keymgmt: Data validation - Check key presence

When validating keydata, check that the referred to key is indeed
stored in the provider.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>

Author: tgonzalezorlandoarm

parsec-openssl-provider/src/keymgmt/mod.rs

@@ -16,13 +16,13 @@ use parsec_openssl2::*;
 use std::sync::{Arc, Mutex};
 
 struct ParsecProviderKeyObject {
-    _provctx: Arc<ParsecProviderContext>,
+    provctx: Arc<ParsecProviderContext>,
     key_name: Mutex<Option<String>>,
 }
 
 fn kmgmt_keyobj_new(provctx: Arc<ParsecProviderContext>) -> Arc<ParsecProviderKeyObject> {
     Arc::new(ParsecProviderKeyObject {
-        _provctx: provctx.clone(),
+        provctx: provctx.clone(),
         key_name: None.into(),
     })
 }
@@ -163,10 +163,35 @@ pub unsafe extern "C" fn parsec_provider_kmgmt_validate(
         Arc::increment_strong_count(keydata_ptr);
         let arc_keydata = Arc::from_raw(keydata_ptr);
         let key_name = arc_keydata.key_name.lock().unwrap();
-        if key_name.is_some() {
-            OPENSSL_SUCCESS
-        } else {
-            OPENSSL_ERROR
+        let result =
+            super::r#catch(
+                Some(|| super::Error::PROVIDER_KEYMGMT_VALIDATE),
+                || match &*key_name {
+                    Some(name) => {
+                        let err_keys = arc_keydata.provctx.client.list_keys();
+                        let has_name = match err_keys {
+                            Ok(keys) => keys
+                                .iter()
+                                .find(|&kinfo| kinfo.name == name.as_str())
+                                .is_some(),
+                            Err(_) => {
+                                return Err("Failed to list Parsec Provider's Keys".into());
+                            }
+                        };
+
+                        if has_name {
+                            Ok(OPENSSL_SUCCESS)
+                        } else {
+                            Err("Specified Key not found in the Parsec Provider".into())
+                        }
+                    }
+                    None => Err("keydata to validate failed: Key name not specified".into()),
+                },
+            );
+
+        match result {
+            Ok(result) => result,
+            Err(()) => OPENSSL_ERROR,
         }
     } else {
         OPENSSL_SUCCESS

parsec-openssl-provider/src/lib.rs

@@ -113,6 +113,7 @@ openssl_errors::openssl_errors! {
             PROVIDER_GET_PARAMS("parsec_provider_get_params");
             PROVIDER_QUERY("parsec_provider_query");
             PROVIDER_KEYMGMT_SET_PARAMS("parsec_provider_kmgmt_set_params");
+            PROVIDER_KEYMGMT_VALIDATE("parsec_provider_kmgmt_validate");
         }
 
         reasons {