Added aead encrypt decrypt, hash compute compare and raw key agreement #229
Conversation
| self.result_to_response(NativeResult::PsaHashCompare(result), header) | ||
| } | ||
| NativeOperation::PsaGenerateRandom(_) => { | ||
| panic!("Unsupported in this PR"); |
There was a problem hiding this comment.
The two panic!s are to pass CI. We have pending PRs for PsaGenerateRandom and ListAuthenticators, so should be immediately removed once those are merged.
Cargo.toml
Outdated
| [patch.crates-io] | ||
| psa-crypto = { git = "https://github.com/parallaxsecond/rust-psa-crypto" } |
There was a problem hiding this comment.
Yes, latest version with the helper methods has not been released on crates.io.
There was a problem hiding this comment.
Ah! I will release a new version.
e2e_tests/src/lib.rs
Outdated
| Attributes { | ||
| lifetime: Lifetime::Persistent, | ||
| key_type: Type::Aes, | ||
| bits: 0, |
There was a problem hiding this comment.
Is it fine for bits to be 0 here? Similarly for other functions
There was a problem hiding this comment.
Apparently! Some of the tests were taken from Mbed TLS, which used default (0) bits. I can try changing them but I'm pertty sure in some instances I ran into trouble when changing from 0 to something else.
There was a problem hiding this comment.
Hmm that's weird. It says:
The size of the key can be 16 bytes (AES-128), 24 bytes (AES-192) or 32 bytes (AES-256).
| 0x1f, 0x57, 0xdd, 0x3a, 0x7d, 0xfe, 0xd3, 0xc5, 0xef, 0x24, 0x1f, 0xa3, 0xf0, 0x0c, 0x5c, 0x02, 0xda, 0x98, 0x55, 0x97, 0x0d]; | ||
|
|
||
| #[test] | ||
| fn simple_aead_encrypt_ccm() { |
There was a problem hiding this comment.
Awesome 🥳 So nice to see the end result of those tests after so much effort!
| return; | ||
| } | ||
|
|
||
| let hash = client.hash_compute(Hash::Sha512, &MESSAGE).unwrap(); |
There was a problem hiding this comment.
You used Sha512 and not Whirlpool :)
There was a problem hiding this comment.
Whoops, I originally used whirlpool but found we don't support it.
| @@ -0,0 +1,78 @@ | |||
| // Copyright 2020 Contributors to the Parsec project. | |||
There was a problem hiding this comment.
For raw key agreement can you have a test where you generate two keys pairs, do the raw agreement on each private key with the other key pair's public key and verify that the shared secret output is the same?
| @@ -7,8 +7,9 @@ use derivative::Derivative; | |||
| use log::{error, trace}; | |||
There was a problem hiding this comment.
You might need to add in that file the new supported opcodes. And modify one test that is about it as well I think.
src/providers/mbed_provider/mod.rs
Outdated
| &self, | ||
| op: psa_hash_compute::Operation, | ||
| ) -> Result<psa_hash_compute::Result> { | ||
| trace!("psa_hash_compute"); |
There was a problem hiding this comment.
You forgot the ingress there :)
sbailey-arm
force-pushed
the
master
branch
4 times, most recently
from
da31705
to
2e72c2a
Compare
sbailey-arm
force-pushed
the
master
branch
7 times, most recently
from
a74bd9e
to
53e9253
Compare
| let shared_secret_2_then_1 = client | ||
| .raw_key_agreement(RawKeyAgreement::Ecdh, key_name_2.clone(), &public_key_1) | ||
| .unwrap(); | ||
| assert_eq!(shared_secret_1_then_2, shared_secret_2_then_1); |
There was a problem hiding this comment.
So nice to know it actually works 👏
Signed-off-by: Samuel Bailey <samuel.bailey@arm.com>
Bit of a big 'un but chunks of it are pretty simple and it saved adding more panics for individual operations.
Signed-off-by: Samuel Bailey samuel.bailey@arm.com