From c3df02d40ca5bf295439436163992b12e03ae2e6 Mon Sep 17 00:00:00 2001
From: Edmund Grimley Evans <edmund.grimley-evans@arm.com>
Date: Wed, 22 Dec 2021 11:40:15 +0000
Subject: [PATCH 1/2] psa-crypto/src/types/key.rs: rustfmt

Signed-off-by: Edmund Grimley Evans <edmund.grimley-evans@arm.com>
---
 psa-crypto/src/types/key.rs | 22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)

diff --git a/psa-crypto/src/types/key.rs b/psa-crypto/src/types/key.rs
index 5d011d9..696238a 100644
--- a/psa-crypto/src/types/key.rs
+++ b/psa-crypto/src/types/key.rs
@@ -246,9 +246,7 @@ impl Attributes {
         match self.key_type {
             Type::RawData => false,
             Type::Hmac => alg.is_hmac(),
-            Type::Derive => {
-                matches!(alg, Algorithm::KeyDerivation(_))
-            }
+            Type::Derive => matches!(alg, Algorithm::KeyDerivation(_)),
             Type::Aes | Type::Camellia => {
                 if let Algorithm::Mac(mac_alg) = alg {
                     mac_alg.is_block_cipher_needed()
@@ -295,16 +293,14 @@ impl Attributes {
                 Algorithm::AsymmetricSignature(sign_alg) => sign_alg.is_ecc_alg(),
                 _ => false,
             },
-            Type::DhKeyPair { .. } | Type::DhPublicKey { .. } => {
-                matches!(
-                    alg,
-                    Algorithm::KeyAgreement(KeyAgreement::Raw(RawKeyAgreement::Ffdh))
-                        | Algorithm::KeyAgreement(KeyAgreement::WithKeyDerivation {
-                            ka_alg: RawKeyAgreement::Ffdh,
-                            ..
-                        })
-                )
-            }
+            Type::DhKeyPair { .. } | Type::DhPublicKey { .. } => matches!(
+                alg,
+                Algorithm::KeyAgreement(KeyAgreement::Raw(RawKeyAgreement::Ffdh))
+                    | Algorithm::KeyAgreement(KeyAgreement::WithKeyDerivation {
+                        ka_alg: RawKeyAgreement::Ffdh,
+                        ..
+                    })
+            ),
         }
     }
 

From ca21b3e4f9e747ab2503b8615d77e2b501fc17bb Mon Sep 17 00:00:00 2001
From: Edmund Grimley Evans <edmund.grimley-evans@arm.com>
Date: Wed, 22 Dec 2021 12:29:44 +0000
Subject: [PATCH 2/2] Update from rsa 0.3.0 to 0.5.0.

Upgrading to rsa 0.5.0 removes the dependency on simple_asn1 and
thus on chrono, which has two potential security vulnerabilities:
RUSTSEC-2020-0071 and RUSTSEC-2020-0159.

The update to rsa 0.5.0 requires an update to rand and some changes
in test code because the API has changed slightly.

Also a newer toolchain is required: 1.52.0.

Signed-off-by: Edmund Grimley Evans <edmund.grimley-evans@arm.com>
---
 .github/workflows/ci.yml                     | 2 +-
 psa-crypto/Cargo.toml                        | 4 ++--
 psa-crypto/src/operations/asym_encryption.rs | 8 +++++---
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 78a6573..ceac380 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -13,7 +13,7 @@ jobs:
         with:
           profile: minimal
           override: true
-          toolchain: 1.46.0
+          toolchain: 1.52.0
       - name: Set up Python
         uses: actions/setup-python@v2
         with:
diff --git a/psa-crypto/Cargo.toml b/psa-crypto/Cargo.toml
index 1b04058..9c42a71 100644
--- a/psa-crypto/Cargo.toml
+++ b/psa-crypto/Cargo.toml
@@ -18,8 +18,8 @@ serde = { version = "1.0.115", features = ["derive"] }
 zeroize = { version = "<=1.3.0", features = ["zeroize_derive"] }
 
 [dev-dependencies]
-rsa = "0.3.0"
-rand = "0.7.3"
+rsa = { version = "0.5.0", features = ["alloc"] }
+rand = "0.8.4"
 base64 = "0.12.3"
 
 [features]
diff --git a/psa-crypto/src/operations/asym_encryption.rs b/psa-crypto/src/operations/asym_encryption.rs
index d9b673e..66cc232 100644
--- a/psa-crypto/src/operations/asym_encryption.rs
+++ b/psa-crypto/src/operations/asym_encryption.rs
@@ -93,8 +93,9 @@ pub fn encrypt(
 /// # use psa_crypto::operations::asym_encryption::decrypt;
 /// # use psa_crypto::types::key::{Attributes, Type, Lifetime, Policy, UsageFlags};
 /// # use psa_crypto::types::algorithm::{AsymmetricEncryption, Hash};
-/// # use rsa::{RSAPublicKey, PaddingScheme, PublicKey};
+/// # use rsa::{RsaPublicKey, PaddingScheme, PublicKey};
 /// # use rand::rngs::OsRng;
+/// # use rsa::pkcs1::FromRsaPublicKey;
 /// # let mut usage_flags: UsageFlags = Default::default();
 /// # usage_flags.set_decrypt();
 /// # let mut attributes = Attributes {
@@ -115,8 +116,9 @@ pub fn encrypt(
 ///
 /// let key_id = generate(attributes, None).unwrap();
 /// let mut pub_key = vec![0; attributes.export_public_key_output_size().unwrap()];
-/// let _pub_key_length = export_public(key_id.clone(), &mut pub_key);
-/// let rsa_pub_key = RSAPublicKey::from_pkcs1(&pub_key).unwrap();
+/// let pub_key_length = export_public(key_id.clone(), &mut pub_key).unwrap();
+/// pub_key.truncate(pub_key_length);
+/// let rsa_pub_key = RsaPublicKey::from_pkcs1_der(&pub_key).unwrap();
 /// let ciphertext = rsa_pub_key.encrypt(&mut OsRng, PaddingScheme::new_pkcs1v15_encrypt(), &MESSAGE).unwrap();
 ///
 /// let alg = AsymmetricEncryption::RsaPkcs1v15Crypt;