Add version enum to tedge-p11-server connection frame

Bravo555 · Bravo555 · commit 3e4bcd77d13e · 2025-03-13T17:24:02.000Z
Signed-off-by: Marcel Guzik &lt;marcel.guzik@cumulocity.com&gt;
diff --git a/crates/extensions/tedge-p11-server/src/non_grpc/client.rs b/crates/extensions/tedge-p11-server/src/non_grpc/client.rs
@@ -9,6 +9,8 @@ use tracing::debug;
 use tracing::instrument;
 use tracing::trace;
 
+use crate::connection::Payload;
+
 use super::connection::Frame;
 use super::service::ChooseSchemeRequest;
 use super::service::SignRequest;
@@ -29,18 +31,18 @@ impl TedgeP11Client {
 
         debug!("Connected to socket");
 
-        let request = Frame::ChooseSchemeRequest(ChooseSchemeRequest {
+        let request = Frame::new(Payload::ChooseSchemeRequest(ChooseSchemeRequest {
             offered: offered
                 .iter()
                 .copied()
                 .map(super::service::SignatureScheme)
                 .collect::<Vec<_>>(),
-        });
+        }));
         connection.write_frame(&request)?;
 
-        let response = connection.read_frame()?;
+        let response = connection.read_frame()?.payload;
 
-        let Frame::ChooseSchemeResponse(response) = response else {
+        let Payload::ChooseSchemeResponse(response) = response else {
             bail!("protocol error: bad response, expected chose scheme");
         };
 
@@ -58,14 +60,14 @@ impl TedgeP11Client {
         let mut connection = crate::connection::Connection::new(stream);
         debug!("Connected to socket");
 
-        let request = Frame::SignRequest(SignRequest {
+        let request = Frame::new(Payload::SignRequest(SignRequest {
             to_sign: message.to_vec(),
-        });
+        }));
         connection.write_frame(&request)?;
 
-        let response = connection.read_frame()?;
+        let response = connection.read_frame()?.payload;
 
-        let Frame::SignResponse(response) = response else {
+        let Payload::SignResponse(response) = response else {
             bail!("protocol error: bad response, expected sign");
         };
 
diff --git a/crates/extensions/tedge-p11-server/src/non_grpc/connection.rs b/crates/extensions/tedge-p11-server/src/non_grpc/connection.rs
@@ -1,3 +1,8 @@
+//! A connection between tedge-p11-server and client that provides a way to send and receive frames.
+//!
+//! Because connecting to the UNIX socket is very cheap, we can use a simple approach of only
+//! sending one request/response per connection.
+
 use std::io::Read;
 use std::io::Write;
 use std::net::Shutdown;
@@ -20,6 +25,8 @@ impl Connection {
         Self { stream }
     }
 
+    /// Reads a frame and closes the reading half of the connection.
+    ///
     /// NOTE: can only be called once
     pub fn read_frame(&mut self) -> anyhow::Result<Frame> {
         let mut buf = Vec::new();
@@ -30,6 +37,8 @@ impl Connection {
         Ok(frame)
     }
 
+    /// Writes a frame and closes the writing half of the connection.
+    ///
     /// NOTE: can only be called once
     pub fn write_frame(&mut self, frame: &Frame) -> anyhow::Result<()> {
         let buf = postcard::to_allocvec(&frame)?;
@@ -42,7 +51,31 @@ impl Connection {
 }
 
 #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
-pub enum Frame {
+pub struct Frame {
+    /// A version tag for possible future versions, currently ignored.
+    // although i'm not sure if it's actually necessary now because we can always add it later if need be; it's because
+    // we know that 1) we're having one connection/one call, so we read until EOF and know we have a valid message (so
+    // don't have use a scheme like TLV) and 2) we can always add new fields
+    pub version: Version,
+    pub payload: Payload,
+}
+
+impl Frame {
+    pub fn new(payload: Payload) -> Self {
+        Self {
+            version: Version::Version1,
+            payload,
+        }
+    }
+}
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
+pub enum Version {
+    Version1,
+}
+
+#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
+pub enum Payload {
     ChooseSchemeRequest(ChooseSchemeRequest),
     SignRequest(SignRequest),
     ChooseSchemeResponse(ChooseSchemeResponse),
diff --git a/crates/extensions/tedge-p11-server/src/non_grpc/server.rs b/crates/extensions/tedge-p11-server/src/non_grpc/server.rs
@@ -11,6 +11,7 @@ use tracing::info;
 use std::os::unix::net::UnixListener;
 
 use super::connection::Connection;
+use super::connection::Payload;
 
 pub struct P11SigningServer {
     config: CryptokiConfigDirect,
@@ -46,17 +47,18 @@ impl P11SigningServer {
 fn process(config: &CryptokiConfigDirect, mut connection: Connection) -> anyhow::Result<()> {
     let service = P11SignerService::new(config);
 
-    let request = connection.read_frame()?;
+    let request = connection.read_frame()?.payload;
 
     let response = match request {
-        Frame::ChooseSchemeResponse { .. } | Frame::SignResponse { .. } => {
+        Payload::ChooseSchemeResponse { .. } | Payload::SignResponse { .. } => {
             anyhow::bail!("protocol error")
         }
-        Frame::ChooseSchemeRequest(request) => {
-            Frame::ChooseSchemeResponse(service.choose_scheme(request))
+        Payload::ChooseSchemeRequest(request) => {
+            Payload::ChooseSchemeResponse(service.choose_scheme(request))
         }
-        Frame::SignRequest(request) => Frame::SignResponse(service.sign(request)),
+        Payload::SignRequest(request) => Payload::SignResponse(service.sign(request)),
     };
+    let response = Frame::new(response);
 
     connection.write_frame(&response)?;
 
