From a767a942a72ef1677675c52f60aa00eaf1a0cd20 Mon Sep 17 00:00:00 2001 From: Takis Kakalis <80459599+Takaros999@users.noreply.github.com> Date: Thu, 30 Oct 2025 20:02:37 +0100 Subject: [PATCH 1/5] feat: Expose nsm init --- src/nsm.rs | 13 +++++++++++++ src/server.rs | 13 +++---------- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/src/nsm.rs b/src/nsm.rs index 4855d2b..1918ea8 100644 --- a/src/nsm.rs +++ b/src/nsm.rs @@ -161,6 +161,19 @@ impl Drop for SecureModule { } } +/// Initialize the global NSM instance. +/// +/// # Errors +/// Throws an `AttestationError::NsmConnect` if the connection to the NSM fails. +#[cfg(feature = "nsm")] +pub async fn init_global_nsm() -> io::Result<()> { + let nsm = SecureModule::connect()?; + + SECURE_MODULE_GLOBAL.get_or_init(|| async { nsm }).await; + + Ok(()) +} + #[cfg(test)] mod tests { use super::*; diff --git a/src/server.rs b/src/server.rs index bfe5b60..9e1afd6 100644 --- a/src/server.rs +++ b/src/server.rs @@ -293,16 +293,9 @@ where // Initialize the secure module global if the feature is enabled. #[cfg(feature = "nsm")] { - match crate::SecureModule::connect() { - Ok(nsm) => { - crate::nsm::SECURE_MODULE_GLOBAL - .get_or_init(|| async { nsm }) - .await - }, - Err(e) => { - return Err(Error::NsmConnect(e)); - }, - }; + crate::nsm::init_global_nsm() + .await + .map_err(Error::NsmConnect)?; } let router = Arc::new(self); From a0c5dc95b7dd8e123a6bee8700fea693875fbea0 Mon Sep 17 00:00:00 2001 From: Takis Kakalis <80459599+Takaros999@users.noreply.github.com> Date: Thu, 30 Oct 2025 20:04:42 +0100 Subject: [PATCH 2/5] typo --- src/nsm.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/nsm.rs b/src/nsm.rs index 1918ea8..7ce6d50 100644 --- a/src/nsm.rs +++ b/src/nsm.rs @@ -164,7 +164,7 @@ impl Drop for SecureModule { /// Initialize the global NSM instance. /// /// # Errors -/// Throws an `AttestationError::NsmConnect` if the connection to the NSM fails. +/// Propagates `io::Error` if the connection to the NSM fails. #[cfg(feature = "nsm")] pub async fn init_global_nsm() -> io::Result<()> { let nsm = SecureModule::connect()?; From 3d4eb1b3fe680ae24d319db5e7973d65eb9524a9 Mon Sep 17 00:00:00 2001 From: Takis Kakalis <80459599+Takaros999@users.noreply.github.com> Date: Thu, 30 Oct 2025 20:10:07 +0100 Subject: [PATCH 3/5] improve --- src/nsm.rs | 26 +++++++++++++------------- src/server.rs | 2 +- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/src/nsm.rs b/src/nsm.rs index 7ce6d50..161c742 100644 --- a/src/nsm.rs +++ b/src/nsm.rs @@ -148,6 +148,19 @@ impl SecureModule { Self::try_global().expect("NSM global not initialized") } + /// Attempts to get global NSM instance, initializing it if necessary. + /// + /// # Errors + /// + /// Propagates `io::Error` if the connection to the NSM fails. + pub async fn try_init_global() -> io::Result<&'static Self> { + let nsm = Self::connect()?; + + let secure_module = SECURE_MODULE_GLOBAL.get_or_init(|| async { nsm }).await; + + Ok(secure_module) + } + /// Disconnect from the NSM driver. pub fn disconnect(self) { drop(self); @@ -161,19 +174,6 @@ impl Drop for SecureModule { } } -/// Initialize the global NSM instance. -/// -/// # Errors -/// Propagates `io::Error` if the connection to the NSM fails. -#[cfg(feature = "nsm")] -pub async fn init_global_nsm() -> io::Result<()> { - let nsm = SecureModule::connect()?; - - SECURE_MODULE_GLOBAL.get_or_init(|| async { nsm }).await; - - Ok(()) -} - #[cfg(test)] mod tests { use super::*; diff --git a/src/server.rs b/src/server.rs index 9e1afd6..fe5ec8b 100644 --- a/src/server.rs +++ b/src/server.rs @@ -293,7 +293,7 @@ where // Initialize the secure module global if the feature is enabled. #[cfg(feature = "nsm")] { - crate::nsm::init_global_nsm() + crate::nsm::SecureModule::try_init_global() .await .map_err(Error::NsmConnect)?; } From 53fdde9b3117c27e4fcce55cba663076815151dc Mon Sep 17 00:00:00 2001 From: Takis Kakalis <80459599+Takaros999@users.noreply.github.com> Date: Thu, 30 Oct 2025 20:12:09 +0100 Subject: [PATCH 4/5] clippy --- src/nsm.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/nsm.rs b/src/nsm.rs index 161c742..e0f9c2e 100644 --- a/src/nsm.rs +++ b/src/nsm.rs @@ -152,7 +152,7 @@ impl SecureModule { /// /// # Errors /// - /// Propagates `io::Error` if the connection to the NSM fails. + /// Propagates `io::Error` if the connection to the NSM fails. pub async fn try_init_global() -> io::Result<&'static Self> { let nsm = Self::connect()?; From 0ef1dd634fc751c065d326acf6a81f2ea41f5460 Mon Sep 17 00:00:00 2001 From: Takis Kakalis <80459599+Takaros999@users.noreply.github.com> Date: Thu, 30 Oct 2025 20:37:17 +0100 Subject: [PATCH 5/5] expose parse_raw_attestation_doc --- src/nsm.rs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/nsm.rs b/src/nsm.rs index e0f9c2e..9b8acac 100644 --- a/src/nsm.rs +++ b/src/nsm.rs @@ -118,7 +118,11 @@ impl SecureModule { Self::parse_raw_attestation_doc(&document) } - fn parse_raw_attestation_doc(document: &[u8]) -> Result { + /// Parse a raw attestation document into an `AttestationDoc`. + /// + /// # Errors + /// Returns an error if the document cannot be decoded. + pub fn parse_raw_attestation_doc(document: &[u8]) -> Result { let cose_document = CoseSign1::from_bytes(document).map_err(AttestationError::Cose)?; let cbor_attestation_doc = cose_document