Added asymmetric encrypt and decrypt to Mbed Crypto provider

Signed-off-by: Samuel Bailey <samuel.bailey@arm.com>
parallaxsecond · Jul 8, 2020 · 1f9f841 · 1f9f841
1 parent 6ca8010
commit 1f9f841
Show file tree

Hide file tree

Showing 13 changed files with 524 additions and 28 deletions.
diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md
@@ -12,3 +12,4 @@ This file aims to acknowledge the specific contributors referred to in the "Cont
 * Ionut Mihalcea (@ionut-arm)
 * Hugues de Valon (@hug-dev)
 * Jesper Brynolf (@Superhepper)
+* Samuel Bailey (@sbailey-arm)
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -18,7 +18,7 @@ name = "parsec"
 path = "src/bin/main.rs"
 
 [dependencies]
-parsec-interface = "0.17.0"
+parsec-interface = "0.18.0"
 rand = { version = "0.7.2", features = ["small_rng"] }
 base64 = "0.10.1"
 uuid = "0.7.4"
@@ -40,7 +40,7 @@ derivative = "2.1.1"
 version = "3.0.0"
 hex = "0.4.2"
 picky = "5.0.0"
-psa-crypto = { version = "0.2.1" , default-features = false, features = ["with-mbed-crypto"], optional = true }
+psa-crypto = { version = "0.2.2" , default-features = false, features = ["with-mbed-crypto"], optional = true }
 zeroize = { version = "1.1.0", features = ["zeroize_derive"] }
 
 [dev-dependencies]

diff --git a/e2e_tests/Cargo.toml b/e2e_tests/Cargo.toml
@@ -18,10 +18,13 @@ picky-asn1-der = "0.2.2"
 picky-asn1 = "0.2.1"
 serde = { version = "1.0", features = ["derive"] }
 sha2 = "0.8.1"
-parsec-client = { git = "https://github.com/parallaxsecond/parsec-client-rust", features = ["testing"] }
+parsec-client = { version = "0.6.0", features = ["testing"] }
 log = "0.4.8"
 rand = "0.7.3"
 
 [dev-dependencies]
 env_logger = "0.7.1"
 uuid = "0.7.4"
+rsa = "0.3.0"
+picky-asn1-x509 = "0.1.0"
+base64 = "0.12.3"
diff --git a/e2e_tests/src/lib.rs b/e2e_tests/src/lib.rs
@@ -13,7 +13,7 @@ use parsec_client::auth::AuthenticationData;
 use parsec_client::core::basic_client::BasicClient;
 use parsec_client::core::interface::operations::list_providers::ProviderInfo;
 use parsec_client::core::interface::operations::psa_algorithm::{
-    Algorithm, AsymmetricSignature, Hash,
+    Algorithm, AsymmetricSignature, AsymmetricEncryption, Hash,
 };
 use parsec_client::core::interface::operations::psa_key_attributes::{
     Attributes, Lifetime, Policy, Type, UsageFlags,
@@ -157,6 +157,60 @@ impl TestClient {
         )
     }
 
+    pub fn generate_rsa_encryption_keys_rsapkcs1v15crypt(&mut self, key_name: String) -> Result<()> {
+        self.generate_key(
+            key_name,
+            Attributes {
+                lifetime: Lifetime::Persistent,
+                key_type: Type::RsaKeyPair,
+                bits: 1024,
+                policy: Policy {
+                    usage_flags: UsageFlags {
+                        sign_hash: false,
+                        verify_hash: false,
+                        sign_message: false,
+                        verify_message: false,
+                        export: true,
+                        encrypt: true,
+                        decrypt: true,
+                        cache: false,
+                        copy: false,
+                        derive: false,
+                    },
+                    permitted_algorithms: AsymmetricEncryption::RsaPkcs1v15Crypt.into(),
+                },
+            }
+        )
+    }
+
+    pub fn generate_rsa_encryption_keys_rsaoaep_sha256(&mut self, key_name: String) -> Result<()> {
+        self.generate_key(
+            key_name,
+            Attributes {
+                lifetime: Lifetime::Persistent,
+                key_type: Type::RsaKeyPair,
+                bits: 1024,
+                policy: Policy {
+                    usage_flags: UsageFlags {
+                        sign_hash: false,
+                        verify_hash: false,
+                        sign_message: false,
+                        verify_message: false,
+                        export: true,
+                        encrypt: true,
+                        decrypt: true,
+                        cache: false,
+                        copy: false,
+                        derive: false,
+                    },
+                    permitted_algorithms: AsymmetricEncryption::RsaOaep{
+                        hash_alg: Hash::Sha256,
+                    }.into(),
+                },
+            }
+        )
+    }
+
     /// Imports and creates a key with specific attributes.
     pub fn import_key(
         &mut self,
@@ -178,7 +232,36 @@ impl TestClient {
         Ok(())
     }
 
