parallaxsecond · MattDavis00 · Jul 30, 2021 · Jul 27, 2021
diff --git a/config.toml b/config.toml
@@ -101,6 +101,16 @@ manager_type = "OnDisk"
 
 # Example of an Mbed Crypto provider configuration.
 [[provider]]
+# ⚠
+# ⚠ WARNING: Provider name cannot change.
+# ⚠ WARNING: Choose a suitable naming scheme for your providers now.
+# ⚠ WARNING: Provider name defaults to "mbed-crypto-provider" if not provided, you will not be able to change
+# ⚠ the provider's name from this if you decide to use the default.
+# ⚠ WARNING: Changing provider name after use will lead to loss of existing keys.
+# ⚠
+# (Optional) The name of the provider
+name = "mbed-crypto-provider"
+
 # (Required) Type of provider.
 provider_type = "MbedCrypto"
 
@@ -114,6 +124,15 @@ key_info_manager = "on-disk-manager"
 
 # Example of a PKCS 11 provider configuration
 #[[provider]]
+# ⚠
+# ⚠ WARNING: Provider name cannot change.
+# ⚠ WARNING: Choose a suitable naming scheme for your providers now.
+# ⚠ WARNING: Provider name defaults to "pkcs11-provider" if not provided, you will not be able to change
+# ⚠ the provider's name from this if you decide to use the default.
+# ⚠ WARNING: Changing provider name after use will lead to loss of existing keys.
+# ⚠
+# (Optional) The name of the provider
+# name = "pkcs11-provider"
 #provider_type = "Pkcs11"
 #key_info_manager = "on-disk-manager"
 # (Required for this provider) Path to the location of the dynamic library loaded by this provider.
@@ -135,6 +154,15 @@ key_info_manager = "on-disk-manager"
 
 # Example of a TPM provider configuration
 #[[provider]]
+# ⚠
+# ⚠ WARNING: Provider name cannot change.
+# ⚠ WARNING: Choose a suitable naming scheme for your providers now.
+# ⚠ WARNING: Provider name defaults to "tpm-provider" if not provided, you will not be able to change
+# ⚠ the provider's name from this if you decide to use the default.
+# ⚠ WARNING: Changing provider name after use will lead to loss of existing keys.
+# ⚠
+# (Optional) The name of the provider
+# name = "tpm-provider"
 #provider_type = "Tpm"
 #key_info_manager = "on-disk-manager"
 # (Required) TPM TCTI device to use with this provider. The string can include configuration values - if no
@@ -161,6 +189,15 @@ key_info_manager = "on-disk-manager"
 # All below parameters depend on what devices, interfaces or parameters are required or supported by
 # "rust-cryptoauthlib" wrapper for cryptoauthlib and underlying hardware.
 #[[provider]]
+# ⚠
+# ⚠ WARNING: Provider name cannot change.
+# ⚠ WARNING: Choose a suitable naming scheme for your providers now.
+# ⚠ WARNING: Provider name defaults to "cryptoauthlib-provider" if not provided, you will not be able to change
+# ⚠ the provider's name from this if you decide to use the default.
+# ⚠ WARNING: Changing provider name after use will lead to loss of existing keys.
+# ⚠
+# (Optional) The name of the provider
+# name = "cryptoauthlib-provider"
 #provider_type = "CryptoAuthLib"
 #key_info_manager = "on-disk-manager"
 ##########
@@ -213,6 +250,15 @@ key_info_manager = "on-disk-manager"
 
