aosedge · al1img · Jul 3, 2025 · May 21, 2025 · May 22, 2025 · Jun 24, 2025
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
 build/*
 .vscode/*
 .*/*\!.github
+CMakeUserPresets.json
diff --git a/include/aos/common/crypto/crypto.hpp b/include/aos/common/crypto/crypto.hpp
@@ -296,6 +296,33 @@ class RandomItf {
     virtual ~RandomItf() = default;
 };
 
+/***
+ * UUID generator interface.
+ */
+class UUIDItf {
+public:
+    /**
+     * Creates UUID v4.
+     *
+     * @return RetWithError<uuid::UUID>.
+     */
+    virtual RetWithError<uuid::UUID> CreateUUIDv4() = 0;
+
+    /**
+     * Creates UUID version 5 based on a given namespace identifier and name.
+     *
+     * @param space namespace identifier.
+     * @param name name.
+     * @result RetWithError<uuid::UUID>.
+     */
+    virtual RetWithError<uuid::UUID> CreateUUIDv5(const uuid::UUID& space, const Array<uint8_t>& name) = 0;
+
+    /**
+     * Destructor.
+     */
+    virtual ~UUIDItf() = default;
+};
+
 /**
  * Options being used while signing.
  */
@@ -700,15 +727,6 @@ class ProviderItf {
      */
     virtual Error ASN1DecodeOID(const Array<uint8_t>& inOID, Array<uint8_t>& dst) = 0;
 
-    /**
-     * Creates UUID version 5 based on a given namespace identifier and name.
-     *
-     * @param space namespace identifier.
-     * @param name name.
-     * @result RetWithError<uuid::UUID>.
-     */
-    virtual RetWithError<uuid::UUID> CreateUUIDv5(const uuid::UUID& space, const Array<uint8_t>& name) = 0;
-
     /**
      * Destroys object instance.
      */
@@ -721,6 +739,18 @@ class ProviderItf {
 using CertificateChain = StaticArray<Certificate, cCertChainSize>;
 
 } // namespace x509
+
+/**
+ * Crypto provider interface.
+ */
+class CryptoProviderItf : public x509::ProviderItf, public HasherItf, public RandomItf, public UUIDItf {
+public:
+    /**
+     * Destructor.
+     */
+    virtual ~CryptoProviderItf() = default;
+};
+
 } // namespace aos::crypto
 
 #endif
diff --git a/include/aos/common/crypto/mbedtls/cryptoprovider.hpp b/include/aos/common/crypto/mbedtls/cryptoprovider.hpp
@@ -22,7 +22,7 @@ namespace aos::crypto {
 /**
  * MbedTLSCryptoProvider provider.
  */
-class MbedTLSCryptoProvider : public x509::ProviderItf, public HasherItf, public RandomItf {
+class MbedTLSCryptoProvider : public CryptoProviderItf {
 public:
     /**
      * Initializes the object.
@@ -164,15 +164,6 @@ class MbedTLSCryptoProvider : public x509::ProviderItf, public HasherItf, public
      */
     Error ASN1DecodeOID(const Array<uint8_t>& inOID, Array<uint8_t>& dst) override;
 
-    /**
-     * Creates UUID version 5 based on a given namespace identifier and name.
-     *
-     * @param space namespace identifier.
-     * @param name name.
-     * @result RetWithError<uuid::UUID>.
-     */
-    RetWithError<uuid::UUID> CreateUUIDv5(const uuid::UUID& space, const Array<uint8_t>& name) override;
-
     /**
      * Creates hash instance.
      *
@@ -198,6 +189,22 @@ class MbedTLSCryptoProvider : public x509::ProviderItf, public HasherItf, public
      */
     Error RandBuffer(Array<uint8_t>& buffer, size_t size) override;
 
