public/kms
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor: format with new toolchain

Browse source
This commit is contained in:
Emmanuel Coste 2025-04-30 13:18:59 +02:00 committed by Manuthor
parent 928f736470
commit 372d6adc2e
140 changed files with 415 additions and 497 deletions
Download patch file Download diff file Expand all files Collapse all files

2
cli

@ -1 +1 @@
Subproject commit 6d48cf0a24136b011b51d93cc3deb379cf7f2c3f
Subproject commit 1c40a259d7c3aab9608f154093cac3e1bb10845a

2
crate/crypto/src/crypto/cover_crypt/access_structure.rs
View file

@ -3,7 +3,7 @@ use std::{collections::HashMap, path::Path};
use cosmian_cover_crypt::{AccessStructure, EncryptionHint, QualifiedAttribute};
use tracing::debug;
use crate::{error::result::CryptoResult, CryptoError};
use crate::{CryptoError, error::result::CryptoResult};
pub fn access_structure_from_json_file(
specs_filename: &impl AsRef<Path>,

6
crate/crypto/src/crypto/cover_crypt/decryption.rs
View file

@ -1,7 +1,7 @@
use cosmian_cover_crypt::{api::Covercrypt, traits::KemAc, Error, UserSecretKey, XEnc};
use cosmian_cover_crypt::{Error, UserSecretKey, XEnc, api::Covercrypt, traits::KemAc};
use cosmian_crypto_core::{
bytes_ser_de::{Deserializer, Serializable, Serializer},
Aes256Gcm, Dem, FixedSizeCBytes, Instantiable, Nonce, SymmetricKey,
bytes_ser_de::{Deserializer, Serializable, Serializer},
};
use cosmian_kmip::kmip_2_1::{
kmip_objects::Object,
@ -14,7 +14,7 @@ use zeroize::Zeroizing;
use super::user_key::unwrap_user_decryption_key_object;
use crate::{
crypto::DecryptionSystem,
error::{result::CryptoResult, CryptoError},
error::{CryptoError, result::CryptoResult},
};
/// Decrypt a single block of data encrypted using an hybrid encryption mode

6
crate/crypto/src/crypto/cover_crypt/encryption.rs
View file

@ -1,16 +1,16 @@
use cosmian_cover_crypt::{api::Covercrypt, traits::KemAc, AccessPolicy, MasterPublicKey};
use cosmian_cover_crypt::{AccessPolicy, MasterPublicKey, api::Covercrypt, traits::KemAc};
use cosmian_crypto_core::{
Aes256Gcm, Dem, Instantiable, Nonce, RandomFixedSizeCBytes, SymmetricKey,
bytes_ser_de::{Deserializer, Serializable, Serializer},
reexport::zeroize::Zeroizing,
Aes256Gcm, Dem, Instantiable, Nonce, RandomFixedSizeCBytes, SymmetricKey,
};
use cosmian_kmip::{
DataToEncrypt,
kmip_2_1::{
kmip_objects::Object,
kmip_operations::{Encrypt, EncryptResponse},
kmip_types::{CryptographicAlgorithm, CryptographicParameters, UniqueIdentifier},
},
DataToEncrypt,
};
use tracing::{debug, trace};

2
crate/crypto/src/crypto/cover_crypt/kmip_requests.rs
View file

@ -4,7 +4,7 @@ use cosmian_kmip::kmip_2_1::{
kmip_types::{Attributes, CryptographicAlgorithm, KeyFormatType, UniqueIdentifier},
};
use super::attributes::{rekey_edit_action_as_vendor_attribute, RekeyEditAction};
use super::attributes::{RekeyEditAction, rekey_edit_action_as_vendor_attribute};
use crate::error::CryptoError;
/// Build a `ReKeyKeyPair` request.

8
crate/crypto/src/crypto/cover_crypt/master_keys.rs
View file

@ -1,4 +1,4 @@
use cosmian_cover_crypt::{api::Covercrypt, MasterPublicKey, MasterSecretKey};
use cosmian_cover_crypt::{MasterPublicKey, MasterSecretKey, api::Covercrypt};
use cosmian_crypto_core::bytes_ser_de::Serializable;
use cosmian_kmip::kmip_2_1::{
extra::VENDOR_ID_COSMIAN,
@ -14,10 +14,10 @@ use zeroize::Zeroizing;
use crate::{
crypto::{
cover_crypt::attributes::{
access_structure_from_attributes, VENDOR_ATTR_COVER_CRYPT_ACCESS_STRUCTURE,
},
KeyPair,
cover_crypt::attributes::{
VENDOR_ATTR_COVER_CRYPT_ACCESS_STRUCTURE, access_structure_from_attributes,
},
},
error::CryptoError,
};

2
crate/crypto/src/crypto/cover_crypt/user_key.rs
View file

@ -1,4 +1,4 @@
use cosmian_cover_crypt::{api::Covercrypt, AccessPolicy, MasterSecretKey, UserSecretKey};
use cosmian_cover_crypt::{AccessPolicy, MasterSecretKey, UserSecretKey, api::Covercrypt};
use cosmian_crypto_core::bytes_ser_de::Serializable;
use cosmian_kmip::kmip_2_1::{
kmip_data_structures::{KeyBlock, KeyMaterial, KeyValue},

4
crate/crypto/src/crypto/elliptic_curves/ecies/salsa_sealbox.rs
View file

@ -1,6 +1,6 @@
use cosmian_crypto_core::{
reexport::rand_core::SeedableRng, CsRng, Ecies, EciesSalsaSealBox, Ed25519PrivateKey,
Ed25519PublicKey, X25519PrivateKey, X25519PublicKey,
CsRng, Ecies, EciesSalsaSealBox, Ed25519PrivateKey, Ed25519PublicKey, X25519PrivateKey,
X25519PublicKey, reexport::rand_core::SeedableRng,
};
use openssl::pkey::{Id, PKey, Private, Public};
use tracing::trace;

4
crate/crypto/src/crypto/elliptic_curves/ecies/standard_curves.rs
View file

@ -9,9 +9,9 @@ use openssl::{
use zeroize::Zeroizing;
use crate::{
crypto::symmetric::symmetric_ciphers::{decrypt, encrypt, SymCipher},
crypto::symmetric::symmetric_ciphers::{SymCipher, decrypt, encrypt},
crypto_bail,
error::{result::CryptoResultHelper, CryptoError},
error::{CryptoError, result::CryptoResultHelper},
};
/// Derive an initialization vector from recipient public key `Q` and

47
crate/crypto/src/crypto/elliptic_curves/operation.rs
View file

@ -4,6 +4,7 @@ use cosmian_kmip::kmip_2_1::extra::fips::{
FIPS_PUBLIC_ECC_MASK_ECDH, FIPS_PUBLIC_ECC_MASK_SIGN, FIPS_PUBLIC_ECC_MASK_SIGN_ECDH,
};
use cosmian_kmip::{
SafeBigUint,
kmip_2_1::{
kmip_data_structures::{KeyBlock, KeyMaterial, KeyValue},
kmip_objects::{Object, ObjectType},
@ -13,7 +14,6 @@ use cosmian_kmip::{
LinkedObjectIdentifier, RecommendedCurve,
},
},
SafeBigUint,
};
use openssl::{
bn::BigNumContext,
@ -27,7 +27,7 @@ use zeroize::Zeroizing;
use crate::{
crypto::KeyPair,
crypto_bail,
error::{result::CryptoResult, CryptoError},
error::{CryptoError, result::CryptoResult},
};
#[cfg(feature = "fips")]
@ -132,8 +132,7 @@ pub fn to_ec_public_key(
let cryptographic_length = Some(i32::try_from(bytes.len())? * 8);
trace!(
"to_ec_public_key: bytes len: {:?}, bits: {}",
cryptographic_length,
pkey_bits_number
cryptographic_length, pkey_bits_number
);
let q_length = Some(i32::try_from(pkey_bits_number)?);
@ -199,8 +198,7 @@ pub fn to_ec_private_key(
trace!(
"to_ec_private_key: bytes len: {:?}, bits: {}",
cryptographic_length,
pkey_bits_number
cryptographic_length, pkey_bits_number
);
let q_length = Some(i32::try_from(pkey_bits_number)?);
@ -329,12 +327,9 @@ pub fn create_ed25519_key_pair(
) -> Result<KeyPair, CryptoError> {
#[cfg(feature = "fips")]
// Validate FIPS algorithm and mask.
check_ecc_mask_algorithm_compliance(
private_key_mask,
public_key_mask,
algorithm,
&[CryptographicAlgorithm::Ed25519],
)?;
check_ecc_mask_algorithm_compliance(private_key_mask, public_key_mask, algorithm, &[
CryptographicAlgorithm::Ed25519,
])?;
let private_key = PKey::generate_ed25519()?;
trace!("create_ed25519_key_pair: keypair OK");
@ -379,12 +374,9 @@ pub fn create_ed448_key_pair(
) -> Result<KeyPair, CryptoError> {
#[cfg(feature = "fips")]
// Validate FIPS algorithm and mask.
check_ecc_mask_algorithm_compliance(
private_key_mask,
public_key_mask,
algorithm,
&[CryptographicAlgorithm::Ed448],
)?;
check_ecc_mask_algorithm_compliance(private_key_mask, public_key_mask, algorithm, &[
CryptographicAlgorithm::Ed448,
])?;
let private_key = PKey::generate_ed448()?;
trace!("create_ed448_key_pair: keypair OK");
@ -424,16 +416,11 @@ pub fn create_approved_ecc_key_pair(
) -> Result<KeyPair, CryptoError> {
#[cfg(feature = "fips")]
// Validate FIPS algorithms and mask.
check_ecc_mask_algorithm_compliance(
private_key_mask,
public_key_mask,
algorithm,
&[
CryptographicAlgorithm::EC,
CryptographicAlgorithm::ECDSA,
CryptographicAlgorithm::ECDH,
],
)?;
check_ecc_mask_algorithm_compliance(private_key_mask, public_key_mask, algorithm, &[
CryptographicAlgorithm::EC,
CryptographicAlgorithm::ECDSA,
CryptographicAlgorithm::ECDH,
])?;
let curve_nid = match curve {
#[cfg(not(feature = "fips"))]
@ -501,11 +488,11 @@ mod tests {
use super::{check_ecc_mask_against_flags, check_ecc_mask_algorithm_compliance};
use super::{create_approved_ecc_key_pair, create_ed25519_key_pair};
#[cfg(not(feature = "fips"))]
use super::{create_x25519_key_pair, create_x448_key_pair};
use super::{create_x448_key_pair, create_x25519_key_pair};
#[cfg(feature = "fips")]
use crate::crypto::elliptic_curves::operation::create_ed448_key_pair;
#[cfg(not(feature = "fips"))]
use crate::crypto::elliptic_curves::{X25519_PRIVATE_KEY_LENGTH, X448_PRIVATE_KEY_LENGTH};
use crate::crypto::elliptic_curves::{X448_PRIVATE_KEY_LENGTH, X25519_PRIVATE_KEY_LENGTH};
use crate::openssl::{kmip_private_key_to_openssl, kmip_public_key_to_openssl};
#[cfg(not(feature = "fips"))]
use crate::pad_be_bytes;