 # Example of a Trusted Service provider configuration.
 #[[provider]]
+# ⚠
+# ⚠ WARNING: Provider name cannot change.
+# ⚠ WARNING: Choose a suitable naming scheme for your providers now.
+# ⚠ WARNING: Provider name defaults to "trusted-service-provider" if not provided, you will not be able to change
+# ⚠ the provider's name from this if you decide to use the default.
+# ⚠ WARNING: Changing provider name after use will lead to loss of existing keys.
+# ⚠
+# (Optional) The name of the provider
+# name = "trusted-service-provider"
 # (Required) Type of provider.
 #provider_type = "TrustedService"
 

diff --git a/src/providers/cryptoauthlib/mod.rs b/src/providers/cryptoauthlib/mod.rs
@@ -38,15 +38,24 @@ pub struct Provider {
     #[derivative(Debug = "ignore")]
     device: rust_cryptoauthlib::AteccDevice,
     provider_id: ProviderId,
+    // The name of the provider set in the config.
+    provider_name: String,
     #[derivative(Debug = "ignore")]
     key_info_store: KeyInfoManagerClient,
     key_slots: KeySlotStorage,
     supported_opcodes: HashSet<Opcode>,
 }
 
 impl Provider {
+    /// The default provider name for cryptoauthlib provider
+    pub const DEFAULT_PROVIDER_NAME: &'static str = "cryptoauthlib-provider";
+
+    /// The UUID for this provider
+    pub const PROVIDER_UUID: &'static str = "b8ba81e2-e9f7-4bdd-b096-a29d0019960c";
+
     /// Creates and initialises an instance of CryptoAuthLibProvider
     fn new(
+        provider_name: String,
         key_info_store: KeyInfoManagerClient,
         atca_iface: rust_cryptoauthlib::AtcaIfaceCfg,
         access_key_file_name: Option<String>,
@@ -72,6 +81,7 @@ impl Provider {
         cryptoauthlib_provider = Provider {
             device,
             provider_id: ProviderId::CryptoAuthLib,
+            provider_name,
             key_info_store,
             key_slots: KeySlotStorage::new(),
             supported_opcodes: HashSet::new(),
@@ -228,7 +238,7 @@ impl Provide for Provider {
         trace!("describe ingress");
         Ok((ProviderInfo {
             // Assigned UUID for this provider: b8ba81e2-e9f7-4bdd-b096-a29d0019960c
-            uuid: Uuid::parse_str("b8ba81e2-e9f7-4bdd-b096-a29d0019960c").or(Err(ResponseStatus::InvalidEncoding))?,
+            uuid: Uuid::parse_str(Provider::PROVIDER_UUID).or(Err(ResponseStatus::InvalidEncoding))?,
             description: String::from("User space hardware provider, utilizing MicrochipTech CryptoAuthentication Library for ATECCx08 chips"),
             vendor: String::from("Arm"),
             version_maj: 0,
@@ -417,6 +427,7 @@ impl Provide for Provider {
 #[derive(Default, Derivative)]
 #[derivative(Debug)]
 pub struct ProviderBuilder {
+    provider_name: Option<String>,
     #[derivative(Debug = "ignore")]
     key_info_store: Option<KeyInfoManagerClient>,
     device_type: Option<String>,
@@ -433,6 +444,7 @@ impl ProviderBuilder {
     /// Create a new CryptoAuthLib builder
     pub fn new() -> ProviderBuilder {
         ProviderBuilder {
+            provider_name: None,
             key_info_store: None,
             device_type: None,
             iface_type: None,
@@ -445,6 +457,13 @@ impl ProviderBuilder {
         }
     }
 
+    /// Add a provider name
+    pub fn with_provider_name(mut self, provider_name: String) -> ProviderBuilder {
+        self.provider_name = Some(provider_name);
+
+        self
+    }
+
     /// Add a KeyInfo manager
     pub fn with_key_info_store(mut self, key_info_store: KeyInfoManagerClient) -> ProviderBuilder {
         self.key_info_store = Some(key_info_store);
@@ -556,6 +575,9 @@ impl ProviderBuilder {
             None => return Err(Error::new(ErrorKind::InvalidData, "Missing inteface type")),
         };
         Provider::new(
+            self.provider_name.ok_or_else(|| {
+                std::io::Error::new(std::io::ErrorKind::InvalidData, "missing provider name")
+            })?,
             self.key_info_store
                 .ok_or_else(|| Error::new(ErrorKind::InvalidData, "missing key info store"))?,
             iface_cfg,

