + "::", + stringify!(pSubprimeQ) + ) + ); +} +impl Default for CK_SKIPJACK_PRIVATE_WRAP_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_SKIPJACK_PRIVATE_WRAP_PARAMS_PTR = *mut CK_SKIPJACK_PRIVATE_WRAP_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SKIPJACK_RELAYX_PARAMS { + pub ulOldWrappedXLen: CK_ULONG, + pub pOldWrappedX: CK_BYTE_PTR, + pub ulOldPasswordLen: CK_ULONG, + pub pOldPassword: CK_BYTE_PTR, + pub ulOldPublicDataLen: CK_ULONG, + pub pOldPublicData: CK_BYTE_PTR, + pub ulOldRandomLen: CK_ULONG, + pub pOldRandomA: CK_BYTE_PTR, + pub ulNewPasswordLen: CK_ULONG, + pub pNewPassword: CK_BYTE_PTR, + pub ulNewPublicDataLen: CK_ULONG, + pub pNewPublicData: CK_BYTE_PTR, + pub ulNewRandomLen: CK_ULONG, + pub pNewRandomA: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_SKIPJACK_RELAYX_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 112usize, + concat!("Size of: ", stringify!(CK_SKIPJACK_RELAYX_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_SKIPJACK_RELAYX_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulOldWrappedXLen) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(ulOldWrappedXLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOldWrappedX) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(pOldWrappedX) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulOldPasswordLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(ulOldPasswordLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOldPassword) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(pOldPassword) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulOldPublicDataLen) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(ulOldPublicDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOldPublicData) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(pOldPublicData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulOldRandomLen) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(ulOldRandomLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOldRandomA) as usize - ptr as usize }, + 56usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(pOldRandomA) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNewPasswordLen) as usize - ptr as usize }, + 64usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(ulNewPasswordLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pNewPassword) as usize - ptr as usize }, + 72usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(pNewPassword) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNewPublicDataLen) as usize - ptr as usize }, + 80usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(ulNewPublicDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pNewPublicData) as usize - ptr as usize }, + 88usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(pNewPublicData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNewRandomLen) as usize - ptr as usize }, + 96usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(ulNewRandomLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pNewRandomA) as usize - ptr as usize }, + 104usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(pNewRandomA) + ) + ); +} +impl Default for CK_SKIPJACK_RELAYX_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_SKIPJACK_RELAYX_PARAMS_PTR = *mut CK_SKIPJACK_RELAYX_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_PBE_PARAMS { + pub pInitVector: CK_BYTE_PTR, + pub pPassword: CK_UTF8CHAR_PTR, + pub ulPasswordLen: CK_ULONG, + pub pSalt: CK_BYTE_PTR, + pub ulSaltLen: CK_ULONG, + pub ulIteration: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_PBE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 48usize, + concat!("Size of: ", stringify!(CK_PBE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_PBE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pInitVector) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_PBE_PARAMS), + "::", + stringify!(pInitVector) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPassword) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_PBE_PARAMS), + "::", + stringify!(pPassword) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPasswordLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_PBE_PARAMS), + "::", + stringify!(ulPasswordLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSalt) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_PBE_PARAMS), + "::", + stringify!(pSalt) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSaltLen) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_PBE_PARAMS), + "::", + stringify!(ulSaltLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIteration) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_PBE_PARAMS), + "::", + stringify!(ulIteration) + ) + ); +} +impl Default for CK_PBE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_PBE_PARAMS_PTR = *mut CK_PBE_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_KEY_WRAP_SET_OAEP_PARAMS { + pub bBC: CK_BYTE, + pub pX: CK_BYTE_PTR, + pub ulXLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_KEY_WRAP_SET_OAEP_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(CK_KEY_WRAP_SET_OAEP_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_KEY_WRAP_SET_OAEP_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bBC) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_KEY_WRAP_SET_OAEP_PARAMS), + "::", + stringify!(bBC) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pX) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_KEY_WRAP_SET_OAEP_PARAMS), + "::", + stringify!(pX) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulXLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_KEY_WRAP_SET_OAEP_PARAMS), + "::", + stringify!(ulXLen) + ) + ); +} +impl Default for CK_KEY_WRAP_SET_OAEP_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_KEY_WRAP_SET_OAEP_PARAMS_PTR = *mut CK_KEY_WRAP_SET_OAEP_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SSL3_RANDOM_DATA { + pub pClientRandom: CK_BYTE_PTR, + pub ulClientRandomLen: CK_ULONG, + pub pServerRandom: CK_BYTE_PTR, + pub ulServerRandomLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_SSL3_RANDOM_DATA() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 32usize, + concat!("Size of: ", stringify!(CK_SSL3_RANDOM_DATA)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_SSL3_RANDOM_DATA)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pClientRandom) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_RANDOM_DATA), + "::", + stringify!(pClientRandom) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulClientRandomLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_RANDOM_DATA), + "::", + stringify!(ulClientRandomLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pServerRandom) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_RANDOM_DATA), + "::", + stringify!(pServerRandom) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulServerRandomLen) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_RANDOM_DATA), + "::", + stringify!(ulServerRandomLen) + ) + ); +} +impl Default for CK_SSL3_RANDOM_DATA { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS { + pub RandomInfo: CK_SSL3_RANDOM_DATA, + pub pVersion: CK_VERSION_PTR, +} +#[test] +fn bindgen_test_layout_CK_SSL3_MASTER_KEY_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 40usize, + concat!("Size of: ", stringify!(CK_SSL3_MASTER_KEY_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!( + "Alignment of ", + stringify!(CK_SSL3_MASTER_KEY_DERIVE_PARAMS) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).RandomInfo) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_MASTER_KEY_DERIVE_PARAMS), + "::", + stringify!(RandomInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pVersion) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_MASTER_KEY_DERIVE_PARAMS), + "::", + stringify!(pVersion) + ) + ); +} +impl Default for CK_SSL3_MASTER_KEY_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR = *mut CK_SSL3_MASTER_KEY_DERIVE_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SSL3_KEY_MAT_OUT { + pub hClientMacSecret: CK_OBJECT_HANDLE, + pub hServerMacSecret: CK_OBJECT_HANDLE, + pub hClientKey: CK_OBJECT_HANDLE, + pub hServerKey: CK_OBJECT_HANDLE, + pub pIVClient: CK_BYTE_PTR, + pub pIVServer: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_SSL3_KEY_MAT_OUT() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 48usize, + concat!("Size of: ", stringify!(CK_SSL3_KEY_MAT_OUT)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_SSL3_KEY_MAT_OUT)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hClientMacSecret) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_KEY_MAT_OUT), + "::", + stringify!(hClientMacSecret) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hServerMacSecret) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_KEY_MAT_OUT), + "::", + stringify!(hServerMacSecret) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hClientKey) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_KEY_MAT_OUT), + "::", + stringify!(hClientKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hServerKey) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_KEY_MAT_OUT), + "::", + stringify!(hServerKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pIVClient) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_KEY_MAT_OUT), + "::", + stringify!(pIVClient) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pIVServer) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_KEY_MAT_OUT), + "::", + stringify!(pIVServer) + ) + ); +} +impl Default for CK_SSL3_KEY_MAT_OUT { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_SSL3_KEY_MAT_OUT_PTR = *mut CK_SSL3_KEY_MAT_OUT; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SSL3_KEY_MAT_PARAMS { + pub ulMacSizeInBits: CK_ULONG, + pub ulKeySizeInBits: CK_ULONG, + pub ulIVSizeInBits: CK_ULONG, + pub bIsExport: CK_BBOOL, + pub RandomInfo: CK_SSL3_RANDOM_DATA, + pub pReturnedKeyMaterial: CK_SSL3_KEY_MAT_OUT_PTR, +} +#[test] +fn bindgen_test_layout_CK_SSL3_KEY_MAT_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 72usize, + concat!("Size of: ", stringify!(CK_SSL3_KEY_MAT_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_SSL3_KEY_MAT_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMacSizeInBits) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_KEY_MAT_PARAMS), + "::", + stringify!(ulMacSizeInBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulKeySizeInBits) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_KEY_MAT_PARAMS), + "::", + stringify!(ulKeySizeInBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIVSizeInBits) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_KEY_MAT_PARAMS), + "::", + stringify!(ulIVSizeInBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bIsExport) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_KEY_MAT_PARAMS), + "::", + stringify!(bIsExport) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).RandomInfo) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_KEY_MAT_PARAMS), + "::", + stringify!(RandomInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pReturnedKeyMaterial) as usize - ptr as usize }, + 64usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_KEY_MAT_PARAMS), + "::", + stringify!(pReturnedKeyMaterial) + ) + ); +} +impl Default for CK_SSL3_KEY_MAT_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_SSL3_KEY_MAT_PARAMS_PTR = *mut CK_SSL3_KEY_MAT_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_TLS_PRF_PARAMS { + pub pSeed: CK_BYTE_PTR, + pub ulSeedLen: CK_ULONG, + pub pLabel: CK_BYTE_PTR, + pub ulLabelLen: CK_ULONG, + pub pOutput: CK_BYTE_PTR, + pub pulOutputLen: CK_ULONG_PTR, +} +#[test] +fn bindgen_test_layout_CK_TLS_PRF_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 48usize, + concat!("Size of: ", stringify!(CK_TLS_PRF_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_TLS_PRF_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSeed) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_PRF_PARAMS), + "::", + stringify!(pSeed) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSeedLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_PRF_PARAMS), + "::", + stringify!(ulSeedLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pLabel) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_PRF_PARAMS), + "::", + stringify!(pLabel) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulLabelLen) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_PRF_PARAMS), + "::", + stringify!(ulLabelLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOutput) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_PRF_PARAMS), + "::", + stringify!(pOutput) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pulOutputLen) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_PRF_PARAMS), + "::", + stringify!(pulOutputLen) + ) + ); +} +impl Default for CK_TLS_PRF_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_TLS_PRF_PARAMS_PTR = *mut CK_TLS_PRF_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_WTLS_RANDOM_DATA { + pub pClientRandom: CK_BYTE_PTR, + pub ulClientRandomLen: CK_ULONG, + pub pServerRandom: CK_BYTE_PTR, + pub ulServerRandomLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_WTLS_RANDOM_DATA() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 32usize, + concat!("Size of: ", stringify!(CK_WTLS_RANDOM_DATA)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_WTLS_RANDOM_DATA)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pClientRandom) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_RANDOM_DATA), + "::", + stringify!(pClientRandom) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulClientRandomLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_RANDOM_DATA), + "::", + stringify!(ulClientRandomLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pServerRandom) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_RANDOM_DATA), + "::", + stringify!(pServerRandom) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulServerRandomLen) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_RANDOM_DATA), + "::", + stringify!(ulServerRandomLen) + ) + ); +} +impl Default for CK_WTLS_RANDOM_DATA { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_WTLS_RANDOM_DATA_PTR = *mut CK_WTLS_RANDOM_DATA; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS { + pub DigestMechanism: CK_MECHANISM_TYPE, + pub RandomInfo: CK_WTLS_RANDOM_DATA, + pub pVersion: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_WTLS_MASTER_KEY_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 48usize, + concat!("Size of: ", stringify!(CK_WTLS_MASTER_KEY_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!( + "Alignment of ", + stringify!(CK_WTLS_MASTER_KEY_DERIVE_PARAMS) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).DigestMechanism) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_MASTER_KEY_DERIVE_PARAMS), + "::", + stringify!(DigestMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).RandomInfo) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_MASTER_KEY_DERIVE_PARAMS), + "::", + stringify!(RandomInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pVersion) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_MASTER_KEY_DERIVE_PARAMS), + "::", + stringify!(pVersion) + ) + ); +} +impl Default for CK_WTLS_MASTER_KEY_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR = *mut CK_WTLS_MASTER_KEY_DERIVE_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_WTLS_PRF_PARAMS { + pub DigestMechanism: CK_MECHANISM_TYPE, + pub pSeed: CK_BYTE_PTR, + pub ulSeedLen: CK_ULONG, + pub pLabel: CK_BYTE_PTR, + pub ulLabelLen: CK_ULONG, + pub pOutput: CK_BYTE_PTR, + pub pulOutputLen: CK_ULONG_PTR, +} +#[test] +fn bindgen_test_layout_CK_WTLS_PRF_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 56usize, + concat!("Size of: ", stringify!(CK_WTLS_PRF_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_WTLS_PRF_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).DigestMechanism) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_PRF_PARAMS), + "::", + stringify!(DigestMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSeed) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_PRF_PARAMS), + "::", + stringify!(pSeed) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSeedLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_PRF_PARAMS), + "::", + stringify!(ulSeedLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pLabel) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_PRF_PARAMS), + "::", + stringify!(pLabel) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulLabelLen) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_PRF_PARAMS), + "::", + stringify!(ulLabelLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOutput) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_PRF_PARAMS), + "::", + stringify!(pOutput) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pulOutputLen) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_PRF_PARAMS), + "::", + stringify!(pulOutputLen) + ) + ); +} +impl Default for CK_WTLS_PRF_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_WTLS_PRF_PARAMS_PTR = *mut CK_WTLS_PRF_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_WTLS_KEY_MAT_OUT { + pub hMacSecret: CK_OBJECT_HANDLE, + pub hKey: CK_OBJECT_HANDLE, + pub pIV: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_WTLS_KEY_MAT_OUT() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(CK_WTLS_KEY_MAT_OUT)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_WTLS_KEY_MAT_OUT)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hMacSecret) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_KEY_MAT_OUT), + "::", + stringify!(hMacSecret) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hKey) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_KEY_MAT_OUT), + "::", + stringify!(hKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pIV) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_KEY_MAT_OUT), + "::", + stringify!(pIV) + ) + ); +} +impl Default for CK_WTLS_KEY_MAT_OUT { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_WTLS_KEY_MAT_OUT_PTR = *mut CK_WTLS_KEY_MAT_OUT; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_WTLS_KEY_MAT_PARAMS { + pub DigestMechanism: CK_MECHANISM_TYPE, + pub ulMacSizeInBits: CK_ULONG, + pub ulKeySizeInBits: CK_ULONG, + pub ulIVSizeInBits: CK_ULONG, + pub ulSequenceNumber: CK_ULONG, + pub bIsExport: CK_BBOOL, + pub RandomInfo: CK_WTLS_RANDOM_DATA, + pub pReturnedKeyMaterial: CK_WTLS_KEY_MAT_OUT_PTR, +} +#[test] +fn bindgen_test_layout_CK_WTLS_KEY_MAT_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 88usize, + concat!("Size of: ", stringify!(CK_WTLS_KEY_MAT_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_WTLS_KEY_MAT_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).DigestMechanism) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_KEY_MAT_PARAMS), + "::", + stringify!(DigestMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMacSizeInBits) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_KEY_MAT_PARAMS), + "::", + stringify!(ulMacSizeInBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulKeySizeInBits) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_KEY_MAT_PARAMS), + "::", + stringify!(ulKeySizeInBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIVSizeInBits) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_KEY_MAT_PARAMS), + "::", + stringify!(ulIVSizeInBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSequenceNumber) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_KEY_MAT_PARAMS), + "::", + stringify!(ulSequenceNumber) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bIsExport) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_KEY_MAT_PARAMS), + "::", + stringify!(bIsExport) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).RandomInfo) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_KEY_MAT_PARAMS), + "::", + stringify!(RandomInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pReturnedKeyMaterial) as usize - ptr as usize }, + 80usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_KEY_MAT_PARAMS), + "::", + stringify!(pReturnedKeyMaterial) + ) + ); +} +impl Default for CK_WTLS_KEY_MAT_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_WTLS_KEY_MAT_PARAMS_PTR = *mut CK_WTLS_KEY_MAT_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_CMS_SIG_PARAMS { + pub certificateHandle: CK_OBJECT_HANDLE, + pub pSigningMechanism: CK_MECHANISM_PTR, + pub pDigestMechanism: CK_MECHANISM_PTR, + pub pContentType: CK_UTF8CHAR_PTR, + pub pRequestedAttributes: CK_BYTE_PTR, + pub ulRequestedAttributesLen: CK_ULONG, + pub pRequiredAttributes: CK_BYTE_PTR, + pub ulRequiredAttributesLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_CMS_SIG_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 64usize, + concat!("Size of: ", stringify!(CK_CMS_SIG_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_CMS_SIG_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).certificateHandle) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_CMS_SIG_PARAMS), + "::", + stringify!(certificateHandle) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSigningMechanism) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_CMS_SIG_PARAMS), + "::", + stringify!(pSigningMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pDigestMechanism) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_CMS_SIG_PARAMS), + "::", + stringify!(pDigestMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pContentType) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_CMS_SIG_PARAMS), + "::", + stringify!(pContentType) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pRequestedAttributes) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_CMS_SIG_PARAMS), + "::", + stringify!(pRequestedAttributes) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulRequestedAttributesLen) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_CMS_SIG_PARAMS), + "::", + stringify!(ulRequestedAttributesLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pRequiredAttributes) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_CMS_SIG_PARAMS), + "::", + stringify!(pRequiredAttributes) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulRequiredAttributesLen) as usize - ptr as usize }, + 56usize, + concat!( + "Offset of field: ", + stringify!(CK_CMS_SIG_PARAMS), + "::", + stringify!(ulRequiredAttributesLen) + ) + ); +} +impl Default for CK_CMS_SIG_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_CMS_SIG_PARAMS_PTR = *mut CK_CMS_SIG_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_KEY_DERIVATION_STRING_DATA { + pub pData: CK_BYTE_PTR, + pub ulLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_KEY_DERIVATION_STRING_DATA() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 16usize, + concat!("Size of: ", stringify!(CK_KEY_DERIVATION_STRING_DATA)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_KEY_DERIVATION_STRING_DATA)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pData) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_KEY_DERIVATION_STRING_DATA), + "::", + stringify!(pData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_KEY_DERIVATION_STRING_DATA), + "::", + stringify!(ulLen) + ) + ); +} +impl Default for CK_KEY_DERIVATION_STRING_DATA { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_KEY_DERIVATION_STRING_DATA_PTR = *mut CK_KEY_DERIVATION_STRING_DATA; +pub type CK_EXTRACT_PARAMS = CK_ULONG; +pub type CK_EXTRACT_PARAMS_PTR = *mut CK_EXTRACT_PARAMS; +pub type CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE = CK_ULONG; +pub type CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR = + *mut CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE; +pub type CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE = CK_ULONG; +pub type CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR = *mut CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_PKCS5_PBKD2_PARAMS { + pub saltSource: CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE, + pub pSaltSourceData: CK_VOID_PTR, + pub ulSaltSourceDataLen: CK_ULONG, + pub iterations: CK_ULONG, + pub prf: CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE, + pub pPrfData: CK_VOID_PTR, + pub ulPrfDataLen: CK_ULONG, + pub pPassword: CK_UTF8CHAR_PTR, + pub ulPasswordLen: CK_ULONG_PTR, +} +#[test] +fn bindgen_test_layout_CK_PKCS5_PBKD2_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 72usize, + concat!("Size of: ", stringify!(CK_PKCS5_PBKD2_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_PKCS5_PBKD2_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).saltSource) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS), + "::", + stringify!(saltSource) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSaltSourceData) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS), + "::", + stringify!(pSaltSourceData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSaltSourceDataLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS), + "::", + stringify!(ulSaltSourceDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).iterations) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS), + "::", + stringify!(iterations) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prf) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS), + "::", + stringify!(prf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPrfData) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS), + "::", + stringify!(pPrfData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPrfDataLen) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS), + "::", + stringify!(ulPrfDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPassword) as usize - ptr as usize }, + 56usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS), + "::", + stringify!(pPassword) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPasswordLen) as usize - ptr as usize }, + 64usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS), + "::", + stringify!(ulPasswordLen) + ) + ); +} +impl Default for CK_PKCS5_PBKD2_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_PKCS5_PBKD2_PARAMS_PTR = *mut CK_PKCS5_PBKD2_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_PKCS5_PBKD2_PARAMS2 { + pub saltSource: CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE, + pub pSaltSourceData: CK_VOID_PTR, + pub ulSaltSourceDataLen: CK_ULONG, + pub iterations: CK_ULONG, + pub prf: CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE, + pub pPrfData: CK_VOID_PTR, + pub ulPrfDataLen: CK_ULONG, + pub pPassword: CK_UTF8CHAR_PTR, + pub ulPasswordLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_PKCS5_PBKD2_PARAMS2() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 72usize, + concat!("Size of: ", stringify!(CK_PKCS5_PBKD2_PARAMS2)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_PKCS5_PBKD2_PARAMS2)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).saltSource) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS2), + "::", + stringify!(saltSource) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSaltSourceData) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS2), + "::", + stringify!(pSaltSourceData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSaltSourceDataLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS2), + "::", + stringify!(ulSaltSourceDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).iterations) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS2), + "::", + stringify!(iterations) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prf) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS2), + "::", + stringify!(prf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPrfData) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS2), + "::", + stringify!(pPrfData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPrfDataLen) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS2), + "::", + stringify!(ulPrfDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPassword) as usize - ptr as usize }, + 56usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS2), + "::", + stringify!(pPassword) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPasswordLen) as usize - ptr as usize }, + 64usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS2), + "::", + stringify!(ulPasswordLen) + ) + ); +} +impl Default for CK_PKCS5_PBKD2_PARAMS2 { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_PKCS5_PBKD2_PARAMS2_PTR = *mut CK_PKCS5_PBKD2_PARAMS2; +pub type CK_OTP_PARAM_TYPE = CK_ULONG; +pub type CK_PARAM_TYPE = CK_OTP_PARAM_TYPE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_OTP_PARAM { + pub type_: CK_OTP_PARAM_TYPE, + pub pValue: CK_VOID_PTR, + pub ulValueLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_OTP_PARAM() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(CK_OTP_PARAM)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_OTP_PARAM)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).type_) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_OTP_PARAM), + "::", + stringify!(type_) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pValue) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_OTP_PARAM), + "::", + stringify!(pValue) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulValueLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_OTP_PARAM), + "::", + stringify!(ulValueLen) + ) + ); +} +impl Default for CK_OTP_PARAM { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_OTP_PARAM_PTR = *mut CK_OTP_PARAM; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_OTP_PARAMS { + pub pParams: CK_OTP_PARAM_PTR, + pub ulCount: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_OTP_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 16usize, + concat!("Size of: ", stringify!(CK_OTP_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_OTP_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pParams) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_OTP_PARAMS), + "::", + stringify!(pParams) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulCount) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_OTP_PARAMS), + "::", + stringify!(ulCount) + ) + ); +} +impl Default for CK_OTP_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_OTP_PARAMS_PTR = *mut CK_OTP_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_OTP_SIGNATURE_INFO { + pub pParams: CK_OTP_PARAM_PTR, + pub ulCount: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_OTP_SIGNATURE_INFO() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 16usize, + concat!("Size of: ", stringify!(CK_OTP_SIGNATURE_INFO)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_OTP_SIGNATURE_INFO)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pParams) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_OTP_SIGNATURE_INFO), + "::", + stringify!(pParams) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulCount) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_OTP_SIGNATURE_INFO), + "::", + stringify!(ulCount) + ) + ); +} +impl Default for CK_OTP_SIGNATURE_INFO { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_OTP_SIGNATURE_INFO_PTR = *mut CK_OTP_SIGNATURE_INFO; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_KIP_PARAMS { + pub pMechanism: CK_MECHANISM_PTR, + pub hKey: CK_OBJECT_HANDLE, + pub pSeed: CK_BYTE_PTR, + pub ulSeedLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_KIP_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 32usize, + concat!("Size of: ", stringify!(CK_KIP_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_KIP_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pMechanism) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_KIP_PARAMS), + "::", + stringify!(pMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hKey) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_KIP_PARAMS), + "::", + stringify!(hKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSeed) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_KIP_PARAMS), + "::", + stringify!(pSeed) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSeedLen) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_KIP_PARAMS), + "::", + stringify!(ulSeedLen) + ) + ); +} +impl Default for CK_KIP_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_KIP_PARAMS_PTR = *mut CK_KIP_PARAMS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_AES_CTR_PARAMS { + pub ulCounterBits: CK_ULONG, + pub cb: [CK_BYTE; 16usize], +} +#[test] +fn bindgen_test_layout_CK_AES_CTR_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(CK_AES_CTR_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_AES_CTR_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulCounterBits) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_CTR_PARAMS), + "::", + stringify!(ulCounterBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).cb) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_CTR_PARAMS), + "::", + stringify!(cb) + ) + ); +} +pub type CK_AES_CTR_PARAMS_PTR = *mut CK_AES_CTR_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_GCM_PARAMS { + pub pIv: CK_BYTE_PTR, + pub ulIvLen: CK_ULONG, + pub ulIvBits: CK_ULONG, + pub pAAD: CK_BYTE_PTR, + pub ulAADLen: CK_ULONG, + pub ulTagBits: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_GCM_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 48usize, + concat!("Size of: ", stringify!(CK_GCM_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_GCM_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pIv) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_GCM_PARAMS), + "::", + stringify!(pIv) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIvLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_GCM_PARAMS), + "::", + stringify!(ulIvLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIvBits) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_GCM_PARAMS), + "::", + stringify!(ulIvBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pAAD) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_GCM_PARAMS), + "::", + stringify!(pAAD) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulAADLen) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_GCM_PARAMS), + "::", + stringify!(ulAADLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulTagBits) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_GCM_PARAMS), + "::", + stringify!(ulTagBits) + ) + ); +} +impl Default for CK_GCM_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_GCM_PARAMS_PTR = *mut CK_GCM_PARAMS; +pub type CK_GENERATOR_FUNCTION = CK_ULONG; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_GCM_MESSAGE_PARAMS { + pub pIv: CK_BYTE_PTR, + pub ulIvLen: CK_ULONG, + pub ulIvFixedBits: CK_ULONG, + pub ivGenerator: CK_GENERATOR_FUNCTION, + pub pTag: CK_BYTE_PTR, + pub ulTagBits: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_GCM_MESSAGE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 48usize, + concat!("Size of: ", stringify!(CK_GCM_MESSAGE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_GCM_MESSAGE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pIv) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_GCM_MESSAGE_PARAMS), + "::", + stringify!(pIv) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIvLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_GCM_MESSAGE_PARAMS), + "::", + stringify!(ulIvLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIvFixedBits) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_GCM_MESSAGE_PARAMS), + "::", + stringify!(ulIvFixedBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ivGenerator) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_GCM_MESSAGE_PARAMS), + "::", + stringify!(ivGenerator) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pTag) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_GCM_MESSAGE_PARAMS), + "::", + stringify!(pTag) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulTagBits) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_GCM_MESSAGE_PARAMS), + "::", + stringify!(ulTagBits) + ) + ); +} +impl Default for CK_GCM_MESSAGE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_GCM_MESSAGE_PARAMS_PTR = *mut CK_GCM_MESSAGE_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_CCM_PARAMS { + pub ulDataLen: CK_ULONG, + pub pNonce: CK_BYTE_PTR, + pub ulNonceLen: CK_ULONG, + pub pAAD: CK_BYTE_PTR, + pub ulAADLen: CK_ULONG, + pub ulMACLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_CCM_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 48usize, + concat!("Size of: ", stringify!(CK_CCM_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_CCM_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulDataLen) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_PARAMS), + "::", + stringify!(ulDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pNonce) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_PARAMS), + "::", + stringify!(pNonce) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNonceLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_PARAMS), + "::", + stringify!(ulNonceLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pAAD) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_PARAMS), + "::", + stringify!(pAAD) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulAADLen) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_PARAMS), + "::", + stringify!(ulAADLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMACLen) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_PARAMS), + "::", + stringify!(ulMACLen) + ) + ); +} +impl Default for CK_CCM_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_CCM_PARAMS_PTR = *mut CK_CCM_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_CCM_MESSAGE_PARAMS { + pub ulDataLen: CK_ULONG, + pub pNonce: CK_BYTE_PTR, + pub ulNonceLen: CK_ULONG, + pub ulNonceFixedBits: CK_ULONG, + pub nonceGenerator: CK_GENERATOR_FUNCTION, + pub pMAC: CK_BYTE_PTR, + pub ulMACLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_CCM_MESSAGE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 56usize, + concat!("Size of: ", stringify!(CK_CCM_MESSAGE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_CCM_MESSAGE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulDataLen) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_MESSAGE_PARAMS), + "::", + stringify!(ulDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pNonce) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_MESSAGE_PARAMS), + "::", + stringify!(pNonce) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNonceLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_MESSAGE_PARAMS), + "::", + stringify!(ulNonceLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNonceFixedBits) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_MESSAGE_PARAMS), + "::", + stringify!(ulNonceFixedBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).nonceGenerator) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_MESSAGE_PARAMS), + "::", + stringify!(nonceGenerator) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pMAC) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_MESSAGE_PARAMS), + "::", + stringify!(pMAC) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMACLen) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_MESSAGE_PARAMS), + "::", + stringify!(ulMACLen) + ) + ); +} +impl Default for CK_CCM_MESSAGE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_CCM_MESSAGE_PARAMS_PTR = *mut CK_CCM_MESSAGE_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_AES_GCM_PARAMS { + pub pIv: CK_BYTE_PTR, + pub ulIvLen: CK_ULONG, + pub ulIvBits: CK_ULONG, + pub pAAD: CK_BYTE_PTR, + pub ulAADLen: CK_ULONG, + pub ulTagBits: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_AES_GCM_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 48usize, + concat!("Size of: ", stringify!(CK_AES_GCM_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_AES_GCM_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pIv) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_GCM_PARAMS), + "::", + stringify!(pIv) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIvLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_GCM_PARAMS), + "::", + stringify!(ulIvLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIvBits) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_GCM_PARAMS), + "::", + stringify!(ulIvBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pAAD) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_GCM_PARAMS), + "::", + stringify!(pAAD) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulAADLen) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_GCM_PARAMS), + "::", + stringify!(ulAADLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulTagBits) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_GCM_PARAMS), + "::", + stringify!(ulTagBits) + ) + ); +} +impl Default for CK_AES_GCM_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_AES_GCM_PARAMS_PTR = *mut CK_AES_GCM_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_AES_CCM_PARAMS { + pub ulDataLen: CK_ULONG, + pub pNonce: CK_BYTE_PTR, + pub ulNonceLen: CK_ULONG, + pub pAAD: CK_BYTE_PTR, + pub ulAADLen: CK_ULONG, + pub ulMACLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_AES_CCM_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 48usize, + concat!("Size of: ", stringify!(CK_AES_CCM_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_AES_CCM_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulDataLen) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_CCM_PARAMS), + "::", + stringify!(ulDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pNonce) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_CCM_PARAMS), + "::", + stringify!(pNonce) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNonceLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_CCM_PARAMS), + "::", + stringify!(ulNonceLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pAAD) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_CCM_PARAMS), + "::", + stringify!(pAAD) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulAADLen) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_CCM_PARAMS), + "::", + stringify!(ulAADLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMACLen) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_CCM_PARAMS), + "::", + stringify!(ulMACLen) + ) + ); +} +impl Default for CK_AES_CCM_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_AES_CCM_PARAMS_PTR = *mut CK_AES_CCM_PARAMS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_CAMELLIA_CTR_PARAMS { + pub ulCounterBits: CK_ULONG, + pub cb: [CK_BYTE; 16usize], +} +#[test] +fn bindgen_test_layout_CK_CAMELLIA_CTR_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(CK_CAMELLIA_CTR_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_CAMELLIA_CTR_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulCounterBits) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_CAMELLIA_CTR_PARAMS), + "::", + stringify!(ulCounterBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).cb) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_CAMELLIA_CTR_PARAMS), + "::", + stringify!(cb) + ) + ); +} +pub type CK_CAMELLIA_CTR_PARAMS_PTR = *mut CK_CAMELLIA_CTR_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS { + pub iv: [CK_BYTE; 16usize], + pub pData: CK_BYTE_PTR, + pub length: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 32usize, + concat!("Size of: ", stringify!(CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!( + "Alignment of ", + stringify!(CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).iv) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(iv) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pData) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(pData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).length) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(length) + ) + ); +} +impl Default for CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR = *mut CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS { + pub iv: [CK_BYTE; 16usize], + pub pData: CK_BYTE_PTR, + pub length: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_ARIA_CBC_ENCRYPT_DATA_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 32usize, + concat!("Size of: ", stringify!(CK_ARIA_CBC_ENCRYPT_DATA_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_ARIA_CBC_ENCRYPT_DATA_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).iv) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_ARIA_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(iv) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pData) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_ARIA_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(pData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).length) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_ARIA_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(length) + ) + ); +} +impl Default for CK_ARIA_CBC_ENCRYPT_DATA_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR = *mut CK_ARIA_CBC_ENCRYPT_DATA_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_DSA_PARAMETER_GEN_PARAM { + pub hash: CK_MECHANISM_TYPE, + pub pSeed: CK_BYTE_PTR, + pub ulSeedLen: CK_ULONG, + pub ulIndex: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_DSA_PARAMETER_GEN_PARAM() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 32usize, + concat!("Size of: ", stringify!(CK_DSA_PARAMETER_GEN_PARAM)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_DSA_PARAMETER_GEN_PARAM)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hash) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_DSA_PARAMETER_GEN_PARAM), + "::", + stringify!(hash) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSeed) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_DSA_PARAMETER_GEN_PARAM), + "::", + stringify!(pSeed) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSeedLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_DSA_PARAMETER_GEN_PARAM), + "::", + stringify!(ulSeedLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIndex) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_DSA_PARAMETER_GEN_PARAM), + "::", + stringify!(ulIndex) + ) + ); +} +impl Default for CK_DSA_PARAMETER_GEN_PARAM { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_DSA_PARAMETER_GEN_PARAM_PTR = *mut CK_DSA_PARAMETER_GEN_PARAM; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_ECDH_AES_KEY_WRAP_PARAMS { + pub ulAESKeyBits: CK_ULONG, + pub kdf: CK_EC_KDF_TYPE, + pub ulSharedDataLen: CK_ULONG, + pub pSharedData: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_ECDH_AES_KEY_WRAP_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 32usize, + concat!("Size of: ", stringify!(CK_ECDH_AES_KEY_WRAP_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_ECDH_AES_KEY_WRAP_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulAESKeyBits) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH_AES_KEY_WRAP_PARAMS), + "::", + stringify!(ulAESKeyBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).kdf) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH_AES_KEY_WRAP_PARAMS), + "::", + stringify!(kdf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSharedDataLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH_AES_KEY_WRAP_PARAMS), + "::", + stringify!(ulSharedDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSharedData) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH_AES_KEY_WRAP_PARAMS), + "::", + stringify!(pSharedData) + ) + ); +} +impl Default for CK_ECDH_AES_KEY_WRAP_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_ECDH_AES_KEY_WRAP_PARAMS_PTR = *mut CK_ECDH_AES_KEY_WRAP_PARAMS; +pub type CK_JAVA_MIDP_SECURITY_DOMAIN = CK_ULONG; +pub type CK_CERTIFICATE_CATEGORY = CK_ULONG; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_RSA_AES_KEY_WRAP_PARAMS { + pub ulAESKeyBits: CK_ULONG, + pub pOAEPParams: CK_RSA_PKCS_OAEP_PARAMS_PTR, +} +#[test] +fn bindgen_test_layout_CK_RSA_AES_KEY_WRAP_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 16usize, + concat!("Size of: ", stringify!(CK_RSA_AES_KEY_WRAP_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_RSA_AES_KEY_WRAP_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulAESKeyBits) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_RSA_AES_KEY_WRAP_PARAMS), + "::", + stringify!(ulAESKeyBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOAEPParams) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_RSA_AES_KEY_WRAP_PARAMS), + "::", + stringify!(pOAEPParams) + ) + ); +} +impl Default for CK_RSA_AES_KEY_WRAP_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_RSA_AES_KEY_WRAP_PARAMS_PTR = *mut CK_RSA_AES_KEY_WRAP_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS { + pub RandomInfo: CK_SSL3_RANDOM_DATA, + pub pVersion: CK_VERSION_PTR, + pub prfHashMechanism: CK_MECHANISM_TYPE, +} +#[test] +fn bindgen_test_layout_CK_TLS12_MASTER_KEY_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 48usize, + concat!("Size of: ", stringify!(CK_TLS12_MASTER_KEY_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!( + "Alignment of ", + stringify!(CK_TLS12_MASTER_KEY_DERIVE_PARAMS) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).RandomInfo) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS12_MASTER_KEY_DERIVE_PARAMS), + "::", + stringify!(RandomInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pVersion) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS12_MASTER_KEY_DERIVE_PARAMS), + "::", + stringify!(pVersion) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prfHashMechanism) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS12_MASTER_KEY_DERIVE_PARAMS), + "::", + stringify!(prfHashMechanism) + ) + ); +} +impl Default for CK_TLS12_MASTER_KEY_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR = *mut CK_TLS12_MASTER_KEY_DERIVE_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_TLS12_KEY_MAT_PARAMS { + pub ulMacSizeInBits: CK_ULONG, + pub ulKeySizeInBits: CK_ULONG, + pub ulIVSizeInBits: CK_ULONG, + pub bIsExport: CK_BBOOL, + pub RandomInfo: CK_SSL3_RANDOM_DATA, + pub pReturnedKeyMaterial: CK_SSL3_KEY_MAT_OUT_PTR, + pub prfHashMechanism: CK_MECHANISM_TYPE, +} +#[test] +fn bindgen_test_layout_CK_TLS12_KEY_MAT_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 80usize, + concat!("Size of: ", stringify!(CK_TLS12_KEY_MAT_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_TLS12_KEY_MAT_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMacSizeInBits) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS12_KEY_MAT_PARAMS), + "::", + stringify!(ulMacSizeInBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulKeySizeInBits) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS12_KEY_MAT_PARAMS), + "::", + stringify!(ulKeySizeInBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIVSizeInBits) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS12_KEY_MAT_PARAMS), + "::", + stringify!(ulIVSizeInBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bIsExport) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS12_KEY_MAT_PARAMS), + "::", + stringify!(bIsExport) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).RandomInfo) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS12_KEY_MAT_PARAMS), + "::", + stringify!(RandomInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pReturnedKeyMaterial) as usize - ptr as usize }, + 64usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS12_KEY_MAT_PARAMS), + "::", + stringify!(pReturnedKeyMaterial) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prfHashMechanism) as usize - ptr as usize }, + 72usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS12_KEY_MAT_PARAMS), + "::", + stringify!(prfHashMechanism) + ) + ); +} +impl Default for CK_TLS12_KEY_MAT_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_TLS12_KEY_MAT_PARAMS_PTR = *mut CK_TLS12_KEY_MAT_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_TLS_KDF_PARAMS { + pub prfMechanism: CK_MECHANISM_TYPE, + pub pLabel: CK_BYTE_PTR, + pub ulLabelLength: CK_ULONG, + pub RandomInfo: CK_SSL3_RANDOM_DATA, + pub pContextData: CK_BYTE_PTR, + pub ulContextDataLength: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_TLS_KDF_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 72usize, + concat!("Size of: ", stringify!(CK_TLS_KDF_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_TLS_KDF_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prfMechanism) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_KDF_PARAMS), + "::", + stringify!(prfMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pLabel) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_KDF_PARAMS), + "::", + stringify!(pLabel) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulLabelLength) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_KDF_PARAMS), + "::", + stringify!(ulLabelLength) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).RandomInfo) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_KDF_PARAMS), + "::", + stringify!(RandomInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pContextData) as usize - ptr as usize }, + 56usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_KDF_PARAMS), + "::", + stringify!(pContextData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulContextDataLength) as usize - ptr as usize }, + 64usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_KDF_PARAMS), + "::", + stringify!(ulContextDataLength) + ) + ); +} +impl Default for CK_TLS_KDF_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_TLS_KDF_PARAMS_PTR = *mut CK_TLS_KDF_PARAMS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_TLS_MAC_PARAMS { + pub prfHashMechanism: CK_MECHANISM_TYPE, + pub ulMacLength: CK_ULONG, + pub ulServerOrClient: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_TLS_MAC_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(CK_TLS_MAC_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_TLS_MAC_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prfHashMechanism) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_MAC_PARAMS), + "::", + stringify!(prfHashMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMacLength) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_MAC_PARAMS), + "::", + stringify!(ulMacLength) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulServerOrClient) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_MAC_PARAMS), + "::", + stringify!(ulServerOrClient) + ) + ); +} +pub type CK_TLS_MAC_PARAMS_PTR = *mut CK_TLS_MAC_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_GOSTR3410_DERIVE_PARAMS { + pub kdf: CK_EC_KDF_TYPE, + pub pPublicData: CK_BYTE_PTR, + pub ulPublicDataLen: CK_ULONG, + pub pUKM: CK_BYTE_PTR, + pub ulUKMLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_GOSTR3410_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 40usize, + concat!("Size of: ", stringify!(CK_GOSTR3410_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_GOSTR3410_DERIVE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).kdf) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_GOSTR3410_DERIVE_PARAMS), + "::", + stringify!(kdf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_GOSTR3410_DERIVE_PARAMS), + "::", + stringify!(pPublicData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_GOSTR3410_DERIVE_PARAMS), + "::", + stringify!(ulPublicDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pUKM) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_GOSTR3410_DERIVE_PARAMS), + "::", + stringify!(pUKM) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulUKMLen) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_GOSTR3410_DERIVE_PARAMS), + "::", + stringify!(ulUKMLen) + ) + ); +} +impl Default for CK_GOSTR3410_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_GOSTR3410_DERIVE_PARAMS_PTR = *mut CK_GOSTR3410_DERIVE_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_GOSTR3410_KEY_WRAP_PARAMS { + pub pWrapOID: CK_BYTE_PTR, + pub ulWrapOIDLen: CK_ULONG, + pub pUKM: CK_BYTE_PTR, + pub ulUKMLen: CK_ULONG, + pub hKey: CK_OBJECT_HANDLE, +} +#[test] +fn bindgen_test_layout_CK_GOSTR3410_KEY_WRAP_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 40usize, + concat!("Size of: ", stringify!(CK_GOSTR3410_KEY_WRAP_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_GOSTR3410_KEY_WRAP_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pWrapOID) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_GOSTR3410_KEY_WRAP_PARAMS), + "::", + stringify!(pWrapOID) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulWrapOIDLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_GOSTR3410_KEY_WRAP_PARAMS), + "::", + stringify!(ulWrapOIDLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pUKM) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_GOSTR3410_KEY_WRAP_PARAMS), + "::", + stringify!(pUKM) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulUKMLen) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_GOSTR3410_KEY_WRAP_PARAMS), + "::", + stringify!(ulUKMLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hKey) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_GOSTR3410_KEY_WRAP_PARAMS), + "::", + stringify!(hKey) + ) + ); +} +impl Default for CK_GOSTR3410_KEY_WRAP_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_GOSTR3410_KEY_WRAP_PARAMS_PTR = *mut CK_GOSTR3410_KEY_WRAP_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SEED_CBC_ENCRYPT_DATA_PARAMS { + pub iv: [CK_BYTE; 16usize], + pub pData: CK_BYTE_PTR, + pub length: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_SEED_CBC_ENCRYPT_DATA_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 32usize, + concat!("Size of: ", stringify!(CK_SEED_CBC_ENCRYPT_DATA_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_SEED_CBC_ENCRYPT_DATA_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).iv) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SEED_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(iv) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pData) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_SEED_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(pData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).length) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_SEED_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(length) + ) + ); +} +impl Default for CK_SEED_CBC_ENCRYPT_DATA_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_SEED_CBC_ENCRYPT_DATA_PARAMS_PTR = *mut CK_SEED_CBC_ENCRYPT_DATA_PARAMS; +pub type CK_PROFILE_ID = CK_ULONG; +pub type CK_PROFILE_ID_PTR = *mut CK_PROFILE_ID; +pub type CK_PRF_DATA_TYPE = CK_ULONG; +pub type CK_SP800_108_PRF_TYPE = CK_MECHANISM_TYPE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_PRF_DATA_PARAM { + pub type_: CK_PRF_DATA_TYPE, + pub pValue: CK_VOID_PTR, + pub ulValueLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_PRF_DATA_PARAM() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(CK_PRF_DATA_PARAM)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_PRF_DATA_PARAM)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).type_) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_PRF_DATA_PARAM), + "::", + stringify!(type_) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pValue) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_PRF_DATA_PARAM), + "::", + stringify!(pValue) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulValueLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_PRF_DATA_PARAM), + "::", + stringify!(ulValueLen) + ) + ); +} +impl Default for CK_PRF_DATA_PARAM { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_PRF_DATA_PARAM_PTR = *mut CK_PRF_DATA_PARAM; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_SP800_108_COUNTER_FORMAT { + pub bLittleEndian: CK_BBOOL, + pub ulWidthInBits: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_SP800_108_COUNTER_FORMAT() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 16usize, + concat!("Size of: ", stringify!(CK_SP800_108_COUNTER_FORMAT)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_SP800_108_COUNTER_FORMAT)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bLittleEndian) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_COUNTER_FORMAT), + "::", + stringify!(bLittleEndian) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulWidthInBits) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_COUNTER_FORMAT), + "::", + stringify!(ulWidthInBits) + ) + ); +} +pub type CK_SP800_108_COUNTER_FORMAT_PTR = *mut CK_SP800_108_COUNTER_FORMAT; +pub type CK_SP800_108_DKM_LENGTH_METHOD = CK_ULONG; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_SP800_108_DKM_LENGTH_FORMAT { + pub dkmLengthMethod: CK_SP800_108_DKM_LENGTH_METHOD, + pub bLittleEndian: CK_BBOOL, + pub ulWidthInBits: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_SP800_108_DKM_LENGTH_FORMAT() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(CK_SP800_108_DKM_LENGTH_FORMAT)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_SP800_108_DKM_LENGTH_FORMAT)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).dkmLengthMethod) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_DKM_LENGTH_FORMAT), + "::", + stringify!(dkmLengthMethod) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bLittleEndian) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_DKM_LENGTH_FORMAT), + "::", + stringify!(bLittleEndian) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulWidthInBits) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_DKM_LENGTH_FORMAT), + "::", + stringify!(ulWidthInBits) + ) + ); +} +pub type CK_SP800_108_DKM_LENGTH_FORMAT_PTR = *mut CK_SP800_108_DKM_LENGTH_FORMAT; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_DERIVED_KEY { + pub pTemplate: CK_ATTRIBUTE_PTR, + pub ulAttributeCount: CK_ULONG, + pub phKey: CK_OBJECT_HANDLE_PTR, +} +#[test] +fn bindgen_test_layout_CK_DERIVED_KEY() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(CK_DERIVED_KEY)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_DERIVED_KEY)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pTemplate) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_DERIVED_KEY), + "::", + stringify!(pTemplate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulAttributeCount) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_DERIVED_KEY), + "::", + stringify!(ulAttributeCount) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).phKey) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_DERIVED_KEY), + "::", + stringify!(phKey) + ) + ); +} +impl Default for CK_DERIVED_KEY { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_DERIVED_KEY_PTR = *mut CK_DERIVED_KEY; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SP800_108_KDF_PARAMS { + pub prfType: CK_SP800_108_PRF_TYPE, + pub ulNumberOfDataParams: CK_ULONG, + pub pDataParams: CK_PRF_DATA_PARAM_PTR, + pub ulAdditionalDerivedKeys: CK_ULONG, + pub pAdditionalDerivedKeys: CK_DERIVED_KEY_PTR, +} +#[test] +fn bindgen_test_layout_CK_SP800_108_KDF_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 40usize, + concat!("Size of: ", stringify!(CK_SP800_108_KDF_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_SP800_108_KDF_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prfType) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_KDF_PARAMS), + "::", + stringify!(prfType) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNumberOfDataParams) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_KDF_PARAMS), + "::", + stringify!(ulNumberOfDataParams) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pDataParams) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_KDF_PARAMS), + "::", + stringify!(pDataParams) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulAdditionalDerivedKeys) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_KDF_PARAMS), + "::", + stringify!(ulAdditionalDerivedKeys) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pAdditionalDerivedKeys) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_KDF_PARAMS), + "::", + stringify!(pAdditionalDerivedKeys) + ) + ); +} +impl Default for CK_SP800_108_KDF_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_SP800_108_KDF_PARAMS_PTR = *mut CK_SP800_108_KDF_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SP800_108_FEEDBACK_KDF_PARAMS { + pub prfType: CK_SP800_108_PRF_TYPE, + pub ulNumberOfDataParams: CK_ULONG, + pub pDataParams: CK_PRF_DATA_PARAM_PTR, + pub ulIVLen: CK_ULONG, + pub pIV: CK_BYTE_PTR, + pub ulAdditionalDerivedKeys: CK_ULONG, + pub pAdditionalDerivedKeys: CK_DERIVED_KEY_PTR, +} +#[test] +fn bindgen_test_layout_CK_SP800_108_FEEDBACK_KDF_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 56usize, + concat!("Size of: ", stringify!(CK_SP800_108_FEEDBACK_KDF_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!( + "Alignment of ", + stringify!(CK_SP800_108_FEEDBACK_KDF_PARAMS) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prfType) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_FEEDBACK_KDF_PARAMS), + "::", + stringify!(prfType) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNumberOfDataParams) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_FEEDBACK_KDF_PARAMS), + "::", + stringify!(ulNumberOfDataParams) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pDataParams) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_FEEDBACK_KDF_PARAMS), + "::", + stringify!(pDataParams) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIVLen) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_FEEDBACK_KDF_PARAMS), + "::", + stringify!(ulIVLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pIV) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_FEEDBACK_KDF_PARAMS), + "::", + stringify!(pIV) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulAdditionalDerivedKeys) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_FEEDBACK_KDF_PARAMS), + "::", + stringify!(ulAdditionalDerivedKeys) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pAdditionalDerivedKeys) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_FEEDBACK_KDF_PARAMS), + "::", + stringify!(pAdditionalDerivedKeys) + ) + ); +} +impl Default for CK_SP800_108_FEEDBACK_KDF_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_SP800_108_FEEDBACK_KDF_PARAMS_PTR = *mut CK_SP800_108_FEEDBACK_KDF_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_EDDSA_PARAMS { + pub phFlag: CK_BBOOL, + pub ulContextDataLen: CK_ULONG, + pub pContextData: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_EDDSA_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(CK_EDDSA_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_EDDSA_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).phFlag) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_EDDSA_PARAMS), + "::", + stringify!(phFlag) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulContextDataLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_EDDSA_PARAMS), + "::", + stringify!(ulContextDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pContextData) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_EDDSA_PARAMS), + "::", + stringify!(pContextData) + ) + ); +} +impl Default for CK_EDDSA_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_EDDSA_PARAMS_PTR = *mut CK_EDDSA_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_CHACHA20_PARAMS { + pub pBlockCounter: CK_BYTE_PTR, + pub blockCounterBits: CK_ULONG, + pub pNonce: CK_BYTE_PTR, + pub ulNonceBits: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_CHACHA20_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 32usize, + concat!("Size of: ", stringify!(CK_CHACHA20_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_CHACHA20_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pBlockCounter) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_CHACHA20_PARAMS), + "::", + stringify!(pBlockCounter) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).blockCounterBits) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_CHACHA20_PARAMS), + "::", + stringify!(blockCounterBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pNonce) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_CHACHA20_PARAMS), + "::", + stringify!(pNonce) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNonceBits) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_CHACHA20_PARAMS), + "::", + stringify!(ulNonceBits) + ) + ); +} +impl Default for CK_CHACHA20_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_CHACHA20_PARAMS_PTR = *mut CK_CHACHA20_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SALSA20_PARAMS { + pub pBlockCounter: CK_BYTE_PTR, + pub pNonce: CK_BYTE_PTR, + pub ulNonceBits: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_SALSA20_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(CK_SALSA20_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_SALSA20_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pBlockCounter) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SALSA20_PARAMS), + "::", + stringify!(pBlockCounter) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pNonce) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_SALSA20_PARAMS), + "::", + stringify!(pNonce) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNonceBits) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_SALSA20_PARAMS), + "::", + stringify!(ulNonceBits) + ) + ); +} +impl Default for CK_SALSA20_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_SALSA20_PARAMS_PTR = *mut CK_SALSA20_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SALSA20_CHACHA20_POLY1305_PARAMS { + pub pNonce: CK_BYTE_PTR, + pub ulNonceLen: CK_ULONG, + pub pAAD: CK_BYTE_PTR, + pub ulAADLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_SALSA20_CHACHA20_POLY1305_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 32usize, + concat!("Size of: ", stringify!(CK_SALSA20_CHACHA20_POLY1305_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!( + "Alignment of ", + stringify!(CK_SALSA20_CHACHA20_POLY1305_PARAMS) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pNonce) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SALSA20_CHACHA20_POLY1305_PARAMS), + "::", + stringify!(pNonce) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNonceLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_SALSA20_CHACHA20_POLY1305_PARAMS), + "::", + stringify!(ulNonceLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pAAD) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_SALSA20_CHACHA20_POLY1305_PARAMS), + "::", + stringify!(pAAD) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulAADLen) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_SALSA20_CHACHA20_POLY1305_PARAMS), + "::", + stringify!(ulAADLen) + ) + ); +} +impl Default for CK_SALSA20_CHACHA20_POLY1305_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_SALSA20_CHACHA20_POLY1305_PARAMS_PTR = *mut CK_SALSA20_CHACHA20_POLY1305_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS { + pub pNonce: CK_BYTE_PTR, + pub ulNonceLen: CK_ULONG, + pub pTag: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!( + "Size of: ", + stringify!(CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS) + ) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!( + "Alignment of ", + stringify!(CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pNonce) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS), + "::", + stringify!(pNonce) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNonceLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS), + "::", + stringify!(ulNonceLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pTag) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS), + "::", + stringify!(pTag) + ) + ); +} +impl Default for CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS_PTR = *mut CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS; +pub type CK_X3DH_KDF_TYPE = CK_ULONG; +pub type CK_X3DH_KDF_TYPE_PTR = *mut CK_X3DH_KDF_TYPE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_X3DH_INITIATE_PARAMS { + pub kdf: CK_X3DH_KDF_TYPE, + pub pPeer_identity: CK_OBJECT_HANDLE, + pub pPeer_prekey: CK_OBJECT_HANDLE, + pub pPrekey_signature: CK_BYTE_PTR, + pub pOnetime_key: CK_BYTE_PTR, + pub pOwn_identity: CK_OBJECT_HANDLE, + pub pOwn_ephemeral: CK_OBJECT_HANDLE, +} +#[test] +fn bindgen_test_layout_CK_X3DH_INITIATE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 56usize, + concat!("Size of: ", stringify!(CK_X3DH_INITIATE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_X3DH_INITIATE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).kdf) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_INITIATE_PARAMS), + "::", + stringify!(kdf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPeer_identity) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_INITIATE_PARAMS), + "::", + stringify!(pPeer_identity) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPeer_prekey) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_INITIATE_PARAMS), + "::", + stringify!(pPeer_prekey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPrekey_signature) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_INITIATE_PARAMS), + "::", + stringify!(pPrekey_signature) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOnetime_key) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_INITIATE_PARAMS), + "::", + stringify!(pOnetime_key) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOwn_identity) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_INITIATE_PARAMS), + "::", + stringify!(pOwn_identity) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOwn_ephemeral) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_INITIATE_PARAMS), + "::", + stringify!(pOwn_ephemeral) + ) + ); +} +impl Default for CK_X3DH_INITIATE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_X3DH_RESPOND_PARAMS { + pub kdf: CK_X3DH_KDF_TYPE, + pub pIdentity_id: CK_BYTE_PTR, + pub pPrekey_id: CK_BYTE_PTR, + pub pOnetime_id: CK_BYTE_PTR, + pub pInitiator_identity: CK_OBJECT_HANDLE, + pub pInitiator_ephemeral: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_X3DH_RESPOND_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 48usize, + concat!("Size of: ", stringify!(CK_X3DH_RESPOND_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_X3DH_RESPOND_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).kdf) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_RESPOND_PARAMS), + "::", + stringify!(kdf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pIdentity_id) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_RESPOND_PARAMS), + "::", + stringify!(pIdentity_id) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPrekey_id) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_RESPOND_PARAMS), + "::", + stringify!(pPrekey_id) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOnetime_id) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_RESPOND_PARAMS), + "::", + stringify!(pOnetime_id) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pInitiator_identity) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_RESPOND_PARAMS), + "::", + stringify!(pInitiator_identity) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pInitiator_ephemeral) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_RESPOND_PARAMS), + "::", + stringify!(pInitiator_ephemeral) + ) + ); +} +impl Default for CK_X3DH_RESPOND_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_X2RATCHET_KDF_TYPE = CK_ULONG; +pub type CK_X2RATCHET_KDF_TYPE_PTR = *mut CK_X2RATCHET_KDF_TYPE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_X2RATCHET_INITIALIZE_PARAMS { + pub sk: CK_BYTE_PTR, + pub peer_public_prekey: CK_OBJECT_HANDLE, + pub peer_public_identity: CK_OBJECT_HANDLE, + pub own_public_identity: CK_OBJECT_HANDLE, + pub bEncryptedHeader: CK_BBOOL, + pub eCurve: CK_ULONG, + pub aeadMechanism: CK_MECHANISM_TYPE, + pub kdfMechanism: CK_X2RATCHET_KDF_TYPE, +} +#[test] +fn bindgen_test_layout_CK_X2RATCHET_INITIALIZE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 64usize, + concat!("Size of: ", stringify!(CK_X2RATCHET_INITIALIZE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_X2RATCHET_INITIALIZE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).sk) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_INITIALIZE_PARAMS), + "::", + stringify!(sk) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).peer_public_prekey) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_INITIALIZE_PARAMS), + "::", + stringify!(peer_public_prekey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).peer_public_identity) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_INITIALIZE_PARAMS), + "::", + stringify!(peer_public_identity) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).own_public_identity) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_INITIALIZE_PARAMS), + "::", + stringify!(own_public_identity) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bEncryptedHeader) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_INITIALIZE_PARAMS), + "::", + stringify!(bEncryptedHeader) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).eCurve) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_INITIALIZE_PARAMS), + "::", + stringify!(eCurve) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).aeadMechanism) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_INITIALIZE_PARAMS), + "::", + stringify!(aeadMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).kdfMechanism) as usize - ptr as usize }, + 56usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_INITIALIZE_PARAMS), + "::", + stringify!(kdfMechanism) + ) + ); +} +impl Default for CK_X2RATCHET_INITIALIZE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_X2RATCHET_INITIALIZE_PARAMS_PTR = *mut CK_X2RATCHET_INITIALIZE_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_X2RATCHET_RESPOND_PARAMS { + pub sk: CK_BYTE_PTR, + pub own_prekey: CK_OBJECT_HANDLE, + pub initiator_identity: CK_OBJECT_HANDLE, + pub own_public_identity: CK_OBJECT_HANDLE, + pub bEncryptedHeader: CK_BBOOL, + pub eCurve: CK_ULONG, + pub aeadMechanism: CK_MECHANISM_TYPE, + pub kdfMechanism: CK_X2RATCHET_KDF_TYPE, +} +#[test] +fn bindgen_test_layout_CK_X2RATCHET_RESPOND_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 64usize, + concat!("Size of: ", stringify!(CK_X2RATCHET_RESPOND_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_X2RATCHET_RESPOND_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).sk) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_RESPOND_PARAMS), + "::", + stringify!(sk) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).own_prekey) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_RESPOND_PARAMS), + "::", + stringify!(own_prekey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).initiator_identity) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_RESPOND_PARAMS), + "::", + stringify!(initiator_identity) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).own_public_identity) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_RESPOND_PARAMS), + "::", + stringify!(own_public_identity) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bEncryptedHeader) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_RESPOND_PARAMS), + "::", + stringify!(bEncryptedHeader) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).eCurve) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_RESPOND_PARAMS), + "::", + stringify!(eCurve) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).aeadMechanism) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_RESPOND_PARAMS), + "::", + stringify!(aeadMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).kdfMechanism) as usize - ptr as usize }, + 56usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_RESPOND_PARAMS), + "::", + stringify!(kdfMechanism) + ) + ); +} +impl Default for CK_X2RATCHET_RESPOND_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_X2RATCHET_RESPOND_PARAMS_PTR = *mut CK_X2RATCHET_RESPOND_PARAMS; +pub type CK_XEDDSA_HASH_TYPE = CK_ULONG; +pub type CK_XEDDSA_HASH_TYPE_PTR = *mut CK_XEDDSA_HASH_TYPE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_XEDDSA_PARAMS { + pub hash: CK_XEDDSA_HASH_TYPE, +} +#[test] +fn bindgen_test_layout_CK_XEDDSA_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 8usize, + concat!("Size of: ", stringify!(CK_XEDDSA_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_XEDDSA_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hash) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_XEDDSA_PARAMS), + "::", + stringify!