[all] Create UUIDs via crypto provider interface

mlohvynenko · mlohvynenko · commit 36cb93fe0bce · 2025-06-24T19:08:32.000+03:00
This patch removes CreateUUID free function and
replaces it with calls to the crypto provider interface.

Signed-off-by: Mykhailo Lohvynenko &lt;Mykhailo_Lohvynenko@epam.com&gt;
diff --git a/include/aos/common/tools/uuid.hpp b/include/aos/common/tools/uuid.hpp
@@ -28,13 +28,6 @@ constexpr auto cUUIDLen = AOS_CONFIG_TOOLS_UUID_LEN;
  */
 using UUID = StaticArray<uint8_t, cUUIDSize>;
 
-/**
- * Creates unique UUID.
- *
- * @return UUID.
- */
-UUID CreateUUID();
-
 /**
  * Converts UUID to string.
  *
diff --git a/include/aos/iam/permhandler.hpp b/include/aos/iam/permhandler.hpp
@@ -94,6 +94,14 @@ class PermHandlerItf {
  */
 class PermHandler : public PermHandlerItf {
 public:
+    /**
+     * Initializes permission handler.
+     *
+     * @param uuidProvider UUID provider.
+     * @returns Error.
+     */
+    Error Init(crypto::UUIDItf& uuidProvider);
+
     /**
      * Adds new service instance and its permissions into cache.
      *
@@ -129,11 +137,12 @@ class PermHandler : public PermHandlerItf {
                                          const Array<FunctionServicePermissions>& instancePermissions);
     InstancePermissions*                   FindBySecret(const String& secret);
     InstancePermissions*                   FindByInstanceIdent(const InstanceIdent& instanceIdent);
-    StaticString<cSecretLen>               GenerateSecret();
+    RetWithError<StaticString<cSecretLen>> GenerateSecret();
     RetWithError<StaticString<cSecretLen>> GetSecretForInstance(const InstanceIdent& instanceIdent);
 
     Mutex                                              mMutex;
     StaticArray<InstancePermissions, cMaxNumInstances> mInstancesPerms;
+    crypto::UUIDItf*                                   mUUIDProvider = {};
 };
 
 /** @}*/
diff --git a/include/aos/sm/launcher.hpp b/include/aos/sm/launcher.hpp
@@ -260,14 +260,16 @@ class Launcher : public LauncherItf,
      * @param statusReceiver status receiver instance.
      * @param connectionPublisher connection publisher instance.
      * @param storage storage instance.
+     * @param uuidProvider UUID provider instance.
      * @return Error.
      */
     Error Init(const Config& config, iam::nodeinfoprovider::NodeInfoProviderItf& nodeInfoProvider,
         servicemanager::ServiceManagerItf& serviceManager, layermanager::LayerManagerItf& layerManager,
         resourcemanager::ResourceManagerItf& resourceManager, networkmanager::NetworkManagerItf& networkManager,
         iam::permhandler::PermHandlerItf& permHandler, runner::RunnerItf& runner, RuntimeItf& runtime,
         monitoring::ResourceMonitorItf& resourceMonitor, oci::OCISpecItf& ociManager,
-        InstanceStatusReceiverItf& statusReceiver, ConnectionPublisherItf& connectionPublisher, StorageItf& storage);
+        InstanceStatusReceiverItf& statusReceiver, ConnectionPublisherItf& connectionPublisher, StorageItf& storage,
+        crypto::UUIDItf& uuidProvider);
 
     /**
      * Starts launcher.
@@ -412,6 +414,7 @@ class Launcher : public LauncherItf,
     servicemanager::ServiceManagerItf*   mServiceManager {};
     StorageItf*                          mStorage {};
     RuntimeItf*                          mRuntime {};
+    crypto::UUIDItf*                     mUUIDProvider {};
 
     mutable StaticAllocator<cAllocatorSize> mAllocator;
 
diff --git a/src/common/tools/uuid.cpp b/src/common/tools/uuid.cpp
@@ -12,25 +12,13 @@
 
 namespace aos::uuid {
 
-// UUID template assumed to have even number of digits between separators.
-static const String cTemplate  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx";
-static const String cEmptyUUID = "00000000-0000-0000-0000-000000000000";
-
-UUID CreateUUID()
-{
-    UUID result;
-
-    while (result.Size() < result.MaxSize()) {
-        unsigned value = rand();
-        auto     chunk = Array<uint8_t>(reinterpret_cast<uint8_t*>(&value), sizeof(value));
+namespace {
 
