diff --git a/.gitignore b/.gitignore index aa859548..ff0be5fa 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,5 @@ *target **/*.rs.bk -*Cargo.lock *.swp *DS_Store *.patch diff --git a/Cargo.lock b/Cargo.lock new file mode 100644 index 00000000..15d57399 --- /dev/null +++ b/Cargo.lock @@ -0,0 +1,1367 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "aes" +version = "0.9.0-pre.3" +source = "git+https://github.com/RustCrypto/block-ciphers.git#fbb68f40b122909d92e40ee8a50112b6e5d0af8f" +dependencies = [ + "cfg-if", + "cipher", + "cpufeatures", +] + +[[package]] +name = "aho-corasick" +version = "1.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916" +dependencies = [ + "memchr", +] + +[[package]] +name = "anstream" +version = "0.6.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8acc5369981196006228e28809f761875c0327210a891e941f4c683b3a99529b" +dependencies = [ + "anstyle", + "anstyle-parse", + "anstyle-query", + "anstyle-wincon", + "colorchoice", + "is_terminal_polyfill", + "utf8parse", +] + +[[package]] +name = "anstyle" +version = "1.0.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "55cc3b69f167a1ef2e161439aa98aed94e6028e5f9a59be9a6ffb47aef1651f9" + +[[package]] +name = "anstyle-parse" +version = "0.2.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3b2d16507662817a6a20a9ea92df6652ee4f94f914589377d69f3b21bc5798a9" +dependencies = [ + "utf8parse", +] + +[[package]] +name = "anstyle-query" +version = "1.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "79947af37f4177cfead1110013d678905c37501914fba0efea834c3fe9a8d60c" +dependencies = [ + "windows-sys", +] + +[[package]] +name = "anstyle-wincon" +version = "3.0.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6680de5231bd6ee4c6191b8a1325daa282b415391ec9d3a37bd34f2060dc73fa" +dependencies = [ + "anstyle", + "once_cell_polyfill", + "windows-sys", +] + +[[package]] +name = "autocfg" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26" + +[[package]] +name = "base16ct" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" + +[[package]] +name = "base64ct" +version = "1.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "89e25b6adfb930f02d1981565a6e5d9c547ac15a96606256d3b59040e5cd4ca3" + +[[package]] +name = "bindgen" +version = "0.70.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f49d8fed880d473ea71efb9bf597651e77201bdd4893efe54c9e5d65ae04ce6f" +dependencies = [ + "bitflags", + "cexpr", + "clang-sys", + "itertools", + "log", + "prettyplease", + "proc-macro2", + "quote", + "regex", + "rustc-hash", + "shlex", + "syn", +] + +[[package]] +name = "bitfield" +version = "0.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f798d2d157e547aa99aab0967df39edd0b70307312b6f8bd2848e6abe40896e0" + +[[package]] +name = "bitflags" +version = "2.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b8e56985ec62d17e9c1001dc89c88ecd7dc08e47eba5ec7c29c7b5eeecde967" + +[[package]] +name = "block-buffer" +version = "0.11.0-rc.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a229bfd78e4827c91b9b95784f69492c1b77c1ab75a45a8a037b139215086f94" +dependencies = [ + "hybrid-array", +] + +[[package]] +name = "cexpr" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" +dependencies = [ + "nom", +] + +[[package]] +name = "cfb-mode" +version = "0.9.0-pre" +source = "git+https://github.com/RustCrypto/block-modes.git#3ec1c8191dea30def40c033513bbc8bdb3a9cd78" +dependencies = [ + "cipher", +] + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "cipher" +version = "0.5.0-pre.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "276974d2acb7cf592603150941fc1ff6442acdeb1dc653ac2825928f4703c131" +dependencies = [ + "crypto-common", + "inout", +] + +[[package]] +name = "clang-sys" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" +dependencies = [ + "glob", + "libc", + "libloading", +] + +[[package]] +name = "colorchoice" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b63caa9aa9397e2d9480a9b13673856c78d8ac123288526c37d7839f2a86990" + +[[package]] +name = "concat-kdf" +version = "0.2.0-pre" +source = "git+https://github.com/RustCrypto/KDFs.git#b1d7fe67b3053deef498563adcf415ec631d1cd8" +dependencies = [ + "digest", +] + +[[package]] +name = "const-oid" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0dabb6555f92fb9ee4140454eb5dcd14c7960e1225c6d1a6cc361f032947713e" + +[[package]] +name = "cpufeatures" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280" +dependencies = [ + "libc", +] + +[[package]] +name = "crypto-bigint" +version = "0.7.0-pre.3" +source = "git+https://github.com/RustCrypto/crypto-bigint.git#38df76241f943e70951c3a814abfabc9ac965dd3" +dependencies = [ + "hybrid-array", + "num-traits", + "rand_core", + "serdect", + "subtle", + "zeroize", +] + +[[package]] +name = "crypto-common" +version = "0.2.0-rc.2" +source = "git+https://github.com/baloo/traits.git?branch=baloo/digest-newtype-master#2049843aa4608d1b31564d08c705272c87d4795e" +dependencies = [ + "hybrid-array", +] + +[[package]] +name = "crypto-primes" +version = "0.7.0-dev" +source = "git+https://github.com/entropyxyz/crypto-primes.git#04f927401b9eed948d4d26d149064cc292fea72e" +dependencies = [ + "crypto-bigint", + "libm", + "rand_core", +] + +[[package]] +name = "der" +version = "0.8.0-rc.2" +source = "git+https://github.com/RustCrypto/formats.git#070aa2ced20ca2b6a361326e20756060faae894a" +dependencies = [ + "const-oid", + "der_derive", + "flagset", + "pem-rfc7468", + "zeroize", +] + +[[package]] +name = "der_derive" +version = "0.8.0-rc.2" +source = "git+https://github.com/RustCrypto/formats.git#070aa2ced20ca2b6a361326e20756060faae894a" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "digest" +version = "0.11.0-pre.10" +source = "git+https://github.com/baloo/traits.git?branch=baloo/digest-newtype-master#2049843aa4608d1b31564d08c705272c87d4795e" +dependencies = [ + "block-buffer", + "const-oid", + "crypto-common", + "subtle", +] + +[[package]] +name = "ecdsa" +version = "0.17.0-pre.9" +source = "git+https://github.com/RustCrypto/signatures.git#6caf9afc4a8bf6c6b9422952023548287fd846e0" +dependencies = [ + "der", + "digest", + "elliptic-curve", + "rfc6979", + "signature", + "spki", + "zeroize", +] + +[[package]] +name = "either" +version = "1.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" + +[[package]] +name = "elliptic-curve" +version = "0.14.0-rc.1" +source = "git+https://github.com/baloo/traits.git?branch=baloo/digest-newtype-master#2049843aa4608d1b31564d08c705272c87d4795e" +dependencies = [ + "base16ct", + "crypto-bigint", + "digest", + "ff", + "group", + "hkdf", + "hybrid-array", + "pem-rfc7468", + "pkcs8", + "rand_core", + "sec1", + "subtle", + "zeroize", +] + +[[package]] +name = "enumflags2" +version = "0.7.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba2f4b465f5318854c6f8dd686ede6c0a9dc67d4b1ac241cf0eb51521a309147" +dependencies = [ + "enumflags2_derive", +] + +[[package]] +name = "enumflags2_derive" +version = "0.7.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc4caf64a58d7a6d65ab00639b046ff54399a39f5f2554728895ace4b297cd79" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "env_filter" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "186e05a59d4c50738528153b83b0b0194d3a29507dfec16eccd4b342903397d0" +dependencies = [ + "log", + "regex", +] + +[[package]] +name = "env_logger" +version = "0.11.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13c863f0904021b108aa8b2f55046443e6b1ebde8fd4a15c399893aae4fa069f" +dependencies = [ + "anstream", + "anstyle", + "env_filter", + "jiff", + "log", +] + +[[package]] +name = "ff" +version = "0.14.0-pre.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d42dd26f5790eda47c1a2158ea4120e32c35ddc9a7743c98a292accc01b54ef3" +dependencies = [ + "rand_core", + "subtle", +] + +[[package]] +name = "flagset" +version = "0.4.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7ac824320a75a52197e8f2d787f6a38b6718bb6897a35142d749af3c0e8f4fe" + +[[package]] +name = "getrandom" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "26145e563e54f2cadc477553f1ec5ee650b00862f0a58bcd12cbdc5f0ea2d2f4" +dependencies = [ + "cfg-if", + "libc", + "r-efi", + "wasi", +] + +[[package]] +name = "glob" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2" + +[[package]] +name = "group" +version = "0.14.0-pre.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ff6a0b2dd4b981b1ae9e3e6830ab146771f3660d31d57bafd9018805a91b0f1" +dependencies = [ + "ff", + "rand_core", + "subtle", +] + +[[package]] +name = "heck" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" + +[[package]] +name = "hex-literal" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bcaaec4551594c969335c98c903c1397853d4198408ea609190f420500f6be71" + +[[package]] +name = "hkdf" +version = "0.13.0-pre.5" +source = "git+https://github.com/RustCrypto/KDFs.git#b1d7fe67b3053deef498563adcf415ec631d1cd8" +dependencies = [ + "hmac", +] + +[[package]] +name = "hmac" +version = "0.13.0-pre.5" +source = "git+https://github.com/baloo/MACs.git?branch=baloo/digest-pin#5237cb2e8f06b0245eb4ed2fbbb81385455d21c5" +dependencies = [ + "digest", +] + +[[package]] +name = "hostname-validator" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f558a64ac9af88b5ba400d99b579451af0d39c6d360980045b91aac966d705e2" + +[[package]] +name = "hybrid-array" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "891d15931895091dea5c47afa5b3c9a01ba634b311919fd4d41388fa0e3d76af" +dependencies = [ + "typenum", + "zeroize", +] + +[[package]] +name = "inout" +version = "0.2.0-rc.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac5e145e8ade9f74c0a5efc60ccb4e714b0144f7e2220b7ca64254feee71c57f" +dependencies = [ + "hybrid-array", +] + +[[package]] +name = "is_terminal_polyfill" +version = "1.70.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf" + +[[package]] +name = "itertools" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186" +dependencies = [ + "either", +] + +[[package]] +name = "itoa" +version = "1.0.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c" + +[[package]] +name = "jiff" +version = "0.2.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a194df1107f33c79f4f93d02c80798520551949d59dfad22b6157048a88cca93" +dependencies = [ + "jiff-static", + "log", + "portable-atomic", + "portable-atomic-util", + "serde", +] + +[[package]] +name = "jiff-static" +version = "0.2.