10
crate/crypto/src/crypto/rsa/operation.rs
View file

@ -3,6 +3,7 @@ use cosmian_kmip::kmip_2_1::extra::fips::{
FIPS_MIN_RSA_MODULUS_LENGTH, FIPS_PRIVATE_RSA_MASK, FIPS_PUBLIC_RSA_MASK,
};
use cosmian_kmip::{
SafeBigUint,
kmip_2_1::{
kmip_data_structures::{KeyBlock, KeyMaterial, KeyValue},
kmip_objects::{Object, ObjectType},
@ -11,14 +12,13 @@ use cosmian_kmip::{
KeyFormatType, Link, LinkType, LinkedObjectIdentifier,
},
},
SafeBigUint,
};
use num_bigint_dig::BigUint;
use openssl::{pkey::Private, rsa::Rsa};
use tracing::trace;
use zeroize::Zeroizing;
use crate::{crypto::KeyPair, crypto_bail, error::CryptoError, CryptoResultHelper};
use crate::{CryptoResultHelper, crypto::KeyPair, crypto_bail, error::CryptoError};
#[cfg(feature = "fips")]
/// Check that bits set in `mask` are only bits set in `flags`. If any bit set
@ -79,8 +79,7 @@ pub fn to_rsa_public_key(
trace!(
"to_rsa_public_key: bytes len: {}, bits: {}",
cryptographic_length_in_bits,
pkey_bits_number
cryptographic_length_in_bits, pkey_bits_number
);
let output = Object::PublicKey {
@ -135,8 +134,7 @@ pub fn to_rsa_private_key(
trace!(
"to_rsa_private_key: bytes len: {}, bits: {}",
cryptographic_length_in_bits,
pkey_bits_number
cryptographic_length_in_bits, pkey_bits_number
);
Ok(Object::PrivateKey {

2
crate/crypto/src/crypto/symmetric/aes_gcm_siv_not_openssl.rs
View file

@ -5,10 +5,10 @@ use aes_gcm_siv::{AeadInPlace, Aes128GcmSiv, Aes256GcmSiv, Key, KeyInit, Nonce,
use zeroize::Zeroizing;
use crate::{
CryptoError,
crypto::symmetric::symmetric_ciphers::{
AES_128_GCM_SIV_KEY_LENGTH, AES_256_GCM_SIV_KEY_LENGTH,
},
CryptoError,
};
/// Encrypt data using AES GCM SIV.

4
crate/crypto/src/crypto/symmetric/rfc5649.rs
View file

@ -12,10 +12,10 @@
//! Google provides a patch : <https://cloud.google.com/kms/docs/configuring-openssl-for-manual-key-wrapping>
//! and so does AWS: <https://repost.aws/en/knowledge-center/patch-openssl-cloudhsm>
use openssl::symm::{encrypt, Cipher, Crypter, Mode};
use openssl::symm::{Cipher, Crypter, Mode, encrypt};
use zeroize::Zeroizing;
use crate::error::{result::CryptoResult, CryptoError};
use crate::error::{CryptoError, result::CryptoResult};
const DEFAULT_RFC5649_CONST: u32 = 0xA659_59A6_u32;
const DEFAULT_IV: u64 = 0xA6A6_A6A6_A6A6_A6A6;

8
crate/crypto/src/crypto/symmetric/symmetric_ciphers.rs
View file

@ -4,9 +4,9 @@ use cosmian_kmip::kmip_2_1::kmip_types::{BlockCipherMode, CryptographicAlgorithm
use openssl::{
rand::rand_bytes,
symm::{
decrypt as openssl_decrypt, decrypt_aead as openssl_decrypt_aead,
encrypt as openssl_encrypt, encrypt_aead as openssl_encrypt_aead, Cipher, Crypter,
Mode as OpenSslMode,
Cipher, Crypter, Mode as OpenSslMode, decrypt as openssl_decrypt,
decrypt_aead as openssl_decrypt_aead, encrypt as openssl_encrypt,
encrypt_aead as openssl_encrypt_aead,
},
};
use zeroize::Zeroizing;
@ -16,7 +16,7 @@ use super::aes_gcm_siv_not_openssl;
use crate::{
crypto::symmetric::rfc5649::{rfc5649_unwrap, rfc5649_wrap},
crypto_bail,
error::{result::CryptoResult, CryptoError},
error::{CryptoError, result::CryptoResult},
};
/// AES 128 CBC key length in bytes.

4
crate/crypto/src/crypto/symmetric/tests.rs
View file

@ -7,8 +7,8 @@ use openssl::rand::rand_bytes;
#[cfg(not(feature = "fips"))]
use crate::crypto::symmetric::symmetric_ciphers::AES_128_GCM_SIV_MAC_LENGTH;
use crate::crypto::symmetric::symmetric_ciphers::{
decrypt, encrypt, random_key, random_nonce, Mode, SymCipher, AES_128_GCM_MAC_LENGTH,
AES_128_XTS_MAC_LENGTH, AES_256_GCM_MAC_LENGTH, AES_256_XTS_MAC_LENGTH,
AES_128_GCM_MAC_LENGTH, AES_128_XTS_MAC_LENGTH, AES_256_GCM_MAC_LENGTH, AES_256_XTS_MAC_LENGTH,
Mode, SymCipher, decrypt, encrypt, random_key, random_nonce,
};
#[test]

6
crate/crypto/src/crypto/wrap/unwrap_key.rs
View file

@ -17,6 +17,7 @@ use crate::crypto::elliptic_curves::ecies::ecies_decrypt;
use crate::crypto::rsa::ckm_rsa_pkcs::ckm_rsa_pkcs_key_unwrap;
use crate::{
crypto::{
FIPS_MIN_SALT_SIZE,
password_derivation::derive_key_from_password,
rsa::{
ckm_rsa_aes_key_wrap::ckm_rsa_aes_key_unwrap,
@ -24,13 +25,12 @@ use crate::{
},
symmetric::{
rfc5649::rfc5649_unwrap,
symmetric_ciphers::{decrypt, SymCipher},
symmetric_ciphers::{SymCipher, decrypt},
},
wrap::common::rsa_parameters,
FIPS_MIN_SALT_SIZE,
},
crypto_bail,
error::{result::CryptoResultHelper, CryptoError},
error::{CryptoError, result::CryptoResultHelper},
openssl::kmip_private_key_to_openssl,
};

8
crate/crypto/src/crypto/wrap/wrap_key.rs
View file

@ -1,4 +1,4 @@
use base64::{engine::general_purpose, Engine};
use base64::{Engine, engine::general_purpose};
use cosmian_kmip::kmip_2_1::{
kmip_data_structures::{
KeyBlock, KeyMaterial, KeyValue, KeyWrappingData, KeyWrappingSpecification,
@ -23,6 +23,7 @@ use crate::crypto::elliptic_curves::ecies::ecies_encrypt;
use crate::crypto::rsa::ckm_rsa_pkcs::ckm_rsa_pkcs_key_wrap;
use crate::{
crypto::{
FIPS_MIN_SALT_SIZE,
password_derivation::derive_key_from_password,
rsa::{
ckm_rsa_aes_key_wrap::ckm_rsa_aes_key_wrap,
@ -30,13 +31,12 @@ use crate::{
},
symmetric::{
rfc5649::rfc5649_wrap,
symmetric_ciphers::{encrypt, random_nonce, SymCipher},
symmetric_ciphers::{SymCipher, encrypt, random_nonce},
},
wrap::common::rsa_parameters,
FIPS_MIN_SALT_SIZE,
},
crypto_bail, crypto_error,
error::{result::CryptoResult, CryptoError},
error::{CryptoError, result::CryptoResult},
openssl::kmip_public_key_to_openssl,
};

2
crate/crypto/src/lib.rs
View file

@ -54,7 +54,7 @@
// required to detect generic type in Serializer
#![feature(min_specialization)]
pub use error::{result::CryptoResultHelper, CryptoError};
pub use error::{CryptoError, result::CryptoResultHelper};
pub mod crypto;
mod error;

4
crate/crypto/src/openssl/certificate.rs
View file

@ -6,11 +6,11 @@ use openssl::{
asn1::{Asn1Object, Asn1OctetString},
nid::Nid,
sha::Sha1,
x509::{X509Extension, X509Name, X509NameBuilder, X509},
x509::{X509, X509Extension, X509Name, X509NameBuilder},
};
use x509_parser::prelude::{FromDer, X509Certificate};
use crate::error::{result::CryptoResultHelper, CryptoError};
use crate::error::{CryptoError, result::CryptoResultHelper};
/// Generate a KMIP certificate from an OpenSSL certificate
pub fn openssl_certificate_to_kmip(certificate: &X509) -> Result<Object, CryptoError> {

2
crate/crypto/src/openssl/hashing.rs
View file

@ -4,7 +4,7 @@ use openssl::{
md::{Md, MdRef},
};
use crate::{crypto_error, CryptoError};
use crate::{CryptoError, crypto_error};
pub fn hashing_algorithm_to_openssl(
hashing_algorithm: HashingAlgorithm,

8
crate/crypto/src/openssl/private_key.rs
View file

@ -1,4 +1,5 @@
use cosmian_kmip::{
SafeBigUint,
kmip_2_1::{
kmip_data_structures::{KeyBlock, KeyMaterial, KeyValue},
kmip_objects::{Object, ObjectType},
@ -7,7 +8,6 @@ use cosmian_kmip::{
CryptographicUsageMask, KeyFormatType, RecommendedCurve,
},
},
SafeBigUint,
};
use num_bigint_dig::BigUint;
use openssl::{
@ -21,11 +21,11 @@ use zeroize::Zeroizing;
use crate::{
crypto::elliptic_curves::{
ED25519_PRIVATE_KEY_LENGTH, ED448_PRIVATE_KEY_LENGTH, X25519_PRIVATE_KEY_LENGTH,
X448_PRIVATE_KEY_LENGTH,
ED448_PRIVATE_KEY_LENGTH, ED25519_PRIVATE_KEY_LENGTH, X448_PRIVATE_KEY_LENGTH,
X25519_PRIVATE_KEY_LENGTH,
},
crypto_bail,
error::{result::CryptoResultHelper, CryptoError},
error::{CryptoError, result::CryptoResultHelper},
pad_be_bytes,
};