(hash) + ) + ); +} +pub type CK_XEDDSA_PARAMS_PTR = *mut CK_XEDDSA_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_HKDF_PARAMS { + pub bExtract: CK_BBOOL, + pub bExpand: CK_BBOOL, + pub prfHashMechanism: CK_MECHANISM_TYPE, + pub ulSaltType: CK_ULONG, + pub pSalt: CK_BYTE_PTR, + pub ulSaltLen: CK_ULONG, + pub hSaltKey: CK_OBJECT_HANDLE, + pub pInfo: CK_BYTE_PTR, + pub ulInfoLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_HKDF_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 64usize, + concat!("Size of: ", stringify!(CK_HKDF_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_HKDF_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bExtract) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_HKDF_PARAMS), + "::", + stringify!(bExtract) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bExpand) as usize - ptr as usize }, + 1usize, + concat!( + "Offset of field: ", + stringify!(CK_HKDF_PARAMS), + "::", + stringify!(bExpand) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prfHashMechanism) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_HKDF_PARAMS), + "::", + stringify!(prfHashMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSaltType) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_HKDF_PARAMS), + "::", + stringify!(ulSaltType) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSalt) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_HKDF_PARAMS), + "::", + stringify!(pSalt) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSaltLen) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_HKDF_PARAMS), + "::", + stringify!(ulSaltLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hSaltKey) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_HKDF_PARAMS), + "::", + stringify!(hSaltKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pInfo) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_HKDF_PARAMS), + "::", + stringify!(pInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulInfoLen) as usize - ptr as usize }, + 56usize, + concat!( + "Offset of field: ", + stringify!(CK_HKDF_PARAMS), + "::", + stringify!(ulInfoLen) + ) + ); +} +impl Default for CK_HKDF_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_HKDF_PARAMS_PTR = *mut CK_HKDF_PARAMS; +pub type CK_HSS_LEVELS = CK_ULONG; +pub type CK_LMS_TYPE = CK_ULONG; +pub type CK_LMOTS_TYPE = CK_ULONG; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct specifiedParams { + pub levels: CK_HSS_LEVELS, + pub lm_type: [CK_LMS_TYPE; 8usize], + pub lm_ots_type: [CK_LMOTS_TYPE; 8usize], +} +#[test] +fn bindgen_test_layout_specifiedParams() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 136usize, + concat!("Size of: ", stringify!(specifiedParams)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(specifiedParams)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).levels) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(specifiedParams), + "::", + stringify!(levels) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).lm_type) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(specifiedParams), + "::", + stringify!(lm_type) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).lm_ots_type) as usize - ptr as usize }, + 72usize, + concat!( + "Offset of field: ", + stringify!(specifiedParams), + "::", + stringify!(lm_ots_type) + ) + ); +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_IKE2_PRF_PLUS_DERIVE_PARAMS { + pub prfMechanism: CK_MECHANISM_TYPE, + pub bHasSeedKey: CK_BBOOL, + pub hSeedKey: CK_OBJECT_HANDLE, + pub pSeedData: CK_BYTE_PTR, + pub ulSeedDataLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_IKE2_PRF_PLUS_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 40usize, + concat!("Size of: ", stringify!(CK_IKE2_PRF_PLUS_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_IKE2_PRF_PLUS_DERIVE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prfMechanism) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE2_PRF_PLUS_DERIVE_PARAMS), + "::", + stringify!(prfMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bHasSeedKey) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE2_PRF_PLUS_DERIVE_PARAMS), + "::", + stringify!(bHasSeedKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hSeedKey) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE2_PRF_PLUS_DERIVE_PARAMS), + "::", + stringify!(hSeedKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSeedData) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE2_PRF_PLUS_DERIVE_PARAMS), + "::", + stringify!(pSeedData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSeedDataLen) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE2_PRF_PLUS_DERIVE_PARAMS), + "::", + stringify!(ulSeedDataLen) + ) + ); +} +impl Default for CK_IKE2_PRF_PLUS_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_IKE2_PRF_PLUS_DERIVE_PARAMS_PTR = *mut CK_IKE2_PRF_PLUS_DERIVE_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_IKE_PRF_DERIVE_PARAMS { + pub prfMechanism: CK_MECHANISM_TYPE, + pub bDataAsKey: CK_BBOOL, + pub bRekey: CK_BBOOL, + pub pNi: CK_BYTE_PTR, + pub ulNiLen: CK_ULONG, + pub pNr: CK_BYTE_PTR, + pub ulNrLen: CK_ULONG, + pub hNewKey: CK_OBJECT_HANDLE, +} +#[test] +fn bindgen_test_layout_CK_IKE_PRF_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 56usize, + concat!("Size of: ", stringify!(CK_IKE_PRF_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_IKE_PRF_DERIVE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prfMechanism) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE_PRF_DERIVE_PARAMS), + "::", + stringify!(prfMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bDataAsKey) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE_PRF_DERIVE_PARAMS), + "::", + stringify!(bDataAsKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bRekey) as usize - ptr as usize }, + 9usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE_PRF_DERIVE_PARAMS), + "::", + stringify!(bRekey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pNi) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE_PRF_DERIVE_PARAMS), + "::", + stringify!(pNi) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNiLen) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE_PRF_DERIVE_PARAMS), + "::", + stringify!(ulNiLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pNr) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE_PRF_DERIVE_PARAMS), + "::", + stringify!(pNr) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNrLen) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE_PRF_DERIVE_PARAMS), + "::", + stringify!(ulNrLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hNewKey) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE_PRF_DERIVE_PARAMS), + "::", + stringify!(hNewKey) + ) + ); +} +impl Default for CK_IKE_PRF_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_IKE_PRF_DERIVE_PARAMS_PTR = *mut CK_IKE_PRF_DERIVE_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_IKE1_PRF_DERIVE_PARAMS { + pub prfMechanism: CK_MECHANISM_TYPE, + pub bHasPrevKey: CK_BBOOL, + pub hKeygxy: CK_OBJECT_HANDLE, + pub hPrevKey: CK_OBJECT_HANDLE, + pub pCKYi: CK_BYTE_PTR, + pub ulCKYiLen: CK_ULONG, + pub pCKYr: CK_BYTE_PTR, + pub ulCKYrLen: CK_ULONG, + pub keyNumber: CK_BYTE, +} +#[test] +fn bindgen_test_layout_CK_IKE1_PRF_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 72usize, + concat!("Size of: ", stringify!(CK_IKE1_PRF_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_IKE1_PRF_DERIVE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prfMechanism) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_PRF_DERIVE_PARAMS), + "::", + stringify!(prfMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bHasPrevKey) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_PRF_DERIVE_PARAMS), + "::", + stringify!(bHasPrevKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hKeygxy) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_PRF_DERIVE_PARAMS), + "::", + stringify!(hKeygxy) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hPrevKey) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_PRF_DERIVE_PARAMS), + "::", + stringify!(hPrevKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pCKYi) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_PRF_DERIVE_PARAMS), + "::", + stringify!(pCKYi) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulCKYiLen) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_PRF_DERIVE_PARAMS), + "::", + stringify!(ulCKYiLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pCKYr) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_PRF_DERIVE_PARAMS), + "::", + stringify!(pCKYr) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulCKYrLen) as usize - ptr as usize }, + 56usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_PRF_DERIVE_PARAMS), + "::", + stringify!(ulCKYrLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).keyNumber) as usize - ptr as usize }, + 64usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_PRF_DERIVE_PARAMS), + "::", + stringify!(keyNumber) + ) + ); +} +impl Default for CK_IKE1_PRF_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_IKE1_PRF_DERIVE_PARAMS_PTR = *mut CK_IKE1_PRF_DERIVE_PARAMS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_IKE1_EXTENDED_DERIVE_PARAMS { + pub prfMechanism: CK_MECHANISM_TYPE, + pub bHasKeygxy: CK_BBOOL, + pub hKeygxy: CK_OBJECT_HANDLE, + pub pExtraData: CK_BYTE_PTR, + pub ulExtraDataLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_IKE1_EXTENDED_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 40usize, + concat!("Size of: ", stringify!(CK_IKE1_EXTENDED_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_IKE1_EXTENDED_DERIVE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prfMechanism) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_EXTENDED_DERIVE_PARAMS), + "::", + stringify!(prfMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bHasKeygxy) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_EXTENDED_DERIVE_PARAMS), + "::", + stringify!(bHasKeygxy) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hKeygxy) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_EXTENDED_DERIVE_PARAMS), + "::", + stringify!(hKeygxy) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pExtraData) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_EXTENDED_DERIVE_PARAMS), + "::", + stringify!(pExtraData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulExtraDataLen) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_EXTENDED_DERIVE_PARAMS), + "::", + stringify!(ulExtraDataLen) + ) + ); +} +impl Default for CK_IKE1_EXTENDED_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_IKE1_EXTENDED_DERIVE_PARAMS_PTR = *mut CK_IKE1_EXTENDED_DERIVE_PARAMS; +extern "C" { + pub fn C_Initialize(pInitArgs: CK_VOID_PTR) -> CK_RV; +} +extern "C" { + pub fn C_Finalize(pReserved: CK_VOID_PTR) -> CK_RV; +} +extern "C" { + pub fn C_GetInfo(pInfo: CK_INFO_PTR) -> CK_RV; +} +extern "C" { + pub fn C_GetFunctionList(ppFunctionList: CK_FUNCTION_LIST_PTR_PTR) -> CK_RV; +} +extern "C" { + pub fn C_GetSlotList( + tokenPresent: CK_BBOOL, + pSlotList: CK_SLOT_ID_PTR, + pulCount: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_GetSlotInfo(slotID: CK_SLOT_ID, pInfo: CK_SLOT_INFO_PTR) -> CK_RV; +} +extern "C" { + pub fn C_GetTokenInfo(slotID: CK_SLOT_ID, pInfo: CK_TOKEN_INFO_PTR) -> CK_RV; +} +extern "C" { + pub fn C_GetMechanismList( + slotID: CK_SLOT_ID, + pMechanismList: CK_MECHANISM_TYPE_PTR, + pulCount: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_GetMechanismInfo( + slotID: CK_SLOT_ID, + type_: CK_MECHANISM_TYPE, + pInfo: CK_MECHANISM_INFO_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_InitToken( + slotID: CK_SLOT_ID, + pPin: CK_UTF8CHAR_PTR, + ulPinLen: CK_ULONG, + pLabel: CK_UTF8CHAR_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_InitPIN( + hSession: CK_SESSION_HANDLE, + pPin: CK_UTF8CHAR_PTR, + ulPinLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_SetPIN( + hSession: CK_SESSION_HANDLE, + pOldPin: CK_UTF8CHAR_PTR, + ulOldLen: CK_ULONG, + pNewPin: CK_UTF8CHAR_PTR, + ulNewLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_OpenSession( + slotID: CK_SLOT_ID, + flags: CK_FLAGS, + pApplication: CK_VOID_PTR, + Notify: CK_NOTIFY, + phSession: CK_SESSION_HANDLE_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_CloseSession(hSession: CK_SESSION_HANDLE) -> CK_RV; +} +extern "C" { + pub fn C_CloseAllSessions(slotID: CK_SLOT_ID) -> CK_RV; +} +extern "C" { + pub fn C_GetSessionInfo(hSession: CK_SESSION_HANDLE, pInfo: CK_SESSION_INFO_PTR) -> CK_RV; +} +extern "C" { + pub fn C_GetOperationState( + hSession: CK_SESSION_HANDLE, + pOperationState: CK_BYTE_PTR, + pulOperationStateLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_SetOperationState( + hSession: CK_SESSION_HANDLE, + pOperationState: CK_BYTE_PTR, + ulOperationStateLen: CK_ULONG, + hEncryptionKey: CK_OBJECT_HANDLE, + hAuthenticationKey: CK_OBJECT_HANDLE, + ) -> CK_RV; +} +extern "C" { + pub fn C_Login( + hSession: CK_SESSION_HANDLE, + userType: CK_USER_TYPE, + pPin: CK_UTF8CHAR_PTR, + ulPinLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_Logout(hSession: CK_SESSION_HANDLE) -> CK_RV; +} +extern "C" { + pub fn C_CreateObject( + hSession: CK_SESSION_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + phObject: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_CopyObject( + hSession: CK_SESSION_HANDLE, + hObject: CK_OBJECT_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + phNewObject: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_DestroyObject(hSession: CK_SESSION_HANDLE, hObject: CK_OBJECT_HANDLE) -> CK_RV; +} +extern "C" { + pub fn C_GetObjectSize( + hSession: CK_SESSION_HANDLE, + hObject: CK_OBJECT_HANDLE, + pulSize: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_GetAttributeValue( + hSession: CK_SESSION_HANDLE, + hObject: CK_OBJECT_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_SetAttributeValue( + hSession: CK_SESSION_HANDLE, + hObject: CK_OBJECT_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_FindObjectsInit( + hSession: CK_SESSION_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_FindObjects( + hSession: CK_SESSION_HANDLE, + phObject: CK_OBJECT_HANDLE_PTR, + ulMaxObjectCount: CK_ULONG, + pulObjectCount: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_FindObjectsFinal(hSession: CK_SESSION_HANDLE) -> CK_RV; +} +extern "C" { + pub fn C_EncryptInit( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV; +} +extern "C" { + pub fn C_Encrypt( + hSession: CK_SESSION_HANDLE, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pEncryptedData: CK_BYTE_PTR, + pulEncryptedDataLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_EncryptUpdate( + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + pEncryptedPart: CK_BYTE_PTR, + pulEncryptedPartLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_EncryptFinal( + hSession: CK_SESSION_HANDLE, + pLastEncryptedPart: CK_BYTE_PTR, + pulLastEncryptedPartLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_DecryptInit( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV; +} +extern "C" { + pub fn C_Decrypt( + hSession: CK_SESSION_HANDLE, + pEncryptedData: CK_BYTE_PTR, + ulEncryptedDataLen: CK_ULONG, + pData: CK_BYTE_PTR, + pulDataLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_DecryptUpdate( + hSession: CK_SESSION_HANDLE, + pEncryptedPart: CK_BYTE_PTR, + ulEncryptedPartLen: CK_ULONG, + pPart: CK_BYTE_PTR, + pulPartLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_DecryptFinal( + hSession: CK_SESSION_HANDLE, + pLastPart: CK_BYTE_PTR, + pulLastPartLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_DigestInit(hSession: CK_SESSION_HANDLE, pMechanism: CK_MECHANISM_PTR) -> CK_RV; +} +extern "C" { + pub fn C_Digest( + hSession: CK_SESSION_HANDLE, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pDigest: CK_BYTE_PTR, + pulDigestLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_DigestUpdate( + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_DigestKey(hSession: CK_SESSION_HANDLE, hKey: CK_OBJECT_HANDLE) -> CK_RV; +} +extern "C" { + pub fn C_DigestFinal( + hSession: CK_SESSION_HANDLE, + pDigest: CK_BYTE_PTR, + pulDigestLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_SignInit( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV; +} +extern "C" { + pub fn C_Sign( + hSession: CK_SESSION_HANDLE, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + pulSignatureLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_SignUpdate( + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_SignFinal( + hSession: CK_SESSION_HANDLE, + pSignature: CK_BYTE_PTR, + pulSignatureLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_SignRecoverInit( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV; +} +extern "C" { + pub fn C_SignRecover( + hSession: CK_SESSION_HANDLE, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + pulSignatureLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_VerifyInit( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV; +} +extern "C" { + pub fn C_Verify( + hSession: CK_SESSION_HANDLE, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + ulSignatureLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_VerifyUpdate( + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_VerifyFinal( + hSession: CK_SESSION_HANDLE, + pSignature: CK_BYTE_PTR, + ulSignatureLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_VerifyRecoverInit( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV; +} +extern "C" { + pub fn C_VerifyRecover( + hSession: CK_SESSION_HANDLE, + pSignature: CK_BYTE_PTR, + ulSignatureLen: CK_ULONG, + pData: CK_BYTE_PTR, + pulDataLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_DigestEncryptUpdate( + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + pEncryptedPart: CK_BYTE_PTR, + pulEncryptedPartLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_DecryptDigestUpdate( + hSession: CK_SESSION_HANDLE, + pEncryptedPart: CK_BYTE_PTR, + ulEncryptedPartLen: CK_ULONG, + pPart: CK_BYTE_PTR, + pulPartLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_SignEncryptUpdate( + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + pEncryptedPart: CK_BYTE_PTR, + pulEncryptedPartLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_DecryptVerifyUpdate( + hSession: CK_SESSION_HANDLE, + pEncryptedPart: CK_BYTE_PTR, + ulEncryptedPartLen: CK_ULONG, + pPart: CK_BYTE_PTR, + pulPartLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_GenerateKey( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + phKey: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_GenerateKeyPair( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + pPublicKeyTemplate: CK_ATTRIBUTE_PTR, + ulPublicKeyAttributeCount: CK_ULONG, + pPrivateKeyTemplate: CK_ATTRIBUTE_PTR, + ulPrivateKeyAttributeCount: CK_ULONG, + phPublicKey: CK_OBJECT_HANDLE_PTR, + phPrivateKey: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_WrapKey( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hWrappingKey: CK_OBJECT_HANDLE, + hKey: CK_OBJECT_HANDLE, + pWrappedKey: CK_BYTE_PTR, + pulWrappedKeyLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_UnwrapKey( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hUnwrappingKey: CK_OBJECT_HANDLE, + pWrappedKey: CK_BYTE_PTR, + ulWrappedKeyLen: CK_ULONG, + pTemplate: CK_ATTRIBUTE_PTR, + ulAttributeCount: CK_ULONG, + phKey: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_DeriveKey( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hBaseKey: CK_OBJECT_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulAttributeCount: CK_ULONG, + phKey: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_SeedRandom( + hSession: CK_SESSION_HANDLE, + pSeed: CK_BYTE_PTR, + ulSeedLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_GenerateRandom( + hSession: CK_SESSION_HANDLE, + RandomData: CK_BYTE_PTR, + ulRandomLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_GetFunctionStatus(hSession: CK_SESSION_HANDLE) -> CK_RV; +} +extern "C" { + pub fn C_CancelFunction(hSession: CK_SESSION_HANDLE) -> CK_RV; +} +extern "C" { + pub fn C_WaitForSlotEvent( + flags: CK_FLAGS, + pSlot: CK_SLOT_ID_PTR, + pRserved: CK_VOID_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_GetInterfaceList(pInterfacesList: CK_INTERFACE_PTR, pulCount: CK_ULONG_PTR) -> CK_RV; +} +extern "C" { + pub fn C_GetInterface( + pInterfaceName: CK_UTF8CHAR_PTR, + pVersion: CK_VERSION_PTR, + ppInterface: CK_INTERFACE_PTR_PTR, + flags: CK_FLAGS, + ) -> CK_RV; +} +extern "C" { + pub fn C_LoginUser( + hSession: CK_SESSION_HANDLE, + userType: CK_USER_TYPE, + pPin: CK_UTF8CHAR_PTR, + ulPinLen: CK_ULONG, + pUsername: CK_UTF8CHAR_PTR, + ulUsernameLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_SessionCancel(hSession: CK_SESSION_HANDLE, flags: CK_FLAGS) -> CK_RV; +} +extern "C" { + pub fn C_MessageEncryptInit( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV; +} +extern "C" { + pub fn C_EncryptMessage( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pAssociatedData: CK_BYTE_PTR, + ulAssociatedDataLen: CK_ULONG, + pPlaintext: CK_BYTE_PTR, + ulPlaintextLen: CK_ULONG, + pCiphertext: CK_BYTE_PTR, + pulCiphertextLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_EncryptMessageBegin( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pAssociatedData: CK_BYTE_PTR, + ulAssociatedDataLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_EncryptMessageNext( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pPlaintextPart: CK_BYTE_PTR, + ulPlaintextPartLen: CK_ULONG, + pCiphertextPart: CK_BYTE_PTR, + pulCiphertextPartLen: CK_ULONG_PTR, + flags: CK_FLAGS, + ) -> CK_RV; +} +extern "C" { + pub fn C_MessageEncryptFinal(hSession: CK_SESSION_HANDLE) -> CK_RV; +} +extern "C" { + pub fn C_MessageDecryptInit( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV; +} +extern "C" { + pub fn C_DecryptMessage( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pAssociatedData: CK_BYTE_PTR, + ulAssociatedDataLen: CK_ULONG, + pCiphertext: CK_BYTE_PTR, + ulCiphertextLen: CK_ULONG, + pPlaintext: CK_BYTE_PTR, + pulPlaintextLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_DecryptMessageBegin( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pAssociatedData: CK_BYTE_PTR, + ulAssociatedDataLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_DecryptMessageNext( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pCiphertextPart: CK_BYTE_PTR, + ulCiphertextPartLen: CK_ULONG, + pPlaintextPart: CK_BYTE_PTR, + pulPlaintextPartLen: CK_ULONG_PTR, + flags: CK_FLAGS, + ) -> CK_RV; +} +extern "C" { + pub fn C_MessageDecryptFinal(hSession: CK_SESSION_HANDLE) -> CK_RV; +} +extern "C" { + pub fn C_MessageSignInit( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV; +} +extern "C" { + pub fn C_SignMessage( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + pulSignatureLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_SignMessageBegin( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_SignMessageNext( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + pulSignatureLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_MessageSignFinal(hSession: CK_SESSION_HANDLE) -> CK_RV; +} +extern "C" { + pub fn C_MessageVerifyInit( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV; +} +extern "C" { + pub fn C_VerifyMessage( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + ulSignatureLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_VerifyMessageBegin( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_VerifyMessageNext( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + ulSignatureLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_MessageVerifyFinal(hSession: CK_SESSION_HANDLE) -> CK_RV; +} +pub type CK_C_Initialize = + ::std::option::Option CK_RV>; +pub type CK_C_Finalize = + ::std::option::Option CK_RV>; +pub type CK_C_GetInfo = ::std::option::Option CK_RV>; +pub type CK_C_GetFunctionList = + ::std::option::Option CK_RV>; +pub type CK_C_GetSlotList = ::std::option::Option< + unsafe extern "C" fn( + tokenPresent: CK_BBOOL, + pSlotList: CK_SLOT_ID_PTR, + pulCount: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_GetSlotInfo = ::std::option::Option< + unsafe extern "C" fn(slotID: CK_SLOT_ID, pInfo: CK_SLOT_INFO_PTR) -> CK_RV, +>; +pub type CK_C_GetTokenInfo = ::std::option::Option< + unsafe extern "C" fn(slotID: CK_SLOT_ID, pInfo: CK_TOKEN_INFO_PTR) -> CK_RV, +>; +pub type CK_C_GetMechanismList = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + pMechanismList: CK_MECHANISM_TYPE_PTR, + pulCount: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_GetMechanismInfo = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + type_: CK_MECHANISM_TYPE, + pInfo: CK_MECHANISM_INFO_PTR, + ) -> CK_RV, +>; +pub type CK_C_InitToken = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + pPin: CK_UTF8CHAR_PTR, + ulPinLen: CK_ULONG, + pLabel: CK_UTF8CHAR_PTR, + ) -> CK_RV, +>; +pub type CK_C_InitPIN = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pPin: CK_UTF8CHAR_PTR, + ulPinLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_SetPIN = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pOldPin: CK_UTF8CHAR_PTR, + ulOldLen: CK_ULONG, + pNewPin: CK_UTF8CHAR_PTR, + ulNewLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_OpenSession = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + flags: CK_FLAGS, + pApplication: CK_VOID_PTR, + Notify: CK_NOTIFY, + phSession: CK_SESSION_HANDLE_PTR, + ) -> CK_RV, +>; +pub type CK_C_CloseSession = + ::std::option::Option CK_RV>; +pub type CK_C_CloseAllSessions = + ::std::option::Option CK_RV>; +pub type CK_C_GetSessionInfo = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, pInfo: CK_SESSION_INFO_PTR) -> CK_RV, +>; +pub type CK_C_GetOperationState = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pOperationState: CK_BYTE_PTR, + pulOperationStateLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_SetOperationState = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pOperationState: CK_BYTE_PTR, + ulOperationStateLen: CK_ULONG, + hEncryptionKey: CK_OBJECT_HANDLE, + hAuthenticationKey: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_Login = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + userType: CK_USER_TYPE, + pPin: CK_UTF8CHAR_PTR, + ulPinLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_Logout = + ::std::option::Option CK_RV>; +pub type CK_C_CreateObject = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + phObject: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV, +>; +pub type CK_C_CopyObject = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + hObject: CK_OBJECT_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + phNewObject: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV, +>; +pub type CK_C_DestroyObject = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, hObject: CK_OBJECT_HANDLE) -> CK_RV, +>; +pub type CK_C_GetObjectSize = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + hObject: CK_OBJECT_HANDLE, + pulSize: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_GetAttributeValue = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + hObject: CK_OBJECT_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_SetAttributeValue = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + hObject: CK_OBJECT_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_FindObjectsInit = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_FindObjects = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + phObject: CK_OBJECT_HANDLE_PTR, + ulMaxObjectCount: CK_ULONG, + pulObjectCount: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_FindObjectsFinal = + ::std::option::Option CK_RV>; +pub type CK_C_EncryptInit = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_Encrypt = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pEncryptedData: CK_BYTE_PTR, + pulEncryptedDataLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_EncryptUpdate = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + pEncryptedPart: CK_BYTE_PTR, + pulEncryptedPartLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_EncryptFinal = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pLastEncryptedPart: CK_BYTE_PTR, + pulLastEncryptedPartLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_DecryptInit = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_Decrypt = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pEncryptedData: CK_BYTE_PTR, + ulEncryptedDataLen: CK_ULONG, + pData: CK_BYTE_PTR, + pulDataLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_DecryptUpdate = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pEncryptedPart: CK_BYTE_PTR, + ulEncryptedPartLen: CK_ULONG, + pPart: CK_BYTE_PTR, + pulPartLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_DecryptFinal = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pLastPart: CK_BYTE_PTR, + pulLastPartLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_DigestInit = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, pMechanism: CK_MECHANISM_PTR) -> CK_RV, +>; +pub type CK_C_Digest = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pDigest: CK_BYTE_PTR, + pulDigestLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_DigestUpdate = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_DigestKey = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, hKey: CK_OBJECT_HANDLE) -> CK_RV, +>; +pub type CK_C_DigestFinal = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pDigest: CK_BYTE_PTR, + pulDigestLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_SignInit = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_Sign = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + pulSignatureLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_SignUpdate = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_SignFinal = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pSignature: CK_BYTE_PTR, + pulSignatureLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_SignRecoverInit = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_SignRecover = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + pulSignatureLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_VerifyInit = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_Verify = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + ulSignatureLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_VerifyUpdate = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_VerifyFinal = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pSignature: CK_BYTE_PTR, + ulSignatureLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_VerifyRecoverInit = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_VerifyRecover = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pSignature: CK_BYTE_PTR, + ulSignatureLen: CK_ULONG, + pData: CK_BYTE_PTR, + pulDataLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_DigestEncryptUpdate = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + pEncryptedPart: CK_BYTE_PTR, + pulEncryptedPartLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_DecryptDigestUpdate = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pEncryptedPart: CK_BYTE_PTR, + ulEncryptedPartLen: CK_ULONG, + pPart: CK_BYTE_PTR, + pulPartLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_SignEncryptUpdate = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + pEncryptedPart: CK_BYTE_PTR, + pulEncryptedPartLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_DecryptVerifyUpdate = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pEncryptedPart: CK_BYTE_PTR, + ulEncryptedPartLen: CK_ULONG, + pPart: CK_BYTE_PTR, + pulPartLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_GenerateKey = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + phKey: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV, +>; +pub type CK_C_GenerateKeyPair = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + pPublicKeyTemplate: CK_ATTRIBUTE_PTR, + ulPublicKeyAttributeCount: CK_ULONG, + pPrivateKeyTemplate: CK_ATTRIBUTE_PTR, + ulPrivateKeyAttributeCount: CK_ULONG, + phPublicKey: CK_OBJECT_HANDLE_PTR, + phPrivateKey: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV, +>; +pub type CK_C_WrapKey = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hWrappingKey: CK_OBJECT_HANDLE, + hKey: CK_OBJECT_HANDLE, + pWrappedKey: CK_BYTE_PTR, + pulWrappedKeyLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_UnwrapKey = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hUnwrappingKey: CK_OBJECT_HANDLE, + pWrappedKey: CK_BYTE_PTR, + ulWrappedKeyLen: CK_ULONG, + pTemplate: CK_ATTRIBUTE_PTR, + ulAttributeCount: CK_ULONG, + phKey: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV, +>; +pub type CK_C_DeriveKey = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hBaseKey: CK_OBJECT_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulAttributeCount: CK_ULONG, + phKey: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV, +>; +pub type CK_C_SeedRandom = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pSeed: CK_BYTE_PTR, + ulSeedLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_GenerateRandom = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + RandomData: CK_BYTE_PTR, + ulRandomLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_GetFunctionStatus = + ::std::option::Option CK_RV>; +pub type CK_C_CancelFunction = + ::std::option::Option CK_RV>; +pub type CK_C_WaitForSlotEvent = ::std::option::Option< + unsafe extern "C" fn(flags: CK_FLAGS, pSlot: CK_SLOT_ID_PTR, pRserved: CK_VOID_PTR) -> CK_RV, +>; +pub type CK_C_GetInterfaceList = ::std::option::Option< + unsafe extern "C" fn(pInterfacesList: CK_INTERFACE_PTR, pulCount: CK_ULONG_PTR) -> CK_RV, +>; +pub type CK_C_GetInterface = ::std::option::Option< + unsafe extern "C" fn( + pInterfaceName: CK_UTF8CHAR_PTR, + pVersion: CK_VERSION_PTR, + ppInterface: CK_INTERFACE_PTR_PTR, + flags: CK_FLAGS, + ) -> CK_RV, +>; +pub type CK_C_LoginUser = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + userType: CK_USER_TYPE, + pPin: CK_UTF8CHAR_PTR, + ulPinLen: CK_ULONG, + pUsername: CK_UTF8CHAR_PTR, + ulUsernameLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_SessionCancel = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, flags: CK_FLAGS) -> CK_RV, +>; +pub type CK_C_MessageEncryptInit = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_EncryptMessage = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pAssociatedData: CK_BYTE_PTR, + ulAssociatedDataLen: CK_ULONG, + pPlaintext: CK_BYTE_PTR, + ulPlaintextLen: CK_ULONG, + pCiphertext: CK_BYTE_PTR, + pulCiphertextLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_EncryptMessageBegin = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pAssociatedData: CK_BYTE_PTR, + ulAssociatedDataLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_EncryptMessageNext = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pPlaintextPart: CK_BYTE_PTR, + ulPlaintextPartLen: CK_ULONG, + pCiphertextPart: CK_BYTE_PTR, + pulCiphertextPartLen: CK_ULONG_PTR, + flags: CK_FLAGS, + ) -> CK_RV, +>; +pub type CK_C_MessageEncryptFinal = + ::std::option::Option CK_RV>; +pub type CK_C_MessageDecryptInit = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_DecryptMessage = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pAssociatedData: CK_BYTE_PTR, + ulAssociatedDataLen: CK_ULONG, + pCiphertext: CK_BYTE_PTR, + ulCiphertextLen: CK_ULONG, + pPlaintext: CK_BYTE_PTR, + pulPlaintextLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_DecryptMessageBegin = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pAssociatedData: CK_BYTE_PTR, + ulAssociatedDataLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_DecryptMessageNext = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pCiphertextPart: CK_BYTE_PTR, + ulCiphertextPartLen: CK_ULONG, + pPlaintextPart: CK_BYTE_PTR, + pulPlaintextPartLen: CK_ULONG_PTR, + flags: CK_FLAGS, + ) -> CK_RV, +>; +pub type CK_C_MessageDecryptFinal = + ::std::option::Option CK_RV>; +pub type CK_C_MessageSignInit = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_SignMessage = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + pulSignatureLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_SignMessageBegin = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_SignMessageNext = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + pulSignatureLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_MessageSignFinal = + ::std::option::Option CK_RV>; +pub type CK_C_MessageVerifyInit = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_VerifyMessage = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + ulSignatureLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_VerifyMessageBegin = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_VerifyMessageNext = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + ulSignatureLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_MessageVerifyFinal = + ::std::option::Option CK_RV>; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_FUNCTION_LIST_3_0 { + pub version: CK_VERSION, + pub C_Initialize: CK_C_Initialize, + pub C_Finalize: CK_C_Finalize, + pub C_GetInfo: CK_C_GetInfo, + pub C_GetFunctionList: CK_C_GetFunctionList, + pub C_GetSlotList: CK_C_GetSlotList, + pub C_GetSlotInfo: CK_C_GetSlotInfo, + pub C_GetTokenInfo: CK_C_GetTokenInfo, + pub C_GetMechanismList: CK_C_GetMechanismList, + pub C_GetMechanismInfo: CK_C_GetMechanismInfo, + pub C_InitToken: CK_C_InitToken, + pub C_InitPIN: CK_C_InitPIN, + pub C_SetPIN: CK_C_SetPIN, + pub C_OpenSession: CK_C_OpenSession, + pub C_CloseSession: CK_C_CloseSession, + pub C_CloseAllSessions: CK_C_CloseAllSessions, + pub C_GetSessionInfo: CK_C_GetSessionInfo, + pub C_GetOperationState: CK_C_GetOperationState, + pub C_SetOperationState: CK_C_SetOperationState, + pub C_Login: CK_C_Login, + pub C_Logout: CK_C_Logout, + pub C_CreateObject: CK_C_CreateObject, + pub C_CopyObject: CK_C_CopyObject, + pub C_DestroyObject: CK_C_DestroyObject, + pub C_GetObjectSize: CK_C_GetObjectSize, + pub C_GetAttributeValue: CK_C_GetAttributeValue, + pub C_SetAttributeValue: CK_C_SetAttributeValue, + pub C_FindObjectsInit: CK_C_FindObjectsInit, + pub C_FindObjects: CK_C_FindObjects, + pub C_FindObjectsFinal: CK_C_FindObjectsFinal, + pub C_EncryptInit: CK_C_EncryptInit, + pub C_Encrypt: CK_C_Encrypt, + pub C_EncryptUpdate: CK_C_EncryptUpdate, + pub C_EncryptFinal: CK_C_EncryptFinal, + pub C_DecryptInit: CK_C_DecryptInit, + pub C_Decrypt: CK_C_Decrypt, + pub C_DecryptUpdate: CK_C_DecryptUpdate, + pub C_DecryptFinal: CK_C_DecryptFinal, + pub C_DigestInit: CK_C_DigestInit, + pub C_Digest: CK_C_Digest, + pub C_DigestUpdate: CK_C_DigestUpdate, + pub C_DigestKey: CK_C_DigestKey, + pub C_DigestFinal: CK_C_DigestFinal, + pub C_SignInit: CK_C_SignInit, + pub C_Sign: CK_C_Sign, + pub C_SignUpdate: CK_C_SignUpdate, + pub C_SignFinal: CK_C_SignFinal, + pub C_SignRecoverInit: CK_C_SignRecoverInit, + pub C_SignRecover: CK_C_SignRecover, + pub C_VerifyInit: CK_C_VerifyInit, + pub C_Verify: CK_C_Verify, + pub C_VerifyUpdate: CK_C_VerifyUpdate, + pub C_VerifyFinal: CK_C_VerifyFinal, + pub C_VerifyRecoverInit: CK_C_VerifyRecoverInit, + pub C_VerifyRecover: CK_C_VerifyRecover, + pub C_DigestEncryptUpdate: CK_C_DigestEncryptUpdate, + pub C_DecryptDigestUpdate: CK_C_DecryptDigestUpdate, + pub C_SignEncryptUpdate: CK_C_SignEncryptUpdate, + pub C_DecryptVerifyUpdate: CK_C_DecryptVerifyUpdate, + pub C_GenerateKey: CK_C_GenerateKey, + pub C_GenerateKeyPair: CK_C_GenerateKeyPair, + pub C_WrapKey: CK_C_WrapKey, + pub C_UnwrapKey: CK_C_UnwrapKey, + pub C_DeriveKey: CK_C_DeriveKey, + pub C_SeedRandom: CK_C_SeedRandom, + pub C_GenerateRandom: CK_C_GenerateRandom, + pub C_GetFunctionStatus: CK_C_GetFunctionStatus, + pub C_CancelFunction: CK_C_CancelFunction, + pub C_WaitForSlotEvent: CK_C_WaitForSlotEvent, + pub C_GetInterfaceList: CK_C_GetInterfaceList, + pub C_GetInterface: CK_C_GetInterface, + pub C_LoginUser: CK_C_LoginUser, + pub C_SessionCancel: CK_C_SessionCancel, + pub C_MessageEncryptInit: CK_C_MessageEncryptInit, + pub C_EncryptMessage: CK_C_EncryptMessage, + pub C_EncryptMessageBegin: CK_C_EncryptMessageBegin, + pub C_EncryptMessageNext: CK_C_EncryptMessageNext, + pub C_MessageEncryptFinal: CK_C_MessageEncryptFinal, + pub C_MessageDecryptInit: CK_C_MessageDecryptInit, + pub C_DecryptMessage: CK_C_DecryptMessage, + pub C_DecryptMessageBegin: CK_C_DecryptMessageBegin, + pub C_DecryptMessageNext: CK_C_DecryptMessageNext, + pub C_MessageDecryptFinal: CK_C_MessageDecryptFinal, + pub C_MessageSignInit: CK_C_MessageSignInit, + pub C_SignMessage: CK_C_SignMessage, + pub C_SignMessageBegin: CK_C_SignMessageBegin, + pub C_SignMessageNext: CK_C_SignMessageNext, + pub C_MessageSignFinal: CK_C_MessageSignFinal, + pub C_MessageVerifyInit: CK_C_MessageVerifyInit, + pub C_VerifyMessage: CK_C_VerifyMessage, + pub C_VerifyMessageBegin: CK_C_VerifyMessageBegin, + pub C_VerifyMessageNext: CK_C_VerifyMessageNext, + pub C_MessageVerifyFinal: CK_C_MessageVerifyFinal, +} +#[test] +fn bindgen_test_layout_CK_FUNCTION_LIST_3_0() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 744usize, + concat!("Size of: ", stringify!(CK_FUNCTION_LIST_3_0)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_FUNCTION_LIST_3_0)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).version) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(version) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Initialize) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_Initialize) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Finalize) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_Finalize) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetInfo) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetFunctionList) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetFunctionList) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetSlotList) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetSlotList) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetSlotInfo) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetSlotInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetTokenInfo) as usize - ptr as usize }, + 56usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetTokenInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetMechanismList) as usize - ptr as usize }, + 64usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetMechanismList) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetMechanismInfo) as usize - ptr as usize }, + 72usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetMechanismInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_InitToken) as usize - ptr as usize }, + 80usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_InitToken) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_InitPIN) as usize - ptr as usize }, + 88usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_InitPIN) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SetPIN) as usize - ptr as usize }, + 96usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SetPIN) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_OpenSession) as usize - ptr as usize }, + 104usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_OpenSession) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_CloseSession) as usize - ptr as usize }, + 112usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_CloseSession) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_CloseAllSessions) as usize - ptr as usize }, + 120usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_CloseAllSessions) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetSessionInfo) as usize - ptr as usize }, + 128usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetSessionInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetOperationState) as usize - ptr as usize }, + 136usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetOperationState) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SetOperationState) as usize - ptr as usize }, + 144usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SetOperationState) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Login) as usize - ptr as usize }, + 152usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_Login) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Logout) as usize - ptr as usize }, + 160usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_Logout) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_CreateObject) as usize - ptr as usize }, + 168usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_CreateObject) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_CopyObject) as usize - ptr as usize }, + 176usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_CopyObject) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DestroyObject) as usize - ptr as usize }, + 184usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DestroyObject) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetObjectSize) as usize - ptr as usize }, + 192usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetObjectSize) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetAttributeValue) as usize - ptr as usize }, + 200usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetAttributeValue) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SetAttributeValue) as usize - ptr as usize }, + 208usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SetAttributeValue) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_FindObjectsInit) as usize - ptr as usize }, + 216usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_FindObjectsInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_FindObjects) as usize - ptr as usize }, + 224usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_FindObjects) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_FindObjectsFinal) as usize - ptr as usize }, + 232usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_FindObjectsFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_EncryptInit) as usize - ptr as usize }, + 240usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_EncryptInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Encrypt) as usize - ptr as usize }, + 248usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_Encrypt) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_EncryptUpdate) as usize - ptr as usize }, + 256usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_EncryptUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_EncryptFinal) as usize - ptr as usize }, + 264usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_EncryptFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptInit) as usize - ptr as usize }, + 272usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DecryptInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Decrypt) as usize - ptr as usize }, + 280usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_Decrypt) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptUpdate) as usize - ptr as usize }, + 288usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DecryptUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptFinal) as usize - ptr as usize }, + 296usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DecryptFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DigestInit) as usize - ptr as usize }, + 304usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DigestInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Digest) as usize - ptr as usize }, + 312usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_Digest) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DigestUpdate) as usize - ptr as usize }, + 320usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DigestUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DigestKey) as usize - ptr as usize }, + 328usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DigestKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DigestFinal) as usize - ptr as usize }, + 336usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DigestFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignInit) as usize - ptr as usize }, + 344usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SignInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Sign) as usize - ptr as usize }, + 352usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_Sign) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignUpdate) as usize - ptr as usize }, + 360usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SignUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignFinal) as usize - ptr as usize }, + 368usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SignFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignRecoverInit) as usize - ptr as usize }, + 376usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SignRecoverInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignRecover) as usize - ptr as usize }, + 384usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SignRecover) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyInit) as usize - ptr as usize }, + 392usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_VerifyInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Verify) as usize - ptr as usize }, + 400usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_Verify) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyUpdate) as usize - ptr as usize }, + 408usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_VerifyUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyFinal) as usize - ptr as usize }, + 416usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_VerifyFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyRecoverInit) as usize - ptr as usize }, + 424usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_VerifyRecoverInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyRecover) as usize - ptr as usize }, + 432usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_VerifyRecover) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DigestEncryptUpdate) as usize - ptr as usize }, + 440usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DigestEncryptUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptDigestUpdate) as usize - ptr as usize }, + 448usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DecryptDigestUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignEncryptUpdate) as usize - ptr as usize }, + 456usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SignEncryptUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptVerifyUpdate) as usize - ptr as usize }, + 464usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DecryptVerifyUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GenerateKey) as usize - ptr as usize }, + 472usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GenerateKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GenerateKeyPair) as usize - ptr as usize }, + 480usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GenerateKeyPair) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_WrapKey) as usize - ptr as usize }, + 488usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_WrapKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_UnwrapKey) as usize - ptr as usize }, + 496usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_UnwrapKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DeriveKey) as usize - ptr as usize }, + 504usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DeriveKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SeedRandom) as usize - ptr as usize }, + 512usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SeedRandom) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GenerateRandom) as usize - ptr as usize }, + 520usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GenerateRandom) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetFunctionStatus) as usize - ptr as usize }, + 528usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetFunctionStatus) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_CancelFunction) as usize - ptr as usize }, + 536usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_CancelFunction) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_WaitForSlotEvent) as usize - ptr as usize }, + 544usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_WaitForSlotEvent) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetInterfaceList) as usize - ptr as usize }, + 552usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetInterfaceList) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetInterface) as usize - ptr as usize }, + 560usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetInterface) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_LoginUser) as usize - ptr as usize }, + 568usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_LoginUser) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SessionCancel) as usize - ptr as usize }, + 576usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SessionCancel) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_MessageEncryptInit) as usize - ptr as usize }, + 584usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_MessageEncryptInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_EncryptMessage) as usize - ptr as usize }, + 592usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_EncryptMessage) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_EncryptMessageBegin) as usize - ptr as usize }, + 600usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_EncryptMessageBegin) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_EncryptMessageNext) as usize - ptr as usize }, + 608usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_EncryptMessageNext) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_MessageEncryptFinal) as usize - ptr as usize }, + 616usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_MessageEncryptFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_MessageDecryptInit) as usize - ptr as usize }, + 624usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_MessageDecryptInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptMessage) as usize - ptr as usize }, + 632usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DecryptMessage) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptMessageBegin) as usize - ptr as usize }, + 640usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DecryptMessageBegin) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptMessageNext) as usize - ptr as usize }, + 648usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DecryptMessageNext) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_MessageDecryptFinal) as usize - ptr as usize }, + 656usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_MessageDecryptFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_MessageSignInit) as usize - ptr as usize }, + 664usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_MessageSignInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignMessage) as usize - ptr as usize }, + 672usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SignMessage) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignMessageBegin) as usize - ptr as usize }, + 680usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SignMessageBegin) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignMessageNext) as usize - ptr as usize }, + 688usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SignMessageNext) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_MessageSignFinal) as usize - ptr as usize }, + 696usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_MessageSignFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_MessageVerifyInit) as usize - ptr as usize }, + 704usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_MessageVerifyInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyMessage) as usize - ptr as usize }, + 712usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_VerifyMessage) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyMessageBegin) as usize - ptr as usize }, + 720usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_VerifyMessageBegin) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyMessageNext) as usize - ptr as usize }, + 728usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_VerifyMessageNext) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_MessageVerifyFinal) as usize - ptr as usize }, + 736usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_MessageVerifyFinal) + ) + ); +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_FUNCTION_LIST { + pub version: CK_VERSION, + pub C_Initialize: CK_C_Initialize, + pub C_Finalize: CK_C_Finalize, + pub C_GetInfo: CK_C_GetInfo, + pub C_GetFunctionList: CK_C_GetFunctionList, + pub C_GetSlotList: CK_C_GetSlotList, + pub C_GetSlotInfo: CK_C_GetSlotInfo, + pub C_GetTokenInfo: CK_C_GetTokenInfo, + pub C_GetMechanismList: CK_C_GetMechanismList, + pub C_GetMechanismInfo: CK_C_GetMechanismInfo, + pub C_InitToken: CK_C_InitToken, + pub C_InitPIN: CK_C_InitPIN, + pub C_SetPIN: CK_C_SetPIN, + pub C_OpenSession: CK_C_OpenSession, + pub C_CloseSession: CK_C_CloseSession, + pub C_CloseAllSessions: CK_C_CloseAllSessions, + pub C_GetSessionInfo: CK_C_GetSessionInfo, + pub C_GetOperationState: CK_C_GetOperationState, + pub C_SetOperationState: CK_C_SetOperationState, + pub C_Login: CK_C_Login, + pub C_Logout: CK_C_Logout, + pub C_CreateObject: CK_C_CreateObject, + pub C_CopyObject: CK_C_CopyObject, + pub C_DestroyObject: CK_C_DestroyObject, + pub C_GetObjectSize: CK_C_GetObjectSize, + pub C_GetAttributeValue: CK_C_GetAttributeValue, + pub C_SetAttributeValue: CK_C_SetAttributeValue, + pub C_FindObjectsInit: CK_C_FindObjectsInit, + pub C_FindObjects: CK_C_FindObjects, + pub C_FindObjectsFinal: CK_C_FindObjectsFinal, + pub C_EncryptInit: CK_C_EncryptInit, + pub C_Encrypt: CK_C_Encrypt, + pub C_EncryptUpdate: CK_C_EncryptUpdate, + pub C_EncryptFinal: CK_C_EncryptFinal, + pub C_DecryptInit: CK_C_DecryptInit, + pub C_Decrypt: CK_C_Decrypt, + pub C_DecryptUpdate: CK_C_DecryptUpdate, + pub C_DecryptFinal: CK_C_DecryptFinal, + pub C_DigestInit: CK_C_DigestInit, + pub C_Digest: CK_C_Digest, + pub C_DigestUpdate: CK_C_DigestUpdate, + pub C_DigestKey: CK_C_DigestKey, + pub C_DigestFinal: CK_C_DigestFinal, + pub C_SignInit: CK_C_SignInit, + pub C_Sign: CK_C_Sign, + pub C_SignUpdate: CK_C_SignUpdate, + pub C_SignFinal: CK_C_SignFinal, + pub C_SignRecoverInit: CK_C_SignRecoverInit, + pub C_SignRecover: CK_C_SignRecover, + pub C_VerifyInit: CK_C_VerifyInit, + pub C_Verify: CK_C_Verify, + pub C_VerifyUpdate: CK_C_VerifyUpdate, + pub C_VerifyFinal: CK_C_VerifyFinal, + pub C_VerifyRecoverInit: CK_C_VerifyRecoverInit, + pub C_VerifyRecover: CK_C_VerifyRecover, + pub C_DigestEncryptUpdate: CK_C_DigestEncryptUpdate, + pub C_DecryptDigestUpdate: CK_C_DecryptDigestUpdate, + pub C_SignEncryptUpdate: CK_C_SignEncryptUpdate, + pub C_DecryptVerifyUpdate: CK_C_DecryptVerifyUpdate, + pub C_GenerateKey: CK_C_GenerateKey, + pub C_GenerateKeyPair: CK_C_GenerateKeyPair, + pub C_WrapKey: CK_C_WrapKey, + pub C_UnwrapKey: CK_C_UnwrapKey, + pub C_DeriveKey: CK_C_DeriveKey, + pub C_SeedRandom: CK_C_SeedRandom, + pub C_GenerateRandom: CK_C_GenerateRandom, + pub C_GetFunctionStatus: CK_C_GetFunctionStatus, + pub C_CancelFunction: CK_C_CancelFunction, + pub C_WaitForSlotEvent: CK_C_WaitForSlotEvent, +} +#[test] +fn bindgen_test_layout_CK_FUNCTION_LIST() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 552usize, + concat!("Size of: ", stringify!(CK_FUNCTION_LIST)) + ); + assert_eq!( + ::std::mem::align_of::(), + 8usize, + concat!("Alignment of ", stringify!(CK_FUNCTION_LIST)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).version) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(version) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Initialize) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_Initialize) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Finalize) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_Finalize) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetInfo) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GetInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetFunctionList) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GetFunctionList) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetSlotList) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GetSlotList) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetSlotInfo) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GetSlotInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetTokenInfo) as usize - ptr as usize }, + 56usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GetTokenInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetMechanismList) as usize - ptr as usize }, + 64usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GetMechanismList) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetMechanismInfo) as usize - ptr as usize }, + 72usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GetMechanismInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_InitToken) as usize - ptr as usize }, + 80usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_InitToken) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_InitPIN) as usize - ptr as usize }, + 88usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_InitPIN) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SetPIN) as usize - ptr as usize }, + 96usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_SetPIN) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_OpenSession) as usize - ptr as usize }, + 104usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_OpenSession) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_CloseSession) as usize - ptr as usize }, + 112usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_CloseSession) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_CloseAllSessions) as usize - ptr as usize }, + 120usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_CloseAllSessions) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetSessionInfo) as usize - ptr as usize }, + 128usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GetSessionInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetOperationState) as usize - ptr as usize }, + 136usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GetOperationState) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SetOperationState) as usize - ptr as usize }, + 144usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_SetOperationState) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Login) as usize - ptr as usize }, + 152usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_Login) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Logout) as usize - ptr as usize }, + 160usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_Logout) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_CreateObject) as usize - ptr as usize }, + 168usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_CreateObject) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_CopyObject) as usize - ptr as usize }, + 176usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_CopyObject) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DestroyObject) as usize - ptr as usize }, + 184usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_DestroyObject) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetObjectSize) as usize - ptr as usize }, + 192usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GetObjectSize) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetAttributeValue) as usize - ptr as usize }, + 200usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GetAttributeValue) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SetAttributeValue) as usize - ptr as usize }, + 208usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_SetAttributeValue) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_FindObjectsInit) as usize - ptr as usize }, + 216usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_FindObjectsInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_FindObjects) as usize - ptr as usize }, + 224usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_FindObjects) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_FindObjectsFinal) as usize - ptr as usize }, + 232usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_FindObjectsFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_EncryptInit) as usize - ptr as usize }, + 240usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_EncryptInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Encrypt) as usize - ptr as usize }, + 248usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_Encrypt) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_EncryptUpdate) as usize - ptr as usize }, + 256usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_EncryptUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_EncryptFinal) as usize - ptr as usize }, + 264usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_EncryptFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptInit) as usize - ptr as usize }, + 272usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_DecryptInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Decrypt) as usize - ptr as usize }, + 280usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_Decrypt) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptUpdate) as usize - ptr as usize }, + 288usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_DecryptUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptFinal) as usize - ptr as usize }, + 296usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_DecryptFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DigestInit) as usize - ptr as usize }, + 304usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_DigestInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Digest) as usize - ptr as usize }, + 312usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_Digest) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DigestUpdate) as usize - ptr as usize }, + 320usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_DigestUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DigestKey) as usize - ptr as usize }, + 328usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_DigestKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DigestFinal) as usize - ptr as usize }, + 336usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_DigestFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignInit) as usize - ptr as usize }, + 344usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_SignInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Sign) as usize - ptr as usize }, + 352usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_Sign) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignUpdate) as usize - ptr as usize }, + 360usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_SignUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignFinal) as usize - ptr as usize }, + 368usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_SignFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignRecoverInit) as usize - ptr as usize }, + 376usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_SignRecoverInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignRecover) as usize - ptr as usize }, + 384usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_SignRecover) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyInit) as usize - ptr as usize }, + 392usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_VerifyInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Verify) as usize - ptr as usize }, + 400usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_Verify) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyUpdate) as usize - ptr as usize }, + 408usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_VerifyUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyFinal) as usize - ptr as usize }, + 416usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_VerifyFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyRecoverInit) as usize - ptr as usize }, + 424usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_VerifyRecoverInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyRecover) as usize - ptr as usize }, + 432usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_VerifyRecover) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DigestEncryptUpdate) as usize - ptr as usize }, + 440usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_DigestEncryptUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptDigestUpdate) as usize - ptr as usize }, + 448usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_DecryptDigestUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignEncryptUpdate) as usize - ptr as usize }, + 456usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_SignEncryptUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptVerifyUpdate) as usize - ptr as usize }, + 464usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_DecryptVerifyUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GenerateKey) as usize - ptr as usize }, + 472usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GenerateKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GenerateKeyPair) as usize - ptr as usize }, + 480usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GenerateKeyPair) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_WrapKey) as usize - ptr as usize }, + 488usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_WrapKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_UnwrapKey) as usize - ptr as usize }, + 496usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_UnwrapKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DeriveKey) as usize - ptr as usize }, + 504usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_DeriveKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SeedRandom) as usize - ptr as usize }, + 512usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_SeedRandom) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GenerateRandom) as usize - ptr as usize }, + 520usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GenerateRandom) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetFunctionStatus) as usize - ptr as usize }, + 528usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GetFunctionStatus) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_CancelFunction) as usize - ptr as usize }, + 536usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_CancelFunction) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_WaitForSlotEvent) as usize - ptr as usize }, + 544usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_WaitForSlotEvent) + ) + ); +} diff --git a/crate/pkcs11/sys/src/pkcs11_windows.rs b/crate/pkcs11/sys/src/pkcs11_windows.rs new file mode 100644 index 000000000..b8c62e88f --- /dev/null +++ b/crate/pkcs11/sys/src/pkcs11_windows.rs @@ -0,0 +1,11722 @@ +/* automatically generated by rust-bindgen 0.63.0 */ + +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +pub const NULL_PTR: u32 = 0; +pub const CRYPTOKI_VERSION_MAJOR: CK_BYTE = 3; +pub const CRYPTOKI_VERSION_MINOR: CK_BYTE = 1; +pub const CRYPTOKI_VERSION_AMENDMENT: CK_BYTE = 0; +pub const CK_TRUE: CK_BBOOL = 1; +pub const CK_FALSE: CK_BBOOL = 0; +pub const FALSE: u32 = 0; +pub const TRUE: u32 = 1; +pub const CK_EFFECTIVELY_INFINITE: CK_ULONG = 0; +pub const CK_INVALID_HANDLE: CK_ULONG = 0; +pub const CKN_SURRENDER: CK_NOTIFICATION = 0; +pub const CKN_OTP_CHANGED: CK_NOTIFICATION = 1; +pub const CKF_TOKEN_PRESENT: CK_FLAGS = 1; +pub const CKF_REMOVABLE_DEVICE: CK_FLAGS = 2; +pub const CKF_HW_SLOT: CK_FLAGS = 4; +pub const CKF_RNG: CK_FLAGS = 1; +pub const CKF_WRITE_PROTECTED: CK_FLAGS = 2; +pub const CKF_LOGIN_REQUIRED: CK_FLAGS = 4; +pub const CKF_USER_PIN_INITIALIZED: CK_FLAGS = 8; +pub const CKF_RESTORE_KEY_NOT_NEEDED: CK_FLAGS = 32; +pub const CKF_CLOCK_ON_TOKEN: CK_FLAGS = 64; +pub const CKF_PROTECTED_AUTHENTICATION_PATH: CK_FLAGS = 256; +pub const CKF_DUAL_CRYPTO_OPERATIONS: CK_FLAGS = 512; +pub const CKF_TOKEN_INITIALIZED: CK_FLAGS = 1024; +pub const CKF_SECONDARY_AUTHENTICATION: CK_FLAGS = 2048; +pub const CKF_USER_PIN_COUNT_LOW: CK_FLAGS = 65536; +pub const CKF_USER_PIN_FINAL_TRY: CK_FLAGS = 131072; +pub const CKF_USER_PIN_LOCKED: CK_FLAGS = 262144; +pub const CKF_USER_PIN_TO_BE_CHANGED: CK_FLAGS = 524288; +pub const CKF_SO_PIN_COUNT_LOW: CK_FLAGS = 1048576; +pub const CKF_SO_PIN_FINAL_TRY: CK_FLAGS = 2097152; +pub const CKF_SO_PIN_LOCKED: CK_FLAGS = 4194304; +pub const CKF_SO_PIN_TO_BE_CHANGED: CK_FLAGS = 8388608; +pub const CKF_ERROR_STATE: CK_FLAGS = 16777216; +pub const CKU_SO: CK_USER_TYPE = 0; +pub const CKU_USER: CK_USER_TYPE = 1; +pub const CKU_CONTEXT_SPECIFIC: CK_USER_TYPE = 2; +pub const CKS_RO_PUBLIC_SESSION: CK_STATE = 0; +pub const CKS_RO_USER_FUNCTIONS: CK_STATE = 1; +pub const CKS_RW_PUBLIC_SESSION: CK_STATE = 2; +pub const CKS_RW_USER_FUNCTIONS: CK_STATE = 3; +pub const CKS_RW_SO_FUNCTIONS: CK_STATE = 4; +pub const CKF_RW_SESSION: CK_FLAGS = 2; +pub const CKF_SERIAL_SESSION: CK_FLAGS = 4; +pub const CKO_DATA: CK_OBJECT_CLASS = 0; +pub const CKO_CERTIFICATE: CK_OBJECT_CLASS = 1; +pub const CKO_PUBLIC_KEY: CK_OBJECT_CLASS = 2; +pub const CKO_PRIVATE_KEY: CK_OBJECT_CLASS = 3; +pub const CKO_SECRET_KEY: CK_OBJECT_CLASS = 4; +pub const CKO_HW_FEATURE: CK_OBJECT_CLASS = 5; +pub const CKO_DOMAIN_PARAMETERS: CK_OBJECT_CLASS = 6; +pub const CKO_MECHANISM: CK_OBJECT_CLASS = 7; +pub const CKO_OTP_KEY: CK_OBJECT_CLASS = 8; +pub const CKO_PROFILE: CK_OBJECT_CLASS = 9; +pub const CKO_VENDOR_DEFINED: CK_OBJECT_CLASS = 2147483648; +pub const CKP_INVALID_ID: CK_PROFILE_ID = 0; +pub const CKP_BASELINE_PROVIDER: CK_PROFILE_ID = 1; +pub const CKP_EXTENDED_PROVIDER: CK_PROFILE_ID = 2; +pub const CKP_AUTHENTICATION_TOKEN: CK_PROFILE_ID = 3; +pub const CKP_PUBLIC_CERTIFICATES_TOKEN: CK_PROFILE_ID = 4; +pub const CKP_COMPLETE_PROVIDER: CK_PROFILE_ID = 5; +pub const CKP_HKDF_TLS_TOKEN: CK_PROFILE_ID = 6; +pub const CKP_VENDOR_DEFINED: CK_PROFILE_ID = 2147483648; +pub const CKH_MONOTONIC_COUNTER: CK_HW_FEATURE_TYPE = 1; +pub const CKH_CLOCK: CK_HW_FEATURE_TYPE = 2; +pub const CKH_USER_INTERFACE: CK_HW_FEATURE_TYPE = 3; +pub const CKH_VENDOR_DEFINED: CK_HW_FEATURE_TYPE = 2147483648; +pub const CKK_RSA: CK_KEY_TYPE = 0; +pub const CKK_DSA: CK_KEY_TYPE = 1; +pub const CKK_DH: CK_KEY_TYPE = 2; +pub const CKK_ECDSA: CK_KEY_TYPE = 3; +pub const CKK_EC: CK_KEY_TYPE = 3; +pub const CKK_X9_42_DH: CK_KEY_TYPE = 4; +pub const CKK_KEA: CK_KEY_TYPE = 5; +pub const CKK_GENERIC_SECRET: CK_KEY_TYPE = 16; +pub const CKK_RC2: CK_KEY_TYPE = 17; +pub const CKK_RC4: CK_KEY_TYPE = 18; +pub const CKK_DES: CK_KEY_TYPE = 19; +pub const CKK_DES2: CK_KEY_TYPE = 20; +pub const CKK_DES3: CK_KEY_TYPE = 21; +pub const CKK_CAST: CK_KEY_TYPE = 22; +pub const CKK_CAST3: CK_KEY_TYPE = 23; +pub const CKK_CAST5: CK_KEY_TYPE = 24; +pub const CKK_CAST128: CK_KEY_TYPE = 24; +pub const CKK_RC5: CK_KEY_TYPE = 25; +pub const CKK_IDEA: CK_KEY_TYPE = 26; +pub const CKK_SKIPJACK: CK_KEY_TYPE = 27; +pub const CKK_BATON: CK_KEY_TYPE = 28; +pub const CKK_JUNIPER: CK_KEY_TYPE = 29; +pub const CKK_CDMF: CK_KEY_TYPE = 30; +pub const CKK_AES: CK_KEY_TYPE = 31; +pub const CKK_BLOWFISH: CK_KEY_TYPE = 32; +pub const CKK_TWOFISH: CK_KEY_TYPE = 33; +pub const CKK_SECURID: CK_KEY_TYPE = 34; +pub const CKK_HOTP: CK_KEY_TYPE = 35; +pub const CKK_ACTI: CK_KEY_TYPE = 36; +pub const CKK_CAMELLIA: CK_KEY_TYPE = 37; +pub const CKK_ARIA: CK_KEY_TYPE = 38; +pub const CKK_MD5_HMAC: CK_KEY_TYPE = 39; +pub const CKK_SHA_1_HMAC: CK_KEY_TYPE = 40; +pub const CKK_RIPEMD128_HMAC: CK_KEY_TYPE = 41; +pub const CKK_RIPEMD160_HMAC: CK_KEY_TYPE = 42; +pub const CKK_SHA256_HMAC: CK_KEY_TYPE = 43; +pub const CKK_SHA384_HMAC: CK_KEY_TYPE = 44; +pub const CKK_SHA512_HMAC: CK_KEY_TYPE = 45; +pub const CKK_SHA224_HMAC: CK_KEY_TYPE = 46; +pub const CKK_SEED: CK_KEY_TYPE = 47; +pub const CKK_GOSTR3410: CK_KEY_TYPE = 48; +pub const CKK_GOSTR3411: CK_KEY_TYPE = 49; +pub const CKK_GOST28147: CK_KEY_TYPE = 50; +pub const CKK_CHACHA20: CK_KEY_TYPE = 51; +pub const CKK_POLY1305: CK_KEY_TYPE = 52; +pub const CKK_AES_XTS: CK_KEY_TYPE = 53; +pub const CKK_SHA3_224_HMAC: CK_KEY_TYPE = 54; +pub const CKK_SHA3_256_HMAC: CK_KEY_TYPE = 55; +pub const CKK_SHA3_384_HMAC: CK_KEY_TYPE = 56; +pub const CKK_SHA3_512_HMAC: CK_KEY_TYPE = 57; +pub const CKK_BLAKE2B_160_HMAC: CK_KEY_TYPE = 58; +pub const CKK_BLAKE2B_256_HMAC: CK_KEY_TYPE = 59; +pub const CKK_BLAKE2B_384_HMAC: CK_KEY_TYPE = 60; +pub const CKK_BLAKE2B_512_HMAC: CK_KEY_TYPE = 61; +pub const CKK_SALSA20: CK_KEY_TYPE = 62; +pub const CKK_X2RATCHET: CK_KEY_TYPE = 63; +pub const CKK_EC_EDWARDS: CK_KEY_TYPE = 64; +pub const CKK_EC_MONTGOMERY: CK_KEY_TYPE = 65; +pub const CKK_HKDF: CK_KEY_TYPE = 66; +pub const CKK_SHA512_224_HMAC: CK_KEY_TYPE = 67; +pub const CKK_SHA512_256_HMAC: CK_KEY_TYPE = 68; +pub const CKK_SHA512_T_HMAC: CK_KEY_TYPE = 69; +pub const CKK_HSS: CK_KEY_TYPE = 70; +pub const CKK_VENDOR_DEFINED: CK_KEY_TYPE = 2147483648; +pub const CK_CERTIFICATE_CATEGORY_UNSPECIFIED: CK_ULONG = 0; +pub const CK_CERTIFICATE_CATEGORY_TOKEN_USER: CK_ULONG = 1; +pub const CK_CERTIFICATE_CATEGORY_AUTHORITY: CK_ULONG = 2; +pub const CK_CERTIFICATE_CATEGORY_OTHER_ENTITY: CK_ULONG = 3; +pub const CK_SECURITY_DOMAIN_UNSPECIFIED: CK_ULONG = 0; +pub const CK_SECURITY_DOMAIN_MANUFACTURER: CK_ULONG = 1; +pub const CK_SECURITY_DOMAIN_OPERATOR: CK_ULONG = 2; +pub const CK_SECURITY_DOMAIN_THIRD_PARTY: CK_ULONG = 3; +pub const CKC_X_509: CK_CERTIFICATE_TYPE = 0; +pub const CKC_X_509_ATTR_CERT: CK_CERTIFICATE_TYPE = 1; +pub const CKC_WTLS: CK_CERTIFICATE_TYPE = 2; +pub const CKC_VENDOR_DEFINED: CK_CERTIFICATE_TYPE = 2147483648; +pub const CKF_ARRAY_ATTRIBUTE: CK_FLAGS = 1073741824; +pub const CK_OTP_FORMAT_DECIMAL: CK_ULONG = 0; +pub const CK_OTP_FORMAT_HEXADECIMAL: CK_ULONG = 1; +pub const CK_OTP_FORMAT_ALPHANUMERIC: CK_ULONG = 2; +pub const CK_OTP_FORMAT_BINARY: CK_ULONG = 3; +pub const CK_OTP_PARAM_IGNORED: CK_ULONG = 0; +pub const CK_OTP_PARAM_OPTIONAL: CK_ULONG = 1; +pub const CK_OTP_PARAM_MANDATORY: CK_ULONG = 2; +pub const CKA_CLASS: CK_ATTRIBUTE_TYPE = 0; +pub const CKA_TOKEN: CK_ATTRIBUTE_TYPE = 1; +pub const CKA_PRIVATE: CK_ATTRIBUTE_TYPE = 2; +pub const CKA_LABEL: CK_ATTRIBUTE_TYPE = 3; +pub const CKA_UNIQUE_ID: CK_ATTRIBUTE_TYPE = 4; +pub const CKA_APPLICATION: CK_ATTRIBUTE_TYPE = 16; +pub const CKA_VALUE: CK_ATTRIBUTE_TYPE = 17; +pub const CKA_OBJECT_ID: CK_ATTRIBUTE_TYPE = 18; +pub const CKA_CERTIFICATE_TYPE: CK_ATTRIBUTE_TYPE = 128; +pub const CKA_ISSUER: CK_ATTRIBUTE_TYPE = 129; +pub const CKA_SERIAL_NUMBER: CK_ATTRIBUTE_TYPE = 130; +pub const CKA_AC_ISSUER: CK_ATTRIBUTE_TYPE = 131; +pub const CKA_OWNER: CK_ATTRIBUTE_TYPE = 132; +pub const CKA_ATTR_TYPES: CK_ATTRIBUTE_TYPE = 133; +pub const CKA_TRUSTED: CK_ATTRIBUTE_TYPE = 134; +pub const CKA_CERTIFICATE_CATEGORY: CK_ATTRIBUTE_TYPE = 135; +pub const CKA_JAVA_MIDP_SECURITY_DOMAIN: CK_ATTRIBUTE_TYPE = 136; +pub const CKA_URL: CK_ATTRIBUTE_TYPE = 137; +pub const CKA_HASH_OF_SUBJECT_PUBLIC_KEY: CK_ATTRIBUTE_TYPE = 138; +pub const CKA_HASH_OF_ISSUER_PUBLIC_KEY: CK_ATTRIBUTE_TYPE = 139; +pub const CKA_NAME_HASH_ALGORITHM: CK_ATTRIBUTE_TYPE = 140; +pub const CKA_CHECK_VALUE: CK_ATTRIBUTE_TYPE = 144; +pub const CKA_KEY_TYPE: CK_ATTRIBUTE_TYPE = 256; +pub const CKA_SUBJECT: CK_ATTRIBUTE_TYPE = 257; +pub const CKA_ID: CK_ATTRIBUTE_TYPE = 258; +pub const CKA_SENSITIVE: CK_ATTRIBUTE_TYPE = 259; +pub const CKA_ENCRYPT: CK_ATTRIBUTE_TYPE = 260; +pub const CKA_DECRYPT: CK_ATTRIBUTE_TYPE = 261; +pub const CKA_WRAP: CK_ATTRIBUTE_TYPE = 262; +pub const CKA_UNWRAP: CK_ATTRIBUTE_TYPE = 263; +pub const CKA_SIGN: CK_ATTRIBUTE_TYPE = 264; +pub const CKA_SIGN_RECOVER: CK_ATTRIBUTE_TYPE = 265; +pub const CKA_VERIFY: CK_ATTRIBUTE_TYPE = 266; +pub const CKA_VERIFY_RECOVER: CK_ATTRIBUTE_TYPE = 267; +pub const CKA_DERIVE: CK_ATTRIBUTE_TYPE = 268; +pub const CKA_START_DATE: CK_ATTRIBUTE_TYPE = 272; +pub const CKA_END_DATE: CK_ATTRIBUTE_TYPE = 273; +pub const CKA_MODULUS: CK_ATTRIBUTE_TYPE = 288; +pub const CKA_MODULUS_BITS: CK_ATTRIBUTE_TYPE = 289; +pub const CKA_PUBLIC_EXPONENT: CK_ATTRIBUTE_TYPE = 290; +pub const CKA_PRIVATE_EXPONENT: CK_ATTRIBUTE_TYPE = 291; +pub const CKA_PRIME_1: CK_ATTRIBUTE_TYPE = 292; +pub const CKA_PRIME_2: CK_ATTRIBUTE_TYPE = 293; +pub const CKA_EXPONENT_1: CK_ATTRIBUTE_TYPE = 294; +pub const CKA_EXPONENT_2: CK_ATTRIBUTE_TYPE = 295; +pub const CKA_COEFFICIENT: CK_ATTRIBUTE_TYPE = 296; +pub const CKA_PUBLIC_KEY_INFO: CK_ATTRIBUTE_TYPE = 297; +pub const CKA_PRIME: CK_ATTRIBUTE_TYPE = 304; +pub const CKA_SUBPRIME: CK_ATTRIBUTE_TYPE = 305; +pub const CKA_BASE: CK_ATTRIBUTE_TYPE = 306; +pub const CKA_PRIME_BITS: CK_ATTRIBUTE_TYPE = 307; +pub const CKA_SUBPRIME_BITS: CK_ATTRIBUTE_TYPE = 308; +pub const CKA_SUB_PRIME_BITS: CK_ATTRIBUTE_TYPE = 308; +pub const CKA_VALUE_BITS: CK_ATTRIBUTE_TYPE = 352; +pub const CKA_VALUE_LEN: CK_ATTRIBUTE_TYPE = 353; +pub const CKA_EXTRACTABLE: CK_ATTRIBUTE_TYPE = 354; +pub const CKA_LOCAL: CK_ATTRIBUTE_TYPE = 355; +pub const CKA_NEVER_EXTRACTABLE: CK_ATTRIBUTE_TYPE = 356; +pub const CKA_ALWAYS_SENSITIVE: CK_ATTRIBUTE_TYPE = 357; +pub const CKA_KEY_GEN_MECHANISM: CK_ATTRIBUTE_TYPE = 358; +pub const CKA_MODIFIABLE: CK_ATTRIBUTE_TYPE = 368; +pub const CKA_COPYABLE: CK_ATTRIBUTE_TYPE = 369; +pub const CKA_DESTROYABLE: CK_ATTRIBUTE_TYPE = 370; +pub const CKA_ECDSA_PARAMS: CK_ATTRIBUTE_TYPE = 384; +pub const CKA_EC_PARAMS: CK_ATTRIBUTE_TYPE = 384; +pub const CKA_EC_POINT: CK_ATTRIBUTE_TYPE = 385; +pub const CKA_SECONDARY_AUTH: CK_ATTRIBUTE_TYPE = 512; +pub const CKA_AUTH_PIN_FLAGS: CK_ATTRIBUTE_TYPE = 513; +pub const CKA_ALWAYS_AUTHENTICATE: CK_ATTRIBUTE_TYPE = 514; +pub const CKA_WRAP_WITH_TRUSTED: CK_ATTRIBUTE_TYPE = 528; +pub const CKA_WRAP_TEMPLATE: CK_ATTRIBUTE_TYPE = 1073742353; +pub const CKA_UNWRAP_TEMPLATE: CK_ATTRIBUTE_TYPE = 1073742354; +pub const CKA_DERIVE_TEMPLATE: CK_ATTRIBUTE_TYPE = 1073742355; +pub const CKA_OTP_FORMAT: CK_ATTRIBUTE_TYPE = 544; +pub const CKA_OTP_LENGTH: CK_ATTRIBUTE_TYPE = 545; +pub const CKA_OTP_TIME_INTERVAL: CK_ATTRIBUTE_TYPE = 546; +pub const CKA_OTP_USER_FRIENDLY_MODE: CK_ATTRIBUTE_TYPE = 547; +pub const CKA_OTP_CHALLENGE_REQUIREMENT: CK_ATTRIBUTE_TYPE = 548; +pub const CKA_OTP_TIME_REQUIREMENT: CK_ATTRIBUTE_TYPE = 549; +pub const CKA_OTP_COUNTER_REQUIREMENT: CK_ATTRIBUTE_TYPE = 550; +pub const CKA_OTP_PIN_REQUIREMENT: CK_ATTRIBUTE_TYPE = 551; +pub const CKA_OTP_COUNTER: CK_ATTRIBUTE_TYPE = 558; +pub const CKA_OTP_TIME: CK_ATTRIBUTE_TYPE = 559; +pub const CKA_OTP_USER_IDENTIFIER: CK_ATTRIBUTE_TYPE = 554; +pub const CKA_OTP_SERVICE_IDENTIFIER: CK_ATTRIBUTE_TYPE = 555; +pub const CKA_OTP_SERVICE_LOGO: CK_ATTRIBUTE_TYPE = 556; +pub const CKA_OTP_SERVICE_LOGO_TYPE: CK_ATTRIBUTE_TYPE = 557; +pub const CKA_GOSTR3410_PARAMS: CK_ATTRIBUTE_TYPE = 592; +pub const CKA_GOSTR3411_PARAMS: CK_ATTRIBUTE_TYPE = 593; +pub const CKA_GOST28147_PARAMS: CK_ATTRIBUTE_TYPE = 594; +pub const CKA_HW_FEATURE_TYPE: CK_ATTRIBUTE_TYPE = 768; +pub const CKA_RESET_ON_INIT: CK_ATTRIBUTE_TYPE = 769; +pub const CKA_HAS_RESET: CK_ATTRIBUTE_TYPE = 770; +pub const CKA_PIXEL_X: CK_ATTRIBUTE_TYPE = 1024; +pub const CKA_PIXEL_Y: CK_ATTRIBUTE_TYPE = 1025; +pub const CKA_RESOLUTION: CK_ATTRIBUTE_TYPE = 1026; +pub const CKA_CHAR_ROWS: CK_ATTRIBUTE_TYPE = 1027; +pub const CKA_CHAR_COLUMNS: CK_ATTRIBUTE_TYPE = 1028; +pub const CKA_COLOR: CK_ATTRIBUTE_TYPE = 1029; +pub const CKA_BITS_PER_PIXEL: CK_ATTRIBUTE_TYPE = 1030; +pub const CKA_CHAR_SETS: CK_ATTRIBUTE_TYPE = 1152; +pub const CKA_ENCODING_METHODS: CK_ATTRIBUTE_TYPE = 1153; +pub const CKA_MIME_TYPES: CK_ATTRIBUTE_TYPE = 1154; +pub const CKA_MECHANISM_TYPE: CK_ATTRIBUTE_TYPE = 1280; +pub const CKA_REQUIRED_CMS_ATTRIBUTES: CK_ATTRIBUTE_TYPE = 1281; +pub const CKA_DEFAULT_CMS_ATTRIBUTES: CK_ATTRIBUTE_TYPE = 1282; +pub const CKA_SUPPORTED_CMS_ATTRIBUTES: CK_ATTRIBUTE_TYPE = 1283; +pub const CKA_ALLOWED_MECHANISMS: CK_ATTRIBUTE_TYPE = 1073743360; +pub const CKA_PROFILE_ID: CK_ATTRIBUTE_TYPE = 1537; +pub const CKA_X2RATCHET_BAG: CK_ATTRIBUTE_TYPE = 1538; +pub const CKA_X2RATCHET_BAGSIZE: CK_ATTRIBUTE_TYPE = 1539; +pub const CKA_X2RATCHET_BOBS1STMSG: CK_ATTRIBUTE_TYPE = 1540; +pub const CKA_X2RATCHET_CKR: CK_ATTRIBUTE_TYPE = 1541; +pub const CKA_X2RATCHET_CKS: CK_ATTRIBUTE_TYPE = 1542; +pub const CKA_X2RATCHET_DHP: CK_ATTRIBUTE_TYPE = 1543; +pub const CKA_X2RATCHET_DHR: CK_ATTRIBUTE_TYPE = 1544; +pub const CKA_X2RATCHET_DHS: CK_ATTRIBUTE_TYPE = 1545; +pub const CKA_X2RATCHET_HKR: CK_ATTRIBUTE_TYPE = 1546; +pub const CKA_X2RATCHET_HKS: CK_ATTRIBUTE_TYPE = 1547; +pub const CKA_X2RATCHET_ISALICE: CK_ATTRIBUTE_TYPE = 1548; +pub const CKA_X2RATCHET_NHKR: CK_ATTRIBUTE_TYPE = 1549; +pub const CKA_X2RATCHET_NHKS: CK_ATTRIBUTE_TYPE = 1550; +pub const CKA_X2RATCHET_NR: CK_ATTRIBUTE_TYPE = 1551; +pub const CKA_X2RATCHET_NS: CK_ATTRIBUTE_TYPE = 1552; +pub const CKA_X2RATCHET_PNS: CK_ATTRIBUTE_TYPE = 1553; +pub const CKA_X2RATCHET_RK: CK_ATTRIBUTE_TYPE = 1554; +pub const CKA_HSS_LEVELS: CK_ATTRIBUTE_TYPE = 1559; +pub const CKA_HSS_LMS_TYPE: CK_ATTRIBUTE_TYPE = 1560; +pub const CKA_HSS_LMOTS_TYPE: CK_ATTRIBUTE_TYPE = 1561; +pub const CKA_HSS_LMS_TYPES: CK_ATTRIBUTE_TYPE = 1562; +pub const CKA_HSS_LMOTS_TYPES: CK_ATTRIBUTE_TYPE = 1563; +pub const CKA_HSS_KEYS_REMAINING: CK_ATTRIBUTE_TYPE = 1564; +pub const CKA_VENDOR_DEFINED: CK_ATTRIBUTE_TYPE = 2147483648; +pub const CKM_RSA_PKCS_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 0; +pub const CKM_RSA_PKCS: CK_MECHANISM_TYPE = 1; +pub const CKM_RSA_9796: CK_MECHANISM_TYPE = 2; +pub const CKM_RSA_X_509: CK_MECHANISM_TYPE = 3; +pub const CKM_MD2_RSA_PKCS: CK_MECHANISM_TYPE = 4; +pub const CKM_MD5_RSA_PKCS: CK_MECHANISM_TYPE = 5; +pub const CKM_SHA1_RSA_PKCS: CK_MECHANISM_TYPE = 6; +pub const CKM_RIPEMD128_RSA_PKCS: CK_MECHANISM_TYPE = 7; +pub const CKM_RIPEMD160_RSA_PKCS: CK_MECHANISM_TYPE = 8; +pub const CKM_RSA_PKCS_OAEP: CK_MECHANISM_TYPE = 9; +pub const CKM_RSA_X9_31_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 10; +pub const CKM_RSA_X9_31: CK_MECHANISM_TYPE = 11; +pub const CKM_SHA1_RSA_X9_31: CK_MECHANISM_TYPE = 12; +pub const CKM_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 13; +pub const CKM_SHA1_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 14; +pub const CKM_DSA_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 16; +pub const CKM_DSA: CK_MECHANISM_TYPE = 17; +pub const CKM_DSA_SHA1: CK_MECHANISM_TYPE = 18; +pub const CKM_DSA_SHA224: CK_MECHANISM_TYPE = 19; +pub const CKM_DSA_SHA256: CK_MECHANISM_TYPE = 20; +pub const CKM_DSA_SHA384: CK_MECHANISM_TYPE = 21; +pub const CKM_DSA_SHA512: CK_MECHANISM_TYPE = 22; +pub const CKM_DSA_SHA3_224: CK_MECHANISM_TYPE = 24; +pub const CKM_DSA_SHA3_256: CK_MECHANISM_TYPE = 25; +pub const CKM_DSA_SHA3_384: CK_MECHANISM_TYPE = 26; +pub const CKM_DSA_SHA3_512: CK_MECHANISM_TYPE = 27; +pub const CKM_DH_PKCS_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 32; +pub const CKM_DH_PKCS_DERIVE: CK_MECHANISM_TYPE = 33; +pub const CKM_X9_42_DH_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 48; +pub const CKM_X9_42_DH_DERIVE: CK_MECHANISM_TYPE = 49; +pub const CKM_X9_42_DH_HYBRID_DERIVE: CK_MECHANISM_TYPE = 50; +pub const CKM_X9_42_MQV_DERIVE: CK_MECHANISM_TYPE = 51; +pub const CKM_SHA256_RSA_PKCS: CK_MECHANISM_TYPE = 64; +pub const CKM_SHA384_RSA_PKCS: CK_MECHANISM_TYPE = 65; +pub const CKM_SHA512_RSA_PKCS: CK_MECHANISM_TYPE = 66; +pub const CKM_SHA256_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 67; +pub const CKM_SHA384_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 68; +pub const CKM_SHA512_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 69; +pub const CKM_SHA224_RSA_PKCS: CK_MECHANISM_TYPE = 70; +pub const CKM_SHA224_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 71; +pub const CKM_SHA512_224: CK_MECHANISM_TYPE = 72; +pub const CKM_SHA512_224_HMAC: CK_MECHANISM_TYPE = 73; +pub const CKM_SHA512_224_HMAC_GENERAL: CK_MECHANISM_TYPE = 74; +pub const CKM_SHA512_224_KEY_DERIVATION: CK_MECHANISM_TYPE = 75; +pub const CKM_SHA512_256: CK_MECHANISM_TYPE = 76; +pub const CKM_SHA512_256_HMAC: CK_MECHANISM_TYPE = 77; +pub const CKM_SHA512_256_HMAC_GENERAL: CK_MECHANISM_TYPE = 78; +pub const CKM_SHA512_256_KEY_DERIVATION: CK_MECHANISM_TYPE = 79; +pub const CKM_SHA512_T: CK_MECHANISM_TYPE = 80; +pub const CKM_SHA512_T_HMAC: CK_MECHANISM_TYPE = 81; +pub const CKM_SHA512_T_HMAC_GENERAL: CK_MECHANISM_TYPE = 82; +pub const CKM_SHA512_T_KEY_DERIVATION: CK_MECHANISM_TYPE = 83; +pub const CKM_SHA3_256_RSA_PKCS: CK_MECHANISM_TYPE = 96; +pub const CKM_SHA3_384_RSA_PKCS: CK_MECHANISM_TYPE = 97; +pub const CKM_SHA3_512_RSA_PKCS: CK_MECHANISM_TYPE = 98; +pub const CKM_SHA3_256_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 99; +pub const CKM_SHA3_384_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 100; +pub const CKM_SHA3_512_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 101; +pub const CKM_SHA3_224_RSA_PKCS: CK_MECHANISM_TYPE = 102; +pub const CKM_SHA3_224_RSA_PKCS_PSS: CK_MECHANISM_TYPE = 103; +pub const CKM_RC2_KEY_GEN: CK_MECHANISM_TYPE = 256; +pub const CKM_RC2_ECB: CK_MECHANISM_TYPE = 257; +pub const CKM_RC2_CBC: CK_MECHANISM_TYPE = 258; +pub const CKM_RC2_MAC: CK_MECHANISM_TYPE = 259; +pub const CKM_RC2_MAC_GENERAL: CK_MECHANISM_TYPE = 260; +pub const CKM_RC2_CBC_PAD: CK_MECHANISM_TYPE = 261; +pub const CKM_RC4_KEY_GEN: CK_MECHANISM_TYPE = 272; +pub const CKM_RC4: CK_MECHANISM_TYPE = 273; +pub const CKM_DES_KEY_GEN: CK_MECHANISM_TYPE = 288; +pub const CKM_DES_ECB: CK_MECHANISM_TYPE = 289; +pub const CKM_DES_CBC: CK_MECHANISM_TYPE = 290; +pub const CKM_DES_MAC: CK_MECHANISM_TYPE = 291; +pub const CKM_DES_MAC_GENERAL: CK_MECHANISM_TYPE = 292; +pub const CKM_DES_CBC_PAD: CK_MECHANISM_TYPE = 293; +pub const CKM_DES2_KEY_GEN: CK_MECHANISM_TYPE = 304; +pub const CKM_DES3_KEY_GEN: CK_MECHANISM_TYPE = 305; +pub const CKM_DES3_ECB: CK_MECHANISM_TYPE = 306; +pub const CKM_DES3_CBC: CK_MECHANISM_TYPE = 307; +pub const CKM_DES3_MAC: CK_MECHANISM_TYPE = 308; +pub const CKM_DES3_MAC_GENERAL: CK_MECHANISM_TYPE = 309; +pub const CKM_DES3_CBC_PAD: CK_MECHANISM_TYPE = 310; +pub const CKM_DES3_CMAC_GENERAL: CK_MECHANISM_TYPE = 311; +pub const CKM_DES3_CMAC: CK_MECHANISM_TYPE = 312; +pub const CKM_CDMF_KEY_GEN: CK_MECHANISM_TYPE = 320; +pub const CKM_CDMF_ECB: CK_MECHANISM_TYPE = 321; +pub const CKM_CDMF_CBC: CK_MECHANISM_TYPE = 322; +pub const CKM_CDMF_MAC: CK_MECHANISM_TYPE = 323; +pub const CKM_CDMF_MAC_GENERAL: CK_MECHANISM_TYPE = 324; +pub const CKM_CDMF_CBC_PAD: CK_MECHANISM_TYPE = 325; +pub const CKM_DES_OFB64: CK_MECHANISM_TYPE = 336; +pub const CKM_DES_OFB8: CK_MECHANISM_TYPE = 337; +pub const CKM_DES_CFB64: CK_MECHANISM_TYPE = 338; +pub const CKM_DES_CFB8: CK_MECHANISM_TYPE = 339; +pub const CKM_MD2: CK_MECHANISM_TYPE = 512; +pub const CKM_MD2_HMAC: CK_MECHANISM_TYPE = 513; +pub const CKM_MD2_HMAC_GENERAL: CK_MECHANISM_TYPE = 514; +pub const CKM_MD5: CK_MECHANISM_TYPE = 528; +pub const CKM_MD5_HMAC: CK_MECHANISM_TYPE = 529; +pub const CKM_MD5_HMAC_GENERAL: CK_MECHANISM_TYPE = 530; +pub const CKM_SHA_1: CK_MECHANISM_TYPE = 544; +pub const CKM_SHA_1_HMAC: CK_MECHANISM_TYPE = 545; +pub const CKM_SHA_1_HMAC_GENERAL: CK_MECHANISM_TYPE = 546; +pub const CKM_RIPEMD128: CK_MECHANISM_TYPE = 560; +pub const CKM_RIPEMD128_HMAC: CK_MECHANISM_TYPE = 561; +pub const CKM_RIPEMD128_HMAC_GENERAL: CK_MECHANISM_TYPE = 562; +pub const CKM_RIPEMD160: CK_MECHANISM_TYPE = 576; +pub const CKM_RIPEMD160_HMAC: CK_MECHANISM_TYPE = 577; +pub const CKM_RIPEMD160_HMAC_GENERAL: CK_MECHANISM_TYPE = 578; +pub const CKM_SHA256: CK_MECHANISM_TYPE = 592; +pub const CKM_SHA256_HMAC: CK_MECHANISM_TYPE = 593; +pub const CKM_SHA256_HMAC_GENERAL: CK_MECHANISM_TYPE = 594; +pub const CKM_SHA224: CK_MECHANISM_TYPE = 597; +pub const CKM_SHA224_HMAC: CK_MECHANISM_TYPE = 598; +pub const CKM_SHA224_HMAC_GENERAL: CK_MECHANISM_TYPE = 599; +pub const CKM_SHA384: CK_MECHANISM_TYPE = 608; +pub const CKM_SHA384_HMAC: CK_MECHANISM_TYPE = 609; +pub const CKM_SHA384_HMAC_GENERAL: CK_MECHANISM_TYPE = 610; +pub const CKM_SHA512: CK_MECHANISM_TYPE = 624; +pub const CKM_SHA512_HMAC: CK_MECHANISM_TYPE = 625; +pub const CKM_SHA512_HMAC_GENERAL: CK_MECHANISM_TYPE = 626; +pub const CKM_SECURID_KEY_GEN: CK_MECHANISM_TYPE = 640; +pub const CKM_SECURID: CK_MECHANISM_TYPE = 642; +pub const CKM_HOTP_KEY_GEN: CK_MECHANISM_TYPE = 656; +pub const CKM_HOTP: CK_MECHANISM_TYPE = 657; +pub const CKM_ACTI: CK_MECHANISM_TYPE = 672; +pub const CKM_ACTI_KEY_GEN: CK_MECHANISM_TYPE = 673; +pub const CKM_SHA3_256: CK_MECHANISM_TYPE = 688; +pub const CKM_SHA3_256_HMAC: CK_MECHANISM_TYPE = 689; +pub const CKM_SHA3_256_HMAC_GENERAL: CK_MECHANISM_TYPE = 690; +pub const CKM_SHA3_256_KEY_GEN: CK_MECHANISM_TYPE = 691; +pub const CKM_SHA3_224: CK_MECHANISM_TYPE = 693; +pub const CKM_SHA3_224_HMAC: CK_MECHANISM_TYPE = 694; +pub const CKM_SHA3_224_HMAC_GENERAL: CK_MECHANISM_TYPE = 695; +pub const CKM_SHA3_224_KEY_GEN: CK_MECHANISM_TYPE = 696; +pub const CKM_SHA3_384: CK_MECHANISM_TYPE = 704; +pub const CKM_SHA3_384_HMAC: CK_MECHANISM_TYPE = 705; +pub const CKM_SHA3_384_HMAC_GENERAL: CK_MECHANISM_TYPE = 706; +pub const CKM_SHA3_384_KEY_GEN: CK_MECHANISM_TYPE = 707; +pub const CKM_SHA3_512: CK_MECHANISM_TYPE = 720; +pub const CKM_SHA3_512_HMAC: CK_MECHANISM_TYPE = 721; +pub const CKM_SHA3_512_HMAC_GENERAL: CK_MECHANISM_TYPE = 722; +pub const CKM_SHA3_512_KEY_GEN: CK_MECHANISM_TYPE = 723; +pub const CKM_CAST_KEY_GEN: CK_MECHANISM_TYPE = 768; +pub const CKM_CAST_ECB: CK_MECHANISM_TYPE = 769; +pub const CKM_CAST_CBC: CK_MECHANISM_TYPE = 770; +pub const CKM_CAST_MAC: CK_MECHANISM_TYPE = 771; +pub const CKM_CAST_MAC_GENERAL: CK_MECHANISM_TYPE = 772; +pub const CKM_CAST_CBC_PAD: CK_MECHANISM_TYPE = 773; +pub const CKM_CAST3_KEY_GEN: CK_MECHANISM_TYPE = 784; +pub const CKM_CAST3_ECB: CK_MECHANISM_TYPE = 785; +pub const CKM_CAST3_CBC: CK_MECHANISM_TYPE = 786; +pub const CKM_CAST3_MAC: CK_MECHANISM_TYPE = 787; +pub const CKM_CAST3_MAC_GENERAL: CK_MECHANISM_TYPE = 788; +pub const CKM_CAST3_CBC_PAD: CK_MECHANISM_TYPE = 789; +pub const CKM_CAST5_KEY_GEN: CK_MECHANISM_TYPE = 800; +pub const CKM_CAST128_KEY_GEN: CK_MECHANISM_TYPE = 800; +pub const CKM_CAST5_ECB: CK_MECHANISM_TYPE = 801; +pub const CKM_CAST128_ECB: CK_MECHANISM_TYPE = 801; +pub const CKM_CAST5_CBC: CK_MECHANISM_TYPE = 802; +pub const CKM_CAST128_CBC: CK_MECHANISM_TYPE = 802; +pub const CKM_CAST5_MAC: CK_MECHANISM_TYPE = 803; +pub const CKM_CAST128_MAC: CK_MECHANISM_TYPE = 803; +pub const CKM_CAST5_MAC_GENERAL: CK_MECHANISM_TYPE = 804; +pub const CKM_CAST128_MAC_GENERAL: CK_MECHANISM_TYPE = 804; +pub const CKM_CAST5_CBC_PAD: CK_MECHANISM_TYPE = 805; +pub const CKM_CAST128_CBC_PAD: CK_MECHANISM_TYPE = 805; +pub const CKM_RC5_KEY_GEN: CK_MECHANISM_TYPE = 816; +pub const CKM_RC5_ECB: CK_MECHANISM_TYPE = 817; +pub const CKM_RC5_CBC: CK_MECHANISM_TYPE = 818; +pub const CKM_RC5_MAC: CK_MECHANISM_TYPE = 819; +pub const CKM_RC5_MAC_GENERAL: CK_MECHANISM_TYPE = 820; +pub const CKM_RC5_CBC_PAD: CK_MECHANISM_TYPE = 821; +pub const CKM_IDEA_KEY_GEN: CK_MECHANISM_TYPE = 832; +pub const CKM_IDEA_ECB: CK_MECHANISM_TYPE = 833; +pub const CKM_IDEA_CBC: CK_MECHANISM_TYPE = 834; +pub const CKM_IDEA_MAC: CK_MECHANISM_TYPE = 835; +pub const CKM_IDEA_MAC_GENERAL: CK_MECHANISM_TYPE = 836; +pub const CKM_IDEA_CBC_PAD: CK_MECHANISM_TYPE = 837; +pub const CKM_GENERIC_SECRET_KEY_GEN: CK_MECHANISM_TYPE = 848; +pub const CKM_CONCATENATE_BASE_AND_KEY: CK_MECHANISM_TYPE = 864; +pub const CKM_CONCATENATE_BASE_AND_DATA: CK_MECHANISM_TYPE = 866; +pub const CKM_CONCATENATE_DATA_AND_BASE: CK_MECHANISM_TYPE = 867; +pub const CKM_XOR_BASE_AND_DATA: CK_MECHANISM_TYPE = 868; +pub const CKM_EXTRACT_KEY_FROM_KEY: CK_MECHANISM_TYPE = 869; +pub const CKM_SSL3_PRE_MASTER_KEY_GEN: CK_MECHANISM_TYPE = 880; +pub const CKM_SSL3_MASTER_KEY_DERIVE: CK_MECHANISM_TYPE = 881; +pub const CKM_SSL3_KEY_AND_MAC_DERIVE: CK_MECHANISM_TYPE = 882; +pub const CKM_SSL3_MASTER_KEY_DERIVE_DH: CK_MECHANISM_TYPE = 883; +pub const CKM_TLS_PRE_MASTER_KEY_GEN: CK_MECHANISM_TYPE = 884; +pub const CKM_TLS_MASTER_KEY_DERIVE: CK_MECHANISM_TYPE = 885; +pub const CKM_TLS_KEY_AND_MAC_DERIVE: CK_MECHANISM_TYPE = 886; +pub const CKM_TLS_MASTER_KEY_DERIVE_DH: CK_MECHANISM_TYPE = 887; +pub const CKM_TLS_PRF: CK_MECHANISM_TYPE = 888; +pub const CKM_SSL3_MD5_MAC: CK_MECHANISM_TYPE = 896; +pub const CKM_SSL3_SHA1_MAC: CK_MECHANISM_TYPE = 897; +pub const CKM_MD5_KEY_DERIVATION: CK_MECHANISM_TYPE = 912; +pub const CKM_MD2_KEY_DERIVATION: CK_MECHANISM_TYPE = 913; +pub const CKM_SHA1_KEY_DERIVATION: CK_MECHANISM_TYPE = 914; +pub const CKM_SHA256_KEY_DERIVATION: CK_MECHANISM_TYPE = 915; +pub const CKM_SHA384_KEY_DERIVATION: CK_MECHANISM_TYPE = 916; +pub const CKM_SHA512_KEY_DERIVATION: CK_MECHANISM_TYPE = 917; +pub const CKM_SHA224_KEY_DERIVATION: CK_MECHANISM_TYPE = 918; +pub const CKM_SHA3_256_KEY_DERIVATION: CK_MECHANISM_TYPE = 919; +pub const CKM_SHA3_224_KEY_DERIVATION: CK_MECHANISM_TYPE = 920; +pub const CKM_SHA3_384_KEY_DERIVATION: CK_MECHANISM_TYPE = 921; +pub const CKM_SHA3_512_KEY_DERIVATION: CK_MECHANISM_TYPE = 922; +pub const CKM_SHAKE_128_KEY_DERIVATION: CK_MECHANISM_TYPE = 923; +pub const CKM_SHAKE_256_KEY_DERIVATION: CK_MECHANISM_TYPE = 924; +pub const CKM_SHA3_256_KEY_DERIVE: CK_MECHANISM_TYPE = 919; +pub const CKM_SHA3_224_KEY_DERIVE: CK_MECHANISM_TYPE = 920; +pub const CKM_SHA3_384_KEY_DERIVE: CK_MECHANISM_TYPE = 921; +pub const CKM_SHA3_512_KEY_DERIVE: CK_MECHANISM_TYPE = 922; +pub const CKM_SHAKE_128_KEY_DERIVE: CK_MECHANISM_TYPE = 923; +pub const CKM_SHAKE_256_KEY_DERIVE: CK_MECHANISM_TYPE = 924; +pub const CKM_PBE_MD2_DES_CBC: CK_MECHANISM_TYPE = 928; +pub const CKM_PBE_MD5_DES_CBC: CK_MECHANISM_TYPE = 929; +pub const CKM_PBE_MD5_CAST_CBC: CK_MECHANISM_TYPE = 930; +pub const CKM_PBE_MD5_CAST3_CBC: CK_MECHANISM_TYPE = 931; +pub const CKM_PBE_MD5_CAST5_CBC: CK_MECHANISM_TYPE = 932; +pub const CKM_PBE_MD5_CAST128_CBC: CK_MECHANISM_TYPE = 932; +pub const CKM_PBE_SHA1_CAST5_CBC: CK_MECHANISM_TYPE = 933; +pub const CKM_PBE_SHA1_CAST128_CBC: CK_MECHANISM_TYPE = 933; +pub const CKM_PBE_SHA1_RC4_128: CK_MECHANISM_TYPE = 934; +pub const CKM_PBE_SHA1_RC4_40: CK_MECHANISM_TYPE = 935; +pub const CKM_PBE_SHA1_DES3_EDE_CBC: CK_MECHANISM_TYPE = 936; +pub const CKM_PBE_SHA1_DES2_EDE_CBC: CK_MECHANISM_TYPE = 937; +pub const CKM_PBE_SHA1_RC2_128_CBC: CK_MECHANISM_TYPE = 938; +pub const CKM_PBE_SHA1_RC2_40_CBC: CK_MECHANISM_TYPE = 939; +pub const CKM_PKCS5_PBKD2: CK_MECHANISM_TYPE = 944; +pub const CKM_PBA_SHA1_WITH_SHA1_HMAC: CK_MECHANISM_TYPE = 960; +pub const CKM_WTLS_PRE_MASTER_KEY_GEN: CK_MECHANISM_TYPE = 976; +pub const CKM_WTLS_MASTER_KEY_DERIVE: CK_MECHANISM_TYPE = 977; +pub const CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC: CK_MECHANISM_TYPE = 978; +pub const CKM_WTLS_PRF: CK_MECHANISM_TYPE = 979; +pub const CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE: CK_MECHANISM_TYPE = 980; +pub const CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE: CK_MECHANISM_TYPE = 981; +pub const CKM_TLS10_MAC_SERVER: CK_MECHANISM_TYPE = 982; +pub const CKM_TLS10_MAC_CLIENT: CK_MECHANISM_TYPE = 983; +pub const CKM_TLS12_MAC: CK_MECHANISM_TYPE = 984; +pub const CKM_TLS12_KDF: CK_MECHANISM_TYPE = 985; +pub const CKM_TLS12_MASTER_KEY_DERIVE: CK_MECHANISM_TYPE = 992; +pub const CKM_TLS12_KEY_AND_MAC_DERIVE: CK_MECHANISM_TYPE = 993; +pub const CKM_TLS12_MASTER_KEY_DERIVE_DH: CK_MECHANISM_TYPE = 994; +pub const CKM_TLS12_KEY_SAFE_DERIVE: CK_MECHANISM_TYPE = 995; +pub const CKM_TLS_MAC: CK_MECHANISM_TYPE = 996; +pub const CKM_TLS_KDF: CK_MECHANISM_TYPE = 997; +pub const CKM_KEY_WRAP_LYNKS: CK_MECHANISM_TYPE = 1024; +pub const CKM_KEY_WRAP_SET_OAEP: CK_MECHANISM_TYPE = 1025; +pub const CKM_CMS_SIG: CK_MECHANISM_TYPE = 1280; +pub const CKM_KIP_DERIVE: CK_MECHANISM_TYPE = 1296; +pub const CKM_KIP_WRAP: CK_MECHANISM_TYPE = 1297; +pub const CKM_KIP_MAC: CK_MECHANISM_TYPE = 1298; +pub const CKM_CAMELLIA_KEY_GEN: CK_MECHANISM_TYPE = 1360; +pub const CKM_CAMELLIA_ECB: CK_MECHANISM_TYPE = 1361; +pub const CKM_CAMELLIA_CBC: CK_MECHANISM_TYPE = 1362; +pub const CKM_CAMELLIA_MAC: CK_MECHANISM_TYPE = 1363; +pub const CKM_CAMELLIA_MAC_GENERAL: CK_MECHANISM_TYPE = 1364; +pub const CKM_CAMELLIA_CBC_PAD: CK_MECHANISM_TYPE = 1365; +pub const CKM_CAMELLIA_ECB_ENCRYPT_DATA: CK_MECHANISM_TYPE = 1366; +pub const CKM_CAMELLIA_CBC_ENCRYPT_DATA: CK_MECHANISM_TYPE = 1367; +pub const CKM_CAMELLIA_CTR: CK_MECHANISM_TYPE = 1368; +pub const CKM_ARIA_KEY_GEN: CK_MECHANISM_TYPE = 1376; +pub const CKM_ARIA_ECB: CK_MECHANISM_TYPE = 1377; +pub const CKM_ARIA_CBC: CK_MECHANISM_TYPE = 1378; +pub const CKM_ARIA_MAC: CK_MECHANISM_TYPE = 1379; +pub const CKM_ARIA_MAC_GENERAL: CK_MECHANISM_TYPE = 1380; +pub const CKM_ARIA_CBC_PAD: CK_MECHANISM_TYPE = 1381; +pub const CKM_ARIA_ECB_ENCRYPT_DATA: CK_MECHANISM_TYPE = 1382; +pub const CKM_ARIA_CBC_ENCRYPT_DATA: CK_MECHANISM_TYPE = 1383; +pub const CKM_SEED_KEY_GEN: CK_MECHANISM_TYPE = 1616; +pub const CKM_SEED_ECB: CK_MECHANISM_TYPE = 1617; +pub const CKM_SEED_CBC: CK_MECHANISM_TYPE = 1618; +pub const CKM_SEED_MAC: CK_MECHANISM_TYPE = 1619; +pub const CKM_SEED_MAC_GENERAL: CK_MECHANISM_TYPE = 1620; +pub const CKM_SEED_CBC_PAD: CK_MECHANISM_TYPE = 1621; +pub const CKM_SEED_ECB_ENCRYPT_DATA: CK_MECHANISM_TYPE = 1622; +pub const CKM_SEED_CBC_ENCRYPT_DATA: CK_MECHANISM_TYPE = 1623; +pub const CKM_SKIPJACK_KEY_GEN: CK_MECHANISM_TYPE = 4096; +pub const CKM_SKIPJACK_ECB64: CK_MECHANISM_TYPE = 4097; +pub const CKM_SKIPJACK_CBC64: CK_MECHANISM_TYPE = 4098; +pub const CKM_SKIPJACK_OFB64: CK_MECHANISM_TYPE = 4099; +pub const CKM_SKIPJACK_CFB64: CK_MECHANISM_TYPE = 4100; +pub const CKM_SKIPJACK_CFB32: CK_MECHANISM_TYPE = 4101; +pub const CKM_SKIPJACK_CFB16: CK_MECHANISM_TYPE = 4102; +pub const CKM_SKIPJACK_CFB8: CK_MECHANISM_TYPE = 4103; +pub const CKM_SKIPJACK_WRAP: CK_MECHANISM_TYPE = 4104; +pub const CKM_SKIPJACK_PRIVATE_WRAP: CK_MECHANISM_TYPE = 4105; +pub const CKM_SKIPJACK_RELAYX: CK_MECHANISM_TYPE = 4106; +pub const CKM_KEA_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 4112; +pub const CKM_KEA_KEY_DERIVE: CK_MECHANISM_TYPE = 4113; +pub const CKM_KEA_DERIVE: CK_MECHANISM_TYPE = 4114; +pub const CKM_FORTEZZA_TIMESTAMP: CK_MECHANISM_TYPE = 4128; +pub const CKM_BATON_KEY_GEN: CK_MECHANISM_TYPE = 4144; +pub const CKM_BATON_ECB128: CK_MECHANISM_TYPE = 4145; +pub const CKM_BATON_ECB96: CK_MECHANISM_TYPE = 4146; +pub const CKM_BATON_CBC128: CK_MECHANISM_TYPE = 4147; +pub const CKM_BATON_COUNTER: CK_MECHANISM_TYPE = 4148; +pub const CKM_BATON_SHUFFLE: CK_MECHANISM_TYPE = 4149; +pub const CKM_BATON_WRAP: CK_MECHANISM_TYPE = 4150; +pub const CKM_ECDSA_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 4160; +pub const CKM_EC_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 4160; +pub const CKM_ECDSA: CK_MECHANISM_TYPE = 4161; +pub const CKM_ECDSA_SHA1: CK_MECHANISM_TYPE = 4162; +pub const CKM_ECDSA_SHA224: CK_MECHANISM_TYPE = 4163; +pub const CKM_ECDSA_SHA256: CK_MECHANISM_TYPE = 4164; +pub const CKM_ECDSA_SHA384: CK_MECHANISM_TYPE = 4165; +pub const CKM_ECDSA_SHA512: CK_MECHANISM_TYPE = 4166; +pub const CKM_EC_KEY_PAIR_GEN_W_EXTRA_BITS: CK_MECHANISM_TYPE = 5131; +pub const CKM_ECDH1_DERIVE: CK_MECHANISM_TYPE = 4176; +pub const CKM_ECDH1_COFACTOR_DERIVE: CK_MECHANISM_TYPE = 4177; +pub const CKM_ECMQV_DERIVE: CK_MECHANISM_TYPE = 4178; +pub const CKM_ECDH_AES_KEY_WRAP: CK_MECHANISM_TYPE = 4179; +pub const CKM_RSA_AES_KEY_WRAP: CK_MECHANISM_TYPE = 4180; +pub const CKM_JUNIPER_KEY_GEN: CK_MECHANISM_TYPE = 4192; +pub const CKM_JUNIPER_ECB128: CK_MECHANISM_TYPE = 4193; +pub const CKM_JUNIPER_CBC128: CK_MECHANISM_TYPE = 4194; +pub const CKM_JUNIPER_COUNTER: CK_MECHANISM_TYPE = 4195; +pub const CKM_JUNIPER_SHUFFLE: CK_MECHANISM_TYPE = 4196; +pub const CKM_JUNIPER_WRAP: CK_MECHANISM_TYPE = 4197; +pub const CKM_FASTHASH: CK_MECHANISM_TYPE = 4208; +pub const CKM_AES_XTS: CK_MECHANISM_TYPE = 4209; +pub const CKM_AES_XTS_KEY_GEN: CK_MECHANISM_TYPE = 4210; +pub const CKM_AES_KEY_GEN: CK_MECHANISM_TYPE = 4224; +pub const CKM_AES_ECB: CK_MECHANISM_TYPE = 4225; +pub const CKM_AES_CBC: CK_MECHANISM_TYPE = 4226; +pub const CKM_AES_MAC: CK_MECHANISM_TYPE = 4227; +pub const CKM_AES_MAC_GENERAL: CK_MECHANISM_TYPE = 4228; +pub const CKM_AES_CBC_PAD: CK_MECHANISM_TYPE = 4229; +pub const CKM_AES_CTR: CK_MECHANISM_TYPE = 4230; +pub const CKM_AES_GCM: CK_MECHANISM_TYPE = 4231; +pub const CKM_AES_CCM: CK_MECHANISM_TYPE = 4232; +pub const CKM_AES_CTS: CK_MECHANISM_TYPE = 4233; +pub const CKM_AES_CMAC: CK_MECHANISM_TYPE = 4234; +pub const CKM_AES_CMAC_GENERAL: CK_MECHANISM_TYPE = 4235; +pub const CKM_AES_XCBC_MAC: CK_MECHANISM_TYPE = 4236; +pub const CKM_AES_XCBC_MAC_96: CK_MECHANISM_TYPE = 4237; +pub const CKM_AES_GMAC: CK_MECHANISM_TYPE = 4238; +pub const CKM_BLOWFISH_KEY_GEN: CK_MECHANISM_TYPE = 4240; +pub const CKM_BLOWFISH_CBC: CK_MECHANISM_TYPE = 4241; +pub const CKM_TWOFISH_KEY_GEN: CK_MECHANISM_TYPE = 4242; +pub const CKM_TWOFISH_CBC: CK_MECHANISM_TYPE = 4243; +pub const CKM_BLOWFISH_CBC_PAD: CK_MECHANISM_TYPE = 4244; +pub const CKM_TWOFISH_CBC_PAD: CK_MECHANISM_TYPE = 4245; +pub const CKM_DES_ECB_ENCRYPT_DATA: CK_MECHANISM_TYPE = 4352; +pub const CKM_DES_CBC_ENCRYPT_DATA: CK_MECHANISM_TYPE = 4353; +pub const CKM_DES3_ECB_ENCRYPT_DATA: CK_MECHANISM_TYPE = 4354; +pub const CKM_DES3_CBC_ENCRYPT_DATA: CK_MECHANISM_TYPE = 4355; +pub const CKM_AES_ECB_ENCRYPT_DATA: CK_MECHANISM_TYPE = 4356; +pub const CKM_AES_CBC_ENCRYPT_DATA: CK_MECHANISM_TYPE = 4357; +pub const CKM_GOSTR3410_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 4608; +pub const CKM_GOSTR3410: CK_MECHANISM_TYPE = 4609; +pub const CKM_GOSTR3410_WITH_GOSTR3411: CK_MECHANISM_TYPE = 4610; +pub const CKM_GOSTR3410_KEY_WRAP: CK_MECHANISM_TYPE = 4611; +pub const CKM_GOSTR3410_DERIVE: CK_MECHANISM_TYPE = 4612; +pub const CKM_GOSTR3411: CK_MECHANISM_TYPE = 4624; +pub const CKM_GOSTR3411_HMAC: CK_MECHANISM_TYPE = 4625; +pub const CKM_GOST28147_KEY_GEN: CK_MECHANISM_TYPE = 4640; +pub const CKM_GOST28147_ECB: CK_MECHANISM_TYPE = 4641; +pub const CKM_GOST28147: CK_MECHANISM_TYPE = 4642; +pub const CKM_GOST28147_MAC: CK_MECHANISM_TYPE = 4643; +pub const CKM_GOST28147_KEY_WRAP: CK_MECHANISM_TYPE = 4644; +pub const CKM_CHACHA20_KEY_GEN: CK_MECHANISM_TYPE = 4645; +pub const CKM_CHACHA20: CK_MECHANISM_TYPE = 4646; +pub const CKM_POLY1305_KEY_GEN: CK_MECHANISM_TYPE = 4647; +pub const CKM_POLY1305: CK_MECHANISM_TYPE = 4648; +pub const CKM_DSA_PARAMETER_GEN: CK_MECHANISM_TYPE = 8192; +pub const CKM_DH_PKCS_PARAMETER_GEN: CK_MECHANISM_TYPE = 8193; +pub const CKM_X9_42_DH_PARAMETER_GEN: CK_MECHANISM_TYPE = 8194; +pub const CKM_DSA_PROBABILISTIC_PARAMETER_GEN: CK_MECHANISM_TYPE = 8195; +pub const CKM_DSA_PROBABLISTIC_PARAMETER_GEN: CK_MECHANISM_TYPE = 8195; +pub const CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN: CK_MECHANISM_TYPE = 8196; +pub const CKM_DSA_FIPS_G_GEN: CK_MECHANISM_TYPE = 8197; +pub const CKM_AES_OFB: CK_MECHANISM_TYPE = 8452; +pub const CKM_AES_CFB64: CK_MECHANISM_TYPE = 8453; +pub const CKM_AES_CFB8: CK_MECHANISM_TYPE = 8454; +pub const CKM_AES_CFB128: CK_MECHANISM_TYPE = 8455; +pub const CKM_AES_CFB1: CK_MECHANISM_TYPE = 8456; +pub const CKM_AES_KEY_WRAP: CK_MECHANISM_TYPE = 8457; +pub const CKM_AES_KEY_WRAP_PAD: CK_MECHANISM_TYPE = 8458; +pub const CKM_AES_KEY_WRAP_KWP: CK_MECHANISM_TYPE = 8459; +pub const CKM_AES_KEY_WRAP_PKCS7: CK_MECHANISM_TYPE = 8460; +pub const CKM_RSA_PKCS_TPM_1_1: CK_MECHANISM_TYPE = 16385; +pub const CKM_RSA_PKCS_OAEP_TPM_1_1: CK_MECHANISM_TYPE = 16386; +pub const CKM_SHA_1_KEY_GEN: CK_MECHANISM_TYPE = 16387; +pub const CKM_SHA224_KEY_GEN: CK_MECHANISM_TYPE = 16388; +pub const CKM_SHA256_KEY_GEN: CK_MECHANISM_TYPE = 16389; +pub const CKM_SHA384_KEY_GEN: CK_MECHANISM_TYPE = 16390; +pub const CKM_SHA512_KEY_GEN: CK_MECHANISM_TYPE = 16391; +pub const CKM_SHA512_224_KEY_GEN: CK_MECHANISM_TYPE = 16392; +pub const CKM_SHA512_256_KEY_GEN: CK_MECHANISM_TYPE = 16393; +pub const CKM_SHA512_T_KEY_GEN: CK_MECHANISM_TYPE = 16394; +pub const CKM_NULL: CK_MECHANISM_TYPE = 16395; +pub const CKM_BLAKE2B_160: CK_MECHANISM_TYPE = 16396; +pub const CKM_BLAKE2B_160_HMAC: CK_MECHANISM_TYPE = 16397; +pub const CKM_BLAKE2B_160_HMAC_GENERAL: CK_MECHANISM_TYPE = 16398; +pub const CKM_BLAKE2B_160_KEY_DERIVE: CK_MECHANISM_TYPE = 16399; +pub const CKM_BLAKE2B_160_KEY_GEN: CK_MECHANISM_TYPE = 16400; +pub const CKM_BLAKE2B_256: CK_MECHANISM_TYPE = 16401; +pub const CKM_BLAKE2B_256_HMAC: CK_MECHANISM_TYPE = 16402; +pub const CKM_BLAKE2B_256_HMAC_GENERAL: CK_MECHANISM_TYPE = 16403; +pub const CKM_BLAKE2B_256_KEY_DERIVE: CK_MECHANISM_TYPE = 16404; +pub const CKM_BLAKE2B_256_KEY_GEN: CK_MECHANISM_TYPE = 16405; +pub const CKM_BLAKE2B_384: CK_MECHANISM_TYPE = 16406; +pub const CKM_BLAKE2B_384_HMAC: CK_MECHANISM_TYPE = 16407; +pub const CKM_BLAKE2B_384_HMAC_GENERAL: CK_MECHANISM_TYPE = 16408; +pub const CKM_BLAKE2B_384_KEY_DERIVE: CK_MECHANISM_TYPE = 16409; +pub const CKM_BLAKE2B_384_KEY_GEN: CK_MECHANISM_TYPE = 16410; +pub const CKM_BLAKE2B_512: CK_MECHANISM_TYPE = 16411; +pub const CKM_BLAKE2B_512_HMAC: CK_MECHANISM_TYPE = 16412; +pub const CKM_BLAKE2B_512_HMAC_GENERAL: CK_MECHANISM_TYPE = 16413; +pub const CKM_BLAKE2B_512_KEY_DERIVE: CK_MECHANISM_TYPE = 16414; +pub const CKM_BLAKE2B_512_KEY_GEN: CK_MECHANISM_TYPE = 16415; +pub const CKM_SALSA20: CK_MECHANISM_TYPE = 16416; +pub const CKM_CHACHA20_POLY1305: CK_MECHANISM_TYPE = 16417; +pub const CKM_SALSA20_POLY1305: CK_MECHANISM_TYPE = 16418; +pub const CKM_X3DH_INITIALIZE: CK_MECHANISM_TYPE = 16419; +pub const CKM_X3DH_RESPOND: CK_MECHANISM_TYPE = 16420; +pub const CKM_X2RATCHET_INITIALIZE: CK_MECHANISM_TYPE = 16421; +pub const CKM_X2RATCHET_RESPOND: CK_MECHANISM_TYPE = 16422; +pub const CKM_X2RATCHET_ENCRYPT: CK_MECHANISM_TYPE = 16423; +pub const CKM_X2RATCHET_DECRYPT: CK_MECHANISM_TYPE = 16424; +pub const CKM_XEDDSA: CK_MECHANISM_TYPE = 16425; +pub const CKM_HKDF_DERIVE: CK_MECHANISM_TYPE = 16426; +pub const CKM_HKDF_DATA: CK_MECHANISM_TYPE = 16427; +pub const CKM_HKDF_KEY_GEN: CK_MECHANISM_TYPE = 16428; +pub const CKM_SALSA20_KEY_GEN: CK_MECHANISM_TYPE = 16429; +pub const CKM_ECDSA_SHA3_224: CK_MECHANISM_TYPE = 4167; +pub const CKM_ECDSA_SHA3_256: CK_MECHANISM_TYPE = 4168; +pub const CKM_ECDSA_SHA3_384: CK_MECHANISM_TYPE = 4169; +pub const CKM_ECDSA_SHA3_512: CK_MECHANISM_TYPE = 4170; +pub const CKM_EC_EDWARDS_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 4181; +pub const CKM_EC_MONTGOMERY_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 4182; +pub const CKM_EDDSA: CK_MECHANISM_TYPE = 4183; +pub const CKM_SP800_108_COUNTER_KDF: CK_MECHANISM_TYPE = 940; +pub const CKM_SP800_108_FEEDBACK_KDF: CK_MECHANISM_TYPE = 941; +pub const CKM_SP800_108_DOUBLE_PIPELINE_KDF: CK_MECHANISM_TYPE = 942; +pub const CKM_IKE2_PRF_PLUS_DERIVE: CK_MECHANISM_TYPE = 16430; +pub const CKM_IKE_PRF_DERIVE: CK_MECHANISM_TYPE = 16431; +pub const CKM_IKE1_PRF_DERIVE: CK_MECHANISM_TYPE = 16432; +pub const CKM_IKE1_EXTENDED_DERIVE: CK_MECHANISM_TYPE = 16433; +pub const CKM_HSS_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 16434; +pub const CKM_HSS: CK_MECHANISM_TYPE = 16435; +pub const CKM_VENDOR_DEFINED: CK_MECHANISM_TYPE = 2147483648; +pub const CKF_HW: CK_FLAGS = 1; +pub const CKF_MESSAGE_ENCRYPT: CK_FLAGS = 2; +pub const CKF_MESSAGE_DECRYPT: CK_FLAGS = 4; +pub const CKF_MESSAGE_SIGN: CK_FLAGS = 8; +pub const CKF_MESSAGE_VERIFY: CK_FLAGS = 16; +pub const CKF_MULTI_MESSAGE: CK_FLAGS = 32; +pub const CKF_MULTI_MESSGE: CK_FLAGS = 32; +pub const CKF_FIND_OBJECTS: CK_FLAGS = 64; +pub const CKF_ENCRYPT: CK_FLAGS = 256; +pub const CKF_DECRYPT: CK_FLAGS = 512; +pub const CKF_DIGEST: CK_FLAGS = 1024; +pub const CKF_SIGN: CK_FLAGS = 2048; +pub const CKF_SIGN_RECOVER: CK_FLAGS = 4096; +pub const CKF_VERIFY: CK_FLAGS = 8192; +pub const CKF_VERIFY_RECOVER: CK_FLAGS = 16384; +pub const CKF_GENERATE: CK_FLAGS = 32768; +pub const CKF_GENERATE_KEY_PAIR: CK_FLAGS = 65536; +pub const CKF_WRAP: CK_FLAGS = 131072; +pub const CKF_UNWRAP: CK_FLAGS = 262144; +pub const CKF_DERIVE: CK_FLAGS = 524288; +pub const CKF_EC_F_P: CK_FLAGS = 1048576; +pub const CKF_EC_F_2M: CK_FLAGS = 2097152; +pub const CKF_EC_ECPARAMETERS: CK_FLAGS = 4194304; +pub const CKF_EC_OID: CK_FLAGS = 8388608; +pub const CKF_EC_NAMEDCURVE: CK_FLAGS = 8388608; +pub const CKF_EC_UNCOMPRESS: CK_FLAGS = 16777216; +pub const CKF_EC_COMPRESS: CK_FLAGS = 33554432; +pub const CKF_EC_CURVENAME: CK_FLAGS = 67108864; +pub const CKF_EXTENSION: CK_FLAGS = 2147483648; +pub const CKR_OK: CK_RV = 0; +pub const CKR_CANCEL: CK_RV = 1; +pub const CKR_HOST_MEMORY: CK_RV = 2; +pub const CKR_SLOT_ID_INVALID: CK_RV = 3; +pub const CKR_GENERAL_ERROR: CK_RV = 5; +pub const CKR_FUNCTION_FAILED: CK_RV = 6; +pub const CKR_ARGUMENTS_BAD: CK_RV = 7; +pub const CKR_NO_EVENT: CK_RV = 8; +pub const CKR_NEED_TO_CREATE_THREADS: CK_RV = 9; +pub const CKR_CANT_LOCK: CK_RV = 10; +pub const CKR_ATTRIBUTE_READ_ONLY: CK_RV = 16; +pub const CKR_ATTRIBUTE_SENSITIVE: CK_RV = 17; +pub const CKR_ATTRIBUTE_TYPE_INVALID: CK_RV = 18; +pub const CKR_ATTRIBUTE_VALUE_INVALID: CK_RV = 19; +pub const CKR_ACTION_PROHIBITED: CK_RV = 27; +pub const CKR_DATA_INVALID: CK_RV = 32; +pub const CKR_DATA_LEN_RANGE: CK_RV = 33; +pub const CKR_DEVICE_ERROR: CK_RV = 48; +pub const CKR_DEVICE_MEMORY: CK_RV = 49; +pub const CKR_DEVICE_REMOVED: CK_RV = 50; +pub const CKR_ENCRYPTED_DATA_INVALID: CK_RV = 64; +pub const CKR_ENCRYPTED_DATA_LEN_RANGE: CK_RV = 65; +pub const CKR_AEAD_DECRYPT_FAILED: CK_RV = 66; +pub const CKR_FUNCTION_CANCELED: CK_RV = 80; +pub const CKR_FUNCTION_NOT_PARALLEL: CK_RV = 81; +pub const CKR_FUNCTION_NOT_SUPPORTED: CK_RV = 84; +pub const CKR_KEY_HANDLE_INVALID: CK_RV = 96; +pub const CKR_KEY_SIZE_RANGE: CK_RV = 98; +pub const CKR_KEY_TYPE_INCONSISTENT: CK_RV = 99; +pub const CKR_KEY_NOT_NEEDED: CK_RV = 100; +pub const CKR_KEY_CHANGED: CK_RV = 101; +pub const CKR_KEY_NEEDED: CK_RV = 102; +pub const CKR_KEY_INDIGESTIBLE: CK_RV = 103; +pub const CKR_KEY_FUNCTION_NOT_PERMITTED: CK_RV = 104; +pub const CKR_KEY_NOT_WRAPPABLE: CK_RV = 105; +pub const CKR_KEY_UNEXTRACTABLE: CK_RV = 106; +pub const CKR_MECHANISM_INVALID: CK_RV = 112; +pub const CKR_MECHANISM_PARAM_INVALID: CK_RV = 113; +pub const CKR_OBJECT_HANDLE_INVALID: CK_RV = 130; +pub const CKR_OPERATION_ACTIVE: CK_RV = 144; +pub const CKR_OPERATION_NOT_INITIALIZED: CK_RV = 145; +pub const CKR_PIN_INCORRECT: CK_RV = 160; +pub const CKR_PIN_INVALID: CK_RV = 161; +pub const CKR_PIN_LEN_RANGE: CK_RV = 162; +pub const CKR_PIN_EXPIRED: CK_RV = 163; +pub const CKR_PIN_LOCKED: CK_RV = 164; +pub const CKR_SESSION_CLOSED: CK_RV = 176; +pub const CKR_SESSION_COUNT: CK_RV = 177; +pub const CKR_SESSION_HANDLE_INVALID: CK_RV = 179; +pub const CKR_SESSION_PARALLEL_NOT_SUPPORTED: CK_RV = 180; +pub const CKR_SESSION_READ_ONLY: CK_RV = 181; +pub const CKR_SESSION_EXISTS: CK_RV = 182; +pub const CKR_SESSION_READ_ONLY_EXISTS: CK_RV = 183; +pub const CKR_SESSION_READ_WRITE_SO_EXISTS: CK_RV = 184; +pub const CKR_SIGNATURE_INVALID: CK_RV = 192; +pub const CKR_SIGNATURE_LEN_RANGE: CK_RV = 193; +pub const CKR_TEMPLATE_INCOMPLETE: CK_RV = 208; +pub const CKR_TEMPLATE_INCONSISTENT: CK_RV = 209; +pub const CKR_TOKEN_NOT_PRESENT: CK_RV = 224; +pub const CKR_TOKEN_NOT_RECOGNIZED: CK_RV = 225; +pub const CKR_TOKEN_WRITE_PROTECTED: CK_RV = 226; +pub const CKR_UNWRAPPING_KEY_HANDLE_INVALID: CK_RV = 240; +pub const CKR_UNWRAPPING_KEY_SIZE_RANGE: CK_RV = 241; +pub const CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT: CK_RV = 242; +pub const CKR_USER_ALREADY_LOGGED_IN: CK_RV = 256; +pub const CKR_USER_NOT_LOGGED_IN: CK_RV = 257; +pub const CKR_USER_PIN_NOT_INITIALIZED: CK_RV = 258; +pub const CKR_USER_TYPE_INVALID: CK_RV = 259; +pub const CKR_USER_ANOTHER_ALREADY_LOGGED_IN: CK_RV = 260; +pub const CKR_USER_TOO_MANY_TYPES: CK_RV = 261; +pub const CKR_WRAPPED_KEY_INVALID: CK_RV = 272; +pub const CKR_WRAPPED_KEY_LEN_RANGE: CK_RV = 274; +pub const CKR_WRAPPING_KEY_HANDLE_INVALID: CK_RV = 275; +pub const CKR_WRAPPING_KEY_SIZE_RANGE: CK_RV = 276; +pub const CKR_WRAPPING_KEY_TYPE_INCONSISTENT: CK_RV = 277; +pub const CKR_RANDOM_SEED_NOT_SUPPORTED: CK_RV = 288; +pub const CKR_RANDOM_NO_RNG: CK_RV = 289; +pub const CKR_DOMAIN_PARAMS_INVALID: CK_RV = 304; +pub const CKR_CURVE_NOT_SUPPORTED: CK_RV = 320; +pub const CKR_BUFFER_TOO_SMALL: CK_RV = 336; +pub const CKR_SAVED_STATE_INVALID: CK_RV = 352; +pub const CKR_INFORMATION_SENSITIVE: CK_RV = 368; +pub const CKR_STATE_UNSAVEABLE: CK_RV = 384; +pub const CKR_CRYPTOKI_NOT_INITIALIZED: CK_RV = 400; +pub const CKR_CRYPTOKI_ALREADY_INITIALIZED: CK_RV = 401; +pub const CKR_MUTEX_BAD: CK_RV = 416; +pub const CKR_MUTEX_NOT_LOCKED: CK_RV = 417; +pub const CKR_NEW_PIN_MODE: CK_RV = 432; +pub const CKR_NEXT_OTP: CK_RV = 433; +pub const CKR_EXCEEDED_MAX_ITERATIONS: CK_RV = 437; +pub const CKR_FIPS_SELF_TEST_FAILED: CK_RV = 438; +pub const CKR_LIBRARY_LOAD_FAILED: CK_RV = 439; +pub const CKR_PIN_TOO_WEAK: CK_RV = 440; +pub const CKR_PUBLIC_KEY_INVALID: CK_RV = 441; +pub const CKR_FUNCTION_REJECTED: CK_RV = 512; +pub const CKR_TOKEN_RESOURCE_EXCEEDED: CK_RV = 513; +pub const CKR_OPERATION_CANCEL_FAILED: CK_RV = 514; +pub const CKR_KEY_EXHAUSTED: CK_RV = 515; +pub const CKR_VENDOR_DEFINED: CK_RV = 2147483648; +pub const CKF_END_OF_MESSAGE: CK_FLAGS = 1; +pub const CKF_INTERFACE_FORK_SAFE: CK_FLAGS = 1; +pub const CKF_LIBRARY_CANT_CREATE_OS_THREADS: CK_FLAGS = 1; +pub const CKF_OS_LOCKING_OK: CK_FLAGS = 2; +pub const CKF_DONT_BLOCK: CK_FLAGS = 1; +pub const CKG_MGF1_SHA1: CK_RSA_PKCS_MGF_TYPE = 1; +pub const CKG_MGF1_SHA256: CK_RSA_PKCS_MGF_TYPE = 2; +pub const CKG_MGF1_SHA384: CK_RSA_PKCS_MGF_TYPE = 3; +pub const CKG_MGF1_SHA512: CK_RSA_PKCS_MGF_TYPE = 4; +pub const CKG_MGF1_SHA224: CK_RSA_PKCS_MGF_TYPE = 5; +pub const CKG_MGF1_SHA3_224: CK_RSA_PKCS_MGF_TYPE = 6; +pub const CKG_MGF1_SHA3_256: CK_RSA_PKCS_MGF_TYPE = 7; +pub const CKG_MGF1_SHA3_384: CK_RSA_PKCS_MGF_TYPE = 8; +pub const CKG_MGF1_SHA3_512: CK_RSA_PKCS_MGF_TYPE = 9; +pub const CKZ_DATA_SPECIFIED: CK_RSA_PKCS_OAEP_SOURCE_TYPE = 1; +pub const CKD_NULL: CK_EC_KDF_TYPE = 1; +pub const CKD_SHA1_KDF: CK_EC_KDF_TYPE = 2; +pub const CKD_SHA1_KDF_ASN1: CK_EC_KDF_TYPE = 3; +pub const CKD_SHA1_KDF_CONCATENATE: CK_EC_KDF_TYPE = 4; +pub const CKD_SHA224_KDF: CK_EC_KDF_TYPE = 5; +pub const CKD_SHA256_KDF: CK_EC_KDF_TYPE = 6; +pub const CKD_SHA384_KDF: CK_EC_KDF_TYPE = 7; +pub const CKD_SHA512_KDF: CK_EC_KDF_TYPE = 8; +pub const CKD_CPDIVERSIFY_KDF: CK_EC_KDF_TYPE = 9; +pub const CKD_SHA3_224_KDF: CK_EC_KDF_TYPE = 10; +pub const CKD_SHA3_256_KDF: CK_EC_KDF_TYPE = 11; +pub const CKD_SHA3_384_KDF: CK_EC_KDF_TYPE = 12; +pub const CKD_SHA3_512_KDF: CK_EC_KDF_TYPE = 13; +pub const CKD_SHA1_KDF_SP800: CK_EC_KDF_TYPE = 14; +pub const CKD_SHA224_KDF_SP800: CK_EC_KDF_TYPE = 15; +pub const CKD_SHA256_KDF_SP800: CK_EC_KDF_TYPE = 16; +pub const CKD_SHA384_KDF_SP800: CK_EC_KDF_TYPE = 17; +pub const CKD_SHA512_KDF_SP800: CK_EC_KDF_TYPE = 18; +pub const CKD_SHA3_224_KDF_SP800: CK_EC_KDF_TYPE = 19; +pub const CKD_SHA3_256_KDF_SP800: CK_EC_KDF_TYPE = 20; +pub const CKD_SHA3_384_KDF_SP800: CK_EC_KDF_TYPE = 21; +pub const CKD_SHA3_512_KDF_SP800: CK_EC_KDF_TYPE = 22; +pub const CKD_BLAKE2B_160_KDF: CK_EC_KDF_TYPE = 23; +pub const CKD_BLAKE2B_256_KDF: CK_EC_KDF_TYPE = 24; +pub const CKD_BLAKE2B_384_KDF: CK_EC_KDF_TYPE = 25; +pub const CKD_BLAKE2B_512_KDF: CK_EC_KDF_TYPE = 26; +pub const CKP_PKCS5_PBKD2_HMAC_SHA1: CK_PROFILE_ID = 1; +pub const CKP_PKCS5_PBKD2_HMAC_GOSTR3411: CK_PROFILE_ID = 2; +pub const CKP_PKCS5_PBKD2_HMAC_SHA224: CK_PROFILE_ID = 3; +pub const CKP_PKCS5_PBKD2_HMAC_SHA256: CK_PROFILE_ID = 4; +pub const CKP_PKCS5_PBKD2_HMAC_SHA384: CK_PROFILE_ID = 5; +pub const CKP_PKCS5_PBKD2_HMAC_SHA512: CK_PROFILE_ID = 6; +pub const CKP_PKCS5_PBKD2_HMAC_SHA512_224: CK_PROFILE_ID = 7; +pub const CKP_PKCS5_PBKD2_HMAC_SHA512_256: CK_PROFILE_ID = 8; +pub const CKZ_SALT_SPECIFIED: CK_RSA_PKCS_OAEP_SOURCE_TYPE = 1; +pub const CK_OTP_VALUE: CK_ULONG = 0; +pub const CK_OTP_PIN: CK_ULONG = 1; +pub const CK_OTP_CHALLENGE: CK_ULONG = 2; +pub const CK_OTP_TIME: CK_ULONG = 3; +pub const CK_OTP_COUNTER: CK_ULONG = 4; +pub const CK_OTP_FLAGS: CK_ULONG = 5; +pub const CK_OTP_OUTPUT_LENGTH: CK_ULONG = 6; +pub const CK_OTP_OUTPUT_FORMAT: CK_ULONG = 7; +pub const CKF_NEXT_OTP: CK_FLAGS = 1; +pub const CKF_EXCLUDE_TIME: CK_FLAGS = 2; +pub const CKF_EXCLUDE_COUNTER: CK_FLAGS = 4; +pub const CKF_EXCLUDE_CHALLENGE: CK_FLAGS = 8; +pub const CKF_EXCLUDE_PIN: CK_FLAGS = 16; +pub const CKF_USER_FRIENDLY_OTP: CK_FLAGS = 32; +pub const CKG_NO_GENERATE: CK_GENERATOR_FUNCTION = 0; +pub const CKG_GENERATE: CK_GENERATOR_FUNCTION = 1; +pub const CKG_GENERATE_COUNTER: CK_GENERATOR_FUNCTION = 2; +pub const CKG_GENERATE_RANDOM: CK_GENERATOR_FUNCTION = 3; +pub const CKG_GENERATE_COUNTER_XOR: CK_GENERATOR_FUNCTION = 4; +pub const CK_SP800_108_ITERATION_VARIABLE: CK_ULONG = 1; +pub const CK_SP800_108_OPTIONAL_COUNTER: CK_ULONG = 2; +pub const CK_SP800_108_DKM_LENGTH: CK_ULONG = 3; +pub const CK_SP800_108_BYTE_ARRAY: CK_ULONG = 4; +pub const CK_SP800_108_COUNTER: CK_ULONG = 2; +pub const CK_SP800_108_DKM_LENGTH_SUM_OF_KEYS: CK_ULONG = 1; +pub const CK_SP800_108_DKM_LENGTH_SUM_OF_SEGMENTS: CK_ULONG = 2; +pub const CKF_HKDF_SALT_NULL: CK_FLAGS = 1; +pub const CKF_HKDF_SALT_DATA: CK_FLAGS = 2; +pub const CKF_HKDF_SALT_KEY: CK_FLAGS = 4; +pub const CK_NEED_ARG_LIST: CK_ULONG = 1; +pub const CK_PKCS11_2_0_ONLY: CK_ULONG = 1; +pub type CK_BYTE = ::std::os::raw::c_uchar; +pub type CK_CHAR = CK_BYTE; +pub type CK_UTF8CHAR = CK_BYTE; +pub type CK_BBOOL = CK_BYTE; +pub type CK_ULONG = ::std::os::raw::c_ulong; +pub type CK_LONG = ::std::os::raw::c_long; +pub type CK_FLAGS = CK_ULONG; +pub type CK_BYTE_PTR = *mut CK_BYTE; +pub type CK_CHAR_PTR = *mut CK_CHAR; +pub type CK_UTF8CHAR_PTR = *mut CK_UTF8CHAR; +pub type CK_ULONG_PTR = *mut CK_ULONG; +pub type CK_VOID_PTR = *mut ::std::os::raw::c_void; +pub type CK_VOID_PTR_PTR = *mut CK_VOID_PTR; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_VERSION { + pub major: CK_BYTE, + pub minor: CK_BYTE, +} +#[test] +fn bindgen_test_layout_CK_VERSION() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 2usize, + concat!("Size of: ", stringify!(CK_VERSION)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_VERSION)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).major) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_VERSION), + "::", + stringify!(major) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).minor) as usize - ptr as usize }, + 1usize, + concat!( + "Offset of field: ", + stringify!(CK_VERSION), + "::", + stringify!(minor) + ) + ); +} +pub type CK_VERSION_PTR = *mut CK_VERSION; +#[repr(C, packed)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_INFO { + pub cryptokiVersion: CK_VERSION, + pub manufacturerID: [CK_UTF8CHAR; 32usize], + pub flags: CK_FLAGS, + pub libraryDescription: [CK_UTF8CHAR; 32usize], + pub libraryVersion: CK_VERSION, +} +#[test] +fn bindgen_test_layout_CK_INFO() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 72usize, + concat!("Size of: ", stringify!(CK_INFO)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_INFO)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).cryptokiVersion) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_INFO), + "::", + stringify!(cryptokiVersion) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).manufacturerID) as usize - ptr as usize }, + 2usize, + concat!( + "Offset of field: ", + stringify!(CK_INFO), + "::", + stringify!(manufacturerID) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).flags) as usize - ptr as usize }, + 34usize, + concat!( + "Offset of field: ", + stringify!(CK_INFO), + "::", + stringify!(flags) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).libraryDescription) as usize - ptr as usize }, + 38usize, + concat!( + "Offset of field: ", + stringify!(CK_INFO), + "::", + stringify!(libraryDescription) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).libraryVersion) as usize - ptr as usize }, + 70usize, + concat!( + "Offset of field: ", + stringify!(CK_INFO), + "::", + stringify!(libraryVersion) + ) + ); +} +pub type CK_INFO_PTR = *mut CK_INFO; +pub type CK_NOTIFICATION = CK_ULONG; +pub type CK_SLOT_ID = CK_ULONG; +pub type CK_SLOT_ID_PTR = *mut CK_SLOT_ID; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SLOT_INFO { + pub slotDescription: [CK_UTF8CHAR; 64usize], + pub manufacturerID: [CK_UTF8CHAR; 32usize], + pub flags: CK_FLAGS, + pub hardwareVersion: CK_VERSION, + pub firmwareVersion: CK_VERSION, +} +#[test] +fn bindgen_test_layout_CK_SLOT_INFO() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 104usize, + concat!("Size of: ", stringify!(CK_SLOT_INFO)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_SLOT_INFO)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).slotDescription) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SLOT_INFO), + "::", + stringify!(slotDescription) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).manufacturerID) as usize - ptr as usize }, + 64usize, + concat!( + "Offset of field: ", + stringify!(CK_SLOT_INFO), + "::", + stringify!(manufacturerID) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).flags) as usize - ptr as usize }, + 96usize, + concat!( + "Offset of field: ", + stringify!(CK_SLOT_INFO), + "::", + stringify!(flags) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hardwareVersion) as usize - ptr as usize }, + 100usize, + concat!( + "Offset of field: ", + stringify!(CK_SLOT_INFO), + "::", + stringify!(hardwareVersion) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).firmwareVersion) as usize - ptr as usize }, + 102usize, + concat!( + "Offset of field: ", + stringify!(CK_SLOT_INFO), + "::", + stringify!(firmwareVersion) + ) + ); +} +impl Default for CK_SLOT_INFO { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_SLOT_INFO_PTR = *mut CK_SLOT_INFO; +#[repr(C, packed)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_TOKEN_INFO { + pub label: [CK_UTF8CHAR; 32usize], + pub manufacturerID: [CK_UTF8CHAR; 32usize], + pub model: [CK_UTF8CHAR; 16usize], + pub serialNumber: [CK_CHAR; 16usize], + pub flags: CK_FLAGS, + pub ulMaxSessionCount: CK_ULONG, + pub ulSessionCount: CK_ULONG, + pub ulMaxRwSessionCount: CK_ULONG, + pub ulRwSessionCount: CK_ULONG, + pub ulMaxPinLen: CK_ULONG, + pub ulMinPinLen: CK_ULONG, + pub ulTotalPublicMemory: CK_ULONG, + pub ulFreePublicMemory: CK_ULONG, + pub ulTotalPrivateMemory: CK_ULONG, + pub ulFreePrivateMemory: CK_ULONG, + pub hardwareVersion: CK_VERSION, + pub firmwareVersion: CK_VERSION, + pub utcTime: [CK_CHAR; 16usize], +} +#[test] +fn bindgen_test_layout_CK_TOKEN_INFO() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 160usize, + concat!("Size of: ", stringify!(CK_TOKEN_INFO)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_TOKEN_INFO)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).label) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(label) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).manufacturerID) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(manufacturerID) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).model) as usize - ptr as usize }, + 64usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(model) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).serialNumber) as usize - ptr as usize }, + 80usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(serialNumber) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).flags) as usize - ptr as usize }, + 96usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(flags) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMaxSessionCount) as usize - ptr as usize }, + 100usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(ulMaxSessionCount) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSessionCount) as usize - ptr as usize }, + 104usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(ulSessionCount) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMaxRwSessionCount) as usize - ptr as usize }, + 108usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(ulMaxRwSessionCount) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulRwSessionCount) as usize - ptr as usize }, + 112usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(ulRwSessionCount) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMaxPinLen) as usize - ptr as usize }, + 116usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(ulMaxPinLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMinPinLen) as usize - ptr as usize }, + 120usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(ulMinPinLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulTotalPublicMemory) as usize - ptr as usize }, + 124usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(ulTotalPublicMemory) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulFreePublicMemory) as usize - ptr as usize }, + 128usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(ulFreePublicMemory) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulTotalPrivateMemory) as usize - ptr as usize }, + 132usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(ulTotalPrivateMemory) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulFreePrivateMemory) as usize - ptr as usize }, + 136usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(ulFreePrivateMemory) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hardwareVersion) as usize - ptr as usize }, + 140usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(hardwareVersion) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).firmwareVersion) as usize - ptr as usize }, + 142usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(firmwareVersion) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).utcTime) as usize - ptr as usize }, + 144usize, + concat!( + "Offset of field: ", + stringify!(CK_TOKEN_INFO), + "::", + stringify!(utcTime) + ) + ); +} +pub type CK_TOKEN_INFO_PTR = *mut CK_TOKEN_INFO; +pub type CK_SESSION_HANDLE = CK_ULONG; +pub type CK_SESSION_HANDLE_PTR = *mut CK_SESSION_HANDLE; +pub type CK_USER_TYPE = CK_ULONG; +pub type CK_STATE = CK_ULONG; +#[repr(C, packed)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_SESSION_INFO { + pub slotID: CK_SLOT_ID, + pub state: CK_STATE, + pub flags: CK_FLAGS, + pub ulDeviceError: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_SESSION_INFO() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 16usize, + concat!("Size of: ", stringify!(CK_SESSION_INFO)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_SESSION_INFO)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).slotID) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SESSION_INFO), + "::", + stringify!(slotID) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).state) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_SESSION_INFO), + "::", + stringify!(state) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).flags) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_SESSION_INFO), + "::", + stringify!(flags) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulDeviceError) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_SESSION_INFO), + "::", + stringify!(ulDeviceError) + ) + ); +} +pub type CK_SESSION_INFO_PTR = *mut CK_SESSION_INFO; +pub type CK_OBJECT_HANDLE = CK_ULONG; +pub type CK_OBJECT_HANDLE_PTR = *mut CK_OBJECT_HANDLE; +pub type CK_OBJECT_CLASS = CK_ULONG; +pub type CK_OBJECT_CLASS_PTR = *mut CK_OBJECT_CLASS; +pub type CK_HW_FEATURE_TYPE = CK_ULONG; +pub type CK_KEY_TYPE = CK_ULONG; +pub type CK_CERTIFICATE_TYPE = CK_ULONG; +pub type CK_ATTRIBUTE_TYPE = CK_ULONG; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_ATTRIBUTE { + pub type_: CK_ATTRIBUTE_TYPE, + pub pValue: CK_VOID_PTR, + pub ulValueLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_ATTRIBUTE() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 16usize, + concat!("Size of: ", stringify!(CK_ATTRIBUTE)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_ATTRIBUTE)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).type_) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_ATTRIBUTE), + "::", + stringify!(type_) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pValue) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_ATTRIBUTE), + "::", + stringify!(pValue) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulValueLen) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_ATTRIBUTE), + "::", + stringify!(ulValueLen) + ) + ); +} +impl Default for CK_ATTRIBUTE { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_ATTRIBUTE_PTR = *mut CK_ATTRIBUTE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_DATE { + pub year: [CK_CHAR; 4usize], + pub month: [CK_CHAR; 2usize], + pub day: [CK_CHAR; 2usize], +} +#[test] +fn bindgen_test_layout_CK_DATE() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 8usize, + concat!("Size of: ", stringify!(CK_DATE)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_DATE)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).year) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_DATE), + "::", + stringify!(year) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).month) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_DATE), + "::", + stringify!(month) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).day) as usize - ptr as usize }, + 6usize, + concat!( + "Offset of field: ", + stringify!(CK_DATE), + "::", + stringify!(day) + ) + ); +} +pub type CK_MECHANISM_TYPE = CK_ULONG; +pub type CK_MECHANISM_TYPE_PTR = *mut CK_MECHANISM_TYPE; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_MECHANISM { + pub mechanism: CK_MECHANISM_TYPE, + pub pParameter: CK_VOID_PTR, + pub ulParameterLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_MECHANISM() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 16usize, + concat!("Size of: ", stringify!(CK_MECHANISM)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_MECHANISM)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).mechanism) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_MECHANISM), + "::", + stringify!(mechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pParameter) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_MECHANISM), + "::", + stringify!(pParameter) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulParameterLen) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_MECHANISM), + "::", + stringify!(ulParameterLen) + ) + ); +} +impl Default for CK_MECHANISM { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_MECHANISM_PTR = *mut CK_MECHANISM; +#[repr(C, packed)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_MECHANISM_INFO { + pub ulMinKeySize: CK_ULONG, + pub ulMaxKeySize: CK_ULONG, + pub flags: CK_FLAGS, +} +#[test] +fn bindgen_test_layout_CK_MECHANISM_INFO() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 12usize, + concat!("Size of: ", stringify!(CK_MECHANISM_INFO)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_MECHANISM_INFO)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMinKeySize) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_MECHANISM_INFO), + "::", + stringify!(ulMinKeySize) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMaxKeySize) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_MECHANISM_INFO), + "::", + stringify!(ulMaxKeySize) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).flags) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_MECHANISM_INFO), + "::", + stringify!(flags) + ) + ); +} +pub type CK_MECHANISM_INFO_PTR = *mut CK_MECHANISM_INFO; +pub type CK_RV = CK_ULONG; +pub type CK_NOTIFY = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + event: CK_NOTIFICATION, + pApplication: CK_VOID_PTR, + ) -> CK_RV, +>; +pub type CK_FUNCTION_LIST_PTR = *mut CK_FUNCTION_LIST; +pub type CK_FUNCTION_LIST_3_0_PTR = *mut CK_FUNCTION_LIST_3_0; +pub type CK_FUNCTION_LIST_PTR_PTR = *mut CK_FUNCTION_LIST_PTR; +pub type CK_FUNCTION_LIST_3_0_PTR_PTR = *mut CK_FUNCTION_LIST_3_0_PTR; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_INTERFACE { + pub pInterfaceName: *mut CK_CHAR, + pub pFunctionList: CK_VOID_PTR, + pub flags: CK_FLAGS, +} +#[test] +fn bindgen_test_layout_CK_INTERFACE() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 20usize, + concat!("Size of: ", stringify!(CK_INTERFACE)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_INTERFACE)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pInterfaceName) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_INTERFACE), + "::", + stringify!(pInterfaceName) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pFunctionList) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_INTERFACE), + "::", + stringify!(pFunctionList) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).flags) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_INTERFACE), + "::", + stringify!(flags) + ) + ); +} +impl Default for CK_INTERFACE { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_INTERFACE_PTR = *mut CK_INTERFACE; +pub type CK_INTERFACE_PTR_PTR = *mut CK_INTERFACE_PTR; +pub type CK_CREATEMUTEX = + ::std::option::Option CK_RV>; +pub type CK_DESTROYMUTEX = + ::std::option::Option CK_RV>; +pub type CK_LOCKMUTEX = ::std::option::Option CK_RV>; +pub type CK_UNLOCKMUTEX = ::std::option::Option CK_RV>; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_C_INITIALIZE_ARGS { + pub CreateMutex: CK_CREATEMUTEX, + pub DestroyMutex: CK_DESTROYMUTEX, + pub LockMutex: CK_LOCKMUTEX, + pub UnlockMutex: CK_UNLOCKMUTEX, + pub flags: CK_FLAGS, + pub pReserved: CK_VOID_PTR, +} +#[test] +fn bindgen_test_layout_CK_C_INITIALIZE_ARGS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 44usize, + concat!("Size of: ", stringify!(CK_C_INITIALIZE_ARGS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_C_INITIALIZE_ARGS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).CreateMutex) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_C_INITIALIZE_ARGS), + "::", + stringify!(CreateMutex) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).DestroyMutex) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_C_INITIALIZE_ARGS), + "::", + stringify!(DestroyMutex) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).LockMutex) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_C_INITIALIZE_ARGS), + "::", + stringify!(LockMutex) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).UnlockMutex) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_C_INITIALIZE_ARGS), + "::", + stringify!(UnlockMutex) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).flags) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_C_INITIALIZE_ARGS), + "::", + stringify!(flags) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pReserved) as usize - ptr as usize }, + 36usize, + concat!( + "Offset of field: ", + stringify!(CK_C_INITIALIZE_ARGS), + "::", + stringify!(pReserved) + ) + ); +} +impl Default for CK_C_INITIALIZE_ARGS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_C_INITIALIZE_ARGS_PTR = *mut CK_C_INITIALIZE_ARGS; +pub type CK_RSA_PKCS_MGF_TYPE = CK_ULONG; +pub type CK_RSA_PKCS_MGF_TYPE_PTR = *mut CK_RSA_PKCS_MGF_TYPE; +pub type CK_RSA_PKCS_OAEP_SOURCE_TYPE = CK_ULONG; +pub type CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR = *mut CK_RSA_PKCS_OAEP_SOURCE_TYPE; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_RSA_PKCS_OAEP_PARAMS { + pub hashAlg: CK_MECHANISM_TYPE, + pub mgf: CK_RSA_PKCS_MGF_TYPE, + pub source: CK_RSA_PKCS_OAEP_SOURCE_TYPE, + pub pSourceData: CK_VOID_PTR, + pub ulSourceDataLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_RSA_PKCS_OAEP_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(CK_RSA_PKCS_OAEP_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_RSA_PKCS_OAEP_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hashAlg) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_RSA_PKCS_OAEP_PARAMS), + "::", + stringify!(hashAlg) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).mgf) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_RSA_PKCS_OAEP_PARAMS), + "::", + stringify!(mgf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).source) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_RSA_PKCS_OAEP_PARAMS), + "::", + stringify!(source) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSourceData) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_RSA_PKCS_OAEP_PARAMS), + "::", + stringify!(pSourceData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSourceDataLen) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_RSA_PKCS_OAEP_PARAMS), + "::", + stringify!(ulSourceDataLen) + ) + ); +} +impl Default for CK_RSA_PKCS_OAEP_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_RSA_PKCS_OAEP_PARAMS_PTR = *mut CK_RSA_PKCS_OAEP_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_RSA_PKCS_PSS_PARAMS { + pub hashAlg: CK_MECHANISM_TYPE, + pub mgf: CK_RSA_PKCS_MGF_TYPE, + pub sLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_RSA_PKCS_PSS_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 12usize, + concat!("Size of: ", stringify!(CK_RSA_PKCS_PSS_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_RSA_PKCS_PSS_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hashAlg) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_RSA_PKCS_PSS_PARAMS), + "::", + stringify!(hashAlg) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).mgf) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_RSA_PKCS_PSS_PARAMS), + "::", + stringify!(mgf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).sLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_RSA_PKCS_PSS_PARAMS), + "::", + stringify!(sLen) + ) + ); +} +pub type CK_RSA_PKCS_PSS_PARAMS_PTR = *mut CK_RSA_PKCS_PSS_PARAMS; +pub type CK_EC_KDF_TYPE = CK_ULONG; +pub type CK_EC_KDF_TYPE_PTR = *mut CK_EC_KDF_TYPE; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_ECDH1_DERIVE_PARAMS { + pub kdf: CK_EC_KDF_TYPE, + pub ulSharedDataLen: CK_ULONG, + pub pSharedData: CK_BYTE_PTR, + pub ulPublicDataLen: CK_ULONG, + pub pPublicData: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_ECDH1_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 28usize, + concat!("Size of: ", stringify!(CK_ECDH1_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_ECDH1_DERIVE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).kdf) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH1_DERIVE_PARAMS), + "::", + stringify!(kdf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSharedDataLen) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH1_DERIVE_PARAMS), + "::", + stringify!(ulSharedDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSharedData) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH1_DERIVE_PARAMS), + "::", + stringify!(pSharedData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH1_DERIVE_PARAMS), + "::", + stringify!(ulPublicDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH1_DERIVE_PARAMS), + "::", + stringify!(pPublicData) + ) + ); +} +impl Default for CK_ECDH1_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_ECDH1_DERIVE_PARAMS_PTR = *mut CK_ECDH1_DERIVE_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_ECDH2_DERIVE_PARAMS { + pub kdf: CK_EC_KDF_TYPE, + pub ulSharedDataLen: CK_ULONG, + pub pSharedData: CK_BYTE_PTR, + pub ulPublicDataLen: CK_ULONG, + pub pPublicData: CK_BYTE_PTR, + pub ulPrivateDataLen: CK_ULONG, + pub hPrivateData: CK_OBJECT_HANDLE, + pub ulPublicDataLen2: CK_ULONG, + pub pPublicData2: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_ECDH2_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 48usize, + concat!("Size of: ", stringify!(CK_ECDH2_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_ECDH2_DERIVE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).kdf) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH2_DERIVE_PARAMS), + "::", + stringify!(kdf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSharedDataLen) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH2_DERIVE_PARAMS), + "::", + stringify!(ulSharedDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSharedData) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH2_DERIVE_PARAMS), + "::", + stringify!(pSharedData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH2_DERIVE_PARAMS), + "::", + stringify!(ulPublicDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH2_DERIVE_PARAMS), + "::", + stringify!(pPublicData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPrivateDataLen) as usize - ptr as usize }, + 28usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH2_DERIVE_PARAMS), + "::", + stringify!(ulPrivateDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hPrivateData) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH2_DERIVE_PARAMS), + "::", + stringify!(hPrivateData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen2) as usize - ptr as usize }, + 36usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH2_DERIVE_PARAMS), + "::", + stringify!(ulPublicDataLen2) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData2) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH2_DERIVE_PARAMS), + "::", + stringify!(pPublicData2) + ) + ); +} +impl Default for CK_ECDH2_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_ECDH2_DERIVE_PARAMS_PTR = *mut CK_ECDH2_DERIVE_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_ECMQV_DERIVE_PARAMS { + pub kdf: CK_EC_KDF_TYPE, + pub ulSharedDataLen: CK_ULONG, + pub pSharedData: CK_BYTE_PTR, + pub ulPublicDataLen: CK_ULONG, + pub pPublicData: CK_BYTE_PTR, + pub ulPrivateDataLen: CK_ULONG, + pub hPrivateData: CK_OBJECT_HANDLE, + pub ulPublicDataLen2: CK_ULONG, + pub pPublicData2: CK_BYTE_PTR, + pub publicKey: CK_OBJECT_HANDLE, +} +#[test] +fn bindgen_test_layout_CK_ECMQV_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 52usize, + concat!("Size of: ", stringify!(CK_ECMQV_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_ECMQV_DERIVE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).kdf) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_ECMQV_DERIVE_PARAMS), + "::", + stringify!(kdf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSharedDataLen) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_ECMQV_DERIVE_PARAMS), + "::", + stringify!(ulSharedDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSharedData) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_ECMQV_DERIVE_PARAMS), + "::", + stringify!(pSharedData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_ECMQV_DERIVE_PARAMS), + "::", + stringify!(ulPublicDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_ECMQV_DERIVE_PARAMS), + "::", + stringify!(pPublicData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPrivateDataLen) as usize - ptr as usize }, + 28usize, + concat!( + "Offset of field: ", + stringify!(CK_ECMQV_DERIVE_PARAMS), + "::", + stringify!(ulPrivateDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hPrivateData) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_ECMQV_DERIVE_PARAMS), + "::", + stringify!(hPrivateData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen2) as usize - ptr as usize }, + 36usize, + concat!( + "Offset of field: ", + stringify!(CK_ECMQV_DERIVE_PARAMS), + "::", + stringify!(ulPublicDataLen2) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData2) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_ECMQV_DERIVE_PARAMS), + "::", + stringify!(pPublicData2) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).publicKey) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_ECMQV_DERIVE_PARAMS), + "::", + stringify!(publicKey) + ) + ); +} +impl Default for CK_ECMQV_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_ECMQV_DERIVE_PARAMS_PTR = *mut CK_ECMQV_DERIVE_PARAMS; +pub type CK_X9_42_DH_KDF_TYPE = CK_ULONG; +pub type CK_X9_42_DH_KDF_TYPE_PTR = *mut CK_X9_42_DH_KDF_TYPE; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_X9_42_DH1_DERIVE_PARAMS { + pub kdf: CK_X9_42_DH_KDF_TYPE, + pub ulOtherInfoLen: CK_ULONG, + pub pOtherInfo: CK_BYTE_PTR, + pub ulPublicDataLen: CK_ULONG, + pub pPublicData: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_X9_42_DH1_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 28usize, + concat!("Size of: ", stringify!(CK_X9_42_DH1_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_X9_42_DH1_DERIVE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).kdf) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH1_DERIVE_PARAMS), + "::", + stringify!(kdf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulOtherInfoLen) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH1_DERIVE_PARAMS), + "::", + stringify!(ulOtherInfoLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOtherInfo) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH1_DERIVE_PARAMS), + "::", + stringify!(pOtherInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH1_DERIVE_PARAMS), + "::", + stringify!(ulPublicDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH1_DERIVE_PARAMS), + "::", + stringify!(pPublicData) + ) + ); +} +impl Default for CK_X9_42_DH1_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_X9_42_DH1_DERIVE_PARAMS_PTR = *mut CK_X9_42_DH1_DERIVE_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_X9_42_DH2_DERIVE_PARAMS { + pub kdf: CK_X9_42_DH_KDF_TYPE, + pub ulOtherInfoLen: CK_ULONG, + pub pOtherInfo: CK_BYTE_PTR, + pub ulPublicDataLen: CK_ULONG, + pub pPublicData: CK_BYTE_PTR, + pub ulPrivateDataLen: CK_ULONG, + pub hPrivateData: CK_OBJECT_HANDLE, + pub ulPublicDataLen2: CK_ULONG, + pub pPublicData2: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_X9_42_DH2_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 48usize, + concat!("Size of: ", stringify!(CK_X9_42_DH2_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_X9_42_DH2_DERIVE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).kdf) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH2_DERIVE_PARAMS), + "::", + stringify!(kdf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulOtherInfoLen) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH2_DERIVE_PARAMS), + "::", + stringify!(ulOtherInfoLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOtherInfo) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH2_DERIVE_PARAMS), + "::", + stringify!(pOtherInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH2_DERIVE_PARAMS), + "::", + stringify!(ulPublicDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH2_DERIVE_PARAMS), + "::", + stringify!(pPublicData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPrivateDataLen) as usize - ptr as usize }, + 28usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH2_DERIVE_PARAMS), + "::", + stringify!(ulPrivateDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hPrivateData) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH2_DERIVE_PARAMS), + "::", + stringify!(hPrivateData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen2) as usize - ptr as usize }, + 36usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH2_DERIVE_PARAMS), + "::", + stringify!(ulPublicDataLen2) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData2) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_DH2_DERIVE_PARAMS), + "::", + stringify!(pPublicData2) + ) + ); +} +impl Default for CK_X9_42_DH2_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_X9_42_DH2_DERIVE_PARAMS_PTR = *mut CK_X9_42_DH2_DERIVE_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_X9_42_MQV_DERIVE_PARAMS { + pub kdf: CK_X9_42_DH_KDF_TYPE, + pub ulOtherInfoLen: CK_ULONG, + pub pOtherInfo: CK_BYTE_PTR, + pub ulPublicDataLen: CK_ULONG, + pub pPublicData: CK_BYTE_PTR, + pub ulPrivateDataLen: CK_ULONG, + pub hPrivateData: CK_OBJECT_HANDLE, + pub ulPublicDataLen2: CK_ULONG, + pub pPublicData2: CK_BYTE_PTR, + pub publicKey: CK_OBJECT_HANDLE, +} +#[test] +fn bindgen_test_layout_CK_X9_42_MQV_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 52usize, + concat!("Size of: ", stringify!(CK_X9_42_MQV_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_X9_42_MQV_DERIVE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).kdf) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_MQV_DERIVE_PARAMS), + "::", + stringify!(kdf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulOtherInfoLen) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_MQV_DERIVE_PARAMS), + "::", + stringify!(ulOtherInfoLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOtherInfo) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_MQV_DERIVE_PARAMS), + "::", + stringify!(pOtherInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_MQV_DERIVE_PARAMS), + "::", + stringify!(ulPublicDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_MQV_DERIVE_PARAMS), + "::", + stringify!(pPublicData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPrivateDataLen) as usize - ptr as usize }, + 28usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_MQV_DERIVE_PARAMS), + "::", + stringify!(ulPrivateDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hPrivateData) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_MQV_DERIVE_PARAMS), + "::", + stringify!(hPrivateData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen2) as usize - ptr as usize }, + 36usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_MQV_DERIVE_PARAMS), + "::", + stringify!(ulPublicDataLen2) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData2) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_MQV_DERIVE_PARAMS), + "::", + stringify!(pPublicData2) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).publicKey) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_X9_42_MQV_DERIVE_PARAMS), + "::", + stringify!(publicKey) + ) + ); +} +impl Default for CK_X9_42_MQV_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_X9_42_MQV_DERIVE_PARAMS_PTR = *mut CK_X9_42_MQV_DERIVE_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_KEA_DERIVE_PARAMS { + pub isSender: CK_BBOOL, + pub ulRandomLen: CK_ULONG, + pub pRandomA: CK_BYTE_PTR, + pub pRandomB: CK_BYTE_PTR, + pub ulPublicDataLen: CK_ULONG, + pub pPublicData: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_KEA_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 33usize, + concat!("Size of: ", stringify!(CK_KEA_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_KEA_DERIVE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).isSender) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_KEA_DERIVE_PARAMS), + "::", + stringify!(isSender) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulRandomLen) as usize - ptr as usize }, + 1usize, + concat!( + "Offset of field: ", + stringify!(CK_KEA_DERIVE_PARAMS), + "::", + stringify!(ulRandomLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pRandomA) as usize - ptr as usize }, + 5usize, + concat!( + "Offset of field: ", + stringify!(CK_KEA_DERIVE_PARAMS), + "::", + stringify!(pRandomA) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pRandomB) as usize - ptr as usize }, + 13usize, + concat!( + "Offset of field: ", + stringify!(CK_KEA_DERIVE_PARAMS), + "::", + stringify!(pRandomB) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen) as usize - ptr as usize }, + 21usize, + concat!( + "Offset of field: ", + stringify!(CK_KEA_DERIVE_PARAMS), + "::", + stringify!(ulPublicDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData) as usize - ptr as usize }, + 25usize, + concat!( + "Offset of field: ", + stringify!(CK_KEA_DERIVE_PARAMS), + "::", + stringify!(pPublicData) + ) + ); +} +impl Default for CK_KEA_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_KEA_DERIVE_PARAMS_PTR = *mut CK_KEA_DERIVE_PARAMS; +pub type CK_RC2_PARAMS = CK_ULONG; +pub type CK_RC2_PARAMS_PTR = *mut CK_RC2_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_RC2_CBC_PARAMS { + pub ulEffectiveBits: CK_ULONG, + pub iv: [CK_BYTE; 8usize], +} +#[test] +fn bindgen_test_layout_CK_RC2_CBC_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 12usize, + concat!("Size of: ", stringify!(CK_RC2_CBC_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_RC2_CBC_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulEffectiveBits) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_RC2_CBC_PARAMS), + "::", + stringify!(ulEffectiveBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).iv) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_RC2_CBC_PARAMS), + "::", + stringify!(iv) + ) + ); +} +pub type CK_RC2_CBC_PARAMS_PTR = *mut CK_RC2_CBC_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_RC2_MAC_GENERAL_PARAMS { + pub ulEffectiveBits: CK_ULONG, + pub ulMacLength: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_RC2_MAC_GENERAL_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 8usize, + concat!("Size of: ", stringify!(CK_RC2_MAC_GENERAL_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_RC2_MAC_GENERAL_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulEffectiveBits) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_RC2_MAC_GENERAL_PARAMS), + "::", + stringify!(ulEffectiveBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMacLength) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_RC2_MAC_GENERAL_PARAMS), + "::", + stringify!(ulMacLength) + ) + ); +} +pub type CK_RC2_MAC_GENERAL_PARAMS_PTR = *mut CK_RC2_MAC_GENERAL_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_RC5_PARAMS { + pub ulWordsize: CK_ULONG, + pub ulRounds: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_RC5_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 8usize, + concat!("Size of: ", stringify!(CK_RC5_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_RC5_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulWordsize) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_RC5_PARAMS), + "::", + stringify!(ulWordsize) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulRounds) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_RC5_PARAMS), + "::", + stringify!(ulRounds) + ) + ); +} +pub type CK_RC5_PARAMS_PTR = *mut CK_RC5_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_RC5_CBC_PARAMS { + pub ulWordsize: CK_ULONG, + pub ulRounds: CK_ULONG, + pub pIv: CK_BYTE_PTR, + pub ulIvLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_RC5_CBC_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 20usize, + concat!("Size of: ", stringify!(CK_RC5_CBC_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_RC5_CBC_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulWordsize) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_RC5_CBC_PARAMS), + "::", + stringify!(ulWordsize) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulRounds) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_RC5_CBC_PARAMS), + "::", + stringify!(ulRounds) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pIv) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_RC5_CBC_PARAMS), + "::", + stringify!(pIv) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIvLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_RC5_CBC_PARAMS), + "::", + stringify!(ulIvLen) + ) + ); +} +impl Default for CK_RC5_CBC_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_RC5_CBC_PARAMS_PTR = *mut CK_RC5_CBC_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_RC5_MAC_GENERAL_PARAMS { + pub ulWordsize: CK_ULONG, + pub ulRounds: CK_ULONG, + pub ulMacLength: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_RC5_MAC_GENERAL_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 12usize, + concat!("Size of: ", stringify!(CK_RC5_MAC_GENERAL_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_RC5_MAC_GENERAL_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulWordsize) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_RC5_MAC_GENERAL_PARAMS), + "::", + stringify!(ulWordsize) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulRounds) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_RC5_MAC_GENERAL_PARAMS), + "::", + stringify!(ulRounds) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMacLength) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_RC5_MAC_GENERAL_PARAMS), + "::", + stringify!(ulMacLength) + ) + ); +} +pub type CK_RC5_MAC_GENERAL_PARAMS_PTR = *mut CK_RC5_MAC_GENERAL_PARAMS; +pub type CK_MAC_GENERAL_PARAMS = CK_ULONG; +pub type CK_MAC_GENERAL_PARAMS_PTR = *mut CK_MAC_GENERAL_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_DES_CBC_ENCRYPT_DATA_PARAMS { + pub iv: [CK_BYTE; 8usize], + pub pData: CK_BYTE_PTR, + pub length: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_DES_CBC_ENCRYPT_DATA_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 20usize, + concat!("Size of: ", stringify!