Add Unix Peer Credential auth support

ionut-arm · ionut-arm · commit f65f013b4abe · 2020-10-14T15:21:54.000+01:00
This commit adds support for authentication using Unix Peer Credentials.
This involves the library automatically populating the `Auth` field of
every request with a serialized version of the UID.

Signed-off-by: Ionut Mihalcea &lt;ionut.mihalcea@arm.com&gt;
diff --git a/src/auth.rs b/src/auth.rs
@@ -15,6 +15,8 @@ pub enum AuthenticationData {
     /// The `Secret` struct can be imported from
     /// `parsec_client::core::secrecy::Secret`.
     AppIdentity(Secret<String>),
+    /// Used for authentication via
+    UnixPeerCredentials,
 }
 
 impl AuthenticationData {
@@ -23,6 +25,7 @@ impl AuthenticationData {
         match self {
             AuthenticationData::None => AuthType::NoAuth,
             AuthenticationData::AppIdentity(_) => AuthType::Direct,
+            AuthenticationData::UnixPeerCredentials => AuthType::UnixPeerCredentials,
         }
     }
 }
@@ -34,6 +37,10 @@ impl From<&AuthenticationData> for RequestAuth {
             AuthenticationData::AppIdentity(name) => {
                 RequestAuth::new(name.expose_secret().bytes().collect())
             }
+            AuthenticationData::UnixPeerCredentials => {
+                let current_uid = users::get_current_uid();
+                RequestAuth::new(current_uid.to_le_bytes().to_vec())
+            }
         }
     }
 }
diff --git a/src/core/testing/core_tests.rs b/src/core/testing/core_tests.rs
@@ -774,6 +774,25 @@ fn auth_value_test() {
     );
 }
 
+#[test]
+fn peer_credential_auth_test() {
+    let mut client: TestBasicClient = Default::default();
+    client.set_auth_data(AuthenticationData::UnixPeerCredentials);
+    client.set_mock_read(&get_response_bytes_from_result(
+        NativeResult::PsaDestroyKey(operations::psa_destroy_key::Result {}),
+    ));
+    let key_name = String::from("key-name");
+    client
+        .psa_destroy_key(key_name)
+        .expect("Failed to call destroy key");
+
+    let req = get_req_from_bytes(client.get_mock_write());
+    assert_eq!(
+        &users::get_current_uid().to_le_bytes().to_vec(),
+        req.auth.buffer.expose_secret()
+    );
+}
+
 #[test]
 fn failing_ipc_test() {
     let mut client: TestBasicClient = Default::default();

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,8 @@ pub enum AuthenticationData {`
`15`	`15`	/// The `Secret` struct can be imported from
`16`	`16`	/// `parsec_client::core::secrecy::Secret`.
`17`	`17`	`AppIdentity(Secret<String>),`
	`18`	`+ /// Used for authentication via`
	`19`	`+ UnixPeerCredentials,`
`18`	`20`	`}`
`19`	`21`
`20`	`22`	`impl AuthenticationData {`
`@@ -23,6 +25,7 @@ impl AuthenticationData {`
`23`	`25`	`match self {`
`24`	`26`	`AuthenticationData::None => AuthType::NoAuth,`
`25`	`27`	`AuthenticationData::AppIdentity(_) => AuthType::Direct,`
	`28`	`+ AuthenticationData::UnixPeerCredentials => AuthType::UnixPeerCredentials,`
`26`	`29`	`}`
`27`	`30`	`}`
`28`	`31`	`}`
`@@ -34,6 +37,10 @@ impl From<&AuthenticationData> for RequestAuth {`
`34`	`37`	`AuthenticationData::AppIdentity(name) => {`
`35`	`38`	`RequestAuth::new(name.expose_secret().bytes().collect())`
`36`	`39`	`}`
	`40`	`+ AuthenticationData::UnixPeerCredentials => {`
	`41`	`+ let current_uid = users::get_current_uid();`
	`42`	`+ RequestAuth::new(current_uid.to_le_bytes().to_vec())`
	`43`	`+ }`
`37`	`44`	`}`
`38`	`45`	`}`
`39`	`46`	`}`