+    /**
+     * Creates UUID v4.
+     *
+     * @return RetWithError<uuid::UUID>.
+     */
+    RetWithError<uuid::UUID> CreateUUIDv4() override;
+
+    /**
+     * Creates UUID version 5 based on a given namespace identifier and name.
+     *
+     * @param space namespace identifier.
+     * @param name name.
+     * @result RetWithError<uuid::UUID>.
+     */
+    RetWithError<uuid::UUID> CreateUUIDv5(const uuid::UUID& space, const Array<uint8_t>& name) override;
+
 private:
     class MBedTLSHash : public crypto::HashItf, private NonCopyable {
     public:

diff --git a/include/aos/common/crypto/openssl/cryptoprovider.hpp b/include/aos/common/crypto/openssl/cryptoprovider.hpp
@@ -17,7 +17,7 @@ namespace aos::crypto {
 /**
  * OpenSSLCryptoProvider provider.
  */
-class OpenSSLCryptoProvider : public x509::ProviderItf, public HasherItf, public RandomItf {
+class OpenSSLCryptoProvider : public CryptoProviderItf {
 public:
     /**
      * Destructor.
@@ -164,15 +164,6 @@ class OpenSSLCryptoProvider : public x509::ProviderItf, public HasherItf, public
      */
     Error ASN1DecodeOID(const Array<uint8_t>& inOID, Array<uint8_t>& dst) override;
 
-    /**
-     * Creates UUID version 5 based on a given namespace identifier and name.
-     *
-     * @param space namespace identifier.
-     * @param name name.
-     * @result RetWithError<uuid::UUID>.
-     */
-    RetWithError<uuid::UUID> CreateUUIDv5(const uuid::UUID& space, const Array<uint8_t>& name) override;
-
     /**
      * Creates hash instance.
      *
@@ -198,6 +189,22 @@ class OpenSSLCryptoProvider : public x509::ProviderItf, public HasherItf, public
      */
     Error RandBuffer(Array<uint8_t>& buffer, size_t size = 0) override;
 
+    /**
+     * Creates UUID v4.
+     *
+     * @return RetWithError<uuid::UUID>.
+     */
+    RetWithError<uuid::UUID> CreateUUIDv4() override;
+
+    /**
+     * Creates UUID version 5 based on a given namespace identifier and name.
+     *
+     * @param space namespace identifier.
+     * @param name name.
+     * @result RetWithError<uuid::UUID>.
+     */
+    RetWithError<uuid::UUID> CreateUUIDv5(const uuid::UUID& space, const Array<uint8_t>& name) override;
+
 private:
     class OpenSSLHash : public crypto::HashItf, private NonCopyable {
     public:

diff --git a/include/aos/common/tools/uuid.hpp b/include/aos/common/tools/uuid.hpp
@@ -28,13 +28,6 @@ constexpr auto cUUIDLen = AOS_CONFIG_TOOLS_UUID_LEN;
  */
 using UUID = StaticArray<uint8_t, cUUIDSize>;
 
-/**
- * Creates unique UUID.
- *
- * @return UUID.
- */
-UUID CreateUUID();
-
 /**
  * Converts UUID to string.
  *

diff --git a/include/aos/iam/certmodules/pkcs11/pkcs11.hpp b/include/aos/iam/certmodules/pkcs11/pkcs11.hpp
@@ -73,11 +73,11 @@ class PKCS11Module : public HSMItf {
      * @param certType certificate type.
      * @param config module configuration.
      * @param pkcs11 reference to pkcs11 library context.
-     * @param x509Provider reference to x509 crypto interface.
+     * @param cryptoProvider reference to crypto provider interface.
      * @return Error.
      */
     Error Init(const String& certType, const PKCS11ModuleConfig& config, pkcs11::PKCS11Manager& pkcs11,
-        crypto::x509::ProviderItf& x509Provider);
+        crypto::CryptoProviderItf& cryptoProvider);
 
     /**
      * Owns the module.
@@ -209,7 +209,7 @@ class PKCS11Module : public HSMItf {
     PKCS11ModuleConfig         mConfig {};
 
