@@ -13,7 +13,7 @@ use parsec_client::auth::AuthenticationData;
13
13
use parsec_client:: core:: basic_client:: BasicClient ;
14
14
use parsec_client:: core:: interface:: operations:: list_providers:: ProviderInfo ;
15
15
use parsec_client:: core:: interface:: operations:: psa_algorithm:: {
16
- Algorithm , AsymmetricSignature , Hash ,
16
+ Algorithm , AsymmetricEncryption , AsymmetricSignature , Hash ,
17
17
} ;
18
18
use parsec_client:: core:: interface:: operations:: psa_key_attributes:: {
19
19
Attributes , Lifetime , Policy , Type , UsageFlags ,
@@ -78,6 +78,12 @@ impl TestClient {
78
78
ProviderID :: Core
79
79
}
80
80
81
+ pub fn is_operation_supported ( & mut self , op : Opcode ) -> bool {
82
+ self . list_opcodes ( self . provider ( ) . unwrap ( ) )
83
+ . unwrap ( )
84
+ . contains ( & op)
85
+ }
86
+
81
87
/// Manually set the provider to execute the requests.
82
88
pub fn set_provider ( & mut self , provider : ProviderID ) {
83
89
self . basic_client . set_implicit_provider ( provider) ;
@@ -157,6 +163,64 @@ impl TestClient {
157
163
)
158
164
}
159
165
166
+ pub fn generate_rsa_encryption_keys_rsapkcs1v15crypt (
167
+ & mut self ,
168
+ key_name : String ,
169
+ ) -> Result < ( ) > {
170
+ self . generate_key (
171
+ key_name,
172
+ Attributes {
173
+ lifetime : Lifetime :: Persistent ,
174
+ key_type : Type :: RsaKeyPair ,
175
+ bits : 1024 ,
176
+ policy : Policy {
177
+ usage_flags : UsageFlags {
178
+ sign_hash : false ,
179
+ verify_hash : false ,
180
+ sign_message : false ,
181
+ verify_message : false ,
182
+ export : true ,
183
+ encrypt : true ,
184
+ decrypt : true ,
185
+ cache : false ,
186
+ copy : false ,
187
+ derive : false ,
188
+ } ,
189
+ permitted_algorithms : AsymmetricEncryption :: RsaPkcs1v15Crypt . into ( ) ,
190
+ } ,
191
+ } ,
192
+ )
193
+ }
194
+
195
+ pub fn generate_rsa_encryption_keys_rsaoaep_sha256 ( & mut self , key_name : String ) -> Result < ( ) > {
196
+ self . generate_key (
197
+ key_name,
198
+ Attributes {
199
+ lifetime : Lifetime :: Persistent ,
200
+ key_type : Type :: RsaKeyPair ,
201
+ bits : 1024 ,
202
+ policy : Policy {
203
+ usage_flags : UsageFlags {
204
+ sign_hash : false ,
205
+ verify_hash : false ,
206
+ sign_message : false ,
207
+ verify_message : false ,
208
+ export : true ,
209
+ encrypt : true ,
210
+ decrypt : true ,
211
+ cache : false ,
212
+ copy : false ,
213
+ derive : false ,
214
+ } ,
215
+ permitted_algorithms : AsymmetricEncryption :: RsaOaep {
216
+ hash_alg : Hash :: Sha256 ,
217
+ }
218
+ . into ( ) ,
219
+ } ,
220
+ } ,
221
+ )
222
+ }
223
+
160
224
/// Imports and creates a key with specific attributes.
161
225
pub fn import_key (
162
226
& mut self ,
@@ -178,7 +242,36 @@ impl TestClient {
178
242
Ok ( ( ) )
179
243
}
180
244
181
- /// Import a 1024 bits RSA public key.
245
+ /// Import a 1024 bit RSA key pair
246
+ /// The key pair can only be used for encryption and decryption with RSA PKCS 1v15
247
+ pub fn import_rsa_key_pair ( & mut self , key_name : String , data : Vec < u8 > ) -> Result < ( ) > {
248
+ self . import_key (
249
+ key_name,
250
+ Attributes {
251
+ lifetime : Lifetime :: Persistent ,
252
+ key_type : Type :: RsaKeyPair ,
253
+ bits : 1024 ,
254
+ policy : Policy {
255
+ usage_flags : UsageFlags {
256
+ sign_hash : false ,
257
+ verify_hash : false ,
258
+ sign_message : false ,
259
+ verify_message : true ,
260
+ export : false ,
261
+ encrypt : true ,
262
+ decrypt : true ,
263
+ cache : false ,
264
+ copy : false ,
265
+ derive : false ,
266
+ } ,
267
+ permitted_algorithms : AsymmetricEncryption :: RsaPkcs1v15Crypt . into ( ) ,
268
+ } ,
269
+ } ,
270
+ data,
271
+ )
272
+ }
273
+
274
+ /// Import a 1024 bit RSA public key.
182
275
/// The key can only be used for verifying with the RSA PKCS 1v15 signing algorithm with SHA-256.
183
276
pub fn import_rsa_public_key ( & mut self , key_name : String , data : Vec < u8 > ) -> Result < ( ) > {
184
277
self . import_key (
@@ -287,6 +380,56 @@ impl TestClient {
287
380
)
288
381
}
289
382
383
+ pub fn asymmetric_encrypt_message_with_rsapkcs1v15 (
384
+ & mut self ,
385
+ key_name : String ,
386
+ plaintext : Vec < u8 > ,
387
+ ) -> Result < Vec < u8 > > {
388
+ self . asymmetric_encrypt_message (
389
+ key_name,
390
+ AsymmetricEncryption :: RsaPkcs1v15Crypt ,
391
+ & plaintext,
392
+ None ,
393
+ )
394
+ }
395
+
396
+ pub fn asymmetric_decrypt_message_with_rsapkcs1v15 (
397
+ & mut self ,
398
+ key_name : String ,
399
+ ciphertext : Vec < u8 > ,
400
+ ) -> Result < Vec < u8 > > {
401
+ self . asymmetric_decrypt_message (
402
+ key_name,
403
+ AsymmetricEncryption :: RsaPkcs1v15Crypt ,
404
+ & ciphertext,
405
+ None ,
406
+ )
407
+ }
408
+
409
+ pub fn asymmetric_encrypt_message (
410
+ & mut self ,
411
+ key_name : String ,
412
+ encryption_alg : AsymmetricEncryption ,
413
+ plaintext : & [ u8 ] ,
414
+ salt : Option < & [ u8 ] > ,
415
+ ) -> Result < Vec < u8 > > {
416
+ self . basic_client
417
+ . psa_asymmetric_encrypt ( key_name, encryption_alg, & plaintext, salt)
418
+ . map_err ( convert_error)
419
+ }
420
+
421
+ pub fn asymmetric_decrypt_message (
422
+ & mut self ,
423
+ key_name : String ,
424
+ encryption_alg : AsymmetricEncryption ,
425
+ ciphertext : & [ u8 ] ,
426
+ salt : Option < & [ u8 ] > ,
427
+ ) -> Result < Vec < u8 > > {
428
+ self . basic_client
429
+ . psa_asymmetric_decrypt ( key_name, encryption_alg, & ciphertext, salt)
430
+ . map_err ( convert_error)
431
+ }
432
+
290
433
/// Lists the provider available for the Parsec service.
291
434
pub fn list_providers ( & mut self ) -> Result < Vec < ProviderInfo > > {
292
435
self . basic_client . list_providers ( ) . map_err ( convert_error)
0 commit comments