-        auto chunkSize = Min(result.MaxSize() - result.Size(), chunk.Size());
-
-        result.Insert(result.end(), chunk.begin(), chunk.begin() + chunkSize);
-    }
+// UUID template assumed to have even number of digits between separators.
+const String cTemplate  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx";
+const String cEmptyUUID = "00000000-0000-0000-0000-000000000000";
 
-    return result;
-}
+} // namespace
 
 StaticString<cUUIDLen> UUIDToString(const UUID& src)
 {
diff --git a/src/iam/certmodules/pkcs11/pkcs11.cpp b/src/iam/certmodules/pkcs11/pkcs11.cpp
@@ -198,7 +198,10 @@ RetWithError<SharedPtr<crypto::PrivateKeyItf>> PKCS11Module::CreateKey(const Str
     PKCS11Module::PendingKey pendingKey;
     Error                    err = ErrorEnum::eNone;
 
-    pendingKey.mUUID = uuid::CreateUUID();
+    Tie(pendingKey.mUUID, err) = mCryptoProvider->CreateUUIDv4();
+    if (!err.IsNone()) {
+        return {nullptr, AOS_ERROR_WRAP(err)};
+    }
 
     SharedPtr<pkcs11::SessionContext> session;
 
@@ -787,7 +790,12 @@ Error PKCS11Module::CreateCertificateChain(const SharedPtr<pkcs11::SessionContex
             continue;
         }
 
-        auto uuid = uuid::CreateUUID();
+        uuid::UUID uuid;
+
+        Tie(uuid, err) = mCryptoProvider->CreateUUIDv4();
+        if (!err.IsNone()) {
+            return AOS_ERROR_WRAP(err);
+        }
 
         LOG_DBG() << "Import root certificate with id: " << aos::uuid::UUIDToString(uuid);
 
diff --git a/src/iam/permhandler/permhandler.cpp b/src/iam/permhandler/permhandler.cpp
@@ -15,6 +15,15 @@ namespace aos::iam::permhandler {
  * Public
  **********************************************************************************************************************/
 
+Error PermHandler::Init(crypto::UUIDItf& uuidProvider)
+{
+    LOG_DBG() << "Init permission handler";
+
+    mUUIDProvider = &uuidProvider;
+
+    return ErrorEnum::eNone;
+}
+
 RetWithError<StaticString<cSecretLen>> PermHandler::RegisterInstance(
     const InstanceIdent& instanceIdent, const Array<FunctionServicePermissions>& instancePermissions)
 {
@@ -30,7 +39,10 @@ RetWithError<StaticString<cSecretLen>> PermHandler::RegisterInstance(
         return {secret};
     }
 
-    secret = GenerateSecret();
+    Tie(secret, err) = GenerateSecret();
+    if (!err.IsNone()) {
+        return {{}, AOS_ERROR_WRAP(err)};
+    }
 
     err = AddSecret(secret, instanceIdent, instancePermissions);
     if (!err.IsNone()) {
@@ -108,16 +120,23 @@ InstancePermissions* PermHandler::FindByInstanceIdent(const InstanceIdent& insta
     return mInstancesPerms.FindIf([&instanceIdent](const auto& elem) { return instanceIdent == elem.mInstanceIdent; });
 }
 
-StaticString<cSecretLen> PermHandler::GenerateSecret()
+RetWithError<StaticString<cSecretLen>> PermHandler::GenerateSecret()
 {
-    StaticString<cSecretLen> newSecret;
+    StaticString<cSecretLen> secret;
+    uuid::UUID               uuid;
+    Error                    err;
 
     do {
-        newSecret = uuid::UUIDToString(uuid::CreateUUID());
+        Tie(uuid, err) = mUUIDProvider->CreateUUIDv4();
+        if (!err.IsNone()) {
+            return {secret, err};
+        }
+
+        secret.Assign(uuid::UUIDToString(uuid));
 
-    } while (FindBySecret(newSecret) != mInstancesPerms.end());
+    } while (FindBySecret(secret) != mInstancesPerms.end());
 
