parsec_interface/operations_protobuf/generated_ops/
mod.rs

1// Copyright 2020 Contributors to the Parsec project.
2// SPDX-License-Identifier: Apache-2.0
3
4#![allow(clippy::derive_partial_eq_without_eq)]
5pub mod psa_sign_hash;
6pub mod psa_verify_hash;
7pub mod psa_sign_message;
8pub mod psa_verify_message;
9pub mod psa_asymmetric_encrypt;
10pub mod psa_asymmetric_decrypt;
11pub mod psa_aead_encrypt;
12pub mod psa_aead_decrypt;
13pub mod psa_cipher_encrypt;
14pub mod psa_cipher_decrypt;
15pub mod psa_generate_key;
16pub mod psa_destroy_key;
17pub mod psa_export_public_key;
18pub mod psa_export_key;
19pub mod psa_import_key;
20pub mod list_opcodes;
21pub mod list_providers;
22pub mod list_authenticators;
23pub mod list_keys;
24pub mod list_clients;
25pub mod delete_client;
26pub mod ping;
27pub mod psa_key_attributes;
28pub mod psa_algorithm;
29pub mod psa_generate_random;
30pub mod psa_hash_compute;
31pub mod psa_hash_compare;
32pub mod psa_raw_key_agreement;
33pub mod can_do_crypto;
34pub mod attest_key;
35pub mod prepare_key_attestation;
36
37use zeroize::Zeroize;
38
39use crate::requests::{ResponseStatus, Result};
40use log::error;
41use psa_algorithm::algorithm::{aead::AeadWithDefaultLengthTag, key_agreement::Raw, Cipher, Hash};
42use psa_key_attributes::key_type::{DhFamily, EccFamily};
43use can_do_crypto::CheckType;
44use std::convert::TryFrom;
45
46impl TryFrom<i32> for Cipher {
47    type Error = ResponseStatus;
48    fn try_from(cipher_val: i32) -> Result<Self> {
49        Cipher::from_i32(cipher_val).ok_or_else(|| {
50            error!(
51                "Value {} not supported as a cipher algorithm encoding.",
52                cipher_val
53            );
54            ResponseStatus::InvalidEncoding
55        })
56    }
57}
58
59impl TryFrom<i32> for Hash {
60    type Error = ResponseStatus;
61    fn try_from(hash_val: i32) -> Result<Self> {
62        Hash::from_i32(hash_val).ok_or_else(|| {
63            error!(
64                "Value {} not supported as a hash algorithm encoding.",
65                hash_val
66            );
67            ResponseStatus::InvalidEncoding
68        })
69    }
70}
71
72impl TryFrom<i32> for AeadWithDefaultLengthTag {
73    type Error = ResponseStatus;
74    fn try_from(aead_val: i32) -> Result<Self> {
75        AeadWithDefaultLengthTag::from_i32(aead_val).ok_or_else(|| {
76            error!(
77                "Value {} not supported as an AEAD with default tag length algorithm encoding.",
78                aead_val
79            );
80            ResponseStatus::InvalidEncoding
81        })
82    }
83}
84
85impl TryFrom<i32> for Raw {
86    type Error = ResponseStatus;
87    fn try_from(key_agreement_val: i32) -> Result<Self> {
88        Raw::from_i32(key_agreement_val).ok_or_else(|| {
89            error!(
90                "Value {} not supported as a raw key agreement algorithm encoding.",
91                key_agreement_val
92            );
93            ResponseStatus::InvalidEncoding
94        })
95    }
96}
97
98impl TryFrom<i32> for EccFamily {
99    type Error = ResponseStatus;
100    fn try_from(ecc_family_val: i32) -> Result<Self> {
101        EccFamily::from_i32(ecc_family_val).ok_or_else(|| {
102            error!(
103                "Value {} not supported as an ECC family encoding.",
104                ecc_family_val
105            );
106            ResponseStatus::InvalidEncoding
107        })
108    }
109}
110
111impl TryFrom<i32> for DhFamily {
112    type Error = ResponseStatus;
113    fn try_from(dh_family_val: i32) -> Result<Self> {
114        DhFamily::from_i32(dh_family_val).ok_or_else(|| {
115            error!(
116                "Value {} not supported as a DH family encoding.",
117                dh_family_val
118            );
119            ResponseStatus::InvalidEncoding
120        })
121    }
122}
123
124impl TryFrom<i32> for CheckType {
125    type Error = ResponseStatus;
126    fn try_from(check_type_val: i32) -> Result<Self> {
127        CheckType::from_i32(check_type_val).ok_or_else(|| {
128            error!(
129                "Value {} not supported as a check type.",
130                check_type_val
131            );
132            ResponseStatus::InvalidEncoding
133        })
134    }
135}
136
137pub(super) trait ClearProtoMessage {
138    fn clear_message(&mut self) {}
139}
140
141// Implement a no-op zeroize for types that don't contain sensitive data
