@@ -22,10 +22,12 @@ use parsec_interface::operations::prepare_key_attestation::{
2222use parsec_interface:: operations:: psa_aead_decrypt:: Operation as PsaAeadDecrypt ;
2323use parsec_interface:: operations:: psa_aead_encrypt:: Operation as PsaAeadEncrypt ;
2424use parsec_interface:: operations:: psa_algorithm:: {
25- Aead , AsymmetricEncryption , AsymmetricSignature , Hash , RawKeyAgreement ,
25+ Aead , AsymmetricEncryption , AsymmetricSignature , Cipher , Hash , RawKeyAgreement ,
2626} ;
2727use parsec_interface:: operations:: psa_asymmetric_decrypt:: Operation as PsaAsymDecrypt ;
2828use parsec_interface:: operations:: psa_asymmetric_encrypt:: Operation as PsaAsymEncrypt ;
29+ use parsec_interface:: operations:: psa_cipher_decrypt:: Operation as PsaCipherDecrypt ;
30+ use parsec_interface:: operations:: psa_cipher_encrypt:: Operation as PsaCipherEncrypt ;
2931use parsec_interface:: operations:: psa_destroy_key:: Operation as PsaDestroyKey ;
3032use parsec_interface:: operations:: psa_export_key:: Operation as PsaExportKey ;
3133use parsec_interface:: operations:: psa_export_public_key:: Operation as PsaExportPublicKey ;
@@ -1224,6 +1226,78 @@ impl BasicClient {
12241226 }
12251227 }
12261228
1229+ /// **[Cryptographic Operation]** Encrypt a short message with a symmetric cipher.
1230+ ///
1231+ /// The key intended for encrypting **must** have its `encrypt` flag set
1232+ /// to `true` in its [key policy](https://docs.rs/parsec-interface/*/parsec_interface/operations/psa_key_attributes/struct.Policy.html).
1233+ ///
1234+ /// This function will encrypt a short message with a random initialisation vector (IV).
1235+ pub fn psa_cipher_encrypt (
1236+ & self ,
1237+ key_name : String ,
1238+ alg : Cipher ,
1239+ plaintext : & [ u8 ] ,
1240+ ) -> Result < Vec < u8 > > {
1241+ let crypto_provider = self . can_provide_crypto ( ) ?;
1242+
1243+ let op = PsaCipherEncrypt {
1244+ key_name,
1245+ alg,
1246+ plaintext : plaintext. to_vec ( ) . into ( ) ,
1247+ } ;
1248+
1249+ let res = self . op_client . process_operation (
1250+ NativeOperation :: PsaCipherEncrypt ( op) ,
1251+ crypto_provider,
1252+ & self . auth_data ,
1253+ ) ?;
1254+
1255+ if let NativeResult :: PsaCipherEncrypt ( res) = res {
1256+ Ok ( res. ciphertext . to_vec ( ) )
1257+ } else {
1258+ // Should really not be reached given the checks we do, but it's not impossible if some
1259+ // changes happen in the interface
1260+ Err ( Error :: Client ( ClientErrorKind :: InvalidServiceResponseType ) )
1261+ }
1262+ }
1263+
1264+ /// **[Cryptographic Operation]** Decrypt a short message with a symmetric cipher.
1265+ ///
1266+ /// The key intended for decrypting **must** have its `decrypt` flag set
1267+ /// to `true` in its [key policy](https://docs.rs/parsec-interface/*/parsec_interface/operations/psa_key_attributes/struct.Policy.html).
1268+ ///
1269+ /// `ciphertext` must be the IV followed by the ciphertext.
1270+ ///
1271+ /// This function will decrypt a short message using the provided initialisation vector (IV).
1272+ pub fn psa_cipher_decrypt (
1273+ & self ,
1274+ key_name : String ,
1275+ alg : Cipher ,
1276+ ciphertext : & [ u8 ] ,
1277+ ) -> Result < Vec < u8 > > {
1278+ let crypto_provider = self . can_provide_crypto ( ) ?;
1279+
1280+ let op = PsaCipherDecrypt {
1281+ key_name,
1282+ alg,
1283+ ciphertext : ciphertext. to_vec ( ) . into ( ) ,
1284+ } ;
1285+
1286+ let res = self . op_client . process_operation (
1287+ NativeOperation :: PsaCipherDecrypt ( op) ,
1288+ crypto_provider,
1289+ & self . auth_data ,
1290+ ) ?;
1291+
1292+ if let NativeResult :: PsaCipherDecrypt ( res) = res {
1293+ Ok ( res. plaintext . to_vec ( ) )
1294+ } else {
1295+ // Should really not be reached given the checks we do, but it's not impossible if some
1296+ // changes happen in the interface
1297+ Err ( Error :: Client ( ClientErrorKind :: InvalidServiceResponseType ) )
1298+ }
1299+ }
1300+
12271301 /// **[Cryptographic Operation]** Perform a raw key agreement.
12281302///
12291303/// The provided private key **must** have its `derive` flag set
0 commit comments