diff --git a/.clippy.toml b/.clippy.toml index 3b9db9df..4972822f 100644 --- a/.clippy.toml +++ b/.clippy.toml @@ -1 +1 @@ -msrv = "1.74.0" +msrv = "1.85.0" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index eab40346..03b58e8e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,7 +31,7 @@ jobs: - name: Build the container run: docker build -t ubuntucontainer tss-esapi/tests/ --file tss-esapi/tests/Dockerfile-ubuntu --target tpm2-tools - name: Run the container - run: docker run -v $(pwd):/tmp/rust-tss-esapi -w /tmp/rust-tss-esapi/tss-esapi --env RUST_TOOLCHAIN_VERSION=1.74.0 ubuntucontainer /tmp/rust-tss-esapi/tss-esapi/tests/all-ubuntu.sh + run: docker run -v $(pwd):/tmp/rust-tss-esapi -w /tmp/rust-tss-esapi/tss-esapi --env RUST_TOOLCHAIN_VERSION=1.85.0 ubuntucontainer /tmp/rust-tss-esapi/tss-esapi/tests/all-ubuntu.sh # All in one job as I think it is a big overhead to build and run the Docker # container? tests-ubuntu: @@ -118,6 +118,6 @@ jobs: - name: Build the container run: docker build -t ubuntucontainer tss-esapi/tests/ --file tss-esapi/tests/Dockerfile-ubuntu --target tpm2-tss - name: Check Clippy lints MSRV - run: docker run -v $(pwd):/tmp/rust-tss-esapi -w /tmp/rust-tss-esapi/tss-esapi --env RUST_TOOLCHAIN_VERSION=1.74.0 ubuntucontainer /tmp/rust-tss-esapi/tss-esapi/tests/lint-checks.sh + run: docker run -v $(pwd):/tmp/rust-tss-esapi -w /tmp/rust-tss-esapi/tss-esapi --env RUST_TOOLCHAIN_VERSION=1.85.0 ubuntucontainer /tmp/rust-tss-esapi/tss-esapi/tests/lint-checks.sh - name: Check Clippy lints latest run: docker run -v $(pwd):/tmp/rust-tss-esapi -w /tmp/rust-tss-esapi/tss-esapi ubuntucontainer /tmp/rust-tss-esapi/tss-esapi/tests/lint-checks.sh diff --git a/.gitignore b/.gitignore index aa859548..ff0be5fa 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,5 @@ *target **/*.rs.bk -*Cargo.lock *.swp *DS_Store *.patch diff --git a/Cargo.lock b/Cargo.lock new file mode 100644 index 00000000..fe8ec771 --- /dev/null +++ b/Cargo.lock @@ -0,0 +1,1428 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 4 + +[[package]] +name = "aes" +version = "0.9.0-rc.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cd4838e4ad37bb032dea137f441d5f71c16c26c068af512e64c5bc13a88cdfc7" +dependencies = [ + "cfg-if", + "cipher", + "cpufeatures", +] + +[[package]] +name = "aho-corasick" +version = "1.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916" +dependencies = [ + "memchr", +] + +[[package]] +name = "anstream" +version = "0.6.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8acc5369981196006228e28809f761875c0327210a891e941f4c683b3a99529b" +dependencies = [ + "anstyle", + "anstyle-parse", + "anstyle-query", + "anstyle-wincon", + "colorchoice", + "is_terminal_polyfill", + "utf8parse", +] + +[[package]] +name = "anstyle" +version = "1.0.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "55cc3b69f167a1ef2e161439aa98aed94e6028e5f9a59be9a6ffb47aef1651f9" + +[[package]] +name = "anstyle-parse" +version = "0.2.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3b2d16507662817a6a20a9ea92df6652ee4f94f914589377d69f3b21bc5798a9" +dependencies = [ + "utf8parse", +] + +[[package]] +name = "anstyle-query" +version = "1.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "79947af37f4177cfead1110013d678905c37501914fba0efea834c3fe9a8d60c" +dependencies = [ + "windows-sys", +] + +[[package]] +name = "anstyle-wincon" +version = "3.0.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ca3534e77181a9cc07539ad51f2141fe32f6c3ffd4df76db8ad92346b003ae4e" +dependencies = [ + "anstyle", + "once_cell", + "windows-sys", +] + +[[package]] +name = "autocfg" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26" + +[[package]] +name = "autotools" +version = "0.2.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ef941527c41b0fc0dd48511a8154cd5fc7e29200a0ff8b7203c5d777dbc795cf" +dependencies = [ + "cc", +] + +[[package]] +name = "base16ct" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" + +[[package]] +name = "base16ct" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d8b59d472eab27ade8d770dcb11da7201c11234bef9f82ce7aa517be028d462b" + +[[package]] +name = "base64ct" +version = "1.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "89e25b6adfb930f02d1981565a6e5d9c547ac15a96606256d3b59040e5cd4ca3" + +[[package]] +name = "bindgen" +version = "0.72.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "993776b509cfb49c750f11b8f07a46fa23e0a1386ffc01fb1e7d343efc387895" +dependencies = [ + "bitflags", + "cexpr", + "clang-sys", + "itertools", + "log", + "prettyplease", + "proc-macro2", + "quote", + "regex", + "rustc-hash", + "shlex", + "syn", +] + +[[package]] +name = "bitfield" +version = "0.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f798d2d157e547aa99aab0967df39edd0b70307312b6f8bd2848e6abe40896e0" + +[[package]] +name = "bitflags" +version = "2.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c8214115b7bf84099f1309324e63141d4c5d7cc26862f97a0a857dbefe165bd" + +[[package]] +name = "block-buffer" +version = "0.11.0-rc.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e9ef36a6fcdb072aa548f3da057640ec10859eb4e91ddf526ee648d50c76a949" +dependencies = [ + "hybrid-array", +] + +[[package]] +name = "cc" +version = "1.2.39" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e1354349954c6fc9cb0deab020f27f783cf0b604e8bb754dc4658ecf0d29c35f" +dependencies = [ + "find-msvc-tools", + "shlex", +] + +[[package]] +name = "cexpr" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" +dependencies = [ + "nom", +] + +[[package]] +name = "cfb-mode" +version = "0.9.0-rc.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dce2fb589a20a50a7bab39cf4a4a5dbd6aa9c217f1700272d57d3173295c0969" +dependencies = [ + "cipher", +] + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "cipher" +version = "0.5.0-rc.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bd4ef774202f1749465fc7cf88d70fc30620e8cacd5429268f4bff7d003bd976" +dependencies = [ + "crypto-common", + "inout", +] + +[[package]] +name = "clang-sys" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" +dependencies = [ + "glob", + "libc", + "libloading", +] + +[[package]] +name = "colorchoice" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b63caa9aa9397e2d9480a9b13673856c78d8ac123288526c37d7839f2a86990" + +[[package]] +name = "concat-kdf" +version = "0.2.0-pre" +source = "git+https://github.com/RustCrypto/KDFs.git#24e9844f4dd42d27debf0a85c8134e33457be247" +dependencies = [ + "digest", +] + +[[package]] +name = "const-oid" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0dabb6555f92fb9ee4140454eb5dcd14c7960e1225c6d1a6cc361f032947713e" + +[[package]] +name = "cpufeatures" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280" +dependencies = [ + "libc", +] + +[[package]] +name = "crypto-bigint" +version = "0.7.0-rc.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4113edbc9f68c0a64d5b911f803eb245d04bb812680fd56776411f69c670f3e0" +dependencies = [ + "hybrid-array", + "num-traits", + "rand_core", + "serdect", + "subtle", + "zeroize", +] + +[[package]] +name = "crypto-common" +version = "0.2.0-rc.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6a8235645834fbc6832939736ce2f2d08192652269e11010a6240f61b908a1c6" +dependencies = [ + "hybrid-array", +] + +[[package]] +name = "crypto-primes" +version = "0.7.0-pre.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "25f2523fbb68811c8710829417ad488086720a6349e337c38d12fa81e09e50bf" +dependencies = [ + "crypto-bigint", + "libm", + "rand_core", +] + +[[package]] +name = "der" +version = "0.8.0-rc.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e9d8dd2f26c86b27a2a8ea2767ec7f9df7a89516e4794e54ac01ee618dda3aa4" +dependencies = [ + "const-oid", + "der_derive", + "flagset", + "pem-rfc7468", + "zeroize", +] + +[[package]] +name = "der_derive" +version = "0.8.0-rc.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "be645fee2afe89d293b96c19e4456e6ac69520fc9c6b8a58298550138e361ffe" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "digest" +version = "0.11.0-rc.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dac89f8a64533a9b0eaa73a68e424db0fb1fd6271c74cc0125336a05f090568d" +dependencies = [ + "block-buffer", + "const-oid", + "crypto-common", + "subtle", +] + +[[package]] +name = "ecdsa" +version = "0.17.0-rc.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b4ab355ec063f7a110eb627471058093aba00eb7f4e70afbd15e696b79d1077b" +dependencies = [ + "der", + "digest", + "elliptic-curve", + "rfc6979", + "signature", + "spki", + "zeroize", +] + +[[package]] +name = "either" +version = "1.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" + +[[package]] +name = "elliptic-curve" +version = "0.14.0-rc.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2e3be87c458d756141f3b6ee188828132743bf90c7d14843e2835d6443e5fb03" +dependencies = [ + "base16ct 0.3.0", + "crypto-bigint", + "digest", + "ff", + "group", + "hkdf", + "hybrid-array", + "once_cell", + "pem-rfc7468", + "pkcs8", + "rand_core", + "sec1", + "subtle", + "zeroize", +] + +[[package]] +name = "enumflags2" +version = "0.7.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba2f4b465f5318854c6f8dd686ede6c0a9dc67d4b1ac241cf0eb51521a309147" +dependencies = [ + "enumflags2_derive", +] + +[[package]] +name = "enumflags2_derive" +version = "0.7.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc4caf64a58d7a6d65ab00639b046ff54399a39f5f2554728895ace4b297cd79" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "env_filter" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "186e05a59d4c50738528153b83b0b0194d3a29507dfec16eccd4b342903397d0" +dependencies = [ + "log", + "regex", +] + +[[package]] +name = "env_logger" +version = "0.11.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13c863f0904021b108aa8b2f55046443e6b1ebde8fd4a15c399893aae4fa069f" +dependencies = [ + "anstream", + "anstyle", + "env_filter", + "jiff", + "log", +] + +[[package]] +name = "ff" +version = "0.14.0-pre.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d42dd26f5790eda47c1a2158ea4120e32c35ddc9a7743c98a292accc01b54ef3" +dependencies = [ + "rand_core", + "subtle", +] + +[[package]] +name = "fiat-crypto" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "64cd1e32ddd350061ae6edb1b082d7c54915b5c672c389143b9a63403a109f24" + +[[package]] +name = "find-msvc-tools" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ced73b1dacfc750a6db6c0a0c3a3853c8b41997e2e2c563dc90804ae6867959" + +[[package]] +name = "flagset" +version = "0.4.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7ac824320a75a52197e8f2d787f6a38b6718bb6897a35142d749af3c0e8f4fe" + +[[package]] +name = "getrandom" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "73fea8450eea4bac3940448fb7ae50d91f034f941199fcd9d909a5a07aa455f0" +dependencies = [ + "cfg-if", + "libc", + "r-efi", + "wasi", +] + +[[package]] +name = "glob" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2" + +[[package]] +name = "group" +version = "0.14.0-pre.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ff6a0b2dd4b981b1ae9e3e6830ab146771f3660d31d57bafd9018805a91b0f1" +dependencies = [ + "ff", + "rand_core", + "subtle", +] + +[[package]] +name = "heck" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" + +[[package]] +name = "hex-literal" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bcaaec4551594c969335c98c903c1397853d4198408ea609190f420500f6be71" + +[[package]] +name = "hkdf" +version = "0.13.0-rc.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7984b5d6605e93b2787c95aef698b3c28933a4d7f9fd09d46f54130da1efaee0" +dependencies = [ + "hmac", +] + +[[package]] +name = "hmac" +version = "0.13.0-rc.