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c6e1db7ed32c6c71b759497fae34bf7933636f75a251b9e736555da426f6442" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "kbkdf" +version = "0.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b758ac9cc629a963ae38718148729d65d4e401f0e516862fa7820f6b76666aa0" +dependencies = [ + "digest", +] + +[[package]] +name = "keccak" +version = "0.2.0-pre.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7cdd4f0dc5807b9a2b25dd48a3f58e862606fe7bd47f41ecde36e97422d7e90" +dependencies = [ + "cpufeatures", +] + +[[package]] +name = "libc" +version = "0.2.172" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d750af042f7ef4f724306de029d18836c26c1765a54a6a3f094cbd23a7267ffa" + +[[package]] +name = "libloading" +version = "0.8.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6a793df0d7afeac54f95b471d3af7f0d4fb975699f972341a4b76988d49cdf0c" +dependencies = [ + "cfg-if", + "windows-targets 0.53.0", +] + +[[package]] +name = "libm" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f9fbbcab51052fe104eb5e5d351cf728d30a5be1fe14d9be8a3b097481fb97de" + +[[package]] +name = "log" +version = "0.4.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94" + +[[package]] +name = "malloced" +version = "1.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6dfebb2f9e0b39509c62eead6ec7ae0c0ed45bb61d12bbcf4e976c566c5400ec" + +[[package]] +name = "memchr" +version = "2.7.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" + +[[package]] +name = "minimal-lexical" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" + +[[package]] +name = "nom" +version = "7.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" +dependencies = [ + "memchr", + "minimal-lexical", +] + +[[package]] +name = "num-derive" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed3955f1a9c7c0c15e092f9c887db08b1fc683305fdf6eb6684f22555355e202" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "num-traits" +version = "0.2.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" +dependencies = [ + "autocfg", +] + +[[package]] +name = "once_cell_polyfill" +version = "1.70.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a4895175b425cb1f87721b59f0f286c2092bd4af812243672510e1ac53e2e0ad" + +[[package]] +name = "p192" +version = "0.14.0-pre" +source = "git+https://github.com/RustCrypto/elliptic-curves.git#7e254364b3b600c2cab240d884d65927e01a8683" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primefield", + "primeorder", + "sec1", +] + +[[package]] +name = "p224" +version = "0.14.0-pre" +source = "git+https://github.com/RustCrypto/elliptic-curves.git#7e254364b3b600c2cab240d884d65927e01a8683" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primefield", + "primeorder", + "sha2", +] + +[[package]] +name = "p256" +version = "0.14.0-pre.2" +source = "git+https://github.com/RustCrypto/elliptic-curves.git#7e254364b3b600c2cab240d884d65927e01a8683" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primefield", + "primeorder", + "sha2", +] + +[[package]] +name = "p384" +version = "0.14.0-pre.2" +source = "git+https://github.com/RustCrypto/elliptic-curves.git#7e254364b3b600c2cab240d884d65927e01a8683" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primefield", + "primeorder", + "sha2", +] + +[[package]] +name = "p521" +version = "0.14.0-pre.2" +source = "git+https://github.com/RustCrypto/elliptic-curves.git#7e254364b3b600c2cab240d884d65927e01a8683" +dependencies = [ + "base16ct", + "ecdsa", + "elliptic-curve", + "primefield", + "primeorder", + "rand_core", + "sha2", +] + +[[package]] +name = "paste" +version = "1.0.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" + +[[package]] +name = "pem-rfc7468" +version = "1.0.0-rc.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2dfbfa5c6f0906884269722c5478e72fd4d6c0e24fe600332c6d62359567ce1" +dependencies = [ + "base64ct", +] + +[[package]] +name = "pkcs1" +version = "0.8.0-rc.1" +source = "git+https://github.com/RustCrypto/formats.git#070aa2ced20ca2b6a361326e20756060faae894a" +dependencies = [ + "der", + "pkcs8", + "spki", +] + +[[package]] +name = "pkcs8" +version = "0.11.0-rc.3" +source = "git+https://github.com/RustCrypto/formats.git#070aa2ced20ca2b6a361326e20756060faae894a" +dependencies = [ + "der", + "spki", +] + +[[package]] +name = "pkg-config" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c" + +[[package]] +name = "portable-atomic" +version = "1.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "350e9b48cbc6b0e028b0473b114454c6316e57336ee184ceab6e53f72c178b3e" + +[[package]] +name = "portable-atomic-util" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d8a2f0d8d040d7848a709caf78912debcc3f33ee4b3cac47d73d1e1069e83507" +dependencies = [ + "portable-atomic", +] + +[[package]] +name = "ppv-lite86" +version = "0.2.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9" +dependencies = [ + "zerocopy", +] + +[[package]] +name = "prettyplease" +version = "0.2.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "664ec5419c51e34154eec046ebcba56312d5a2fc3b09a06da188e1ad21afadf6" +dependencies = [ + "proc-macro2", + "syn", +] + +[[package]] +name = "primefield" +version = "0.14.0-pre.0" +source = "git+https://github.com/RustCrypto/elliptic-curves.git#7e254364b3b600c2cab240d884d65927e01a8683" +dependencies = [ + "crypto-bigint", + "ff", + "rand_core", + "subtle", + "zeroize", +] + +[[package]] +name = "primeorder" +version = "0.14.0-pre.2" +source = "git+https://github.com/RustCrypto/elliptic-curves.git#7e254364b3b600c2cab240d884d65927e01a8683" +dependencies = [ + "elliptic-curve", +] + +[[package]] +name = "proc-macro2" +version = "1.0.95" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "02b3e5e68a3a1a02aad3ec490a98007cbc13c37cbe84a3cd7b8e406d76e7f778" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.40" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "r-efi" +version = "5.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "74765f6d916ee2faa39bc8e68e4f3ed8949b48cccdac59983d287a7cb71ce9c5" + +[[package]] +name = "rand" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9fbfd9d094a40bf3ae768db9361049ace4c0e04a4fd6b359518bd7b73a73dd97" +dependencies = [ + "rand_chacha", + "rand_core", +] + +[[package]] +name = "rand_chacha" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb" +dependencies = [ + "ppv-lite86", + "rand_core", +] + +[[package]] +name = "rand_core" +version = "0.9.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "99d9a13982dcf210057a8a78572b2217b667c3beacbf3a0d8b454f6f82837d38" +dependencies = [ + "getrandom", +] + +[[package]] +name = "regex" +version = "1.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b544ef1b4eac5dc2db33ea63606ae9ffcfac26c1416a2806ae0bf5f56b201191" +dependencies = [ + "aho-corasick", + "memchr", + "regex-automata", + "regex-syntax", +] + +[[package]] +name = "regex-automata" +version = "0.4.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "809e8dc61f6de73b46c85f4c96486310fe304c434cfa43669d7b40f711150908" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c" + +[[package]] +name = "rfc6979" +version = "0.5.0-pre.4" +source = "git+https://github.com/RustCrypto/signatures.git#6caf9afc4a8bf6c6b9422952023548287fd846e0" +dependencies = [ + "hmac", + "subtle", +] + +[[package]] +name = "rsa" +version = "0.10.0-pre.4" +source = "git+https://github.com/baloo/RSA.git?branch=baloo/digest/newtype#7ef05a8954fba08befbf6639f096ce07b1618128" +dependencies = [ + "const-oid", + "crypto-bigint", + "crypto-primes", + "digest", + "pkcs1", + "pkcs8", + "rand_core", + "sha1", + "sha2", + "signature", + "spki", + "subtle", + "zeroize", +] + +[[package]] +name = "rustc-hash" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" + +[[package]] +name = "rustversion" +version = "1.0.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a0d197bd2c9dc6e53b84da9556a69ba4cdfab8619eb41a8bd1cc2027a0f6b1d" + +[[package]] +name = "ryu" +version = "1.0.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "28d3b2b1366ec20994f1fd18c3c594f05c5dd4bc44d8bb0c1c632c8d6829481f" + +[[package]] +name = "sec1" +version = "0.8.0-rc.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a017a4aa8f0bd51e9d0184d98042dfe9285218fec098493f47d9a8aa0f1a3f27" +dependencies = [ + "base16ct", + "der", + "hybrid-array", + "pkcs8", + "subtle", + "zeroize", +] + +[[package]] +name = "semver" +version = "1.0.26" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "56e6fa9c48d24d85fb3de5ad847117517440f6beceb7798af16b4a87d616b8d0" + +[[package]] +name = "serde" +version = "1.0.219" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.219" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "serde_json" +version = "1.0.140" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "20068b6e96dc6c9bd23e01df8827e6c7e1f2fddd43c21810382803c136b99373" +dependencies = [ + "itoa", + "memchr", + "ryu", + "serde", +] + +[[package]] +name = "serdect" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f42f67da2385b51a5f9652db9c93d78aeaf7610bf5ec366080b6de810604af53" +dependencies = [ + "base16ct", + "serde", +] + +[[package]] +name = "sha1" +version = "0.11.0-pre.5" +source = "git+https://github.com/RustCrypto/hashes.git?branch=newtype#ada01159b7499ab6d99f11f7f90cfd18c6e157e5" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", +] + +[[package]] +name = "sha2" +version = "0.11.0-pre.5" +source = "git+https://github.com/RustCrypto/hashes.git?branch=newtype#ada01159b7499ab6d99f11f7f90cfd18c6e157e5" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", +] + +[[package]] +name = "sha3" +version = "0.11.0-pre.5" +source = "git+https://github.com/RustCrypto/hashes.git?branch=newtype#ada01159b7499ab6d99f11f7f90cfd18c6e157e5" +dependencies = [ + "digest", + "keccak", +] + +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + +[[package]] +name = "signature" +version = "3.0.0-pre" +source = "git+https://github.com/baloo/traits.git?branch=baloo/digest-newtype-master#2049843aa4608d1b31564d08c705272c87d4795e" +dependencies = [ + "digest", + "rand_core", +] + +[[package]] +name = "sm2" +version = "0.14.0-pre" +source = "git+https://github.com/RustCrypto/elliptic-curves.git#7e254364b3b600c2cab240d884d65927e01a8683" +dependencies = [ + "elliptic-curve", + "primefield", + "primeorder", + "rand_core", + "rfc6979", + "signature", + "sm3", +] + +[[package]] +name = "sm3" +version = "0.5.0-pre.5" +source = "git+https://github.com/RustCrypto/hashes.git?branch=newtype#ada01159b7499ab6d99f11f7f90cfd18c6e157e5" +dependencies = [ + "digest", +] + +[[package]] +name = "spki" +version = "0.8.0-rc.