bump rustcrypto dependencies to pre-release

Signed-off-by: Arthur Gautier <[email protected]>

Author: baloo

Cargo.toml

@@ -1,3 +1,29 @@
 [workspace]
 resolver = "2"
 members = ["tss-esapi", "tss-esapi-sys"]
+
+[patch.crates-io]
+p192 = { git = "https://github.com/baloo/elliptic-curves.git", branch = "baloo/group/try-from-rng" }
+p224 = { git = "https://github.com/baloo/elliptic-curves.git", branch = "baloo/group/try-from-rng" }
+p256 = { git = "https://github.com/baloo/elliptic-curves.git", branch = "baloo/group/try-from-rng" }
+p384 = { git = "https://github.com/baloo/elliptic-curves.git", branch = "baloo/group/try-from-rng" }
+p521 = { git = "https://github.com/baloo/elliptic-curves.git", branch = "baloo/group/try-from-rng" }
+sm2  = { git = "https://github.com/baloo/elliptic-curves.git", branch = "baloo/group/try-from-rng" }
+
+rsa = { git = "https://github.com/RustCrypto/RSA.git" }
+crypto-bigint = { git = "https://github.com/RustCrypto/crypto-bigint.git" }
+crypto-primes = { git = "https://github.com/entropyxyz/crypto-primes.git" }
+
+ecdsa   = { git = "https://github.com/RustCrypto/signatures.git" }
+rfc6979 = { git = "https://github.com/RustCrypto/signatures.git" }
+
+x509-cert = { git = "https://github.com/baloo/formats.git", branch = "baloo/reunite-workspace" }
+
+elliptic-curve = { git = "https://github.com/RustCrypto/traits.git" }
+signature      = { git = "https://github.com/RustCrypto/traits.git" }
+
+hmac = { git = "https://github.com/RustCrypto/MACs.git" }
+
+ff = { git = "https://github.com/zkcrypto/ff.git", branch = "release-0.14.0" }
+group = { git = "https://github.com/baloo/group.git", branch = "baloo/try_from_rng" }
+

tss-esapi/Cargo.toml

@@ -34,40 +34,40 @@ hostname-validator = "1.1.0"
 regex = "1.3.9"
 zeroize = { version = "1.5.7", features = ["zeroize_derive"] }
 tss-esapi-sys = { path = "../tss-esapi-sys", version = "0.5.0" }
-x509-cert = { version = "0.2.0", optional = true }
-ecdsa = { version = "0.16.9", features = ["der", "hazmat", "arithmetic", "verifying"], optional = true }
-elliptic-curve = { version = "0.13.8", optional = true, features = ["alloc", "pkcs8"] }
-p192 = { version = "0.13.0", optional = true }
-p224 = { version = "0.13.2", optional = true }
-p256 = { version = "0.13.2", optional = true }
-p384 = { version = "0.13.0", optional = true }
-p521 = { version = "0.13.3", optional = true }
-pkcs8 = { version = "0.10.2", optional = true }
-rsa = { version = "0.9", optional = true }
-sha1 = { version = "0.10.6", optional = true }
-sha2 = { version = "0.10.8", optional = true }
-sha3 = { version = "0.10.8", optional = true }
-sm2 = { version = "0.13.3", optional = true }
-sm3 = { version = "0.4.2", optional = true }
-digest = { version = "0.10.7", optional = true }
-signature = { version = "2.2.0", features = ["std"], optional = true}
+x509-cert = { version = "0.3.0-pre.0", optional = true }
+ecdsa = { version = "0.17.0-pre.9", features = ["der", "hazmat", "arithmetic", "verifying"], optional = true }
+elliptic-curve = { version = "0.14.0-rc.1", optional = true, features = ["alloc", "pkcs8"] }
+p192 = { version = "0.14.0-pre", optional = true }
+p224 = { version = "0.14.0-pre", optional = true }
+p256 = { version = "0.14.0-pre.2", optional = true }
+p384 = { version = "0.14.0-pre.2", optional = true }
+p521 = { version = "0.14.0-pre.2", optional = true }
+pkcs8 = { version = "0.11.0-rc.1", optional = true }
+rsa = { version = "0.10.0-pre.4", optional = true }
+sha1 = { version = "0.11.0-pre.5", optional = true }
+sha2 = { version = "0.11.0-pre.5", optional = true }
+sha3 = { version = "0.11.0-pre.5", optional = true }
+sm2 = { version = "0.14.0-pre", optional = true }
+sm3 = { version = "0.5.0-pre.4", optional = true }
+digest = { version = "0.11.0-pre.9", optional = true }
+signature = { version = "2.3.0-pre.4", features = ["std"], optional = true}
 cfg-if = "1.0.0"
 strum = { version = "0.26.3", optional = true }
 strum_macros = { version = "0.26.4", optional = true }
 paste = "1.0.14"
-getrandom = "0.2.11"
+getrandom = "0.3"
 
