Skip to content

Commit

Permalink
build(deps): update tss-esapi requirement from 6.1 to 7.4
Browse files Browse the repository at this point in the history
Updates the requirements on [tss-esapi](https://github.com/parallaxsecond/rust-tss-esapi) to permit the latest version.
- [Changelog](https://github.com/parallaxsecond/rust-tss-esapi/blob/tss-esapi-7.4.0/CHANGELOG.md)
- [Commits](parallaxsecond/rust-tss-esapi@tss-esapi-6.1.0...tss-esapi-7.4.0)

---
updated-dependencies:
- dependency-name: tss-esapi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
[sabin: Adjusted callsites to work with
	a4dbdc7 ("Creates native rust type for TPM2B_PUBLIC.")]
Signed-off-by: Sabin Râpan <[email protected]>
  • Loading branch information
dependabot[bot] authored and eugkoira committed Apr 10, 2024
1 parent d3bc1c8 commit d46776c
Show file tree
Hide file tree
Showing 3 changed files with 59 additions and 30 deletions.
2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ serde_repr = "0.1"
serde_bytes = { version = "0.11", features = ["std"] }
serde_with = { version = "3.3" }
openssl = { version = "0.10", optional = true }
tss-esapi = { version = "6.1", optional = true }
tss-esapi = { version = "7.4", optional = true }
aws-config = { version = "0.56", optional = true }
aws-sdk-kms = { version = "0.31", optional = true }
tokio = { version = "1.20", features = ["rt", "macros"], optional = true }
Expand Down
62 changes: 40 additions & 22 deletions src/crypto/tpm.rs
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
//! TPM implementation for cryptography
use std::{cell::RefCell, convert::TryInto};
use std::{
cell::RefCell,
convert::{TryFrom, TryInto},
};

use tss_esapi::{
constants::{
Expand All @@ -9,8 +12,8 @@ use tss_esapi::{
},
handles::KeyHandle,
interface_types::algorithm::HashingAlgorithm,
structures::{Digest, EccParameter, EccSignature, Signature},
tss2_esys::{TPMT_PUBLIC, TPMT_SIG_SCHEME, TPMT_TK_HASHCHECK},
utils::{AsymSchemeUnion, Signature, SignatureData},
Context, Error as tpm_error,
};

Expand Down Expand Up @@ -94,8 +97,7 @@ impl TpmKey {
let (key_public, _, _) = context
.read_public(key_handle)
.map_err(CoseError::TpmError)?;
let (parameters, hash_alg, key_length) =
TpmKey::public_to_parameters(key_public.publicArea)?;
let (parameters, hash_alg, key_length) = TpmKey::public_to_parameters(key_public.into())?;

Ok(TpmKey {
context: RefCell::new(context),
Expand All @@ -117,21 +119,32 @@ impl SigningPublicKey for TpmKey {
// Recover the R and S factors from the signature contained in the object
let (bytes_r, bytes_s) = signature.split_at(self.key_length);

let signature = Signature {
scheme: AsymSchemeUnion::ECDSA(self.hash_alg),
signature: SignatureData::EcdsaSignature {
r: bytes_r.to_vec(),
s: bytes_s.to_vec(),
},
};

let data = data.try_into().map_err(|_| {
let signature = Signature::EcDsa(
EccSignature::create(
self.hash_alg,
EccParameter::try_from(bytes_r.to_vec()).map_err(|_| {
CoseError::UnsupportedError(
"Unable to convert R signature component".to_string(),
)
})?,
EccParameter::try_from(bytes_s.to_vec()).map_err(|_| {
CoseError::UnsupportedError(
"Unable to convert S signature component".to_string(),
)
})?,
)
.map_err(|_| {
CoseError::UnsupportedError("Unable to create ECC signature".to_string())
})?,
);

let data = Digest::try_from(data).map_err(|_| {
CoseError::UnsupportedError("Invalid digest passed to verify".to_string())
})?;

let mut context = self.context.borrow_mut();

match context.verify_signature(self.key_handle, &data, signature) {
match context.verify_signature(self.key_handle, data, signature) {
Ok(_) => Ok(true),
Err(tpm_error::Tss2Error(Tss2ResponseCode::FormatOne(FormatOneResponseCode(
TSS2_RC_SIGNATURE,
Expand All @@ -153,8 +166,7 @@ impl SigningPrivateKey for TpmKey {
digest: Default::default(),
};

let data = data
.try_into()
let data = Digest::try_from(data)
.map_err(|_| CoseError::UnsupportedError("Tried to sign invalid data".to_string()))?;

let signature = {
Expand All @@ -163,17 +175,23 @@ impl SigningPrivateKey for TpmKey {
context
.sign(
self.key_handle,
&data,
scheme,
data,
scheme.try_into().map_err(|_| {
CoseError::UnsupportedError(
"Unable to convert signature scheme".to_string(),
)
})?,
validation.try_into().expect("Unable to convert validation"),
)
.map_err(CoseError::TpmError)?
};

match &signature.signature {
SignatureData::EcdsaSignature { r, s } => {
Ok(super::merge_ec_signature(r, s, self.key_length))
}
match &signature {
Signature::EcDsa(sig) => Ok(super::merge_ec_signature(
sig.signature_r(),
sig.signature_s(),
self.key_length,
)),
_ => Err(CoseError::UnsupportedError(
"Unsupported signature data returned".to_string(),
)),
Expand Down
25 changes: 18 additions & 7 deletions src/sign.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1165,10 +1165,11 @@ mod tests {
attributes::SessionAttributesBuilder,
constants::SessionType,
interface_types::{
algorithm::HashingAlgorithm, ecc::EccCurve, resource_handles::Hierarchy,
algorithm::EccSchemeAlgorithm, algorithm::HashingAlgorithm, ecc::EccCurve,
resource_handles::Hierarchy,
},
structures::SymmetricDefinition,
utils::{create_unrestricted_signing_ecc_public, AsymSchemeUnion},
structures::{EccScheme, SymmetricDefinition},
utils::create_unrestricted_signing_ecc_public,
Context, Tcti,
};

Expand Down Expand Up @@ -1199,8 +1200,13 @@ mod tests {
let prim_key = tpm_context
.create_primary(
Hierarchy::Owner,
&create_unrestricted_signing_ecc_public(
AsymSchemeUnion::ECDSA(HashingAlgorithm::Sha256),
create_unrestricted_signing_ecc_public(
EccScheme::create(
EccSchemeAlgorithm::EcDsa,
Some(HashingAlgorithm::Sha256),
None,
)
.expect("Error creating ECC scheme"),
EccCurve::NistP256,
)
.expect("Error creating TPM2B_PUBLIC"),
Expand Down Expand Up @@ -1257,8 +1263,13 @@ mod tests {
let prim_key = tpm_context
.create_primary(
Hierarchy::Owner,
&create_unrestricted_signing_ecc_public(
AsymSchemeUnion::ECDSA(HashingAlgorithm::Sha256),
create_unrestricted_signing_ecc_public(
EccScheme::create(
EccSchemeAlgorithm::EcDsa,
Some(HashingAlgorithm::Sha256),
None,
)
.expect("Error creating ECC scheme"),
EccCurve::NistP256,
)
.expect("Error creating TPM2B_PUBLIC"),
Expand Down

0 comments on commit d46776c

Please sign in to comment.