Merge branch 'dev-E2EE-2407' into 'master'

feat(E2EE-2407): Add support of PrehashedAndEncryptedPassphrase in Enroll API

See merge request TankerHQ/sdk-rust!188

Author: ntalfer

.flake8

@@ -1,6 +1,6 @@
 [flake8]
 max-line-length=100
-ignore=D100, D101, D102, D103, D104, D105, D107, D400, E731
+ignore=D100, D101, D102, D103, D104, D105, D107, D400, E731, W503
 
 exclude =
   build

poetry.lock

@@ -8,7 +8,7 @@ package-mode = false
 [tool.poetry.dependencies]
 python = "^3.12"
 
-tankerci = { version = "== 2024.4.5183", source = "gitlab" }
+tankerci = { version = "== 2024.12.5467", source = "gitlab" }
 
 [tool.poetry.dev-dependencies]
 black = "24.3.0"

pyproject.toml

@@ -110,7 +110,7 @@ def get_android_bin_path() -> Path:
 
 
 def bind_gen(
-        *, header_source: Path, output_file: Path, include_path: Path, dynamic_loading: bool
+    *, header_source: Path, output_file: Path, include_path: Path, dynamic_loading: bool
 ) -> None:
     args = []
     if dynamic_loading:
@@ -133,7 +133,7 @@ def bind_gen(
 
 class Builder:
     def __init__(
-            self, *, src_path: Path, build_profile: Profile, host_profile: Profile
+        self, *, src_path: Path, build_profile: Profile, host_profile: Profile
     ):
         self.src_path = src_path
         self.host_profile = host_profile
@@ -187,7 +187,9 @@ def _copy_includes(self, package_path: Path, depsConfig: DepsConfig) -> None:
     # This is necessary on 64bit android archs, as Clang doesn't build them by default,
     # and Google's NDK distribution doesn't take care of that either...
     @staticmethod
-    def _armerge_soft_float128_compiler_rt_builtins(compiler_rt_lib: Path, output_path: Path, env: dict[str, str]):
+    def _armerge_soft_float128_compiler_rt_builtins(
+        compiler_rt_lib: Path, output_path: Path, env: dict[str, str]
+    ) -> None:
         f128_builtins = [
             "__addtf3",
             "__subtf3",
@@ -230,7 +232,7 @@ def _armerge_soft_float128_compiler_rt_builtins(compiler_rt_lib: Path, output_pa
             "__multc3",
             "__divtc3",
         ]
-        keep_symbol_args = [e for sym_name in f128_builtins for e in ['-k', sym_name]]
+        keep_symbol_args = [e for sym_name in f128_builtins for e in ["-k", sym_name]]
 
         tankerci.run(
             "armerge",
@@ -243,7 +245,7 @@ def _armerge_soft_float128_compiler_rt_builtins(compiler_rt_lib: Path, output_pa
         )
 
     def _merge_all_libs(
-            self, depsConfig: DepsConfig, package_path: Path, native_path: Path
+        self, depsConfig: DepsConfig, package_path: Path, native_path: Path
     ) -> None:
         with tankerci.working_directory(package_path):
             env = os.environ.copy()
@@ -266,18 +268,28 @@ def _merge_all_libs(
                 ndk_arch = NDK_ARCH_TARGETS[self.arch]
                 android_lib_path = android_bin_path / f"../sysroot/usr/lib/{ndk_arch}"
 
-                # Starting with NDK r23, Google in its infinite wisdom has decided to make things more interesting
+                # Starting with NDK r23, Google in its infinite wisdom has decided to make things
+                # more interesting
                 # libgcc is gone, and now we use clang's libcxx and compiler-rt.
-                # Unfortunately, the libcxx_static.a is currently missing soft float128 builtins for 64bit archs
-                # (See https://reviews.llvm.org/D53608 and https://github.com/llvm/llvm-project/issues/51395)
+                # Unfortunately, the libcxx_static.a is currently missing soft float128 builtins
+                # for 64bit archs (See https://reviews.llvm.org/D53608 and
+                # https://github.com/llvm/llvm-project/issues/51395)
                 # It is possible to find those symbols in the separate libclang_rt.builtins libs
-                # However, we can't pull in all of rt.builtins, or we will have duplicate symbols and fail linking
-                if self.arch in ['x86_64', 'armv8']:
+                # However, we can't pull in all of rt.builtins, or we will have duplicate symbols
+                # and fail linking
+                if self.arch in ["x86_64", "armv8"]:
                     compiler_rt_arch = CLANG_RT_ARCH_TARGETS[self.arch]
-                    compiler_rt_dir = android_bin_path / f"../lib/clang/17/lib/linux/"
-                    compiler_rt_lib = compiler_rt_dir / f"libclang_rt.builtins-{compiler_rt_arch}.a"
-                    out_path = cxx_package_libs / f"libclang_rt.builtins.float128-{compiler_rt_arch}.a"
-                    self._armerge_soft_float128_compiler_rt_builtins(compiler_rt_lib, out_path, env)
+                    compiler_rt_dir = android_bin_path / "../lib/clang/17/lib/linux/"
+                    compiler_rt_lib = (
+                        compiler_rt_dir / f"libclang_rt.builtins-{compiler_rt_arch}.a"
+                    )
+                    out_path = (
+                        cxx_package_libs
+                        / f"libclang_rt.builtins.float128-{compiler_rt_arch}.a"
+                    )
+                    self._armerge_soft_float128_compiler_rt_builtins(
+                        compiler_rt_lib, out_path, env
+                    )
 
