From 4a7e0af48d048b7509e6546d77813dbb257c2373 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Mon, 27 Jan 2025 23:49:37 -0800 Subject: [PATCH 1/2] bump rustcrypto dependencies to pre-release Signed-off-by: Arthur Gautier --- .clippy.toml | 2 +- .github/workflows/ci.yml | 4 +- .gitignore | 1 - Cargo.lock | 1308 +++++++++++++++++ tss-esapi-sys/Cargo.toml | 2 +- tss-esapi/Cargo.toml | 51 +- tss-esapi/examples/duplication.rs | 9 +- tss-esapi/examples/duplication_secret.rs | 9 +- tss-esapi/src/abstraction/no_tpm/quote.rs | 67 +- tss-esapi/src/abstraction/nv.rs | 3 +- tss-esapi/src/abstraction/public.rs | 42 +- tss-esapi/src/abstraction/signatures.rs | 20 +- tss-esapi/src/abstraction/signer.rs | 140 +- tss-esapi/src/abstraction/transient/mod.rs | 4 +- .../tpm_commands/asymmetric_primitives.rs | 8 +- .../tpm_commands/context_management.rs | 2 +- .../tpm_commands/symmetric_primitives.rs | 4 +- tss-esapi/src/structures/buffers.rs | 8 +- tss-esapi/tests/Cargo.lock.frozen | 509 ++++--- .../abstraction_tests/public_tests.rs | 10 +- .../transient_key_context_tests.rs | 35 +- .../asymmetric_primitives_tests.rs | 4 +- .../tpm_commands/context_management_tests.rs | 10 +- ...nhanced_authorization_ea_commands_tests.rs | 2 +- .../tpm_commands/hierarchy_commands_tests.rs | 6 +- .../tpm_commands/object_commands_tests.rs | 6 +- ...igning_and_signature_verification_tests.rs | 48 +- .../symmetric_primitives_tests.rs | 4 +- 28 files changed, 1863 insertions(+), 455 deletions(-) create mode 100644 Cargo.lock diff --git a/.clippy.toml b/.clippy.toml index 3b9db9dfe..4972822f1 100644 --- a/.clippy.toml +++ b/.clippy.toml @@ -1 +1 @@ -msrv = "1.74.0" +msrv = "1.85.0" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index eab40346f..03b58e8e0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,7 +31,7 @@ jobs: - name: Build the container run: docker build -t ubuntucontainer tss-esapi/tests/ --file tss-esapi/tests/Dockerfile-ubuntu --target tpm2-tools - name: Run the container - run: docker run -v $(pwd):/tmp/rust-tss-esapi -w /tmp/rust-tss-esapi/tss-esapi --env RUST_TOOLCHAIN_VERSION=1.74.0 ubuntucontainer /tmp/rust-tss-esapi/tss-esapi/tests/all-ubuntu.sh + run: docker run -v $(pwd):/tmp/rust-tss-esapi -w /tmp/rust-tss-esapi/tss-esapi --env RUST_TOOLCHAIN_VERSION=1.85.0 ubuntucontainer /tmp/rust-tss-esapi/tss-esapi/tests/all-ubuntu.sh # All in one job as I think it is a big overhead to build and run the Docker # container? tests-ubuntu: @@ -118,6 +118,6 @@ jobs: - name: Build the container run: docker build -t ubuntucontainer tss-esapi/tests/ --file tss-esapi/tests/Dockerfile-ubuntu --target tpm2-tss - name: Check Clippy lints MSRV - run: docker run -v $(pwd):/tmp/rust-tss-esapi -w /tmp/rust-tss-esapi/tss-esapi --env RUST_TOOLCHAIN_VERSION=1.74.0 ubuntucontainer /tmp/rust-tss-esapi/tss-esapi/tests/lint-checks.sh + run: docker run -v $(pwd):/tmp/rust-tss-esapi -w /tmp/rust-tss-esapi/tss-esapi --env RUST_TOOLCHAIN_VERSION=1.85.0 ubuntucontainer /tmp/rust-tss-esapi/tss-esapi/tests/lint-checks.sh - name: Check Clippy lints latest run: docker run -v $(pwd):/tmp/rust-tss-esapi -w /tmp/rust-tss-esapi/tss-esapi ubuntucontainer /tmp/rust-tss-esapi/tss-esapi/tests/lint-checks.sh diff --git a/.gitignore b/.gitignore index aa8595489..ff0be5fa2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,5 @@ *target **/*.rs.bk -*Cargo.lock *.swp *DS_Store *.patch diff --git a/Cargo.lock b/Cargo.lock new file mode 100644 index 000000000..8d0ebdbc2 --- /dev/null +++ b/Cargo.lock @@ -0,0 +1,1308 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 4 + +[[package]] +name = "aho-corasick" +version = "1.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916" +dependencies = [ + "memchr", +] + +[[package]] +name = "anstream" +version = "0.6.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8acc5369981196006228e28809f761875c0327210a891e941f4c683b3a99529b" +dependencies = [ + "anstyle", + "anstyle-parse", + "anstyle-query", + "anstyle-wincon", + "colorchoice", + "is_terminal_polyfill", + "utf8parse", +] + +[[package]] +name = "anstyle" +version = "1.0.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "55cc3b69f167a1ef2e161439aa98aed94e6028e5f9a59be9a6ffb47aef1651f9" + +[[package]] +name = "anstyle-parse" +version = "0.2.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3b2d16507662817a6a20a9ea92df6652ee4f94f914589377d69f3b21bc5798a9" +dependencies = [ + "utf8parse", +] + +[[package]] +name = "anstyle-query" +version = "1.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "79947af37f4177cfead1110013d678905c37501914fba0efea834c3fe9a8d60c" +dependencies = [ + "windows-sys", +] + +[[package]] +name = "anstyle-wincon" +version = "3.0.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ca3534e77181a9cc07539ad51f2141fe32f6c3ffd4df76db8ad92346b003ae4e" +dependencies = [ + "anstyle", + "once_cell", + "windows-sys", +] + +[[package]] +name = "autocfg" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26" + +[[package]] +name = "autotools" +version = "0.2.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ef941527c41b0fc0dd48511a8154cd5fc7e29200a0ff8b7203c5d777dbc795cf" +dependencies = [ + "cc", +] + +[[package]] +name = "base16ct" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d8b59d472eab27ade8d770dcb11da7201c11234bef9f82ce7aa517be028d462b" + +[[package]] +name = "base64ct" +version = "1.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "89e25b6adfb930f02d1981565a6e5d9c547ac15a96606256d3b59040e5cd4ca3" + +[[package]] +name = "bindgen" +version = "0.72.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "993776b509cfb49c750f11b8f07a46fa23e0a1386ffc01fb1e7d343efc387895" +dependencies = [ + "bitflags", + "cexpr", + "clang-sys", + "itertools", + "log", + "prettyplease", + "proc-macro2", + "quote", + "regex", + "rustc-hash", + "shlex", + "syn", +] + +[[package]] +name = "bitfield" +version = "0.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f798d2d157e547aa99aab0967df39edd0b70307312b6f8bd2848e6abe40896e0" + +[[package]] +name = "bitflags" +version = "2.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c8214115b7bf84099f1309324e63141d4c5d7cc26862f97a0a857dbefe165bd" + +[[package]] +name = "block-buffer" +version = "0.11.0-rc.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e9ef36a6fcdb072aa548f3da057640ec10859eb4e91ddf526ee648d50c76a949" +dependencies = [ + "hybrid-array", +] + +[[package]] +name = "cc" +version = "1.2.39" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e1354349954c6fc9cb0deab020f27f783cf0b604e8bb754dc4658ecf0d29c35f" +dependencies = [ + "find-msvc-tools", + "shlex", +] + +[[package]] +name = "cexpr" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" +dependencies = [ + "nom", +] + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "clang-sys" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" +dependencies = [ + "glob", + "libc", + "libloading", +] + +[[package]] +name = "colorchoice" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b63caa9aa9397e2d9480a9b13673856c78d8ac123288526c37d7839f2a86990" + +[[package]] +name = "const-oid" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0dabb6555f92fb9ee4140454eb5dcd14c7960e1225c6d1a6cc361f032947713e" + +[[package]] +name = "cpufeatures" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280" +dependencies = [ + "libc", +] + +[[package]] +name = "crypto-bigint" +version = "0.7.0-rc.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6715836b4946e8585016e80b79c7561476aff3b22f7b756778e7b109d86086c6" +dependencies = [ + "hybrid-array", + "num-traits", + "rand_core", + "serdect", + "subtle", + "zeroize", +] + +[[package]] +name = "crypto-common" +version = "0.2.0-rc.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "919bd05924682a5480aec713596b9e2aabed3a0a6022fab6847f85a99e5f190a" +dependencies = [ + "hybrid-array", +] + +[[package]] +name = "crypto-primes" +version = "0.7.0-pre.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fdd9b2855017318a49714c07ee8895b89d3510d54fa6d86be5835de74c389609" +dependencies = [ + "crypto-bigint", + "libm", + "rand_core", +] + +[[package]] +name = "der" +version = "0.8.0-rc.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "02c1d73e9668ea6b6a28172aa55f3ebec38507131ce179051c8033b5c6037653" +dependencies = [ + "const-oid", + "der_derive", + "flagset", + "pem-rfc7468", + "zeroize", +] + +[[package]] +name = "der_derive" +version = "0.8.0-rc.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "be645fee2afe89d293b96c19e4456e6ac69520fc9c6b8a58298550138e361ffe" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "digest" +version = "0.11.0-rc.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ea390c940e465846d64775e55e3115d5dc934acb953de6f6e6360bc232fe2bf7" +dependencies = [ + "block-buffer", + "const-oid", + "crypto-common", + "subtle", +] + +[[package]] +name = "ecdsa" +version = "0.17.0-rc.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e914ecb8e11a02f42cc05f6b43675d1e5aa4d446cd207f9f818903a1ab34f19f" +dependencies = [ + "der", + "digest", + "elliptic-curve", + "rfc6979", + "signature", + "spki", + "zeroize", +] + +[[package]] +name = "either" +version = "1.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" + +[[package]] +name = "elliptic-curve" +version = "0.14.0-rc.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "39ecd2903524729de5d0cba7589121744513feadd56d71980cb480c48caceb11" +dependencies = [ + "base16ct", + "crypto-bigint", + "digest", + "getrandom", + "hkdf", + "hybrid-array", + "once_cell", + "pem-rfc7468", + "pkcs8", + "rand_core", + "rustcrypto-ff", + "rustcrypto-group", + "sec1", + "subtle", + "zeroize", +] + +[[package]] +name = "enumflags2" +version = "0.7.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba2f4b465f5318854c6f8dd686ede6c0a9dc67d4b1ac241cf0eb51521a309147" +dependencies = [ + "enumflags2_derive", +] + +[[package]] +name = "enumflags2_derive" +version = "0.7.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc4caf64a58d7a6d65ab00639b046ff54399a39f5f2554728895ace4b297cd79" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "env_filter" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "186e05a59d4c50738528153b83b0b0194d3a29507dfec16eccd4b342903397d0" +dependencies = [ + "log", + "regex", +] + +[[package]] +name = "env_logger" +version = "0.11.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13c863f0904021b108aa8b2f55046443e6b1ebde8fd4a15c399893aae4fa069f" +dependencies = [ + "anstream", + "anstyle", + "env_filter", + "jiff", + "log", +] + +[[package]] +name = "fiat-crypto" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "64cd1e32ddd350061ae6edb1b082d7c54915b5c672c389143b9a63403a109f24" + +[[package]] +name = "find-msvc-tools" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ced73b1dacfc750a6db6c0a0c3a3853c8b41997e2e2c563dc90804ae6867959" + +[[package]] +name = "flagset" +version = "0.4.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7ac824320a75a52197e8f2d787f6a38b6718bb6897a35142d749af3c0e8f4fe" + +[[package]] +name = "getrandom" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "73fea8450eea4bac3940448fb7ae50d91f034f941199fcd9d909a5a07aa455f0" +dependencies = [ + "cfg-if", + "libc", + "r-efi", + "wasi", +] + +[[package]] +name = "glob" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2" + +[[package]] +name = "heck" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" + +[[package]] +name = "hkdf" +version = "0.13.0-rc.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cfbb4225acf2b5cc4e12d384672cd6d1f0cb980ff5859ffcf144db25b593a24d" +dependencies = [ + "hmac", +] + +[[package]] +name = "hmac" +version = "0.13.0-rc.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1c597ac7d6cc8143e30e83ef70915e7f883b18d8bec2e2b2bce47f5bbb06d57" +dependencies = [ + "digest", +] + +[[package]] +name = "hostname-validator" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f558a64ac9af88b5ba400d99b579451af0d39c6d360980045b91aac966d705e2" + +[[package]] +name = "hybrid-array" +version = "0.4.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f471e0a81b2f90ffc0cb2f951ae04da57de8baa46fa99112b062a5173a5088d0" +dependencies = [ + "subtle", + "typenum", + "zeroize", +] + +[[package]] +name = "is_terminal_polyfill" +version = "1.70.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf" + +[[package]] +name = "itertools" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186" +dependencies = [ + "either", +] + +[[package]] +name = "itoa" +version = "1.0.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c" + +[[package]] +name = "jiff" +version = "0.2.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e5ad87c89110f55e4cd4dc2893a9790820206729eaf221555f742d540b0724a0" +dependencies = [ + "jiff-static", + "log", + "portable-atomic", + "portable-atomic-util", + "serde", +] + +[[package]] +name = "jiff-static" +version = "0.2.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d076d5b64a7e2fe6f0743f02c43ca4a6725c0f904203bfe276a5b3e793103605" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "keccak" +version = "0.2.0-rc.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d546793a04a1d3049bd192856f804cfe96356e2cf36b54b4e575155babe9f41" +dependencies = [ + "cpufeatures", +] + +[[package]] +name = "lenient_semver" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "de8de3f4f3754c280ce1c8c42ed8dd26a9c8385c2e5ad4ec5a77e774cea9c1ec" +dependencies = [ + "lenient_semver_parser", + "lenient_version", + "semver", +] + +[[package]] +name = "lenient_semver_parser" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f650c1d024ddc26b4bb79c3076b30030f2cf2b18292af698c81f7337a64d7d6" +dependencies = [ + "lenient_semver_version_builder", + "semver", +] + +[[package]] +name = "lenient_semver_version_builder" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9049f8ff49f75b946f95557148e70230499c8a642bf2d6528246afc7d0282d17" +dependencies = [ + "semver", +] + +[[package]] +name = "lenient_version" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bad7b41cc0ad9b8a9f8d8fcb7c2ab6703a6da4b369cbb7e3a63ee0840769b4eb" +dependencies = [ + "lenient_semver_parser", + "lenient_semver_version_builder", +] + +[[package]] +name = "libc" +version = "0.2.172" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d750af042f7ef4f724306de029d18836c26c1765a54a6a3f094cbd23a7267ffa" + +[[package]] +name = "libloading" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc2f4eb4bc735547cfed7c0a4922cbd04a4655978c09b54f1f7b228750664c34" +dependencies = [ + "cfg-if", + "windows-targets", +] + +[[package]] +name = "libm" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f9fbbcab51052fe104eb5e5d351cf728d30a5be1fe14d9be8a3b097481fb97de" + +[[package]] +name = "log" +version = "0.4.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94" + +[[package]] +name = "malloced" +version = "1.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6dfebb2f9e0b39509c62eead6ec7ae0c0ed45bb61d12bbcf4e976c566c5400ec" + +[[package]] +name = "memchr" +version = "2.7.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" + +[[package]] +name = "minimal-lexical" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" + +[[package]] +name = "msbuild" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "393df38a84c08ad136f183889923314c1cf7988347fe8b7ab6531d44837bb076" +dependencies = [ + "lenient_semver", + "serde_json", + "winreg", +] + +[[package]] +name = "nom" +version = "7.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" +dependencies = [ + "memchr", + "minimal-lexical", +] + +[[package]] +name = "num-derive" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed3955f1a9c7c0c15e092f9c887db08b1fc683305fdf6eb6684f22555355e202" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "num-traits" +version = "0.2.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" +dependencies = [ + "autocfg", +] + +[[package]] +name = "once_cell" +version = "1.21.