rework feature set

This allows to bring the rustcrypto "base" and then limit the support to
only the type of keys or hash you need


Signed-off-by: Arthur Gautier <[email protected]>

Author: baloo

tss-esapi/Cargo.toml

@@ -34,7 +34,7 @@ regex = "1.3.9"
 zeroize = { version = "1.5.7", features = ["zeroize_derive"] }
 tss-esapi-sys = { path = "../tss-esapi-sys", version = "0.5.0" }
 x509-cert = { version = "0.2.0", optional = true }
-ecdsa = { version = "0.16.9", optional = true }
+ecdsa = { version = "0.16.9", features = ["der", "hazmat", "arithmetic", "verifying"], optional = true }
 elliptic-curve = { version = "0.13.8", optional = true, features = ["alloc", "pkcs8"] }
 p192 = { version = "0.13.0", optional = true }
 p224 = { version = "0.13.2", optional = true }
@@ -63,6 +63,7 @@ tss-esapi = { path = ".", features = [
     "integration-tests",
     "serde",
     "abstraction",
+    "rustcrypto-full",
 ] }
 x509-cert = { version = "0.2.0", features = ["builder"] }
 
@@ -72,5 +73,7 @@ semver = "1.0.7"
 [features]
 default = ["abstraction"]
 generate-bindings = ["tss-esapi-sys/generate-bindings"]
-abstraction = ["ecdsa", "elliptic-curve", "signature", "rsa", "x509-cert", "p192", "p224", "p256", "p384", "p521", "sha1", "sha2", "sha3", "sm2", "sm3"]
+abstraction = ["rustcrypto"]
 integration-tests = ["strum", "strum_macros"]
+rustcrypto = ["ecdsa", "elliptic-curve", "signature", "x509-cert"]
+rustcrypto-full = ["rustcrypto", "p192", "p224", "p256", "p384", "p521", "rsa", "sha1", "sha2", "sha3", "sm2", "sm3"]

tss-esapi/src/abstraction/hashing.rs

@@ -9,42 +9,42 @@ pub trait AssociatedHashingAlgorithm {
     const TPM_DIGEST: HashingAlgorithm;
 }
 
-#[cfg(feature = "sha1")]
+#[cfg(all(feature = "rustcrypto", feature = "sha1"))]
 impl AssociatedHashingAlgorithm for sha1::Sha1 {
     const TPM_DIGEST: HashingAlgorithm = HashingAlgorithm::Sha1;
 }
 
-#[cfg(feature = "sha2")]
+#[cfg(all(feature = "rustcrypto", feature = "sha2"))]
 impl AssociatedHashingAlgorithm for sha2::Sha256 {
     const TPM_DIGEST: HashingAlgorithm = HashingAlgorithm::Sha256;
 }
 
-#[cfg(feature = "sha2")]
+#[cfg(all(feature = "rustcrypto", feature = "sha2"))]
 impl AssociatedHashingAlgorithm for sha2::Sha384 {
     const TPM_DIGEST: HashingAlgorithm = HashingAlgorithm::Sha384;
 }
 
-#[cfg(feature = "sha2")]
+#[cfg(all(feature = "rustcrypto", feature = "sha2"))]
 impl AssociatedHashingAlgorithm for sha2::Sha512 {
     const TPM_DIGEST: HashingAlgorithm = HashingAlgorithm::Sha512;
 }
 
-#[cfg(feature = "sm3")]
+#[cfg(all(feature = "rustcrypto", feature = "sm3"))]
 impl AssociatedHashingAlgorithm for sm3::Sm3 {
     const TPM_DIGEST: HashingAlgorithm = HashingAlgorithm::Sm3_256;
 }
 
-#[cfg(feature = "sha3")]
+#[cfg(all(feature = "rustcrypto", feature = "sha3"))]
 impl AssociatedHashingAlgorithm for sha3::Sha3_256 {
     const TPM_DIGEST: HashingAlgorithm = HashingAlgorithm::Sha3_256;
 }
 
-#[cfg(feature = "sha3")]
+#[cfg(all(feature = "rustcrypto", feature = "sha3"))]
 impl AssociatedHashingAlgorithm for sha3::Sha3_384 {
     const TPM_DIGEST: HashingAlgorithm = HashingAlgorithm::Sha3_384;
 }
 
-#[cfg(feature = "sha3")]
+#[cfg(all(feature = "rustcrypto", feature = "sha3"))]
 impl AssociatedHashingAlgorithm for sha3::Sha3_512 {
     const TPM_DIGEST: HashingAlgorithm = HashingAlgorithm::Sha3_512;
 }

tss-esapi/src/abstraction/public.rs

@@ -18,9 +18,13 @@ use elliptic_curve::{
     FieldBytesSize,
     PublicKey,
 };
-use rsa::{pkcs8::EncodePublicKey, BigUint, RsaPublicKey};
+
+#[cfg(feature = "rustcrypto")]
 use x509_cert::spki::SubjectPublicKeyInfoOwned;
 