     SharedPtr<pkcs11::LibraryContext> mPKCS11;
-    crypto::x509::ProviderItf*        mX509Provider {};
+    crypto::CryptoProviderItf*        mCryptoProvider {};
 
     uint32_t                        mSlotID = 0;
     StaticString<pkcs11::cLabelLen> mTokenLabel;

diff --git a/include/aos/iam/permhandler.hpp b/include/aos/iam/permhandler.hpp
@@ -94,6 +94,14 @@ class PermHandlerItf {
  */
 class PermHandler : public PermHandlerItf {
 public:
+    /**
+     * Initializes permission handler.
+     *
+     * @param uuidProvider UUID provider.
+     * @returns Error.
+     */
+    Error Init(crypto::UUIDItf& uuidProvider);
+
     /**
      * Adds new service instance and its permissions into cache.
      *
@@ -129,11 +137,12 @@ class PermHandler : public PermHandlerItf {
                                          const Array<FunctionServicePermissions>& instancePermissions);
     InstancePermissions*                   FindBySecret(const String& secret);
     InstancePermissions*                   FindByInstanceIdent(const InstanceIdent& instanceIdent);
-    StaticString<cSecretLen>               GenerateSecret();
+    RetWithError<StaticString<cSecretLen>> GenerateSecret();
     RetWithError<StaticString<cSecretLen>> GetSecretForInstance(const InstanceIdent& instanceIdent);
 
     Mutex                                              mMutex;
     StaticArray<InstancePermissions, cMaxNumInstances> mInstancesPerms;
+    crypto::UUIDItf*                                   mUUIDProvider = {};
 };
 
 /** @}*/

diff --git a/include/aos/sm/launcher.hpp b/include/aos/sm/launcher.hpp
@@ -260,14 +260,16 @@ class Launcher : public LauncherItf,
      * @param statusReceiver status receiver instance.
      * @param connectionPublisher connection publisher instance.
      * @param storage storage instance.
+     * @param uuidProvider UUID provider instance.
      * @return Error.
      */
     Error Init(const Config& config, iam::nodeinfoprovider::NodeInfoProviderItf& nodeInfoProvider,
         servicemanager::ServiceManagerItf& serviceManager, layermanager::LayerManagerItf& layerManager,
         resourcemanager::ResourceManagerItf& resourceManager, networkmanager::NetworkManagerItf& networkManager,
         iam::permhandler::PermHandlerItf& permHandler, runner::RunnerItf& runner, RuntimeItf& runtime,
         monitoring::ResourceMonitorItf& resourceMonitor, oci::OCISpecItf& ociManager,
-        InstanceStatusReceiverItf& statusReceiver, ConnectionPublisherItf& connectionPublisher, StorageItf& storage);
+        InstanceStatusReceiverItf& statusReceiver, ConnectionPublisherItf& connectionPublisher, StorageItf& storage,
+        crypto::UUIDItf& uuidProvider);
 
     /**
      * Starts launcher.
@@ -412,6 +414,7 @@ class Launcher : public LauncherItf,
     servicemanager::ServiceManagerItf*   mServiceManager {};
     StorageItf*                          mStorage {};
     RuntimeItf*                          mRuntime {};
+    crypto::UUIDItf*                     mUUIDProvider {};
 
     mutable StaticAllocator<cAllocatorSize> mAllocator;
 

diff --git a/include/aos/test/crypto/providers/cryptofactoryitf.hpp b/include/aos/test/crypto/providers/cryptofactoryitf.hpp
@@ -44,7 +44,7 @@ class CryptoFactoryItf {
      *
      * @return x509::ProviderItf&.
      */
-    virtual x509::ProviderItf& GetCryptoProvider() = 0;
+    virtual CryptoProviderItf& GetCryptoProvider() = 0;
 
     /**
      * Returns hash provider.

diff --git a/include/aos/test/crypto/providers/mbedtlsfactory.hpp b/include/aos/test/crypto/providers/mbedtlsfactory.hpp
@@ -40,9 +40,9 @@ class MBedTLSCryptoFactory : public CryptoFactoryItf {
     /**
      * Returns crypto provider.
      *
-     * @return x509::ProviderItf&.
+     * @return CryptoProviderItf&.
      */
-    x509::ProviderItf& GetCryptoProvider() override;
+    CryptoProviderItf& GetCryptoProvider() override;
 
     /**
      * Returns hash provider.

diff --git a/include/aos/test/crypto/providers/opensslfactory.hpp b/include/aos/test/crypto/providers/opensslfactory.hpp
@@ -40,9 +40,9 @@ class OpenSSLCryptoFactory : public CryptoFactoryItf {
     /**
      * Returns crypto provider.
      *
-     * @return x509::ProviderItf&.
+     * @return CryptoProviderItf&.
      */
-    x509::ProviderItf& GetCryptoProvider() override;
+    CryptoProviderItf& GetCryptoProvider() override;
 
