Merge pull request #317 from RobertDrazkowskiGL/calib-psa-hash-compute

hug-dev · web-flow · commit f502bd65dcfa · 2021-01-21T12:08:17.000Z
Added support for PsaHashCompute to CryptoAuthLib provider.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -46,6 +46,8 @@ libc = "0.2.77"
 anyhow = "1.0.32"
 # Using a fork until the JWT support is merged into the main rust-spiffe repository
 spiffe = { git = "https://github.com/hug-dev/rust-spiffe", branch = "refactor-jwt" }
+#rust-cryptoauthlib = { git = "https://github.com/RobertDrazkowskiGL/rust-cryptoauthlib.git", optional = true }
+rust-cryptoauthlib = { version = "0.1.0", optional = true }
 
 [dev-dependencies]
 rand = { version = "0.8.2", features = ["small_rng"] }
@@ -58,5 +60,5 @@ default = []
 mbed-crypto-provider = ["psa-crypto"]
 pkcs11-provider = ["pkcs11", "picky-asn1-der", "picky-asn1", "picky-asn1-x509", "psa-crypto", "rand"]
 tpm-provider = ["tss-esapi", "picky-asn1-der", "picky-asn1", "picky-asn1-x509", "hex"]
-cryptoauthlib-provider = []
+cryptoauthlib-provider = ["rust-cryptoauthlib"]
 all-providers = ["tpm-provider", "pkcs11-provider", "mbed-crypto-provider", "cryptoauthlib-provider"]
diff --git a/config.toml b/config.toml
@@ -143,8 +143,24 @@ key_info_manager = "on-disk-manager"
 #owner_hierarchy_auth = "password"
 
 # Example of a CryptoAuthLib provider configuration
-# All below parameters depend on what devices, interfaces or parameters are required or supported by 
+# All below parameters depend on what devices, interfaces or parameters are required or supported by
 # "rust-cryptoauthlib" wrapper for cryptoauthlib and underlying hardware.
 #[[provider]]
 #provider_type = "CryptoAuthLib"
 #key_info_manager = "on-disk-manager"
+# (Required) ATCA device type.
+#   Supported values: "atecc508a", "atecc608a"
+#device_type = "atecc508a"
+# (Required) Interface for ATCA device
+#   Supported values: "i2c"
+#iface_type = "i2c"
+# (Required) Default wake delay for ATCA device
+#wake_delay = 1500
+# (Required) Default number of rx retries for ATCA device
+#rx_retries = 20
+# (Optional - required for i2c) i2c slave addres
+#slave_address = 0xc0
+# (Optional - required for i2c) i2c bus number
+#bus = 1
+# (Optional - required for i2c) i2c bus baud rate
+#baud = 400000
diff --git a/e2e_tests/provider_cfg/all/config.toml b/e2e_tests/provider_cfg/all/config.toml
@@ -43,3 +43,11 @@ user_pin = "123456"
 [[provider]]
 provider_type = "CryptoAuthLib"
 key_info_manager = "on-disk-manager"
+device_type = "atecc508a"
+iface_type = "i2c"
+wake_delay = 1500
+rx_retries = 20
+# i2c parameters for i2c-pseudo proxy
+slave_address = 0xc0
+bus = 1
+baud = 400000
diff --git a/e2e_tests/provider_cfg/cryptoauthlib/config.toml b/e2e_tests/provider_cfg/cryptoauthlib/config.toml
@@ -23,3 +23,11 @@ store_path = "./mappings"
 [[provider]]
 provider_type = "CryptoAuthLib"
 key_info_manager = "on-disk-manager"
+device_type = "atecc508a"
+iface_type = "i2c"
+wake_delay = 1500
+rx_retries = 20
+# i2c parameters for i2c-pseudo proxy
+slave_address = 0xc0
+bus = 1
+baud = 400000
diff --git a/e2e_tests/tests/all_providers/config/tomls/list_providers_1.toml b/e2e_tests/tests/all_providers/config/tomls/list_providers_1.toml
@@ -37,3 +37,11 @@ user_pin = "123456"
 [[provider]]
 provider_type = "CryptoAuthLib"
 key_info_manager = "on-disk-manager"
+device_type = "atecc508a"
+iface_type = "i2c"
+wake_delay = 1500
+rx_retries = 20
+# i2c parameters for i2c-pseudo proxy
+slave_address = 0xc0
+bus = 1
+baud = 400000
diff --git a/e2e_tests/tests/all_providers/config/tomls/list_providers_2.toml b/e2e_tests/tests/all_providers/config/tomls/list_providers_2.toml
@@ -37,3 +37,11 @@ owner_hierarchy_auth = "tpm_pass"
 [[provider]]
 provider_type = "CryptoAuthLib"
 key_info_manager = "on-disk-manager"
+device_type = "atecc508a"
+iface_type = "i2c"
+wake_delay = 1500
+rx_retries = 20
+# i2c parameters for i2c-pseudo proxy
+slave_address = 0xc0
+bus = 1
+baud = 400000
diff --git a/e2e_tests/tests/all_providers/normal.rs b/e2e_tests/tests/all_providers/normal.rs
@@ -44,6 +44,7 @@ fn list_opcodes() {
     let mut client = TestClient::new();
     let mut crypto_providers_hsm = HashSet::new();
     let mut core_provider_opcodes = HashSet::new();
+    let mut crypto_providers_cal = HashSet::new();
 
