Update attribute handling in PKCS11 provider

This commit brings several improvements to the PKCS11 provider.

It updates the way we handle parameters for the PKCS11
provider, making the process of adding support for new key types more
straight forward.
It creates abstractions over PKCS11 types to safely handle some of the
functionality that the pkcs11 crate requires.
It adds asymmetric encryption and decryption support for the PKCS11
provider.
It improves the way we handle test distribution, so each test is run
only for the providers that support that functionality. Since SoftHSM
does not support RSA OAEP with anything but SHA1, a new test was added
for that.

Co-authored-by: Ionut Mihalcea <ionut.mihalcea@arm.com>
Co-authored-by: Hugues de Valon <hugues.devalon@arm.com>

Signed-off-by: Ionut Mihalcea <ionut.mihalcea@arm.com>

Author: ionut-arm

Cargo.lock

@@ -42,7 +42,7 @@ hex = "0.4.2"
 picky = "5.0.0"
 psa-crypto = { version = "0.5.0" , default-features = false, features = ["operations"], optional = true }
 zeroize = { version = "1.1.0", features = ["zeroize_derive"] }
-picky-asn1-x509 = { version = "0.1.0", optional = true }
+picky-asn1-x509 = { version = "0.3.0", optional = true }
 users = "0.10.0"
 libc = "0.2.72"
 

Cargo.toml

@@ -68,8 +68,10 @@ while [ "$#" -gt 0 ]; do
             cp $(pwd)/e2e_tests/provider_cfg/$1/config.toml $CONFIG_PATH
             if [ "$PROVIDER_NAME" = "all" ]; then
                 FEATURES="--features=all-providers,no-parsec-user-and-clients-group"
+                TEST_FEATURES="--features=all-providers"
             else
                 FEATURES="--features=$1-provider,no-parsec-user-and-clients-group"
+                TEST_FEATURES="--features=$1-provider"
             fi
         ;;
         *)
@@ -134,15 +136,15 @@ pgrep -f target/debug/parsec >/dev/null
 
 if [ "$PROVIDER_NAME" = "all" ]; then
     echo "Execute all-providers tests"
-    RUST_BACKTRACE=1 cargo test --manifest-path ./e2e_tests/Cargo.toml all_providers
-    RUST_BACKTRACE=1 cargo test --manifest-path ./e2e_tests/Cargo.toml config
+    RUST_BACKTRACE=1 cargo test $TEST_FEATURES --manifest-path ./e2e_tests/Cargo.toml all_providers
+    RUST_BACKTRACE=1 cargo test $TEST_FEATURES --manifest-path ./e2e_tests/Cargo.toml config
 else
     # Per provider tests
     echo "Execute normal tests"
-    RUST_BACKTRACE=1 cargo test --manifest-path ./e2e_tests/Cargo.toml normal_tests
+    RUST_BACKTRACE=1 cargo test $TEST_FEATURES --manifest-path ./e2e_tests/Cargo.toml normal_tests
 
     echo "Execute persistent test, before the reload"
-    RUST_BACKTRACE=1 cargo test --manifest-path ./e2e_tests/Cargo.toml persistent_before
+    RUST_BACKTRACE=1 cargo test $TEST_FEATURES --manifest-path ./e2e_tests/Cargo.toml persistent_before
 
     # Create a fake mapping file for the root application, the provider and a
     # key name of "Test Key". It contains a valid KeyInfo structure.
@@ -170,7 +172,7 @@ else
     sleep 5
 
     echo "Execute persistent test, after the reload"
-    RUST_BACKTRACE=1 cargo test --manifest-path ./e2e_tests/Cargo.toml persistent_after
+    RUST_BACKTRACE=1 cargo test $TEST_FEATURES --manifest-path ./e2e_tests/Cargo.toml persistent_after
 
     if [ -z "$NO_STRESS_TEST" ]; then
         echo "Shutdown Parsec"
@@ -186,6 +188,6 @@ else
         sleep 5
 
         echo "Execute stress tests"
-        RUST_BACKTRACE=1 cargo test --manifest-path ./e2e_tests/Cargo.toml stress_test
+        RUST_BACKTRACE=1 cargo test $TEST_FEATURES --manifest-path ./e2e_tests/Cargo.toml stress_test
 	fi
 fi

ci.sh

@@ -28,3 +28,9 @@ uuid = "0.7.4"
 rsa = "0.3.0"
 picky-asn1-x509 = "0.1.0"
 base64 = "0.12.3"
+
+[features]
+mbed-crypto-provider = []
+tpm-provider = []
+pkcs11-provider = []
+all-providers = ["pkcs11-provider","tpm-provider","mbed-crypto-provider"]

