rework feature set

This allows to bring the rustcrypto "base" and then limit the support to
only the type of keys or hash you need


Signed-off-by: Arthur Gautier <[email protected]>

Author: baloo

tss-esapi/Cargo.toml

@@ -22,6 +22,7 @@ required-features = ["abstraction"]
 [dependencies]
 bitfield = "0.17.0"
 serde = { version = "1.0.115", features = [
+    "alloc",
     "derive",
 ], optional = true, default-features = false }
 malloced = "1.3.1"
@@ -34,7 +35,7 @@ regex = "1.3.9"
 zeroize = { version = "1.5.7", features = ["zeroize_derive"] }
 tss-esapi-sys = { path = "../tss-esapi-sys", version = "0.5.0" }
 x509-cert = { version = "0.2.0", optional = true }
-ecdsa = { version = "0.16.9", optional = true }
+ecdsa = { version = "0.16.9", features = ["der", "hazmat", "arithmetic", "verifying"], optional = true }
 elliptic-curve = { version = "0.13.8", optional = true, features = ["alloc", "pkcs8"] }
 p192 = { version = "0.13.0", optional = true }
 p224 = { version = "0.13.2", optional = true }
@@ -48,7 +49,7 @@ sha3 = { version = "0.10.8", optional = true }
 sm2 = { version = "0.13.3", optional = true }
 sm3 = { version = "0.4.2", optional = true }
 digest = "0.10.7"
-signature = { version = "2.2.0", optional = true}
+signature = { version = "2.2.0", features = ["std"], optional = true}
 cfg-if = "1.0.0"
 strum = { version = "0.26.3", optional = true }
 strum_macros = { version = "0.26.4", optional = true }
@@ -63,6 +64,7 @@ tss-esapi = { path = ".", features = [
     "integration-tests",
     "serde",
     "abstraction",
+    "rustcrypto-full",
 ] }
 x509-cert = { version = "0.2.0", features = ["builder"] }
 
@@ -72,5 +74,7 @@ semver = "1.0.7"
 [features]
 default = ["abstraction"]
 generate-bindings = ["tss-esapi-sys/generate-bindings"]
-abstraction = ["ecdsa", "elliptic-curve", "signature", "rsa", "x509-cert", "p192", "p224", "p256", "p384", "p521", "sha1", "sha2", "sha3", "sm2", "sm3"]
+abstraction = ["rustcrypto"]
 integration-tests = ["strum", "strum_macros"]
+rustcrypto = ["ecdsa", "elliptic-curve", "signature", "x509-cert"]
+rustcrypto-full = ["rustcrypto", "p192", "p224", "p256", "p384", "p521", "rsa", "sha1", "sha2", "sha3", "sm2", "sm3"]

tss-esapi/src/abstraction/hashing.rs

@@ -9,42 +9,42 @@ pub trait AssociatedHashingAlgorithm {
     const TPM_DIGEST: HashingAlgorithm;
 }
 
-#[cfg(feature = "sha1")]
+#[cfg(all(feature = "rustcrypto", feature = "sha1"))]
 impl AssociatedHashingAlgorithm for sha1::Sha1 {
     const TPM_DIGEST: HashingAlgorithm = HashingAlgorithm::Sha1;
 }
 
-#[cfg(feature = "sha2")]
+#[cfg(all(feature = "rustcrypto", feature = "sha2"))]
 impl AssociatedHashingAlgorithm for sha2::Sha256 {
     const TPM_DIGEST: HashingAlgorithm = HashingAlgorithm::Sha256;
 }
 
-#[cfg(feature = "sha2")]
+#[cfg(all(feature = "rustcrypto", feature = "sha2"))]
 impl AssociatedHashingAlgorithm for sha2::Sha384 {
     const TPM_DIGEST: HashingAlgorithm = HashingAlgorithm::Sha384;
 }
 
-#[cfg(feature = "sha2")]
+#[cfg(all(feature = "rustcrypto", feature = "sha2"))]
 impl AssociatedHashingAlgorithm for sha2::Sha512 {
     const TPM_DIGEST: HashingAlgorithm = HashingAlgorithm::Sha512;
 }
 
