tss-esapi 4.0.8-alpha.1

Wrapper around TSS 2.0 Enhanced System API
Documentation 
// Copyright 2020 Contributors to the Parsec project.
// SPDX-License-Identifier: Apache-2.0
use std::convert::TryFrom;
use tss_esapi::constants::{
    algorithm::{EllipticCurve, HashingAlgorithm},
    response_code::Tss2ResponseCodeKind,
};
use tss_esapi::{Error, WrapperErrorKind as ErrorKind};

use tss_esapi::structures::{Auth, Digest, PublicKeyRSA};
use tss_esapi::utils::{AsymSchemeUnion, PublicKey, Signature, SignatureData};
use tss_esapi::Tcti;
use tss_esapi::{
    abstraction::transient::{KeyParams, TransientKeyContextBuilder},
    TransientKeyContext,
};

const HASH: [u8; 32] = [
    0x69, 0x3E, 0xDB, 0x1B, 0x22, 0x79, 0x03, 0xF4, 0xC0, 0xBF, 0xD6, 0x91, 0x76, 0x37, 0x84, 0xA2,
    0x94, 0x8E, 0x92, 0x50, 0x35, 0xC2, 0x8C, 0x5C, 0x3C, 0xCA, 0xFE, 0x18, 0xE8, 0x81, 0x37, 0x78,
];

fn create_ctx() -> TransientKeyContext {
    unsafe {
        TransientKeyContextBuilder::new()
            .with_tcti(Tcti::Mssim(Default::default()))
            .build()
            .unwrap()
    }
}

#[test]
fn wrong_key_sizes() {
    assert_eq!(
        unsafe {
            TransientKeyContextBuilder::new()
                .with_tcti(Tcti::Mssim(Default::default()))
                .with_root_key_size(1023)
                .build()
                .unwrap_err()
        },
        Error::WrapperError(ErrorKind::WrongParamSize)
    );
    assert_eq!(
        unsafe {
            TransientKeyContextBuilder::new()
                .with_tcti(Tcti::Mssim(Default::default()))
                .with_root_key_size(1025)
                .build()
                .unwrap_err()
        },
        Error::WrapperError(ErrorKind::WrongParamSize)
    );
    assert_eq!(
        unsafe {
            TransientKeyContextBuilder::new()
                .with_tcti(Tcti::Mssim(Default::default()))
                .with_root_key_size(2047)
                .build()
                .unwrap_err()
        },
        Error::WrapperError(ErrorKind::WrongParamSize)
    );
    assert_eq!(
        unsafe {
            TransientKeyContextBuilder::new()
                .with_tcti(Tcti::Mssim(Default::default()))
                .with_root_key_size(2049)
                .build()
                .unwrap_err()
        },
        Error::WrapperError(ErrorKind::WrongParamSize)
    );
}

#[test]
fn wrong_auth_size() {
    assert_eq!(
        unsafe {
            TransientKeyContextBuilder::new()
                .with_tcti(Tcti::Mssim(Default::default()))
                .with_root_key_auth_size(33)
                .build()
                .unwrap_err()
        },
        Error::WrapperError(ErrorKind::WrongParamSize)
    );
}

#[test]
fn load_bad_sized_key() {
    let mut ctx = create_ctx();
    assert_eq!(
        ctx.load_external_rsa_public_key(&[0xDE, 0xAD, 0xBE, 0xEF])
            .unwrap_err(),
        Error::WrapperError(ErrorKind::WrongParamSize)
    );
}

