bump rustcrypto dependencies to pre-release

Author: baloo

Cargo.toml

@@ -1,3 +1,9 @@
 [workspace]
 resolver = "2"
 members = ["tss-esapi", "tss-esapi-sys"]
+
+[patch.crates-io]
+p192 = { git = "https://github.com/RustCrypto/elliptic-curves.git" }
+p224 = { git = "https://github.com/RustCrypto/elliptic-curves.git" }
+sm2 = { git = "https://github.com/RustCrypto/elliptic-curves.git" }
+

tss-esapi/Cargo.toml

@@ -34,22 +34,22 @@ hostname-validator = "1.1.0"
 regex = "1.3.9"
 zeroize = { version = "1.5.7", features = ["zeroize_derive"] }
 tss-esapi-sys = { path = "../tss-esapi-sys", version = "0.5.0" }
-x509-cert = { version = "0.2.0", optional = true }
-ecdsa = { version = "0.16.9", features = ["der", "hazmat", "arithmetic", "verifying"], optional = true }
-elliptic-curve = { version = "0.13.8", optional = true, features = ["alloc", "pkcs8"] }
-p192 = { version = "0.13.0", optional = true }
-p224 = { version = "0.13.2", optional = true }
-p256 = { version = "0.13.2", optional = true }
-p384 = { version = "0.13.0", optional = true }
-p521 = { version = "0.13.3", optional = true }
-rsa = { version = "0.9", optional = true }
-sha1 = { version = "0.10.6", optional = true }
-sha2 = { version = "0.10.8", optional = true }
-sha3 = { version = "0.10.8", optional = true }
-sm2 = { version = "0.13.3", optional = true }
-sm3 = { version = "0.4.2", optional = true }
-digest = "0.10.7"
-signature = { version = "2.2.0", features = ["std"], optional = true}
+x509-cert = { version = "0.3.0-pre.0", optional = true }
+ecdsa = { version = "0.17.0-pre.9", features = ["der", "hazmat", "arithmetic", "verifying"], optional = true }
+elliptic-curve = { version = "0.14.0-rc.1", optional = true, features = ["alloc", "pkcs8"] }
+p192 = { version = "0.14.0-pre", optional = true }
+p224 = { version = "0.14.0-pre", optional = true }
+p256 = { version = "0.14.0-pre.2", optional = true }
+p384 = { version = "0.14.0-pre.2", optional = true }
+p521 = { version = "0.14.0-pre.2", optional = true }
+rsa = { version = "0.10.0-pre.3", optional = true }
+sha1 = { version = "0.11.0-pre.4", optional = true }
+sha2 = { version = "0.11.0-pre.4", optional = true }
+sha3 = { version = "0.11.0-pre.4", optional = true }
+sm2 = { version = "0.14.0-pre", optional = true }
+sm3 = { version = "0.5.0-pre.4", optional = true }
+digest = "0.11.0-pre.9"
+signature = { version = "2.3.0-pre.4", features = ["std"], optional = true}
 cfg-if = "1.0.0"
 strum = { version = "0.26.3", optional = true }
 strum_macros = { version = "0.26.4", optional = true }
@@ -59,14 +59,14 @@ getrandom = "0.2.11"
 [dev-dependencies]
 env_logger = "0.11.5"
 serde_json = "^1.0.108"
-sha2 = { version = "0.10.8", features = ["oid"] }
+sha2 = { version = "0.11.0-pre.4", features = ["oid"] }
 tss-esapi = { path = ".", features = [
     "integration-tests",
     "serde",
     "abstraction",
     "rustcrypto-full",
 ] }
-x509-cert = { version = "0.2.0", features = ["builder"] }
+x509-cert = { version = "0.3.0-pre.0", features = ["builder"] }
 
 [build-dependencies]
 semver = "1.0.7"
@@ -79,3 +79,4 @@ integration-tests = ["strum", "strum_macros"]
 
 rustcrypto = ["ecdsa", "elliptic-curve", "signature", "x509-cert"]
 rustcrypto-full = ["rustcrypto", "p192", "p224", "p256", "p384", "p521", "rsa", "sha1", "sha2", "sha3", "sm2", "sm3"]
+

tss-esapi/src/abstraction/public.rs

@@ -8,7 +8,7 @@ use crate::{Error, WrapperErrorKind};
 
 use core::convert::TryFrom;
 use elliptic_curve::{
-    generic_array::typenum::Unsigned,
+    array::typenum::Unsigned,
     sec1::{EncodedPoint, FromEncodedPoint, ModulusSize, ToEncodedPoint},
     AffinePoint, CurveArithmetic, FieldBytesSize, PublicKey,
 };
@@ -46,15 +46,13 @@ where
                 let x = unique.x().as_bytes();
                 let y = unique.y().as_bytes();
 
