Seed initial client

[ionut-arm]

This commit adds the initial version of the Parsec Rust client.

Signed-off-by: Ionut Mihalcea ionut.mihalcea@arm.com

This version of the client is not finished and requires a lot of changes for it to be usable/production-ready. Some of the things that are not done well and will be improved are:

• documentation is minimal and needs to be expanded
• tests should be implemented, either with a "mock service" or with the real Parsec service
• there are still unsafe uses of unwrap, expect ...
• there is no configuration of the parameters used
• the API of the client was not designed to match any existing "ergonomic design" crypto APIs from the Rust ecosystem
• potentially others - if you find this kind of issues that are more structural than syntactic/aesthetic, please add a [FYI] comment and raise an issue for later fixing

Recommended review order:

• all the markdown/legal files
• src/core/request_handler.rs
• src/core/mod.rs
• src/auth.rs
• src/lib.rs
• CI-related files

[ionut-arm]

The parent folder of this will be renamed to tests to fix the CI workflows

[hug-dev]

Thanks for fleshing out the Rust client!
I like the idea of the Core client: a basic client that allows to send all possible operations with all parameters, with no "intelligence". That will be the basis for more advanced, abstracted modules. I propose, to make it easier to scale, to put this core client in his own module.

[hug-dev]

To match documentation I would name this structure AuthType (or just Authentication) with variants: None, Direct { application_identity: String } and in the future maybe Token(...)

[ionut-arm]

Indeed, didn't realise Token was just the JWT stuff

[ionut-arm]

Reckon we can name it ApplicationIdentity? I think in the direct case, the String could be called name instead

[hug-dev]

For me the ApplicationIdentity is only the identity of the application in clear text, the name used for namespacing the key names for example. For me, it is directly passed for Direct authentication type and included in the JWT token. This type seems to represent that particular authentication field type and its content?

[ionut-arm]

Cool, will name the field inside DirectAuthentication as identity (documentation names it that too), but I'll try and find a name for this struct - Authentication isn't really correct

[ionut-arm]

Settled on AuthenticationFactor as this seems to be the term for the information provided when authenticating something.

[ionut-arm]

Ergh, or maybe not 😕

[hug-dev]

Maybe the socket connection + the timeout setting can be done only once when building the RequestHandler? So that after it is faster so send requests.

[ionut-arm]

Not really, this is a problem we encountered last time - one stream = one E2E connection. Once the response is sent, the service closes its side and writing to the stream results in a broken pipe error.

[ionut-arm]

(Also not closing the connection on the service side would probably be a memory leak)

[hug-dev]

Oh yes sorry you are right! I forgot about that one 😃

[hug-dev]

Should we prefix them with psa_ as well?

[ionut-arm]

Don't know what to say. Maybe at this lowest layer it could make sense, but I don't think clients would be particularly interested in the fact that this operation comes from the PSA spec. Might be wrong... I think my point is that this could(/should?) be an abstraction over the things offered by the service. Not sure how it would be settled for a client that supports some provider-specific version of, say, generate_key

[hug-dev]

Maybe at this lowest layer it could make sense
That is what I was thinking as well: that this low layer (the "core") could be the dumb translation, in client side, of all our operation with all parameters. With that in mind, it would make sense to me to have the psa_ prefix, as those are PsaXXX operations.

I agree that once on higher abstraction layers, we should probably drop the prefix as it would make less sense.

[hug-dev]

As the name of the structure suggests, I feel like it would belong better in the core module. Maybe we should leave src/lib.rs for re-exports, have core for exposing all our operations will all parameters so that it will be easier to expand with another module later which does more of smart-defaulting.

[ionut-arm]

I'd be ok with not implementing anything in lib.rs and just re-exporting from here

[hug-dev]

If the Core operations currently in src/lib.rs went here, this file could go to src/core/operation_handler.rs for example.

[ionut-arm]

Makes sense!

[hug-dev]

Sorry for next round of comments. Maybe it would have been easier to sketch the design before and discuss on it 😕

[hug-dev]

For me the ApplicationIdentity is only the identity of the application in clear text, the name used for namespacing the key names for example. For me, it is directly passed for Direct authentication type and included in the JWT token. This type seems to represent that particular authentication field type and its content?

[hug-dev]

Oh yes sorry you are right! I forgot about that one 😃

[hug-dev]

Maybe at this lowest layer it could make sense
That is what I was thinking as well: that this low layer (the "core") could be the dumb translation, in client side, of all our operation with all parameters. With that in mind, it would make sense to me to have the psa_ prefix, as those are PsaXXX operations.

I agree that once on higher abstraction layers, we should probably drop the prefix as it would make less sense.

[ionut-arm]

I think most points raised should be covered, apart from the naming of authentication-related stuff.

[hug-dev]

Thanks for addressing the comments!