Add ListKeys implementation

Signed-off-by: Joe Ellis <[email protected]>

Author: Joe Ellis

e2e_tests/tests/all_providers/mod.rs

@@ -65,6 +65,7 @@ fn list_opcodes() {
     let _ = core_provider_opcodes.insert(Opcode::ListProviders);
     let _ = core_provider_opcodes.insert(Opcode::ListAuthenticators);
     let _ = core_provider_opcodes.insert(Opcode::ListOpcodes);
+    let _ = core_provider_opcodes.insert(Opcode::ListKeys);
 
     assert_eq!(
         client

src/authenticators/unix_peer_credentials_authenticator/mod.rs

@@ -35,7 +35,7 @@ impl Authenticate for UnixPeerCredentialsAuthenticator {
             version_maj: 0,
             version_min: 1,
             version_rev: 0,
-            id: AuthType::PeerCredentials,
+            id: AuthType::UnixPeerCredentials,
         })
     }
 

src/back/backend_handler.rs

@@ -207,6 +207,14 @@ impl BackEndHandler {
                 trace!("list_authenticators egress");
                 self.result_to_response(NativeResult::ListAuthenticators(result), header)
             }
+            NativeOperation::ListKeys(op_list_keys) => {
+                let app_name =
+                    unwrap_or_else_return!(app_name.ok_or(ResponseStatus::NotAuthenticated));
+                let result =
+                    unwrap_or_else_return!(self.provider.list_keys(app_name, op_list_keys));
+                trace!("list_keys egress");
+                self.result_to_response(NativeResult::ListKeys(result), header)
+            }
             NativeOperation::PsaHashCompute(op_hash_compute) => {
                 let _app_name =
                     unwrap_or_else_return!(app_name.ok_or(ResponseStatus::NotAuthenticated));

src/key_info_managers/mod.rs

@@ -144,4 +144,41 @@ pub trait ManageKeyInfo {
     ///
     /// Returns an error as a String if there was a problem accessing the Key Info Manager.
     fn exists(&self, key_triple: &KeyTriple) -> Result<bool, String>;
+
+    /// Returns a Vec of the KeyInfo objects corresponding to the given application name and
+    /// provider ID.
+    ///
+    /// # Errors
+    ///
+    /// Returns an error as a String if there was a problem accessing the Key Info Manager.
+    fn list_key_info(
+        &self,
+        app_name: &ApplicationName,
+        provider_id: ProviderID,
+    ) -> Result<Vec<parsec_interface::operations::list_keys::KeyInfo>, String> {
+        use parsec_interface::operations::list_keys::KeyInfo;
+
+        let mut keys: Vec<KeyInfo> = Vec::new();
+        let key_triples = self.get_all(provider_id)?;
+
+        for key_triple in key_triples {
+            if key_triple.app_name() != app_name {
+                continue;
+            }
+
+            let key_info = self.get(key_triple)?;
+            let key_info = match key_info {
+                Some(key_info) => key_info,
+                _ => continue,
+            };
+
+            keys.push(KeyInfo {
+                provider_id: ProviderID::MbedCrypto,
+                name: key_triple.key_name().to_string(),
+                attributes: key_info.attributes,
+            });
+        }
+
+        Ok(keys)
+    }
 }

src/providers/core_provider/mod.rs

@@ -6,11 +6,14 @@
 //! aiding clients in discovering the capabilities offered by their underlying
 //! platform.
 use super::Provide;
+use crate::authenticators::ApplicationName;
 use derivative::Derivative;
 use log::trace;
-use parsec_interface::operations::{list_authenticators, list_opcodes, list_providers, ping};
 use parsec_interface::operations::{
-    list_authenticators::AuthenticatorInfo, list_providers::ProviderInfo,
+    list_authenticators, list_keys, list_opcodes, list_providers, ping,
+};
+use parsec_interface::operations::{
+    list_authenticators::AuthenticatorInfo, list_keys::KeyInfo, list_providers::ProviderInfo,
 };
 use parsec_interface::requests::{Opcode, ProviderID, ResponseStatus, Result};
 use std::collections::{HashMap, HashSet};
@@ -20,11 +23,12 @@ use std::sync::Arc;
 use uuid::Uuid;
 use version::{version, Version};
 