 [dev-dependencies]
 env_logger = "0.11.5"
 serde_json = "^1.0.108"
-sha2 = { version = "0.10.8", features = ["oid"] }
+sha2 = { version = "0.11.0-pre.4", features = ["oid"] }
 tss-esapi = { path = ".", features = [
     "integration-tests",
     "serde",
     "abstraction",
     "rustcrypto-full",
 ] }
-x509-cert = { version = "0.2.0", features = ["builder"] }
+x509-cert = { version = "0.3.0-pre.0", features = ["builder"] }
 
 [build-dependencies]
 semver = "1.0.7"

tss-esapi/src/abstraction/no_tpm/quote.rs

@@ -13,13 +13,10 @@ use digest::{Digest, DynDigest};
 #[cfg(any(feature = "p224", feature = "p256", feature = "p384"))]
 use crate::{abstraction::public::AssociatedTpmCurve, structures::EccSignature};
 #[cfg(any(feature = "p224", feature = "p256", feature = "p384"))]
-use ecdsa::{
-    hazmat::{DigestPrimitive, VerifyPrimitive},
-    PrimeCurve, SignatureSize, VerifyingKey,
-};
+use ecdsa::{hazmat::DigestPrimitive, PrimeCurve, SignatureSize, VerifyingKey};
 #[cfg(any(feature = "p224", feature = "p256", feature = "p384"))]
 use elliptic_curve::{
-    generic_array::ArrayLength,
+    array::ArraySize,
     point::AffinePoint,
     sec1::{FromEncodedPoint, ModulusSize, ToEncodedPoint},
     CurveArithmetic, FieldBytesSize,
@@ -41,8 +38,8 @@ fn verify_ecdsa<C>(
 ) -> Result<bool>
 where
     C: PrimeCurve + CurveArithmetic + DigestPrimitive + AssociatedTpmCurve,
-    AffinePoint<C>: VerifyPrimitive<C> + FromEncodedPoint<C> + ToEncodedPoint<C>,
-    SignatureSize<C>: ArrayLength<u8>,
+    AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
+    SignatureSize<C>: ArraySize,
     FieldBytesSize<C>: ModulusSize,
 {
     let Ok(signature) = ecdsa::Signature::<C>::try_from(signature.clone()) else {

tss-esapi/src/abstraction/public.rs

@@ -8,7 +8,7 @@ use crate::{Error, WrapperErrorKind};
 
 use core::convert::TryFrom;
 use elliptic_curve::{
-    generic_array::typenum::Unsigned,
+    array::typenum::Unsigned,
     sec1::{EncodedPoint, FromEncodedPoint, ModulusSize, ToEncodedPoint},
     AffinePoint, CurveArithmetic, FieldBytesSize, PublicKey,
 };
@@ -18,7 +18,7 @@ use x509_cert::spki::SubjectPublicKeyInfoOwned;
 #[cfg(feature = "rsa")]
 use {
     crate::structures::RsaExponent,
-    rsa::{BigUint, RsaPublicKey},
+    rsa::{BoxedUint, RsaPublicKey},
 };
 
 #[cfg(any(
@@ -57,15 +57,13 @@ where
                 let x = unique.x().as_bytes();
                 let y = unique.y().as_bytes();
 
-                if x.len() != FieldBytesSize::<C>::USIZE {
-                    return Err(Error::local_error(WrapperErrorKind::InvalidParam));
-                }
-                if y.len() != FieldBytesSize::<C>::USIZE {
-                    return Err(Error::local_error(WrapperErrorKind::InvalidParam));
-                }
-
-                let encoded_point =
-                    EncodedPoint::<C>::from_affine_coordinates(x.into(), y.into(), false);
+                let encoded_point = EncodedPoint::<C>::from_affine_coordinates(
+                    x.try_into()
+                        .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?,
+                    y.try_into()
+                        .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?,
+                    false,
+                );
                 let public_key = PublicKey::<C>::try_from(&encoded_point)
                     .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?;
 