diff --git a/src/providers/mbed_crypto/mod.rs b/src/providers/mbed_crypto/mod.rs
@@ -55,6 +55,9 @@ const SUPPORTED_OPCODES: [Opcode; 15] = [
 #[derive(Derivative)]
 #[derivative(Debug)]
 pub struct Provider {
+    // The name of the provider set in the config.
+    provider_name: String,
+
     // When calling write on a reference of key_info_store, a type
     // std::sync::RwLockWriteGuard<dyn ManageKeyInfo + Send + Sync> is returned. We need to use the
     // dereference operator (*) to access the inner type dyn ManageKeyInfo + Send + Sync and then
@@ -74,18 +77,25 @@ pub struct Provider {
 }
 
 impl Provider {
+    /// The default provider name for mbed-crypto provider
+    pub const DEFAULT_PROVIDER_NAME: &'static str = "mbed-crypto-provider";
+
+    /// The UUID for this provider
+    pub const PROVIDER_UUID: &'static str = "1c1139dc-ad7c-47dc-ad6b-db6fdb466552";
+
     /// Creates and initialise a new instance of MbedCryptoProvider.
     /// Checks if there are not more keys stored in the Key Info Manager than in the MbedCryptoProvider and
     /// if there, delete them. Adds Key IDs currently in use in the local IDs store.
     /// Returns `None` if the initialisation failed.
-    fn new(key_info_store: KeyInfoManagerClient) -> Option<Provider> {
+    fn new(provider_name: String, key_info_store: KeyInfoManagerClient) -> Option<Provider> {
         // Safety: this function should be called before any of the other Mbed Crypto functions
         // are.
         if let Err(error) = psa_crypto::init() {
             format_error!("Error when initialising Mbed Crypto", error);
             return None;
         }
         let mbed_crypto_provider = Provider {
+            provider_name,
             key_info_store,
             key_handle_mutex: Mutex::new(()),
             id_counter: AtomicU32::new(key::PSA_KEY_ID_USER_MIN),
@@ -149,7 +159,7 @@ impl Provide for Provider {
         trace!("describe ingress");
         Ok((ProviderInfo {
             // Assigned UUID for this provider: 1c1139dc-ad7c-47dc-ad6b-db6fdb466552
-            uuid: Uuid::parse_str("1c1139dc-ad7c-47dc-ad6b-db6fdb466552").or(Err(ResponseStatus::InvalidEncoding))?,
+            uuid: Uuid::parse_str(Provider::PROVIDER_UUID).or(Err(ResponseStatus::InvalidEncoding))?,
             description: String::from("User space software provider, based on Mbed Crypto - the reference implementation of the PSA crypto API"),
             vendor: String::from("Arm"),
             version_maj: 0,
@@ -319,6 +329,7 @@ impl Provide for Provider {
 #[derive(Default, Derivative)]
 #[derivative(Debug)]
 pub struct ProviderBuilder {
+    provider_name: Option<String>,
     #[derivative(Debug = "ignore")]
     key_info_store: Option<KeyInfoManagerClient>,
 }
@@ -327,10 +338,18 @@ impl ProviderBuilder {
     /// Create a new provider builder
     pub fn new() -> ProviderBuilder {
         ProviderBuilder {
+            provider_name: None,
             key_info_store: None,
         }
     }
 
+    /// Add a provider name
+    pub fn with_provider_name(mut self, provider_name: String) -> ProviderBuilder {
+        self.provider_name = Some(provider_name);
+
+        self
+    }
+
     /// Add a KeyInfo manager
     pub fn with_key_info_store(mut self, key_info_store: KeyInfoManagerClient) -> ProviderBuilder {
         self.key_info_store = Some(key_info_store);
@@ -341,6 +360,9 @@ impl ProviderBuilder {
     /// Build into a MbedProvider
     pub fn build(self) -> std::io::Result<Provider> {
         Provider::new(
+            self.provider_name.ok_or_else(|| {
+                std::io::Error::new(std::io::ErrorKind::InvalidData, "missing provider name")
+            })?,
             self.key_info_store
                 .ok_or_else(|| Error::new(ErrorKind::InvalidData, "missing key info store"))?,
         )