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d" + +[[package]] +name = "p192" +version = "0.14.0-rc.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6b6fa847f5170e3b6b446fc26fd49e07cc14ae781d77e93b7849dccec782b3e" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primefield", + "primeorder", +] + +[[package]] +name = "p224" +version = "0.14.0-rc.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8a87b3bc7b86aa50ac50c1357f339fe6354b67633c05887fe6db632a84c81c6" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primefield", + "primeorder", + "sha2", +] + +[[package]] +name = "p256" +version = "0.14.0-rc.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cdbe8d6ac92e515ca2179ac331c1e4def09db2217d394683e73dace705c2f0c5" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primefield", + "primeorder", + "sha2", +] + +[[package]] +name = "p384" +version = "0.14.0-rc.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "29c729847b7cf17b9c96f9e6504400f64ae90cb1cdf23610cc1a51f18538ff95" +dependencies = [ + "ecdsa", + "elliptic-curve", + "fiat-crypto", + "primefield", + "primeorder", + "sha2", +] + +[[package]] +name = "p521" +version = "0.14.0-rc.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75296e7cb5d53c8a5083ff26b5707177962cd5851af961a56316e863f1ea757c" +dependencies = [ + "base16ct", + "ecdsa", + "elliptic-curve", + "primefield", + "primeorder", + "sha2", +] + +[[package]] +name = "paste" +version = "1.0.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" + +[[package]] +name = "pem-rfc7468" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a6305423e0e7738146434843d1694d621cce767262b2a86910beab705e4493d9" +dependencies = [ + "base64ct", +] + +[[package]] +name = "pkcs1" +version = "0.8.0-rc.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "986d2e952779af96ea048f160fd9194e1751b4faea78bcf3ceb456efe008088e" +dependencies = [ + "der", + "spki", +] + +[[package]] +name = "pkcs8" +version = "0.11.0-rc.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77089aec8290d0b7bb01b671b091095cf1937670725af4fd73d47249f03b12c0" +dependencies = [ + "der", + "spki", +] + +[[package]] +name = "pkg-config" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c" + +[[package]] +name = "portable-atomic" +version = "1.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "350e9b48cbc6b0e028b0473b114454c6316e57336ee184ceab6e53f72c178b3e" + +[[package]] +name = "portable-atomic-util" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d8a2f0d8d040d7848a709caf78912debcc3f33ee4b3cac47d73d1e1069e83507" +dependencies = [ + "portable-atomic", +] + +[[package]] +name = "prettyplease" +version = "0.2.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "664ec5419c51e34154eec046ebcba56312d5a2fc3b09a06da188e1ad21afadf6" +dependencies = [ + "proc-macro2", + "syn", +] + +[[package]] +name = "primefield" +version = "0.14.0-rc.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1c3ad342f52c70a953d95acb09a55450fdc07c2214283b81536c3f83f714568e" +dependencies = [ + "crypto-bigint", + "rand_core", + "rustcrypto-ff", + "subtle", + "zeroize", +] + +[[package]] +name = "primeorder" +version = "0.14.0-rc.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f5e84a5f07d7a7c85f299e17753a98d8a09f10799894a637c9ce08d834b6ca02" +dependencies = [ + "elliptic-curve", +] + +[[package]] +name = "proc-macro2" +version = "1.0.95" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "02b3e5e68a3a1a02aad3ec490a98007cbc13c37cbe84a3cd7b8e406d76e7f778" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.40" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "r-efi" +version = "5.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "74765f6d916ee2faa39bc8e68e4f3ed8949b48cccdac59983d287a7cb71ce9c5" + +[[package]] +name = "rand_core" +version = "0.10.0-rc-2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "104a23e4e8b77312a823b6b5613edbac78397e2f34320bc7ac4277013ec4478e" + +[[package]] +name = "regex" +version = "1.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b544ef1b4eac5dc2db33ea63606ae9ffcfac26c1416a2806ae0bf5f56b201191" +dependencies = [ + "aho-corasick", + "memchr", + "regex-automata", + "regex-syntax", +] + +[[package]] +name = "regex-automata" +version = "0.4.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "809e8dc61f6de73b46c85f4c96486310fe304c434cfa43669d7b40f711150908" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c" + +[[package]] +name = "rfc6979" +version = "0.5.0-rc.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "63b8e2323084c987a72875b2fd682b7307d5cf14d47e3875bb5e89948e8809d4" +dependencies = [ + "hmac", + "subtle", +] + +[[package]] +name = "rsa" +version = "0.10.0-rc.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e499c52862d75a86c0024cc99dcb6d7127d15af3beae7b03573d62fab7ade08a" +dependencies = [ + "const-oid", + "crypto-bigint", + "crypto-primes", + "digest", + "pkcs1", + "pkcs8", + "rand_core", + "sha1", + "sha2", + "signature", + "spki", + "subtle", + "zeroize", +] + +[[package]] +name = "rustc-hash" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d" + +[[package]] +name = "rustcrypto-ff" +version = "0.14.0-pre.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aa9cd37111549306f79b09aa2618e15b1e8241b7178c286821e3dd71579db4db" +dependencies = [ + "rand_core", + "subtle", +] + +[[package]] +name = "rustcrypto-group" +version = "0.14.0-pre.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e394cd734b5f97dfc3484fa42aad7acd912961c2bcd96c99aa05b3d6cab7cafd" +dependencies = [ + "rand_core", + "rustcrypto-ff", + "subtle", +] + +[[package]] +name = "rustversion" +version = "1.0.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eded382c5f5f786b989652c49544c4877d9f015cc22e145a5ea8ea66c2921cd2" + +[[package]] +name = "ryu" +version = "1.0.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "28d3b2b1366ec20994f1fd18c3c594f05c5dd4bc44d8bb0c1c632c8d6829481f" + +[[package]] +name = "sec1" +version = "0.8.0-rc.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1dff52f6118bc9f0ac974a54a639d499ac26a6cad7a6e39bc0990c19625e793b" +dependencies = [ + "base16ct", + "der", + "hybrid-array", + "subtle", + "zeroize", +] + +[[package]] +name = "semver" +version = "1.0.26" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "56e6fa9c48d24d85fb3de5ad847117517440f6beceb7798af16b4a87d616b8d0" + +[[package]] +name = "serde" +version = "1.0.219" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.219" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "serde_json" +version = "1.0.140" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "20068b6e96dc6c9bd23e01df8827e6c7e1f2fddd43c21810382803c136b99373" +dependencies = [ + "itoa", + "memchr", + "ryu", + "serde", +] + +[[package]] +name = "serdect" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3ef0e35b322ddfaecbc60f34ab448e157e48531288ee49fafbb053696b8ffe2" +dependencies = [ + "base16ct", + "serde", +] + +[[package]] +name = "sha1" +version = "0.11.0-rc.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aa1ae819b9870cadc959a052363de870944a1646932d274a4e270f64bf79e5ef" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", +] + +[[package]] +name = "sha2" +version = "0.11.0-rc.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "19d43dc0354d88b791216bb5c1bfbb60c0814460cc653ae0ebd71f286d0bd927" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", +] + +[[package]] +name = "sha3" +version = "0.11.0-rc.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2103ca0e6f4e9505eae906de5e5883e06fc3b2232fb5d6914890c7bbcb62f478" +dependencies = [ + "digest", + "keccak", +] + +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + +[[package]] +name = "signature" +version = "3.0.0-rc.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2a0251c9d6468f4ba853b6352b190fb7c1e405087779917c238445eb03993826" +dependencies = [ + "digest", + "rand_core", +] + +[[package]] +name = "sm2" +version = "0.14.0-rc.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b51227f91afeb99a98da26571374b24be811ef683f2e3da52904b057bac71e05" +dependencies = [ + "der", + "elliptic-curve", + "fiat-crypto", + "primefield", + "primeorder", + "rand_core", + "rfc6979", + "signature", + "sm3", +] + +[[package]] +name = "sm3" +version = "0.5.0-rc.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "30ff18c123c240b3941d71fdddab04932ac4ba772e60d38a9c8e4522c6296b32" +dependencies = [ + "digest", +] + +[[package]] +name = "spki" +version = "0.8.0-rc.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8baeff88f34ed0691978ec34440140e1572b68c7dd4a495fd14a3dc1944daa80" +dependencies = [ + "base64ct", + "der", +] + +[[package]] +name = "strum" +version = "0.26.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8fec0f0aef304996cf250b31b5a10dee7980c85da9d759361292b8bca5a18f06" + +[[package]] +name = "strum_macros" +version = "0.26.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c6bee85a5a24955dc440386795aa378cd9cf82acd5f764469152d2270e581be" +dependencies = [ + "heck", + "proc-macro2", + "quote", + "rustversion", + "syn", +] + +[[package]] +name = "subtle" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" + +[[package]] +name = "syn" +version = "2.0.100" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b09a44accad81e1ba1cd74a32461ba89dee89095ba17b32f5d03683b1b1fc2a0" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "target-lexicon" +version = "0.13.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df7f62577c25e07834649fc3b39fafdc597c0a3527dc1c60129201ccfcbaa50c" + +[[package]] +name = "tls_codec" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0de2e01245e2bb89d6f05801c564fa27624dbd7b1846859876c7dad82e90bf6b" +dependencies = [ + "tls_codec_derive", + "zeroize", +] + +[[package]] +name = "tls_codec_derive" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2d2e76690929402faae40aebdda620a2c0e25dd6d3b9afe48867dfd95991f4bd" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tss-esapi" +version = "8.0.0-alpha.1" +dependencies = [ + "bitfield", + "cfg-if", + "digest", + "ecdsa", + "elliptic-curve", + "enumflags2", + "env_logger", + "getrandom", + "hostname-validator", + "log", + "malloced", + "num-derive", + "num-traits", + "p192", + "p224", + "p256", + "p384", + "p521", + "paste", + "pkcs8", + "regex", + "rsa", + "semver", + "serde", + "serde_json", + "sha1", + "sha2", + "sha3", + "signature", + "sm2", + "sm3", + "strum", + "strum_macros", + "tss-esapi", + "tss-esapi-sys", + "x509-cert", + "zeroize", +] + +[[package]] +name = "tss-esapi-sys" +version = "0.6.0-alpha.1" +dependencies = [ + "autotools", + "bindgen", + "cfg-if", + "msbuild", + "pkg-config", + "semver", + "target-lexicon", +] + +[[package]] +name = "typenum" +version = "1.18.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1dccffe3ce07af9386bfd29e80c0ab1a8205a2fc34e4bcd40364df902cfa8f3f" + +[[package]] +name = "unicode-ident" +version = "1.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a5f39404a5da50712a4c1eecf25e90dd62b613502b7e925fd4e4d19b5c96512" + +[[package]] +name = "utf8parse" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" + +[[package]] +name = "wasi" +version = "0.14.2+wasi-0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9683f9a5a998d873c0d21fcbe3c083009670149a8fab228644b8bd36b2c48cb3" +dependencies = [ + "wit-bindgen-rt", +] + +[[package]] +name = "windows-sys" +version = "0.59.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" +dependencies = [ + "windows-targets", +] + +[[package]] +name = "windows-targets" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" +dependencies = [ + "windows_aarch64_gnullvm", + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_gnullvm", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_gnullvm", + "windows_x86_64_msvc", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" + +[[package]] +name = "windows_i686_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" + +[[package]] +name = "windows_i686_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" + +[[package]] +name = "winreg" +version = "0.55.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb5a765337c50e9ec252c2069be9bf91c7df47afb103b642ba3a53bf8101be97" +dependencies = [ + "cfg-if", + "windows-sys", +] + +[[package]] +name = "wit-bindgen-rt" +version = "0.39.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1" +dependencies = [ + "bitflags", +] + +[[package]] +name = "x509-cert" +version = "0.3.0-rc.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "214929cc983d42a67db8bfacea8595625bc252e9d88457aab2770cea58371145" +dependencies = [ + "const-oid", + "der", + "sha1", + "signature", + "spki", + "tls_codec", +] + +[[package]] +name = "zeroize" +version = "1.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] diff --git a/tss-esapi-sys/Cargo.toml b/tss-esapi-sys/Cargo.toml index 32bf7ce00..8aab563b6 100644 --- a/tss-esapi-sys/Cargo.toml +++ b/tss-esapi-sys/Cargo.toml @@ -11,7 +11,7 @@ license = "Apache-2.0" repository = "https://github.com/parallaxsecond/rust-tss-esapi" documentation = "https://docs.rs/crate/tss-esapi-sys" links = "tss2-esys" -rust-version = "1.74.0" +rust-version = "1.85.0" [build-dependencies] bindgen = { version = "0.72.0", optional = true } diff --git a/tss-esapi/Cargo.toml b/tss-esapi/Cargo.toml index 78f2e34b6..fc9ce26c4 100644 --- a/tss-esapi/Cargo.toml +++ b/tss-esapi/Cargo.toml @@ -10,7 +10,7 @@ categories = ["api-bindings", "external-ffi-bindings", "cryptography"] license = "Apache-2.0" repository = "https://github.com/parallaxsecond/rust-tss-esapi" documentation = "https://docs.rs/crate/tss-esapi" -rust-version = "1.74.0" +rust-version = "1.85.0" [[example]] name = "hmac" @@ -32,50 +32,53 @@ num-derive = "0.4.2" num-traits = "0.2.12" hostname-validator = "1.1.0" regex = "1.3.9" -zeroize = { version = "1.5.7", features = ["zeroize_derive"] } +zeroize = { version = "1.8.2", features = ["zeroize_derive"] } tss-esapi-sys = { path = "../tss-esapi-sys", version = "0.6.0-alpha.1" } -x509-cert = { version = "0.2.0", optional = true } -ecdsa = { version = "0.16.9", features = [ +x509-cert = { version = "0.3.0-rc.1", optional = true } +ecdsa = { version = "0.17.0-rc.9", features = [ + "algorithm", "der", "hazmat", - "arithmetic", - "verifying", ], optional = true } -elliptic-curve = { version = "0.13.8", optional = true, features = [ +elliptic-curve = { version = "0.14.0-rc.17", optional = true, features = [ "alloc", "pkcs8", ] } -p192 = { version = "0.13.0", optional = true } -p224 = { version = "0.13.2", optional = true } -p256 = { version = "0.13.2", optional = true } -p384 = { version = "0.13.0", optional = true } -p521 = { version = "0.13.3", optional = true } -pkcs8 = { version = "0.10.2", optional = true } -rsa = { version = "0.9", optional = true } -sha1 = { version = "0.10.6", optional = true } -sha2 = { version = "0.10.8", optional = true } -sha3 = { version = "0.10.8", optional = true } -sm2 = { version = "0.13.3", optional = true } -sm3 = { version = "0.4.2", optional = true } -digest = { version = "0.10.7", optional = true } -signature = { version = "2.2.0", features = ["std"], optional = true } +p192 = { version = "0.14.0-rc.1", optional = true } +p224 = { version = "0.14.0-rc.1", optional = true } +p256 = { version = "0.14.0-rc.1", optional = true } +p384 = { version = "0.14.0-rc.1", optional = true } +p521 = { version = "0.14.0-rc.1", optional = true } +pkcs8 = { version = "0.11.0-rc.7", optional = true } +rsa = { version = "0.10.0-rc.10", optional = true } +sha1 = { version = "0.11.0-rc.3", optional = true } +sha2 = { version = "0.11.0-rc.3", optional = true } +sha3 = { version = "0.11.0-rc.3", optional = true } +sm2 = { version = "0.14.0-rc.1", optional = true } +sm3 = { version = "0.5.0-rc.3", optional = true } +digest = { version = "0.11.0-rc.4", optional = true } +signature = { version = "3.0.0-rc.5", features = [ + "alloc", + "digest", +], optional = true } cfg-if = "1.0.0" strum = { version = "0.26.3", optional = true } strum_macros = { version = "0.26.4", optional = true } paste = "1.0.14" -getrandom = "0.2.11" +getrandom = "0.3" [dev-dependencies] env_logger = "0.11.5" serde_json = "^1.0.108" -sha2 = { version = "0.10.8", features = ["oid"] } +sha2 = { version = "0.11.0-rc.2", features = ["oid"] } tss-esapi = { path = ".", features = [ "integration-tests", "serde", "abstraction", "rustcrypto-full", ] } -x509-cert = { version = "0.2.0", features = ["builder"] } +p256 = { version = "0.14.0-pre.11", features = ["ecdh"] } +x509-cert = { version = "0.3.0-rc.1", features = ["builder"] } [build-dependencies] semver = "1.0.7" diff --git a/tss-esapi/examples/duplication.rs b/tss-esapi/examples/duplication.rs index 4df49f18d..11a3580a3 100644 --- a/tss-esapi/examples/duplication.rs +++ b/tss-esapi/examples/duplication.rs @@ -215,9 +215,8 @@ fn main() { None, ) }) - .map_err(|err| { + .inspect_err(|err| { eprintln!