(CK_DES_CBC_ENCRYPT_DATA_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_DES_CBC_ENCRYPT_DATA_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).iv) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_DES_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(iv) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pData) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_DES_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(pData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).length) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_DES_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(length) + ) + ); +} +impl Default for CK_DES_CBC_ENCRYPT_DATA_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR = *mut CK_DES_CBC_ENCRYPT_DATA_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_AES_CBC_ENCRYPT_DATA_PARAMS { + pub iv: [CK_BYTE; 16usize], + pub pData: CK_BYTE_PTR, + pub length: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_AES_CBC_ENCRYPT_DATA_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 28usize, + concat!("Size of: ", stringify!(CK_AES_CBC_ENCRYPT_DATA_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_AES_CBC_ENCRYPT_DATA_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).iv) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(iv) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pData) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(pData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).length) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(length) + ) + ); +} +impl Default for CK_AES_CBC_ENCRYPT_DATA_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR = *mut CK_AES_CBC_ENCRYPT_DATA_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS { + pub ulPasswordLen: CK_ULONG, + pub pPassword: CK_BYTE_PTR, + pub ulPublicDataLen: CK_ULONG, + pub pPublicData: CK_BYTE_PTR, + pub ulPAndGLen: CK_ULONG, + pub ulQLen: CK_ULONG, + pub ulRandomLen: CK_ULONG, + pub pRandomA: CK_BYTE_PTR, + pub pPrimeP: CK_BYTE_PTR, + pub pBaseG: CK_BYTE_PTR, + pub pSubprimeQ: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_SKIPJACK_PRIVATE_WRAP_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 68usize, + concat!("Size of: ", stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPasswordLen) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS), + "::", + stringify!(ulPasswordLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPassword) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS), + "::", + stringify!(pPassword) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS), + "::", + stringify!(ulPublicDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS), + "::", + stringify!(pPublicData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPAndGLen) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS), + "::", + stringify!(ulPAndGLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulQLen) as usize - ptr as usize }, + 28usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS), + "::", + stringify!(ulQLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulRandomLen) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS), + "::", + stringify!(ulRandomLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pRandomA) as usize - ptr as usize }, + 36usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS), + "::", + stringify!(pRandomA) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPrimeP) as usize - ptr as usize }, + 44usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS), + "::", + stringify!(pPrimeP) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pBaseG) as usize - ptr as usize }, + 52usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS), + "::", + stringify!(pBaseG) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSubprimeQ) as usize - ptr as usize }, + 60usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_PRIVATE_WRAP_PARAMS), + "::", + stringify!(pSubprimeQ) + ) + ); +} +impl Default for CK_SKIPJACK_PRIVATE_WRAP_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_SKIPJACK_PRIVATE_WRAP_PARAMS_PTR = *mut CK_SKIPJACK_PRIVATE_WRAP_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SKIPJACK_RELAYX_PARAMS { + pub ulOldWrappedXLen: CK_ULONG, + pub pOldWrappedX: CK_BYTE_PTR, + pub ulOldPasswordLen: CK_ULONG, + pub pOldPassword: CK_BYTE_PTR, + pub ulOldPublicDataLen: CK_ULONG, + pub pOldPublicData: CK_BYTE_PTR, + pub ulOldRandomLen: CK_ULONG, + pub pOldRandomA: CK_BYTE_PTR, + pub ulNewPasswordLen: CK_ULONG, + pub pNewPassword: CK_BYTE_PTR, + pub ulNewPublicDataLen: CK_ULONG, + pub pNewPublicData: CK_BYTE_PTR, + pub ulNewRandomLen: CK_ULONG, + pub pNewRandomA: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_SKIPJACK_RELAYX_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 84usize, + concat!("Size of: ", stringify!(CK_SKIPJACK_RELAYX_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_SKIPJACK_RELAYX_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulOldWrappedXLen) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(ulOldWrappedXLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOldWrappedX) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(pOldWrappedX) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulOldPasswordLen) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(ulOldPasswordLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOldPassword) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(pOldPassword) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulOldPublicDataLen) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(ulOldPublicDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOldPublicData) as usize - ptr as usize }, + 28usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(pOldPublicData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulOldRandomLen) as usize - ptr as usize }, + 36usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(ulOldRandomLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOldRandomA) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(pOldRandomA) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNewPasswordLen) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(ulNewPasswordLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pNewPassword) as usize - ptr as usize }, + 52usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(pNewPassword) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNewPublicDataLen) as usize - ptr as usize }, + 60usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(ulNewPublicDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pNewPublicData) as usize - ptr as usize }, + 64usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(pNewPublicData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNewRandomLen) as usize - ptr as usize }, + 72usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(ulNewRandomLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pNewRandomA) as usize - ptr as usize }, + 76usize, + concat!( + "Offset of field: ", + stringify!(CK_SKIPJACK_RELAYX_PARAMS), + "::", + stringify!(pNewRandomA) + ) + ); +} +impl Default for CK_SKIPJACK_RELAYX_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_SKIPJACK_RELAYX_PARAMS_PTR = *mut CK_SKIPJACK_RELAYX_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_PBE_PARAMS { + pub pInitVector: CK_BYTE_PTR, + pub pPassword: CK_UTF8CHAR_PTR, + pub ulPasswordLen: CK_ULONG, + pub pSalt: CK_BYTE_PTR, + pub ulSaltLen: CK_ULONG, + pub ulIteration: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_PBE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 36usize, + concat!("Size of: ", stringify!(CK_PBE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_PBE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pInitVector) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_PBE_PARAMS), + "::", + stringify!(pInitVector) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPassword) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_PBE_PARAMS), + "::", + stringify!(pPassword) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPasswordLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_PBE_PARAMS), + "::", + stringify!(ulPasswordLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSalt) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_PBE_PARAMS), + "::", + stringify!(pSalt) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSaltLen) as usize - ptr as usize }, + 28usize, + concat!( + "Offset of field: ", + stringify!(CK_PBE_PARAMS), + "::", + stringify!(ulSaltLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIteration) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_PBE_PARAMS), + "::", + stringify!(ulIteration) + ) + ); +} +impl Default for CK_PBE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_PBE_PARAMS_PTR = *mut CK_PBE_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_KEY_WRAP_SET_OAEP_PARAMS { + pub bBC: CK_BYTE, + pub pX: CK_BYTE_PTR, + pub ulXLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_KEY_WRAP_SET_OAEP_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 13usize, + concat!("Size of: ", stringify!(CK_KEY_WRAP_SET_OAEP_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_KEY_WRAP_SET_OAEP_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bBC) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_KEY_WRAP_SET_OAEP_PARAMS), + "::", + stringify!(bBC) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pX) as usize - ptr as usize }, + 1usize, + concat!( + "Offset of field: ", + stringify!(CK_KEY_WRAP_SET_OAEP_PARAMS), + "::", + stringify!(pX) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulXLen) as usize - ptr as usize }, + 9usize, + concat!( + "Offset of field: ", + stringify!(CK_KEY_WRAP_SET_OAEP_PARAMS), + "::", + stringify!(ulXLen) + ) + ); +} +impl Default for CK_KEY_WRAP_SET_OAEP_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_KEY_WRAP_SET_OAEP_PARAMS_PTR = *mut CK_KEY_WRAP_SET_OAEP_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SSL3_RANDOM_DATA { + pub pClientRandom: CK_BYTE_PTR, + pub ulClientRandomLen: CK_ULONG, + pub pServerRandom: CK_BYTE_PTR, + pub ulServerRandomLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_SSL3_RANDOM_DATA() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(CK_SSL3_RANDOM_DATA)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_SSL3_RANDOM_DATA)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pClientRandom) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_RANDOM_DATA), + "::", + stringify!(pClientRandom) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulClientRandomLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_RANDOM_DATA), + "::", + stringify!(ulClientRandomLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pServerRandom) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_RANDOM_DATA), + "::", + stringify!(pServerRandom) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulServerRandomLen) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_RANDOM_DATA), + "::", + stringify!(ulServerRandomLen) + ) + ); +} +impl Default for CK_SSL3_RANDOM_DATA { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS { + pub RandomInfo: CK_SSL3_RANDOM_DATA, + pub pVersion: CK_VERSION_PTR, +} +#[test] +fn bindgen_test_layout_CK_SSL3_MASTER_KEY_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 32usize, + concat!("Size of: ", stringify!(CK_SSL3_MASTER_KEY_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!( + "Alignment of ", + stringify!(CK_SSL3_MASTER_KEY_DERIVE_PARAMS) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).RandomInfo) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_MASTER_KEY_DERIVE_PARAMS), + "::", + stringify!(RandomInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pVersion) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_MASTER_KEY_DERIVE_PARAMS), + "::", + stringify!(pVersion) + ) + ); +} +impl Default for CK_SSL3_MASTER_KEY_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR = *mut CK_SSL3_MASTER_KEY_DERIVE_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SSL3_KEY_MAT_OUT { + pub hClientMacSecret: CK_OBJECT_HANDLE, + pub hServerMacSecret: CK_OBJECT_HANDLE, + pub hClientKey: CK_OBJECT_HANDLE, + pub hServerKey: CK_OBJECT_HANDLE, + pub pIVClient: CK_BYTE_PTR, + pub pIVServer: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_SSL3_KEY_MAT_OUT() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 32usize, + concat!("Size of: ", stringify!(CK_SSL3_KEY_MAT_OUT)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_SSL3_KEY_MAT_OUT)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hClientMacSecret) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_KEY_MAT_OUT), + "::", + stringify!(hClientMacSecret) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hServerMacSecret) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_KEY_MAT_OUT), + "::", + stringify!(hServerMacSecret) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hClientKey) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_KEY_MAT_OUT), + "::", + stringify!(hClientKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hServerKey) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_KEY_MAT_OUT), + "::", + stringify!(hServerKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pIVClient) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_KEY_MAT_OUT), + "::", + stringify!(pIVClient) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pIVServer) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_KEY_MAT_OUT), + "::", + stringify!(pIVServer) + ) + ); +} +impl Default for CK_SSL3_KEY_MAT_OUT { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_SSL3_KEY_MAT_OUT_PTR = *mut CK_SSL3_KEY_MAT_OUT; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SSL3_KEY_MAT_PARAMS { + pub ulMacSizeInBits: CK_ULONG, + pub ulKeySizeInBits: CK_ULONG, + pub ulIVSizeInBits: CK_ULONG, + pub bIsExport: CK_BBOOL, + pub RandomInfo: CK_SSL3_RANDOM_DATA, + pub pReturnedKeyMaterial: CK_SSL3_KEY_MAT_OUT_PTR, +} +#[test] +fn bindgen_test_layout_CK_SSL3_KEY_MAT_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 45usize, + concat!("Size of: ", stringify!(CK_SSL3_KEY_MAT_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_SSL3_KEY_MAT_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMacSizeInBits) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_KEY_MAT_PARAMS), + "::", + stringify!(ulMacSizeInBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulKeySizeInBits) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_KEY_MAT_PARAMS), + "::", + stringify!(ulKeySizeInBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIVSizeInBits) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_KEY_MAT_PARAMS), + "::", + stringify!(ulIVSizeInBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bIsExport) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_KEY_MAT_PARAMS), + "::", + stringify!(bIsExport) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).RandomInfo) as usize - ptr as usize }, + 13usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_KEY_MAT_PARAMS), + "::", + stringify!(RandomInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pReturnedKeyMaterial) as usize - ptr as usize }, + 37usize, + concat!( + "Offset of field: ", + stringify!(CK_SSL3_KEY_MAT_PARAMS), + "::", + stringify!(pReturnedKeyMaterial) + ) + ); +} +impl Default for CK_SSL3_KEY_MAT_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_SSL3_KEY_MAT_PARAMS_PTR = *mut CK_SSL3_KEY_MAT_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_TLS_PRF_PARAMS { + pub pSeed: CK_BYTE_PTR, + pub ulSeedLen: CK_ULONG, + pub pLabel: CK_BYTE_PTR, + pub ulLabelLen: CK_ULONG, + pub pOutput: CK_BYTE_PTR, + pub pulOutputLen: CK_ULONG_PTR, +} +#[test] +fn bindgen_test_layout_CK_TLS_PRF_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 40usize, + concat!("Size of: ", stringify!(CK_TLS_PRF_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_TLS_PRF_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSeed) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_PRF_PARAMS), + "::", + stringify!(pSeed) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSeedLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_PRF_PARAMS), + "::", + stringify!(ulSeedLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pLabel) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_PRF_PARAMS), + "::", + stringify!(pLabel) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulLabelLen) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_PRF_PARAMS), + "::", + stringify!(ulLabelLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOutput) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_PRF_PARAMS), + "::", + stringify!(pOutput) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pulOutputLen) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_PRF_PARAMS), + "::", + stringify!(pulOutputLen) + ) + ); +} +impl Default for CK_TLS_PRF_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_TLS_PRF_PARAMS_PTR = *mut CK_TLS_PRF_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_WTLS_RANDOM_DATA { + pub pClientRandom: CK_BYTE_PTR, + pub ulClientRandomLen: CK_ULONG, + pub pServerRandom: CK_BYTE_PTR, + pub ulServerRandomLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_WTLS_RANDOM_DATA() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(CK_WTLS_RANDOM_DATA)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_WTLS_RANDOM_DATA)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pClientRandom) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_RANDOM_DATA), + "::", + stringify!(pClientRandom) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulClientRandomLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_RANDOM_DATA), + "::", + stringify!(ulClientRandomLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pServerRandom) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_RANDOM_DATA), + "::", + stringify!(pServerRandom) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulServerRandomLen) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_RANDOM_DATA), + "::", + stringify!(ulServerRandomLen) + ) + ); +} +impl Default for CK_WTLS_RANDOM_DATA { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_WTLS_RANDOM_DATA_PTR = *mut CK_WTLS_RANDOM_DATA; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS { + pub DigestMechanism: CK_MECHANISM_TYPE, + pub RandomInfo: CK_WTLS_RANDOM_DATA, + pub pVersion: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_WTLS_MASTER_KEY_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 36usize, + concat!("Size of: ", stringify!(CK_WTLS_MASTER_KEY_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!( + "Alignment of ", + stringify!(CK_WTLS_MASTER_KEY_DERIVE_PARAMS) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).DigestMechanism) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_MASTER_KEY_DERIVE_PARAMS), + "::", + stringify!(DigestMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).RandomInfo) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_MASTER_KEY_DERIVE_PARAMS), + "::", + stringify!(RandomInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pVersion) as usize - ptr as usize }, + 28usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_MASTER_KEY_DERIVE_PARAMS), + "::", + stringify!(pVersion) + ) + ); +} +impl Default for CK_WTLS_MASTER_KEY_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR = *mut CK_WTLS_MASTER_KEY_DERIVE_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_WTLS_PRF_PARAMS { + pub DigestMechanism: CK_MECHANISM_TYPE, + pub pSeed: CK_BYTE_PTR, + pub ulSeedLen: CK_ULONG, + pub pLabel: CK_BYTE_PTR, + pub ulLabelLen: CK_ULONG, + pub pOutput: CK_BYTE_PTR, + pub pulOutputLen: CK_ULONG_PTR, +} +#[test] +fn bindgen_test_layout_CK_WTLS_PRF_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 44usize, + concat!("Size of: ", stringify!(CK_WTLS_PRF_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_WTLS_PRF_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).DigestMechanism) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_PRF_PARAMS), + "::", + stringify!(DigestMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSeed) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_PRF_PARAMS), + "::", + stringify!(pSeed) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSeedLen) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_PRF_PARAMS), + "::", + stringify!(ulSeedLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pLabel) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_PRF_PARAMS), + "::", + stringify!(pLabel) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulLabelLen) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_PRF_PARAMS), + "::", + stringify!(ulLabelLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOutput) as usize - ptr as usize }, + 28usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_PRF_PARAMS), + "::", + stringify!(pOutput) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pulOutputLen) as usize - ptr as usize }, + 36usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_PRF_PARAMS), + "::", + stringify!(pulOutputLen) + ) + ); +} +impl Default for CK_WTLS_PRF_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_WTLS_PRF_PARAMS_PTR = *mut CK_WTLS_PRF_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_WTLS_KEY_MAT_OUT { + pub hMacSecret: CK_OBJECT_HANDLE, + pub hKey: CK_OBJECT_HANDLE, + pub pIV: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_WTLS_KEY_MAT_OUT() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 16usize, + concat!("Size of: ", stringify!(CK_WTLS_KEY_MAT_OUT)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_WTLS_KEY_MAT_OUT)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hMacSecret) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_KEY_MAT_OUT), + "::", + stringify!(hMacSecret) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hKey) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_KEY_MAT_OUT), + "::", + stringify!(hKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pIV) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_KEY_MAT_OUT), + "::", + stringify!(pIV) + ) + ); +} +impl Default for CK_WTLS_KEY_MAT_OUT { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_WTLS_KEY_MAT_OUT_PTR = *mut CK_WTLS_KEY_MAT_OUT; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_WTLS_KEY_MAT_PARAMS { + pub DigestMechanism: CK_MECHANISM_TYPE, + pub ulMacSizeInBits: CK_ULONG, + pub ulKeySizeInBits: CK_ULONG, + pub ulIVSizeInBits: CK_ULONG, + pub ulSequenceNumber: CK_ULONG, + pub bIsExport: CK_BBOOL, + pub RandomInfo: CK_WTLS_RANDOM_DATA, + pub pReturnedKeyMaterial: CK_WTLS_KEY_MAT_OUT_PTR, +} +#[test] +fn bindgen_test_layout_CK_WTLS_KEY_MAT_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 53usize, + concat!("Size of: ", stringify!(CK_WTLS_KEY_MAT_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_WTLS_KEY_MAT_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).DigestMechanism) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_KEY_MAT_PARAMS), + "::", + stringify!(DigestMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMacSizeInBits) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_KEY_MAT_PARAMS), + "::", + stringify!(ulMacSizeInBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulKeySizeInBits) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_KEY_MAT_PARAMS), + "::", + stringify!(ulKeySizeInBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIVSizeInBits) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_KEY_MAT_PARAMS), + "::", + stringify!(ulIVSizeInBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSequenceNumber) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_KEY_MAT_PARAMS), + "::", + stringify!(ulSequenceNumber) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bIsExport) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_KEY_MAT_PARAMS), + "::", + stringify!(bIsExport) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).RandomInfo) as usize - ptr as usize }, + 21usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_KEY_MAT_PARAMS), + "::", + stringify!(RandomInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pReturnedKeyMaterial) as usize - ptr as usize }, + 45usize, + concat!( + "Offset of field: ", + stringify!(CK_WTLS_KEY_MAT_PARAMS), + "::", + stringify!(pReturnedKeyMaterial) + ) + ); +} +impl Default for CK_WTLS_KEY_MAT_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_WTLS_KEY_MAT_PARAMS_PTR = *mut CK_WTLS_KEY_MAT_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_CMS_SIG_PARAMS { + pub certificateHandle: CK_OBJECT_HANDLE, + pub pSigningMechanism: CK_MECHANISM_PTR, + pub pDigestMechanism: CK_MECHANISM_PTR, + pub pContentType: CK_UTF8CHAR_PTR, + pub pRequestedAttributes: CK_BYTE_PTR, + pub ulRequestedAttributesLen: CK_ULONG, + pub pRequiredAttributes: CK_BYTE_PTR, + pub ulRequiredAttributesLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_CMS_SIG_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 52usize, + concat!("Size of: ", stringify!(CK_CMS_SIG_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_CMS_SIG_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).certificateHandle) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_CMS_SIG_PARAMS), + "::", + stringify!(certificateHandle) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSigningMechanism) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_CMS_SIG_PARAMS), + "::", + stringify!(pSigningMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pDigestMechanism) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_CMS_SIG_PARAMS), + "::", + stringify!(pDigestMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pContentType) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_CMS_SIG_PARAMS), + "::", + stringify!(pContentType) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pRequestedAttributes) as usize - ptr as usize }, + 28usize, + concat!( + "Offset of field: ", + stringify!(CK_CMS_SIG_PARAMS), + "::", + stringify!(pRequestedAttributes) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulRequestedAttributesLen) as usize - ptr as usize }, + 36usize, + concat!( + "Offset of field: ", + stringify!(CK_CMS_SIG_PARAMS), + "::", + stringify!(ulRequestedAttributesLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pRequiredAttributes) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_CMS_SIG_PARAMS), + "::", + stringify!(pRequiredAttributes) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulRequiredAttributesLen) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_CMS_SIG_PARAMS), + "::", + stringify!(ulRequiredAttributesLen) + ) + ); +} +impl Default for CK_CMS_SIG_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_CMS_SIG_PARAMS_PTR = *mut CK_CMS_SIG_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_KEY_DERIVATION_STRING_DATA { + pub pData: CK_BYTE_PTR, + pub ulLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_KEY_DERIVATION_STRING_DATA() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 12usize, + concat!("Size of: ", stringify!(CK_KEY_DERIVATION_STRING_DATA)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_KEY_DERIVATION_STRING_DATA)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pData) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_KEY_DERIVATION_STRING_DATA), + "::", + stringify!(pData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_KEY_DERIVATION_STRING_DATA), + "::", + stringify!(ulLen) + ) + ); +} +impl Default for CK_KEY_DERIVATION_STRING_DATA { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_KEY_DERIVATION_STRING_DATA_PTR = *mut CK_KEY_DERIVATION_STRING_DATA; +pub type CK_EXTRACT_PARAMS = CK_ULONG; +pub type CK_EXTRACT_PARAMS_PTR = *mut CK_EXTRACT_PARAMS; +pub type CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE = CK_ULONG; +pub type CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR = + *mut CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE; +pub type CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE = CK_ULONG; +pub type CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR = *mut CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_PKCS5_PBKD2_PARAMS { + pub saltSource: CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE, + pub pSaltSourceData: CK_VOID_PTR, + pub ulSaltSourceDataLen: CK_ULONG, + pub iterations: CK_ULONG, + pub prf: CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE, + pub pPrfData: CK_VOID_PTR, + pub ulPrfDataLen: CK_ULONG, + pub pPassword: CK_UTF8CHAR_PTR, + pub ulPasswordLen: CK_ULONG_PTR, +} +#[test] +fn bindgen_test_layout_CK_PKCS5_PBKD2_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 52usize, + concat!("Size of: ", stringify!(CK_PKCS5_PBKD2_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_PKCS5_PBKD2_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).saltSource) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS), + "::", + stringify!(saltSource) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSaltSourceData) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS), + "::", + stringify!(pSaltSourceData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSaltSourceDataLen) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS), + "::", + stringify!(ulSaltSourceDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).iterations) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS), + "::", + stringify!(iterations) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prf) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS), + "::", + stringify!(prf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPrfData) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS), + "::", + stringify!(pPrfData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPrfDataLen) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS), + "::", + stringify!(ulPrfDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPassword) as usize - ptr as usize }, + 36usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS), + "::", + stringify!(pPassword) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPasswordLen) as usize - ptr as usize }, + 44usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS), + "::", + stringify!(ulPasswordLen) + ) + ); +} +impl Default for CK_PKCS5_PBKD2_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_PKCS5_PBKD2_PARAMS_PTR = *mut CK_PKCS5_PBKD2_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_PKCS5_PBKD2_PARAMS2 { + pub saltSource: CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE, + pub pSaltSourceData: CK_VOID_PTR, + pub ulSaltSourceDataLen: CK_ULONG, + pub iterations: CK_ULONG, + pub prf: CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE, + pub pPrfData: CK_VOID_PTR, + pub ulPrfDataLen: CK_ULONG, + pub pPassword: CK_UTF8CHAR_PTR, + pub ulPasswordLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_PKCS5_PBKD2_PARAMS2() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 48usize, + concat!("Size of: ", stringify!(CK_PKCS5_PBKD2_PARAMS2)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_PKCS5_PBKD2_PARAMS2)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).saltSource) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS2), + "::", + stringify!(saltSource) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSaltSourceData) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS2), + "::", + stringify!(pSaltSourceData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSaltSourceDataLen) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS2), + "::", + stringify!(ulSaltSourceDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).iterations) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS2), + "::", + stringify!(iterations) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prf) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS2), + "::", + stringify!(prf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPrfData) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS2), + "::", + stringify!(pPrfData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPrfDataLen) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS2), + "::", + stringify!(ulPrfDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPassword) as usize - ptr as usize }, + 36usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS2), + "::", + stringify!(pPassword) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPasswordLen) as usize - ptr as usize }, + 44usize, + concat!( + "Offset of field: ", + stringify!(CK_PKCS5_PBKD2_PARAMS2), + "::", + stringify!(ulPasswordLen) + ) + ); +} +impl Default for CK_PKCS5_PBKD2_PARAMS2 { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_PKCS5_PBKD2_PARAMS2_PTR = *mut CK_PKCS5_PBKD2_PARAMS2; +pub type CK_OTP_PARAM_TYPE = CK_ULONG; +pub type CK_PARAM_TYPE = CK_OTP_PARAM_TYPE; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_OTP_PARAM { + pub type_: CK_OTP_PARAM_TYPE, + pub pValue: CK_VOID_PTR, + pub ulValueLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_OTP_PARAM() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 16usize, + concat!("Size of: ", stringify!(CK_OTP_PARAM)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_OTP_PARAM)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).type_) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_OTP_PARAM), + "::", + stringify!(type_) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pValue) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_OTP_PARAM), + "::", + stringify!(pValue) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulValueLen) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_OTP_PARAM), + "::", + stringify!(ulValueLen) + ) + ); +} +impl Default for CK_OTP_PARAM { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_OTP_PARAM_PTR = *mut CK_OTP_PARAM; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_OTP_PARAMS { + pub pParams: CK_OTP_PARAM_PTR, + pub ulCount: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_OTP_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 12usize, + concat!("Size of: ", stringify!(CK_OTP_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_OTP_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pParams) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_OTP_PARAMS), + "::", + stringify!(pParams) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulCount) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_OTP_PARAMS), + "::", + stringify!(ulCount) + ) + ); +} +impl Default for CK_OTP_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_OTP_PARAMS_PTR = *mut CK_OTP_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_OTP_SIGNATURE_INFO { + pub pParams: CK_OTP_PARAM_PTR, + pub ulCount: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_OTP_SIGNATURE_INFO() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 12usize, + concat!("Size of: ", stringify!(CK_OTP_SIGNATURE_INFO)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_OTP_SIGNATURE_INFO)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pParams) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_OTP_SIGNATURE_INFO), + "::", + stringify!(pParams) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulCount) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_OTP_SIGNATURE_INFO), + "::", + stringify!(ulCount) + ) + ); +} +impl Default for CK_OTP_SIGNATURE_INFO { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_OTP_SIGNATURE_INFO_PTR = *mut CK_OTP_SIGNATURE_INFO; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_KIP_PARAMS { + pub pMechanism: CK_MECHANISM_PTR, + pub hKey: CK_OBJECT_HANDLE, + pub pSeed: CK_BYTE_PTR, + pub ulSeedLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_KIP_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(CK_KIP_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_KIP_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pMechanism) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_KIP_PARAMS), + "::", + stringify!(pMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hKey) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_KIP_PARAMS), + "::", + stringify!(hKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSeed) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_KIP_PARAMS), + "::", + stringify!(pSeed) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSeedLen) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_KIP_PARAMS), + "::", + stringify!(ulSeedLen) + ) + ); +} +impl Default for CK_KIP_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_KIP_PARAMS_PTR = *mut CK_KIP_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_AES_CTR_PARAMS { + pub ulCounterBits: CK_ULONG, + pub cb: [CK_BYTE; 16usize], +} +#[test] +fn bindgen_test_layout_CK_AES_CTR_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 20usize, + concat!("Size of: ", stringify!(CK_AES_CTR_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_AES_CTR_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulCounterBits) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_CTR_PARAMS), + "::", + stringify!(ulCounterBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).cb) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_CTR_PARAMS), + "::", + stringify!(cb) + ) + ); +} +pub type CK_AES_CTR_PARAMS_PTR = *mut CK_AES_CTR_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_GCM_PARAMS { + pub pIv: CK_BYTE_PTR, + pub ulIvLen: CK_ULONG, + pub ulIvBits: CK_ULONG, + pub pAAD: CK_BYTE_PTR, + pub ulAADLen: CK_ULONG, + pub ulTagBits: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_GCM_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 32usize, + concat!("Size of: ", stringify!(CK_GCM_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_GCM_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pIv) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_GCM_PARAMS), + "::", + stringify!(pIv) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIvLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_GCM_PARAMS), + "::", + stringify!(ulIvLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIvBits) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_GCM_PARAMS), + "::", + stringify!(ulIvBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pAAD) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_GCM_PARAMS), + "::", + stringify!(pAAD) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulAADLen) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_GCM_PARAMS), + "::", + stringify!(ulAADLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulTagBits) as usize - ptr as usize }, + 28usize, + concat!( + "Offset of field: ", + stringify!(CK_GCM_PARAMS), + "::", + stringify!(ulTagBits) + ) + ); +} +impl Default for CK_GCM_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_GCM_PARAMS_PTR = *mut CK_GCM_PARAMS; +pub type CK_GENERATOR_FUNCTION = CK_ULONG; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_GCM_MESSAGE_PARAMS { + pub pIv: CK_BYTE_PTR, + pub ulIvLen: CK_ULONG, + pub ulIvFixedBits: CK_ULONG, + pub ivGenerator: CK_GENERATOR_FUNCTION, + pub pTag: CK_BYTE_PTR, + pub ulTagBits: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_GCM_MESSAGE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 32usize, + concat!("Size of: ", stringify!(CK_GCM_MESSAGE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_GCM_MESSAGE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pIv) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_GCM_MESSAGE_PARAMS), + "::", + stringify!(pIv) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIvLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_GCM_MESSAGE_PARAMS), + "::", + stringify!(ulIvLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIvFixedBits) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_GCM_MESSAGE_PARAMS), + "::", + stringify!(ulIvFixedBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ivGenerator) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_GCM_MESSAGE_PARAMS), + "::", + stringify!(ivGenerator) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pTag) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_GCM_MESSAGE_PARAMS), + "::", + stringify!(pTag) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulTagBits) as usize - ptr as usize }, + 28usize, + concat!( + "Offset of field: ", + stringify!(CK_GCM_MESSAGE_PARAMS), + "::", + stringify!(ulTagBits) + ) + ); +} +impl Default for CK_GCM_MESSAGE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_GCM_MESSAGE_PARAMS_PTR = *mut CK_GCM_MESSAGE_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_CCM_PARAMS { + pub ulDataLen: CK_ULONG, + pub pNonce: CK_BYTE_PTR, + pub ulNonceLen: CK_ULONG, + pub pAAD: CK_BYTE_PTR, + pub ulAADLen: CK_ULONG, + pub ulMACLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_CCM_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 32usize, + concat!("Size of: ", stringify!(CK_CCM_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_CCM_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulDataLen) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_PARAMS), + "::", + stringify!(ulDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pNonce) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_PARAMS), + "::", + stringify!(pNonce) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNonceLen) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_PARAMS), + "::", + stringify!(ulNonceLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pAAD) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_PARAMS), + "::", + stringify!(pAAD) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulAADLen) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_PARAMS), + "::", + stringify!(ulAADLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMACLen) as usize - ptr as usize }, + 28usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_PARAMS), + "::", + stringify!(ulMACLen) + ) + ); +} +impl Default for CK_CCM_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_CCM_PARAMS_PTR = *mut CK_CCM_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_CCM_MESSAGE_PARAMS { + pub ulDataLen: CK_ULONG, + pub pNonce: CK_BYTE_PTR, + pub ulNonceLen: CK_ULONG, + pub ulNonceFixedBits: CK_ULONG, + pub nonceGenerator: CK_GENERATOR_FUNCTION, + pub pMAC: CK_BYTE_PTR, + pub ulMACLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_CCM_MESSAGE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 36usize, + concat!("Size of: ", stringify!(CK_CCM_MESSAGE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_CCM_MESSAGE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulDataLen) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_MESSAGE_PARAMS), + "::", + stringify!(ulDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pNonce) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_MESSAGE_PARAMS), + "::", + stringify!(pNonce) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNonceLen) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_MESSAGE_PARAMS), + "::", + stringify!(ulNonceLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNonceFixedBits) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_MESSAGE_PARAMS), + "::", + stringify!(ulNonceFixedBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).nonceGenerator) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_MESSAGE_PARAMS), + "::", + stringify!(nonceGenerator) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pMAC) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_MESSAGE_PARAMS), + "::", + stringify!(pMAC) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMACLen) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_CCM_MESSAGE_PARAMS), + "::", + stringify!(ulMACLen) + ) + ); +} +impl Default for CK_CCM_MESSAGE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_CCM_MESSAGE_PARAMS_PTR = *mut CK_CCM_MESSAGE_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_AES_GCM_PARAMS { + pub pIv: CK_BYTE_PTR, + pub ulIvLen: CK_ULONG, + pub ulIvBits: CK_ULONG, + pub pAAD: CK_BYTE_PTR, + pub ulAADLen: CK_ULONG, + pub ulTagBits: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_AES_GCM_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 32usize, + concat!("Size of: ", stringify!(CK_AES_GCM_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_AES_GCM_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pIv) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_GCM_PARAMS), + "::", + stringify!(pIv) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIvLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_GCM_PARAMS), + "::", + stringify!(ulIvLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIvBits) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_GCM_PARAMS), + "::", + stringify!(ulIvBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pAAD) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_GCM_PARAMS), + "::", + stringify!(pAAD) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulAADLen) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_GCM_PARAMS), + "::", + stringify!(ulAADLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulTagBits) as usize - ptr as usize }, + 28usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_GCM_PARAMS), + "::", + stringify!(ulTagBits) + ) + ); +} +impl Default for CK_AES_GCM_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_AES_GCM_PARAMS_PTR = *mut CK_AES_GCM_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_AES_CCM_PARAMS { + pub ulDataLen: CK_ULONG, + pub pNonce: CK_BYTE_PTR, + pub ulNonceLen: CK_ULONG, + pub pAAD: CK_BYTE_PTR, + pub ulAADLen: CK_ULONG, + pub ulMACLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_AES_CCM_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 32usize, + concat!("Size of: ", stringify!(CK_AES_CCM_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_AES_CCM_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulDataLen) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_CCM_PARAMS), + "::", + stringify!(ulDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pNonce) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_CCM_PARAMS), + "::", + stringify!(pNonce) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNonceLen) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_CCM_PARAMS), + "::", + stringify!(ulNonceLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pAAD) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_CCM_PARAMS), + "::", + stringify!(pAAD) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulAADLen) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_CCM_PARAMS), + "::", + stringify!(ulAADLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMACLen) as usize - ptr as usize }, + 28usize, + concat!( + "Offset of field: ", + stringify!(CK_AES_CCM_PARAMS), + "::", + stringify!(ulMACLen) + ) + ); +} +impl Default for CK_AES_CCM_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_AES_CCM_PARAMS_PTR = *mut CK_AES_CCM_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_CAMELLIA_CTR_PARAMS { + pub ulCounterBits: CK_ULONG, + pub cb: [CK_BYTE; 16usize], +} +#[test] +fn bindgen_test_layout_CK_CAMELLIA_CTR_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 20usize, + concat!("Size of: ", stringify!(CK_CAMELLIA_CTR_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_CAMELLIA_CTR_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulCounterBits) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_CAMELLIA_CTR_PARAMS), + "::", + stringify!(ulCounterBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).cb) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_CAMELLIA_CTR_PARAMS), + "::", + stringify!(cb) + ) + ); +} +pub type CK_CAMELLIA_CTR_PARAMS_PTR = *mut CK_CAMELLIA_CTR_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS { + pub iv: [CK_BYTE; 16usize], + pub pData: CK_BYTE_PTR, + pub length: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 28usize, + concat!("Size of: ", stringify!(CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!( + "Alignment of ", + stringify!(CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).iv) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(iv) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pData) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(pData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).length) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(length) + ) + ); +} +impl Default for CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR = *mut CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS { + pub iv: [CK_BYTE; 16usize], + pub pData: CK_BYTE_PTR, + pub length: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_ARIA_CBC_ENCRYPT_DATA_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 28usize, + concat!("Size of: ", stringify!(CK_ARIA_CBC_ENCRYPT_DATA_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_ARIA_CBC_ENCRYPT_DATA_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).iv) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_ARIA_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(iv) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pData) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_ARIA_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(pData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).length) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_ARIA_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(length) + ) + ); +} +impl Default for CK_ARIA_CBC_ENCRYPT_DATA_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR = *mut CK_ARIA_CBC_ENCRYPT_DATA_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_DSA_PARAMETER_GEN_PARAM { + pub hash: CK_MECHANISM_TYPE, + pub pSeed: CK_BYTE_PTR, + pub ulSeedLen: CK_ULONG, + pub ulIndex: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_DSA_PARAMETER_GEN_PARAM() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 20usize, + concat!("Size of: ", stringify!(CK_DSA_PARAMETER_GEN_PARAM)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_DSA_PARAMETER_GEN_PARAM)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hash) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_DSA_PARAMETER_GEN_PARAM), + "::", + stringify!(hash) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSeed) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_DSA_PARAMETER_GEN_PARAM), + "::", + stringify!(pSeed) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSeedLen) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_DSA_PARAMETER_GEN_PARAM), + "::", + stringify!(ulSeedLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIndex) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_DSA_PARAMETER_GEN_PARAM), + "::", + stringify!(ulIndex) + ) + ); +} +impl Default for CK_DSA_PARAMETER_GEN_PARAM { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_DSA_PARAMETER_GEN_PARAM_PTR = *mut CK_DSA_PARAMETER_GEN_PARAM; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_ECDH_AES_KEY_WRAP_PARAMS { + pub ulAESKeyBits: CK_ULONG, + pub kdf: CK_EC_KDF_TYPE, + pub ulSharedDataLen: CK_ULONG, + pub pSharedData: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_ECDH_AES_KEY_WRAP_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 20usize, + concat!("Size of: ", stringify!(CK_ECDH_AES_KEY_WRAP_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_ECDH_AES_KEY_WRAP_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulAESKeyBits) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH_AES_KEY_WRAP_PARAMS), + "::", + stringify!(ulAESKeyBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).kdf) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH_AES_KEY_WRAP_PARAMS), + "::", + stringify!(kdf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSharedDataLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH_AES_KEY_WRAP_PARAMS), + "::", + stringify!(ulSharedDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSharedData) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_ECDH_AES_KEY_WRAP_PARAMS), + "::", + stringify!(pSharedData) + ) + ); +} +impl Default for CK_ECDH_AES_KEY_WRAP_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_ECDH_AES_KEY_WRAP_PARAMS_PTR = *mut CK_ECDH_AES_KEY_WRAP_PARAMS; +pub type CK_JAVA_MIDP_SECURITY_DOMAIN = CK_ULONG; +pub type CK_CERTIFICATE_CATEGORY = CK_ULONG; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_RSA_AES_KEY_WRAP_PARAMS { + pub ulAESKeyBits: CK_ULONG, + pub pOAEPParams: CK_RSA_PKCS_OAEP_PARAMS_PTR, +} +#[test] +fn bindgen_test_layout_CK_RSA_AES_KEY_WRAP_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 12usize, + concat!("Size of: ", stringify!(CK_RSA_AES_KEY_WRAP_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_RSA_AES_KEY_WRAP_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulAESKeyBits) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_RSA_AES_KEY_WRAP_PARAMS), + "::", + stringify!(ulAESKeyBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOAEPParams) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_RSA_AES_KEY_WRAP_PARAMS), + "::", + stringify!(pOAEPParams) + ) + ); +} +impl Default for CK_RSA_AES_KEY_WRAP_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_RSA_AES_KEY_WRAP_PARAMS_PTR = *mut CK_RSA_AES_KEY_WRAP_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS { + pub RandomInfo: CK_SSL3_RANDOM_DATA, + pub pVersion: CK_VERSION_PTR, + pub prfHashMechanism: CK_MECHANISM_TYPE, +} +#[test] +fn bindgen_test_layout_CK_TLS12_MASTER_KEY_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 36usize, + concat!("Size of: ", stringify!(CK_TLS12_MASTER_KEY_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!( + "Alignment of ", + stringify!(CK_TLS12_MASTER_KEY_DERIVE_PARAMS) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).RandomInfo) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS12_MASTER_KEY_DERIVE_PARAMS), + "::", + stringify!(RandomInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pVersion) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS12_MASTER_KEY_DERIVE_PARAMS), + "::", + stringify!(pVersion) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prfHashMechanism) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS12_MASTER_KEY_DERIVE_PARAMS), + "::", + stringify!(prfHashMechanism) + ) + ); +} +impl Default for CK_TLS12_MASTER_KEY_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR = *mut CK_TLS12_MASTER_KEY_DERIVE_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_TLS12_KEY_MAT_PARAMS { + pub ulMacSizeInBits: CK_ULONG, + pub ulKeySizeInBits: CK_ULONG, + pub ulIVSizeInBits: CK_ULONG, + pub bIsExport: CK_BBOOL, + pub RandomInfo: CK_SSL3_RANDOM_DATA, + pub pReturnedKeyMaterial: CK_SSL3_KEY_MAT_OUT_PTR, + pub prfHashMechanism: CK_MECHANISM_TYPE, +} +#[test] +fn bindgen_test_layout_CK_TLS12_KEY_MAT_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 49usize, + concat!("Size of: ", stringify!(CK_TLS12_KEY_MAT_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_TLS12_KEY_MAT_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMacSizeInBits) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS12_KEY_MAT_PARAMS), + "::", + stringify!(ulMacSizeInBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulKeySizeInBits) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS12_KEY_MAT_PARAMS), + "::", + stringify!(ulKeySizeInBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIVSizeInBits) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS12_KEY_MAT_PARAMS), + "::", + stringify!(ulIVSizeInBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bIsExport) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS12_KEY_MAT_PARAMS), + "::", + stringify!(bIsExport) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).RandomInfo) as usize - ptr as usize }, + 13usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS12_KEY_MAT_PARAMS), + "::", + stringify!(RandomInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pReturnedKeyMaterial) as usize - ptr as usize }, + 37usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS12_KEY_MAT_PARAMS), + "::", + stringify!(pReturnedKeyMaterial) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prfHashMechanism) as usize - ptr as usize }, + 45usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS12_KEY_MAT_PARAMS), + "::", + stringify!(prfHashMechanism) + ) + ); +} +impl Default for CK_TLS12_KEY_MAT_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_TLS12_KEY_MAT_PARAMS_PTR = *mut CK_TLS12_KEY_MAT_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_TLS_KDF_PARAMS { + pub prfMechanism: CK_MECHANISM_TYPE, + pub pLabel: CK_BYTE_PTR, + pub ulLabelLength: CK_ULONG, + pub RandomInfo: CK_SSL3_RANDOM_DATA, + pub pContextData: CK_BYTE_PTR, + pub ulContextDataLength: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_TLS_KDF_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 52usize, + concat!("Size of: ", stringify!(CK_TLS_KDF_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_TLS_KDF_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prfMechanism) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_KDF_PARAMS), + "::", + stringify!(prfMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pLabel) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_KDF_PARAMS), + "::", + stringify!(pLabel) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulLabelLength) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_KDF_PARAMS), + "::", + stringify!(ulLabelLength) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).RandomInfo) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_KDF_PARAMS), + "::", + stringify!(RandomInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pContextData) as usize - ptr as usize }, + 40usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_KDF_PARAMS), + "::", + stringify!(pContextData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulContextDataLength) as usize - ptr as usize }, + 48usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_KDF_PARAMS), + "::", + stringify!(ulContextDataLength) + ) + ); +} +impl Default for CK_TLS_KDF_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_TLS_KDF_PARAMS_PTR = *mut CK_TLS_KDF_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_TLS_MAC_PARAMS { + pub prfHashMechanism: CK_MECHANISM_TYPE, + pub ulMacLength: CK_ULONG, + pub ulServerOrClient: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_TLS_MAC_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 12usize, + concat!("Size of: ", stringify!(CK_TLS_MAC_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_TLS_MAC_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prfHashMechanism) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_MAC_PARAMS), + "::", + stringify!(prfHashMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulMacLength) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_MAC_PARAMS), + "::", + stringify!(ulMacLength) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulServerOrClient) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_TLS_MAC_PARAMS), + "::", + stringify!(ulServerOrClient) + ) + ); +} +pub type CK_TLS_MAC_PARAMS_PTR = *mut CK_TLS_MAC_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_GOSTR3410_DERIVE_PARAMS { + pub kdf: CK_EC_KDF_TYPE, + pub pPublicData: CK_BYTE_PTR, + pub ulPublicDataLen: CK_ULONG, + pub pUKM: CK_BYTE_PTR, + pub ulUKMLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_GOSTR3410_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 28usize, + concat!("Size of: ", stringify!(CK_GOSTR3410_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_GOSTR3410_DERIVE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).kdf) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_GOSTR3410_DERIVE_PARAMS), + "::", + stringify!(kdf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPublicData) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_GOSTR3410_DERIVE_PARAMS), + "::", + stringify!(pPublicData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulPublicDataLen) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_GOSTR3410_DERIVE_PARAMS), + "::", + stringify!(ulPublicDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pUKM) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_GOSTR3410_DERIVE_PARAMS), + "::", + stringify!(pUKM) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulUKMLen) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_GOSTR3410_DERIVE_PARAMS), + "::", + stringify!(ulUKMLen) + ) + ); +} +impl Default for CK_GOSTR3410_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_GOSTR3410_DERIVE_PARAMS_PTR = *mut CK_GOSTR3410_DERIVE_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_GOSTR3410_KEY_WRAP_PARAMS { + pub pWrapOID: CK_BYTE_PTR, + pub ulWrapOIDLen: CK_ULONG, + pub pUKM: CK_BYTE_PTR, + pub ulUKMLen: CK_ULONG, + pub hKey: CK_OBJECT_HANDLE, +} +#[test] +fn bindgen_test_layout_CK_GOSTR3410_KEY_WRAP_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 28usize, + concat!("Size of: ", stringify!(CK_GOSTR3410_KEY_WRAP_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_GOSTR3410_KEY_WRAP_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pWrapOID) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_GOSTR3410_KEY_WRAP_PARAMS), + "::", + stringify!(pWrapOID) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulWrapOIDLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_GOSTR3410_KEY_WRAP_PARAMS), + "::", + stringify!(ulWrapOIDLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pUKM) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_GOSTR3410_KEY_WRAP_PARAMS), + "::", + stringify!(pUKM) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulUKMLen) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_GOSTR3410_KEY_WRAP_PARAMS), + "::", + stringify!(ulUKMLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hKey) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_GOSTR3410_KEY_WRAP_PARAMS), + "::", + stringify!(hKey) + ) + ); +} +impl Default for CK_GOSTR3410_KEY_WRAP_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_GOSTR3410_KEY_WRAP_PARAMS_PTR = *mut CK_GOSTR3410_KEY_WRAP_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SEED_CBC_ENCRYPT_DATA_PARAMS { + pub iv: [CK_BYTE; 16usize], + pub pData: CK_BYTE_PTR, + pub length: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_SEED_CBC_ENCRYPT_DATA_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 28usize, + concat!("Size of: ", stringify!(CK_SEED_CBC_ENCRYPT_DATA_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_SEED_CBC_ENCRYPT_DATA_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).iv) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SEED_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(iv) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pData) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_SEED_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(pData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).length) as usize - ptr as usize }, + 24usize, + concat!( + "Offset of field: ", + stringify!(CK_SEED_CBC_ENCRYPT_DATA_PARAMS), + "::", + stringify!(length) + ) + ); +} +impl Default for CK_SEED_CBC_ENCRYPT_DATA_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_SEED_CBC_ENCRYPT_DATA_PARAMS_PTR = *mut CK_SEED_CBC_ENCRYPT_DATA_PARAMS; +pub type CK_PROFILE_ID = CK_ULONG; +pub type CK_PROFILE_ID_PTR = *mut CK_PROFILE_ID; +pub type CK_PRF_DATA_TYPE = CK_ULONG; +pub type CK_SP800_108_PRF_TYPE = CK_MECHANISM_TYPE; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_PRF_DATA_PARAM { + pub type_: CK_PRF_DATA_TYPE, + pub pValue: CK_VOID_PTR, + pub ulValueLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_PRF_DATA_PARAM() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 16usize, + concat!("Size of: ", stringify!(CK_PRF_DATA_PARAM)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_PRF_DATA_PARAM)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).type_) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_PRF_DATA_PARAM), + "::", + stringify!(type_) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pValue) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_PRF_DATA_PARAM), + "::", + stringify!(pValue) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulValueLen) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_PRF_DATA_PARAM), + "::", + stringify!(ulValueLen) + ) + ); +} +impl Default for CK_PRF_DATA_PARAM { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_PRF_DATA_PARAM_PTR = *mut CK_PRF_DATA_PARAM; +#[repr(C, packed)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_SP800_108_COUNTER_FORMAT { + pub bLittleEndian: CK_BBOOL, + pub ulWidthInBits: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_SP800_108_COUNTER_FORMAT() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 5usize, + concat!("Size of: ", stringify!(CK_SP800_108_COUNTER_FORMAT)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_SP800_108_COUNTER_FORMAT)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bLittleEndian) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_COUNTER_FORMAT), + "::", + stringify!(bLittleEndian) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulWidthInBits) as usize - ptr as usize }, + 1usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_COUNTER_FORMAT), + "::", + stringify!(ulWidthInBits) + ) + ); +} +pub type CK_SP800_108_COUNTER_FORMAT_PTR = *mut CK_SP800_108_COUNTER_FORMAT; +pub type CK_SP800_108_DKM_LENGTH_METHOD = CK_ULONG; +#[repr(C, packed)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_SP800_108_DKM_LENGTH_FORMAT { + pub dkmLengthMethod: CK_SP800_108_DKM_LENGTH_METHOD, + pub bLittleEndian: CK_BBOOL, + pub ulWidthInBits: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_SP800_108_DKM_LENGTH_FORMAT() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 9usize, + concat!("Size of: ", stringify!(CK_SP800_108_DKM_LENGTH_FORMAT)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_SP800_108_DKM_LENGTH_FORMAT)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).dkmLengthMethod) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_DKM_LENGTH_FORMAT), + "::", + stringify!(dkmLengthMethod) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bLittleEndian) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_DKM_LENGTH_FORMAT), + "::", + stringify!(bLittleEndian) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulWidthInBits) as usize - ptr as usize }, + 5usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_DKM_LENGTH_FORMAT), + "::", + stringify!(ulWidthInBits) + ) + ); +} +pub type CK_SP800_108_DKM_LENGTH_FORMAT_PTR = *mut CK_SP800_108_DKM_LENGTH_FORMAT; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_DERIVED_KEY { + pub pTemplate: CK_ATTRIBUTE_PTR, + pub ulAttributeCount: CK_ULONG, + pub phKey: CK_OBJECT_HANDLE_PTR, +} +#[test] +fn bindgen_test_layout_CK_DERIVED_KEY() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 20usize, + concat!("Size of: ", stringify!(CK_DERIVED_KEY)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_DERIVED_KEY)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pTemplate) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_DERIVED_KEY), + "::", + stringify!(pTemplate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulAttributeCount) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_DERIVED_KEY), + "::", + stringify!(ulAttributeCount) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).phKey) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_DERIVED_KEY), + "::", + stringify!(phKey) + ) + ); +} +impl Default for CK_DERIVED_KEY { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_DERIVED_KEY_PTR = *mut CK_DERIVED_KEY; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SP800_108_KDF_PARAMS { + pub prfType: CK_SP800_108_PRF_TYPE, + pub ulNumberOfDataParams: CK_ULONG, + pub pDataParams: CK_PRF_DATA_PARAM_PTR, + pub ulAdditionalDerivedKeys: CK_ULONG, + pub pAdditionalDerivedKeys: CK_DERIVED_KEY_PTR, +} +#[test] +fn bindgen_test_layout_CK_SP800_108_KDF_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 28usize, + concat!("Size of: ", stringify!(CK_SP800_108_KDF_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_SP800_108_KDF_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prfType) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_KDF_PARAMS), + "::", + stringify!(prfType) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNumberOfDataParams) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_KDF_PARAMS), + "::", + stringify!(ulNumberOfDataParams) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pDataParams) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_KDF_PARAMS), + "::", + stringify!(pDataParams) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulAdditionalDerivedKeys) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_KDF_PARAMS), + "::", + stringify!(ulAdditionalDerivedKeys) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pAdditionalDerivedKeys) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_KDF_PARAMS), + "::", + stringify!(pAdditionalDerivedKeys) + ) + ); +} +impl Default for CK_SP800_108_KDF_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_SP800_108_KDF_PARAMS_PTR = *mut CK_SP800_108_KDF_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SP800_108_FEEDBACK_KDF_PARAMS { + pub prfType: CK_SP800_108_PRF_TYPE, + pub ulNumberOfDataParams: CK_ULONG, + pub pDataParams: CK_PRF_DATA_PARAM_PTR, + pub ulIVLen: CK_ULONG, + pub pIV: CK_BYTE_PTR, + pub ulAdditionalDerivedKeys: CK_ULONG, + pub pAdditionalDerivedKeys: CK_DERIVED_KEY_PTR, +} +#[test] +fn bindgen_test_layout_CK_SP800_108_FEEDBACK_KDF_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 40usize, + concat!("Size of: ", stringify!(CK_SP800_108_FEEDBACK_KDF_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!( + "Alignment of ", + stringify!(CK_SP800_108_FEEDBACK_KDF_PARAMS) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prfType) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_FEEDBACK_KDF_PARAMS), + "::", + stringify!(prfType) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNumberOfDataParams) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_FEEDBACK_KDF_PARAMS), + "::", + stringify!(ulNumberOfDataParams) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pDataParams) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_FEEDBACK_KDF_PARAMS), + "::", + stringify!(pDataParams) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulIVLen) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_FEEDBACK_KDF_PARAMS), + "::", + stringify!(ulIVLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pIV) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_FEEDBACK_KDF_PARAMS), + "::", + stringify!(pIV) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulAdditionalDerivedKeys) as usize - ptr as usize }, + 28usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_FEEDBACK_KDF_PARAMS), + "::", + stringify!(ulAdditionalDerivedKeys) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pAdditionalDerivedKeys) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_SP800_108_FEEDBACK_KDF_PARAMS), + "::", + stringify!(pAdditionalDerivedKeys) + ) + ); +} +impl Default for CK_SP800_108_FEEDBACK_KDF_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_SP800_108_FEEDBACK_KDF_PARAMS_PTR = *mut CK_SP800_108_FEEDBACK_KDF_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_EDDSA_PARAMS { + pub phFlag: CK_BBOOL, + pub ulContextDataLen: CK_ULONG, + pub pContextData: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_EDDSA_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 13usize, + concat!("Size of: ", stringify!(CK_EDDSA_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_EDDSA_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).phFlag) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_EDDSA_PARAMS), + "::", + stringify!(phFlag) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulContextDataLen) as usize - ptr as usize }, + 1usize, + concat!( + "Offset of field: ", + stringify!(CK_EDDSA_PARAMS), + "::", + stringify!(ulContextDataLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pContextData) as usize - ptr as usize }, + 5usize, + concat!( + "Offset of field: ", + stringify!(CK_EDDSA_PARAMS), + "::", + stringify!(pContextData) + ) + ); +} +impl Default for CK_EDDSA_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_EDDSA_PARAMS_PTR = *mut CK_EDDSA_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_CHACHA20_PARAMS { + pub pBlockCounter: CK_BYTE_PTR, + pub blockCounterBits: CK_ULONG, + pub pNonce: CK_BYTE_PTR, + pub ulNonceBits: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_CHACHA20_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(CK_CHACHA20_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_CHACHA20_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pBlockCounter) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_CHACHA20_PARAMS), + "::", + stringify!(pBlockCounter) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).blockCounterBits) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_CHACHA20_PARAMS), + "::", + stringify!(blockCounterBits) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pNonce) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_CHACHA20_PARAMS), + "::", + stringify!(pNonce) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNonceBits) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_CHACHA20_PARAMS), + "::", + stringify!(ulNonceBits) + ) + ); +} +impl Default for CK_CHACHA20_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_CHACHA20_PARAMS_PTR = *mut CK_CHACHA20_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SALSA20_PARAMS { + pub pBlockCounter: CK_BYTE_PTR, + pub pNonce: CK_BYTE_PTR, + pub ulNonceBits: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_SALSA20_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 20usize, + concat!("Size of: ", stringify!(CK_SALSA20_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_SALSA20_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pBlockCounter) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SALSA20_PARAMS), + "::", + stringify!(pBlockCounter) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pNonce) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_SALSA20_PARAMS), + "::", + stringify!(pNonce) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNonceBits) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_SALSA20_PARAMS), + "::", + stringify!(ulNonceBits) + ) + ); +} +impl Default for CK_SALSA20_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_SALSA20_PARAMS_PTR = *mut CK_SALSA20_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SALSA20_CHACHA20_POLY1305_PARAMS { + pub pNonce: CK_BYTE_PTR, + pub ulNonceLen: CK_ULONG, + pub pAAD: CK_BYTE_PTR, + pub ulAADLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_SALSA20_CHACHA20_POLY1305_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 24usize, + concat!("Size of: ", stringify!(CK_SALSA20_CHACHA20_POLY1305_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!( + "Alignment of ", + stringify!(CK_SALSA20_CHACHA20_POLY1305_PARAMS) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pNonce) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SALSA20_CHACHA20_POLY1305_PARAMS), + "::", + stringify!(pNonce) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNonceLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_SALSA20_CHACHA20_POLY1305_PARAMS), + "::", + stringify!(ulNonceLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pAAD) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_SALSA20_CHACHA20_POLY1305_PARAMS), + "::", + stringify!(pAAD) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulAADLen) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_SALSA20_CHACHA20_POLY1305_PARAMS), + "::", + stringify!(ulAADLen) + ) + ); +} +impl Default for CK_SALSA20_CHACHA20_POLY1305_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_SALSA20_CHACHA20_POLY1305_PARAMS_PTR = *mut CK_SALSA20_CHACHA20_POLY1305_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS { + pub pNonce: CK_BYTE_PTR, + pub ulNonceLen: CK_ULONG, + pub pTag: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 20usize, + concat!( + "Size of: ", + stringify!(CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS) + ) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!( + "Alignment of ", + stringify!(CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pNonce) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS), + "::", + stringify!(pNonce) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNonceLen) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS), + "::", + stringify!(ulNonceLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pTag) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS), + "::", + stringify!(pTag) + ) + ); +} +impl Default for CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS_PTR = *mut CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS; +pub type CK_X3DH_KDF_TYPE = CK_ULONG; +pub type CK_X3DH_KDF_TYPE_PTR = *mut CK_X3DH_KDF_TYPE; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_X3DH_INITIATE_PARAMS { + pub kdf: CK_X3DH_KDF_TYPE, + pub pPeer_identity: CK_OBJECT_HANDLE, + pub pPeer_prekey: CK_OBJECT_HANDLE, + pub pPrekey_signature: CK_BYTE_PTR, + pub pOnetime_key: CK_BYTE_PTR, + pub pOwn_identity: CK_OBJECT_HANDLE, + pub pOwn_ephemeral: CK_OBJECT_HANDLE, +} +#[test] +fn bindgen_test_layout_CK_X3DH_INITIATE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 36usize, + concat!("Size of: ", stringify!(CK_X3DH_INITIATE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_X3DH_INITIATE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).kdf) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_INITIATE_PARAMS), + "::", + stringify!(kdf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPeer_identity) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_INITIATE_PARAMS), + "::", + stringify!(pPeer_identity) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPeer_prekey) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_INITIATE_PARAMS), + "::", + stringify!(pPeer_prekey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPrekey_signature) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_INITIATE_PARAMS), + "::", + stringify!(pPrekey_signature) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOnetime_key) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_INITIATE_PARAMS), + "::", + stringify!(pOnetime_key) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOwn_identity) as usize - ptr as usize }, + 28usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_INITIATE_PARAMS), + "::", + stringify!(pOwn_identity) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOwn_ephemeral) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_INITIATE_PARAMS), + "::", + stringify!(pOwn_ephemeral) + ) + ); +} +impl Default for CK_X3DH_INITIATE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_X3DH_RESPOND_PARAMS { + pub kdf: CK_X3DH_KDF_TYPE, + pub pIdentity_id: CK_BYTE_PTR, + pub pPrekey_id: CK_BYTE_PTR, + pub pOnetime_id: CK_BYTE_PTR, + pub pInitiator_identity: CK_OBJECT_HANDLE, + pub pInitiator_ephemeral: CK_BYTE_PTR, +} +#[test] +fn bindgen_test_layout_CK_X3DH_RESPOND_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 40usize, + concat!("Size of: ", stringify!(CK_X3DH_RESPOND_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_X3DH_RESPOND_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).kdf) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_RESPOND_PARAMS), + "::", + stringify!(kdf) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pIdentity_id) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_RESPOND_PARAMS), + "::", + stringify!(pIdentity_id) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pPrekey_id) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_RESPOND_PARAMS), + "::", + stringify!(pPrekey_id) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pOnetime_id) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_RESPOND_PARAMS), + "::", + stringify!(pOnetime_id) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pInitiator_identity) as usize - ptr as usize }, + 28usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_RESPOND_PARAMS), + "::", + stringify!(pInitiator_identity) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pInitiator_ephemeral) as usize - ptr as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(CK_X3DH_RESPOND_PARAMS), + "::", + stringify!