bump rustcrypto dependencies to pre-release

Signed-off-by: Arthur Gautier <[email protected]>

Author: baloo

Cargo.toml

@@ -1,3 +1,10 @@
 [workspace]
 resolver = "2"
 members = ["tss-esapi", "tss-esapi-sys"]
+
+[patch.crates-io]
+p192 = { git = "https://github.com/RustCrypto/elliptic-curves.git" }
+p224 = { git = "https://github.com/RustCrypto/elliptic-curves.git" }
+sm2 = { git = "https://github.com/RustCrypto/elliptic-curves.git" }
+
+rsa = { git = "https://github.com/RustCrypto/RSA.git" }

tss-esapi/Cargo.toml

@@ -34,23 +34,23 @@ hostname-validator = "1.1.0"
 regex = "1.3.9"
 zeroize = { version = "1.5.7", features = ["zeroize_derive"] }
 tss-esapi-sys = { path = "../tss-esapi-sys", version = "0.5.0" }
-x509-cert = { version = "0.2.0", optional = true }
-ecdsa = { version = "0.16.9", features = ["der", "hazmat", "arithmetic", "verifying"], optional = true }
-elliptic-curve = { version = "0.13.8", optional = true, features = ["alloc", "pkcs8"] }
-p192 = { version = "0.13.0", optional = true }
-p224 = { version = "0.13.2", optional = true }
-p256 = { version = "0.13.2", optional = true }
-p384 = { version = "0.13.0", optional = true }
-p521 = { version = "0.13.3", optional = true }
-pkcs8 = { version = "0.10.2", optional = true }
-rsa = { version = "0.9", optional = true }
-sha1 = { version = "0.10.6", optional = true }
-sha2 = { version = "0.10.8", optional = true }
-sha3 = { version = "0.10.8", optional = true }
-sm2 = { version = "0.13.3", optional = true }
-sm3 = { version = "0.4.2", optional = true }
-digest = { version = "0.10.7", optional = true }
-signature = { version = "2.2.0", features = ["std"], optional = true}
+x509-cert = { version = "0.3.0-pre.0", optional = true }
+ecdsa = { version = "0.17.0-pre.9", features = ["der", "hazmat", "arithmetic", "verifying"], optional = true }
+elliptic-curve = { version = "0.14.0-rc.1", optional = true, features = ["alloc", "pkcs8"] }
+p192 = { version = "0.14.0-pre", optional = true }
+p224 = { version = "0.14.0-pre", optional = true }
+p256 = { version = "0.14.0-pre.2", optional = true }
+p384 = { version = "0.14.0-pre.2", optional = true }
+p521 = { version = "0.14.0-pre.2", optional = true }
+pkcs8 = { version = "0.11.0-rc.1", optional = true }
+rsa = { version = "0.10.0-pre.3", optional = true }
+sha1 = { version = "0.11.0-pre.4", optional = true }
+sha2 = { version = "0.11.0-pre.4", optional = true }
+sha3 = { version = "0.11.0-pre.4", optional = true }
+sm2 = { version = "0.14.0-pre", optional = true }
+sm3 = { version = "0.5.0-pre.4", optional = true }
+digest = { version = "0.11.0-pre.9", optional = true }
+signature = { version = "2.3.0-pre.4", features = ["std"], optional = true}
 cfg-if = "1.0.0"
 strum = { version = "0.26.3", optional = true }
 strum_macros = { version = "0.26.4", optional = true }
@@ -60,14 +60,14 @@ getrandom = "0.2.11"
 [dev-dependencies]
 env_logger = "0.11.5"
 serde_json = "^1.0.108"
-sha2 = { version = "0.10.8", features = ["oid"] }
+sha2 = { version = "0.11.0-pre.4", features = ["oid"] }
 tss-esapi = { path = ".", features = [
     "integration-tests",
     "serde",
     "abstraction",
     "rustcrypto-full",
 ] }
-x509-cert = { version = "0.2.0", features = ["builder"] }
+x509-cert = { version = "0.3.0-pre.0", features = ["builder"] }
 
