Merge pull request #68 from hug-dev/pkcs11

Add a PKCS 11 provider
parallaxsecond · Nov 19, 2019 · f8c60c0 · f8c60c0
2 parents 54b8886 + 95d54b3
commit f8c60c0
Show file tree

Hide file tree

Showing 15 changed files with 1,756 additions and 344 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,7 +1,8 @@
 [package]
 name = "parsec"
 version = "0.1.0"
-authors = ["Ionut Mihalcea <ionut.mihalcea@arm.com>",
+authors = ["Paul Howard <paul.howard@arm.com>",
+           "Ionut Mihalcea <ionut.mihalcea@arm.com>",
            "Hugues de Valon <hugues.devalon@arm.com>"]
 edition = "2018"
 
@@ -10,7 +11,7 @@ name = "parsec"
 path = "src/bin/main.rs"
 
 [dependencies]
-parsec-interface = { git = "https://github.com/parallaxsecond/parsec-interface-rs", tag = "0.2.1" }
+parsec-interface = { git = "https://github.com/parallaxsecond/parsec-interface-rs", tag = "0.3.0" }
 rand = "0.7.2"
 base64 = "0.10.1"
 uuid = "0.7.4"
@@ -22,9 +23,15 @@ toml = "0.4.2"
 serde = { version = "1.0", features = ["derive"] }
 env_logger = "0.7.1"
 log = { version = "0.4.8", features = ["serde"] }
+pkcs11 = { version = "0.4.0", optional = true }
+# Using a fork of the serde_asn1_der crate to have big integer support. Check https://github.com/KizzyCode/serde_asn1_der/issues/1
+serde_asn1_der = { git = "https://github.com/Devolutions/serde_asn1_der", rev = "ec1035879034ac9f09f1242fb49ed04c9aecdcae", optional = true, features = ["extra_types"] }
+der-parser = "3.0.2"
+nom = "5.0.1"
+num-bigint-dig = "0.5"
 
 [dev-dependencies]
-parsec-client-test = { git = "https://github.com/parallaxsecond/parsec-client-test", tag = "0.1.6" }
+parsec-client-test = { git = "https://github.com/parallaxsecond/parsec-client-test", tag = "0.1.7" }
 num_cpus = "1.10.1"
 
 [build-dependencies]
@@ -37,6 +44,6 @@ serde = { version = "1.0", features = ["derive"] }
 mbed-crypto-version = "mbedcrypto-2.0.0"
 
 [features]
-default = ["mbed"]
+default = ["mbed", "pkcs11-provider"]
 mbed = []
-
+pkcs11-provider = ["pkcs11", "serde_asn1_der"]
diff --git a/README.md b/README.md
@@ -96,6 +96,9 @@ This project uses the following third party crates:
 * sd-notify (MIT and Apache-2.0)
 * log (MIT and Apache-2.0)
 * env\_logger (MIT and Apache-2.0)
+* pkcs11 (Apache-2.0)
+* a fork of serde\_asn1\_der at `https://github.com/Devolutions/serde_asn1_der` (BSD-3-Clause and MIT)
+* num-bigint-dig (MIT and Apache-2.0)
 
 This project uses the following third party libraries:
 * [Mbed Crypto](https://github.com/ARMmbed/mbed-crypto) (Apache-2.0)
diff --git a/config.toml b/config.toml
@@ -1,4 +1,4 @@
-# PARSEC Service Configuration File
+# Parsec Configuration File
 
 # (Required) Core settings apply to the service as a whole rather than to individual components within it.
 [core_settings]
@@ -46,3 +46,16 @@ provider_type = "MbedProvider"
 
 # (Required) Name of key ID manager that will support this provider.
 key_id_manager = "on-disk-manager"
+
+# Example of a PKCS 11 provider configuration
+#[[provider]]
+#provider_type = "Pkcs11Provider"
+#key_id_manager = "on-disk-manager"
+# (Required for this provider) Path to the location of the dynamic library loaded by this provider.
+# For the PKCS 11 provider, this library implements the PKCS 11 API on the target platform.
+#library_path = "/usr/local/lib/softhsm/libsofthsm2.so"
+# (Required) PKCS 11 slot that will be used by Parsec.
+#slot_number = 123456789
+# (Optional) User pin for authentication with the specific slot. If not set, no authentication will
+# be used.
+#user_pin = "123456"
diff --git a/src/front/listener.rs b/src/front/listener.rs
@@ -21,12 +21,12 @@ pub trait ReadWrite: std::io::Read + std::io::Write {}
 // Automatically implements ReadWrite for all types that implement Read and Write.
 impl<T: std::io::Read + std::io::Write> ReadWrite for T {}
 
-#[derive(Deserialize)]
+#[derive(Deserialize, Debug)]
 pub enum ListenerType {
     DomainSocket,
 }
 
-#[derive(Deserialize)]
+#[derive(Deserialize, Debug)]
 pub struct ListenerConfig {
     pub listener_type: ListenerType,
     pub timeout: u64,

diff --git a/src/key_id_managers/mod.rs b/src/key_id_managers/mod.rs
@@ -25,12 +25,12 @@ use std::fmt;
 
 pub mod on_disk_manager;
 
-#[derive(Deserialize)]
+#[derive(Deserialize, Debug)]
 pub enum KeyIdManagerType {
     OnDisk,
 }
 
-#[derive(Deserialize)]
+#[derive(Deserialize, Debug)]
 pub struct KeyIdManagerConfig {
     pub name: String,
     pub manager_type: KeyIdManagerType,
@@ -50,7 +50,7 @@ impl fmt::Display for KeyTriple {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         write!(
             f,
-            "Application Name: \"{}\"\nProvider ID: {}\nKey Name: \"{}\"",
+            "Application Name: \"{}\", Provider ID: {}, Key Name: \"{}\"",
             self.app_name, self.provider_id, self.key_name
         )
     }

diff --git a/src/providers/mod.rs b/src/providers/mod.rs
@@ -17,26 +17,34 @@ use serde::Deserialize;
 
 pub mod core_provider;
 
+#[cfg(feature = "pkcs11-provider")]
+pub mod pkcs11_provider;
+
 #[cfg(feature = "mbed")]
 pub mod mbed_provider;
 
-#[derive(Deserialize)]
+#[derive(Deserialize, Debug)]
 pub enum ProviderType {
     MbedProvider,
+    Pkcs11Provider,
 }
 
 impl ProviderType {
     pub fn to_provider_id(&self) -> ProviderID {
         match self {
             ProviderType::MbedProvider => ProviderID::MbedProvider,
+            ProviderType::Pkcs11Provider => ProviderID::Pkcs11Provider,
         }
     }
 }
 
-#[derive(Deserialize)]
+#[derive(Deserialize, Debug)]
 pub struct ProviderConfig {
     pub provider_type: ProviderType,
     pub key_id_manager: String,
+    pub library_path: Option<String>,
+    pub slot_number: Option<usize>,
+    pub user_pin: Option<String>,
 }
 
 use crate::authenticators::ApplicationName;