Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added asymmetric encrypt and decrypt to Mbed Crypto provider #196

Merged
merged 1 commit into from
Jul 9, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CONTRIBUTORS.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,4 @@ This file aims to acknowledge the specific contributors referred to in the "Cont
* Ionut Mihalcea (@ionut-arm)
* Hugues de Valon (@hug-dev)
* Jesper Brynolf (@Superhepper)
* Samuel Bailey (@sbailey-arm)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👌

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🌞

21 changes: 11 additions & 10 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ name = "parsec"
path = "src/bin/main.rs"

[dependencies]
parsec-interface = "0.17.0"
parsec-interface = "0.18.0"
rand = { version = "0.7.2", features = ["small_rng"] }
base64 = "0.10.1"
uuid = "0.7.4"
Expand All @@ -40,7 +40,7 @@ derivative = "2.1.1"
version = "3.0.0"
hex = "0.4.2"
picky = "5.0.0"
psa-crypto = { version = "0.2.1" , default-features = false, features = ["with-mbed-crypto"], optional = true }
psa-crypto = { version = "0.2.2" , default-features = false, features = ["with-mbed-crypto"], optional = true }
zeroize = { version = "1.1.0", features = ["zeroize_derive"] }
picky-asn1-x509 = { version = "0.1.0", optional = true }

Expand Down
4 changes: 3 additions & 1 deletion e2e_tests/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -25,4 +25,6 @@ rand = "0.7.3"
[dev-dependencies]
env_logger = "0.7.1"
uuid = "0.7.4"
picky-asn1-x509 = "0.1.0"
rsa = "0.3.0"
picky-asn1-x509 = "0.1.0"
base64 = "0.12.3"
147 changes: 145 additions & 2 deletions e2e_tests/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ use parsec_client::auth::AuthenticationData;
use parsec_client::core::basic_client::BasicClient;
use parsec_client::core::interface::operations::list_providers::ProviderInfo;
use parsec_client::core::interface::operations::psa_algorithm::{
Algorithm, AsymmetricSignature, Hash,
Algorithm, AsymmetricEncryption, AsymmetricSignature, Hash,
};
use parsec_client::core::interface::operations::psa_key_attributes::{
Attributes, Lifetime, Policy, Type, UsageFlags,
Expand Down Expand Up @@ -79,6 +79,12 @@ impl TestClient {
ProviderID::Core
}

pub fn is_operation_supported(&mut self, op: Opcode) -> bool {
self.list_opcodes(self.provider().unwrap())
.unwrap()
.contains(&op)
}

/// Manually set the provider to execute the requests.
pub fn set_provider(&mut self, provider: ProviderID) {
self.basic_client.set_implicit_provider(provider);
Expand Down Expand Up @@ -158,6 +164,64 @@ impl TestClient {
)
}

pub fn generate_rsa_encryption_keys_rsapkcs1v15crypt(
&mut self,
key_name: String,
) -> Result<()> {
self.generate_key(
key_name,
Attributes {
lifetime: Lifetime::Persistent,
key_type: Type::RsaKeyPair,
bits: 1024,
policy: Policy {
usage_flags: UsageFlags {
sign_hash: false,
verify_hash: false,
sign_message: false,
verify_message: false,
export: true,
encrypt: true,
decrypt: true,
cache: false,
copy: false,
derive: false,
},
permitted_algorithms: AsymmetricEncryption::RsaPkcs1v15Crypt.into(),
},
},
)
}

pub fn generate_rsa_encryption_keys_rsaoaep_sha256(&mut self, key_name: String) -> Result<()> {
self.generate_key(
key_name,
Attributes {
lifetime: Lifetime::Persistent,
key_type: Type::RsaKeyPair,
bits: 1024,
policy: Policy {
usage_flags: UsageFlags {
sign_hash: false,
verify_hash: false,
sign_message: false,
verify_message: false,
export: true,
encrypt: true,
decrypt: true,
cache: false,
copy: false,
derive: false,
},
permitted_algorithms: AsymmetricEncryption::RsaOaep {
hash_alg: Hash::Sha256,
}
.into(),
},
},
)
}

/// Imports and creates a key with specific attributes.
pub fn import_key(
&mut self,
Expand All @@ -179,7 +243,36 @@ impl TestClient {
Ok(())
}

/// Import a 1024 bits RSA public key.
/// Import a 1024 bit RSA key pair
/// The key pair can only be used for encryption and decryption with RSA PKCS 1v15
pub fn import_rsa_key_pair(&mut self, key_name: String, data: Vec<u8>) -> Result<()> {
self.import_key(
key_name,
Attributes {
lifetime: Lifetime::Persistent,
key_type: Type::RsaKeyPair,
bits: 1024,
policy: Policy {
usage_flags: UsageFlags {
sign_hash: false,
verify_hash: false,
sign_message: false,
verify_message: true,
export: false,
encrypt: true,
decrypt: true,
cache: false,
copy: false,
derive: false,
},
permitted_algorithms: AsymmetricEncryption::RsaPkcs1v15Crypt.into(),
},
},
data,
)
}

/// Import a 1024 bit RSA public key.
/// The key can only be used for verifying with the RSA PKCS 1v15 signing algorithm with SHA-256.
pub fn import_rsa_public_key(&mut self, key_name: String, data: Vec<u8>) -> Result<()> {
self.import_key(
Expand Down Expand Up @@ -288,6 +381,56 @@ impl TestClient {
)
}

pub fn asymmetric_encrypt_message_with_rsapkcs1v15(
&mut self,
key_name: String,
plaintext: Vec<u8>,
) -> Result<Vec<u8>> {
self.asymmetric_encrypt_message(
key_name,
AsymmetricEncryption::RsaPkcs1v15Crypt,
&plaintext,
None,
)
}

pub fn asymmetric_decrypt_message_with_rsapkcs1v15(
&mut self,
key_name: String,
ciphertext: Vec<u8>,
) -> Result<Vec<u8>> {
self.asymmetric_decrypt_message(
key_name,
AsymmetricEncryption::RsaPkcs1v15Crypt,
&ciphertext,
None,
)
}

pub fn asymmetric_encrypt_message(
&mut self,
key_name: String,
encryption_alg: AsymmetricEncryption,
plaintext: &[u8],
salt: Option<&[u8]>,
) -> Result<Vec<u8>> {
self.basic_client
.psa_asymmetric_encrypt(key_name, encryption_alg, &plaintext, salt)
.map_err(convert_error)
}

pub fn asymmetric_decrypt_message(
&mut self,
key_name: String,
encryption_alg: AsymmetricEncryption,
ciphertext: &[u8],
salt: Option<&[u8]>,
) -> Result<Vec<u8>> {
self.basic_client
.psa_asymmetric_decrypt(key_name, encryption_alg, &ciphertext, salt)
.map_err(convert_error)
}

/// Lists the provider available for the Parsec service.
pub fn list_providers(&mut self) -> Result<Vec<ProviderInfo>> {
self.basic_client.list_providers().map_err(convert_error)
Expand Down
Loading