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "37ac66481418fd7afdc584adcf3be9aa572cf6c2858814494dc2a01755f050bc" +dependencies = [ + "base64ct", + "der", +] + +[[package]] +name = "strum" +version = "0.26.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8fec0f0aef304996cf250b31b5a10dee7980c85da9d759361292b8bca5a18f06" + +[[package]] +name = "strum_macros" +version = "0.26.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c6bee85a5a24955dc440386795aa378cd9cf82acd5f764469152d2270e581be" +dependencies = [ + "heck", + "proc-macro2", + "quote", + "rustversion", + "syn", +] + +[[package]] +name = "subtle" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" + +[[package]] +name = "syn" +version = "2.0.101" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ce2b7fc941b3a24138a0a7cf8e858bfc6a992e7978a068a5c760deb0ed43caf" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "target-lexicon" +version = "0.12.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "61c41af27dd6d1e27b1b16b489db798443478cef1f06a660c96db617ba5de3b1" + +[[package]] +name = "tls_codec" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0de2e01245e2bb89d6f05801c564fa27624dbd7b1846859876c7dad82e90bf6b" +dependencies = [ + "tls_codec_derive", + "zeroize", +] + +[[package]] +name = "tls_codec_derive" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2d2e76690929402faae40aebdda620a2c0e25dd6d3b9afe48867dfd95991f4bd" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tss-esapi" +version = "8.0.0-alpha" +dependencies = [ + "aes", + "bitfield", + "cfb-mode", + "cfg-if", + "concat-kdf", + "digest", + "ecdsa", + "elliptic-curve", + "enumflags2", + "env_logger", + "getrandom", + "hex-literal", + "hmac", + "hostname-validator", + "kbkdf", + "log", + "malloced", + "num-derive", + "num-traits", + "p192", + "p224", + "p256", + "p384", + "p521", + "paste", + "pkcs8", + "rand", + "regex", + "rsa", + "semver", + "serde", + "serde_json", + "sha1", + "sha2", + "sha3", + "signature", + "sm2", + "sm3", + "strum", + "strum_macros", + "tss-esapi", + "tss-esapi-sys", + "x509-cert", + "zeroize", +] + +[[package]] +name = "tss-esapi-sys" +version = "0.5.0" +dependencies = [ + "bindgen", + "cfg-if", + "pkg-config", + "semver", + "target-lexicon", +] + +[[package]] +name = "typenum" +version = "1.18.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1dccffe3ce07af9386bfd29e80c0ab1a8205a2fc34e4bcd40364df902cfa8f3f" + +[[package]] +name = "unicode-ident" +version = "1.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a5f39404a5da50712a4c1eecf25e90dd62b613502b7e925fd4e4d19b5c96512" + +[[package]] +name = "utf8parse" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" + +[[package]] +name = "wasi" +version = "0.14.2+wasi-0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9683f9a5a998d873c0d21fcbe3c083009670149a8fab228644b8bd36b2c48cb3" +dependencies = [ + "wit-bindgen-rt", +] + +[[package]] +name = "windows-sys" +version = "0.59.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" +dependencies = [ + "windows-targets 0.52.6", +] + +[[package]] +name = "windows-targets" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" +dependencies = [ + "windows_aarch64_gnullvm 0.52.6", + "windows_aarch64_msvc 0.52.6", + "windows_i686_gnu 0.52.6", + "windows_i686_gnullvm 0.52.6", + "windows_i686_msvc 0.52.6", + "windows_x86_64_gnu 0.52.6", + "windows_x86_64_gnullvm 0.52.6", + "windows_x86_64_msvc 0.52.6", +] + +[[package]] +name = "windows-targets" +version = "0.53.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b1e4c7e8ceaaf9cb7d7507c974735728ab453b67ef8f18febdd7c11fe59dca8b" +dependencies = [ + "windows_aarch64_gnullvm 0.53.0", + "windows_aarch64_msvc 0.53.0", + "windows_i686_gnu 0.53.0", + "windows_i686_gnullvm 0.53.0", + "windows_i686_msvc 0.53.0", + "windows_x86_64_gnu 0.53.0", + "windows_x86_64_gnullvm 0.53.0", + "windows_x86_64_msvc 0.53.0", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.53.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "86b8d5f90ddd19cb4a147a5fa63ca848db3df085e25fee3cc10b39b6eebae764" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.53.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c7651a1f62a11b8cbd5e0d42526e55f2c99886c77e007179efff86c2b137e66c" + +[[package]] +name = "windows_i686_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnu" +version = "0.53.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c1dc67659d35f387f5f6c479dc4e28f1d4bb90ddd1a5d3da2e5d97b42d6272c3" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.53.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ce6ccbdedbf6d6354471319e781c0dfef054c81fbc7cf83f338a4296c0cae11" + +[[package]] +name = "windows_i686_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" + +[[package]] +name = "windows_i686_msvc" +version = "0.53.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "581fee95406bb13382d2f65cd4a908ca7b1e4c2f1917f143ba16efe98a589b5d" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.53.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2e55b5ac9ea33f2fc1716d1742db15574fd6fc8dadc51caab1c16a3d3b4190ba" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.53.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0a6e035dd0599267ce1ee132e51c27dd29437f63325753051e71dd9e42406c57" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.53.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "271414315aff87387382ec3d271b52d7ae78726f5d44ac98b4f4030c91880486" + +[[package]] +name = "wit-bindgen-rt" +version = "0.39.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1" +dependencies = [ + "bitflags", +] + +[[package]] +name = "x509-cert" +version = "0.3.0-pre.0" +source = "git+https://github.com/RustCrypto/formats.git#070aa2ced20ca2b6a361326e20756060faae894a" +dependencies = [ + "const-oid", + "der", + "sha1", + "signature", + "spki", + "tls_codec", +] + +[[package]] +name = "zerocopy" +version = "0.8.25" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a1702d9583232ddb9174e01bb7c15a2ab8fb1bc6f227aa1233858c351a3ba0cb" +dependencies = [ + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.8.25" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "28a6e20d751156648aa063f3800b706ee209a32c0b4d9f24be3d980b01be55ef" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "zeroize" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] diff --git a/Cargo.toml b/Cargo.toml index e88eb84a..d37076e6 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,3 +1,47 @@ [workspace] resolver = "2" members = ["tss-esapi", "tss-esapi-sys"] + +[patch.crates-io] +p192 = { git = "https://github.com/RustCrypto/elliptic-curves.git" } +p224 = { git = "https://github.com/RustCrypto/elliptic-curves.git" } +p256 = { git = "https://github.com/RustCrypto/elliptic-curves.git" } +p384 = { git = "https://github.com/RustCrypto/elliptic-curves.git" } +p521 = { git = "https://github.com/RustCrypto/elliptic-curves.git" } +sm2 = { git = "https://github.com/RustCrypto/elliptic-curves.git" } + +rsa = { git = "https://github.com/baloo/RSA.git", branch = "baloo/digest/newtype" } + +crypto-common = { git = "https://github.com/baloo/traits.git", branch = "baloo/digest-newtype-master" } +digest = { git = "https://github.com/baloo/traits.git", branch = "baloo/digest-newtype-master" } +elliptic-curve = { git = "https://github.com/baloo/traits.git", branch = "baloo/digest-newtype-master" } +signature = { git = "https://github.com/baloo/traits.git", branch = "baloo/digest-newtype-master" } + +sha1 = { git = "https://github.com/RustCrypto/hashes.git", branch = "newtype" } +sha2 = { git = "https://github.com/RustCrypto/hashes.git", branch = "newtype" } +sha3 = { git = "https://github.com/RustCrypto/hashes.git", branch = "newtype" } +sm3 = { git = "https://github.com/RustCrypto/hashes.git", branch = "newtype" } + +ecdsa = { git = "https://github.com/RustCrypto/signatures.git" } +rfc6979 = { git = "https://github.com/RustCrypto/signatures.git" } + +der = { git = "https://github.com/RustCrypto/formats.git" } +der_derive = { git = "https://github.com/RustCrypto/formats.git" } +pkcs1 = { git = "https://github.com/RustCrypto/formats.git" } +pkcs8 = { git = "https://github.com/RustCrypto/formats.git" } +x509-cert = { git = "https://github.com/RustCrypto/formats.git" } + +crypto-bigint = { git = "https://github.com/RustCrypto/crypto-bigint.git" } +crypto-primes = { git = "https://github.com/entropyxyz/crypto-primes.git" } + +# https://github.com/RustCrypto/KDFs/pull/108 +concat-kdf = { git = "https://github.com/RustCrypto/KDFs.git" } + +cfb-mode = { git = "https://github.com/RustCrypto/block-modes.git" } + +# https://github.com/RustCrypto/block-ciphers/pull/465 +aes = { git = "https://github.com/RustCrypto/block-ciphers.git" } + +hkdf = { git = "https://github.com/RustCrypto/KDFs.git" } + +hmac = { git = "https://github.com/baloo/MACs.git", branch = "baloo/digest-pin" } diff --git a/tss-esapi/Cargo.toml b/tss-esapi/Cargo.toml index 05375b05..c70e7aea 100644 --- a/tss-esapi/Cargo.toml +++ b/tss-esapi/Cargo.toml @@ -34,40 +34,50 @@ hostname-validator = "1.1.0" regex = "1.3.9" zeroize = { version = "1.5.7", features = ["zeroize_derive"] } tss-esapi-sys = { path = "../tss-esapi-sys", version = "0.5.0" } -x509-cert = { version = "0.2.0", optional = true } -ecdsa = { version = "0.16.9", features = ["der", "hazmat", "arithmetic", "verifying"], optional = true } -elliptic-curve = { version = "0.13.8", optional = true, features = ["alloc", "pkcs8"] } -p192 = { version = "0.13.0", optional = true } -p224 = { version = "0.13.2", optional = true } -p256 = { version = "0.13.2", optional = true } -p384 = { version = "0.13.0", optional = true } -p521 = { version = "0.13.3", optional = true } -pkcs8 = { version = "0.10.2", optional = true } -rsa = { version = "0.9", optional = true } -sha1 = { version = "0.10.6", optional = true } -sha2 = { version = "0.10.8", optional = true } -sha3 = { version = "0.10.8", optional = true } -sm2 = { version = "0.13.3", optional = true } -sm3 = { version = "0.4.2", optional = true } -digest = { version = "0.10.7", optional = true } -signature = { version = "2.2.0", features = ["std"], optional = true} +x509-cert = { version = "0.3.0-pre.0", optional = true } +aes = { version = "0.9.0-pre.2", optional = true } +cfb-mode = { version = "0.9.0-pre", optional = true } +ecdsa = { version = "0.17.0-pre.9", features = ["der", "hazmat", "arithmetic", "verifying"], optional = true } +elliptic-curve = { version = "0.14.0-rc.1", optional = true, features = ["alloc", "pkcs8"] } +hmac = { version = "0.13.0-pre.5", optional = true } +p192 = { version = "0.14.0-pre", optional = true } +p224 = { version = "0.14.0-pre", optional = true } +p256 = { version = "0.14.0-pre.2", optional = true } +p384 = { version = "0.14.0-pre.2", optional = true } +p521 = { version = "0.14.0-pre.2", optional = true } +pkcs8 = { version = "0.11.0-rc.1", optional = true } +rsa = { version = "0.10.0-pre.3", optional = true } +sha1 = { version = "0.11.0-pre.5", optional = true } +sha2 = { version = "0.11.0-pre.5", optional = true } +sha3 = { version = "0.11.0-pre.5", optional = true } +sm2 = { version = "0.14.0-pre", optional = true } +sm3 = { version = "0.5.0-pre.5", optional = true } +digest = { version = "0.11.0-pre.9", optional = true } +signature = { version = "3.0.0-pre", features = ["alloc", "digest"], optional = true} +kbkdf = { version = "0.0.1", optional = true } +concat-kdf = { version = "0.2.0-pre", optional = true } cfg-if = "1.0.0" strum = { version = "0.26.3", optional = true } strum_macros = { version = "0.26.4", optional = true } paste = "1.0.14" -getrandom = "0.2.11" +getrandom = "0.3" +rand = "0.9" [dev-dependencies] +aes = "0.9.0-pre.2" env_logger = "0.11.5" +hex-literal = "1" +rsa = { version = "0.10.0-pre.3" } serde_json = "^1.0.108" -sha2 = { version = "0.10.8", features = ["oid"] } +sha2 = { version = "0.11.0-pre.5", features = ["oid"] } tss-esapi = { path = ".", features = [ "integration-tests", "serde", "abstraction", "rustcrypto-full", ] } -x509-cert = { version = "0.2.0", features = ["builder"] } +p256 = { version = "0.14.0-pre.2", features = ["ecdh"] } +x509-cert = { version = "0.3.0-pre.0", features = ["builder"] } [build-dependencies] semver = "1.0.7" @@ -78,8 +88,9 @@ generate-bindings = ["tss-esapi-sys/generate-bindings"] abstraction = ["rustcrypto"] integration-tests = ["strum", "strum_macros"] -rustcrypto = ["digest", "ecdsa", "elliptic-curve", "pkcs8", "signature", "x509-cert"] -rustcrypto-full = ["rustcrypto", "p192", "p224", "p256", "p384", "p521", "rsa", "sha1", "sha2", "sha3", "sm2", "sm3"] - +rustcrypto = ["cfb-mode", "concat-kdf", "digest", "ecdsa", "elliptic-curve/ecdh", "hmac", "kbkdf", "pkcs8", "signature", "x509-cert"] +rustcrypto-full = ["rustcrypto", "aes", "p192", "p224", "p256", "p384", "p521", "rsa", "sha1", "sha2", "sha3", "sm2", "sm3"] + +rsa = ["dep:rsa", "kbkdf"] sha1 = ["dep:sha1", "rsa?/sha1"] sha2 = ["dep:sha2", "rsa?/sha2"] diff --git a/tss-esapi/src/abstraction/no_tpm/quote.rs b/tss-esapi/src/abstraction/no_tpm/quote.rs index 25e9719e..f9574e94 100644 --- a/tss-esapi/src/abstraction/no_tpm/quote.rs +++ b/tss-esapi/src/abstraction/no_tpm/quote.rs @@ -13,19 +13,16 @@ use digest::{Digest, DynDigest}; #[cfg(any(feature = "p224", feature = "p256", feature = "p384"))] use crate::{abstraction::public::AssociatedTpmCurve, structures::EccSignature}; #[cfg(any(feature = "p224", feature = "p256", feature = "p384"))] -use ecdsa::{ - hazmat::{DigestPrimitive, VerifyPrimitive}, - PrimeCurve, SignatureSize, VerifyingKey, -}; +use ecdsa::{hazmat::DigestPrimitive, PrimeCurve, SignatureSize, VerifyingKey}; #[cfg(any(feature = "p224", feature = "p256", feature = "p384"))] use elliptic_curve::{ - generic_array::ArrayLength, + array::ArraySize, point::AffinePoint, sec1::{FromEncodedPoint, ModulusSize, ToEncodedPoint}, CurveArithmetic, FieldBytesSize, }; #[cfg(any(feature = "p224", feature = "p256", feature = "p384"))] -use signature::hazmat::PrehashVerifier; +use signature::DigestVerifier; #[cfg(feature = "rsa")] use rsa::{pkcs1v15, pss, RsaPublicKey}; @@ -41,8 +38,8 @@ fn verify_ecdsa( ) -> Result where C: PrimeCurve + CurveArithmetic + DigestPrimitive + AssociatedTpmCurve, - AffinePoint: VerifyPrimitive + FromEncodedPoint + ToEncodedPoint, - SignatureSize: ArrayLength, + AffinePoint: FromEncodedPoint + ToEncodedPoint, + SignatureSize: ArraySize, FieldBytesSize: ModulusSize, { let Ok(signature) = ecdsa::Signature::::try_from(signature) else { @@ -57,23 +54,23 @@ where match hashing_algorithm { #[cfg(feature = "sha1")] HashingAlgorithm::Sha1 => { - let hash = sha1::Sha1::digest(message); - Ok(verifying_key.verify_prehash(&hash, &signature).is_ok()) + let hash = sha1::Sha1::new_with_prefix(message); + Ok(verifying_key.verify_digest(hash, &signature).is_ok()) } #[cfg(feature = "sha2")] HashingAlgorithm::Sha256 => { - let hash = sha2::Sha256::digest(message); - Ok(verifying_key.verify_prehash(&hash, &signature).is_ok()) + let hash = sha2::Sha256::new_with_prefix(message); + Ok(verifying_key.verify_digest(hash, &signature).is_ok()) } #[cfg(feature = "sha2")] HashingAlgorithm::Sha384 => { - let hash = sha2::Sha384::digest(message); - Ok(verifying_key.verify_prehash(&hash, &signature).is_ok()) + let hash = sha2::Sha384::new_with_prefix(message); + Ok(verifying_key.verify_digest(hash, &signature).is_ok()) } #[cfg(feature = "sha2")] HashingAlgorithm::Sha512 => { - let hash = sha2::Sha512::digest(message); - Ok(verifying_key.verify_prehash(&hash, &signature).is_ok()) + let hash = sha2::Sha512::new_with_prefix(message); + Ok(verifying_key.verify_digest(hash, &signature).is_ok()) } _ => Err(Error::WrapperError(WrapperErrorKind::UnsupportedParam)), } diff --git a/tss-esapi/src/abstraction/public.rs b/tss-esapi/src/abstraction/public.rs index 2f0d5bb7..0d56c6ba 100644 --- a/tss-esapi/src/abstraction/public.rs +++ b/tss-esapi/src/abstraction/public.rs @@ -8,7 +8,7 @@ use crate::{Error, WrapperErrorKind}; use core::convert::TryFrom; use elliptic_curve::{ - generic_array::typenum::Unsigned, + array::typenum::Unsigned, sec1::{EncodedPoint, FromEncodedPoint, ModulusSize, ToEncodedPoint}, AffinePoint, CurveArithmetic, FieldBytesSize, PublicKey, }; @@ -18,7 +18,7 @@ use x509_cert::spki::SubjectPublicKeyInfoOwned; #[cfg(feature = "rsa")] use { crate::structures::RsaExponent, - rsa::{BigUint, RsaPublicKey}, + rsa::{BoxedUint, RsaPublicKey}, }; #[cfg(any( @@ -57,15 +57,13 @@ where let x = unique.x().as_bytes(); let y = unique.y().as_bytes(); - if x.len() != FieldBytesSize::::USIZE { - return Err(Error::local_error(WrapperErrorKind::InvalidParam)); - } - if y.len() != FieldBytesSize::::USIZE { - return Err(Error::local_error(WrapperErrorKind::InvalidParam)); - } - - let encoded_point = - EncodedPoint::::from_affine_coordinates(x.into(), y.into(), false); + let encoded_point = EncodedPoint::::from_affine_coordinates( + x.try_into() + .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?, + y.try_into() + .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?, + false, + ); let public_key = PublicKey::::try_from(&encoded_point) .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?; @@ -86,10 +84,11 @@ impl TryFrom<&Public> for RsaPublicKey { unique, parameters, .. } => { let exponent = match parameters.exponent() { - RsaExponent::ZERO_EXPONENT => BigUint::from(RSA_DEFAULT_EXP), - _ => BigUint::from(parameters.exponent().value()), + RsaExponent::ZERO_EXPONENT => BoxedUint::from(RSA_DEFAULT_EXP), + _ => BoxedUint::from(parameters.exponent().value()), }; - let modulus = BigUint::from_bytes_be(unique.as_bytes()); + let modulus = BoxedUint::from_be_slice(unique.as_bytes(), 8192) + .map_err(|_| Error::local_error(WrapperErrorKind::WrongParamSize))?; let public_key = RsaPublicKey::new(modulus, exponent) .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?; @@ -173,8 +172,6 @@ where let x = x.as_slice(); let y = y.as_slice(); - // TODO: When elliptic_curve bumps to 0.14, we can use the TryFrom implementation instead - // of checking lengths manually if x.len() != FieldBytesSize::::USIZE { return Err(Error::local_error(WrapperErrorKind::InvalidParam)); } @@ -182,8 +179,14 @@ where return Err(Error::local_error(WrapperErrorKind::InvalidParam)); } - let encoded_point = - EncodedPoint::::from_affine_coordinates(x.into(), y.into(), false); + let encoded_point = EncodedPoint::::from_affine_coordinates( + x.try_into() + .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?, + y.try_into() + .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?, + false, + ); + let public_key = PublicKey::::try_from(&encoded_point) .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?; @@ -201,8 +204,9 @@ impl TryFrom<&TpmPublicKey> for RsaPublicKey { fn try_from(value: &TpmPublicKey) -> Result { match value { TpmPublicKey::Rsa(modulus) => { - let exponent = BigUint::from(RSA_DEFAULT_EXP); - let modulus = BigUint::from_bytes_be(modulus.as_slice()); + let exponent = BoxedUint::from(RSA_DEFAULT_EXP); + let modulus = BoxedUint::from_be_slice(modulus.as_slice(), 8192) + .map_err(|_| Error::local_error(WrapperErrorKind::WrongParamSize))?; let public_key = RsaPublicKey::new(modulus, exponent) .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?; diff --git a/tss-esapi/src/abstraction/signatures.rs b/tss-esapi/src/abstraction/signatures.rs index 3bc6ff9f..db1c4833 100644 --- a/tss-esapi/src/abstraction/signatures.rs +++ b/tss-esapi/src/abstraction/signatures.rs @@ -8,16 +8,16 @@ use crate::{ use std::convert::TryFrom; -use ecdsa::SignatureSize; +use ecdsa::{EcdsaCurve, SignatureSize}; use elliptic_curve::{ - generic_array::{typenum::Unsigned, ArrayLength}, + array::{typenum::Unsigned, ArraySize}, FieldBytes, FieldBytesSize, PrimeCurve, }; impl TryFrom<&EccSignature> for ecdsa::Signature where - C: PrimeCurve, - SignatureSize: ArrayLength, + C: PrimeCurve + EcdsaCurve, + SignatureSize: ArraySize, { type Error = Error; @@ -33,8 +33,12 @@ where } let signature = ecdsa::Signature::from_scalars( - FieldBytes::::clone_from_slice(r), - FieldBytes::::clone_from_slice(s), + FieldBytes::::try_from(r) + .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))? + .clone(), + FieldBytes::::try_from(s) + .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))? + .clone(), ) .