-const SUPPORTED_OPCODES: [Opcode; 4] = [
+const SUPPORTED_OPCODES: [Opcode; 5] = [
     Opcode::ListProviders,
     Opcode::ListOpcodes,
     Opcode::Ping,
     Opcode::ListAuthenticators,
+    Opcode::ListKeys,
 ];
 
 /// Service information provider
@@ -45,6 +49,15 @@ pub struct CoreProvider {
 }
 
 impl Provide for CoreProvider {
+    fn find_keys(&self, app_name: &ApplicationName) -> Result<Vec<KeyInfo>> {
+        let mut keys: Vec<KeyInfo> = Vec::new();
+        for provider in &self.prov_list {
+            let mut provider_keys = provider.find_keys(app_name)?;
+            keys.append(&mut provider_keys);
+        }
+        Ok(keys)
+    }
+
     fn list_opcodes(&self, op: list_opcodes::Operation) -> Result<list_opcodes::Result> {
         trace!("list_opcodes ingress");
         Ok(list_opcodes::Result {
@@ -73,6 +86,17 @@ impl Provide for CoreProvider {
         })
     }
 
+    fn list_keys(
+        &self,
+        app_name: ApplicationName,
+        _op: list_keys::Operation,
+    ) -> Result<list_keys::Result> {
+        trace!("list_keys ingress");
+
+        let keys = self.find_keys(&app_name)?;
+        Ok(list_keys::Result { keys })
+    }
+
     fn ping(&self, _op: ping::Operation) -> Result<ping::Result> {
         trace!("ping ingress");
         let result = ping::Result {

src/providers/mbed_crypto_provider/mod.rs

@@ -8,7 +8,7 @@ use crate::authenticators::ApplicationName;
 use crate::key_info_managers::{KeyTriple, ManageKeyInfo};
 use derivative::Derivative;
 use log::{error, trace};
-use parsec_interface::operations::list_providers::ProviderInfo;
+use parsec_interface::operations::{list_keys::KeyInfo, list_providers::ProviderInfo};
 use parsec_interface::operations::{
     psa_aead_decrypt, psa_aead_encrypt, psa_asymmetric_decrypt, psa_asymmetric_encrypt,
     psa_destroy_key, psa_export_key, psa_export_public_key, psa_generate_key, psa_generate_random,
@@ -163,6 +163,16 @@ impl Provide for MbedCryptoProvider {
         }, SUPPORTED_OPCODES.iter().copied().collect()))
     }
 
+    fn find_keys(&self, app_name: &ApplicationName) -> Result<Vec<KeyInfo>> {
+        let store_handle = self.key_info_store.read().expect("Key store lock poisoned");
+        store_handle
+            .list_key_info(app_name, ProviderID::MbedCrypto)
+            .map_err(|e| {
+                format_error!("Error occurred when fetching key information", e);
+                ResponseStatus::KeyInfoManagerError
+            })
+    }
+
     fn psa_generate_key(
         &self,
         app_name: ApplicationName,

src/providers/mod.rs

@@ -12,6 +12,8 @@ use serde::Deserialize;
 use std::collections::HashSet;
 use zeroize::Zeroize;
 
+use parsec_interface::operations::list_keys::KeyInfo;
+
 pub mod core_provider;
 
 #[cfg(feature = "pkcs11-provider")]
@@ -91,9 +93,9 @@ impl ProviderConfig {
 
 use crate::authenticators::ApplicationName;
 use parsec_interface::operations::{
-    list_authenticators, list_opcodes, list_providers, ping, psa_aead_decrypt, psa_aead_encrypt,
-    psa_asymmetric_decrypt, psa_asymmetric_encrypt, psa_destroy_key, psa_export_key,
-    psa_export_public_key, psa_generate_key, psa_generate_random, psa_hash_compare,
+    list_authenticators, list_keys, list_opcodes, list_providers, ping, psa_aead_decrypt,
+    psa_aead_encrypt, psa_asymmetric_decrypt, psa_asymmetric_encrypt, psa_destroy_key,
+    psa_export_key, psa_export_public_key, psa_generate_key, psa_generate_random, psa_hash_compare,
     psa_hash_compute, psa_import_key, psa_raw_key_agreement, psa_sign_hash, psa_verify_hash,
 };
 use parsec_interface::requests::{ResponseStatus, Result};
@@ -111,6 +113,14 @@ pub trait Provide {
         Err(ResponseStatus::PsaErrorNotSupported)
     }
 
