From d46776c8d0e9491fe9c283cc6140331e9e9e83f5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Oct 2023 15:51:39 +0000 Subject: [PATCH] build(deps): update tss-esapi requirement from 6.1 to 7.4 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates the requirements on [tss-esapi](https://github.com/parallaxsecond/rust-tss-esapi) to permit the latest version. - [Changelog](https://github.com/parallaxsecond/rust-tss-esapi/blob/tss-esapi-7.4.0/CHANGELOG.md) - [Commits](https://github.com/parallaxsecond/rust-tss-esapi/compare/tss-esapi-6.1.0...tss-esapi-7.4.0) --- updated-dependencies: - dependency-name: tss-esapi dependency-type: direct:production ... Signed-off-by: dependabot[bot] [sabin: Adjusted callsites to work with a4dbdc7 ("Creates native rust type for TPM2B_PUBLIC.")] Signed-off-by: Sabin RĂ¢pan --- Cargo.toml | 2 +- src/crypto/tpm.rs | 62 ++++++++++++++++++++++++++++++----------------- src/sign.rs | 25 +++++++++++++------ 3 files changed, 59 insertions(+), 30 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index b284a9b..8f6de33 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -16,7 +16,7 @@ serde_repr = "0.1" serde_bytes = { version = "0.11", features = ["std"] } serde_with = { version = "3.3" } openssl = { version = "0.10", optional = true } -tss-esapi = { version = "6.1", optional = true } +tss-esapi = { version = "7.4", optional = true } aws-config = { version = "0.56", optional = true } aws-sdk-kms = { version = "0.31", optional = true } tokio = { version = "1.20", features = ["rt", "macros"], optional = true } diff --git a/src/crypto/tpm.rs b/src/crypto/tpm.rs index 856baf2..d238fc0 100644 --- a/src/crypto/tpm.rs +++ b/src/crypto/tpm.rs @@ -1,6 +1,9 @@ //! TPM implementation for cryptography -use std::{cell::RefCell, convert::TryInto}; +use std::{ + cell::RefCell, + convert::{TryFrom, TryInto}, +}; use tss_esapi::{ constants::{ @@ -9,8 +12,8 @@ use tss_esapi::{ }, handles::KeyHandle, interface_types::algorithm::HashingAlgorithm, + structures::{Digest, EccParameter, EccSignature, Signature}, tss2_esys::{TPMT_PUBLIC, TPMT_SIG_SCHEME, TPMT_TK_HASHCHECK}, - utils::{AsymSchemeUnion, Signature, SignatureData}, Context, Error as tpm_error, }; @@ -94,8 +97,7 @@ impl TpmKey { let (key_public, _, _) = context .read_public(key_handle) .map_err(CoseError::TpmError)?; - let (parameters, hash_alg, key_length) = - TpmKey::public_to_parameters(key_public.publicArea)?; + let (parameters, hash_alg, key_length) = TpmKey::public_to_parameters(key_public.into())?; Ok(TpmKey { context: RefCell::new(context), @@ -117,21 +119,32 @@ impl SigningPublicKey for TpmKey { // Recover the R and S factors from the signature contained in the object let (bytes_r, bytes_s) = signature.split_at(self.key_length); - let signature = Signature { - scheme: AsymSchemeUnion::ECDSA(self.hash_alg), - signature: SignatureData::EcdsaSignature { - r: bytes_r.to_vec(), - s: bytes_s.to_vec(), - }, - }; - - let data = data.try_into().map_err(|_| { + let signature = Signature::EcDsa( + EccSignature::create( + self.hash_alg, + EccParameter::try_from(bytes_r.to_vec()).map_err(|_| { + CoseError::UnsupportedError( + "Unable to convert R signature component".to_string(), + ) + })?, + EccParameter::try_from(bytes_s.to_vec()).map_err(|_| { + CoseError::UnsupportedError( + "Unable to convert S signature component".to_string(), + ) + })?, + ) + .map_err(|_| { + CoseError::UnsupportedError("Unable to create ECC signature".to_string()) + })?, + ); + + let data = Digest::try_from(data).map_err(|_| { CoseError::UnsupportedError("Invalid digest passed to verify".to_string()) })?; let mut context = self.context.borrow_mut(); - match context.verify_signature(self.key_handle, &data, signature) { + match context.verify_signature(self.key_handle, data, signature) { Ok(_) => Ok(true), Err(tpm_error::Tss2Error(Tss2ResponseCode::FormatOne(FormatOneResponseCode( TSS2_RC_SIGNATURE, @@ -153,8 +166,7 @@ impl SigningPrivateKey for TpmKey { digest: Default::default(), }; - let data = data - .try_into() + let data = Digest::try_from(data) .map_err(|_| CoseError::UnsupportedError("Tried to sign invalid data".to_string()))?; let signature = { @@ -163,17 +175,23 @@ impl SigningPrivateKey for TpmKey { context .sign( self.key_handle, - &data, - scheme, + data, + scheme.try_into().map_err(|_| { + CoseError::UnsupportedError( + "Unable to convert signature scheme".to_string(), + ) + })?, validation.try_into().expect("Unable to convert validation"), ) .map_err(CoseError::TpmError)? }; - match &signature.signature { - SignatureData::EcdsaSignature { r, s } => { - Ok(super::merge_ec_signature(r, s, self.key_length)) - } + match &signature { + Signature::EcDsa(sig) => Ok(super::merge_ec_signature( + sig.signature_r(), + sig.signature_s(), + self.key_length, + )), _ => Err(CoseError::UnsupportedError( "Unsupported signature data returned".to_string(), )), diff --git a/src/sign.rs b/src/sign.rs index 335e592..5c52d19 100644 --- a/src/sign.rs +++ b/src/sign.rs @@ -1165,10 +1165,11 @@ mod tests { attributes::SessionAttributesBuilder, constants::SessionType, interface_types::{ - algorithm::HashingAlgorithm, ecc::EccCurve, resource_handles::Hierarchy, + algorithm::EccSchemeAlgorithm, algorithm::HashingAlgorithm, ecc::EccCurve, + resource_handles::Hierarchy, }, - structures::SymmetricDefinition, - utils::{create_unrestricted_signing_ecc_public, AsymSchemeUnion}, + structures::{EccScheme, SymmetricDefinition}, + utils::create_unrestricted_signing_ecc_public, Context, Tcti, }; @@ -1199,8 +1200,13 @@ mod tests { let prim_key = tpm_context .create_primary( Hierarchy::Owner, - &create_unrestricted_signing_ecc_public( - AsymSchemeUnion::ECDSA(HashingAlgorithm::Sha256), + create_unrestricted_signing_ecc_public( + EccScheme::create( + EccSchemeAlgorithm::EcDsa, + Some(HashingAlgorithm::Sha256), + None, + ) + .expect("Error creating ECC scheme"), EccCurve::NistP256, ) .expect("Error creating TPM2B_PUBLIC"), @@ -1257,8 +1263,13 @@ mod tests { let prim_key = tpm_context .create_primary( Hierarchy::Owner, - &create_unrestricted_signing_ecc_public( - AsymSchemeUnion::ECDSA(HashingAlgorithm::Sha256), + create_unrestricted_signing_ecc_public( + EccScheme::create( + EccSchemeAlgorithm::EcDsa, + Some(HashingAlgorithm::Sha256), + None, + ) + .expect("Error creating ECC scheme"), EccCurve::NistP256, ) .expect("Error creating TPM2B_PUBLIC"),