/rust-pkcs11

Rust PKCS#11 Library

Primary LanguageHTMLApache License 2.0Apache-2.0

Rust PKCS#11 Library

This is a library which brings support for PKCS#11 to Rust. It is aiming at having both a very low-level API to map the PKCS#11 functionality to Rust as well as having a higher-level API for more easy usage as well as bringing more safety for programming against PKCS#11.

Testing

Testing is currently done with SoftHSM2. A trillion thanks to the people at OpenDNSSEC for writing SoftHSM. This makes it possible to develop applications that need to support PKCS#11. I would have no idea what to do without it. (Suggestions are always welcome.)

Status

Here is a list of the implementation status and plans on what to do next:

  • Dynamic loading of PKCS#11 module (thanks to libloading)
  • Initializing and Dropping PKCS#11 context
  • Implementing Token and PIN Management functions
  • Implementing Session Management functions
  • Implementing Object Management functions
  • Implementing Key Management functions
  • Implementing Encryption/Decryption functions (TODO: tests still missing)
  • Implementing Message Digest functions (TODO: tests still missing)
  • Implementing Signing and MACing (TODO: tests still missing)
  • Implementing Verifying of signatures and MACs (TODO: tests still missing)
  • Implementing Dual-function cryptographic operations (TODO: tests still missing)
  • Implementing Legacy PKCS#11 functions
  • Reorganize code of low-level API (too bloated, which we all know is what PKCS#11 is like)
  • Import the rest of the C header pkcs11t.h types into rust
  • Import the rest of the C header pkcs11f.h functions into rust
  • C type constants to string converter functions, and the reverse (maybe part of the high-level API?)
  • Design and implement high-level API
  • Publish on crates.io (wow, that was easy)
  • Write and Generate Documentation for Rust docs
  • Better Testing (lots of repetitive code + we need a testing framework and different SoftHSM versions for different platforms)