e2e_tests/Cargo.toml

@@ -252,6 +252,36 @@ impl TestClient {
         )
     }
 
+    #[allow(deprecated)]
+    pub fn generate_rsa_encryption_keys_rsaoaep_sha1(&mut self, key_name: String) -> Result<()> {
+        self.generate_key(
+            key_name,
+            Attributes {
+                lifetime: Lifetime::Persistent,
+                key_type: Type::RsaKeyPair,
+                bits: 1024,
+                policy: Policy {
+                    usage_flags: UsageFlags {
+                        sign_hash: false,
+                        verify_hash: false,
+                        sign_message: false,
+                        verify_message: false,
+                        export: true,
+                        encrypt: true,
+                        decrypt: true,
+                        cache: false,
+                        copy: false,
+                        derive: false,
+                    },
+                    permitted_algorithms: AsymmetricEncryption::RsaOaep {
+                        hash_alg: Hash::Sha1,
+                    }
+                    .into(),
+                },
+            },
+        )
+    }
+
     pub fn generate_ecc_key_pair_secpk1_deterministic_ecdsa_sha256(
         &mut self,
         key_name: String,
@@ -610,6 +640,40 @@ impl TestClient {
         )
     }
 
+    #[allow(deprecated)]
+    pub fn asymmetric_encrypt_message_with_rsaoaep_sha1(
+        &mut self,
+        key_name: String,
+        plaintext: Vec<u8>,
+        salt: Vec<u8>,
+    ) -> Result<Vec<u8>> {
+        self.asymmetric_encrypt_message(
+            key_name,
+            AsymmetricEncryption::RsaOaep {
+                hash_alg: Hash::Sha1,
+            },
+            &plaintext,
+            Some(&salt),
+        )
+    }
+
+    #[allow(deprecated)]
+    pub fn asymmetric_decrypt_message_with_rsaoaep_sha1(
+        &mut self,
+        key_name: String,
+        ciphertext: Vec<u8>,
+        salt: Vec<u8>,
+    ) -> Result<Vec<u8>> {
+        self.asymmetric_decrypt_message(
+            key_name,
+            AsymmetricEncryption::RsaOaep {
+                hash_alg: Hash::Sha1,
+            },
+            &ciphertext,
+            Some(&salt),
+        )
+    }
+
     pub fn asymmetric_encrypt_message(
         &mut self,
         key_name: String,

e2e_tests/src/lib.rs

@@ -33,10 +33,10 @@ fn list_opcodes() {
     let _ = crypto_providers_hsm.insert(Opcode::PsaVerifyHash);
     let _ = crypto_providers_hsm.insert(Opcode::PsaImportKey);
     let _ = crypto_providers_hsm.insert(Opcode::PsaExportPublicKey);
+    let _ = crypto_providers_hsm.insert(Opcode::PsaAsymmetricDecrypt);
+    let _ = crypto_providers_hsm.insert(Opcode::PsaAsymmetricEncrypt);
 
-    let mut crypto_providers_tpm = crypto_providers_hsm.clone();
-    let _ = crypto_providers_tpm.insert(Opcode::PsaAsymmetricDecrypt);
-    let _ = crypto_providers_tpm.insert(Opcode::PsaAsymmetricEncrypt);
+    let crypto_providers_tpm = crypto_providers_hsm.clone();
 
     let mut crypto_providers_mbed_crypto = crypto_providers_tpm.clone();
     let _ = crypto_providers_mbed_crypto.insert(Opcode::PsaHashCompute);

e2e_tests/tests/all_providers/mod.rs

@@ -1,7 +1,9 @@
 // Copyright 2020 Contributors to the Parsec project.
 // SPDX-License-Identifier: Apache-2.0
+#![allow(unused, dead_code)]
+
 use e2e_tests::TestClient;
-use parsec_client::core::interface::requests::{Opcode, ProviderID, ResponseStatus};
+use parsec_client::core::interface::requests::{Opcode, ResponseStatus};
 use rand::rngs::OsRng;
 use rsa::{PaddingScheme, PublicKey, RSAPublicKey};
 
@@ -52,6 +54,10 @@ fn simple_asym_encrypt_rsa_pkcs() {
         .unwrap();
 }
 
+// Test is ignored for PKCS11 because the library we use for testing does not support
+// other hash algorithms to be used with OAEP apart from SHA1.
+// See: https://github.com/opendnssec/SoftHSMv2/issues/474
+#[cfg(not(feature = "pkcs11-provider"))]
 #[test]
 fn simple_asym_encrypt_rsa_oaep() {
     let key_name = String::from("simple_asym_encrypt_rsa_oaep");
@@ -73,10 +79,41 @@ fn simple_asym_encrypt_rsa_oaep() {
         .unwrap();
 }
 