-                if x.len() != FieldBytesSize::<C>::USIZE {
-                    return Err(Error::local_error(WrapperErrorKind::InvalidParam));
-                }
-                if y.len() != FieldBytesSize::<C>::USIZE {
-                    return Err(Error::local_error(WrapperErrorKind::InvalidParam));
-                }
-
-                let encoded_point =
-                    EncodedPoint::<C>::from_affine_coordinates(x.into(), y.into(), false);
+                let encoded_point = EncodedPoint::<C>::from_affine_coordinates(
+                    x.try_into()
+                        .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?,
+                    y.try_into()
+                        .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?,
+                    false,
+                );
                 let public_key = PublicKey::<C>::try_from(&encoded_point)
                     .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?;
 
@@ -162,17 +160,21 @@ where
                 let x = x.as_slice();
                 let y = y.as_slice();
 
-                // TODO: When elliptic_curve bumps to 0.14, we can use the TryFrom implementation instead
-                // of checking lengths manually
                 if x.len() != FieldBytesSize::<C>::USIZE {
                     return Err(Error::local_error(WrapperErrorKind::InvalidParam));
                 }
                 if y.len() != FieldBytesSize::<C>::USIZE {
                     return Err(Error::local_error(WrapperErrorKind::InvalidParam));
                 }
 
-                let encoded_point =
-                    EncodedPoint::<C>::from_affine_coordinates(x.into(), y.into(), false);
+                let encoded_point = EncodedPoint::<C>::from_affine_coordinates(
+                    x.try_into()
+                        .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?,
+                    y.try_into()
+                        .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?,
+                    false,
+                );
+
                 let public_key = PublicKey::<C>::try_from(&encoded_point)
                     .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?;
 

tss-esapi/src/abstraction/signatures.rs

@@ -5,9 +5,9 @@ use crate::{structures::EccSignature, Error, Result, WrapperErrorKind};
 
 use std::convert::TryFrom;
 
-use ecdsa::SignatureSize;
+use ecdsa::{EcdsaCurve, SignatureSize};
 use elliptic_curve::{
-    generic_array::{typenum::Unsigned, ArrayLength},
+    array::{typenum::Unsigned, ArraySize},
     FieldBytes, FieldBytesSize, PrimeCurve,
 };
 
@@ -16,8 +16,8 @@ use crate::structures::Signature;
 
 impl<C> TryFrom<EccSignature> for ecdsa::Signature<C>
 where
-    C: PrimeCurve,
-    SignatureSize<C>: ArrayLength<u8>,
+    C: PrimeCurve + EcdsaCurve,
+    SignatureSize<C>: ArraySize,
 {
     type Error = Error;
 
@@ -33,8 +33,12 @@ where
         }
 
         let signature = ecdsa::Signature::from_scalars(
-            FieldBytes::<C>::from_slice(r).clone(),
-            FieldBytes::<C>::from_slice(s).clone(),
+            FieldBytes::<C>::try_from(r)
+                .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?
+                .clone(),
+            FieldBytes::<C>::try_from(s)
+                .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?
+                .clone(),
         )
         .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?;
         Ok(signature)

tss-esapi/src/abstraction/transient/signer.rs

@@ -21,11 +21,11 @@ use std::{convert::TryFrom, ops::Add, sync::Mutex};
 use digest::{Digest, FixedOutput, Output};
 use ecdsa::{
     der::{MaxOverhead, MaxSize, Signature as DerSignature},
-    hazmat::{DigestPrimitive, SignPrimitive},
-    Signature, SignatureSize, VerifyingKey,
+    hazmat::DigestPrimitive,
+    EcdsaCurve, Signature, SignatureSize, VerifyingKey,
 };
 use elliptic_curve::{
-    generic_array::ArrayLength,
+    array::ArraySize,
     ops::Invert,
     sec1::{FromEncodedPoint, ModulusSize, ToEncodedPoint},
     subtle::CtOption,
@@ -70,7 +70,7 @@ use x509_cert::{
 #[derive(Debug)]
 pub struct EcSigner<'ctx, C>
 where
-    C: PrimeCurve + CurveArithmetic,
+    C: PrimeCurve + CurveArithmetic + EcdsaCurve,
 {
     context: Mutex<&'ctx mut TransientKeyContext>,
     key_material: KeyMaterial,
@@ -80,7 +80,7 @@ where
 
