refactor!: Pull Crypto trait to the high-level implementation

This allows pushing back the edhoc-crypto ("the default implementation
that is selected statically, making all implementations possible
dependencies") into the dev-dependencies.

The crypto-* features are removed from edhoc-rs; testing depends on
edhoc-crypto being pulled in in parallel to the test, and a feature
selected on that.

Follow-up-for: #127

Author: chrysn

.github/workflows/build-and-test.yml

@@ -28,15 +28,15 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        crypto_backend: [crypto-hacspec, crypto-psa]
+        crypto_backend: [edhoc-crypto/hacspec, edhoc-crypto/psa]
         ead: [ead-none, ead-zeroconf]
 
     steps:
     - name: Checkout repo
       uses: actions/checkout@v3
 
     - name: Run unit tests # note that we only add `--package edhoc-hacspec` when testing the hacspec version of the lib
-      run: RUST_BACKTRACE=1 cargo test -p edhoc-rs -p edhoc-consts -p edhoc-ead-zeroconf  --no-default-features --features="${{ matrix.crypto_backend }}, ${{ matrix.ead }}" --no-fail-fast -- --test-threads 1
+      run: RUST_BACKTRACE=1 cargo test -p edhoc-rs -p edhoc-crypto -p edhoc-consts -p edhoc-ead-zeroconf  --no-default-features --features="${{ matrix.crypto_backend }}, ${{ matrix.ead }}" --no-fail-fast -- --test-threads 1
 
 
   build-edhoc-package:
@@ -46,7 +46,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        crypto_backend: [crypto-hacspec, crypto-psa, crypto-psa-baremetal, crypto-cryptocell310]
+        crypto_backend: [edhoc-crypto/hacspec, edhoc-crypto/psa, edhoc-crypto/psa-baremetal, edhoc-crypto/cryptocell310]
         ead: [ead-none, ead-zeroconf]
 
     steps:

examples/coap/Cargo.toml

@@ -4,7 +4,8 @@ version = "0.1.0"
 edition = "2021"
 
 [dependencies]
-edhoc-rs = { path = "../../lib", features = [ "crypto-hacspec" ] }
+edhoc-rs = { path = "../../lib" }
+edhoc-crypto = { path = "../../crypto/", features = [ "hacspec" ] }
 hexlit = "0.5.3"
 coap = { version = "0.13" }
 coap-lite = { version = "0.11.3" }

examples/coap/src/bin/coapclient.rs

@@ -21,11 +21,17 @@ fn main() {
     println!("Client request: {}", url);
 
     let state = Default::default();
-    let initiator = EdhocInitiator::new(state, &I, &CRED_I, Some(&CRED_R));
+    let initiator = EdhocInitiator::new(
+        state,
+        edhoc_crypto::default_crypto(),
+        &I,
+        &CRED_I,
+        Some(&CRED_R),
+    );
 
     // Send Message 1 over CoAP and convert the response to byte
     let mut msg_1_buf = Vec::from([0xf5u8]); // EDHOC message_1 when transported over CoAP is prepended with CBOR true
-    let c_i = generate_connection_identifier_cbor();
+    let c_i = generate_connection_identifier_cbor(&mut edhoc_crypto::default_crypto());
     let (initiator, message_1) = initiator.prepare_message_1(c_i).unwrap();
     msg_1_buf.extend_from_slice(&message_1.content[..message_1.len]);
     println!("message_1 len = {}", msg_1_buf.len());

examples/coap/src/bin/coapserver-coaphandler.rs

@@ -1,3 +1,4 @@
+use edhoc_crypto::Crypto;
 use edhoc_rs::*;
 use hexlit::hex;
 
@@ -14,11 +15,11 @@ const R: &[u8] = &hex!("72cc4761dbd4c78f758931aa589d348d1ef874a7e303ede2f140dcf3
 
