From 4a18f45a467364eb6b1e461a04bdb3d0f5ba7522 Mon Sep 17 00:00:00 2001 From: Matt Davis Date: Fri, 30 Jul 2021 11:42:00 +0100 Subject: [PATCH] Added KeyIdentity. Closes #488 Signed-off-by: Matt Davis --- src/key_info_managers/mod.rs | 84 +++++++++++++------- src/key_info_managers/on_disk_manager/mod.rs | 40 +++++----- 2 files changed, 74 insertions(+), 50 deletions(-) diff --git a/src/key_info_managers/mod.rs b/src/key_info_managers/mod.rs index 3471d9d1..517cbff1 100644 --- a/src/key_info_managers/mod.rs +++ b/src/key_info_managers/mod.rs @@ -7,7 +7,6 @@ //! information of the keys they manage. Different implementors might store this mapping using different //! means but it has to be persistent. -use crate::authenticators::ApplicationName; use crate::utils::config::{KeyInfoManagerConfig, KeyInfoManagerType}; use anyhow::Result; use derivative::Derivative; @@ -24,18 +23,27 @@ pub mod on_disk_manager; /// This structure corresponds to a unique identifier of the key. It is used internally by the Key /// ID manager to refer to a key. #[derive(Debug, Clone, PartialEq, Eq, Hash)] -pub struct KeyTriple { - app_name: ApplicationName, - provider_id: ProviderId, + +pub struct ApplicationIdentity { + name: String, + authenticator_id: u8, +} +pub struct ProviderIdentity { + uuid: String, + name: String, +} +pub struct KeyIdentity { + application: ApplicationIdentity, + provider: ProviderIdentity, key_name: String, } -impl fmt::Display for KeyTriple { +impl fmt::Display for KeyIdentity { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { write!( f, - "Application Name: \"{}\", Provider ID: {}, Key Name: \"{}\"", - self.app_name, self.provider_id, self.key_name + "Application: [name=\"{}\", authenticator_id=\"{}\"],\nProvider: [name=\"{}\", uuid=\"{}\"],\nKey Name: \"{}\"", + self.application.name, self.application.authenticator_id, self.provider.name, self.provider.uuid, self.key_name ) } } @@ -50,19 +58,34 @@ struct KeyInfo { attributes: Attributes, } -impl KeyTriple { - /// Creates a new instance of KeyTriple. - pub fn new(app_name: ApplicationName, provider_id: ProviderId, key_name: String) -> KeyTriple { - KeyTriple { - app_name, - provider_id, +impl KeyIdentity { + /// Creates a new instance of KeyIdentity. + // pub fn new(application_name: String, authenticator_id: u8, provider_name: String, provider_uuid: String, key_name: String) -> KeyIdentity { + // KeyIdentity { + // application: ApplicationIdentity { + // name: application_name, + // authenticator_id, + // }, + // provider: ProviderIdentity { + // name: provider_name, + // uuid: provider_uuid, + // }, + // key_name, + // } + // } + + /// Creates a new instance of KeyIdentity. + pub fn new(application: ApplicationIdentity, provider: ProviderIdentity, key_name: String) -> KeyIdentity { + KeyIdentity { + application, + provider, key_name, } } /// Checks if this key belongs to a specific provider. - pub fn belongs_to_provider(&self, provider_id: ProviderId) -> bool { - self.provider_id == provider_id + pub fn belongs_to_provider(&self, provider_name: String) -> bool { + self.provider.name == provider_name } /// Get the key name @@ -71,8 +94,8 @@ impl KeyTriple { } /// Get the app name - pub fn app_name(&self) -> &ApplicationName { - &self.app_name + pub fn app_name(&self) -> &String { + &self.application.name } } @@ -96,14 +119,14 @@ trait ManageKeyInfo { /// # Errors /// /// Returns an error as a String if there was a problem accessing the Key Info Manager. - fn get(&self, key_triple: &KeyTriple) -> Result, String>; + fn get(&self, key_identity: &KeyIdentity) -> Result, String>; /// Returns a Vec of reference to the key triples corresponding to this provider. /// /// # Errors /// /// Returns an error as a String if there was a problem accessing the Key Info Manager. - fn get_all(&self, provider_id: ProviderId) -> Result, String>; + fn get_all(&self, provider_id: ProviderId) -> Result, String>; /// Inserts a new mapping between the key triple and the key info. If the triple already exists, /// overwrite the existing mapping and returns the old `KeyInfo`. Otherwise returns `None`. @@ -113,7 +136,7 @@ trait ManageKeyInfo { /// Returns an error as a String if there was a problem accessing the Key Info Manager. fn insert( &mut self, - key_triple: KeyTriple, + key_identity: KeyIdentity, key_info: KeyInfo, ) -> Result, String>; @@ -123,14 +146,14 @@ trait ManageKeyInfo { /// # Errors /// /// Returns an error as a String if there was a problem accessing the Key Info Manager. - fn remove(&mut self, key_triple: &KeyTriple) -> Result, String>; + fn remove(&mut self, key_identity: &KeyIdentity) -> Result, String>; /// Check if a key triple mapping exists. /// /// # Errors /// /// Returns an error as a String if there was a problem accessing the Key Info Manager. - fn exists(&self, key_triple: &KeyTriple) -> Result; + fn exists(&self, key_identity: &KeyIdentity) -> Result; } /// KeyInfoManager client structure that bridges between the KIM and the providers that need @@ -139,14 +162,15 @@ trait ManageKeyInfo { #[derivative(Debug)] pub struct KeyInfoManagerClient { provider_id: ProviderId, + provider: ProviderIdentity, #[derivative(Debug = "ignore")] key_info_manager_impl: Arc>, } impl KeyInfoManagerClient { /// Get the KeyTriple representing a key. - pub fn get_key_triple(&self, app_name: ApplicationName, key_name: String) -> KeyTriple { - KeyTriple::new(app_name, self.provider_id, key_name) + pub fn get_key_triple(&self, application: ApplicationIdentity, key_name: String) -> KeyIdentity { + KeyIdentity::new(application, self.provider, key_name) } /// Get the key ID for a given key triple @@ -161,7 +185,7 @@ impl KeyInfoManagerClient { /// type fails, InvalidEncoding is returned. pub fn get_key_id( &self, - key_triple: &KeyTriple, + key_triple: &KeyIdentity, ) -> parsec_interface::requests::Result { let key_info_manager_impl = self .key_info_manager_impl @@ -185,7 +209,7 @@ impl KeyInfoManagerClient { /// KeyInfoManagerError is returned. pub fn get_key_attributes( &self, - key_triple: &KeyTriple, + key_triple: &KeyIdentity, ) -> parsec_interface::requests::Result { let key_info_manager_impl = self .key_info_manager_impl @@ -200,7 +224,7 @@ impl KeyInfoManagerClient { } /// Get all the key triples for the current provider - pub fn get_all(&self) -> parsec_interface::requests::Result> { + pub fn get_all(&self) -> parsec_interface::requests::Result> { let key_info_manager_impl = self .key_info_manager_impl .read() @@ -220,7 +244,7 @@ impl KeyInfoManagerClient { /// KeyInfoManagerError is returned. pub fn remove_key_info( &self, - key_triple: &KeyTriple, + key_triple: &KeyIdentity, ) -> parsec_interface::requests::Result<()> { let mut key_info_manager_impl = self .key_info_manager_impl @@ -241,7 +265,7 @@ impl KeyInfoManagerClient { /// any other error occurring in the KIM, KeyInfoManagerError is returned. pub fn insert_key_info( &self, - key_triple: KeyTriple, + key_triple: KeyIdentity, key_id: &T, attributes: Attributes, ) -> parsec_interface::requests::Result<()> { @@ -336,7 +360,7 @@ impl KeyInfoManagerClient { /// /// Returns PsaErrorAlreadyExists if the key triple already exists or KeyInfoManagerError for /// another error. - pub fn does_not_exist(&self, key_triple: &KeyTriple) -> Result<(), ResponseStatus> { + pub fn does_not_exist(&self, key_triple: &KeyIdentity) -> Result<(), ResponseStatus> { let