2
crate/crypto/src/openssl/public_key.rs
View file

@ -19,7 +19,7 @@ use zeroize::Zeroizing;
use crate::{
crypto_bail, crypto_error,
error::{result::CryptoResultHelper, CryptoError},
error::{CryptoError, result::CryptoResultHelper},
};
/// Convert a KMIP Public key to openssl `PKey<Public>`

2
crate/crypto/src/openssl/x509_extensions.rs
View file

@ -4,11 +4,11 @@ use ini::Ini;
use openssl::{
nid::Nid,
x509::{
X509Extension, X509v3Context,
extension::{
AuthorityKeyIdentifier, BasicConstraints, ExtendedKeyUsage, KeyUsage,
SubjectAlternativeName, SubjectKeyIdentifier,
},
X509Extension, X509v3Context,
},
};
use tracing::warn;

15
crate/hsm/base_hsm/src/base_hsm.rs
View file

@ -6,9 +6,9 @@ use std::{
sync::{Arc, Mutex},
};
use pkcs11_sys::{CKR_OK, CK_INFO};
use pkcs11_sys::{CK_INFO, CKR_OK};
use crate::{hsm_lib::HsmLib, HError, HResult, SlotManager};
use crate::{HError, HResult, SlotManager, hsm_lib::HsmLib};
struct SlotState {
password: Option<String>,
@ -28,13 +28,10 @@ impl BaseHsm {
let hsm_lib = Arc::new(HsmLib::instantiate(path)?);
let mut slots = HashMap::with_capacity(passwords.len());
for (k, v) in passwords.iter() {
slots.insert(
*k,
SlotState {
password: v.clone(),
slot: None,
},
);
slots.insert(*k, SlotState {
password: v.clone(),
slot: None,
});
}
Ok(BaseHsm {
hsm_lib,

4
crate/hsm/base_hsm/src/kms_hsm.rs
View file

@ -33,8 +33,8 @@
//! - Zero-copy cleanup for sensitive data using `Zeroizing`
use async_trait::async_trait;
use cosmian_kms_interfaces::{
CryptoAlgorithm, EncryptedContent, HsmKeyAlgorithm, HsmKeypairAlgorithm, HsmObject,
HsmObjectFilter, InterfaceError, InterfaceResult, KeyMetadata, KeyType, HSM,
CryptoAlgorithm, EncryptedContent, HSM, HsmKeyAlgorithm, HsmKeypairAlgorithm, HsmObject,
HsmObjectFilter, InterfaceError, InterfaceResult, KeyMetadata, KeyType,
};
use zeroize::Zeroizing;

8
crate/hsm/base_hsm/src/session/aes.rs
View file

@ -1,13 +1,13 @@
use std::ptr;
use pkcs11_sys::{
CKA_CLASS, CKA_DECRYPT, CKA_ENCRYPT, CKA_EXTRACTABLE, CKA_KEY_TYPE, CKA_LABEL, CKA_PRIVATE,
CKA_SENSITIVE, CKA_TOKEN, CKA_VALUE_LEN, CKK_AES, CKM_AES_KEY_GEN, CKO_SECRET_KEY, CKR_OK,
CK_ATTRIBUTE, CK_ATTRIBUTE_PTR, CK_BBOOL, CK_FALSE, CK_MECHANISM, CK_MECHANISM_PTR,
CK_OBJECT_HANDLE, CK_TRUE, CK_ULONG, CK_VOID_PTR,
CK_OBJECT_HANDLE, CK_TRUE, CK_ULONG, CK_VOID_PTR, CKA_CLASS, CKA_DECRYPT, CKA_ENCRYPT,
CKA_EXTRACTABLE, CKA_KEY_TYPE, CKA_LABEL, CKA_PRIVATE, CKA_SENSITIVE, CKA_TOKEN, CKA_VALUE_LEN,
CKK_AES, CKM_AES_KEY_GEN, CKO_SECRET_KEY, CKR_OK,
};
use crate::{aes_key_template, session::Session, HError, HResult};
use crate::{HError, HResult, aes_key_template, session::Session};
pub enum AesKeySize {
Aes128,

14
crate/hsm/base_hsm/src/session/rsa.rs
View file

@ -1,15 +1,15 @@
use std::ptr;
use pkcs11_sys::{
CKA_CLASS, CKA_DECRYPT, CKA_ENCRYPT, CKA_EXTRACTABLE, CKA_KEY_TYPE, CKA_LABEL,
CKA_MODULUS_BITS, CKA_PRIVATE, CKA_PUBLIC_EXPONENT, CKA_SENSITIVE, CKA_SIGN, CKA_TOKEN,
CKA_UNWRAP, CKA_VERIFY, CKA_WRAP, CKG_MGF1_SHA256, CKK_AES, CKK_RSA, CKM_RSA_PKCS_KEY_PAIR_GEN,
CKM_RSA_PKCS_OAEP, CKM_SHA256, CKO_SECRET_KEY, CKR_OK, CKZ_DATA_SPECIFIED, CK_ATTRIBUTE,
CK_BBOOL, CK_FALSE, CK_KEY_TYPE, CK_MECHANISM, CK_MECHANISM_PTR, CK_OBJECT_HANDLE,
CK_RSA_PKCS_OAEP_PARAMS, CK_TRUE, CK_ULONG, CK_VOID_PTR,
CK_ATTRIBUTE, CK_BBOOL, CK_FALSE, CK_KEY_TYPE, CK_MECHANISM, CK_MECHANISM_PTR,
CK_OBJECT_HANDLE, CK_RSA_PKCS_OAEP_PARAMS, CK_TRUE, CK_ULONG, CK_VOID_PTR, CKA_CLASS,
CKA_DECRYPT, CKA_ENCRYPT, CKA_EXTRACTABLE, CKA_KEY_TYPE, CKA_LABEL, CKA_MODULUS_BITS,
CKA_PRIVATE, CKA_PUBLIC_EXPONENT, CKA_SENSITIVE, CKA_SIGN, CKA_TOKEN, CKA_UNWRAP, CKA_VERIFY,
CKA_WRAP, CKG_MGF1_SHA256, CKK_AES, CKK_RSA, CKM_RSA_PKCS_KEY_PAIR_GEN, CKM_RSA_PKCS_OAEP,
CKM_SHA256, CKO_SECRET_KEY, CKR_OK, CKZ_DATA_SPECIFIED,
};
use crate::{session::Session, HError, HResult};
use crate::{HError, HResult, session::Session};
pub enum RsaKeySize {
Rsa1024,

2
crate/hsm/base_hsm/src/session/session_impl.rs
View file

@ -42,7 +42,7 @@ use cosmian_kms_interfaces::{
KeyType, RsaPrivateKeyMaterial, RsaPublicKeyMaterial,
};
use pkcs11_sys::*;
use rand::{rngs::OsRng, TryRngCore};
use rand::{TryRngCore, rngs::OsRng};
use tracing::debug;
use zeroize::Zeroizing;

6
crate/hsm/base_hsm/src/slots.rs
View file

@ -6,12 +6,12 @@ use std::{
use lru::LruCache;
use pkcs11_sys::{
CKF_RW_SESSION, CKF_SERIAL_SESSION, CKR_OK, CKR_USER_ALREADY_LOGGED_IN, CKU_USER, CK_FLAGS,
CK_OBJECT_HANDLE, CK_SESSION_HANDLE, CK_SLOT_ID, CK_ULONG, CK_UTF8CHAR_PTR,
CK_FLAGS, CK_OBJECT_HANDLE, CK_SESSION_HANDLE, CK_SLOT_ID, CK_ULONG, CK_UTF8CHAR_PTR,
CKF_RW_SESSION, CKF_SERIAL_SESSION, CKR_OK, CKR_USER_ALREADY_LOGGED_IN, CKU_USER,
};
use tracing::warn;
use crate::{hsm_lib::HsmLib, HError, HResult, Session};
use crate::{HError, HResult, Session, hsm_lib::HsmLib};
/// A cache structure that maps byte vectors to CK_OBJECT_HANDLE values using an LRU (Least Recently Used) strategy.
///

2
crate/interfaces/src/encryption_oracle.rs
View file

@ -8,7 +8,7 @@ use async_trait::async_trait;
use cosmian_kmip::kmip_2_1::kmip_types::{BlockCipherMode, CryptographicParameters, PaddingMethod};
use zeroize::Zeroizing;
use crate::{error::InterfaceResult, InterfaceError, KeyType};
use crate::{InterfaceError, KeyType, error::InterfaceResult};
#[derive(Debug)]
pub struct KeyMetadata {

4
crate/interfaces/src/hsm/encryption_oracle_impl.rs
View file

@ -9,8 +9,8 @@ use async_trait::async_trait;
use zeroize::Zeroizing;
use crate::{
encryption_oracle::EncryptedContent, CryptoAlgorithm, EncryptionOracle, InterfaceError,
InterfaceResult, KeyMetadata, KeyType, HSM,
CryptoAlgorithm, EncryptionOracle, HSM, InterfaceError, InterfaceResult, KeyMetadata, KeyType,
encryption_oracle::EncryptedContent,
};
pub struct HsmEncryptionOracle {

8
crate/interfaces/src/hsm/hsm_store.rs
View file

@ -4,8 +4,10 @@
#![allow(unused_variables)]
use std::{collections::HashSet, path::PathBuf, sync::Arc};
use KmipKeyMaterial::TransparentRSAPublicKey;
use async_trait::async_trait;
use cosmian_kmip::{
SafeBigUint,
kmip_2_1::{
kmip_data_structures::{KeyBlock, KeyMaterial as KmipKeyMaterial, KeyValue},
kmip_objects::{Object, ObjectType},
@ -14,15 +16,13 @@ use cosmian_kmip::{
StateEnumeration,
},
},
SafeBigUint,
};
use num_bigint_dig::BigUint;
use tracing::debug;
use KmipKeyMaterial::TransparentRSAPublicKey;
use crate::{
AtomicOperation, HsmKeyAlgorithm, HsmKeypairAlgorithm, HsmObject, InterfaceError,
InterfaceResult, KeyMaterial, ObjectWithMetadata, ObjectsStore, SessionParams, HSM,
AtomicOperation, HSM, HsmKeyAlgorithm, HsmKeypairAlgorithm, HsmObject, InterfaceError,
InterfaceResult, KeyMaterial, ObjectWithMetadata, ObjectsStore, SessionParams,
};
pub struct HsmStore {