-#[cfg(feature = "sm3")]
+#[cfg(all(feature = "rustcrypto", feature = "sm3"))]
 impl AssociatedHashingAlgorithm for sm3::Sm3 {
     const TPM_DIGEST: HashingAlgorithm = HashingAlgorithm::Sm3_256;
 }
 
-#[cfg(feature = "sha3")]
+#[cfg(all(feature = "rustcrypto", feature = "sha3"))]
 impl AssociatedHashingAlgorithm for sha3::Sha3_256 {
     const TPM_DIGEST: HashingAlgorithm = HashingAlgorithm::Sha3_256;
 }
 
-#[cfg(feature = "sha3")]
+#[cfg(all(feature = "rustcrypto", feature = "sha3"))]
 impl AssociatedHashingAlgorithm for sha3::Sha3_384 {
     const TPM_DIGEST: HashingAlgorithm = HashingAlgorithm::Sha3_384;
 }
 
-#[cfg(feature = "sha3")]
+#[cfg(all(feature = "rustcrypto", feature = "sha3"))]
 impl AssociatedHashingAlgorithm for sha3::Sha3_512 {
     const TPM_DIGEST: HashingAlgorithm = HashingAlgorithm::Sha3_512;
 }

tss-esapi/src/abstraction/public.rs

@@ -2,7 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 
 use crate::interface_types::ecc::EccCurve;
-use crate::structures::{Public, RsaExponent};
+use crate::structures::Public;
 use crate::utils::PublicKey as TpmPublicKey;
 use crate::{Error, WrapperErrorKind};
 
@@ -18,11 +18,19 @@ use elliptic_curve::{
     FieldBytesSize,
     PublicKey,
 };
-use rsa::{pkcs8::EncodePublicKey, BigUint, RsaPublicKey};
+
+#[cfg(feature = "rustcrypto")]
 use x509_cert::spki::SubjectPublicKeyInfoOwned;
 
+#[cfg(all(feature = "rustcrypto", feature = "rsa"))]
+use {
+    crate::structures::RsaExponent,
+    rsa::{pkcs8::EncodePublicKey, BigUint, RsaPublicKey},
+};
+
 /// Default exponent for RSA keys.
 // Also known as 0x10001
+#[cfg(all(feature = "rustcrypto", feature = "rsa"))]
 const RSA_DEFAULT_EXP: u64 = 65537;
 
 impl<C> TryFrom<&Public> for PublicKey<C>
@@ -66,6 +74,7 @@ where
     }
 }
 
+#[cfg(all(feature = "rustcrypto", feature = "rsa"))]
 impl TryFrom<&Public> for RsaPublicKey {
     type Error = Error;
 
@@ -102,6 +111,7 @@ impl TryFrom<&Public> for SubjectPublicKeyInfoOwned {
     /// * if other instances of [`crate::structures::Public`] are used `UnsupportedParam` will be returned.
     fn try_from(value: &Public) -> Result<Self, Self::Error> {
         match value {
+            #[cfg(all(feature = "rustcrypto", feature = "rsa"))]
             Public::Rsa { .. } => {
                 let public_key = RsaPublicKey::try_from(value)?;
 
@@ -127,17 +137,17 @@ impl TryFrom<&Public> for SubjectPublicKeyInfoOwned {
                     };
                 }
 
-                #[cfg(feature = "p192")]
+                #[cfg(all(feature = "rustcrypto", feature = "p192"))]
                 read_key!(EccCurve::NistP192, p192::NistP192);
-                #[cfg(feature = "p224")]
+                #[cfg(all(feature = "rustcrypto", feature = "p224"))]
                 read_key!(EccCurve::NistP224, p224::NistP224);
-                #[cfg(feature = "p256")]
+                #[cfg(all(feature = "rustcrypto", feature = "p256"))]
                 read_key!(EccCurve::NistP256, p256::NistP256);
-                #[cfg(feature = "p384")]
+                #[cfg(all(feature = "rustcrypto", feature = "p384"))]
                 read_key!(EccCurve::NistP384, p384::NistP384);
-                #[cfg(feature = "p521")]
+                #[cfg(all(feature = "rustcrypto", feature = "p521"))]
                 read_key!(EccCurve::NistP521, p521::NistP521);
-                #[cfg(feature = "sm2")]
+                #[cfg(all(feature = "rustcrypto", feature = "sm2"))]
                 read_key!(EccCurve::Sm2P256, sm2::Sm2);
 