 #[derive(Default, Debug)]
 struct EdhocHandler {
-    connections: Vec<(u8, EdhocResponderWaitM3<'static>)>,
+    connections: Vec<(u8, EdhocResponderWaitM3<'static, Crypto>)>,
 }
 
 impl EdhocHandler {
-    fn take_connection_by_c_r(&mut self, c_r: u8) -> Option<EdhocResponderWaitM3<'static>> {
+    fn take_connection_by_c_r(&mut self, c_r: u8) -> Option<EdhocResponderWaitM3<'static, Crypto>> {
         let index = self
             .connections
             .iter()
@@ -45,7 +46,7 @@ enum EdhocResponse {
     // take up a slot there anyway) if we make it an enum.
     OkSend2 {
         c_r: u8,
-        responder: EdhocResponderBuildM2<'static>,
+        responder: EdhocResponderBuildM2<'static, Crypto>,
     },
     Message3Processed,
 }
@@ -60,7 +61,14 @@ impl coap_handler::Handler for EdhocHandler {
 
         if starts_with_true {
             let state = EdhocState::default();
-            let responder = EdhocResponder::new(state, &R, &CRED_R, Some(&CRED_I));
+
+            let responder = EdhocResponder::new(
+                state,
+                edhoc_crypto::default_crypto(),
+                &R,
+                &CRED_R,
+                Some(&CRED_I),
+            );
 
             let response = responder
                 .process_message_1(&request.payload()[1..].try_into().expect("wrong length"));

examples/coap/src/bin/coapserver.rs

@@ -32,7 +32,13 @@ fn main() {
             // This is an EDHOC message
             if request.message.payload[0] == 0xf5 {
                 let state = EdhocState::default();
-                let responder = EdhocResponder::new(state, &R, &CRED_R, Some(&CRED_I));
+                let responder = EdhocResponder::new(
+                    state,
+                    edhoc_crypto::default_crypto(),
+                    &R,
+                    &CRED_R,
+                    Some(&CRED_I),
+                );
 
                 let result = responder.process_message_1(
                     &request.message.payload[1..]
@@ -41,7 +47,8 @@ fn main() {
                 );
 
                 if let Ok(responder) = result {
-                    let c_r = generate_connection_identifier_cbor();
+                    let c_r =
+                        generate_connection_identifier_cbor(&mut edhoc_crypto::default_crypto());
                     let (responder, message_2) = responder.prepare_message_2(c_r).unwrap();
                     response.message.payload = Vec::from(&message_2.content[..message_2.len]);
                     // save edhoc connection

examples/edhoc-rs-cc2538/Cargo.toml

@@ -8,6 +8,7 @@ description = "edhoc-rs example on CC2538 SoC"
 
 [dependencies]
 edhoc-rs = { path = "../../lib", default-features = false }
+edhoc-crypto = { path = "../../crypto", default-features = false }
 # depend on an allocator
 embedded-alloc = "0.5.0"
 hexlit = "0.5.3"
@@ -20,5 +21,5 @@ rtt-target = { version = "0.3.1", features = ["cortex-m"] }
 
 [features]
 default = [ "psa" ]
-psa = [ "edhoc-rs/crypto-psa-baremetal" ]
+psa = [ "edhoc-crypto/psa-baremetal" ]
 

examples/edhoc-rs-no_std/Cargo.toml

@@ -23,7 +23,7 @@ rtt-target = { version = "0.3.1", features = ["cortex-m"] }
 [features]
 default = [ "rtt", "crypto-cryptocell310", "ead-none" ]
 rtt = [ ]
-crypto-psa = [ "edhoc-rs/crypto-psa-baremetal" ]
-crypto-cryptocell310 = [ "edhoc-rs/crypto-cryptocell310" ]
+crypto-psa = [ "edhoc-crypto/psa-baremetal" ]
+crypto-cryptocell310 = [ "edhoc-crypto/cryptocell310" ]
 ead-none = [ "edhoc-rs/ead-none" ]
 ead-zeroconf = [ "edhoc-rs/ead-zeroconf" ]

