Merge pull request project-chip#49 from nevi-me/crypto/rustcrypto

RustCrypto backed crypto

Author: kedars

.github/workflows/test-linux-rustcrypto.yml

@@ -0,0 +1,22 @@
+name: Test-Linux-RustCrypto
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  build_and_test:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Build
+      run: cd matter; cargo build --verbose --no-default-features --features crypto_rustcrypto
+    - name: Run tests
+      run: cd matter; cargo test --verbose --no-default-features --features crypto_rustcrypto -- --test-threads=1

matter/Cargo.toml

@@ -19,6 +19,7 @@ default = ["crypto_mbedtls"]
 crypto_openssl = ["openssl", "foreign-types", "hmac", "sha2"]
 crypto_mbedtls = ["mbedtls"]
 crypto_esp_mbedtls = ["esp-idf-sys"]
+crypto_rustcrypto = ["sha2", "hmac", "pbkdf2", "hkdf", "aes", "ccm", "p256", "elliptic-curve", "crypto-bigint", "x509-cert"]
 
 [dependencies]
 boxslab = { path = "../boxslab" }
@@ -34,11 +35,6 @@ log = { version = "0.4.17", features = ["max_level_debug", "release_max_level_de
 env_logger = "0.10.0"
 rand = "0.8.5"
 esp-idf-sys = { version = "0.32", features = ["binstart"], optional = true }
-openssl = { git = "https://github.com/sfackler/rust-openssl", optional = true }
-foreign-types = { version = "0.3.2", optional = true }
-sha2 = { version = "0.9.9", optional = true }
-hmac = { version = "0.11.0", optional = true }
-mbedtls = { git = "https://github.com/fortanix/rust-mbedtls", optional = true }
 subtle = "2.4.1"
 colored = "2.0.0"
 smol = "1.3.0"
@@ -47,6 +43,22 @@ safemem = "0.3.3"
 chrono = { version = "0.4.23", default-features = false, features = ["clock", "std"] }
 async-channel = "1.8"
 
+# crypto
+openssl = { git = "https://github.com/sfackler/rust-openssl", optional = true }
+foreign-types = { version = "0.3.2", optional = true }
+mbedtls = { git = "https://github.com/fortanix/rust-mbedtls", optional = true }
+sha2 = { version = "0.10", default-features = false, optional = true }
+hmac = { version = "0.12", optional = true }
+pbkdf2 = { version = "0.12", optional = true }
+hkdf = { version = "0.12", optional = true }
+aes = { version = "0.8", optional = true }
+ccm = { version = "0.5", default-features = false, features = ["alloc"], optional = true }
+p256 = { version = "0.13.0", default-features = false, features = ["arithmetic", "ecdh", "ecdsa"], optional = true }
+elliptic-curve = { version = "0.13.2", optional = true }
+crypto-bigint = { version = "0.4", default-features = false, optional = true }
+# Note: requires std
+x509-cert = { version = "0.2.0", default-features = false, features = ["pem", "std"], optional = true }
+
 # to compute the check digit
 verhoeff = "1"
 

matter/src/crypto/crypto_openssl.rs

@@ -39,7 +39,7 @@ use openssl::x509::{X509NameBuilder, X509ReqBuilder, X509};
 // We directly use the hmac crate here, there was a self-referential structure
 // problem while using OpenSSL's Signer
 // TODO: Use proper OpenSSL method for this
-use hmac::{Hmac, Mac, NewMac};
+use hmac::{Hmac, Mac};
 pub struct HmacSha256 {
     ctx: Hmac<sha2::Sha256>,
 }