#[test]
fn verify() {
    let pub_key = vec![
        0x96, 0xDC, 0x72, 0x77, 0x49, 0x82, 0xFD, 0x2D, 0x06, 0x65, 0x8C, 0xE5, 0x3A, 0xCD, 0xED,
        0xBD, 0x50, 0xD7, 0x6F, 0x3B, 0xE5, 0x6A, 0x76, 0xED, 0x3E, 0xD8, 0xF9, 0x93, 0x40, 0x55,
        0x86, 0x6F, 0xBE, 0x76, 0x60, 0xD2, 0x03, 0x23, 0x59, 0x19, 0x8D, 0xFC, 0x51, 0x6A, 0x95,
        0xC8, 0x5D, 0x5A, 0x89, 0x4D, 0xE5, 0xEA, 0x44, 0x78, 0x29, 0x62, 0xDB, 0x3F, 0xF0, 0xF7,
        0x49, 0x15, 0xA5, 0xAE, 0x6D, 0x81, 0x8F, 0x06, 0x7B, 0x0B, 0x50, 0x7A, 0x2F, 0xEB, 0x00,
        0xB6, 0x12, 0xF3, 0x10, 0xAF, 0x4D, 0x4A, 0xA9, 0xD9, 0x81, 0xBB, 0x1E, 0x2B, 0xDF, 0xB9,
        0x33, 0x3D, 0xD6, 0xB7, 0x8D, 0x23, 0x7C, 0x7F, 0xE7, 0x12, 0x48, 0x4F, 0x26, 0x73, 0xAF,
        0x63, 0x51, 0xA9, 0xDB, 0xA4, 0xAB, 0xB7, 0x27, 0x00, 0xD7, 0x1C, 0xFC, 0x2F, 0x61, 0x2A,
        0xB9, 0x5B, 0x66, 0xA0, 0xE0, 0xD8, 0xF3, 0xD9,
    ];

    // "Les carottes sont cuites." hashed with SHA256
    let digest = Digest::try_from(vec![
        0x02, 0x2b, 0x26, 0xb1, 0xc3, 0x18, 0xdb, 0x73, 0x36, 0xef, 0x6f, 0x50, 0x9c, 0x35, 0xdd,
        0xaa, 0xe1, 0x3d, 0x21, 0xdf, 0x83, 0x68, 0x0f, 0x48, 0xae, 0x5d, 0x8a, 0x5d, 0x37, 0x3c,
        0xc1, 0x05,
    ])
    .unwrap();

    let signature = Signature {
        scheme: AsymSchemeUnion::RSASSA(HashingAlgorithm::Sha256),
        signature: SignatureData::RsaSignature(vec![
            0x8c, 0xf8, 0x87, 0x3a, 0xb2, 0x9a, 0x18, 0xf9, 0xe0, 0x2e, 0xb9, 0x2d, 0xe7, 0xc8,
            0x32, 0x12, 0xd6, 0xd9, 0x2d, 0x98, 0xec, 0x9e, 0x47, 0xb7, 0x5b, 0x26, 0x86, 0x9d,
            0xf5, 0xa2, 0x6b, 0x8b, 0x6f, 0x00, 0xd3, 0xbb, 0x68, 0x88, 0xe1, 0xad, 0xcf, 0x1c,
            0x09, 0x81, 0x91, 0xbf, 0xee, 0xce, 0x4f, 0xb5, 0x83, 0x3c, 0xf5, 0xb0, 0xfa, 0x68,
            0x69, 0xde, 0x7b, 0xe8, 0x49, 0x69, 0x40, 0xad, 0x90, 0xf1, 0x7f, 0x31, 0xf2, 0x75,
            0x4e, 0x1c, 0x52, 0x92, 0x72, 0x2e, 0x0b, 0x06, 0xe7, 0x32, 0xb4, 0x5e, 0x82, 0x8b,
            0x39, 0x72, 0x24, 0x5f, 0xee, 0x17, 0xae, 0x2d, 0x77, 0x53, 0xff, 0x1a, 0xad, 0x12,
            0x83, 0x4f, 0xb5, 0x52, 0x92, 0x6e, 0xda, 0xb2, 0x55, 0x77, 0xa7, 0x58, 0xcc, 0x10,
            0xa6, 0x7f, 0xc5, 0x26, 0x4e, 0x5b, 0x75, 0x9d, 0x83, 0x05, 0x9f, 0x99, 0xde, 0xc6,
            0xf5, 0x12,
        ]),
    };

    let mut ctx = create_ctx();
    let pub_key = ctx.load_external_rsa_public_key(&pub_key).unwrap();
    let _ = ctx
        .verify_signature(pub_key, digest, signature)
        .expect("the signature should be valid");
}