     /**
      * Returns hash provider.

diff --git a/src/common/crypto/mbedtls/cryptoprovider.cpp b/src/common/crypto/mbedtls/cryptoprovider.cpp
@@ -572,36 +572,6 @@
     return crypto::ASN1RemoveTag(inOID, dst, MBEDTLS_ASN1_OID);
 }
 
-RetWithError<uuid::UUID> MbedTLSCryptoProvider::CreateUUIDv5(const uuid::UUID& space, const Array<uint8_t>& name)
-{
-    constexpr auto cUUIDVersion = 5;
-
-    StaticArray<uint8_t, cSHA1InputDataSize> buffer = space;
-
-    auto err = buffer.Insert(buffer.end(), name.begin(), name.end());
-    if (!err.IsNone()) {
-        return {{}, AOS_ERROR_WRAP(err)};
-    }
-
-    StaticArray<uint8_t, cSHA1DigestSize> sha1;
-
-    sha1.Resize(sha1.MaxSize());
-
-    int ret = mbedtls_sha1(buffer.Get(), buffer.Size(), sha1.Get());
-    if (ret != 0) {
-        return {{}, AOS_ERROR_WRAP(ret)};
-    }
-
-    // copy lowest 16 bytes
-    uuid::UUID result = Array<uint8_t>(sha1.Get(), uuid::cUUIDSize);
-
-    // The version of the UUID will be the lower 4 bits of cUUIDVersion
-    result[6] = (result[6] & 0x0f) | uint8_t((cUUIDVersion & 0xf) << 4);
-    result[8] = (result[8] & 0x3f) | 0x80; // RFC 4122 variant
-
-    return result;
-}
-
 RetWithError<UniquePtr<HashItf>> MbedTLSCryptoProvider::CreateHash(Hash algorithm)
 {
     psa_algorithm_t alg = PSA_ALG_SHA3_256;
@@ -675,6 +645,53 @@
     return ErrorEnum::eNone;
 }
 
+RetWithError<uuid::UUID> MbedTLSCryptoProvider::CreateUUIDv4()
+{
+    constexpr auto cUUIDVersion = 4;
+
+    uuid::UUID uuid;
+
+    if (auto err = RandBuffer(uuid, uuid.MaxSize()); !err.IsNone()) {
+        return {{}, AOS_ERROR_WRAP(err)};
+    }
+
+    // The version of the UUID will be the lower 4 bits of cUUIDVersion
+    uuid[6] = (uuid[6] & 0x0f) | uint8_t((cUUIDVersion & 0xf) << 4);
+    uuid[8] = (uuid[8] & 0x3f) | 0x80; // RFC 4122 variant
+
+    return uuid;
+}
+
+RetWithError<uuid::UUID> MbedTLSCryptoProvider::CreateUUIDv5(const uuid::UUID& space, const Array<uint8_t>& name)
+{
+    constexpr auto cUUIDVersion = 5;
+
+    StaticArray<uint8_t, cSHA1InputDataSize> buffer = space;
+
+    auto err = buffer.Insert(buffer.end(), name.begin(), name.end());
+    if (!err.IsNone()) {
+        return {{}, AOS_ERROR_WRAP(err)};
+    }
+
+    StaticArray<uint8_t, cSHA1DigestSize> sha1;
+
+    sha1.Resize(sha1.MaxSize());
+
+    int ret = mbedtls_sha1(buffer.Get(), buffer.Size(), sha1.Get());
+    if (ret != 0) {
+        return {{}, AOS_ERROR_WRAP(ret)};
+    }
+
+    // copy lowest 16 bytes
+    uuid::UUID result = Array<uint8_t>(sha1.Get(), uuid::cUUIDSize);
+
+    // The version of the UUID will be the lower 4 bits of cUUIDVersion
+    result[6] = (result[6] & 0x0f) | uint8_t((cUUIDVersion & 0xf) << 4);
+    result[8] = (result[8] & 0x3f) | 0x80; // RFC 4122 variant
+
+    return result;
+}
+
 /***********************************************************************************************************************
  * Private
  **********************************************************************************************************************/