Nitrokey · ansiwen · Aug 16, 2024 · Aug 2, 2024 · Aug 2, 2024
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/pkcs11/Cargo.toml b/pkcs11/Cargo.toml
@@ -37,6 +37,7 @@ sha1 = { default-features = false, version = "0.10" }
 digest = { default-features = false, version = "0.10" }
 rayon = "1.8.0"
 syslog = "6.1.0"
+thiserror = "1.0.63"
 
 [dev-dependencies]
 hex-literal = "0.4.1"
diff --git a/pkcs11/src/api/mod.rs b/pkcs11/src/api/mod.rs
@@ -59,7 +59,7 @@ pub extern "C" fn C_Initialize(pInitArgs: CK_VOID_PTR) -> CK_RV {
     match result {
         Ok(()) => {}
         Err(err) => {
-            error!("NetHSM PKCS#11: Failed to initialize configuration: {err:?}");
+            error!("NetHSM PKCS#11: Failed to initialize configuration: {err}");
             return cryptoki_sys::CKR_FUNCTION_FAILED;
         }
     }

diff --git a/pkcs11/src/backend/db/object.rs b/pkcs11/src/backend/db/object.rs
@@ -156,12 +156,6 @@ pub struct Object {
     pub mechanisms: Vec<KeyMechanism>,
 }
 
-#[derive(Debug, Clone)]
-pub struct KeyPair {
-    pub public_key: Object,
-    pub private_key: Object,
-}
-
 struct KeyData {
     key_type: CK_KEY_TYPE,
     key_size: Option<usize>,

diff --git a/pkcs11/src/backend/session.rs b/pkcs11/src/backend/session.rs
@@ -94,7 +94,7 @@ impl SessionManager {
                 administrator: None,
                 retries: None,
                 db: Arc::new((Mutex::new(Db::new()), Condvar::new())),
-                description: None,
+                _description: None,
                 instances: vec![],
                 label: "test".to_string(),
                 operator: None,

diff --git a/pkcs11/src/backend/sign.rs b/pkcs11/src/backend/sign.rs
@@ -8,7 +8,6 @@ use super::{
 };
 use base64ct::{Base64, Encoding};
 use der::Decode;
-use digest::{FixedOutput, HashMarker};
 use log::{debug, trace};
 use nethsm_sdk_rs::{apis::default_api, models::SignMode};
 use sha2::Digest;
@@ -22,8 +21,6 @@ pub struct SignCtx {
     pub login_ctx: LoginCtx,
 }
 
-pub trait GenericDigest: HashMarker + FixedOutput {}
-
 impl SignCtx {
     pub fn init(mechanism: Mechanism, key: Object, login_ctx: LoginCtx) -> Result<Self, Error> {
         trace!("key_type: {:?}", key.kind);

diff --git a/pkcs11/src/config/config_file.rs b/pkcs11/src/config/config_file.rs
@@ -3,10 +3,13 @@ use std::{io::Read, mem, net::SocketAddr, path::PathBuf};
 use merge::Merge;
 use serde::{Deserialize, Serialize};
 
-#[derive(Debug)]
+#[derive(Debug, thiserror::Error)]
 pub enum ConfigError {
+    #[error("Failed to load configuration file")]
     Io(std::io::Error),
+    #[error("Failed to parse configuration file {0}")]
     Yaml(serde_yaml::Error),
+    #[error("Config file not found")]
     NoConfigFile,
 }
 

diff --git a/pkcs11/src/config/device.rs b/pkcs11/src/config/device.rs
@@ -1,7 +1,4 @@
-use std::{
-    path::PathBuf,
-    sync::{Arc, Condvar, Mutex},
-};
+use std::sync::{Arc, Condvar, Mutex};
 
 use nethsm_sdk_rs::apis::configuration::Configuration;
 
@@ -12,21 +9,15 @@ use super::config_file::{RetryConfig, UserConfig};
 // stores the global configuration of the module
 #[derive(Debug, Clone)]
 pub struct Device {
-    pub log_file: Option<PathBuf>,
     pub slots: Vec<Arc<Slot>>,
     pub enable_set_attribute_value: bool,
 }
 
-#[derive(Debug, Clone)]
-pub struct ClusterInstance {
-    pub api_config: nethsm_sdk_rs::apis::configuration::Configuration,
-}
-
 #[derive(Debug, Clone)]
 pub struct Slot {
     pub label: String,
     pub retries: Option<RetryConfig>,
-    pub description: Option<String>,
+    pub _description: Option<String>,
     pub instances: Vec<Configuration>,
     pub operator: Option<UserConfig>,
     pub administrator: Option<UserConfig>,

diff --git a/pkcs11/src/config/initialization.rs b/pkcs11/src/config/initialization.rs
@@ -16,10 +16,13 @@ use sha2::Digest;
 
 const DEFAULT_USER_AGENT: &str = concat!("pkcs11-rs/", env!("CARGO_PKG_VERSION"));
 
-#[derive(Debug)]
+#[derive(Debug, thiserror::Error)]
 pub enum InitializationError {
+    #[error("Failed to load config")]
     Config(crate::config::config_file::ConfigError),
+    #[error("Failed to load certificates")]
     NoCerts,
+    #[error("No operator or administrator for slot: {0}")]
     NoUser(String),
 }
 
@@ -49,7 +52,6 @@ pub fn initialize_with_configs(
     }
     Ok(Device {
         slots,
-        log_file: config.log_file,
         enable_set_attribute_value: config.enable_set_attribute_value,
     })
 }
@@ -192,7 +194,7 @@ fn slot_from_config(slot: &SlotConfig) -> Result<Slot, InitializationError> {
     }
 
     Ok(Slot {
-        description: slot.description.clone(),
+        _description: slot.description.clone(),
         label: slot.label.clone(),
         instances,
         administrator: slot.administrator.clone(),