-    return newSecret;
+    return {secret};
 }
 
 RetWithError<StaticString<cSecretLen>> PermHandler::GetSecretForInstance(const InstanceIdent& instanceIdent)
diff --git a/src/sm/launcher/launcher.cpp b/src/sm/launcher/launcher.cpp
@@ -32,7 +32,8 @@ Error Launcher::Init(const Config& config, iam::nodeinfoprovider::NodeInfoProvid
     resourcemanager::ResourceManagerItf& resourceManager, networkmanager::NetworkManagerItf& networkManager,
     iam::permhandler::PermHandlerItf& permHandler, runner::RunnerItf& runner, RuntimeItf& runtime,
     monitoring::ResourceMonitorItf& resourceMonitor, oci::OCISpecItf& ociManager,
-    InstanceStatusReceiverItf& statusReceiver, ConnectionPublisherItf& connectionPublisher, StorageItf& storage)
+    InstanceStatusReceiverItf& statusReceiver, ConnectionPublisherItf& connectionPublisher, StorageItf& storage,
+    crypto::UUIDItf& uuidProvider)
 {
     LOG_DBG() << "Init launcher";
 
@@ -49,6 +50,7 @@ Error Launcher::Init(const Config& config, iam::nodeinfoprovider::NodeInfoProvid
     mServiceManager      = &serviceManager;
     mStatusReceiver      = &statusReceiver;
     mStorage             = &storage;
+    mUUIDProvider        = &uuidProvider;
 
     Error err;
 
@@ -589,14 +591,21 @@ Error Launcher::GetDesiredInstancesData(
             return instance.mInstanceInfo.mInstanceIdent == instanceInfo.mInstanceIdent;
         });
         if (currentInstance == currentInstances->end()) {
-            const auto instanceID = uuid::UUIDToString(uuid::CreateUUID());
+            auto [uuid, err] = mUUIDProvider->CreateUUIDv4();
+            if (!err.IsNone()) {
+                return AOS_ERROR_WRAP(err);
+            }
+
+            const auto instanceID = uuid::UUIDToString(uuid);
 
-            if (auto err = desiredInstancesData.EmplaceBack(instanceInfo, instanceID); !err.IsNone()) {
+            err = desiredInstancesData.EmplaceBack(instanceInfo, instanceID);
+            if (!err.IsNone()) {
                 return AOS_ERROR_WRAP(err);
             }
 
-            if (auto err = mStorage->AddInstance(desiredInstancesData.Back()); !err.IsNone()) {
-                LOG_ERR() << "Can't add instance: instanceID=" << instanceID << ", err=" << err;
+            err = mStorage->AddInstance(desiredInstancesData.Back());
+            if (!err.IsNone()) {
+                LOG_ERR() << "Can't add instance" << Log::Field("instanceID", instanceID) << Log::Field(err);
             }
 
             continue;
diff --git a/tests/common/src/tools/uuid_test.cpp b/tests/common/src/tools/uuid_test.cpp
@@ -14,23 +14,6 @@
 
 namespace aos::uuid {
 
-TEST(UUIDTest, CreateUUID)
-{
-    static constexpr auto cTestUUIDsCount = 1000;
-
-    std::vector<UUID> uuids;
-
-    for (int i = 0; i < cTestUUIDsCount; i++) {
-        auto tmp = CreateUUID();
-
-        ASSERT_EQ(tmp.Size(), tmp.MaxSize());
-
-        ASSERT_EQ(std::find(uuids.begin(), uuids.end(), tmp), uuids.end());
-
-        uuids.push_back(tmp);
-    }
-}
-
 TEST(UUIDTest, UUIDToString)
 {
     uint8_t uuidBlob[uuid::cUUIDSize]
diff --git a/tests/iam/permhandler/permhandler_test.cpp b/tests/iam/permhandler/permhandler_test.cpp
@@ -9,24 +9,33 @@
 
 #include <gtest/gtest.h>
 
+#include "aos/common/crypto/cryptoprovider.hpp"
 #include "aos/common/tools/buffer.hpp"
 #include "aos/iam/permhandler.hpp"
 #include "aos/test/log.hpp"
+
 #include "mocks/identhandlermock.hpp"
 
-using namespace aos;
-using namespace aos::iam::permhandler;
 using namespace testing;
 
+namespace aos::iam::permhandler {
+
 /***********************************************************************************************************************
  * Suite
  **********************************************************************************************************************/
 
 class PermHandlerTest : public Test {
 protected:
-    void SetUp() override { test::InitLog(); }
+    void SetUp() override
+    {
+        test::InitLog();
 
-    PermHandler mPermHandler;
+        ASSERT_TRUE(mCryptoProvider.Init().IsNone()) << "Failed to initialize crypto provider";
+        ASSERT_TRUE(mPermHandler.Init(mCryptoProvider).IsNone()) << "Failed to initialize PermHandler";
+    }
+
+    crypto::DefaultCryptoProvider mCryptoProvider;
+    PermHandler                   mPermHandler;
 };
 