(pInitiator_ephemeral) + ) + ); +} +impl Default for CK_X3DH_RESPOND_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_X2RATCHET_KDF_TYPE = CK_ULONG; +pub type CK_X2RATCHET_KDF_TYPE_PTR = *mut CK_X2RATCHET_KDF_TYPE; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_X2RATCHET_INITIALIZE_PARAMS { + pub sk: CK_BYTE_PTR, + pub peer_public_prekey: CK_OBJECT_HANDLE, + pub peer_public_identity: CK_OBJECT_HANDLE, + pub own_public_identity: CK_OBJECT_HANDLE, + pub bEncryptedHeader: CK_BBOOL, + pub eCurve: CK_ULONG, + pub aeadMechanism: CK_MECHANISM_TYPE, + pub kdfMechanism: CK_X2RATCHET_KDF_TYPE, +} +#[test] +fn bindgen_test_layout_CK_X2RATCHET_INITIALIZE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 33usize, + concat!("Size of: ", stringify!(CK_X2RATCHET_INITIALIZE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_X2RATCHET_INITIALIZE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).sk) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_INITIALIZE_PARAMS), + "::", + stringify!(sk) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).peer_public_prekey) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_INITIALIZE_PARAMS), + "::", + stringify!(peer_public_prekey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).peer_public_identity) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_INITIALIZE_PARAMS), + "::", + stringify!(peer_public_identity) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).own_public_identity) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_INITIALIZE_PARAMS), + "::", + stringify!(own_public_identity) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bEncryptedHeader) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_INITIALIZE_PARAMS), + "::", + stringify!(bEncryptedHeader) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).eCurve) as usize - ptr as usize }, + 21usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_INITIALIZE_PARAMS), + "::", + stringify!(eCurve) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).aeadMechanism) as usize - ptr as usize }, + 25usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_INITIALIZE_PARAMS), + "::", + stringify!(aeadMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).kdfMechanism) as usize - ptr as usize }, + 29usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_INITIALIZE_PARAMS), + "::", + stringify!(kdfMechanism) + ) + ); +} +impl Default for CK_X2RATCHET_INITIALIZE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_X2RATCHET_INITIALIZE_PARAMS_PTR = *mut CK_X2RATCHET_INITIALIZE_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_X2RATCHET_RESPOND_PARAMS { + pub sk: CK_BYTE_PTR, + pub own_prekey: CK_OBJECT_HANDLE, + pub initiator_identity: CK_OBJECT_HANDLE, + pub own_public_identity: CK_OBJECT_HANDLE, + pub bEncryptedHeader: CK_BBOOL, + pub eCurve: CK_ULONG, + pub aeadMechanism: CK_MECHANISM_TYPE, + pub kdfMechanism: CK_X2RATCHET_KDF_TYPE, +} +#[test] +fn bindgen_test_layout_CK_X2RATCHET_RESPOND_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 33usize, + concat!("Size of: ", stringify!(CK_X2RATCHET_RESPOND_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_X2RATCHET_RESPOND_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).sk) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_RESPOND_PARAMS), + "::", + stringify!(sk) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).own_prekey) as usize - ptr as usize }, + 8usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_RESPOND_PARAMS), + "::", + stringify!(own_prekey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).initiator_identity) as usize - ptr as usize }, + 12usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_RESPOND_PARAMS), + "::", + stringify!(initiator_identity) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).own_public_identity) as usize - ptr as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_RESPOND_PARAMS), + "::", + stringify!(own_public_identity) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bEncryptedHeader) as usize - ptr as usize }, + 20usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_RESPOND_PARAMS), + "::", + stringify!(bEncryptedHeader) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).eCurve) as usize - ptr as usize }, + 21usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_RESPOND_PARAMS), + "::", + stringify!(eCurve) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).aeadMechanism) as usize - ptr as usize }, + 25usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_RESPOND_PARAMS), + "::", + stringify!(aeadMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).kdfMechanism) as usize - ptr as usize }, + 29usize, + concat!( + "Offset of field: ", + stringify!(CK_X2RATCHET_RESPOND_PARAMS), + "::", + stringify!(kdfMechanism) + ) + ); +} +impl Default for CK_X2RATCHET_RESPOND_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_X2RATCHET_RESPOND_PARAMS_PTR = *mut CK_X2RATCHET_RESPOND_PARAMS; +pub type CK_XEDDSA_HASH_TYPE = CK_ULONG; +pub type CK_XEDDSA_HASH_TYPE_PTR = *mut CK_XEDDSA_HASH_TYPE; +#[repr(C, packed)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_XEDDSA_PARAMS { + pub hash: CK_XEDDSA_HASH_TYPE, +} +#[test] +fn bindgen_test_layout_CK_XEDDSA_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 4usize, + concat!("Size of: ", stringify!(CK_XEDDSA_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_XEDDSA_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hash) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_XEDDSA_PARAMS), + "::", + stringify!(hash) + ) + ); +} +pub type CK_XEDDSA_PARAMS_PTR = *mut CK_XEDDSA_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_HKDF_PARAMS { + pub bExtract: CK_BBOOL, + pub bExpand: CK_BBOOL, + pub prfHashMechanism: CK_MECHANISM_TYPE, + pub ulSaltType: CK_ULONG, + pub pSalt: CK_BYTE_PTR, + pub ulSaltLen: CK_ULONG, + pub hSaltKey: CK_OBJECT_HANDLE, + pub pInfo: CK_BYTE_PTR, + pub ulInfoLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_HKDF_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 38usize, + concat!("Size of: ", stringify!(CK_HKDF_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_HKDF_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bExtract) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_HKDF_PARAMS), + "::", + stringify!(bExtract) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bExpand) as usize - ptr as usize }, + 1usize, + concat!( + "Offset of field: ", + stringify!(CK_HKDF_PARAMS), + "::", + stringify!(bExpand) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prfHashMechanism) as usize - ptr as usize }, + 2usize, + concat!( + "Offset of field: ", + stringify!(CK_HKDF_PARAMS), + "::", + stringify!(prfHashMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSaltType) as usize - ptr as usize }, + 6usize, + concat!( + "Offset of field: ", + stringify!(CK_HKDF_PARAMS), + "::", + stringify!(ulSaltType) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSalt) as usize - ptr as usize }, + 10usize, + concat!( + "Offset of field: ", + stringify!(CK_HKDF_PARAMS), + "::", + stringify!(pSalt) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSaltLen) as usize - ptr as usize }, + 18usize, + concat!( + "Offset of field: ", + stringify!(CK_HKDF_PARAMS), + "::", + stringify!(ulSaltLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hSaltKey) as usize - ptr as usize }, + 22usize, + concat!( + "Offset of field: ", + stringify!(CK_HKDF_PARAMS), + "::", + stringify!(hSaltKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pInfo) as usize - ptr as usize }, + 26usize, + concat!( + "Offset of field: ", + stringify!(CK_HKDF_PARAMS), + "::", + stringify!(pInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulInfoLen) as usize - ptr as usize }, + 34usize, + concat!( + "Offset of field: ", + stringify!(CK_HKDF_PARAMS), + "::", + stringify!(ulInfoLen) + ) + ); +} +impl Default for CK_HKDF_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_HKDF_PARAMS_PTR = *mut CK_HKDF_PARAMS; +pub type CK_HSS_LEVELS = CK_ULONG; +pub type CK_LMS_TYPE = CK_ULONG; +pub type CK_LMOTS_TYPE = CK_ULONG; +#[repr(C, packed)] +#[derive(Debug, Default, Copy, Clone)] +pub struct specifiedParams { + pub levels: CK_HSS_LEVELS, + pub lm_type: [CK_LMS_TYPE; 8usize], + pub lm_ots_type: [CK_LMOTS_TYPE; 8usize], +} +#[test] +fn bindgen_test_layout_specifiedParams() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 68usize, + concat!("Size of: ", stringify!(specifiedParams)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(specifiedParams)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).levels) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(specifiedParams), + "::", + stringify!(levels) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).lm_type) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(specifiedParams), + "::", + stringify!(lm_type) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).lm_ots_type) as usize - ptr as usize }, + 36usize, + concat!( + "Offset of field: ", + stringify!(specifiedParams), + "::", + stringify!(lm_ots_type) + ) + ); +} +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_IKE2_PRF_PLUS_DERIVE_PARAMS { + pub prfMechanism: CK_MECHANISM_TYPE, + pub bHasSeedKey: CK_BBOOL, + pub hSeedKey: CK_OBJECT_HANDLE, + pub pSeedData: CK_BYTE_PTR, + pub ulSeedDataLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_IKE2_PRF_PLUS_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 21usize, + concat!("Size of: ", stringify!(CK_IKE2_PRF_PLUS_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_IKE2_PRF_PLUS_DERIVE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prfMechanism) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE2_PRF_PLUS_DERIVE_PARAMS), + "::", + stringify!(prfMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bHasSeedKey) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE2_PRF_PLUS_DERIVE_PARAMS), + "::", + stringify!(bHasSeedKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hSeedKey) as usize - ptr as usize }, + 5usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE2_PRF_PLUS_DERIVE_PARAMS), + "::", + stringify!(hSeedKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pSeedData) as usize - ptr as usize }, + 9usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE2_PRF_PLUS_DERIVE_PARAMS), + "::", + stringify!(pSeedData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulSeedDataLen) as usize - ptr as usize }, + 17usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE2_PRF_PLUS_DERIVE_PARAMS), + "::", + stringify!(ulSeedDataLen) + ) + ); +} +impl Default for CK_IKE2_PRF_PLUS_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_IKE2_PRF_PLUS_DERIVE_PARAMS_PTR = *mut CK_IKE2_PRF_PLUS_DERIVE_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_IKE_PRF_DERIVE_PARAMS { + pub prfMechanism: CK_MECHANISM_TYPE, + pub bDataAsKey: CK_BBOOL, + pub bRekey: CK_BBOOL, + pub pNi: CK_BYTE_PTR, + pub ulNiLen: CK_ULONG, + pub pNr: CK_BYTE_PTR, + pub ulNrLen: CK_ULONG, + pub hNewKey: CK_OBJECT_HANDLE, +} +#[test] +fn bindgen_test_layout_CK_IKE_PRF_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 34usize, + concat!("Size of: ", stringify!(CK_IKE_PRF_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_IKE_PRF_DERIVE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prfMechanism) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE_PRF_DERIVE_PARAMS), + "::", + stringify!(prfMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bDataAsKey) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE_PRF_DERIVE_PARAMS), + "::", + stringify!(bDataAsKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bRekey) as usize - ptr as usize }, + 5usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE_PRF_DERIVE_PARAMS), + "::", + stringify!(bRekey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pNi) as usize - ptr as usize }, + 6usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE_PRF_DERIVE_PARAMS), + "::", + stringify!(pNi) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNiLen) as usize - ptr as usize }, + 14usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE_PRF_DERIVE_PARAMS), + "::", + stringify!(ulNiLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pNr) as usize - ptr as usize }, + 18usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE_PRF_DERIVE_PARAMS), + "::", + stringify!(pNr) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulNrLen) as usize - ptr as usize }, + 26usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE_PRF_DERIVE_PARAMS), + "::", + stringify!(ulNrLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hNewKey) as usize - ptr as usize }, + 30usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE_PRF_DERIVE_PARAMS), + "::", + stringify!(hNewKey) + ) + ); +} +impl Default for CK_IKE_PRF_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_IKE_PRF_DERIVE_PARAMS_PTR = *mut CK_IKE_PRF_DERIVE_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_IKE1_PRF_DERIVE_PARAMS { + pub prfMechanism: CK_MECHANISM_TYPE, + pub bHasPrevKey: CK_BBOOL, + pub hKeygxy: CK_OBJECT_HANDLE, + pub hPrevKey: CK_OBJECT_HANDLE, + pub pCKYi: CK_BYTE_PTR, + pub ulCKYiLen: CK_ULONG, + pub pCKYr: CK_BYTE_PTR, + pub ulCKYrLen: CK_ULONG, + pub keyNumber: CK_BYTE, +} +#[test] +fn bindgen_test_layout_CK_IKE1_PRF_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 38usize, + concat!("Size of: ", stringify!(CK_IKE1_PRF_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_IKE1_PRF_DERIVE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prfMechanism) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_PRF_DERIVE_PARAMS), + "::", + stringify!(prfMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bHasPrevKey) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_PRF_DERIVE_PARAMS), + "::", + stringify!(bHasPrevKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hKeygxy) as usize - ptr as usize }, + 5usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_PRF_DERIVE_PARAMS), + "::", + stringify!(hKeygxy) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hPrevKey) as usize - ptr as usize }, + 9usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_PRF_DERIVE_PARAMS), + "::", + stringify!(hPrevKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pCKYi) as usize - ptr as usize }, + 13usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_PRF_DERIVE_PARAMS), + "::", + stringify!(pCKYi) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulCKYiLen) as usize - ptr as usize }, + 21usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_PRF_DERIVE_PARAMS), + "::", + stringify!(ulCKYiLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pCKYr) as usize - ptr as usize }, + 25usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_PRF_DERIVE_PARAMS), + "::", + stringify!(pCKYr) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulCKYrLen) as usize - ptr as usize }, + 33usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_PRF_DERIVE_PARAMS), + "::", + stringify!(ulCKYrLen) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).keyNumber) as usize - ptr as usize }, + 37usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_PRF_DERIVE_PARAMS), + "::", + stringify!(keyNumber) + ) + ); +} +impl Default for CK_IKE1_PRF_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_IKE1_PRF_DERIVE_PARAMS_PTR = *mut CK_IKE1_PRF_DERIVE_PARAMS; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct CK_IKE1_EXTENDED_DERIVE_PARAMS { + pub prfMechanism: CK_MECHANISM_TYPE, + pub bHasKeygxy: CK_BBOOL, + pub hKeygxy: CK_OBJECT_HANDLE, + pub pExtraData: CK_BYTE_PTR, + pub ulExtraDataLen: CK_ULONG, +} +#[test] +fn bindgen_test_layout_CK_IKE1_EXTENDED_DERIVE_PARAMS() { + const UNINIT: ::std::mem::MaybeUninit = + ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 21usize, + concat!("Size of: ", stringify!(CK_IKE1_EXTENDED_DERIVE_PARAMS)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_IKE1_EXTENDED_DERIVE_PARAMS)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).prfMechanism) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_EXTENDED_DERIVE_PARAMS), + "::", + stringify!(prfMechanism) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).bHasKeygxy) as usize - ptr as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_EXTENDED_DERIVE_PARAMS), + "::", + stringify!(bHasKeygxy) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).hKeygxy) as usize - ptr as usize }, + 5usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_EXTENDED_DERIVE_PARAMS), + "::", + stringify!(hKeygxy) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).pExtraData) as usize - ptr as usize }, + 9usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_EXTENDED_DERIVE_PARAMS), + "::", + stringify!(pExtraData) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).ulExtraDataLen) as usize - ptr as usize }, + 17usize, + concat!( + "Offset of field: ", + stringify!(CK_IKE1_EXTENDED_DERIVE_PARAMS), + "::", + stringify!(ulExtraDataLen) + ) + ); +} +impl Default for CK_IKE1_EXTENDED_DERIVE_PARAMS { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CK_IKE1_EXTENDED_DERIVE_PARAMS_PTR = *mut CK_IKE1_EXTENDED_DERIVE_PARAMS; +extern "C" { + pub fn C_Initialize(pInitArgs: CK_VOID_PTR) -> CK_RV; +} +extern "C" { + pub fn C_Finalize(pReserved: CK_VOID_PTR) -> CK_RV; +} +extern "C" { + pub fn C_GetInfo(pInfo: CK_INFO_PTR) -> CK_RV; +} +extern "C" { + pub fn C_GetFunctionList(ppFunctionList: CK_FUNCTION_LIST_PTR_PTR) -> CK_RV; +} +extern "C" { + pub fn C_GetSlotList( + tokenPresent: CK_BBOOL, + pSlotList: CK_SLOT_ID_PTR, + pulCount: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_GetSlotInfo(slotID: CK_SLOT_ID, pInfo: CK_SLOT_INFO_PTR) -> CK_RV; +} +extern "C" { + pub fn C_GetTokenInfo(slotID: CK_SLOT_ID, pInfo: CK_TOKEN_INFO_PTR) -> CK_RV; +} +extern "C" { + pub fn C_GetMechanismList( + slotID: CK_SLOT_ID, + pMechanismList: CK_MECHANISM_TYPE_PTR, + pulCount: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_GetMechanismInfo( + slotID: CK_SLOT_ID, + type_: CK_MECHANISM_TYPE, + pInfo: CK_MECHANISM_INFO_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_InitToken( + slotID: CK_SLOT_ID, + pPin: CK_UTF8CHAR_PTR, + ulPinLen: CK_ULONG, + pLabel: CK_UTF8CHAR_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_InitPIN( + hSession: CK_SESSION_HANDLE, + pPin: CK_UTF8CHAR_PTR, + ulPinLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_SetPIN( + hSession: CK_SESSION_HANDLE, + pOldPin: CK_UTF8CHAR_PTR, + ulOldLen: CK_ULONG, + pNewPin: CK_UTF8CHAR_PTR, + ulNewLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_OpenSession( + slotID: CK_SLOT_ID, + flags: CK_FLAGS, + pApplication: CK_VOID_PTR, + Notify: CK_NOTIFY, + phSession: CK_SESSION_HANDLE_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_CloseSession(hSession: CK_SESSION_HANDLE) -> CK_RV; +} +extern "C" { + pub fn C_CloseAllSessions(slotID: CK_SLOT_ID) -> CK_RV; +} +extern "C" { + pub fn C_GetSessionInfo(hSession: CK_SESSION_HANDLE, pInfo: CK_SESSION_INFO_PTR) -> CK_RV; +} +extern "C" { + pub fn C_GetOperationState( + hSession: CK_SESSION_HANDLE, + pOperationState: CK_BYTE_PTR, + pulOperationStateLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_SetOperationState( + hSession: CK_SESSION_HANDLE, + pOperationState: CK_BYTE_PTR, + ulOperationStateLen: CK_ULONG, + hEncryptionKey: CK_OBJECT_HANDLE, + hAuthenticationKey: CK_OBJECT_HANDLE, + ) -> CK_RV; +} +extern "C" { + pub fn C_Login( + hSession: CK_SESSION_HANDLE, + userType: CK_USER_TYPE, + pPin: CK_UTF8CHAR_PTR, + ulPinLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_Logout(hSession: CK_SESSION_HANDLE) -> CK_RV; +} +extern "C" { + pub fn C_CreateObject( + hSession: CK_SESSION_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + phObject: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_CopyObject( + hSession: CK_SESSION_HANDLE, + hObject: CK_OBJECT_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + phNewObject: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_DestroyObject(hSession: CK_SESSION_HANDLE, hObject: CK_OBJECT_HANDLE) -> CK_RV; +} +extern "C" { + pub fn C_GetObjectSize( + hSession: CK_SESSION_HANDLE, + hObject: CK_OBJECT_HANDLE, + pulSize: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_GetAttributeValue( + hSession: CK_SESSION_HANDLE, + hObject: CK_OBJECT_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_SetAttributeValue( + hSession: CK_SESSION_HANDLE, + hObject: CK_OBJECT_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_FindObjectsInit( + hSession: CK_SESSION_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_FindObjects( + hSession: CK_SESSION_HANDLE, + phObject: CK_OBJECT_HANDLE_PTR, + ulMaxObjectCount: CK_ULONG, + pulObjectCount: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_FindObjectsFinal(hSession: CK_SESSION_HANDLE) -> CK_RV; +} +extern "C" { + pub fn C_EncryptInit( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV; +} +extern "C" { + pub fn C_Encrypt( + hSession: CK_SESSION_HANDLE, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pEncryptedData: CK_BYTE_PTR, + pulEncryptedDataLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_EncryptUpdate( + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + pEncryptedPart: CK_BYTE_PTR, + pulEncryptedPartLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_EncryptFinal( + hSession: CK_SESSION_HANDLE, + pLastEncryptedPart: CK_BYTE_PTR, + pulLastEncryptedPartLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_DecryptInit( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV; +} +extern "C" { + pub fn C_Decrypt( + hSession: CK_SESSION_HANDLE, + pEncryptedData: CK_BYTE_PTR, + ulEncryptedDataLen: CK_ULONG, + pData: CK_BYTE_PTR, + pulDataLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_DecryptUpdate( + hSession: CK_SESSION_HANDLE, + pEncryptedPart: CK_BYTE_PTR, + ulEncryptedPartLen: CK_ULONG, + pPart: CK_BYTE_PTR, + pulPartLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_DecryptFinal( + hSession: CK_SESSION_HANDLE, + pLastPart: CK_BYTE_PTR, + pulLastPartLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_DigestInit(hSession: CK_SESSION_HANDLE, pMechanism: CK_MECHANISM_PTR) -> CK_RV; +} +extern "C" { + pub fn C_Digest( + hSession: CK_SESSION_HANDLE, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pDigest: CK_BYTE_PTR, + pulDigestLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_DigestUpdate( + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_DigestKey(hSession: CK_SESSION_HANDLE, hKey: CK_OBJECT_HANDLE) -> CK_RV; +} +extern "C" { + pub fn C_DigestFinal( + hSession: CK_SESSION_HANDLE, + pDigest: CK_BYTE_PTR, + pulDigestLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_SignInit( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV; +} +extern "C" { + pub fn C_Sign( + hSession: CK_SESSION_HANDLE, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + pulSignatureLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_SignUpdate( + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_SignFinal( + hSession: CK_SESSION_HANDLE, + pSignature: CK_BYTE_PTR, + pulSignatureLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_SignRecoverInit( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV; +} +extern "C" { + pub fn C_SignRecover( + hSession: CK_SESSION_HANDLE, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + pulSignatureLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_VerifyInit( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV; +} +extern "C" { + pub fn C_Verify( + hSession: CK_SESSION_HANDLE, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + ulSignatureLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_VerifyUpdate( + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_VerifyFinal( + hSession: CK_SESSION_HANDLE, + pSignature: CK_BYTE_PTR, + ulSignatureLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_VerifyRecoverInit( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV; +} +extern "C" { + pub fn C_VerifyRecover( + hSession: CK_SESSION_HANDLE, + pSignature: CK_BYTE_PTR, + ulSignatureLen: CK_ULONG, + pData: CK_BYTE_PTR, + pulDataLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_DigestEncryptUpdate( + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + pEncryptedPart: CK_BYTE_PTR, + pulEncryptedPartLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_DecryptDigestUpdate( + hSession: CK_SESSION_HANDLE, + pEncryptedPart: CK_BYTE_PTR, + ulEncryptedPartLen: CK_ULONG, + pPart: CK_BYTE_PTR, + pulPartLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_SignEncryptUpdate( + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + pEncryptedPart: CK_BYTE_PTR, + pulEncryptedPartLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_DecryptVerifyUpdate( + hSession: CK_SESSION_HANDLE, + pEncryptedPart: CK_BYTE_PTR, + ulEncryptedPartLen: CK_ULONG, + pPart: CK_BYTE_PTR, + pulPartLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_GenerateKey( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + phKey: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_GenerateKeyPair( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + pPublicKeyTemplate: CK_ATTRIBUTE_PTR, + ulPublicKeyAttributeCount: CK_ULONG, + pPrivateKeyTemplate: CK_ATTRIBUTE_PTR, + ulPrivateKeyAttributeCount: CK_ULONG, + phPublicKey: CK_OBJECT_HANDLE_PTR, + phPrivateKey: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_WrapKey( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hWrappingKey: CK_OBJECT_HANDLE, + hKey: CK_OBJECT_HANDLE, + pWrappedKey: CK_BYTE_PTR, + pulWrappedKeyLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_UnwrapKey( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hUnwrappingKey: CK_OBJECT_HANDLE, + pWrappedKey: CK_BYTE_PTR, + ulWrappedKeyLen: CK_ULONG, + pTemplate: CK_ATTRIBUTE_PTR, + ulAttributeCount: CK_ULONG, + phKey: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_DeriveKey( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hBaseKey: CK_OBJECT_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulAttributeCount: CK_ULONG, + phKey: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_SeedRandom( + hSession: CK_SESSION_HANDLE, + pSeed: CK_BYTE_PTR, + ulSeedLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_GenerateRandom( + hSession: CK_SESSION_HANDLE, + RandomData: CK_BYTE_PTR, + ulRandomLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_GetFunctionStatus(hSession: CK_SESSION_HANDLE) -> CK_RV; +} +extern "C" { + pub fn C_CancelFunction(hSession: CK_SESSION_HANDLE) -> CK_RV; +} +extern "C" { + pub fn C_WaitForSlotEvent( + flags: CK_FLAGS, + pSlot: CK_SLOT_ID_PTR, + pRserved: CK_VOID_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_GetInterfaceList(pInterfacesList: CK_INTERFACE_PTR, pulCount: CK_ULONG_PTR) -> CK_RV; +} +extern "C" { + pub fn C_GetInterface( + pInterfaceName: CK_UTF8CHAR_PTR, + pVersion: CK_VERSION_PTR, + ppInterface: CK_INTERFACE_PTR_PTR, + flags: CK_FLAGS, + ) -> CK_RV; +} +extern "C" { + pub fn C_LoginUser( + hSession: CK_SESSION_HANDLE, + userType: CK_USER_TYPE, + pPin: CK_UTF8CHAR_PTR, + ulPinLen: CK_ULONG, + pUsername: CK_UTF8CHAR_PTR, + ulUsernameLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_SessionCancel(hSession: CK_SESSION_HANDLE, flags: CK_FLAGS) -> CK_RV; +} +extern "C" { + pub fn C_MessageEncryptInit( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV; +} +extern "C" { + pub fn C_EncryptMessage( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pAssociatedData: CK_BYTE_PTR, + ulAssociatedDataLen: CK_ULONG, + pPlaintext: CK_BYTE_PTR, + ulPlaintextLen: CK_ULONG, + pCiphertext: CK_BYTE_PTR, + pulCiphertextLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_EncryptMessageBegin( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pAssociatedData: CK_BYTE_PTR, + ulAssociatedDataLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_EncryptMessageNext( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pPlaintextPart: CK_BYTE_PTR, + ulPlaintextPartLen: CK_ULONG, + pCiphertextPart: CK_BYTE_PTR, + pulCiphertextPartLen: CK_ULONG_PTR, + flags: CK_FLAGS, + ) -> CK_RV; +} +extern "C" { + pub fn C_MessageEncryptFinal(hSession: CK_SESSION_HANDLE) -> CK_RV; +} +extern "C" { + pub fn C_MessageDecryptInit( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV; +} +extern "C" { + pub fn C_DecryptMessage( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pAssociatedData: CK_BYTE_PTR, + ulAssociatedDataLen: CK_ULONG, + pCiphertext: CK_BYTE_PTR, + ulCiphertextLen: CK_ULONG, + pPlaintext: CK_BYTE_PTR, + pulPlaintextLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_DecryptMessageBegin( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pAssociatedData: CK_BYTE_PTR, + ulAssociatedDataLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_DecryptMessageNext( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pCiphertextPart: CK_BYTE_PTR, + ulCiphertextPartLen: CK_ULONG, + pPlaintextPart: CK_BYTE_PTR, + pulPlaintextPartLen: CK_ULONG_PTR, + flags: CK_FLAGS, + ) -> CK_RV; +} +extern "C" { + pub fn C_MessageDecryptFinal(hSession: CK_SESSION_HANDLE) -> CK_RV; +} +extern "C" { + pub fn C_MessageSignInit( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV; +} +extern "C" { + pub fn C_SignMessage( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + pulSignatureLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_SignMessageBegin( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_SignMessageNext( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + pulSignatureLen: CK_ULONG_PTR, + ) -> CK_RV; +} +extern "C" { + pub fn C_MessageSignFinal(hSession: CK_SESSION_HANDLE) -> CK_RV; +} +extern "C" { + pub fn C_MessageVerifyInit( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV; +} +extern "C" { + pub fn C_VerifyMessage( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + ulSignatureLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_VerifyMessageBegin( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_VerifyMessageNext( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + ulSignatureLen: CK_ULONG, + ) -> CK_RV; +} +extern "C" { + pub fn C_MessageVerifyFinal(hSession: CK_SESSION_HANDLE) -> CK_RV; +} +pub type CK_C_Initialize = + ::std::option::Option CK_RV>; +pub type CK_C_Finalize = + ::std::option::Option CK_RV>; +pub type CK_C_GetInfo = ::std::option::Option CK_RV>; +pub type CK_C_GetFunctionList = + ::std::option::Option CK_RV>; +pub type CK_C_GetSlotList = ::std::option::Option< + unsafe extern "C" fn( + tokenPresent: CK_BBOOL, + pSlotList: CK_SLOT_ID_PTR, + pulCount: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_GetSlotInfo = ::std::option::Option< + unsafe extern "C" fn(slotID: CK_SLOT_ID, pInfo: CK_SLOT_INFO_PTR) -> CK_RV, +>; +pub type CK_C_GetTokenInfo = ::std::option::Option< + unsafe extern "C" fn(slotID: CK_SLOT_ID, pInfo: CK_TOKEN_INFO_PTR) -> CK_RV, +>; +pub type CK_C_GetMechanismList = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + pMechanismList: CK_MECHANISM_TYPE_PTR, + pulCount: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_GetMechanismInfo = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + type_: CK_MECHANISM_TYPE, + pInfo: CK_MECHANISM_INFO_PTR, + ) -> CK_RV, +>; +pub type CK_C_InitToken = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + pPin: CK_UTF8CHAR_PTR, + ulPinLen: CK_ULONG, + pLabel: CK_UTF8CHAR_PTR, + ) -> CK_RV, +>; +pub type CK_C_InitPIN = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pPin: CK_UTF8CHAR_PTR, + ulPinLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_SetPIN = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pOldPin: CK_UTF8CHAR_PTR, + ulOldLen: CK_ULONG, + pNewPin: CK_UTF8CHAR_PTR, + ulNewLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_OpenSession = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + flags: CK_FLAGS, + pApplication: CK_VOID_PTR, + Notify: CK_NOTIFY, + phSession: CK_SESSION_HANDLE_PTR, + ) -> CK_RV, +>; +pub type CK_C_CloseSession = + ::std::option::Option CK_RV>; +pub type CK_C_CloseAllSessions = + ::std::option::Option CK_RV>; +pub type CK_C_GetSessionInfo = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, pInfo: CK_SESSION_INFO_PTR) -> CK_RV, +>; +pub type CK_C_GetOperationState = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pOperationState: CK_BYTE_PTR, + pulOperationStateLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_SetOperationState = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pOperationState: CK_BYTE_PTR, + ulOperationStateLen: CK_ULONG, + hEncryptionKey: CK_OBJECT_HANDLE, + hAuthenticationKey: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_Login = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + userType: CK_USER_TYPE, + pPin: CK_UTF8CHAR_PTR, + ulPinLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_Logout = + ::std::option::Option CK_RV>; +pub type CK_C_CreateObject = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + phObject: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV, +>; +pub type CK_C_CopyObject = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + hObject: CK_OBJECT_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + phNewObject: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV, +>; +pub type CK_C_DestroyObject = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, hObject: CK_OBJECT_HANDLE) -> CK_RV, +>; +pub type CK_C_GetObjectSize = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + hObject: CK_OBJECT_HANDLE, + pulSize: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_GetAttributeValue = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + hObject: CK_OBJECT_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_SetAttributeValue = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + hObject: CK_OBJECT_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_FindObjectsInit = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_FindObjects = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + phObject: CK_OBJECT_HANDLE_PTR, + ulMaxObjectCount: CK_ULONG, + pulObjectCount: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_FindObjectsFinal = + ::std::option::Option CK_RV>; +pub type CK_C_EncryptInit = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_Encrypt = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pEncryptedData: CK_BYTE_PTR, + pulEncryptedDataLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_EncryptUpdate = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + pEncryptedPart: CK_BYTE_PTR, + pulEncryptedPartLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_EncryptFinal = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pLastEncryptedPart: CK_BYTE_PTR, + pulLastEncryptedPartLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_DecryptInit = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_Decrypt = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pEncryptedData: CK_BYTE_PTR, + ulEncryptedDataLen: CK_ULONG, + pData: CK_BYTE_PTR, + pulDataLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_DecryptUpdate = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pEncryptedPart: CK_BYTE_PTR, + ulEncryptedPartLen: CK_ULONG, + pPart: CK_BYTE_PTR, + pulPartLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_DecryptFinal = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pLastPart: CK_BYTE_PTR, + pulLastPartLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_DigestInit = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, pMechanism: CK_MECHANISM_PTR) -> CK_RV, +>; +pub type CK_C_Digest = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pDigest: CK_BYTE_PTR, + pulDigestLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_DigestUpdate = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_DigestKey = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, hKey: CK_OBJECT_HANDLE) -> CK_RV, +>; +pub type CK_C_DigestFinal = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pDigest: CK_BYTE_PTR, + pulDigestLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_SignInit = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_Sign = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + pulSignatureLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_SignUpdate = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_SignFinal = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pSignature: CK_BYTE_PTR, + pulSignatureLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_SignRecoverInit = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_SignRecover = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + pulSignatureLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_VerifyInit = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_Verify = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + ulSignatureLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_VerifyUpdate = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_VerifyFinal = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pSignature: CK_BYTE_PTR, + ulSignatureLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_VerifyRecoverInit = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_VerifyRecover = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pSignature: CK_BYTE_PTR, + ulSignatureLen: CK_ULONG, + pData: CK_BYTE_PTR, + pulDataLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_DigestEncryptUpdate = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + pEncryptedPart: CK_BYTE_PTR, + pulEncryptedPartLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_DecryptDigestUpdate = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pEncryptedPart: CK_BYTE_PTR, + ulEncryptedPartLen: CK_ULONG, + pPart: CK_BYTE_PTR, + pulPartLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_SignEncryptUpdate = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pPart: CK_BYTE_PTR, + ulPartLen: CK_ULONG, + pEncryptedPart: CK_BYTE_PTR, + pulEncryptedPartLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_DecryptVerifyUpdate = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pEncryptedPart: CK_BYTE_PTR, + ulEncryptedPartLen: CK_ULONG, + pPart: CK_BYTE_PTR, + pulPartLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_GenerateKey = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + pTemplate: CK_ATTRIBUTE_PTR, + ulCount: CK_ULONG, + phKey: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV, +>; +pub type CK_C_GenerateKeyPair = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + pPublicKeyTemplate: CK_ATTRIBUTE_PTR, + ulPublicKeyAttributeCount: CK_ULONG, + pPrivateKeyTemplate: CK_ATTRIBUTE_PTR, + ulPrivateKeyAttributeCount: CK_ULONG, + phPublicKey: CK_OBJECT_HANDLE_PTR, + phPrivateKey: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV, +>; +pub type CK_C_WrapKey = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hWrappingKey: CK_OBJECT_HANDLE, + hKey: CK_OBJECT_HANDLE, + pWrappedKey: CK_BYTE_PTR, + pulWrappedKeyLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_UnwrapKey = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hUnwrappingKey: CK_OBJECT_HANDLE, + pWrappedKey: CK_BYTE_PTR, + ulWrappedKeyLen: CK_ULONG, + pTemplate: CK_ATTRIBUTE_PTR, + ulAttributeCount: CK_ULONG, + phKey: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV, +>; +pub type CK_C_DeriveKey = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hBaseKey: CK_OBJECT_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + ulAttributeCount: CK_ULONG, + phKey: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV, +>; +pub type CK_C_SeedRandom = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pSeed: CK_BYTE_PTR, + ulSeedLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_GenerateRandom = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + RandomData: CK_BYTE_PTR, + ulRandomLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_GetFunctionStatus = + ::std::option::Option CK_RV>; +pub type CK_C_CancelFunction = + ::std::option::Option CK_RV>; +pub type CK_C_WaitForSlotEvent = ::std::option::Option< + unsafe extern "C" fn(flags: CK_FLAGS, pSlot: CK_SLOT_ID_PTR, pRserved: CK_VOID_PTR) -> CK_RV, +>; +pub type CK_C_GetInterfaceList = ::std::option::Option< + unsafe extern "C" fn(pInterfacesList: CK_INTERFACE_PTR, pulCount: CK_ULONG_PTR) -> CK_RV, +>; +pub type CK_C_GetInterface = ::std::option::Option< + unsafe extern "C" fn( + pInterfaceName: CK_UTF8CHAR_PTR, + pVersion: CK_VERSION_PTR, + ppInterface: CK_INTERFACE_PTR_PTR, + flags: CK_FLAGS, + ) -> CK_RV, +>; +pub type CK_C_LoginUser = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + userType: CK_USER_TYPE, + pPin: CK_UTF8CHAR_PTR, + ulPinLen: CK_ULONG, + pUsername: CK_UTF8CHAR_PTR, + ulUsernameLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_SessionCancel = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, flags: CK_FLAGS) -> CK_RV, +>; +pub type CK_C_MessageEncryptInit = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_EncryptMessage = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pAssociatedData: CK_BYTE_PTR, + ulAssociatedDataLen: CK_ULONG, + pPlaintext: CK_BYTE_PTR, + ulPlaintextLen: CK_ULONG, + pCiphertext: CK_BYTE_PTR, + pulCiphertextLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_EncryptMessageBegin = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pAssociatedData: CK_BYTE_PTR, + ulAssociatedDataLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_EncryptMessageNext = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pPlaintextPart: CK_BYTE_PTR, + ulPlaintextPartLen: CK_ULONG, + pCiphertextPart: CK_BYTE_PTR, + pulCiphertextPartLen: CK_ULONG_PTR, + flags: CK_FLAGS, + ) -> CK_RV, +>; +pub type CK_C_MessageEncryptFinal = + ::std::option::Option CK_RV>; +pub type CK_C_MessageDecryptInit = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_DecryptMessage = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pAssociatedData: CK_BYTE_PTR, + ulAssociatedDataLen: CK_ULONG, + pCiphertext: CK_BYTE_PTR, + ulCiphertextLen: CK_ULONG, + pPlaintext: CK_BYTE_PTR, + pulPlaintextLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_DecryptMessageBegin = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pAssociatedData: CK_BYTE_PTR, + ulAssociatedDataLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_DecryptMessageNext = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pCiphertextPart: CK_BYTE_PTR, + ulCiphertextPartLen: CK_ULONG, + pPlaintextPart: CK_BYTE_PTR, + pulPlaintextPartLen: CK_ULONG_PTR, + flags: CK_FLAGS, + ) -> CK_RV, +>; +pub type CK_C_MessageDecryptFinal = + ::std::option::Option CK_RV>; +pub type CK_C_MessageSignInit = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_SignMessage = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + pulSignatureLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_SignMessageBegin = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_SignMessageNext = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + pulSignatureLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_MessageSignFinal = + ::std::option::Option CK_RV>; +pub type CK_C_MessageVerifyInit = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + hKey: CK_OBJECT_HANDLE, + ) -> CK_RV, +>; +pub type CK_C_VerifyMessage = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + ulSignatureLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_VerifyMessageBegin = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_VerifyMessageNext = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pParameter: CK_VOID_PTR, + ulParameterLen: CK_ULONG, + pData: CK_BYTE_PTR, + ulDataLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + ulSignatureLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_C_MessageVerifyFinal = + ::std::option::Option CK_RV>; +#[repr(C, packed)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_FUNCTION_LIST_3_0 { + pub version: CK_VERSION, + pub C_Initialize: CK_C_Initialize, + pub C_Finalize: CK_C_Finalize, + pub C_GetInfo: CK_C_GetInfo, + pub C_GetFunctionList: CK_C_GetFunctionList, + pub C_GetSlotList: CK_C_GetSlotList, + pub C_GetSlotInfo: CK_C_GetSlotInfo, + pub C_GetTokenInfo: CK_C_GetTokenInfo, + pub C_GetMechanismList: CK_C_GetMechanismList, + pub C_GetMechanismInfo: CK_C_GetMechanismInfo, + pub C_InitToken: CK_C_InitToken, + pub C_InitPIN: CK_C_InitPIN, + pub C_SetPIN: CK_C_SetPIN, + pub C_OpenSession: CK_C_OpenSession, + pub C_CloseSession: CK_C_CloseSession, + pub C_CloseAllSessions: CK_C_CloseAllSessions, + pub C_GetSessionInfo: CK_C_GetSessionInfo, + pub C_GetOperationState: CK_C_GetOperationState, + pub C_SetOperationState: CK_C_SetOperationState, + pub C_Login: CK_C_Login, + pub C_Logout: CK_C_Logout, + pub C_CreateObject: CK_C_CreateObject, + pub C_CopyObject: CK_C_CopyObject, + pub C_DestroyObject: CK_C_DestroyObject, + pub C_GetObjectSize: CK_C_GetObjectSize, + pub C_GetAttributeValue: CK_C_GetAttributeValue, + pub C_SetAttributeValue: CK_C_SetAttributeValue, + pub C_FindObjectsInit: CK_C_FindObjectsInit, + pub C_FindObjects: CK_C_FindObjects, + pub C_FindObjectsFinal: CK_C_FindObjectsFinal, + pub C_EncryptInit: CK_C_EncryptInit, + pub C_Encrypt: CK_C_Encrypt, + pub C_EncryptUpdate: CK_C_EncryptUpdate, + pub C_EncryptFinal: CK_C_EncryptFinal, + pub C_DecryptInit: CK_C_DecryptInit, + pub C_Decrypt: CK_C_Decrypt, + pub C_DecryptUpdate: CK_C_DecryptUpdate, + pub C_DecryptFinal: CK_C_DecryptFinal, + pub C_DigestInit: CK_C_DigestInit, + pub C_Digest: CK_C_Digest, + pub C_DigestUpdate: CK_C_DigestUpdate, + pub C_DigestKey: CK_C_DigestKey, + pub C_DigestFinal: CK_C_DigestFinal, + pub C_SignInit: CK_C_SignInit, + pub C_Sign: CK_C_Sign, + pub C_SignUpdate: CK_C_SignUpdate, + pub C_SignFinal: CK_C_SignFinal, + pub C_SignRecoverInit: CK_C_SignRecoverInit, + pub C_SignRecover: CK_C_SignRecover, + pub C_VerifyInit: CK_C_VerifyInit, + pub C_Verify: CK_C_Verify, + pub C_VerifyUpdate: CK_C_VerifyUpdate, + pub C_VerifyFinal: CK_C_VerifyFinal, + pub C_VerifyRecoverInit: CK_C_VerifyRecoverInit, + pub C_VerifyRecover: CK_C_VerifyRecover, + pub C_DigestEncryptUpdate: CK_C_DigestEncryptUpdate, + pub C_DecryptDigestUpdate: CK_C_DecryptDigestUpdate, + pub C_SignEncryptUpdate: CK_C_SignEncryptUpdate, + pub C_DecryptVerifyUpdate: CK_C_DecryptVerifyUpdate, + pub C_GenerateKey: CK_C_GenerateKey, + pub C_GenerateKeyPair: CK_C_GenerateKeyPair, + pub C_WrapKey: CK_C_WrapKey, + pub C_UnwrapKey: CK_C_UnwrapKey, + pub C_DeriveKey: CK_C_DeriveKey, + pub C_SeedRandom: CK_C_SeedRandom, + pub C_GenerateRandom: CK_C_GenerateRandom, + pub C_GetFunctionStatus: CK_C_GetFunctionStatus, + pub C_CancelFunction: CK_C_CancelFunction, + pub C_WaitForSlotEvent: CK_C_WaitForSlotEvent, + pub C_GetInterfaceList: CK_C_GetInterfaceList, + pub C_GetInterface: CK_C_GetInterface, + pub C_LoginUser: CK_C_LoginUser, + pub C_SessionCancel: CK_C_SessionCancel, + pub C_MessageEncryptInit: CK_C_MessageEncryptInit, + pub C_EncryptMessage: CK_C_EncryptMessage, + pub C_EncryptMessageBegin: CK_C_EncryptMessageBegin, + pub C_EncryptMessageNext: CK_C_EncryptMessageNext, + pub C_MessageEncryptFinal: CK_C_MessageEncryptFinal, + pub C_MessageDecryptInit: CK_C_MessageDecryptInit, + pub C_DecryptMessage: CK_C_DecryptMessage, + pub C_DecryptMessageBegin: CK_C_DecryptMessageBegin, + pub C_DecryptMessageNext: CK_C_DecryptMessageNext, + pub C_MessageDecryptFinal: CK_C_MessageDecryptFinal, + pub C_MessageSignInit: CK_C_MessageSignInit, + pub C_SignMessage: CK_C_SignMessage, + pub C_SignMessageBegin: CK_C_SignMessageBegin, + pub C_SignMessageNext: CK_C_SignMessageNext, + pub C_MessageSignFinal: CK_C_MessageSignFinal, + pub C_MessageVerifyInit: CK_C_MessageVerifyInit, + pub C_VerifyMessage: CK_C_VerifyMessage, + pub C_VerifyMessageBegin: CK_C_VerifyMessageBegin, + pub C_VerifyMessageNext: CK_C_VerifyMessageNext, + pub C_MessageVerifyFinal: CK_C_MessageVerifyFinal, +} +#[test] +fn bindgen_test_layout_CK_FUNCTION_LIST_3_0() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 738usize, + concat!("Size of: ", stringify!(CK_FUNCTION_LIST_3_0)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_FUNCTION_LIST_3_0)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).version) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(version) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Initialize) as usize - ptr as usize }, + 2usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_Initialize) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Finalize) as usize - ptr as usize }, + 10usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_Finalize) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetInfo) as usize - ptr as usize }, + 18usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetFunctionList) as usize - ptr as usize }, + 26usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetFunctionList) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetSlotList) as usize - ptr as usize }, + 34usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetSlotList) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetSlotInfo) as usize - ptr as usize }, + 42usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetSlotInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetTokenInfo) as usize - ptr as usize }, + 50usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetTokenInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetMechanismList) as usize - ptr as usize }, + 58usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetMechanismList) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetMechanismInfo) as usize - ptr as usize }, + 66usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetMechanismInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_InitToken) as usize - ptr as usize }, + 74usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_InitToken) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_InitPIN) as usize - ptr as usize }, + 82usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_InitPIN) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SetPIN) as usize - ptr as usize }, + 90usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SetPIN) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_OpenSession) as usize - ptr as usize }, + 98usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_OpenSession) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_CloseSession) as usize - ptr as usize }, + 106usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_CloseSession) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_CloseAllSessions) as usize - ptr as usize }, + 114usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_CloseAllSessions) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetSessionInfo) as usize - ptr as usize }, + 122usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetSessionInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetOperationState) as usize - ptr as usize }, + 130usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetOperationState) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SetOperationState) as usize - ptr as usize }, + 138usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SetOperationState) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Login) as usize - ptr as usize }, + 146usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_Login) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Logout) as usize - ptr as usize }, + 154usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_Logout) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_CreateObject) as usize - ptr as usize }, + 162usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_CreateObject) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_CopyObject) as usize - ptr as usize }, + 170usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_CopyObject) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DestroyObject) as usize - ptr as usize }, + 178usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DestroyObject) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetObjectSize) as usize - ptr as usize }, + 186usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetObjectSize) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetAttributeValue) as usize - ptr as usize }, + 194usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetAttributeValue) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SetAttributeValue) as usize - ptr as usize }, + 202usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SetAttributeValue) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_FindObjectsInit) as usize - ptr as usize }, + 210usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_FindObjectsInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_FindObjects) as usize - ptr as usize }, + 218usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_FindObjects) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_FindObjectsFinal) as usize - ptr as usize }, + 226usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_FindObjectsFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_EncryptInit) as usize - ptr as usize }, + 234usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_EncryptInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Encrypt) as usize - ptr as usize }, + 242usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_Encrypt) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_EncryptUpdate) as usize - ptr as usize }, + 250usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_EncryptUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_EncryptFinal) as usize - ptr as usize }, + 258usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_EncryptFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptInit) as usize - ptr as usize }, + 266usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DecryptInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Decrypt) as usize - ptr as usize }, + 274usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_Decrypt) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptUpdate) as usize - ptr as usize }, + 282usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DecryptUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptFinal) as usize - ptr as usize }, + 290usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DecryptFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DigestInit) as usize - ptr as usize }, + 298usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DigestInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Digest) as usize - ptr as usize }, + 306usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_Digest) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DigestUpdate) as usize - ptr as usize }, + 314usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DigestUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DigestKey) as usize - ptr as usize }, + 322usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DigestKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DigestFinal) as usize - ptr as usize }, + 330usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DigestFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignInit) as usize - ptr as usize }, + 338usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SignInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Sign) as usize - ptr as usize }, + 346usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_Sign) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignUpdate) as usize - ptr as usize }, + 354usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SignUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignFinal) as usize - ptr as usize }, + 362usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SignFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignRecoverInit) as usize - ptr as usize }, + 370usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SignRecoverInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignRecover) as usize - ptr as usize }, + 378usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SignRecover) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyInit) as usize - ptr as usize }, + 386usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_VerifyInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Verify) as usize - ptr as usize }, + 394usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_Verify) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyUpdate) as usize - ptr as usize }, + 402usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_VerifyUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyFinal) as usize - ptr as usize }, + 410usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_VerifyFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyRecoverInit) as usize - ptr as usize }, + 418usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_VerifyRecoverInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyRecover) as usize - ptr as usize }, + 426usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_VerifyRecover) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DigestEncryptUpdate) as usize - ptr as usize }, + 434usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DigestEncryptUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptDigestUpdate) as usize - ptr as usize }, + 442usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DecryptDigestUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignEncryptUpdate) as usize - ptr as usize }, + 450usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SignEncryptUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptVerifyUpdate) as usize - ptr as usize }, + 458usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DecryptVerifyUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GenerateKey) as usize - ptr as usize }, + 466usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GenerateKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GenerateKeyPair) as usize - ptr as usize }, + 474usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GenerateKeyPair) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_WrapKey) as usize - ptr as usize }, + 482usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_WrapKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_UnwrapKey) as usize - ptr as usize }, + 490usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_UnwrapKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DeriveKey) as usize - ptr as usize }, + 498usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DeriveKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SeedRandom) as usize - ptr as usize }, + 506usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SeedRandom) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GenerateRandom) as usize - ptr as usize }, + 514usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GenerateRandom) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetFunctionStatus) as usize - ptr as usize }, + 522usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetFunctionStatus) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_CancelFunction) as usize - ptr as usize }, + 530usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_CancelFunction) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_WaitForSlotEvent) as usize - ptr as usize }, + 538usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_WaitForSlotEvent) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetInterfaceList) as usize - ptr as usize }, + 546usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetInterfaceList) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetInterface) as usize - ptr as usize }, + 554usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_GetInterface) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_LoginUser) as usize - ptr as usize }, + 562usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_LoginUser) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SessionCancel) as usize - ptr as usize }, + 570usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SessionCancel) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_MessageEncryptInit) as usize - ptr as usize }, + 578usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_MessageEncryptInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_EncryptMessage) as usize - ptr as usize }, + 586usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_EncryptMessage) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_EncryptMessageBegin) as usize - ptr as usize }, + 594usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_EncryptMessageBegin) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_EncryptMessageNext) as usize - ptr as usize }, + 602usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_EncryptMessageNext) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_MessageEncryptFinal) as usize - ptr as usize }, + 610usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_MessageEncryptFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_MessageDecryptInit) as usize - ptr as usize }, + 618usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_MessageDecryptInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptMessage) as usize - ptr as usize }, + 626usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DecryptMessage) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptMessageBegin) as usize - ptr as usize }, + 634usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DecryptMessageBegin) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptMessageNext) as usize - ptr as usize }, + 642usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_DecryptMessageNext) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_MessageDecryptFinal) as usize - ptr as usize }, + 650usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_MessageDecryptFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_MessageSignInit) as usize - ptr as usize }, + 658usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_MessageSignInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignMessage) as usize - ptr as usize }, + 666usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SignMessage) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignMessageBegin) as usize - ptr as usize }, + 674usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SignMessageBegin) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignMessageNext) as usize - ptr as usize }, + 682usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_SignMessageNext) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_MessageSignFinal) as usize - ptr as usize }, + 690usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_MessageSignFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_MessageVerifyInit) as usize - ptr as usize }, + 698usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_MessageVerifyInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyMessage) as usize - ptr as usize }, + 706usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_VerifyMessage) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyMessageBegin) as usize - ptr as usize }, + 714usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_VerifyMessageBegin) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyMessageNext) as usize - ptr as usize }, + 722usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_VerifyMessageNext) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_MessageVerifyFinal) as usize - ptr as usize }, + 730usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST_3_0), + "::", + stringify!(C_MessageVerifyFinal) + ) + ); +} +#[repr(C, packed)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CK_FUNCTION_LIST { + pub version: CK_VERSION, + pub C_Initialize: CK_C_Initialize, + pub C_Finalize: CK_C_Finalize, + pub C_GetInfo: CK_C_GetInfo, + pub C_GetFunctionList: CK_C_GetFunctionList, + pub C_GetSlotList: CK_C_GetSlotList, + pub C_GetSlotInfo: CK_C_GetSlotInfo, + pub C_GetTokenInfo: CK_C_GetTokenInfo, + pub C_GetMechanismList: CK_C_GetMechanismList, + pub C_GetMechanismInfo: CK_C_GetMechanismInfo, + pub C_InitToken: CK_C_InitToken, + pub C_InitPIN: CK_C_InitPIN, + pub C_SetPIN: CK_C_SetPIN, + pub C_OpenSession: CK_C_OpenSession, + pub C_CloseSession: CK_C_CloseSession, + pub C_CloseAllSessions: CK_C_CloseAllSessions, + pub C_GetSessionInfo: CK_C_GetSessionInfo, + pub C_GetOperationState: CK_C_GetOperationState, + pub C_SetOperationState: CK_C_SetOperationState, + pub C_Login: CK_C_Login, + pub C_Logout: CK_C_Logout, + pub C_CreateObject: CK_C_CreateObject, + pub C_CopyObject: CK_C_CopyObject, + pub C_DestroyObject: CK_C_DestroyObject, + pub C_GetObjectSize: CK_C_GetObjectSize, + pub C_GetAttributeValue: CK_C_GetAttributeValue, + pub C_SetAttributeValue: CK_C_SetAttributeValue, + pub C_FindObjectsInit: CK_C_FindObjectsInit, + pub C_FindObjects: CK_C_FindObjects, + pub C_FindObjectsFinal: CK_C_FindObjectsFinal, + pub C_EncryptInit: CK_C_EncryptInit, + pub C_Encrypt: CK_C_Encrypt, + pub C_EncryptUpdate: CK_C_EncryptUpdate, + pub C_EncryptFinal: CK_C_EncryptFinal, + pub C_DecryptInit: CK_C_DecryptInit, + pub C_Decrypt: CK_C_Decrypt, + pub C_DecryptUpdate: CK_C_DecryptUpdate, + pub C_DecryptFinal: CK_C_DecryptFinal, + pub C_DigestInit: CK_C_DigestInit, + pub C_Digest: CK_C_Digest, + pub C_DigestUpdate: CK_C_DigestUpdate, + pub C_DigestKey: CK_C_DigestKey, + pub C_DigestFinal: CK_C_DigestFinal, + pub C_SignInit: CK_C_SignInit, + pub C_Sign: CK_C_Sign, + pub C_SignUpdate: CK_C_SignUpdate, + pub C_SignFinal: CK_C_SignFinal, + pub C_SignRecoverInit: CK_C_SignRecoverInit, + pub C_SignRecover: CK_C_SignRecover, + pub C_VerifyInit: CK_C_VerifyInit, + pub C_Verify: CK_C_Verify, + pub C_VerifyUpdate: CK_C_VerifyUpdate, + pub C_VerifyFinal: CK_C_VerifyFinal, + pub C_VerifyRecoverInit: CK_C_VerifyRecoverInit, + pub C_VerifyRecover: CK_C_VerifyRecover, + pub C_DigestEncryptUpdate: CK_C_DigestEncryptUpdate, + pub C_DecryptDigestUpdate: CK_C_DecryptDigestUpdate, + pub C_SignEncryptUpdate: CK_C_SignEncryptUpdate, + pub C_DecryptVerifyUpdate: CK_C_DecryptVerifyUpdate, + pub C_GenerateKey: CK_C_GenerateKey, + pub C_GenerateKeyPair: CK_C_GenerateKeyPair, + pub C_WrapKey: CK_C_WrapKey, + pub C_UnwrapKey: CK_C_UnwrapKey, + pub C_DeriveKey: CK_C_DeriveKey, + pub C_SeedRandom: CK_C_SeedRandom, + pub C_GenerateRandom: CK_C_GenerateRandom, + pub C_GetFunctionStatus: CK_C_GetFunctionStatus, + pub C_CancelFunction: CK_C_CancelFunction, + pub C_WaitForSlotEvent: CK_C_WaitForSlotEvent, +} +#[test] +fn bindgen_test_layout_CK_FUNCTION_LIST() { + const UNINIT: ::std::mem::MaybeUninit = ::std::mem::MaybeUninit::uninit(); + let ptr = UNINIT.as_ptr(); + assert_eq!( + ::std::mem::size_of::(), + 546usize, + concat!("Size of: ", stringify!(CK_FUNCTION_LIST)) + ); + assert_eq!( + ::std::mem::align_of::(), + 1usize, + concat!("Alignment of ", stringify!(CK_FUNCTION_LIST)) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).version) as usize - ptr as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(version) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Initialize) as usize - ptr as usize }, + 2usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_Initialize) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Finalize) as usize - ptr as usize }, + 10usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_Finalize) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetInfo) as usize - ptr as usize }, + 18usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GetInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetFunctionList) as usize - ptr as usize }, + 26usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GetFunctionList) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetSlotList) as usize - ptr as usize }, + 34usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GetSlotList) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetSlotInfo) as usize - ptr as usize }, + 42usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GetSlotInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetTokenInfo) as usize - ptr as usize }, + 50usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GetTokenInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetMechanismList) as usize - ptr as usize }, + 58usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GetMechanismList) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetMechanismInfo) as usize - ptr as usize }, + 66usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GetMechanismInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_InitToken) as usize - ptr as usize }, + 74usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_InitToken) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_InitPIN) as usize - ptr as usize }, + 82usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_InitPIN) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SetPIN) as usize - ptr as usize }, + 90usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_SetPIN) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_OpenSession) as usize - ptr as usize }, + 98usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_OpenSession) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_CloseSession) as usize - ptr as usize }, + 106usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_CloseSession) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_CloseAllSessions) as usize - ptr as usize }, + 114usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_CloseAllSessions) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetSessionInfo) as usize - ptr as usize }, + 122usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GetSessionInfo) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetOperationState) as usize - ptr as usize }, + 130usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GetOperationState) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SetOperationState) as usize - ptr as usize }, + 138usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_SetOperationState) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Login) as usize - ptr as usize }, + 146usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_Login) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Logout) as usize - ptr as usize }, + 154usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_Logout) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_CreateObject) as usize - ptr as usize }, + 162usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_CreateObject) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_CopyObject) as usize - ptr as usize }, + 170usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_CopyObject) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DestroyObject) as usize - ptr as usize }, + 178usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_DestroyObject) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetObjectSize) as usize - ptr as usize }, + 186usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GetObjectSize) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetAttributeValue) as usize - ptr as usize }, + 194usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GetAttributeValue) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SetAttributeValue) as usize - ptr as usize }, + 202usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_SetAttributeValue) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_FindObjectsInit) as usize - ptr as usize }, + 210usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_FindObjectsInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_FindObjects) as usize - ptr as usize }, + 218usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_FindObjects) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_FindObjectsFinal) as usize - ptr as usize }, + 226usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_FindObjectsFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_EncryptInit) as usize - ptr as usize }, + 234usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_EncryptInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Encrypt) as usize - ptr as usize }, + 242usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_Encrypt) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_EncryptUpdate) as usize - ptr as usize }, + 250usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_EncryptUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_EncryptFinal) as usize - ptr as usize }, + 258usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_EncryptFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptInit) as usize - ptr as usize }, + 266usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_DecryptInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Decrypt) as usize - ptr as usize }, + 274usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_Decrypt) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptUpdate) as usize - ptr as usize }, + 282usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_DecryptUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptFinal) as usize - ptr as usize }, + 290usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_DecryptFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DigestInit) as usize - ptr as usize }, + 298usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_DigestInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Digest) as usize - ptr as usize }, + 306usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_Digest) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DigestUpdate) as usize - ptr as usize }, + 314usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_DigestUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DigestKey) as usize - ptr as usize }, + 322usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_DigestKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DigestFinal) as usize - ptr as usize }, + 330usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_DigestFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignInit) as usize - ptr as usize }, + 338usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_SignInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Sign) as usize - ptr as usize }, + 346usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_Sign) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignUpdate) as usize - ptr as usize }, + 354usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_SignUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignFinal) as usize - ptr as usize }, + 362usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_SignFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignRecoverInit) as usize - ptr as usize }, + 370usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_SignRecoverInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignRecover) as usize - ptr as usize }, + 378usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_SignRecover) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyInit) as usize - ptr as usize }, + 386usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_VerifyInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_Verify) as usize - ptr as usize }, + 394usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_Verify) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyUpdate) as usize - ptr as usize }, + 402usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_VerifyUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyFinal) as usize - ptr as usize }, + 410usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_VerifyFinal) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyRecoverInit) as usize - ptr as usize }, + 418usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_VerifyRecoverInit) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_VerifyRecover) as usize - ptr as usize }, + 426usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_VerifyRecover) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DigestEncryptUpdate) as usize - ptr as usize }, + 434usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_DigestEncryptUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptDigestUpdate) as usize - ptr as usize }, + 442usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_DecryptDigestUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SignEncryptUpdate) as usize - ptr as usize }, + 450usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_SignEncryptUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DecryptVerifyUpdate) as usize - ptr as usize }, + 458usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_DecryptVerifyUpdate) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GenerateKey) as usize - ptr as usize }, + 466usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GenerateKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GenerateKeyPair) as usize - ptr as usize }, + 474usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GenerateKeyPair) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_WrapKey) as usize - ptr as usize }, + 482usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_WrapKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_UnwrapKey) as usize - ptr as usize }, + 490usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_UnwrapKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_DeriveKey) as usize - ptr as usize }, + 498usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_DeriveKey) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_SeedRandom) as usize - ptr as usize }, + 506usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_SeedRandom) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GenerateRandom) as usize - ptr as usize }, + 514usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GenerateRandom) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_GetFunctionStatus) as usize - ptr as usize }, + 522usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_GetFunctionStatus) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_CancelFunction) as usize - ptr as usize }, + 530usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_CancelFunction) + ) + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).C_WaitForSlotEvent) as usize - ptr as usize }, + 538usize, + concat!( + "Offset of field: ", + stringify!(CK_FUNCTION_LIST), + "::", + stringify!