key_info_manager_impl = self .key_info_manager_impl .read() diff --git a/src/key_info_managers/on_disk_manager/mod.rs b/src/key_info_managers/on_disk_manager/mod.rs index 2344bac5..3b3590a8 100644 --- a/src/key_info_managers/on_disk_manager/mod.rs +++ b/src/key_info_managers/on_disk_manager/mod.rs @@ -12,7 +12,7 @@ //! example, for operating systems having a limit of 255 characters for filenames (Unix systems), //! names will be limited to 188 bytes of UTF-8 characters. //! For security reasons, only the PARSEC service should have the ability to modify these files. -use super::{KeyInfo, KeyTriple, ManageKeyInfo}; +use super::{KeyInfo, KeyIdentity, ManageKeyInfo}; use crate::authenticators::ApplicationName; use anyhow::{Context, Result}; use log::{error, info, warn}; @@ -32,7 +32,7 @@ pub const DEFAULT_MAPPINGS_PATH: &str = "/var/lib/parsec/mappings"; #[derive(Debug)] pub struct OnDiskKeyInfoManager { /// Internal mapping, used for non-modifying operations. - key_store: HashMap, + key_store: HashMap, /// Folder where all the key triple to key info mappings are saved. This folder will be created /// if it does already exist. mappings_dir_path: PathBuf, @@ -41,7 +41,7 @@ pub struct OnDiskKeyInfoManager { /// Encodes a KeyTriple's data into base64 strings that can be used as filenames. /// The ProviderId will not be converted as a base64 as it can always be represented as a String /// being a number from 0 and 255. -fn key_triple_to_base64_filenames(key_triple: &KeyTriple) -> (String, String, String) { +fn key_triple_to_base64_filenames(key_triple: &KeyIdentity) -> (String, String, String) { ( base64::encode_config(key_triple.app_name.as_bytes(), base64::URL_SAFE), (key_triple.provider_id as u8).to_string(), @@ -74,11 +74,11 @@ fn base64_data_triple_to_key_triple( app_name: &[u8], provider_id: ProviderId, key_name: &[u8], -) -> Result { +) -> Result { let app_name = ApplicationName::from_name(base64_data_to_string(app_name)?); let key_name = base64_data_to_string(key_name)?; - Ok(KeyTriple { + Ok(KeyIdentity { app_name, provider_id, key_name, @@ -254,7 +254,7 @@ impl OnDiskKeyInfoManager { /// Saves the key triple to key info mapping in its own file. /// The filename will be `mappings/[APP_NAME]/[PROVIDER_NAME]/[KEY_NAME]` under the same path as the /// on-disk manager. It will contain the Key info data. - fn save_mapping(&self, key_triple: &KeyTriple, key_info: &KeyInfo) -> std::io::Result<()> { + fn save_mapping(&self, key_triple: &KeyIdentity, key_info: &KeyInfo) -> std::io::Result<()> { if crate::utils::GlobalConfig::log_error_details() { warn!( "Saving Key Triple ({}) mapping to disk.", @@ -287,7 +287,7 @@ impl OnDiskKeyInfoManager { /// Removes the mapping file. /// Will do nothing if the mapping file does not exist. - fn delete_mapping(&self, key_triple: &KeyTriple) -> std::io::Result<()> { + fn delete_mapping(&self, key_triple: &KeyIdentity) -> std::io::Result<()> { let (app_name, prov, key_name) = key_triple_to_base64_filenames(key_triple); let key_name_file_path = self .mappings_dir_path @@ -303,7 +303,7 @@ impl OnDiskKeyInfoManager { } impl ManageKeyInfo for OnDiskKeyInfoManager { - fn get(&self, key_triple: &KeyTriple) -> Result, String> { + fn get(&self, key_triple: &KeyIdentity) -> Result, String> { // An Option<&Vec> can not automatically coerce to an Option<&[u8]>, it needs to be // done by hand. if let Some(key_info) = self.key_store.get(key_triple) { @@ -313,7 +313,7 @@ impl ManageKeyInfo for OnDiskKeyInfoManager { } } - fn get_all(&self, provider_id: ProviderId) -> Result, String> { + fn get_all(&self, provider_id: ProviderId) -> Result, String> { Ok(self .key_store .keys() @@ -323,7 +323,7 @@ impl