GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → mheese → rust-pkcs11

mheese / rust-pkcs11

Licence: Apache-2.0 license
Rust PKCS#11 Library

Programming Languages

rust
11053 projects

Labels

rust-librarypkcs11rust-fficryptoki

Projects that are alternatives of or similar to rust-pkcs11

inline-c-rs
Write and execute C code inside Rust.
Stars: ✭ 121 (+72.86%)
Mutual labels:  rust-library
thread-priority
A simple thread schedule and priority library for rust
Stars: ✭ 48 (-31.43%)
Mutual labels:  rust-library
soap-rs
SOAP client for Rust programming language
Stars: ✭ 37 (-47.14%)
Mutual labels:  rust-library
version-compare
↔️ Rust library to easily compare version strings. Mirror from https://gitlab.com/timvisee/version-compare
Stars: ✭ 32 (-54.29%)
Mutual labels:  rust-library
healthchecks-rs
Simple Rust library to interact with healthchecks.io
Stars: ✭ 16 (-77.14%)
Mutual labels:  rust-library
JuliaPackageWithRustDep.jl
Example of a Julia Package with Rust dependency.
Stars: ✭ 65 (-7.14%)
Mutual labels:  rust-ffi
fortify
Fortify enables web applications to use smart cards, local certificate stores and do certificate enrollment. This is the desktop application repository.
Stars: ✭ 88 (+25.71%)
Mutual labels:  pkcs11
simple redis
Simple and resilient redis client for rust.
Stars: ✭ 21 (-70%)
Mutual labels:  rust-library
unicode-linebreak
󠁼💔 Implementation of the Unicode Line Breaking Algorithm in Rust
Stars: ✭ 14 (-80%)
Mutual labels:  rust-library
pkcs11-tools
A set of tools to manage objects on PKCS#11 crypotographic tokens. Compatible with any PKCS#11 library, including NSS.
Stars: ✭ 70 (+0%)
Mutual labels:  pkcs11
daemonize-me
Rust library to ease the task of creating daemons
Stars: ✭ 34 (-51.43%)
Mutual labels:  rust-library
Pkcs11Interop.X509Store
Easy to use PKCS#11 based X.509 certificate store
Stars: ✭ 24 (-65.71%)
Mutual labels:  pkcs11
font8x8-rs
8x8 monochrome bitmap fonts for rendering. Implemented in Rust.
Stars: ✭ 15 (-78.57%)
Mutual labels:  rust-library
kul
A unique textual notation that can be used as both a data format and a markup language and that has powerful extensibility of both lexical syntax and semantics, and a Rust library for parsing it.
Stars: ✭ 12 (-82.86%)
Mutual labels:  rust-library
pkcs11
OCaml bindings for the PKCS#11 cryptographic API
Stars: ✭ 21 (-70%)
Mutual labels:  pkcs11
dupe-krill
A fast file deduplicator
Stars: ✭ 147 (+110%)
Mutual labels:  rust-library
requests-rs
Rust HTTP client library styled after awesome Python requests
Stars: ✭ 37 (-47.14%)
Mutual labels:  rust-library
Curio
A Blazing Fast HTTP Client
Stars: ✭ 35 (-50%)
Mutual labels:  rust-library
enumset
A library for compact bit sets containing enums.
Stars: ✭ 60 (-14.29%)
Mutual labels:  rust-library
x509sak
X.509 Swiss Army Knife is a toolkit atop OpenSSL to ease generation of CAs and aid white-hat pentesting
Stars: ✭ 23 (-67.14%)
Mutual labels:  pkcs11
View All Similar Projects ➔

Rust PKCS#11 Library

Latest version Documentation Build status Build status Build status Build status codecov License

This is a library which brings support for PKCS#11 to Rust. It is aiming at having both a very low-level API to map the PKCS#11 functionality to Rust as well as having a higher-level API for more easy usage as well as bringing more safety for programming against PKCS#11.

Status

The library has full support for all functions in PKCS#11 v2.40. It should technically work with any Cryptoki version from v2.00. For example there is special handling for C_WaitForSlotEvent which has been added only in v2.01. You can successfully implement and reach all low-level Cryptoki semantics and structures. All of them are integration tested using SoftHSM. For better interoperability the low-level API is using nearly the same function/method calls and data structures as defined in the official standard. That means that using the low-level API should be very easy for people who are familiar with PKCS#11 as the naming and variables/constants/defines are the same.

A high-level more Rust-friendly API is in the design process. Its goal is to hide most of the low-level PKCS#11 semantics that one does not need to be aware of as they can be very verbose. Furthermore using Rust datastructures it is possible to come up with a more type-safe library at compile time to help users to use PKCS#11 more successfully and to make it more robust. It will also provide easier primitives for multi-part encrypting/decrypting/signing/etc. Ideally by providing a streaming API. Last but not least it will provide session management and lock/unlock free sessions as they are available from the context. Especially on tokens that provide parallel processing this can be a very tedious and error-prone process.

Compatiblity Matrix

TODO: This is still in the making, and most likely very incomplete.

As PKCS#11 implementations are not always sticking to the standard, your token might still have problems, unfortunately. These are known tokens as reported by users that definitely work together with this library.

If you use this library with an HSM that is not listed here, please open an issue (or even better a PR) so that I can update this matrix. If your token does not work, please also open an issue, of course, so that we can investigate.

Testing

Testing is currently done with SoftHSM2. A trillion thanks to the people at OpenDNSSEC for writing SoftHSM. This makes it possible to develop applications that need to support PKCS#11. I would have no idea what to do without it. (Suggestions are always welcome.)

TODO

Here is a list of the implementation status and plans on what to do next:

  • Dynamic loading of PKCS#11 module (thanks to libloading)
  • Initializing and Dropping PKCS#11 context
  • Implementing Token and PIN Management functions
  • Implementing Session Management functions
  • Implementing Object Management functions
  • Implementing Key Management functions
  • Implementing Encryption/Decryption functions
  • Implementing Message Digest functions
  • Implementing Signing and MACing
  • Implementing Verifying of signatures and MACs
  • Implementing Dual-function cryptographic operations
  • Implementing Legacy PKCS#11 functions
  • Reorganize code of low-level API (too bloated, which we all know is what PKCS#11 is like)
  • Import the rest of the C header pkcs11t.h types into rust
  • Import the rest of the C header pkcs11f.h functions into rust
  • Publish on crates.io (wow, that was easy)
  • C type constants to string converter functions, and the reverse (maybe part of the high-level API?)
  • Design and implement high-level API
  • Write and Generate Documentation for Rust docs
  • Better Testing (lots of repetitive code + we need a testing framework and different SoftHSM versions for different platforms)
  • Suppport for PKCS#11 v3.00
  • make packed struct and CK_ULONG / CK_LONG feature flags with platform defaults when it becomes possible - currently the default when the target is Windows as PKCS#11 explicitly demands packed structs on Windows and unsigned long and long are both only 32bit on Microsoft compilers by default. However, on any other unix platform the defaults are not really defined and one might need to opt in for one or the other.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].