Define and implement core crypto fill random buffer trait (Azure#1226)

Federico-Figalli · May 21, 2019 · 67e2745 · 67e2745
1 parent a272069
commit 67e2745
Show file tree

Hide file tree

Showing 4 changed files with 68 additions and 5 deletions.
diff --git a/edgelet/edgelet-core/src/error.rs b/edgelet/edgelet-core/src/error.rs
@@ -75,6 +75,9 @@ pub enum ErrorKind {
     #[fail(display = "Item not found.")]
     KeyStoreItemNotFound,
 
+    #[fail(display = "An error occured when generating a random number.")]
+    MakeRandom,
+
     #[fail(display = "A module runtime error occurred.")]
     ModuleRuntime,
 

diff --git a/edgelet/edgelet-core/src/lib.rs b/edgelet/edgelet-core/src/lib.rs
@@ -24,8 +24,8 @@ pub use authorization::{Authorization, Policy};
 pub use certificate_properties::{CertificateIssuer, CertificateProperties, CertificateType};
 pub use crypto::{
     Certificate, CreateCertificate, Decrypt, Encrypt, GetDeviceIdentityCertificate, GetIssuerAlias,
-    GetTrustBundle, KeyBytes, KeyIdentity, KeyStore, MasterEncryptionKey, PrivateKey, Signature,
-    IOTEDGED_CA_ALIAS,
+    GetTrustBundle, KeyBytes, KeyIdentity, KeyStore, MakeRandom, MasterEncryptionKey, PrivateKey,
+    Signature, IOTEDGED_CA_ALIAS,
 };
 pub use error::{Error, ErrorKind};
 pub use identity::{AuthType, Identity, IdentityManager, IdentityOperation, IdentitySpec};

diff --git a/edgelet/edgelet-hsm/src/crypto.rs b/edgelet/edgelet-hsm/src/crypto.rs
@@ -10,8 +10,8 @@ use edgelet_core::{
     CertificateProperties as CoreCertificateProperties, CreateCertificate as CoreCreateCertificate,
     Decrypt as CoreDecrypt, Encrypt as CoreEncrypt, Error as CoreError, ErrorKind as CoreErrorKind,
     GetIssuerAlias as CoreGetIssuerAlias, GetTrustBundle as CoreGetTrustBundle,
-    KeyBytes as CoreKeyBytes, MasterEncryptionKey as CoreMasterEncryptionKey,
-    PrivateKey as CorePrivateKey,
+    KeyBytes as CoreKeyBytes, MakeRandom as CoreMakeRandom,
+    MasterEncryptionKey as CoreMasterEncryptionKey, PrivateKey as CorePrivateKey,
 };
 pub use hsm::{
     Buffer, Decrypt, Encrypt, GetCertificate as HsmGetCertificate, GetTrustBundle, HsmCertificate,
@@ -20,7 +20,7 @@ pub use hsm::{
 use hsm::{
     CreateCertificate as HsmCreateCertificate,
     CreateMasterEncryptionKey as HsmCreateMasterEncryptionKey, Crypto as HsmCrypto,
-    DestroyMasterEncryptionKey as HsmDestroyMasterEncryptionKey,
+    DestroyMasterEncryptionKey as HsmDestroyMasterEncryptionKey, MakeRandom as HsmMakeRandom,
 };
 
 use crate::certificate_properties::convert_properties;
@@ -171,6 +171,17 @@ impl CoreGetTrustBundle for Crypto {
     }
 }
 
+impl CoreMakeRandom for Crypto {
+    fn get_random_bytes(&self, buffer: &mut [u8]) -> Result<(), CoreError> {
+        let _hsm_lock = self.hsm_lock.0.lock().expect("Acquiring HSM lock failed");
+        self.crypto
+            .get_random_bytes(buffer)
+            .map_err(|err| Error::from(err.context(ErrorKind::Hsm)))
+            .map_err(|err| CoreError::from(err.context(CoreErrorKind::MakeRandom)))?;
+        Ok(())
+    }
+}
+
 #[derive(Debug)]
 pub struct Certificate(HsmCertificate);
 

diff --git a/edgelet/edgelet-hsm/tests/crypto_get_random.rs b/edgelet/edgelet-hsm/tests/crypto_get_random.rs
@@ -0,0 +1,49 @@
+// Copyright (c) Microsoft. All rights reserved.
+
+#![deny(unused_extern_crates, warnings)]
+#![deny(clippy::all, clippy::pedantic)]
+
+use lazy_static::lazy_static;
+use std::sync::Mutex;
+
+use edgelet_core::MakeRandom;
+use edgelet_hsm::{Crypto, HsmLock};
+mod test_utils;
+use test_utils::TestHSMEnvSetup;
+
+lazy_static! {
+    static ref LOCK: Mutex<()> = Mutex::new(());
+}
+
+#[test]
+fn crypto_random_bytes() {
+    // arrange
+    let _setup_home_dir = TestHSMEnvSetup::new(&LOCK, None);
+
+    let hsm_lock = HsmLock::new();
+    let crypto = Crypto::new(hsm_lock).unwrap();
+
+    // act
+    let smz: [u8; 16] = [0; 16];
+    let mut sm1: [u8; 16] = [0; 16];
+    let mut sm2: [u8; 16] = [0; 16];
+    crypto.get_random_bytes(&mut sm1).unwrap();
+    crypto.get_random_bytes(&mut sm2).unwrap();
+    assert_ne!(smz, sm2);
+    assert_ne!(sm1, sm2);
+
+    let medz: [u8; 256] = [0; 256];
+    let mut med: [u8; 256] = [0; 256];
+    crypto.get_random_bytes(&mut med).unwrap();
+    assert!(!medz.iter().eq(med.iter()));
+
+    let lgz: [u8; 1024] = [0; 1024];
+    let mut lg: [u8; 1024] = [0; 1024];
+    crypto.get_random_bytes(&mut lg).unwrap();
+    assert!(!lgz.iter().eq(lg.iter()));
+
+    let xlz: [u8; 4096] = [0; 4096];
+    let mut xl: [u8; 4096] = [0; 4096];
+    crypto.get_random_bytes(&mut xl).unwrap();
+    assert!(!xlz.iter().eq(xl.iter()));
+}