Moved setup and drop calls to psa-crypto and removed all references to psa_crypto_binding

Now Parsec calls psa-crypto when initialising and dropping an mbedcrypto provider.
Also Parsec no longer has references for the bdinging to the mbedtls C lib.

Signed-off-by: Samuel Bailey <samuel.bailey@arm.com>

Author: sbailey-arm

e2e_tests/tests/per_provider/normal_tests/asym_sign_verify.rs

@@ -56,7 +56,6 @@ fn asym_verify_fail() -> Result<()> {
     let status = client
         .verify_with_rsa_sha256(key_name, HASH.to_vec(), signature)
         .expect_err("Verification should fail.");
-    dbg!("Status: {}", status);
     if !(status == ResponseStatus::PsaErrorInvalidSignature
         || status == ResponseStatus::PsaErrorCorruptionDetected)
     {

e2e_tests/tests/per_provider/normal_tests/create_destroy_key.rs

@@ -87,14 +87,12 @@ fn create_destroy_twice() -> Result<()> {
 fn generate_public_rsa_check_modulus() -> Result<()> {
     // As stated in the operation page, the public exponent of RSA key pair should be 65537
     // (0x010001).
-    println!("test");
     let mut client = TestClient::new();
-    let key_name = String::from("generate_public_rsa_check_modulus1");
+    let key_name = String::from("generate_public_rsa_check_modulus");
     client.generate_rsa_sign_key(key_name.clone())?;
     let public_key = client.export_public_key(key_name)?;
 
     let public_key: RsaPublicKey = picky_asn1_der::from_bytes(&public_key).unwrap();
-    println!("{:?}", &public_key.public_exponent.as_unsigned_bytes_be()[..]);
     assert_eq!(
         public_key.public_exponent.as_unsigned_bytes_be(),
         [0x01, 0x00, 0x01]

src/providers/mbed_provider/asym_sign.rs

@@ -31,13 +31,18 @@ impl MbedProvider {
             .key_handle_mutex
             .lock()
             .expect("Grabbing key handle mutex failed");
+
+        // Safety:
+        //   * at this point the provider has been instantiated so Mbed Crypto has been initialized
+        //   * self.key_handle_mutex prevents concurrent accesses
+        //   * self.key_slot_semaphore prevents overflowing key slots
+
         let id = key::Id::from_persistent_key_id(key_id);
         let key_attributes = new_key_management::get_key_attributes(id)?;
         let buffer_size = utils::psa_asymmetric_sign_output_size(&key_attributes)?;
         let mut signature = vec![0u8; buffer_size];
         let mut signature_size = 0;
 
-
         match asym_signature::sign_hash(id, alg, &hash, &mut signature)
             {
             Ok(size) => {
@@ -77,6 +82,10 @@ impl MbedProvider {
             .lock()
             .expect("Grabbing key handle mutex failed");
 
+        // Safety:
+        //   * at this point the provider has been instantiated so Mbed Crypto has been initialized
+        //   * self.key_handle_mutex prevents concurrent accesses
+        //   * self.key_slot_semaphore prevents overflowing key slots
         let id = key::Id::from_persistent_key_id(key_id);
         match asym_signature::verify_hash(id, alg, &hash, &signature) {
             Ok(()) => Ok(psa_verify_hash::Result {}),

src/providers/mbed_provider/constants.rs

@@ -1,7 +1,5 @@
 // Copyright 2020 Contributors to the Parsec project.
 // SPDX-License-Identifier: Apache-2.0
-use super::constants::PSA_MAX_PERSISTENT_KEY_IDENTIFIER;
-use super::psa_crypto_binding::psa_key_id_t;
 use super::utils;
 use super::{LocalIdStore, MbedProvider};
 use crate::authenticators::ApplicationName;
@@ -22,7 +20,7 @@ use psa_crypto::types::key;
 pub fn get_key_id(
     key_triple: &KeyTriple,
     store_handle: &dyn ManageKeyInfo,
-) -> Result<psa_key_id_t> {
+) -> Result<key::key_id_type> {
     match store_handle.get(key_triple) {
         Ok(Some(key_info)) => {
             if key_info.id.len() == 4 {
@@ -45,13 +43,13 @@ fn create_key_id(
     key_attributes: Attributes,
     store_handle: &mut dyn ManageKeyInfo,
     local_ids_handle: &mut LocalIdStore,
-) -> Result<psa_key_id_t> {
-    let mut key_id = rand::random::<psa_key_id_t>();
+) -> Result<key::key_id_type> {
+    let mut key_id = rand::random::<key::key_id_type>();
     while local_ids_handle.contains(&key_id)
         || key_id == 0
-        || key_id > PSA_MAX_PERSISTENT_KEY_IDENTIFIER
+        || key_id > key::PSA_MAX_PERSISTENT_KEY_IDENTIFIER
     {
-        key_id = rand::random::<psa_key_id_t>();
+        key_id = rand::random::<key::key_id_type>();
     }
     let key_info = KeyInfo {
         id: key_id.to_ne_bytes().to_vec(),
@@ -72,7 +70,7 @@ fn create_key_id(
 
 fn remove_key_id(
     key_triple: &KeyTriple,
-    key_id: psa_key_id_t,
+    key_id: key::key_id_type,
     store_handle: &mut dyn ManageKeyInfo,
     local_ids_handle: &mut LocalIdStore,
 ) -> Result<()> {
@@ -122,14 +120,12 @@ impl MbedProvider {
             .lock()
             .expect("Grabbing key handle mutex failed");
 
