-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add docs and some minor cleanups #134
Draft
simo5
wants to merge
7
commits into
latchset:main
Choose a base branch
from
simo5:adddocs
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Draft
Changes from all commits
Commits
Show all changes
7 commits
Select commit
Hold shift + click to select a range
1b1cb57
Fix log saving with v4 of the artifact action
simo5 e6ef09d
Confine macros to the kryoptic crate
simo5 30f664a
Do not make public stuff that don't need to
simo5 7f27362
Add documentation for the public functions
simo5 e617b8d
Suppress warnings in some feature configuations
simo5 b843f5c
Add make target to build docs
simo5 751f912
Document the config.rs file
simo5 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -26,6 +26,33 @@ const DEFAULT_CONF_DIR: &str = "test"; | |
|
||
pub const DEFAULT_CONF_NAME: &str = "token.conf"; | ||
|
||
/// Configuration for a slot | ||
/// | ||
/// The basic facility of a PKCS#11 is the slot. The slot represents an | ||
/// idealized hardware slot where a token can be inserted at any time to | ||
/// execute operations. | ||
/// | ||
/// In Kryoptic we use slots to allow to provide multiple independent | ||
/// tokens with their own storage separate from any other slot. Slots | ||
/// can't share the same storage. | ||
/// | ||
/// Each slot is identified by a slot number (a u32 quantity) and can | ||
/// optionally have a customized description and manufacturer string. | ||
/// If not description or manufacturer strings are provided then default | ||
/// ones are set and returned to PKCS#11 applications. | ||
/// | ||
/// Finally the storage is defined by a pair of arguments: dbtype and dbargs | ||
/// | ||
/// This structure is generally sourced from a toml configuration file that | ||
/// defines the all the slots to be exposed to the application. | ||
/// | ||
/// Example: | ||
/// | ||
/// \[\[slots\]\] | ||
/// slot = 1 | ||
/// dbtype = "sql" | ||
/// dbargs = "/var/lib/kryoptic/token.sql" | ||
|
||
#[derive(Debug, Clone, Serialize, Deserialize)] | ||
pub struct Slot { | ||
pub slot: u32, | ||
|
@@ -36,6 +63,9 @@ pub struct Slot { | |
} | ||
|
||
impl Slot { | ||
/// Creates a new empty slot with the slot number set to the special | ||
/// indicator of u32::MAX, which will fault if encountered by the | ||
/// configuration processing functions | ||
pub fn new() -> Slot { | ||
Slot { | ||
slot: u32::MAX, | ||
|
@@ -46,6 +76,9 @@ impl Slot { | |
} | ||
} | ||
|
||
/// Creates a new slot with a specific dbtype and db arguments set | ||
/// The slot number is set to u32::MAX which indicates this slot still | ||
/// needs to be assigned a specific number (tests will do that) | ||
#[cfg(test)] | ||
pub fn with_db(dbtype: &str, dbargs: Option<String>) -> Slot { | ||
Slot { | ||
|
@@ -58,6 +91,15 @@ impl Slot { | |
} | ||
} | ||
|
||
/// For compatibility with applications that expect DER encoded EC Points | ||
/// | ||
/// Allows to set a global default encoding for CKA_EC_POINT attributes. | ||
/// | ||
/// Example: | ||
/// | ||
/// \[ec_point_encoding\] | ||
/// encoding = "Bytes" | ||
|
||
#[derive(Clone, Copy, Debug, PartialEq, Serialize, Deserialize)] | ||
#[serde(tag = "encoding")] | ||
pub enum EcPointEncoding { | ||
|
@@ -71,6 +113,11 @@ impl Default for EcPointEncoding { | |
} | ||
} | ||
|
||
/// Main configuration structure | ||
/// | ||
/// The main config structure is comprised of two elements, a general | ||
/// EC Point Encoding indicator and a list of slots | ||
|
||
#[derive(Debug, Serialize, Deserialize)] | ||
pub struct Config { | ||
#[serde(default)] | ||
|
@@ -83,13 +130,18 @@ fn config_error<E: de::Error + 'static>(error: E) -> Error { | |
} | ||
|
||
impl Config { | ||
/// Creates a new, empty, config structure, with the EC POINT Encoding | ||
/// set to the default. | ||
pub fn new() -> Config { | ||
Config { | ||
ec_point_encoding: EcPointEncoding::default(), | ||
slots: Vec::new(), | ||
} | ||
} | ||
|
||
/// Allows to add a preconfigured slot structure. | ||
/// Available only for tests. Ensures the slot number is set and that | ||
/// there are no duplicates | ||
#[cfg(test)] | ||
pub fn add_slot(&mut self, slot: Slot) -> Result<()> { | ||
for s in &self.slots { | ||
|
@@ -101,6 +153,27 @@ impl Config { | |
Ok(()) | ||
} | ||
|
||
/// Find the applicable configuration for Kryoptic. | ||
/// Kryoptic searches for a configuration file in multiple places | ||
