Add support for message-based encryption and decryption (PKCS#11 3.0)

[Jakuje]

Toward this change, I had to go through some hops.

• Update the headers to PKCS#11 3.1
• Fix the function list initialization to be able to use the new PKCS#11 3.0 functions
• Added the new API functions
• Added tests (work kryoptic)

[Jakuje]

The clippy failure is something in the code that I did not touch so I assume rust/clippy was updated somewhere and new warnings are showing up. On the first sight, its not clear to me how to correctly fix it.

[hug-dev]

Thank you!!

I think the clippy warning is only about aligning lists with two spaces instead of more

[Jakuje]

I think the clippy warning is only about aligning lists with two spaces instead of more

Yeah, thats how much I got from the message, but its the continuation of the list item so I am not sure how it will render in the docs when I will remove the indent for the list. But I can try. It will break at worst :)

[Jakuje]

I think the clippy warning is only about aligning lists with two spaces instead of more

Yeah, thats how much I got from the message, but its the continuation of the list item so I am not sure how it will render in the docs when I will remove the indent for the list. But I can try. It will break at worst :)

Turned out it just needed one less space than I would expect in the RSA case (and few less than in the other). Fixed in the last commit.

[wiktor-k]

LGTM 👍 thanks! A couple of smaller things :)

[wiktor-k]

I think the TODO should use normal comment (//) not to be rendered as docs 🤔

[wiktor-k]

The below is important to catch stuff like here (decrypt vs decrypt_message).

[wiktor-k]

message typo

[wiktor-k]

Is this call necessary if the vec is already created with correct size in the first place? 🤔

[Jakuje]

I used the same approach as in the Session::decrypt() as tried and tested :)

I agree that this might not be necessary for the PKCS#11 modules that return the right value on the first try, but the PKCS#11 specs says that the value does not have to be exact and could be larger so shrinking the vector is probably a good thing to do here:

1. If pBuf is NULL_PTR, then all that the function does is return (in *pulBufLen) a number of bytes which would suffice to hold the cryptographic output produced from the input to the function.� This number may somewhat exceed the precise number of bytes needed, but should not exceed it by a large amount.� CKR_OK is returned by the function.

From 5.2 Conventions for functions returning output in a variable-length buffer

[wiktor-k]

Great, thanks for digging this bit up!

But if the value returned can be bigger than the vector we pass in wouldn't the PKCS#11 call overwrite memory right after the Vec's buffer? And then the resize would still overwrite that PKCS#11-filled memory with zeros (since Vec implementation would "think" it has been uninitialized).

I guess this is a rare condition since the Vec would probably have spare capacity but thinking about all these edge cases gets me 😬

I understand the feel about adjusting the code around and then the reviewer being unhappy about not your code though 😅 Maybe we can track that in a separate issue and close this conversation here? 🤔

[Jakuje]

No, it should work only the other way round -- the size query can return larger value, but the operation itself will return the right value so no buffer should overrun in this code, unless I miss something.

[wiktor-k]

Ack. Then the Vec::truncate would be more appropriate, IMO. (I'm not saying you should adjust it, just for completeness for future work 🫠 )