 [build-dependencies]
 semver = "1.0.7"
@@ -80,3 +80,4 @@ integration-tests = ["strum", "strum_macros"]
 
 rustcrypto = ["digest", "ecdsa", "elliptic-curve", "pkcs8", "signature", "x509-cert"]
 rustcrypto-full = ["rustcrypto", "p192", "p224", "p256", "p384", "p521", "rsa", "sha1", "sha2", "sha3", "sm2", "sm3"]
+

tss-esapi/src/abstraction/public.rs

@@ -8,7 +8,7 @@ use crate::{Error, WrapperErrorKind};
 
 use core::convert::TryFrom;
 use elliptic_curve::{
-    generic_array::typenum::Unsigned,
+    array::typenum::Unsigned,
     sec1::{EncodedPoint, FromEncodedPoint, ModulusSize, ToEncodedPoint},
     AffinePoint, CurveArithmetic, FieldBytesSize, PublicKey,
 };
@@ -18,7 +18,7 @@ use x509_cert::spki::SubjectPublicKeyInfoOwned;
 #[cfg(feature = "rsa")]
 use {
     crate::structures::RsaExponent,
-    rsa::{BigUint, RsaPublicKey},
+    rsa::{BoxedUint, RsaPublicKey},
 };
 
 #[cfg(any(
@@ -57,15 +57,13 @@ where
                 let x = unique.x().as_bytes();
                 let y = unique.y().as_bytes();
 
-                if x.len() != FieldBytesSize::<C>::USIZE {
-                    return Err(Error::local_error(WrapperErrorKind::InvalidParam));
-                }
-                if y.len() != FieldBytesSize::<C>::USIZE {
-                    return Err(Error::local_error(WrapperErrorKind::InvalidParam));
-                }
-
-                let encoded_point =
-                    EncodedPoint::<C>::from_affine_coordinates(x.into(), y.into(), false);
+                let encoded_point = EncodedPoint::<C>::from_affine_coordinates(
+                    x.try_into()
+                        .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?,
+                    y.try_into()
+                        .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?,
+                    false,
+                );
                 let public_key = PublicKey::<C>::try_from(&encoded_point)
                     .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?;
 
@@ -86,10 +84,11 @@ impl TryFrom<&Public> for RsaPublicKey {
                 unique, parameters, ..
             } => {
                 let exponent = match parameters.exponent() {
-                    RsaExponent::ZERO_EXPONENT => BigUint::from(RSA_DEFAULT_EXP),
-                    _ => BigUint::from(parameters.exponent().value()),
+                    RsaExponent::ZERO_EXPONENT => BoxedUint::from(RSA_DEFAULT_EXP),
+                    _ => BoxedUint::from(parameters.exponent().value()),
                 };
-                let modulus = BigUint::from_bytes_be(unique.as_bytes());
+                let modulus = BoxedUint::from_be_slice(unique.as_bytes(), 8192)
+                    .map_err(|_| Error::local_error(WrapperErrorKind::WrongParamSize))?;
 
                 let public_key = RsaPublicKey::new(modulus, exponent)
                     .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?;
@@ -173,17 +172,21 @@ where
                 let x = x.as_slice();
                 let y = y.as_slice();
 
-                // TODO: When elliptic_curve bumps to 0.14, we can use the TryFrom implementation instead
-                // of checking lengths manually
                 if x.len() != FieldBytesSize::<C>::USIZE {
                     return Err(Error::local_error(WrapperErrorKind::InvalidParam));
                 }
                 if y.len() != FieldBytesSize::<C>::USIZE {
                     return Err(Error::local_error(WrapperErrorKind::InvalidParam));
                 }
 
-                let encoded_point =
-                    EncodedPoint::<C>::from_affine_coordinates(x.into(), y.into(), false);
+                let encoded_point = EncodedPoint::<C>::from_affine_coordinates(
+                    x.try_into()
+                        .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?,
+                    y.try_into()
+                        .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?,
+                    false,
+                );
+
                 let public_key = PublicKey::<C>::try_from(&encoded_point)
                     .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?;
 
@@ -201,8 +204,9 @@ impl TryFrom<&TpmPublicKey> for RsaPublicKey {
     fn try_from(value: &TpmPublicKey) -> Result<Self, Self::Error> {
         match value {
             TpmPublicKey::Rsa(modulus) => {
-                let exponent = BigUint::from(RSA_DEFAULT_EXP);
-                let modulus = BigUint::from_bytes_be(modulus.as_slice());
+                let exponent = BoxedUint::from(RSA_DEFAULT_EXP);
+                let modulus = BoxedUint::from_be_slice(modulus.as_slice(), 8192)
+                    .map_err(|_| Error::local_error(WrapperErrorKind::WrongParamSize))?;
 
                 let public_key = RsaPublicKey::new(modulus, exponent)
                     .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?;

tss-esapi/src/abstraction/signatures.rs

@@ -5,9 +5,9 @@ use crate::{structures::EccSignature, Error, Result, WrapperErrorKind};
 
 use std::convert::TryFrom;
 
-use ecdsa::SignatureSize;
+use ecdsa::{EcdsaCurve, SignatureSize};
 use elliptic_curve::{
-    generic_array::{typenum::Unsigned, ArrayLength},
+    array::{typenum::Unsigned, ArraySize},
     FieldBytes, FieldBytesSize, PrimeCurve,
 };
 
