Replace SessionFlags with bool to open session

vkkoskie · ionut-arm · commit 6d2df93d4258 · 2022-01-27T14:10:58.000Z
There are only two flags supported as arguments when opening a
session.

One of them must always be true, but perversely defaults to false.
This forces client code to construct a trivial value to pass. This
commit now hides this flag, setting it to its only valid value always.
This also removes a single test which checked for failure when the flag
was set to false.

With only one flag (read/write) remaining, the open session call now
accepts a boolean for the option and conversion to a wider integer
type is handled internally.

Signed-off-by: Keith Koskie &lt;vkkoskie@gmail.com&gt;
diff --git a/cryptoki/src/context/mod.rs b/cryptoki/src/context/mod.rs
@@ -27,7 +27,7 @@ pub use locking::*;
 
 use crate::error::{Error, Result, Rv};
 use crate::mechanism::{MechanismInfo, MechanismType};
-use crate::session::{Session, SessionFlags};
+use crate::session::Session;
 use crate::slot::{Slot, SlotInfo, TokenInfo};
 
 use derivative::Derivative;
@@ -159,7 +159,7 @@ impl Pkcs11 {
     }
 
     /// Open a new session with no callback set
-    pub fn open_session_no_callback(&self, slot_id: Slot, flags: SessionFlags) -> Result<Session> {
-        session_management::open_session_no_callback(self, slot_id, flags)
+    pub fn open_session_no_callback(&self, slot_id: Slot, read_write: bool) -> Result<Session> {
+        session_management::open_session_no_callback(self, slot_id, read_write)
     }
 }
diff --git a/cryptoki/src/context/session_management.rs b/cryptoki/src/context/session_management.rs
@@ -2,25 +2,31 @@
 // SPDX-License-Identifier: Apache-2.0
 //! Session management functions
 
+use cryptoki_sys::{CKF_RW_SESSION, CKF_SERIAL_SESSION};
+
 use crate::context::Pkcs11;
 use crate::error::{Result, Rv};
-use crate::session::{Session, SessionFlags};
+use crate::session::Session;
 use crate::slot::Slot;
 use std::convert::TryInto;
-
 // See public docs on stub in parent mod.rs
 #[inline(always)]
 pub(super) fn open_session_no_callback(
     ctx: &Pkcs11,
     slot_id: Slot,
-    flags: SessionFlags,
+    read_write: bool,
 ) -> Result<Session> {
     let mut session_handle = 0;
 
+    let flags = if read_write {
+        CKF_SERIAL_SESSION | CKF_RW_SESSION
+    } else {
+        CKF_SERIAL_SESSION
+    };
     unsafe {
         Rv::from(get_pkcs11!(ctx, C_OpenSession)(
             slot_id.try_into()?,
-            flags.into(),
+            flags,
             // TODO: abstract those types or create new functions for callbacks
             std::ptr::null_mut(),
             None,
diff --git a/cryptoki/src/session/mod.rs b/cryptoki/src/session/mod.rs
@@ -151,7 +151,6 @@ impl Session {
     /// use cryptoki::context::CInitializeArgs;
     /// use cryptoki::object::AttributeType;
     /// use cryptoki::session::UserType;
-    /// use cryptoki::session::SessionFlags;
     /// use std::collections::HashMap;
     /// use std::env;
     ///
@@ -163,10 +162,8 @@ impl Session {
     ///
     /// pkcs11.initialize(CInitializeArgs::OsThreads).unwrap();
     /// let slot = pkcs11.get_slots_with_token().unwrap().remove(0);
-    /// let mut flags = SessionFlags::new();
-    /// let _ = flags.set_rw_session(true).set_serial_session(true);
     ///
-    /// let session = pkcs11.open_session_no_callback(slot, flags).unwrap();
+    /// let session = pkcs11.open_session_no_callback(slot, true).unwrap();
     /// session.login(UserType::User, Some("fedcba"));
     ///
     /// let empty_attrib= vec![];
diff --git a/cryptoki/tests/basic.rs b/cryptoki/tests/basic.rs
@@ -33,7 +33,7 @@ fn sign_verify() -> Result<()> {
     let _ = flags.set_rw_session(true).set_serial_session(true);
 
     // open a session
-    let session = pkcs11.open_session_no_callback(slot, flags)?;
+    let session = pkcs11.open_session_no_callback(slot, true)?;
 
     // log in the session
     session.login(UserType::User, Some(USER_PIN))?;
@@ -85,7 +85,7 @@ fn encrypt_decrypt() -> Result<()> {
     let _ = flags.set_rw_session(true).set_serial_session(true);
 
     // open a session
-    let session = pkcs11.open_session_no_callback(slot, flags)?;
+    let session = pkcs11.open_session_no_callback(slot, true)?;
 
     // log in the session
     session.login(UserType::User, Some(USER_PIN))?;
@@ -141,7 +141,7 @@ fn derive_key() -> Result<()> {
     let _ = flags.set_rw_session(true).set_serial_session(true);
 
     // open a session
-    let session = pkcs11.open_session_no_callback(slot, flags)?;
+    let session = pkcs11.open_session_no_callback(slot, true)?;
 
     // log in the session
     session.login(UserType::User, Some(USER_PIN))?;
@@ -236,7 +236,7 @@ fn import_export() -> Result<()> {
     let _ = flags.set_rw_session(true).set_serial_session(true);
 
     // open a session
-    let session = pkcs11.open_session_no_callback(slot, flags)?;
+    let session = pkcs11.open_session_no_callback(slot, true)?;
 
     // log in the session
     session.login(UserType::User, Some(USER_PIN))?;
@@ -306,7 +306,7 @@ fn wrap_and_unwrap_key() {
     let _ = flags.set_rw_session(true).set_serial_session(true);
 