(C_WaitForSlotEvent) + ) + ); +} diff --git a/crate/pkcs11/sys/third_party/pkcs11/LICENSE b/crate/pkcs11/sys/third_party/pkcs11/LICENSE new file mode 100644 index 000000000..72ab7f318 --- /dev/null +++ b/crate/pkcs11/sys/third_party/pkcs11/LICENSE @@ -0,0 +1,20 @@ +Copyright © OASIS Open 2022. All Rights Reserved. + +All capitalized terms in the following text have the meanings assigned to them in the OASIS Intellectual Property Rights Policy (the "OASIS IPR Policy"). The full Policy may be found at the OASIS website: [https://www.oasis-open.org/policies-guidelines/ipr/]. + +This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published, and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this section are included on all such copies and derivative works. However, this document itself may not be modified in any way, including by removing the copyright notice or references to OASIS, except as needed for the purpose of developing any document or deliverable produced by an OASIS Technical Committee (in which case the rules applicable to copyrights, as set forth in the OASIS IPR Policy, must be followed) or as required to translate it into languages other than English. + +The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns. + +This document and the information contained herein is provided on an "AS IS" basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY OWNERSHIP RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. OASIS AND ITS MEMBERS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF ANY USE OF THIS DOCUMENT OR ANY PART THEREOF. + +As stated in the OASIS IPR Policy, the following three paragraphs in brackets apply to OASIS Standards Final Deliverable documents (Committee Specifications, OASIS Standards, or Approved Errata). + +[OASIS requests that any OASIS Party or any other party that believes it has patent claims that would necessarily be infringed by implementations of this OASIS Standards Final Deliverable, to notify OASIS TC Administrator and provide an indication of its willingness to grant patent licenses to such patent claims in a manner consistent with the IPR Mode of the OASIS Technical Committee that produced this deliverable.] + +[OASIS invites any party to contact the OASIS TC Administrator if it is aware of a claim of ownership of any patent claims that would necessarily be infringed by implementations of this OASIS Standards Final Deliverable by a patent holder that is not willing to provide a license to such patent claims in a manner consistent with the IPR Mode of the OASIS Technical Committee that produced this OASIS Standards Final Deliverable. OASIS may include such claims on its website, but disclaims any obligation to do so.] + +[OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this OASIS Standards Final Deliverable or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on OASIS' procedures with respect to rights in any document or deliverable produced by an OASIS Technical Committee can be found on the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this OASIS Standards Final Deliverable, can be obtained from the OASIS TC Administrator. OASIS makes no representation that any information or list of intellectual property rights will at any time be complete, or that any claims in such list are, in fact, Essential Claims.] + +The name "OASIS" is a trademark of OASIS, the owner and developer of this document, and should be used only to refer to the organization and its official outputs. OASIS welcomes reference to, and implementation and use of, documents, while reserving the right to enforce its marks against misleading uses. Please see https://www.oasis-open.org/policies-guidelines/trademark/ for above guidance. + diff --git a/crate/pkcs11/sys/third_party/pkcs11/pkcs11.h b/crate/pkcs11/sys/third_party/pkcs11/pkcs11.h new file mode 100755 index 000000000..4c0fad4f1 --- /dev/null +++ b/crate/pkcs11/sys/third_party/pkcs11/pkcs11.h @@ -0,0 +1,246 @@ +/* + * PKCS #11 Specification Version 3.1 + * Committee Specification 01 + * 11 August 2022 + * Copyright (c) OASIS Open 2022. All Rights Reserved. + * Source: https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/include/pkcs11-v3.1/ + * Latest stage of narrative specification: https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/pkcs11-spec-v3.1.html + * TC IPR Statement: https://www.oasis-open.org/committees/pkcs11/ipr.php + */ + +#ifndef _PKCS11_H_ +#define _PKCS11_H_ 1 + +#ifdef __cplusplus +extern "C" { +#endif + +/* Before including this file (pkcs11.h) (or pkcs11t.h by + * itself), 5 platform-specific macros must be defined. These + * macros are described below, and typical definitions for them + * are also given. Be advised that these definitions can depend + * on both the platform and the compiler used (and possibly also + * on whether a Cryptoki library is linked statically or + * dynamically). + * + * In addition to defining these 5 macros, the packing convention + * for Cryptoki structures should be set. The Cryptoki + * convention on packing is that structures should be 1-byte + * aligned. + * + * If you're using Windows this might be done by using the following + * preprocessor directive before including pkcs11.h or pkcs11t.h: + * + * #pragma pack(push, cryptoki, 1) + * + * and using the following preprocessor directive after including + * pkcs11.h or pkcs11t.h: + * + * #pragma pack(pop, cryptoki) + * + * In a UNIX environment, you're on your own for this. You might + * not need to do (or be able to do!) anything. + * + * + * Now for the macros: + * + * + * 1. CK_PTR: The indirection string for making a pointer to an + * object. It can be used like this: + * + * typedef CK_BYTE CK_PTR CK_BYTE_PTR; + * + * If you're using Windows, it might be defined by: + * + * #define CK_PTR * + * + * In a typical UNIX environment, it might be defined by: + * + * #define CK_PTR * + * + * + * 2. CK_DECLARE_FUNCTION(returnType, name): A macro which makes + * an importable Cryptoki library function declaration out of a + * return type and a function name. It should be used in the + * following fashion: + * + * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)( + * CK_VOID_PTR pReserved + * ); + * + * If you're using Windows to declare a function in a Win32 Cryptoki .dll, + * it might be defined by: + * + * #define CK_DECLARE_FUNCTION(returnType, name) \ + * returnType __declspec(dllimport) name + * + * In a UNIX environment, it might be defined by: + * + * #define CK_DECLARE_FUNCTION(returnType, name) \ + * returnType name + * + * + * 3. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro + * which makes a Cryptoki API function pointer declaration or + * function pointer type declaration out of a return type and a + * function name. It should be used in the following fashion: + * + * // Define funcPtr to be a pointer to a Cryptoki API function + * // taking arguments args and returning CK_RV. + * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args); + * + * or + * + * // Define funcPtrType to be the type of a pointer to a + * // Cryptoki API function taking arguments args and returning + * // CK_RV, and then define funcPtr to be a variable of type + * // funcPtrType. + * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args); + * funcPtrType funcPtr; + * + * If you're using Windows to access + * functions in a Win32 Cryptoki .dll, in might be defined by: + * + * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \ + * returnType __declspec(dllimport) (* name) + * + * In a UNIX environment, it might be defined by: + * + * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \ + * returnType (* name) + * + * + * 4. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes + * a function pointer type for an application callback out of + * a return type for the callback and a name for the callback. + * It should be used in the following fashion: + * + * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args); + * + * to declare a function pointer, myCallback, to a callback + * which takes arguments args and returns a CK_RV. It can also + * be used like this: + * + * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args); + * myCallbackType myCallback; + * + * If you're using Windows, it might be defined by: + * + * #define CK_CALLBACK_FUNCTION(returnType, name) \ + * returnType (* name) + * + * In a UNIX environment, it might be defined by: + * + * #define CK_CALLBACK_FUNCTION(returnType, name) \ + * returnType (* name) + * + * + * 5. NULL_PTR: This macro is the value of a NULL pointer. + * + * In any ANSI/ISO C environment (and in many others as well), + * this should best be defined by + * + * #ifndef NULL_PTR + * #define NULL_PTR 0 + * #endif + */ + + +/* All the various Cryptoki types and #define'd values are in the + * file pkcs11t.h. + */ +#include "pkcs11t.h" + +#define __PASTE(x,y) x##y + + +/* ============================================================== + * Define the "extern" form of all the entry points. + * ============================================================== + */ + +#define CK_NEED_ARG_LIST 1 +#define CK_PKCS11_FUNCTION_INFO(name) \ + extern CK_DECLARE_FUNCTION(CK_RV, name) + +/* pkcs11f.h has all the information about the Cryptoki + * function prototypes. + */ +#include "pkcs11f.h" + +#undef CK_NEED_ARG_LIST +#undef CK_PKCS11_FUNCTION_INFO + + +/* ============================================================== + * Define the typedef form of all the entry points. That is, for + * each Cryptoki function C_XXX, define a type CK_C_XXX which is + * a pointer to that kind of function. + * ============================================================== + */ + +#define CK_NEED_ARG_LIST 1 +#define CK_PKCS11_FUNCTION_INFO(name) \ + typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name)) + +/* pkcs11f.h has all the information about the Cryptoki + * function prototypes. + */ +#include "pkcs11f.h" + +#undef CK_NEED_ARG_LIST +#undef CK_PKCS11_FUNCTION_INFO + + +/* ============================================================== + * Define structed vector of entry points. A CK_FUNCTION_LIST + * contains a CK_VERSION indicating a library's Cryptoki version + * and then a whole slew of function pointers to the routines in + * the library. This type was declared, but not defined, in + * pkcs11t.h. + * ============================================================== + */ + +#define CK_PKCS11_FUNCTION_INFO(name) \ + __PASTE(CK_,name) name; + +/* Create the 3.0 Function list */ +struct CK_FUNCTION_LIST_3_0 { + + CK_VERSION version; /* Cryptoki version */ + +/* Pile all the function pointers into the CK_FUNCTION_LIST. */ +/* pkcs11f.h has all the information about the Cryptoki + * function prototypes. + */ +#include "pkcs11f.h" + +}; + +#define CK_PKCS11_2_0_ONLY 1 + +/* Continue to define the old CK_FUNCTION_LIST */ +struct CK_FUNCTION_LIST { + + CK_VERSION version; /* Cryptoki version */ + +/* Pile all the function pointers into the CK_FUNCTION_LIST. */ +/* pkcs11f.h has all the information about the Cryptoki + * function prototypes. + */ +#include "pkcs11f.h" + +}; + +#undef CK_PKCS11_FUNCTION_INFO +#undef CK_PKCS11_2_0_ONLY + + +#undef __PASTE + +#ifdef __cplusplus +} +#endif + +#endif /* _PKCS11_H_ */ + diff --git a/crate/pkcs11/sys/third_party/pkcs11/pkcs11f.h b/crate/pkcs11/sys/third_party/pkcs11/pkcs11f.h new file mode 100755 index 000000000..a409082dd --- /dev/null +++ b/crate/pkcs11/sys/third_party/pkcs11/pkcs11f.h @@ -0,0 +1,1195 @@ +/* + * PKCS #11 Specification Version 3.1 + * Committee Specification 01 + * 11 August 2022 + * Copyright (c) OASIS Open 2022. All Rights Reserved. + * Source: https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/include/pkcs11-v3.1/ + * Latest stage of narrative specification: https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/pkcs11-spec-v3.1.html + * TC IPR Statement: https://www.oasis-open.org/committees/pkcs11/ipr.php + */ + +/* This header file contains pretty much everything about all the + * Cryptoki function prototypes. Because this information is + * used for more than just declaring function prototypes, the + * order of the functions appearing herein is important, and + * should not be altered. + */ + +/* General-purpose */ + +/* C_Initialize initializes the Cryptoki library. */ +CK_PKCS11_FUNCTION_INFO(C_Initialize) +#ifdef CK_NEED_ARG_LIST +( + CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets + * cast to CK_C_INITIALIZE_ARGS_PTR + * and dereferenced + */ +); +#endif + + +/* C_Finalize indicates that an application is done with the + * Cryptoki library. + */ +CK_PKCS11_FUNCTION_INFO(C_Finalize) +#ifdef CK_NEED_ARG_LIST +( + CK_VOID_PTR pReserved /* reserved. Should be NULL_PTR */ +); +#endif + + +/* C_GetInfo returns general information about Cryptoki. */ +CK_PKCS11_FUNCTION_INFO(C_GetInfo) +#ifdef CK_NEED_ARG_LIST +( + CK_INFO_PTR pInfo /* location that receives information */ +); +#endif + + +/* C_GetFunctionList returns the function list. */ +CK_PKCS11_FUNCTION_INFO(C_GetFunctionList) +#ifdef CK_NEED_ARG_LIST +( + CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to + * function list + */ +); +#endif + + + +/* Slot and token management */ + +/* C_GetSlotList obtains a list of slots in the system. */ +CK_PKCS11_FUNCTION_INFO(C_GetSlotList) +#ifdef CK_NEED_ARG_LIST +( + CK_BBOOL tokenPresent, /* only slots with tokens */ + CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */ + CK_ULONG_PTR pulCount /* receives number of slots */ +); +#endif + + +/* C_GetSlotInfo obtains information about a particular slot in + * the system. + */ +CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo) +#ifdef CK_NEED_ARG_LIST +( + CK_SLOT_ID slotID, /* the ID of the slot */ + CK_SLOT_INFO_PTR pInfo /* receives the slot information */ +); +#endif + + +/* C_GetTokenInfo obtains information about a particular token + * in the system. + */ +CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo) +#ifdef CK_NEED_ARG_LIST +( + CK_SLOT_ID slotID, /* ID of the token's slot */ + CK_TOKEN_INFO_PTR pInfo /* receives the token information */ +); +#endif + + +/* C_GetMechanismList obtains a list of mechanism types + * supported by a token. + */ +CK_PKCS11_FUNCTION_INFO(C_GetMechanismList) +#ifdef CK_NEED_ARG_LIST +( + CK_SLOT_ID slotID, /* ID of token's slot */ + CK_MECHANISM_TYPE_PTR pMechanismList, /* gets mech. array */ + CK_ULONG_PTR pulCount /* gets # of mechs. */ +); +#endif + + +/* C_GetMechanismInfo obtains information about a particular + * mechanism possibly supported by a token. + */ +CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo) +#ifdef CK_NEED_ARG_LIST +( + CK_SLOT_ID slotID, /* ID of the token's slot */ + CK_MECHANISM_TYPE type, /* type of mechanism */ + CK_MECHANISM_INFO_PTR pInfo /* receives mechanism info */ +); +#endif + + +/* C_InitToken initializes a token. */ +CK_PKCS11_FUNCTION_INFO(C_InitToken) +#ifdef CK_NEED_ARG_LIST +( + CK_SLOT_ID slotID, /* ID of the token's slot */ + CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */ + CK_ULONG ulPinLen, /* length in bytes of the PIN */ + CK_UTF8CHAR_PTR pLabel /* 32-byte token label (blank padded) */ +); +#endif + + +/* C_InitPIN initializes the normal user's PIN. */ +CK_PKCS11_FUNCTION_INFO(C_InitPIN) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_UTF8CHAR_PTR pPin, /* the normal user's PIN */ + CK_ULONG ulPinLen /* length in bytes of the PIN */ +); +#endif + + +/* C_SetPIN modifies the PIN of the user who is logged in. */ +CK_PKCS11_FUNCTION_INFO(C_SetPIN) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_UTF8CHAR_PTR pOldPin, /* the old PIN */ + CK_ULONG ulOldLen, /* length of the old PIN */ + CK_UTF8CHAR_PTR pNewPin, /* the new PIN */ + CK_ULONG ulNewLen /* length of the new PIN */ +); +#endif + + + +/* Session management */ + +/* C_OpenSession opens a session between an application and a + * token. + */ +CK_PKCS11_FUNCTION_INFO(C_OpenSession) +#ifdef CK_NEED_ARG_LIST +( + CK_SLOT_ID slotID, /* the slot's ID */ + CK_FLAGS flags, /* from CK_SESSION_INFO */ + CK_VOID_PTR pApplication, /* passed to callback */ + CK_NOTIFY Notify, /* callback function */ + CK_SESSION_HANDLE_PTR phSession /* gets session handle */ +); +#endif + + +/* C_CloseSession closes a session between an application and a + * token. + */ +CK_PKCS11_FUNCTION_INFO(C_CloseSession) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession /* the session's handle */ +); +#endif + + +/* C_CloseAllSessions closes all sessions with a token. */ +CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions) +#ifdef CK_NEED_ARG_LIST +( + CK_SLOT_ID slotID /* the token's slot */ +); +#endif + + +/* C_GetSessionInfo obtains information about the session. */ +CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_SESSION_INFO_PTR pInfo /* receives session info */ +); +#endif + + +/* C_GetOperationState obtains the state of the cryptographic operation + * in a session. + */ +CK_PKCS11_FUNCTION_INFO(C_GetOperationState) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* session's handle */ + CK_BYTE_PTR pOperationState, /* gets state */ + CK_ULONG_PTR pulOperationStateLen /* gets state length */ +); +#endif + + +/* C_SetOperationState restores the state of the cryptographic + * operation in a session. + */ +CK_PKCS11_FUNCTION_INFO(C_SetOperationState) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* session's handle */ + CK_BYTE_PTR pOperationState, /* holds state */ + CK_ULONG ulOperationStateLen, /* holds state length */ + CK_OBJECT_HANDLE hEncryptionKey, /* en/decryption key */ + CK_OBJECT_HANDLE hAuthenticationKey /* sign/verify key */ +); +#endif + + +/* C_Login logs a user into a token. */ +CK_PKCS11_FUNCTION_INFO(C_Login) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_USER_TYPE userType, /* the user type */ + CK_UTF8CHAR_PTR pPin, /* the user's PIN */ + CK_ULONG ulPinLen /* the length of the PIN */ +); +#endif + + +/* C_Logout logs a user out from a token. */ +CK_PKCS11_FUNCTION_INFO(C_Logout) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession /* the session's handle */ +); +#endif + + + +/* Object management */ + +/* C_CreateObject creates a new object. */ +CK_PKCS11_FUNCTION_INFO(C_CreateObject) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_ATTRIBUTE_PTR pTemplate, /* the object's template */ + CK_ULONG ulCount, /* attributes in template */ + CK_OBJECT_HANDLE_PTR phObject /* gets new object's handle. */ +); +#endif + + +/* C_CopyObject copies an object, creating a new object for the + * copy. + */ +CK_PKCS11_FUNCTION_INFO(C_CopyObject) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_OBJECT_HANDLE hObject, /* the object's handle */ + CK_ATTRIBUTE_PTR pTemplate, /* template for new object */ + CK_ULONG ulCount, /* attributes in template */ + CK_OBJECT_HANDLE_PTR phNewObject /* receives handle of copy */ +); +#endif + + +/* C_DestroyObject destroys an object. */ +CK_PKCS11_FUNCTION_INFO(C_DestroyObject) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_OBJECT_HANDLE hObject /* the object's handle */ +); +#endif + + +/* C_GetObjectSize gets the size of an object in bytes. */ +CK_PKCS11_FUNCTION_INFO(C_GetObjectSize) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_OBJECT_HANDLE hObject, /* the object's handle */ + CK_ULONG_PTR pulSize /* receives size of object */ +); +#endif + + +/* C_GetAttributeValue obtains the value of one or more object + * attributes. + */ +CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_OBJECT_HANDLE hObject, /* the object's handle */ + CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs; gets vals */ + CK_ULONG ulCount /* attributes in template */ +); +#endif + + +/* C_SetAttributeValue modifies the value of one or more object + * attributes. + */ +CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_OBJECT_HANDLE hObject, /* the object's handle */ + CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs and values */ + CK_ULONG ulCount /* attributes in template */ +); +#endif + + +/* C_FindObjectsInit initializes a search for token and session + * objects that match a template. + */ +CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */ + CK_ULONG ulCount /* attrs in search template */ +); +#endif + + +/* C_FindObjects continues a search for token and session + * objects that match a template, obtaining additional object + * handles. + */ +CK_PKCS11_FUNCTION_INFO(C_FindObjects) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* session's handle */ + CK_OBJECT_HANDLE_PTR phObject, /* gets obj. handles */ + CK_ULONG ulMaxObjectCount, /* max handles to get */ + CK_ULONG_PTR pulObjectCount /* actual # returned */ +); +#endif + + +/* C_FindObjectsFinal finishes a search for token and session + * objects. + */ +CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession /* the session's handle */ +); +#endif + + + +/* Encryption and decryption */ + +/* C_EncryptInit initializes an encryption operation. */ +CK_PKCS11_FUNCTION_INFO(C_EncryptInit) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */ + CK_OBJECT_HANDLE hKey /* handle of encryption key */ +); +#endif + + +/* C_Encrypt encrypts single-part data. */ +CK_PKCS11_FUNCTION_INFO(C_Encrypt) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* session's handle */ + CK_BYTE_PTR pData, /* the plaintext data */ + CK_ULONG ulDataLen, /* bytes of plaintext */ + CK_BYTE_PTR pEncryptedData, /* gets ciphertext */ + CK_ULONG_PTR pulEncryptedDataLen /* gets c-text size */ +); +#endif + + +/* C_EncryptUpdate continues a multiple-part encryption + * operation. + */ +CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* session's handle */ + CK_BYTE_PTR pPart, /* the plaintext data */ + CK_ULONG ulPartLen, /* plaintext data len */ + CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */ + CK_ULONG_PTR pulEncryptedPartLen /* gets c-text size */ +); +#endif + + +/* C_EncryptFinal finishes a multiple-part encryption + * operation. + */ +CK_PKCS11_FUNCTION_INFO(C_EncryptFinal) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* session handle */ + CK_BYTE_PTR pLastEncryptedPart, /* last c-text */ + CK_ULONG_PTR pulLastEncryptedPartLen /* gets last size */ +); +#endif + + +/* C_DecryptInit initializes a decryption operation. */ +CK_PKCS11_FUNCTION_INFO(C_DecryptInit) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */ + CK_OBJECT_HANDLE hKey /* handle of decryption key */ +); +#endif + + +/* C_Decrypt decrypts encrypted data in a single part. */ +CK_PKCS11_FUNCTION_INFO(C_Decrypt) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* session's handle */ + CK_BYTE_PTR pEncryptedData, /* ciphertext */ + CK_ULONG ulEncryptedDataLen, /* ciphertext length */ + CK_BYTE_PTR pData, /* gets plaintext */ + CK_ULONG_PTR pulDataLen /* gets p-text size */ +); +#endif + + +/* C_DecryptUpdate continues a multiple-part decryption + * operation. + */ +CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* session's handle */ + CK_BYTE_PTR pEncryptedPart, /* encrypted data */ + CK_ULONG ulEncryptedPartLen, /* input length */ + CK_BYTE_PTR pPart, /* gets plaintext */ + CK_ULONG_PTR pulPartLen /* p-text size */ +); +#endif + + +/* C_DecryptFinal finishes a multiple-part decryption + * operation. + */ +CK_PKCS11_FUNCTION_INFO(C_DecryptFinal) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pLastPart, /* gets plaintext */ + CK_ULONG_PTR pulLastPartLen /* p-text size */ +); +#endif + + + +/* Message digesting */ + +/* C_DigestInit initializes a message-digesting operation. */ +CK_PKCS11_FUNCTION_INFO(C_DigestInit) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism /* the digesting mechanism */ +); +#endif + + +/* C_Digest digests data in a single part. */ +CK_PKCS11_FUNCTION_INFO(C_Digest) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pData, /* data to be digested */ + CK_ULONG ulDataLen, /* bytes of data to digest */ + CK_BYTE_PTR pDigest, /* gets the message digest */ + CK_ULONG_PTR pulDigestLen /* gets digest length */ +); +#endif + + +/* C_DigestUpdate continues a multiple-part message-digesting + * operation. + */ +CK_PKCS11_FUNCTION_INFO(C_DigestUpdate) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pPart, /* data to be digested */ + CK_ULONG ulPartLen /* bytes of data to be digested */ +); +#endif + + +/* C_DigestKey continues a multi-part message-digesting + * operation, by digesting the value of a secret key as part of + * the data already digested. + */ +CK_PKCS11_FUNCTION_INFO(C_DigestKey) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_OBJECT_HANDLE hKey /* secret key to digest */ +); +#endif + + +/* C_DigestFinal finishes a multiple-part message-digesting + * operation. + */ +CK_PKCS11_FUNCTION_INFO(C_DigestFinal) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pDigest, /* gets the message digest */ + CK_ULONG_PTR pulDigestLen /* gets byte count of digest */ +); +#endif + + + +/* Signing and MACing */ + +/* C_SignInit initializes a signature (private key encryption) + * operation, where the signature is (will be) an appendix to + * the data, and plaintext cannot be recovered from the + * signature. + */ +CK_PKCS11_FUNCTION_INFO(C_SignInit) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the signature mechanism */ + CK_OBJECT_HANDLE hKey /* handle of signature key */ +); +#endif + + +/* C_Sign signs (encrypts with private key) data in a single + * part, where the signature is (will be) an appendix to the + * data, and plaintext cannot be recovered from the signature. + */ +CK_PKCS11_FUNCTION_INFO(C_Sign) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pData, /* the data to sign */ + CK_ULONG ulDataLen, /* count of bytes to sign */ + CK_BYTE_PTR pSignature, /* gets the signature */ + CK_ULONG_PTR pulSignatureLen /* gets signature length */ +); +#endif + + +/* C_SignUpdate continues a multiple-part signature operation, + * where the signature is (will be) an appendix to the data, + * and plaintext cannot be recovered from the signature. + */ +CK_PKCS11_FUNCTION_INFO(C_SignUpdate) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pPart, /* the data to sign */ + CK_ULONG ulPartLen /* count of bytes to sign */ +); +#endif + + +/* C_SignFinal finishes a multiple-part signature operation, + * returning the signature. + */ +CK_PKCS11_FUNCTION_INFO(C_SignFinal) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pSignature, /* gets the signature */ + CK_ULONG_PTR pulSignatureLen /* gets signature length */ +); +#endif + + +/* C_SignRecoverInit initializes a signature operation, where + * the data can be recovered from the signature. + */ +CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the signature mechanism */ + CK_OBJECT_HANDLE hKey /* handle of the signature key */ +); +#endif + + +/* C_SignRecover signs data in a single operation, where the + * data can be recovered from the signature. + */ +CK_PKCS11_FUNCTION_INFO(C_SignRecover) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pData, /* the data to sign */ + CK_ULONG ulDataLen, /* count of bytes to sign */ + CK_BYTE_PTR pSignature, /* gets the signature */ + CK_ULONG_PTR pulSignatureLen /* gets signature length */ +); +#endif + + + +/* Verifying signatures and MACs */ + +/* C_VerifyInit initializes a verification operation, where the + * signature is an appendix to the data, and plaintext cannot + * cannot be recovered from the signature (e.g. DSA). + */ +CK_PKCS11_FUNCTION_INFO(C_VerifyInit) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ + CK_OBJECT_HANDLE hKey /* verification key */ +); +#endif + + +/* C_Verify verifies a signature in a single-part operation, + * where the signature is an appendix to the data, and plaintext + * cannot be recovered from the signature. + */ +CK_PKCS11_FUNCTION_INFO(C_Verify) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pData, /* signed data */ + CK_ULONG ulDataLen, /* length of signed data */ + CK_BYTE_PTR pSignature, /* signature */ + CK_ULONG ulSignatureLen /* signature length*/ +); +#endif + + +/* C_VerifyUpdate continues a multiple-part verification + * operation, where the signature is an appendix to the data, + * and plaintext cannot be recovered from the signature. + */ +CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pPart, /* signed data */ + CK_ULONG ulPartLen /* length of signed data */ +); +#endif + + +/* C_VerifyFinal finishes a multiple-part verification + * operation, checking the signature. + */ +CK_PKCS11_FUNCTION_INFO(C_VerifyFinal) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pSignature, /* signature to verify */ + CK_ULONG ulSignatureLen /* signature length */ +); +#endif + + +/* C_VerifyRecoverInit initializes a signature verification + * operation, where the data is recovered from the signature. + */ +CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ + CK_OBJECT_HANDLE hKey /* verification key */ +); +#endif + + +/* C_VerifyRecover verifies a signature in a single-part + * operation, where the data is recovered from the signature. + */ +CK_PKCS11_FUNCTION_INFO(C_VerifyRecover) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pSignature, /* signature to verify */ + CK_ULONG ulSignatureLen, /* signature length */ + CK_BYTE_PTR pData, /* gets signed data */ + CK_ULONG_PTR pulDataLen /* gets signed data len */ +); +#endif + + + +/* Dual-function cryptographic operations */ + +/* C_DigestEncryptUpdate continues a multiple-part digesting + * and encryption operation. + */ +CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* session's handle */ + CK_BYTE_PTR pPart, /* the plaintext data */ + CK_ULONG ulPartLen, /* plaintext length */ + CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */ + CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */ +); +#endif + + +/* C_DecryptDigestUpdate continues a multiple-part decryption and + * digesting operation. + */ +CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* session's handle */ + CK_BYTE_PTR pEncryptedPart, /* ciphertext */ + CK_ULONG ulEncryptedPartLen, /* ciphertext length */ + CK_BYTE_PTR pPart, /* gets plaintext */ + CK_ULONG_PTR pulPartLen /* gets plaintext len */ +); +#endif + + +/* C_SignEncryptUpdate continues a multiple-part signing and + * encryption operation. + */ +CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* session's handle */ + CK_BYTE_PTR pPart, /* the plaintext data */ + CK_ULONG ulPartLen, /* plaintext length */ + CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */ + CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */ +); +#endif + + +/* C_DecryptVerifyUpdate continues a multiple-part decryption and + * verify operation. + */ +CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* session's handle */ + CK_BYTE_PTR pEncryptedPart, /* ciphertext */ + CK_ULONG ulEncryptedPartLen, /* ciphertext length */ + CK_BYTE_PTR pPart, /* gets plaintext */ + CK_ULONG_PTR pulPartLen /* gets p-text length */ +); +#endif + + + +/* Key management */ + +/* C_GenerateKey generates a secret key, creating a new key + * object. + */ +CK_PKCS11_FUNCTION_INFO(C_GenerateKey) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* key generation mech. */ + CK_ATTRIBUTE_PTR pTemplate, /* template for new key */ + CK_ULONG ulCount, /* # of attrs in template */ + CK_OBJECT_HANDLE_PTR phKey /* gets handle of new key */ +); +#endif + + +/* C_GenerateKeyPair generates a public-key/private-key pair, + * creating new key objects. + */ +CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* session handle */ + CK_MECHANISM_PTR pMechanism, /* key-gen mech. */ + CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template for pub. key */ + CK_ULONG ulPublicKeyAttributeCount, /* # pub. attrs. */ + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template for priv. key */ + CK_ULONG ulPrivateKeyAttributeCount, /* # priv. attrs. */ + CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub. key handle */ + CK_OBJECT_HANDLE_PTR phPrivateKey /* gets priv. key handle */ +); +#endif + + +/* C_WrapKey wraps (i.e., encrypts) a key. */ +CK_PKCS11_FUNCTION_INFO(C_WrapKey) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */ + CK_OBJECT_HANDLE hWrappingKey, /* wrapping key */ + CK_OBJECT_HANDLE hKey, /* key to be wrapped */ + CK_BYTE_PTR pWrappedKey, /* gets wrapped key */ + CK_ULONG_PTR pulWrappedKeyLen /* gets wrapped key size */ +); +#endif + + +/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new + * key object. + */ +CK_PKCS11_FUNCTION_INFO(C_UnwrapKey) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* session's handle */ + CK_MECHANISM_PTR pMechanism, /* unwrapping mech. */ + CK_OBJECT_HANDLE hUnwrappingKey, /* unwrapping key */ + CK_BYTE_PTR pWrappedKey, /* the wrapped key */ + CK_ULONG ulWrappedKeyLen, /* wrapped key len */ + CK_ATTRIBUTE_PTR pTemplate, /* new key template */ + CK_ULONG ulAttributeCount, /* template length */ + CK_OBJECT_HANDLE_PTR phKey /* gets new handle */ +); +#endif + + +/* C_DeriveKey derives a key from a base key, creating a new key + * object. + */ +CK_PKCS11_FUNCTION_INFO(C_DeriveKey) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* session's handle */ + CK_MECHANISM_PTR pMechanism, /* key deriv. mech. */ + CK_OBJECT_HANDLE hBaseKey, /* base key */ + CK_ATTRIBUTE_PTR pTemplate, /* new key template */ + CK_ULONG ulAttributeCount, /* template length */ + CK_OBJECT_HANDLE_PTR phKey /* gets new handle */ +); +#endif + + + +/* Random number generation */ + +/* C_SeedRandom mixes additional seed material into the token's + * random number generator. + */ +CK_PKCS11_FUNCTION_INFO(C_SeedRandom) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pSeed, /* the seed material */ + CK_ULONG ulSeedLen /* length of seed material */ +); +#endif + + +/* C_GenerateRandom generates random data. */ +CK_PKCS11_FUNCTION_INFO(C_GenerateRandom) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR RandomData, /* receives the random data */ + CK_ULONG ulRandomLen /* # of bytes to generate */ +); +#endif + + + +/* Parallel function management */ + +/* C_GetFunctionStatus is a legacy function; it obtains an + * updated status of a function running in parallel with an + * application. + */ +CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession /* the session's handle */ +); +#endif + + +/* C_CancelFunction is a legacy function; it cancels a function + * running in parallel. + */ +CK_PKCS11_FUNCTION_INFO(C_CancelFunction) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession /* the session's handle */ +); +#endif + + +/* C_WaitForSlotEvent waits for a slot event (token insertion, + * removal, etc.) to occur. + */ +CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent) +#ifdef CK_NEED_ARG_LIST +( + CK_FLAGS flags, /* blocking/nonblocking flag */ + CK_SLOT_ID_PTR pSlot, /* location that receives the slot ID */ + CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */ +); +#endif + +#ifndef CK_PKCS11_2_0_ONLY +/* C_GetInterfaceList returns all the interfaces supported by the module*/ +CK_PKCS11_FUNCTION_INFO(C_GetInterfaceList) +#ifdef CK_NEED_ARG_LIST +( + CK_INTERFACE_PTR pInterfacesList, /* returned interfaces */ + CK_ULONG_PTR pulCount /* number of interfaces returned */ +); +#endif + +/* C_GetInterface returns a specific interface from the module. */ +CK_PKCS11_FUNCTION_INFO(C_GetInterface) +#ifdef CK_NEED_ARG_LIST +( + CK_UTF8CHAR_PTR pInterfaceName, /* name of the interface */ + CK_VERSION_PTR pVersion, /* version of the interface */ + CK_INTERFACE_PTR_PTR ppInterface, /* returned interface */ + CK_FLAGS flags /* flags controlling the semantics + * of the interface */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_LoginUser) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_USER_TYPE userType, /* the user type */ + CK_UTF8CHAR_PTR pPin, /* the user's PIN */ + CK_ULONG ulPinLen, /* the length of the PIN */ + CK_UTF8CHAR_PTR pUsername, /* the user's name */ + CK_ULONG ulUsernameLen /*the length of the user's name */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_SessionCancel) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_FLAGS flags /* flags control which sessions are cancelled */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_MessageEncryptInit) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */ + CK_OBJECT_HANDLE hKey /* handle of encryption key */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_EncryptMessage) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_VOID_PTR pParameter, /* message specific parameter */ + CK_ULONG ulParameterLen, /* length of message specific parameter */ + CK_BYTE_PTR pAssociatedData, /* AEAD Associated data */ + CK_ULONG ulAssociatedDataLen, /* AEAD Associated data length */ + CK_BYTE_PTR pPlaintext, /* plain text */ + CK_ULONG ulPlaintextLen, /* plain text length */ + CK_BYTE_PTR pCiphertext, /* gets cipher text */ + CK_ULONG_PTR pulCiphertextLen /* gets cipher text length */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_EncryptMessageBegin) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_VOID_PTR pParameter, /* message specific parameter */ + CK_ULONG ulParameterLen, /* length of message specific parameter */ + CK_BYTE_PTR pAssociatedData, /* AEAD Associated data */ + CK_ULONG ulAssociatedDataLen /* AEAD Associated data length */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_EncryptMessageNext) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_VOID_PTR pParameter, /* message specific parameter */ + CK_ULONG ulParameterLen, /* length of message specific parameter */ + CK_BYTE_PTR pPlaintextPart, /* plain text */ + CK_ULONG ulPlaintextPartLen, /* plain text length */ + CK_BYTE_PTR pCiphertextPart, /* gets cipher text */ + CK_ULONG_PTR pulCiphertextPartLen, /* gets cipher text length */ + CK_FLAGS flags /* multi mode flag */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_MessageEncryptFinal) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession /* the session's handle */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_MessageDecryptInit) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */ + CK_OBJECT_HANDLE hKey /* handle of decryption key */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_DecryptMessage) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_VOID_PTR pParameter, /* message specific parameter */ + CK_ULONG ulParameterLen, /* length of message specific parameter */ + CK_BYTE_PTR pAssociatedData, /* AEAD Associated data */ + CK_ULONG ulAssociatedDataLen, /* AEAD Associated data length */ + CK_BYTE_PTR pCiphertext, /* cipher text */ + CK_ULONG ulCiphertextLen, /* cipher text length */ + CK_BYTE_PTR pPlaintext, /* gets plain text */ + CK_ULONG_PTR pulPlaintextLen /* gets plain text length */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_DecryptMessageBegin) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_VOID_PTR pParameter, /* message specific parameter */ + CK_ULONG ulParameterLen, /* length of message specific parameter */ + CK_BYTE_PTR pAssociatedData, /* AEAD Associated data */ + CK_ULONG ulAssociatedDataLen /* AEAD Associated data length */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_DecryptMessageNext) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_VOID_PTR pParameter, /* message specific parameter */ + CK_ULONG ulParameterLen, /* length of message specific parameter */ + CK_BYTE_PTR pCiphertextPart, /* cipher text */ + CK_ULONG ulCiphertextPartLen, /* cipher text length */ + CK_BYTE_PTR pPlaintextPart, /* gets plain text */ + CK_ULONG_PTR pulPlaintextPartLen, /* gets plain text length */ + CK_FLAGS flags /* multi mode flag */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_MessageDecryptFinal) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession /* the session's handle */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_MessageSignInit) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the signing mechanism */ + CK_OBJECT_HANDLE hKey /* handle of signing key */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_SignMessage) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_VOID_PTR pParameter, /* message specific parameter */ + CK_ULONG ulParameterLen, /* length of message specific parameter */ + CK_BYTE_PTR pData, /* data to sign */ + CK_ULONG ulDataLen, /* data to sign length */ + CK_BYTE_PTR pSignature, /* gets signature */ + CK_ULONG_PTR pulSignatureLen /* gets signature length */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_SignMessageBegin) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_VOID_PTR pParameter, /* message specific parameter */ + CK_ULONG ulParameterLen /* length of message specific parameter */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_SignMessageNext) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_VOID_PTR pParameter, /* message specific parameter */ + CK_ULONG ulParameterLen, /* length of message specific parameter */ + CK_BYTE_PTR pData, /* data to sign */ + CK_ULONG ulDataLen, /* data to sign length */ + CK_BYTE_PTR pSignature, /* gets signature */ + CK_ULONG_PTR pulSignatureLen /* gets signature length */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_MessageSignFinal) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession /* the session's handle */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_MessageVerifyInit) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the signing mechanism */ + CK_OBJECT_HANDLE hKey /* handle of signing key */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_VerifyMessage) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_VOID_PTR pParameter, /* message specific parameter */ + CK_ULONG ulParameterLen, /* length of message specific parameter */ + CK_BYTE_PTR pData, /* data to sign */ + CK_ULONG ulDataLen, /* data to sign length */ + CK_BYTE_PTR pSignature, /* signature */ + CK_ULONG ulSignatureLen /* signature length */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_VerifyMessageBegin) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_VOID_PTR pParameter, /* message specific parameter */ + CK_ULONG ulParameterLen /* length of message specific parameter */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_VerifyMessageNext) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_VOID_PTR pParameter, /* message specific parameter */ + CK_ULONG ulParameterLen, /* length of message specific parameter */ + CK_BYTE_PTR pData, /* data to sign */ + CK_ULONG ulDataLen, /* data to sign length */ + CK_BYTE_PTR pSignature, /* signature */ + CK_ULONG ulSignatureLen /* signature length */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_MessageVerifyFinal) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession /* the session's handle */ +); +#endif + +#endif /* CK_PKCS11_2_0_ONLY */ diff --git a/crate/pkcs11/sys/third_party/pkcs11/pkcs11t.h b/crate/pkcs11/sys/third_party/pkcs11/pkcs11t.h new file mode 100755 index 000000000..d7e66d49d --- /dev/null +++ b/crate/pkcs11/sys/third_party/pkcs11/pkcs11t.h @@ -0,0 +1,2523 @@ +/* + * PKCS #11 Specification Version 3.1 + * Committee Specification 01 + * 11 August 2022 + * Copyright (c) OASIS Open 2022. All Rights Reserved. + * Source: https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/include/pkcs11-v3.1/ + * Latest stage of narrative specification: https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/pkcs11-spec-v3.1.html + * TC IPR Statement: https://www.oasis-open.org/committees/pkcs11/ipr.php + */ + +/* See top of pkcs11.h for information about the macros that + * must be defined and the structure-packing conventions that + * must be set before including this file. + */ + +#ifndef _PKCS11T_H_ +#define _PKCS11T_H_ 1 + +#define CRYPTOKI_VERSION_MAJOR 3 +#define CRYPTOKI_VERSION_MINOR 1 +#define CRYPTOKI_VERSION_AMENDMENT 0 + +#define CK_TRUE 1 +#define CK_FALSE 0 + +#ifndef CK_DISABLE_TRUE_FALSE +#ifndef FALSE +#define FALSE CK_FALSE +#endif +#ifndef TRUE +#define TRUE CK_TRUE +#endif +#endif + +/* an unsigned 8-bit value */ +typedef unsigned char CK_BYTE; + +/* an unsigned 8-bit character */ +typedef CK_BYTE CK_CHAR; + +/* an 8-bit UTF-8 character */ +typedef CK_BYTE CK_UTF8CHAR; + +/* a BYTE-sized Boolean flag */ +typedef CK_BYTE CK_BBOOL; + +/* an unsigned value, at least 32 bits long */ +typedef unsigned long int CK_ULONG; + +/* a signed value, the same size as a CK_ULONG */ +typedef long int CK_LONG; + +/* at least 32 bits; each bit is a Boolean flag */ +typedef CK_ULONG CK_FLAGS; + + +/* some special values for certain CK_ULONG variables */ +#define CK_UNAVAILABLE_INFORMATION (~0UL) +#define CK_EFFECTIVELY_INFINITE 0UL + + +typedef CK_BYTE CK_PTR CK_BYTE_PTR; +typedef CK_CHAR CK_PTR CK_CHAR_PTR; +typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR; +typedef CK_ULONG CK_PTR CK_ULONG_PTR; +typedef void CK_PTR CK_VOID_PTR; + +/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */ +typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR; + + +/* The following value is always invalid if used as a session + * handle or object handle + */ +#define CK_INVALID_HANDLE 0UL + + +typedef struct CK_VERSION { + CK_BYTE major; /* integer portion of version number */ + CK_BYTE minor; /* 1/100ths portion of version number */ +} CK_VERSION; + +typedef CK_VERSION CK_PTR CK_VERSION_PTR; + + +typedef struct CK_INFO { + CK_VERSION cryptokiVersion; /* Cryptoki interface ver */ + CK_UTF8CHAR manufacturerID[32]; /* blank padded */ + CK_FLAGS flags; /* must be zero */ + CK_UTF8CHAR libraryDescription[32]; /* blank padded */ + CK_VERSION libraryVersion; /* version of library */ +} CK_INFO; + +typedef CK_INFO CK_PTR CK_INFO_PTR; + + +/* CK_NOTIFICATION enumerates the types of notifications that + * Cryptoki provides to an application + */ +typedef CK_ULONG CK_NOTIFICATION; +#define CKN_SURRENDER 0UL +#define CKN_OTP_CHANGED 1UL + +typedef CK_ULONG CK_SLOT_ID; + +typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR; + + +/* CK_SLOT_INFO provides information about a slot */ +typedef struct CK_SLOT_INFO { + CK_UTF8CHAR slotDescription[64]; /* blank padded */ + CK_UTF8CHAR manufacturerID[32]; /* blank padded */ + CK_FLAGS flags; + + CK_VERSION hardwareVersion; /* version of hardware */ + CK_VERSION firmwareVersion; /* version of firmware */ +} CK_SLOT_INFO; + +/* flags: bit flags that provide capabilities of the slot + * Bit Flag Mask Meaning + */ +#define CKF_TOKEN_PRESENT 0x00000001UL /* a token is there */ +#define CKF_REMOVABLE_DEVICE 0x00000002UL /* removable devices*/ +#define CKF_HW_SLOT 0x00000004UL /* hardware slot */ + +typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR; + + +/* CK_TOKEN_INFO provides information about a token */ +typedef struct CK_TOKEN_INFO { + CK_UTF8CHAR label[32]; /* blank padded */ + CK_UTF8CHAR manufacturerID[32]; /* blank padded */ + CK_UTF8CHAR model[16]; /* blank padded */ + CK_CHAR serialNumber[16]; /* blank padded */ + CK_FLAGS flags; /* see below */ + + CK_ULONG ulMaxSessionCount; /* max open sessions */ + CK_ULONG ulSessionCount; /* sess. now open */ + CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */ + CK_ULONG ulRwSessionCount; /* R/W sess. now open */ + CK_ULONG ulMaxPinLen; /* in bytes */ + CK_ULONG ulMinPinLen; /* in bytes */ + CK_ULONG ulTotalPublicMemory; /* in bytes */ + CK_ULONG ulFreePublicMemory; /* in bytes */ + CK_ULONG ulTotalPrivateMemory; /* in bytes */ + CK_ULONG ulFreePrivateMemory; /* in bytes */ + CK_VERSION hardwareVersion; /* version of hardware */ + CK_VERSION firmwareVersion; /* version of firmware */ + CK_CHAR utcTime[16]; /* time */ +} CK_TOKEN_INFO; + +/* The flags parameter is defined as follows: + * Bit Flag Mask Meaning + */ +#define CKF_RNG 0x00000001UL /* has random # generator */ +#define CKF_WRITE_PROTECTED 0x00000002UL /* token is write-protected */ +#define CKF_LOGIN_REQUIRED 0x00000004UL /* user must login */ +#define CKF_USER_PIN_INITIALIZED 0x00000008UL /* normal user's PIN is set */ + +/* CKF_RESTORE_KEY_NOT_NEEDED. If it is set, + * that means that *every* time the state of cryptographic + * operations of a session is successfully saved, all keys + * needed to continue those operations are stored in the state + */ +#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020UL + +/* CKF_CLOCK_ON_TOKEN. If it is set, that means + * that the token has some sort of clock. The time on that + * clock is returned in the token info structure + */ +#define CKF_CLOCK_ON_TOKEN 0x00000040UL + +/* CKF_PROTECTED_AUTHENTICATION_PATH. If it is + * set, that means that there is some way for the user to login + * without sending a PIN through the Cryptoki library itself + */ +#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100UL + +/* CKF_DUAL_CRYPTO_OPERATIONS. If it is true, + * that means that a single session with the token can perform + * dual simultaneous cryptographic operations (digest and + * encrypt; decrypt and digest; sign and encrypt; and decrypt + * and sign) + */ +#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200UL + +/* CKF_TOKEN_INITIALIZED. If it is true, the + * token has been initialized using C_InitializeToken or an + * equivalent mechanism outside the scope of PKCS #11. + * Calling C_InitializeToken when this flag is set will cause + * the token to be reinitialized. + */ +#define CKF_TOKEN_INITIALIZED 0x00000400UL + +/* CKF_SECONDARY_AUTHENTICATION. If it is + * true, the token supports secondary authentication for + * private key objects. + */ +#define CKF_SECONDARY_AUTHENTICATION 0x00000800UL + +/* CKF_USER_PIN_COUNT_LOW. If it is true, an + * incorrect user login PIN has been entered at least once + * since the last successful authentication. + */ +#define CKF_USER_PIN_COUNT_LOW 0x00010000UL + +/* CKF_USER_PIN_FINAL_TRY. If it is true, + * supplying an incorrect user PIN will it to become locked. + */ +#define CKF_USER_PIN_FINAL_TRY 0x00020000UL + +/* CKF_USER_PIN_LOCKED. If it is true, the + * user PIN has been locked. User login to the token is not + * possible. + */ +#define CKF_USER_PIN_LOCKED 0x00040000UL + +/* CKF_USER_PIN_TO_BE_CHANGED. If it is true, + * the user PIN value is the default value set by token + * initialization or manufacturing, or the PIN has been + * expired by the card. + */ +#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000UL + +/* CKF_SO_PIN_COUNT_LOW. If it is true, an + * incorrect SO login PIN has been entered at least once since + * the last successful authentication. + */ +#define CKF_SO_PIN_COUNT_LOW 0x00100000UL + +/* CKF_SO_PIN_FINAL_TRY. If it is true, + * supplying an incorrect SO PIN will it to become locked. + */ +#define CKF_SO_PIN_FINAL_TRY 0x00200000UL + +/* CKF_SO_PIN_LOCKED. If it is true, the SO + * PIN has been locked. SO login to the token is not possible. + */ +#define CKF_SO_PIN_LOCKED 0x00400000UL + +/* CKF_SO_PIN_TO_BE_CHANGED. If it is true, + * the SO PIN value is the default value set by token + * initialization or manufacturing, or the PIN has been + * expired by the card. + */ +#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000UL + +#define CKF_ERROR_STATE 0x01000000UL + +typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR; + + +/* CK_SESSION_HANDLE is a Cryptoki-assigned value that + * identifies a session + */ +typedef CK_ULONG CK_SESSION_HANDLE; + +typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR; + + +/* CK_USER_TYPE enumerates the types of Cryptoki users */ +typedef CK_ULONG CK_USER_TYPE; +/* Security Officer */ +#define CKU_SO 0UL +/* Normal user */ +#define CKU_USER 1UL +/* Context specific */ +#define CKU_CONTEXT_SPECIFIC 2UL + +/* CK_STATE enumerates the session states */ +typedef CK_ULONG CK_STATE; +#define CKS_RO_PUBLIC_SESSION 0UL +#define CKS_RO_USER_FUNCTIONS 1UL +#define CKS_RW_PUBLIC_SESSION 2UL +#define CKS_RW_USER_FUNCTIONS 3UL +#define CKS_RW_SO_FUNCTIONS 4UL + +/* CK_SESSION_INFO provides information about a session */ +typedef struct CK_SESSION_INFO { + CK_SLOT_ID slotID; + CK_STATE state; + CK_FLAGS flags; /* see below */ + CK_ULONG ulDeviceError; /* device-dependent error code */ +} CK_SESSION_INFO; + +/* The flags are defined in the following table: + * Bit Flag Mask Meaning + */ +#define CKF_RW_SESSION 0x00000002UL /* session is r/w */ +#define CKF_SERIAL_SESSION 0x00000004UL /* no parallel */ + +typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR; + + +/* CK_OBJECT_HANDLE is a token-specific identifier for an + * object + */ +typedef CK_ULONG CK_OBJECT_HANDLE; + +typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR; + + +/* CK_OBJECT_CLASS is a value that identifies the classes (or + * types) of objects that Cryptoki recognizes. It is defined + * as follows: + */ +typedef CK_ULONG CK_OBJECT_CLASS; + +/* The following classes of objects are defined: */ +#define CKO_DATA 0x00000000UL +#define CKO_CERTIFICATE 0x00000001UL +#define CKO_PUBLIC_KEY 0x00000002UL +#define CKO_PRIVATE_KEY 0x00000003UL +#define CKO_SECRET_KEY 0x00000004UL +#define CKO_HW_FEATURE 0x00000005UL +#define CKO_DOMAIN_PARAMETERS 0x00000006UL +#define CKO_MECHANISM 0x00000007UL +#define CKO_OTP_KEY 0x00000008UL +#define CKO_PROFILE 0x00000009UL + +#define CKO_VENDOR_DEFINED 0x80000000UL + +typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR; + +/* Profile ID's */ +#define CKP_INVALID_ID 0x00000000UL +#define CKP_BASELINE_PROVIDER 0x00000001UL +#define CKP_EXTENDED_PROVIDER 0x00000002UL +#define CKP_AUTHENTICATION_TOKEN 0x00000003UL +#define CKP_PUBLIC_CERTIFICATES_TOKEN 0x00000004UL +#define CKP_COMPLETE_PROVIDER 0x00000005UL +#define CKP_HKDF_TLS_TOKEN 0x00000006UL +#define CKP_VENDOR_DEFINED 0x80000000UL + + +/* CK_HW_FEATURE_TYPE is a value that identifies the hardware feature type + * of an object with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. + */ +typedef CK_ULONG CK_HW_FEATURE_TYPE; + +/* The following hardware feature types are defined */ +#define CKH_MONOTONIC_COUNTER 0x00000001UL +#define CKH_CLOCK 0x00000002UL +#define CKH_USER_INTERFACE 0x00000003UL +#define CKH_VENDOR_DEFINED 0x80000000UL + +/* CK_KEY_TYPE is a value that identifies a key type */ +typedef CK_ULONG CK_KEY_TYPE; + +/* the following key types are defined: */ +#define CKK_RSA 0x00000000UL +#define CKK_DSA 0x00000001UL +#define CKK_DH 0x00000002UL +#define CKK_ECDSA 0x00000003UL /* Deprecated */ +#define CKK_EC 0x00000003UL +#define CKK_X9_42_DH 0x00000004UL +#define CKK_KEA 0x00000005UL +#define CKK_GENERIC_SECRET 0x00000010UL +#define CKK_RC2 0x00000011UL +#define CKK_RC4 0x00000012UL +#define CKK_DES 0x00000013UL +#define CKK_DES2 0x00000014UL +#define CKK_DES3 0x00000015UL +#define CKK_CAST 0x00000016UL +#define CKK_CAST3 0x00000017UL +#define CKK_CAST5 0x00000018UL /* Deprecated */ +#define CKK_CAST128 0x00000018UL +#define CKK_RC5 0x00000019UL +#define CKK_IDEA 0x0000001AUL +#define CKK_SKIPJACK 0x0000001BUL +#define CKK_BATON 0x0000001CUL +#define CKK_JUNIPER 0x0000001DUL +#define CKK_CDMF 0x0000001EUL +#define CKK_AES 0x0000001FUL +#define CKK_BLOWFISH 0x00000020UL +#define CKK_TWOFISH 0x00000021UL +#define CKK_SECURID 0x00000022UL +#define CKK_HOTP 0x00000023UL +#define CKK_ACTI 0x00000024UL +#define CKK_CAMELLIA 0x00000025UL +#define CKK_ARIA 0x00000026UL + +/* the following definitions were added in the 2.30 header file, + * but never defined in the spec. */ +#define CKK_MD5_HMAC 0x00000027UL +#define CKK_SHA_1_HMAC 0x00000028UL +#define CKK_RIPEMD128_HMAC 0x00000029UL +#define CKK_RIPEMD160_HMAC 0x0000002AUL +#define CKK_SHA256_HMAC 0x0000002BUL +#define CKK_SHA384_HMAC 0x0000002CUL +#define CKK_SHA512_HMAC 0x0000002DUL +#define CKK_SHA224_HMAC 0x0000002EUL + +#define CKK_SEED 0x0000002FUL +#define CKK_GOSTR3410 0x00000030UL +#define CKK_GOSTR3411 0x00000031UL +#define CKK_GOST28147 0x00000032UL +#define CKK_CHACHA20 0x00000033UL +#define CKK_POLY1305 0x00000034UL +#define CKK_AES_XTS 0x00000035UL +#define CKK_SHA3_224_HMAC 0x00000036UL +#define CKK_SHA3_256_HMAC 0x00000037UL +#define CKK_SHA3_384_HMAC 0x00000038UL +#define CKK_SHA3_512_HMAC 0x00000039UL +#define CKK_BLAKE2B_160_HMAC 0x0000003aUL +#define CKK_BLAKE2B_256_HMAC 0x0000003bUL +#define CKK_BLAKE2B_384_HMAC 0x0000003cUL +#define CKK_BLAKE2B_512_HMAC 0x0000003dUL +#define CKK_SALSA20 0x0000003eUL +#define CKK_X2RATCHET 0x0000003fUL +#define CKK_EC_EDWARDS 0x00000040UL +#define CKK_EC_MONTGOMERY 0x00000041UL +#define CKK_HKDF 0x00000042UL + +#define CKK_SHA512_224_HMAC 0x00000043UL +#define CKK_SHA512_256_HMAC 0x00000044UL +#define CKK_SHA512_T_HMAC 0x00000045UL +#define CKK_HSS 0x00000046UL + +#define CKK_VENDOR_DEFINED 0x80000000UL + + +/* CK_CERTIFICATE_TYPE is a value that identifies a certificate + * type + */ +typedef CK_ULONG CK_CERTIFICATE_TYPE; + +#define CK_CERTIFICATE_CATEGORY_UNSPECIFIED 0UL +#define CK_CERTIFICATE_CATEGORY_TOKEN_USER 1UL +#define CK_CERTIFICATE_CATEGORY_AUTHORITY 2UL +#define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY 3UL + +#define CK_SECURITY_DOMAIN_UNSPECIFIED 0UL +#define CK_SECURITY_DOMAIN_MANUFACTURER 1UL +#define CK_SECURITY_DOMAIN_OPERATOR 2UL +#define CK_SECURITY_DOMAIN_THIRD_PARTY 3UL + + +/* The following certificate types are defined: */ +#define CKC_X_509 0x00000000UL +#define CKC_X_509_ATTR_CERT 0x00000001UL +#define CKC_WTLS 0x00000002UL +#define CKC_VENDOR_DEFINED 0x80000000UL + + +/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute + * type + */ +typedef CK_ULONG CK_ATTRIBUTE_TYPE; + +/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which + * consists of an array of values. + */ +#define CKF_ARRAY_ATTRIBUTE 0x40000000UL + +/* The following OTP-related defines relate to the CKA_OTP_FORMAT attribute */ +#define CK_OTP_FORMAT_DECIMAL 0UL +#define CK_OTP_FORMAT_HEXADECIMAL 1UL +#define CK_OTP_FORMAT_ALPHANUMERIC 2UL +#define CK_OTP_FORMAT_BINARY 3UL + +/* The following OTP-related defines relate to the CKA_OTP_..._REQUIREMENT + * attributes + */ +#define CK_OTP_PARAM_IGNORED 0UL +#define CK_OTP_PARAM_OPTIONAL 1UL +#define CK_OTP_PARAM_MANDATORY 2UL + +/* The following attribute types are defined: */ +#define CKA_CLASS 0x00000000UL +#define CKA_TOKEN 0x00000001UL +#define CKA_PRIVATE 0x00000002UL +#define CKA_LABEL 0x00000003UL +#define CKA_UNIQUE_ID 0x00000004UL +#define CKA_APPLICATION 0x00000010UL +#define CKA_VALUE 0x00000011UL +#define CKA_OBJECT_ID 0x00000012UL +#define CKA_CERTIFICATE_TYPE 0x00000080UL +#define CKA_ISSUER 0x00000081UL +#define CKA_SERIAL_NUMBER 0x00000082UL +#define CKA_AC_ISSUER 0x00000083UL +#define CKA_OWNER 0x00000084UL +#define CKA_ATTR_TYPES 0x00000085UL +#define CKA_TRUSTED 0x00000086UL +#define CKA_CERTIFICATE_CATEGORY 0x00000087UL +#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088UL +#define CKA_URL 0x00000089UL +#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008aUL +#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008bUL +#define CKA_NAME_HASH_ALGORITHM 0x0000008cUL +#define CKA_CHECK_VALUE 0x00000090UL + +#define CKA_KEY_TYPE 0x00000100UL +#define CKA_SUBJECT 0x00000101UL +#define CKA_ID 0x00000102UL +#define CKA_SENSITIVE 0x00000103UL +#define CKA_ENCRYPT 0x00000104UL +#define CKA_DECRYPT 0x00000105UL +#define CKA_WRAP 0x00000106UL +#define CKA_UNWRAP 0x00000107UL +#define CKA_SIGN 0x00000108UL +#define CKA_SIGN_RECOVER 0x00000109UL +#define CKA_VERIFY 0x0000010aUL +#define CKA_VERIFY_RECOVER 0x0000010bUL +#define CKA_DERIVE 0x0000010cUL +#define CKA_START_DATE 0x00000110UL +#define CKA_END_DATE 0x00000111UL +#define CKA_MODULUS 0x00000120UL +#define CKA_MODULUS_BITS 0x00000121UL +#define CKA_PUBLIC_EXPONENT 0x00000122UL +#define CKA_PRIVATE_EXPONENT 0x00000123UL +#define CKA_PRIME_1 0x00000124UL +#define CKA_PRIME_2 0x00000125UL +#define CKA_EXPONENT_1 0x00000126UL +#define CKA_EXPONENT_2 0x00000127UL +#define CKA_COEFFICIENT 0x00000128UL +#define CKA_PUBLIC_KEY_INFO 0x00000129UL +#define CKA_PRIME 0x00000130UL +#define CKA_SUBPRIME 0x00000131UL +#define CKA_BASE 0x00000132UL + +#define CKA_PRIME_BITS 0x00000133UL +#define CKA_SUBPRIME_BITS 0x00000134UL +#define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS + +#define CKA_VALUE_BITS 0x00000160UL +#define CKA_VALUE_LEN 0x00000161UL +#define CKA_EXTRACTABLE 0x00000162UL +#define CKA_LOCAL 0x00000163UL +#define CKA_NEVER_EXTRACTABLE 0x00000164UL +#define CKA_ALWAYS_SENSITIVE 0x00000165UL +#define CKA_KEY_GEN_MECHANISM 0x00000166UL + +#define CKA_MODIFIABLE 0x00000170UL +#define CKA_COPYABLE 0x00000171UL + +#define CKA_DESTROYABLE 0x00000172UL + +#define CKA_ECDSA_PARAMS 0x00000180UL /* Deprecated */ +#define CKA_EC_PARAMS 0x00000180UL + +#define CKA_EC_POINT 0x00000181UL + +#define CKA_SECONDARY_AUTH 0x00000200UL /* Deprecated */ +#define CKA_AUTH_PIN_FLAGS 0x00000201UL /* Deprecated */ + +#define CKA_ALWAYS_AUTHENTICATE 0x00000202UL + +#define CKA_WRAP_WITH_TRUSTED 0x00000210UL +#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211UL) +#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212UL) +#define CKA_DERIVE_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000213UL) + +#define CKA_OTP_FORMAT 0x00000220UL +#define CKA_OTP_LENGTH 0x00000221UL +#define CKA_OTP_TIME_INTERVAL 0x00000222UL +#define CKA_OTP_USER_FRIENDLY_MODE 0x00000223UL +#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224UL +#define CKA_OTP_TIME_REQUIREMENT 0x00000225UL +#define CKA_OTP_COUNTER_REQUIREMENT 0x00000226UL +#define CKA_OTP_PIN_REQUIREMENT 0x00000227UL +#define CKA_OTP_COUNTER 0x0000022eUL +#define CKA_OTP_TIME 0x0000022fUL +#define CKA_OTP_USER_IDENTIFIER 0x0000022aUL +#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022bUL +#define CKA_OTP_SERVICE_LOGO 0x0000022cUL +#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022dUL + +#define CKA_GOSTR3410_PARAMS 0x00000250UL +#define CKA_GOSTR3411_PARAMS 0x00000251UL +#define CKA_GOST28147_PARAMS 0x00000252UL + +#define CKA_HW_FEATURE_TYPE 0x00000300UL +#define CKA_RESET_ON_INIT 0x00000301UL +#define CKA_HAS_RESET 0x00000302UL + +#define CKA_PIXEL_X 0x00000400UL +#define CKA_PIXEL_Y 0x00000401UL +#define CKA_RESOLUTION 0x00000402UL +#define CKA_CHAR_ROWS 0x00000403UL +#define CKA_CHAR_COLUMNS 0x00000404UL +#define CKA_COLOR 0x00000405UL +#define CKA_BITS_PER_PIXEL 0x00000406UL +#define CKA_CHAR_SETS 0x00000480UL +#define CKA_ENCODING_METHODS 0x00000481UL +#define CKA_MIME_TYPES 0x00000482UL +#define CKA_MECHANISM_TYPE 0x00000500UL +#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501UL +#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502UL +#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503UL +#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600UL) +#define CKA_PROFILE_ID 0x00000601UL + +#define CKA_X2RATCHET_BAG 0x00000602UL +#define CKA_X2RATCHET_BAGSIZE 0x00000603UL +#define CKA_X2RATCHET_BOBS1STMSG 0x00000604UL +#define CKA_X2RATCHET_CKR 0x00000605UL +#define CKA_X2RATCHET_CKS 0x00000606UL +#define CKA_X2RATCHET_DHP 0x00000607UL +#define CKA_X2RATCHET_DHR 0x00000608UL +#define CKA_X2RATCHET_DHS 0x00000609UL +#define CKA_X2RATCHET_HKR 0x0000060aUL +#define CKA_X2RATCHET_HKS 0x0000060bUL +#define CKA_X2RATCHET_ISALICE 0x0000060cUL +#define CKA_X2RATCHET_NHKR 0x0000060dUL +#define CKA_X2RATCHET_NHKS 0x0000060eUL +#define CKA_X2RATCHET_NR 0x0000060fUL +#define CKA_X2RATCHET_NS 0x00000610UL +#define CKA_X2RATCHET_PNS 0x00000611UL +#define CKA_X2RATCHET_RK 0x00000612UL +/* HSS */ +#define CKA_HSS_LEVELS 0x00000617UL +#define CKA_HSS_LMS_TYPE 0x00000618UL +#define CKA_HSS_LMOTS_TYPE 0x00000619UL +#define CKA_HSS_LMS_TYPES 0x0000061aUL +#define CKA_HSS_LMOTS_TYPES 0x0000061bUL +#define CKA_HSS_KEYS_REMAINING 0x0000061cUL + +#define CKA_VENDOR_DEFINED 0x80000000UL + +/* CK_ATTRIBUTE is a structure that includes the type, length + * and value of an attribute + */ +typedef struct CK_ATTRIBUTE { + CK_ATTRIBUTE_TYPE type; + CK_VOID_PTR pValue; + CK_ULONG ulValueLen; /* in bytes */ +} CK_ATTRIBUTE; + +typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR; + +/* CK_DATE is a structure that defines a date */ +typedef struct CK_DATE{ + CK_CHAR year[4]; /* the year ("1900" - "9999") */ + CK_CHAR month[2]; /* the month ("01" - "12") */ + CK_CHAR day[2]; /* the day ("01" - "31") */ +} CK_DATE; + + +/* CK_MECHANISM_TYPE is a value that identifies a mechanism + * type + */ +typedef CK_ULONG CK_MECHANISM_TYPE; + +/* the following mechanism types are defined: */ +#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000UL +#define CKM_RSA_PKCS 0x00000001UL +#define CKM_RSA_9796 0x00000002UL +#define CKM_RSA_X_509 0x00000003UL + +#define CKM_MD2_RSA_PKCS 0x00000004UL +#define CKM_MD5_RSA_PKCS 0x00000005UL +#define CKM_SHA1_RSA_PKCS 0x00000006UL + +#define CKM_RIPEMD128_RSA_PKCS 0x00000007UL +#define CKM_RIPEMD160_RSA_PKCS 0x00000008UL +#define CKM_RSA_PKCS_OAEP 0x00000009UL + +#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000aUL +#define CKM_RSA_X9_31 0x0000000bUL +#define CKM_SHA1_RSA_X9_31 0x0000000cUL +#define CKM_RSA_PKCS_PSS 0x0000000dUL +#define CKM_SHA1_RSA_PKCS_PSS 0x0000000eUL + +#define CKM_DSA_KEY_PAIR_GEN 0x00000010UL +#define CKM_DSA 0x00000011UL +#define CKM_DSA_SHA1 0x00000012UL +#define CKM_DSA_SHA224 0x00000013UL +#define CKM_DSA_SHA256 0x00000014UL +#define CKM_DSA_SHA384 0x00000015UL +#define CKM_DSA_SHA512 0x00000016UL +#define CKM_DSA_SHA3_224 0x00000018UL +#define CKM_DSA_SHA3_256 0x00000019UL +#define CKM_DSA_SHA3_384 0x0000001aUL +#define CKM_DSA_SHA3_512 0x0000001bUL + +#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020UL +#define CKM_DH_PKCS_DERIVE 0x00000021UL + +#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030UL +#define CKM_X9_42_DH_DERIVE 0x00000031UL +#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032UL +#define CKM_X9_42_MQV_DERIVE 0x00000033UL + +#define CKM_SHA256_RSA_PKCS 0x00000040UL +#define CKM_SHA384_RSA_PKCS 0x00000041UL +#define CKM_SHA512_RSA_PKCS 0x00000042UL +#define CKM_SHA256_RSA_PKCS_PSS 0x00000043UL +#define CKM_SHA384_RSA_PKCS_PSS 0x00000044UL +#define CKM_SHA512_RSA_PKCS_PSS 0x00000045UL + +#define CKM_SHA224_RSA_PKCS 0x00000046UL +#define CKM_SHA224_RSA_PKCS_PSS 0x00000047UL + +#define CKM_SHA512_224 0x00000048UL +#define CKM_SHA512_224_HMAC 0x00000049UL +#define CKM_SHA512_224_HMAC_GENERAL 0x0000004aUL +#define CKM_SHA512_224_KEY_DERIVATION 0x0000004bUL +#define CKM_SHA512_256 0x0000004cUL +#define CKM_SHA512_256_HMAC 0x0000004dUL +#define CKM_SHA512_256_HMAC_GENERAL 0x0000004eUL +#define CKM_SHA512_256_KEY_DERIVATION 0x0000004fUL + +#define CKM_SHA512_T 0x00000050UL +#define CKM_SHA512_T_HMAC 0x00000051UL +#define CKM_SHA512_T_HMAC_GENERAL 0x00000052UL +#define CKM_SHA512_T_KEY_DERIVATION 0x00000053UL + +#define CKM_SHA3_256_RSA_PKCS 0x00000060UL +#define CKM_SHA3_384_RSA_PKCS 0x00000061UL +#define CKM_SHA3_512_RSA_PKCS 0x00000062UL +#define CKM_SHA3_256_RSA_PKCS_PSS 0x00000063UL +#define CKM_SHA3_384_RSA_PKCS_PSS 0x00000064UL +#define CKM_SHA3_512_RSA_PKCS_PSS 0x00000065UL +#define CKM_SHA3_224_RSA_PKCS 0x00000066UL +#define CKM_SHA3_224_RSA_PKCS_PSS 0x00000067UL + +#define CKM_RC2_KEY_GEN 0x00000100UL +#define CKM_RC2_ECB 0x00000101UL +#define CKM_RC2_CBC 0x00000102UL +#define CKM_RC2_MAC 0x00000103UL + +#define CKM_RC2_MAC_GENERAL 0x00000104UL +#define CKM_RC2_CBC_PAD 0x00000105UL + +#define CKM_RC4_KEY_GEN 0x00000110UL +#define CKM_RC4 0x00000111UL +#define CKM_DES_KEY_GEN 0x00000120UL +#define CKM_DES_ECB 0x00000121UL +#define CKM_DES_CBC 0x00000122UL +#define CKM_DES_MAC 0x00000123UL + +#define CKM_DES_MAC_GENERAL 0x00000124UL +#define CKM_DES_CBC_PAD 0x00000125UL + +#define CKM_DES2_KEY_GEN 0x00000130UL +#define CKM_DES3_KEY_GEN 0x00000131UL +#define CKM_DES3_ECB 0x00000132UL +#define CKM_DES3_CBC 0x00000133UL +#define CKM_DES3_MAC 0x00000134UL + +#define CKM_DES3_MAC_GENERAL 0x00000135UL +#define CKM_DES3_CBC_PAD 0x00000136UL +#define CKM_DES3_CMAC_GENERAL 0x00000137UL +#define CKM_DES3_CMAC 0x00000138UL +#define CKM_CDMF_KEY_GEN 0x00000140UL +#define CKM_CDMF_ECB 0x00000141UL +#define CKM_CDMF_CBC 0x00000142UL +#define CKM_CDMF_MAC 0x00000143UL +#define CKM_CDMF_MAC_GENERAL 0x00000144UL +#define CKM_CDMF_CBC_PAD 0x00000145UL + +#define CKM_DES_OFB64 0x00000150UL +#define CKM_DES_OFB8 0x00000151UL +#define CKM_DES_CFB64 0x00000152UL +#define CKM_DES_CFB8 0x00000153UL + +#define CKM_MD2 0x00000200UL + +#define CKM_MD2_HMAC 0x00000201UL +#define CKM_MD2_HMAC_GENERAL 0x00000202UL + +#define CKM_MD5 0x00000210UL + +#define CKM_MD5_HMAC 0x00000211UL +#define CKM_MD5_HMAC_GENERAL 0x00000212UL + +#define CKM_SHA_1 0x00000220UL + +#define CKM_SHA_1_HMAC 0x00000221UL +#define CKM_SHA_1_HMAC_GENERAL 0x00000222UL + +#define CKM_RIPEMD128 0x00000230UL +#define CKM_RIPEMD128_HMAC 0x00000231UL +#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232UL +#define CKM_RIPEMD160 0x00000240UL +#define CKM_RIPEMD160_HMAC 0x00000241UL +#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242UL + +#define CKM_SHA256 0x00000250UL +#define CKM_SHA256_HMAC 0x00000251UL +#define CKM_SHA256_HMAC_GENERAL 0x00000252UL +#define CKM_SHA224 0x00000255UL +#define CKM_SHA224_HMAC 0x00000256UL +#define CKM_SHA224_HMAC_GENERAL 0x00000257UL +#define CKM_SHA384 0x00000260UL +#define CKM_SHA384_HMAC 0x00000261UL +#define CKM_SHA384_HMAC_GENERAL 0x00000262UL +#define CKM_SHA512 0x00000270UL +#define CKM_SHA512_HMAC 0x00000271UL +#define CKM_SHA512_HMAC_GENERAL 0x00000272UL +#define CKM_SECURID_KEY_GEN 0x00000280UL +#define CKM_SECURID 0x00000282UL +#define CKM_HOTP_KEY_GEN 0x00000290UL +#define CKM_HOTP 0x00000291UL +#define CKM_ACTI 0x000002a0UL +#define CKM_ACTI_KEY_GEN 0x000002a1UL + +#define CKM_SHA3_256 0x000002b0UL +#define CKM_SHA3_256_HMAC 0x000002b1UL +#define CKM_SHA3_256_HMAC_GENERAL 0x000002b2UL +#define CKM_SHA3_256_KEY_GEN 0x000002b3UL +#define CKM_SHA3_224 0x000002b5UL +#define CKM_SHA3_224_HMAC 0x000002b6UL +#define CKM_SHA3_224_HMAC_GENERAL 0x000002b7UL +#define CKM_SHA3_224_KEY_GEN 0x000002b8UL +#define CKM_SHA3_384 0x000002c0UL +#define CKM_SHA3_384_HMAC 0x000002c1UL +#define CKM_SHA3_384_HMAC_GENERAL 0x000002c2UL +#define CKM_SHA3_384_KEY_GEN 0x000002c3UL +#define CKM_SHA3_512 0x000002d0UL +#define CKM_SHA3_512_HMAC 0x000002d1UL +#define CKM_SHA3_512_HMAC_GENERAL 0x000002d2UL +#define CKM_SHA3_512_KEY_GEN 0x000002d3UL + + +#define CKM_CAST_KEY_GEN 0x00000300UL +#define CKM_CAST_ECB 0x00000301UL +#define CKM_CAST_CBC 0x00000302UL +#define CKM_CAST_MAC 0x00000303UL +#define CKM_CAST_MAC_GENERAL 0x00000304UL +#define CKM_CAST_CBC_PAD 0x00000305UL +#define CKM_CAST3_KEY_GEN 0x00000310UL +#define CKM_CAST3_ECB 0x00000311UL +#define CKM_CAST3_CBC 0x00000312UL +#define CKM_CAST3_MAC 0x00000313UL +#define CKM_CAST3_MAC_GENERAL 0x00000314UL +#define CKM_CAST3_CBC_PAD 0x00000315UL +/* Note that CAST128 and CAST5 are the same algorithm */ +#define CKM_CAST5_KEY_GEN 0x00000320UL +#define CKM_CAST128_KEY_GEN 0x00000320UL +#define CKM_CAST5_ECB 0x00000321UL +#define CKM_CAST128_ECB 0x00000321UL +#define CKM_CAST5_CBC 0x00000322UL /* Deprecated */ +#define CKM_CAST128_CBC 0x00000322UL +#define CKM_CAST5_MAC 0x00000323UL /* Deprecated */ +#define CKM_CAST128_MAC 0x00000323UL +#define CKM_CAST5_MAC_GENERAL 0x00000324UL /* Deprecated */ +#define CKM_CAST128_MAC_GENERAL 0x00000324UL +#define CKM_CAST5_CBC_PAD 0x00000325UL /* Deprecated */ +#define CKM_CAST128_CBC_PAD 0x00000325UL +#define CKM_RC5_KEY_GEN 0x00000330UL +#define CKM_RC5_ECB 0x00000331UL +#define CKM_RC5_CBC 0x00000332UL +#define CKM_RC5_MAC 0x00000333UL +#define CKM_RC5_MAC_GENERAL 0x00000334UL +#define CKM_RC5_CBC_PAD 0x00000335UL +#define CKM_IDEA_KEY_GEN 0x00000340UL +#define CKM_IDEA_ECB 0x00000341UL +#define CKM_IDEA_CBC 0x00000342UL +#define CKM_IDEA_MAC 0x00000343UL +#define CKM_IDEA_MAC_GENERAL 0x00000344UL +#define CKM_IDEA_CBC_PAD 0x00000345UL +#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350UL +#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360UL +#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362UL +#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363UL +#define CKM_XOR_BASE_AND_DATA 0x00000364UL +#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365UL +#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370UL +#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371UL +#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372UL + +#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373UL +#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374UL +#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375UL +#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376UL +#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377UL + +#define CKM_TLS_PRF 0x00000378UL + +#define CKM_SSL3_MD5_MAC 0x00000380UL +#define CKM_SSL3_SHA1_MAC 0x00000381UL +#define CKM_MD5_KEY_DERIVATION 0x00000390UL +#define CKM_MD2_KEY_DERIVATION 0x00000391UL +#define CKM_SHA1_KEY_DERIVATION 0x00000392UL + +#define CKM_SHA256_KEY_DERIVATION 0x00000393UL +#define CKM_SHA384_KEY_DERIVATION 0x00000394UL +#define CKM_SHA512_KEY_DERIVATION 0x00000395UL +#define CKM_SHA224_KEY_DERIVATION 0x00000396UL +#define CKM_SHA3_256_KEY_DERIVATION 0x00000397UL +#define CKM_SHA3_224_KEY_DERIVATION 0x00000398UL +#define CKM_SHA3_384_KEY_DERIVATION 0x00000399UL +#define CKM_SHA3_512_KEY_DERIVATION 0x0000039aUL +#define CKM_SHAKE_128_KEY_DERIVATION 0x0000039bUL +#define CKM_SHAKE_256_KEY_DERIVATION 0x0000039cUL +#define CKM_SHA3_256_KEY_DERIVE CKM_SHA3_256_KEY_DERIVATION +#define CKM_SHA3_224_KEY_DERIVE CKM_SHA3_224_KEY_DERIVATION +#define CKM_SHA3_384_KEY_DERIVE CKM_SHA3_384_KEY_DERIVATION +#define CKM_SHA3_512_KEY_DERIVE CKM_SHA3_512_KEY_DERIVATION +#define CKM_SHAKE_128_KEY_DERIVE CKM_SHAKE_128_KEY_DERIVATION +#define CKM_SHAKE_256_KEY_DERIVE CKM_SHAKE_256_KEY_DERIVATION + +#define CKM_PBE_MD2_DES_CBC 0x000003a0UL +#define CKM_PBE_MD5_DES_CBC 0x000003a1UL +#define CKM_PBE_MD5_CAST_CBC 0x000003a2UL +#define CKM_PBE_MD5_CAST3_CBC 0x000003a3UL +#define CKM_PBE_MD5_CAST5_CBC 0x000003a4UL /* Deprecated */ +#define CKM_PBE_MD5_CAST128_CBC 0x000003a4UL +#define CKM_PBE_SHA1_CAST5_CBC 0x000003a5UL /* Deprecated */ +#define CKM_PBE_SHA1_CAST128_CBC 0x000003a5UL +#define CKM_PBE_SHA1_RC4_128 0x000003a6UL +#define CKM_PBE_SHA1_RC4_40 0x000003a7UL +#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003a8UL +#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003a9UL +#define CKM_PBE_SHA1_RC2_128_CBC 0x000003aaUL +#define CKM_PBE_SHA1_RC2_40_CBC 0x000003abUL + +#define CKM_PKCS5_PBKD2 0x000003b0UL + +#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003c0UL + +#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003d0UL +#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003d1UL +#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003d2UL +#define CKM_WTLS_PRF 0x000003d3UL +#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003d4UL +#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003d5UL + +#define CKM_TLS10_MAC_SERVER 0x000003d6UL +#define CKM_TLS10_MAC_CLIENT 0x000003d7UL +#define CKM_TLS12_MAC 0x000003d8UL +#define CKM_TLS12_KDF 0x000003d9UL +#define CKM_TLS12_MASTER_KEY_DERIVE 0x000003e0UL +#define CKM_TLS12_KEY_AND_MAC_DERIVE 0x000003e1UL +#define CKM_TLS12_MASTER_KEY_DERIVE_DH 0x000003e2UL +#define CKM_TLS12_KEY_SAFE_DERIVE 0x000003e3UL +#define CKM_TLS_MAC 0x000003e4UL +#define CKM_TLS_KDF 0x000003e5UL + +#define CKM_KEY_WRAP_LYNKS 0x00000400UL +#define CKM_KEY_WRAP_SET_OAEP 0x00000401UL + +#define CKM_CMS_SIG 0x00000500UL +#define CKM_KIP_DERIVE 0x00000510UL +#define CKM_KIP_WRAP 0x00000511UL +#define CKM_KIP_MAC 0x00000512UL + +#define CKM_CAMELLIA_KEY_GEN 0x00000550UL +#define CKM_CAMELLIA_ECB 0x00000551UL +#define CKM_CAMELLIA_CBC 0x00000552UL +#define CKM_CAMELLIA_MAC 0x00000553UL +#define CKM_CAMELLIA_MAC_GENERAL 0x00000554UL +#define CKM_CAMELLIA_CBC_PAD 0x00000555UL +#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556UL +#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557UL +#define CKM_CAMELLIA_CTR 0x00000558UL + +#define CKM_ARIA_KEY_GEN 0x00000560UL +#define CKM_ARIA_ECB 0x00000561UL +#define CKM_ARIA_CBC 0x00000562UL +#define CKM_ARIA_MAC 0x00000563UL +#define CKM_ARIA_MAC_GENERAL 0x00000564UL +#define CKM_ARIA_CBC_PAD 0x00000565UL +#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566UL +#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567UL + +#define CKM_SEED_KEY_GEN 0x00000650UL +#define CKM_SEED_ECB 0x00000651UL +#define CKM_SEED_CBC 0x00000652UL +#define CKM_SEED_MAC 0x00000653UL +#define CKM_SEED_MAC_GENERAL 0x00000654UL +#define CKM_SEED_CBC_PAD 0x00000655UL +#define CKM_SEED_ECB_ENCRYPT_DATA 0x00000656UL +#define CKM_SEED_CBC_ENCRYPT_DATA 0x00000657UL + +#define CKM_SKIPJACK_KEY_GEN 0x00001000UL +#define CKM_SKIPJACK_ECB64 0x00001001UL +#define CKM_SKIPJACK_CBC64 0x00001002UL +#define CKM_SKIPJACK_OFB64 0x00001003UL +#define CKM_SKIPJACK_CFB64 0x00001004UL +#define CKM_SKIPJACK_CFB32 0x00001005UL +#define CKM_SKIPJACK_CFB16 0x00001006UL +#define CKM_SKIPJACK_CFB8 0x00001007UL +#define CKM_SKIPJACK_WRAP 0x00001008UL +#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009UL +#define CKM_SKIPJACK_RELAYX 0x0000100aUL +#define CKM_KEA_KEY_PAIR_GEN 0x00001010UL +#define CKM_KEA_KEY_DERIVE 0x00001011UL +#define CKM_KEA_DERIVE 0x00001012UL +#define CKM_FORTEZZA_TIMESTAMP 0x00001020UL +#define CKM_BATON_KEY_GEN 0x00001030UL +#define CKM_BATON_ECB128 0x00001031UL +#define CKM_BATON_ECB96 0x00001032UL +#define CKM_BATON_CBC128 0x00001033UL +#define CKM_BATON_COUNTER 0x00001034UL +#define CKM_BATON_SHUFFLE 0x00001035UL +#define CKM_BATON_WRAP 0x00001036UL + +#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040UL /* Deprecated */ +#define CKM_EC_KEY_PAIR_GEN 0x00001040UL + +#define CKM_ECDSA 0x00001041UL +#define CKM_ECDSA_SHA1 0x00001042UL +#define CKM_ECDSA_SHA224 0x00001043UL +#define CKM_ECDSA_SHA256 0x00001044UL +#define CKM_ECDSA_SHA384 0x00001045UL +#define CKM_ECDSA_SHA512 0x00001046UL +#define CKM_EC_KEY_PAIR_GEN_W_EXTRA_BITS 0x0000140bUL + +#define CKM_ECDH1_DERIVE 0x00001050UL +#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051UL +#define CKM_ECMQV_DERIVE 0x00001052UL + +#define CKM_ECDH_AES_KEY_WRAP 0x00001053UL +#define CKM_RSA_AES_KEY_WRAP 0x00001054UL + +#define CKM_JUNIPER_KEY_GEN 0x00001060UL +#define CKM_JUNIPER_ECB128 0x00001061UL +#define CKM_JUNIPER_CBC128 0x00001062UL +#define CKM_JUNIPER_COUNTER 0x00001063UL +#define CKM_JUNIPER_SHUFFLE 0x00001064UL +#define CKM_JUNIPER_WRAP 0x00001065UL +#define CKM_FASTHASH 0x00001070UL + +#define CKM_AES_XTS 0x00001071UL +#define CKM_AES_XTS_KEY_GEN 0x00001072UL +#define CKM_AES_KEY_GEN 0x00001080UL +#define CKM_AES_ECB 0x00001081UL +#define CKM_AES_CBC 0x00001082UL +#define CKM_AES_MAC 0x00001083UL +#define CKM_AES_MAC_GENERAL 0x00001084UL +#define CKM_AES_CBC_PAD 0x00001085UL +#define CKM_AES_CTR 0x00001086UL +#define CKM_AES_GCM 0x00001087UL +#define CKM_AES_CCM 0x00001088UL +#define CKM_AES_CTS 0x00001089UL +#define CKM_AES_CMAC 0x0000108aUL +#define CKM_AES_CMAC_GENERAL 0x0000108bUL + +#define CKM_AES_XCBC_MAC 0x0000108cUL +#define CKM_AES_XCBC_MAC_96 0x0000108dUL +#define CKM_AES_GMAC 0x0000108eUL + +#define CKM_BLOWFISH_KEY_GEN 0x00001090UL +#define CKM_BLOWFISH_CBC 0x00001091UL +#define CKM_TWOFISH_KEY_GEN 0x00001092UL +#define CKM_TWOFISH_CBC 0x00001093UL +#define CKM_BLOWFISH_CBC_PAD 0x00001094UL +#define CKM_TWOFISH_CBC_PAD 0x00001095UL + +#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100UL +#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101UL +#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102UL +#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103UL +#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104UL +#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105UL + +#define CKM_GOSTR3410_KEY_PAIR_GEN 0x00001200UL +#define CKM_GOSTR3410 0x00001201UL +#define CKM_GOSTR3410_WITH_GOSTR3411 0x00001202UL +#define CKM_GOSTR3410_KEY_WRAP 0x00001203UL +#define CKM_GOSTR3410_DERIVE 0x00001204UL +#define CKM_GOSTR3411 0x00001210UL +#define CKM_GOSTR3411_HMAC 0x00001211UL +#define CKM_GOST28147_KEY_GEN 0x00001220UL +#define CKM_GOST28147_ECB 0x00001221UL +#define CKM_GOST28147 0x00001222UL +#define CKM_GOST28147_MAC 0x00001223UL +#define CKM_GOST28147_KEY_WRAP 0x00001224UL +#define CKM_CHACHA20_KEY_GEN 0x00001225UL +#define CKM_CHACHA20 0x00001226UL +#define CKM_POLY1305_KEY_GEN 0x00001227UL +#define CKM_POLY1305 0x00001228UL +#define CKM_DSA_PARAMETER_GEN 0x00002000UL +#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001UL +#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002UL +#define CKM_DSA_PROBABILISTIC_PARAMETER_GEN 0x00002003UL +#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN CKM_DSA_PROBABILISTIC_PARAMETER_GEN +#define CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN 0x00002004UL +#define CKM_DSA_FIPS_G_GEN 0x00002005UL + +#define CKM_AES_OFB 0x00002104UL +#define CKM_AES_CFB64 0x00002105UL +#define CKM_AES_CFB8 0x00002106UL +#define CKM_AES_CFB128 0x00002107UL + +#define CKM_AES_CFB1 0x00002108UL +#define CKM_AES_KEY_WRAP 0x00002109UL /* WAS: 0x00001090 */ +#define CKM_AES_KEY_WRAP_PAD 0x0000210AUL /* WAS: 0x00001091 */ +#define CKM_AES_KEY_WRAP_KWP 0x0000210BUL +#define CKM_AES_KEY_WRAP_PKCS7 0x0000210CUL + +#define CKM_RSA_PKCS_TPM_1_1 0x00004001UL +#define CKM_RSA_PKCS_OAEP_TPM_1_1 0x00004002UL + +#define CKM_SHA_1_KEY_GEN 0x00004003UL +#define CKM_SHA224_KEY_GEN 0x00004004UL +#define CKM_SHA256_KEY_GEN 0x00004005UL +#define CKM_SHA384_KEY_GEN 0x00004006UL +#define CKM_SHA512_KEY_GEN 0x00004007UL +#define CKM_SHA512_224_KEY_GEN 0x00004008UL +#define CKM_SHA512_256_KEY_GEN 0x00004009UL +#define CKM_SHA512_T_KEY_GEN 0x0000400aUL +#define CKM_NULL 0x0000400bUL +#define CKM_BLAKE2B_160 0x0000400cUL +#define CKM_BLAKE2B_160_HMAC 0x0000400dUL +#define CKM_BLAKE2B_160_HMAC_GENERAL 0x0000400eUL +#define CKM_BLAKE2B_160_KEY_DERIVE 0x0000400fUL +#define CKM_BLAKE2B_160_KEY_GEN 0x00004010UL +#define CKM_BLAKE2B_256 0x00004011UL +#define CKM_BLAKE2B_256_HMAC 0x00004012UL +#define CKM_BLAKE2B_256_HMAC_GENERAL 0x00004013UL +#define CKM_BLAKE2B_256_KEY_DERIVE 0x00004014UL +#define CKM_BLAKE2B_256_KEY_GEN 0x00004015UL +#define CKM_BLAKE2B_384 0x00004016UL +#define CKM_BLAKE2B_384_HMAC 0x00004017UL +#define CKM_BLAKE2B_384_HMAC_GENERAL 0x00004018UL +#define CKM_BLAKE2B_384_KEY_DERIVE 0x00004019UL +#define CKM_BLAKE2B_384_KEY_GEN 0x0000401aUL +#define CKM_BLAKE2B_512 0x0000401bUL +#define CKM_BLAKE2B_512_HMAC 0x0000401cUL +#define CKM_BLAKE2B_512_HMAC_GENERAL 0x0000401dUL +#define CKM_BLAKE2B_512_KEY_DERIVE 0x0000401eUL +#define CKM_BLAKE2B_512_KEY_GEN 0x0000401fUL +#define CKM_SALSA20 0x00004020UL +#define CKM_CHACHA20_POLY1305 0x00004021UL +#define CKM_SALSA20_POLY1305 0x00004022UL +#define CKM_X3DH_INITIALIZE 0x00004023UL +#define CKM_X3DH_RESPOND 0x00004024UL +#define CKM_X2RATCHET_INITIALIZE 0x00004025UL +#define CKM_X2RATCHET_RESPOND 0x00004026UL +#define CKM_X2RATCHET_ENCRYPT 0x00004027UL +#define CKM_X2RATCHET_DECRYPT 0x00004028UL +#define CKM_XEDDSA 0x00004029UL +#define CKM_HKDF_DERIVE 0x0000402aUL +#define CKM_HKDF_DATA 0x0000402bUL +#define CKM_HKDF_KEY_GEN 0x0000402cUL +#define CKM_SALSA20_KEY_GEN 0x0000402dUL + +#define CKM_ECDSA_SHA3_224 0x00001047UL +#define CKM_ECDSA_SHA3_256 0x00001048UL +#define CKM_ECDSA_SHA3_384 0x00001049UL +#define CKM_ECDSA_SHA3_512 0x0000104aUL +#define CKM_EC_EDWARDS_KEY_PAIR_GEN 0x00001055UL +#define CKM_EC_MONTGOMERY_KEY_PAIR_GEN 0x00001056UL +#define CKM_EDDSA 0x00001057UL +#define CKM_SP800_108_COUNTER_KDF 0x000003acUL +#define CKM_SP800_108_FEEDBACK_KDF 0x000003adUL +#define CKM_SP800_108_DOUBLE_PIPELINE_KDF 0x000003aeUL + +#define CKM_IKE2_PRF_PLUS_DERIVE 0x0000402eUL +#define CKM_IKE_PRF_DERIVE 0x0000402fUL +#define CKM_IKE1_PRF_DERIVE 0x00004030UL +#define CKM_IKE1_EXTENDED_DERIVE 0x00004031UL +#define CKM_HSS_KEY_PAIR_GEN 0x00004032UL +#define CKM_HSS 0x00004033UL + + +#define CKM_VENDOR_DEFINED 0x80000000UL + +typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR; + + +/* CK_MECHANISM is a structure that specifies a particular + * mechanism + */ +typedef struct CK_MECHANISM { + CK_MECHANISM_TYPE mechanism; + CK_VOID_PTR pParameter; + CK_ULONG ulParameterLen; /* in bytes */ +} CK_MECHANISM; + +typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR; + + +/* CK_MECHANISM_INFO provides information about a particular + * mechanism + */ +typedef struct CK_MECHANISM_INFO { + CK_ULONG ulMinKeySize; + CK_ULONG ulMaxKeySize; + CK_FLAGS flags; +} CK_MECHANISM_INFO; + +/* The flags are defined as follows: + * Bit Flag Mask Meaning */ +#define CKF_HW 0x00000001UL /* performed by HW */ + +/* Specify whether or not a mechanism can be used for a particular task */ +#define CKF_MESSAGE_ENCRYPT 0x00000002UL +#define CKF_MESSAGE_DECRYPT 0x00000004UL +#define CKF_MESSAGE_SIGN 0x00000008UL +#define CKF_MESSAGE_VERIFY 0x00000010UL +#define CKF_MULTI_MESSAGE 0x00000020UL +#define CKF_MULTI_MESSGE CKF_MULTI_MESSAGE +#define CKF_FIND_OBJECTS 0x00000040UL + +#define CKF_ENCRYPT 0x00000100UL +#define CKF_DECRYPT 0x00000200UL +#define CKF_DIGEST 0x00000400UL +#define CKF_SIGN 0x00000800UL +#define CKF_SIGN_RECOVER 0x00001000UL +#define CKF_VERIFY 0x00002000UL +#define CKF_VERIFY_RECOVER 0x00004000UL +#define CKF_GENERATE 0x00008000UL +#define CKF_GENERATE_KEY_PAIR 0x00010000UL +#define CKF_WRAP 0x00020000UL +#define CKF_UNWRAP 0x00040000UL +#define CKF_DERIVE 0x00080000UL + +/* Describe a token's EC capabilities not available in mechanism + * information. + */ +#define CKF_EC_F_P 0x00100000UL +#define CKF_EC_F_2M 0x00200000UL +#define CKF_EC_ECPARAMETERS 0x00400000UL +#define CKF_EC_OID 0x00800000UL +#define CKF_EC_NAMEDCURVE CKF_EC_OID /* deprecated since PKCS#11 3.00 */ +#define CKF_EC_UNCOMPRESS 0x01000000UL +#define CKF_EC_COMPRESS 0x02000000UL +#define CKF_EC_CURVENAME 0x04000000UL + +#define CKF_EXTENSION 0x80000000UL + +typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR; + +/* CK_RV is a value that identifies the return value of a + * Cryptoki function + */ +typedef CK_ULONG CK_RV; + +#define CKR_OK 0x00000000UL +#define CKR_CANCEL 0x00000001UL +#define CKR_HOST_MEMORY 0x00000002UL +#define CKR_SLOT_ID_INVALID 0x00000003UL + +#define CKR_GENERAL_ERROR 0x00000005UL +#define CKR_FUNCTION_FAILED 0x00000006UL + +#define CKR_ARGUMENTS_BAD 0x00000007UL +#define CKR_NO_EVENT 0x00000008UL +#define CKR_NEED_TO_CREATE_THREADS 0x00000009UL +#define CKR_CANT_LOCK 0x0000000AUL + +#define CKR_ATTRIBUTE_READ_ONLY 0x00000010UL +#define CKR_ATTRIBUTE_SENSITIVE 0x00000011UL +#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012UL +#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013UL + +#define CKR_ACTION_PROHIBITED 0x0000001BUL + +#define CKR_DATA_INVALID 0x00000020UL +#define CKR_DATA_LEN_RANGE 0x00000021UL +#define CKR_DEVICE_ERROR 0x00000030UL +#define CKR_DEVICE_MEMORY 0x00000031UL +#define CKR_DEVICE_REMOVED 0x00000032UL +#define CKR_ENCRYPTED_DATA_INVALID 0x00000040UL +#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041UL +#define CKR_AEAD_DECRYPT_FAILED 0x00000042UL +#define CKR_FUNCTION_CANCELED 0x00000050UL +#define CKR_FUNCTION_NOT_PARALLEL 0x00000051UL + +#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054UL + +#define CKR_KEY_HANDLE_INVALID 0x00000060UL + +#define CKR_KEY_SIZE_RANGE 0x00000062UL +#define CKR_KEY_TYPE_INCONSISTENT 0x00000063UL + +#define CKR_KEY_NOT_NEEDED 0x00000064UL +#define CKR_KEY_CHANGED 0x00000065UL +#define CKR_KEY_NEEDED 0x00000066UL +#define CKR_KEY_INDIGESTIBLE 0x00000067UL +#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068UL +#define CKR_KEY_NOT_WRAPPABLE 0x00000069UL +#define CKR_KEY_UNEXTRACTABLE 0x0000006AUL + +#define CKR_MECHANISM_INVALID 0x00000070UL +#define CKR_MECHANISM_PARAM_INVALID 0x00000071UL + +#define CKR_OBJECT_HANDLE_INVALID 0x00000082UL +#define CKR_OPERATION_ACTIVE 0x00000090UL +#define CKR_OPERATION_NOT_INITIALIZED 0x00000091UL +#define CKR_PIN_INCORRECT 0x000000A0UL +#define CKR_PIN_INVALID 0x000000A1UL +#define CKR_PIN_LEN_RANGE 0x000000A2UL + +#define CKR_PIN_EXPIRED 0x000000A3UL +#define CKR_PIN_LOCKED 0x000000A4UL + +#define CKR_SESSION_CLOSED 0x000000B0UL +#define CKR_SESSION_COUNT 0x000000B1UL +#define CKR_SESSION_HANDLE_INVALID 0x000000B3UL +#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4UL +#define CKR_SESSION_READ_ONLY 0x000000B5UL +#define CKR_SESSION_EXISTS 0x000000B6UL + +#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7UL +#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8UL + +#define CKR_SIGNATURE_INVALID 0x000000C0UL +#define CKR_SIGNATURE_LEN_RANGE 0x000000C1UL +#define CKR_TEMPLATE_INCOMPLETE 0x000000D0UL +#define CKR_TEMPLATE_INCONSISTENT 0x000000D1UL +#define CKR_TOKEN_NOT_PRESENT 0x000000E0UL +#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1UL +#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2UL +#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0UL +#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1UL +#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2UL +#define CKR_USER_ALREADY_LOGGED_IN 0x00000100UL +#define CKR_USER_NOT_LOGGED_IN 0x00000101UL +#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102UL +#define CKR_USER_TYPE_INVALID 0x00000103UL + +#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104UL +#define CKR_USER_TOO_MANY_TYPES 0x00000105UL + +#define CKR_WRAPPED_KEY_INVALID 0x00000110UL +#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112UL +#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113UL +#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114UL +#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115UL +#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120UL + +#define CKR_RANDOM_NO_RNG 0x00000121UL + +#define CKR_DOMAIN_PARAMS_INVALID 0x00000130UL + +#define CKR_CURVE_NOT_SUPPORTED 0x00000140UL + +#define CKR_BUFFER_TOO_SMALL 0x00000150UL +#define CKR_SAVED_STATE_INVALID 0x00000160UL +#define CKR_INFORMATION_SENSITIVE 0x00000170UL +#define CKR_STATE_UNSAVEABLE 0x00000180UL + +#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190UL +#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191UL +#define CKR_MUTEX_BAD 0x000001A0UL +#define CKR_MUTEX_NOT_LOCKED 0x000001A1UL + +#define CKR_NEW_PIN_MODE 0x000001B0UL +#define CKR_NEXT_OTP 0x000001B1UL + +#define CKR_EXCEEDED_MAX_ITERATIONS 0x000001B5UL +#define CKR_FIPS_SELF_TEST_FAILED 0x000001B6UL +#define CKR_LIBRARY_LOAD_FAILED 0x000001B7UL +#define CKR_PIN_TOO_WEAK 0x000001B8UL +#define CKR_PUBLIC_KEY_INVALID 0x000001B9UL + +#define CKR_FUNCTION_REJECTED 0x00000200UL +#define CKR_TOKEN_RESOURCE_EXCEEDED 0x00000201UL +#define CKR_OPERATION_CANCEL_FAILED 0x00000202UL +#define CKR_KEY_EXHAUSTED 0x00000203UL + +#define CKR_VENDOR_DEFINED 0x80000000UL + + +/* CK_NOTIFY is an application callback that processes events */ +typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_NOTIFICATION event, + CK_VOID_PTR pApplication /* passed to C_OpenSession */ +); + + +/* CK_FUNCTION_LIST is a structure holding a Cryptoki spec + * version and pointers of appropriate types to all the + * Cryptoki functions + */ +typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST; +typedef struct CK_FUNCTION_LIST_3_0 CK_FUNCTION_LIST_3_0; + +typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR; +typedef CK_FUNCTION_LIST_3_0 CK_PTR CK_FUNCTION_LIST_3_0_PTR; + +typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR; +typedef CK_FUNCTION_LIST_3_0_PTR CK_PTR CK_FUNCTION_LIST_3_0_PTR_PTR; + +typedef struct CK_INTERFACE { + CK_CHAR *pInterfaceName; + CK_VOID_PTR pFunctionList; + CK_FLAGS flags; +} CK_INTERFACE; + +typedef CK_INTERFACE CK_PTR CK_INTERFACE_PTR; +typedef CK_INTERFACE_PTR CK_PTR CK_INTERFACE_PTR_PTR; + +#define CKF_END_OF_MESSAGE 0x00000001UL + + +/* CK_CREATEMUTEX is an application callback for creating a + * mutex object + */ +typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)( + CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */ +); + + +/* CK_DESTROYMUTEX is an application callback for destroying a + * mutex object + */ +typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)( + CK_VOID_PTR pMutex /* pointer to mutex */ +); + + +/* CK_LOCKMUTEX is an application callback for locking a mutex */ +typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)( + CK_VOID_PTR pMutex /* pointer to mutex */ +); + + +/* CK_UNLOCKMUTEX is an application callback for unlocking a + * mutex + */ +typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)( + CK_VOID_PTR pMutex /* pointer to mutex */ +); + +/* Get functionlist flags */ +#define CKF_INTERFACE_FORK_SAFE 0x00000001UL + +/* CK_C_INITIALIZE_ARGS provides the optional arguments to + * C_Initialize + */ +typedef struct CK_C_INITIALIZE_ARGS { + CK_CREATEMUTEX CreateMutex; + CK_DESTROYMUTEX DestroyMutex; + CK_LOCKMUTEX LockMutex; + CK_UNLOCKMUTEX UnlockMutex; + CK_FLAGS flags; + CK_VOID_PTR pReserved; +} CK_C_INITIALIZE_ARGS; + +/* flags: bit flags that provide capabilities of the slot + * Bit Flag Mask Meaning + */ +#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001UL +#define CKF_OS_LOCKING_OK 0x00000002UL + +typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR; + + + +/* additional flags for parameters to functions */ + +/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */ +#define CKF_DONT_BLOCK 1 + +/* CK_RSA_PKCS_MGF_TYPE is used to indicate the Message + * Generation Function (MGF) applied to a message block when + * formatting a message block for the PKCS #1 OAEP encryption + * scheme. + */ +typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE; + +typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR; + +/* The following MGFs are defined */ +#define CKG_MGF1_SHA1 0x00000001UL +#define CKG_MGF1_SHA256 0x00000002UL +#define CKG_MGF1_SHA384 0x00000003UL +#define CKG_MGF1_SHA512 0x00000004UL +#define CKG_MGF1_SHA224 0x00000005UL +#define CKG_MGF1_SHA3_224 0x00000006UL +#define CKG_MGF1_SHA3_256 0x00000007UL +#define CKG_MGF1_SHA3_384 0x00000008UL +#define CKG_MGF1_SHA3_512 0x00000009UL + + +/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source + * of the encoding parameter when formatting a message block + * for the PKCS #1 OAEP encryption scheme. + */ +typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE; + +typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR; + +/* The following encoding parameter sources are defined */ +#define CKZ_DATA_SPECIFIED 0x00000001UL + +/* CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the + * CKM_RSA_PKCS_OAEP mechanism. + */ +typedef struct CK_RSA_PKCS_OAEP_PARAMS { + CK_MECHANISM_TYPE hashAlg; + CK_RSA_PKCS_MGF_TYPE mgf; + CK_RSA_PKCS_OAEP_SOURCE_TYPE source; + CK_VOID_PTR pSourceData; + CK_ULONG ulSourceDataLen; +} CK_RSA_PKCS_OAEP_PARAMS; + +typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR; + +/* CK_RSA_PKCS_PSS_PARAMS provides the parameters to the + * CKM_RSA_PKCS_PSS mechanism(s). + */ +typedef struct CK_RSA_PKCS_PSS_PARAMS { + CK_MECHANISM_TYPE hashAlg; + CK_RSA_PKCS_MGF_TYPE mgf; + CK_ULONG sLen; +} CK_RSA_PKCS_PSS_PARAMS; + +typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR; + +typedef CK_ULONG CK_EC_KDF_TYPE; +typedef CK_EC_KDF_TYPE CK_PTR CK_EC_KDF_TYPE_PTR; + +/* The following EC Key Derivation Functions are defined */ +#define CKD_NULL 0x00000001UL +#define CKD_SHA1_KDF 0x00000002UL + +/* The following X9.42 DH key derivation functions are defined */ +#define CKD_SHA1_KDF_ASN1 0x00000003UL +#define CKD_SHA1_KDF_CONCATENATE 0x00000004UL +#define CKD_SHA224_KDF 0x00000005UL +#define CKD_SHA256_KDF 0x00000006UL +#define CKD_SHA384_KDF 0x00000007UL +#define CKD_SHA512_KDF 0x00000008UL +#define CKD_CPDIVERSIFY_KDF 0x00000009UL +#define CKD_SHA3_224_KDF 0x0000000AUL +#define CKD_SHA3_256_KDF 0x0000000BUL +#define CKD_SHA3_384_KDF 0x0000000CUL +#define CKD_SHA3_512_KDF 0x0000000DUL +#define CKD_SHA1_KDF_SP800 0x0000000EUL +#define CKD_SHA224_KDF_SP800 0x0000000FUL +#define CKD_SHA256_KDF_SP800 0x00000010UL +#define CKD_SHA384_KDF_SP800 0x00000011UL +#define CKD_SHA512_KDF_SP800 0x00000012UL +#define CKD_SHA3_224_KDF_SP800 0x00000013UL +#define CKD_SHA3_256_KDF_SP800 0x00000014UL +#define CKD_SHA3_384_KDF_SP800 0x00000015UL +#define CKD_SHA3_512_KDF_SP800 0x00000016UL +#define CKD_BLAKE2B_160_KDF 0x00000017UL +#define CKD_BLAKE2B_256_KDF 0x00000018UL +#define CKD_BLAKE2B_384_KDF 0x00000019UL +#define CKD_BLAKE2B_512_KDF 0x0000001aUL + +/* CK_ECDH1_DERIVE_PARAMS provides the parameters to the + * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms, + * where each party contributes one key pair. + */ +typedef struct CK_ECDH1_DERIVE_PARAMS { + CK_EC_KDF_TYPE kdf; + CK_ULONG ulSharedDataLen; + CK_BYTE_PTR pSharedData; + CK_ULONG ulPublicDataLen; + CK_BYTE_PTR pPublicData; +} CK_ECDH1_DERIVE_PARAMS; + +typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR; + +/* + * CK_ECDH2_DERIVE_PARAMS provides the parameters to the + * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. + */ +typedef struct CK_ECDH2_DERIVE_PARAMS { + CK_EC_KDF_TYPE kdf; + CK_ULONG ulSharedDataLen; + CK_BYTE_PTR pSharedData; + CK_ULONG ulPublicDataLen; + CK_BYTE_PTR pPublicData; + CK_ULONG ulPrivateDataLen; + CK_OBJECT_HANDLE hPrivateData; + CK_ULONG ulPublicDataLen2; + CK_BYTE_PTR pPublicData2; +} CK_ECDH2_DERIVE_PARAMS; + +typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR; + +typedef struct CK_ECMQV_DERIVE_PARAMS { + CK_EC_KDF_TYPE kdf; + CK_ULONG ulSharedDataLen; + CK_BYTE_PTR pSharedData; + CK_ULONG ulPublicDataLen; + CK_BYTE_PTR pPublicData; + CK_ULONG ulPrivateDataLen; + CK_OBJECT_HANDLE hPrivateData; + CK_ULONG ulPublicDataLen2; + CK_BYTE_PTR pPublicData2; + CK_OBJECT_HANDLE publicKey; +} CK_ECMQV_DERIVE_PARAMS; + +typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR; + +/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the + * CKM_X9_42_DH_PARAMETER_GEN mechanisms + */ +typedef CK_ULONG CK_X9_42_DH_KDF_TYPE; +typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR; + +/* CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the + * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party + * contributes one key pair + */ +typedef struct CK_X9_42_DH1_DERIVE_PARAMS { + CK_X9_42_DH_KDF_TYPE kdf; + CK_ULONG ulOtherInfoLen; + CK_BYTE_PTR pOtherInfo; + CK_ULONG ulPublicDataLen; + CK_BYTE_PTR pPublicData; +} CK_X9_42_DH1_DERIVE_PARAMS; + +typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR; + +/* CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the + * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation + * mechanisms, where each party contributes two key pairs + */ +typedef struct CK_X9_42_DH2_DERIVE_PARAMS { + CK_X9_42_DH_KDF_TYPE kdf; + CK_ULONG ulOtherInfoLen; + CK_BYTE_PTR pOtherInfo; + CK_ULONG ulPublicDataLen; + CK_BYTE_PTR pPublicData; + CK_ULONG ulPrivateDataLen; + CK_OBJECT_HANDLE hPrivateData; + CK_ULONG ulPublicDataLen2; + CK_BYTE_PTR pPublicData2; +} CK_X9_42_DH2_DERIVE_PARAMS; + +typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR; + +typedef struct CK_X9_42_MQV_DERIVE_PARAMS { + CK_X9_42_DH_KDF_TYPE kdf; + CK_ULONG ulOtherInfoLen; + CK_BYTE_PTR pOtherInfo; + CK_ULONG ulPublicDataLen; + CK_BYTE_PTR pPublicData; + CK_ULONG ulPrivateDataLen; + CK_OBJECT_HANDLE hPrivateData; + CK_ULONG ulPublicDataLen2; + CK_BYTE_PTR pPublicData2; + CK_OBJECT_HANDLE publicKey; +} CK_X9_42_MQV_DERIVE_PARAMS; + +typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR; + +/* CK_KEA_DERIVE_PARAMS provides the parameters to the + * CKM_KEA_DERIVE mechanism + */ +typedef struct CK_KEA_DERIVE_PARAMS { + CK_BBOOL isSender; + CK_ULONG ulRandomLen; + CK_BYTE_PTR pRandomA; + CK_BYTE_PTR pRandomB; + CK_ULONG ulPublicDataLen; + CK_BYTE_PTR pPublicData; +} CK_KEA_DERIVE_PARAMS; + +typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR; + + +/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and + * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just + * holds the effective keysize + */ +typedef CK_ULONG CK_RC2_PARAMS; + +typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR; + + +/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC + * mechanism + */ +typedef struct CK_RC2_CBC_PARAMS { + CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ + CK_BYTE iv[8]; /* IV for CBC mode */ +} CK_RC2_CBC_PARAMS; + +typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR; + + +/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the + * CKM_RC2_MAC_GENERAL mechanism + */ +typedef struct CK_RC2_MAC_GENERAL_PARAMS { + CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ + CK_ULONG ulMacLength; /* Length of MAC in bytes */ +} CK_RC2_MAC_GENERAL_PARAMS; + +typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \ + CK_RC2_MAC_GENERAL_PARAMS_PTR; + + +/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and + * CKM_RC5_MAC mechanisms + */ +typedef struct CK_RC5_PARAMS { + CK_ULONG ulWordsize; /* wordsize in bits */ + CK_ULONG ulRounds; /* number of rounds */ +} CK_RC5_PARAMS; + +typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR; + + +/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC + * mechanism + */ +typedef struct CK_RC5_CBC_PARAMS { + CK_ULONG ulWordsize; /* wordsize in bits */ + CK_ULONG ulRounds; /* number of rounds */ + CK_BYTE_PTR pIv; /* pointer to IV */ + CK_ULONG ulIvLen; /* length of IV in bytes */ +} CK_RC5_CBC_PARAMS; + +typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR; + + +/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the + * CKM_RC5_MAC_GENERAL mechanism + */ +typedef struct CK_RC5_MAC_GENERAL_PARAMS { + CK_ULONG ulWordsize; /* wordsize in bits */ + CK_ULONG ulRounds; /* number of rounds */ + CK_ULONG ulMacLength; /* Length of MAC in bytes */ +} CK_RC5_MAC_GENERAL_PARAMS; + +typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \ + CK_RC5_MAC_GENERAL_PARAMS_PTR; + +/* CK_MAC_GENERAL_PARAMS provides the parameters to most block + * ciphers' MAC_GENERAL mechanisms. Its value is the length of + * the MAC + */ +typedef CK_ULONG CK_MAC_GENERAL_PARAMS; + +typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR; + +typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS { + CK_BYTE iv[8]; + CK_BYTE_PTR pData; + CK_ULONG length; +} CK_DES_CBC_ENCRYPT_DATA_PARAMS; + +typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR; + +typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS { + CK_BYTE iv[16]; + CK_BYTE_PTR pData; + CK_ULONG length; +} CK_AES_CBC_ENCRYPT_DATA_PARAMS; + +typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR; + +/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the + * CKM_SKIPJACK_PRIVATE_WRAP mechanism + */ +typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS { + CK_ULONG ulPasswordLen; + CK_BYTE_PTR pPassword; + CK_ULONG ulPublicDataLen; + CK_BYTE_PTR pPublicData; + CK_ULONG ulPAndGLen; + CK_ULONG ulQLen; + CK_ULONG ulRandomLen; + CK_BYTE_PTR pRandomA; + CK_BYTE_PTR pPrimeP; + CK_BYTE_PTR pBaseG; + CK_BYTE_PTR pSubprimeQ; +} CK_SKIPJACK_PRIVATE_WRAP_PARAMS; + +typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \ + CK_SKIPJACK_PRIVATE_WRAP_PARAMS_PTR; + + +/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the + * CKM_SKIPJACK_RELAYX mechanism + */ +typedef struct CK_SKIPJACK_RELAYX_PARAMS { + CK_ULONG ulOldWrappedXLen; + CK_BYTE_PTR pOldWrappedX; + CK_ULONG ulOldPasswordLen; + CK_BYTE_PTR pOldPassword; + CK_ULONG ulOldPublicDataLen; + CK_BYTE_PTR pOldPublicData; + CK_ULONG ulOldRandomLen; + CK_BYTE_PTR pOldRandomA; + CK_ULONG ulNewPasswordLen; + CK_BYTE_PTR pNewPassword; + CK_ULONG ulNewPublicDataLen; + CK_BYTE_PTR pNewPublicData; + CK_ULONG ulNewRandomLen; + CK_BYTE_PTR pNewRandomA; +} CK_SKIPJACK_RELAYX_PARAMS; + +typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR \ + CK_SKIPJACK_RELAYX_PARAMS_PTR; + + +typedef struct CK_PBE_PARAMS { + CK_BYTE_PTR pInitVector; + CK_UTF8CHAR_PTR pPassword; + CK_ULONG ulPasswordLen; + CK_BYTE_PTR pSalt; + CK_ULONG ulSaltLen; + CK_ULONG ulIteration; +} CK_PBE_PARAMS; + +typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR; + + +/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the + * CKM_KEY_WRAP_SET_OAEP mechanism + */ +typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS { + CK_BYTE bBC; /* block contents byte */ + CK_BYTE_PTR pX; /* extra data */ + CK_ULONG ulXLen; /* length of extra data in bytes */ +} CK_KEY_WRAP_SET_OAEP_PARAMS; + +typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR CK_KEY_WRAP_SET_OAEP_PARAMS_PTR; + +typedef struct CK_SSL3_RANDOM_DATA { + CK_BYTE_PTR pClientRandom; + CK_ULONG ulClientRandomLen; + CK_BYTE_PTR pServerRandom; + CK_ULONG ulServerRandomLen; +} CK_SSL3_RANDOM_DATA; + + +typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS { + CK_SSL3_RANDOM_DATA RandomInfo; + CK_VERSION_PTR pVersion; +} CK_SSL3_MASTER_KEY_DERIVE_PARAMS; + +typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \ + CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR; + +typedef struct CK_SSL3_KEY_MAT_OUT { + CK_OBJECT_HANDLE hClientMacSecret; + CK_OBJECT_HANDLE hServerMacSecret; + CK_OBJECT_HANDLE hClientKey; + CK_OBJECT_HANDLE hServerKey; + CK_BYTE_PTR pIVClient; + CK_BYTE_PTR pIVServer; +} CK_SSL3_KEY_MAT_OUT; + +typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR; + + +typedef struct CK_SSL3_KEY_MAT_PARAMS { + CK_ULONG ulMacSizeInBits; + CK_ULONG ulKeySizeInBits; + CK_ULONG ulIVSizeInBits; + CK_BBOOL bIsExport; + CK_SSL3_RANDOM_DATA RandomInfo; + CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial; +} CK_SSL3_KEY_MAT_PARAMS; + +typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR; + +typedef struct CK_TLS_PRF_PARAMS { + CK_BYTE_PTR pSeed; + CK_ULONG ulSeedLen; + CK_BYTE_PTR pLabel; + CK_ULONG ulLabelLen; + CK_BYTE_PTR pOutput; + CK_ULONG_PTR pulOutputLen; +} CK_TLS_PRF_PARAMS; + +typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR; + +typedef struct CK_WTLS_RANDOM_DATA { + CK_BYTE_PTR pClientRandom; + CK_ULONG ulClientRandomLen; + CK_BYTE_PTR pServerRandom; + CK_ULONG ulServerRandomLen; +} CK_WTLS_RANDOM_DATA; + +typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR; + +typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS { + CK_MECHANISM_TYPE DigestMechanism; + CK_WTLS_RANDOM_DATA RandomInfo; + CK_BYTE_PTR pVersion; +} CK_WTLS_MASTER_KEY_DERIVE_PARAMS; + +typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR \ + CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR; + +typedef struct CK_WTLS_PRF_PARAMS { + CK_MECHANISM_TYPE DigestMechanism; + CK_BYTE_PTR pSeed; + CK_ULONG ulSeedLen; + CK_BYTE_PTR pLabel; + CK_ULONG ulLabelLen; + CK_BYTE_PTR pOutput; + CK_ULONG_PTR pulOutputLen; +} CK_WTLS_PRF_PARAMS; + +typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR; + +typedef struct CK_WTLS_KEY_MAT_OUT { + CK_OBJECT_HANDLE hMacSecret; + CK_OBJECT_HANDLE hKey; + CK_BYTE_PTR pIV; +} CK_WTLS_KEY_MAT_OUT; + +typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR; + +typedef struct CK_WTLS_KEY_MAT_PARAMS { + CK_MECHANISM_TYPE DigestMechanism; + CK_ULONG ulMacSizeInBits; + CK_ULONG ulKeySizeInBits; + CK_ULONG ulIVSizeInBits; + CK_ULONG ulSequenceNumber; + CK_BBOOL bIsExport; + CK_WTLS_RANDOM_DATA RandomInfo; + CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial; +} CK_WTLS_KEY_MAT_PARAMS; + +typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR; + +typedef struct CK_CMS_SIG_PARAMS { + CK_OBJECT_HANDLE certificateHandle; + CK_MECHANISM_PTR pSigningMechanism; + CK_MECHANISM_PTR pDigestMechanism; + CK_UTF8CHAR_PTR pContentType; + CK_BYTE_PTR pRequestedAttributes; + CK_ULONG ulRequestedAttributesLen; + CK_BYTE_PTR pRequiredAttributes; + CK_ULONG ulRequiredAttributesLen; +} CK_CMS_SIG_PARAMS; + +typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR; + +typedef struct CK_KEY_DERIVATION_STRING_DATA { + CK_BYTE_PTR pData; + CK_ULONG ulLen; +} CK_KEY_DERIVATION_STRING_DATA; + +typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \ + CK_KEY_DERIVATION_STRING_DATA_PTR; + + +/* The CK_EXTRACT_PARAMS is used for the + * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit + * of the base key should be used as the first bit of the + * derived key + */ +typedef CK_ULONG CK_EXTRACT_PARAMS; + +typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR; + +/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to + * indicate the Pseudo-Random Function (PRF) used to generate + * key bits using PKCS #5 PBKDF2. + */ +typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE; + +typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR \ + CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR; + +#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001UL +#define CKP_PKCS5_PBKD2_HMAC_GOSTR3411 0x00000002UL +#define CKP_PKCS5_PBKD2_HMAC_SHA224 0x00000003UL +#define CKP_PKCS5_PBKD2_HMAC_SHA256 0x00000004UL +#define CKP_PKCS5_PBKD2_HMAC_SHA384 0x00000005UL +#define CKP_PKCS5_PBKD2_HMAC_SHA512 0x00000006UL +#define CKP_PKCS5_PBKD2_HMAC_SHA512_224 0x00000007UL +#define CKP_PKCS5_PBKD2_HMAC_SHA512_256 0x00000008UL + +/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the + * source of the salt value when deriving a key using PKCS #5 + * PBKDF2. + */ +typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE; + +typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR \ + CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR; + +/* The following salt value sources are defined in PKCS #5 v2.0. */ +#define CKZ_SALT_SPECIFIED 0x00000001UL + +/* CK_PKCS5_PBKD2_PARAMS is a structure that provides the + * parameters to the CKM_PKCS5_PBKD2 mechanism. + */ +typedef struct CK_PKCS5_PBKD2_PARAMS { + CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource; + CK_VOID_PTR pSaltSourceData; + CK_ULONG ulSaltSourceDataLen; + CK_ULONG iterations; + CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf; + CK_VOID_PTR pPrfData; + CK_ULONG ulPrfDataLen; + CK_UTF8CHAR_PTR pPassword; + CK_ULONG_PTR ulPasswordLen; +} CK_PKCS5_PBKD2_PARAMS; + +typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR; + +/* CK_PKCS5_PBKD2_PARAMS2 is a corrected version of the CK_PKCS5_PBKD2_PARAMS + * structure that provides the parameters to the CKM_PKCS5_PBKD2 mechanism + * noting that the ulPasswordLen field is a CK_ULONG and not a CK_ULONG_PTR. + */ +typedef struct CK_PKCS5_PBKD2_PARAMS2 { + CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource; + CK_VOID_PTR pSaltSourceData; + CK_ULONG ulSaltSourceDataLen; + CK_ULONG iterations; + CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf; + CK_VOID_PTR pPrfData; + CK_ULONG ulPrfDataLen; + CK_UTF8CHAR_PTR pPassword; + CK_ULONG ulPasswordLen; +} CK_PKCS5_PBKD2_PARAMS2; + +typedef CK_PKCS5_PBKD2_PARAMS2 CK_PTR CK_PKCS5_PBKD2_PARAMS2_PTR; + +typedef CK_ULONG CK_OTP_PARAM_TYPE; +typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* backward compatibility */ + +typedef struct CK_OTP_PARAM { + CK_OTP_PARAM_TYPE type; + CK_VOID_PTR pValue; + CK_ULONG ulValueLen; +} CK_OTP_PARAM; + +typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR; + +typedef struct CK_OTP_PARAMS { + CK_OTP_PARAM_PTR pParams; + CK_ULONG ulCount; +} CK_OTP_PARAMS; + +typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR; + +typedef struct CK_OTP_SIGNATURE_INFO { + CK_OTP_PARAM_PTR pParams; + CK_ULONG ulCount; +} CK_OTP_SIGNATURE_INFO; + +typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR; + +#define CK_OTP_VALUE 0UL +#define CK_OTP_PIN 1UL +#define CK_OTP_CHALLENGE 2UL +#define CK_OTP_TIME 3UL +#define CK_OTP_COUNTER 4UL +#define CK_OTP_FLAGS 5UL +#define CK_OTP_OUTPUT_LENGTH 6UL +#define CK_OTP_OUTPUT_FORMAT 7UL + +#define CKF_NEXT_OTP 0x00000001UL +#define CKF_EXCLUDE_TIME 0x00000002UL +#define CKF_EXCLUDE_COUNTER 0x00000004UL +#define CKF_EXCLUDE_CHALLENGE 0x00000008UL +#define CKF_EXCLUDE_PIN 0x00000010UL +#define CKF_USER_FRIENDLY_OTP 0x00000020UL + +typedef struct CK_KIP_PARAMS { + CK_MECHANISM_PTR pMechanism; + CK_OBJECT_HANDLE hKey; + CK_BYTE_PTR pSeed; + CK_ULONG ulSeedLen; +} CK_KIP_PARAMS; + +typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR; + +typedef struct CK_AES_CTR_PARAMS { + CK_ULONG ulCounterBits; + CK_BYTE cb[16]; +} CK_AES_CTR_PARAMS; + +typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR; + +typedef struct CK_GCM_PARAMS { + CK_BYTE_PTR pIv; + CK_ULONG ulIvLen; + CK_ULONG ulIvBits; + CK_BYTE_PTR pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulTagBits; +} CK_GCM_PARAMS; + +typedef CK_GCM_PARAMS CK_PTR CK_GCM_PARAMS_PTR; + +typedef CK_ULONG CK_GENERATOR_FUNCTION; +#define CKG_NO_GENERATE 0x00000000UL +#define CKG_GENERATE 0x00000001UL +#define CKG_GENERATE_COUNTER 0x00000002UL +#define CKG_GENERATE_RANDOM 0x00000003UL +#define CKG_GENERATE_COUNTER_XOR 0x00000004UL + +typedef struct CK_GCM_MESSAGE_PARAMS { + CK_BYTE_PTR pIv; + CK_ULONG ulIvLen; + CK_ULONG ulIvFixedBits; + CK_GENERATOR_FUNCTION ivGenerator; + CK_BYTE_PTR pTag; + CK_ULONG ulTagBits; +} CK_GCM_MESSAGE_PARAMS; + +typedef CK_GCM_MESSAGE_PARAMS CK_PTR CK_GCM_MESSAGE_PARAMS_PTR; + +typedef struct CK_CCM_PARAMS { + CK_ULONG ulDataLen; + CK_BYTE_PTR pNonce; + CK_ULONG ulNonceLen; + CK_BYTE_PTR pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulMACLen; +} CK_CCM_PARAMS; + +typedef CK_CCM_PARAMS CK_PTR CK_CCM_PARAMS_PTR; + +typedef struct CK_CCM_MESSAGE_PARAMS { + CK_ULONG ulDataLen; /*plaintext or ciphertext*/ + CK_BYTE_PTR pNonce; + CK_ULONG ulNonceLen; + CK_ULONG ulNonceFixedBits; + CK_GENERATOR_FUNCTION nonceGenerator; + CK_BYTE_PTR pMAC; + CK_ULONG ulMACLen; +} CK_CCM_MESSAGE_PARAMS; + +typedef CK_CCM_MESSAGE_PARAMS CK_PTR CK_CCM_MESSAGE_PARAMS_PTR; + +/* Deprecated. Use CK_GCM_PARAMS */ +typedef struct CK_AES_GCM_PARAMS { + CK_BYTE_PTR pIv; + CK_ULONG ulIvLen; + CK_ULONG ulIvBits; + CK_BYTE_PTR pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulTagBits; +} CK_AES_GCM_PARAMS; + +typedef CK_AES_GCM_PARAMS CK_PTR CK_AES_GCM_PARAMS_PTR; + +/* Deprecated. Use CK_CCM_PARAMS */ +typedef struct CK_AES_CCM_PARAMS { + CK_ULONG ulDataLen; + CK_BYTE_PTR pNonce; + CK_ULONG ulNonceLen; + CK_BYTE_PTR pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulMACLen; +} CK_AES_CCM_PARAMS; + +typedef CK_AES_CCM_PARAMS CK_PTR CK_AES_CCM_PARAMS_PTR; + +typedef struct CK_CAMELLIA_CTR_PARAMS { + CK_ULONG ulCounterBits; + CK_BYTE cb[16]; +} CK_CAMELLIA_CTR_PARAMS; + +typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR; + +typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS { + CK_BYTE iv[16]; + CK_BYTE_PTR pData; + CK_ULONG length; +} CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS; + +typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR \ + CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR; + +typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS { + CK_BYTE iv[16]; + CK_BYTE_PTR pData; + CK_ULONG length; +} CK_ARIA_CBC_ENCRYPT_DATA_PARAMS; + +typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR \ + CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR; + +typedef struct CK_DSA_PARAMETER_GEN_PARAM { + CK_MECHANISM_TYPE hash; + CK_BYTE_PTR pSeed; + CK_ULONG ulSeedLen; + CK_ULONG ulIndex; +} CK_DSA_PARAMETER_GEN_PARAM; + +typedef CK_DSA_PARAMETER_GEN_PARAM CK_PTR CK_DSA_PARAMETER_GEN_PARAM_PTR; + +typedef struct CK_ECDH_AES_KEY_WRAP_PARAMS { + CK_ULONG ulAESKeyBits; + CK_EC_KDF_TYPE kdf; + CK_ULONG ulSharedDataLen; + CK_BYTE_PTR pSharedData; +} CK_ECDH_AES_KEY_WRAP_PARAMS; + +typedef CK_ECDH_AES_KEY_WRAP_PARAMS CK_PTR CK_ECDH_AES_KEY_WRAP_PARAMS_PTR; + +typedef CK_ULONG CK_JAVA_MIDP_SECURITY_DOMAIN; + +typedef CK_ULONG CK_CERTIFICATE_CATEGORY; + +typedef struct CK_RSA_AES_KEY_WRAP_PARAMS { + CK_ULONG ulAESKeyBits; + CK_RSA_PKCS_OAEP_PARAMS_PTR pOAEPParams; +} CK_RSA_AES_KEY_WRAP_PARAMS; + +typedef CK_RSA_AES_KEY_WRAP_PARAMS CK_PTR CK_RSA_AES_KEY_WRAP_PARAMS_PTR; + +typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS { + CK_SSL3_RANDOM_DATA RandomInfo; + CK_VERSION_PTR pVersion; + CK_MECHANISM_TYPE prfHashMechanism; +} CK_TLS12_MASTER_KEY_DERIVE_PARAMS; + +typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR \ + CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR; + +typedef struct CK_TLS12_KEY_MAT_PARAMS { + CK_ULONG ulMacSizeInBits; + CK_ULONG ulKeySizeInBits; + CK_ULONG ulIVSizeInBits; + CK_BBOOL bIsExport; + CK_SSL3_RANDOM_DATA RandomInfo; + CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial; + CK_MECHANISM_TYPE prfHashMechanism; +} CK_TLS12_KEY_MAT_PARAMS; + +typedef CK_TLS12_KEY_MAT_PARAMS CK_PTR CK_TLS12_KEY_MAT_PARAMS_PTR; + +typedef struct CK_TLS_KDF_PARAMS { + CK_MECHANISM_TYPE prfMechanism; + CK_BYTE_PTR pLabel; + CK_ULONG ulLabelLength; + CK_SSL3_RANDOM_DATA RandomInfo; + CK_BYTE_PTR pContextData; + CK_ULONG ulContextDataLength; +} CK_TLS_KDF_PARAMS; + +typedef CK_TLS_KDF_PARAMS CK_PTR CK_TLS_KDF_PARAMS_PTR; + +typedef struct CK_TLS_MAC_PARAMS { + CK_MECHANISM_TYPE prfHashMechanism; + CK_ULONG ulMacLength; + CK_ULONG ulServerOrClient; +} CK_TLS_MAC_PARAMS; + +typedef CK_TLS_MAC_PARAMS CK_PTR CK_TLS_MAC_PARAMS_PTR; + +typedef struct CK_GOSTR3410_DERIVE_PARAMS { + CK_EC_KDF_TYPE kdf; + CK_BYTE_PTR pPublicData; + CK_ULONG ulPublicDataLen; + CK_BYTE_PTR pUKM; + CK_ULONG ulUKMLen; +} CK_GOSTR3410_DERIVE_PARAMS; + +typedef CK_GOSTR3410_DERIVE_PARAMS CK_PTR CK_GOSTR3410_DERIVE_PARAMS_PTR; + +typedef struct CK_GOSTR3410_KEY_WRAP_PARAMS { + CK_BYTE_PTR pWrapOID; + CK_ULONG ulWrapOIDLen; + CK_BYTE_PTR pUKM; + CK_ULONG ulUKMLen; + CK_OBJECT_HANDLE hKey; +} CK_GOSTR3410_KEY_WRAP_PARAMS; + +typedef CK_GOSTR3410_KEY_WRAP_PARAMS CK_PTR CK_GOSTR3410_KEY_WRAP_PARAMS_PTR; + +typedef struct CK_SEED_CBC_ENCRYPT_DATA_PARAMS { + CK_BYTE iv[16]; + CK_BYTE_PTR pData; + CK_ULONG length; +} CK_SEED_CBC_ENCRYPT_DATA_PARAMS; + +typedef CK_SEED_CBC_ENCRYPT_DATA_PARAMS CK_PTR \ + CK_SEED_CBC_ENCRYPT_DATA_PARAMS_PTR; + +/* + * New PKCS 11 v3.0 data structures. + */ + +typedef CK_ULONG CK_PROFILE_ID; +typedef CK_PROFILE_ID CK_PTR CK_PROFILE_ID_PTR; + +/* Typedefs for Flexible KDF */ +typedef CK_ULONG CK_PRF_DATA_TYPE; +typedef CK_MECHANISM_TYPE CK_SP800_108_PRF_TYPE; +#define CK_SP800_108_ITERATION_VARIABLE 0x00000001UL +#define CK_SP800_108_OPTIONAL_COUNTER 0x00000002UL +#define CK_SP800_108_DKM_LENGTH 0x00000003UL +#define CK_SP800_108_BYTE_ARRAY 0x00000004UL +#define CK_SP800_108_COUNTER CK_SP800_108_OPTIONAL_COUNTER + +typedef struct CK_PRF_DATA_PARAM +{ + CK_PRF_DATA_TYPE type; + CK_VOID_PTR pValue; + CK_ULONG ulValueLen; +} CK_PRF_DATA_PARAM; + +typedef CK_PRF_DATA_PARAM CK_PTR CK_PRF_DATA_PARAM_PTR; + + +typedef struct CK_SP800_108_COUNTER_FORMAT +{ + CK_BBOOL bLittleEndian; + CK_ULONG ulWidthInBits; +} CK_SP800_108_COUNTER_FORMAT; + +typedef CK_SP800_108_COUNTER_FORMAT CK_PTR CK_SP800_108_COUNTER_FORMAT_PTR; + +typedef CK_ULONG CK_SP800_108_DKM_LENGTH_METHOD; +#define CK_SP800_108_DKM_LENGTH_SUM_OF_KEYS 0x00000001UL +#define CK_SP800_108_DKM_LENGTH_SUM_OF_SEGMENTS 0x00000002UL + +typedef struct CK_SP800_108_DKM_LENGTH_FORMAT +{ + CK_SP800_108_DKM_LENGTH_METHOD dkmLengthMethod; + CK_BBOOL bLittleEndian; + CK_ULONG ulWidthInBits; +} CK_SP800_108_DKM_LENGTH_FORMAT; + +typedef CK_SP800_108_DKM_LENGTH_FORMAT \ + CK_PTR CK_SP800_108_DKM_LENGTH_FORMAT_PTR; + +typedef struct CK_DERIVED_KEY +{ + CK_ATTRIBUTE_PTR pTemplate; + CK_ULONG ulAttributeCount; + CK_OBJECT_HANDLE_PTR phKey; +} CK_DERIVED_KEY; + +typedef CK_DERIVED_KEY CK_PTR CK_DERIVED_KEY_PTR; + +typedef struct CK_SP800_108_KDF_PARAMS +{ + CK_SP800_108_PRF_TYPE prfType; + CK_ULONG ulNumberOfDataParams; + CK_PRF_DATA_PARAM_PTR pDataParams; + CK_ULONG ulAdditionalDerivedKeys; + CK_DERIVED_KEY_PTR pAdditionalDerivedKeys; +} CK_SP800_108_KDF_PARAMS; + +typedef CK_SP800_108_KDF_PARAMS CK_PTR CK_SP800_108_KDF_PARAMS_PTR; + +typedef struct CK_SP800_108_FEEDBACK_KDF_PARAMS +{ + CK_SP800_108_PRF_TYPE prfType; + CK_ULONG ulNumberOfDataParams; + CK_PRF_DATA_PARAM_PTR pDataParams; + CK_ULONG ulIVLen; + CK_BYTE_PTR pIV; + CK_ULONG ulAdditionalDerivedKeys; + CK_DERIVED_KEY_PTR pAdditionalDerivedKeys; +} CK_SP800_108_FEEDBACK_KDF_PARAMS; + +typedef CK_SP800_108_FEEDBACK_KDF_PARAMS \ + CK_PTR CK_SP800_108_FEEDBACK_KDF_PARAMS_PTR; + +/* EDDSA */ +typedef struct CK_EDDSA_PARAMS { + CK_BBOOL phFlag; + CK_ULONG ulContextDataLen; + CK_BYTE_PTR pContextData; +} CK_EDDSA_PARAMS; + +typedef CK_EDDSA_PARAMS CK_PTR CK_EDDSA_PARAMS_PTR; + +/* Extended ChaCha20/Salsa20 support*/ +typedef struct CK_CHACHA20_PARAMS { + CK_BYTE_PTR pBlockCounter; + CK_ULONG blockCounterBits; + CK_BYTE_PTR pNonce; + CK_ULONG ulNonceBits; +} CK_CHACHA20_PARAMS; + +typedef CK_CHACHA20_PARAMS CK_PTR CK_CHACHA20_PARAMS_PTR; + +typedef struct CK_SALSA20_PARAMS { + CK_BYTE_PTR pBlockCounter; + CK_BYTE_PTR pNonce; + CK_ULONG ulNonceBits; +} CK_SALSA20_PARAMS; +typedef CK_SALSA20_PARAMS CK_PTR CK_SALSA20_PARAMS_PTR; + +typedef struct CK_SALSA20_CHACHA20_POLY1305_PARAMS { + CK_BYTE_PTR pNonce; + CK_ULONG ulNonceLen; + CK_BYTE_PTR pAAD; + CK_ULONG ulAADLen; +} CK_SALSA20_CHACHA20_POLY1305_PARAMS; + +typedef CK_SALSA20_CHACHA20_POLY1305_PARAMS \ + CK_PTR CK_SALSA20_CHACHA20_POLY1305_PARAMS_PTR; + +typedef struct CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS { + CK_BYTE_PTR pNonce; + CK_ULONG ulNonceLen; + CK_BYTE_PTR pTag; +} CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS; + +typedef CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS \ + CK_PTR CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS_PTR; + +typedef CK_ULONG CK_X3DH_KDF_TYPE; +typedef CK_X3DH_KDF_TYPE CK_PTR CK_X3DH_KDF_TYPE_PTR; + +/* X3dh, ratchet */ +typedef struct CK_X3DH_INITIATE_PARAMS { + CK_X3DH_KDF_TYPE kdf; + CK_OBJECT_HANDLE pPeer_identity; + CK_OBJECT_HANDLE pPeer_prekey; + CK_BYTE_PTR pPrekey_signature; + CK_BYTE_PTR pOnetime_key; + CK_OBJECT_HANDLE pOwn_identity; + CK_OBJECT_HANDLE pOwn_ephemeral; +} CK_X3DH_INITIATE_PARAMS; + +typedef struct CK_X3DH_RESPOND_PARAMS { + CK_X3DH_KDF_TYPE kdf; + CK_BYTE_PTR pIdentity_id; + CK_BYTE_PTR pPrekey_id; + CK_BYTE_PTR pOnetime_id; + CK_OBJECT_HANDLE pInitiator_identity; + CK_BYTE_PTR pInitiator_ephemeral; +} CK_X3DH_RESPOND_PARAMS; + +typedef CK_ULONG CK_X2RATCHET_KDF_TYPE; +typedef CK_X2RATCHET_KDF_TYPE CK_PTR CK_X2RATCHET_KDF_TYPE_PTR; + +typedef struct CK_X2RATCHET_INITIALIZE_PARAMS { + CK_BYTE_PTR sk; + CK_OBJECT_HANDLE peer_public_prekey; + CK_OBJECT_HANDLE peer_public_identity; + CK_OBJECT_HANDLE own_public_identity; + CK_BBOOL bEncryptedHeader; + CK_ULONG eCurve; + CK_MECHANISM_TYPE aeadMechanism; + CK_X2RATCHET_KDF_TYPE kdfMechanism; +} CK_X2RATCHET_INITIALIZE_PARAMS; + +typedef CK_X2RATCHET_INITIALIZE_PARAMS \ + CK_PTR CK_X2RATCHET_INITIALIZE_PARAMS_PTR; + +typedef struct CK_X2RATCHET_RESPOND_PARAMS { + CK_BYTE_PTR sk; + CK_OBJECT_HANDLE own_prekey; + CK_OBJECT_HANDLE initiator_identity; + CK_OBJECT_HANDLE own_public_identity; + CK_BBOOL bEncryptedHeader; + CK_ULONG eCurve; + CK_MECHANISM_TYPE aeadMechanism; + CK_X2RATCHET_KDF_TYPE kdfMechanism; +} CK_X2RATCHET_RESPOND_PARAMS; +typedef CK_X2RATCHET_RESPOND_PARAMS \ + CK_PTR CK_X2RATCHET_RESPOND_PARAMS_PTR; + +typedef CK_ULONG CK_XEDDSA_HASH_TYPE; +typedef CK_XEDDSA_HASH_TYPE CK_PTR CK_XEDDSA_HASH_TYPE_PTR; + +/* XEDDSA */ +typedef struct CK_XEDDSA_PARAMS { + CK_XEDDSA_HASH_TYPE hash; +} CK_XEDDSA_PARAMS; +typedef CK_XEDDSA_PARAMS CK_PTR CK_XEDDSA_PARAMS_PTR; + +/* HKDF params */ +typedef struct CK_HKDF_PARAMS { + CK_BBOOL bExtract; + CK_BBOOL bExpand; + CK_MECHANISM_TYPE prfHashMechanism; + CK_ULONG ulSaltType; + CK_BYTE_PTR pSalt; + CK_ULONG ulSaltLen; + CK_OBJECT_HANDLE hSaltKey; + CK_BYTE_PTR pInfo; + CK_ULONG ulInfoLen; +} CK_HKDF_PARAMS; +typedef CK_HKDF_PARAMS CK_PTR CK_HKDF_PARAMS_PTR; + +#define CKF_HKDF_SALT_NULL 0x00000001UL +#define CKF_HKDF_SALT_DATA 0x00000002UL +#define CKF_HKDF_SALT_KEY 0x00000004UL + +/* HSS */ +typedef CK_ULONG CK_HSS_LEVELS; +typedef CK_ULONG CK_LMS_TYPE; +typedef CK_ULONG CK_LMOTS_TYPE; + +typedef struct specifiedParams { + CK_HSS_LEVELS levels; + CK_LMS_TYPE lm_type[8]; + CK_LMOTS_TYPE lm_ots_type[8]; +} specifiedParams; + +/* IKE Params */ +typedef struct CK_IKE2_PRF_PLUS_DERIVE_PARAMS { + CK_MECHANISM_TYPE prfMechanism; + CK_BBOOL bHasSeedKey; + CK_OBJECT_HANDLE hSeedKey; + CK_BYTE_PTR pSeedData; + CK_ULONG ulSeedDataLen; +} CK_IKE2_PRF_PLUS_DERIVE_PARAMS; +typedef CK_IKE2_PRF_PLUS_DERIVE_PARAMS CK_PTR CK_IKE2_PRF_PLUS_DERIVE_PARAMS_PTR; + +typedef struct CK_IKE_PRF_DERIVE_PARAMS { + CK_MECHANISM_TYPE prfMechanism; + CK_BBOOL bDataAsKey; + CK_BBOOL bRekey; + CK_BYTE_PTR pNi; + CK_ULONG ulNiLen; + CK_BYTE_PTR pNr; + CK_ULONG ulNrLen; + CK_OBJECT_HANDLE hNewKey; +} CK_IKE_PRF_DERIVE_PARAMS; +typedef CK_IKE_PRF_DERIVE_PARAMS CK_PTR CK_IKE_PRF_DERIVE_PARAMS_PTR; + +typedef struct CK_IKE1_PRF_DERIVE_PARAMS { + CK_MECHANISM_TYPE prfMechanism; + CK_BBOOL bHasPrevKey; + CK_OBJECT_HANDLE hKeygxy; + CK_OBJECT_HANDLE hPrevKey; + CK_BYTE_PTR pCKYi; + CK_ULONG ulCKYiLen; + CK_BYTE_PTR pCKYr; + CK_ULONG ulCKYrLen; + CK_BYTE keyNumber; +} CK_IKE1_PRF_DERIVE_PARAMS; +typedef CK_IKE1_PRF_DERIVE_PARAMS CK_PTR CK_IKE1_PRF_DERIVE_PARAMS_PTR; + +typedef struct CK_IKE1_EXTENDED_DERIVE_PARAMS { + CK_MECHANISM_TYPE prfMechanism; + CK_BBOOL bHasKeygxy; + CK_OBJECT_HANDLE hKeygxy; + CK_BYTE_PTR pExtraData; + CK_ULONG ulExtraDataLen; +} CK_IKE1_EXTENDED_DERIVE_PARAMS; +typedef CK_IKE1_EXTENDED_DERIVE_PARAMS CK_PTR CK_IKE1_EXTENDED_DERIVE_PARAMS_PTR; + +#endif /* _PKCS11T_H_ */ + diff --git a/crate/pyo3/Cargo.toml b/crate/pyo3/Cargo.toml index b50ea1b7a..d502609ef 100644 --- a/crate/pyo3/Cargo.toml +++ b/crate/pyo3/Cargo.toml @@ -1,9 +1,11 @@ [package] name = "cosmian_kms_python" -version = "4.15.2" -authors = ["Hugo Rosenkranz-Costa "] -edition = "2021" -license-file = "../../LICENSE" +version.workspace = true +authors.workspace = true +edition.workspace = true +license.workspace = true +repository.workspace = true +rust-version.workspace = true [lib] crate-type = ["cdylib"] diff --git a/crate/pyo3/src/py_kms_client.rs b/crate/pyo3/src/py_kms_client.rs index 4eccc232f..5c1f33069 100644 --- a/crate/pyo3/src/py_kms_client.rs +++ b/crate/pyo3/src/py_kms_client.rs @@ -22,7 +22,6 @@ use cosmian_kmip::{ kmip_operations::Get, kmip_types::{CryptographicAlgorithm, RevocationReason}, }, - KmipResultHelper, }; use cosmian_kms_client::KmsClient as RustKmsClient; use openssl::x509::X509; @@ -48,14 +47,8 @@ macro_rules! rekey_keypair { .await .map_err(|e| PyException::new_err(e.to_string()))?; Ok(( - response - .public_key_unique_identifier - .to_string() - .context("The server did not return the public key uid as a string")?, - response - .private_key_unique_identifier - .to_string() - .context("The server did not return the private key uid as a string")?, + response.public_key_unique_identifier.to_string(), + response.private_key_unique_identifier.to_string(), )) }) }}; @@ -175,14 +168,8 @@ impl KmsClient { .await .map_err(|e| PyException::new_err(e.to_string()))?; Ok(( - response - .public_key_unique_identifier - .to_string() - .context("The server did not return the public key uid as a string")?, - response - .private_key_unique_identifier - .to_string() - .context("The server did not return the private key uid as a string")?, + response.public_key_unique_identifier.to_string(), + response.private_key_unique_identifier.to_string(), )) }) } @@ -237,10 +224,7 @@ impl KmsClient { .import(request) .await .map_err(|e| PyException::new_err(e.to_string()))?; - Ok(response - .unique_identifier - .to_string() - .context("The server did not return the key uid as a string")?) + Ok(response.unique_identifier.to_string()) }) } @@ -286,10 +270,7 @@ impl KmsClient { .import(request) .await .map_err(|e| PyException::new_err(e.to_string()))?; - Ok(response - .unique_identifier - .to_string() - .context("The server did not return the public key uid as a string")?) + Ok(response.unique_identifier.to_string()) }) } @@ -484,10 +465,7 @@ impl KmsClient { .create(request) .await .map_err(|e| PyException::new_err(e.to_string()))?; - Ok(response - .unique_identifier - .to_string() - .expect("The server did not return the user secret key uid as a string")) + Ok(response.unique_identifier.to_string()) }) } @@ -536,10 +514,7 @@ impl KmsClient { .import(request) .await .map_err(|e| PyException::new_err(e.to_string()))?; - Ok(response - .unique_identifier - .to_string() - .expect("The server did not return the user secret key uid as a string")) + Ok(response.unique_identifier.to_string()) }) } @@ -574,7 +549,6 @@ impl KmsClient { header_metadata, authentication_data, None, - None, ) .map_err(|e| PyException::new_err(e.to_string()))?; @@ -614,7 +588,6 @@ impl KmsClient { None, authentication_data, None, - None, ); let client = self.0.clone(); @@ -690,10 +663,7 @@ impl KmsClient { .revoke(request) .await .map_err(|e| PyException::new_err(e.to_string()))?; - Ok(response - .unique_identifier - .to_string() - .context("The server did not return the revoked key uid as a string")?) + Ok(response.unique_identifier.to_string()) }) } @@ -720,10 +690,7 @@ impl KmsClient { .destroy(request) .await .map_err(|e| PyException::new_err(e.to_string()))?; - Ok(response - .unique_identifier - .to_string() - .context("The server did not return the destroyed key uid as a string")?) + Ok(response.unique_identifier.to_string()) }) } @@ -770,10 +737,7 @@ impl KmsClient { .await .map_err(|e| PyException::new_err(e.to_string()))?; - Ok(response - .unique_identifier - .to_string() - .context("The server did not return the key uid as a string")?) + Ok(response.unique_identifier.to_string()) }) } @@ -792,9 +756,8 @@ impl KmsClient { key_identifier: ToUniqueIdentifier, py: Python<'p>, ) -> PyResult<&PyAny> { - let request = - build_encryption_request(&key_identifier.0, None, data, None, None, None, None) - .map_err(|e| PyException::new_err(e.to_string()))?; + let request = build_encryption_request(&key_identifier.0, None, data, None, None, None) + .map_err(|e| PyException::new_err(e.to_string()))?; let client = self.0.clone(); pyo3_asyncio::tokio::future_into_py(py, async move { @@ -831,7 +794,6 @@ impl KmsClient { authentication_encryption_tag, None, None, - None, ); let client = self.0.clone(); diff --git a/crate/pyo3/src/py_kms_object.rs b/crate/pyo3/src/py_kms_object.rs index cd6a5672e..e8815358a 100644 --- a/crate/pyo3/src/py_kms_object.rs +++ b/crate/pyo3/src/py_kms_object.rs @@ -49,7 +49,7 @@ impl KmsEncryptResponse { /// Returns: /// String pub fn unique_identifier(&self) -> String { - self.0.unique_identifier.to_string().unwrap_or_default() + self.0.unique_identifier.to_string() } /// Retrieves data bytes diff --git a/crate/server/Cargo.toml b/crate/server/Cargo.toml index 9601d182f..b9b952732 100644 --- a/crate/server/Cargo.toml +++ b/crate/server/Cargo.toml @@ -1,9 +1,11 @@ [package] name = "cosmian_kms_server" -version = "4.15.2" -authors = ["Bruno Grieder "] -edition = "2021" -license-file = "../../LICENSE" +version.workspace = true +authors.workspace = true +edition.workspace = true +license.workspace = true +repository.workspace = true +rust-version.workspace = true description = "Cosmian Key Management Service" [[bin]] @@ -114,8 +116,8 @@ zeroize = { workspace = true } [dev-dependencies] actix-http = "3.6" -pem = "3.0.3" cosmian_logger = { path = "../logger" } +pem = "3.0.3" [build-dependencies] actix-http = "3.6" diff --git a/crate/server/src/core/cover_crypt/locate_user_decryption_keys.rs b/crate/server/src/core/cover_crypt/locate_user_decryption_keys.rs index 05ee7ede6..6227ac1cc 100644 --- a/crate/server/src/core/cover_crypt/locate_user_decryption_keys.rs +++ b/crate/server/src/core/cover_crypt/locate_user_decryption_keys.rs @@ -13,7 +13,7 @@ use cosmian_kmip::{ use crate::{ core::{extra_database_params::ExtraDatabaseParams, operations, KMS}, - result::{KResult, KResultHelper}, + result::KResult, }; /// Locate all the user decryption keys associated with the master private key @@ -51,12 +51,9 @@ pub(crate) async fn locate_user_decryption_keys( }; let locate_response = operations::locate(kmip_server, locate_request, state, owner, params).await?; - locate_response - .unique_identifiers - .map(|ids| { - ids.into_iter() - .map(|id| id.to_string().context("locate_user_decryption_keys")) - .collect::>>() - }) - .transpose() + Ok(locate_response.unique_identifiers.map(|ids| { + ids.into_iter() + .map(|id| id.to_string()) + .collect::>() + })) } diff --git a/crate/server/src/core/operations/decrypt.rs b/crate/server/src/core/operations/decrypt.rs index f1f6326a0..9821fcb5f 100644 --- a/crate/server/src/core/operations/decrypt.rs +++ b/crate/server/src/core/operations/decrypt.rs @@ -1,12 +1,14 @@ use cloudproof::reexport::cover_crypt::Covercrypt; #[cfg(not(feature = "fips"))] use cosmian_kmip::crypto::elliptic_curves::ecies::ecies_decrypt; +#[cfg(not(feature = "fips"))] +use cosmian_kmip::crypto::rsa::ckm_rsa_pkcs::ckm_rsa_pkcs_decrypt; use cosmian_kmip::{ crypto::{ cover_crypt::{attributes, decryption::CovercryptDecryption}, rsa::{ - ckm_rsa_pkcs_oaep::ckm_rsa_pkcs_oaep_key_decrypt, - rsa_oaep_aes_gcm::rsa_oaep_aes_gcm_decrypt, + ckm_rsa_aes_key_wrap::ckm_rsa_aes_key_unwrap, + ckm_rsa_pkcs_oaep::ckm_rsa_pkcs_oaep_key_decrypt, default_cryptographic_parameters, }, symmetric::aead::{aead_decrypt, AeadCipher}, DecryptionSystem, @@ -15,8 +17,8 @@ use cosmian_kmip::{ kmip_objects::{Object, ObjectType}, kmip_operations::{Decrypt, DecryptResponse, ErrorReason}, kmip_types::{ - CryptographicAlgorithm, CryptographicParameters, CryptographicUsageMask, - HashingAlgorithm, KeyFormatType, PaddingMethod, StateEnumeration, UniqueIdentifier, + CryptographicAlgorithm, CryptographicParameters, CryptographicUsageMask, KeyFormatType, + PaddingMethod, StateEnumeration, UniqueIdentifier, }, }, openssl::kmip_private_key_to_openssl, @@ -232,7 +234,6 @@ fn decrypt_with_pkey( private_key, request.cryptographic_parameters.as_ref(), ciphertext, - request.authenticated_encryption_additional_data.as_deref(), )?, #[cfg(not(feature = "fips"))] Id::EC | Id::X25519 | Id::ED25519 => ecies_decrypt(private_key, ciphertext)?, @@ -251,35 +252,27 @@ fn decrypt_with_rsa( private_key: &PKey, cryptographic_parameters: Option<&CryptographicParameters>, ct: &[u8], - aad: Option<&[u8]>, ) -> KResult>> { - let (algorithm, padding, hashing_fn) = cryptographic_parameters - .map(|cp| { - ( - cp.cryptographic_algorithm - .unwrap_or(CryptographicAlgorithm::RSA), - cp.padding_method.unwrap_or(PaddingMethod::OAEP), - cp.hashing_algorithm.unwrap_or(HashingAlgorithm::SHA256), - ) - }) - .unwrap_or_else(|| { - ( - // default to CKM_RSA_PKCS_OAEP_KEY_WRAP - CryptographicAlgorithm::RSA, - PaddingMethod::OAEP, - HashingAlgorithm::SHA256, - ) - }); + let (algorithm, padding, hashing_fn) = + default_cryptographic_parameters(cryptographic_parameters); + trace!( + "decrypt_with_rsa: algorithm: {:?}, padding: {:?}, hashing_fn: {:?}", + algorithm, + padding, + hashing_fn + ); - if padding != PaddingMethod::OAEP { - kms_bail!("Unable to decrypt with RSA: padding method not supported: {padding:?}") - } - let plaintext = match algorithm { - CryptographicAlgorithm::AES => rsa_oaep_aes_gcm_decrypt(private_key, hashing_fn, ct, aad)?, - CryptographicAlgorithm::RSA => ckm_rsa_pkcs_oaep_key_decrypt(private_key, hashing_fn, ct)?, - x => { - kms_bail!("Unable to decrypt with RSA: algorithm not supported for decrypting: {x:?}") + Ok(match (algorithm, padding) { + (CryptographicAlgorithm::AES, PaddingMethod::OAEP) => { + ckm_rsa_aes_key_unwrap(private_key, hashing_fn, ct)? } - }; - Ok(plaintext) + (CryptographicAlgorithm::RSA, PaddingMethod::OAEP) => { + ckm_rsa_pkcs_oaep_key_decrypt(private_key, hashing_fn, ct)? + } + #[cfg(not(feature = "fips"))] + (CryptographicAlgorithm::RSA, PaddingMethod::PKCS1v15) => { + ckm_rsa_pkcs_decrypt(private_key, ct)? + } + _ => kms_bail!("Decrypt: algorithm or padding method not supported for RSA decryption"), + }) } diff --git a/crate/server/src/core/operations/encrypt.rs b/crate/server/src/core/operations/encrypt.rs index 47a008e73..8aacdb4da 100644 --- a/crate/server/src/core/operations/encrypt.rs +++ b/crate/server/src/core/operations/encrypt.rs @@ -1,12 +1,14 @@ use cloudproof::reexport::cover_crypt::Covercrypt; #[cfg(not(feature = "fips"))] use cosmian_kmip::crypto::elliptic_curves::ecies::ecies_encrypt; +#[cfg(not(feature = "fips"))] +use cosmian_kmip::crypto::rsa::ckm_rsa_pkcs::ckm_rsa_pkcs_encrypt; use cosmian_kmip::{ crypto::{ cover_crypt::encryption::CoverCryptEncryption, rsa::{ - ckm_rsa_pkcs_oaep::ckm_rsa_pkcs_oaep_encrypt, - rsa_oaep_aes_gcm::rsa_oaep_aes_gcm_encrypt, + ckm_rsa_aes_key_wrap::ckm_rsa_aes_key_wrap, + ckm_rsa_pkcs_oaep::ckm_rsa_pkcs_oaep_encrypt, default_cryptographic_parameters, }, symmetric::aead::{aead_encrypt, random_nonce, AeadCipher}, EncryptionSystem, @@ -15,8 +17,8 @@ use cosmian_kmip::{ kmip_objects::{Object, ObjectType}, kmip_operations::{Encrypt, EncryptResponse, ErrorReason}, kmip_types::{ - CryptographicAlgorithm, CryptographicParameters, CryptographicUsageMask, - HashingAlgorithm, KeyFormatType, PaddingMethod, StateEnumeration, UniqueIdentifier, + CryptographicAlgorithm, CryptographicParameters, CryptographicUsageMask, KeyFormatType, + PaddingMethod, StateEnumeration, UniqueIdentifier, }, }, openssl::kmip_public_key_to_openssl, @@ -103,7 +105,7 @@ async fn get_key( if !owm_s.is_empty() { return Err(KmsError::InvalidRequest(format!( "get: too many objects for key {uid_or_tags}", - ))) + ))); } // the key must be active @@ -244,7 +246,6 @@ fn encrypt_with_pkey( public_key, request.cryptographic_parameters.as_ref(), plaintext, - request.authenticated_encryption_additional_data.as_deref(), )?, #[cfg(not(feature = "fips"))] Id::EC | Id::X25519 | Id::ED25519 => ecies_encrypt(public_key, plaintext)?, @@ -265,36 +266,24 @@ fn encrypt_with_rsa( public_key: &PKey, cryptographic_parameters: Option<&CryptographicParameters>, plaintext: &[u8], - aad: Option<&[u8]>, ) -> KResult> { - let (algorithm, padding, hashing_fn) = cryptographic_parameters - .map(|cp| { - ( - cp.cryptographic_algorithm - .unwrap_or(CryptographicAlgorithm::RSA), - cp.padding_method.unwrap_or(PaddingMethod::OAEP), - cp.hashing_algorithm.unwrap_or(HashingAlgorithm::SHA256), - ) - }) - .unwrap_or_else(|| { - ( - // default to CKM_RSA_PKCS_OAEP_KEY_WRAP - CryptographicAlgorithm::RSA, - PaddingMethod::OAEP, - HashingAlgorithm::SHA256, - ) - }); + let (algorithm, padding, hashing_fn) = + default_cryptographic_parameters(cryptographic_parameters); - if padding != PaddingMethod::OAEP { - kms_bail!("Unable to encrypt with RSA: padding method not supported: {padding:?}") - } let ciphertext = match algorithm { - CryptographicAlgorithm::AES => { - rsa_oaep_aes_gcm_encrypt(public_key, hashing_fn, plaintext, aad)? - } - CryptographicAlgorithm::RSA => { - ckm_rsa_pkcs_oaep_encrypt(public_key, hashing_fn, plaintext)? - } + CryptographicAlgorithm::AES => match padding { + PaddingMethod::OAEP => ckm_rsa_aes_key_wrap(public_key, hashing_fn, plaintext)?, + _ => kms_bail!( + "Unable to encrypt with RSA AES KEY WRAP: padding method not supported: \ + {padding:?}" + ), + }, + CryptographicAlgorithm::RSA => match padding { + PaddingMethod::OAEP => ckm_rsa_pkcs_oaep_encrypt(public_key, hashing_fn, plaintext)?, + #[cfg(not(feature = "fips"))] + PaddingMethod::PKCS1v15 => ckm_rsa_pkcs_encrypt(public_key, plaintext)?, + _ => kms_bail!("Unable to encrypt with RSA: padding method not supported: {padding:?}"), + }, x => { kms_bail!("Unable to encrypt with RSA: algorithm not supported for encrypting: {x:?}") } diff --git a/crate/server/src/core/operations/export_utils.rs b/crate/server/src/core/operations/export_utils.rs index af9c50909..20c20c1c5 100644 --- a/crate/server/src/core/operations/export_utils.rs +++ b/crate/server/src/core/operations/export_utils.rs @@ -622,7 +622,7 @@ async fn post_process_pkcs12_for_private_key( .key_wrapping_specification .as_ref() .and_then(|kws| kws.encryption_key_information.as_ref()) - .and_then(|eki| eki.unique_identifier.to_string()) + .map(|eki| eki.unique_identifier.to_string()) .unwrap_or_default(); // Create the PKCS12 let pkcs12 = openssl::pkcs12::Pkcs12::builder() diff --git a/crate/server/src/core/operations/import.rs b/crate/server/src/core/operations/import.rs index f5ed3ed8f..548233735 100644 --- a/crate/server/src/core/operations/import.rs +++ b/crate/server/src/core/operations/import.rs @@ -85,11 +85,25 @@ async fn process_symmetric_key( ) -> Result<(String, Vec), KmsError> { // recover user tags let mut attributes = request.attributes; + attributes.object_type = Some(ObjectType::SymmetricKey); + #[cfg(not(feature = "fips"))] + // In non-FIPS mode, if no CryptographicUsageMask has been specified, + // default to Unrestricted. + if attributes.cryptographic_usage_mask.is_none() { + attributes.set_cryptographic_usage_mask(Some(CryptographicUsageMask::Unrestricted)); + } + let mut tags = attributes.remove_tags(); - if let Some(tags) = tags.as_ref() { + if let Some(tags) = tags.as_mut() { Attributes::check_user_tags(tags)?; + // Insert the tag corresponding to the object type if tags should be + // updated. + tags.insert("_kk".to_string()); } + // check if the object will be replaced if it already exists + let replace_existing = request.replace_existing.unwrap_or(false); + let mut object = request.object; // unwrap key block if required let object_key_block = object.key_block_mut()?; @@ -97,38 +111,21 @@ async fn process_symmetric_key( if request.key_wrap_type == Some(KeyWrapType::NotWrapped) { unwrap_key(object_key_block, kms, owner, params).await?; } - // replace attributes - attributes.object_type = Some(ObjectType::SymmetricKey); - - #[cfg(not(feature = "fips"))] - // In non-FIPS mode, if no CryptographicUsageMask has been specified, - // default to Unrestricted. - if attributes.cryptographic_usage_mask.is_none() { - attributes.cryptographic_usage_mask = Some(CryptographicUsageMask::Unrestricted); - } - + // Replace attributes in object structure. object_key_block.key_value.attributes = Some(Box::new(attributes.clone())); - let uid = match request.unique_identifier.to_string().unwrap_or_default() { + let uid = match request.unique_identifier.to_string() { uid if uid.is_empty() => Uuid::new_v4().to_string(), uid => uid, }; - // insert the tag corresponding to the object type if tags should be updated - if let Some(tags) = tags.as_mut() { - tags.insert("_sk".to_string()); - } - - let sk_attributes = object.attributes()?.clone(); - // check if the object will be replaced if it already exists - let replace_existing = request.replace_existing.unwrap_or(false); Ok(( uid.clone(), vec![single_operation( tags, replace_existing, object, - sk_attributes, + attributes, uid, )], )) @@ -136,12 +133,18 @@ async fn process_symmetric_key( fn process_certificate(request: Import) -> Result<(String, Vec), KmsError> { // recover user tags - let mut request_attributes = request.attributes; - let mut user_tags = request_attributes.remove_tags(); - if let Some(tags) = user_tags.as_ref() { + let mut attributes = request.attributes; + let mut user_tags = attributes.remove_tags(); + if let Some(tags) = user_tags.as_mut() { Attributes::check_user_tags(tags)?; + // Insert the tag corresponding to the object type if tags should be + // updated. + tags.insert("_cert".to_string()); } + // check if the object will be replaced if it already exists + let replace_existing = request.replace_existing.unwrap_or(false); + // The specification says that this should be DER bytes let certificate_der_bytes = match request.object { Certificate { @@ -157,14 +160,9 @@ fn process_certificate(request: Import) -> Result<(String, Vec) let certificate = X509::from_der(&certificate_der_bytes)?; let certificate_attributes = CertificateAttributes::from(&certificate); - // insert the tag corresponding to the object type if tags should be updated - if let Some(tags) = user_tags.as_mut() { - tags.insert("_cert".to_string()); - }; - // convert the certificate to a KMIP object let (unique_id, object) = openssl_certificate_to_kmip(&certificate)?; - let uid = match request.unique_identifier.to_string().unwrap_or_default() { + let uid = match request.unique_identifier.to_string() { uid if uid.is_empty() => unique_id, uid => uid, }; @@ -172,21 +170,19 @@ fn process_certificate(request: Import) -> Result<(String, Vec) let certificate_attributes = Attributes { certificate_type: Some(CertificateType::X509), key_format_type: Some(KeyFormatType::X509), - link: request_attributes.link, + link: attributes.link, object_type: Some(ObjectType::Certificate), unique_identifier: Some(UniqueIdentifier::TextString(uid.clone())), certificate_attributes: Some(Box::new(certificate_attributes)), #[cfg(not(feature = "fips"))] // In non-FIPS mode, if no CryptographicUsageMask has been specified, // default to Unrestricted. - cryptographic_usage_mask: request_attributes + cryptographic_usage_mask: attributes .cryptographic_usage_mask .or(Some(CryptographicUsageMask::Unrestricted)), ..Attributes::default() }; - // check if the object will be replaced if it already exists - let replace_existing = request.replace_existing.unwrap_or(false); Ok(( uid.clone(), vec![single_operation( @@ -206,39 +202,44 @@ async fn process_public_key( params: Option<&ExtraDatabaseParams>, ) -> Result<(String, Vec), KmsError> { // recover user tags - let mut request_attributes = request.attributes; - let mut tags = request_attributes.remove_tags(); - if let Some(tags) = tags.as_ref() { + let mut attributes = request.attributes; + #[cfg(not(feature = "fips"))] + // In non-FIPS mode, if no CryptographicUsageMask has been specified, + // default to Unrestricted. + if attributes.cryptographic_usage_mask.is_none() { + attributes.cryptographic_usage_mask = Some(CryptographicUsageMask::Unrestricted); + } + + let mut tags = attributes.remove_tags(); + if let Some(tags) = tags.as_mut() { Attributes::check_user_tags(tags)?; + tags.insert("_pk".to_string()); } - // unwrap key block if required - let object = { + // check if the object will be replaced if it already exists + let replace_existing = request.replace_existing.unwrap_or(false); + + // convert to PKCS8 if not wrapped and not Covercrypt + let mut object = { let mut object = request.object; + let object_key_block = object.key_block_mut()?; + // Unwrap the key_block if required. if request.key_wrap_type == Some(KeyWrapType::NotWrapped) { - let object_key_block = object.key_block_mut()?; unwrap_key(object_key_block, kms, owner, params).await?; } - object - }; - // convert to PKCS8 if not wrapped and not Covercrypt - let mut object = { - let object_key_block = object.key_block()?; - // if the key is not wrapped, try to parse it as an openssl object and import it - // else import it as such + // If the key is not wrapped, try to parse it as an openssl object and + // import it else import it as such // TODO: add Covercrypt keys when support for SPKI is added // TODO: https://github.com/Cosmian/cover_crypt/issues/118 if object_key_block.key_wrapping_data.is_none() && object_key_block.cryptographic_algorithm != Some(CryptographicAlgorithm::CoverCrypt) { - // first, see if the public key can be parsed as an openssl object - let openssl_pk = kmip_public_key_to_openssl(&(object.clone()))?; - // convert back to KMIP Object + // Check if the public key can be parsed as an openssl object openssl_public_key_to_kmip( - &openssl_pk, + &kmip_public_key_to_openssl(&object)?, KeyFormatType::PKCS8, - request_attributes.cryptographic_usage_mask, + attributes.cryptographic_usage_mask, )? } else { object @@ -252,39 +253,21 @@ async fn process_public_key( .key_value .attributes .get_or_insert(Box::default()), - &request_attributes, + &attributes, ); - if let Some(tags) = tags.as_mut() { - tags.insert("_pk".to_string()); - } - - let uid = match request.unique_identifier.to_string().unwrap_or_default() { + let uid = match request.unique_identifier.to_string() { uid if uid.is_empty() => Uuid::new_v4().to_string(), uid => uid, }; - #[cfg(feature = "fips")] - let public_key_attributes = object.attributes()?.clone(); - #[cfg(not(feature = "fips"))] - let mut public_key_attributes = object.attributes_mut()?.clone(); - - #[cfg(not(feature = "fips"))] - // In non-FIPS mode, if no CryptographicUsageMask has been specified, - // default to Unrestricted. - if request_attributes.cryptographic_usage_mask.is_none() { - public_key_attributes.cryptographic_usage_mask = Some(CryptographicUsageMask::Unrestricted); - } - - // check if the object will be replaced if it already exists - let replace_existing = request.replace_existing.unwrap_or(false); Ok(( uid.clone(), vec![single_operation( tags, replace_existing, object, - public_key_attributes, + attributes, uid, )], )) @@ -296,55 +279,47 @@ async fn process_private_key( owner: &str, params: Option<&ExtraDatabaseParams>, ) -> Result<(String, Vec), KmsError> { - // recover user tags - let mut request_attributes = request.attributes; - let tags = request_attributes.remove_tags(); - // insert the tag corresponding to the object type if tags should be updated + // Recover user tags. + let mut attributes = request.attributes; + #[cfg(not(feature = "fips"))] + // In non-FIPS mode, if no CryptographicUsageMask has been specified, + // default to Unrestricted. + if attributes.cryptographic_usage_mask.is_none() { + attributes.cryptographic_usage_mask = Some(CryptographicUsageMask::Unrestricted); + } + + let tags = attributes.remove_tags(); + // Insert the tag corresponding to the object type if tags should be + // updated. if let Some(tags) = tags.as_ref() { Attributes::check_user_tags(tags)?; } - // whether the object will be replaced if it already exists + // Whether the object will be replaced if it already exists. let replace_existing = request.replace_existing.unwrap_or(false); - // unwrap key block if required - let mut object = { - let mut object = request.object; - if request.key_wrap_type == Some(KeyWrapType::NotWrapped) { - let object_key_block = object.key_block_mut()?; - unwrap_key(object_key_block, kms, owner, params).await?; - } - object - }; - - // Process based on the key block type - let key_block = object.key_block()?; - - #[cfg(not(feature = "fips"))] - // In non-FIPS mode, if no CryptographicUsageMask has been specified, - // default to Unrestricted. - if request_attributes.cryptographic_usage_mask.is_none() { - request_attributes.cryptographic_usage_mask = Some(CryptographicUsageMask::Unrestricted); + // Process based on the key block type. + let mut object = request.object; + let object_key_block = object.key_block_mut()?; + if request.key_wrap_type == Some(KeyWrapType::NotWrapped) { + unwrap_key(object_key_block, kms, owner, params).await?; } - - // wrapped keys and Covercrypt keys - // cannot be further processed and must be imported as such + // Wrapped keys and Covercrypt keys cannot be further processed and must be + // imported as such. // TODO: remove Covercrypt keys from this exception when support for PKCS#8 is added // TODO: https://github.com/Cosmian/cover_crypt/issues/118 - if key_block.key_wrapping_data.is_some() - || key_block.cryptographic_algorithm == Some(CryptographicAlgorithm::CoverCrypt) + if object_key_block.key_wrapping_data.is_some() + || object_key_block.cryptographic_algorithm == Some(CryptographicAlgorithm::CoverCrypt) { - let object_key_block = object.key_block_mut()?; // add imported links to attributes add_imported_links_to_attributes( - &mut request_attributes, + &mut attributes, object_key_block .key_value .attributes .get_or_insert(Box::default()), ); - // build ui if needed - let uid = match request.unique_identifier.to_string().unwrap_or_default() { + let uid = match request.unique_identifier.to_string() { uid if uid.is_empty() => Uuid::new_v4().to_string(), uid => uid, }; @@ -355,33 +330,31 @@ async fn process_private_key( tags, replace_existing, object, - request_attributes, + attributes, uid, )], )) } // PKCS12 have their own processing - if key_block.key_format_type == KeyFormatType::PKCS12 { + if object_key_block.key_format_type == KeyFormatType::PKCS12 { //PKCS#12 contain more than just a private key, perform specific processing return process_pkcs12( request.unique_identifier.as_str().unwrap_or_default(), object, - request_attributes, + attributes, tags, - request.replace_existing.unwrap_or(false), + replace_existing, ) .await } // Process a "standard" private key - // first, see if the private key can be parsed as an openssl object - let openssl_sk = kmip_private_key_to_openssl(&object)?; - // generate a KMIP private key + // Check if the private key can be parsed as an openssl object. let (sk_uid, sk, sk_tags) = private_key_from_openssl( - openssl_sk, + kmip_private_key_to_openssl(&object)?, tags, - &mut request_attributes, + &mut attributes, request.unique_identifier.as_str().unwrap_or_default(), )?; Ok(( @@ -390,7 +363,7 @@ async fn process_private_key( sk_tags, replace_existing, sk, - request_attributes, + attributes, sk_uid, )], )) diff --git a/crate/server/src/core/operations/wrapping/unwrap.rs b/crate/server/src/core/operations/wrapping/unwrap.rs index c65faa7f1..95a808782 100644 --- a/crate/server/src/core/operations/wrapping/unwrap.rs +++ b/crate/server/src/core/operations/wrapping/unwrap.rs @@ -31,10 +31,7 @@ pub async fn unwrap_key( ) -> KResult<()> { let unwrapping_key_uid = match &object_key_block.key_wrapping_data { Some(kwd) => match &kwd.encryption_key_information { - Some(eki) => eki - .unique_identifier - .to_string() - .context("unwrap_key: unable to unwrap key: unwrapping key uid is not a string")?, + Some(eki) => eki.unique_identifier.to_string(), None => kms_bail!("unwrap_key: unable to unwrap key: unwrapping key uid is missing"), }, None => kms_bail!("unwrap_key: unable to unwrap key: key wrapping data is missing"), diff --git a/crate/server/src/tests/cover_crypt_tests/integration_tests.rs b/crate/server/src/tests/cover_crypt_tests/integration_tests.rs index e04ff4a1a..eaeb1368b 100644 --- a/crate/server/src/tests/cover_crypt_tests/integration_tests.rs +++ b/crate/server/src/tests/cover_crypt_tests/integration_tests.rs @@ -19,7 +19,9 @@ use cosmian_kmip::{ CreateKeyPairResponse, CreateResponse, DecryptResponse, DecryptedData, DestroyResponse, EncryptResponse, ReKeyKeyPairResponse, Revoke, RevokeResponse, }, - kmip_types::{CryptographicAlgorithm, RevocationReason, UniqueIdentifier}, + kmip_types::{ + CryptographicAlgorithm, CryptographicParameters, RevocationReason, UniqueIdentifier, + }, }, }; @@ -78,8 +80,10 @@ async fn integration_tests_use_ids_no_tags() -> KResult<()> { data.to_vec(), Some(header_metadata.clone()), Some(authentication_data.clone()), - Some(CryptographicAlgorithm::CoverCrypt), - None, + Some(CryptographicParameters { + cryptographic_algorithm: Some(CryptographicAlgorithm::CoverCrypt), + ..Default::default() + }), )?; let encrypt_response: EncryptResponse = test_utils::post(&app, request).await?; @@ -108,7 +112,6 @@ async fn integration_tests_use_ids_no_tags() -> KResult<()> { None, Some(authentication_data.clone()), None, - None, ); let decrypt_response: DecryptResponse = test_utils::post(&app, request).await?; @@ -137,7 +140,6 @@ async fn integration_tests_use_ids_no_tags() -> KResult<()> { None, Some(authentication_data.clone()), None, - None, )?; let encrypt_response: EncryptResponse = test_utils::post(&app, &request).await?; @@ -182,7 +184,6 @@ async fn integration_tests_use_ids_no_tags() -> KResult<()> { None, Some(authentication_data.clone()), None, - None, ); let decrypt_response: DecryptResponse = test_utils::post(&app, &request).await?; @@ -204,7 +205,6 @@ async fn integration_tests_use_ids_no_tags() -> KResult<()> { None, Some(authentication_data.clone()), None, - None, ); let decrypt_response: DecryptResponse = test_utils::post(&app, &request).await?; @@ -266,8 +266,10 @@ async fn integration_tests_use_ids_no_tags() -> KResult<()> { data.to_vec(), None, Some(authentication_data.clone()), - Some(CryptographicAlgorithm::CoverCrypt), - None, + Some(CryptographicParameters { + cryptographic_algorithm: Some(CryptographicAlgorithm::CoverCrypt), + ..Default::default() + }), )?; let encrypt_response: EncryptResponse = test_utils::post(&app, &request).await?; let new_encrypted_data = encrypt_response @@ -282,7 +284,6 @@ async fn integration_tests_use_ids_no_tags() -> KResult<()> { None, Some(authentication_data.clone()), None, - None, ); let post_ttlv_decrypt: KResult = test_utils::post(&app, &request).await; assert!(post_ttlv_decrypt.is_err()); @@ -295,7 +296,6 @@ async fn integration_tests_use_ids_no_tags() -> KResult<()> { None, Some(authentication_data.clone()), None, - None, ); let decrypt_response: DecryptResponse = test_utils::post(&app, &request).await?; let decrypted_data: DecryptedData = decrypt_response @@ -326,7 +326,6 @@ async fn integration_tests_use_ids_no_tags() -> KResult<()> { None, Some(authentication_data.clone()), None, - None, ); let post_ttlv_decrypt: KResult = test_utils::post(&app, &request).await; assert!(post_ttlv_decrypt.is_err()); @@ -361,8 +360,10 @@ async fn integration_tests_use_ids_no_tags() -> KResult<()> { data.to_vec(), None, Some(authentication_data.clone()), - Some(CryptographicAlgorithm::CoverCrypt), - None, + Some(CryptographicParameters { + cryptographic_algorithm: Some(CryptographicAlgorithm::CoverCrypt), + ..Default::default() + }), )?; let encrypt_response: KResult = test_utils::post(&app, &request).await; assert!(encrypt_response.is_ok()); @@ -391,8 +392,10 @@ async fn integration_tests_use_ids_no_tags() -> KResult<()> { data.to_vec(), None, Some(authentication_data.clone()), - Some(CryptographicAlgorithm::CoverCrypt), - None, + Some(CryptographicParameters { + cryptographic_algorithm: Some(CryptographicAlgorithm::CoverCrypt), + ..Default::default() + }), )?; let encrypt_response: KResult = test_utils::post(&app, &request).await; assert!(encrypt_response.is_ok()); @@ -419,8 +422,10 @@ async fn integration_tests_use_ids_no_tags() -> KResult<()> { data.to_vec(), None, Some(authentication_data.clone()), - Some(CryptographicAlgorithm::CoverCrypt), - None, + Some(CryptographicParameters { + cryptographic_algorithm: Some(CryptographicAlgorithm::CoverCrypt), + ..Default::default() + }), )?; let encrypt_response: KResult = test_utils::post(&app, &request).await; assert!(encrypt_response.is_err()); @@ -446,8 +451,10 @@ async fn integration_tests_use_ids_no_tags() -> KResult<()> { data.to_vec(), None, Some(authentication_data.clone()), - Some(CryptographicAlgorithm::CoverCrypt), - None, + Some(CryptographicParameters { + cryptographic_algorithm: Some(CryptographicAlgorithm::CoverCrypt), + ..Default::default() + }), )?; let encrypt_response: KResult = test_utils::post(&app, &request).await; assert!(encrypt_response.is_err()); diff --git a/crate/server/src/tests/cover_crypt_tests/integration_tests_tags.rs b/crate/server/src/tests/cover_crypt_tests/integration_tests_tags.rs index 431efa9b0..00e499c0f 100644 --- a/crate/server/src/tests/cover_crypt_tests/integration_tests_tags.rs +++ b/crate/server/src/tests/cover_crypt_tests/integration_tests_tags.rs @@ -70,7 +70,6 @@ async fn test_re_key_with_tags() -> KResult<()> { None, Some(authentication_data.clone()), None, - None, )?; let encrypt_response: EncryptResponse = test_utils::post(&app, &request).await?; let _encrypted_data = encrypt_response @@ -133,7 +132,6 @@ async fn integration_tests_with_tags() -> KResult<()> { Some(header_metadata.clone()), Some(authentication_data.clone()), None, - None, )?; let encrypt_response: EncryptResponse = test_utils::post(&app, request).await?; @@ -158,7 +156,6 @@ async fn integration_tests_with_tags() -> KResult<()> { None, Some(authentication_data.clone()), None, - None, ); let decrypt_response: DecryptResponse = test_utils::post(&app, request).await?; @@ -186,7 +183,6 @@ async fn integration_tests_with_tags() -> KResult<()> { None, Some(authentication_data.clone()), None, - None, )?; let encrypt_response: EncryptResponse = test_utils::post(&app, &request).await?; let encrypted_data = encrypt_response @@ -219,7 +215,6 @@ async fn integration_tests_with_tags() -> KResult<()> { None, Some(authentication_data.clone()), None, - None, ); let decrypt_response: DecryptResponse = test_utils::post(&app, &request).await?; @@ -241,7 +236,6 @@ async fn integration_tests_with_tags() -> KResult<()> { None, Some(authentication_data.clone()), None, - None, ); let decrypt_response: DecryptResponse = test_utils::post(&app, &request).await?; @@ -293,7 +287,6 @@ async fn integration_tests_with_tags() -> KResult<()> { None, Some(authentication_data.clone()), None, - None, )?; let encrypt_response: EncryptResponse = test_utils::post(&app, &request).await?; let encrypted_data = encrypt_response @@ -308,7 +301,6 @@ async fn integration_tests_with_tags() -> KResult<()> { None, Some(authentication_data.clone()), None, - None, ); let post_ttlv_decrypt: KResult = test_utils::post(&app, &request).await; assert!(post_ttlv_decrypt.is_err()); @@ -321,7 +313,6 @@ async fn integration_tests_with_tags() -> KResult<()> { None, Some(authentication_data.clone()), None, - None, ); let decrypt_response: DecryptResponse = test_utils::post(&app, &request).await?; let decrypted_data: DecryptedData = decrypt_response diff --git a/crate/server/src/tests/cover_crypt_tests/unit_tests.rs b/crate/server/src/tests/cover_crypt_tests/unit_tests.rs index af9f644d6..0aa89be88 100644 --- a/crate/server/src/tests/cover_crypt_tests/unit_tests.rs +++ b/crate/server/src/tests/cover_crypt_tests/unit_tests.rs @@ -68,10 +68,7 @@ async fn test_cover_crypt_keys() -> KResult<()> { ) .await?; debug!(" -> response {:?}", cr); - let sk_uid = cr - .private_key_unique_identifier - .to_string() - .context("No private key uid as string in response")?; + let sk_uid = cr.private_key_unique_identifier.to_string(); // check the generated id is an UUID let sk_uid_ = Uuid::parse_str(&sk_uid).map_err(|e| KmsError::InvalidRequest(e.to_string()))?; assert_eq!(&sk_uid, &sk_uid_.to_string()); @@ -107,18 +104,9 @@ async fn test_cover_crypt_keys() -> KResult<()> { // get Public Key debug!("ABE Get Master Public Key"); - let pk_uid = cr - .public_key_unique_identifier - .to_string() - .context("No public key uid as string in response")?; + let pk_uid = cr.public_key_unique_identifier.to_string(); let gr_pk = kms.get(Get::from(pk_uid.as_str()), owner, None).await?; - assert_eq!( - pk_uid, - gr_pk - .unique_identifier - .to_string() - .context("No uid in response")? - ); + assert_eq!(pk_uid, gr_pk.unique_identifier.to_string()); assert_eq!(ObjectType::PublicKey, gr_pk.object_type); // check pk @@ -176,10 +164,7 @@ async fn test_cover_crypt_keys() -> KResult<()> { let cr = kms.create(request, owner, None).await?; debug!("Create Response for User Decryption Key {:?}", cr); - let usk_uid = cr - .unique_identifier - .to_string() - .context("No uid string in user response key")?; + let usk_uid = cr.unique_identifier.to_string(); // check the generated id is an UUID let usk_uid_ = Uuid::parse_str(&usk_uid).map_err(|e| KmsError::InvalidRequest(e.to_string()))?; @@ -209,10 +194,7 @@ async fn test_cover_crypt_keys() -> KResult<()> { let cr = kms.create(request, owner, None).await?; debug!("Create Response for User Decryption Key {:?