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "49e206bca159aebaaed410f5e78b2fe56bfc0dd5b19ecae922813b8556b8b07e" +dependencies = [ + "digest", +] + +[[package]] +name = "hostname-validator" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f558a64ac9af88b5ba400d99b579451af0d39c6d360980045b91aac966d705e2" + +[[package]] +name = "hybrid-array" +version = "0.4.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f471e0a81b2f90ffc0cb2f951ae04da57de8baa46fa99112b062a5173a5088d0" +dependencies = [ + "subtle", + "typenum", + "zeroize", +] + +[[package]] +name = "inout" +version = "0.2.0-rc.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1603f76010ff924b616c8f44815a42eb10fb0b93d308b41deaa8da6d4251fd4b" +dependencies = [ + "hybrid-array", +] + +[[package]] +name = "is_terminal_polyfill" +version = "1.70.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf" + +[[package]] +name = "itertools" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186" +dependencies = [ + "either", +] + +[[package]] +name = "itoa" +version = "1.0.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c" + +[[package]] +name = "jiff" +version = "0.2.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e5ad87c89110f55e4cd4dc2893a9790820206729eaf221555f742d540b0724a0" +dependencies = [ + "jiff-static", + "log", + "portable-atomic", + "portable-atomic-util", + "serde", +] + +[[package]] +name = "jiff-static" +version = "0.2.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d076d5b64a7e2fe6f0743f02c43ca4a6725c0f904203bfe276a5b3e793103605" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "kbkdf" +version = "0.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b758ac9cc629a963ae38718148729d65d4e401f0e516862fa7820f6b76666aa0" +dependencies = [ + "digest", +] + +[[package]] +name = "keccak" +version = "0.2.0-rc.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d546793a04a1d3049bd192856f804cfe96356e2cf36b54b4e575155babe9f41" +dependencies = [ + "cpufeatures", +] + +[[package]] +name = "lenient_semver" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "de8de3f4f3754c280ce1c8c42ed8dd26a9c8385c2e5ad4ec5a77e774cea9c1ec" +dependencies = [ + "lenient_semver_parser", + "lenient_version", + "semver", +] + +[[package]] +name = "lenient_semver_parser" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f650c1d024ddc26b4bb79c3076b30030f2cf2b18292af698c81f7337a64d7d6" +dependencies = [ + "lenient_semver_version_builder", + "semver", +] + +[[package]] +name = "lenient_semver_version_builder" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9049f8ff49f75b946f95557148e70230499c8a642bf2d6528246afc7d0282d17" +dependencies = [ + "semver", +] + +[[package]] +name = "lenient_version" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bad7b41cc0ad9b8a9f8d8fcb7c2ab6703a6da4b369cbb7e3a63ee0840769b4eb" +dependencies = [ + "lenient_semver_parser", + "lenient_semver_version_builder", +] + +[[package]] +name = "libc" +version = "0.2.172" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d750af042f7ef4f724306de029d18836c26c1765a54a6a3f094cbd23a7267ffa" + +[[package]] +name = "libloading" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc2f4eb4bc735547cfed7c0a4922cbd04a4655978c09b54f1f7b228750664c34" +dependencies = [ + "cfg-if", + "windows-targets", +] + +[[package]] +name = "libm" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f9fbbcab51052fe104eb5e5d351cf728d30a5be1fe14d9be8a3b097481fb97de" + +[[package]] +name = "log" +version = "0.4.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94" + +[[package]] +name = "malloced" +version = "1.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6dfebb2f9e0b39509c62eead6ec7ae0c0ed45bb61d12bbcf4e976c566c5400ec" + +[[package]] +name = "memchr" +version = "2.7.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" + +[[package]] +name = "minimal-lexical" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" + +[[package]] +name = "msbuild" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "393df38a84c08ad136f183889923314c1cf7988347fe8b7ab6531d44837bb076" +dependencies = [ + "lenient_semver", + "serde_json", + "winreg", +] + +[[package]] +name = "nom" +version = "7.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" +dependencies = [ + "memchr", + "minimal-lexical", +] + +[[package]] +name = "num-derive" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed3955f1a9c7c0c15e092f9c887db08b1fc683305fdf6eb6684f22555355e202" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "num-traits" +version = "0.2.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" +dependencies = [ + "autocfg", +] + +[[package]] +name = "once_cell" +version = "1.21.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d" + +[[package]] +name = "p192" +version = "0.14.0-pre" +source = "git+https://github.com/RustCrypto/elliptic-curves.git#73e250d8b63a01e0052c876aed7e05584a3ee1c9" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primefield", + "primeorder", +] + +[[package]] +name = "p224" +version = "0.14.0-pre" +source = "git+https://github.com/RustCrypto/elliptic-curves.git#73e250d8b63a01e0052c876aed7e05584a3ee1c9" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primefield", + "primeorder", + "sha2", +] + +[[package]] +name = "p256" +version = "0.14.0-pre.11" +source = "git+https://github.com/RustCrypto/elliptic-curves.git#73e250d8b63a01e0052c876aed7e05584a3ee1c9" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primefield", + "primeorder", + "sha2", +] + +[[package]] +name = "p384" +version = "0.14.0-pre.11" +source = "git+https://github.com/RustCrypto/elliptic-curves.git#73e250d8b63a01e0052c876aed7e05584a3ee1c9" +dependencies = [ + "ecdsa", + "elliptic-curve", + "fiat-crypto", + "primefield", + "primeorder", + "sha2", +] + +[[package]] +name = "p521" +version = "0.14.0-pre.11" +source = "git+https://github.com/RustCrypto/elliptic-curves.git#73e250d8b63a01e0052c876aed7e05584a3ee1c9" +dependencies = [ + "base16ct 0.3.0", + "ecdsa", + "elliptic-curve", + "primefield", + "primeorder", + "rand_core", + "sha2", +] + +[[package]] +name = "paste" +version = "1.0.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" + +[[package]] +name = "pem-rfc7468" +version = "1.0.0-rc.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a8e58fab693c712c0d4e88f8eb3087b6521d060bcaf76aeb20cb192d809115ba" +dependencies = [ + "base64ct", +] + +[[package]] +name = "pkcs1" +version = "0.8.0-rc.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "986d2e952779af96ea048f160fd9194e1751b4faea78bcf3ceb456efe008088e" +dependencies = [ + "der", + "spki", +] + +[[package]] +name = "pkcs8" +version = "0.11.0-rc.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93eac55f10aceed84769df670ea4a32d2ffad7399400d41ee1c13b1cd8e1b478" +dependencies = [ + "der", + "spki", +] + +[[package]] +name = "pkg-config" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c" + +[[package]] +name = "portable-atomic" +version = "1.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "350e9b48cbc6b0e028b0473b114454c6316e57336ee184ceab6e53f72c178b3e" + +[[package]] +name = "portable-atomic-util" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d8a2f0d8d040d7848a709caf78912debcc3f33ee4b3cac47d73d1e1069e83507" +dependencies = [ + "portable-atomic", +] + +[[package]] +name = "ppv-lite86" +version = "0.2.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9" +dependencies = [ + "zerocopy", +] + +[[package]] +name = "prettyplease" +version = "0.2.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "664ec5419c51e34154eec046ebcba56312d5a2fc3b09a06da188e1ad21afadf6" +dependencies = [ + "proc-macro2", + "syn", +] + +[[package]] +name = "primefield" +version = "0.14.0-pre.6" +source = "git+https://github.com/RustCrypto/elliptic-curves.git#73e250d8b63a01e0052c876aed7e05584a3ee1c9" +dependencies = [ + "crypto-bigint", + "ff", + "rand_core", + "subtle", + "zeroize", +] + +[[package]] +name = "primeorder" +version = "0.14.0-pre.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1c36e8766fcd270fa9c665b9dc364f570695f5a59240949441b077a397f15b74" +dependencies = [ + "elliptic-curve", +] + +[[package]] +name = "proc-macro2" +version = "1.0.95" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "02b3e5e68a3a1a02aad3ec490a98007cbc13c37cbe84a3cd7b8e406d76e7f778" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.40" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "r-efi" +version = "5.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "74765f6d916ee2faa39bc8e68e4f3ed8949b48cccdac59983d287a7cb71ce9c5" + +[[package]] +name = "rand" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9fbfd9d094a40bf3ae768db9361049ace4c0e04a4fd6b359518bd7b73a73dd97" +dependencies = [ + "rand_chacha", + "rand_core", +] + +[[package]] +name = "rand_chacha" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb" +dependencies = [ + "ppv-lite86", + "rand_core", +] + +[[package]] +name = "rand_core" +version = "0.9.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "99d9a13982dcf210057a8a78572b2217b667c3beacbf3a0d8b454f6f82837d38" +dependencies = [ + "getrandom", +] + +[[package]] +name = "regex" +version = "1.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b544ef1b4eac5dc2db33ea63606ae9ffcfac26c1416a2806ae0bf5f56b201191" +dependencies = [ + "aho-corasick", + "memchr", + "regex-automata", + "regex-syntax", +] + +[[package]] +name = "regex-automata" +version = "0.4.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "809e8dc61f6de73b46c85f4c96486310fe304c434cfa43669d7b40f711150908" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c" + +[[package]] +name = "rfc6979" +version = "0.5.0-rc.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d369f9c4f79388704648e7bcb92749c0d6cf4397039293a9b747694fa4fb4bae" +dependencies = [ + "hmac", + "subtle", +] + +[[package]] +name = "rsa" +version = "0.10.0-rc.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf8955ab399f6426998fde6b76ae27233cce950705e758a6c17afd2f6d0e5d52" +dependencies = [ + "const-oid", + "crypto-bigint", + "crypto-primes", + "digest", + "pkcs1", + "pkcs8", + "rand_core", + "sha1", + "sha2", + "signature", + "spki", + "subtle", + "zeroize", +] + +[[package]] +name = "rustc-hash" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d" + +[[package]] +name = "rustversion" +version = "1.0.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eded382c5f5f786b989652c49544c4877d9f015cc22e145a5ea8ea66c2921cd2" + +[[package]] +name = "ryu" +version = "1.0.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "28d3b2b1366ec20994f1fd18c3c594f05c5dd4bc44d8bb0c1c632c8d6829481f" + +[[package]] +name = "sec1" +version = "0.8.0-rc.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1dff52f6118bc9f0ac974a54a639d499ac26a6cad7a6e39bc0990c19625e793b" +dependencies = [ + "base16ct 0.3.0", + "der", + "hybrid-array", + "subtle", + "zeroize", +] + +[[package]] +name = "semver" +version = "1.0.26" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "56e6fa9c48d24d85fb3de5ad847117517440f6beceb7798af16b4a87d616b8d0" + +[[package]] +name = "serde" +version = "1.0.219" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.219" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "serde_json" +version = "1.0.140" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "20068b6e96dc6c9bd23e01df8827e6c7e1f2fddd43c21810382803c136b99373" +dependencies = [ + "itoa", + "memchr", + "ryu", + "serde", +] + +[[package]] +name = "serdect" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "90faa9344350bebcc60a4beae3290b8548ecc55a542e25f5ca1cdc83b267fe7e" +dependencies = [ + "base16ct 0.2.0", + "serde", +] + +[[package]] +name = "sha1" +version = "0.11.0-rc.