#[test]
fn sign_with_bad_auth() {
    let mut ctx = create_ctx();
    let (key, key_auth) = ctx
        .create_key(
            KeyParams::RsaSign {
                size: 2048,
                scheme: AsymSchemeUnion::RSASSA(HashingAlgorithm::Sha256),
                pub_exponent: 0,
            },
            16,
        )
        .unwrap();
    let auth_value = key_auth.unwrap();
    let mut bad_auth_values = auth_value.value().to_vec();
    bad_auth_values[6..10].copy_from_slice(&[0xDE, 0xAD, 0xBE, 0xEF]);
    ctx.sign(
        key,
        Some(Auth::try_from(bad_auth_values).unwrap()),
        Digest::try_from(HASH.to_vec()).unwrap(),
    )
    .unwrap_err();
}

#[test]
fn sign_with_no_auth() {
    let mut ctx = create_ctx();
    let (key, _) = ctx
        .create_key(
            KeyParams::RsaSign {
                size: 2048,
                scheme: AsymSchemeUnion::RSASSA(HashingAlgorithm::Sha256),
                pub_exponent: 0,
            },
            16,
        )
        .unwrap();
    ctx.sign(key, None, Digest::try_from(HASH.to_vec()).unwrap())
        .unwrap_err();
}

#[test]
fn encrypt_decrypt() {
    let mut ctx = create_ctx();
    let (key, auth) = ctx
        .create_key(
            KeyParams::RsaEncrypt {
                size: 2048,
                pub_exponent: 0,
            },
            16,
        )
        .unwrap();
    let dec_key = key.clone();
    let message = vec![0x1, 0x2, 0x3];

    let ciphertext = ctx
        .rsa_encrypt(
            key,
            None,
            PublicKeyRSA::try_from(message.clone()).unwrap(),
            AsymSchemeUnion::RSAOAEP(HashingAlgorithm::Sha256),
            None,
        )
        .unwrap();
    assert_ne!(message, ciphertext.value());

    let plaintext = ctx
        .rsa_decrypt(
            dec_key,
            auth,
            ciphertext,
            AsymSchemeUnion::RSAOAEP(HashingAlgorithm::Sha256),
            None,
        )
        .unwrap();
    assert_eq!(message, plaintext.value());
}

#[test]
fn two_signatures_different_digest() {
    let mut ctx = create_ctx();
    let (key1, auth1) = ctx
        .create_key(
            KeyParams::RsaSign {
                size: 2048,
                scheme: AsymSchemeUnion::RSASSA(HashingAlgorithm::Sha256),
                pub_exponent: 0,
            },
            16,
        )
        .unwrap();
    let (key2, auth2) = ctx
        .create_key(
            KeyParams::RsaSign {
                size: 2048,
                scheme: AsymSchemeUnion::RSASSA(HashingAlgorithm::Sha256),
                pub_exponent: 0,
            },
            16,
        )
        .unwrap();
    let signature1 = ctx
        .sign(key1, auth1, Digest::try_from(HASH.to_vec()).unwrap())
        .unwrap();
    let signature2 = ctx
        .sign(key2, auth2, Digest::try_from(HASH.to_vec()).unwrap())
        .unwrap();

    assert!(signature1.signature != signature2.signature);
}

#[test]
fn verify_wrong_key() {
    let mut ctx = create_ctx();
    let (key1, auth1) = ctx
        .create_key(
            KeyParams::RsaSign {
                size: 2048,
                scheme: AsymSchemeUnion::RSASSA(HashingAlgorithm::Sha256),
                pub_exponent: 0,
            },
            16,
        )
        .unwrap();
    let (key2, _) = ctx
        .create_key(
            KeyParams::RsaSign {
                size: 2048,
                scheme: AsymSchemeUnion::RSASSA(HashingAlgorithm::Sha256),
                pub_exponent: 0,
            },
            16,
        )
        .unwrap();

    // Sign with the first key
    let signature = ctx
        .sign(key1, auth1, Digest::try_from(HASH.to_vec()).unwrap())
        .unwrap();