2
crate/interfaces/src/hsm/interface.rs
View file

@ -6,7 +6,7 @@ use async_trait::async_trait;
use zeroize::Zeroizing;
use crate::{
encryption_oracle::EncryptedContent, CryptoAlgorithm, InterfaceResult, KeyMetadata, KeyType,
CryptoAlgorithm, InterfaceResult, KeyMetadata, KeyType, encryption_oracle::EncryptedContent,
};
/// Supported key algorithms

4
crate/interfaces/src/hsm/mod.rs
View file

@ -6,6 +6,6 @@ mod interface;
pub use encryption_oracle_impl::HsmEncryptionOracle;
pub use hsm_store::HsmStore;
pub use interface::{
HsmKeyAlgorithm, HsmKeypairAlgorithm, HsmObject, HsmObjectFilter, KeyMaterial,
RsaPrivateKeyMaterial, RsaPublicKeyMaterial, HSM,
HSM, HsmKeyAlgorithm, HsmKeypairAlgorithm, HsmObject, HsmObjectFilter, KeyMaterial,
RsaPrivateKeyMaterial, RsaPublicKeyMaterial,
};

4
crate/interfaces/src/lib.rs
View file

@ -6,8 +6,8 @@ mod stores;
pub use encryption_oracle::{CryptoAlgorithm, EncryptedContent, EncryptionOracle, KeyMetadata};
pub use error::{InterfaceError, InterfaceResult};
pub use hsm::{
HsmEncryptionOracle, HsmKeyAlgorithm, HsmKeypairAlgorithm, HsmObject, HsmObjectFilter,
HsmStore, KeyMaterial, RsaPrivateKeyMaterial, RsaPublicKeyMaterial, HSM,
HSM, HsmEncryptionOracle, HsmKeyAlgorithm, HsmKeypairAlgorithm, HsmObject, HsmObjectFilter,
HsmStore, KeyMaterial, RsaPrivateKeyMaterial, RsaPublicKeyMaterial,
};
pub use stores::{
AtomicOperation, ObjectWithMetadata, ObjectsStore, PermissionsStore, SessionParams,

2
crate/interfaces/src/stores/objects_store.rs
View file

@ -6,7 +6,7 @@ use cosmian_kmip::kmip_2_1::{
kmip_types::{Attributes, StateEnumeration},
};
use crate::{stores::SessionParams, InterfaceResult, ObjectWithMetadata};
use crate::{InterfaceResult, ObjectWithMetadata, stores::SessionParams};
/// An atomic operation on the objects database
pub enum AtomicOperation {

4
crate/interfaces/src/stores/permissions_store.rs
View file

@ -4,9 +4,9 @@ use std::{
};
use async_trait::async_trait;
use cosmian_kmip::kmip_2_1::{kmip_types::StateEnumeration, KmipOperation};
use cosmian_kmip::kmip_2_1::{KmipOperation, kmip_types::StateEnumeration};
use crate::{stores::SessionParams, InterfaceResult};
use crate::{InterfaceResult, stores::SessionParams};
/// Trait that the stores must implement to store permissions
#[async_trait(?Send)]

6
crate/kmip/src/bytes_ser_de.rs
View file

@ -7,7 +7,7 @@ use std::{
use zeroize::Zeroizing;
use crate::{kmip_bail, KmipError};
use crate::{KmipError, kmip_bail};
/// A `Serializable` object can easily be serialized and deserialized into an
/// array of bytes.
@ -273,8 +273,8 @@ pub fn test_serialization<T: PartialEq + Debug + Serializable>(v: &T) -> Result<
mod tests {
use rand::RngCore;
use super::{to_leb128_len, Deserializer, Serializable, Serializer};
use crate::{kmip_bail, KmipError};
use super::{Deserializer, Serializable, Serializer, to_leb128_len};
use crate::{KmipError, kmip_bail};
/// We don't have a non-fixed size implementation of Serializable inside
/// `crypto_core` so just have a dummy implementation here.

2
crate/kmip/src/data_to_encrypt.rs
View file

@ -1,4 +1,4 @@
use crate::{error::KmipError, kmip_2_1::kmip_operations::ErrorReason, Deserializer, Serializer};
use crate::{Deserializer, Serializer, error::KmipError, kmip_2_1::kmip_operations::ErrorReason};
/// Structure used to encrypt with Covercrypt or ECIES
///

15
crate/kmip/src/kmip_2_1/extra/bulk_data.rs
View file

@ -4,9 +4,9 @@ use tracing::trace;
use zeroize::Zeroizing;
use crate::{
error::{result::KmipResult, KmipError},
kmip_2_1::kmip_operations::ErrorReason,
Deserializer, Serializer,
error::{KmipError, result::KmipResult},
kmip_2_1::kmip_operations::ErrorReason,
};
/// Bulk Data is a structure that holds a list of zeroizing byte arrays
@ -99,13 +99,10 @@ mod tests {
];
let bulk_data = BulkData::new(data.clone());
let serialized = bulk_data.serialize().unwrap();
assert_eq!(
serialized.to_vec(),
vec![
0x87, 0x87, 0x03, 0x03, 0x01, 0x02, 0x03, 0x03, 0x04, 0x05, 0x06, 0x0A, 0x07, 0x07,
0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07
]
);
assert_eq!(serialized.to_vec(), vec![
0x87, 0x87, 0x03, 0x03, 0x01, 0x02, 0x03, 0x03, 0x04, 0x05, 0x06, 0x0A, 0x07, 0x07,
0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07
]);
let deserialized = BulkData::deserialize(&serialized).unwrap();
assert_eq!(data, deserialized.0);
}

5
crate/kmip/src/kmip_2_1/kmip_data_structures.rs
View file

@ -5,14 +5,15 @@ use std::{
use num_bigint_dig::BigUint;
use serde::{
Deserialize, Serialize,
de::{self, MapAccess, Visitor},
ser::SerializeStruct,
Deserialize, Serialize,
};
use zeroize::Zeroizing;
use super::kmip_types::{LinkType, LinkedObjectIdentifier};
use crate::{
SafeBigUint,
error::KmipError,
kmip_2_1::{
kmip_operations::ErrorReason,
@ -22,7 +23,7 @@ use crate::{
WrappingMethod,
},
},
pad_be_bytes, SafeBigUint,
pad_be_bytes,
};
/// A Key Block object is a structure used to encapsulate all of the information

4
crate/kmip/src/kmip_2_1/kmip_messages.rs
View file

@ -21,9 +21,9 @@ use std::fmt::{self, Display, Formatter};
/// asynchronous responses only if the Asynchronous Indicator is present in the header.
use chrono::Utc;
use serde::{
Deserialize, Serialize,
de::{self, MapAccess, Visitor},
ser::{self, SerializeStruct},
Deserialize, Serialize,
};
use super::{
@ -33,7 +33,7 @@ use super::{
MessageExtension, Nonce, OperationEnumeration, ProtocolVersion, ResultStatusEnumeration,
},
};
use crate::{error::result::KmipResult, KmipError};
use crate::{KmipError, error::result::KmipResult};
#[derive(Deserialize, PartialEq, Eq)]
#[serde(rename_all = "PascalCase")]

2
crate/kmip/src/kmip_2_1/kmip_objects.rs
View file

@ -10,7 +10,7 @@ use strum::EnumIter;
use super::{kmip_data_structures::KeyWrappingData, kmip_types::Attributes};
use crate::{
error::{result::KmipResult, KmipError},
error::{KmipError, result::KmipResult},
kmip_2_1::{
kmip_data_structures::KeyBlock,
kmip_operations::ErrorReason,

2
crate/kmip/src/kmip_2_1/kmip_operations.rs
View file

@ -4,8 +4,8 @@ use std::{
};
use serde::{
de::{self, MapAccess, Visitor},
Deserialize, Serialize,
de::{self, MapAccess, Visitor},
};
use strum::Display;
use zeroize::Zeroizing;

10
crate/kmip/src/kmip_2_1/kmip_types.rs
View file

@ -6,9 +6,9 @@
use std::fmt::{self, Display, Formatter};
use serde::{
Deserialize, Serialize,
de::{self, MapAccess, Visitor},
ser::SerializeStruct,
Deserialize, Serialize,
};
use strum::{Display, EnumIter, EnumString};
use tracing::trace;
@ -18,7 +18,7 @@ use super::kmip_objects::ObjectType;
use crate::{
error::KmipError,
kmip_2_1::{
extra::{tagging::VENDOR_ATTR_TAG, VENDOR_ID_COSMIAN},
extra::{VENDOR_ID_COSMIAN, tagging::VENDOR_ATTR_TAG},
kmip_operations::ErrorReason,
},
kmip_error,
@ -2967,10 +2967,6 @@ impl ValidityIndicator {
#[must_use]
pub const fn from_bool(b: bool) -> Self {
if b {
Self::Valid
} else {
Self::Invalid
}
if b { Self::Valid } else { Self::Invalid }
}
}

2
crate/kmip/src/kmip_2_1/requests/create.rs
View file

@ -1,6 +1,7 @@
use zeroize::Zeroizing;
use crate::{
KmipError,
kmip_2_1::{
kmip_data_structures::{KeyBlock, KeyMaterial, KeyValue},
kmip_objects::{Object, ObjectType},
@ -10,7 +11,6 @@ use crate::{
UniqueIdentifier,
},
},
KmipError,
};
/// Create a symmetric key for the given algorithm

2
crate/kmip/src/kmip_2_1/requests/create_key_pair.rs
View file

@ -6,6 +6,7 @@ use crate::kmip_2_1::extra::fips::{
#[cfg(feature = "fips")]
use crate::kmip_bail;
use crate::{
KmipError,
kmip_2_1::{
kmip_objects::ObjectType,
kmip_operations::CreateKeyPair,
@ -14,7 +15,6 @@ use crate::{
CryptographicUsageMask, KeyFormatType, RecommendedCurve, UniqueIdentifier,
},
},
KmipError,
};
/// Build a `CreateKeyPairRequest` for a RSA key pair.
pub fn create_rsa_key_pair_request<T: IntoIterator<Item = impl AsRef<str>>>(

2
crate/kmip/src/kmip_2_1/requests/encrypt.rs
View file

@ -1,11 +1,11 @@
use zeroize::Zeroizing;
use crate::{
DataToEncrypt, KmipError,
kmip_2_1::{
kmip_operations::Encrypt,
kmip_types::{CryptographicParameters, UniqueIdentifier},
},
DataToEncrypt, KmipError,
};
/// Build an Encryption Request to encrypt the provided `plaintext`.