-// Test is ignored as TPMs do not support labels that don't end in a 0 byte
+#[cfg(feature = "pkcs11-provider")]
+#[test]
+fn simple_asym_encrypt_rsa_oaep_pkcs11() {
+    let key_name = String::from("simple_asym_encrypt_rsa_oaep_pkcs11");
+    let mut client = TestClient::new();
+
+    if !client.is_operation_supported(Opcode::PsaAsymmetricEncrypt) {
+        return;
+    }
+
+    client
+        .generate_rsa_encryption_keys_rsaoaep_sha1(key_name.clone())
+        .unwrap();
+    let ciphertext = client
+        .asymmetric_encrypt_message_with_rsaoaep_sha1(
+            key_name.clone(),
+            PLAINTEXT_MESSAGE.to_vec(),
+            vec![],
+        )
+        .unwrap();
+
+    let plaintext = client
+        .asymmetric_decrypt_message_with_rsaoaep_sha1(key_name, ciphertext, vec![])
+        .unwrap();
+
+    assert_eq!(&PLAINTEXT_MESSAGE[..], &plaintext[..]);
+}
+
+// Test is ignored for TPMs as they do not support labels that don't end in a 0 byte
 // A resolution for this has not been reached yet, so keeping as is
 // See: https://github.com/parallaxsecond/parsec/issues/217
-#[ignore]
+// Test is ignored for PKCS11 because the library we use for testing does not support
+// other hash algorithms to be used with OAEP apart from SHA1.
+// See: https://github.com/opendnssec/SoftHSMv2/issues/474
+#[cfg(not(any(feature = "pkcs11-provider", feature = "tpm-provider")))]
 #[test]
 fn simple_asym_decrypt_oaep_with_salt() {
     let key_name = String::from("simple_asym_decrypt_oaep_with_salt");
@@ -232,10 +269,13 @@ fn asym_encrypt_verify_decrypt_with_rsa_crate() {
     assert_eq!(&PLAINTEXT_MESSAGE[..], &plaintext[..]);
 }
 
-// Test is ignored as TPMs do not support labels that don't end in a 0 byte
+// Test is ignored for TPMs as they do not support labels that don't end in a 0 byte
 // A resolution for this has not been reached yet, so keeping as is
 // See: https://github.com/parallaxsecond/parsec/issues/217
-#[ignore]
+// Test is ignored for PKCS11 because the library we use for testing does not support
+// other hash algorithms to be used with OAEP apart from SHA1.
+// See: https://github.com/opendnssec/SoftHSMv2/issues/474
+#[cfg(not(any(feature = "pkcs11-provider", feature = "tpm-provider")))]
 #[test]
 fn asym_encrypt_verify_decrypt_with_rsa_crate_oaep() {
     let key_name = String::from("asym_encrypt_verify_decrypt_with_rsa_crate_oaep");
@@ -269,16 +309,16 @@ fn asym_encrypt_verify_decrypt_with_rsa_crate_oaep() {
 }
 
 /// Uses key pair generated online to decrypt a message that has been pre-encrypted
+// PKCS 11 does not support important key pairs
+// TPM does not support importing "general use keys"
+#[cfg(not(any(feature = "pkcs11-provider", feature = "tpm-provider")))]
 #[test]
 fn asym_verify_decrypt_with_internet() {
     let key_name = String::from("asym_derify_decrypt_with_pick");
     let mut client = TestClient::new();
 
     // Check if decrypt is supported
-    // TPM does not support importing "general use keys"
-    if !client.is_operation_supported(Opcode::PsaAsymmetricDecrypt)
-        || client.provider().unwrap() == ProviderID::Tpm
-    {
+    if !client.is_operation_supported(Opcode::PsaAsymmetricDecrypt) {
         return;
     }
 

e2e_tests/tests/per_provider/normal_tests/asym_encryption.rs

@@ -5,6 +5,7 @@ use parsec_client::core::interface::operations::psa_algorithm::*;
 use parsec_client::core::interface::operations::psa_key_attributes::*;
 use parsec_client::core::interface::requests::ResponseStatus;
 use parsec_client::core::interface::requests::Result;
+use rsa::{PaddingScheme, PublicKey, RSAPublicKey};
 use sha2::{Digest, Sha256};
 
 const HASH: [u8; 32] = [
@@ -312,3 +313,27 @@ fn fail_verify_hash2() -> Result<()> {
     assert_eq!(status, ResponseStatus::PsaErrorInvalidSignature);
     Ok(())
 }
+
+#[test]
+fn asym_verify_with_rsa_crate() {
+    let key_name = String::from("asym_verify_with_rsa_crate");
+    let mut client = TestClient::new();
+
+    client.generate_rsa_sign_key(key_name.clone()).unwrap();
+    let pub_key = client.export_public_key(key_name.clone()).unwrap();
+
+    let rsa_pub_key = RSAPublicKey::from_pkcs1(&pub_key).unwrap();
+
+    let mut hasher = Sha256::new();
+    hasher.update(b"Bob wrote this message.");
+    let hash = hasher.finalize().to_vec();
+    let signature = client.sign_with_rsa_sha256(key_name, hash.clone()).unwrap();
+
+    rsa_pub_key
+        .verify(
+            PaddingScheme::new_pkcs1v15_sign(Some(rsa::Hash::SHA2_256)),
+            &hash,
+            &signature,
+        )
+        .unwrap();
+}