142macro_rules! empty_clear_message {
143    ($type:ty) => {
144        impl ClearProtoMessage for $type {
145            fn clear_message(&mut self) {}
146        }
147    };
148}
149
150empty_clear_message!(list_opcodes::Operation);
151empty_clear_message!(list_opcodes::Result);
152empty_clear_message!(list_providers::Operation);
153empty_clear_message!(list_providers::Result);
154empty_clear_message!(list_authenticators::Operation);
155empty_clear_message!(list_authenticators::Result);
156empty_clear_message!(list_keys::Operation);
157empty_clear_message!(list_keys::Result);
158empty_clear_message!(list_clients::Operation);
159empty_clear_message!(list_clients::Result);
160empty_clear_message!(delete_client::Operation);
161empty_clear_message!(delete_client::Result);
162empty_clear_message!(ping::Operation);
163empty_clear_message!(ping::Result);
164empty_clear_message!(psa_destroy_key::Operation);
165empty_clear_message!(psa_destroy_key::Result);
166empty_clear_message!(psa_generate_key::Operation);
167empty_clear_message!(psa_generate_key::Result);
168empty_clear_message!(psa_export_public_key::Operation);
169empty_clear_message!(psa_export_key::Operation);
170empty_clear_message!(psa_import_key::Result);
171empty_clear_message!(psa_verify_hash::Result);
172empty_clear_message!(psa_verify_message::Result);
173empty_clear_message!(psa_generate_random::Operation);
174empty_clear_message!(psa_hash_compare::Result);
175empty_clear_message!(can_do_crypto::Operation);
176empty_clear_message!(can_do_crypto::Result);
177empty_clear_message!(prepare_key_attestation::Operation);
178
179impl ClearProtoMessage for psa_sign_hash::Operation {
180    fn clear_message(&mut self) {
181        self.hash.zeroize();
182    }
183}
184
185impl ClearProtoMessage for psa_sign_hash::Result {
186    fn clear_message(&mut self) {
187        self.signature.zeroize();
188    }
189}
190
191impl ClearProtoMessage for psa_verify_hash::Operation {
192    fn clear_message(&mut self) {
193        self.hash.zeroize();
194        self.signature.zeroize();
195    }
196}
197
198impl ClearProtoMessage for psa_sign_message::Operation {
199    fn clear_message(&mut self) {
200        self.message.zeroize();
201    }
202}
203
204impl ClearProtoMessage for psa_sign_message::Result {
205    fn clear_message(&mut self) {
206        self.signature.zeroize();
207    }
208}
209
210impl ClearProtoMessage for psa_verify_message::Operation {
211    fn clear_message(&mut self) {
212        self.message.zeroize();
213        self.signature.zeroize();
214    }
215}
216
217impl ClearProtoMessage for psa_import_key::Operation {
218    fn clear_message(&mut self) {
219        self.data.zeroize();
220    }
221}
222
223impl ClearProtoMessage for psa_export_public_key::Result {
224    fn clear_message(&mut self) {
225        self.data.zeroize();
226    }
227}
228
229impl ClearProtoMessage for psa_export_key::Result {
230    fn clear_message(&mut self) {
231        self.data.zeroize();
232    }
233}
234
235impl ClearProtoMessage for psa_asymmetric_encrypt::Operation {
236    fn clear_message(&mut self) {
237        self.plaintext.zeroize();
238        self.salt.zeroize();
239    }
240}
241
242impl ClearProtoMessage for psa_asymmetric_decrypt::Operation {
243    fn clear_message(&mut self) {
244        self.salt.zeroize();
245        self.ciphertext.zeroize();
246    }
247}
248
249impl ClearProtoMessage for psa_asymmetric_encrypt::Result {
250    fn clear_message(&mut self) {
251        self.ciphertext.zeroize();
252    }
253}
254
255impl ClearProtoMessage for psa_asymmetric_decrypt::Result {
256    fn clear_message(&mut self) {
257        self.plaintext.zeroize();
258    }
259}
260
261impl ClearProtoMessage for psa_aead_encrypt::Operation {
262    fn clear_message(&mut self) {
263        self.plaintext.zeroize();
264        self.additional_data.zeroize();
265        self.nonce.zeroize();
266    }
267}
268
269impl ClearProtoMessage for psa_aead_decrypt::Operation {
270    fn clear_message(&mut self) {
271        self.additional_data.zeroize();
272        self.nonce.zeroize();
273        self.ciphertext.zeroize();
274    }
275}
276
277impl ClearProtoMessage for psa_aead_encrypt::Result {
278    fn clear_message(&mut self) {
279        self.ciphertext.zeroize();
280    }
281}
282
283impl ClearProtoMessage for psa_aead_decrypt::Result {
284    fn clear_message(&mut self) {
285        self.plaintext.zeroize()