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c5e046edf639aa2e7afb285589e5405de2ef7e61d4b0ac1e30256e3eab911af9" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", +] + +[[package]] +name = "sha2" +version = "0.11.0-rc.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d1e3878ab0f98e35b2df35fe53201d088299b41a6bb63e3e34dada2ac4abd924" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", +] + +[[package]] +name = "sha3" +version = "0.11.0-rc.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2103ca0e6f4e9505eae906de5e5883e06fc3b2232fb5d6914890c7bbcb62f478" +dependencies = [ + "digest", + "keccak", +] + +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + +[[package]] +name = "signature" +version = "3.0.0-rc.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc280a6ff65c79fbd6622f64d7127f32b85563bca8c53cd2e9141d6744a9056d" +dependencies = [ + "digest", + "rand_core", +] + +[[package]] +name = "sm2" +version = "0.14.0-pre.0" +source = "git+https://github.com/RustCrypto/elliptic-curves.git#73e250d8b63a01e0052c876aed7e05584a3ee1c9" +dependencies = [ + "der", + "elliptic-curve", + "fiat-crypto", + "primefield", + "primeorder", + "rand_core", + "rfc6979", + "signature", + "sm3", +] + +[[package]] +name = "sm3" +version = "0.5.0-rc.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a57b5b482126c6f104de6268b759d878998522390c5fb5ad84d10ab13b820f05" +dependencies = [ + "digest", +] + +[[package]] +name = "spki" +version = "0.8.0-rc.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8baeff88f34ed0691978ec34440140e1572b68c7dd4a495fd14a3dc1944daa80" +dependencies = [ + "base64ct", + "der", +] + +[[package]] +name = "strum" +version = "0.26.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8fec0f0aef304996cf250b31b5a10dee7980c85da9d759361292b8bca5a18f06" + +[[package]] +name = "strum_macros" +version = "0.26.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c6bee85a5a24955dc440386795aa378cd9cf82acd5f764469152d2270e581be" +dependencies = [ + "heck", + "proc-macro2", + "quote", + "rustversion", + "syn", +] + +[[package]] +name = "subtle" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" + +[[package]] +name = "syn" +version = "2.0.100" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b09a44accad81e1ba1cd74a32461ba89dee89095ba17b32f5d03683b1b1fc2a0" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "target-lexicon" +version = "0.13.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df7f62577c25e07834649fc3b39fafdc597c0a3527dc1c60129201ccfcbaa50c" + +[[package]] +name = "tls_codec" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0de2e01245e2bb89d6f05801c564fa27624dbd7b1846859876c7dad82e90bf6b" +dependencies = [ + "tls_codec_derive", + "zeroize", +] + +[[package]] +name = "tls_codec_derive" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2d2e76690929402faae40aebdda620a2c0e25dd6d3b9afe48867dfd95991f4bd" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tss-esapi" +version = "8.0.0-alpha" +dependencies = [ + "aes", + "bitfield", + "cfb-mode", + "cfg-if", + "concat-kdf", + "digest", + "ecdsa", + "elliptic-curve", + "enumflags2", + "env_logger", + "getrandom", + "hex-literal", + "hmac", + "hostname-validator", + "kbkdf", + "log", + "malloced", + "num-derive", + "num-traits", + "p192", + "p224", + "p256", + "p384", + "p521", + "paste", + "pkcs8", + "rand", + "regex", + "rsa", + "semver", + "serde", + "serde_json", + "sha1", + "sha2", + "sha3", + "signature", + "sm2", + "sm3", + "strum", + "strum_macros", + "tss-esapi", + "tss-esapi-sys", + "x509-cert", + "zeroize", +] + +[[package]] +name = "tss-esapi-sys" +version = "0.5.0" +dependencies = [ + "autotools", + "bindgen", + "cfg-if", + "msbuild", + "pkg-config", + "semver", + "target-lexicon", +] + +[[package]] +name = "typenum" +version = "1.18.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1dccffe3ce07af9386bfd29e80c0ab1a8205a2fc34e4bcd40364df902cfa8f3f" + +[[package]] +name = "unicode-ident" +version = "1.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a5f39404a5da50712a4c1eecf25e90dd62b613502b7e925fd4e4d19b5c96512" + +[[package]] +name = "utf8parse" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" + +[[package]] +name = "wasi" +version = "0.14.2+wasi-0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9683f9a5a998d873c0d21fcbe3c083009670149a8fab228644b8bd36b2c48cb3" +dependencies = [ + "wit-bindgen-rt", +] + +[[package]] +name = "windows-sys" +version = "0.59.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" +dependencies = [ + "windows-targets", +] + +[[package]] +name = "windows-targets" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" +dependencies = [ + "windows_aarch64_gnullvm", + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_gnullvm", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_gnullvm", + "windows_x86_64_msvc", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" + +[[package]] +name = "windows_i686_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" + +[[package]] +name = "windows_i686_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" + +[[package]] +name = "winreg" +version = "0.55.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb5a765337c50e9ec252c2069be9bf91c7df47afb103b642ba3a53bf8101be97" +dependencies = [ + "cfg-if", + "windows-sys", +] + +[[package]] +name = "wit-bindgen-rt" +version = "0.39.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1" +dependencies = [ + "bitflags", +] + +[[package]] +name = "x509-cert" +version = "0.3.0-rc.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "214929cc983d42a67db8bfacea8595625bc252e9d88457aab2770cea58371145" +dependencies = [ + "const-oid", + "der", + "sha1", + "signature", + "spki", + "tls_codec", +] + +[[package]] +name = "zerocopy" +version = "0.8.25" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a1702d9583232ddb9174e01bb7c15a2ab8fb1bc6f227aa1233858c351a3ba0cb" +dependencies = [ + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.8.25" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "28a6e20d751156648aa063f3800b706ee209a32c0b4d9f24be3d980b01be55ef" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "zeroize" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] diff --git a/Cargo.toml b/Cargo.toml index e88eb84a..4673767a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,3 +1,14 @@ [workspace] resolver = "2" members = ["tss-esapi", "tss-esapi-sys"] + +[patch.crates-io] +primefield = { git = "https://github.com/RustCrypto/elliptic-curves.git" } +p192 = { git = "https://github.com/RustCrypto/elliptic-curves.git" } +p224 = { git = "https://github.com/RustCrypto/elliptic-curves.git" } +p256 = { git = "https://github.com/RustCrypto/elliptic-curves.git" } +p384 = { git = "https://github.com/RustCrypto/elliptic-curves.git" } +p521 = { git = "https://github.com/RustCrypto/elliptic-curves.git" } +sm2 = { git = "https://github.com/RustCrypto/elliptic-curves.git" } + +concat-kdf = { git = "https://github.com/RustCrypto/KDFs.git" } diff --git a/tss-esapi-sys/Cargo.toml b/tss-esapi-sys/Cargo.toml index 9ed6186e..1d459cd3 100644 --- a/tss-esapi-sys/Cargo.toml +++ b/tss-esapi-sys/Cargo.toml @@ -11,7 +11,7 @@ license = "Apache-2.0" repository = "https://github.com/parallaxsecond/rust-tss-esapi" documentation = "https://docs.rs/crate/tss-esapi-sys" links = "tss2-esys" -rust-version = "1.74.0" +rust-version = "1.85.0" [build-dependencies] bindgen = { version = "0.72.0", optional = true } diff --git a/tss-esapi/Cargo.toml b/tss-esapi/Cargo.toml index c284c533..0a768ef2 100644 --- a/tss-esapi/Cargo.toml +++ b/tss-esapi/Cargo.toml @@ -10,7 +10,7 @@ categories = ["api-bindings", "external-ffi-bindings", "cryptography"] license = "Apache-2.0" repository = "https://github.com/parallaxsecond/rust-tss-esapi" documentation = "https://docs.rs/crate/tss-esapi" -rust-version = "1.74.0" +rust-version = "1.85.0" [[example]] name = "hmac" @@ -34,48 +34,61 @@ hostname-validator = "1.1.0" regex = "1.3.9" zeroize = { version = "1.5.7", features = ["zeroize_derive"] } tss-esapi-sys = { path = "../tss-esapi-sys", version = "0.5.0" } -x509-cert = { version = "0.2.0", optional = true } -ecdsa = { version = "0.16.9", features = [ +x509-cert = { version = "0.3.0-rc.1", optional = true } +aes = { version = "0.9.0-rc.0", optional = true } +cfb-mode = { version = "0.9.0-rc.0", optional = true } +ecdsa = { version = "0.17.0-rc.0", features = [ "der", "hazmat", "arithmetic", "verifying", ], optional = true } -elliptic-curve = { version = "0.13.8", optional = true, features = [ +elliptic-curve = { version = "0.14.0-rc.15", optional = true, features = [ "alloc", "pkcs8", ] } -p192 = { version = "0.13.0", optional = true } -p224 = { version = "0.13.2", optional = true } -p256 = { version = "0.13.2", optional = true } -p384 = { version = "0.13.0", optional = true } -p521 = { version = "0.13.3", optional = true } -pkcs8 = { version = "0.10.2", optional = true } -rsa = { version = "0.9", optional = true } -sha1 = { version = "0.10.6", optional = true } -sha2 = { version = "0.10.8", optional = true } -sha3 = { version = "0.10.8", optional = true } -sm2 = { version = "0.13.3", optional = true } -sm3 = { version = "0.4.2", optional = true } -digest = { version = "0.10.7", optional = true } -signature = { version = "2.2.0", features = ["std"], optional = true } +hmac = { version = "0.13.0-rc.0", optional = true } +p192 = { version = "0.14.0-pre", optional = true } +p224 = { version = "0.14.0-pre", optional = true } +p256 = { version = "0.14.0-pre.11", optional = true } +p384 = { version = "0.14.0-pre.11", optional = true } +p521 = { version = "0.14.0-pre.11", optional = true } +pkcs8 = { version = "0.11.0-rc.7", optional = true } +rsa = { version = "0.10.0-rc.9", optional = true } +sha1 = { version = "0.11.0-rc.2", optional = true } +sha2 = { version = "0.11.0-rc.2", optional = true } +sha3 = { version = "0.11.0-rc.3", optional = true } +sm2 = { version = "0.14.0-pre", optional = true } +sm3 = { version = "0.5.0-pre.5", optional = true } +digest = { version = "0.11.0-rc.3", optional = true } +signature = { version = "3.0.0-rc.0", features = [ + "alloc", + "digest", +], optional = true } +kbkdf = { version = "0.0.1", optional = true } +concat-kdf = { version = "0.2.0-pre", optional = true } cfg-if = "1.0.0" strum = { version = "0.26.3", optional = true } strum_macros = { version = "0.26.4", optional = true } paste = "1.0.14" -getrandom = "0.2.11" +getrandom = "0.3" +rand = "0.9" [dev-dependencies] +aes = "0.9.0-pre.2" env_logger = "0.11.5" +hex-literal = "1" +rsa = { version = "0.10.0-pre.3" } serde_json = "^1.0.108" -sha2 = { version = "0.10.8", features = ["oid"] } +sha2 = { version = "0.11.0-rc.2", features = ["oid"] } tss-esapi = { path = ".", features = [ "integration-tests", "serde", "abstraction", "rustcrypto-full", ] } -x509-cert = { version = "0.2.0", features = ["builder"] } +p256 = { version = "0.14.0-pre.11", features = ["ecdh"] } +x509-cert = { version = "0.3.0-rc.1", features = ["builder"] } [build-dependencies] semver = "1.0.7" @@ -85,16 +98,22 @@ default = ["abstraction"] generate-bindings = ["tss-esapi-sys/generate-bindings"] abstraction = ["rustcrypto"] integration-tests = ["strum", "strum_macros"] + rustcrypto = [ + "cfb-mode", + "concat-kdf", "digest", "ecdsa", - "elliptic-curve", + "elliptic-curve/ecdh", + "hmac", + "kbkdf", "pkcs8", "signature", "x509-cert", ] rustcrypto-full = [ "rustcrypto", + "aes", "p192", "p224", "p256", @@ -107,6 +126,8 @@ rustcrypto-full = [ "sm2", "sm3", ] + +rsa = ["dep:rsa", "kbkdf"] sha1 = ["dep:sha1", "rsa?/sha1"] sha2 = ["dep:sha2", "rsa?