("⚠️ {err}"); - err }) .unwrap(); @@ -268,9 +267,8 @@ fn main() { .execute_with_nullauth_session(|ctx| { ctx.create(loaded_storage_key, hmac_public, None, None, None, None) }) - .map_err(|err| { + .inspect_err(|err| { eprintln!("⚠️ {err}"); - err }) .unwrap(); @@ -370,9 +368,8 @@ fn main() { // Return the duplicate result. result }) - .map_err(|err| { + .inspect_err(|err| { eprintln!("⚠️ {err}"); - err }) .unwrap(); diff --git a/tss-esapi/examples/duplication_secret.rs b/tss-esapi/examples/duplication_secret.rs index f1819fe92..92d15b2f6 100644 --- a/tss-esapi/examples/duplication_secret.rs +++ b/tss-esapi/examples/duplication_secret.rs @@ -216,9 +216,8 @@ fn main() { None, ) }) - .map_err(|err| { + .inspect_err(|err| { eprintln!("⚠️ {err}"); - err }) .unwrap(); @@ -267,9 +266,8 @@ fn main() { .execute_with_nullauth_session(|ctx| { ctx.create(loaded_storage_key, hmac_public, None, None, None, None) }) - .map_err(|err| { + .inspect_err(|err| { eprintln!("⚠️ {err}"); - err }) .unwrap(); @@ -363,9 +361,8 @@ fn main() { // Return the duplicate result. result }) - .map_err(|err| { + .inspect_err(|err| { eprintln!("⚠️ {err}"); - err }) .unwrap(); diff --git a/tss-esapi/src/abstraction/no_tpm/quote.rs b/tss-esapi/src/abstraction/no_tpm/quote.rs index 25e9719ea..af4cf3c14 100644 --- a/tss-esapi/src/abstraction/no_tpm/quote.rs +++ b/tss-esapi/src/abstraction/no_tpm/quote.rs @@ -13,19 +13,16 @@ use digest::{Digest, DynDigest}; #[cfg(any(feature = "p224", feature = "p256", feature = "p384"))] use crate::{abstraction::public::AssociatedTpmCurve, structures::EccSignature}; #[cfg(any(feature = "p224", feature = "p256", feature = "p384"))] -use ecdsa::{ - hazmat::{DigestPrimitive, VerifyPrimitive}, - PrimeCurve, SignatureSize, VerifyingKey, -}; +use ecdsa::{hazmat::DigestAlgorithm, PrimeCurve, SignatureSize, VerifyingKey}; #[cfg(any(feature = "p224", feature = "p256", feature = "p384"))] use elliptic_curve::{ - generic_array::ArrayLength, + array::ArraySize, point::AffinePoint, sec1::{FromEncodedPoint, ModulusSize, ToEncodedPoint}, CurveArithmetic, FieldBytesSize, }; #[cfg(any(feature = "p224", feature = "p256", feature = "p384"))] -use signature::hazmat::PrehashVerifier; +use signature::DigestVerifier; #[cfg(feature = "rsa")] use rsa::{pkcs1v15, pss, RsaPublicKey}; @@ -40,9 +37,9 @@ fn verify_ecdsa( hashing_algorithm: HashingAlgorithm, ) -> Result where - C: PrimeCurve + CurveArithmetic + DigestPrimitive + AssociatedTpmCurve, - AffinePoint: VerifyPrimitive + FromEncodedPoint + ToEncodedPoint, - SignatureSize: ArrayLength, + C: PrimeCurve + CurveArithmetic + DigestAlgorithm + AssociatedTpmCurve, + AffinePoint: FromEncodedPoint + ToEncodedPoint, + SignatureSize: ArraySize, FieldBytesSize: ModulusSize, { let Ok(signature) = ecdsa::Signature::::try_from(signature) else { @@ -56,25 +53,45 @@ where match hashing_algorithm { #[cfg(feature = "sha1")] - HashingAlgorithm::Sha1 => { - let hash = sha1::Sha1::digest(message); - Ok(verifying_key.verify_prehash(&hash, &signature).is_ok()) - } + HashingAlgorithm::Sha1 => Ok(verifying_key + .verify_digest( + |d: &mut sha1::Sha1| { + Digest::update(d, message); + Ok(()) + }, + &signature, + ) + .is_ok()), #[cfg(feature = "sha2")] - HashingAlgorithm::Sha256 => { - let hash = sha2::Sha256::digest(message); - Ok(verifying_key.verify_prehash(&hash, &signature).is_ok()) - } + HashingAlgorithm::Sha256 => Ok(verifying_key + .verify_digest( + |d: &mut sha2::Sha256| { + Digest::update(d, message); + Ok(()) + }, + &signature, + ) + .is_ok()), #[cfg(feature = "sha2")] - HashingAlgorithm::Sha384 => { - let hash = sha2::Sha384::digest(message); - Ok(verifying_key.verify_prehash(&hash, &signature).is_ok()) - } + HashingAlgorithm::Sha384 => Ok(verifying_key + .verify_digest( + |d: &mut sha2::Sha384| { + Digest::update(d, message); + Ok(()) + }, + &signature, + ) + .is_ok()), #[cfg(feature = "sha2")] - HashingAlgorithm::Sha512 => { - let hash = sha2::Sha512::digest(message); - Ok(verifying_key.verify_prehash(&hash, &signature).is_ok()) - } + HashingAlgorithm::Sha512 => Ok(verifying_key + .verify_digest( + |d: &mut sha2::Sha512| { + Digest::update(d, message); + Ok(()) + }, + &signature, + ) + .is_ok()), _ => Err(Error::WrapperError(WrapperErrorKind::UnsupportedParam)), } } diff --git a/tss-esapi/src/abstraction/nv.rs b/tss-esapi/src/abstraction/nv.rs index 76646fc72..26a0bb121 100644 --- a/tss-esapi/src/abstraction/nv.rs +++ b/tss-esapi/src/abstraction/nv.rs @@ -53,9 +53,8 @@ fn get_nv_index_info( .and_then(|mut object_handle| { context .nv_read_public(NvIndexHandle::from(object_handle)) - .map_err(|e| { + .inspect_err(|_e| { let _ = context.tr_close(&mut object_handle); - e }) .and_then(|(nv_public, name)| { context.tr_close(&mut object_handle)?; diff --git a/tss-esapi/src/abstraction/public.rs b/tss-esapi/src/abstraction/public.rs index 2f0d5bb7b..250b92cb5 100644 --- a/tss-esapi/src/abstraction/public.rs +++ b/tss-esapi/src/abstraction/public.rs @@ -8,7 +8,7 @@ use crate::{Error, WrapperErrorKind}; use core::convert::TryFrom; use elliptic_curve::{ - generic_array::typenum::Unsigned, + array::typenum::Unsigned, sec1::{EncodedPoint, FromEncodedPoint, ModulusSize, ToEncodedPoint}, AffinePoint, CurveArithmetic, FieldBytesSize, PublicKey, }; @@ -18,7 +18,7 @@ use x509_cert::spki::SubjectPublicKeyInfoOwned; #[cfg(feature = "rsa")] use { crate::structures::RsaExponent, - rsa::{BigUint, RsaPublicKey}, + rsa::{BoxedUint, RsaPublicKey}, }; #[cfg(any( @@ -57,15 +57,13 @@ where let x = unique.x().as_bytes(); let y = unique.y().as_bytes(); - if x.len() != FieldBytesSize::::USIZE { - return Err(Error::local_error(WrapperErrorKind::InvalidParam)); - } - if y.len() != FieldBytesSize::::USIZE { - return Err(Error::local_error(WrapperErrorKind::InvalidParam)); - } - - let encoded_point = - EncodedPoint::::from_affine_coordinates(x.into(), y.into(), false); + let encoded_point = EncodedPoint::::from_affine_coordinates( + x.try_into() + .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?, + y.try_into() + .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?, + false, + ); let public_key = PublicKey::::try_from(&encoded_point) .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?; @@ -86,10 +84,10 @@ impl TryFrom<&Public> for RsaPublicKey { unique, parameters, .. } => { let exponent = match parameters.exponent() { - RsaExponent::ZERO_EXPONENT => BigUint::from(RSA_DEFAULT_EXP), - _ => BigUint::from(parameters.exponent().value()), + RsaExponent::ZERO_EXPONENT => BoxedUint::from(RSA_DEFAULT_EXP), + _ => BoxedUint::from(parameters.exponent().value()), }; - let modulus = BigUint::from_bytes_be(unique.as_bytes()); + let modulus = BoxedUint::from_be_slice_vartime(unique.as_bytes()); let public_key = RsaPublicKey::new(modulus, exponent) .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?; @@ -173,8 +171,6 @@ where let x = x.as_slice(); let y = y.as_slice(); - // TODO: When elliptic_curve bumps to 0.14, we can use the TryFrom implementation instead - // of checking lengths manually if x.len() != FieldBytesSize::::USIZE { return Err(Error::local_error(WrapperErrorKind::InvalidParam)); } @@ -182,8 +178,14 @@ where return Err(Error::local_error(WrapperErrorKind::InvalidParam)); } - let encoded_point = - EncodedPoint::::from_affine_coordinates(x.into(), y.into(), false); + let encoded_point = EncodedPoint::::from_affine_coordinates( + x.try_into() + .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?, + y.try_into() + .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?, + false, + ); + let public_key = PublicKey::::try_from(&encoded_point) .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?; @@ -201,8 +203,8 @@ impl TryFrom<&TpmPublicKey> for RsaPublicKey { fn try_from(value: &TpmPublicKey) -> Result { match value { TpmPublicKey::Rsa(modulus) => { - let exponent = BigUint::from(RSA_DEFAULT_EXP); - let modulus = BigUint::from_bytes_be(modulus.as_slice()); + let exponent = BoxedUint::from(RSA_DEFAULT_EXP); + let modulus = BoxedUint::from_be_slice_vartime(modulus.as_slice()); let public_key = RsaPublicKey::new(modulus, exponent) .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?; diff --git a/tss-esapi/src/abstraction/signatures.rs b/tss-esapi/src/abstraction/signatures.rs index 3bc6ff9f4..db1c48339 100644 --- a/tss-esapi/src/abstraction/signatures.rs +++ b/tss-esapi/src/abstraction/signatures.rs @@ -8,16 +8,16 @@ use crate::{ use std::convert::TryFrom; -use ecdsa::SignatureSize; +use ecdsa::{EcdsaCurve, SignatureSize}; use elliptic_curve::{ - generic_array::{typenum::Unsigned, ArrayLength}, + array::{typenum::Unsigned, ArraySize}, FieldBytes, FieldBytesSize, PrimeCurve, }; impl TryFrom<&EccSignature> for ecdsa::Signature where - C: PrimeCurve, - SignatureSize: ArrayLength, + C: PrimeCurve + EcdsaCurve, + SignatureSize: ArraySize, { type Error = Error; @@ -33,8 +33,12 @@ where } let signature = ecdsa::Signature::from_scalars( - FieldBytes::::clone_from_slice(r), - FieldBytes::::clone_from_slice(s), + FieldBytes::::try_from(r) + .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))? + .clone(), + FieldBytes::::try_from(s) + .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))? + .clone(), ) .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?; Ok(signature) @@ -43,8 +47,8 @@ where impl TryFrom<&Signature> for ecdsa::Signature where - C: PrimeCurve, - SignatureSize: ArrayLength, + C: PrimeCurve + EcdsaCurve, + SignatureSize: ArraySize, { type Error = Error; diff --git a/tss-esapi/src/abstraction/signer.rs b/tss-esapi/src/abstraction/signer.rs index 0c3a55de8..436b24c43 100644 --- a/tss-esapi/src/abstraction/signer.rs +++ b/tss-esapi/src/abstraction/signer.rs @@ -24,11 +24,11 @@ use std::{convert::TryFrom, ops::Add, sync::Mutex}; use digest::{Digest, FixedOutput, Output}; use ecdsa::{ der::{MaxOverhead, MaxSize, Signature as DerSignature}, - hazmat::{DigestPrimitive, SignPrimitive}, - Signature, SignatureSize, VerifyingKey, + hazmat::DigestAlgorithm, + EcdsaCurve, Signature, SignatureSize, VerifyingKey, }; use elliptic_curve::{ - generic_array::ArrayLength, + array::ArraySize, ops::Invert, sec1::{FromEncodedPoint, ModulusSize, ToEncodedPoint}, subtle::CtOption, @@ -139,7 +139,7 @@ impl TpmSigner #[derive(Debug)] pub struct EcSigner where - C: PrimeCurve + CurveArithmetic, + C: PrimeCurve + CurveArithmetic + EcdsaCurve, { context: Ctx, verifying_key: VerifyingKey, @@ -147,7 +147,7 @@ where impl EcSigner where - C: PrimeCurve + CurveArithmetic, + C: PrimeCurve + CurveArithmetic + EcdsaCurve, C: AssociatedTpmCurve, FieldBytesSize: ModulusSize, AffinePoint: FromEncodedPoint + ToEncodedPoint, @@ -179,17 +179,17 @@ where impl EcSigner where - C: PrimeCurve + CurveArithmetic, + C: PrimeCurve + CurveArithmetic + EcdsaCurve, C: AssociatedTpmCurve, { - /// Key parameters for this curve, selected digest is the one selected by DigestPrimitive + /// Key parameters for this curve, selected digest is the one selected by DigestAlgorithm pub fn key_params_default() -> KeyParams where - C: DigestPrimitive, - ::Digest: FixedOutput>, - ::Digest: AssociatedHashingAlgorithm, + C: DigestAlgorithm, + ::Digest: FixedOutput, + ::Digest: AssociatedHashingAlgorithm, { - Self::key_params::<::Digest>() + Self::key_params::<::Digest>() } /// Key parameters for this curve @@ -199,7 +199,7 @@ where /// The hashing algorithm `D` is the digest that will be used for signatures (SHA-256, SHA3-256, ...). pub fn key_params() -> KeyParams where - D: FixedOutput>, + D: FixedOutput, D: AssociatedHashingAlgorithm, { KeyParams::Ecc { @@ -212,9 +212,9 @@ where impl AsRef> for EcSigner where - C: PrimeCurve + CurveArithmetic, - Scalar: Invert>> + SignPrimitive, - SignatureSize: ArrayLength, + C: PrimeCurve + CurveArithmetic + EcdsaCurve, + Scalar: Invert>>, + SignatureSize: ArraySize, { fn as_ref(&self) -> &VerifyingKey { &self.verifying_key @@ -223,25 +223,30 @@ where impl KeypairRef for EcSigner where - C: PrimeCurve + CurveArithmetic, - Scalar: Invert>> + SignPrimitive, - SignatureSize: ArrayLength, + C: PrimeCurve + CurveArithmetic + EcdsaCurve, + Scalar: Invert>>, + SignatureSize: ArraySize, { type VerifyingKey = VerifyingKey; } impl DigestSigner> for EcSigner where - C: PrimeCurve + CurveArithmetic, + C: PrimeCurve + CurveArithmetic + EcdsaCurve, C: AssociatedTpmCurve, - D: Digest + FixedOutput>, + D: Digest + FixedOutput, D: AssociatedHashingAlgorithm, - Scalar: Invert>> + SignPrimitive, - SignatureSize: ArrayLength, + Scalar: Invert>>, + SignatureSize: ArraySize, TpmDigest: From>, Ctx: TpmSigner, { - fn try_sign_digest(&self, digest: D) -> Result, SigError> { + fn try_sign_digest Result<(), SigError>>( + &self, + f: F, + ) -> Result, SigError> { + let mut digest = D::new(); + f(&mut digest)?; let digest = TpmDigest::from(digest.finalize_fixed()); //let key_params = Self::key_params::(); @@ -261,65 +266,74 @@ where impl DigestSigner> for EcSigner where - C: PrimeCurve + CurveArithmetic, + C: PrimeCurve + CurveArithmetic + EcdsaCurve, C: AssociatedTpmCurve, - D: Digest + FixedOutput>, + D: Digest + FixedOutput, D: AssociatedHashingAlgorithm, - Scalar: Invert>> + SignPrimitive, - SignatureSize: ArrayLength, + Scalar: Invert>>, + SignatureSize: ArraySize, TpmDigest: From>, - MaxSize: ArrayLength, - as Add>::Output: Add + ArrayLength, + MaxSize: ArraySize, + as Add>::Output: Add + ArraySize, Ctx: TpmSigner, { - fn try_sign_digest(&self, digest: D) -> Result, SigError> { - let signature: Signature<_> = self.try_sign_digest(digest)?; + fn try_sign_digest Result<(), SigError>>( + &self, + f: F, + ) -> Result, SigError> { + let signature: Signature<_> = self.try_sign_digest(f)?; Ok(signature.to_der()) } } impl Signer> for EcSigner where - C: PrimeCurve + CurveArithmetic + DigestPrimitive, + C: PrimeCurve + CurveArithmetic + EcdsaCurve + DigestAlgorithm, C: AssociatedTpmCurve, - ::Digest: AssociatedHashingAlgorithm, - Scalar: Invert>> + SignPrimitive, - SignatureSize: ArrayLength, - TpmDigest: From::Digest>>, + ::Digest: AssociatedHashingAlgorithm + FixedOutput, + Scalar: Invert>>, + SignatureSize: ArraySize, + TpmDigest: From::Digest>>, Ctx: TpmSigner, { fn try_sign(&self, msg: &[u8]) -> Result, SigError> { - self.try_sign_digest(C::Digest::new_with_prefix(msg)) + self.try_sign_digest(|d: &mut C::Digest| { + Digest::update(d, msg); + Ok(()) + }) } } impl Signer> for EcSigner where - C: PrimeCurve + CurveArithmetic + DigestPrimitive, + C: PrimeCurve + CurveArithmetic + EcdsaCurve + DigestAlgorithm, C: AssociatedTpmCurve, - ::Digest: AssociatedHashingAlgorithm, - Scalar: Invert>> + SignPrimitive, - SignatureSize: ArrayLength, - TpmDigest: From::Digest>>, + ::Digest: AssociatedHashingAlgorithm + FixedOutput, + Scalar: Invert>>, + SignatureSize: ArraySize, + TpmDigest: From::Digest>>, - MaxSize: ArrayLength, - as Add>::Output: Add + ArrayLength, + MaxSize: ArraySize, + as Add>::Output: Add + ArraySize, Ctx: TpmSigner, { fn try_sign(&self, msg: &[u8]) -> Result, SigError> { - self.try_sign_digest(C::Digest::new_with_prefix(msg)) + self.try_sign_digest(|d: &mut C::Digest| { + Digest::update(d, msg); + Ok(()) + }) } } impl SignatureAlgorithmIdentifier for EcSigner where - C: PrimeCurve + CurveArithmetic, - Scalar: Invert>> + SignPrimitive, - SignatureSize: ArrayLength, + C: PrimeCurve + CurveArithmetic + EcdsaCurve, + Scalar: Invert>>, + SignatureSize: ArraySize, Signature: AssociatedAlgorithmIdentifier>, { type Params = AnyRef<'static>; @@ -446,7 +460,12 @@ mod rsa { TpmDigest: From>, Ctx: TpmSigner, { - fn try_sign_digest(&self, digest: D) -> Result { + fn try_sign_digest Result<(), SigError>>( + &self, + f: F, + ) -> Result { + let mut digest = D::new(); + f(&mut digest)?; let digest = TpmDigest::from(digest.finalize_fixed()); //let key_params = Self::key_params::(); @@ -467,10 +486,10 @@ mod rsa { Ctx: TpmSigner, { fn try_sign(&self, msg: &[u8]) -> Result { - let mut d = D::new(); - Digest::update(&mut d, msg); - - self.try_sign_digest(d) + self.try_sign_digest(|d: &mut D| { + Digest::update(d, msg); + Ok(()) + }) } } @@ -576,7 +595,12 @@ mod rsa { TpmDigest: From>, Ctx: TpmSigner, { - fn try_sign_digest(&self, digest: D) -> Result { + fn try_sign_digest Result<(), SigError>>( + &self, + f: F, + ) -> Result { + let mut digest = D::new(); + f(&mut digest)?; let digest = TpmDigest::from(digest.finalize_fixed()); let signature = self.context.sign(digest).map_err(SigError::from_source)?; @@ -595,10 +619,10 @@ mod rsa { Ctx: TpmSigner, { fn try_sign(&self, msg: &[u8]) -> Result { - let mut d = D::new(); - Digest::update(&mut d, msg); - - self.try_sign_digest(d) + self.try_sign_digest(|d: &mut D| { + Digest::update(d, msg); + Ok(()) + }) } } diff --git a/tss-esapi/src/abstraction/transient/mod.rs b/tss-esapi/src/abstraction/transient/mod.rs index e1cf431ec..b1428e6f4 100644 --- a/tss-esapi/src/abstraction/transient/mod.rs +++ b/tss-esapi/src/abstraction/transient/mod.rs @@ -154,7 +154,7 @@ impl TransientKeyContext { let key_auth = if auth_size > 0 { self.set_session_attrs()?; let mut random_bytes = vec![0u8; auth_size]; - getrandom::getrandom(&mut random_bytes).map_err(|_| { + getrandom::fill(&mut random_bytes).map_err(|_| { log::error!("Failed to obtain a random authvalue for key creation"); Error::WrapperError(ErrorKind::InternalError) })?; @@ -671,7 +671,7 @@ impl TransientKeyContextBuilder { let root_key_auth = if self.root_key_auth_size > 0 { let mut random = vec![0u8; self.root_key_auth_size]; - getrandom::getrandom(&mut random).map_err(|_| { + getrandom::fill(&mut random).map_err(|_| { log::error!("Failed to obtain a random value for root key authentication"); Error::WrapperError(ErrorKind::InternalError) })?; diff --git a/tss-esapi/src/context/tpm_commands/asymmetric_primitives.rs b/tss-esapi/src/context/tpm_commands/asymmetric_primitives.rs index 95c5f20e9..6ac38fae7 100644 --- a/tss-esapi/src/context/tpm_commands/asymmetric_primitives.rs +++ b/tss-esapi/src/context/tpm_commands/asymmetric_primitives.rs @@ -102,6 +102,7 @@ impl Context { /// # RsaDecryptionScheme, HashScheme, SymmetricDefinition, /// # }, /// # }; + /// # use rand::RngCore; /// # use std::{env, str::FromStr, convert::TryFrom}; /// # // Create context /// # let mut context = @@ -128,7 +129,8 @@ impl Context { /// # .expect("Failed to set attributes on session"); /// # context.set_sessions((Some(session), None, None)); /// # let mut random_digest = vec![0u8; 16]; - /// # getrandom::getrandom(&mut random_digest).unwrap(); + /// # let mut rng = rand::rng(); + /// # rng.fill_bytes(&mut random_digest); /// # let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); /// # /// // Create a key suitable for ECDH key generation @@ -238,6 +240,7 @@ impl Context { /// # RsaDecryptionScheme, HashScheme, SymmetricDefinition, /// # }, /// # }; + /// # use rand::RngCore; /// # use std::{env, str::FromStr, convert::TryFrom}; /// # // Create context /// # let mut context = @@ -264,7 +267,8 @@ impl Context { /// # .expect("Failed to set attributes on session"); /// # context.set_sessions((Some(session), None, None)); /// # let mut random_digest = vec![0u8; 16]; - /// # getrandom::getrandom(&mut random_digest).unwrap(); + /// # let mut rng = rand::rng(); + /// # rng.fill_bytes(&mut random_digest); /// # let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); /// # /// // Create a key suitable for ECDH key generation diff --git a/tss-esapi/src/context/tpm_commands/context_management.rs b/tss-esapi/src/context/tpm_commands/context_management.rs index 02b701672..1994e31da 100644 --- a/tss-esapi/src/context/tpm_commands/context_management.rs +++ b/tss-esapi/src/context/tpm_commands/context_management.rs @@ -108,7 +108,7 @@ impl Context { /// // Execute context methods using the session /// context.execute_with_session(Some(session), |ctx| { /// let mut random_digest = vec![0u8; 16]; - /// getrandom::getrandom(&mut random_digest).expect("Call to getrandom failed"); + /// getrandom::fill(&mut random_digest).expect("Call to getrandom failed"); /// let key_auth = Auth::from_bytes(random_digest.as_slice()).expect("Failed to create Auth"); /// let key_handle = ctx /// .create_primary( diff --git a/tss-esapi/src/context/tpm_commands/symmetric_primitives.rs b/tss-esapi/src/context/tpm_commands/symmetric_primitives.rs index 797cb256b..dca114719 100644 --- a/tss-esapi/src/context/tpm_commands/symmetric_primitives.rs +++ b/tss-esapi/src/context/tpm_commands/symmetric_primitives.rs @@ -57,7 +57,7 @@ impl Context { /// # .expect("Failed to set auth to empty for owner"); /// # // Create primary key auth /// # let mut random_digest = vec![0u8; 16]; - /// # getrandom::getrandom(&mut random_digest).expect("get_rand call failed"); + /// # getrandom::fill(&mut random_digest).expect("get_rand call failed"); /// # let primary_key_auth = Auth::from_bytes( /// # random_digest /// # .as_slice() @@ -103,7 +103,7 @@ impl Context { /// # .expect("Failed to create public for symmetric key public"); /// # // Create auth for the symmetric key /// # let mut random_digest = vec![0u8; 16]; - /// # getrandom::getrandom(&mut random_digest).expect("get_rand call failed"); + /// # getrandom::fill(&mut random_digest).expect("get_rand call failed"); /// # let symmetric_key_auth = Auth::from_bytes( /// # random_digest /// # .as_slice() diff --git a/tss-esapi/src/structures/buffers.rs b/tss-esapi/src/structures/buffers.rs index 7e6ef094e..8734c83fa 100644 --- a/tss-esapi/src/structures/buffers.rs +++ b/tss-esapi/src/structures/buffers.rs @@ -225,8 +225,8 @@ pub mod digest { #[cfg(feature = "rustcrypto")] mod rustcrypto { use digest::{ + array::Array, consts::{U20, U32, U48, U64}, - generic_array::GenericArray, typenum::Unsigned, }; @@ -234,15 +234,15 @@ pub mod digest { macro_rules! impl_from_digest { ($($size:ty),+) => { - $(impl From> for Digest { - fn from(mut value: GenericArray) -> Self { + $(impl From> for Digest { + fn from(mut value: Array) -> Self { let value_as_vec = value.as_slice().to_vec(); value.zeroize(); Digest(value_as_vec.into()) } } - impl TryFrom for GenericArray { + impl TryFrom for Array { type Error = Error; fn try_from(value: Digest) -> Result { diff --git a/tss-esapi/tests/Cargo.lock.frozen b/tss-esapi/tests/Cargo.lock.frozen index 677a67ade..419194a94 100644 --- a/tss-esapi/tests/Cargo.lock.frozen +++ b/tss-esapi/tests/Cargo.lock.frozen @@ -1,6 +1,6 @@ # This file is automatically @generated by Cargo. # It is not intended for manual editing. -version = 3 +version = 4 [[package]] name = "aho-corasick" @@ -67,23 +67,32 @@ version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26" +[[package]] +name = "autotools" +version = "0.2.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ef941527c41b0fc0dd48511a8154cd5fc7e29200a0ff8b7203c5d777dbc795cf" +dependencies = [ + "cc", +] + [[package]] name = "base16ct" -version = "0.2.0" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" +checksum = "d8b59d472eab27ade8d770dcb11da7201c11234bef9f82ce7aa517be028d462b" [[package]] name = "base64ct" -version = "1.6.0" +version = "1.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" +checksum = "89e25b6adfb930f02d1981565a6e5d9c547ac15a96606256d3b59040e5cd4ca3" [[package]] name = "bindgen" -version = "0.70.1" +version = "0.72.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f49d8fed880d473ea71efb9bf597651e77201bdd4893efe54c9e5d65ae04ce6f" +checksum = "993776b509cfb49c750f11b8f07a46fa23e0a1386ffc01fb1e7d343efc387895" dependencies = [ "bitflags", "cexpr", @@ -113,18 +122,22 @@ checksum = "5c8214115b7bf84099f1309324e63141d4c5d7cc26862f97a0a857dbefe165bd" [[package]] name = "block-buffer" -version = "0.10.4" +version = "0.11.0-rc.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +checksum = "e9ef36a6fcdb072aa548f3da057640ec10859eb4e91ddf526ee648d50c76a949" dependencies = [ - "generic-array", + "hybrid-array", ] [[package]] -name = "byteorder" -version = "1.5.0" +name = "cc" +version = "1.2.39" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" +checksum = "e1354349954c6fc9cb0deab020f27f783cf0b604e8bb754dc4658ecf0d29c35f" +dependencies = [ + "find-msvc-tools", + "shlex", +] [[package]] name = "cexpr" @@ -160,9 +173,9 @@ checksum = "5b63caa9aa9397e2d9480a9b13673856c78d8ac123288526c37d7839f2a86990" [[package]] name = "const-oid" -version = "0.9.6" +version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" +checksum = "0dabb6555f92fb9ee4140454eb5dcd14c7960e1225c6d1a6cc361f032947713e" [[package]] name = "cpufeatures" @@ -175,31 +188,43 @@ dependencies = [ [[package]] name = "crypto-bigint" -version = "0.5.5" +version = "0.7.0-rc.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76" +checksum = "6715836b4946e8585016e80b79c7561476aff3b22f7b756778e7b109d86086c6" dependencies = [ - "generic-array", + "hybrid-array", + "num-traits", "rand_core", + "serdect", "subtle", "zeroize", ] [[package]] name = "crypto-common" -version = "0.1.6" +version = "0.2.0-rc.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +checksum = "919bd05924682a5480aec713596b9e2aabed3a0a6022fab6847f85a99e5f190a" dependencies = [ - "generic-array", - "typenum", + "hybrid-array", +] + +[[package]] +name = "crypto-primes" +version = "0.7.0-pre.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fdd9b2855017318a49714c07ee8895b89d3510d54fa6d86be5835de74c389609" +dependencies = [ + "crypto-bigint", + "libm", + "rand_core", ] [[package]] name = "der" -version = "0.7.9" +version = "0.8.0-rc.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0" +checksum = "e9d8dd2f26c86b27a2a8ea2767ec7f9df7a89516e4794e54ac01ee618dda3aa4" dependencies = [ "const-oid", "der_derive", @@ -210,9 +235,9 @@ dependencies = [ [[package]] name = "der_derive" -version = "0.7.3" +version = "0.8.0-rc.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8034092389675178f570469e6c3b0465d3d30b4505c294a6550db47f3c17ad18" +checksum = "be645fee2afe89d293b96c19e4456e6ac69520fc9c6b8a58298550138e361ffe" dependencies = [ "proc-macro2", "quote", @@ -221,9 +246,9 @@ dependencies = [ [[package]] name = "digest" -version = "0.10.7" +version = "0.11.0-rc.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +checksum = "ea390c940e465846d64775e55e3115d5dc934acb953de6f6e6360bc232fe2bf7" dependencies = [ "block-buffer", "const-oid", @@ -233,9 +258,8 @@ dependencies = [ [[package]] name = "ecdsa" -version = "0.16.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" +version = "0.17.0-rc.8" +source = "git+https://github.com/RustCrypto/signatures.git#9fe087a8e90156e08cc8a1b68872f123fb2ee189" dependencies = [ "der", "digest", @@ -243,6 +267,7 @@ dependencies = [ "rfc6979", "signature", "spki", + "zeroize", ] [[package]] @@ -253,17 +278,17 @@ checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" [[package]] name = "elliptic-curve" -version = "0.13.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" +version = "0.14.0-rc.16" +source = "git+https://github.com/RustCrypto/traits.git#bd85081709e127b9fa9f885d38252a649f85b581" dependencies = [ "base16ct", "crypto-bigint", "digest", "ff", - "generic-array", "group", "hkdf", + "hybrid-array", + "once_cell", "pem-rfc7468", "pkcs8", "rand_core", @@ -304,9 +329,9 @@ dependencies = [ [[package]] name = "env_logger" -version = "0.11.7" +version = "0.11.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3716d7a920fb4fac5d84e9d4bce8ceb321e9414b4409da61b07b75c1e3d0697" +checksum = "13c863f0904021b108aa8b2f55046443e6b1ebde8fd4a15c399893aae4fa069f" dependencies = [ "anstream", "anstyle", @@ -317,39 +342,40 @@ dependencies = [ [[package]] name = "ff" -version = "0.13.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0b50bfb653653f9ca9095b427bed08ab8d75a137839d9ad64eb11810d5b6393" +version = "0.14.0-pre.0" +source = "git+https://github.com/tarcieri/ff?branch=rand_core%2Fv0.10.0-rc-2#470e52fa35f7f6cb59f1f005003a14ac50b50cfd" dependencies = [ "rand_core", "subtle", ] [[package]] -name = "flagset" -version = "0.4.6" +name = "fiat-crypto" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b3ea1ec5f8307826a5b71094dd91fc04d4ae75d5709b20ad351c7fb4815c86ec" +checksum = "64cd1e32ddd350061ae6edb1b082d7c54915b5c672c389143b9a63403a109f24" [[package]] -name = "generic-array" -version = "0.14.7" +name = "find-msvc-tools" +version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" -dependencies = [ - "typenum", - "version_check", - "zeroize", -] +checksum = "1ced73b1dacfc750a6db6c0a0c3a3853c8b41997e2e2c563dc90804ae6867959" + +[[package]] +name = "flagset" +version = "0.4.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7ac824320a75a52197e8f2d787f6a38b6718bb6897a35142d749af3c0e8f4fe" [[package]] name = "getrandom" -version = "0.2.15" +version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" +checksum = "73fea8450eea4bac3940448fb7ae50d91f034f941199fcd9d909a5a07aa455f0" dependencies = [ "cfg-if", "libc", + "r-efi", "wasi", ] @@ -361,9 +387,8 @@ checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2" [[package]] name = "group" -version = "0.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" +version = "0.14.0-pre.0" +source = "git+https://github.com/tarcieri/group?branch=rand_core%2Fv0.10.0-rc-2#50640b46d5f7eff37aee24d76e991c18444f372e" dependencies = [ "ff", "rand_core", @@ -378,18 +403,18 @@ checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" [[package]] name = "hkdf" -version = "0.12.4" +version = "0.13.0-rc.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" +checksum = "cfbb4225acf2b5cc4e12d384672cd6d1f0cb980ff5859ffcf144db25b593a24d" dependencies = [ "hmac", ] [[package]] name = "hmac" -version = "0.12.1" +version = "0.13.0-rc.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +checksum = "f1c597ac7d6cc8143e30e83ef70915e7f883b18d8bec2e2b2bce47f5bbb06d57" dependencies = [ "digest", ] @@ -400,6 +425,17 @@ version = "1.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f558a64ac9af88b5ba400d99b579451af0d39c6d360980045b91aac966d705e2" +[[package]] +name = "hybrid-array" +version = "0.4.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f471e0a81b2f90ffc0cb2f951ae04da57de8baa46fa99112b062a5173a5088d0" +dependencies = [ + "subtle", + "typenum", + "zeroize", +] + [[package]] name = "is_terminal_polyfill" version = "1.70.1" @@ -423,9 +459,9 @@ checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c" [[package]] name = "jiff" -version = "0.2.5" +version = "0.2.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c102670231191d07d37a35af3eb77f1f0dbf7a71be51a962dcd57ea607be7260" +checksum = "e5ad87c89110f55e4cd4dc2893a9790820206729eaf221555f742d540b0724a0" dependencies = [ "jiff-static", "log", @@ -436,9 +472,9 @@ dependencies = [ [[package]] name = "jiff-static" -version = "0.2.5" +version = "0.2.