-        psa_crypto::init()?;
         // Safety:
         //   * at this point the provider has been instantiated so Mbed Crypto has been initialized
         //   * self.key_handle_mutex prevents concurrent accesses
         //   * self.key_slot_semaphore prevents overflowing key slots
         match new_key_management::generate(key_attributes, Some(key_id)) {
-            Ok(()) => Ok(psa_generate_key::Result {}),
-
+            Ok(_) => Ok(psa_generate_key::Result {}),
             Err(error) => {
                 remove_key_id(
                     &key_triple,
@@ -180,8 +176,7 @@ impl MbedProvider {
         //   * self.key_handle_mutex prevents concurrent accesses
         //   * self.key_slot_semaphore prevents overflowing key slots
         match new_key_management::import(key_attributes, Some(key_id), &key_data[..]) {
-            Ok(()) => Ok(psa_import_key::Result {}),
-
+            Ok(_) => Ok(psa_import_key::Result {}),
             Err(error) => {
                 remove_key_id(
                     &key_triple,
@@ -213,8 +208,6 @@ impl MbedProvider {
             .lock()
             .expect("Grabbing key handle mutex failed");
 
-        psa_crypto::init()?;
-
         // Safety:
         //   * at this point the provider has been instantiated so Mbed Crypto has been initialized
         //   * self.key_handle_mutex prevents concurrent accesses
@@ -252,7 +245,6 @@ impl MbedProvider {
             .lock()
             .expect("Grabbing key handle mutex failed");
         let destroy_key_status;
-        psa_crypto::init()?;
 
         // Safety:
         //   * at this point the provider has been instantiated so Mbed Crypto has been initialized

src/providers/mbed_provider/key_management.rs

@@ -3,20 +3,19 @@
 use super::Provide;
 use crate::authenticators::ApplicationName;
 use crate::key_info_managers::{KeyTriple, ManageKeyInfo};
-use constants::PSA_SUCCESS;
 use derivative::Derivative;
 use log::{error, trace};
 use parsec_interface::operations::list_providers::ProviderInfo;
 use parsec_interface::operations::{
     psa_destroy_key, psa_export_public_key, psa_generate_key, psa_import_key, psa_sign_hash,
     psa_verify_hash,
 };
+use psa_crypto::types::{status, key};
 use parsec_interface::requests::{Opcode, ProviderID, ResponseStatus, Result};
 use std::collections::HashSet;
 use std::io::{Error, ErrorKind};
 use std::sync::{Arc, Mutex, RwLock};
 use std_semaphore::Semaphore;
-use utils::KeyHandle;
 use uuid::Uuid;
 
 #[allow(
@@ -27,17 +26,13 @@ use uuid::Uuid;
     trivial_casts
 )]
 #[allow(clippy::all)]
-mod psa_crypto_binding {
-    include!(concat!(env!("OUT_DIR"), "/psa_crypto_bindings.rs"));
-}
 
 mod asym_sign;
 #[allow(dead_code)]
-mod constants;
 mod key_management;
 mod utils;
 
-type LocalIdStore = HashSet<psa_key_id_t>;
+type LocalIdStore = HashSet<key::key_id_type>;
 
 const SUPPORTED_OPCODES: [Opcode; 6] = [
     Opcode::PsaGenerateKey,
@@ -79,15 +74,15 @@ impl MbedProvider {
     fn new(key_info_store: Arc<RwLock<dyn ManageKeyInfo + Send + Sync>>) -> Option<MbedProvider> {
         // Safety: this function should be called before any of the other Mbed Crypto functions
         // are.
-        if unsafe { psa_crypto_binding::psa_crypto_init() } != PSA_SUCCESS {
+        if psa_crypto::init().is_err() {
             error!("Error when initialising Mbed Crypto");
             return None;
         }
         let mbed_provider = MbedProvider {
             key_info_store,
             local_ids: RwLock::new(HashSet::new()),
             key_handle_mutex: Mutex::new(()),
-            key_slot_semaphore: Semaphore::new(constants::PSA_KEY_SLOT_COUNT),
+            key_slot_semaphore: Semaphore::new(key::PSA_KEY_SLOT_COUNT),
         };
         {
             // The local scope allows to drop store_handle and local_ids_handle in order to return
@@ -106,6 +101,11 @@ impl MbedProvider {
             // Delete those who are not present and add to the local_store the ones present.
             match store_handle.get_all(ProviderID::MbedCrypto) {
                 Ok(key_triples) => {
+                    if let Err(error) = psa_crypto::init() {
+                        error!("Error {} when initialising Mbed Crypto library.", error);
+                        return None;
+                    }
+
                     for key_triple in key_triples.iter().cloned() {
                         let key_id = match key_management::get_key_id(key_triple, &*store_handle) {
                             Ok(key_id) => key_id,
@@ -119,11 +119,12 @@ impl MbedProvider {
                         // Safety: safe because:
                         // * the Mbed Crypto library has been initialized
                         // * this code is executed only by the main thread
-                        match unsafe { KeyHandle::open(key_id) } {
+                        let pc_key_id = key::Id::from_persistent_key_id(key_id);
+                        match psa_crypto::operations::key_management::get_key_attributes(pc_key_id) {
                             Ok(_) => {
                                 let _ = local_ids_handle.insert(key_id);
                             }
-                            Err(ResponseStatus::PsaErrorDoesNotExist) => {
+                            Err(status::Error::DoesNotExist) => {
                                 to_remove.push(key_triple.clone())
                             }
                             Err(e) => {
@@ -223,9 +224,7 @@ impl Provide for MbedProvider {
 impl Drop for MbedProvider {
     fn drop(&mut self) {
         // Safety: the Provider was initialized with psa_crypto_init
-        unsafe {
-            psa_crypto_binding::mbedtls_psa_crypto_free();
-        }
+        psa_crypto::drop();
     }
 }