 impl<'ctx, C> EcSigner<'ctx, C>
 where
-    C: PrimeCurve + CurveArithmetic,
+    C: PrimeCurve + CurveArithmetic + EcdsaCurve,
     C: AssociatedTpmCurve,
     FieldBytesSize<C>: ModulusSize,
     AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
@@ -106,7 +106,7 @@ where
 
 impl<C> EcSigner<'_, C>
 where
-    C: PrimeCurve + CurveArithmetic,
+    C: PrimeCurve + CurveArithmetic + EcdsaCurve,
     C: AssociatedTpmCurve,
 {
     /// Key parameters for this curve, selected digest is the one selected by DigestPrimitive
@@ -126,7 +126,7 @@ where
     /// The hashing algorithm `D` is the digest that will be used for signatures (SHA-256, SHA3-256, ...).
     pub fn key_params<D>() -> KeyParams
     where
-        D: FixedOutput<OutputSize = FieldBytesSize<C>>,
+        D: FixedOutput,
         D: AssociatedHashingAlgorithm,
     {
         KeyParams::Ecc {
@@ -139,9 +139,9 @@ where
 
 impl<C> AsRef<VerifyingKey<C>> for EcSigner<'_, C>
 where
-    C: PrimeCurve + CurveArithmetic,
-    Scalar<C>: Invert<Output = CtOption<Scalar<C>>> + SignPrimitive<C>,
-    SignatureSize<C>: ArrayLength<u8>,
+    C: PrimeCurve + CurveArithmetic + EcdsaCurve,
+    Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
+    SignatureSize<C>: ArraySize,
 {
     fn as_ref(&self) -> &VerifyingKey<C> {
         &self.verifying_key
@@ -150,21 +150,21 @@ where
 
 impl<C> KeypairRef for EcSigner<'_, C>
 where
-    C: PrimeCurve + CurveArithmetic,
-    Scalar<C>: Invert<Output = CtOption<Scalar<C>>> + SignPrimitive<C>,
-    SignatureSize<C>: ArrayLength<u8>,
+    C: PrimeCurve + CurveArithmetic + EcdsaCurve,
+    Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
+    SignatureSize<C>: ArraySize,
 {
     type VerifyingKey = VerifyingKey<C>;
 }
 
 impl<C, D> DigestSigner<D, Signature<C>> for EcSigner<'_, C>
 where
-    C: PrimeCurve + CurveArithmetic,
+    C: PrimeCurve + CurveArithmetic + EcdsaCurve,
     C: AssociatedTpmCurve,
-    D: Digest + FixedOutput<OutputSize = FieldBytesSize<C>>,
+    D: Digest + FixedOutput,
     D: AssociatedHashingAlgorithm,
-    Scalar<C>: Invert<Output = CtOption<Scalar<C>>> + SignPrimitive<C>,
-    SignatureSize<C>: ArrayLength<u8>,
+    Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
+    SignatureSize<C>: ArraySize,
     TpmDigest: From<Output<D>>,
 {
     fn try_sign_digest(&self, digest: D) -> Result<Signature<C>, SigError> {
@@ -195,16 +195,16 @@ where
 
 impl<C, D> DigestSigner<D, DerSignature<C>> for EcSigner<'_, C>
 where
-    C: PrimeCurve + CurveArithmetic,
+    C: PrimeCurve + CurveArithmetic + EcdsaCurve,
     C: AssociatedTpmCurve,
-    D: Digest + FixedOutput<OutputSize = FieldBytesSize<C>>,
+    D: Digest + FixedOutput,
     D: AssociatedHashingAlgorithm,
-    Scalar<C>: Invert<Output = CtOption<Scalar<C>>> + SignPrimitive<C>,
-    SignatureSize<C>: ArrayLength<u8>,
+    Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
+    SignatureSize<C>: ArraySize,
     TpmDigest: From<Output<D>>,
 