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?; Ok(signature) @@ -43,8 +47,8 @@ where impl TryFrom<&Signature> for ecdsa::Signature where - C: PrimeCurve, - SignatureSize: ArrayLength, + C: PrimeCurve + EcdsaCurve, + SignatureSize: ArraySize, { type Error = Error; diff --git a/tss-esapi/src/abstraction/signer.rs b/tss-esapi/src/abstraction/signer.rs index 0c3a55de..424d8f62 100644 --- a/tss-esapi/src/abstraction/signer.rs +++ b/tss-esapi/src/abstraction/signer.rs @@ -24,11 +24,11 @@ use std::{convert::TryFrom, ops::Add, sync::Mutex}; use digest::{Digest, FixedOutput, Output}; use ecdsa::{ der::{MaxOverhead, MaxSize, Signature as DerSignature}, - hazmat::{DigestPrimitive, SignPrimitive}, - Signature, SignatureSize, VerifyingKey, + hazmat::DigestPrimitive, + EcdsaCurve, Signature, SignatureSize, VerifyingKey, }; use elliptic_curve::{ - generic_array::ArrayLength, + array::ArraySize, ops::Invert, sec1::{FromEncodedPoint, ModulusSize, ToEncodedPoint}, subtle::CtOption, @@ -139,7 +139,7 @@ impl TpmSigner #[derive(Debug)] pub struct EcSigner where - C: PrimeCurve + CurveArithmetic, + C: PrimeCurve + CurveArithmetic + EcdsaCurve, { context: Ctx, verifying_key: VerifyingKey, @@ -147,7 +147,7 @@ where impl EcSigner where - C: PrimeCurve + CurveArithmetic, + C: PrimeCurve + CurveArithmetic + EcdsaCurve, C: AssociatedTpmCurve, FieldBytesSize: ModulusSize, AffinePoint: FromEncodedPoint + ToEncodedPoint, @@ -179,14 +179,14 @@ where impl EcSigner where - C: PrimeCurve + CurveArithmetic, + C: PrimeCurve + CurveArithmetic + EcdsaCurve, C: AssociatedTpmCurve, { /// Key parameters for this curve, selected digest is the one selected by DigestPrimitive pub fn key_params_default() -> KeyParams where C: DigestPrimitive, - ::Digest: FixedOutput>, + ::Digest: FixedOutput, ::Digest: AssociatedHashingAlgorithm, { Self::key_params::<::Digest>() @@ -199,7 +199,7 @@ where /// The hashing algorithm `D` is the digest that will be used for signatures (SHA-256, SHA3-256, ...). pub fn key_params() -> KeyParams where - D: FixedOutput>, + D: FixedOutput, D: AssociatedHashingAlgorithm, { KeyParams::Ecc { @@ -212,9 +212,9 @@ where impl AsRef> for EcSigner where - C: PrimeCurve + CurveArithmetic, - Scalar: Invert>> + SignPrimitive, - SignatureSize: ArrayLength, + C: PrimeCurve + CurveArithmetic + EcdsaCurve, + Scalar: Invert>>, + SignatureSize: ArraySize, { fn as_ref(&self) -> &VerifyingKey { &self.verifying_key @@ -223,21 +223,21 @@ where impl KeypairRef for EcSigner where - C: PrimeCurve + CurveArithmetic, - Scalar: Invert>> + SignPrimitive, - SignatureSize: ArrayLength, + C: PrimeCurve + CurveArithmetic + EcdsaCurve, + Scalar: Invert>>, + SignatureSize: ArraySize, { type VerifyingKey = VerifyingKey; } impl DigestSigner> for EcSigner where - C: PrimeCurve + CurveArithmetic, + C: PrimeCurve + CurveArithmetic + EcdsaCurve, C: AssociatedTpmCurve, - D: Digest + FixedOutput>, + D: Digest + FixedOutput, D: AssociatedHashingAlgorithm, - Scalar: Invert>> + SignPrimitive, - SignatureSize: ArrayLength, + Scalar: Invert>>, + SignatureSize: ArraySize, TpmDigest: From>, Ctx: TpmSigner, { @@ -261,16 +261,16 @@ where impl DigestSigner> for EcSigner where - C: PrimeCurve + CurveArithmetic, + C: PrimeCurve + CurveArithmetic + EcdsaCurve, C: AssociatedTpmCurve, - D: Digest + FixedOutput>, + D: Digest + FixedOutput, D: AssociatedHashingAlgorithm, - Scalar: Invert>> + SignPrimitive, - SignatureSize: ArrayLength, + Scalar: Invert>>, + SignatureSize: ArraySize, TpmDigest: From>, - MaxSize: ArrayLength, - as Add>::Output: Add + ArrayLength, + MaxSize: ArraySize, + as Add>::Output: Add + ArraySize, Ctx: TpmSigner, { @@ -282,11 +282,11 @@ where impl Signer> for EcSigner where - C: PrimeCurve + CurveArithmetic + DigestPrimitive, + C: PrimeCurve + CurveArithmetic + EcdsaCurve + DigestPrimitive, C: AssociatedTpmCurve, ::Digest: AssociatedHashingAlgorithm, - Scalar: Invert>> + SignPrimitive, - SignatureSize: ArrayLength, + Scalar: Invert>>, + SignatureSize: ArraySize, TpmDigest: From::Digest>>, Ctx: TpmSigner, @@ -298,15 +298,15 @@ where impl Signer> for EcSigner where - C: PrimeCurve + CurveArithmetic + DigestPrimitive, + C: PrimeCurve + CurveArithmetic + EcdsaCurve + DigestPrimitive, C: AssociatedTpmCurve, ::Digest: AssociatedHashingAlgorithm, - Scalar: Invert>> + SignPrimitive, - SignatureSize: ArrayLength, + Scalar: Invert>>, + SignatureSize: ArraySize, TpmDigest: From::Digest>>, - MaxSize: ArrayLength, - as Add>::Output: Add + ArrayLength, + MaxSize: ArraySize, + as Add>::Output: Add + ArraySize, Ctx: TpmSigner, { @@ -317,9 +317,9 @@ where impl SignatureAlgorithmIdentifier for EcSigner where - C: PrimeCurve + CurveArithmetic, - Scalar: Invert>> + SignPrimitive, - SignatureSize: ArrayLength, + C: PrimeCurve + CurveArithmetic + EcdsaCurve, + Scalar: Invert>>, + SignatureSize: ArraySize, Signature: AssociatedAlgorithmIdentifier>, { type Params = AnyRef<'static>; diff --git a/tss-esapi/src/abstraction/transient/mod.rs b/tss-esapi/src/abstraction/transient/mod.rs index 0b9c2d4f..3b43474c 100644 --- a/tss-esapi/src/abstraction/transient/mod.rs +++ b/tss-esapi/src/abstraction/transient/mod.rs @@ -154,7 +154,7 @@ impl TransientKeyContext { let key_auth = if auth_size > 0 { self.set_session_attrs()?; let mut random_bytes = vec![0u8; auth_size]; - getrandom::getrandom(&mut random_bytes).map_err(|_| { + getrandom::fill(&mut random_bytes).map_err(|_| { log::error!("Failed to obtain a random authvalue for key creation"); Error::WrapperError(ErrorKind::InternalError) })?; @@ -674,7 +674,7 @@ impl TransientKeyContextBuilder { let root_key_auth = if self.root_key_auth_size > 0 { let mut random = vec![0u8; self.root_key_auth_size]; - getrandom::getrandom(&mut random).map_err(|_| { + getrandom::fill(&mut random).map_err(|_| { log::error!("Failed to obtain a random value for root key authentication"); Error::WrapperError(ErrorKind::InternalError) })?; diff --git a/tss-esapi/src/context/tpm_commands/context_management.rs b/tss-esapi/src/context/tpm_commands/context_management.rs index b710c808..1f12770e 100644 --- a/tss-esapi/src/context/tpm_commands/context_management.rs +++ b/tss-esapi/src/context/tpm_commands/context_management.rs @@ -108,7 +108,7 @@ impl Context { /// // Execute context methods using the session /// context.execute_with_session(Some(session), |ctx| { /// let mut random_digest = vec![0u8; 16]; - /// getrandom::getrandom(&mut random_digest).expect("Call to getrandom failed"); + /// getrandom::fill(&mut random_digest).expect("Call to getrandom failed"); /// let key_auth = Auth::from_bytes(random_digest.as_slice()).expect("Failed to create Auth"); /// let key_handle = ctx /// .create_primary( diff --git a/tss-esapi/src/context/tpm_commands/symmetric_primitives.rs b/tss-esapi/src/context/tpm_commands/symmetric_primitives.rs index c77157c4..dcb32394 100644 --- a/tss-esapi/src/context/tpm_commands/symmetric_primitives.rs +++ b/tss-esapi/src/context/tpm_commands/symmetric_primitives.rs @@ -57,7 +57,7 @@ impl Context { /// # .expect("Failed to set auth to empty for owner"); /// # // Create primary key auth /// # let mut random_digest = vec![0u8; 16]; - /// # getrandom::getrandom(&mut random_digest).expect("get_rand call failed"); + /// # getrandom::fill(&mut random_digest).expect("get_rand call failed"); /// # let primary_key_auth = Auth::from_bytes( /// # random_digest /// # .as_slice() @@ -103,7 +103,7 @@ impl Context { /// # .expect("Failed to create public for symmetric key public"); /// # // Create auth for the symmetric key /// # let mut random_digest = vec![0u8; 16]; - /// # getrandom::getrandom(&mut random_digest).expect("get_rand call failed"); + /// # getrandom::fill(&mut random_digest).expect("get_rand call failed"); /// # let symmetric_key_auth = Auth::from_bytes( /// # random_digest /// # .as_slice() diff --git a/tss-esapi/src/structures/buffers.rs b/tss-esapi/src/structures/buffers.rs index 7e6ef094..8734c83f 100644 --- a/tss-esapi/src/structures/buffers.rs +++ b/tss-esapi/src/structures/buffers.rs @@ -225,8 +225,8 @@ pub mod digest { #[cfg(feature = "rustcrypto")] mod rustcrypto { use digest::{ + array::Array, consts::{U20, U32, U48, U64}, - generic_array::GenericArray, typenum::Unsigned, }; @@ -234,15 +234,15 @@ pub mod digest { macro_rules! impl_from_digest { ($($size:ty),+) => { - $(impl From> for Digest { - fn from(mut value: GenericArray) -> Self { + $(impl From> for Digest { + fn from(mut value: Array) -> Self { let value_as_vec = value.as_slice().to_vec(); value.zeroize(); Digest(value_as_vec.into()) } } - impl TryFrom for GenericArray { + impl TryFrom for Array { type Error = Error; fn try_from(value: Digest) -> Result { diff --git a/tss-esapi/src/utils/credential.rs b/tss-esapi/src/utils/credential.rs new file mode 100644 index 00000000..9243d168 --- /dev/null +++ b/tss-esapi/src/utils/credential.rs @@ -0,0 +1,291 @@ +// Copyright 2025 Contributors to the Parsec project. +// SPDX-License-Identifier: Apache-2.0 + +use core::{ + marker::PhantomData, + ops::{Add, Mul}, +}; + +use cfb_mode::cipher::{AsyncStreamCipher, BlockCipherEncrypt}; +use digest::{ + array::ArraySize, + consts::{B1, U8}, + crypto_common::{Iv, KeyIvInit, KeySizeUser, WeakKeyError}, + typenum::{ + operator_aliases::{Add1, Sum}, + Unsigned, + }, + Digest, FixedOutputReset, Key, KeyInit, Mac, OutputSizeUser, +}; +use ecdsa::elliptic_curve::{ + ecdh::{EphemeralSecret, SharedSecret}, + sec1::{Coordinates, FromEncodedPoint, ModulusSize, ToEncodedPoint}, + AffinePoint, Curve, CurveArithmetic, FieldBytesSize, PublicKey, +}; +use hmac::{EagerHash, Hmac}; +use log::error; +use rand::rng; + +#[cfg(feature = "rsa")] +use { + digest::DynDigest, + rand::Rng, + rsa::{Oaep, RsaPublicKey}, +}; + +use crate::{ + error::{Error, Result, WrapperErrorKind}, + structures::{EncryptedSecret, IdObject, Name}, + utils::kdf::{self}, +}; + +type WeakResult = core::result::Result; + +// [`TpmHmac`] intends to code for the key expected for hmac +// in the KDFa and KDFe derivations. There are no standard sizes for hmac keys really, +// upstream RustCrypto considers it to be [BlockSize], but TPM specification +// has a different opinion on the matter, and expect the key to the output +// bit size of the hash algorithm used. +// +// See https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=202 +// section 24.5 HMAC: +// bits the number of bits in the digest produced by ekNameAlg +// +// [BlockSize]: https://docs.rs/hmac/0.12.1/hmac/struct.HmacCore.html#impl-KeySizeUser-for-HmacCore%3CD%3E +struct TpmHmac(PhantomData); + +impl KeySizeUser for TpmHmac +where + H: OutputSizeUser, +{ + type KeySize = H::OutputSize; +} + +pub fn make_credential_ecc( + ek_public: PublicKey, + secret: &[u8], + key_name: Name, +) -> Result<(IdObject, EncryptedSecret)> +where + C: Curve + CurveArithmetic, + + AffinePoint: FromEncodedPoint + ToEncodedPoint, + FieldBytesSize: ModulusSize, + + as Add>::Output: Add>, + Sum, FieldBytesSize>: ArraySize, + Sum, FieldBytesSize>: Add, + Sum, FieldBytesSize>, U8>: Add, + Add1, FieldBytesSize>, U8>>: ArraySize, + + EkHash: Digest + EagerHash + FixedOutputReset, + ::OutputSize: Mul, + <::OutputSize as Mul>::Output: Unsigned, + <::Core as OutputSizeUser>::OutputSize: ArraySize + Mul, + <<::Core as OutputSizeUser>::OutputSize as Mul>::Output: Unsigned, + + EkCipher: KeySizeUser + BlockCipherEncrypt + KeyInit, + ::KeySize: Mul, + <::KeySize as Mul>::Output: ArraySize, +{ + let mut rng = rng(); + + loop { + // See Table 22 - Key Generation for the various labels used here after: + // https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=183 + + // C.6.4. ECC Secret Sharing for Credentials + // https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=311 + let local = EphemeralSecret::::random(&mut rng); + + let ecdh_secret: SharedSecret = local.diffie_hellman(&ek_public); + let local_public = local.public_key(); + drop(local); + + let seed = kdf::kdfe::>( + &ecdh_secret, + &local_public, + &ek_public, + )?; + drop(ecdh_secret); + + // The local ECDH pair is used as "encrypted seed" + let encoded_point = local_public.to_encoded_point(false); + let Coordinates::Uncompressed { + x: point_x, + y: point_y, + } = encoded_point.coordinates() + else { + // NOTE: The only way this could trigger would be for the local key to be identity. + error!