 /***********************************************************************************************************************
@@ -204,3 +213,5 @@ TEST_F(PermHandlerTest, TestInstancePermissions)
     err = mPermHandler.UnregisterInstance(instanceIdent1);
     ASSERT_TRUE(err.Is(ErrorEnum::eNotFound)) << err.Message();
 }
+
+} // namespace aos::iam::permhandler
diff --git a/tests/sm/launcher/launcher_test.cpp b/tests/sm/launcher/launcher_test.cpp
@@ -7,6 +7,7 @@
 
 #include <gtest/gtest.h>
 
+#include "aos/common/crypto/cryptoprovider.hpp"
 #include "aos/sm/launcher.hpp"
 
 #include "aos/test/log.hpp"
@@ -97,9 +98,12 @@ class LauncherTest : public Test {
         mOCIManager     = std::make_unique<OCISpecStub>();
         mStatusReceiver = std::make_unique<StatusReceiverStub>();
         mStorage        = std::make_unique<StorageStub>();
+        mCryptoProvider = std::make_unique<crypto::DefaultCryptoProvider>();
 
         mLauncher = std::make_unique<Launcher>();
 
+        ASSERT_TRUE(mCryptoProvider->Init().IsNone()) << "crypto provider initialization failed";
+
         EXPECT_CALL(mNetworkManager, GetNetnsPath).WillRepeatedly(Invoke([](const String& instanceID) {
             return RetWithError<StaticString<cFilePathLen>>(fs::JoinPath("/var/run/netns", instanceID));
         }));
@@ -110,7 +114,7 @@ class LauncherTest : public Test {
         ASSERT_TRUE(mLauncher
                         ->Init(Config {}, mNodeInfoProvider, *mServiceManager, *mLayerManager, mResourceManager,
                             mNetworkManager, mPermHandler, mRunner, mRuntime, mResourceMonitor, *mOCIManager,
-                            *mStatusReceiver, mConnectionPublisher, *mStorage)
+                            *mStatusReceiver, mConnectionPublisher, *mStorage, *mCryptoProvider)
                         .IsNone());
 
         ASSERT_TRUE(mLauncher->Start().IsNone());
@@ -155,20 +159,21 @@ class LauncherTest : public Test {
         return ErrorEnum::eNone;
     }
 
-    std::unique_ptr<Launcher>           mLauncher;
-    NiceMock<ConnectionPublisherMock>   mConnectionPublisher;
-    std::unique_ptr<LayerManagerStub>   mLayerManager;
-    NiceMock<NetworkManagerMock>        mNetworkManager;
-    NiceMock<NodeInfoProviderMock>      mNodeInfoProvider;
-    std::unique_ptr<OCISpecStub>        mOCIManager;
-    NiceMock<PermHandlerMock>           mPermHandler;
-    NiceMock<ResourceManagerMock>       mResourceManager;
-    NiceMock<ResourceMonitorMock>       mResourceMonitor;
-    NiceMock<RunnerMock>                mRunner;
-    NiceMock<RuntimeMock>               mRuntime;
-    std::unique_ptr<ServiceManagerStub> mServiceManager;
-    std::unique_ptr<StatusReceiverStub> mStatusReceiver;
-    std::unique_ptr<StorageStub>        mStorage;
+    std::unique_ptr<Launcher>                      mLauncher;
+    NiceMock<ConnectionPublisherMock>              mConnectionPublisher;
+    std::unique_ptr<LayerManagerStub>              mLayerManager;
+    NiceMock<NetworkManagerMock>                   mNetworkManager;
+    NiceMock<NodeInfoProviderMock>                 mNodeInfoProvider;
+    std::unique_ptr<OCISpecStub>                   mOCIManager;
+    NiceMock<PermHandlerMock>                      mPermHandler;
+    NiceMock<ResourceManagerMock>                  mResourceManager;
+    NiceMock<ResourceMonitorMock>                  mResourceMonitor;
+    NiceMock<RunnerMock>                           mRunner;
+    NiceMock<RuntimeMock>                          mRuntime;
+    std::unique_ptr<ServiceManagerStub>            mServiceManager;
+    std::unique_ptr<StatusReceiverStub>            mStatusReceiver;
+    std::unique_ptr<StorageStub>                   mStorage;
+    std::unique_ptr<crypto::DefaultCryptoProvider> mCryptoProvider;
 };
 
 } // namespace