@@ -16,8 +16,8 @@ use crate::structures::Signature;
 
 impl<C> TryFrom<EccSignature> for ecdsa::Signature<C>
 where
-    C: PrimeCurve,
-    SignatureSize<C>: ArrayLength<u8>,
+    C: PrimeCurve + EcdsaCurve,
+    SignatureSize<C>: ArraySize,
 {
     type Error = Error;
 
@@ -33,8 +33,12 @@ where
         }
 
         let signature = ecdsa::Signature::from_scalars(
-            FieldBytes::<C>::from_slice(r).clone(),
-            FieldBytes::<C>::from_slice(s).clone(),
+            FieldBytes::<C>::try_from(r)
+                .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?
+                .clone(),
+            FieldBytes::<C>::try_from(s)
+                .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?
+                .clone(),
         )
         .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?;
         Ok(signature)

tss-esapi/src/abstraction/signer.rs

@@ -24,11 +24,11 @@ use std::{convert::TryFrom, ops::Add, sync::Mutex};
 use digest::{Digest, FixedOutput, Output};
 use ecdsa::{
     der::{MaxOverhead, MaxSize, Signature as DerSignature},
-    hazmat::{DigestPrimitive, SignPrimitive},
-    Signature, SignatureSize, VerifyingKey,
+    hazmat::DigestPrimitive,
+    EcdsaCurve, Signature, SignatureSize, VerifyingKey,
 };
 use elliptic_curve::{
-    generic_array::ArrayLength,
+    array::ArraySize,
     ops::Invert,
     sec1::{FromEncodedPoint, ModulusSize, ToEncodedPoint},
     subtle::CtOption,
@@ -139,15 +139,15 @@ impl TpmSigner
 #[derive(Debug)]
 pub struct EcSigner<C, Ctx>
 where
-    C: PrimeCurve + CurveArithmetic,
+    C: PrimeCurve + CurveArithmetic + EcdsaCurve,
 {
     context: Ctx,
     verifying_key: VerifyingKey<C>,
 }
 
 impl<C, Ctx> EcSigner<C, Ctx>
 where
-    C: PrimeCurve + CurveArithmetic,
+    C: PrimeCurve + CurveArithmetic + EcdsaCurve,
     C: AssociatedTpmCurve,
     FieldBytesSize<C>: ModulusSize,
     AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
@@ -179,14 +179,14 @@ where
 
 impl<C, Ctx> EcSigner<C, Ctx>
 where
-    C: PrimeCurve + CurveArithmetic,
+    C: PrimeCurve + CurveArithmetic + EcdsaCurve,
     C: AssociatedTpmCurve,
 {
     /// Key parameters for this curve, selected digest is the one selected by DigestPrimitive
     pub fn key_params_default() -> KeyParams
     where
         C: DigestPrimitive,
-        <C as DigestPrimitive>::Digest: FixedOutput<OutputSize = FieldBytesSize<C>>,
+        <C as DigestPrimitive>::Digest: FixedOutput,
         <C as DigestPrimitive>::Digest: AssociatedHashingAlgorithm,
     {
         Self::key_params::<<C as DigestPrimitive>::Digest>()
@@ -199,7 +199,7 @@ where
     /// The hashing algorithm `D` is the digest that will be used for signatures (SHA-256, SHA3-256, ...).
     pub fn key_params<D>() -> KeyParams
     where
-        D: FixedOutput<OutputSize = FieldBytesSize<C>>,
+        D: FixedOutput,
         D: AssociatedHashingAlgorithm,
     {
         KeyParams::Ecc {
@@ -212,9 +212,9 @@ where
 
 impl<C, Ctx> AsRef<VerifyingKey<C>> for EcSigner<C, Ctx>
 where
-    C: PrimeCurve + CurveArithmetic,
-    Scalar<C>: Invert<Output = CtOption<Scalar<C>>> + SignPrimitive<C>,
-    SignatureSize<C>: ArrayLength<u8>,
+    C: PrimeCurve + CurveArithmetic + EcdsaCurve,
+    Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
+    SignatureSize<C>: ArraySize,
 {
     fn as_ref(&self) -> &VerifyingKey<C> {
         &self.verifying_key
@@ -223,21 +223,21 @@ where
 
 impl<C, Ctx> KeypairRef for EcSigner<C, Ctx>
 where
-    C: PrimeCurve + CurveArithmetic,
-    Scalar<C>: Invert<Output = CtOption<Scalar<C>>> + SignPrimitive<C>,
-    SignatureSize<C>: ArrayLength<u8>,
+    C: PrimeCurve + CurveArithmetic + EcdsaCurve,
+    Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
+    SignatureSize<C>: ArraySize,
 {
     type VerifyingKey = VerifyingKey<C>;
 }
 