("Couldn't compute coordinates for the local public key"); + return Err(Error::local_error(WrapperErrorKind::InvalidParam)); + }; + let encrypted_seed = { + let mut out = vec![]; + out.extend_from_slice(&FieldBytesSize::::U16.to_be_bytes()[..]); + out.extend_from_slice(point_x); + out.extend_from_slice(&FieldBytesSize::::U16.to_be_bytes()[..]); + out.extend_from_slice(point_y); + out + }; + let encrypted_secret = EncryptedSecret::from_bytes(&encrypted_seed)?; + + match secret_to_credential::(seed, secret, &key_name)? { + Ok(id_object) => return Ok((id_object, encrypted_secret)), + Err(WeakKeyError) => { + // 11.4.10.4 Rejection of weak keys + // https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=82 + + // The Key was considered weak, and we should re-run the creation of the encrypted + // secret. + continue; + } + } + } +} + +#[cfg(feature = "rsa")] +pub fn make_credential_rsa( + ek_public: &RsaPublicKey, + secret: &[u8], + key_name: Name, +) -> Result<(IdObject, EncryptedSecret)> +where + EkHash: Digest + DynDigest + Send + Sync + 'static, + EkHash: EagerHash + FixedOutputReset, + ::OutputSize: Mul, + <::OutputSize as Mul>::Output: Unsigned, + <::Core as OutputSizeUser>::OutputSize: ArraySize + Mul, + <<::Core as OutputSizeUser>::OutputSize as Mul>::Output: Unsigned, + + EkCipher: KeySizeUser + BlockCipherEncrypt + KeyInit, + ::KeySize: Mul, + <::KeySize as Mul>::Output: ArraySize, +{ + let mut rng = rng(); + + loop { + // See Table 22 - Key Generation for the various labels used here after: + // https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=183 + + // B.10.4 RSA Secret Sharing for Credentials + // https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=302 + let random_seed = { + let mut out = Key::>::default(); + rng.fill(out.as_mut_slice()); + out + }; + + // The random seed is then encrypted with RSA-OAEP + // + // B.4 RSAES_OAEP + // https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=297 + // + // The label is a byte-stream whose last byte must be zero + // + // B.10.4. RSA Secret Sharing for Credentials + // https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=302 + // + // The label is going to be "IDENTITY" for secret sharing. + let encrypted_seed = { + let padding = Oaep::new_with_label::(b"IDENTITY\0".to_vec()); + ek_public + .encrypt(&mut rng, padding, &random_seed[..]) + .map_err(|e| { + error!("RSA OAEP encryption error: {e}"); + Error::local_error(WrapperErrorKind::InternalError) + })? + }; + let encrypted_secret = EncryptedSecret::from_bytes(&encrypted_seed)?; + + match secret_to_credential::(random_seed, secret, &key_name)? { + Ok(id_object) => return Ok((id_object, encrypted_secret)), + Err(WeakKeyError) => { + // 11.4.10.4 Rejection of weak keys + // https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=82 + + // The Key was considered weak, and we should re-run the creation of the encrypted + // secret. + continue; + } + } + } +} + +fn secret_to_credential( + seed: Key>, + secret: &[u8], + key_name: &Name, +) -> Result> +where + EkHash: Digest + EagerHash + FixedOutputReset, + ::OutputSize: Mul, + <::OutputSize as Mul>::Output: Unsigned, + <::Core as OutputSizeUser>::OutputSize: ArraySize + Mul, + <<::Core as OutputSizeUser>::OutputSize as Mul>::Output: Unsigned, + + EkCipher: KeySizeUser + BlockCipherEncrypt + KeyInit, + ::KeySize: Mul, + <::KeySize as Mul>::Output: ArraySize, +{ + // Prepare the sensitive data + // this will be then encrypted using AES-CFB (size of the symmetric key depends on the EK). + // NOTE(security): no need to zeroize it, content is rewritten in place with the encrypted version + let mut sensitive_data = { + let mut out = vec![]; + out.extend_from_slice( + &u16::try_from(secret.len()) + .map_err(|_| { + error!("secret may only be 2^16 bytes long"); + Error::local_error(WrapperErrorKind::WrongParamSize) + })? + .to_be_bytes()[..], + ); + out.extend_from_slice(secret); + out + }; + + // We'll now encrypt the sensitive data, and hmac the result of the encryption + // https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=201 + // See 24.4 Symmetric Encryption + let sym_key = kdf::kdfa::(&seed, key_name.value(), &[])?; + + if EkCipher::weak_key_test(&sym_key).is_ok() { + // 11.4.10.4 Rejection of weak keys + // https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=82 + // The Key was considered weak, and we should re-run the creation of the encrypted + // secret. + + return Ok(Err(WeakKeyError)); + } + + let iv: Iv> = Default::default(); + + cfb_mode::Encryptor::::new(&sym_key, &iv).encrypt(&mut sensitive_data); + + // See 24.5 HMAC + let hmac_key = kdf::kdfa::>(&seed, &[], &[])?; + let mut hmac = Hmac::::new_from_slice(&hmac_key).map_err(|e| { + error!("HMAC initialization error: {e}"); + Error::local_error(WrapperErrorKind::WrongParamSize) + })?; + Mac::update(&mut hmac, &sensitive_data); + Mac::update(&mut hmac, key_name.value()); + let hmac = hmac.finalize(); + + // We'll now serialize the object and get everything through the door. + let mut out = vec![]; + out.extend_from_slice( + &u16::try_from(hmac.into_bytes().len()) + .map_err(|_| { + // NOTE: this shouldn't ever trigger ... but ... + error!("HMAC output may only be 2^16 bytes long"); + Error::local_error(WrapperErrorKind::WrongParamSize) + })? + .to_be_bytes()[..], + ); + out.extend_from_slice(&hmac.into_bytes()); + out.extend_from_slice(&sensitive_data); + + IdObject::from_bytes(&out).map(Ok) +} diff --git a/tss-esapi/src/utils/kdf.rs b/tss-esapi/src/utils/kdf.rs new file mode 100644 index 00000000..74b2f381 --- /dev/null +++ b/tss-esapi/src/utils/kdf.rs @@ -0,0 +1,243 @@ +// Copyright 2025 Contributors to the Parsec project. +// SPDX-License-Identifier: Apache-2.0 + +use core::ops::{Add, Mul}; + +use digest::{ + array::{Array, ArraySize}, + consts::{B1, U3, U6, U7, U8, U9}, + crypto_common::KeySizeUser, + typenum::{ + operator_aliases::{Add1, Sum}, + Unsigned, + }, + Digest, FixedOutputReset, Key, OutputSizeUser, +}; +use ecdsa::elliptic_curve::{ + ecdh::SharedSecret, + point::AffineCoordinates, + sec1::{FromEncodedPoint, ModulusSize, ToEncodedPoint}, + AffinePoint, Curve, CurveArithmetic, FieldBytesSize, PublicKey, +}; +use hmac::{EagerHash, Hmac}; +use kbkdf::{Counter, Kbkdf, Params}; +use log::error; + +use crate::{Error, Result, WrapperErrorKind}; + +/// Label to be applied when deriving a key with either [`kdfa`] or [`kdfe`] +// Note: until generic_const_expr stabilize, we will have to carry a const parameter on the trait, +// once that's stable, we should be able to do `const LABEL: [u8; Self::LabelSize]` +// Until then, the preferred implementation would be using `impl_kdf_label` macro, as it should be +// misuse-resistant. +pub trait KdfLabel { + type LabelSize: Unsigned; + const LABEL: &'static [u8]; +} + +macro_rules! impl_kdf_label { + ($usage:ty, $size: ty, $value: expr) => { + impl KdfLabel for $usage { + type LabelSize = $size; + const LABEL: &'static [u8] = { + // This is only to make sure at compile-time the label has the correct size + let _: [u8; <$size>::USIZE] = *$value; + $value + }; + } + }; +} + +#[derive(Copy, Clone, Debug)] +pub struct Secret; +impl_kdf_label!(Secret, U6, b"SECRET"); + +#[derive(Copy, Clone, Debug)] +pub struct Context; +impl_kdf_label!(Context, U7, b"CONTEXT"); + +#[derive(Copy, Clone, Debug)] +pub struct Obfuscate; +impl_kdf_label!(Obfuscate, U9, b"OBFUSCATE"); + +#[derive(Copy, Clone, Debug)] +pub struct Storage; +impl_kdf_label!(Storage, U7, b"STORAGE"); + +#[derive(Copy, Clone, Debug)] +pub struct Integrity; +impl_kdf_label!(Integrity, U9, b"INTEGRITY"); + +#[derive(Copy, Clone, Debug)] +pub struct Commit; +impl_kdf_label!(Commit, U6, b"COMMIT"); + +#[derive(Copy, Clone, Debug)] +pub struct Cfb; +impl_kdf_label!(Cfb, U3, b"CFB"); + +#[derive(Copy, Clone, Debug)] +pub struct Xor; +impl_kdf_label!(Xor, U3, b"XOR"); + +#[derive(Copy, Clone, Debug)] +pub struct Session; +impl_kdf_label!(Session, U7, b"SESSION"); + +#[derive(Copy, Clone, Debug)] +pub struct Identity; +impl_kdf_label!(Identity, U8, b"IDENTITY"); + +type LabelAndUAndV = Add1, FieldBytesSize>, N>>; + +pub fn kdfa(key: &[u8], context_u: &[u8], context_v: &[u8]) -> Result> +where + L: KdfLabel, + + H: Digest + FixedOutputReset + EagerHash, + K: KeySizeUser, + + K::KeySize: ArraySize + Mul, + >::Output: Unsigned, + + <::Core as OutputSizeUser>::OutputSize: ArraySize + Mul, + <<::Core as OutputSizeUser>::OutputSize as Mul>::Output: Unsigned, +{ + let mut context = Vec::with_capacity(context_u.len() + context_v.len()); + context.extend_from_slice(context_u); + context.extend_from_slice(context_v); + + let kdf = Counter::, K>::default(); + kdf.derive( + Params::builder(key) + .with_label(L::LABEL) + .with_context(&context) + .build(), + ) + .map_err(|e| { + error!