ManageKeyInfo for OnDiskKeyInfoManager { fn insert( &mut self, - key_triple: KeyTriple, + key_triple: KeyIdentity, key_info: KeyInfo, ) -> Result, String> { if let Err(err) = self.save_mapping(&key_triple, &key_info) { @@ -333,7 +333,7 @@ impl ManageKeyInfo for OnDiskKeyInfoManager { } } - fn remove(&mut self, key_triple: &KeyTriple) -> Result, String> { + fn remove(&mut self, key_triple: &KeyIdentity) -> Result, String> { if let Err(err) = self.delete_mapping(key_triple) { Err(err.to_string()) } else if let Some(key_info) = self.key_store.remove(key_triple) { @@ -343,7 +343,7 @@ impl ManageKeyInfo for OnDiskKeyInfoManager { } } - fn exists(&self, key_triple: &KeyTriple) -> Result { + fn exists(&self, key_triple: &KeyIdentity) -> Result { Ok(self.key_store.contains_key(key_triple)) } } @@ -380,7 +380,7 @@ impl OnDiskKeyInfoManagerBuilder { #[cfg(test)] mod test { - use super::super::{KeyInfo, KeyTriple, ManageKeyInfo}; + use super::super::{KeyInfo, KeyIdentity, ManageKeyInfo}; use super::OnDiskKeyInfoManager; use crate::authenticators::ApplicationName; use parsec_interface::operations::psa_algorithm::{ @@ -531,7 +531,7 @@ mod test { let big_app_name_ascii = ApplicationName::from_name(" Lorem ipsum dolor sit amet, ei suas viris sea, deleniti repudiare te qui. Natum paulo decore ut nec, ne propriae offendit adipisci has. Eius clita legere mel at, ei vis minimum tincidunt.".to_string()); let big_key_name_ascii = " Lorem ipsum dolor sit amet, ei suas viris sea, deleniti repudiare te qui. Natum paulo decore ut nec, ne propriae offendit adipisci has. Eius clita legere mel at, ei vis minimum tincidunt.".to_string(); - let key_triple = KeyTriple::new(big_app_name_ascii, ProviderId::Core, big_key_name_ascii); + let key_triple = KeyIdentity::new(big_app_name_ascii, ProviderId::Core, big_key_name_ascii); let key_info = test_key_info(); let _ = manager @@ -549,7 +549,7 @@ mod test { let big_app_name_emoticons = ApplicationName::from_name("😀😁😂😃😄😅😆😇😈😉😊😋😌😍😎😏😐😑😒😓😔😕😖😗😘😙😚😛😜😝😞😟😠😡😢😣😤😥😦😧😨😩😪😫😬😭😮".to_string()); let big_key_name_emoticons = "😀😁😂😃😄😅😆😇😈😉😊😋😌😍😎😏😐😑😒😓😔😕😖😗😘😙😚😛😜😝😞😟😠😡😢😣😤😥😦😧😨😩😪😫😬😭😮".to_string(); - let key_triple = KeyTriple::new( + let key_triple = KeyIdentity::new( big_app_name_emoticons, ProviderId::MbedCrypto, big_key_name_emoticons, @@ -569,12 +569,12 @@ mod test { let app_name1 = ApplicationName::from_name("😀 Application One 😀".to_string()); let key_name1 = "😀 Key One 😀".to_string(); - let key_triple1 = KeyTriple::new(app_name1, ProviderId::Core, key_name1); + let key_triple1 = KeyIdentity::new(app_name1, ProviderId::Core, key_name1); let key_info1 = test_key_info(); let app_name2 = ApplicationName::from_name("😇 Application Two 😇".to_string()); let key_name2 = "😇 Key Two 😇".to_string(); - let key_triple2 = KeyTriple::new(app_name2, ProviderId::MbedCrypto, key_name2); + let key_triple2 = KeyIdentity::new(app_name2, ProviderId::MbedCrypto, key_name2); let key_info2 = KeyInfo { id: vec![0x12, 0x22, 0x32], attributes: test_key_attributes(), @@ -582,7 +582,7 @@ mod test { let app_name3 = ApplicationName::from_name("😈 Application Three 😈".to_string()); let key_name3 = "😈 Key Three 😈".to_string(); - let key_triple3 = KeyTriple::new(app_name3, ProviderId::Core, key_name3); + let key_triple3 = KeyIdentity::new(app_name3, ProviderId::Core, key_name3); let key_info3 = KeyInfo { id: vec![0x13, 0x23, 0x33], attributes: test_key_attributes(), @@ -612,8 +612,8 @@ mod test { fs::remove_dir_all(path).unwrap(); } - fn new_key_triple(key_name: String) -> KeyTriple { - KeyTriple::new( + fn new_key_triple(key_name: String) -> KeyIdentity { + KeyIdentity::new( ApplicationName::from_name("Testing Application 😎".to_string()), ProviderId::MbedCrypto, key_name,