Skip to content

Commit

Permalink
Added KeyIdentity to replace KeyTriple
Browse files Browse the repository at this point in the history
KeyIdentity contains a ApplicationIdentity, ProviderIdentity and a key_name.
KeyTriple still exists but solely for the use by the on_disk_manager KIM.
This is preliminary work towards the new SQLite KIM as part of parallaxsecond#486

Closes parallaxsecond#488

Signed-off-by: Matt Davis <[email protected]>
  • Loading branch information
MattDavis00 committed Aug 6, 2021
1 parent 8632fef commit aa82931
Show file tree
Hide file tree
Showing 27 changed files with 984 additions and 409 deletions.
9 changes: 9 additions & 0 deletions src/authenticators/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,15 @@ impl Deref for ApplicationName {
}
}

/// A unique identifier for an application.
#[derive(Debug, Clone, PartialEq, Eq, Hash)]
pub struct ApplicationIdentity {
/// The name of the application.
pub name: String,
/// The id of the authenticator used to authenticate the application name.
pub authenticator_id: u8,
}

/// Wrapper for a Parsec application
#[derive(Debug, Clone)]
pub struct Application {
Expand Down
105 changes: 85 additions & 20 deletions src/back/backend_handler.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
//! The backend handler embodies the last processing step from external request
//! to internal function call - parsing of the request body and conversion to a
//! native operation which is then passed to the provider.
use crate::authenticators::Application;
use crate::authenticators::{Application, ApplicationIdentity};
use crate::providers::Provide;
use derivative::Derivative;
use log::{error, trace, warn};
Expand Down Expand Up @@ -86,6 +86,7 @@ impl BackEndHandler {
trace!("execute_request ingress");
let opcode = request.header.opcode;
let header = request.header;
let auth_type = request.header.auth_type;