/sha2"] bundled = ["tss-esapi-sys/bundled"] diff --git a/tss-esapi/examples/duplication.rs b/tss-esapi/examples/duplication.rs index b421989c..0fe9c7b1 100644 --- a/tss-esapi/examples/duplication.rs +++ b/tss-esapi/examples/duplication.rs @@ -215,9 +215,8 @@ fn main() { None, ) }) - .map_err(|err| { + .inspect_err(|err| { eprintln!("⚠️ {err}"); - err }) .unwrap(); @@ -268,9 +267,8 @@ fn main() { .execute_with_nullauth_session(|ctx| { ctx.create(loaded_storage_key, hmac_public, None, None, None, None) }) - .map_err(|err| { + .inspect_err(|err| { eprintln!("⚠️ {err}"); - err }) .unwrap(); @@ -370,9 +368,8 @@ fn main() { // Return the duplicate result. result }) - .map_err(|err| { + .inspect_err(|err| { eprintln!("⚠️ {err}"); - err }) .unwrap(); diff --git a/tss-esapi/examples/duplication_secret.rs b/tss-esapi/examples/duplication_secret.rs index f1819fe9..92d15b2f 100644 --- a/tss-esapi/examples/duplication_secret.rs +++ b/tss-esapi/examples/duplication_secret.rs @@ -216,9 +216,8 @@ fn main() { None, ) }) - .map_err(|err| { + .inspect_err(|err| { eprintln!("⚠️ {err}"); - err }) .unwrap(); @@ -267,9 +266,8 @@ fn main() { .execute_with_nullauth_session(|ctx| { ctx.create(loaded_storage_key, hmac_public, None, None, None, None) }) - .map_err(|err| { + .inspect_err(|err| { eprintln!("⚠️ {err}"); - err }) .unwrap(); @@ -363,9 +361,8 @@ fn main() { // Return the duplicate result. result }) - .map_err(|err| { + .inspect_err(|err| { eprintln!("⚠️ {err}"); - err }) .unwrap(); diff --git a/tss-esapi/src/abstraction/no_tpm/quote.rs b/tss-esapi/src/abstraction/no_tpm/quote.rs index 25e9719e..af4cf3c1 100644 --- a/tss-esapi/src/abstraction/no_tpm/quote.rs +++ b/tss-esapi/src/abstraction/no_tpm/quote.rs @@ -13,19 +13,16 @@ use digest::{Digest, DynDigest}; #[cfg(any(feature = "p224", feature = "p256", feature = "p384"))] use crate::{abstraction::public::AssociatedTpmCurve, structures::EccSignature}; #[cfg(any(feature = "p224", feature = "p256", feature = "p384"))] -use ecdsa::{ - hazmat::{DigestPrimitive, VerifyPrimitive}, - PrimeCurve, SignatureSize, VerifyingKey, -}; +use ecdsa::{hazmat::DigestAlgorithm, PrimeCurve, SignatureSize, VerifyingKey}; #[cfg(any(feature = "p224", feature = "p256", feature = "p384"))] use elliptic_curve::{ - generic_array::ArrayLength, + array::ArraySize, point::AffinePoint, sec1::{FromEncodedPoint, ModulusSize, ToEncodedPoint}, CurveArithmetic, FieldBytesSize, }; #[cfg(any(feature = "p224", feature = "p256", feature = "p384"))] -use signature::hazmat::PrehashVerifier; +use signature::DigestVerifier; #[cfg(feature = "rsa")] use rsa::{pkcs1v15, pss, RsaPublicKey}; @@ -40,9 +37,9 @@ fn verify_ecdsa( hashing_algorithm: HashingAlgorithm, ) -> Result where - C: PrimeCurve + CurveArithmetic + DigestPrimitive + AssociatedTpmCurve, - AffinePoint: VerifyPrimitive + FromEncodedPoint + ToEncodedPoint, - SignatureSize: ArrayLength, + C: PrimeCurve + CurveArithmetic + DigestAlgorithm + AssociatedTpmCurve, + AffinePoint: FromEncodedPoint + ToEncodedPoint, + SignatureSize: ArraySize, FieldBytesSize: ModulusSize, { let Ok(signature) = ecdsa::Signature::::try_from(signature) else { @@ -56,25 +53,45 @@ where match hashing_algorithm { #[cfg(feature = "sha1")] - HashingAlgorithm::Sha1 => { - let hash = sha1::Sha1::digest(message); - Ok(verifying_key.verify_prehash(&hash, &signature).is_ok()) - } + HashingAlgorithm::Sha1 => Ok(verifying_key + .verify_digest( + |d: &mut sha1::Sha1| { + Digest::update(d, message); + Ok(()) + }, + &signature, + ) + .is_ok()), #[cfg(feature = "sha2")] - HashingAlgorithm::Sha256 => { - let hash = sha2::Sha256::digest(message); - Ok(verifying_key.verify_prehash(&hash, &signature).is_ok()) - } + HashingAlgorithm::Sha256 => Ok(verifying_key + .verify_digest( + |d: &mut sha2::Sha256| { + Digest::update(d, message); + Ok(()) + }, + &signature, + ) + .is_ok()), #[cfg(feature = "sha2")] - HashingAlgorithm::Sha384 => { - let hash = sha2::Sha384::digest(message); - Ok(verifying_key.verify_prehash(&hash, &signature).is_ok()) - } + HashingAlgorithm::Sha384 => Ok(verifying_key + .verify_digest( + |d: &mut sha2::Sha384| { + Digest::update(d, message); + Ok(()) + }, + &signature, + ) + .is_ok()), #[cfg(feature = "sha2")] - HashingAlgorithm::Sha512 => { - let hash = sha2::Sha512::digest(message); - Ok(verifying_key.verify_prehash(&hash, &signature).is_ok()) - } + HashingAlgorithm::Sha512 => Ok(verifying_key + .verify_digest( + |d: &mut sha2::Sha512| { + Digest::update(d, message); + Ok(()) + }, + &signature, + ) + .is_ok()), _ => Err(Error::WrapperError(WrapperErrorKind::UnsupportedParam)), } } diff --git a/tss-esapi/src/abstraction/nv.rs b/tss-esapi/src/abstraction/nv.rs index 76646fc7..26a0bb12 100644 --- a/tss-esapi/src/abstraction/nv.rs +++ b/tss-esapi/src/abstraction/nv.rs @@ -53,9 +53,8 @@ fn get_nv_index_info( .and_then(|mut object_handle| { context .nv_read_public(NvIndexHandle::from(object_handle)) - .map_err(|e| { + .inspect_err(|_e| { let _ = context.tr_close(&mut object_handle); - e }) .and_then(|(nv_public, name)| { context.tr_close(&mut object_handle)?; diff --git a/tss-esapi/src/abstraction/public.rs b/tss-esapi/src/abstraction/public.rs index 2f0d5bb7..250b92cb 100644 --- a/tss-esapi/src/abstraction/public.rs +++ b/tss-esapi/src/abstraction/public.rs @@ -8,7 +8,7 @@ use crate::{Error, WrapperErrorKind}; use core::convert::TryFrom; use elliptic_curve::{ - generic_array::typenum::Unsigned, + array::typenum::Unsigned, sec1::{EncodedPoint, FromEncodedPoint, ModulusSize, ToEncodedPoint}, AffinePoint, CurveArithmetic, FieldBytesSize, PublicKey, }; @@ -18,7 +18,7 @@ use x509_cert::spki::SubjectPublicKeyInfoOwned; #[cfg(feature = "rsa")] use { crate::structures::RsaExponent, - rsa::{BigUint, RsaPublicKey}, + rsa::{BoxedUint, RsaPublicKey}, }; #[cfg(any( @@ -57,15 +57,13 @@ where let x = unique.x().as_bytes(); let y = unique.y().as_bytes(); - if x.len() != FieldBytesSize::::USIZE { - return Err(Error::local_error(WrapperErrorKind::InvalidParam)); - } - if y.len() != FieldBytesSize::::USIZE { - return Err(Error::local_error(WrapperErrorKind::InvalidParam)); - } - - let encoded_point = - EncodedPoint::::from_affine_coordinates(x.into(), y.into(), false); + let encoded_point = EncodedPoint::::from_affine_coordinates( + x.try_into() + .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?, + y.try_into() + .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?, + false, + ); let public_key = PublicKey::::try_from(&encoded_point) .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?; @@ -86,10 +84,10 @@ impl TryFrom<&Public> for RsaPublicKey { unique, parameters, .. } => { let exponent = match parameters.exponent() { - RsaExponent::ZERO_EXPONENT => BigUint::from(RSA_DEFAULT_EXP), - _ => BigUint::from(parameters.exponent().value()), + RsaExponent::ZERO_EXPONENT => BoxedUint::from(RSA_DEFAULT_EXP), + _ => BoxedUint::from(parameters.exponent().value()), }; - let modulus = BigUint::from_bytes_be(unique.as_bytes()); + let modulus = BoxedUint::from_be_slice_vartime(unique.as_bytes()); let public_key = RsaPublicKey::new(modulus, exponent) .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?; @@ -173,8 +171,6 @@ where let x = x.as_slice(); let y = y.as_slice(); - // TODO: When elliptic_curve bumps to 0.14, we can use the TryFrom implementation instead - // of checking lengths manually if x.len() != FieldBytesSize::::USIZE { return Err(Error::local_error(WrapperErrorKind::InvalidParam)); } @@ -182,8 +178,14 @@ where return Err(Error::local_error(WrapperErrorKind::InvalidParam)); } - let encoded_point = - EncodedPoint::::from_affine_coordinates(x.into(), y.into(), false); + let encoded_point = EncodedPoint::::from_affine_coordinates( + x.try_into() + .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?, + y.try_into() + .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?, + false, + ); + let public_key = PublicKey::::try_from(&encoded_point) .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?; @@ -201,8 +203,8 @@ impl TryFrom<&TpmPublicKey> for RsaPublicKey { fn try_from(value: &TpmPublicKey) -> Result { match value { TpmPublicKey::Rsa(modulus) => { - let exponent = BigUint::from(RSA_DEFAULT_EXP); - let modulus = BigUint::from_bytes_be(modulus.as_slice()); + let exponent = BoxedUint::from(RSA_DEFAULT_EXP); + let modulus = BoxedUint::from_be_slice_vartime(modulus.as_slice()); let public_key = RsaPublicKey::new(modulus, exponent) .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?; diff --git a/tss-esapi/src/abstraction/signatures.rs b/tss-esapi/src/abstraction/signatures.rs index 3bc6ff9f..db1c4833 100644 --- a/tss-esapi/src/abstraction/signatures.rs +++ b/tss-esapi/src/abstraction/signatures.rs @@ -8,16 +8,16 @@ use crate::{ use std::convert::TryFrom; -use ecdsa::SignatureSize; +use ecdsa::{EcdsaCurve, SignatureSize}; use elliptic_curve::{ - generic_array::{typenum::Unsigned, ArrayLength}, + array::{typenum::Unsigned, ArraySize}, FieldBytes, FieldBytesSize, PrimeCurve, }; impl TryFrom<&EccSignature> for ecdsa::Signature where - C: PrimeCurve, - SignatureSize: ArrayLength, + C: PrimeCurve + EcdsaCurve, + SignatureSize: ArraySize, { type Error = Error; @@ -33,8 +33,12 @@ where } let signature = ecdsa::Signature::from_scalars( - FieldBytes::::clone_from_slice(r), - FieldBytes::::clone_from_slice(s), + FieldBytes::::try_from(r) + .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))? + .clone(), + FieldBytes::::try_from(s) + .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))? + .clone(), ) .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?; Ok(signature) @@ -43,8 +47,8 @@ where impl TryFrom<&Signature> for ecdsa::Signature where - C: PrimeCurve, - SignatureSize: ArrayLength, + C: PrimeCurve + EcdsaCurve, + SignatureSize: ArraySize, { type Error = Error; diff --git a/tss-esapi/src/abstraction/signer.rs b/tss-esapi/src/abstraction/signer.rs index 0c3a55de..8051d5d7 100644 --- a/tss-esapi/src/abstraction/signer.rs +++ b/tss-esapi/src/abstraction/signer.rs @@ -24,11 +24,11 @@ use std::{convert::TryFrom, ops::Add, sync::Mutex}; use digest::{Digest, FixedOutput, Output}; use ecdsa::{ der::{MaxOverhead, MaxSize, Signature as DerSignature}, - hazmat::{DigestPrimitive, SignPrimitive}, - Signature, SignatureSize, VerifyingKey, + hazmat::DigestAlgorithm, + EcdsaCurve, Signature, SignatureSize, VerifyingKey, }; use elliptic_curve::{ - generic_array::ArrayLength, + array::ArraySize, ops::Invert, sec1::{FromEncodedPoint, ModulusSize, ToEncodedPoint}, subtle::CtOption, @@ -139,7 +139,7 @@ impl TpmSigner #[derive(Debug)] pub struct EcSigner where - C: PrimeCurve + CurveArithmetic, + C: PrimeCurve + CurveArithmetic + EcdsaCurve, { context: Ctx, verifying_key: VerifyingKey, @@ -147,7 +147,7 @@ where impl EcSigner where - C: PrimeCurve + CurveArithmetic, + C: PrimeCurve + CurveArithmetic + EcdsaCurve, C: AssociatedTpmCurve, FieldBytesSize: ModulusSize, AffinePoint: FromEncodedPoint + ToEncodedPoint, @@ -179,17 +179,17 @@ where impl EcSigner where - C: PrimeCurve + CurveArithmetic, + C: PrimeCurve + CurveArithmetic + EcdsaCurve, C: AssociatedTpmCurve, { - /// Key parameters for this curve, selected digest is the one selected by DigestPrimitive + /// Key parameters for this curve, selected digest is the one selected by DigestAlgorithm pub fn key_params_default() -> KeyParams where - C: DigestPrimitive, - ::Digest: FixedOutput>, - ::Digest: AssociatedHashingAlgorithm, + C: DigestAlgorithm, + ::Digest: FixedOutput, + ::Digest: AssociatedHashingAlgorithm, { - Self::key_params::<::Digest>() + Self::key_params::<::Digest>() } /// Key parameters for this curve @@ -199,7 +199,7 @@ where /// The hashing algorithm `D` is the digest that will be used for signatures (SHA-256, SHA3-256, ...). pub fn key_params() -> KeyParams where - D: FixedOutput>, + D: FixedOutput, D: AssociatedHashingAlgorithm, { KeyParams::Ecc { @@ -212,9 +212,9 @@ where impl AsRef> for EcSigner where - C: PrimeCurve + CurveArithmetic, - Scalar: Invert>> + SignPrimitive, - SignatureSize: ArrayLength, + C: PrimeCurve + CurveArithmetic + EcdsaCurve, + Scalar: Invert>>, + SignatureSize: ArraySize, { fn as_ref(&self) -> &VerifyingKey { &self.verifying_key @@ -223,25 +223,30 @@ where impl KeypairRef for EcSigner where - C: PrimeCurve + CurveArithmetic, - Scalar: Invert>> + SignPrimitive, - SignatureSize: ArrayLength, + C: PrimeCurve + CurveArithmetic + EcdsaCurve, + Scalar: Invert>>, + SignatureSize: ArraySize, { type VerifyingKey = VerifyingKey; } impl DigestSigner> for EcSigner where - C: PrimeCurve + CurveArithmetic, + C: PrimeCurve + CurveArithmetic + EcdsaCurve, C: AssociatedTpmCurve, - D: Digest + FixedOutput>, + D: Digest + FixedOutput, D: AssociatedHashingAlgorithm, - Scalar: Invert>> + SignPrimitive, - SignatureSize: ArrayLength, + Scalar: Invert>>, + SignatureSize: ArraySize, TpmDigest: From>, Ctx: TpmSigner, { - fn try_sign_digest(&self, digest: D) -> Result, SigError> { + fn try_sign_digest Result<(), SigError>>( + &self, + f: F, + ) -> Result, SigError> { + let mut digest = D::new(); + f(&mut digest)?; let digest = TpmDigest::from(digest.finalize_fixed()); //let key_params = Self::key_params::(); @@ -261,65 +266,74 @@ where impl DigestSigner> for EcSigner where - C: PrimeCurve + CurveArithmetic, + C: PrimeCurve + CurveArithmetic + EcdsaCurve, C: AssociatedTpmCurve, - D: Digest + FixedOutput>, + D: Digest + FixedOutput, D: AssociatedHashingAlgorithm, - Scalar: Invert>> + SignPrimitive, - SignatureSize: ArrayLength, + Scalar: Invert>>, + SignatureSize: ArraySize, TpmDigest: From>, - MaxSize: ArrayLength, - as Add>::Output: Add + ArrayLength, + MaxSize: ArraySize, + as Add>::Output: Add + ArraySize, Ctx: TpmSigner, { - fn try_sign_digest(&self, digest: D) -> Result, SigError> { - let signature: Signature<_> = self.try_sign_digest(digest)?; + fn try_sign_digest Result<(), SigError>>( + &self, + f: F, + ) -> Result, SigError> { + let signature: Signature<_> = self.try_sign_digest(f)?; Ok(signature.to_der()) } } impl Signer> for EcSigner where - C: PrimeCurve + CurveArithmetic + DigestPrimitive, + C: PrimeCurve + CurveArithmetic + EcdsaCurve + DigestAlgorithm, C: AssociatedTpmCurve, - ::Digest: AssociatedHashingAlgorithm, - Scalar: Invert>> + SignPrimitive, - SignatureSize: ArrayLength, - TpmDigest: From::Digest>>, + ::Digest: AssociatedHashingAlgorithm, + Scalar: Invert>>, + SignatureSize: ArraySize, + TpmDigest: From::Digest>>, Ctx: TpmSigner, { fn try_sign(&self, msg: &[u8]) -> Result, SigError> { - self.try_sign_digest(C::Digest::new_with_prefix(msg)) + self.try_sign_digest(|d: &mut C::Digest| { + Digest::update(d, msg); + Ok(()) + }) } } impl Signer> for EcSigner where - C: PrimeCurve + CurveArithmetic + DigestPrimitive, + C: PrimeCurve + CurveArithmetic + EcdsaCurve + DigestAlgorithm, C: AssociatedTpmCurve, - ::Digest: AssociatedHashingAlgorithm, - Scalar: Invert>> + SignPrimitive, - SignatureSize: ArrayLength, - TpmDigest: From::Digest>>, + ::Digest: AssociatedHashingAlgorithm, + Scalar: Invert>>, + SignatureSize: ArraySize, + TpmDigest: From::Digest>>, - MaxSize: ArrayLength, - as Add>::Output: Add + ArrayLength, + MaxSize: ArraySize, + as Add>::Output: Add + ArraySize, Ctx: TpmSigner, { fn try_sign(&self, msg: &[u8]) -> Result, SigError> { - self.try_sign_digest(C::Digest::new_with_prefix(msg)) + self.try_sign_digest(|d: &mut C::Digest| { + Digest::update(d, msg); + Ok(()) + }) } } impl SignatureAlgorithmIdentifier for EcSigner where - C: PrimeCurve + CurveArithmetic, - Scalar: Invert>> + SignPrimitive, - SignatureSize: ArrayLength, + C: PrimeCurve + CurveArithmetic + EcdsaCurve, + Scalar: Invert>>, + SignatureSize: ArraySize, Signature: AssociatedAlgorithmIdentifier>, { type Params = AnyRef<'static>; @@ -446,7 +460,12 @@ mod rsa { TpmDigest: From>, Ctx: TpmSigner, { - fn try_sign_digest(&self, digest: D) -> Result { + fn try_sign_digest Result<(), SigError>>( + &self, + f: F, + ) -> Result { + let mut digest = D::new(); + f(&mut digest)?; let digest = TpmDigest::from(digest.finalize_fixed()); //let key_params = Self::key_params::(); @@ -467,10 +486,10 @@ mod rsa { Ctx: TpmSigner, { fn try_sign(&self, msg: &[u8]) -> Result { - let mut d = D::new(); - Digest::update(&mut d, msg); - - self.try_sign_digest(d) + self.try_sign_digest(|d: &mut D| { + Digest::update(d, msg); + Ok(()) + }) } } @@ -576,7 +595,12 @@ mod rsa { TpmDigest: From>, Ctx: TpmSigner, { - fn try_sign_digest(&self, digest: D) -> Result { + fn try_sign_digest Result<(), SigError>>( + &self, + f: F, + ) -> Result { + let mut digest = D::new(); + f(&mut digest)?; let digest = TpmDigest::from(digest.finalize_fixed()); let signature = self.context.sign(digest).map_err(SigError::from_source)?; @@ -595,10 +619,10 @@ mod rsa { Ctx: TpmSigner, { fn try_sign(&self, msg: &[u8]) -> Result { - let mut d = D::new(); - Digest::update(&mut d, msg); - - self.try_sign_digest(d) + self.try_sign_digest(|d: &mut D| { + Digest::update(d, msg); + Ok(()) + }) } } diff --git a/tss-esapi/src/abstraction/transient/mod.rs b/tss-esapi/src/abstraction/transient/mod.rs index 0b9c2d4f..3b43474c 100644 --- a/tss-esapi/src/abstraction/transient/mod.rs +++ b/tss-esapi/src/abstraction/transient/mod.rs @@ -154,7 +154,7 @@ impl TransientKeyContext { let key_auth = if auth_size > 0 { self.set_session_attrs()?; let mut random_bytes = vec![0u8; auth_size]; - getrandom::getrandom(&mut random_bytes).map_err(|_| { + getrandom::fill(&mut random_bytes).map_err(|_| { log::error!("Failed to obtain a random authvalue for key creation"); Error::WrapperError(ErrorKind::InternalError) })?; @@ -674,7 +674,7 @@ impl TransientKeyContextBuilder { let root_key_auth = if self.root_key_auth_size > 0 { let mut random = vec![0u8; self.root_key_auth_size]; - getrandom::getrandom(&mut random).map_err(|_| { + getrandom::fill(&mut random).map_err(|_| { log::error!("Failed to obtain a random value for root key authentication"); Error::WrapperError(ErrorKind::InternalError) })?; diff --git a/tss-esapi/src/context/tpm_commands/asymmetric_primitives.rs b/tss-esapi/src/context/tpm_commands/asymmetric_primitives.rs index 95c5f20e..97cb124f 100644 --- a/tss-esapi/src/context/tpm_commands/asymmetric_primitives.rs +++ b/tss-esapi/src/context/tpm_commands/asymmetric_primitives.rs @@ -102,6 +102,7 @@ impl Context { /// # RsaDecryptionScheme, HashScheme, SymmetricDefinition, /// # }, /// # }; + /// # use signature::rand_core::{OsRng, TryRngCore}; /// # use std::{env, str::FromStr, convert::TryFrom}; /// # // Create context /// # let mut context = @@ -128,7 +129,7 @@ impl Context { /// # .expect("Failed to set attributes on session"); /// # context.set_sessions((Some(session), None, None)); /// # let mut random_digest = vec![0u8; 16]; - /// # getrandom::getrandom(&mut random_digest).unwrap(); + /// # OsRng.try_fill_bytes(&mut random_digest).unwrap(); /// # let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); /// # /// // Create a key suitable for ECDH key generation @@ -238,6 +239,7 @@ impl Context { /// # RsaDecryptionScheme, HashScheme, SymmetricDefinition, /// # }, /// # }; + /// # use signature::rand_core::{OsRng, TryRngCore}; /// # use std::{env, str::FromStr, convert::TryFrom}; /// # // Create context /// # let mut context = @@ -264,7 +266,7 @@ impl Context { /// # .expect("Failed to set attributes on session"); /// # context.set_sessions((Some(session), None, None)); /// # let mut random_digest = vec![0u8; 16]; - /// # getrandom::getrandom(&mut random_digest).unwrap(); + /// # OsRng.try_fill_bytes(&mut random_digest).unwrap(); /// # let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); /// # /// // Create a key suitable for ECDH key generation diff --git a/tss-esapi/src/context/tpm_commands/context_management.rs b/tss-esapi/src/context/tpm_commands/context_management.rs index 02b70167..1994e31d 100644 --- a/tss-esapi/src/context/tpm_commands/context_management.rs +++ b/tss-esapi/src/context/tpm_commands/context_management.rs @@ -108,7 +108,7 @@ impl Context { /// // Execute context methods using the session /// context.execute_with_session(Some(session), |ctx| { /// let mut random_digest = vec![0u8; 16]; - /// getrandom::getrandom(&mut random_digest).expect("Call to getrandom failed"); + /// getrandom::fill(&mut random_digest).expect("Call to getrandom failed"); /// let key_auth = Auth::from_bytes(random_digest.as_slice()).expect("Failed to create Auth"); /// let key_handle = ctx /// .create_primary( diff --git a/tss-esapi/src/context/tpm_commands/symmetric_primitives.rs b/tss-esapi/src/context/tpm_commands/symmetric_primitives.rs index 797cb256..dca11471 100644 --- a/tss-esapi/src/context/tpm_commands/symmetric_primitives.rs +++ b/tss-esapi/src/context/tpm_commands/symmetric_primitives.rs @@ -57,7 +57,7 @@ impl Context { /// # .expect("Failed to set auth to empty for owner"); /// # // Create primary key auth /// # let mut random_digest = vec![0u8; 16]; - /// # getrandom::getrandom(&mut random_digest).expect("get_rand call failed"); + /// # getrandom::fill(&mut random_digest).expect("get_rand call failed"); /// # let primary_key_auth = Auth::from_bytes( /// # random_digest /// # .as_slice() @@ -103,7 +103,7 @@ impl Context { /// # .expect("Failed to create public for symmetric key public"); /// # // Create auth for the symmetric key /// # let mut random_digest = vec![0u8; 16]; - /// # getrandom::getrandom(&mut random_digest).expect("get_rand call failed"); + /// # getrandom::fill(&mut random_digest).expect("get_rand call failed"); /// # let symmetric_key_auth = Auth::from_bytes( /// # random_digest /// # .as_slice() diff --git a/tss-esapi/src/structures/buffers.rs b/tss-esapi/src/structures/buffers.rs index 7e6ef094..8734c83f 100644 --- a/tss-esapi/src/structures/buffers.rs +++ b/tss-esapi/src/structures/buffers.rs @@ -225,8 +225,8 @@ pub mod digest { #[cfg(feature = "rustcrypto")] mod rustcrypto { use digest::{ + array::Array, consts::{U20, U32, U48, U64}, - generic_array::GenericArray, typenum::Unsigned, }; @@ -234,15 +234,15 @@ pub mod digest { macro_rules! impl_from_digest { ($($size:ty),+) => { - $(impl From> for Digest { - fn from(mut value: GenericArray) -> Self { + $(impl From> for Digest { + fn from(mut value: Array) -> Self { let value_as_vec = value.as_slice().to_vec(); value.zeroize(); Digest(value_as_vec.into()) } } - impl TryFrom for GenericArray { + impl TryFrom for Array { type Error = Error; fn try_from(value: Digest) -> Result { diff --git a/tss-esapi/src/utils/credential.rs b/tss-esapi/src/utils/credential.rs new file mode 100644 index 00000000..34c07387 --- /dev/null +++ b/tss-esapi/src/utils/credential.rs @@ -0,0 +1,306 @@ +// Copyright 2025 Contributors to the Parsec project. +// SPDX-License-Identifier: Apache-2.0 + +use core::{ + marker::PhantomData, + ops::{Add, Mul}, +}; + +use cfb_mode::cipher::{AsyncStreamCipher, BlockCipherEncrypt}; +use digest::{ + array::ArraySize, + consts::{B1, U8}, + crypto_common::{Iv, KeyIvInit, KeySizeUser, WeakKeyError}, + typenum::{ + operator_aliases::{Add1, Sum}, + Unsigned, + }, + Digest, FixedOutputReset, Key, KeyInit, Mac, OutputSizeUser, +}; +use ecdsa::elliptic_curve::{ + ecdh::{EphemeralSecret, SharedSecret}, + sec1::{Coordinates, FromEncodedPoint, ModulusSize, ToEncodedPoint}, + AffinePoint, Curve, CurveArithmetic, FieldBytesSize, PublicKey, +}; +use