 impl<C, Ctx, D> DigestSigner<D, Signature<C>> for EcSigner<C, Ctx>
 where
-    C: PrimeCurve + CurveArithmetic,
+    C: PrimeCurve + CurveArithmetic + EcdsaCurve,
     C: AssociatedTpmCurve,
-    D: Digest + FixedOutput<OutputSize = FieldBytesSize<C>>,
+    D: Digest + FixedOutput,
     D: AssociatedHashingAlgorithm,
-    Scalar<C>: Invert<Output = CtOption<Scalar<C>>> + SignPrimitive<C>,
-    SignatureSize<C>: ArrayLength<u8>,
+    Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
+    SignatureSize<C>: ArraySize,
     TpmDigest: From<Output<D>>,
     Ctx: TpmSigner,
 {
@@ -261,16 +261,16 @@ where
 
 impl<C, Ctx, D> DigestSigner<D, DerSignature<C>> for EcSigner<C, Ctx>
 where
-    C: PrimeCurve + CurveArithmetic,
+    C: PrimeCurve + CurveArithmetic + EcdsaCurve,
     C: AssociatedTpmCurve,
-    D: Digest + FixedOutput<OutputSize = FieldBytesSize<C>>,
+    D: Digest + FixedOutput,
     D: AssociatedHashingAlgorithm,
-    Scalar<C>: Invert<Output = CtOption<Scalar<C>>> + SignPrimitive<C>,
-    SignatureSize<C>: ArrayLength<u8>,
+    Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
+    SignatureSize<C>: ArraySize,
     TpmDigest: From<Output<D>>,
 
-    MaxSize<C>: ArrayLength<u8>,
-    <FieldBytesSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
+    MaxSize<C>: ArraySize,
+    <FieldBytesSize<C> as Add>::Output: Add<MaxOverhead> + ArraySize,
 
     Ctx: TpmSigner,
 {
@@ -282,11 +282,11 @@ where
 
 impl<C, Ctx> Signer<Signature<C>> for EcSigner<C, Ctx>
 where
-    C: PrimeCurve + CurveArithmetic + DigestPrimitive,
+    C: PrimeCurve + CurveArithmetic + EcdsaCurve + DigestPrimitive,
     C: AssociatedTpmCurve,
     <C as DigestPrimitive>::Digest: AssociatedHashingAlgorithm,
-    Scalar<C>: Invert<Output = CtOption<Scalar<C>>> + SignPrimitive<C>,
-    SignatureSize<C>: ArrayLength<u8>,
+    Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
+    SignatureSize<C>: ArraySize,
     TpmDigest: From<Output<<C as DigestPrimitive>::Digest>>,
 
     Ctx: TpmSigner,
@@ -298,15 +298,15 @@ where
 
 impl<C, Ctx> Signer<DerSignature<C>> for EcSigner<C, Ctx>
 where
-    C: PrimeCurve + CurveArithmetic + DigestPrimitive,
+    C: PrimeCurve + CurveArithmetic + EcdsaCurve + DigestPrimitive,
     C: AssociatedTpmCurve,
     <C as DigestPrimitive>::Digest: AssociatedHashingAlgorithm,
-    Scalar<C>: Invert<Output = CtOption<Scalar<C>>> + SignPrimitive<C>,
-    SignatureSize<C>: ArrayLength<u8>,
+    Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
+    SignatureSize<C>: ArraySize,
     TpmDigest: From<Output<<C as DigestPrimitive>::Digest>>,
 
-    MaxSize<C>: ArrayLength<u8>,
-    <FieldBytesSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
+    MaxSize<C>: ArraySize,
+    <FieldBytesSize<C> as Add>::Output: Add<MaxOverhead> + ArraySize,
 
     Ctx: TpmSigner,
 {
@@ -317,9 +317,9 @@ where
 
 impl<C, Ctx> SignatureAlgorithmIdentifier for EcSigner<C, Ctx>
 where
-    C: PrimeCurve + CurveArithmetic,
-    Scalar<C>: Invert<Output = CtOption<Scalar<C>>> + SignPrimitive<C>,
-    SignatureSize<C>: ArrayLength<u8>,
+    C: PrimeCurve + CurveArithmetic + EcdsaCurve,
+    Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
+    SignatureSize<C>: ArraySize,
     Signature<C>: AssociatedAlgorithmIdentifier<Params = AnyRef<'static>>,
 {
     type Params = AnyRef<'static>;