👌

🌞

Is this needed? I didn't see any direct uses of it

Nope, I have removed it. Wonder if there's a clippy setting to catch that...

WIP it seems

That PR only provides the functionality of cargo-udeps in upstream tools. You can install it today!

Thanks @est31! We should definitely add that on our CIs!

Is this what you're trying to achieve here?

I don't think that's quite it. op.salt is an Option<Zeroizing<Vec<u8>>> and I need salt_buff to be Option<&[u8]>. There may still be some more concise way of writing it that I'm not aware of though.

Huh! I thought that since Zeroizing implements Deref, it would work - actually, it seems as_deref is what I should've recommended, though it doesn't solve the whole problem either - op.salt.as_deref() yields Option<&Vec<u8>>

The format_error macro doesn't need the {} part of the "format string", that gets added inside the macro!

Ah, that's why the log outputs have been a bit odd...!

What about in this case?

format_error!(
       "Error {} when opening a persistent Mbed Crypto key.",
       e
);

Ooops! I didn't notice that one when it went in... I wrote format_error to always log in the same format "Brief description of problem; error: {}" - the last bit is only written when the config flag for verbose logging is on. You can probably change that to ("Failed to open persistent Mbed Crypto key", e)

Easier/quicker to just plaintext.zeroize() here (though you need to import the Zeroize trait).

huh, I didn't know you could do that 🤯! How does it work? plaintext is a regular Vec<u8>' and I can't see anything obvious in the documentation that states Zeroizableis implemented forVec. Is it u8implementsDefaultIsZeros, so implements Zeroizablein the blanket implementation andVec` 'inherits' (derefs?) that?

Zeroize is implemented on Vecs - it's actually what you were using in the other PR when doing plaintext.zeroize() for the protobuf types - those types don't use Zeroizing or anything from the crate

Oh yeah... 🤦‍♂️

🙆‍♂️ niiiiiice!

Is there a neater way of doing this?
Would be nice if the tests could check which operations the current provider supports and only test those.

You can always put an #[cfg(feature = "mbed-crypto-provider")] on the test

Ah, this is in the e2e crate... Hmmm

I don't think the if is 100% correct anyway, because you could have multiple providers set up and the client chooses a different one, doesn't mean the Mbed Crypto one isn't available. Maybe we should change the set_provider method (on the test client) to check if the provider actually exists, and returns an error if not. Then we can check on that.

client chooses a different one

Are the tests not done in isolation? As in, there will only ever be one provider at once during testing?

Maybe we should change the set_provider method (on the test client) to check if the provider actually exists, and returns an error if not. Then we can check on that.

So have set_provider check basic_client.list_providers to see if that provider exists (in this case, MbedCrypto) and if it does, it returns Ok and we can run the tests?

Are the tests not done in isolation? As in, there will only ever be one provider at once during testing?

Yeah, that's true, this is in the per_provider test thing - forget that.

I think we can do it in another way, actually, makes it more scalable - call list_opcodes and check if the operation you want is supported. If it isn't, return. It's not ideal because it will still appear as a test even when it's not supported, but there's no need to do anything to enable the test when you implement it in some new provider.

I think we can do it in another way, actually, makes it more scalable - call list_opcodes and check if the operation you want is supported. If it isn't, return. It's not ideal because it will still appear as a test even when it's not supported, but there's no need to do anything to enable the test when you implement it in some new provider.

That sounds more like what I was thinking. The other two solutions don't deal with the fact that the tests are still run either. Could do with a way of forcing text output even if --show-output isn't specified, so we can at least say 'Hey, this provider doesn't actually support this operation'. I can have a poke tomorrow.

Yes, it might be worth to change this check to:

if client.list_opcodes(client.provider().unwrap())?.contains(Opcode::PsaAsymmetricEncrypt) {
    return;
}

We could even create a method out of that snippet in the client:

fn is_operation_supported(&self, op: Opcode) -> bool {
}

🌞

Yes, it might be worth to change this check to:

if client.list_opcodes(client.provider().unwrap())?.contains(Opcode::PsaAsymmetricEncrypt) {
    return;
}

We could even create a method out of that snippet in the client:

fn is_operation_supported(&self, op: Opcode) -> bool {
}

I think those info! are not needed now that we have the ingress/egress trace everywhere

Should they be removed from the other operations too?

If you don't mind 👀

Ah good point! Do you think, even in case of error, it might contain some decrypted data? Does the spec say anything about it?

hmm it doesn't mention it in the spec that I can see. A quick look at the mbedtls code shows that it only copies into plaintext buffer if successful.

Yes I reckon that is the safe, default, behaviour that you would expect. We can remove the zeroize here I think.

Nice! Thanks for removing those as well.