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4cdde31a9d349f1b1f51a0b3714a5940ac022976f4b49485fc04be052b183b4c" +checksum = "d076d5b64a7e2fe6f0743f02c43ca4a6725c0f904203bfe276a5b3e793103605" dependencies = [ "proc-macro2", "quote", @@ -447,27 +483,58 @@ dependencies = [ [[package]] name = "keccak" -version = "0.1.5" +version = "0.2.0-rc.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ecc2af9a1119c51f12a14607e783cb977bde58bc069ff0c3da1095e635d70654" +checksum = "3d546793a04a1d3049bd192856f804cfe96356e2cf36b54b4e575155babe9f41" dependencies = [ "cpufeatures", ] [[package]] -name = "lazy_static" -version = "1.5.0" +name = "lenient_semver" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "de8de3f4f3754c280ce1c8c42ed8dd26a9c8385c2e5ad4ec5a77e774cea9c1ec" +dependencies = [ + "lenient_semver_parser", + "lenient_version", + "semver", +] + +[[package]] +name = "lenient_semver_parser" +version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" +checksum = "7f650c1d024ddc26b4bb79c3076b30030f2cf2b18292af698c81f7337a64d7d6" dependencies = [ - "spin", + "lenient_semver_version_builder", + "semver", +] + +[[package]] +name = "lenient_semver_version_builder" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9049f8ff49f75b946f95557148e70230499c8a642bf2d6528246afc7d0282d17" +dependencies = [ + "semver", +] + +[[package]] +name = "lenient_version" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bad7b41cc0ad9b8a9f8d8fcb7c2ab6703a6da4b369cbb7e3a63ee0840769b4eb" +dependencies = [ + "lenient_semver_parser", + "lenient_semver_version_builder", ] [[package]] name = "libc" -version = "0.2.171" +version = "0.2.172" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c19937216e9d3aa9956d9bb8dfc0b0c8beb6058fc4f7a4dc4d850edf86a237d6" +checksum = "d750af042f7ef4f724306de029d18836c26c1765a54a6a3f094cbd23a7267ffa" [[package]] name = "libloading" @@ -481,9 +548,9 @@ dependencies = [ [[package]] name = "libm" -version = "0.2.11" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8355be11b20d696c8f18f6cc018c4e372165b1fa8126cef092399c9951984ffa" +checksum = "f9fbbcab51052fe104eb5e5d351cf728d30a5be1fe14d9be8a3b097481fb97de" [[package]] name = "log" @@ -510,30 +577,24 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" [[package]] -name = "nom" -version = "7.1.3" +name = "msbuild" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" +checksum = "393df38a84c08ad136f183889923314c1cf7988347fe8b7ab6531d44837bb076" dependencies = [ - "memchr", - "minimal-lexical", + "lenient_semver", + "serde_json", + "winreg", ] [[package]] -name = "num-bigint-dig" -version = "0.8.4" +name = "nom" +version = "7.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc84195820f291c7697304f3cbdadd1cb7199c0efc917ff5eafd71225c136151" +checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" dependencies = [ - "byteorder", - "lazy_static", - "libm", - "num-integer", - "num-iter", - "num-traits", - "rand", - "smallvec", - "zeroize", + "memchr", + "minimal-lexical", ] [[package]] @@ -547,26 +608,6 @@ dependencies = [ "syn", ] -[[package]] -name = "num-integer" -version = "0.1.46" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" -dependencies = [ - "num-traits", -] - -[[package]] -name = "num-iter" -version = "0.1.45" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" -dependencies = [ - "autocfg", - "num-integer", - "num-traits", -] - [[package]] name = "num-traits" version = "0.2.19" @@ -574,7 +615,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" dependencies = [ "autocfg", - "libm", ] [[package]] @@ -585,63 +625,66 @@ checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d" [[package]] name = "p192" -version = "0.13.0" +version = "0.14.0-rc.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b0533bc6c238f2669aab8db75ae52879dc74e88d6bd3685bd4022a00fa85cd2" +checksum = "1f43dfe447d96687fd97dd597d1a6ffa1859c896dbdfe70707137af4fdb40af1" dependencies = [ "ecdsa", "elliptic-curve", + "primefield", "primeorder", - "sec1", ] [[package]] name = "p224" -version = "0.13.2" +version = "0.14.0-rc.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "30c06436d66652bc2f01ade021592c80a2aad401570a18aa18b82e440d2b9aa1" +checksum = "8cb466fbc611fccd0ff768bd0e4b7ffa59210a62ee714fdb9f27064b13b87f4d" dependencies = [ "ecdsa", "elliptic-curve", + "primefield", "primeorder", "sha2", ] [[package]] name = "p256" -version = "0.13.2" +version = "0.14.0-rc.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b" +checksum = "4a35f78d0f5ae56f424c09bcb08444b56569e351084421b0def687800c17560c" dependencies = [ "ecdsa", "elliptic-curve", + "primefield", "primeorder", "sha2", ] [[package]] name = "p384" -version = "0.13.1" +version = "0.14.0-rc.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fe42f1670a52a47d448f14b6a5c61dd78fce51856e68edaa38f7ae3a46b8d6b6" +checksum = "83ae3cc685c1f06b8df2cabb5101eef0116c4a36a413ee7d3403cfc0f0fc7323" dependencies = [ "ecdsa", "elliptic-curve", + "fiat-crypto", + "primefield", "primeorder", "sha2", ] [[package]] name = "p521" -version = "0.13.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fc9e2161f1f215afdfce23677034ae137bbd45016a880c2eb3ba8eb95f085b2" +version = "0.14.0-rc.0" +source = "git+https://github.com/RustCrypto/elliptic-curves.git#c145e37a3cdd16e0903295b2b91e48fdbda11943" dependencies = [ "base16ct", "ecdsa", "elliptic-curve", + "primefield", "primeorder", - "rand_core", "sha2", ] @@ -653,29 +696,28 @@ checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" [[package]] name = "pem-rfc7468" -version = "0.7.0" +version = "1.0.0-rc.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412" +checksum = "a8e58fab693c712c0d4e88f8eb3087b6521d060bcaf76aeb20cb192d809115ba" dependencies = [ "base64ct", ] [[package]] name = "pkcs1" -version = "0.7.5" +version = "0.8.0-rc.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f" +checksum = "986d2e952779af96ea048f160fd9194e1751b4faea78bcf3ceb456efe008088e" dependencies = [ "der", - "pkcs8", "spki", ] [[package]] name = "pkcs8" -version = "0.10.2" +version = "0.11.0-rc.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +checksum = "77089aec8290d0b7bb01b671b091095cf1937670725af4fd73d47249f03b12c0" dependencies = [ "der", "spki", @@ -703,38 +745,41 @@ dependencies = [ ] [[package]] -name = "ppv-lite86" -version = "0.2.21" +name = "prettyplease" +version = "0.2.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9" +checksum = "664ec5419c51e34154eec046ebcba56312d5a2fc3b09a06da188e1ad21afadf6" dependencies = [ - "zerocopy", + "proc-macro2", + "syn", ] [[package]] -name = "prettyplease" -version = "0.2.31" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5316f57387668042f561aae71480de936257848f9c43ce528e311d89a07cadeb" +name = "primefield" +version = "0.14.0-rc.0" +source = "git+https://github.com/RustCrypto/elliptic-curves.git#c145e37a3cdd16e0903295b2b91e48fdbda11943" dependencies = [ - "proc-macro2", - "syn", + "crypto-bigint", + "ff", + "rand_core", + "subtle", + "zeroize", ] [[package]] name = "primeorder" -version = "0.13.6" +version = "0.14.0-rc.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6" +checksum = "36714e8f5443e0cc1497f71972788dd95f75bf7253a4393c9f33f3ff9f556cc9" dependencies = [ "elliptic-curve", ] [[package]] name = "proc-macro2" -version = "1.0.94" +version = "1.0.95" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a31971752e70b8b2686d7e46ec17fb38dad4051d94024c88df49b667caea9c84" +checksum = "02b3e5e68a3a1a02aad3ec490a98007cbc13c37cbe84a3cd7b8e406d76e7f778" dependencies = [ "unicode-ident", ] @@ -749,33 +794,16 @@ dependencies = [ ] [[package]] -name = "rand" -version = "0.8.5" +name = "r-efi" +version = "5.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" -dependencies = [ - "rand_chacha", - "rand_core", -] - -[[package]] -name = "rand_chacha" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" -dependencies = [ - "ppv-lite86", - "rand_core", -] +checksum = "74765f6d916ee2faa39bc8e68e4f3ed8949b48cccdac59983d287a7cb71ce9c5" [[package]] name = "rand_core" -version = "0.6.4" +version = "0.10.0-rc-2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" -dependencies = [ - "getrandom", -] +checksum = "104a23e4e8b77312a823b6b5613edbac78397e2f34320bc7ac4277013ec4478e" [[package]] name = "regex" @@ -808,9 +836,9 @@ checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c" [[package]] name = "rfc6979" -version = "0.4.0" +version = "0.5.0-rc.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" +checksum = "63b8e2323084c987a72875b2fd682b7307d5cf14d47e3875bb5e89948e8809d4" dependencies = [ "hmac", "subtle", @@ -818,18 +846,19 @@ dependencies = [ [[package]] name = "rsa" -version = "0.9.8" +version = "0.10.0-rc.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "78928ac1ed176a5ca1d17e578a1825f3d81ca54cf41053a592584b020cfd691b" +checksum = "e499c52862d75a86c0024cc99dcb6d7127d15af3beae7b03573d62fab7ade08a" dependencies = [ "const-oid", + "crypto-bigint", + "crypto-primes", "digest", - "num-bigint-dig", - "num-integer", - "num-traits", "pkcs1", "pkcs8", "rand_core", + "sha1", + "sha2", "signature", "spki", "subtle", @@ -838,9 +867,9 @@ dependencies = [ [[package]] name = "rustc-hash" -version = "1.1.0" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" +checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d" [[package]] name = "rustversion" @@ -856,14 +885,13 @@ checksum = "28d3b2b1366ec20994f1fd18c3c594f05c5dd4bc44d8bb0c1c632c8d6829481f" [[package]] name = "sec1" -version = "0.7.3" +version = "0.8.0-rc.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" +checksum = "1dff52f6118bc9f0ac974a54a639d499ac26a6cad7a6e39bc0990c19625e793b" dependencies = [ "base16ct", "der", - "generic-array", - "pkcs8", + "hybrid-array", "subtle", "zeroize", ] @@ -906,11 +934,21 @@ dependencies = [ "serde", ] +[[package]] +name = "serdect" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3ef0e35b322ddfaecbc60f34ab448e157e48531288ee49fafbb053696b8ffe2" +dependencies = [ + "base16ct", + "serde", +] + [[package]] name = "sha1" -version = "0.10.6" +version = "0.11.0-rc.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" +checksum = "aa1ae819b9870cadc959a052363de870944a1646932d274a4e270f64bf79e5ef" dependencies = [ "cfg-if", "cpufeatures", @@ -919,9 +957,9 @@ dependencies = [ [[package]] name = "sha2" -version = "0.10.8" +version = "0.11.0-rc.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8" +checksum = "19d43dc0354d88b791216bb5c1bfbb60c0814460cc653ae0ebd71f286d0bd927" dependencies = [ "cfg-if", "cpufeatures", @@ -930,9 +968,9 @@ dependencies = [ [[package]] name = "sha3" -version = "0.10.8" +version = "0.11.0-rc.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "75872d278a8f37ef87fa0ddbda7802605cb18344497949862c0d4dcb291eba60" +checksum = "2103ca0e6f4e9505eae906de5e5883e06fc3b2232fb5d6914890c7bbcb62f478" dependencies = [ "digest", "keccak", @@ -946,9 +984,9 @@ checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" [[package]] name = "signature" -version = "2.2.0" +version = "3.0.0-rc.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +checksum = "2a0251c9d6468f4ba853b6352b190fb7c1e405087779917c238445eb03993826" dependencies = [ "digest", "rand_core", @@ -956,12 +994,15 @@ dependencies = [ [[package]] name = "sm2" -version = "0.13.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "98b22092ef242a118f03ee41dc46b2720c0ca076f544116dbc915cacf532cfaa" +version = "0.14.0-rc.0" +source = "git+https://github.com/RustCrypto/elliptic-curves.git#c145e37a3cdd16e0903295b2b91e48fdbda11943" dependencies = [ + "der", "elliptic-curve", + "fiat-crypto", + "primefield", "primeorder", + "rand_core", "rfc6979", "signature", "sm3", @@ -969,30 +1010,18 @@ dependencies = [ [[package]] name = "sm3" -version = "0.4.2" +version = "0.5.0-rc.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ebb9a3b702d0a7e33bc4d85a14456633d2b165c2ad839c5fd9a8417c1ab15860" +checksum = "30ff18c123c240b3941d71fdddab04932ac4ba772e60d38a9c8e4522c6296b32" dependencies = [ "digest", ] -[[package]] -name = "smallvec" -version = "1.14.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fcf8323ef1faaee30a44a340193b1ac6814fd9b7b4e88e9d4519a3e4abe1cfd" - -[[package]] -name = "spin" -version = "0.9.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" - [[package]] name = "spki" -version = "0.7.3" +version = "0.8.0-rc.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" +checksum = "8baeff88f34ed0691978ec34440140e1572b68c7dd4a495fd14a3dc1944daa80" dependencies = [ "base64ct", "der", @@ -1036,9 +1065,9 @@ dependencies = [ [[package]] name = "target-lexicon" -version = "0.12.16" +version = "0.13.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61c41af27dd6d1e27b1b16b489db798443478cef1f06a660c96db617ba5de3b1" +checksum = "df7f62577c25e07834649fc3b39fafdc597c0a3527dc1c60129201ccfcbaa50c" [[package]] name = "tls_codec" @@ -1063,7 +1092,7 @@ dependencies = [ [[package]] name = "tss-esapi" -version = "8.0.0-alpha" +version = "8.0.0-alpha.1" dependencies = [ "bitfield", "cfg-if", @@ -1106,10 +1135,12 @@ dependencies = [ [[package]] name = "tss-esapi-sys" -version = "0.5.0" +version = "0.6.0-alpha.1" dependencies = [ + "autotools", "bindgen", "cfg-if", + "msbuild", "pkg-config", "semver", "target-lexicon", @@ -1133,17 +1164,14 @@ version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" -[[package]] -name = "version_check" -version = "0.9.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" - [[package]] name = "wasi" -version = "0.11.0+wasi-snapshot-preview1" +version = "0.14.2+wasi-0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" +checksum = "9683f9a5a998d873c0d21fcbe3c083009670149a8fab228644b8bd36b2c48cb3" +dependencies = [ + "wit-bindgen-rt", +] [[package]] name = "windows-sys" @@ -1219,44 +1247,43 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" [[package]] -name = "x509-cert" -version = "0.2.5" +name = "winreg" +version = "0.55.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1301e935010a701ae5f8655edc0ad17c44bad3ac5ce8c39185f75453b720ae94" +checksum = "cb5a765337c50e9ec252c2069be9bf91c7df47afb103b642ba3a53bf8101be97" dependencies = [ - "const-oid", - "der", - "sha1", - "signature", - "spki", - "tls_codec", + "cfg-if", + "windows-sys", ] [[package]] -name = "zerocopy" -version = "0.8.24" +name = "wit-bindgen-rt" +version = "0.39.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2586fea28e186957ef732a5f8b3be2da217d65c5969d4b1e17f973ebbe876879" +checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1" dependencies = [ - "zerocopy-derive", + "bitflags", ] [[package]] -name = "zerocopy-derive" -version = "0.8.24" +name = "x509-cert" +version = "0.3.0-rc.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a996a8f63c5c4448cd959ac1bab0aaa3306ccfd060472f85943ee0750f0169be" +checksum = "214929cc983d42a67db8bfacea8595625bc252e9d88457aab2770cea58371145" dependencies = [ - "proc-macro2", - "quote", - "syn", + "const-oid", + "der", + "sha1", + "signature", + "spki", + "tls_codec", ] [[package]] name = "zeroize" -version = "1.8.1" +version = "1.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" +checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0" dependencies = [ "zeroize_derive", ] diff --git a/tss-esapi/tests/integration_tests/abstraction_tests/public_tests.rs b/tss-esapi/tests/integration_tests/abstraction_tests/public_tests.rs index 582d98173..6e9fb7dfe 100644 --- a/tss-esapi/tests/integration_tests/abstraction_tests/public_tests.rs +++ b/tss-esapi/tests/integration_tests/abstraction_tests/public_tests.rs @@ -2,7 +2,7 @@ // SPDX-License-Identifier: Apache-2.0 mod public_rsa_test { - use rsa::{pkcs1, traits::PublicKeyParts, BigUint}; + use rsa::{pkcs1, traits::PublicKeyParts, BoxedUint}; use std::convert::TryFrom; use tss_esapi::{ attributes::ObjectAttributesBuilder, @@ -71,11 +71,11 @@ mod public_rsa_test { #[test] fn test_public_to_decoded_key_rsa() { let public_rsa = get_ext_rsa_pub(); - let default_exponent = BigUint::from(RSA_DEFAULT_EXP); + let default_exponent = BoxedUint::from(RSA_DEFAULT_EXP); let key = rsa::RsaPublicKey::try_from(&public_rsa) .expect("Failed to convert Public structure to DecodedKey (RSA)."); assert_eq!