parsec-service 1.5.0

A language-agnostic API to secure services in a platform-agnostic way
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

// Copyright 2021 Contributors to the Parsec project.
// SPDX-License-Identifier: Apache-2.0
use super::Provider;
use log::error;
use parsec_interface::operations::psa_algorithm::Hash;
use parsec_interface::operations::psa_hash_compare;
use parsec_interface::operations::psa_hash_compute;
use parsec_interface::requests::{ResponseStatus, Result};

impl Provider {
    /// Calculate SHA2-256 digest for a given message using CALib.
    /// Ensure proper return value type.
    pub fn sha256(&self, msg: &[u8]) -> Result<psa_hash_compute::Result> {
        let mut hash = vec![0u8; rust_cryptoauthlib::ATCA_SHA2_256_DIGEST_SIZE];
        let result = self.device.sha(msg.to_vec(), &mut hash);
        match result {
            rust_cryptoauthlib::AtcaStatus::AtcaSuccess => {
                Ok(psa_hash_compute::Result { hash: hash.into() })
            }
            _ => {
                error!("Hash compute failed, hardware reported: {}.", result);
                Err(ResponseStatus::PsaErrorHardwareFailure)
            }
        }
    }

    pub(super) fn psa_hash_compute_internal(
        &self,
        op: psa_hash_compute::Operation,
    ) -> Result<psa_hash_compute::Result> {
        match op.alg {
            Hash::Sha256 => self.sha256(&op.input),
            _ => Err(ResponseStatus::PsaErrorNotSupported),
        }
    }

    pub(super) fn psa_hash_compare_internal(
        &self,
        op: psa_hash_compare::Operation,
    ) -> Result<psa_hash_compare::Result> {
        // check hash length
        if op.hash.len() != Hash::Sha256.hash_length() {
            error!("Invalid input hash length.");
            return Err(ResponseStatus::PsaErrorInvalidArgument);
        }
        match op.alg {
            Hash::Sha256 => {
                // compute hash
                let hash = self.sha256(&op.input)?.hash;
                // compare input vs. computed hash
                if op.hash != hash {
                    error!("Hash comparison failed.");
                    Err(ResponseStatus::PsaErrorInvalidSignature)
                } else {
                    Ok(psa_hash_compare::Result)
                }
            }
            _ => Err(ResponseStatus::PsaErrorNotSupported),
        }
    }
}