examples/edhoc-rs-no_std/src/main.rs

@@ -74,7 +74,13 @@ fn main() -> ! {
 
     fn test_new_initiator() {
         let state = Default::default();
-        let _initiator = EdhocInitiator::new(state, I, CRED_I, Some(CRED_R));
+        let _initiator = EdhocInitiator::new(
+            state,
+            edhoc_crypto::default_crypto(),
+            I,
+            CRED_I,
+            Some(CRED_R),
+        );
     }
 
     test_new_initiator();
@@ -94,9 +100,16 @@ fn main() -> ! {
 
     fn test_prepare_message_1() {
         let state = Default::default();
-        let mut initiator = EdhocInitiator::new(state, I, CRED_I, Some(CRED_R));
-
-        let c_i: u8 = generate_connection_identifier_cbor().into();
+        let mut initiator = EdhocInitiator::new(
+            state,
+            edhoc_crypto::default_crypto(),
+            I,
+            CRED_I,
+            Some(CRED_R),
+        );
+
+        let c_i: u8 =
+            generate_connection_identifier_cbor(&mut edhoc_crypto::default_crypto()).into();
         let message_1 = initiator.prepare_message_1(c_i);
         assert!(message_1.is_ok());
     }
@@ -106,16 +119,30 @@ fn main() -> ! {
 
     fn test_handshake() {
         let state_initiator = Default::default();
-        let mut initiator = EdhocInitiator::new(state_initiator, I, CRED_I, Some(CRED_R));
+        let mut initiator = EdhocInitiator::new(
+            state_initiator,
+            edhoc_crypto::default_crypto(),
+            I,
+            CRED_I,
+            Some(CRED_R),
+        );
         let state_responder = Default::default();
-        let responder = EdhocResponder::new(state_responder, R, CRED_R, Some(CRED_I));
-
-        let c_i: u8 = generate_connection_identifier_cbor().into();
+        let responder = EdhocResponder::new(
+            state_responder,
+            edhoc_crypto::default_crypto(),
+            R,
+            CRED_R,
+            Some(CRED_I),
+        );
+
+        let c_i: u8 =
+            generate_connection_identifier_cbor(&mut edhoc_crypto::default_crypto()).into();
         let (initiator, message_1) = initiator.prepare_message_1(c_i).unwrap(); // to update the state
 
         let responder = responder.process_message_1(&message_1).unwrap();
 
-        let c_r: u8 = generate_connection_identifier_cbor().into();
+        let c_r: u8 =
+            generate_connection_identifier_cbor(&mut edhoc_crypto::default_crypto()).into();
         let (responder, message_2) = responder.prepare_message_2(c_r).unwrap();
         assert!(c_r != 0xff);
 

lib/Cargo.toml

@@ -11,7 +11,6 @@ hexlit = "0.5.3"
 hex = { version = "0.4.3", default-features = false }
 
 hacspec-lib = { version = "0.1.0-beta.1", default-features = false, optional = true }
-edhoc-crypto = { path = "../crypto", default-features = false }
 edhoc-crypto-trait = { path = "../crypto/edhoc-crypto-trait" }
 edhoc-consts = { path = "../consts" }
 edhoc-ead = { path = "../ead", default-features = false }
@@ -20,12 +19,11 @@ panic-semihosting = { version = "0.6.0", features = ["exit"], optional = true }
 [build-dependencies]
 cbindgen = "0.24.5"
 
+[dev-dependencies]
+edhoc-crypto = { path = "../crypto", default-features = false }
+
 [features]
 default = [ "edhoc-ead/ead-none" ]
-crypto-hacspec = ["hacspec-lib/std", "edhoc-crypto/hacspec" ]
-crypto-psa = [ "edhoc-crypto/psa" ]
-crypto-psa-baremetal = [ "edhoc-crypto/psa-baremetal", "panic-semihosting" ]
-crypto-cryptocell310 = [ "edhoc-crypto/cryptocell310", "panic-semihosting" ]
 ead-none = [ "edhoc-ead/ead-none" ]
 ead-zeroconf = [ "edhoc-ead/ead-zeroconf" ]