From 91619bed5455ee2fecc1bb0f33b9c3d955bb1c77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sosth=C3=A8ne=20Gu=C3=A9don?= Date: Thu, 23 May 2024 18:06:27 +0200 Subject: [PATCH] Core api: make the configuration of the SE050 lazy. This is a performance improvement for commands that should not touch the se050 and at the same time a stability improvement as more commands will work even if initialization fails --- src/core_api.rs | 59 +++++++++++++++++++++++++++++-------------------- src/manage.rs | 10 ++++----- src/staging.rs | 5 +++++ 3 files changed, 45 insertions(+), 29 deletions(-) diff --git a/src/core_api.rs b/src/core_api.rs index d3ee366..e2918cb 100644 --- a/src/core_api.rs +++ b/src/core_api.rs @@ -2982,28 +2982,39 @@ impl> Se050Backend { request: &Request, resources: &mut ServiceResources

, ) -> Result { - self.configure()?; - // FIXME: Have a real implementation from trussed let mut backend_path = core_ctx.path.clone(); backend_path.push(&PathBuf::from(BACKEND_DIR)); backend_path.push(&PathBuf::from(CORE_DIR)); - /// Coerce an FnMut into a FnOnce to ensure the stores are not created twice by mistake - fn once( - generator: impl FnMut(&mut ServiceResources

, &mut CoreContext) -> R, + /// Coerce an Fn* into a FnOnce to ensure the stores are not created twice by mistake + fn once2( + generator: impl FnOnce(&mut ServiceResources

