PKCS11 provider serial_number configuration

[anta5010]

It's now possible (and recommended) to configure Parsec PKCS11 provider with a PKCS11 token serial number instead of a slot ID.

When I tested this feature with a Nitrokey HSM module I initially got an error:

$ pkcs11-tool -L
Available slots:
Slot 0 (0x0): Nitrokey Nitrokey HSM (DENK01022270000         ) 00 00
  token label        : SmartCard-HSM (UserPIN)
  token manufacturer : www.CardContact.de
  token model        : PKCS#15 emulated
  token flags        : login required, rng, token initialized, PIN initialized
  hardware version   : 24.13
  firmware version   : 3.1
  serial num         : DENK0102227
  pin min/max        : 6/15

$ grep serial /home/pi/anta/config-PKCS11.toml
serial_number = "DENK0102227"

$ RUST_LOG=trace /home/pi/anta/parsec/target/release/parsec -c /home/pi/anta/config-PKCS11.toml
[INFO  parsec] Parsec started. Configuring the service...
[INFO  parsec_service::utils::service_builder] Creating a PKCS 11 Provider.
[INFO  parsec_service::providers::pkcs11] Building a PKCS 11 provider with library '/usr/lib/arm-linux-gnueabihf/opensc-pkcs11.so'
[TRACE parsec_service::providers::pkcs11] Initialize command
[ERROR parsec_service::utils::service_builder] Provider with ID PKCS #11 provider cannot be created; Error: No token with the provided serial number
Error: failed to create provider

After some debugging and reading specs I found that the serial number must be 16 characters long and must be padded with spaces:
http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html#_Toc416959687

I fixed my issue by updating Parsec config with
serial_number = "DENK0102227 "

pkcs11-tool -L doesn’t print the trailing spaces which can cause confusions like I had.

So, we can resolve the issue with either:

1. Strip trailing spaces from both serial numbers when we do this comparison

   parsec/src/providers/pkcs11/mod.rs

   Line 527 in f302e27

   if sn == serial_number {

   or
2. We update config file parsing procedure and generate an error when serial_number is shorter than 16 chars. The Parsec config file template should also include details about serial_number length requirements and padding with spaces.

[mohamedasaker-arm]

I am in favour of the first solution as it enhances the UX.
we may give a warning about the 16 chars requirement for clarity.

[ionut-arm]

I'm in favour of the first solution for the same reason - much nicer to work with unpaded strings.

But I'd also like to document this behaviour in the config file.

[mohamedasaker-arm]

If we document the behaviour, there is no need for the warning.
If all agree, I can work on it.