Add import and export support for ECC for PKCS11

e2e_tests/tests/all_providers/config/mod.rs

@@ -103,6 +103,32 @@ fn pkcs11_verify_software() {
         .unwrap();
 }
 
+#[cfg(feature = "pkcs11-provider")]
+#[test]
+fn pkcs11_verify_software_ecc() {
+    use sha2::{Digest, Sha256};
+    set_config("pkcs11_software.toml");
+    reload_service();
+
+    let mut client = TestClient::new();
+    let key_name = String::from("pkcs11_verify_software_ecc");
+
+    let mut hasher = Sha256::new();
+    hasher.update(b"Bob wrote this message.");
+    let hash = hasher.finalize().to_vec();
+
+    client
+        .generate_ecc_key_pair_secpr1_ecdsa_sha256(key_name.clone())
+        .unwrap();
+
+    let signature = client
+        .sign_with_ecdsa_sha256(key_name.clone(), hash.clone())
+        .unwrap();
+    client
+        .verify_with_ecdsa_sha256(key_name, hash, signature)
+        .unwrap();
+}
+
 #[cfg(feature = "pkcs11-provider")]
 #[test]
 fn pkcs11_encrypt_software() {

e2e_tests/tests/all_providers/cross.rs

@@ -13,7 +13,7 @@ const PLAINTEXT_MESSAGE: [u8; 32] = [
     0x94, 0x8E, 0x92, 0x50, 0x35, 0xC2, 0x8C, 0x5C, 0x3C, 0xCA, 0xFE, 0x18, 0xE8, 0x81, 0x37, 0x78,
 ];
 
-fn setup_sign(provider: ProviderId, key_name: String) -> Result<(TestClient, Vec<u8>, Vec<u8>)> {
+fn setup_sign(provider: ProviderId, key_name: String) -> (TestClient, Vec<u8>, Vec<u8>) {
     let mut client = TestClient::new();
     client.set_provider(provider);
     client.generate_rsa_sign_key(key_name.clone()).unwrap();
@@ -24,10 +24,26 @@ fn setup_sign(provider: ProviderId, key_name: String) -> Result<(TestClient, Vec
 
     let pub_key = client.export_public_key(key_name).unwrap();
 
-    Ok((client, pub_key, signature))
+    (client, pub_key, signature)
 }
 
-fn setup_asym_encr(provider: ProviderId, key_name: String) -> Result<(TestClient, Vec<u8>)> {
+fn setup_sign_ecc(provider: ProviderId, key_name: String) -> (TestClient, Vec<u8>, Vec<u8>) {
+    let mut client = TestClient::new();
+    client.set_provider(provider);
+    client
+        .generate_ecc_key_pair_secpr1_ecdsa_sha256(key_name.clone())
+        .unwrap();
+
+    let signature = client
+        .sign_with_ecdsa_sha256(key_name.clone(), HASH.to_vec())
+        .unwrap();
+
+    let pub_key = client.export_public_key(key_name).unwrap();
+
+    (client, pub_key, signature)
+}
+
+fn setup_asym_encr(provider: ProviderId, key_name: String) -> (TestClient, Vec<u8>) {
     let mut client = TestClient::new();
     client.set_provider(provider);
     client
@@ -36,7 +52,7 @@ fn setup_asym_encr(provider: ProviderId, key_name: String) -> Result<(TestClient
 
     let pub_key = client.export_public_key(key_name).unwrap();
 
-    Ok((client, pub_key))
+    (client, pub_key)
 }
 
 fn import_and_verify(
@@ -55,6 +71,22 @@ fn import_and_verify(
         .unwrap();
 }
 
+fn import_and_verify_ecc(
+    client: &mut TestClient,
+    provider: ProviderId,
+    key_name: String,
+    pub_key: Vec<u8>,
+    signature: Vec<u8>,
+) {
+    client.set_provider(provider);
+    client
+        .import_ecc_public_secp_r1_ecdsa_sha256_key(key_name.clone(), pub_key)
+        .unwrap();
+    client
+        .verify_with_ecdsa_sha256(key_name, HASH.to_vec(), signature)
+        .unwrap();
+}
+
 fn import_and_encrypt(
     client: &mut TestClient,
     provider: ProviderId,
@@ -81,7 +113,7 @@ fn verify_encrypt(
 #[test]
 fn tpm_sign_cross() {
     let key_name = String::from("tpm_sign_cross");
-    let (mut client, pub_key, signature) = setup_sign(ProviderId::Tpm, key_name.clone()).unwrap();
+    let (mut client, pub_key, signature) = setup_sign(ProviderId::Tpm, key_name.clone());
 