(key.e(), &default_exponent, "RSA exponents are not equal."); - assert_eq!(key.n().to_bytes_be(), RSA_KEY); + assert_eq!(key.n_bytes().as_ref(), RSA_KEY); } #[test] @@ -83,7 +83,7 @@ mod public_rsa_test { let public_rsa = get_ext_rsa_pub(); let key = SubjectPublicKeyInfoOwned::try_from(&public_rsa) .expect("Failed to convert Public structure to SubjectPublicKeyInfo (RSA)."); - let default_exponent = BigUint::from(RSA_DEFAULT_EXP); + let default_exponent = BoxedUint::from(RSA_DEFAULT_EXP); assert_eq!(key.algorithm, pkcs1::ALGORITHM_ID.ref_to_owned()); let pkcs1_key = pkcs1::RsaPublicKey::try_from( key.subject_public_key @@ -94,7 +94,7 @@ mod public_rsa_test { assert_eq!( pkcs1_key.public_exponent.as_bytes(), - default_exponent.to_bytes_be() + default_exponent.to_be_bytes_trimmed_vartime().as_ref() ); assert_eq!(pkcs1_key.modulus.as_bytes(), RSA_KEY); } diff --git a/tss-esapi/tests/integration_tests/abstraction_tests/transient_key_context_tests.rs b/tss-esapi/tests/integration_tests/abstraction_tests/transient_key_context_tests.rs index fc5d0a97c..687dddb5e 100644 --- a/tss-esapi/tests/integration_tests/abstraction_tests/transient_key_context_tests.rs +++ b/tss-esapi/tests/integration_tests/abstraction_tests/transient_key_context_tests.rs @@ -518,7 +518,7 @@ fn ctx_migration_test() { // one for just the public part of the key let mut basic_ctx = crate::common::create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let prim_key_handle = basic_ctx .create_primary( @@ -902,10 +902,10 @@ fn sign_csr() { let subject = Name::from_str("CN=tpm.example").expect("Parse common name"); let signer = EcSigner::::new((Mutex::new(&mut ctx), tpm_km, key_params, None)) .expect("Create a signer"); - let builder = RequestBuilder::new(subject, &signer).expect("Create certificate request"); + let builder = RequestBuilder::new(subject).expect("Create certificate request"); let cert_req = builder - .build::() + .build::<_, p256::ecdsa::DerSignature>(&signer) .expect("Sign a CSR"); println!( @@ -927,12 +927,19 @@ fn sign_p256_sha2_256() { .expect("Create a signer"); let payload = b"Example of ECDSA with P-256"; - let mut hash = Sha256::new(); - hash.update(payload); - let signature: p256::ecdsa::Signature = signer.sign_digest(hash.clone()); + let signature: p256::ecdsa::Signature = + signer.sign_digest(|hash: &mut Sha256| hash.update(payload)); let verifying_key: VerifyingKey = *signer.as_ref(); - assert!(verifying_key.verify_digest(hash, &signature).is_ok()); + assert!(verifying_key + .verify_digest( + |hash: &mut Sha256| { + hash.update(payload); + Ok(()) + }, + &signature + ) + .is_ok()); } // NOTE(baloo): I believe this is a legitimate case, but support is not available yet in libtpms (or swtpm) @@ -958,13 +965,19 @@ fn sign_p256_sha3_256() { .expect("Create a signer"); let payload = b"Example of ECDSA with P-256"; - let mut hash = Sha3_256::new(); - hash.update(payload); let signature = as DigestSigner>::sign_digest( &signer, - hash.clone(), + |hash: &mut Sha3_256| hash.update(payload), ); let verifying_key: VerifyingKey = *signer.as_ref(); - assert!(verifying_key.verify_digest(hash, &signature).is_ok()); + assert!(verifying_key + .verify_digest( + |hash: &mut Sha3_256| { + hash.update(payload); + Ok(()) + }, + &signature + ) + .is_ok()); } diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/asymmetric_primitives_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/asymmetric_primitives_tests.rs index c42f60e66..196534338 100644 --- a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/asymmetric_primitives_tests.rs +++ b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/asymmetric_primitives_tests.rs @@ -20,7 +20,7 @@ mod test_rsa_encrypt_decrypt { fn test_encrypt_decrypt() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -61,7 +61,7 @@ mod test_rsa_encrypt_decrypt { fn test_ecdh() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let ecc_parms = PublicEccParametersBuilder::new() diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/context_management_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/context_management_tests.rs index b2a3adca1..8f204b375 100644 --- a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/context_management_tests.rs +++ b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/context_management_tests.rs @@ -8,7 +8,7 @@ mod test_ctx_save { fn test_ctx_save() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -29,7 +29,7 @@ mod test_ctx_save { fn test_ctx_save_leaf() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let prim_key_handle = context @@ -73,7 +73,7 @@ mod test_ctx_load { fn test_ctx_load() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let prim_key_handle = context .create_primary( @@ -116,7 +116,7 @@ mod test_flush_context { fn test_flush_ctx() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -138,7 +138,7 @@ mod test_flush_context { fn test_flush_parent_ctx() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let prim_key_handle = context diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/enhanced_authorization_ea_commands_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/enhanced_authorization_ea_commands_tests.rs index f7a39dcf4..aaf0fcbca 100644 --- a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/enhanced_authorization_ea_commands_tests.rs +++ b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/enhanced_authorization_ea_commands_tests.rs @@ -518,7 +518,7 @@ mod test_policy_authorize { fn test_policy_authorize() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/hierarchy_commands_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/hierarchy_commands_tests.rs index 4fc73deae..5240b6705 100644 --- a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/hierarchy_commands_tests.rs +++ b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/hierarchy_commands_tests.rs @@ -10,7 +10,7 @@ mod test_create_primary { fn test_create_primary() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -95,7 +95,7 @@ mod test_change_auth { .unwrap(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let new_key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let new_private = context @@ -111,7 +111,7 @@ mod test_change_auth { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let new_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); // NOTE: If this test failed on your system, you are probably running it against a diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/object_commands_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/object_commands_tests.rs index ba28bb4d8..6e883c8e7 100644 --- a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/object_commands_tests.rs +++ b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/object_commands_tests.rs @@ -8,7 +8,7 @@ mod test_create { fn test_create() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let prim_key_handle = context @@ -44,7 +44,7 @@ mod test_load { fn test_load() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let prim_key_handle = context @@ -195,7 +195,7 @@ mod test_read_public { fn test_read_public() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/signing_and_signature_verification_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/signing_and_signature_verification_tests.rs index 499aa9fd6..adda21651 100644 --- a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/signing_and_signature_verification_tests.rs +++ b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/signing_and_signature_verification_tests.rs @@ -12,7 +12,7 @@ mod test_verify_signature { fn test_verify_signature() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -49,7 +49,7 @@ mod test_verify_signature { fn test_verify_wrong_signature() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -96,7 +96,7 @@ mod test_verify_signature { fn test_verify_wrong_signature_2() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -133,7 +133,7 @@ mod test_verify_signature { fn test_verify_wrong_signature_3() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -203,7 +203,7 @@ mod test_sign { fn test_sign() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -232,7 +232,7 @@ mod test_sign { fn test_sign_empty_digest() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -261,7 +261,7 @@ mod test_sign { fn test_sign_large_digest() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -297,7 +297,7 @@ mod test_sign { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -306,7 +306,7 @@ mod test_sign { .key_handle; let mut random = vec![0u8; 47]; - getrandom::getrandom(&mut random).unwrap(); + getrandom::fill(&mut random).unwrap(); let signer = EcSigner::::new((Mutex::new(&mut context), key_handle)).unwrap(); let verifying_key = signer.verifying_key(); @@ -320,7 +320,7 @@ mod test_sign { fn test_sign_signer_rsa_pkcs() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -336,7 +336,7 @@ mod test_sign { .key_handle; let mut payload = vec![0u8; 47]; - getrandom::getrandom(&mut payload).unwrap(); + getrandom::fill(&mut payload).unwrap(); let signer = RsaPkcsSigner::<_, sha2::Sha256>::new((Mutex::new(&mut context), key_handle)).unwrap(); @@ -345,8 +345,15 @@ mod test_sign { verifying_key.verify(&payload, &signature).unwrap(); - let d = sha2::Sha256::new_with_prefix(&payload); - verifying_key.verify_digest(d, &signature).unwrap(); + verifying_key + .verify_digest( + |d: &mut sha2::Sha256| { + d.update(&payload); + Ok(()) + }, + &signature, + ) + .unwrap(); } #[cfg(feature = "rsa")] @@ -354,7 +361,7 @@ mod test_sign { fn test_sign_signer_rsa_pss() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let rsa_pss = utils::create_unrestricted_signing_rsa_public( @@ -371,7 +378,7 @@ mod test_sign { .key_handle; let mut payload = vec![0u8; 47]; - getrandom::getrandom(&mut payload).unwrap(); + getrandom::fill(&mut payload).unwrap(); let signer = RsaPssSigner::<_, sha2::Sha256>::new((Mutex::new(&mut context), key_handle)).unwrap(); @@ -380,7 +387,14 @@ mod test_sign { verifying_key.verify(&payload, &signature).unwrap(); - let d = sha2::Sha256::new_with_prefix(&payload); - verifying_key.verify_digest(d, &signature).unwrap(); + verifying_key + .verify_digest( + |d: &mut sha2::Sha256| { + d.update(&payload); + Ok(()) + }, + &signature, + ) + .unwrap(); } } diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/symmetric_primitives_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/symmetric_primitives_tests.rs index 165e97bc0..c2518feec 100644 --- a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/symmetric_primitives_tests.rs +++ b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/symmetric_primitives_tests.rs @@ -25,7 +25,7 @@ mod test_encrypt_decrypt_2 { .expect("Failed to set auth to empty for owner"); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).expect("get_rand call failed"); + getrandom::fill(&mut random_digest).expect("get_rand call failed"); let primary_key_auth = Auth::from_bytes(random_digest.as_slice()).expect("Failed to create primary key auth"); @@ -70,7 +70,7 @@ mod test_encrypt_decrypt_2 { .expect("Failed to create public for symmetric key public"); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).expect("get_rand call failed"); + getrandom::fill(&mut random_digest).expect("get_rand call failed"); let symmetric_key_auth = Auth::from_bytes(random_digest.as_slice()) .expect("Failed to create symmetric key auth"); From ec171e239c105c35a8cd2a71fe7ed29b58c9b35d Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Fri, 24 Jan 2025 21:28:20 -0800 Subject: [PATCH 2/2] Create credentials Signed-off-by: Arthur Gautier --- Cargo.lock | 114 +++++++ tss-esapi/Cargo.toml | 23 +- tss-esapi/src/utils/credential.rs | 218 ++++++++++++++ tss-esapi/src/utils/kdf.rs | 284 ++++++++++++++++++ tss-esapi/src/utils/mod.rs | 39 +++ tss-esapi/src/utils/secret_sharing.rs | 142 +++++++++ .../abstraction_tests/credential_tests.rs | 222 ++++++++++++++ .../abstraction_tests/mod.rs | 1 + 8 files changed, 1042 insertions(+), 1 deletion(-) create mode 100644 tss-esapi/src/utils/credential.rs create mode 100644 tss-esapi/src/utils/kdf.rs create mode 100644 tss-esapi/src/utils/secret_sharing.rs create mode 100644 tss-esapi/tests/integration_tests/abstraction_tests/credential_tests.rs diff --git a/Cargo.lock b/Cargo.lock index 8d0ebdbc2..933f6ed6d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2,6 +2,17 @@ # It is not intended for manual editing. version = 4 +[[package]] +name = "aes" +version = "0.9.0-rc.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fd9e1c818b25efb32214df89b0ec22f01aa397aaeb718d1022bf0635a3bfd1a8" +dependencies = [ + "cfg-if", + "cipher", + "cpufeatures", +] + [[package]] name = "aho-corasick" version = "1.1.3" @@ -129,6 +140,26 @@ dependencies = [ "hybrid-array", ] +[[package]] +name = "byte-strings" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "002ee5531feb8450e59862fefa550eeac39b726d60b186071672751045ebc29a" +dependencies = [ + "byte-strings-proc_macros", +] + +[[package]] +name = "byte-strings-proc_macros" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "62f7e0e71f98d6c71bfe42b0a7a47d0f870ad808401fad2d44fa156ed5b0ae03" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "cc" version = "1.2.39" @@ -148,12 +179,42 @@ dependencies = [ "nom", ] +[[package]] +name = "cfb-mode" +version = "0.9.0-rc.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3cc156b68fbd681bbd460ad975e12be2946d649c3346e26d0df369e7878a50b" +dependencies = [ + "cipher", +] + [[package]] name = "cfg-if" version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" +[[package]] +name = "chacha20" +version = "0.10.0-rc.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3585020fc6766ef7ff5c58d69819dbca16a19008ae347bb5d3e4e145c495eb38" +dependencies = [ + "cfg-if", + "cpufeatures", + "rand_core", +] + +[[package]] +name = "cipher" +version = "0.5.0-rc.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "155e4a260750fa4f7754649f049748aacc31db238a358d85fd721002f230f92f" +dependencies = [ + "crypto-common", + "inout", +] + [[package]] name = "clang-sys" version = "1.8.1" @@ -385,6 +446,12 @@ version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" +[[package]] +name = "hex-literal" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e712f64ec3850b98572bffac52e2c6f282b29fe6c5fa6d42334b30be438d95c1" + [[package]] name = "hkdf" version = "0.13.0-rc.3" @@ -420,6 +487,15 @@ dependencies = [ "zeroize", ] +[[package]] +name = "inout" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c7357b6e7aa75618c7864ebd0634b115a7218b0615f4cb1df33ac3eca23943d4" +dependencies = [ + "hybrid-array", +] + [[package]] name = "is_terminal_polyfill" version = "1.70.1" @@ -465,6 +541,15 @@ dependencies = [ "syn", ] +[[package]] +name = "kbkdf" +version = "0.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b758ac9cc629a963ae38718148729d65d4e401f0e516862fa7820f6b76666aa0" +dependencies = [ + "digest", +] + [[package]] name = "keccak" version = "0.2.0-rc.0" @@ -607,6 +692,15 @@ version = "1.21.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d" +[[package]] +name = "one-step-kdf" +version = "0.1.0-rc.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c7a0632b2b0dfaf73435548a7c987797201ccb803b97a91f77d4ec4afa05336" +dependencies = [ + "digest", +] + [[package]] name = "p192" version = "0.14.0-rc.1" @@ -785,6 +879,17 @@ version = "5.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "74765f6d916ee2faa39bc8e68e4f3ed8949b48cccdac59983d287a7cb71ce9c5" +[[package]] +name = "rand" +version = "0.10.0-rc.