Merge pull request #537 from baloo/baloo/rust-crypto/signer-interface

adds a `signature::Signer` interface
parallaxsecond · Feb 28, 2025 · cca3717 · cca3717
2 parents b25394f + 2cc63f4
commit cca3717
Show file tree

Hide file tree

Showing 12 changed files with 1,299 additions and 151 deletions.
diff --git a/tss-esapi/Cargo.toml b/tss-esapi/Cargo.toml
@@ -22,6 +22,7 @@ required-features = ["abstraction"]
 [dependencies]
 bitfield = "0.17.0"
 serde = { version = "1.0.115", features = [
+    "alloc",
     "derive",
 ], optional = true, default-features = false }
 malloced = "1.3.1"
@@ -33,9 +34,23 @@ hostname-validator = "1.1.0"
 regex = "1.3.9"
 zeroize = { version = "1.5.7", features = ["zeroize_derive"] }
 tss-esapi-sys = { path = "../tss-esapi-sys", version = "0.5.0" }
-oid = { version = "0.2.1", optional = true }
-picky-asn1 = { version = "0.9.0", optional = true }
-picky-asn1-x509 = { version = "0.13.0", optional = true }
+x509-cert = { version = "0.2.0", optional = true }
+ecdsa = { version = "0.16.9", features = ["der", "hazmat", "arithmetic", "verifying"], optional = true }
+elliptic-curve = { version = "0.13.8", optional = true, features = ["alloc", "pkcs8"] }
+p192 = { version = "0.13.0", optional = true }
+p224 = { version = "0.13.2", optional = true }
+p256 = { version = "0.13.2", optional = true }
+p384 = { version = "0.13.0", optional = true }
+p521 = { version = "0.13.3", optional = true }
+pkcs8 = { version = "0.10.2", optional = true }
+rsa = { version = "0.9", optional = true }
+sha1 = { version = "0.10.6", optional = true }
+sha2 = { version = "0.10.8", optional = true }
+sha3 = { version = "0.10.8", optional = true }
+sm2 = { version = "0.13.3", optional = true }
+sm3 = { version = "0.4.2", optional = true }
+digest = { version = "0.10.7", optional = true }
+signature = { version = "2.2.0", features = ["std"], optional = true}
 cfg-if = "1.0.0"
 strum = { version = "0.26.3", optional = true }
 strum_macros = { version = "0.26.4", optional = true }
@@ -44,20 +59,24 @@ getrandom = "0.2.11"
 
 [dev-dependencies]
 env_logger = "0.11.5"
-sha2 = "0.10.1"
 serde_json = "^1.0.108"
+sha2 = { version = "0.10.8", features = ["oid"] }
 tss-esapi = { path = ".", features = [
     "integration-tests",
     "serde",
     "abstraction",
+    "rustcrypto-full",
 ] }
-
+x509-cert = { version = "0.2.0", features = ["builder"] }
 
 [build-dependencies]
 semver = "1.0.7"
 
 [features]
 default = ["abstraction"]
 generate-bindings = ["tss-esapi-sys/generate-bindings"]
-abstraction = ["oid", "picky-asn1", "picky-asn1-x509"]
+abstraction = ["rustcrypto"]
 integration-tests = ["strum", "strum_macros"]
+
+rustcrypto = ["digest", "ecdsa", "elliptic-curve", "pkcs8", "signature", "x509-cert"]
+rustcrypto-full = ["rustcrypto", "p192", "p224", "p256", "p384", "p521", "rsa", "sha1", "sha2", "sha3", "sm2", "sm3"]
diff --git a/tss-esapi/README.md b/tss-esapi/README.md
@@ -28,6 +28,9 @@ The crate currently offers the following features:
   on top of the basic Rust-native ESAPI API provided by the crate. This feature
   can be turned off to reduce the number of dependencies built.
 * `serde` - enable serde `Serialize`/`Deserialize` traits for types. 
+* `rustcrypto-full` (disabled by default) - provides conversion from all
+  supported elliptic curves, rsa or hashes.
+  Support for individual hash, rsa or curves can be pulled individually.
 
 ## Cross compiling
 

diff --git a/tss-esapi/src/abstraction/hashing.rs b/tss-esapi/src/abstraction/hashing.rs
@@ -0,0 +1,50 @@
+// Copyright 2024 Contributors to the Parsec project.
+// SPDX-License-Identifier: Apache-2.0
+
+use crate::interface_types::algorithm::HashingAlgorithm;
+
+/// Provides the value of the digest used in this crate for the digest.
+pub trait AssociatedHashingAlgorithm {
+    /// Value of the digest when interacting with the TPM.
+    const TPM_DIGEST: HashingAlgorithm;
+}
+
+#[cfg(feature = "sha1")]
+impl AssociatedHashingAlgorithm for sha1::Sha1 {
+    const TPM_DIGEST: HashingAlgorithm = HashingAlgorithm::Sha1;
+}
+
+#[cfg(feature = "sha2")]
+impl AssociatedHashingAlgorithm for sha2::Sha256 {
+    const TPM_DIGEST: HashingAlgorithm = HashingAlgorithm::Sha256;
+}
+
+#[cfg(feature = "sha2")]
+impl AssociatedHashingAlgorithm for sha2::Sha384 {
+    const TPM_DIGEST: HashingAlgorithm = HashingAlgorithm::Sha384;
+}
+
+#[cfg(feature = "sha2")]
+impl AssociatedHashingAlgorithm for sha2::Sha512 {
+    const TPM_DIGEST: HashingAlgorithm = HashingAlgorithm::Sha512;
+}
+
+#[cfg(feature = "sm3")]
+impl AssociatedHashingAlgorithm for sm3::Sm3 {
+    const TPM_DIGEST: HashingAlgorithm = HashingAlgorithm::Sm3_256;
+}
+
+#[cfg(feature = "sha3")]
+impl AssociatedHashingAlgorithm for sha3::Sha3_256 {
+    const TPM_DIGEST: HashingAlgorithm = HashingAlgorithm::Sha3_256;
+}
+
+#[cfg(feature = "sha3")]
+impl AssociatedHashingAlgorithm for sha3::Sha3_384 {
+    const TPM_DIGEST: HashingAlgorithm = HashingAlgorithm::Sha3_384;
+}
+
+#[cfg(feature = "sha3")]
+impl AssociatedHashingAlgorithm for sha3::Sha3_512 {
+    const TPM_DIGEST: HashingAlgorithm = HashingAlgorithm::Sha3_512;
+}
diff --git a/tss-esapi/src/abstraction/mod.rs b/tss-esapi/src/abstraction/mod.rs
@@ -9,6 +9,14 @@ pub mod pcr;
 pub mod public;
 pub mod transient;
 
+mod hashing;
+mod signatures;
+mod signer;
+pub use hashing::AssociatedHashingAlgorithm;
+pub use signer::EcSigner;
+#[cfg(feature = "rsa")]
+pub use signer::{RsaPkcsSigner, RsaPssSigner};
+
 use std::convert::TryFrom;
 
 use crate::{