     // Mbed Crypto
     import_and_verify(
@@ -102,11 +134,34 @@ fn tpm_sign_cross() {
     );
 }
 
+#[test]
+fn tpm_sign_cross_ecc() {
+    let key_name = String::from("tpm_sign_cross_ecc");
+    let (mut client, pub_key, signature) = setup_sign_ecc(ProviderId::Tpm, key_name.clone());
+
+    // Mbed Crypto
+    import_and_verify_ecc(
+        &mut client,
+        ProviderId::MbedCrypto,
+        key_name.clone(),
+        pub_key.clone(),
+        signature.clone(),
+    );
+
+    // PKCS11
+    import_and_verify_ecc(
+        &mut client,
+        ProviderId::Pkcs11,
+        key_name,
+        pub_key,
+        signature,
+    );
+}
+
 #[test]
 fn pkcs11_sign_cross() {
     let key_name = String::from("pkcs11_sign_cross");
-    let (mut client, pub_key, signature) =
-        setup_sign(ProviderId::Pkcs11, key_name.clone()).unwrap();
+    let (mut client, pub_key, signature) = setup_sign(ProviderId::Pkcs11, key_name.clone());
 
     // Mbed Crypto
     import_and_verify(
@@ -121,11 +176,25 @@ fn pkcs11_sign_cross() {
     import_and_verify(&mut client, ProviderId::Tpm, key_name, pub_key, signature);
 }
 
+#[test]
+fn pkcs11_sign_cross_ecc() {
+    let key_name = String::from("pkcs11_sign_cross_ecc");
+    let (mut client, pub_key, signature) = setup_sign_ecc(ProviderId::Pkcs11, key_name.clone());
+
+    // Mbed Crypto
+    import_and_verify_ecc(
+        &mut client,
+        ProviderId::MbedCrypto,
+        key_name.clone(),
+        pub_key.clone(),
+        signature.clone(),
+    );
+}
+
 #[test]
 fn mbed_crypto_sign_cross() {
     let key_name = String::from("mbed_crypto_sign_cross");
-    let (mut client, pub_key, signature) =
-        setup_sign(ProviderId::MbedCrypto, key_name.clone()).unwrap();
+    let (mut client, pub_key, signature) = setup_sign(ProviderId::MbedCrypto, key_name.clone());
 
     // Mbed Crypto
     import_and_verify(
@@ -140,10 +209,25 @@ fn mbed_crypto_sign_cross() {
     import_and_verify(&mut client, ProviderId::Tpm, key_name, pub_key, signature);
 }
 
+#[test]
+fn mbed_crypto_sign_cross_ecc() {
+    let key_name = String::from("mbed_crypto_sign_cross_ecc");
+    let (mut client, pub_key, signature) = setup_sign_ecc(ProviderId::MbedCrypto, key_name.clone());
+
+    // Mbed Crypto
+    import_and_verify_ecc(
+        &mut client,
+        ProviderId::Pkcs11,
+        key_name.clone(),
+        pub_key.clone(),
+        signature.clone(),
+    );
+}
+
 #[test]
 fn tpm_asym_encr_cross() {
     let key_name = String::from("tpm_asym_encr_cross");
-    let (mut client, pub_key) = setup_asym_encr(ProviderId::Tpm, key_name.clone()).unwrap();
+    let (mut client, pub_key) = setup_asym_encr(ProviderId::Tpm, key_name.clone());
 
     // Mbed Crypto
     let ciphertext = import_and_encrypt(
@@ -169,7 +253,7 @@ fn tpm_asym_encr_cross() {
 #[test]
 fn pkcs11_asym_encr_cross() {
     let key_name = String::from("pkcs11_asym_encr_cross");
-    let (mut client, pub_key) = setup_asym_encr(ProviderId::Pkcs11, key_name.clone()).unwrap();
+    let (mut client, pub_key) = setup_asym_encr(ProviderId::Pkcs11, key_name.clone());
 