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9e7d245ced4538f0406b1579d3d4a6515a2ff1bdf20733492e2e4fc90a648769" +dependencies = [ + "chacha20", + "getrandom", + "rand_core", +] + [[package]] name = "rand_core" version = "0.10.0-rc-2" @@ -1102,19 +1207,27 @@ dependencies = [ name = "tss-esapi" version = "8.0.0-alpha.1" dependencies = [ + "aes", "bitfield", + "byte-strings", + "cfb-mode", "cfg-if", + "cipher", "digest", "ecdsa", "elliptic-curve", "enumflags2", "env_logger", "getrandom", + "hex-literal", + "hmac", "hostname-validator", + "kbkdf", "log", "malloced", "num-derive", "num-traits", + "one-step-kdf", "p192", "p224", "p256", @@ -1122,6 +1235,7 @@ dependencies = [ "p521", "paste", "pkcs8", + "rand", "regex", "rsa", "semver", diff --git a/tss-esapi/Cargo.toml b/tss-esapi/Cargo.toml index fc9ce26c4..5fa198f26 100644 --- a/tss-esapi/Cargo.toml +++ b/tss-esapi/Cargo.toml @@ -35,6 +35,10 @@ regex = "1.3.9" zeroize = { version = "1.8.2", features = ["zeroize_derive"] } tss-esapi-sys = { path = "../tss-esapi-sys", version = "0.6.0-alpha.1" } x509-cert = { version = "0.3.0-rc.1", optional = true } +aes = { version = "0.9.0-rc.2", optional = true } +byte-strings = { version = "0.3.1", optional = true } +cipher = { version = "0.5.0-rc.2", optional = true } +cfb-mode = { version = "0.9.0-rc.1", optional = true } ecdsa = { version = "0.17.0-rc.9", features = [ "algorithm", "der", @@ -44,6 +48,7 @@ elliptic-curve = { version = "0.14.0-rc.17", optional = true, features = [ "alloc", "pkcs8", ] } +hmac = { version = "0.13.0-rc.2", optional = true } p192 = { version = "0.14.0-rc.1", optional = true } p224 = { version = "0.14.0-rc.1", optional = true } p256 = { version = "0.14.0-rc.1", optional = true } @@ -61,14 +66,20 @@ signature = { version = "3.0.0-rc.5", features = [ "alloc", "digest", ], optional = true } +kbkdf = { version = "0.0.1", optional = true } +one-step-kdf = { version = "0.1.0-rc.0", optional = true } cfg-if = "1.0.0" strum = { version = "0.26.3", optional = true } strum_macros = { version = "0.26.4", optional = true } paste = "1.0.14" getrandom = "0.3" +rand = "0.10.0-rc.1" [dev-dependencies] +aes = "0.9.0-pre.2" env_logger = "0.11.5" +hex-literal = "1" +rsa = { version = "0.10.0-pre.3" } serde_json = "^1.0.108" sha2 = { version = "0.11.0-rc.2", features = ["oid"] } tss-esapi = { path = ".", features = [ @@ -88,16 +99,24 @@ default = ["abstraction"] generate-bindings = ["tss-esapi-sys/generate-bindings"] abstraction = ["rustcrypto"] integration-tests = ["strum", "strum_macros"] + rustcrypto = [ + "byte-strings", + "cfb-mode", + "cipher", + "one-step-kdf", "digest", "ecdsa", - "elliptic-curve", + "elliptic-curve/ecdh", + "hmac", + "kbkdf", "pkcs8", "signature", "x509-cert", ] rustcrypto-full = [ "rustcrypto", + "aes", "p192", "p224", "p256", @@ -110,6 +129,8 @@ rustcrypto-full = [ "sm2", "sm3", ] + +rsa = ["dep:rsa", "kbkdf"] sha1 = ["dep:sha1", "rsa?/sha1"] sha2 = ["dep:sha2", "rsa?/sha2"] bundled = ["tss-esapi-sys/bundled"] diff --git a/tss-esapi/src/utils/credential.rs b/tss-esapi/src/utils/credential.rs new file mode 100644 index 000000000..3e6ea98ab --- /dev/null +++ b/tss-esapi/src/utils/credential.rs @@ -0,0 +1,218 @@ +// Copyright 2025 Contributors to the Parsec project. +// SPDX-License-Identifier: Apache-2.0 + +use core::ops::{Add, Mul}; + +use cfb_mode::cipher::{AsyncStreamCipher, BlockCipherEncrypt}; +use digest::{ + array::ArraySize, + consts::{B1, U8}, + crypto_common::{Iv, KeyIvInit, KeySizeUser, WeakKeyError}, + typenum::{ + operator_aliases::{Add1, Sum}, + Unsigned, + }, + Digest, FixedOutputReset, Key, KeyInit, Mac, OutputSizeUser, +}; +use ecdsa::elliptic_curve::{ + sec1::{FromEncodedPoint, ModulusSize, ToEncodedPoint}, + AffinePoint, Curve, CurveArithmetic, FieldBytesSize, PublicKey, +}; +use hmac::{EagerHash, Hmac}; +use log::error; +use rand::rng; +use zeroize::Zeroizing; + +#[cfg(feature = "rsa")] +use rsa::RsaPublicKey; + +use crate::{ + error::{Error, Result, WrapperErrorKind}, + structures::{EncryptedSecret, IdObject, Name}, + utils::{kdf, secret_sharing, TpmHmac}, +}; + +type WeakResult = core::result::Result; + +/// [`make_credential_ecc`] creates a credential that will only be decrypted by the target +/// elliptic-curve EK. +/// +/// # Parameters +/// +/// * `ek_public` is the EC Public key of the Endorsement Key, +/// * `secret` is the serialization of the credential, +/// * `name` will usually be the AK held on the TPM. +pub fn make_credential_ecc( + ek_public: PublicKey, + secret: &[u8], + key_name: Name, +) -> Result<(IdObject, EncryptedSecret)> +where + C: Curve + CurveArithmetic, + + AffinePoint: FromEncodedPoint + ToEncodedPoint, + FieldBytesSize: ModulusSize, + + as Add>::Output: Add>, + Sum, FieldBytesSize>: ArraySize, + Sum, FieldBytesSize>: Add, + Sum, FieldBytesSize>, U8>: Add, + Add1, FieldBytesSize>, U8>>: ArraySize, + + EkHash: Digest + FixedOutputReset + EagerHash, + ::OutputSize: Mul, + <::OutputSize as Mul>::Output: Unsigned, + <::Core as OutputSizeUser>::OutputSize: ArraySize + Mul, + <<::Core as OutputSizeUser>::OutputSize as Mul>::Output: Unsigned, + + EkCipher: KeySizeUser + BlockCipherEncrypt + KeyInit, + ::KeySize: Mul, + <::KeySize as Mul>::Output: ArraySize, +{ + let mut rng = rng(); + + loop { + let (seed, encrypted_secret) = secret_sharing::secret_sharing_ecc_curve::< + _, + kdf::Identity, + C, + TpmHmac, + EkHash, + >(&mut rng, &ek_public)?; + + match secret_to_credential::(&seed, secret, &key_name)? { + Ok(id_object) => return Ok((id_object, encrypted_secret)), + Err(WeakKeyError) => { + // 11.4.10.4 Rejection of weak keys + // https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=82 + + // The Key was considered weak, and we should re-run the creation of the encrypted + // secret. + continue; + } + } + } +} + +/// [`make_credential_rsa`] creates a credential that will only be decrypted by the target RSA EK. +/// +/// # Parameters +/// +/// * `ek_public` is the RSA Public key of the Endorsement Key, +/// * `secret` is the serialization of the credential, +/// * `name` will usually be the AK held on the TPM. +#[cfg(feature = "rsa")] +pub fn make_credential_rsa( + ek_public: &RsaPublicKey, + secret: &[u8], + key_name: Name, +) -> Result<(IdObject, EncryptedSecret)> +where + EkHash: Digest + EagerHash + FixedOutputReset, + ::OutputSize: Mul, + <::OutputSize as Mul>::Output: Unsigned, + <::Core as OutputSizeUser>::OutputSize: ArraySize + Mul, + <<::Core as OutputSizeUser>::OutputSize as Mul>::Output: Unsigned, + + EkCipher: KeySizeUser + BlockCipherEncrypt + KeyInit, + ::KeySize: Mul, + <::KeySize as Mul>::Output: ArraySize, +{ + let mut rng = rng(); + + loop { + let (random_seed, encrypted_secret) = + secret_sharing::secret_sharing_rsa::<_, kdf::Identity, TpmHmac, EkHash>( + &mut rng, ek_public, + )?; + + match secret_to_credential::(&random_seed, secret, &key_name)? { + Ok(id_object) => return Ok((id_object, encrypted_secret)), + Err(WeakKeyError) => { + // 11.4.10.4 Rejection of weak keys + // https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=82 + + // The Key was considered weak, and we should re-run the creation of the encrypted + // secret. + continue; + } + } + } +} + +fn secret_to_credential( + seed: &Key>, + secret: &[u8], + key_name: &Name, +) -> Result> +where + EkHash: Digest + EagerHash + FixedOutputReset, + ::OutputSize: Mul, + <::OutputSize as Mul>::Output: Unsigned, + <::Core as OutputSizeUser>::OutputSize: ArraySize + Mul, + <<::Core as OutputSizeUser>::OutputSize as Mul>::Output: Unsigned, + + EkCipher: KeySizeUser + BlockCipherEncrypt + KeyInit, + ::KeySize: Mul, + <::KeySize as Mul>::Output: ArraySize, +{ + // Prepare the sensitive data + // this will be then encrypted using AES-CFB (size of the symmetric key depends on the EK). + let mut sensitive_data = { + let mut out = Zeroizing::new(vec![]); + out.extend_from_slice( + &u16::try_from(secret.len()) + .map_err(|_| { + error!("secret may only be 2^16 bytes long"); + Error::local_error(WrapperErrorKind::WrongParamSize) + })? + .to_be_bytes()[..], + ); + out.extend_from_slice(secret); + out + }; + + // We'll now encrypt the sensitive data, and hmac the result of the encryption + // https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=201 + // See 24.4 Symmetric Encryption + let sym_key = kdf::kdfa::(seed, key_name.value(), &[])?; + + if EkCipher::weak_key_test(&sym_key).is_err() { + // 11.4.10.4 Rejection of weak keys + // https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=82 + // The Key was considered weak, and we should re-run the creation of the encrypted + // secret. + + return Ok(Err(WeakKeyError)); + } + + let iv: Iv> = Default::default(); + + cfb_mode::Encryptor::::new(&sym_key, &iv).encrypt(&mut sensitive_data); + + // See 24.5 HMAC + let hmac_key = kdf::kdfa::>(seed, &[], &[])?; + let mut hmac = Hmac::::new_from_slice(&hmac_key).map_err(|e| { + error!("HMAC initialization error: {e}"); + Error::local_error(WrapperErrorKind::WrongParamSize) + })?; + Mac::update(&mut hmac, &sensitive_data); + Mac::update(&mut hmac, key_name.value()); + let hmac = hmac.finalize(); + + // We'll now serialize the object and get everything through the door. + let mut out = vec![]; + out.extend_from_slice( + &u16::try_from(hmac.into_bytes().len()) + .map_err(|_| { + // NOTE: this shouldn't ever trigger ... but ... + error!("HMAC output may only be 2^16 bytes long"); + Error::local_error(WrapperErrorKind::WrongParamSize) + })? + .to_be_bytes()[..], + ); + out.extend_from_slice(&hmac.into_bytes()); + out.extend_from_slice(&sensitive_data); + + IdObject::from_bytes(&out).map(Ok) +} diff --git a/tss-esapi/src/utils/kdf.rs b/tss-esapi/src/utils/kdf.rs new file mode 100644 index 000000000..fe8a2f5bc --- /dev/null +++ b/tss-esapi/src/utils/kdf.rs @@ -0,0 +1,284 @@ +// Copyright 2025 Contributors to the Parsec project. +// SPDX-License-Identifier: Apache-2.0 + +use core::ops::Mul; + +use byte_strings::concat_bytes; +use digest::{ + array::ArraySize, consts::U8, crypto_common::KeySizeUser, typenum::Unsigned, Digest, + FixedOutputReset, Key, OutputSizeUser, +}; +use ecdsa::elliptic_curve::{ + ecdh::SharedSecret, + point::AffineCoordinates, + sec1::{FromEncodedPoint, ModulusSize, ToEncodedPoint}, + AffinePoint, Curve, CurveArithmetic, FieldBytesSize, PublicKey, +}; +use hmac::{EagerHash, Hmac}; +use kbkdf::{Counter, Kbkdf, Params}; +use log::error; + +use crate::{Error, Result, WrapperErrorKind}; + +/// Label to be applied when deriving a key with either [`kdfa`] or [`kdfe`] +pub trait KdfLabel { + /// Label that should be used for a given application + const LABEL: &[u8]; + /// Label for a given application encoded as C string (terminated with `\0`]. + const C_LABEL: &[u8]; +} + +macro_rules! impl_kdf_label { + ($usage:ty, $value: expr) => { + impl KdfLabel for $usage { + const LABEL: &[u8] = $value; + const C_LABEL: &[u8] = concat_bytes!($value, b"\0"); + } + }; +} + +#[derive(Copy, Clone, Debug)] +pub struct Secret; +impl_kdf_label!(Secret, b"SECRET"); + +#[derive(Copy, Clone, Debug)] +pub struct Context; +impl_kdf_label!(Context, b"CONTEXT"); + +#[derive(Copy, Clone, Debug)] +pub struct Obfuscate; +impl_kdf_label!(Obfuscate, b"OBFUSCATE"); + +#[derive(Copy, Clone, Debug)] +pub struct Storage; +impl_kdf_label!(Storage, b"STORAGE"); + +#[derive(Copy, Clone, Debug)] +pub struct Integrity; +impl_kdf_label!(Integrity, b"INTEGRITY"); + +#[derive(Copy, Clone, Debug)] +pub struct Commit; +impl_kdf_label!(Commit, b"COMMIT"); + +#[derive(Copy, Clone, Debug)] +pub struct Cfb; +impl_kdf_label!(Cfb, b"CFB"); + +#[derive(Copy, Clone, Debug)] +pub struct Xor; +impl_kdf_label!(Xor, b"XOR"); + +#[derive(Copy, Clone, Debug)] +pub struct Session; +impl_kdf_label!(Session, b"SESSION"); + +#[derive(Copy, Clone, Debug)] +pub struct Identity; +impl_kdf_label!(Identity, b"IDENTITY"); + +/// KDFa +/// +/// This is a counter mode KDF from SP 800-108. It uses HMAC as the pseudo-random function (PRF). It is referred +/// to in the [specification as `KDFa()`, defined in Section 9.4.10.2 KDFa()]. +/// +/// [specification as `KDFa()`, defined in Section 9.4.10.2 KDFa()]: https://trustedcomputinggroup.org/wp-content/uploads/Trusted-Platform-Module-2.0-Library-Part-1-Version-184_pub.pdf#page=50 +/// +/// # Parameters +/// +/// - Type parameters: +/// - `HashAlg` is the [`Digest`] to be used, +/// - `Label` is the indicated use of the key eg: [`Context`], [`Storage`], [`Integrity`], ... +/// - `K` is the number of of **bytes** in the output key, +/// Note: Spec calls for **bits** but we have no support for partial bytes, +/// +/// - Parameters: +/// - `key` is a variable-sized value use as Kin, +/// - `context_u` (`contextU` in the spec), is a variable-sized value concatenated with `context_v` +/// to create the `Context` parameter used of the Counter mode KDF, +/// - `context_v` (`contextV` in the spec), is a variable-sized value concatenated with +/// `context_u` (see above). +/// +/// # Usage +/// +/// ```ignore +/// // KDFa(sha256, key, "STORAGE", contextU, contextV, 256) +/// kdfa::>(key, contextU, contextV); +/// ``` +// TODO: Support generation of non-complete bytes: +// See: +// ``` +// If KDFa() were used to produce a 521-bit ECC private key, the returned value would occupy 66 octets, with +// the upper 7 bits of the octet at offset zero set to 0. +// ``` +// https://trustedcomputinggroup.org/wp-content/uploads/Trusted-Platform-Module-2.0-Library-Part-1-Version-184_pub.pdf#page=51 +pub fn kdfa(key: &[u8], context_u: &[u8], context_v: &[u8]) -> Result> +where + Label: KdfLabel, + + HashAlg: EagerHash, + K: KeySizeUser, + + K::KeySize: ArraySize + Mul, + >::Output: Unsigned, + + <::Core as OutputSizeUser>::OutputSize: ArraySize + Mul, + <<::Core as OutputSizeUser>::OutputSize as Mul>::Output: Unsigned, +{ + let mut context = Vec::with_capacity(context_u.len() + context_v.len()); + context.extend_from_slice(context_u); + context.extend_from_slice(context_v); + + let kdf = Counter::, K>::default(); + kdf.derive( + Params::builder(key) + .with_label(Label::LABEL) + .with_context(&context) + .build(), + ) + .map_err(|e| { + error!("KDFa derivation error: {e}"); + Error::local_error(WrapperErrorKind::InternalError) + }) +} + +/// KDFe for ECDH +/// +/// This provides a symmetric encryption key for an ECC-protected object. It is defined in +/// [Section 9.4.10.3 KDFe for ECDH] of the spec +/// +/// [Section 9.4.10.3 KDFe for ECDH]: https://trustedcomputinggroup.org/wp-content/uploads/Trusted-Platform-Module-2.0-Library-Part-1-Version-184_pub.pdf#page=52 +/// +/// # Parameters +/// +/// - Type parameters: +/// - `Use` is the indicated use of the key eg: [`Context`], [`Storage`], [`Integrity`], ... +/// - `HashAlg` is the [`Digest`] to be used, +/// - `C` is the [`Curve`] used by the ECC key, +/// - `K` is the number of of **bytes** in the output key, +/// Note: Spec calls for **bits** but we have no support for partial bytes, +/// +/// - Parameters: +/// - `z` (`Z` in the spec) is the product of a public point and a private x coordinate. This will be an ECDH +/// [`SharedSecret`] on the curve (`C`), +/// - `party_u_info` (`PartyUInfo` in the spec), is the public point of the ephemeral used to +/// compute `Z`, +/// - `party_v_info` (`PartyVInfo` in the spec), is the public point of a static TPM key +pub fn kdfe( + z: &SharedSecret, + party_u_info: &PublicKey, + party_v_info: &PublicKey, +) -> Result> +where + Use: KdfLabel, + + HashAlg: Digest + FixedOutputReset, + C: Curve + CurveArithmetic, + K: KeySizeUser, + + AffinePoint: FromEncodedPoint + ToEncodedPoint, + FieldBytesSize: ModulusSize, +{ + let mut key = Key::::default(); + + let label_size = Use::C_LABEL.len(); + let mut other_info = vec![0; label_size + (2 * FieldBytesSize::::USIZE)]; + other_info[..label_size].copy_from_slice(Use::C_LABEL); + other_info[label_size..label_size + FieldBytesSize::::USIZE] + .copy_from_slice(&party_u_info.as_affine().x()); + other_info[label_size + FieldBytesSize::::USIZE..] + .copy_from_slice(&party_v_info.as_affine().x()); + + one_step_kdf::derive_key_into::(z.raw_secret_bytes(), &other_info, &mut key).map_err( + |e| { + error!