     let _ = crypto_providers_hsm.insert(Opcode::PsaGenerateKey);
     let _ = crypto_providers_hsm.insert(Opcode::PsaDestroyKey);
@@ -71,6 +72,9 @@ fn list_opcodes() {
     let _ = core_provider_opcodes.insert(Opcode::ListOpcodes);
     let _ = core_provider_opcodes.insert(Opcode::ListKeys);
 
+    // Not that much to be tested ATM
+    let _ = crypto_providers_cal.insert(Opcode::PsaHashCompute);
+
     assert_eq!(
         client
             .list_opcodes(ProviderID::Core)
@@ -95,6 +99,12 @@ fn list_opcodes() {
             .expect("list providers failed"),
         crypto_providers_mbed_crypto
     );
+    assert_eq!(
+        client
+            .list_opcodes(ProviderID::CryptoAuthLib)
+            .expect("list providers failed"),
+            crypto_providers_cal
+    );
 }
 
 #[cfg(feature = "testing")]
diff --git a/src/providers/cryptoauthlib/hash.rs b/src/providers/cryptoauthlib/hash.rs
@@ -0,0 +1,36 @@
+// Copyright 2021 Contributors to the Parsec project.
+// SPDX-License-Identifier: Apache-2.0
+use super::Provider;
+use parsec_interface::operations::psa_algorithm::Hash;
+use parsec_interface::operations::psa_hash_compute;
+use parsec_interface::requests::{ResponseStatus, Result};
+
+impl Provider {
+    pub(super) fn psa_hash_compute_internal(
+        &self,
+        op: psa_hash_compute::Operation,
+    ) -> Result<psa_hash_compute::Result> {
+        let mut hash = vec![0u8; op.alg.hash_length()];
+        match op.alg {
+            Hash::Sha256 => {
+                let message = op.input.to_vec();
+                let err = rust_cryptoauthlib::atcab_sha(message, &mut hash);
+                match err {
+                    rust_cryptoauthlib::AtcaStatus::AtcaSuccess => {
+                        Ok(psa_hash_compute::Result { hash: hash.into() })
+                    }
+                    _ => {
+                        let error = ResponseStatus::PsaErrorGenericError;
+                        format_error!("Hash computation failed ", err);
+                        Err(error)
+                    }
+                }
+            }
+            _ => {
+                let error = ResponseStatus::PsaErrorNotSupported;
+                format_error!("Unsupported hash algorithm ", error);
+                Err(error)
+            }
+        }
+    }
+}
diff --git a/src/providers/cryptoauthlib/mod.rs b/src/providers/cryptoauthlib/mod.rs
diff --git a/src/providers/mod.rs b/src/providers/mod.rs
diff --git a/src/utils/service_builder.rs b/src/utils/service_builder.rs