                 Err(Error::local_error(WrapperErrorKind::UnsupportedParam))
@@ -182,6 +192,7 @@ where
     }
 }
 
+#[cfg(all(feature = "rustcrypto", feature = "rsa"))]
 impl TryFrom<&TpmPublicKey> for RsaPublicKey {
     type Error = Error;
 
@@ -207,32 +218,32 @@ pub trait AssociatedTpmCurve {
     const TPM_CURVE: EccCurve;
 }
 
-#[cfg(feature = "p192")]
+#[cfg(all(feature = "rustcrypto", feature = "p192"))]
 impl AssociatedTpmCurve for p192::NistP192 {
     const TPM_CURVE: EccCurve = EccCurve::NistP192;
 }
 
-#[cfg(feature = "p224")]
+#[cfg(all(feature = "rustcrypto", feature = "p224"))]
 impl AssociatedTpmCurve for p224::NistP224 {
     const TPM_CURVE: EccCurve = EccCurve::NistP224;
 }
 
-#[cfg(feature = "p256")]
+#[cfg(all(feature = "rustcrypto", feature = "p256"))]
 impl AssociatedTpmCurve for p256::NistP256 {
     const TPM_CURVE: EccCurve = EccCurve::NistP256;
 }
 
-#[cfg(feature = "p384")]
+#[cfg(all(feature = "rustcrypto", feature = "p384"))]
 impl AssociatedTpmCurve for p384::NistP384 {
     const TPM_CURVE: EccCurve = EccCurve::NistP384;
 }
 
-#[cfg(feature = "p521")]
+#[cfg(all(feature = "rustcrypto", feature = "p521"))]
 impl AssociatedTpmCurve for p521::NistP521 {
     const TPM_CURVE: EccCurve = EccCurve::NistP521;
 }
 
-#[cfg(feature = "sm2")]
+#[cfg(all(feature = "rustcrypto", feature = "sm2"))]
 impl AssociatedTpmCurve for sm2::Sm2 {
     const TPM_CURVE: EccCurve = EccCurve::Sm2P256;
 }

tss-esapi/src/abstraction/signatures.rs

@@ -1,10 +1,7 @@
 // Copyright 2024 Contributors to the Parsec project.
 // SPDX-License-Identifier: Apache-2.0
 
-use crate::{
-    structures::{EccSignature, Signature},
-    Error, Result, WrapperErrorKind,
-};
+use crate::{structures::EccSignature, Error, Result, WrapperErrorKind};
 
 use std::convert::TryFrom;
 
@@ -14,6 +11,9 @@ use elliptic_curve::{
     FieldBytes, FieldBytesSize, PrimeCurve,
 };
 
+#[cfg(all(feature = "rustcrypto", feature = "rsa"))]
+use crate::structures::Signature;
+
 impl<C> TryFrom<EccSignature> for ecdsa::Signature<C>
 where
     C: PrimeCurve,
@@ -43,6 +43,7 @@ where
 
 // Note: this does not implement `TryFrom<RsaSignature>` because `RsaSignature` does not carry the
 // information whether the signatures was generated using PKCS#1v1.5 or PSS.
+#[cfg(all(feature = "rustcrypto", feature = "rsa"))]
 impl TryFrom<Signature> for rsa::pkcs1v15::Signature {
     type Error = Error;
 
@@ -58,6 +59,7 @@ impl TryFrom<Signature> for rsa::pkcs1v15::Signature {
 
 // Note: this does not implement `TryFrom<RsaSignature>` because `RsaSignature` does not carry the
 // information whether the signatures was generated using PKCS#1v1.5 or PSS.
+#[cfg(all(feature = "rustcrypto", feature = "rsa"))]
 impl TryFrom<Signature> for rsa::pss::Signature {
     type Error = Error;
 

tss-esapi/src/abstraction/transient/mod.rs

@@ -34,9 +34,13 @@ use std::convert::{AsMut, AsRef, TryFrom, TryInto};
 use zeroize::Zeroize;
 
 mod key_attestation;
+
+#[cfg(feature = "rustcrypto")]
 mod signer;
 
 pub use key_attestation::MakeCredParams;
+
+#[cfg(feature = "rustcrypto")]
 pub use signer::EcSigner;
 
 /// Parameters for the kinds of keys supported by the context