("KDFa derivation error: {e}"); + Error::local_error(WrapperErrorKind::InternalError) + }) +} + +pub fn kdfe( + z: &SharedSecret, + party_u_info: &PublicKey, + party_v_info: &PublicKey, +) -> Result> +where + L: KdfLabel, + + H: Digest + FixedOutputReset, + C: Curve + CurveArithmetic, + K: KeySizeUser, + + AffinePoint: FromEncodedPoint + ToEncodedPoint, + FieldBytesSize: ModulusSize, + + as Add>::Output: Add>, + Sum, FieldBytesSize>: Add, + Sum, FieldBytesSize>, L::LabelSize>: Add, + Add1, FieldBytesSize>, L::LabelSize>>: ArraySize, +{ + let mut key = Key::::default(); + + let mut other_info = Array::>::default(); + other_info[..L::LabelSize::USIZE].copy_from_slice(L::LABEL); + other_info[L::LabelSize::USIZE] = 0; + + other_info[L::LabelSize::USIZE + 1..L::LabelSize::USIZE + 1 + FieldBytesSize::::USIZE] + .copy_from_slice(&party_u_info.as_affine().x()); + other_info[L::LabelSize::USIZE + 1 + FieldBytesSize::::USIZE..] + .copy_from_slice(&party_v_info.as_affine().x()); + + concat_kdf::derive_key_into::(z.raw_secret_bytes(), &other_info, &mut key).map_err(|e| { + error!("KDFe derivation error: {e}"); + Error::local_error(WrapperErrorKind::InternalError) + })?; + + Ok(key) +} + +#[cfg(test)] +mod tests { + use super::*; + + use aes::Aes256; + use hex_literal::hex; + use sha2::Sha256; + + #[test] + fn test_kdfe() { + struct Vector { + shared_secret: [u8; S], + local_key: [u8; K], + remote_key: [u8; K], + expected: [u8; E], + } + + // Test vectors here were manually generated from tpm2-pytss + static TEST_VECTORS_SHA256: [Vector< + { FieldBytesSize::::USIZE }, + { as ModulusSize>::CompressedPointSize::USIZE }, + 32, + >; 2] = [ + Vector { + shared_secret: hex!( + "c75afb6f49c941ef194b232d7615769f5152d20de5dee19a991067f337dd65bc" + ), + local_key: hex!( + "031ba4030de068a2f07919c42ef6b19f302884f35f45e7d4e4bb90ffbb0bd9d099" + ), + remote_key: hex!( + "038f2b219a29c2ff9ba69cedff2d08d33a5dbca3da6bc8af8acd3ff6f5ec4dfbef" + ), + expected: hex!("e3a0079db19724f9b76101e9364c4a149cea3501336abc3b603f94b22b6309a5"), + }, + Vector { + shared_secret: hex!( + "a90a1c095155428500ed19e87c0df078df3dd2e66a0e3bbe664ba9ff62113b4a" + ), + local_key: hex!( + "03e9c7d6a853ba6176b65ec2f328bdea25f61c4e1b23a4e1c08e1da8c723381a04" + ), + remote_key: hex!( + "036ccf059628d3cdf8e1b4c4ba6d14696ba51cc8d4a96df4016f0b214782d5cee6" + ), + expected: hex!("865f8093e2c4b801dc8c236eeb2806c7b1c51c2cb04101c035f7f2511ea0aeda"), + }, + ]; + + for v in &TEST_VECTORS_SHA256 { + let out = kdfe::( + &SharedSecret::from(Array::from(v.shared_secret)), + &PublicKey::try_from(Array::from(v.local_key)).unwrap(), + &PublicKey::try_from(Array::from(v.remote_key)).unwrap(), + ) + .unwrap(); + assert_eq!(out, v.expected); + } + } + + #[test] + fn test_kdfa() { + struct Vector { + key: &'static [u8], + context_u: &'static [u8], + context_v: &'static [u8], + expected: &'static [u8], + } + + static TEST_VECTORS_SHA256: [Vector; 1] = [Vector { + key: &hex!("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"), + context_u: b"", + context_v: &hex!("0506070809"), + expected: &hex!("de275f7f5cfeaac226b30d42377903b34705f178730d96400ccafb736e3d28a4"), + }]; + + for v in &TEST_VECTORS_SHA256 { + let out = kdfa::(&v.key, &v.context_u, &v.context_v).unwrap(); + assert_eq!(out.as_slice(), v.expected); + } + } +} diff --git a/tss-esapi/src/utils/mod.rs b/tss-esapi/src/utils/mod.rs index 3bce9096..89729c76 100644 --- a/tss-esapi/src/utils/mod.rs +++ b/tss-esapi/src/utils/mod.rs @@ -23,6 +23,16 @@ use crate::{Context, Error, Result, WrapperErrorKind}; use std::convert::TryFrom; use zeroize::Zeroize; +#[cfg(feature = "rustcrypto")] +mod credential; +#[cfg(feature = "rustcrypto")] +pub mod kdf; + +#[cfg(feature = "rustcrypto")] +pub use self::credential::make_credential_ecc; +#[cfg(all(feature = "rustcrypto", feature = "rsa"))] +pub use self::credential::make_credential_rsa; + /// Create the [Public] structure for a restricted decryption key. /// /// * `symmetric` - Cipher to be used for decrypting children of the key diff --git a/tss-esapi/tests/integration_tests/abstraction_tests/credential_tests.rs b/tss-esapi/tests/integration_tests/abstraction_tests/credential_tests.rs new file mode 100644 index 00000000..58b86c2e --- /dev/null +++ b/tss-esapi/tests/integration_tests/abstraction_tests/credential_tests.rs @@ -0,0 +1,222 @@ +// Copyright 2025 Contributors to the Parsec project. +// SPDX-License-Identifier: Apache-2.0 + +use tss_esapi::{ + abstraction::{ak, ek, AsymmetricAlgorithmSelection}, + attributes::SessionAttributesBuilder, + constants::SessionType, + handles::AuthHandle, + interface_types::{ + algorithm::{HashingAlgorithm, SignatureSchemeAlgorithm}, + ecc::EccCurve, + key_bits::RsaKeyBits, + session_handles::PolicySession, + }, + structures::{Digest, SymmetricDefinition}, + utils, +}; + +use elliptic_curve::PublicKey; +use rsa::RsaPublicKey; + +use crate::common::create_ctx_without_session; + +#[test] +fn test_credential_ecc() { + let mut context = create_ctx_without_session(); + + let ek_ecc = ek::create_ek_object( + &mut context, + AsymmetricAlgorithmSelection::Ecc(EccCurve::NistP256), + None, + ) + .unwrap(); + + let (ek_pub, _, _) = context.read_public(ek_ecc).unwrap(); + + let ak_res = ak::create_ak( + &mut context, + ek_ecc, + HashingAlgorithm::Sha384, + AsymmetricAlgorithmSelection::Ecc(EccCurve::NistP384), + SignatureSchemeAlgorithm::EcDsa, + None, + None, + ) + .unwrap(); + + let ak_ecc = ak::load_ak( + &mut context, + ek_ecc, + None, + ak_res.out_private, + ak_res.out_public, + ) + .unwrap(); + + let (_, key_name, _) = context.read_public(ak_ecc).unwrap(); + let cred = vec![1, 2, 3, 4, 5]; + let expected = Digest::try_from(vec![1, 2, 3, 4, 5]).unwrap(); + + let (credential_blob, secret) = utils::make_credential_ecc::<_, sha2::Sha256, aes::Aes128>( + PublicKey::::try_from(&ek_pub).unwrap(), + &cred, + key_name, + ) + .expect("Create credential"); + + let (session_attributes, session_attributes_mask) = SessionAttributesBuilder::new().build(); + let session_1 = context + .start_auth_session( + None, + None, + None, + SessionType::Hmac, + SymmetricDefinition::AES_256_CFB, + HashingAlgorithm::Sha256, + ) + .expect("Failed to call start_auth_session") + .expect("Failed invalid session value"); + context + .tr_sess_set_attributes(session_1, session_attributes, session_attributes_mask) + .unwrap(); + + let session_2 = context + .start_auth_session( + None, + None, + None, + SessionType::Policy, + SymmetricDefinition::AES_256_CFB, + HashingAlgorithm::Sha256, + ) + .expect("Failed to call start_auth_session") + .expect("Failed invalid session value"); + context + .tr_sess_set_attributes(session_2, session_attributes, session_attributes_mask) + .expect("Failed to call tr_sess_set_attributes"); + + let _ = context + .execute_with_session(Some(session_1), |ctx| { + ctx.policy_secret( + PolicySession::try_from(session_2) + .expect("Failed to convert auth session to policy session"), + AuthHandle::Endorsement, + Default::default(), + Default::default(), + Default::default(), + None, + ) + }) + .unwrap(); + + context.set_sessions((Some(session_1), Some(session_2), None)); + let decrypted = context + .activate_credential(ak_ecc, ek_ecc, credential_blob, secret) + .unwrap(); + + assert_eq!(expected, decrypted); + + context.flush_context(ek_ecc.into()).unwrap(); + context.flush_context(ak_ecc.into()).unwrap(); +} + +#[test] +fn test_credential_rsa() { + let mut context = create_ctx_without_session(); + + let ek_rsa = ek::create_ek_object( + &mut context, + AsymmetricAlgorithmSelection::Rsa(RsaKeyBits::Rsa2048), + None, + ) + .unwrap(); + + let (ek_pub, _, _) = context.read_public(ek_rsa).unwrap(); + + let ak_res = ak::create_ak( + &mut context, + ek_rsa, + HashingAlgorithm::Sha256, + AsymmetricAlgorithmSelection::Rsa(RsaKeyBits::Rsa2048), + SignatureSchemeAlgorithm::RsaPss, + None, + None, + ) + .unwrap(); + + let ak_rsa = ak::load_ak( + &mut context, + ek_rsa, + None, + ak_res.out_private, + ak_res.out_public, + ) + .unwrap(); + + let (_, key_name, _) = context.read_public(ak_rsa).unwrap(); + let cred = vec![1, 2, 3, 4, 5]; + let expected = Digest::try_from(vec![1, 2, 3, 4, 5]).unwrap(); + + let (credential_blob, secret) = utils::make_credential_rsa::( + &RsaPublicKey::try_from(&ek_pub).unwrap(), + &cred, + key_name, + ) + .expect("Create credential"); + + let (session_attributes, session_attributes_mask) = SessionAttributesBuilder::new().build(); + let session_1 = context + .start_auth_session( + None, + None, + None, + SessionType::Hmac, + SymmetricDefinition::AES_256_CFB, + HashingAlgorithm::Sha256, + ) + .expect("Failed to call start_auth_session") + .expect("Failed invalid session value"); + context + .tr_sess_set_attributes(session_1, session_attributes, session_attributes_mask) + .unwrap(); + + let session_2 = context + .start_auth_session( + None, + None, + None, + SessionType::Policy, + SymmetricDefinition::AES_256_CFB, + HashingAlgorithm::Sha256, + ) + .expect("Failed to call start_auth_session") + .expect("Failed invalid session value"); + context + .tr_sess_set_attributes(session_2, session_attributes, session_attributes_mask) + .expect("Failed to call tr_sess_set_attributes"); + + let _ = context + .execute_with_session(Some(session_1), |ctx| { + ctx.policy_secret( + PolicySession::try_from(session_2) + .expect("Failed to convert auth session to policy session"), + AuthHandle::Endorsement, + Default::default(), + Default::default(), + Default::default(), + None, + ) + }) + .unwrap(); + + context.set_sessions((Some(session_1), Some(session_2), None)); + let decrypted = context + .activate_credential(ak_rsa, ek_rsa, credential_blob, secret) + .unwrap(); + + assert_eq!(expected, decrypted); + + context.flush_context(ek_rsa.into()).unwrap(); + context.flush_context(ak_rsa.into()).unwrap(); +} diff --git a/tss-esapi/tests/integration_tests/abstraction_tests/mod.rs b/tss-esapi/tests/integration_tests/abstraction_tests/mod.rs index 2d56d05e..0e2b500a 100644 --- a/tss-esapi/tests/integration_tests/abstraction_tests/mod.rs +++ b/tss-esapi/tests/integration_tests/abstraction_tests/mod.rs @@ -1,6 +1,7 @@ // Copyright 2021 Contributors to the Parsec project. // SPDX-License-Identifier: Apache-2.0 mod ak_tests; +mod credential_tests; mod ek_tests; mod no_tpm; mod nv_tests; diff --git a/tss-esapi/tests/integration_tests/abstraction_tests/public_tests.rs b/tss-esapi/tests/integration_tests/abstraction_tests/public_tests.rs index 582d9817..f47ddf48 100644 --- a/tss-esapi/tests/integration_tests/abstraction_tests/public_tests.rs +++ b/tss-esapi/tests/integration_tests/abstraction_tests/public_tests.rs @@ -2,7 +2,7 @@ // SPDX-License-Identifier: Apache-2.0 mod public_rsa_test { - use rsa::{pkcs1, traits::PublicKeyParts, BigUint}; + use rsa::{pkcs1, traits::PublicKeyParts, BoxedUint}; use std::convert::TryFrom; use tss_esapi::{ attributes::ObjectAttributesBuilder, @@ -71,11 +71,11 @@ mod public_rsa_test { #[test] fn test_public_to_decoded_key_rsa() { let public_rsa = get_ext_rsa_pub(); - let default_exponent = BigUint::from(RSA_DEFAULT_EXP); + let default_exponent = BoxedUint::from(RSA_DEFAULT_EXP); let key = rsa::RsaPublicKey::try_from(&public_rsa) .expect("Failed to convert Public structure to DecodedKey (RSA)."); assert_eq!