macro_rules! unwrap_or_else_return {
($result:expr) => {
Expand Down Expand Up @@ -129,86 +130,133 @@ impl BackEndHandler {
}
NativeOperation::PsaGenerateKey(op_generate_key) => {
let app = unwrap_or_else_return!(app.ok_or(ResponseStatus::NotAuthenticated));
let application_identity = ApplicationIdentity {
authenticator_id: auth_type as u8,
name: String::from(app.get_name().as_str()),
};
let result = unwrap_or_else_return!(self
.provider
.psa_generate_key(app.into(), op_generate_key));
.psa_generate_key(application_identity, op_generate_key));
trace!("psa_generate_key egress");
self.result_to_response(NativeResult::PsaGenerateKey(result), header)
}
NativeOperation::PsaImportKey(op_import_key) => {
let app = unwrap_or_else_return!(app.ok_or(ResponseStatus::NotAuthenticated));
let result =
unwrap_or_else_return!(self.provider.psa_import_key(app.into(), op_import_key));
let application_identity = ApplicationIdentity {
authenticator_id: auth_type as u8,
name: String::from(app.get_name().as_str()),
};
let result = unwrap_or_else_return!(self
.provider
.psa_import_key(application_identity, op_import_key));
trace!("psa_import_key egress");
self.result_to_response(NativeResult::PsaImportKey(result), header)
}
NativeOperation::PsaExportPublicKey(op_export_public_key) => {
let app = unwrap_or_else_return!(app.ok_or(ResponseStatus::NotAuthenticated));
let application_identity = ApplicationIdentity {
authenticator_id: auth_type as u8,
name: String::from(app.get_name().as_str()),
};
let result = unwrap_or_else_return!(self
.provider
.psa_export_public_key(app.into(), op_export_public_key));
.psa_export_public_key(application_identity, op_export_public_key));
trace!("psa_export_public_key egress");
self.result_to_response(NativeResult::PsaExportPublicKey(result), header)
}
NativeOperation::PsaExportKey(op_export_key) => {
let app = unwrap_or_else_return!(app.ok_or(ResponseStatus::NotAuthenticated));
let result =
unwrap_or_else_return!(self.provider.psa_export_key(app.into(), op_export_key));
let application_identity = ApplicationIdentity {
authenticator_id: auth_type as u8,
name: String::from(app.get_name().as_str()),
};
let result = unwrap_or_else_return!(self
.provider
.psa_export_key(application_identity, op_export_key));
trace!("psa_export_key egress");
self.result_to_response(NativeResult::PsaExportKey(result), header)
}
NativeOperation::PsaDestroyKey(op_destroy_key) => {
let app = unwrap_or_else_return!(app.ok_or(ResponseStatus::NotAuthenticated));
let application_identity = ApplicationIdentity {
authenticator_id: auth_type as u8,
name: String::from(app.get_name().as_str()),
};
let result = unwrap_or_else_return!(self
.provider
.psa_destroy_key(app.into(), op_destroy_key));
.psa_destroy_key(application_identity, op_destroy_key));
trace!("psa_destroy_key egress");
self.result_to_response(NativeResult::PsaDestroyKey(result), header)
}
NativeOperation::PsaSignHash(op_sign_hash) => {
let app = unwrap_or_else_return!(app.ok_or(ResponseStatus::NotAuthenticated));
let result =
unwrap_or_else_return!(self.provider.psa_sign_hash(app.into(), op_sign_hash));
let application_identity = ApplicationIdentity {
authenticator_id: auth_type as u8,
name: String::from(app.get_name().as_str()),
};
let result = unwrap_or_else_return!(self
.provider
.psa_sign_hash(application_identity, op_sign_hash));
trace!("psa_sign_hash egress");
self.result_to_response(NativeResult::PsaSignHash(result), header)
}
NativeOperation::PsaVerifyHash(op_verify_hash) => {
let app = unwrap_or_else_return!(app.ok_or(ResponseStatus::NotAuthenticated));
let application_identity = ApplicationIdentity {
authenticator_id: auth_type as u8,
name: String::from(app.get_name().as_str()),
};
let result = unwrap_or_else_return!(self
.provider
.psa_verify_hash(app.into(), op_verify_hash));
.psa_verify_hash(application_identity, op_verify_hash));
trace!("psa_verify_hash egress");
self.result_to_response(NativeResult::PsaVerifyHash(result), header)
}
NativeOperation::PsaAsymmetricEncrypt(op_asymmetric_encrypt) => {
let app = unwrap_or_else_return!(app.ok_or(ResponseStatus::NotAuthenticated));
let application_identity = ApplicationIdentity {
authenticator_id: auth_type as u8,
name: String::from(app.get_name().as_str()),
};
let result = unwrap_or_else_return!(self
.provider