}", cr); - let usk_uid = cr - .unique_identifier - .to_string() - .context("no string uid in user key")?; + let usk_uid = cr.unique_identifier.to_string(); // check the generated id is an UUID let usk_uid_ = Uuid::parse_str(&usk_uid).map_err(|e| KmsError::InvalidRequest(e.to_string()))?; @@ -302,7 +284,6 @@ async fn test_abe_encrypt_decrypt() -> KResult<()> { None, Some(confidential_authentication_data.clone()), None, - None, )?, owner, None, @@ -326,7 +307,6 @@ async fn test_abe_encrypt_decrypt() -> KResult<()> { None, Some(confidential_authentication_data.clone()), None, - None, )?, nonexistent_owner, None, @@ -347,7 +327,6 @@ async fn test_abe_encrypt_decrypt() -> KResult<()> { None, Some(secret_authentication_data.clone()), None, - None, )?, owner, None, @@ -371,7 +350,6 @@ async fn test_abe_encrypt_decrypt() -> KResult<()> { None, Some(secret_authentication_data.clone()), None, - None, )?, nonexistent_owner, None, @@ -407,7 +385,6 @@ async fn test_abe_encrypt_decrypt() -> KResult<()> { None, Some(confidential_authentication_data.clone()), None, - None, ), owner, None, @@ -434,7 +411,6 @@ async fn test_abe_encrypt_decrypt() -> KResult<()> { None, Some(confidential_authentication_data), None, - None, ), nonexistent_owner, None, @@ -452,7 +428,6 @@ async fn test_abe_encrypt_decrypt() -> KResult<()> { None, Some(secret_authentication_data.clone()), None, - None, ), owner, None, @@ -479,7 +454,6 @@ async fn test_abe_encrypt_decrypt() -> KResult<()> { None, Some(secret_authentication_data), None, - None, ), nonexistent_owner, None, @@ -523,10 +497,7 @@ async fn test_abe_json_access() -> KResult<()> { // create Key Pair let ckr = kms.create_key_pair(master_keypair, owner, None).await?; - let master_private_key_uid = ckr - .private_key_unique_identifier - .to_string() - .context("There should be a private key unique identifier in the response")?; + let master_private_key_uid = ckr.private_key_unique_identifier.to_string(); // define search criteria let search_attrs = Attributes { @@ -622,14 +593,8 @@ async fn test_import_decrypt() -> KResult<()> { ) .await?; debug!(" -> response {:?}", cr); - let sk_uid = cr - .private_key_unique_identifier - .to_string() - .context("There should be a private key unique identifier in the response")?; - let pk_uid = cr - .public_key_unique_identifier - .to_string() - .context("There should be a public key unique identifier in the response")?; + let sk_uid = cr.private_key_unique_identifier.to_string(); + let pk_uid = cr.public_key_unique_identifier.to_string(); // check the generated id is an UUID let sk_uid_ = Uuid::parse_str(&sk_uid).map_err(|e| KmsError::InvalidRequest(e.to_string()))?; @@ -648,7 +613,6 @@ async fn test_import_decrypt() -> KResult<()> { None, Some(confidential_authentication_data.clone()), None, - None, )?, owner, None, @@ -675,10 +639,7 @@ async fn test_import_decrypt() -> KResult<()> { None, ) .await?; - let secret_mkg_fin_user_key = cr - .unique_identifier - .to_string() - .context("There should be a unique identifier in the response as string")?; + let secret_mkg_fin_user_key = cr.unique_identifier.to_string(); // Retrieve the user key... let gr_sk = kms @@ -721,7 +682,6 @@ async fn test_import_decrypt() -> KResult<()> { None, Some(confidential_authentication_data.clone()), None, - None, ), owner, None, @@ -764,7 +724,6 @@ async fn test_import_decrypt() -> KResult<()> { None, Some(confidential_authentication_data.clone()), None, - None, ), owner, None, diff --git a/crate/server/src/tests/curve_25519_tests.rs b/crate/server/src/tests/curve_25519_tests.rs index 390c0360e..10fb80319 100644 --- a/crate/server/src/tests/curve_25519_tests.rs +++ b/crate/server/src/tests/curve_25519_tests.rs @@ -95,12 +95,7 @@ async fn test_curve_25519_key_pair() -> KResult<()> { assert_eq!(link.link_type, LinkType::PublicKeyLink); assert_eq!( link.linked_object_identifier, - LinkedObjectIdentifier::TextString( - response - .public_key_unique_identifier - .to_string() - .context("no string for the public_key_unique_identifier")? - ) + LinkedObjectIdentifier::TextString(response.public_key_unique_identifier.to_string()) ); // check public key @@ -154,12 +149,7 @@ async fn test_curve_25519_key_pair() -> KResult<()> { assert_eq!(link.link_type, LinkType::PrivateKeyLink); assert_eq!( link.linked_object_identifier, - LinkedObjectIdentifier::TextString( - response - .private_key_unique_identifier - .to_string() - .context("no string for the private_key_unique_identifier")? - ) + LinkedObjectIdentifier::TextString(response.private_key_unique_identifier.to_string()) ); // test import of public key let pk_bytes = pk.key_block()?.key_bytes()?; diff --git a/crate/server/src/tests/kmip_server_tests.rs b/crate/server/src/tests/kmip_server_tests.rs index 530850d75..b0c2b0796 100644 --- a/crate/server/src/tests/kmip_server_tests.rs +++ b/crate/server/src/tests/kmip_server_tests.rs @@ -99,12 +99,7 @@ async fn test_curve_25519_key_pair() -> KResult<()> { assert_eq!(link.link_type, LinkType::PublicKeyLink); assert_eq!( link.linked_object_identifier, - LinkedObjectIdentifier::TextString( - response - .public_key_unique_identifier - .to_string() - .context("no string for the public_key_unique_identifier")? - ) + LinkedObjectIdentifier::TextString(response.public_key_unique_identifier.to_string()) ); // check public key @@ -157,12 +152,7 @@ async fn test_curve_25519_key_pair() -> KResult<()> { assert_eq!(link.link_type, LinkType::PrivateKeyLink); assert_eq!( link.linked_object_identifier, - LinkedObjectIdentifier::TextString( - response - .private_key_unique_identifier - .to_string() - .context("no string for the private_key_unique_identifier")? - ) + LinkedObjectIdentifier::TextString(response.private_key_unique_identifier.to_string()) ); // test import of public key let pk_bytes = pk_key_block.key_bytes()?; diff --git a/crate/test_server/Cargo.toml b/crate/test_server/Cargo.toml index 5e6f367c7..c969693d6 100644 --- a/crate/test_server/Cargo.toml +++ b/crate/test_server/Cargo.toml @@ -1,7 +1,11 @@ [package] name = "kms_test_server" -version = "4.15.2" -edition = "2021" +version.workspace = true +authors.workspace = true +edition.workspace = true +license.workspace = true +repository.workspace = true +rust-version.workspace = true [lib] # doc test linking as a separate binary is extremely slow diff --git a/crate/test_server/certificates/generate_certs.sh b/crate/test_server/certificates/generate_certs.sh index 33bbddd54..004cbe160 100755 --- a/crate/test_server/certificates/generate_certs.sh +++ b/crate/test_server/certificates/generate_certs.sh @@ -18,7 +18,7 @@ openssl req -new -key kmserver.acme.com.key -subj "/C=FR/ST=IdF/L=Paris/O=AcmeTe # Generate certificate for kmserver.acme.com signed by our own CA openssl x509 -req -days 3650 -in kmserver.acme.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out kmserver.acme.com.crt -# Generate a PKCS12 file +# Generate a PKCS12 file openssl pkcs12 -export -out kmserver.acme.com.p12 -inkey kmserver.acme.com.key -in kmserver.acme.com.crt -certfile ca.crt -password pass:password @@ -33,7 +33,7 @@ openssl req -new -key owner.client.acme.com.key -subj "/C=FR/ST=IdF/L=Paris/O=Ac # Generate certificate for owner.client.acme.com signed by our own CA openssl x509 -req -days 3650 -in owner.client.acme.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out owner.client.acme.com.crt -# Generate a PKCS12 file +# Generate a PKCS12 file openssl pkcs12 -export -out owner.client.acme.com.p12 -inkey owner.client.acme.com.key -in owner.client.acme.com.crt -certfile ca.crt -password pass:password @@ -48,5 +48,5 @@ openssl req -new -key user.client.acme.com.key -subj "/C=FR/ST=IdF/L=Paris/O=Acm # Generate certificate for user.client.acme.com signed by our own CA openssl x509 -req -days 3650 -in user.client.acme.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out user.client.acme.com.crt -# Generate a PKCS12 file +# Generate a PKCS12 file openssl pkcs12 -export -out user.client.acme.com.p12 -inkey user.client.acme.com.key -in user.client.acme.com.crt -certfile ca.crt -password pass:password diff --git a/deny.toml b/deny.toml new file mode 100644 index 000000000..711f1631c --- /dev/null +++ b/deny.toml @@ -0,0 +1,252 @@ +# This template contains all of the possible sections and their default values + +# Note that all fields that take a lint level have these possible values: +# * deny - An error will be produced and the check will fail +# * warn - A warning will be produced, but the check will not fail +# * allow - No warning or error will be produced, though in some cases a note +# will be + +# The values provided in this template are the default values that will be used +# when any section or field is not specified in your own configuration + +# Root options + +# The graph table configures how the dependency graph is constructed and thus +# which crates the checks are performed against +[graph] +# If 1 or more target triples (and optionally, target_features) are specified, +# only the specified targets will be checked when running `cargo deny check`. +# This means, if a particular package is only ever used as a target specific +# dependency, such as, for example, the `nix` crate only being used via the +# `target_family = "unix"` configuration, that only having windows targets in +# this list would mean the nix crate, as well as any of its exclusive +# dependencies not shared by any other crates, would be ignored, as the target +# list here is effectively saying which targets you are building for. +targets = [ + # The triple can be any string, but only the target triples built in to + # rustc (as of 1.40) can be checked against actual config expressions + #"x86_64-unknown-linux-musl", + # You can also specify which target_features you promise are enabled for a + # particular target. target_features are currently not validated against + # the actual valid features supported by the target architecture. + #{ triple = "wasm32-unknown-unknown", features = ["atomics"] }, +] +# When creating the dependency graph used as the source of truth when checks are +# executed, this field can be used to prune crates from the graph, removing them +# from the view of cargo-deny. This is an extremely heavy hammer, as if a crate +# is pruned from the graph, all of its dependencies will also be pruned unless +# they are connected to another crate in the graph that hasn't been pruned, +# so it should be used with care. The identifiers are [Package ID Specifications] +# (https://doc.rust-lang.org/cargo/reference/pkgid-spec.html) +#exclude = [] +# If true, metadata will be collected with `--all-features`. Note that this can't +# be toggled off if true, if you want to conditionally enable `--all-features` it +# is recommended to pass `--all-features` on the cmd line instead +all-features = false +# If true, metadata will be collected with `--no-default-features`. The same +# caveat with `all-features` applies +no-default-features = false +# If set, these feature will be enabled when collecting metadata. If `--features` +# is specified on the cmd line they will take precedence over this option. +#features = [] + +# The output table provides options for how/if diagnostics are outputted +[output] +# When outputting inclusion graphs in diagnostics that include features, this +# option can be used to specify the depth at which feature edges will be added. +# This option is included since the graphs can be quite large and the addition +# of features from the crate(s) to all of the graph roots can be far too verbose. +# This option can be overridden via `--feature-depth` on the cmd line +feature-depth = 1 + +# This section is considered when running `cargo deny check advisories` +# More documentation for the advisories section can be found here: +# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html +[advisories] +# The path where the advisory databases are cloned/fetched into +#db-path = "$CARGO_HOME/advisory-dbs" +# The url(s) of the advisory databases to use +#db-urls = ["https://github.com/rustsec/advisory-db"] +# A list of advisory IDs to ignore. Note that ignored advisories will still +# output a note when they are encountered. +ignore = [ + "RUSTSEC-2020-0071", # crate time in 2 versions (one not upgradable)... + "RUSTSEC-2023-0006", # openssl-src + "RUSTSEC-2023-0007", # openssl-src + "RUSTSEC-2023-0009", # openssl-src + "RUSTSEC-2023-0010", # openssl-src + "RUSTSEC-2023-0018", # openssl-src + "RUSTSEC-2023-0034", # openssl-src + "RUSTSEC-2023-0071", # rsa + "RUSTSEC-2023-0079", # pqc-kyber + #{ id = "RUSTSEC-0000-0000", reason = "you can specify a reason the advisory is ignored" }, + #"a-crate-that-is-yanked@0.1.1", # you can also ignore yanked crate versions if you wish + #{ crate = "a-crate-that-is-yanked@0.1.1", reason = "you can specify why you are ignoring the yanked crate" }, +] +# If this is true, then cargo deny will use the git executable to fetch advisory database. +# If this is false, then it uses a built-in git library. +# Setting this to true can be helpful if you have special authentication requirements that cargo-deny does not support. +# See Git Authentication for more information about setting up git authentication. +#git-fetch-with-cli = true + +# This section is considered when running `cargo deny check licenses` +# More documentation for the licenses section can be found here: +# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html +[licenses] +# List of explicitly allowed licenses +# See https://spdx.org/licenses/ for list of possible licenses +# [possible values: any SPDX 3.11 short identifier (+ optional exception)]. +allow = [ + "MIT", + "Apache-2.0", + "Apache-2.0 WITH LLVM-exception", + "OpenSSL", + "ISC", + "Zlib", + "MPL-2.0", + "BSD-2-Clause", + "BSD-3-Clause", + "Unicode-DFS-2016", + "CC0-1.0", + "BUSL-1.1", +] +# The confidence threshold for detecting a license from license text. +# The higher the value, the more closely the license text must be to the +# canonical license text of a valid SPDX license file. +# [possible values: any between 0.0 and 1.0]. +confidence-threshold = 0.8 +# Allow 1 or more licenses on a per-crate basis, so that particular licenses +# aren't accepted for every possible crate as with the normal allow list +exceptions = [ + # Each entry is the crate and version constraint, and its specific allow + # list + #{ allow = ["Zlib"], crate = "adler32" }, +] + +# Some crates don't have (easily) machine readable licensing information, +# adding a clarification entry for it allows you to manually specify the +# licensing information +[[licenses.clarify]] +# The package spec the clarification applies to +crate = "ring" +# The SPDX expression for the license requirements of the crate +expression = "MIT AND ISC AND OpenSSL" +# One or more files in the crate's source used as the "source of truth" for +# the license expression. If the contents match, the clarification will be used +# when running the license check, otherwise the clarification will be ignored +# and the crate will be checked normally, which may produce warnings or errors +# depending on the rest of your configuration +license-files = [ + # Each entry is a crate relative path, and the (opaque) hash of its contents + { path = "LICENSE", hash = 0xbd0eed23 }, +] + +[licenses.private] +# If true, ignores workspace crates that aren't published, or are only +# published to private registries. +# To see how to mark a crate as unpublished (to the official registry), +# visit https://doc.rust-lang.org/cargo/reference/manifest.html#the-publish-field. +ignore = false +# One or more private registries that you might publish crates to, if a crate +# is only published to private registries, and ignore is true, the crate will +# not have its license(s) checked +registries = [ + #"https://sekretz.com/registry +] + +# This section is considered when running `cargo deny check bans`. +# More documentation about the 'bans' section can be found here: +# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html +[bans] +# Lint level for when multiple versions of the same crate are detected +multiple-versions = "warn" +# Lint level for when a crate version requirement is `*` +wildcards = "allow" +# The graph highlighting used when creating dotgraphs for crates +# with multiple versions +# * lowest-version - The path to the lowest versioned duplicate is highlighted +# * simplest-path - The path to the version with the fewest edges is highlighted +# * all - Both lowest-version and simplest-path are used +highlight = "all" +# The default lint level for `default` features for crates that are members of +# the workspace that is being checked. This can be overridden by allowing/denying +# `default` on a crate-by-crate basis if desired. +workspace-default-features = "allow" +# The default lint level for `default` features for external crates that are not +# members of the workspace. This can be overridden by allowing/denying `default` +# on a crate-by-crate basis if desired. +external-default-features = "allow" +# List of crates that are allowed. Use with care! +allow = [ + #"ansi_term@0.11.0", + #{ crate = "ansi_term@0.11.0", reason = "you can specify a reason it is allowed" }, +] +# List of crates to deny +deny = [ + #"ansi_term@0.11.0", + #{ crate = "ansi_term@0.11.0", reason = "you can specify a reason it is banned" }, + # Wrapper crates can optionally be specified to allow the crate when it + # is a direct dependency of the otherwise banned crate + #{ crate = "ansi_term@0.11.0", wrappers = ["this-crate-directly-depends-on-ansi_term"] }, +] + +# List of features to allow/deny +# Each entry the name of a crate and a version range. If version is +# not specified, all versions will be matched. +#[[bans.features]] +#crate = "reqwest" +# Features to not allow +#deny = ["json"] +# Features to allow +#allow = [ +# "rustls", +# "__rustls", +# "__tls", +# "hyper-rustls", +# "rustls", +# "rustls-pemfile", +# "rustls-tls-webpki-roots", +# "tokio-rustls", +# "webpki-roots", +#] +# If true, the allowed features must exactly match the enabled feature set. If +# this is set there is no point setting `deny` +#exact = true + +# Certain crates/versions that will be skipped when doing duplicate detection. +skip = [ + #"ansi_term@0.11.0", + #{ crate = "ansi_term@0.11.0", reason = "you can specify a reason why it can't be updated/removed" }, +] +# Similarly to `skip` allows you to skip certain crates during duplicate +# detection. Unlike skip, it also includes the entire tree of transitive +# dependencies starting at the specified crate, up to a certain depth, which is +# by default infinite. +skip-tree = [ + #"ansi_term@0.11.0", # will be skipped along with _all_ of its direct and transitive dependencies + #{ crate = "ansi_term@0.11.0", depth = 20 }, +] + +# This section is considered when running `cargo deny check sources`. +# More documentation about the 'sources' section can be found here: +# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html +[sources] +# Lint level for what to happen when a crate from a crate registry that is not +# in the allow list is encountered +unknown-registry = "warn" +# Lint level for what to happen when a crate from a git repository that is not +# in the allow list is encountered +unknown-git = "warn" +# List of URLs for allowed crate registries. Defaults to the crates.io index +# if not specified. If it is specified but empty, no registries are allowed. +allow-registry = ["https://github.com/rust-lang/crates.io-index"] +# List of URLs for allowed Git repositories +allow-git = [] + +[sources.allow-org] +# 1 or more github.com organizations to allow git sources for +github = [""] +# 1 or more gitlab.com organizations to allow git sources for +gitlab = [""] +# 1 or more bitbucket.org organizations to allow git sources for +bitbucket = [""] diff --git a/documentation/.gitignore b/documentation/.gitignore index 3340c843d..b6e866967 100644 --- a/documentation/.gitignore +++ b/documentation/.gitignore @@ -1,3 +1,3 @@ *.pd* /site -/venv \ No newline at end of file +/venv diff --git a/documentation/README.md b/documentation/README.md index 1e70731b8..3e355e676 100644 --- a/documentation/README.md +++ b/documentation/README.md @@ -34,7 +34,7 @@ brew install --cask homebrew/cask-fonts/font-noto-mono cd documentation python3 -m venv venv -source venv/bin/activate +source venv/bin/activate pip3 install pydoc-markdown git+https://github.com/twardoch/mkdocs-combine.git \ mkdocs-kroki-plugin mkdocs-meta-descriptions-plugin mkdocs-material mkdocs-mermaid2-plugin \ @@ -50,7 +50,7 @@ cd documentation/ # Run the server on all interfaces source venv/bin/activate -./venv/bin/mkdocs serve +mkdocs serve -a 0.0.0.0:8003 ``` Open a browser window at `http://[MACHINE_IP / LOCALHOST]:8003` @@ -80,4 +80,4 @@ WARNING: This is a BIG install ```sh # LateX sudo apt-get install texlive-full -``` \ No newline at end of file +``` diff --git a/documentation/docs/algorithms.md b/documentation/docs/algorithms.md index 00e9c7275..98a5f4d56 100644 --- a/documentation/docs/algorithms.md +++ b/documentation/docs/algorithms.md @@ -1,24 +1,31 @@ The Cosmian server supports a large, and growing, list of cryptographic algorithms. -This page lists the supported algorithms, their details and their reference in various standards. FIPS compliant +This page lists the supported algorithms, their details and their reference in various standards. +FIPS compliant algorithms are also listed with the corresponding NIST standard. -Keys and certificates for all the listed algorithms can be generated, imported, exported, wrapped, unwrapped... using -the Cosmian KMS server [API](./kmip_2_1/json_ttlv_api.md) or [command line interface tool](./cli/cli.md) +Keys and certificates for all the listed algorithms can be generated, imported, exported, wrapped, +unwrapped... using +the Cosmian KMS server [API](./kmip_2_1/json_ttlv_api.md) +or [command line interface tool](./cli/cli.md) -Should you require a specific algorithm or standard to be supported, please directly open a ticket or pull request on +Should you require a specific algorithm or standard to be supported, please directly open a ticket +or pull request on the [Github repository](https://github.com/Cosmian/kms). ## Key-wrapping schemes -The Cosmian server supports key-wrapping via the `Import`(unwrapping) and `Export` (wrapping) kmip operations. +The Cosmian server supports key-wrapping via the `Import`(unwrapping) and `Export` (wrapping) kmip +operations. The (un)wrapping key identifier may be that of a key or a certificate. -In the latter case, the public key (or the associated private key for unwrapping, if any) will be retrieved and used. +In the latter case, the public key (or the associated private key for unwrapping, if any) will be +retrieved and used. The supported key-wrapping algorithms are: | Algorithm | Wrap Key Type | FIPS mode | Description | |----------------------|--------------------------------------|---------------------|-----------------------------------------------------------------------------------------------------------------| | AES-KWP | Symmetric key wrapping | NIST SP 800-38F | Symmetric key-wrapping with padding as defined in [RFC5649](https://tools.ietf.org/html/rfc5649). | +| CKM_RSA_PKCS | RSA PKCS#1 v1.5 | Not anymore | RSA WITH PKCS#1 v1.5 padding - removed by NIST approved algorithms for key wrapping in FIPS 140-3 | | CKM_RSA_PKCS_OAEP | RSA key wrapping | NIST 800-56B rev. 2 | RSA OAEP with NIST approved hashing functions for RSA key size 2048, 3072 or 4096 bits. | | CKM_RSA_AES_KEY_WRAP | RSA-AES hybrid key wrapping | NIST SP 800-38F | RSA OAEP with NIST approved hashing functions and AES-KWP for RSA key size 2048, 3072 or 4096 bits. | | Salsa Sealed Box | X25519, Ed25519 and Salsa20 Poly1305 | No | ECIES compatible with libsodium [Sealed Boxes](https://doc.libsodium.org/public-key_cryptography/sealed_boxes). | @@ -28,42 +35,69 @@ The supported key-wrapping algorithms are: Encryption is supported via the `Encrypt` and `Decrypt` kmip operations. For bulk operations (i.e. encrypting/decrypting multiple data with the same key), -please refer to [KMIP Messages](kmip_2_1/messages.md) that allow combining multiple operations in a single request. +please refer to [KMIP Messages](kmip_2_1/messages.md) that allow combining multiple operations in a +single request. Encryption can be performed using a key or a certificate. Decryption can be performed using a key. The supported encryption algorithms are: -| Algorithm | Encryption Key Type | FIPS mode | Description | -|------------------------------|---------------------------------------------------------|-------------------------|--------------------------------------------------------------------------------------------------------------------------| -| Covercrypt | Covercrypt | No | A fast post-quantum attribute based scheme: [Covercrypt](https://github.com/Cosmian/cover_crypt). | -| AES-128-GCM
AES-256-GCM | Symmetric authenticated encryption with additional data | NIST FIPS 197 | The NIST standardized symmetric encryption in [FIPS 197](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197-upd1.pdf). | -| ChaCha20-Poly1305 | Symmetric authenticated encryption with additional data | No | A popular symmetric encryption algorithm standardised in [RFC-8439](https://www.rfc-editor.org/rfc/rfc8439) | -| CKM_RSA_PKCS_OAEP | RSA encryption | NIST 800-56B rev. 2 | RSA OAEP with NIST approved hashing functions for RSA key size 2048, 3072 or 4096 bits. | -| RSA OAEP AES 128 GCM | RSA-AES hybrid encryption | NIST SP 800-38F compat. | RSA OAEP NIST approved hashing functions and AES 128 GCM for RSA key size 2048, 3072 or 4096 bits. | -| Salsa Sealed Box | X25519, Ed25519 and Salsa20 Poly1305 | No | ECIES compatible with libsodium [Sealed Boxes](https://doc.libsodium.org/public-key_cryptography/sealed_boxes). | -| ECIES | P-192, P-224, P-256, P-384, P-521 | No | ECIES with a NIST curve and using SHAKE 128 and AES-128-GCM. | +| Algorithm | Encryption Key Type | FIPS mode | Description | +|------------------------------|---------------------------------------------------------|---------------------|--------------------------------------------------------------------------------------------------------------------------| +| Covercrypt | Covercrypt | No | A fast post-quantum attribute based scheme: [Covercrypt](https://github.com/Cosmian/cover_crypt). | +| AES-128-GCM
AES-256-GCM | Symmetric authenticated encryption with additional data | NIST FIPS 197 | The NIST standardized symmetric encryption in [FIPS 197](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197-upd1.pdf). | +| ChaCha20-Poly1305 | Symmetric authenticated encryption with additional data | No | A popular symmetric encryption algorithm standardised in [RFC-8439](https://www.rfc-editor.org/rfc/rfc8439) | +| CKM_RSA_PKCS | RSA PKCS#1 v1.5 | Not anymore | RSA WITH PKCS#1 v1.5 padding - removed by NIST approved algorithms for encryption in FIPS 140-3 | +| CKM_RSA_PKCS_OAEP | RSA encryption with OAEP paddding | NIST 800-56B rev. 2 | RSA OAEP with NIST approved hashing functions for RSA key size 2048, 3072 or 4096 bits. | +| Salsa Sealed Box | X25519, Ed25519 and Salsa20 Poly1305 | No | ECIES compatible with libsodium [Sealed Boxes](https://doc.libsodium.org/public-key_cryptography/sealed_boxes). | +| ECIES | P-192, P-224, P-256, P-384, P-521 | No | ECIES with a NIST curve and using SHAKE 128 and AES-128-GCM. | ## Algorithms Details ### Covercrypt -[Covercrypt](https://github.com/Cosmian/cover_crypt) is a new post-quantum cryptographic algorithm, being standardized at [ETSI](https://www.etsi.org/) that allows creating ciphertexts for a set of attributes and issuing user keys with access policies over these attributes. User keys are traceable with a unique fingerprint. +[Covercrypt](https://github.com/Cosmian/cover_crypt) is a new post-quantum cryptographic algorithm, +being standardized at [ETSI](https://www.etsi.org/) that allows creating ciphertexts for a set of +attributes and issuing user keys with access policies over these attributes. User keys are traceable +with a unique fingerprint. ### AES GCM -AES is described in [NIST FIPS 197](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf). In Cosmian KMS it is used as a data encryption mechanism (DEM) with the Galois Counter Mode of operation ([GCM](https://csrc.nist.gov/pubs/sp/800/38/d/final)) with a 96 bits nonce, a 128 bits tag with and key sizes of 128 or 256 bits. +AES is described in [NIST FIPS 197](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf). In +Cosmian KMS it is used as a data encryption mechanism (DEM) with the Galois Counter Mode of +operation ([GCM](https://csrc.nist.gov/pubs/sp/800/38/d/final)) with a 96 bits nonce, a 128 bits tag +with and key sizes of 128 or 256 bits. ### ChaCha20-Poly1305 -ChaCha20-Poly1305 is a symmetric authenticated encryption algorithm that is described in [RFC-8439](https://www.rfc-editor.org/rfc/rfc8439). The algorithm is not standardized by NIST but is a popular secure alternative to AES-GCM and is used in the same way, in particular by Google. +ChaCha20-Poly1305 is a symmetric authenticated encryption algorithm that is described +in [RFC-8439](https://www.rfc-editor.org/rfc/rfc8439). The algorithm is not standardized by NIST but +is a popular secure alternative to AES-GCM and is used in the same way, in particular by Google. ### AES-KWP -Allows to symmetrically wrap keys using [RFC5649](https://tools.ietf.org/html/rfc5649) which is also standardized as PKCS#11 CKM_AES_KEY_WRAP_PAD and described in [NIST SP 800-38F](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf). +Allows to symmetrically wrap keys using [RFC5649](https://tools.ietf.org/html/rfc5649) which is also +standardized as PKCS#11 CKM_AES_KEY_WRAP_PAD and described +in [NIST SP 800-38F](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf). + +### CKM_RSA_PKCS + +A.k.a PKCS #1 v1.5 RSA as specified in +[PKCS#11 v2.40](https://docs.oasis-open.org/pkcs11/pkcs11-curr/v3.0/os/pkcs11-curr-v3.0-os.html#_Toc30061135). + +The algorithm is not recommended by NIST for encryption or key wrapping in FIPS 140-3. It is still +supported for signature operations. + +The maximum plaintext length is `k-11` where `k` is the length in octets of the RSA modulus +The output length is the same as the modulus length. ### CKM_RSA_PKCS_OAEP -A.k.a PKCS #1 RSA OAEP as specified in [PKCS#11 v2.40](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226895). This scheme is part of the [NIST 800-56B rev. 2 recommendation](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Br2.pdf) available at section 7.2.2. + +A.k.a PKCS #1 RSA OAEP as specified +in [PKCS#11 v2.40](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226895). +This scheme is part of +the [NIST 800-56B rev. 2 recommendation](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Br2.pdf) +available at section 7.2.2. The maximum plaintext length is `k-2-2*hLen` where @@ -72,52 +106,72 @@ The maximum plaintext length is `k-2-2*hLen` where The output length is the same as the modulus length. -The default hash function is SHA-256 but any NIST approved hash functions can be used for the OAEP scheme as +The default hash function is SHA-256 but any NIST approved hash functions can be used for the OAEP +scheme as listed in -- [NIST FIPS 180-4](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf): SHA-1, SHA-224, SHA-256, SHA-384, +- [NIST FIPS 180-4](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf): SHA-1, SHA-224, + SHA-256, SHA-384, SHA-512 -- [NIST FIPS 202](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf): SHA3-224, SHA3-256, SHA3-384, +- [NIST FIPS 202](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf): SHA3-224, SHA3-256, + SHA3-384, SHA3-512 -Set the corresponding name of the hash function in the `Cryptographic Parameters` when performing a KMIP operation. +Set the corresponding name of the hash function in the `Cryptographic Parameters` when performing a +KMIP operation. -To request this algorithm using the KMIP `Encrypt/Decrypt` operation, or key-wrapping as part of the `Import/Export` +To request this algorithm using the KMIP `Encrypt/Decrypt` operation, or key-wrapping as part of +the `Import/Export` operations, specify the id/tags of an RSA key and set the `Cryptographic Algorithm` to `RSA`. - ### CKM_RSA_AES_KEY_WRAP + A PKCS#11 key wrapping mechanism that is supported by most HSMs. -The scheme asymmetrically wrap keys as described [here](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908) and allows wrapping keys of any size using using a hybrid RSA/AES scheme. +The scheme asymmetrically wrap keys as +described [here](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908) +and allows wrapping keys of any size using using a hybrid RSA/AES scheme. -Since old similar wrapping methods based on RSA used naive RSA encryption and could present some flaws, it aims at a generally more secure method to wrap keys: +Since old similar wrapping methods based on RSA used naive RSA encryption and could present some +flaws, it aims at a generally more secure method to wrap keys: - Receive data of the form `c|wk` where `|` is the concatenation operator. -Distinguish `c` and `wk`, respectively the encrypted `kek` and the wrapped key. First decrypt the key-encryption-key `kek` using RSA-OAEP, then proceed to unwrap the key by decrypting `m = dec(wk, kek)` using AES-KWP as specified in [RFC5649](https://tools.ietf.org/html/rfc5649). + Distinguish `c` and `wk`, respectively the encrypted `kek` and the wrapped key. First decrypt the + key-encryption-key `kek` using RSA-OAEP, then proceed to unwrap the key by + decrypting `m = dec(wk, kek)` using AES-KWP as specified + in [RFC5649](https://tools.ietf.org/html/rfc5649). -The algorithm can be used with any NIST approved hash function described above; set the corresponding value in the `Cryptographic Parameters` when performing a KMIP operation. +The algorithm can be used with any NIST approved hash function described above; set the +corresponding value in the `Cryptographic Parameters` when performing a KMIP operation. -To request this algorithm using key-wrapping as part of the `Import/Export` operations, specify the id of an RSA key as the key wrapping key and set the `Cryptographic Algorithm` to `AES`. +To request this algorithm using key-wrapping as part of the `Import/Export` operations, specify the +id of an RSA key as the key wrapping key and set the `Cryptographic Algorithm` to `AES`. This algorithm is compatible with the one used in Google KMS. - ### RSA OAEP AES 128 GCM -CKM_RSA_AES_KEY_WRAP can only be used for key wrapping and not for encryption. This scheme adds authentication by using AES 128 in Galois Counter Mode (GCM). Combined with RSA OAEP to encapsulate the AES key, this scheme is compatible with [NIST SP 800-38F](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf). -To request this algorithm using the KMIP `Encrypt/Decrypt` operation, specify the id/tags of an RSA key and set the `Cryptographic Algorithm` to `AES`. +CKM_RSA_AES_KEY_WRAP can only be used for key wrapping and not for encryption. This scheme adds +authentication by using AES 128 in Galois Counter Mode (GCM). Combined with RSA OAEP to encapsulate +the AES key, this scheme is compatible +with [NIST SP 800-38F](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf). +To request this algorithm using the KMIP `Encrypt/Decrypt` operation, specify the id/tags of an RSA +key and set the `Cryptographic Algorithm` to `AES`. ### Salsa sealed box + An ECIES scheme that uses X25519 and XSalsa20-Poly1305 and is compatible with libsodium [Sealed Boxes](https://doc.libsodium.org/public-key_cryptography/sealed_boxes). An Ed25519 key can be used; it will be automatically converted to X25519 first. - ### Ecies with NIST Curves -Although there is no specific FIPS standard for hybrid encryption, the ECIES encryption scheme is based on FIPS compliant cryptographic primitives only and uses the same algorithm as the Salsa Sealed Boxes. It supports the entire family of NIST P curves, with the exception of `P-192` in FIPS mode, and uses AES-128-GCM and SHAKE128 for curves with security strength $s \leq 128$ bits: + +Although there is no specific FIPS standard for hybrid encryption, the ECIES encryption scheme is +based on FIPS compliant cryptographic primitives only and uses the same algorithm as the Salsa +Sealed Boxes. It supports the entire family of NIST P curves, with the exception of `P-192` in FIPS +mode, and uses AES-128-GCM and SHAKE128 for curves with security strength $s \leq 128$ bits: - `P-192` - `P-224` @@ -129,65 +183,88 @@ and AES-256-GCM and SHAKE256 for curves with security strength $s > 128$ bits: - `P-512` ## Signature -Signature is only supported via the `Certify` operation, which is used to create a certificate either by signing a certificate request, or building it from an existing public key. -| Algorithm | Signature Key Type | FIPS mode | Description | -|-----------|------------------------------------------|------------------------------------------|---------------------------------------------------------------------------------------------------------------------------| +Signature is only supported via the `Certify` operation, which is used to create a certificate +either by signing a certificate request, or building it from an existing public key. + +| Algorithm | Signature Key Type | FIPS mode | Description | +|-----------|-------------------------------------------------------|---------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------| | ECDSA | P-192, P-224, P-256, P-384, P384, P-521, X25519, X448 | **Restricted** to curves P-224, P-256, P-384 and P-521. | See [FIPS-186.5](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf) and NIST.SP.800-186 - Section 3.1.2 table 2. | -| EdDSA | Ed25519, Ed448 | Yes | See [FIPS-186.5](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf). | +| EdDSA | Ed25519, Ed448 | Yes | See [FIPS-186.5](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf). | -- `ECDSA` performs digital signatures on elliptic curves `P-192`, `P-224`, `P-256`, `P-384`, `P-512`, `X25519` and `X448`. +- `ECDSA` performs digital signatures on elliptic + curves `P-192`, `P-224`, `P-256`, `P-384`, `P-512`, `X25519` and `X448`. - `EdDSA` performs digital signatures on Edwards curves `Ed25519` and `Ed448`. ## Password-based key derivation -The randomness of cryptographic keys is essential for the security of cryptographic applications. Sometimes, passwords may be the only input required from the users who are eligible to access the data. Due to the low entropy and possibly poor randomness of those passwords, they are not suitable to be used directly as cryptographic keys. The KMS addresses this problem by providing methods to derive a password into a secure cryptographic key. +The randomness of cryptographic keys is essential for the security of cryptographic applications. +Sometimes, passwords may be the only input required from the users who are eligible to access the +data. Due to the low entropy and possibly poor randomness of those passwords, they are not suitable +to be used directly as cryptographic keys. The KMS addresses this problem by providing methods to +derive a password into a secure cryptographic key. -In normal mode, passwords are derived using `Argon2` hash algorithm with a random 128-bit salt. Argon2 has the property of being computationally intensive making it significantly harder to crack by brute force only. +In normal mode, passwords are derived using `Argon2` hash algorithm with a random 128-bit salt. +Argon2 has the property of being computationally intensive making it significantly harder to crack +by brute force only. -In FIPS mode, passwords are derived using FIPS compliant `PBKDF2_HMAC` with `SHA512` and recommended 210,000 iterations by [OWASP](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2) which follows FIPS recommendations as well. An additional random 128-bit salt is used. +In FIPS mode, passwords are derived using FIPS compliant `PBKDF2_HMAC` with `SHA512` and recommended +210,000 iterations +by [OWASP](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2) +which follows FIPS recommendations as well. An additional random 128-bit salt is used. ## References -- NIST.FIPS.140-3, Implementation Guidance for FIPS 140-3 and the Cryptographic Module Validation Program, *August 1, +- NIST.FIPS.140-3, Implementation Guidance for FIPS 140-3 and the Cryptographic Module Validation + Program, *August 1, 2023* - General information and pointers to other NIST documents concerning the FIPS standard. - NIST.SP.800-186, Recommendations for Discrete Logarithm-based Cryptography: Elliptic Curve Domain Parameters, *February 2023* - - Recommended curves for specific usage (ECDH, ECDSA, EdDSA, ...) and associated security strength. Describes each + - Recommended curves for specific usage (ECDH, ECDSA, EdDSA, ...) and associated security + strength. Describes each curves parameters in details. -- NIST.SP.800-38F, Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping, *December 2012* +- NIST.SP.800-38F, Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping, + *December 2012* - Description of symmetric key wrapping using AES-KW and AES-KWP. Approving RFC 5649. - NIST.FIPS.800-132, Recommendation for Password-Based Key Derivation, *December 2010* - Description of low-entropy data derivation into secure master key. -- NIST.SP.800-56Cr2, Recommendation for Key-Derivation Methods in Key-Establishment Schemes, *August 2020* +- NIST.SP.800-56Cr2, Recommendation for Key-Derivation Methods in Key-Establishment Schemes, *August + 2020* - Description of high-entropy data derivation into secure master key. -- NIST.SP.800-131Ar2, Transitioning the Use of Cryptographic Algorithms and Key Lengths, *March 2019* - - Key length specification for different domain parameters, algorithms and cryptographic schemes. +- NIST.SP.800-131Ar2, Transitioning the Use of Cryptographic Algorithms and Key Lengths, *March + 2019* + - Key length specification for different domain parameters, algorithms and cryptographic + schemes. -- NIST.SP.800-56Ar3, Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography, +- NIST.SP.800-56Ar3, Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm + Cryptography, *April 2018* - General information on discrete logarithm parameters. -- NIST.SP.800-56Br2, Recommendation for Pair-Wise Key Establishment Using Integer Factorization Cryptography, *March +- NIST.SP.800-56Br2, Recommendation for Pair-Wise Key Establishment Using Integer Factorization + Cryptography, *March 2019* - - Information regarding RSA primitive specifications: key length, encryption, decryption and padding to use. + - Information regarding RSA primitive specifications: key length, encryption, decryption and + padding to use. - NIST.FIPS.180-4, Secure Hash Standard (SHS), *August 2015* - Specification regarding SHA family of hash functions. -- NIST.FIPS.202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, *August 2015* +- NIST.FIPS.202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, *August + 2015* - Specification for SHA3. - NIST.FIPS.186-5, Digital Signature Standard (DSS), *February 3, 2023* - Information on ECDSA, EdDSA and key generation. -- NIST.FIPS.800-135r1, Recommendation for Existing Application-Specific Key Derivation Functions, *December 2011* +- NIST.FIPS.800-135r1, Recommendation for Existing Application-Specific Key Derivation Functions, + *December 2011* - OpenSSL FIPS 140-2 Security Policy, *26 January 2023* - OpenSSL official documentation diff --git a/documentation/docs/authentication.md b/documentation/docs/authentication.md index 455491a1b..ee5bc07aa 100644 --- a/documentation/docs/authentication.md +++ b/documentation/docs/authentication.md @@ -35,7 +35,7 @@ must be provided in PEM format using the `--authority-cert-file` option. !!! info "Example client TLS authentication." ```sh - docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.15.2 \ + docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.16.0 \ --https-p12-file kms.server.p12 --https-p12-password password \ --authority-cert-file verifier.cert.pem ``` @@ -84,7 +84,7 @@ environment variables): server. ```sh - docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.15.2 \ + docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.16.0 \ --jwt-issuer-uri=https://accounts.google.com \ --jwks-uri=https://www.googleapis.com/oauth2/v3/certs \ --jwt-audience=cosmian_kms diff --git a/documentation/docs/cli/cli.md b/documentation/docs/cli/cli.md index c3b040cca..dfbb6bc71 100644 --- a/documentation/docs/cli/cli.md +++ b/documentation/docs/cli/cli.md @@ -4,7 +4,7 @@ client `ckms_gui`. !!! info "Download ckms and ckms_gui" Please download the latest versions for your Operating System from - the [Cosmian public packages repository](https://package.cosmian.com/kms/4.15.2/) + the [Cosmian public packages repository](https://package.cosmian.com/kms/4.16.0/) ## Configuring the clients diff --git a/documentation/docs/cli/main_commands.md b/documentation/docs/cli/main_commands.md index 1b0d9c48a..ac5672fe0 100644 --- a/documentation/docs/cli/main_commands.md +++ b/documentation/docs/cli/main_commands.md @@ -1112,17 +1112,15 @@ Manage RSA keys **`encrypt`** [[8.2]](#82-ckms-rsa-encrypt) Encrypt a file with the given public key using either + - `CKM_RSA_PKCS` a.k.a PKCS #1 RSA V1.5 as specified in PKCS#11 v2.40 - `CKM_RSA_PKCS_OAEP` a.k.a PKCS #1 RSA OAEP as specified in PKCS#11 v2.40 - - `RSA_OAEP` `AES_128_GCM` - -By default the hashing function used with RSA OAEP is set to SHA-256 + - `CKM_RSA_AES_KEY_WRAP` as specified in PKCS#11 v2.40 **`decrypt`** [[8.3]](#83-ckms-rsa-decrypt) Decrypt a file with the given public key using either + - `CKM_RSA_PKCS` a.k.a PKCS #1 RSA V1.5 as specified in PKCS#11 v2.40 - `CKM_RSA_PKCS_OAEP` a.k.a PKCS #1 RSA OAEP as specified in PKCS#11 v2.40 - - `RSA_OAEP` `AES_128_GCM` - -By default the hashing function used with RSA OAEP is set to SHA-256 + - `CKM_RSA_AES_KEY_WRAP` as specified in PKCS#11 v2.40 --- @@ -1285,10 +1283,9 @@ Destroy a public or private key Encrypt a file with the given public key using either + - `CKM_RSA_PKCS` a.k.a PKCS #1 RSA V1.5 as specified in PKCS#11 v2.40 - `CKM_RSA_PKCS_OAEP` a.k.a PKCS #1 RSA OAEP as specified in PKCS#11 v2.40 - - `RSA_OAEP` `AES_128_GCM` - -By default the hashing function used with RSA OAEP is set to SHA-256 + - `CKM_RSA_AES_KEY_WRAP` as specified in PKCS#11 v2.40 ### Usage `ckms rsa encrypt [options] @@ -1302,7 +1299,7 @@ By default the hashing function used with RSA OAEP is set to SHA-256 `--encryption-algorithm [-e] ` The encryption algorithm -Possible values: `"ckm-rsa-pkcs-oaep", "rsa-oaep-aes128-gcm"` [default: `"ckm-rsa-pkcs-oaep"`] +Possible values: `"ckm-rsa-pkcs", "ckm-rsa-pkcs-oaep", "ckm-rsa-aes-key-wrap"` [default: `"ckm-rsa-pkcs-oaep"`] `--hashing-algorithm [-s] ` The hashing algorithm @@ -1310,8 +1307,6 @@ Possible values: `"sha1", "sha224", "sha256", "sha384", "sha512", "sha3-224", " `--output-file [-o] ` The encrypted output file path -`--authentication-data [-a] ` Optional authentication data. This data needs to be provided back for decryption - --- @@ -1320,10 +1315,9 @@ Possible values: `"sha1", "sha224", "sha256", "sha384", "sha512", "sha3-224", " Decrypt a file with the given public key using either + - `CKM_RSA_PKCS` a.k.a PKCS #1 RSA V1.5 as specified in PKCS#11 v2.40 - `CKM_RSA_PKCS_OAEP` a.k.a PKCS #1 RSA OAEP as specified in PKCS#11 v2.40 - - `RSA_OAEP` `AES_128_GCM` - -By default the hashing function used with RSA OAEP is set to SHA-256 + - `CKM_RSA_AES_KEY_WRAP` as specified in PKCS#11 v2.40 ### Usage `ckms rsa decrypt [options] @@ -1337,7 +1331,7 @@ By default the hashing function used with RSA OAEP is set to SHA-256 `--encryption-algorithm [-e] ` The encryption algorithm -Possible values: `"ckm-rsa-pkcs-oaep", "rsa-oaep-aes128-gcm"` [default: `"ckm-rsa-pkcs-oaep"`] +Possible values: `"ckm-rsa-pkcs", "ckm-rsa-pkcs-oaep", "ckm-rsa-aes-key-wrap"` [default: `"ckm-rsa-pkcs-oaep"`] `--hashing-algorithm [-s] ` The hashing algorithm @@ -1345,8 +1339,6 @@ Possible values: `"sha1", "sha224", "sha256", "sha384", "sha512", "sha3-224", " `--output-file [-o] ` The encrypted output file path -`--authentication-data [-a] ` Optional authentication data that was supplied during encryption - @@ -1647,13 +1639,22 @@ Insert, get, list, enable, disabled and obliterate keypairs to Gmail API **`list`** [[14.1.2]](#1412-ckms-google-keypairs-list) Lists client-side encryption key pairs for a user. -**`insert`** [[14.1.3]](#1413-ckms-google-keypairs-insert) Creates and uploads a client-side encryption S/MIME public key certificate chain and private key metadata for a user. +**`insert`** [[14.1.3]](#1413-ckms-google-keypairs-insert) Creates and uploads a client-side encryption S/MIME public key certificate chain and private key +metadata for a user. -**`enable`** [[14.1.4]](#1414-ckms-google-keypairs-enable) Turns on a client-side encryption key pair that was turned off. The key pair becomes active again for any associated client-side encryption identities. +**`enable`** [[14.1.4]](#1414-ckms-google-keypairs-enable) Turns on a client-side encryption key pair that was turned off. The key pair becomes active +again for any associated client-side encryption identities. -**`disable`** [[14.1.5]](#1415-ckms-google-keypairs-disable) Turns off a client-side encryption key pair. The authenticated user can no longer use the key pair to decrypt incoming CSE message texts or sign outgoing CSE mail. To regain access, use the keypairs.enable to turn on the key pair. After 30 days, you can permanently delete the key pair by using the keypairs.obliterate method. +**`disable`** [[14.1.5]](#1415-ckms-google-keypairs-disable) Turns off a client-side encryption key pair. The authenticated user can no longer use the key +pair to decrypt incoming CSE message texts or sign outgoing CSE mail. To regain access, use the +keypairs.enable to turn on the key pair. After 30 days, you can permanently delete the key pair +by using the keypairs.obliterate method. -**`obliterate`** [[14.1.6]](#1416-ckms-google-keypairs-obliterate) Deletes a client-side encryption key pair permanently and immediately. You can only permanently delete key pairs that have been turned off for more than 30 days. To turn off a key pair, use the keypairs.disable method. Gmail can't restore or decrypt any messages that were encrypted by an obliterated key. Authenticated users and Google Workspace administrators lose access to reading the encrypted messages. +**`obliterate`** [[14.1.6]](#1416-ckms-google-keypairs-obliterate) Deletes a client-side encryption key pair permanently and immediately. You can only permanently +delete key pairs that have been turned off for more than 30 days. To turn off a key pair, use +the keypairs.disable method. Gmail can't restore or decrypt any messages that were encrypted by +an obliterated key. Authenticated users and Google Workspace administrators lose access to +reading the encrypted messages. --- @@ -1688,7 +1689,8 @@ Lists client-side encryption key pairs for a user. ## 14.1.3 ckms google keypairs insert -Creates and uploads a client-side encryption S/MIME public key certificate chain and private key metadata for a user. +Creates and uploads a client-side encryption S/MIME public key certificate chain and private key +metadata for a user. ### Usage `ckms google keypairs insert [options]` @@ -1705,7 +1707,8 @@ Creates and uploads a client-side encryption S/MIME public key certificate chain ## 14.1.4 ckms google keypairs enable -Turns on a client-side encryption key pair that was turned off. The key pair becomes active again for any associated client-side encryption identities. +Turns on a client-side encryption key pair that was turned off. The key pair becomes active +again for any associated client-side encryption identities. ### Usage `ckms google keypairs enable [options] @@ -1721,7 +1724,10 @@ Turns on a client-side encryption key pair that was turned off. The key pair bec ## 14.1.5 ckms google keypairs disable -Turns off a client-side encryption key pair. The authenticated user can no longer use the key pair to decrypt incoming CSE message texts or sign outgoing CSE mail. To regain access, use the keypairs.enable to turn on the key pair. After 30 days, you can permanently delete the key pair by using the keypairs.obliterate method. +Turns off a client-side encryption key pair. The authenticated user can no longer use the key +pair to decrypt incoming CSE message texts or sign outgoing CSE mail. To regain access, use the +keypairs.enable to turn on the key pair. After 30 days, you can permanently delete the key pair +by using the keypairs.obliterate method. ### Usage `ckms google keypairs disable [options] @@ -1737,7 +1743,11 @@ Turns off a client-side encryption key pair. The authenticated user can no longe ## 14.1.6 ckms google keypairs obliterate -Deletes a client-side encryption key pair permanently and immediately. You can only permanently delete key pairs that have been turned off for more than 30 days. To turn off a key pair, use the keypairs.disable method. Gmail can't restore or decrypt any messages that were encrypted by an obliterated key. Authenticated users and Google Workspace administrators lose access to reading the encrypted messages. +Deletes a client-side encryption key pair permanently and immediately. You can only permanently +delete key pairs that have been turned off for more than 30 days. To turn off a key pair, use +the keypairs.disable method. Gmail can't restore or decrypt any messages that were encrypted by +an obliterated key. Authenticated users and Google Workspace administrators lose access to +reading the encrypted messages. ### Usage `ckms google keypairs obliterate [options] @@ -1765,11 +1775,16 @@ Insert, get, list, patch and delete identities from Gmail API **`list`** [[14.2.2]](#1422-ckms-google-identities-list) Lists the client-side encrypted identities for an authenticated user. -**`insert`** [[14.2.3]](#1423-ckms-google-identities-insert) Creates and configures a client-side encryption identity that's authorized to send mail from the user account. Google publishes the S/MIME certificate to a shared domain-wide directory so that people within a Google Workspace organization can encrypt and send mail to the identity. +**`insert`** [[14.2.3]](#1423-ckms-google-identities-insert) Creates and configures a client-side encryption identity that's authorized to send mail from the +user account. Google publishes the S/MIME certificate to a shared domain-wide directory so that +people within a Google Workspace organization can encrypt and send mail to the identity. -**`delete`** [[14.2.4]](#1424-ckms-google-identities-delete) Deletes a client-side encryption identity. The authenticated user can no longer use the identity to send encrypted messages. You cannot restore the identity after you delete it. Instead, use the identities.create method to create another identity with the same configuration. +**`delete`** [[14.2.4]](#1424-ckms-google-identities-delete) Deletes a client-side encryption identity. The authenticated user can no longer use the identity +to send encrypted messages. You cannot restore the identity after you delete it. Instead, use +the identities.create method to create another identity with the same configuration. -**`patch`** [[14.2.5]](#1425-ckms-google-identities-patch) Associates a different key pair with an existing client-side encryption identity. The updated key pair must validate against Google's S/MIME certificate profiles. +**`patch`** [[14.2.5]](#1425-ckms-google-identities-patch) Associates a different key pair with an existing client-side encryption identity. The updated +key pair must validate against Google's S/MIME certificate profiles. --- @@ -1801,7 +1816,9 @@ Lists the client-side encrypted identities for an authenticated user. ## 14.2.3 ckms google identities insert -Creates and configures a client-side encryption identity that's authorized to send mail from the user account. Google publishes the S/MIME certificate to a shared domain-wide directory so that people within a Google Workspace organization can encrypt and send mail to the identity. +Creates and configures a client-side encryption identity that's authorized to send mail from the +user account. Google publishes the S/MIME certificate to a shared domain-wide directory so that +people within a Google Workspace organization can encrypt and send mail to the identity. ### Usage `ckms google identities insert [options] @@ -1817,7 +1834,9 @@ Creates and configures a client-side encryption identity that's authorized to se ## 14.2.4 ckms google identities delete -Deletes a client-side encryption identity. The authenticated user can no longer use the identity to send encrypted messages. You cannot restore the identity after you delete it. Instead, use the identities.create method to create another identity with the same configuration. +Deletes a client-side encryption identity. The authenticated user can no longer use the identity +to send encrypted messages. You cannot restore the identity after you delete it. Instead, use +the identities.create method to create another identity with the same configuration. ### Usage `ckms google identities delete [options]` @@ -1830,7 +1849,8 @@ Deletes a client-side encryption identity. The authenticated user can no longer ## 14.2.5 ckms google identities patch -Associates a different key pair with an existing client-side encryption identity. The updated key pair must validate against Google's S/MIME certificate profiles. +Associates a different key pair with an existing client-side encryption identity. The updated +key pair must validate against Google's S/MIME certificate profiles. ### Usage `ckms google identities patch [options] diff --git a/documentation/docs/google_cse/google_cse.md b/documentation/docs/google_cse/google_cse.md index c774955d6..e94aafc6f 100644 --- a/documentation/docs/google_cse/google_cse.md +++ b/documentation/docs/google_cse/google_cse.md @@ -44,7 +44,7 @@ Assuming Google is the Identity Provider, the KMS should be started with the fol For example, if you are using the docker image, you can run the following command: ```sh -docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.15.2 \ +docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.16.0 \ --jwt-issuer-uri=https://accounts.google.com \ --jwks-uri=https://www.googleapis.com/oauth2/v3/certs \ --google-cse-kacls-url=https://cse.example.com/google_cse @@ -73,7 +73,7 @@ Finalize the configuration. The Client Side Encryption page should now show the For example, if you are using the docker image, you can run the following command: ```sh -docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.15.2 \ +docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.16.0 \ --jwt-issuer-uri=https://gsuitecse-tokenissuer-drive@system.gserviceaccount.com \ --jwks-uri=https://www.googleapis.com/service_accounts/v1/jwk/gsuitecse-tokenissuer-drive@system.gserviceaccount.com \ --jwt-audience=cse-authorization diff --git a/documentation/docs/high_availability_mode.md b/documentation/docs/high_availability_mode.md index 5d109d97b..0514a66bc 100644 --- a/documentation/docs/high_availability_mode.md +++ b/documentation/docs/high_availability_mode.md @@ -46,7 +46,7 @@ e.g. ```sh docker run --rm -p 9998:9998 \ - --name kms ghcr.io/cosmian/kms:4.15.2 \ + --name kms ghcr.io/cosmian/kms:4.16.0 \ --database-type=postgresql \ --database-url=postgres://kms_user:kms_password@pgsql-server:5432/kms @@ -61,7 +61,7 @@ Example: ```sh docker run --rm -p 9998:9998 \ - --name kms ghcr.io/cosmian/kms:4.15.2 \ + --name kms ghcr.io/cosmian/kms:4.16.0 \ --database-type=redis-findex \ --database-url=redis://localhost:6379 \ --redis-master-password password \ @@ -98,7 +98,7 @@ Say the certificate is called `cert.p12` and is in a directory called `/certific ```sh docker run --rm -p 9998:9998 \ - --name kms ghcr.io/cosmian/kms:4.15.2 \ + --name kms ghcr.io/cosmian/kms:4.16.0 \ -v /certificate/cert.p12:/root/cosmian-kms/cert.p12 \ --database-type=mysql \ --database-url=mysql://mysql_server:3306/kms \ diff --git a/documentation/docs/index.md b/documentation/docs/index.md index 213cf0278..2fd09c625 100644 --- a/documentation/docs/index.md +++ b/documentation/docs/index.md @@ -18,7 +18,7 @@ and an application-level encrypted database indexed with Findex. inside the container, simply run the following command: ```sh - docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.15.2 + docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.16.0 ``` Check the Cosmian KMS server version @@ -27,7 +27,7 @@ and an application-level encrypted database indexed with Findex. curl http://localhost:9998/version ``` - Alternatively KMS binaries are also available on [Cosmian packages](https://package.cosmian.com/kms/4.15.2/). + Alternatively KMS binaries are also available on [Cosmian packages](https://package.cosmian.com/kms/4.16.0/). @@ -36,7 +36,7 @@ and an application-level encrypted database indexed with Findex. - [Supports Google Workspace Client Side Encryption](#supports-google-workspace-client-side-encryption) - [Supports Microsoft Double Key Encryption](#supports-microsoft-double-key-encryption) - [FIPS Mode](#fips-mode) -- [PKCS11 provider support for Veracrypt](#pkcs11-provider-support-for-veracrypt) +- [Veracrypt and LUKS disk encryption support](#veracrypt-and-luks-disk-encryption-support) - [State-of-the-art authentication](#state-of-the-art-authentication) - [High-availability and databases](#high-availability-and-databases) - [Designed to securely run in the Cloud or other Zero-Trust environments](#designed-to-securely-run-in-the-cloud-or-other-zero-trust-environments) @@ -86,11 +86,11 @@ In this mode, the server is only built with FIPS 140-2 validated cryptographic l cryptographic operations are performed in a FIPS 140-2 validated mode. -#### PKCS11 provider support for Veracrypt +#### Veracrypt and LUKS disk encryption support -The KMS server can be used as a PKCS#11 provider for Veracrypt and provide keys on the fly to mount -encrypted volumes. -Check the [Veracrypt Disk Encryption](./veracrypt/veracrypt.md) page for details. +The KMS server can provide keys on the fly to mount LUKS and Veracrypt encrypted volumes using +its PKCS#11 module. With LUKS, the decryption key never leaves the KMS server. +Check the [Veracrypt](./pkcs11/veracrypt.md) and [LUKS](./pkcs11/luks.md) pages for details. #### State-of-the-art authentication @@ -154,7 +154,7 @@ The KMS server is available as a Docker image on the [Cosmian public Docker repository](https://github.com/Cosmian/kms/pkgs/container/kms). Raw binaries for multiple operating systems are also available on -the [Cosmian public packages repository](https://package.cosmian.com/kms/4.15.2/) +the [Cosmian public packages repository](https://package.cosmian.com/kms/4.16.0/) #### Integrated with Cloudproof libraries @@ -176,7 +176,7 @@ Just like the [`ckms` Command Line Interface](./cli/cli.md), the KMS server has system that can be accessed using the `--help` command line option. ```sh -docker run --rm ghcr.io/cosmian/kms:4.15.2 --help +docker run --rm ghcr.io/cosmian/kms:4.16.0 --help ``` The options are enabled on the docker command line or using the environment variables listed in the diff --git a/documentation/docs/veracrypt/images/Veracrypt-library-loading.png b/documentation/docs/pkcs11/images/Veracrypt-library-loading.png similarity index 100% rename from documentation/docs/veracrypt/images/Veracrypt-library-loading.png rename to documentation/docs/pkcs11/images/Veracrypt-library-loading.png diff --git a/documentation/docs/veracrypt/images/Veracrypt-select-token-1.png b/documentation/docs/pkcs11/images/Veracrypt-select-token-1.png similarity index 100% rename from documentation/docs/veracrypt/images/Veracrypt-select-token-1.png rename to documentation/docs/pkcs11/images/Veracrypt-select-token-1.png diff --git a/documentation/docs/veracrypt/images/Veracrypt-select-token-2.png b/documentation/docs/pkcs11/images/Veracrypt-select-token-2.png similarity index 100% rename from documentation/docs/veracrypt/images/Veracrypt-select-token-2.png rename to documentation/docs/pkcs11/images/Veracrypt-select-token-2.png diff --git a/documentation/docs/veracrypt/images/Veracrypt-select-token-3.png b/documentation/docs/pkcs11/images/Veracrypt-select-token-3.png similarity index 100% rename from documentation/docs/veracrypt/images/Veracrypt-select-token-3.png rename to documentation/docs/pkcs11/images/Veracrypt-select-token-3.png diff --git a/crate/pkcs11/documentation/veracrypt_ckms.svg b/documentation/docs/pkcs11/images/veracrypt_ckms.svg similarity index 100% rename from crate/pkcs11/documentation/veracrypt_ckms.svg rename to documentation/docs/pkcs11/images/veracrypt_ckms.svg diff --git a/documentation/docs/pkcs11/luks.md b/documentation/docs/pkcs11/luks.md new file mode 100644 index 000000000..f315a5455 --- /dev/null +++ b/documentation/docs/pkcs11/luks.md @@ -0,0 +1,403 @@ +The Cosmian KMS can provision secrets to open +[Linux LUKS](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup) encrypted partitions. The +secret never leaves the KMS and can be used to unlock the partition at boot time. + +## Installing p11-kit and the Cosmian KMS PKCS#11 module + +The Cosmian KMS provides a PKCS#11 module that can be used to access the KMS from applications that +support PKCS#11, using the `p11-kit` framework. + +With LUKS, the system provided `systemd-cryptenroll` command +must have support for `p11-kit` which you can check by running `systemd-cryptenroll --help` and +checking for the `+P11KIT` flag. + +```bash +❯ systemd-cryptenroll --version + +systemd 253 (253.5-1ubuntu6.1) ++PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL ++ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY ++P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT +default-hierarchy=unified +``` + +Unfortunately, Ubuntu 22.04 does not provide p11-kit support, however the setup works fine for +Ubuntu 23.10. + +#### 1. Install the `p11-kit` package. + +*Ubuntu 23.10* + +```bash +sudo apt install p11-kit +``` + +*RHEL 9* + +```bash +sudo dnf install p11-kit +``` + +#### 2. Create the PKCS#11 configuration and module directories + +```bash +sudo mkdir -p /etc/pkcs11/modules +``` + +#### 3. Create a configuration file for the PKCS#11 module. + +```bash +sudo tee /etc/pkcs11/pkcs11.conf < p11-kit list-modules + +... +ckms_pkcs11: /usr/local/lib/libckms_pkcs11.so + library-description: Cosmian KMS PKCS#11 provider + library-manufacturer: Cosmian + library-version: x.y + token: Cosmian-KMS + manufacturer: Cosmian + model: software + serial-number: x.y.z + flags: + rng + write-protected + login-required + user-pin-initialized + protected-authentication-path + token-initialized + +``` + +## Configuring the access to the KMS + +The PKCS#11 module uses the same configuration file as the [CLI](../cli/cli.md#configuration). +Since it may be run as a system user, the configuration file should be made available +in `/etc/cosmian/kms.json`. + +See [Authenticating users to the KMS](../authentication.md) to learn +how to configure the KMS to use Open ID connect or certificate authentication. + +Here is an example configuration file for the PKCS#11 provider library accessing the KMS using a +PKCS#12 file for authentication. + +```json +{ + "kms_server_url": "https://kms.acme.com:9999", + "ssl_client_pkcs12_path": "./certificates/machine123.acme.p12", + "ssl_client_pkcs12_password": "machine123_pkcs12_password" +} +``` + +To use Open ID connect, install the `ckms` CLI from +[Cosmian packages](https://package.cosmian.com/kms/) and +use the `ckms login` command to authenticate to the KMS first. + +## Creating an RSA key pair using openssl and importing it into the Cosmian KMS + +To generate a self-signed certificate with RSA 2048bit key and in PKCS12 format, you can use the +OpenSSL command-line tool. Here are the steps: + +#### 1. Generate a new private key: + +```bash +openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048 +``` + +#### 2. Create a self-signed certificate: + +```bash +openssl req -new -x509 -key private_key.pem -out cert.pem -days 365 +``` + +#### 3. Convert the certificate and private key to PKCS12 format: + +```bash +openssl pkcs12 -export -out certificate.p12 -inkey private_key.pem -in cert.pem +``` + +#### 4. Import the PKCS12 file into the Cosmian KMS using a `disk-encryption` tag + +```bash +ckms certificates import -f pkcs12 -t disk-encryption certificate.p12 + +The private key in the PKCS12 file was imported with id: 6fc631... +Tags: + - disk-encryption +``` + +A tag different from `disk-encryption` can be used, but it must be set in the +in the `COSMIAN_PKCS11_DISK_ENCRYPTION_TAG` environment variable when enrolling the token (sse +below). + +## Creating a LUKS partition + +First allocate some space then create a LUKS partition using `cryptsetup`. + +#### 1. Allocating space for the LUKS partition + +LUKS partitions can be created either from disk paritions or from a file. + +##### From a file + +Use either `dd` or `fallocate` to create a file that will be used as the LUKS partition. + +```bash +# Create a 1GB file +fallocate -l 1G /path/to/file +``` + +Then use `path/to/file` as the device to encrypt. + +##### From a disk partition + +Using `parted`, determine or create a partition on the disk that you want to encrypt. +In this example, we assume the disk is available as `/dev/vda`. + +If needed, use `parted`to resize the last partition and create free space at the end of the disk. + +```bash +sudo parted /dev/vda +(parted) print free +Number Start End Size File system Name Flags + 17.4kB 1049kB 1031kB Free Space + 1 1049kB 1128MB 1127MB fat32 boot, esp + 2 1128MB 3276MB 2147MB ext4 + 3 3276MB 102GB 98.7GB + 102GB 103GB 1079MB Free Space +``` + +Make a 4th partition `/dev/vda4` from the free space at the end. + +```bash +(parted) mkpart 4 102GB 103GB +``` + +#### 2. Creating a LUKS 2 partition on the allocated space + +Enter a passphrase to protect the partition when prompted. +The encrypted passphrase will be stored in the LUKS header in key slot 0. + +```bash +sudo cryptsetup luksFormat --type luks2 --key-slot 0 /dev/vda4 +``` + +Make sure to remember the passphrase, as it will be needed to unlock the partition +during `cryptenroll` or when rotating the RSA keys. + +## Enrolling the LUKS partition with the Cosmian KMS + +Logging of the PKCS#11 module is controlled by the `CKMS_PKCS11_LOGGING_LEVEL` environment variable. +The logging level can be set to `trace`, `debug`, `info`, `warn`, or `error` and defaults to `info` +when not set. + +The RSA key pair is searched opn the KMS using a tag controlled by +the `COSMIAN_PKCS11_DISK_ENCRYPTION_TAG` environment variable. +When not set, the default tag searched is `disk-encryption`. + +#### 1. Verify that Cosmian-KMS token is available for the partition + +```bash +> sudo systemd-cryptenroll /dev/vda4 --pkcs11-token-uri=list + +URI LABEL MANUFACTURER MODEL +pkcs11:model=software;manufacturer=Cosmian;serial=x.y.z;token=Cosmian-KMS Cosmian-KMS Cosmian software +``` + +#### 2. Enroll the partition with the Cosmian KMS + +```bash +# this is equivalent to +# sudo COSMIAN_PKCS11_LOGGING_LEVEL=info COSMIAN_PKCS11_DISK_ENCRYPTION_TAG=disk-encryption systemd-cryptenroll /dev/vda4 --pkcs11-token-uri=pkcs11:token=Cosmian-KMS +> sudo systemd-cryptenroll /dev/vda4 --pkcs11-token-uri=pkcs11:token=Cosmian-KMS + +🔐 Please enter current passphrase for disk /dev/vda4: ************* +ckms-pkcs11 module logging at INFO level to file /var/log/ckms-pkcs11.log +Successfully logged into security token 'Cosmian-KMS' via protected authentication path. +New PKCS#11 token enrolled as key slot 1. +``` + +#### 3. Verify the enrollment + +```bash + > sudo cryptsetup luksDump /dev/vda4 + +LUKS header information +Version: 2 +Epoch: 5 +... +Keyslots: + 0: luks2 + .... + 1: luks2 + Key: 512 bits + Priority: normal + Cipher: aes-xts-plain64 + Cipher key: 512 bits + PBKDF: pbkdf2 + Hash: sha512 + ... + + +Tokens: + 0: systemd-pkcs11 + pkcs11-uri: pkcs11:token=Cosmian-KMS + pkcs11-key: 0b 94 e0 ... +... +``` + +#### 4. Test attaching the LUKS partition to `/dev/mapper/myluks` using the Cosmian-KMS token in slot 0 + + ```bash + > sudo cryptsetup open --type luks2 --token-id=0 --token-only /dev/vda4 myluks + + ckms-pkcs11 module logging at INFO level to file /var/log/ckms-pkcs11.log + Successfully logged into security token 'Cosmian-KMS' via protected authentication path. + Successfully decrypted key with security token. + ``` + +#### 5. Format the LUKS partition (do this only once) + +```bash +sudo mkfs.ext4 /dev/mapper/myluks +``` + +#### 6. Mount the partition + +```bash +sudo mkdir /mnt/myluks #only once +sudo mount /dev/mapper/myluks /mnt/myluks +``` + +#### 7. Close the LUKS partition + +```bash +sudo umount /mnt/myluks +sudo cryptsetup close myluks +``` + +## Automatically unlocking the LUKS partition at boot + +To automatically unlock the LUKS partition at boot, you cannot use the `/etc/crypttab` file +because the network is not available when `systemd-cyptsetup` is run. + +You need to create a systemd service that unlocks the LUKS partition at the right time, after the +network is available. + +#### 1. Create the bash script that unlocks and mounts the partition + +```bash +sudo tee -a /root/mount_myluks.sh < sudo systemctl enable mount_myluks.service + +Created symlink /etc/systemd/system/multi-user.target.wants/mount_myluks.service → /etc/systemd/system/mount_myluks.service. +``` + +```bash +sudo systemctl daemon-reload +``` + +#### 4. Reboot the machine to test the service + +```bash +sudo reboot +``` + +The LUKS partition should be automatically unlocked and mounted at boot to `/mnt/myluks`. +Check `dmesg`, and `/var/log/ckms-pkcs11.log` for any errors. + +## Rotating the keys + +To rotate the keys used to encrypt the LUKS partition, you can generate a new key pair and import it +into the Cosmian KMS. + +Then, you can re-enroll the LUKS partition with the new key. You MUST know the passphrase to +perform this operation. + +#### 1. Wipe the old key from the LUKS partition + +```bash +sudo systemd-cryptenroll /dev/vda4 --wipe-slot=pkcs11 + +Wiped slot 1. +``` + +#### 2. Revoke the old key from the Cosmian KMS + +```bash +ckms certificates revoke -k 6fc631... "revoked" + +Successfully revoked: 6fc631.... +``` + +#### 3. Follow the steps to generate a new key pair and import it into the Cosmian KMS. + +#### 4. Enroll the LUKS partition with the new key; you will be prompted for the passphrase + +## External documentation + +- [cryptsetup](https://www.man7.org/linux/man-pages/man8/cryptsetup.8.html) +- [systemd-cryptenroll](https://www.man7.org/linux/man-pages/man1/systemd-cryptenroll.1.html) +- [p11-kit](https://p11-glue.github.io/p11-glue/p11-kit.html) diff --git a/documentation/docs/veracrypt/veracrypt.md b/documentation/docs/pkcs11/veracrypt.md similarity index 84% rename from documentation/docs/veracrypt/veracrypt.md rename to documentation/docs/pkcs11/veracrypt.md index 6374a78a4..f45773681 100644 --- a/documentation/docs/veracrypt/veracrypt.md +++ b/documentation/docs/pkcs11/veracrypt.md @@ -8,6 +8,8 @@ formal security evaluation from BSI. Using the Cosmian KMS PKCS#11 provider library, Veracrypt can use keys stored in the KMS to encrypt and decrypt volumes. +![Veracrypt-ckms](./images/veracrypt_ckms.svg) + ## Installing the PKCS#11 provider library on Veracrypt Go to Veracrypt `Settings > Security Tokens` and use the `Select Library...` @@ -18,18 +20,10 @@ Then click `OK`. ## Configuring access to the KMS -The PKCS#11 provider library uses the same configuration file as the [CLI](../cli/cli.md), -and authentication to the KMS is done using the same mechanisms (certificates, JWT tokens, none). - -Authentication of the machine to the KMS is likely to be done using a PKCS#12 file. -The path to the PKCS#12 file and its password should be set in the configuration file. +The PKCS#11 provider library uses the same configuration file as the [CLI](../cli/cli.md#configuration). -The `Common Name` of the certificate in the PKCS#12 file will be used as the -username to authenticate the machine to the KMS and fetch the corresponding key. - -See -[Authenticating users to the KMS](../authentication.md#authenticating-using-tls-client-certificates) -to learn how to configure the KMS to use certificate authentication (please note that the KMS can +See [Authenticating users to the KMS](../authentication.md#using-tls-client-certificates) to learn how to configure the +KMS to use Open ID connect or certificate authentication (please note that the KMS can also manage the machines certificates). Here is an example configuration file for the PKCS#11 provider library accessing the KMS using a @@ -43,6 +37,9 @@ PKCS#12 file for authentication. } ``` +To use Open ID connect, install the `ckms` CLI from https://package.cosmian.com/kms/ and +use the `ckms login` command to authenticate to the KMS first. + ## Creating keys to use with Veracrypt The keys used to encrypt Veracrypt volumes are created in the KMS as Symmetric Keys and must diff --git a/documentation/docs/single_server_mode.md b/documentation/docs/single_server_mode.md index 39e02f046..adb9f2e5b 100644 --- a/documentation/docs/single_server_mode.md +++ b/documentation/docs/single_server_mode.md @@ -16,7 +16,7 @@ protected during operation by running the server inside an enclave. Ask Cosmian To run in single server mode, using the defaults, run the container as follows: ```sh -docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.15.2 +docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.16.0 ``` The KMS will be available on `http://localhost:9998`, and the server will store its data inside the @@ -30,7 +30,7 @@ directory or a Docker volume, e.g. with a volume named `cosmian-kms`: ```sh docker run --rm -p 9998:9998 \ -v cosmian-kms:/root/cosmian-kms/sqlite-data \ - --name kms ghcr.io/cosmian/kms:4.15.2 + --name kms ghcr.io/cosmian/kms:4.16.0 ``` ### Using client-side encrypted databases @@ -41,7 +41,7 @@ To start the KMS server with a client-side encrypted SQLite databases, pass the ```sh docker run --rm -p 9998:9998 \ -v cosmian-kms:/root/cosmian-kms/sqlite-data \ - --name kms ghcr.io/cosmian/kms:4.15.2 \ + --name kms ghcr.io/cosmian/kms:4.16.0 \ --database-type=sqlite-enc ``` diff --git a/documentation/docs/tls.md b/documentation/docs/tls.md index 6691da9b5..6fc615f4d 100644 --- a/documentation/docs/tls.md +++ b/documentation/docs/tls.md @@ -23,7 +23,7 @@ Say the certificate is called `server.mydomain.com.p12`, is protected by the pas ```sh docker run --rm -p 443:9998 \ -v /certificate/server.mydomain.com.p12:/root/cosmian-kms/server.mydomain.com.p12 \ - --name kms ghcr.io/cosmian/kms:4.15.2 \ + --name kms ghcr.io/cosmian/kms:4.16.0 \ --database-type=mysql \ --database-url=mysql://mysql_server:3306/kms \ --https-p12-file=server.mydomain.com.p12 \ diff --git a/documentation/mkdocs.yml b/documentation/mkdocs.yml index 2178a6d95..6ae57a3ed 100644 --- a/documentation/mkdocs.yml +++ b/documentation/mkdocs.yml @@ -87,5 +87,7 @@ nav: - Setting up a well-known file web server: google_cse/configuring-the-well-known-server.md - Configuring the well-known file: google_cse/configuring-the-well-known-file.md - Microsoft Double Key Encryption (DKE): ms_dke/ms_dke.md - - Veracrypt Disk Encryption: veracrypt/veracrypt.md + - Disk Encryption: + - Veracrypt: pkcs11/veracrypt.md + - LUKS: pkcs11/luks.md - Zeroization: zeroization.md diff --git a/documentation/theme_overrides/assets/stylesheets/extra.css b/documentation/theme_overrides/assets/stylesheets/extra.css index 21cce5764..aece3db85 100644 --- a/documentation/theme_overrides/assets/stylesheets/extra.css +++ b/documentation/theme_overrides/assets/stylesheets/extra.css @@ -258,7 +258,7 @@ code, } .md-sidebar--primary .md-nav__item { - padding-right: 2em; + padding-right: 0.25em; } } @@ -296,7 +296,7 @@ code, .md-nav--primary .md-nav__list .md-nav__list .md-nav__item { font-size: 0.875rem; - padding-left: 2.2em; + padding-left: 0.25em; margin: 1em 0; } diff --git a/version b/version index a3123669e..ea2f39f42 100644 --- a/version +++ b/version @@ -1 +1 @@ -"4.15.2" +"4.16.0"