                 for lib in android_lib_path.glob("*.a"):
                     # Rust already links some (non-C++) NDK libs, skip to avoid duplicate symbols
@@ -374,10 +386,10 @@ def _prepare_profile(self) -> None:
             shutil.copyfile(native_path / "ctanker.rs", mingw_path / "ctanker.rs")
 
     def prepare(
-            self,
-            update: bool,
-            tanker_source: TankerSource,
-            tanker_ref: Optional[str] = None,
+        self,
+        update: bool,
+        tanker_source: TankerSource,
+        tanker_ref: Optional[str] = None,
     ) -> None:
         tanker_deployed_ref = tanker_ref
         if tanker_source == TankerSource.DEPLOYED and not tanker_ref:
@@ -469,11 +481,11 @@ def test(self) -> None:
 
 
 def prepare(
-        tanker_source: TankerSource,
-        *,
-        profiles: List[Profile],
-        update: bool = False,
-        tanker_ref: Optional[str] = None,
+    tanker_source: TankerSource,
+    *,
+    profiles: List[Profile],
+    update: bool = False,
+    tanker_ref: Optional[str] = None,
 ) -> None:
     build_profile = tankerci.conan.get_build_profile()
     for host_profile in profiles:
@@ -484,9 +496,9 @@ def prepare(
 
 
 def build(
-        *,
-        profiles: List[Profile],
-        test: bool = False,
+    *,
+    profiles: List[Profile],
+    test: bool = False,
 ) -> None:
     build_profile = tankerci.conan.get_build_profile()
     if os.environ.get("CI"):
@@ -591,7 +603,7 @@ def main() -> None:
     if args.command == "build":
         profiles = [Profile(p) for p in args.profiles]
         with tankerci.conan.ConanContextManager(
-                [args.remote, "conancenter"], conan_home=user_home
+            [args.remote, "conancenter"], conan_home=user_home
         ):
             build(
                 profiles=profiles,
@@ -601,7 +613,7 @@ def main() -> None:
         deploy(args)
     elif args.command == "prepare":
         with tankerci.conan.ConanContextManager(
-                [args.remote, "conancenter"], conan_home=user_home
+            [args.remote, "conancenter"], conan_home=user_home
         ):
             profiles = [Profile(p) for p in args.profiles]
             prepare(

run-ci.py

@@ -4,7 +4,7 @@ use crate::ctanker::{
 };
 use std::ffi::CString;
 
-const CVERIFICATION_VERSION: u8 = 8;
+const CVERIFICATION_VERSION: u8 = 9;
 const CEMAIL_VERIFICATION_VERSION: u8 = 1;
 const CPHONE_NUMBER_VERIFICATION_VERSION: u8 = 1;
 const CPREVERIFIED_OIDC_VERIFICATION_VERSION: u8 = 1;
@@ -23,6 +23,7 @@ enum Type {
     E2ePassphrase = 8,
     PreverifiedOIDC = 9,
     OIDCAuthorizationCode = 10,
+    PrehashedAndEncryptedPassphrase = 11,
 }
 
 pub(crate) struct CVerificationWrapper {
@@ -68,6 +69,7 @@ impl CVerificationWrapper {
                     authorization_code: std::ptr::null(),
                     state: std::ptr::null(),
                 },
+                prehashed_and_encrypted_passphrase: std::ptr::null(),
             },
         }
     }
@@ -166,6 +168,19 @@ impl CVerificationWrapper {
         wrapper
     }
 
+    pub(self) fn with_prehashed_and_encrypted_passphrase(
+        prehashed_and_encrypted_passphrase: &str,
+    ) -> Self {
+        let mut wrapper = Self::new();
+        let cpaep = CString::new(prehashed_and_encrypted_passphrase).unwrap();
+
+        wrapper.cverif.verification_method_type = Type::PrehashedAndEncryptedPassphrase as u8;
+        wrapper.cverif.prehashed_and_encrypted_passphrase = cpaep.as_ptr();
+
+        wrapper.cstrings.push(cpaep);
+        wrapper
+    }
+
     pub(self) fn with_preverifed_oidc(subject: &str, provider_id: &str) -> Self {
         let mut wrapper = Self::new();
         let csubject = CString::new(subject).unwrap();
@@ -240,6 +255,7 @@ pub enum Verification {
         authorization_code: String,
         state: String,
     },
+    PrehashedAndEncryptedPassphrase(String),
 }
 
 impl Verification {
@@ -281,6 +297,11 @@ impl Verification {
                 authorization_code,
                 state,
             ),
+            Verification::PrehashedAndEncryptedPassphrase(prehashed_and_encrypted_passphrase) => {
+                CVerificationWrapper::with_prehashed_and_encrypted_passphrase(
+                    prehashed_and_encrypted_passphrase,
+                )
+            }
         }
     }
 }

src/verification.rs

@@ -25,6 +25,7 @@ pub enum VerificationMethod {
     E2ePassphrase,
     // PreverifiedOIDC is not exposed as a VerificationMethod
     // OIDCAuthorizationCode is not exposed as a VerificationMethod
+    // PrehashedAndEncryptedPassphrase is not exposed as a VerificationMethod
 }
 
 #[derive(FromPrimitive)]
@@ -42,6 +43,7 @@ enum CMethodType {
     E2ePassphrase = 8,
     // PreverifiedOIDC = 9, PreverifiedOIDC is not exposed as a VerificationMethod
     // OIDCAuthorizationCode = 10, OIDCAuthorizationCode is not exposed as a VerificationMethod
+    // PrehashedAndEncryptedPassphrase = 11, PrehashedAndEncryptedPassphraseis not exposed as a VerificationMethod
     #[num_enum(default)]
     Invalid,
 }