2
crate/kmip/src/kmip_2_1/requests/revoke.rs
View file

@ -1,9 +1,9 @@
use crate::{
KmipError,
kmip_2_1::{
kmip_operations::Revoke,
kmip_types::{RevocationReason, UniqueIdentifier},
},
KmipError,
};
/// Build a `Revoke` request to revoke the key identified by `unique_identifier`

2
crate/kmip/src/kmip_2_1/requests/validate.rs
View file

@ -1,6 +1,6 @@
use crate::{
kmip_2_1::{kmip_operations::Validate, kmip_types::UniqueIdentifier},
KmipError,
kmip_2_1::{kmip_operations::Validate, kmip_types::UniqueIdentifier},
};
/// Build a `Validate` request to validate a certificate chain.

8
crate/kmip/src/kmip_2_1/ttlv/deserializer.rs
View file

@ -1,14 +1,14 @@
#![allow(clippy::indexing_slicing)]
use serde::{
de::{self, DeserializeSeed, EnumAccess, Error, MapAccess, SeqAccess, VariantAccess, Visitor},
Deserialize,
de::{self, DeserializeSeed, EnumAccess, Error, MapAccess, SeqAccess, VariantAccess, Visitor},
};
use time::format_description::well_known::Rfc3339;
use tracing::trace;
use crate::kmip_2_1::{
kmip_objects::{Object, ObjectType},
ttlv::{error::TtlvError, to_u32_digits, TTLVEnumeration, TTLValue, TTLV},
ttlv::{TTLV, TTLVEnumeration, TTLValue, error::TtlvError, to_u32_digits},
};
type Result<T> = std::result::Result<T, TtlvError>;
@ -130,9 +130,7 @@ impl<'de> de::Deserializer<'de> for &mut TtlvDeserializer<'de> {
{
trace!(
"deserialize_any {:?}: {:?} -> {:?}",
self.deserializing,
self.index,
self.inputs
self.deserializing, self.index, self.inputs
);
if self.deserializing == Deserializing::ByteString {
return visitor.visit_u8(self.get_bytes()?[self.index - 1])

4
crate/kmip/src/kmip_2_1/ttlv/mod.rs
View file

@ -17,11 +17,11 @@ use core::fmt;
use num_bigint_dig::BigUint;
use serde::{
Deserialize, Serialize,
de::{self, MapAccess, Visitor},
ser::{self, SerializeStruct, Serializer},
Deserialize, Serialize,
};
use time::{format_description::well_known::Rfc3339, OffsetDateTime};
use time::{OffsetDateTime, format_description::well_known::Rfc3339};
use crate::error::result::KmipResult;

22
crate/kmip/src/kmip_2_1/ttlv/serializer.rs
View file

@ -1,12 +1,12 @@
use num_bigint_dig::BigUint;
use serde::{
ser::{self, Error, SerializeSeq},
Serialize,
ser::{self, Error, SerializeSeq},
};
use tracing::{debug, trace};
use zeroize::Zeroizing;
use super::{error::TtlvError, TTLVEnumeration, TTLValue, TTLV};
use super::{TTLV, TTLVEnumeration, TTLValue, error::TtlvError};
use crate::kmip_2_1::kmip_objects::{Object, ObjectType};
type Result<T> = std::result::Result<T, TtlvError>;
@ -463,8 +463,7 @@ impl ser::SerializeSeq for &mut TTLVSerializer {
{
trace!(
"Before serialize seq element {:?} #### {:?}",
self.parents,
self.current
self.parents, self.current
);
value.serialize(&mut **self)?;
@ -490,8 +489,7 @@ impl ser::SerializeSeq for &mut TTLVSerializer {
}
trace!(
"After serialize seq element {:?} #### {:?}",
self.parents,
self.current
self.parents, self.current
);
Ok(())
}
@ -510,8 +508,7 @@ impl ser::SerializeSeq for &mut TTLVSerializer {
};
trace!(
"After serialize seq end {:?} #### {:?}",
self.parents,
self.current
self.parents, self.current
);
Ok(())
}
@ -662,8 +659,7 @@ impl ser::SerializeStruct for &mut TTLVSerializer {
key.clone_into(&mut self.current.tag);
trace!(
"Before serialize field {:?} #### {:?}",
self.parents,
self.current
self.parents, self.current
);
match value.detect() {
@ -699,8 +695,7 @@ impl ser::SerializeStruct for &mut TTLVSerializer {
}
trace!(
"After serialize field {:?} #### {:?}",
self.parents,
self.current
self.parents, self.current
);
Ok(())
}
@ -718,8 +713,7 @@ impl ser::SerializeStruct for &mut TTLVSerializer {
};
trace!(
"After serialize struct fields end {:?} #### {:?}",
self.parents,
self.current
self.parents, self.current
);
Ok(())
}

75
crate/kmip/src/kmip_2_1/ttlv/tests/mod.rs
View file

@ -1,12 +1,13 @@
use cosmian_logger::log_init;
use num_bigint_dig::BigUint;
use serde::{de::DeserializeOwned, Deserialize, Serialize};
use serde::{Deserialize, Serialize, de::DeserializeOwned};
use time::OffsetDateTime;
use tracing::trace;
use zeroize::Zeroizing;
use crate::{
error::{result::KmipResult, KmipError},
SafeBigUint,
error::{KmipError, result::KmipResult},
kmip_2_1::{
kmip_data_structures::{KeyBlock, KeyMaterial, KeyValue},
kmip_messages::{
@ -25,9 +26,8 @@ use crate::{
MessageExtension, Nonce, OperationEnumeration, ProtocolVersion,
ResultStatusEnumeration, UniqueIdentifier,
},
ttlv::{deserializer::from_ttlv, serializer::to_ttlv, TTLVEnumeration, TTLValue, TTLV},
ttlv::{TTLV, TTLVEnumeration, TTLValue, deserializer::from_ttlv, serializer::to_ttlv},
},
SafeBigUint,
};
fn aes_key_material(key_value: &[u8]) -> KeyMaterial {
@ -80,42 +80,37 @@ fn aes_key_material_ttlv(key_value: &[u8]) -> TTLV {
fn aes_key_value_ttlv(key_value: &[u8]) -> TTLV {
TTLV {
tag: "KeyValue".to_owned(),
value: TTLValue::Structure(vec![
aes_key_material_ttlv(key_value),
TTLV {
tag: "Attributes".to_owned(),
value: TTLValue::Structure(vec![
TTLV {
tag: "CryptographicAlgorithm".to_owned(),
value: TTLValue::Enumeration(TTLVEnumeration::Name("AES".to_owned())),
},
TTLV {
tag: "CryptographicLength".to_owned(),
value: TTLValue::Integer(key_value.len() as i32 * 8),
},
TTLV {
tag: "CryptographicUsageMask".to_owned(),
value: TTLValue::Integer(4),
},
TTLV {
tag: "KeyFormatType".to_owned(),
value: TTLValue::Enumeration(TTLVEnumeration::Name(
"TransparentSymmetricKey".to_owned(),
)),
},
TTLV {
tag: "ObjectType".to_owned(),
value: TTLValue::Enumeration(TTLVEnumeration::Name(
"SymmetricKey".to_owned(),
)),
},
TTLV {
tag: "Sensitive".to_owned(),
value: TTLValue::Boolean(false),
},
]),
},
]),
value: TTLValue::Structure(vec![aes_key_material_ttlv(key_value), TTLV {
tag: "Attributes".to_owned(),
value: TTLValue::Structure(vec![
TTLV {
tag: "CryptographicAlgorithm".to_owned(),
value: TTLValue::Enumeration(TTLVEnumeration::Name("AES".to_owned())),
},
TTLV {
tag: "CryptographicLength".to_owned(),
value: TTLValue::Integer(key_value.len() as i32 * 8),
},
TTLV {
tag: "CryptographicUsageMask".to_owned(),
value: TTLValue::Integer(4),
},
TTLV {
tag: "KeyFormatType".to_owned(),
value: TTLValue::Enumeration(TTLVEnumeration::Name(
"TransparentSymmetricKey".to_owned(),
)),
},
TTLV {
tag: "ObjectType".to_owned(),
value: TTLValue::Enumeration(TTLVEnumeration::Name("SymmetricKey".to_owned())),
},
TTLV {
tag: "Sensitive".to_owned(),
value: TTLValue::Boolean(false),
},
]),
}]),
}
}

4
crate/kmip/src/lib.rs
View file

@ -54,10 +54,10 @@
// required to detect generic type in Serializer
#![feature(min_specialization)]
pub use error::{result::KmipResultHelper, KmipError};
pub use error::{KmipError, result::KmipResultHelper};
mod bytes_ser_de;
pub use bytes_ser_de::{test_serialization, to_leb128_len, Deserializer, Serializer};
pub use bytes_ser_de::{Deserializer, Serializer, test_serialization, to_leb128_len};
mod data_to_encrypt;
pub use data_to_encrypt::DataToEncrypt;
mod error;

2
crate/server/build.rs
View file

@ -1,6 +1,6 @@
use std::{env, fs, path::Path};
use time::{ext::NumericalDuration, format_description::well_known::Rfc2822, OffsetDateTime};
use time::{OffsetDateTime, ext::NumericalDuration, format_description::well_known::Rfc2822};
const DEMO_TIMEOUT: i64 = 90; // 3 months in days

4
crate/server/src/config/command_line/clap_config.rs
View file

@ -6,9 +6,7 @@ use std::{
use clap::Parser;
use serde::{Deserialize, Serialize};
use super::{
HttpConfig, JwtAuthConfig, MainDBConfig, WorkspaceConfig, ui_config::UiConfig,
};
use super::{HttpConfig, JwtAuthConfig, MainDBConfig, WorkspaceConfig, ui_config::UiConfig};
use crate::{error::KmsError, result::KResult, telemetry::TelemetryConfig};
const DEFAULT_COSMIAN_KMS_CONF: &str = "/etc/cosmian/kms.toml";