@@ -86,10 +84,11 @@ impl TryFrom<&Public> for RsaPublicKey {
                 unique, parameters, ..
             } => {
                 let exponent = match parameters.exponent() {
-                    RsaExponent::ZERO_EXPONENT => BigUint::from(RSA_DEFAULT_EXP),
-                    _ => BigUint::from(parameters.exponent().value()),
+                    RsaExponent::ZERO_EXPONENT => BoxedUint::from(RSA_DEFAULT_EXP),
+                    _ => BoxedUint::from(parameters.exponent().value()),
                 };
-                let modulus = BigUint::from_bytes_be(unique.as_bytes());
+                let modulus = BoxedUint::from_be_slice(unique.as_bytes(), 8192)
+                    .map_err(|_| Error::local_error(WrapperErrorKind::WrongParamSize))?;
 
                 let public_key = RsaPublicKey::new(modulus, exponent)
                     .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?;
@@ -173,17 +172,21 @@ where
                 let x = x.as_slice();
                 let y = y.as_slice();
 
-                // TODO: When elliptic_curve bumps to 0.14, we can use the TryFrom implementation instead
-                // of checking lengths manually
                 if x.len() != FieldBytesSize::<C>::USIZE {
                     return Err(Error::local_error(WrapperErrorKind::InvalidParam));
                 }
                 if y.len() != FieldBytesSize::<C>::USIZE {
                     return Err(Error::local_error(WrapperErrorKind::InvalidParam));
                 }
 
-                let encoded_point =
-                    EncodedPoint::<C>::from_affine_coordinates(x.into(), y.into(), false);
+                let encoded_point = EncodedPoint::<C>::from_affine_coordinates(
+                    x.try_into()
+                        .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?,
+                    y.try_into()
+                        .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?,
+                    false,
+                );
+
                 let public_key = PublicKey::<C>::try_from(&encoded_point)
                     .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?;
 
@@ -201,8 +204,9 @@ impl TryFrom<&TpmPublicKey> for RsaPublicKey {
     fn try_from(value: &TpmPublicKey) -> Result<Self, Self::Error> {
         match value {
             TpmPublicKey::Rsa(modulus) => {
-                let exponent = BigUint::from(RSA_DEFAULT_EXP);
-                let modulus = BigUint::from_bytes_be(modulus.as_slice());
+                let exponent = BoxedUint::from(RSA_DEFAULT_EXP);
+                let modulus = BoxedUint::from_be_slice(modulus.as_slice(), 8192)
+                    .map_err(|_| Error::local_error(WrapperErrorKind::WrongParamSize))?;
 
                 let public_key = RsaPublicKey::new(modulus, exponent)
                     .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?;

tss-esapi/src/abstraction/signatures.rs

@@ -5,9 +5,9 @@ use crate::{structures::EccSignature, Error, Result, WrapperErrorKind};
 
 use std::convert::TryFrom;
 
-use ecdsa::SignatureSize;
+use ecdsa::{EcdsaCurve, SignatureSize};
 use elliptic_curve::{
-    generic_array::{typenum::Unsigned, ArrayLength},
+    array::{typenum::Unsigned, ArraySize},
     FieldBytes, FieldBytesSize, PrimeCurve,
 };
 
@@ -16,8 +16,8 @@ use crate::structures::Signature;
 
 impl<C> TryFrom<EccSignature> for ecdsa::Signature<C>
 where
-    C: PrimeCurve,
-    SignatureSize<C>: ArrayLength<u8>,
+    C: PrimeCurve + EcdsaCurve,
+    SignatureSize<C>: ArraySize,
 {
     type Error = Error;
 
@@ -33,8 +33,12 @@ where
         }
 
         let signature = ecdsa::Signature::from_scalars(
-            FieldBytes::<C>::from_slice(r).clone(),
-            FieldBytes::<C>::from_slice(s).clone(),
+            FieldBytes::<C>::try_from(r)
+                .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?
+                .clone(),
+            FieldBytes::<C>::try_from(s)
+                .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?
+                .clone(),
         )
         .map_err(|_| Error::local_error(WrapperErrorKind::InvalidParam))?;
         Ok(signature)