+    /// Return the keys held by this provider.
+    ///
+    /// This function facilitates the ListKeys operation supported by the Core Provider.
+    fn find_keys(&self, _app_name: &ApplicationName) -> Result<Vec<KeyInfo>> {
+        trace!("find_keys ingress");
+        Err(ResponseStatus::PsaErrorNotSupported)
+    }
+
     /// List the providers running in the service.
     fn list_providers(&self, _op: list_providers::Operation) -> Result<list_providers::Result> {
         trace!("list_providers ingress");
@@ -132,6 +142,16 @@ pub trait Provide {
         Err(ResponseStatus::PsaErrorNotSupported)
     }
 
+    /// Lists all keys belonging to the application.
+    fn list_keys(
+        &self,
+        _app_name: ApplicationName,
+        _op: list_keys::Operation,
+    ) -> Result<list_keys::Result> {
+        trace!("list_keys ingress");
+        Err(ResponseStatus::PsaErrorNotSupported)
+    }
+
     /// Execute a Ping operation to get the wire protocol version major and minor information.
     ///
     /// # Errors

src/providers/pkcs11_provider/mod.rs

@@ -9,7 +9,9 @@ use crate::authenticators::ApplicationName;
 use crate::key_info_managers::{KeyInfo, KeyTriple, ManageKeyInfo};
 use derivative::Derivative;
 use log::{error, info, trace, warn};
-use parsec_interface::operations::list_providers::ProviderInfo;
+use parsec_interface::operations::{
+    list_keys::KeyInfo as InterfaceKeyInfo, list_providers::ProviderInfo,
+};
 use parsec_interface::operations::{
     psa_asymmetric_decrypt, psa_asymmetric_encrypt, psa_destroy_key, psa_export_public_key,
     psa_generate_key, psa_import_key, psa_sign_hash, psa_verify_hash,
@@ -212,6 +214,16 @@ impl Provide for Pkcs11Provider {
         ))
     }
 
+    fn find_keys(&self, app_name: &ApplicationName) -> Result<Vec<InterfaceKeyInfo>> {
+        let store_handle = self.key_info_store.read().expect("Key store lock poisoned");
+        store_handle
+            .list_key_info(app_name, ProviderID::Pkcs11)
+            .map_err(|e| {
+                format_error!("Error occurred when fetching key information", e);
+                ResponseStatus::KeyInfoManagerError
+            })
+    }
+
     fn psa_generate_key(
         &self,
         app_name: ApplicationName,

src/providers/tpm_provider/mod.rs

@@ -1,4 +1,4 @@
-// Copyright 2019 Contributors to the Parsec project.
+//KeyInfoStore Copyright 2019 Contributors to the Parsec project.
 // SPDX-License-Identifier: Apache-2.0
 //! TPM 2.0 provider
 //!
@@ -9,7 +9,7 @@ use crate::authenticators::ApplicationName;
 use crate::key_info_managers::ManageKeyInfo;
 use derivative::Derivative;
 use log::{info, trace};
-use parsec_interface::operations::list_providers::ProviderInfo;
+use parsec_interface::operations::{list_keys::KeyInfo, list_providers::ProviderInfo};
 use parsec_interface::operations::{
     psa_asymmetric_decrypt, psa_asymmetric_encrypt, psa_destroy_key, psa_export_public_key,
     psa_generate_key, psa_import_key, psa_sign_hash, psa_verify_hash,
@@ -92,6 +92,16 @@ impl Provide for TpmProvider {
         }, SUPPORTED_OPCODES.iter().copied().collect()))
     }
 
+    fn find_keys(&self, app_name: &ApplicationName) -> Result<Vec<KeyInfo>> {
+        let store_handle = self.key_info_store.read().expect("Key store lock poisoned");
+        store_handle
+            .list_key_info(app_name, ProviderID::Tpm)
+            .map_err(|e| {
+                format_error!("Error occurred when fetching key information", e);
+                ResponseStatus::KeyInfoManagerError
+            })
+    }
+
     fn psa_generate_key(
         &self,
         app_name: ApplicationName,