2
crate/server/src/config/command_line/db.rs
View file

@ -2,7 +2,7 @@ use std::{fmt::Display, path::PathBuf};
use clap::Args;
use cloudproof_findex::Label;
use cosmian_kms_server_database::{redis_master_key_from_password, MainDbParams};
use cosmian_kms_server_database::{MainDbParams, redis_master_key_from_password};
use serde::{Deserialize, Serialize};
use url::Url;

7
crate/server/src/core/certificate/find.rs
View file

@ -1,14 +1,14 @@
use std::sync::Arc;
use cosmian_kmip::kmip_2_1::{
kmip_types::{LinkType, LinkedObjectIdentifier},
KmipOperation,
kmip_types::{LinkType, LinkedObjectIdentifier},
};
use cosmian_kms_interfaces::{ObjectWithMetadata, SessionParams};
use tracing::trace;
use crate::{
core::{retrieve_object_utils::retrieve_object_for_operation, KMS},
core::{KMS, retrieve_object_utils::retrieve_object_for_operation},
error::KmsError,
kms_bail,
result::{KResult, KResultHelper},
@ -30,8 +30,7 @@ pub(crate) async fn retrieve_issuer_private_key_and_certificate(
) -> KResult<(ObjectWithMetadata, ObjectWithMetadata)> {
trace!(
"Retrieving issuer private key and certificate: private_key_id: {:?}, certificate_id: {:?}",
private_key_id,
certificate_id
private_key_id, certificate_id
);
if let (Some(private_key_id), Some(certificate_id)) = (&private_key_id, &certificate_id) {
// Retrieve the certificate

2
crate/server/src/core/cover_crypt/create_user_decryption_key.rs
View file

@ -1,6 +1,6 @@
use std::sync::Arc;
use cosmian_cover_crypt::{api::Covercrypt, MasterSecretKey};
use cosmian_cover_crypt::{MasterSecretKey, api::Covercrypt};
use cosmian_crypto_core::bytes_ser_de::Serializable;
use cosmian_kmip::kmip_2_1::{
kmip_objects::{Object, ObjectType},

2
crate/server/src/core/cover_crypt/destroy_user_decryption_keys.rs
View file

@ -5,7 +5,7 @@ use cosmian_kms_interfaces::SessionParams;
use super::locate_usk;
use crate::{
core::{operations::recursively_destroy_object, KMS},
core::{KMS, operations::recursively_destroy_object},
result::KResult,
};

2
crate/server/src/core/cover_crypt/locate_user_decryption_keys.rs
View file

@ -13,7 +13,7 @@ use cosmian_kms_crypto::crypto::cover_crypt::attributes::qualified_attributes_as
use cosmian_kms_interfaces::SessionParams;
use crate::{
core::{operations, KMS},
core::{KMS, operations},
result::KResult,
};

6
crate/server/src/core/cover_crypt/rekey_keys.rs
View file

@ -1,15 +1,15 @@
use std::{ops::AsyncFn, sync::Arc};
use cosmian_cover_crypt::{api::Covercrypt, MasterPublicKey, MasterSecretKey};
use cosmian_cover_crypt::{MasterPublicKey, MasterSecretKey, api::Covercrypt};
use cosmian_kmip::kmip_2_1::{
kmip_objects::{Object, ObjectType},
kmip_operations::{ErrorReason, Get, Import, ReKeyKeyPairResponse},
kmip_types::{LinkType, StateEnumeration, UniqueIdentifier},
};
use cosmian_kms_crypto::crypto::cover_crypt::{
attributes::{deserialize_access_policy, RekeyEditAction},
attributes::{RekeyEditAction, deserialize_access_policy},
master_keys::{
cc_master_keypair_from_kmip_objects, kmip_objects_from_cc_master_keypair, KmipKeyUidObject,
KmipKeyUidObject, cc_master_keypair_from_kmip_objects, kmip_objects_from_cc_master_keypair,
},
user_key::UserDecryptionKeysHandler,
};

2
crate/server/src/core/cover_crypt/revoke_user_decryption_keys.rs
View file

@ -5,7 +5,7 @@ use cosmian_kms_interfaces::SessionParams;
use super::locate_usk;
use crate::{
core::{operations::recursively_revoke_key, KMS},
core::{KMS, operations::recursively_revoke_key},
result::KResult,
};

2
crate/server/src/core/kms/kmip.rs
View file

@ -15,7 +15,7 @@ use cosmian_kmip::kmip_2_1::{
use cosmian_kms_interfaces::SessionParams;
use crate::{
core::{operations, KMS},
core::{KMS, operations},
result::KResult,
};

2
crate/server/src/core/kms/mod.rs
View file

@ -4,7 +4,7 @@ mod permissions;
use std::{collections::HashMap, sync::Arc};
use cosmian_kms_interfaces::{EncryptionOracle, HsmEncryptionOracle, HsmStore, ObjectsStore, HSM};
use cosmian_kms_interfaces::{EncryptionOracle, HSM, HsmEncryptionOracle, HsmStore, ObjectsStore};
use cosmian_kms_server_database::Database;
#[cfg(all(target_os = "linux", target_arch = "x86_64"))]
use proteccio_pkcs11_loader::Proteccio;

4
crate/server/src/core/kms/other_kms_methods.rs
View file

@ -2,8 +2,8 @@ use std::{collections::HashSet, fs, sync::Arc};
use actix_web::HttpRequest;
use base64::{
engine::general_purpose::{self, STANDARD as b64},
Engine as _,
engine::general_purpose::{self, STANDARD as b64},
};
use cosmian_cover_crypt::api::Covercrypt;
use cosmian_kmip::kmip_2_1::{
@ -23,7 +23,7 @@ use uuid::Uuid;
use zeroize::Zeroizing;
use crate::{
core::{cover_crypt::create_user_decryption_key, wrapping::unwrap_key, KMS},
core::{KMS, cover_crypt::create_user_decryption_key, wrapping::unwrap_key},
error::KmsError,
kms_bail,
result::{KResult, KResultHelper},

2
crate/server/src/core/operations/certify/issuer.rs
View file

@ -2,7 +2,7 @@ use cosmian_kmip::kmip_2_1::kmip_types::UniqueIdentifier;
use openssl::{
asn1::Asn1TimeRef,
pkey::{PKey, PKeyRef, Private},
x509::{X509NameRef, X509Ref, X509},
x509::{X509, X509NameRef, X509Ref},
};
/// A certificate Issuer is constructed from a unique identifier and

6
crate/server/src/core/operations/certify/mod.rs
View file

@ -9,6 +9,7 @@ use cosmian_kmip::kmip_2_1::extra::fips::{
#[cfg(feature = "fips")]
use cosmian_kmip::kmip_2_1::kmip_types::{CryptographicAlgorithm, CryptographicUsageMask};
use cosmian_kmip::kmip_2_1::{
KmipOperation,
extra::{VENDOR_ATTR_X509_EXTENSION, VENDOR_ID_COSMIAN},
kmip_objects::{Object, ObjectType},
kmip_operations::{Certify, CertifyResponse, CreateKeyPair},
@ -16,7 +17,6 @@ use cosmian_kmip::kmip_2_1::{
Attributes, CertificateRequestType, KeyFormatType, LinkType, LinkedObjectIdentifier,
StateEnumeration, UniqueIdentifier,
},
KmipOperation,
};
use cosmian_kms_crypto::openssl::{
certificate_attributes_to_subject_name, kmip_certificate_to_openssl,
@ -29,12 +29,13 @@ use openssl::{
hash::MessageDigest,
pkey::Id,
sha::Sha1,
x509::{X509Req, X509},
x509::{X509, X509Req},
};
use tracing::{debug, info, trace};
use crate::{
core::{
KMS,
certificate::retrieve_issuer_private_key_and_certificate,
operations::{
certify::{
@ -44,7 +45,6 @@ use crate::{
create_key_pair::generate_key_pair_and_tags,
},
retrieve_object_utils::retrieve_object_for_operation,
KMS,
},
error::KmsError,
kms_bail,

2
crate/server/src/core/operations/certify/subject.rs
View file

@ -11,7 +11,7 @@ use cosmian_kms_crypto::openssl::{kmip_public_key_to_openssl, openssl_certificat
use cosmian_kms_interfaces::ObjectWithMetadata;
use openssl::{
pkey::{PKey, Public},
x509::{X509Extension, X509Name, X509NameRef, X509Req, X509},
x509::{X509, X509Extension, X509Name, X509NameRef, X509Req},
};
use crate::{kms_error, result::KResult};

2
crate/server/src/core/operations/create.rs
View file

@ -11,7 +11,7 @@ use cosmian_kms_server_database::CachedUnwrappedObject;
use tracing::{debug, trace};
use crate::{
core::{wrapping::wrap_key, KMS},
core::{KMS, wrapping::wrap_key},
error::KmsError,
kms_bail,
result::KResult,

6
crate/server/src/core/operations/create_key_pair.rs
View file

@ -7,15 +7,15 @@ use cosmian_kmip::kmip_2_1::{
};
#[cfg(not(feature = "fips"))]
use cosmian_kms_crypto::crypto::elliptic_curves::operation::{
create_x25519_key_pair, create_x448_key_pair,
create_x448_key_pair, create_x25519_key_pair,
};
use cosmian_kms_crypto::crypto::{
KeyPair,
cover_crypt::master_keys::create_master_keypair,
elliptic_curves::operation::{
create_approved_ecc_key_pair, create_ed25519_key_pair, create_ed448_key_pair,
create_approved_ecc_key_pair, create_ed448_key_pair, create_ed25519_key_pair,
},
rsa::operation::create_rsa_key_pair,
KeyPair,
};
use cosmian_kms_interfaces::{AtomicOperation, SessionParams};
#[cfg(not(feature = "fips"))]

4
crate/server/src/core/operations/delete_attribute.rs
View file

@ -1,15 +1,15 @@
use std::sync::Arc;
use cosmian_kmip::kmip_2_1::{
KmipOperation,
kmip_operations::{DeleteAttribute, DeleteAttributeResponse},
kmip_types::{Attribute, AttributeReference, Tag, UniqueIdentifier},
KmipOperation,
};
use cosmian_kms_interfaces::SessionParams;
use tracing::trace;
use crate::{
core::{retrieve_object_utils::retrieve_object_for_operation, KMS},
core::{KMS, retrieve_object_utils::retrieve_object_for_operation},
error::KmsError,
result::{KResult, KResultHelper},
};