     // open a session
-    let session = pkcs11.open_session_no_callback(slot, flags).unwrap();
+    let session = pkcs11.open_session_no_callback(slot, true).unwrap();
 
     // log in the session
     session.login(UserType::User, Some(USER_PIN)).unwrap();
@@ -400,7 +400,7 @@ fn login_feast() {
     for _ in 0..SESSIONS {
         let pkcs11 = pkcs11.clone();
         threads.push(thread::spawn(move || {
-            let session = pkcs11.open_session_no_callback(slot, flags).unwrap();
+            let session = pkcs11.open_session_no_callback(slot, true).unwrap();
             match session.login(UserType::User, Some(USER_PIN)) {
                 Ok(_) | Err(Error::Pkcs11(RvError::UserAlreadyLoggedIn)) => {}
                 Err(e) => panic!("Bad error response: {}", e),
@@ -463,19 +463,9 @@ fn get_session_info_test() -> Result<()> {
     let (pkcs11, slot) = init_pins();
 
     let mut flags = SessionFlags::new();
-
-    // Check that OpenSession errors when CKF_SERIAL_SESSION is not set
-    if let Err(cryptoki::error::Error::Pkcs11(rv_error)) =
-        pkcs11.open_session_no_callback(slot, flags)
-    {
-        assert_eq!(rv_error, RvError::SessionParallelNotSupported);
-    } else {
-        panic!("Should error when CKF_SERIAL_SESSION is not set");
-    }
-
     let _ = flags.set_serial_session(true);
     {
-        let session = pkcs11.open_session_no_callback(slot, flags)?;
+        let session = pkcs11.open_session_no_callback(slot, false)?;
         let session_info = session.get_session_info()?;
         assert!(!session_info.read_write());
         assert_eq!(session_info.slot_id(), slot);
@@ -504,7 +494,7 @@ fn get_session_info_test() -> Result<()> {
 
     let _ = flags.set_rw_session(true);
 
-    let session = pkcs11.open_session_no_callback(slot, flags)?;
+    let session = pkcs11.open_session_no_callback(slot, true)?;
     let session_info = session.get_session_info()?;
     assert!(session_info.read_write());
     assert_eq!(session_info.slot_id(), slot);
@@ -539,7 +529,7 @@ fn generate_random_test() -> Result<()> {
     let mut flags = SessionFlags::new();
 
     let _ = flags.set_serial_session(true);
-    let session = pkcs11.open_session_no_callback(slot, flags)?;
+    let session = pkcs11.open_session_no_callback(slot, false)?;
 
     let poor_seed: [u8; 32] = [0; 32];
     session.seed_random(&poor_seed)?;
@@ -566,7 +556,7 @@ fn set_pin_test() -> Result<()> {
     let mut flags = SessionFlags::new();
 
     let _ = flags.set_serial_session(true).set_rw_session(true);
-    let session = pkcs11.open_session_no_callback(slot, flags)?;
+    let session = pkcs11.open_session_no_callback(slot, true)?;
 
     session.login(UserType::User, Some(USER_PIN))?;
     session.set_pin(USER_PIN, new_user_pin)?;
@@ -585,7 +575,7 @@ fn get_attribute_info_test() -> Result<()> {
     let _ = flags.set_rw_session(true).set_serial_session(true);
 
     // open a session
-    let session = pkcs11.open_session_no_callback(slot, flags)?;
+    let session = pkcs11.open_session_no_callback(slot, true)?;
 
     // log in the session
     session.login(UserType::User, Some(USER_PIN))?;
diff --git a/cryptoki/tests/common.rs b/cryptoki/tests/common.rs
@@ -32,7 +32,7 @@ pub fn init_pins() -> (Pkcs11, Slot) {
 
     {
         // open a session
-        let session = pkcs11.open_session_no_callback(slot, flags).unwrap();
+        let session = pkcs11.open_session_no_callback(slot, true).unwrap();
         // log in the session
         session.login(UserType::So, Some(SO_PIN)).unwrap();
         session.init_pin(USER_PIN).unwrap();

Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ pub use locking::*;`
`27`	`27`
`28`	`28`	`use crate::error::{Error, Result, Rv};`
`29`	`29`	`use crate::mechanism::{MechanismInfo, MechanismType};`
`30`		`-use crate::session::{Session, SessionFlags};`
	`30`	`+use crate::session::Session;`
`31`	`31`	`use crate::slot::{Slot, SlotInfo, TokenInfo};`
`32`	`32`
`33`	`33`	`use derivative::Derivative;`
`@@ -159,7 +159,7 @@ impl Pkcs11 {`
`159`	`159`	`}`
`160`	`160`
`161`	`161`	`/// Open a new session with no callback set`
`162`		`- pub fn open_session_no_callback(&self, slot_id: Slot, flags: SessionFlags) -> Result<Session> {`
`163`		`- session_management::open_session_no_callback(self, slot_id, flags)`
	`162`	`+ pub fn open_session_no_callback(&self, slot_id: Slot, read_write: bool) -> Result<Session> {`
	`163`	`+ session_management::open_session_no_callback(self, slot_id, read_write)`
`164`	`164`	`}`
`165`	`165`	`}`
Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@ pub fn init_pins() -> (Pkcs11, Slot) {`
`32`	`32`
`33`	`33`	`{`
`34`	`34`	`// open a session`
`35`		`- let session = pkcs11.open_session_no_callback(slot, flags).unwrap();`
	`35`	`+ let session = pkcs11.open_session_no_callback(slot, true).unwrap();`
`36`	`36`	`// log in the session`
`37`	`37`	`session.login(UserType::So, Some(SO_PIN)).unwrap();`
`38`	`38`	`session.init_pin(USER_PIN).unwrap();`