286    }
287}
288
289impl ClearProtoMessage for psa_cipher_encrypt::Operation {
290    fn clear_message(&mut self) {
291        self.plaintext.zeroize();
292    }
293}
294
295impl ClearProtoMessage for psa_cipher_decrypt::Operation {
296    fn clear_message(&mut self) {
297        self.ciphertext.zeroize();
298    }
299}
300
301impl ClearProtoMessage for psa_cipher_encrypt::Result {
302    fn clear_message(&mut self) { self.ciphertext.zeroize(); }
303}
304
305impl ClearProtoMessage for psa_cipher_decrypt::Result {
306    fn clear_message(&mut self) { self.plaintext.zeroize(); }
307}
308
309impl ClearProtoMessage for psa_generate_random::Result {
310    fn clear_message(&mut self) {
311        self.random_bytes.zeroize();
312    }
313}
314
315impl ClearProtoMessage for psa_hash_compute::Operation {
316    fn clear_message(&mut self) {
317        self.input.zeroize();
318    }
319}
320
321impl ClearProtoMessage for psa_hash_compute::Result {
322    fn clear_message(&mut self) {
323        self.hash.zeroize();
324    }
325}
326
327impl ClearProtoMessage for psa_hash_compare::Operation {
328    fn clear_message(&mut self) {
329        self.input.zeroize();
330        self.hash.zeroize();
331    }
332}
333
334impl ClearProtoMessage for psa_raw_key_agreement::Operation {
335    fn clear_message(&mut self) {
336        self.peer_key.zeroize();
337    }
338}
339
340impl ClearProtoMessage for psa_raw_key_agreement::Result {
341    fn clear_message(&mut self) {
342        self.shared_secret.zeroize();
343    }
344}
345
346impl ClearProtoMessage for attest_key::Operation {
347    fn clear_message(&mut self) {
348        if let attest_key::Operation {
349            parameters:
350                Some(attest_key::AttestationMechanismParams {
351                    mechanism:
352                        Some(attest_key::attestation_mechanism_params::Mechanism::ActivateCredential(
353                            attest_key::attestation_mechanism_params::ActivateCredential {
354                                credential_blob,
355                                secret,
356                            },
357                        )),
358                }),
359            ..
360        } = self
361        {
362            credential_blob.zeroize();
363            secret.zeroize();
364        }
365    }
366}
367
368impl ClearProtoMessage for attest_key::Result {
369    fn clear_message(&mut self) {
370        if let attest_key::Result {
371            output:
372                Some(attest_key::AttestationOutput {
373                    mechanism:
374                        Some(attest_key::attestation_output::Mechanism::ActivateCredential(
375                            attest_key::attestation_output::ActivateCredential { credential },
376                        )),
377                }),
378        } = self
379        {
380            credential.zeroize();
381        }
382    }
383}
384
385impl ClearProtoMessage for prepare_key_attestation::Result {
386    fn clear_message(&mut self) {
387        if let prepare_key_attestation::Result { output: Some(prepare_key_attestation::PrepareKeyAttestationOutput {
388                mechanism: Some(prepare_key_attestation::prepare_key_attestation_output::Mechanism::ActivateCredential(
389                    prepare_key_attestation::prepare_key_attestation_output::ActivateCredential {
390                        name, public, attesting_key_pub
391                    }
392                ))
393            })
394            } = self {
395                name.zeroize();
396                public.zeroize();
397                attesting_key_pub.zeroize();
398            }
399    }
400}
401
402#[test]
403fn i32_conversions() {
404    assert_eq!(
405        Cipher::try_from(56).unwrap_err(),
406        ResponseStatus::InvalidEncoding
407    );
408    assert_eq!(
409        Cipher::try_from(-5).unwrap_err(),
410        ResponseStatus::InvalidEncoding
411    );
412    assert_eq!(
413        Hash::try_from(89).unwrap_err(),
414        ResponseStatus::InvalidEncoding
415    );
416    assert_eq!(
417        Hash::try_from(-4).unwrap_err(),
418        ResponseStatus::InvalidEncoding
419    );
420    assert_eq!(
421        EccFamily::try_from(78).unwrap_err(),
422        ResponseStatus::InvalidEncoding
423    );
424}
parsec_interface/operations_protobuf/generated_ops/mod.rs

parsec_interface/operations_protobuf/generated_ops/
mod.rs