hmac::{EagerHash, Hmac}; +use log::error; +use rand::rng; +use zeroize::Zeroizing; + +#[cfg(feature = "rsa")] +use { + digest::DynDigest, + rand::Rng, + rsa::{Oaep, RsaPublicKey}, +}; + +use crate::{ + error::{Error, Result, WrapperErrorKind}, + structures::{EncryptedSecret, IdObject, Name}, + utils::kdf::{self}, +}; + +type WeakResult = core::result::Result; + +// [`TpmHmac`] intends to code for the key expected for hmac +// in the KDFa and KDFe derivations. There are no standard sizes for hmac keys really, +// upstream RustCrypto considers it to be [BlockSize], but TPM specification +// has a different opinion on the matter, and expect the key to the output +// bit size of the hash algorithm used. +// +// See https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=202 +// section 24.5 HMAC: +// bits the number of bits in the digest produced by ekNameAlg +// +// [BlockSize]: https://docs.rs/hmac/0.12.1/hmac/struct.HmacCore.html#impl-KeySizeUser-for-HmacCore%3CD%3E +struct TpmHmac(PhantomData); + +impl KeySizeUser for TpmHmac +where + H: OutputSizeUser, +{ + type KeySize = H::OutputSize; +} + +/// [`make_credential_ecc`] creates a credential that will only be decrypted by the target +/// elliptic-curve EK. +/// +/// # Parameters +/// +/// * `ek_public` is the EC Public key of the Endorsement Key, +/// * `secret` is the serialization of the credential, +/// * `name` will usually be the AK held on the TPM. +pub fn make_credential_ecc( + ek_public: PublicKey, + secret: &[u8], + key_name: Name, +) -> Result<(IdObject, EncryptedSecret)> +where + C: Curve + CurveArithmetic, + + AffinePoint: FromEncodedPoint + ToEncodedPoint, + FieldBytesSize: ModulusSize, + + as Add>::Output: Add>, + Sum, FieldBytesSize>: ArraySize, + Sum, FieldBytesSize>: Add, + Sum, FieldBytesSize>, U8>: Add, + Add1, FieldBytesSize>, U8>>: ArraySize, + + EkHash: Digest + EagerHash + FixedOutputReset, + ::OutputSize: Mul, + <::OutputSize as Mul>::Output: Unsigned, + <::Core as OutputSizeUser>::OutputSize: ArraySize + Mul, + <<::Core as OutputSizeUser>::OutputSize as Mul>::Output: Unsigned, + + EkCipher: KeySizeUser + BlockCipherEncrypt + KeyInit, + ::KeySize: Mul, + <::KeySize as Mul>::Output: ArraySize, +{ + let mut rng = rng(); + + loop { + // See Table 22 - Key Generation for the various labels used here after: + // https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=183 + + // C.6.4. ECC Secret Sharing for Credentials + // https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=311 + let local = EphemeralSecret::::random(&mut rng); + + let ecdh_secret: SharedSecret = local.diffie_hellman(&ek_public); + let local_public = local.public_key(); + drop(local); + + let seed = kdf::kdfe::>( + &ecdh_secret, + &local_public, + &ek_public, + )?; + drop(ecdh_secret); + + // The local ECDH pair is used as "encrypted seed" + let encoded_point = local_public.to_encoded_point(false); + let Coordinates::Uncompressed { + x: point_x, + y: point_y, + } = encoded_point.coordinates() + else { + // NOTE: The only way this could trigger would be for the local key to be identity. + error!("Couldn't compute coordinates for the local public key"); + return Err(Error::local_error(WrapperErrorKind::InvalidParam)); + }; + let encrypted_seed = { + let mut out = vec![]; + out.extend_from_slice(&FieldBytesSize::::U16.to_be_bytes()[..]); + out.extend_from_slice(point_x); + out.extend_from_slice(&FieldBytesSize::::U16.to_be_bytes()[..]); + out.extend_from_slice(point_y); + out + }; + let encrypted_secret = EncryptedSecret::from_bytes(&encrypted_seed)?; + + match secret_to_credential::(seed, secret, &key_name)? { + Ok(id_object) => return Ok((id_object, encrypted_secret)), + Err(WeakKeyError) => { + // 11.4.10.4 Rejection of weak keys + // https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=82 + + // The Key was considered weak, and we should re-run the creation of the encrypted + // secret. + continue; + } + } + } +} + +/// [`make_credential_rsa`] creates a credential that will only be decrypted by the target RSA EK. +/// +/// # Parameters +/// +/// * `ek_public` is the RSA Public key of the Endorsement Key, +/// * `secret` is the serialization of the credential, +/// * `name` will usually be the AK held on the TPM. +#[cfg(feature = "rsa")] +pub fn make_credential_rsa( + ek_public: &RsaPublicKey, + secret: &[u8], + key_name: Name, +) -> Result<(IdObject, EncryptedSecret)> +where + EkHash: Digest + DynDigest + Send + Sync + 'static, + EkHash: EagerHash + FixedOutputReset, + ::OutputSize: Mul, + <::OutputSize as Mul>::Output: Unsigned, + <::Core as OutputSizeUser>::OutputSize: ArraySize + Mul, + <<::Core as OutputSizeUser>::OutputSize as Mul>::Output: Unsigned, + + EkCipher: KeySizeUser + BlockCipherEncrypt + KeyInit, + ::KeySize: Mul, + <::KeySize as Mul>::Output: ArraySize, +{ + let mut rng = rng(); + + loop { + // See Table 22 - Key Generation for the various labels used here after: + // https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=183 + + // B.10.4 RSA Secret Sharing for Credentials + // https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=302 + let random_seed = { + let mut out = Key::>::default(); + rng.fill(out.as_mut_slice()); + out + }; + + // The random seed is then encrypted with RSA-OAEP + // + // B.4 RSAES_OAEP + // https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=297 + // + // The label is a byte-stream whose last byte must be zero + // + // B.10.4. RSA Secret Sharing for Credentials + // https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=302 + // + // The label is going to be "IDENTITY" for secret sharing. + let encrypted_seed = { + let padding = Oaep::new_with_label::(b"IDENTITY\0".to_vec()); + ek_public + .encrypt(&mut rng, padding, &random_seed[..]) + .map_err(|e| { + error!("RSA OAEP encryption error: {e}"); + Error::local_error(WrapperErrorKind::InternalError) + })? + }; + let encrypted_secret = EncryptedSecret::from_bytes(&encrypted_seed)?; + + match secret_to_credential::(random_seed, secret, &key_name)? { + Ok(id_object) => return Ok((id_object, encrypted_secret)), + Err(WeakKeyError) => { + // 11.4.10.4 Rejection of weak keys + // https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=82 + + // The Key was considered weak, and we should re-run the creation of the encrypted + // secret. + continue; + } + } + } +} + +fn secret_to_credential( + seed: Key>, + secret: &[u8], + key_name: &Name, +) -> Result> +where + EkHash: Digest + EagerHash + FixedOutputReset, + ::OutputSize: Mul, + <::OutputSize as Mul>::Output: Unsigned, + <::Core as OutputSizeUser>::OutputSize: ArraySize + Mul, + <<::Core as OutputSizeUser>::OutputSize as Mul>::Output: Unsigned, + + EkCipher: KeySizeUser + BlockCipherEncrypt + KeyInit, + ::KeySize: Mul, + <::KeySize as Mul>::Output: ArraySize, +{ + // Prepare the sensitive data + // this will be then encrypted using AES-CFB (size of the symmetric key depends on the EK). + let mut sensitive_data = { + let mut out = Zeroizing::new(vec![]); + out.extend_from_slice( + &u16::try_from(secret.len()) + .map_err(|_| { + error!("secret may only be 2^16 bytes long"); + Error::local_error(WrapperErrorKind::WrongParamSize) + })? + .to_be_bytes()[..], + ); + out.extend_from_slice(secret); + out + }; + + // We'll now encrypt the sensitive data, and hmac the result of the encryption + // https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=201 + // See 24.4 Symmetric Encryption + let sym_key = kdf::kdfa::(&seed, key_name.value(), &[])?; + + if EkCipher::weak_key_test(&sym_key).is_err() { + // 11.4.10.4 Rejection of weak keys + // https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=82 + // The Key was considered weak, and we should re-run the creation of the encrypted + // secret. + + return Ok(Err(WeakKeyError)); + } + + let iv: Iv> = Default::default(); + + cfb_mode::Encryptor::::new(&sym_key, &iv).encrypt(&mut sensitive_data); + + // See 24.5 HMAC + let hmac_key = kdf::kdfa::>(&seed, &[], &[])?; + let mut hmac = Hmac::::new_from_slice(&hmac_key).map_err(|e| { + error!("HMAC initialization error: {e}"); + Error::local_error(WrapperErrorKind::WrongParamSize) + })?; + Mac::update(&mut hmac, &sensitive_data); + Mac::update(&mut hmac, key_name.value()); + let hmac = hmac.finalize(); + + // We'll now serialize the object and get everything through the door. + let mut out = vec![]; + out.extend_from_slice( + &u16::try_from(hmac.into_bytes().len()) + .map_err(|_| { + // NOTE: this shouldn't ever trigger ... but ... + error!("HMAC output may only be 2^16 bytes long"); + Error::local_error(WrapperErrorKind::WrongParamSize) + })? + .to_be_bytes()[..], + ); + out.extend_from_slice(&hmac.into_bytes()); + out.extend_from_slice(&sensitive_data); + + IdObject::from_bytes(&out).map(Ok) +} diff --git a/tss-esapi/src/utils/kdf.rs b/tss-esapi/src/utils/kdf.rs new file mode 100644 index 00000000..075b22d4 --- /dev/null +++ b/tss-esapi/src/utils/kdf.rs @@ -0,0 +1,243 @@ +// Copyright 2025 Contributors to the Parsec project. +// SPDX-License-Identifier: Apache-2.0 + +use core::ops::{Add, Mul}; + +use digest::{ + array::{Array, ArraySize}, + consts::{B1, U3, U6, U7, U8, U9}, + crypto_common::KeySizeUser, + typenum::{ + operator_aliases::{Add1, Sum}, + Unsigned, + }, + Digest, FixedOutputReset, Key, OutputSizeUser, +}; +use ecdsa::elliptic_curve::{ + ecdh::SharedSecret, + point::AffineCoordinates, + sec1::{FromEncodedPoint, ModulusSize, ToEncodedPoint}, + AffinePoint, Curve, CurveArithmetic, FieldBytesSize, PublicKey, +}; +use hmac::{EagerHash, Hmac}; +use kbkdf::{Counter, Kbkdf, Params}; +use log::error; + +use crate::{Error, Result, WrapperErrorKind}; + +/// Label to be applied when deriving a key with either [`kdfa`] or [`kdfe`] +// Note: until generic_const_expr stabilize, we will have to carry a const parameter on the trait, +// once that's stable, we should be able to do `const LABEL: [u8; Self::LabelSize]` +// Until then, the preferred implementation would be using `impl_kdf_label` macro, as it should be +// misuse-resistant. +pub trait KdfLabel { + type LabelSize: Unsigned; + const LABEL: &'static [u8]; +} + +macro_rules! impl_kdf_label { + ($usage:ty, $size: ty, $value: expr) => { + impl KdfLabel for $usage { + type LabelSize = $size; + const LABEL: &'static [u8] = { + // This is only to make sure at compile-time the label has the correct size + let _: [u8; <$size>::USIZE] = *$value; + $value + }; + } + }; +} + +#[derive(Copy, Clone, Debug)] +pub struct Secret; +impl_kdf_label!(Secret, U6, b"SECRET"); + +#[derive(Copy, Clone, Debug)] +pub struct Context; +impl_kdf_label!(Context, U7, b"CONTEXT"); + +#[derive(Copy, Clone, Debug)] +pub struct Obfuscate; +impl_kdf_label!(Obfuscate, U9, b"OBFUSCATE"); + +#[derive(Copy, Clone, Debug)] +pub struct Storage; +impl_kdf_label!(Storage, U7, b"STORAGE"); + +#[derive(Copy, Clone, Debug)] +pub struct Integrity; +impl_kdf_label!(Integrity, U9, b"INTEGRITY"); + +#[derive(Copy, Clone, Debug)] +pub struct Commit; +impl_kdf_label!(Commit, U6, b"COMMIT"); + +#[derive(Copy, Clone, Debug)] +pub struct Cfb; +impl_kdf_label!(Cfb, U3, b"CFB"); + +#[derive(Copy, Clone, Debug)] +pub struct Xor; +impl_kdf_label!(Xor, U3, b"XOR"); + +#[derive(Copy, Clone, Debug)] +pub struct Session; +impl_kdf_label!(Session, U7, b"SESSION"); + +#[derive(Copy, Clone, Debug)] +pub struct Identity; +impl_kdf_label!