.psa_asymmetric_encrypt(app.into(), op_asymmetric_encrypt));
.psa_asymmetric_encrypt(application_identity, op_asymmetric_encrypt));
trace!("psa_asymmetric_encrypt egress");
self.result_to_response(NativeResult::PsaAsymmetricEncrypt(result), header)
}
NativeOperation::PsaAsymmetricDecrypt(op_asymmetric_decrypt) => {
let app = unwrap_or_else_return!(app.ok_or(ResponseStatus::NotAuthenticated));
let application_identity = ApplicationIdentity {
authenticator_id: auth_type as u8,
name: String::from(app.get_name().as_str()),
};
let result = unwrap_or_else_return!(self
.provider
.psa_asymmetric_decrypt(app.into(), op_asymmetric_decrypt));
.psa_asymmetric_decrypt(application_identity, op_asymmetric_decrypt));
trace!("psa_asymmetric_decrypt egress");
self.result_to_response(NativeResult::PsaAsymmetricDecrypt(result), header)
}
NativeOperation::PsaAeadEncrypt(op_aead_encrypt) => {
let app = unwrap_or_else_return!(app.ok_or(ResponseStatus::NotAuthenticated));
let application_identity = ApplicationIdentity {
authenticator_id: auth_type as u8,
name: String::from(app.get_name().as_str()),
};
let result = unwrap_or_else_return!(self
.provider
.psa_aead_encrypt(app.into(), op_aead_encrypt));
.psa_aead_encrypt(application_identity, op_aead_encrypt));
trace!("psa_aead_encrypt egress");
self.result_to_response(NativeResult::PsaAeadEncrypt(result), header)
}
NativeOperation::PsaAeadDecrypt(op_aead_decrypt) => {
let app = unwrap_or_else_return!(app.ok_or(ResponseStatus::NotAuthenticated));
let application_identity = ApplicationIdentity {
authenticator_id: auth_type as u8,
name: String::from(app.get_name().as_str()),
};
let result = unwrap_or_else_return!(self
.provider
.psa_aead_decrypt(app.into(), op_aead_decrypt));
.psa_aead_decrypt(application_identity, op_aead_decrypt));
trace!("psa_aead_decrypt egress");
self.result_to_response(NativeResult::PsaAeadDecrypt(result), header)
}
Expand All @@ -221,8 +269,13 @@ impl BackEndHandler {
}
NativeOperation::ListKeys(op_list_keys) => {
let app = unwrap_or_else_return!(app.ok_or(ResponseStatus::NotAuthenticated));
let result =
unwrap_or_else_return!(self.provider.list_keys(app.into(), op_list_keys));
let application_identity = ApplicationIdentity {
authenticator_id: auth_type as u8,
name: String::from(app.get_name().as_str()),
};
let result = unwrap_or_else_return!(self
.provider
.list_keys(application_identity, op_list_keys));
trace!("list_keys egress");
self.result_to_response(NativeResult::ListKeys(result), header)
}
Expand Down Expand Up @@ -250,9 +303,13 @@ impl BackEndHandler {
}
NativeOperation::PsaRawKeyAgreement(op_raw_key_agreement) => {
let app = unwrap_or_else_return!(app.ok_or(ResponseStatus::NotAuthenticated));
let application_identity = ApplicationIdentity {
authenticator_id: auth_type as u8,
name: String::from(app.get_name().as_str()),
};
let result = unwrap_or_else_return!(self
.provider
.psa_raw_key_agreement(app.into(), op_raw_key_agreement));
.psa_raw_key_agreement(application_identity, op_raw_key_agreement));
trace!("psa_raw_key_agreement egress");
self.result_to_response(NativeResult::PsaRawKeyAgreement(result), header)
}
Expand All @@ -264,17 +321,25 @@ impl BackEndHandler {
}
NativeOperation::PsaSignMessage(op_sign_message) => {
let app = unwrap_or_else_return!(app.ok_or(ResponseStatus::NotAuthenticated));
let application_identity = ApplicationIdentity {
authenticator_id: auth_type as u8,
name: String::from(app.get_name().as_str()),
};
let result = unwrap_or_else_return!(self
.provider
.psa_sign_message(app.into(), op_sign_message));
.psa_sign_message(application_identity, op_sign_message));
trace!("psa_sign_message egress");
self.result_to_response(NativeResult::PsaSignMessage(result), header)
}
NativeOperation::PsaVerifyMessage(op_verify_message) => {
let app = unwrap_or_else_return!(app.ok_or(ResponseStatus::NotAuthenticated));
let application_identity = ApplicationIdentity {
authenticator_id: auth_type as u8,
name: String::from(app.get_name().as_str()),
};
let result = unwrap_or_else_return!(self
.provider
.psa_verify_message(app.into(), op_verify_message));
.psa_verify_message(application_identity, op_verify_message));
trace!("psa_verify_message egress");
self.result_to_response(NativeResult::PsaVerifyMessage(result), header)
}
Expand Down
Loading

0 comments on commit aa82931

Please sign in to comment.