Update cryptoki and cryptoki-sys crates

 * Update the cryptoki and cryptoki-sys crates.
 * Minor changes to the code to update according to the updates
   version of cryptoki.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>

Cargo.toml

@@ -26,7 +26,7 @@ toml = "0.5.8"
 serde = { version = "1.0.123", features = ["derive"] }
 env_logger = "0.8.3"
 log = { version = "0.4.14", features = ["serde"] }
-cryptoki = { version = "0.3.1", optional = true, default-features = false }
+cryptoki = { version = "0.5.0", optional = true, default-features = false }
 picky-asn1-der = { version = "0.4.0", optional = true }
 picky-asn1 = { version = "0.7.2", optional = true }
 tss-esapi = { version = "7.2.0", optional = true }

e2e_tests/Cargo.toml

@@ -30,7 +30,7 @@ picky-asn1 = "0.3.1"
 sha2 = "0.9.3"
 serial_test = "0.5.1"
 regex = "1.6.0"
-cryptoki = { version = "0.3.1", default-features = false }
+cryptoki = { version = "0.5.0", default-features = false }
 snailquote = "0.3.1"
 
 [features]

e2e_tests/tests/all_providers/config/mod.rs

@@ -1,5 +1,6 @@
 // Copyright 2020 Contributors to the Parsec project.
 // SPDX-License-Identifier: Apache-2.0
+use cryptoki::types::AuthPin;
 use e2e_tests::auto_test_keyname;
 use e2e_tests::TestClient;
 use log::{error, info};
@@ -456,27 +457,29 @@ fn activate_cred_no_auth() {
 #[cfg(feature = "pkcs11-provider")]
 fn init_pkcs11_token(lib: &str, so_pin: &str, pin: &str) -> String {
     use cryptoki::context::{CInitializeArgs, Pkcs11};
-    use cryptoki::session::SessionFlags;
     use cryptoki::session::UserType;
     use std::path::Path;
 
     let pkcs11 = Pkcs11::new(Path::new(lib)).unwrap();
     // // initialize the library
     pkcs11.initialize(CInitializeArgs::OsThreads).unwrap();
     let slot = pkcs11.get_slots_with_token().unwrap().pop().unwrap();
-    pkcs11.init_token(slot, so_pin, "Test Token").unwrap();
-    // set flags
-    let mut flags = SessionFlags::new();
-    let _ = flags.set_rw_session(true).set_serial_session(true);
+    pkcs11
+        .init_token(slot, &AuthPin::new(so_pin.to_string()), "Test Token")
+        .unwrap();
     // open a session
-    let session = pkcs11.open_session_no_callback(slot, flags).unwrap();
+    let session = pkcs11.open_rw_session(slot).unwrap();
     // log in the session
-    session.login(UserType::So, Some(so_pin)).unwrap();
-    session.init_pin(pin).unwrap();
+    session
+        .login(UserType::So, Some(&AuthPin::new(so_pin.to_string())))
+        .unwrap();
+    session.init_pin(&AuthPin::new(pin.to_string())).unwrap();
     // get the token serial number
     let token = pkcs11.get_token_info(slot).unwrap();
     pkcs11.finalize();
-    std::str::from_utf8(&token.serialNumber).unwrap().to_owned()
+    std::str::from_utf8(token.serial_number().as_bytes())
+        .unwrap()
+        .to_owned()
 }
 
 #[cfg(feature = "pkcs11-provider")]

src/providers/pkcs11/capability_discovery.rs

@@ -77,8 +77,8 @@ impl CanDoCrypto for Provider {
             .get_mechanism_info(self.slot_number, mechanism.mechanism_type())
             .map_err(to_response_status)?;
         if std::any::type_name::<Ulong>() == std::any::type_name::<u64>() {
-            if !((attributes.bits as u64) >= (*mechanism_info.min_key_size()).into()
-                && (attributes.bits as u64) <= (*mechanism_info.max_key_size()).into())
+            if !((attributes.bits as u64) >= (mechanism_info.min_key_size() as u64)
+                && (attributes.bits as u64) <= (mechanism_info.max_key_size()) as u64)
             {
                 info!(
                     "Incorrect key size {} for mechanism {:?}",
@@ -87,8 +87,8 @@ impl CanDoCrypto for Provider {
                 return Err(PsaErrorNotSupported);
             }
         } else {
-            if !((attributes.bits as u64) >= (*mechanism_info.min_key_size() as u64)
-                && (attributes.bits as u64) <= (*mechanism_info.max_key_size() as u64))
+            if !((attributes.bits as u64) >= (mechanism_info.min_key_size() as u64)
+                && (attributes.bits as u64) <= (mechanism_info.max_key_size() as u64))
             {
                 info!(
                     "Incorrect key size {} for mechanism {:?}",

