@@ -159,7 +159,37 @@ impl TestClient {
159159 verify_hash : true ,
160160 sign_message : true ,
161161 verify_message : true ,
162- export : true ,
162+ export : false ,
163+ encrypt : false ,
164+ decrypt : false ,
165+ cache : false ,
166+ copy : false ,
167+ derive : false ,
168+ } ,
169+ permitted_algorithms : Algorithm :: AsymmetricSignature (
170+ AsymmetricSignature :: RsaPkcs1v15Sign {
171+ hash_alg : Hash :: Sha256 . into ( ) ,
172+ } ,
173+ ) ,
174+ } ,
175+ } ,
176+ )
177+ }
178+
179+ pub fn generate_long_rsa_sign_key ( & mut self , key_name : String ) -> Result < ( ) > {
180+ self . generate_key (
181+ key_name,
182+ Attributes {
183+ lifetime : Lifetime :: Persistent ,
184+ key_type : Type :: RsaKeyPair ,
185+ bits : 2048 ,
186+ policy : Policy {
187+ usage_flags : UsageFlags {
188+ sign_hash : true ,
189+ verify_hash : true ,
190+ sign_message : true ,
191+ verify_message : true ,
192+ export : false ,
163193 encrypt : false ,
164194 decrypt : false ,
165195 cache : false ,
@@ -192,7 +222,7 @@ impl TestClient {
192222 verify_hash : false ,
193223 sign_message : false ,
194224 verify_message : false ,
195- export : true ,
225+ export : false ,
196226 encrypt : true ,
197227 decrypt : true ,
198228 cache : false ,
@@ -218,7 +248,7 @@ impl TestClient {
218248 verify_hash : false ,
219249 sign_message : false ,
220250 verify_message : false ,
221- export : true ,
251+ export : false ,
222252 encrypt : true ,
223253 decrypt : true ,
224254 cache : false ,
@@ -247,7 +277,7 @@ impl TestClient {
247277 verify_hash : false ,
248278 sign_message : false ,
249279 verify_message : false ,
250- export : true ,
280+ export : false ,
251281 encrypt : true ,
252282 decrypt : true ,
253283 cache : false ,
@@ -277,7 +307,7 @@ impl TestClient {
277307 verify_hash : false ,
278308 sign_message : false ,
279309 verify_message : false ,
280- export : true ,
310+ export : false ,
281311 encrypt : true ,
282312 decrypt : true ,
283313 cache : false ,
@@ -308,10 +338,10 @@ impl TestClient {
308338 policy : Policy {
309339 usage_flags : UsageFlags {
310340 sign_hash : true ,
311- verify_hash : false ,
341+ verify_hash : true ,
312342 sign_message : true ,
313343 verify_message : false ,
314- export : true ,
344+ export : false ,
315345 encrypt : false ,
316346 decrypt : false ,
317347 cache : false ,
@@ -327,6 +357,37 @@ impl TestClient {
327357 )
328358 }
329359
360+ pub fn generate_ecc_key_pair_secpr1_ecdsa_sha256 ( & mut self , key_name : String ) -> Result < ( ) > {
361+ self . generate_key (
362+ key_name,
363+ Attributes {
364+ lifetime : Lifetime :: Persistent ,
365+ key_type : Type :: EccKeyPair {
366+ curve_family : EccFamily :: SecpR1 ,
367+ } ,
368+ bits : 256 ,
369+ policy : Policy {
370+ usage_flags : UsageFlags {
371+ sign_hash : true ,
372+ verify_hash : true ,
373+ sign_message : true ,
374+ verify_message : true ,
375+ export : false ,
376+ encrypt : false ,
377+ decrypt : false ,
378+ cache : false ,
379+ copy : false ,
380+ derive : false ,
381+ } ,
382+ permitted_algorithms : AsymmetricSignature :: Ecdsa {
383+ hash_alg : Hash :: Sha256 . into ( ) ,
384+ }
385+ . into ( ) ,
386+ } ,
387+ } ,
388+ )
389+ }
390+
330391 /// Import ECC key pair with secp R1 curve family.
331392/// The key can only be used for key agreement with Ecdh algorithm.
332393pub fn generate_ecc_pair_secp_r1_key ( & mut self , key_name : String ) -> Result < ( ) > {
@@ -381,13 +442,44 @@ impl TestClient {
381442 lifetime : Lifetime :: Persistent ,
382443 key_type : Type :: RsaKeyPair ,
383444 bits : 1024 ,
445+ policy : Policy {
446+ usage_flags : UsageFlags {
447+ sign_hash : false ,
448+ verify_hash : false ,
449+ sign_message : false ,
450+ verify_message : false ,
451+ export : false ,
452+ encrypt : true ,
453+ decrypt : true ,
454+ cache : false ,
455+ copy : false ,
456+ derive : false ,
457+ } ,
458+ permitted_algorithms : AsymmetricEncryption :: RsaPkcs1v15Crypt . into ( ) ,
459+ } ,
460+ } ,
461+ data,
462+ )
463+ }
464+
465+ pub fn import_rsa_public_key_for_encryption (
466+ & mut self ,
467+ key_name : String ,
468+ data : Vec < u8 > ,
469+ ) -> Result < ( ) > {
470+ self . import_key (
471+ key_name,
472+ Attributes {
473+ lifetime : Lifetime :: Persistent ,
474+ key_type : Type :: RsaPublicKey ,
475+ bits : 1024 ,
384476 policy : Policy {
385477 usage_flags : UsageFlags {
386478 sign_hash : false ,
387479 verify_hash : false ,
388480 sign_message : false ,
389481 verify_message : true ,
390- export : true ,
482+ export : false ,
391483 encrypt : true ,
392484 decrypt : true ,
393485 cache : false ,
@@ -563,6 +655,17 @@ impl TestClient {
563655 )
564656 }
565657
658+ /// Signs a short digest with an ECDSA key.
659+ pub fn sign_with_ecdsa_sha256 ( & mut self , key_name : String , hash : Vec < u8 > ) -> Result < Vec < u8 > > {
660+ self . sign (
661+ key_name,
662+ AsymmetricSignature :: Ecdsa {
663+ hash_alg : Hash :: Sha256 . into ( ) ,
664+ } ,
665+ hash,
666+ )
667+ }
668+
566669 /// Verifies a signature.
567670pub fn verify (
568671 & mut self ,
@@ -593,6 +696,23 @@ impl TestClient {
593696 )
594697 }
595698
699+ /// Verifies a signature made with an ECDSA key.
700+ pub fn verify_with_ecdsa_sha256 (
701+ & mut self ,
702+ key_name : String ,
703+ hash : Vec < u8 > ,
704+ signature : Vec < u8 > ,
705+ ) -> Result < ( ) > {
706+ self . verify (
707+ key_name,
708+ AsymmetricSignature :: Ecdsa {
709+ hash_alg : Hash :: Sha256 . into ( ) ,
710+ } ,
711+ hash,
712+ signature,
713+ )
714+ }
715+
596716 pub fn asymmetric_encrypt_message_with_rsapkcs1v15 (
597717 & mut self ,
598718 key_name : String ,
0 commit comments