Skip to content

refactor(pkcs11): TedgeP11Service#3751

Merged
Bravo555 merged 3 commits intothin-edge:mainfrom
Bravo555:refactor/pkcs11-p11-service
Aug 6, 2025
Merged

refactor(pkcs11): TedgeP11Service#3751
Bravo555 merged 3 commits intothin-edge:mainfrom
Bravo555:refactor/pkcs11-p11-service

Conversation

@Bravo555
Copy link
Copy Markdown
Member

@Bravo555 Bravo555 commented Jul 31, 2025

Proposed changes

Create a TedgeP11Service trait for a standard interface implemented by both Cryptoki (direct interaction with P11 modules) and TedgeP11Client.

In #3709, to create keys we can use TedgeP11Client or Cryptoki directly. However, to not have to branch unnecessarily, we'd like these both to have the same interface for creating keys. With previous design this was not possible, as the only trait we had was TedgeP11Signer which represented an already present signing key located on the token, but we wanted to create a new one.

The new TedgeP11Service (name reused from a previous trait) is the main top-level trait for all P11-related operations (not only signing, but in #3709 also creating new keys, and in the future maybe also listing all the keys on the token), implemented both by Cryptoki and TedgeP11Client.

One additional advantage is now, TedgeP11Server uses Cryptoki using its TedgeP11Service API the same as we would directly by other callers, so we achieved some additional deduplication.

Types of changes

  • Bugfix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Improvement (general improvements like code refactoring that doesn't explicitly fix a bug or add any new functionality)
  • Documentation Update (if none of the other choices apply)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Paste Link to the issue


Checklist

  • I have read the CONTRIBUTING doc
  • I have signed the CLA (in all commits with git commit -s. You can activate automatic signing by running just prepare-dev once)
  • I ran just format as mentioned in CODING_GUIDELINES
  • I used just check as mentioned in CODING_GUIDELINES
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

Further comments

@Bravo555 Bravo555 temporarily deployed to Test Pull Request July 31, 2025 08:57 — with GitHub Actions Inactive
@reubenmiller reubenmiller added the theme:hsm Hardware Security Module related topics label Jul 31, 2025
@codecov
Copy link
Copy Markdown

codecov bot commented Jul 31, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 20.63492% with 50 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
...ates/extensions/tedge-p11-server/src/pkcs11/mod.rs 13.04% 20 Missing ⚠️
...es/extensions/tedge-p11-server/src/proxy/client.rs 33.33% 16 Missing ⚠️
crates/extensions/tedge-p11-server/src/lib.rs 0.00% 12 Missing ⚠️
crates/extensions/tedge-p11-server/src/main.rs 0.00% 2 Missing ⚠️

📢 Thoughts on this report? Let us know!

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Jul 31, 2025
edited
Loading

Robot Results

✅ Passed ❌ Failed ⏭️ Skipped Total Pass % ⏱️ Duration
669 0 3 669 100 1h48m42.243043s

@Bravo555 Bravo555 force-pushed the refactor/pkcs11-p11-service branch from ce61fbc to 703b9c8 Compare July 31, 2025 13:40
@Bravo555 Bravo555 marked this pull request as ready for review July 31, 2025 13:40
@Bravo555 Bravo555 temporarily deployed to Test Pull Request July 31, 2025 13:40 — with GitHub Actions Inactive
didier-wenzek
didier-wenzek approved these changes Aug 5, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@didier-wenzek didier-wenzek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved, with minor comments.

Bravo555 added 3 commits August 6, 2025 07:42
@Bravo555
refactor: use TedgeP11Service trait
0816b98 
Signed-off-by: Marcel Guzik <marcel.guzik@cumulocity.com>
@Bravo555
refactor: Replace special server-only P11Service with pkcs11::Cryptoki
216776c 
Signed-off-by: Marcel Guzik <marcel.guzik@cumulocity.com>
@Bravo555
refactor: Group client and server-related stuff in proxy module
688cd20 
Signed-off-by: Marcel Guzik <marcel.guzik@cumulocity.com>
@Bravo555 Bravo555 force-pushed the refactor/pkcs11-p11-service branch from 703b9c8 to 688cd20 Compare August 6, 2025 07:42
@Bravo555 Bravo555 temporarily deployed to Test Pull Request August 6, 2025 07:42 — with GitHub Actions Inactive
@Bravo555 Bravo555 added this pull request to the merge queue Aug 6, 2025
Merged via the queue into thin-edge:main with commit 0684250 Aug 6, 2025
34 checks passed
@Bravo555 Bravo555 deleted the refactor/pkcs11-p11-service branch August 6, 2025 09:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@didier-wenzek didier-wenzek didier-wenzek approved these changes

@albinsuresh albinsuresh Awaiting requested review from albinsuresh albinsuresh is a code owner

@jarhodes314 jarhodes314 Awaiting requested review from jarhodes314 jarhodes314 is a code owner

@rina23q rina23q Awaiting requested review from rina23q rina23q is a code owner

Assignees

No one assigned

Labels

theme:hsm Hardware Security Module related topics

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Bravo555 @didier-wenzek @reubenmiller