+#[cfg(all(feature = "rustcrypto", feature = "rsa"))]
+use rsa::{pkcs8::EncodePublicKey, BigUint, RsaPublicKey};
+
 /// Default exponent for RSA keys.
 // Also known as 0x10001
 const RSA_DEFAULT_EXP: u64 = 65537;
@@ -66,6 +70,7 @@ where
     }
 }
 
+#[cfg(all(feature = "rustcrypto", feature = "rsa"))]
 impl TryFrom<&Public> for RsaPublicKey {
     type Error = Error;
 
@@ -127,17 +132,17 @@ impl TryFrom<&Public> for SubjectPublicKeyInfoOwned {
                     };
                 }
 
-                #[cfg(feature = "p192")]
+                #[cfg(all(feature = "rustcrypto", feature = "p192"))]
                 read_key!(EccCurve::NistP192, p192::NistP192);
-                #[cfg(feature = "p224")]
+                #[cfg(all(feature = "rustcrypto", feature = "p224"))]
                 read_key!(EccCurve::NistP224, p224::NistP224);
-                #[cfg(feature = "p256")]
+                #[cfg(all(feature = "rustcrypto", feature = "p256"))]
                 read_key!(EccCurve::NistP256, p256::NistP256);
-                #[cfg(feature = "p384")]
+                #[cfg(all(feature = "rustcrypto", feature = "p384"))]
                 read_key!(EccCurve::NistP384, p384::NistP384);
-                #[cfg(feature = "p521")]
+                #[cfg(all(feature = "rustcrypto", feature = "p521"))]
                 read_key!(EccCurve::NistP521, p521::NistP521);
-                #[cfg(feature = "sm2")]
+                #[cfg(all(feature = "rustcrypto", feature = "sm2"))]
                 read_key!(EccCurve::Sm2P256, sm2::Sm2);
 
                 Err(Error::local_error(WrapperErrorKind::UnsupportedParam))
@@ -182,6 +187,7 @@ where
     }
 }
 
+#[cfg(all(feature = "rustcrypto", feature = "rsa"))]
 impl TryFrom<&TpmPublicKey> for RsaPublicKey {
     type Error = Error;
 
@@ -207,32 +213,32 @@ pub trait AssociatedTpmCurve {
     const TPM_CURVE: EccCurve;
 }
 
-#[cfg(feature = "p192")]
+#[cfg(all(feature = "rustcrypto", feature = "p192"))]
 impl AssociatedTpmCurve for p192::NistP192 {
     const TPM_CURVE: EccCurve = EccCurve::NistP192;
 }
 
-#[cfg(feature = "p224")]
+#[cfg(all(feature = "rustcrypto", feature = "p224"))]
 impl AssociatedTpmCurve for p224::NistP224 {
     const TPM_CURVE: EccCurve = EccCurve::NistP224;
 }
 
-#[cfg(feature = "p256")]
+#[cfg(all(feature = "rustcrypto", feature = "p256"))]
 impl AssociatedTpmCurve for p256::NistP256 {
     const TPM_CURVE: EccCurve = EccCurve::NistP256;
 }
 
-#[cfg(feature = "p384")]
+#[cfg(all(feature = "rustcrypto", feature = "p384"))]
 impl AssociatedTpmCurve for p384::NistP384 {
     const TPM_CURVE: EccCurve = EccCurve::NistP384;
 }
 
-#[cfg(feature = "p521")]
+#[cfg(all(feature = "rustcrypto", feature = "p521"))]
 impl AssociatedTpmCurve for p521::NistP521 {
     const TPM_CURVE: EccCurve = EccCurve::NistP521;
 }
 
-#[cfg(feature = "sm2")]
+#[cfg(all(feature = "rustcrypto", feature = "sm2"))]
 impl AssociatedTpmCurve for sm2::Sm2 {
     const TPM_CURVE: EccCurve = EccCurve::Sm2P256;
 }

tss-esapi/src/abstraction/signatures.rs

@@ -43,6 +43,7 @@ where
 
 // Note: this does not implement `TryFrom<RsaSignature>` because `RsaSignature` does not carry the
 // information whether the signatures was generated using PKCS#1v1.5 or PSS.
+#[cfg(all(feature = "rustcrypto", feature = "rsa"))]
 impl TryFrom<Signature> for rsa::pkcs1v15::Signature {
     type Error = Error;
 
@@ -58,6 +59,7 @@ impl TryFrom<Signature> for rsa::pkcs1v15::Signature {
 
 // Note: this does not implement `TryFrom<RsaSignature>` because `RsaSignature` does not carry the
 // information whether the signatures was generated using PKCS#1v1.5 or PSS.
+#[cfg(all(feature = "rustcrypto", feature = "rsa"))]
 impl TryFrom<Signature> for rsa::pss::Signature {
     type Error = Error;
 

tss-esapi/src/abstraction/transient/mod.rs

@@ -34,9 +34,13 @@ use std::convert::{AsMut, AsRef, TryFrom, TryInto};
 use zeroize::Zeroize;
 
 mod key_attestation;
+
+#[cfg(feature = "rustcrypto")]
 mod signer;
 
 pub use key_attestation::MakeCredParams;
+
+#[cfg(feature = "rustcrypto")]
 pub use signer::EcSigner;
 
 /// Parameters for the kinds of keys supported by the context