-    MaxSize<C>: ArrayLength<u8>,
-    <FieldBytesSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
+    MaxSize<C>: ArraySize,
+    <FieldBytesSize<C> as Add>::Output: Add<MaxOverhead> + ArraySize,
 {
     fn try_sign_digest(&self, digest: D) -> Result<DerSignature<C>, SigError> {
         let signature: Signature<_> = self.try_sign_digest(digest)?;
@@ -214,11 +214,11 @@ where
 
 impl<C> Signer<Signature<C>> for EcSigner<'_, C>
 where
-    C: PrimeCurve + CurveArithmetic + DigestPrimitive,
+    C: PrimeCurve + CurveArithmetic + EcdsaCurve + DigestPrimitive,
     C: AssociatedTpmCurve,
     <C as DigestPrimitive>::Digest: AssociatedHashingAlgorithm,
-    Scalar<C>: Invert<Output = CtOption<Scalar<C>>> + SignPrimitive<C>,
-    SignatureSize<C>: ArrayLength<u8>,
+    Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
+    SignatureSize<C>: ArraySize,
     TpmDigest: From<Output<<C as DigestPrimitive>::Digest>>,
 {
     fn try_sign(&self, msg: &[u8]) -> Result<Signature<C>, SigError> {
@@ -228,15 +228,15 @@ where
 
 impl<C> Signer<DerSignature<C>> for EcSigner<'_, C>
 where
-    C: PrimeCurve + CurveArithmetic + DigestPrimitive,
+    C: PrimeCurve + CurveArithmetic + EcdsaCurve + DigestPrimitive,
     C: AssociatedTpmCurve,
     <C as DigestPrimitive>::Digest: AssociatedHashingAlgorithm,
-    Scalar<C>: Invert<Output = CtOption<Scalar<C>>> + SignPrimitive<C>,
-    SignatureSize<C>: ArrayLength<u8>,
+    Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
+    SignatureSize<C>: ArraySize,
     TpmDigest: From<Output<<C as DigestPrimitive>::Digest>>,
 
-    MaxSize<C>: ArrayLength<u8>,
-    <FieldBytesSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
+    MaxSize<C>: ArraySize,
+    <FieldBytesSize<C> as Add>::Output: Add<MaxOverhead> + ArraySize,
 {
     fn try_sign(&self, msg: &[u8]) -> Result<DerSignature<C>, SigError> {
         self.try_sign_digest(C::Digest::new_with_prefix(msg))
@@ -245,9 +245,9 @@ where
 
 impl<C> SignatureAlgorithmIdentifier for EcSigner<'_, C>
 where
-    C: PrimeCurve + CurveArithmetic,
-    Scalar<C>: Invert<Output = CtOption<Scalar<C>>> + SignPrimitive<C>,
-    SignatureSize<C>: ArrayLength<u8>,
+    C: PrimeCurve + CurveArithmetic + EcdsaCurve,
+    Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
+    SignatureSize<C>: ArraySize,
     Signature<C>: AssociatedAlgorithmIdentifier<Params = AnyRef<'static>>,
 {
     type Params = AnyRef<'static>;

tss-esapi/src/structures/buffers.rs

@@ -124,8 +124,8 @@ pub mod data {
 pub mod digest {
     use crate::tss2_esys::TPMU_HA;
     use digest::{
+        array::Array,
         consts::{U20, U32, U48, U64},
-        generic_array::GenericArray,
         typenum::Unsigned,
     };
     use std::mem::size_of;
@@ -229,13 +229,13 @@ pub mod digest {
 
     macro_rules! impl_from_digest {
         ($($size:ty),+) => {
-            $(impl From<GenericArray<u8, $size>> for Digest {
-                fn from(value: GenericArray<u8, $size>) -> Self {
+            $(impl From<Array<u8, $size>> for Digest {
+                fn from(value: Array<u8, $size>) -> Self {
                     Digest(value.as_slice().to_vec().into())
                 }
             }
 
-            impl TryFrom<Digest> for GenericArray<u8, $size> {
+            impl TryFrom<Digest> for Array<u8, $size> {
                 type Error = Error;
 
                 fn try_from(value: Digest) -> Result<Self> {

tss-esapi/tests/integration_tests/abstraction_tests/transient_key_context_tests.rs

@@ -901,10 +901,10 @@ fn sign_csr() {
 
     let subject = Name::from_str("CN=tpm.example").expect("Parse common name");
     let signer = EcSigner::<NistP256>::new(&mut ctx, tpm_km, None).expect("Create a signer");
-    let builder = RequestBuilder::new(subject, &signer).expect("Create certificate request");
+    let builder = RequestBuilder::new(subject).expect("Create certificate request");
 
     let cert_req = builder
-        .build::<p256::ecdsa::DerSignature>()
+        .build::<_, p256::ecdsa::DerSignature>(&signer)
         .expect("Sign a CSR");
 
     println!(