(Identity, U8, b"IDENTITY"); + +type LabelAndUAndV = Add1, FieldBytesSize>, N>>; + +pub fn kdfa(key: &[u8], context_u: &[u8], context_v: &[u8]) -> Result> +where + L: KdfLabel, + + H: Digest + FixedOutputReset + EagerHash, + K: KeySizeUser, + + K::KeySize: ArraySize + Mul, + >::Output: Unsigned, + + <::Core as OutputSizeUser>::OutputSize: ArraySize + Mul, + <<::Core as OutputSizeUser>::OutputSize as Mul>::Output: Unsigned, +{ + let mut context = Vec::with_capacity(context_u.len() + context_v.len()); + context.extend_from_slice(context_u); + context.extend_from_slice(context_v); + + let kdf = Counter::, K>::default(); + kdf.derive( + Params::builder(key) + .with_label(L::LABEL) + .with_context(&context) + .build(), + ) + .map_err(|e| { + error!("KDFa derivation error: {e}"); + Error::local_error(WrapperErrorKind::InternalError) + }) +} + +pub fn kdfe( + z: &SharedSecret, + party_u_info: &PublicKey, + party_v_info: &PublicKey, +) -> Result> +where + L: KdfLabel, + + H: Digest + FixedOutputReset, + C: Curve + CurveArithmetic, + K: KeySizeUser, + + AffinePoint: FromEncodedPoint + ToEncodedPoint, + FieldBytesSize: ModulusSize, + + as Add>::Output: Add>, + Sum, FieldBytesSize>: Add, + Sum, FieldBytesSize>, L::LabelSize>: Add, + Add1, FieldBytesSize>, L::LabelSize>>: ArraySize, +{ + let mut key = Key::::default(); + + let mut other_info = Array::>::default(); + other_info[..L::LabelSize::USIZE].copy_from_slice(L::LABEL); + other_info[L::LabelSize::USIZE] = 0; + + other_info[L::LabelSize::USIZE + 1..L::LabelSize::USIZE + 1 + FieldBytesSize::::USIZE] + .copy_from_slice(&party_u_info.as_affine().x()); + other_info[L::LabelSize::USIZE + 1 + FieldBytesSize::::USIZE..] + .copy_from_slice(&party_v_info.as_affine().x()); + + concat_kdf::derive_key_into::(z.raw_secret_bytes(), &other_info, &mut key).map_err(|e| { + error!("KDFe derivation error: {e}"); + Error::local_error(WrapperErrorKind::InternalError) + })?; + + Ok(key) +} + +#[cfg(test)] +mod tests { + use super::*; + + use aes::Aes256; + use hex_literal::hex; + use sha2::Sha256; + + #[test] + fn test_kdfe() { + struct Vector { + shared_secret: [u8; S], + local_key: [u8; K], + remote_key: [u8; K], + expected: [u8; E], + } + + // Test vectors here were manually generated from tpm2-pytss + static TEST_VECTORS_SHA256: [Vector< + { FieldBytesSize::::USIZE }, + { as ModulusSize>::CompressedPointSize::USIZE }, + 32, + >; 2] = [ + Vector { + shared_secret: hex!( + "c75afb6f49c941ef194b232d7615769f5152d20de5dee19a991067f337dd65bc" + ), + local_key: hex!( + "031ba4030de068a2f07919c42ef6b19f302884f35f45e7d4e4bb90ffbb0bd9d099" + ), + remote_key: hex!( + "038f2b219a29c2ff9ba69cedff2d08d33a5dbca3da6bc8af8acd3ff6f5ec4dfbef" + ), + expected: hex!("e3a0079db19724f9b76101e9364c4a149cea3501336abc3b603f94b22b6309a5"), + }, + Vector { + shared_secret: hex!( + "a90a1c095155428500ed19e87c0df078df3dd2e66a0e3bbe664ba9ff62113b4a" + ), + local_key: hex!( + "03e9c7d6a853ba6176b65ec2f328bdea25f61c4e1b23a4e1c08e1da8c723381a04" + ), + remote_key: hex!( + "036ccf059628d3cdf8e1b4c4ba6d14696ba51cc8d4a96df4016f0b214782d5cee6" + ), + expected: hex!("865f8093e2c4b801dc8c236eeb2806c7b1c51c2cb04101c035f7f2511ea0aeda"), + }, + ]; + + for v in &TEST_VECTORS_SHA256 { + let out = kdfe::( + &SharedSecret::from(Array::from(v.shared_secret)), + &PublicKey::try_from(Array::from(v.local_key)).unwrap(), + &PublicKey::try_from(Array::from(v.remote_key)).unwrap(), + ) + .unwrap(); + assert_eq!(out, v.expected); + } + } + + #[test] + fn test_kdfa() { + struct Vector { + key: &'static [u8], + context_u: &'static [u8], + context_v: &'static [u8], + expected: &'static [u8], + } + + static TEST_VECTORS_SHA256: [Vector; 1] = [Vector { + key: &hex!("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"), + context_u: b"", + context_v: &hex!("0506070809"), + expected: &hex!("de275f7f5cfeaac226b30d42377903b34705f178730d96400ccafb736e3d28a4"), + }]; + + for v in &TEST_VECTORS_SHA256 { + let out = kdfa::(v.key, v.context_u, v.context_v).unwrap(); + assert_eq!(out.as_slice(), v.expected); + } + } +} diff --git a/tss-esapi/src/utils/mod.rs b/tss-esapi/src/utils/mod.rs index 3bce9096..89729c76 100644 --- a/tss-esapi/src/utils/mod.rs +++ b/tss-esapi/src/utils/mod.rs @@ -23,6 +23,16 @@ use crate::{Context, Error, Result, WrapperErrorKind}; use std::convert::TryFrom; use zeroize::Zeroize; +#[cfg(feature = "rustcrypto")] +mod credential; +#[cfg(feature = "rustcrypto")] +pub mod kdf; + +#[cfg(feature = "rustcrypto")] +pub use self::credential::make_credential_ecc; +#[cfg(all(feature = "rustcrypto", feature = "rsa"))] +pub use self::credential::make_credential_rsa; + /// Create the [Public] structure for a restricted decryption key. /// /// * `symmetric` - Cipher to be used for decrypting children of the key diff --git a/tss-esapi/tests/integration_tests/abstraction_tests/credential_tests.rs b/tss-esapi/tests/integration_tests/abstraction_tests/credential_tests.rs new file mode 100644 index 00000000..58b86c2e --- /dev/null +++ b/tss-esapi/tests/integration_tests/abstraction_tests/credential_tests.rs @@ -0,0 +1,222 @@ +// Copyright 2025 Contributors to the Parsec project. +// SPDX-License-Identifier: Apache-2.0 + +use tss_esapi::{ + abstraction::{ak, ek, AsymmetricAlgorithmSelection}, + attributes::SessionAttributesBuilder, + constants::SessionType, + handles::AuthHandle, + interface_types::{ + algorithm::{HashingAlgorithm, SignatureSchemeAlgorithm}, + ecc::EccCurve, + key_bits::RsaKeyBits, + session_handles::PolicySession, + }, + structures::{Digest, SymmetricDefinition}, + utils, +}; + +use elliptic_curve::PublicKey; +use rsa::RsaPublicKey; + +use crate::common::create_ctx_without_session; + +#[test] +fn test_credential_ecc() { + let mut context = create_ctx_without_session(); + + let ek_ecc = ek::create_ek_object( + &mut context, + AsymmetricAlgorithmSelection::Ecc(EccCurve::NistP256), + None, + ) + .unwrap(); + + let (ek_pub, _, _) = context.read_public(ek_ecc).unwrap(); + + let ak_res = ak::create_ak( + &mut context, + ek_ecc, + HashingAlgorithm::Sha384, + AsymmetricAlgorithmSelection::Ecc(EccCurve::NistP384), + SignatureSchemeAlgorithm::EcDsa, + None, + None, + ) + .unwrap(); + + let ak_ecc = ak::load_ak( + &mut context, + ek_ecc, + None, + ak_res.out_private, + ak_res.out_public, + ) + .unwrap(); + + let (_, key_name, _) = context.read_public(ak_ecc).unwrap(); + let cred = vec![1, 2, 3, 4, 5]; + let expected = Digest::try_from(vec![1, 2, 3, 4, 5]).unwrap(); + + let (credential_blob, secret) = utils::make_credential_ecc::<_, sha2::Sha256, aes::Aes128>( + PublicKey::::try_from(&ek_pub).unwrap(), + &cred, + key_name, + ) + .expect("Create credential"); + + let (session_attributes, session_attributes_mask) = SessionAttributesBuilder::new().build(); + let session_1 = context + .start_auth_session( + None, + None, + None, + SessionType::Hmac, + SymmetricDefinition::AES_256_CFB, + HashingAlgorithm::Sha256, + ) + .expect("Failed to call start_auth_session") + .expect("Failed invalid session value"); + context + .tr_sess_set_attributes(session_1, session_attributes, session_attributes_mask) + .unwrap(); + + let session_2 = context + .start_auth_session( + None, + None, + None, + SessionType::Policy, + SymmetricDefinition::AES_256_CFB, + HashingAlgorithm::Sha256, + ) + .expect("Failed to call start_auth_session") + .expect("Failed invalid session value"); + context + .tr_sess_set_attributes(session_2, session_attributes, session_attributes_mask) + .expect("Failed to call tr_sess_set_attributes"); + + let _ = context + .execute_with_session(Some(session_1), |ctx| { + ctx.policy_secret( + PolicySession::try_from(session_2) + .expect("Failed to convert auth session to policy session"), + AuthHandle::Endorsement, + Default::default(), + Default::default(), + Default::default(), + None, + ) + }) + .unwrap(); + + context.set_sessions((Some(session_1), Some(session_2), None)); + let decrypted = context + .activate_credential(ak_ecc, ek_ecc, credential_blob, secret) + .unwrap(); + + assert_eq!(expected, decrypted); + + context.flush_context(ek_ecc.into()).unwrap(); + context.flush_context(ak_ecc.into()).unwrap(); +} + +#[test] +fn test_credential_rsa() { + let mut context = create_ctx_without_session(); + + let ek_rsa = ek::create_ek_object( + &mut context, + AsymmetricAlgorithmSelection::Rsa(RsaKeyBits::Rsa2048), + None, + ) + .unwrap(); + + let (ek_pub, _, _) = context.read_public(ek_rsa).unwrap(); + + let ak_res = ak::create_ak( + &mut context, + ek_rsa, + HashingAlgorithm::Sha256, + AsymmetricAlgorithmSelection::Rsa(RsaKeyBits::Rsa2048), + SignatureSchemeAlgorithm::RsaPss, + None, + None, + ) + .unwrap(); + + let ak_rsa = ak::load_ak( + &mut context, + ek_rsa, + None, + ak_res.out_private, + ak_res.out_public, + ) + .unwrap(); + + let (_, key_name, _) = context.read_public(ak_rsa).unwrap(); + let cred = vec![1, 2, 3, 4, 5]; + let expected = Digest::try_from(vec![1, 2, 3, 4, 5]).unwrap(); + + let (credential_blob, secret) = utils::make_credential_rsa::( + &RsaPublicKey::try_from(&ek_pub).unwrap(), + &cred, + key_name, + ) + .expect("Create credential"); + + let (session_attributes, session_attributes_mask) = SessionAttributesBuilder::new().build(); + let session_1 = context + .start_auth_session( + None, + None, + None, + SessionType::Hmac, + SymmetricDefinition::AES_256_CFB, + HashingAlgorithm::Sha256, + ) + .expect("Failed to call start_auth_session") + .expect("Failed invalid session value"); + context + .tr_sess_set_attributes(session_1, session_attributes, session_attributes_mask) + .unwrap(); + + let session_2 = context + .start_auth_session( + None, + None, + None, + SessionType::Policy, + SymmetricDefinition::AES_256_CFB, + HashingAlgorithm::Sha256, + ) + .expect("Failed to call start_auth_session") + .expect("Failed invalid session value"); + context + .tr_sess_set_attributes(session_2, session_attributes, session_attributes_mask) + .expect("Failed to call tr_sess_set_attributes"); + + let _ = context + .execute_with_session(Some(session_1), |ctx| { + ctx.policy_secret( + PolicySession::try_from(session_2) + .expect("Failed to convert auth session to policy session"), + AuthHandle::Endorsement, + Default::default(), + Default::default(), + Default::default(), + None, + ) + }) + .unwrap(); + + context.set_sessions((Some(session_1), Some(session_2), None)); + let decrypted = context + .activate_credential(ak_rsa, ek_rsa, credential_blob, secret) + .unwrap(); + + assert_eq!(expected, decrypted); + + context.flush_context(ek_rsa.into()).unwrap(); + context.flush_context(ak_rsa.into()).unwrap(); +} diff --git a/tss-esapi/tests/integration_tests/abstraction_tests/mod.rs b/tss-esapi/tests/integration_tests/abstraction_tests/mod.rs index 2d56d05e..0e2b500a 100644 --- a/tss-esapi/tests/integration_tests/abstraction_tests/mod.rs +++ b/tss-esapi/tests/integration_tests/abstraction_tests/mod.rs @@ -1,6 +1,7 @@ // Copyright 2021 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 mod ak_tests; +mod credential_tests; mod ek_tests; mod no_tpm; mod nv_tests; diff --git a/tss-esapi/tests/integration_tests/abstraction_tests/public_tests.rs b/tss-esapi/tests/integration_tests/abstraction_tests/public_tests.rs index 582d9817..6e9fb7df 100644 --- a/tss-esapi/tests/integration_tests/abstraction_tests/public_tests.rs +++ b/tss-esapi/tests/integration_tests/abstraction_tests/public_tests.rs @@ -2,7 +2,7 @@ // SPDX-License-Identifier: Apache-2.0 mod public_rsa_test { - use rsa::{pkcs1, traits::PublicKeyParts, BigUint}; + use rsa::{pkcs1, traits::PublicKeyParts, BoxedUint}; use std::convert::TryFrom; use tss_esapi::{ attributes::ObjectAttributesBuilder, @@ -71,11 +71,11 @@ mod public_rsa_test { #[test] fn test_public_to_decoded_key_rsa() { let public_rsa = get_ext_rsa_pub(); - let default_exponent = BigUint::from(RSA_DEFAULT_EXP); + let default_exponent = BoxedUint::from(RSA_DEFAULT_EXP); let key = rsa::RsaPublicKey::try_from(&public_rsa) .expect("Failed to convert Public structure to DecodedKey (RSA)."); assert_eq!