(key.e(), &default_exponent, "RSA exponents are not equal."); - assert_eq!(key.n().to_bytes_be(), RSA_KEY); + assert_eq!(key.n_bytes().as_ref(), RSA_KEY); } #[test] @@ -83,7 +83,7 @@ mod public_rsa_test { let public_rsa = get_ext_rsa_pub(); let key = SubjectPublicKeyInfoOwned::try_from(&public_rsa) .expect("Failed to convert Public structure to SubjectPublicKeyInfo (RSA)."); - let default_exponent = BigUint::from(RSA_DEFAULT_EXP); + let default_exponent = BoxedUint::from(RSA_DEFAULT_EXP); assert_eq!(key.algorithm, pkcs1::ALGORITHM_ID.ref_to_owned()); let pkcs1_key = pkcs1::RsaPublicKey::try_from( key.subject_public_key @@ -94,7 +94,7 @@ mod public_rsa_test { assert_eq!( pkcs1_key.public_exponent.as_bytes(), - default_exponent.to_bytes_be() + default_exponent.to_be_bytes().as_ref() ); assert_eq!(pkcs1_key.modulus.as_bytes(), RSA_KEY); } diff --git a/tss-esapi/tests/integration_tests/abstraction_tests/transient_key_context_tests.rs b/tss-esapi/tests/integration_tests/abstraction_tests/transient_key_context_tests.rs index cd41a8c6..88db98fb 100644 --- a/tss-esapi/tests/integration_tests/abstraction_tests/transient_key_context_tests.rs +++ b/tss-esapi/tests/integration_tests/abstraction_tests/transient_key_context_tests.rs @@ -518,7 +518,7 @@ fn ctx_migration_test() { // one for just the public part of the key let mut basic_ctx = crate::common::create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let prim_key_handle = basic_ctx .create_primary( @@ -902,10 +902,10 @@ fn sign_csr() { let subject = Name::from_str("CN=tpm.example").expect("Parse common name"); let signer = EcSigner::::new((Mutex::new(&mut ctx), tpm_km, key_params, None)) .expect("Create a signer"); - let builder = RequestBuilder::new(subject, &signer).expect("Create certificate request"); + let builder = RequestBuilder::new(subject).expect("Create certificate request"); let cert_req = builder - .build::() + .build::<_, p256::ecdsa::DerSignature>(&signer) .expect("Sign a CSR"); println!( diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/asymmetric_primitives_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/asymmetric_primitives_tests.rs index c42f60e6..19653433 100644 --- a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/asymmetric_primitives_tests.rs +++ b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/asymmetric_primitives_tests.rs @@ -20,7 +20,7 @@ mod test_rsa_encrypt_decrypt { fn test_encrypt_decrypt() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -61,7 +61,7 @@ mod test_rsa_encrypt_decrypt { fn test_ecdh() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let ecc_parms = PublicEccParametersBuilder::new() diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/context_management_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/context_management_tests.rs index b2a3adca..8f204b37 100644 --- a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/context_management_tests.rs +++ b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/context_management_tests.rs @@ -8,7 +8,7 @@ mod test_ctx_save { fn test_ctx_save() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -29,7 +29,7 @@ mod test_ctx_save { fn test_ctx_save_leaf() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let prim_key_handle = context @@ -73,7 +73,7 @@ mod test_ctx_load { fn test_ctx_load() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let prim_key_handle = context .create_primary( @@ -116,7 +116,7 @@ mod test_flush_context { fn test_flush_ctx() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -138,7 +138,7 @@ mod test_flush_context { fn test_flush_parent_ctx() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let prim_key_handle = context diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/enhanced_authorization_ea_commands_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/enhanced_authorization_ea_commands_tests.rs index f7a39dcf..aaf0fcbc 100644 --- a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/enhanced_authorization_ea_commands_tests.rs +++ b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/enhanced_authorization_ea_commands_tests.rs @@ -518,7 +518,7 @@ mod test_policy_authorize { fn test_policy_authorize() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/hierarchy_commands_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/hierarchy_commands_tests.rs index 4fc73dea..5240b670 100644 --- a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/hierarchy_commands_tests.rs +++ b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/hierarchy_commands_tests.rs @@ -10,7 +10,7 @@ mod test_create_primary { fn test_create_primary() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -95,7 +95,7 @@ mod test_change_auth { .unwrap(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let new_key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let new_private = context @@ -111,7 +111,7 @@ mod test_change_auth { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let new_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); // NOTE: If this test failed on your system, you are probably running it against a diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/object_commands_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/object_commands_tests.rs index a6b037ed..1cc1e9f8 100644 --- a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/object_commands_tests.rs +++ b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/object_commands_tests.rs @@ -8,7 +8,7 @@ mod test_create { fn test_create() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let prim_key_handle = context @@ -44,7 +44,7 @@ mod test_load { fn test_load() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let prim_key_handle = context @@ -238,7 +238,7 @@ mod test_read_public { fn test_read_public() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/signing_and_signature_verification_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/signing_and_signature_verification_tests.rs index 499aa9fd..f23bc118 100644 --- a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/signing_and_signature_verification_tests.rs +++ b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/signing_and_signature_verification_tests.rs @@ -12,7 +12,7 @@ mod test_verify_signature { fn test_verify_signature() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -49,7 +49,7 @@ mod test_verify_signature { fn test_verify_wrong_signature() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -96,7 +96,7 @@ mod test_verify_signature { fn test_verify_wrong_signature_2() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -133,7 +133,7 @@ mod test_verify_signature { fn test_verify_wrong_signature_3() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -203,7 +203,7 @@ mod test_sign { fn test_sign() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -232,7 +232,7 @@ mod test_sign { fn test_sign_empty_digest() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -261,7 +261,7 @@ mod test_sign { fn test_sign_large_digest() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -297,7 +297,7 @@ mod test_sign { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -306,7 +306,7 @@ mod test_sign { .key_handle; let mut random = vec![0u8; 47]; - getrandom::getrandom(&mut random).unwrap(); + getrandom::fill(&mut random).unwrap(); let signer = EcSigner::::new((Mutex::new(&mut context), key_handle)).unwrap(); let verifying_key = signer.verifying_key(); @@ -320,7 +320,7 @@ mod test_sign { fn test_sign_signer_rsa_pkcs() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let key_handle = context @@ -336,7 +336,7 @@ mod test_sign { .key_handle; let mut payload = vec![0u8; 47]; - getrandom::getrandom(&mut payload).unwrap(); + getrandom::fill(&mut payload).unwrap(); let signer = RsaPkcsSigner::<_, sha2::Sha256>::new((Mutex::new(&mut context), key_handle)).unwrap(); @@ -354,7 +354,7 @@ mod test_sign { fn test_sign_signer_rsa_pss() { let mut context = create_ctx_with_session(); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).unwrap(); + getrandom::fill(&mut random_digest).unwrap(); let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap(); let rsa_pss = utils::create_unrestricted_signing_rsa_public( @@ -371,7 +371,7 @@ mod test_sign { .key_handle; let mut payload = vec![0u8; 47]; - getrandom::getrandom(&mut payload).unwrap(); + getrandom::fill(&mut payload).unwrap(); let signer = RsaPssSigner::<_, sha2::Sha256>::new((Mutex::new(&mut context), key_handle)).unwrap(); diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/symmetric_primitives_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/symmetric_primitives_tests.rs index 165e97bc..c2518fee 100644 --- a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/symmetric_primitives_tests.rs +++ b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/symmetric_primitives_tests.rs @@ -25,7 +25,7 @@ mod test_encrypt_decrypt_2 { .expect("Failed to set auth to empty for owner"); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).expect("get_rand call failed"); + getrandom::fill(&mut random_digest).expect("get_rand call failed"); let primary_key_auth = Auth::from_bytes(random_digest.as_slice()).expect("Failed to create primary key auth"); @@ -70,7 +70,7 @@ mod test_encrypt_decrypt_2 { .expect("Failed to create public for symmetric key public"); let mut random_digest = vec![0u8; 16]; - getrandom::getrandom(&mut random_digest).expect("get_rand call failed"); + getrandom::fill(&mut random_digest).expect("get_rand call failed"); let symmetric_key_auth = Auth::from_bytes(random_digest.as_slice()) .expect("Failed to create symmetric key auth");