-    /// Import a 1024 bits RSA public key.
+    /// Import a 1024 bit RSA key pair
+    /// The key pair can only be used for encryption and decryption with RSA PKCS 1v15
+    pub fn import_rsa_key_pair(&mut self, key_name: String, data: Vec<u8>) -> Result<()> {
+        self.import_key(
+            key_name,
+                Attributes {
+                lifetime: Lifetime::Persistent,
+                key_type: Type::RsaKeyPair,
+                bits: 1024,
+                policy: Policy {
+                    usage_flags: UsageFlags {
+                        sign_hash: false,
+                        verify_hash: false,
+                        sign_message: false,
+                        verify_message: true,
+                        export: false,
+                        encrypt: true,
+                        decrypt: true,
+                        cache: false,
+                        copy: false,
+                        derive: false,
+                    },
+                    permitted_algorithms: AsymmetricEncryption::RsaPkcs1v15Crypt.into(),
+                },
+            },
+            data,
+        )
+    }
+
+    /// Import a 1024 bit RSA public key.
     /// The key can only be used for verifying with the RSA PKCS 1v15 signing algorithm with SHA-256.
     pub fn import_rsa_public_key(&mut self, key_name: String, data: Vec<u8>) -> Result<()> {
         self.import_key(
@@ -287,6 +370,64 @@ impl TestClient {
         )
     }
 
+    pub fn asymmetric_encrypt_message_with_rsapkcs1v15(
+        &mut self,
+        key_name: String,
+        plaintext: Vec<u8>,
+    ) -> Result<Vec<u8>> {
+        self.asymmetric_encrypt_message(
+            key_name,
+            AsymmetricEncryption::RsaPkcs1v15Crypt,
+            &plaintext,
+            None,
+        )
+    }
+
+    pub fn asymmetric_decrypt_message_with_rsapkcs1v15(
+        &mut self,
+        key_name: String,
+        ciphertext: Vec<u8>,
+    ) -> Result<Vec<u8>> {
+        self.asymmetric_decrypt_message(
+            key_name,
+            AsymmetricEncryption::RsaPkcs1v15Crypt,
+            &ciphertext,
+            None,
+        )
+    }
+
+    pub fn asymmetric_encrypt_message(
+        &mut self,
+        key_name: String,
+        encryption_alg: AsymmetricEncryption,
+        plaintext: &[u8],
+        salt: Option<&[u8]>) -> Result<Vec<u8>> {
+        self.basic_client
+            .psa_asymmetric_encrypt(
+                key_name,
+                encryption_alg,
+                &plaintext,
+                salt,
+            )
+            .map_err(convert_error)
+    }
+
+    pub fn asymmetric_decrypt_message(
+        &mut self,
+        key_name: String,
+        encryption_alg: AsymmetricEncryption,
+        ciphertext: &[u8],
+        salt: Option<&[u8]>) -> Result<Vec<u8>> {
+        self.basic_client
+            .psa_asymmetric_decrypt(
+                key_name,
+                encryption_alg,
+                &ciphertext,
+                salt,
+            )
+            .map_err(convert_error)
+    }
+
     /// Lists the provider available for the Parsec service.
     pub fn list_providers(&mut self) -> Result<Vec<ProviderInfo>> {
         self.basic_client.list_providers().map_err(convert_error)