4
crate/server/src/core/operations/destroy.rs
View file

@ -2,11 +2,11 @@ use std::{collections::HashSet, sync::Arc};
use async_recursion::async_recursion;
use cosmian_kmip::kmip_2_1::{
KmipOperation,
kmip_data_structures::{KeyMaterial, KeyValue},
kmip_objects::{Object, ObjectType},
kmip_operations::{Destroy, DestroyResponse, ErrorReason},
kmip_types::{Attributes, KeyFormatType, LinkType, StateEnumeration, UniqueIdentifier},
KmipOperation,
};
use cosmian_kms_interfaces::SessionParams;
use tracing::{debug, trace};
@ -14,9 +14,9 @@ use zeroize::Zeroizing;
use crate::{
core::{
KMS,
cover_crypt::destroy_user_decryption_keys,
uid_utils::{has_prefix, uids_from_unique_identifier},
KMS,
},
error::KmsError,
kms_bail,

2
crate/server/src/core/operations/dispatch.rs
View file

@ -6,7 +6,7 @@ use cosmian_kmip::kmip_2_1::{
GetAttributes, Hash, Import, Locate, Mac, Operation, ReKey, ReKeyKeyPair, Revoke,
SetAttribute, Validate,
},
ttlv::{deserializer::from_ttlv, TTLV},
ttlv::{TTLV, deserializer::from_ttlv},
};
use cosmian_kms_interfaces::SessionParams;

10
crate/server/src/core/operations/encrypt.rs
View file

@ -2,7 +2,9 @@ use std::sync::Arc;
use cosmian_cover_crypt::api::Covercrypt;
use cosmian_kmip::{
KmipError,
kmip_2_1::{
KmipOperation,
extra::BulkData,
kmip_objects::Object,
kmip_operations::{Encrypt, EncryptResponse, ErrorReason},
@ -10,9 +12,7 @@ use cosmian_kmip::{
CryptographicAlgorithm, CryptographicParameters, CryptographicUsageMask, KeyFormatType,
PaddingMethod, StateEnumeration, UniqueIdentifier,
},
KmipOperation,
},
KmipError,
};
#[cfg(not(feature = "fips"))]
use cosmian_kms_crypto::crypto::elliptic_curves::ecies::ecies_encrypt;
@ -20,13 +20,13 @@ use cosmian_kms_crypto::crypto::elliptic_curves::ecies::ecies_encrypt;
use cosmian_kms_crypto::crypto::rsa::ckm_rsa_pkcs::ckm_rsa_pkcs_encrypt;
use cosmian_kms_crypto::{
crypto::{
EncryptionSystem,
cover_crypt::encryption::CoverCryptEncryption,
rsa::{
ckm_rsa_aes_key_wrap::ckm_rsa_aes_key_wrap,
ckm_rsa_pkcs_oaep::ckm_rsa_pkcs_oaep_encrypt, default_cryptographic_parameters,
},
symmetric::symmetric_ciphers::{encrypt as sym_encrypt, random_nonce, SymCipher},
EncryptionSystem,
symmetric::symmetric_ciphers::{SymCipher, encrypt as sym_encrypt, random_nonce},
},
openssl::kmip_public_key_to_openssl,
};
@ -40,8 +40,8 @@ use zeroize::Zeroizing;
use crate::{
core::{
uid_utils::{has_prefix, uids_from_unique_identifier},
KMS,
uid_utils::{has_prefix, uids_from_unique_identifier},
},
error::KmsError,
kms_bail,

4
crate/server/src/core/operations/export.rs
View file

@ -1,14 +1,14 @@
use std::sync::Arc;
use cosmian_kmip::kmip_2_1::{
kmip_operations::{Export, ExportResponse},
KmipOperation,
kmip_operations::{Export, ExportResponse},
};
use cosmian_kms_interfaces::SessionParams;
use tracing::trace;
use crate::{
core::{operations::export_get, KMS},
core::{KMS, operations::export_get},
result::KResult,
};

4
crate/server/src/core/operations/get.rs
View file

@ -1,14 +1,14 @@
use std::sync::Arc;
use cosmian_kmip::kmip_2_1::{
kmip_operations::{Get, GetResponse},
KmipOperation,
kmip_operations::{Get, GetResponse},
};
use cosmian_kms_interfaces::SessionParams;
use tracing::trace;
use crate::{
core::{operations::export_get, KMS},
core::{KMS, operations::export_get},
result::KResult,
};

6
crate/server/src/core/operations/get_attributes.rs
View file

@ -1,14 +1,14 @@
use std::sync::Arc;
use cosmian_kmip::kmip_2_1::{
extra::{tagging::VENDOR_ATTR_TAG, VENDOR_ID_COSMIAN},
KmipOperation,
extra::{VENDOR_ID_COSMIAN, tagging::VENDOR_ATTR_TAG},
kmip_objects::Object,
kmip_operations::{GetAttributes, GetAttributesResponse},
kmip_types::{
AttributeReference, Attributes, KeyFormatType, LinkType, Tag, UniqueIdentifier,
VendorAttribute, VendorAttributeReference,
},
KmipOperation,
};
use cosmian_kms_crypto::openssl::{kmip_private_key_to_openssl, kmip_public_key_to_openssl};
use cosmian_kms_interfaces::SessionParams;
@ -17,11 +17,11 @@ use tracing::{debug, trace};
use crate::{
core::{
KMS,
operations::export_get::{
openssl_private_key_to_kmip_default_format, openssl_public_key_to_kmip_default_format,
},
retrieve_object_utils::retrieve_object_for_operation,
KMS,
},
error::KmsError,
result::{KResult, KResultHelper},

90
crate/server/src/core/operations/import.rs
View file

@ -27,7 +27,7 @@ use tracing::{debug, trace};
use uuid::Uuid;
use crate::{
core::{wrapping::unwrap_key, KMS},
core::{KMS, wrapping::unwrap_key},
error::KmsError,
kms_bail,
result::KResult,
@ -118,16 +118,13 @@ pub(crate) async fn process_symmetric_key(
uid => uid,
};
Ok((
uid.clone(),
vec![single_operation(
tags,
replace_existing,
object,
attributes,
uid,
)],
))
Ok((uid.clone(), vec![single_operation(
tags,
replace_existing,
object,
attributes,
uid,
)]))
}
fn process_certificate(request: Import) -> Result<(String, Vec<AtomicOperation>), KmsError> {
@ -182,16 +179,13 @@ fn process_certificate(request: Import) -> Result<(String, Vec<AtomicOperation>)
..Attributes::default()
};
Ok((
uid.clone(),
vec![single_operation(
user_tags,
replace_existing,
object,
certificate_attributes,
uid,
)],
))
Ok((uid.clone(), vec![single_operation(
user_tags,
replace_existing,
object,
certificate_attributes,
uid,
)]))
}
async fn process_public_key(
@ -260,16 +254,13 @@ async fn process_public_key(
uid => uid,
};
Ok((
uid.clone(),
vec![single_operation(
tags,
replace_existing,
object,
attributes,
uid,
)],
))
Ok((uid.clone(), vec![single_operation(
tags,
replace_existing,
object,
attributes,
uid,
)]))
}
async fn process_private_key(
@ -323,16 +314,13 @@ async fn process_private_key(
uid => uid,
};
return Ok((
uid.clone(),
vec![single_operation(
tags,
replace_existing,
object,
attributes,
uid,
)],
))
return Ok((uid.clone(), vec![single_operation(
tags,
replace_existing,
object,
attributes,
uid,
)]))
}
// PKCS12 have their own processing
@ -355,16 +343,13 @@ async fn process_private_key(
&mut attributes,
request.unique_identifier.as_str().unwrap_or_default(),
)?;
Ok((
sk_uid.clone(),
vec![single_operation(
sk_tags,
replace_existing,
sk,
attributes,
sk_uid,
)],
))
Ok((sk_uid.clone(), vec![single_operation(
sk_tags,
replace_existing,
sk,
attributes,
sk_uid,
)]))
}
/// Convert an openssl private key to a KMIP private key
@ -647,8 +632,7 @@ pub(crate) fn upsert_imported_links_in_attributes(
) {
trace!(
"Upserting imported links in attributes: existing attributes links={:?}, links_to_add={:?}",
attributes.link,
links_to_add.link
attributes.link, links_to_add.link
);
if let Some(new_links) = links_to_add.link.as_ref() {
for new_link in new_links {

6
crate/server/src/core/operations/mac.rs
View file

@ -1,16 +1,16 @@
use std::sync::Arc;
use cosmian_kmip::kmip_2_1::{
KmipOperation,
kmip_operations::{Mac, MacResponse},
kmip_types::{HashingAlgorithm, UniqueIdentifier},
KmipOperation,
};
use cosmian_kms_interfaces::SessionParams;
use openssl::{md::Md, md_ctx::MdCtx, pkey::PKey};
use tracing::{debug, trace};
use crate::{
core::{retrieve_object_utils::retrieve_object_for_operation, KMS},
core::{KMS, retrieve_object_utils::retrieve_object_for_operation},
error::KmsError,
kms_bail,
result::{KResult, KResultHelper},
@ -102,7 +102,7 @@ mod tests {
use crate::{
config::ServerParams,
core::{operations::mac::compute_hmac, KMS},
core::{KMS, operations::mac::compute_hmac},
result::KResult,
tests::test_utils::https_clap_config,
};

2
crate/server/src/core/operations/message.rs
View file

@ -10,7 +10,7 @@ use cosmian_kms_interfaces::SessionParams;
use tracing::trace;
use crate::{
core::{operations::dispatch, KMS},
core::{KMS, operations::dispatch},
error::KmsError,
result::KResult,
};

2
crate/server/src/core/operations/rekey.rs
View file

@ -9,7 +9,7 @@ use cosmian_kms_interfaces::SessionParams;
use tracing::{debug, trace};
use crate::{
core::{operations::import::process_symmetric_key, KMS},
core::{KMS, operations::import::process_symmetric_key},
error::KmsError,
kms_bail,
result::{KResult, KResultHelper},

2
crate/server/src/core/operations/rekey_keypair.rs
View file

@ -11,7 +11,7 @@ use cosmian_kms_interfaces::SessionParams;
use tracing::trace;
use crate::{
core::{cover_crypt::rekey_keypair_cover_crypt, KMS},
core::{KMS, cover_crypt::rekey_keypair_cover_crypt},
error::KmsError,
kms_bail,
result::{KResult, KResultHelper},