, &mut CoreContext) -> R, ) -> impl FnOnce(&mut ServiceResources

, &mut CoreContext) -> R { generator } - let core_keystore = once(|resources, core_ctx| resources.keystore(core_ctx.path.clone())); - let se050_keystore = once(|resources, _core_ctx| resources.keystore(backend_path.clone())); + fn once(generator: impl FnOnce() -> R) -> impl FnOnce() -> R { + generator + } + + let core_keystore = once2(|resources, core_ctx| resources.keystore(core_ctx.path.clone())); + let se050_keystore = once2(|resources, _core_ctx| resources.keystore(backend_path.clone())); let backend_ctx = backend_ctx.with_namespace(&self.ns, &core_ctx.path); let ns = backend_ctx.ns; + let this = once(move || { + self.configure() + .map_err(|_err| { + error!("Failed to configure SE050: {_err:?}"); + Error::FunctionFailed + }) + .map(|()| self) + }); + Ok(match request { - Request::RandomBytes(request::RandomBytes { count }) => self.random_bytes(*count)?, - Request::Agree(req) if supported(req.mechanism) => self + Request::RandomBytes(request::RandomBytes { count }) => this()?.random_bytes(*count)?, + Request::Agree(req) if supported(req.mechanism) => this()? .agree( req, &mut core_keystore(resources, core_ctx)?, @@ -3011,7 +3022,7 @@ impl> Se050Backend { ns, )? .into(), - Request::Decrypt(req) if supported(req.mechanism) => self + Request::Decrypt(req) if supported(req.mechanism) => this()? .decrypt( req.key, req.mechanism, @@ -3020,7 +3031,7 @@ impl> Se050Backend { ns, )? .into(), - Request::DeriveKey(req) if supported(req.mechanism) => self + Request::DeriveKey(req) if supported(req.mechanism) => this()? .derive_key( req, &mut core_keystore(resources, core_ctx)?, @@ -3028,22 +3039,22 @@ impl> Se050Backend { ns, )? .into(), - Request::Encrypt(req) if supported(req.mechanism) => self + Request::Encrypt(req) if supported(req.mechanism) => this()? .encrypt(req, &mut core_keystore(resources, core_ctx)?, ns)? .into(), - Request::DeserializeKey(req) if supported(req.mechanism) => self + Request::DeserializeKey(req) if supported(req.mechanism) => this()? .deserialize_key(req, &mut core_keystore(resources, core_ctx)?)? .into(), - Request::SerializeKey(req) if supported(req.mechanism) => self + Request::SerializeKey(req) if supported(req.mechanism) => this()? .serialize_key(req, &mut core_keystore(resources, core_ctx)?)? .into(), - Request::Delete(request::Delete { key }) => self + Request::Delete(request::Delete { key }) => this()? .delete(key, ns, &mut se050_keystore(resources, core_ctx)?)? .into(), - Request::Clear(req) => self + Request::Clear(req) => this()? .clear(req, &mut se050_keystore(resources, core_ctx)?, ns)? .into(), - Request::DeleteAllKeys(req) => self + Request::DeleteAllKeys(req) => this()? .delete_all_keys( req, &mut core_keystore(resources, core_ctx)?, @@ -3051,19 +3062,19 @@ impl> Se050Backend { ns, )? .into(), - Request::Exists(req) if supported(req.mechanism) => self + Request::Exists(req) if supported(req.mechanism) => this()? .exists(req, &mut se050_keystore(resources, core_ctx)?, ns)? .into(), - Request::GenerateKey(req) if supported(req.mechanism) => self + Request::GenerateKey(req) if supported(req.mechanism) => this()? .generate_key(req, &mut se050_keystore(resources, core_ctx)?, ns)? .into(), - Request::Sign(req) if supported(req.mechanism) => self + Request::Sign(req) if supported(req.mechanism) => this()? .sign(req, &mut se050_keystore(resources, core_ctx)?, ns)? .into(), - Request::UnsafeInjectKey(req) if supported(req.mechanism) => self + Request::UnsafeInjectKey(req) if supported(req.mechanism) => this()? .unsafe_inject_key(req, &mut se050_keystore(resources, core_ctx)?, ns)? .into(), - Request::UnwrapKey(req) => self + Request::UnwrapKey(req) => this()? .unwrap_key( req, &mut core_keystore(resources, core_ctx)?, @@ -3071,10 +3082,10 @@ impl> Se050Backend { ns, )? .into(), - Request::Verify(req) if supported(req.mechanism) => self + Request::Verify(req) if supported(req.mechanism) => this()? .verify(req, &mut core_keystore(resources, core_ctx)?, ns)? .into(), - Request::WrapKey(req) => self + Request::WrapKey(req) => this()? .wrap_key( req, &mut core_keystore(resources, core_ctx)?, diff --git a/src/manage.rs b/src/manage.rs index 9bd4936..3c6b3fa 100644 --- a/src/manage.rs +++ b/src/manage.rs @@ -28,11 +28,6 @@ impl> ExtensionImpl for Se0 request: &::Request, _resources: &mut ServiceResources

, ) -> Result<::Reply, Error> { - self.configure().map_err(|err| { - debug!("Failed to enable for management: {err:?}"); - err - })?; - debug!("Runnig manage request: {request:?}"); match request { Se050ManageRequest::Info(InfoRequest) => { @@ -98,6 +93,11 @@ impl> ExtensionImpl for Se0 .into()) } Se050ManageRequest::TestSe050(_) => { + self.configure().map_err(|err| { + debug!("Failed to enable for test: {err:?}"); + err + })?; + let mut buf = [b'a'; 128]; let mut reply = Bytes::new(); let atr = self.enable()?; diff --git a/src/staging.rs b/src/staging.rs index a1d9432..60764f9 100644 --- a/src/staging.rs +++ b/src/staging.rs @@ -31,6 +31,11 @@ impl> ExtensionImpl request: &WrapKeyToFileRequest, resources: &mut ServiceResources

, ) -> Result { + self.configure().map_err(|err| { + debug!("Failed to enable for wrapkey: {err:?}"); + err + })?; + // FIXME: Have a real implementation from trussed let mut backend_path = core_ctx.path.clone(); backend_path.push(&PathBuf::from(BACKEND_DIR));