diff --git a/Cargo.toml b/Cargo.toml index 322c9a0..456372b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -34,7 +34,6 @@ serde_json = "1.0" libc = "0.2" nix = { version = "0.27", features = ["resource"] } notify-rust = "4.11" -tss-esapi = "7.6.0" aes-gcm = "0.10" rand = "0.8" ctrlc = "3.4" diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index 184c8b5..97a0c2b 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -11,7 +11,8 @@ **System Dependencies:** - `libudev-dev` - Required for UHID device access -- `libtss2-dev` - TPM 2.0 TSS libraries (includes tss2-esys, tss2-tctildr, tss2-mu) +- `libtss2-dev` - TPM 2.0 TSS libraries (includes tss2-esys, tss2-tctildr, tss2-mu) for `tpm` + feature. **Ubuntu/Debian:** diff --git a/Makefile b/Makefile index 7bac65b..d3abefd 100644 --- a/Makefile +++ b/Makefile @@ -52,20 +52,19 @@ lint-fix: fmt clippy-fix ## run all linting with automatic fixes .PHONY: test test: ## run tests test: lint - cargo test + cargo test --all-features .PHONY: test-e2e test-e2e: ## run E2E tests (automatically manages authenticator) - cargo test -- --test-threads=1 --ignored + cargo test --all-features -- --test-threads=1 --ignored .PHONY: test-e2e-local test-e2e-local: ## run E2E tests for local backend only - cargo test --test e2e_webauthn local -- --test-threads=1 --ignored + cargo test --all-features --test e2e_webauthn local -- --test-threads=1 --ignored .PHONY: test-e2e-pass test-e2e-pass: ## run E2E tests for password-store backend only - cargo test --test e2e_webauthn pass -- --test-threads=1 --ignored - + cargo test --all-features --test e2e_webauthn pass -- --test-threads=1 --ignored .PHONY: test-e2e-tpm test-e2e-tpm: ## run E2E tests for TPM backend only (requires swtpm) cargo test --test e2e_webauthn tpm -- --test-threads=1 --ignored diff --git a/cmd/passless/Cargo.toml b/cmd/passless/Cargo.toml index 18ae1f3..d49b116 100644 --- a/cmd/passless/Cargo.toml +++ b/cmd/passless/Cargo.toml @@ -14,6 +14,10 @@ version.workspace = true name = "passless" path = "src/main.rs" +[features] +default = [] +tpm = ["passless-core/tpm", "tss-esapi"] + [dependencies] passless-core.workspace = true soft-fido2.workspace = true @@ -29,18 +33,18 @@ serde_json.workspace = true libc.workspace = true nix.workspace = true notify-rust.workspace = true -tss-esapi.workspace = true aes-gcm.workspace = true rand.workspace = true ctrlc.workspace = true clap.workspace = true zeroize.workspace = true hex.workspace = true +shadow-rs.workspace = true hmac = "0.12" rpassword = "7.3" atty = "0.2" serde_bytes = "0.11.19" -shadow-rs.workspace = true +tss-esapi = { version = "7.6.0", optional = true } [dev-dependencies] base64 = "0.22" diff --git a/cmd/passless/src/main.rs b/cmd/passless/src/main.rs index 1852a55..5e31a99 100644 --- a/cmd/passless/src/main.rs +++ b/cmd/passless/src/main.rs @@ -20,7 +20,9 @@ use commands::custom::{register_standard_credential_mgmt, register_yubikey_crede use env_logger::{Builder, Env}; use log::{debug, error, info, warn}; use shadow_rs::shadow; -use storage::{CredentialStorage, LocalStorageAdapter, PassStorageAdapter, TpmStorageAdapter}; +#[cfg(feature = "tpm")] +use storage::TpmStorageAdapter; +use storage::{CredentialStorage, LocalStorageAdapter, PassStorageAdapter}; shadow!(build); @@ -323,6 +325,7 @@ fn run() -> Result<()> { let service = AuthenticatorService::new(storage, security_config)?; run_with_service(service, uhid, shutdown) } + #[cfg(feature = "tpm")] BackendConfig::Tpm { path, tcti } => { let storage = TpmStorageAdapter::new(path.into(), Some(tcti))?; let service = AuthenticatorService::new(storage, security_config)?; diff --git a/cmd/passless/src/storage/mod.rs b/cmd/passless/src/storage/mod.rs index 5d9eab6..af3673c 100644 --- a/cmd/passless/src/storage/mod.rs +++ b/cmd/passless/src/storage/mod.rs @@ -6,6 +6,7 @@ pub mod credential; pub mod index; pub mod local; pub mod pass; +#[cfg(feature = "tpm")] pub mod tpm; // Internal credential type with controlled serialization @@ -13,6 +14,7 @@ pub mod tpm; pub(crate) use credential::Credential; pub use local::LocalStorageAdapter; pub use pass::PassStorageAdapter; +#[cfg(feature = "tpm")] pub use tpm::TpmStorageAdapter; use soft_fido2::Result; diff --git a/passless-core/Cargo.toml b/passless-core/Cargo.toml index 921af9f..596852f 100644 --- a/passless-core/Cargo.toml +++ b/passless-core/Cargo.toml @@ -6,6 +6,10 @@ edition.workspace = true license-file.workspace = true version.workspace = true +[features] +default = [] +tpm = [] + [dependencies] clap.workspace = true clap-serde-derive.workspace = true diff --git a/passless-core/src/config.rs b/passless-core/src/config.rs index 3e8c9e2..904ed1b 100644 --- a/passless-core/src/config.rs +++ b/passless-core/src/config.rs @@ -98,6 +98,7 @@ pub fn tpm_path() -> String { } /// TPM backend configuration +#[cfg(feature = "tpm")] #[derive(ClapSerde, Debug, Clone, Serialize, Deserialize, ConfigDoc)] #[group(id = "tpm-backend-config")] pub struct TpmBackendConfig { @@ -255,6 +256,7 @@ pub struct AppConfig { pub pass: PassBackendConfig, /// TPM backend configuration + #[cfg(feature = "tpm")] #[clap_serde] #[serde(default)] #[command(flatten)] @@ -284,6 +286,7 @@ pub enum BackendConfig { path: String, gpg_backend: String, }, + #[cfg(feature = "tpm")] Tpm { path: String, tcti: String, @@ -331,6 +334,7 @@ impl AppConfig { path: self.pass.path.clone(), gpg_backend: self.pass.gpg_backend.clone(), }), + #[cfg(feature = "tpm")] "tpm" => Ok(BackendConfig::Tpm { path: self.tpm.path.clone(), tcti: self.tpm.tcti.clone(),