("KDFe derivation error: {e}"); + Error::local_error(WrapperErrorKind::InternalError) + }, + )?; + + Ok(key) +} + +#[cfg(test)] +mod tests { + use super::*; + + use aes::Aes256; + use cipher::Array; + use hex_literal::hex; + use sha2::Sha256; + + #[test] + fn test_kdfe() { + struct Vector { + shared_secret: [u8; S], + local_key: [u8; K], + remote_key: [u8; K], + expected: [u8; E], + } + + // Test vectors here were manually generated from tpm2-pytss + static TEST_VECTORS_SHA256: [Vector< + { FieldBytesSize::::USIZE }, + { as ModulusSize>::CompressedPointSize::USIZE }, + 32, + >; 2] = [ + Vector { + shared_secret: hex!( + "c75afb6f49c941ef194b232d7615769f5152d20de5dee19a991067f337dd65bc" + ), + local_key: hex!( + "031ba4030de068a2f07919c42ef6b19f302884f35f45e7d4e4bb90ffbb0bd9d099" + ), + remote_key: hex!( + "038f2b219a29c2ff9ba69cedff2d08d33a5dbca3da6bc8af8acd3ff6f5ec4dfbef" + ), + expected: hex!("e3a0079db19724f9b76101e9364c4a149cea3501336abc3b603f94b22b6309a5"), + }, + Vector { + shared_secret: hex!( + "a90a1c095155428500ed19e87c0df078df3dd2e66a0e3bbe664ba9ff62113b4a" + ), + local_key: hex!( + "03e9c7d6a853ba6176b65ec2f328bdea25f61c4e1b23a4e1c08e1da8c723381a04" + ), + remote_key: hex!( + "036ccf059628d3cdf8e1b4c4ba6d14696ba51cc8d4a96df4016f0b214782d5cee6" + ), + expected: hex!("865f8093e2c4b801dc8c236eeb2806c7b1c51c2cb04101c035f7f2511ea0aeda"), + }, + ]; + + for v in &TEST_VECTORS_SHA256 { + let out = kdfe::( + &SharedSecret::from(Array::from(v.shared_secret)), + &PublicKey::try_from(Array::from(v.local_key)).unwrap(), + &PublicKey::try_from(Array::from(v.remote_key)).unwrap(), + ) + .unwrap(); + assert_eq!(out, v.expected); + } + } + + #[test] + fn test_kdfa() { + struct Vector { + key: &'static [u8], + context_u: &'static [u8], + context_v: &'static [u8], + expected: &'static [u8], + } + + static TEST_VECTORS_SHA256: [Vector; 1] = [Vector { + key: &hex!("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"), + context_u: b"", + context_v: &hex!("0506070809"), + expected: &hex!("de275f7f5cfeaac226b30d42377903b34705f178730d96400ccafb736e3d28a4"), + }]; + + for v in &TEST_VECTORS_SHA256 { + let out = kdfa::(v.key, v.context_u, v.context_v).unwrap(); + assert_eq!(out.as_slice(), v.expected); + } + } +} diff --git a/tss-esapi/src/utils/mod.rs b/tss-esapi/src/utils/mod.rs index 3bce90967..4e9b78204 100644 --- a/tss-esapi/src/utils/mod.rs +++ b/tss-esapi/src/utils/mod.rs @@ -23,6 +23,24 @@ use crate::{Context, Error, Result, WrapperErrorKind}; use std::convert::TryFrom; use zeroize::Zeroize; +#[cfg(feature = "rustcrypto")] +use { + core::marker::PhantomData, + digest::{crypto_common::KeySizeUser, OutputSizeUser}, +}; + +#[cfg(feature = "rustcrypto")] +mod credential; +#[cfg(feature = "rustcrypto")] +pub mod kdf; +#[cfg(feature = "rustcrypto")] +mod secret_sharing; + +#[cfg(feature = "rustcrypto")] +pub use self::credential::make_credential_ecc; +#[cfg(all(feature = "rustcrypto", feature = "rsa"))] +pub use self::credential::make_credential_rsa; + /// Create the [Public] structure for a restricted decryption key. /// /// * `symmetric` - Cipher to be used for decrypting children of the key @@ -268,3 +286,24 @@ pub fn get_tpm_vendor(context: &mut Context) -> Result { // Collect to a single string .collect()) } +// [`TpmHmac`] intends to code for the key expected for hmac +// in the KDFa and KDFe derivations. There are no standard sizes for hmac keys really, +// upstream RustCrypto considers it to be [BlockSize], but TPM specification +// has a different opinion on the matter, and expect the key to the output +// bit size of the hash algorithm used. +// +// See https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=202 +// section 24.5 HMAC: +// bits the number of bits in the digest produced by ekNameAlg +// +// [BlockSize]: https://docs.rs/hmac/0.12.1/hmac/struct.HmacCore.html#impl-KeySizeUser-for-HmacCore%3CD%3E +#[cfg(feature = "rustcrypto")] +pub(super) struct TpmHmac(PhantomData); + +#[cfg(feature = "rustcrypto")] +impl KeySizeUser for TpmHmac +where + H: OutputSizeUser, +{ + type KeySize = H::OutputSize; +} diff --git a/tss-esapi/src/utils/secret_sharing.rs b/tss-esapi/src/utils/secret_sharing.rs new file mode 100644 index 000000000..4f696f992 --- /dev/null +++ b/tss-esapi/src/utils/secret_sharing.rs @@ -0,0 +1,142 @@ +// Copyright 2019 Contributors to the Parsec project. +// SPDX-License-Identifier: Apache-2.0 +//! Secret sharing +//! +//! This provides encryption for the seed used for credential or duplication wrappers + +use cipher::crypto_common::{typenum::Unsigned, Key, KeySizeUser}; +use digest::{Digest, FixedOutputReset}; +use elliptic_curve::{ + ecdh::{EphemeralSecret, SharedSecret}, + sec1::{Coordinates, FromEncodedPoint, ModulusSize, ToEncodedPoint}, + AffinePoint, Curve, CurveArithmetic, FieldBytesSize, PublicKey, +}; +use log::error; +use rand::CryptoRng; +use zeroize::Zeroizing; + +#[cfg(feature = "rsa")] +use rsa::{Oaep, RsaPublicKey}; + +use crate::{ + error::{Error, Result, WrapperErrorKind}, + structures::EncryptedSecret, + utils::kdf::{self, KdfLabel}, +}; +/// Generates and encrypt a seed for a given ECC Public key on the curve +/// +/// See [B.6 Secret Sharing] +/// +/// # Parameters +// TODO +/// - Type parameters +/// - `R` a [`CryptoRng`] +/// - `Use` an application-dependent value +/// See [Table 27: Protection Values], for the appropriate `seed Label` +/// - `C` is the [`Curve`] of the storage key to encrypt the seed to. +/// - `K` is the type of [`Key`] we should provide a seed for +/// - `NameHash` is the naming hash algorithm of the recipient key +/// - Values +/// - `rng` the [`CryptoRng`] to derive an ephemeral from for the ECDH +/// - `recipient_key` is the Public key we shall encrypt the seed to. +/// +/// [B.6 Secret Sharing]: https://trustedcomputinggroup.org/wp-content/uploads/Trusted-Platform-Module-2.0-Library-Part-1-Version-184_pub.pdf#page=284 +/// [Table 27: Protection Values]: https://trustedcomputinggroup.org/wp-content/uploads/Trusted-Platform-Module-2.0-Library-Part-1-Version-184_pub.pdf#page=155 +pub(super) fn secret_sharing_ecc_curve( + rng: &mut R, + recipient_key: &PublicKey, +) -> Result<(Zeroizing>, EncryptedSecret)> +where + R: CryptoRng + ?Sized, + Use: KdfLabel, + C: Curve + CurveArithmetic, + + K: KeySizeUser, + NameHash: Digest + FixedOutputReset, + + AffinePoint: FromEncodedPoint + ToEncodedPoint, + FieldBytesSize: ModulusSize, +{ + let Ok(local) = EphemeralSecret::::try_from_rng(rng); + let ecdh_secret: SharedSecret = local.diffie_hellman(recipient_key); + let local_public = local.public_key(); + drop(local); + + let seed = Zeroizing::new(kdf::kdfe::( + &ecdh_secret, + &local_public, + recipient_key, + )?); + drop(ecdh_secret); + + // The local ECDH pair is used as "encrypted seed" + let encoded_point = local_public.to_encoded_point(false); + let Coordinates::Uncompressed { + x: point_x, + y: point_y, + } = encoded_point.coordinates() + else { + // NOTE: The only way this could trigger would be for the local key to be identity. + error!("Couldn't compute coordinates for the local public key"); + return Err(Error::local_error(WrapperErrorKind::InvalidParam)); + }; + let encrypted_seed = { + let mut out = vec![]; + out.extend_from_slice(&FieldBytesSize::::U16.to_be_bytes()[..]); + out.extend_from_slice(point_x); + out.extend_from_slice(&FieldBytesSize::::U16.to_be_bytes()[..]); + out.extend_from_slice(point_y); + out + }; + let encrypted_seed = EncryptedSecret::from_bytes(&encrypted_seed)?; + + Ok((seed, encrypted_seed)) +} + +/// Generates and encrypt a seed for a given RSA public key +/// +/// See [A.10 Secret Sharing] +/// +/// # Parameters +/// - Type parameters +/// - `R` a [`CryptoRng`] +/// - `Use` an application-dependent value +/// See [Table 27: Protection Values], for the appropriate `seed Label` +/// - `K` is the type of [`Key`] we should provide a seed for +/// - `NameHash` is the naming hash algorithm of the recipient key +/// - Values +/// - `rng` the [`CryptoRng`] to derive a random seed from, +/// - `recipient_key` is the [`RsaPublicKey`] we shall encrypt the seed to. +/// +/// [A.10 Secret Sharing]: https://trustedcomputinggroup.org/wp-content/uploads/Trusted-Platform-Module-2.0-Library-Part-1-Version-184_pub.pdf#page=284 +/// [Table 27: Protection Values]: https://trustedcomputinggroup.org/wp-content/uploads/Trusted-Platform-Module-2.0-Library-Part-1-Version-184_pub.pdf#page=155 +#[cfg(feature = "rsa")] +pub(super) fn secret_sharing_rsa( + rng: &mut R, + recipient_key: &RsaPublicKey, +) -> Result<(Zeroizing>, EncryptedSecret)> +where + R: CryptoRng + ?Sized, + Use: KdfLabel, + + K: KeySizeUser, + NameHash: Digest + FixedOutputReset, +{ + let random_seed = { + let mut out = Zeroizing::new(Key::::default()); + rng.fill_bytes(&mut out); + out + }; + let encrypted_seed = { + let padding = Oaep::::new_with_label(Use::C_LABEL); + recipient_key + .encrypt(rng, padding, &random_seed) + .map_err(|e| { + error!("RSA OAEP encryption error: {e}"); + Error::local_error(WrapperErrorKind::InternalError) + })? + }; + let encrypted_secret = EncryptedSecret::from_bytes(&encrypted_seed)?; + + Ok((random_seed, encrypted_secret)) +} diff --git a/tss-esapi/tests/integration_tests/abstraction_tests/credential_tests.rs b/tss-esapi/tests/integration_tests/abstraction_tests/credential_tests.rs new file mode 100644 index 000000000..58b86c2ec --- /dev/null +++ b/tss-esapi/tests/integration_tests/abstraction_tests/credential_tests.rs @@ -0,0 +1,222 @@ +// Copyright 2025 Contributors to the Parsec project. +// SPDX-License-Identifier: Apache-2.0 + +use tss_esapi::{ + abstraction::{ak, ek, AsymmetricAlgorithmSelection}, + attributes::SessionAttributesBuilder, + constants::SessionType, + handles::AuthHandle, + interface_types::{ + algorithm::{HashingAlgorithm, SignatureSchemeAlgorithm}, + ecc::EccCurve, + key_bits::RsaKeyBits, + session_handles::PolicySession, + }, + structures::{Digest, SymmetricDefinition}, + utils, +}; + +use elliptic_curve::PublicKey; +use rsa::RsaPublicKey; + +use crate::common::create_ctx_without_session; + +#[test] +fn test_credential_ecc() { + let mut context = create_ctx_without_session(); + + let ek_ecc = ek::create_ek_object( + &mut context, + AsymmetricAlgorithmSelection::Ecc(EccCurve::NistP256), + None, + ) + .unwrap(); + + let (ek_pub, _, _) = context.read_public(ek_ecc).unwrap(); + + let ak_res = ak::create_ak( + &mut context, + ek_ecc, + HashingAlgorithm::Sha384, + AsymmetricAlgorithmSelection::Ecc(EccCurve::NistP384), + SignatureSchemeAlgorithm::EcDsa, + None, + None, + ) + .unwrap(); + + let ak_ecc = ak::load_ak( + &mut context, + ek_ecc, + None, + ak_res.out_private, + ak_res.out_public, + ) + .unwrap(); + + let (_, key_name, _) = context.read_public(ak_ecc).unwrap(); + let cred = vec![1, 2, 3, 4, 5]; + let expected = Digest::try_from(vec![1, 2, 3, 4, 5]).unwrap(); + + let (credential_blob, secret) = utils::make_credential_ecc::<_, sha2::Sha256, aes::Aes128>( + PublicKey::::try_from(&ek_pub).unwrap(), + &cred, + key_name, + ) + .expect("Create credential"); + + let (session_attributes, session_attributes_mask) = SessionAttributesBuilder::new().build(); + let session_1 = context + .start_auth_session( + None, + None, + None, + SessionType::Hmac, + SymmetricDefinition::AES_256_CFB, + HashingAlgorithm::Sha256, + ) + .expect("Failed to call start_auth_session") + .expect("Failed invalid session value"); + context + .tr_sess_set_attributes(session_1, session_attributes, session_attributes_mask) + .unwrap(); + + let session_2 = context + .start_auth_session( + None, + None, + None, + SessionType::Policy, + SymmetricDefinition::AES_256_CFB, + HashingAlgorithm::Sha256, + ) + .expect("Failed to call start_auth_session") + .expect("Failed invalid session value"); + context + .tr_sess_set_attributes(session_2, session_attributes, session_attributes_mask) + .expect("Failed to call tr_sess_set_attributes"); + + let _ = context + .execute_with_session(Some(session_1), |ctx| { + ctx.policy_secret( + PolicySession::try_from(session_2) + .expect("Failed to convert auth session to policy session"), + AuthHandle::Endorsement, + Default::default(), + Default::default(), + Default::default(), + None, + ) + }) + .unwrap(); + + context.set_sessions((Some(session_1), Some(session_2), None)); + let decrypted = context + .activate_credential(ak_ecc, ek_ecc, credential_blob, secret) + .unwrap(); + + assert_eq!(expected, decrypted); + + context.flush_context(ek_ecc.into()).unwrap(); + context.flush_context(ak_ecc.into()).unwrap(); +} + +#[test] +fn test_credential_rsa() { + let mut context = create_ctx_without_session(); + + let ek_rsa = ek::create_ek_object( + &mut context, + AsymmetricAlgorithmSelection::Rsa(RsaKeyBits::Rsa2048), + None, + ) + .unwrap(); + + let (ek_pub, _, _) = context.read_public(ek_rsa).unwrap(); + + let ak_res = ak::create_ak( + &mut context, + ek_rsa, + HashingAlgorithm::Sha256, + AsymmetricAlgorithmSelection::Rsa(RsaKeyBits::Rsa2048), + SignatureSchemeAlgorithm::RsaPss, + None, + None, + ) + .unwrap(); + + let ak_rsa = ak::load_ak( + &mut context, + ek_rsa, + None, + ak_res.out_private, + ak_res.out_public, + ) + .unwrap(); + + let (_, key_name, _) = context.read_public(ak_rsa).unwrap(); + let cred = vec![1, 2, 3, 4, 5]; + let expected = Digest::try_from(vec![1, 2, 3, 4, 5]).unwrap(); + + let (credential_blob, secret) = utils::make_credential_rsa::( + &RsaPublicKey::try_from(&ek_pub).unwrap(), + &cred, + key_name, + ) + .expect("Create credential"); + + let (session_attributes, session_attributes_mask) = SessionAttributesBuilder::new().build(); + let session_1 = context + .start_auth_session( + None, + None, + None, + SessionType::Hmac, + SymmetricDefinition::AES_256_CFB, + HashingAlgorithm::Sha256, + ) + .expect("Failed to call start_auth_session") + .expect("Failed invalid session value"); + context + .tr_sess_set_attributes(session_1, session_attributes, session_attributes_mask) + .unwrap(); + + let session_2 = context + .start_auth_session( + None, + None, + None, + SessionType::Policy, + SymmetricDefinition::AES_256_CFB, + HashingAlgorithm::Sha256, + ) + .expect("Failed to call start_auth_session") + .expect("Failed invalid session value"); + context + .tr_sess_set_attributes(session_2, session_attributes, session_attributes_mask) + .expect("Failed to call tr_sess_set_attributes"); + + let _ = context + .execute_with_session(Some(session_1), |ctx| { + ctx.policy_secret( + PolicySession::try_from(session_2) + .expect("Failed to convert auth session to policy session"), + AuthHandle::Endorsement, + Default::default(), + Default::default(), + Default::default(), + None, + ) + }) + .unwrap(); + + context.set_sessions((Some(session_1), Some(session_2), None)); + let decrypted = context + .activate_credential(ak_rsa, ek_rsa, credential_blob, secret) + .unwrap(); + + assert_eq!(expected, decrypted); + + context.flush_context(ek_rsa.into()).unwrap(); + context.flush_context(ak_rsa.into()).unwrap(); +} diff --git a/tss-esapi/tests/integration_tests/abstraction_tests/mod.rs b/tss-esapi/tests/integration_tests/abstraction_tests/mod.rs index 2d56d05e7..0e2b500ac 100644 --- a/tss-esapi/tests/integration_tests/abstraction_tests/mod.rs +++ b/tss-esapi/tests/integration_tests/abstraction_tests/mod.rs @@ -1,6 +1,7 @@ // Copyright 2021 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 mod ak_tests; +mod credential_tests; mod ek_tests; mod no_tpm; mod nv_tests;