    // Import and verify with the second key
    let pub_key = ctx.read_public_key(key2).unwrap();
    let pub_key = match pub_key {
        PublicKey::Rsa(pub_key) => pub_key,
        _ => panic!("Got wrong type of key!"),
    };
    let pub_key = ctx.load_external_rsa_public_key(&pub_key).unwrap();
    if let Error::Tss2Error(error) = ctx
        .verify_signature(pub_key, Digest::try_from(HASH.to_vec()).unwrap(), signature)
        .unwrap_err()
    {
        assert_eq!(error.kind(), Some(Tss2ResponseCodeKind::Signature));
    } else {
        panic!("The signature verification should have failed with an invalid signature error.");
    }
}
#[test]
fn verify_wrong_digest() {
    let mut ctx = create_ctx();
    let (key, auth) = ctx
        .create_key(
            KeyParams::RsaSign {
                size: 2048,
                scheme: AsymSchemeUnion::RSASSA(HashingAlgorithm::Sha256),
                pub_exponent: 0,
            },
            16,
        )
        .unwrap();

    let signature = ctx
        .sign(key.clone(), auth, Digest::try_from(HASH.to_vec()).unwrap())
        .unwrap();
    let pub_key = ctx.read_public_key(key).unwrap();
    let pub_key = match pub_key {
        PublicKey::Rsa(pub_key) => pub_key,
        _ => panic!("Got wrong type of key!"),
    };
    let pub_key = ctx.load_external_rsa_public_key(&pub_key).unwrap();

    let mut digest_values = HASH.to_vec();
    digest_values[0..4].copy_from_slice(&[0xDE, 0xAD, 0xBE, 0xEF]);
    if let Error::Tss2Error(error) = ctx
        .verify_signature(pub_key, Digest::try_from(digest_values).unwrap(), signature)
        .unwrap_err()
    {
        assert_eq!(error.kind(), Some(Tss2ResponseCodeKind::Signature));
    } else {
        panic!("The signature verification should have failed with an invalid signature error.");
    }
}

#[test]
fn full_test() {
    let mut ctx = create_ctx();
    for _ in 0..4 {
        let (key, auth) = ctx
            .create_key(
                KeyParams::RsaSign {
                    size: 2048,
                    scheme: AsymSchemeUnion::RSASSA(HashingAlgorithm::Sha256),
                    pub_exponent: 0,
                },
                16,
            )
            .unwrap();
        let signature = ctx
            .sign(key.clone(), auth, Digest::try_from(HASH.to_vec()).unwrap())
            .unwrap();
        let pub_key = ctx.read_public_key(key).unwrap();
        let pub_key = match pub_key {
            PublicKey::Rsa(pub_key) => pub_key,
            _ => panic!("Got wrong type of key!"),
        };
        let pub_key = ctx.load_external_rsa_public_key(&pub_key).unwrap();
        let _ = ctx
            .verify_signature(pub_key, Digest::try_from(HASH.to_vec()).unwrap(), signature)
            .unwrap();
    }
}

#[test]
fn create_ecc_key() {
    let mut ctx = create_ctx();
    let _ = ctx
        .create_key(
            KeyParams::Ecc {
                curve: EllipticCurve::NistP256,
                scheme: AsymSchemeUnion::ECDSA(HashingAlgorithm::Sha256),
            },
            16,
        )
        .unwrap();
}

#[test]
fn create_ecc_key_rsa_scheme() {
    let mut ctx = create_ctx();
    let _ = ctx
        .create_key(
            KeyParams::Ecc {
                curve: EllipticCurve::NistP256,
                scheme: AsymSchemeUnion::RSASSA(HashingAlgorithm::Sha256),
            },
            16,
        )
        .unwrap_err();
}

#[test]
fn create_ecc_key_decryption_scheme() {
    let mut ctx = create_ctx();
    let _ = ctx
        .create_key(
            KeyParams::Ecc {
                curve: EllipticCurve::NistP256,
                scheme: AsymSchemeUnion::ECDH(HashingAlgorithm::Sha256),
            },
            16,
        )
        .unwrap_err();
}

#[test]
fn full_ecc_test() {
    let mut ctx = create_ctx();
    for _ in 0..4 {
        let (key, auth) = ctx
            .create_key(
                KeyParams::Ecc {
                    curve: EllipticCurve::NistP256,
                    scheme: AsymSchemeUnion::ECDSA(HashingAlgorithm::Sha256),
                },
                16,
            )
            .unwrap();
        let signature = ctx
            .sign(key.clone(), auth, Digest::try_from(HASH.to_vec()).unwrap())
            .unwrap();
        let _pub_key = ctx.read_public_key(key.clone()).unwrap();
        let _ = ctx
            .verify_signature(key, Digest::try_from(HASH.to_vec()).unwrap(), signature)
            .unwrap();
    }
}