/// falling back from one to the next and stops once configuration file | ||
/// is found. There is no config file merging/include support currently | ||
/// | ||
/// The first place where configuration is looked for is in the file | ||
/// indicated by the `KRYOPTIC_CONF` environment variable. If this | ||
/// variable is not set, then the code checks if the standard | ||
/// `XDG_CONFIG_HOME` environment variable is available. | ||
/// If this variable exists kryoptic assumes the config file is named: | ||
/// `${XDG_CONFIG_HOME}/kryoptic/token.conf` | ||
/// | ||
/// Otherwise if the environment variable HOME is set the code assumes | ||
/// the configuration file is named: | ||
/// `${HOME}/.config/kryoptic/token.conf` | ||
/// | ||
/// Finally if nothing matches the code tries the relative path: | ||
/// `test/kryoptic/token.conf` | ||
/// | ||
/// It is srongly advised to set the `KRYOPTIC_CONF` variable for most | ||
/// use cases. | ||
fn find_conf() -> Result<String> { | ||
/* First check for our own env var, | ||
* this has the highest precedence */ | ||
|
@@ -130,12 +203,19 @@ impl Config { | |
} | ||
} | ||
|
||
/// Generates a configuration structure from the named file which must | ||
/// be a properly formatted confgiuation file in toml format. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
|
||
fn from_file(filename: &str) -> Result<Config> { | ||
let config_str = fs::read_to_string(filename)?; | ||
let conf: Config = toml::from_str(&config_str).map_err(config_error)?; | ||
Ok(conf) | ||
} | ||
|
||
/// Generates a configuration structure from a legacy argument as passed | ||
/// into the reserved argument of the `C_Initialize()` function. | ||
/// | ||
/// A valid argument is the path of a file for the sqlite storage driver | ||
/// which must end with a .sql suffix | ||
fn from_legacy_conf_string(name: &str) -> Result<Config> { | ||
let mut conf = Config { | ||
ec_point_encoding: EcPointEncoding::default(), | ||
|
@@ -156,6 +236,9 @@ impl Config { | |
Ok(conf) | ||
} | ||
|
||
/// Ensure all slot numbers are consistents, and allocates new slot | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
|
||
/// numbers for slots that have the special invalid slow number of | ||
/// u32::MAX | ||
fn fix_slot_numbers(&mut self) { | ||
let mut slotnum: u32 = 0; | ||
/* if there are any slot missing a valid slot number | ||
|
@@ -183,6 +266,8 @@ impl Config { | |
} | ||
} | ||
|
||
/// Generates the default configuration structure by searching the default | ||
/// configuration file | ||
pub fn default_config() -> Result<Config> { | ||
let filename = Self::find_conf()?; | ||
|
||
|
@@ -201,6 +286,16 @@ impl Config { | |
} | ||
} | ||
|
||
/// Load environment variables overrides for configurations items. | ||
/// | ||
/// The only variable currently defined is `KRYOPTIC_EC_POINT_ENCODING` | ||
/// Which can be used to override the encoding specified in the | ||
/// configuration file. This is useful when multiple applications use | ||
/// the same configuration file but expect different behavior from the | ||
/// configure default: | ||
/// | ||
/// Example: | ||
/// `export KRYOPTIC_EC_POINT_ENCODING="BYTES"` | ||
pub fn load_env_vars_overrides(&mut self) { | ||
match env::var("KRYOPTIC_EC_POINT_ENCODING") { | ||
Ok(var) => { | ||
|
@@ -218,6 +313,9 @@ impl Config { | |
} | ||
} | ||
|
||
/// Loads the NSS DB Storage configuration which is generally provided | ||
/// as a complex formatted string as a reserved argument when calling | ||
/// the `C_Intialize()` function. | ||
#[cfg(feature = "nssdb")] | ||
fn from_nss_init_args(args: &str) -> Result<Config> { | ||
let mut conf = Config { | ||
|
@@ -232,6 +330,8 @@ impl Config { | |
Ok(conf) | ||
} | ||
|
||
/// Calls the correct configuration parser based on the detected | ||
/// database configuration string | ||
fn conf_from_args(&self, args: &str) -> Result<Config> { | ||
if args.starts_with("kryoptic_conf=") { | ||
let comps: Vec<&str> = args.splitn(2, '=').collect(); | ||
|
@@ -248,6 +348,8 @@ impl Config { | |
Self::from_legacy_conf_string(args) | ||
} | ||
|
||
/// Allows to specify the configuration file as a string provided as the | ||
/// reserved argument of the `C_Initialize()` function. | ||
pub fn from_init_args(&mut self, args: &str) -> Result<()> { | ||
let conf = self.conf_from_args(args)?; | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.