Comments (6)
Hey, thanks for reporting this! I agree, it's definitely a problem, don't know how we hadn't noticed it before.
First things first I'd mark the struct as
#[deprecated]
Don't know if that's necessary, really - if we break/change the interface we can just bump the version number appropriately.
I also agree about the assessment - ideally I would've liked us to take ownership of that data and generate our own pointer from it when necessary, but that might be inefficient. However, if we do go for a reference, the new lifetime parameter isn't the only problem with that approach - we would then be inconsistent with a lot of other mechanisms which take ownership of buffers. Perhaps we could switch to references everywhere, or at least in places with "unbounded" buffers.
The Mechanism
struct is probably a low-impact place to have lifetimes because I wouldn't expect them to be persisted between calls/operations - but perhaps I'm wrong on that. Overall, I'd lean towards using a reference.
Thoughts?
from rust-cryptoki.
Okay, this is definitely a problem. First things first I'd mark the struct as #[deprecated]
linking to this issue to give people using it a heads-up that it's going to change.
Yeah, the interface looks half-low-level half-high level. I'm wondering how much code will need to change for the "lifetime parameter" scenario although I'm OK with the "own source data" too.
@hug-dev, @ionut-arm, @gowthamsk-arm what do you think?
from rust-cryptoki.
from rust-cryptoki.
Hey, thanks for the reply!
AES-GCM takes a struct with pointers to IV and AAD. These can both
be arbitrarily long (up to 2^32 - 1 bytes). It would make sense for
these to be slices as well.
I don't think that's true about IV in version 2.40 of the spec:
ulIvLen length of initialization vector in bytes. The length of the initialization vector can be any number between 1 and 256. 96-bit (12 byte) IV values can be processed more efficiently, so that length is recommended for situations in which efficiency is critical.
Though looking at v3, I can see where you got the value from (see comment below about versioning). It seems fairly reasonable to treat IVs as fairly limited in size and thus take full ownership of them, whereas for AAD or other large, variable-length structures we could just take a reference and use that.
One thing I noticed is that you seem to be referring to version 3 of the spec:
A quick scan through https://docs.oasis-open.org/pkcs11/pkcs11-curr/v3.0/os/pkcs11-curr-v3.0-os.html
While we use version 2.40. A peek through our READMEs made me realize we don't explicitly advertise this! So we definitely need to make it more clear. Did you want to move to v3.0 of the spec? It seems like a fairly big jump, not sure how to handle it easily - perhaps gating it behind a Cargo feature - but that's a separate discussion.
Anyway, your approach in the open PR seems pretty good to me, happy to go down that route.
from rust-cryptoki.
from rust-cryptoki.
from rust-cryptoki.
Related Issues (20)
- Missing constants for x86_64-unknown-linux-gnu HOT 6
- Function name as part of errors HOT 3
- CKA_PUBLIC_KEY_INFO getting TypeInvalid HOT 8
- Wrapper for C_WaitForSlotEvent HOT 5
- finalize() without drop()? HOT 1
- `clone()` and `is_initialized()` HOT 13
- bug: `is_fn_supported()` always returns `true` HOT 1
- UserNotLoggedIn calling decrypt after login.... HOT 5
- Signing and Verifying HOT 2
- PKCS OAEP padding always returns: Pkcs11(ArgumentsBad) HOT 3
- test slot::token_info::test::debug_info fails on 32-bit architectures. HOT 1
- Add Wycheproof-based tests
- Wasm support HOT 2
- session.login fails on MacOS Sonoma HOT 8
- New release? HOT 6
- PkcsOaepParams HOT 3
- Build of cryptoki v0.6.1 failing on Fedora 39+ HOT 23
- Cannot init_token using an HSM with PED
- Do not call C_Finalize if not initialized
- Add support for C_GetInterfaceList
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rust-cryptoki.