4
crate/server/src/core/operations/revoke.rs
View file

@ -2,22 +2,22 @@ use std::{collections::HashSet, sync::Arc};
use async_recursion::async_recursion;
use cosmian_kmip::kmip_2_1::{
KmipOperation,
kmip_objects::ObjectType,
kmip_operations::{ErrorReason, Revoke, RevokeResponse},
kmip_types::{
KeyFormatType, LinkType, RevocationReason, RevocationReasonEnumeration, StateEnumeration,
UniqueIdentifier,
},
KmipOperation,
};
use cosmian_kms_interfaces::SessionParams;
use tracing::{debug, trace};
use crate::{
core::{
KMS,
cover_crypt::revoke_user_decryption_keys,
uid_utils::{has_prefix, uids_from_unique_identifier},
KMS,
},
error::KmsError,
kms_bail,

4
crate/server/src/core/operations/set_attribute.rs
View file

@ -1,16 +1,16 @@
use std::sync::Arc;
use cosmian_kmip::kmip_2_1::{
KmipOperation,
kmip_objects::ObjectType,
kmip_operations::{SetAttribute, SetAttributeResponse},
kmip_types::{Attribute, UniqueIdentifier},
KmipOperation,
};
use cosmian_kms_interfaces::{ObjectWithMetadata, SessionParams};
use tracing::{debug, trace};
use crate::{
core::{retrieve_object_utils::retrieve_object_for_operation, KMS},
core::{KMS, retrieve_object_utils::retrieve_object_for_operation},
error::KmsError,
result::{KResult, KResultHelper},
};

8
crate/server/src/core/operations/validate.rs
View file

@ -5,24 +5,24 @@ use std::{
};
use cosmian_kmip::kmip_2_1::{
KmipOperation,
kmip_objects::Object,
kmip_operations::{Validate, ValidateResponse},
kmip_types::{UniqueIdentifier, ValidityIndicator},
KmipOperation,
};
use cosmian_kms_interfaces::SessionParams;
use openssl::{
asn1::Asn1Time,
stack::Stack,
x509::{
store::X509StoreBuilder, CrlStatus, DistPointNameRef, DistPointRef, GeneralNameRef,
X509Crl, X509StoreContext, X509,
CrlStatus, DistPointNameRef, DistPointRef, GeneralNameRef, X509, X509Crl, X509StoreContext,
store::X509StoreBuilder,
},
};
use tracing::{debug, trace, warn};
use crate::{
core::{retrieve_object_utils::retrieve_object_for_operation, KMS},
core::{KMS, retrieve_object_utils::retrieve_object_for_operation},
error::KmsError,
result::KResult,
};

2
crate/server/src/core/retrieve_object_utils.rs
View file

@ -1,7 +1,7 @@
use std::sync::Arc;
use cosmian_kmip::kmip_2_1::{
kmip_operations::ErrorReason, kmip_types::StateEnumeration, KmipOperation,
KmipOperation, kmip_operations::ErrorReason, kmip_types::StateEnumeration,
};
use cosmian_kms_interfaces::{ObjectWithMetadata, SessionParams};
use tracing::trace;

4
crate/server/src/core/wrapping/unwrap.rs
View file

@ -1,10 +1,10 @@
use std::sync::Arc;
use cosmian_kmip::kmip_2_1::{
KmipOperation,
kmip_data_structures::KeyBlock,
kmip_objects::ObjectType,
kmip_types::{CryptographicUsageMask, LinkType, StateEnumeration},
KmipOperation,
};
use cosmian_kms_crypto::crypto::wrap::{
recover_wrapped_key, unwrap_key_block, update_key_block_with_unwrapped_key,
@ -13,7 +13,7 @@ use cosmian_kms_interfaces::SessionParams;
use tracing::debug;
use crate::{
core::{uid_utils::has_prefix, KMS},
core::{KMS, uid_utils::has_prefix},
error::KmsError,
kms_bail,
result::{KResult, KResultHelper},

4
crate/server/src/core/wrapping/wrap.rs
View file

@ -1,10 +1,10 @@
use std::sync::Arc;
use cosmian_kmip::kmip_2_1::{
KmipOperation,
kmip_data_structures::{KeyBlock, KeyWrappingSpecification},
kmip_objects::ObjectType,
kmip_types::{CryptographicUsageMask, LinkType, StateEnumeration},
KmipOperation,
};
use cosmian_kms_crypto::crypto::wrap::{
key_data_to_wrap, update_key_block_with_wrapped_key, wrap_key_block,
@ -13,7 +13,7 @@ use cosmian_kms_interfaces::SessionParams;
use tracing::debug;
use crate::{
core::{uid_utils::has_prefix, KMS},
core::{KMS, uid_utils::has_prefix},
error::KmsError,
kms_bail,
result::{KResult, KResultHelper},

2
crate/server/src/middlewares/api_token_auth.rs
View file

@ -2,10 +2,10 @@ use std::{rc::Rc, sync::Arc};
use actix_service::Service;
use actix_web::{
Error, HttpResponse,
body::{BoxBody, EitherBody},
dev::{ServiceRequest, ServiceResponse},
http::header,
Error, HttpResponse,
};
use base64::Engine;
use cosmian_kmip::kmip_2_1::{

2
crate/server/src/middlewares/jwt_token_auth.rs
View file

@ -3,10 +3,10 @@ use std::{rc::Rc, sync::Arc};
use actix_identity::Identity;
use actix_service::Service;
use actix_web::{
Error, FromRequest, HttpMessage, HttpResponse,
body::{BoxBody, EitherBody},
dev::{ServiceRequest, ServiceResponse},
http::header,
Error, FromRequest, HttpMessage, HttpResponse,
};
use tracing::{debug, error, trace};

6
crate/server/src/middlewares/main.rs
View file

@ -7,17 +7,17 @@ use std::{
use actix_service::{Service, Transform};
use actix_web::{
Error, HttpMessage,
body::{BoxBody, EitherBody},
dev::{ServiceRequest, ServiceResponse},
Error, HttpMessage,
};
use futures::{
future::{ok, Ready},
Future,
future::{Ready, ok},
};
use tracing::debug;
use super::{manage_api_token_request, manage_jwt_request, PeerCommonName};
use super::{PeerCommonName, manage_api_token_request, manage_jwt_request};
use crate::{core::KMS, middlewares::jwt::JwtConfig};
#[derive(Clone)]

4
crate/server/src/middlewares/mod.rs
View file

@ -2,10 +2,10 @@ mod main;
pub(crate) use main::AuthTransformer;
mod jwt_token_auth;
pub(crate) use jwt_token_auth::{manage_jwt_request, JwtAuthClaim};
pub(crate) use jwt_token_auth::{JwtAuthClaim, manage_jwt_request};
mod ssl_auth;
pub(crate) use ssl_auth::{extract_peer_certificate, PeerCommonName, SslAuth};
pub(crate) use ssl_auth::{PeerCommonName, SslAuth, extract_peer_certificate};
mod jwt;
pub(crate) use jwt::{JwtConfig, JwtTokenHeaders, UserClaim};

4
crate/server/src/middlewares/ssl_auth.rs
View file

@ -7,14 +7,14 @@ use std::{
use actix_service::{Service, Transform};
use actix_tls::accept::openssl::TlsStream;
use actix_web::{
Error, HttpMessage, HttpResponse,
body::{BoxBody, EitherBody},
dev::{Extensions, ServiceRequest, ServiceResponse},
rt::net::TcpStream,
Error, HttpMessage, HttpResponse,
};
use futures::{
future::{ok, Ready},
Future,
future::{Ready, ok},
};
use openssl::{nid::Nid, x509::X509};
use tracing::{debug, error, trace};

3
crate/server/src/routes/access.rs
View file

@ -1,9 +1,8 @@
use std::sync::Arc;
use actix_web::{
get, post,
HttpRequest, get, post,
web::{Data, Json, Path},
HttpRequest,
};
use cosmian_kmip::kmip_2_1::kmip_types::UniqueIdentifier;
use cosmian_kms_access::access::{

2
crate/server/src/routes/google_cse/jwt.rs
View file

@ -350,7 +350,7 @@ mod tests {
routes::google_cse::{
self,
jwt::{
decode_jwt_authorization_token, jwt_authorization_config, JWKS_URI, JWT_ISSUER_URI,
JWKS_URI, JWT_ISSUER_URI, decode_jwt_authorization_token, jwt_authorization_config,
},
operations::WrapRequest,
},

5
crate/server/src/routes/google_cse/mod.rs
View file

@ -2,9 +2,8 @@ use core::fmt;
use std::sync::Arc;
use actix_web::{
get, post,
HttpRequest, HttpResponse, ResponseError, get, post,
web::{Data, Json},
HttpRequest, HttpResponse, ResponseError,
};
use serde::{Deserialize, Serialize};
use tracing::{debug, info, trace};
@ -14,7 +13,7 @@ use crate::{core::KMS, error::KmsError, result::KResult};
mod jwt;
pub mod operations;
pub use jwt::{jwt_authorization_config, list_jwks_uri, GoogleCseConfig};
pub use jwt::{GoogleCseConfig, jwt_authorization_config, list_jwks_uri};
use self::operations::{
DigestRequest, PrivilegedPrivateKeyDecryptRequest, PrivilegedUnwrapRequest,

4
crate/server/src/routes/google_cse/operations.rs
View file

@ -1,6 +1,6 @@
use std::sync::Arc;
use base64::{engine::general_purpose, Engine};
use base64::{Engine, engine::general_purpose};
use clap::crate_version;
use cosmian_kmip::kmip_2_1::{
kmip_operations::{Decrypt, Encrypt},
@ -21,8 +21,8 @@ use zeroize::Zeroizing;
use super::GoogleCseConfig;
use crate::{
core::{
operations::{decrypt, encrypt},
KMS,
operations::{decrypt, encrypt},
},
error::KmsError,
kms_ensure,

7
crate/server/src/routes/kmip.rs
View file

@ -1,19 +1,18 @@
use std::sync::Arc;
use actix_web::{
post,
HttpRequest, post,
web::{Data, Json},
HttpRequest,
};
use cosmian_kmip::kmip_2_1::{
kmip_messages::Message,
ttlv::{deserializer::from_ttlv, serializer::to_ttlv, TTLV},
ttlv::{TTLV, deserializer::from_ttlv, serializer::to_ttlv},
};
use cosmian_kms_interfaces::SessionParams;
use tracing::info;
use crate::{
core::{operations::dispatch, KMS},
core::{KMS, operations::dispatch},
result::KResult,
};

Some files were not shown because too many files have changed in this diff Show more