Skip to content

Commit

Permalink
Added asymmetric encrypt and decrypt to Mbed Crypto provider
Browse files Browse the repository at this point in the history
Signed-off-by: Samuel Bailey <[email protected]>
  • Loading branch information
sbailey-arm committed Jul 9, 2020
1 parent 6ca8010 commit e45d0e0
Show file tree
Hide file tree
Showing 15 changed files with 521 additions and 48 deletions.
1 change: 1 addition & 0 deletions CONTRIBUTORS.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,4 @@ This file aims to acknowledge the specific contributors referred to in the "Cont
* Ionut Mihalcea (@ionut-arm)
* Hugues de Valon (@hug-dev)
* Jesper Brynolf (@Superhepper)
* Samuel Bailey (@sbailey-arm)
21 changes: 11 additions & 10 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ name = "parsec"
path = "src/bin/main.rs"

[dependencies]
parsec-interface = "0.17.0"
parsec-interface = "0.18.0"
rand = { version = "0.7.2", features = ["small_rng"] }
base64 = "0.10.1"
uuid = "0.7.4"
Expand All @@ -40,7 +40,7 @@ derivative = "2.1.1"
version = "3.0.0"
hex = "0.4.2"
picky = "5.0.0"
psa-crypto = { version = "0.2.1" , default-features = false, features = ["with-mbed-crypto"], optional = true }
psa-crypto = { version = "0.2.2" , default-features = false, features = ["with-mbed-crypto"], optional = true }
zeroize = { version = "1.1.0", features = ["zeroize_derive"] }

[dev-dependencies]
Expand Down
5 changes: 4 additions & 1 deletion e2e_tests/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,13 @@ picky-asn1-der = "0.2.2"
picky-asn1 = "0.2.1"
serde = { version = "1.0", features = ["derive"] }
sha2 = "0.8.1"
parsec-client = { git = "https://github.com/parallaxsecond/parsec-client-rust", features = ["testing"] }
parsec-client = { version = "0.6.0", features = ["testing"] }
log = "0.4.8"
rand = "0.7.3"

[dev-dependencies]
env_logger = "0.7.1"
uuid = "0.7.4"
rsa = "0.3.0"
picky-asn1-x509 = "0.1.0"
base64 = "0.12.3"
147 changes: 145 additions & 2 deletions e2e_tests/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ use parsec_client::auth::AuthenticationData;
use parsec_client::core::basic_client::BasicClient;
use parsec_client::core::interface::operations::list_providers::ProviderInfo;
use parsec_client::core::interface::operations::psa_algorithm::{
Algorithm, AsymmetricSignature, Hash,
Algorithm, AsymmetricEncryption, AsymmetricSignature, Hash,
};
use parsec_client::core::interface::operations::psa_key_attributes::{
Attributes, Lifetime, Policy, Type, UsageFlags,
Expand Down Expand Up @@ -78,6 +78,12 @@ impl TestClient {
ProviderID::Core
}

pub fn is_operation_supported(&mut self, op: Opcode) -> bool {
self.list_opcodes(self.provider().unwrap())
.unwrap()
.contains(&op)
}

/// Manually set the provider to execute the requests.
pub fn set_provider(&mut self, provider: ProviderID) {
self.basic_client.set_implicit_provider(provider);
Expand Down Expand Up @@ -157,6 +163,64 @@ impl TestClient {
)
}

pub fn generate_rsa_encryption_keys_rsapkcs1v15crypt(
&mut self,
key_name: String,
) -> Result<()> {
self.generate_key(
key_name,
Attributes {
lifetime: Lifetime::Persistent,
key_type: Type::RsaKeyPair,
bits: 1024,
policy: Policy {
usage_flags: UsageFlags {
sign_hash: false,
verify_hash: false,
sign_message: false,
verify_message: false,
export: true,
encrypt: true,
decrypt: true,
cache: false,
copy: false,
derive: false,
},
permitted_algorithms: AsymmetricEncryption::RsaPkcs1v15Crypt.into(),
},
},
)
}