src/providers/pkcs11/mod.rs

@@ -11,8 +11,9 @@ use crate::providers::crypto_capability::CanDoCrypto;
 use crate::providers::ProviderIdentity;
 use cryptoki::context::{CInitializeArgs, Pkcs11};
 use cryptoki::error::{Error as Pkcs11Error, RvError};
-use cryptoki::session::{Session, SessionFlags, UserType};
+use cryptoki::session::{Session, UserType};
 use cryptoki::slot::Slot;
+use cryptoki::types::AuthPin;
 use derivative::Derivative;
 use log::{error, info, trace, warn};
 use parsec_interface::operations::{
@@ -211,12 +212,9 @@ impl Provider {
     // * logged in if the pin is set
     // * set on the slot in the provider
     fn new_session(&self) -> Result<Session> {
-        let mut flags = SessionFlags::new();
-        let _ = flags.set_rw_session(true).set_serial_session(true);
-
         let session = self
             .backend
-            .open_session_no_callback(self.slot_number, flags)
+            .open_rw_session(self.slot_number)
             .map_err(to_response_status)?;
 
         if self.user_pin.is_some() {
@@ -231,7 +229,7 @@ impl Provider {
             }
 
             session
-                .login(UserType::User, Some(&pin))
+                .login(UserType::User, Some(&AuthPin::new(pin.to_string())))
                 .or_else(|e| {
                     if let Pkcs11Error::Pkcs11(RvError::UserAlreadyLoggedIn) = e {
                         Ok(())
@@ -529,11 +527,11 @@ impl ProviderBuilder {
                         format_error!("Failed parsing token info", e);
                         Error::new(ErrorKind::InvalidData, "Failed parsing token info")
                     })?;
-                    let sn =
-                        String::from_utf8(current_token.serialNumber.to_vec()).map_err(|e| {
-                            format_error!("Failed parsing token serial number", e);
-                            Error::new(ErrorKind::InvalidData, "Failed parsing token serial number")
-                        })?;
+                    let sn = String::from_utf8(current_token.serial_number().as_bytes().to_vec())
+                        .map_err(|e| {
+                        format_error!("Failed parsing token serial number", e);
+                        Error::new(ErrorKind::InvalidData, "Failed parsing token serial number")
+                    })?;
                     if sn.trim() == serial_number.trim() {
                         slot = Some(current_slot);
                         break;

src/providers/pkcs11/utils.rs

@@ -166,7 +166,7 @@ pub fn pkcsmgftype_from_psa_crypto_hash(alg: Hash) -> Result<rsa::PkcsMgfType, E
 #[allow(deprecated)]
 pub fn algorithm_to_mechanism(
     alg: psa_crypto::types::algorithm::Algorithm,
-) -> Result<Mechanism, Error> {
+) -> Result<Mechanism<'static>, Error> {
     use psa_crypto::types::algorithm::{Algorithm, AsymmetricEncryption};
 
     match alg {
@@ -187,13 +187,11 @@ pub fn algorithm_to_mechanism(
         })),
         Algorithm::AsymmetricSignature(AsymmetricSignature::Ecdsa { .. }) => Ok(Mechanism::Ecdsa),
         Algorithm::AsymmetricEncryption(AsymmetricEncryption::RsaOaep { hash_alg }) => {
-            Ok(Mechanism::RsaPkcsOaep(rsa::PkcsOaepParams {
-                hash_alg: algorithm_to_mechanism(Algorithm::from(hash_alg))?.mechanism_type(),
-                mgf: pkcsmgftype_from_psa_crypto_hash(hash_alg)?,
-                source: rsa::PkcsOaepSourceType::DATA_SPECIFIED,
-                source_data: std::ptr::null(),
-                source_data_len: 0.into(),
-            }))
+            Ok(Mechanism::RsaPkcsOaep(rsa::PkcsOaepParams::new(
+                algorithm_to_mechanism(Algorithm::from(hash_alg))?.mechanism_type(),
+                pkcsmgftype_from_psa_crypto_hash(hash_alg)?,
+                rsa::PkcsOaepSource::empty(),
+            )))
         }
         alg => {
             error!("{:?} is not a supported algorithm", alg);