This is a library which brings support for PKCS#11 to Rust. It is aiming at having both a very low-level API to map the PKCS#11 functionality to Rust as well as having a higher-level API for more easy usage as well as bringing more safety for programming against PKCS#11.
Testing is currently done with SoftHSM2. A trillion thanks to the people at OpenDNSSEC for writing SoftHSM. This makes it possible to develop applications that need to support PKCS#11. I would have no idea what to do without it. (Suggestions are always welcome.)
Here is a list of the implementation status and plans on what to do next:
- Dynamic loading of PKCS#11 module (thanks to libloading)
- Initializing and Dropping PKCS#11 context
- Implementing Token and PIN Management functions
- Implementing Session Management functions
- Implementing Object Management functions
- Implementing Key Management functions
- Implementing Encryption/Decryption functions (TODO: tests still missing)
- Implementing Message Digest functions (TODO: tests still missing)
- Implementing Signing and MACing (TODO: tests still missing)
- Implementing Verifying of signatures and MACs (TODO: tests still missing)
- Implementing Dual-function cryptographic operations (TODO: tests still missing)
- Implementing Legacy PKCS#11 functions
- Reorganize code of low-level API (too bloated, which we all know is what PKCS#11 is like)
- Import the rest of the C header
pkcs11t.htypes into rust - Import the rest of the C header
pkcs11f.hfunctions into rust - C type constants to string converter functions, and the reverse (maybe part of the high-level API?)
- Design and implement high-level API
- Publish on crates.io (wow, that was easy)
- Write and Generate Documentation for Rust docs
- Better Testing (lots of repetitive code + we need a testing framework and different SoftHSM versions for different platforms)