pub fn generate_rsa_encryption_keys_rsaoaep_sha256(&mut self, key_name: String) -> Result<()> {
self.generate_key(
key_name,
Attributes {
lifetime: Lifetime::Persistent,
key_type: Type::RsaKeyPair,
bits: 1024,
policy: Policy {
usage_flags: UsageFlags {
sign_hash: false,
verify_hash: false,
sign_message: false,
verify_message: false,
export: true,
encrypt: true,
decrypt: true,
cache: false,
copy: false,
derive: false,
},
permitted_algorithms: AsymmetricEncryption::RsaOaep {
hash_alg: Hash::Sha256,
}
.into(),
},
},
)
}

/// Imports and creates a key with specific attributes.
pub fn import_key(
&mut self,
Expand All @@ -178,7 +242,36 @@ impl TestClient {
Ok(())
}

/// Import a 1024 bits RSA public key.
/// Import a 1024 bit RSA key pair
/// The key pair can only be used for encryption and decryption with RSA PKCS 1v15
pub fn import_rsa_key_pair(&mut self, key_name: String, data: Vec<u8>) -> Result<()> {
self.import_key(
key_name,
Attributes {
lifetime: Lifetime::Persistent,
key_type: Type::RsaKeyPair,
bits: 1024,
policy: Policy {
usage_flags: UsageFlags {
sign_hash: false,
verify_hash: false,
sign_message: false,
verify_message: true,
export: false,
encrypt: true,
decrypt: true,
cache: false,
copy: false,
derive: false,
},
permitted_algorithms: AsymmetricEncryption::RsaPkcs1v15Crypt.into(),
},
},
data,
)
}

/// Import a 1024 bit RSA public key.
/// The key can only be used for verifying with the RSA PKCS 1v15 signing algorithm with SHA-256.
pub fn import_rsa_public_key(&mut self, key_name: String, data: Vec<u8>) -> Result<()> {
self.import_key(
Expand Down Expand Up @@ -287,6 +380,56 @@ impl TestClient {
)
}

pub fn asymmetric_encrypt_message_with_rsapkcs1v15(
&mut self,
key_name: String,
plaintext: Vec<u8>,
) -> Result<Vec<u8>> {
self.asymmetric_encrypt_message(
key_name,
AsymmetricEncryption::RsaPkcs1v15Crypt,
&plaintext,
None,
)
}

pub fn asymmetric_decrypt_message_with_rsapkcs1v15(
&mut self,
key_name: String,
ciphertext: Vec<u8>,
) -> Result<Vec<u8>> {
self.asymmetric_decrypt_message(
key_name,
AsymmetricEncryption::RsaPkcs1v15Crypt,
&ciphertext,
None,
)
}

pub fn asymmetric_encrypt_message(
&mut self,
key_name: String,
encryption_alg: AsymmetricEncryption,
plaintext: &[u8],
salt: Option<&[u8]>,
) -> Result<Vec<u8>> {
self.basic_client
.psa_asymmetric_encrypt(key_name, encryption_alg, &plaintext, salt)
.map_err(convert_error)
}

pub fn asymmetric_decrypt_message(
&mut self,
key_name: String,
encryption_alg: AsymmetricEncryption,
ciphertext: &[u8],
salt: Option<&[u8]>,
) -> Result<Vec<u8>> {
self.basic_client
.psa_asymmetric_decrypt(key_name, encryption_alg, &ciphertext, salt)
.map_err(convert_error)
}

/// Lists the provider available for the Parsec service.
pub fn list_providers(&mut self) -> Result<Vec<ProviderInfo>> {
self.basic_client.list_providers().map_err(convert_error)
Expand Down
Loading

0 comments on commit e45d0e0

Please sign in to comment.