Add documentation, examples and tests #16
Conversation
hug-dev
added
documentation
| /// # verify_message: true, | ||
| /// # ..Default::default() | ||
| /// # }, | ||
| /// # permitted_algorithms: AsymmetricSignature::RsaPkcs1v15Sign { | ||
| /// # hash_alg: Hash::Sha256.into(), |
There was a problem hiding this comment.
Why do this line and the following line contain #?
There was a problem hiding this comment.
It is made to hide portions of the example so it only shows relevent parts. See here for details.
| /// # Example | ||
| /// | ||
| /// ``` | ||
| /// # use psa_crypto::operations::key_management::generate; |
psa-crypto/src/types/key.rs
Outdated
| @@ -35,6 +35,39 @@ impl Attributes { | |||
| } | |||
|
|
|||
| /// Check export in a faillible way | |||
There was a problem hiding this comment.
Not part of this patch, but while you're there: faillible -> fallible
| @@ -8,8 +8,44 @@ use crate::types::key::{Attributes, Id}; | |||
| use crate::types::status::{Result, Status}; | |||
| use core::convert::TryFrom; | |||
|
|
|||
| /// Generate a key | |||
| pub fn generate_key(attributes: Attributes, id: Option<u32>) -> Result<Id> { | |||
There was a problem hiding this comment.
How come you dropped the _key part of the name, because it's in key_management? Then you probably need to modify the examples to call it as key_management::generate(...), because it's confusing as to what generate is and where it is coming from.
There was a problem hiding this comment.
How come you dropped the _key part of the name, because it's in key_management?
Yes, that's the reason!
Then you probably need to modify the examples to call it as key_management::generate(...), because it's confusing as to what generate is and where it is coming from.
Sure, will do.
There was a problem hiding this comment.
You've only modified the examples in this file, the other still import the function directly 🤡 but nevermind, we can discuss under #17
psa-crypto/src/types/algorithm.rs
Outdated
| /// mac_alg: FullLengthMac::Hmac { hash_alg: Hash::Sha256 }, | ||
| /// mac_length: 34, |
There was a problem hiding this comment.
I'm assuming the mac_length is in bytes, not bits, in which case this is invalid because Sha256 has only 32 bytes (not that I'm saying we shouldn't allow that construction, just saying that maybe something below 32 would be better for an example)
There was a problem hiding this comment.
Makes sense, will modify!
| }) | ||
| .try_into() | ||
| .unwrap() | ||
| ); |
There was a problem hiding this comment.
Could you add some checks that fail (i.e. with unwrap_err())?
psa-crypto/src/types/key.rs
Outdated
| impl Default for UsageFlags { | ||
| fn default() -> Self { | ||
| UsageFlags { | ||
| export: false, | ||
| copy: false, | ||
| cache: false, | ||
| encrypt: false, | ||
| decrypt: false, | ||
| sign_message: false, | ||
| verify_message: false, | ||
| sign_hash: false, | ||
| verify_hash: false, | ||
| derive: false, | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
Is this not what deriving Default would obtain?
There was a problem hiding this comment.
Oh yes, you are right, I forgot that you can derive Default
| fn convert() { | ||
| let mut attrs = unsafe { psa_crypto_sys::psa_key_attributes_init() }; | ||
| unsafe { | ||
| psa_crypto_sys::psa_set_key_lifetime( | ||
| &mut attrs, | ||
| psa_crypto_sys::PSA_KEY_LIFETIME_VOLATILE, | ||
| ) | ||
| }; | ||
| unsafe { | ||
| psa_crypto_sys::psa_set_key_usage_flags( | ||
| &mut attrs, | ||
| psa_crypto_sys::PSA_KEY_USAGE_SIGN | psa_crypto_sys::PSA_KEY_USAGE_VERIFY, | ||
| ) | ||
| }; | ||
| unsafe { | ||
| psa_crypto_sys::psa_set_key_algorithm( | ||
| &mut attrs, | ||
| psa_crypto_sys::PSA_ALG_ECDSA(psa_crypto_sys::PSA_ALG_SHA_256), | ||
| ) | ||
| }; | ||
| unsafe { | ||
| psa_crypto_sys::psa_set_key_type( | ||
| &mut attrs, | ||
| psa_crypto_sys::PSA_KEY_TYPE_ECC_KEY_PAIR(psa_crypto_sys::PSA_ECC_CURVE_SECP_K1), | ||
| ) | ||
| }; | ||
| unsafe { psa_crypto_sys::psa_set_key_bits(&mut attrs, 2048) }; | ||
|
|
||
| assert_eq!( | ||
| Attributes { | ||
| key_type: Type::EccKeyPair { | ||
| curve_family: EccFamily::SecpK1, | ||
| }, | ||
| bits: 2048, | ||
| lifetime: Lifetime::Volatile, | ||
| policy: Policy { | ||
| usage_flags: UsageFlags { | ||
| export: false, | ||
| copy: false, | ||
| cache: false, | ||
| encrypt: false, | ||
| decrypt: false, | ||
| sign_message: true, | ||
| verify_message: true, | ||
| sign_hash: true, | ||
| verify_hash: true, | ||
| derive: false, | ||
| }, | ||
| permitted_algorithms: AsymmetricSignature::Ecdsa { | ||
| hash_alg: Hash::Sha256.into(), | ||
| } | ||
| .into(), | ||
| }, | ||
| }, | ||
| attrs.try_into().unwrap() | ||
| ); | ||
| } |
Signed-off-by: Hugues de Valon <hugues.devalon@arm.com>
| @@ -8,8 +8,44 @@ use crate::types::key::{Attributes, Id}; | |||
| use crate::types::status::{Result, Status}; | |||
| use core::convert::TryFrom; | |||
|
|
|||
| /// Generate a key | |||
| pub fn generate_key(attributes: Attributes, id: Option<u32>) -> Result<Id> { | |||
There was a problem hiding this comment.
You've only modified the examples in this file, the other still import the function directly 🤡 but nevermind, we can discuss under #17
Signed-off-by: Hugues de Valon hugues.devalon@arm.com