(key.e(), &default_exponent, "RSA exponents are not equal."); - assert_eq!(key.n().to_bytes_be(), RSA_KEY); + assert_eq!(key.n_bytes().as_ref(), RSA_KEY); } #[test] @@ -83,7 +83,7 @@ mod public_rsa_test { let public_rsa = get_ext_rsa_pub(); let key = SubjectPublicKeyInfoOwned::try_from(&public_rsa) .expect("Failed to convert Public structure to SubjectPublicKeyInfo (RSA)."); - let default_exponent = BigUint::from(RSA_DEFAULT_EXP); + let default_exponent = BoxedUint::from(RSA_DEFAULT_EXP); assert_eq!(key.algorithm, pkcs1::ALGORITHM_ID.ref_to_owned()); let pkcs1_key = pkcs1::RsaPublicKey::try_from( key.subject_public_key @@ -94,7 +94,7 @@ mod public_rsa_test { assert_eq!( pkcs1_key.public_exponent.as_bytes(), - default_exponent.to_bytes_be() + default_exponent.to_be_bytes_trimmed_vartime().as_ref() ); assert_eq!(pkcs1_key.modulus.as_bytes(), RSA_KEY); } diff --git a/tss-esapi/tests/integration_tests/abstraction_tests/transient_key_context_tests.rs b/tss-esapi/tests/integration_tests/abstraction_tests/transient_key_context_tests.rs index 8d6e6433..6c21ca46 100644 --- a/tss-esapi/tests/integration_tests/abstraction_tests/transient_key_context_tests.rs +++ b/tss-esapi/tests/integration_tests/abstraction_tests/transient_key_context_tests.rs @@ -518,7 +518,7 @@ fn ctx_migration_test() { // one for just the public part of the key let mut basic_ctx = crate::common::create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let prim_key_handle = basic_ctx .create_primary( @@ -902,10 +902,10 @@ fn sign_csr() { let subject = Name::from_str("CN=tpm.example").expect("Parse common name"); let signer = EcSigner::::new((Mutex::new(&mut ctx), tpm_km, key_params, None)) .expect("Create a signer"); - let builder = RequestBuilder::new(subject, &signer).expect("Create certificate request"); + let builder = RequestBuilder::new(subject).expect("Create certificate request"); let cert_req = builder - .build::() + .build::<_, p256::ecdsa::DerSignature>(&signer) .expect("Sign a CSR"); println!( @@ -927,12 +927,19 @@ fn sign_p256_sha2_256() { .expect("Create a signer"); let payload = b"Example of ECDSA with P-256"; - let mut hash = Sha256::new(); - hash.update(payload); - let signature: p256::ecdsa::Signature = signer.sign_digest(hash.clone()); + let signature: p256::ecdsa::Signature = + signer.sign_digest(|hash: &mut Sha256| hash.update(payload)); let verifying_key: VerifyingKey = *signer.as_ref(); - assert!(verifying_key.verify_digest(hash, &signature).is_ok()); + assert!(verifying_key + .verify_digest( + |hash: &mut Sha256| { + hash.update(payload); + Ok(()) + }, + &signature + ) + .is_ok()); } // NOTE(baloo): I believe this is a legitimate case, but support is not available yet in libtpms (or swtpm) @@ -958,13 +965,19 @@ fn sign_p256_sha3_256() { .expect("Create a signer"); let payload = b"Example of ECDSA with P-256"; - let mut hash = Sha3_256::new(); - hash.update(payload); let signature = as DigestSigner>::sign_digest( &signer, - hash.clone(), + |hash: &mut Sha3_256| hash.update(payload), ); let verifying_key: VerifyingKey = *signer.as_ref(); - assert!(verifying_key.verify_digest(hash, &signature).is_ok()); + assert!(verifying_key + .verify_digest( + |hash: &mut Sha3_256| { + hash.update(payload); + Ok(()) + }, + &signature + ) + .is_ok()); } diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/asymmetric_primitives_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/asymmetric_primitives_tests.rs index c42f60e6..19653433 100644 --- a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/asymmetric_primitives_tests.rs +++ b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/asymmetric_primitives_tests.rs @@ -20,7 +20,7 @@ mod test_rsa_encrypt_decrypt { fn test_encrypt_decrypt() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -61,7 +61,7 @@ mod test_rsa_encrypt_decrypt { fn test_ecdh() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let ecc_parms = PublicEccParametersBuilder::new() diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/context_management_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/context_management_tests.rs index b2a3adca..8f204b37 100644 --- a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/context_management_tests.rs +++ b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/context_management_tests.rs @@ -8,7 +8,7 @@ mod test_ctx_save { fn test_ctx_save() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -29,7 +29,7 @@ mod test_ctx_save { fn test_ctx_save_leaf() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let prim_key_handle = context @@ -73,7 +73,7 @@ mod test_ctx_load { fn test_ctx_load() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let prim_key_handle = context .create_primary( @@ -116,7 +116,7 @@ mod test_flush_context { fn test_flush_ctx() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -138,7 +138,7 @@ mod test_flush_context { fn test_flush_parent_ctx() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let prim_key_handle = context diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/enhanced_authorization_ea_commands_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/enhanced_authorization_ea_commands_tests.rs index f7a39dcf..aaf0fcbc 100644 --- a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/enhanced_authorization_ea_commands_tests.rs +++ b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/enhanced_authorization_ea_commands_tests.rs @@ -518,7 +518,7 @@ mod test_policy_authorize { fn test_policy_authorize() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/hierarchy_commands_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/hierarchy_commands_tests.rs index 4fc73dea..5240b670 100644 --- a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/hierarchy_commands_tests.rs +++ b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/hierarchy_commands_tests.rs @@ -10,7 +10,7 @@ mod test_create_primary { fn test_create_primary() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -95,7 +95,7 @@ mod test_change_auth { .unwrap(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let new_key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let new_private = context @@ -111,7 +111,7 @@ mod test_change_auth { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let new_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); // NOTE: If this test failed on your system, you are probably running it against a diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/object_commands_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/object_commands_tests.rs index a6b037ed..1cc1e9f8 100644 --- a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/object_commands_tests.rs +++ b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/object_commands_tests.rs @@ -8,7 +8,7 @@ mod test_create { fn test_create() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let prim_key_handle = context @@ -44,7 +44,7 @@ mod test_load { fn test_load() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let prim_key_handle = context @@ -238,7 +238,7 @@ mod test_read_public { fn test_read_public() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/signing_and_signature_verification_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/signing_and_signature_verification_tests.rs index 499aa9fd..adda2165 100644 --- a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/signing_and_signature_verification_tests.rs +++ b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/signing_and_signature_verification_tests.rs @@ -12,7 +12,7 @@ mod test_verify_signature { fn test_verify_signature() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -49,7 +49,7 @@ mod test_verify_signature { fn test_verify_wrong_signature() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -96,7 +96,7 @@ mod test_verify_signature { fn test_verify_wrong_signature_2() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -133,7 +133,7 @@ mod test_verify_signature { fn test_verify_wrong_signature_3() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -203,7 +203,7 @@ mod test_sign { fn test_sign() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -232,7 +232,7 @@ mod test_sign { fn test_sign_empty_digest() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -261,7 +261,7 @@ mod test_sign { fn test_sign_large_digest() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -297,7 +297,7 @@ mod test_sign { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -306,7 +306,7 @@ mod test_sign { .key_handle; let mut random = vec![0u8; 47]; - getrandom::getrandom(&mut random).unwrap(); + getrandom::fill(&mut random).unwrap(); let signer = EcSigner::::new((Mutex::new(&mut context), key_handle)).unwrap(); let verifying_key = signer.verifying_key(); @@ -320,7 +320,7 @@ mod test_sign { fn test_sign_signer_rsa_pkcs() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -336,7 +336,7 @@ mod test_sign { .key_handle; let mut payload = vec![0u8; 47]; - getrandom::getrandom(&mut payload).unwrap(); + getrandom::fill(&mut payload).unwrap(); let signer = RsaPkcsSigner::<_, sha2::Sha256>::new((Mutex::new(&mut context), key_handle)).unwrap(); @@ -345,8 +345,15 @@ mod test_sign { verifying_key.verify(&payload, &signature).unwrap(); - let d = sha2::Sha256::new_with_prefix(&payload); - verifying_key.verify_digest(d, &signature).unwrap(); + verifying_key + .verify_digest( + |d: &mut sha2::Sha256| { + d.update(&payload); + Ok(()) + }, + &signature, + ) + .unwrap(); } #[cfg(feature = "rsa")] @@ -354,7 +361,7 @@ mod test_sign { fn test_sign_signer_rsa_pss() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let rsa_pss = utils::create_unrestricted_signing_rsa_public( @@ -371,7 +378,7 @@ mod test_sign { .key_handle; let mut payload = vec![0u8; 47]; - getrandom::getrandom(&mut payload).unwrap(); + getrandom::fill(&mut payload).unwrap(); let signer = RsaPssSigner::<_, sha2::Sha256>::new((Mutex::new(&mut context), key_handle)).unwrap(); @@ -380,7 +387,14 @@ mod test_sign { verifying_key.verify(&payload, &signature).unwrap(); - let d = sha2::Sha256::new_with_prefix(&payload); - verifying_key.verify_digest(d, &signature).unwrap(); + verifying_key + .verify_digest( + |d: &mut sha2::Sha256| { + d.update(&payload); + Ok(()) + }, + &signature, + ) + .unwrap(); } } diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/symmetric_primitives_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/symmetric_primitives_tests.rs index 165e97bc..c2518fee 100644 --- a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/symmetric_primitives_tests.rs +++ b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/symmetric_primitives_tests.rs @@ -25,7 +25,7 @@ mod test_encrypt_decrypt_2 { .expect("Failed to set auth to empty for owner"); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).expect("get_rand call failed"); + getrandom::fill(&mut random_digest).expect("get_rand call failed"); let primary_key_auth = Auth::from_bytes(random_digest.as_slice()).expect("Failed to create primary key auth"); @@ -70,7 +70,7 @@ mod test_encrypt_decrypt_2 { .expect("Failed to create public for symmetric key public"); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).expect("get_rand call failed"); + getrandom::fill(&mut random_digest).expect("get_rand call failed"); let symmetric_key_auth = Auth::from_bytes(random_digest.as_slice()) .expect("Failed to create symmetric key auth");