     // Mbed Crypto
     let ciphertext = import_and_encrypt(
@@ -200,7 +284,7 @@ fn pkcs11_asym_encr_cross() {
 #[test]
 fn mbed_crypto_asym_encr_cross() {
     let key_name = String::from("mbed_crypto_asym_encr_cross");
-    let (mut client, pub_key) = setup_asym_encr(ProviderId::MbedCrypto, key_name.clone()).unwrap();
+    let (mut client, pub_key) = setup_asym_encr(ProviderId::MbedCrypto, key_name.clone());
 
     // Pkcs11
     let ciphertext = import_and_encrypt(

e2e_tests/tests/per_provider/normal_tests/asym_sign_verify.rs

@@ -767,15 +767,15 @@ fn verify_with_ring() {
     let pub_key = client.export_public_key(key_name.clone()).unwrap();
 
     let mut hasher = Sha256::new();
-    hasher.update(message.clone());
+    hasher.update(message);
     let hash = hasher.finalize().to_vec();
     let signature = client.sign_with_rsa_sha256(key_name, hash.clone()).unwrap();
 
     let pk = UnparsedPublicKey::new(&signature::RSA_PKCS1_2048_8192_SHA256, pub_key);
     pk.verify(message, &signature).unwrap();
 }
 
-#[cfg(not(any(feature = "cryptoauthlib-provider", feature = "pkcs11-provider")))]
+#[cfg(not(feature = "cryptoauthlib-provider"))]
 #[test]
 fn verify_ecc_with_ring() {
     use ring::signature::{self, UnparsedPublicKey};
@@ -790,7 +790,7 @@ fn verify_ecc_with_ring() {
     let pub_key = client.export_public_key(key_name.clone()).unwrap();
 
     let mut hasher = Sha256::new();
-    hasher.update(message.clone());
+    hasher.update(message);
     let hash = hasher.finalize().to_vec();
     let signature = client
         .sign_with_ecdsa_sha256(key_name, hash.clone())

e2e_tests/tests/per_provider/normal_tests/export_key.rs

@@ -1,15 +1,13 @@
 // Copyright 2019 Contributors to the Parsec project.
 // SPDX-License-Identifier: Apache-2.0
-#[cfg(any(feature = "mbed-crypto-provider", feature = "cryptoauthlib-provider"))]
+#![allow(unused_imports, unused)]
 use crate::per_provider::normal_tests::import_key::ECC_PUBLIC_KEY;
 use e2e_tests::TestClient;
 use parsec_client::core::interface::operations::psa_algorithm::*;
 use parsec_client::core::interface::operations::psa_key_attributes::*;
 use parsec_client::core::interface::requests::Result;
 use parsec_client::core::interface::requests::{Opcode, ResponseStatus};
-#[cfg(not(feature = "cryptoauthlib-provider"))]
 use picky_asn1_x509::{RsaPrivateKey, RsaPublicKey};
-#[cfg(not(feature = "cryptoauthlib-provider"))]
 const PRIVATE_KEY: &str = "MIICWwIBAAKBgQCd+EKeRmZCKLmg7LasWqpKA9/01linY75ujilf6v/Kb8UP9r/E\
 cO75Pvi2YPnYhBadmVOVxMOqS2zmKm1a9VTegT8dN9Unf2s2KbKrKXupaQTXcrGG\
 SB/BmHeWeiqidEMw7i9ysjHK4KEuacmYmZpvKAnNWMyvQgjGgGNpsNzqawIDAQAB\
@@ -130,7 +128,7 @@ fn import_and_export_ecc_public_key_by_export_key_fn() -> Result<()> {
         return Ok(());
     }
 
-    let key_name = String::from("import_and_export_ecc_public_key");
+    let key_name = String::from("import_and_export_ecc_public_key_by_export_key_fn");
     client.import_key(
         key_name.clone(),
         Attributes {
@@ -466,4 +464,4 @@ fn export_rsa_private_key_matches_import() {
         .unwrap();
     let exported_key = client.export_key(key_name).unwrap();
     assert_eq!(decoded_key, exported_key);
-}
+}