diff --git a/src/providers/pkcs11/mod.rs b/src/providers/pkcs11/mod.rs
@@ -58,6 +58,8 @@ const SUPPORTED_OPCODES: [Opcode; 8] = [
 #[derive(Derivative)]
 #[derivative(Debug)]
 pub struct Provider {
+    // The name of the provider set in the config.
+    provider_name: String,
     #[derivative(Debug = "ignore")]
     key_info_store: KeyInfoManagerClient,
     local_ids: RwLock<LocalIdStore>,
@@ -70,11 +72,18 @@ pub struct Provider {
 }
 
 impl Provider {
+    /// The default provider name for pkcs11 provider
+    pub const DEFAULT_PROVIDER_NAME: &'static str = "pkcs11-provider";
+
+    /// The UUID for this provider
+    pub const PROVIDER_UUID: &'static str = "30e39502-eba6-4d60-a4af-c518b7f5e38f";
+
     /// Creates and initialise a new instance of Pkcs11Provider.
     /// Checks if there are not more keys stored in the Key Info Manager than in the PKCS 11 library
     /// and if there are, delete them. Adds Key IDs currently in use in the local IDs store.
     /// Returns `None` if the initialisation failed.
     fn new(
+        provider_name: String,
         key_info_store: KeyInfoManagerClient,
         backend: Pkcs11,
         slot_number: Slot,
@@ -92,6 +101,7 @@ impl Provider {
 
         #[allow(clippy::mutex_atomic)]
         let pkcs11_provider = Provider {
+            provider_name,
             key_info_store,
             local_ids: RwLock::new(HashSet::new()),
             backend,
@@ -218,7 +228,7 @@ impl Provide for Provider {
         Ok((
             ProviderInfo {
                 // Assigned UUID for this provider: 30e39502-eba6-4d60-a4af-c518b7f5e38f
-                uuid: Uuid::parse_str("30e39502-eba6-4d60-a4af-c518b7f5e38f")
+                uuid: Uuid::parse_str(Provider::PROVIDER_UUID)
                     .or(Err(ResponseStatus::InvalidEncoding))?,
                 description: String::from(
                     "PKCS #11 provider, interfacing with a PKCS #11 library.",
@@ -347,6 +357,7 @@ impl Provide for Provider {
 #[derive(Default, Derivative)]
 #[derivative(Debug)]
 pub struct ProviderBuilder {
+    provider_name: Option<String>,
     #[derivative(Debug = "ignore")]
     key_info_store: Option<KeyInfoManagerClient>,
     pkcs11_library_path: Option<String>,
@@ -360,6 +371,7 @@ impl ProviderBuilder {
     /// Create a new Pkcs11Provider builder
     pub fn new() -> ProviderBuilder {
         ProviderBuilder {
+            provider_name: None,
             key_info_store: None,
             pkcs11_library_path: None,
             slot_number: None,
@@ -369,6 +381,13 @@ impl ProviderBuilder {
         }
     }
 
+    /// Add a provider name
+    pub fn with_provider_name(mut self, provider_name: String) -> ProviderBuilder {
+        self.provider_name = Some(provider_name);
+
+        self
+    }
+
     /// Add a KeyInfo manager
     pub fn with_key_info_store(mut self, key_info_store: KeyInfoManagerClient) -> ProviderBuilder {
         self.key_info_store = Some(key_info_store);
@@ -474,6 +493,9 @@ impl ProviderBuilder {
         };
 
         Ok(Provider::new(
+            self.provider_name.ok_or_else(|| {
+                std::io::Error::new(std::io::ErrorKind::InvalidData, "missing provider name")
+            })?,
             self.key_info_store
                 .ok_or_else(|| Error::new(ErrorKind::InvalidData, "missing key info store"))?,
             backend,